From richard2005 at att.net Mon Aug 1 01:37:42 2005 From: richard2005 at att.net (Richard) Date: Mon Aug 1 02:37:32 2005 Subject: gpg-agent with preset passphrase Message-ID: <42ED60C6.6020303@att.net> Hi, I'm trying to provide gpg-agent with passphrase when the machine starts up. The machine has no X installed so pinentry is not available. gpg-preset-passphrase sounds like an ideal tool for this purpose. But I got some problem. Here is what I did(gpg-agent is from 1.9, while gpg is from 1.4): gpg-agent --daemon -v --allow-preset-passphrase --log-file /tmp/gpg --debug-level expert gpg-preset-passphrase --preset 456966036038140A30H816963A69260A9C4C18BA Here is one suspicion: when I type passphrase, it is not hidden but in CLEAR TEXT! Did I miss something? Then I decrypt with the following command and got: gpg --use-agent --decrypt --batch filename gpg: Invalid passphrase; please try again ... gpg: problem with the agent - disabling agent use gpg: can't query passphrase in batch mode gpg: Invalid passphrase; please try again ... gpg: can't query passphrase in batch mode gpg: encrypted with ELG-E key, ID 48E397E9 gpg: encrypted with 4096-bit ELG-E key, ID CE4C18BA, created 2005-07-15 "richard2005@att.net" gpg: public key decryption failed: bad passphrase gpg: decryption failed: secret key not available The log does appear that the passphrase was successfully stored, and when gpg was asked to decrypt the file, it indeed found the cached passphrase, but somehow it did nothing, and then came back and cleared the passphrase... Anyone has any idea? Thanks, Richard 2005-07-31 19:23:26 gpg-agent[1287] handler 0x3c00d200 for fd 0 started gpg-agent[1287.0x3c020000] DBG: -> OK Pleased to meet you gpg-agent[1287.0x3c020000] DBG: <- OPTION ttyname=/dev/ttyp0 gpg-agent[1287.0x3c020000] DBG: -> OK gpg-agent[1287.0x3c020000] DBG: <- OPTION ttytype=xterm gpg-agent[1287.0x3c020000] DBG: -> OK gpg-agent[1287.0x3c020000] DBG: <- OPTION lc-ctype=C gpg-agent[1287.0x3c020000] DBG: -> OK gpg-agent[1287.0x3c020000] DBG: <- OPTION lc-messages=C gpg-agent[1287.0x3c020000] DBG: -> OK gpg-agent[1287.0x3c020000] DBG: <- PRESET_PASSPHRASE 456966036038140A30H816963A69260A9C4C18BA -1 secretword 2005-07-31 19:23:26 gpg-agent[1287] DBG: agent_put_cache `456966036038140A30H816963A69260A9C4C18BA' requested ttl=-1 mode=1 gpg-agent[1287.0x3c020000] DBG: -> OK gpg-agent[1287.0x3c020000] DBG: <- [EOF] 2005-07-31 19:23:26 gpg-agent[1287] handler 0x3c00d200 for fd 0 terminated 2005-07-31 19:23:33 gpg-agent[1287] handler 0x3c00d200 for fd 0 started gpg-agent[1287.0x3c020000] DBG: -> OK Pleased to meet you gpg-agent[1287.0x3c020000] DBG: <- OPTION ttyname=/dev/ttyp0 gpg-agent[1287.0x3c020000] DBG: -> OK gpg-agent[1287.0x3c020000] DBG: <- OPTION ttytype=xterm gpg-agent[1287.0x3c020000] DBG: -> OK gpg-agent[1287.0x3c020000] DBG: <- OPTION lc-ctype=C gpg-agent[1287.0x3c020000] DBG: -> OK gpg-agent[1287.0x3c020000] DBG: <- OPTION lc-messages=C gpg-agent[1287.0x3c020000] DBG: -> OK gpg-agent[1287.0x3c020000] DBG: <- GET_PASSPHRASE 456966036038140A30H816963A69260A9C4C18BA X X You+need+a+passphrase+to+unl ock+the+secret+key+for+user:%0A"richard2005@att.net"%0A4096-bit+ELG-E+key,+ID+CE4C18BA,+created+2005-07-15+(main+k ey+ID+F8B5E914)%0A 2005-07-31 19:23:33 gpg-agent[1287] DBG: agent_get_cache `456966036038140A30H816963A69260A9C4C18BA'... 2005-07-31 19:23:33 gpg-agent[1287] DBG: ... hit gpg-agent[1287.0x3c020000] DBG: -> [Confidential data not shown] gpg-agent[1287.0x3c020000] DBG: <- [EOF] 2005-07-31 19:23:33 gpg-agent[1287] handler 0x3c00d200 for fd 0 terminated 2005-07-31 19:23:33 gpg-agent[1287] handler 0x3c00d200 for fd 0 started gpg-agent[1287.0x3c020000] DBG: -> OK Pleased to meet you gpg-agent[1287.0x3c020000] DBG: <- OPTION ttyname=/dev/ttyp0 gpg-agent[1287.0x3c020000] DBG: -> OK gpg-agent[1287.0x3c020000] DBG: <- OPTION ttytype=xterm gpg-agent[1287.0x3c020000] DBG: -> OK gpg-agent[1287.0x3c020000] DBG: <- OPTION lc-ctype=C gpg-agent[1287.0x3c020000] DBG: -> OK gpg-agent[1287.0x3c020000] DBG: <- OPTION lc-messages=C gpg-agent[1287.0x3c020000] DBG: -> OK gpg-agent[1287.0x3c020000] DBG: <- CLEAR_PASSPHRASE 456966036038140A30H816963A69260A9C4C18BA 2005-07-31 19:23:33 gpg-agent[1287] DBG: agent_put_cache `456966036038140A30H816963A69260A9C4C18BA' requested ttl=0 mode=3 gpg-agent[1287.0x3c020000] DBG: -> OK gpg-agent[1287.0x3c020000] DBG: <- [EOF] 2005-07-31 19:23:33 gpg-agent[1287] handler 0x3c00d200 for fd 0 terminated 2005-07-31 19:23:33 gpg-agent[1287] handler 0x3c00d200 for fd 0 started gpg-agent[1287.0x3c020000] DBG: -> OK Pleased to meet you gpg-agent[1287.0x3c020000] DBG: <- OPTION ttyname=/dev/ttyp0 gpg-agent[1287.0x3c020000] DBG: -> OK gpg-agent[1287.0x3c020000] DBG: <- OPTION ttytype=xterm gpg-agent[1287.0x3c020000] DBG: -> OK gpg-agent[1287.0x3c020000] DBG: <- OPTION lc-ctype=C gpg-agent[1287.0x3c020000] DBG: -> OK gpg-agent[1287.0x3c020000] DBG: <- OPTION lc-messages=C gpg-agent[1287.0x3c020000] DBG: -> OK gpg-agent[1287.0x3c020000] DBG: <- GET_PASSPHRASE 456966036038140A30H816963A69260A9C4C18BA Invalid+passphrase;+please+try+a gain X You+need+a+passphrase+to+unlock+the+secret+key+for+user:%0A"richard2005@att.net"%0A4096-bit+ELG-E+key,+ID+C E4C18BA,+created+2005-07-15+(main+key+ID+F8B5E914)%0A 2005-07-31 19:23:33 gpg-agent[1287] DBG: agent_get_cache `456966036038140A30H816963A69260A9C4C18BA'... 2005-07-31 19:23:33 gpg-agent[1287] DBG: ... miss 2005-07-31 19:23:33 gpg-agent[1287] starting a new PIN Entry 2005-07-31 19:23:33 gpg-agent[1287] can't connect to the PIN entry module: connect failed 2005-07-31 19:23:33 gpg-agent[1287] command get_passphrase failed: No pinentry gpg-agent[1287.0x3c020000] DBG: -> ERR 67108949 No pinentry gpg-agent[1287.0x3c020000] DBG: <- [EOF] 2005-07-31 19:23:33 gpg-agent[1287] handler 0x3c00d200 for fd 0 terminated From malayter at gmail.com Mon Aug 1 08:55:25 2005 From: malayter at gmail.com (Ryan Malayter) Date: Mon Aug 1 09:56:56 2005 Subject: throughput of GnuPG symmetric ciphers Message-ID: <5d7f0742050731235524196dd4@mail.gmail.com> I was going to use GnuPG for encrypting some very large backup files on disk (~200 GB). However, the symmetric ciphers in GnuPG seem to be fairly slow. Using the Windows build of 1.4.2, I only modest throughputs piping GPG output from a fast 7200 RPM disk to >NUL (the Windows equivalent of /dev/nul). (See table at end of email). The process is not disk bound, since it uses 100% CPU and the different algorithms take different times. Compression was turned off. I have seen references on the net to fast software implementations of AES that are an order of magnitude faster than GnuPG on a P4 (~1.5 Gbps). See http://www.via.com.tw/en/resources/pressroom/2003_archive/pr031014edenn.jsp. Has anyone made a GnuPG patch that includes faster implementations of the core symmetric algorithms? What other tools are people using for encrypting backups in datacenter operations (as GnuPG seems to be too slow for this task)? Thanks for any help, Ryan ------------ Tests encrypting a 1 GB file on a 2.4 GHz Pentium 4. Cipher Algorithm Speed (Mbps) ------------------------------- CAST5 153.39 BLOWFISH 59.24 AES 102.26 3DES 64.59 AES-256 81.81 TWOFISH 124.49 From eduardo at minicom.com.br Mon Aug 1 14:56:44 2005 From: eduardo at minicom.com.br (Eduardo) Date: Mon Aug 1 15:52:05 2005 Subject: Where's my private key? Message-ID: <42EE1C0C.9060300@minicom.com.br> Hi folks. Yesterday I needed to crypt one config file on my Linux box and was wondering where is my private key, cause I have the private key in my desktop (in my company) and I need to open a crypted file in my house. How can I 'take' my private key from company to work? Regards From mwood at IUPUI.Edu Mon Aug 1 16:00:14 2005 From: mwood at IUPUI.Edu (Mark H. Wood) Date: Mon Aug 1 16:51:09 2005 Subject: Entropy in ascii-armored output? In-Reply-To: <42EAB4C4.80908@chud.net> References: <42EAB4C4.80908@chud.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 29 Jul 2005, Chris De Young wrote: > Some people have started to suggest that actually writing down passwords, if > they're kept in a secure place, might not be a bad idea; the rationale is that > passwords which can be considered "good" are reaching the point of being > un-memorizable. http://www.adel.nursat.kz/apg/ I find many FIPS-181 "words" to be significantly more memorable than unconstrained strings of random printables and they should be reasonably strong if they're not too short. VMS' SET PASSWORD/GENERATE command supposedly uses this method and has been in the field for many years. If you need a really long secret you could always make up a "sentence" of shorter FIPS-181 "words". It might be easier to remember than one long string. - -- Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu Open-source executable: $0.00. Source: $0.00 Control: priceless! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/ iD8DBQFC7irzs/NR4JuTKG8RAgXWAJwKRWGGmCltgG3Sv/evhXTPSsfAwQCfbt94 T0O4dbanNLPhpcfPvxnKYoo= =RvlX -----END PGP SIGNATURE----- From chd at chud.net Mon Aug 1 18:50:55 2005 From: chd at chud.net (Chris De Young) Date: Mon Aug 1 18:46:41 2005 Subject: Entropy in ascii-armored output? In-Reply-To: <87r7dginc6.fsf@wheatstone.g10code.de> References: <42EAB4C4.80908@chud.net> <20050730005658.GA4618@jabberwocky.com> <87r7dginc6.fsf@wheatstone.g10code.de> Message-ID: <42EE52EF.60805@chud.net> Werner Koch wrote: [...] > There is even an easier way: > > gpg --gen-random -a 1 12 Thanks for all the feedback everyone! This is a better way to do what I was looking for, definitely. Thanks! -Chris -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20050801/150d59a6/signature.pgp From malayter at gmail.com Mon Aug 1 19:48:11 2005 From: malayter at gmail.com (Ryan Malayter) Date: Mon Aug 1 19:44:07 2005 Subject: throughput of GnuPG symmetric ciphers In-Reply-To: <5d7f0742050731235524196dd4@mail.gmail.com> References: <5d7f0742050731235524196dd4@mail.gmail.com> Message-ID: <5d7f074205080110486555f04d@mail.gmail.com> I'm reposting this because it never appeared on the list for some reason, even after 12 hours. ---------------- I was going to use GnuPG for encrypting some very large backup files on disk (~200 GB). However, the symmetric ciphers in GnuPG seem to be fairly slow. Using the Windows build of 1.4.2, I only modest throughputs piping GPG output from a fast 7200 RPM disk to >NUL (the Windows equivalent of /dev/nul). (See table at end of email). The process is not disk bound, since it uses 100% CPU and the different algorithms take different times. Compression was turned off. I have seen references on the net to fast software implementations of AES that are an order of magnitude faster than GnuPG on a P4 (~1.5 Gbps). See http://www.via.com.tw/en/resources/pressroom/2003_archive/pr031014edenn.jsp. Has anyone made a GnuPG patch that includes faster implementations of the core symmetric algorithms? What other tools are people using for encrypting backups in datacenter operations (as GnuPG seems to be too slow for this task)? Thanks for any help, Ryan ------------ Tests encrypting a 1 GB file on a 2.4 GHz Pentium 4. Cipher Algorithm Speed (Mbps) ------------------------------- CAST5 153.39 BLOWFISH 59.24 AES 102.26 3DES 64.59 AES-256 81.81 TWOFISH 124.49 -- RPM ========================= All problems can be solved by diplomacy, but violence and treachery are equally effective, and more fun. -Anonymous From freebsd at usol.com Tue Aug 2 00:19:12 2005 From: freebsd at usol.com (Eric Buchanan) Date: Tue Aug 2 01:03:19 2005 Subject: Where's my private key? In-Reply-To: <42EE1C0C.9060300@minicom.com.br> References: <42EE1C0C.9060300@minicom.com.br> Message-ID: <200508011519.15648.freebsd@usol.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The secret key is secring.gpg in your home directory of .gnupg. You can copy the key file to a floppy. I usually use tar to backup the .gnupg directory, and move it to another computer. This works with different versions of BSD just fine for me on different computers. Good luck, Eric Buchanan El Lun 01 Ago 2005 05:56 AM, Eduardo escribi?: > Hi folks. > Yesterday I needed to crypt one config file on my Linux box and was > wondering where is my private key, cause I have the private key in my > desktop (in my company) and I need to open a crypted file in my house. > How can I 'take' my private key from company to work? > > Regards > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFC7p/i8dQkF1HzQsoRAkSXAJ4gIbleB0CKrSLrO9d1ZaxbfizmlACeNMl8 TgMWnr8f7h0NnAgl3kdupzM= =TKwY -----END PGP SIGNATURE----- From sk4list at yahoo.com Tue Aug 2 00:11:33 2005 From: sk4list at yahoo.com (S K) Date: Tue Aug 2 01:07:36 2005 Subject: Protecting signing key Message-ID: <20050801221133.65220.qmail@web33915.mail.mud.yahoo.com> Hi, I plan to make myself a signing key and keep it offline and as securely as possible. How do you guys keep your signing key secure? - Do you put it on a USB stick and encrypt the file system? - Do you use Knoppix MIB (http://www.bouissou.net/knoppix-mib/doc-html/Knoppix-Mib.html)? - Any other form of bootable USB based Linux system that can support encrypted file systems, encrypted swap etc.? Thanks, SK __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From alphasigmax at gmail.com Tue Aug 2 10:32:45 2005 From: alphasigmax at gmail.com (Alphax) Date: Tue Aug 2 10:30:15 2005 Subject: Protecting signing key In-Reply-To: <20050801221133.65220.qmail@web33915.mail.mud.yahoo.com> References: <20050801221133.65220.qmail@web33915.mail.mud.yahoo.com> Message-ID: <42EF2FAD.1040804@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 S K wrote: > Hi, > > I plan to make myself a signing key and keep it > offline and as securely as possible. Well, you could try Tinfoil Hat Linux (http://tinfoilhat.shmoo.com/)... run it on a computer with an LCD screen (laptops are best) - in a steel-and-concrete strongroom (complete with Faraday cage) - that has never been connected to a network. Remove all hard drives for good measure. Or, you could store you signing key on a CD-R in a safe deposit box 3 hours drive from your house, with the passphrase stored in another safe deposit box 3 hours drive the other way from your house. Or, you could just make damn sure you are the only one with access to the computer... with a GOOD passphrase on it. In some ways worse (and by far more common) is not theft of the private key, but losing it completely. Make sure you have both a backup of it and a revocation certificate. As for the encrypted file systems... Windows supports whole disk encryption in various forms as well. - -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 | X Against HTML email & vCards http://tinyurl.com/cc9up | / \ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC7y+t/RxM5Ph0xhMRAyCzAJ0Ug6/fsoO9/IS5thBkKPyYE2iGBACdHH3O 9SQ7iulR+tKSezihpQBBAMA= =uyoQ -----END PGP SIGNATURE----- From telegraph at gmx.net Tue Aug 2 14:16:23 2005 From: telegraph at gmx.net (Gregor Zattler) Date: Tue Aug 2 14:55:45 2005 Subject: is your message about service throughput? (was: Re: throughput of GnuPG symmetric ciphers) In-Reply-To: <5d7f074205080110486555f04d@mail.gmail.com> References: <5d7f0742050731235524196dd4@mail.gmail.com> <5d7f074205080110486555f04d@mail.gmail.com> Message-ID: <20050802121623.GD6187@pit.ID-43118.user.dfncis.de> Hi Ryan, * Ryan Malayter [01. Aug. 2005]: > I'm reposting this because it never appeared on the list for some > reason, even after 12 hours. is your message about service throughput? Gregor From johanw at vulcan.xs4all.nl Tue Aug 2 12:43:00 2005 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Tue Aug 2 16:04:54 2005 Subject: Protecting signing key In-Reply-To: <42EF2FAD.1040804@gmail.com> Message-ID: <200508021043.j72Ah07c008205@vulcan.xs4all.nl> Alphax wrote: >As for the encrypted file systems... Windows supports whole disk >encryption in various forms as well. As long as you're not as stupid to use the built-in functions. I've heard stories that the FBI was very happy when they confiscated a laptop from alledged Al Quaida members protected only by that - didn't seem difficult to crack for them. And why use weak protection as you can get good protection too? -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From rpmaciel at gmail.com Tue Aug 2 22:21:17 2005 From: rpmaciel at gmail.com (Ricardo Maciel) Date: Tue Aug 2 23:14:38 2005 Subject: Convert GnuPG Linux to Windows Message-ID: Hi, Anybody could help me with the steps to convert my Linux GnuPG private and public keys to be useful on Windows (explorer, outlook) too? Thanks! Ricardo. From JPClizbe at comcast.net Tue Aug 2 23:50:37 2005 From: JPClizbe at comcast.net (John Clizbe) Date: Wed Aug 3 00:27:42 2005 Subject: Convert GnuPG Linux to Windows In-Reply-To: References: Message-ID: <42EFEAAC.8040402@comcast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ricardo Maciel wrote: > Anybody could help me with the steps to convert my Linux GnuPG private > and public keys to be useful on Windows (explorer, outlook) too? Copy gpg.conf and *.gpg from your GnuPG home directory on your Linux box (~/.gnupg) to the GnuPG home directory on your Windows system (%APPDATA%\GnuPG)*. If you would like right-click Explorer extensions, you'll need to install either WinPT of GPGshell. I prefer GPGShell. There is an add-in for Outlook/OE called outlgpg. Can't expand more as I've never used Outlook/OE. Good luck, - -John [*] %APPDATA% typically expands to "C:\Documents and Settings\\Application Data". - -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Be who you are and say what you feel because those who mind don't matter and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: When cryptography is outlawed, b25seSBvdXRsYXdzIHdpbGwgdXNlIG Comment: Be part of the ?33t ECHELON -- Use Strong Encryption. Comment: It's YOUR right - for the time being. Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC7+qrHQSsSmCNKhARAlgFAKC5XOrzpyk1Eoh9wIal6ziqwTrdZACg4xkF mQG1aPFb1qFlnwviLiEANVg= =Dq0B -----END PGP SIGNATURE----- From unknown_kev_cat at hotmail.com Wed Aug 3 00:46:02 2005 From: unknown_kev_cat at hotmail.com (Joe Smith) Date: Wed Aug 3 00:44:11 2005 Subject: Smartcard Faq Message-ID: Open Message to Werner Koch: The OpenPGP Smartcard page says a FAQ is in production. While I'm pretty sure you can come up with enough questions, I pose the following questions which have occurred to me, and in the cases where I was able to make a decent sounding response, I have included an answer. Please feel free to use these in the FAQ. Also I encourage others to post questions they have (or have had). Q: What cards does GPG support? A: GPG supports any card that Implements the OpenPGP Card spec. The only current implementation is available from Kernel concepts. TECH NOTE: If you implement the spec in the form of software for an already existing card, please consider sharing it. In such an event you must apply for a free manufacture ID from FSF Europe e.V., also ensure that there is some mechanism by which each card can have a different serial number. Q: What card readers can GPG use? Q: Can I use algorithms other than RSA? A: The OpenPGP spec currently allows only RSA keys; however, it was created to allow other key types to be added later. Q: Can I use RSA keys larger than 1024 bits? A: The spec allows for keys of 1024 bits or larger. The current card only supports 1024 bit keys. Q: If the card locks up from invalid pins can it be unlocked? From malayter at gmail.com Wed Aug 3 00:48:39 2005 From: malayter at gmail.com (Ryan Malayter) Date: Wed Aug 3 00:44:36 2005 Subject: Protecting signing key In-Reply-To: <200508021043.j72Ah07c008205@vulcan.xs4all.nl> References: <42EF2FAD.1040804@gmail.com> <200508021043.j72Ah07c008205@vulcan.xs4all.nl> Message-ID: <5d7f074205080215488c72d@mail.gmail.com> On 8/2/05, Johan Wevers wrote: > As long as you're not as stupid to use the built-in functions. I've > heard stories that the FBI was very happy when they confiscated a > laptop from alledged Al Quaida members protected only by that - didn't > seem difficult to crack for them. And why use weak protection as you > can get good protection too? > Windows doesn't have whole-disk encryption yet, only per-file and per-folder encryption. That said, everything I've read indicates that the encrypting file system (EFS) in Windows 2000+ is reasonably well implemented. However, the user's password is still the weak link, as it is used to protect the private key that EFS needs for decryption. Because you can get the hash of this password from the disk in some way (you always have to be able to, otherwise you could not authenticate), the password is the weak link. Unless the password was very long and full of entropy, brute forcing it from the NTLMv2 hash would be easy for a government organization. And if the Al-Queda dude neglected to turn off the generation of the weak LANMAN hash, it would be even easier. (LANMAN hash generation is off by default in newer versions of Windows). Microsoft is putting whole-disk encryption into Windows Vista including card/token and RSA secureID support. Similar (hopefully better?) functionality is already available for 2000/XP/2003 from a host of vendors, including PGP Corp & PC Guardian. -- Ryan From cedar at 3web.net Wed Aug 3 01:23:59 2005 From: cedar at 3web.net (cdr) Date: Wed Aug 3 01:20:13 2005 Subject: Protecting signing key In-Reply-To: <5d7f074205080215488c72d@mail.gmail.com> References: <42EF2FAD.1040804@gmail.com> <200508021043.j72Ah07c008205@vulcan.xs4all.nl> <5d7f074205080215488c72d@mail.gmail.com> Message-ID: <42F0008F.5080902@3web.net> Ryan Malayter wrote: > Windows doesn't have whole-disk encryption yet, only per-file and > per-folder encryption. > That said, everything I've read indicates that the encrypting file > system (EFS) in Windows 2000+ is reasonably well implemented. It is imprudent to trust operating system vendors in general, and close-source operating system vendors in particular - when it comes to security. One solution (free, with full source) can be found here: http://www.truecrypt.org/ c.rok From karadenizi at earthlink.net Wed Aug 3 04:05:12 2005 From: karadenizi at earthlink.net (Kara) Date: Wed Aug 3 06:57:00 2005 Subject: Protecting signing key] Message-ID: <42F02658.6060201@earthlink.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==== Reference: Subject: Re: Protecting signing key Date: Tue, 02 Aug 2005 23:23:59 +0000 From: cdr To: gnupg-users@gnupg.org > One solution (free, with full source) can be found here: > http://www.truecrypt.org/ What would be an equally good equivalent for those of us using a Linux distro? - -- Ciao Kara "As long as algebra is taught in school, there will be prayer in school." - Cokie Roberts ==== . -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2rc2 (GNU/Linux) Comment: Using Fedora and Enigmail Comment: OpenPGP keyID and URL in Message Headers iD8DBQFC8CZW15k+1L3RO5ARArR5AKDD5Nsh8GbxH2MSYY3m4ntizuXgWQCgtOUg Y0woRWQlkN+fO9EIbOda5JI= =/tfT -----END PGP SIGNATURE----- From zvrba at globalnet.hr Wed Aug 3 08:11:57 2005 From: zvrba at globalnet.hr (Zeljko Vrba) Date: Wed Aug 3 08:06:54 2005 Subject: Protecting signing key] In-Reply-To: <42F02658.6060201@earthlink.net> References: <42F02658.6060201@earthlink.net> Message-ID: <42F0602D.3000305@globalnet.hr> Kara wrote: > > What would be an equally good equivalent > for those of us using a Linux distro? > You can use loop-aes, I think it's included in 2.6 kernels. I would recommend BestCrypt from www.jetico.com. It is not free software, but fully-functional evaluation version for download is available (source included!) I've played with it in the past and I think the product is worth the money. I'm using FreeBSD and its gbde disk encryption. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 254 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20050803/cf67c1f9/signature.pgp From hhhobbit7 at netscape.net Wed Aug 3 07:47:41 2005 From: hhhobbit7 at netscape.net (Henry Hertz Hobbit) Date: Wed Aug 3 08:26:07 2005 Subject: throughput of GnuPG symmetric ciphers Message-ID: <374D1C0A.357BC963.0307202B@netscape.net> >Date: Mon, 1 Aug 2005 12:48:11 -0500 >From: Ryan Malayter >Subject: throughput of GnuPG symmetric ciphers >To: Gnupg-users@gnupg.org >Message-ID: <5d7f074205080110486555f04d@mail.gmail.com> >Content-Type: text/plain; charset=ISO-8859-1 > >I'm reposting this because it never appeared on the list for some >reason, even after 12 hours. >---------------- >I was going to use GnuPG for encrypting some very large backup files >on disk (~200 GB). However, the symmetric ciphers in GnuPG seem to be >fairly slow. Using the Windows build of 1.4.2, I only modest >throughputs piping GPG output from a fast 7200 RPM disk to >NUL (the >Windows equivalent of /dev/nul). (See table at end of email). > >The process is not disk bound, since it uses 100% CPU and the >different algorithms take different times. Compression was turned off. > >I have seen references on the net to fast software implementations of >AES that are an order of magnitude faster than GnuPG on a P4 (~1.5 >Gbps). See http://www.via.com.tw/en/resources/pressroom/2003_archive/pr031014edenn.jsp. I have read what you have given, but this is a tuned and specifically tailored version of AES. Further, it is an advertising spiel rather than a fair, unbiased quantitative analysis of both the software version of AES, and the Eden processor. I suspect the actual speeds are 3-4 times of GnuPG for the software, but the hardware version is probably signicantly faster than software. This begs the entire question though. Read on and you will see why I say that. >Has anyone made a GnuPG patch that includes faster implementations of >the core symmetric algorithms? I don't know the answer to this quetion. I suspect that it has not been done. The problem with tailoring it for speed is that you then lock your way onto one specific CPU chip, whereas GnuPG was meant to be portable across a broad variety of chips from SPARC RISC, PowerPC, Intel, etc. >What other tools are people using for encrypting backups in datacenter >operations (as GnuPG seems to be too slow for this task)? > >Thanks for any help, > Ryan >------------ >Tests encrypting a 1 GB file on a 2.4 GHz Pentium 4. > >Cipher Algorithm Speed (Mbps) >------------------------------- >CAST5 153.39 >BLOWFISH 59.24 >AES 102.26 >3DES 64.59 >AES-256 81.81 >TWOFISH 124.49 > > >-- > RPM Given the size of the files that you are encrypting, I would strongly advise going with the Eden chip rather than a software based solution. So you achieve a performance advantage that cuts the times to 1/4 at best for something other than GnuPG via software. Is that still going to cut it for what you are doing? You never said how often you are going to do it, but 200 GB files are HUGE! I strongly advise going with the Eden or other hardware chips optimized for encryption for your purposes. Then on the other hand, maybe somebody will optimize the algorithm for your specific purpose for the price (I am NOT offering my services - I leave that for others to pursue). HHH -- Key Name: "Henry Hertz Hobbit" pub 1024D/E1FA6C62 2005-04-11 [expires: 2006-04-11] Key fingerprint = ACA0 B65B E20A 552E DFE2 EE1D 75B9 D818 E1FA 6C62 __________________________________________________________________ Switch to Netscape Internet Service. As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register Netscape. Just the Net You Need. New! Netscape Toolbar for Internet Explorer Search from anywhere on the Web and block those annoying pop-ups. Download now at http://channels.netscape.com/ns/search/install.jsp From gct3 at f2s.com Wed Aug 3 07:24:41 2005 From: gct3 at f2s.com (Graham) Date: Wed Aug 3 08:26:15 2005 Subject: Protecting signing key] In-Reply-To: <42F02658.6060201@earthlink.net> References: <42F02658.6060201@earthlink.net> Message-ID: <200508030624.41672.gct3@f2s.com> On Wednesday 03 Aug 2005 3:05 am, Kara wrote: > What would be an equally good equivalent > for those of us using a Linux distro? What distro and what kernel are you using? -- Graham From wk at gnupg.org Wed Aug 3 08:45:19 2005 From: wk at gnupg.org (Werner Koch) Date: Wed Aug 3 08:46:20 2005 Subject: Protecting signing key In-Reply-To: <42F0008F.5080902@3web.net> (cedar@3web.net's message of "Tue, 02 Aug 2005 23:23:59 +0000") References: <42EF2FAD.1040804@gmail.com> <200508021043.j72Ah07c008205@vulcan.xs4all.nl> <5d7f074205080215488c72d@mail.gmail.com> <42F0008F.5080902@3web.net> Message-ID: <87fytrcydc.fsf@wheatstone.g10code.de> On Tue, 02 Aug 2005 23:23:59 +0000, cdr said: > One solution (free, with full source) can be found here: > http://www.truecrypt.org/ Unfortunately only free as in free beer. You are not allowed to change anything unless you send the changes back. Shalom-Salam, Werner From eocsor at gmail.com Wed Aug 3 08:43:41 2005 From: eocsor at gmail.com (Roscoe) Date: Wed Aug 3 09:26:07 2005 Subject: Protecting signing key] In-Reply-To: <42F02658.6060201@earthlink.net> References: <42F02658.6060201@earthlink.net> Message-ID: loop-aes is not in the vanilla kernel sources. dm-crypt and cryptoloop are. cryptoloop is depreciated, use dm-crypt instead. dm-crypt'd main advantage is that it's already in the kernel, whereas loop-aes is a add-on. Look at the different modes of encryption supported and make a decision from there. I use dm-crypt for what its worth, though I wouldn't have any problems with using loop-aes instead. On 8/3/05, Kara wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ==== > > Reference: > > Subject: Re: Protecting signing key > Date: Tue, 02 Aug 2005 23:23:59 +0000 > From: cdr > To: gnupg-users@gnupg.org > > > One solution (free, with full source) can be found here: > > http://www.truecrypt.org/ > > What would be an equally good equivalent > for those of us using a Linux distro? > > - -- > > Ciao > > Kara > > "As long as algebra is taught in school, there > will be prayer in school." - Cokie Roberts > > ==== > . > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2rc2 (GNU/Linux) > Comment: Using Fedora and Enigmail > Comment: OpenPGP keyID and URL in Message Headers > > iD8DBQFC8CZW15k+1L3RO5ARArR5AKDD5Nsh8GbxH2MSYY3m4ntizuXgWQCgtOUg > Y0woRWQlkN+fO9EIbOda5JI= > =/tfT > -----END PGP SIGNATURE----- > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From hhhobbit7 at netscape.net Wed Aug 3 09:35:06 2005 From: hhhobbit7 at netscape.net (Henry Hertz Hobbit) Date: Wed Aug 3 09:31:11 2005 Subject: Where's my private key? Message-ID: <605FAF1F.406ED41D.0307202B@netscape.net> You wrote: >Date: Mon, 01 Aug 2005 09:56:44 -0300 >From: Eduardo >Subject: Where's my private key? >To: gnupg-users@gnupg.org >Message-ID: <42EE1C0C.9060300@minicom.com.br> >Content-Type: text/plain; charset=ISO-8859-1 > >Hi folks. >Yesterday I needed to crypt one config file on my Linux box and was >wondering where is my private key, cause I have the private key in my >desktop (in my company) and I need to open a crypted file in my house. >How can I 'take' my private key from company to work? > >Regards On the machine where you HAVE your keys: cd tar -czf gpg.tgz ./.gnupg copy the gpg.tgz on to some removable storage medium. It will easily fit on a floppy. If you don't have keys yet at home, on that machine (you suggested you have Linux both at home and work but I don't know for sure) then all you have to do is copy the the file to your home directory and type: cd tar -xzf gpg.tgz On the other hand, if you already have your own key ring at home you will need to import the keys. There are the following three files in the .gnupg folder: pubring.gpg # stores the public keys secring.gpg # has your secret keys trustdb.gpg # the levels of trust for signed keys You should just be able export both your public and secret keys at work, and then import them at home if you already have an existing set of keys there using: gpg --export > all.gpg where the keys are, copy the all.gpg file to a floppy and take it home and type gpg --import all.gpg That will get you ALL of the keys, both public and secret. You will of course have to give YOUR imported secret key the highest level of trust when signing it because after all, it is YOUR key. Never fear, I do this all of the time, but normally just copying the keys (I also copy but old public pubring.gpg~ and the random_seed file as well) from one Linux box which is authoratative to multiple boxes running Windows, Linux, and the BSDs. If one of the machines is running Windows (you said Linux at home), please let me know and I will tell you how to do it there. Just remember that if you do NOT have any keys yet on the one machine, you are better off just copying the entire .gnupg (on Windows it is in aother folder in your Documents and Settings area) contents to the other machine. If you already have keyrings on both machines, then export from one and import on the other one. HHH PS Please reply to the Cc: address, not this one. -- Key Name: "Henry Hertz Hobbit" pub 1024D/E1FA6C62 2005-04-11 [expires: 2006-04-11] Key fingerprint = ACA0 B65B E20A 552E DFE2 EE1D 75B9 D818 E1FA 6C62 __________________________________________________________________ Switch to Netscape Internet Service. As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register Netscape. Just the Net You Need. New! Netscape Toolbar for Internet Explorer Search from anywhere on the Web and block those annoying pop-ups. Download now at http://channels.netscape.com/ns/search/install.jsp From roam at ringlet.net Wed Aug 3 11:29:35 2005 From: roam at ringlet.net (Peter Pentchev) Date: Wed Aug 3 12:25:33 2005 Subject: Protecting signing key In-Reply-To: <5d7f074205080215488c72d@mail.gmail.com> References: <42EF2FAD.1040804@gmail.com> <200508021043.j72Ah07c008205@vulcan.xs4all.nl> <5d7f074205080215488c72d@mail.gmail.com> Message-ID: <20050803092935.GA1852@straylight.m.ringlet.net> On Tue, Aug 02, 2005 at 05:48:39PM -0500, Ryan Malayter wrote: [snip] > That said, everything I've read indicates that the encrypting file > system (EFS) in Windows 2000+ is reasonably well implemented. However, > the user's password is still the weak link, as it is used to protect > the private key that EFS needs for decryption. > > Because you can get the hash of this password from the disk in some > way (you always have to be able to, otherwise you could not > authenticate), the password is the weak link. I can't speak about EFS, since I'm not familiar with it at all, but that statement does not have to be necessarily true. You *can* get by without storing even a hash of the password on the disk, and it's actually pretty easy - just encrypt a known-plaintext magic sequence of bytes using a key derived from the password and store the encrypted result. There is also the possibility of generating a random magic sequence and storing that on the disk in plaintext, too, thus "salting" the authentication in a different way every time. Okay, so, come to think of it, this could be called hashing in a way, and it is still vulnerable to dictionary attacks on the password. G'luck, Peter -- Peter Pentchev roam@ringlet.net roam@cnsys.bg roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 "yields falsehood, when appended to its quotation." yields falsehood, when appended to its quotation. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20050803/4845eb00/attachment.pgp From reuter at do.isst.fraunhofer.de Wed Aug 3 14:33:57 2005 From: reuter at do.isst.fraunhofer.de (Claudia Reuter) Date: Wed Aug 3 14:27:17 2005 Subject: Problem with gcry_pk_decrypt (libgcrypt) Message-ID: <42F0B9B5.707@do.isst.fraunhofer.de> Hi @ll. I like to encrypt and decrypt large files e.g. pdf files. I wrote some code based on libgcrypt. I tested it with .txt files. Encryption seems to work, but gcry_pk_decrypt works only, if there's a single line in the txt file. If the txt file contains more than one line of text, the result is wrong. But no error occurs. /** Start encryption */ //read data block InputFile.seekg (0, ios::end); int FileSize = InputFile.tellg(); InputFile.seekg (0, ios::beg); char* Buffer; Buffer = new char[FileSize]; InputFile.read(Buffer,FileSize); //build S-Expression char fmt[] = "(data (flags raw) (value %s))"; char* strSExp = (char *) malloc(strlen(Buffer)+strlen(fmt)); sprintf(strSExp, fmt, (va_list) Buffer); rc = gcry_sexp_build(&sexp, NULL, fmt, strSExp); // Encrypt plaintext rc = gcry_pk_encrypt(&result, sexp, pKey); // Write it to file size_t retSize = gcry_sexp_sprint(result, GCRYSEXP_FMT_ADVANCED, NULL, 0); strSExp = (char *) realloc(strSExp, retSize); retSize = gcry_sexp_sprint(result, GCRYSEXP_FMT_ADVANCED, strSExp, retSize); fwrite( &retSize, 1 , sizeof(retSize) , OutputFile ); fwrite( strSExp , 1 , retSize , OutputFile ); ... /** End encryption */ /** Start decryption */ ... //read size fread(&retSize, 1, sizeof(retSize), InputFile); //read encrypted text Buffer = (char *) malloc(retSize); fread(Buffer, 1, retSize, InputFile); rc = gcry_sexp_new(&sexp, Buffer, 0, 1); //decrypt rc = gcry_pk_decrypt(&result, sexp, sKey); /** End decryption */ After that rc is 0 and result is like that #070E7FE38DC4C2B8657B0329511023D56CA5F895AAF74F4CD764FC5D8093E314C7A09AF009A3BE013AD16C7E891375B0FAC 9AE7E9A7F8E0019023BC225526424# Any help would be appreciated. Yours Claudia From sk4list at yahoo.com Wed Aug 3 15:57:11 2005 From: sk4list at yahoo.com (S K) Date: Wed Aug 3 15:53:06 2005 Subject: GnuPG ftp server Message-ID: <20050803135711.38349.qmail@web33912.mail.mud.yahoo.com> Is ths FTP server having problems? I can connect to it, but can't log in. ------ wget ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.2.tar.bz2 --15:57:40-- ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.2.tar.bz2 => `gnupg-1.4.2.tar.bz2' Resolving ftp.gnupg.org... 217.69.76.44 Connecting to ftp.gnupg.org[217.69.76.44]:21... connected. Logging in as anonymous ... ____________________________________________________ Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs From wk at gnupg.org Wed Aug 3 16:15:25 2005 From: wk at gnupg.org (Werner Koch) Date: Wed Aug 3 16:16:23 2005 Subject: Problem with gcry_pk_decrypt (libgcrypt) In-Reply-To: <42F0B9B5.707@do.isst.fraunhofer.de> (Claudia Reuter's message of "Wed, 03 Aug 2005 14:33:57 +0200") References: <42F0B9B5.707@do.isst.fraunhofer.de> Message-ID: <874qa7ayyq.fsf@wheatstone.g10code.de> On Wed, 03 Aug 2005 14:33:57 +0200, Claudia Reuter said: > I like to encrypt and decrypt large files e.g. pdf files. I wrote some > code based on libgcrypt. I tested it with .txt files. Encryption seems > to work, but gcry_pk_decrypt works only, if there's a single line in the > txt file. If the txt file contains more than one line of text, the Libgcrypt is a library of cryptographic building blocks. At least a medium level of cryptographic experience is required to make use of it. The usual way to encrypt large files is by using an hybrid approach. It is simple impossible to use RSA to encrypt large blocks of data in a secure and useful way. You should better look into gpg or gpgme for your task. Salam-Shalom, Werner From wk at gnupg.org Wed Aug 3 18:17:02 2005 From: wk at gnupg.org (Werner Koch) Date: Wed Aug 3 18:16:25 2005 Subject: GnuPG ftp server In-Reply-To: <20050803135711.38349.qmail@web33912.mail.mud.yahoo.com> (S. K.'s message of "Wed, 3 Aug 2005 06:57:11 -0700 (PDT)") References: <20050803135711.38349.qmail@web33912.mail.mud.yahoo.com> Message-ID: <87slxr9erl.fsf@wheatstone.g10code.de> On Wed, 3 Aug 2005 06:57:11 -0700 (PDT), S K said: > Is ths FTP server having problems? I can connect to > it, but can't log in. Sorry. Restarted. oftpd is still leaking file descriptors. Salam-Shalom, Werner From malayter at gmail.com Wed Aug 3 19:07:59 2005 From: malayter at gmail.com (Ryan Malayter) Date: Wed Aug 3 19:03:54 2005 Subject: throughput of GnuPG symmetric ciphers In-Reply-To: <374D1C0A.357BC963.0307202B@netscape.net> References: <374D1C0A.357BC963.0307202B@netscape.net> Message-ID: <5d7f074205080310075d83d679@mail.gmail.com> On 8/3/05, Henry Hertz Hobbit wrote: > Given the size of the files that you are encrypting, I would strongly > advise going with the Eden chip rather than a software based solution... I actually found an open-source tool, 7-zip, that includes AES-256 encryption functionality. For whatever reason, it runs several times faster than GnuPG in software. Fast enough, in fact, that the removable hard disk devices have become the limiting factor in the system (the 7-zip process only uses 70% CPU on a 2.4 GHz P4). The code is open-source, and it uses a salted + iterated SHA256 hash to produce the AES key from a pass phrase. The AES implementation is Gladman's well-known and fast C++ code. Looking at the source, I haven't figured out whether it uses ECB or CFB mode yet; the 7-zip code is rather light on comments. I am assuming ECB, which should be fine for my application. See http://www.7-zip.org for more details. Thanks for all the help. -- Ryan ========================= All problems can be solved by diplomacy, but violence and treachery are equally effective, and more fun. -Anonymous From thomas-gmane at kuehne.cn Wed Aug 3 19:26:38 2005 From: thomas-gmane at kuehne.cn (Thomas Kuehne) Date: Wed Aug 3 19:22:57 2005 Subject: Primary certify-only key? Message-ID: Is there a way to generate the following key collection with GnuPG? pub 4096R usage: C sub 4096R usage: S The problem is that I cant create the first key with only "C" the capability. Using the --expert option and disabling "E", "S" and "A" results in "CSEA". Thomas From jharris at widomaker.com Wed Aug 3 20:32:16 2005 From: jharris at widomaker.com (Jason Harris) Date: Wed Aug 3 20:27:47 2005 Subject: [Announce] GnuPG 1.4.2 released In-Reply-To: <20050731012828.GB6168@jabberwocky.com> References: <87sly0sn0o.fsf@wheatstone.g10code.de> <20050730182035.GC358@wilma.widomaker.com> <20050731012828.GB6168@jabberwocky.com> Message-ID: <20050803183216.GK358@wilma.widomaker.com> On Sat, Jul 30, 2005 at 09:28:28PM -0400, David Shaw wrote: > On Sat, Jul 30, 2005 at 02:20:35PM -0400, Jason Harris wrote: > Thought you'd get a kick out of that... :) > Note that in the next release of GnuPG, --with-libcurl will be the > default. (So the more people who try it now, and report back any > problems, the better). Here's one, on a box with IPv6 support but not connectivity: %gpg --keyserver keyserver.linux.it --send 0xd39da0e3 gpg: sending key D39DA0E3 to hkp server keyserver.linux.it gpgkeys: HTTP URL is `http://keyserver.linux.it:11371/pks/add' gpgkeys: HTTP post error 22: Failed to connect to 2001:1418:13:10::1: No route to host -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 313 bytes Desc: not available Url : /pipermail/attachments/20050803/abcd027f/attachment.pgp From dshaw at jabberwocky.com Wed Aug 3 20:48:16 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Aug 3 20:49:41 2005 Subject: IPv6 failover? In-Reply-To: <20050803183216.GK358@wilma.widomaker.com> References: <87sly0sn0o.fsf@wheatstone.g10code.de> <20050730182035.GC358@wilma.widomaker.com> <20050731012828.GB6168@jabberwocky.com> <20050803183216.GK358@wilma.widomaker.com> Message-ID: <20050803184816.GA10835@jabberwocky.com> On Wed, Aug 03, 2005 at 02:32:16PM -0400, Jason Harris wrote: > On Sat, Jul 30, 2005 at 09:28:28PM -0400, David Shaw wrote: > > On Sat, Jul 30, 2005 at 02:20:35PM -0400, Jason Harris wrote: > > > Thought you'd get a kick out of that... > > :) > > > Note that in the next release of GnuPG, --with-libcurl will be the > > default. (So the more people who try it now, and report back any > > problems, the better). > > Here's one, on a box with IPv6 support but not connectivity: > > %gpg --keyserver keyserver.linux.it --send 0xd39da0e3 > gpg: sending key D39DA0E3 to hkp server keyserver.linux.it > gpgkeys: HTTP URL is `http://keyserver.linux.it:11371/pks/add' > gpgkeys: HTTP post error 22: Failed to connect to 2001:1418:13:10::1: No route to host The complaint is that keyserver.linux.it has both IPv4 and IPv6 addresses, but you can't reach it via IPv6, so you want gpgkeys to fail over to its IPv4 address? David From dshaw at jabberwocky.com Wed Aug 3 21:48:39 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Aug 3 21:44:33 2005 Subject: Primary certify-only key? In-Reply-To: References: Message-ID: <20050803194839.GC10835@jabberwocky.com> On Wed, Aug 03, 2005 at 07:26:38PM +0200, Thomas Kuehne wrote: > Is there a way to generate the following key collection with GnuPG? > > pub 4096R usage: C > sub 4096R usage: S > > The problem is that I cant create the first key with only "C" the > capability. > > Using the --expert option and disabling "E", "S" and "A" results in "CSEA". Try the attached patch (to 1.4.2). David -------------- next part -------------- Index: keyid.c =================================================================== --- keyid.c (revision 3847) +++ keyid.c (working copy) @@ -547,10 +547,13 @@ if ( use & PUBKEY_USAGE_SIG ) { if (pk->is_primary) - buffer[i++] = 'C'; + use|=PUBKEY_USAGE_CERT; buffer[i++] = 'S'; } + if ( use & PUBKEY_USAGE_CERT ) + buffer[i++] = 'C'; + if ( use & PUBKEY_USAGE_ENC ) buffer[i++] = 'E'; Index: keygen.c =================================================================== --- keygen.c (revision 3847) +++ keygen.c (working copy) @@ -190,9 +190,6 @@ { byte buf[1]; - if (!use) - return; - buf[0] = 0; /* The spec says that all primary keys MUST be able to certify. */ @@ -205,6 +202,10 @@ buf[0] |= 0x04 | 0x08; if (use & PUBKEY_USAGE_AUTH) buf[0] |= 0x20; + + if (!buf[0]) + return; + build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1); } @@ -1238,6 +1239,9 @@ if(flags&PUBKEY_USAGE_SIG) tty_printf("%s ",_("Sign")); + if(flags&PUBKEY_USAGE_CERT) + tty_printf("%s ",_("Certify")); + if(flags&PUBKEY_USAGE_ENC) tty_printf("%s ",_("Encrypt")); @@ -1248,7 +1252,7 @@ /* Returns the key flags */ static unsigned int -ask_key_flags(int algo) +ask_key_flags(int algo,int subkey) { const char *togglers=_("SsEeAaQq"); char *answer=NULL; @@ -1258,6 +1262,10 @@ if(strlen(togglers)!=8) BUG(); + /* Only primary keys may certify. */ + if(subkey) + possible&=~PUBKEY_USAGE_CERT; + /* Preload the current set with the possible set, minus authentication, since nobody really uses auth yet. */ current=possible&~PUBKEY_USAGE_AUTH; @@ -1291,7 +1299,7 @@ cpr_kill_prompt(); if(strlen(answer)>1) - continue; + tty_printf(_("Invalid selection.\n")); else if(*answer=='\0' || *answer==togglers[6] || *answer==togglers[7]) break; else if((*answer==togglers[0] || *answer==togglers[1]) @@ -1318,6 +1326,8 @@ else current|=PUBKEY_USAGE_AUTH; } + else + tty_printf(_("Invalid selection.\n")); } xfree(answer); @@ -1362,7 +1372,7 @@ } else if( algo == 7 && opt.expert ) { algo = PUBKEY_ALGO_RSA; - *r_usage=ask_key_flags(algo); + *r_usage=ask_key_flags(algo,addmode); break; } else if( algo == 6 && addmode ) { @@ -1382,7 +1392,7 @@ } else if( algo == 3 && opt.expert ) { algo = PUBKEY_ALGO_DSA; - *r_usage=ask_key_flags(algo); + *r_usage=ask_key_flags(algo,addmode); break; } else if( algo == 2 ) { Index: getkey.c =================================================================== --- getkey.c (revision 3847) +++ getkey.c (working copy) @@ -1291,16 +1291,24 @@ /* first octet of the keyflags */ flags=*p; - if(flags & 3) + if(flags & 1) { + key_usage |= PUBKEY_USAGE_CERT; + flags&=~1; + } + + if(flags & 2) + { key_usage |= PUBKEY_USAGE_SIG; - flags&=~3; + flags&=~2; } - if(flags & 12) + /* We do not distinguish between encrypting communications and + encrypting storage. */ + if(flags & (0x04|0x08)) { key_usage |= PUBKEY_USAGE_ENC; - flags&=~12; + flags&=~(0x04|0x08); } if(flags & 0x20) Index: misc.c =================================================================== --- misc.c (revision 3847) +++ misc.c (working copy) @@ -407,19 +407,19 @@ /* they are hardwired in gpg 1.0 */ switch ( algo ) { case PUBKEY_ALGO_RSA: - use = PUBKEY_USAGE_SIG | PUBKEY_USAGE_ENC | PUBKEY_USAGE_AUTH; + use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_ENC | PUBKEY_USAGE_AUTH; break; case PUBKEY_ALGO_RSA_E: use = PUBKEY_USAGE_ENC; break; case PUBKEY_ALGO_RSA_S: - use = PUBKEY_USAGE_SIG; + use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG; break; case PUBKEY_ALGO_ELGAMAL_E: use = PUBKEY_USAGE_ENC; break; case PUBKEY_ALGO_DSA: - use = PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH; + use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH; break; default: break; From johanw at vulcan.xs4all.nl Wed Aug 3 18:56:30 2005 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Wed Aug 3 21:45:10 2005 Subject: Problem with gcry_pk_decrypt (libgcrypt) In-Reply-To: <42F0B9B5.707@do.isst.fraunhofer.de> Message-ID: <200508031656.j73GuUFd006009@vulcan.xs4all.nl> Claudia Reuter wrote: >I like to encrypt and decrypt large files e.g. pdf files. I wrote some >code based on libgcrypt. I tested it with .txt files. Encryption seems >to work, but gcry_pk_decrypt works only, if there's a single line in the >txt file. That suggests your read operations assume textmode. >fread(&retSize, 1, sizeof(retSize), InputFile); >//read encrypted text >Buffer = (char *) malloc(retSize); >fread(Buffer, 1, retSize, InputFile); Do you store the file length in the first sizeof(retSize) byte(s)? You now read sizeof(retSize) bytes of data and store them in *retSize. Now you consider retSize as a size_t and read that many bytes into Buffer. Are you sure this is what you want? -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From wk at gnupg.org Wed Aug 3 22:00:40 2005 From: wk at gnupg.org (Werner Koch) Date: Wed Aug 3 22:01:22 2005 Subject: Primary certify-only key? In-Reply-To: (Thomas Kuehne's message of "Wed, 03 Aug 2005 19:26:38 +0200") References: Message-ID: <878xziaizb.fsf@wheatstone.g10code.de> On Wed, 03 Aug 2005 19:26:38 +0200, Thomas Kuehne said: > The problem is that I cant create the first key with only "C" the > capability. GnuPG does not yet distinguish between C and S. So it does not make much sense to have a way of selecting this. Salam-Shalom, Werner From yochanon at localnet.com Wed Aug 3 21:28:17 2005 From: yochanon at localnet.com (JB) Date: Wed Aug 3 22:24:14 2005 Subject: Encrypting an e-mail to a Hushmail user In-Reply-To: <42EFEAAC.8040402@comcast.net> References: <42EFEAAC.8040402@comcast.net> Message-ID: <200508031428.17395.yochanon@localnet.com> Hi gang, Yesterday I tried valiantly to get a Hushmail user to install GPG or PGP (6.5.8...still free and a good version) on his M$ system, but he said it was too hard to work and Hushmail was nice and easy. Anyway, after a few tries of trying to upload my public key to the Hush server, I figured out I had to upload without my picture...finally it took my key. Now that I have my friends key on my keyring and have signed it, I find I get an 'error' every time I try to encrypt a message to him. I have a feeling it's because I'm using my key and it still has the photo, but I can't figure out how to sign the e-mail to him *without* using the photo/attribute(s) in my key. Anyone care to give me a quick hand with this? It'd sure be appreciated. (Now if I can just get him to use GPG for Windows thing would be great!) John B. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20050803/41c17987/attachment.pgp From dshaw at jabberwocky.com Wed Aug 3 22:56:29 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Aug 3 22:52:26 2005 Subject: Encrypting an e-mail to a Hushmail user In-Reply-To: <200508031428.17395.yochanon@localnet.com> References: <42EFEAAC.8040402@comcast.net> <200508031428.17395.yochanon@localnet.com> Message-ID: <20050803205629.GB11204@jabberwocky.com> On Wed, Aug 03, 2005 at 02:28:17PM -0500, JB wrote: > > Hi gang, > > Yesterday I tried valiantly to get a Hushmail user to install GPG or PGP > (6.5.8...still free and a good version) on his M$ system, but he said it was > too hard to work and Hushmail was nice and easy. > Anyway, after a few tries of trying to upload my public key to the Hush > server, I figured out I had to upload without my picture...finally it took my > key. > Now that I have my friends key on my keyring and have signed it, I find I > get an 'error' every time I try to encrypt a message to him. I have a feeling > it's because I'm using my key and it still has the photo, but I can't figure > out how to sign the e-mail to him *without* using the photo/attribute(s) in > my key. > Anyone care to give me a quick hand with this? It'd sure be appreciated. > (Now if I can just get him to use GPG for Windows thing would be great!) I'm afraid that nobody will be able to help you unless you post something more useful than "I get an 'error'" David From linux at codehelp.co.uk Wed Aug 3 23:18:26 2005 From: linux at codehelp.co.uk (Neil Williams) Date: Wed Aug 3 23:13:53 2005 Subject: Encrypting an e-mail to a Hushmail user In-Reply-To: <200508031428.17395.yochanon@localnet.com> References: <42EFEAAC.8040402@comcast.net> <200508031428.17395.yochanon@localnet.com> Message-ID: <200508032218.30115.linux@codehelp.co.uk> On Wednesday 03 August 2005 8:28 pm, JB wrote: > Hi gang, 1. Please send your key (with photo) to subkeys.pgp.net so that people on the list can verify your signatures. > Now that I have my friends key on my keyring and have signed it, I find I > get an 'error' every time I try to encrypt a message to him. 2. The exact error message is essential. 3. Check that your own key is set to ultimate trust. (gpg --edit-key and set trust/) 4. Run gpg --update-trustdb > I have a > feeling it's because I'm using my key and it still has the photo, Unlikely. Usually the error is that no trusted key can be found and this error is due to you not setting your own key as trusted. -- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20050803/63f5bd66/attachment.pgp From rabbi at abditum.com Wed Aug 3 23:04:31 2005 From: rabbi at abditum.com (Len Sassaman) Date: Wed Aug 3 23:35:30 2005 Subject: Encrypting an e-mail to a Hushmail user In-Reply-To: <200508031428.17395.yochanon@localnet.com> References: <42EFEAAC.8040402@comcast.net> <200508031428.17395.yochanon@localnet.com> Message-ID: On Wed, 3 Aug 2005, JB wrote: > Now that I have my friends key on my keyring and have signed it, I find I > get an 'error' every time I try to encrypt a message to him. I have a feeling > it's because I'm using my key and it still has the photo, but I can't figure > out how to sign the e-mail to him *without* using the photo/attribute(s) in > my key. What's the exact error? --Len. From michael at kjorling.com Wed Aug 3 22:57:07 2005 From: michael at kjorling.com (Michael Kjorling) Date: Wed Aug 3 23:49:06 2005 Subject: Leave clearsigned content encoding alone, how? Message-ID: <42f12fa3.515f007c@vuk.kjorling.com> I use gnupg-1.4.1 on GNU/Linux (up-to-date Gentoo, Linux 2.6.12 on AMD64 if it matters) to sign and encrypt my mail, and everything is fine as long as I stay with strictly us-ascii. However, when I use other characters (mostly national characters covered by iso-8859-15), gnupg converts the input data to UTF-8 when signing, wreaking havoc with those characters. The fact that gnupg converts back when verifying or decrypting the data only makes matters worse since *I* am unaware of the problem that others face in reading my e-mails. My gnupg.conf explicitly states "charset iso-8859-15" so that cannot really be the problem. (It's the only charset-related setting in effect for gnupg, I have checked and triple-checked this.) My MUA, muttng, correctly identifies the input data prior to signing as iso-8859-15 and after signing as utf-8, but a lot of mailers don't seem to deal very well with UTF-8 data. Not clearsigning the message avoids this problem, but is hardly an ideal solution. PGP/MIME signing is not really an option either, considering the number of broken MUAs out there. This appears to only be a problem with clearsigned messages, not PGP/MIME messages (for some odd reason) which leads to my question: How do I get gnupg to ignore the charset of the input data and just leave it *as is* when clearsigning? The exact command lines used are (long): Clearsigning: /usr/bin/gpg --no-verbose --batch --quiet --output - --passphrase-fd 0 --armor --textmode --clearsign -u $SIGNING_KEY_ID $FILENAME PGP/MIME signing: /usr/bin/gpg --no-verbose --batch --quiet --output - --passphrase-fd 0 --armor --detach-sign --textmode -u $SIGNING_KEY_ID $FILENAME No radical differences there, the only one I can see is --clearsign and --detach-sign and the ordering of --textmode and the signing option. I looked through the archives for almost a year back and couldn't find anything of relevance, but if I missed something, please feel free to let me know. -- Michael Kj?rling, michael@kjorling.com - http://michael.kjorling.com/ * ASCII Ribbon Campaign: Against HTML Mail, Proprietary Attachments * * ..... No bird soars too high if he soars with his own wings ..... * -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20050803/58072b14/attachment.pgp From dshaw at jabberwocky.com Thu Aug 4 00:01:14 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Aug 3 23:57:09 2005 Subject: Leave clearsigned content encoding alone, how? In-Reply-To: <42f12fa3.515f007c@vuk.kjorling.com> References: <42f12fa3.515f007c@vuk.kjorling.com> Message-ID: <20050803220114.GA11371@jabberwocky.com> On Wed, Aug 03, 2005 at 08:57:07PM +0000, Michael Kjorling wrote: > I use gnupg-1.4.1 on GNU/Linux (up-to-date Gentoo, Linux 2.6.12 on > AMD64 if it matters) to sign and encrypt my mail, and everything is > fine as long as I stay with strictly us-ascii. However, when I use > other characters (mostly national characters covered by iso-8859-15), > gnupg converts the input data to UTF-8 when signing, wreaking havoc > with those characters. The fact that gnupg converts back when > verifying or decrypting the data only makes matters worse since *I* am > unaware of the problem that others face in reading my e-mails. I believe you are having a problem somewhere, but GPG does not do any character set conversions whatsoever, in clear signing, or any signing. If something is converting, you need to check your MUA or other programs that you are using around GPG. David From jharris at widomaker.com Thu Aug 4 00:32:46 2005 From: jharris at widomaker.com (Jason Harris) Date: Thu Aug 4 00:28:17 2005 Subject: IPv6 failover? In-Reply-To: <20050803184816.GA10835@jabberwocky.com> References: <87sly0sn0o.fsf@wheatstone.g10code.de> <20050730182035.GC358@wilma.widomaker.com> <20050731012828.GB6168@jabberwocky.com> <20050803183216.GK358@wilma.widomaker.com> <20050803184816.GA10835@jabberwocky.com> Message-ID: <20050803223246.GL358@wilma.widomaker.com> On Wed, Aug 03, 2005 at 02:48:16PM -0400, David Shaw wrote: > On Wed, Aug 03, 2005 at 02:32:16PM -0400, Jason Harris wrote: > > Here's one, on a box with IPv6 support but not connectivity: > > > > %gpg --keyserver keyserver.linux.it --send 0xd39da0e3 > > gpg: sending key D39DA0E3 to hkp server keyserver.linux.it > > gpgkeys: HTTP URL is `http://keyserver.linux.it:11371/pks/add' > > gpgkeys: HTTP post error 22: Failed to connect to 2001:1418:13:10::1: No route to host > > The complaint is that keyserver.linux.it has both IPv4 and IPv6 > addresses, but you can't reach it via IPv6, so you want gpgkeys to > fail over to its IPv4 address? I imagine most people will prefer that, yes, instead of using "--keyserver 62.94.26.10" as a workaround. -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 313 bytes Desc: not available Url : /pipermail/attachments/20050803/e996c6b6/attachment-0001.pgp From dshaw at jabberwocky.com Thu Aug 4 01:25:41 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Thu Aug 4 01:21:36 2005 Subject: IPv6 failover? In-Reply-To: <20050803223246.GL358@wilma.widomaker.com> References: <87sly0sn0o.fsf@wheatstone.g10code.de> <20050730182035.GC358@wilma.widomaker.com> <20050731012828.GB6168@jabberwocky.com> <20050803183216.GK358@wilma.widomaker.com> <20050803184816.GA10835@jabberwocky.com> <20050803223246.GL358@wilma.widomaker.com> Message-ID: <20050803232541.GA11494@jabberwocky.com> On Wed, Aug 03, 2005 at 06:32:46PM -0400, Jason Harris wrote: > On Wed, Aug 03, 2005 at 02:48:16PM -0400, David Shaw wrote: > > On Wed, Aug 03, 2005 at 02:32:16PM -0400, Jason Harris wrote: > > > > Here's one, on a box with IPv6 support but not connectivity: > > > > > > %gpg --keyserver keyserver.linux.it --send 0xd39da0e3 > > > gpg: sending key D39DA0E3 to hkp server keyserver.linux.it > > > gpgkeys: HTTP URL is `http://keyserver.linux.it:11371/pks/add' > > > gpgkeys: HTTP post error 22: Failed to connect to 2001:1418:13:10::1: No route to host > > > > The complaint is that keyserver.linux.it has both IPv4 and IPv6 > > addresses, but you can't reach it via IPv6, so you want gpgkeys to > > fail over to its IPv4 address? > > I imagine most people will prefer that, yes, instead of using > "--keyserver 62.94.26.10" as a workaround. The thing is, if you have a --with-libcurl build, this failover would need to happen within curl itself. What happens if you do: curl http://keyserver.linux.it:11371/pks/add on the command line. Obviously it won't do anything keyserver-wise, but does it manage to connect? David From jharris at widomaker.com Thu Aug 4 02:18:35 2005 From: jharris at widomaker.com (Jason Harris) Date: Thu Aug 4 02:14:04 2005 Subject: IPv6 failover? In-Reply-To: <20050803232541.GA11494@jabberwocky.com> References: <87sly0sn0o.fsf@wheatstone.g10code.de> <20050730182035.GC358@wilma.widomaker.com> <20050731012828.GB6168@jabberwocky.com> <20050803183216.GK358@wilma.widomaker.com> <20050803184816.GA10835@jabberwocky.com> <20050803223246.GL358@wilma.widomaker.com> <20050803232541.GA11494@jabberwocky.com> Message-ID: <20050804001835.GM358@wilma.widomaker.com> On Wed, Aug 03, 2005 at 07:25:41PM -0400, David Shaw wrote: > The thing is, if you have a --with-libcurl build, this failover would > need to happen within curl itself. What happens if you do: > curl http://keyserver.linux.it:11371/pks/add > > on the command line. Obviously it won't do anything keyserver-wise, > but does it manage to connect? It does: %curl -v http://keyserver.linux.it:11371/pks/add * About to connect() to keyserver.linux.it port 11371 * Trying 2001:1418:13:10::1... Failed to connect to 2001:1418:13:10::1: No route to host * Undefined error: 0 * Trying 62.94.26.10... connected * Connected to keyserver.linux.it (62.94.26.10) port 11371 [snip] Looking at http://curl.haxx.se/libcurl/c/curl_easy_setopt.html , this might do the trick: curl_easy_setopt (..., CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4); if any connection, which always seems to prefer IPv6, doesn't at first succeed. -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 313 bytes Desc: not available Url : /pipermail/attachments/20050803/15fba6c9/attachment.pgp From dshaw at jabberwocky.com Thu Aug 4 02:44:18 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Thu Aug 4 02:40:14 2005 Subject: IPv6 failover? In-Reply-To: <20050804001835.GM358@wilma.widomaker.com> References: <87sly0sn0o.fsf@wheatstone.g10code.de> <20050730182035.GC358@wilma.widomaker.com> <20050731012828.GB6168@jabberwocky.com> <20050803183216.GK358@wilma.widomaker.com> <20050803184816.GA10835@jabberwocky.com> <20050803223246.GL358@wilma.widomaker.com> <20050803232541.GA11494@jabberwocky.com> <20050804001835.GM358@wilma.widomaker.com> Message-ID: <20050804004418.GB11494@jabberwocky.com> On Wed, Aug 03, 2005 at 08:18:35PM -0400, Jason Harris wrote: > On Wed, Aug 03, 2005 at 07:25:41PM -0400, David Shaw wrote: > > > The thing is, if you have a --with-libcurl build, this failover would > > need to happen within curl itself. What happens if you do: > > curl http://keyserver.linux.it:11371/pks/add > > > > on the command line. Obviously it won't do anything keyserver-wise, > > but does it manage to connect? > > It does: > > %curl -v http://keyserver.linux.it:11371/pks/add > * About to connect() to keyserver.linux.it port 11371 > * Trying 2001:1418:13:10::1... Failed to connect to 2001:1418:13:10::1: No route to host > * Undefined error: 0 > * Trying 62.94.26.10... connected > * Connected to keyserver.linux.it (62.94.26.10) port 11371 > [snip] > > Looking at http://curl.haxx.se/libcurl/c/curl_easy_setopt.html , > this might do the trick: > > curl_easy_setopt (..., CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4); > > if any connection, which always seems to prefer IPv6, doesn't > at first succeed. I'm not sure. CURL_IPRESOLVE_V4 is documented to force the connection to IPv4. That is, it'll ignore IPv6 addresses altogether, rather than try to connect and then fail over within curl. What happens if you add a "-4" to the command line above? That sets CURL_IPRESOLVE_V4. Also, going back to the original problem, can you send me the output when you try fetching a key with "--keyserver-options debug" set? David From jharris at widomaker.com Thu Aug 4 06:24:27 2005 From: jharris at widomaker.com (Jason Harris) Date: Thu Aug 4 06:20:00 2005 Subject: SKS v. unknown HTTP headers (was: Re: IPv6 failover?) In-Reply-To: <20050804004418.GB11494@jabberwocky.com> References: <87sly0sn0o.fsf@wheatstone.g10code.de> <20050730182035.GC358@wilma.widomaker.com> <20050731012828.GB6168@jabberwocky.com> <20050803183216.GK358@wilma.widomaker.com> <20050803184816.GA10835@jabberwocky.com> <20050803223246.GL358@wilma.widomaker.com> <20050803232541.GA11494@jabberwocky.com> <20050804001835.GM358@wilma.widomaker.com> <20050804004418.GB11494@jabberwocky.com> Message-ID: <20050804042427.GN358@wilma.widomaker.com> On Wed, Aug 03, 2005 at 08:44:18PM -0400, David Shaw wrote: > On Wed, Aug 03, 2005 at 08:18:35PM -0400, Jason Harris wrote: > > Looking at http://curl.haxx.se/libcurl/c/curl_easy_setopt.html , > > this might do the trick: > > > > curl_easy_setopt (..., CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4); > > > > if any connection, which always seems to prefer IPv6, doesn't > > at first succeed. > > I'm not sure. CURL_IPRESOLVE_V4 is documented to force the connection > to IPv4. That is, it'll ignore IPv6 addresses altogether, rather than > try to connect and then fail over within curl. What happens if you > add a "-4" to the command line above? That sets CURL_IPRESOLVE_V4. (That works fine, of course.) > Also, going back to the original problem, can you send me the output > when you try fetching a key with "--keyserver-options debug" set? OK, with --recv I see it falls back from v6 to v4, which is good, but it fails with --send: %gpg --keyserver-options debug --keyserver keyserver.linux.it --send ... gpg: sending key ... to hkp server keyserver.linux.it Host: keyserver.linux.it Command: SEND gpgkeys: HTTP URL is `http://keyserver.linux.it:11371/pks/add' * About to connect() to keyserver.linux.it port 11371 * Trying 2001:1418:13:10::1... * Failed to connect to 2001:1418:13:10::1: No route to host * Undefined error: 0 * Trying 62.94.26.10... * connected * Connected to keyserver.linux.it (62.94.26.10) port 11371 > POST /pks/add HTTP/1.1 Host: keyserver.linux.it:11371 Accept: */* Content-Length: 2246 Content-Type: application/x-www-form-urlencoded Expect: 100-continue < HTTP/1.1 100 Continue * The requested URL returned error: 500 * Closing connection #0 gpgkeys: HTTP post error 22: Failed to connect to 2001:1418:13:10::1: No route to host However, this seems to be specific to SKS. My SKS log reports: 2005-08-04 ... ... Error handling request (POST,/pks/add,[+accept:*/*+content-length:2246+content-type:application/x-www-form-urlencoded+expect:100-continue+host:skylane.kjsl.com:21371]): Scanf.Scan_failure("scanf: bad input at char number 8: looking for =, found %") so the connection is being made (in this case via IPv4; skylane also has an AAAA record). Moreover, the error messages from curl are confusing this issue. Thus, in reality, the "Expect: 100-continue" header appears to be confusing SKS (during POSTs). -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 313 bytes Desc: not available Url : /pipermail/attachments/20050804/690a6885/attachment.pgp From eocsor at gmail.com Thu Aug 4 10:30:18 2005 From: eocsor at gmail.com (Roscoe) Date: Thu Aug 4 10:26:18 2005 Subject: throughput of GnuPG symmetric ciphers In-Reply-To: <5d7f074205080310075d83d679@mail.gmail.com> References: <374D1C0A.357BC963.0307202B@netscape.net> <5d7f074205080310075d83d679@mail.gmail.com> Message-ID: I suggest looking at openssl. I'd hazard a guess that most nix OS's end up with it installed. The speed command does benchmarking :) Barton 2Ghz: $ openssl speed aes-256-cbc bf-cbc Doing aes-256 cbc for 3s on 16 size blocks: 6396149 aes-256 cbc's in 2.98s Doing aes-256 cbc for 3s on 64 size blocks: 1620087 aes-256 cbc's in 2.99s Doing aes-256 cbc for 3s on 256 size blocks: 408486 aes-256 cbc's in 2.99s Doing aes-256 cbc for 3s on 1024 size blocks: 102550 aes-256 cbc's in 2.98s Doing aes-256 cbc for 3s on 8192 size blocks: 12828 aes-256 cbc's in 2.99s Doing blowfish cbc for 3s on 16 size blocks: 13773579 blowfish cbc's in 2.99s Doing blowfish cbc for 3s on 64 size blocks: 3789308 blowfish cbc's in 2.98s Doing blowfish cbc for 3s on 256 size blocks: 966098 blowfish cbc's in 2.99s Doing blowfish cbc for 3s on 1024 size blocks: 243690 blowfish cbc's in 2.99s Doing blowfish cbc for 3s on 8192 size blocks: 30494 blowfish cbc's in 2.98s OpenSSL 0.9.7e 25 Oct 2004 built on: Fri Dec 17 08:45:11 UTC 2004 options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx) compiler: gcc -fPIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -DOPENSSL_NO_IDEA -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DL_ENDIAN -DTERMIO -O3 -march=i686 -mcpu=i686 -fomit-frame-pointer -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM available timing options: TIMES TIMEB HZ=100 [sysconf value] timing function used: times The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes blowfish cbc 73704.77k 81381.11k 82716.08k 83457.71k 83827.80k aes-256 cbc 34341.74k 34677.45k 34974.05k 35238.66k 35146.15k On 8/4/05, Ryan Malayter wrote: > On 8/3/05, Henry Hertz Hobbit wrote: > > Given the size of the files that you are encrypting, I would strongly > > advise going with the Eden chip rather than a software based solution... > > I actually found an open-source tool, 7-zip, that includes AES-256 > encryption functionality. For whatever reason, it runs several times > faster than GnuPG in software. > > Fast enough, in fact, that the removable hard disk devices have become > the limiting factor in the system (the 7-zip process only uses 70% CPU > on a 2.4 GHz P4). The code is open-source, and it uses a salted + > iterated SHA256 hash to produce the AES key from a pass phrase. The > AES implementation is Gladman's well-known and fast C++ code. > > Looking at the source, I haven't figured out whether it uses ECB or > CFB mode yet; the 7-zip code is rather light on comments. I am > assuming ECB, which should be fine for my application. > > See http://www.7-zip.org for more details. > > Thanks for all the help. > > -- > Ryan > ========================= > All problems can be solved by diplomacy, but violence and treachery > are equally effective, and more fun. > -Anonymous > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From wk at gnupg.org Thu Aug 4 12:11:48 2005 From: wk at gnupg.org (Werner Koch) Date: Thu Aug 4 12:11:25 2005 Subject: throughput of GnuPG symmetric ciphers In-Reply-To: (eocsor@gmail.com's message of "Thu, 4 Aug 2005 18:00:18 +0930") References: <374D1C0A.357BC963.0307202B@netscape.net> <5d7f074205080310075d83d679@mail.gmail.com> Message-ID: <87acjy810b.fsf@wheatstone.g10code.de> On Thu, 4 Aug 2005 18:00:18 +0930, Roscoe said: > I suggest looking at openssl. I'd hazard a guess that most nix OS's > end up with it installed. Libgcrypt, basicaly using the same code as gpg, gives this numbers: $ ./benchmark cipher ECB CBC CFB CTR --------------- --------------- --------------- --------------- 3DES 120ms 120ms 140ms 150ms 130ms 150ms 180ms 180ms CAST5 50ms 60ms 60ms 80ms 70ms 70ms 110ms 100ms BLOWFISH 100ms 70ms 110ms 80ms 120ms 130ms 160ms 150ms AES 40ms 50ms 50ms 50ms 50ms 60ms 90ms 90ms AES192 40ms 50ms 50ms 100ms 60ms 60ms 100ms 100ms AES256 50ms 60ms 60ms 70ms 60ms 70ms 100ms 110ms TWOFISH 40ms 40ms 50ms 50ms 50ms 60ms 90ms 90ms ARCFOUR DES 50ms 60ms 60ms 80ms 60ms 70ms 110ms 120ms TWOFISH128 30ms 40ms 50ms 60ms 50ms 50ms 100ms 90ms SERPENT128 100ms 80ms 110ms 90ms 110ms 120ms 150ms 150ms SERPENT192 100ms 80ms 110ms 100ms 110ms 110ms 150ms 150ms SERPENT256 100ms 90ms 100ms 100ms 110ms 110ms 220ms 150ms RFC2268_40 140ms 90ms 150ms 110ms 150ms 150ms 190ms 190ms Times are 1000 calls to the crypt function working on a buffer of 1000 bytes (rounded down to the blocksize). This is on a 1500Mhz Pentium mobile. Thus the AES CFB, as used by gpg, works at about 20MB/s. 3DES is 7.5 MB/s. openssl shows (it does not support CFB): type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128 cbc 25263.00k 38052.71k 38510.45k 38602.41k 38637.10k des ede3 9195.18k 11783.00k 11792.49k 11792.78k 11785.56k So roughly libgcrypt gets 55% of the performance of OpenSSL with AES and 61% for 3DES. This all with a higher level interface, a non ia32 optimized AES. I am pretty sure we can improve here but it will require to duplicate code for the modes (CBS,CFB) into the actual cipher implementation. Salam-Shalom, Werner From dshaw at jabberwocky.com Thu Aug 4 13:54:09 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Thu Aug 4 14:01:19 2005 Subject: SKS v. unknown HTTP headers (was: Re: IPv6 failover?) In-Reply-To: <20050804042427.GN358@wilma.widomaker.com> References: <87sly0sn0o.fsf@wheatstone.g10code.de> <20050730182035.GC358@wilma.widomaker.com> <20050731012828.GB6168@jabberwocky.com> <20050803183216.GK358@wilma.widomaker.com> <20050803184816.GA10835@jabberwocky.com> <20050803223246.GL358@wilma.widomaker.com> <20050803232541.GA11494@jabberwocky.com> <20050804001835.GM358@wilma.widomaker.com> <20050804004418.GB11494@jabberwocky.com> <20050804042427.GN358@wilma.widomaker.com> Message-ID: <20050804115409.GA11710@jabberwocky.com> On Thu, Aug 04, 2005 at 12:24:27AM -0400, Jason Harris wrote: > > Also, going back to the original problem, can you send me the output > > when you try fetching a key with "--keyserver-options debug" set? > > OK, with --recv I see it falls back from v6 to v4, which is good, but it > fails with --send: > > %gpg --keyserver-options debug --keyserver keyserver.linux.it --send ... > gpg: sending key ... to hkp server keyserver.linux.it > Host: keyserver.linux.it > Command: SEND > gpgkeys: HTTP URL is `http://keyserver.linux.it:11371/pks/add' > * About to connect() to keyserver.linux.it port 11371 > * Trying 2001:1418:13:10::1... * Failed to connect to 2001:1418:13:10::1: No route to host > * Undefined error: 0 > * Trying 62.94.26.10... * connected > * Connected to keyserver.linux.it (62.94.26.10) port 11371 > > POST /pks/add HTTP/1.1 > Host: keyserver.linux.it:11371 > Accept: */* > Content-Length: 2246 > Content-Type: application/x-www-form-urlencoded > Expect: 100-continue > > < HTTP/1.1 100 Continue > * The requested URL returned error: 500 > * Closing connection #0 > gpgkeys: HTTP post error 22: Failed to connect to 2001:1418:13:10::1: No route to host > > However, this seems to be specific to SKS. My SKS log reports: > > 2005-08-04 ... ... Error handling request (POST,/pks/add,[+accept:*/*+content-length:2246+content-type:application/x-www-form-urlencoded+expect:100-continue+host:skylane.kjsl.com:21371]): Scanf.Scan_failure("scanf: bad input at char number 8: looking for =, found %") > > so the connection is being made (in this case via IPv4; skylane also has > an AAAA record). Moreover, the error messages from curl are confusing this > issue. > > Thus, in reality, the "Expect: 100-continue" header appears to be confusing > SKS (during POSTs). Hmm. No really good way to fix that in GPG or curl since they can't detect that a server is 1.0 without doing a GET first. Curl, if I recall, can correctly handle the case when the Continue header is not supplied (it gives up after a while). The problem here seems to need a SKS fix. SKS needs to ignore HTTP headers that it doesn't understand. That's HTTP, anyway. Terribly misleading error message from curl there. David From malayter at gmail.com Thu Aug 4 15:10:00 2005 From: malayter at gmail.com (Ryan Malayter) Date: Thu Aug 4 15:05:56 2005 Subject: throughput of GnuPG symmetric ciphers In-Reply-To: <87acjy810b.fsf@wheatstone.g10code.de> References: <374D1C0A.357BC963.0307202B@netscape.net> <5d7f074205080310075d83d679@mail.gmail.com> <87acjy810b.fsf@wheatstone.g10code.de> Message-ID: <5d7f07420508040610d2653ae@mail.gmail.com> On 8/4/05, Werner Koch wrote: > So roughly libgcrypt gets 55% of the performance of OpenSSL with AES > and 61% for 3DES. This all with a higher level interface, a non ia32 > optimized AES. I am pretty sure we can improve here but it will > require to duplicate code for the modes (CBS,CFB) into the actual > cipher implementation. My test show 7-zip yields ~228 Mbps on a 2.4 GHz P4. The only cipher available with this program is AES256 in (I believe) ECB mode. I presume this performance is the result of the efficient Gladman code and a P4-specific compiler optimizations used when building 7-zip. Still, it seems a bit odd that this program generates AES-256 throughput 2.78 times faster than the AES-256 implementation in GnuPG/libgcrypt on the same machine. I suppose those large lookup tables in the Gladman code really speed things up. (I would not think the extra XOR operation used in GnuPG's CFB implementation would account for so large a difference). Gladman's very fast GPL-compatible code (as used in 7-zip) is available at http://fp.gladman.plus.com/cryptography_technology/index.htm. He has C, C++, and x86 assembly implementations. You might want to take a look. Gladman's code uses large tables, which presumably makes it vulnerable to the recently publicized timing attacks. That should not be an issue for GnuPG, but might be for other programs that use libgcrypt. -- RPM ========================= All problems can be solved by diplomacy, but violence and treachery are equally effective, and more fun. -Anonymous From eocsor at gmail.com Thu Aug 4 16:02:04 2005 From: eocsor at gmail.com (Roscoe) Date: Thu Aug 4 15:58:00 2005 Subject: throughput of GnuPG symmetric ciphers In-Reply-To: <5d7f07420508040610d2653ae@mail.gmail.com> References: <374D1C0A.357BC963.0307202B@netscape.net> <5d7f074205080310075d83d679@mail.gmail.com> <87acjy810b.fsf@wheatstone.g10code.de> <5d7f07420508040610d2653ae@mail.gmail.com> Message-ID: On 8/4/05, Ryan Malayter wrote: > My test show 7-zip yields ~228 Mbps on a 2.4 GHz P4. The only cipher > available with this program is AES256 in (I believe) ECB mode. You seem pretty knowledgeable, but I'll say it anyway: ECB in general shouldn't be used. Especially in the case of large amounts of data being encrypted. From messtic at oreka.com Thu Aug 4 15:16:24 2005 From: messtic at oreka.com (Alain Bench) Date: Thu Aug 4 16:01:18 2005 Subject: Leave clearsigned content encoding alone, how? In-Reply-To: <42f12fa3.515f007c@vuk.kjorling.com> References: <42f12fa3.515f007c@vuk.kjorling.com> Message-ID: <20050804131622.GD11725@oreka.com> Hello Michael, On Wednesday, August 3, 2005 at 8:57:07 PM +0000, Michael Kj?rling wrote: > My MUA, muttng, correctly identifies the input data prior to signing > as iso-8859-15 and after signing as utf-8 Mutt half-recently began to force outgoing traditional inline PGP messages to UTF-8, disregarding the $send_charset list (in fact acting as if $send_charset="us-ascii:utf-8"). This change was done to improve interoperability, but can unfortunately reduce it in some cases. It is not configurable. And Muttng is based on most recent CVS Mutt. Takashi Takizawa has done a patch to allow other charsets in inline PGP mails. Look at for it. > a lot of mailers don't seem to deal very well with UTF-8 data. Which ones exactly? How do they behave? > My gnupg.conf explicitly states "charset iso-8859-15" If your system locale is correct, which is preferable, you could remove this statement. GnuPG will automagically deduce the charset from whatever the current locale is. Bye! Alain. -- Everything about locales on Sven Mascheck's excellent site at new location . The little tester utility is at . From wk at gnupg.org Thu Aug 4 16:46:09 2005 From: wk at gnupg.org (Werner Koch) Date: Thu Aug 4 16:46:22 2005 Subject: Leave clearsigned content encoding alone, how? In-Reply-To: <20050804131622.GD11725@oreka.com> (Alain Bench's message of "Thu, 04 Aug 2005 15:16:24 +0200 (CEST)") References: <42f12fa3.515f007c@vuk.kjorling.com> <20050804131622.GD11725@oreka.com> Message-ID: <87oe8d7ob2.fsf@wheatstone.g10code.de> On Thu, 04 Aug 2005 15:16:24 +0200 (CEST), Alain Bench said: > Mutt half-recently began to force outgoing traditional inline PGP > messages to UTF-8, disregarding the $send_charset list (in fact acting Which is IMHO a proper interpretation of the OpenPGP specs. Despite what a lot of people (from the ascii and inch dominated parts of the universe) will tell, the only sesnible way to go is by using MIME. It has been around for more than a decade and provides all feature you need for encryption and even better for proper signing. And it is so easy; you can compose MIME messages by hand without looking at the RFC. Just say no to inline PGP! SCNR, Werner From wk at gnupg.org Thu Aug 4 16:56:02 2005 From: wk at gnupg.org (Werner Koch) Date: Thu Aug 4 16:56:24 2005 Subject: throughput of GnuPG symmetric ciphers In-Reply-To: <5d7f07420508040610d2653ae@mail.gmail.com> (Ryan Malayter's message of "Thu, 4 Aug 2005 08:10:00 -0500") References: <374D1C0A.357BC963.0307202B@netscape.net> <5d7f074205080310075d83d679@mail.gmail.com> <87acjy810b.fsf@wheatstone.g10code.de> <5d7f07420508040610d2653ae@mail.gmail.com> Message-ID: <87k6j17nul.fsf@wheatstone.g10code.de> On Thu, 4 Aug 2005 08:10:00 -0500, Ryan Malayter said: > My test show 7-zip yields ~228 Mbps on a 2.4 GHz P4. The only cipher > available with this program is AES256 in (I believe) ECB mode. Why encrypt at all when using ECB? ECB has no use except in very very special cases. > Still, it seems a bit odd that this program generates AES-256 > throughput 2.78 times faster than the AES-256 implementation in > GnuPG/libgcrypt on the same machine. I suppose those large lookup Brian Gladmans code is pretty good but we can't include it into GnupG for legal reasons (it is in the cintrib directory of 1.2, though) and becuase it has been optimized for specific CPUs. Yes. I'd like to see better optimized implementations but these days it is hard to do unless you know exactly what CPU will run the code; its not only about ia32, sparc, ppc. Each ia32 compatible CPU needs its own optimized implementation - a lot of work in particular if not being paid for. > tables in the Gladman code really speed things up. (I would not think > the extra XOR operation used in GnuPG's CFB implementation would Its not the xoring but more likely caching and alignment issues. > Gladman's code uses large tables, which presumably makes it vulnerable > to the recently publicized timing attacks. That should not be an issue > for GnuPG, but might be for other programs that use libgcrypt. When implementing crypto systems one should never ever allow using the system as an oracle. Salam-Shalom, Werner From reuter at do.isst.fraunhofer.de Thu Aug 4 17:06:10 2005 From: reuter at do.isst.fraunhofer.de (Claudia Reuter) Date: Thu Aug 4 16:59:26 2005 Subject: libgcrypt again: error "conflicting use" in gcry_pk_encrypt Message-ID: <42F22EE2.8090205@do.isst.fraunhofer.de> hi everybody. so now I try to create a session key to encrypt my text files. this seems to work. the session key must of course be encrypted with some public key. Now an error "conflicting use" occurs in the gcry_pk_encrypt function. Maybe anyone could tell me what's wrong. gcry_md_open( &Hash , SelectedHash , 0 ); // Retrive digest size HashDigestSize = gcry_md_get_algo_dlen( SelectedHash ); Salt = (unsigned int*)gcry_random_bytes( SelectedSaltLength , GCRY_STRONG_RANDOM ); // Add salt to hash gcry_md_write( Hash , Salt , SelectedSaltLength ); // Fetch digest HashResult = gcry_md_read( Hash , SelectedHash ); //HashResult = (unsigned char*) malloc(SelectedSaltLength*sizeof(char)); //gcry_randomize(HashResult, SelectedSaltLength, GCRY_STRONG_RANDOM); rc = gcry_sexp_build(&sexp, NULL, "(data (flags pkcs1) (hash sha256 %b))", HashDigestSize, HashResult); if(rc) { throw GeneralError( "Unable to build S-Expression. %s\n" , gpg_strerror( rc ) ); } rc = gcry_pk_encrypt(&sexpSessionKey, sexp, pKey); if(rc) { throw GeneralError( "Unable to encrypt session key. %s\n", gpg_strerror( rc ) ); } Thanks in advance. From michael at kjorling.com Thu Aug 4 17:16:00 2005 From: michael at kjorling.com (Michael Kjorling) Date: Thu Aug 4 17:11:29 2005 Subject: Leave clearsigned content encoding alone, how? In-Reply-To: <87oe8d7ob2.fsf@wheatstone.g10code.de> References: <42f12fa3.515f007c@vuk.kjorling.com> <20050804131622.GD11725@oreka.com> <87oe8d7ob2.fsf@wheatstone.g10code.de> Message-ID: <42f23130.66334873@vuk.kjorling.com> On 2005-08-04 16:46 +0200, wk@gnupg.org wrote: > Just say no to inline PGP! Unfortunately quite a few people still use broken MUAs. Outlook Express doesn't handle PGP/MIME in a good way, last time I looked Eudora didn't do very well either (but admittedly, that was a while ago), and several mailing list providers habitually block any message containing anything other than text/plain parts. (Yahoo Groups, when lists are set to disallow attachments, is one example.) Since we do not live in a perfect world, where everyone's MUA adheres to the relevant standards, and a lot of people (and people running Microsoft software seem to me to be overrepresented in this group) don't want to consider the fact that their software may be misbehaving, there is a need to work around this. Inline PGP signing, while far from perfect, avoids the problem of not being able to communicate with a lot of people while meeting the need of cryptographically signed e-mail. -- Michael Kj?rling, michael@kjorling.com - http://michael.kjorling.com/ * ASCII Ribbon Campaign: Against HTML Mail, Proprietary Attachments * * ..... No bird soars too high if he soars with his own wings ..... * -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20050804/c87491cf/attachment.pgp From yochanon at localnet.com Fri Aug 5 01:17:01 2005 From: yochanon at localnet.com (JB) Date: Fri Aug 5 01:13:07 2005 Subject: Encrypting an e-mail to a Hushmail user In-Reply-To: <20050803205629.GB11204@jabberwocky.com> References: <200508031428.17395.yochanon@localnet.com> <20050803205629.GB11204@jabberwocky.com> Message-ID: <200508041817.09044.yochanon@localnet.com> On Wednesday 03 August 2005 15:56, David Shaw wrote: > On Wed, Aug 03, 2005 at 02:28:17PM -0500, JB wrote: > > Hi gang, > > > > Yesterday I tried valiantly to get a Hushmail user to install GPG or > > PGP (6.5.8...still free and a good version) on his M$ system, but he said > > it was too hard to work and Hushmail was nice and easy. > > Anyway, after a few tries of trying to upload my public key to the Hush > > server, I figured out I had to upload without my picture...finally it > > took my key. > > Now that I have my friends key on my keyring and have signed it, I find > > I get an 'error' every time I try to encrypt a message to him. I have a > > feeling it's because I'm using my key and it still has the photo, but I > > can't figure out how to sign the e-mail to him *without* using the > > photo/attribute(s) in my key. > > Anyone care to give me a quick hand with this? It'd sure be > > appreciated. (Now if I can just get him to use GPG for Windows thing > > would be great!) > > I'm afraid that nobody will be able to help you unless you post > something more useful than "I get an 'error'" My apologies, it completely skipped my mind to do that. It was a small popup window that literally read 'Error, cannot encrypt'...that was all I saw. Today though, I made another key without a phot and sent it to the hushmail server and sent 3 different test e-mails to my friend, and all 3 of my keys are working now. Very strange, since I did nothing to the other two that weren't working before (I use Kmail). Anyway, thanks to all who answered my call and again I apologize for the lack of information in my original post. Now that everything seems to be working, I'm not gonna mess with anything, heh. Take care, John B. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20050804/3c4dceca/attachment.pgp From thomas-gmane at kuehne.cn Fri Aug 5 08:27:45 2005 From: thomas-gmane at kuehne.cn (Thomas Kuehne) Date: Fri Aug 5 08:25:08 2005 Subject: Primary certify-only key? In-Reply-To: <20050803194839.GC10835__33752.3433882326$1123098888$gmane$org@jabberwocky.com> References: <20050803194839.GC10835__33752.3433882326$1123098888$gmane$org@jabberwocky.com> Message-ID: David Shaw schrieb: > On Wed, Aug 03, 2005 at 07:26:38PM +0200, Thomas Kuehne wrote: > >>Is there a way to generate the following key collection with GnuPG? >> >>pub 4096R usage: C >>sub 4096R usage: S >> >>The problem is that I cant create the first key with only "C" the >>capability. >> >>Using the --expert option and disabling "E", "S" and "A" results in "CSEA". > > > Try the attached patch (to 1.4.2). Thanks for the patch Thomas From wk at gnupg.org Fri Aug 5 09:51:56 2005 From: wk at gnupg.org (Werner Koch) Date: Fri Aug 5 09:51:22 2005 Subject: Leave clearsigned content encoding alone, how? In-Reply-To: <42f23130.66334873@vuk.kjorling.com> (Michael Kjorling's message of "Thu, 4 Aug 2005 15:16:00 +0000") References: <42f12fa3.515f007c@vuk.kjorling.com> <20050804131622.GD11725@oreka.com> <87oe8d7ob2.fsf@wheatstone.g10code.de> <42f23130.66334873@vuk.kjorling.com> Message-ID: <87wtn04y8z.fsf@wheatstone.g10code.de> On Thu, 4 Aug 2005 15:16:00 +0000, Michael Kjorling said: > misbehaving, there is a need to work around this. Inline PGP signing, > while far from perfect, avoids the problem of not being able to > communicate with a lot of people while meeting the need of > cryptographically signed e-mail. No, it does not for the majority of people. It works only in the ascii and sometimes in the Latin-x countries. See http://josefsson.org/inline-openpgp-considered-harmful.html Shalom-Salam, Werner From jharris at widomaker.com Fri Aug 5 12:33:25 2005 From: jharris at widomaker.com (Jason Harris) Date: Fri Aug 5 12:29:00 2005 Subject: SKS v. unknown HTTP headers (was: Re: IPv6 failover?) In-Reply-To: <20050804115409.GA11710@jabberwocky.com> References: <20050730182035.GC358@wilma.widomaker.com> <20050731012828.GB6168@jabberwocky.com> <20050803183216.GK358@wilma.widomaker.com> <20050803184816.GA10835@jabberwocky.com> <20050803223246.GL358@wilma.widomaker.com> <20050803232541.GA11494@jabberwocky.com> <20050804001835.GM358@wilma.widomaker.com> <20050804004418.GB11494@jabberwocky.com> <20050804042427.GN358@wilma.widomaker.com> <20050804115409.GA11710@jabberwocky.com> Message-ID: <20050805103325.GO358@wilma.widomaker.com> On Thu, Aug 04, 2005 at 07:54:09AM -0400, David Shaw wrote: > On Thu, Aug 04, 2005 at 12:24:27AM -0400, Jason Harris wrote: > > Thus, in reality, the "Expect: 100-continue" header appears to be confusing > > SKS (during POSTs). > Hmm. No really good way to fix that in GPG or curl since they can't > detect that a server is 1.0 without doing a GET first. Curl, if I Disregard that. It isn't the Expect: header, it was the [s]scanf. This patch fixes it: diff -u -r1.5 dbserver.ml --- dbserver.ml +++ dbserver.ml @@ -415,8 +415,9 @@ let request = Wserver.strip request in match request with "/pks/add" -> - let keytext = Scanf.sscanf body "keytext=%s" (fun s -> s) in + let keytext = Scanf.sscanf body "keytext%s" (fun s -> s) in let keytext = Wserver.decode keytext in + let keytext = Str.string_after keytext 1 in let keys = Armor.decode_pubkey keytext in plerror 3 "Handling /pks/add for %d keys" (List.length keys); -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 313 bytes Desc: not available Url : /pipermail/attachments/20050805/c3bb528c/attachment.pgp From reuter at do.isst.fraunhofer.de Fri Aug 5 12:40:07 2005 From: reuter at do.isst.fraunhofer.de (Claudia Reuter) Date: Fri Aug 5 12:33:16 2005 Subject: libgcrypt again: error "conflicting use" in gcry_pk_encrypt In-Reply-To: <42F22EE2.8090205@do.isst.fraunhofer.de> References: <42F22EE2.8090205@do.isst.fraunhofer.de> Message-ID: <42F34207.4030609@do.isst.fraunhofer.de> at least a managed it. code: void EncryptSessionKey(gcry_sexp_t &encSessionKey, unsigned char* SessionKey, gcry_sexp_t pKey) { gcry_mpi_t a; gcry_sexp_t sexp; size_t KeyLength; int rc; KeyLength = gcry_md_get_algo_dlen(SelectedHash); //TODO: some padding with sessionkey rc = gcry_mpi_scan(&a, GCRYMPI_FMT_USG, SessionKey, KeyLength, &KeyLength); if(rc) throw GeneralError("MPI scan failed.\n%s\n", gpg_strerror( rc )); rc = gcry_sexp_build(&sexp, NULL, "%m", a); if(rc) throw GeneralError("Unable to build S-Expression.\n%s\n", gpg_strerror( rc )); rc = gcry_pk_encrypt(&encSessionKey, sexp, pKey); if(rc) { gcry_sexp_release(sexp); throw GeneralError("Unable to encrypt session key.\n%s\n", gpg_strerror( rc )); } return; } greetings Claudia Reuter wrote: >hi everybody. > >so now I try to create a session key to encrypt my text files. this >seems to work. the session key must of course be encrypted with some >public key. Now an error "conflicting use" occurs in the gcry_pk_encrypt >function. > >Maybe anyone could tell me what's wrong. > > gcry_md_open( &Hash , SelectedHash , 0 ); > // Retrive digest size > HashDigestSize = gcry_md_get_algo_dlen( SelectedHash ); > > Salt = (unsigned int*)gcry_random_bytes( SelectedSaltLength , >GCRY_STRONG_RANDOM ); > > // Add salt to hash > gcry_md_write( Hash , Salt , SelectedSaltLength ); > > // Fetch digest > HashResult = gcry_md_read( Hash , SelectedHash ); > > //HashResult = (unsigned char*) >malloc(SelectedSaltLength*sizeof(char)); > //gcry_randomize(HashResult, SelectedSaltLength, GCRY_STRONG_RANDOM); > > rc = gcry_sexp_build(&sexp, NULL, "(data (flags pkcs1) (hash sha256 >%b))", HashDigestSize, HashResult); > > if(rc) { > throw GeneralError( "Unable to build S-Expression. %s\n" , >gpg_strerror( rc ) ); > } > > rc = gcry_pk_encrypt(&sexpSessionKey, sexp, pKey); > if(rc) { > throw GeneralError( "Unable to encrypt session key. %s\n", >gpg_strerror( rc ) ); > } > >Thanks in advance. > >_______________________________________________ >Gnupg-users mailing list >Gnupg-users@gnupg.org >http://lists.gnupg.org/mailman/listinfo/gnupg-users > > From dshaw at jabberwocky.com Fri Aug 5 14:17:39 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Fri Aug 5 14:13:38 2005 Subject: SKS v. unknown HTTP headers (was: Re: IPv6 failover?) In-Reply-To: <20050805103325.GO358@wilma.widomaker.com> References: <20050731012828.GB6168@jabberwocky.com> <20050803183216.GK358@wilma.widomaker.com> <20050803184816.GA10835@jabberwocky.com> <20050803223246.GL358@wilma.widomaker.com> <20050803232541.GA11494@jabberwocky.com> <20050804001835.GM358@wilma.widomaker.com> <20050804004418.GB11494@jabberwocky.com> <20050804042427.GN358@wilma.widomaker.com> <20050804115409.GA11710@jabberwocky.com> <20050805103325.GO358@wilma.widomaker.com> Message-ID: <20050805121739.GF26900@jabberwocky.com> On Fri, Aug 05, 2005 at 06:33:25AM -0400, Jason Harris wrote: > On Thu, Aug 04, 2005 at 07:54:09AM -0400, David Shaw wrote: > > On Thu, Aug 04, 2005 at 12:24:27AM -0400, Jason Harris wrote: > > > > Thus, in reality, the "Expect: 100-continue" header appears to be confusing > > > SKS (during POSTs). > > > Hmm. No really good way to fix that in GPG or curl since they can't > > detect that a server is 1.0 without doing a GET first. Curl, if I > > Disregard that. > > It isn't the Expect: header, it was the [s]scanf. This patch fixes it: Excellent. Thanks, Jason. I'm glad these little details are getting fixed before the next GnuPG which uses curl by default. David From johanw at vulcan.xs4all.nl Fri Aug 5 14:55:37 2005 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Fri Aug 5 14:53:13 2005 Subject: Leave clearsigned content encoding alone, how? In-Reply-To: <87wtn04y8z.fsf@wheatstone.g10code.de> Message-ID: <200508051255.j75CtbaO002305@vulcan.xs4all.nl> Werner Koch wrote: >No, it does not for the majority of people. It works only in the >ascii and sometimes in the Latin-x countries. It helps simplifying languages: I communicate often with people from Eastern Europe, whose language contains many accents. However, as the contact is often text messages, they just ignore all those accents. The language is still readable, so they're superfluous anyway. In Dutch I do the same: the often used \"e there is in sms usually replaced by just e. I don't use accented chars in email since it gets usually screwed up at the other side anyway. I read my own email usually in text mode screens, with the IBM 850 charset. MIME headers can't change that anyway, since you need root acces to change the active charset and I don't plan to make elm and mutt suid because of that. Most people find it too much work to figure out where the few supported accented characters on gsm phones are anyway. In email I see the same, except for those M$ users that seem to think I like html mail. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From dsrbecky at post.cz Fri Aug 5 23:43:00 2005 From: dsrbecky at post.cz (David Srbecky) Date: Sat Aug 6 00:08:47 2005 Subject: Save signature in mail headers Message-ID: <42F3DD64.3020502@post.cz> Hello, I would like to sign all my mail, but I do not want to annoy people that have incompatible e-mail clients with extra attachment file or signature in the text of the message. Is it possible to send the signature in mail headers? Regards, David Srbecky From dsrbecky at post.cz Fri Aug 5 23:36:49 2005 From: dsrbecky at post.cz (David Srbecky) Date: Sat Aug 6 00:08:56 2005 Subject: Proof of email ownership Message-ID: <42F3DBF1.7070701@post.cz> Hello, I just installed GnuPG to Thunderbird, created a key pair and uploaded it to a keyserver. I have expected to receive some mail designed to verify that I really own the email address (similar to the one that just received to subscribe to this list), but I did not receive any. How can people know that I own the address if GnuPG did not check it? My next idea was that GnuPG is multipurpose cryptographic software and I need to get some special signature verifying that I own specific mail. I was looking for a way to accomplish that, but I have not found any. Are there any servers/bots that can verify that I own mail and then sign my key to certify that? Regards, David Srbecky From pats_comp_solutions at hotpop.com Sat Aug 6 01:42:38 2005 From: pats_comp_solutions at hotpop.com (Patrick Dickey) Date: Sat Aug 6 01:41:31 2005 Subject: Proof of email ownership In-Reply-To: <42F3DBF1.7070701@post.cz> References: <42F3DBF1.7070701@post.cz> Message-ID: <42F3F96E.3040306@hotpop.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Srbecky wrote: > Hello, > > I just installed GnuPG to Thunderbird, created a key pair and > uploaded it to a keyserver. I have expected to receive some mail > designed to verify that I really own the email address (similar to > the one that just received to subscribe to this list), but I did > not receive any. > > How can people know that I own the address if GnuPG did not check > it? > > > My next idea was that GnuPG is multipurpose cryptographic software > and I need to get some special signature verifying that I own > specific mail. I was looking for a way to accomplish that, but I > have not found any. > > Are there any servers/bots that can verify that I own mail and then > sign my key to certify that? > > > Regards, David Srbecky > > _______________________________________________ Gnupg-users mailing > list Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > The understanding I have is that you have to establish trusts with people. All the keyserver does is shows that someone using your e-mail address signed the message. The individual who receives the e-mail has to establish trust for the key. They do that either by contacting you via another method for confirmation, or meeting you at a 'keysigning' where you establish a face to face with other people. I'm relatively new to all of this myself, but I'm pretty sure I read that in the gnupg.org website. That would be your best source of information, short of other more experienced people replying here. Patrick Dickey. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC8/lulYHHywHZe7ARAr+dAJ41Oc2YTmTH2+QTPI1hGyrguD1mWwCfZ/XW cM4sWyXs9A7/2MmWUNICgWE= =ZxWi -----END PGP SIGNATURE----- From samuel at Update.UU.SE Sat Aug 6 01:19:31 2005 From: samuel at Update.UU.SE (Samuel ]slund) Date: Sat Aug 6 02:09:56 2005 Subject: Proof of email ownership In-Reply-To: <42F3DBF1.7070701@post.cz> References: <42F3DBF1.7070701@post.cz> Message-ID: <20050805231931.GF4221@Update.UU.SE> On Fri, Aug 05, 2005 at 11:36:49PM +0200, David Srbecky wrote: > Hello, > > I just installed GnuPG to Thunderbird, created a key pair and uploaded > it to a keyserver. I have expected to receive some mail designed to > verify that I really own the email address (similar to the one that just > received to subscribe to this list), but I did not receive any. There are no such automation. > How can people know that I own the address if GnuPG did not check it? Basically you tell the one you plan to communicate with "this is my key" or you tell it to someone who the one you plan to communicate with knows. Keywords you are looking for include "web of thrust" and "key signing". Check out: http://www.biglumber.com/ The GNU Privacy handbook http://www.gnupg.org/gph/en/manual.html Esp. chapter 3. The GnuPG Documentation page http://www.gnupg.org/(en)/documentation/index.html > My next idea was that GnuPG is multipurpose cryptographic software and > I need to get some special signature verifying that I own specific mail. > I was looking for a way to accomplish that, but I have not found any. Look for "Robot CA", but several people here think it is a bad idea, find out why in the list archives before you go ahead. HTH //Samuel From list-gnupg at mikedaigle.ca Sat Aug 6 02:42:01 2005 From: list-gnupg at mikedaigle.ca (Michael Daigle) Date: Sat Aug 6 04:03:35 2005 Subject: Save signature in mail headers In-Reply-To: <42F3DD64.3020502@post.cz> References: <42F3DD64.3020502@post.cz> Message-ID: <42F40759.1090000@mikedaigle.ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 In reply to David Srbecky's message sent 2005-08-05 17:43: > I would like to sign all my mail, but I do not want to annoy people that > have incompatible e-mail clients with extra attachment file or signature > in the text of the message. > > Is it possible to send the signature in mail headers? It's possible to engineer a MUA to do that, but there's no use without a recipient who has the same magic box :-( DomainKeys and similar schemes can authenticate you as a sender from a particular network, but not specifically from your email address, nor can they provide message authentication. You're stuck with the standards if you want to communicate with others using PKCS. If you want to make sure your message can be authenticated, you'd best choose non-opaque ("clear") signing whether OpenPGP or S/MIME. This way, you don't force the recipient to possess your public key in order to read your message, or suffer other consequences should their MUA lack support for your message type. If they want or have a need to authenticate your message, they'll request your public key. - -- Mike Daigle http://www.mikedaigle.ca My PGP Key mailto:pgpkey@mikedaigle.ca Gossamer Spider Web of Trust http://www.gswot.org Get Your Own Subdomain! http://www.gswot.org/yourname -----BEGIN PGP SIGNATURE----- Comment: GSWoT - Gossamer Spider Web of Trust - www.gswot.org iD8DBQFC9AdWNuccKlqTLlMRA2XgAJ4n5pBJIEaOhUuZPGY3ElQCKuapcACfTqHY tIm40GMriqbBRU814120Q60= =PkeT -----END PGP SIGNATURE----- From list-gnupg at mikedaigle.ca Sat Aug 6 02:37:47 2005 From: list-gnupg at mikedaigle.ca (Michael Daigle) Date: Sat Aug 6 04:05:14 2005 Subject: Proof of email ownership In-Reply-To: <42F3DBF1.7070701@post.cz> References: <42F3DBF1.7070701@post.cz> Message-ID: <42F4065B.6030605@mikedaigle.ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 In reply to David Srbecky's message sent 2005-08-05 17:36: > I just installed GnuPG to Thunderbird, created a key pair and > uploaded it to a keyserver. I have expected to receive some mail > designed to verify that I really own the email address (similar to > the one that just received to subscribe to this list), but I did not > receive any. > > How can people know that I own the address if GnuPG did not check it? GnuPG is a cryptographic application. It verifies digital signatures, not email addresses. > My next idea was that GnuPG is multipurpose cryptographic software > and I need to get some special signature verifying that I own > specific mail. I was looking for a way to accomplish that, but I have > not found any. There is no magic bullet :-( A signature is only "special" to the one who recognizes it. Some people trust my sig, while others have no cause to. The same goes for bots and CA's. That's why the web of trust is important. The more signatures you get on your key, the greater the odds someone who receives your key sees a signature of someone they trust. > Are there any servers/bots that can verify that I own mail and then > sign my key to certify that? The PGP Global Directory will only publish UID's bearing email addresses that you confirm. https://keyserver-beta.pgp.com/vkd/GetWelcomeScreen.event The Robot CA at toehold.com will also similarly validate your email address. http://www.toehold.com/robotca/ There are other organized webs of trust around like Thawte Consulting (www.thawte.com), CAcert (www.cacert.org) and the Gossamer Spider Web of Trust (www.gswot.org). Thawte is a commercial CA (only good for X.509 unless you use a compatable RSA OpenPGP key). CAcert is a not-for-profit CA (X.509 and OpenPGP; trying for browser inclusion). GSWoT is a grassroots organization that endorses CAcert Assurers, Thawte Notaries, and other internally produced assurers to enhance the OpenPGP web of trust. These entities perform identity assurance. You won't get a signature for proving access to an email address. - -- Mike Daigle http://www.mikedaigle.ca My PGP Key mailto:pgpkey@mikedaigle.ca Gossamer Spider Web of Trust http://www.gswot.org Get Your Own Subdomain! http://www.gswot.org/yourname -----BEGIN PGP SIGNATURE----- Comment: GSWoT - Gossamer Spider Web of Trust - www.gswot.org iD8DBQFC9AZaNuccKlqTLlMRA2/NAKDZNFcuuoAhUAbKGZBMrp2z2wcCaACgq9UA X8336TQYfwdNfIpm0mxshtI= =0s6L -----END PGP SIGNATURE----- From kabads at gmail.com Sat Aug 6 09:36:02 2005 From: kabads at gmail.com (Adam Cripps) Date: Sat Aug 6 09:32:01 2005 Subject: Proof of email ownership In-Reply-To: <20050805231931.GF4221@Update.UU.SE> References: <42F3DBF1.7070701@post.cz> <20050805231931.GF4221@Update.UU.SE> Message-ID: On 8/6/05, Samuel ]slund wrote: > On Fri, Aug 05, 2005 at 11:36:49PM +0200, David Srbecky wrote: > > Hello, > Keywords you are looking for include "web of thrust" and "key signing". > Did you mean to say "web of thrust"? Kind of funny that image. Adam -- http://www.monkeez.org PGP key: 0x7111B833 From samuel at Update.UU.SE Sat Aug 6 10:20:51 2005 From: samuel at Update.UU.SE (Samuel ]slund) Date: Sat Aug 6 10:16:25 2005 Subject: Proof of email ownership In-Reply-To: References: <42F3DBF1.7070701@post.cz> <20050805231931.GF4221@Update.UU.SE> Message-ID: <20050806082051.GG4221@Update.UU.SE> On Sat, Aug 06, 2005 at 08:36:02AM +0100, Adam Cripps wrote: > On 8/6/05, Samuel ]slund wrote: > > On Fri, Aug 05, 2005 at 11:36:49PM +0200, David Srbecky wrote: > > > Hello, > > > Keywords you are looking for include "web of thrust" and "key signing". > > > > Did you mean to say "web of thrust"? Kind of funny that image. Oops... spell-checkers ought to check for intention too. (Esp. late at night and early in the morning...) //Samuel From johanw at vulcan.xs4all.nl Sat Aug 6 09:35:45 2005 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Sat Aug 6 11:47:07 2005 Subject: Leave clearsigned content encoding alone, how? In-Reply-To: <20050805221027.3389.qmail@web52713.mail.yahoo.com> Message-ID: <200508060735.j767ZjC3012034@vulcan.xs4all.nl> Richard Sperry wrote: >What I am wondering is if we can simply UUencode attachments, leave them >alone and clear sign the whole message. Yes. However, AFAIK base64 is the default for attachments, and uuencode does have some problems with (now probably antique and not used any more) mail servers. >I am writing an installer for OL2003 clients, to make it easy to get GnuPG >up and running on Windows, and yes I have changed OL's default to RTF over >that HTML crap. You mean that you now send rtf files instead of html? That's even worse: html can be read as text (although MS usually makes a very good job of obscuring its html), for rtf that's impossible. Then I would need to run some X application to read it. For html, at least "lynx -dump" works. >I don't mind HTML newsletters. But when I email a client >or a friend, why do I need to do it? Usually for no good reason. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From dsrbecky at post.cz Sat Aug 6 12:14:20 2005 From: dsrbecky at post.cz (David Srbecky) Date: Sat Aug 6 12:09:33 2005 Subject: Proof of email ownership Message-ID: <42F48D7C.2060804@post.cz> Hello, Thank you all you for you replys! That's exactly what I was looking for! Thank you, David From cedar at 3web.net Sat Aug 6 19:49:25 2005 From: cedar at 3web.net (cdr) Date: Sat Aug 6 19:45:35 2005 Subject: Leave clearsigned content encoding alone, how? In-Reply-To: <200508051255.j75CtbaO002305@vulcan.xs4all.nl> References: <200508051255.j75CtbaO002305@vulcan.xs4all.nl> Message-ID: <42F4F825.1080908@3web.net> Johan Wevers wrote: > I read my own email usually in > text mode screens, with the IBM 850 charset. MIME headers > can't change that anyway... Same here, but in addition, in my general-purpose inbox, I reject all HTML messages and messages with attachments on the assumption they are spam. Preponderance of e-mail "standards" and "solutions" break in practice because they are based on a naive premise that the sender and the receiver of an email message belong to the same ethnic/language/character-set group. cdr From wk at gnupg.org Sun Aug 7 14:48:56 2005 From: wk at gnupg.org (Werner Koch) Date: Sun Aug 7 14:46:34 2005 Subject: Proof of email ownership In-Reply-To: <42F3DBF1.7070701@post.cz> (David Srbecky's message of "Fri, 05 Aug 2005 23:36:49 +0200") References: <42F3DBF1.7070701@post.cz> Message-ID: <873bplzzd3.fsf@wheatstone.g10code.de> Hi! Let me note that I am currently working on a simplified key validation scheme. The basic idea is to connect a signature to an DNS entry. Our assumption is that DNS is secure and unforgeable - as of now it is not but eventually DNSSEC will get deployed to solve this and many other problems. Here is how it works: To create a signature on an email (or any other data) you would use: gpg -s -Npka-address@gnupg.org=werner@example.org foo (add other options as you see fit). Now when someone wants to verify the signature he does it using the usual gpg --verify foo.gpg gpg detects that foo.gpg has the notation key pka-address@gnupg.org and takes its value (werner@example.org) to run a DNS query like: $ host -t txt werner._pka.example.org werner._pka.example.org text "v=pka1\;fpr=A4D94E92B0986AB5EE9DC\ D755DE249965B0358A2\;uri=finger:wk@example.com" Now it compares the fingerprint given in that Text record against the one of the public key used to verify the signature. If they match, it has been proved that the mail address werner@example.org is a legitimate address in the domain example.org. If not, someone tried to use a faked key. As of now we use the outcome of this test to change the validity status of the key either to FULL or to NEVER (if they don't match). A MUA - or an MTA - may now display the verified address werner@example.org to the user and compare it to the From address. Will will likely add ptions to gpg to make this easier. As a bonus we also put the URI part into the TXT record to allow the specification of a keyserver or whatever to retrieve the public key. gpg uses this during signature verification as well when collecting the recipients of a message; i.e. if you use "-r joe@example.org" it would try to locate a PKA record for joe (joe._pka.example.org) and use this for key validation as well as to retrieve the key for joe. If you want to play with this feature, you need to build the latest Subversion of gpg and put keyserver-options auto-pka-retrieve into your gpg.conf. For real PKA records, replace example.org by fsfe.org. If this all works out well, we might want to apply for a dedicated DNS record type instead of using TXT. The scheme may also be used for S/MIME. Shalom-Salam, Werner From wk at gnupg.org Sun Aug 7 14:58:07 2005 From: wk at gnupg.org (Werner Koch) Date: Sun Aug 7 14:56:27 2005 Subject: Save signature in mail headers In-Reply-To: <42F3DD64.3020502@post.cz> (David Srbecky's message of "Fri, 05 Aug 2005 23:43:00 +0200") References: <42F3DD64.3020502@post.cz> Message-ID: <87y87dykdc.fsf@wheatstone.g10code.de> On Fri, 05 Aug 2005 23:43:00 +0200, David Srbecky said: > I would like to sign all my mail, but I do not want to annoy people that > have incompatible e-mail clients with extra attachment file or signature > in the text of the message. There are at least three reasons against this: 1. It is hard to get these header signatures right. That newly prposed DKIM has almost immediatly been broken due to design problems in white space processing. 2. You can't stream the data. The header of a mail is comes before the signature has been calculated. One of the things OpenPGP fixed (compared to PGP 2) is that it allows to stream data of arbitary length. No need for temporary files. 3. It is not needed MIME (S/MIME or PGP/MIME) are established and well matured protocols. IF you want to sign the actual headers of a message, simply encapsulate the entire message into an rfc822 container and you are done. Salam-Shalom, Werner From sk4list at yahoo.com Sun Aug 7 16:17:13 2005 From: sk4list at yahoo.com (S K) Date: Sun Aug 7 16:13:13 2005 Subject: Proof of email ownership In-Reply-To: <873bplzzd3.fsf@wheatstone.g10code.de> Message-ID: <20050807141713.35742.qmail@web33904.mail.mud.yahoo.com> How would this work out for people who do not have control over the DNS record of domains? Best examples are free email services like hotmail and gmail? -SK --- Werner Koch wrote: > Hi! > > Let me note that I am currently working on a > simplified key validation > scheme. The basic idea is to connect a signature to > an DNS entry. > > Our assumption is that DNS is secure and unforgeable > - as of now it is > not but eventually DNSSEC will get deployed to solve > this and many other > problems. > > Here is how it works: > > To create a signature on an email (or any other > data) you would use: > > gpg -s -Npka-address@gnupg.org=werner@example.org > foo > > (add other options as you see fit). Now when someone > wants to verify > the signature he does it using the usual > > gpg --verify foo.gpg > > gpg detects that foo.gpg has the notation key > pka-address@gnupg.org > and takes its value (werner@example.org) to run a > DNS query like: > > $ host -t txt werner._pka.example.org > werner._pka.example.org text > "v=pka1\;fpr=A4D94E92B0986AB5EE9DC\ > D755DE249965B0358A2\;uri=finger:wk@example.com" > > Now it compares the fingerprint given in that Text > record against the > one of the public key used to verify the signature. > If they match, it > has been proved that the mail address > werner@example.org is a > legitimate address in the domain example.org. If > not, someone tried > to use a faked key. As of now we use the outcome of > this test to > change the validity status of the key either to FULL > or to NEVER (if > they don't match). > > A MUA - or an MTA - may now display the verified > address > werner@example.org to the user and compare it to the > From address. > Will will likely add ptions to gpg to make this > easier. > > As a bonus we also put the URI part into the TXT > record to allow the > specification of a keyserver or whatever to retrieve > the public key. > gpg uses this during signature verification as well > when collecting > the recipients of a message; i.e. if you use "-r > joe@example.org" it > would try to locate a PKA record for joe > (joe._pka.example.org) and > use this for key validation as well as to retrieve > the key for joe. > > If you want to play with this feature, you need to > build the latest > Subversion of gpg and put > > keyserver-options auto-pka-retrieve > > into your gpg.conf. For real PKA records, replace > example.org by > fsfe.org. If this all works out well, we might want > to apply for a > dedicated DNS record type instead of using TXT. The > scheme may also be > used for S/MIME. > > > Shalom-Salam, > > Werner > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From alphasigmax at gmail.com Sun Aug 7 16:41:26 2005 From: alphasigmax at gmail.com (Alphax) Date: Sun Aug 7 16:38:50 2005 Subject: Proof of email ownership In-Reply-To: <873bplzzd3.fsf@wheatstone.g10code.de> References: <42F3DBF1.7070701@post.cz> <873bplzzd3.fsf@wheatstone.g10code.de> Message-ID: <42F61D96.6000702@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Werner Koch wrote: > Hi! > > Let me note that I am currently working on a simplified key validation > scheme. The basic idea is to connect a signature to an DNS entry. > > Our assumption is that DNS is secure and unforgeable - as of now it is > not but eventually DNSSEC will get deployed to solve this and many other > problems. > Your other assumption is that everyone has continuous and unrestricted (no proxies, firewalls) internet access. I can't even get GPG to work with an authenticating proxy. Will GPG work with a localhost-based proxy even? - -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 | X Against HTML email & vCards http://tinyurl.com/cc9up | / \ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC9h2W/RxM5Ph0xhMRA54oAJsH9RZ5GQ+U6M9I5rP5fryco3UojACdG07g ASZ2F7v3cCJ9A3V7n0MVmhA= =aBnl -----END PGP SIGNATURE----- From dsrbecky at post.cz Sun Aug 7 18:23:04 2005 From: dsrbecky at post.cz (David Srbecky) Date: Sun Aug 7 18:18:25 2005 Subject: Feature request: Automatically import public keys Message-ID: <42F63568.70909@post.cz> Hello, Enigmail is great, but I find that public key import is very repetitive and unnecessary action. Could Enigmail just try to import public keys automatically for incoming mail? David From dsrbecky at post.cz Sun Aug 7 18:23:16 2005 From: dsrbecky at post.cz (David Srbecky) Date: Sun Aug 7 18:18:36 2005 Subject: Feature request: Import public keys for all contacts in the address book Message-ID: <42F63574.4070100@post.cz> This could be especially useful for new users. (Like me :-) ) David From dsrbecky at post.cz Sun Aug 7 18:23:35 2005 From: dsrbecky at post.cz (David Srbecky) Date: Sun Aug 7 18:18:55 2005 Subject: Feature request: Detect whether recipient has a public key Message-ID: <42F63587.40208@post.cz> Related to: Save signature in mail headers > Is it possible to send the signature in mail headers? Ok, I got other solution: I think it is safe to assume that if user has public key than he has compatible MUA or at least he will not mind being send signatures. What I want is option to try import recipients public key and sign the message only if one is found. David From dsrbecky at post.cz Sun Aug 7 18:23:45 2005 From: dsrbecky at post.cz (David Srbecky) Date: Sun Aug 7 18:19:07 2005 Subject: Feature request: Show whether e-mail of user is verified Message-ID: <42F63591.8040600@post.cz> Related to: Proof of email ownership There are a few robots that verify that user owns the e-mail. There are a many more UNTRUSTED IDs than TRUSTED in my list. If enigmail could specify whether the ID has been signed by robot, it would provide significantly more information. PS: A configurable list of trusted robots in the options panel may be needed. David From dsrbecky at post.cz Sun Aug 7 18:23:58 2005 From: dsrbecky at post.cz (David Srbecky) Date: Sun Aug 7 18:19:20 2005 Subject: Feature request: Show Photo ID Message-ID: <42F6359E.7030804@post.cz> Hello, How difficult is it to show Photo ID if available? See http://tecwizards.de/mozilla/messagefaces/header-example.png David From dsrbecky at post.cz Sun Aug 7 18:34:43 2005 From: dsrbecky at post.cz (David Srbecky) Date: Sun Aug 7 18:30:09 2005 Subject: Feature requests: SORRY!!! - WRONG maillist Message-ID: <42F63823.60209@post.cz> I very sorry!!!!!! I had a very creative moment, but I did not realize that I am sending mails to the wrong maillist - I should stop using "Edit As New..." :-( Sorry!!! David From thomas-gmane at kuehne.cn Sun Aug 7 19:02:21 2005 From: thomas-gmane at kuehne.cn (Thomas Kuehne) Date: Sun Aug 7 19:01:51 2005 Subject: more than one message digest per signed message? Message-ID: Is it possible to use more than one message digest when signing a message with GnuPG? gpg --digest MD5 --digest SHA512 --clearsign test.txt -> used digest SHA512 gpg --digest MD5,SHA512 --clearsign test.txt -> gpg: selected digest algorithm is invalid gpg --digest "MD5 SHA512" --clearsign test.txt -> gpg: selected digest algorithm is invalid Thomas From jeroen at unfix.org Sun Aug 7 22:02:44 2005 From: jeroen at unfix.org (Jeroen Massar) Date: Sun Aug 7 22:53:39 2005 Subject: Proof of email ownership Message-ID: <42F668E4.9030904@unfix.org> Werner Koch wrote: > gpg -s -Npka-address@gnupg.org=werner@example.org foo This parts looks good... > gpg detects that foo.gpg has the notation key pka-address at gnupg.org > and takes its value (werner at example.org) to run a DNS query like: > > $ host -t txt werner._pka.example.org > werner._pka.example.org text "v=pka1\;fpr=A4D94E92B0986AB5EE9DC\ > D755DE249965B0358A2\;uri=finger:wk@example.com" This will never be accepted by the IETF because: - DNS is not a directory for random information - Don't overload TXT records (though you can go the SPF way and just make a record called SPF which is a TXT) I've been thinking about the above quite a bit and I would actually want to solve it somewhat similar but a bit different. What about a DNS RR that looks like; example.org PGPSRV https keyserver.example.net /pks/ PGPSRV hkp keyserver.example.net These two records basically are the same as specifying: keyserver https://keyserver.example.net/pks/ keyserver hkp://keyserver.example.net in the gpg.conf This thus allows one to specify the keyserver location for that domain, which one could point to pgp.mit.edu too if wanted. Another approach would be DNS-SD, but they don't allow multiple protocols at the moment. Which is why I brought up: http://www.ietf.org/internet-drafts/draft-massar-dnsop-service-00.txt but the folks tripped heavily over the word anycast there, I should have avoided that part. A simple: _pka.example.org TXT "https://keyserver.example.net/pks/" also does the trick, but we need a standard for this. Btw I specified https above, which is something I would really like to see implemented and usable in gpg. This allows everybody, who has access to their DNS that is, to specify a keyserver of their choice for that domain. The HTTPS, which implies SSL, makes it able for gnupg to have a secure transfer of this data and verification of the SSL certificate to know that you are really talking to the correct host in the first place. (DNSSEC might then also be nice to have, but we'll have to wait a bit for that to be deployed everywhere...) $ dig _pgpkey._service.unfix.org any _pgpkey._service.unfix.org. 3600 IN PTR _pgpkey-http._tcp.unfix.org. _pgpkey._service.unfix.org. 3600 IN PTR _pgpkey-https._tcp.unfix.org. $ dig _pgpkey-https._tcp.unfix.org. any _pgpkey-https._tcp.unfix.org. 3600 IN TXT "path=/pks/" _pgpkey-https._tcp.unfix.org. 3600 IN SRV 13 100 443 purgatory.unfix.org. As to a note from somebody else "what about domains that people don't have access to and thus can't configure the above". One might make an extra uid, to a domain that does support the above trick, the key can then also be automatically fetched. eg: gpg -s -Npka-address@gnupg.org=test@example.org foo while you send the mail from tester@example.com. example.com doesn't have a keyserver, example.org has. test@example.org is a (sub)key, but both keys are in the same set. Another note is that this all indeed still does not imply any trust, that needs to come from a lot of users signing your key, one way to solve it would be to have the domain admin have a trusted key, thus someone who has been verified, and have this key sign the keys in that domain, could even been done semi-automatically, this way the user key becomes quite trusted too. This might be good for larger installation. Greets, Jeroen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 238 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20050807/8801fe5f/signature.pgp From jharris at widomaker.com Sun Aug 7 23:33:33 2005 From: jharris at widomaker.com (Jason Harris) Date: Sun Aug 7 23:29:20 2005 Subject: new (2005-08-07) keyanalyze results (+sigcheck) Message-ID: <20050807213333.GU358@wilma.widomaker.com> New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2005-08-07/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the "permanent" files: c9db9fb5ae2a12b51117f88f336e84328d416ec7 12780540 preprocess.keys a814d9123939d8ce0af57042f2eb1cdfb2c0d378 7853497 othersets.txt 458bf5044e7fbb9c04d77438f2cf7be547d114cf 3166352 msd-sorted.txt a751f9d5477744a4f5e5ce6ebad6a60908e317ee 1372 index.html e20d68915125e87089e903e63b721b0ef489c5cf 2291 keyring_stats bb00cce3adb3f8095ae520594e025610f215a4d9 1244821 msd-sorted.txt.bz2 d976cf98445763f7005cc5f2b325bf0be076b2a9 26 other.txt 90b51068bd02c52e4d838c6c3848674663800a16 1691008 othersets.txt.bz2 0d1785606c37bba7fdc9e936b277bd0b11cbccda 5170981 preprocess.keys.bz2 2c52fded2c8f638632de37b8b496e4f1c38594f9 12880 status.txt 4c91c78209189374e972be114cff9e20f78cf978 210266 top1000table.html 8d4bffb3742a167614fb6086a36c366e73ec5fdd 30261 top1000table.html.gz 56eef4a6a68dcd62cb6735d11f186d60f509b42a 10846 top50table.html b352fe275772434c4750d54719d29ff8e3535f7c 2534 D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 313 bytes Desc: not available Url : /pipermail/attachments/20050807/fc74cec7/attachment.pgp From wk at gnupg.org Mon Aug 8 09:04:55 2005 From: wk at gnupg.org (Werner Koch) Date: Mon Aug 8 09:01:27 2005 Subject: Proof of email ownership In-Reply-To: <20050807141713.35742.qmail@web33904.mail.mud.yahoo.com> (S. K.'s message of "Sun, 7 Aug 2005 07:17:13 -0700 (PDT)") References: <20050807141713.35742.qmail@web33904.mail.mud.yahoo.com> Message-ID: <87br48ykmg.fsf@wheatstone.g10code.de> On Sun, 7 Aug 2005 07:17:13 -0700 (PDT), S K said: > How would this work out for people who do not have > control over the DNS record of domains? Best examples > are free email services like hotmail and gmail? Convince them to have a feature for upload a key or a key's fingerprint into the user settings. Then they can generate a zone file from it. Shalom-Salam, Werner From wk at gnupg.org Mon Aug 8 09:07:24 2005 From: wk at gnupg.org (Werner Koch) Date: Mon Aug 8 09:06:29 2005 Subject: Proof of email ownership In-Reply-To: <42F61D96.6000702@gmail.com> (alphasigmax@gmail.com's message of "Mon, 08 Aug 2005 00:11:26 +0930") References: <42F3DBF1.7070701@post.cz> <873bplzzd3.fsf@wheatstone.g10code.de> <42F61D96.6000702@gmail.com> Message-ID: <877jewykib.fsf@wheatstone.g10code.de> On Mon, 08 Aug 2005 00:11:26 +0930, Alphax said: > Your other assumption is that everyone has continuous and unrestricted > (no proxies, firewalls) internet access. I can't even get GPG to work To clarify this: It is NOT a change of the trust modeel but an optional feature. Without access to the net you can't do it but wou won't either be able to download a key. OTOH, this feature may also be implemented at a trusted upstream MTA. Salam-Shalom, Werner From wk at gnupg.org Mon Aug 8 09:26:18 2005 From: wk at gnupg.org (Werner Koch) Date: Mon Aug 8 09:26:28 2005 Subject: Proof of email ownership In-Reply-To: <42F668E4.9030904@unfix.org> (Jeroen Massar's message of "Sun, 07 Aug 2005 22:02:44 +0200") References: <42F668E4.9030904@unfix.org> Message-ID: <873bpkyjmt.fsf@wheatstone.g10code.de> On Sun, 07 Aug 2005 22:02:44 +0200, Jeroen Massar said: > - DNS is not a directory for random information It is not random information it just extends the domain system by local parts. Anyway, DNS is nowadays not anymore as for what it has been designed. > - Don't overload TXT records (though you can go the SPF > way and just make a record called SPF which is a TXT) I know. For experimenting TXT records are just fine. Obviously this should be replaced by a special record type designed for that purpose. > example.org > PGPSRV https keyserver.example.net /pks/ > PGPSRV hkp keyserver.example.net That is a different thing. The crucial point with PKA is to connect a key to the DNS using the fingerprint. Having a way to specify a keyserver does not help: The information returned by a keyserver is not trustworthy. There are other ways of downloading a key; having the URI part in the PKA record is mainly for convenience. > Btw I specified https above, which is something I would really like to > see implemented and usable in gpg. This allows everybody, who has access > to their DNS that is, to specify a keyserver of their choice for that > domain. The HTTPS, which implies SSL, makes it able for gnupg to have a > secure transfer of this data and verification of the SSL certificate to There is no need for a secure transfer of keys. The keys are intrinsic secure. A keyserver is just a bunch of untrusted keys the decision whether to trust a key is put onto the client. You can't trust them. BTW, gpg when build with cURL supports SSL. > Another note is that this all indeed still does not imply any trust, > that needs to come from a lot of users signing your key, one way to If you trust www.example.com you should also be able to trust mails coming from someone@example.org. The PKA scheme does exactly this. It can be used as a good protection agains faked mails. > solve it would be to have the domain admin have a trusted key, thus > someone who has been verified, and have this key sign the keys in that The Web of Trust does only for work closed groups and won't work on a large scale. In particular because it is impossible to teach an average user to assign the ownertrust levels. Those of the mail users who are able to do it are also smart enough not to get tricked by phishing mails - I am pretty sure that at least 95% of all users are pretty good tragets. Having a way to semi-automatically check the sender address might be helpful. Shalom-Salam, Werner From wk at gnupg.org Mon Aug 8 09:27:32 2005 From: wk at gnupg.org (Werner Koch) Date: Mon Aug 8 09:26:36 2005 Subject: Feature request: Automatically import public keys In-Reply-To: <42F63568.70909@post.cz> (David Srbecky's message of "Sun, 07 Aug 2005 18:23:04 +0200") References: <42F63568.70909@post.cz> Message-ID: <87y87cx50b.fsf@wheatstone.g10code.de> On Sun, 07 Aug 2005 18:23:04 +0200, David Srbecky said: > Enigmail is great, but I find that public key import is very repetitive > and unnecessary action. Could Enigmail just try to import public keys > automatically for incoming mail? put keyserver-options aut-kye-retrieve into gpg.conf. Salam-Shalom, Werner From wk at gnupg.org Mon Aug 8 09:29:10 2005 From: wk at gnupg.org (Werner Koch) Date: Mon Aug 8 09:26:48 2005 Subject: more than one message digest per signed message? In-Reply-To: (Thomas Kuehne's message of "Sun, 07 Aug 2005 19:02:21 +0200") References: Message-ID: <87u0i0x4xl.fsf@wheatstone.g10code.de> On Sun, 07 Aug 2005 19:02:21 +0200, Thomas Kuehne said: > Is it possible to use more than one message digest when signing a > message with GnuPG? No. Shalom-Salam, Werner From alphasigmax at gmail.com Mon Aug 8 09:30:02 2005 From: alphasigmax at gmail.com (Alphax) Date: Mon Aug 8 09:27:25 2005 Subject: [Fwd: Re: Proof of email ownership] Message-ID: <42F709FA.3020708@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Forwarded since it seems useful.... - -------- Original Message -------- Subject: Re: Proof of email ownership Date: Mon, 08 Aug 2005 09:07:24 +0200 From: Werner Koch To: Alphax CC: gnupg-users@gnupg.org References: <42F3DBF1.7070701@post.cz> <873bplzzd3.fsf@wheatstone.g10code.de> <42F61D96.6000702@gmail.com> On Mon, 08 Aug 2005 00:11:26 +0930, Alphax said: > Your other assumption is that everyone has continuous and unrestricted > (no proxies, firewalls) internet access. I can't even get GPG to work To clarify this: It is NOT a change of the trust modeel but an optional feature. Without access to the net you can't do it but wou won't either be able to download a key. OTOH, this feature may also be implemented at a trusted upstream MTA. Salam-Shalom, Werner - -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 | X Against HTML email & vCards http://tinyurl.com/cc9up | / \ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC9wn5/RxM5Ph0xhMRA0V2AKCMMt8H1GCObGWXw86y5MO7KfJhZwCfdv0y O1usUCWsElK1ocbYgh5WerE= =B8J1 -----END PGP SIGNATURE----- From oskar at rbgi.net Mon Aug 8 10:01:37 2005 From: oskar at rbgi.net (Oskar L.) Date: Mon Aug 8 09:58:22 2005 Subject: Choosing a keyserver Message-ID: <1248.213.169.28.46.1123488097.squirrel@mail.rbgi.net> What differences are there between different keyservers? What should one take in consideration when choosing witch keyserver to use? Oskar From sclodic at teaser.fr Mon Aug 1 09:48:07 2005 From: sclodic at teaser.fr (Stephane Clodic) Date: Mon Aug 8 10:57:28 2005 Subject: gpg-1.4.2 --key-gen error (in unattended mode) Message-ID: <20050801074807.GP66133@qube.teaser.fr> Hello, Using generation key in unattended mode, I have the following error even with the sample fil "foo" provided in DETAILS file (from the distribution) gpg: Generating a standard key +++++++++++++++.++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.+++++++++++++++++++++++++.++++++++++++++++++++++++++++++>++++++++++...................................................................................................+++++ +++++..++++++++++.+++++++++++++++.+++++..++++++++++++++++++++++++++++++++++++++++.+++++++++++++++++++++++++++++++++++++++++++++++++++++++>+++++.>.+++++.....................................................+++++^^^^ Assertion failed: (pkt->pkt.generic), function build_packet, file build-packet.c, line 74. Abort trap: 6 % cat foo %echo Generating a standard key Key-Type: DSA Key-Length: 1024 Subkey-Type: ELG-E Subkey-Length: 1024 Name-Real: Joe Tester Name-Comment: with stupid passphrase Name-Email: joe@foo.bar Expire-Date: 0 Passphrase: abc %pubring foo.pub %secring foo.sec # Do a commit here, so that we can later print "done" :-) %commit %echo done % uname -mnsr FreeBSD 7.0-CURRENT #21: Thu Jul 28 20:15:14 CEST 2005 % gpg --version gpg (GnuPG) 1.4.2 Copyright (C) 2005 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512 Compression: Uncompressed, ZIP, ZLIB, BZIP2 (build from port) GnuPG-1.4.1 works fine on this system for months. I tried 1.4.2 compiled from source on a "old" FreeBSB-CURRENT (FreeBSD 6.0-CURRENT #14: Tue Apr 12 13:10:18 CEST 2005) and it's the same thing. How could I debug/provide more informations ? Cya -- Stephane Clodic France Teaser From tk at giga.or.at Fri Aug 5 16:15:47 2005 From: tk at giga.or.at (Thomas Klausner) Date: Mon Aug 8 10:57:45 2005 Subject: validate_key_list failed Message-ID: <20050805141547.GC15997@dmath5.geometrie.tuwien.ac.at> Hi! After adding some keys recently, I always get: gpg: public key 6E05F681 is 27717 seconds newer than the signature gpg: public key 8D1C8442 is 86014 seconds newer than the signature gpg: public key 8D1C8442 is 86010 seconds newer than the signature gpg: public key 8D1C8442 is 86010 seconds newer than the signature gpg: public key 4A90E7A1 is 30558 seconds newer than the signature gpg: public key 3022C951 is 31305 seconds newer than the signature gpg: public key 8F1B19A5 is 9972 seconds newer than the signature gpg: public key 4A90E7A1 is 30494 seconds newer than the signature gpg: mpi larger than indicated length (2 bytes) gpg: keyring_get_keyblock: read error: invalid packet gpg: keyring_get_keyblock failed: invalid keyring gpg: failed to rebuild keyring cache: invalid keyring gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model gpg: mpi larger than indicated length (2 bytes) gpg: keyring_get_keyblock: read error: invalid packet gpg: keydb_get_keyblock failed: invalid keyring gpg: validate_key_list failed And the trustdb is not updated, because on the next run I get the same error. How can I fix this? Or how can I find out which key it is, so I can remove it (as workaround)? Cheers, Thomas From dsrbecky at gmail.com Fri Aug 5 23:42:33 2005 From: dsrbecky at gmail.com (David Srbecky) Date: Mon Aug 8 10:57:52 2005 Subject: Save signature in mail headers Message-ID: <42F3DD49.2060901@gmail.com> Hello, I would like to sign all my mail, but I do not want to annoy people that have incompatible e-mail clients with extra attachment file or signature in the text of the message. Is it possible to send the signature in mail headers? Regards, David Srbecky From berndj at prism.co.za Mon Aug 8 09:37:10 2005 From: berndj at prism.co.za (Bernd Jendrissek) Date: Mon Aug 8 10:58:01 2005 Subject: Proof of email ownership In-Reply-To: <873bplzzd3.fsf@wheatstone.g10code.de> References: <42F3DBF1.7070701@post.cz> <873bplzzd3.fsf@wheatstone.g10code.de> Message-ID: <20050808073710.GA20235@prism.co.za> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, Aug 07, 2005 at 02:48:56PM +0200, Werner Koch wrote: > gpg detects that foo.gpg has the notation key pka-address@gnupg.org > and takes its value (werner@example.org) to run a DNS query like: > > $ host -t txt werner._pka.example.org > werner._pka.example.org text "v=pka1\;fpr=A4D94E92B0986AB5EE9DC\ > D755DE249965B0358A2\;uri=finger:wk@example.com" > > Now it compares the fingerprint given in that Text record against the ^^^ ^^^^ Do these TXT records support having multiple keys associated with the same email address? For example, I use D7CBA633 for "everyday" signing and encryption, and 24EEB426 for tin foil hat applications. [Yes, I know I should start using a newer GnuPG.] - -- > BTW, sometimes the lack of a specific response indicates *agreement*. Just in case you thought I was agreeing with you. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQFC9wuX/FmLrNfLpjMRAvYZAKCIb6kJOq45fSwHpR5DH11wQShG3ACfa+G7 GXE0m2WUf28NkcvUP1hlEUw= =51r3 -----END PGP SIGNATURE----- From roam at ringlet.net Mon Aug 8 11:33:07 2005 From: roam at ringlet.net (Peter Pentchev) Date: Mon Aug 8 11:29:01 2005 Subject: validate_key_list failed In-Reply-To: <20050805141547.GC15997@dmath5.geometrie.tuwien.ac.at> References: <20050805141547.GC15997@dmath5.geometrie.tuwien.ac.at> Message-ID: <20050808093307.GA34176@straylight.m.ringlet.net> On Fri, Aug 05, 2005 at 04:15:47PM +0200, Thomas Klausner wrote: > Hi! > > After adding some keys recently, I always get: [snip] > gpg: mpi larger than indicated length (2 bytes) > gpg: keyring_get_keyblock: read error: invalid packet > gpg: keyring_get_keyblock failed: invalid keyring > gpg: failed to rebuild keyring cache: invalid keyring > gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model > gpg: mpi larger than indicated length (2 bytes) > gpg: keyring_get_keyblock: read error: invalid packet > gpg: keydb_get_keyblock failed: invalid keyring > gpg: validate_key_list failed > > And the trustdb is not updated, because on the next run > I get the same error. > > How can I fix this? > Or how can I find out which key it is, so I can remove it > (as workaround)? FWIW, I've been getting the same with the FreeBSD port of gnupg-1.4.2. I've reverted to using 1.4.1 for the present. G'luck, Peter -- Peter Pentchev roam@ringlet.net roam@cnsys.bg roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence was in the past tense. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20050808/216128ab/attachment.pgp From wk at gnupg.org Mon Aug 8 12:37:04 2005 From: wk at gnupg.org (Werner Koch) Date: Mon Aug 8 12:36:28 2005 Subject: Proof of email ownership In-Reply-To: <20050808073710.GA20235@prism.co.za> (Bernd Jendrissek's message of "Mon, 8 Aug 2005 09:37:10 +0200") References: <42F3DBF1.7070701@post.cz> <873bplzzd3.fsf@wheatstone.g10code.de> <20050808073710.GA20235@prism.co.za> Message-ID: <87ek94ww8f.fsf@wheatstone.g10code.de> On Mon, 8 Aug 2005 09:37:10 +0200, Bernd Jendrissek said: > Do these TXT records support having multiple keys associated with the > same email address? For example, I use D7CBA633 for "everyday" signing > and encryption, and 24EEB426 for tin foil hat applications. No. I can be extended to allow for this. The current implementation with TXT records should be considered experimental. Shalom-Salam, Werner From gnupg at dossen.dk Mon Aug 8 12:52:24 2005 From: gnupg at dossen.dk (Mads Laursen) Date: Mon Aug 8 13:27:33 2005 Subject: Proof of email ownership In-Reply-To: <873bplzzd3.fsf@wheatstone.g10code.de> References: <42F3DBF1.7070701@post.cz> <873bplzzd3.fsf@wheatstone.g10code.de> Message-ID: <20050808105224.GA24287@leela.local.dossen.dk> On 07/08/05 14.48, Werner Koch wrote: > Hi! > > Let me note that I am currently working on a simplified key validation > scheme. The basic idea is to connect a signature to an DNS entry. Is this only for signatures, or will there also be a method to put this notation in a key, or would that be useless? /dossen -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 250 bytes Desc: not available Url : /pipermail/attachments/20050808/c66930d5/attachment.pgp From jas at extundo.com Mon Aug 8 14:24:50 2005 From: jas at extundo.com (Simon Josefsson) Date: Mon Aug 8 14:33:02 2005 Subject: Proof of email ownership In-Reply-To: <873bplzzd3.fsf__47521.913299761$1123419179$gmane$org@wheatstone.g10code.de> (Werner Koch's message of "Sun, 07 Aug 2005 14:48:56 +0200") References: <42F3DBF1.7070701@post.cz> <873bplzzd3.fsf__47521.913299761$1123419179$gmane$org@wheatstone.g10code.de> Message-ID: Werner Koch writes: > To create a signature on an email (or any other data) you would use: > > gpg -s -Npka-address@gnupg.org=werner@example.org foo I get this: jas@latte:~$ gpg -s -Npka-address@gnupg.org=jas@extundo.com foo You need a passphrase to unlock the secret key for user: ?Simon Josefsson ? 1280-bit RSA key, ID B565716F, created 2002-05-05 gpg: can't put notation data into v3 (PGP 2.x style) signatures jas@latte:~$ Is my key unusable with this scheme? From jas at extundo.com Mon Aug 8 14:03:07 2005 From: jas at extundo.com (Simon Josefsson) Date: Mon Aug 8 14:33:27 2005 Subject: Proof of email ownership In-Reply-To: <87ek94ww8f.fsf__24143.8634846874$1123497820$gmane$org@wheatstone.g10code.de> (Werner Koch's message of "Mon, 08 Aug 2005 12:37:04 +0200") References: <42F3DBF1.7070701@post.cz> <873bplzzd3.fsf@wheatstone.g10code.de> <20050808073710.GA20235@prism.co.za> <87ek94ww8f.fsf__24143.8634846874$1123497820$gmane$org@wheatstone.g10code.de> Message-ID: Werner Koch writes: > On Mon, 8 Aug 2005 09:37:10 +0200, Bernd Jendrissek said: > >> Do these TXT records support having multiple keys associated with the >> same email address? For example, I use D7CBA633 for "everyday" signing >> and encryption, and 24EEB426 for tin foil hat applications. > > No. I can be extended to allow for this. The current implementation > with TXT records should be considered experimental. You could have multiple TXT records, one for each key. Would that work? From wk at gnupg.org Mon Aug 8 15:35:18 2005 From: wk at gnupg.org (Werner Koch) Date: Mon Aug 8 15:36:26 2005 Subject: Proof of email ownership In-Reply-To: (Simon Josefsson's message of "Mon, 08 Aug 2005 14:24:50 +0200") References: <42F3DBF1.7070701@post.cz> <873bplzzd3.fsf__47521.913299761$1123419179$gmane$org@wheatstone.g10code.de> Message-ID: <87slxkv9ex.fsf@wheatstone.g10code.de> On Mon, 08 Aug 2005 14:24:50 +0200, Simon Josefsson said: > gpg: can't put notation data into v3 (PGP 2.x style) signatures > jas@latte:~$ > Is my key unusable with this scheme? For better compatibility with pre OpenPGP implementations, gpg creates v3 signatures with v3 keys (yours). v3 signatures can't carry notation data. Use --force-v4-sigs to override this. Salam-Shalom, Werner From dsrbecky at gmail.com Mon Aug 8 17:13:49 2005 From: dsrbecky at gmail.com (David Srbecky) Date: Mon Aug 8 17:09:14 2005 Subject: Automaticaly import public keys by e-mails Message-ID: <42F776AD.8050500@gmail.com> Hello, I have a long list of emails. I want to look them up on a keyserver and automatically import any matches. I tried gpg --search-keys mail@gmail.com < input.txt where input.txt is "1,2,3,4,5\n" but it did not work. Thanks for help. David -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2781 bytes Desc: S/MIME Cryptographic Signature Url : /pipermail/attachments/20050808/14b3f62d/smime.bin From eocsor at gmail.com Mon Aug 8 18:44:24 2005 From: eocsor at gmail.com (Roscoe) Date: Mon Aug 8 18:40:22 2005 Subject: Automaticaly import public keys by e-mails In-Reply-To: <42F776AD.8050500@gmail.com> References: <42F776AD.8050500@gmail.com> Message-ID: Well, I don't know about a pure gnupg way but where theres a idea theres a broken piece of sh script trying to implement it! And without further ado I present my broken piece of sh script: $ cat > emaillist dsrbecky@gmail.com eocsor@gmail.com $ for i in `cat emaillist`; do lynx -dump "http://stinkfoot.org:11371/pks/looku p?op=index&search=$i"|grep '1. http://'|awk '{print $2}'|xargs lynx -dump|gpg -- import; done gpg: key 2DC6523A: public key "David Srbecky " imported gpg: Total number processed: 1 gpg: imported: 1 gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model gpg: depth: 0 valid: 4 signed: 4 trust: 0-, 0q, 0n, 0m, 0f, 4u gpg: depth: 1 valid: 4 signed: 0 trust: 1-, 0q, 0n, 3m, 0f, 0u gpg: next trustdb check due at 2005-10-06 gpg: key 699B3EBE: "Roscoe " not changed gpg: Total number processed: 1 gpg: unchanged: 1 $ That might not be immediately usable, but you get the idea :) On 8/9/05, David Srbecky wrote: > Hello, > > I have a long list of emails. I want to look them up on a keyserver and > automatically import any matches. > > I tried > > gpg --search-keys mail@gmail.com < input.txt > > where input.txt is "1,2,3,4,5\n" > but it did not work. > > > Thanks for help. > > David > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > > > From jharris at widomaker.com Mon Aug 8 20:25:27 2005 From: jharris at widomaker.com (Jason Harris) Date: Mon Aug 8 20:21:14 2005 Subject: validate_key_list failed In-Reply-To: <20050808093307.GA34176@straylight.m.ringlet.net> References: <20050805141547.GC15997@dmath5.geometrie.tuwien.ac.at> <20050808093307.GA34176@straylight.m.ringlet.net> Message-ID: <20050808182526.GW358@wilma.widomaker.com> On Mon, Aug 08, 2005 at 12:33:07PM +0300, Peter Pentchev wrote: > On Fri, Aug 05, 2005 at 04:15:47PM +0200, Thomas Klausner wrote: > > After adding some keys recently, I always get: > > gpg: mpi larger than indicated length (2 bytes) > > gpg: keyring_get_keyblock: read error: invalid packet > > gpg: keyring_get_keyblock failed: invalid keyring > > How can I fix this? > > Or how can I find out which key it is, so I can remove it > > (as workaround)? > > FWIW, I've been getting the same with the FreeBSD port of gnupg-1.4.2. > I've reverted to using 1.4.1 for the present. Try running pgpring (part of mutt): %pgpring -S -k ~/.gnupg/pubring.gpg and/or pgpdump: http://www.freebsd.org/cgi/url.cgi?ports/security/pgpdump/pkg-descr %pgpdump [-i] ~/.gnupg/pubring.gpg on the keyring(s) to help find any corruption. (I've not seen any such problems on FreeBSD 4.x with GPG 1.4.2.) -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 313 bytes Desc: not available Url : /pipermail/attachments/20050808/c480e8c6/attachment-0001.pgp From dsrbecky at gmail.com Mon Aug 8 20:43:59 2005 From: dsrbecky at gmail.com (David Srbecky) Date: Mon Aug 8 20:39:19 2005 Subject: Extra information in public key Message-ID: <42F7A7EF.1020108@gmail.com> Hello, I want to provide as much information about me as possible when I send mails. I am amazed that you can save a photo as a part of you public key. How can I save more information? (telephone, address, age, etc...) David -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 254 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20050808/28ed6ef7/signature.pgp From dougb at dougbarton.net Mon Aug 8 20:08:36 2005 From: dougb at dougbarton.net (Doug Barton) Date: Mon Aug 8 21:04:09 2005 Subject: validate_key_list failed In-Reply-To: <20050808093307.GA34176@straylight.m.ringlet.net> References: <20050805141547.GC15997@dmath5.geometrie.tuwien.ac.at> <20050808093307.GA34176@straylight.m.ringlet.net> Message-ID: <42F79FA4.6040405@dougbarton.net> Peter Pentchev wrote: > FWIW, I've been getting the same with the FreeBSD port of gnupg-1.4.2. > I've reverted to using 1.4.1 for the present. I'm using 1.4.2 built from ports on both a 7-current and 4-stable system, with some pretty large keyrings, and haven't had these problems, FYI. Doug -- If you're never wrong, you're not trying hard enough From linux at codehelp.co.uk Mon Aug 8 21:09:08 2005 From: linux at codehelp.co.uk (Neil Williams) Date: Mon Aug 8 21:04:31 2005 Subject: Extra information in public key In-Reply-To: <42F7A7EF.1020108@gmail.com> References: <42F7A7EF.1020108@gmail.com> Message-ID: <200508082009.12446.linux@codehelp.co.uk> On Monday 08 August 2005 7:43 pm, David Srbecky wrote: > Hello, > > I want to provide as much information about me as possible when I send > mails. I am amazed that you can save a photo as a part of you public > key. How can I save more information? (telephone, address, age, etc...) Be careful about such information - remember that it is not just sent in your emails but stored on keyservers. Identities can be stolen and you are giving away a lot of the information that could be used to "identify" you in a new bank or loan application. Do you really want such information to be publicly viewable? Even if you include such info in a text signature block like mine below, remember that this too will be publicly archived by many mailing list archivers. Google and other engines visit such regularly updated sites very regularly. Some information just needs to remain private. -- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20050808/3e2979fc/attachment.pgp From linux at codehelp.co.uk Mon Aug 8 22:05:36 2005 From: linux at codehelp.co.uk (Neil Williams) Date: Mon Aug 8 22:00:52 2005 Subject: Extra information in public key Message-ID: <200508082105.39819.linux@codehelp.co.uk> Please send replies to the list: > Neil Williams wrote: > > On Monday 08 August 2005 7:43 pm, David Srbecky wrote: > >>Hello, > >> > >>I want to provide as much information about me as possible when I send > >>mails. I am amazed that you can save a photo as a part of you public > >>key. How can I save more information? (telephone, address, age, etc...) > > > > Be careful about such information - remember that it is not just sent in > > your emails but stored on keyservers. > > I aware of that, the same is on MSN servers, ICQ servers, and many other > locations. > > > Do you really want such information to be publicly viewable? > > I want to have the option to publish as much as I want. I *want* to > publish some information. (Say, personally I would publish my City, but > not street address. On the other hand, company manager wants to publish > everything - it is on the company website anyway) > > Is there is way of publishing additional information on the keyserver? Only in small chunks. > Some things I would like to publish are: > - The 'usual' stuff - aka ICQ servers or company vCards > - Whether I prefer to receive encrypted mail or not. > - Whether I prefer to receive signed mail or not. > - How I want to be send signatures - MIME / inline. > - URL to my public key (to remove refresh load from keyservers) > > and I am sure there are *many* more things. > I still don't see the point, but you could put a website URL in a comment. A better idea would be to simply put all the details you want on Biglumber where people using keys would *expect* to find details about you: http://www.biglumber.com/x/web?sn=Neil+Williams Some keyservers then offer a link to lookup the key on biglumber and locate all the information anyone could ever want. Try searching for my key here: http://keyserver.kjsl.com:11371/#extract and with the fingerprint displayed, a link to biglumber appears. Biglumber makes it easy to not only publicise your city but to locate others within your city and your local region and for others to find you. http://www.biglumber.com/x/web?sc=Devon http://www.biglumber.com/x/web?so=England -- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20050808/8f059549/attachment.pgp From dsrbecky at gmail.com Mon Aug 8 22:44:11 2005 From: dsrbecky at gmail.com (David Srbecky) Date: Mon Aug 8 22:39:30 2005 Subject: Extra information in public key In-Reply-To: <200508082105.39819.linux@codehelp.co.uk> References: <200508082105.39819.linux@codehelp.co.uk> Message-ID: <42F7C41B.1070901@gmail.com> >>Is there is way of publishing additional information on the keyserver? > > Only in small chunks. > Please continue... how? "User Attribute" comes to mind, but I can not find the specification. >>Some things I would like to publish are: >> - The 'usual' stuff - aka ICQ servers or company vCards >> - Whether I prefer to receive encrypted mail or not. >> - Whether I prefer to receive signed mail or not. >> - How I want to be send signatures - MIME / inline. >> - URL to my public key (to remove refresh load from keyservers) >> > > I still don't see the point The points are: - Provide some information about me - Why do people provide extensive info at ICQ? This is the same. - I do not want to annoy people and I do not want people to annoy me. Telling someone whether you like signed/encrypted messages helps. - The same holds for your preference of format. - Keyservers are not-profit - every bit of bandwidth we can save them helps. > A better idea would be to simply put all the details you want on Biglumber I already have Biglumber account, but I just can not enter all the suff above. And even if there was a giant site where I could enter all I wanted, I would still prefer to have everything saved on one place, in one public key. (But if there is such site, let me know !!! :-) ) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 254 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20050808/4e3e03e8/signature.pgp From dsrbecky at gmail.com Mon Aug 8 22:45:33 2005 From: dsrbecky at gmail.com (David Srbecky) Date: Mon Aug 8 22:40:49 2005 Subject: Extra information in public key In-Reply-To: <200508082009.12446.linux@codehelp.co.uk> References: <42F7A7EF.1020108@gmail.com> <200508082009.12446.linux@codehelp.co.uk> Message-ID: <42F7C46D.1010304@gmail.com> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 254 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20050808/c861015a/signature-0001.pgp From dsrbecky at gmail.com Mon Aug 8 23:19:01 2005 From: dsrbecky at gmail.com (David Srbecky) Date: Mon Aug 8 23:14:20 2005 Subject: Extra information in public key In-Reply-To: <42F7C7E3.2070609@joimail.com> References: <200508082105.39819.linux@codehelp.co.uk> <42F7C41B.1070901@gmail.com> <42F7C7E3.2070609@joimail.com> Message-ID: <42F7CC45.202@gmail.com> John W. Moore III wrote: > David Srbecky wrote: >> And even if there was a giant site where I could enter all I >> wanted, I would still prefer to have everything saved on one place, in >> one public key. (But if there is such site, let me know !!! :-) ) > > How about a personal WebSite with a link to it in your "Comment Line"? > I can't remember if Google offers this or not, but Yahoo does and an ID > on Yahoo would make Membership very easy for Yahoo Groups (PGP-Basics, > PGPNET, etc). > The site would have to be: - standard site used by many users - not personal site. - easy to parse - not the fancy HTML yahoo stuff (to ensure data can be automatically fetched to MUA) Let's take a look at your signature: :-) > -- > My Website: http://home.joimail.com/~johnmoore3rd/ Your website - if it was in your public key, MUA could automatically add it to your card in address book > Gossamer Spider Web of Trust: http://www.gswot.org > Open PGP Key: http://tinyurl.com/5ztc6 Your PGP key URL - if it was in your public key, GnuPG could use it to update your key without wasting keyserver bandwidth. > Encrypted Email is a Courtesy & Appreciated!! Your encryption preference - if it was in your public key, MUA could use it to automatically decide whether to encrypt mail to you. Just imagine that: My mom installs Thunderbird (in my dream with Enigmail integrated) and *just* sends you mail. Thunderbird looks up your e-mail on keyserver, downloads your public key, finds that you like encrypted mail and therefore encrypts the mail before sending. Wow!, my mom just send you an encrypted mail and does not have a clue what encryption is! ... that's my dream David -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 254 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20050808/7583da45/signature.pgp From dsrbecky at gmail.com Mon Aug 8 23:29:05 2005 From: dsrbecky at gmail.com (David Srbecky) Date: Mon Aug 8 23:24:23 2005 Subject: Automaticaly import public keys by e-mails In-Reply-To: References: <42F776AD.8050500@gmail.com> Message-ID: <42F7CEA1.1070106@gmail.com> Roscoe wrote: > Well, I don't know about a pure gnupg way but where theres a idea > theres a broken piece of sh script trying to implement it! And without > further ado I present my broken piece of sh script: > > $ cat > emaillist > dsrbecky@gmail.com > eocsor@gmail.com > $ for i in `cat emaillist`; do lynx -dump > "http://stinkfoot.org:11371/pks/looku > p?op=index&search=$i"|grep '1. http://'|awk '{print $2}'|xargs lynx > -dump|gpg -- import; done > gpg: key 2DC6523A: public key "David Srbecky " imported > gpg: Total number processed: 1 > gpg: imported: 1 > gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model > gpg: depth: 0 valid: 4 signed: 4 trust: 0-, 0q, 0n, 0m, 0f, 4u > gpg: depth: 1 valid: 4 signed: 0 trust: 1-, 0q, 0n, 3m, 0f, 0u > gpg: next trustdb check due at 2005-10-06 > gpg: key 699B3EBE: "Roscoe " not changed > gpg: Total number processed: 1 > gpg: unchanged: 1 > $ > > That might not be immediately usable, but you get the idea :) > Sorry for the late reply - I had to download, install and learn Cygwin, but it works now! Thanks! David -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 254 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20050808/d2045429/signature-0001.pgp From dsrbecky at gmail.com Tue Aug 9 00:51:02 2005 From: dsrbecky at gmail.com (David Srbecky) Date: Tue Aug 9 00:46:22 2005 Subject: Extra information in public key In-Reply-To: <42F7A7EF.1020108@gmail.com> References: <42F7A7EF.1020108@gmail.com> Message-ID: <42F7E1D6.3010009@gmail.com> Hello, I just found up-to-date RFC 2440: http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-14.txt Here is 5.12: > 5.12. User Attribute Packet (Tag 17) > > The User Attribute packet is a variation of the User ID packet. It > is capable of storing more types of data than the User ID packet > which is limited to text. Like the User ID packet, a User Attribute > packet may be certified by the key owner ("self-signed") or any > other key owner who cares to certify it. Except as noted, a User > Attribute packet may be used anywhere that a User ID packet may be > used. > > While User Attribute packets are not a required part of the OpenPGP > standard, implementations SHOULD provide at least enough > compatibility to properly handle a certification signature on the > User Attribute packet. A simple way to do this is by treating the > User Attribute packet as a User ID packet with opaque contents, but > an implementation may use any method desired. > > The User Attribute packet is made up of one or more attribute > subpackets. Each subpacket consists of a subpacket header and a > body. The header consists of: > > - the subpacket length (1, 2, or 5 octets) > > - the subpacket type (1 octet) > > and is followed by the subpacket specific data. > > The only currently defined subpacket type is 1, signifying an image. > An implementation SHOULD ignore any subpacket of a type that it does > not recognize. Subpacket types 100 through 110 are reserved for > private or experimental use. > The important sentence is the last one: there are 11 types to play with. I suggest to take pick one type between 100 and 110 and use it to store extra information. Since we may want to add various data, I suggest to store them as a series of named proprieties. The attribute format could look like this: - Magic number identifying this experimental attribute - UTF-8 Name of property 1 - Data length for property 1 - Data of property 1 - UTF-8 Name of property 2 - Data length for property 2 - Data of property 2 - etc... And the content might look like this: First name=David Last name=Srbecky Country=Czech Republic City=Usti nad Labem Telephone=+65 536 1024 ICQ=#128-256-512 Homepage url=http://www.gnupg.org/ Prefers encrypted mail=true Prefers signed mail=true Preferred encapsulation=MIME PGP key url=http://www.gnupg.org/dsrbecky/pgp.key As this attribute will contain a lot of text, it should be encapsulated in Compressed Data Packet (Tag 8). So, what do you think? David -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 254 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20050809/3ba20328/signature.pgp From greg at turnstep.com Tue Aug 9 03:45:02 2005 From: greg at turnstep.com (Greg Sabino Mullane) Date: Tue Aug 9 03:40:55 2005 Subject: Arguments for inline PGP (was: Leave clearsigned content encoding alone, how?) In-Reply-To: <87oe8d7ob2.fsf@wheatstone.g10code.de> Message-ID: <053bb08d1dc24e33eab37c491d52bd37@biglumber.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Just say no to inline PGP! Some reasons I use inline: * My email has a much better chance of reaching people whose systems bounce (or discard!) attachments. * It is easy to transfer my message to another format (such as a webpage) while keeping the signature. It is also easy for people to forward the signed message. * It never messes up in mailing list archives (although some mailing list programs now handle sig attachments properly). * It's easy to send my email from anywhere (e.g. a webmail account) by simply cutting and pasting text. * I don't keep my key on a internet-connected machine, so cutting and pasting a clearsigned message also makes life much easier. - -- Greg Sabino Mullane greg@turnstep.com PGP Key: 0x14964AC8 200508082141 http://biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8 -----BEGIN PGP SIGNATURE----- iD8DBQFC+ApXvJuQZxSWSsgRAolOAJ43Cm19NslSDsfRBPZi+KtrMkOi3QCgjlqv ipatEGZ9o/KbKN8haDPkn1c= =tqmU -----END PGP SIGNATURE----- From chd at chud.net Tue Aug 9 09:11:09 2005 From: chd at chud.net (Chris De Young) Date: Tue Aug 9 09:06:40 2005 Subject: Arguments for inline PGP (was: Leave clearsigned content encoding alone, how?) In-Reply-To: <053bb08d1dc24e33eab37c491d52bd37@biglumber.com> References: <87oe8d7ob2.fsf@wheatstone.g10code.de> <053bb08d1dc24e33eab37c491d52bd37@biglumber.com> Message-ID: <20050809071109.GT1808@dionysus.chud.net> On Tue, Aug 09, 2005 at 01:45:02AM -0000, Greg Sabino Mullane wrote: > > > Just say no to inline PGP! > > Some reasons I use inline: > > * My email has a much better chance of reaching people whose > systems bounce (or discard!) attachments. Are there really a lot of such systems? I've encountered very few that bounce messages with attachments, and if they discard attachments then your message is still intact, just unsigned. > * It is easy to transfer my message to another format (such as a > webpage) while keeping the signature. Keeping it, perhaps. Keeping it intact, not so much. Any reformatting done by a web browser (which is perfectly legitimate for the browser to do) will break the signature, of course. If you force the formatting with 
 tags, you've made a concession which allows
the MIME version to work equally well.

