From dougb at dougbarton.us Fri Mar 1 00:07:29 2013 From: dougb at dougbarton.us (Doug Barton) Date: Thu, 28 Feb 2013 15:07:29 -0800 Subject: Questions about OpenPGP best practices In-Reply-To: <512F94D7.7000505@sumptuouscapital.com> References: <20130226144326.GB30430@IUPUI.Edu> <512F94D7.7000505@sumptuouscapital.com> Message-ID: <512FE331.7040707@dougbarton.us> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 02/28/2013 09:33 AM, Kristian Fiskerstrand wrote: | for a service that specifically targets the OpenPGP community, I | consider using the OpenPGP WoT more appropriate than any CA | Corporation. Kristian, I certainly understand that perspective, however I see a couple of problems with it. First, there is a bootstrapping problem. People new to PGP almost certainly do not possess the skills to verify the signature file for the cert, even if they had an appropriate web of trust to rely on (which obviously they would not). Second, not using a cert signed by a recognized CA presents 2 problems, it increases the perception that the PGP community is a closed circle, such that if you don't already have the skills, we don't want to talk to you. For those new users that click through it adds further damage to their security habits, since we try to teach people NOT to do that, even though most people do it anyway. In the previous era where free and/or low-cost SSL certs were not available I would have had a lot more sympathy with your position. However nowadays there are a non-zero number of good choices, including https://www.startssl.com/ which offers free certs, and has a good reputation in the community. I personally use them for my sites, although I have no other affiliation other than "happy 'customer.'" I hope you'll reconsider your decision. Doug -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iQEcBAEBCAAGBQJRL+MxAAoJEFzGhvEaGryEmCgH/0d3sZ8fHcuaKKUexTXugSX7 C23zFnSihJZeU3CL4DgcbroRT5dstBOw69/rB1SVCCEukuhcZ/DVfksHj5iKfFxQ 3Jc2skvH8rsFzEnRjrnwcZVowljNQpN9s8hWRMDJGTs8xfIrRoXlgaI3eukOGpGv DesttA2GKAMq9NJIm2tJ4GgW3CS1f3UQ7G+v301BVnKLfAncAAZ8g2zQCJpZL0UF mw9JvBa8lP2+jGB8nn2zMGBHMgl2U1ydfcxgcSZejvfZQ+AkujA0PKgcSdo/bgY7 qgRIKwiNVijhu3v0K6m0nkUyLXVV/TsG56uQdeh3XCc1bg3fhg4yd9WGZbNZON8= =nTWY -----END PGP SIGNATURE----- From josef at netpage.dk Fri Mar 1 02:08:28 2013 From: josef at netpage.dk (Josef Schneider) Date: Fri, 1 Mar 2013 02:08:28 +0100 Subject: key length for smart card key generation In-Reply-To: <512FCD75.2070206@digitalbrains.com> References: <512FCD75.2070206@digitalbrains.com> Message-ID: On Thu, Feb 28, 2013 at 10:34 PM, Peter Lebbing wrote: > On 27/02/13 22:58, Anonymous wrote: >> So I should be able to import the key...but not use it unless it is >> 3072 bits or less? > > If we're all talking about RSA here, I think so. Using an 4096 bit RSA key _should_ work if you compile the current source from the git repository and then _should_ work with 2.0.20 once that is out! I didn't have the time to test that yet because I use Windows and compiling GnuPG 2 for Windows seems to be quite a difficult task! From lenharo at gmail.com Fri Mar 1 02:19:31 2013 From: lenharo at gmail.com (Marcos Aurelio Lenharo) Date: Thu, 28 Feb 2013 22:19:31 -0300 Subject: key length for smart card key generation In-Reply-To: References: <512FCD75.2070206@digitalbrains.com> Message-ID: <51300223.6060004@gmail.com> Hi, if you compile from git repo as Josef said it will work 100% with 4096 bit RSA keys. Regards, Marcos A. Lenharo On 28-02-2013 22:08, Josef Schneider wrote: > On Thu, Feb 28, 2013 at 10:34 PM, Peter Lebbing wrote: >> On 27/02/13 22:58, Anonymous wrote: >>> So I should be able to import the key...but not use it unless it is >>> 3072 bits or less? >> If we're all talking about RSA here, I think so. > Using an 4096 bit RSA key _should_ work if you compile the current > source from the git repository and then _should_ work with 2.0.20 once > that is out! > I didn't have the time to test that yet because I use Windows and > compiling GnuPG 2 for Windows seems to be quite a difficult task! > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From niels at dest-unreach.be Fri Mar 1 09:20:10 2013 From: niels at dest-unreach.be (Niels Laukens) Date: Fri, 01 Mar 2013 09:20:10 +0100 Subject: key length for smart card key generation In-Reply-To: References: <512FCD75.2070206@digitalbrains.com> Message-ID: <513064BA.7070206@dest-unreach.be> On 2013-03-01 02:08, Josef Schneider wrote: > On Thu, Feb 28, 2013 at 10:34 PM, Peter Lebbing wrote: >> On 27/02/13 22:58, Anonymous wrote: >>> So I should be able to import the key...but not use it unless it is >>> 3072 bits or less? >> >> If we're all talking about RSA here, I think so. > > Using an 4096 bit RSA key _should_ work if you compile the current > source from the git repository and then _should_ work with 2.0.20 once > that is out! I've imported a 4096bit RSA key, and can use it without any problem on 2.0.18. From dougb at dougbarton.us Fri Mar 1 09:46:58 2013 From: dougb at dougbarton.us (Doug Barton) Date: Fri, 01 Mar 2013 00:46:58 -0800 Subject: [Sks-devel] pool.sks-keyservers.net issues In-Reply-To: <20130301080412.GA95912@redoubt.spodhuis.org> References: <512C69AA.2010407@dest-unreach.be> <512C6ED5.5010407@fifthhorseman.net> <1830015963-1361870503-cardhu_decombobulator_blackberry.rim.net-1692014181-@b27.c12.bise7.blackberry> <512DD873.7000507@dest-unreach.be> <20130227235027.GB16276@redoubt.spodhuis.org> <512F1182.7080700@dest-unreach.be> <20130228083610.GA23455@redoubt.spodhuis.org> <512F9554.60900@dougbarton.us> <512F976C.3080101@sumptuouscapital.com> <512F9B7A.8050605@dougbarton.us> <20130301080412.GA95912@redoubt.spodhuis.org> Message-ID: <51306B02.3070402@dougbarton.us> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Wow, what a thorough analysis, thanks Phil. :) FWIW, I did see those Expect: headers you describe in my debug output, and obviously if this issue only affects certain servers it would explain why I was only seeing it intermittently. I should have added before, I'm on Ubuntu 12.10, and gpg2 comes built with libcurl. Doug On 03/01/2013 12:04 AM, Phil Pennock wrote: | Short version: bad interaction of GnuPG, cURL and Apache. Can probably | be worked around in Apache config, can definitely be worked around in | GnuPG code, should aim to get both done. | | On 2013-02-28 at 10:01 -0800, Doug Barton wrote: |> 2001:470:1f09:5e7::2 worked |> 2001:470:1f0a:5d7::2 failed | |> In any case thanks for clarifying the cause of the error ... it's just |> hard to debug without putting those options in first obviously, and |> with those options the output is very noisy. | | 417 is not load-related, Kristian's goofed. | | 417 _only_ happens when the client sends "Expect: 100-continue", in an | HTTP/1.1 request, and a reverse proxy (or forward-proxy) knows that the | backend is HTTP/1.0 only. | | GnuPG will use such a header with a _POST_ request, ie when _sending_ | keys; that expectation is a POST optimisation, and it's coming from | cURL. | | In this case, the failing server is keys.wuschelpuschel.org, which is | running GnuKS behind Apache. Since SKS/GnuKS only support HTTP/1.0, | Apache has been "correctly" configured, per standards. nginx doesn't | support returning 417, so this is only seen with Apache-fronted | keyservers. | | I see nothing in RFC2616 which explains how 1.1 clients speaking to 1.1 | proxies with 1.0 origin servers should handle this. Presumably, they | should retry. | | Can someone running SKS/GnuKS behind Apache please use: | gpg -v --keyserver-options verbose,debug --keyserver THEIRS - --send-key WHATEVER | and confirm that they see this (as I do, reliably and reproducibly) and | then try: | | | RequestHeader unset Expect early | | | I suspect that just ripping the header out of the request and pretending | it's not there will let things "work". | | | GnuPG developers: with GnuPG 2.0.19, in keyserver/gpgkeys_hkp.c main(), | around line 783, I added an empty "Expect:" header to force cURL to not | send that header, and it worked. I could then send a key to | keys.wuschelpuschel.org. | | ----------------------------8< cut here >8------------------------------ | headers=curl_slist_append(headers,"Pragma: no-cache"); | if(headers) | headers=curl_slist_append(headers,"Cache-Control: no-cache"); | /* Added this next bit: */ | if(headers) | headers=curl_slist_append(headers,"Expect:"); | ----------------------------8< cut here >8------------------------------ | | | So: I know GnuPG can work around it, that will take a while to work | around. If we can get someone using Apache to confirm that the above | fix works for them, we can push people to include it. | | Kristian: I suggest that a pool check might try an HTTP/1.1 POST with an | Expect: header and exclude from the main pools any server where this | fails. | | (Similarly, need to figure out what to do about nginx/FreeBSD/KQUEUE for | GnuPG curl-shim ... harder to deterministically detect. For myself, I | might suck it up and rebuild without KQUEUE support.) | | Regards, | -Phil | -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iQEcBAEBCAAGBQJRMGsCAAoJEFzGhvEaGryEoDkH/jCg+lTVCRM0l1Gb+8LWcxhO 2Y2tZo4lL1ndjC+SA+VEpwvWk1j/nxmOM0/JuWYHOLJmHb2SbkCSCBh+zKmdFhUD WVam/1Or4yTMr81P5HTnkqXK7dtvO8WykAufYwtzCChDmgSur01D6s/hl2TJvE2/ tc312aUMoWaUQas/wwZxPaDDtuuuku0tDP66V38vWG/M/MPSR+m1SN9+1CgkJ9AA X4/YAFOacy1KaTVuGn92GDiSo/qAY34bf14U82RV90rPSY0YUPxlREQ6kRnFIlgS oYAapEOf2VfNSzCiYZ0PHl2MS35G1ca6i7FJJJQUWv9v4d27fTuc4CntwPYZliM= =7JXm -----END PGP SIGNATURE----- From Ivanbrodsky at hotmail.com Fri Mar 1 07:14:02 2013 From: Ivanbrodsky at hotmail.com (BassToGo123) Date: Thu, 28 Feb 2013 22:14:02 -0800 (PST) Subject: Public Keys not showing up in "Choose Recipients" Message-ID: <1362118442480-29987.post@n7.nabble.com> I have used OpenPGP a few times before and it worked just fine, I just began to use it again and have run into an issue. I wish to encrypt text written on IOS "Notepad". So I copy and paste someone's public key into a notepad file, and then Import into my "GPG Keychain Access". It then loads the public key along with an email and all that information. I type some text in Notepad, I then highlight->right-click->Services->OpenPGP:Encrypt Selection This opens a box "Choose Recipients", and only a couple of the public keys I have on my PGP Keychain Access, namely ones I had loaded on months ago (which showed up immediately back then) I have tried nearly a half dozen public keys and they all fail to show up in this "Choose Recipients" box, preventing me from encrypting my text. Essentially, my problem is that new public keys will not show up outside of my keychain. I have tried: -Multiple different public keys -Reinstalling GPG Keychain Access -Updating GPG Keychain Access IMPORTANT: Something I noticed. In the GPG Keychain Access directory of my public keys, there is a drop down arrow next to the public keys I have saved, this seems to reveal more about the keys. The ones that DO show up in the "Choose Recipients" box, under the "Type" column have both types "uid" and "sub". While the public keys that DO NOT show up, are missing the "sub". I am new to this and it is almost a foreign language of encryption jargon, please help me out!! Thank you! -- View this message in context: http://gnupg.10057.n7.nabble.com/Public-Keys-not-showing-up-in-Choose-Recipients-tp29987.html Sent from the GnuPG - User mailing list archive at Nabble.com. From sks-devel-phil at spodhuis.org Fri Mar 1 09:04:12 2013 From: sks-devel-phil at spodhuis.org (Phil Pennock) Date: Fri, 1 Mar 2013 03:04:12 -0500 Subject: [Sks-devel] pool.sks-keyservers.net issues In-Reply-To: <512F9B7A.8050605@dougbarton.us> References: <512C69AA.2010407@dest-unreach.be> <512C6ED5.5010407@fifthhorseman.net> <1830015963-1361870503-cardhu_decombobulator_blackberry.rim.net-1692014181-@b27.c12.bise7.blackberry> <512DD873.7000507@dest-unreach.be> <20130227235027.GB16276@redoubt.spodhuis.org> <512F1182.7080700@dest-unreach.be> <20130228083610.GA23455@redoubt.spodhuis.org> <512F9554.60900@dougbarton.us> <512F976C.3080101@sumptuouscapital.com> <512F9B7A.8050605@dougbarton.us> Message-ID: <20130301080412.GA95912@redoubt.spodhuis.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Short version: bad interaction of GnuPG, cURL and Apache. Can probably be worked around in Apache config, can definitely be worked around in GnuPG code, should aim to get both done. On 2013-02-28 at 10:01 -0800, Doug Barton wrote: > 2001:470:1f09:5e7::2 worked > 2001:470:1f0a:5d7::2 failed > > In any case thanks for clarifying the cause of the error ... it's just > hard to debug without putting those options in first obviously, and > with those options the output is very noisy. 417 is not load-related, Kristian's goofed. 417 _only_ happens when the client sends "Expect: 100-continue", in an HTTP/1.1 request, and a reverse proxy (or forward-proxy) knows that the backend is HTTP/1.0 only. GnuPG will use such a header with a _POST_ request, ie when _sending_ keys; that expectation is a POST optimisation, and it's coming from cURL. In this case, the failing server is keys.wuschelpuschel.org, which is running GnuKS behind Apache. Since SKS/GnuKS only support HTTP/1.0, Apache has been "correctly" configured, per standards. nginx doesn't support returning 417, so this is only seen with Apache-fronted keyservers. I see nothing in RFC2616 which explains how 1.1 clients speaking to 1.1 proxies with 1.0 origin servers should handle this. Presumably, they should retry. Can someone running SKS/GnuKS behind Apache please use: gpg -v --keyserver-options verbose,debug --keyserver THEIRS --send-key WHATEVER and confirm that they see this (as I do, reliably and reproducibly) and then try: RequestHeader unset Expect early I suspect that just ripping the header out of the request and pretending it's not there will let things "work". GnuPG developers: with GnuPG 2.0.19, in keyserver/gpgkeys_hkp.c main(), around line 783, I added an empty "Expect:" header to force cURL to not send that header, and it worked. I could then send a key to keys.wuschelpuschel.org. - ----------------------------8< cut here >8------------------------------ headers=curl_slist_append(headers,"Pragma: no-cache"); if(headers) headers=curl_slist_append(headers,"Cache-Control: no-cache"); /* Added this next bit: */ if(headers) headers=curl_slist_append(headers,"Expect:"); - ----------------------------8< cut here >8------------------------------ So: I know GnuPG can work around it, that will take a while to work around. If we can get someone using Apache to confirm that the above fix works for them, we can push people to include it. Kristian: I suggest that a pool check might try an HTTP/1.1 POST with an Expect: header and exclude from the main pools any server where this fails. (Similarly, need to figure out what to do about nginx/FreeBSD/KQUEUE for GnuPG curl-shim ... harder to deterministically detect. For myself, I might suck it up and rebuild without KQUEUE support.) Regards, - -Phil -----BEGIN PGP SIGNATURE----- iEYEAREDAAYFAlEwYPQACgkQQDBDFTkDY38a2gCfUmlbJqHy+CcNNRtyWRicvhoJ cu8AnAgfFYYnjP5I0yi7jdBiSI14Q6Hn =o4bt -----END PGP SIGNATURE----- From branko at majic.rs Fri Mar 1 13:10:54 2013 From: branko at majic.rs (Branko Majic) Date: Fri, 1 Mar 2013 13:10:54 +0100 Subject: key length for smart card key generation In-Reply-To: <513064BA.7070206@dest-unreach.be> References: <512FCD75.2070206@digitalbrains.com> <513064BA.7070206@dest-unreach.be> Message-ID: <20130301131054.549f1098@zetkin.primekey.se> On Fri, 01 Mar 2013 09:20:10 +0100 Niels Laukens wrote: > On 2013-03-01 02:08, Josef Schneider wrote: > > On Thu, Feb 28, 2013 at 10:34 PM, Peter Lebbing > > wrote: > >> On 27/02/13 22:58, Anonymous wrote: > >>> So I should be able to import the key...but not use it unless it > >>> is 3072 bits or less? > >> > >> If we're all talking about RSA here, I think so. > > > > Using an 4096 bit RSA key _should_ work if you compile the current > > source from the git repository and then _should_ work with 2.0.20 > > once that is out! > > I've imported a 4096bit RSA key, and can use it without any problem on > 2.0.18. That's excellent thing! I was hoping to find a smart-card that could work with 4096-bit RSA keys in order to use it as a small poor man's CA "HSM" (better than storing it in soft key). Now to see if there's any way of using the OpenPGP card through PKCS#11 :) -- Branko Majic Jabber: branko at majic.rs Please use only Free formats when sending attachments to me. ?????? ????? ?????: branko at majic.rs ????? ??? ?? ??????? ?????? ????????? ? ????????? ?????????. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From kristian.fiskerstrand at sumptuouscapital.com Fri Mar 1 17:56:29 2013 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Fri, 01 Mar 2013 17:56:29 +0100 Subject: [Sks-devel] pool.sks-keyservers.net issues In-Reply-To: <20130301080412.GA95912@redoubt.spodhuis.org> References: <512C69AA.2010407@dest-unreach.be> <512C6ED5.5010407@fifthhorseman.net> <1830015963-1361870503-cardhu_decombobulator_blackberry.rim.net-1692014181-@b27.c12.bise7.blackberry> <512DD873.7000507@dest-unreach.be> <20130227235027.GB16276@redoubt.spodhuis.org> <512F1182.7080700@dest-unreach.be> <20130228083610.GA23455@redoubt.spodhuis.org> <512F9554.60900@dougbarton.us> <512F976C.3080101@sumptuouscapital.com> <512F9B7A.8050605@dougbarton.us> <20130301080412.GA95912@redoubt.spodhuis.org> Message-ID: <5130DDBD.5000502@sumptuouscapital.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 03/01/2013 09:04 AM, Phil Pennock wrote: .. > > 417 is not load-related, Kristian's goofed. > > 417 _only_ happens when the client sends "Expect: 100-continue", in > an HTTP/1.1 request, and a reverse proxy (or forward-proxy) knows > that the backend is HTTP/1.0 only. > You are of course correct, not sure what I was thinking of, thanks for following up :) ... > Kristian: I suggest that a pool check might try an HTTP/1.1 POST > with an Expect: header and exclude from the main pools any server > where this fails. > This is a good idea. I'll add it to my TODO list. - -- - ---------------------------- Kristian Fiskerstrand Twitter: @krifisk - ---------------------------- Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Nil satis nisi optimum Nothing but the best is good enough -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.0-beta163 (GNU/Linux) iQIcBAEBCAAGBQJRMN24AAoJEAt/i2Dj7frjwKEP/REURT5O+iDIlEKD2F1qTei7 4tK9czso7kHElUg1wWoEX9sTjjxmIzwiogeahxBVmq5UzUo1ExtoSVfSmLk+C3dW q3UP8sUO+APSalpcafA8sLqvEcjpQIOp1sXMEaGMAr29M+q4dikD21hOGPyV5Jxe Tq6pDf5h2PgDKoYtJqHQHIqQ2Wwuih+TOaxjCGBC4gQOfZUYb2GfNU2NaNiHlUNB aykw9pvXTRUYqeebe+5bsZ4enXu5oUwGITlYQ3SuDMOZpWOwwWH0d7vCy84w03w8 w3b0f9UzvqIAzp28zr4myJ37lPxHRyqUphfrV26ezp7mSOlF6ewPJSCJBmSh+vhX gRUakjB2uajCul9yFgz9p2uxGhSvBjmlIrHX3ENHPSJzxWD9f2jagbE455uqbEku Lf2RoTbbkKsHPlfTwHthCIbBDyPhmGt0/7zZm4g9Abx4VTQ1mRhPJoUh1a5H6lSi AQBj2KVdoUhS2uGlYolsgcbMLPxkLgU8lHU3SopvAlSojIHI7aA6j7mr80xOInze huCfVNku06AhCrWW2y2zD4DmDLetzL4UP17AL1vlsRt66y3B/Vu9CJl4rSWGIcvj uhhuXJ90aeXjx+Ccy8o2csaFhM5Obx1mEJ7BB5ejgYfeShLShUMIw5VRTOO96TYq szETtLLgN8RchVl3uo41 =8d/0 -----END PGP SIGNATURE----- From kristian.fiskerstrand at sumptuouscapital.com Fri Mar 1 18:06:40 2013 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Fri, 01 Mar 2013 18:06:40 +0100 Subject: Questions about OpenPGP best practices In-Reply-To: <512FE331.7040707@dougbarton.us> References: <20130226144326.GB30430@IUPUI.Edu> <512F94D7.7000505@sumptuouscapital.com> <512FE331.7040707@dougbarton.us> Message-ID: <5130E020.1050009@sumptuouscapital.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 03/01/2013 12:07 AM, Doug Barton wrote: > On 02/28/2013 09:33 AM, Kristian Fiskerstrand wrote: | for a > service that specifically targets the OpenPGP community, I | > consider using the OpenPGP WoT more appropriate than any CA | > Corporation. > > Kristian, > > I certainly understand that perspective, however I see a couple of > problems with it. First, there is a bootstrapping problem. People > new to PGP almost certainly do not possess the skills to verify > the signature file for the cert, even if they had an appropriate > web of trust to rely on (which obviously they would not). > > Second, not using a cert signed by a recognized CA presents 2 > problems, it increases the perception that the PGP community is a > closed circle, such that if you don't already have the skills, we > don't want to talk to you. For those new users that click through > it adds further damage to their security habits, since we try to > teach people NOT to do that, even though most people do it anyway. Arguably the website doesn't provide information that strictly has to be protected by a HTTPS scheme. So to some extent this is avoided by such users using the HTTP website in the first place, and not necessarily contributing as much difficulties for bootstrapping new users. Another point is obviously that new users doesn't necessarily visit the website at all, but it is more for people with more special interests. > > In the previous era where free and/or low-cost SSL certs were not > available I would have had a lot more sympathy with your position. > However nowadays there are a non-zero number of good choices, > including https://www.startssl.com/ which offers free certs, and > has a good reputation in the community. I personally use them for > my sites, although I have no other affiliation other than "happy > 'customer.'" Ironically enough I have a stronger affiliation than that, myself, as I still have an active reseller agreement :) > > I hope you'll reconsider your decision. I certainly continuously consider constructive feedback on the setup, so will give it some more thought. The main issue I see is that when I experimented with this a while ago the two schemes were incompatible, i.e. I couldn't get monkeysphere to work with a CA signed X.509 certificate. For this to work I'll have to completely switch to the root CA approach, which I don't particularly trust, so I'd prefer to have a way to continue using the OpenPGP WoT. - -- - ---------------------------- Kristian Fiskerstrand Twitter: @krifisk - ---------------------------- Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Nil satis nisi optimum Nothing but the best is good enough -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.0-beta163 (GNU/Linux) iQIcBAEBCAAGBQJRMOAgAAoJEAt/i2Dj7frjm4gQAJLrBUs14yKrRhFOrcxT3X/+ XpDZAZx1/jBpLqrHZn9Jlum88JLT25jVPlVFcRekPrb+gR5VUnOWk3g5NSXg13+f fz+4dTsm0XIMmoWwOnIIIFAdu/03401FruZIZ5wy/hHJVXVDnSe0zTEh4boELcpo 0VUKSCe05csa36nQlM9wyIUr1/yIvljJVQhCadX4/fngOA0eNPifqMdTdRDz2eyW iA7mNEmfNUvp+D240rcI7XaTUUknt3StYZJUtYids0coPkHb6GAeqiOA2GU8s7pI 6EhCnetnRqTOhslgglyn3LwiMUBhMdDCuUejnzIJoVlmLOwaiBE8H1WM392t/YyP 0fVLxdbcbTD2e8KmdscEcW0LK9LrDUSKKxx6RVJqhn7GLOJy8J53dUiLRoOsCysK paxmvtv99wTGY5rsz3PPGez1bV0y6VSPjIOG3HIxVXeLwk4HxV94mP2DvM2JPFCS 0Mu45LtzHfZ5SviVjv3RC+gmTmRCShKgCTqaJSG8T1daI1WYiNPXsE+2FP700odv RzlQTCh5zMs/FwsxVgSI2AITRRfYuXYKC+yAdUvSZZveGF/JifRAtSuyT5si1FTy I+fEYLrO42t19sEAK2W3l/fFbQvcJLLZ2VCf1hi0Zz5xbi1iU2VLkw+A6nWxLheQ BvUR2divq8Ar0LH19ypn =8nU1 -----END PGP SIGNATURE----- From kristian.fiskerstrand at sumptuouscapital.com Fri Mar 1 19:11:21 2013 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Fri, 01 Mar 2013 19:11:21 +0100 Subject: Questions about OpenPGP best practices In-Reply-To: <5130E020.1050009@sumptuouscapital.com> References: <20130226144326.GB30430@IUPUI.Edu> <512F94D7.7000505@sumptuouscapital.com> <512FE331.7040707@dougbarton.us> <5130E020.1050009@sumptuouscapital.com> Message-ID: <5130EF49.9060609@sumptuouscapital.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 03/01/2013 06:06 PM, Kristian Fiskerstrand wrote: > On 03/01/2013 12:07 AM, Doug Barton wrote: .. > >> I hope you'll reconsider your decision. > > I certainly continuously consider constructive feedback on the > setup, so will give it some more thought. > > The main issue I see is that when I experimented with this a while > ago the two schemes were incompatible, i.e. I couldn't get > monkeysphere to work with a CA signed X.509 certificate. For this > to work I'll have to completely switch to the root CA approach, > which I don't particularly trust, so I'd prefer to have a way to > continue using the OpenPGP WoT. > Seems that was just me goofing again (thankfully it is weekend now!). Hopefully it works for both CA and OpenPGP WoT now!. - -- - ---------------------------- Kristian Fiskerstrand Twitter: @krifisk - ---------------------------- Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- "In politics stupidity is not a handicap." (Napoleon Bonaparte) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.0-beta163 (GNU/Linux) iQIcBAEBCAAGBQJRMO9JAAoJEAt/i2Dj7frjKpsP/2mRAtJLEejBhp8HSHGRk1YI 6EuXFvOwVk5WrtD6+4KsRyub1Y2ltoc+wd0YcbFwtKMF4WUlzbM6ypkL1OwH0sC9 pVm3pwOhP8emwTVQgfunl7ajJ9hMXkXiULNwW+DseZQNW51Vr1s16BPvjdChbWoB PCYhQcdz4ZZddnZRE1PZDuQN5rlnn1GjNaQm2F8uyDY55g2JT3I9OMXzQKDxZKEz CiVgGfho4KN8va1QfxV5Mkcfa1xXevPplQqPCaSku8QSxiSGgXEhXn2ik9ir3eq/ +gekEJpkb8+j/kO1PUy5vS+WgKiODJyG78pC8qkdXmRya9pqHqcYQ5sBMyguCZ28 5NtU73DMtPcTk3TzAI88LBVFSwMzK1hswAOgQcnALtvb7orA3W9/WHvZ4FvNTdU3 Ev7vwDsZc2f/eCDRmcDrEcwEc9sGsvn5Z8iSwpF3V21K7rGdQV1Q3zjeKpAcr+fx wLsUZ9y3scvTHfz1Eox5QkOu8JFzWqsQ83jRx9nHNHRUjBoBj5BiB8C+ullz0vQB II4H5iiilaKDEMhhuhkwyqm9s+ZXMJuz2J4RGHUTeOhDnBzFaMYHAVootN5SQG4K HYCeyIIN/z+LQ+9AK3n/bx45wjZgaoxjDDLBigS1SzZZMVjHKjcvH4f9gih9Iddz YsoaYaE14JI3k6eFaOcH =WIfY -----END PGP SIGNATURE----- From faramir.cl at gmail.com Fri Mar 1 20:07:08 2013 From: faramir.cl at gmail.com (Faramir) Date: Fri, 01 Mar 2013 16:07:08 -0300 Subject: Questions about OpenPGP best practices In-Reply-To: References: Message-ID: <5130FC5C.6060504@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 25-02-2013 19:54, Peter Loshin escribi?: ... > 2. On keeping an encrypted backup of my secret key material, what > method is recommended for doing that? (Presumably something like > "gpg --export-secret-keys | gpg --output secretkeymatter.gpg > --symmetric"?) You can use Paperkey utility to print you secret key (still protected by its passphrase). Paperkey removes the public key information from the secret key and prints it in a way that makes it very easy to OCR it or manual type it in case you need the backup. You will need your public key to restore the private key, but if you uploaded it to key servers, it is very likely you won't have troubles to find a copy of it. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJRMPxcAAoJEMV4f6PvczxAKIEH/Rw8+3aTn/ffONAfr5pamxwA 9GO4+fFLfMgxmBWhUTI7ckTGS8HS1NcuLJXTEs1yaJ7detBeqeT89sN3A7iibx95 eHFp6m/KjhGeTNMHv4Fym2rdsbh14t6p/0AJofRRVUc/Mbx5GKUJanovSQTMQ1uo TNdO0WBOPGlwLX9dxnD1RbrZHG05K+VefWClH6f8NHD++4/p/vNoj7LDst5ySw5O 5jp1uMMTsiJ08hR23RfOt9CJA1KXczeZZoeLK5z8g1nwlkE+hn/7x+Vg/QFkfCJR wswM9jaJ0FoT3T5+oOqNiNH672FW1A07W9VEzwBU4lpFMLN2fWukW0n0XlBMoSo= =k038 -----END PGP SIGNATURE----- From gcalado at br.ibm.com Fri Mar 1 17:04:27 2013 From: gcalado at br.ibm.com (gcalado at br.ibm.com) Date: Fri, 1 Mar 2013 13:04:27 -0300 Subject: PGP for zLinux [full info] In-Reply-To: References: Message-ID: Hello, I have sent an email earlier requesting information about the best PGP version to install in a zLinux server. Please find the full information of te OS below: Kernel 2.6.16.60-0.97.1-default running on a 18-processor s390x (under z/VM 6.2.0) Many thanks in advance! Thanks and Regards, Gustavo Calado De Araujo Delivery Competence - Application Developer - Datastage Mobile: 55-41- 91840398 | Tie-Line: 732-4862 E-mail: gcalado at br.ibm.com Av. Marechal Deodoro #717 10t Curitiba, PR 80020-320 Brazil From: Gustavo Calado De Araujo/Brazil/Contr/IBM To: gnupg-announce at gnupg.org, Cc: gnupg-users at gnupg.org Date: 01/03/2013 12:52 Subject: PGP for zLinux Hi, I am currently using zLinux version 2.6.16.60-0.97.1-default Which PGP version would you recomend for my OS? Many thanks in advance. Thanks and Regards, Gustavo Calado De Araujo Delivery Competence - Application Developer - Datastage Mobile: 55-41- 91840398 | Tie-Line: 732-4862 E-mail: gcalado at br.ibm.com Av. Marechal Deodoro #717 10t Curitiba, PR 80020-320 Brazil -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 1851 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 1851 bytes Desc: not available URL: From gcalado at br.ibm.com Fri Mar 1 16:43:22 2013 From: gcalado at br.ibm.com (gcalado at br.ibm.com) Date: Fri, 1 Mar 2013 12:43:22 -0300 Subject: PGP for zLinux Message-ID: Hi, I am currently using zLinux version 2.6.16.60. Which PGP version would you recomend for my OS? Many thanks in advance. Thanks and Regards, Gustavo Calado De Araujo Delivery Competence - Application Developer - Datastage Mobile: 55-41- 91840398 | Tie-Line: 732-4862 E-mail: gcalado at br.ibm.com Av. Marechal Deodoro #717 10t Curitiba, PR 80020-320 Brazil -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 1851 bytes Desc: not available URL: From gcalado at br.ibm.com Fri Mar 1 16:52:15 2013 From: gcalado at br.ibm.com (gcalado at br.ibm.com) Date: Fri, 1 Mar 2013 12:52:15 -0300 Subject: PGP for zLinux Message-ID: Hi, I am currently using zLinux version 2.6.16.60-0.97.1-default Which PGP version would you recomend for my OS? Many thanks in advance. Thanks and Regards, Gustavo Calado De Araujo Delivery Competence - Application Developer - Datastage Mobile: 55-41- 91840398 | Tie-Line: 732-4862 E-mail: gcalado at br.ibm.com Av. Marechal Deodoro #717 10t Curitiba, PR 80020-320 Brazil -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 1851 bytes Desc: not available URL: From wk at gnupg.org Fri Mar 1 21:51:36 2013 From: wk at gnupg.org (Werner Koch) Date: Fri, 01 Mar 2013 21:51:36 +0100 Subject: PGP for zLinux [full info] In-Reply-To: (gcalado@br.ibm.com's message of "Fri, 1 Mar 2013 13:04:27 -0300") References: Message-ID: <87hakuyhbb.fsf@vigenere.g10code.de> On Fri, 1 Mar 2013 17:04, gcalado at br.ibm.com said: > I have sent an email earlier requesting information about the best PGP > version to install in a zLinux server. [This is the GnuPG mailing list and not a PGP list]. I don't know wether Symantex provides a version of PGG for this system. However, the standard GnuPG 1.4.x will build just fine on any Unix based system. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From kgo at grant-olson.net Fri Mar 1 21:33:16 2013 From: kgo at grant-olson.net (Grant Olson) Date: Fri, 01 Mar 2013 15:33:16 -0500 Subject: PGP for zLinux In-Reply-To: References: Message-ID: <5131108C.3000206@grant-olson.net> On 3/1/13 10:43 AM, gcalado at br.ibm.com wrote: > Hi, > > I am currently using zLinux version 2.6.16.60. > > Which PGP version would you recomend for my OS? > > Many thanks in advance. > > Most linux distributions include gnupg by default. I don't know if this is the case with zLinux. Try this from the command line to see if it's installed: gpg --version -- Grant http://rubygems-openpgp-ca.org - Sign Your Gems. From adrelanos at riseup.net Fri Mar 1 22:47:33 2013 From: adrelanos at riseup.net (adrelanos) Date: Fri, 01 Mar 2013 21:47:33 +0000 Subject: "gpg: Signature made " tamper resistant? Message-ID: <513121F5.6030009@riseup.net> Hello, is the gpg output "gpg: Signature made " tamper resistant? Or in other words, is the date and time taken from the signers machine clock and signed with the signers private key? Cheers! adrelanos From dougb at dougbarton.us Sat Mar 2 09:14:42 2013 From: dougb at dougbarton.us (Doug Barton) Date: Sat, 02 Mar 2013 00:14:42 -0800 Subject: Any value to duplicate signatures? Message-ID: <5131B4F2.3010004@dougbarton.us> I am pretty sure the answer to this question is "no," but I thought I'd ask just in case. I've attended a conference for the last 2 years where there was a PGP key signing. Several of the people who signed my key last year were present again this year, and sent me signatures again. The signatures are from the same keys, same certification level, everything. The only thing different is the date of the signature (obviously). So the question is, what value, if any, would there be to importing those signatures, and sending them out to the key servers? I know that the various -clean options will strip that down to the most recent, I'm just curious. :) Doug From nicholas at mixedpaper.org Fri Mar 1 22:33:49 2013 From: nicholas at mixedpaper.org (Nicholas Bayle) Date: Fri, 1 Mar 2013 13:33:49 -0800 Subject: [Announce] PGP for zLinux [full info] In-Reply-To: <87hakuyhbb.fsf@vigenere.g10code.de> References: <87hakuyhbb.fsf@vigenere.g10code.de> Message-ID: Additionally, there exists PGP for z/OS from Symantec. On Fri, Mar 1, 2013 at 12:51 PM, Werner Koch wrote: > On Fri, 1 Mar 2013 17:04, gcalado at br.ibm.com said: > > > I have sent an email earlier requesting information about the best PGP > > version to install in a zLinux server. > > [This is the GnuPG mailing list and not a PGP list]. > > I don't know wether Symantex provides a version of PGG for this system. > However, the standard GnuPG 1.4.x will build just fine on any Unix based > system. > > > Salam-Shalom, > > Werner > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > > > _______________________________________________ > Gnupg-announce mailing list > Gnupg-announce at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-announce > -------------- next part -------------- An HTML attachment was scrubbed... URL: From david at dsg.to Sat Mar 2 00:37:22 2013 From: david at dsg.to (=?UTF-8?B?RGF2w63DsA==?= Steinn Geirsson) Date: Fri, 1 Mar 2013 23:37:22 +0000 Subject: Re-signing keys with higher owner trust Message-ID: <20130301233722.5d23af57@spongebob.dsg.to> Hi all, I signed a few keys recently using --edit-key and the 'trust' command, which did not ask me how well I had verified the users identity, but proceeded to generate a 'sig' signature on the keys. I've since found out I now need to use the --ask-cert-level option to get this prompt. As I did extensive verification of the identity of the keyholders (verifying government IDs), I'd like to resign these keys with a sig3. GnuPG won't let me resign the keys as they've already been signed by my key. I tried to revoke the signature with revsig, but I still get an error as my key has already signed the target key: gpg> sign "Key Subject " was already signed by key 372523E0 Nothing to sign with key 372523E0 Can someone point me to the right way to do this? I already uploaded the signatures to keyservers, so it's too late to just delete the sigs from my keyring. Please CC me on replies, as I'm not subscribed to the list. Best regards, Dav?? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From ben at adversary.org Sat Mar 2 10:20:50 2013 From: ben at adversary.org (Ben McGinnes) Date: Sat, 02 Mar 2013 20:20:50 +1100 Subject: Any value to duplicate signatures? In-Reply-To: <5131B4F2.3010004@dougbarton.us> References: <5131B4F2.3010004@dougbarton.us> Message-ID: <5131C472.6070108@adversary.