From Brian.Cameron at Sun.COM Thu May 1 22:53:21 2008 From: Brian.Cameron at Sun.COM (Brian Cameron) Date: Thu, 01 May 2008 15:53:21 -0500 Subject: Problem building libgcrypt on Solaris Message-ID: <481A2DC1.8020404@sun.com> libgcrypt team: The latest libgcrypt version 1.4.0 will not build on Solaris with the Sun Studio compiler because it includes some void functions that return values, which the Sun Studio compiler considers an error. Obviously GCC lets this go. I'm attaching a patch to fix this problem. Can this go upstream? Thanks, Brian -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: libgcrypt-01-fixvoid.diff URL: From mooney at dogbert.cc.ndsu.NoDak.edu Fri May 2 18:59:37 2008 From: mooney at dogbert.cc.ndsu.NoDak.edu (Tim Mooney) Date: Fri, 2 May 2008 11:59:37 -0500 (CDT) Subject: Problem building libgcrypt on Solaris In-Reply-To: <481A2DC1.8020404@sun.com> References: <481A2DC1.8020404@sun.com> Message-ID: In regard to: Problem building libgcrypt on Solaris, Brian Cameron said (at...: > The latest libgcrypt version 1.4.0 will not build on Solaris with the > Sun Studio compiler because it includes some void functions that > return values, which the Sun Studio compiler considers an error. > Obviously GCC lets this go. > > I'm attaching a patch to fix this problem. Can this go upstream? I reported it a while back, and it is fixed in libgcrypt 1.4.1, which was released a few days ago. Tim -- Tim Mooney mooney at dogbert.cc.ndsu.NoDak.edu Information Technology Services (701) 231-1076 (Voice) Room 242-J6, IACC Building (701) 231-8541 (Fax) North Dakota State University, Fargo, ND 58105-5164 From knoch at searshc.com Thu May 8 22:27:04 2008 From: knoch at searshc.com (Noch, Keith) Date: Thu, 8 May 2008 16:27:04 -0400 Subject: Is there a version for aix5.2? Message-ID: <33FEEE6E2ADCE94A81CF34CB79DB5E9AEC6176@USKIHSVPEXCH19.kih.kmart.com> Hello, I am very unfamiliar with this product and I need to know if there is a version for aix5.2? Thanks for any help. -------------- next part -------------- An HTML attachment was scrubbed... URL: From christian at jaeger.mine.nu Tue May 13 02:53:26 2008 From: christian at jaeger.mine.nu (Christian Jaeger) Date: Tue, 13 May 2008 02:53:26 +0200 Subject: [PATCH] In the manpage, mention at the --sign options how to select the signing key Message-ID: <385d35c928e409bc8a361b33e963e293@jaeger.mine.nu> Hello I've got several private keys. Although I'm a long time (but not frequent) gpg user now, I still find a few things in the user interface a bit confusing; today I've searched the man page in vain trying to find out how to specify which private key to use for signing. Someone helped me point it out on the IRC channel; I didn't find it at first since I was searching the manpage for strings like sign.*key and similar. So I propose to add this to the place where I was expecting to find it, at the sign options themselves. This patch is against current svn://cvs.gnupg.org/gnupg/trunk gnupg, that seems to be gnupg2, but I'm actually using gnupg version 1 (version 1.4.6 from Debian testing), but both of the man pages need the same fix, so I suggest to apply the patch to both versions. Thanks, Christian. (ps. this is from git-format-patch out of a git-svn clone of the svn repository; I'm hoping you're not having problems applying it using the svn tools (or patch)?) --- doc/gpg.texi | 7 +++++-- 1 files changed, 5 insertions(+), 2 deletions(-) diff --git a/doc/gpg.texi b/doc/gpg.texi index a122691..a4dbd9c 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -178,7 +178,9 @@ Make a signature. This command may be combined with @option{--encrypt} (for a signed and encrypted message), @option{--symmetric} (for a signed and symmetrically encrypted message), or @option{--encrypt} and @option{--symmetric} together (for a signed message that may be -decrypted via a secret key or a passphrase). +decrypted via a secret key or a passphrase). For changing the private +key to be used for signing, see the --local-user and --default-key +options. @item --clearsign @opindex clearsign @@ -186,7 +188,8 @@ Make a clear text signature. The content in a clear text signature is readable without any special software. OpenPGP software is only needed to verify the signature. Clear text signatures may modify end-of-line