From cam at mathematica.scientia.net Tue Nov 1 00:11:55 2005 From: cam at mathematica.scientia.net (Christoph Anton Mitterer) Date: Tue Nov 1 00:11:42 2005 Subject: ECC In-Reply-To: <20051031225240.GC4606@dantooine> References: <435FAFE1.6080802@web.de> <4360E27F.6010508@comcast.net> <4364DDDC.5070502@mathematica.scientia.net> <20051030145907.GB30195@jabberwocky.com> <43655C96.20600@mathematica.scientia.net> <8764reuheb.fsf@wheatstone.g10code.de> <43663A14.7010003@mathematica.scientia.net> <20051031191816.GA4606@dantooine> <436695F5.5020706@mathematica.scientia.net> <20051031225240.GC4606@dantooine> Message-ID: <4366A4BB.8060804@mathematica.scientia.net> markus reichelt wrote: >* Christoph Anton Mitterer wrote: > > >>>do you know of an application that uses this lib? >>> >>> >>No I don't but that shouldn't be a reason to forget about it,... >> >> >Now why is that? I didn't imply anything to such extent. > > Of course,... (and I didn't want to be rude,.. if you think I was :-) ) >I was merely curious about applications, that's all. Why do you think >one should (not) forget about libecc? > > Yes,.. but as I've written I don't know any applications that utilitises libecc. And I wrote "that this should NOT be a reason to "ignore" it" because one might think,.. "oh nobody uses it,.. let's not use it, too" ;-) >>>it seems to be on hold. mailinglists are turned off, last release >>>in 12/2004... >>> >>> >>Same thing,.. that shouldn't be a reason for others to reuse the >>code and continue its development, should it? :) >> >> >Rhetoric is fine, when used wisely ;) > Eh,..? What do you mean? :-D Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: cam.vcf Type: text/x-vcard Size: 449 bytes Desc: not available Url : /pipermail/attachments/20051101/09f6fb82/cam.vcf From alphasigmax at gmail.com Tue Nov 1 01:23:38 2005 From: alphasigmax at gmail.com (Alphax) Date: Tue Nov 1 01:26:28 2005 Subject: Signature packets without (whatever) In-Reply-To: <4365BA5F.3070200@gmail.com> References: <435E3FF7.90001@gmail.com> <20051025143549.GA19648@jabberwocky.com> <4365BA5F.3070200@gmail.com> Message-ID: <4366B58A.8040708@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Alphax wrote: > David Shaw wrote: > >>>On Tue, Oct 25, 2005 at 11:53:51PM +0930, Alphax wrote: >>> >>> >>>>Recently, when checking my trustb I get the following appearing: >>>> >>>>gpg: buffer shorter than subpacket >>>>gpg: signature packet without keyid >>>>gpg: buffer shorter than subpacket >>>>gpg: buffer shorter than subpacket >>>>gpg: signature packet without timestamp >>>>gpg: buffer shorter than subpacket >>>>gpg: signature packet without keyid >>>>gpg: buffer shorter than subpacket >>>> >>>>Now, I figured that cleaning the keys would probably fix this, but the >>>>question is: how do I find the offending keys? >>> >>> >>>Given that one of the errors is a signature packet without a >>>keyid... it's hard to locate the signature :) >>> >>>You could do trickery with gpgsplit and such, but I'd wait until 1.4.3 >>>is out. It doesn't error on such signatures any longer. >>> > > > Um... *bump* on 1.4.3, I just discovered that this (like all error > messages) is killing Enigmail. > > Any way of finding the offending keys and cleaning them manually? > Ok, there *is*... gpg --list-sigs Search the output for the error messages Edit the key Delete the offending signatures Sigh... > Oh yeah, "clean total" would be good for fixing this too... Very. Curiously GPG still thinks that it's a "good signature" despite the lack of keyid and timestamp... and yet the signature *has* a keyid and timestamp... Hrm. I suspect that most of these have come from the same key. Yep, on editing that particular key I immediately get the error... - -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 | X Against HTML email & vCards http://tinyurl.com/cc9up | / \ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQEVAwUBQ2a1ibMAAH8MeUlWAQjmWwgAn64O6fB+Q5BQ7La4yByM1mztm90IIJ9G Z0PzQmbF7JdSh+sWzTBEAz8/DeYCseBF2PkhzsaJ9KVn6BZv/yUCQHwGZlq2aIhu faUfY9U+uuHmCnyMMQTlP9BlNtG2Uhktep85ZhiX5az5xnFTyFfFmaGwtWS2IgzV v+aYwQd36xGuICybPa8T10+diwrKy8WZ1RUH2lNMTDqm24ZlqKuFJs/fK6rcAlQQ jxkn8PZxRQlS3nzDOBlGR628BhcUVFY4Cs0EHcboxyU9vcUJJrAP6sEpeE5LrF4c RbcU7kTsFIwiW1b/1bYmgyWGk5U5IBEV1mMiGUtND5RGCQR6hF+cjA== =VSw9 -----END PGP SIGNATURE----- From linux at codehelp.co.uk Tue Nov 1 12:33:05 2005 From: linux at codehelp.co.uk (Neil Williams) Date: Tue Nov 1 12:33:38 2005 Subject: Feature request: expand 'clean' to 'clean total' In-Reply-To: <1130574322.13813.16.camel@sirius.brigham.net> References: <1130574322.13813.16.camel@sirius.brigham.net> Message-ID: <200511011133.09238.linux@codehelp.co.uk> On Saturday 29 October 2005 9:25 am, Henry Hertz Hobbit wrote: > I hope I am misunderstanding this. I think I am. I think you've missed the distinction between this happening on a local keyring and the effect on a keyserver. If keyserver behaviour remains as now, changes like this to your local keyring will have no effect on the signatures that other people see in their keyrings. Each user would be free to prune their local keyring - subject to having to re-run `clean` if they use gpg --refresh-keys. > Second, I have precious few public keys on my key ring, and Werner is > one of them. You should all of those pretty "[User ID not found]" > after all of those sigs. Thank goodness I am NOT part of the WOT. > If I was (part of the WOT) and cleaned out all of those signatures > on his key, signed it, and uploaded it to one of the keyservers so it > reflected he had another signee, what would happen to the ones that > were cleaned out? Nothing - the keyserver simply adds your signature to all the others. The clean effect is local to your keyring. When you remove signatures from the copy of the public key in your local keyring, it has no effect on the copy of the same key in other, remote, keyrings like the keyserver or my local keyring. > I am sure that most if not all of them are > legitimate signatures. Probably not all - there are always a few people who sign keys without verifying them, there are few on my key. -- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20051101/fdb52e71/attachment-0001.pgp From cam at mathematica.scientia.net Tue Nov 1 14:39:14 2005 From: cam at mathematica.scientia.net (Christoph Anton Mitterer) Date: Tue Nov 1 14:39:03 2005 Subject: the best signature type someone can give me In-Reply-To: <20051031184628.GB32013@jabberwocky.com> References: <43655E06.9050200@mathematica.scientia.net> <20051031003431.GC30195@jabberwocky.com> <4365E306.3070406@mathematica.scientia.net> <20051031184628.GB32013@jabberwocky.com> Message-ID: <43677002.6030008@mathematica.scientia.net> David Shaw wrote: >>If so,... should I (for security/cryptography reasons) ask users to sign >>my key only with SHA512 (or whatever is considered as the currently >>strongest hash)? And/or should I sign others UIDs only with SHA512 (..) ? >> >> >This is up to you, but note that most OpenPGP programs don't support >SHA512 yet. Also note that most people have a DSA primary key and >thus can't use any hash larger than 160 bits. > > Uhm,... perhaps a stupid question,.. but: If DSA keys are 1024 bit large,... why is this only enought for 160 bit hashes? -------------- next part -------------- A non-text attachment was scrubbed... Name: cam.vcf Type: text/x-vcard Size: 449 bytes Desc: not available Url : /pipermail/attachments/20051101/7aef4467/cam.vcf From cam at mathematica.scientia.net Tue Nov 1 15:52:19 2005 From: cam at mathematica.scientia.net (Christoph Anton Mitterer) Date: Tue Nov 1 15:52:10 2005 Subject: the best signature type someone can give me In-Reply-To: <20051031184453.GA32013@jabberwocky.com> References: <43655E06.9050200@mathematica.scientia.net> <20051031003431.GC30195@jabberwocky.com> <4365E107.40901@mathematica.scientia.net> <20051031184453.GA32013@jabberwocky.com> Message-ID: <43678123.5030307@mathematica.scientia.net> David Shaw wrote: >First, read this: > >http://download.cryptoex.com/documents/whitepaper/cex2003-pgp-in-unternehmen-en/Tech%20White%20Paper%202002%20-%20Using%20OpenPGP%20in%20Corporations.pdf > >Then, read this: > >http://lists.gnupg.org/pipermail/gnupg-users/2005-May/025612.html > > Thanks :-) .... these helped me a lot in understanding :-) I've also read the thread and nearly the same question is asked there againm but,.. just to be sure: So if I sign someone with a tsign and level 1: -He is a trusted introducer for me, meaning that UIDs he sign are automatically valid for me. (using sign) -If he tsigns someone,... with any level, that UID is vaild for me too BUT can't introduce new UIDs or introducers for me. If I sign someone with level 2: He is a metaintroducer meaning that,... -normal normal sign he makes to UIDs are autom. vaild for me too. -If he tsigns someone that someone is introducer for me too Example: me->(tsign_1)->root_CA root_ca->(sign)->president root_ca->(tsign-x)->sub_CA =>root_ca and president is valid to me =>sub_CA is vaild too but nothing that sub_CA signs/tsigns is vaild for me Example: me->(tsign_2)->root_CA root_ca->(sign)->president root_ca->(tsign-1)->sub_CA_A root_ca->(tsign-2)->sub_CA_B sub_CA_A->(sign)->bill sub_CA_B->(tsign-1)->sub_sub_CA_B_A sub_sub_CA_B_A->sign->joe president->sign->mike =>root_CA, president, sub_CA_A, sub_CA_B are vaild to me =>bill is vaild too as root_CA makes sub_CA_A to an trusted introducer for me (with the level 1 tsign) =>sub_sub_CA_B_A itself is valid too for me =>joe is NOT vaild for me, even sub_sub_CA_B_A got an level-1-tsign from sub_CA_B which got an (!!) level-2-tsign from root_CA which would be ok => BUT I gave root_CA only a level-2-sign so third and higher level introducers (like sub_sub_CA_B_A is one) do not count for me =>mike is not vaild for me, too. even the levels for him would have been ok,.. BUT president hasn't an tsign-x signature from the root Everything correct so far? What is the difference if I use FULLY or MARGINAL with tsigns? Best wishes, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: cam.vcf Type: text/x-vcard Size: 449 bytes Desc: not available Url : /pipermail/attachments/20051101/a4ef525f/cam.vcf From dshaw at jabberwocky.com Tue Nov 1 16:51:10 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Nov 1 16:53:28 2005 Subject: the best signature type someone can give me In-Reply-To: <43678123.5030307@mathematica.scientia.net> References: <43655E06.9050200@mathematica.scientia.net> <20051031003431.GC30195@jabberwocky.com> <4365E107.40901@mathematica.scientia.net> <20051031184453.GA32013@jabberwocky.com> <43678123.5030307@mathematica.scientia.net> Message-ID: <20051101155110.GA2100@jabberwocky.com> On Tue, Nov 01, 2005 at 03:52:19PM +0100, Christoph Anton Mitterer wrote: > Example: > > me->(tsign_1)->root_CA > root_ca->(sign)->president > root_ca->(tsign-x)->sub_CA > > =>root_ca and president is valid to me > =>sub_CA is vaild too but nothing that sub_CA signs/tsigns is vaild for me > > Example: > me->(tsign_2)->root_CA > root_ca->(sign)->president > root_ca->(tsign-1)->sub_CA_A > root_ca->(tsign-2)->sub_CA_B > > sub_CA_A->(sign)->bill > sub_CA_B->(tsign-1)->sub_sub_CA_B_A > > sub_sub_CA_B_A->sign->joe > > president->sign->mike > > =>root_CA, president, sub_CA_A, sub_CA_B are vaild to me > =>bill is vaild too as root_CA makes sub_CA_A to an trusted introducer > for me (with the level 1 tsign) > =>sub_sub_CA_B_A itself is valid too for me > =>joe is NOT vaild for me, even sub_sub_CA_B_A got an level-1-tsign from > sub_CA_B which got an (!!) level-2-tsign from root_CA which would be ok > => BUT I gave root_CA only a level-2-sign so third and higher level > introducers (like sub_sub_CA_B_A is one) do not count for me > =>mike is not vaild for me, too. even the levels for him would have been > ok,.. BUT president hasn't an tsign-x signature from the root > > > Everything correct so far? Exactly. You've got it. > What is the difference if I use FULLY or MARGINAL with tsigns? It means the same thing as it does with regular sign. You need 1 full paths or 3 marginal paths (by default) to make a UID valid. If you use MARGINAL with tsign, then it just means you need two other paths before the UID becomes valid. You can set the parameters you want to use with "completes-needed" and "marginals-needed" in gpg.conf. David From dshaw at jabberwocky.com Tue Nov 1 17:06:51 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Nov 1 17:07:12 2005 Subject: the best signature type someone can give me In-Reply-To: <43677002.6030008@mathematica.scientia.net> References: <43655E06.9050200@mathematica.scientia.net> <20051031003431.GC30195@jabberwocky.com> <4365E306.3070406@mathematica.scientia.net> <20051031184628.GB32013@jabberwocky.com> <43677002.6030008@mathematica.scientia.net> Message-ID: <20051101160651.GB2100@jabberwocky.com> On Tue, Nov 01, 2005 at 02:39:14PM +0100, Christoph Anton Mitterer wrote: > David Shaw wrote: > > >>If so,... should I (for security/cryptography reasons) ask users to sign > >>my key only with SHA512 (or whatever is considered as the currently > >>strongest hash)? And/or should I sign others UIDs only with SHA512 (..) ? > >> > >> > >This is up to you, but note that most OpenPGP programs don't support > >SHA512 yet. Also note that most people have a DSA primary key and > >thus can't use any hash larger than 160 bits. > > > > > Uhm,... perhaps a stupid question,.. but: > If DSA keys are 1024 bit large,... why is this only enought for 160 bit > hashes? The question is based on a misunderstanding. The hash size and key size are not a 1:1 relation. David From h_hucke at aeon.icebear.org Tue Nov 1 19:56:25 2005 From: h_hucke at aeon.icebear.org (Henning Hucke) Date: Tue Nov 1 23:56:23 2005 Subject: OpenPG/X.509 interoperability In-Reply-To: <87wtjut2fs.fsf@wheatstone.g10code.de> References: <436558ED.2040800@mathematica.scientia.net> <87wtjut2fs.fsf@wheatstone.g10code.de> Message-ID: On Mon, 31 Oct 2005, Werner Koch wrote: > On Mon, 31 Oct 2005 00:36:13 +0100, Christoph Anton Mitterer said: > > > This is perhaps a stupid question but how far are these two standards > > interoperable? > > They are not interoperable. Depends on what you rate to be "interoperable" (see below). > > Can X.509 certificates be used to sign/certificate OpenPGP UIDs? > > No. You can add a private extension to do so. X.509 as well as OpenPGP are just package aroung the product. You can use the private and public keys themselfs to package them as OpenPGP or X.509. So this way you can have one and the same key pair to work in both worlds. > [...] Best regards -- They are called computers simply because computation is the only significant job that has so far been given to them. From dshaw at jabberwocky.com Wed Nov 2 06:11:47 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Nov 2 06:12:27 2005 Subject: Character set and File exists In-Reply-To: References: Message-ID: <20051102051147.GB3954@jabberwocky.com> On Fri, Oct 28, 2005 at 10:50:56AM +0000, bingumalla satyanarayana wrote: > Hello, > > I am new to GnuPG. If I run any command from gpg, I am getting the > following message: > > gpg: conversion from `utf-8' to `roman8' not available > > I am using HP Unix 11.0. Is there any way to avoid the above message? Change your locale from "C" to "C.utf8". > Secondly, I am giving -o option in the command line and if the file already > exists, I am prompted with the following message: > > File `b.txt' exists. Overwrite? (y/N) > > Is there any option to avoid the above message? Add the --yes option to the command line. David From wk at gnupg.org Wed Nov 2 08:44:47 2005 From: wk at gnupg.org (Werner Koch) Date: Wed Nov 2 08:46:49 2005 Subject: OpenPG/X.509 interoperability In-Reply-To: <43663B78.9070903@mathematica.scientia.net> (Christoph Anton Mitterer's message of "Mon, 31 Oct 2005 16:42:48 +0100") References: <436558ED.2040800@mathematica.scientia.net> <87wtjut2fs.fsf@wheatstone.g10code.de> <43663B78.9070903@mathematica.scientia.net> Message-ID: <87hdavo5n4.fsf@wheatstone.g10code.de> On Mon, 31 Oct 2005 16:42:48 +0100, Christoph Anton Mitterer said: > What do you mean by "private extension"? OpenPGP defines identifier ranges for private and experimental use. Salam-Shalom, Werner From wk at gnupg.org Wed Nov 2 08:46:46 2005 From: wk at gnupg.org (Werner Koch) Date: Wed Nov 2 08:51:46 2005 Subject: OpenPG/X.509 interoperability In-Reply-To: (Henning Hucke's message of "Tue, 1 Nov 2005 19:56:25 +0100 (CET)") References: <436558ED.2040800@mathematica.scientia.net> <87wtjut2fs.fsf@wheatstone.g10code.de> Message-ID: <87d5ljo5jt.fsf@wheatstone.g10code.de> On Tue, 1 Nov 2005 19:56:25 +0100 (CET), Henning Hucke said: > X.509 as well as OpenPGP are just package aroung the product. You can > use the private and public keys themselfs to package them as OpenPGP or > X.509. So this way you can have one and the same key pair to work in > both worlds. Sure, put this is more or less pointless as the certificates/key-signatures are different. If you however have just one smart card you might want to use that key for both formats. That is still an item on my todo list. Shalom-Salam, Werner From heathjs21 at yahoo.com Tue Nov 1 19:39:14 2005 From: heathjs21 at yahoo.com (Heather Shaw) Date: Wed Nov 2 11:05:49 2005 Subject: Static library issue Message-ID: <20051101183914.78335.qmail@web30010.mail.mud.yahoo.com> HI, I am having some trouble creating a static library. I added the --enable-static option, but when I try to link in the new libraries when I compile, it says I have undefined symbols gcry_md_open, gcry_md_setkey, etc... I also tried editing the makefiles to change the CC path from "gcc" to "gcc -static" and I got the same issue. I don't have a problem and have been using the libgcrypt libraries dynamically, but an issue with our configuration has arose and I have been instructed to create static libraries instead that are not needed at runtime. My configure script for the AIX is as follows... ./configure CFLAGS="-g -O2 -mcpu=powerpc" --enable-static -prefix= --exec-prefix gcc version 