From chd at chud.net Fri Oct 1 00:12:23 2004 From: chd at chud.net (Chris De Young) Date: Fri Oct 1 00:09:18 2004 Subject: Is it possible to encrypt file symmetrically with 1 (one) command line? In-Reply-To: <415C79CD.6000702@bluewin.ch> References: <415C79CD.6000702@bluewin.ch> Message-ID: <20040930221223.GR20251@dionysus.chud.net> On Thu, Sep 30, 2004 at 11:25:33PM +0200, Oleksiy Muzalyev wrote: > Hi, > > When I enter: > gpg -a -c data.php > > gpg asks for the password, I enter it, and it asks to repeat. > > Is there something like: > > gpg -a -c data.php --password MyPassword > > I call from VB2005: > > Shell("c:\gnupg\gpg.exe -a -c " & fileToEncrypt, AppWinStyle.NormalFocus) > > And console window opens and asks twice for the password. > > I would prefer to send the file path and password in one command. Offhand I don't know of any switches that you can use to pass the passphrase on the command line, though I might be missing one. If it's acceptable to store the passphrase in a separate file (probably no more risky that coding it into a script), you could use: gpg -a -c --batch --passphrase-fd n filename which will read the password from file descriptor n. 0 means standard input, though that's not what you want in the case. Cheers, -Chris -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20040930/ce501125/attachment.bin From hmujtaba at forumsys.com Fri Oct 1 01:12:13 2004 From: hmujtaba at forumsys.com (Hasnain Mujtaba) Date: Fri Oct 1 10:10:00 2004 Subject: decryption failed: weak key Message-ID: <4DCE15B9C4E66F4CA967EBF64C53D64D67B3AE@bstn-exch1.forumsys.com> Hi, I saw this message when decrypting a file encrypted with a 1536 ElGamal key, 3DES symmetric cipher: gpg: WARNING: message was encrypted with a weak key in the symmetric cipher. gpg: decryption failed: weak key. Looks like GPG is checking for randomness property of the session key after decrypting it out of the Public-key Encrypted Session key packet. Correct? And does the RFC2440 specify how this check should be performed, i.e is it a MUST have feature? Thanks, Hasnain. From mroth at nessie.de Fri Oct 1 13:52:55 2004 From: mroth at nessie.de (Michael Roth) Date: Fri Oct 1 13:49:34 2004 Subject: decryption failed: weak key In-Reply-To: <4DCE15B9C4E66F4CA967EBF64C53D64D67B3AE@bstn-exch1.forumsys.com> References: <4DCE15B9C4E66F4CA967EBF64C53D64D67B3AE@bstn-exch1.forumsys.com> Message-ID: <415D4517.60904@nessie.de> Hasnain Mujtaba wrote: | I saw this message when decrypting a file encrypted with a 1536 | ElGamal key, 3DES symmetric cipher: A "weak key" is a special DES property. In DES there are 64 known weak keys. I think Blowfish has weak keys too. | gpg: WARNING: message was encrypted with a weak key in the symmetric | cipher. | gpg: decryption failed: weak key. | | Looks like GPG is checking for randomness property of the session key | after decrypting it out of the Public-key Encrypted Session key | packet. Correct? No. If you take a look in g10/des.c you will find a table containing all 64 known weak keys (search for "weak_key"). If gnupg creates a session key, it omits weak keys (take a look in g10/seskey.c, make_session_key). So I guess the message was not encrypted using gnupg? Would be nice to know which programm created the weak session key. Please also note: 3DES keys consist effectivly of 3 different DES keys, but GnuPG complains about weak keys if at least one of these three parts is a weak key. cu Michael Roth From mujyo at comcast.net Fri Oct 1 14:20:43 2004 From: mujyo at comcast.net (haruki s.) Date: Fri Oct 1 14:17:48 2004 Subject: Question about FAQ section 7.1 In-Reply-To: <20040924195617.GB13073@jabberwocky.com> References: <1191732911.20040924121611@comcast.net> <20040924195617.GB13073@jabberwocky.com> Message-ID: <747022294.20041001052043@comcast.net> Thank you Mr. Shaw, Smasher and Williams for your answer(s) and feedback :^) It was very useful in my first series of mental hurdles on the path to using GPG. Is there a wiki for updating the GPG-FAQ? Or perhaps someone working on update keeping track commits and other less direct changes? Friday, September 24, 2004, 12:56:17 PM, David Shaw dshaw@jabberwocky.com wrote: > On Fri, Sep 24, 2004 at 12:16:11PM -0700, mujyo@comcast.net wrote: >> Hello List :^) >> >> In section 7.1 of the FAQ the last paragraph states: >> >> "There is a small security glitch in the OpenPGP (and therefore GnuPG) >> system; to avoid this you should always sign and encrypt a message >> instead of only encrypting it." >> ( http://www.gnupg.org/(en)/documentation/faqs.html#q7.1 ) >> >> I am wondering if this is still the case, and if this means that one >> should also not use 'conventional' encryption, as the language appears >> to possibly be saying that as well. And has this 'glitch' been fixed? > This isn't true any longer. OpenPGP now has the MDC protection. Both > GnuPG and PGP support it. MDC can be turned off manually, or if you > encrypt to a key that doesn't support it, it is switched off > automatically, but in general it is on. GnuPG tries pretty hard to > use MDC whenever possible. MDC works for conventional encryption > also. >> Also, does anyone see any basic problems in encrypting =<700MB files >> using --recipient (My-Name) --encrypt (File), i.e. encrypting to one's >> self for files only for yourself. Is it better to encrypt with say >> TWOFISH, or a Key-pair even though you are only encrypting to >> yourself. > No basic problem. Some people like to use --symmetric when encrypting > to themselves, and some people like to use their public key. It's > really a matter of taste. I prefer to use my public key so I don't > have one more passphrase to remember ;) > David > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users yours, haruki ----119$&89#jFS-=)(3~` www.votenader.org -@$____CARRIER_LOST.------ From amilivojevic at pbl.ca Fri Oct 1 16:40:31 2004 From: amilivojevic at pbl.ca (Aleksandar Milivojevic) Date: Fri Oct 1 16:33:47 2004 Subject: Is it possible to encrypt file symmetrically with 1 (one) command line? In-Reply-To: <20040930221223.GR20251@dionysus.chud.net> References: <415C79CD.6000702@bluewin.ch> <20040930221223.GR20251@dionysus.chud.net> Message-ID: <415D6C5F.90902@pbl.ca> Chris De Young wrote: > On Thu, Sep 30, 2004 at 11:25:33PM +0200, Oleksiy Muzalyev wrote: > >>I call from VB2005: >> >>Shell("c:\gnupg\gpg.exe -a -c " & fileToEncrypt, AppWinStyle.NormalFocus) >> >>And console window opens and asks twice for the password. >> >>I would prefer to send the file path and password in one command. > > > Offhand I don't know of any switches that you can use to pass the > passphrase on the command line, though I might be missing one. If > it's acceptable to store the passphrase in a separate file (probably > no more risky that coding it into a script), you could use: > > gpg -a -c --batch --passphrase-fd n filename > > which will read the password from file descriptor n. 0 means standard > input, though that's not what you want in the case. Hm, why not using 0? I don't know how VB handles redirection of stdin/stdout between processes, however this works quite well in Perl on Unix: #! /usr/bin/perl $gpg_exe = "gpg"; @gpg_args = ($gpg_exe, "--quiet", "--batch", "--no-tty", "--passphrase-fd", "0", "-a", "-c", "blah"); open(FH, "|-") || exec @gpg_args or die "Can't execute GnuPG!"; print FH "passpharase\n"; close(FH) or die "Encryption failed!"; What this does is that it starts new gpg process, and ties its standard input to file handle of parent process (basically it creates a pipe between two processes). Then it sends the passpharase using this pipe. Note the newline at the end of passphrase. If this can be ported to VB on Windows, it *should* work (tm). P.S. To prevent this going into the wrong direction, yes I do know that having passphrase in code is insecure, and yes I do know there are couple of nice Perl modules for handling GnuPG, and yes I do know this is not the best way of controlling GnuPG from another process. This was just illustration, and for simple usage and with few precausions it works. -- Aleksandar Milivojevic Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7 From hmujtaba at forumsys.com Fri Oct 1 20:40:58 2004 From: hmujtaba at forumsys.com (Hasnain Mujtaba) Date: Fri Oct 1 20:38:15 2004 Subject: decryption failed: weak key Message-ID: <4DCE15B9C4E66F4CA967EBF64C53D64D67B3AF@bstn-exch1.forumsys.com> Hi Michael, Thank you for the detailed reply. I am just playing around with an open source OpenPGP implementation. I was debugging a problem with ElGamal encryption and to rule out entropy problems, I hard-coded the 192-bit session key with a fixed string of ones instead of reading it from /dev/random. Interestingly, only GPG catches the weak key, not any of the other tools I fed the encrypted file to. Regards, Hasnain. -----Original Message----- From: Michael Roth [mailto:mroth@nessie.de] Sent: Friday, October 01, 2004 7:53 AM To: Hasnain Mujtaba Cc: gnupg-users@gnupg.org Subject: Re: decryption failed: weak key Hasnain Mujtaba wrote: | I saw this message when decrypting a file encrypted with a 1536 | ElGamal key, 3DES symmetric cipher: A "weak key" is a special DES property. In DES there are 64 known weak keys. I think Blowfish has weak keys too. | gpg: WARNING: message was encrypted with a weak key in the symmetric | cipher. | gpg: decryption failed: weak key. | | Looks like GPG is checking for randomness property of the session key | after decrypting it out of the Public-key Encrypted Session key | packet. Correct? No. If you take a look in g10/des.c you will find a table containing all 64 known weak keys (search for "weak_key"). If gnupg creates a session key, it omits weak keys (take a look in g10/seskey.c, make_session_key). So I guess the message was not encrypted using gnupg? Would be nice to know which programm created the weak session key. Please also note: 3DES keys consist effectivly of 3 different DES keys, but GnuPG complains about weak keys if at least one of these three parts is a weak key. cu Michael Roth From johanw at vulcan.xs4all.nl Fri Oct 1 19:24:28 2004 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Fri Oct 1 20:58:04 2004 Subject: decryption failed: weak key In-Reply-To: <415D4517.60904@nessie.de> from Michael Roth at "Oct 1, 2004 01:52:55 pm" Message-ID: <200410011724.TAA01259@vulcan.xs4all.nl> Michael Roth wrote: >No. If you take a look in g10/des.c you will find a table containing all >64 known weak keys (search for "weak_key"). If gnupg creates a session >key, it omits weak keys (take a look in g10/seskey.c, make_session_key). I can understand that it doesn't encrypt to them, but why would it not decrypt with them? I can't see any security risk in that. And I too would like to know what application used that weak key. If it wasn't done deliberately (some implementations allow one to specify the symmetric key to use) it sounds like a backdoor. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From atom at suspicious.org Fri Oct 1 23:49:18 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Fri Oct 1 23:46:19 2004 Subject: decryption failed: weak key In-Reply-To: <415D4517.60904@nessie.de> References: <4DCE15B9C4E66F4CA967EBF64C53D64D67B3AE@bstn-exch1.forumsys.com> <415D4517.60904@nessie.de> Message-ID: <20041001174437.N23687@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 can gpg decrypt it with --expert? how about --override-session-key? curious... what happens if you use --show-session-key? would you mind posting the session key? there shouldn't be any harm in posting it, since we don't have the message. and if we did have the message, by now we know it's one of a small handful of possible session keys. ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "I offer here and now... to swallow an entire glass of PCBs and run a mile afterward... to be in danger you have got to take PCBs in quantities steadily over a long period of time, and probably be pregnant, which I don't intend to be." -- New York Governor Hugh Carey, 4 Mar 1981 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBXdDkAAoJEAx/d+cTpVciWXsH/1gobns8S8Q5Jl8EOlx+jmuR zl677YH2EHyTDMIBK2N5cTFhw04QMTBMLODQ22cmyDzgz5PkeBGJoE25UMQqrhP5 7kARRJ3NdFUCSNISxdjqOTTNf3cBdoJGQV5/bgszq1nIvUEcBhi7r5icu2qVHccv ROt/9nAqwL7rtTsyQQ90sk5dH3YgfircaB0mYoFpDNHxN38xRr04hbh0auhwCsm5 p0s7qtv+5v8ZdUsVtqcWg32MNxtweNZJHlRiDxZ6P3+tBS0xv729oMNUmkMiqLZK 4NbutJQZU45s+QX+VNMFSnRZM90ApTG3tOYJNqq/kLN2Wf8vOkqsOIxkUDr5ri8= =hQfV -----END PGP SIGNATURE----- From atom at suspicious.org Sat Oct 2 08:56:27 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Sat Oct 2 08:53:14 2004 Subject: Weaknesses in SHA-1 In-Reply-To: <20040928021550.F94659@willy_wonka> References: <3.0.5.32.20040922204843.012ffbe8@popc.ipa.net> <200409271156.NAA02621@vulcan.xs4all.nl> <20040927144930.GB5523__7534.50141423873$1096297653$gmane$org@jabberwocky.com> <20040927200700.GA8139__40965.5465315611$1096315808$gmane$org@jabberwocky.com> <20040928043412.GC9810@jabberwocky.com> <20040928021550.F94659@willy_wonka> Message-ID: <20041002025537.Q23687@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 with all this talk of (allegedly!) weak and broken hashes, i'd like to throw out a construct to combine 2 or more hashes and (it seems) make the construct more secure than either one of the hashes independently: take two or more hashes and XOR them. if i XOR the output of an SHA-1 and RIPEMD-160 hash, the only way to "break" the resulting hash would require breaking *both* SHA-1 and RIPEMD-160. the same mechanism can apply to more than two hashes as input, but i'm not enough of a math guy to figure out where is the point of diminishing return (or if there is such a point). intuitively, it seems (to me) that if N hashes are used as input, the protocol is secure as long as any one of the input hashes can not be broken. i'm also not enough of a math guy to figure out (quantifiably) what would be gained (or lost) by combining hashes of different sizes, and maybe even truncating the output. and no, the little voices in my head are not suggesting that this ~should~ be done because the sky is falling... they're just saying that this ~could~ be done, if the general consensus is that the sky will fall. OTOH, what if some secret agency known by three letters could break some hashes, but not others.... ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "The intifada is the Palestinian people's war of national liberation. We enthusiastically chose to become a colonialist society, ignoring international treaties, expropriating lands, transferring settlers from Israel to the occupied territories, engaging in theft and finding justification for all these activities... we established an apartheid regime." -- Michael Ben-Yair, Israel's attorney general, 1993-1996 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBXlEhAAoJEAx/d+cTpVciSakH/jpZkHdKceNAHu0z92GHijZf uqYbJlF49v9ZWf41/nVuL5U1IBcVvlelhmfhzoxmncWZM/5RT1loFNZhuTezvfke kERGvyclJCtlikPS4WyoBwYfsvvP5nEN6MqToA8Sn8DLBdPuNy7CdW7AlyME1rkN RGzTO7aJDKdq4yJicERVeopd5yCsqj68Y5jsukPg2RL1A7SiCY6gBqBBb5VBFtZK nIMPPGIdJn1jvLErGc0L+AP+L+CNtKKQIPX0jBquXH2Fmyvq+GTOwJl20GbZxSRK ST4IDJrjBt3hUMsGK2ZyN0/gBEnx6enQxki9i3iLpNfIXpaXbsmsKZNnbL6wm7o= =DrnD -----END PGP SIGNATURE----- From thomas at northernsecurity.net Sat Oct 2 10:46:40 2004 From: thomas at northernsecurity.net (Thomas =?iso-8859-1?Q?Sj=F6gren?=) Date: Sat Oct 2 10:43:25 2004 Subject: Weaknesses in SHA-1 In-Reply-To: <20041002025537.Q23687@willy_wonka> References: <3.0.5.32.20040922204843.012ffbe8@popc.ipa.net> <200409271156.NAA02621@vulcan.xs4all.nl> <20040927144930.GB5523__7534.50141423873$1096297653$gmane$org@jabberwocky.com> <20040927200700.GA8139__40965.5465315611$1096315808$gmane$org@jabberwocky.com> <20040928043412.GC9810@jabberwocky.com> <20040928021550.F94659@willy_wonka> <20041002025537.Q23687@willy_wonka> Message-ID: <20041002084639.GB7703@northernsecurity.net> On Sat, Oct 02, 2004 at 02:56:27AM -0400, Atom 'Smasher' wrote: > with all this talk of (allegedly!) weak and broken hashes, i'd like to > throw out a construct to combine 2 or more hashes and (it seems) make the > construct more secure than either one of the hashes independently: take > two or more hashes and XOR them. And this creates what? Neither a sha1 or ripemed verification is possible. r = H(H(M)) or H' = H(M) H' -> H1,H2 H" = H(H1 xor H2) r = H(H") seems to me are better options, the first obviously faster than the second. the security improvements? none i guess if you're using anything else than md5 or sha{0,1}. /Thomas -- == Encrypted e-mails preferred | GPG KeyID: 114AA85C -- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 481 bytes Desc: Digital signature Url : /pipermail/attachments/20041002/d74f8ac5/attachment.bin From dshaw at jabberwocky.com Sat Oct 2 15:47:23 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Sat Oct 2 16:04:48 2004 Subject: [Announce] GnuPG 1.3.90 released (development) Message-ID: <20041002134723.GB15332@jabberwocky.com> Hello! The latest release from the development branch of GnuPG is ready for public consumption. This is a branch to create what will very soon become GnuPG 1.4. As the version jump from 1.3.6 to 1.3.90 indicates, the 1.4 release is expected soon. We encourage people to try this development release and report any feedback or problems to gnupg-devel@gnupg.org. As always, note that while this code is stable enough for many uses, it is still the development branch. Mission-critical applications should use the 1.2.x stable branch. The files are available from: Gzipped: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.90.tar.gz (3.6M) ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.90.tar.gz.sig Bzip2ed: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.90.tar.bz2 (2.5M) ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.90.tar.bz2.sig MD5 checksums for the files are: c3f1a4b5134ad15aae5f93897c8294fa gnupg-1.3.90.tar.bz2 767cf77145ea4ce0df3b2ca6e86ce0a9 gnupg-1.3.90.tar.bz2.sig e3f8d36309bd63f05bae3b7371bcb994 gnupg-1.3.90.tar.gz 32a4376ae5a7a5b548bacd4d3a14816a gnupg-1.3.90.tar.gz.sig Noteworthy changes in version 1.3.90 (2004-10-01) ------------------------------------------------- * Readline support at all prompts is now available if the systems provides a readline library. The build time option --without-readline may be used to disable this feature. * Support for the OpenPGP smartcard is now enabled by default. Use the option --disable-card-support to build without support for smartcards. * New command "addcardkey" in the key edit menu to add subkeys to a smartcard. New command "keytocard" to transfer a key to a smartcard. The serial number of the card is show in secret key listings. * -K may now be used as an alias for --list-secret-keys. * HTTP Basic authentication is now supported for all HKP and HTTP keyserver functions, either through a proxy or via direct access. Enjoy! The GnuPG team (David, Stefan, Timo and Werner) _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From johanw at vulcan.xs4all.nl Sun Oct 3 01:14:23 2004 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Sun Oct 3 01:10:52 2004 Subject: [Announce] GnuPG 1.3.90 released (development) In-Reply-To: <20041002134723.GB15332@jabberwocky.com> from David Shaw at "Oct 2, 2004 09:47:23 am" Message-ID: <200410022314.BAA10947@vulcan.xs4all.nl> David Shaw wrote: >The latest release from the development branch of GnuPG is ready for >public consumption. I tested 1.3.90 on my old libc5 based Linux system and it compiles and works fine. Passes all tests and compatibility with pgp 2.6 is OK. I'll try it tomorrow on my Slackware 10 system. BTW, my buildscript containes the option --enable-tiger; I was surprised to see that the 1.3.90 configure script didn't barf on it but silently ignored it. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From shavital at mac.com Sun Oct 3 01:15:38 2004 From: shavital at mac.com (Charly Avital) Date: Sun Oct 3 01:12:52 2004 Subject: [Announce] GnuPG 1.3.90 released (development) In-Reply-To: <20041002134723.GB15332@jabberwocky.com> References: <20041002134723.GB15332@jabberwocky.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, built on MacOS X (10.3.5) PowerPC 750 (1.12) Darwin 7.5.0, with idea.c. No compiling problems, no usage problems. As usual, thanks for your work, and hoping 1.4 will also build as easily under oncoming MacOS X codename Tiger (10.4). Charly On Oct 2, 2004, at 9:47 AM, David Shaw wrote: > Hello! > > The latest release from the development branch of GnuPG is ready for > public consumption. This is a branch to create what will very soon > become GnuPG 1.4. As the version jump from 1.3.6 to 1.3.90 indicates, > the 1.4 release is expected soon. We encourage people to try this > development release and report any feedback or problems to > gnupg-devel@gnupg.org. > > As always, note that while this code is stable enough for many uses, > it is still the development branch. Mission-critical applications > should use the 1.2.x stable branch. > > The files are available from: > > [...] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.90 (Darwin) iD8DBQFBXzan8SG5rMkbCF4RAoR9AKCNMViU0kWpwu80hnwGC9dLZotUrwCfahYv 5CBHBjtsQ0XE+DUgZ0PBsUs= =aCDe -----END PGP SIGNATURE----- From shatadal at vfemail.net Sun Oct 3 01:29:16 2004 From: shatadal at vfemail.net (shatadal@vfemail.net) Date: Sun Oct 3 01:25:57 2004 Subject: Implications of using insecure memory Message-ID: <1096759756.b90348978578b@www.vfemail.net> Hi, I am a new user of gnupg. I use gnupg on my windows laptop and linux desktop. Thie first time I tried to run gpg on linux as a user I got the insecure memory warning: "gpg: WARNING: using insecure memory!" On reading the faq I read "On some systems (e.g., Windows) GnuPG does not lock memory pages and older GnuPG versions (<=1.0.4) issue the warning: gpg: Please note that you don't have secure memory This warning can't be switched off by the above option because it was thought to be too serious an issue. However, it confused users too much, so the warning was eventually removed" As a new user I want to know what are the implications of using gpg with insecure memory in windows and linux, how serious are they and what steps can I take to improve security? Does insecure memory mean that I should not use gpg on sych systems? Thanks, Shatadal. ------------------------------------------------- This mail sent through Virus Free Email http://www.vfemail.net From dshaw at jabberwocky.com Sun Oct 3 01:48:50 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Sun Oct 3 01:45:38 2004 Subject: [Announce] GnuPG 1.3.90 released (development) In-Reply-To: <200410022314.BAA10947@vulcan.xs4all.nl> References: <20041002134723.GB15332@jabberwocky.com> <200410022314.BAA10947@vulcan.xs4all.nl> Message-ID: <20041002234849.GE15332@jabberwocky.com> On Sun, Oct 03, 2004 at 01:14:23AM +0200, Johan Wevers wrote: > David Shaw wrote: > > >The latest release from the development branch of GnuPG is ready for > >public consumption. > > I tested 1.3.90 on my old libc5 based Linux system and it compiles and > works fine. Passes all tests and compatibility with pgp 2.6 is OK. > I'll try it tomorrow on my Slackware 10 system. > > BTW, my buildscript containes the option --enable-tiger; I was surprised > to see that the 1.3.90 configure script didn't barf on it but silently > ignored it. This is an autoconf thing, not a GnuPG thing. Configure scripts allow any options, legal or not. David From atom at suspicious.org Sun Oct 3 05:14:32 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Sun Oct 3 05:11:32 2004 Subject: Implications of using insecure memory In-Reply-To: <1096759756.b90348978578b@www.vfemail.net> References: <1096759756.b90348978578b@www.vfemail.net> Message-ID: <20041002230902.T23687@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Sat, 2 Oct 2004 shatadal@vfemail.net wrote: > As a new user I want to know what are the implications of using gpg with > insecure memory in windows and linux, how serious are they and what > steps can I take to improve security? Does insecure memory mean that I > should not use gpg on sych systems? ================= it means that sensitive information, such as a passphrase or secret key *might* be written to a disk swap space. if that happens, and someone stole your HD, they could search the disk and maybe find something that could compromise your key. i dunno about windoze, but on *nix you can solve this by setuid-ing the gpg binary... that would force it to only use secure memory (RAM) and not write to disk swap. ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "Microsoft shouldn't be broken up. It should be shut down." -- Bruce Schneier, 15 May 2000 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBX26dAAoJEAx/d+cTpVcikMwIAKed2kI0PgpxvWUc2OsTKMHg iSK7aLRDHPcyBCCpr7wIOkujN5xlNQdCCyWNY/gzLLb1Vl7YzDLRWcMKH/Gt47kK chl3iqCNtz8xIveUvR9UITCkIVzmlmVkSpAkxwpSR67vHR2b1aVrWruv4gyNYlly 2vEECFQBiG9jYaoyVlQqd+neqEqJoT/gISVqfx7RJLXCFAxuBTKHKg9aHc9InuoY FCo2VHExwPzwQBfJ7i6wHvTCnhaq5tfZNJhZRsvB1t3nrNRzWE4nIi26cwmlUiWo DuoqQP4YfeftlNtr5UZ/jGG/MOVMHY5hzZH+p5HOvMfx2xTdUIK2xibJAB8aOiw= =QzL/ -----END PGP SIGNATURE----- From ajaja at mail.ru Sun Oct 3 18:57:22 2004 From: ajaja at mail.ru (Alex Moroz) Date: Sun Oct 3 18:53:30 2004 Subject: [Announce] GnuPG 1.3.90 released (development) In-Reply-To: <20041002134723.GB15332@jabberwocky.com> References: <20041002134723.GB15332@jabberwocky.com> Message-ID: <899506412.20041003195722@mail.ru> Hello! I have a strange problem in my Mingw32 (GCC 3.4.2) build of GnuPG v1.3.90. An 'updpref' command not function. The programm crashes. GnuPG v1.3.6 build was OK. Hope for your help. -- Best regards, Alex. mailto:ajaja@mail.ru From pt at radvis.nu Sun Oct 3 20:09:33 2004 From: pt at radvis.nu (Per Tunedal Casual) Date: Sun Oct 3 20:05:41 2004 Subject: Weaknesses in SHA-1 In-Reply-To: <20041002084639.GB7703@northernsecurity.net> References: <3.0.5.32.20040922204843.012ffbe8@popc.ipa.net> <200409271156.NAA02621@vulcan.xs4all.nl> <20040927144930.GB5523__7534.50141423873$1096297653$gmane$org@jabberwocky.com> <20040927200700.GA8139__40965.5465315611$1096315808$gmane$org@jabberwocky.com> <20040928043412.GC9810@jabberwocky.com> <20040928021550.F94659@willy_wonka> <20041002025537.Q23687@willy_wonka> <20041002084639.GB7703@northernsecurity.net> Message-ID: <6.1.2.0.2.20041003200736.02d14060@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 10:46 2004-10-02, you wrote: >``-------------------------------------------------------------------- >---On >Sat, Oct 02, 2004 at 02:56:27AM -0400, Atom 'Smasher' wrote: >> with all this talk of (allegedly!) weak and broken hashes, i'd like >> to >> throw out a construct to combine 2 or more hashes and (it seems) >> make the >> construct more secure than either one of the hashes independently: >> take >> two or more hashes and XOR them. > >And this creates what? Neither a sha1 or ripemed verification is >possible. > >r = H(H(M)) > >or > >H' = H(M) >H' -> H1,H2 >H" = H(H1 xor H2) >r = H(H") > >seems to me are better options, the first obviously faster than the >second. >the security improvements? none i guess if you're using anything else >than md5 or sha{0,1}. > >/Thomas >-- Would you please supply a legend? I cannot interpret your mail. Per Tunedal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) iD8DBQFBYEBWaDDfzFT+2PIRAivPAJ4vsL6smPnIpNi3JtVEBj1Ji6xv9gCgmx4x xCf8H59B9DqrK6rlvAaRXAc= =TaZ4 -----END PGP SIGNATURE----- From thomas at northernsecurity.net Sun Oct 3 20:32:57 2004 From: thomas at northernsecurity.net (Thomas =?iso-8859-1?Q?Sj=F6gren?=) Date: Sun Oct 3 20:29:37 2004 Subject: Weaknesses in SHA-1 In-Reply-To: <6.1.2.0.2.20041003200736.02d14060@localhost> References: <200409271156.NAA02621@vulcan.xs4all.nl> <20040927144930.GB5523__7534.50141423873$1096297653$gmane$org@jabberwocky.com> <20040927200700.GA8139__40965.5465315611$1096315808$gmane$org@jabberwocky.com> <20040928043412.GC9810@jabberwocky.com> <20040928021550.F94659@willy_wonka> <20041002025537.Q23687@willy_wonka> <20041002084639.GB7703@northernsecurity.net> <6.1.2.0.2.20041003200736.02d14060@localhost> Message-ID: <20041003183256.GA4647@northernsecurity.net> On Sun, Oct 03, 2004 at 08:09:33PM +0200, Per Tunedal Casual wrote: > >r = H(H(M)) > > > >or > > > >H' = H(M) > >H' -> H1,H2 > >H" = H(H1 xor H2) > >r = H(H") > Would you please supply a legend? I cannot interpret your mail. r = H(M) means result of Hash of message M H' and H" are hash number one and two H' -> H1,H2 means that you should split hash number one into two parts /Thomas -- == Encrypted e-mails preferred | GPG KeyID: 114AA85C -- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 481 bytes Desc: Digital signature Url : /pipermail/attachments/20041003/01975d13/attachment.bin From ajaja at mail.ru Sun Oct 3 20:46:24 2004 From: ajaja at mail.ru (Alex Moroz) Date: Sun Oct 3 20:43:24 2004 Subject: [Announce] GnuPG 1.3.90 released (development) In-Reply-To: <899506412.20041003195722@mail.ru> References: <20041002134723.GB15332@jabberwocky.com> <899506412.20041003195722@mail.ru> Message-ID: <1179620959.20041003214624@mail.ru> Hello! M> I have a strange problem in my Mingw32 (GCC 3.4.2) build of GnuPG AM> v1.3.90. An 'updpref' command not function. The programm crashes. AM> GnuPG v1.3.6 build was OK. I commented line 1750 in g10/keyedit.c: //show_prefs(temp,NULL,1)) and crash disappeared. Why NULL? There is access to variable 'selfsig' (second param in show_prefs) in this function (line 1974 of keyedit.c): pref_ks=parse_sig_subpkt(selfsig->hashed, SIGSUBPKT_PREF_KS,&pref_ks_len); ^^^^^^^^^^^^^^^^ -- Best regards, Alex. mailto:ajaja@mail.ru From jharris at widomaker.com Mon Oct 4 01:51:25 2004 From: jharris at widomaker.com (Jason Harris) Date: Mon Oct 4 01:48:19 2004 Subject: new (2004-10-03) keyanalyze results (+sigcheck) Message-ID: <20041003235125.GD1671@p5.widomaker.com> New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2004-10-03/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the "permanent" files: 79053a2e03edf6a3324dfa4b46fcc0177e77fd17 10589904 preprocess.keys e8f443573ea05db4908831ed35cb98c3140a6105 6897803 othersets.txt f5c7d37d71fd64f32f484000e41eaab8601df629 2710276 msd-sorted.txt b0f152cbac2bff77aeed70a933fec6d7ac3e7b71 1484 index.html e56b83ea3068d7f87929aeef1fa029894423a948 2289 keyring_stats d11170fd0d7ebc6076133edeb19188ad8d84ab09 1065474 msd-sorted.txt.bz2 7cd126c4506db42334171656926237e52ddde0e8 26 other.txt ca08c537ae0cf6f3f359a28d30068a12eb33532a 1475388 othersets.txt.bz2 c904a97529bc45bc2880c959f3687c75d52df65a 4283158 preprocess.keys.bz2 f3d4b34d47ef12eec50507a9b192aebc63673950 10337 status.txt 2a53a143745e4ce8684a401678b6e13ebe47dcfd 211461 top1000table.html 0ae77abf029a97c9790ed0c3452217081cb9c487 30495 top1000table.html.gz 8e0e4496414bfb03500b8e23ea32480628798e82 10983 top50table.html 4b20fcf198dbb5f08dcdebec0da9bcd02f4dc4b1 2579 D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20041003/69338fed/attachment.bin From dshaw at jabberwocky.com Mon Oct 4 03:18:49 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Oct 4 03:15:34 2004 Subject: updpref problem In-Reply-To: <899506412.20041003195722@mail.ru> References: <20041002134723.GB15332@jabberwocky.com> <899506412.20041003195722@mail.ru> Message-ID: <20041004011849.GA10860@jabberwocky.com> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 251 bytes Desc: not available Url : /pipermail/attachments/20041003/5cc9a065/attachment-0001.bin From shatadal at vfemail.net Mon Oct 4 04:56:32 2004 From: shatadal at vfemail.net (shatadal@vfemail.net) Date: Mon Oct 4 04:53:12 2004 Subject: Implications of using insecure memory In-Reply-To: <20041002230902.T23687@willy_wonka> References: <1096759756.b90348978578b@www.vfemail.net> <20041002230902.T23687@willy_wonka> Message-ID: <1096858592.02c913acc4ea0@www.vfemail.net> Quoting Atom 'Smasher' : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On Sat, 2 Oct 2004 shatadal@vfemail.net wrote: > > > As a new user I want to know what are the implications of using gpg with > > insecure memory in windows and linux, how serious are they and what > > steps can I take to improve security? Does insecure memory mean that I > > should not use gpg on sych systems? > ================= > > it means that sensitive information, such as a passphrase or secret key > *might* be written to a disk swap space. if that happens, and someone > stole your HD, they could search the disk and maybe find something that > could compromise your key. > > i dunno about windoze, but on *nix you can solve this by setuid-ing the > gpg binary... that would force it to only use secure memory (RAM) and not > write to disk swap. > > > ...atom I use windows. Does that mean that I should not use gpg on windows? Or should I install some utility to wipe the disc swap space and use it every time after I have used gpg? Could you point me to any program which does this? ------------------------------------------------- This mail sent through Virus Free Email http://www.vfemail.net From atom at suspicious.org Mon Oct 4 05:00:29 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Mon Oct 4 04:57:16 2004 Subject: Implications of using insecure memory In-Reply-To: <1096858592.02c913acc4ea0@www.vfemail.net> References: <1096759756.b90348978578b@www.vfemail.net> <20041002230902.T23687@willy_wonka> <1096858592.02c913acc4ea0@www.vfemail.net> Message-ID: <20041003225826.T23687@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Sun, 3 Oct 2004 shatadal@vfemail.net wrote: > I use windows. Does that mean that I should not use gpg on windows? Or > should I install some utility to wipe the disc swap space and use it > every time after I have used gpg? Could you point me to any program > which does this? ======================== if you're concerned about security, you should consider getting rid of windoze (IMHO). ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "Our enemies are innovative and resourceful, and so are we. They never stop thinking about new ways to harm our country and our people, and neither do we" -- George "dubya" Bush, 5 Aug 2004 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBYLzVAAoJEAx/d+cTpVciDUEH/iKbfPkCLRpPJd8EvJPkcUPj qfo7eg+vARbfSYPXc/B8TFsuP3opT/b2mge/G5/sWQTgtKkRi6x0COpp0bbkeZsM OT82Iqc4ENf67e6DS41TKVSmFLkEUYFTAujGdCJi4APLcKVto0xuX4qtDAC6Sosp iSL5Mzjf/WC8e19wjGDszOERfy2fSnSRwZ7/nNhTaMpL3tTqPbhqClXeV1E9828S jsw5LU0xGTuxFsvVs1ZtuwxogjjxVSn7/3P5HWaSM5QoUSpSeVTMhCj6Y5ZB5hpz jf1RyviuMy8M2UmOsd9sZLNj0brRzM476wJGD74HIQtGlbJQJXdC3AHa+NwsI1E= =G5TB -----END PGP SIGNATURE----- From skquinn at xevious.kicks-ass.net Mon Oct 4 07:50:37 2004 From: skquinn at xevious.kicks-ass.net (Shawn K. Quinn) Date: Mon Oct 4 08:49:23 2004 Subject: Implications of using insecure memory In-Reply-To: <1096759756.b90348978578b@www.vfemail.net> References: <1096759756.b90348978578b@www.vfemail.net> Message-ID: <200410040050.50072.skquinn@xevious.kicks-ass.net> On Saturday 02 October 2004 18:29, shatadal@vfemail.net wrote: > Hi, > > I am a new user of gnupg. I use gnupg on my windows laptop and linux > desktop. Thie first time I tried to run gpg on linux as a user I got > the insecure memory warning: > > "gpg: WARNING: using insecure memory!" > > On reading the faq I read > > "On some systems (e.g., Windows) GnuPG does not lock memory pages and > older GnuPG versions (<=1.0.4) issue the warning: > > gpg: Please note that you don't have secure memory > > This warning can't be switched off by the above option because it was > thought to be too serious an issue. However, it confused users too > much, so the warning was eventually removed" > > As a new user I want to know what are the implications of using gpg > with insecure memory in windows and linux, how serious are they and > what steps can I take to improve security? Does insecure memory mean > that I should not use gpg on sych systems? The security risks from using Windows are such that I would be very leery of relying on an encryption application to provide any security on a Windows computer. As far as GNU/Linux, it's simple to get rid of this warning, you can simply run "chmod u+s `which gpg`" (GnuPG will detect that it's running setuid root and drop privileges). -- Shawn K. Quinn -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20041004/f597bfb9/attachment.bin From anibalrojas at gmail.com Mon Oct 4 12:30:09 2004 From: anibalrojas at gmail.com (=?ISO-8859-1?Q?An=EDbal_Rojas?