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2/03/13 7:14 PM, Doug Barton wrote: > > I am pretty sure the answer to this question is "no," but I > thought I'd ask just in case. I've attended a conference for the > last 2 years where there was a PGP key signing. Several of the > people who signed my key last year were present again this year, > and sent me signatures again. The signatures are from the same > keys, same certification level, everything. The only thing > different is the date of the signature (obviously). > > So the question is, what value, if any, would there be to > importing those signatures, and sending them out to the key > servers? I know that the various -clean options will strip that > down to the most recent, I'm just curious. :) I can think of two reasons why there may be some value in including the second signatures. The first being if you have added a new UID to your key and the new signatures are now applied to that. The second being to show that the key is consistently under your control. Regards, Ben -----BEGIN PGP SIGNATURE----- iQGcBAEBCgAGBQJRMcRyAAoJEH/y03E1x1U8c4QMAPUMucXuUG5KNZS3DqSKG3tp +3TnVFgnwRbLPqD/tBkJ6XvY75IfoFZnE0ewU5P6Wd+93iEpQajs86Pf5mGj/11N YkuhWPrbdaivU9nvk3zgVykTaKSR4g+uLX5sd8iSjITAaIleBGR5P0hblMLv/qEZ ClheGS0qSotRACQjchEwM44tMrSSon3uHIjuWsJvcyvsZARwWs2X8+fpCROVYpRA 9/AeWobN5Q4X92U1k1qxQegMEHXGVD3wZ+8QpBQ1Ypclvut2HBhq1DjReJbuOiRz o9En2Hj8n65D1s9IQDez1IGR7eUfc69srjX1WlJqyRUbWtZU0Xxu1kSbNOFB3sOo Dq6Qb/QZQCW+pXQ2BzEQTg3YlB2FK3tut43ZJ+XYaWF9qbFLJIoDa3jm0FAbpGI3 9D+wf/9AFFldL7wJk6gH6LmId8i3TkgjTDIzW8uFaXuz/GqUXD4nuapaMUEgBv5o BEDVXlryd6KtEjw36iuvFbFS0u5Bel4LO0ltwNfS+g== =rDSG -----END PGP SIGNATURE----- From dougb at dougbarton.us Sat Mar 2 10:48:50 2013 From: dougb at dougbarton.us (Doug Barton) Date: Sat, 02 Mar 2013 01:48:50 -0800 Subject: Re-signing keys with higher owner trust In-Reply-To: <20130301233722.5d23af57@spongebob.dsg.to> References: <20130301233722.5d23af57@spongebob.dsg.to> Message-ID: <5131CB02.5040805@dougbarton.us> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 03/01/2013 03:37 PM, Dav?? Steinn Geirsson wrote: | Hi all, | | I signed a few keys recently using --edit-key and the 'trust' command, | which did not ask me how well I had verified the users identity, but | proceeded to generate a 'sig' signature on the keys. I've since found | out I now need to use the --ask-cert-level option to get this prompt. | | As I did extensive verification of the identity of the | keyholders (verifying government IDs), I'd like to resign these keys | with a sig3. | | GnuPG won't let me resign the keys as they've already been signed by my | key. I tried to revoke the signature with revsig, You don't want to revoke the signature, since it is still valid. You want to use the delsig option when editing the key. If the old signature was ever sent to a key server, it will remain there, but the new one with the higher cert level will be preferred. hth, Doug -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iQEcBAEBCAAGBQJRMcsBAAoJEFzGhvEaGryE3xAH/0o0KKUsY+PoqGSGTYjJgjn7 si9lLXuA9cAQDwG8GgVU69Th4Ew9V6L/6g2O/E1RPUrpTsECYaD7N4PVSMaPEGvc OE2kQZhc8xaUDV0VDo6ZdZraaonrFtoho22DTqcmMc7jhX2NkHLtoaaF25xGhSxZ ih3hUV5fJHOIy5I+9C7HDbVUkm5CtQbZLbOwYacPK8e8/5OK6AO/R0i0ElNs5qp+ O9DT8TI2CCz4rqj44LtYOzWOSHXwYqDdSj/IR0hgTmFCVt7GFcqIge01PZ8B5EI6 xTC/RO5EfA1aNSt95FBQ9uUPz5EY5n+KAhAy/mQM6T80mzRvTmqMvN2d9kkZ5+4= =vW+L -----END PGP SIGNATURE----- From dougb at dougbarton.us Sat Mar 2 10:51:07 2013 From: dougb at dougbarton.us (Doug Barton) Date: Sat, 02 Mar 2013 01:51:07 -0800 Subject: Any value to duplicate signatures? In-Reply-To: <5131C472.6070108@adversary.org> References: <5131B4F2.3010004@dougbarton.us> <5131C472.6070108@adversary.org> Message-ID: <5131CB8B.1050404@dougbarton.us> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 03/02/2013 01:20 AM, Ben McGinnes wrote: | On 2/03/13 7:14 PM, Doug Barton wrote: | |> I am pretty sure the answer to this question is "no," but I |> thought I'd ask just in case. I've attended a conference for the |> last 2 years where there was a PGP key signing. Several of the |> people who signed my key last year were present again this year, |> and sent me signatures again. The signatures are from the same |> keys, same certification level, everything. The only thing |> different is the date of the signature (obviously). | |> So the question is, what value, if any, would there be to |> importing those signatures, and sending them out to the key |> servers? I know that the various -clean options will strip that |> down to the most recent, I'm just curious. :) | | I can think of two reasons why there may be some value in including | the second signatures. The first being if you have added a new UID to | your key and the new signatures are now applied to that. I should have been more explicit that this is not the case. | The second | being to show that the key is consistently under your control. But new signatures don't actually prove that, right? The person generating the signature could just as easily have uploaded it to the key server themselves. In this case that didn't happen, but the fact that new signatures appeared doesn't actually prove anything. Thanks for your response in any case. Doug -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iQEcBAEBCAAGBQJRMcuLAAoJEFzGhvEaGryEfyoIAKQQ4lGSLihHduF0XgUTTEhD rKT1WBX4dtEKjGxTp+C5XFQ/ZVu2yyntlOoOf++SAqx2xT/Hr3F4iWag1KTkJlbM +Sj0NV9BrJlVw6q+vfWZ9fp+xe6ij7ETjpc3MWGFUzDD7Nbzh4/QNp78hZ/r3ua1 1DD4hpvnkGYXghqf4nEMfJfK2hoP7qYvEe/8tLuB1J2NAGkh3+9fi10YWEMdkasD muCBkeAi8ykhYQckF3nTkHM/56yjT5meJhw6vOcotmYiMZws4amgLEEpZv2nKv/x oCqFNUca2VP7TxnTlw1e8BJdYs5Exiopssc9y3U9VP7emk3rd1g2y5ZDG060YPs= =yt6E -----END PGP SIGNATURE----- From ben at adversary.org Sat Mar 2 12:02:42 2013 From: ben at adversary.org (Ben McGinnes) Date: Sat, 02 Mar 2013 22:02:42 +1100 Subject: Any value to duplicate signatures? In-Reply-To: <5131CB8B.1050404@dougbarton.us> References: <5131B4F2.3010004@dougbarton.us> <5131C472.6070108@adversary.org> <5131CB8B.1050404@dougbarton.us> Message-ID: <5131DC52.4080204@adversary.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2/03/13 8:51 PM, Doug Barton wrote: > On 03/02/2013 01:20 AM, Ben McGinnes wrote: >> >> I can think of two reasons why there may be some value in >> including the second signatures. The first being if you have >> added a new UID to your key and the new signatures are now >> applied to that. > > I should have been more explicit that this is not the case. No doubt someone else will encounter that scenario and see the value, though (my key acquired a new UID just the other day, though it won't get as much use as this address). >> The second being to show that the key is consistently under your >> control. > > But new signatures don't actually prove that, right? The person > generating the signature could just as easily have uploaded it to > the key server themselves. In this case that didn't happen, but > the fact that new signatures appeared doesn't actually prove > anything. I think it's more in the nature of circumstantial evidence, the strength of which is determined more by the person doing the signing and their policy regarding key signing. It can show a consistency of control of the key and/or email address(es) associated with that key. Regards, Ben -----BEGIN PGP SIGNATURE----- iQGcBAEBCgAGBQJRMdxQAAoJEH/y03E1x1U8QckL/1K4DNT9uazIl7zpUDHRATot X3NHEf3+NhNtlGmL6sTHgFv/mx0VELlaWrUpt6uNqUxs3iVPweZ4Id9zFt3sX+8C UvJuLKvGYY1+hAD1EmuTs+wILP4ff3bNWG99cIAypSLtOmv0nStVsKRQCQHSswG2 3PjwgMtFwIE8KlLnD61Hj080su3thWfEAguu0yFHYVGGMxeMwUGez24Sj+wUWmRq Bo3imJ06MjWZSQl6dWBaMzYU4zl6y1wQMnMA8RRMw9mPm/+H3gughOWWJ61aIAx1 hdhBnMuKIXbVBnWfwCMisWz9ZI1GLO/04gG5qdpgstG5GvHvdkXlqX8wK9OHxOh3 bYYPubVsMcHMFpt6rBiQ3etKAWa3vZk6nxoUne878rOFSblRc5QVgn7p1b8OhEjM 19MZcCgC59zM1AJd2VgX5RxyMDOvaeGt/38MoXw5tk8Nuz8E/yJYj5Ki0ZLv+5t6 82iPjaqCh3a7lmLJ6GaV+a3kmeNZ4Oz6BK7imFLVAA== =DIO0 -----END PGP SIGNATURE----- From ben at adversary.org Sat Mar 2 08:16:33 2013 From: ben at adversary.org (Ben McGinnes) Date: Sat, 02 Mar 2013 18:16:33 +1100 Subject: PGP for zLinux [full info] In-Reply-To: References: Message-ID: <5131A751.8010505@adversary.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2/03/13 3:04 AM, gcalado at br.ibm.com wrote: > Hello, > > I have sent an email earlier requesting information about the best > PGP version to install in a zLinux server. Please don't attempt to post to gnupg-announce at gnupg.org. While your messages won't get through it may result in responses from others in this thread going to a lot of people who don't follow the discussion list. Since you have already received one "reply to all" from Werner, this has already happened. Regards, Ben -----BEGIN PGP SIGNATURE----- iQGcBAEBCgAGBQJRMadQAAoJEH/y03E1x1U85L8L/Ryo/qGHGOirdNYGlvm5NAzx opOeJ+ncELcegbJHn/EILlFC8r43m7RUqq0Ul17c69VFSSGS0uLUvI6TP/ixYD5v H/ZLpIv3Lg67X2bhA06Z4JfBXAxbFVqHHb8pK3S3xV7t2nt+oy7BjsuhOUtZ+MQi hS6iXfU+Mqsi0jJu5oab6/wLz8VHRf7Y7viFeeQqXMsz0YzNx7ha4TuIUB9beRpt bCMuwDXorTnFbU6OFiCyuyLUVuvCz3dF8tVfO3RtkGSQBcN3QBglfgIkfrS/GpUr X0Fzh3TAx7AKuul4WJnnhLtuE4UhsliiEdvJRT4BLZpl+1qzX2lxOeSw/36WXf7I XUkqAr8hR3n+0BEhbmlFLmq6o5Tts7Ar/SAwV74tzvsQuC+CoWQf2CgutHLaR9FP 0HUt3PO4TB00LOmiBToEmwK3hSFvsVelFBReuVvymFyqwUZsdki0EeYzyUsl3P5w tCVUUurHWjjC7ryN0j1Yjd1ABWAmTkKAKNkVVd1GiQ== =3a5g -----END PGP SIGNATURE----- From cryptostick at privacyfoundation.de Sat Mar 2 14:49:57 2013 From: cryptostick at privacyfoundation.de (Crypto Stick) Date: Sat, 02 Mar 2013 21:49:57 +0800 Subject: key length for smart card key generation In-Reply-To: <20130301131054.549f1098@zetkin.primekey.se> References: <512FCD75.2070206@digitalbrains.com> <513064BA.7070206@dest-unreach.be> <20130301131054.549f1098@zetkin.primekey.se> Message-ID: <51320385.8010901@privacyfoundation.de> Am 01.03.2013 20:10, schrieb Branko Majic: ... > Now to see if there's any way of using the OpenPGP card through > PKCS#11 :) Try the PKCS#11 framework OpenSC. It supports the OpenPGP Card (and Crypto Stick) since version 0.13. From rjh at sixdemonbag.org Sat Mar 2 17:27:02 2013 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 02 Mar 2013 11:27:02 -0500 Subject: US banks that can send PGP/MIME e-mail In-Reply-To: <32e22ba163cdc3caa426cb95f14ded2a@foto.nl1.torservers.net> References: <511b1f0c685c86a46d2c360abdda0f19@remailer.privacy.at> <512821AD.800 <512A8526.2070903__15992.5139662393$1361741165$gmane$org@sixdemonbag.org> <5a5d5bb2769e2d31f046837ac8642a53@foto.nl1.torservers.net> <512CBA52.8040408__10073.63853646$1361885896$gmane$org@sixdemonbag.org> <32e22ba163cdc3caa426cb95f14ded2a@foto.nl1.torservers.net> Message-ID: <51322856.7050202@sixdemonbag.org> On 3/2/13 11:06 AM, Anonymous wrote: > The installation problem takes care of the other. Hushmail users need > not know any more than yahoo users when opening an account. A HM user > may not even be aware that PGP is in play, or what PGP is. At this point I'm giving up on this conversation. It's pretty clear to me that the thread is going nowhere. From faramir.cl at gmail.com Sat Mar 2 21:58:26 2013 From: faramir.cl at gmail.com (Faramir) Date: Sat, 02 Mar 2013 17:58:26 -0300 Subject: Any value to duplicate signatures? In-Reply-To: <5131B4F2.3010004@dougbarton.us> References: <5131B4F2.3010004@dougbarton.us> Message-ID: <513267F2.3010700@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 02-03-2013 5:14, Doug Barton escribi?: ... > The signatures are from the same keys, same certification level, > everything. The only thing different is the date of the signature > (obviously). > > So the question is, what value, if any, would there be to > importing those signatures, and sending them out to the key > servers? I know that the various -clean options will strip that > down to the most recent, I'm just curious. :) Sometimes signatures include expiration dates, so you need to renew them from time to time to avoid losing them. Other than that... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJRMmfyAAoJEMV4f6PvczxAT9YH/jNOn36sy3MjdwRLc4/Y1suV VRONriU53Wv8aH4jEeDge6xI5Xz3x8sivRuADayWXvCgVAWyKi5Lbau+0GYRyqKY FaBdjYWWc1ntUFdthph6WNp/V2y5ElPeWp1/MEO7x3Q8e/YdtWJoLpVwZFdW3FsF EGoeu90Yb/91nMjqlQZryHmjQRCQh2fE6LKm9nw2A04qjQeZNCWeDnERx8nFEGAD NvdidQAoPHCxiRKsW3UzQ8/OweUDLlFf2kwidMo7+fF9XeOvrrFe30OlozjqU+Px o2auoE5/VyxdcPlfglQAbZwB7R0Rdy5Gmx34nlqsfi0+LQSnmApLvJLX4QYV0xw= =W7UC -----END PGP SIGNATURE----- From anonymous at foto.nl1.torservers.net Sat Mar 2 17:06:11 2013 From: anonymous at foto.nl1.torservers.net (Anonymous) Date: Sat, 2 Mar 2013 11:06:11 -0500 (EST) Subject: US banks that can send PGP/MIME e-mail In-Reply-To: <512CBA52.8040408__10073.63853646$1361885896$gmane$org@sixdemonbag.org> References: <511b1f0c685c86a46d2c360abdda0f19@remailer.privacy.at> <512821AD.800 <512A8526.2070903__15992.5139662393$1361741165$gmane$org@sixdemonbag.org> <5a5d5bb2769e2d31f046837ac8642a53@foto.nl1.torservers.net> <512CBA52.8040408__10073.63853646$1361885896$gmane$org@sixdemonbag.org> Message-ID: <32e22ba163cdc3caa426cb95f14ded2a@foto.nl1.torservers.net> >Figuring out how to install an app is not the problem. Figuring out >how to *use OpenPGP* is the problem. The app is not the same as the >amount of specialized knowledge required to use the app successfully. The installation problem takes care of the other. Hushmail users need not know any more than yahoo users when opening an account. A HM user may not even be aware that PGP is in play, or what PGP is. >OpenPGP has a learning curve like the Matterhorn. This is a >long-known and long-lamented fact. If you can fix that, then maybe >things will change. As things stand, though, I doubt they will >change. It's been fixed. Check out countermail.com, or hushmail.com. >> take the bait. Such an app could embed an email client that does >> everything the advanced users would do, and hide everything >> possible. Such an app could even hide the email address, and hide >> the fact that email is used at all, if they wanted. >Then why bother at all with email and OpenPGP? For the /other/ users. >> They're not good at it. >On the contrary, many of them are phenomenally good at it. >Operations Research is part of the business school in most >universities, and the OR geeks tend to be astonishingly good at what >they do -- which is maximize efficiencies and cut inefficiencies. I'm not sure why you put so much stock into the MBA. An MBA merely makes someone into a good bullshitter, so their idea, however flawed, is better marketed to upper management. In the end, the result is better marketing spin, not better ideas. And worse, better ideas end up losing out to better marketed ideas. When one MBA is pitted against another, the decision makers ignore it anyway, and vote with their gut and use whatever data supports the decision they've already made -- not the other way around. It's a sham. >I understand that many geeks like to look down our noses at people in >the B-schools, but really, that's a shallow prejudice that we as a >community need to get over. There are some alarmingly sharp people >over there. It's really not a good time to attempt to prop these guys up, when every economy in the world is suffering acutely from their colossal and aggregate incompetence. >> A bank forward-thinking enough to cater to nerds with ssh for >> transactions and openpgp for statements would spend the least >> amount on security >I'm going to have to ask to see the business study you're using to >back this up. Do you need a business study to prove that a helicopter costs more to maintain than a bicycle? The contrast is so sharp, one would be a fool to even consider funding such a study. I won't waste any time trying to track down the proof that you're asking for. But I will say that ssh and textual interfaces are decades more mature than javascript, Adobe Flash, Flash cookies, and all the other dodgy shit you find on bank sites (and casino sites alike). And the difference in complexity is staggering -- complexity being directly proportional to defects, which in turn are directly proportional to security vulnerabilites. Moreover, an SSH server wouldn't drag the bank into the vicious pattern of chasing the shiny.. e.g. there would not be a need to work on improving the smoothness of animations that must glide accross the screen. New web frills are emerging on a rapid and ongoing basis - highly unstable. This means the cost of securing it is an ongoing cost. This recurring cost is needed just to keep up with the new bugs that are being introduced -- a cost that comes on top of the normal cost of intrusion detection and incident response. >This is your prejudice, nothing more. I know studies have already proven the relationship between complexity and bugs - although I don't recall where the research was done, it's not just my imagination. And the relationship between bugs and vulnerabilities is security 101. From mixmaster at remailer.privacy.at Sat Mar 2 17:40:15 2013 From: mixmaster at remailer.privacy.at (Anonymous Remailer (austria)) Date: Sat, 2 Mar 2013 17:40:15 +0100 (CET) Subject: US banks that can send PGP/MIME e-mail In-Reply-To: <512C0150.1000500__47574.047468561$1361838510$gmane$org@sixdemonbag.org> References: <511b1f0c685c86a46d2c360abdda0f19@remailer.privacy.at> <512821AD.80 <512A6B64.2090100__40744.9643397287$1361734578$gmane$org@sixdemonbag.org> <512C0150.1000500__47574.047468561$1361838510$gmane$org@sixdemonbag.org> Message-ID: >On 02/25/2013 03:20 PM, Anonymous Remailer (austria) wrote: >> Where does this idea that a business case must be recognized by all >> suppliers for an entire industry in a whole country before it "works"? >No one, but your statement seemed to be a severe overgeneralization. You're the one that said the whole of Germany must implement X in order for idea X to have a business case. It's nonsense. >Declaring that something works "in Germany" has a strong implication >of it working throughout *the whole of* Germany. Certainly not. And nor does it matter. It makes no difference what proportion of Germany the business case is implemented.. but the fact that it works /in/ Germany is somewhat useful to recognize, because every country has consumers with a different mindset, and businesses are regulated under different rules with respect to other regions. I disclosed the fact that the bank was German because you would have (perhaps rightly) asked to know which bank proves that sending openpgp statements to ordinary customers is a workable business case anyway. And it's useful to know where to contrast the rules culture in which the model works. But to claim that it must be implemented in the whole of a country in order to have a viable business case if flawed. > If your intent was instead to say, "Why does it work for these >specific banks?", then I have no objection to that and I think it's a >very reasonable question. Sure, and indeed I identified the particular bank for which the model is shown to work. >> A business case can be viable if there are *zero* implementations, >Like perpetual motion machines, business cases are judged by how well >they work in the real world. That's flawed, because every idea is unproven, and unimplemented in the beginning. If you must witness it working before you build it, you can never see it working because it won't be built until you build it. If you need someone else to implement something first, so you can see it to believe it, then your position still fails because before that other person implemented and proved a viable idea, it was viable, just viable and unimplemented. And where do you get the idea that perpetual motion machines work in theory? It doesn't only fail to be demonstrated in the "real world", it also fails on paper too. So we know it fails before we try to build one, just as we might have known that the printing press had a viable business case before actually building one. I suspect you're one of these people who believes that the market is perfectly efficient -- and so efficient that all good ideas are in play, and every new product or service that does not exist must not be commercially viable until the very day it's rolled out. But I see opportunities missed far too frequently to accept this line of reasoning. >> 1) First of all, you're assuming that the feature is >> officially supported. A bank need not support anything, >> officially. >The discussion is about banks that *send statements via encrypted >email*. If the bank is doing this then it's officially supporting it. Nonsense. We're talking about a privately owned business in a country with freedom of enterprise. They control their resources and services. They can decide what they support officially, and what they support unofficially, and what they fail to support whatsoever. I have a bank who serves my old linux-based browser, and *incidentally* the browser happens to work with that bank. But the bank certainly does not support my browser officially. The browser does not meet the constraints on what they're willing to support. I even signed an agreement acknowledging that I will not get support for products that do not meet the constraints. It's incidental that the browser works. They may not even support my browser unofficially. E.g. if I call them with a problem, they may refuse to so much as /attempt/ to resolve the problem. And rightly so. It's their choice to do so. The bank need not support openpgp. They can implement an in-house closed pgp implementation if they want, and it need not conform to the openpgp standard, if they so choose. Yet there may be incidental cases where openpgp clients can open their statements. >> 2) You're assuming that official support implies unlimited resources >> must be allocated to every call. >No, I'm not. At some point any business will declare a customer to be >too much trouble for the amount of profit made from that person and will >seek to alter or terminate the business relationship. If you stand by this statement, then your original claim is unsupported. That is, a bank need not spend more money supporting users individually. >And if the bank is officially supporting sending customers bank >statements via encrypted email, then yes, the bank does need to offer >technical support or else the bank will soon be losing customers. All banks lose customers. A mission to retain every single one of them would be a recipe for disaster. There's a limited value on retention. >> 3) An hour of tech support costs the bank about $5-10 for the cheap >> labor they've outsourced it to India. Perhaps another $10 if the >> Indian call center has operators who have been trained to lose >> their accent and sound American. >Having seen the balance sheets for tech support costs for a couple of >Fortune 50 firms, I can tell you that you're off by an order of >magnitude. Unfortunately, I'm bound by nondisclosure agreements and >can't really say more than that. $100 for an hourlong session is in the >right ballpark for the firms I have firsthand experience with. If the market can bear that kind of flat cost, then what difference does it make whether a customer calls over a javascript problem, navigation problem, or otherwise? If the contract is written as you say, then the 1 hour pgp call that costs as much as one of the many website problem calls is money well spent. The /website down/ variety of calls alone overshadows the pgp calls that make a majority of website calls moot. IOW, delivered statements means fewer website calls due to reduced need for the web - the website being a service that has less continuity. >>> (a) radical improvements in ease-of-use, >> Partner with hushmail. >So your "solution" involves telling customers, "we will support your >request to use OpenPGP for sending encrypted bank statements, but >only if you agree to use Hushmail for a mail provider, even though >they have a track record of turning cleartext copies of email over to >legal authorities"? [1] No, this is not "my solution". It's an answer to your claim that ease-of-use is necessarily a show stopper. I merely demonstrated that ease of use is not a show stopper -- should some bank seek clients that need something foolproof. Off the cuff, "my solution" would probably not start off by targeting the segment of the market that would need a "PGP for dummies" option. >[1] http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/ That's a classic story that hushmail opponents love to flash around. But it's quite inappropriate here. US law enforcement can trivially ask the bank for someones records - often without a warrant and certainly without getting a Canadian courts blessing. Banks comply without hesitation. In fact, all US mainstream banks have paid lobbyists to push CISPA so that they can cut the court out entirely and share all data. If a client needs to hide their US banking records from the law, Hushmail is the last place they need to worry about. It's as if you left your car door wide open, and you're concerned about the strength of the lock on the other door. >>> (b) radical reductions in technical support costs, >> Don't offer unlimited support. >You seem to think the problem is unlimited support. It's not. The >problem is the instant *any* support is offered it's a minimum $100 >charge (under the model I presented above, where each call has a 1% >chance of terminating a business relationship that would've been worth >$10,000 over its lifetime). The bank can choose whether that 100 dollar invoice is worth the future relationship. And if they determine that the answer is "no", by denying support they would be offering that particular client nothing less than the next bank, who doesn't even offer an unsupported PGP statement. >> The demand need not be "explosive" if you're the only one (or one of >> very few) supplying the demand. >Nobody ever made a fortune by catering to a small and stagnant market. >OpenPGP adoption has, on the whole, badly stagnated. (Email itself is >also stagnating, which is far worse.) This is because in the past 10 years low-tech dummies have flooded into the realm of online services on an astronical scale, saturating the market with naive consumers. The effect of that is not going to continue as a trend going forward, IMO. >> You've failed to make a convincing case for why a business case >> already proven to work in Germany would fail in the US. >A business case which has already shown itself to work *for one >bank*. I only need one bank. >You simply don't have the data to make any argument one way or >another. I don't need it. I'm not starting a bank. Recall that I simply asked if any US banks were doing what the German bank and IB were already doing. Before knowing that some FIs were already doing this, you claimed it would not happen b/c the business case would not work, but failed to substantiate. So the original question still stands. From reynt0 at cs.albany.edu Sun Mar 3 01:08:24 2013 From: reynt0 at cs.albany.edu (reynt0) Date: Sat, 2 Mar 2013 19:08:24 -0500 (EST) Subject: US banks that can send PGP/MIME e-mail In-Reply-To: <32e22ba163cdc3caa426cb95f14ded2a@foto.nl1.torservers.net> References: <511b1f0c685c86a46d2c360abdda0f19@remailer.privacy.at> <512821AD.800 <512A8526.2070903__15992.5139662393$1361741165$gmane$org@sixdemonbag.org> <5a5d5bb2769e2d31f046837ac8642a53@foto.nl1.torservers.net> <512CBA52.8040408__10073.63853646$1361885896$gmane$org@sixdemonbag.org> <32e22ba163cdc3caa426cb95f14ded2a@foto.nl1.torservers.net> Message-ID: On Sat, 2 Mar 2013, Anonymous wrote: . . . > It's really not a good time to attempt to prop these guys up, when > every economy in the world is suffering acutely from their colossal > and aggregate incompetence. Not to mention the situations where available intelligence was used to do various cheats. The level of skill is one necessary aspect to evaluate, the uses of whatever skill level may exist is another and separable aspect. (And then there are the cases where people with public reputations for great intelligence in the financial industry have later been found to be anyhow mainly bold cheats.) >>> A bank forward-thinking enough to cater to nerds with ssh for >>> transactions and openpgp for statements would spend the least >>> amount on security . . . > Moreover, an SSH server wouldn't drag the bank into the vicious > pattern of chasing the shiny.. e.g. there would not be a need to work > on improving the smoothness of animations that must glide accross the > screen. I wonder if banks offer secure communication services to premium cutomers these day, eg high-wealth customers of regular or private banks. I am surprised that is not a market niche being pursued AFAIK, in which spending directly on developing usable and private processes could be distinctive in the market. The individuals in that category whom I have known enough to have some little awareness of their attitudes about financial communications security have seemed not to have such services available from their banks. From frase at frase.id.au Sun Mar 3 08:07:49 2013 From: frase at frase.id.au (Fraser Tweedale) Date: Sun, 3 Mar 2013 17:07:49 +1000 Subject: gcaff - graphical key signing assistant Message-ID: <20130303070748.GO54498@bacardi.hollandpark.frase.id.au> Hi users@, I'd like to introduce you to the graphical key signing tool I have written: gcaff (so named due to caff, the command line program that inspired it). Features include: * display and sign photographic uids * use multiple signing keys at once * choose the certification level on a per-key basis * email each signature separately, only to the associated email address (like caff) To install: `pip install gcaff` More information and source code: https://github.com/frasertweedale/gcaff The program is very much in its infancy and has not been heavily tested (I was intending to put it through its paces signing keys from the linux.conf.au 2013 keysigning party, but I misplaced the fingerprint list in the intervening weeks!) Any testing would be appreciated, along with general feedback, bug reports and patches. Regards, Fraser Tweedale -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 834 bytes Desc: not available URL: From wk at gnupg.org Sun Mar 3 23:17:25 2013 From: wk at gnupg.org (Werner Koch) Date: Sun, 03 Mar 2013 23:17:25 +0100 Subject: PGP for zLinux [full info] In-Reply-To: <5131A751.8010505@adversary.org> (Ben McGinnes's message of "Sat, 02 Mar 2013 18:16:33 +1100") References: <5131A751.8010505@adversary.org> Message-ID: <87d2vgw2kq.fsf@vigenere.g10code.de> On Sat, 2 Mar 2013 08:16, ben at adversary.org said: > list. Since you have already received one "reply to all" from Werner, > this has already happened. I apologize for having being tricked to do a drive by mailing to gnupg-announce. I need to add a check to reject accidental replies to that list. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Sun Mar 3 23:35:01 2013 From: wk at gnupg.org (Werner Koch) Date: Sun, 03 Mar 2013 23:35:01 +0100 Subject: "gpg: Signature made " tamper resistant? In-Reply-To: <513121F5.6030009@riseup.net> (adrelanos@riseup.net's message of "Fri, 01 Mar 2013 21:47:33 +0000") References: <513121F5.6030009@riseup.net> Message-ID: <878v64w1re.fsf@vigenere.g10code.de> On Fri, 1 Mar 2013 22:47, adrelanos at riseup.net said: > Or in other words, is the date and time taken from the signers machine > clock and signed with the signers private key? Yes. The time of the signature is taken from the hashed area of the signature packet, which means that this is part of the signed data. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From sp_xie at yahoo.com Mon Mar 4 00:39:49 2013 From: sp_xie at yahoo.com (Shaoping Xie) Date: Sun, 3 Mar 2013 15:39:49 -0800 (PST) Subject: gpg and double quotation mark problem Message-ID: <1362353989.33278.YahooMailNeo@web160503.mail.bf1.yahoo.com> Greetings: ? ??? I am working on a script to automate the encryption process and have encountered a strange problem: ? ??? Line 1:??? $GPG "$ADDITIONALOPTIONS" -r "$GPGKEY" -o "$OUTPUTFILE" -e "$INPUTFILE" ??? Line 2:????$GPG $ADDITIONALOPTIONS -r $GPGKEY -o $OUTPUTFILE -e $INPUTFILE ??? Line 2 works as expected while line 1 does not work. ??? Any explanation? ??? Thank you, ??? Shaoping -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailinglisten at hauke-laging.de Mon Mar 4 03:01:06 2013 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Mon, 04 Mar 2013 03:01:06 +0100 Subject: gpg and double quotation mark problem In-Reply-To: <1362353989.33278.YahooMailNeo@web160503.mail.bf1.yahoo.com> References: <1362353989.33278.YahooMailNeo@web160503.mail.bf1.yahoo.com> Message-ID: <7325277.rGCgN7neE9@inno> Am So 03.03.2013, 15:39:49 schrieb Shaoping Xie: > I am working on a script to automate the encryption process and have encountered a strange problem: > Line 1: $GPG "$ADDITIONALOPTIONS" -r "$GPGKEY" -o "$OUTPUTFILE" -e "$INPUTFILE" > Line 2: $GPG $ADDITIONALOPTIONS -r $GPGKEY -o $OUTPUTFILE -e $INPUTFILE This is not strange at all as you encounter the same behaviour with more or less all programs (i.e. this problem is not related to GnuPG at all). Usually a program requires so see --arg1 and --arg2 as seperate options. "" makes the shell pass both as one string. That usually doesn't make sense to the program (and even worse: if it does then it's most probably not the intended sense). Hauke -- ? PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04) http://www.openpgp-schulungen.de/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 572 bytes Desc: This is a digitally signed message part. URL: From craig at 2ndquadrant.com Mon Mar 4 03:30:51 2013 From: craig at 2ndquadrant.com (Craig Ringer) Date: Mon, 04 Mar 2013 10:30:51 +0800 Subject: "gpg: Signature made " tamper resistant? In-Reply-To: <878v64w1re.fsf@vigenere.g10code.de> References: <513121F5.6030009@riseup.net> <878v64w1re.fsf@vigenere.g10code.de> Message-ID: <5134075B.5060808@2ndquadrant.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/04/2013 06:35 AM, Werner Koch wrote: > On Fri, 1 Mar 2013 22:47, adrelanos at riseup.net said: > >> Or in other words, is the date and time taken from the signers machine >> clock and signed with the signers private key? > > Yes. The time of the signature is taken from the hashed area of the > signature packet, which means that this is part of the signed data. Along similar lines, I've been wondering for a while if anyone's running a GPG remote timestamping and attestation service, where you can submit text (or the hash of a binary) to the service by web or email and have it sign it with a key only it had access to. The timestamp signature could then be verified by anyone, without relying on the service being up or even the continued existence of the service, in order to prove that at a certain time a certain text existed. I originally wanted this years ago in University, when my uni kept on losing my assignments (grr!) and I wanted a way to prove that they were completed and in the submitted state at a certain time. I've since had other uses for such a service too. I'm increasingly tempted to put a package together to let anyone easily set up and run one (in the hopes that some will) and run one myself. The amount of documentation required to educate people about the basics of the security issues would be a bit daunting, though, and as always time's a concern. I'm hoping something like this already exists and I've just never found it before. - -- Craig Ringer http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJRNAdbAAoJELBXNkqjr+S2Vr4IAKRfWjDtoHA3fKmYY/1ZvN/I WP4H9j9gPDnQSHGB6Nem/hvLdkARprb+IusVP59VfCYW5FJtRTY1+m3SuoRk36Fr oCdjJ/+6D1BsYNo7u4nUYVoI3BcUw4f8f6PTJ3JFI5Q9Ii6lcQIkXArXm8of87sk ZPY9NA/MXOp84xR9HqohIa+Bh2NxTN5gEQsSpQH1At13zcguFnjjjaa8REUWKAxW /4yMOJoWPzLjkKn25QD27HZrYeZPLC8qYNHc76mlMLLT2el5Np9w/HAZ/YXusE+Z xixH5SxXDqazoHR4snd8ONKb7LoRGspoC/49527l5IX+9IBS2snKGvPW/dclNiI= =x5sw -----END PGP SIGNATURE----- From dkg at fifthhorseman.net Mon Mar 4 00:05:03 2013 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Sun, 03 Mar 2013 15:05:03 -0800 Subject: Re-signing keys with higher owner trust In-Reply-To: <5131CB02.5040805@dougbarton.us> References: <20130301233722.5d23af57@spongebob.dsg.to> <5131CB02.5040805@dougbarton.us> Message-ID: <5133D71F.2030909@fifthhorseman.net> On 03/02/2013 01:48 AM, Doug Barton wrote: > On 03/01/2013 03:37 PM, Dav?? Steinn Geirsson wrote: > | I signed a few keys recently using --edit-key and the 'trust' command, > | which did not ask me how well I had verified the users identity, but > | proceeded to generate a 'sig' signature on the keys. I've since found > | out I now need to use the --ask-cert-level option to get this prompt. > | > | As I did extensive verification of the identity of the > | keyholders (verifying government IDs), I'd like to resign these keys > | with a sig3. note that what you're trying to do here is to change the certification level, which is entirely different from changing the "owner trust" mentioned in the subject line. certification level indicates how carefully you verified identity information. this is a subjective measure, and is not actually used by gpg other than to ignore "casual" (sig1) certifications. The certification level might be used by some other OpenPGP implementations, but "generic" certification is so common that those implementations should probably have a reasonable behavior even without a specified cert-level. owner trust, on the other hand, is a private indication (usually only visible to your GnuPG implementation) of how much you are willing to rely on other OpenPGP certifications made by keyholder. These are distinct and orthogonal concepts -- please don't conflate them! > You don't want to revoke the signature, since it is still valid. You > want to use the delsig option when editing the key. or just supply the --expert option to gpg, which should permit you to make a second certification. > If the old signature was ever sent to a key server, it will remain > there, but the new one with the higher cert level will be preferred. While this is true, it's worth noting that the second certiifcation will be preferred because it is more recent than the first, not because of the higher chosen cert-level. hth, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1027 bytes Desc: OpenPGP digital signature URL: From dkg at fifthhorseman.net Mon Mar 4 00:38:49 2013 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Sun, 03 Mar 2013 18:38:49 -0500 Subject: "gpg: Signature made " tamper resistant? In-Reply-To: <513121F5.6030009@riseup.net> References: <513121F5.6030009@riseup.net> Message-ID: <5133DF09.5000301@fifthhorseman.net> On 03/01/2013 01:47 PM, adrelanos wrote: > is the gpg output "gpg: Signature made " tamper resistant? > > Or in other words, is the date and time taken from the signers machine > clock and signed with the signers private key? The signature time is signed with the signer's private key, so you can verify the date/time that the signer intended to put there. There is no way to verify the origin of the timestamp, though (that is, you can't prove that it was taken from the machine clock). Even if LD_PRELOAD hacks like faketime or datefudge didn't exist, a user with physical control of the machine could just reset the clock to whatever they wanted, make the signature, and then reset the clock again. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1027 bytes Desc: OpenPGP digital signature URL: From dkg at fifthhorseman.net Mon Mar 4 04:59:52 2013 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Sun, 03 Mar 2013 22:59:52 -0500 Subject: "gpg: Signature made " tamper resistant? In-Reply-To: <5134075B.5060808@2ndquadrant.com> References: <513121F5.6030009@riseup.net> <878v64w1re.fsf@vigenere.g10code.de> <5134075B.5060808@2ndquadrant.com> Message-ID: <51341C38.4090309@fifthhorseman.net> On 03/03/2013 09:30 PM, Craig Ringer wrote: > I've been wondering for a while if anyone's running > a GPG remote timestamping and attestation service, where you can submit > text (or the hash of a binary) to the service by web or email and have > it sign it with a key only it had access to. The timestamp signature > could then be verified by anyone, without relying on the service being > up or even the continued existence of the service, in order to prove > that at a certain time a certain text existed. Take a look at http://www.itconsult.co.uk/stamper.htm I have no experience with them, but they've been discussed before in this list, if you want to review the archives. You might also be interested in the relevant wikipedia article: https://en.wikipedia.org/wiki/Trusted_timestamping hth, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1027 bytes Desc: OpenPGP digital signature URL: From josef at netpage.dk Mon Mar 4 05:37:28 2013 From: josef at netpage.dk (Josef Schneider) Date: Mon, 4 Mar 2013 05:37:28 +0100 Subject: "gpg: Signature made " tamper resistant? In-Reply-To: <51341C38.4090309@fifthhorseman.net> References: <513121F5.6030009@riseup.net> <878v64w1re.fsf@vigenere.g10code.de> <5134075B.5060808@2ndquadrant.com> <51341C38.4090309@fifthhorseman.net> Message-ID: On Mon, Mar 4, 2013 at 4:59 AM, Daniel Kahn Gillmor wrote: > Take a look at http://www.itconsult.co.uk/stamper.htm > > I have no experience with them, but they've been discussed before in > this list, if you want to review the archives. > > You might also be interested in the relevant wikipedia article: > > https://en.wikipedia.org/wiki/Trusted_timestamping > > hth, > > --dkg Not related to GPG, you might also be interested in https://www.pki.dfn.de/zeitstempeldienst/ which is AFAIK the only free "trustworthy" (meaning it is run by a organisation, not a test server and has some sort of usage terms) RFC 3161 timestamp server. I use it with PDF signatures (using a certificate issued to me by the government http://www.buergerkarte.at/), because it is a lot easier to show average people how Acrobat Reader says everything is OK than explaining GPG. From craig at 2ndquadrant.com Mon Mar 4 05:17:38 2013 From: craig at 2ndquadrant.com (Craig Ringer) Date: Mon, 04 Mar 2013 12:17:38 +0800 Subject: "gpg: Signature made " tamper resistant? In-Reply-To: <51341C38.4090309@fifthhorseman.net> References: <513121F5.6030009@riseup.net> <878v64w1re.fsf@vigenere.g10code.de> <5134075B.5060808@2ndquadrant.com> <51341C38.4090309@fifthhorseman.net> Message-ID: <51342062.4070705@2ndquadrant.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/04/2013 11:59 AM, Daniel Kahn Gillmor wrote: > On 03/03/2013 09:30 PM, Craig Ringer wrote: > >> I've been wondering for a while if anyone's running >> a GPG remote timestamping and attestation service, where you can submit >> text (or the hash of a binary) to the service by web or email and have >> it sign it with a key only it had access to. The timestamp signature >> could then be verified by anyone, without relying on the service being >> up or even the continued existence of the service, in order to prove >> that at a certain time a certain text existed. > > Take a look at http://www.itconsult.co.uk/stamper.htm > > I have no experience with them, but they've been discussed before in > this list, if you want to review the archives. > > You might also be interested in the relevant wikipedia article: > > https://en.wikipedia.org/wiki/Trusted_timestamping > Thankyou. I didn't know the exact term I was looking for, so I hadn't found that. Much appreciated. - -- Craig Ringer http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJRNCBiAAoJELBXNkqjr+S2wSkH/jHzZwjY6LWAOIq4cs+T/a+L G1CTPbJt5BQ3qSrHmlJrvtb2dKc4bjjoyq8fG+AKUGLHFXPPllZH0dkrKJu3UgLW C62CYq3tApAvm0M2cIFoWsOwx6sHTmcVflGbwe+u+cmkKpwDdVHk/s0JcEbB71G8 fyijzUQ+qV+lNdBkYl7y+3MjPDwnucplT9zyFoeANyxgGOvNWPlvSLwtCIjLzQAD Z5HPmFPe0Eo046dycDPtXIvu3YqOYMCgkgqnYlK9b4eYAJwp017Y2kt3bPNZucLq YPfwckz1Py9lkkyPSlLl3zLBCI2wd69aZccFKhXT1kXmN3KdF2vFJ43u4MdQu2E= =P36G -----END PGP SIGNATURE----- From ben at adversary.org Mon Mar 4 07:31:11 2013 From: ben at adversary.org (Ben McGinnes) Date: Mon, 04 Mar 2013 17:31:11 +1100 Subject: PGP for zLinux [full info] In-Reply-To: <87d2vgw2kq.fsf@vigenere.g10code.de> References: <5131A751.8010505@adversary.org> <87d2vgw2kq.fsf@vigenere.g10code.de> Message-ID: <51343FAF.2050302@adversary.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 4/03/13 9:17 AM, Werner Koch wrote: > On Sat, 2 Mar 2013 08:16, ben at adversary.org said: > >> list. Since you have already received one "reply to all" from >> Werner, this has already happened. > > I apologize for having being tricked to do a drive by mailing to > gnupg-announce. I need to add a check to reject accidental replies > to that list. That's fine, but it illustrates the value of a "reply to list" function. Regards, Ben -----BEGIN PGP SIGNATURE----- iQGcBAEBCgAGBQJRND+uAAoJEH/y03E1x1U86cUL/12My+5dyqrsX/26RkALRxfs W6+OsRKG0fUxbXgMCq7VIOoT0KWRLyPQJNIHL0pyg+PudYlMliGYX6/4YNPQXOpz q19jQ8B6veOVekf+599k7rYKdKciYGJcbIhjkV8YFlnXss+gkiF9vraGikBkvskk Wr4lMk5co9MzsgNnWolwbBxHOSfhNUQE8EPwQO9bVN6xV/PdzsqhAEoiAgauTrgb tIQcAGdguXr185RJZB0sNaVcwwZs4zJ/morc+BYIk6YLO8JpTT2QepLBoKLok1JN 8Wgp8/9y+RxqQem5JbB/MKDU/pGQCFXsNwHj1GrVq1bC45Oi8JzW0XSTI4yEKjFL ti4cCHJGlkopmi3tSw53ZPTLRg1jAHFXxnbgDLqTYue1cB84WIb/NAzk5npyzEaP +LnBdx16Ewni8iSRVzSrL8ju5DbXvj7hesF/IA8zvxujUK5Ojt4OGyDAyB+VxTIO QUISiHAr1/4Q95Mh1wnLR7kByUvL8R6FdCQNoGzaeg== =fXQJ -----END PGP SIGNATURE----- From dougb at dougbarton.us Mon Mar 4 07:37:33 2013 From: dougb at dougbarton.us (Doug Barton) Date: Sun, 03 Mar 2013 22:37:33 -0800 Subject: Re-signing keys with higher owner trust In-Reply-To: <5133D71F.2030909@fifthhorseman.net> References: <20130301233722.5d23af57@spongebob.dsg.to> <5131CB02.5040805@dougbarton.us> <5133D71F.2030909@fifthhorseman.net> Message-ID: <5134412D.7070300@dougbarton.us> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 03/03/2013 03:05 PM, Daniel Kahn Gillmor wrote: |> If the old signature was ever sent to a key server, it will |> remain there, but the new one with the higher cert level will be |> preferred. | While this is true, it's worth noting that the second certiifcation | will be preferred because it is more recent than the first, not | because of the higher chosen cert-level. Right, I was trying to keep it simple for the new user. :) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iQEcBAEBCAAGBQJRNEEtAAoJEFzGhvEaGryEEtkH/i37ol3KF8i443dPs5N6tKxu m+upJ5RWVNZ722qjDA17Bz7eOA7gDycdZu/eZbViN/XDQ+nG97UML96ZEIo+ZCBZ s1qxg1yCYLZfQWnEANxFivPVdKr5gMTsXd+nKc6hqFE8uZI/uANuQVYD0D5Awukk np//ESVBBJeLgDbjO2Xv26Tq8fUsKw5UUy8YRzYda5ADeDaKd4WIgxIw324JFrHS nhF5UB3ylI9iJeiflzp40t3YVrC3ZSci4xOzgIwENeX87Q20mo0oN3p1lmU+29CB u+Hhn/XkKyCZxlcwhElKTcwQ1fRHQe/b5Z+ghD1S7oQcBbS/ioHdnPRloXWk4oo= =JydZ -----END PGP SIGNATURE----- From dougb at dougbarton.us Mon Mar 4 08:37:50 2013 From: dougb at dougbarton.us (Doug Barton) Date: Sun, 03 Mar 2013 23:37:50 -0800 Subject: Possible to use GNUPGHOME as a variable inside gpg.conf? In-Reply-To: <512CD838.8070502@dougbarton.us> References: <512CD838.8070502@dougbarton.us> Message-ID: <51344F4E.9020804@dougbarton.us> On 02/26/2013 07:43 AM, Doug Barton wrote: > In pursuing the hpks:// issue further, I'm wondering if it would be > possible to specify GNUPGHOME as a variable in the gpg.conf file so that > I could use: > > keyserver-options > ca-cert-file=$GNUPGHOME/ca.hkps.pool.sks-keyservers.net.cert > > Since I have to specify a path anyway, I was hoping to keep the cert > with my conf file. No takers on this? Doug From wk at gnupg.org Mon Mar 4 11:13:10 2013 From: wk at gnupg.org (Werner Koch) Date: Mon, 04 Mar 2013 11:13:10 +0100 Subject: GnuPG future timestamp checks and security In-Reply-To: (Casey Marshall's message of "Wed, 27 Feb 2013 10:01:39 -0600") References: Message-ID: <87zjyjv5ft.fsf@vigenere.g10code.de> On Wed, 27 Feb 2013 17:01, casey.marshall at gmail.com said: > I'm considering ignoring the time checks (--ignore-time-conflict, > --ignore-valid-from) due to clock drift being a common problem in my > application. That is why we added these options. > What was the motivation for adding the timestamp checks? Specifically, > are there security implications to disabling them I should be > concerned about? A bad timestamp may be a sign for some other bug on the sending site. whether it is a security problem, depends on the application. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From branko at majic.rs Tue Mar 5 09:53:16 2013 From: branko at majic.rs (Branko Majic) Date: Tue, 5 Mar 2013 09:53:16 +0100 Subject: Alternate method for verifying PGP signatures Message-ID: <20130305095316.5de78424@zetkin.primekey.se> Well, the latest XKCD features an alternate method for verifying the PGP signatures: https://xkcd.com/1181/ Best regards :) P.S. Sorry, but I just couldn't resist :) -- Branko Majic Jabber: branko at majic.rs Please use only Free formats when sending attachments to me. ?????? ????? ?????: branko at majic.rs ????? ??? ?? ??????? ?????? ????????? ? ????????? ?????????. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From Ivanbrodsky at hotmail.com Tue Mar 5 00:25:16 2013 From: Ivanbrodsky at hotmail.com (BassToGo123) Date: Mon, 4 Mar 2013 15:25:16 -0800 (PST) Subject: Public Keys not showing up in "Choose Recipients" In-Reply-To: <1362118442480-29987.post@n7.nabble.com> References: <1362118442480-29987.post@n7.nabble.com> Message-ID: <1362439516875-30072.post@n7.nabble.com> Can anyone help me? This sounds like a fairly simple problem to fix for someone who knows what they are doing. -- View this message in context: http://gnupg.10057.n7.nabble.com/Public-Keys-not-showing-up-in-Choose-Recipients-tp29987p30072.html Sent from the GnuPG - User mailing list archive at Nabble.com. From Ivanbrodsky at hotmail.com Tue Mar 5 00:26:41 2013 From: Ivanbrodsky at hotmail.com (BassToGo123) Date: Mon, 4 Mar 2013 15:26:41 -0800 (PST) Subject: Public Keys not showing up in "Choose Recipients" In-Reply-To: <1362439516875-30072.post@n7.nabble.com> References: <1362118442480-29987.post@n7.nabble.com> <1362439516875-30072.post@n7.nabble.com> Message-ID: Please post Sent from my iPhone On Mar 4, 2013, at 3:25 PM, "BassToGo123 [via GnuPG]" wrote: > Can anyone help me? This sounds like a fairly simple problem to fix for someone who knows what they are doing. > > If you reply to this email, your message will be added to the discussion below: > http://gnupg.10057.n7.nabble.com/Public-Keys-not-showing-up-in-Choose-Recipients-tp29987p30072.html > To unsubscribe from Public Keys not showing up in "Choose Recipients", click here. > NAML -- View this message in context: http://gnupg.10057.n7.nabble.com/Public-Keys-not-showing-up-in-Choose-Recipients-tp29987p30073.html Sent from the GnuPG - User mailing list archive at Nabble.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From peter at digitalbrains.com Tue Mar 5 13:57:27 2013 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 05 Mar 2013 13:57:27 +0100 Subject: Public Keys not showing up in "Choose Recipients" In-Reply-To: References: <1362118442480-29987.post@n7.nabble.com> <1362439516875-30072.post@n7.nabble.com> Message-ID: <5135EBB7.5080107@digitalbrains.com> On 05/03/13 00:26, BassToGo123 wrote: > Please post >> Can anyone help me? People on this list are not paid to answer your questions. Asking twice with a minute in between is not very civil in my eyes. And perhaps it takes a few days for someone to /have the time/ and inclination to help you further, so even the frist "can anyone help me" in less than two days is, IMHO, a bit impatient. That said, I think this question isn't answered very quickly because this seems the wrong place to ask. You seem to have a problem with a tool called GPG Keychain Access or one called iOS Notepad or a plugin to that program. This is the list for GnuPG, to which, I presume, these programs are a frontend; a graphical interface. You might be better off looking for the support forum for these tools rather than asking here. By the way, some keys are not capable of receiving encrypted mail. This is related to so-called "capabilities". Have you checked with the owners of the keys you chose that they are capable of receiving encrypted mail with those keys? Because this would be an obvious reason why the keys don't show up as encryption targets, and your bit about the keys having no subkeys made me think this could be the case. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From phillip at gardner.name Tue Mar 5 19:52:39 2013 From: phillip at gardner.name (Phillip Gardner) Date: Tue, 5 Mar 2013 13:52:39 -0500 Subject: using same symmetric key for multiple files Message-ID: I am using tar to create a backup file of important personal files on my hard disk. I want to store this tar file on another computer which is far away in case something bad happens to my apartment such as a hurricane. (I love in Florida!) Unfortunately, this distant computer is not very secure. So, I am using this command to encrypt my tar file: gpg2 --symmetric --force-mdc --cipher-algo AES256 backup20130405.tar I try to do a backup every day and copy the backup file to this distant computer. The result being, that there are lots of backup files stored on this distant computer, one for each day for the last 20 or 30 days. I am using the same key every time I encrypt the tar file. Is it a problem using the same key when encrypting multiple files which will all be stored together? These files were very similar in content prior to being encrypted. Thanks for your help! From Ivanbrodsky at hotmail.com Tue Mar 5 17:45:03 2013 From: Ivanbrodsky at hotmail.com (BassToGo123) Date: Tue, 5 Mar 2013 08:45:03 -0800 (PST) Subject: Public Keys not showing up in "Choose Recipients" In-Reply-To: <5135EBB7.5080107@digitalbrains.com> References: <1362118442480-29987.post@n7.nabble.com> <1362439516875-30072.post@n7.nabble.com> <5135EBB7.5080107@digitalbrains.com> Message-ID: I apologize for my inpatients. I have scoured the internet for a discussion board or some other way of finding support for this program, and this board is the only one I could find. Not that it matters to anyone here, but not resolving this problem in a timely fashion is going to cost me. If you or anyone here knows of a support forum, I'd love to hear about it as I simply cannot locate one and this is the first place that comes up when looking for such a place. I cannot thank you enough for your reply. This subkey, if a public key is imported (the key offered with the intent of it being used to write with) without a subkey included, it is simply unable to be written with by choice of its owner? Sent from my iPhone On Mar 5, 2013, at 5:01 AM, "Peter Lebbing [via GnuPG]" wrote: > On 05/03/13 00:26, BassToGo123 wrote: > > Please post > >> Can anyone help me? > > People on this list are not paid to answer your questions. Asking twice with a > minute in between is not very civil in my eyes. And perhaps it takes a few days > for someone to /have the time/ and inclination to help you further, so even the > frist "can anyone help me" in less than two days is, IMHO, a bit impatient. > > That said, I think this question isn't answered very quickly because this seems > the wrong place to ask. You seem to have a problem with a tool called GPG > Keychain Access or one called iOS Notepad or a plugin to that program. This is > the list for GnuPG, to which, I presume, these programs are a frontend; a > graphical interface. You might be better off looking for the support forum for > these tools rather than asking here. > > By the way, some keys are not capable of receiving encrypted mail. This is > related to so-called "capabilities". Have you checked with the owners of the > keys you chose that they are capable of receiving encrypted mail with those > keys? Because this would be an obvious reason why the keys don't show up as > encryption targets, and your bit about the keys having no subkeys made me think > this could be the case. > > Peter. > > -- > I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. > You can send me encrypted mail if you want some privacy. > My key is available at > > _______________________________________________ > Gnupg-users mailing list > [hidden email] > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > > If you reply to this email, your message will be added to the discussion below: > http://gnupg.10057.n7.nabble.com/Public-Keys-not-showing-up-in-Choose-Recipients-tp29987p30080.html > To unsubscribe from Public Keys not showing up in "Choose Recipients", click here. > NAML -- View this message in context: http://gnupg.10057.n7.nabble.com/Public-Keys-not-showing-up-in-Choose-Recipients-tp29987p30081.html Sent from the GnuPG - User mailing list archive at Nabble.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From kristian.fiskerstrand at sumptuouscapital.com Tue Mar 5 22:18:34 2013 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Tue, 05 Mar 2013 22:18:34 +0100 Subject: [Sks-devel] pool.sks-keyservers.net issues In-Reply-To: <20130301080412.GA95912@redoubt.spodhuis.org> References: <512C69AA.2010407@dest-unreach.be> <512C6ED5.5010407@fifthhorseman.net> <1830015963-1361870503-cardhu_decombobulator_blackberry.rim.net-1692014181-@b27.c12.bise7.blackberry> <512DD873.7000507@dest-unreach.be> <20130227235027.GB16276@redoubt.spodhuis.org> <512F1182.7080700@dest-unreach.be> <20130228083610.GA23455@redoubt.spodhuis.org> <512F9554.60900@dougbarton.us> <512F976C.3080101@sumptuouscapital.com> <512F9B7A.8050605@dougbarton.us> <20130301080412.GA95912@redoubt.spodhuis.org> Message-ID: <5136612A.80407@sumptuouscapital.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 03/01/2013 09:04 AM, Phil Pennock wrote: > Short version: bad interaction of GnuPG, cURL and Apache. Can > probably be worked around in Apache config, can definitely be > worked around in GnuPG code, should aim to get both done. > ... > > Kristian: I suggest that a pool check might try an HTTP/1.1 POST > with an Expect: header and exclude from the main pools any server > where this fails. > I have now added the check for this case. Seems the original server causing the issue has fixed the setup, however I identified a second server in the process that is currently excluded from the pool with status "HTTP/1.1 POST error (417)" [0] References: [0] http://sks-keyservers.net/status/info/sks.ecks.ca Thanks for the suggestion! - -- - ---------------------------- Kristian Fiskerstrand Twitter: @krifisk - ---------------------------- Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Aquila non capit muscas The eagle does not hunt flies -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.0-beta163 (GNU/Linux) iQIcBAEBCAAGBQJRNmEqAAoJEAt/i2Dj7frjITsQAKSNXpo/7Bk+IPcs6P4TXaTX d7BVqAr7AlsVwSSTjvSmQvZflFqXzArTu5+0sYokAXRlMgQbdlK8bvilPrBNVH2Q Wggu+iSGSQHA0pBIljuc1SwKy9ti0NEyiwVsvOQdFWZQjTtRRFHKTN2KqMtgOl5o kPvV3Dd2MtjYjyq1miw0yyY79Xj/wy4O0wsSw6ks99fPtapKJyMv99n851H+hJBp JBXOS2+Tzht9jqi285fvJWKQaRtGqZTW8IKlEwqYr5xT8bMrMQNhWj9997GsXVD+ +1gGwUWCsUkmE5AwKZ1N4IK5m90G3aaUDswK8zZ1E8AM+DtwImTnEewyz7LvZKHL iu0MMr5qbwDdt3FUoN6djk329e40CO5TqydELggqF8Hu4FvEDa9pvJiI2mplYJkw Kis9Sdo1a0QZx5/wz5Aa6TL/3NrSJBl5DikOZnfnUo2obUUyWIYwKjnrYc05da1r VB4HFOocnAu0l6+mRODNJQ3Tw0wiJfICRV6nbgLpDBoFNvpCygRxnKu7Yj3XGcW0 L6LdV8L5ed4mRYMSkFnMJMzgMS1AWrRUGMdClLfOKegMQozUEzhf/R63ekLECbRA nHhbz/BX5i0TN4GiUc6b43qnzJmCcz/HqhCNPcllhsHz0BYmgXYT/XxU71pxAdWv xZngGalpNwqCN0lRsFSF =5JCa -----END PGP SIGNATURE----- From dougb at dougbarton.us Wed Mar 6 05:18:22 2013 From: dougb at dougbarton.us (Doug Barton) Date: Tue, 05 Mar 2013 20:18:22 -0800 Subject: [Sks-devel] pool.sks-keyservers.net issues In-Reply-To: <5136612A.80407@sumptuouscapital.com> References: <512C69AA.2010407@dest-unreach.be> <512C6ED5.5010407@fifthhorseman.net> <1830015963-1361870503-cardhu_decombobulator_blackberry.rim.net-1692014181-@b27.c12.bise7.blackberry> <512DD873.7000507@dest-unreach.be> <20130227235027.GB16276@redoubt.spodhuis.org> <512F1182.7080700@dest-unreach.be> <20130228083610.GA23455@redoubt.spodhuis.org> <512F9554.60900@dougbarton.us> <512F976C.3080101@sumptuouscapital.com> <512F9B7A.8050605@dougbarton.us> <20130301080412.GA95912@redoubt.spodhuis.org> <5136612A.80407@sumptuouscapital.com> Message-ID: <5136C38E.9040005@dougbarton.us> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 03/05/2013 01:18 PM, Kristian Fiskerstrand wrote: | Thanks for the suggestion! It was Phil's idea, I was just whining about the problem I saw. :) Doug -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iQEcBAEBCAAGBQJRNsOOAAoJEFzGhvEaGryEnNYIALXWhUXEoFW0DEUxUUmOQnyR uExXdmJdAGGyvgKPM5zksU4VpYQc/7vOa17qgn44d9+UhbXWyQkysAaI2l0DfCTT 11dpXEZbEmXKomlEeqyWOEOddr7N1bKjROpStz+b0iqgJu8Wa0BYO9cC4PU11Sr2 9JgoR3u541f0hoLJcuBda1jlum5Pr0P7bfDzs0lHJ1keFA10zib4YxqV3MqZ7Xqf 72c5/EDp73JrO+UdibEDW0d1uHllt/phx4OGSrGwX2ovA+TahNwkyWxhs3RXsbfA aDB7pG9b4C0XZwHWwfX1K7RBevBLSgtHekhF2OUdfOfjAfHW3dYbpNFRqQhoJsg= =Dm2S -----END PGP SIGNATURE----- From Dave.Smith at st.com Wed Mar 6 10:23:24 2013 From: Dave.Smith at st.com (David Smith) Date: Wed, 6 Mar 2013 09:23:24 +0000 Subject: Public Keys not showing up in "Choose Recipients" In-Reply-To: References: <1362118442480-29987.post@n7.nabble.com> <1362439516875-30072.post@n7.nabble.com> <5135EBB7.5080107@digitalbrains.com> Message-ID: <51370B0C.8020709@st.com> On 03/05/13 16:45, BassToGo123 wrote: > I apologize for my inpatients. I have scoured the internet for a > discussion board or some other way of finding support for this program, > and this board is the only one I could find. Not that it matters to > anyone here, but not resolving this problem in a timely fashion is going > to cost me. > > If you or anyone here knows of a support forum, I'd love to hear about > it as I simply cannot locate one and this is the first place that comes > up when looking for such a place. > > I cannot thank you enough for your reply. This subkey, if a public key > is imported (the key offered with the intent of it being used to write > with) without a subkey included, it is simply unable to be written with > by choice of its owner? Some reasons why the key may be unusable: 1. It may be expired. Keys can be (and often are) generated with expiry dates. Even if the key has an expiry date in the future, there may be a problem with the clock setting on the sending device - it could be set to a date in the future, past the expiry date of the key. Also, I believe I am correct in saying that once gpg has noticed that a key has expired, it marks the key as expired, which is a one-way process. So, whilst the clock may be correct now, it could have been wrong in the past, causing gpg to mark the key as expired, and now the clock is correctly set, the key is still marked as expired. To fix this, you could delete and re-import the key. 2. It may require the use of an algorithm which is not supported - for example, the key may have been generated for use with the IDEA algorithm, which isn't supported in many versions of GnuPG. Outside of this, I'm not sure what to suggest. You've not said which OS you're using; if you are using one of the Unix variants, I would suggest running "gpg --list-keys " and then posting the result to the list. If you're running a different OS, then I'm not entirely sure how you get to this information. I'm also not entirely sure whether you're running GnuPG or not - maybe the programs you are using are a front-end for gpg, maybe not. You've used the terms "GPG Keychain Access" and "PGP Keychain Access", so I don't know whether you're using PGP, GnuPG, or something else altogether. Note that "OpenPGP" refers to the data format of the encrypted file (and the algorithms required to produce and use it), not any particular application, so the application(s) you are using may have no relevance to GnuPG whatsoever. HTH... From wk at gnupg.org Wed Mar 6 10:20:52 2013 From: wk at gnupg.org (Werner Koch) Date: Wed, 06 Mar 2013 10:20:52 +0100 Subject: Public Keys not showing up in "Choose Recipients" In-Reply-To: (BassToGo's message of "Tue, 5 Mar 2013 08:45:03 -0800 (PST)") References: <1362118442480-29987.post@n7.nabble.com> <1362439516875-30072.post@n7.nabble.com> <5135EBB7.5080107@digitalbrains.com> Message-ID: <87y5e0khor.fsf@vigenere.g10code.de> On Tue, 5 Mar 2013 17:45, Ivanbrodsky at hotmail.com said: > program, and this board is the only one I could find. Not that it > matters to anyone here, but not resolving this problem in a timely > fashion is going to cost me. There is an easy solution to your problem: Consult http://gnupg.org/service.html and pick a company to help you. > Sent from my iPhone Your iPhone may want to consult http://www.netmeister.org/news/learn2quote.html . Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From peter at digitalbrains.com Wed Mar 6 18:57:47 2013 From: peter at digitalbrains.com (Peter Lebbing) Date: Wed, 06 Mar 2013 18:57:47 +0100 Subject: using same symmetric key for multiple files In-Reply-To: References: Message-ID: <5137839B.5090707@digitalbrains.com> On 05/03/13 19:52, Phillip Gardner wrote: > gpg2 --symmetric --force-mdc --cipher-algo AES256 backup20130405.tar > Is it a problem using the same key when encrypting multiple files which will > all be stored together? These files were very similar in content prior to > being encrypted. 1) It is irrelevant that the files were similar. The passphrase you choose is used to encrypt a random session key, and the random session key encrypts the data. So the passphrase never "comes into direct contact" with the data cryptographically. 2) While in theory there are attacks thinkable that can exploit the fact that the passphrase is the same each time, the passphrase is also salted before being used as keying material, so the actual key used changes each time. The material being encrypted also changes each time (the random session key with an algorithm specifier prepended), and is very small. I doubt an attacker would gain something by having multiple Symmetric-Key Encrypted Session Key packets all created with the same passphrase. But some of the experts here might know a sweet attack. Or some of those nasty experts that don't share it here but rather go after your data. I think you're safe. But why don't you just create a keypair and encrypt to yourself? It does obviously mean you should have a good backup of it somewhere, outside Florida, even though you love in Florida. Spread the love! ;) There is the slight thingy that someone can replace your encrypted data with other, also correctly decrypting data, since your public key is usually public. So you should sign then too if you're worried about that. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From phillip at gardner.name Wed Mar 6 19:44:45 2013 From: phillip at gardner.name (Phillip Gardner) Date: Wed, 6 Mar 2013 13:44:45 -0500 Subject: using same symmetric key for multiple files In-Reply-To: <5137839B.5090707@digitalbrains.com> References: <5137839B.5090707@digitalbrains.com> Message-ID: <6587D48E-F1EE-46F3-BF51-9FB6E2BB96BC@gardner.name> Thanks very much for your detailed reply which was very helpful. On Mar 6, 2013, at 12:57 PM, Peter Lebbing wrote: > On 05/03/13 19:52, Phillip Gardner wrote: >> gpg2 --symmetric --force-mdc --cipher-algo AES256 backup20130405.tar > >> Is it a problem using the same key when encrypting multiple files which will >> all be stored together? These files were very similar in content prior to >> being encrypted. > > 1) It is irrelevant that the files were similar. The passphrase you choose is > used to encrypt a random session key, and the random session key encrypts the > data. So the passphrase never "comes into direct contact" with the data > cryptographically. > > 2) While in theory there are attacks thinkable that can exploit the fact that > the passphrase is the same each time, the passphrase is also salted before being > used as keying material, so the actual key used changes each time. The material > being encrypted also changes each time (the random session key with an algorithm > specifier prepended), and is very small. > > I doubt an attacker would gain something by having multiple Symmetric-Key > Encrypted Session Key packets all created with the same passphrase. But some of > the experts here might know a sweet attack. Or some of those nasty experts that > don't share it here but rather go after your data. > > I think you're safe. But why don't you just create a keypair and encrypt to > yourself? It does obviously mean you should have a good backup of it somewhere, > outside Florida, even though you love in Florida. Spread the love! ;) > > There is the slight thingy that someone can replace your encrypted data with > other, also correctly decrypting data, since your public key is usually public. > So you should sign then too if you're worried about that. > > HTH, > > Peter. > > -- > I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. > You can send me encrypted mail if you want some privacy. > My key is available at From wk at gnupg.org Thu Mar 7 14:41:46 2013 From: wk at gnupg.org (Werner Koch) Date: Thu, 07 Mar 2013 14:41:46 +0100 Subject: Possible to use GNUPGHOME as a variable inside gpg.conf? In-Reply-To: <512CD838.8070502@dougbarton.us> (Doug Barton's message of "Tue, 26 Feb 2013 07:43:52 -0800") References: <512CD838.8070502@dougbarton.us> Message-ID: <87ppzbe38l.fsf@vigenere.g10code.de> On Tue, 26 Feb 2013 16:43, dougb at dougbarton.us said: > keyserver-options > ca-cert-file=$GNUPGHOME/ca.hkps.pool.sks-keyservers.net.cert I see that it can make sense to have such variables. However, we will need to add a meta option to allow such variable substitution. Thus if you want to do that you would need to use something like enable-var-subst somepath $gnupghome/foo.bar We have something similar in gpg-connect-agent, where variables have been added only later and thus over there you need to use /subst. The available variables would only be those known to GnuPG and not arbitrary envvars. In particular those available with "gpgconf --list-dirs". Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Thu Mar 7 14:49:45 2013 From: wk at gnupg.org (Werner Koch) Date: Thu, 07 Mar 2013 14:49:45 +0100 Subject: OpenPGP card reset procedure In-Reply-To: <512E0373.1040503@dest-unreach.be> (Niels Laukens's message of "Wed, 27 Feb 2013 14:00:35 +0100") References: <512E0373.1040503@dest-unreach.be> Message-ID: <87li9ze2va.fsf@vigenere.g10code.de> On Wed, 27 Feb 2013 14:00, niels at dest-unreach.be said: > sending 4 VERIFY-commands with the same (wrong) PINcode. > It next locks the Admin PIN using a similar procedure. Right. > According to my understanding, this will ACTIVATE FILE, and next > TERMINATE DF. > > While the spec seems to indicate the reverse should be done: You are right, I once messed it up somewhere but meahwhile my gpg-connect-agent script to reset the card is: /hex scd serialno scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 scd apdu 00 44 00 00 scd apdu 00 e6 00 00 /echo card has been reset to factory defaults Which is as it should be. > Either way, the procedure (with first ACTIVATE and next TERMINATE) seems > to work, I just don't understand how... That is a bug in the card. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From adrelanos at riseup.net Thu Mar 7 15:44:18 2013 From: adrelanos at riseup.net (adrelanos) Date: Thu, 07 Mar 2013 14:44:18 +0000 Subject: /etc/gnugpg.d/ In-Reply-To: <87ppzbe38l.fsf@vigenere.g10code.de> References: <512CD838.8070502@dougbarton.us> <87ppzbe38l.fsf@vigenere.g10code.de> Message-ID: <5138A7C2.6060602@riseup.net> What about having /etc/gnugpg.d/ where you can drop configuration files just you can drop them into /etc/apt/apt.conf.d/? For example someone could make a hkps distro package, get the certificate into the correct place and drop a configuration file to use the certificate. Werner Koch: > On Tue, 26 Feb 2013 16:43, dougb at dougbarton.us said: > >> keyserver-options >> ca-cert-file=$GNUPGHOME/ca.hkps.pool.sks-keyservers.net.cert > > I see that it can make sense to have such variables. However, we will > need to add a meta option to allow such variable substitution. Thus if > you want to do that you would need to use something like > > enable-var-subst > somepath $gnupghome/foo.bar > > We have something similar in gpg-connect-agent, where variables have > been added only later and thus over there you need to use /subst. > > The available variables would only be those known to GnuPG and not > arbitrary envvars. In particular those available with "gpgconf > --list-dirs". From nobody at dizum.com Sun Mar 3 11:24:43 2013 From: nobody at dizum.com (Nomen Nescio) Date: Sun, 3 Mar 2013 11:24:43 +0100 (CET) Subject: US banks that can send PGP/MIME e-mail References: <511b1f0c685c86a46d2c360abdda0f19@remailer.privacy.at> <512821AD.800 <20130223112631.637ca22c__44641.8568063111$1361640284$gmane$org@scorpio> Message-ID: <9554e7f2f245f6bb1f47442b99d63f70@dizum.com> On 2013-02-23, Jerry wrote: > > Well, each to his/her own I suppose; however, I would not approve of > the file being sent to my PC regardless. There is always the > possibility of the email being intercepted and exploited or my PC being > compromised. There is a security element to this, but it actually works the other way around. SSL is considerably *less* secure than an openPGP message. Here's why: * CAs: SSL requires you to trust a certificate authority (and to date CAs have already been exploited). * MitM: There are also a number of MitM techniques that work on HTTPS connections. One attack that comes to mind involves establishing a non-SSL connection to the customer. They get no pop-up about a bad cert because there's no cert involved. The attacker even uses an icon of a padlock for the site, so if the customer is careful enough to look for the padlock, but not careful enough to look where the browser puts it, they will be fooled. Alternatively, an attacker can simply use an untrusted cert knowing that many people will just click through their browsers popup warning anyway because they cannot be bothered. * Phishing: There are many tricks that bait customers into logging into a rogue site that masquerades as their banks, ultimately creating a compromising interaction would be avoided if the statement were properly delivered. * storage: When a customer downloads their PDF statement over https, the PDF is unencrypted and it remains in that state, vulnerable to anyone who penetrates their home pc. Securing the storage requires additional effort on the part of the customer (generally unlikely). OTOH, if PGP is used, the statement is encrypted in storage by default. A customer would have to proactively decrypt the attachment with intent to archive it in the clear in order to achieve the same vulnerability as the status quo. > If I want confidential information delivered to my PC, that should > be my business. If an institution wanted to offer that option, and > thereby being issued a released of responsibility, I have no > objections to it. You would not need any such release of liability. All natural people banking in the US are free of liability per regulation E. (I say "natural" people, because businesses do not get reg. E protection). Although banks bear the liability for poor security choices, they generally do not care. They just need a facade that complies with the poor standards and comforts the relatively street-unwise shareholders. IOW, they only need to *appear* secure, they don't actually care to *be* secure. Hence why they don't bother with PGP. If banks had a genuine interest in security, they would at a bare minimum be PGP clear-signing their e-mail notices to customers. It would impose no technical changes on their customers, but customers keen to detect phishing could do so, and the bank could then honestly say that they've taken an effective step toward mitigating phishing attacks. Dumb user tools could then be created that makes it possible for everyone to detect phishing attacks, not just those who are keen. > I do not consider the clicking on of a secure link and downloading the > document to be an inconvenience, but rather a security feature, Requiring a periodic human interaction is obviously less convenient for the human. And as I pointed out, it simultaneously less secure. From nobody at dizum.com Sun Mar 3 21:47:16 2013 From: nobody at dizum.com (Nomen Nescio) Date: Sun, 3 Mar 2013 21:47:16 +0100 (CET) Subject: US banks that can send PGP/MIME e-mail In-Reply-To: <512CBA52.8040408__10073.63853646$1361885896$gmane$org@sixdemonbag.org> References: <511b1f0c685c86a46d2c360abdda0f19@remailer.privacy.at> <512821AD.800 <512A8526.2070903__15992.5139662393$1361741165$gmane$org@sixdemonbag.org> <5a5d5bb2769e2d31f046837ac8642a53@foto.nl1.torservers.net> <512CBA52.8040408__10073.63853646$1361885896$gmane$org@sixdemonbag.org> Message-ID: <32e22ba163cdc3caa426cb95f14ded2a@dizum.com> >Figuring out how to install an app is not the problem. Figuring out >how to *use OpenPGP* is the problem. The app is not the same as the >amount of specialized knowledge required to use the app successfully. The installation problem takes care of the other. Hushmail users need not know any more than yahoo users when opening an account. A HM user may not even be aware that PGP is in play, or what PGP is. >OpenPGP has a learning curve like the Matterhorn. This is a >long-known and long-lamented fact. If you can fix that, then maybe >things will change. As things stand, though, I doubt they will >change. It's been fixed. Check out countermail.com, or hushmail.com. >> take the bait. Such an app could embed an email client that does >> everything the advanced users would do, and hide everything >> possible. Such an app could even hide the email address, and hide >> the fact that email is used at all, if they wanted. >Then why bother at all with email and OpenPGP? For the /other/ users. >> They're not good at it. >On the contrary, many of them are phenomenally good at it. >Operations Research is part of the business school in most >universities, and the OR geeks tend to be astonishingly good at what >they do -- which is maximize efficiencies and cut inefficiencies. I'm not sure why you put so much stock into the MBA. An MBA merely makes someone into a good bullshitter, so their idea, however flawed, is better marketed to upper management. In the end, the result is better marketing spin, not better ideas. And worse, better ideas end up losing out to better marketed ideas. When one MBA is pitted against another, the decision makers ignore it anyway, and vote with their gut and use whatever data supports the decision they've already made -- not the other way around. It's a sham. >I understand that many geeks like to look down our noses at people in >the B-schools, but really, that's a shallow prejudice that we as a >community need to get over. There are some alarmingly sharp people >over there. It's really not a good time to attempt to prop these guys up, when every economy in the world is suffering acutely from their colossal and aggregate incompetence. >> A bank forward-thinking enough to cater to nerds with ssh for >> transactions and openpgp for statements would spend the least >> amount on security >I'm going to have to ask to see the business study you're using to >back this up. Do you need a business study to prove that a helicopter costs more to maintain than a bicycle? The contrast is so sharp, one would be a fool to even consider funding such a study. I won't waste any time trying to track down the proof that you're asking for. But I will say that ssh and textual interfaces are decades more mature than javascript, Adobe Flash, Flash cookies, and all the other dodgy shit you find on bank sites (and casino sites alike). And the difference in complexity is staggering -- complexity being directly proportional to defects, which in turn are directly proportional to security vulnerabilites. Moreover, an SSH server wouldn't drag the bank into the vicious pattern of chasing the shiny.. e.g. there would not be a need to work on improving the smoothness of animations that must glide accross the screen. New web frills are emerging on a rapid and ongoing basis - highly unstable. This means the cost of securing it is an ongoing cost. This recurring cost is needed just to keep up with the new bugs that are being introduced -- a cost that comes on top of the normal cost of intrusion detection and incident response. >This is your prejudice, nothing more. I know studies have already proven the relationship between complexity and bugs - although I don't recall where the research was done, it's not just my imagination. And the relationship between bugs and vulnerabilities is security 101. From wk at gnupg.org Thu Mar 7 18:26:17 2013 From: wk at gnupg.org (Werner Koch) Date: Thu, 07 Mar 2013 18:26:17 +0100 Subject: /etc/gnugpg.d/ In-Reply-To: <5138A7C2.6060602@riseup.net> (adrelanos@riseup.net's message of "Thu, 07 Mar 2013 14:44:18 +0000") References: <512CD838.8070502@dougbarton.us> <87ppzbe38l.fsf@vigenere.g10code.de> <5138A7C2.6060602@riseup.net> Message-ID: <87hakndsue.fsf@vigenere.g10code.de> On Thu, 7 Mar 2013 15:44, adrelanos at riseup.net said: > What about having /etc/gnugpg.d/ where you can drop configuration files > just you can drop them into /etc/apt/apt.conf.d/? In general I consider those configuration directories a bad idea. They are nice at the first view because they make packaging easy but after all they are unreadable. Sure, for some applications they make sense (/etc/pam.d/) but definitely not for GnuPG. I also miss to understand how they would help to solve the OPs problem. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From dougb at dougbarton.us Thu Mar 7 19:20:08 2013 From: dougb at dougbarton.us (Doug Barton) Date: Thu, 07 Mar 2013 10:20:08 -0800 Subject: /etc/gnugpg.d/ In-Reply-To: <87hakndsue.fsf@vigenere.g10code.de> References: <512CD838.8070502@dougbarton.us> <87ppzbe38l.fsf@vigenere.g10code.de> <5138A7C2.6060602@riseup.net> <87hakndsue.fsf@vigenere.g10code.de> Message-ID: <5138DA58.9030501@dougbarton.us> On 03/07/2013 09:26 AM, Werner Koch wrote: > On Thu, 7 Mar 2013 15:44, adrelanos at riseup.net said: >> What about having /etc/gnugpg.d/ where you can drop configuration files >> just you can drop them into /etc/apt/apt.conf.d/? > > In general I consider those configuration directories a bad idea. They > are nice at the first view because they make packaging easy but after > all they are unreadable. Sure, for some applications they make sense > (/etc/pam.d/) but definitely not for GnuPG. > > I also miss to understand how they would help to solve the OPs problem. It wouldn't at all, since my goal is to use the same gpg.conf for Windows and Linux (as I'm doing now). Doug From peter at digitalbrains.com Thu Mar 7 21:20:54 2013 From: peter at digitalbrains.com (Peter Lebbing) Date: Thu, 07 Mar 2013 21:20:54 +0100 Subject: OpenPGP card reset procedure In-Reply-To: <87li9ze2va.fsf@vigenere.g10code.de> References: <512E0373.1040503@dest-unreach.be> <87li9ze2va.fsf@vigenere.g10code.de> Message-ID: <5138F6A6.2090006@digitalbrains.com> On 07/03/13 14:49, Werner Koch wrote: > That is a bug in the card. Always pleasant when one bug takes care of the other :) Peter. PS: I'm not being serious, I just thought it was funny -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From robertkotz2007 at u.northwestern.edu Thu Mar 7 23:48:13 2013 From: robertkotz2007 at u.northwestern.edu (Robert Kotz) Date: Thu, 7 Mar 2013 14:48:13 -0800 Subject: gpg 2.0.19-r1 with libgcrypt 1.5.0-r2 -- Segmentation Fault Message-ID: Hi all, I hope this is the most appropriate place for this...please let me know if there's a better spot. Anyway, I'm getting a segfault whenever I try to use GPG to encrypt or decrypt any message. I have all my keys, public and private, imported from another system which works exactly as expected, and which should be more or less identical to the one that seems to be broken. I'm running Sabayon, a fresh install and fully updated, if that is useful information at all... Here's what happens: feign at mahakala ~ $ gpg --decrypt lebowski.asc You need a passphrase to unlock the secret key for user: "My Email" 1024-bit ELG key, ID 429C2EF5, created 2013-01-16 (main key ID 719D9903) gpg: Invalid passphrase; please try again ... You need a passphrase to unlock the secret key for user: "My Email" 1024-bit ELG key, ID 429C2EF5, created 2013-01-16 (main key ID 719D9903) gpg: encrypted with 1024-bit ELG key, ID 429C2EF5, created 2013-01-16 "My Email" gpg: signal Segmentation fault caught ... exiting Segmentation fault So yeah, it looks to be validating my passphrase correctly (I typed it incorrectly on purpose first just to check), but then it seg faults. On my other system, with the same keys and gpg version, I can run the same command and it works just fine. Thoughts? Any extra information I can provide? I'd really like to get this working, and I'm pretty baffled. Thanks! Rob -------------- next part -------------- An HTML attachment was scrubbed... URL: From dougb at dougbarton.us Fri Mar 8 07:22:11 2013 From: dougb at dougbarton.us (Doug Barton) Date: Thu, 07 Mar 2013 22:22:11 -0800 Subject: Possible to use GNUPGHOME as a variable inside gpg.conf? In-Reply-To: <87ppzbe38l.fsf@vigenere.g10code.de> References: <512CD838.8070502@dougbarton.us> <87ppzbe38l.fsf@vigenere.g10code.de> Message-ID: <51398393.1020902@dougbarton.us> On 03/07/2013 05:41 AM, Werner Koch wrote: > On Tue, 26 Feb 2013 16:43, dougb at dougbarton.us said: > >> keyserver-options >> ca-cert-file=$GNUPGHOME/ca.hkps.pool.sks-keyservers.net.cert > > I see that it can make sense to have such variables. However, we will > need to add a meta option to allow such variable substitution. Thus if > you want to do that you would need to use something like > > enable-var-subst > somepath $gnupghome/foo.bar > > We have something similar in gpg-connect-agent, where variables have > been added only later and thus over there you need to use /subst. > > The available variables would only be those known to GnuPG and not > arbitrary envvars. In particular those available with "gpgconf > --list-dirs". That would be awesome, can't wait to try it. :) Doug From jw72253 at verizon.net Sat Mar 9 02:26:03 2013 From: jw72253 at verizon.net (John A. Wallace) Date: Fri, 08 Mar 2013 19:26:03 -0600 Subject: placing trust in imported keys Message-ID: <000001ce1c65$1077e2d0$3167a870$@net> Where can I find an explanation of how to interpret these lines of output we saw while importing a key onto a person's keyring: gpg: key DED64EBB2BA87C5C: public key "OTR Dev Team " imported gpg: Total number processed: 1 gpg: imported: 1 gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 8 signed: 25 trust: 0-, 0q, 0n, 0m, 0f, 8u gpg: depth: 1 valid: 25 signed: 1 trust: 0-, 4q, 0n, 20m, 1f, 0u gpg: next trustdb check due at 2013-12-31 - Public keyring updated. - - Trust DB updated. - Time: 3/8/2013 5:58:34 PM (3/8/2013 11:58:34 PM UTC) -------------- next part -------------- An HTML attachment was scrubbed... URL: From wk at gnupg.org Sat Mar 9 09:37:47 2013 From: wk at gnupg.org (Werner Koch) Date: Sat, 09 Mar 2013 09:37:47 +0100 Subject: placing trust in imported keys In-Reply-To: <000001ce1c65$1077e2d0$3167a870$@net> (John A. Wallace's message of "Fri, 08 Mar 2013 19:26:03 -0600") References: <000001ce1c65$1077e2d0$3167a870$@net> Message-ID: <87mwud9des.fsf@vigenere.g10code.de> On Sat, 9 Mar 2013 02:26, jw72253 at verizon.net said: > gpg: Total number processed: 1 > gpg: imported: 1 That should be self-explaining. > gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model This is the configuration of the WoT; see the man page for options to change it. > gpg: depth: 0 valid: 8 signed: 25 trust: 0-, 0q, 0n, 0m, 0f, 8u > gpg: depth: 1 valid: 25 signed: 1 trust: 0-, 4q, 0n, 20m, 1f, 0u You would need to look at the source. However, if you known the WoT well, you should be able to figure out what this is. For example at depth 0, you see 8 ultimately trusted keys. At the next level you obviously find no ultimately trusted keys but 20 marginal trusted and 1 fully trusted key. You should consider this a debugging output. > gpg: next trustdb check due at 2013-12-31 The check run found that due to key or signature expiration a new trust check is due on that date. It is informational only, because that date is stored in the trustdb and a gpg --check-trustdb --batch before that date will conclude that this time it can be lazy and exit immediately. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From kgo at grant-olson.net Sun Mar 10 01:10:20 2013 From: kgo at grant-olson.net (Grant Olson) Date: Sat, 09 Mar 2013 19:10:20 -0500 Subject: Fix for smartcards on some newer linux distros Message-ID: <513BCF6C.6@grant-olson.net> I found a few threads going back at least a year where people where having trouble getting smartcards running with gpg2 on newer linux distros. Users would see this error when querying the card-status: gpg: selecting openpgp failed: Unsupported certificate gpg: OpenPGP card not available: Unsupported certificate I just ran into the error and spent a few days banging my head against the wall. But I got things working and thought I'd report here for the sake of the interwebz. ## Hack fix - disable gnome-keyring-daemon Just move gnome-keyring-daemon so it doesn't load: sudo mv /usr/bin/gnome-keyring-daemon /usr/bin/gnome-keyring-daemon.bak ## Better fix - enable-ssh-support After I had things running I setup gpg-agent to act as my ssh agent as well. Then I went to write a blog post and couldn't reproduce the problem to copy-and-past the output. Sure enough, after disabling ssh support in gpg-agent, the problem resurfaced. So that's a better fix that lets gnome-keyring-daemon run. I'm guessing that once you enable ssh support, gpg-agent grabs access to the smart card before the gnome-keyring-daemon. I wrote up a more detailed blog post here: http://www.rubygems-openpgp-ca.org/blog/using-openpgp-smartcard-on-ubuntu-12-10.html Hope this helps some other unfortunate souls. -Grant P.S. Wonder if we can get a better error message since this really has nothing to do with unsupported certificates. From wk at gnupg.org Mon Mar 11 09:26:11 2013 From: wk at gnupg.org (Werner Koch) Date: Mon, 11 Mar 2013 09:26:11 +0100 Subject: key length for smart card key generation In-Reply-To: <20130301131054.549f1098@zetkin.primekey.se> (Branko Majic's message of "Fri, 1 Mar 2013 13:10:54 +0100") References: <512FCD75.2070206@digitalbrains.com> <513064BA.7070206@dest-unreach.be> <20130301131054.549f1098@zetkin.primekey.se> Message-ID: <87y5du736k.fsf@vigenere.g10code.de> On Fri, 1 Mar 2013 13:10, branko at majic.rs said: > Now to see if there's any way of using the OpenPGP card through > PKCS#11 :) http://www.scute.org Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Mon Mar 11 09:29:38 2013 From: wk at gnupg.org (Werner Koch) Date: Mon, 11 Mar 2013 09:29:38 +0100 Subject: gpg 2.0.19-r1 with libgcrypt 1.5.0-r2 -- Segmentation Fault In-Reply-To: (Robert Kotz's message of "Thu, 7 Mar 2013 14:48:13 -0800") References: Message-ID: <87txoi730t.fsf@vigenere.g10code.de> On Thu, 7 Mar 2013 23:48, robertkotz2007 at u.northwestern.edu said: > less identical to the one that seems to be broken. I'm running Sabayon, a Sorry, I don't know Sabayon is and a version 1.5.0-r1 is not an original GnuPG version. Thus the problem may be grounded in your system or the pacthed version of GnuPG or one of its libraries. To help you, we need to know a bit more, like what CPU you use and a stack backtrace. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Mon Mar 11 09:35:48 2013 From: wk at gnupg.org (Werner Koch) Date: Mon, 11 Mar 2013 09:35:48 +0100 Subject: Fix for smartcards on some newer linux distros In-Reply-To: <513BCF6C.6@grant-olson.net> (Grant Olson's message of "Sat, 09 Mar 2013 19:10:20 -0500") References: <513BCF6C.6@grant-olson.net> Message-ID: <87ppz672qj.fsf@vigenere.g10code.de> On Sun, 10 Mar 2013 01:10, kgo at grant-olson.net said: > P.S. Wonder if we can get a better error message since this really > has nothing to do with unsupported certificates. Sorry, we can't do much here because gnome-keyring is hijacking the IPC between gpg and gpg-agent. The good news is that we have a tentative plan to allow gnome-keyring to drop its interference with gpg-agent. The main change we need to do is to perform a dummy pinentry call whenever we remove a passphrase from gpg-agent's cache. This way gnome-keyring can sync its own passphrase caching with the one done in gpg-agent. Thanks for writing about these problems. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From kgo at grant-olson.net Mon Mar 11 13:56:36 2013 From: kgo at grant-olson.net (Grant Olson) Date: Mon, 11 Mar 2013 08:56:36 -0400 Subject: Fix for smartcards on some newer linux distros In-Reply-To: <87ppz672qj.fsf@vigenere.g10code.de> References: <513BCF6C.6@grant-olson.net> <87ppz672qj.fsf@vigenere.g10code.de> Message-ID: <513DD484.1020201@grant-olson.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/11/2013 04:35 AM, Werner Koch wrote: > On Sun, 10 Mar 2013 01:10, kgo at grant-olson.net said: > >> P.S. Wonder if we can get a better error message since this >> really has nothing to do with unsupported certificates. > > Sorry, we can't do much here because gnome-keyring is hijacking the > IPC between gpg and gpg-agent. > Oh! That actually makes much more sense than what I was thinking. I thought it was taking over the reader device. - -- - - Grant http://www.rubygems-openpgp-ca.org/ Sign your gems. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iQEcBAEBAgAGBQJRPdR1AAoJEP5F5V2hilTWdEoH/0zk20vL/jgoSENX8vgE4bt9 +confsbZ39mH3g/lZPk3BcCCD4bZ+/96kJ8sR7YUfJMY2NAQ3A5WFhJ5QFyiWYnB dzBaAZ7urnAiVMMRsBES8OKc65PwOGjbMUIcQ6HsF7/30jBGzo6IDsDk4vMlkJQE i5sKl0R8/L4D67q6E1FxVpA1gOoNXrwIzCyckvScKQsRO0MuyXHhc9ok4sVF3jgQ aAjmG2DbwHff09h2e2ZuvgRrbhyrwSSoW+FhiLwKUh4oZbkaJ7cRsrT2InNMDdHn 1rrW/0jz8BQzMF58mpFafl3hVyQ/c7Zcn0UIXdFjXkxs1ZUjVQ3xmv514dZ2hwk= =DgP9 -----END PGP SIGNATURE----- From keith.dejarnet at gmail.com Wed Mar 13 17:09:08 2013 From: keith.dejarnet at gmail.com (Keith DeJarnet) Date: Wed, 13 Mar 2013 11:09:08 -0500 Subject: GNuPGP 4 Windows and SSIS Question Message-ID: I've been tasked with automating process that calls for decrypting a file. I'm using gpg4win with SSIS 2005 using and Execute Process Task. For my Executable I'm using C:\Windows\System32\cmd.exe and calling gpg in my Arguments section. I'm using the information found at http://www.glump.net/howto/gpg_intro which suggests using: type passphrase | gpg --passphrase-fd 0 OPTIONS COMMAND or echo PASSPHRASE| gpg --passphrase-fd 0 OPTIONS COMMAND So far I haven't had any success with either of these options. Has anyone successfully been able to use gpg4win with SSIS? If so could you post an example of the executable and arguments used? Thanks, Keith -------------- next part -------------- An HTML attachment was scrubbed... URL: From wow721 at yahoo.cn Thu Mar 14 04:33:04 2013 From: wow721 at yahoo.cn (Alex Wang) Date: Thu, 14 Mar 2013 11:33:04 +0800 (CST) Subject: How to share my private key with others? Message-ID: <1363231984.37462.YahooMailClassic@web92107.mail.cnh.yahoo.com> Hi there, ? I am using your software (Gpg4win, GPA) to encrypt and decrypt files. It really helps me a lot. However, I encounter a problem. I wanna share my private key with my team members so that they could decrypt files which are encrypted with my public key. Could you please let me know how to do that? Your prompt reply would be highly appreicated! Thanks a lot. ? Regards, ? Alex -------------- next part -------------- An HTML attachment was scrubbed... URL: From ikrabbe.ask at gmail.com Thu Mar 14 10:51:44 2013 From: ikrabbe.ask at gmail.com (ikrabbe.ask at gmail.com) Date: Thu, 14 Mar 2013 10:51:44 +0100 Subject: How to share my private key with others? In-Reply-To: <1363231984.37462.YahooMailClassic@web92107.mail.cnh.yahoo.com> Message-ID: Hey Alex, On Thu Mar 14 10:33:53 2013, wow721 at yahoo.cn wrote: > Hi there, > ? > I am using your software (Gpg4win, GPA) to encrypt and decrypt files. It really helps me a lot. However, I encounter a problem. I wanna share my private key with my team members so that they could decrypt files which are encrypted with my public key. Could you please let me know how to do that? Your prompt reply would be highly appreicated! Thanks a lot. > ? > Regards, > ? > Alex though its generally possible through a special command, I would have to check the manual first, that's not how gnupg or pgp in general is supposed to work. Actually your team members, of course should have Gpg4win or 4any other system, installed and have their own private keys, one for each member. Then you share your public key with the team members and encrypt the file with your private key. When you encrypt a file, you tell gnupg which recipient you want to encrypt this file for, means, for which public keys from your team members you want to encrypt the file for. Everyone who has any the right private key, that belongs to any of these recipients public keys, that are in your public keyring, can then decrypt the file again. This way you only share public keys, and never share private keys. Its a security breach actually to share private keys, but there are options to back-up your private keys, which again is a way to share it. Just better use pgp like its designed for. cheers, ingo From ingo.krabbe at eoa.de Thu Mar 14 10:44:28 2013 From: ingo.krabbe at eoa.de (ingo.krabbe at eoa.de) Date: Thu, 14 Mar 2013 10:44:28 +0100 Subject: How to share my private key with others? In-Reply-To: <1363231984.37462.YahooMailClassic@web92107.mail.cnh.yahoo.com> Message-ID: <00fb2161c2c76358948f103d4af88391@krabbe.dyndns.org> Hey Alex, On Thu Mar 14 10:33:53 2013, wow721 at yahoo.cn wrote: > Hi there, > ? > I am using your software (Gpg4win, GPA) to encrypt and decrypt files. It really helps me a lot. However, I encounter a problem. I wanna share my private key with my team members so that they could decrypt files which are encrypted with my public key. Could you please let me know how to do that? Your prompt reply would be highly appreicated! Thanks a lot. > ? > Regards, > ? > Alex though its generally possible through a special command, I would have to check the manual first, that's not how gnupg or pgp in general is supposed to work. Actually your team members, of course should have Gpg4win or 4any other system, installed and have their own private keys, one for each member. Then you share your public key with the team members and encrypt the file with your private key. When you encrypt a file, you tell gnupg which recipient you want to encrypt this file for, means, for which public keys from your team members you want to encrypt the file for. Everyone who has any the right private key, that belongs to any of these recipients public keys, that are in your public keyring, can then decrypt the file again. This way you only share public keys, and never share private keys. Its a security breach actually to share private keys, but there are options to back-up your private keys, which again is a way to share it. Just better use pgp like its designed for. cheers, ingo From jonm at knowclassic.com Fri Mar 15 15:56:51 2013 From: jonm at knowclassic.com (Jon Molesa) Date: Fri, 15 Mar 2013 10:56:51 -0400 Subject: Enterprise Key Management? Message-ID: Does anyone have a recommended best practice and accompanying tool for enterprise key management? I'm looking for: - Centralized key management - Master (Company Owned) signing key - Sub-keys issued to employees - Best way to handle revocations - Integration with LDAP/AD if possible - Integration with desktop email clients - Integration with desktop gnupg implementations (Windows, Mac, Linux) I realize this is rather broad, but if anyone has pointers or notes they would be willing to share, I would really appreciate it. I came across this http://www.egpg.org/, though it no longer looks active or maintained. -- Jon Molesa jonm at knowclassic.com From abel at guardianproject.info Sat Mar 16 12:36:59 2013 From: abel at guardianproject.info (Abel Luck) Date: Sat, 16 Mar 2013 11:36:59 +0000 Subject: Enterprise Key Management? In-Reply-To: References: Message-ID: <5144595B.9030903@guardianproject.info> Jon Molesa: > Does anyone have a recommended best practice and accompanying tool for > enterprise key management? > > I'm looking for: > - Centralized key management > - Master (Company Owned) signing key > - Sub-keys issued to employees > - Best way to handle revocations > - Integration with LDAP/AD if possible > - Integration with desktop email clients > - Integration with desktop gnupg implementations (Windows, Mac, Linux) > > I realize this is rather broad, but if anyone has pointers or notes > they would be willing to share, I would really appreciate it. > > I came across this http://www.egpg.org/, though it no longer looks > active or maintained. > This seems like a better application of S/MIME as it, by design, is centralized in the manner you describe. ~abel From abel at guardianproject.info Sat Mar 16 17:19:04 2013 From: abel at guardianproject.info (Abel Luck) Date: Sat, 16 Mar 2013 16:19:04 +0000 Subject: Enterprise Key Management? In-Reply-To: References: <5144595B.9030903@guardianproject.info> Message-ID: <51449B78.90300@guardianproject.info> Jon Molesa: > I agree. In that case, how exactly would one come about a CA certificate > that isn't self-signed and thus trusted by those we wish to communicate > with? > Buy one of course. > Jon Molesa > On Mar 16, 2013 7:36 AM, "Abel Luck" wrote: > >> Jon Molesa: >>> Does anyone have a recommended best practice and accompanying tool for >>> enterprise key management? >>> >>> I'm looking for: >>> - Centralized key management >>> - Master (Company Owned) signing key >>> - Sub-keys issued to employees >>> - Best way to handle revocations >>> - Integration with LDAP/AD if possible >>> - Integration with desktop email clients >>> - Integration with desktop gnupg implementations (Windows, Mac, Linux) >>> >>> I realize this is rather broad, but if anyone has pointers or notes >>> they would be willing to share, I would really appreciate it. >>> >>> I came across this http://www.egpg.org/, though it no longer looks >>> active or maintained. >>> >> >> This seems like a better application of S/MIME as it, by design, is >> centralized in the manner you describe. >> >> ~abel >> >> >> _______________________________________________ >> Gnupg-users mailing list >> Gnupg-users at gnupg.org >> http://lists.gnupg.org/mailman/listinfo/gnupg-users >> > From dougb at dougbarton.us Sat Mar 16 23:03:45 2013 From: dougb at dougbarton.us (Doug Barton) Date: Sat, 16 Mar 2013 15:03:45 -0700 Subject: Enterprise Key Management? In-Reply-To: <51449B78.90300@guardianproject.info> References: <5144595B.9030903@guardianproject.info> <51449B78.90300@guardianproject.info> Message-ID: <5144EC41.5090201@dougbarton.us> On 03/16/2013 09:19 AM, Abel Luck wrote: > Jon Molesa: >> >I agree. In that case, how exactly would one come about a CA certificate >> >that isn't self-signed and thus trusted by those we wish to communicate >> >with? >> > > > Buy one of course. Or use https://www.startssl.com/, or one of the other free vendors. From wk at gnupg.org Mon Mar 18 10:14:08 2013 From: wk at gnupg.org (Werner Koch) Date: Mon, 18 Mar 2013 10:14:08 +0100 Subject: Enterprise Key Management? In-Reply-To: <5144595B.9030903@guardianproject.info> (Abel Luck's message of "Sat, 16 Mar 2013 11:36:59 +0000") References: <5144595B.9030903@guardianproject.info> Message-ID: <87a9q19ijj.fsf@vigenere.g10code.de> On Sat, 16 Mar 2013 12:36, abel at guardianproject.info said: > This seems like a better application of S/MIME as it, by design, is > centralized in the manner you describe. Hwever, with S/MIME you can _only_ do a centralized key management. OpenPGP allows to implement an arbitrary key management policy. The OP mentioned signing subkeys. This could for example be used to allow several employees to sign data using the same key and the recipient will notice a valid signature with a published fingerprint from the company. A closer inspection would reveal which subkey has been used for signing and this can be used for internal audit processes (similar to the QA labels with an employer number on all kind of products). Revocation of a certain subkey would also be pretty easy. I assume this would easily scale to new dozen subkeys. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From nicholas.cole at gmail.com Mon Mar 18 11:24:32 2013 From: nicholas.cole at gmail.com (Nicholas Cole) Date: Mon, 18 Mar 2013 10:24:32 +0000 Subject: Enterprise Key Management? In-Reply-To: <87a9q19ijj.fsf@vigenere.g10code.de> References: <5144595B.9030903@guardianproject.info> <87a9q19ijj.fsf@vigenere.g10code.de> Message-ID: On Mon, Mar 18, 2013 at 9:14 AM, Werner Koch wrote: > On Sat, 16 Mar 2013 12:36, abel at guardianproject.info said: > > > This seems like a better application of S/MIME as it, by design, is > > centralized in the manner you describe. > > Hwever, with S/MIME you can _only_ do a centralized key management. > OpenPGP allows to implement an arbitrary key management policy. > > The OP mentioned signing subkeys. This could for example be used to > allow several employees to sign data using the same key and the > recipient will notice a valid signature with a published fingerprint > from the company. A closer inspection would reveal which subkey has > been used for signing and this can be used for internal audit processes > (similar to the QA labels with an employer number on all kind of > products). Revocation of a certain subkey would also be pretty easy. I > assume this would easily scale to new dozen subkeys. > It's clever. Given careful management / dissemination it would allow a group to share an encryption key but have separate signing key. I don't know if any software exists that operates in this way. I do wonder if what the poster really meant, however, is not "subkeys" per se but Trust-Signature certified keys. I guess what is needed for most enterprise use is a system where the company generates employee's keys and keeps a copy of them. N. -------------- next part -------------- An HTML attachment was scrubbed... URL: From wk at gnupg.org Mon Mar 18 17:13:55 2013 From: wk at gnupg.org (Werner Koch) Date: Mon, 18 Mar 2013 17:13:55 +0100 Subject: [Announce] Libgcrypt 1.5.1 released Message-ID: <87zjy08z3w.fsf@vigenere.g10code.de> Hello! The GNU project is pleased to announce the availability of Libgcrypt version 1.5.1. This is a maintenance release for the stable branch. Libgcrypt is a general purpose library of cryptographic building blocks. It is originally based on code used by GnuPG. It does not provide any implementation of OpenPGP or other protocols. Thorough understanding of applied cryptography is required to use Libgcrypt. Noteworthy changes in version 1.5.1: * Allow empty passphrase with PBKDF2. * Do not abort on an invalid algorithm number in gcry_cipher_get_algo_keylen and gcry_cipher_get_algo_blklen. * Fixed some Valgrind warnings. * Fixed a problem with select and high fd numbers. * Improved the build system * Various minor bug fixes. * Interface changes relative to the 1.5.0 release: GCRYCTL_SET_ENFORCED_FIPS_FLAG NEW. GCRYPT_VERSION_NUMBER NEW. Source code is hosted at the GnuPG FTP server and its mirrors as listed at http://www.gnupg.org/download/mirrors.html . On the primary server the source file and its digital signature is: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.1.tar.bz2 (1468k) ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.1.tar.bz2.sig This file is bzip2 compressed. A gzip compressed version is also available: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.1.tar.gz (1741k) ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.1.tar.gz.sig Alternativley you may upgrade version 1.5.0 using this patch file: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.0-1.5.1.diff.bz2 (255k) The SHA-1 checksums are: 8b60a26b7eae1a727d58932d6b1efeb5716648ed libgcrypt-1.5.1.tar.bz2 f1ab9ce6ac8c7370d455c77c96b36bf18e2d9c95 libgcrypt-1.5.1.tar.gz e1b2f59a8771e8a0358dbd9a8eaa3250015cf49e libgcrypt-1.5.0-1.5.1.diff.bz2 For help on developing with Libgcrypt you should read the included manual and optional ask on the gcrypt-devel mailing list [1]. A listing with commercial support offers for Libgcrypt and related software is available at the GnuPG web site [2]. The driving force behind the development of Libgcrypt is my company g10 Code. Maintenance and improvement of Libgcrypt and related software takes up most of our resources. To allow us to continue our work on free software, we ask to either purchase a support contract, engage us for custom enhancements, or to donate money: http://g10code.com/gnupg-donation.html Many thanks to all who contributed to Libgcrypt development, be it bug fixes, code, documentation, testing or helping users. Happy hacking, Werner [1] See http://www.gnupg.org/documentation/mailing-lists.html . [2] See http://www.gnupg.org/service.html -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 204 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From steptan at gmail.com Sun Mar 17 22:59:51 2013 From: steptan at gmail.com (stephen) Date: Sun, 17 Mar 2013 15:59:51 -0600 Subject: command-line gpg not working Message-ID: First, let me say that /bin/pinentry and /usr/bin/pinentry Both exist and both seem to work. When I run from the command line gpg2 --gen-key Everything goes fine until the passphrase step, where the program skips ahead and errors: ... Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O You need a Passphrase to protect your secret key. gpg: problem with the agent: No pinentry gpg: Key generation canceled. This process launches gpg-agent --daemon on its own. So I tried killing that: gpg-agent --daemon --use-standard-socket launching my own: gpg-agent --daemon --pinentry-program=/bin/pinentry But the behavior is the same. OS: linux, Fedora 18 # gpg2 --version gpg (GnuPG) 2.0.19 libgcrypt 1.5.0 # gpg-agent --version gpg-agent (GnuPG) 2.0.19 libgcrypt 1.5.0 Thanks, -stephen -------------- next part -------------- An HTML attachment was scrubbed... URL: From imre.bertalan at nbf.hu Mon Mar 18 15:29:58 2013 From: imre.bertalan at nbf.hu (Bertalan Imre) Date: Mon, 18 Mar 2013 15:29:58 +0100 Subject: Problem with default-cache-ttl Message-ID: <514724E6.8080905@nbf.hu> Hello out there, I have an issue with GnuPG and Thunderbirds enigmail. The encrypting and decrypting works fine, the problem is that the Thunderbird asks for the PGP Passphrase every time when an encrypted email arrives. I've tried to set it up inside Thunderbird (not worked) and with gpg-agent.exe with the default-cache-ttl option. (didn't work either) I would like to ask what other method is there to set the system to remember the passphrase for example 2 hours. Thank you in advance! Best Regards: Imre Bertalan From outer at sympatico.ca Tue Mar 19 00:08:21 2013 From: outer at sympatico.ca (Richard Outerbridge) Date: Mon, 18 Mar 2013 19:08:21 -0400 Subject: [Announce] Libgcrypt 1.5.1 released In-Reply-To: <87zjy08z3w.fsf@vigenere.g10code.de> References: <87zjy08z3w.fsf@vigenere.g10code.de> Message-ID: Herr Koch: No problems here: Mountain Lion OS X 10.8.3 (12D78), Xcode v4.6.1. Some guidance on how to set up the HMAC256 self-checking correctly might be of assistance. hmac256 is built and installed, but it doesn't seem to be invoked in order to generate the required files. __outer On 2013-03-18 (77), at 12:13:55, Werner Koch wrote: > ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.1.tar.bz2 From chaljan at gmail.com Tue Mar 19 11:57:53 2013 From: chaljan at gmail.com (Jan Chaloupecky) Date: Tue, 19 Mar 2013 11:57:53 +0100 Subject: GPG2 and IDEA Message-ID: Hi, the short question is how do I enable the IDEA support in GPG2. I tried following this article: http://www.kfwebs.net/articles/article/42/GnuPG-2.0---IDEA-support but even the patching of the libcrypt source files does not work. Here's what I did: > wget ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.2.4.tar.bz2 > tar jxvf libgcrypt-1.2.4.tar.bz2 > wget http://www.kfwebs.com/libgcrypt-1.2.4-idea.diff.bz2 > bunzip2 libgcrypt-1.2.4-idea.diff.bz2 > patch --dry-run < libgcrypt-1.2.4-idea.diff The patch command gives me a lot of FAILED messages: > patching file cipher.c > Hunk #1 FAILED at 72. > 1 out of 1 hunk FAILED -- saving rejects to file cipher.c.rej > patching file idea.c > patching file Makefile.am > Hunk #1 FAILED at 63. > 1 out of 1 hunk FAILED -- saving rejects to file Makefile.am.rej > patching file configure.ac > Hunk #1 FAILED at 110. > Hunk #2 FAILED at 715. > 2 out of 2 hunks FAILED -- saving rejects to file configure.ac.rej > patching file cipher.h > Hunk #1 FAILED at 58. > 1 out of 1 hunk FAILED -- saving rejects to file cipher.h.rej > patching file basic.c > Hunk #1 FAILED at 542. > 1 out of 1 hunk FAILED -- saving rejects to file basic.c.rej what am I doing wrong? cheers -- Jan -------------- next part -------------- An HTML attachment was scrubbed... URL: From wk at gnupg.org Tue Mar 19 16:48:28 2013 From: wk at gnupg.org (Werner Koch) Date: Tue, 19 Mar 2013 16:48:28 +0100 Subject: GPG2 and IDEA In-Reply-To: (Jan Chaloupecky's message of "Tue, 19 Mar 2013 11:57:53 +0100") References: Message-ID: <87y5dj75mb.fsf@vigenere.g10code.de> On Tue, 19 Mar 2013 11:57, chaljan at gmail.com said: >> wget ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.2.4.tar.bz2 That is a pretty old version. You should move to a decent one; at least 1.4.x or better the latest 1.5.1. There is no IDEA support there, regular support is only available in the forthcoming 1.6 (you might be able to backport from master to 1.5.1) Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From chaljan at gmail.com Tue Mar 19 16:56:04 2013 From: chaljan at gmail.com (Jan Chaloupecky) Date: Tue, 19 Mar 2013 16:56:04 +0100 Subject: GPG2 and IDEA In-Reply-To: <87y5dj75mb.fsf@vigenere.g10code.de> References: <87y5dj75mb.fsf@vigenere.g10code.de> Message-ID: I actually managed to compile just the module and load it dynamically in gpg: > wget ftp://ftp.uwsg.indiana.edu/linux/gentoo/distfiles/idea.c.gz > gcc -Wall -O2 -shared -fPIC -o idea idea.c > cp idea /usr/lib/gnupg/ > echo -e "\nload-extension idea" >> ~/.gnupg/gpg.conf > gpg --version >... >Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, > CAMELLIA192, CAMELLIA256 >... cheers On Tue, Mar 19, 2013 at 4:48 PM, Werner Koch wrote: > On Tue, 19 Mar 2013 11:57, chaljan at gmail.com said: > > >> wget ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.2.4.tar.bz2 > > That is a pretty old version. You should move to a decent one; at least > 1.4.x or better the latest 1.5.1. > > There is no IDEA support there, regular support is only available in the > forthcoming 1.6 (you might be able to backport from master to 1.5.1) > > > Salam-Shalom, > > Werner > > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > > -- Jan -------------- next part -------------- An HTML attachment was scrubbed... URL: From wk at gnupg.org Tue Mar 19 16:52:03 2013 From: wk at gnupg.org (Werner Koch) Date: Tue, 19 Mar 2013 16:52:03 +0100 Subject: [Announce] Libgcrypt 1.5.1 released In-Reply-To: (Richard Outerbridge's message of "Mon, 18 Mar 2013 19:08:21 -0400") References: <87zjy08z3w.fsf@vigenere.g10code.de> Message-ID: <87sj3r75gc.fsf@vigenere.g10code.de> On Tue, 19 Mar 2013 00:08, outer at sympatico.ca said: > Some guidance on how to set up the HMAC256 self-checking correctly > might be of assistance. hmac256 is built and installed, but it This is only used for FIPS validation, which has only be done for Linux based systems. If you want to play with it, the comment at the end of src/Makfile.am may be of help. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Tue Mar 19 23:59:51 2013 From: wk at gnupg.org (Werner Koch) Date: Tue, 19 Mar 2013 23:59:51 +0100 Subject: GPG2 and IDEA In-Reply-To: (Jan Chaloupecky's message of "Tue, 19 Mar 2013 16:56:04 +0100") References: <87y5dj75mb.fsf@vigenere.g10code.de> Message-ID: <8738vryp08.fsf@vigenere.g10code.de> On Tue, 19 Mar 2013 16:56, chaljan at gmail.com said: > I actually managed to compile just the module and load it dynamically in > gpg: I doubt that. Looking at the 2.0 branch I see this in gpg.c: case oLoadExtension: /* Dummy so that gpg 1.4 conf files can work. Should eventually be removed. */ break; Sure that you are not using 1.4? In this case 1.4.13 already includes idea support. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From chaljan at gmail.com Wed Mar 20 00:05:24 2013 From: chaljan at gmail.com (Jan Chaloupecky) Date: Wed, 20 Mar 2013 00:05:24 +0100 Subject: GPG2 and IDEA In-Reply-To: <8738vryp08.fsf@vigenere.g10code.de> References: <87y5dj75mb.fsf@vigenere.g10code.de> <8738vryp08.fsf@vigenere.g10code.de> Message-ID: Sorry, I meant that I was able to run it in gpg 1.4 not 2 this is ok for me. -- Jan On Tuesday, March 19, 2013 at 11:59 PM, Werner Koch wrote: > On Tue, 19 Mar 2013 16:56, chaljan at gmail.com (mailto:chaljan at gmail.com) said: > > I actually managed to compile just the module and load it dynamically in > > gpg: > > > > > I doubt that. Looking at the 2.0 branch I see this in gpg.c: > > case oLoadExtension: > /* Dummy so that gpg 1.4 conf files can work. Should > eventually be removed. */ > break; > > Sure that you are not using 1.4? In this case 1.4.13 already includes > idea support. > > > Shalom-Salam, > > Werner > > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jaimefdez86 at gmail.com Wed Mar 20 11:19:32 2013 From: jaimefdez86 at gmail.com (=?ISO-8859-1?Q?Jaime_Fern=E1ndez?=) Date: Wed, 20 Mar 2013 11:19:32 +0100 Subject: GET_HIDDEN deprecated in gpgv2 Message-ID: Hi! I've been testing gpg in batch mode and I realized that I can change the password using this line in gpgv1: $ gpg --status-fd 1 --command-fd 0 --edit-key KEYID Y save Y And the output show something like this: [GNUPG:] GET_HIDDEN passphrase.enter [GNUPG:] GOT_IT But this doesn't work in gpgv2. Is there any reason? Thanks you in advance! -------------- next part -------------- An HTML attachment was scrubbed... URL: From peter at digitalbrains.com Wed Mar 20 12:53:03 2013 From: peter at digitalbrains.com (Peter Lebbing) Date: Wed, 20 Mar 2013 12:53:03 +0100 Subject: GPG2 and IDEA In-Reply-To: References: <87y5dj75mb.fsf@vigenere.g10code.de> <8738vryp08.fsf@vigenere.g10code.de> Message-ID: <5149A31F.1010100@digitalbrains.com> > Sorry, I meant that I was able to run it in gpg 1.4 not 2 > this is ok for me. In that case you can just use the latest 1.4.13, as Werner indicated. It comes with IDEA support by default because the patent has expired worldwide now. No need to compile a separate module. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From wk at gnupg.org Wed Mar 20 15:29:21 2013 From: wk at gnupg.org (Werner Koch) Date: Wed, 20 Mar 2013 15:29:21 +0100 Subject: GET_HIDDEN deprecated in gpgv2 In-Reply-To: ("Jaime =?utf-8?Q?Fern=C3=A1ndez=22's?= message of "Wed, 20 Mar 2013 11:19:32 +0100") References: Message-ID: <877gl2xhz2.fsf@vigenere.g10code.de> On Wed, 20 Mar 2013 11:19, jaimefdez86 at gmail.com said: > But this doesn't work in gpgv2. Is there any reason? Thanks you in advance! I assume you mean gpg version 2 and not the gpgv2 tool. GnuPG-2 (commonly installed as gpg2) uses the agent and its Pinentry to handle passphrases. Thus there is no direct way to change the passphrase in the way you did it. In any case, the code you use is pretty fragile because it does not follow the rules for using --command-fd. See the GPA project on how to correctly use it. BTW, for about 3 year gpg2 support the command --passwd which makes changing the passphrase much easier. If you really want to use --command-fd style interaction for any secret key stuff, you need to wait for the next beta of 2.1 which has a new feature to loopback the pinentry requests to gpg2 . See the git master for details. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From jaimefdez86 at gmail.com Thu Mar 21 10:22:36 2013 From: jaimefdez86 at gmail.com (=?ISO-8859-1?Q?Jaime_Fern=E1ndez?=) Date: Thu, 21 Mar 2013 10:22:36 +0100 Subject: GET_HIDDEN deprecated in gpgv2 In-Reply-To: <877gl2xhz2.fsf@vigenere.g10code.de> References: <877gl2xhz2.fsf@vigenere.g10code.de> Message-ID: Thanks for the quick answer! >In any case, the code you use is >pretty fragile because it does not follow the rules for using >--command-fd. See the GPA project on how to correctly use it. I don't understand, I thought that GPA used GPGME not command line, so I dont know how I should use command-fd. I want to avoid the use of pinentry or any other external graphical tool. Thnanks! 2013/3/20 Werner Koch > On Wed, 20 Mar 2013 11:19, jaimefdez86 at gmail.com said: > > > But this doesn't work in gpgv2. Is there any reason? Thanks you in > advance! > > I assume you mean gpg version 2 and not the gpgv2 tool. > > GnuPG-2 (commonly installed as gpg2) uses the agent and its Pinentry to > handle passphrases. Thus there is no direct way to change the > passphrase in the way you did it. In any case, the code you use is > pretty fragile because it does not follow the rules for using > --command-fd. See the GPA project on how to correctly use it. > > BTW, for about 3 year gpg2 support the command --passwd which makes > changing the passphrase much easier. > > If you really want to use --command-fd style interaction for any secret > key stuff, you need to wait for the next beta of 2.1 which has a new > feature to loopback the pinentry requests to gpg2 . See the git master > for details. > > > Salam-Shalom, > > Werner > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From wk at gnupg.org Thu Mar 21 16:03:32 2013 From: wk at gnupg.org (Werner Koch) Date: Thu, 21 Mar 2013 16:03:32 +0100 Subject: GET_HIDDEN deprecated in gpgv2 In-Reply-To: ("Jaime =?utf-8?Q?Fern=C3=A1ndez=22's?= message of "Thu, 21 Mar 2013 10:22:36 +0100") References: <877gl2xhz2.fsf@vigenere.g10code.de> Message-ID: <878v5gvlq3.fsf@vigenere.g10code.de> On Thu, 21 Mar 2013 10:22, jaimefdez86 at gmail.com said: > I don't understand, I thought that GPA used GPGME not command line, so I > dont know how I should use command-fd. I want to avoid the use of pinentry > or any other external graphical tool. It is not about the command line but by complying to the protocol required by command-fd/status-fd. The common way to implement this protocol is to emply a finite state machine. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From ileana at fairieunderground.info Sat Mar 23 04:16:24 2013 From: ileana at fairieunderground.info (Ileana) Date: Fri, 22 Mar 2013 22:16:24 -0500 Subject: dh key exchange via ascii email? Message-ID: <20130322221624.6708131e@hpsetup> Hello, I am curious if there is a built-in or optional way to do a diffie-hellman key exchange over PGP encrypted email. Such that subsequent emails could be forward secret? Is there some program already out there that each party can use to generate ascii cut and paste primes and factors? It seems like it would be a simple program to write. Is there any plans to encorporate such functionality in to GNUPG? Thanks, Ileana From peter at digitalbrains.com Sat Mar 23 11:24:17 2013 From: peter at digitalbrains.com (Peter Lebbing) Date: Sat, 23 Mar 2013 11:24:17 +0100 Subject: dh key exchange via ascii email? In-Reply-To: <20130322221624.6708131e@hpsetup> References: <20130322221624.6708131e@hpsetup> Message-ID: <514D82D1.9010707@digitalbrains.com> On 23/03/13 04:16, Ileana wrote: > I am curious if there is a built-in or optional way to do a > diffie-hellman key exchange over PGP encrypted email. Such that > subsequent emails could be forward secret? I find it a really funny idea, in a positive way. "Hey, I've never thought about it that way!". But it also sounds cumbersome. The e-mail clients will need to retain a shared secret. If you regularly use multiple computers, you need to distribute that secret, and it should probably be encrypted itself (protected by a passphrase) depending on your scenario. So the really obvious question is: what's wrong with the hybrid crypto offered by OpenPGP? Why not just use public keys? Peter. PS: Regarding "a simple program to write"; implementing crypto yourself is never simple. The devil is in the details. Unless you implement an e-mail carrier for the TLS packets to exchange and use OpenSSL or GnuTLS, I /think/ your implementation comes close enough to cryptographic primitives to warrant the credo "never implement crypto on your own". -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From ileana at fairieunderground.info Sat Mar 23 20:14:49 2013 From: ileana at fairieunderground.info (Ileana) Date: Sat, 23 Mar 2013 14:14:49 -0500 Subject: dh key exchange via ascii email? In-Reply-To: <514D82D1.9010707@digitalbrains.com> References: <20130322221624.6708131e@hpsetup> <514D82D1.9010707@digitalbrains.com> Message-ID: <20130323141449.275ffd18@hpsetup> Peter, The basic idea is: 1. Assume 2 parties both have each others public keys and the keys are trusted/verified. 2. Bob sends alice a email message (signed/encrypted w PGP, though uncessesary) with a suggested g, and g^b. 3. Alice receives and decrypts, and if she accepts, she sends bob g^a. 5. PGP is used from here one to send symmetric messages using g^(ab) 6. Bob or alice asks for a new g. 7. The old key is deleted/wiped, and a new exchange started. 8. Forward secrecy is obtained through multiple sessions. It is assumed in this case you do not want to "save" or be able to retrieve old emails. The primes and exponents could be sent in base-64 messages similar to PGP public key blocks. If nothing else, either party cut and pastes the values into a separate simple gui that just generates a and b from dev/random (or uses gcrypt functions) calculates g^ab, and back and forth from b-64. A simple library could be written in a few c files (or any language with interface to gcrypt I guess). Once a key is selected, it could be used directly by gnupg for symmetric encryption. This is just an idea I had. If using gcrypt or something else, you are not really doing crypto primitives, and this seems at its simplest, a simple case. The issue (of course numerously stated everywhere) is that the weakest believed link in pk is keeping your secret key secure. Technically speaking, that is a limit approaching, but never reaching, infinity. However keeping symmetric keys secure for short periods of time could only be easier. It also would allow you to use a separate encryption key for different recipients, giving further forward secrecy as multiple conversations progress. Just an idea, which of course to some extent would be annoying with all the emails back and forth. However possibly less annoying the generating new PGP keys and sending those back and forth (with over head of having to sign each new key, and managing multiple throwaway pgp keys between multiple recipients.) Ileana On Sat, 23 Mar 2013 11:24:17 +0100 Peter Lebbing wrote: > > I find it a really funny idea, in a positive way. "Hey, I've never > thought about it that way!". But it also sounds cumbersome. The > e-mail clients will need to retain a shared secret. If you regularly > use multiple computers, you need to distribute that secret, and it > should probably be encrypted itself (protected by a passphrase) > depending on your scenario. > > So the really obvious question is: what's wrong with the hybrid > crypto offered by OpenPGP? Why not just use public keys? > > Peter. > > PS: Regarding "a simple program to write"; implementing crypto > yourself is never simple. The devil is in the details. Unless you > implement an e-mail carrier for the TLS packets to exchange and use > OpenSSL or GnuTLS, I /think/ your implementation comes close enough > to cryptographic primitives to warrant the credo "never implement > crypto on your own". > From peter at digitalbrains.com Sat Mar 23 20:30:23 2013 From: peter at digitalbrains.com (Peter Lebbing) Date: Sat, 23 Mar 2013 20:30:23 +0100 Subject: dh key exchange via ascii email? In-Reply-To: <20130323141449.275ffd18@hpsetup> References: <20130322221624.6708131e@hpsetup> <514D82D1.9010707@digitalbrains.com> <20130323141449.275ffd18@hpsetup> Message-ID: <514E02CF.8070902@digitalbrains.com> I hadn't quite picked up on the "forward secrecy" bit in your original mail. On 23/03/13 20:14, Ileana wrote: > However possibly less annoying the generating new PGP keys and sending those > back and forth (with over head of having to sign each new key Using subkeys, you can skip the signing. Just create throwaway encryption subkeys but don't change the primary key that receives the certifications. > and managing multiple throwaway pgp keys between multiple recipients.) I don't see any principal difference with the overhead of maintaining multiple ephemeral symmetric keys between multiple recipients. Asymmetric keys are more expensive to create computationally, but I think your computer will be able to cope. And all you'd need to do is create a few wrappers around GnuPG that force usage of the desired subkey (a bang will do that: -r 0xDEADBEEF! forces usage of that particular subkey. You might need to quote the exclamation mark for your shell). If you were designing a whole new system, the DH exchange makes a lot of sense. But I think you could easily get comparable functionality by using subkeys a bit creatively, with OpenPGP. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From dougb at dougbarton.us Sat Mar 23 20:38:09 2013 From: dougb at dougbarton.us (Doug Barton) Date: Sat, 23 Mar 2013 12:38:09 -0700 Subject: dh key exchange via ascii email? In-Reply-To: <20130322221624.6708131e@hpsetup> References: <20130322221624.6708131e@hpsetup> Message-ID: <514E04A1.4060307@dougbarton.us> On 03/22/2013 08:16 PM, Ileana wrote: > Hello, > > I am curious if there is a built-in or optional way to do a > diffie-hellman key exchange over PGP encrypted email. Such that > subsequent emails could be forward secret? > > Is there some program already out there that each party can use to > generate ascii cut and paste primes and factors? It seems like it > would be a simple program to write. What you want sounds similar to OTR: http://www.cypherpunks.ca/otr/ From ileana at fairieunderground.info Sat Mar 23 20:52:32 2013 From: ileana at fairieunderground.info (Ileana) Date: Sat, 23 Mar 2013 14:52:32 -0500 Subject: dh key exchange via ascii email? In-Reply-To: <514E02CF.8070902@digitalbrains.com> References: <20130322221624.6708131e@hpsetup> <514D82D1.9010707@digitalbrains.com> <20130323141449.275ffd18@hpsetup> <514E02CF.8070902@digitalbrains.com> Message-ID: <20130323145232.478a8cf7@hpsetup> > I hadn't quite picked up on the "forward secrecy" bit in your > original mail. > > > Using subkeys, you can skip the signing. Just create throwaway > encryption subkeys but don't change the primary key that receives the > certifications. OK, I kind of thought of that, and I the usability overhead of creating a subkey, emailing the new public key, and having the recip do the same. Thanks for the tip on using the !. > > I don't see any principal difference with the overhead of maintaining > multiple ephemeral symmetric keys between multiple recipients. > Asymmetric keys are more expensive to create computationally, but I > think your computer will be able to cope. And all you'd need to do is > create a few wrappers around GnuPG that force usage of the desired > subkey (a bang will do that: -r 0xDEADBEEF! forces usage of that > particular subkey. You might need to quote the exclamation mark for > your shell). I wasn't referring to the computation, but the ease of use. If I am emailing 4 recipients using symettric encryption, there is more forward secrecy to be gained versus retrieval of 1 key if all conversations are uing a different key, particularly if 1 conversation lasts 1 day, and the others go on for months. So you use a seperate key for each conversation. In this case, I would create 4 subkeys, and my recipients would each create 1. I believe you are right that this is essentially the same amount of work from a usability perspective then my DH idea. However, bring in keyservers and smart cards into the equation, and this constant subkey creation and deletion may end up being more of a pain. Additionaly, the subkey is linked to your key. Imagine the scenario where Alice and bob email each other back and forth and create a key via dh. The value of that key is never sent over email. So an adversary that intercepts those emails and gains a PGP key, can not necessarily link that conversation, with, for instance, a symettrically encrypted PGP exchange that begins to appear in some forum. Would the same "anonymity" be achieved by using throwaway subkeys and -R hidden recipients, as you suggest? It would appear you are right, that that approach would work also. Ileana > > HTH, > > Peter. > From ileana at fairieunderground.info Sat Mar 23 20:57:17 2013 From: ileana at fairieunderground.info (Ileana) Date: Sat, 23 Mar 2013 14:57:17 -0500 Subject: dh key exchange via ascii email? In-Reply-To: <514E04A1.4060307@dougbarton.us> References: <20130322221624.6708131e@hpsetup> <514E04A1.4060307@dougbarton.us> Message-ID: <20130323145717.02893043@hpsetup> > > What you want sounds similar to OTR: > > http://www.cypherpunks.ca/otr/ That's actually where I got the idea. OTR is for chat though, not email. I would be interesting to at least see enigmail for instance start to support symmetric encryption emails. Thanks From adrelanos at riseup.net Sat Mar 23 21:29:39 2013 From: adrelanos at riseup.net (adrelanos) Date: Sat, 23 Mar 2013 20:29:39 +0000 Subject: dh key exchange via ascii email? In-Reply-To: <20130322221624.6708131e@hpsetup> References: <20130322221624.6708131e@hpsetup> Message-ID: <514E10B3.1070101@riseup.net> Ileana: > Hello, > > I am curious if there is a built-in or optional way to do a > diffie-hellman key exchange over PGP encrypted email. Such that > subsequent emails could be forward secret? > > Is there some program already out there that each party can use to > generate ascii cut and paste primes and factors? It seems like it > would be a simple program to write. > > Is there any plans to encorporate such functionality in to GNUPG? > > Thanks, > > Ileana I find that interesting. It's sad, that gnupg doesn't have forward secrecy. Have you found this already? forward secrecy Forward Secrecy Extensions for OpenPGP, Brown, Back, Laurie (how to add forward-secrecy to OpenPGP -- forward-secrecy makes it harder for someone to obtain your private key -- because the private keys are deleted as soon as practical after use). http://www.cypherspace.org/openpgp/pfs/openpgp-pfs.txt It would be interesting to know what the state of that is and awesome if you push that idea forward. And alternatively, if adding forward secrecy to GPG fails, have you thought about applying OTR for e-mail? That way looks even more attractive to me. If you can break down OTR for e-mail as simple as "let's meet and compare our fingerprints", that'd be awesome. There could be issues, but perhaps nothing you can't solve. As far I understand OTR is more designed for low latency, but I don't see why it couldn't be tweaked. Only the dh key exchange happens with low latency? You could add one button "new session" (or so) and another one "End this Subject". With each new subject, use another dh key. And with each new subject, prepare one, two or a few dh keys (in e-mail text or header, hidden from user). Of course it requires more thought. Might be useful to propose it on the OTR list in case you find that interesting. From adrelanos at riseup.net Sat Mar 23 21:06:10 2013 From: adrelanos at riseup.net (adrelanos) Date: Sat, 23 Mar 2013 20:06:10 +0000 Subject: How to verify X.509 signatures? Message-ID: <514E0B32.7030907@riseup.net> Hello, TrueCrypt.org says [1] they are signing "TrueCrypt Setup 7.1a.exe" [2] with a X.509 signature. How can I verify such a signature? (On Debian Wheezy.) I tried: gpg2 --verify "TrueCrypt Setup 7.1a.exe" gpg: no valid OpenPGP data found. gpg: the signature could not be verified. Please remember that the signature file (.sig or .asc) should be the first file given on the command line. gpgsm --verify "TrueCrypt Setup 7.1a.exe" gpgsm: ksba_cms_parse failed: End of file Cheers, adrelanos [1] http://www.truecrypt.org/docs/?s=digital-signatures [2] http://www.truecrypt.org/downloads From peter at digitalbrains.com Sun Mar 24 11:07:12 2013 From: peter at digitalbrains.com (Peter Lebbing) Date: Sun, 24 Mar 2013 11:07:12 +0100 Subject: How to verify X.509 signatures? In-Reply-To: <514E0B32.7030907@riseup.net> References: <514E0B32.7030907@riseup.net> Message-ID: <514ED050.9040804@digitalbrains.com> On 23/03/13 21:06, adrelanos wrote: > TrueCrypt.org says [1] they are signing "TrueCrypt Setup 7.1a.exe" [2] > with a X.509 signature. How can I verify such a signature? This is probably a "Microsoft Authenticode" signature on a Microsoft PE executable. It's very specifically a Microsoft thing, and you'll need a program with specific support for this format. It's X.509 wrapped inside an executable. If you Google for it, you'll probably find a lot of references to a heated discussion between Matthew Garret and Linus Torvalds about including a parser in the Linux kernel :). The best I could come up with through Googling was [1]. You might be able to write something up in Python with the pefile module. Alternatively, just either - verify on Windows, by checking the "Properties" of the executable - verify using the OpenPGP signature they also provide Seems to me that TrueCrypt is such a high-profile thing that I can see some secret service subverting a CA to get a valid signature on their own backdoored version of it. Also, there is something strange going on? It says on the page you linked[2] that all downloads are HTTPS, but all the HTTPS server on www.truecrypt.org seems to do is redirect you to the HTTP server. I wanted to say that an X.509 signature on the executable doesn't add much compared to downloading it over HTTPS, but when the server is downgrading the connection... Anyway, my point, I wouldn't trust an X.509 signature on TrueCrypt anyway. It's too big a target for very well-funded groups that can subvert one of the immense amount of trusted CA's. If you're worried your download might be backdoored, you should be worried that it probably also carries a valid signature. Good luck, Peter. [1] [2] -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From ml at mareichelt.com Sun Mar 24 10:22:48 2013 From: ml at mareichelt.com (Markus Reichelt) Date: Sun, 24 Mar 2013 10:22:48 +0100 Subject: How to verify X.509 signatures? In-Reply-To: <514E0B32.7030907@riseup.net> References: <514E0B32.7030907@riseup.net> Message-ID: <20130324092248.GD31975@pc21.mareichelt.com> * adrelanos wrote: > TrueCrypt.org says [1] they are signing "TrueCrypt Setup 7.1a.exe" > [2] with a X.509 signature. How can I verify such a signature? For Windows, they explicitly state how to do that. > (On Debian Wheezy.) I tried: > gpg2 --verify "TrueCrypt Setup 7.1a.exe" > > gpg: no valid OpenPGP data found. > gpg: the signature could not be verified. > Please remember that the signature file (.sig or .asc) > should be the first file given on the command line. > > gpgsm --verify "TrueCrypt Setup 7.1a.exe" > gpgsm: ksba_cms_parse failed: End of file I'd consult the OpenSSL manual. If I parse your quest correctly, you are trying to check the sig of a Windows binary on some debian system. Why not ask the TrueCrypt head honchos about putting up that info as well? -- left blank, right bald From adrelanos at riseup.net Sun Mar 24 13:10:38 2013 From: adrelanos at riseup.net (adrelanos) Date: Sun, 24 Mar 2013 12:10:38 +0000 Subject: How to verify X.509 signatures? In-Reply-To: <20130324092248.GD31975@pc21.mareichelt.com> References: <514E0B32.7030907@riseup.net> <20130324092248.GD31975@pc21.mareichelt.com> Message-ID: <514EED3E.2030508@riseup.net> Markus Reichelt: > * adrelanos wrote: > >> TrueCrypt.org says [1] they are signing "TrueCrypt Setup 7.1a.exe" >> [2] with a X.509 signature. How can I verify such a signature? > > For Windows, they explicitly state how to do that. Yes, that's easily working. > >> (On Debian Wheezy.) I tried: >> gpg2 --verify "TrueCrypt Setup 7.1a.exe" >> >> gpg: no valid OpenPGP data found. >> gpg: the signature could not be verified. >> Please remember that the signature file (.sig or .asc) >> should be the first file given on the command line. >> >> gpgsm --verify "TrueCrypt Setup 7.1a.exe" >> gpgsm: ksba_cms_parse failed: End of file > > I'd consult the OpenSSL manual. Ok. > If I parse your quest correctly, you are trying to check the sig of a > Windows binary on some debian system. Yes. > Why not ask the TrueCrypt head > honchos about putting up that info as well? They are not communicative. I don't care so much about that truecrypt.exe, but want to know how it works in general for any file on Linux. This is because I consider dual signing the files I distribute. From adrelanos at riseup.net Sun Mar 24 13:37:51 2013 From: adrelanos at riseup.net (adrelanos) Date: Sun, 24 Mar 2013 12:37:51 +0000 Subject: How to verify X.509 signatures? In-Reply-To: <514ED050.9040804@digitalbrains.com> References: <514E0B32.7030907@riseup.net> <514ED050.9040804@digitalbrains.com> Message-ID: <514EF39F.5090504@riseup.net> Peter Lebbing: > On 23/03/13 21:06, adrelanos wrote: >> TrueCrypt.org says [1] they are signing "TrueCrypt Setup >> 7.1a.exe" [2] with a X.509 signature. How can I verify such a >> signature? > > This is probably a "Microsoft Authenticode" signature on a > Microsoft PE executable. It's very specifically a Microsoft thing, > and you'll need a program with specific support for this format. > It's X.509 wrapped inside an executable. Ah. Ok. Will google that up. > If you Google for it, you'll probably find a lot of references to a > heated discussion between Matthew Garret and Linus Torvalds about > including a parser in the Linux kernel :). Ok. > The best I could come up with through Googling was [1]. You might > be able to write something up in Python with the pefile module. > > Alternatively, just either - verify on Windows, by checking the > "Properties" of the executable - verify using the OpenPGP signature > they also provide Ok, got that. I primarily looking for some mechanism built into mainstream Linux distributions, making it much easier to verify a file comes from a specific entity. This thing sounds much too complicated. Thanks! :) From peter at digitalbrains.com Sun Mar 24 13:43:06 2013 From: peter at digitalbrains.com (Peter Lebbing) Date: Sun, 24 Mar 2013 13:43:06 +0100 Subject: How to verify X.509 signatures? In-Reply-To: <514EED3E.2030508@riseup.net> References: <514E0B32.7030907@riseup.net> <20130324092248.GD31975@pc21.mareichelt.com> <514EED3E.2030508@riseup.net> Message-ID: <514EF4DA.4090507@digitalbrains.com> On 24/03/13 13:10, adrelanos wrote: > I don't care so much about that truecrypt.exe, but want to know how it > works in general for any file on Linux. This is because I consider dual > signing the files I distribute. If it's about signing rather than verifying, I found this link on the Google hunt I mentioned in my other mail: HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From chaljan at gmail.com Mon Mar 25 13:46:21 2013 From: chaljan at gmail.com (Jan Chaloupecky) Date: Mon, 25 Mar 2013 13:46:21 +0100 Subject: IDEA License Message-ID: Hi, is the IDEA algorithm licensed? Under which conditions am I allowed to use the idea extension in a commercial product? cheers -- Jan -------------- next part -------------- An HTML attachment was scrubbed... URL: From wk at gnupg.org Mon Mar 25 15:14:43 2013 From: wk at gnupg.org (Werner Koch) Date: Mon, 25 Mar 2013 15:14:43 +0100 Subject: IDEA License In-Reply-To: (Jan Chaloupecky's message of "Mon, 25 Mar 2013 13:46:21 +0100") References: Message-ID: <87wqsvo9bg.fsf@vigenere.g10code.de> On Mon, 25 Mar 2013 13:46, chaljan at gmail.com said: > is the IDEA algorithm licensed? Under which conditions am I allowed to use > the idea extension in a commercial product? I assume your question is: Is the IDEA algorithm patented? It was patented and this was one or the main reasons to develop GnuPG as the free PGP replacement. Meanwhile the patent expired: * Patents on IDEA have expired: * Europe: EP0482154 on 2011-05-16, * Japan: JP3225440 on 2011-05-16, * U.S.: 5,214,703 on 2012-01-07. Thus if you have to decrypt old data you may now use a decent GnuPG versions to do that (1.4.13 or 2.x along an appropriate Libgcrypt version). Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From jhs at berklix.com Mon Mar 25 14:22:28 2013 From: jhs at berklix.com (Julian H. Stacey) Date: Mon, 25 Mar 2013 14:22:28 +0100 Subject: IDEA License In-Reply-To: Your message "Mon, 25 Mar 2013 13:46:21 +0100." Message-ID: <201303251322.r2PDMSZx050341@fire.js.berklix.net> > Hi, > is the IDEA algorithm licensed? Wrong question ! Try: copyright? patented? > Under which conditions am I allowed to use > the idea extension in a commercial product? https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm#Availability Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://berklix.com Reply below not above, like a play script. Indent old text with "> ". Send plain text. No quoted-printable, HTML, base64, multipart/alternative. From dshaw at jabberwocky.com Mon Mar 25 14:55:20 2013 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 25 Mar 2013 09:55:20 -0400 Subject: IDEA License In-Reply-To: References: Message-ID: <15F6DC62-0A3A-45C2-AF3B-8A6000DDE997@jabberwocky.com> On Mar 25, 2013, at 8:46 AM, Jan Chaloupecky wrote: > Hi, > is the IDEA algorithm licensed? Under which conditions am I allowed to use the idea extension in a commercial product? It was a patented algorithm which required a license. The patent has since expired (and in fact it was difficult to even purchase a license for the past few years anyway), so there is no license required. That said, IDEA is somewhat old technology at this point, and it has mostly been supplanted by newer algorithms like AES. If you have don't have a need for IDEA specifically, you might want to look more widely. David From chaljan at gmail.com Mon Mar 25 16:00:36 2013 From: chaljan at gmail.com (Jan Chaloupecky) Date: Mon, 25 Mar 2013 16:00:36 +0100 Subject: IDEA License In-Reply-To: <87wqsvo9bg.fsf@vigenere.g10code.de> References: <87wqsvo9bg.fsf@vigenere.g10code.de> Message-ID: It is clear to me that the patent expired but it is not clear how I'm allowed to use the sourced of idea.c I have to use GnuPG 1.4.10 and a self compiled idea.c from here ftp://ftp.uwsg.indiana.edu/linux/gentoo/distfiles/idea.c.gz so the question is .. can I ship the idea shared object with my software? The idea.c contains the following comments. So if I understand it correctly, I just have to add this somewhere in the documentation of my software. /* idea.c - IDEA algorithm * Copyright (c) 1997, 1998, 1999, 2001, 2002 by Werner Koch (dd9jn) * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the "Software"), * to deal in the Software without restriction, including without limitation * the rights to use, copy, modify, merge, publish, distribute, sublicense, * and/or sell copies of the Software, and to permit persons to whom the * Software is furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL * WERNER KOCH BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. * * Except as contained in this notice, the name of Werner Koch shall not be * used in advertising or otherwise to promote the sale, use or other dealings * in this Software without prior written authorization from Werner Koch. * * DUE TO PATENT CLAIMS THE DISTRIBUTION OF THE SOFTWARE IS NOT ALLOWED IN * THESE COUNTRIES: * AUSTRIA, FRANCE, GERMANY, ITALY, JAPAN, THE NETHERLANDS, * SPAIN, SWEDEN, SWITZERLAND, THE UK AND THE US. */ On Mon, Mar 25, 2013 at 3:14 PM, Werner Koch wrote: > On Mon, 25 Mar 2013 13:46, chaljan at gmail.com said: > > > is the IDEA algorithm licensed? Under which conditions am I allowed to > use > > the idea extension in a commercial product? > > I assume your question is: Is the IDEA algorithm patented? > > It was patented and this was one or the main reasons to develop GnuPG as > the free PGP replacement. > > Meanwhile the patent expired: > > * Patents on IDEA have expired: > * Europe: EP0482154 on 2011-05-16, > * Japan: JP3225440 on 2011-05-16, > * U.S.: 5,214,703 on 2012-01-07. > > Thus if you have to decrypt old data you may now use a decent GnuPG > versions to do that (1.4.13 or 2.x along an appropriate Libgcrypt > version). > > > Salam-Shalom, > > Werner > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > > -- Jan -------------- next part -------------- An HTML attachment was scrubbed... URL: From peter at digitalbrains.com Mon Mar 25 20:01:44 2013 From: peter at digitalbrains.com (Peter Lebbing) Date: Mon, 25 Mar 2013 20:01:44 +0100 Subject: IDEA License In-Reply-To: <201303251322.r2PDMSZx050341@fire.js.berklix.net> References: <201303251322.r2PDMSZx050341@fire.js.berklix.net> Message-ID: <51509F18.3040403@digitalbrains.com> On 25/03/13 14:22, Julian H. Stacey wrote: >> Hi, >> is the IDEA algorithm licensed? > > Wrong question ! Try: copyright? patented? Copyright on an algorithm? Don't you mean a particular implementation of the algorithm? IOW: Wrong question, next try? Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From dougb at dougbarton.us Mon Mar 25 20:06:17 2013 From: dougb at dougbarton.us (Doug Barton) Date: Mon, 25 Mar 2013 12:06:17 -0700 Subject: IDEA License In-Reply-To: <51509F18.3040403@digitalbrains.com> References: <201303251322.r2PDMSZx050341@fire.js.berklix.net> <51509F18.3040403@digitalbrains.com> Message-ID: <5150A029.1010709@dougbarton.us> On 3/25/2013 12:01 PM, Peter Lebbing wrote: > On 25/03/13 14:22, Julian H. Stacey wrote: >>> Hi, >>> is the IDEA algorithm licensed? >> >> Wrong question ! Try: copyright? patented? > > Copyright on an algorithm? Don't you mean a particular implementation of the > algorithm? IOW: Wrong question, next try? He clarified that in a subsequent post. The usual netiquette is to read the entire thread before responding to any individual post. Doug From peter at digitalbrains.com Mon Mar 25 20:38:23 2013 From: peter at digitalbrains.com (Peter Lebbing) Date: Mon, 25 Mar 2013 20:38:23 +0100 Subject: IDEA License In-Reply-To: <5150A029.1010709@dougbarton.us> References: <201303251322.r2PDMSZx050341@fire.js.berklix.net> <51509F18.3040403@digitalbrains.com> <5150A029.1010709@dougbarton.us> Message-ID: <5150A7AF.90601@digitalbrains.com> On 25/03/13 20:06, Doug Barton wrote: > He clarified that in a subsequent post. The usual netiquette is to read the > entire thread before responding to any individual post. I see only one post by Julian H Stacey, and the web archive[1] agrees, so maybe you got a private mail? (But why?) Anyway, I was slightly irked by his way of phrasing. All in all, I prefer my post to his, but I wouldn't normally phrase a post like that. So it indeed was somewhat about etiquette. Peter. [1] -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From wk at gnupg.org Mon Mar 25 20:36:42 2013 From: wk at gnupg.org (Werner Koch) Date: Mon, 25 Mar 2013 20:36:42 +0100 Subject: IDEA License In-Reply-To: (Jan Chaloupecky's message of "Mon, 25 Mar 2013 16:00:36 +0100") References: <87wqsvo9bg.fsf@vigenere.g10code.de> Message-ID: <87a9prnuet.fsf@vigenere.g10code.de> On Mon, 25 Mar 2013 16:00, chaljan at gmail.com said: > I have to use GnuPG 1.4.10 and a self compiled idea.c from here You better use 1.4.13. > ftp://ftp.uwsg.indiana.edu/linux/gentoo/distfiles/idea.c.gz > > so the question is .. can I ship the idea shared object with my software? > The idea.c contains the following comments. So if I understand it You need to provide the full source code and including that file. > correctly, I just have to add this somewhere in the documentation of my > software. You have to follow the conditions of the GPL; see the file COPYING in the GnuPG distribution. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From dougb at dougbarton.us Mon Mar 25 20:49:00 2013 From: dougb at dougbarton.us (Doug Barton) Date: Mon, 25 Mar 2013 12:49:00 -0700 Subject: IDEA License In-Reply-To: <5150A7AF.90601@digitalbrains.com> References: <201303251322.r2PDMSZx050341@fire.js.berklix.net> <51509F18.3040403@digitalbrains.com> <5150A029.1010709@dougbarton.us> <5150A7AF.90601@digitalbrains.com> Message-ID: <5150AA2C.2060205@dougbarton.us> On 3/25/2013 12:38 PM, Peter Lebbing wrote: > On 25/03/13 20:06, Doug Barton wrote: >> He clarified that in a subsequent post. The usual netiquette is to >> read the entire thread before responding to any individual post. > > I see only one post by Julian H Stacey, I should have been more explicit. The OP clarified his question in response to Julian's question. By the time the OP responded it was clear what he was really asking. Could Julian's response have been phrased better? Probably. My point however was that by the time you responded your post was unnecessary. Thus endeth the lesson, Doug From peter at digitalbrains.com Mon Mar 25 20:57:46 2013 From: peter at digitalbrains.com (Peter Lebbing) Date: Mon, 25 Mar 2013 20:57:46 +0100 Subject: (OT) Re: IDEA License In-Reply-To: <5150AA2C.2060205@dougbarton.us> References: <201303251322.r2PDMSZx050341@fire.js.berklix.net> <51509F18.3040403@digitalbrains.com> <5150A029.1010709@dougbarton.us> <5150A7AF.90601@digitalbrains.com> <5150AA2C.2060205@dougbarton.us> Message-ID: <5150AC3A.2020605@digitalbrains.com> On 25/03/13 20:49, Doug Barton wrote: > Thus endeth the lesson, Yeah, after I wrote my reply, I wondered if it was even wise to fight fire with fire. So the lesson didn't come entirely unexpected. I respectfully disagree that the mail didn't warrant a reply at all. One could also simply point out that it wasn't very friendly to use 2-word phrases to point someone to a mistake. And make the same mistake subsequently ;P. Anyway, on to something fun... Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From chaljan at gmail.com Mon Mar 25 21:05:02 2013 From: chaljan at gmail.com (Jan Chaloupecky) Date: Mon, 25 Mar 2013 21:05:02 +0100 Subject: IDEA License In-Reply-To: <87a9prnuet.fsf@vigenere.g10code.de> References: <87wqsvo9bg.fsf@vigenere.g10code.de> <87a9prnuet.fsf@vigenere.g10code.de> Message-ID: <129D24657A4F42848C33795E835AA686@gmail.com> On Monday, March 25, 2013 at 8:36 PM, Werner Koch wrote: > On Mon, 25 Mar 2013 16:00, chaljan at gmail.com (mailto:chaljan at gmail.com) said: > > > I have to use GnuPG 1.4.10 and a self compiled idea.c from here > > You better use 1.4.13. I have to stick to the version provided by Debian Squeeze and it's 1.4.10. I haven't found any back port repositories. > > > ftp://ftp.uwsg.indiana.edu/linux/gentoo/distfiles/idea.c.gz > > > > so the question is .. can I ship the idea shared object with my software? > > The idea.c contains the following comments. So if I understand it > > > > > You need to provide the full source code and including that file. ok so idea is GPL. thanks > > > correctly, I just have to add this somewhere in the documentation of my > > software. > > > > > You have to follow the conditions of the GPL; see the file COPYING in > the GnuPG distribution. > > > Salam-Shalom, > > Werner > > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From hka at qbs.com.pl Mon Mar 25 23:14:40 2013 From: hka at qbs.com.pl (Hubert Kario) Date: Mon, 25 Mar 2013 23:14:40 +0100 Subject: IDEA License In-Reply-To: <129D24657A4F42848C33795E835AA686@gmail.com> References: <87a9prnuet.fsf@vigenere.g10code.de> <129D24657A4F42848C33795E835AA686@gmail.com> Message-ID: <3527838.Z5WV85PtoA@bursa22> On Monday 25 of March 2013 21:05:02 Jan Chaloupecky wrote: > On Monday, March 25, 2013 at 8:36 PM, Werner Koch wrote: > > On Mon, 25 Mar 2013 16:00, chaljan at gmail.com (mailto:chaljan at gmail.com) said: > > > I have to use GnuPG 1.4.10 and a self compiled idea.c from here > > > > You better use 1.4.13. > > I have to stick to the version provided by Debian Squeeze and it's 1.4.10. > I haven't found any back port repositories. that's usually a sign that the package from testing, or in this case, wheezy, will work fine. Regards, -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawer?w 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl From jhs at berklix.com Tue Mar 26 01:38:02 2013 From: jhs at berklix.com (Julian H. Stacey) Date: Tue, 26 Mar 2013 01:38:02 +0100 Subject: IDEA License In-Reply-To: Your message "Mon, 25 Mar 2013 15:14:43 +0100." <87wqsvo9bg.fsf@vigenere.g10code.de> Message-ID: <201303260038.r2Q0c2Nf021141@fire.js.berklix.net> Hi gnupg-users at gnupg.org cc Werner K. I wrote: > https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm#Availability Werner posted: > Meanwhile the patent expired: > * Patents on IDEA have expired: > * Europe: EP0482154 on 2011-05-16, > * Japan: JP3225440 on 2011-05-16, > * U.S.: 5,214,703 on 2012-01-07. So to wikipedia, after "Japan" I appended "expired 2011-05-16" I could edit in an href'd citation to wikipedia, if URL known ? Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://berklix.com Reply below not above, like a play script. Indent old text with "> ". Send plain text. No quoted-printable, HTML, base64, multipart/alternative. From di44vq at nottheoilrig.com Mon Mar 25 23:30:23 2013 From: di44vq at nottheoilrig.com (Jack Bates) Date: Mon, 25 Mar 2013 15:30:23 -0700 Subject: Dump all the properties of a key? Message-ID: <5150CFFF.1090106@nottheoilrig.com> How do I dump all the properties of a key? From chaljan at gmail.com Tue Mar 26 11:30:08 2013 From: chaljan at gmail.com (Jan Chaloupecky) Date: Tue, 26 Mar 2013 11:30:08 +0100 Subject: IDEA License In-Reply-To: <0FBCBF7BADE04270ABEAD48B56B821AB@gmail.com> References: <87a9prnuet.fsf@vigenere.g10code.de> <129D24657A4F42848C33795E835AA686@gmail.com> <3527838.Z5WV85PtoA@bursa22> <0FBCBF7BADE04270ABEAD48B56B821AB@gmail.com> Message-ID: Sorry, I sent the last mail only to Hubert. I was saying that Squeeze does not have in any of its repositories the versions that support IDEA: Max version of GnuPG is 1.4.12 http://packages.debian.org/search?keywords=gnupg&searchon=names&exact=1&suite=all§ion=all Max version of libgcrypt is 1.5.1 http://packages.debian.org/search?keywords=libgcrypt11&searchon=names&exact=1&suite=all§ion=all So in other words, I can have IDEA support in Debian Squeeze only when I compile myself either the extension for GPG 1 or libgcrypt for GPG 2. Compiling and shipping IDEA means that I have to provide the sources of my software, correct? On Tue, Mar 26, 2013 at 7:40 AM, Jan Chaloupecky wrote: > I see gnupg 1.4.12-7 in Wheezy but not 1.4.13 > > http://packages.debian.org/wheezy/gnupg > > > -- > Jan > > On Monday, March 25, 2013 at 11:14 PM, Hubert Kario wrote: > > On Monday 25 of March 2013 21:05:02 Jan Chaloupecky wrote: > > On Monday, March 25, 2013 at 8:36 PM, Werner Koch wrote: > > On Mon, 25 Mar 2013 16:00, chaljan at gmail.com (mailto:chaljan at gmail.com) > > > said: > > I have to use GnuPG 1.4.10 and a self compiled idea.c from here > > > You better use 1.4.13. > > > I have to stick to the version provided by Debian Squeeze and it's 1.4.10. > I haven't found any back port repositories. > > > that's usually a sign that the package from testing, or in this case, > wheezy, will work fine. > > Regards, > -- > Hubert Kario > QBS - Quality Business Software > 02-656 Warszawa, ul. Ksawer?w 30/85 > tel. +48 (22) 646-61-51, 646-74-24 > www.qbs.com.pl > > > -- Jan -------------- next part -------------- An HTML attachment was scrubbed... URL: From wk at gnupg.org Tue Mar 26 11:53:22 2013 From: wk at gnupg.org (Werner Koch) Date: Tue, 26 Mar 2013 11:53:22 +0100 Subject: IDEA License In-Reply-To: (Jan Chaloupecky's message of "Tue, 26 Mar 2013 11:30:08 +0100") References: <87a9prnuet.fsf@vigenere.g10code.de> <129D24657A4F42848C33795E835AA686@gmail.com> <3527838.Z5WV85PtoA@bursa22> <0FBCBF7BADE04270ABEAD48B56B821AB@gmail.com> Message-ID: <87vc8emnz1.fsf@vigenere.g10code.de> On Tue, 26 Mar 2013 11:30, chaljan at gmail.com said: > Compiling and shipping IDEA means that I have to provide the sources of my > software, correct? You always have to provide the source of GPG software (or a written offer). Simply linking to Debian is not sufficient if you distribute a binary form your site. Well, unless you enter into a contract with Debian to guarantee that they will provide the source as long as you provide a binary. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From Dave.Smith at st.com Tue Mar 26 10:57:46 2013 From: Dave.Smith at st.com (David Smith) Date: Tue, 26 Mar 2013 09:57:46 +0000 Subject: IDEA License In-Reply-To: <129D24657A4F42848C33795E835AA686@gmail.com> References: <87wqsvo9bg.fsf@vigenere.g10code.de> <87a9prnuet.fsf@vigenere.g10code.de> <129D24657A4F42848C33795E835AA686@gmail.com> Message-ID: <5151711A.1070604@st.com> On 03/25/13 20:05, Jan Chaloupecky wrote: > On Monday, March 25, 2013 at 8:36 PM, Werner Koch wrote: >> On Mon, 25 Mar 2013 16:00, chaljan at gmail.com >>> so the question is .. can I ship the idea shared object with my software? >>> The idea.c contains the following comments. So if I understand it >> >> You need to provide the full source code and including that file. > > ok so idea is GPL. Not quite. Werner's implementation of IDEA (as included in GnuPG) is copyrighted but released under the terms of the GPL, and therefore, if you take his source code directly and copy it (or any part of it) into your code, then you are restricted by the terms of the GPL. The algorithm itself cannot be copyrighted, but can be patented (and was). The patent covered /any/ implementation (whoever coded it). However, the patent(s) have now expired, so now anyone is free to code their own version of the algorithm under any license they like, provided they write their own version of the code, rather than just copying someone else's. Disclaimer: IANAL, you should get your own proper legal advice from a real lawyer, etc. From Dave.Smith at st.com Tue Mar 26 12:00:34 2013 From: Dave.Smith at st.com (David Smith) Date: Tue, 26 Mar 2013 11:00:34 +0000 Subject: IDEA License In-Reply-To: References: <87a9prnuet.fsf@vigenere.g10code.de> <129D24657A4F42848C33795E835AA686@gmail.com> <3527838.Z5WV85PtoA@bursa22> <0FBCBF7BADE04270ABEAD48B56B821AB@gmail.com> Message-ID: <51517FD2.2080901@st.com> On 03/26/13 10:30, Jan Chaloupecky wrote: > Sorry, I sent the last mail only to Hubert. > > > I was saying that Squeeze does not have in any of its repositories the > versions that support IDEA: > > Max version of GnuPG is 1.4.12 > http://packages.debian.org/search?keywords=gnupg&searchon=names&exact=1&suite=all§ion=all > Max version of libgcrypt is 1.5.1 > http://packages.debian.org/search?keywords=libgcrypt11&searchon=names&exact=1&suite=all§ion=all > > So in other words, I can have IDEA support in Debian Squeeze only when > I compile myself either the extension for GPG 1 or libgcrypt for GPG 2. > > Compiling and shipping IDEA means that I have to provide the sources of > my software, correct? Not necessarily. If you write your own implementation of IDEA, you can release it under any license you like. If you include libgcrypt in your software, then it depends on how you use it. libgcrypt appears to be licensed under either GPL or LGPL[1], so if you dynamically link against a separately-compiled libgcrypt library, then you don't have to release your source because you can use libgcrypt under the LGPL. You can ship your own software and an LGPL-licensed library together (e.g. in a tarfile), provided that the LGPL-licensed stuff is easily separable from the proprietary stuff (i.e. in an independant library which contains *only* LGPL code). You do still have to include in your shipment information to state that it includes libgcrypt licensed under the LGPL, and provide facilities for your "customers" to get access to the libgcrypt source code. If you make any changes to the libgcrypt code to use for your application, then you must make the source code for those changes available. If you statically link libgcrypt into your software (i.e. compile it in to the binary), then it is no longer easily separable from the proprietary code, so you must release the source code to your software, and furthermore, you cannot prevent anyone copying, modifying and distributing your software and/or source code. Again, IANAL, get your own professional legal advice, etc... [1] http://directory.fsf.org/wiki/Libgcrypt From dkg at fifthhorseman.net Tue Mar 26 15:50:14 2013 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Tue, 26 Mar 2013 10:50:14 -0400 Subject: Dump all the properties of a key? In-Reply-To: <5150CFFF.1090106@nottheoilrig.com> References: <5150CFFF.1090106@nottheoilrig.com> Message-ID: <5151B5A6.3020901@fifthhorseman.net> On 03/25/2013 06:30 PM, Jack Bates wrote: > How do I dump all the properties of a key? it's not clear to me what you're looking for, but here are a few options that might provide you with useful information: gpg --export-options export-minimal --export $KEYID | pgpdump gpg --export-options export-minimal --export $KEYID | gpg --list-packets if you are interested in the list of other people's certifications (or old self-certifications) you could omit the "--export-options export-minimal" arguments. If you're looking for some piece of information in particular, asking in more detail can make it easier for other people to help you get the answer you're looking for. hth, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1027 bytes Desc: OpenPGP digital signature URL: From adrelanos at riseup.net Tue Mar 26 17:35:58 2013 From: adrelanos at riseup.net (adrelanos) Date: Tue, 26 Mar 2013 16:35:58 +0000 Subject: gpg for anonymous users - Alternative to the web of trust? Message-ID: <5151CE6E.6010804@riseup.net> As a brief introduction, I am adrelanos, the strictly pseudonymous (anonymous) maintainer of Whonix, an Open Source Anonymous Operating System. [1] I gpg-sign binary releases and source code (git tags) in order to authenticate Whonix to users, and prevent adversaries from distributing altered versions in my name. Given that I can't meet with other Linux or Tor developers who could verify my identity and sign my key, how can I establish a web of trust for potential Whonix users to rely on? More generally, how can strictly pseudonymous people establish webs of trust? In an attempt to bootstrap my public key from the Web, it's available on keyservers, in Whonix source code and binary releases, and on my homepage and project page. [3] By mirroring my key to many http, https and/or .onion sites, it becomes harder and harder to impersonate me. However, that hasn't worked out very well, because search engines apparently don't index keys, and so there is no way to verify my list of public key mirrors. How can I establish a pseudonym that no one can easily fake while remaining anonymous? [1] http://whonix.sf.net/ [2] https://sourceforge.net/p/whonix/wiki/Trust/ [3] https://sourceforge.net/p/whonix/wiki/OpenPGP/#bootstrapping-openpgp-keys-from-the-web From wk at gnupg.org Tue Mar 26 18:21:08 2013 From: wk at gnupg.org (Werner Koch) Date: Tue, 26 Mar 2013 18:21:08 +0100 Subject: IDEA License In-Reply-To: <201303260038.r2Q0c2Nf021141@fire.js.berklix.net> (Julian H. Stacey's message of "Tue, 26 Mar 2013 01:38:02 +0100") References: <201303260038.r2Q0c2Nf021141@fire.js.berklix.net> Message-ID: <87sj3ihybf.fsf@vigenere.g10code.de> On Tue, 26 Mar 2013 01:38, jhs at berklix.com said: > So to wikipedia, after "Japan" I appended "expired 2011-05-16" > I could edit in an href'd citation to wikipedia, if URL known ? I don't know; the dates are by Ulrich M?ller Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From mailinglisten at hauke-laging.de Tue Mar 26 17:46:48 2013 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Tue, 26 Mar 2013 17:46:48 +0100 Subject: Dump all the properties of a key? In-Reply-To: <5150CFFF.1090106@nottheoilrig.com> References: <5150CFFF.1090106@nottheoilrig.com> Message-ID: <2990055.5ZCgpxB5sZ@inno> Am Mo 25.03.2013, 15:30:23 schrieb Jack Bates: > How do I dump all the properties of a key? gpg --list-options show-policy-urls,show-notations,show-sig-expire,\ show-keyserver-urls,show-uid-validity,show-unusable-uids,\ show-unusable-subkeys --with-colons --list-sigs $KEYID gpg --list-options show-policy-urls,show-notations,show-sig-expire,\ show-keyserver-urls,show-uid-validity,show-unusable-uids,\ show-unusable-subkeys --list-sigs $KEYID -- ? PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04) http://www.openpgp-schulungen.de/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 572 bytes Desc: This is a digitally signed message part. URL: From jhs at berklix.com Tue Mar 26 18:40:22 2013 From: jhs at berklix.com (Julian H. Stacey) Date: Tue, 26 Mar 2013 18:40:22 +0100 Subject: IDEA License In-Reply-To: Your message "Tue, 26 Mar 2013 18:21:08 +0100." <87sj3ihybf.fsf@vigenere.g10code.de> Message-ID: <201303261740.r2QHeMSD056849@fire.js.berklix.net> > > https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm#Availability > From: Werner Koch Werner Koch wrote: > On Tue, 26 Mar 2013 01:38, jhs at berklix.com said: > > > So to wikipedia, after "Japan" I appended "expired 2011-05-16" > > I could edit in an href'd citation to wikipedia, if URL known ? > > I don't know; the dates are by Ulrich M??ller OK I added Ulrich M to cc He can add URL to wikipedia of expiry date of Japan IDEA paent if he wants, or I will if he mails it me. A dead patent is a good patent ;-) Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://berklix.com Reply below not above, like a play script. Indent old text with "> ". Send plain text. No quoted-printable, HTML, base64, multipart/alternative. From ml at mareichelt.com Tue Mar 26 20:20:49 2013 From: ml at mareichelt.com (Markus Reichelt) Date: Tue, 26 Mar 2013 20:20:49 +0100 Subject: gpg for anonymous users - Alternative to the web of trust? In-Reply-To: <5151CE6E.6010804@riseup.net> References: <5151CE6E.6010804@riseup.net> Message-ID: <20130326192049.GB12392@pc21.mareichelt.com> * adrelanos wrote: > How can I establish a pseudonym that no one can easily fake while > remaining anonymous? a) you can't define 'easily' - these days nobody reads/checks anything anymore (there's some XKCD about this issue) b) you can try: Meet with a high-profile person (of your realm/domain) that you trust and ask that person to both honour your wish to remain anonymous to the public and to also sign your signing key. ... Apart from that, why the hassle? Simply put: Once you marked your spot with a pseudonym and a corresponding key, it's yours. But I think the matter you are really concerned about is this: How can your audience be sure it's you when they in fact don't want to make any real effort to check up on that fact. see a) -- left blank, right bald From christoph.anton.mitterer at lmu.de Tue Mar 26 13:24:04 2013 From: christoph.anton.mitterer at lmu.de (Christoph Anton Mitterer) Date: Tue, 26 Mar 2013 13:24:04 +0100 Subject: Dump all the properties of a key? In-Reply-To: <5150CFFF.1090106@nottheoilrig.com> References: <5150CFFF.1090106@nottheoilrig.com> Message-ID: <1364300644.8245.0.camel@heisenberg.scientia.net> On Mon, 2013-03-25 at 15:30 -0700, Jack Bates wrote: > How do I dump all the properties of a key? pgpdump Cheers, C. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3811 bytes Desc: not available URL: From johnicholas.hines at gmail.com Tue Mar 26 18:36:07 2013 From: johnicholas.hines at gmail.com (Johnicholas Hines) Date: Tue, 26 Mar 2013 13:36:07 -0400 Subject: gpg for anonymous users - Alternative to the web of trust? In-Reply-To: <5151CE6E.6010804@riseup.net> References: <5151CE6E.6010804@riseup.net> Message-ID: The question is how to distinguish yourself from a nation-state's covert agency purporting to be an individual interested in anonymity; you need to do something that the agency would find difficult to do. Getting your name and key into difficult-to-corrupt archives will start a timer - eventually you can point to the archives as evidence that you are not a newcomer. Even an agency would find it difficult to change history. Spending money or effort forces a covert agency to also spend money or effort to replicate your behavior. For example, if you sent someone a bitcoin, they would have to spend some dollars to establish themselves as comparably credible. Unfortunately, they have deep pockets. Effort might be preferable to money, since leaves more ways that a covert agency might make a mistake, behaving in some characteristic way (e.g. some sort of automatic authorship attribution software might become available that revealed them to be a team rather than an individual). Steady effort at releasing patches over a decade might be moderately credible. Johnicholas -------------- next part -------------- An HTML attachment was scrubbed... URL: From branko at majic.rs Tue Mar 26 20:42:35 2013 From: branko at majic.rs (Branko Majic) Date: Tue, 26 Mar 2013 20:42:35 +0100 Subject: Different output when using --list-only --decrypt depending on presence of private key Message-ID: <20130326204235.0a714795@zetkin.primekey.se> Hello all, I'm using Debian Wheezy, GnuPG version 2.0.19. I've discovered a slight difference in the output I get from the --list-only --decrypt command depending on whether the secret keyring contains one of the private keys used for encrypting the file or not. For example, if I've encrypted a file for two recipients, where I have private key of one of the recipients in the secret keyring, and then I try to list the encryption keys used with: gpg2 --list-only --decrypt test.gpg I will get only one of the keys listed (the one for which I don't have the encryption key). I'll get a full listing of keys if I were to run, for example: gpg2 --homedir /tmp/bogushomedir --list-only --decrypt test.gpg On the other hand, I'll get full list of keys used if I run something like this: gpg2 --status-fd 1 --quiet --batch --list-only --decrypt test.gpg Is this intended behaviour or a bug? I haven't found anything in the man page. Best regards -- Branko Majic Jabber: branko at majic.rs Please use only Free formats when sending attachments to me. ?????? ????? ?????: branko at majic.rs ????? ??? ?? ??????? ?????? ????????? ? ????????? ?????????. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From adrelanos at riseup.net Wed Mar 27 00:38:23 2013 From: adrelanos at riseup.net (adrelanos) Date: Tue, 26 Mar 2013 23:38:23 +0000 Subject: gpg for anonymous users - Alternative to the web of trust? In-Reply-To: <515225E9.50805@kent.ac.uk> References: <5151CE6E.6010804@riseup.net> <515225E9.50805@kent.ac.uk> Message-ID: <5152316F.1060705@riseup.net> Yes, I agree, it's pretty much impossible to distinguish myself from a nation-state's covert agency. Hence, I only asked how to claim a pseudonym. David Chadwick: > Its pretty much impossible to distinguish a nation-state's covert agency > personnel who are masquerading as someone else from the real someone > else. In the UK we have recently had examples of undercover agents > infiltrating animal rights groups or similar as activists, forming deep > emotional relationships with female members, moving in with them, having > children with them, and then years later, after the group has been > smashed, disappearing from the scene. One such lady victim saw the > picture of a policeman years later (I think in a newspaper) and > recognised him as the father of her child, which is when the scam was > blown open. So in short, these agencies do not find it difficult to do > anything that they need or want to do > > regards > > David > > On 26/03/2013 17:36, Johnicholas Hines wrote: >> The question is how to distinguish yourself from a nation-state's covert >> agency purporting to be an individual interested in anonymity; you need >> to do something that the agency would find difficult to do. >> >> Getting your name and key into difficult-to-corrupt archives will start >> a timer - eventually you can point to the archives as evidence that you >> are not a newcomer. Even an agency would find it difficult to change >> history. >> >> Spending money or effort forces a covert agency to also spend money or >> effort to replicate your behavior. For example, if you sent someone a >> bitcoin, they would have to spend some dollars to establish themselves >> as comparably credible. Unfortunately, they have deep pockets. Effort >> might be preferable to money, since leaves more ways that a covert >> agency might make a mistake, behaving in some characteristic way (e.g. >> some sort of automatic authorship attribution software might become >> available that revealed them to be a team rather than an individual). >> Steady effort at releasing patches over a decade might be moderately >> credible. >> >> Johnicholas >> >> >> >> _______________________________________________ >> Gnupg-users mailing list >> Gnupg-users at gnupg.org >> http://lists.gnupg.org/mailman/listinfo/gnupg-users >> > From d.w.chadwick at kent.ac.uk Tue Mar 26 23:49:13 2013 From: d.w.chadwick at kent.ac.uk (David Chadwick) Date: Tue, 26 Mar 2013 22:49:13 +0000 Subject: gpg for anonymous users - Alternative to the web of trust? In-Reply-To: References: <5151CE6E.6010804@riseup.net> Message-ID: <515225E9.50805@kent.ac.uk> Its pretty much impossible to distinguish a nation-state's covert agency personnel who are masquerading as someone else from the real someone else. In the UK we have recently had examples of undercover agents infiltrating animal rights groups or similar as activists, forming deep emotional relationships with female members, moving in with them, having children with them, and then years later, after the group has been smashed, disappearing from the scene. One such lady victim saw the picture of a policeman years later (I think in a newspaper) and recognised him as the father of her child, which is when the scam was blown open. So in short, these agencies do not find it difficult to do anything that they need or want to do regards David On 26/03/2013 17:36, Johnicholas Hines wrote: > The question is how to distinguish yourself from a nation-state's covert > agency purporting to be an individual interested in anonymity; you need > to do something that the agency would find difficult to do. > > Getting your name and key into difficult-to-corrupt archives will start > a timer - eventually you can point to the archives as evidence that you > are not a newcomer. Even an agency would find it difficult to change > history. > > Spending money or effort forces a covert agency to also spend money or > effort to replicate your behavior. For example, if you sent someone a > bitcoin, they would have to spend some dollars to establish themselves > as comparably credible. Unfortunately, they have deep pockets. Effort > might be preferable to money, since leaves more ways that a covert > agency might make a mistake, behaving in some characteristic way (e.g. > some sort of automatic authorship attribution software might become > available that revealed them to be a team rather than an individual). > Steady effort at releasing patches over a decade might be moderately > credible. > > Johnicholas > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From ulm at gentoo.org Tue Mar 26 22:19:37 2013 From: ulm at gentoo.org (Ulrich Mueller) Date: Tue, 26 Mar 2013 22:19:37 +0100 Subject: IDEA License In-Reply-To: <201303261740.r2QHeMSD056849@fire.js.berklix.net> References: <87sj3ihybf.fsf@vigenere.g10code.de> <201303261740.r2QHeMSD056849@fire.js.berklix.net> Message-ID: <20818.4329.442591.396656@a1i15.kph.uni-mainz.de> >>>>> On Tue, 26 Mar 2013, Julian H Stacey wrote: > OK I added Ulrich M to cc > He can add URL to wikipedia of expiry date of Japan IDEA paent > if he wants, or I will if he mails it me. > A dead patent is a good patent ;-) IANAL, TINLA, but the term of patent in Japan seems to be 20 years and it was filed in 1991. Concerning the exact date, here's what I had written in my message to the FSF, about one year ago: | To the best of my knowledge, the IDEA algorithm was covered by the | following patents held by Ascom Tech AG, Bern, Switzerland: | - Europe: EP0482154 [1] | - U.S.: 5,214,703 [2] | - Japan: JP3225440 | These patents were filed in 1991. All sources (see [3] and [4] and | references cited therein) seem to agree that the European and the | Japanese patent both have expired on 2011-05-16. | | About the U.S. patent the situation seems not so clear, as there are | several expiry dates mentioned. The PGP FAQ [3] says it has expired on | 2010-05-25 whereas Wikipedia [4,5] mentions 2011-05-16 and 2012-01-07. | However, none of these dates is later than 2012-01-07. So I think it | is safe to assume that the U.S. patent has expired, too. | | [1] | [2] | [3] | [4] | [5] Ulrich From jhs at berklix.com Wed Mar 27 12:41:52 2013 From: jhs at berklix.com (Julian H. Stacey) Date: Wed, 27 Mar 2013 12:41:52 +0100 Subject: IDEA License In-Reply-To: Your message "Tue, 26 Mar 2013 22:19:37 +0100." <20818.4329.442591.396656@a1i15.kph.uni-mainz.de> Message-ID: <201303271141.r2RBfqcM061311@fire.js.berklix.net> Thanks Ulrich for your email below, It didn't make it to gnupg-users at gnupg.org & to http://lists.gnupg.org/pipermail/gnupg-users/2013-March/date.html#end so I'm appending it & will point to it from https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm#Availability ------------------------------ > From: Ulrich Mueller > Date: Tue, 26 Mar 2013 22:19:37 +0100 > > >>>>> On Tue, 26 Mar 2013, Julian H Stacey wrote: > > > OK I added Ulrich M to cc > > He can add URL to wikipedia of expiry date of Japan IDEA paent > > if he wants, or I will if he mails it me. > > A dead patent is a good patent ;-) > > IANAL, TINLA, but the term of patent in Japan seems to be 20 years and > it was filed in 1991. Concerning the exact date, here's what I had > written in my message to the FSF, about one year ago: > > | To the best of my knowledge, the IDEA algorithm was covered by the > | following patents held by Ascom Tech AG, Bern, Switzerland: > | - Europe: EP0482154 [1] > | - U.S.: 5,214,703 [2] > | - Japan: JP3225440 > | These patents were filed in 1991. All sources (see [3] and [4] and > | references cited therein) seem to agree that the European and the > | Japanese patent both have expired on 2011-05-16. > | > | About the U.S. patent the situation seems not so clear, as there are > | several expiry dates mentioned. The PGP FAQ [3] says it has expired on > | 2010-05-25 whereas Wikipedia [4,5] mentions 2011-05-16 and 2012-01-07. > | However, none of these dates is later than 2012-01-07. So I think it > | is safe to assume that the U.S. patent has expired, too. > | > | [1] > | [2] > | [3] > | [4] > | [5] > > Ulrich ------------------------------ Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://berklix.com Reply below not above, like a play script. Indent old text with "> ". Send plain text. No quoted-printable, HTML, base64, multipart/alternative. From peter at digitalbrains.com Wed Mar 27 13:50:33 2013 From: peter at digitalbrains.com (Peter Lebbing) Date: Wed, 27 Mar 2013 13:50:33 +0100 Subject: IDEA License In-Reply-To: <201303271141.r2RBfqcM061311@fire.js.berklix.net> References: <201303271141.r2RBfqcM061311@fire.js.berklix.net> Message-ID: <5152EB19.6070607@digitalbrains.com> On 27/03/13 12:41, Julian H. Stacey wrote: > Thanks Ulrich for your email below, > It didn't make it to gnupg-users at gnupg.org & to > http://lists.gnupg.org/pipermail/gnupg-users/2013-March/date.html#end Posts by non-subscribers are moderated (held for approval by a moderator). That's why it took (by comparison) so long to make it to the list. It's there now, also in the web archive[1]. Greets, Peter. PS: By the way, your e-mail client doesn't seem to honor the Mail-Followup-To header, because I spotted Werner Koch in the CC list. Just so you know. [1] -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From jhs at berklix.com Wed Mar 27 14:40:18 2013 From: jhs at berklix.com (Julian H. Stacey) Date: Wed, 27 Mar 2013 14:40:18 +0100 Subject: IDEA License In-Reply-To: Your message "Wed, 27 Mar 2013 13:50:33 +0100." <5152EB19.6070607@digitalbrains.com> Message-ID: <201303271340.r2RDeIAY062214@fire.js.berklix.net> Peter Lebbing wrote: > On 27/03/13 12:41, Julian H. Stacey wrote: > > Thanks Ulrich for your email below, > > It didn't make it to gnupg-users at gnupg.org & to > > http://lists.gnupg.org/pipermail/gnupg-users/2013-March/date.html#end > > Posts by non-subscribers are moderated (held for approval by a moderator). > That's why it took (by comparison) so long to make it to the list. It's there > now, also in the web archive[1]. I replied using my private copy direct from Ulrich, waited for it to arrive at gnupg web archive, edited wikipedia to point at my archived copy, then Ulrich's copy to gnupg list arrived on list & web archive, so I edited wikipedia again to point to his original rather than my copy. > Greets, > > Peter. > > PS: By the way, your e-mail client doesn't seem to honor the Mail-Followup-To > header, because I spotted Werner Koch in the CC list. Just so you know. I created it, as far as I recall, from my copy direct from Ulrich, which had no Mail-Followup-To Of the last 18 posts to this list, only 2 have header inc. Mail-Followup-To: Both from Werner Koch. I'm familiar with Reply-to: Not familar with Mail-Followup-To: What's the difference ? Don't know if my EXMH 2.7.2 or newer I'm upgrading to elsewhere might or not do whatever it is that presumably it should. Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://berklix.com Reply below not above, like a play script. Indent old text with "> ". Send plain text. No quoted-printable, HTML, base64, multipart/alternative. From peter at digitalbrains.com Wed Mar 27 19:27:30 2013 From: peter at digitalbrains.com (Peter Lebbing) Date: Wed, 27 Mar 2013 19:27:30 +0100 Subject: Mail-Followup-To (was Re: IDEA License) In-Reply-To: <201303271340.r2RDeIAY062214@fire.js.berklix.net> References: <201303271340.r2RDeIAY062214@fire.js.berklix.net> Message-ID: <51533A12.7020206@digitalbrains.com> On 27/03/13 14:40, Julian H. Stacey wrote: > I created it, as far as I recall, from my copy direct from Ulrich, > which had no Mail-Followup-To Correct, the problem originated when you replied[1] to Werner's mail[2]. Werner's mail had the following header: Mail-Followup-To: "Julian H. Stacey" , gnupg-users at gnupg.org The difference between that line and a simple Reply-to-All is that Werner would be in the recipient list with the Reply-to-All, and not with the Mail-Followup-To. Your reply should have only had gnupg-users at gnupg.org and your manually added CC to Ulrich as recipients, since your MUA would conclude that you don't need to CC yourself :). > I'm familiar with Reply-to: Not familar with Mail-Followup-To: > What's the difference ? Because Reply-To didn't really work out in practice for mailing lists, DJB came up with two "non-canon" mail headers to remove ambiguity from the meaning of the Reply-To header. He describes it in [3]. Not everybody agrees with his view/solution, though. Whether you like the headers Bernstein created or not, it would seem Werner didn't want to be on the recipient list, which is why I brought it up in my PS. HTH, Peter. [1] [2] [3] -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From ekleog at gmail.com Wed Mar 27 22:15:04 2013 From: ekleog at gmail.com (Leo Gaspard) Date: Wed, 27 Mar 2013 22:15:04 +0100 Subject: gpg for anonymous users - Alternative to the web of trust? In-Reply-To: <5152316F.1060705@riseup.net> References: <5151CE6E.6010804@riseup.net> <515225E9.50805@kent.ac.uk> <5152316F.1060705@riseup.net> Message-ID: <20130327211504.GC11100@leortable> Well... IMHO you did all what you had to/could do, if you want to keep confidentiality : claiming your public key in association with your name on several websites. Now, just hope no covert agency will try to impersonate you until a lot of people verify and sign your public key. On Tue, Mar 26, 2013 at 11:38:23PM +0000, adrelanos wrote: > Yes, I agree, it's pretty much impossible to distinguish myself from a > nation-state's covert agency. Hence, I only asked how to claim a pseudonym. > > David Chadwick: > > Its pretty much impossible to distinguish a nation-state's covert agency > > personnel who are masquerading as someone else from the real someone > > else. In the UK we have recently had examples of undercover agents > > infiltrating animal rights groups or similar as activists, forming deep > > emotional relationships with female members, moving in with them, having > > children with them, and then years later, after the group has been > > smashed, disappearing from the scene. One such lady victim saw the > > picture of a policeman years later (I think in a newspaper) and > > recognised him as the father of her child, which is when the scam was > > blown open. So in short, these agencies do not find it difficult to do > > anything that they need or want to do > > > > regards > > > > David > > > > On 26/03/2013 17:36, Johnicholas Hines wrote: > >> The question is how to distinguish yourself from a nation-state's covert > >> agency purporting to be an individual interested in anonymity; you need > >> to do something that the agency would find difficult to do. > >> > >> Getting your name and key into difficult-to-corrupt archives will start > >> a timer - eventually you can point to the archives as evidence that you > >> are not a newcomer. Even an agency would find it difficult to change > >> history. > >> > >> Spending money or effort forces a covert agency to also spend money or > >> effort to replicate your behavior. For example, if you sent someone a > >> bitcoin, they would have to spend some dollars to establish themselves > >> as comparably credible. Unfortunately, they have deep pockets. Effort > >> might be preferable to money, since leaves more ways that a covert > >> agency might make a mistake, behaving in some characteristic way (e.g. > >> some sort of automatic authorship attribution software might become > >> available that revealed them to be a team rather than an individual). > >> Steady effort at releasing patches over a decade might be moderately > >> credible. > >> > >> Johnicholas > >> > >> > >> > >> _______________________________________________ > >> Gnupg-users mailing list > >> Gnupg-users at gnupg.org > >> http://lists.gnupg.org/mailman/listinfo/gnupg-users > >> > > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From di44vq at nottheoilrig.com Wed Mar 27 17:47:08 2013 From: di44vq at nottheoilrig.com (Jack Bates) Date: Wed, 27 Mar 2013 09:47:08 -0700 Subject: Dump all the properties of a key? In-Reply-To: <5151B5A6.3020901@fifthhorseman.net> References: <5150CFFF.1090106@nottheoilrig.com> <5151B5A6.3020901@fifthhorseman.net> Message-ID: <5153228C.106@nottheoilrig.com> On 26/03/13 07:50 AM, Daniel Kahn Gillmor wrote: > On 03/25/2013 06:30 PM, Jack Bates wrote: >> How do I dump all the properties of a key? > > it's not clear to me what you're looking for, but here are a few options > that might provide you with useful information: > > gpg --export-options export-minimal --export $KEYID | pgpdump > > gpg --export-options export-minimal --export $KEYID | gpg --list-packets > > if you are interested in the list of other people's certifications (or > old self-certifications) you could omit the "--export-options > export-minimal" arguments. > > If you're looking for some piece of information in particular, asking in > more detail can make it easier for other people to help you get the > answer you're looking for. Thank you very much for this answer, "gpg --list-packets" is exactly what I was looking for. It reveals the digest algo used for the signature and the preference list, although it's quite terse. I had to refer to include/cipher.h to lookup "digest algo 8" pgpdump is a bit more verbose. Helpful. Thank you! From di44vq at nottheoilrig.com Wed Mar 27 18:06:36 2013 From: di44vq at nottheoilrig.com (Jack Bates) Date: Wed, 27 Mar 2013 10:06:36 -0700 Subject: Dump all the properties of a key? In-Reply-To: <2990055.5ZCgpxB5sZ@inno> References: <5150CFFF.1090106@nottheoilrig.com> <2990055.5ZCgpxB5sZ@inno> Message-ID: <5153271C.7030905@nottheoilrig.com> On 26/03/13 09:46 AM, Hauke Laging wrote: > Am Mo 25.03.2013, 15:30:23 schrieb Jack Bates: >> How do I dump all the properties of a key? > > gpg --list-options show-policy-urls,show-notations,show-sig-expire,\ > show-keyserver-urls,show-uid-validity,show-unusable-uids,\ > show-unusable-subkeys --with-colons --list-sigs $KEYID > > gpg --list-options show-policy-urls,show-notations,show-sig-expire,\ > show-keyserver-urls,show-uid-validity,show-unusable-uids,\ > show-unusable-subkeys --list-sigs $KEYID Thank you. Incidentally, I would find useful an "everything" option, to just dump everything about a key. From di44vq at nottheoilrig.com Wed Mar 27 18:15:11 2013 From: di44vq at nottheoilrig.com (Jack Bates) Date: Wed, 27 Mar 2013 10:15:11 -0700 Subject: Non-interactively create subkey? Message-ID: <5153291F.4020305@nottheoilrig.com> How do I non-interactively create a new subkey? From mailinglisten at hauke-laging.de Thu Mar 28 02:44:30 2013 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Thu, 28 Mar 2013 02:44:30 +0100 Subject: Non-interactively create subkey? In-Reply-To: <5153291F.4020305@nottheoilrig.com> References: <5153291F.4020305@nottheoilrig.com> Message-ID: <1610702.itXcouab5c@inno> Am Mi 27.03.2013, 10:15:11 schrieb Jack Bates: > How do I non-interactively create a new subkey? echo addkey$'\n'8$'\n'e$'\n'q$'\n'2048$'\n'1y$'\n'save$'\n' | LC_ALL=C gpg --expert --batch --passphrase foo --command-fd 0 \ --edit-key $x_short_id Hauke -- ? PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04) http://www.openpgp-schulungen.de/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 572 bytes Desc: This is a digitally signed message part. URL: From wk at gnupg.org Thu Mar 28 10:49:57 2013 From: wk at gnupg.org (Werner Koch) Date: Thu, 28 Mar 2013 10:49:57 +0100 Subject: Mail-Followup-To In-Reply-To: <51533A12.7020206@digitalbrains.com> (Peter Lebbing's message of "Wed, 27 Mar 2013 19:27:30 +0100") References: <201303271340.r2RDeIAY062214@fire.js.berklix.net> <51533A12.7020206@digitalbrains.com> Message-ID: <87k3orhn0a.fsf@vigenere.g10code.de> On Wed, 27 Mar 2013 19:27, peter at digitalbrains.com said: > Whether you like the headers Bernstein created or not, it would seem Werner > didn't want to be on the recipient list, which is why I brought it up The thing is that I put most mailing lists I am subscribed to on Gnu's message-subscribed-addresses list. This list takes care of maintaining a MFT header. Gnus will do that only if it can be sure that everyone agrees to this. Thus in most cases you will see an explicit CC anyway. MFT works only for those folks with full support of MFT and if they maintain their list of subscribed addresses well. Given that the bad habit of sending text+html alternative mails seems to be impossible to expunge [1]; I consider missing MFT handling a micro annoyance. I any case, I consider it a good idea to explicitly add a To: header to notify the addressee that this particular mail gains his attention. BTW, exmh is a nice MUA I used a long time ago and only stopped using it because back then a remote X connection was not really usable (and I didn't want to use plain mh). Shalom-Salam, Werner [1] If you often send mails to Outlook users, you may want to use the X-message-flag header to tell them about this problem. -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Thu Mar 28 10:52:47 2013 From: wk at gnupg.org (Werner Koch) Date: Thu, 28 Mar 2013 10:52:47 +0100 Subject: Non-interactively create subkey? In-Reply-To: <1610702.itXcouab5c@inno> (Hauke Laging's message of "Thu, 28 Mar 2013 02:44:30 +0100") References: <5153291F.4020305@nottheoilrig.com> <1610702.itXcouab5c@inno> Message-ID: <87fvzfhmvk.fsf@vigenere.g10code.de> On Thu, 28 Mar 2013 02:44, mailinglisten at hauke-laging.de said: > echo addkey$'\n'8$'\n'e$'\n'q$'\n'2048$'\n'1y$'\n'save$'\n' | > LC_ALL=C gpg --expert --batch --passphrase foo --command-fd 0 \ > --edit-key $x_short_id Which only works with specific GPG versions; don't rely on that. The proper way to do this is a status-fd/command-fd driver handler. Or someone spends some time to extend the batch key generation to select an existing key and to only add subkey. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From peter at digitalbrains.com Thu Mar 28 11:56:12 2013 From: peter at digitalbrains.com (Peter Lebbing) Date: Thu, 28 Mar 2013 11:56:12 +0100 Subject: gpg for anonymous users - Alternative to the web of trust? In-Reply-To: <20130327211504.GC11100@leortable> References: <5151CE6E.6010804@riseup.net> <515225E9.50805@kent.ac.uk> <5152316F.1060705@riseup.net> <20130327211504.GC11100@leortable> Message-ID: <515421CC.7030900@digitalbrains.com> On 27/03/13 22:15, Leo Gaspard wrote: > until a lot of people verify and sign your public key. People might be more inclined to sign the key when it says something like adrelanos (Whonix signing key) rather than without the comment. That way, their signature might mean: Yes, this is that key that signs that Linux distribution called Whonix. The UID conveys a bit more information about which adrelanos specifically we're talking here. That said, the whole problem with establishing a pseudonym and even getting signatures on such a key is difficult. With proper, real names, and most importantly people you can meet face to face, it's reasonably established how it works. But with a pseudonym, it's completely different. So I'm just wildly spouting random suggestions actually. It's not really well thought through, but I wanted to point out this possibility. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at From kconcha at pspemirates.com Thu Mar 28 12:13:17 2013 From: kconcha at pspemirates.com (Kristine Concha) Date: Thu, 28 Mar 2013 15:13:17 +0400 Subject: GnuPG Crashing on Windows 8 Message-ID: <001b01ce2ba5$41d1f4c0$c575de40$@pspemirates.com> Dear Support, GnuPG is crashing on my Windows 8 machine: Gpg4win Version 2.1.0 Kleopatra Version 2.1.0 Using KDE 4.1.4 Faulting application name: kleopatra.exe, version: 0.0.0.0, time stamp: 0x4d4c15aa Faulting module name: QtGui4.dll, version: 4.4.0.0, time stamp: 0x48207f1d Exception code: 0xc0000005 Fault offset: 0x0005ddea Faulting process id: 0x1fdc Faulting application start time: 0x01ce2ba2d5dc7d9e Faulting application path: C:\Program Files (x86)\GNU\GnuPG\bin\kleopatra.exe Faulting module path: C:\Program Files (x86)\GNU\GnuPG\QtGui4.dll Report Id: 3c438862-9796-11e2-be78-c4850891a01d Faulting package full name: Faulting package-relative application ID: - System - Provider [ Name] Application Error - EventID 1000 [ Qualifiers] 0 Level 2 Task 100 Keywords 0x80000000000000 - TimeCreated [ SystemTime] 2013-03-28T10:57:09.000000000Z EventRecordID 2249 Channel Application Computer KRISTINE Security - EventData kleopatra.exe 0.0.0.0 4d4c15aa QtGui4.dll 4.4.0.0 48207f1d c0000005 0005ddea 1fdc 01ce2ba2d5dc7d9e C:\Program Files (x86)\GNU\GnuPG\bin\kleopatra.exe C:\Program Files (x86)\GNU\GnuPG\QtGui4.dll 3c438862-9796-11e2-be78-c4850891a01d -------------- next part -------------- An HTML attachment was scrubbed... URL: From di44vq at nottheoilrig.com Thu Mar 28 15:21:54 2013 From: di44vq at nottheoilrig.com (Jack Bates) Date: Thu, 28 Mar 2013 07:21:54 -0700 Subject: Non-interactively create subkey? In-Reply-To: <87fvzfhmvk.fsf@vigenere.g10code.de> References: <5153291F.4020305@nottheoilrig.com> <1610702.itXcouab5c@inno> <87fvzfhmvk.fsf@vigenere.g10code.de> Message-ID: <51545202.8060804@nottheoilrig.com> On 28/03/13 02:52 AM, Werner Koch wrote: > On Thu, 28 Mar 2013 02:44, mailinglisten at hauke-laging.de said: > >> echo addkey$'\n'8$'\n'e$'\n'q$'\n'2048$'\n'1y$'\n'save$'\n' | >> LC_ALL=C gpg --expert --batch --passphrase foo --command-fd 0 \ >> --edit-key $x_short_id > > Which only works with specific GPG versions; don't rely on that. The > proper way to do this is a status-fd/command-fd driver handler. Or Thanks for this advice, can you please elaborate on how to do this? or point me at a resource where I can learn more about a status-fd/command-fd driver handler? > someone spends some time to extend the batch key generation to select an > existing key and to only add subkey. Incidentally, my naive ideal would be to be able to do something like: gpg --edit-key ... addkey --keysize 4096 --expire 10 --yes From forlasanto at gmail.com Fri Mar 29 06:06:33 2013 From: forlasanto at gmail.com (Forlasanto) Date: Fri, 29 Mar 2013 00:06:33 -0500 Subject: gpg for anonymous users - Alternative to the web of trust? In-Reply-To: <515421CC.7030900@digitalbrains.com> References: <5151CE6E.6010804@riseup.net> <515225E9.50805@kent.ac.uk> <5152316F.1060705@riseup.net> <20130327211504.GC11100@leortable> <515421CC.7030900@digitalbrains.com> Message-ID: <51552159.9080106@gmail.com> Pseudonyms are fine by me. I don't have a problem signing a pseudonym key. The pseudonym just has to have context that I can verify. For instance, if the claim is "Whonix signing key," then that tells me the way to verify the key is by checking the signature of various releases of Whonix. If there is a verifiable history of Whonix releases that are signed by the same key, then I can say "Yes, this key is owned by the entity that is signing Whonix releases." I'd have to verify this over an extended period of time, so that if the official website were hacked, the maintainer had time respond and raise a question about the legitimacy of the signing key. But beyond that, I'm getting what I need to verify a pseudonym. He's not claiming that he's independent from all government agencies; he's claiming that he is the signer of the distro releases, period. I can live with that, assuming I took those simple few verification steps. I do the same with the key associated with this email address (and reddit user id). It is what it is: you can know without any real doubt that that key is truly associated with those accounts by doing a little research, and since I've made no further claims about the pseudonym, that's truly good enough. Claiming that a key is associated with an actual identity is a different story. In that case, I would be stating that the name on my key is my legal identity, which is quite a different claim with vastly different implications. Therefore, I expect such a key to be verified by, at the very least, picture identification. I have a friend who requires a notarized document stating that the key in question belongs to the person holding that identification. Not a bad plan, really; it uses a Notary Public to act as a sort of CA, and allows for signing keys that you may not have personally verifed. You just need to verify the signature of the Notary Public. Having said that, I don't believe a pseudonym can be truly anonymous. Humans leak information. It's in our nature. It takes insane measures that go directly against human nature simply to/minimize/ information leakage during communication, and it is impossible to prevent that information leakage /entirely./ A pseudonym is like a lock on a door. It only accomplishes keeping out people who don't know enough or care enough to pick the lock. They can be useful, but I can't recommend one for the purpose of anonymity. It goes back to that whole "security through obscurity" concept. It just doesn't work. All it takes is one person to "blow your cover." The only real exceptions I can think of to that are impersonating someone else, and throwaway identities that you only use once. Ironically, forlasanto literally means, "one that is thrown away." It was originally intended to be a one-off, throwaway identity. But that just goes to prove my point: the fact that I chose an Esperanto pseudonym leaks a lot of information about me, and narrows the possible real identities for me down from 7 billion to about 5-7 million. That's a huge leak! The fact that my posts are in American English narrow it down even further--to maybe a few ten thousands. That's before a single post was read for it's content. See what I mean? We leak information like sieves. Another huge leak for keys is signatures. Who signed your key, and when? This alone can leak your true identity, and it's something you don't have effective control over. Forgive me for saying so, but for something as high-profile as a linux distro, using a pseudonym for signing the distro for the sake of anonymity doesn't sound like a great plan. If^H^H^Hwhen someone cracks your identity, it will somewhat discredit you and your distro as far as being capable of maintaining anyone's anonymity. Sorry for the text wall. On 3/28/2013 5:56 AM, Peter Lebbing wrote: > On 27/03/13 22:15, Leo Gaspard wrote: >> until a lot of people verify and sign your public key. > People might be more inclined to sign the key when it says something like > > adrelanos (Whonix signing key) > > rather than without the comment. > > That way, their signature might mean: Yes, this is that key that signs that > Linux distribution called Whonix. The UID conveys a bit more information about > which adrelanos specifically we're talking here. > > That said, the whole problem with establishing a pseudonym and even getting > signatures on such a key is difficult. With proper, real names, and most > importantly people you can meet face to face, it's reasonably established how it > works. But with a pseudonym, it's completely different. > > So I'm just wildly spouting random suggestions actually. It's not really well > thought through, but I wanted to point out this possibility. > > HTH, > > Peter. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From adrelanos at riseup.net Fri Mar 29 15:38:30 2013 From: adrelanos at riseup.net (adrelanos) Date: Fri, 29 Mar 2013 14:38:30 +0000 Subject: gpg for anonymous users - Alternative to the web of trust? In-Reply-To: <51552159.9080106@gmail.com> References: <5151CE6E.6010804@riseup.net> <515225E9.50805@kent.ac.uk> <5152316F.1060705@riseup.net> <20130327211504.GC11100@leortable> <515421CC.7030900@digitalbrains.com> <51552159.9080106@gmail.com> Message-ID: <5155A766.6080404@riseup.net> Forlasanto: > Pseudonyms are fine by me. I don't have a problem signing a pseudonym > key. The pseudonym just has to have context that I can verify. For > instance, if the claim is "Whonix signing key," then that tells me the > way to verify the key is by checking the signature of various releases > of Whonix. If there is a verifiable history of Whonix releases that are > signed by the same key, then I can say "Yes, this key is owned by the > entity that is signing Whonix releases." I'd have to verify this over an > extended period of time, so that if the official website were hacked, > the maintainer had time respond and raise a question about the > legitimacy of the signing key. But beyond that, I'm getting what I need > to verify a pseudonym. He's not claiming that he's independent from all > government agencies; he's claiming that he is the signer of the distro > releases, period. I can live with that, assuming I took those simple few > verification steps. > > I do the same with the key associated with this email address (and > reddit user id). It is what it is: you can know without any real doubt > that that key is truly associated with those accounts by doing a little > research, and since I've made no further claims about the pseudonym, > that's truly good enough. > > Claiming that a key is associated with an actual identity is a different > story. In that case, I would be stating that the name on my key is my > legal identity, which is quite a different claim with vastly different > implications. Therefore, I expect such a key to be verified by, at the > very least, picture identification. I have a friend who requires a > notarized document stating that the key in question belongs to the > person holding that identification. Not a bad plan, really; it uses a > Notary Public to act as a sort of CA, and allows for signing keys that > you may not have personally verifed. You just need to verify the > signature of the Notary Public. Agreed. > Having said that, I don't believe a pseudonym can be truly anonymous. > Humans leak information. It's in our nature. It takes insane measures > that go directly against human nature simply to/minimize/ information > leakage during communication, and it is impossible to prevent that > information leakage /entirely./ A pseudonym is like a lock on a door. > It only accomplishes keeping out people who don't know enough or care > enough to pick the lock. They can be useful, but I can't recommend one > for the purpose of anonymity. It goes back to that whole "security > through obscurity" concept. It just doesn't work. > All it takes is one > person to "blow your cover." There is no person who knows who is behind this identity/activity. > The only real exceptions I can think of to > that are impersonating someone else, and throwaway identities that you > only use once. > Ironically, forlasanto literally means, "one that is thrown away." It > was originally intended to be a one-off, throwaway identity. But that > just goes to prove my point: the fact that I chose an Esperanto > pseudonym leaks a lot of information about me, and narrows the possible > real identities for me down from 7 billion to about 5-7 million. That's > a huge leak! The fact that my posts are in American English narrow it > down even further--to maybe a few ten thousands. That's before a single > post was read for it's content. See what I mean? We leak information > like sieves. > Another huge leak for keys is signatures. Who signed your key, and when? Until now, no one, never. > This alone can leak your true identity, and it's something you don't > have effective control over. > Forgive me for saying so, but for something as high-profile as a linux > distro, using a pseudonym for signing the distro for the sake of > anonymity doesn't sound like a great plan. What's the alternative? Using my real identity? Does it make it any safer? I am more interested in development and documentation rather than building binaries, testing and uploading. Having deterministic builds and/or some creditable individual or organization (such as eff) creating binaries, signing an distributing more than welcome, but at the moment there is no implication that someone will step forward. >If^H^H^Hwhen someone cracks > your identity, it will somewhat discredit you and your distro as far as > being capable of maintaining anyone's anonymity. It only proves I made a mistake and hopefully others can learn from it. > Sorry for the text wall. Thanks for the text. > On 3/28/2013 5:56 AM, Peter Lebbing wrote: >> On 27/03/13 22:15, Leo Gaspard wrote: >>> until a lot of people verify and sign your public key. >> People might be more inclined to sign the key when it says something like >> >> adrelanos (Whonix signing key) >> >> rather than without the comment. >> >> That way, their signature might mean: Yes, this is that key that signs that >> Linux distribution called Whonix. The UID conveys a bit more information about >> which adrelanos specifically we're talking here. >> >> That said, the whole problem with establishing a pseudonym and even getting >> signatures on such a key is difficult. With proper, real names, and most >> importantly people you can meet face to face, it's reasonably established how it >> works. But with a pseudonym, it's completely different. >> >> So I'm just wildly spouting random suggestions actually. It's not really well >> thought through, but I wanted to point out this possibility. >> >> HTH, >> >> Peter. >> > > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From forlasanto at gmail.com Fri Mar 29 17:41:51 2013 From: forlasanto at gmail.com (Forlasanto) Date: Fri, 29 Mar 2013 11:41:51 -0500 Subject: gpg for anonymous users - Alternative to the web of trust? In-Reply-To: <5155A766.6080404@riseup.net> References: <5151CE6E.6010804@riseup.net> <515225E9.50805@kent.ac.uk> <5152316F.1060705@riseup.net> <20130327211504.GC11100@leortable> <515421CC.7030900@digitalbrains.com> <51552159.9080106@gmail.com> <5155A766.6080404@riseup.net> Message-ID: <5155C44F.9030603@gmail.com> On 3/29/2013 9:38 AM, adrelanos wrote: >> Forgive me for saying so, but for something as high-profile as a linux >> distro, using a pseudonym for signing the distro for the sake of >> anonymity doesn't sound like a great plan. > What's the alternative? Using my real identity? Does it make it any safer? Using your real identity would be the alternative. The trade-off is easier key signatures vs. identity obscurity. It would only be safer in the sense that there won't be a scandal when/if your identity is uncovered. Odds are, it won't be a big deal to many people, realistically--but you never know what the future holds, right? As long as you are comfortable with any possible future implications, then go for it. > > I am more interested in development and documentation rather than > building binaries, testing and uploading. Having deterministic builds > and/or some creditable individual or organization (such as eff) creating > binaries, signing an distributing more than welcome, but at the moment > there is no implication that someone will step forward. > The web of trust is simply a conventional way for people to judge how trustworthy your key is. Nothing more, nothing less. If you can establish that trust some other way, then don't worry so much about the web of trust. That's my opinion. No one is going to beat down your door to sign your key, you'll have to ask them to do so. You can go to key-signing parties and explain that your only purpose for the key is signing the distro, and you'll probably get a few takers. The alternative is, have an online keysigning party with all of the developers of your distro, and everybody signs everyone else's key. Or alternately you, as the distro manager, sign the keys of all your lieutenants, and then they sign yours, plus all of their subordinates. Then your key signatures would match your chain of command, and it would actually work the way a web of trust is supposed to work. (that is, even though you might not know their subordinates, you trust your lieutenant's signatures, and therefore can consider their subordinates' keys to be valid.) At that point, as far as the outside world is concerned, you are deeply connected to the project, and it is reasonable to trust that your key is valid, within it's context. And /within/ the distro's community, your key would be pretty solidly trusted, I'd say. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dkg at fifthhorseman.net Fri Mar 29 18:30:48 2013 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Fri, 29 Mar 2013 13:30:48 -0400 Subject: gpg for pseudonymous users [was: Re: gpg for anonymous users - Alternative to the web of trust?] In-Reply-To: <5155C44F.9030603@gmail.com> References: <5151CE6E.6010804@riseup.net> <515225E9.50805@kent.ac.uk> <5152316F.1060705@riseup.net> <20130327211504.GC11100@leortable> <515421CC.7030900@digitalbrains.com> <51552159.9080106@gmail.com> <5155A766.6080404@riseup.net> <5155C44F.9030603@gmail.com> Message-ID: <5155CFC8.10505@fifthhorseman.net> I've changed the subject line to indicate that this thread is about establishing a pseudonym, *not* about anonymous users. This is a subtle but important difference. On 03/29/2013 12:41 PM, Forlasanto wrote: > The web of trust is simply a conventional way for people to judge how > trustworthy your key is. Nothing more, nothing less. I'm afraid that the term "web of trust" tends to lead people into misunderstandings about what this network of public identity certifications does. These certifications do *not* imply trustworthiness of the people who hold the keys, and it doesn't make much sense to speak of a given key being "trustworthy" on its own -- what would you trust it to do? Rather, the system provides a way to determine the publicly-stated identities associated with each key. ------------ For a pseudonymous author who wants to establish a credible claim to a given identity, one way would be to encourage the people who have been following the work of that author to certify the key. In that case, how would they know it's the right one? This is a shade different from other scenarios, but if, for example, if i had been using tool X for 5 years, and had been corresponding with the author (e.g. bug reports, thank you notes, feedback, etc) over that time and all the communications and versions of the tool that i received consistently demonstrated that the person on the other end had control of the key in question, i would have no problem certifying that identity. However, the original poster can't quite ask all her long-standing users to sign her key publicly, because her users by definition are interested in retaining their own anonymity, and signing the key of a pseudonymous author of anonymity-providing tools can draw unwelcome attention to the signer. So i think the original poster's best bet is to contact well-known anonymity and privacy advocates (who are not themselves anonymous or pseudonymous) and encourage them to follow and engage with her work. This can be done by participating in relevant online communities (like this one), providing constructive feedback to other projects, making sure your work is useful, etc. When these relationships are well-established, the original poster could approach her non-anonymous peers, and ask them to publicly certify her OpenPGP key. I'm an example of a non-anonymous advocate for private and anonymous communication; there are probably others on this mailing list. However, i have never heard of the original poster or her project before this thread, and i don't have the time right now to review or follow the project, so i'm not the best candidate for this particular engagement. Regards, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1027 bytes Desc: OpenPGP digital signature URL: From adrelanos at riseup.net Fri Mar 29 19:17:42 2013 From: adrelanos at riseup.net (adrelanos) Date: Fri, 29 Mar 2013 18:17:42 +0000 Subject: gpg for anonymous users - Alternative to the web of trust? In-Reply-To: <5155C44F.9030603@gmail.com> References: <5151CE6E.6010804@riseup.net> <515225E9.50805@kent.ac.uk> <5152316F.1060705@riseup.net> <20130327211504.GC11100@leortable> <515421CC.7030900@digitalbrains.com> <51552159.9080106@gmail.com> <5155A766.6080404@riseup.net> <5155C44F.9030603@gmail.com> Message-ID: <5155DAC6.9050608@riseup.net> Forlasanto: > On 3/29/2013 9:38 AM, adrelanos wrote: >>> Forgive me for saying so, but for something as high-profile as a linux >>> distro, using a pseudonym for signing the distro for the sake of >>> anonymity doesn't sound like a great plan. >> What's the alternative? Using my real identity? Does it make it any safer? > Using your real identity would be the alternative. The trade-off is > easier key signatures vs. identity obscurity. > It would only be safer in > the sense that there won't be a scandal when/if your identity is > uncovered. Why would that be a scandal? I've never claimed to be superior, perfect or acted otherwise arrogant about being super secure. Neither I claimed Whonix to be an unbreakable system. The claims the system makes are modest. Discovering me as high profile target (if I become that) would only demonstrate the limits of the system, show mistakes one can make and/or and show which improvements are waiting to get implemented. If one system fails, another one may get born and I am glad if I can be a part of this process of innovation. I think things like NSAKEY [1] ought more to be a scandal, not many people did care, did they? > Odds are, it won't be a big deal to many people, > realistically--but you never know what the future holds, right? Yes. > As long > as you are comfortable with any possible future implications, then go > for it. > >> >> I am more interested in development and documentation rather than >> building binaries, testing and uploading. Having deterministic builds >> and/or some creditable individual or organization (such as eff) creating >> binaries, signing an distributing more than welcome, but at the moment >> there is no implication that someone will step forward. >> > > The web of trust is simply a conventional way for people to judge how > trustworthy your key is. Nothing more, nothing less. If you can > establish that trust some other way, then don't worry so much about the > web of trust. That's my opinion. No one is going to beat down your door > to sign your key, you'll have to ask them to do so. You can go to > key-signing parties and explain that your only purpose for the key is > signing the distro, and you'll probably get a few takers. The > alternative is, have an online keysigning party with all of the > developers of your distro, and everybody signs everyone else's key. > > Or alternately you, as the distro manager, sign the keys of all your > lieutenants, and then they sign yours, plus all of their subordinates. > Then your key signatures would match your chain of command, and it would > actually work the way a web of trust is supposed to work. (that is, even > though you might not know their subordinates, you trust your > lieutenant's signatures, and therefore can consider their subordinates' > keys to be valid.) At that point, as far as the outside world is > concerned, you are deeply connected to the project, and it is reasonable > to trust that your key is valid, within it's context. And /within/ the > distro's community, your key would be pretty solidly trusted, I'd say. Thanks for the suggestions. At the moment this won't work for my case, there is just one maintainer (me) and users. The other creators remained anonymous as well and lack time. [1] https://en.wikipedia.org/wiki/NSAKEY From adrelanos at riseup.net Fri Mar 29 19:19:29 2013 From: adrelanos at riseup.net (adrelanos) Date: Fri, 29 Mar 2013 18:19:29 +0000 Subject: gpg for anonymous users - Alternative to the web of trust? In-Reply-To: References: <5151CE6E.6010804@riseup.net> Message-ID: <5155DB31.5050609@riseup.net> Johnicholas Hines: > The question is how to distinguish yourself from a nation-state's covert > agency purporting to be an individual interested in anonymity; you need to > do something that the agency would find difficult to do. I don't think that's possible at all. > Getting your name and key into difficult-to-corrupt archives will start a > timer - eventually you can point to the archives as evidence that you are > not a newcomer. Even an agency would find it difficult to change history. What are difficult-to-corrupt archives? From adrelanos at riseup.net Fri Mar 29 19:21:52 2013 From: adrelanos at riseup.net (adrelanos) Date: Fri, 29 Mar 2013 18:21:52 +0000 Subject: gpg for anonymous users - Alternative to the web of trust? In-Reply-To: <20130326192049.GB12392@pc21.mareichelt.com> References: <5151CE6E.6010804@riseup.net> <20130326192049.GB12392@pc21.mareichelt.com> Message-ID: <5155DBC0.4020303@riseup.net> Markus Reichelt: > * adrelanos wrote: > >> How can I establish a pseudonym that no one can easily fake while >> remaining anonymous? > > a) you can't > define 'easily' - these days nobody reads/checks anything anymore > (there's some XKCD about this issue) Well, I recognize that ratio of image downloads vs signature downloads is quite bad... > But I think the matter you are really concerned about is this: > How can your audience be sure it's you when they in fact don't want > to make any real effort to check up on that fact. see a) There are at least a very few users who care and who read (almost) all the stuff I publish. From adrelanos at riseup.net Fri Mar 29 19:23:55 2013 From: adrelanos at riseup.net (adrelanos) Date: Fri, 29 Mar 2013 18:23:55 +0000 Subject: gpg for anonymous users - Alternative to the web of trust? In-Reply-To: <515421CC.7030900@digitalbrains.com> References: <5151CE6E.6010804@riseup.net> <515225E9.50805@kent.ac.uk> <5152316F.1060705@riseup.net> <20130327211504.GC11100@leortable> <515421CC.7030900@digitalbrains.com> Message-ID: <5155DC3B.1050803@riseup.net> Peter Lebbing: > On 27/03/13 22:15, Leo Gaspard wrote: >> until a lot of people verify and sign your public key. > > People might be more inclined to sign the key when it says something like > > adrelanos (Whonix signing key) Yes, that a good suggestion worth to try and simple to do for my next gpg key (update). From free10pro at gmail.com Fri Mar 29 21:21:17 2013 From: free10pro at gmail.com (Paul R. Ramer) Date: Fri, 29 Mar 2013 13:21:17 -0700 Subject: gpg for anonymous users - Alternative to the web of trust? In-Reply-To: <5155DAC6.9050608@riseup.net> References: <5151CE6E.6010804@riseup.net> <515225E9.50805@kent.ac.uk> <5152316F.1060705@riseup.net> <20130327211504.GC11100@leortable> <515421CC.7030900@digitalbrains.com> <51552159.9080106@gmail.com> <5155A766.6080404@riseup.net> <5155C44F.9030603@gmail.com> <5155DAC6.9050608@riseup.net> Message-ID: <5155F7BD.9050407@gmail.com> On 03/29/2013 11:17 AM, adrelanos wrote: >> Using your real identity would be the alternative. The trade-off is >> easier key signatures vs. identity obscurity. > >> It would only be safer in >> the sense that there won't be a scandal when/if your identity is >> uncovered. > > Why would that be a scandal? I've never claimed to be superior, perfect > or acted otherwise arrogant about being super secure. Neither I claimed > Whonix to be an unbreakable system. The claims the system makes are > modest. Discovering me as high profile target (if I become that) would > only demonstrate the limits of the system, show mistakes one can make > and/or and show which improvements are waiting to get implemented. > > If one system fails, another one may get born and I am glad if I can be > a part of this process of innovation. > > I think things like NSAKEY [1] ought more to be a scandal, not many > people did care, did they? A scandal is unlikely unless the people have wildly unrealistic expectations in the performance of the victim. The only way I could see you having a scandal on your hands if your identity was revealed would be if you made claims that it couldn't be discovered or your "followers" looked up to you in some religious way and saw you as a kind of God-like figure incapable of failure. This is the kind of stuff that brings scandal in the minds of people who look up to certain figures. I doubt this applies to you. Cheers, --Paul -- PGP ID: 0x3DB6D884 PGP Fingerprint: EBA7 88B3 6D98 2D4A E045 A9F7 C7C6 6ADF 3DB6 D884 From johanw at vulcan.xs4all.nl Fri Mar 29 23:28:00 2013 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Fri, 29 Mar 2013 23:28:00 +0100 Subject: GnuPG Crashing on Windows 8 In-Reply-To: <001b01ce2ba5$41d1f4c0$c575de40$@pspemirates.com> References: <001b01ce2ba5$41d1f4c0$c575de40$@pspemirates.com> Message-ID: <51561570.1040106@vulcan.xs4all.nl> On 28-03-2013 12:13, Kristine Concha wrote: > Dear Support, This mailinglist is not an official supportline. > GnuPG is crashing on my Windows 8 machine: I recommend upgrade to windows 7 or XP. You are getting an error in some GUI components, not in GnuPG itself. You can't expect all GUI developers to support tileOS (aka windows 8). -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From forlasanto at gmail.com Sat Mar 30 01:15:51 2013 From: forlasanto at gmail.com (Forlasanto) Date: Fri, 29 Mar 2013 19:15:51 -0500 Subject: gpg for anonymous users - Alternative to the web of trust? In-Reply-To: <5155F7BD.9050407@gmail.com> References: <5151CE6E.6010804@riseup.net> <515225E9.50805@kent.ac.uk> <5152316F.1060705@riseup.net> <20130327211504.GC11100@leortable> <515421CC.7030900@digitalbrains.com> <51552159.9080106@gmail.com> <5155A766.6080404@riseup.net> <5155C44F.9030603@gmail.com> <5155DAC6.9050608@riseup.net> <5155F7BD.9050407@gmail.com> Message-ID: <51562EB7.2060806@gmail.com> On 3/29/2013 3:21 PM, Paul R. Ramer wrote: > A scandal is unlikely unless the people have wildly unrealistic > expectations in the performance of the victim. The only way I could > see you having a scandal on your hands if your identity was revealed > would be if you made claims that it couldn't be discovered or your > "followers" looked up to you in some religious way and saw you as a > kind of God-like figure incapable of failure. This is the kind of > stuff that brings scandal in the minds of people who look up to > certain figures. I doubt this applies to you. Cheers, --Paul -- PGP > ID: 0x3DB6D884 PGP Fingerprint: EBA7 88B3 6D98 2D4A E045 A9F7 C7C6 > 6ADF 3DB6 D884 Ok, I retract the word "scandal." I suppose the distro would have to garner a very large amount of attention and some wild assertions made before a "scandal" would be possible. It was just a thought that popped into my head. :) From jhs at berklix.com Sat Mar 30 03:20:12 2013 From: jhs at berklix.com (Julian H. Stacey) Date: Sat, 30 Mar 2013 03:20:12 +0100 Subject: Mail-Followup-To (was Re: IDEA License) In-Reply-To: Your message "Wed, 27 Mar 2013 19:27:30 +0100." <51533A12.7020206@digitalbrains.com> Message-ID: <201303300220.r2U2KC6J072085@fire.js.berklix.net> Peter Lebbing wrote: > On 27/03/13 14:40, Julian H. Stacey wrote: > > I created it, as far as I recall, from my copy direct from Ulrich, > > which had no Mail-Followup-To > > Correct, the problem originated when you replied[1] to Werner's mail[2]. > Werner's mail had the following header: > > Mail-Followup-To: "Julian H. Stacey" , gnupg-users at gnupg.org > > The difference between that line and a simple Reply-to-All is that Werner would > be in the recipient list with the Reply-to-All, and not with the > Mail-Followup-To. Your reply should have only had gnupg-users at gnupg.org and your > manually added CC to Ulrich as recipients, since your MUA would conclude that > you don't need to CC yourself :). > > > I'm familiar with Reply-to: Not familar with Mail-Followup-To: > > What's the difference ? > > Because Reply-To didn't really work out in practice for mailing lists, DJB came > up with two "non-canon" mail headers to remove ambiguity from the meaning of the > Reply-To header. He describes it in [3]. Not everybody agrees with his > view/solution, though. The quoted [3] contains: News: The following list is obsolete. Daniel Faber has collected a newer list of Mail-Followup-To implementations at http://www.leptonite.org/mft/software.html. which contains refs to claws mail etc ... http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=1441 "Status: RESOLVED WONTFIX" ... 2007 2008 ... Colin Leroy 2008-07-05 15:52:44 CEST I'm marking this WONTFIX. So Claws-mail project have no interest to implement Mail-Followup-To .. & Claws-mail is a modern mailer (a friend who used to use EXMH reckons claws-mail is slicker/ better/ more modern than exmh he used & I still use) http://larve.net/people/hugo/2000/07/ml-mutt "It is not a standard .. a hack that can potentially do more harm than good" http://www.ietf.org/rfc/rfc2822.txt Includes reply-to Does NOT include Followup-To http://www.ietf.org/proceedings/43/I-D/draft-ietf-drums-mail-followup-to-00.txt The ''Mail-Followup-To'' header November 1997 ... Internet-Draft http://tools.ietf.org/html/rfc2076 3.5 Response control ... "ambiguous, since" ... controversial ... RFC 822 RFC 1036 author Reply-to: Works fine on lists I run with majordomo on berklix.org seems to help lots of people running a variety of MUAs on Microsoft & Unix etc do better than they did before. Peter off list sent me a PS: > Oh, and BTW, I couldn't easily find whether EXMH supports > Mail-Followup-To (which makes me lean towards: no, it > doesn't, because you'd expect documentation to show up if > it did). I looked (after doing a'make patch' to extract source trees on latest FreeBS current ports) cd /pri/FreeBSD/branches/-current/ports/mail/exmh2 find . -type f -exec grep -l -i Followup-To {} \; find . -type f -exec grep -l -i Reply-To {} \; ./work/exmh-2.8.0/exmh.CHANGES ./work/exmh-2.8.0/exmh.README ./work/exmh-2.8.0/exmh.TODO ./work/exmh-2.8.0/lib/html/exmh-faq.html ./work/exmh-2.8.0/lib/html/exmh.CHANGES.txt ./work/exmh-2.8.0/lib/html/reference.html ./work/exmh-2.8.0/lib/thread.tcl ./work/exmh-2.8.0/misc/mhthread ./work/exmh-2.8.0/misc/mhthread-manpage.html cd /pri/FreeBSD/branches/-current/ports/mail/nmh find . -type f -exec grep -l -i Followup-To {} \; ./work/nmh-1.5/docs/DIFFERENCES ./work/nmh-1.5/docs/FAQ ./work/nmh-1.5/docs/TODO ./work/nmh-1.5/etc/replgroupcomps find . -type f -exec grep -l -i Reply-To {} \; ./work/nmh-1.5/ChangeLog ./work/nmh-1.5/docs/ChangeLog_MH-3_to_MH-6.6 ./work/nmh-1.5/docs/ChangeLog_MH-6.7.0_to_MH-6.8.4.html ./work/nmh-1.5/docs/DIFFERENCES ./work/nmh-1.5/docs/FAQ ./work/nmh-1.5/docs/MAIL.FILTERING ./work/nmh-1.5/docs/TODO ./work/nmh-1.5/etc/digestcomps ./work/nmh-1.5/etc/replcomps ./work/nmh-1.5/etc/replgroupcomps ./work/nmh-1.5/man/mh-format.man ./work/nmh-1.5/test/forw/test-forw-digest ./work/nmh-1.5/test/repl/test-multicomp ./work/nmh-1.5/test/repl/test-trailing-newline ./work/nmh-1.5/uip/forwsbr.c ./work/nmh-1.5/uip/mhlsbr.c ./work/nmh-1.5/uip/post.c ./work/nmh-1.5/uip/rcvdist.c ./work/nmh-1.5/uip/replsbr.c ./work/nmh-1.5/uip/slocal.c ./work/nmh-1.5/uip/spost.c Conclusion: I will ignore/ forget Followup-To & stick to Reply-To. Werner wrote: > To: Peter Lebbing > Cc: "Julian H. Stacey" , gnupg-users at gnupg.org > > On Wed, 27 Mar 2013 19:27, peter at digitalbrains.com said: > > > Whether you like the headers Bernstein created or not, it would seem Werner > > didn't want to be on the recipient list, which is why I brought it up > > The thing is that I put most mailing lists I am subscribed to on Gnu's > message-subscribed-addresses list. This list takes care of maintaining > a MFT header. Gnus will do that only if it can be sure that everyone > agrees to this. Thus in most cases you will see an explicit CC anyway. > MFT works only for those folks with full support of MFT and if they > maintain their list of subscribed addresses well. Given that the bad > habit of sending text+html alternative mails seems to be impossible to > expunge [1]; Yup, horrible (as also is quoted printable, usually not needed) > I consider missing MFT handling a micro annoyance. > > I any case, I consider it a good idea to explicitly add a To: header to > notify the addressee that this particular mail gains his attention. Yup > > BTW, exmh is a nice MUA I used a long time ago and only stopped using it > because back then a remote X connection was not really usable (and I > didn't want to use plain mh). Not sure what remote problems you had, but: Even localy EXMH reply key does not work right unless one starts from ttys with xdm & uses xauth. Starting with the ttys login xhost + route fails. A person at my site regularly uses an EXMH on a slow X display started from xdm, with AMD + NFS ~/mail/ on a faster server, works fine. Yesterday I was just testing a new EXMH, both with DISPLAY= local laptop screen, & my tower display, but in both cases exmh running on laptop, with NFS+AMDsupporting ~/mail , with 493 sub dirs (`find . -type d | wc -l`) It took minutes to start. Unusable really, I need to solve that. I assume one could use ssh to support a tunnel for X for EXMH, but not tried that as I dont need it. > Shalom-Salam, > > Werner > > [1] If you often send mails to Outlook users, you may want to use the > X-message-flag header to tell them about this problem. I run lists with 100s of people, mostly clueless MS users, running every MUA one can dream of. Less of a dream than a nightmare. Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://berklix.com Reply below not above, like a play script. Indent old text with "> ". Send plain text. No quoted-printable, HTML, base64, multipart/alternative. From wk at gnupg.org Sat Mar 30 09:19:06 2013 From: wk at gnupg.org (Werner Koch) Date: Sat, 30 Mar 2013 09:19:06 +0100 Subject: Mail-Followup-To In-Reply-To: <201303300220.r2U2KC6J072085@fire.js.berklix.net> (Julian H. Stacey's message of "Sat, 30 Mar 2013 03:20:12 +0100") References: <201303300220.r2U2KC6J072085@fire.js.berklix.net> Message-ID: <87boa1fgg5.fsf@vigenere.g10code.de> On Sat, 30 Mar 2013 03:20, jhs at berklix.com said: > A person at my site regularly uses an EXMH on a slow X display > started from xdm, with AMD + NFS ~/mail/ on a faster server, works fine. Slow in the mid 90ies was an ISDN data rate and a high latency due to too many hops. It was barely impossible to have a stable X connection from an E1 in Frankfurt to my ISDN line in D?sseldorf. Switching to Mutt was much simpler; and it worked. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From jerry at seibercom.net Sat Mar 30 13:02:45 2013 From: jerry at seibercom.net (Jerry) Date: Sat, 30 Mar 2013 08:02:45 -0400 Subject: GnuPG Crashing on Windows 8 In-Reply-To: <001b01ce2ba5$41d1f4c0$c575de40$@pspemirates.com> References: <001b01ce2ba5$41d1f4c0$c575de40$@pspemirates.com> Message-ID: <20130330080245.3582ec9c@scorpio> On Thu, 28 Mar 2013 15:13:17 +0400 Kristine Concha articulated: > GnuPG is crashing on my Windows 8 machine: > Gpg4win > Version 2.1.0 > Kleopatra > Version 2.1.0 > Using KDE 4.1.4 Please do not use HTML format with a mailing list. It makes replying to a post a lot harder than it needs to be. You might want to check out this url: . It should assist in getting a useful back trace of the application when it faults. -- Jerry ? Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ From anthony at cajuntechie.org Sun Mar 31 03:50:48 2013 From: anthony at cajuntechie.org (Anthony Papillion) Date: Sat, 30 Mar 2013 20:50:48 -0500 Subject: How insecure is using /dev/random for entropy generation? Message-ID: Hello Everyone, I meed to generate a new key and want to make sure I create enough entropy to make the key secure. My normal method is to type on the keyboard, start large programs, etc. But a friend suggested that I use /dev/random. Is this suitable for creating a PGP key? I've got concerns. Thoughts? Anthony From mailinglisten at hauke-laging.de Sun Mar 31 04:46:55 2013 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Sun, 31 Mar 2013 04:46:55 +0200 Subject: How insecure is using /dev/random for entropy generation? In-Reply-To: References: Message-ID: <1454651.1Fd3aJzMnV@inno> Am Sa 30.03.2013, 20:50:48 schrieb Anthony Papillion: > I meed to generate a new key and want to make sure I create enough > entropy to make the key secure. My normal method is to type on the > keyboard, start large programs, etc. But a friend suggested that I use > /dev/random. gpg uses /dev/random. That's why key generation usually blocks due to lack of entropy if you do it right and boot a secure medium for key generation. The kernel fills /dev/random from e.g. key strokes, disk accesses, and (if available and configured) internal CPU state (havaged) or a real hardware number generator. The kernel should take care that the entropy in /dev/random is "perfect". The amount of available entropy can be seen in /proc/sys/kernel/random/entropy_avail To my knowledge it is not possible (without source code change) to make gpg use another source than /dev/random. But I don't know whether it checks just the path or the device number... ;-) Hauke -- ? PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04) http://www.openpgp-schulungen.de/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 572 bytes Desc: This is a digitally signed message part. URL: From rjh at sixdemonbag.org Sun Mar 31 05:08:04 2013 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 30 Mar 2013 23:08:04 -0400 Subject: How insecure is using /dev/random for entropy generation? In-Reply-To: References: Message-ID: <5157A894.3030105@sixdemonbag.org> On 3/30/2013 9:50 PM, Anthony Papillion wrote: > I meed to generate a new key and want to make sure I create enough > entropy to make the key secure. My normal method is to type on the > keyboard, start large programs, etc. But a friend suggested that I use > /dev/random. > > Is this suitable for creating a PGP key? I've got concerns. By default, GnuPG uses RNGs that are as high-quality as the operating system provides. However, since there's no standard RNG across operating systems, GnuPG has no standard RNG, either. On Win32 GnuPG uses the Win32 API and CryptGenRandom; on many UNIXes it uses /dev/random; I don't know what the OpenVMS port uses but I rather doubt it's either /dev/random or CryptGenRandom. :) The best advice I can give you is "use whatever GnuPG uses by default for your operating system." It's the default for a reason: namely, it's safe and known to work well. :) From ryan at b19.org Sun Mar 31 09:27:05 2013 From: ryan at b19.org (Ryan Sawhill) Date: Sun, 31 Mar 2013 03:27:05 -0400 Subject: feedback on a gpg encryption/signing GUI frontend Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hey folks. From January to February of last year I wrote a GnuPG/OpenSSL encryption & signing frontend for Linux (Python + GTK) called pyrite (https://github.com/ryran/pyrite) and I'd like to share it with you. Soon after "completing" pyrite (there's always more to do when you have a project you love, but there was nothing else urgent) I got a job working at Red Hat and have been insanely busy ever since. Last week I had to teach a mini-class on encryption ... it reminded me how much I love this stuff and well, here I am. Time to pick this project back up and make sure that anyone out there who could find use in it actually has a chance to. If your interest is at all piqued, know that there are screenshots up on Github, as well as details for system requirements. If you're thinking to yourself "aren't there other gpg frontends out there?" well... take a look at how it all went down in this post [http://bit.ly/13HXH9s] on askfedora. Any feedback welcome. Cheers. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iQIcBAEBCgAGBQJRV+TnAAoJEKiCKSgYlnCixpwP/3ApGblM6oQlqdCTho/qoUQ2 iXEEJ9eiDvAtnQ78CKzM5Hu81z7fBcj2rjyYR2Pj6KN8jEgSS5lFlJG0ESQEu040 ciIbBuL49fCeRanVZnPlaHYja8atYwMaRq6MvMnthzvOqlICd61K13nI0eonNJ9n NbfOQDuZ09S7Wv7xb2kPhTVN9kcJtRca8snWU2vxrMPOkPHQrL4OjvN6TJchS/DO Vi4MsDM4eDPGvo/2lQwsPh3/gnjlST6bKMl3H9vxZrCPtsKORZqOC8333nK2lp6W DqlwCN6x5aoWdMIqBsQAqcuPC5fmaT1ZSyOePgKJHeXJFw83YvR3aMYt+r5UTkYS ivOrGKj3L8z0VAfRAP3mcakG0rp0ytJ+Pf+M4Z533mIZFo2I8pPNygoL3Egf0j6g Q8gWnlv+LvvP43W/7Y2CHeA2VYTKda0X26J1v4SrwCkWsHi+TRGvg2EE4FCU6dOH xKFYOiLvwBRRpMS2puVje529GF/ISfkKLLtGoC/swwJlpgAfbgqvfxiIrzriME47 JNPchJ9LIs5TdwAqrZQaunDgIBlcMeunO91ZIv5/GvSn2Y94EvpdMEjynVU/5Lyp Ipmlx9fAEwCbLoxOxebxZ2CdNG6ysZEC5bykMppTRdA+cNnF9K/8zjD6eAG0HQtq EbauIpTxv2OLBFoK4n5u =tTO3 -----END PGP SIGNATURE----- From philip.g.potter at gmail.com Sun Mar 31 11:45:54 2013 From: philip.g.potter at gmail.com (Philip Potter) Date: Sun, 31 Mar 2013 10:45:54 +0100 Subject: Why does gpg use so much entropy from /dev/random? Message-ID: This is related to another current thread, but I think this deserves its own. GPG uses /dev/random as its entropy source. It pulls a lot of entropy from this source. More entropy, in fact, than the linux /dev/random manpage suggests it should. Quoting from the manpage: "While some safety margin above that minimum is reasonable, as a guard against flaws in the CPRNG algorithm, no cryptographic primitive available today can hope to promise more than 256 bits of security, so if any program reads more than 256 bits (32 bytes) from the kernel random pool per invocation, or per reasonable reseed interval (not less than one minute), that should be taken as a sign that its cryptography is not skilfully implemented." Recently when generating a 2048-bit key, I got a message that GPG needed 280 *bytes* more entropy. This is far more than 256 bits. I am not an expert in cryptography, so I am in no position to pass judgement on GPG or on /dev/random; however, it seems to me that GPG's implementation disagrees with /dev/random's manpage. Can anyone shed any light on this? Why does GPG use more entropy than /dev/random says it should? (I've written down these thoughts in more detail at http://rhebus.posterous.com/why-does-gpg-need-so-much-entropy -- sadly, this link will expire in a month when posterous shuts down) Phil -------------- next part -------------- An HTML attachment was scrubbed... URL: From jeandavid8 at verizon.net Sun Mar 31 12:29:19 2013 From: jeandavid8 at verizon.net (Jean-David Beyer) Date: Sun, 31 Mar 2013 06:29:19 -0400 Subject: How insecure is using /dev/random for entropy generation? In-Reply-To: <1454651.1Fd3aJzMnV@inno> References: <1454651.1Fd3aJzMnV@inno> Message-ID: <51580FFF.6090908@verizon.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/30/2013 10:46 PM, Hauke Laging wrote: [snip] > gpg uses /dev/random. That's why key generation usually blocks due > to lack of entropy if you do it right and boot a secure medium for > key generation. > > The kernel fills /dev/random from e.g. key strokes, disk accesses, > and (if available and configured) internal CPU state (havaged) or a > real hardware number generator. The kernel should take care that > the entropy in /dev/random is "perfect". > > The amount of available entropy can be seen in > /proc/sys/kernel/random/entropy_avail I run RHEL 6. Last reboot (had to run Windows for a little while) was a little over 6 days ago. I tried that and got: $ cat /proc/sys/kernel/random/entropy_avail 1849 Is that a lot or a little? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJRWA/9AAoJEBZthAoMYQyLK2IH/23tmS71RlUq1zlmQozvL4Mn 8N0Wbfj3uLuIOPOt9il0oApkdmZsOseZtp6XsF0OxtMHjuOdU9d83cKb+jzZE8Ee oeno2/eRH09z/xIigUA7bYcS14gYq/WFV18Jnk6eez2BeAK8UsVva6GBI2aFi6QX jphnprCdCfe/52yA9iS89S3zPrtShIMQnW3gL6iZr+bTiGjloEFGVpZv8rc4eAwv aW76WOSck38E9L+mE1OeQ1eHEVWz68sbWQEjN3evOdPT1MvlgSBwvCLBTCJF2LPQ y58tPHgkb3T1/k/K/sIasehniS3GdF+PAsbhDO5oZ5BJU2AUvJZR+gpisXQ/9L8= =hKVy -----END PGP SIGNATURE----- From nobody at dizum.com Fri Mar 29 02:51:39 2013 From: nobody at dizum.com (Nomen Nescio) Date: Fri, 29 Mar 2013 02:51:39 +0100 (CET) Subject: gpg for anonymous users - Alternative to the web of trust? References: <5151CE6E.6010804@riseup.net> Message-ID: There is a related issue. Assume you are a tor user. Go to irc.oftc.net, channel #tor. This is where tor users hang out. There you will find some person on there called "arma." This is one of the main authors for Tor. But is he? Are you really on some MITM attack IRC server with all fake bots? Is someone else pretending to be him? He does appear to be logged on via an mit.edu ip... You can't know. All you can find out if the same person signing the code releases is in possession of the same secret key as the person on the IRC. You can ask him to sign some snippit of text to verify he is in possession of the secret key used to sign the tor source code. That is it. Is that Roger Dingledine? Who knows. But from a user's perspective I don't know if I care. In this case, that person signing code = person I am talking to is probably enough for me to get support for the product. (Assuming I am using the same Tor everyone else is). Although moneysphere is supposed to protect you from people creating new certs for your site, what if your signed cert is stolen and your dns changed? Using a smart card, it is probably easier to feel assured your secret key is secure, rather a cert on a server. So with monkey sphere you are signing these server certificates, getting one more layer of protection, that site=key=code. As to whether you are some covert agent, you probably are and don't know it. From adrelanos at riseup.net Sun Mar 31 17:21:34 2013 From: adrelanos at riseup.net (adrelanos) Date: Sun, 31 Mar 2013 15:21:34 +0000 Subject: feedback on a gpg encryption/signing GUI frontend In-Reply-To: References: Message-ID: <5158547E.5040900@riseup.net> What do you think about kgpg? Maybe many people don't know, that it also has a text editor with handy sign, verify, encrypt, decrypt buttons? I find it quite good, there are just some usability glitches here and there and perhaps some bugs (never could get symmetric encryption to work). Personally I don't mind the "crap dependencies". Ok, it's for non-KDE users ~ 100 MB for graphical gpg key management and gpg text editor. Our hard drives are so big these days, I am sure regular users don't mind. It's really just something geeks complain about without pragmatic consequences. Perhaps a python rewrite can attract more developers, features, bug fixes and so on. I think what pyrite requires is distro packaging so it can be easily installed. From rjh at sixdemonbag.org Sun Mar 31 18:32:13 2013 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 31 Mar 2013 12:32:13 -0400 Subject: feedback on a gpg encryption/signing GUI frontend In-Reply-To: <5158547E.5040900@riseup.net> References: <5158547E.5040900@riseup.net> Message-ID: <5158650D.7010206@sixdemonbag.org> On 3/31/2013 11:21 AM, adrelanos wrote: > Personally I don't mind the "crap dependencies". Ok, it's for non-KDE > users ~ 100 MB for graphical gpg key management and gpg text editor. Our > hard drives are so big these days, I am sure regular users don't mind. You might be surprised. Although flash drives are getting larger and larger, a 100MB set of dependencies is still going to have some astonishing bits of fragility -- especially when running in a portable environment, or on a non-UNIX OS. Small is beautiful. From mailinglisten at hauke-laging.de Sun Mar 31 19:33:19 2013 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Sun, 31 Mar 2013 19:33:19 +0200 Subject: Why does gpg use so much entropy from /dev/random? In-Reply-To: References: Message-ID: <31762549.FrQsYA0V6r@inno> Am So 31.03.2013, 10:45:54 schrieb Philip Potter: > GPG uses /dev/random as its entropy source. It pulls a lot of entropy from > this source. More entropy, in fact, than the linux /dev/random manpage > suggests it should. Quoting from the manpage: I don't know the gpg source, the following (3) is just a guess. > Recently when generating a 2048-bit key, I got a message that GPG needed > 280 *bytes* more entropy. This is far more than 256 bits. 1) If you don't do anything special then two keys are generated (mainkey and subkey). 2) A 2048 bit RSA key is supposed to be as secure as a 112 bit symmetric key. I don't know whether you can map a 112 bit symmetric key directly to RSA key values. You need find primes after all. Maybe the algorithm to do that consumes additional entropy. 3) Who knows how random the /dev/random output really is? I guess that the entropy quality can be increased by consuming more ("make one good bit from 16 bad bits"). strace -e trace=open,read gpg --armor --gen-random 0 16 [...] open("/dev/urandom", O_RDONLY) = 3 read(3, "\332\376J\314\1[\357\n7ee\303\372\3555h", 16) = 16 strace -e trace=open,read gpg --armor --gen-random 1 16 [...] open("/dev/urandom", O_RDONLY) = 3 read(3, "\3471=\307+n\3656\204\31!\232\270\303\324[", 16) = 16 (Strange. Werner, have I found a bug? :-) ) strace -e trace=open,read gpg --armor --gen-random 2 16 [...] open("/dev/random", O_RDONLY) = 4 read(4, "\1\362P\231..."..., 300) = 128 read(4, "+7m\2314|\353..."..., 172) = 128 read(4, "\233\272~\237\..."..., 44) = 44 So we see: If high quality entropy is required then gpg reads (128+128+44)/16=18.75 times as much entropy from /dev/random as demanded. Hauke -- ? PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04) http://www.openpgp-schulungen.de/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 572 bytes Desc: This is a digitally signed message part. URL: From admin at designers-guide.com Sun Mar 31 22:41:59 2013 From: admin at designers-guide.com (Ken Kundert) Date: Sun, 31 Mar 2013 13:41:59 -0700 Subject: The Lord of the Keys Message-ID: <20130331204159.GB22868@shalmirane> I am currently using gpg-agent to hold both my gpg and ssh keys. I use two ssh keys, which means that when I log in I have to give up to four passphrases to unlock all of my keys. Given that gpg-agent is primarily a labor-saving device, I am wondering if it would be possible to configure it to accept just one passphrase and unlock all of my keys. I believe I can do this using gnome-keyring, but at the moment gnome-keyring does not work with gpg on Fedora 18 for me because some incompatibility between the two programs. And frankly, I'd like to avoid the use of gnome-keyring if I can. So my question, is it possible to configure gpg-agent so that one passphrase can unlock all of my keys? -Ken From anonymous at foto.nl1.torservers.net Sun Mar 31 23:16:42 2013 From: anonymous at foto.nl1.torservers.net (Anonymous) Date: Sun, 31 Mar 2013 17:16:42 -0400 (EDT) Subject: smartcard: transferring to another account Message-ID: <8e556bec26a6bc211243a2eca92b47a7@foto.nl1.torservers.net> Hello, I have a smart card with several keys. All the keys are 2048 bits due to the mentioned gnupg limitations. All the keys are set up under unix account 'A'. I would like to use one of those keys under unix account 'b'. I can export the public key, but clearly not the private key. I have imported the public key into the other account. account 'B' can access the card, but I guess it is missing some type of "stub" gnupg uses to mark the keys on the card? How do I manually re-associate the secret key on the card with the public key I imported? I do not want to just copy the entire .gnupg directory over as there are secret keys I don't want exported. Again, do to driver issues, I apparently have no way to even list what is on the card! help?