5.03a1 make version I am compiling it on a ibm-aix platform. I will also need to compile on a sun-solaris as well. Heather From lionel at mamane.lu Wed Nov 2 10:12:24 2005 From: lionel at mamane.lu (Lionel Elie Mamane) Date: Wed Nov 2 11:55:52 2005 Subject: OpenPG/X.509 interoperability In-Reply-To: <436558ED.2040800@mathematica.scientia.net> References: <436558ED.2040800@mathematica.scientia.net> Message-ID: <20051102091224.GB24362@capsaicin.mamane.lu> On Mon, Oct 31, 2005 at 12:36:13AM +0100, Christoph Anton Mitterer wrote: > What about the two big "free" X.509" suppliers (CACert and Thawte) > do they sign OpenPGP keys? Thawte used to, but doesn't anymore. CACert does. -- Lionel From cam at mathematica.scientia.net Wed Nov 2 22:20:28 2005 From: cam at mathematica.scientia.net (Christoph Anton Mitterer) Date: Wed Nov 2 22:20:18 2005 Subject: Strange entries in keyserver-listings Message-ID: <43692D9C.1040306@mathematica.scientia.net> Hi. Short question... *g* When you look e.g. at http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x6B6EEFC9. You'll see the following: ------------------------------------------------------------------------ Public Key Server -- Verbose Index ``0x6B6EEFC9 '' Type bits /keyID Date User ID pub 1024D/6B6EEFC9 2004/03/22 Martin Roll sig 6EF2BDF5 Rainer W. Gerling sig BE8DC15F Michael Decker sig 67B82F43 Christoph Anton Mitterer sig 833C9A4A Benno Rieger sig E49FF38D Wolfgang Liegel sig 6B6EEFC9 Martin Roll Martin Roll sig 67B82F43 Christoph Anton Mitterer sig 833C9A4A Benno Rieger sig 6B6EEFC9 Martin Roll ------------------------------------------------------------------------ As you can see the same UID is listed twice (!!) and also parts of the signatures are listed twice. Why is this the case and how can I avoid this? Or is this at all a key-server-software-only related issue? Best wishes, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: cam.vcf Type: text/x-vcard Size: 449 bytes Desc: not available Url : /pipermail/attachments/20051102/f122cf26/cam.vcf From dshaw at jabberwocky.com Wed Nov 2 22:32:39 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Nov 2 22:33:14 2005 Subject: Strange entries in keyserver-listings In-Reply-To: <43692D9C.1040306@mathematica.scientia.net> References: <43692D9C.1040306@mathematica.scientia.net> Message-ID: <20051102213239.GA22934@jabberwocky.com> On Wed, Nov 02, 2005 at 10:20:28PM +0100, Christoph Anton Mitterer wrote: > As you can see the same UID is listed twice (!!) and also parts of the > signatures are listed twice. > > Why is this the case and how can I avoid this? Or is this at all a > key-server-software-only related issue? Welcome to the occasionally painful world of keyservers. Briefly, some of them mangle keys in various ways. GnuPG knows about the doubled user ID and will automatically repair it when you actually retrieve the key. David From alphasigmax at gmail.com Thu Nov 3 06:40:38 2005 From: alphasigmax at gmail.com (Alphax) Date: Thu Nov 3 06:43:49 2005 Subject: Batch setting ownertrust Message-ID: <4369A2D6.1000903@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I know this is probably a bad idea, but I want to do it anyway... Is there anyway to set ownertrust on a key in batch mode? If there isn't, how can I generate an ownertrust file and import it? Alternatively, where can I find the specs on ownertrust files in the source code? - -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 | X Against HTML email & vCards http://tinyurl.com/cc9up | / \ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQEVAwUBQ2mi1rMAAH8MeUlWAQiVzggAsT396zEXBDtYfQTl6P9HwoXMdYPVfH3b 0aaD7xQab7dHhioJqZzwKIKFbIgQLkioAe10WGc6tuMMZqjDZG1WrlvkMIcZ6JTa rVwWuCsSGTo1Bbulam6ZxRNYTkPneo8GwmdwV6UYvCjzDn0I0QGZCU/cU7N54VSo 7utkM9Kq9SYE7Ws3SryrkVYMqURS4hLa88Snl1KOlT3oWqe5u4VBc3Gd58o0Sdme NTEtczwoQUJabI7fdKezEt7UDNpUkXsEznkfqgFfhkadklNDpvp7g3LXXodtMgBS BgNp95W1z+nqh5oO21L5/cd3fVGy7LH+NOeQiL9rijPGO3z0F3woxw== =Gtd4 -----END PGP SIGNATURE----- From alphasigmax at gmail.com Thu Nov 3 10:38:21 2005 From: alphasigmax at gmail.com (Alphax) Date: Thu Nov 3 10:41:11 2005 Subject: Batch setting ownertrust In-Reply-To: <4369A2D6.1000903@gmail.com> References: <4369A2D6.1000903@gmail.com> Message-ID: <4369DA8D.1020209@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Alphax wrote: > I know this is probably a bad idea, but I want to do it anyway... > > Is there anyway to set ownertrust on a key in batch mode? > > If there isn't, how can I generate an ownertrust file and import it? > > Alternatively, where can I find the specs on ownertrust files in the > source code? > Never mind, I worked it out... - -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 | X Against HTML email & vCards http://tinyurl.com/cc9up | / \ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQEVAwUBQ2najbMAAH8MeUlWAQjdyggAjN/9nKfmpk+lserH8Rm6sQIRsOX+baCf 8Gj6TEQBf1z4AfuCbUsgAfgI54FBEUda1lE6HDdXqjXDrhuXetpgqQLSk0suXSvT GtbZ1KO4daGTr08lxoUhxBou8pDBG1UKVi5fpNLl3Jyw9kpce7cmLWvuKbbAEO51 hk4DMQcIjreQ4/T4wdh1i+fzbkC0qJCEihjKZ41EFCHvindOiE2mxBhlRZ+swDYn AhiT7SBoEXd4c8jZTehLKCrGOUryQwPCPvyJ72ljO7NZiwOzKbnpnprYN/JXg5S8 TeGu32r8r/NM+TgA64XX/GugEpr46/9aWaUDuBpy3SFzeyKNT3zbMg== =qR5k -----END PGP SIGNATURE----- From j_vit at inbox.ru Thu Nov 3 11:52:46 2005 From: j_vit at inbox.ru (vitaly) Date: Thu Nov 3 14:26:03 2005 Subject: using option --logger-fd in Win32 Message-ID: <5410626785.20051103135246@inbox.ru> Forgive for my English I need to redirect decryption log to the file. But i can't understand how can i do it? How can i "write log output to file descriptor n and not to stderr"? Please, give me example of use an option "--logger-fd" in Win OS. vitaly mailto:j_vit@inbox.ru From dirk.traulsen at lypso.de Thu Nov 3 19:52:10 2005 From: dirk.traulsen at lypso.de (Dirk Traulsen) Date: Thu Nov 3 20:12:45 2005 Subject: Feature request: expand 'clean' to 'clean total' In-Reply-To: <4360C2CC.25322.85B6D3C@localhost> Message-ID: <436A6A6A.28310.1E821B15@localhost> Hi! I started this thread to make a request for a change of the behaviour of the 'clean' option: > Please make an option to delete signatures, for which there is no > corresponding signing key on the local keyring. When there was some support for my idea, but no reaction from the developers, I tried to implement it myself and sent the code to the gnupg-devel mailing list. After some emails about the name and the concept David Shaw decided to go the KISS* way and implemented a change to 'clean' itself: > Here's what I did - rather than add yet another option > (which impacts all of keyserver use, import, exports, and > --edit-key), I just changed clean sigs to remove sigs from > unavailable keys. It just seems like the simplest solution > all round. So, fortunately in 1.4.3, there will be a 'clean', which does exactly what 'clean total' should have done. Dirk * KISS = Keep it simple, stupid! From SeidlS at schneider.com Fri Nov 4 00:38:37 2005 From: SeidlS at schneider.com (SeidlS@schneider.com) Date: Fri Nov 4 02:25:50 2005 Subject: - -textmode??? Message-ID: Can someone tell me the difference between to two commands below? gpg -r ####### --armor --sign --encrypt OUTFILE gpg -r ####### --armor --sign --encrypt --textmode < INFILE > OUTFILE We are using the first command for our GPG encryption today, but may have a need to use the --textmode for a new recipient. The encryption process today handles text file, and some binary (read zip, or M.S. Office type) files. What will the impact be of adding the --textmode to the command, or to the options file? Thanks Scott Seidl Electronic Communication Services seidls@schneider.com Tel) 920-592-2163 This document, and any attachments therein, contains proprietary and confidential information that may not be disclosed without the prior written permission of Schneider National, Inc. and its subsidiaries. Unauthorized use or misuse of this information and its contents is strictly prohibited. Schneider National, Inc. vigorously protects its rights. From dshaw at jabberwocky.com Fri Nov 4 02:39:38 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Fri Nov 4 02:40:13 2005 Subject: - -textmode??? In-Reply-To: References: Message-ID: <20051104013938.GA2060@jabberwocky.com> On Thu, Nov 03, 2005 at 05:38:37PM -0600, SeidlS@schneider.com wrote: > > Can someone tell me the difference between to two commands below? > gpg -r ####### --armor --sign --encrypt OUTFILE > gpg -r ####### --armor --sign --encrypt --textmode < INFILE > OUTFILE > > We are using the first command for our GPG encryption today, but may have a > need to use the --textmode for a new recipient. The encryption process > today handles text file, and some binary (read zip, or M.S. Office type) > files. What will the impact be of adding the --textmode to the command, or > to the options file? Use --textmode if INFILE is text. Don't use it otherwise. It causes text canonicalization so that text remains text across different platforms. For example, Unix machines end text lines with LF. DOS machines end text lines with CRLF. Use --textmode and the file is automatically converted. David From sithtracy at yahoo.com Fri Nov 4 03:15:50 2005 From: sithtracy at yahoo.com (Tracy D. Bossong) Date: Fri Nov 4 03:16:10 2005 Subject: - -textmode??? In-Reply-To: Message-ID: <20051104021550.51066.qmail@web51713.mail.yahoo.com> --textmode tells gpg/pgp that the input file is a text file. This allows proper decryption and record seperator translation on the receiving system depending if it is *nix, Windows, or... like we use, an OS/390 mainframe (EBCDIC). --- SeidlS@schneider.com wrote: > > Can someone tell me the difference between to two > commands below? > gpg -r ####### --armor --sign --encrypt > OUTFILE > gpg -r ####### --armor --sign --encrypt --textmode < > INFILE > OUTFILE > > We are using the first command for our GPG > encryption today, but may have a > need to use the --textmode for a new recipient. The > encryption process > today handles text file, and some binary (read zip, > or M.S. Office type) > files. What will the impact be of adding the > --textmode to the command, or > to the options file? > > > Thanks > Scott Seidl > Electronic Communication Services > seidls@schneider.com > Tel) 920-592-2163 > > > This document, and any attachments therein, contains > proprietary and > confidential information that may not be disclosed > without the prior > written permission of Schneider National, Inc. and > its subsidiaries. > Unauthorized use or misuse of this information and > its contents is strictly > prohibited. Schneider National, Inc. vigorously > protects its rights. > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From ml at bitfalle.org Fri Nov 4 15:43:47 2005 From: ml at bitfalle.org (markus reichelt) Date: Fri Nov 4 15:43:51 2005 Subject: Feature request: expand 'clean' to 'clean total' In-Reply-To: <436A6A6A.28310.1E821B15@localhost> References: <4360C2CC.25322.85B6D3C@localhost> <436A6A6A.28310.1E821B15@localhost> Message-ID: <20051104144347.GB7987@dantooine> * Dirk Traulsen wrote: > So, fortunately in 1.4.3, there will be a 'clean', which does exactly > what 'clean total' should have done. Great news, I'm looking forward to it. -- left blank, right bald -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20051104/2e728cef/attachment-0001.pgp From ml at bitfalle.org Fri Nov 4 15:53:03 2005 From: ml at bitfalle.org (markus reichelt) Date: Fri Nov 4 15:54:29 2005 Subject: ECC In-Reply-To: <4366A4BB.8060804@mathematica.scientia.net> References: <4360E27F.6010508@comcast.net> <4364DDDC.5070502@mathematica.scientia.net> <20051030145907.GB30195@jabberwocky.com> <43655C96.20600@mathematica.scientia.net> <8764reuheb.fsf@wheatstone.g10code.de> <43663A14.7010003@mathematica.scientia.net> <20051031191816.GA4606@dantooine> <436695F5.5020706@mathematica.scientia.net> <20051031225240.GC4606@dantooine> <4366A4BB.8060804@mathematica.scientia.net> Message-ID: <20051104145303.GC7987@dantooine> * Christoph Anton Mitterer wrote: > >* Christoph Anton Mitterer wrote: > >>>do you know of an application that uses this lib? > >>> > >>No I don't but that shouldn't be a reason to forget about it,... > >> > >Now why is that? I didn't imply anything to such extent. > > > Of course,... (and I didn't want to be rude,.. if you think I was > :-) ) Nah, totally beyond me... > >I was merely curious about applications, that's all. Why do you > >think one should (not) forget about libecc? > > > Yes,.. but as I've written I don't know any applications that > utilitises libecc. And I wrote "that this should NOT be a reason to > "ignore" it" because one might think,.. "oh nobody uses it,.. let's > not use it, too" ;-) ;-) Well, to clarify things: From an end user's point of view, it would have been nice to have an app to play with. I'd like to switch to ECC too. Mainly, because I think that the guys with the small ... glasses ;-) at NSA can break public key crypto quite easily, and secondly I like to play with new apps. So, if there is not an app which uses the ECC lib, that's too bad; I won't bother any further with that lib, just a matter of lack of time. We really need to change the social system to a more star trek like system.... -- left blank, right bald -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20051104/5b363dd5/attachment.pgp From wk at gnupg.org Fri Nov 4 16:41:51 2005 From: wk at gnupg.org (Werner Koch) Date: Fri Nov 4 16:46:51 2005 Subject: using option --logger-fd in Win32 In-Reply-To: <5410626785.20051103135246@inbox.ru> (j_vit@inbox.ru's message of "Thu, 3 Nov 2005 13:52:46 +0300") References: <5410626785.20051103135246@inbox.ru> Message-ID: <87br10e7y8.fsf@wheatstone.g10code.de> On Thu, 3 Nov 2005 13:52:46 +0300, vitaly said: > How can i "write log output to file descriptor n and not to stderr"? > Please, give me example of use an option "--logger-fd" in Win OS. That is a matter of the shell. I don't now whether cmd.exe supports this. We use this gpgme heavily along with CreatePipe and CreateProcess. Salam-Shalom, Werner From jdbeyer at exit109.com Fri Nov 4 17:48:47 2005 From: jdbeyer at exit109.com (Jean-David Beyer) Date: Fri Nov 4 17:48:44 2005 Subject: ECC In-Reply-To: <20051104145303.GC7987@dantooine> References: <4360E27F.6010508@comcast.net> <4364DDDC.5070502@mathematica.scientia.net> <20051030145907.GB30195@jabberwocky.com> <43655C96.20600@mathematica.scientia.net> <8764reuheb.fsf@wheatstone.g10code.de> <43663A14.7010003@mathematica.scientia.net> <20051031191816.GA4606@dantooine> <436695F5.5020706@mathematica.scientia.net> <20051031225240.GC4606@dantooine> <4366A4BB.8060804@mathematica.scientia.net> <20051104145303.GC7987@dantooine> Message-ID: <436B90EF.6090505@exit109.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 markus reichelt wrote (in part): > Mainly, because I think that the guys with the small ... glasses > ;-) at NSA can break public key crypto quite easily, Could you give a basis for this assertion? Is it because you think they have so much computer power at Ft. Meade that they can use exhaustive search? Or do you think their mathematicians are so much better than the general public (including math professors who specialize in this stuff) that they have discovered a breakthrough in factoring? Or because you believe they have gotten all manufacturers to include trogan horses in their code? - -- .~. Jean-David Beyer Registered Linux User 85642. /V\ PGP-Key: 9A2FC99A Registered Machine 241939. /( )\ Shrewsbury, New Jersey http://counter.li.org ^^-^^ 11:45:00 up 26 days, 11:08, 4 users, load average: 4.10, 4.12, 4.09 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDa5DvPtu2XpovyZoRAsg9AKCP7Y10kJbWcj6D6lgqMkr3CYA71wCaApwO za94xdfruG+S0JVOvlq/XaI= =QqGy -----END PGP SIGNATURE----- From johnmoore3rd at joimail.com Fri Nov 4 17:58:14 2005 From: johnmoore3rd at joimail.com (John W. Moore III) Date: Fri Nov 4 17:58:15 2005 Subject: ECC In-Reply-To: <436B90EF.6090505@exit109.com> References: <4360E27F.6010508@comcast.net> <4364DDDC.5070502@mathematica.scientia.net> <20051030145907.GB30195@jabberwocky.com> <43655C96.20600@mathematica.scientia.net> <8764reuheb.fsf@wheatstone.g10code.de> <43663A14.7010003@mathematica.scientia.net> <20051031191816.GA4606@dantooine> <436695F5.5020706@mathematica.scientia.net> <20051031225240.GC4606@dantooine> <4366A4BB.8060804@mathematica.scientia.net> <20051104145303.GC7987@dantooine> <436B90EF.6090505@exit109.com> Message-ID: <436B9326.6090701@joimail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Jean-David Beyer wrote: > markus reichelt wrote (in part): > > >>>Mainly, because I think that the guys with the small ... glasses >>>;-) at NSA can break public key crypto quite easily, > > > Could you give a basis for this assertion? > > Is it because you think they have so much computer power at Ft. Meade that > they can use exhaustive search? Or do you think their mathematicians are so > much better than the general public (including math professors who > specialize in this stuff) that they have discovered a breakthrough in > factoring? Or because you believe they have gotten all manufacturers to > include trogan horses in their code? Perhaps he believes TRANSLTR actually exists. JOHN :) Timestamp: Friday 04 Nov 2005, 11:57 AM --500 (Eastern Standard Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3-cvs (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: http://www.gswot.org Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQEcBAEBCAAGBQJDa5MdAAoJEBCGy9eAtCsPQtEIAIBCsGc+7c8EVX+7oeB/xsN5 yO6Go6Cf3ioJUHD8HLhV8z3WUmWOGB1Nt+btYlR2iSk4QWc/tMqj0p/Ti4vccnzV Vwq5jLnBY3zN5LYXCG621yoJiilY0O9E2uNiqlyhhVm2lbIsF4SgA5EvN39r24Q/ a6b9d2hd4xx5v926ePpv1Sga9ZhDQRSq1eggCJliBtrmppbgciNfu3AXYdcRwV0W JTX8YLkZFCuo4kFwaUFO067dIfK4i4sA0xc0/0rlvCh0BlV8qUDjepPqAB6974TE QIiY6YHJKSSI0c3EFzRnMtOp7GqFCJZkuKgcHdSsVUrLzvxuc0bMx9ARmj02FPU= =CCCs -----END PGP SIGNATURE----- From npcole at yahoo.co.uk Fri Nov 4 17:59:01 2005 From: npcole at yahoo.co.uk (Nicholas Cole) Date: Fri Nov 4 17:59:17 2005 Subject: Expiring UID Message-ID: <20051104165901.38540.qmail@web25405.mail.ukl.yahoo.com> Am I right that there is no easy way to create an expiring UID (as opposed to an expiring key). --ask-cert-expire seems to be ignored when using adduid in the edit menu. Is there a good reason for this? Best, N. ___________________________________________________________ To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com From ml at bitfalle.org Fri Nov 4 19:32:07 2005 From: ml at bitfalle.org (markus reichelt) Date: Fri Nov 4 19:32:02 2005 Subject: ECC In-Reply-To: <436B90EF.6090505@exit109.com> References: <20051030145907.GB30195@jabberwocky.com> <43655C96.20600@mathematica.scientia.net> <8764reuheb.fsf@wheatstone.g10code.de> <43663A14.7010003@mathematica.scientia.net> <20051031191816.GA4606@dantooine> <436695F5.5020706@mathematica.scientia.net> <20051031225240.GC4606@dantooine> <4366A4BB.8060804@mathematica.scientia.net> <20051104145303.GC7987@dantooine> <436B90EF.6090505@exit109.com> Message-ID: <20051104183207.GG7987@dantooine> * Jean-David Beyer wrote: > markus reichelt wrote (in part): > > > Mainly, because I think that the guys with the small ... glasses > > ;-) at NSA can break public key crypto quite easily, > > Could you give a basis for this assertion? Well... please understand that it is my personal belief; just like one might believe in god, or not. Therefore this 'basis' cannot be what you are looking for :-) > Is it because you think they have so much computer power at Ft. > Meade that they can use exhaustive search? Or do you think their > mathematicians are so much better than the general public > (including math professors who specialize in this stuff) that they > have discovered a breakthrough in factoring? Or because you believe > they have gotten all manufacturers to include trogan horses in > their code? I put the speculations aside and stick with the fact that the NSA recommends ECC for government use. That's enough for _me_. -- left blank, right bald -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20051104/ff126c24/attachment.pgp From ml at bitfalle.org Fri Nov 4 19:33:29 2005 From: ml at bitfalle.org (markus reichelt) Date: Fri Nov 4 19:33:35 2005 Subject: ECC In-Reply-To: <436B9326.6090701@joimail.com> References: <43655C96.20600@mathematica.scientia.net> <8764reuheb.fsf@wheatstone.g10code.de> <43663A14.7010003@mathematica.scientia.net> <20051031191816.GA4606@dantooine> <436695F5.5020706@mathematica.scientia.net> <20051031225240.GC4606@dantooine> <4366A4BB.8060804@mathematica.scientia.net> <20051104145303.GC7987@dantooine> <436B90EF.6090505@exit109.com> <436B9326.6090701@joimail.com> Message-ID: <20051104183329.GH7987@dantooine> * "John W. Moore III" wrote: > Perhaps he believes TRANSLTR actually exists. Perhaps he does not even know what TRANSLTR is, exactly. But he does know about AAAAA. -- left blank, right bald -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20051104/459febd4/attachment.pgp From zwon at severodvinsk.ru Fri Nov 4 20:15:16 2005 From: zwon at severodvinsk.ru (Pawel Shajdo) Date: Fri Nov 4 20:15:52 2005 Subject: back signatures Message-ID: <20051104191516.GA3364@sky.schizandra.ru> Salve! Can somebody explain me what is "back signatures"? Manual not very clear about this. Vale! -- Pawel I. Shajdo From dshaw at jabberwocky.com Fri Nov 4 20:24:09 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Fri Nov 4 20:24:32 2005 Subject: back signatures In-Reply-To: <20051104191516.GA3364@sky.schizandra.ru> References: <20051104191516.GA3364@sky.schizandra.ru> Message-ID: <20051104192409.GB5239@jabberwocky.com> On Fri, Nov 04, 2005 at 10:15:16PM +0300, Pawel Shajdo wrote: > Salve! > Can somebody explain me what is "back signatures"? > Manual not very clear about this. It's a countermeasure against an attack against signing subkeys. Basically, the primary key signs all subkeys. With backsigs, the signing subkey also signs the primary key. Without this, an attacker can "steal" a signing subkey from someone else and try and pretend that a signature came from his own key. It's not a particularly good attack: the attacker can't issue signatures to prove his ownership. David From dshaw at jabberwocky.com Fri Nov 4 20:29:12 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Fri Nov 4 20:29:37 2005 Subject: back signatures In-Reply-To: <20051104192409.GB5239@jabberwocky.com> References: <20051104191516.GA3364@sky.schizandra.ru> <20051104192409.GB5239@jabberwocky.com> Message-ID: <20051104192912.GC5239@jabberwocky.com> On Fri, Nov 04, 2005 at 02:24:09PM -0500, David Shaw wrote: > On Fri, Nov 04, 2005 at 10:15:16PM +0300, Pawel Shajdo wrote: > > Salve! > > Can somebody explain me what is "back signatures"? > > Manual not very clear about this. > > It's a countermeasure against an attack against signing subkeys. > Basically, the primary key signs all subkeys. With backsigs, the > signing subkey also signs the primary key. > > Without this, an attacker can "steal" a signing subkey from someone > else and try and pretend that a signature came from his own key. It's > not a particularly good attack: the attacker can't issue signatures to > prove his ownership. I should add that this is a new feature for 1.4.3. David From jdbeyer at exit109.com Fri Nov 4 21:16:59 2005 From: jdbeyer at exit109.com (Jean-David Beyer) Date: Fri Nov 4 21:16:55 2005 Subject: ECC In-Reply-To: <20051104183207.GG7987@dantooine> References: <20051030145907.GB30195@jabberwocky.com> <43655C96.20600@mathematica.scientia.net> <8764reuheb.fsf@wheatstone.g10code.de> <43663A14.7010003@mathematica.scientia.net> <20051031191816.GA4606@dantooine> <436695F5.5020706@mathematica.scientia.net> <20051031225240.GC4606@dantooine> <4366A4BB.8060804@mathematica.scientia.net> <20051104145303.GC7987@dantooine> <436B90EF.6090505@exit109.com> <20051104183207.GG7987@dantooine> Message-ID: <436BC1BB.1060509@exit109.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 markus reichelt wrote: > * Jean-David Beyer wrote: > > >> markus reichelt wrote (in part): >> >> >>> Mainly, because I think that the guys with the small ... glasses ;-) >>> at NSA can break public key crypto quite easily, >> >> Could you give a basis for this assertion? > > > Well... please understand that it is my personal belief; just like one > might believe in god, or not. Therefore this 'basis' cannot be what you > are looking for :-) > > > >> Is it because you think they have so much computer power at Ft. Meade >> that they can use exhaustive search? Or do you think their >> mathematicians are so much better than the general public (including >> math professors who specialize in this stuff) that they have discovered >> a breakthrough in factoring? Or because you believe they have gotten >> all manufacturers to include trogan horses in their code? > > > I put the speculations aside and stick with the fact that the NSA > recommends ECC for government use. That's enough for _me_. > I guess it depends on how your paranoia works, and about whom you choose to be paranoid. Does the NSA recommend ECC for government use so that another government agency (e.g., the NSA) can read, if necessary or desired by the parties that control that government agency? If so, I would assume they know how to crack ECC. In that case I would not want to use ECC. Or do they know how to crack everything else and have not yet cracked ECC? In that case, I would want to use ECC. Paranoia is a wonderful thing, but it can trap you in dilemmas like this. - -- .~. Jean-David Beyer Registered Linux User 85642. /V\ PGP-Key: 9A2FC99A Registered Machine 241939. /( )\ Shrewsbury, New Jersey http://counter.li.org ^^-^^ 15:10:00 up 26 days, 14:33, 4 users, load average: 4.25, 4.19, 4.12 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDa8G7Ptu2XpovyZoRAppzAKDOmf6vHKBuCIrKL7GhvhhGkMfhRgCfUdKE RYyfkNmiBQJ0xDjXw8JZesY= =vPQC -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Fri Nov 4 22:20:55 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Fri Nov 4 22:21:20 2005 Subject: Expiring UID In-Reply-To: <20051104165901.38540.qmail@web25405.mail.ukl.yahoo.com> References: <20051104165901.38540.qmail@web25405.mail.ukl.yahoo.com> Message-ID: <20051104212055.GE5239@jabberwocky.com> On Fri, Nov 04, 2005 at 04:59:01PM +0000, Nicholas Cole wrote: > Am I right that there is no easy way to create an > expiring UID (as opposed to an expiring key). > > --ask-cert-expire seems to be ignored when using > adduid in the edit menu. > > Is there a good reason for this? Honestly, no good reason. There are a few iffy reasons in nobody ever asked for this feature before, and that it would be of doubtful compatibility outside of GnuPG. David From ryan at malayter.com Fri Nov 4 22:23:42 2005 From: ryan at malayter.com (Ryan Malayter) Date: Fri Nov 4 22:23:32 2005 Subject: ECC In-Reply-To: <436BC1BB.1060509@exit109.com> References: <20051030145907.GB30195@jabberwocky.com> <43663A14.7010003@mathematica.scientia.net> <20051031191816.GA4606@dantooine> <436695F5.5020706@mathematica.scientia.net> <20051031225240.GC4606@dantooine> <4366A4BB.8060804@mathematica.scientia.net> <20051104145303.GC7987@dantooine> <436B90EF.6090505@exit109.com> <20051104183207.GG7987@dantooine> <436BC1BB.1060509@exit109.com> Message-ID: <5d7f07420511041323l6070d162me5ee39f843043336@mail.gmail.com> On 11/4/05, Jean-David Beyer wrote: > I guess it depends on how your paranoia works, and about whom you choose to > be paranoid. Does the NSA recommend ECC for government use so that another > government agency (e.g., the NSA) can read, if necessary or desired by the > parties that control that government agency? If so, I would assume they know > how to crack ECC. In that case I would not want to use ECC. > > Or do they know how to crack everything else and have not yet cracked ECC? > In that case, I would want to use ECC. > > Paranoia is a wonderful thing, but it can trap you in dilemmas like this. > I don't like being a wet blanket, but as Bruce Schneier likes to point out, a smart attacker (the NSA certainly qualifies) will not expend resources trying to crack your crypto at all. No matter what crypto you use, so long as the crypto is reasonably strong and not trivial to break. There are far weaker points in the system (specifically: pass-phrases, endpoint hardware, operating systems, client applications, and your personal resistance to torture or other forms of coercion). We all love crypto here, and it is fun to compare algorithms and protocols and what-not. Dream up attack scenarios. And crytpo does indeed make us safer from a lot of attacks, such as those where adversaries only have the means to intercept or forge communications. As such, crypto is a good countermeasure against the average Joe bad-guy out there on the Internet. But to think that this algorithm vs. that algorithm is going to stop a very smart or well-funded attacker is folly. The crypto isn't the weak point in the system. Which is why the uproar over vulnerabilities in SHA-1 are (currently) silly, as far as I'm concerned. Yes, we should think about replacing SHA-1 fairly soon. But no need to panic jsut yet. It's still far easier to compromise a electronic system using other nefarious means. Doing 2^63 hash operations to find collisions isn't a cost-effective attack, even for the NSA. Unless the end result is extraordinarily valuable (like, say, being able to forge orders to another nation's military assets.) If you're *really* paranoid, you should think about ways to not have enemies like the NSA at all. Or at the very least, find the best ways to fly beneath their radar completely. The same goes for just about any other government entity in any nation. Because crypto won't protect you from the NSA, the DGSE, or even a reasonably sized organized crime syndicate. -- RPM ========================= All problems can be solved by diplomacy, but violence and treachery are equally effective, and more fun. -Anonymous From alphasigmax at gmail.com Sat Nov 5 04:17:08 2005 From: alphasigmax at gmail.com (Alphax) Date: Sat Nov 5 05:42:41 2005 Subject: back signatures In-Reply-To: <20051104192912.GC5239@jabberwocky.com> References: <20051104191516.GA3364@sky.schizandra.ru> <20051104192409.GB5239@jabberwocky.com> <20051104192912.GC5239@jabberwocky.com> Message-ID: <436C2434.3050502@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 David Shaw wrote: > On Fri, Nov 04, 2005 at 02:24:09PM -0500, David Shaw wrote: > >>On Fri, Nov 04, 2005 at 10:15:16PM +0300, Pawel Shajdo wrote: >> >>>Salve! >>>Can somebody explain me what is "back signatures"? >>>Manual not very clear about this. >> >>It's a countermeasure against an attack against signing subkeys. >>Basically, the primary key signs all subkeys. With backsigs, the >>signing subkey also signs the primary key. >> >>Without this, an attacker can "steal" a signing subkey from someone >>else and try and pretend that a signature came from his own key. It's >>not a particularly good attack: the attacker can't issue signatures to >>prove his ownership. > > > I should add that this is a new feature for 1.4.3. > Has 1.4.3 been officially released yet? - -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 | X Against HTML email & vCards http://tinyurl.com/cc9up | / \ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQEVAwUBQ2wkM7MAAH8MeUlWAQh2hAf9Fr3wbnvSaNFprkxJ/aSv2Fw9IQqqDF87 kbfSfA6tjPdzh6P6pIUCb3Fjy/or1s0BLwTM9snTmhjK6eggT9a2JB/L7jMdjkTf 47q5ZM79Oi8NSUkOCJT/9fEe0X+4lzPfXrjHLwfeFJ50NJxvBupPtzzzjElhlBfC oilO8eMzpT9FNgWaBJZIiOTANLRPgeN8NZS+AE4KKx/cSQZnCeoIrkVOxD7/HElm 6bfxZIsUFKDXMdOfJQJAhX+iBUtMjmU06/UDZlRV3unH8W8YDU4z6TlkCfwRihPj h4LzeRB+ZjrLSy6zd6U5zsANqzURTkGq7EiIPgZp/ulaDD9vBWDj1g== =g8ka -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Sat Nov 5 06:08:59 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Sat Nov 5 06:09:38 2005 Subject: back signatures In-Reply-To: <436C2434.3050502@gmail.com> References: <20051104191516.GA3364@sky.schizandra.ru> <20051104192409.GB5239@jabberwocky.com> <20051104192912.GC5239@jabberwocky.com> <436C2434.3050502@gmail.com> Message-ID: <20051105050859.GA5781@jabberwocky.com> On Sat, Nov 05, 2005 at 01:47:08PM +1030, Alphax wrote: > David Shaw wrote: > > On Fri, Nov 04, 2005 at 02:24:09PM -0500, David Shaw wrote: > > > >>On Fri, Nov 04, 2005 at 10:15:16PM +0300, Pawel Shajdo wrote: > >> > >>>Salve! > >>>Can somebody explain me what is "back signatures"? > >>>Manual not very clear about this. > >> > >>It's a countermeasure against an attack against signing subkeys. > >>Basically, the primary key signs all subkeys. With backsigs, the > >>signing subkey also signs the primary key. > >> > >>Without this, an attacker can "steal" a signing subkey from someone > >>else and try and pretend that a signature came from his own key. It's > >>not a particularly good attack: the attacker can't issue signatures to > >>prove his ownership. > > > > > > I should add that this is a new feature for 1.4.3. > > > > Has 1.4.3 been officially released yet? Not yet, no. David From alphasigmax at gmail.com Sat Nov 5 07:02:07 2005 From: alphasigmax at gmail.com (Alphax) Date: Sat Nov 5 07:05:00 2005 Subject: back signatures In-Reply-To: <20051105050859.GA5781@jabberwocky.com> References: <20051104191516.GA3364@sky.schizandra.ru> <20051104192409.GB5239@jabberwocky.com> <20051104192912.GC5239@jabberwocky.com> <436C2434.3050502@gmail.com> <20051105050859.GA5781@jabberwocky.com> Message-ID: <436C4ADF.7060505@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 David Shaw wrote: > On Sat, Nov 05, 2005 at 01:47:08PM +1030, Alphax wrote: > >>David Shaw wrote: >> >>>On Fri, Nov 04, 2005 at 02:24:09PM -0500, David Shaw wrote: >>> >>> >>>>On Fri, Nov 04, 2005 at 10:15:16PM +0300, Pawel Shajdo wrote: >>>> >>>> >>>>>Salve! >>>>>Can somebody explain me what is "back signatures"? >>>>>Manual not very clear about this. >>>> >>>>It's a countermeasure against an attack against signing subkeys. >>>>Basically, the primary key signs all subkeys. With backsigs, the >>>>signing subkey also signs the primary key. >>>> >>>>Without this, an attacker can "steal" a signing subkey from someone >>>>else and try and pretend that a signature came from his own key. It's >>>>not a particularly good attack: the attacker can't issue signatures to >>>>prove his ownership. >>> >>> >>>I should add that this is a new feature for 1.4.3. >>> >> >>Has 1.4.3 been officially released yet? > > > Not yet, no. > How "unofficial" is it? - -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 | X Against HTML email & vCards http://tinyurl.com/cc9up | / \ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQEVAwUBQ2xK3rMAAH8MeUlWAQgdbgf+N3WnnAPF/+AJgnssdjrhbb/JrCvlacU7 FBfVq/lTZt++rt28EgeT0sGIsVT+p9DyyoetY06wxsuJhGQn1a4RwFAKwlIsBDgS IppX+lOcf2zuN7W6x4Xzq+wFKKNHwkSrUYFQdK/0oI6vZx6E45m5o9+9USONu248 hOMP5tUvgnQ8DStN/czOkke+Fig5/Gm7Lb8IJ8CqAF+3JPxthPmLt4lQDEcm3M17 Bm8VF48pHo6fozLghSDxPB2mJtGawgp9BaBwAghZJysFXf/E+Jm2TE2xw9vXpvDw hfLQbl/OK+BuZlMocMkl6Ml9Bm6SEN1LsoiLkMHIJyN25B7JWJ75tA== =faWd -----END PGP SIGNATURE----- From alphasigmax at gmail.com Sat Nov 5 07:09:40 2005 From: alphasigmax at gmail.com (Alphax) Date: Sat Nov 5 07:12:31 2005 Subject: back signatures In-Reply-To: <20051104192409.GB5239@jabberwocky.com> References: <20051104191516.GA3364@sky.schizandra.ru> <20051104192409.GB5239@jabberwocky.com> Message-ID: <436C4CA4.4080108@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 David Shaw wrote: > On Fri, Nov 04, 2005 at 10:15:16PM +0300, Pawel Shajdo wrote: > >>Salve! >>Can somebody explain me what is "back signatures"? >>Manual not very clear about this. > > > It's a countermeasure against an attack against signing subkeys. > Basically, the primary key signs all subkeys. With backsigs, the > signing subkey also signs the primary key. > > Without this, an attacker can "steal" a signing subkey from someone > else and try and pretend that a signature came from his own key. It's > not a particularly good attack: the attacker can't issue signatures to > prove his ownership. > Will this remove the possibility of moving subkeys from one primary key to another / converting primary keys to subkeys (documented at http://atom.smasher.org/gpg/gpg-migrate.txt)? - -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 | X Against HTML email & vCards http://tinyurl.com/cc9up | / \ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQEVAwUBQ2xMo7MAAH8MeUlWAQjH6gf+KmeEkA1TrqYANLl6jWyCvVslMukZcDeI yHFLgPT3tJY/dY+AU4mRsgcim3sd3alJan8Qz1mecEbxHHffXJCSbowagnUotx19 AP6ku/KFSC/yjF2dvttoDmmnSxWSzL9F0EoJI5O2o/xNXVaSjbR1wj+zq6Z7m84I 6R0QQguSDHmccPAtLmtdIereGuU8ai4seQI97JLD78eVM0gibR220WaTe482Bh3P i+yNx6fMMjlGb/VB1AWTyK5b04SguGZQtKP4QQzxiAsfNvYYeRWlVuGwThrHTodd +A30HeVql/PRkEo3ITtT8BQ6nelRikm+SDTo0Z3YCxLT7uRGzmeR7Q== =Omcs -----END PGP SIGNATURE----- From thomas-gmane at kuehne.cn Sat Nov 5 12:30:46 2005 From: thomas-gmane at kuehne.cn (Thomas Kuehne) Date: Sat Nov 5 12:28:56 2005 Subject: how to handle "bad" signers? Message-ID: I've started to analyze the trust relations between the keys of various keysigning parties. The data below is generalization of several keys signing parties. the setting: * more than 20 potential participants * more than 15 attendees * 1-3 keys that signed every single key of all announced participants, even those that most likely never attended the party The interesting point is that those 1-3 keys haven't got a single signature from any of the other participants. There are 4 possible reasons I can think of 1) Those keys are "roll" or "institutional" keys. 2) The key owners failed to push the received signatures back into the keyserver network. 