From bogus@does.not.exist.com Wed Feb 23 12:43:27 2005 From: bogus@does.not.exist.com () Date: Wed Feb 23 12:43:35 2005 Subject: No subject Message-ID: smartcard daemon and gpg's S/MIME cousin gpgsm. The design is different to the previous versions and we may not support all ancient systems - thus POSIX compatibility will be an absolute requirement for supported platforms. 1.9 is based on an somewhat older 1.3 code and will peacefully coexist with other GnuPG versions. Happy Hacking, The GnuPG Team (David, Stefan, Timo and Werner) -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From mo at g10code.com Sun Jan 9 15:03:22 2005 From: mo at g10code.com (Moritz Schulte) Date: Wed Feb 23 12:43:36 2005 Subject: [Announce] Libgcrypt 1.2.1 released Message-ID: <20050109140322.GB16385@sarkutty> We are pleased to announce the availability of Libgcrypt 1.2.1. Since this is a bugfix release, it does not include any new features. Complete source packages: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.2.1.tar.bz2 (756k) ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.2.1.tar.bz2.sig ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.2.1.tar.gz (939k) ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.2.1.tar.gz.sig Patch against version 1.2.0: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.2.0-1.2.1.diff.gz (256k) Mirrors are listed at http://www.gnupg.org/download/mirrors.html. SHA1 sums are: 29d3939af1bb6866c9244e98d8c0995eea0bcb78 libgcrypt-1.2.1.tar.bz2 8627d483e26e73b4cfabb4807ae8423875c37cda libgcrypt-1.2.1.tar.gz ba16ffacf00a29bf7e331db62b2f934c8b6795d7 libgcrypt-1.2.0-1.2.1.diff.gz Noteworthy changes: * updated for Automake 1.9, * made the code try to lock secure memory pool not only when running as root, * fixed type usage in Serpent, * made the code mix the PID into the entropy pool for better protection after a fork, * fixed memory leak in RSA. * fixed alignment problems in Rijndael, * fixed memory leak in gcry_pk_sign(), * fixed broken pointer access in gcry_ac_open(), * updated the documentation, * fixed several other bugs. Happy hacking. -- Moritz Schulte -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 193 bytes Desc: not available Url : /pipermail/attachments/20050109/0b0d6a0a/attachment.pgp From dshaw at jabberwocky.com Fri Feb 11 02:00:17 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Feb 23 12:43:36 2005 Subject: [Announce] Attack against OpenPGP encryption Message-ID: <20050211010017.GC1476@jabberwocky.com> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 249 bytes Desc: not available Url : /pipermail/attachments/20050210/c9027587/attachment.pgp From dshaw at jabberwocky.com Fri Feb 11 02:11:15 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Feb 23 12:43:36 2005 Subject: [Announce] Attack against OpenPGP encryption Message-ID: <20050211011115.GD1476@jabberwocky.com> Last night, Serge Mister and Robert Zuccherato published a paper reporting on an attack against OpenPGP symmetric encryption. This attack, while very significant from a cryptographic point of view, is not generally effective in the real world. To be specific, unless you have your OpenPGP program set up as part of an automated system to accept encrypted messages, decrypt them, and then provide a response to the submitter, then this does not affect you at all. There is a very good writeup on the attack that goes into more depth at http://www.pgp.com/library/ctocorner/openpgp.html There will undoubtedly be further discussion of this over the next several days, but I wanted to provide a few comments now, to try and answer some questions that may arise: 1) This is not a bug in any particular OpenPGP implementation (GnuPG, PGP, Hushmail, etc). Rather, this is an attack against the OpenPGP protocol itself. 2) The attack requires an average of 32,768 probes to get two bytes of plaintext. This is why it is completely ineffective against human beings, who will presumably wonder why a stranger wants them to decrypt thousands and thousands of messages that won't decrypt, and then tell them what errors were seen. 3) It might be effective against an automated process that incorporates OpenPGP decryption, if that process returns errors back to the sender. 