Passphrase of GPG-generated key not accepted
Albrecht Dreß
albrecht.dress at arcor.de
Sat Aug 13 15:03:19 CEST 2005
Am 13.08.05 13:41 schrieb(en) Daniel Link:
> Wouldn't it be a good idea to include character encoding information in
> keys? I think so.
RFC 2440, section 3.4 [1] states that "the default character set for text
is the UTF-8 encoding". I am not sure if this applies to the messages only
and not to the key contents, though. The passphrase, however, is just a
"stream of bytes", and no assumption should be made about a "meaning"
(read: encoding and possible translation between different ones) of its
contents.
> Many people don't use UTF-8 yet.
I don't think this is true, at least for all gui applications in the UNIX
world. KDE (read: the qt library) and Gnome2.x (read: Gtk+-2) are
completely and exclusively utf-8. I'm not sure about other popular widget
libs (e.g. Motif & friends), but the general trend seems to use utf8
everywhere, maybe except for terminal apps (i.e. xterm).
> Demanding such configuration like you mentioned from all these users
> sounds unreasonable to me.
If you think about the problems regarding the use of gpg (i.e. entering
the passphrase) in a terminal, I think the better solution is to install
gpg-agent and to use a gui pinentry for this purpose. It (a) removes the
encoding problem (b) provides a *secure* passphrase cache and (c) imho
makes using the various crypto apps a lot easier.
If you don't want to install the whole chain to get the agent running, you
might want to look at seahorse [2] which also provides a (simpler) agent
solution. I don't know how secure it is, though.
> Changing the key already sent to key servers and several people from my
> address book doesn't sound very appealing to me either.
Afaik, changing the passphrase of your *private* key doesn't alter the
contents of the public key in any way. And you don't want to publish your
private key ;-)...
> Perhaps you'll beg to differ, but in my opinion an application like GPA
> should work out of the box, no matter which encoding.
Sure it should! However, I think the problem at this point is mixing the
use of utf8 applications (gpa, pinentry, seahorse, kmail, balsa, evo,
Thunderbird/Enigmail) and iso8859 terminal apps (command line gpg). So,
again, if you just use gpg-agent and pinentry-gtk2, you will *never* run
into trouble!
> $ CFLAGS="-O0 -g -O2 -march=pentium4 -fomit-frame-pointer" ./configure \
^^^ ^^^^^^^^^^^^^^^^^^^^
Just a remark: you should never activate these optimisations if you want
to debug code. On RISC processors (I use a PowerPC), a lot of information
may be lost, which is usually prevented by using -O0...
> (gdb) bt full
> #0 0x0805001a in gpa_window_show_centered (widget=0x827b1d8,
> parent=0x0) at gtktools.c:47
[snipped bt]
Unfortunately, I'm not a gpa developer. Anyone listening out there?
Cheers, Albrecht.
[1] http://www.ietf.org/rfc/rfc2440.txt
[2] http://seahorse.sourceforge.net/
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Albrecht Dreß - Johanna-Kirchner-Straße 13 - D-53123 Bonn (Germany)
Phone (+49) 228 6199571 - mailto:albrecht.dress at arcor.de
GnuPG public key: http://home.arcor.de/dralbrecht.dress/pubkey.asc
_________________________________________________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20050813/4d5a2c5b/attachment-0001.pgp
More information about the Gpa-dev
mailing list