> It is also easy for people
> to forward the signed message.

Forwarding a MIME message (intact) is, arguably, even easier.

I see your points, but in my opinion they aren't worth giving up the
benefits of MIME -- especially in what one hopes will be a generally
applicable standard.  The ability to sign attachments gracefully isn't
the only plus, for example, but that alone seems to be enough to make
MIME a clear winner.

Cheers,
-Chris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20050809/85bb0da7/attachment.pgp
From thomas-gmane at kuehne.cn  Tue Aug  9 10:36:07 2005
From: thomas-gmane at kuehne.cn (Thomas Kuehne)
Date: Tue Aug  9 10:32:15 2005
Subject: Arguments for inline PGP
In-Reply-To: <20050809071109.GT1808__251.444339710538$1123571818$gmane$org@dionysus.chud.net>
References: <87oe8d7ob2.fsf@wheatstone.g10code.de>	<053bb08d1dc24e33eab37c491d52bd37@biglumber.com>
	<20050809071109.GT1808__251.444339710538$1123571818$gmane$org@dionysus.chud.net>
Message-ID: 

Chris De Young schrieb:

> On Tue, Aug 09, 2005 at 01:45:02AM -0000, Greg Sabino Mullane wrote:
> 
>>>Just say no to inline PGP!
>>
>>Some reasons I use inline:
>>



> I see your points, but in my opinion they aren't worth giving up the
> benefits of MIME -- especially in what one hopes will be a generally
> applicable standard.  The ability to sign attachments gracefully isn't
> the only plus, for example, but that alone seems to be enough to make
> MIME a clear winner.

Points taken - Have you ever looked at an signed (using MIME) message in
OutlookExpress? AAAARRRGGGG .....


Thomas


From alphasigmax at gmail.com  Tue Aug  9 10:49:37 2005
From: alphasigmax at gmail.com (Alphax)
Date: Tue Aug  9 10:47:13 2005
Subject: Arguments for inline PGP
In-Reply-To: 
References: <87oe8d7ob2.fsf@wheatstone.g10code.de>
	<053bb08d1dc24e33eab37c491d52bd37@biglumber.com>
	<20050809071109.GT1808__251.444339710538$1123571818$gmane$org@dionysus.chud.net>
	
Message-ID: <42F86E21.5050106@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Thomas Kuehne wrote:
> Points taken - Have you ever looked at an signed (using MIME) message in
> OutlookExpress? AAAARRRGGGG .....
> 
> 
> Thomas
> 

Sorry, I've never used Lookout.

- --
Alphax                      |   /"\
Encrypted Email Preferred   |   \ /     ASCII Ribbon Campaign
OpenPGP key ID: 0xF874C613  |    X   Against HTML email & vCards
http://tinyurl.com/cc9up    |   / \
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFC+G4h/RxM5Ph0xhMRAzNzAJ9Lu8ojSea3TJd8gqR5nvD4sDLrRgCcDnAP
Nvl6UF3csBfalTz5MUTE6pk=
=ZWq3
-----END PGP SIGNATURE-----

From thomas-gmane at kuehne.cn  Tue Aug  9 13:43:40 2005
From: thomas-gmane at kuehne.cn (Thomas Kuehne)
Date: Tue Aug  9 13:40:52 2005
Subject: Arguments for inline PGP
In-Reply-To: <42F86E21.5050106__49114.9024143398$1123577725$gmane$org@gmail.com>
References: <87oe8d7ob2.fsf@wheatstone.g10code.de>	<053bb08d1dc24e33eab37c491d52bd37@biglumber.com>	<20050809071109.GT1808__251.444339710538$1123571818$gmane$org@dionysus.chud.net>	
	<42F86E21.5050106__49114.9024143398$1123577725$gmane$org@gmail.com>
Message-ID: 

Alphax schrieb:

> Thomas Kuehne wrote:
> 
>>>Points taken - Have you ever looked at an signed (using MIME) message in
>>>OutlookExpress? AAAARRRGGGG .....
> 
> Sorry, I've never used Lookout.

The attachment is a snapshoot of David Srbecky's recent MIME signed post
"Re: Extra information in public key" to this list.

If the MIME declaration is change from

multipart/signed; micalg=pgp-sha1; ...

to

multipart/mixed; micalg=pgp-sha1; ...

OutlookExpress displays the message just like Mozilla or KMail without
encryption plugins.

Thomas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OutlookExpress-PGP-signed.gif
Type: image/gif
Size: 28740 bytes
Desc: not available
Url : /pipermail/attachments/20050809/3a22ab48/OutlookExpress-PGP-signed-0001.gif
From dsrbecky at gmail.com  Tue Aug  9 13:59:15 2005
From: dsrbecky at gmail.com (David Srbecky)
Date: Tue Aug  9 13:54:41 2005
Subject: Arguments for inline PGP
In-Reply-To: 
References: <87oe8d7ob2.fsf@wheatstone.g10code.de>	<053bb08d1dc24e33eab37c491d52bd37@biglumber.com>	<20050809071109.GT1808__251.444339710538$1123571818$gmane$org@dionysus.chud.net>		<42F86E21.5050106__49114.9024143398$1123577725$gmane$org@gmail.com>
	
Message-ID: <42F89A93.6090300@gmail.com>

Thomas Kuehne wrote:
> Alphax schrieb:
> 
> 
>>Thomas Kuehne wrote:
>>
>>
>>>>Points taken - Have you ever looked at an signed (using MIME) message in
>>>>OutlookExpress? AAAARRRGGGG .....
>>
>>Sorry, I've never used Lookout.
> 
> 
> The attachment is a snapshoot of David Srbecky's recent MIME signed post
> "Re: Extra information in public key" to this list.
> 
> If the MIME declaration is change from
> 
> multipart/signed; micalg=pgp-sha1; ...
> 
> to
> 
> multipart/mixed; micalg=pgp-sha1; ...
> 
> OutlookExpress displays the message just like Mozilla or KMail without
> encryption plugins.

Sorry for that. I do not know that happened. (Could it be some misuse of 
"Edit as New..."?)

I do not use inline because I find the extra stuff annoying. However, 
MIME can look really nasty too. That's I would prefer to save the 
signature in the mail headers.

David Srbecky
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20050809/a604ffac/signature.pgp
From mwood at IUPUI.Edu  Tue Aug  9 15:22:33 2005
From: mwood at IUPUI.Edu (Mark H. Wood)
Date: Tue Aug  9 15:18:02 2005
Subject: validate_key_list failed
In-Reply-To: <42F79FA4.6040405@dougbarton.net>
References: <20050805141547.GC15997@dmath5.geometrie.tuwien.ac.at>
	<20050808093307.GA34176@straylight.m.ringlet.net>
	<42F79FA4.6040405@dougbarton.net>
Message-ID: 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Me, too. :-/ I completely emptied my public keyring, one key at a time,
looking for the damage and never found it.  Eventually I renamed the empty
file away and built a new one, and now I have no more trouble.

I don't know whether a keyring file is supposed to shrink when substantial
numbers of keys are removed, but it never did.

- -- 
Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
Open-source executable:  $0.00.  Source:  $0.00  Control:  priceless!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/

iD8DBQFC+K4ds/NR4JuTKG8RAgFDAJ0dKzS38oA8+RL9lM9NVgu/0v67wQCffQfe
28f7fTe5Gv9eMOURoIdnrE0=
=Q/GM
-----END PGP SIGNATURE-----

From wk at gnupg.org  Tue Aug  9 15:22:58 2005
From: wk at gnupg.org (Werner Koch)
Date: Tue Aug  9 15:21:35 2005
Subject: Proof of email ownership
In-Reply-To: <20050808183433.GB9880@wonderland.linux.it> (Marco d'Itri's
	message of "Mon, 8 Aug 2005 20:34:33 +0200")
References: <20050807141713.35742.qmail@web33904.mail.mud.yahoo.com>
	<87br48ykmg.fsf@wheatstone.g10code.de>
	<20050808183433.GB9880@wonderland.linux.it>
Message-ID: <87acjrtfbh.fsf@wheatstone.g10code.de>

On Mon, 8 Aug 2005 20:34:33 +0200, Marco d'Itri said:

> How does this interact with DKIM?

DKIM does not work.  For example, their canonicalization is broken and
one can easily fake a MIME message.


Shalom-Salam,

   Werner



From dshaw at jabberwocky.com  Tue Aug  9 15:19:58 2005
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue Aug  9 15:22:32 2005
Subject: Multiple self signatures
In-Reply-To: 
References: 
Message-ID: <20050809131958.GA9476@jabberwocky.com>

On Thu, Jul 28, 2005 at 11:33:24PM +0200, Tobias Eichert wrote:
> Hello,
> 
> I have multiple self signatures within my key and I haven't
> found a reason yet. I usually don't self-sign my key several
> times (well, at least I'm not aware of it). :)
> 
> http://pgpkeys.pca.dfn.de:11371/pks/lookup?op=vindex&fingerprint=on&search=0x7E9154BFDA817013
> 
> How can I prevent this?

You can't, really.  Every time you change the expiration date of your
key, or change your preferences you issue a new self-signature.  The
keyservers don't delete old ones (they can't), so self sigs pile up
after a while.  They are harmless.

If it bothers you, do --edit-key and use the "clean" command.

David

From wk at gnupg.org  Tue Aug  9 15:27:01 2005
From: wk at gnupg.org (Werner Koch)
Date: Tue Aug  9 15:26:29 2005
Subject: Arguments for inline PGP
In-Reply-To:  (Thomas Kuehne's message of "Tue,
	09 Aug 2005 13:43:40 +0200")
References: <87oe8d7ob2.fsf@wheatstone.g10code.de>
	<053bb08d1dc24e33eab37c491d52bd37@biglumber.com>
	<20050809071109.GT1808__251.444339710538$1123571818$gmane$org@dionysus.chud.net>
	
	<42F86E21.5050106__49114.9024143398$1123577725$gmane$org@gmail.com>
	
Message-ID: <871x53tf4q.fsf@wheatstone.g10code.de>

On Tue, 09 Aug 2005 13:43:40 +0200, Thomas Kuehne said:

> OutlookExpress displays the message just like Mozilla or KMail without
> encryption plugins.

Use a MIME compliant MUA and not such a spam/DoS/virus vector.


Shalom-Salam,

   Werner


From alex at bofh.net.pl  Tue Aug  9 14:53:30 2005
From: alex at bofh.net.pl (Janusz A. Urbanowicz)
Date: Tue Aug  9 15:29:20 2005
Subject: validate_key_list failed
In-Reply-To: <20050808093307.GA34176@straylight.m.ringlet.net>
References: <20050805141547.GC15997@dmath5.geometrie.tuwien.ac.at>
	<20050808093307.GA34176@straylight.m.ringlet.net>
Message-ID: <20050809125329.GB6873@syjon.fantastyka.net>

On Mon, Aug 08, 2005 at 12:33:07PM +0300, Peter Pentchev wrote:
> On Fri, Aug 05, 2005 at 04:15:47PM +0200, Thomas Klausner wrote:
> > Hi!
> >
> > After adding some keys recently, I always get:
> [snip]
> > gpg: mpi larger than indicated length (2 bytes)
> > gpg: keyring_get_keyblock: read error: invalid packet
> > gpg: keyring_get_keyblock failed: invalid keyring
> > gpg: failed to rebuild keyring cache: invalid keyring
> > gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model
> > gpg: mpi larger than indicated length (2 bytes)
> > gpg: keyring_get_keyblock: read error: invalid packet
> > gpg: keydb_get_keyblock failed: invalid keyring
> > gpg: validate_key_list failed
> >
> > And the trustdb is not updated, because on the next run
> > I get the same error.
> >
> > How can I fix this?
> > Or how can I find out which key it is, so I can remove it
> > (as workaround)?
> 
> FWIW, I've been getting the same with the FreeBSD port of gnupg-1.4.2.
> I've reverted to using 1.4.1 for the present.

it is the same kind of errors that I repoted an hour ago on -devel with
subject 'keyring thrashed' - if it helps.

Alex
-- 
mors ab alto 
0x46399138

From mwood at IUPUI.Edu  Tue Aug  9 15:37:39 2005
From: mwood at IUPUI.Edu (Mark H. Wood)
Date: Tue Aug  9 15:33:08 2005
Subject: Extra information in public key
In-Reply-To: <42F7E1D6.3010009@gmail.com>
References: <42F7A7EF.1020108@gmail.com> <42F7E1D6.3010009@gmail.com>
Message-ID: 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 9 Aug 2005, David Srbecky wrote:
[snip]
> And the content might look like this:
>
> First name=David
> Last name=Srbecky
> Country=Czech Republic
> City=Usti nad Labem
> Telephone=+65 536 1024
> ICQ=#128-256-512
> Homepage url=http://www.gnupg.org/
> Prefers encrypted mail=true
> Prefers signed mail=true
> Preferred encapsulation=MIME
> PGP key url=http://www.gnupg.org/dsrbecky/pgp.key
[snip]
> So, what do you think?

I think this looks like a job for a directory service.  About half of
those attributes are already defined in some X.500 schema and could easily
be dished up via LDAP, which any recent MUA ought to understand already.
Using a directory service for directory service sounds better to me than
overloading key subpackets.  How about just one simple record (a URI?) to
provide the linkage from the key to the directory object?  (I'd be very
much surprised if there isn't an attribute ID allocated for PGP keys
already, which can effectively provide the reverse "link".)

- -- 
Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
Open-source executable:  $0.00.  Source:  $0.00  Control:  priceless!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/

iD8DBQFC+LGps/NR4JuTKG8RAvxYAJ9nu1hCD/xjiVUr1Y/uRFvQZZ2M/QCcD6KS
5bpCKFT7eKf+nOrhBV0kL5g=
=yyg7
-----END PGP SIGNATURE-----

From greg at turnstep.com  Tue Aug  9 17:26:28 2005
From: greg at turnstep.com (Greg Sabino Mullane)
Date: Tue Aug  9 17:22:24 2005
Subject: Arguments for inline PGP (was: Leave clearsigned content
	encoding alone, how?)
In-Reply-To: <20050809071109.GT1808@dionysus.chud.net>
Message-ID: <54f73e336d613b22ab6a91b2f2f6f8fd@biglumber.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>> * My email has a much better chance of reaching people whose
>> systems bounce (or discard!) attachments.