4) The OpenPGP Working Group will be discussing this issue and coming up with an effective and permanent fix. In the meantime, I have attached two patches to this mail. These patches disable a portion of the OpenPGP protocol that the attack is exploiting. This change should not be user visible. With the patch in place, this attack will not work using a public-key encrypted message. It will still work using a passphrase-encrypted message. These patches will be part of the 1.2.8 and 1.4.1 releases of GnuPG. 5) The full paper is available at http://eprint.iacr.org/2005/033 It's a great piece of work. David -------------- next part -------------- Index: include/cipher.h =================================================================== RCS file: /cvs/gnupg/gnupg/include/cipher.h,v retrieving revision 1.53.2.6 diff -u -r1.53.2.6 cipher.h --- include/cipher.h 29 Nov 2004 21:07:43 -0000 1.53.2.6 +++ include/cipher.h 8 Feb 2005 04:12:12 -0000 @@ -76,6 +76,7 @@ int keylen; int algo_info_printed; int use_mdc; + int symmetric; byte key[32]; /* this is the largest used keylen (256 bit) */ } DEK; Index: g10/mainproc.c =================================================================== RCS file: /cvs/gnupg/gnupg/g10/mainproc.c,v retrieving revision 1.112.2.27 diff -u -r1.112.2.27 mainproc.c --- g10/mainproc.c 27 Jun 2004 18:26:49 -0000 1.112.2.27 +++ g10/mainproc.c 8 Feb 2005 04:12:13 -0000 @@ -317,6 +317,8 @@ c->dek = passphrase_to_dek( NULL, 0, algo, &enc->s2k, 0, NULL, NULL ); if(c->dek) { + c->dek->symmetric=1; + /* FIXME: This doesn't work perfectly if a symmetric key comes before a public key in the message - if the user doesn't know the passphrase, then there is a chance Index: g10/encr-data.c =================================================================== RCS file: /cvs/gnupg/gnupg/g10/encr-data.c,v retrieving revision 1.29 diff -u -r1.29 encr-data.c --- g10/encr-data.c 29 Jun 2002 13:46:33 -0000 1.29 +++ g10/encr-data.c 8 Feb 2005 04:12:14 -0000 @@ -120,7 +120,7 @@ cipher_sync( dfx.cipher_hd ); p = temp; /* log_hexdump( "prefix", temp, nprefix+2 ); */ - if( p[nprefix-2] != p[nprefix] || p[nprefix-1] != p[nprefix+1] ) { + if( dek->symmetric && (p[nprefix-2] != p[nprefix] || p[nprefix-1] != p[nprefix+1]) ) { rc = G10ERR_BAD_KEY; goto leave; } -------------- next part -------------- Index: include/cipher.h =================================================================== RCS file: /cvs/gnupg/gnupg/include/cipher.h,v retrieving revision 1.63 diff -u -r1.63 cipher.h --- include/cipher.h 29 Nov 2004 21:14:18 -0000 1.63 +++ include/cipher.h 8 Feb 2005 04:10:29 -0000 @@ -75,6 +75,7 @@ int keylen; int algo_info_printed; int use_mdc; + int symmetric; byte key[32]; /* this is the largest used keylen (256 bit) */ } DEK; Index: g10/mainproc.c =================================================================== RCS file: /cvs/gnupg/gnupg/g10/mainproc.c,v retrieving revision 1.161 diff -u -r1.161 mainproc.c --- g10/mainproc.c 21 Oct 2004 19:18:47 -0000 1.161 +++ g10/mainproc.c 8 Feb 2005 04:10:30 -0000 @@ -330,6 +330,8 @@ if(c->dek) { + c->dek->symmetric=1; + /* FIXME: This doesn't work perfectly if a symmetric key comes before a public key in the message - if the user doesn't know the passphrase, then there is Index: g10/encr-data.c =================================================================== RCS file: /cvs/gnupg/gnupg/g10/encr-data.c,v retrieving revision 1.30 diff -u -r1.30 encr-data.c --- g10/encr-data.c 8 Oct 2004 21:54:26 -0000 1.30 +++ g10/encr-data.c 8 Feb 2005 04:10:30 -0000 @@ -125,7 +125,7 @@ cipher_sync( dfx.cipher_hd ); p = temp; /* log_hexdump( "prefix", temp, nprefix+2 ); */ - if( p[nprefix-2] != p[nprefix] || p[nprefix-1] != p[nprefix+1] ) { + if( dek->symmetric && (p[nprefix-2] != p[nprefix] || p[nprefix-1] != p[nprefix+1]) ) { rc = G10ERR_BAD_KEY; goto leave; } From wk at gnupg.org Tue Mar 15 17:53:36 2005 From: wk at gnupg.org (Werner Koch) Date: Tue Mar 15 17:51:17 2005 Subject: [Announce] GnuPG 1.4.1 released Message-ID: <873buw7svj.fsf@wheatstone.g10code.