whitespace for platform independence and are not intended -to be reversible. +to be reversible. For changing the private key to be used for signing, +see the --local-user and --default-key options. @item --detach-sign @itemx -b -- 1.5.5.1 From cswiger at mac.com Tue May 13 19:13:35 2008 From: cswiger at mac.com (Chuck Swiger) Date: Tue, 13 May 2008 10:13:35 -0700 Subject: gnupg-2.0.9: bug in certchain.c... Message-ID: <7A45720B-A2A5-487A-AC58-09D2BC5843D8@mac.com> Hi, all-- In gnupg-2.0.9, a local variable is being declared after a statement in a block rather than at the start, resulting in: > [ ... ] > source='certchain.c' object='certchain.o' libtool=no \ > DEPDIR=.deps depmode=gcc /bin/sh ../scripts/depcomp \ > cc -DHAVE_CONFIG_H -I. -I.. -I../gl -I../common -I../intl - > DLOCALEDIR=\"/usr/local/share/locale\" -DGNUPG_BINDIR="\"/usr/local/ > bin\"" -DGNUPG_LIBEXECDIR="\"/usr/local/libexec\"" - > DGNUPG_LIBDIR="\"/usr/local/lib/gnupg\"" -DGNUPG_DATADIR="\"/usr/ > local/share/gnupg\"" -DGNUPG_SYSCONFDIR="\"/usr/local/etc/gnupg > \"" -I/usr/local/include -I/usr/local/include -I/usr/local/ > include -I/usr/local/include -O -pipe -march=pentium -Wall - > Wpointer-arith -c certchain.c > certchain.c: In function `find_up': > certchain.c:710: syntax error before `int' > certchain.c:711: `old' undeclared (first use in this function) > certchain.c:711: (Each undeclared identifier is reported only once > certchain.c:711: for each function it appears in.) A diff to fix this bug follows: --- gnupg-2.0.9/sm/certchain.c~ Mon Feb 18 13:51:54 2008 +++ gnupg-2.0.9/sm/certchain.c Tue May 13 13:00:36 2008 @@ -702,12 +702,13 @@ rc = keydb_search_subject (kh, issuer); if (rc == -1 && !find_next) { + int old; /* Also try to get it from the Dirmngr cache. The function merely puts it into the ephemeral database. */ find_up_dirmngr (ctrl, kh, NULL, issuer, 0); /* Not found, let us see whether we have one in the ephemeral key DB. */ - int old = keydb_set_ephemeral (kh, 1); + old = keydb_set_ephemeral (kh, 1); if (!old) { keydb_search_reset (kh); Regards, -- -Chuck From marcus.brinkmann at ruhr-uni-bochum.de Thu May 15 12:34:59 2008 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Thu, 15 May 2008 12:34:59 +0200 Subject: [PATCH] In the manpage, mention at the --sign options how to select the signing key In-Reply-To: <385d35c928e409bc8a361b33e963e293@jaeger.mine.nu> References: <385d35c928e409bc8a361b33e963e293@jaeger.mine.nu> Message-ID: <87wslvua7g.wl%marcus.brinkmann@ruhr-uni-bochum.de> At Tue, 13 May 2008 02:53:26 +0200, Christian Jaeger wrote: > I've got several private keys. Although I'm a long time (but not > frequent) gpg user now, I still find a few things in the user > interface a bit confusing; today I've searched the man page in vain > trying to find out how to specify which private key to use for > signing. Someone helped me point it out on the IRC channel; I didn't > find it at first since I was searching the manpage for strings like > sign.*key and similar. So I propose to add this to the place where I > was expecting to find it, at the sign options themselves. I agree, so I put in the change with a slightly different wording and added the expected formatting for the option strings. > (ps. this is from git-format-patch out of a git-svn clone of the svn > repository; I'm hoping you're not having problems applying it using > the svn tools (or patch)?) I do. diff complained about ambiguous ending of the second hunk. Thanks, Marcus 2008-05-15 Marcus Brinkmann * gpg.texi (Operational GPG Commands): Mention the way to change the default signing key. From marcus.brinkmann at ruhr-uni-bochum.de Thu May 15 12:37:48 2008 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Thu, 15 May 2008 12:37:48 +0200 Subject: gnupg-2.0.9: bug in certchain.c... In-Reply-To: <7A45720B-A2A5-487A-AC58-09D2BC5843D8@mac.com> References: <7A45720B-A2A5-487A-AC58-09D2BC5843D8@mac.com> Message-ID: <87ve1fua2r.wl%marcus.brinkmann@ruhr-uni-bochum.de> At Tue, 13 May 2008 10:13:35 -0700, Chuck Swiger wrote: > > Hi, all-- > > In gnupg-2.0.9, a local variable is being declared after a statement > in a block rather than at the start, resulting in: Thank you for reporting this. It was already reported and fixed by the following change in SVN: 2008-04-23 Werner Koch * certchain.c (find_up): Make correct C89 code. Declare variable at the top of the block. Reported by Alain Guibert. Thanks, Marcus From marcus.brinkmann at ruhr-uni-bochum.de Thu May 15 13:20:05 2008 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Thu, 15 May 2008 13:20:05 +0200 Subject: Vs Combined Method? E+S from RFC 3156 6.2 In-Reply-To: <200804291414.53915.bernhard@intevation.de> References: <200804291414.53915.bernhard@intevation.de> Message-ID: <87tzgzu84a.wl%marcus.brinkmann@ruhr-uni-bochum.de> At Tue, 29 Apr 2008 14:14:45 +0200, Bernhard Reiter wrote: > Given the enhanced compatibility, why not do combined method whenever you can, > just getting the compatibility advantage? Compatibility with what? If every mail reader today supports MIME, there is no advantage in not using it. It would be more compatible to have passwords with only uppercase characters, but luckily those terminals have died out. However, it is still advisable to restrict passwords to 7 bit. There are always such battles fought out. A GNOME terminal is 80 characters wide by default, for compatibility with IBM punch cards, and I am actually annoyed if I have to read code or documents that don't fit on punch cards. But, luckily, that ain't need to be so for everything. Some things can move on. So, the question is, are there significant MUAs that support only combined mode? Thanks, Marcus From bernhard at intevation.de Thu May 15 14:16:09 2008 From: bernhard at intevation.de (Bernhard Reiter) Date: Thu, 15 May 2008 14:16:09 +0200 Subject: Vs Combined Method? E+S from RFC 3156 6.2 In-Reply-To: <87tzgzu84a.wl%marcus.brinkmann@ruhr-uni-bochum.de> References: <200804291414.53915.bernhard@intevation.de> <87tzgzu84a.wl%marcus.brinkmann@ruhr-uni-bochum.de> Message-ID: <200805151416.14925.bernhard@intevation.de> Hi Marcus, On Thursday 15 May 2008 13:20, Marcus Brinkmann wrote: > At Tue, 29 Apr 2008 14:14:45 +0200, > > Bernhard Reiter wrote: > > Given the enhanced compatibility, why not do combined method whenever you > > can, just getting the compatibility advantage? > > Compatibility with what? The RFC from August 2001 says "to increase compatibility with non-MIME implementations of OpenPGP". > If every mail reader today supports MIME, > there is no advantage in not using it. ? Also they all MUST support the combined method. So even if there is a tiny small number of MUA out there that still cannot do MIME based OpenPGP, why break compatibility with them? >?Some things can move on. Sure, so you are basically saying: The argument from 2001 is obsolete. On the other hand, to ease the implementation, shouldn't we then push for the removal of the combined method requirement? At least make it mandadory in new implementation to not create new combined method emails? > So, the question is, are there significant MUAs that support only > combined mode? As for non-MIME MUAs, I think Outlook is significant. (Being one of the developers of Gpg4win, you know that until recently it could not do MIME OpenPGP. And that Outlook itself it not fully MIME compliant, e.g. it does not display the text part of a multipart/signed email, though it MUST according to MIME standards.) There will be others out there as well, e.g. on older unix machines which did not update software very often. Best, Bernhard -- Managing Director - Owner: www.intevation.net (Free Software Company) Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com. Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From lars at primekey.se Mon May 19 13:42:21 2008 From: lars at primekey.se (=?ISO-8859-1?Q?Lars_Silv=E9n?=) Date: Mon, 19 May 2008 13:42:21 +0200 Subject: assuan patch for w32 Message-ID: <4831679D.9040004@primekey.se> Hello! I have built gnupg2 for Windows by using the Linux mingw cross compiler on Debian. I am using it together with http://gnupg-pkcs11.sourceforge.net and enigmail on Thunderbird. It works great now. But I had to fix a problem in assuan. I am attaching a patch for the change I had to do. The patch is needed and tested on 2003 Server and Vista. Please update your CVS with this patch. If someone is interested in the binaries I produced or the build script I developed to build it please let me know. Best Regards Lars Silv?n -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: patch.txt URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: lars.vcf Type: text/x-vcard Size: 296 bytes Desc: not available URL: From marcus.brinkmann at ruhr-uni-bochum.de Mon May 19 16:55:37 2008 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Mon, 19 May 2008 16:55:37 +0200 Subject: Vs Combined Method? E+S from RFC 3156 6.2 In-Reply-To: <200805151416.14925.bernhard@intevation.de> References: <200804291414.53915.bernhard@intevation.de> <87tzgzu84a.wl%marcus.brinkmann@ruhr-uni-bochum.de> <200805151416.14925.bernhard@intevation.de> Message-ID: <87fxsetkba.wl%marcus.brinkmann@ruhr-uni-bochum.de> At Thu, 15 May 2008 14:16:09 +0200, Bernhard Reiter wrote: > > Hi Marcus, > > On Thursday 15 May 2008 13:20, Marcus Brinkmann wrote: > > At Tue, 29 Apr 2008 14:14:45 +0200, > > > > Bernhard Reiter wrote: > > > Given the enhanced compatibility, why not do combined method whenever you > > > can, just getting the compatibility advantage? > > > > Compatibility with what? > > The RFC from August 2001 says "to increase compatibility > with non-MIME implementations of OpenPGP". I was hoping for some specific applications that are in use today. > Sure, so you are basically saying: The argument from 2001 is obsolete. I am not saying that, I am just suggesting that, after evaluation, it might be such a case, depending on how important compatibility is in the real world. > On the other hand, to ease the implementation, shouldn't we then push > for the removal of the combined method requirement? > At least make it mandadory in new implementation to not create > new combined method emails? I think that, if this is such a case, then that would be a sensible next step. > > So, the question is, are there significant MUAs that support only > > combined mode? > > As for non-MIME MUAs, I think Outlook is significant. > (Being one of the developers of Gpg4win, you know that until recently > it could not do MIME OpenPGP. And that Outlook itself it not fully > MIME compliant, e.g. it does not display the text part of a multipart/signed > email, though it MUST according to MIME standards.) Oh well, that may be a millstone around our neck for the time being. > There will be others out there as well, e.g. on older unix machines > which did not update software very often. Not really what you are looking for, but: Somehow I question the wisdom of relying on security software on such systems... Thanks, Marcus From patrick at mozilla-enigmail.org Mon May 19 18:10:24 2008 From: patrick at mozilla-enigmail.org (Patrick Brunschwig) Date: Mon, 19 May 2008 18:10:24 +0200 Subject: gpg-agent with gpg4win 1.9.0 Message-ID: <4831A670.5080203@mozilla-enigmail.org> Hello, I am assessing gpg4win 1.9.0 in order to prepare for supporting gpg2 in Enigmail on Windows, once gpg4win v2.0 will officially be released. Now I have found that gpg-agent on Windows doesn't detach when started with --daemon. Is this something that will be fixed, or am I missing something? -Patrick From wk at gnupg.org Tue May 20 10:23:13 2008 From: wk at gnupg.org (Werner Koch) Date: Tue, 20 May 2008 10:23:13 +0200 Subject: assuan patch for w32 In-Reply-To: <4831679D.9040004@primekey.se> ("Lars =?utf-8?Q?Silv=C3=A9n?= =?utf-8?Q?=22's?= message of "Mon, 19 May 2008 13:42:21 +0200") References: <4831679D.9040004@primekey.se> Message-ID: <87d4nhl6z2.fsf@wheatstone.g10code.de> On Mon, 19 May 2008 13:42, lars at primekey.se said: > But I had to fix a problem in assuan. I am attaching a patch for the change I had to do. The patch is needed and tested on 2003 Server and Vista. A quick check shows that the code has already been changed in the SVN. Note that we use libassuan extensively on Windows. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From marcus.brinkmann at ruhr-uni-bochum.de Tue May 20 13:31:29 2008 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Tue, 20 May 2008 13:31:29 +0200 Subject: gpg-agent with gpg4win 1.9.0 In-Reply-To: <4831A670.5080203@mozilla-enigmail.org> References: <4831A670.5080203@mozilla-enigmail.org> Message-ID: <873aodtdny.wl%marcus.brinkmann@ruhr-uni-bochum.de> At Mon, 19 May 2008 18:10:24 +0200, Patrick Brunschwig wrote: > > Hello, > > I am assessing gpg4win 1.9.0 in order to prepare for supporting gpg2 in > Enigmail on Windows, once gpg4win v2.0 will officially be released. > > Now I have found that gpg-agent on Windows doesn't detach when started > with --daemon. > > Is this something that will be fixed, or am I missing something? You mean if invoked from the command line, right? The way this works in Windows for us is that the process invoking the agent starts the process in detached mode. I don't understand every detail about process execution under Windows. Maybe it is possible for the gpg-agent to do it as well, or maybe there would need to be hints in the gpg-agent.exe file to instruct the console to do it (but note that we don't want the console to always detach it, as gpg-agent can be usefully invoked on the command line). The way we do it is that all tools that start the agent in daemon mode use something like gnupg_spawn_process_detached which sets the DETACHED_PROCESS and CREATE_NEW_PROCESS_GROUP flags in CreateProcess. If you have a particular suggestion how invoking gpg-agent --daemon from the command line can be improved, please let us know. In general, you can just let gpg/gpgsm etc take care of starting gpg-agent on demand. There are a couple of corner cases where a gpg-agent is not started on demand yet (the protect tool for P12 comes to mind), but we will have to fix them. Users of gpg or gpgsm need not be concerned about gpg-agent. Thanks, Marcus From patrick at mozilla-enigmail.org Tue May 20 13:51:38 2008 From: patrick at mozilla-enigmail.org (Patrick Brunschwig) Date: Tue, 20 May 2008 13:51:38 +0200 Subject: gpg-agent with gpg4win 1.9.0 In-Reply-To: <873aodtdny.wl%marcus.brinkmann@ruhr-uni-bochum.de> References: <4831A670.5080203@mozilla-enigmail.org> <873aodtdny.wl%marcus.brinkmann@ruhr-uni-bochum.de> Message-ID: <4832BB4A.3070600@mozilla-enigmail.org> Marcus Brinkmann wrote: > At Mon, 19 May 2008 18:10:24 +0200, > Patrick Brunschwig wrote: >> Hello, >> >> I am assessing gpg4win 1.9.0 in order to prepare for supporting gpg2 in >> Enigmail on Windows, once gpg4win v2.0 will officially be released. >> >> Now I have found that gpg-agent on Windows doesn't detach when started >> with --daemon. >> >> Is this something that will be fixed, or am I missing something? > > You mean if invoked from the command line, right? The way this works Almost ... I wouldn't care too much about the command line, but I have the same problem if I start gpg-agent from Enigmail. > in Windows for us is that the process invoking the agent starts the > process in detached mode. I don't understand every detail about > process execution under Windows. Maybe it is possible for the > gpg-agent to do it as well, or maybe there would need to be hints in > the gpg-agent.exe file to instruct the console to do it (but note that > we don't want the console to always detach it, as gpg-agent can be > usefully invoked on the command line). The way we do it is that all > tools that start the agent in daemon mode use something like > gnupg_spawn_process_detached which sets the DETACHED_PROCESS and > CREATE_NEW_PROCESS_GROUP flags in CreateProcess. OK, I'll have to check how it's invoked. > If you have a particular suggestion how invoking gpg-agent --daemon > from the command line can be improved, please let us know. Ideally, things would work in the same way on Unix and Windows, i.e. if --no-detach is provided gpg-agent would start as today and if just --daemon is provided the daemon would detach itself. However, I don't know if that's easily possible on Windows. > In general, you can just let gpg/gpgsm etc take care of starting > gpg-agent on demand. There are a couple of corner cases where a > gpg-agent is not started on demand yet (the protect tool for P12 comes > to mind), but we will have to fix them. Users of gpg or gpgsm need > not be concerned about gpg-agent. Right, I also noticed this today :-) The reason for me to start gpg-agent from Enigmail was to ensure that the agent really works and that Enigmail doesn't need to ask for passphrases. Probably on Windows I'll just let gpg2 handle gpg-agent and assume that the agent will just always work. -Patrick From patrick at mozilla-enigmail.org Tue May 20 13:51:38 2008 From: patrick at mozilla-enigmail.org (Patrick Brunschwig) Date: Tue, 20 May 2008 13:51:38 +0200 Subject: gpg-agent with gpg4win 1.9.0 In-Reply-To: <873aodtdny.wl%marcus.brinkmann@ruhr-uni-bochum.de> References: <4831A670.5080203@mozilla-enigmail.org> <873aodtdny.wl%marcus.brinkmann@ruhr-uni-bochum.de> Message-ID: <4832BB4A.3070600@mozilla-enigmail.org> Marcus Brinkmann wrote: > At Mon, 19 May 2008 18:10:24 +0200, > Patrick Brunschwig wrote: >> Hello, >> >> I am assessing gpg4win 1.9.0 in order to prepare for supporting gpg2 in >> Enigmail on Windows, once gpg4win v2.0 will officially be released. >> >> Now I have found that gpg-agent on Windows doesn't detach when started >> with --daemon. >> >> Is this something that will be fixed, or am I missing something? > > You mean if invoked from the command line, right? The way this works Almost ... I wouldn't care too much about the command line, but I have the same problem if I start gpg-agent from Enigmail. > in Windows for us is that the process invoking the agent starts the > process in detached mode. I don't understand every detail about > process execution under Windows. Maybe it is possible for the > gpg-agent to do it as well, or maybe there would need to be hints in > the gpg-agent.exe file to instruct the console to do it (but note that > we don't want the console to always detach it, as gpg-agent can be > usefully invoked on the command line). The way we do it is that all > tools that start the agent in daemon mode use something like > gnupg_spawn_process_detached which sets the DETACHED_PROCESS and > CREATE_NEW_PROCESS_GROUP flags in CreateProcess. OK, I'll have to check how it's invoked. > If you have a particular suggestion how invoking gpg-agent --daemon > from the command line can be improved, please let us know. Ideally, things would work in the same way on Unix and Windows, i.e. if --no-detach is provided gpg-agent would start as today and if just --daemon is provided the daemon would detach itself. However, I don't know if that's easily possible on Windows. > In general, you can just let gpg/gpgsm etc take care of starting > gpg-agent on demand. There are a couple of corner cases where a > gpg-agent is not started on demand yet (the protect tool for P12 comes > to mind), but we will have to fix them. Users of gpg or gpgsm need > not be concerned about gpg-agent. Right, I also noticed this today :-) The reason for me to start gpg-agent from Enigmail was to ensure that the agent really works and that Enigmail doesn't need to ask for passphrases. Probably on Windows I'll just let gpg2 handle gpg-agent and assume that the agent will just always work. -Patrick From wk at gnupg.org Tue May 20 19:22:17 2008 From: wk at gnupg.org (Werner Koch) Date: Tue, 20 May 2008 19:22:17 +0200 Subject: gpg-agent with gpg4win 1.9.0 In-Reply-To: <4832BB4A.3070600@mozilla-enigmail.org> (Patrick Brunschwig's message of "Tue, 20 May 2008 13:51:38 +0200") References: <4831A670.5080203@mozilla-enigmail.org> <873aodtdny.wl%marcus.brinkmann@ruhr-uni-bochum.de> <4832BB4A.3070600@mozilla-enigmail.org> Message-ID: <87lk24gaba.fsf@wheatstone.g10code.de> On Tue, 20 May 2008 13:51, patrick at mozilla-enigmail.org said: > --no-detach is provided gpg-agent would start as today and if just > --daemon is provided the daemon would detach itself. However, I don't > know if that's easily possible on Windows. No, that is not possible without executing a wrapper first (which might be the same program of course). I tried it but it is too much trouble. Given that Windows has no process hierarchy (i.e. there are no parent-child relationship) you can't map Unix semantix one to one to Windows. If you want to do that you will soon end up with something very similar to Cygwin. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From sutter at informatik.hs-furtwangen.de Sun May 25 14:30:53 2008 From: sutter at informatik.hs-furtwangen.de (Phil Sutter) Date: Sun, 25 May 2008 14:30:53 +0200 Subject: Secret Sharing In-Reply-To: <20080319212325.GB12049@nuty.freewrt> References: <20080319212325.GB12049@nuty.freewrt> Message-ID: <20080525123053.GD29955@base.freewrt> Hello again, some time has passed since I wrote to this list for the first time, which I used to get a better idea of what exactly I will do. Thanks a lot so far for your hints and questions, they helped me a lot understanding how GnuPG works internally and which caveats there are. The plan is as follows: using an implementation of Shamir's (t,w)-threshold scheme