> Are there really a lot of such systems?  I've encountered very few
> that bounce messages with attachments, and if they discard attachments
> then your message is still intact, just unsigned.

I should have said "whose systems bounce (or discard!) emails with
attachments."

> * It is easy to transfer my message to another format (such as a
> webpage) while keeping the signature.

> Keeping it, perhaps.  Keeping it intact, not so much.  Any
> reformatting done by a web browser (which is perfectly legitimate for
> the browser to do) will break the signature, of course.  If you force
> the formatting with 
 tags, you've made a concession which allows
> the MIME version to work equally well.

Well, of course one uses a PRE tag, that was implied. And I don't see
how the MIME version works equally well - how would you verify a
webpage dump of a MIME stream?

> I see your points, but in my opinion they aren't worth giving up the
> benefits of MIME -- especially in what one hopes will be a generally
> applicable standard.  The ability to sign attachments gracefully isn't
> the only plus, for example, but that alone seems to be enough to make
> MIME a clear winner.

I'm not arguing giving up MIME at all - there are situations where it is
indispensable, and I even use it on some occasions. But I did want to
counter the "inline is evil and should never ever be used by anyone"
argument. :)

- --
Greg Sabino Mullane greg@turnstep.com
PGP Key: 0x14964AC8 200508091124
https://www.biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8

-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAkL4yukACgkQvJuQZxSWSshZfACgic4eyzK3o/5eUgaplSqJ7r2/
4KsAn1O91MNfSYdjHnnc5C3D5yV90+P7
=X/XW
-----END PGP SIGNATURE-----



From zvrba at globalnet.hr  Tue Aug  9 18:01:40 2005
From: zvrba at globalnet.hr (Zeljko Vrba)
Date: Tue Aug  9 17:56:42 2005
Subject: Arguments for inline PGP
In-Reply-To: <54f73e336d613b22ab6a91b2f2f6f8fd@biglumber.com>
References: <54f73e336d613b22ab6a91b2f2f6f8fd@biglumber.com>
Message-ID: <42F8D364.90109@globalnet.hr>

Greg Sabino Mullane wrote:
>
> I should have said "whose systems bounce (or discard!) emails with
> attachments."
>
I can say that I've worked in such company. Oddly enough, the server
seemed to strip only the application/pgp, or whatever the MIME type is,
replacing it with some bogus MS-TNEF attachment. Other attachments got
through just fine...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20050809/798e9c90/signature.pgp
From folkert at vanheusden.com  Tue Aug  9 18:22:57 2005
From: folkert at vanheusden.com (Folkert van Heusden)
Date: Tue Aug  9 18:18:21 2005
Subject: removing revoked or expired signatures
Message-ID: <20050809162257.GL19223@vanheusden.com>

Hi,

How can I remove revoked and/or expired signatures from my public key?
E.g. keys like these:
sig       X  CA57AD7C 2005-07-15  PGP Global Directory Verification Key


Folkert van Heusden

-- 
Auto te koop, zie: http://www.vanheusden.com/daihatsu.php
--------------------------------------------------------------------
Get your PGP/GPG key signed at www.biglumber.com!
--------------------------------------------------------------------
Phone: +31-6-41278122, PGP-key: 1F28D8AE

From list-gnupg at mikedaigle.ca  Tue Aug  9 18:38:02 2005
From: list-gnupg at mikedaigle.ca (Michael Daigle)
Date: Tue Aug  9 18:34:02 2005
Subject: Arguments for inline PGP
In-Reply-To: <54f73e336d613b22ab6a91b2f2f6f8fd@biglumber.com>
References: <54f73e336d613b22ab6a91b2f2f6f8fd@biglumber.com>
Message-ID: <42F8DBEA.6030007@mikedaigle.ca>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

In reply to Greg Sabino Mullane's message sent 2005-08-09 11:26:

>>>> * My email has a much better chance of reaching people whose 
>>>> systems bounce (or discard!) attachments.
> 
>>> Are there really a lot of such systems?  I've encountered very
>>> few that bounce messages with attachments, and if they discard
>>> attachments then your message is still intact, just unsigned.
> 
> I should have said "whose systems bounce (or discard!) emails with 
> attachments."

> I'm not arguing giving up MIME at all - there are situations where it
> is indispensable, and I even use it on some occasions. But I did want
> to counter the "inline is evil and should never ever be used by
> anyone" argument. :)

I couldn't agree more, Greg.

I primarily use inlined PGP because I'm tired of having my S/MIME signed
mail bounced back to me as undeliverable because "pkcs7 signature is
listed as a dangerous attachment on this server". What's so dangerous
about a S/MIME signature?! Apparently, it's the same danger that's
present in a PGP/MIME message - mail server admin stupidity.

It's unfortunate, but it's prevalent - and that's why inlined PGP is a
good thing. We can still retain message authentication despite the
goof-ball between us and the recipient.

Of course PGP/MIME is "superior" to inlined messages. I don't think any
of us would deny that. It's just a sad fact that it remains not well
supported by many popular MUA's, and that is further complicated by mail
server admin fear of just about any kind of attachment.

Those who don't exchange mail with commercial enterprises probably don't
suffer this fate. I don't think I've ever had a problem sending any MIME
message to any residential recipient. It's businesses I have trouble
sending to.


- --
Mike Daigle                                   http://www.mikedaigle.ca
My PGP Key                                 mailto:pgpkey@mikedaigle.ca
Gossamer Spider Web of Trust                      http://www.gswot.org

-----BEGIN PGP SIGNATURE-----
Comment: GSWoT - Gossamer Spider Web of Trust - www.gswot.org

iD8DBQFC+NvpNuccKlqTLlMRA7lyAJ9cRjBF+C+IKGUNMdUFv+LYDUw9XACfQxun
FzBXmDYQd/8FvuF1FDhWL4U=
=Dqqr
-----END PGP SIGNATURE-----

From list-gnupg at mikedaigle.ca  Tue Aug  9 18:41:14 2005
From: list-gnupg at mikedaigle.ca (Michael Daigle)
Date: Tue Aug  9 18:36:53 2005
Subject: removing revoked or expired signatures
In-Reply-To: <20050809162257.GL19223@vanheusden.com>
References: <20050809162257.GL19223@vanheusden.com>
Message-ID: <42F8DCAA.3050407@mikedaigle.ca>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

In reply to Folkert van Heusden's message sent 2005-08-09 12:22:

> How can I remove revoked and/or expired signatures from my public key?
> E.g. keys like these:
> sig       X  CA57AD7C 2005-07-15  PGP Global Directory Verification Key

Stand in the feature request line ;-)

I'd sure love my headache to end with GnuPG being able to "remove
this/these sigs" or "remove all but this/these sigs".

Don't you just love hitting your Enter key 237 times to reach that sig
you're trying to remove, only to accidentally hit Enter that 238th time
and having to quit and start over? :-S


- --
Mike Daigle                                   http://www.mikedaigle.ca
My PGP Key                                 mailto:pgpkey@mikedaigle.ca
Gossamer Spider Web of Trust                      http://www.gswot.org
Get Your Own Subdomain!                  http://www.gswot.org/yourname

-----BEGIN PGP SIGNATURE-----
Comment: GSWoT - Gossamer Spider Web of Trust - www.gswot.org

iD8DBQFC+NypNuccKlqTLlMRA95+AKDRmJlrPZwbrW6/QVEm0XAR8R1jxACdFVEu
NFzuBfyGF+i7okD2xWYjv2Y=
=Mr+b
-----END PGP SIGNATURE-----

From dshaw at jabberwocky.com  Tue Aug  9 18:49:06 2005
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue Aug  9 18:44:59 2005
Subject: removing revoked or expired signatures
In-Reply-To: <20050809162257.GL19223@vanheusden.com>
References: <20050809162257.GL19223@vanheusden.com>
Message-ID: <20050809164906.GB30785@jabberwocky.com>

On Tue, Aug 09, 2005 at 06:22:57PM +0200, Folkert van Heusden wrote:
> Hi,
> 
> How can I remove revoked and/or expired signatures from my public key?
> E.g. keys like these:
> sig       X  CA57AD7C 2005-07-15  PGP Global Directory Verification Key

gpg --edit-key (your key)
clean

David

From folkert at vanheusden.com  Tue Aug  9 19:10:02 2005
From: folkert at vanheusden.com (Folkert van Heusden)
Date: Tue Aug  9 19:05:22 2005
Subject: removing revoked or expired signatures
In-Reply-To: <20050809164906.GB30785@jabberwocky.com>
References: <20050809162257.GL19223@vanheusden.com>
	<20050809164906.GB30785@jabberwocky.com>
Message-ID: <20050809171002.GR19223@vanheusden.com>

> > How can I remove revoked and/or expired signatures from my public key?
> > E.g. keys like these:
> > sig       X  CA57AD7C 2005-07-15  PGP Global Directory Verification Key
> gpg --edit-key (your key)
> clean

Doesn't work:

0 folkert@keetweej:~$ gpg --edit-key 1f28d8ae
...
Secret key is available.
...
Command> clean

Invalid command  (try "help")


Folkert van Heusden

-- 
Auto te koop, zie: http://www.vanheusden.com/daihatsu.php
--------------------------------------------------------------------
Get your PGP/GPG key signed at www.biglumber.com!
--------------------------------------------------------------------
Phone: +31-6-41278122, PGP-key: 1F28D8AE

From mail at mark-kirchner.de  Tue Aug  9 19:09:30 2005
From: mail at mark-kirchner.de (Mark Kirchner)
Date: Tue Aug  9 19:05:40 2005
Subject: removing revoked or expired signatures
In-Reply-To: <42F8DCAA.3050407@mikedaigle.ca>
References: <20050809162257.GL19223@vanheusden.com>
	<42F8DCAA.3050407@mikedaigle.ca>
Message-ID: <1318886369.20050809190930@mark-kirchner.de>

Hi Michael,

On Tuesday, August 9, 2005, 6:41:14 PM, Michael wrote:
>> How can I remove revoked and/or expired signatures from my public key?
>> E.g. keys like these:
>> sig       X  CA57AD7C 2005-07-15  PGP Global Directory Verification Key
>
> Stand in the feature request line ;-)

It's already in there: Unusable sigs (meaning: sigs, that don't do
anything in the trust calculation) can be removed during --edit-key
with "clean sigs". (New feature in 1.4.2)

Use just "clean" to remove revoked/expired uids as well.

That can also be done automatically during import/export by setting
--import-options import-clean-sigs import-clean-uids
--export-options export-clean-sigs export-clean-uids

Note that signature revocation certificates themselves are _not_
removed (= still show up on "check"), only the corresponding
signatures.

Regards,
Mark Kirchner

-- 
_____________________________________________________________
Key (0x172C073C): http://www.mark-kirchner.de/keys/key-mk.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 183 bytes
Desc: not available
Url : /pipermail/attachments/20050809/b2df8113/attachment.pgp
From dshaw at jabberwocky.com  Tue Aug  9 19:18:07 2005
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue Aug  9 19:14:02 2005
Subject: removing revoked or expired signatures
In-Reply-To: <20050809171002.GR19223@vanheusden.com>
References: <20050809162257.GL19223@vanheusden.com>
	<20050809164906.GB30785@jabberwocky.com>
	<20050809171002.GR19223@vanheusden.com>
Message-ID: <20050809171807.GC30785@jabberwocky.com>

On Tue, Aug 09, 2005 at 07:10:02PM +0200, Folkert van Heusden wrote:
> > > How can I remove revoked and/or expired signatures from my public key?
> > > E.g. keys like these:
> > > sig       X  CA57AD7C 2005-07-15  PGP Global Directory Verification Key
> > gpg --edit-key (your key)
> > clean
> 
> Doesn't work:
> 
> 0 folkert@keetweej:~$ gpg --edit-key 1f28d8ae
> ...
> Secret key is available.
> ...
> Command> clean
> 
> Invalid command  (try "help")

Upgrade to 1.4.2.

David

From dshaw at jabberwocky.com  Tue Aug  9 19:19:04 2005
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue Aug  9 19:14:58 2005
Subject: removing revoked or expired signatures
In-Reply-To: <1318886369.20050809190930@mark-kirchner.de>
References: <20050809162257.GL19223@vanheusden.com>
	<42F8DCAA.3050407@mikedaigle.ca>
	<1318886369.20050809190930@mark-kirchner.de>
Message-ID: <20050809171904.GD30785@jabberwocky.com>

On Tue, Aug 09, 2005 at 07:09:30PM +0200, Mark Kirchner wrote:
> Hi Michael,
> 
> On Tuesday, August 9, 2005, 6:41:14 PM, Michael wrote:
> >> How can I remove revoked and/or expired signatures from my public key?
> >> E.g. keys like these:
> >> sig       X  CA57AD7C 2005-07-15  PGP Global Directory Verification Key
> >
> > Stand in the feature request line ;-)
> 
> It's already in there: Unusable sigs (meaning: sigs, that don't do
> anything in the trust calculation) can be removed during --edit-key
> with "clean sigs". (New feature in 1.4.2)
> 
> Use just "clean" to remove revoked/expired uids as well.
> 
> That can also be done automatically during import/export by setting
> --import-options import-clean-sigs import-clean-uids
> --export-options export-clean-sigs export-clean-uids
> 
> Note that signature revocation certificates themselves are _not_
> removed (= still show up on "check"), only the corresponding
> signatures.

This is required for security.  The last signature revocation is
always kept (earlier ones are removed).

David

From SThutika at Satyam.odc.ml.com  Tue Aug  9 18:40:20 2005
From: SThutika at Satyam.odc.ml.com (Thutika, Srinivas (ODC - Satyam))
Date: Tue Aug  9 19:33:38 2005
Subject: Forgot the key passowrd
Message-ID: <5967AD625B62D5118D180002A50926AB047110CC@AGNI>

Hi,

After creation of the key I forgot the pasword for that key.

Is there any way that I can get the password again.

Regards,
srini


-----Original Message-----
From: gnupg-users-bounces@gnupg.org [mailto:gnupg-users-bounces@gnupg.org]
On Behalf Of gnupg-users-request@gnupg.org
Sent: Tuesday, August 09, 2005 9:55 PM
To: gnupg-users@gnupg.org
Subject: Gnupg-users Digest, Vol 23, Issue 15


Send Gnupg-users mailing list submissions to
	gnupg-users@gnupg.org

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.gnupg.org/mailman/listinfo/gnupg-users
or, via email, send a message with subject or body 'help' to
	gnupg-users-request@gnupg.org

You can reach the person managing the list at
	gnupg-users-owner@gnupg.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Gnupg-users digest..."


Today's Topics:

   1. Re: Arguments for inline PGP (David Srbecky)
   2. Re: validate_key_list failed (Mark H. Wood)
   3. Re: Proof of email ownership (Werner Koch)
   4. Re: Multiple self signatures (David Shaw)
   5. Re: Arguments for inline PGP (Werner Koch)
   6. Re: validate_key_list failed (Janusz A. Urbanowicz)
   7. Re: Extra information in public key (Mark H. Wood)
   8. Re: Arguments for inline PGP (was: Leave clearsigned content
      encoding alone, how?) (Greg Sabino Mullane)
   9. Re: Arguments for inline PGP (Zeljko Vrba)
  10. removing revoked or expired signatures (Folkert van Heusden)


----------------------------------------------------------------------

Message: 1
Date: Tue, 09 Aug 2005 13:59:15 +0200
From: David Srbecky 
Subject: Re: Arguments for inline PGP
To: gnupg-users@gnupg.org
Message-ID: <42F89A93.6090300@gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Thomas Kuehne wrote:
> Alphax schrieb:
> 
> 
>>Thomas Kuehne wrote:
>>
>>
>>>>Points taken - Have you ever looked at an signed (using MIME) message in
>>>>OutlookExpress? AAAARRRGGGG .....
>>
>>Sorry, I've never used Lookout.
> 
> 
> The attachment is a snapshoot of David Srbecky's recent MIME signed post
> "Re: Extra information in public key" to this list.
> 
> If the MIME declaration is change from
> 
> multipart/signed; micalg=pgp-sha1; ...
> 
> to
> 
> multipart/mixed; micalg=pgp-sha1; ...
> 
> OutlookExpress displays the message just like Mozilla or KMail without
> encryption plugins.

Sorry for that. I do not know that happened. (Could it be some misuse of 
"Edit as New..."?)

I do not use inline because I find the extra stuff annoying. However, 
MIME can look really nasty too. That's I would prefer to save the 
signature in the mail headers.

David Srbecky
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20050809/a604ffac/signature-0001.pgp

------------------------------

Message: 2
Date: Tue, 9 Aug 2005 08:22:33 -0500 (EST)
From: "Mark H. Wood" 
Subject: Re: validate_key_list failed
To: GNU Privacy Guard users 
Message-ID: 
Content-Type: TEXT/PLAIN; charset=US-ASCII

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Me, too. :-/ I completely emptied my public keyring, one key at a time,
looking for the damage and never found it.  Eventually I renamed the empty
file away and built a new one, and now I have no more trouble.

I don't know whether a keyring file is supposed to shrink when substantial
numbers of keys are removed, but it never did.

- -- 
Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
Open-source executable:  $0.00.  Source:  $0.00  Control:  priceless!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/

iD8DBQFC+K4ds/NR4JuTKG8RAgFDAJ0dKzS38oA8+RL9lM9NVgu/0v67wQCffQfe
28f7fTe5Gv9eMOURoIdnrE0=
=Q/GM
-----END PGP SIGNATURE-----



------------------------------

Message: 3
Date: Tue, 09 Aug 2005 15:22:58 +0200
From: Werner Koch 
Subject: Re: Proof of email ownership
To: md@Linux.IT (Marco d'Itri)
Cc: gnupg-devel@gnupg.org, gnupg-users@gnupg.org
Message-ID: <87acjrtfbh.fsf@wheatstone.g10code.de>
Content-Type: text/plain; charset=us-ascii

On Mon, 8 Aug 2005 20:34:33 +0200, Marco d'Itri said:

> How does this interact with DKIM?

DKIM does not work.  For example, their canonicalization is broken and
one can easily fake a MIME message.


Shalom-Salam,

   Werner





------------------------------

Message: 4
Date: Tue, 9 Aug 2005 09:19:58 -0400
From: David Shaw 
Subject: Re: Multiple self signatures
To: Tobias Eichert 
Cc: gnupg-users@gnupg.org
Message-ID: <20050809131958.GA9476@jabberwocky.com>
Content-Type: text/plain; charset=us-ascii

On Thu, Jul 28, 2005 at 11:33:24PM +0200, Tobias Eichert wrote:
> Hello,
> 
> I have multiple self signatures within my key and I haven't
> found a reason yet. I usually don't self-sign my key several
> times (well, at least I'm not aware of it). :)
> 
>
http://pgpkeys.pca.dfn.de:11371/pks/lookup?op=vindex&fingerprint=on&search=0
x7E9154BFDA817013
> 
> How can I prevent this?

You can't, really.  Every time you change the expiration date of your
key, or change your preferences you issue a new self-signature.  The
keyservers don't delete old ones (they can't), so self sigs pile up
after a while.  They are harmless.

If it bothers you, do --edit-key and use the "clean" command.

David



------------------------------

Message: 5
Date: Tue, 09 Aug 2005 15:27:01 +0200
From: Werner Koch 
Subject: Re: Arguments for inline PGP
To: Thomas Kuehne 
Cc: gnupg-users@gnupg.org
Message-ID: <871x53tf4q.fsf@wheatstone.g10code.de>
Content-Type: text/plain; charset=us-ascii

On Tue, 09 Aug 2005 13:43:40 +0200, Thomas Kuehne said:

> OutlookExpress displays the message just like Mozilla or KMail without
> encryption plugins.

Use a MIME compliant MUA and not such a spam/DoS/virus vector.


Shalom-Salam,

   Werner




------------------------------

Message: 6
Date: Tue, 9 Aug 2005 14:53:30 +0200
From: "Janusz A. Urbanowicz" 
Subject: Re: validate_key_list failed
To: gnupg-users@gnupg.org
Cc: gnupg-users@gnupg.org, Thomas Klausner 
Message-ID: <20050809125329.GB6873@syjon.fantastyka.net>
Content-Type: text/plain; charset=us-ascii

On Mon, Aug 08, 2005 at 12:33:07PM +0300, Peter Pentchev wrote:
> On Fri, Aug 05, 2005 at 04:15:47PM +0200, Thomas Klausner wrote:
> > Hi!
> >
> > After adding some keys recently, I always get:
> [snip]
> > gpg: mpi larger than indicated length (2 bytes)
> > gpg: keyring_get_keyblock: read error: invalid packet
> > gpg: keyring_get_keyblock failed: invalid keyring
> > gpg: failed to rebuild keyring cache: invalid keyring
> > gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model
> > gpg: mpi larger than indicated length (2 bytes)
> > gpg: keyring_get_keyblock: read error: invalid packet
> > gpg: keydb_get_keyblock failed: invalid keyring
> > gpg: validate_key_list failed
> >
> > And the trustdb is not updated, because on the next run
> > I get the same error.
> >
> > How can I fix this?
> > Or how can I find out which key it is, so I can remove it
> > (as workaround)?
> 
> FWIW, I've been getting the same with the FreeBSD port of gnupg-1.4.2.
> I've reverted to using 1.4.1 for the present.

it is the same kind of errors that I repoted an hour ago on -devel with
subject 'keyring thrashed' - if it helps.

Alex
-- 
mors ab alto 
0x46399138



------------------------------

Message: 7
Date: Tue, 9 Aug 2005 08:37:39 -0500 (EST)
From: "Mark H. Wood" 
Subject: Re: Extra information in public key
To: GNU Privacy Guard users 
Message-ID: 
Content-Type: TEXT/PLAIN; charset=US-ASCII

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 9 Aug 2005, David Srbecky wrote:
[snip]
> And the content might look like this:
>
> First name=David
> Last name=Srbecky
> Country=Czech Republic
> City=Usti nad Labem
> Telephone=+65 536 1024
> ICQ=#128-256-512
> Homepage url=http://www.gnupg.org/
> Prefers encrypted mail=true
> Prefers signed mail=true
> Preferred encapsulation=MIME
> PGP key url=http://www.gnupg.org/dsrbecky/pgp.key
[snip]
> So, what do you think?

I think this looks like a job for a directory service.  About half of
those attributes are already defined in some X.500 schema and could easily
be dished up via LDAP, which any recent MUA ought to understand already.
Using a directory service for directory service sounds better to me than
overloading key subpackets.  How about just one simple record (a URI?) to
provide the linkage from the key to the directory object?  (I'd be very
much surprised if there isn't an attribute ID allocated for PGP keys
already, which can effectively provide the reverse "link".)

- -- 
Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
Open-source executable:  $0.00.  Source:  $0.00  Control:  priceless!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/

iD8DBQFC+LGps/NR4JuTKG8RAvxYAJ9nu1hCD/xjiVUr1Y/uRFvQZZ2M/QCcD6KS
5bpCKFT7eKf+nOrhBV0kL5g=
=yyg7
-----END PGP SIGNATURE-----



------------------------------

Message: 8
Date: Tue,  9 Aug 2005 15:26:28 -0000
From: "Greg Sabino Mullane" 
Subject: Re: Arguments for inline PGP (was: Leave clearsigned content
	encoding alone, how?)
To: gnupg-users@gnupg.org
Message-ID: <54f73e336d613b22ab6a91b2f2f6f8fd@biglumber.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>> * My email has a much better chance of reaching people whose
>> systems bounce (or discard!) attachments.

> Are there really a lot of such systems?  I've encountered very few
> that bounce messages with attachments, and if they discard attachments
> then your message is still intact, just unsigned.

I should have said "whose systems bounce (or discard!) emails with
attachments."

> * It is easy to transfer my message to another format (such as a
> webpage) while keeping the signature.

> Keeping it, perhaps.  Keeping it intact, not so much.  Any
> reformatting done by a web browser (which is perfectly legitimate for
> the browser to do) will break the signature, of course.  If you force
> the formatting with 
 tags, you've made a concession which allows
> the MIME version to work equally well.

Well, of course one uses a PRE tag, that was implied. And I don't see
how the MIME version works equally well - how would you verify a
webpage dump of a MIME stream?

> I see your points, but in my opinion they aren't worth giving up the
> benefits of MIME -- especially in what one hopes will be a generally
> applicable standard.  The ability to sign attachments gracefully isn't
> the only plus, for example, but that alone seems to be enough to make
> MIME a clear winner.

I'm not arguing giving up MIME at all - there are situations where it is
indispensable, and I even use it on some occasions. But I did want to
counter the "inline is evil and should never ever be used by anyone"
argument. :)

- --
Greg Sabino Mullane greg@turnstep.com
PGP Key: 0x14964AC8 200508091124
https://www.biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8

-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAkL4yukACgkQvJuQZxSWSshZfACgic4eyzK3o/5eUgaplSqJ7r2/
4KsAn1O91MNfSYdjHnnc5C3D5yV90+P7
=X/XW
-----END PGP SIGNATURE-----





------------------------------

Message: 9
Date: Tue, 09 Aug 2005 18:01:40 +0200
From: Zeljko Vrba 
Subject: Re: Arguments for inline PGP
To: Greg Sabino Mullane 
Cc: gnupg-users@gnupg.org
Message-ID: <42F8D364.90109@globalnet.hr>
Content-Type: text/plain; charset="iso-8859-1"

Greg Sabino Mullane wrote:
>
> I should have said "whose systems bounce (or discard!) emails with
> attachments."
>
I can say that I've worked in such company. Oddly enough, the server
seemed to strip only the application/pgp, or whatever the MIME type is,
replacing it with some bogus MS-TNEF attachment. Other attachments got
through just fine...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20050809/798e9c90/signature-0001.pgp

------------------------------

Message: 10
Date: Tue, 9 Aug 2005 18:22:57 +0200
From: Folkert van Heusden 
Subject: removing revoked or expired signatures
To: gnupg-users@gnupg.org
Message-ID: <20050809162257.GL19223@vanheusden.com>
Content-Type: text/plain; charset=us-ascii

Hi,

How can I remove revoked and/or expired signatures from my public key?
E.g. keys like these:
sig       X  CA57AD7C 2005-07-15  PGP Global Directory Verification Key


Folkert van Heusden

-- 
Auto te koop, zie: http://www.vanheusden.com/daihatsu.php
--------------------------------------------------------------------
Get your PGP/GPG key signed at www.biglumber.com!
--------------------------------------------------------------------
Phone: +31-6-41278122, PGP-key: 1F28D8AE



------------------------------

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


End of Gnupg-users Digest, Vol 23, Issue 15
*******************************************
--------------------------------------------------------

If you are not an intended recipient of this e-mail, please notify the sender, delete it and do not read, act upon, print, disclose, copy, retain or redistribute it. Click here for important additional terms relating to this e-mail.     http://www.ml.com/email_terms/
--------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 9840 bytes
Desc: not available
Url : /pipermail/attachments/20050809/2c03bee3/attachment-0001.bin
From folkert at vanheusden.com  Tue Aug  9 19:41:18 2005
From: folkert at vanheusden.com (Folkert van Heusden)
Date: Tue Aug  9 19:36:39 2005
Subject: Forgot the key passowrd
In-Reply-To: <5967AD625B62D5118D180002A50926AB047110CC@AGNI>
References: <5967AD625B62D5118D180002A50926AB047110CC@AGNI>
Message-ID: <20050809174118.GA22004@vanheusden.com>

If it is not too long (too many characters), try 'nasty':
http://www.vanheusden.com/nasty/

On Tue, Aug 09, 2005 at 10:10:20PM +0530, Thutika, Srinivas (ODC - Satyam) wrote:
> Hi,
> 
> After creation of the key I forgot the pasword for that key.
> 
> Is there any way that I can get the password again.
> 
> Regards,
> srini
> 
> 
> -----Original Message-----
> From: gnupg-users-bounces@gnupg.org [mailto:gnupg-users-bounces@gnupg.org]
> On Behalf Of gnupg-users-request@gnupg.org
> Sent: Tuesday, August 09, 2005 9:55 PM
> To: gnupg-users@gnupg.org
> Subject: Gnupg-users Digest, Vol 23, Issue 15
> 
> 
> Send Gnupg-users mailing list submissions to
> 	gnupg-users@gnupg.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> 	http://lists.gnupg.org/mailman/listinfo/gnupg-users
> or, via email, send a message with subject or body 'help' to
> 	gnupg-users-request@gnupg.org
> 
> You can reach the person managing the list at
> 	gnupg-users-owner@gnupg.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Gnupg-users digest..."
> 
> 
> Today's Topics:
> 
>    1. Re: Arguments for inline PGP (David Srbecky)
>    2. Re: validate_key_list failed (Mark H. Wood)
>    3. Re: Proof of email ownership (Werner Koch)
>    4. Re: Multiple self signatures (David Shaw)
>    5. Re: Arguments for inline PGP (Werner Koch)
>    6. Re: validate_key_list failed (Janusz A. Urbanowicz)
>    7. Re: Extra information in public key (Mark H. Wood)
>    8. Re: Arguments for inline PGP (was: Leave clearsigned content
>       encoding alone, how?) (Greg Sabino Mullane)
>    9. Re: Arguments for inline PGP (Zeljko Vrba)
>   10. removing revoked or expired signatures (Folkert van Heusden)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Tue, 09 Aug 2005 13:59:15 +0200
> From: David Srbecky 
> Subject: Re: Arguments for inline PGP
> To: gnupg-users@gnupg.org
> Message-ID: <42F89A93.6090300@gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> Thomas Kuehne wrote:
> > Alphax schrieb:
> > 
> > 
> >>Thomas Kuehne wrote:
> >>
> >>
> >>>>Points taken - Have you ever looked at an signed (using MIME) message in
> >>>>OutlookExpress? AAAARRRGGGG .....
> >>
> >>Sorry, I've never used Lookout.
> > 
> > 
> > The attachment is a snapshoot of David Srbecky's recent MIME signed post
> > "Re: Extra information in public key" to this list.
> > 
> > If the MIME declaration is change from
> > 
> > multipart/signed; micalg=pgp-sha1; ...
> > 
> > to
> > 
> > multipart/mixed; micalg=pgp-sha1; ...
> > 
> > OutlookExpress displays the message just like Mozilla or KMail without
> > encryption plugins.
> 
> Sorry for that. I do not know that happened. (Could it be some misuse of 
> "Edit as New..."?)
> 
> I do not use inline because I find the extra stuff annoying. However, 
> MIME can look really nasty too. That's I would prefer to save the 
> signature in the mail headers.
> 
> David Srbecky
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: signature.asc
> Type: application/pgp-signature
> Size: 254 bytes
> Desc: OpenPGP digital signature
> Url : /pipermail/attachments/20050809/a604ffac/signature-0001.pgp
> 
> ------------------------------
> 
> Message: 2
> Date: Tue, 9 Aug 2005 08:22:33 -0500 (EST)
> From: "Mark H. Wood" 
> Subject: Re: validate_key_list failed
> To: GNU Privacy Guard users 
> Message-ID: 
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Me, too. :-/ I completely emptied my public keyring, one key at a time,
> looking for the damage and never found it.  Eventually I renamed the empty
> file away and built a new one, and now I have no more trouble.
> 
> I don't know whether a keyring file is supposed to shrink when substantial
> numbers of keys are removed, but it never did.
> 
> - -- 
> Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
> Open-source executable:  $0.00.  Source:  $0.00  Control:  priceless!
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (GNU/Linux)
> Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/
> 
> iD8DBQFC+K4ds/NR4JuTKG8RAgFDAJ0dKzS38oA8+RL9lM9NVgu/0v67wQCffQfe
> 28f7fTe5Gv9eMOURoIdnrE0=
> =Q/GM
> -----END PGP SIGNATURE-----
> 
> 
> 
> ------------------------------
> 
> Message: 3
> Date: Tue, 09 Aug 2005 15:22:58 +0200
> From: Werner Koch 
> Subject: Re: Proof of email ownership
> To: md@Linux.IT (Marco d'Itri)
> Cc: gnupg-devel@gnupg.org, gnupg-users@gnupg.org
> Message-ID: <87acjrtfbh.fsf@wheatstone.g10code.de>
> Content-Type: text/plain; charset=us-ascii
> 
> On Mon, 8 Aug 2005 20:34:33 +0200, Marco d'Itri said:
> 
> > How does this interact with DKIM?
> 
> DKIM does not work.  For example, their canonicalization is broken and
> one can easily fake a MIME message.
> 
> 
> Shalom-Salam,
> 
>    Werner
> 
> 
> 
> 
> 
> ------------------------------
> 
> Message: 4
> Date: Tue, 9 Aug 2005 09:19:58 -0400
> From: David Shaw 
> Subject: Re: Multiple self signatures
> To: Tobias Eichert 
> Cc: gnupg-users@gnupg.org
> Message-ID: <20050809131958.GA9476@jabberwocky.com>
> Content-Type: text/plain; charset=us-ascii
> 
> On Thu, Jul 28, 2005 at 11:33:24PM +0200, Tobias Eichert wrote:
> > Hello,
> > 
> > I have multiple self signatures within my key and I haven't
> > found a reason yet. I usually don't self-sign my key several
> > times (well, at least I'm not aware of it). :)
> > 
> >
> http://pgpkeys.pca.dfn.de:11371/pks/lookup?op=vindex&fingerprint=on&search=0
> x7E9154BFDA817013
> > 
> > How can I prevent this?
> 
> You can't, really.  Every time you change the expiration date of your
> key, or change your preferences you issue a new self-signature.  The
> keyservers don't delete old ones (they can't), so self sigs pile up
> after a while.  They are harmless.
> 
> If it bothers you, do --edit-key and use the "clean" command.
> 
> David
> 
> 
> 
> ------------------------------
> 
> Message: 5
> Date: Tue, 09 Aug 2005 15:27:01 +0200
> From: Werner Koch 
> Subject: Re: Arguments for inline PGP
> To: Thomas Kuehne 
> Cc: gnupg-users@gnupg.org
> Message-ID: <871x53tf4q.fsf@wheatstone.g10code.de>
> Content-Type: text/plain; charset=us-ascii
> 
> On Tue, 09 Aug 2005 13:43:40 +0200, Thomas Kuehne said:
> 
> > OutlookExpress displays the message just like Mozilla or KMail without
> > encryption plugins.
> 
> Use a MIME compliant MUA and not such a spam/DoS/virus vector.
> 
> 
> Shalom-Salam,
> 
>    Werner
> 
> 
> 
> 
> ------------------------------
> 
> Message: 6
> Date: Tue, 9 Aug 2005 14:53:30 +0200
> From: "Janusz A. Urbanowicz" 
> Subject: Re: validate_key_list failed
> To: gnupg-users@gnupg.org
> Cc: gnupg-users@gnupg.org, Thomas Klausner 
> Message-ID: <20050809125329.GB6873@syjon.fantastyka.net>
> Content-Type: text/plain; charset=us-ascii
> 
> On Mon, Aug 08, 2005 at 12:33:07PM +0300, Peter Pentchev wrote:
> > On Fri, Aug 05, 2005 at 04:15:47PM +0200, Thomas Klausner wrote:
> > > Hi!
> > >
> > > After adding some keys recently, I always get:
> > [snip]
> > > gpg: mpi larger than indicated length (2 bytes)
> > > gpg: keyring_get_keyblock: read error: invalid packet
> > > gpg: keyring_get_keyblock failed: invalid keyring
> > > gpg: failed to rebuild keyring cache: invalid keyring
> > > gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model
> > > gpg: mpi larger than indicated length (2 bytes)
> > > gpg: keyring_get_keyblock: read error: invalid packet
> > > gpg: keydb_get_keyblock failed: invalid keyring
> > > gpg: validate_key_list failed
> > >
> > > And the trustdb is not updated, because on the next run
> > > I get the same error.
> > >
> > > How can I fix this?
> > > Or how can I find out which key it is, so I can remove it
> > > (as workaround)?
> > 
> > FWIW, I've been getting the same with the FreeBSD port of gnupg-1.4.2.
> > I've reverted to using 1.4.1 for the present.
> 
> it is the same kind of errors that I repoted an hour ago on -devel with
> subject 'keyring thrashed' - if it helps.
> 
> Alex
> -- 
> mors ab alto 
> 0x46399138
> 
> 
> 
> ------------------------------
> 
> Message: 7
> Date: Tue, 9 Aug 2005 08:37:39 -0500 (EST)
> From: "Mark H. Wood" 
> Subject: Re: Extra information in public key
> To: GNU Privacy Guard users 
> Message-ID: 
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Tue, 9 Aug 2005, David Srbecky wrote:
> [snip]
> > And the content might look like this:
> >
> > First name=David
> > Last name=Srbecky
> > Country=Czech Republic
> > City=Usti nad Labem
> > Telephone=+65 536 1024
> > ICQ=#128-256-512
> > Homepage url=http://www.gnupg.org/
> > Prefers encrypted mail=true
> > Prefers signed mail=true
> > Preferred encapsulation=MIME
> > PGP key url=http://www.gnupg.org/dsrbecky/pgp.key
> [snip]
> > So, what do you think?
> 
> I think this looks like a job for a directory service.  About half of
> those attributes are already defined in some X.500 schema and could easily
> be dished up via LDAP, which any recent MUA ought to understand already.
> Using a directory service for directory service sounds better to me than
> overloading key subpackets.  How about just one simple record (a URI?) to
> provide the linkage from the key to the directory object?  (I'd be very
> much surprised if there isn't an attribute ID allocated for PGP keys
> already, which can effectively provide the reverse "link".)
> 
> - -- 
> Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
> Open-source executable:  $0.00.  Source:  $0.00  Control:  priceless!
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (GNU/Linux)
> Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/
> 
> iD8DBQFC+LGps/NR4JuTKG8RAvxYAJ9nu1hCD/xjiVUr1Y/uRFvQZZ2M/QCcD6KS
> 5bpCKFT7eKf+nOrhBV0kL5g=
> =yyg7
> -----END PGP SIGNATURE-----
> 
> 
> 
> ------------------------------
> 
> Message: 8
> Date: Tue,  9 Aug 2005 15:26:28 -0000
> From: "Greg Sabino Mullane" 
> Subject: Re: Arguments for inline PGP (was: Leave clearsigned content
> 	encoding alone, how?)
> To: gnupg-users@gnupg.org
> Message-ID: <54f73e336d613b22ab6a91b2f2f6f8fd@biglumber.com>
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> >> * My email has a much better chance of reaching people whose
> >> systems bounce (or discard!) attachments.
> 
> > Are there really a lot of such systems?  I've encountered very few
> > that bounce messages with attachments, and if they discard attachments
> > then your message is still intact, just unsigned.
> 
> I should have said "whose systems bounce (or discard!) emails with
> attachments."
> 
> > * It is easy to transfer my message to another format (such as a
> > webpage) while keeping the signature.
> 
> > Keeping it, perhaps.  Keeping it intact, not so much.  Any
> > reformatting done by a web browser (which is perfectly legitimate for
> > the browser to do) will break the signature, of course.  If you force
> > the formatting with 
 tags, you've made a concession which allows
> > the MIME version to work equally well.
> 
> Well, of course one uses a PRE tag, that was implied. And I don't see
> how the MIME version works equally well - how would you verify a
> webpage dump of a MIME stream?
> 
> > I see your points, but in my opinion they aren't worth giving up the
> > benefits of MIME -- especially in what one hopes will be a generally
> > applicable standard.  The ability to sign attachments gracefully isn't
> > the only plus, for example, but that alone seems to be enough to make
> > MIME a clear winner.
> 
> I'm not arguing giving up MIME at all - there are situations where it is
> indispensable, and I even use it on some occasions. But I did want to
> counter the "inline is evil and should never ever be used by anyone"
> argument. :)
> 
> - --
> Greg Sabino Mullane greg@turnstep.com
> PGP Key: 0x14964AC8 200508091124
> https://www.biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8
> 
> -----BEGIN PGP SIGNATURE-----
> 
> iEYEARECAAYFAkL4yukACgkQvJuQZxSWSshZfACgic4eyzK3o/5eUgaplSqJ7r2/
> 4KsAn1O91MNfSYdjHnnc5C3D5yV90+P7
> =X/XW
> -----END PGP SIGNATURE-----
> 
> 
> 
> 
> 
> ------------------------------
> 
> Message: 9
> Date: Tue, 09 Aug 2005 18:01:40 +0200
> From: Zeljko Vrba 
> Subject: Re: Arguments for inline PGP
> To: Greg Sabino Mullane 
> Cc: gnupg-users@gnupg.org
> Message-ID: <42F8D364.90109@globalnet.hr>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> Greg Sabino Mullane wrote:
> >
> > I should have said "whose systems bounce (or discard!) emails with
> > attachments."
> >
> I can say that I've worked in such company. Oddly enough, the server
> seemed to strip only the application/pgp, or whatever the MIME type is,
> replacing it with some bogus MS-TNEF attachment. Other attachments got
> through just fine...
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: signature.asc
> Type: application/pgp-signature
> Size: 254 bytes
> Desc: OpenPGP digital signature
> Url : /pipermail/attachments/20050809/798e9c90/signature-0001.pgp
> 
> ------------------------------
> 
> Message: 10
> Date: Tue, 9 Aug 2005 18:22:57 +0200
> From: Folkert van Heusden 
> Subject: removing revoked or expired signatures
> To: gnupg-users@gnupg.org
> Message-ID: <20050809162257.GL19223@vanheusden.com>
> Content-Type: text/plain; charset=us-ascii
> 
> Hi,
> 
> How can I remove revoked and/or expired signatures from my public key?
> E.g. keys like these:
> sig       X  CA57AD7C 2005-07-15  PGP Global Directory Verification Key
> 
> 
> Folkert van Heusden
> 
> -- 
> Auto te koop, zie: http://www.vanheusden.com/daihatsu.php
> --------------------------------------------------------------------
> Get your PGP/GPG key signed at www.biglumber.com!
> --------------------------------------------------------------------
> Phone: +31-6-41278122, PGP-key: 1F28D8AE
> 
> 
> 
> ------------------------------
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 
> 
> End of Gnupg-users Digest, Vol 23, Issue 15
> *******************************************
> --------------------------------------------------------
> 
> If you are not an intended recipient of this e-mail, please notify the sender, delete it and do not read, act upon, print, disclose, copy, retain or redistribute it. Click here for important additional terms relating to this e-mail.     http://www.ml.com/email_terms/
> --------------------------------------------------------


> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users



Folkert van Heusden

-- 
Auto te koop, zie: http://www.vanheusden.com/daihatsu.php
--------------------------------------------------------------------
Get your PGP/GPG key signed at www.biglumber.com!
--------------------------------------------------------------------
Phone: +31-6-41278122, PGP-key: 1F28D8AE

From holger.schuettel at gmx.de  Tue Aug  9 20:46:29 2005
From: holger.schuettel at gmx.de (=?ISO-8859-15?Q?Holger_Sch=FCttel?=)
Date: Tue Aug  9 21:42:29 2005
Subject: gpg befehle
Message-ID: <42F8FA05.3080805@gmx.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
hallo bin auf diesem sektor noch absolut blank aber irgendwie funzt
das eingeben der befehle nicht habe gnu1.4.2 und ich mu? doch eingeben
gpg_--list-keys aber dann nach [enter] erfolgt keine reaktion auf
diesen befehl. was mach ich nun falsch
mfg holger
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
 
iD8DBQFC+PoDk75lpr4l1dYRAu72AJ4lmRWmXjWvTrfsH6nFkKeDBUX7nACfWJ9V
2s5N5lsBogxllDfZzjQdC6I=
=SjJC
-----END PGP SIGNATURE-----


From pats_comp_solutions at hotpop.com  Tue Aug  9 22:35:27 2005
From: pats_comp_solutions at hotpop.com (Patrick Dickey)
Date: Tue Aug  9 22:31:31 2005
Subject: Order in which to remove a key...
Message-ID: <42F9138F.8060404@hotpop.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Hi there everyone,
   It seems I got into an issue with the key for this account.  I've
signed this e-mail, and you'll probably notice it's a bad key.  So, I
want to remove it, and create a new one.  My question is this.  Do I
revoke it first, then delete it?  And, can I do this through the
keymanager in Enigmail, or do I need to use the cmd-line?
    Also, if anyone knows how to actually fix this issue (so I don't
have to remove/recreate) the key, that would be greatly appreciated.
I think what happened (for future reference) is that I had the
password memorized for 120 minutes of idle time.  Then, I decided to
upload my other keys to keyservers (I haven't had a chance to see if
they are bad or not).  So, it tried to put this password in, and
failed.  So, I retried with the correct password, and checked the box
again on the last one.  Then I tried to send an e-mail with this key,
and that's when it started being a "Bad Signature".
    Thanks in advance for any information.
Patrick Dickey.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
 
iD8DBQFC+ROPlYHHywHZe7ARArXpAJ9W1z1JtIeZTwlHgza32jOdEt120ACfZf9t
zeS4CR+XpKExIWtqUtA+XOs=
=7dhl
-----END PGP SIGNATURE-----



From thomas-gmane at kuehne.cn  Tue Aug  9 22:30:17 2005
From: thomas-gmane at kuehne.cn (Thomas Kuehne)
Date: Tue Aug  9 22:42:03 2005
Subject: Arguments for inline PGP
In-Reply-To: <42F89A93.6090300__34267.699896782$1123589064$gmane$org@gmail.com>
References: <87oe8d7ob2.fsf@wheatstone.g10code.de>	<053bb08d1dc24e33eab37c491d52bd37@biglumber.com>	<20050809071109.GT1808__251.444339710538$1123571818$gmane$org@dionysus.chud.net>		<42F86E21.5050106__49114.9024143398$1123577725$gmane$org@gmail.com>	
	<42F89A93.6090300__34267.699896782$1123589064$gmane$org@gmail.com>
Message-ID: 

David Srbecky schrieb:

> Thomas Kuehne wrote:
> 
>> Alphax schrieb:
>>
>>
>>> Thomas Kuehne wrote:
>>>
>>>
>>>>> Points taken - Have you ever looked at an signed (using MIME)
>>>>> message in
>>>>> OutlookExpress? AAAARRRGGGG .....
>>>
>>>
>>> Sorry, I've never used Lookout.
>>
>>
>>
>> The attachment is a snapshoot of David Srbecky's recent MIME signed post
>> "Re: Extra information in public key" to this list.
>>
>> If the MIME declaration is change from
>>
>> multipart/signed; micalg=pgp-sha1; ...
>>
>> to
>>
>> multipart/mixed; micalg=pgp-sha1; ...
>>
>> OutlookExpress displays the message just like Mozilla or KMail without
>> encryption plugins.
> 
> 
> Sorry for that. I do not know that happened. (Could it be some misuse of
> "Edit as New..."?)

No, that is a bug with Outlook's MIME processing.
Likely one of the core problems keeping the MIME-versus-inlined war alive.

Thomas




From dsrbecky at gmail.com  Tue Aug  9 22:53:27 2005
From: dsrbecky at gmail.com (David Srbecky)
Date: Tue Aug  9 22:48:59 2005
Subject: Order in which to remove a key...
In-Reply-To: <42F9138F.8060404@hotpop.com>
References: <42F9138F.8060404@hotpop.com>
Message-ID: <42F917C7.2010903@gmail.com>

Patrick Dickey wrote:
> Hi there everyone,
>    It seems I got into an issue with the key for this account.  I've
> signed this e-mail, and you'll probably notice it's a bad key.  So, I
> want to remove it, and create a new one.  My question is this.  Do I
> revoke it first, then delete it?  And, can I do this through the
> keymanager in Enigmail, or do I need to use the cmd-line?
>     Also, if anyone knows how to actually fix this issue (so I don't
> have to remove/recreate) the key, that would be greatly appreciated.
> I think what happened (for future reference) is that I had the
> password memorized for 120 minutes of idle time.  Then, I decided to
> upload my other keys to keyservers (I haven't had a chance to see if
> they are bad or not).  So, it tried to put this password in, and
> failed.  So, I retried with the correct password, and checked the box
> again on the last one.  Then I tried to send an e-mail with this key,
> and that's when it started being a "Bad Signature".
>     Thanks in advance for any information.
> Patrick Dickey.

OpenPGP Security Info

UNTRUSTED Good signature from Patrick Dickey (Pats Computer Solutions) 

Key ID: 0x01D97BB0 / Signed on: 9.8.2005 22:35
Key fingerprint: D485 4A6A F3C1 38BA 798F 4E38 9581 C7CB 01D9 7BB0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20050809/61e7da62/signature-0001.pgp
From chd at chud.net  Tue Aug  9 23:24:28 2005
From: chd at chud.net (Chris De Young)
Date: Tue Aug  9 23:19:50 2005
Subject: Arguments for inline PGP
In-Reply-To: <42F8DBEA.6030007@mikedaigle.ca>
References: <54f73e336d613b22ab6a91b2f2f6f8fd@biglumber.com>
	<42F8DBEA.6030007@mikedaigle.ca>
Message-ID: <20050809212428.GB15561@dionysus.chud.net>

> I primarily use inlined PGP because I'm tired of having my S/MIME signed
> mail bounced back to me as undeliverable because "pkcs7 signature is
> listed as a dangerous attachment on this server". What's so dangerous
> about a S/MIME signature?! Apparently, it's the same danger that's
> present in a PGP/MIME message - mail server admin stupidity.
> 
> It's unfortunate, but it's prevalent - and that's why inlined PGP is a
> good thing. We can still retain message authentication despite the
> goof-ball between us and the recipient.

Why not just encrypt the mail, thus hiding the signature part from the
goofball?

As far as the problem with Outlook, don't use it, and if you have to
send mail to Outlook users who complain, there's probably no point in
signing it in the first place -- they don't care and won't ever check
it.  

Maybe there are a few who wonder enough what it is you're sending them
to go figure it out; if so, that's a win, but I doubt it happens very
often.  :)

-C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20050809/3c07353d/attachment.pgp
From johanw at vulcan.xs4all.nl  Tue Aug  9 23:51:23 2005
From: johanw at vulcan.xs4all.nl (Johan Wevers)
Date: Wed Aug 10 00:17:32 2005
Subject: Arguments for inline PGP
In-Reply-To: <42F89A93.6090300@gmail.com>
Message-ID: <200508092151.j79LpNoN002305@vulcan.xs4all.nl>

David Srbecky wrote:

>I do not use inline because I find the extra stuff annoying. However, 
>MIME can look really nasty too. That's I would prefer to save the 
>signature in the mail headers.

That would be easy to do in a X-PGP-Signature header or something similar.
The X- headers are free to use anyway. However, tha hard thing is to
convince the programmers of mail programs to support it, or someone to
write a plugin for mailers who support plugins that access headers.

-- 
ir. J.C.A. Wevers         //  Physics and science fiction site:
johanw@vulcan.xs4all.nl   //  http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

From eocsor at gmail.com  Wed Aug 10 03:27:50 2005
From: eocsor at gmail.com (Roscoe)
Date: Wed Aug 10 03:23:43 2005
Subject: Forgot the key passowrd
In-Reply-To: <20050809174118.GA22004@vanheusden.com>
References: <5967AD625B62D5118D180002A50926AB047110CC@AGNI>
	<20050809174118.GA22004@vanheusden.com>
Message-ID: 

Curious, anyone know how many passwords/second that gets?

On 8/10/05, Folkert van Heusden  wrote:
> If it is not too long (too many characters), try 'nasty':
> http://www.vanheusden.com/nasty/
> 
> On Tue, Aug 09, 2005 at 10:10:20PM +0530, Thutika, Srinivas (ODC - Satyam) wrote:

From rassilonoz-mozilla at yahoo.com.au  Wed Aug 10 03:53:02 2005
From: rassilonoz-mozilla at yahoo.com.au (Raymond)
Date: Wed Aug 10 04:53:44 2005
Subject: Order in which to remove a key...
In-Reply-To: <42F9138F.8060404@hotpop.com>
References: <42F9138F.8060404@hotpop.com>
Message-ID: <42F95DFE.2040205@yahoo.com.au>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Patrick

Patrick Dickey wrote:
> Hi there everyone,
>    It seems I got into an issue with the key for this account.  I've
> signed this e-mail, and you'll probably notice it's a bad key. 

Shows up as good to me...

UNTRUSTED Good signature from Patrick Dickey (Pats Computer Solutions)

Key ID: 0x01D97BB0 / Signed on: 10/08/2005 6:35
Key fingerprint: D485 4A6A F3C1 38BA 798F 4E38 9581 C7CB 01D9 7BB

I have a similar problem. I can get two emails from you signed with the
same key and one will be a good signature and the other won't for no
apparent reason to the same account!

Don't jump too soon as you may have to do all this over again, as for
your question at hand, I would revoke it if you have sent it to a key
server as otherwise people will not know that you are no longer using
that key (Of have I missed the point of key revocation - anyone?)

Regards,
	Raymond

- -=-=-
... I bought this tagline with all of my lottery money.
* TagZilla 0.059 * http://tagzilla.mozdev.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFC+V39EdLNsevMrJQRAruzAKDNQnVtZE3qjh0nUy+6723XnvPGDQCgpbVO
CJNbRXHJal/gmfeMkPpNu0I=
=QLAx
-----END PGP SIGNATURE-----

From rassilonoz-mozilla at yahoo.com.au  Wed Aug 10 03:48:06 2005
From: rassilonoz-mozilla at yahoo.com.au (Raymond)
Date: Wed Aug 10 04:53:53 2005
Subject: removing revoked or expired signatures
In-Reply-To: <20050809171904.GD30785@jabberwocky.com>
References: <20050809162257.GL19223@vanheusden.com>	<42F8DCAA.3050407@mikedaigle.ca>	<1318886369.20050809190930@mark-kirchner.de>
	<20050809171904.GD30785@jabberwocky.com>
Message-ID: <42F95CD6.40608@yahoo.com.au>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>Note that signature revocation certificates themselves are _not_
>>removed (= still show up on "check"), only the corresponding
>>signatures.

	Is it possible to remove a revocation certificate?

Regards,
	Raymond

- -=-=-
... ((Politically Incorrect Tagline Deleted))
* TagZilla 0.059 * http://tagzilla.mozdev.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFC+VzVEdLNsevMrJQRAk1VAJ9x0W3fhiB7FoPHlyXVfPmUC3bnZQCgk3zu
xseIi5oAL26C+/5JQxCleCg=
=EaWQ
-----END PGP SIGNATURE-----

From wk at gnupg.org  Wed Aug 10 09:02:23 2005
From: wk at gnupg.org (Werner Koch)
Date: Wed Aug 10 09:01:33 2005
Subject: removing revoked or expired signatures
In-Reply-To: <42F95CD6.40608@yahoo.com.au> (rassilonoz-mozilla@yahoo.com.au's
	message of "Wed, 10 Aug 2005 11:48:06 +1000")
References: <20050809162257.GL19223@vanheusden.com>
	<42F8DCAA.3050407@mikedaigle.ca>
	<1318886369.20050809190930@mark-kirchner.de>
	<20050809171904.GD30785@jabberwocky.com> <42F95CD6.40608@yahoo.com.au>
Message-ID: <87fytis29s.fsf@wheatstone.g10code.de>

On Wed, 10 Aug 2005 11:48:06 +1000, Raymond  said:

> 	Is it possible to remove a revocation certificate?

No.  Once issued they should not be removed.


Shalom-Salam,

   Werner


From wk at gnupg.org  Wed Aug 10 09:05:16 2005
From: wk at gnupg.org (Werner Koch)
Date: Wed Aug 10 09:06:29 2005
Subject: gpg befehle
In-Reply-To: <42F8FA05.3080805@gmx.de> (
	=?utf-8?q?Holger_Sch=C3=BCttel's_message_of?= "Tue, 09 Aug 2005 20:46:29
	+0200")
References: <42F8FA05.3080805@gmx.de>
Message-ID: <87br46s24z.fsf@wheatstone.g10code.de>

On Tue, 09 Aug 2005 20:46:29 +0200, Holger Sch?ttel said:

> hallo bin auf diesem sektor noch absolut blank aber irgendwie funzt
> das eingeben der befehle nicht habe gnu1.4.2 und ich mu? doch eingeben

Bitte hier englisch schreiben oder aber die Liste gnupg-de@gnupg.org
benutzen.

Please write in English here or direct your question to
gnupg-de@gnupg.org.


Salam-Shalom,

   Werner


From johanw at vulcan.xs4all.nl  Wed Aug 10 09:45:07 2005
From: johanw at vulcan.xs4all.nl (Johan Wevers)
Date: Wed Aug 10 09:40:50 2005
Subject: removing revoked or expired signatures
In-Reply-To: <42F95CD6.40608@yahoo.com.au>
Message-ID: <200508100745.j7A7j7n5009608@vulcan.xs4all.nl>

Raymond wrote:

>Is it possible to remove a revocation certificate?

Technically, yes. But no implementation I know of allows this because
it would make someone vulnerable for attack is someone gained access
to your machine. However, when a legitimate reason exists (accidentally
revoked a key, revocation not yet sent to keyserver and no backup
present) it can be done.

-- 
ir. J.C.A. Wevers         //  Physics and science fiction site:
johanw@vulcan.xs4all.nl   //  http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

From mail at mark-kirchner.de  Wed Aug 10 10:05:25 2005
From: mail at mark-kirchner.de (Mark Kirchner)
Date: Wed Aug 10 10:01:00 2005
Subject: removing revoked or expired signatures
In-Reply-To: <200508100745.j7A7j7n5009608@vulcan.xs4all.nl>
References: <42F95CD6.40608@yahoo.com.au>
	<200508100745.j7A7j7n5009608@vulcan.xs4all.nl>
Message-ID: <1334868092.20050810100525@mark-kirchner.de>

On Wednesday, August 10, 2005, 9:45:07 AM, Johan wrote:
>>Is it possible to remove a revocation certificate?
>
> Technically, yes. But no implementation I know of allows this

Originally, this thread was about signature revocations (not key
revocations) and they definitely can be removed with gpg (with
"delsig" during "--edit-key").

Regards,
Mark Kirchner

-- 
_____________________________________________________________
Key (0x172C073C): http://www.mark-kirchner.de/keys/key-mk.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 183 bytes
Desc: not available
Url : /pipermail/attachments/20050810/95fe174c/attachment.pgp
From folkert at vanheusden.com  Wed Aug 10 10:47:46 2005
From: folkert at vanheusden.com (Folkert van Heusden)
Date: Wed Aug 10 10:43:09 2005
Subject: Forgot the key passowrd
In-Reply-To: 
References: <5967AD625B62D5118D180002A50926AB047110CC@AGNI>
	<20050809174118.GA22004@vanheusden.com>
	
Message-ID: <20050810084746.GH22855@vanheusden.com>

IIRC 200/s on a 2.8GHz P4
I discussed improving nasty with an unnamed gpg-expert and he thought it
should be feasable to do at least a million per second. But as nasty is
a proof of concept I can't get myself motivated to improve it.

On Wed, Aug 10, 2005 at 10:57:50AM +0930, Roscoe wrote:
> Curious, anyone know how many passwords/second that gets?
> 
> On 8/10/05, Folkert van Heusden  wrote:
> > If it is not too long (too many characters), try 'nasty':
> > http://www.vanheusden.com/nasty/
> > 
> > On Tue, Aug 09, 2005 at 10:10:20PM +0530, Thutika, Srinivas (ODC - Satyam) wrote:
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users


Folkert van Heusden

-- 
Auto te koop, zie: http://www.vanheusden.com/daihatsu.php
--------------------------------------------------------------------
Get your PGP/GPG key signed at www.biglumber.com!
--------------------------------------------------------------------
Phone: +31-6-41278122, PGP-key: 1F28D8AE

From alphasigmax at gmail.com  Wed Aug 10 11:02:21 2005
From: alphasigmax at gmail.com (Alphax)
Date: Wed Aug 10 10:59:51 2005
Subject: Arguments for inline PGP
In-Reply-To: <20050809212428.GB15561@dionysus.chud.net>
References: <54f73e336d613b22ab6a91b2f2f6f8fd@biglumber.com>
	<42F8DBEA.6030007@mikedaigle.ca>
	<20050809212428.GB15561@dionysus.chud.net>
Message-ID: <42F9C29D.3030408@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Chris De Young wrote:
> Maybe there are a few who wonder enough what it is you're sending them
> to go figure it out; if so, that's a win, but I doubt it happens very
> often.  :)
> 

Don't underestimate it. I saw "Using Enigmail with Thunderbird" and went
"Ooh! I have Thunderbird! I have a potentially compatible system!" and
then read and installed stuff and discovered how OpenPGP works.