3) The key owners pushed the received onto one of the semi/unlinked key servers. 4) The owners are bad signers and didn't take part in the ID verification step of the signature process. 1) and 3) are defiantly not the reasons in the analyzed cases. I really hope 2) is the cause, but in at least one case I am sure of 4). How should 4) be dealt with? As far as I am aware the is no negative signature or any other way to mark those keys - except for local trust settings. Thomas -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 155 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20051105/e648e3b2/signature.pgp From alphasigmax at gmail.com Sat Nov 5 13:00:03 2005 From: alphasigmax at gmail.com (Alphax) Date: Sat Nov 5 13:03:01 2005 Subject: how to handle "bad" signers? In-Reply-To: References: Message-ID: <436C9EC3.2030007@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Thomas Kuehne wrote: > I've started to analyze the trust relations between the keys of various > keysigning parties. The data below is generalization of several keys > signing parties. > > the setting: > * more than 20 potential participants > * more than 15 attendees > * 1-3 keys that signed every single key of all announced participants, > even those that most likely never attended the party > > The interesting point is that those 1-3 keys haven't got a single > signature from any of the other participants. > > 4) The owners are bad signers and didn't take part in the ID > verification step of the signature process. > > > How should 4) be dealt with? > > As far as I am aware the is no negative signature or any other way to > mark those keys - except for local trust settings. > Don't sign their keys? Tell them if you do get a chance to sign their keys, "I am not going to sign your key because you do not understand the implications of the web of trust" and make them revoke their signatures on all the keys they have signed without verifying them? If you are lucky, they will be level 1 signatures, so you can exclude them. If you are unlucky, they will be nonrevokable level 3 trust signatures 10 deep. Setting ownertrust to "none" in these cases is a good idea; at least then your WOT won't be contaminated by their signatures. However, I find it unlikely that they would even enter into your WOT to start with; if that is the case, you need not even worry about what their signatures are doing. Just set ownertrust to "none" and forget about it. Use the --always-trust option when encrypting (IIRC GPG will still "warn" you but will at least let you encrypt). There is of course possibilty 5) which appears to happen most often with PGP newbies (because it's TOO easy to use, and the instructions likely don't require any understanding): the possiblity that they should have made local signatures on the keys, but didn't, and PGP automagically "refreshed" their entire keyring, spreading these signatures into the wild. For an excellent example of this, check the PGP global directory key; there are many signatures which have been revoked due to accidental non-local signing, and many keys in the keyserver network have PGP GD sigs on them, again due to "automagic" refreshing (most likely through LDAP). I realise that this has turned into a bit of a screed, but it looks like the best policy is: Don't do stuff unless you know what you are doing! Don't use software that does stuff behind your back! Use Free software! - -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 | X Against HTML email & vCards http://tinyurl.com/cc9up | / \ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQEVAwUBQ2yew7MAAH8MeUlWAQgPwAf/SmSJeK+V8kdQOu77VWGwLBRHzGs2pb8R HY1GTlZiCKIqbUhAs3nz+9pTww5JlFV16N/8MQrF44VCrHDpytmPwsF+NcszfEeX 2/Iz2wQUjAqVepgmmxujqBIpcGMYPNrPk6yf+SByspOgVG6stFbBD3ZAMU41R36f GLn/Hq6+A91qV1tAD1C9giHhDxy1WzZr8rHHPf68Cah54/8ndFhJnm/5tFrsAGVR QG1og6ziaZzyexfAnCUhdxHaGkKry9UN58WGZGOKkth9Wdh/mTlduLezIR/Mff6r 4TQEWppp/LWg+mOnuik6OwsKuVHrxgZ4SUXUKtvtx3aa4oWrA4G4lw== =CZoN -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Sat Nov 5 14:30:10 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Sat Nov 5 14:30:31 2005 Subject: back signatures In-Reply-To: <436C4ADF.7060505@gmail.com> References: <20051104191516.GA3364@sky.schizandra.ru> <20051104192409.GB5239@jabberwocky.com> <20051104192912.GC5239@jabberwocky.com> <436C2434.3050502@gmail.com> <20051105050859.GA5781@jabberwocky.com> <436C4ADF.7060505@gmail.com> Message-ID: <20051105133010.GB5220@jabberwocky.com> On Sat, Nov 05, 2005 at 04:32:07PM +1030, Alphax wrote: > David Shaw wrote: > > On Sat, Nov 05, 2005 at 01:47:08PM +1030, Alphax wrote: > > > >>David Shaw wrote: > >> > >>>On Fri, Nov 04, 2005 at 02:24:09PM -0500, David Shaw wrote: > >>> > >>> > >>>>On Fri, Nov 04, 2005 at 10:15:16PM +0300, Pawel Shajdo wrote: > >>>> > >>>> > >>>>>Salve! > >>>>>Can somebody explain me what is "back signatures"? > >>>>>Manual not very clear about this. > >>>> > >>>>It's a countermeasure against an attack against signing subkeys. > >>>>Basically, the primary key signs all subkeys. With backsigs, the > >>>>signing subkey also signs the primary key. > >>>> > >>>>Without this, an attacker can "steal" a signing subkey from someone > >>>>else and try and pretend that a signature came from his own key. It's > >>>>not a particularly good attack: the attacker can't issue signatures to > >>>>prove his ownership. > >>> > >>> > >>>I should add that this is a new feature for 1.4.3. > >>> > >> > >>Has 1.4.3 been officially released yet? > > > > > > Not yet, no. > > > > How "unofficial" is it? It's as official as any release that hasn't happened yet: that is to say, we're happy and thrilled if you test it out and report bugs (to gnupg-devel), but you'll have to compile it from the SVN repository, and it's not considered stable code. David From dshaw at jabberwocky.com Sat Nov 5 14:30:43 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Sat Nov 5 14:31:05 2005 Subject: back signatures In-Reply-To: <436C4CA4.4080108@gmail.com> References: <20051104191516.GA3364@sky.schizandra.ru> <20051104192409.GB5239@jabberwocky.com> <436C4CA4.4080108@gmail.com> Message-ID: <20051105133043.GC5220@jabberwocky.com> On Sat, Nov 05, 2005 at 04:39:40PM +1030, Alphax wrote: > David Shaw wrote: > > On Fri, Nov 04, 2005 at 10:15:16PM +0300, Pawel Shajdo wrote: > > > >>Salve! > >>Can somebody explain me what is "back signatures"? > >>Manual not very clear about this. > > > > > > It's a countermeasure against an attack against signing subkeys. > > Basically, the primary key signs all subkeys. With backsigs, the > > signing subkey also signs the primary key. > > > > Without this, an attacker can "steal" a signing subkey from someone > > else and try and pretend that a signature came from his own key. It's > > not a particularly good attack: the attacker can't issue signatures to > > prove his ownership. > > > > Will this remove the possibility of moving subkeys from one primary key > to another / converting primary keys to subkeys (documented at > http://atom.smasher.org/gpg/gpg-migrate.txt)? No, it's unrelated to that. It's a countermeasure against a (somewhat weak) attack. It has nothing to do with various bit twiddling you can do to your own key. David From alphasigmax at gmail.com Sat Nov 5 14:34:27 2005 From: alphasigmax at gmail.com (Alphax) Date: Sat Nov 5 14:37:23 2005 Subject: back signatures In-Reply-To: <20051105133010.GB5220@jabberwocky.com> References: <20051104191516.GA3364@sky.schizandra.ru> <20051104192409.GB5239@jabberwocky.com> <20051104192912.GC5239@jabberwocky.com> <436C2434.3050502@gmail.com> <20051105050859.GA5781@jabberwocky.com> <436C4ADF.7060505@gmail.com> <20051105133010.GB5220@jabberwocky.com> Message-ID: <436CB4E3.7010809@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 David Shaw wrote: > On Sat, Nov 05, 2005 at 04:32:07PM +1030, Alphax wrote: > >>David Shaw wrote: >> >>>On Sat, Nov 05, 2005 at 01:47:08PM +1030, Alphax wrote: >>> >>> >>>>David Shaw wrote: >>>>>I should add that this is a new feature for 1.4.3. >>>>> >>>> >>>>Has 1.4.3 been officially released yet? >>> >>> >>>Not yet, no. >>> >> >>How "unofficial" is it? > > > It's as official as any release that hasn't happened yet: that is to > say, we're happy and thrilled if you test it out and report bugs (to > gnupg-devel), but you'll have to compile it from the SVN repository, > and it's not considered stable code. > Considering that 1.4.2 won't compile on my system, that could be a problem. - -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 | X Against HTML email & vCards http://tinyurl.com/cc9up | / \ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQEVAwUBQ2y04rMAAH8MeUlWAQh/yggApuqFc1sRkU6w6+whqE7GH3EooQIrp5On 8mIt1AeafrdFsEVRFALH+cc0Nvrna+KTPcze+mVQQM6lv5MRb3v+2GXpI8kqYIWL CrpAfFUJH9UftBhw84ytcZn20gKg8Mw9Q1RZCcwj6sBtF9JIX4xAfgRvv972b7FH fakqfbQ6hzkUciZUQmMWIBiHYcDZclAqmukD6iragtpYrK13vemCFO+hDViqbAb+ HXQQ+oL1kJk8BcXvuA1a/CNH9W3OLl2M+5pl4mnYP7ZqEKjQJ+gr1mBRmwvvwS5/ 1M1trBgyTrycnL0Q0D/zoW7QJEY4AHrI4ImrChqjDm0ZgVEcENJRWw== =CpjA -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Sat Nov 5 14:44:40 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Sat Nov 5 14:44:59 2005 Subject: back signatures In-Reply-To: <436CB4E3.7010809@gmail.com> References: <20051104191516.GA3364@sky.schizandra.ru> <20051104192409.GB5239@jabberwocky.com> <20051104192912.GC5239@jabberwocky.com> <436C2434.3050502@gmail.com> <20051105050859.GA5781@jabberwocky.com> <436C4ADF.7060505@gmail.com> <20051105133010.GB5220@jabberwocky.com> <436CB4E3.7010809@gmail.com> Message-ID: <20051105134440.GD5220@jabberwocky.com> On Sun, Nov 06, 2005 at 12:04:27AM +1030, Alphax wrote: > > It's as official as any release that hasn't happened yet: that is to > > say, we're happy and thrilled if you test it out and report bugs (to > > gnupg-devel), but you'll have to compile it from the SVN repository, > > and it's not considered stable code. > > > > Considering that 1.4.2 won't compile on my system, that could be a problem. So... report the bug? We're not terribly good mind readers here. David From dshaw at jabberwocky.com Sat Nov 5 15:33:09 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Sat Nov 5 15:33:30 2005 Subject: how to handle "bad" signers? In-Reply-To: References: Message-ID: <20051105143309.GA5848@jabberwocky.com> On Sat, Nov 05, 2005 at 12:30:46PM +0100, Thomas Kuehne wrote: > 4) The owners are bad signers and didn't take part in the ID > verification step of the signature process. > > > 1) and 3) are defiantly not the reasons in the analyzed cases. > > I really hope 2) is the cause, but in at least one case I am sure of 4). I'm sure it's 4, especially in the case when the person in question never attended the party. Some people just sign all the keys and call it a day. > How should 4) be dealt with? > > As far as I am aware the is no negative signature or any other way to > mark those keys - except for local trust settings. That is correct. It really has to be this way, for good and for bad. Trust is inherently subjective - even the 1-2-3 trust levels are just guidelines and there is no way to enforce them beyond asking people nicely not to abuse the system. Of course, it would be possible to propose a different trust model that takes into account such things (a reputation system), but that would be a reasonably different beast than the current system. Not impossible, but it would take some working out of details. OpenPGP currently has no way to make a "negative" signature. David From alphasigmax at gmail.com Sat Nov 5 15:39:36 2005 From: alphasigmax at gmail.com (Alphax) Date: Sat Nov 5 15:42:31 2005 Subject: how to handle "bad" signers? In-Reply-To: <20051105143309.GA5848@jabberwocky.com> References: <20051105143309.GA5848@jabberwocky.com> Message-ID: <436CC428.6010101@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 David Shaw wrote: > On Sat, Nov 05, 2005 at 12:30:46PM +0100, Thomas Kuehne wrote: > > >>How should 4) be dealt with? >> >>As far as I am aware the is no negative signature or any other way to >>mark those keys - except for local trust settings. > > > That is correct. It really has to be this way, for good and for bad. > Trust is inherently subjective - even the 1-2-3 trust levels are just > guidelines and there is no way to enforce them beyond asking people > nicely not to abuse the system. > > Of course, it would be possible to propose a different trust model > that takes into account such things (a reputation system), but that > would be a reasonably different beast than the current system. Not > impossible, but it would take some working out of details. OpenPGP > currently has no way to make a "negative" signature. > If it did, there would be a corresponding "Web of Antitrust". - -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 | X Against HTML email & vCards http://tinyurl.com/cc9up | / \ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQEVAwUBQ2zEJ7MAAH8MeUlWAQhmzQgAooOGpX2p31Bgoc8F4egWzFgHCS2pWO+z Bsl8YgnGdjzT7Q0GVOsP55LjPPKRSBh1+yIDrWYIqWyuLp1a74ZQTw5u8NDDtPj9 NhHSwa6kB+sQksaT3U5I4AZL7uygh79CI7AtGj/TOafoal+IKYXzVmA/DPGCVMkJ ovhv1NzfXnyRR6UGmviBrket9gaWNOST65o75NrCQww2UelH31xNPweLXclRxWkf aLs8wuNzO375MrtQkRtIFv0CDSysd4HMgByXC/p1QZdiv6o0rqKOq0heCTSPIr1Q qMqfQY9y4aWHiifHvJeYllo04V8/b7yULSj6U8h2TUpjf9gZqmNuUQ== =pM1Y -----END PGP SIGNATURE----- From alphasigmax at gmail.com Sat Nov 5 15:50:21 2005 From: alphasigmax at gmail.com (Alphax) Date: Sat Nov 5 15:53:42 2005 Subject: back signatures In-Reply-To: <20051105134440.GD5220@jabberwocky.com> References: <20051104191516.GA3364@sky.schizandra.ru> <20051104192409.GB5239@jabberwocky.com> <20051104192912.GC5239@jabberwocky.com> <436C2434.3050502@gmail.com> <20051105050859.GA5781@jabberwocky.com> <436C4ADF.7060505@gmail.com> <20051105133010.GB5220@jabberwocky.com> <436CB4E3.7010809@gmail.com> <20051105134440.GD5220@jabberwocky.com> Message-ID: <436CC6AD.9060205@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 David Shaw wrote: > On Sun, Nov 06, 2005 at 12:04:27AM +1030, Alphax wrote: > > >>>It's as official as any release that hasn't happened yet: that is to >>>say, we're happy and thrilled if you test it out and report bugs (to >>>gnupg-devel), but you'll have to compile it from the SVN repository, >>>and it's not considered stable code. >>> >> >>Considering that 1.4.2 won't compile on my system, that could be a problem. > > > So... report the bug? We're not terribly good mind readers here. > Nah, it's my system. MSYS is "not a runtime" according to all sane documentation. - -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 | X Against HTML email & vCards http://tinyurl.com/cc9up | / \ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQEVAwUBQ2zGrbMAAH8MeUlWAQj7TggAsKkG5TNPuQWMuPerEf+CE9j7w/RmRBMY MxCc3V5Kh0+HHcZT7yhP2ZmVwyFOEDH3qO2YKL1ouMEkm+KMHB3pQArb0Wjjlnkn b574a5P/jzcvz/Fp75VurOPnrz/i3o2DzhKXURxSMQFVrsYrfL2TIb98KBUVGs+0 rbzvNjCZQ3cqVtu2moYRJnou7w5PVZUdWTH16NmuKSjVIt4mMnH+vG2yDud2lxkV f31vlzD2K+Fgal8wkzVTNCtBQoZUEC2fB+7iXbwcTSwj6xjGReCih22lvyiB5qFU lYzjYx2YCCCDbMoMYgMqVcBQy13N6PlJgYGad7RD2nwlYHQLKYLbBQ== =efte -----END PGP SIGNATURE----- From johnmoore3rd at joimail.com Sat Nov 5 17:51:44 2005 From: johnmoore3rd at joimail.com (John W. Moore III) Date: Sat Nov 5 17:51:45 2005 Subject: back signatures In-Reply-To: <20051105133010.GB5220@jabberwocky.com> References: <20051104191516.GA3364@sky.schizandra.ru> <20051104192409.GB5239@jabberwocky.com> <20051104192912.GC5239@jabberwocky.com> <436C2434.3050502@gmail.com> <20051105050859.GA5781@jabberwocky.com> <436C4ADF.7060505@gmail.com> <20051105133010.GB5220@jabberwocky.com> Message-ID: <436CE320.4050209@joimail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 David Shaw wrote: > It's as official as any release that hasn't happened yet: that is to > say, we're happy and thrilled if you test it out and report bugs (to > gnupg-devel), but you'll have to compile it from the SVN repository, > and it's not considered stable code. "Unstable" though it may be, but I've encountered no problems: Yet. JOHN :) Timestamp: Saturday 05 Nov 2005, 11:51 AM --500 (Eastern Standard Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3-cvs (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: http://www.gswot.org Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQEcBAEBCAAGBQJDbOMdAAoJEBCGy9eAtCsPEBAH/1BtRSVQ+i+iZvBo+KbPt/+T Ta9od0JnIdaoohHpysN9XKKVqgwfkDv7CIm+zbslGEeQKhZXC7WIyIqcgGwqqnV+ NYb0zZqXQHhHeOwZovg32sC2ZNEnF4syXI4Fm9nfBKchEzoGmR9gKvEGK89QSIET Obhnolyj5NbtEiNy8avx7S2H3RWZNE0qILCMMK57lJLYy88gypmYlSVlj0bpvX4L t3R+yEJGKuX/bdbIgOFHIhARG4rriLqHACr8lrqgr9d6iWLZHlxbbYHUeftmerG1 Qd7eNcbHdZwfB+YpmDXuXabXl1NY4qW2fLnmlFe2j/wtsxzx735LSwhJ/QkiTqo= =OSzz -----END PGP SIGNATURE----- From svwright.lists at gmail.com Sat Nov 5 15:04:53 2005 From: svwright.lists at gmail.com (Stewart V. Wright) Date: Sat Nov 5 17:55:46 2005 Subject: CVS or SVN [Was: back signatures] In-Reply-To: <20051105133010.GB5220@jabberwocky.com> References: <20051104191516.GA3364@sky.schizandra.ru> <20051104192409.GB5239@jabberwocky.com> <20051104192912.GC5239@jabberwocky.com> <436C2434.3050502@gmail.com> <20051105050859.GA5781@jabberwocky.com> <436C4ADF.7060505@gmail.com> <20051105133010.GB5220@jabberwocky.com> Message-ID: <20051105140453.GA4587@anl.gov> G'day David, * David Shaw [051105 07:45]: > > It's as official as any release that hasn't happened yet: that is to > say, we're happy and thrilled if you test it out and report bugs (to > gnupg-devel), but you'll have to compile it from the SVN repository, > and it's not considered stable code. Can someone then please update the information on the web pages to be relevant to SVN as opposed to CVS (I'm assuming that you're not running both concurrently). Cheers, S. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 274 bytes Desc: not available Url : /pipermail/attachments/20051105/a9c4b2ae/attachment.pgp From npcole at yahoo.co.uk Sat Nov 5 18:28:43 2005 From: npcole at yahoo.co.uk (Nicholas Cole) Date: Sat Nov 5 18:29:03 2005 Subject: Expiring UID In-Reply-To: <20051104212055.GE5239@jabberwocky.com> Message-ID: <20051105172843.79929.qmail@web25401.mail.ukl.yahoo.com> --- David Shaw wrote: > On Fri, Nov 04, 2005 at 04:59:01PM +0000, Nicholas > Cole wrote: > > Am I right that there is no easy way to create an > > expiring UIUIDas opposed to an expiring key). > > > > --ask-cert-expire seems to be ignored when using > > adadduidn the edit menu. > > > > Is there a good reason for this? > > Honestly, no good reason. There are a few iffy > reasons in nobody ever > asked for this feature before, and that it would be > of doubtful > compatibility outside of GnGnuPG It's not that I see a desperate need for the feature, it just seemed an interesting omission, and I wondered what the reason was. I'm surprised that compatibility is a problem - I assumed it would be done by having the self-signature on a UIUIDe created with an expiration date, which surely all OpOpenPGPrograms would notice. The situation I thought it would be useful for is if a UIUIDs associated with a job/position that will only last a fixed period of time - especially if access to the account might change after that point. Including it would probably require numerous changes, such as asking a 3rd-party signer if a signature should expire at the same time as the self-sisig.. As I say, probably little/no need. Just an interesting quirk. Cheers, N. ___________________________________________________________ Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with voicemail http://uk.messenger.yahoo.com From dshaw at jabberwocky.com Sat Nov 5 19:43:19 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Sat Nov 5 19:43:40 2005 Subject: how to handle "bad" signers? In-Reply-To: <436CC428.6010101@gmail.com> References: <20051105143309.GA5848@jabberwocky.com> <436CC428.6010101@gmail.com> Message-ID: <20051105184319.GA5925@jabberwocky.com> On Sun, Nov 06, 2005 at 01:09:36AM +1030, Alphax wrote: > David Shaw wrote: > > On Sat, Nov 05, 2005 at 12:30:46PM +0100, Thomas Kuehne wrote: > > > > > > >>How should 4) be dealt with? > >> > >>As far as I am aware the is no negative signature or any other way to > >>mark those keys - except for local trust settings. > > > > > > That is correct. It really has to be this way, for good and for bad. > > Trust is inherently subjective - even the 1-2-3 trust levels are just > > guidelines and there is no way to enforce them beyond asking people > > nicely not to abuse the system. > > > > Of course, it would be possible to propose a different trust model > > that takes into account such things (a reputation system), but that > > would be a reasonably different beast than the current system. Not > > impossible, but it would take some working out of details. OpenPGP > > currently has no way to make a "negative" signature. > > > > If it did, there would be a corresponding "Web of Antitrust". Yes, more or less. You could allow people who you trust to lower the validity of other user IDs. David From ml at bitfalle.org Sat Nov 5 22:43:46 2005 From: ml at bitfalle.org (markus reichelt) Date: Sat Nov 5 22:43:43 2005 Subject: ECC In-Reply-To: <436BC1BB.1060509@exit109.com> References: <8764reuheb.fsf@wheatstone.g10code.de> <43663A14.7010003@mathematica.scientia.net> <20051031191816.GA4606@dantooine> <436695F5.5020706@mathematica.scientia.net> <20051031225240.GC4606@dantooine> <4366A4BB.8060804@mathematica.scientia.net> <20051104145303.GC7987@dantooine> <436B90EF.6090505@exit109.com> <20051104183207.GG7987@dantooine> <436BC1BB.1060509@exit109.com> Message-ID: <20051105214346.GA3987@dantooine> * Jean-David Beyer wrote: > > I put the speculations aside and stick with the fact that the NSA > > recommends ECC for government use. That's enough for _me_. > > > I guess it depends on how your paranoia works, and about whom you > choose to be paranoid. Does the NSA recommend ECC for government > use so that another government agency (e.g., the NSA) can read, if > necessary or desired by the parties that control that government > agency? If so, I would assume they know how to crack ECC. In that > case I would not want to use ECC. As I said, I put the speculations aside. I see no point diving into the matter like that. Consistently, and quite sadly, this reminds me of 9/11. When I refused to accept the official story of Osama and his 19 bandits (still do; f.e. their ridiculous story of burning jet fuel being able to bring down the towers; quite a laugh), I was called a conspiracy theorist; just for saying "I'm not buying the official story.", period. I did not offer alternatives;I was just saying, plain & simple, that it can't be THAT way because of numerous facts. See, I don't go any further than the NSA's recommendation here; in this case this is enough for me, I most certainly do not want to draw an analogy between PKC & 9/11 because that would take much much more than some limpering analogy at best, eh ;-). I don't care about other views on the matter (NSA & PKC); I don't ask acceptance, only mere tolerance. Curiousity is a good thing, but there are times when too much of it will spoil things big time. I find it astonishing that people can't accept facts as such, and what people make of them (eye, beholder, bells, ringing, ...) _without_ putting speculations aside; no offense intended. I could go on ranting... and if one could build a whole new _lasting_ world on speculations I'd be among the first to join. > Or do they know how to crack everything else and have not yet > cracked ECC? In that case, I would want to use ECC. Well... If one asks them, they most certainly won't give a satisfying answer I fear ;-) Or, more precisely, it would take ages. When you take a look at cryptome.org and some requests regarding the freedom of information act, it is quite sad to note that it takes a federal angency so much time to response to simple requests made by a country's citizen. > Paranoia is a wonderful thing, but it can trap you in dilemmas like > this. Not me. ;) I use to say "I'm not paranoid, but the people who hunt me think I am." -- left blank, right bald -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20051105/dc5e3ebf/attachment.pgp From JPClizbe at comcast.net Sun Nov 6 05:21:32 2005 From: JPClizbe at comcast.net (John Clizbe) Date: Sun Nov 6 05:22:08 2005 Subject: CVS or SVN [Was: back signatures] In-Reply-To: <20051105140453.GA4587@anl.gov> References: <20051104191516.GA3364@sky.schizandra.ru> <20051104192409.GB5239@jabberwocky.com> <20051104192912.GC5239@jabberwocky.com> <436C2434.3050502@gmail.com> <20051105050859.GA5781@jabberwocky.com> <436C4ADF.7060505@gmail.com> <20051105133010.GB5220@jabberwocky.com> <20051105140453.GA4587@anl.gov> Message-ID: <436D84CC.4030903@comcast.net> Stewart V. Wright wrote: > Can someone then please update the information on the web pages to be > relevant to SVN as opposed to CVS (I'm assuming that you're not > running both concurrently). The cvs servers are still operational, just no longer updated. README.WARNING-REPOSITORY-NOT-CURRENT says: > Hi! > > we switched over from CVS to Subversion. Thus this archive is not anymore > active. See: > http://lists.gnupg.org/pipermail/gnupg-devel/2005-July/022222.html I'll second the request. -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Be who you are and say what you feel because those who mind don't matter and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 658 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20051105/738b8527/signature.pgp From cam at mathematica.scientia.net Sun Nov 6 21:41:28 2005 From: cam at mathematica.scientia.net (Christoph Anton Mitterer) Date: Sun Nov 6 21:41:29 2005 Subject: ECC In-Reply-To: <436B90EF.6090505@exit109.com> References: <4360E27F.6010508@comcast.net> <4364DDDC.5070502@mathematica.scientia.net> <20051030145907.GB30195@jabberwocky.com> <43655C96.20600@mathematica.scientia.net> <8764reuheb.fsf@wheatstone.g10code.de> <43663A14.7010003@mathematica.scientia.net> <20051031191816.GA4606@dantooine> <436695F5.5020706@mathematica.scientia.net> <20051031225240.GC4606@dantooine> <4366A4BB.8060804@mathematica.scientia.net> <20051104145303.GC7987@dantooine> <436B90EF.6090505@exit109.com> Message-ID: <436E6A78.5080805@mathematica.scientia.net> Jean-David Beyer wrote: > Is it because you think they have so much computer power at Ft. Meade that > they can use exhaustive search? Or do you think their mathematicians > are so > much better than the general public (including math professors who > specialize in this stuff) that they have discovered a breakthrough in > factoring? Or because you believe they have gotten all manufacturers to > include trogan horses in their code? Maybe,... they already have quantum computers,... and therfore can use Shore's algortihm =) Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: cam.vcf Type: text/x-vcard Size: 449 bytes Desc: not available Url : /pipermail/attachments/20051106/db1726cc/cam-0001.vcf From cam at mathematica.scientia.net Sun Nov 6 21:54:01 2005 From: cam at mathematica.scientia.net (Christoph Anton Mitterer) Date: Sun Nov 6 21:53:48 2005 Subject: back signatures In-Reply-To: <20051104192912.GC5239@jabberwocky.com> References: <20051104191516.GA3364@sky.schizandra.ru> <20051104192409.GB5239@jabberwocky.com> <20051104192912.GC5239@jabberwocky.com> Message-ID: <436E6D69.6050301@mathematica.scientia.net> David Shaw wrote: >>It's a countermeasure against an attack against signing subkeys. >>Basically, the primary key signs all subkeys. With backsigs, the >>signing subkey also signs the primary key. >> >>Without this, an attacker can "steal" a signing subkey from someone >>else and try and pretend that a signature came from his own key. It's >>not a particularly good attack: the attacker can't issue signatures to >>prove his ownership. >> >> >I should add that this is a new feature for 1.4.3. > > Can keys created before 1.4.3 be updated with that stuff? Best wishes, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: cam.vcf Type: text/x-vcard Size: 449 bytes Desc: not available Url : /pipermail/attachments/20051106/eb35a1f1/cam.vcf From dshaw at jabberwocky.com Mon Nov 7 00:01:26 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Nov 7 00:01:47 2005 Subject: back signatures In-Reply-To: <436E6D69.6050301@mathematica.scientia.net> References: <20051104191516.GA3364@sky.schizandra.ru> <20051104192409.GB5239@jabberwocky.com> <20051104192912.GC5239@jabberwocky.com> <436E6D69.6050301@mathematica.scientia.net> Message-ID: <20051106230126.GA9758@jabberwocky.com> On Sun, Nov 06, 2005 at 09:54:01PM +0100, Christoph Anton Mitterer wrote: > David Shaw wrote: > > >>It's a countermeasure against an attack against signing subkeys. > >>Basically, the primary key signs all subkeys. With backsigs, the > >>signing subkey also signs the primary key. > >> > >>Without this, an attacker can "steal" a signing subkey from someone > >>else and try and pretend that a signature came from his own key. It's > >>not a particularly good attack: the attacker can't issue signatures to > >>prove his ownership. > >> > >> > >I should add that this is a new feature for 1.4.3. > Can keys created before 1.4.3 be updated with that stuff? Yes. David From johanw at vulcan.xs4all.nl Sun Nov 6 23:00:02 2005 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Mon Nov 7 01:02:43 2005 Subject: ECC In-Reply-To: <436B9326.6090701@joimail.com> Message-ID: <200511062200.jA6M02wO001595@vulcan.xs4all.nl> John W. Moore III wrote: >Perhaps he believes TRANSLTR actually exists. According to that book, it could only crack 64 bit ciphers. No big deal, distributed.net did that too and all symmetric ciphers in pgp/gpg are at least 128 bits. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From johanw at vulcan.xs4all.nl Sun Nov 6 23:01:16 2005 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Mon Nov 7 01:02:53 2005 Subject: ECC In-Reply-To: <20051104183207.GG7987@dantooine> Message-ID: <200511062201.jA6M1G1L001638@vulcan.xs4all.nl> markus reichelt wrote: >I put the speculations aside and stick with the fact that the NSA >recommends ECC for government use. That's enough for _me_. What makes you think the NSA doesn't want to decrypt US government traffic? -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From wk at gnupg.org Mon Nov 7 08:48:15 2005 From: wk at gnupg.org (Werner Koch) Date: Mon Nov 7 08:51:57 2005 Subject: ECC In-Reply-To: <20051104183207.GG7987@dantooine> (markus reichelt's message of "Fri, 04 Nov 2005 19:32:07 +0100") References: <20051030145907.GB30195@jabberwocky.com> <43655C96.20600@mathematica.scientia.net> <8764reuheb.fsf@wheatstone.g10code.de> <43663A14.7010003@mathematica.scientia.net> <20051031191816.GA4606@dantooine> <436695F5.5020706@mathematica.scientia.net> <20051031225240.GC4606@dantooine> <4366A4BB.8060804@mathematica.scientia.net> <20051104145303.GC7987@dantooine> <436B90EF.6090505@exit109.com> <20051104183207.GG7987@dantooine> Message-ID: <8764r4dhkw.fsf@wheatstone.g10code.de> On Fri, 04 Nov 2005 19:32:07 +0100, markus reichelt said: > I put the speculations aside and stick with the fact that the NSA > recommends ECC for government use. That's enough for _me_. There is a rationale reason why NIST (not the NSA) will go for ECC: The forthcoming extended DSA versions using longer hash values will require much longer RSA keys (e.g. 3072 bit for SHA-256). This is due to NIST's estimated relations between key and hash sizes for balanced attack costs. The downside of these new DSA variants is that implementing 3k RSA on small devices is close to impossible. Thus they need to switch to ECC to gain similar security with the ability to implement it on smart cards. Shalom-Salam, Werner From wk at gnupg.org Mon Nov 7 08:53:51 2005 From: wk at gnupg.org (Werner Koch) Date: Mon Nov 7 08:56:52 2005 Subject: CVS or SVN In-Reply-To: <20051105140453.GA4587@anl.gov> (Stewart V. Wright's message of "Sat, 5 Nov 2005 08:04:53 -0600") References: <20051104191516.GA3364@sky.schizandra.ru> <20051104192409.GB5239@jabberwocky.com> <20051104192912.GC5239@jabberwocky.com> <436C2434.3050502@gmail.com> <20051105050859.GA5781@jabberwocky.com> <436C4ADF.7060505@gmail.com> <20051105133010.GB5220@jabberwocky.com> <20051105140453.GA4587@anl.gov> Message-ID: <87wtjkc2r4.fsf@wheatstone.g10code.de> On Sat, 5 Nov 2005 08:04:53 -0600, Stewart V Wright said: > Can someone then please update the information on the web pages to be > relevant to SVN as opposed to CVS (I'm assuming that you're not Yeah, we should really do this. However due to our fully automated content management system it is not that easy ;-). Lolo, can you change the wml stuff to take svn as well as cvs into account? Salam-Shalom, Werner From alphasigmax at gmail.com Mon Nov 7 14:25:02 2005 From: alphasigmax at gmail.com (Alphax) Date: Mon Nov 7 14:27:58 2005 Subject: back signatures In-Reply-To: <20051105133043.GC5220@jabberwocky.com> References: <20051104191516.GA3364@sky.schizandra.ru> <20051104192409.GB5239@jabberwocky.com> <436C4CA4.4080108@gmail.com> <20051105133043.GC5220@jabberwocky.com> Message-ID: <436F55AE.2080901@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 David Shaw wrote: > On Sat, Nov 05, 2005 at 04:39:40PM +1030, Alphax wrote: > >>David Shaw wrote: >> >>>On Fri, Nov 04, 2005 at 10:15:16PM +0300, Pawel Shajdo wrote: >>> >>> >>>>Salve! >>>>Can somebody explain me what is "back signatures"? >>>>Manual not very clear about this. >>> >>> >>>It's a countermeasure against an attack against signing subkeys. >>>Basically, the primary key signs all subkeys. With backsigs, the >>>signing subkey also signs the primary key. >>> >>>Without this, an attacker can "steal" a signing subkey from someone >>>else and try and pretend that a signature came from his own key. It's >>>not a particularly good attack: the attacker can't issue signatures to >>>prove his ownership. >>> >> >>Will this remove the possibility of moving subkeys from one primary key >>to another / converting primary keys to subkeys (documented at >>http://atom.smasher.org/gpg/gpg-migrate.txt)? > > > No, it's unrelated to that. It's a countermeasure against a (somewhat > weak) attack. It has nothing to do with various bit twiddling you can > do to your own key. > So how /do/ they work (and how does one go about moving subkeys between keys)? - -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 | X Against HTML email & vCards http://tinyurl.com/cc9up | / \ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQEVAwUBQ29VrrMAAH8MeUlWAQiI1Af+IOP3LqxNddNc1tRxKo4BwNNm4MmiRQrC XnOkj+kpEzt7TnlvYhEWy4QUW/Kjv/7F0DvW/68lMNsSq+MV/dm89wFNiRpUV0e9 