=) Date: Mon Oct 4 12:26:55 2004 Subject: Special characters in passphrase not being recognized Message-ID: Hi, I am complety new to GnuPG, currently I am playing with version 1.2.1. With "Windows Privacy Tools" I managed to create a key where the passprhase contains special characters (accented characters and so on), when I do my tests using WPT everything works ok, but when I use gpg.exe (Windows 2K) it just doesn't recognize my passphrase. I hace done many tests changin the passphrase (through WPT) to include and excluse special characters, and the behavios looks consistent. There is no CAPS LOCK problem, etc. I have searched through the lists messages, faqs, etc. But I havent found anything useful. -- An?bal Rojas anibalrojas@gmail.com From shatadal at vfemail.net Mon Oct 4 19:11:17 2004 From: shatadal at vfemail.net (shatadal@vfemail.net) Date: Mon Oct 4 19:07:59 2004 Subject: Implications of using insecure memory In-Reply-To: <200410040050.50072.skquinn@xevious.kicks-ass.net> References: <1096759756.b90348978578b@www.vfemail.net> <200410040050.50072.skquinn@xevious.kicks-ass.net> Message-ID: <1096909877.46596568892d5@www.vfemail.net> Quoting "Shawn K. Quinn" : > On Saturday 02 October 2004 18:29, shatadal@vfemail.net wrote: > > Hi, > > > > I am a new user of gnupg. I use gnupg on my windows laptop and linux > > desktop. Thie first time I tried to run gpg on linux as a user I got > > the insecure memory warning: > > > > "gpg: WARNING: using insecure memory!" > > > > On reading the faq I read > > > > "On some systems (e.g., Windows) GnuPG does not lock memory pages and > > older GnuPG versions (<=1.0.4) issue the warning: > > > > gpg: Please note that you don't have secure memory > > > > This warning can't be switched off by the above option because it was > > thought to be too serious an issue. However, it confused users too > > much, so the warning was eventually removed" > > > > As a new user I want to know what are the implications of using gpg > > with insecure memory in windows and linux, how serious are they and > > what steps can I take to improve security? Does insecure memory mean > > that I should not use gpg on sych systems? > > The security risks from using Windows are such that I would be very > leery of relying on an encryption application to provide any security > on a Windows computer. > > As far as GNU/Linux, it's simple to get rid of this warning, you can > simply run "chmod u+s `which gpg`" (GnuPG will detect that it's running > setuid root and drop privileges). Another poster also talked about getting rid of windows. However I do need to run windows from time to time. Also I do not have root access on my linux machine (it is used at work). So does that mean that gpg is not for me? Or is there anything available which could erase the swap space anytime I want? I just looked around in the M$ knowledgebase and it has a workaround to clear the pagefile at shutdown. Is that a useful compromise? > > -- > Shawn K. Quinn > ------------------------------------------------- This mail sent through Virus Free Email http://www.vfemail.net From twoaday at freakmail.de Mon Oct 4 19:37:30 2004 From: twoaday at freakmail.de (Timo Schulz) Date: Mon Oct 4 19:38:46 2004 Subject: Special characters in passphrase not being recognized In-Reply-To: References: Message-ID: <20041004173730.GA16785@daredevil.joesixpack.net> On Mon Oct 04 2004; 06:30, An?bal Rojas wrote: > 1.2.1. With "Windows Privacy Tools" I managed to create a key where > the passprhase contains special characters (accented characters and so > on), when I do my tests using WPT everything works ok, but when I use In earlier versions of WinPT the UTF-8 support was broken. It is still not complete but WinPT 0.9.12 has a workaround for this. Timo -- Colt at WinPT.org keyid BF3DF9B4 (http://www.winpt.org) WinPT (http://www.stud.uni-hannover.de/~twoaday/winpt.html) From malte.gell at gmx.de Mon Oct 4 19:49:13 2004 From: malte.gell at gmx.de (Malte Gell) Date: Mon Oct 4 19:46:22 2004 Subject: Implications of using insecure memory In-Reply-To: <1096858592.02c913acc4ea0@www.vfemail.net> References: <1096759756.b90348978578b@www.vfemail.net> <20041002230902.T23687@willy_wonka> <1096858592.02c913acc4ea0@www.vfemail.net> Message-ID: <200410041949.13589.malte.gell@gmx.de> On Monday 04 October 2004 04:56, shatadal@vfemail.net wrote: > Quoting Atom 'Smasher' : [...] > > i dunno about windoze, but on *nix you can solve this by setuid-ing > > the gpg binary... that would force it to only use secure memory > > (RAM) and not write to disk swap. > > I use windows. Does that mean that I should not use gpg on windows? > Or should I install some utility to wipe the disc swap space and use > it every time after I have used gpg? Could you point me to any > program which does this? You can tell Windows to clean the swap file with a simple registry entry, see http://www.winguides.com/registry/display.php/244/ But this is really only a minor issue concerning the severe vulnerabilities that emerged over the last few years. Malte From amilivojevic at pbl.ca Mon Oct 4 20:27:56 2004 From: amilivojevic at pbl.ca (Aleksandar Milivojevic) Date: Mon Oct 4 20:20:48 2004 Subject: Implications of using insecure memory In-Reply-To: <1096909877.46596568892d5@www.vfemail.net> References: <1096759756.b90348978578b@www.vfemail.net> <200410040050.50072.skquinn@xevious.kicks-ass.net> <1096909877.46596568892d5@www.vfemail.net> Message-ID: <4161962C.3020503@pbl.ca> shatadal@vfemail.net wrote: > Another poster also talked about getting rid of windows. However I do need to > run windows from time to time. Also I do not have root access on my linux > machine (it is used at work). So does that mean that gpg is not for me? Or is > there anything available which could erase the swap space anytime I want? I > just looked around in the M$ knowledgebase and it has a workaround to clear the > pagefile at shutdown. Is that a useful compromise? For Linux box, you can ask your sysadmin to install gpg with setuid bit set. For Windows and erasing the swap space, it depends on what it actually does (I'm not an Windows expert). If the file is simply "deleted" from the disk and recreated on next boot, nope it is not sufficient (blocks where the data is will be unalocated, but data on them will be intact until something else writes to that part of the disk). On the other hand if it overwrites the content of swap file with zeros (or does something similar), than you are kinda safe. It won't stop inteligence agency from recovering the data (see my previous reply), but it will stop almost anybody else. So, unless somebody can make millions $$$ out of your data, most likely nobody will bother to recover it. If after setting that registry setting time to shutdown machine becomes much longer, than it is most likely doing the right thing. Although, while machine is running, anything with access to swap file can read information from it. So it is not ideal solution. It is kind of in the middle. If shutdown time stays almost the same, than it is simply removing the file (marking file as deleted), which does not give you any more security. In that case setting that registry entry is pointless. -- Aleksandar Milivojevic Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7 From atom at suspicious.org Mon Oct 4 21:35:14 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Mon Oct 4 21:32:25 2004 Subject: Implications of using insecure memory In-Reply-To: <1096909877.46596568892d5@www.vfemail.net> References: <1096759756.b90348978578b@www.vfemail.net> <200410040050.50072.skquinn@xevious.kicks-ass.net> <1096909877.46596568892d5@www.vfemail.net> Message-ID: <20041004152916.A23687@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Mon, 4 Oct 2004 shatadal@vfemail.net wrote: > Another poster also talked about getting rid of windows. However I do > need to run windows from time to time. Also I do not have root access on > my linux machine (it is used at work). So does that mean that gpg is not > for me? ============== it's not that gpg isn't secure on windoze; it that *nothing* can be made secure in windoze. if you have a need to use pgp, GnuPG is great, but like any application it can't overcome deficiencies in the OS. use what you need to use, but if security (and/or reliability) is non-trivial you'll need to start using *nix or maybe mac-os. ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "Destroy the family, and the society will collapse." -- Vladimir Lenin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBYaX4AAoJEAx/d+cTpVciru0H/3Rz5ceU6F/7lN9h2OGUQmr0 poXpHQrvd9Y17ZV4X41G0JtjwklQE1V0ovloqwRVG1kqK5FX+aRevH81BQ3ezKby yfpX8sQw0bVJch15zQ/Mw2RP369aMmjLP1tWOki6QL2NoRd4EDULvEgfHlZkN0ft YJs/YaLsiLzRZ8dSbvVGLw/ybZWCjEO3k1qNkZPip74riHM/Mt5RFUGNEeu7JMoh blZGmVMAaOAMhz4ySJd8HHYmvf8/0xVO8ImP0XQD6SNnT70qeOyApxJyqSjGcMND dq4hUJBhujZUnz3lwFIIXuCHzdDNZpf627UAkofoJZ6P3Wu6hcLWGRTaxemCoE8= =7zGY -----END PGP SIGNATURE----- From atom at suspicious.org Mon Oct 4 21:46:10 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Mon Oct 4 21:42:55 2004 Subject: Implications of using insecure memory In-Reply-To: <4161962C.3020503@pbl.ca> References: <1096759756.b90348978578b@www.vfemail.net> <200410040050.50072.skquinn@xevious.kicks-ass.net> <1096909877.46596568892d5@www.vfemail.net> <4161962C.3020503@pbl.ca> Message-ID: <20041004153936.Y23687@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Mon, 4 Oct 2004, Aleksandar Milivojevic wrote: > For Linux box, you can ask your sysadmin to install gpg with setuid bit > set. ================== supplying a password to *any* application being run on a box that isn't under your direct administrative and physical control is a risk, and shouldn't be overlooked. however, it pales in comparison to using pgp/gpg on windows. in the case above, if we assume that the sysadmin is doing his job of keeping the computer secure, then the sysadmin is the only one who could compromise your key: this can be done with a trojan binary or just reading physical memory. with windoze, any half-wit script-kiddie or international data crook can get your key. ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "Sure, it's going to kill a lot of people, but they may be dying of something else anyway." -- Othal Brand, member of a Texas pesticide review board, comments on Chlordane -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBYaiIAAoJEAx/d+cTpVcizhIIAINQd09nYxVgDY7bbHBRwhf4 nw8c7aJDSdQwqummti9nhknSF7TdsNGt4ei8oCq9k0eCfebEUZbqZZSA97WVJ4+K 0YqCsiQdEQucnLLZKnx203ft/G2uLVNANov43RpQbOf8pJ6Ir2BnxVAOHa3S5dq1 QSCqYSN/Wo+r5sIxEHNqN8HmsHvpIqi6RLlETm6J7xxVCqNLIbuUMF6u8TiU4A/m dH6BwVs+7GM+NQGbAxfQ4rQY0IBMu8hOCcpwUl99BHpXVvLNCX2BDadziUcyawZF Oi4oMQ0cIp3gtUCwBWSUjbbZdc0DvmVl+sKcQmcEYd+iOXU5EhAmutqMPyNjKEM= =x5GQ -----END PGP SIGNATURE----- From ebenze at hotmail.com Mon Oct 4 20:31:31 2004 From: ebenze at hotmail.com (Eric B.) Date: Mon Oct 4 22:36:59 2004 Subject: Encrypting / decrypting without importing keys? Message-ID: Hi, I'm new to GnuPG and was wondering if it was possible to encrypt and/or decrypt without needing to first import the keys into gpg. I'm looking to use gpg to encrypt data from a web page, where the user specifies the public key to encrypt data, and then eventually a private key to decrypt it. Additionally, is there anyway I can specify the keys to use as coming from standard in or standard out instead of being file based? Thanks! Eric From ml at bitfalle.org Tue Oct 5 00:42:20 2004 From: ml at bitfalle.org (markus reichelt) Date: Mon Oct 4 22:40:18 2004 Subject: [Announce] GnuPG 1.3.90 released (development) In-Reply-To: <200410022314.BAA10947@vulcan.xs4all.nl> References: <20041002134723.GB15332@jabberwocky.com> <200410022314.BAA10947@vulcan.xs4all.nl> Message-ID: <20041004224220.GA4820@dantooine> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Johan Wevers wrote: > I tested 1.3.90 on my old libc5 based Linux system and it compiles and > works fine. Passes all tests and compatibility with pgp 2.6 is OK. > I'll try it tomorrow on my Slackware 10 system. it compiles just fine on my slack 10, make check produces no errors - -- Bastard Administrator in $hell -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBYdHMLMyTO8Kj/uQRAoZ5AJ9RROJ+H1ag2TBe+cjDKQ4AxtmkZQCgjG9s op3G5ZSvGoKQNljLaEaBl28= =pPfB -----END PGP SIGNATURE----- From anibalrojas at gmail.com Mon Oct 4 22:48:30 2004 From: anibalrojas at gmail.com (=?ISO-8859-1?Q?An=EDbal_Rojas?=) Date: Mon Oct 4 22:45:26 2004 Subject: Special characters in passphrase not being recognized In-Reply-To: <20041004173730.GA16785@daredevil.joesixpack.net> References: <20041004173730.GA16785@daredevil.joesixpack.net> Message-ID: But I have no proble using WPT, the problem arises when I use gpg.exe via the DOS console, I suppose it is related to the encoding but I use the DOS window with special characters without any other problem. On Mon, 4 Oct 2004 19:37:30 +0200, Timo Schulz wrote: > On Mon Oct 04 2004; 06:30, An?bal Rojas wrote: > > > 1.2.1. With "Windows Privacy Tools" I managed to create a key where > > the passprhase contains special characters (accented characters and so > > on), when I do my tests using WPT everything works ok, but when I use > > In earlier versions of WinPT the UTF-8 support was broken. It is still > not complete but WinPT 0.9.12 has a workaround for this. > > Timo > > -- > Colt at WinPT.org keyid BF3DF9B4 (http://www.winpt.org) > WinPT (http://www.stud.uni-hannover.de/~twoaday/winpt.html) > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- An?bal Rojas anibalrojas@gmail.com From atom at suspicious.org Mon Oct 4 22:57:11 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Mon Oct 4 22:54:04 2004 Subject: Encrypting / decrypting without importing keys? In-Reply-To: References: Message-ID: <20041004164637.K23687@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > I'm new to GnuPG and was wondering if it was possible to encrypt and/or > decrypt without needing to first import the keys into gpg. I'm looking > to use gpg to encrypt data from a web page, where the user specifies the > public key to encrypt data, and then eventually a private key to decrypt > it. > > Additionally, is there anyway I can specify the keys to use as coming > from standard in or standard out instead of being file based? ==================== you can save a key into a file and use something like: gpg --no-default-keyring --keyring key-file --trust-model always -ear user this hack allows an encryption key to be used without importing it. how to convert an ascii key into a binary key is an exercise i leave to the reader; it isn't that hard to do but an ascii key won't work. also, see if does most of what you need. it sounds like you'd have to tweak this, but the major work is done. ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "The sum of intelligence on the planet is a constant. The population is increasing." -- Cole's Axiom -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBYbktAAoJEAx/d+cTpVciVQgIAIL78J59FUKQMp0TORZ8e3NC N2GGnZpDCX2l4QM5FxUYB1jbc/QSPRAZUAUwFTEX1ysqHa651GpMJqcEvya02T45 zqRLOBlANfu3vgNU9h/1hJXCB0ynZQkldPcr/2RdBDX9vm5Tik/c9od71nNgJcph GQU29c5ZTG+jcBM7GPkr/MTnns7b/+ttJjO6yOLD7s5iEqbnEmIfp8cKLMbRMcLD +i7al0wTtN76aH+4vHkZUUyLv8aksGvfx6LtafelyV2syjPGf/a+7g9r9V0wCes5 gr3VLWq9Wo/P4gKriSS25a6HwCoIfiDjc3/6XKbk/1MJcSuxyLOLgjy8E/1Xqm4= =Y7x3 -----END PGP SIGNATURE----- From chd at chud.net Mon Oct 4 23:53:05 2004 From: chd at chud.net (Chris De Young) Date: Mon Oct 4 23:49:42 2004 Subject: Implications of using insecure memory In-Reply-To: <20041004152916.A23687@willy_wonka> References: <1096759756.b90348978578b@www.vfemail.net> <200410040050.50072.skquinn@xevious.kicks-ass.net> <1096909877.46596568892d5@www.vfemail.net> <20041004152916.A23687@willy_wonka> Message-ID: <20041004215305.GF994@dionysus.chud.net> > it's not that gpg isn't secure on windoze; it that *nothing* can be made > secure in windoze. > > if you have a need to use pgp, GnuPG is great, but like any application it > can't overcome deficiencies in the OS. use what you need to use, but if > security (and/or reliability) is non-trivial you'll need to start using > *nix or maybe mac-os. One thing to note in passing is that most of this worry applies to cases where other people besides you also have access to your windows box. If the box itself is physically secure and you're mostly worried about making sure the data in encrypted before it leaves the box, then running GnuPG on Windows should be just fine. Be aware that you still need to be a reasonably attentive Windows admin though, and protect the box from network-borne compromises; if a remote user can use a particular exploit to run their own code on your box without your permission then they can still exploit the probles discussed in this thread. It's up to you to decide what the cost of such a compromise might be compared with the cost of preventing it. For me, I don't think it's frankly much of a worry, but that's something you have to decide. Cheers, -Chris -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20041004/f9075684/attachment.bin From holtzm at sonic.net Tue Oct 5 03:15:41 2004 From: holtzm at sonic.net (Bob Holtzman) Date: Tue Oct 5 03:03:40 2004 Subject: Implications of using insecure memory In-Reply-To: <1096909877.46596568892d5@www.vfemail.net> References: <1096759756.b90348978578b@www.vfemail.net> <200410040050.50072.skquinn@xevious.kicks-ass.net> <1096909877.46596568892d5@www.vfemail.net> Message-ID: On Mon, 4 Oct 2004 shatadal@vfemail.net wrote: > Another poster also talked about getting rid of windows. However I do need to > run windows from time to time. Also I do not have root access on my linux > machine (it is used at work). So does that mean that gpg is not for me? Or is > there anything available which could erase the swap space anytime I want? I > just looked around in the M$ knowledgebase and it has a workaround to clear the > pagefile at shutdown. Is that a useful compromise? Check out BCWipe -- Bob Holtzman "If you think you're getting free lunch, ......check the price of the beer!" From johanw at vulcan.xs4all.nl Tue Oct 5 04:28:44 2004 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Tue Oct 5 04:42:28 2004 Subject: Implications of using insecure memory In-Reply-To: <20041004153936.Y23687@willy_wonka> from "Atom 'Smasher'" at "Oct 4, 2004 03:46:10 pm" Message-ID: <200410050228.EAA01586@vulcan.xs4all.nl> Atom 'Smasher' wrote: >supplying a password to *any* application being run on a box that isn't >under your direct administrative and physical control is a risk, and >shouldn't be overlooked. however, it pales in comparison to using pgp/gpg >on windows. Well, I would feel more secure entering a password on my machine, which I have under physical control, when it has booted windows than when I would do it on a Linux machine who someone else controls. Of course, the fact that it uses a NAT router and firewall to enter the internet that has standard all ports from outside to inside closed helps. I have only set port 80 explicitly open, and since the windows 2000 or 98 don't run webservers it won't be of much use for an attacker. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From twoaday at freakmail.de Tue Oct 5 10:12:00 2004 From: twoaday at freakmail.de (Timo Schulz) Date: Tue Oct 5 10:14:16 2004 Subject: Special characters in passphrase not being recognized In-Reply-To: References: <20041004173730.GA16785@daredevil.joesixpack.net> Message-ID: <20041005081200.GC1298@daredevil.joesixpack.net> On Mon Oct 04 2004; 16:48, An?bal Rojas wrote: > But I have no proble using WPT, the problem arises when I use gpg.exe > via the DOS console, I suppose it is related to the encoding but I use > the DOS window with special characters without any other problem. The problem is that WinPT runs in CP1251 and the console is CP850 and GPG Linux tries to generate ISO-8859-1 output. Timo -- Colt at WinPT.org keyid BF3DF9B4 (http://www.winpt.org) WinPT (http://www.stud.uni-hannover.de/~twoaday/winpt.html) From anibalrojas at gmail.com Tue Oct 5 15:03:29 2004 From: anibalrojas at gmail.com (=?ISO-8859-1?Q?An=EDbal_Rojas?=) Date: Tue Oct 5 15:00:23 2004 Subject: Special characters in passphrase not being recognized In-Reply-To: <20041005081200.GC1298@daredevil.joesixpack.net> References: <20041004173730.GA16785@daredevil.joesixpack.net> <20041005081200.GC1298@daredevil.joesixpack.net> Message-ID: Umm, interesting DOS Code Pages. I'll be checking my configuration and post my experience here. Thanks Timo. On Tue, 5 Oct 2004 10:12:00 +0200, Timo Schulz wrote: > On Mon Oct 04 2004; 16:48, An?bal Rojas wrote: > > > But I have no proble using WPT, the problem arises when I use gpg.exe > > via the DOS console, I suppose it is related to the encoding but I use > > the DOS window with special characters without any other problem. > > The problem is that WinPT runs in CP1251 and the console is CP850 > and GPG Linux tries to generate ISO-8859-1 output. > > > > > Timo > > -- > Colt at WinPT.org keyid BF3DF9B4 (http://www.winpt.org) > WinPT (http://www.stud.uni-hannover.de/~twoaday/winpt.html) > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- An?bal Rojas anibalrojas@gmail.com From ajgpgml at tesla.inka.de Tue Oct 5 20:04:35 2004 From: ajgpgml at tesla.inka.de (Andreas John) Date: Tue Oct 5 20:20:26 2004 Subject: Encrypting / decrypting without importing keys? References: <20041004164637.K23687@willy_wonka> Message-ID: <00c601c4ab08$9a4f68c0$97d555d9@tesla> Hi! > you can save a key into a file and use something like: > > gpg --no-default-keyring --keyring key-file --trust-model always -ear user Actually you also have to add "--no-options" as there might be a multi-keyring-setup (one or more "--keyring file" in the gpg.conf). Unfortunately there is no "--no-keyrings-from-options" (or similar) which seems to bother no one :) Bye! From atom at suspicious.org Tue Oct 5 20:29:10 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Tue Oct 5 20:25:59 2004 Subject: Encrypting / decrypting without importing keys? In-Reply-To: <00c601c4ab08$9a4f68c0$97d555d9@tesla> References: <20041004164637.K23687@willy_wonka> <00c601c4ab08$9a4f68c0$97d555d9@tesla> Message-ID: <20041005142806.S23687@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Tue, 5 Oct 2004, Andreas John wrote: >> you can save a key into a file and use something like: >> >> gpg --no-default-keyring --keyring key-file --trust-model always -ear user > > Actually you also have to add "--no-options" as there might be a > multi-keyring-setup (one or more "--keyring file" in the gpg.conf). > Unfortunately there is no "--no-keyrings-from-options" (or similar) > which seems to bother no one :) ================== if the "user" that owns the process is doing all/most of the gpg usage that way, they ~probably~ don't have any other keyrings in their options file, but may find it convenient to set other things there. might be best to specify "--options file" and have a special file for the script that uses it in this non-standard way. ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "If Jesus Christ were to come today, people would not even crucify him. They would ask him to dinner, and hear what he had to say, and make fun of it." -- Thomas Carlyle -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBYuf7AAoJEAx/d+cTpVci9pYIAK3T+f3PV9DfBtgZzEN9RMUj SSVT76+A82riSmC9rc57nT+luKf9KbWxS1rLATSNVxnL1fDumSuwlcOTWWzLvjRG pkOYJXD6eDU+qPvLc1u/hoz0I1KvUvNYQipq9hDgGH4NrPbJgBpq2RKm75HSfT1w bxZRjVwyA+ZM5wjjTwn9kqnTs6Izd9CGD4xlujQ78FMUbLaS1MbzeG1+8xqIwBBS /ty7xlvuvm9RhEJfNnMg4Df9gylVQtm24NZNfRfIMe6LS7v+IEJb0/6dY8RpNa8M 3rYw8R1G7fZio7SEaWxevhuSkPeHIsyG9nKW3ji4umXH5ayQBP8lNYZMVb9F3W0= =Fr2P -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Tue Oct 5 22:08:42 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Oct 5 22:05:18 2004 Subject: Encrypting / decrypting without importing keys? In-Reply-To: <00c601c4ab08$9a4f68c0$97d555d9@tesla> References: <20041004164637.K23687@willy_wonka> <00c601c4ab08$9a4f68c0$97d555d9@tesla> Message-ID: <20041005200841.GA25841@jabberwocky.com> On Tue, Oct 05, 2004 at 08:04:35PM +0200, Andreas John wrote: > Hi! > > > > you can save a key into a file and use something like: > > > > gpg --no-default-keyring --keyring key-file --trust-model always -ear user > > Actually you also have to add "--no-options" as there might be a > multi-keyring-setup (one or more "--keyring file" in the gpg.conf). > Unfortunately there is no "--no-keyrings-from-options" (or similar) > which seems to bother no one :) If you want to specify which keyring to import to in a multi-keyring setup, specify the special one with "--primary-keyring". David From dshaw at jabberwocky.com Tue Oct 5 22:28:41 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Oct 5 22:25:16 2004 Subject: Implications of using insecure memory In-Reply-To: <20041004215305.GF994@dionysus.chud.net> References: <1096759756.b90348978578b@www.vfemail.net> <200410040050.50072.skquinn@xevious.kicks-ass.net> <1096909877.46596568892d5@www.vfemail.net> <20041004152916.A23687@willy_wonka> <20041004215305.GF994@dionysus.chud.net> Message-ID: <20041005202841.GB25841@jabberwocky.com> On Mon, Oct 04, 2004 at 02:53:05PM -0700, Chris De Young wrote: > > it's not that gpg isn't secure on windoze; it that *nothing* can be made > > secure in windoze. > > > > if you have a need to use pgp, GnuPG is great, but like any application it > > can't overcome deficiencies in the OS. use what you need to use, but if > > security (and/or reliability) is non-trivial you'll need to start using > > *nix or maybe mac-os. > > One thing to note in passing is that most of this worry applies to > cases where other people besides you also have access to your windows > box. If the box itself is physically secure and you're mostly worried > about making sure the data in encrypted before it leaves the box, then > running GnuPG on Windows should be just fine. > > Be aware that you still need to be a reasonably attentive Windows > admin though, and protect the box from network-borne compromises; if > a remote user can use a particular exploit to run their own code on > your box without your permission then they can still exploit the > probles discussed in this thread. > > It's up to you to decide what the cost of such a compromise might be > compared with the cost of preventing it. For me, I don't think it's > frankly much of a worry, but that's something you have to decide. Exactly. This is a very important point, but frequently lost in the discussion about secure memory in general, and Windows in particular. Sure, secure memory/running on a secure OS/inside a Faraday cage/disconnected from the network/etc is potentially safer, but it would be foolish to let the lack of these things stop you from using encryption at all. Just understand the limitations of what you are doing. There is a lot of benefit that can be derived from encryption, even if you are doing it on Windows. David From dshaw at jabberwocky.com Tue Oct 5 23:01:29 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Oct 5 22:58:04 2004 Subject: Encrypting / decrypting without importing keys? In-Reply-To: <20041005200841.GA25841@jabberwocky.com> References: <20041004164637.K23687@willy_wonka> <00c601c4ab08$9a4f68c0$97d555d9@tesla> <20041005200841.GA25841@jabberwocky.com> Message-ID: <20041005210129.GC25841@jabberwocky.com> On Tue, Oct 05, 2004 at 04:08:42PM -0400, David Shaw wrote: > On Tue, Oct 05, 2004 at 08:04:35PM +0200, Andreas John wrote: > > Hi! > > > > > > > you can save a key into a file and use something like: > > > > > > gpg --no-default-keyring --keyring key-file --trust-model always -ear user > > > > Actually you also have to add "--no-options" as there might be a > > multi-keyring-setup (one or more "--keyring file" in the gpg.conf). > > Unfortunately there is no "--no-keyrings-from-options" (or similar) > > which seems to bother no one :) > > If you want to specify which keyring to import to in a multi-keyring > setup, specify the special one with "--primary-keyring". (err.. when 1.4 is released) David From ebenze at hotmail.com Wed Oct 6 19:32:37 2004 From: ebenze at hotmail.com (Eric B.) Date: Wed Oct 6 19:29:31 2004 Subject: Encrypting / decrypting without importing keys? References: <20041004164637.K23687__26180.9799274944$1096923832$gmane$org@willy_wonka> Message-ID: > > I'm new to GnuPG and was wondering if it was possible to encrypt and/or > > decrypt without needing to first import the keys into gpg. I'm looking > > to use gpg to encrypt data from a web page, where the user specifies the > > public key to encrypt data, and then eventually a private key to decrypt > > it. > > > > Additionally, is there anyway I can specify the keys to use as coming > > from standard in or standard out instead of being file based? > ==================== > > you can save a key into a file and use something like: > > gpg --no-default-keyring --keyring key-file --trust-model always -ear user > > this hack allows an encryption key to be used without importing it. how to > convert an ascii key into a binary key is an exercise i leave to the > reader; it isn't that hard to do but an ascii key won't work. > > also, see if does most > of what you need. it sounds like you'd have to tweak this, but the major > work is done. Thanks! That was just what I needed. However, have a followup question though. I now need to programatically convert the ascii key to a binary key. Doing a quick export of a key in binary format and in armoured format, I noticed that I can base64 encode the binary key and get an almost exact match to the armoured format. However, there seem to be five characters on a newline (=oge7) that appear in the armoured key which are not my base64 conversion of the binary key. I can only assume them to be some form of a CRC check, but am not sure. Is there armoured version of the key always followed by a CRC check? If so, is it a CRC32 check? CRC24? etc? How can I tell when/where the key ends and the CRC checks starts? Does a armoured key always end with a specific character? Is there a doc which specifies the format of the armoured key somewhere? Thanks! Eric From dshaw at jabberwocky.com Wed Oct 6 20:17:34 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Oct 6 20:14:14 2004 Subject: Encrypting / decrypting without importing keys? In-Reply-To: References: <20041004164637.K23687__26180.9799274944$1096923832$gmane$org@willy_wonka> Message-ID: <20041006181734.GB2757@jabberwocky.com> On Wed, Oct 06, 2004 at 01:32:37PM -0400, Eric B. wrote: > Thanks! That was just what I needed. However, have a followup > question though. I now need to programatically convert the ascii > key to a binary key. Doing a quick export of a key in binary format > and in armoured format, I noticed that I can base64 encode the > binary key and get an almost exact match to the armoured format. > However, there seem to be five characters on a newline (=oge7) that > appear in the armoured key which are not my base64 conversion of the > binary key. I can only assume them to be some form of a CRC check, > but am not sure. Is there armoured version of the key always > followed by a CRC check? If so, is it a CRC32 check? CRC24? etc? > How can I tell when/where the key ends and the CRC checks starts? > Does a armoured key always end with a specific character? Is there > a doc which specifies the format of the armoured key somewhere? It's a CRC24, and you can tell it is there because it's always the last line, and it begins with an '=' sign. However, the CRC24 checksum is optional according to the standard (though both GnuPG and PGP always include it). RFC-2440 defines the format for OpenPGP, including the various details of armoring (which as you noticed is essentially base64). David From atom at suspicious.org Thu Oct 7 01:15:15 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Thu Oct 7 01:12:21 2004 Subject: Encrypting / decrypting without importing keys? In-Reply-To: References: <20041004164637.K23687__26180.9799274944$1096923832$gmane$org@willy_wonka> Message-ID: <20041006191054.C23687@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Wed, 6 Oct 2004, Eric B. wrote: > Thanks! That was just what I needed. However, have a followup question > though. I now need to programatically convert the ascii key to a binary > key. Doing a quick export of a key in binary format and in armoured format, > I noticed that I can base64 encode the binary key and get an almost exact > match to the armoured format. However, there seem to be five characters on > a newline (=oge7) that appear in the armoured key which are not my base64 > conversion of the binary key. I can only assume them to be some form of a > CRC check, but am not sure. Is there armoured version of the key always > followed by a CRC check? If so, is it a CRC32 check? CRC24? etc? How can > I tell when/where the key ends and the CRC checks starts? Does a armoured > key always end with a specific character? Is there a doc which specifies > the format of the armoured key somewhere? ================= something like this will read an ascii key from the file "key.asc" and write a binary key to file "key.binary": gpg --dearmor < key.asc > key.binary the "--dearmor" isn't very well documented, but among the things it can do is convert an ascii key into a binary key. ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "I am somehow less interested in the weight and convolutions of Einstein's brain than in the near certainty that people of equal talent have lived and died in cotton fields and sweatshops." -- Stephen Jay Gould -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBZHyJAAoJEAx/d+cTpVciyI4IAJNNdVd4puhO0rNpO5/X1wd9 wY93q3yAZ4C3JEYOA0nxmlF+fUroYX0eYCwEmEo4GDW4DmJKXTHATSJObmFDrWc/ ZiObPcjSKZADg2FrJCW8k74ZhA2FY7VhmDoAldKhftjGWM84HkwGcaRhcRdzJZkp KjcYGzHA13pm+wQNVW2QiAz66ehaIgQv1IfmVLtMZUy7DT+00D4mVjsz0BKKq+0i 8zH2J4VpVfJv3yv+4LcOoiLI0uwzPVVutNOL8HXNsq2ezBL/VI7YrvUVzk2wXXJw eJ7FcPCPqF721rrqpMw7AFMKRh8j1t+zay2gfyhIq61pLRYk9YrasdhIImjXu6Q= =PpZb -----END PGP SIGNATURE----- From cgamble at cpbinc.com Thu Oct 7 03:25:08 2004 From: cgamble at cpbinc.com (chris gamble) Date: Thu Oct 7 03:22:22 2004 Subject: GPG compatibility to PGP 6.0 or above Message-ID: <41649AF4.9050003@cpbinc.com> I work with a small company that needs to receive encrypted files from a vendor. The vendor is specifying that the public key that we provide them be compatible with PGP 6.0 and above which i assume means using the IDEA algorithm. Does PGP 6.0 or above mean it uses the proprietary IDEA algorithm, and can pgp work with this (unfortunately in accordance with USA laws)? If so, are there java or COM components we can use to help build a service that decrypts these files? Thanks, Chris Gamble From dshaw at jabberwocky.com Thu Oct 7 04:47:12 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Thu Oct 7 04:43:51 2004 Subject: GPG compatibility to PGP 6.0 or above In-Reply-To: <41649AF4.9050003@cpbinc.com> References: <41649AF4.9050003@cpbinc.com> Message-ID: <20041007024712.GB6706@jabberwocky.com> On Wed, Oct 06, 2004 at 08:25:08PM -0500, chris gamble wrote: > I work with a small company that needs to receive encrypted files from a > vendor. The vendor is specifying that the public key that we provide > them be compatible with PGP 6.0 and above which i assume means using the > IDEA algorithm. > > Does PGP 6.0 or above mean it uses the proprietary IDEA algorithm, and > can pgp work with this (unfortunately in accordance with USA laws)? If > so, are there java or COM components we can use to help build a service > that decrypts these files? No, you are in luck. Generally, PGP 6 does not require IDEA. In fact, if you just generate a key with GnuPG, you should be able to give that key to your vendor and it will "just plain work". However, note the word "generally" in the above paragraph. PGP 6 does not follow the OpenPGP specification very closely, and so there is sometimes strange non-standard behavior. GnuPG can work with IDEA, though it does not ship with IDEA included for the obvious reasons. Before going down the get-the-code-and-buy-a-licence route, try just generating a regular key. Chances are it will work just fine without IDEA. David From asmart at kingsdown.swindon.sch.uk Fri Oct 8 15:21:10 2004 From: asmart at kingsdown.swindon.sch.uk (Andy Smart) Date: Fri Oct 8 15:18:50 2004 Subject: Simple question I'm sure.. Message-ID: <41669446.8080106@kingsdown.swindon.sch.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi I've read the documentation I have, and I'm still not sure about this one. I use gnupg at home and at work, with two different key pairs 'tied' to two different email addresses. Sometimes I post to newsgroups at home which, normally, I'd sign with my work sig. Can I have both keypairs on my home machine? If I can, how to I take a copy of my work keypair to my home pc andy -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBZpRGqmlxlf41jHgRAowQAJ9eEG7MOgMTpOsbBjqcQaDnTsU/+wCeN4l7 LNQlGAR3BqHzddafly2hC00= =dGKD -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: asmart.vcf Type: text/x-vcard Size: 313 bytes Desc: not available Url : /pipermail/attachments/20041008/45366183/asmart.bin From areiner at tph.tuwien.ac.at Fri Oct 8 15:48:43 2004 From: areiner at tph.tuwien.ac.at (Albert Reiner) Date: Fri Oct 8 15:45:19 2004 Subject: Simple question I'm sure.. In-Reply-To: <41669446.8080106@kingsdown.swindon.sch.uk> References: <41669446.8080106@kingsdown.swindon.sch.uk> Message-ID: [Andy Smart , Fri, 08 Oct 2004 14:21:10 +0100]: > Sometimes I post to newsgroups at home which, normally, I'd sign with my > work sig. Can I have both keypairs on my home machine? If I can, how to > I take a copy of my work keypair to my home pc Do gpg --export-secret-keys > file at work, and import the key at home. You will then have to sign with -u and the key id. Albert. From hmujtaba at forumsys.com Fri Oct 8 18:11:43 2004 From: hmujtaba at forumsys.com (Hasnain Mujtaba) Date: Fri Oct 8 18:09:17 2004 Subject: decryption failed: weak key Message-ID: <4DCE15B9C4E66F4CA967EBF64C53D64D190413@bstn-exch1.forumsys.com> Hi Michael, I am working with Cryptix OpenPGP provider. I ran into a problem where after 10,000 iterations the encryption code would start producing faulty PGP PublicKeyEncryptedSessionKey packets (I was using ElGamal/3DES). When I would try to decrypt the packets with GPG, I would see the error: gpg: public key decryption failed: wrong secret key used gpg: decryption failed: secret key not available. I suspected that they system was running out of entropy, perhaps. To rule out that possibility, I started hard-coding the session key using an array of all 0xFFs. Then, GPG would started throwing the message: gpg: WARNING: message was encrypted with a weak key in the symmetric cipher. gpg: decryption failed: weak key. So that's how it happened. Not because Cryptix OpenPGP was buggy, but because of my hard-coded debug values. I hope this answers your question. Regards Hasnain. -----Original Message----- From: Michael Roth [mailto:mroth@nessie.de] Sent: Friday, October 01, 2004 7:53 AM To: Hasnain Mujtaba Cc: gnupg-users@gnupg.org Subject: Re: decryption failed: weak key Hasnain Mujtaba wrote: | I saw this message when decrypting a file encrypted with a 1536 | ElGamal key, 3DES symmetric cipher: A "weak key" is a special DES property. In DES there are 64 known weak keys. I think Blowfish has weak keys too. | gpg: WARNING: message was encrypted with a weak key in the symmetric | cipher. | gpg: decryption failed: weak key. | | Looks like GPG is checking for randomness property of the session key | after decrypting it out of the Public-key Encrypted Session key | packet. Correct? No. If you take a look in g10/des.c you will find a table containing all 64 known weak keys (search for "weak_key"). If gnupg creates a session key, it omits weak keys (take a look in g10/seskey.c, make_session_key). So I guess the message was not encrypted using gnupg? Would be nice to know which programm created the weak session key. Please also note: 3DES keys consist effectivly of 3 different DES keys, but GnuPG complains about weak keys if at least one of these three parts is a weak key. cu Michael Roth From henkdebruijn at wanadoo.nl Fri Oct 8 19:33:59 2004 From: henkdebruijn at wanadoo.nl (Henk de Bruijn) Date: Fri Oct 8 19:30:34 2004 Subject: GnuPG 1.2.6 for Windows Message-ID: <1527666174.20041008193359@wanadoo.