So yes, it does happen. You are speaking to the converted :)

- --
Alphax                      |   /"\
Encrypted Email Preferred   |   \ /     ASCII Ribbon Campaign
OpenPGP key ID: 0xF874C613  |    X   Against HTML email & vCards
http://tinyurl.com/cc9up    |   / \
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFC+cKc/RxM5Ph0xhMRA45nAKCogJsDOIY2433CwGs2JBggQ8yf4wCeLAdT
kgPnteKxPFWags2VwJowWLE=
=uaUB
-----END PGP SIGNATURE-----

From alphasigmax at gmail.com  Wed Aug 10 11:04:18 2005
From: alphasigmax at gmail.com (Alphax)
Date: Wed Aug 10 11:01:36 2005
Subject: Arguments for inline PGP
In-Reply-To: <42F8DBEA.6030007@mikedaigle.ca>
References: <54f73e336d613b22ab6a91b2f2f6f8fd@biglumber.com>
	<42F8DBEA.6030007@mikedaigle.ca>
Message-ID: <42F9C312.5060008@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Michael Daigle wrote:

> It's unfortunate, but it's prevalent - and that's why inlined PGP is a
> good thing. We can still retain message authentication despite the
> goof-ball between us and the recipient.

Quite often, the goof-ball *is* the recipient. At that point,

*Draw circle on desk*
*Bang head here*

- --
Alphax                      |   /"\
Encrypted Email Preferred   |   \ /     ASCII Ribbon Campaign
OpenPGP key ID: 0xF874C613  |    X   Against HTML email & vCards
http://tinyurl.com/cc9up    |   / \
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFC+cMS/RxM5Ph0xhMRAynkAJsH+CY87CSUMITi+rHEF7Q7TfFCegCgqflD
Q8SsuFb8wzXh/MePjO5Ns1w=
=PL6+
-----END PGP SIGNATURE-----

From alphasigmax at gmail.com  Wed Aug 10 11:28:55 2005
From: alphasigmax at gmail.com (Alphax)
Date: Wed Aug 10 11:26:15 2005
Subject: Forgot the key passowrd
In-Reply-To: <20050810084746.GH22855@vanheusden.com>
References: <5967AD625B62D5118D180002A50926AB047110CC@AGNI>
	<20050809174118.GA22004@vanheusden.com>
	
	<20050810084746.GH22855@vanheusden.com>
Message-ID: <42F9C8D7.9060006@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Folkert van Heusden wrote:
> IIRC 200/s on a 2.8GHz P4
> I discussed improving nasty with an unnamed gpg-expert and he thought it
> should be feasable to do at least a million per second. But as nasty is
> a proof of concept I can't get myself motivated to improve it.
> 

The password hashing is supposed to make it *difficult* to crack
passphrases, because of the computational cost!

Don't find a fast way to break them and force us all to use 200
character passphrases!

- --
Alphax                      |   /"\
Encrypted Email Preferred   |   \ /     ASCII Ribbon Campaign
OpenPGP key ID: 0xF874C613  |    X   Against HTML email & vCards
http://tinyurl.com/cc9up    |   / \
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFC+cjW/RxM5Ph0xhMRA/kBAJ44GZ2ItWPGJTry1in5Aa5mWUZNYACghLbt
DokaN4ak6NkRgp9wNbYeddw=
=Bbk6
-----END PGP SIGNATURE-----

From folkert at vanheusden.com  Wed Aug 10 11:44:04 2005
From: folkert at vanheusden.com (Folkert van Heusden)
Date: Wed Aug 10 11:39:26 2005
Subject: Forgot the key passowrd
In-Reply-To: <42F9C8D7.9060006@gmail.com>
References: <5967AD625B62D5118D180002A50926AB047110CC@AGNI>
	<20050809174118.GA22004@vanheusden.com>
	
	<20050810084746.GH22855@vanheusden.com>
	<42F9C8D7.9060006@gmail.com>
Message-ID: <20050810094404.GI22855@vanheusden.com>

> > IIRC 200/s on a 2.8GHz P4
> > I discussed improving nasty with an unnamed gpg-expert and he thought it
> > should be feasable to do at least a million per second. But as nasty is
> > a proof of concept I can't get myself motivated to improve it.
> The password hashing is supposed to make it *difficult* to crack
> passphrases, because of the computational cost!
> Don't find a fast way to break them and force us all to use 200
> character passphrases!

Apart from the fact that this is (more or less) security by obscurity
even if my program would be a million times faster, 7 characters still
would take a day.


Folkert van Heusden

-- 
Auto te koop, zie: http://www.vanheusden.com/daihatsu.php
--------------------------------------------------------------------
Get your PGP/GPG key signed at www.biglumber.com!
--------------------------------------------------------------------
Phone: +31-6-41278122, PGP-key: 1F28D8AE

From alphasigmax at gmail.com  Wed Aug 10 12:19:10 2005
From: alphasigmax at gmail.com (Alphax)
Date: Wed Aug 10 12:16:36 2005
Subject: Forgot the key passowrd
In-Reply-To: <20050810094404.GI22855@vanheusden.com>
References: <5967AD625B62D5118D180002A50926AB047110CC@AGNI>
	<20050809174118.GA22004@vanheusden.com>
	
	<20050810084746.GH22855@vanheusden.com>
	<42F9C8D7.9060006@gmail.com>
	<20050810094404.GI22855@vanheusden.com>
Message-ID: <42F9D49E.7030001@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Folkert van Heusden wrote:
>>>IIRC 200/s on a 2.8GHz P4
>>>I discussed improving nasty with an unnamed gpg-expert and he thought it
>>>should be feasable to do at least a million per second. But as nasty is
>>>a proof of concept I can't get myself motivated to improve it.
>>
>>The password hashing is supposed to make it *difficult* to crack
>>passphrases, because of the computational cost!
>>Don't find a fast way to break them and force us all to use 200
>>character passphrases!
> 
> 
> Apart from the fact that this is (more or less) security by obscurity
> even if my program would be a million times faster, 7 characters still
> would take a day.
> 

How long will 8 characters (standard unix password length) take to break
at present?

- --
Alphax                      |   /"\
Encrypted Email Preferred   |   \ /     ASCII Ribbon Campaign
OpenPGP key ID: 0xF874C613  |    X   Against HTML email & vCards
http://tinyurl.com/cc9up    |   / \
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFC+dSe/RxM5Ph0xhMRA8UbAJ9Mc/S+V9FSn+aVfdbU2TRaGB9OYQCeM8WU
dMACe2kEZ484i00ziCHoAvI=
=gxGm
-----END PGP SIGNATURE-----

From listreader at rhjensen.com  Wed Aug 10 16:58:12 2005
From: listreader at rhjensen.com (R. Jensen)
Date: Wed Aug 10 16:53:48 2005
Subject: [outlgpg] Outlook 2003 problems
Message-ID: <42FA1604.7020207@rhjensen.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Before I installed the June 16th version
I was running an older version of the GPGExch.dll (Oct. 19, 2004)
(labeled as 1.1.0.0) that had a GDGPG.dll (1.3.0.0) file as well.

Outlook's Add-in Manager doesn't seem to know how to UNINSTALL an
add-in. You can disable it, but that doesn't get rid of the entry.  :-(

I waded through the registry with regedt32 getting rid of things
with GPG or g10 in them.

I then copied the libgpgmedlgs.dll to the system directory and
ran the regsvr32 command as per the README.

Any attempt to sign a message crashes Outlook.
[Outlook 2003, SP1]

[This is on Windows XP Pro, SP2. GPG 1.4.1]
The error report that wants to go to Microsoft says:

Error signature
  AppName: outlook.exe   AppVer: 11.0.6353.0  AppStamp: 408f2937
  ModName: libgpgmedlgs.dll ModVer: 0.5.3.0   ModStamp: 42b1e2da
  fDebug: 0         )ffset: 00004367


It also appears that the preferences set on the GnuPG tab are
not saved. I set the 'Sign new messages by default', unset the
'Also encrypt message with the default key' and change the
logfile and if I stop Outlook and restart these are gone.

Can anyone help?

Richard.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFC+hYE8u8rlAV8K24RAhOQAKCL0edN8tHeejf6GkkMVRWog9VGngCgq9n7
bhFgpxrLwuwAZJWghRwufv0=
=k9FB
-----END PGP SIGNATURE-----

From cedar at 3web.net  Wed Aug 10 17:10:37 2005
From: cedar at 3web.net (cdr)
Date: Wed Aug 10 17:06:46 2005
Subject: gpg befehle
In-Reply-To: <87br46s24z.fsf@wheatstone.g10code.de>
References: <42F8FA05.3080805@gmx.de> <87br46s24z.fsf@wheatstone.g10code.de>
Message-ID: <42FA18ED.6030801@3web.net>

Werner Koch wrote:

> Please write in English here...

It is unnecessarily rude to demand that a particular language is
used on any 'net list. One writing in a language not understood
by the majority of those present will simply get fewer useful
responses: a perfectly adequate self-regulating mechanism!

cdr


From list-gnupg at mikedaigle.ca  Wed Aug 10 17:16:07 2005
From: list-gnupg at mikedaigle.ca (Michael Daigle)
Date: Wed Aug 10 17:11:37 2005
Subject: Arguments for inline PGP
In-Reply-To: <20050809212428.GB15561@dionysus.chud.net>
References: <54f73e336d613b22ab6a91b2f2f6f8fd@biglumber.com>	<42F8DBEA.6030007@mikedaigle.ca>
	<20050809212428.GB15561@dionysus.chud.net>
Message-ID: <42FA1A37.9090100@mikedaigle.ca>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

In reply to Chris De Young's message sent 2005-08-09 17:24:

>> I primarily use inlined PGP because I'm tired of having my S/MIME
>> signed mail bounced back to me as undeliverable because "pkcs7
>> signature is listed as a dangerous attachment on this server".
>> What's so dangerous about a S/MIME signature?! Apparently, it's the
>> same danger that's present in a PGP/MIME message - mail server
>> admin stupidity.
>> 
>> It's unfortunate, but it's prevalent - and that's why inlined PGP
>> is a good thing. We can still retain message authentication despite
>> the goof-ball between us and the recipient.
> 
> 
> Why not just encrypt the mail, thus hiding the signature part from
> the goofball?
> 
> As far as the problem with Outlook, don't use it, and if you have to 
> send mail to Outlook users who complain, there's probably no point in
>  signing it in the first place -- they don't care and won't ever
> check it.
> 
> Maybe there are a few who wonder enough what it is you're sending
> them to go figure it out; if so, that's a win, but I doubt it happens
> very often.  :)

I don't think your reply was to be directed to me. I don't use Outlook
(I use Thunderbird).

Why not just encrypt the mail? Of course that's the obvious solution,
and the preferred way to send mail (encrypted!!!). The problem is that
you don't possess the company's (or the particular staff members')
public key. And well, if your S/MIME signed message is being rejected,
it's a strong indication they don't use any form of secure MIME
messaging at the company, so encryption is not an option.

If you send a PGP clear-signed message, you can at least provide
yourself with message authentication (ie, if they can't quote a
verifiable message, they can't prove that's what you said).


- --
Mike Daigle                                   http://www.mikedaigle.ca
My PGP Key                                 mailto:pgpkey@mikedaigle.ca
Gossamer Spider Web of Trust                      http://www.gswot.org
Get Your Own Subdomain!                  http://www.gswot.org/yourname

-----BEGIN PGP SIGNATURE-----
Comment: GSWoT - Gossamer Spider Web of Trust - www.gswot.org

iD8DBQFC+ho2NuccKlqTLlMRA1jPAKCQFxcULcIOcf20mEEsBjWEjqcH6QCgjtBw
ufEhrNdV4f+deJTPk8xfyS8=
=VbFp
-----END PGP SIGNATURE-----

From sk4list at yahoo.com  Wed Aug 10 17:28:09 2005
From: sk4list at yahoo.com (S K)
Date: Wed Aug 10 17:23:59 2005
Subject: gpg befehle
In-Reply-To: <42FA18ED.6030801@3web.net>
Message-ID: <20050810152809.49072.qmail@web33907.mail.mud.yahoo.com>

Not when there are specific mailing lists to answer
questions asked in these:

http://www.gnupg.org/(en)/documentation/mailing-lists.html

I really woudn't want a lof of Portuguese, Spanish,
Russian or German worded questions to be asked in this
mailing list.

--- cdr  wrote:

> Werner Koch wrote:
> 
> > Please write in English here...
> 
> It is unnecessarily rude to demand that a particular
> language is
> used on any 'net list. One writing in a language not
> understood
> by the majority of those present will simply get
> fewer useful
> responses: a perfectly adequate self-regulating
> mechanism!
> 
> cdr
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 



		
____________________________________________________
Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs 
 

From listreader at rhjensen.com  Wed Aug 10 17:50:39 2005
From: listreader at rhjensen.com (R. Jensen)
Date: Wed Aug 10 17:46:01 2005
Subject: [outlgpg] Outlook 2003 problems
In-Reply-To: <42FA1604.7020207@rhjensen.com>
References: <42FA1604.7020207@rhjensen.com>
Message-ID: <42FA224F.8060005@rhjensen.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Some more information. If I send a signed message to outlook and try
to verify it, I get an error dialog:

   GPG Verify
        Invalid crypto engine

My WinPT installation verifies the signature without a problem
(from the clipboard).

Richard.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFC+iJP8u8rlAV8K24RAmanAKCxjft0i8AOV8RxcdhTxUOntvfnFACfUh2/
eIkeMCOLGhu9EW/GpO/rqPQ=
=Vp0Z
-----END PGP SIGNATURE-----

From jeroen at unfix.org  Wed Aug 10 18:33:10 2005
From: jeroen at unfix.org (Jeroen Massar)
Date: Wed Aug 10 18:28:44 2005
Subject: gpg befehle
In-Reply-To: <42FA18ED.6030801@3web.net>
References: <42F8FA05.3080805@gmx.de> <87br46s24z.fsf@wheatstone.g10code.de>
	<42FA18ED.6030801@3web.net>
Message-ID: <1123691590.14030.2.camel@firenze.zurich.ibm.com>

On Wed, 2005-08-10 at 15:10 +0000, cdr wrote:
> Werner Koch wrote:
> 
> > Please write in English here...
> 
> It is unnecessarily rude to demand that a particular language is
> used on any 'net list. One writing in a language not understood
> by the majority of those present will simply get fewer useful
> responses: a perfectly adequate self-regulating mechanism!

Which is why Werner responded in german (see * which you cut out), which
is apparently a language you did not understand, and then in english and
nicely pointed this person to the german version of the list in case the
person didn't command or didn't want to use the english language...

It would be rude if he indeed wrote only the above, but he did not do
that.

Greets/Gruetzi/Groetjes/Au Revoir/,
 Jeroen

* = http://lists.gnupg.org/pipermail/gnupg-users/2005-August/026466.html

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: This is a digitally signed message part
Url : /pipermail/attachments/20050810/cf03cd1b/attachment-0001.pgp
From sk at intertivity.com  Wed Aug 10 18:38:30 2005
From: sk at intertivity.com (Sascha Kiefer)
Date: Wed Aug 10 18:34:00 2005
Subject: GnuPg says BAD sig
Message-ID: <42FA2D86.20001@intertivity.com>

Hi.

i verify a PGP 8.1 signed message using gpg (GnuPG) 1.4.0.
It says that the message has a bad signature!
PGP Desktop 9 says that it is valid signed!
See attachment.

Regards,
Sascha


-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Title: Microsoft Security Bulletin Summary for August 2005
Issued: August 09, 2005
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=51160
********************************************************************

Summary:
========
This advisory contains information about all security updates
released this month. It is broken down by security bulletin severity.

Critical Security Bulletins
===========================

MS05-038 - Cumulative Security Update for Internet Explorer (896727)

  - Affected Software: 
    - Windows 2000 Service Pack 4
    - Windows XP Service Pack 1
    - Windows XP Service Pack 2
    - Windows XP Professional x64 Edition
    - Windows Server 2003
    - Windows Server 2003 Service Pack 1
    - Windows Server 2003 for Itanium-based Systems 
    - Windows Server 2003 with SP1 for Itanium-based Systems 
    - Windows Server 2003 x64 Edition

    - Review the FAQ section of bulletin MS05-O38 for information 
      about these operating systems:
        - Windows 98
        - Windows 98 Second Edition (SE)
        - Windows Millennium Edition (ME)

    - Impact: Remote Code Execution
    - Version Number: 1.0  


MS05-039 - Vulnerability in Plug and Play Could Allow Remote Code 
       Execution and Elevation of Privilege (899588)

  - Affected Software: 
    - Windows 2000 Service Pack 4
    - Windows XP Service Pack 1
    - Windows XP Service Pack 2
    - Windows XP Professional x64 Edition
    - Windows Server 2003
    - Windows Server 2003 Service Pack 1
    - Windows Server 2003 for Itanium-based Systems 
    - Windows Server 2003 with SP1 for Itanium-based Systems 
    - Windows Server 2003 x64 Edition

    - Impact: Remote Code Execution
    - Version Number: 1.0  


MS05-043 - Vulnerability in Print Spooler Service Could Allow Remote 
       Code Execution (896423)

  - Affected Software: 
    - Windows 2000 Service Pack 4
    - Windows XP Service Pack 1
    - Windows XP Service Pack 2
    - Windows Server 2003
    - Windows Server 2003 for Itanium-based Systems 

    - Impact: Remote Code Execution
    - Version Number: 1.0  



Important Security Bulletins
============================

MS05-040 - Vulnerability in Telephony Service Could Allow Remote 
       Code Execution (893756)


  - Affected Software: 
    - Windows 2000 Service Pack 4
    - Windows XP Service Pack 1
    - Windows XP Service Pack 2
    - Windows XP Professional x64 Edition
    - Windows Server 2003
    - Windows Server 2003 Service Pack 1
    - Windows Server 2003 for Itanium-based Systems 
    - Windows Server 2003 with SP1 for Itanium-based Systems 
    - Windows Server 2003 x64 Edition

    - Review the FAQ section of bulletin MS05-O38 for information 
      about these operating systems:
        - Windows 98
        - Windows 98 Second Edition (SE)
        - Windows Millennium Edition (ME)

    - Impact: Remote Code Execution
    - Version Number: 1.0  

    - Impact: Remote Code Execution
    - Version Number: 1.0  


Moderate Security Bulletins
===========================

MS05-041 - Vulnerability in Remote Desktop Protocol Could Allow 
       Denial of Service (899591)


  - Affected Software: 
    - Windows XP Service Pack 1
    - Windows XP Service Pack 2
    - Windows XP Professional x64 Edition
    - Windows Server 2003
    - Windows Server 2003 Service Pack 1
    - Windows Server 2003 for Itanium-based Systems 
    - Windows Server 2003 with SP1 for Itanium-based Systems 
    - Windows Server 2003 x64 Edition

    - Impact: Denial of Service
    - Version Number: 1.0  


MS05-042 - Vulnerabilities in Kerberos Could Allow Denial of Service,
Information Disclosure, and Spoofing (899587)


  - Affected Software: 
    - Windows 2000 Service Pack 4
    - Windows XP Service Pack 1
    - Windows XP Service Pack 2
    - Windows XP Professional x64 Edition
    - Windows Server 2003
    - Windows Server 2003 Service Pack 1
    - Windows Server 2003 for Itanium-based Systems 
    - Windows Server 2003 with SP1 for Itanium-based Systems 
    - Windows Server 2003 x64 Edition

    - Impact: Remote Code Execution
    - Version Number: 1.0  


Update Availability:
===================
Updates are available to address these issues.
For additional information, including Technical Details,
Workarounds, answers to Frequently Asked Questions,
and Update Deployment Information please read
the Microsoft Security Bulletin Summary for this
month at: http://go.microsoft.com/fwlink/?LinkId=51160
Support:
========
Technical support is available from Microsoft Product Support
Services at 1-866-PC SAFETY (1-866-727-2338). There is no
charge for support calls associated with security updates.
International customers can get support from their local Microsoft
subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx
 
Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
  valuable information to help you protect your network. This
  newsletter provides practical security tips, topical security
  guidance, useful resources and links, pointers to helpful
  community resources, and a forum for you to provide feedback
  and ask security-related questions.
  You can sign up for the newsletter at:

  http://www.microsoft.com/technet/security/secnews/default.mspx

* Microsoft has created a free e-mail notification service that
  serves as a supplement to the Security Notification Service
  (this e-mail). The Microsoft Security Notification Service: 
  Comprehensive Version. It provides timely notification of any 
  minor changes or revisions to previously released Microsoft 
  Security Bulletins and Security Advisories. This new service 
  provides notifications that are written for IT professionals and 
  contain technical information about the revisions to security 
  bulletins. To register visit the following Web site:

  http://www.microsoft.com/technet/security/bulletin/notify.mspx

* Join Microsoft's webcast for a live discussion of the technical
  details of these security bulletins and steps you can take
  to protect your environment. Details about the live webcast
  can be found at:  

  www.microsoft.com/technet/security/bulletin/summary.mspx

  The on-demand version of the webcast will be available 24 hours
  after the live webcast at:

  www.microsoft.com/technet/security/bulletin/summary.mspx

* Protect your PC: Microsoft has provided information on how you
  can help protect your PC at the following locations:

  http://www.microsoft.com/security/protect/

  If you receive an e-mail that claims to be distributing a
  Microsoft security update, it is a hoax that may be distributing a
  virus. Microsoft does not distribute security updates through
  e-mail. You can learn more about Microsoft's software distribution
  policies here:
  
http://www.microsoft.com/technet/security/topics/policy/swdist.mspx

Acknowledgments:
================
Microsoft thanks the following for working with us to protect
customers:

- - Bernhard Mueller and Martin Eiszner of SEC Consult   for reporting an issue described in MS05-038	

- - The NSFOCUS Security Team   for reporting
an issue 
described in MS05-038

- - Neel Mehta of ISS X-Force   for reporting an
issue 
described in MS05-039

- - Jean-Baptiste Marchand of Herve Schauer Consultants
  for 
working with us on MS05-039

- - Kostya Kortchinsky   from
CERT RENATER 
for reporting an issue described in MS05-040 and MS05-043 	

- - Tom Ferris of Security Protocols
  for 
reporting an issue described in MS05-041.	

- - Tony Chin   of Shell, Inc. for
reporting an issue 
described in MS05-042.	

- - Andre Scedrov  and his team;
Iliano 
Cervesato, Aaron Jaggard, Joe-Kai Tsay, and Chris Walstad, for
reporting an 
issue described in MS05-042 

********************************************************************
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
********************************************************************


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIUAwUBQvkQ64reEgaqVbxmAQKOfA/1E4ZoSPnBqllxJFxdbPo3IZiZIFZ+HTW7
YJxQzha3CX7usmKrDgSmqdDa4RWyoGF2Rs2hUTglJfvb6E8Ds0CkFtrEzO/ms9ql
0gELiERwxraCWWldyCOqzSQTFwWv+dHSBLrIiqonQZfje+XL1QFRy5UH50jZEsqn
Em0cHqp5HlPZT6UNQdGZCOpIzbylNuB5G3P/wKK4/mikGS16LHOJBnRxxJo/BoqD
By8g5N2sPYaR349WQf2yirNE8cN0XVpPp7REWYI0U1NjqM5a56EW/IL07oEFX1wa
tq6sTCbInsZi9f6tVPngZaUVIG9z4Cb9c5NiW/BO5PPBQe8VKK71xCCspfkCUQV/
oAP6+YJ81bq+OaRaqmsuu9hX8efnhoVpGRHqal5cS+MIuRFHgUl9M7aRTLG2YZ1a
rigChGV+tjc5l2sQWGIF83WoNs25ERkTXgsM5F9zBl2XA4uLW+XaxA0h6vUEdGIe
fkHk9kd845htjOatrnIjjMMgbkZvxzg4kwaOBiMa/39D8MBrn2Mgbf00YPserQKg
5grhXouy/0+yluEssBPfh+ndho5N+Z79Ez8hoZfzDLTAYcEpAamFMGiG0wzW5klo
Hl86fz+GUXiwmH5yIuVYNhfFoXyYMwrQmMf3/U7FPKHRukSHF8g/8vcLpmh7x+jh
WCtR+ymRmA==
=HPC2
-----END PGP SIGNATURE-----
To cancel your subscription to this newsletter, reply to this message with the word UNSUBSCRIBE in the Subject line. You can also unsubscribe at the Microsoft.com web site . You can manage all your Microsoft.com communication preferences at this site.

Legal Information .

This newsletter was sent by the Microsoft Corporation
1 Microsoft Way
Redmond, Washington, USA
98052
From malayter at gmail.com  Wed Aug 10 19:54:14 2005
From: malayter at gmail.com (Ryan Malayter)
Date: Wed Aug 10 19:50:08 2005
Subject: Forgot the key passowrd
In-Reply-To: <42F9D49E.7030001@gmail.com>
References: <5967AD625B62D5118D180002A50926AB047110CC@AGNI>
	<20050809174118.GA22004@vanheusden.com>
	
	<20050810084746.GH22855@vanheusden.com> <42F9C8D7.9060006@gmail.com>
	<20050810094404.GI22855@vanheusden.com> <42F9D49E.7030001@gmail.com>
Message-ID: <5d7f074205081010545b7c524@mail.gmail.com>

On 8/10/05, Alphax  wrote:
> How long will 8 characters (standard unix password length) take to break
> at present?

Using the supplied figure of 200 keys per second, and using only the
95 "printable" ASCII characters:
(95^8)/200 seconds. Or about 1.1 million years!

Obviously, if you know something about the structure of the password
(inlcudes words, is mostly lower case, etc.), you can trim that way
down. But 200 trials per second just isn't going to be verry effective
for a brute force attack.
--
RPM

From twoaday at gmx.net  Wed Aug 10 19:58:16 2005
From: twoaday at gmx.net (Timo Schulz)
Date: Wed Aug 10 19:56:31 2005
Subject: [outlgpg] Outlook 2003 problems
In-Reply-To: <42FA224F.8060005@rhjensen.com>
References: <42FA1604.7020207@rhjensen.com> <42FA224F.8060005@rhjensen.com>
Message-ID: <20050810175816.GC1581@daredevil.joesixpack.net>

On Wed Aug 10 2005; 10:50, R. Jensen wrote:

> to verify it, I get an error dialog:
> 
>    GPG Verify
>         Invalid crypto engine
> 
> My WinPT installation verifies the signature without a problem

I see you still use GPG 1.2.x. The plugin requires 1.4 and we will
provide an more informative error message with the next version of
the plugin.


BTW, the newest WinPT version also requires GPG 1.4.x. 



        Timo

From twoaday at gmx.net  Wed Aug 10 20:03:20 2005
From: twoaday at gmx.net (Timo Schulz)
Date: Wed Aug 10 19:56:42 2005
Subject: [outlgpg] Outlook 2003 problems
In-Reply-To: <42FA1604.7020207@rhjensen.com>
References: <42FA1604.7020207@rhjensen.com>
Message-ID: <20050810180320.GD1581@daredevil.joesixpack.net>

On Wed Aug 10 2005; 09:58, R. Jensen wrote:

> Outlook's Add-in Manager doesn't seem to know how to UNINSTALL an
> add-in. You can disable it, but that doesn't get rid of the entry.  :-(

In the case of the GPG Outlook plugin, it's no problem. Just register
the new version of gpgexch.dll and the procedure is done. Or if you
just overwrite the old gpgexch.dll, you even don't need to do this.

(make sure you also overwrite libgpgmedlgs.dll!)

 
> I then copied the libgpgmedlgs.dll to the system directory and
> ran the regsvr32 command as per the README.
> 
> Any attempt to sign a message crashes Outlook.
> [Outlook 2003, SP1]

Do you use the version 0.99.4? It is known that earlier version of
the plugin can crash O2003/SP1.
 
 
> not saved. I set the 'Sign new messages by default', unset the
> 'Also encrypt message with the default key' and change the
> logfile and if I stop Outlook and restart these are gone.

I can't confirm this right now, but I suggest to update to 0.99.4
and then try again. We will provide a new version of the plugin in
the next week.


For users who uses the plugin and it crashes Outlook, it would be
useful to have the debug output of Dr. Watson. Please compress it
before you send it because it's very large. You can either send these
reports to outlgpg@g10code.com or to me (twoaday@freakmail.de) directly.


        Timo





From listreader at rhjensen.com  Wed Aug 10 20:30:18 2005
From: listreader at rhjensen.com (R. Jensen)
Date: Wed Aug 10 20:25:46 2005
Subject: [outlgpg] Outlook 2003 problems
In-Reply-To: <20050810175816.GC1581@daredevil.joesixpack.net>
References: <42FA1604.7020207@rhjensen.com> <42FA224F.8060005@rhjensen.com>
	<20050810175816.GC1581@daredevil.joesixpack.net>
Message-ID: <42FA47BA.5010902@rhjensen.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Timo Schulz wrote:

> I see you still use GPG 1.2.x. The plugin requires 1.4 and we will
> provide an more informative error message with the next version of
> the plugin.
> 
> 
> BTW, the newest WinPT version also requires GPG 1.4.x. 

The 1.2.6 is on the Linux box where I'm running Thunderbird (1.0.6)
and Enigmail (0.92.0.0). I signed the email there, but sent it
to the Windows XP Pro box where I'm running Outlook 2003.

On the Windows box I'm running GPG 1.41.

Richard.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFC+ke68u8rlAV8K24RAu74AJ9X1yR0uWmJlaSjEPnmoaMhfe3ulgCfQ5Y0
xVPJSJSrcND9HnTrU3OqqJk=
=Ehoh
-----END PGP SIGNATURE-----

From listreader at rhjensen.com  Wed Aug 10 20:37:00 2005
From: listreader at rhjensen.com (R. Jensen)
Date: Wed Aug 10 20:32:31 2005
Subject: [outlgpg] Outlook 2003 problems
In-Reply-To: <20050810175115.84901.qmail@web52710.mail.yahoo.com>
References: <20050810175115.84901.qmail@web52710.mail.yahoo.com>
Message-ID: <42FA494C.6000500@rhjensen.com>

Richard Sperry wrote:
> The issue you have is caused from the newer version of
> GnuPG.  Timo is doing a great job of writing a newer
> version, but with all new releases it takes time to
> find the bugs. 
> 
> for a working beta of my Ol03 installer goto
> http://www.sperryservices.com/gnutools.htm
> 
> The installer takes care of some of the OL issues and
> uses the .94 plug-in for stability. 
> 
> It also has Winpt for keymanager, GnuPG 1.4.2 and
> GpgEE .  I have tried to write it stupid friendly so
> everything is set in theroy.  For security reasons  I
> set the keys and conf into the userdocs. I recomend
> using EFS if you are on XP Pro.  
> 
> I would like any feedback you have.
> 
> --Richard Sperry
> 
I looked at the page you mentioned and was curious about:

   Please note that if you are connected to a Corperate Network
   or Exchange server, you MUST contact your IT or ADMIN before
   installing!

Is this a licensing issue?
My Outlook 2003 is connected to my employer's Exchange server.
That's the only reason I even use Outlook.  :-)

Richard.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20050810/d03fe868/signature.pgp
From listreader at rhjensen.com  Wed Aug 10 20:44:38 2005
From: listreader at rhjensen.com (R. Jensen)
Date: Wed Aug 10 20:40:14 2005
Subject: [outlgpg] Outlook 2003 problems
In-Reply-To: <20050810180320.GD1581@daredevil.joesixpack.net>
References: <42FA1604.7020207@rhjensen.com>
	<20050810180320.GD1581@daredevil.joesixpack.net>
Message-ID: <42FA4B16.40506@rhjensen.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> Do you use the version 0.99.4? It is known that earlier version of
> the plugin can crash O2003/SP1.
>  
Where can I get the 0.99.4 version? I downloaded from
http://www.g10code.de/p-outlgpg.html last week and that is
the 0.99.2 version I'm having problems with. The link on that
page still seems to be for 0.99.2.
>  
> 
> For users who uses the plugin and it crashes Outlook, it would be
> useful to have the debug output of Dr. Watson. Please compress it
> before you send it because it's very large. You can either send these
> reports to outlgpg@g10code.com or to me (twoaday@freakmail.de) directly.
> 

How do I enable this?

Richard.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFC+ksW8u8rlAV8K24RAn1aAJ99GwxF4hAofjSVuciye7ENyWhEjgCfV48B
VuKjESdOcB2erZ/ymqmRf3c=
=gYum
-----END PGP SIGNATURE-----

From vedaal at hush.com  Wed Aug 10 23:18:51 2005
From: vedaal at hush.com (vedaal@hush.com)
Date: Wed Aug 10 23:14:23 2005
Subject: deluid  //  why no passphrase required ?
Message-ID: <200508102118.j7ALIseD089658@mailserver3.hushmail.com>

when adding a new userid, gnupg understandably requires a 
passphrase,

why doesn't gnupg require a passphrase when deleting a uid ?

(granted, if someone found my secring.gpg, this would be my least 
worry ;-)

but, in principle,
shouldn't all key editing functions require a passphrase ?

tia,

vedaal




Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program: 
http://www.hushmail.com/about-affiliate?l=427


From dsrbecky at gmail.com  Wed Aug 10 23:28:12 2005
From: dsrbecky at gmail.com (David Srbecky)
Date: Wed Aug 10 23:23:39 2005
Subject: deluid  //  why no passphrase required ?
In-Reply-To: <200508102118.j7ALIseD089658@mailserver3.hushmail.com>
References: <200508102118.j7ALIseD089658@mailserver3.hushmail.com>
Message-ID: <42FA716C.7040904@gmail.com>

vedaal@hush.com wrote:
> when adding a new userid, gnupg understandably requires a 
> passphrase,
> 
> why doesn't gnupg require a passphrase when deleting a uid ?
> 
> (granted, if someone found my secring.gpg, this would be my least 
> worry ;-)
> 
> but, in principle,
> shouldn't all key editing functions require a passphrase ?
> 
> tia,
> 
> vedaal

I can not agree more. I accidentally deleted my secret, that would not 
happen if it asked me to confirm it by passphrase.

David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20050810/fc4a99c3/signature.pgp
From list-gnupg at mikedaigle.ca  Wed Aug 10 23:34:53 2005
From: list-gnupg at mikedaigle.ca (Michael Daigle)
Date: Wed Aug 10 23:31:12 2005
Subject: deluid  //  why no passphrase required ?
In-Reply-To: <200508102118.j7ALIseD089658@mailserver3.hushmail.com>
References: <200508102118.j7ALIseD089658@mailserver3.hushmail.com>
Message-ID: <42FA72FD.1020108@mikedaigle.ca>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

In reply to vedaal@hush.com's message sent 2005-08-10 17:18:

> when adding a new userid, gnupg understandably requires a passphrase,
> 
> why doesn't gnupg require a passphrase when deleting a uid ?

You're not issuing a signature when deleting a uid.

> (granted, if someone found my secring.gpg, this would be my least 
> worry ;-)
> 
> but, in principle, shouldn't all key editing functions require a
> passphrase ?

What does it hurt to delete a uid, or even a key? You seem to be asking
for keyring permissions. That's beyond GnuPG's purpose. You should store
your keyrings in an appropriately secured volume if you're worried about
accidental or intentional removal of public keys or uid's.


- --
Mike Daigle                                   http://www.mikedaigle.ca
My PGP Key                                 mailto:pgpkey@mikedaigle.ca
Gossamer Spider Web of Trust                      http://www.gswot.org

-----BEGIN PGP SIGNATURE-----
Comment: GSWoT - Gossamer Spider Web of Trust - www.gswot.org

iD8DBQFC+nL8NuccKlqTLlMRA2ZoAJ46SY8nKK8jIHAzs7vQszEvKIObqACfWrnX
D9NsHb1WkgmyN8oy7tz05mQ=
=j7Bi
-----END PGP SIGNATURE-----

From vedaal at hush.com  Wed Aug 10 23:46:01 2005
From: vedaal at hush.com (vedaal@hush.com)
Date: Wed Aug 10 23:41:24 2005
Subject: deluid  // follow-up
Message-ID: <200508102146.j7ALk3gE091991@mailserver3.hushmail.com>

after looking at the deluid some more,

found that any user's uid can be deleted from the public key,
and that this appears to be open-pgp behavior

this can be useful when someone has many outdated uid's,
and the user wants only the one with the current  'real' e-mail 
address,
and wants to delete all the other ones

still,

this could lead to some abuse,
since a user could intentionally delete the 'real' uid from 
someone's public key, leave an outdated one,
and either publicly post the key , or upload that key to a new 
keyserver that did not have it before,

and an unsuspecting user, verifying that key with its signatures 
and fingerprint,
receives misleading information about the key

wouldn't it be better
where the deluid could be 'local only/non-exportable'
for user convenience,
but would require a key-owner to make deletions
(obviously cannot be implemented retro-actively,
but maybe whenever the keyserver system is modified,
it might be another issue to consider)

tia,

vedaal



Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program: 
http://www.hushmail.com/about-affiliate?l=427


From listreader at rhjensen.com  Thu Aug 11 00:06:25 2005
From: listreader at rhjensen.com (R. Jensen)
Date: Thu Aug 11 00:02:30 2005
Subject: [outlgpg] Outlook 2003 problems
In-Reply-To: <42FA4B16.40506@rhjensen.com>
References: <42FA1604.7020207@rhjensen.com>	<20050810180320.GD1581@daredevil.joesixpack.net>
	<42FA4B16.40506@rhjensen.com>
Message-ID: <42FA7A61.4010505@rhjensen.com>

R. Jensen wrote:
> 
> Where can I get the 0.99.4 version? I downloaded from
> http://www.g10code.de/p-outlgpg.html last week and that is
> the 0.99.2 version I'm having problems with. The link on that
> page still seems to be for 0.99.2.
> 

Patrick Dickey helped me with this a bit.
I downloaded:
ftp://ftp.g10code.com/g10code/outlgpg/gpgexch-dll-0.99.4.zip
and installed it. Now, in the explorer windows the dll does
show up a 0.99.4, but the tab in Outlook says 0.99.3.

It still doesn't work. Both the crash on signing and the
Invalid Crypto Engine on verification occur. And the preferences
are not saved. But now I'm getting a dialog about
"Save options in the registry". When I start Outlook, I
get one that initially says "Access is denied" and then
five more that I have to click on that say:
"Operation completed successfully".
Similarly, if I go to the tab and change options, I have
to click on five dialog boxes when I close the tab.
>>> 
>>>
>>>For users who uses the plugin and it crashes Outlook, it would be
>>>useful to have the debug output of Dr. Watson. Please compress it
>>>before you send it because it's very large. You can either send these
>>>reports to outlgpg@g10code.com or to me (twoaday@freakmail.de) directly.
>>>
> 
> 
> How do I enable this?
> 

Patrick also tried to help me with this.
I enabled Dr. Watson, but it does not come up and no log is created
when Outlook crashes. When I try to sign a message, I get a dialog
"Microsoft Office Outlook has encountered a problem and needs to close."
I have the option to send an error report to Microsoft or not.

If I go into regedt32, and go to:
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\AeDebug
I see the following values:
Auto     1
Debugger drstsn32 -p %ld -e %ld -g
(and a PreVisualStudio7Debugger with the same value)

So, it looks like Dr. Watson is enabled, but isn't getting invoked?

Richard.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20050810/a2ba5e4d/signature.pgp
From erpo41 at hotpop.com  Wed Aug 10 23:40:08 2005
From: erpo41 at hotpop.com (Eric)
Date: Thu Aug 11 00:38:51 2005
Subject: deluid  //  why no passphrase required ?
In-Reply-To: <200508102118.j7ALIseD089658@mailserver3.hushmail.com>
References: <200508102118.j7ALIseD089658@mailserver3.hushmail.com>
Message-ID: <1123710008.5715.8.camel@localhost.localdomain>

On Wed, 2005-08-10 at 14:18 -0700, vedaal@hush.com wrote:
> when adding a new userid, gnupg understandably requires a 
> passphrase,
> 
> why doesn't gnupg require a passphrase when deleting a uid ?
> 
> (granted, if someone found my secring.gpg, this would be my least 
> worry ;-)
> 
> but, in principle,
> shouldn't all key editing functions require a passphrase ?

The point of a passphrase is not to ensure data integrity. If someone
has sufficient access to your system, that person could delete your
entire secret keyring (and all of your uids) no matter how gpg
implemented passphrases. secring.gpg is just a file and it can be rm'd.

Adding a uid requires a passphrase because the new uid needs to be
signed, and that requires your secret key. Deleting a uid just means,
more or less, chopping a block of bytes out of secring.gpg.

The passphrase protects your secret key from being used by other
people. 


hth,

Eric



From hawke at hawkesnest.net  Thu Aug 11 01:16:04 2005
From: hawke at hawkesnest.net (Alex Mauer)
Date: Thu Aug 11 01:14:23 2005
Subject: imported smart-card keys
In-Reply-To: 
References: 
Message-ID: 

OK, I'm getting frustrated with the interaction with the smart card.

I have generated a new ElGamal encryption key, 0x16AF3873.

$ gpg --edit-key 51192ff2
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
Secret key is available.

pub  1024D/51192FF2  created: 2002-03-22  expires: never       usage: CS
                     trust: ultimate      validity: ultimate
sub  2048g/1DA6A1C7  created: 2003-06-27  expired: 2004-06-26  usage: E
sub  2048g/9150664F  created: 2004-07-01  expired: 2005-07-01  usage: E
sub  2048g/96FAE64B  created: 2002-03-22  expired: 2003-04-16  usage: E
sub  2048g/0193A5EB  created: 2003-04-15  expired: 2004-04-14  usage: E
sub  2048g/16AF3873  created: 2005-08-10  expires: 2006-08-10  usage: E
sub  1024R/4A1C1224  created: 2005-06-27  expires: never       usage: S
sub  1024R/F40CACBA  created: 2005-06-27  expires: never       usage: E
sub  1024R/694C9CA5  created: 2005-06-27  expires: never       usage: A

OK, so I have exactly one valid signing key available on this machine
(RSA 4A1c1224, which is on a smart card), as evidence:
$ gpg --list-secret-keys
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
/home/amauer/.gnupg/secring.gpg
-------------------------------
sec#  1024D/51192FF2 2002-03-22
ssb   2048g/1DA6A1C7 2003-06-27
ssb   2048g/9150664F 2004-07-01
ssb   2048g/16AF3873 2005-08-10

sec#  1024D/51192FF2 2002-03-22
ssb#  2048g/1DA6A1C7 2003-06-27
ssb#  2048g/9150664F 2004-07-01
ssb#  2048g/96FAE64B 2002-03-22
ssb#  2048g/0193A5EB 2003-04-15
ssb#  2048g/17804FC1 2005-08-10
ssb#  2048g/16AF3873 2005-08-10
ssb>  1024R/4A1C1224 2005-06-27
ssb>  1024R/F40CACBA 2005-06-27
ssb>  1024R/694C9CA5 2005-06-27
ssb#  1024D/3F52F59F 2004-12-13


But, when I go to sign a file (or email, or anything) I get:
$ gpg --sign test.txt
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: secret key parts are not available
gpg: no default secret key: general error
gpg: signing failed: general error

What could be causing this?

Thanks
-Alex Mauer "hawke"
-- 
Bad - You get pulled over for doing 90 in a school zone and you're drunk
off your ass again at three in the afternoon.
Worse - The cop is drunk too, and he's a mean drunk.
FUCK! - A mean drunk that's actually a swarm of semi-sentient
flesh-eating beetles.
OpenPGP key id: 0x51192FF2 @ subkeys.pgp.net


From johnmoore3rd at joimail.com  Thu Aug 11 00:59:25 2005
From: johnmoore3rd at joimail.com (John W. Moore III)
Date: Thu Aug 11 01:42:51 2005
Subject: Setting Digest-Algo in 1.4.2
Message-ID: <42FA86CD.7080102@joimail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

While polishing my settings on this new PC, I realize I've forgotten how
to set RIPEMD160 as the Hash Algo to use.  Running M$ XP with
1.4.2/Enigmail & GPGshell 3.45.  Help Appreciated!

JOHN :)
 Timestamp: Wed 10 August 2005, 06:58 PM --400 (Eastern Daylight Time)
- --
My Website:  http://home.joimail.com/~johnmoore3rd/
Gossamer Spider Web of Trust:  http://www.gswot.org
Open PGP Key:  http://tinyurl.com/5ztc6

Encrypted Email is a Courtesy & Appreciated!!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Public Key at:  http://tinyurl.com/5ztc6
Comment: Gossamer Spider Web of Trust: http://www.gswot.org
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iEYEARECAAYFAkL6hsUACgkQnCmZhrerneUcpgCgrapev0lT0AB91YkMZ5V0PFI1
GgYAoOXARzmVaEbRiXokEWPf2YbOxZjW
=BUwH
-----END PGP SIGNATURE-----

From thomas-gmane at kuehne.cn  Thu Aug 11 02:27:42 2005
From: thomas-gmane at kuehne.cn (Thomas Kuehne)
Date: Thu Aug 11 02:23:07 2005
Subject: Setting Digest-Algo in 1.4.2
In-Reply-To: <42FA86CD.7080102__20071.9537366696$1123717952$gmane$org@joimail.com>
References: <42FA86CD.7080102__20071.9537366696$1123717952$gmane$org@joimail.com>
Message-ID: 

John W. Moore III schrieb:

> While polishing my settings on this new PC, I realize I've forgotten how
> to set RIPEMD160 as the Hash Algo to use.  Running M$ XP with
> 1.4.2/Enigmail & GPGshell 3.45.  Help Appreciated!

digest-algo RIPEMD160
cert-digest-algo RIPEMD160

Thomas


From johanw at vulcan.xs4all.nl  Thu Aug 11 01:32:33 2005
From: johanw at vulcan.xs4all.nl (Johan Wevers)
Date: Thu Aug 11 02:29:58 2005
Subject: deluid  //  why no passphrase required ?
In-Reply-To: <1123710008.5715.8.camel@localhost.localdomain>
Message-ID: <200508102332.j7ANWYmr006677@vulcan.xs4all.nl>

Eric wrote:

>Deleting a uid just means,
>more or less, chopping a block of bytes out of secring.gpg.

Are uid's also stored in the secret key? I thought they only existed
in the public key, since that's the only place where they are needed.
Storing in the secring is double: one can assume that if you have a
secret key, you'll also have the corresponding public key.

-- 
ir. J.C.A. Wevers         //  Physics and science fiction site:
johanw@vulcan.xs4all.nl   //  http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

From johanw at vulcan.xs4all.nl  Thu Aug 11 01:35:08 2005
From: johanw at vulcan.xs4all.nl (Johan Wevers)
Date: Thu Aug 11 02:30:08 2005
Subject: deluid  // follow-up
In-Reply-To: <200508102146.j7ALk3gE091991@mailserver3.hushmail.com>
Message-ID: <200508102335.j7ANZ8UR006735@vulcan.xs4all.nl>

vedaal@hush.com wrote:

>someone's public key, leave an outdated one,
>and either publicly post the key , or upload that key to a new 
>keyserver that did not have it before,

That's one of the reasons why most keyservers synchronise.

>wouldn't it be better where the deluid could be 'local only/non-exportable'
>for user convenience,

For keyservers, it already is. If you want to make clear that a certain uid
is not in use any more, you'll have to revoke that uid, not delete it from
your local copy.

-- 
ir. J.C.A. Wevers         //  Physics and science fiction site:
johanw@vulcan.xs4all.nl   //  http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

From wk at gnupg.org  Thu Aug 11 10:07:59 2005
From: wk at gnupg.org (Werner Koch)
Date: Thu Aug 11 10:06:32 2005
Subject: deluid  //  why no passphrase required ?
In-Reply-To: <200508102332.j7ANWYmr006677@vulcan.xs4all.nl> (Johan Wevers's
	message of "Thu, 11 Aug 2005 01:32:33 +0200 (MET DST)")
References: <200508102332.j7ANWYmr006677@vulcan.xs4all.nl>
Message-ID: <877jesq4kg.fsf@wheatstone.g10code.de>

On Thu, 11 Aug 2005 01:32:33 +0200 (MET DST), Johan Wevers said:

> Are uid's also stored in the secret key? I thought they only existed

For historic reasons the user IDs are also stored in the secring.gpg.
This is an internal detail and will eventually change.


Shalom-Salam,

   Werner


From md at Linux.IT  Mon Aug  8 20:34:33 2005
From: md at Linux.IT (Marco d'Itri)
Date: Thu Aug 11 10:43:26 2005
Subject: Proof of email ownership
In-Reply-To: <87br48ykmg.fsf@wheatstone.g10code.de>
References: <20050807141713.35742.qmail@web33904.mail.mud.yahoo.com>
	<87br48ykmg.fsf@wheatstone.g10code.de>
Message-ID: <20050808183433.GB9880@wonderland.linux.it>

How does this interact with DKIM?

-- 
ciao,
Marco

From rsperry79 at yahoo.com  Wed Aug 10 19:51:14 2005
From: rsperry79 at yahoo.com (Richard Sperry)
Date: Thu Aug 11 10:43:33 2005
Subject: [outlgpg] Outlook 2003 problems
In-Reply-To: <42FA224F.8060005@rhjensen.com>
Message-ID: <20050810175115.84901.qmail@web52710.mail.yahoo.com>

The issue you have is caused from the newer version of
GnuPG.  Timo is doing a great job of writing a newer
version, but with all new releases it takes time to
find the bugs. 

for a working beta of my Ol03 installer goto
http://www.sperryservices.com/gnutools.htm

The installer takes care of some of the OL issues and
uses the .94 plug-in for stability. 

It also has Winpt for keymanager, GnuPG 1.4.2 and
GpgEE .  I have tried to write it stupid friendly so
everything is set in theroy.  For security reasons  I
set the keys and conf into the userdocs. I recomend
using EFS if you are on XP Pro.  

I would like any feedback you have.

--Richard Sperry

--- "R. Jensen" <

--- "R. Jensen"  wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Some more information. If I send a signed message to
> outlook and try
> to verify it, I get an error dialog:
> 
>    GPG Verify
>         Invalid crypto engine
> 
> My WinPT installation verifies the signature without
> a problem
> (from the clipboard).
> 
> Richard.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.6 (GNU/Linux)
> Comment: Using GnuPG with Fedora -
> http://enigmail.mozdev.org
> 
>
iD8DBQFC+iJP8u8rlAV8K24RAmanAKCxjft0i8AOV8RxcdhTxUOntvfnFACfUh2/
> eIkeMCOLGhu9EW/GpO/rqPQ=
> =Vp0Z
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 
> 
> 
> 


Richard Sperry 
Sperry Services 
Where your total cost is our bottom line!
owner@sperryservices.com







		
____________________________________________________
Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs 
 

From rsperry79 at yahoo.com  Wed Aug 10 20:51:39 2005
From: rsperry79 at yahoo.com (Richard Sperry)
Date: Thu Aug 11 10:43:36 2005
Subject: gpg befehle
In-Reply-To: <1123691590.14030.2.camel@firenze.zurich.ibm.com>
Message-ID: <20050810185140.85148.qmail@web52715.mail.yahoo.com>

I love the German language.  I don't speak it, can't
read it.  And sure as heck have too many emails a day
to filter through.  The mech you speak of was the
german list, made by german speaking people. I have  a
funny feeling those who speak german in this list, are
on the same german list we speak of, so they would get
the same help.  

But if you really want to add high school drama, try
adding every post in pig latin.  i'm sure any english
raised kid can help you, and hey it will only annoy
the rest of the world. 

--rich

--- Jeroen Massar  wrote:

> On Wed, 2005-08-10 at 15:10 +0000, cdr wrote:
> > Werner Koch wrote:
> > 
> > > Please write in English here...
> > 
> > It is unnecessarily rude to demand that a
> particular language is
> > used on any 'net list. One writing in a language
> not understood
> > by the majority of those present will simply get
> fewer useful
> > responses: a perfectly adequate self-regulating
> mechanism!
> 
> Which is why Werner responded in german (see * which
> you cut out), which
> is apparently a language you did not understand, and
> then in english and
> nicely pointed this person to the german version of
> the list in case the
> person didn't command or didn't want to use the
> english language...
> 
> It would be rude if he indeed wrote only the above,
> but he did not do
> that.
> 
> Greets/Gruetzi/Groetjes/Au Revoir/ which I don't speak>,
>  Jeroen
> 
> * =
>
http://lists.gnupg.org/pipermail/gnupg-users/2005-August/026466.html
> 
> > _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

From rsperry79 at yahoo.com  Wed Aug 10 21:22:51 2005
From: rsperry79 at yahoo.com (Richard Sperry)
Date: Thu Aug 11 10:43:38 2005
Subject: [outlgpg] Outlook 2003 problems
In-Reply-To: <42FA494C.6000500@rhjensen.com>
Message-ID: <20050810192251.35557.qmail@web52703.mail.yahoo.com>

The setting for cached mode can cause bandwidth
problems on the network. you may be in violation of
your IT policy by implememting this.  Some companies
have terminated users for such actions.  It also can
pose a security threat as the raise in bandwidth, if
by many users, could over load their IDS/IPS sniffers.
 

--- "R. Jensen"  wrote:

> Richard Sperry wrote:
> > The issue you have is caused from the newer
> version of
> > GnuPG.  Timo is doing a great job of writing a
> newer
> > version, but with all new releases it takes time
> to
> > find the bugs. 
> > 
> > for a working beta of my Ol03 installer goto
> > http://www.sperryservices.com/gnutools.htm
> > 
> > The installer takes care of some of the OL issues
> and
> > uses the .94 plug-in for stability. 
> > 
> > It also has Winpt for keymanager, GnuPG 1.4.2 and
> > GpgEE .  I have tried to write it stupid friendly
> so
> > everything is set in theroy.  For security reasons
>  I
> > set the keys and conf into the userdocs. I
> recomend
> > using EFS if you are on XP Pro.  
> > 
> > I would like any feedback you have.
> > 
> > --Richard Sperry
> > 
> I looked at the page you mentioned and was curious
> about:
> 
>    Please note that if you are connected to a
> Corperate Network
>    or Exchange server, you MUST contact your IT or
> ADMIN before
>    installing!
> 
> Is this a licensing issue?
> My Outlook 2003 is connected to my employer's
> Exchange server.
> That's the only reason I even use Outlook.  :-)
> 
> Richard.
> > _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 


Richard Sperry 
Sperry Services 
Where your total cost is our bottom line!
owner@sperryservices.com






__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

From twoaday at gmx.net  Thu Aug 11 10:59:52 2005
From: twoaday at gmx.net (Timo Schulz)
Date: Thu Aug 11 11:12:27 2005
Subject: [outlgpg] Outlook 2003 problems
In-Reply-To: <42FA7A61.4010505@rhjensen.com>
References: <42FA1604.7020207@rhjensen.com>
	<20050810180320.GD1581@daredevil.joesixpack.net>
	<42FA4B16.40506@rhjensen.com> <42FA7A61.4010505@rhjensen.com>
Message-ID: <20050811085952.GC1254@daredevil.joesixpack.net>

On Wed Aug 10 2005; 17:06, R. Jensen wrote:

> and installed it. Now, in the explorer windows the dll does
> show up a 0.99.4, but the tab in Outlook says 0.99.3.

This is an error in the code. We already fixed it.


> "Save options in the registry". When I start Outlook, I
> get one that initially says "Access is denied" and then

Another user told me about similar problems, currently the plugin
assumes you have enough privileges to write to the registry. This
could be also the problem with the crash.



> Debugger drstsn32 -p %ld -e %ld -g
> (and a PreVisualStudio7Debugger with the same value)
> 
> So, it looks like Dr. Watson is enabled, but isn't getting invoked?

As I said, I use special debugging programs. But I will see what I can
do to find it out.


        Timo

From twoaday at gmx.net  Thu Aug 11 10:54:43 2005
From: twoaday at gmx.net (Timo Schulz)
Date: Thu Aug 11 11:12:39 2005
Subject: [outlgpg] Outlook 2003 problems
In-Reply-To: <42FA47BA.5010902@rhjensen.com>
References: <42FA1604.7020207@rhjensen.com> <42FA224F.8060005@rhjensen.com>
	<20050810175816.GC1581@daredevil.joesixpack.net>
	<42FA47BA.5010902@rhjensen.com>
Message-ID: <20050811085443.GA1254@daredevil.joesixpack.net>

On Wed Aug 10 2005; 13:30, R. Jensen wrote:

> and Enigmail (0.92.0.0). I signed the email there, but sent it
> to the Windows XP Pro box where I'm running Outlook 2003.
> 
> On the Windows box I'm running GPG 1.41.

This is weird, I use GPG 1.4.2 and I have no problems. We definitely
need to check this. Maybe you can upgrade to 1.4.2?


        Timo

From twoaday at gmx.net  Thu Aug 11 10:57:14 2005
From: twoaday at gmx.net (Timo Schulz)
Date: Thu Aug 11 11:12:50 2005
Subject: [outlgpg] Outlook 2003 problems
In-Reply-To: <42FA4B16.40506@rhjensen.com>
References: <42FA1604.7020207@rhjensen.com>
	<20050810180320.GD1581@daredevil.joesixpack.net>
	<42FA4B16.40506@rhjensen.com>
Message-ID: <20050811085714.GB1254@daredevil.joesixpack.net>

On Wed Aug 10 2005; 13:44, R. Jensen wrote:

> Where can I get the 0.99.4 version? I downloaded from
> http://www.g10code.de/p-outlgpg.html last week and that is
> the 0.99.2 version I'm having problems with. The link on that

The primary site for downloads is ftp.g10code.com/pub/outlgpg.


> > useful to have the debug output of Dr. Watson. Please compress it
> > before you send it because it's very large. You can either send these
> > reports to outlgpg@g10code.com or to me (twoaday@freakmail.de) directly.
> > 
> 
> How do I enable this?

I thought Windows offers it by default. When it crashes you have some
choices and one of them should be like "Details". Sorry, but my machine
has special debugging hooks and thus I don't know how the original
dialogs look like.


        Timo

From pats_comp_solutions at hotpop.com  Thu Aug 11 13:39:43 2005
From: pats_comp_solutions at hotpop.com (Patrick Dickey)
Date: Thu Aug 11 13:35:42 2005
Subject: [outlgpg] Outlook 2003 problems
In-Reply-To: <20050811085952.GC1254@daredevil.joesixpack.net>
References: <42FA1604.7020207@rhjensen.com>	<20050810180320.GD1581@daredevil.joesixpack.net>	<42FA4B16.40506@rhjensen.com>
	<42FA7A61.4010505@rhjensen.com>
	<20050811085952.GC1254@daredevil.joesixpack.net>
Message-ID: <42FB38FF.9020008@hotpop.com>

Timo Schulz wrote:

>On Wed Aug 10 2005; 17:06, R. Jensen wrote:
>
>  
>
>>and installed it. Now, in the explorer windows the dll does
>>show up a 0.99.4, but the tab in Outlook says 0.99.3.
>>    
>>
>
>This is an error in the code. We already fixed it.
>
>
>  
>
>>"Save options in the registry". When I start Outlook, I
>>get one that initially says "Access is denied" and then
>>    
>>
>
>Another user told me about similar problems, currently the plugin
>assumes you have enough privileges to write to the registry. This
>could be also the problem with the crash.
>
>
>
>  
>
>>Debugger drstsn32 -p %ld -e %ld -g
>>(and a PreVisualStudio7Debugger with the same value)
>>
>>So, it looks like Dr. Watson is enabled, but isn't getting invoked?
>>    
>>
>
>As I said, I use special debugging programs. But I will see what I can
>do to find it out.
>
>
>        Timo
>
>_______________________________________________
>Gnupg-users mailing list
>Gnupg-users@gnupg.org
>http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>  
>
I believe also (and it's been a while since I've seen the crash report)
when you get the message, there is a link to show the details of the
message.  What he can possibly do there is click inside of the details
box, and select everything in there.  Then hit CTRL-V (Copy) and then
Paste it to either a post here, or notepad.  That should get everything
that you need, since I believe also that part of the details are the Dr.
Watson report.

Patrick.


From plan9z at bellsouth.net  Thu Aug 11 15:20:40 2005
From: plan9z at bellsouth.net (Plan9)
Date: Thu Aug 11 16:26:54 2005
Subject: [outlgpg] Outlook 2003 problems
In-Reply-To: <20050811085714.GB1254@daredevil.joesixpack.net>
References: <42FA1604.7020207@rhjensen.com>	<20050810180320.GD1581@daredevil.joesixpack.net>	<42FA4B16.40506@rhjensen.com>
	<20050811085714.GB1254@daredevil.joesixpack.net>
Message-ID: <42FB50A8.10700@bellsouth.net>

Where I live it was 8/11/2005 4:57 AM, when Timo Schulz wrote:

>>>useful to have the debug output of Dr. Watson. Please compress it
>>>before you send it because it's very large. You can either send these
>>>reports to outlgpg@g10code.com or to me (twoaday@freakmail.de) directly.
>>
>>How do I enable this?
> 
> I thought Windows offers it by default. When it crashes you have some
> choices and one of them should be like "Details". Sorry, but my machine
> has special debugging hooks and thus I don't know how the original
> dialogs look like.