XR6qf6/jMkJEyafhT0fkfJoZBrNRhhgT6Gdgl6yvGZbK4JscMAi0CaWzVZOBryaL YNeaR+TKLhkleW6n4Q1nFodMeTZE7KgjzkyhcWvp3r6XB/mzQJ2R7EF+MD8C+P53 jmq9QQL0BAMq3F1Q6tunxHzdNknP9DUuS6pSWSVUUPZVkS/YCKX5LQFhE4txh4+E pC1v4IExoJD7Ec4hfRCIZ01S/W349uxpupL4zhPlpIXSuiwb9DXyfA== =lSYS -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Mon Nov 7 14:41:25 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Nov 7 14:42:16 2005 Subject: back signatures In-Reply-To: <436F55AE.2080901@gmail.com> References: <20051104191516.GA3364@sky.schizandra.ru> <20051104192409.GB5239@jabberwocky.com> <436C4CA4.4080108@gmail.com> <20051105133043.GC5220@jabberwocky.com> <436F55AE.2080901@gmail.com> Message-ID: <20051107134125.GF9758@jabberwocky.com> On Mon, Nov 07, 2005 at 11:55:02PM +1030, Alphax wrote: > >>>It's a countermeasure against an attack against signing subkeys. > >>>Basically, the primary key signs all subkeys. With backsigs, the > >>>signing subkey also signs the primary key. > >>> > >>>Without this, an attacker can "steal" a signing subkey from someone > >>>else and try and pretend that a signature came from his own key. It's > >>>not a particularly good attack: the attacker can't issue signatures to > >>>prove his ownership. > >>> > >> > >>Will this remove the possibility of moving subkeys from one primary key > >>to another / converting primary keys to subkeys (documented at > >>http://atom.smasher.org/gpg/gpg-migrate.txt)? > > > > > > No, it's unrelated to that. It's a countermeasure against a (somewhat > > weak) attack. It has nothing to do with various bit twiddling you can > > do to your own key. > > > > So how /do/ they work (and how does one go about moving subkeys between > keys)? I'm afraid I don't understand what you're asking here. How backsigs work? David From alphasigmax at gmail.com Mon Nov 7 16:09:17 2005 From: alphasigmax at gmail.com (Alphax) Date: Mon Nov 7 16:12:17 2005 Subject: back signatures In-Reply-To: <20051107134125.GF9758@jabberwocky.com> References: <20051104191516.GA3364@sky.schizandra.ru> <20051104192409.GB5239@jabberwocky.com> <436C4CA4.4080108@gmail.com> <20051105133043.GC5220@jabberwocky.com> <436F55AE.2080901@gmail.com> <20051107134125.GF9758@jabberwocky.com> Message-ID: <436F6E1D.8050900@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 David Shaw wrote: > On Mon, Nov 07, 2005 at 11:55:02PM +1030, Alphax wrote: > > >>>>>It's a countermeasure against an attack against signing subkeys. >>>>>Basically, the primary key signs all subkeys. With backsigs, the >>>>>signing subkey also signs the primary key. >>>>> >>>>>Without this, an attacker can "steal" a signing subkey from someone >>>>>else and try and pretend that a signature came from his own key. It's >>>>>not a particularly good attack: the attacker can't issue signatures to >>>>>prove his ownership. >>>>> >>>> >>>>Will this remove the possibility of moving subkeys from one primary key >>>>to another / converting primary keys to subkeys (documented at >>>>http://atom.smasher.org/gpg/gpg-migrate.txt)? >>> >>> >>>No, it's unrelated to that. It's a countermeasure against a (somewhat >>>weak) attack. It has nothing to do with various bit twiddling you can >>>do to your own key. >>> >> >>So how /do/ they work (and how does one go about moving subkeys between >>keys)? > > > I'm afraid I don't understand what you're asking here. How backsigs > work? > 1. I have a cvs version of 1.4.3, how do I issue backsigs? 2. How can I move some subkeys from one key to another, where the key I want to move them too currently has NO subkeys? - -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 | X Against HTML email & vCards http://tinyurl.com/cc9up | / \ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQEVAwUBQ29uHbMAAH8MeUlWAQjqEQf5AWjO1MUTnnpXblSugyp5uosKygmpSfP/ DkV+ULPCEPVFnxCY1BoekpWvjC+ZhyRzhjnjx9S79Xa5H3is6QQjo2r8Uy1ho8ju MnVC5uascX4r5zQa7wHgZzCNjXwudd03ihBzh4De9+ZsP/QELbTKrPxFp5qhH7CE hUHPh8TnkCejMcNk897Xs9zyHXZoeGSj9mQFtyO3lyOMyhV9Oey4X7bEKEXbDmVG U5N/9c46QkQPuMGfOnJ7nxFBwq99n5OVKHGg4IcqsE/J5SIwKQCHmu0sTWCGdy8R OFvj8uRh5iNJsVSx6t0+R68DizLRVyB//lluzXBdSUpoQP09iKkvFA== =3oml -----END PGP SIGNATURE----- From cam at mathematica.scientia.net Mon Nov 7 16:17:20 2005 From: cam at mathematica.scientia.net (Christoph Anton Mitterer) Date: Mon Nov 7 16:17:10 2005 Subject: back signatures In-Reply-To: <20051107134125.GF9758@jabberwocky.com> References: <20051104191516.GA3364@sky.schizandra.ru> <20051104192409.GB5239@jabberwocky.com> <436C4CA4.4080108@gmail.com> <20051105133043.GC5220@jabberwocky.com> <436F55AE.2080901@gmail.com> <20051107134125.GF9758@jabberwocky.com> Message-ID: <436F7000.4030307@mathematica.scientia.net> David Shaw wrote: >I'm afraid I don't understand what you're asking here. How backsigs >work? > > And what is the "theory" behind them,... e.g. how do they improve security? Best wishes, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: cam.vcf Type: text/x-vcard Size: 449 bytes Desc: not available Url : /pipermail/attachments/20051107/057b0e1e/cam-0001.vcf From dshaw at jabberwocky.com Mon Nov 7 16:24:24 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Nov 7 16:24:43 2005 Subject: back signatures In-Reply-To: <436F6E1D.8050900@gmail.com> References: <20051104191516.GA3364@sky.schizandra.ru> <20051104192409.GB5239@jabberwocky.com> <436C4CA4.4080108@gmail.com> <20051105133043.GC5220@jabberwocky.com> <436F55AE.2080901@gmail.com> <20051107134125.GF9758@jabberwocky.com> <436F6E1D.8050900@gmail.com> Message-ID: <20051107152424.GA12105@jabberwocky.com> On Tue, Nov 08, 2005 at 01:39:17AM +1030, Alphax wrote: > 1. I have a cvs version of 1.4.3, how do I issue backsigs? Backsigs are part of a signing subkey. You don't generally need to issue them, since they are generated automatically when you make a signing subkey. If you have an older key with one or more signing subkeys and want to add backsigs to it, do 'gpg --edit-key (thekey)' and use the 'backsign' command. > 2. How can I move some subkeys from one key to another, where the key I > want to move them too currently has NO subkeys? Moving subkeys around is not supported in GnuPG. You can follow the steps in http://atom.smasher.org/gpg/gpg-migrate.txt if you want to do it manually. There are generally few reasons to move subkeys from one key to another. Usually a better answer is to just make another one - subkeys are cheap. David From dshaw at jabberwocky.com Mon Nov 7 16:36:30 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Nov 7 16:37:03 2005 Subject: back signatures In-Reply-To: <436F7000.4030307@mathematica.scientia.net> References: <20051104191516.GA3364@sky.schizandra.ru> <20051104192409.GB5239@jabberwocky.com> <436C4CA4.4080108@gmail.com> <20051105133043.GC5220@jabberwocky.com> <436F55AE.2080901@gmail.com> <20051107134125.GF9758@jabberwocky.com> <436F7000.4030307@mathematica.scientia.net> Message-ID: <20051107153630.GA12184@jabberwocky.com> On Mon, Nov 07, 2005 at 04:17:20PM +0100, Christoph Anton Mitterer wrote: > David Shaw wrote: > > >I'm afraid I don't understand what you're asking here. How backsigs > >work? > > > > > And what is the "theory" behind them,... e.g. how do they improve security? Current signing subkeys have a weakness in that they can be moved from one key to another without the key owner's approval. This means that if I sign a message with a signing subkey, someone else can lift the (public) signing subkey off of my key, attach it to theirs, and issue a new binding signature for it. This person can then claim to be the person who signed the message. Note that this person doesn't have the secret key or the passphrase - they can't issue NEW signatures. They can only claim to be the signer for existing signatures. They also can't stop the original signer from claiming ownership. If it comes down to two people, both claiming they issued a particular signature, just ask them both to sign a challenge (a different challenge for each). The impostor won't be able to. Anyway, back signatures avoid all that by adding a signature from the signing subkey on the primary key. This proves that the owner of the signing subkey is not an impostor, since the impostor could not issue such a signature. David From cam at mathematica.scientia.net Mon Nov 7 19:10:26 2005 From: cam at mathematica.scientia.net (Christoph Anton Mitterer) Date: Mon Nov 7 19:10:16 2005 Subject: Prefered algorithms priority Message-ID: <436F9892.5050602@mathematica.scientia.net> Hi. As you probably know, one can set his prefered algorithms for a OpenPGP key using setpref. How is the priority specified? Is it from left to right, meaning that an algorithm a left from another (b) is preferd in favour of b? setpref --->--->--->---> ? Best wishes, Christoph Anton Mitterer. -------------- next part -------------- A non-text attachment was scrubbed... Name: cam.vcf Type: text/x-vcard Size: 449 bytes Desc: not available Url : /pipermail/attachments/20051107/7b279532/cam.vcf From lionel at mamane.lu Mon Nov 7 21:12:18 2005 From: lionel at mamane.lu (Lionel Elie Mamane) Date: Mon Nov 7 21:12:05 2005 Subject: Prefered algorithms priority In-Reply-To: <436F9892.5050602@mathematica.scientia.net> References: <436F9892.5050602@mathematica.scientia.net> Message-ID: <20051107201218.GB23287@capsaicin.mamane.lu> On Mon, Nov 07, 2005 at 07:10:26PM +0100, Christoph Anton Mitterer wrote: > As you probably know, one can set his prefered algorithms for a OpenPGP > key using setpref. > How is the priority specified? Is it from left to right, meaning that an > algorithm a left from another (b) is preferd in favour of b? > setpref --->--->--->---> ? Yes. -- Lionel From dshaw at jabberwocky.com Mon Nov 7 22:23:52 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Nov 7 22:24:28 2005 Subject: Prefered algorithms priority In-Reply-To: <436F9892.5050602@mathematica.scientia.net> References: <436F9892.5050602@mathematica.scientia.net> Message-ID: <20051107212352.GA12617@jabberwocky.com> On Mon, Nov 07, 2005 at 07:10:26PM +0100, Christoph Anton Mitterer wrote: > Hi. > > As you probably know, one can set his prefered algorithms for a OpenPGP > key using setpref. > > How is the priority specified? Is it from left to right, meaning that an > algorithm a left from another (b) is preferd in favour of b? > setpref --->--->--->---> ? Correct, it's left to right. The algorithm works by eliminating any algorithm that isn't usable by all recipients (remember that by definition 3DES is usable by all recipients, so it will be used if all else fails). Once the list has been reduced to what everyone can handle, the final selection is made by either --personal-xxxx-prefs (if you are using it) or by the first -r recipient. David From cam at mathematica.scientia.net Mon Nov 7 23:32:29 2005 From: cam at mathematica.scientia.net (Christoph Anton Mitterer) Date: Mon Nov 7 23:32:15 2005 Subject: Prefered algorithms priority In-Reply-To: <20051107212352.GA12617@jabberwocky.com> References: <436F9892.5050602@mathematica.scientia.net> <20051107212352.GA12617@jabberwocky.com> Message-ID: <436FD5FD.4020906@mathematica.scientia.net> David Shaw wrote: >>How is the priority specified? Is it from left to right, meaning that an >>algorithm a left from another (b) is preferd in favour of b? >>setpref --->--->--->---> ? >> >> >Correct, it's left to right. The algorithm works by eliminating any >algorithm that isn't usable by all recipients (remember that by >definition 3DES is usable by all recipients, so it will be used if all >else fails). > > Ahh,.. thanks and what is about other algorithms,.. if I, for example, exclude MD5 from my prefered hash algorithms,... will this indicate other users that I DO NOT accept MD5 hashed signatures? Best wishes, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: cam.vcf Type: text/x-vcard Size: 449 bytes Desc: not available Url : /pipermail/attachments/20051107/d54c822b/cam.vcf From cam at mathematica.scientia.net Tue Nov 8 12:27:13 2005 From: cam at mathematica.scientia.net (Christoph Anton Mitterer) Date: Tue Nov 8 12:27:12 2005 Subject: Keytypes and changing them Message-ID: <43708B91.7020901@mathematica.scientia.net> Hi folks! Ok,.. I know that you can set at least the following flags to specify the purpose of a key: A - authorsation C - certification E - encryption S - signation Ok,.. as far as I understood, if a key is C-only that this indicates that it is used solely for signing other keys, but not for signing normal data, correct? Ok,.. I thought about that and came to the result - correct me if I'm wrong - that it would be more secure to use the primary key only for certificating other keys (and of course for self-sigs). Ok my current key looks like the following: primary: CS, RSA-S, 4096 bit secondary: E, ElGamal, 4096 bit So I think it would be better to have the following: primary: C, RSA-S, 4096 bit secondary: S, RSA-S, 4096 bit secondary: E, ElGamal, 4096 bit Ok... 1) Is it advisable at all? 2) Can I change this with GPG (without having to create a new key, of course)? 3) If not: Is this function going to be intruduced in GPG the next time? 4) If not: How could I do that else? 5) Would it change my primary key in such a way, that it renders the signatures that I've already received from other users invalid? Best wishes, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: cam.vcf Type: text/x-vcard Size: 449 bytes Desc: not available Url : /pipermail/attachments/20051108/206b6edd/cam.vcf From dshaw at jabberwocky.com Tue Nov 8 14:24:16 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Nov 8 14:44:12 2005 Subject: Keytypes and changing them In-Reply-To: <43708B91.7020901@mathematica.scientia.net> References: <43708B91.7020901@mathematica.scientia.net> Message-ID: <20051108132416.GB12617@jabberwocky.com> On Tue, Nov 08, 2005 at 12:27:13PM +0100, Christoph Anton Mitterer wrote: > Hi folks! > > Ok,.. I know that you can set at least the following flags to specify > the purpose of a key: > A - authorsation > C - certification > E - encryption > S - signation > > Ok,.. as far as I understood, if a key is C-only that this indicates > that it is used solely for signing other keys, but not for signing > normal data, correct? > > Ok,.. I thought about that and came to the result - correct me if I'm > wrong - that it would be more secure to use the primary key only for > certificating other keys (and of course for self-sigs). > > Ok my current key looks like the following: > primary: CS, RSA-S, 4096 bit > secondary: E, ElGamal, 4096 bit > > So I think it would be better to have the following: > primary: C, RSA-S, 4096 bit > secondary: S, RSA-S, 4096 bit > secondary: E, ElGamal, 4096 bit > > Ok... > 1) Is it advisable at all? Yes. Many people do it this way, including myself. It's not actually an RSA-S key (that's deprecated), but a regular RSA key with the S flag set. However, you don't actually want to change the primary from CS to C. > 2) Can I change this with GPG (without having to create a new key, of > course)? > 3) If not: Is this function going to be intruduced in GPG the next time? > 4) If not: How could I do that else? You can add a signing subkey any time you like. This doesn't flip your primary CS key into a C only key, but that doesn't matter much. If GnuPG sees you have a signing subkey, it will always choose it in favor of the primary key when making a signature. You don't want a C only primary key because if you go to a key signing party, you may be asked to sign a challenge to prove you own your key. This challenge must be signed with the primary key to be valid. > 5) Would it change my primary key in such a way, that it renders the > signatures that I've already received from other users invalid? No. This does not affect third-party signatures. David From cam at mathematica.scientia.net Tue Nov 8 15:29:39 2005 From: cam at mathematica.scientia.net (Christoph Anton Mitterer) Date: Tue Nov 8 15:29:28 2005 Subject: Keytypes and changing them In-Reply-To: <20051108132416.GB12617@jabberwocky.com> References: <43708B91.7020901@mathematica.scientia.net> <20051108132416.GB12617@jabberwocky.com> Message-ID: <4370B653.2050405@mathematica.scientia.net> David Shaw wrote: >>So I think it would be better to have the following: >>primary: C, RSA-S, 4096 bit >>secondary: S, RSA-S, 4096 bit >>secondary: E, ElGamal, 4096 bit >> >>Ok... >>1) Is it advisable at all? >> >> >Yes. Many people do it this way, including myself. It's not actually >an RSA-S key (that's deprecated), but a regular RSA key with the S >flag set. However, you don't actually want to change the primary from >CS to C. > > Why not? *g* Of course I could just don't use my primary key for signing plain data,.. but I think it would be better to indicate that with the flag, too. What would be the disadvantages? >>2) Can I change this with GPG (without having to create a new key, of >>course)? >>3) If not: Is this function going to be intruduced in GPG the next time? >>4) If not: How could I do that else? >> >> >You can add a signing subkey any time you like. This doesn't flip >your primary CS key into a C only key, but that doesn't matter much. > > Of course... >If GnuPG sees you have a signing subkey, it will always choose it in >favor of the primary key when making a signature. > >You don't want a C only primary key because if you go to a key signing >party, you may be asked to sign a challenge to prove you own your key. >This challenge must be signed with the primary key to be valid. > > Ah,.. hm ok,.. is this the only reason for not using a C-only primary key? And again,.. is it posible to change the flag on an existing key? And how is it done? Via a selfsignature? If so, I could change the flag to C, indicating everybody that I'm using the primary key for signing-other-keys-only and if someone should insist on challenge-response I could use the --expert flag or store a local-only version of the key (e.g. in an seperate .gnupg dir) that contains the key with CS. >>5) Would it change my primary key in such a way, that it renders the >>signatures that I've already received from other users