I want to share the passphrase to a secret key. At least for now the algorithm will operate in GF(p). So the actual passphrase is just a randomly chosen number in range [0,p[. Each share will (theoretically) consist of two numbers in the same range (i.e. a point of the secret function). Identifying participants by their GPG key ID allows securing each share by encrypting it. For recombining I want to implement a daemon like gpg-agent communicating with GnuPG via libassuan. The two methods for recombining supported by PGP, either collecting the shares via network or locally (providing a passphrase to unlock the share) should be a good starting point. Setup could maybe also be done externally. I think of the process as follows: 1. read threshold t and participants' Key IDs P(i) from user 2. get a prime p 3. generate the random coefficients C(i) to a secret function of degree t-1 4. generate a new GPG key using C(0) as passphrase 5. for each P(i) retrieve a point on the secret function and encrypt the data using P(i)'s public key 6. forget C(i) and send the shares to the participants. Some things I'm still not quite sure of: * is it good or even possible to have some metadata about the secret sharing on the combiner's side (i.e. where the shared secret key resides)? The setup process described above requires at least p to be either made public, included in each share or be remembered by the combiner. Also having each share's abscissa being public or at least known to the combiner could be a good thing. * How to establish a secure connection between the combiner and the participants? Are there any implementations using GPG keys? (An additional key for the combiner would be necessary.) * A simple implementation of Shamir's threshold scheme would give each participant P(i) the secret function's value f(i) as share. Using GPG key IDs this could also work here, assumed that key IDs are unique, of course. Alternatively a combination of key ID and fingerprint could be used. * Binary compatibility to PGP's implementation would be really great, but this requires deeper investigations of their protocol and binary format and I doubt they will let me look at their code (especially for this purpose ;). Ok, that's it for now. What do you think, is this approach worth a try or is there a fundamental problem I didn't recognise yet? Of course I also appreciate any other kind of feedback to this email. :) Greetings, Phil -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From wk at gnupg.org Wed May 28 18:52:31 2008 From: wk at gnupg.org (Werner Koch) Date: Wed, 28 May 2008 18:52:31 +0200 Subject: FYI: GnuPG Server maintenance next Monday Message-ID: <87wsle9xrk.fsf@wheatstone.g10code.de> Hi! This is to let you know that the GnuPG servers are taken down on Monday, June 2 at about 6:00 UTC to be moved to OpenIT's new data processing center. The new location is in the same city and in physical vicinity to a huge IP exchange point. They should be up again by midnight. All services are affected including email, thus you may get mail delivery *warnings*. All should be well again by Tuesday. Should a real damage happen, I will leave a message at http://www.gpg4win.org. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wk at gnupg.org Sat May 31 12:31:36 2008 From: wk at gnupg.org (Werner Koch) Date: Sat, 31 May 2008 12:31:36 +0200 Subject: "constructive criticism of GPG" In-Reply-To: <5ac4e42f0803111800p17fbb78ct44e88e184daf9bb5@mail.gmail.com> (Eric Tetz's message of "Tue, 11 Mar 2008 18:00:02 -0700") References: <5ac4e42f0803111800p17fbb78ct44e88e184daf9bb5@mail.gmail.com> Message-ID: <87tzgehiif.fsf@wheatstone.g10code.de> On Wed, 12 Mar 2008 02:00, erictetz at gmail.com said: > Anyway, that's all. I just wanted to bring that post to your > attention, because here it is 7 years later and people are still going > through the exact same shit. :) Thanks. I have implemented that in gpg2 and it will eventually end up in gpg1. It is a bit complicated because I needed to make sure not to break existing translations. It is better to use the old but translated text than a new and English text. Some translations have not been updated for a long time and I don't won't to break this quite import part of gpg. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.