The following two Microsoft support links may be helpful:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;308538
http://support.microsoft.com/default.aspx?scid=kb;en-us;188296

-- 
 Regards, Ben


From dsrbecky at gmail.com  Thu Aug 11 18:19:54 2005
From: dsrbecky at gmail.com (David Srbecky)
Date: Thu Aug 11 18:15:21 2005
Subject: Access experimental subpackets of 'User Attribute Packet'
Message-ID: <42FB7AAA.6010300@gmail.com>

Hello,

I have payed with the idea of using experimental subpackets of 'User 
Attribute Packet' and here is what I came up with:

Named Attribute Subpacket (type 100)
----------------------------------
Subpacket specific data:
    magic identification number
    datatype - identifier - eg. 4 - UTF8 string
    name - UTF8 string - eg. "ICQ#"
    data - depends on datatype - eg. "123-456-789"

NB: size of data can be calculated from size of subpacket (it is just 
the remaining data)

Datatypes:
    0 - reserved
    1 - no data (it is just named flag)
    2 - boolean
    3 - integer
    4 - UTF8 string
    5 - URL
    6 - image
    7 - binary
    8 - binary file
    100-110 - private or experimental use

NB: Binary type holds just some unspecified binary data. On the other 
hand, binary file type holds file that can be saved to disk and the name 
of the attribute represents its filename.

In my humble opinion this is the most important attribute of all. This 
attribute is supposed to be used for any user specific or program 
specific data. It is similar to the mail X- headers - it allows users to 
store identifiable information, which is not suitable for 
standardization or is not standardized yet.


vCard Subpacket (type 102)
----------------------------------
Subpacket specific data:
    magic identification number
    data - content of the vCard file

You can store you name, email and Photo ID in your public key, but what 
about other information? I suggest to add 'vCard Subpacket' because 
vCard is already known and supported format in MUAs and so the cost of 
implementing this should be minimal.


Property Subpacket (type 103)
-------------------------------------
Subpacket specific data:
    magic identification number
    id - identifier - eg. 1
    data - depends on id - eg. true

There are a lot of little attributes which we may want to store in this 
subpacket. For example:

1 - public key url
2 - prefers signed mail
3 - prefers encrypted mail
4 - preferred format
5 - supports MIME format
6 - supports inline format
etc...

'Property Subpacket' does not really describe the purpose of the 
subpacket, but I could not find any better name. Any suggestions?





It there any way I can use GnuPG to store and load this information?


Regards,
David Srbecky

Reference:
http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-14.txt

 > 5.12. User Attribute Packet (Tag 17)
 >
 >     The User Attribute packet is a variation of the User ID packet.  It
 >     is capable of storing more types of data than the User ID packet
 >     which is limited to text.  Like the User ID packet, a User Attribute
 >     packet may be certified by the key owner ("self-signed") or any
 >     other key owner who cares to certify it.  Except as noted, a User
 >     Attribute packet may be used anywhere that a User ID packet may be
 >     used.
 >
 >     While User Attribute packets are not a required part of the OpenPGP
 >     standard, implementations SHOULD provide at least enough
 >     compatibility to properly handle a certification signature on the
 >     User Attribute packet.  A simple way to do this is by treating the
 >     User Attribute packet as a User ID packet with opaque contents, but
 >     an implementation may use any method desired.
 >
 >     The User Attribute packet is made up of one or more attribute
 >     subpackets.  Each subpacket consists of a subpacket header and a
 >     body. The header consists of:
 >
 >       - the subpacket length (1, 2, or 5 octets)
 >
 >       - the subpacket type (1 octet)
 >
 >     and is followed by the subpacket specific data.
 >
 >     The only currently defined subpacket type is 1, signifying an image.
 >     An implementation SHOULD ignore any subpacket of a type that it does
 >     not recognize.  Subpacket types 100 through 110 are reserved for
 >     private or experimental use.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20050811/9e2f4825/signature.pgp
From twoaday at freakmail.de  Thu Aug 11 17:36:32 2005
From: twoaday at freakmail.de (Timo Schulz)
Date: Thu Aug 11 18:30:13 2005
Subject: [outlgpg] Outlook 2003 problems
In-Reply-To: 
References: 
Message-ID: <1123774592.1238.1.camel@colt>

You wrote:

> running Outlook 2003 SP1. Re-registering the plugin doesn't resolve
> the problem either.  Would any log files, screen prints, etc help?  If
> so, please specify and I will be glad to send them on.

No, the logging code is not complete yet. As I said, the most
valuable information is the output of Dr. Watson or a similar
'debugger' because it contain information at what place the crash
happened.


	Timo



From listreader at rhjensen.com  Thu Aug 11 19:29:01 2005
From: listreader at rhjensen.com (R. Jensen)
Date: Thu Aug 11 19:24:56 2005
Subject: [outlgpg] Outlook 2003 problems
In-Reply-To: <20050811085714.GB1254@daredevil.joesixpack.net>
References: <42FA1604.7020207@rhjensen.com>	<20050810180320.GD1581@daredevil.joesixpack.net>	<42FA4B16.40506@rhjensen.com>
	<20050811085714.GB1254@daredevil.joesixpack.net>
Message-ID: <42FB8ADD.9040907@rhjensen.com>

Timo Schulz wrote:
> 
> The primary site for downloads is ftp.g10code.com/pub/outlgpg.
> 

When I connect to ftp.g10code.com, there is no pub directory.
[I'm doing anonymous FTP with WS_FTP].
There is a g10code directory and in there is an outlgpg directory.
I got the zip of the 0.99.4 version dated July 27, 2005.

As to permissions, I checked and I'm in the administrators group
on my machine--I can't think what other permissions I'd need. :-)

I upgraded to 1.4.2 from 1.4.1 and the behavior is the same.

As to copying the data that shows up as part of Microsoft's error
reporting. The text is not selectable.

So, I don't see any path going forward that will help resolve the
problem on my system:
  Dr. Watson doesn't seem to get invoked, just Microsoft's
     Error reporting.
  I can't copy Microsoft's report content.


Just to summarize:

Hardware: Dell OPTIPLEX GX270: Dual Pentium 4 (2.8G Hz)
                               2 GB RAM

OS: Windows XP Professional, Service Pack 2
    (Build 2600.xpsp_sp2_gdr.050301-1519 : Service Pack 2)
Outlook: Microsoft Office Outlook 2003 (11.6359.6408) SP1
         [Installed from Microsoft Office Standard Edition 2003]

GPG Location: C:\Program Files\Gnu\GnuPG\gpg.exe
Vrsion: 1.4.2
Home: C:/Documents and Settings/rjensen.AMERICAS/Application Data/GnuPG
(from gpg --version)

GPGExch info:
   libgpgmedlgs.dll: 0.6.1.0 copied to C:\WINDOWS\SYSTEM32
   GPGExch.dll:      0.99.4.0 installed in C:\gnupg\GPGExch
  [I ran regsvr32 on GPGExch.dll from a command prompt in
   C:\gnupg\GPGExch]

Summary of behavior problems:
   When Outlook is started, I get several dialog boxes relating
   to storing values in the registry. The first one says access
   denied. The other 5 indicate the operation completed successfully.

   Preferences changed on the GnuPG tab do not survive a program
   restart. Changing the preferences also causes the 5 dialog
   boxes to appear.

   When changing preferences,
    the "Also encrypt message with the default key" starts off
    with the value:
    C:\Documents and Settings\rjensen.AMERICAS\Application Data\gnupg
    If I attempt to save changes I get an error dialog:
        "The default key cannot contain any spaces".
    I have to clear out the box and uncheck to save other changes.

    Attempting to verify a signature results in a dialog:
        "Invalid crypto engine"

    Attempting to sign a message causes Outlook to 'close'.
    After composing a plain text message I click on 'Send'.
    I do not get a prompt for my passphrase.
    I just get the dialog about:
      "Microsoft Office Outlook has encountered a problem
       and needs to close"

Error 'signature':
  AppName:  outlook.exe   AppVer: 11.0.6353.0  AppStamp: 408f2937
  ModName: libgpgmedlgs.dll  ModVer: 0.6.1.0   ModStamp: 42e0c70e
  fDebug: 0   Offset: 00005f77

If I look at the error report contents, I can't copy and paste,
but here are some more details:

Exception Information
  Code: 0xc0000005     Flags: 0x00000000
Record: 0x0000000000000000  Address: 0x00000000002235f77

Then there are a large number of 'Modules' listed.
GPGExch.dll is module 63 and libgpgmedlgs.dll is module 64.

GPGExch.dll
Image Base: 0x02080000   Image Size: 0x00000000
Checksum:   0x00000000   Time Stamp: 0x42dfcf77
Version Information:
 Signature:  feef04bd
 StrucVer:   00010000
 FileVer:    (0.99:4.0)
 ProdVer:    (0.99:4.0)
 FlagMask:   0000003f
 Flags:      00000000
 OS:         00000004
 FileType:   00000002
 SubType:    00000000
 FileDate:   00000000:00000000

libgpgmedlgs.dll
Image Base: 0x02230000   Image Size: 0x00000000
Checksum:   0x00000000   Time Stamp: 0x42e0c70e
Version Information:
 Signature:  feef04bd
 StrucVer:   00010000
 FileVer:    (0.6:1.0)
 ProdVer:    (0.6:1.0)
 FlagMask:   0000003f
 Flags:      00000020
 OS:         00040004
 FileType:   00000001
 SubType:    00000000
 FileDate:   00000000:00000000

After all the modules, there is information about different threads,
but without being able to copy the contents, I don't know what
information would be helpful.

I'll be glad to try the next version, but I don't see there
is anything more I can do with this one.

Richard.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20050811/49be97c6/signature.pgp
From jharris at widomaker.com  Thu Aug 11 20:21:44 2005
From: jharris at widomaker.com (Jason Harris)
Date: Thu Aug 11 20:17:20 2005
Subject: zero-length MPIs (was: Re: mpi error with check-trustdb in 1.4.2 -
	resolved)
In-Reply-To: <20050811160217.GC358@wilma.widomaker.com>
References: <42F97044.9050603@comcast.net> <42FAC641.9040507@comcast.net>
	<20050811160217.GC358@wilma.widomaker.com>
Message-ID: <20050811182144.GA33562@wilma.widomaker.com>

On Thu, Aug 11, 2005 at 12:02:17PM -0400, Jason Harris wrote:
> On Wed, Aug 10, 2005 at 10:30:09PM -0500, John Clizbe wrote:
 
> > Tracked down the two offending keys and deleted them with 1.4.1. They both
> > failed to import from a keyserver with 1.4.2 with the same mpi error, so I'm
> > marking it off to key cruft.

Here are some more offending keys:

  0xA0B3E88B
  0xFC05DA69
  0x0FCF6738
  0xCC78C893
  0x98FDE37C
  0x74C9DE33
  0x57023F00 - corrupt subkey

Fetching them from keyserver.kjsl.com is now possible with gnupg-1.4.2.
To patch pks, add this to the middle of decode_mpi() (in pgputil.c):

  /* skip packets with 0-length MPIs for GPG's benefit (gnupg-1.4.2) */
  if (mpi->nbits == 0) {
    return (0);
  }

-- 
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
jharris@widomaker.com _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 313 bytes
Desc: not available
Url : /pipermail/attachments/20050811/5039bd58/attachment.pgp
From twoaday at gmx.net  Thu Aug 11 22:08:09 2005
From: twoaday at gmx.net (Timo Schulz)
Date: Thu Aug 11 22:02:45 2005
Subject: [outlgpg] Outlook 2003 problems
In-Reply-To: <42FB8ADD.9040907@rhjensen.com>
References: <42FA1604.7020207@rhjensen.com>
	<20050810180320.GD1581@daredevil.joesixpack.net>
	<42FA4B16.40506@rhjensen.com>
	<20050811085714.GB1254@daredevil.joesixpack.net>
	<42FB8ADD.9040907@rhjensen.com>
Message-ID: <20050811200808.GA1954@daredevil.joesixpack.net>

On Thu Aug 11 2005; 12:29, R. Jensen wrote:

> As to permissions, I checked and I'm in the administrators group
> on my machine--I can't think what other permissions I'd need. :-)

Then it's propably a bug. But I never got such a message so it is
propably a combination of some 'events'.

 
>   Dr. Watson doesn't seem to get invoked, just Microsoft's
>      Error reporting.
>   I can't copy Microsoft's report content.

I'm not sure about the details they present. Useful would be a
'stack backtrace'. But I'm not sure how they call it and if they
provide it at all.


> After all the modules, there is information about different threads,
> but without being able to copy the contents, I don't know what
> information would be helpful.

I guess this is the information I need. And something like CTRL+A
CTRL+C does not work?


> I'll be glad to try the next version, but I don't see there
> is anything more I can do with this one.

You already did a lot, thanks.


        Timo

From samuel at Update.UU.SE  Thu Aug 11 23:28:10 2005
From: samuel at Update.UU.SE (Samuel ]slund)
Date: Thu Aug 11 23:23:42 2005
Subject: [outlgpg] Outlook 2003 problems
In-Reply-To: <42FB8ADD.9040907@rhjensen.com>
References: <42FA1604.7020207@rhjensen.com>
	<20050810180320.GD1581@daredevil.joesixpack.net>
	<42FA4B16.40506@rhjensen.com>
	<20050811085714.GB1254@daredevil.joesixpack.net>
	<42FB8ADD.9040907@rhjensen.com>
Message-ID: <20050811212810.GG2475@Update.UU.SE>

On Thu, Aug 11, 2005 at 12:29:01PM -0500, R. Jensen wrote:
> 
> As to copying the data that shows up as part of Microsoft's error
> reporting. The text is not selectable.
> 
> So, I don't see any path going forward that will help resolve the
> problem on my system:
>   Dr. Watson doesn't seem to get invoked, just Microsoft's
>      Error reporting.
>   I can't copy Microsoft's report content.

Did you try + ? 
That usually takes a screenshot of the curently active window.

HTH
//Samuel


From jharris at widomaker.com  Fri Aug 12 02:22:43 2005
From: jharris at widomaker.com (Jason Harris)
Date: Fri Aug 12 02:18:28 2005
Subject: [Sks-devel] Re: zero-length MPIs (was: Re: mpi error with
	check-trustdb in 1.4.2 - resolved)
In-Reply-To: <20050811195459.GB12783@opium.palfrader.org>
References: <42F97044.9050603@comcast.net> <42FAC641.9040507@comcast.net>
	<20050811160217.GC358@wilma.widomaker.com>
	<20050811182144.GA33562@wilma.widomaker.com>
	<20050811195459.GB12783@opium.palfrader.org>
Message-ID: <20050812002243.GD358@wilma.widomaker.com>

On Thu, Aug 11, 2005 at 09:54:59PM +0200, Peter Palfrader wrote:
> On Thu, 11 Aug 2005, Jason Harris wrote:

> > Fetching them from keyserver.kjsl.com is now possible with gnupg-1.4.2.
> > To patch pks, add this to the middle of decode_mpi() (in pgputil.c):
> > 
> >   /* skip packets with 0-length MPIs for GPG's benefit (gnupg-1.4.2) */
> >   if (mpi->nbits == 0) {
> >     return (0);
> >   }
> 
> can we do that in SKS too?  please!

Try the patch below.  0x1A9537E7 is another offending key, and all eight
work now:

  %gpg --recv 0xA0B3E88B 0xFC05DA69 0x0FCF6738 0xCC78C893 0x98FDE37C 0x74C9DE33 0x57023F00 0x1A9537E7
  ...
  gpg: Total number processed: 8
  gpg:              unchanged: 8

===================================================================
RCS file: parsePGP.ml,v
retrieving revision 1.1
diff -u -r1.1 parsePGP.ml
--- parsePGP.ml	2005/08/12 00:03:16	1.1
+++ parsePGP.ml	2005/08/12 00:03:54
@@ -23,6 +23,7 @@
 open Printf
 
 exception Overlong_mpi
+exception Zerolen_mpi
 exception Partial_body_length of int
 
 (********************************************************)
@@ -109,6 +110,7 @@
   try
     let byte2 = cin#read_byte in
     let length = (byte1 lsl 8) + byte2 in
+    if length <= 0 then raise Zerolen_mpi;
     let data = cin#read_string 
 		 ((length + 7)/8)
     in

-- 
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
jharris@widomaker.com _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 313 bytes
Desc: not available
Url : /pipermail/attachments/20050811/22dc97df/attachment.pgp
From mwlucas at blackhelicopters.org  Fri Aug 12 02:42:04 2005
From: mwlucas at blackhelicopters.org (Michael W. Lucas)
Date: Fri Aug 12 03:30:39 2005
Subject: tracing the Web of Trust?
Message-ID: <20050812004203.GA13394@bewilderbeast.blackhelicopters.org>

Hi folks,

I'm trying to learn if there's a tool to trace the web of trust
between two keys.

For example, suppose I get an email from someone I've never heard of
and want to learn if there is any valid chain of signatures leading
from me to him.

I imagine that this is a difficult problem.  :-)  Has anyone solved it
for Joe Average user?

Thanks,
==ml

-- 
Michael W. Lucas	mwlucas@FreeBSD.org, mwlucas@BlackHelicopters.org
		http://www.BlackHelicopters.org/~mwlucas/

"The cloak of anonymity protects me from the nuisance of caring." -Non Sequitur

From jharris at widomaker.com  Fri Aug 12 03:52:38 2005
From: jharris at widomaker.com (Jason Harris)
Date: Fri Aug 12 03:48:07 2005
Subject: tracing the Web of Trust?
In-Reply-To: <20050812004203.GA13394@bewilderbeast.blackhelicopters.org>
References: <20050812004203.GA13394@bewilderbeast.blackhelicopters.org>
Message-ID: <20050812015238.GE358@wilma.widomaker.com>

On Thu, Aug 11, 2005 at 08:42:04PM -0400, Michael W. Lucas wrote:

> I'm trying to learn if there's a tool to trace the web of trust
> between two keys.
> 
> For example, suppose I get an email from someone I've never heard of
> and want to learn if there is any valid chain of signatures leading
> from me to him.
> 
> I imagine that this is a difficult problem.  :-)  Has anyone solved it
> for Joe Average user?

See the last paragraph of:

  http://keyserver.kjsl.com/~jharris/keysigning.html

-- 
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
jharris@widomaker.com _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 313 bytes
Desc: not available
Url : /pipermail/attachments/20050811/5cccb712/attachment.pgp
From list-gnupg at mikedaigle.ca  Fri Aug 12 06:17:44 2005
From: list-gnupg at mikedaigle.ca (Michael Daigle)
Date: Fri Aug 12 06:13:09 2005
Subject: tracing the Web of Trust?
In-Reply-To: <20050812004203.GA13394@bewilderbeast.blackhelicopters.org>
References: <20050812004203.GA13394@bewilderbeast.blackhelicopters.org>
Message-ID: <42FC22E8.1050001@mikedaigle.ca>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

In reply to Michael W. Lucas's message sent 2005-08-11 20:42:

> I'm trying to learn if there's a tool to trace the web of trust 
> between two keys.
> 
> For example, suppose I get an email from someone I've never heard of 
> and want to learn if there is any valid chain of signatures leading 
> from me to him.
> 
> I imagine that this is a difficult problem.  :-)  Has anyone solved
> it for Joe Average user?

Jason Harris provided useful links. An end-user might take advantage of
path tracing as in my public key page,
http://www.mikedaigle.ca/keys/index.htm


- --
Mike Daigle                                   http://www.mikedaigle.ca
My PGP Key                                 mailto:pgpkey@mikedaigle.ca
Gossamer Spider Web of Trust                      http://www.gswot.org

-----BEGIN PGP SIGNATURE-----
Comment: GSWoT - Gossamer Spider Web of Trust - www.gswot.org

iD8DBQFC/CLaNuccKlqTLlMRA5gzAJ9xwb2bRztemuk1517DWFyPzB8pKgCdEGrl
ZpJDJuQcJ2uiZjQc2B5gb7A=
=nmCS
-----END PGP SIGNATURE-----

From unknown_kev_cat at hotmail.com  Fri Aug 12 06:32:59 2005
From: unknown_kev_cat at hotmail.com (Joe Smith)
Date: Fri Aug 12 06:30:44 2005
Subject: Access experimental subpackets of 'User Attribute Packet'
References: <42FB7AAA.6010300@gmail.com>
Message-ID: 

Be careful with this. First of all both the second and third packet can be 
implemented as the first packet type. Second encouraging users to place 
extra data into theie keys is just asking for problem. Imaginge when 
somebody decides to attaches a 50 MiB mpeg to their key, and uploads it to 
the keyservers.

Third and most importantly, Anything for specifying pgpmime vs inline mime 
should be avoided. Let the experts (The openpgp working group) hash these 
things out.

For example there is the pgp corp implementation: 
http://www.imc.org/ietf-openpgp/mail-archive/msg08704.html

In fact just let all of this sort of ting be handled by the openpgp working 
group. They are the experts. (To the extent that they are.) 



From michaeln at twentyten.org  Fri Aug 12 07:43:14 2005
From: michaeln at twentyten.org (Michael Nguyen)
Date: Fri Aug 12 07:38:49 2005
Subject: gpgme: encrypt/decrypt help
Message-ID: <006501c59f00$bf16b540$800101df@oldeenglish>

So, I've been going through the samples, and I'm still sort of unclear about
how to get the right public key read in so I can do an encryption.  I'm
looking at the following function:

gpgme_error_t gpgme_op_encrypt (gpgme_ctx_t ctx, gpgme_key_t recp[],
gpgme_encrypt_flags_t flags, gpgme_data_t plain, gpgme_data_t cipher)

The question is, how do I build these recipients?  I have a bunch of public
keys in a MySQL database keyed by email address.  I want to populate recp[]
with these public keys and encrypt, but I'm not sure how to go about doing
that.

Could someone give me a quick tutorial on how to get this going?  You know,
something like:

 - Take your text keys from MySQL and read it into a char string
 - Run gpgme_blah_blah with blah and blah to turn the public keys into the
recp array
 - Pass that value to gpgme_op_encrypt and away you go

Thanks for your patience guys.  I'll keep going over the samples...


Michael


From og at pre-secure.de  Fri Aug 12 08:04:02 2005
From: og at pre-secure.de (Olaf Gellert)
Date: Fri Aug 12 10:02:11 2005
Subject: [outlgpg] Outlook 2003 problems
In-Reply-To: <42FB8ADD.9040907@rhjensen.com>
References: <42FA1604.7020207@rhjensen.com>	<20050810180320.GD1581@daredevil.joesixpack.net>	<42FA4B16.40506@rhjensen.com>	<20050811085714.GB1254@daredevil.joesixpack.net>
	<42FB8ADD.9040907@rhjensen.com>
Message-ID: <42FC3BD2.9070802@pre-secure.de>

R. Jensen wrote:

> As to copying the data that shows up as part of Microsoft's error
> reporting. The text is not selectable.
> 
> So, I don't see any path going forward that will help resolve the
> problem on my system:
>   Dr. Watson doesn't seem to get invoked, just Microsoft's
>      Error reporting.
>   I can't copy Microsoft's report content.

But you could do a screenshot of the window, I guess!

Olaf

-- 
Dipl.Inform. Olaf Gellert                  PRESECURE (R)
Senior Researcher,                       Consulting GmbH
Phone: (+49) 0700 / PRESECURE           og@pre-secure.de

                        A daily view on Internet Attacks
                        https://www.ecsirt.net/sensornet


From dsrbecky at gmail.com  Fri Aug 12 10:17:10 2005
From: dsrbecky at gmail.com (David Srbecky)
Date: Fri Aug 12 10:12:34 2005
Subject: Access experimental subpackets of 'User Attribute Packet'
In-Reply-To: 
References: <42FB7AAA.6010300@gmail.com> 
Message-ID: <42FC5B06.90504@gmail.com>

Joe Smith wrote:
> Be careful with this. First of all both the second and third packet can 
> be implemented as the first packet type.
That's the point of the first packet - to be able to express anything 
the user can think of. However, the other two packets are there to save 
space by not using string identifier. They are also easier to implement.

> Second encouraging users to 
> place extra data into theie keys is just asking for problem. Imaginge 
> when somebody decides to attaches a 50 MiB mpeg to their key, and 
> uploads it to the keyservers.
Unfortunately I am not asking for problem, the problem is already here. 
Users already can upload their photo albums to keyserver and no-one can 
stop them. One vCard and a few preferences really won't make it any 
worse, these are small compared to images.

> Third and most importantly, Anything for specifying pgpmime vs inline 
> mime should be avoided. Let the experts (The openpgp working group) hash 
> these things out.
I have already contacted the openpgp working group, but they are in last 
call and so it is unlikely that they will implement similar mechanism.

> For example there is the pgp corp implementation: 
> http://www.imc.org/ietf-openpgp/mail-archive/msg08704.html
This solves only just one little bit.


Not considering the feasibility, is it possible to achieve this with GnuPG?


Thanks,
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20050812/4664b3e2/signature.pgp
From sk4list at yahoo.com  Fri Aug 12 10:27:10 2005
From: sk4list at yahoo.com (S K)
Date: Fri Aug 12 10:23:00 2005
Subject: tracing the Web of Trust?
In-Reply-To: <20050812004203.GA13394@bewilderbeast.blackhelicopters.org>
Message-ID: <20050812082710.44891.qmail@web33901.mail.mud.yahoo.com>

This could also help:

http://www.cs.uu.nl/people/henkp/henkp/pgp/pathfinder/

SK

--- "Michael W. Lucas" 
wrote:

> Hi folks,
> 
> I'm trying to learn if there's a tool to trace the
> web of trust
> between two keys.
> 
> For example, suppose I get an email from someone
> I've never heard of
> and want to learn if there is any valid chain of
> signatures leading
> from me to him.
> 
> I imagine that this is a difficult problem.  :-) 
> Has anyone solved it
> for Joe Average user?
> 
> Thanks,
> ==ml


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

From cmauch at taclug.org  Fri Aug 12 09:54:03 2005
From: cmauch at taclug.org (Charles Mauch)
Date: Fri Aug 12 10:30:31 2005
Subject: tracing the Web of Trust?
In-Reply-To: <20050812004203.GA13394@bewilderbeast.blackhelicopters.org>
References: <20050812004203.GA13394@bewilderbeast.blackhelicopters.org>
Message-ID: <20050812075403.GA15263@redbox.mauch.name>

Quoting "Michael W. Lucas" :
> I'm trying to learn if there's a tool to trace the web of trust 
> between two keys.
>
> For example, suppose I get an email from someone I've never heard of 
> and want to learn if there is any valid chain of signatures leading 
> from me to him.

If your using an old version of gnupg, you can use Darxus's sigtrace[1] and
mutt-sigtrace[2] to display pgp signature path traces inline with the pgp
signature verification of your MUA. (I use mutt)

I maintain some newer[3] versions of these same scripts, which works with
gnupg's --with-colons mode.  The end result isn't quite as pretty, but it
does work.

You can also use wotsap[4] data to determine a signature path.  I
discovered it after I'd customized sigtrace for my own use.

There are a variety of web-enabled tools to achieve the same results if
your only interested in casual tracing.  The most well known of these I
think is probably Jason Harris's keyserver which can be used by playing
with the following url:

http://keyserver.kjsl.com/~jharris/gpgwww.cgi?from=0xkeyid&to=0xkeyid

Once I started tracing all the pgp keys that I came across, I noticed my
attitudes toward key trust changed.  For example, I used to think CA Robots
were a great idea.  Now i tend to not trust any key verified through a CA
robot.  You really start to appreciate the WoT for what it is when you see
it in action all day long.

[1] http://www.chaosreigns.com/code/sigtrace/
[2] http://www.chaosreigns.com/code/mutt-sigtrace/
[3] http://charles.mauch.name/code/sigtrace/
[4] http://www.lysator.liu.se/~jc/wotsap/

-- 
Regards,
Charles Mauch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20050812/63de760c/attachment.pgp
From twoaday at gmx.net  Fri Aug 12 08:10:47 2005
From: twoaday at gmx.net (Timo Schulz)
Date: Fri Aug 12 15:06:36 2005
Subject: [outlgpg] Outlook 2003 problems
In-Reply-To: <20050811212810.GG2475@Update.UU.SE>
References: <42FA1604.7020207@rhjensen.com>
	<20050810180320.GD1581@daredevil.joesixpack.net>
	<42FA4B16.40506@rhjensen.com>
	<20050811085714.GB1254@daredevil.joesixpack.net>
	<42FB8ADD.9040907@rhjensen.com>
	<20050811212810.GG2475@Update.UU.SE>
Message-ID: <20050812061047.GB1696@daredevil.joesixpack.net>

On Thu Aug 11 2005; 23:28, Samuel ]slund wrote:

> Did you try + ? 
> That usually takes a screenshot of the curently active window.

The problem is that the information fill propably more than _10_ screens.


        Timo

From mwood at IUPUI.Edu  Fri Aug 12 16:00:38 2005
From: mwood at IUPUI.Edu (Mark H. Wood)
Date: Fri Aug 12 15:56:47 2005
Subject: Access experimental subpackets of 'User Attribute Packet'
In-Reply-To: <42FC5B06.90504@gmail.com>
References: <42FB7AAA.6010300@gmail.com> 
	<42FC5B06.90504@gmail.com>
Message-ID: 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 12 Aug 2005, David Srbecky wrote:
> Unfortunately I am not asking for problem, the problem is already here.
> Users already can upload their photo albums to keyserver and no-one can
> stop them. One vCard and a few preferences really won't make it any
> worse, these are small compared to images.

Better you should lobby the vCard maintainers to define "message integrity
suggestion" fields, so your vCard can include a key fingerprint and
preferred server.  The vCard is already attached to your message -- we
don't need another copy in the key.

Finding out more contact information for you is an identity question, not
an authentication question.  The key need contain only information which
helps us to bind it to its owner, such as an email address or a small
photo.  That some of the information on a vCard can be used for such
purposes is incidental; that's not what it's for, and what it's for is not
what keys are for.

Packing too many different kinds of information into a single service is a
kind of overoptimization.  Better to build several clean, simple,
well-defined services and let clever people figure out new combinations of
data as they have need.  Then they can just join records across the
services holding what they need for a custom view of the available data
which accomplishes their purposes.

- -- 
Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
Open-source executable:  $0.00.  Source:  $0.00  Control:  priceless!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/

iD8DBQFC/Kuzs/NR4JuTKG8RAhEhAJkBrkH2YwNKfo2NSIvZO/2gBCC70gCbBE2x
wONtO+Ihs5xZOlzFAWBYLzw=
=YfpL
-----END PGP SIGNATURE-----

From alphasigmax at gmail.com  Fri Aug 12 16:08:57 2005
From: alphasigmax at gmail.com (Alphax)
Date: Fri Aug 12 16:06:22 2005
Subject: Access experimental subpackets of 'User Attribute Packet'
In-Reply-To: <42FB7AAA.6010300@gmail.com>
References: <42FB7AAA.6010300@gmail.com>
Message-ID: <42FCAD79.8020706@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

David Srbecky wrote:
> vCard Subpacket (type 102)
> ----------------------------------
> Subpacket specific data:
>    magic identification number
>    data - content of the vCard file
> 

*cough*

- --
Alphax                      |   /"\
Encrypted Email Preferred   |   \ /     ASCII Ribbon Campaign
OpenPGP key ID: 0xF874C613  |    X   Against HTML email & vCards
http://tinyurl.com/cc9up    |   / \
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFC/K15/RxM5Ph0xhMRA2O3AJ0cD95J9Jm5oCFthtPCBKP8iALS8QCfYCl4
dfo4T8NOFbiuoE6gwz96Fs0=
=Yn6f
-----END PGP SIGNATURE-----

From listreader at rhjensen.com  Fri Aug 12 17:06:14 2005
From: listreader at rhjensen.com (R. Jensen)
Date: Fri Aug 12 17:01:44 2005
Subject: [outlgpg] Outlook 2003 problems
In-Reply-To: <20050812061047.GB1696@daredevil.joesixpack.net>
References: <42FA1604.7020207@rhjensen.com>	<20050810180320.GD1581@daredevil.joesixpack.net>	<42FA4B16.40506@rhjensen.com>	<20050811085714.GB1254@daredevil.joesixpack.net>	<42FB8ADD.9040907@rhjensen.com>	<20050811212810.GG2475@Update.UU.SE>
	<20050812061047.GB1696@daredevil.joesixpack.net>
Message-ID: <42FCBAE6.30100@rhjensen.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Timo Schulz wrote:
> On Thu Aug 11 2005; 23:28, Samuel ]slund wrote:
> 
> 
>>Did you try + ? 
>>That usually takes a screenshot of the curently active window.
> 
> 
> The problem is that the information fill propably more than _10_ screens.
> 
> 

The 'Error Report Contents' window cannot be resized. It shows about
16 lines of information at a time. I scrolled down through 1 thread's
worth of information and that was ~50 pages of 16 lines.
The dump shows 21 threads (most of which are 2-3 pages).
There is a lot to weed through, and I don't know which part is
relevant.

Richard.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFC/Lrm8u8rlAV8K24RAj+fAKCxfiHRJ+TjYMyk1bVLkleuzPflQwCgn9c5
3sQi/dZUZEnWKGBwzrE0ErM=
=icyR
-----END PGP SIGNATURE-----

From messtic at oreka.com  Fri Aug 12 12:35:05 2005
From: messtic at oreka.com (Alain Bench)
Date: Fri Aug 12 17:38:07 2005
Subject: Leave clearsigned content encoding alone, how?
In-Reply-To: <200508051255.j75CtbaO002305@vulcan.xs4all.nl>
References: <87wtn04y8z.fsf@wheatstone.g10code.de>
	<200508051255.j75CtbaO002305@vulcan.xs4all.nl>
Message-ID: <20050812103504.GA4483@oreka.com>

Hello Johan,

 On Friday, August 5, 2005 at 2:55:37 PM +0200, Johan Wevers wrote:

> I read my own email usually in text mode screens, with the IBM 850
> charset. MIME headers can't change that anyway, since you need root
> acces to change the active charset and I don't plan to make [...] mutt
> suid because of that.

    What are you talking about? Mutt works very well on a CP-850
terminal, automatically converting on-the-fly between the MIME charset
and 850 code page. No need to suid root for that. And there is nothing
lost when compared to a Latin-1 terminal.

    More explanations would be off-topic here, but you are welcome on
the mutt-users mailing list if you need assistance.


Bye!	Alain.
-- 
When you want to reply to a mailing list, please avoid doing so with
Lotus Notes 5. This lacks necessary references and breaks threads.

From twoaday at gmx.net  Fri Aug 12 17:46:15 2005
From: twoaday at gmx.net (Timo Schulz)
Date: Fri Aug 12 18:19:16 2005
Subject: [outlgpg] Outlook 2003 problems
In-Reply-To: <42FC3BD2.9070802@pre-secure.de>
References: <42FA1604.7020207@rhjensen.com>
	<20050810180320.GD1581@daredevil.joesixpack.net>
	<42FA4B16.40506@rhjensen.com>
	<20050811085714.GB1254@daredevil.joesixpack.net>
	<42FB8ADD.9040907@rhjensen.com> <42FC3BD2.9070802@pre-secure.de>
Message-ID: <20050812154615.GB1373@daredevil.joesixpack.net>

On Fri Aug 12 2005; 08:04, Olaf Gellert wrote:

> >   Dr. Watson doesn't seem to get invoked, just Microsoft's
> >      Error reporting.
> >   I can't copy Microsoft's report content.
> 
> But you could do a screenshot of the window, I guess!

Yes, but it's hard to get exactly all information we need with one
screen shot. And I admit that it is no easy to know what is important
for somebody who never worked with such information.


        Timo

From twoaday at gmx.net  Fri Aug 12 17:45:01 2005
From: twoaday at gmx.net (Timo Schulz)
Date: Fri Aug 12 18:19:26 2005
Subject: [outlgpg] Outlook 2003 problems
References: <20050811200808.GA1954@daredevil.joesixpack.net>
Message-ID: <20050812154501.GA1373@daredevil.joesixpack.net>

On Thu Aug 11 2005; 13:30, Richard Sperry wrote:

> When ol2003 dumps it should dump files to a temp dir.  I am attempting
> to make it dump to get you those. I am a non-checked XP Pro
> SP2. With non-checked Office 03 Pro SP1

I guess it is easier to wait for a new release. We recently found
the problem for the wrong messages boxes which say 'no access to the registry'
and we will provide a new version ASAP.


        Timo

From vedaal at hush.com  Fri Aug 12 19:51:58 2005
From: vedaal at hush.com (vedaal@hush.com)
Date: Fri Aug 12 19:47:56 2005
Subject: Access experimental subpackets of 'User Attribute Packet'
Message-ID: <200508121752.j7CHq1Re080431@mailserver2.hushmail.com>

David Srbecky dsrbecky at gmail.com 
Thu Aug 11 18:19:54 CEST 2005 wrote:

] I have payed with the idea of using experimental subpackets
] of 'User Attribute Packet' and here is what I came up with:

] Named Attribute Subpacket (type 100)



] Datatypes:
    0 - reserved
    1 - no data (it is just named flag)
    2 - boolean
    3 - integer
    4 - UTF8 string
    5 - URL
    6 - image
    7 - binary
    8 - binary file
    100-110 - private or experimental use

] NB: Binary type holds just some unspecified binary data. 
] On the other hand, binary file type holds file that can 
] be saved to disk and the name 
] of the attribute represents its filename.


doesn't this pose some risk of exploit ?

suppose someone wants to put a malicious executable
as part of the packet,
and gives it some interesting name,

sends a pgp signed e-mail or posts a clearsigned message,
and gets people to download the key from a keyserver
to verify the signature

is there anything in gnupg that would prevent the running of the 
executable?
(i.e. is the key just 'ignored' or 'refused'
as 'key with unsupported packet type' ?

and can this protect against some type of malware corrupting the 
system,
just by getting gnupg to 'check' the packet ?)


vedaal





Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program: 
http://www.hushmail.com/about-affiliate?l=427


From dsrbecky at gmail.com  Sat Aug 13 16:39:50 2005
From: dsrbecky at gmail.com (David Srbecky)
Date: Sat Aug 13 16:35:21 2005
Subject: Access experimental subpackets of 'User Attribute Packet'
In-Reply-To: <42FB7AAA.6010300@gmail.com>
References: <42FB7AAA.6010300@gmail.com>
Message-ID: <42FE0636.5060202@gmail.com>

> It there any way I can use GnuPG to store and load this information?

It seems to me that if I call "gpg.exe --status-fd 1 --attribute-fd 1
--list-keys " I can read the experimental subpackets.

Is there any way I can write them?


David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20050813/693d8379/signature-0001.pgp
From psychonaut at nothingisreal.com  Sat Aug 13 22:49:27 2005
From: psychonaut at nothingisreal.com (Tristan Miller)
Date: Sun Aug 14 00:56:37 2005
Subject: gpg-agent doesn't remember passphrase
Message-ID: <2003596.PEJsFSjTCn@ID-187157.News.Individual.NET>

Greetings.

I recently upgraded my operating system (SuSE 9.0->9.3) and now gpg-agent
doesn't remember my passphrase anymore.

I have verified that gpg-agent is indeed running and the environment
variable is set.  When I run gpg --sign, the appropriate pinentry program
pops up and asks for the password.  But the password is never remembered,
regardless of what value for default-cache-ttl I use.  Here's a sample log
file:

2005-08-13 22:25:44 gpg-agent[6343] listening on socket
`/tmp/gpg-narspi/S.gpg-agent'
2005-08-13 22:26:03 gpg-agent[6344] handler for fd 0 started
2005-08-13 22:26:03 gpg-agent[6344] starting a new PIN Entry
2005-08-13 22:26:09 gpg-agent[6344] handler for fd 0 terminated
2005-08-13 22:26:15 gpg-agent[6344] handler for fd 0 started
2005-08-13 22:26:15 gpg-agent[6344] starting a new PIN Entry
2005-08-13 22:26:20 gpg-agent[6344] handler for fd 0 terminated
2005-08-13 22:26:20 gpg-agent[6344] handler for fd 0 started
2005-08-13 22:26:20 gpg-agent[6344] handler for fd 1 started
2005-08-13 22:26:20 gpg-agent[6344] handler for fd 0 terminated

I'm using the following programs, all from SuSE 9.3 RPMs:

gpg-1.4.0-4
gpgme-1.0.2-3
pinentry-0.7.1-4
libksba-0.9.10-3

Anyone know what could be wrong?

Regards,
Tristan

-- 
   _
  _V.-o  Tristan Miller [en,(fr,de,ia)]  ><  Space is limited
 / |`-'  -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=  <>  In a haiku, so it's hard
(7_\\    http://www.nothingisreal.com/   ><  To finish what you


From pmehta.net at gmail.com  Sun Aug 14 00:24:55 2005
From: pmehta.net at gmail.com (Parag Mehta)
Date: Sun Aug 14 01:24:06 2005
Subject: GPG 1.4.2 errors
Message-ID: 

hi there,

can anyone help me figure this out. why am i getting the following
errors whenever i try to do any operation with gpg 1.4.2 for windows.

gpg: assuming bad signature from key E0BB4BCD due to an unknown critical bit
gpg: assuming bad signature from key E0BB4BCD due to an unknown critical bit
gpg: assuming bad signature from key E0BB4BCD due to an unknown critical bit
gpg: assuming bad signature from key E0BB4BCD due to an unknown critical bit
gpg: assuming bad signature from key E0BB4BCD due to an unknown critical bit
gpg: assuming bad signature from key E0BB4BCD due to an unknown critical bit
gpg: assuming bad signature from key E0BB4BCD due to an unknown critical bit
gpg: assuming bad signature from key E0BB4BCD due to an unknown critical bit
gpg: assuming bad signature from key E0BB4BCD due to an unknown critical bit
gpg: assuming bad signature from key E0BB4BCD due to an unknown critical bit
gpg: assuming bad signature from key E0BB4BCD due to an unknown critical bit
gpg: assuming bad signature from key E0BB4BCD due to an unknown critical bit
gpg: assuming bad signature from key E0BB4BCD due to an unknown critical bit
gpg: assuming bad signature from key E0BB4BCD due to an unknown critical bit
gpg: assuming bad signature from key E0BB4BCD due to an unknown critical bit
gpg: assuming bad signature from key E0BB4BCD due to an unknown critical bit
gpg: assuming bad signature from key E0BB4BCD due to an unknown critical bit
gpg: assuming bad signature from key E0BB4BCD due to an unknown critical bit
gpg: assuming bad signature from key E0BB4BCD due to an unknown critical bit
gpg: assuming bad signature from key E0BB4BCD due to an unknown critical bit
gpg: assuming bad signature from key E0BB4BCD due to an unknown critical bit
gpg: assuming bad signature from key E0BB4BCD due to an unknown critical bit
gpg: assuming bad signature from key E0BB4BCD due to an unknown critical bit
gpg: assuming bad signature from key E0BB4BCD due to an unknown critical bit
gpg: assuming bad signature from key E0BB4BCD due to an unknown critical bit
gpg: mpi larger than indicated length (2 bytes)
gpg: keyring_get_keyblock: read error: invalid packet
gpg: keyring_get_keyblock failed: invalid keyring
gpg: failed to rebuild keyring cache: invalid keyring
gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model
gpg: mpi larger than indicated length (2 bytes)
gpg: keyring_get_keyblock: read error: invalid packet
gpg: keydb_get_keyblock failed: invalid keyring
gpg: validate_key_list failed

From kfitzner at excelcia.org  Sun Aug 14 02:29:23 2005
From: kfitzner at excelcia.org (Kurt Fitzner)
Date: Sun Aug 14 03:41:15 2005
Subject: Forum mirror of mailing list
Message-ID: <42FE9063.4000800@excelcia.org>

As part of my GPGee project, I decided to create a mirror of this
mailing list in the form of a forum on my web site.  The hope was to
give GPGee users an easy way to search for answers to problems with GnuPG.

Seeing as Werner was kind enough to allow this, and that I was able to
import the entire mailing list archive (I didn't think originally that
would be feasable), I thought I'd let the mailing list community as a
whole know about this forum.  It has the standard phpBB search
capabilities, which are pretty good.  You can reach it directly at:
http://www.excelcia.org/modules.php?name=Forums

This mirror is intended as a suplimentary resource to the mailing list -
a way of more easily doing research or digging for answers that might be
burried and otherwise hard to dig up.

	Kurt.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 546 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20050813/f68c214f/signature.pgp
From hawke at hawkesnest.net  Sun Aug 14 04:16:05 2005
From: hawke at hawkesnest.net (Alex L. Mauer)
Date: Sun Aug 14 04:14:15 2005
Subject: Revokation of keys from smart card
Message-ID: 

Is it possible to revoke keys that have been stored on a smart card?  It 
seems to me that it is not.  Am I correct, or do I just need to do 
something other than "revkey"?
-- 
Bad - You get pulled over for doing 90 in a school zone and you're drunk 
off your ass again at three in the afternoon.
Worse - The cop is drunk too, and he's a mean drunk.
FUCK! - A mean drunk that's actually a swarm of semi-sentient 
flesh-eating beetles.
OpenPGP key id: 51192FF2 @ subkeys.pgp.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20050813/bb644538/signature.pgp
From sysop at sperryservices.com  Fri Aug 12 00:02:41 2005
From: sysop at sperryservices.com (Richard Sperry)
Date: Mon Aug 15 10:25:50 2005
Subject: [outlgpg] Outlook 2003 problems
In-Reply-To: <20050811212810.GG2475@Update.UU.SE>
Message-ID: 

The error report dump won't show in one screen.......  even if you did pull the ram dump... which means we would have the files to
send.  

--Rich

-----Original Message-----
From: gnupg-users-bounces@gnupg.org [mailto:gnupg-users-bounces@gnupg.org] On Behalf Of Samuel ]slund
Sent: Thursday, August 11, 2005 2:28 PM
To: gnupg-users@gnupg.org
Subject: Re: [outlgpg] Outlook 2003 problems

On Thu, Aug 11, 2005 at 12:29:01PM -0500, R. Jensen wrote:
> 
> As to copying the data that shows up as part of Microsoft's error
> reporting. The text is not selectable.
> 
> So, I don't see any path going forward that will help resolve the
> problem on my system:
>   Dr. Watson doesn't seem to get invoked, just Microsoft's
>      Error reporting.
>   I can't copy Microsoft's report content.

Did you try + ? 
That usually takes a screenshot of the curently active window.

HTH
//Samuel


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users



From robin.cooper at gmail.com  Fri Aug 12 15:52:54 2005
From: robin.cooper at gmail.com (Robin Cooper)
Date: Mon Aug 15 10:26:16 2005
Subject: Help revoking a signature
Message-ID: 

I feel like this ia a dumb question, but I can't seem to find the
commands in my docs or the WinPT program.

How can I revoke a signature I have added to someone else's key?

-- 
robin.cooper@gmail.com
PGP public key fingerprint: 2EE2 8019 3B18 1720 960F  B57A C9C3 3CB2 86B1 4A38
Lookup @ pgp.mit.edu: http://tinyurl.com/yv438
Lookup @ pgpkeys.pca.dfn.de: http://tinyurl.com/87kju

From sysop at sperryservices.com  Thu Aug 11 22:30:40 2005
From: sysop at sperryservices.com (Richard Sperry)
Date: Mon Aug 15 10:26:26 2005
Subject: [outlgpg] Outlook 2003 problems
In-Reply-To: <20050811200808.GA1954@daredevil.joesixpack.net>
Message-ID: 

When ol2003 dumps it should dump files to a temp dir.  I am attempting to make it dump to get you those. I am a non-checked XP Pro
SP2. With non-checked Office 03 Pro SP1


Also Richard is on a corp. network, which I am assuming has GPO's in affect.  So even if they allowed him to be a LOCAL (Machine)
admin, it would not allow him to write to some area's of the registry that the DOMAIN or GPO's specify as restricted.  

I can do some GPO research if you can give me a list of the .94 keys it want to write.

In my last test of the plug-in that your version from your site of GnuPG would work, but the main stream does not. 

Will get more info when my Outlook behaves, it keeps asking for c:\windows\system32\gpgexch.dll as not present.  Grrr

--Rich


-----Original Message-----
From: gnupg-users-bounces@gnupg.org [mailto:gnupg-users-bounces@gnupg.org] On Behalf Of Timo Schulz
Sent: Thursday, August 11, 2005 1:08 PM
To: gnupg-users@gnupg.org
Subject: Re: [outlgpg] Outlook 2003 problems

On Thu Aug 11 2005; 12:29, R. Jensen wrote:

> As to permissions, I checked and I'm in the administrators group
> on my machine--I can't think what other permissions I'd need. :-)

Then it's propably a bug. But I never got such a message so it is
propably a combination of some 'events'.

 
>   Dr. Watson doesn't seem to get invoked, just Microsoft's
>      Error reporting.
>   I can't copy Microsoft's report content.

I'm not sure about the details they present. Useful would be a
'stack backtrace'. But I'm not sure how they call it and if they
provide it at all.


> After all the modules, there is information about different threads,
> but without being able to copy the contents, I don't know what
> information would be helpful.

I guess this is the information I need. And something like CTRL+A
CTRL+C does not work?


> I'll be glad to try the next version, but I don't see there
> is anything more I can do with this one.

You already did a lot, thanks.


        Timo

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users



From folkert at vanheusden.com  Sun Aug 14 13:21:44 2005
From: folkert at vanheusden.com (Folkert van Heusden)
Date: Mon Aug 15 15:44:27 2005
Subject: signing only one particular uid on a key?
Message-ID: <20050814112143.GB31627@vanheusden.com>

Hi,

Because of my Robot CA (see http://www.signedtimestamp.org/robotca.php
for details) I would like to sign only 1 UID and not all UIDs on a key.
How can this be done? Yes, I checked the man-page.


Folkert van Heusden

-- 
Auto te koop, zie: http://www.vanheusden.com/daihatsu.php
--------------------------------------------------------------------
Get your PGP/GPG key signed at www.biglumber.com!
--------------------------------------------------------------------
Phone: +31-6-41278122, PGP-key: 1F28D8AE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 282 bytes
Desc: Digital signature
Url : /pipermail/attachments/20050814/76c41a1b/attachment-0001.pgp
From twoaday at gmx.net  Mon Aug 15 13:58:50 2005
From: twoaday at gmx.net (Timo Schulz)
Date: Mon Aug 15 15:46:11 2005
Subject: Help revoking a signature
In-Reply-To: 
References: 
Message-ID: <20050815115849.GA1255@daredevil.joesixpack.net>

On Fri Aug 12 2005; 14:52, Robin Cooper wrote:

> commands in my docs or the WinPT program.
> 
> How can I revoke a signature I have added to someone else's key?

Right now this is not possible via WinPT. It supports to delete
signatures, but not to revoke them.

The code is almost available, I just need to think of a user interface.


        Timo

From shavital at mac.com  Mon Aug 15 14:34:08 2005
From: shavital at mac.com (Charly Avital)
Date: Mon Aug 15 15:56:57 2005
Subject: Help revoking a signature
In-Reply-To: 
References: 
Message-ID: <9BA62E9E-2D79-45F4-BFAF-322C06E539B8@mac.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

 From man gpg:
"To revoke a subkey or a signature, use the --edit command."

Provided you didn't sign that key using the nrsign command, you can  
still revoke your own signature.

It could look like this:

$ gpg --edit-key [key ID]
 >Command revsign [return]

You have signed these user IDs on key [key ID]:
      User name 
    signed by your key [signing key ID] on [signature date]

Create a revocation certificate for this signature? (y/N)

You take it from there. Eventually, you'll be requested to enter the  
passphrase of the key you used for the signature you want to revoke,  
a reason for the revocation, and a comment.

At the end of the process, the Terminal emulator (I am a Mac user),  
or DOS prompt will show the key without your signature. Save it.

To check what you have done:

Type gpg --edit-key [key ID where you have just revoked your signature]
 >Command check [this will display the key's signatures]
there will be a line like:
rev! [your signing key ID] [signature date]  your name  


*and also* a line showing your original signature.


This proves that the new keyblock contains both your original  
signature and its revocation.

If the key (you signed) is already on the keyservers, you should  
consider to upload the new keyblock to a keyserver too.

A remark for the gpg gurus:
In my gpg system 1.4.2, the reason and comment for the revocation,  
that I entered during the revocation process, do not show. I think  
they should, otherwise why gpg requires to enter that information?


Good luck,
Charly



On Aug 12, 2005, at 9:52 AM, Robin Cooper wrote:

> I feel like this ia a dumb question, but I can't seem to find the
> commands in my docs or the WinPT program.
>
> How can I revoke a signature I have added to someone else's key?
>
> -- 
> robin.cooper@gmail.com
> PGP public key fingerprint: 2EE2 8019 3B18 1720 960F  B57A C9C3  
> 3CB2 86B1 4A38
> Lookup @ pgp.mit.edu: http://tinyurl.com/yv438
> Lookup @ pgpkeys.pca.dfn.de: http://tinyurl.com/87kju
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)
Comment: GnuPG for Privacy

iQIVAwUBQwCLzW69XHxycyfPAQhaJA/+JD2g3aeo9aHv5705RvBb30Ww6ve3WL7h
rMsYFXJyKpfQ0GOg0VyccYzjIw6efTDJMJV6dfEGCG7FAkxJqOYaccz3WqxMUsOy
CLB8lMIvEHQyhZOEJyBFT+eEy+Z5n4W/+JVmM5V33WHk/nleJE2fx1z5YX/QsM9n
EbYEQVCCOYAriD924HtbR1V6rMv09SFalCFhpAVYaAC5WlizHzgkAuK970c4CpfR
j1u/YVXlAlPbMIpYs7ZbJq931CTNALiroAylo1HHkoSS+JHLiqREnNJhRLeiKdD0
DAO8UFq7kUSjSLiOXO6HWT3vhqj/ivlgnTJaJFHN2P4U1XdtcbjKJC8o4Xnx9WdE
IWGKUOq3hhw6t1RaHifRg4uxLn5LVMOxMiErEFsmXAfjUPVX5bFSfieYbWWyyj3w
8wCRl+glG7Fl6Ij6fh4LfvP/iaBCJmmX1hTMv0+nsznhgDMBmUP6roN5ust4XYP6
7yM3P+POnFTyewnl3SUK9mnN+QelONghPv45fsWU3grQdSRiV/qz1rTRmiyPUiiH
dskNAJHRHQkyY7BM7AqtmBW7aDGNnAhT6dN/ZmzE9BdP8p2+FaCqcYXiOdJgArpj
PLsYIXbO/q2muHzsYRH1vIcyJ0yCh9SIl/+OA1ak8niZixNdJLUnIM8GpkLpqW2h
4fYXofO14jg=
=XuSI
-----END PGP SIGNATURE-----

From shavital at mac.com  Mon Aug 15 16:04:56 2005
From: shavital at mac.com (Charly Avital)
Date: Mon Aug 15 15:59:53 2005
Subject: Help revoking a signature
In-Reply-To: 
References: 
Message-ID: <7E40B254-852A-439C-B598-E3E6926AB019@mac.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

 From man gpg:
"To revoke a subkey or a signature, use the --edit command."

Provided you didn't sign that key using the nrsign command, you can  
still revoke your own signature.

It could look like this:

$ gpg --edit-key [key ID]
 >Command revsign [return]

You have signed these user IDs on key [key ID]:
      User name 
    signed by your key [signing key ID] on [signature date]

Create a revocation certificate for this signature? (y/N)

You take it from there. Eventually, you'll be requested to enter the  
passphrase of the key you used for the signature you want to revoke,  
a reason for the revocation, and a comment.

At the end of the process, the Terminal emulator (I am a Mac user),  
or DOS prompt will show the key without your signature. Save it.

To check what you have done:

Type gpg --edit-key [key ID where you have just revoked your signature]
 >Command check [this will display the key's signatures]
there will be a line like:
rev! [your signing key ID] [signature date]  your name  


*and also* a line showing your original signature.


This proves that the new keyblock contains both your original  
signature and its revocation.

If the key (you signed) is already on the keyservers, you should  
consider to upload the new keyblock to a keyserver too.

A remark for the gpg gurus:
In my gpg system 1.4.2, the reason and comment for the revocation,  
that I entered during the revocation process, do not show. I think  
they should, otherwise why gpg requires to enter that information?


Good luck,
Charly



On Aug 12, 2005, at 9:52 AM, Robin Cooper wrote:


> I feel like this ia a dumb question, but I can't seem to find the
> commands in my docs or the WinPT program.
>
> How can I revoke a signature I have added to someone else's key?
>
> -- 
> robin.cooper@gmail.com
> PGP public key fingerprint: 2EE2 8019 3B18 1720 960F  B57A C9C3  
> 3CB2 86B1 4A38
> Lookup @ pgp.mit.edu: http://tinyurl.com/yv438
> Lookup @ pgpkeys.pca.dfn.de: http://tinyurl.com/87kju
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)
Comment: GnuPG for Privacy

iQIVAwUBQwCLzW69XHxycyfPAQhaJA/+JD2g3aeo9aHv5705RvBb30Ww6ve3WL7h
rMsYFXJyKpfQ0GOg0VyccYzjIw6efTDJMJV6dfEGCG7FAkxJqOYaccz3WqxMUsOy
CLB8lMIvEHQyhZOEJyBFT+eEy+Z5n4W/+JVmM5V33WHk/nleJE2fx1z5YX/QsM9n
EbYEQVCCOYAriD924HtbR1V6rMv09SFalCFhpAVYaAC5WlizHzgkAuK970c4CpfR
j1u/YVXlAlPbMIpYs7ZbJq931CTNALiroAylo1HHkoSS+JHLiqREnNJhRLeiKdD0
DAO8UFq7kUSjSLiOXO6HWT3vhqj/ivlgnTJaJFHN2P4U1XdtcbjKJC8o4Xnx9WdE
IWGKUOq3hhw6t1RaHifRg4uxLn5LVMOxMiErEFsmXAfjUPVX5bFSfieYbWWyyj3w
8wCRl+glG7Fl6Ij6fh4LfvP/iaBCJmmX1hTMv0+nsznhgDMBmUP6roN5ust4XYP6
7yM3P+POnFTyewnl3SUK9mnN+QelONghPv45fsWU3grQdSRiV/qz1rTRmiyPUiiH
dskNAJHRHQkyY7BM7AqtmBW7aDGNnAhT6dN/ZmzE9BdP8p2+FaCqcYXiOdJgArpj
PLsYIXbO/q2muHzsYRH1vIcyJ0yCh9SIl/+OA1ak8niZixNdJLUnIM8GpkLpqW2h
4fYXofO14jg=
=XuSI
-----END PGP SIGNATURE-----


From alphasigmax at gmail.com  Mon Aug 15 13:23:08 2005
From: alphasigmax at gmail.com (Alphax)
Date: Mon Aug 15 16:31:39 2005
Subject: GPG 1.4.2 errors
In-Reply-To: 
References: 
Message-ID: <43007B1C.4030800@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Parag Mehta wrote:
> hi there,
> 
> can anyone help me figure this out. why am i getting the following
> errors whenever i try to do any operation with gpg 1.4.2 for windows.
> 
> gpg: assuming bad signature from key E0BB4BCD due to an unknown critical bit

> gpg: mpi larger than indicated length (2 bytes)
> gpg: keyring_get_keyblock: read error: invalid packet
> gpg: keyring_get_keyblock failed: invalid keyring
> gpg: failed to rebuild keyring cache: invalid keyring
> gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model
> gpg: mpi larger than indicated length (2 bytes)
> gpg: keyring_get_keyblock: read error: invalid packet
> gpg: keydb_get_keyblock failed: invalid keyring
> gpg: validate_key_list failed
> 

I imported the key with GPG 1.4.2 with:

import-options repair-pks-subkey-bug import-clean-sigs import-clean-uids

set in gpg.conf and it gave the "assuming bad signature" thing, then
carried on as normal. Re-importing it through GPGshell cleaned 2
signatures, but re-importing through gpg on the command line added the
sigs again. Even re-importing using:

gpg --import-options repair-pks-subkey-bug --import-options
import-clean-sigs --import-options import-clean-uids --recv-keys 0xE0BB4BCD

on the command line re-added the signatures, but --edit-key clean
removed them again.

This definately seems like a bug. Fortunately, my keyring didn't bork
itself...