invalid? >> >> >No. This does not affect third-party signatures. > > Good,.. so I could change this as often as I'd like to, correct? Best wishes, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: cam.vcf Type: text/x-vcard Size: 449 bytes Desc: not available Url : /pipermail/attachments/20051108/a4611b54/cam-0001.vcf From alphasigmax at gmail.com Tue Nov 8 15:35:59 2005 From: alphasigmax at gmail.com (Alphax) Date: Tue Nov 8 15:38:55 2005 Subject: Keytypes and changing them In-Reply-To: <4370B653.2050405@mathematica.scientia.net> References: <43708B91.7020901@mathematica.scientia.net> <20051108132416.GB12617@jabberwocky.com> <4370B653.2050405@mathematica.scientia.net> Message-ID: <4370B7CF.1050007@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Christoph Anton Mitterer wrote: > David Shaw wrote: > >>> So I think it would be better to have the following: >>> primary: C, RSA-S, 4096 bit >>> secondary: S, RSA-S, 4096 bit >>> secondary: E, ElGamal, 4096 bit >>> >>> Ok... >>> 1) Is it advisable at all? >>> >> >> Yes. Many people do it this way, including myself. It's not actually >> an RSA-S key (that's deprecated), but a regular RSA key with the S >> flag set. However, you don't actually want to change the primary from >> CS to C. >> >> > Why not? *g* Of course I could just don't use my primary key for signing > plain data,.. but I think it would be better to indicate that with the > flag, too. > What would be the disadvantages? > You could end up with conflicting copies of the same key for one... > And again,.. is it posible to change the flag on an existing key? And > how is it done? Via a selfsignature? If so, I could change the flag to > C, indicating everybody that I'm using the primary key for > signing-other-keys-only and if someone should insist on > challenge-response I could use the --expert flag or store a local-only > version of the key (e.g. in an seperate .gnupg dir) that contains the > key with CS. > Possible, yes, easy, definitely not. Think "split the key into packets, read RFC2440, fiddle with its bits, turn the bits back into a key". > >>> 5) Would it change my primary key in such a way, that it renders the >>> signatures that I've already received from other users invalid? >>> >> >> No. This does not affect third-party signatures. >> >> > Good,.. so I could change this as often as I'd like to, correct? > I wouldn't advise it. Add a subkey. If you don't want your primary key to be "accidentaly" used for signing, backup your key, export the secret subkeys only, delete the secret part of the key, and import the secret subkeys. That way you can still sign and encrypt as normal but you won't be able to use the secret part of the primary key. MAKE SURE YOU BACKUP THE ORIGINAL! - -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 | X Against HTML email & vCards http://tinyurl.com/cc9up | / \ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQEVAwUBQ3C3z7MAAH8MeUlWAQhUCgf+ND53aPMn+VqE/FXVA4L/CsDYtz9j7cQl bKZUid8hamWhTYbCIo5IT5kvOlLAS19VlBImT6XaSXOFJXnJt9TfpNHabI3YvKN+ GJSnGTDrnIISCK9pv8nL3+e5FomS+CMwiLR7LV7VDja4q+AXkxRzgNMDlKzYDn9R J0hCVvBPVKpGJK+7JuLo3FEWt3D+i3vxsq76zqmlXR2Tg2yWJPiqcUfR9aDme5e0 LLFlE0CpDdPspvKn+Ai93+OWt9jOAxT5hYY6E2+IgYrqT78AtakQ1Iu5UwoQ+Cqv OVWXzGwlHhg0FXapKO3P5kRXCvys+ZGoVKuzn6BTKPXNMkuxV2F8cA== =l690 -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Tue Nov 8 15:42:11 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Nov 8 15:42:29 2005 Subject: Keytypes and changing them In-Reply-To: <4370B653.2050405@mathematica.scientia.net> References: <43708B91.7020901@mathematica.scientia.net> <20051108132416.GB12617@jabberwocky.com> <4370B653.2050405@mathematica.scientia.net> Message-ID: <20051108144211.GA15713@jabberwocky.com> On Tue, Nov 08, 2005 at 03:29:39PM +0100, Christoph Anton Mitterer wrote: > >Yes. Many people do it this way, including myself. It's not actually > >an RSA-S key (that's deprecated), but a regular RSA key with the S > >flag set. However, you don't actually want to change the primary from > >CS to C. > > > > > Why not? *g* Of course I could just don't use my primary key for signing > plain data,.. but I think it would be better to indicate that with the > flag, too. Why? > And again,.. is it posible to change the flag on an existing key? And > how is it done? Via a selfsignature? If so, I could change the flag to > C, indicating everybody that I'm using the primary key for > signing-other-keys-only and if someone should insist on > challenge-response I could use the --expert flag or store a local-only > version of the key (e.g. in an seperate .gnupg dir) that contains the > key with CS. Well, sure, given a particular effect you want to achieve, you can always come up with a hideously complicated way to do it involving multiple copies of the key and extra work. Most people like to do it the easy way. > >>5) Would it change my primary key in such a way, that it renders the > >>signatures that I've already received from other users invalid? > >> > >> > >No. This does not affect third-party signatures. > > > > > Good,.. so I could change this as often as I'd like to, correct? If such a feature existed in GnuPG, yes. David From dshaw at jabberwocky.com Tue Nov 8 15:56:38 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Nov 8 15:56:59 2005 Subject: Prefered algorithms priority In-Reply-To: <436FD5FD.4020906@mathematica.scientia.net> References: <436F9892.5050602@mathematica.scientia.net> <20051107212352.GA12617@jabberwocky.com> <436FD5FD.4020906@mathematica.scientia.net> Message-ID: <20051108145638.GB15713@jabberwocky.com> On Mon, Nov 07, 2005 at 11:32:29PM +0100, Christoph Anton Mitterer wrote: > David Shaw wrote: > > >>How is the priority specified? Is it from left to right, meaning that an > >>algorithm a left from another (b) is preferd in favour of b? > >>setpref --->--->--->---> ? > >> > >> > >Correct, it's left to right. The algorithm works by eliminating any > >algorithm that isn't usable by all recipients (remember that by > >definition 3DES is usable by all recipients, so it will be used if all > >else fails). > > > > > Ahh,.. thanks and what is about other algorithms,.. if I, for example, > exclude MD5 from my prefered hash algorithms,... will this indicate > other users that I DO NOT accept MD5 hashed signatures? It indicates to other users that you don't WANT to accept MD5 hashed signatures. It doesn't mean you won't get one. David From cam at mathematica.scientia.net Tue Nov 8 16:22:16 2005 From: cam at mathematica.scientia.net (Christoph Anton Mitterer) Date: Tue Nov 8 16:22:02 2005 Subject: Keytypes and changing them In-Reply-To: <20051108144211.GA15713@jabberwocky.com> References: <43708B91.7020901@mathematica.scientia.net> <20051108132416.GB12617@jabberwocky.com> <4370B653.2050405@mathematica.scientia.net> <20051108144211.GA15713@jabberwocky.com> Message-ID: <4370C2A8.8000605@mathematica.scientia.net> David Shaw wrote: >On Tue, Nov 08, 2005 at 03:29:39PM +0100, Christoph Anton Mitterer wrote: > > >>>Yes. Many people do it this way, including myself. It's not actually >>>an RSA-S key (that's deprecated), but a regular RSA key with the S >>>flag set. However, you don't actually want to change the primary from >>>CS to C. >>> >>> >>Why not? *g* Of course I could just don't use my primary key for signing >>plain data,.. but I think it would be better to indicate that with the >>flag, too. >> >> >Why? > > Uhm,.. don't know *g* but I think the implementors of RFC2440 did not include that without a reason =) >>And again,.. is it posible to change the flag on an existing key? And >>how is it done? Via a selfsignature? If so, I could change the flag to >>C, indicating everybody that I'm using the primary key for >>signing-other-keys-only and if someone should insist on >>challenge-response I could use the --expert flag or store a local-only >>version of the key (e.g. in an seperate .gnupg dir) that contains the >>key with CS. >> >> >Well, sure, given a particular effect you want to achieve, you can >always come up with a hideously complicated way to do it involving >multiple copies of the key and extra work. Most people like to do it >the easy way. > Ok,.. I give up ... :'-( ;-) Thanks anyway :) Best wishes, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: cam.vcf Type: text/x-vcard Size: 449 bytes Desc: not available Url : /pipermail/attachments/20051108/896dfa91/cam.vcf From lusfert at gmail.com Tue Nov 8 17:17:01 2005 From: lusfert at gmail.com (lusfert) Date: Tue Nov 8 18:12:39 2005 Subject: Keytypes and changing them In-Reply-To: <43708B91.7020901@mathematica.scientia.net> References: <43708B91.7020901@mathematica.scientia.net> Message-ID: <4370CF7D.4090402@gmail.com> Christoph Anton Mitterer wrote: > Ok,.. I know that you can set at least the following flags to specify > the purpose of a key: > A - authorsation > C - certification > E - encryption > S - signation > What does type "A" mean and where is it used? -- With best regards, Current OpenPGP key ID: 0x500B8987 Fingerprint: E883 045D 36FB 8CA3 8D69 9C79 9E35 3B56 500B 8987 Encrypted e-mail preferred. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 222 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20051108/4099d521/signature.pgp From dshaw at jabberwocky.com Tue Nov 8 18:27:36 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Nov 8 18:27:55 2005 Subject: Keytypes and changing them In-Reply-To: <4370CF7D.4090402@gmail.com> References: <43708B91.7020901@mathematica.scientia.net> <4370CF7D.4090402@gmail.com> Message-ID: <20051108172736.GA15888@jabberwocky.com> On Tue, Nov 08, 2005 at 07:17:01PM +0300, lusfert wrote: > Christoph Anton Mitterer wrote: > > > Ok,.. I know that you can set at least the following flags to specify > > the purpose of a key: > > A - authorsation > > C - certification > > E - encryption > > S - signation > > > What does type "A" mean and where is it used? One possible (and current) use is to use an OpenPGP key for ssh authentication. David From ml at bitfalle.org Tue Nov 8 21:54:36 2005 From: ml at bitfalle.org (markus reichelt) Date: Tue Nov 8 21:54:55 2005 Subject: ECC In-Reply-To: <200511062201.jA6M1G1L001638@vulcan.xs4all.nl> References: <20051104183207.GG7987@dantooine> <200511062201.jA6M1G1L001638@vulcan.xs4all.nl> Message-ID: <20051108205435.GA4637@dantooine> * Johan Wevers wrote: > markus reichelt wrote: > > >I put the speculations aside and stick with the fact that the NSA > >recommends ECC for government use. That's enough for _me_. > > What makes you think the NSA doesn't want to decrypt US government > traffic? I don't care what the NSA wants. -- being bored -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20051108/4fe506ca/attachment.pgp From ml at bitfalle.org Tue Nov 8 22:00:18 2005 From: ml at bitfalle.org (markus reichelt) Date: Tue Nov 8 22:41:43 2005 Subject: ECC In-Reply-To: <8764r4dhkw.fsf@wheatstone.g10code.de> References: <8764reuheb.fsf@wheatstone.g10code.de> <43663A14.7010003@mathematica.scientia.net> <20051031191816.GA4606@dantooine> <436695F5.5020706@mathematica.scientia.net> <20051031225240.GC4606@dantooine> <4366A4BB.8060804@mathematica.scientia.net> <20051104145303.GC7987@dantooine> <436B90EF.6090505@exit109.com> <20051104183207.GG7987@dantooine> <8764r4dhkw.fsf@wheatstone.g10code.de> Message-ID: <20051108210018.GB4637@dantooine> * Werner Koch wrote: > On Fri, 04 Nov 2005 19:32:07 +0100, markus reichelt said: > > > I put the speculations aside and stick with the fact that the NSA > > recommends ECC for government use. That's enough for _me_. > > There is a rationale reason why NIST (not the NSA) will go for ECC: Right, I often mix these two up. -- being bored -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20051108/4ae9da1b/attachment-0001.pgp From cam at mathematica.scientia.net Tue Nov 8 22:46:18 2005 From: cam at mathematica.scientia.net (Christoph Anton Mitterer) Date: Tue Nov 8 22:46:04 2005 Subject: Keytypes and changing them In-Reply-To: <4370B7CF.1050007@gmail.com> References: <43708B91.7020901@mathematica.scientia.net> <20051108132416.GB12617@jabberwocky.com> <4370B653.2050405@mathematica.scientia.net> <4370B7CF.1050007@gmail.com> Message-ID: <43711CAA.8000802@mathematica.scientia.net> Alphax wrote: > >What would be the disadvantages? > > > You could end up with conflicting copies of the same key for one... What does that mean? Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: cam.vcf Type: text/x-vcard Size: 449 bytes Desc: not available Url : /pipermail/attachments/20051108/159dcb0b/cam.vcf From cam at mathematica.scientia.net Tue Nov 8 22:39:21 2005 From: cam at mathematica.scientia.net (Christoph Anton Mitterer) Date: Tue Nov 8 23:04:14 2005 Subject: Keytypes and changing them In-Reply-To: <4370CF7D.4090402@gmail.com> References: <43708B91.7020901@mathematica.scientia.net> <4370CF7D.4090402@gmail.com> Message-ID: <43711B09.8050103@mathematica.scientia.net> lusfert wrote: >What does type "A" mean and where is it used? > It means that the key can be used for authentication,... e.g. for ssh or so. Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: cam.vcf Type: text/x-vcard Size: 449 bytes Desc: not available Url : /pipermail/attachments/20051108/47221482/cam.vcf From vedaal at hush.com Tue Nov 8 23:41:42 2005 From: vedaal at hush.com (vedaal@hush.com) Date: Tue Nov 8 23:46:39 2005 Subject: problem with truecrypt // 'hidden volume' detectable Message-ID: <200511082241.jA8Mfkue020189@mailserver2.hushmail.com> a problem has been discovered with truecrypt in that it is possible to detect a 'hiiden volume' (i.e. the 'plausible deniability' is *not* reliable) i posted here recommending truecrypt (http://lists.gnupg.org/pipermail/gnupg-users/2005- October/027155.html) for 'plausibile deniability' so, to anyone who may have used or is thinking about using, truecrypt for plausible deniability, here is the description of the problems found (from a thread on sci.crypt) http://groups.google.com/group/sci.crypt/msg/a30ac58c279087f2?dmode= source and http://groups.google.com/group/sci.crypt/msg/e42d12074436220d?dmode= source n.b. there is no evidence of insecurity of the 'container' itself and no attack on recovery of any files form within the container the attack is only on the detectability of the 'hidden volume' (also, it may be 'fixable' in an newer version) vedaal Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 From cam at mathematica.scientia.net Tue Nov 8 23:41:43 2005 From: cam at mathematica.scientia.net (Christoph Anton Mitterer) Date: Wed Nov 9 00:00:47 2005 Subject: Keytypes and changing them In-Reply-To: <20051108144211.GA15713@jabberwocky.com> References: <43708B91.7020901@mathematica.scientia.net> <20051108132416.GB12617@jabberwocky.com> <4370B653.2050405@mathematica.scientia.net> <20051108144211.GA15713@jabberwocky.com> Message-ID: <437129A7.5090409@mathematica.scientia.net> David Shaw wrote: >If such a feature existed in GnuPG, yes. > >David > > Uhm,.. I rethought the whole thing,... and I came to the reason that I gave up too fast ;-) Ok,.. you told me that the disadvantage of C-only keys would be that you can't response to challenges. Is this the only reason? As far as I know a challenge/response is used by some users to verify the email of an UID before they sign it. But lots of people do not validate this, because they think it wouldn make sense at all. E.g. if someone uses some freemail address he could lose the address after validation because the provider stops his service. So signing the eMail as part of an UID does not really secure that the address is under the controll of the keyholder, does it? The only solution (in my opinion) are services like PGP Global Directory Key or so,... But I think it is not so important to secure if the email is under controll of the keyowner. The worst thing that could happen is, that an encrypted message isn't received by the (private)-key owner, because the email is wrong. But this can even happen when the email is correct (e.g. if someone controlls part of the network). What it all comes down to is: In my opinion - and correct me if I'm wrong - validating the email once does not make much sense. The only good alternative is some service like PGP Global Directory Key. What are the advantages of using C-only keys? Uhm,.. inm y opinion the stanard intends using C-only keys, if not they would have created only the S-flag, that stands for both, signing and certification. But they created the following flags: 0x01 - This key may be used to certify other keys. 0x02 - This key may be used to sign data. 0x04 - This key may be used to encrypt communications. 0x08 - This key may be used to encrypt storage. 0x10 - The private component of this key may have been split by a secret-sharing mechanism. 0x80 - The private component of this key may be in the possession of more than one person. Another advantage is perhaps, that a C-only key shows other users that the key is perhaps used in a more secure way (because it's not used for signing plain data). => I think GPG shoud offer an option (like setprefs) to switch the key-usage flags of primary and secondary keys. I spent the last three or four hours browsing through the GPG code, but I had to resign because it probably takes to long to become familiar with it. 1) Is this feature going to be introduced in upcoming versions, or is there some kind of wishlist where I could ask for it :-D ? 