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello! We are pleased to announce the availability of a new stable GnuPG release: Version 1.4.1 The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It is a complete and free replacement of PGP and can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. Getting the Software ==================== Please follow the instructions found at http://www.gnupg.org/download/ or read on: GnuPG 1.4.1 may be downloaded from one of the GnuPG mirror sites or direct from ftp://ftp.gnupg.org/gcrypt/ . The list of mirrors can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG is not available at ftp.gnu.org. On the mirrors you should find the following files in the *gnupg* directory: gnupg-1.4.1.tar.bz2 (2756k) gnupg-1.4.1.tar.bz2.sig GnuPG source compressed using BZIP2 and OpenPGP signature. gnupg-1.4.1.tar.gz (3964k) gnupg-1.4.1.tar.gz.sig GnuPG source compressed using GZIP and OpenPGP signature. gnupg-1.4.0-1.4.1.diff.bz2 (650k) A patch file to upgrade a 1.4.0 GnuPG source. Select one of them. To shorten the download time, you probably want to get the BZIP2 compressed file. Please try another mirror if exceptional your mirror is not yet up to date. In the *binary* directory, you should find these files: gnupg-w32cli-1.4.1.exe (1406k) gnupg-w32cli-1.4.1.exe.sig GnuPG compiled for Microsoft Windows and OpenPGP signature. Note that this is a command line version and now comes with a graphical installer tool. The source files are the same as given above. Checking the Integrity ====================== In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-1.4.1.tar.bz2 you would use this command: gpg --verify gnupg-1.4.1.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key. Note, that you can retrieve the signing key using "finger wk 'at' g10code.com" or "finger dd9jn 'at' gnu.org" or using the keyservers. I recently prolonged the expiration date; thus you might need a fresh copy of that key. Never use a GnuPG version you just downloaded to check the integrity of the source - use an existing GnuPG installation! * If you are not able to use an old version of GnuPG, you have to verify the SHA-1 checksum. Assuming you downloaded the file gnupg-1.4.1.tar.bz2, you would run the sha1sum command like this: sha1sum gnupg-1.4.1.tar.bz2 and check that the output matches the first line from the following list: ebd16ef9d3fd3c38e38cf39e6347ed058fd12840 gnupg-1.4.1.tar.bz2 f8e982d5e811341a854ca9c15feda7d5aba6e09a gnupg-1.4.1.tar.gz db573a6c3707f65797b569efda7e0905c4c4469c gnupg-w32cli-1.4.1.exe Upgrade Information =================== If you are upgrading from a version prior to 1.0.7, you should run the script tools/convert-from-106 once. Please note also that due to a bug in versions prior to 1.0.6 it may not be possible to downgrade to such versions unless you apply the patch http://www.gnupg.org/developer/gpg-woody-fix.txt . If you have any problems, please see the FAQ and the mailing list archive at http://lists.gnupg.org. Please direct questions to the gnupg-users@gnupg.org mailing list. What's New =========== There are too many changes to list them here. Please check out the NEWS file or read the summary at the end of this announcement. Internationalization ==================== GnuPG comes with support for 28 languages: American English Indonesian (id)[*] Bela-Russian (be)[*] Italian (it)[*] Catalan (ca)[*] Japanese (ja) Czech (cs) Polish (pl)[*] Danish (da)[*] Brazilian Portuguese (pt_BR)[*] Dutch (nl)[*] Portuguese (pt)[*] Esperanto (eo)[*] Romanian (ro) Estonian (et)[*] Russian (ru)[*] Finnish (fi)[*] Slovak (sk)[*] French (fr) Spanish (es)[*] Galician (gl)[*] Swedish (sv)[*] German (de) [*] Traditional Chinese (zh_TW) Greek (el) [*] Simplified Chinese (zh_CN) Hungarian (hu) [*] Turkish (tr) [*] Languages marked with [*] were not updated for this release and you will most likely notice untranslated messages. Many thanks to the translators for their ongoing support of GnuPG. Due to a lot of stylistic changes to the strings and about 150 new strings, most translations are not up to date. However we don't think that this is reason enough to hold back the release. Updated translations will be added with the next releases. Future Directions ================= GnuPG 1.4.x is the current stable branch and will be kept as the easy to use and build single-executable versions. We plan to backport new features from the development series to 1.4. GnuPG 1.9.x is the new development series of GnuPG. This version merged the code from the Aegypten project and thus it includes the gpg-agent, a smartcard daemon and gpg's S/MIME cousin gpgsm. The design is different to the previous versions and we may not support all ancient systems - thus POSIX compatibility will be an absolute requirement for supported platforms. 