- --
Alphax                      |   /"\
Encrypted Email Preferred   |   \ /     ASCII Ribbon Campaign
OpenPGP key ID: 0xF874C613  |    X   Against HTML email & vCards
http://tinyurl.com/cc9up    |   / \
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDAHsb/RxM5Ph0xhMRA9wGAJwIVz6O2blb3wMKMTRsd3WUJP6iHwCfWRiu
R0V5shmxbZAP+eOHKkvI/NE=
=zIQo
-----END PGP SIGNATURE-----

From JPClizbe at comcast.net  Sun Aug 14 15:24:49 2005
From: JPClizbe at comcast.net (John Clizbe)
Date: Mon Aug 15 16:36:24 2005
Subject: GPG 1.4.2 errors
In-Reply-To: 
References: 
Message-ID: <42FF4621.1050202@comcast.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Parag Mehta wrote:
> hi there,
> 
> can anyone help me figure this out. why am i getting the following
> errors whenever i try to do any operation with gpg 1.4.2 for windows.
> 
> gpg: mpi larger than indicated length (2 bytes)
> gpg: keyring_get_keyblock: read error: invalid packet
> gpg: keyring_get_keyblock failed: invalid keyring
> gpg: failed to rebuild keyring cache: invalid keyring
> gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model
> gpg: mpi larger than indicated length (2 bytes)
> gpg: keyring_get_keyblock: read error: invalid packet
> gpg: keydb_get_keyblock failed: invalid keyring
> gpg: validate_key_list failed

Saw the same type error with 1.4.2. Turned out to be two keys that each had
a zero length packet.  Jason Harris wote patches for both his PKS server and
his SKS keyserver. I used 1.4.1 and 1.4.2 to locate and delete the keys in
question and all is fine with 1.4.2 now. (I do a lot of building and testing
so I tend to have multiple versions on my system.) Write me directly for
details.

- --
John P. Clizbe                   Inet:   JPClizbe(a)comcast DOT nyet
Golden Bear Networks             PGP/GPG KeyID: 0x608D2A10
"Be who you are and say what you feel because those who mind don't matter
and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3-cvs-2005-08-12 (Windows 2000 SP4)
Comment: When cryptography is outlawed, b25seSBvdXRsYXdzIHdpbGwgdXNlIG
Comment: Be part of the ?33t ECHELON -- Use Strong Encryption.
Comment: It's YOUR right - for the time being.
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFC/0YhHQSsSmCNKhARAqhDAJ9pk1Bjbe3YtdYe49kxheARrIWddwCggw2r
wPj/HA/dNxCmZ0reuMp7nSw=
=8Zl6
-----END PGP SIGNATURE-----

From alphasigmax at gmail.com  Mon Aug 15 12:36:33 2005
From: alphasigmax at gmail.com (Alphax)
Date: Mon Aug 15 16:40:40 2005
Subject: Help revoking a signature
In-Reply-To: 
References: 
Message-ID: <43007031.3090701@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Robin Cooper wrote:
> I feel like this ia a dumb question, but I can't seem to find the
> commands in my docs or the WinPT program.
> 
> How can I revoke a signature I have added to someone else's key?
> 

- From the command line:

gpg --edit-key (keyid)

revsig

- --
Alphax                      |   /"\
Encrypted Email Preferred   |   \ /     ASCII Ribbon Campaign
OpenPGP key ID: 0xF874C613  |    X   Against HTML email & vCards
http://tinyurl.com/cc9up    |   / \
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDAHAx/RxM5Ph0xhMRAztMAJ9H9Ei3weDy97Gjts3lytohyfu7hwCfV9dy
9N8FqCC3dTxdhC0przQD8hk=
=P+fG
-----END PGP SIGNATURE-----

From erpo41 at hotpop.com  Mon Aug 15 04:06:02 2005
From: erpo41 at hotpop.com (Eric)
Date: Mon Aug 15 16:49:58 2005
Subject: Access experimental subpackets of 'User Attribute Packet'
In-Reply-To: <200508121752.j7CHq1Re080431@mailserver2.hushmail.com>
References: <200508121752.j7CHq1Re080431@mailserver2.hushmail.com>
Message-ID: <1124071562.5498.13.camel@localhost.localdomain>

On Fri, 2005-08-12 at 10:51 -0700, vedaal@hush.com wrote:
> David Srbecky dsrbecky at gmail.com 
> Thu Aug 11 18:19:54 CEST 2005 wrote:
> 
> ] I have payed with the idea of using experimental subpackets
> ] of 'User Attribute Packet' and here is what I came up with:

> doesn't this pose some risk of exploit ?
> 
> suppose someone wants to put a malicious executable
> as part of the packet,
> and gives it some interesting name,

> is there anything in gnupg that would prevent the running of the 
> executable?
> (i.e. is the key just 'ignored' or 'refused'
> as 'key with unsupported packet type' ?
> 
> and can this protect against some type of malware corrupting the 
> system,
> just by getting gnupg to 'check' the packet ?)

1. GPG doesn't have any reason to be more vulnerable to this type of
"attack" than any other piece ef software.

It doesn't matter what you put in a supposed pgp public key block and
send to gpg -- gpg should not execute anything inside of it. If gpg does
execute machine code that's been passed to it in a file, it's a bug in
gpg. There may or may not be an undiscovered bug of this type in the
subpacket processing code in gpg.

Perhaps the reason you are concerned about this type of problem is that
you are used to hearing about "code that executes when you view a
malicious Word document" or "a worm that takes over your computer when
you view a specially crafted email using Outlook". Issues like those are
the result of poor application design. In other words, there is nothing
inherent about computers or computer programs that creates an
unavoidable progression from viewing or malipulating something to
executing it.


Eric



From hawke at hawkesnest.net  Sun Aug 14 18:06:49 2005
From: hawke at hawkesnest.net (Alex L. Mauer)
Date: Mon Aug 15 22:01:14 2005
Subject: Revokation of keys from smart card
In-Reply-To: 
References: 
Message-ID: 

Alex L. Mauer wrote:
> Is it possible to revoke keys that have been stored on a smart card?  It 
> seems to me that it is not.  Am I correct, or do I just need to do 
> something other than "revkey"?

Oh right ... my bad on that one (it helps to have the secret key for the 
primary key on the keyring that's being edited.  But perhaps GnuPG 
should give an error of some kind indicating that it didn't work and why.
-- 
Bad - You get pulled over for doing 90 in a school zone and you're drunk 
off your ass again at three in the afternoon.
Worse - The cop is drunk too, and he's a mean drunk.
FUCK! - A mean drunk that's actually a swarm of semi-sentient 
flesh-eating beetles.
OpenPGP key id: 51192FF2 @ subkeys.pgp.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20050814/ccdcf9f4/signature-0001.pgp
From psychonaut at nothingisreal.com  Sun Aug 14 13:21:55 2005
From: psychonaut at nothingisreal.com (Tristan Miller)
Date: Mon Aug 15 22:01:46 2005
Subject: Forum mirror of mailing list
References: <42FE9063.4000800@excelcia.org>
Message-ID: <1640957.IKQlPGNchA@ID-187157.News.Individual.NET>

Greetings.

In article <42FE9063.4000800@excelcia.org>, Kurt Fitzner wrote:
> As part of my GPGee project, I decided to create a mirror of this
> mailing list in the form of a forum on my web site.  The hope was to
> give GPGee users an easy way to search for answers to problems with
> GnuPG.

Thanks for this resource!  Some readers may also want to know about the
Usenet mirror of this mailing list, gmane.comp.gnu.gnupg.users and/or
gmane.comp.encryption.gpg.user.  The gmane.* hierarchy is available on the
server news.gmane.org.  Here's a direct link:


Regards,
Tristan

-- 
   _
  _V.-o  Tristan Miller [en,(fr,de,ia)]  ><  Space is limited
 / |`-'  -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=  <>  In a haiku, so it's hard
(7_\\    http://www.nothingisreal.com/   ><  To finish what you


From linux at codehelp.co.uk  Tue Aug 16 10:20:32 2005
From: linux at codehelp.co.uk (Neil Williams)
Date: Tue Aug 16 10:15:12 2005
Subject: signing only one particular uid on a key?
In-Reply-To: <20050814112143.GB31627@vanheusden.com>
References: <20050814112143.GB31627@vanheusden.com>
Message-ID: <200508160920.32666.linux@codehelp.co.uk>

On Sunday 14 August 2005 12:21 pm, Folkert van Heusden wrote:
> Hi,
>
> Because of my Robot CA (see http://www.signedtimestamp.org/robotca.php
> for details) I would like to sign only 1 UID and not all UIDs on a key.
> How can this be done? Yes, I checked the man-page.

Then you missed it.
$ man gpg
/edit
uid n     Toggle selection of user id with index n.  Use 0 to deselect all.

$ gpg --edit-key 
command> uid 1

That selects the first uid on a toggle basis - uid 1 unselects it, uid 2 
selects the second uid and leaves other selections unchanged.

Subsequent commands operate on the selected UID's.

-- 

Neil Williams
=============
http://www.data-freedom.org/
http://www.nosoftwarepatents.com/
http://www.linux.codehelp.co.uk/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20050816/bc50554a/attachment.pgp
From folkert at vanheusden.com  Tue Aug 16 13:46:41 2005
From: folkert at vanheusden.com (Folkert van Heusden)
Date: Tue Aug 16 13:41:27 2005
Subject: signing only one particular uid on a key?
In-Reply-To: <200508160920.32666.linux@codehelp.co.uk>
References: <20050814112143.GB31627@vanheusden.com>
	<200508160920.32666.linux@codehelp.co.uk>
Message-ID: <20050816114640.GU5679@vanheusden.com>

> > Because of my Robot CA (see http://www.signedtimestamp.org/robotca.php
> > for details) I would like to sign only 1 UID and not all UIDs on a key.
> > How can this be done? Yes, I checked the man-page.
> Then you missed it.
> $ man gpg
> /edit
> uid n     Toggle selection of user id with index n.  Use 0 to deselect all.
> $ gpg --edit-key 
> command> uid 1

Aha ok. I expected the --edit-key to be for your own key only. Is it
also possible to select the uid from the commandline?

> That selects the first uid on a toggle basis - uid 1 unselects it, uid 2 
> selects the second uid and leaves other selections unchanged.
> Subsequent commands operate on the selected UID's.

Thanks.


Folkert van Heusden

-- 
Auto te koop, zie: http://www.vanheusden.com/daihatsu.php
--------------------------------------------------------------------
Get your PGP/GPG key signed at www.biglumber.com!
--------------------------------------------------------------------
Phone: +31-6-41278122, PGP-key: 1F28D8AE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 282 bytes
Desc: Digital signature
Url : /pipermail/attachments/20050816/de8702ce/attachment.pgp
From alon.barlev at gmail.com  Mon Aug 15 09:02:38 2005
From: alon.barlev at gmail.com (Alon Bar-Lev)
Date: Tue Aug 16 14:40:28 2005
Subject: PKCS#11 support for gpg-agent
Message-ID: <9e0cf0bf0508150002246f60b5@mail.gmail.com>

Hello,

I know it is an old issue... But I think it is very important issue,
so I want to raise it again.

PKCS#11 is a standard specifying how to access cryptographic token.
Must smartcard vendors provide PKCS#11 library that allow simple 
smartcard integration with applications.

PKCS#11 implementation is not platform specific and is implemented for 
Windows, Linux etc...

I couldn't see any plans to support this standard, and could find some 
answers that suggest it will not be supported.

Mozilla, Firefox, Thunderbird and now Java support PKCS#11 standard in 
order to access cryptographic tokens, gives these software an edge in 
smartcard integration.

openssl have a gateway through open-sc to PKCS#11 tokens, but it is very
basic gateway that can only use private key objects on the token.

When I saw that in the new version gpg has gpg-agent I was very glad! I 
thought that finally a standard implementation to access cryptographic 
tokens will be implemented.

But then I've seen that only proprietary smartcard tokens are supported 
(directly) and ssh-agent... No standard way to access external 
cryptographic devices.

I will be glad to discuses the need of implementing PKCS#11 support for 
gpg-agent, and helping in the implementation process...

I think it is very important to have such support for any software that 
deals with cryptographic and secrets. gnupg falls into this category...

Best Regards,
Alon Bar-Lev

From robin.cooper at gmail.com  Tue Aug 16 09:01:48 2005
From: robin.cooper at gmail.com (Robin)
Date: Tue Aug 16 14:40:32 2005
Subject: Help revoking signatures on a key
Message-ID: 

Thanks for help everyone. I've revoked the signatures I wanted to and
the key now shows revokations in the output of gpg --edit-key ...
revsig.

I've submmitted the key to pgp.mit.edu and it did say that new
signatures were added, but after 24 hours, I can still see my
signatures listed there. I've deleted the key from my keyring and
reimported it from the server, but there were no revokation certs
present (according to WinPT's import function)

If I do gpg --edit-key ... revsig again though, I still see my
revokations. So either:

The signatures are revoked on the server, they just look the same as
the other non-revoked ones.

or

My revokations aren't added to the key itself.


-- 
robin.cooper@gmail.com
PGP public key fingerprint: 2EE2 8019 3B18 1720 960F  B57A C9C3 3CB2 86B1 4A38
Lookup @ pgp.mit.edu: http://tinyurl.com/yv438
Lookup @ pgpkeys.pca.dfn.de: http://tinyurl.com/87kju

From weseral at ukr.net  Tue Aug 16 10:04:08 2005
From: weseral at ukr.net (=?windows-1251?Q?=c2=e0=f1=e8=eb=e8=e9_=cf=e5=f2=f0=ee=e2?=)
Date: Tue Aug 16 14:40:35 2005
Subject: Install problems
Message-ID: 

Can you help me install libgcrypt under Windows platform ? I unable to use configure with Windows

From samjnaa at gmail.com  Tue Aug 16 13:13:58 2005
From: samjnaa at gmail.com (Shriramana Sharma)
Date: Tue Aug 16 14:58:59 2005
Subject: Newbie: Sharing GnuPG info betn Windows and Linux
Message-ID: <4301CA76.8070206@gmail.com>

I am a newbie to Linux and GnuPG and I have only today downloaded: GnuPG 
Windows Installer, GnuPG Linux Source Code, GnuPT and GPG Shell. I have 
Windows XP, SuSE 9.3 and Fedora Core 4 running on my system.

First I have created my public and private keys using KGPG on SuSE 9.3. 
(I always use KDE.) Now I wish to transfer this to Windows and use the 
same keys from both Linux and Windows.

I have read The GNU Privacy Handbook PDF file, but it gives all 
instructions based on the command line, and does not help me beyond how 
to create keys etc.

I wish to use PGP encryption on:

Windows:
  SeaMonkey Mail Client
  Explorer

Linux:
  SeaMonkey Mail Client
  KMail
  Konqueror

Please advise me how I should proceed.

Thank you.

-- 

Shriramana Sharma
http://samvit.org

   (o-   Penguin #395953
   //\   running on ancient Indian wisdom
   V_/_  and modern computing efficiency


From linux at codehelp.co.uk  Tue Aug 16 15:31:12 2005
From: linux at codehelp.co.uk (Neil Williams)
Date: Tue Aug 16 15:25:51 2005
Subject: Help revoking signatures on a key
In-Reply-To: 
References: 
Message-ID: <200508161431.12916.linux@codehelp.co.uk>

On Tuesday 16 August 2005 8:01 am, Robin wrote:
> I've submmitted the key to pgp.mit.edu

Use a better keyserver: subkeys.pgp.net

> The signatures are revoked on the server, they just look the same as
> the other non-revoked ones.

No, the keyserver probably doesn't understand what you've done. Use a better 
keyserver.

-- 

Neil Williams
=============
http://www.data-freedom.org/
http://www.nosoftwarepatents.com/
http://www.linux.codehelp.co.uk/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20050816/47a8a26f/attachment.pgp
From alphasigmax at gmail.com  Tue Aug 16 15:45:03 2005
From: alphasigmax at gmail.com (Alphax)
Date: Tue Aug 16 15:42:00 2005
Subject: Newbie: Sharing GnuPG info betn Windows and Linux
In-Reply-To: <4301CA76.8070206@gmail.com>
References: <4301CA76.8070206@gmail.com>
Message-ID: <4301EDDF.7050609@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Shriramana Sharma wrote:
> I am a newbie to Linux and GnuPG and I have only today downloaded: GnuPG
> Windows Installer, GnuPG Linux Source Code, GnuPT and GPG Shell. I have
> Windows XP, SuSE 9.3 and Fedora Core 4 running on my system.
> 
> First I have created my public and private keys using KGPG on SuSE 9.3.
> (I always use KDE.) Now I wish to transfer this to Windows and use the
> same keys from both Linux and Windows.
> 
> I have read The GNU Privacy Handbook PDF file, but it gives all
> instructions based on the command line, and does not help me beyond how
> to create keys etc.
> 

You will need to have some way of transferring files between Windows and
your Linux filesystems (FAT32/NTFS and ext2/3), and some way of
synchronising your keyring(s) between them. One option might be to use a
USB drive of some sort.

> I wish to use PGP encryption on:
> 
> Windows:
>  SeaMonkey Mail Client
>  Explorer
> 

SeaMonkey is a branch of Mozilla, right? You will need Enigmail -
http://enigmail.mozdev.org/ should have it...

GPGshell should give you context menus in Explorer.

> Linux:
>  SeaMonkey Mail Client
>  KMail
>  Konqueror
> 

I believe that there is also a plugin available for KMail.

- --
Alphax                      |   /"\
Encrypted Email Preferred   |   \ /     ASCII Ribbon Campaign
OpenPGP key ID: 0xF874C613  |    X   Against HTML email & vCards
http://tinyurl.com/cc9up    |   / \
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDAe3f/RxM5Ph0xhMRA9F2AJwMozyQmTZ7hvCzhvYg0uPV2E7tPQCfYlcn
ASlsAftR5etEESBQwsGdNTQ=
=XYz8
-----END PGP SIGNATURE-----

From wk at gnupg.org  Wed Aug 17 09:51:32 2005
From: wk at gnupg.org (Werner Koch)
Date: Wed Aug 17 09:51:07 2005
Subject: gpg-agent doesn't remember passphrase
In-Reply-To: <2003596.PEJsFSjTCn@ID-187157.News.Individual.NET> (Tristan
	Miller's message of "Sat, 13 Aug 2005 22:49:27 +0200")
References: <2003596.PEJsFSjTCn@ID-187157.News.Individual.NET>
Message-ID: <87fyt9f1bv.fsf@wheatstone.g10code.de>

On Sat, 13 Aug 2005 22:49:27 +0200, Tristan Miller said:

> gpg-1.4.0-4
> gpgme-1.0.2-3
> pinentry-0.7.1-4
> libksba-0.9.10-3

and the version of gpg-agent is ... ?

"gpg-agent --version"


Salam-Shalom,

   Werner


From wk at gnupg.org  Wed Aug 17 09:59:17 2005
From: wk at gnupg.org (Werner Koch)
Date: Wed Aug 17 09:56:26 2005
Subject: Install problems
In-Reply-To:  (weseral@ukr.net's message of
	"Tue, 16 Aug 2005 11:04:08 +0300")
References: 
Message-ID: <877jelf0yy.fsf@wheatstone.g10code.de>

On Tue, 16 Aug 2005 11:04:08 +0300, "=?windows-1251?Q?=c2=e0=f1=e8=eb=e8=e9 =cf=e5=f2=f0=ee=e2?=" said:

> Can you help me install libgcrypt under Windows platform ? I unable to use configure with Windows

You need t build it on a posix system.  Debian GNU/LInux is the most
convenient system do do this (apt-get install mingw32) but other POSix
systems should work too.  Native Mingw might also work.


Salam-Shalom,

   Werner


From wk at gnupg.org  Wed Aug 17 09:57:08 2005
From: wk at gnupg.org (Werner Koch)
Date: Wed Aug 17 09:56:58 2005
Subject: PKCS#11 support for gpg-agent
In-Reply-To: <9e0cf0bf0508150002246f60b5@mail.gmail.com> (Alon Bar-Lev's
	message of "Mon, 15 Aug 2005 09:02:38 +0200")
References: <9e0cf0bf0508150002246f60b5@mail.gmail.com>
Message-ID: <87br3xf12j.fsf@wheatstone.g10code.de>

On Mon, 15 Aug 2005 09:02:38 +0200, Alon Bar-Lev said:

> PKCS#11 is a standard specifying how to access cryptographic token.
> Must smartcard vendors provide PKCS#11 library that allow simple 
> smartcard integration with applications.

For legal reasons you are anyway not allowed to use almost all of them
with GPL software.  So it does not make any sense to support it.

> Mozilla, Firefox, Thunderbird and now Java support PKCS#11 standard in 
> order to access cryptographic tokens, gives these software an edge in 
> smartcard integration.

Writing a pkcs#11 module to connect Mozilla with GnuPG is possible and
actually on my whish list.

> But then I've seen that only proprietary smartcard tokens are supported 
> (directly) and ssh-agent... No standard way to access external 

Proprietary?  We use a card specification which is entirely open and
may be implemented without fearing legal department actions.  There
are not that many open specifications. (Don't say pkcs#15 - this is
just a framework)

> I will be glad to discuses the need of implementing PKCS#11 support for 
> gpg-agent, and helping in the implementation process...

Pretty easy to write, the interface of gpg-agent is documented.
gpgsm and gpg are expample on how to use it.  gpg-connect-agent may
even be used to script to this interface.



Shalom-Salam,

   Werner


From og at pre-secure.de  Wed Aug 17 11:49:43 2005
From: og at pre-secure.de (Olaf Gellert)
Date: Wed Aug 17 11:48:35 2005
Subject: Signature verification fails with GPG 1.4.0
Message-ID: <43030837.2060502@pre-secure.de>

Hi all,

I tried to verify the detached signature for a file
using GPG 1.4.0 (on SuSE 9.3). GPG told me that it was
a bad signature:

> gpg --verify libprelude-0.9.0-rc11.tar.gz.sig

Output:
gpg: Signature made Mon 01 Aug 2005 11:29:02 PM CEST using RSA key ID 23D2FAC3
gpg: BAD signature from "Prelude Hybrid IDS Archives Verification Key
"

Well, right now I installed GPG 1.4.2 and the signature
is validated successfully:

> gpg --verify libprelude-0.9.0-rc11.tar.gz.sig
gpg: Signature made Mon 01 Aug 2005 11:29:02 PM CEST using RSA key ID 23D2FAC3
gpg: Good signature from "Prelude Hybrid IDS Archives Verification Key
"

Some bug that was fixed recently? This is a little
bit weird... The files were:

http://www.prelude-ids.org/download/releases/libprelude-0.9.0-rc11.tar.gz
http://www.prelude-ids.org/download/releases/libprelude-0.9.0-rc11.tar.gz.sig

and they were transferred correctly (otherwise gpg 1.4.2 should
fail to validate the signature, too). Could this be related to
the signature being a "textmode" signature (on a binary file)?

Cheers, Olaf

-- 
Dipl.Inform. Olaf Gellert                  PRESECURE (R)
Senior Researcher,                       Consulting GmbH
Phone: (+49) 0700 / PRESECURE           og@pre-secure.de

                        A daily view on Internet Attacks
                        https://www.ecsirt.net/sensornet


From thecivvie at fastmail.fm  Wed Aug 17 22:12:34 2005
From: thecivvie at fastmail.fm (Sean Rima)
Date: Wed Aug 17 23:17:46 2005
Subject: gswot.org reg page is bust
Message-ID: <43039A32.3030200@fastmail.fm>

Cannot access it from any browser, even tried IE with no luck

Sean--
ICQ: 679813    FidoNet: 2:263/950
Jabber: tcob1@jabber.org AOL: tcobone
Vodafone Messenger: thecivvie
FreeWorldDial 689482
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2859 bytes
Desc: S/MIME Cryptographic Signature
Url : /pipermail/attachments/20050817/9ac45bea/smime.bin
From thecivvie at fastmail.fm  Wed Aug 17 23:38:24 2005
From: thecivvie at fastmail.fm (Sean Rima)
Date: Wed Aug 17 23:38:39 2005
Subject: gswot.org reg page is bust
In-Reply-To: <43039A32.3030200@fastmail.fm>
References: <43039A32.3030200@fastmail.fm>
Message-ID: <4303AE50.5030500@fastmail.fm>

Sean Rima wrote:
> Cannot access it from any browser, even tried IE with no luck
> 

Ignore got a reply on this which explained it

Sean

-- 
ICQ: 679813    FidoNet: 2:263/950
Jabber: tcob1@jabber.org AOL: tcobone
Vodafone Messenger: thecivvie
FreeWorldDial 689482
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2859 bytes
Desc: S/MIME Cryptographic Signature
Url : /pipermail/attachments/20050817/a3f8c289/smime.bin
From dshaw at jabberwocky.com  Wed Aug 17 23:56:03 2005
From: dshaw at jabberwocky.com (David Shaw)
Date: Thu Aug 18 05:52:30 2005
Subject: Signature verification fails with GPG 1.4.0
In-Reply-To: <43030837.2060502@pre-secure.de>
References: <43030837.2060502@pre-secure.de>
Message-ID: <20050817215603.GC30016@jabberwocky.com>

On Wed, Aug 17, 2005 at 11:49:43AM +0200, Olaf Gellert wrote:
> Hi all,
> 
> I tried to verify the detached signature for a file
> using GPG 1.4.0 (on SuSE 9.3). GPG told me that it was
> a bad signature:
> 
> > gpg --verify libprelude-0.9.0-rc11.tar.gz.sig
> 
> Output:
> gpg: Signature made Mon 01 Aug 2005 11:29:02 PM CEST using RSA key ID 23D2FAC3
> gpg: BAD signature from "Prelude Hybrid IDS Archives Verification Key
> "
> 
> Well, right now I installed GPG 1.4.2 and the signature
> is validated successfully:
> 
> > gpg --verify libprelude-0.9.0-rc11.tar.gz.sig
> gpg: Signature made Mon 01 Aug 2005 11:29:02 PM CEST using RSA key ID 23D2FAC3
> gpg: Good signature from "Prelude Hybrid IDS Archives Verification Key
> "
> 
> Some bug that was fixed recently? This is a little
> bit weird... The files were:
> 
> http://www.prelude-ids.org/download/releases/libprelude-0.9.0-rc11.tar.gz
> http://www.prelude-ids.org/download/releases/libprelude-0.9.0-rc11.tar.gz.sig
> 
> and they were transferred correctly (otherwise gpg 1.4.2 should
> fail to validate the signature, too). Could this be related to
> the signature being a "textmode" signature (on a binary file)?

Yes, that is what is wrong.  There is a very long explanation about
text canonicalization which explains why it works in 1.4.2 but not in
1.4.0, but the bottom line is that if the file is binary, it needs a
binary sig or it just won't work reliably.  (I've been trying to
persuade the spamassassin release people of this for a while now).

I can guarantee it will break between different versions of GnuPG, and
I can guarantee it will break between different versions of GnuPG and
PGP.

David

From jefrys at comcast.net  Thu Aug 18 23:49:11 2005
From: jefrys at comcast.net (Jefry Sharp)
Date: Fri Aug 19 00:30:53 2005
Subject: help with GPGShell and path
Message-ID: <43050257.4080205@comcast.net>

Greetings,
Having set path already (it even _shows_ in the Path display box _in the 
shell_!), i can't seem to get the shell to recognise or accept the 
locations. Previously, i could select the buttons and browse to the 
site, but buttons are now greyed out. Using the 'install from archive' 
button on the bottom doesn't work either, i get> 'Run-time errror '383': 
'Text' property is read-only< The man isn't very helpful, and the 
directions for install on the shell site don't work; the reg entry can't 
be imported and i'm unclear as to how to set values and labels. Any help 
would be _enormously_ appreciated.
TIA

-- 
Sincerely,
Jefry Sharp

Any day above ground is a good day.



From mwlucas at blackhelicopters.org  Fri Aug 19 22:16:01 2005
From: mwlucas at blackhelicopters.org (Michael W. Lucas)
Date: Fri Aug 19 22:16:23 2005
Subject: "official" WinPT site?
Message-ID: <20050819201601.GA77339@bewilderbeast.blackhelicopters.org>

Hi,

For a long time here's been a WinPT download at www.winpt.org, which
includes GnuPG.

As of April 4 there's a GnuPG-win32 download at www.g10code.de, which
includes WinPT.

Is one more "authoritative" than the other?  Where should people be
going for the One True WinPT?  I'm guessing that the new g10code.de
one will be better maintained, as they have all the outlgpg stuff as
well?  Any opinions?

Thanks,

==ml

-- 
Michael W. Lucas	mwlucas@FreeBSD.org, mwlucas@BlackHelicopters.org
		http://www.BlackHelicopters.org/~mwlucas/

"The cloak of anonymity protects me from the nuisance of caring." -Non Sequitur

From alon.barlev at gmail.com  Sat Aug 20 16:01:04 2005
From: alon.barlev at gmail.com (Alon Bar-Lev)
Date: Sat Aug 20 17:05:05 2005
Subject: PKCS#11 support for gpg-agent
Message-ID: <430737A0.8030808@gmail.com>


Hello,

Thank you for your reply!


>
> > PKCS#11 is a standard specifying how to access cryptographic token.
> > Must smartcard vendors provide PKCS#11 library that allow simple
> > smartcard integration with applications.
>
> For legal reasons you are anyway not allowed to use almost all of them
> with GPL software.  So it does not make any sense to support it.
>
I don't see any conflict between GPL and using PKCS#11 standard.

The disclaimer at http://www.rsasecurity.com/rsalabs/node.asp?id=2133 states

that you only need to specify the following in documentation: "RSA

Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki)"


Even if you would have written PKCS#11 implementation "RSA Laboratories

also makes no representations regarding intellectual property

coverage or ownership of the reference implementations."


RSA Laboratories does not provide precompiled libs... PKCS#11

is 3-4 include files and a PDF... (NO SOURCES)


gpg already uses S/MIME standard that is based on PKCS#7

standard... and this is based on PKCS#1, etc... etc..


Can you please tell me where the conflict is?
Since if there is none, I don't see any reason why every project
should implement its own standard of smartcard structure.

If there will be (In the future) GPLed smartcard, it should also
support PKCS#11 standard... So standard application will work...

> > Mozilla, Firefox, Thunderbird and now Java support PKCS#11 standard in
> > order to access cryptographic tokens, gives these software an edge in
> > smartcard integration.
>
> Writing a pkcs#11 module to connect Mozilla with GnuPG is possible and
> actually on my whish list.
>
I am glad... But I still think it should be supported in the core
agent... As primary

cryptographic device access.


> > But then I've seen that only proprietary smartcard tokens are supported
> > (directly) and ssh-agent... No standard way to access external
>
> Proprietary?  We use a card specification which is entirely open and
> may be implemented without fearing legal department actions.  There
> are not that many open specifications. (Don't say pkcs#15 - this is
> just a framework)
>
But your card specification which is entirely open is  specific to gpg...

I am calling this proprietary... You cannot use keys and certificates

that were enrolled for other application. This makes the use of gpg

and smartcard very difficult to manage.


I think gpg like other cryptographic software should allow the use

of pre-existing objects on the smartcard. As far as I know PKCS#11

is the most common, implemented, cross-platform, application API

specification exists.


And no... I don't say PKCS#15 since it too has the same limitations
as your implementation... It forces a format for the whole smartcard,

PKCS#11 is an API allowing the vendor to manage the smartcard format

independently of the software implementation.

>
> > I will be glad to discuses the need of implementing PKCS#11 support for
> > gpg-agent, and helping in the implementation process...
>
> Pretty easy to write, the interface of gpg-agent is documented.
> gpgsm and gpg are expample on how to use it.  gpg-connect-agent may
> even be used to script to this interface.
>
Yes, I figured this out...

But... I don't think that maintaining a separate branch for

it is a good idea...

Most of the code will be the same as gpg-agent... So it will

be very difficult to synchronize the two.


Had gpg-agent been extended so that modules

can be plugged into it, it would have been a good idea.


Had such extension been implemented... I suggest it would

have been implemented using PKCS#11 :-) So that you can

use software token to store the keys, PKCS#11-ssh bridge,

Smartcard access, etc...


Can you please reconsider the PKCS#11 support, without

a new agent branch?


Best Regards,

Alon Bar-Lev.



From dshaw at jabberwocky.com  Sun Aug 21 04:31:39 2005
From: dshaw at jabberwocky.com (David Shaw)
Date: Sun Aug 21 04:32:25 2005
Subject: GPG 1.4.2 errors
In-Reply-To: <43007B1C.4030800@gmail.com>
References: 
	<43007B1C.4030800@gmail.com>
Message-ID: <20050821023139.GF6298@jabberwocky.com>

On Mon, Aug 15, 2005 at 08:53:08PM +0930, Alphax wrote:
> I imported the key with GPG 1.4.2 with:
> 
> import-options repair-pks-subkey-bug import-clean-sigs import-clean-uids
> 
> set in gpg.conf and it gave the "assuming bad signature" thing, then
> carried on as normal. Re-importing it through GPGshell cleaned 2
> signatures, but re-importing through gpg on the command line added the
> sigs again. Even re-importing using:
> 
> gpg --import-options repair-pks-subkey-bug --import-options
> import-clean-sigs --import-options import-clean-uids --recv-keys 0xE0BB4BCD
> 
> on the command line re-added the signatures, but --edit-key clean
> removed them again.
> 
> This definately seems like a bug. Fortunately, my keyring didn't bork
> itself...

No, it's not a bug.  You didn't set the right option.  If you want to
clean keys on --import you set --import-options.  If you want to clean
keys on keyserver recv, you set --keyserver-options.

David

From johnmoore3rd at joimail.com  Sun Aug 21 06:24:49 2005
From: johnmoore3rd at joimail.com (John W. Moore III)
Date: Sun Aug 21 06:25:19 2005
Subject: Sad News, I'm Afraid....
Message-ID: <43080211.7020203@joimail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

On August 1st...Maxine Brandt died in Hospital.  The COD was a chronic
lung infection.  Below I am including the Post I placed on PGPNET, in
addition to some comments included to other folks.

***********************************************************************
 Maxine was the 2nd PGP contact I ever made and at the time of her
passing was the Very Best On-Line Friend I've ever had.  She "demanded"
that I switch to Foxfire & Thunderbird. (of course, She always said that
if Mozilla ever caved in and allowed T-Bird to archive decrypted mail,
She'd drop it and never trust it again.)  When I wanted to "try" GPG she
steered me to Nullify and told me to "Stay There until another Nullify
version is released!"  Yet, whenever another build of GPG came along she
patiently walked me through installing it and getting it working.  Below
is the Post to PGPNET.....
*************************************************************************



She was a Journalist for RFO based in Tahiti.  She loved working on
stories about Government corruption.  She broke the story about the 800+
gov't employees receiving Direct Deposit paychecks to a Bank in the
Caymen Islands.  Trouble was, no one could actually "lay hands" on any
of them.  Caused a topple of the local Government in Tahiti that
actually resulted in "the People" occupying the President's House while
he was in Paris trying to "explain things."

The lung condition was the result of something toxic she breathed while
covering a story several years ago.  After the story broke in Tahiti she
was transfered to London (I actually met her as She passed through
Atlanta), but due to the weather, had much trouble breathing so
requested re-assignment back to either Tahiti or New Zealand.  She got
Tahiti; and I learned how to "cuss" in French as she described "passing
her things" in a plane while they were traveling by ship in the other
direction.

She mailed me a huge box of software to forward for her, but being lazy
I was able to send it right back to her.  Of course I kept the CD's she
earmarked for me, that's how I managed to upgrade to M$ 2000 Pro from
98se at no cost.  I am also in love with the gift of Executive
Diskkeeper Pro 9....automatic defragging whenever it is needed.  I was
in the middle of learning how to compile GPG Binaries when my old PC
failed.  Once I have time/energy to parse my old HD (now a slave on this
PC) for the saved emails and "tools" I hope to continue learning on my
own.  I still have a long list of questions I was gonna ask her once I
got back on-line.  S*** Happens!

****************************************************************************

She did once tell me that she found "Rites of Death" very depressing and
when Her time came....she hoped that all of her friends would get
together for a fantastic Chineese Banquet followed by all night drinking
& dancing.

JOHN
Timestamp: Sun 21 August 2005, 12:24 AM --400 (Eastern Daylight Time)








-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Public Key at:  http://tinyurl.com/5ztc6
Comment: Gossamer Spider Web of Trust: http://www.gswot.org
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDCAIOnCmZhrerneURA8qnAJ0fpZhv/qBibNjIwF0oBpPIMbmBTQCgrOqk
R8WAYcEfq3qbQE68n4i2XlI=
=SO1n
-----END PGP SIGNATURE-----

From vedaal at hush.com  Sun Aug 21 06:50:15 2005
From: vedaal at hush.com (vedaal@hush.com)
Date: Sun Aug 21 06:50:34 2005
Subject: sad news //  Maxine Brandt  //  request
Message-ID: <200508210450.j7L4oJbb098723@mailserver2.hushmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Maxine Brandt, who you may know of from her work on Gpg-2-Go,
has departed this world in the beginning of August

those close to her did not have time to post to the public
until a few days ago

her site is still up:
http://www.torduninja.tk/
and current with gnupg 1.4.2

she was a journalist who worked with people who needed to
use gnupg without having it installed, or using it,
and put together a very useful 'gpg-2-go'
that could fit on a floppy, 
and when on a usb drive, could fit
with all the documentation and keyserver functions that gnupg full 
editions have

i believe that she would have wanted it to be continued
and maintained,
and a most fitting and dignified way,
would be to have it in some way, as part of the gnupg homepage...

have communicated with page's co-author John W. Moore III
who agreed that she would have wanted this

her page has the GPL copyright

John and i, and whoever else maight be interested, are willing to 
update it with newer editions of gnupg as they are available,
and also with winpt when available as registry-read-only

if, for whatevwer reason,
it is not feasible to incorporate her page into gnupg's home page
[ even as 'text-only without the pretty swordwoman ;-) ]

then John and i, would like to request a 'link'
to her current site,
and eventually, to a new page that it would be transferred to, when 

her site goes down becuase she could not renew payment

tia,

vedaal
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Acts of Kindness better the World, and protect the Soul

iQIVAwUBQwgHb6yhY/YEre4gAQjtBRAAt8mKNI311HZi4p+ek+z/WnLSuTsE+2Id
0GhVywqNYYTm0BH/kcYYfoJ4pluNDjV+COkgutpe2u7xfUd10Wt5KBMs/q/gfy2w
dDFY5oHYVuZLyPI64nDQyeIL/LU+mKCuxcYiFSsGub3Pg5stxTIx7OQvqUgArY42
nxOKl3eUdymqM95ppxrAPjknDiIunzfV4xZaYhbcWtiBHBvsHfoxfDCdZpbMs98n
NNftcPi4Bdk3ax77VpEMHJ1LA0n8nNrQVlpUhGM+DEW88g2DOh3Awxu+BNCMThYu
iqCsNO5FFDXbYTKXwoLOEyY2F0GmCAsooFZjpRldqMUvsHr2y2Sh+obAoySnpQai
lpFow/K6DutuBDXLi3N9BLftNl6L0+XX7PgTPkvrYEy3c/nhjJQgt9pg4zHeiMjT
mWSKv2TQLrVsm2oECmHYkOyuEWbZ9jmzM6c8ronHHVsadkTSWbFi/3PbQQIxZT66
LileAchguheVbOE24ZRsZR3a4/EhwCrLBpdzByvjhgEIFvE37fqZmBeMUQLd7vdC
QruFEYkuFUafm/i09wbHMEfwg4OSZXEK3dMdd58xEw3joizyxBfpr1pxoZO2/8Fq
e1xVVShkCZRb+eqr0ucWqkm/YIJ7HONTr9XMNsF31i8S/lTvTLif8hBwj8X+ui94
6qU7NJag8EKJARUDBQFDCAdvagWgt4UwbSUBCO0FB/9g8uI04DMwvzH5rb4dGkml
b+grDDB0luTZZRH6y9GgMigqQcupCa8wn74CvKsIKAKlhdH2rabOnrdVfXL/NTxb
OH2DlKDdije6CfxFGzoOVGA6CKz5DpoHTufi8IgmaYhrngXZputovUU1U8/PcWMe
7jKBo8gjP1+JLoI0xLXPR6Movf3pcBMULzfrS+QrJSNcFFdNxW2cl6u6RkaVkisW
wHPVVWaSKZ5Sh5JZHu45Y2p8evL7L6RwPcy0GPAuISGeUMh2JTW3DLxIFTMlLLp6
QOtLmiIeNj6pnaCmOvPaIYV25vgolUj2rFEBzmlE/xNAUc1CoXN0OI8Wnfvy2OJT
=NCY0
-----END PGP SIGNATURE-----

if bad sig, it's that i can't figure out clearsigning+hushmail




Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program: 
http://www.hushmail.com/about-affiliate?l=427


From thecivvie at fastmail.fm  Sun Aug 21 09:37:41 2005
From: thecivvie at fastmail.fm (Sean Rima)
Date: Sun Aug 21 09:38:01 2005
Subject: Sharing private.pub key and rings between two boxes
Message-ID: <1453536118.20050821083741@fastmail.fm>

Hello gnupg,

  I use GnuPG mainly on my Linux box but I also want to use it on my
  XP box, is there anyway to share the keys safely between the both

Sean
-- 
+---------------------------------------------------+
|VOIP= FreeWorldDial: 689482 VOIPBUSTER: thecivvie  |
|GPG Key http://thecivvie.fastmail.fm/thecivvie.asc |
+---------------------------------------------------+
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1798 bytes
Desc: S/MIME Cryptographic Signature
Url : /pipermail/attachments/20050821/c888abbc/smime.bin
From twoaday at gmx.net  Sun Aug 21 11:30:20 2005
From: twoaday at gmx.net (Timo Schulz)
Date: Sun Aug 21 11:47:35 2005
Subject: "official" WinPT site?
In-Reply-To: <20050819201601.GA77339@bewilderbeast.blackhelicopters.org>
References: <20050819201601.GA77339@bewilderbeast.blackhelicopters.org>
Message-ID: <430849AC.5060606@gmx.net>

Michael W. Lucas wrote:

> For a long time here's been a WinPT download at www.winpt.org, which
> includes GnuPG.
> 
> As of April 4 there's a GnuPG-win32 download at www.g10code.de, which
> includes WinPT.
> 
> Is one more "authoritative" than the other?  Where should people be
> going for the One True WinPT?  I'm guessing that the new g10code.de
> one will be better maintained, as they have all the outlgpg stuff as
> well?  Any opinions?

It is right that g10 Code offers commercial support for available
GPG based products (and also to write new programs) but it is _not_
the primary site for winpt.

The primary site is (and will be for the next time) http://www.winpt.org


Where you download WinPT does not matter since you can check the 
signature and see that it is really issued by me.

But the official binary will be offered at winpt.org and the same
with the soruces.


	Timo




From blueness at gmx.net  Sun Aug 21 14:49:59 2005
From: blueness at gmx.net (Mica Mijatovic)
Date: Sun Aug 21 15:56:17 2005
Subject: Sharing private.pub key and rings between two boxes
In-Reply-To: <1453536118.20050821083741@fastmail.fm>
References: <1453536118.20050821083741@fastmail.fm>
Message-ID: <916849254.20050821144959@gmx.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

    Was Sun, 21 Aug 2005, at 08:37:41 +0100,
    when Sean wrote:

> I use GnuPG mainly on my Linux box but I also want to use it on my XP
> box, is there anyway to share the keys safely between the both

There is, yes, but it would help if you would be more specific, as to
that what you exactly want, so a more specific answer would be possible.
If you want to _share_ the same key ring(s) between these two OSs, these
keys might be placed e.g. on an independent/separate partition which
could be read by both OSs. This way both versions of GPG installed on
Linux and XP(ee?) could "ask" (`gimmiekey') for the keys from their
respective OSs. This was the way I was practising for a short while,
wishing to have only one place where I would keep my keys to share them
between several OSs and their respective GnuPG installations. This is
one of examples:


      hda 9                                    hda6 (E:/)
      _____                                    __
      Linux                                    XP (some Win file system)
      *****                                    **
      \GnuPG/                                  \GnuPG win32/
       |                                               |
       |                                               |
       |                hda17                          |
       |                _________________              |
       |                some WIN/DOS|vfat file         |
       |                system since Win               |
       |                cannot read Linux              |
       |                *****************              |
       |                                               |
       \-gimmiekey-->   \key ring(s)/   <----gimmiekey-/


So, you just in your GnuPG configuration files point to the path where
the keys are.

You also might have the keys even on a diskette, or some similar
"removable" "data keeper", setting/sicking the GnuPGs on the floppy, or
other sort of a, drive. This is even better/safer.

Another way is to keep the keys on this XP's GnuPG installation,
configuring Linux's GnuPG installation to "evoke" them from XP
(providing that the Linux's kernel can read NTFileSsystem; if not, you
would have to vamp up a bit the kernel adding the feature to read/seduce
this NTFS too). Etc.

Have I got what you meant, Sean?


                                  ***

  And while we are already on/into it, I myself could ask someone for a
 little help too... Namely, now I keep my keys on a small(er) encrypted
        PGP container, which can fit a 1.44 floppy, for the use with my
  respected Win{d|bl}ows OSs. For my Linuxes (Gentoo and Vector) I keep
   the keys on a diskette with ext2 file system. Now, what I would love
 best is to have an _encrypted_ partition/"container" which I could use
  from both OSs, and to place my keys in there. Is that possible and if
     yes how? I couldn't catch more time to devise/monkey out something
               better than the above said and am thankful for any hints.

- --
Mica
PGP keys nestled at: http://bardo.port5.com/pgpkeys/
~~~ For PM please use my address as it is *exactly* given in my
                  "From|Reply To" field(s). ~~~
-----BEGIN PGP SIGNATURE-----

iD8DBQFDCHh29q62QPd3XuIRA6FsAJ4/8xa0dwawwtjSjywCj9Oo8JRtwQCfZn4i
5oKssUMSs2TJsDR25wrNla4=
=dTLe
-----END PGP SIGNATURE-----


From johanw at vulcan.xs4all.nl  Sun Aug 21 12:19:12 2005
From: johanw at vulcan.xs4all.nl (Johan Wevers)
Date: Sun Aug 21 16:42:59 2005
Subject: Sharing private.pub key and rings between two boxes
In-Reply-To: <1453536118.20050821083741@fastmail.fm>
Message-ID: <200508211019.j7LAJCVM001821@vulcan.xs4all.nl>

Sean Rima wrote:

>  I use GnuPG mainly on my Linux box but I also want to use it on my
>  XP box, is there anyway to share the keys safely between the both

Yes, you can just copy the keyring files between the 2 systems. Assuming
you don't do independent updates on both systems, that is. Otherwise the
usual synchronization issues might arise and you'd have to import/export
separate keys manually.

-- 
ir. J.C.A. Wevers         //  Physics and science fiction site:
johanw@vulcan.xs4all.nl   //  http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

From tatyanasutina at discoverfinancial.com  Sun Aug 21 16:03:21 2005
From: tatyanasutina at discoverfinancial.com (tatyanasutina@discoverfinancial.com)
Date: Sun Aug 21 16:52:05 2005
Subject: Tatyana Sutina/tsutina/DFSI is out of the office.
Message-ID: 

I will be out of the office starting  08/18/2005 and will not return until
08/22/2005.

I will respond to your message when I return.



From dvgevers at xs4all.nl  Sun Aug 21 17:06:28 2005
From: dvgevers at xs4all.nl (Dick Gevers)
Date: Sun Aug 21 17:44:02 2005
Subject: Sad News, I'm Afraid....
In-Reply-To: <43080211.7020203@joimail.com>
References: <43080211.7020203@joimail.com>
Message-ID: <20050821150628.2845a9d3.dvgevers@xs4all.nl>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, 21 Aug 2005 00:24:49 -0400, John W. Moore III wrote about Sad News,
I'm Afraid....:

>On August 1st...Maxine Brandt died in Hospital.  The COD was a chronic
>lung infection.  Below I am including the Post I placed on PGPNET, in
>addition to some comments included to other folks.

It is very sad to hear this. A long time ago we exchanged a dozen or two
e-mails that were quite personal. I appreciated her great courage and
knowledge.

My sympathies go to those close to her. I shall not forget her.

=Dick Gevers=
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Encryption is an envelope - the contents are private.

iD8DBQFDCJhhDxfV9OHLvssRAtH7AJ9MSkGnboAYIvBY+I0ce8yfBu3ZtwCfQkLT
/CDNtQvP0zwhDXOADSQYZC0=
=0DYG
-----END PGP SIGNATURE-----

From jefrys at comcast.net  Sun Aug 21 19:36:56 2005
From: jefrys at comcast.net (Jefry Sharp)
Date: Sun Aug 21 19:38:35 2005
Subject: Maxine
Message-ID: <4308BBB8.4020307@comcast.net>

I had only one or two opportunities to communicate with Maxine, but she 
was eager to help me, a complete stranger, with some newbie setup 
issues. She laughed with me as i struggled and made life much easier, 
seemingly as a matter of course. My heart goes out to friends and 
family. With the little contact i've had with her i know that she will 
be much missed, and that the world is a poorer place for her departure.

-- 
Sincerely,
Jefry Sharp

Any day above ground is a good day.



From thecivvie at fastmail.fm  Sun Aug 21 21:09:34 2005
From: thecivvie at fastmail.fm (Sean Rima)
Date: Sun Aug 21 21:09:56 2005
Subject: Sharing private.pub key and rings between two boxes
In-Reply-To: <916849254.20050821144959@gmx.net>
References: <1453536118.20050821083741@fastmail.fm>
	<916849254.20050821144959@gmx.net>
Message-ID: <561735150.20050821200934@fastmail.fm>

Hello Mica,

Sunday, August 21, 2005, 1:49:59 PM, you wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160

>     Was Sun, 21 Aug 2005, at 08:37:41 +0100,
>     when Sean wrote:

>> I use GnuPG mainly on my Linux box but I also want to use it on my XP
>> box, is there anyway to share the keys safely between the both

> There is, yes, but it would help if you would be more specific, as to
> that what you exactly want, so a more specific answer would be possible.
> If you want to _share_ the same key ring(s) between these two OSs, these
> keys might be placed e.g. on an independent/separate partition which
> could be read by both OSs. This way both versions of GPG installed on
> Linux and XP(ee?) could "ask" (`gimmiekey') for the keys from their
> respective OSs. This was the way I was practising for a short while,
> wishing to have only one place where I would keep my keys to share them
> between several OSs and their respective GnuPG installations. This is
> one of examples:


Yes, I could have explained it better, basically, the two computers
need to share the same files. I have read the message below :)

> You also might have the keys even on a diskette, or some similar
> "removable" "data keeper", setting/sicking the GnuPGs on the floppy, or
> other sort of a, drive. This is even better/safer.


Actuallu this is the best idea, that way I can keep a couple of
backups of the pubring a secure backup of the secring files

Sean
-- 
+---------------------------------------------------+
|VOIP= FreeWorldDial: 689482 VOIPBUSTER: thecivvie  |
|GPG Key http://thecivvie.fastmail.fm/thecivvie.asc |
+---------------------------------------------------+
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 183 bytes
Desc: not available
Url : /pipermail/attachments/20050821/266c8ea7/attachment.pgp
From oskar at rbgi.net  Sun Aug 21 23:25:50 2005
From: oskar at rbgi.net (Oskar L.)
Date: Sun Aug 21 23:26:40 2005
Subject: Filename for digests
In-Reply-To: <20050722233352.GA13508@jabberwocky.com>
References: <20050722163220.GC12845@jabberwocky.com><2527.213.169.2.124.1122068033.squirrel@mail.rbgi.net>
	<20050722233352.GA13508@jabberwocky.com>
Message-ID: <2674.213.169.30.117.1124659550.squirrel@mail.rbgi.net>

> On Sat, Jul 23, 2005 at 03:33:53AM +0000, Oskar L. wrote:
>> > Red Hat and others use a filename of "MD5SUM", which is a clearsigned
>> > file containing the human readable MD5 hashes.  I like your CHECKSUMS
>> > idea better since MD5 isn't the way to go any longer.
>>
>> Naming a file containing hashes CHECKSUMS would not be a good idea,
>> since
>> a hash is not the same as a checksum.
>
> Sure they are.  Or rather, a hash makes a very effective checksum, and
> that's how we're talking about using them, as a redundancy check.
> Where do you think the "sum" from md5sum/sha1sum/etc comes from?
>
> David

I'm afraid I have to disagree. From Wikipedia:

"Simple redundancy checks are known as checksums. They include parity
bits, check digits, and longitudinal redundancy check. Other types of
redundancy check include cyclic redundancy check, horizontal redundancy
check, vertical redundancy check, and cryptographic message digest."

"Checksums and Cyclic redundancy checks (CRCs) are quite distinct from
cryptographic hash functions, and are used for different applications. If
used for security, they are vulnerable to attack; for example, a CRC was
used for message integrity in the WEP encryption standard, but an attack
was readily discovered which exploited the linearity of the checksum
specified."

Wikipedia: Redundancy check
http://en.wikipedia.org/wiki/Redundancy_check

Wikipedia: Checksum
http://en.wikipedia.org/wiki/Checksum

Wikipedia: Hash function
http://en.wikipedia.org/wiki/Hash_function

Wikipedia: Cryptographic hash function
http://en.wikipedia.org/wiki/Cryptographic_hash_function

Oskar

From blueness at gmx.net  Mon Aug 22 00:45:54 2005
From: blueness at gmx.net (Mica Mijatovic)
Date: Mon Aug 22 00:50:40 2005
Subject: Sharing private.pub key and rings between two boxes
In-Reply-To: <561735150.20050821200934@fastmail.fm>
References: <1453536118.20050821083741@fastmail.fm>
	<916849254.20050821144959@gmx.net>
	<561735150.20050821200934@fastmail.fm>
Message-ID: <1412457727.20050822004554@gmx.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

    Was Sun, 21 Aug 2005, at 20:09:34 +0100,
    when Sean wrote:

> I have read the message below :)

Hehehe... Okay, it's good for you. (:

- --
Mica
PGP keys nestled at: http://bardo.port5.com/pgpkeys/
~~~ For PM please use my address as it is *exactly* given in my
                  "From|Reply To" field(s). ~~~
-----BEGIN PGP SIGNATURE-----

iD8DBQFDCQQh9q62QPd3XuIRA4XwAJ9/EzVruwBP4edUDQu6u92nZTBwNACcD5m/
wU88nfwbc2CcSUVpzLIq8PA=
=hl9n
-----END PGP SIGNATURE-----


From thecivvie at fastmail.fm  Mon Aug 22 00:54:42 2005
From: thecivvie at fastmail.fm (Sean Rima)
Date: Mon Aug 22 00:55:03 2005
Subject: Sharing private.pub key and rings between two boxes
In-Reply-To: <1412457727.20050822004554@gmx.net>
References: <1453536118.20050821083741@fastmail.fm>
	<916849254.20050821144959@gmx.net>
	<561735150.20050821200934@fastmail.fm>
	<1412457727.20050822004554@gmx.net>
Message-ID: <657411522.20050821235442@fastmail.fm>

Hello Mica,

Sunday, August 21, 2005, 11:45:54 PM, you wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160

>     Was Sun, 21 Aug 2005, at 20:09:34 +0100,
>     when Sean wrote:

>> I have read the message below :)

> Hehehe... Okay, it's good for you. (:


Learning every day :)

Sean
-- 
+---------------------------------------------------+
|VOIP= FreeWorldDial: 689482 VOIPBUSTER: thecivvie  |
|GPG Key http://thecivvie.fastmail.fm/thecivvie.asc |
+---------------------------------------------------+
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1798 bytes
Desc: S/MIME Cryptographic Signature
Url : /pipermail/attachments/20050821/fa9cf725/smime.bin
From jharris at widomaker.com  Mon Aug 22 02:22:43 2005
From: jharris at widomaker.com (Jason Harris)
Date: Mon Aug 22 02:23:25 2005
Subject: new (2005-08-21) keyanalyze results (+sigcheck)
Message-ID: <20050822002243.GO358@wilma.widomaker.com>


New keyanalyze results are available at:

  http://keyserver.kjsl.com/~jharris/ka/2005-08-21/

Signatures are now being checked using keyanalyze+sigcheck:

  http://dtype.org/~aaronl/

Earlier reports are also available, for comparison:

  http://keyserver.kjsl.com/~jharris/ka/

Even earlier monthly reports are at:

  http://dtype.org/keyanalyze/

SHA-1 hashes and sizes for all the "permanent" files:

11a84477ea1767d5571a1174bbe5da38afce6431        12835404        preprocess.keys
cab4bc824be2eff90aa7f308bde32263d741144f        7852806 othersets.txt
2c26174913fd87b1e1066153860b6f36a3e88c25        3176518 msd-sorted.txt

a751f9d5477744a4f5e5ce6ebad6a60908e317ee        1372    index.html
743a69b145d77960306201b3d9b86860531ea96d        2291    keyring_stats
989e7452aef79216f49218d34146003241e92752        1248130 msd-sorted.txt.bz2
257464118ffc561de82b0990a0f6a226b1688767        26      other.txt
b5bc4f5ba038a4d012489e71688622d1a8c355bc        1691928 othersets.txt.bz2
103468b10918b291057e5e197015db2d2c101e91        5190971 preprocess.keys.bz2
2c6e0e15f32a7e15280ab5d3a5fc9330a62b9d65        13259   status.txt
8811a1ca6eb8dddb59d6fe602a73be362c24bdbe        210298  top1000table.html
d360f72be6186cbd44f0742793ff992e26cb7c2e        30253   top1000table.html.gz
9e3e836b381fecfa38946c36cbf50a0e6f724136        10789   top50table.html
a79f628ea931b2a47270ab827ec9e20dc9516205        2534    D3/D39DA0E3

-- 
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
jharris@widomaker.com _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 313 bytes
Desc: not available
Url : /pipermail/attachments/20050821/bb380ae9/attachment-0001.pgp
From tech at commport.org  Mon Aug 22 07:04:44 2005
From: tech at commport.org (Mike Martin)
Date: Mon Aug 22 07:42:30 2005
Subject: Thank You Maxine: For being a great person!
Message-ID: <43095CEC.8080802@commport.org>

Dear Maxine,

Thank you for being such a great person. I will not forget you!

God Bless,

-mm

P.S. I have it on good authority that all the good wishes are being
auto-forwarded to her "new" email address "over there!" :)


From pmehta.net at gmail.com  Tue Aug 23 04:20:50 2005
From: pmehta.net at gmail.com (Parag Mehta)
Date: Tue Aug 23 04:21:30 2005
Subject: gnupg 1.4.2 import time errors
Message-ID: 

can some one help me understand this. why do i get this on every new
release of gnupg that i start using when a new release is available. is
there way to fix this permanently ?

gpg: algorithms on these user IDs:
gpg:          "Parag Mehta ": preference for cipher
algorithm 1
gpg:          "Parag Mehta ": preference for cipher
algorithm 0
gpg:          "Parag Mehta ": preference for cipher
algorithm 0
gpg:          "Parag Mehta ": preference for cipher
algorithm 0
gpg:          "Parag Mehta ": preference for cipher
algorithm 0
gpg:          "Parag Mehta ": preference for cipher
algorithm 0
gpg:          "Parag Mehta ": preference for cipher
algorithm 0
gpg:          "Parag Mehta ": preference for cipher
algorithm 0
gpg:          "Parag Mehta ": preference for cipher
algorithm 0
gpg:          "Parag Mehta ": preference for cipher
algorithm 0
gpg: it is strongly suggested that you update your preferences and
gpg: re-distribute this key to avoid potential algorithm mismatch problems

From dshaw at jabberwocky.com  Tue Aug 23 05:30:31 2005
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue Aug 23 05:31:19 2005
Subject: gnupg 1.4.2 import time errors
In-Reply-To: 
References: 
Message-ID: <20050823033031.GA14219@jabberwocky.com>

On Mon, Aug 22, 2005 at 07:20:50PM -0700, Parag Mehta wrote:
> can some one help me understand this. why do i get this on every new
> release of gnupg that i start using when a new release is available. is
> there way to fix this permanently ?
> 
> gpg: algorithms on these user IDs:
> gpg:          "Parag Mehta ": preference for cipher
> algorithm 1
> gpg:          "Parag Mehta ": preference for cipher
> algorithm 0
> gpg:          "Parag Mehta ": preference for cipher
> algorithm 0
> gpg:          "Parag Mehta ": preference for cipher
> algorithm 0
> gpg:          "Parag Mehta ": preference for cipher
> algorithm 0
> gpg:          "Parag Mehta ": preference for cipher
> algorithm 0
> gpg:          "Parag Mehta ": preference for cipher
> algorithm 0
> gpg:          "Parag Mehta ": preference for cipher
> algorithm 0
> gpg:          "Parag Mehta ": preference for cipher
> algorithm 0
> gpg:          "Parag Mehta ": preference for cipher
> algorithm 0
> gpg: it is strongly suggested that you update your preferences and
> gpg: re-distribute this key to avoid potential algorithm mismatch problems

Do:

  gpg --edit pmehta@pmehta.com
  setpref
  save

Then send the key to the keyservers again.