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Gnupg-Users, I thought I read somewhere about GnuPG 1.2.6. for Windows... Is that correct? - -- Henk ______________________________________________________________________ The Bat!? Natural Email System v3.0nl Professional on Windows XP SP2 PGPkey request: see headers or send email with subj.: send HenksKeyID Gossamer Spider Web of Trust http://gswot.webhop.info/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) Comment: with GPGshell for Windows 3.22 iD8DBQFBZs+HEgabk9vm5ngRAsPUAKCZQXs4VBZbY3JoF4yeTMKsYhsTIgCg6IP1 LWwup1MuASPxIxkE4kPwBXo= =xuak -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Sat Oct 9 00:11:38 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Sat Oct 9 00:08:17 2004 Subject: decryption failed: weak key In-Reply-To: <200410011724.TAA01259@vulcan.xs4all.nl> References: <415D4517.60904@nessie.de> <200410011724.TAA01259@vulcan.xs4all.nl> Message-ID: <20041008221138.GE26896@jabberwocky.com> On Fri, Oct 01, 2004 at 07:24:28PM +0200, Johan Wevers wrote: > Michael Roth wrote: > > >No. If you take a look in g10/des.c you will find a table containing all > >64 known weak keys (search for "weak_key"). If gnupg creates a session > >key, it omits weak keys (take a look in g10/seskey.c, make_session_key). > > I can understand that it doesn't encrypt to them, but why would it not > decrypt with them? I can't see any security risk in that. 1.4 will give a warning, but allow you to decrypt even with a weak key. As you say, there is no risk in decryption. David From sjokotof2004 at hotmail.com Fri Oct 8 13:05:17 2004 From: sjokotof2004 at hotmail.com (Sjokotof) Date: Sat Oct 9 00:17:48 2004 Subject: invalid packet (ctb=2d) Message-ID: Situation: - production system Win32 running PGP 6.5.8, daily decrypting a series of incoming files. - trial setup Win 32 running GnuPG 1.2.5, decrypting the same series of files. - Trial ran OK for months, with the exception of a few days ago, when one of the files choked GnuPG, but ran fine through GPG. Below the output. What can be done to get this decrypted by GnuPG? ======== gpg --list-packets gives: gpg: armor header: Version: PGP 6.5.8 :marker packet: 50 47 50 :pubkey enc packet: version 3, algo 16, keyid (ID1) data: [2047 bits] data: [2048 bits] gpg: public key is (SECONDARYKEY) gpg: using secondary key (SECONDARYKEY) instead of primary key (PRIMARYKEY) :encrypted data packet: length: unknown gpg: using secondary key (SECONDARYKEY) instead of primary key (PRIMARYKEY) gpg: encrypted with 2048-bit ELG-E key, ID (SECONDARYKEY), created 2001-04-09 "(RECIP)" gpg: CAST5 encrypted data :compressed packet: algo=1 :onepass_sig packet: keyid (ID2) version 3, sigclass 00, digest 2, pubkey 17, last=1 :literal data packet: mode b (62), created 0, name="rh370r01.rpt", raw data: 0 bytes gpg: [don't know]: invalid packet (ctb=2d) gpg: [don't know]: invalid packet (ctb=2d) gpg: WARNING: message was not integrity protected gpg: [don't know]: invalid packet (ctb=2d) ================================ gpg 1.2.5 gives: gpg: armor header: Version: PGP 6.5.8 gpg: public key is (SECONDARYKEY) gpg: using secondary key (SECONDARYKEY) instead of primary key (PRIMARYKEY) gpg: using secondary key (SECONDARYKEY) instead of primary key (PRIMARYKEY) gpg: encrypted with 2048-bit ELG-E key, ID (SECONDARYKEY), created 2001-04-09 "(RECIP)" gpg: CAST5 encrypted data gpg: original file name='rh370r01.rpt' gpg: Signature made 10/01/04 08:50:29 using DSA key ID (DSAKEYID) gpg: Good signature from "Merrill Lynch CLEAR system DH " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: (FINGERPRINT) gpg: binary signature, digest algorithm SHA1 gpg: WARNING: message was not integrity protected gpg: [don't know]: invalid packet (ctb=2d) ================================ pgp gives: Pretty Good Privacy(tm) Version 6.5.8 (c) 1999 Network Associates Inc. Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc. Export of this software may be restricted by the U.S. government. event 1: initial event 13: BeginLex event 8: Analyze File is encrypted. event 9: Recipients Secret key is required to read it. Key for user ID: (RECIP) 1024-bit DSS key, Key ID (KEY), created 2001/04/09 Key can sign. event 6: Passphrase event 23: Decryption symmetric cipher used: CAST5 event 11: Output options typecode: 0062 suggested name: rh370r01.rpt tempfile: created 'Copy of ba.$00' event 12: Signature Good signature from user "(SENDER)". Signature made 2004/10/01 06:50 GMT event 14: EndLex event 2: final savetemp: renaming 'Copy of ba.$00' to 'Copy of bad rh370r01.rpt.asc.04.10.01_02.50.txt' 0 memory frags found exitPGP: exitcode = 0 ============= From JPClizbe at comcast.net Sat Oct 9 08:29:15 2004 From: JPClizbe at comcast.net (John Clizbe) Date: Sat Oct 9 08:26:30 2004 Subject: GnuPG 1.2.6 for Windows In-Reply-To: <1527666174.20041008193359@wanadoo.nl> References: <1527666174.20041008193359@wanadoo.nl> Message-ID: <4167853B.7030604@comcast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Henk de Bruijn wrote: > Hello Gnupg-Users, > > I thought I read somewhere about GnuPG 1.2.6. for Windows... Is that > correct? 1.2.6 is the current STABLE_1_2 version I believe the fix from 1.2.5 to 1.2.6 was mostly to fix a *nix install problem. The only change windows users should see between the two is the version number. If you want to build your own binaries, 1.2.6 builds easily on Windows using the MinGW gcc compiler and MSYS shell. There are a couple places you can stumble in the process, but you can contact me off list if you want more information. - -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Our enemies are innovative and resourceful, and so are we. They never stop thinking about new ways to harm our country and our people, and neither do we." - Dumbya explaining his administration 5-Aug-2004 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.90 (Windows 2000 SP4) Comment: When cryptography is outlawed, b25seSBvdXRsYXdzIHdpbGwgdXNlIG Comment: Annoy John Asscraft -- Use Strong Encryption. Comment: It's YOUR right - for the time being. Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBZ4U5HQSsSmCNKhARAmrxAJ9jAB+OtfnvTF/NRCfqYv/mS/ZqMQCgkFpk kwV+PhIEQbIhA2zpDuj8rEw= =3sW7 -----END PGP SIGNATURE----- From JPClizbe at comcast.net Sat Oct 9 08:46:37 2004 From: JPClizbe at comcast.net (John Clizbe) Date: Sat Oct 9 08:43:58 2004 Subject: Simple question I'm sure.. In-Reply-To: <41669446.8080106@kingsdown.swindon.sch.uk> References: <41669446.8080106@kingsdown.swindon.sch.uk> Message-ID: <4167894D.6090408@comcast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andy Smart wrote: > Hi > > I've read the documentation I have, and I'm still not sure about this one. > > I use gnupg at home and at work, with two different key pairs 'tied' to > two different email addresses. > > Sometimes I post to newsgroups at home which, normally, I'd sign with my > work sig. Can I have both keypairs on my home machine? If I can, how to > I take a copy of my work keypair to my home pc > > andy Yes, It's easy to do. I currently have 27 keypair on my home machine: main key + 2 Jabber keys + 24 old X.509/SMime keys (6 addresses * 2 CAs * 2 years) At work (Windows, right?): gpg --export-secret-keys > A:\file.asc At home: gpg --import a:\file.asc You will need to set the trust on this imported key pair to Ultimate (I got the key ID from your message to the list): gpg --edit-key 0xFE358C78 trust Select '5' for 'Ultimate' (Y)es you really want to do this save to exit You can then set Enigmail to use the work key for signing newsgroup posts for that news account in Thunderbird/Mozilla. - -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Our enemies are innovative and resourceful, and so are we. They never stop thinking about new ways to harm our country and our people, and neither do we." - Dumbya explaining his administration 5-Aug-2004 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.90 (Windows 2000 SP4) Comment: When cryptography is outlawed, b25seSBvdXRsYXdzIHdpbGwgdXNlIG Comment: Annoy John Asscraft -- Use Strong Encryption. Comment: It's YOUR right - for the time being. Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBZ4lKHQSsSmCNKhARAik8AKCq6JLG/QrQ6ir9ISff06NlLHjd/wCeNnCD Egtx8uxnf/5yQWumnnJXse8= =Ym1v -----END PGP SIGNATURE----- From zuxy.meng at gmail.com Sat Oct 9 13:18:03 2004 From: zuxy.meng at gmail.com (Zuxy) Date: Sat Oct 9 13:15:11 2004 Subject: Will this SMTP server please the list? Message-ID: Oooooooooh this is my fourth try to post to this list. I've tried virtually all my email acounts and I hope this one works. Dear list manager, but your anti-spam rules are too strict! -- Zuxy Beauty is truth, While truth is beauty. PGP KeyID: E8555ED6 From zuxy.meng at gmail.com Sat Oct 9 14:14:41 2004 From: zuxy.meng at gmail.com (Zuxy) Date: Sat Oct 9 14:11:48 2004 Subject: Who can explain RSA key types for me? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 When running "gpg --expert --gen-keys", I have 6 key types for selection: (4) RSA (sign only) This is somewhat a DSA equivalent which can be used with a subkey for encryption? (6) RSA (sign & encrypt) This is a v4 equivalent for v3 RSA keys? One key to do it all? (8) RSA (sign & certify) What's this? And what's the meaning of "to certify"? Does gpg use "sign" for signing data and "certify" for signing other's pubkeys? (10) RSA (sign, encrypt and certify) And this one? And, when running "gpg --edit-key xxxxx", I note something called "key usage". Again, there's "C" for certification, "S" for signing, "E" for encryption and "A" for authentification. So what's the essence of these four letters (especially the difference between C, S and A)? Thank you all! - -- Zuxy Beauty is truth, While truth is beauty. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.90 (MingW32) - WinPT 0.9.12 iD8DBQFBZ9YR7wDCeOhVXtYRA/AjAKCD8B3n2sZSjp7Ufdnqs6d56jsyqACfUTWu pCu8jIw6mswK5+0iBBfnLzg= =zYhG -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Sat Oct 9 15:08:53 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Sat Oct 9 15:05:32 2004 Subject: Who can explain RSA key types for me? In-Reply-To: References: Message-ID: <20041009130853.GE28732@jabberwocky.com> On Sat, Oct 09, 2004 at 08:14:41PM +0800, Zuxy wrote: > And, when running "gpg --edit-key xxxxx", I note something called > "key usage". Again, there's "C" for certification, "S" for signing, > "E" for encryption and "A" for authentification. So what's the > essence of these four letters (especially the difference between C, > S and A)? Certification == signing someone's key Signing == signing some data (e.g. a file) Encryption == encrypting some data Authentication == signing a challenge to indicate you are who you say you are Authentication is the new one. It was only recently added to the OpenPGP standard. It could be used, for example, if you wanted to use your OpenPGP key for a SSH login. The flags can be set on any key, with some restrictions - Elgamal is an encrypt-only algorithm and cannot be C, S, or A. DSA is a sign-only algorithm and cannot be E. RSA can be anything. None of this is a special property of the key - it's just a flag given as a hint as to what purpose you intend to use the key for. I should note that this applies to the upcoming GnuPG 1.4. The current version does not have all of these options. David From atom at suspicious.org Sat Oct 9 22:37:55 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Sat Oct 9 22:35:04 2004 Subject: Who can explain RSA key types for me? In-Reply-To: <20041009130853.GE28732@jabberwocky.com> References: <20041009130853.GE28732@jabberwocky.com> Message-ID: <20041009163347.B29334@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Sat, 9 Oct 2004, David Shaw wrote: > Authentication is the new one. It was only recently added to the > OpenPGP standard. It could be used, for example, if you wanted to use > your OpenPGP key for a SSH login. ================================ is rfc2440bis-11 published? i'm finding dead links to bis-10 (which i've seen before) and bis-11 (which i haven't seen yet). what version is current? where do i find it? ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "You can't hold a man down without staying down with him." -- Booker T Washington -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBaEwqAAoJEAx/d+cTpVciGCEIAKk70ZTJCf2tSYEB99TCXc+q Oxe/AUCiuu7mN19PAqEc56sEE+6KueAmvNQN9TyEvCCcFn4CIwyV+BUfDJ90pMfN zFZ6bWAAlCU+Nm2Ax6yGA0GDlcA4zcZdJ6rcU70upQR4q2X6nsUqDAQhwK2NpFV+ KlVHDGRE4i0GQDEMZF8XMWSez9mE41iymp/MLZBw0uUYsQXjj6rjtNaHpwVNqtW3 cLkxrC3v7XV1HZ7Y/TMoPVpHDcJpcZQqLpQz6YbsxJvK1W2FpZcqw+iAM80TdWMM 9sjFRs+f8BARJtLZONPhbNIrmBqpb7XNmaFGw3X4CZ+bnlRQx/b1G4iPRt0OoYc= =aGfP -----END PGP SIGNATURE----- From asmart at kingsdown.swindon.sch.uk Mon Oct 11 08:39:11 2004 From: asmart at kingsdown.swindon.sch.uk (Andy Smart) Date: Mon Oct 11 08:36:19 2004 Subject: Thanks - was 'Simple Request' Message-ID: <416A2A8F.70606@kingsdown.swindon.sch.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks to everybody who provided information on this, I'm grateful :-) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBaiqOqmlxlf41jHgRAqagAKDHPmMHaVlp3qFAWX5WzV6LubGvZACeKsgr C/q0HHX8gv3zKEVjBiRcHaQ= =w88W -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: asmart.vcf Type: text/x-vcard Size: 313 bytes Desc: not available Url : /pipermail/attachments/20041011/8e5b3b8d/asmart.bin From sjokotof2004 at hotmail.com Mon Oct 11 11:56:35 2004 From: sjokotof2004 at hotmail.com (Sjokotof) Date: Mon Oct 11 11:57:59 2004 Subject: invalid packet (ctb=2d) References: Message-ID: Sjokotof hotmail.com> writes: > > Situation: > - production system Win32 running PGP 6.5.8, daily decrypting a series of > incoming files. > - trial setup Win 32 running GnuPG 1.2.5, decrypting the same series of > files. > - Trial ran OK for months, with the exception of a few days ago, when one > of the files choked GnuPG, but ran fine through GPG. > > Below the output. > What can be done to get this decrypted by GnuPG? Some additional info I got by issuing [y:\progra~1\gnupg\gpg.exe --verbose -- home y:\progra~1\gnupg --list-sigs]: y:/progra~1/gnupg\pubring.gpg ----------------------------- pub 1024D/ 2002-01-11 sig 2002-01-11 sub 2048g/ 2002-01-11 sig 2002-01-11 pub 1024D/ 2002-01-03 sig 2002-01-03 sub 2048g/ 2002-01-03 sig 2002-01-03 pub 1024D/ 2001-04-09 sig 2001-04-09 sub 2048g/ 2001-04-09 sig 2001-04-09 pub 1024D/ 1998-07-01 sig 1998-07-01 sig L 2001-04-09 sub 2048g/ 1998-07-01 sig 1998-07-01 Don't know if this is normal, but the last part shows a line starting with 'sig L' (no idea what this means) which contains a repeat of . Does this need cleaning up, and if so, how? Or is this unrelated to the original error? I would be grateful for any ideas here, thanks! S. From dshaw at jabberwocky.com Mon Oct 11 22:18:25 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Oct 11 22:15:03 2004 Subject: Who can explain RSA key types for me? In-Reply-To: <20041009163347.B29334@willy_wonka> References: <20041009130853.GE28732@jabberwocky.com> <20041009163347.B29334@willy_wonka> Message-ID: <20041011201824.GH12131@jabberwocky.com> On Sat, Oct 09, 2004 at 04:37:55PM -0400, Atom 'Smasher' wrote: > On Sat, 9 Oct 2004, David Shaw wrote: > > > Authentication is the new one. It was only recently added to the > > OpenPGP standard. It could be used, for example, if you wanted to use > > your OpenPGP key for a SSH login. > ================================ > > is rfc2440bis-11 published? i'm finding dead links to bis-10 (which i've > seen before) and bis-11 (which i haven't seen yet). > > what version is current? where do i find it? So far as I know, bis-10 is current. It seems to have expired from the IETF site. David From jharris at widomaker.com Mon Oct 11 23:14:42 2004 From: jharris at widomaker.com (Jason Harris) Date: Mon Oct 11 23:11:28 2004 Subject: Who can explain RSA key types for me? In-Reply-To: <20041011201824.GH12131@jabberwocky.com> References: <20041009130853.GE28732@jabberwocky.com> <20041009163347.B29334@willy_wonka> <20041011201824.GH12131@jabberwocky.com> Message-ID: <20041011211442.GA16175@p5.widomaker.com> On Mon, Oct 11, 2004 at 04:18:25PM -0400, David Shaw wrote: > On Sat, Oct 09, 2004 at 04:37:55PM -0400, Atom 'Smasher' wrote: > > is rfc2440bis-11 published? i'm finding dead links to bis-10 (which i've > > seen before) and bis-11 (which i haven't seen yet). > > > > what version is current? where do i find it? > > So far as I know, bis-10 is current. It seems to have expired from > the IETF site. The copy I downloaded directly on 2004-03-17 reports: %esha1sum draft-ietf-openpgp-rfc2440bis-10.txt 41955eb13602d9b0a29329b72516a4c90a5e299f 174229 draft-ietf-openpgp-rfc2440bis-10.txt Google shows a copy at allthingsemail.org. bis-11 was announced in Message-ID: <1A3A4A76-B029-11D8-8522-000A9568596C@callas.org> and has also expired, according to: http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-11.txt I never downloaded a copy of it, however. -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20041011/39faaeae/attachment.bin From jharris at widomaker.com Mon Oct 11 23:14:42 2004 From: jharris at widomaker.com (Jason Harris) Date: Mon Oct 11 23:13:24 2004 Subject: Who can explain RSA key types for me? In-Reply-To: <20041011201824.GH12131@jabberwocky.com> References: <20041009130853.GE28732@jabberwocky.com> <20041009163347.B29334@willy_wonka> <20041011201824.GH12131@jabberwocky.com> Message-ID: <20041011211442.GA16175@p5.widomaker.com> On Mon, Oct 11, 2004 at 04:18:25PM -0400, David Shaw wrote: > On Sat, Oct 09, 2004 at 04:37:55PM -0400, Atom 'Smasher' wrote: > > is rfc2440bis-11 published? i'm finding dead links to bis-10 (which i've > > seen before) and bis-11 (which i haven't seen yet). > > > > what version is current? where do i find it? > > So far as I know, bis-10 is current. It seems to have expired from > the IETF site. The copy I downloaded directly on 2004-03-17 reports: %esha1sum draft-ietf-openpgp-rfc2440bis-10.txt 41955eb13602d9b0a29329b72516a4c90a5e299f 174229 draft-ietf-openpgp-rfc2440bis-10.txt Google shows a copy at allthingsemail.org. bis-11 was announced in Message-ID: <1A3A4A76-B029-11D8-8522-000A9568596C@callas.org> and has also expired, according to: http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-11.txt I never downloaded a copy of it, however. -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20041011/39faaeae/attachment-0001.bin From DougB at dougbarton.net Tue Oct 12 01:52:55 2004 From: DougB at dougbarton.net (Doug Barton) Date: Tue Oct 12 01:50:05 2004 Subject: Who can explain RSA key types for me? In-Reply-To: <20041011211442.GA16175@p5.widomaker.com> References: <20041009130853.GE28732@jabberwocky.com> <20041009163347.B29334@willy_wonka> <20041011201824.GH12131@jabberwocky.com> <20041011211442.GA16175@p5.widomaker.com> Message-ID: <416B1CD7.1000507@dougbarton.net> You guys might be interested in the following: https://datatracker.ietf.org/public/pidtracker.cgi?command=search_list&search_job_owner=0&search_group_acronym=&search_status_id=&search_cur_state=&sub_state_id=6&search_filename=draft-ietf-openpgp-rfc2440bis&search_rfcnumber=&search_area_acronym=&search_button=SEARCH HTH, Doug -- If you're never wrong, you're not trying hard enough From zuxy.meng at gmail.com Tue Oct 12 06:33:36 2004 From: zuxy.meng at gmail.com (Zuxy) Date: Tue Oct 12 06:30:22 2004 Subject: Does GnuPG consider supporting more charsets? In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 I reckon lacking support for a specific display charset won't cause much trouble among users using the same language, because one language will mostly have only one common encoding beside utf-8. But for CJK (Chinese, Japanese and Korean), there're usually more than one encoding. For Chinese there're GB2312 (whose extension is GB18030, used in the Mainland), HZ (used in Hong Kong) and Big5 (used in Taiwan), so email users across the Taiwan strait do need utf-8 as an intermedium when sending encryped messages, if they don't know about PGP/MIME. Now GnuPG doesn't know about either GB2312 or Big5, and therefore treats the input as utf-8, and applies no conversion: Message encoded in GB2312 --> (gpg encrypting) --> Message decoded in Big5 So the Taiwanese receiptor will have an unreadable message. How does the current version of GnuPG handle the conversion between display charsets and utf-8? Thru libiconv or an internal translation table? And what will the upcoming GnuPG 1.4 do? If GnuPG use libiconv, I hope there won't be much work adding support for more display charsets. Thanks. - -- Zuxy Beauty is truth, While truth is beauty. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.90 (MingW32) - WinPT 0.9.12 iF0EAREDAB0FAkFqpWEWGGhrcDovL3N1YmtleXMucGdwLm5ldAAKCRDvAMJ46FVe 1hjRAKCSPHiUYPBJwTFeNuoy4JVM1u6r0gCg239hG5iFHKoK5syCRcVVxeDABgM= =/N0i -----END PGP SIGNATURE----- From JPClizbe at comcast.net Tue Oct 12 07:36:43 2004 From: JPClizbe at comcast.net (John Clizbe) Date: Tue Oct 12 07:33:50 2004 Subject: Who can explain RSA key types for me? In-Reply-To: <20041011201824.GH12131@jabberwocky.com> References: <20041009130853.GE28732@jabberwocky.com> <20041009163347.B29334@willy_wonka> <20041011201824.GH12131@jabberwocky.com> Message-ID: <416B6D6B.4030202@comcast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Shaw wrote: > On Sat, Oct 09, 2004 at 04:37:55PM -0400, Atom 'Smasher' wrote: >> On Sat, 9 Oct 2004, David Shaw wrote: >> >> > Authentication is the new one. It was only recently added to the >> > OpenPGP standard. It could be used, for example, if you wanted to use >> > your OpenPGP key for a SSH login. >> ================================ >> >> is rfc2440bis-11 published? i'm finding dead links to bis-10 (which i've >> seen before) and bis-11 (which i haven't seen yet). >> >> what version is current? where do i find it? > > So far as I know, bis-10 is current. It seems to have expired from > the IETF site. These should help: http://community.roxen.com/developers/idocs/drafts/draft-ietf-openpgp-rfc2440bis-10.html http://ref.allthingsemail.org/ids/ids/draft-ietf-openpgp-rfc2440bis-10.txt http://ftp.linux.cz/pub/internet-drafts/draft-ietf-openpgp-rfc2440bis-10.txt.gz - -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Our enemies are innovative and resourceful, and so are we. They never stop thinking about new ways to harm our country and our people, and neither do we." - Dumbya explaining his administration 5-Aug-2004 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.90 (Windows 2000 SP4) Comment: When cryptography is outlawed, b25seSBvdXRsYXdzIHdpbGwgdXNlIG Comment: Annoy John Asscraft -- Use Strong Encryption. Comment: It's YOUR right - for the time being. Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBa21qHQSsSmCNKhARAl1qAJ94OLBx1gcXVwp0UesqRqq0YRjGlwCfdqkb 1br/Vcz4lCOVcDqt6tw2b/Y= =yJFb -----END PGP SIGNATURE----- From Dirk.Traulsen at lypso.de Tue Oct 12 10:36:45 2004 From: Dirk.Traulsen at lypso.de (Dirk Traulsen) Date: Tue Oct 12 10:32:28 2004 Subject: --textmode and signing/clearsigning Message-ID: <416BB3BD.5948.353AD1@localhost> Hi, after reading the gpg man page, I have four questions concerning --textmode and signing. A citation from the gpg man-page: -t, --textmode Use canonical text mode. If -t (but not --textmode) is used together with armoring and signing, this enables clearsigned messages. This kludge is needed for PGP compatibility; normally you would use --sign or --clearsign to selected the type of the signature. 1. What is a cannonical text mode? I found no explanation in the man page or the gnu gpg handbook. I only found in an introduction to gpg from Brian Hatch: --text Using --text tells GPG that the file is ASCII text. When the file is decrypted on the other end, end-of-line sequences (CR/LF vs CR, etc) will be automatically converted, which is convenient. I assume, --text is the short of --textmode. Is his explanation correct and complete? 2. Why is there a difference between -t and --textmode? Why should it matter to pgp, whether gpg accepts a -t as a short form for --textmode? 3. Does this mean (gpg -seat) is clearsigning the message, but (gpg -sea --textmode) is signing it? 4. The difference between signing and clearsigning is that with clearsigning, the original text is preserved and fully readable even without a public key of the author and with signing, it gets compressed and safed in binary form. When I encrypt a text, it gets compressed anyway. Why does it make a difference, whether I use signing or clearsigning on a compressed text? Dirk From wk at gnupg.org Tue Oct 12 11:39:34 2004 From: wk at gnupg.org (Werner Koch) Date: Tue Oct 12 11:39:28 2004 Subject: Does GnuPG consider supporting more charsets? In-Reply-To: (zuxy.meng@gmail.com's message of "Tue, 12 Oct 2004 12:33:36 +0800") References: Message-ID: <87y8icl1gp.fsf@wheatstone.g10code.de> On Tue, 12 Oct 2004 12:33:36 +0800, Zuxy said: > How does the current version of GnuPG handle the conversion between > display charsets and utf-8? Thru libiconv or an internal translation > table? And what will the upcoming GnuPG 1.4 do? If GnuPG use That's an internal translation table which predates libiconv. I expected that utf-8 would get in widespread use much earlier but obviously this is not the case yet. We will see whether we can switch to libiconv for 1.4 Werner From wk at gnupg.org Tue Oct 12 11:52:59 2004 From: wk at gnupg.org (Werner Koch) Date: Tue Oct 12 11:54:27 2004 Subject: --textmode and signing/clearsigning In-Reply-To: <416BB3BD.5948.353AD1@localhost> (Dirk Traulsen's message of "Tue, 12 Oct 2004 10:36:45 +0200") References: <416BB3BD.5948.353AD1@localhost> Message-ID: <87sm8kl0uc.fsf@wheatstone.g10code.de> On Tue, 12 Oct 2004 10:36:45 +0200, Dirk Traulsen said: > I assume, --text is the short of --textmode. Yes. Though thes abreviations work on the command line only. > Is his explanation correct and complete? It is probably not complete but sufficient. > 2. Why is there a difference between -t and --textmode? > Why should it matter to pgp, whether gpg accepts a -t as a > short form for --textmode? There is no difference. The only thing is that for PGP 2 command line compatibility we use a few of the short option combinations in a special way. These PGP 2 kudges are however deprecated and may be removed in future versions. > 3. Does this mean > (gpg -seat) is clearsigning the message, but > (gpg -sea --textmode) is signing it? You can't clearsign and encrypt a message. "gpg -sat" is currently the same as "gpg --clearsign". "gpg -sa --texmode" is not. > 4. The difference between signing and clearsigning is that with > clearsigning, the original text is preserved and fully readable > even without a public key of the author and with > signing, it gets compressed and safed in binary form. It may or may not be comperssed depending on the other options. > When I encrypt a text, it gets compressed anyway. By default yes. > Why does it make a difference, whether I use signing or > clearsigning on a compressed text? The preferred method is to use PGP/MIME (rfc3156) and not clearsigning. If you sign files you should in general use a detached signature so that the file may be sued without processing it through gpg. If you file is plain ASCII --clearsign may be used to avoid the overhead of PGP/MIME and to make verification easier. If you use a different character set that ASCII or Latin-1 you better don't use --clearsign. Werner From wk at gnupg.org Tue Oct 12 12:00:53 2004 From: wk at gnupg.org (Werner Koch) Date: Tue Oct 12 12:04:25 2004 Subject: invalid packet (ctb=2d) In-Reply-To: (sjokotof2004@hotmail.com's message of "Mon, 11 Oct 2004 09:56:35 +0000 (UTC)") References: Message-ID: <87is9gl0h6.fsf@wheatstone.g10code.de> On Mon, 11 Oct 2004 09:56:35 +0000 (UTC), Sjokotof said: > L' (no idea what this means) which contains a repeat of . This indicates a local signature; i.e. a signature wchih won't get exported using using gpg --export. Werner From sjokotof2004 at hotmail.com Tue Oct 12 12:59:08 2004 From: sjokotof2004 at hotmail.com (Sjokotof) Date: Tue Oct 12 12:55:33 2004 Subject: invalid packet (ctb=2d) References: <87is9gl0h6.fsf@wheatstone.g10code.de> Message-ID: <1rfrwws5gs8aa$.1pwm5hvy9iufk.dlg@40tude.net> On Tue, 12 Oct 2004 12:00:53 +0200, Werner Koch wrote: > On Mon, 11 Oct 2004 09:56:35 +0000 (UTC), Sjokotof said: > >> L' (no idea what this means) which contains a repeat of . > > This indicates a local signature; i.e. a signature wchih won't get > exported using using gpg --export. > Thanks, Werner. Any idea whether this is normal, to have a sig that seems to belong to another key (third group in my posted listing) turning up in this one? (I have no idea how the original PGP rings were built, just imported them into GnuPG). S. From vedaal at hush.com Tue Oct 12 19:05:17 2004 From: vedaal at hush.com (vedaal@hush.com) Date: Tue Oct 12 19:01:55 2004 Subject: symmetric encryption to multiple recipients // multiple encrypted packets ? Message-ID: <200410121705.i9CH5HSY059764@mailserver2.hushmail.com> if someone wants to sign and symmetrically encrypt the same message to different recipients, [who don't like to carry their secret keys around ;-)], and doesn't want all the recipients to share the same passphrase, one can, of course, simply encrypt each message separately and send it separately, but is it possible to do in gnupg by using multiple symmetrically encrypted packets, each one with its own passphrase ? tia, vedaal Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 From atom at suspicious.org Tue Oct 12 22:01:35 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Tue Oct 12 21:58:31 2004 Subject: symmetric encryption to multiple recipients // multiple encryptedts ? In-Reply-To: <200410121705.i9CH5HSY059764@mailserver2.hushmail.com> References: <200410121705.i9CH5HSY059764@mailserver2.hushmail.com> Message-ID: <20041012155801.B29334@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Tue, 12 Oct 2004 vedaal@hush.com wrote: > but is it possible to do in gnupg by using multiple symmetrically > encrypted packets, each one with its own passphrase ? ================= not yet. ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "All that is necessary for the triumph of evil is for good men to do nothing." -- Edmund Burke -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBbDgkAAoJEAx/d+cTpVcibxQH/3hGifOEV6OWc3MV1x8MYi8J p9VRhL9JVD5cT7KNrY+MyVD4g660o/fD5+JsJwvno2BZuRt19mSz2JYWlFl7Oro6 73EF3h9pqm1v9cLDOe1RRj/WyYVQCwxV1wFBa5DuWfDLTZm5dO4EdYjiotn9IZVc kX+IIWjGD20kaokkWQgIzSEC0SEa32fjjssVkHryo3WqzvkXIr+51TSoY5o1rYF5 lgxYPjEML/0Qhw9ohr2PSV/6kpQcBQnQFb0y5wki+6eO/hwh01HW3aXkS5+T/QnP IPcUR++fF8nEJGjfOtw65PRk5jlq+nQAgXIpMZAYcURdYpCnru5prDFKcO/jngw= =ccBW -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Tue Oct 12 22:10:02 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Oct 12 22:06:46 2004 Subject: symmetric encryption to multiple recipients // multiple encrypted packets ? In-Reply-To: <200410121705.i9CH5HSY059764@mailserver2.hushmail.com> References: <200410121705.i9CH5HSY059764@mailserver2.hushmail.com> Message-ID: <20041012201001.GB6751@jabberwocky.com> On Tue, Oct 12, 2004 at 10:05:17AM -0700, vedaal@hush.com wrote: > if someone wants to sign and symmetrically encrypt the same message to > different recipients, > [who don't like to carry their secret keys around ;-)], > > and doesn't want all the recipients to share the same passphrase, > > one can, of course, simply encrypt each message separately and send it > separately, > > but is it possible to do in gnupg by using multiple symmetrically encrypted > packets, each one with its own passphrase ? GnuPG (1.4) can read such a message, but will not generate it. David From atom at suspicious.org Tue Oct 12 22:13:35 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Tue Oct 12 22:10:18 2004 Subject: symmetric encryption to multiple recipients // multiplepted packets ? In-Reply-To: <20041012201001.GB6751@jabberwocky.com> References: <200410121705.i9CH5HSY059764@mailserver2.hushmail.com> <20041012201001.GB6751@jabberwocky.com> Message-ID: <20041012161158.U29334@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Tue, 12 Oct 2004, David Shaw wrote: > GnuPG (1.4) can read such a message, but will not generate it. ================== i thought 1.2.x was also able to read them...? ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "Wars not make one great." -- Yoda -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBbDr0AAoJEAx/d+cTpVciXqUH/jxaewiz3g1xR1fCsKLByliM ik24L2i+74Igr+9yANQqqQ988j4HeshtxEhWirdluZQ3HpknDN2wWJladegAMJYb 5tBRJB2UZO5aSBy2C7LEUbXBEFzNHPgJ/DvbIM3TbDp/sMTOq+a4zHgBPZ+I2ppc VTXQLYF9TgZ5R1X6b7fCtqSfP6XYoWZrBz7dY7i0yGy5RLi/wrzU3M6RJnS0zkuR jNrwGtptNIABTMKODcMzaaFQ+qopBZHZpNJAmnPVaIVJ5FylsLPEMArcawWEToC5 vr7Twr979PP/kxRsLT6uY6TkcARWYGGZQTt347/waO4tAp/mq4sEH2nUhjcBL4w= =i13Z -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Tue Oct 12 22:26:49 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Oct 12 22:23:33 2004 Subject: symmetric encryption to multiple recipients // multiplepted packets ? In-Reply-To: <20041012161158.U29334@willy_wonka> References: <200410121705.i9CH5HSY059764@mailserver2.hushmail.com> <20041012201001.GB6751@jabberwocky.com> <20041012161158.U29334@willy_wonka> Message-ID: <20041012202648.GC6751@jabberwocky.com> On Tue, Oct 12, 2004 at 04:13:35PM -0400, Atom 'Smasher' wrote: > On Tue, 12 Oct 2004, David Shaw wrote: > > > GnuPG (1.4) can read such a message, but will not generate it. > ================== > > i thought 1.2.x was also able to read them...? I'd have to dig into the changelogs to refresh my memory, but I believe you're right. David From atom at suspicious.org Tue Oct 12 22:34:19 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Tue Oct 12 22:31:08 2004 Subject: symmetric encryption to multiple recipients // multiplepted packets ? In-Reply-To: <20041012202648.GC6751@jabberwocky.com> References: <200410121705.i9CH5HSY059764@mailserver2.hushmail.com> <20041012201001.GB6751@jabberwocky.com> <20041012161158.U29334@willy_wonka> <20041012202648.GC6751@jabberwocky.com> Message-ID: <20041012163209.L29334@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 a more relevant question: what application can create such messages? not counting a hex editor ;) also, (when) is this feature planned to appear in GnuPG? ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "A function of free speech under our free system of government is to invite dispute. It may indeed best serve its high purposes when it induces a condition of unrest, creates dissatisfaction with conditions as they are, or even stirs people to anger." -- Supreme Court Justice William O. Douglas Terminiello v. Chicago (1949) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBbD/RAAoJEAx/d+cTpVciu1gH/i/8TKfro3XDQE+rjh07xrQb lfQImZ1cHHaJWAcigN+h7Uut1nSqkQat31UF25Pf9CykeWOeV9HOMIfLUTINP7mM xi+QAChXEdm6TvOmebYNkuehGg1372DNRMr9qvqCcn63foQvVv3JVT7IYK3U71Ut tmzJGdHrFTGpAWixkrSxZ1ecSDIVX11pA8BPPl4BO9SZ57YRSOl7pimri3E9XZs9 1dfbXGILCISV0qr35snZJ2FWUTKeYvbLe+dN09BKMwA+Qjgowq54Ztk4otNhZv8Y 8WuLGnKP7OuDAb8Ug5AvWEKT9w5sMiY6kLdHQsbmdVUG/vUXBJZTKAuOIgLNfyE= =h7M9 -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Tue Oct 12 22:47:30 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Oct 12 22:44:22 2004 Subject: symmetric encryption to multiple recipients // multiplepted packets ? In-Reply-To: <20041012163209.L29334@willy_wonka> References: <200410121705.i9CH5HSY059764@mailserver2.hushmail.com> <20041012201001.GB6751@jabberwocky.com> <20041012161158.U29334@willy_wonka> <20041012202648.GC6751@jabberwocky.com> <20041012163209.L29334@willy_wonka> Message-ID: <20041012204730.GE6751@jabberwocky.com> On Tue, Oct 12, 2004 at 04:34:19PM -0400, Atom 'Smasher' wrote: > a more relevant question: what application can create such messages? None that I know of. > also, (when) is this feature planned to appear in GnuPG? Not currently planned for 1.4. There are UI issues involved, since it involves prompting for multiple passphrases, and the --passphrase-fd method can only handle a single passphrase. David From dshaw at jabberwocky.com Tue Oct 12 23:05:26 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Oct 12 23:02:12 2004 Subject: invalid packet (ctb=2d) In-Reply-To: References: Message-ID: <20041012210526.GF6751@jabberwocky.com> On Fri, Oct 08, 2004 at 11:05:17AM +0000, Sjokotof wrote: > Situation: > - production system Win32 running PGP 6.5.8, daily decrypting a series of > incoming files. > - trial setup Win 32 running GnuPG 1.2.5, decrypting the same series of > files. > - Trial ran OK for months, with the exception of a few days ago, when one > of the files choked GnuPG, but ran fine through GPG. Very often, this error: > gpg: [don't know]: invalid packet (ctb=2d) means that the file is corrupt. A common way of corrupting files is to FTP them in ASCII mode instead of BINARY. How are your files being moved around? I understand that you successfully read this file with PGP, but which copy did you test with? The same one on the same box as GnuPG? David From zuxy.meng at gmail.com Wed Oct 13 08:31:30 2004 From: zuxy.meng at gmail.com (Zuxy) Date: Wed Oct 13 08:28:03 2004 Subject: What's "memory guard"? Message-ID: When installing you have the option to turn on this feature. -- Zuxy Beauty is truth, While truth is beauty. PGP KeyID: E8555ED6 From sjokotof2004 at hotmail.com Wed Oct 13 10:52:53 2004 From: sjokotof2004 at hotmail.com (Sjokotof) Date: Wed Oct 13 10:49:32 2004 Subject: invalid packet (ctb=2d) References: <20041012210526.GF6751@jabberwocky.com> Message-ID: David Shaw jabberwocky.com> writes: > > On Fri, Oct 08, 2004 at 11:05:17AM +0000, Sjokotof wrote: > > Situation: > > - production system Win32 running PGP 6.5.8, daily decrypting a series of > > incoming files. > > - trial setup Win 32 running GnuPG 1.2.5, decrypting the same series of > > files. > > - Trial ran OK for months, with the exception of a few days ago, when one > > of the files choked GnuPG, but ran fine through GPG. > > Very often, this error: > > > gpg: [don't know]: invalid packet (ctb=2d) > > means that the file is corrupt. A common way of corrupting files is > to FTP them in ASCII mode instead of BINARY. How are your files being > moved around? I use wget over FTP, which defaults to Binary mode. The files begin with -----BEGIN PGP MESSAGE-----, end with -----END PGP MESSAGE- ----. Would ASCII mode be better in this case? > I understand that you successfully read this file with PGP, but which > copy did you test with? The same one on the same box as GnuPG? You're right, I used the file's copy which is not the right thing to do when troubleshooting. However, GnuPG rejects the copy, too. To make sure, I've retested, by having PGP decrypt the file that's on the GnuPG box, working directly from the PGP box, reading the fil on the GnuPG box. Again, PGP works OK. I was hoping I only had to use some special switch on the commandline to get GPG to work... S. From wk at gnupg.org Wed Oct 13 14:31:37 2004 From: wk at gnupg.org (Werner Koch) Date: Wed Oct 13 14:34:28 2004 Subject: What's "memory guard"? In-Reply-To: (zuxy.meng@gmail.com's message of "Wed, 13 Oct 2004 14:31:30 +0800") References: Message-ID: <87u0syg5p2.fsf@wheatstone.g10code.de> On Wed, 13 Oct 2004 14:31:30 +0800, Zuxy said: > When installing you have the option to turn on this feature. But don't use it. It will be removed in future versions becuase far better memory checkers are now available. Werner From dshaw at jabberwocky.com Wed Oct 13 14:50:23 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Oct 13 14:47:10 2004 Subject: What's "memory guard"? In-Reply-To: References: Message-ID: <20041013125023.GB17554@jabberwocky.com> On Wed, Oct 13, 2004 at 02:31:30PM +0800, Zuxy wrote: > When installing you have the option to turn on this feature. Leave it off, unless you are developing code. It's a memory bounds checker. It's not very sophisticated (valgrind is better), but does serve to knock out some common cases. It also doesn't work on all platforms. David From Dirk.Traulsen at lypso.de Wed Oct 13 23:36:21 2004 From: Dirk.Traulsen at lypso.de (Dirk Traulsen) Date: Wed Oct 13 23:30:35 2004 Subject: file types for textmode and armor Message-ID: <416DBBF5.32107.AD57B7@localhost> Hi, I have some more questions concerning --textmode and --armor: 1. --textmode specifies a file as textfile, so while decryption gpg can adjust the end-of-file characters fitting to the actual system. What kind of files are candidates for --textmode? 2. When sent per e-mail, what kind of files could need armoring? How are they specified? 3. Does armoring a detached signature .sig file with "gpg -ba file" make sense? 4. In the gpg man-page under EXAMPLES there is "gpg -sb file". Why is it not just "gpg -b file"? Is there a difference? 5. Is there a place where I could find in-depth information about gpg? I read the man-page, the manual and what I could find on the net, but it is mostly for beginners. (Still thinking of myself as one, but trying to learn more...) Thanks Dirk From nico-linux-gnupg at schottelius.org Thu Oct 14 16:09:22 2004 From: nico-linux-gnupg at schottelius.org (Nico Schottelius) Date: Thu Oct 14 18:16:28 2004 Subject: Extracting information from a key Message-ID: <20041014140922.GF14931@schottelius.org> Hello! If I recieved a public key via E-Mail, but I am not sure whether I want to import it. Can gnupg before importing - display the ID of it (readable by other programs) - display E-Mail, Name - display signatures on the key - display other information (key type, length) ? Thanks for any help, Nico P.S.: Thank you David for the --status-fd hint, does mostly what I want! -- Keep it simple & stupid, use what's available. Please use pgp encryption: 8D0E 27A4 is my id. http://nico.schotteli.us | http://linux.schottelius.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 827 bytes Desc: not available Url : /pipermail/attachments/20041014/fee5a6e3/attachment-0001.bin From atom at suspicious.org Thu Oct 14 18:30:15 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Thu Oct 14 18:27:19 2004 Subject: Extracting information from a key In-Reply-To: <20041014140922.GF14931@schottelius.org> References: <20041014140922.GF14931@schottelius.org> Message-ID: <20041014122523.E29334@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Thu, 14 Oct 2004, Nico Schottelius wrote: > Hello! > > If I recieved a public key via E-Mail, but I am not sure whether > I want to import it. Can gnupg before importing > > - display the ID of it (readable by other programs) > - display E-Mail, Name > - display signatures on the key > - display other information (key type, length) > ? ============= gpg -v < keyfile this should show everything you're looking for. if you want to import it, just do: gpg --import < keyfile ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "In a time of universal deceit, telling the truth is a revolutionary act." -- George Orwell -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBbqmdAAoJEAx/d+cTpVcim3kIAJWghKYTgPQdo2rPSyKKZnHQ Gpnz0QCNmizJdpnwPlfPxgn3PuRTT01cXA1ewxHjWojVJyd4iZCOhcbzAoACJUWi lx6Nw7R90i/in0UZ3YZjd6X96TcaqgrJDeNlLvzbtXN0bPZX2xc9u3YlBwZ/CjhC U+lEg0aJlokOGz7YvMEB+20pzZUrP+rc4NxvgqtNlVCTVL5DqXx3x1+8MVFVwQv6 KMUe30tQGz2fxNBqar2d4WGSt0SNqNWV41eXHWjZCKnsB8lZT4oIXe+YfHcPM7sA YZJCeTHpnHgSPq8BQxehJtLs87gZnOtgV9hiDwdE5ZNf1W9KmSUBpmBS2K06t9w= =yFNC -----END PGP SIGNATURE----- From wk at gnupg.org Thu Oct 14 18:33:33 2004 From: wk at gnupg.org (Werner Koch) Date: Thu Oct 14 18:34:28 2004 Subject: file types for textmode and armor In-Reply-To: <416DBBF5.32107.AD57B7@localhost> (Dirk Traulsen's message of "Wed, 13 Oct 2004 23:36:21 +0200") References: <416DBBF5.32107.AD57B7@localhost> Message-ID: <87lle99s4i.fsf@wheatstone.g10code.de> On Wed, 13 Oct 2004 23:36:21 +0200, Dirk Traulsen said: > 1. --textmode specifies a file as textfile, so while decryption > gpg can adjust the end-of-file characters fitting to the > actual system. > What kind of files are candidates for --textmode? None. Better don't use it at all for plain files. > 2. When sent per e-mail, what kind of files could need armoring? > How are they specified? Use PGP/MIME as specified in RFC3156 > 3. Does armoring a detached signature .sig file with > "gpg -ba file" make sense? Yes if you want to write some instructions into the file; they are not protected by the signature but may give the user a hint waht this file is about. > 4. In the gpg man-page under EXAMPLES there is "gpg -sb file". > Why is it not just "gpg -b file"? Is there a difference? This is common to pgp 2 users. > 5. Is there a place where I could find in-depth information > about gpg? I read the man-page, the manual and what I could > find on the net, but it is mostly for beginners. > (Still thinking of myself as one, but trying to learn more...) RFC2440 describes the protocol and thus many of gpg's fucntions. Shalom-Salam, Werner From wk at gnupg.org Thu Oct 14 22:56:04 2004 From: wk at gnupg.org (Werner Koch) Date: Thu Oct 14 22:59:31 2004 Subject: Extracting information from a key In-Reply-To: <20041014140922.GF14931@schottelius.org> (Nico Schottelius's message of "Thu, 14 Oct 2004 16:09:22 +0200") References: <20041014140922.GF14931@schottelius.org> Message-ID: <871xg19fyz.fsf@wheatstone.g10code.de> On Thu, 14 Oct 2004 16:09:22 +0200, Nico Schottelius said: > - display the ID of it (readable by other programs) > - display E-Mail, Name > - display signatures on the key > - display other information (key type, length) Some ietms are displayed with -i Werner From hmujtaba at forumsys.com Thu Oct 14 23:50:56 2004 From: hmujtaba at forumsys.com (Hasnain Mujtaba) Date: Thu Oct 14 23:48:05 2004 Subject: file types for textmode and armor Message-ID: <4DCE15B9C4E66F4CA967EBF64C53D64D19041E@bstn-exch1.forumsys.com> Hi, Not sure why Werner recommends not using --textmode for plain text files? Doesn't the RFC say that plain text should be canonicalized prior to encryption and signing? Hasnain. -----Original Message----- From: gnupg-users-bounces@gnupg.org [mailto:gnupg-users-bounces@gnupg.org] On Behalf Of Werner Koch Sent: Thursday, October 14, 2004 12:34 PM To: Dirk.Traulsen@gmx.de Cc: gnupg-users@gnupg.org Subject: Re: file types for textmode and armor On Wed, 13 Oct 2004 23:36:21 +0200, Dirk Traulsen said: > 1. --textmode specifies a file as textfile, so while decryption > gpg can adjust the end-of-file characters fitting to the > actual system. > What kind of files are candidates for --textmode? None. Better don't use it at all for plain files. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From zuxy.meng at gmail.com Fri Oct 15 06:40:55 2004 From: zuxy.meng at gmail.com (Zuxy) Date: Fri Oct 15 06:37:33 2004 Subject: file types for textmode and armor In-Reply-To: <4DCE15B9C4E66F4CA967EBF64C53D64D19041E@bstn-exch1.forumsys.com> References: <4DCE15B9C4E66F4CA967EBF64C53D64D19041E@bstn-exch1.forumsys.com> Message-ID: It causes trouble, when you exchange plain text messages between somebody who use a different encoding than yours. On Thu, 14 Oct 2004 17:50:56 -0400, Hasnain Mujtaba wrote: > > > Hi, > > Not sure why Werner recommends not using --textmode for plain text > files? Doesn't the RFC say that plain text should be canonicalized prior > to encryption and signing? > > Hasnain. -- Zuxy Beauty is truth, While truth is beauty. PGP KeyID: E8555ED6 From wk at gnupg.org Fri Oct 15 10:27:00 2004 From: wk at gnupg.org (Werner Koch) Date: Fri Oct 15 10:29:32 2004 Subject: file types for textmode and armor In-Reply-To: <4DCE15B9C4E66F4CA967EBF64C53D64D19041E@bstn-exch1.forumsys.com> (Hasnain Mujtaba's message of "Thu, 14 Oct 2004 17:50:56 -0400") References: <4DCE15B9C4E66F4CA967EBF64C53D64D19041E@bstn-exch1.forumsys.com> Message-ID: <87mzyo8jzf.fsf@wheatstone.g10code.de> On Thu, 14 Oct 2004 17:50:56 -0400, Hasnain Mujtaba said: > Not sure why Werner recommends not using --textmode for plain text > files? Doesn't the RFC say that plain text should be canonicalized prior Its a long time ago that the world was not 8 bit clean and thus binary transfers don't do any harm anymore. With respect to the CR/LF conversions beween different systems I consider this an task for frontends, mailers, editors etc. Werner From mdenn at cns.tstc.edu Wed Oct 13 20:38:31 2004 From: mdenn at cns.tstc.edu (Mike Denn) Date: Fri Oct 15 10:59:44 2004 Subject: Outlook 2003 problem Message-ID: <79B0DD7E06D346478898E8615BC4371E921E08@cns3.grace.local> Did anyone ever answer Jon Barlow's question about PGP sending an empty Outlook message. I have installed WinPT and the GnuPG-Plugin on two different machines running XP and Outlook 2003. I can send from one without any problems. I receive the encrypted message on the other machine and de-encrypt without any problems. When I try to send back a message I send a blank message. The setup looks the same, but I am verifying one more time. Michael L. Denn Department Chairman Network Security Technology, TSTC - Waco (254) 867-3853 mike.denn@tstc.edu www.NetworkSecurityTech.com "This e-mail is for the intended recipient only. If an addressing or transmission error has misdirected this e-mail, please notify the sender by replying to this e-mail. If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on this e-mail. The opinions expressed in this message are those of the author and not necessarily those of Texas State Technical College. From Paul.Lawson at acxiom.com Thu Oct 14 23:51:59 2004 From: Paul.Lawson at acxiom.com (Lawson Paul - plawso) Date: Fri Oct 15 10:59:50 2004 Subject: Error Message Message-ID: <3E54A6BA1EAFD311AD75009027DEA5C02681855D@conmsx04.corp.acxiom.net> Does anyone know what the error message: gpg: [don't know]: invalid packet (ctb=60) is trying to tell me? Thanks, Paul D. Lawson OSDESA Sys Admin (501) 342-7621 Ofc (501) 580-7287 Cell mailto:Paul.Lawson@acxiom.com ********************************************************************** The information contained in this communication is confidential, is intended only for the use of the recipient named above, and may be legally privileged. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please re-send this communication to the sender and delete the original message or any copy of it from your computer system. Thank You. From pipworld at yahoo.com Fri Oct 15 05:19:01 2004 From: pipworld at yahoo.com (Pip Jones) Date: Fri Oct 15 10:59:55 2004 Subject: Can a new version use old keys? Message-ID: <416F41A5.4060600@yahoo.com> I've recently been forced to upgrade from 1.0.6 to 1.2.1 and am having trouble decrypting. Do I need to regenerate the keys or should the old keys still work in the new version? I'm encrypting on Linux and decrypting on Windows, something which has been working fine for years with 1.0.6. thanks. From pipworld at yahoo.com Fri Oct 15 10:09:22 2004 From: pipworld at yahoo.com (Pip Jones) Date: Fri Oct 15 10:59:58 2004 Subject: Decryption of truncated data? Message-ID: <416F85B2.8050309@yahoo.com> Is it possible to decrypt a data block which has the first 43 bytes missing?! I inherited a wrapper script which was removing the PGP headers and footers using hard-coded string lengths, but after a GPG upgrade, the headers changed length and this part of the data was truncated. I've now got lots of small data blocks (around 1k) I need to decrypt. I know this is unlikely due to the damaged structure of the encrypted data, CRCs, etc. but is there any way of recovering the partial remaining data? thanks. From twoaday at freakmail.de Fri Oct 15 11:27:19 2004 From: twoaday at freakmail.de (Timo Schulz) Date: Fri Oct 15 11:20:18 2004 Subject: Outlook 2003 problem In-Reply-To: <79B0DD7E06D346478898E8615BC4371E921E08@cns3.grace.local> References: <79B0DD7E06D346478898E8615BC4371E921E08@cns3.grace.local> Message-ID: <1097832439.2028.5.camel@colt> Am Mit, 2004-10-13 um 20.38 schrieb Mike Denn: > Did anyone ever answer Jon Barlow's question about PGP sending an empty > Outlook message. I have installed WinPT and the GnuPG-Plugin on two > different machines running XP and Outlook 2003. I can send from one What version of the plugin you are using? The original or the modified version? Timo From linux at codehelp.co.uk Fri Oct 15 13:19:32 2004 From: linux at codehelp.co.uk (Neil Williams) Date: Fri Oct 15 13:19:00 2004 Subject: Can a new version use old keys? In-Reply-To: <416F41A5.4060600@yahoo.com> References: <416F41A5.4060600@yahoo.com> Message-ID: <200410151219.35520.linux@codehelp.co.uk> On Friday 15 October 2004 4:19 am, Pip Jones wrote: > I've recently been forced to upgrade from 1.0.6 to 1.2.1 and am having > trouble decrypting. Do I need to regenerate the keys or should the old > keys still work in the new version? More information needed, but generally the keys will continue to work. There are some keys that 1.2.1 can use that 1.0.6 cannot so it's best to upgrade anyway. > I'm encrypting on Linux and decrypting on Windows, something which has > been working fine for years with 1.0.6. So what (exactly) is the error message? What kind of keys are you using (gpg --list-key keyid) What are you using to decrypt on Windows? WinPT or PGP? Can you decrypt the files on GNU/Linux? (i.e. before you send them) Can you decrypt files sent from the Windows box on the GNU/Linux box? How are you transferring the files? Are you using ASCII armour for the encrypted files? (Make sure if you are then using FTP to use ASCII transfer, not binary). -- Neil Williams ============= http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20041015/f4e3bd42/attachment-0001.bin From dshaw at jabberwocky.com Fri Oct 15 14:13:46 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Fri Oct 15 14:10:45 2004 Subject: Error Message In-Reply-To: <3E54A6BA1EAFD311AD75009027DEA5C02681855D@conmsx04.corp.acxiom.net> References: <3E54A6BA1EAFD311AD75009027DEA5C02681855D@conmsx04.corp.acxiom.net> Message-ID: <20041015121345.GD14854@jabberwocky.com> On Thu, Oct 14, 2004 at 04:51:59PM -0500, Lawson Paul - plawso wrote: > Does anyone know what the error message: > > gpg: [don't know]: invalid packet (ctb=60) > > is trying to tell me? It means "corrupted message". Seven times out of ten, it means someone transferred the file via ASCII ftp instead of BINARY ftp and so got flipped bits. David From nico-linux-gnupg at schottelius.org Fri Oct 15 15:11:03 2004 From: nico-linux-gnupg at schottelius.org (Nico Schottelius) Date: Fri Oct 15 15:07:35 2004 Subject: Extracting information from a key In-Reply-To: <871xg19fyz.fsf@wheatstone.g10code.de> References: <20041014140922.GF14931@schottelius.org> <871xg19fyz.fsf@wheatstone.g10code.de> Message-ID: <20041015131103.GH695@schottelius.org> Werner Koch [Thu, Oct 14, 2004 at 10:56:04PM +0200]: > On Thu, 14 Oct 2004 16:09:22 +0200, Nico Schottelius said: > > > - display the ID of it (readable by other programs) > > - display E-Mail, Name > > - display signatures on the key > > - display other information (key type, length) > > Some ietms are displayed with -i Sounds good, but is there any promise the output won't change? Using scice% cat my-pgp-key | gpg -i pub 1024D/8D0E27A4 2003-01-12 Nico Schottelius (the penguin gets you) uid Nico Schottelius (the penguin gets you) uid Nico Schottelius (business) uid Nico Schottelius (the penguin gets you) sub 4096g/3976EA51 2003-01-12 [expires: 2007-01-11] sub 4096R/C251BAE5 2004-05-08 [expires: 2007-05-08] works fine, but when trying with --status-fd option (which I use for communication between my program and gpg) the output is still the same and using scice% cat my-pgp-key | gpg -i --status-fd 3 3>&1 >/dev/null does not display any output (`cat my-pgp-key | gpg -i --status-fd 3 3>&1` displays the same as just using gpg -i). `cat my-pgp-key | gpg -v` is as good/bad useable, as it's still human readable output, which is not bad, but which could perhaps change. Using scice% cat my-pgp-key | gpg -v --status-fd 3 3>&1 | grep 'GNUPG:' gpg: armor header: Version: GnuPG v1.2.5 (GNU/Linux) gpg: NOTE: signature key 401F6AA5 expired Wed Nov 13 16:03:36 2002 CET [GNUPG:] KEYEXPIRED 1037199816 [GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead I don't get any useful information. Are there any plans to realize putting this information to the status-channel, so other programs can simply extract this information? Or do you (the developers) tell me that the output of gpg -v or gpg -i will never change? If so, I'll be able to use the standard human output. Thanks for any information again, Nico -- Keep it simple & stupid, use what's available. Please use pgp encryption: 8D0E 27A4 is my id. http://nico.schotteli.us | http://linux.schottelius.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 827 bytes Desc: not available Url : /pipermail/attachments/20041015/ab18c263/attachment.bin From atom at suspicious.org Fri Oct 15 16:54:15 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Fri Oct 15 16:51:17 2004 Subject: Extracting information from a key In-Reply-To: <20041015131103.GH695@schottelius.org> References: <20041014140922.GF14931@schottelius.org> <871xg19fyz.fsf@wheatstone.g10code.de> <20041015131103.GH695@schottelius.org> Message-ID: <20041015105208.J29334@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Fri, 15 Oct 2004, Nico Schottelius wrote: > Sounds good, but is there any promise the output won't change? ========= if you want the output to be readable by a script and/or stable for the foreseeable future, use "--with-colons". - -- ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "If the [Foreign Corrupt Practices] Law were applied to the president and the political parties, they'd all be sitting in the cooler." -- Raymond Plank, president Apache Corp., noting that an annual questionnaire he signs under that law requires him to attest that his company doesn't bribe foreign officials for business (USA Today, 10/26/1998) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBb+ScAAoJEAx/d+cTpVcigTEIAJZ9vDGNyjXVCd2WUF3ZG5EW P43/1+dE8ftIjPvO4D2IWPmchz/1W4DIUVCnTHc3aa/vkx5EnC8t8IIL+1B1WBBI 35Zs1Q39H//yxTZNdEx3yEG6Kj4Oxy2+S5GPw1iScBq3fyhxdxuI+dmXjUA0G/BZ KIhy6lFJUY6wuj4dBcNBMiLG25+1HXC9PzwUxq3RyetB08+VAA11mrCkK3k5GDMn ZS+Vydahnu1n2WwVTy1WvF+z6NPp7ojTrFyvXiF4pl7lqZ76cFRAsoHJ2NhsaE2T WVk/TI6yCMv3BqY9hz3GkfgUFF121KwimId01+IuI49lnuNViWs1dtLpZB+S/8M= =g3+e -----END PGP SIGNATURE----- From atom at suspicious.org Fri Oct 15 16:56:33 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Fri Oct 15 16:53:19 2004 Subject: Can a new version use old keys? In-Reply-To: <416F41A5.4060600@yahoo.com> References: <416F41A5.4060600@yahoo.com> Message-ID: <20041015105539.E29334@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Fri, 15 Oct 2004, Pip Jones wrote: > I've recently been forced to upgrade from 1.0.6 to 1.2.1 and am having > trouble decrypting. Do I need to regenerate the keys or should the old > keys still work in the new version? > > I'm encrypting on Linux and decrypting on Windows, something which has > been working fine for years with 1.0.6. =============== check out the man page and other docs about "--rebuild-keydb-caches". - -- ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "They tell us that we live in a great free republic; that our institutions are democratic; that we are a free and self-governing people. That is too much, even for a joke. Wars throughout history have been waged for conquest and plunder. And that is war in a nutshell. The master class has always declared the wars; the subject class has always fought the battles." -- Eugene V. Debs, 1918 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBb+UnAAoJEAx/d+cTpVcidx4H/0bniYZ4lLPCev2XYero9/UZ 6do0wqKWzki+saNFlxgAy9z7eD5/HtM5HsNLCO44Qg6E+nx1nCdn68pjrILSEf7C mAj6vw3X8a/fD73X9A63g9ub12f5KWYE3pEgoKmvDUEmZQLuLdOncIYj4AmIEudP R9cBgy6HYdtr0d/bYobHEAzI+XJd0FP1vWklqtgXYAGI5X+TqhtoIw7NOss79bn/ BbLz+UB+7tCxucqIKzDdc4HNiFJ2LQh8QtKG6S2T+fNFffkhAo8uHXtL5KbghCKy GO8bYCZ7/1BZHvik9hflucWX7qndVAbDYHaJIlWyhfD7mC8U/C+YN5eymM804dI= =2rIB -----END PGP SIGNATURE----- From johanw at vulcan.xs4all.nl Fri Oct 15 19:49:03 2004 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Fri Oct 15 20:06:32 2004 Subject: Can a new version use old keys? In-Reply-To: <416F41A5.4060600@yahoo.com> from Pip Jones at "Oct 15, 2004 01:19:01 pm" Message-ID: <200410151749.TAA00940@vulcan.xs4all.nl> Pip Jones wrote: >I've recently been forced to upgrade from 1.0.6 to 1.2.1 and am having >trouble decrypting. Do I need to regenerate the keys or should the old >keys still work in the new version? There was a format change between 1.0.6 and 1.0.7 (to be honest, I think that 1.0.7 is a wrong version number; 1.2.0 would have been more accurate for that version. You should run gpg --rebuild-keydb-caches. In the tools directory of the source distribution, there is a script convert-from-106. You can use that too to convert the keys. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From dshaw at jabberwocky.com Sat Oct 16 14:46:21 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Sat Oct 16 15:02:11 2004 Subject: [Announce] GnuPG 1.3.91 released (development) Message-ID: <20041016124621.GA19126@jabberwocky.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello! The latest release from the development branch of GnuPG is ready for public consumption. This is a branch to create what will extremely soon become the new stable release of GnuPG 1.4. We strongly encourage people to try this development release and report any feedback or problems to gnupg-devel@gnupg.org. If you have been waiting until the 1.4 release is imminent before trying the code, that time is now. The files are available from: Gzipped: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.91.tar.gz (3.7M) ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.91.tar.gz.sig Bzip2ed: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.91.tar.bz2 (2.5M) ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.91.tar.bz2.sig or as a patch against the 1.3.90 source: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.90-1.3.91.diff.gz (1.9M) MD5 checksums for the files are: 839e1404fa7b59fb815f44527da2b821 gnupg-1.3.90-1.3.91.diff.gz bc03e5651387e996f122ecfdb970211b gnupg-1.3.91.tar.gz fb0f58ff5392c6c20759cd9de190c659 gnupg-1.3.91.tar.bz2 SHA1 checksums for the files are: eabf07abc4ca2deddfc917d55f340440331e2a0d gnupg-1.3.90-1.3.91.diff.gz d67a2d0fd640b1d38e3e34efa9430698c54e7a55 gnupg-1.3.91.tar.gz f1e9a9c00bd48165f7da0824504f2ee4551a5bf0 gnupg-1.3.91.tar.bz2 Noteworthy changes in version 1.3.91 (2004-10-15) - ------------------------------------------------- * A new configure option --enable-selinux-support disallows processing of confidential files used by gpg (e.g. secring.gpg). This helps writing ACLs for the SELinux kernel. * Support for fetching keys via finger has been added. This is useful for setting a preferred keyserver URL like "finger:wk@g10code.com". * Timeout support has been added to the keyserver helpers. This allows users to set an upper limit on how long to wait for the keyserver before giving up. * New "direct" trust model where users can set key validity directly if they do not want to participate in the web of trust. * Minor bug fixes, code and string cleanups. Enjoy! The GnuPG team (David, Stefan, Timo and Werner) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.91-cvs (GNU/Linux) iGoEARECACoFAkFxGB0jGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2tleS5h c2MACgkQ4mZch0nhy8mnQgCfS+jst/eis2ZMQte8KrAvemYruPQAoMGcKpvBXtsO 7yB1ZQEScS64N09d =lVRT -----END PGP SIGNATURE----- _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From dshaw at jabberwocky.com Sat Oct 16 15:22:23 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Sat Oct 16 15:19:21 2004 Subject: Decryption of truncated data? In-Reply-To: <416F85B2.8050309@yahoo.com> References: <416F85B2.8050309@yahoo.com> Message-ID: <20041016132222.GC19126@jabberwocky.com> On Fri, Oct 15, 2004 at 06:09:22PM +1000, Pip Jones wrote: > Is it possible to decrypt a data block which has the first 43 bytes > missing?! > > I inherited a wrapper script which was removing the PGP headers and > footers using hard-coded string lengths, but after a GPG upgrade, the > headers changed length and this part of the data was truncated. I've now > got lots of small data blocks (around 1k) I need to decrypt. > > I know this is unlikely due to the damaged structure of the encrypted > data, CRCs, etc. but is there any way of recovering the partial > remaining data? Unfortunately, if you lost 43 bytes into a message, you lost part of the session key. You won't be able to decrypt without the session key. However, are we talking about ASCII armored messages (i.e. "BEGIN PGP MESSAGE", etc) ? If so, then 43 bytes in may not even have touched the actual message data. It depends on how big the headers are. The default GnuPG headers are longer than 43 bytes. David From sckbr at alltel.net Sat Oct 16 16:17:33 2004 From: sckbr at alltel.net (Bob) Date: Sat Oct 16 16:14:41 2004 Subject: Archives Message-ID: <41712D7D.8090602@alltel.net> How do I locate the gnupg archives? I also need help with Thunderbird and it's "error" message informing me that I need to set up one or more personnel Public key for certificates, and would I like to do that now. When clicking "yes" nothing happens? Why is there a double Public key block? Thank you. Regards, Bob 0x0C9D3FB1188C8F29 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.2.3-nr1 (Windows XP) mQGiBEFpPCoRBADL9NUElEqVYzeJ8w6ZmvrfUGfceTra2HkH72sKYdBV0fZ+Nvfb 8JnRJzUZIdeilWGEROOQn+i6JfIKBq9Emnzi4IoR05+8gQRefRO8mhUNRwkyM1bk 9FGiDp3KXkzxQyYLvRkTjoA80Cn2/aWu8k2b4kh743/Q24tiDho/TFAAMwCgw36W vPv6+w7TY3FSRnr0yWyDTjEEAI9nLxuhewM0Uv1vTQhLuDgwUuAqGeA0Gg/+Wlx5 u43C3Bu5aFJXIqD2Ygm/ADBHxUNJ2F3QJBoSW+DbEgXpxV0IBsrhvhc28EqvoJ6K ubfdCNgdmu5uhorbxOnd7Iv8i+NOMOHb2P5ywof3lhAdUruHX665DX48lwo7QfsJ XphcA/4/ibZlYA5zeRApBjhWQFaYnDhBxUvISv6Tv9r8w0NeqpA3+xcLkNgyZJBK drtyBclD5R38K5gDVTepJASlaTbRo0SCtFZNYxH7rajDS26e6r/Jo7SKhy1Ukoeo ZdoO5Q2hnqAhi+yiDyPKIGBQ2zQqN++9Darz3YvWvvbTrrBrELQzQm9iIChaZW5h IGlzIHBhcnQgb2Ygb3VyIGZ1dHVyZSkgPHNja2JyQGFsbHRlbC5uZXQ+iFwEExEC ABwFAkFpPCoHCwkIBwMCAQMVAgMDFgIBAh4BAheAAAoJEAydP7EYjI8pDegAnjPL CkZSgr/EnGCFPJYL7rt7g5M2AJ9FCeZJH5pIN2I8SLdLrehusKUBfLkBDQRBaTws EAQAsPyOFWkgRxKDku6QrBX/hUoC4ONaKfe7csgowxBOms3ln0wOqVN0OKBXJk/o bYh3RdIbQbU1Kt/7o5sVh8ZKIhj8AJhpax+IoPThbHh/YCZWNX77sMYu2dVQLl+I kNAWCbGw6KM0OQNw2dEhi/tocF8Z2YqL5tu/Nuq+0EGvAf8AAwUEAJa+WhhqKw7i 570jArIfhgf6eceLUm5jCJUXQFqHwcmRdR1+Y1p0o2SufPXkreHO/ay3zMM5QqA0 Uzw6/KlUrhJaK0VnrPDnhlw4kBtM1AS3iEfTi+3pTY50SbM4m8fTuNSY9RK9ZT7J YWvmF+hDgMrXYjTbxfTMInbcZz27S2KwiEYEGBECAAYFAkFpPCwACgkQDJ0/sRiM jymGqQCeIGfoPnDUJ/lBOyxGgp9ocdd8eTQAoKse0cG4KWdZLfW5AsvdkuZCkt0Y =Kozg -----END PGP PUBLIC KEY BLOCK----- Public key for 0x0C9D3FB1188C8F29 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.2.3-nr1 (Windows XP) mQGiBEFpPCoRBADL9NUElEqVYzeJ8w6ZmvrfUGfceTra2HkH72sKYdBV0fZ+Nvfb 8JnRJzUZIdeilWGEROOQn+i6JfIKBq9Emnzi4IoR05+8gQRefRO8mhUNRwkyM1bk 9FGiDp3KXkzxQyYLvRkTjoA80Cn2/aWu8k2b4kh743/Q24tiDho/TFAAMwCgw36W vPv6+w7TY3FSRnr0yWyDTjEEAI9nLxuhewM0Uv1vTQhLuDgwUuAqGeA0Gg/+Wlx5 u43C3Bu5aFJXIqD2Ygm/ADBHxUNJ2F3QJBoSW+DbEgXpxV0IBsrhvhc28EqvoJ6K ubfdCNgdmu5uhorbxOnd7Iv8i+NOMOHb2P5ywof3lhAdUruHX665DX48lwo7QfsJ XphcA/4/ibZlYA5zeRApBjhWQFaYnDhBxUvISv6Tv9r8w0NeqpA3+xcLkNgyZJBK drtyBclD5R38K5gDVTepJASlaTbRo0SCtFZNYxH7rajDS26e6r/Jo7SKhy1Ukoeo ZdoO5Q2hnqAhi+yiDyPKIGBQ2zQqN++9Darz3YvWvvbTrrBrELQzQm9iIChaZW5h IGlzIHBhcnQgb2Ygb3VyIGZ1dHVyZSkgPHNja2JyQGFsbHRlbC5uZXQ+iFwEExEC ABwFAkFpPCoHCwkIBwMCAQMVAgMDFgIBAh4BAheAAAoJEAydP7EYjI8pDegAnjPL CkZSgr/EnGCFPJYL7rt7g5M2AJ9FCeZJH5pIN2I8SLdLrehusKUBfLkBDQRBaTws EAQAsPyOFWkgRxKDku6QrBX/hUoC4ONaKfe7csgowxBOms3ln0wOqVN0OKBXJk/o bYh3RdIbQbU1Kt/7o5sVh8ZKIhj8AJhpax+IoPThbHh/YCZWNX77sMYu2dVQLl+I kNAWCbGw6KM0OQNw2dEhi/tocF8Z2YqL5tu/Nuq+0EGvAf8AAwUEAJa+WhhqKw7i 570jArIfhgf6eceLUm5jCJUXQFqHwcmRdR1+Y1p0o2SufPXkreHO/ay3zMM5QqA0 Uzw6/KlUrhJaK0VnrPDnhlw4kBtM1AS3iEfTi+3pTY50SbM4m8fTuNSY9RK9ZT7J YWvmF+hDgMrXYjTbxfTMInbcZz27S2KwiEYEGBECAAYFAkFpPCwACgkQDJ0/sRiM jymGqQCeIGfoPnDUJ/lBOyxGgp9ocdd8eTQAoKse0cG4KWdZLfW5AsvdkuZCkt0Y =Kozg -----END PGP PUBLIC KEY BLOCK----- From shavital at mac.com Sat Oct 16 18:19:57 2004 From: shavital at mac.com (Charly Avital) Date: Sat Oct 16 18:16:54 2004 Subject: [Announce] GnuPG 1.3.91 released (development) In-Reply-To: <20041016124621.GA19126@jabberwocky.com> References: <20041016124621.GA19126@jabberwocky.com> Message-ID: <387DD84E-1F8F-11D9-9E67-000A95D5D874@mac.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Built under Mac OS X 10.3.5 - Darwin 7.5.0 - CPU Type:PowerPC G4 (1.1) Including idea. Thanks to the GnuPG team (David, Stefan, Timo and Werner). Charly On Oct 16, 2004, at 8:46 AM, David Shaw wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello! > > The latest release from the development branch of GnuPG is ready for > public consumption. This is a branch to create what will extremely > soon become the new stable release of GnuPG 1.4. > [...] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.91 (Darwin) iD8DBQFBcUo78SG5rMkbCF4RApZmAJ40HB6aS3aNi2ok8+wn5s62E1JqrwCbBuFz Qd+Op/sTd7Zi1kZCx7PG0Kc= =ZcyO -----END PGP SIGNATURE----- From zuxy.meng at gmail.com Sat Oct 16 18:49:03 2004 From: zuxy.meng at gmail.com (Zuxy) Date: Sat Oct 16 18:45:43 2004 Subject: [Announce] GnuPG 1.3.91 released (development) In-Reply-To: <20041016124621.GA19126@jabberwocky.com> References: <20041016124621.GA19126@jabberwocky.com> Message-ID: Just two little problems under Win32. 1. Line 782 of g10/http.c, you forgot to add "addr.sin_addr.S_un.S_addr=inaddr;" after "addr.sin_port=htons(port);". This will cause gpgkeys_hkp/gpgkeys_http always tries to connect to 0.0.0.0. 2. Line 124 of keyserver/gpgkeys_finger.c, you wrote "memcpy (&ad.sin_addr, &l, sizeof l);" while it should be "memcpy (&addr.sin_addr, &l, sizeof l);". All other's fine till now. Salut to the team! On Sat, 16 Oct 2004 08:46:21 -0400, David Shaw wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello! > > The latest release from the development branch of GnuPG is ready for > public consumption. This is a branch to create what will extremely > soon become the new stable release of GnuPG 1.4. -- Zuxy Beauty is truth, While truth is beauty. PGP KeyID: E8555ED6 From dshaw at jabberwocky.com Sun Oct 17 01:09:49 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Sun Oct 17 01:06:56 2004 Subject: [Announce] GnuPG 1.3.91 released (development) In-Reply-To: References: <20041016124621.GA19126@jabberwocky.com> Message-ID: <20041016230949.GH19126@jabberwocky.com> On Sun, Oct 17, 2004 at 12:49:03AM +0800, Zuxy wrote: > Just two little problems under Win32. > > 1. Line 782 of g10/http.c, you forgot to add > "addr.sin_addr.S_un.S_addr=inaddr;" after > "addr.sin_port=htons(port);". This will cause gpgkeys_hkp/gpgkeys_http > always tries to connect to 0.0.0.0. > > 2. Line 124 of keyserver/gpgkeys_finger.c, you wrote "memcpy > (&ad.sin_addr, &l, sizeof l);" while it should be "memcpy > (&addr.sin_addr, &l, sizeof l);". Both fixed, thanks! David From pt at radvis.nu Sun Oct 17 20:53:44 2004 From: pt at radvis.nu (Per Tunedal Casual) Date: Sun Oct 17 20:48:40 2004 Subject: Comments to armored output was: Re: Can a new version use old keys? In-Reply-To: <20041015105539.E29334@willy_wonka> References: <416F41A5.4060600@yahoo.com> <20041015105539.E29334@willy_wonka> Message-ID: <6.1.2.0.2.20041017204740.02d15728@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Any hints how to make comments to armoured output. I tried adding the following comment using the GPG-options in WinPT (one line): Vad ?r en pgp-signatur? http://www.clipanish.com/Saker_e-post/saker_e-post.html Messages cannot be decrypted/verified by EudoraGPG or GPGrelay. WinPT works OK. Per Tunedal Keyid: 0xAE053BE0 Fingerprint: D70D 9057 A985 4944 2191 995A 2D74 F09D AE05 3BE0 At 16:56 2004-10-15, you wrote: >This mail was signed (Inlined PGP-Message). >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.3.6 (FreeBSD) >Comment: What is this gibberish? >Comment: http://atom.smasher.org/links/#digital_signatures > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) Comment: Vad ?r en PGP-signatur? http://www.clipanish.com/Saker_e-post/saker_e-post.html iD8DBQFBcr+maDDfzFT+2PIRAiosAKCQyt19dwNfjYtz0nrJcJI8u4wh+QCfUdfj g3Sbr7TASJyIgnhOMHPGe+Y= =/xto -----END PGP SIGNATURE----- From atom at suspicious.org Sun Oct 17 20:59:21 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Sun Oct 17 20:56:13 2004 Subject: Comments to armored output was: Re: Can a new version use old keys? In-Reply-To: <6.1.2.0.2.20041017204740.02d15728@localhost> References: <416F41A5.4060600@yahoo.com> <20041015105539.E29334@willy_wonka> <6.1.2.0.2.20041017204740.02d15728@localhost> Message-ID: <20041017145436.V98120@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Sun, 17 Oct 2004, Per Tunedal Casual wrote: > Any hints how to make comments to armoured output. I tried adding the > following comment using the GPG-options in WinPT (one line): > Vad är en pgp-signatur? > http://www.clipanish.com/Saker_e-post/saker_e-post.html > > Messages cannot be decrypted/verified by EudoraGPG or GPGrelay. WinPT > works OK. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.5 (MingW32) > Comment: Vad är en PGP-signatur? > http://www.clipanish.com/Saker_e-post/saker_e-post.html ================== 1.2.x only supports 1 comment line. a comment that doesn't start with "Comment:" could cause problems, which seems to be the case with your comment line starting with http://... you'll have to make your comment short enough to fit on one line or upgrade to 1.3.x. i used to use long comment lines and never had a problem with the lines wrapping. - -- ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "The lawgiver, of all beings, most owes the law allegiance. He of all men should behave as though the law compelled him. But it is the universal weakness of mankind that what we are given to administer we presently imagine we own." -- H.G. Wells -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBcsEOAAoJEAx/d+cTpVcici8H/Ar5TIzCImrYSu6nTzp4LRBe zZ3FQkCVYt7TJ1q8d2PkDPrMS3bF04x56S1V5vgl1abHCgtM7WLY9/h3JKpB7iy6 ylTW8pYV7QtgIxuuBuHTiAhOLHWhoLoY1gc/dUwpBi0SBVtQcTokl0U0FQSwL7hW arujCiAnxh+mNVx7lCLcvCgkrH2BDt5Y6xVbhhJQdl4DfUrViIjwt4/NZJfk8vSS 6CsPS+e6+jAfHE5FLsFD0HG5tksH4R6XPVQw4vM7TSBKc/8HEzwWhRC3gRUjcnjq ui3sB+baSBc+igk5HSWDazYbY04/3qLpQIib4agYAG2R88EB7TapL8RuIStLDTA= =V7pc -----END PGP SIGNATURE----- From atom at suspicious.org Sun Oct 17 21:05:33 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Sun Oct 17 21:02:16 2004 Subject: Comments to armored output was: Re: Can a new version use old keys? In-Reply-To: <20041017145436.V98120@willy_wonka> References: <416F41A5.4060600@yahoo.com> <20041015105539.E29334@willy_wonka> <6.1.2.0.2.20041017204740.02d15728@localhost> <20041017145436.V98120@willy_wonka> Message-ID: <20041017150239.M98120@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.2.5 (MingW32) >> Comment: Vad är en PGP-signatur? >> http://www.clipanish.com/Saker_e-post/saker_e-post.html ================ of course "format=flowed" caused that line to unfold when i fwd'd it... this ~should~ appear the same way it was received... the raw message i received breaks that into two lines, the first line starting with "Comment:" and the second line starting with "http://" - -- ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "Facts are stupid things." -- Ronald Reagan (1988) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBcsKEAAoJEAx/d+cTpVcixCYH/226vhyRlSefOGZzVOv/+iYj x7lXbG9Unadr8op9dVrfIp/ktbchwcrbMhQJQEFgxgHAYaETwg5r+ANuNBoGcaFY jeJ0SzkDeePZGwj5KQcKud+qzpGUDOyq245e3H0TU1x93dkOzSCd2owmal2CV399 djocA/30paHHARWISY/vqjsgTXKQTcICaUNtEhjdEQuAUFKQkx+j/X6v9m1FnYpk j1cY++ZJ8ggZ56ToPbLAY1I7BJPNXBPaKgdM0dzk2/y5b6H8NoSFPukWfL9M/tnY /YgFDoL9zr1DahgrYtzULPXqCBXcdq9J76xpB1hBNcQGN3F68yEIa1suUm1Z4D4= =cpsj -----END PGP SIGNATURE----- From JPClizbe at comcast.net Sun Oct 17 22:51:57 2004 From: JPClizbe at comcast.net (John Clizbe) Date: Sun Oct 17 22:49:14 2004 Subject: Comments to armored output was: Re: Can a new version use old keys? In-Reply-To: <6.1.2.0.2.20041017204740.02d15728@localhost> References: <416F41A5.4060600@yahoo.com> <20041015105539.E29334@willy_wonka> <6.1.2.0.2.20041017204740.02d15728@localhost> Message-ID: <4172DB6D.1070002@comcast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Per Tunedal Casual wrote: > > Hi, > Any hints how to make comments to armoured output. I tried adding the > following comment using the GPG-options in WinPT (one line): > Vad ?r en pgp-signatur? > For a line that long, you really need multiple comment lines which also means you need GnuPG 1.3.x (x>=4, IIRC). 1.3.6 works nicely enough. 1.3.9x is a pretty fluid target for the time being. I'd use 1.3.6 until 1.4 is released. Then in gpg.conf: comment "Vad ?r en pgp-signatur?" comment "http://www.clipanish.com/Saker_e-post/saker_e-post.html" - -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Our enemies are innovative and resourceful, and so are we. They never stop thinking about new ways to harm our country and our people, and neither do we." - Dumbya explaining his administration 5-Aug-2004 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.92-cvs (Windows 2000 SP4) Comment: When cryptography is outlawed, b25seSBvdXRsYXdzIHdpbGwgdXNlIG Comment: Annoy John Asscraft -- Use Strong Encryption. Comment: It's YOUR right - for the time being. Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBcttsHQSsSmCNKhARAvAfAKCkVreei6u+cuXzJ9pHiZqGyPaQ+QCeJ4/d PvdexD1wQ0Ph0sLe1SAvSTk= =zwG6 -----END PGP SIGNATURE----- From jharris at widomaker.com Mon Oct 18 00:31:55 2004 From: jharris at widomaker.com (Jason Harris) Date: Mon Oct 18 00:28:45 2004 Subject: new (2004-10-17) keyanalyze results (+sigcheck) Message-ID: <20041017223154.GC1908@wilma.widomaker.com> New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2004-10-17/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the "permanent" files: 3e9e7dceb58a58c0593bf3980374240053edd7db 10624248 preprocess.keys 6c72d7029b6ce551261a74dc318b43be19051083 6917551 othersets.txt 8854da743e5ac967007a4966a14ba27c5781d333 2717654 msd-sorted.txt b0f152cbac2bff77aeed70a933fec6d7ac3e7b71 1484 index.html d4f062a381ff5bb7e91cfff53e163a55ca7684a8 2289 keyring_stats 5c4c9f6680db1b9f93e8a16b2b46fda7dcaa8859 1067792 msd-sorted.txt.bz2 da19424a90c8aa156957e27c8ab16ddf1014b9de 26 other.txt 6ded6e427cf3199cc275c047fb8c645c39a4a447 1480101 othersets.txt.bz2 ba4eff2fd84dfa63444422538a417257a10ad121 4299693 preprocess.keys.bz2 7579f5b6eebbb276fb5d00d67cfe4722debb728f 10620 status.txt 615cb25c9bc1256d339584ae9d06d8069aca8c15 211332 top1000table.html 136717eb9011caadc719fed2386be193a3548331 30395 top1000table.html.gz a2f1fc386801b31d8371c2b10ee13ba9e2c10506 10994 top50table.html 871e20a6fdcd2163a6636de37620f9fb6c124cc7 2579 D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20041017/7dce4f75/attachment.bin From wk at gnupg.org Mon Oct 18 10:58:29 2004 From: wk at gnupg.org (Werner Koch) Date: Mon Oct 18 10:59:26 2004 Subject: Comments to armored output was: Re: Can a new version use old keys? In-Reply-To: <4172DB6D.1070002@comcast.net> (John Clizbe's message of "Sun, 17 Oct 2004 15:51:57 -0500") References: <416F41A5.4060600@yahoo.com> <20041015105539.E29334@willy_wonka> <6.1.2.0.2.20041017204740.02d15728@localhost> <4172DB6D.1070002@comcast.net> Message-ID: <87wtxo5rnu.fsf@wheatstone.g10code.de> On Sun, 17 Oct 2004 15:51:57 -0500, John Clizbe said: > 1.3.9x is a pretty fluid target for the time being. I'd use 1.3.6 until > 1.4 is released. 1.3.91 should be considered a release candidate for 1.4, the jump in the version number was made to indicate that we are going to release 1.4 RSN. However, if you all stick to old development versions, we will either not be able to release 1.4 soon or 1.4 will be released pretty much untested which isn't good for a stable version. BTW, sed(1) may also be used to insert more comment lines. Shalom-Salam, Werner From pt at radvis.nu Mon Oct 18 13:31:11 2004 From: pt at radvis.nu (Per Tunedal Casual) Date: Mon Oct 18 13:26:20 2004 Subject: Comments to armored output was: Re: Can a new version use old keys? In-Reply-To: <4172DB6D.1070002@comcast.net> References: <416F41A5.4060600@yahoo.com> <20041015105539.E29334@willy_wonka> <6.1.2.0.2.20041017204740.02d15728@localhost> <4172DB6D.1070002@comcast.net> Message-ID: <6.1.2.0.2.20041018132559.0379f2c0@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 22:51 2004-10-17, you wrote: > >Per Tunedal Casual wrote: >> >> Hi, >> Any hints how to make comments to armoured output. I tried adding the >> following comment using the GPG-options in WinPT (one line): >> Vad ?r en pgp-signatur? >> > >For a line that long, you really need multiple comment lines which also >means you need GnuPG 1.3.x (x>=4, IIRC). 1.3.6 works nicely enough. > >1.3.9x is a pretty fluid target for the time being. I'd use 1.3.6 until >1.4 is released. > >Then in gpg.conf: > >comment "Vad ?r en pgp-signatur?" >comment "http://www.clipanish.com/Saker_e-post/saker_e-post.html" > >- -- >John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Thank you! I prefer to use the stable version on this computer, so I have made a special page with a short URL to link to! The coming version 1.4 will be a great improvement. I will think about Werner's remark: I might set up some computer for testing release candidates. Per Tunedal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) - GPGrelay v0.950 Comment: Vad ?r en PGP-signatur? www.clipanish.com/PGP/pgp.html iD8DBQFBc6mdaDDfzFT+2PIRAn+1AJ9jA8bMcNG8j0NlgzOy3K0tOTtsDACfSkFm u8NI8RvL+0Ka1PtMB1q0rTg= =5WSC -----END PGP SIGNATURE----- From severi.salminen at siba.fi Tue Oct 19 11:15:46 2004 From: severi.salminen at siba.fi (Severi Salminen) Date: Tue Oct 19 11:12:18 2004 Subject: Gnupg for Windows and key generation? Message-ID: <4174DB42.5090007@siba.fi> I created 2 keys with the Windows version of GnuPG (on WinXP). The entropy gathering process was actually quite fast lasting a few seconds maybe and I didn't have time to move the mouse or hit the keyboard significantly. So: 1. How long does the entropy gathering last and how is it concluded that enough entropy has been gathered? 2. Is there a way to prolong the process so that more user intervention is possible? That would make me feel more secure ;-) 3. What are the actual factors that are "polled" during the period besides mouse movement and keyboard? 4. What do all the symbols mean in the output: +, ., < and >? (Others?) 5. Would the usage of EGD (Entropy Gathering Daemond) allow me to gather entropy longer or is that even necessary? 6. If all the above information is available somewhere I'd appreciate a link. Thanks in advance! Severi Salminen From scholz at informatik.tu-darmstadt.de Tue Oct 19 13:33:04 2004 From: scholz at informatik.tu-darmstadt.de (Scholz Ulrich) Date: Tue Oct 19 13:26:54 2004 Subject: Question about: "gpg: WARNING: message was not integrity protected" Message-ID: <20041019113303.GC1491@informatik.tu-darmstadt.de> Hi everybody. I'm using gnupg 1.2.2. When I encode a file with gpg -c -s and decode it with gpg --decode .gpg I get the message: gpg: WARNING: message was not integrity protected Why? The FAQ says: "There is a small security glitch in the OpenPGP (and therefore GnuPG) system; to avoid this you should always sign and encrypt a message instead of only encrypting it." I did sing the file. Did I? And in another posting I read: "This isn't true any longer. OpenPGP now has the MDC protection. Both GnuPG and PGP support it. MDC can be turned off manually, or if you encrypt to a key that doesn't support it, it is switched off automatically, but in general it is on." So why do I still get this message? And what does it tell me? Am I doing something wrong here? Thank you, Uli -- Ulrich Scholz scholz@informatik.tu-darmstadt.de http://www.intellektik.informatik.tu-darmstadt.de/~scholz From zuxy.meng at gmail.com Tue Oct 19 13:39:38 2004 From: zuxy.meng at gmail.com (Zuxy) Date: Tue Oct 19 13:36:14 2004 Subject: When to lock page under WinNT? In-Reply-To: References: Message-ID: I found in previous threads the interesting API VirtualLock, and MSDN confirms this: Pages that a process has locked remain in physical memory until the process unlocks them or terminates. I suppose it would appear in 1.4 but I haven't seen it in 1.3.91 yet. Will it be in place, together with the reactivation of warning about insecure memory under Win9x? Thanks. -- Zuxy Beauty is truth, While truth is beauty. PGP KeyID: E8555ED6 From zuxy.meng at gmail.com Tue Oct 19 15:50:07 2004 From: zuxy.meng at gmail.com (Zuxy) Date: Tue Oct 19 15:46:42 2004 Subject: Question about: "gpg: WARNING: message was not integrity protected" In-Reply-To: <20041019113303.GC1491@informatik.tu-darmstadt.de> References: <20041019113303.GC1491@informatik.tu-darmstadt.de> Message-ID: Yes you encrypted the file but symmetrically, i.e. you didn't encrypt the file to someone's public key but to a passphrase. I don't if MDC takes effect in such case. And I don't know what that small security glitch was, either. Did that allow bad men to alter encrypted packets without decrypting them? On Tue, 19 Oct 2004 13:33:04 +0200, Scholz Ulrich wrote: > Hi everybody. I'm using gnupg 1.2.2. > > When I encode a file with > > gpg -c -s > > and decode it with > > gpg --decode .gpg > > I get the message: > > gpg: WARNING: message was not integrity protected > -- Zuxy Beauty is truth, While truth is beauty. PGP KeyID: E8555ED6 From twoaday at freakmail.de Tue Oct 19 19:49:29 2004 From: twoaday at freakmail.de (Timo Schulz) Date: Tue Oct 19 19:44:32 2004 Subject: Announcement for Outlook GPG Version 0.93 Message-ID: <20041019174929.GA527@daredevil.joesixpack.net> Hi! After a long time, g10 Code GmbH decided to update the code of the Outlook GPG plugin (originally written by G-DATA). This version fixes a lot of problems reported by users on several mailing lists. All users who have problems with their current Outlook GPG version might want to update their files to see if this version fixes the problems. You can download the zip archive and the digital signature here: ftp://ftp.g10code.com/g10code/outlgpg/outlgpg-0.93.zip (99k) ftp://ftp.g10code.com/g10code/outlgpg/outlgpg-0.93.zip.sig MD5 checksums for the files are: 49cb0af4000669f3c5f86fc6629e7479 outlgpg-0.93.zip 1c3ff5931409f8cfc197c4a3616010b1 outlgpg-0.93.zip.sig Noteworthy changes in version 0.93 ================================== - New interface which is more generic and tries to be a complete wrapper around the GPG binary. - Logging support to make it easier to track down errors and to allow remote debugging. - Keylisting now supports keys which only consist of one primary key (RSA Sign-Encrypt, old v3 Keys, ElGamal). - The users email address is used to identify the recipient. This way GPG automatically decides what subkey to use. - The plaintext is used for replying mails. - Show some information about the GPG data as part of the message. For example the a 'gpg -k' like output if the message contain one or more public keys. Or if there was a problem with decryption use the GPG output message. - New GPG I/O subsystem to fix some hanging processes. - Store all user ID's to improve the searching system. That's it. g10 Code GmbH (http://www.g10code.com) of course also provides commercial support for the plugin and other GPG components. Timo From atom at suspicious.org Tue Oct 19 20:14:16 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Tue Oct 19 20:17:42 2004 Subject: Question about: "gpg: WARNING: message was not integrity protected" In-Reply-To: References: <20041019113303.GC1491@informatik.tu-darmstadt.de> Message-ID: <20041019181425.10837.qmail@suspicious.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > wrote: >> Hi everybody. I'm using gnupg 1.2.2. >> >> When I encode a file with >> >> gpg -c -s >> >> and decode it with >> >> gpg --decode .gpg >> >> I get the message: >> >> gpg: WARNING: message was not integrity protected ================= AFAIK that's been fixed since 1.2.2. if you're encrypting with a version that isn't current you may get that message on decryption, but it's nothing to be concerned or worried about. - -- ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "The first duty of a revolutionary is to get away with it." -- Abbie Hoffman -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBdVl9AAoJEAx/d+cTpVcicVQIAK++V1l36Qi8XCiKtaiHLx4s A7elQXriiBfQgbqh/DOC8bBt1jxGyGR+iT/+MDdK5ibBhWUyRpfPUTzV28eCkgz6 YJ8paG58iaUhXD8UAI2sS5qmN7vUQvcDKvnfTTkbEsofJbByE8FHbLJWp4Y6CBn2 N2f3IfftabP6tj7UQUioDRvCjhh+hPkEADushtrrdgUMgA5GSxCBRu/sjF5++8Ks jYo1AiO3QhPOm/ucABf3MiErhbabq515X9YNP0S1tt9+5PcAbug4QJGRbp4solmU AE6m9HXmCgKo1s4vZWX6G8GKJQc69wqwePgoSgu0fP6dQyzu+lb5wefU4ObvatQ= =KavH -----END PGP SIGNATURE----- From scholz at informatik.tu-darmstadt.de Wed Oct 20 13:30:33 2004 From: scholz at informatik.tu-darmstadt.de (Scholz Ulrich) Date: Wed Oct 20 13:24:21 2004 Subject: Question about: "gpg: WARNING: message was not integrity protected" In-Reply-To: <20041019181425.10837.qmail@suspicious.org> References: <20041019113303.GC1491@informatik.tu-darmstadt.de> <20041019181425.10837.qmail@suspicious.org> Message-ID: <20041020113033.GA1076@informatik.tu-darmstadt.de> > >>Hi everybody. I'm using gnupg 1.2.2. > >> > >>I get the message: > >> > >> gpg: WARNING: message was not integrity protected > ================= > > AFAIK that's been fixed since 1.2.2. if you're encrypting with a version > that isn't current you may get that message on decryption, but it's > nothing to be concerned or worried about. As I said, I _am_ using gnupg 1.2.2. That's the reason I'm asking. Uli -- Ulrich Scholz scholz@informatik.tu-darmstadt.de http://www.intellektik.informatik.tu-darmstadt.de/~scholz -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20041020/e15a3059/attachment.bin From vedaal at hush.com Wed Oct 20 15:38:21 2004 From: vedaal at hush.com (vedaal@hush.com) Date: Wed Oct 20 15:34:56 2004 Subject: generating a v4 rsa sign and encrypt keypair // no subkey generated ? Message-ID: <200410201338.i9KDcMpL019717@mailserver3.hushmail.com> in 1.3.x, (in expert mode), when generating an rsa v4 key, and choosing the selection: 'sign and encrypt' , gnupg creates an rsa v4 keypair that is sign and encrypt, but does not have any subkeys (similar to v3 keys) i happen to like it, only in that it avoids confusion for some people trying to reply to a key id in a signed message, and finding that the key encrypted to is a different keyid, was this the intention behind this key type, or is there another reason that this is useful? vedaal Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 From scholz at informatik.tu-darmstadt.de Wed Oct 20 16:03:08 2004 From: scholz at informatik.tu-darmstadt.de (Scholz Ulrich) Date: Wed Oct 20 15:57:01 2004 Subject: Question about: "gpg: WARNING: message was not integrity protected" In-Reply-To: <20041019113303.GC1491@informatik.tu-darmstadt.de> References: <20041019113303.GC1491@informatik.tu-darmstadt.de> Message-ID: <20041020140308.GA1913@informatik.tu-darmstadt.de> On Tue, Oct 19, 2004 at 01:33:04PM +0200, Scholz Ulrich wrote: > Hi everybody. I'm using gnupg 1.2.2. > > ... > and decode it with > > gpg --decode .gpg > ... Of course, that should read gpg --decrypt .gpg Uli PS. Now I've updated to gnupg 1.3.91. The behavior stayed the same. -- Ulrich Scholz scholz@informatik.tu-darmstadt.de http://www.intellektik.informatik.tu-darmstadt.de/~scholz -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 190 bytes Desc: not available Url : /pipermail/attachments/20041020/08de84ca/attachment-0001.bin From list at rachinsky.de Mon Oct 18 16:07:15 2004 From: list at rachinsky.de (Nicolas Rachinsky) Date: Wed Oct 20 16:25:43 2004 Subject: How to find the reason for a revocation Message-ID: <20041018140715.GA5824@pc5.i.0x5.de> Hallo, when I revoke a signature on an uid, gpg asks for the reason and a description. ---- Please select the reason for the revocation: 0 = No reason specified 4 = User ID is no longer valid Q = Cancel (Probably you want to select 4 here) Your decision? 4 Enter an optional description; end it with an empty line: > ---- How can I view that information later? Nicolas From dshaw at jabberwocky.com Wed Oct 20 16:40:15 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Oct 20 16:37:33 2004 Subject: generating a v4 rsa sign and encrypt keypair // no subkey generated ? In-Reply-To: <200410201338.i9KDcMpL019717@mailserver3.hushmail.com> References: <200410201338.i9KDcMpL019717@mailserver3.hushmail.com> Message-ID: <20041020144015.GA9798@jabberwocky.com> On Wed, Oct 20, 2004 at 06:38:21AM -0700, vedaal@hush.com wrote: > in 1.3.x, (in expert mode), > when generating an rsa v4 key, and choosing the selection: > 'sign and encrypt' , > > gnupg creates an rsa v4 keypair that is sign and encrypt, > but does not have any subkeys > (similar to v3 keys) > > i happen to like it, only in that it avoids confusion for some people > trying to reply to a key id in a signed message, and finding that the > key encrypted to is a different keyid, > > was this the intention behind this key type, > or is there another reason that this is useful? There is no particular intent behind sign+encrypt keys. The standard allows for them (but does not recommend them), and so GnuPG allows them as well (and just as much does not recommend them - note that they are hidden behind --expert). David From abjork at online.no Wed Oct 20 17:45:27 2004 From: abjork at online.no (=?iso-8859-1?Q?Arild_Bj=F8rk?=) Date: Wed Oct 20 17:46:20 2004 Subject: Announcement for Outlook GPG Version 0.93 In-Reply-To: <20041019174929.GA527@daredevil.joesixpack.net> Message-ID: <003c01c4b6bb$d2750340$6600a8c0@CEL2000> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > -----Original Message----- > From: gnupg-users-bounces@gnupg.org > [mailto:gnupg-users-bounces@gnupg.org] On Behalf Of Timo Schulz > Sent: Tuesday, October 19, 2004 7:49 PM > To: gnupg-users@gnupg.org; gnupg-users@gnupg.org > Subject: Announcement for Outlook GPG Version 0.93 > > > > Hi! > > After a long time, g10 Code GmbH decided to update the code of the > Outlook GPG plugin (originally written by G-DATA). This version > fixes a lot of problems reported by users on several mailing lists. > > All users who have problems with their current Outlook GPG > version might > want to update their files to see if this version fixes the problems. > You can download the zip archive and the digital signature here: > > ftp://ftp.g10code.com/g10code/outlgpg/outlgpg-0.93.zip (99k) > ftp://ftp.g10code.com/g10code/outlgpg/outlgpg-0.93.zip.sig > > MD5 checksums for the files are: > > 49cb0af4000669f3c5f86fc6629e7479 outlgpg-0.93.zip > 1c3ff5931409f8cfc197c4a3616010b1 outlgpg-0.93.zip.sig > Have been waiting for an updated a while, well done! The only gripes I have with it is that users have to manually install it. With a dll needing to be registered and hard coded registry entries, it's not an easy task for a novice user. Will g10 Code GmbH release a version with an installer? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) iD8DBQFBdogRn1hjZcCMxG0RAle1AJ9kMAYcjT94MpFEWqJEnfKeav/JcQCeMEDw aqrWboMCyhD3wCqz08WyQdM= =5cJ1 -----END PGP SIGNATURE----- From twoaday at freakmail.de Wed Oct 20 18:18:53 2004 From: twoaday at freakmail.de (Timo Schulz) Date: Wed Oct 20 18:10:24 2004 Subject: Announcement for Outlook GPG Version 0.93 In-Reply-To: <003c01c4b6bb$d2750340$6600a8c0@CEL2000> References: <20041019174929.GA527@daredevil.joesixpack.net> <003c01c4b6bb$d2750340$6600a8c0@CEL2000> Message-ID: <20041020161853.GA1924@daredevil.joesixpack.net> On Wed Oct 20 2004; 17:45, Arild Bj?rk wrote: [no CC is needed, since I'm subscribed on the list] > The only gripes I have with it is that users have to manually install it. > With a dll needing to be registered and hard coded registry entries, > it's not an easy task for a novice user. I should have say that this is mainly an update for people who have already installed it. Of course it can be also used by somebody who did it install a prior version but then the procedure is a little uncomfortable (but not impossible!). And of course it would be possible to use an installer with the G-DATA plugin and then simply override the files. Then the step with the manual registry modifications can be avoided. > Will g10 Code GmbH release a version with an installer? At the moment, I cannot answer this question. Timo From zwon at severodvinsk.ru Wed Oct 20 22:39:55 2004 From: zwon at severodvinsk.ru (Pawel Shajdo) Date: Wed Oct 20 22:45:32 2004 Subject: How to find the reason for a revocation In-Reply-To: <20041018140715.GA5824@pc5.i.0x5.de> References: <20041018140715.GA5824@pc5.i.0x5.de> Message-ID: <20041020203955.GA829@sky.schizandra.ru> On Mon, Oct 18, 2004 at 04:07:15PM +0200, Nicolas Rachinsky wrote: > when I revoke a signature on an uid, gpg asks for the reason and a > description. > > ---- > Please select the reason for the revocation: > 0 = No reason specified > 4 = User ID is no longer valid > Q = Cancel > (Probably you want to select 4 here) > Your decision? 4 > Enter an optional description; end it with an empty line: > > > ---- > > How can I view that information later? in 1.3.90: gpg --with-colons --list-options show-sig-subpackets --list-key XXXXXXXX -- Pawel I. Shajdo From mamta.mehra at us.ing.com Wed Oct 20 22:15:32 2004 From: mamta.mehra at us.ing.com (Mamta Mehra) Date: Thu Oct 21 09:40:35 2004 Subject: gpg: fatal: can't open /dev/urandom Message-ID: We are implementing PGP on Integration Server by using OpenPGP package from webMethods. As required by OpenPGP package, we have installed/configured GnuPG software in our DEV environment. Environment details: IS running on AIX 5.2 Integration Server 6.1 OpenPGP package version 1.1 GnuPG Version 1.5.8 The solution is implemented successfully in our DEV environment. While migrating to QA environment, we ran into following-like error when creating the PGP keys. gpg: fatal: can't open /dev/urandom: There is a request to a device or address that does not exist. Our Unix team have verified the access to /dev/urandom device from user that runs webMethods IS process. Alternatively, we have also failed to create GPG keys when running as Unix root user. We did think of using PGP keys from DEV environment to get around the problem. However, the same error will occur when we use encrypt service (pub.openpgp:encrypt) from OpenPGP package to encrypt the contents. Looking forward for help. Regards, Mamta Mehra ING AMERICAS - Technology Management Office Phone: 612-342-3574 Mobile: 612-290-1024 Email: Mamta.Mehra@us.ing.com ------------------------------------------------------------------------------ NOTICE: The information contained in this electronic mail message is confidential and intended only for certain recipients. If you are not an intended recipient, you are hereby notified that any disclosure, reproduction, distribution or other use of this communication and any attachments is strictly prohibited. If you have received this communication in error, please notify the sender by reply transmission and delete the message without copying or disclosing it. ============================================================================== From mamta.mehra at us.ing.com Wed Oct 20 22:27:35 2004 From: mamta.mehra at us.ing.com (Mamta Mehra) Date: Thu Oct 21 09:40:42 2004 Subject: gpg: fatal: can't open /dev/urandom Message-ID: We are implementing PGP on Integration Server by using OpenPGP package from webMethods. As required by OpenPGP package, we have installed/configured GnuPG software in our DEV environment. Environment details: IS running on AIX 5.2 Integration Server 6.1 OpenPGP package version 1.1 GnuPG Version 1.5.8 The solution is implemented successfully in our DEV environment. While migrating to QA environment, we ran into following-like error when creating the PGP keys. gpg: fatal: can't open /dev/urandom: There is a request to a device or address that does not exist. Our Unix team have verified the access to /dev/urandom device from user that runs webMethods IS process. Alternatively, we have also failed to create GPG keys when running as Unix root user. We did think of using PGP keys from DEV environment to get around the problem. However, the same error will occur when we use encrypt service (pub.openpgp:encrypt) from OpenPGP package to encrypt the contents. Looking forward for help. Regards, Mamta Mehra ING AMERICAS - Technology Management Office Phone: 612-342-3574 Mobile: 612-290-1024 Email: Mamta.Mehra@us.ing.com ------------------------------------------------------------------------------ NOTICE: The information contained in this electronic mail message is confidential and intended only for certain recipients. If you are not an intended recipient, you are hereby notified that any disclosure, reproduction, distribution or other use of this communication and any attachments is strictly prohibited. If you have received this communication in error, please notify the sender by reply transmission and delete the message without copying or disclosing it. ============================================================================== From zuxy.meng at gmail.com Thu Oct 21 10:03:47 2004 From: zuxy.meng at gmail.com (Zuxy) Date: Thu Oct 21 10:00:22 2004 Subject: GnuPG 1.3.91 Win32 Binary In-Reply-To: References: <3.0.5.32.20041018211850.012bd638@popc.ipa.net> Message-ID: No official binaries for delevopement version, especially for Win32. But you can download my personal build for Win32 from my Yahoo! briefcase at http://cn.briefcase.yahoo.com/zuxy0 And refer to my blog for details: http://zuxy.mysmth.net Enjoy! On Mon, 18 Oct 2004 21:18:50 -0500, Alan S. Jones wrote: > Will there be various binaries including Win32 of the 1.3.9x series before > the final 1.4? > -- Zuxy Beauty is truth, While truth is beauty. PGP KeyID: E8555ED6 From wk at gnupg.org Thu Oct 21 10:58:05 2004 From: wk at gnupg.org (Werner Koch) Date: Thu Oct 21 10:59:24 2004 Subject: Question about: "gpg: WARNING: message was not integrity protected" In-Reply-To: <20041019113303.GC1491@informatik.tu-darmstadt.de> (Scholz Ulrich's message of "Tue, 19 Oct 2004 13:33:04 +0200") References: <20041019113303.GC1491@informatik.tu-darmstadt.de> Message-ID: <87pt3cfnxe.fsf@wheatstone.g10code.de> On Tue, 19 Oct 2004 13:33:04 +0200, Scholz Ulrich said: > So why do I still get this message? And what does it tell me? Am I doing > something wrong here? That message is on purpose to remind people that they should use the MDC feature. MDC is automagically handled through the preferences system but with symmetrical only encrypted mails we don't have them and thus we need to print the warning in all cases. The MDC features solves a problem when an attacker modifies parts of an encrypted messages, e.g. by cutting out some parts, and the user did not noticed a couple of garbled characters (he might think this is line noise). This integrity protection is used independly from a signature. Shalom-Salam, Werner From wk at gnupg.org Thu Oct 21 11:01:09 2004 From: wk at gnupg.org (Werner Koch) Date: Thu Oct 21 11:04:23 2004 Subject: Announcement for Outlook GPG Version 0.93 In-Reply-To: <003c01c4b6bb$d2750340$6600a8c0@CEL2000> (Arild =?utf-8?q?Bj=C3=B8rk's?= message of "Wed, 20 Oct 2004 17:45:27 +0200") References: <003c01c4b6bb$d2750340$6600a8c0@CEL2000> Message-ID: <87lle0fnsa.fsf@wheatstone.g10code.de> On Wed, 20 Oct 2004 17:45:27 +0200, Arild Bj?rk said: > Will g10 Code GmbH release a version with an installer? Yes, we will eventually do so. Werner From scholz at informatik.tu-darmstadt.de Thu Oct 21 12:32:13 2004 From: scholz at informatik.tu-darmstadt.de (Scholz Ulrich) Date: Thu Oct 21 12:37:43 2004 Subject: Question about: "gpg: WARNING: message was not integrity protected" In-Reply-To: <87pt3cfnxe.fsf@wheatstone.g10code.de> References: <20041019113303.GC1491@informatik.tu-darmstadt.de> <87pt3cfnxe.fsf@wheatstone.g10code.de> Message-ID: <20041021103213.GA1522@informatik.tu-darmstadt.de> On Thu, Oct 21, 2004 at 10:58:05AM +0200, Werner Koch wrote: > That message is on purpose to remind people that they should use the MDC > feature. MDC is automagically handled through the preferences system but > with symmetrical only encrypted mails we don't have them and thus we need > to print the warning in all cases. You are right. If I encrypt a message with gpg -c --force-mdc then I don't get the warning on decryption. Maybe you should hint that in the documentation (or maybe you did and I just too lazy to find it.) Thank you, Uli -- Ulrich Scholz scholz@informatik.tu-darmstadt.de http://www.intellektik.informatik.tu-darmstadt.de/~scholz -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 190 bytes Desc: not available Url : /pipermail/attachments/20041021/f0f5c856/attachment.bin From wk at gnupg.org Thu Oct 21 17:23:17 2004 From: wk at gnupg.org (Werner Koch) Date: Thu Oct 21 17:24:31 2004 Subject: gpg: fatal: can't open /dev/urandom In-Reply-To: (Mamta Mehra's message of "Wed, 20 Oct 2004 15:27:35 -0500") References: Message-ID: <87pt3cdriy.fsf@wheatstone.g10code.de> On Wed, 20 Oct 2004 15:27:35 -0500, Mamta Mehra said: > OpenPGP package version 1.1 I don't know what this is. > GnuPG Version 1.5.8 There is no official version with that release number. From where did you get it? Shalom-Salam, Werner From wk at gnupg.org Thu Oct 21 17:24:48 2004 From: wk at gnupg.org (Werner Koch) Date: Thu Oct 21 17:24:41 2004 Subject: Question about: "gpg: WARNING: message was not integrity protected" In-Reply-To: <20041021103213.GA1522@informatik.tu-darmstadt.de> (Scholz Ulrich's message of "Thu, 21 Oct 2004 12:32:13 +0200") References: <20041019113303.GC1491@informatik.tu-darmstadt.de> <87pt3cfnxe.fsf@wheatstone.g10code.de> <20041021103213.GA1522@informatik.tu-darmstadt.de> Message-ID: <87lle0drgf.fsf@wheatstone.g10code.de> On Thu, 21 Oct 2004 12:32:13 +0200, Scholz Ulrich said: > then I don't get the warning on decryption. Maybe you should hint that in > the documentation (or maybe you did and I just too lazy to find it.) The MDC feature hast not yet been specified in an RFC, so it is kind of inofficial. That will change soon. Werner From joelb at homeschools.org Thu Oct 21 17:48:07 2004 From: joelb at homeschools.org (Joel Bennett) Date: Thu Oct 21 17:45:10 2004 Subject: CRC error supressed...still getting unspecific read error Message-ID: <4177DA37.1080306@homeschools.org> Hello, I am using a php program to interface with our remotely hosted server's pgp program. It emails the encrypted results to me. Everything was working just fine and we were receiving and decrypting messages. Today we got two emails that cannot be decrypted by Thunderbird/Enigmail. I have received encrypted mail since and it has worked. I cannot figure out why these two messages don't work. I jumped on gpg command line and saw that I was getting the following: CRC error; 7a00e7 - 82cded I supressed the CRC error and got this: gpg: block_filter 00908810: read error (size=8872,a->size=1408) gpg: WARNING: message was not integrity protected gpg: block_filter: pending bytes! Here is the message: -----BEGIN PGP MESSAGE----- Version: PGP 6.5.8 qANQR1DBwE4DJBprY+AB5ZoQA/9KK9X/FKurHp9hwswbBuvDSGnT4Hg1FQQXqNEE MPPjOoyts3lhc075qcjNCD+sQ+D0l0KcL4L4yWa/QG9uPWEzG0jmiEHVNsxhj9iM nP27aHpTlSbZKyDSlNTvrCgzviydQBLgh0tslYOx/sgGpD4LW2S0emrjNYIlujlb gk1kLgQAmWH5VTaNdQnjBuWBoi4nQq3etva2ZvS2h2g81sin8MCJMNk6YzZWGoHd a6jyR81q4vqXo1pg4lzbxkocVMmSD0ZM1p47KqGU8yvL8u8VUAzTB9eclYcollAk NTPeC1hQJPqf5BwaMG7+x1JWdEp02q7YUo/qLdw6Zjy5E5yXkafJwiXDtD6cEC+n whuGFAP4o8eVkk3heXqFCHAuVmowaQMAYzcO5xhjHcpx/ogAnOBj/kAiJy3HnGPG uWt9eNM+6MSghEG3QOugrj+yUykTJ0tTtP3TNcQd1wIYowLK0qtIgb/aG9GdPYOV dPxaVas35p0nUbX8beHJsTQVtolLPlL2cjYJVyJ7ZaHXzxCBHiyHgROy1HMNuY6J 5NihV2sVmFlVKm+odpmGyRnJmU1ThXjETgAODhdXmT4eYehLrbOQtfFGotImL295 qkV7uOCrpbTYlJeA0bjH8zWhmeOFP+py2hJ21qMVm8WQSFzIscIlytU63vDr9e1w krIwS75RnhQmV1WqKPd32RVwOjeqwHz4gA4A90CbxMLN3XawVH96ccaDqhg7T441 ImFP5sFNknMflMHK1SlkdVFva/ygdPlrVEe+xtuuuJHE89oIPjETYOtYZ66gd67Q sbx/gZ7jcRFOpFPNqF024U9F3UXoFO/rkzG0d8ui87qxazt+Qrto/LYx1mSSoEOY cUuCFWdv+h5nFlpiCxkSFRxdPXSPhgnh+CRZGfvpLaq08oHsLKxXejKHgK6Potdm WEyT4th9zupD3n2ZRzlX/sXtdxyommj0oL53oyE0+4BwniLP7YpBxVDQcWV1BqSH Kck+Y3R1G3IZFODQmHm8SFqB4XK1zopjC84CvGHtARfGjoFw69aTuOBKAAYGgJ5c eaJWFEu/PgW/XA1CKKU8jn2Y5wCO316A9GyXZMcr3d/+0EYXYrjU7m8Y4ZsD7yn4 CviztqmXHtPWg8QzZDQg4Jfx7tYm2wK4fdBsKWrT28aTx3K6N2HdHYz+e99LcaRm FAYV2cCOkCXJDtg8yvItyoDG55E79y2FQUwQBy5+pv9c1+X2ZJsNAndhern6KdrR vivkqZsbpviam50jTFs= =gs3t -----END PGP MESSAGE----- Any ideas? -- Joel Bennett CLASS Homeschools IT Department 847-259-4444 x157 From dshaw at jabberwocky.com Thu Oct 21 18:37:36 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Thu Oct 21 18:34:53 2004 Subject: CRC error supressed...still getting unspecific read error In-Reply-To: <4177DA37.1080306@homeschools.org> References: <4177DA37.1080306@homeschools.org> Message-ID: <20041021163735.GA20823@jabberwocky.com> On Thu, Oct 21, 2004 at 10:48:07AM -0500, Joel Bennett wrote: > Hello, > > I am using a php program to interface with our remotely hosted server's > pgp program. It emails the encrypted results to me. Everything was > working just fine and we were receiving and decrypting messages. Today > we got two emails that cannot be decrypted by Thunderbird/Enigmail. I > have received encrypted mail since and it has worked. I cannot figure > out why these two messages don't work. I jumped on gpg command line and > saw that I was getting the following: > > CRC error; 7a00e7 - 82cded > > I supressed the CRC error and got this: > > gpg: block_filter 00908810: read error (size=8872,a->size=1408) > gpg: WARNING: message was not integrity protected > gpg: block_filter: pending bytes! This isn't surprising. The CRC error means that file is corrupt. Supressing the CRC error just tells GnuPG to pretend that the file isn't corrupt... but since it IS corrupt, it bombs out somewhere else. David From mamta.mehra at us.ing.com Thu Oct 21 17:32:33 2004 From: mamta.mehra at us.ing.com (Mamta Mehra) Date: Thu Oct 21 18:54:15 2004 Subject: gpg: fatal: can't open /dev/urandom Message-ID: Sorry about the typo, we are using GnuPG version 1.2.1, OpenPGP is a package which runs on webMethods Integration platform. Thanks Mamta Mehra Werner Koch To: Mamta Mehra/US/AMERICAS@AMERICAS cc: gnupg-users@gnupg.org 10/21/2004 10:23 Subject: Re: gpg: fatal: can't open /dev/urandom AM On Wed, 20 Oct 2004 15:27:35 -0500, Mamta Mehra said: > OpenPGP package version 1.1 I don't know what this is. > GnuPG Version 1.5.8 There is no official version with that release number. From where did you get it? Shalom-Salam, Werner ------------------------------------------------------------------------------ NOTICE: The information contained in this electronic mail message is confidential and intended only for certain recipients. If you are not an intended recipient, you are hereby notified that any disclosure, reproduction, distribution or other use of this communication and any attachments is strictly prohibited. If you have received this communication in error, please notify the sender by reply transmission and delete the message without copying or disclosing it. ============================================================================== From wk at gnupg.org Thu Oct 21 19:13:19 2004 From: wk at gnupg.org (Werner Koch) Date: Thu Oct 21 19:14:23 2004 Subject: When to lock page under WinNT? In-Reply-To: (zuxy.meng@gmail.com's message of "Tue, 19 Oct 2004 19:39:38 +0800") References: Message-ID: <87vfd4dmfk.fsf@wheatstone.g10code.de> On Tue, 19 Oct 2004 19:39:38 +0800, Zuxy said: > Pages that a process has locked remain in physical memory until the > process unlocks them or terminates. We had long discussions on several Mailing lists over the years to check what VirtualLock really does. The conclusion is that it does not work in the described way. See Peter Gutmann's article on the RNG or his book. Recently some newer information might change the picture but tehre is still no agreement. > I suppose it would appear in 1.4 but I haven't seen it in 1.3.91 yet. > Will it be in place, together with the reactivation of warning about > insecure memory under Win9x? Thanks. No, it won't appear in GnuPG unless there is a portable and working way of doing so. Werner From pt at radvis.nu Thu Oct 21 22:14:56 2004 From: pt at radvis.nu (Per Tunedal Casual) Date: Thu Oct 21 22:10:17 2004 Subject: force-v3-sigs not necessary any longer? Message-ID: <6.1.2.0.2.20041021221043.02d161f0@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I have used --force-v3-sigs in my preferences for a long time. Is this not necessary any longer? What PGP versions can handle V4 signatures? Besides what is the difference between V3 and V4 signatures? Are V4 signatures safer? How? V?nligen Per Tunedal Civ. ing. Civ. ek. S:t Mickelsgatan 148 129 44 H?gersten Telefon: 08-646 34 83 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) - GPGrelay v0.950 Comment: Vad ?r en PGP-signatur? www.clipanish.com/PGP/pgp.html iD8DBQFBeBjnaDDfzFT+2PIRAhvkAJ9kicjC0XzlbHDZ4ZvrRht3r/sakACfbB1l 9bXp/6lPBoC0G6ef7sdalvw= =TaVi -----END PGP SIGNATURE----- From johanw at vulcan.xs4all.nl Thu Oct 21 21:34:04 2004 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Thu Oct 21 23:24:26 2004 Subject: [Announce] GnuPG 1.3.91 released (development) In-Reply-To: <20041016124621.GA19126@jabberwocky.com> from David Shaw at "Oct 16, 2004 08:46:21 am" Message-ID: <200410211934.VAA01604@vulcan.xs4all.nl> David Shaw wrote: [1.3.91 released] Tested on my old Linux libc5 setup; builds and runs OK there. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From zuxy.meng at gmail.com Fri Oct 22 06:35:22 2004 From: zuxy.meng at gmail.com (Zuxy) Date: Fri Oct 22 06:32:04 2004 Subject: When to lock page under WinNT? In-Reply-To: <87vfd4dmfk.fsf@wheatstone.g10code.de> References: <87vfd4dmfk.fsf@wheatstone.g10code.de> Message-ID: On Thu, 21 Oct 2004 19:13:19 +0200, Werner Koch wrote: > On Tue, 19 Oct 2004 19:39:38 +0800, Zuxy said: > > We had long discussions on several Mailing lists over the years to > check what VirtualLock really does. The conclusion is that it does > not work in the described way. See Peter Gutmann's article on the RNG > or his book. I remember Peter said something positive about VirtualLock in the gnupg-devel list, early this year? -- Zuxy Beauty is truth, While truth is beauty. PGP KeyID: E8555ED6 From pt at radvis.nu Fri Oct 22 08:43:01 2004 From: pt at radvis.nu (Per Tunedal Casual) Date: Fri Oct 22 08:38:21 2004 Subject: Symmetric encryption and mdc Message-ID: <6.1.2.0.2.20041022083318.02d167f0@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I have learned that message protection (mdc) is not used by default when using symmetric encryption (password encryption). I can verify this when the default cipher CAST is used: The warning "Message was not integrity protected" is displayed upon decryption. What puzzles me is that this warning is not displayed if I specify the cipher to AES. Is integrity protection always used with some ciphers? Are there any drawbacks if I specify "force-mdc" in my gpg.conf-file? Is it possible to change the default cipher for symmetric encryption? Per Tunedal Keyid: 0xAE053BE0 Fingerprint: D70D 9057 A985 4944 2191 995A 2D74 F09D AE05 3BE0 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) - GPGrelay v0.950 Comment: Vad är en PGP-signatur? www.clipanish.com/PGP/pgp.html iD8DBQFBeKwfaDDfzFT+2PIRAlRJAJsHbz3wfGhSIk8VuP6rWczyxfNXHwCfUcbj AVr3O2DWiG97JnA3cA7HEr0= =ecY8 -----END PGP SIGNATURE----- From kairaven at arcor.de Fri Oct 22 09:32:41 2004 From: kairaven at arcor.de (Kai Raven) Date: Fri Oct 22 09:52:53 2004 Subject: [Announce] GnuPG 1.3.91 released (development) In-Reply-To: <20041016124621.GA19126@jabberwocky.com> References: <20041016124621.GA19126@jabberwocky.com> Message-ID: <20041022093241.373a5810@matrix.localdomain.intern> Hello David, On Sat, 16 Oct 2004 08:46:21 -0400 you wrote: > We strongly encourage people to try this development release and > report any feedback or problems to gnupg-devel@gnupg.org. Compiles and runs without problems under Fedora Core 2 -- Ciao Kai WWW: http://kai.iks-jena.de/ Blog: http://rabenhorst.blogg.de/ GnuPG-Key: 0xD6E995A0 Jabber: kraven@jabber.ccc.de -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 853 bytes Desc: not available Url : /pipermail/attachments/20041022/062ce39e/attachment.bin From kairaven at arcor.de Fri Oct 22 09:54:16 2004 From: kairaven at arcor.de (Kai Raven) Date: Fri Oct 22 10:16:03 2004 Subject: Symmetric encryption and mdc In-Reply-To: <6.1.2.0.2.20041022083318.02d167f0@localhost> References: <6.1.2.0.2.20041022083318.02d167f0@localhost> Message-ID: <20041022095416.599cea88@matrix.localdomain.intern> Hi Per, On Fri, 22 Oct 2004 08:43:01 +0200 you wrote: > Are there any drawbacks if I specify "force-mdc" in my gpg.conf-file? compatibility problems with PGP versions < 8? Because pgp2, pgp6 and pgp7 disable mdc. > Is it possible to change the default cipher for symmetric encryption? personal-cipher-preferences name1 the first named cipher will be used for symmetric encryption too and/or s2k-cipher-algo name Use name as the cipher algorithm used to protect secret keys. The default cipher is CAST5. This cipher is also used for conventional encryption if --personal-cipher-preferences and --cipher-algo is not given. -- Ciao Kai WWW: http://kai.iks-jena.de/ Blog: http://rabenhorst.blogg.de/ GnuPG-Key: 0xD6E995A0 Jabber: kraven@jabber.ccc.de From zuxy.meng at gmail.com Fri Oct 22 10:23:50 2004 From: zuxy.meng at gmail.com (Zuxy) Date: Fri Oct 22 10:20:23 2004 Subject: Symmetric encryption and mdc In-Reply-To: <6.1.2.0.2.20041022083318.02d167f0@localhost> References: <6.1.2.0.2.20041022083318.02d167f0@localhost> Message-ID: Mainly for compatibility reasons, GnuPG uses MDC for symmetric encryption only if you're using a newer cipher, which in turn means that the expected repecient has a better chance to have an MDC-enabled decoder (pgp or gpg). As for "force-mdc' in gpg.conf, I guess there's no drawback when you symmetrically encrypt a file only to yourself. On Fri, 22 Oct 2004 08:43:01 +0200, Per Tunedal Casual wrote: > Hi, > > What puzzles me is that this warning is not displayed if I specify the > cipher to AES. Is integrity protection always used with some ciphers? -- Zuxy Beauty is truth, While truth is beauty. PGP KeyID: E8555ED6 From pt at radvis.nu Fri Oct 22 15:09:17 2004 From: pt at radvis.nu (Per Tunedal Casual) Date: Fri Oct 22 15:35:00 2004 Subject: Symmetric encryption and mdc In-Reply-To: <20041022095416.599cea88@matrix.localdomain.intern> References: <6.1.2.0.2.20041022083318.02d167f0@localhost> <20041022095416.599cea88@matrix.localdomain.intern> Message-ID: <6.1.2.0.2.20041022150701.03825008@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Kaj, personal-cipher-preferences doesn't work with WinPT, only if I use GPG directly, if I put it in my gpg.conf-file. I am using GnuPG 1.2.5. I write e.g. personal-cipher-preferences s7 in the config-file, but it doesn't prevent WinPT from using CAST-5. If I use: gpg --symmetric file it works alright. Is this an issue with GPG-ME or with WinPT? BTW force-mdc works OK with WinPT. Per Tunedal At 09:54 2004-10-22, Kai Raven wrote: > >Hi Per, > >On Fri, 22 Oct 2004 08:43:01 +0200 you wrote: > >> Are there any drawbacks if I specify "force-mdc" in my >> gpg.conf-file? > >compatibility problems with PGP versions < 8? Because pgp2, pgp6 and >pgp7 disable mdc. > >> Is it possible to change the default cipher for symmetric >> encryption? > >personal-cipher-preferences name1 >the first named cipher will be used for symmetric encryption too >and/or >s2k-cipher-algo name >Use name as the cipher algorithm used to protect secret keys. The >default cipher is CAST5. This cipher is also used for conventional >encryption if --personal-cipher-preferences and --cipher-algo is not >given. > >-- >Ciao >Kai > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) Comment: Vad ?r en PGP-signatur? www.clipanish.com/PGP/pgp.html iD8DBQFBeQ1qaDDfzFT+2PIRAk6IAJ0VLfhaec5Ru56N4UYKVE3ueJK+ZACfYz5Y YnqLDsHu10lBdsm7dW1+yuM= =wGqw -----END PGP SIGNATURE----- From kairaven at arcor.de Fri Oct 22 16:26:16 2004 From: kairaven at arcor.de (Kai Raven) Date: Fri Oct 22 16:27:50 2004 Subject: Symmetric encryption and mdc In-Reply-To: <6.1.2.0.2.20041022150701.03825008@localhost> References: <6.1.2.0.2.20041022083318.02d167f0@localhost> <20041022095416.599cea88@matrix.localdomain.intern> <6.1.2.0.2.20041022150701.03825008@localhost> Message-ID: <20041022162616.52037077@matrix.localdomain.intern> Hi Per, On Fri, 22 Oct 2004 15:09:17 +0200 you wrote: > personal-cipher-preferences doesn't work with WinPT, only if I use GPG > directly, if I put it in my gpg.conf-file. I am using GnuPG 1.2.5. Yes you are right :( I have teated it with my Windows vmware installation. I have in my WinPT GnuPG preferences for the config file path c:\gnupg\gpg.conf If i change the option personal-cipher-preferences S10 S9 S8 S7 S2 S4 S3 to personal-cipher-preferences S9 S8 S7 S2 S4 S3 S10 and have s2k-cipher-algo AES256 WinPT still uses CAST5 -- Ciao Kai WWW: http://kai.iks-jena.de/ Blog: http://rabenhorst.blogg.de/ GnuPG-Key: 0xD6E995A0 Jabber: kraven@jabber.ccc.de From lists at kcoates.com Fri Oct 22 16:30:41 2004 From: lists at kcoates.com (Kevin Coates) Date: Fri Oct 22 16:28:15 2004 Subject: GPGrelay 0.955 released Message-ID: <6810412.20041022103041@nospam.kcoates.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello GnuPG-Users, It looks like Andreas has been busy. http://sourceforge.net/project/showfiles.php?group_id=33185 The change log below: Version 0.955 ; release-date: 2004-Oct-22 * GPGrelay: o More Dialogs have now proper Parent/Child-Hierarchy to disable some unwanted Non- Modality (and proper positioning) o GPGrelay now always tries to keep selections in lists/trees when reloading keys o Revoked/Expired/Disabled Subkeys are now also shown in keyviews (still missing similar feature for primary keys) o Revoke UserID is now also available through GPGrelay-GUI o Untrusted UserIDs are now also grayed out in the Key-Displays o Advanced debug-compiler-define for deadlock-checking (very experimental, might not working as intended, have to find out :)) At least it helped to catch one deadlock-situation with GPGrelay-shutdown while being asked for a passphrase so it wasn't worthless effort... (Not active in Release-Builds! In case you suffer from GPGrelay hanging, you might want to give the debug-build a try!) o STARTTLS/STLS is now always defaulting to TLS-Connection as some servers abort connection with an SSL2-Hello and don't negotiate TLS (or did I simply miss something in the OpenSSL-Doc?) o Log Full Protocol does now also show the StartTLS-Chitchat. o Some small improvements with Logging (still quite slow for large mails when log full bodies is turned on) o GPGrelay isn't that picky about email-addresses anymore, so it will work with internal email-addresses like "user@domain" or simply "user". Nevertheless GPGrelay is matching full strings, so "user@domain" doesn't match with a fully given "user@domain.com", so basically this one is only useful for giving aliases to GPGrelay (doubt it's useful to have abbreviated emails inside userids). o The PhotoID-Display can now be resized o Changed some dialog-texts to have Mnemonics (underlined chars) now, so you can navigate a bit more easily with the keyboards by pressing "Alt+Mnemonic" (don't hesitate to tell me missing/duplicate ones; this came late and is a boring issue, so I guess I haven't checked all dialogs properly... Suggested to be incorporated in current and future translations too.) o --autoexportsettings is now also working when shutting down win2k (GPGrelay is now creating the .reg-file by itself instead of executing regedit.exe to export the entries) o Simple Password-Spy-Detection should alarm you when someone unauthorized (eg. Spyware or Backdoor) is trying to read a passphrase from a GPGrelay-Dialog o Better support of crippled keys: VerifyPassphrase doesn't only rely on a signing-(sub)key anymore. o Better handling of non-canonical lineendings from broken servers o Little GUI-Fix: Relay-Dialog with IMAP and SSL is now properly changing the default-ports. o Changed a few lines of code so GPGrelay will now compile directly with VC.NET 2003 -- to my surprise the run through VC.NET also revealed embarrassing misuse of some MFC-Macros, so this experiment was more than worthwhile! * SMTP: o Hide BCC-Recipient introduced blank additional line o Some more troubles with "No secret primary Key" solved (should now work as intended) basically due to the fact that there is a way to fetch Usage-Flags for secret keys from GPG. * POP3: o Disabled Nagle-Algorithm (send coalescing) for local->remote-relay. o Some more Line-Ending-Issues solved (fewer lines added/removed) * IMAP: o There is nothing I'll do here ... who is willing to care for IMAP-code? - -- Kevin Coates Dewitt, NY USA ________________________________________________________________ (see kludges for my pgp key) -----BEGIN PGP SIGNATURE----- iD8DBQFBeRmRvZSrVDqOXK0RAkDuAJ0Tc8Z19dbSoFEikns/MatVel1WrgCeJbDx eelgy1cO5n2QXsPTp6z9FjI= =ZD5T -----END PGP SIGNATURE----- From servie_tech at yahoo.com Fri Oct 22 19:09:20 2004 From: servie_tech at yahoo.com (Servie Platon) Date: Fri Oct 22 19:06:33 2004 Subject: [Announce] GnuPG 1.3.91 released (development) Message-ID: <20041022170920.75005.qmail@web52501.mail.yahoo.com> Hi folks, I have a small home network comprising of mixed desktop and laptop machines running Windows XP and FC2. I already have a working gnupg version 1.2.6 which I downloaded from gnupg site and have compiled myself without a problem. Now, Mr. Kai Raven mentioned and encourages to try out the development release, see below: > We strongly encourage people to try this development release and > report any feedback or problems to gnupg-devel@gnupg.org. Compiles and runs without problems under Fedora Core 2 -- Ciao Kai My questions are these: 1. I would like to try out the development version and compile from source. Since, I have already a working copy and have compiled myself, how do I upgrade from version 1.2.6 to 1.3.91 so that I could try out the development stage? I have printed the GNU Privacy Handbook and I don't seem to find any info on how to make an upgrade. Should I just make another compile from source? Any suggestions or URL would be appreciated. 2. Is this development branch stable already? 3. And finally, for my windows desktops, I have found some info here: http://enigmail.mozdev.org/gpgconf.html wherein, I have downloaded GnuPG 1.2.5 compiled for Microsoft Windows and just followed the instructions and voila. Now, likewise for my windows client desktops, I would like to try out the development version of gnupg for windows. Is there a working binary for this particular development version at the gnupg site? Any suggestions would be highly appreciated. Thanks in advance. Sincerely, Servie __________________________________ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo From zuxy.meng at gmail.com Fri Oct 22 19:30:25 2004 From: zuxy.meng at gmail.com (Zuxy) Date: Fri Oct 22 19:27:01 2004 Subject: [Announce] GnuPG 1.3.91 released (development) In-Reply-To: <20041022170920.75005.qmail@web52501.mail.yahoo.com> References: <20041022170920.75005.qmail@web52501.mail.yahoo.com> Message-ID: On Fri, 22 Oct 2004 10:09:20 -0700 (PDT), Servie Platon wrote: > Hi folks, > > My questions are these: > > 1. I would like to try out the development version and > compile from source. Since, I have already a working > copy and have compiled myself, how do I upgrade from > version 1.2.6 to 1.3.91 so that I could try out the > development stage? Since you built 1.2.6 from source instead of installing an rpm package, you can safely download the 1.3.91 source and build it as you did for 1.2.6, I suppose it'll overwrite the old binaries but conserve other settings (e.g. locations of gpg.conf and keyrings). > 3. And finally, for my windows desktops, I have found > some info here: > > Now, likewise for my windows client desktops, I would > like to try out the development version of gnupg for > windows. Is there a working binary for this particular > development version at the gnupg site? Do a search of this list. I posted just a few days ago. > > Sincerely, > Servie > -- Zuxy Beauty is truth, While truth is beauty. PGP KeyID: E8555ED6 From hmujtaba at forumsys.com Fri Oct 22 19:59:49 2004 From: hmujtaba at forumsys.com (Hasnain Mujtaba) Date: Fri Oct 22 19:56:57 2004 Subject: force-v3-sigs not necessary any longer? Message-ID: <4DCE15B9C4E66F4CA967EBF64C53D64D67B3B4@bstn-exch1.forumsys.com> I did some testing and learned that PGP8.x generates v3 signatures, but it can verify v4 signatures. This is probably for interoperabilty with PGP6.5.8, which cannot verify v4 sigs. RFC 2440 describes the difference between v3 and v4 signatures as follows: Two versions of signature packets are defined. Version 3 provides basic signature information, while version 4 provides an expandable format with subpackets that can specify more information about the signature. PGP 2.6.x only accepts version 3 signatures. Hasnain. -----Original Message----- From: gnupg-users-bounces@gnupg.org [mailto:gnupg-users-bounces@gnupg.org] On Behalf Of Per Tunedal Casual Sent: Thursday, October 21, 2004 4:15 PM To: gnupg-users@gnupg.org Subject: force-v3-sigs not necessary any longer? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I have used --force-v3-sigs in my preferences for a long time. Is this not necessary any longer? What PGP versions can handle V4 signatures? Besides what is the difference between V3 and V4 signatures? Are V4 signatures safer? How? V?nligen Per Tunedal Civ. ing. Civ. ek. S:t Mickelsgatan 148 129 44 H?gersten Telefon: 08-646 34 83 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) - GPGrelay v0.950 Comment: Vad ?r en PGP-signatur? www.clipanish.com/PGP/pgp.html iD8DBQFBeBjnaDDfzFT+2PIRAhvkAJ9kicjC0XzlbHDZ4ZvrRht3r/sakACfbB1l 9bXp/6lPBoC0G6ef7sdalvw= =TaVi -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From kairaven at arcor.de Fri Oct 22 21:31:14 2004 From: kairaven at arcor.de (Kai Raven) Date: Fri Oct 22 21:31:33 2004 Subject: [Announce] GnuPG 1.3.91 released (development) In-Reply-To: <20041022170920.75005.qmail@web52501.mail.yahoo.com> References: <20041022170920.75005.qmail@web52501.mail.yahoo.com> Message-ID: <20041022213114.6d8d4831@matrix.localdomain.intern> Hi Servie, On Fri, 22 Oct 2004 10:09:20 -0700 (PDT) you wrote: > Now, Mr. Kai Raven mentioned and encourages to try out > the development release, see below: No, David Shaw or Werner Koch from the GnuPG Team made the announcments :o) > 1. I would like to try out the development version and > compile from source. Since, I have already a working > copy and have compiled myself, how do I upgrade from > version 1.2.6 to 1.3.91 so that I could try out the > development stage? > I have printed the GNU Privacy Handbook and I don't > seem to find any info on how to make an upgrade. > Should I just make another compile from source? Any > suggestions or URL would be appreciated. You can compile and install as with version 1.2.6, the new install overwrites all binary files and man pages from 1.2.6. If you prefer RPMs, you can try a rpmbuild -tb gnupg-1.3.91.tar.bz2, because a spec file is included. > 2. Is this development branch stable already? It is a "developer" version but imo stable to use it with FC2 :) -- Ciao Kai WWW: http://kai.iks-jena.de/ Blog: http://rabenhorst.blogg.de/ GnuPG-Key: 0xD6E995A0 Jabber: kraven@jabber.ccc.de From marcus.brinkmann at ruhr-uni-bochum.de Fri Oct 22 21:17:47 2004 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Fri Oct 22 21:43:21 2004 Subject: [Announce] GPGME 1.0.1 released References: <87d603agf9.wl@ulysses.g10code.de> Message-ID: <87pt3a4l5w.wl@ulysses.g10code.de> We are pleased to announce version 1.0.1 of GnuPG Made Easy, a library designed to make access to GnuPG easier for applications. It may be found in the file (about 795 KB compressed) ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.0.1.tar.gz The following files are also available: ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.0.1.tar.gz.sig ftp://ftp.gnupg.org/gcrypt/alpha/gpgme/gpgme-1.0.0-1.0.1.diff.gz It should soon appear on the mirrors listed at: http://www.gnupg.org/mirrors.html Bug reports and requests for assistance should be sent to: gnupg-devel@gnupg.org The md5sum checksums for this distibution are f9acf829e1d2821e62da8832e0bebf44 gpgme-1.0.0-1.0.1.diff.gz 915045809b729998e4b7cb58856550a4 gpgme-1.0.1.tar.gz f5d4961abc805d8f393893d86482b576 gpgme-1.0.1.tar.gz.sig Noteworthy changes in version 1.0.1 (2004-10-22) ------------------------------------------------ * Only bug fixes. Marcus Brinkmann mb@g10code.de _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From servie_tech at yahoo.com Fri Oct 22 23:50:32 2004 From: servie_tech at yahoo.com (Servie Platon) Date: Fri Oct 22 23:47:34 2004 Subject: [Announce] GnuPG 1.3.91 released (development) In-Reply-To: <20041022213114.6d8d4831@matrix.localdomain.intern> Message-ID: <20041022215032.46616.qmail@web52502.mail.yahoo.com> Hi Mr. Raven, Thank you very much on your reply. Appreciate your kind help. Actually, I am a little bit worried on my win32 installation. As per previous post of Mr.Zuki Meng, I was told to look for the answers to this post on the list which I did. Now, I have downloaded, gnupg-1.3.91w32.tar.bz2 to my windows machine and was able to extract the files. http://lists.gnupg.org/pipermail/gnupg-users/2004-October/023499.html Since, this is a bz2 file and not a zip file. How do I make upgrade to 1.3.91? With this, gnupg-w32cli-1.2.5.zip which I got from gnupg.org I was able to enable it by following the instructions on mozilla howto on gpg.conf which works fine. I just don't know where to go from here??? Would you think it would be a good idea for me to follow the instructions on http://web.tiscali.it/clbianco/gnupg/eng/gnupg.html (Building GnuPG for Win32 using MinGW? I could do this procedure and I don't mind going through the process further. My only hesitation, is it might conflict my previous installation, 1.2.5. Any thoughts on this? Thanks again and hope to hear from you soon. Sincerely, Servie --- Kai Raven wrote: > > Hi Servie, > > On Fri, 22 Oct 2004 10:09:20 -0700 (PDT) you wrote: > > > Now, Mr. Kai Raven mentioned and encourages to try > out > > the development release, see below: > > No, David Shaw or Werner Koch from the GnuPG Team > made the announcments > :o) > > > 1. I would like to try out the development version > and > > compile from source. Since, I have already a > working > > copy and have compiled myself, how do I upgrade > from > > version 1.2.6 to 1.3.91 so that I could try out > the > > development stage? > > > I have printed the GNU Privacy Handbook and I > don't > > seem to find any info on how to make an upgrade. > > Should I just make another compile from source? > Any > > suggestions or URL would be appreciated. > > You can compile and install as with version 1.2.6, > the new install > overwrites all binary files and man pages from > 1.2.6. > If you prefer RPMs, you can try a rpmbuild -tb > gnupg-1.3.91.tar.bz2, > because a spec file is included. > > > 2. Is this development branch stable already? > > It is a "developer" version but imo stable to use it > with FC2 :) > > -- > Ciao > Kai > > WWW: http://kai.iks-jena.de/ > Blog: http://rabenhorst.blogg.de/ > GnuPG-Key: 0xD6E995A0 > Jabber: kraven@jabber.ccc.de > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > __________________________________ Do you Yahoo!? Yahoo! Mail Address AutoComplete - You start. We finish. http://promotions.yahoo.com/new_mail From zuxy.meng at gmail.com Sat Oct 23 06:58:41 2004 From: zuxy.meng at gmail.com (Zuxy) Date: Sat Oct 23 06:55:22 2004 Subject: [Announce] GnuPG 1.3.91 released (development) In-Reply-To: <20041022215032.46616.qmail@web52502.mail.yahoo.com> References: <20041022213114.6d8d4831@matrix.localdomain.intern> <20041022215032.46616.qmail@web52502.mail.yahoo.com> Message-ID: On Fri, 22 Oct 2004 14:50:32 -0700 (PDT), Servie Platon wrote: > > Since, this is a bz2 file and not a zip file. How do I > make upgrade to 1.3.91? With this, > gnupg-w32cli-1.2.5.zip which I got from gnupg.org I > was able to enable it by following the instructions on > mozilla howto on gpg.conf which works fine. Well, a .tar.bz2 is just like a .zip. Extract all the files to the directory where you've installed 1.2.5 (you may backup the old files in advance), replace the old binaries and it'll run just fine because a working environment for 1.2.5 is still working for 1.3.91. > I just don't know where to go from here??? Would you > think it would be a good idea for me to follow the > instructions on > http://web.tiscali.it/clbianco/gnupg/eng/gnupg.html > (Building GnuPG for Win32 using MinGW? I could do this > procedure and I don't mind going through the process > further. My only hesitation, is it might conflict my > previous installation, 1.2.5. Any thoughts on this? That instruction is good but a little outdated and I've written something complementary -- "Building GnuPG 1.3.x for Win32 using MinGW" at http://www.smth.org/pc/pccon.php?id=3683&nid=85555. If you have problems following instructions in these two articles, feel free to contact me through emails. And there's a third way, since you have a working FC2 -- you can cross-build it under the CPD version of MinGW which is available at ftp://ftp.gnupg.org/people/werner/cpd/mingw32-cpd-0.3.1.tar.gz. I reckon there are few problems because this way is official :-)But I'm too lazy to try it out. -- Zuxy Beauty is truth, While truth is beauty. PGP KeyID: E8555ED6 From abjork at online.no Sat Oct 23 09:55:46 2004 From: abjork at online.no (=?iso-8859-1?Q?Arild_Bj=F8rk?=) Date: Sat Oct 23 09:52:17 2004 Subject: Reload keys Message-ID: <000e01c4b8d5$b4905840$6600a8c0@CEL2000> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I use both PGP 8.1 and GnuPG 1.2.5 for Windows with GPGshell. Both programs have 414 keys. What I've noticed is that GnuPG is slow reloading the keys to GPGshell. It takes 8-9 seconds. With PGP the (re)loading of keys is done in a couple of seconds. Is it possible to make GnuPG reload keys much faster? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) iD8DBQFBeg6Cn1hjZcCMxG0RAomfAJ9eIolv4Y+pzKsz7PaqELLMNvT+zwCfZZMa QkMXb7XBPViqPFXiOVIxcuk= =fczS -----END PGP SIGNATURE----- From pragai at rubin.hu Sat Oct 23 10:58:00 2004 From: pragai at rubin.hu (=?ISO-8859-2?Q?=22Pr=E1gai=2C_R=F3bert=22?=) Date: Sat Oct 23 10:55:01 2004 Subject: scdaemon with cryptoflex Message-ID: <417A1D18.5060807@rubin.hu> Hi, is it possible to use scdaemon with a Schlumberger Cryptoflex card using it's pkcs15 structure created by opensc? I tried but gpg2 --card -status failed with various errors. So, I have a working card, with a pkcs15 structure. I have successfully start the scdaemon, but it reports: can't lock card in reader 0: Generic reader error. When I restart openct, anther error appears as well: no supported card application found: Card error What can be the reason of this? Any suggestions? zyx:/home/pragai/gpg/src/gnupg-1.9.11# opensc-tool -a 3B 95 18 40 FF 62 01 02 01 04 ;..@.b.... zyx:/home/pragai/gpg/src/gnupg-1.9.11# pkcs15-tool -k Private RSA Key [Private Key] Com. Flags : 3 Usage : [0x22E], decrypt, sign, signRecover, unwrap, nonRepudiation Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract, local ModLength : 1024 Key ref : 0 Native : yes Path : 3F0050154B0130450012 Auth ID : 01 ID : 45 zyx:/home/pragai/gpg/src/gnupg-1.9.11# eval `scdaemon --daemon` scdaemon[9367]: NOTE: this is a development version! zyx:/home/pragai/gpg/src/gnupg-1.9.11# gpg2 --card-status gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! gpg: DBG: connection to agent established scdaemon[9371]: NOTE: this is a development version! scdaemon[9371]: can't lock card in reader 0: Generic reader error scdaemon[9371]: can't lock card in reader 0: Generic reader error scdaemon[9371]: can't lock card in reader 0: Generic reader error scdaemon: card.c:486: sc_unlock: El?felt?telez?s `card->lock_count >= 1' sikertelen. gpg-agent[9370]: command learn failed: Unknown system error gpg: OpenPGP card not available: Assuan server fault zyx:/home/pragai/gpg/src/gnupg-1.9.11# /etc/init.d/openct restart Restarting smart card terminal framework: OpenCT1 process killed. . zyx:/home/pragai/gpg/src/gnupg-1.9.11# gpg2 --card-status gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! gpg: DBG: connection to agent established scdaemon[9380]: NOTE: this is a development version! scdaemon[9380]: no supported card application found: Card error scdaemon[9380]: can't lock card in reader 0: Generic reader error scdaemon: card.c:486: sc_unlock: El?felt?telez?s `card->lock_count >= 1' sikertelen. gpg-agent[9379]: command learn failed: Unknown system error gpg: OpenPGP card not available: Assuan server fault thanks, Robert From linux at codehelp.co.uk Sat Oct 23 20:28:57 2004 From: linux at codehelp.co.uk (Neil Williams) Date: Sat Oct 23 20:25:31 2004 Subject: Reload keys In-Reply-To: <000e01c4b8d5$b4905840$6600a8c0@CEL2000> References: <000e01c4b8d5$b4905840$6600a8c0@CEL2000> Message-ID: <200410231928.57888.linux@codehelp.co.uk> On Saturday 23 October 2004 8:55 am, Arild Bj?rk wrote: > I use both PGP 8.1 and GnuPG 1.2.5 for Windows with GPGshell. Both programs > have 414 keys. What I've noticed is that GnuPG is slow reloading the keys > to GPGshell. It takes 8-9 seconds. With PGP the (re)loading of keys is done > in a couple of seconds. > > Is it possible to make GnuPG reload keys much faster? PGP might be skipping the trust database check. You can do the same but GnuPG will prompt you to run --check-trustdb from time to time (like when new keys are imported or existing ones refreshed) so that might be something to do via cron or Task Scheduler (if that still exists on Windows). I use no-auto-check-trustdb in gpg.conf and gpg --check-trustdb in cron, at least once a week, plus manual --update-trustdb to catch up with new keys with no user trust level (which check- won't do). -- Neil Williams ============= http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20041023/90827fee/attachment-0001.bin From servie_tech at yahoo.com Sun Oct 24 02:59:49 2004 From: servie_tech at yahoo.com (Servie Platon) Date: Sun Oct 24 02:56:52 2004 Subject: Adding a Comment Message-ID: <20041024005949.67343.qmail@web52505.mail.yahoo.com> Hi folks, I am sorry if this may have been asked before. Is there a way to add a comment, after one has generated a key? I know, this is not as important but I am just curious if it is possible after you have saved your keys? Thanks. Sincerely, Servie _______________________________ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com From servie_tech at yahoo.com Sun Oct 24 03:08:44 2004 From: servie_tech at yahoo.com (Servie Platon) Date: Sun Oct 24 03:05:47 2004 Subject: [Announce] GnuPG 1.3.91 released (development) In-Reply-To: Message-ID: <20041024010844.81863.qmail@web52509.mail.yahoo.com> Hi Zuky, Thank you for the suggestion earlier. I have extracted the the gnupg binaries into the folder and it worked! This means I don't have to go through the second option in the first place. Thanks a lot! However, I still have another problem. Is there a way to automatically sign all outgoing email messages with my public keys using mozilla thunderbird for my work email: servie@admar-group.com and personal email: servie_tech@yahoo.com? I have read and searched in google that to do this, we need to make a signature file and configure thunderbird or yahoo to open that file whenever you make new mail messages, we get a signed email? Is this the only way to do this? Any thoughts on this from you or from anyone else in this group would definitely be appreciated. Thank you very much. Sincerely, Servie --- Zuxy wrote: > On Fri, 22 Oct 2004 14:50:32 -0700 (PDT), Servie > Platon > wrote: > > > > Since, this is a bz2 file and not a zip file. How > do I > > make upgrade to 1.3.91? With this, > > gnupg-w32cli-1.2.5.zip which I got from gnupg.org > I > > was able to enable it by following the > instructions on > > mozilla howto on gpg.conf which works fine. > > Well, a .tar.bz2 is just like a .zip. Extract all > the files to the > directory where you've installed 1.2.5 (you may > backup the old files > in advance), replace the old binaries and it'll run > just fine because > a working environment for 1.2.5 is still working for > 1.3.91. > > > I just don't know where to go from here??? Would > you > > think it would be a good idea for me to follow the > > instructions on > > > http://web.tiscali.it/clbianco/gnupg/eng/gnupg.html > > (Building GnuPG for Win32 using MinGW? I could do > this > > procedure and I don't mind going through the > process > > further. My only hesitation, is it might conflict > my > > previous installation, 1.2.5. Any thoughts on > this? > > That instruction is good but a little outdated and > I've written > something complementary -- "Building GnuPG 1.3.x for > Win32 using > MinGW" at > http://www.smth.org/pc/pccon.php?id=3683&nid=85555. > If you > have problems following instructions in these two > articles, feel free > to contact me through emails. > > And there's a third way, since you have a working > FC2 -- you can > cross-build it under the CPD version of MinGW which > is available at > ftp://ftp.gnupg.org/people/werner/cpd/mingw32-cpd-0.3.1.tar.gz. > I > reckon there are few problems because this way is > official :-)But I'm > too lazy to try it out. > > -- > Zuxy > Beauty is truth, > While truth is beauty. > PGP KeyID: E8555ED6 > _______________________________ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com From abjork at online.no Sun Oct 24 10:12:37 2004 From: abjork at online.no (=?iso-8859-1?Q?Arild_Bj=F8rk?=) Date: Sun Oct 24 10:09:11 2004 Subject: Reload keys In-Reply-To: <000e01c4b8d5$b4905840$6600a8c0@CEL2000> Message-ID: <000301c4b9a1$39b6efe0$6600a8c0@CEL2000> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > -----Original Message----- > From: gnupg-users-bounces@gnupg.org > [mailto:gnupg-users-bounces@gnupg.org] On Behalf Of Arild Bj?rk > Sent: Saturday, October 23, 2004 9:56 AM > To: Gnupg-Users > Subject: Reload keys > > I use both PGP 8.1 and GnuPG 1.2.5 for Windows with GPGshell. > Both programs have 414 keys. What I've noticed is that GnuPG > is slow reloading the keys to GPGshell. It takes 8-9 seconds. > With PGP the (re)loading of keys is done in a couple of seconds. > > Is it possible to make GnuPG reload keys much faster? Solved the problem by using: gpg -rebuild-keydb-cache from GPGShell GnuPGs reloading of keys seems now a tad quicker than PGP. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQXtj9Z9YY2XAjMRtEQK8iACfQm8RpB8QAgPfpl+MxhmiU2QGs6QAn1GB Ig/XI7INKJjb//aXUdTl2JrQ =PRwC -----END PGP SIGNATURE----- From wk at gnupg.org Sun Oct 24 14:41:50 2004 From: wk at gnupg.org (Werner Koch) Date: Sun Oct 24 14:44:25 2004 Subject: When to lock page under WinNT? In-Reply-To: (zuxy.meng@gmail.com's message of "Fri, 22 Oct 2004 12:35:22 +0800") References: <87vfd4dmfk.fsf@wheatstone.g10code.de> Message-ID: <87fz44wanl.fsf@wheatstone.g10code.de> On Fri, 22 Oct 2004 12:35:22 +0800, Zuxy said: > I remember Peter said something positive about VirtualLock in the > gnupg-devel list, early this year? IIRC, he was not yet sure about it. Werner From shavital at mac.com Sun Oct 24 18:47:17 2004 From: shavital at mac.com (Charly Avital) Date: Sun Oct 24 18:44:03 2004 Subject: Adding a Comment In-Reply-To: <20041024005949.67343.qmail@web52505.mail.yahoo.com> References: <20041024005949.67343.qmail@web52505.mail.yahoo.com> Message-ID: I reckon that the comment is part of your gpg.conf file, therefore it will be applied to all your keys. It would go this way: $ gpg --comment [text of the comment] But there might be another way, and I hope other list members will help. Charly At 5:59 PM -0700 10/23/04, Servie Platon wrote: >Hi folks, > >I am sorry if this may have been asked before. > >Is there a way to add a comment, after one has >generated a key? I know, this is not as important but >I am just curious if it is possible after you have >saved your keys? > >Thanks. > >Sincerely, >Servie From twoaday at freakmail.de Sun Oct 24 19:22:44 2004 From: twoaday at freakmail.de (Timo Schulz) Date: Sun Oct 24 19:33:18 2004 Subject: Symmetric encryption and mdc In-Reply-To: <20041022162616.52037077@matrix.localdomain.intern> References: <6.1.2.0.2.20041022083318.02d167f0@localhost> <20041022095416.599cea88@matrix.localdomain.intern> <6.1.2.0.2.20041022150701.03825008@localhost> <20041022162616.52037077@matrix.localdomain.intern> Message-ID: <20041024172244.GA1188@daredevil.joesixpack.net> On Fri Oct 22 2004; 16:26, Kai Raven wrote: > I have in my WinPT GnuPG preferences for the config file path It would be useful to know what WinPT version you used. > c:\gnupg\gpg.conf > If i change the option > personal-cipher-preferences S10 S9 S8 S7 S2 S4 S3 > to > personal-cipher-preferences S9 S8 S7 S2 S4 S3 S10 > and have s2k-cipher-algo AES256 > WinPT still uses CAST5 Indeed I use a default for symmetric encryption A long time ago I did it to fix some GPG -> PGP6 problems. I will change it so it honors the option if it is available (or "cipher-algo"). Thanks, Timo From kairaven at arcor.de Sun Oct 24 21:41:42 2004 From: kairaven at arcor.de (Kai Raven) Date: Sun Oct 24 21:39:21 2004 Subject: Symmetric encryption and mdc In-Reply-To: <20041024172244.GA1188@daredevil.joesixpack.net> References: <6.1.2.0.2.20041022083318.02d167f0@localhost> <20041022095416.599cea88@matrix.localdomain.intern> <6.1.2.0.2.20041022150701.03825008@localhost> <20041022162616.52037077@matrix.localdomain.intern> <20041024172244.GA1188@daredevil.joesixpack.net> Message-ID: <20041024214142.261407e5@matrix.localdomain.intern> Hi Timo, On Sun, 24 Oct 2004 19:22:44 +0200 you wrote: > It would be useful to know what WinPT version you used. 1.0rc2 with WinPT Tray 0.9.12 from http://sourceforge.net/projects/winpt/ > > > c:\gnupg\gpg.conf > > If i change the option > > personal-cipher-preferences S10 S9 S8 S7 S2 S4 S3 > > to > > personal-cipher-preferences S9 S8 S7 S2 S4 S3 S10 > > and have s2k-cipher-algo AES256 > > WinPT still uses CAST5 > > Indeed I use a default for symmetric encryption A long time ago I > did it to fix some GPG -> PGP6 problems. I see & understandable :) > I will change it so it > honors the option if it is available (or "cipher-algo"). Mmh, i think cipher-ago is not a good idea, because it is not so flexible as the first mentioned ID in personal-cipher-preferences or secondary the name with s2k-cipher-algo. I mean, if somebody uses GnuPG for public key crypto without WinPT... -- Ciao Kai WWW: http://kai.iks-jena.de/ Blog: http://rabenhorst.blogg.de/ GnuPG-Key: 0xD6E995A0 Jabber: kraven@jabber.ccc.de -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 853 bytes Desc: not available Url : /pipermail/attachments/20041024/92666c5a/attachment.bin From pt at radvis.nu Sun Oct 24 22:31:43 2004 From: pt at radvis.nu (Per Tunedal Casual) Date: Sun Oct 24 22:30:41 2004 Subject: Symmetric encryption and mdc In-Reply-To: <20041024172244.GA1188@daredevil.joesixpack.net> References: <6.1.2.0.2.20041022083318.02d167f0@localhost> <20041022095416.599cea88@matrix.localdomain.intern> <6.1.2.0.2.20041022150701.03825008@localhost> <20041022162616.52037077@matrix.localdomain.intern> <20041024172244.GA1188@daredevil.joesixpack.net> Message-ID: <6.1.2.0.2.20041024223101.02d16ad8@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 19:22 2004-10-24, Timo Schulz wrote: >On Fri Oct 22 2004; 16:26, Kai Raven wrote: > >> I have in my WinPT GnuPG preferences for the config file path > >It would be useful to know what WinPT version you used. > I tested with WinPT v. 0.7.96 > - --- snipped --- > >Thanks, > > Timo Per Tunedal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) - GPGrelay v0.955 Comment: Vad är en PGP-signatur? www.clipanish.com/PGP/pgp.html iD8DBQFBfBI1aDDfzFT+2PIRAtAbAJ9vNSVB6CzsXSvvbBaR6ZSN8q/GHwCfV8yC lmuJu6Vj5JoGdKgbfuO98oU= =V6lW -----END PGP SIGNATURE----- From pt at radvis.nu Sun Oct 24 23:20:16 2004 From: pt at radvis.nu (Per Tunedal Casual) Date: Sun Oct 24 23:16:02 2004 Subject: Symmetric encryption Message-ID: <6.1.2.0.2.20041024230022.02d16c40@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, how is symmetric encryption performed in GnuPG? When encrypting the secret key and when encrypting a file? I suppose a session key is created with the chosen length (depending on the chosen cipher). And the session key is encrypted with the passphrase. How is the passphrase used? Is it hashed with e.g. SHA-1 to derive a key? Or is the passphrase used directly? What are the security implications? It cannot be meaningful to choose a cipher that produces a longer key than the password can generate. If SHA-1 is the limit, then you've got 160 bits. Thus a cipher with 256 bits would be overkill. If the password is used directly the calculation must be based on the strength of the password used by the individual, I suppose. V?nligen Per Tunedal Civ. ing. Civ. ek. S:t Mickelsgatan 148 129 44 H?gersten Telefon: 08-646 34 83 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) - GPGrelay v0.955 Comment: Vad ?r en PGP-signatur? www.clipanish.com/PGP/pgp.html iD8DBQFBfBzVaDDfzFT+2PIRArjaAJ9IJEhqN6eNrAlwqNlaO9XiVFJAYACeMfj+ 0LdeahFU0nTZFxpQdtGc6Fg= =qNzk -----END PGP SIGNATURE----- From JPClizbe at comcast.net Mon Oct 25 01:25:11 2004 From: JPClizbe at comcast.net (John Clizbe) Date: Mon Oct 25 01:22:20 2004 Subject: Adding a Comment In-Reply-To: <20041024005949.67343.qmail@web52505.mail.yahoo.com> References: <20041024005949.67343.qmail@web52505.mail.yahoo.com> Message-ID: <417C39D7.5080708@comcast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Servie Platon wrote: > > Hi folks, > > I am sorry if this may have been asked before. > > Is there a way to add a comment, after one has > generated a key? I know, this is not as important but > I am just curious if it is possible after you have > saved your keys? It's not possible to edit the comment field of an UID after it has been made part of the key. You may, however, add a new UID (same name, same email, add the comment) and delete the old UID without the comment. - -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Our enemies are innovative and resourceful, and so are we. They never stop thinking about new ways to harm our country and our people, and neither do we." - Dumbya explaining his administration 5-Aug-2004 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.92-cvs (Windows 2000 SP4) Comment: When cryptography is outlawed, b25seSBvdXRsYXdzIHdpbGwgdXNlIG Comment: Annoy John Asscraft -- Use Strong Encryption. Comment: It's YOUR right - for the time being. Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBfDnWHQSsSmCNKhARArybAKC+jLJN5o2NkDATrUI1SwK+r7YtQACfRPaI mFsfyM1IjkeX1tdehr17ktw= =Fyc1 -----END PGP SIGNATURE----- From servie_tech at yahoo.com Mon Oct 25 05:14:15 2004 From: servie_tech at yahoo.com (Servie Platon) Date: Mon Oct 25 05:11:19 2004 Subject: Adding a Comment In-Reply-To: <417C39D7.5080708@comcast.net> Message-ID: <20041025031415.32150.qmail@web52508.mail.yahoo.com> Thank you very much John and Charly for the reply on my query. Sincerely, Servie --- John Clizbe wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Servie Platon wrote: > > > > Hi folks, > > > > I am sorry if this may have been asked before. > > > > Is there a way to add a comment, after one has > > generated a key? I know, this is not as important > but > > I am just curious if it is possible after you have > > saved your keys? > > It's not possible to edit the comment field of an > UID after it has been > made part of the key. You may, however, add a new > UID (same name, same > email, add the comment) and delete the old UID > without the comment. > > > > - -- > John P. Clizbe Inet: > JPClizbe(a)comcast DOT nyet > Golden Bear Networks PGP/GPG KeyID: > 0x608D2A10 > "Our enemies are innovative and resourceful, and > so are we. They > never stop thinking about new ways to harm our > country and our people, > and neither do we." - Dumbya explaining his > administration 5-Aug-2004 > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.3.92-cvs (Windows 2000 SP4) > Comment: When cryptography is outlawed, > b25seSBvdXRsYXdzIHdpbGwgdXNlIG > Comment: Annoy John Asscraft -- Use Strong > Encryption. > Comment: It's YOUR right - for the time being. > Comment: Using GnuPG with Mozilla - > http://enigmail.mozdev.org > > iD8DBQFBfDnWHQSsSmCNKhARArybAKC+jLJN5o2NkDATrUI1SwK+r7YtQACfRPaI > mFsfyM1IjkeX1tdehr17ktw= > =Fyc1 > -----END PGP SIGNATURE----- > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > ===== Sincerely, Servie Platon _______________________________ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com From twoaday at freakmail.de Mon Oct 25 08:06:43 2004 From: twoaday at freakmail.de (Timo Schulz) Date: Mon Oct 25 18:25:42 2004 Subject: Symmetric encryption and mdc In-Reply-To: <20041024214142.261407e5@matrix.localdomain.intern> References: <6.1.2.0.2.20041022083318.02d167f0@localhost> <20041022095416.599cea88@matrix.localdomain.intern> <6.1.2.0.2.20041022150701.03825008@localhost> <20041022162616.52037077@matrix.localdomain.intern> <20041024172244.GA1188@daredevil.joesixpack.net> <20041024214142.261407e5@matrix.localdomain.intern> Message-ID: <20041025060643.GA808@daredevil.joesixpack.net> On Sun Oct 24 2004; 21:41, Kai Raven wrote: > Mmh, i think cipher-ago is not a good idea, because it is not so > flexible as the first mentioned ID in personal-cipher-preferences or > secondary the name with s2k-cipher-algo. I mean, if somebody uses GnuPG > for public key crypto without WinPT... What I wanted to say is, that I will disable the CAST5 cipher force if I found an option in the gpg.conf which would override it. And for WinPT this is only a problem when you use symmetric encryption. I guess most of the time, people use public-key encryption. Timo -- Colt at WinPT.org keyid BF3DF9B4 (http://www.winpt.org) WinPT (http://www.stud.uni-hannover.de/~twoaday/winpt.html) Installer (http://www.equipmente.de/viewtopic.php?t=433#1080) From wk at gnupg.org Mon Oct 25 20:08:40 2004 From: wk at gnupg.org (Werner Koch) Date: Mon Oct 25 20:09:27 2004 Subject: Gnupg for Windows and key generation? In-Reply-To: <4174DB42.5090007@siba.fi> (Severi Salminen's message of "Tue, 19 Oct 2004 12:15:46 +0300") References: <4174DB42.5090007@siba.fi> Message-ID: <87d5z6n00n.fsf@wheatstone.g10code.de> On Tue, 19 Oct 2004 12:15:46 +0300, Severi Salminen said: > 6. If all the above information is available somewhere I'd appreciate a > link. @Book{Gut:02:CSA, author = "Peter Gutmann", title = "Cryptographic Security Architecture", language = "USenglish", publisher = pub-SV, address = pub-SV:adr, pages = "xviii + 320", year = "2002", ISBN = "0-387-95387-6", keywords = "cryptograpy", } which contains an update of the original paper: http://www.cs.auckland.ac.nz/~pgut001/pubs/usenix98.pdf For gpg implementation issues see doc/DETAILS Werner From pt at radvis.nu Mon Oct 25 20:23:46 2004 From: pt at radvis.nu (Per Tunedal Casual) Date: Mon Oct 25 20:19:11 2004 Subject: Symmetric encryption and mdc In-Reply-To: <20041025060643.GA808@daredevil.joesixpack.net> References: <6.1.2.0.2.20041022083318.02d167f0@localhost> <20041022095416.599cea88@matrix.localdomain.intern> <6.1.2.0.2.20041022150701.03825008@localhost> <20041022162616.52037077@matrix.localdomain.intern> <20041024172244.GA1188@daredevil.joesixpack.net> <20041024214142.261407e5@matrix.localdomain.intern> <20041025060643.GA808@daredevil.joesixpack.net> Message-ID: <6.1.2.0.2.20041025202247.0381ce40@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 08:06 2004-10-25, Timo Schulz wrote: >On Sun Oct 24 2004; 21:41, Kai Raven wrote: > >> Mmh, i think cipher-ago is not a good idea, because it is not so >> flexible as the first mentioned ID in personal-cipher-preferences or >> secondary the name with s2k-cipher-algo. I mean, if somebody uses GnuPG >> for public key crypto without WinPT... > >What I wanted to say is, that I will disable the CAST5 cipher force >if I found an option in the gpg.conf which would override it. > >And for WinPT this is only a problem when you use symmetric encryption. >I guess most of the time, people use public-key encryption. > > > Timo > That will be fine. Thank you, Timo! Per Tunedal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) - GPGrelay v0.955 Comment: Vad är en PGP-signatur? www.clipanish.com/PGP/pgp.html iD8DBQFBfUTlaDDfzFT+2PIRAo0DAJ9Ws5ib/CC97HWEk6iE00FC1bTwdQCdEBbv MGvpdbYtMs0sc4w7faUsT1o= =WOP6 -----END PGP SIGNATURE----- From pt at radvis.nu Mon Oct 25 20:44:41 2004 From: pt at radvis.nu (Per Tunedal Casual) Date: Mon Oct 25 21:20:06 2004 Subject: Symmetric encryption In-Reply-To: <6.1.2.0.2.20041024230022.02d16c40@localhost> References: <6.1.2.0.2.20041024230022.02d16c40@localhost> Message-ID: <6.1.2.0.2.20041025203923.02d16f38@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 23:20 2004-10-24, Per Tunedal Casual wrote: > >What are the security implications? It cannot be meaningful to choose a >cipher that produces a longer key than the password can generate. If SHA-1 >is the limit, then you've got 160 bits. Thus a cipher with 256 bits would >be overkill. If the password is used directly the calculation must be based >on the strength of the password used by the individual, I suppose. > >V?nligen >Per Tunedal I thought once more about this :-) It's hard enough to put up a passphrase that matches an 128 bit-key. The hash, if any, doesn't matter, because it can hardly decrease the strength of the passphrase,. Thus any cipher with a key longer than 128-bits is overkill when you encrypt symmetrically. Right? Per Tunedal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) - GPGrelay v0.955 Comment: Vad ?r en PGP-signatur? www.clipanish.com/PGP/pgp.html iD8DBQFBfUnFaDDfzFT+2PIRAh6eAJ0Ux1pUvVosKAPk2mLH6/Ia3RknAQCfTvMX Nk9QL074m6uFiNcel720vsE= =20a5 -----END PGP SIGNATURE----- From servie_tech at yahoo.com Tue Oct 26 05:09:02 2004 From: servie_tech at yahoo.com (Servie Platon) Date: Tue Oct 26 05:06:06 2004 Subject: make: *** [install-recursive] Error 1 Message-ID: <20041026030902.79948.qmail@web52501.mail.yahoo.com> Hi folks, I got an error message as shown above after I issued the command make install at my home directory As far as I can remember, Mr. Werner Koch posted a howto on the gnupg site but could not find the URL. Someone from this list, gave me the URL for the answer but I must have misplaced the email. I should have printed the document when I had the chance but I forgot to. Sorry about this folks. I have a running gnupg 1.2.4 on a FC2 and I would like to test the gnupg 1.3.91 for my FC2 desktop systems. I have already tested gnupg 1.3.91 for my other win32 boxes and thus far, it didn't give me any problems. Any thoughts on this would be highly appreciated. Thanks. Sincerely, Servie ===== Sincerely, Servie Platon __________________________________ Do you Yahoo!? Yahoo! Mail Address AutoComplete - You start. We finish. http://promotions.yahoo.com/new_mail From atom at suspicious.org Tue Oct 26 07:58:48 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Tue Oct 26 07:55:52 2004 Subject: Symmetric encryption In-Reply-To: <6.1.2.0.2.20041025203923.02d16f38@localhost> References: <6.1.2.0.2.20041024230022.02d16c40@localhost> <6.1.2.0.2.20041025203923.02d16f38@localhost> Message-ID: <20041026055905.88507.qmail@suspicious.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Mon, 25 Oct 2004, Per Tunedal Casual wrote: > I thought once more about this :-) It's hard enough to put up a > passphrase that matches an 128 bit-key. The hash, if any, doesn't > matter, because it can hardly decrease the strength of the passphrase,. > > Thus any cipher with a key longer than 128-bits is overkill when you > encrypt symmetrically. Right? =================== i have several passphrases that are 20+ characters. 22 characters of uppercase, lowercase, numbers and spaces is *stronger* than 128 bit. that's not counting the full range of characters that can be used... assuming that 95 characters are generally suitable (read: safe) for use in passphrases, it only takes a theoretical 19.5 characters to equal 128 bits and 39 characters to hit 256 bits. such passphrases may not be suitable for all applications, but they're not entirely ridiculous. IMHO it's posible to come up with passwords that are that long, easy to remember and strong. AFAIK, the session key used for symmetric encryption is derived from the user supplied passphrase, then salted and iterated (this may have changed recently). if symmetric and asymmetric encryption is used then the session key is derived in the usual random way. - -- ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "I am committed to helping Ohio deliver its electoral votes to the president [Bush] next year" -- Walden O'Dell, CEO of Diebold August 2003 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBfeeeAAoJEAx/d+cTpVciXBAH+gJV5OlrMU4xsj3Z9S7M2zfl 3k2VZEjleORrdj0uAvOeSItGsQG3T/kvhWCUSEpEH02QEk9zkf32JyGJ/64sjMlH p0Xqrr4WuWiChOOS9fm4p47cywNJICYgCK9yqhMSLiByzEeJzDt5KtOlfEYaatRP GJlfxNFKlLVEl+C9kzbTCTmgGJvpM8Hgp2ec+XuTleADjI0H4Nf5iJpvREdY8CQF 6j5ZBwHfNdK9aBjTbZKtEImrV497bcFnTVd1kvwsK1HV6hmy3O/U85MsNF4hwFVa quC+87Sn6zyx1IRiSDot1KUfHKpLQQDU+ZmYetkj2u3kV8tOqJGdhuQKm3QzNlc= =+knf -----END PGP SIGNATURE----- From mamta.mehra at us.ing.com Mon Oct 25 15:59:28 2004 From: mamta.mehra at us.ing.com (Mamta Mehra) Date: Tue Oct 26 08:57:50 2004 Subject: gpg: fatal: can't open /dev/urandom on AIX 5.2 Message-ID: We are implementing GnuPGP 1.2.1 on AIX 5.2. when we try to creating the PGP keys, we are getting following error: gpg: fatal: can't open /dev/urandom: Our Unix team have verified the access to /dev/urandom device from user. Alternatively, we have also failed to create GPG keys when running as Unix root user. Looking forward for help. Regards, Mamta Mehra ING AMERICAS - Technology Management Office ------------------------------------------------------------------------------ NOTICE: The information contained in this electronic mail message is confidential and intended only for certain recipients. If you are not an intended recipient, you are hereby notified that any disclosure, reproduction, distribution or other use of this communication and any attachments is strictly prohibited. If you have received this communication in error, please notify the sender by reply transmission and delete the message without copying or disclosing it. ============================================================================== From wk at gnupg.org Tue Oct 26 11:23:14 2004 From: wk at gnupg.org (Werner Koch) Date: Tue Oct 26 11:35:15 2004 Subject: gpg: fatal: can't open /dev/urandom on AIX 5.2 In-Reply-To: (Mamta Mehra's message of "Mon, 25 Oct 2004 08:59:28 -0500") References: Message-ID: <87r7nlltod.fsf@wheatstone.g10code.de> On Mon, 25 Oct 2004 08:59:28 -0500, Mamta Mehra said: > PGP keys, we are getting following error: > gpg: fatal: can't open /dev/urandom: Are you sure that you did not miss the end of the line? It should show the actual error message. You should also update to the latest gpg version which is 1.2.6; there are some fixes for AIX in it. > Our Unix team have verified the access to /dev/urandom device from > user. Are the permissions of /dev/urandom correct? Shalom-Salam, Werner From wk at gnupg.org Tue Oct 26 11:18:37 2004 From: wk at gnupg.org (Werner Koch) Date: Tue Oct 26 11:36:01 2004 Subject: make: *** [install-recursive] Error 1 In-Reply-To: <20041026030902.79948.qmail@web52501.mail.yahoo.com> (Servie Platon's message of "Mon, 25 Oct 2004 20:09:02 -0700 (PDT)") References: <20041026030902.79948.qmail@web52501.mail.yahoo.com> Message-ID: <87vfcxltw2.fsf@wheatstone.g10code.de> On Mon, 25 Oct 2004 20:09:02 -0700 (PDT), Servie Platon said: > I got an error message as shown above after I issued > the command make install at my home directory You should us tell a little bit more than just the last line of a long bulk of output. Usually 30 from the end of the run are sufficient but it might need more. There should be at least the real error visible and not just the one from make. We also need to know, how you invoked configure. Werner From pt at radvis.nu Tue Oct 26 13:24:26 2004 From: pt at radvis.nu (Per Tunedal Casual) Date: Tue Oct 26 13:19:20 2004 Subject: Symmetric encryption In-Reply-To: <20041026055905.88507.qmail@suspicious.org> References: <6.1.2.0.2.20041024230022.02d16c40@localhost> <6.1.2.0.2.20041025203923.02d16f38@localhost> <20041026055905.88507.qmail@suspicious.org> Message-ID: <6.1.2.0.2.20041026131522.02d17060@localhost> At 07:58 2004-10-26, you wrote: >On Mon, 25 Oct 2004, Per Tunedal Casual wrote: > >> I thought once more about this :-) It's hard enough to put up a >> passphrase that matches an 128 bit-key. The hash, if any, doesn't >> matter, because it can hardly decrease the strength of the passphrase,. >> >> Thus any cipher with a key longer than 128-bits is overkill when you >> encrypt symmetrically. Right? >=================== > >i have several passphrases that are 20+ characters. 22 characters of >uppercase, lowercase, numbers and spaces is *stronger* than 128 bit. > >that's not counting the full range of characters that can be used... >assuming that 95 characters are generally suitable (read: safe) for use in >passphrases, it only takes a theoretical 19.5 characters to equal 128 bits >and 39 characters to hit 256 bits. such passphrases may not be suitable >for all applications, but they're not entirely ridiculous. IMHO it's >posible to come up with passwords that are that long, easy to remember and >strong. > >AFAIK, the session key used for symmetric encryption is derived from the >user supplied passphrase, then salted and iterated (this may have changed >recently). if symmetric and asymmetric encryption is used then the session >key is derived in the usual random way. > > >- -- > ...atom > In that case it's important to know how the session key for symmetric encryption is derived from the passphrase. If hashing with SHA-1 i used that will set the limit to 160 bits. In that case AES192 would be appropriate - only 32 bits wasted :-). AES256 or TWOFISH would be ridiculous, wouldn't it? Per Tunedal From mamta.mehra at us.ing.com Tue Oct 26 14:54:50 2004 From: mamta.mehra at us.ing.com (Mamta Mehra) Date: Tue Oct 26 15:04:15 2004 Subject: gpg: fatal: can't open /dev/urandom on AIX 5.2 Message-ID: Its open to world in other word yes it has the correct permission. We also try to create the keys using root userID but still getting same error. Thanks Mamta Mehra Werner Koch To: Mamta Mehra/US/AMERICAS@AMERICAS cc: gnupg-users@gnupg.org 10/26/2004 04:23 Subject: Re: gpg: fatal: can't open /dev/urandom on AIX 5.2 AM On Mon, 25 Oct 2004 08:59:28 -0500, Mamta Mehra said: > PGP keys, we are getting following error: > gpg: fatal: can't open /dev/urandom: Are you sure that you did not miss the end of the line? It should show the actual error message. You should also update to the latest gpg version which is 1.2.6; there are some fixes for AIX in it. > Our Unix team have verified the access to /dev/urandom device from > user. Are the permissions of /dev/urandom correct? Shalom-Salam, Werner ------------------------------------------------------------------------------ NOTICE: The information contained in this electronic mail message is confidential and intended only for certain recipients. If you are not an intended recipient, you are hereby notified that any disclosure, reproduction, distribution or other use of this communication and any attachments is strictly prohibited. If you have received this communication in error, please notify the sender by reply transmission and delete the message without copying or disclosing it. ============================================================================== From kairaven at arcor.de Tue Oct 26 17:57:30 2004 From: kairaven at arcor.de (Kai Raven) Date: Tue Oct 26 17:58:09 2004 Subject: No sig-notation with 1.3.91? Message-ID: <20041026175730.43d6e586@matrix.localdomain.intern> Hi, i tried to test sig-notation with GnuPG 1.3.91 together with a new DSA key and had added sig-notation signotation@test="Signature Notation Test" in the gpg.conf. GnuPG complains with: "notations cannot be inscribed on a v3 (PGP2.x-like) key" -- Ciao Kai WWW: http://kai.iks-jena.de/ Blog: http://rabenhorst.blogg.de/ GnuPG-Key: 0xD6E995A0 Jabber: kraven@jabber.ccc.de -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 853 bytes Desc: not available Url : /pipermail/attachments/20041026/65f1cd10/attachment.bin From servie_tech at yahoo.com Tue Oct 26 18:46:42 2004 From: servie_tech at yahoo.com (Servie Platon) Date: Tue Oct 26 18:45:02 2004 Subject: make: *** [install-recursive] Error 1 In-Reply-To: <87vfcxltw2.fsf@wheatstone.g10code.de> Message-ID: <20041026164642.87836.qmail@web52504.mail.yahoo.com> Hi Mr. Koch, Sorry if I just replied now. Anyways, I dug a little bit further by doing make install as root or shall I say did a su at the console and everything turned out fine. For the most part, if one is logged in as ordinary user and not root, we are almost certain that this error would come up or unless otherwise? This could be due to directory permissions which are in place that simply disallows me to write on it. Anyways, appreciate the the reply by gnupg gurus willing to help. I now, have a running development version 1.3.91 of gnupg.... Thanks again.... Thank you very much Sir. Sincerely, Servie --- Werner Koch wrote: > On Mon, 25 Oct 2004 20:09:02 -0700 (PDT), Servie > Platon said: > > > I got an error message as shown above after I > issued > > the command make install at my home directory > > You should us tell a little bit more than just the > last line of a long > bulk of output. Usually 30 from the end of the run > are sufficient but > it might need more. There should be at least the > real error visible > and not just the one from make. We also need to > know, how you invoked > configure. > > Werner > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > ===== Sincerely, Servie Platon __________________________________ Do you Yahoo!? Yahoo! Mail - You care about security. So do we. http://promotions.yahoo.com/new_mail From chd at chud.net Tue Oct 26 20:36:37 2004 From: chd at chud.net (Chris De Young) Date: Tue Oct 26 21:25:23 2004 Subject: Passphrase entropy (was Re: Symmetric encryption) In-Reply-To: <20041026055905.88507.qmail@suspicious.org> References: <6.1.2.0.2.20041024230022.02d16c40@localhost> <6.1.2.0.2.20041025203923.02d16f38@localhost> <20041026055905.88507.qmail@suspicious.org> Message-ID: <20041026183637.GC9613@dionysus.chud.net> > i have several passphrases that are 20+ characters. 22 characters of > uppercase, lowercase, numbers and spaces is *stronger* than 128 bit. > > that's not counting the full range of characters that can be used... > assuming that 95 characters are generally suitable (read: safe) for use in > passphrases, it only takes a theoretical 19.5 characters to equal 128 bits > and 39 characters to hit 256 bits. How does that work? (Ok, this is probably a dumb question, but...) I had thought that English has only somewhere around 1.5 bits worth of entropy per character. A passphrase certainly could have more than that because it's not necessarily real English, uses a wider character set, and so on... is that difference really enough? 19.5 8-bit characters is 156 bits; that seems (intuitively, which granted can be misleading) to be getting closer to real randomness than a passphrase would allow. At least, any passphrase that someone could remember. :-) It's only 3.5 characters longer than 128 bits, after all. Cheers, Chris -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20041026/9ff8fe7a/attachment.bin From rmalayter at bai.org Tue Oct 26 21:51:21 2004 From: rmalayter at bai.org (Ryan Malayter) Date: Tue Oct 26 21:48:20 2004 Subject: Passphrase entropy (was Re: Symmetric encryption) Message-ID: <792DE28E91F6EA42B4663AE761C41C2A03164A74@cliff.bai.org> [Chris De Young] > I had thought that English has only somewhere around 1.5 bits worth of > entropy per character. A passphrase certainly could have more than > that because it's not necessarily real English, uses a wider character > set, and so on... is that difference really enough? 19.5 8-bit > characters is 156 bits; that seems (intuitively, which granted can be > misleading) to be getting closer to real randomness than a passphrase > would allow. At least, any passphrase that someone could > remember. :-) It's only 3.5 characters longer than 128 bits, after > all. There are 95 "printable" characters on a US keyboard, including the space character. (We dumb Americans can't deal with those crazy accented characters.) 95 ~= 2^6.57 So we have 6.57 bits of entropy per character, assuming we select or characters totally randomly. 128/6.57 ~= 19.48 So we need 19.5 characters to get 128 bits of entropy in our pass phrase. Since you can't enter half-characters, you really need a 20 character pass phrase. Any non-randomness you add to the process (using real words, using the first letters of each word from a sentence, for example) severely decreases the amount of entropy per character. English prose has about 1.5 bits of entropy per character, which means you'd need an 86-character pass phrase of English text to get 128 bits of entropy. That's a lot to remember. Incidentally, the entropy of English text has usually been calculated by its compressibility. The very best arithmetic compression algorithms (e.g. PPM) will compress a large body of English text down to about 20% of its original size. 8 * 0.2 = 1.6, which is why we frequently see the "1.5 bits per character" entropy number for English. Regards, Ryan From kairaven at arcor.de Tue Oct 26 21:57:28 2004 From: kairaven at arcor.de (Kai Raven) Date: Tue Oct 26 22:04:13 2004 Subject: sig-keyserver-url with 1.3.91 Message-ID: <20041026215728.6d646467@matrix.localdomain.intern> Hi, added sig-keyserver-url hkp://sks.keyserver.penguin.de in gpg.conf. Is it right, that i have to add no-force-v3-sigs too, but than no PGP 5 - 7 user can verify my signatures? Because without no-force-v3-sigs, GnuPG complains "can't put a preferred keyserver URL into v3 signatures." With no-force-v3-sigs, the option sig-notation works too, but the notation doesn't appear with gpg --verify --list-options show-notations. -- Ciao Kai WWW: http://kai.iks-jena.de/ Blog: http://rabenhorst.blogg.de/ GnuPG-Key: 0xD6E995A0 Jabber: kraven@jabber.ccc.de -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 975 bytes Desc: not available Url : /pipermail/attachments/20041026/26ab8b71/attachment.bin From rmalayter at bai.org Tue Oct 26 21:55:37 2004 From: rmalayter at bai.org (Ryan Malayter) Date: Tue Oct 26 22:05:26 2004 Subject: Passphrase entropy (was Re: Symmetric encryption) Message-ID: <792DE28E91F6EA42B4663AE761C41C2A03164A77@cliff.bai.org> Here's a link to a very good paper about calculating the entropy of English text: http://tinyurl.com/3n6ax From kairaven at arcor.de Tue Oct 26 22:54:11 2004 From: kairaven at arcor.de (Kai Raven) Date: Tue Oct 26 22:53:06 2004 Subject: sig-keyserver-url with 1.3.91 In-Reply-To: <20041026215728.6d646467@matrix.localdomain.intern> References: <20041026215728.6d646467@matrix.localdomain.intern> Message-ID: <20041026225411.4d381fdc@matrix.localdomain.intern> Hi, On Tue, 26 Oct 2004 21:57:28 +0200 you wrote: > but the > notation doesn't appear with gpg --verify --list-options > show-notations. sorry, i have missed --verify-options. -- Ciao Kai WWW: http://kai.iks-jena.de/ Blog: http://rabenhorst.blogg.de/ GnuPG-Key: 0xD6E995A0 Jabber: kraven@jabber.ccc.de -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 979 bytes Desc: not available Url : /pipermail/attachments/20041026/664a2ed6/attachment-0001.bin From vedaal at hush.com Tue Oct 26 23:53:09 2004 From: vedaal at hush.com (vedaal@hush.com) Date: Tue Oct 26 23:50:44 2004 Subject: Passphrase entropy (was Re: Symmetric encryption) Message-ID: <200410262153.i9QLr9U2094429@mailserver2.hushmail.com> >Message: 6 >Date: Tue, 26 Oct 2004 14:51:21 -0500 >From: "Ryan Malayter" >Subject: RE: Passphrase entropy (was Re: Symmetric encryption) >To: >Message-ID: <792DE28E91F6EA42B4663AE761C41C2A03164A74@cliff.bai.org> >Content-Type: text/plain; charset="us-ascii" [...] >So we need 19.5 characters to get 128 bits of entropy in our pass >phrase. Since you can't enter half-characters, you really need a >20 >character pass phrase. > >Any non-randomness you add to the process (using real words, using >the >first letters of each word from a sentence, for example) severely >decreases the amount of entropy per character. English prose has >about >1.5 bits of entropy per character, which means you'd need an >86-character pass phrase of English text to get 128 bits of entropy. >That's a lot to remember. alternatively, a 10 word diceware passphrase (40 -50 characters)has about the same security as a 128 bit symmetrical cipher, and a 20 word diceware passphrase (80 -100 characters), would correspond to a 256 bit cipher there are 7776 words in the diceware (english) list (btw, AGR will gladly post links on his page to anyone who wants to provide non-english equivalent diceware lists) estimate this as 8000, or (2^3)(10^3) and as 2^10 (1024) approx. = (10^3), so, further approximate this as (2^13), (2^128) approx. = 2^(13 x 10) (2^256) approx. = 2^(13 x 20) the diceware passphrases are random, and not difficult to remember, (but may be difficult to type accurately from the commandline, when you can't see what you're typing and where you're holding ;-) ) vedaal Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 From zwon at severodvinsk.ru Tue Oct 26 23:50:00 2004 From: zwon at severodvinsk.ru (Pawel Shajdo) Date: Tue Oct 26 23:51:53 2004 Subject: Symmetric encryption In-Reply-To: <6.1.2.0.2.20041026131522.02d17060@localhost> References: <6.1.2.0.2.20041024230022.02d16c40@localhost> <6.1.2.0.2.20041025203923.02d16f38@localhost> <20041026055905.88507.qmail@suspicious.org> <6.1.2.0.2.20041026131522.02d17060@localhost> Message-ID: <20041026215000.GA1410@sky.schizandra.ru> On Tue, Oct 26, 2004 at 01:24:26PM +0200, Per Tunedal Casual wrote: > In that case it's important to know how the session key for symmetric > encryption is derived from the passphrase. If hashing with SHA-1 i used > that will set the limit to 160 bits. No. See RFC2440 section 3.6 for description > > In that case AES192 would be appropriate - only 32 bits wasted :-). AES256 > or TWOFISH would be ridiculous, wouldn't it? > > Per Tunedal -- Pawel Shajdo From vedaal at hush.com Tue Oct 26 23:53:09 2004 From: vedaal at hush.com (vedaal@hush.com) Date: Wed Oct 27 00:18:41 2004 Subject: Passphrase entropy (was Re: Symmetric encryption) Message-ID: <200410262153.i9QLr9U2094429@mailserver2.hushmail.com> >Message: 6 >Date: Tue, 26 Oct 2004 14:51:21 -0500 >From: "Ryan Malayter" >Subject: RE: Passphrase entropy (was Re: Symmetric encryption) >To: >Message-ID: <792DE28E91F6EA42B4663AE761C41C2A03164A74@cliff.bai.org> >Content-Type: text/plain; charset="us-ascii" [...] >So we need 19.5 characters to get 128 bits of entropy in our pass >phrase. Since you can't enter half-characters, you really need a >20 >character pass phrase. > >Any non-randomness you add to the process (using real words, using >the >first letters of each word from a sentence, for example) severely >decreases the amount of entropy per character. English prose has >about >1.5 bits of entropy per character, which means you'd need an >86-character pass phrase of English text to get 128 bits of entropy. >That's a lot to remember. alternatively, a 10 word diceware passphrase (40 -50 characters)has about the same security as a 128 bit symmetrical cipher, and a 20 word diceware passphrase (80 -100 characters), would correspond to a 256 bit cipher there are 7776 words in the diceware (english) list (btw, AGR will gladly post links on his page to anyone who wants to provide non-english equivalent diceware lists) estimate this as 8000, or (2^3)(10^3) and as 2^10 (1024) approx. = (10^3), so, further approximate this as (2^13), (2^128) approx. = 2^(13 x 10) (2^256) approx. = 2^(13 x 20) the diceware passphrases are random, and not difficult to remember, (but may be difficult to type accurately from the commandline, when you can't see what you're typing and where you're holding ;-) ) vedaal Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 From pt at radvis.nu Wed Oct 27 13:53:43 2004 From: pt at radvis.nu (Per Tunedal Casual) Date: Wed Oct 27 13:49:03 2004 Subject: Symmetric encryption In-Reply-To: <20041026215000.GA1410@sky.schizandra.ru> References: <6.1.2.0.2.20041024230022.02d16c40@localhost> <6.1.2.0.2.20041025203923.02d16f38@localhost> <20041026055905.88507.qmail@suspicious.org> <6.1.2.0.2.20041026131522.02d17060@localhost> <20041026215000.GA1410@sky.schizandra.ru> Message-ID: <6.1.2.0.2.20041027134404.02d171b8@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 23:50 2004-10-26, you wrote: >On Tue, Oct 26, 2004 at 01:24:26PM +0200, Per Tunedal Casual wrote: >> In that case it's important to know how the session key for >> symmetric >> encryption is derived from the passphrase. If hashing with SHA-1 i >> used >> that will set the limit to 160 bits. >No. See RFC2440 section 3.6 for description >> >> In that case AES192 would be appropriate - only 32 bits wasted :-). >> AES256 >> or TWOFISH would be ridiculous, wouldn't it? >> >> Per Tunedal > >-- > Pawel Shajdo > I read http://sunsite.icm.edu.pl/gnupg/rfc2440-3.html today. As far as I can understand the key used for symmetric encryption is derived from the user supplied passphrase by hashing it (+ salting and maybe iterating it). Thus the hash sets the limit. I suppose SHA-1 is used. Then we will have 160 true bits. A key-length of e.g. 256 bits would be overkill. Per Tunedal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) Comment: Vad ?r en PGP-signatur? www.clipanish.com/PGP/pgp.html iD8DBQFBf4wuaDDfzFT+2PIRAoK0AKCQLzMzfvumFr2gIoz9Dp++UD4SJQCdFVP1 3U9N4crA96vw7f06nTPLOhk= =M1rX -----END PGP SIGNATURE----- From sebastian at karotte.org Wed Oct 27 14:03:12 2004 From: sebastian at karotte.org (Sebastian Wiesinger) Date: Wed Oct 27 13:59:46 2004 Subject: setpref syntax Message-ID: <20041027120312.GA17300@data.fire-world.de> Hi, perhaps I'm blind but is there a way to get a list of *all* the "S1 S2 Z3" etc. keywords mapped to the actual cipher/algo names? Regards, Sebastian -- GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20) Wehret den Anfaengen: http://odem.org/informationsfreiheit/ Thunder rolled. ... It rolled a six. --Terry Pratchett, Guards! Guards! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 283 bytes Desc: Digital signature Url : /pipermail/attachments/20041027/069ce71c/attachment.bin From dshaw at jabberwocky.com Wed Oct 27 14:14:57 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Oct 27 14:12:19 2004 Subject: setpref syntax In-Reply-To: <20041027120312.GA17300@data.fire-world.de> References: <20041027120312.GA17300@data.fire-world.de> Message-ID: <20041027121457.GE16310@jabberwocky.com> On Wed, Oct 27, 2004 at 02:03:12PM +0200, Sebastian Wiesinger wrote: > Hi, > > perhaps I'm blind but is there a way to get a list of *all* the "S1 S2 > Z3" etc. keywords mapped to the actual cipher/algo names? gpg -v --version But note that in 1.4, you don't need to use "S1 S2 Z3" any longer since it understands "IDEA, 3DES, BZIP2". David From sebastian at karotte.org Wed Oct 27 14:28:21 2004 From: sebastian at karotte.org (Sebastian Wiesinger) Date: Wed Oct 27 14:24:52 2004 Subject: setpref syntax In-Reply-To: <20041027121457.GE16310@jabberwocky.com> References: <20041027120312.GA17300@data.fire-world.de> <20041027121457.GE16310@jabberwocky.com> Message-ID: <20041027122820.GB17300@data.fire-world.de> * David Shaw [2004-10-27 14:19]: > On Wed, Oct 27, 2004 at 02:03:12PM +0200, Sebastian Wiesinger wrote: > > Hi, > > > > perhaps I'm blind but is there a way to get a list of *all* the "S1 S2 > > Z3" etc. keywords mapped to the actual cipher/algo names? > > gpg -v --version Ah ok, I tried gpg --version -v, that didn't work. :) > But note that in 1.4, you don't need to use "S1 S2 Z3" any longer > since it understands "IDEA, 3DES, BZIP2". Great. Thanks for your answers. Sebastian -- GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20) Wehret den Anfaengen: http://odem.org/informationsfreiheit/ Thunder rolled. ... It rolled a six. --Terry Pratchett, Guards! Guards! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 283 bytes Desc: Digital signature Url : /pipermail/attachments/20041027/4b2b74bb/attachment.bin From vedaal at hush.com Wed Oct 27 21:13:47 2004 From: vedaal at hush.com (vedaal@hush.com) Date: Wed Oct 27 21:10:26 2004 Subject: setpref syntax Message-ID: <200410271913.i9RJDm0d003861@mailserver2.hushmail.com> Sebastian Wiesinger sebastian at karotte.org wrote: > Ah ok, I tried gpg --version -v, that didn't work. :) maybe in 1.4 one -v is enough, but in 1.3.x it needs verbose twice: C:\GNUPG>gpg -v -v --version gpg (GnuPG) 1.3.6 NOTE: THIS IS A DEVELOPMENT VERSION! It is only intended for test purposes and should NOT be used in a production environment or with production keys! Copyright (C) 2004 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: IDEA (S1), 3DES (S2), CAST5 (S3), BLOWFISH (S4), AES (S7), AES192 (S8), AES256 (S9), TWOFISH (S10) Hash: MD5 (H1), SHA1 (H2), RIPEMD160 (H3), SHA256 (H8), SHA384 (H9), SHA512 (H10) Compression: Uncompressed (Z0), ZIP (Z1), ZLIB (Z2) vedaal Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 From vedaal at hush.com Wed Oct 27 22:30:49 2004 From: vedaal at hush.com (vedaal@hush.com) Date: Wed Oct 27 22:27:38 2004 Subject: setpref syntax // my mistake ;-( // one -v enough Message-ID: <200410272030.i9RKUnwH028559@mailserver2.hushmail.com> - wrote >maybe in 1.4 one -v is enough, >but in 1.3.x it needs verbose twice: works fine with: gpg -v --version must have typed it wrong the first time, sorry, vedaal Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 From hmujtaba at forumsys.com Thu Oct 28 00:18:06 2004 From: hmujtaba at forumsys.com (Hasnain Mujtaba) Date: Thu Oct 28 00:15:16 2004 Subject: PGP5 and v4 GPG keys Message-ID: <4DCE15B9C4E66F4CA967EBF64C53D64D67B3BD@bstn-exch1.forumsys.com> Hello, I read in an old GPG archives message (dated 2000) that PGP5.x cannot encrypt a message using a GPG v4 public key. RFC2440 says something about PGP5 not being able to properly encrypt to RSA v4 keys. Are these two issues related? Can anyone shed light on this problem. Why is PGP 5 picky about RSA v4 keys? Thanks Hasnain. ---- The information contained in this electronic mail and any attached document is the confidential and proprietary business information of Forum Systems, Inc. It is intended solely for the addressed recipient listed above. It may not be distributed in any manner without the express written consent of Forum Systems, Inc. From dshaw at jabberwocky.com Thu Oct 28 00:33:51 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Thu Oct 28 00:31:12 2004 Subject: PGP5 and v4 GPG keys In-Reply-To: <4DCE15B9C4E66F4CA967EBF64C53D64D67B3BD@bstn-exch1.forumsys.com> References: <4DCE15B9C4E66F4CA967EBF64C53D64D67B3BD@bstn-exch1.forumsys.com> Message-ID: <20041027223351.GA18931@jabberwocky.com> On Wed, Oct 27, 2004 at 06:18:06PM -0400, Hasnain Mujtaba wrote: > Hello, > > I read in an old GPG archives message (dated 2000) that PGP5.x cannot > encrypt a message using a GPG v4 public key. RFC2440 says something > about PGP5 not being able to properly encrypt to RSA v4 keys. Are these > two issues related? > > Can anyone shed light on this problem. Why is PGP 5 picky about RSA v4 > keys? PGP 5 predates OpenPGP, and as such is not OpenPGP compatible. GnuPG is OpenPGP. It's a miracle they communicate at all. David From hmujtaba at forumsys.com Thu Oct 28 02:24:25 2004 From: hmujtaba at forumsys.com (Hasnain Mujtaba) Date: Thu Oct 28 02:21:34 2004 Subject: PGP5 and v4 GPG keys Message-ID: <4DCE15B9C4E66F4CA967EBF64C53D64D19043E@bstn-exch1.forumsys.com> Thanks for the response David. I am having some problems with v4 RSA keys. I have an RSA keypair generated by an open source tool. I can load it into GPG 1.2.4 using the command: gpg --allow-secret-key-import --import. I can then use GPG to encrypt a file using the keypair. But when I give GPG the encrypted file to decrypt, I see the following message: gpg: public key decryption failed: wrong secret key used gpg: decryption failed: secret key not available. The key pair is attached. The password is password. Would it be possible for you to run an encrypt/decrypt test with this keypair to see if you can reproduce this error? Thanks much. Hasnain. -----Original Message----- From: gnupg-users-bounces@gnupg.org [mailto:gnupg-users-bounces@gnupg.org] On Behalf Of David Shaw Sent: Wednesday, October 27, 2004 6:34 PM To: gnupg-users@gnupg.org Subject: Re: PGP5 and v4 GPG keys On Wed, Oct 27, 2004 at 06:18:06PM -0400, Hasnain Mujtaba wrote: > Hello, > > I read in an old GPG archives message (dated 2000) that PGP5.x cannot > encrypt a message using a GPG v4 public key. RFC2440 says something > about PGP5 not being able to properly encrypt to RSA v4 keys. Are these > two issues related? > > Can anyone shed light on this problem. Why is PGP 5 picky about RSA v4 > keys? PGP 5 predates OpenPGP, and as such is not OpenPGP compatible. GnuPG is OpenPGP. It's a miracle they communicate at all. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -------------- next part -------------- A non-text attachment was scrubbed... Name: RSA-3-3-36.asc Type: application/octet-stream Size: 3002 bytes Desc: RSA-3-3-36.asc Url : /pipermail/attachments/20041027/62a3cd3a/RSA-3-3-36.exe From dshaw at jabberwocky.com Thu Oct 28 04:31:50 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Thu Oct 28 04:29:11 2004 Subject: PGP5 and v4 GPG keys In-Reply-To: <4DCE15B9C4E66F4CA967EBF64C53D64D19043E@bstn-exch1.forumsys.com> References: <4DCE15B9C4E66F4CA967EBF64C53D64D19043E@bstn-exch1.forumsys.com> Message-ID: <20041028023150.GB21155@jabberwocky.com> On Wed, Oct 27, 2004 at 08:24:25PM -0400, Hasnain Mujtaba wrote: > Thanks for the response David. I am having some problems with v4 RSA > keys. I have an RSA keypair generated by an open source tool. I can load > it into GPG 1.2.4 using the command: gpg --allow-secret-key-import > --import. I can then use GPG to encrypt a file using the keypair. But > when I give GPG the encrypted file to decrypt, I see the following > message: > > gpg: public key decryption failed: wrong secret key used > gpg: decryption failed: secret key not available. > > The key pair is attached. The password is password. Would it be possible > for you to run an encrypt/decrypt test with this keypair to see if you > can reproduce this error? That key is broken. As a guess, it seems that the private half is not really the private half for the public key. Corrupt, perhaps. David From wk at gnupg.org Thu Oct 28 12:42:14 2004 From: wk at gnupg.org (Werner Koch) Date: Thu Oct 28 13:12:09 2004 Subject: [Announce] GnuPG 1.3.92 released (development) Message-ID: <873bzzdszd.fsf@wheatstone.g10code.de> Skipped content of type multipart/signed-------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From wk at gnupg.org Thu Oct 28 14:30:58 2004 From: wk at gnupg.org (Werner Koch) Date: Thu Oct 28 14:43:31 2004 Subject: [Announce] GnuPG 1.3.92 released (development) Message-ID: <87d5z3c9dp.fsf@wheatstone.g10code.de> [Obviously Mailman broke the PGP/MIME signature again. Therefore I see no other way than to repost it using the plain old clear sign format] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello! The latest release from the development branch of GnuPG is ready for public consumption. This is a branch to create what will extremely soon become the new stable release of GnuPG 1.4. We strongly encourage people to try this development release and report any feedback or problems to gnupg-devel@gnupg.org. If you have been waiting until the 1.4 release is imminent before trying the code, that time is now. The files are available from: Gzipped: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.92.tar.gz (3.8M) ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.92.tar.gz.sig Bzip2ed: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.92.tar.bz2 (2.6M) ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.92.tar.bz2.sig or as a patch against the 1.3.91 source: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.92-1.3.92.diff.gz (602k) MD5 checksums for the files are: 285789af00856a12354fd3d967cf61b4 gnupg-1.3.92.tar.gz bc9ee1f97d22dc727a00dfbfe2ebbf5e gnupg-1.3.92.tar.bz2 4ea581339dcf46cd8c21d928d4f9b759 gnupg-1.3.91-1.3.92.diff.gz SHA1 checksums for the files are: e03bb8d584fcf6c2a4567027012ce8012d6f85ec gnupg-1.3.92.tar.gz e208f9db3fcab4b0c9afc089b6eff49a739289dc gnupg-1.3.92.tar.bz2 620f045f49d02f210edb95e3f2c6f9a42b72632c gnupg-1.3.91-1.3.92.diff.gz A compiled version for MS Windows is available: ftp://ftp.gnupg.org/gcrypt/alpha/binary/gnupg-w32cli-1.3.92.zip (1.5M) ftp://ftp.gnupg.org/gcrypt/alpha/binary/gnupg-w32cli-1.3.92.zip.sig For proper internationalization you should have the GNU iconv.dll installed. For convenience we make this DLL available at: ftp://ftp.gnupg.org/gcrypt/binary/libiconv-1.9.1.dll.zip (644k) ftp://ftp.gnupg.org/gcrypt/binary/libiconv-1.9.1.dll.zip.sig MD5 checksums for the files are: a5967c5b466e7fb3cf176a30623f55bd gnupg-w32cli-1.3.92.zip f3582d28862c539d2f655ade5e141f2f libiconv-1.9.1.dll.zip Noteworthy changes in version 1.3.92 (2004-10-28) - ------------------------------------------------- * Added Russian man page. Thanks to Pawel I. Shajdo. * libiconv is now used to support other character sets other than UTF-8, Latin-1,-2 and KOI8-2. The W32 version will only work correctly when iconv.dll is installed on the system. A binary version is available at all GNU mirror sites under libiconv. * gettext for Windows has been simplified. The MO files are now distributed UTF-8 encoded and gpg translates on the fly. Enjoy! The GnuPG team (David, Stefan, Timo and Werner) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.92 (GNU/Linux) iEYEARECAAYFAkGA5cYACgkQYHhOlAEKV+3tHACfVCC7nAQBcaFseqI/F5onSnDT wccAn0RofBK6+v2cDHt3NrL6iojgaY5+ =OtpX -----END PGP SIGNATURE----- _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From zuxy.meng at gmail.com Thu Oct 28 18:29:53 2004 From: zuxy.meng at gmail.com (Zuxy) Date: Thu Oct 28 18:26:59 2004 Subject: [Announce] GnuPG 1.3.92 released (development) In-Reply-To: <87d5z3c9dp.fsf@wheatstone.g10code.de> References: <87d5z3c9dp.fsf@wheatstone.g10code.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Bravo! Many many thanks on behalf of CJK users! On Thu, 28 Oct 2004 14:30:58 +0200, Werner Koch wrote: > > Noteworthy changes in version 1.3.92 (2004-10-28) > - ------------------------------------------------- > > * Added Russian man page. Thanks to Pawel I. Shajdo. > > * libiconv is now used to support other character sets other than > UTF-8, Latin-1,-2 and KOI8-2. The W32 version will only work > correctly when iconv.dll is installed on the system. A binary > version is available at all GNU mirror sites under libiconv. > > * gettext for Windows has been simplified. The MO files are now > distributed UTF-8 encoded and gpg translates on the fly. > > Enjoy! BTW: Why not add BZIP support to Win32 binaries? - -- Zuxy Beauty is truth, While truth is beauty. PGP KeyID: E8555ED6 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.92 (MingW32) iGMEAREDACMFAkGBHlUFgwB2pwAWGGhrcDovL3N1YmtleXMucGdwLm5ldAAKCRDv AMJ46FVe1t5CAJ0RYba+FzIhaOF4tbTankn0h4/xxACfcgbLshKxh/KNnhE0Aeyp 450S3Dc= =y2FM -----END PGP SIGNATURE----- From zuxy.meng at gmail.com Thu Oct 28 19:15:26 2004 From: zuxy.meng at gmail.com (Zuxy) Date: Thu Oct 28 19:12:26 2004 Subject: [Announce] GnuPG 1.3.91 released (development) In-Reply-To: <20041024010844.81863.qmail@web52509.mail.yahoo.com> References: <20041024010844.81863.qmail@web52509.mail.yahoo.com> Message-ID: On Sat, 23 Oct 2004 18:08:44 -0700 (PDT), Servie Platon wrote: > Hi Zuky, > > Thank you for the suggestion earlier. > > I have extracted the the gnupg binaries into the > folder and it worked! This means I don't have to go > through the second option in the first place. Thanks a > lot! Now, you can try the official Win32 build of 1.3.92. > However, I still have another problem. Is there a way > to automatically sign all outgoing email messages with > my public keys using mozilla thunderbird for my work > email: servie@admar-group.com and personal email: > servie_tech@yahoo.com? I'm sorry but under Linux I use Evolution only, simply because it can handle everything include what you want here.:-) > I have read and searched in google that to do this, we > need to make a signature file and configure > thunderbird or yahoo to open that file whenever you > make new mail messages, we get a signed email? No, definitely not in this way. A common signature tailing the body is different from a digital signature generated by GnuPG. > Is this the only way to do this? Any thoughts on this > from you or from anyone else in this group would > definitely be appreciated. I guess you'll need a plugin called Enigmail. Refer to this page: http://www.bretschneidernet.de/tips/secmua.html -- Zuxy Beauty is truth, While truth is beauty. PGP KeyID: E8555ED6 From cwheat at azumano.com Thu Oct 28 19:58:54 2004 From: cwheat at azumano.com (Chris Wheat) Date: Thu Oct 28 19:55:54 2004 Subject: Cipher Strenth Message-ID: Hello, How can you determine the cipher strengh of the file encrypted by gnupg? (56, 128, 256) I am trying to figure out how secure the message I encrypt really are. Many Thanks, Chris Wheat From atom at suspicious.org Thu Oct 28 20:09:53 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Thu Oct 28 20:06:55 2004 Subject: Cipher Strenth In-Reply-To: References: Message-ID: <20041028181008.73472.qmail@suspicious.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Thu, 28 Oct 2004, Chris Wheat wrote: > How can you determine the cipher strengh of the file encrypted by gnupg? > (56, 128, 256) > > I am trying to figure out how secure the message I encrypt really are. ============= use "-v" or "--verbose" and you'll see the ciphers used for d/encryption. gpg uses symmetric ciphers with keys between 128-256 bit. there's a table "Symmetric Key" that covers what ciphers use what size keys . - -- ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "If the [Foreign Corrupt Practices] Law were applied to the president and the political parties, they'd all be sitting in the cooler." -- Raymond Plank, president Apache Corp., noting that an annual questionnaire he signs under that law requires him to attest that his company doesn't bribe foreign officials for business (USA Today, 10/26/1998) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBgTX2AAoJEAx/d+cTpVcim3oIAJ8aXaJ0xhB8Ho3BI9jbSPO9 R4jtRd1e3GzE96msj+wy8wqZRQWadXfbssO1ze5EDHnfYiPx/7et5hIEspH/1f1n R9LuZ99JAC2lERTscOkKmz82E5rx0g8yoISeCx7NFieGKg7nA0d/gHKvYEgu5vqk hgdXM8fLEHbEPxNkEcakIEcYyiXFSzGWbDkcAx/66QBHKfFi5IMHTU+sF/VS0e5V 5ewGTrtPAPqiFhPhKhpq1T/ml/pkelWVhCyRfV+YCgV+VhVGGcWX3/29Cuo+f0IE 3CZglN5M8JO+rOfUHgNPoYV/T/R9KszNSohQYPiT31NQhpaHzeEywAwn/kFH0Kw= =lJLq -----END PGP SIGNATURE----- From wk at gnupg.org Thu Oct 28 20:53:43 2004 From: wk at gnupg.org (Werner Koch) Date: Thu Oct 28 20:54:45 2004 Subject: [Announce] GnuPG 1.3.92 released (development) In-Reply-To: (zuxy.meng@gmail.com's message of "Fri, 29 Oct 2004 00:29:53 +0800") References: <87d5z3c9dp.fsf@wheatstone.g10code.de> Message-ID: <87u0se8yiw.fsf@wheatstone.g10code.de> On Fri, 29 Oct 2004 00:29:53 +0800, Zuxy said: > BTW: Why not add BZIP support to Win32 binaries? I don't wnat to add bzip to the source and thus we would rely to have a bzip librart on Windows installed. Using dynamic linking seems to be overkill for that feature. Werner From johanw at vulcan.xs4all.nl Thu Oct 28 21:41:43 2004 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Thu Oct 28 21:38:11 2004 Subject: [Announce] GnuPG 1.3.92 released (development) In-Reply-To: <87d5z3c9dp.fsf@wheatstone.g10code.de> from Werner Koch at "Oct 28, 2004 02:30:58 pm" Message-ID: <200410281941.VAA11602@vulcan.xs4all.nl> Werner Koch wrote: >[Obviously Mailman broke the PGP/MIME signature again. Therefore I see > no other way than to repost it using the plain old clear sign format] I'm glad to see it's still not deprecated enough. :-) (One of the changes I make in the code is to add IDEA to the list of algorithms that gnupg doesn't complain about being deprecated). >The latest release from the development branch of GnuPG is ready for >public consumption. Built OK on Slackware 3.3 / libc5. All tests were passed, and my extra pgp 2.6 compatibility tests were passed too. >This is a branch to create what will extremely >soon become the new stable release of GnuPG 1.4. Is "extremely soon" a matter of days, weeks or months? -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From shavital at mac.com Thu Oct 28 23:10:51 2004 From: shavital at mac.com (Charly Avital) Date: Thu Oct 28 23:07:51 2004 Subject: [Announce] GnuPG 1.3.92 released (development) In-Reply-To: <873bzzdszd.fsf@wheatstone.g10code.de> References: <873bzzdszd.fsf@wheatstone.g10code.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Compiled under Mac OS X 10.3.5, Darwin 7.5.0, CPU Type: PowerPC G4 (1.1)., including idea.c. Thanks for your work. Charly On Oct 28, 2004, at 6:42 AM, Werner Koch wrote: > Hello! > > The latest release from the development branch of GnuPG is ready for > public consumption. This is a branch to create what will extremely > soon become the new stable release of GnuPG 1.4. > > We strongly encourage people to try this development release and > report any feedback or problems to gnupg-devel@gnupg.org. If you have > been waiting until the 1.4 release is imminent before trying the code, > that time is now. > > > The files are available from: > > Gzipped: > ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.92.tar.gz > (3.8M) > ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.92.tar.gz.sig > [...] > Enjoy! > > The GnuPG team (David, Stefan, Timo and Werner) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.92 (Darwin) iD8DBQFBgWBn8SG5rMkbCF4RAiz8AJ4uI5QVftIAb4kk2pp13qxcfl2t2ACeKm+s dTzSUDBqL15SzW5nk9M2dmo= =6aqd -----END PGP SIGNATURE----- From shavital at mac.com Thu Oct 28 23:16:27 2004 From: shavital at mac.com (Charly Avital) Date: Thu Oct 28 23:13:27 2004 Subject: setpref syntax In-Reply-To: <200410271913.i9RJDm0d003861@mailserver2.hushmail.com> References: <200410271913.i9RJDm0d003861@mailserver2.hushmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In 1.3.91 and 1.3.92 (which are in fact 1.4), one -v (or --verbose) is enough. Charly On Oct 27, 2004, at 3:13 PM, vedaal@hush.com wrote: > Sebastian Wiesinger sebastian at karotte.org wrote: > >> Ah ok, I tried gpg --version -v, that didn't work. :) > > maybe in 1.4 one -v is enough, > but in 1.3.x it needs verbose twice: > > C:\GNUPG>gpg -v -v --version > gpg (GnuPG) 1.3.6 > [...] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.92 (Darwin) iD8DBQFBgWG48SG5rMkbCF4RAmDoAJ4gjTpHwQnnUo3jYvaA016ZYZapWgCfYFOH BodujdxHb/ccx9eMwkkBWlQ= =WOMq -----END PGP SIGNATURE----- From DougB at DougBarton.net Fri Oct 29 06:51:52 2004 From: DougB at DougBarton.net (Doug Barton) Date: Fri Oct 29 06:49:05 2004 Subject: [Announce] GnuPG 1.3.92 released (development) In-Reply-To: <200410281941.VAA11602@vulcan.xs4all.nl> References: <200410281941.VAA11602@vulcan.xs4all.nl> Message-ID: <4181CC68.7070605@DougBarton.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Compiles fine on FreeBSD 4.10-Stable and 6-current, and passes all 25 tests. HTH, Doug - -- If you're never wrong, you're not trying hard enough -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBgcxnyIakK9Wy8PsRAvyeAJ9Q0Wc0t84mPXkODXhOysHfau/7pQCeL1o8 VWcCPHg7BzwFZPipDQ2/g7s= =vzf3 -----END PGP SIGNATURE----- From pt at radvis.nu Fri Oct 29 13:17:24 2004 From: pt at radvis.nu (Per Tunedal Casual) Date: Fri Oct 29 13:12:21 2004 Subject: setpref syntax In-Reply-To: References: <200410271913.i9RJDm0d003861@mailserver2.hushmail.com> Message-ID: <6.1.2.0.2.20041029131506.038ced60@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 23:16 2004-10-28, you wrote: >>> Ah ok, I tried gpg --version -v, that didn't work. :) >> >> maybe in 1.4 one -v is enough, >> but in 1.3.x it needs verbose twice: >> >> C:\GNUPG>gpg -v -v --version >> gpg (GnuPG) 1.3.6 >> [...] > I mistyped: gpg -v -version (one hyphen) and gpg tried to encrypt to an unknown key! version: 1.2.5 Per Tunedal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) - GPGrelay v0.955 Comment: Vad är en PGP-signatur? www.clipanish.com/PGP/pgp.html iD8DBQFBgibbaDDfzFT+2PIRAm0BAJ9eBvPC/VUvySyoTPlNmWAtr2x+DACfba6i t/EfiCesaX2nOOxGrXTlftc= =YApa -----END PGP SIGNATURE----- From wk at gnupg.org Fri Oct 29 07:35:12 2004 From: wk at gnupg.org (Werner Koch) Date: Fri Oct 29 19:14:55 2004 Subject: [Announce] GnuPG 1.3.92 released (development) In-Reply-To: <200410281941.VAA11602@vulcan.xs4all.nl> (Johan Wevers's message of "Thu, 28 Oct 2004 21:41:43 +0200 (MET DST)") References: <200410281941.VAA11602@vulcan.xs4all.nl> Message-ID: <87654u9je7.fsf@wheatstone.g10code.de> On Thu, 28 Oct 2004 21:41:43 +0200 (MET DST), Johan Wevers said: > Is "extremely soon" a matter of days, weeks or months? I depends on how many bug reports we get and how fast the translation folks can come up with updated translations. So a few weeks seems to be realistic. Werner From hmujtaba at forumsys.com Fri Oct 29 19:41:18 2004 From: hmujtaba at forumsys.com (Hasnain Mujtaba) Date: Fri Oct 29 19:38:26 2004 Subject: PGP5 and v4 GPG keys Message-ID: <4DCE15B9C4E66F4CA967EBF64C53D64D190444@bstn-exch1.forumsys.com> Thank you for verifying this for me. Appreciate it! -----Original Message----- From: gnupg-users-bounces@gnupg.org [mailto:gnupg-users-bounces@gnupg.org] On Behalf Of David Shaw Sent: Wednesday, October 27, 2004 10:32 PM To: gnupg-users@gnupg.org Subject: Re: PGP5 and v4 GPG keys On Wed, Oct 27, 2004 at 08:24:25PM -0400, Hasnain Mujtaba wrote: > Thanks for the response David. I am having some problems with v4 RSA > keys. I have an RSA keypair generated by an open source tool. I can load > it into GPG 1.2.4 using the command: gpg --allow-secret-key-import > --import. I can then use GPG to encrypt a file using the keypair. But > when I give GPG the encrypted file to decrypt, I see the following > message: > > gpg: public key decryption failed: wrong secret key used > gpg: decryption failed: secret key not available. > > The key pair is attached. The password is password. Would it be possible > for you to run an encrypt/decrypt test with this keypair to see if you > can reproduce this error? That key is broken. As a guess, it seems that the private half is not really the private half for the public key. Corrupt, perhaps. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From johnmoore3rd at joimail.com Sat Oct 30 04:39:55 2004 From: johnmoore3rd at joimail.com (JOHN MOORE) Date: Sat Oct 30 04:36:26 2004 Subject: iconv.dll ?? Message-ID: <4182FEFB.50401@joimail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Having downloaded the tar.gz file for 1.3.92, will I also need to download and install the iconv.dll prior to compiling/installing? If so, would someone please be kind enough to provide the download link? I would also appreciate the link to subscribe to gnupg-announce. Thanks, JOHN :) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.92 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBgv7xnCmZhrerneURAuTmAJ9VlcgFPMJHMYo+cumNDmCLf6KSsACeMc8J PTagEduCRFviSyoghn9uDIU= =l6hd -----END PGP SIGNATURE----- From JPClizbe at comcast.net Sat Oct 30 06:53:39 2004 From: JPClizbe at comcast.net (John Clizbe) Date: Sat Oct 30 06:50:44 2004 Subject: iconv.dll ?? In-Reply-To: <4182FEFB.50401@joimail.com> References: <4182FEFB.50401@joimail.com> Message-ID: <41831E53.3060205@comcast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 JOHN MOORE wrote: > Having downloaded the tar.gz file for 1.3.92, will I also need to > download and install the iconv.dll prior to compiling/installing? > > If so, would someone please be kind enough to provide the download link? > I would also appreciate the link to subscribe to gnupg-announce. > > Thanks, JOHN :) _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users - --------- gnupg-announce: http://lists.gnupg.org/mailman/listinfo/gnupg-announce Yes, iconv.dll is needed. The best (as in "easiest to install") place to get it from is the gettext project on SourceForge: http://prdownloads.sourceforge.net/gettext/libiconv-1.9.1.bin.woe32.zip?download Open the ZIP wih WinZIP (or other archiver) and extract iconv.dll to your GnuPG binary directory. - -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Our enemies are innovative and resourceful, and so are we. They never stop thinking about new ways to harm our country and our people, and neither do we." - Dumbya explaining his administration 5-Aug-2004 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.93-cvs (Windows 2000 SP4) Comment: When cryptography is outlawed, b25seSBvdXRsYXdzIHdpbGwgdXNlIG Comment: Annoy John Asscraft -- Use Strong Encryption. Comment: It's YOUR right - for the time being. Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBgx5SHQSsSmCNKhARAifoAKDK/3JCCAxUAzoQLOkZONLCrSsM2QCdGRCr VazXYNEw+hN1B3WUS2c7PS4= =tQbp -----END PGP SIGNATURE----- From zuxy.meng at gmail.com Sat Oct 30 07:49:08 2004 From: zuxy.meng at gmail.com (Zuxy) Date: Sat Oct 30 07:45:45 2004 Subject: When to lock page under WinNT? In-Reply-To: <87vfd4dmfk.fsf@wheatstone.g10code.de> References: <87vfd4dmfk.fsf@wheatstone.g10code.de> Message-ID: On Thu, 21 Oct 2004 19:13:19 +0200, Werner Koch wrote: > No, it won't appear in GnuPG unless there is a portable and working > way of doing so. > Hmm, maybe you would be interested in the 'gnuwin32' project where they've provided a subset of glibc under Win32? -- Zuxy Beauty is truth, While truth is beauty. PGP KeyID: E8555ED6 From johnmoore3rd at joimail.com Sat Oct 30 23:37:38 2004 From: johnmoore3rd at joimail.com (JOHN MOORE) Date: Sat Oct 30 23:34:40 2004 Subject: iconv.dll redux Message-ID: <418409A2.1000508@joimail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I do appreciate the reply from JOHN....but when I downloaded the gzipped file it is to install into a Knoppix Linux partition to be use in conjunction with T-Bird/Enigmail and GPA as Key Manager. Does the gzipped download have the iconv.dll or does it need to be added prior to .'configure, make, make install, make clean? If I do need to add it, can I use the same .dll in the WinZip download? If I require another, where? Thanks, JOHN :) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.92 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBhAmZnCmZhrerneURAik8AJ4jFZwvUvc4W/o8XdB53Z9rDVtx8QCePoiv +L4XqFmzP3R81KwfKer7NQ4= =t71V -----END PGP SIGNATURE----- From linux at codehelp.co.uk Sun Oct 31 09:12:24 2004 From: linux at codehelp.co.uk (Neil Williams) Date: Sun Oct 31 09:08:54 2004 Subject: iconv.dll redux In-Reply-To: <418409A2.1000508@joimail.com> References: <418409A2.1000508@joimail.com> Message-ID: <200410310812.28601.linux@codehelp.co.uk> On Saturday 30 October 2004 10:37 pm, JOHN MOORE wrote: > I do appreciate the reply from JOHN....but when I downloaded the gzipped > file it is to install into a Knoppix Linux partition .dll files are only for Windows. You don't need iconv.dll for GNU/Linux. > to be use in > conjunction with T-Bird/Enigmail and GPA as Key Manager. Does the > gzipped download have the iconv.dll No, not needed. > or does it need to be added prior to > .'configure, make, make install, make clean? What error in the ./configure make make install caused you to think that this file was needed? Remember: $ ./configure (the dot and slash are required) $ make $ su # make install > If I do need to add it, > can I use the same .dll in the WinZip download? Binary files from one operating system are not compatible with binaries from another. If this is Knoppix, why not use apt? As root, # apt-get install gnupg gpa mozilla-thunderbird mozilla-thunderbird-enigmail There's no need to compile any of these unless you want the absolute latest versions. If you learn a bit more about Knoppix and Debian, you can switch to the testing version of Debian and get the current releases. Default 'stable' might be a little old. www.debian.org www.knoppix.net http://www.eleli.de/knoppix/docs/tutorial http://www.debian.org/doc/manuals/apt-howto/ch-novas.en.html http://www.debian.org/doc/manuals/apt-howto/ch1.en.html -- Neil Williams ============= http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20041031/b86978e3/attachment.bin From servie_tech at yahoo.com Sun Oct 31 15:43:40 2004 From: servie_tech at yahoo.com (Servie Platon) Date: Sun Oct 31 15:40:46 2004 Subject: gpg: error loading `iconv.dll': ec=126 Message-ID: <20041031144340.32514.qmail@web52504.mail.yahoo.com> Hi folks, What does this error mean? C:\Documents and Settings\servie>gpg --version gpg: error loading `iconv.dll': ec=126 gpg (GnuPG) 1.3.92 NOTE: THIS IS A DEVELOPMENT VERSION! It is only intended for test purposes and should NOT be used in a production environment or with production keys! Copyright (C) 2004 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Home: C:/Documents and Settings/Servie/Application Data/GnuPG Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512 Compression: Uncompressed, ZIP, ZLIB C:\Documents and Settings\servie>gpg --gen-key gpg: error loading `iconv.dll': ec=126 Does this mean that when I extracted the gnupg-w32cli-1.3.92.zip from the gnupg site, it did not or have somehow corrupted iconv.dll? I followed the instructions on http://enigmail.mozdev.org/gpgconf.html, installed first v. 1.2.5 and it worked and then when I upgraded to v. 1.3.92 this is where it all began. Any thoughts on this would be highly appreciated. Thanks in advance. Sincerely, Servie ===== Sincerely, Servie Platon __________________________________ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. http://promotions.yahoo.com/new_mail From zuxy.meng at gmail.com Sun Oct 31 16:48:10 2004 From: zuxy.meng at gmail.com (Zuxy) Date: Sun Oct 31 16:44:45 2004 Subject: When to lock page under WinNT? In-Reply-To: <87vfd4dmfk.fsf@wheatstone.g10code.de> References: <87vfd4dmfk.fsf@wheatstone.g10code.de> Message-ID: On Thu, 21 Oct 2004 19:13:19 +0200, Werner Koch wrote: > No, it won't appear in GnuPG unless there is a portable and working > way of doing so. > Take a look at these two pieces of code, grabbed from 'gnuwin32' int mlock (const void *addr, size_t len) { if (IsWin9x()) { __set_errno(ENOSYS); return -1; } if (!VirtualLock (addr, len)) { set_werrno; return -1; } return 0; } DWORD getgranularity (void) { if (!granularity) { SYSTEM_INFO si; GetSystemInfo (&si); granularity = si.dwAllocationGranularity; } return granularity; } __ptr_t __mmap64 (__ptr_t addr, size_t len, int prot, int flags, int fd, __off64_t offset) { __ptr_t map = (__ptr_t) NULL; caddr_t gran_addr = (caddr_t) addr; HANDLE handle = INVALID_HANDLE_VALUE; DWORD cfm_flags = 0, mvf_flags = 0, sysgran = getgranularity (); __off64_t gran_offset = flags & MAP_ANON ? 0 :offset, filelen = flags & MAP_ANON ? len : _filelengthi64(fd); int mmlen = len; switch (prot) { case PROT_READ | PROT_WRITE | PROT_EXEC: case PROT_WRITE | PROT_EXEC: cfm_flags = PAGE_EXECUTE_READWRITE; mvf_flags = FILE_MAP_ALL_ACCESS; break; case PROT_READ | PROT_WRITE: cfm_flags = PAGE_READWRITE; mvf_flags = FILE_MAP_ALL_ACCESS; break; case PROT_WRITE: cfm_flags = PAGE_READWRITE; mvf_flags = FILE_MAP_WRITE; break; case PROT_READ: cfm_flags = PAGE_READONLY; mvf_flags = FILE_MAP_READ; break; case PROT_NONE: cfm_flags = PAGE_NOACCESS; mvf_flags = FILE_MAP_READ; break; case PROT_EXEC: cfm_flags = PAGE_EXECUTE; mvf_flags = FILE_MAP_READ; break; } if (flags & MAP_PRIVATE) { if (IsWin9x ()) cfm_flags = PAGE_WRITECOPY; mvf_flags = FILE_MAP_COPY; } // fprintf (stderr, "Addr before: %p\n", gran_addr); // fprintf (stderr, "Offset before: %#I64X\n", gran_offset); if (flags & MAP_FIXED) { gran_offset = offset; gran_addr = addr; } else { gran_offset = offset & ~(sysgran - 1); gran_addr = (caddr_t) (((DWORD) gran_addr / sysgran) * sysgran); } // fprintf (stderr, "Addr after: %p\n", gran_addr); // fprintf (stderr, "Offset after: %#I64X\n", gran_offset); mmlen = (filelen < gran_offset + len ? filelen - gran_offset : len); handle = CreateFileMapping (flags & MAP_ANON ? INVALID_HANDLE_VALUE : (HANDLE) _get_osfhandle(fd), NULL, cfm_flags, 0, mmlen, NULL); if (!handle) { set_werrno; // WinErr ("CreateFileMapping"); return MAP_FAILED; } map = (__ptr_t) MapViewOfFileEx (handle, mvf_flags, HIDWORD(gran_offset), LODWORD(gran_offset), (SIZE_T) mmlen, (LPVOID) gran_addr); if (map == NULL && (flags & MAP_FIXED) ) { // fprintf (stderr, "Starting address: %p\n", (LPVOID) gran_addr); // WinErr ("First try of MapViewOfFileEx failed"); map = (__ptr_t) MapViewOfFileEx (handle, mvf_flags, HIDWORD(gran_offset), LODWORD(gran_offset), (SIZE_T) mmlen, (LPVOID) NULL); } CloseHandle(handle); if (map == NULL) { set_werrno; // WinErr ("MapViewOfFileEx"); return MAP_FAILED; } return map; } -- Zuxy Beauty is truth, While truth is beauty. PGP KeyID: E8555ED6 From barry at bpuk.net Sun Oct 31 17:01:58 2004 From: barry at bpuk.net (Barry Porter) Date: Sun Oct 31 16:59:19 2004 Subject: gpg: error loading `iconv.dll': ec=126 In-Reply-To: <20041031144340.32514.qmail@web52504.mail.yahoo.com> References: <20041031144340.32514.qmail@web52504.mail.yahoo.com> Message-ID: <41850C76.2000608@bpuk.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Servie Platon wrote: > I followed the instructions on > http://enigmail.mozdev.org/gpgconf.html, installed > first v. 1.2.5 and it worked and then when I upgraded > to v. 1.3.92 this is where it all began. There are no v1.3.92 binaries for Windows on the GnuPG site so you must have got it from somewhere else. John Clizbe wrote on the list yesterday: [quote] iconv.dll is needed. The best (as in "easiest to install") place to get it from is the gettext project on SourceForge: http://prdownloads.sourceforge.net/gettext/libiconv-1.9.1.bin.woe32.zip?download Open the ZIP with WinZIP (or other archiver) and extract iconv.dll to your GnuPG binary directory. [/quote] I dropped iconv.dll into my Windows/System32 folder so that it is available to all applications and it works fine for me there. - -- Regards Barry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.92 (Windows XP Pro SP2) Comment: Public Key: http://bpuk.net/openpgpkey1.html Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBhQx13wKVPLs2unURAsPpAJ467ZgxibPNl7wY1uDfp3NBfsToCACfR/JC a3bIB+anJQlMpZaEXtMiKqk= =/OJN -----END PGP SIGNATURE----- From zuxy.meng at gmail.com Sun Oct 31 17:14:11 2004 From: zuxy.meng at gmail.com (Zuxy) Date: Sun Oct 31 17:17:24 2004 Subject: gpg: error loading `iconv.dll': ec=126 In-Reply-To: <20041031144340.32514.qmail@web52504.mail.yahoo.com> References: <20041031144340.32514.qmail@web52504.mail.yahoo.com> Message-ID: If gpg returns Windows error code then 126 means "Module not found", so make sure your iconv.dll lies in the proper place i.e. the same folder as gpg or %systemdir% (c:\windows\system32?). On Sun, 31 Oct 2004 06:43:40 -0800 (PST), Servie Platon wrote: > Hi folks, > > What does this error mean? > -- Zuxy Beauty is truth, While truth is beauty. PGP KeyID: E8555ED6 From lists at kcoates.com Sun Oct 31 18:42:42 2004 From: lists at kcoates.com (Kevin Coates) Date: Sun Oct 31 18:40:16 2004 Subject: v1.3.92 problems with The Bat! Message-ID: <1219179547.20041031124242@nospam.kcoates.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello GnuPG-Users, I installed v1.3.92 and placed the required iconv.dll in the Windows /System32 folder. Attempts to verify sigs using The Bat! e-mail client yield this error: gpg: conversion from `utf-8' to `CP0' not available I do not see this using GPGrelay or GPGShell. Previous versions of GPG work fine with The Bat!. I don't understand what this error message means. Can someone provide me with some information? Thanks. - -- Kevin Coates Dewitt, NY USA ________________________________________________________________ (see kludges for my pgp key) -----BEGIN PGP SIGNATURE----- iD8DBQFBhSPxvZSrVDqOXK0RAr5QAJ4khXe4UZvcvItcSI3jZv6oRoKTRACg48Ri kH9b30Wwyr3wPfJkMdnIyRY= =Zt0P -----END PGP SIGNATURE-----