1.9 is as of now based on an somewhat older 1.3 code but will peacefully coexist with other GnuPG versions. Support ======= Developing and maintaining GnuPG and related software is nothing one can do in the evening or on weekends. We all spend a lot of time and money on it. David is actually doing this in his spare time beside his day job; g10 Code employs Timo and Werner to work on this software and would appreciate to refinance it by entering into support contracts or other contributions. Thanks ====== We have to thank all the people who helped with this release, be it testing, coding, translating, suggesting, auditing, administering the servers, spreading the word or answering questions on the mailing lists. Kudos to David Shaw who did most of the new features in 1.4 and discussed various OpenPGP problems in lengths at several working groups. Happy Hacking, The GnuPG Team (David, Timo and Werner) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iEYEARECAAYFAkI3Eu4ACgkQYHhOlAEKV+1lTwCfSVtlldBYT2G3MZrxk+jHcH0i gYcAnArQgwu1RvaLp+713awo0QX6E6im =PGws -----END PGP SIGNATURE----- From wk at gnupg.org Tue Mar 15 18:22:11 2005 From: wk at gnupg.org (Werner Koch) Date: Tue Mar 15 18:19:37 2005 Subject: [Announce] GnuPG 1.4.1 News Message-ID: <87wts86czg.fsf@wheatstone.g10code.de> Hello! I forgot to insert the NEWS for 1.4.1; there are actually not that many as those for the last release. Here we go: * New --rfc2440-text option which controls how text is handled in signatures. This is in response to some problems seen with certain PGP/MIME mail clients and GnuPG version 1.4.0. More details about this are available at . * New "import-unusable-sigs" and "export-unusable-sigs" tags for --import-options and --export-options. These are off by default, and cause GnuPG to not import or export key signatures that are not usable (e.g. expired signatures). * New experimental HTTP, HTTPS, FTP, and FTPS keyserver helper that uses the cURL library to retrieve keys. This is disabled by default, but may be enabled with the configure option --with-libcurl. Without this option, the existing HTTP code is used for HTTP, and HTTPS, FTP, and FTPS are not supported. * When running a --card-status or --card-edit and a public key is available, missing secret key stubs will be created on the fly. Details of the key are listed too. * The implicit packet dumping in double verbose mode is now sent to stderr and not to stdout. * Added countermeasures against the Mister/Zuccherato CFB attack . * [W32] The algorithm for the default home directory changed: First we look at the environment variable GNUPGHOME, if this one is not set, we check whether the registry entry {HKCU,HKLM}\Software\GNU\GnuPG:HomeDir has been set. If this fails we use a GnuPG directory below the standard application data directory (APPDATA) of the current user. Only in the case that this directory cannot be determined, the old default of c:\gnupg will be used. The option --homedir still overrides all of them. * [W32] The locale selection under Windows changed. You need to enter the locale in the registry at HKCU\Software\GNU\GnuPG:Lang. For German you would use "de". If it is not set, GnuPG falls back to HKLM. The languages files "*.mo" are expected in a directory named "gnupg.nls" below the installation directory; that directory must be stored in the registry at the same key as above with the name "Install Directory". * Add new --edit-key command "bkuptocard" to allow restoring a card key from a backup. * The "fetch" command of --card-edit now retrieves the key using the default keyserver if no URL has been stored on the card. * New configure option --enable-noexecstack. Shalom-Salam, Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org