However, it is interesting to note that your key is slightly corrupt
(there is no cipher algorithm 0, though your key has it set as a
preference).  Did you edit your preferences at one point?  And if so,
what program did you use?

David

From psychonaut at nothingisreal.com  Tue Aug 23 08:40:36 2005
From: psychonaut at nothingisreal.com (Tristan Miller)
Date: Tue Aug 23 09:03:58 2005
Subject: gpg-agent doesn't remember passphrase
References: <2003596.PEJsFSjTCn@ID-187157.News.Individual.NET>
	<87fyt9f1bv.fsf__49636.1521458768$1124269173$gmane$org@wheatstone.g10code.de>
Message-ID: <2424109.ePaMWsCUJT@ID-187157.News.Individual.NET>

Greetings.

In article
<87fyt9f1bv.fsf__49636.1521458768$1124269173$gmane$org@wheatstone.g10code.de>,
Werner Koch wrote:

> On Sat, 13 Aug 2005 22:49:27 +0200, Tristan Miller said:
> 
>> gpg-1.4.0-4
>> gpgme-1.0.2-3
>> pinentry-0.7.1-4
>> libksba-0.9.10-3
> 
> and the version of gpg-agent is ... ?
> 
> "gpg-agent --version"

[psy@port-3108:~]$ gpg-agent --version
gpg-agent (GnuPG) 1.9.14
Copyright (C) 2004 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
[psy@port-3108:~]$ 

Regards,
Tristan

-- 
   _
  _V.-o  Tristan Miller [en,(fr,de,ia)]  ><  Space is limited
 / |`-'  -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=  <>  In a haiku, so it's hard
(7_\\    http://www.nothingisreal.com/   ><  To finish what you


From johnmoore3rd at joimail.com  Tue Aug 23 16:14:07 2005
From: johnmoore3rd at joimail.com (John W. Moore III)
Date: Tue Aug 23 16:14:25 2005
Subject: Need German Translation, Please!
Message-ID: <430B2F2F.6010802@joimail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

There is a Thunderbird Extension offered at:
http://www.thunderbird-mail.de/

However, being nowhere fluent in German (I can only ask for a Beer,
Woman and the Men's Room) I haven't a clue as to whether or not this
would be a practical extension for installation on a USA based XP PC.

Any assistance would be appreciated.

JOHN :)
Timestamp: Tue 23 August 2005, 10:13 AM --400 (Eastern Daylight Time)

- --
My Website:  http://home.joimail.com/~johnmoore3rd/
Gossamer Spider Web of Trust:  http://www.gswot.org
Open PGP Key:  http://tinyurl.com/5ztc6

Encrypted Email is a Courtesy & Appreciated!!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Public Key at:  http://tinyurl.com/5ztc6
Comment: Gossamer Spider Web of Trust: http://www.gswot.org
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iEYEAREDAAYFAkMLLy0ACgkQnCmZhrerneUfSQCg+DEB0Vmxb7AqscIS8jsDeDaK
CkoAnjORzprX2BCCzX8SQbO67nN3bN7e
=TKxP
-----END PGP SIGNATURE-----

From shavital at mac.com  Tue Aug 23 19:19:37 2005
From: shavital at mac.com (Charly Avital)
Date: Tue Aug 23 19:19:57 2005
Subject: Need German Translation, Please!
In-Reply-To: <430B2F2F.6010802@joimail.com>
References: <430B2F2F.6010802@joimail.com>
Message-ID: <430B5AA9.3090407@mac.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Maybe this could help:



Charly


John W. Moore III wrote the following on 8/23/05 10:14 AM:
| There is a Thunderbird Extension offered at:
| http://www.thunderbird-mail.de/
|
| However, being nowhere fluent in German (I can only ask for a Beer,
| Woman and the Men's Room) I haven't a clue as to whether or not this
| would be a practical extension for installation on a USA based XP PC.
|
| Any assistance would be appreciated.
|
| JOHN :)
| Timestamp: Tue 23 August 2005, 10:13 AM --400 (Eastern Daylight Time)
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)
Comment: GnuPG for Privacy
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iQIVAwUBQwtapW69XHxycyfPAQiuyxAAgZwLKTdCxz+Bo20offlvLyWMmYGwvN32
xpm2W2I0REwP/r7iTrZucXMNzDOhnCGU7uUNU6i4pE7MqTvNpPF4+KJBe7qmecEh
fu/TnmZG2vBME/vsKjm/JGA2KiGOyaATfoJBiy4iA3oL6BpRuzBZpPmdGW6qRc0R
5F3qWiCBx0WdBU+yblaPkGqufEB9/F6xWeWEpZDslPaBJ5RSmEnkQbYjuW1Rgu9E
Shuy0BGBttK5L4pN4IADKMKQeZAidWHqd3+cyrXzfuF7KFcny7gF3JvwJEliNKHF
CfwFRk7H844M9xQkvRi3us5Vjm9GudeS8hBao63GC/hJeWFTMBEUb+kcqnMsMr/H
Hzm3FQ34piSwPQdKtjLl+3Kk5p33H7D4+DBGBwKMallZguUQJ0epfBVaSfhCdl0l
QdITikN/c591z4z2TbaD7SkymeVaQZ/MLf0AdCMNKts/ki4Stw16cizLr7kuw2hn
EfS1NCMOhOk6Qk0tVPYdrBmZVTC+/lcCi6Y8qBN9kpSGQhmLUQtSccXPB4dwXJ7p
WYz8W1Lf5VKi6I4Vf5PtkI1s9A07Xd8B06CvJFt4eTIQiI+QTcATnlk+2pJwo5MB
jaYGf9szpUSgDXqe2l2zuQwQxucnxcHSkAdjLp3hsfkaW87zo7v4CCbXSv0vCO3P
dWlkv2gIFR4=
=vPEf
-----END PGP SIGNATURE-----

From mail at mark-kirchner.de  Tue Aug 23 19:46:12 2005
From: mail at mark-kirchner.de (Mark Kirchner)
Date: Tue Aug 23 19:47:28 2005
Subject: Need German Translation, Please!
In-Reply-To: <430B2F2F.6010802@joimail.com>
References: <430B2F2F.6010802@joimail.com>
Message-ID: <8810317632.20050823194612@mark-kirchner.de>

On Tuesday, August 23, 2005, 4:14:07 PM, John wrote:
> There is a Thunderbird Extension offered at:
> http://www.thunderbird-mail.de/

No, that site is not about an extension, but about thunderbird itself
(a community project, not directly linked to the Mozilla Foundation).

There might be some links to extensions, for example on the frontpage
there is a link to a kind of extensions-portal (in German as well):
http://www.erweiterungen.de

Regards,
Mark Kirchner

-- 
_____________________________________________________________
Key (0x172C073C): http://www.mark-kirchner.de/keys/key-mk.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 183 bytes
Desc: not available
Url : /pipermail/attachments/20050823/db08e9cf/attachment.pgp
From Lance at TheHaverkamps.net  Tue Aug 23 23:19:57 2005
From: Lance at TheHaverkamps.net (Lance W. Haverkamp)
Date: Wed Aug 24 00:03:40 2005
Subject: How do I read this stuff?
Message-ID: <430B92FD.5020000@TheHaverkamps.net>

When I check the signatures on my key there are several indicators which
I can't find described anywhere:  Between the sig! and the key ID there
are 1,2 or 3 on the left & right; sometimes a P and/or N perhaps others
notations as well.  Where do I find a description of what each of these
mean?  How do I read this stuff?


Command> check

sig!3        561D5E6F 2004-09-01  [self-signature]
sig!       1 633F6D07 2004-12-17  Robert Golovniov
sig!1   P    C521097E 2004-10-23  Robot CA
sig!    P    65D0FD58 2004-11-12  [User ID not found]
sig!       1 3C4A1809 2004-12-08  GSWoT - Gossamer Spider Web of Trust

-- 
 


Thanks!

Lance W. Haverkamp
Lance@TheHaverkamps.net
Contact & encryption info:
http://thehaverkamps.net/?Lance:Contact_Me
 ><> ><> ><> ><> ><> ><>


From JPClizbe at comcast.net  Wed Aug 24 01:08:52 2005
From: JPClizbe at comcast.net (John Clizbe)
Date: Wed Aug 24 01:15:17 2005
Subject: How do I read this stuff?
In-Reply-To: <430B92FD.5020000@TheHaverkamps.net>
References: <430B92FD.5020000@TheHaverkamps.net>
Message-ID: <430BAC84.6050400@comcast.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Lance W. Haverkamp wrote:
> When I check the signatures on my key there are several indicators which
> I can't find described anywhere:  Between the sig! and the key ID there
> are 1,2 or 3 on the left & right; sometimes a P and/or N perhaps others
> notations as well.  Where do I find a description of what each of these
> mean?  How do I read this stuff?
> 
> 
> Command> check
> 
> sig!3        561D5E6F 2004-09-01  [self-signature]
> sig!       1 633F6D07 2004-12-17  Robert Golovniov
> sig!1   P    C521097E 2004-10-23  Robot CA
> sig!    P    65D0FD58 2004-11-12  [User ID not found]
> sig!       1 3C4A1809 2004-12-08  GSWoT - Gossamer Spider Web of Trust

- From the man page:

- --list-sigs [names]
          Same as --list-keys, but the signatures are listed too.

          For each signature listed, there are several flags in between
          the "sig" tag and keyid.  These flags give additional  infor-
          mation  about  each  signature.  From left to right, they are
          the numbers 1-3 for certificate check level (see  --ask-cert-
          level),  "L"  for  a  local  or non-exportable signature (see
          --lsign-key), "R"  for  a  nonRevocable  signature  (see  the
          --edit-key  command  "nrsign"), "P" for a signature that con-
          tains a policy URL (see --cert-policy-url), "N" for a  signa-
          ture  that contains a notation (see --cert-notation), "X" for
          an eXpired signature (see --ask-cert-expire), and the numbers
          1-9  or  "T"  for  10  and  above to indicate trust signature
          levels (see the --edit-key command "tsign").

- --check-sigs [names]
          Same as --list-sigs, but the signatures are verified.

- --
John P. Clizbe                      Inet:   John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A
"what's the key to success?"        / "two words: good decisions."
"what's the key to good decisions?" /  "one word: experience."
"how do i get experience?"          / "two words: bad decisions."

"Just how do the residents of Haiku, Hawai'i hold conversations?"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3-cvs-2005-08-14 (Windows 2000 SP4)
Comment: When cryptography is outlawed, b25seSBvdXRsYXdzIHdpbGwgdXNlIG
Comment: Be part of the ?33t ECHELON -- Use Strong Encryption.
Comment: It's YOUR right - for the time being.
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDC6yDHQSsSmCNKhARAuvZAJ0V9ZoylJOuluBQe5lotG/GjAk83wCg0Qju
LyhY387mXyLkUghpg2gYWOY=
=puHm
-----END PGP SIGNATURE-----

From b.buerger at penguin.de  Tue Aug 23 19:46:22 2005
From: b.buerger at penguin.de (Bjoern Buerger)
Date: Wed Aug 24 04:58:45 2005
Subject: Need German Translation, Please!
In-Reply-To: <430B2F2F.6010802@joimail.com>
References: <430B2F2F.6010802@joimail.com>
Message-ID: <20050823174622.GB1602@penguin.de>

Am Di, 23 Aug 2005 schrieb John W. Moore III:
> There is a Thunderbird Extension offered at:
> http://www.thunderbird-mail.de/

No, this site is only the german translation project for thunderbird 
and its extensions. Their goal is to provide a localized Interface for 
german users. 

Greetings, 
Bj?rn

-- 
There ist no place like ~/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 253 bytes
Desc: Digital signature
Url : /pipermail/attachments/20050823/8e402174/attachment.pgp
From psychonaut at nothingisreal.com  Wed Aug 17 11:26:37 2005
From: psychonaut at nothingisreal.com (Tristan Miller)
Date: Wed Aug 24 11:03:52 2005
Subject: gpg-agent doesn't remember passphrase
In-Reply-To: <87fyt9f1bv.fsf@wheatstone.g10code.de>
References: <2003596.PEJsFSjTCn@ID-187157.News.Individual.NET>
	<87fyt9f1bv.fsf@wheatstone.g10code.de>
Message-ID: <200508171126.39552.psychonaut@nothingisreal.com>

Greetings.

On Wednesday 17 August 2005 09:51, Werner Koch wrote:
> On Sat, 13 Aug 2005 22:49:27 +0200, Tristan Miller said:
> > gpg-1.4.0-4
> > gpgme-1.0.2-3
> > pinentry-0.7.1-4
> > libksba-0.9.10-3
>
> and the version of gpg-agent is ... ?
>
> "gpg-agent --version"

[psy@port-3108:~]$ gpg-agent --version
gpg-agent (GnuPG) 1.9.14

Regards,
Tristan

-- 
   _
  _V.-o  Tristan Miller [en,(fr,de,ia)]  ><  Space is limited
 / |`-'  -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=  <>  In a haiku, so it's hard
(7_\\    http://www.nothingisreal.com/   ><  To finish what you
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20050817/b71c4f5c/attachment.pgp
From felix.klee at inka.de  Wed Aug 24 15:17:59 2005
From: felix.klee at inka.de (Felix E. Klee)
Date: Wed Aug 24 15:20:46 2005
Subject: Pinpad on SPR532 isn't used
Message-ID: <874q9fscc8.wl%felix.klee@inka.de>

After installing GNUPG 1.4.2, I can now access my OpenPGP smartcards
(bought at Kernelconepts) using my SPR532 reader.  However, the pinpad
of the reader is not used.  An example:

  ~> gpg --card-edit
  gpg: WARNING: using insecure memory!
  gpg: please see http://www.gnupg.org/faq.html for more information
  
  Application ID ...: D2760001240101010001000005B60000
  Version ..........: 1.1
  Manufacturer .....: PPC Card Systems
  Serial number ....: 000005B6
  Name of cardholder: [not set]
  Language prefs ...: de
  Sex ..............: unspecified
  URL of public key : [not set]
  Login data .......: [not set]
  Private DO 1 .....: [not set]
  Private DO 2 .....: [not set]
  Signature PIN ....: forced
  Max. PIN lengths .: 254 254 254
  PIN retry counter : 3 3 3
  Signature counter : 0
  Signature key ....: [none]
  Encryption key....: [none]
  Authentication key: [none]
  General key info..: [none]
  
  Command> passwd
  gpg: OpenPGP card no. D2760001240101010001000005B60000 detected
  
  PIN
  Enter PIN: [Here I have to enter my PIN via my computer's keyboard]

The version of the reader's firmware is 5.05 IIRC.  

What may be the reason for the problem?

-- 
Felix E. Klee

From anonymous at remailer.metacolo.com  Wed Aug 24 15:24:15 2005
From: anonymous at remailer.metacolo.com (Anonymous Sender)
Date: Wed Aug 24 15:58:43 2005
Subject: legal status of GnuPG in China?
Message-ID: <07f205033166c59557982f3c45445e10@remailer.metacolo.com>

Does anyone know the legal status of GnuPG in China? 

The only information I found was
http://rechten.uvt.nl/koops/cryptolaw/cls2.htm#prc

But I am unsure if that actually applies, as GnuPG is neither a
commercial application nor is the intended use commecial.

Regards,
Anyone

From BruderB at cation.de  Wed Aug 24 14:25:52 2005
From: BruderB at cation.de (B)
Date: Wed Aug 24 16:35:39 2005
Subject: newbies difficulties
Message-ID: <1124886352.4187.6.camel@localhost>

Hej all,


Im quite new in gnupg and using gpa as frontend.

I have troubles in generating keys runnning Debian or Windows:

Using gpa with root grants works fine, but with restricted (user-)
grants gpa seems to have troubles to call gnupg for generating keys. It
simply hangs in Linux and gives 'GnuPG execution failed: Could not spawn
external program.' in Windows.

Anybody knows something about that and can help me?

Thanks

Boris


From atom at smasher.org  Wed Aug 24 19:19:19 2005
From: atom at smasher.org (Atom Smasher)
Date: Wed Aug 24 19:19:43 2005
Subject: legal status of GnuPG in China?
In-Reply-To: <07f205033166c59557982f3c45445e10@remailer.metacolo.com>
References: <07f205033166c59557982f3c45445e10@remailer.metacolo.com>
Message-ID: <20050824171925.40604.qmail@smasher.org>

On Wed, 24 Aug 2005, Anonymous Sender wrote:

> Does anyone know the legal status of GnuPG in China?
==============

IANAL, but it seems that GnuPG/PGP would require a license for use. i 
would think that it would be easier to get a license (if any are actually 
issued) if the stated use was signing and authentication, rather than 
encryption (then encryption is merely a built-in feature, not a core 
feature for your use). then generate an RSA "signing" key that is capable 
of both encryption and signing, but do NOT create any encryption subkeys.

it really makes me sick that the US is doing everything it can to export 
jobs and money to china (my gripe is with the chinese govt, NOT the 
chinese people). just remember, next time you buy some piece of crap at 
wal-mart and it says "made in china", part of the money that you're 
spending is to buy bullets to shoot people who are caught using crypto (or 
practicing religion).


-- 
         ...atom

  _________________________________________
  PGP key - http://atom.smasher.org/pgp.txt
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
  -------------------------------------------------

 	"Cryptography is like literacy in the Dark Ages. Infinitely
 	 potent, for good and ill... yet basically an intellectual
 	 construct, an idea, which by its nature will resist efforts
 	 to restrict it to bureaucrats and others who deem only
 	 themselves worthy of such Privilege."
 		-- Vin McLellan,
 		A Thinking Man's Creed for Crypto



From zuxy.meng at gmail.com  Wed Aug 24 19:03:34 2005
From: zuxy.meng at gmail.com (Zuxy)
Date: Wed Aug 24 19:52:38 2005
Subject: legal status of GnuPG in China?
In-Reply-To: 
References: <07f205033166c59557982f3c45445e10@remailer.metacolo.com>
	
Message-ID: 

2005/8/24, Anonymous Sender :
> Does anyone know the legal status of GnuPG in China?

Yes, it's illegal to use and distribute GnuPG in Mainland China.

>
> The only information I found was
> http://rechten.uvt.nl/koops/cryptolaw/cls2.htm#prc
>
> But I am unsure if that actually applies, as GnuPG is neither a
> commercial application nor is the intended use commecial.

Actually, Item 2 of "Commercial Use Password Management Regulations"
has defined "commercial" as "non-military".

--
Zuxy
Beauty is truth,
While truth is beauty.
PGP KeyID: E8555ED6

From cedar at 3web.net  Wed Aug 24 20:09:38 2005
From: cedar at 3web.net (cdr)
Date: Wed Aug 24 20:10:43 2005
Subject: legal status of GnuPG in China?
In-Reply-To: <07f205033166c59557982f3c45445e10@remailer.metacolo.com>
References: <07f205033166c59557982f3c45445e10@remailer.metacolo.com>
Message-ID: <430CB7E2.1080900@3web.net>

Anonymous Sender wrote:
> Does anyone know the legal status of GnuPG in China? 

In the absence of independent judiciary "legal status"
is a meaningless term.

CDR

From johanw at vulcan.xs4all.nl  Wed Aug 24 23:19:09 2005
From: johanw at vulcan.xs4all.nl (Johan Wevers)
Date: Thu Aug 25 00:30:09 2005
Subject: legal status of GnuPG in China?
In-Reply-To: <20050824171925.40604.qmail@smasher.org>
Message-ID: <200508242119.j7OLJ9Fb001614@vulcan.xs4all.nl>

Atom Smasher wrote:

>it really makes me sick that the US is doing everything it can to export 
>jobs and money to china (my gripe is with the chinese govt, NOT the 
>chinese people).

Yeah, well, the same applies to the USA, but since almost half of their
population choose the current president the people are partly to blame.
Next time a civilian city is bombed as "collateral damage", or the result
of crappy intelligence, I'm glad I didn't buy an US product (PGP) but got
a decent free European application like GnuPG.

However, I think this is off-topic here.

-- 
ir. J.C.A. Wevers         //  Physics and science fiction site:
johanw@vulcan.xs4all.nl   //  http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

From Billt at Mahagonny.com  Thu Aug 25 00:05:46 2005
From: Billt at Mahagonny.com (Bill Thompson)
Date: Thu Aug 25 01:06:12 2005
Subject: legal status of GnuPG in China?
In-Reply-To: 
References: <07f205033166c59557982f3c45445e10@remailer.metacolo.com>
	
	
Message-ID: <20050824150546.4df20ecc@BeBop>

On Thu, 25 Aug 2005 01:03:34 +0800
Zuxy  wrote:

> 2005/8/24, Anonymous Sender :
> > Does anyone know the legal status of GnuPG in China?
> 
> Yes, it's illegal to use and distribute GnuPG in Mainland China.

Can you elaborate on this? How recent is your information? I have
colleagues in China who are using GnuPG and have assured me that there is
no current restriction to using cryptography, ether GnuPG or IPsec
tunneling.

-- 
Bill Thompson
BillT@Mahagonny.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20050824/cde9f234/attachment-0001.pgp
From zuxy.meng at gmail.com  Thu Aug 25 03:41:27 2005
From: zuxy.meng at gmail.com (Zuxy)
Date: Thu Aug 25 03:42:07 2005
Subject: legal status of GnuPG in China?
In-Reply-To: <20050824150546.4df20ecc@BeBop>
References: <07f205033166c59557982f3c45445e10@remailer.metacolo.com>
	
	
	<20050824150546.4df20ecc@BeBop>
Message-ID: 

2005/8/25, Bill Thompson :
> 
> Can you elaborate on this? How recent is your information? I have
> colleagues in China who are using GnuPG and have assured me that there is
> no current restriction to using cryptography, ether GnuPG or IPsec
> tunneling.

It's *illegal* judged from the law mentioned above, but as far as I
know there's no trouble in using GnuPG, at least for now. Anyway, the
number of people who know of GnuPG is still quite small, maybe too
small for the govt to care about.

-- 
Zuxy
Beauty is truth,
While truth is beauty.
PGP KeyID: E8555ED6

From yochanon at localnet.com  Thu Aug 25 08:16:09 2005
From: yochanon at localnet.com (JB)
Date: Thu Aug 25 08:16:58 2005
Subject: legal status of GnuPG in China?
In-Reply-To: 
References: <07f205033166c59557982f3c45445e10@remailer.metacolo.com>
	<20050824150546.4df20ecc@BeBop>
	
Message-ID: <200508250116.19619.yochanon@localnet.com>

On Wednesday 24 August 2005 20:41, Zuxy wrote:
> 2005/8/25, Bill Thompson :
> > Can you elaborate on this? How recent is your information? I have
> > colleagues in China who are using GnuPG and have assured me that there is
> > no current restriction to using cryptography, ether GnuPG or IPsec
> > tunneling.
>
> It's *illegal* judged from the law mentioned above, but as far as I
> know there's no trouble in using GnuPG, at least for now. Anyway, the
> number of people who know of GnuPG is still quite small, maybe too
> small for the govt to care about.

  Hopefully, on both counts.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20050825/453947b3/attachment.pgp
From stephen.more at gmail.com  Thu Aug 25 15:16:08 2005
From: stephen.more at gmail.com (Stephen More)
Date: Thu Aug 25 16:12:34 2005
Subject: invalid packet
Message-ID: 

I tried to decrypt a file today and got:

gpg: [don't know]: invalid packet (ctb=14)

A search on the internet has no led to anything.....does anyone know
what the problem could be ?

gpg (GnuPG) 1.2.6
Copyright (C) 2004 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Hash: MD5, SHA1, RIPEMD160, SHA256
Compression: Uncompressed, ZIP, ZLIB, BZIP2


-Thanks
Steve More

From joerg at schmitz-linneweber.de  Thu Aug 25 15:24:03 2005
From: joerg at schmitz-linneweber.de (Joerg Schmitz-Linneweber)
Date: Thu Aug 25 16:19:29 2005
Subject: Pinpad on SPR532 isn't used
In-Reply-To: <874q9fscc8.wl%felix.klee@inka.de>
References: <874q9fscc8.wl%felix.klee@inka.de>
Message-ID: <200508251524.09745.joerg@schmitz-linneweber.de>

Hi!

Am Mittwoch, 24. August 2005 15:17 schrieb Felix E. Klee:
> After installing GNUPG 1.4.2, I can now access my OpenPGP smartcards
> (bought at Kernelconepts) using my SPR532 reader.  However, the pinpad
> of the reader is not used.  An example:
> ...

If you browse through the archives of this group you'll find that there *is* 
no keypad support for _any_ card reader (until now).

The documentation also always states that it *would be possible* to integrate 
support for pinpads...

Salut, J?rg

-- 
gpg/pgp key # 0xd7fa4512
fingerprint 4e89 6967 9cb2 f548 a806 ?7e8b fcf4 2053 d7fa 4512
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20050825/8f029d71/attachment.pgp
From felix.klee at inka.de  Thu Aug 25 22:54:24 2005
From: felix.klee at inka.de (Felix E. Klee)
Date: Thu Aug 25 22:57:17 2005
Subject: Pinpad on SPR532 isn't used
In-Reply-To: <200508251524.09745.joerg@schmitz-linneweber.de>
References: <874q9fscc8.wl%felix.klee@inka.de>
	<200508251524.09745.joerg@schmitz-linneweber.de>
Message-ID: <87mzn5lou7.wl%felix.klee@inka.de>

At Thu, 25 Aug 2005 15:24:03 +0200,
Joerg Schmitz-Linneweber wrote:
> > After installing GNUPG 1.4.2, I can now access my OpenPGP smartcards
> > (bought at Kernelconepts) using my SPR532 reader.  However, the
> > pinpad of the reader is not used.  An example: ...
> 
> If you browse through the archives of this group you'll find that
> there *is* no keypad support for _any_ card reader (until now).
> 
> The documentation also always states that it *would be possible* to
> integrate support for pinpads...

Well, then the document "How to use the Fellowship Smartcard - The GnuPG
Smartcard HOWTO" from March 5th, 2005 needs to be corrected.  Quote:

  SCM Microsystems SPR532
  
  This is a USB (CCID)/serial reader with a numerical keypad and three
  extra buttons. The pinpad may be used to securely enter the PIN
  without using the attached computer. Only USB has been tested.

Anyway, does this lack of pinpad support apply to *any* driver or only
to the internal CCID one?
  
-- 
Felix E. Klee

From kssingvo at suse.de  Wed Aug 24 15:07:17 2005
From: kssingvo at suse.de (Klaus Singvogel)
Date: Fri Aug 26 10:48:40 2005
Subject: [Sks-devel] Re: zero-length MPIs (was: Re: mpi error with
	check-trustdb in 1.4.2 - resolved)
In-Reply-To: <20050812002243.GD358@wilma.widomaker.com>
References: <42F97044.9050603@comcast.net> <42FAC641.9040507@comcast.net>
	<20050811160217.GC358@wilma.widomaker.com>
	<20050811182144.GA33562@wilma.widomaker.com>
	<20050811195459.GB12783@opium.palfrader.org>
	<20050812002243.GD358@wilma.widomaker.com>
Message-ID: <20050824130716.GA4211@suse.de>

Hi.

Jason Harris wrote:
> On Thu, Aug 11, 2005 at 09:54:59PM +0200, Peter Palfrader wrote:
> > On Thu, 11 Aug 2005, Jason Harris wrote:
> 
> > > Fetching them from keyserver.kjsl.com is now possible with gnupg-1.4.2.
> > > To patch pks, add this to the middle of decode_mpi() (in pgputil.c):
> > > 
> > >   /* skip packets with 0-length MPIs for GPG's benefit (gnupg-1.4.2) */
> > >   if (mpi->nbits == 0) {
> > >     return (0);
> > >   }
> > 
> > can we do that in SKS too?  please!
> 
> Try the patch below.  0x1A9537E7 is another offending key, and all eight
> work now:
> 

[...]

I don't see those files in my copy of gnupg-1.4.2. where your patch
applies. Therefore I looked myself closer at the code, as this problem
araises unter "gpg --trustdb" at some of our users.

I noticed that these messages are coming from
mpi/mpicoder.c:mpi_read() and had a closer look at it. :-)

The second if check, for "goto overflow;" seems a bit doubtful (maybe
a copy&paste without to much thinking whats coming next ? :-) As
there are no mandatory reads from the iobuf coming, only optional
reads, I changed the code to "if (++nread > nmax)" and the problem
was gone (see attached patch).

Please confirm me, that my thinking is correct here.

Thanks in advance.

Regards,
	Klaus.
-- 
Klaus Singvogel
SUSE LINUX Products GmbH
Maxfeldstr. 5                     E-Mail: Klaus.Singvogel@SuSE.de
90409 Nuernberg                   Phone: +49 (0) 911 740530
Germany                           GnuPG-Key-ID: 1024R/5068792D  1994-06-27
-------------- next part --------------
--- gnupg-1.4.2/mpi/mpicoder.c.orig	2005-05-31 08:30:05.000000000 +0200
+++ gnupg-1.4.2/mpi/mpicoder.c	2005-08-24 14:51:07.000000000 +0200
@@ -87,7 +87,7 @@
     nbits = c << 8;
     if( (c = iobuf_get(inp)) == -1 )
 	goto leave;
-    if (++nread >= nmax)
+    if (++nread > nmax)
         goto overflow;
     nbits |= c;
     if( nbits > MAX_EXTERN_MPI_BITS ) {
From hakan.markor at kreatel.se  Wed Aug 24 15:52:07 2005
From: hakan.markor at kreatel.se (=?iso-8859-1?Q?H=E5kan_Mark=F6r?=)
Date: Fri Aug 26 10:49:05 2005
Subject: Version 1.4.1 generate keys that don't import in 1.2.6
Message-ID: <3EAFF93AB587B744826E3586B40A108624C623@carbon.intra.kreatel.se>


Hi

>gpg --version
gpg (GnuPG) 1.4.1
Copyright (C) 2005 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512
Compression: Uncompressed, ZIP, ZLIB, BZIP2
>
>gpg --import hakma.asc
gpg: key 7CC30F25: invalid self-signature on user id "Hakma (Shanghai key) "
gpg: key 7CC30F25: invalid subkey binding
gpg: key 7CC30F25: no valid user IDs
gpg: this may be caused by a missing self-signature
gpg: Total number processed: 1
gpg:           w/o user IDs: 1
>
>

The key is generated on version:
>gpg --version
gpg (GnuPG) 1.2.6
Copyright (C) 2004 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Hash: MD5, SHA1, RIPEMD160, SHA256
Compression: Uncompressed, ZIP, ZLIB, BZIP2
>
>

Any help or comments are highly appreciated!

/H?kan

From rdieter at math.unl.edu  Fri Aug 26 14:36:28 2005
From: rdieter at math.unl.edu (Rex Dieter)
Date: Fri Aug 26 14:53:59 2005
Subject: gnupg2-1.9.18: gpgkey2ssh: gpgkey2ssh.c:255: main: Assertion `argc
 == 2' failed.
Message-ID: 

Anyone else seeing this with gnupg2-1.9.18:

$gpgkey2ssh
gpgkey2ssh: gpgkey2ssh.c:255: main: Assertion `argc == 2' failed.

Does the same on all platforms I've built for, including RedHat 9, 
Fedora Core 4, RedHat Enterprise 4.

-- Rex


From psychonaut at nothingisreal.com  Fri Aug 26 17:17:52 2005
From: psychonaut at nothingisreal.com (Tristan Miller)
Date: Fri Aug 26 17:27:02 2005
Subject: gpg-agent doesn't remember passphrase
References: <2003596.PEJsFSjTCn@ID-187157.News.Individual.NET>
Message-ID: <1275317.pXP3rQph6F@ID-187157.News.Individual.NET>

Greetings.

In article <2003596.PEJsFSjTCn@ID-187157.News.Individual.NET>, Tristan
Miller wrote:
> I recently upgraded my operating system (SuSE 9.0->9.3) and now gpg-agent
> doesn't remember my passphrase anymore.

Rebooted the system, and now suddenly everything works again.  Strange.

Regards,
Tristan

-- 
   _
  _V.-o  Tristan Miller [en,(fr,de,ia)]  ><  Space is limited
 / |`-'  -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=  <>  In a haiku, so it's hard
(7_\\    http://www.nothingisreal.com/   ><  To finish what you


From dshaw at jabberwocky.com  Fri Aug 26 17:58:56 2005
From: dshaw at jabberwocky.com (David Shaw)
Date: Fri Aug 26 17:59:44 2005
Subject: Version 1.4.1 generate keys that don't import in 1.2.6
In-Reply-To: <3EAFF93AB587B744826E3586B40A108624C623@carbon.intra.kreatel.se>
References: <3EAFF93AB587B744826E3586B40A108624C623@carbon.intra.kreatel.se>
Message-ID: <20050826155856.GA1186@jabberwocky.com>

On Wed, Aug 24, 2005 at 03:52:07PM +0200, H?kan Mark?r wrote:
> 
> Hi
> 
> >gpg --version
> gpg (GnuPG) 1.4.1
> Copyright (C) 2005 Free Software Foundation, Inc.
> This program comes with ABSOLUTELY NO WARRANTY.
> This is free software, and you are welcome to redistribute it
> under certain conditions. See the file COPYING for details.
> 
> Home: ~/.gnupg
> Supported algorithms:
> Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
> Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
> Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512
> Compression: Uncompressed, ZIP, ZLIB, BZIP2
> >
> >gpg --import hakma.asc
> gpg: key 7CC30F25: invalid self-signature on user id "Hakma (Shanghai key) "
> gpg: key 7CC30F25: invalid subkey binding
> gpg: key 7CC30F25: no valid user IDs
> gpg: this may be caused by a missing self-signature
> gpg: Total number processed: 1
> gpg:           w/o user IDs: 1

You don't give any actual information about the key, so it's not
possible to help you.  I suspect, given the versions of GnuPG, that
you generated a Elgamal sign+encrypt key.  This key type was dropped
from the OpenPGP standard, so newer programs will not support it.

What does 'gpg --list-keys 7CC30F25' return?

David

From Lance at TheHaverkamps.net  Fri Aug 26 18:13:35 2005
From: Lance at TheHaverkamps.net (Lance W. Haverkamp)
Date: Fri Aug 26 18:14:19 2005
Subject: gpg-agent doesn't remember passphrase
Message-ID: <430F3FAF.30509@TheHaverkamps.net>

Had the same problem in Debian-- plus other problems too,
Thunderbird-enigmail broke (can't see all uid's).  Mine haven't fixed
themselves (yet).

Lance


------------------------

Greetings.

In article <2003596.PEJsFSjTCn@ID-187157.News.Individual.NET>, Tristan
Miller wrote:

>> I recently upgraded my operating system (SuSE 9.0->9.3) and now gpg-agent
>> doesn't remember my passphrase anymore.


Rebooted the system, and now suddenly everything works again.  Strange.

Regards,
Tristan

-- 
 


Thanks!

Lance W. Haverkamp
Lance@TheHaverkamps.net
Contact & encryption info:
http://thehaverkamps.net/?Lance:Contact_Me
 ><> ><> ><> ><> ><> ><>


From wk at gnupg.org  Fri Aug 26 18:32:34 2005
From: wk at gnupg.org (Werner Koch)
Date: Fri Aug 26 18:36:44 2005
Subject: Pinpad on SPR532 isn't used
In-Reply-To: <87mzn5lou7.wl%felix.klee@inka.de> (Felix E. Klee's message of
	"Thu, 25 Aug 2005 22:54:24 +0200")
References: <874q9fscc8.wl%felix.klee@inka.de>
	<200508251524.09745.joerg@schmitz-linneweber.de>
	<87mzn5lou7.wl%felix.klee@inka.de>
Message-ID: <87oe7kzmjh.fsf@wheatstone.g10code.de>

On Thu, 25 Aug 2005 22:54:24 +0200, Felix E Klee said:

> Anyway, does this lack of pinpad support apply to *any* driver or only
> to the internal CCID one?

There is no standard way of accessing a PIN pad - except for CCID
drivers but their interface or any other interface to pinpads is not
(yet) exposed by PC/SC.

For the SPR532 the code to access the pinpad is working - the
remaining thing is to integarte this with the user interface: No
pinentry should pop up if such a reader is available but instead a
notice that one should enter the PIN on the pinpad.  Needs some work
in the internal command paths.


Shalom-Salam,

   Werner


From paulwang2 at gmail.com  Sat Aug 27 01:16:46 2005
From: paulwang2 at gmail.com (Wang Paul)
Date: Sat Aug 27 02:22:26 2005
Subject: legal status of GnuPG in China?
Message-ID: <39ad3878050826161633fcdb8a@mail.gmail.com>

> > > Can you elaborate on this? How recent is your information? I have
> > > colleagues in China who are using GnuPG and have assured me that there is
> > > no current restriction to using cryptography, ether GnuPG or IPsec
> > > tunneling.
> >
> > It's *illegal* judged from the law mentioned above, but as far as I
> > know there's no trouble in using GnuPG, at least for now. Anyway, the
> > number of people who know of GnuPG is still quite small, maybe too
> > small for the govt to care about.
>
>  Hopefully, on both counts.

For those who believe it matters to debate whether gpg is legal in
China, or to believe the economic investments into China helps to
bring democracy or functional judicial system there, did you know on
MSN China, "democracy" and "freedom" are banned words, among with many
other words?  Microsoft claims that they need to obey local laws, of
course Gates selectively ignored the constitution there which states
freedom is protected ...

As a real eye opener, check out
http://faluninfo.net/displayAnArticle.asp?ID=9213
Please rest assured that the killer is promoted instead of sentenced. 
 And keep in mind this is merely one of the millions cases in the last
decades there, where "law" is a tool to persecute innocent people by
the Chinese Communist Party to maintain its illegal power grabbed and
maintained by guns, which can be arbitrarily and selectively applied,
or invented on demand,  with retrospective power, of course.

So back to the question, yes, you are safe if you pgp loveletter to
your sweatheart, or even to pgp your trade secret of manufacturing
chocolate, but your life is in line if you try to tell people your son
is tortured by CCP to death, pgp'ed or not.

From benjamin at pythagoras.no-ip.org  Sat Aug 27 11:17:44 2005
From: benjamin at pythagoras.no-ip.org (Benjamin Donnachie)
Date: Sat Aug 27 13:15:46 2005
Subject: OpenPGG Card
Message-ID: <84ee92c719bd8f3b10caaec695f20cc2@www.pythagoras.no-ip.org>


Is it possible to obtain further details on the OpenPGP card?

I have such a card and a working smartcard reader but, ideally, I'd like to
obtain copies of the 
sourcecode and program my own cards.  However, it's extremely difficult to
track down any 
specific information!

Many thanks,


--
Benjamin
benjamin@pythagoras.no-ip.org



From unknown_kev_cat at hotmail.com  Sun Aug 28 17:25:36 2005
From: unknown_kev_cat at hotmail.com (Joe Smith)
Date: Sun Aug 28 17:27:45 2005
Subject: gnupg2-1.9.18: gpgkey2ssh: gpgkey2ssh.c:255: main: Assertion
	`argc == 2' failed.
References: 
Message-ID: 


"Rex Dieter"  wrote in message 
news:den2cr$g1p$1__3327.15526824376$1125061065$gmane$org@sea.gmane.org...
> Anyone else seeing this with gnupg2-1.9.18:
>
> $gpgkey2ssh
> gpgkey2ssh: gpgkey2ssh.c:255: main: Assertion `argc == 2' failed.
>
> Does the same on all platforms I've built for, including RedHat 9, Fedora 
> Core 4, RedHat Enterprise 4.
>
> -- Rex

Umm... Try passing a parameter to the program. 



From unknown_kev_cat at hotmail.com  Sun Aug 28 06:48:17 2005
From: unknown_kev_cat at hotmail.com (Joe Smith)
Date: Sun Aug 28 18:22:40 2005
Subject: OpenPGG Card
References: <84ee92c719bd8f3b10caaec695f20cc2__25836.3736131743$1125141464$gmane$org@www.pythagoras.no-ip.org>
Message-ID: 

There is no need to post a message to the list three times.

>Is it possible to obtain further details on the OpenPGP card?
>
>I have such a card and a working smartcard reader but, ideally, I'd like to
>obtain copies of the sourcecode and program my own cards.  However, it's
>extremely difficult to track down any specific information!

You can get aditional information, but unfortunately the information 
available is not to particularly satisfying.

That said these are the details I know:
The openPGP cards are manufactured by PPC Card Systems using a chip created 
by Atmel, running BasicCard OS, and code written presumably by Werner Koch. 
The cards are non-reprogrammable, they are set to state 'RUN'.

The last I asked there were no other manufactures of OpenPGP Card complient 
smartcards.

-----

Ideally one should be able to just buy a smart card with rsa support, 
download OpenPGP card source, and compile it. Then flash it and any other 
things you wish to have on the card. However it sadly does not work that 
way.

Source code is not available. Here is a quote from an email Werner sent me:
>> Is the source for the program on the card available?
>
>No, this is not possible because the chip vendors supply chips only to
>large card vendors due to fear of litigation through Pay TV channels.
>They had pretty bad experience with that in recent years.  Same goes
>with the firmare supplied with the chip which is the base of the
>(actual very small) application we did.  Atmel will even stop the
>production of the chip we are currently using due to force by Pay TV
>lawyers (the same chip is used in many Pay TV scrambling systems; and
>they all use security by litigation).  Its all a very sad and
>ridiculous situation.

If you can somehow manage to get ahold of a BasicCard OS-based smartcard 
that has support for RSA, it would not be too difficult to program it. Most 
of the crypto stuff is handled by the chip, so the code needed to be written 
is mainly interface code. 



From wk at gnupg.org  Mon Aug 29 16:01:55 2005
From: wk at gnupg.org (Werner Koch)
Date: Mon Aug 29 16:06:19 2005
Subject: PKCS#11 support for gpg-agent
In-Reply-To: <430737A0.8030808@gmail.com> (Alon Bar-Lev's message of "Sat,
	20 Aug 2005 17:01:04 +0300")
References: <430737A0.8030808@gmail.com>
Message-ID: <87oe7gj0z0.fsf@wheatstone.g10code.de>

On Sat, 20 Aug 2005 17:01:04 +0300, Alon Bar-Lev said:

> The disclaimer at http://www.rsasecurity.com/rsalabs/node.asp?id=2133 states

Its is not about the protocol but about the licenses incompatibility
between Mozilla and GPL applications.  AFAIK, not everything in
Mozilla has the option to be used under the GPL.

> Since if there is none, I don't see any reason why every project
> should implement its own standard of smartcard structure.

Because pkcs#11 is a standard to let two proprietary applications work
together - that is the whole reason for that complex and very limited
beast.

> If there will be (In the future) GPLed smartcard, it should also
> support PKCS#11 standard... So standard application will work...

Write one; it is not hard.  Or ask soneone to write it. 

> I am calling this proprietary... You cannot use keys and certificates

> that were enrolled for other application. This makes the use of gpg

> and smartcard very difficult to manage.

Nope.  It is not different than with any other smartcard.  The
compatibility is just on another level.

> Can you please reconsider the PKCS#11 support, without

> a new agent branch?

Ask me for a quote.


Shalom-Salam,

   Werner


From sk at intertivity.com  Mon Aug 29 16:50:26 2005
From: sk at intertivity.com (Sascha Kiefer)
Date: Mon Aug 29 16:51:02 2005
Subject: New Implementation for Elliptic Curve Crypt
Message-ID: <431320B2.8040800@intertivity.com>

fyi: http://www.chi-publishing.com/index.php?newsID=405

From benjamin at pythagoras.no-ip.org  Mon Aug 29 16:38:37 2005
From: benjamin at pythagoras.no-ip.org (Benjamin Donnachie)
Date: Mon Aug 29 17:19:31 2005
Subject: OpenPGP Card
In-Reply-To: 
References: <84ee92c719bd8f3b10caaec695f20cc2__25836.3736131743$1125141464$gmane$org@www.pythagoras.no-ip.org>
	
Message-ID: <43131DED.6080909@pythagoras.no-ip.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Joe Smith wrote:
> There is no need to post a message to the list three times.

I didn't.  I posted it to gnupg-users and -devel as I felt my enquiry
was equally suited to both lists.

> You can get aditional information, but unfortunately the information
> available is not to particularly satisfying.

Yup - that's exactly what I've discovered!

> Source code is not available. Here is a quote from an email Werner sent me:
[...]

>> No, this is not possible because the chip vendors supply chips only to
>> large card vendors due to fear of litigation through Pay TV channels.
>> They had pretty bad experience with that in recent years.  Same goes
>> with the firmare supplied with the chip which is the base of the
>> (actual very small) application we did.  Atmel will even stop the
>> production of the chip we are currently using due to force by Pay TV
>> lawyers (the same chip is used in many Pay TV scrambling systems; and
>> they all use security by litigation).  Its all a very sad and
>> ridiculous situation.

I agree with Werner - it is a very sad and ridiculous situation!

> If you can somehow manage to get ahold of a BasicCard OS-based smartcard
> that has support for RSA, it would not be too difficult to program it.
> Most of the crypto stuff is handled by the chip, so the code needed to
> be written is mainly interface code.

I shall stop being so lazy, and shall see what can be done!

Take care,

Ben

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iQIVAwUBQxMd6+gNmph0Y1E2AQKMvBAAha+pv/VTAQNNSSP+SMqa0dcj2+FYk02B
4emiuFQKGGU4MREfxO5yjaQ+Ly6nF+zOkF1ukK9noDBum7NtWH32Pg5s7oT80b2i
JZP0F+8WD1sMemKWxpmuIV6fFhyATUefGTxJ7l7cL1MlmuS0WNYJwkVfyM2jHVQI
CLraSzvc/GsObNpXlExlq13WJviUBrGxjnXncXfAdey3/vstTV4xXijo8d3fHrS0
aDP9zEx8FIkx/UcL8G3ME5LB0PkEkgNA0Juzn5nI3EEL2JcjTc6TeXTsR83K1mHO
c8TCeiOVEVZQoz1uiKUqyRXoJS4Ugv727ZaSpPOJDEeyJuQlvDyZMB8H8rLpKOyH
5Z027Jvy89gDJkTJX8tOJw6P7q/1USgdDhsO5KX2Wwbu7QK8u8gLVy59FBXkS/vo
EOouG/nq/oiSg280CehsywmTCAOaFuYazEwdyxIRzqtpdaFYkpR+LGmBifyQ+64/
RF8hpRzFvY7xkUeOUOHJO1Clv0yrRbCag7qY2h0bmhJ0y5ExgpOP7+hSQlhOvsIz
2KAmkVWMfagstTaqreuetkvLGssdKoLBoO87ufOrSmllge+P0y7Lg4h9sTZrmq9t
QtblvPAFFGTdqCscuNBlJ90ict7ScIBUsUZ/PWGTrv1TQaLo5wKvJAt1chUHrhdk
1aFjc+GZXY0=
=5vX+
-----END PGP SIGNATURE-----

From sbt at megacceso.com  Mon Aug 29 18:00:36 2005
From: sbt at megacceso.com (Sergi Blanch i =?iso-8859-15?q?Torn=E9?=)
Date: Mon Aug 29 19:29:37 2005
Subject: New Implementation for Elliptic Curve Crypt
In-Reply-To: <431320B2.8040800@intertivity.com>
References: <431320B2.8040800@intertivity.com>
Message-ID: <200508291800.37342.sbt@megacceso.com>

Good information. Also I like to say that GnuPG has an _experimental_ patch 
that allow to use Elliptic curves over primary fields (F_{p}):
http://alumnes.eps.udl.es/%7Ed4372211/index.en.html
(If you read the writer's names, then you can understand why i like to say it)

Over the fields that certicom devel (F_{2^m}), there are free implementation 
(as GPL) in:
http://pagina.de/sks
In the downloads, you can find a readme in english. (Mainly it's in spanish, 
but if you have doubts the author Manuel Pancorbo Castro (or I, if is needed) 
can solve it).

On Monday 29 August 2005 16:50, Sascha Kiefer wrote:
> fyi: http://www.chi-publishing.com/index.php?newsID=405
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

From unknown_kev_cat at hotmail.com  Mon Aug 29 23:43:03 2005
From: unknown_kev_cat at hotmail.com (Joe Smith)
Date: Mon Aug 29 23:46:28 2005
Subject: OpenPGP Card
References: <84ee92c719bd8f3b10caaec695f20cc2__25836.3736131743$1125141464$gmane$org@www.pythagoras.no-ip.org>
	<43131DED.6080909@pythagoras.no-ip.org>
Message-ID: 

"Benjamin Donnachie"  wrote in message 
news:43131DED.6080909@pythagoras.no-ip.org...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Joe Smith wrote:
>> There is no need to post a message to the list three times.
>
> I didn't.  I posted it to gnupg-users and -devel as I felt my enquiry
> was equally suited to both lists.
>
Gmane must be acting up then. My message got triplicated also. :( 



From alon.barlev at gmail.com  Wed Aug 31 09:46:08 2005
From: alon.barlev at gmail.com (Alon Bar-Lev)
Date: Wed Aug 31 08:45:42 2005
Subject: PKCS#11 support for gpg-agent
In-Reply-To: <87oe7gj0z0.fsf@wheatstone.g10code.de>
Message-ID: 

Hi!

I still don't get it...

> Its is not about the protocol but about the licenses incompatibility
between Mozilla and GPL applications. 
> AFAIK, not everything in Mozilla has the option to be used under the GPL.

> Because pkcs#11 is a standard to let two proprietary applications work
together - that is the whole reason
> for that complex and very limited beast.

I still don't understand where is the licensing problem of using PKCS#11 in
a GPLed application.
You FAILED to answer this issue, and this is the key issue why you invent
your own card structure!!!
This makes gpg UNUSABLE with smartcards, and I regret this fact.

Opensc uses PKCS#11 and is release under LGPL 2.1, although it LGPL I don't
see any reason
why the "L" is PKCS#11 depended
(http://www.opensc.org/files/doc/opensc.html#opensc.license).

Again, you are using a lot of PKCS#* standards in your application, and I
don't understand why
you have a problem only with PKCS#11...

>> Can you please reconsider the PKCS#11 support, without
>> a new agent branch?

> Ask me for a quote.

I am only trying to help!
I don't think you understand how people use smartcards...
The situation where you have a dedicated smartcard for every application is
unacceptable.
Every application that is written is such approach will be replaced, and I
regret to see gpg be replaced.
When user buys it's email signature/encryption certificate he expects to be
able to use it in
all smartcard enable applications... PKCS#11 provides this ability, and is
free to use, and most commonly
Implemented.

Yes, I know that I can write my own agent... But I still think it will be a
mistake.

Best Regards,
Alon Bar-Lev.


From rbreiddal at presinet.com  Mon Aug 29 20:15:16 2005
From: rbreiddal at presinet.com (Ryley Breiddal)
Date: Mon Sep  5 10:50:21 2005
Subject: [outlgpg] Outlook 2002 Crash
Message-ID: <04CD4FAAABDDC543BA2B33D5C043F91707454F@presinet-main2.PRESINET.local>

Hi there,

I'm running Outlook 2002 SP2 on Windows 2000, and whenever I try to sign
a message, Outlook crashes.  There was a report recently, archived at
http://lists.gnupg.org/pipermail/gnupg-users/2005-August/026511.html
whose symptoms match mine exactly.

I have GPGExch.dll version 0.6.1 and libgpgmedlgs.dll version 0.99.4.
My GPG version is 1.4.2 (I installed WinPT 0.10.0).

I've noticed a couple things.  The GnuPG prefs dialog seems to lose my
settings on a fairly regular basis, seemingly on the crashes.  I also
get a mix of crashes that pop up the "send a report to MS" dialog and
ones that just silently close Outlook.  The loss of settings always
comes with the first group of crashes.  The settings that keep getting
lost are specifically "Also encrypt with default key" and the logging
location.  The stuff in advanced always stays the same.

Path to key-manager binary question - I saw somewhere that I should set
it to "PATH/WinPT.exe --keymanager" but I can't get it to accept
anything but "PATH/WinPT.exe".  Any suggestions?

Similarly to Richard, I haven't figured out how to get a stack trace out
of Outlook yet, but I'm working on it.  In the meantime, I'm happy to
provide any other information that might be of interest.

Please CC any replies to me, as I'm not on the mailing list.

Regards,

_______________________________
Ryley Breiddal
PresiNET Systems





From sadam at CLEMSON.EDU  Wed Aug 31 21:09:56 2005
From: sadam at CLEMSON.EDU (Adam Schreiber)
Date: Mon Sep  5 10:51:21 2005
Subject: [Sks-devel] Re: zero-length MPIs
In-Reply-To: <20050824130716.GA4211@suse.de>
References: <42F97044.9050603@comcast.net>
	<42FAC641.9040507@comcast.net>	<20050811160217.GC358@wilma.widomaker.com>	<20050811182144.GA33562@wilma.widomaker.com>	<20050811195459.GB12783@opium.palfrader.org>	<20050812002243.GD358@wilma.widomaker.com>
	<20050824130716.GA4211@suse.de>
Message-ID: <43160084.4000209@clemson.edu>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Klaus Singvogel wrote:
> Please confirm me, that my thinking is correct here.

I'm not sure if Klaus' thinking is correct, but his patch clears up the
MPI errors I was receiving.

Adam Schreiber

- --
Why isn't all of your email protected?
http://gnupg.org
http://enigmail.mozdev.org
http://seahorse.sourceforge.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDFgCEjU1oaHEI4wgRAnQdAKDJfzhnHslrWKd7CCz0j2NiA1TM8QCglrwF
S4UcEMVOzn+TRmQvHkh25Ks=
=f736
-----END PGP SIGNATURE-----

From bogus@does.not.exist.com  Mon Aug 15 10:25:50 2005
From: bogus@does.not.exist.com ()
Date: Wed Sep  7 13:19:04 2005
Subject: No subject
Message-ID: 

The source code for a work means the preferred form of the work for

making modifications to it. For an executable work, complete source

code means all the source code for all modules it contains, plus any

associated interface definition files, plus the scripts used to

control compilation and installation of the executable. However, as a

special exception, the source code distributed need not include

anything that is normally distributed (in either source or binary

form) with the major components (compiler, kernel, and so on) of the

operating system on which the executable runs, unless that component

itself accompanies the executable.



As the MS crypto API is normally distributed with MS Windows, the OS on
which the executable runs, it would be permited to link it in.



--David.





From bogus@does.not.exist.com  Mon Aug 15 10:25:50 2005
From: bogus@does.not.exist.com ()
Date: Wed Sep  7 18:39:37 2005
Subject: No subject
Message-ID: 

--edit-key KEY
clean  sigs      ... It also removes any  signature
                      that  is superceded by a later signature...


If I got something wrong, please enlighten me.
Dirk


Output of 'gpg --list-sigs 08B0A90B':

pub   1024D/08B0A90B 2000-12-20
uid                  PuTTY Releases (DSA) 
sig 3        08B0A90B 2000-12-20  PuTTY Releases (DSA) 
sig          30B94B5C 2005-05-24  [User-ID nicht gefunden]
sig 2        348DA95A 2005-04-06  [User-ID nicht gefunden]
 --- SNIP ---
sig          CA57AD7C 2005-09-04  [User-ID nicht gefunden]
sig          CA57AD7C 2005-09-02  [User-ID nicht gefunden]
sig          CA57AD7C 2005-08-31  [User-ID nicht gefunden]
sig          CA57AD7C 2005-08-30  [User-ID nicht gefunden]
sig          CA57AD7C 2005-08-28  [User-ID nicht gefunden]
sig          CA57AD7C 2005-08-27  [User-ID nicht gefunden]
sig          CA57AD7C 2005-08-27  [User-ID nicht gefunden]
sig       X  CA57AD7C 2005-08-21  [User-ID nicht gefunden]
sig       X  CA57AD7C 2005-08-15  [User-ID nicht gefunden]
sig       X  CA57AD7C 2005-07-31  [User-ID nicht gefunden]
sig       X  CA57AD7C 2005-07-31  [User-ID nicht gefunden]
sig       X  CA57AD7C 2005-07-29  [User-ID nicht gefunden]
sig       X  CA57AD7C 2005-07-24  [User-ID nicht gefunden]
sig       X  CA57AD7C 2005-07-11  [User-ID nicht gefunden]
sig       X  CA57AD7C 2005-07-10  [User-ID nicht gefunden]
sig       X  CA57AD7C 2005-06-20  [User-ID nicht gefunden]
sig       X  CA57AD7C 2005-06-19  [User-ID nicht gefunden]
sig       X  CA57AD7C 2005-06-15  [User-ID nicht gefunden]
sig       X  CA57AD7C 2005-05-31  [User-ID nicht gefunden]
sig       X  CA57AD7C 2005-05-30  [User-ID nicht gefunden]
sig       X  CA57AD7C 2005-05-17  [User-ID nicht gefunden]
sig       X  CA57AD7C 2005-05-15  [User-ID nicht gefunden]
sig       X  CA57AD7C 2005-05-01  [User-ID nicht gefunden]
sig       X  CA57AD7C 2005-04-17  [User-ID nicht gefunden]
sig       X  CA57AD7C 2005-04-03  [User-ID nicht gefunden]
sig       X  CA57AD7C 2005-03-20  [User-ID nicht gefunden]
sig       X  CA57AD7C 2005-03-05  [User-ID nicht gefunden]
sig       X  CA57AD7C 2005-02-19  [User-ID nicht gefunden]
sig       X  CA57AD7C 2005-02-16  [User-ID nicht gefunden]
sig       X  CA57AD7C 2005-02-07  [User-ID nicht gefunden]
sig       X  CA57AD7C 2005-01-25  [User-ID nicht gefunden]
sig       X  CA57AD7C 2005-01-11  [User-ID nicht gefunden]
sig          CC350332 2002-06-17  [User-ID nicht gefunden]
sig          E213B692 2004-10-26  [User-ID nicht gefunden]


From bogus@does.not.exist.com  Mon Aug 15 10:25:50 2005
From: bogus@does.not.exist.com ()
Date: Wed Sep  7 22:37:16 2005
Subject: No subject
Message-ID: 

[...]
set pgp_clearsign_command="gpg   --charset utf-8 --no-verbose --batch --quiet   --output - %?p?--passphrase-fd 0? --armor --textmode --clearsign %?a?-u %a? %f"
[...]

David

-- 
 12:15:31 up 6 days,  2:50,  2 users,  load average: 0.15, 0.43, 0.30

From bogus@does.not.exist.com  Mon Aug 15 10:25:50 2005
From: bogus@does.not.exist.com ()
Date: Thu Sep 15 09:28:40 2005
Subject: No subject
Message-ID: 

*even more* trouble than it's worth...

Extract the raw key (as in, the really big number) form the X.509 cert
and convert it into an OpenPGP key by taking a large bottle of your
favourite alcoholic beverage, read the relevant RFCs while consuming
about half of it, attempt to perform the conversion, and drink the rest
of the alcoholic beverage when you realise how futile this is :)

Or should I just go ahead and drink the whole bottle right away because
I've gotten the procedure wrong in the first place? ;)

-- 
Alphax                      |   /"\
Encrypted Email Preferred   |   \ /     ASCII Ribbon Campaign
OpenPGP key ID: 0xF874C613  |    X   Against HTML email & vCards
http://tinyurl.com/cc9up    |   / \


From bogus@does.not.exist.com  Mon Aug 15 10:25:50 2005
From: bogus@does.not.exist.com ()
Date: Wed Sep 21 07:46:33 2005
Subject: No subject
Message-ID: 

write to files larger than 4GB.


Shalom-Salam,

   Werner


From bogus@does.not.exist.com  Mon Aug 15 10:25:50 2005
From: bogus@does.not.exist.com ()
Date: Fri Oct  7 14:11:44 2005
Subject: No subject
Message-ID: 

  GnuPG 1.9 is the future version of GnuPG; it is based on some
  gnupg-1.3 code and the previous newpg package.  It will eventually
  lead to a GnuPG 2.0 release.  Note that GnuPG 1.4 and 1.9 are not
  always in sync and thus features and bug fixes done in 1.4 are not
  necessary available in 1.9.

  You should use this GnuPG version if you want to use the gpg-agent
  or gpgsm (the S/MIME variant of gpg).  Note that the gpg-agent is
  also helpful when using the standard gpg versions (1.4.x as well as
  some of the old 1.2.x).  There are no problems installing 1.4 and
  1.9 alongside; in fact we suggest to do this.
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

From bogus@does.not.exist.com  Mon Aug 15 10:25:50 2005
From: bogus@does.not.exist.com ()
Date: Fri Oct  7 14:11:44 2005
Subject: No subject
Message-ID: 

  GnuPG 1.9 is the current development version of GnuPG.  Despite of
  that, most parts (in particular GPG-AGENT and GPGSM) are considered
  ready for production use. Please keep on using GnuPG 1.4.x for
  OpenPGP; 1.9 and 1.4 may - and actually should - be installed
  simultaneously.




Salam-Shalom,

   Werner