2) Or can someone here help me and point me to the right places and funtions that I have to use for implementing such a feature? Best wishes, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: cam.vcf Type: text/x-vcard Size: 449 bytes Desc: not available Url : /pipermail/attachments/20051108/96ec96c7/cam.vcf From cam at mathematica.scientia.net Wed Nov 9 00:53:45 2005 From: cam at mathematica.scientia.net (Christoph Anton Mitterer) Date: Wed Nov 9 01:14:43 2005 Subject: Keytypes and changing them In-Reply-To: <437129A7.5090409@mathematica.scientia.net> References: <43708B91.7020901@mathematica.scientia.net> <20051108132416.GB12617@jabberwocky.com> <4370B653.2050405@mathematica.scientia.net> <20051108144211.GA15713@jabberwocky.com> <437129A7.5090409@mathematica.scientia.net> Message-ID: <43713A89.2030509@mathematica.scientia.net> Or is there perhaps another software that I could use for chaging the key usage flags (without damaging my key or changing the format or so). Of course I'd prefer using GnuPG because I trust this the most :-) Once again,.. I'm only going to do this,.. if it wouldn't have disadvantages for the security. But if the only disadvantage is that I have more work when someone asks me to response to a challenge I would live with that ;-) Best wishes, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: cam.vcf Type: text/x-vcard Size: 449 bytes Desc: not available Url : /pipermail/attachments/20051109/1d0e5f44/cam.vcf From dshaw at jabberwocky.com Wed Nov 9 02:09:47 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Nov 9 02:30:15 2005 Subject: Keytypes and changing them In-Reply-To: <43713A89.2030509@mathematica.scientia.net> References: <43708B91.7020901@mathematica.scientia.net> <20051108132416.GB12617@jabberwocky.com> <4370B653.2050405@mathematica.scientia.net> <20051108144211.GA15713@jabberwocky.com> <437129A7.5090409@mathematica.scientia.net> <43713A89.2030509@mathematica.scientia.net> Message-ID: <20051109010947.GB16521@jabberwocky.com> On Wed, Nov 09, 2005 at 12:53:45AM +0100, Christoph Anton Mitterer wrote: > Or is there perhaps another software that I could use for chaging the > key usage flags (without damaging my key or changing the format or so). > Of course I'd prefer using GnuPG because I trust this the most :-) > > Once again,.. I'm only going to do this,.. if it wouldn't have > disadvantages for the security. But if the only disadvantage is that I > have more work when someone asks me to response to a challenge I would > live with that ;-) It has absolutely no impact on security, either for or against. It is a 90% meaningless flag, and is in fact happily ignored in virtually all OpenPGP applications. If you insist on making such a key, the only impact that you'll notice is that you won't be able to answer email challenges using GnuPG. You sound like you really, really, want to do this. I'm telling you it's a bad idea, but it's your key. You have to be happy with it. David From cam at mathematica.scientia.net Wed Nov 9 02:11:05 2005 From: cam at mathematica.scientia.net (Christoph Anton Mitterer) Date: Wed Nov 9 02:31:39 2005 Subject: Keytypes and changing them In-Reply-To: <437148E1.2000106@gmail.com> References: <43708B91.7020901@mathematica.scientia.net> <20051108132416.GB12617@jabberwocky.com> <4370B653.2050405@mathematica.scientia.net> <4370B7CF.1050007@gmail.com> <43711CAA.8000802@mathematica.scientia.net> <437148E1.2000106@gmail.com> Message-ID: <43714CA9.40006@mathematica.scientia.net> Alphax wrote: > It means, the "expected" behaviour for what the keyservers/PGP/GPG will > do when it finds that the usage flags have changed on a primary key is > completely undocumented, because they are *not supposed to change*. I > don't think they're protected by the fingerprint/selfsignature (although > I would need to check that), but it makes you wonder why no current > OpenPGP implementations let you change them if they're not protected... Ah,.. well I'm not completely sure if I understood RFC2440 correct, but as far as I can see,... the key usage flag IS part of the selfsignautre and thus it should be possible to change it,.. and keyservers should have no big problems with it, at least modern keyservers. For them it should be similar to changing algorithm preferences. btw: I haven't uploaded my current key yet, so this is (in my case) not such a big problem, I think. Do you now of an application that allows me to change the usage flag? Without damaging my key or changing its format? Or an description how I can do it manually? Best wishes, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: cam.vcf Type: text/x-vcard Size: 449 bytes Desc: not available Url : /pipermail/attachments/20051109/8659e0d7/cam.vcf From dshaw at jabberwocky.com Wed Nov 9 02:10:03 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Nov 9 02:42:33 2005 Subject: Keytypes and changing them In-Reply-To: <437129A7.5090409@mathematica.scientia.net> References: <43708B91.7020901@mathematica.scientia.net> <20051108132416.GB12617@jabberwocky.com> <4370B653.2050405@mathematica.scientia.net> <20051108144211.GA15713@jabberwocky.com> <437129A7.5090409@mathematica.scientia.net> Message-ID: <20051109011003.GA16552@jabberwocky.com> On Tue, Nov 08, 2005 at 11:41:43PM +0100, Christoph Anton Mitterer wrote: > David Shaw wrote: > > >If such a feature existed in GnuPG, yes. > > > >David > > > > > Uhm,.. I rethought the whole thing,... and I came to the reason that I > gave up too fast ;-) > > Ok,.. you told me that the disadvantage of C-only keys would be that you > can't response to challenges. Is this the only reason? > As far as I know a challenge/response is used by some users to verify > the email of an UID before they sign it. But lots of people do not > validate this, because they think it wouldn make sense at all. E.g. if > someone uses some freemail address he could lose the address after > validation because the provider stops his service. So signing the eMail > as part of an UID does not really secure that the address is under the > controll of the keyholder, does it? That is not how email challenges work. If someone loses their email address, the signature is effectively invalid. That's a feature, not a flaw. When you sign an email address, you are certifying that it is valid at that point. Obviously you can't certify it as valid forever. > The only solution (in my opinion) are services like PGP Global Directory > Key or so,... > But I think it is not so important to secure if the email is under > controll of the keyowner. The worst thing that could happen is, that an > encrypted message isn't received by the (private)-key owner, because the > email is wrong. But this can even happen when the email is correct (e.g. > if someone controlls part of the network). > What it all comes down to is: In my opinion - and correct me if I'm > wrong - validating the email once does not make much sense. The only > good alternative is some service like PGP Global Directory Key. > > What are the advantages of using C-only keys? > Uhm,.. inm y opinion the stanard intends using C-only keys, if not they > would have created only the S-flag, that stands for both, signing and > certification. > But they created the following flags: > > 0x01 - This key may be used to certify other keys. > 0x02 - This key may be used to sign data. > 0x04 - This key may be used to encrypt communications. > 0x08 - This key may be used to encrypt storage. > 0x10 - The private component of this key may have been split by a > secret-sharing mechanism. > 0x80 - The private component of this key may be in the possession of more > than one person. Isn't this really saying you want to use a C-only key because it is possible to use it? I don't see you presenting a reason to use them aside from "the standard has them, and since they exist in the standard, clearly they're supposed to be used". Lots of things are possible, but not necessarily useful. C-only keys are possible, but not viable in the real world. Note that it's also possible to make a CS Elgamal-E key. It's utterly meaningless, but physically possible to create. Not every bit pattern is useful. > Another advantage is perhaps, that a C-only key shows other users that > the key is perhaps used in a more secure way (because it's not used for > signing plain data). It doesn't say this. You could make a CS key, sign some data, then flip it to a C-only key. The other user can infer exactly nothing about the past usage of a CS key compared to a C key. David From johanw at vulcan.xs4all.nl Wed Nov 9 10:12:19 2005 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Wed Nov 9 13:32:56 2005 Subject: ECC In-Reply-To: <20051108205435.GA4637@dantooine> Message-ID: <200511090912.jA99CJ6f013104@vulcan.xs4all.nl> markus reichelt wrote: >> What makes you think the NSA doesn't want to decrypt US government >> traffic? > I don't care what the NSA wants. I meant to say that, as others also pointed out, that this can mean that the NSA will promote encryption that they think they alone can crack. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From pete at gingermonkey.co.uk Wed Nov 9 13:08:16 2005 From: pete at gingermonkey.co.uk (Pete Croft) Date: Wed Nov 9 14:55:48 2005 Subject: gpg and PHP (return value 2) Message-ID: Hi, I expect I'm being an idiot, and will be mortified by the answer, but having searched the web and assorted archives, I can't turn up an answer so I thought I'd brave the list ... I've installed gpg on a couple of boxes (Windows Server 2003/IIS and a Suse/Apache machine). Used from the CLI it works just fine on both. Any attempts to use it via a PHP script consistently fail with a return code of "2", and to date I haven't managed to track down a list of error return values. I suspect it's a permissions problem: the source file for encryption exists, the key is correct, and the exact same command issued via CLI produces the output file as desired, so in the absence of other evidence I'm guessing that the user PHP's running as can't get to gpg, or doesn't have permission to execute it? Any pointers/solutions would be most welcome, as this is driving me quietly mad. Regards, Pete From ml at bitfalle.org Wed Nov 9 14:56:41 2005 From: ml at bitfalle.org (markus reichelt) Date: Wed Nov 9 14:56:40 2005 Subject: ECC In-Reply-To: <200511090912.jA99CJ6f013104@vulcan.xs4all.nl> References: <20051108205435.GA4637@dantooine> <200511090912.jA99CJ6f013104@vulcan.xs4all.nl> Message-ID: <20051109135641.GA3094@dantooine> * Johan Wevers wrote: > markus reichelt wrote: > > >> What makes you think the NSA doesn't want to decrypt US government > >> traffic? > > > I don't care what the NSA wants. > > I meant to say that, as others also pointed out, that this can mean > that the NSA will promote encryption that they think they alone can > crack. You're right of course, this would be typical behaviour. However... Some of you got the hint, some didn't: As I said early in this thread that my opinion of the NSA being able to crack PKC quite easily is based on my personal belief, *just like one might believe in god or not*. I do not feel inclined to discuss the matter any further. deleted -- I still don't care what the NSA wants. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20051109/198a64a9/attachment.pgp From zvrba at globalnet.hr Wed Nov 9 15:29:38 2005 From: zvrba at globalnet.hr (zvrba@globalnet.hr) Date: Wed Nov 9 15:30:13 2005 Subject: gpg and PHP (return value 2) In-Reply-To: References: Message-ID: <20051109142938.GB5493@zax.ifi.uio.no> On Wed, Nov 09, 2005 at 12:08:16PM -0000, Pete Croft wrote: > > I suspect it's a permissions problem: the source file for encryption > exists, the key is correct, and the exact same command issued via CLI > produces the output file as desired, so in the absence of other evidence > I'm guessing that the user PHP's running as can't get to gpg, or doesn't > have permission to execute it? > Or doesn't have permissions to read/write the source/destination file. Does it have gpg in PATH? Do you specify a full path to the binary in your script? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20051109/51157411/attachment.pgp From mail at mark-kirchner.de Wed Nov 9 18:33:28 2005 From: mail at mark-kirchner.de (Mark Kirchner) Date: Wed Nov 9 19:55:46 2005 Subject: ECC In-Reply-To: <20051109135641.GA3094@dantooine> References: <20051108205435.GA4637@dantooine> <200511090912.jA99CJ6f013104@vulcan.xs4all.nl> <20051109135641.GA3094@dantooine> Message-ID: <36149320.20051109183328@mark-kirchner.de> On Wednesday, November 9, 2005, 2:56:41 PM, markus wrote: > Some of you got the hint, some didn't: As I said early in this thread > that my opinion of the NSA being able to crack PKC quite easily is > based on my personal belief, *just like one might believe in god or > not*. I do not feel inclined to discuss the matter any further. So, then why exactly did you bring it up in the first place? /You/ told the list that you "think that the guys [...] at NSA can break public key crypto quite easily". Now, that is quite a daring statement, and naturally that provoked curious questions. And now your reply to that is just "it's my personal belief"? Um, sorry, but if that's the case, you _really_ shouldn't have brought up the topic... So, pretty please: What are the facts / hints / suspicions your belief is based on? (Even most of the believers in god can at least come up with those... ;-) Regards, Mark Kirchner -- _____________________________________________________________ Key (0x172C073C): http://www.mark-kirchner.de/keys/key-mk.asc -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 183 bytes Desc: not available Url : /pipermail/attachments/20051109/6a75e2b8/attachment.pgp From samuel at Update.UU.SE Wed Nov 9 19:16:10 2005 From: samuel at Update.UU.SE (Samuel ]slund) Date: Wed Nov 9 20:11:20 2005 Subject: gpg and PHP (return value 2) In-Reply-To: <20051109142938.GB5493@zax.ifi.uio.no> References: <20051109142938.GB5493@zax.ifi.uio.no> Message-ID: <20051109181610.GB3390@Update.UU.SE> On Wed, Nov 09, 2005 at 03:29:38PM +0100, zvrba@globalnet.hr wrote: > On Wed, Nov 09, 2005 at 12:08:16PM -0000, Pete Croft wrote: > > > > I suspect it's a permissions problem: the source file for encryption > > exists, the key is correct, and the exact same command issued via CLI > > produces the output file as desired, so in the absence of other evidence > > I'm guessing that the user PHP's running as can't get to gpg, or doesn't > > have permission to execute it? > > > Or doesn't have permissions to read/write the source/destination file. Does it > have gpg in PATH? Do you specify a full path to the binary in your script? A quick check gives me a 126 from my shell (zsh) if I do not have permission to execute a file. 127 if it can not find the file. I have frequently heard of file permissions on the key-ring as a source of trouble in the setting you describe. PHP is probably running a nobody or Apache or something equally restrictive, with good reason. For other good reasons the key-rings usually have read and write permissions for only the user. HTH //Samuel From cedar at 3web.net Wed Nov 9 20:29:28 2005 From: cedar at 3web.net (cdr) Date: Wed Nov 9 20:30:23 2005 Subject: ECC In-Reply-To: <36149320.20051109183328@mark-kirchner.de> References: <20051108205435.GA4637@dantooine> <200511090912.jA99CJ6f013104@vulcan.xs4all.nl> <20051109135641.GA3094@dantooine> <36149320.20051109183328@mark-kirchner.de> Message-ID: <43724E18.7080500@3web.net> Mark Kirchner wrote: > /You/ told the list that you "think that the guys [...] at NSA can > break public key crypto quite easily". > Now, that is quite a daring statement, and naturally that provoked > curious questions. And now your reply to that is just "it's my > personal belief"? Um, sorry, but if that's the case, you _really_ > shouldn't have brought up the topic... Daring statement, prudent skepticism - or something in between. What difference does it make? Surely that poster is not the only one looking for alternatives to factoring-based one-way functions? cdr From lusfert at gmail.com Wed Nov 9 21:04:22 2005 From: lusfert at gmail.com (lusfert) Date: Wed Nov 9 21:04:47 2005 Subject: Keytypes and changing them In-Reply-To: <20051108172736.GA15888@jabberwocky.com> References: <43708B91.7020901@mathematica.scientia.net> <4370CF7D.4090402@gmail.com> <20051108172736.GA15888@jabberwocky.com> Message-ID: <43725646.4050504@gmail.com> David Shaw wrote: > On Tue, Nov 08, 2005 at 07:17:01PM +0300, lusfert wrote: > >>Christoph Anton Mitterer wrote: >> >> >>>Ok,.. I know that you can set at least the following flags to specify >>>the purpose of a key: >>>A - authorsation >>>C - certification >>>E - encryption >>>S - signation >>> >> >>What does type "A" mean and where is it used? > > > One possible (and current) use is to use an OpenPGP key for ssh > authentication. > > David Christoph Anton Mitterer wrote: > lusfert wrote: > >> What does type "A" mean and where is it used? >> > It means that the key can be used for authentication,... e.g. for ssh or > so. > > Chris. Thanks for useful replies. -- With best regards, Current OpenPGP key ID: 0x500B8987 Fingerprint: E883 045D 36FB 8CA3 8D69 9C79 9E35 3B56 500B 8987 Encrypted e-mail preferred. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 222 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20051109/6106a2f0/signature.pgp From pkern at debian.org Wed Nov 9 21:34:34 2005 From: pkern at debian.org (Philipp Kern) Date: Wed Nov 9 22:25:53 2005 Subject: USB tokens instead of smartcards Message-ID: <76261BB7-0A12-4082-8A53-36B938C67134@debian.org> Hi there, do you recommend any USB token for use with GnuPG? I currently consider to buy an OpenPGP smartcard but the thought to have a tiny USB token instead of a big smartcard reader is appealing to me, especially because they might share the same protocol. But I think the question is more if there are supported ones because I found most supporting PKCS thus requiring OpenSC et al. I want to use it for secure GnuPG encryption, signing and SSH authentication. RSA-1024 is still sufficiently secure, I guess? Thanks in advance for any answer, Philipp Kern From pkern at debian.org Wed Nov 9 22:55:29 2005 From: pkern at debian.org (Philipp Kern) Date: Wed Nov 9 22:55:21 2005 Subject: USB tokens instead of smartcards In-Reply-To: <43726EF8.1090505@pengdows.com> References: <76261BB7-0A12-4082-8A53-36B938C67134@debian.org> <43726EF8.1090505@pengdows.com> Message-ID: <18003C7C-EA00-4676-9FCB-98DEA1A85AFC@debian.org> On Nov 9, 2005, at 22:49, Alaric Dailey wrote: > USB tokens are a smartcard and reader in one, nothing more. Yeah, I got that fact. So to clarify: A USB token with a supported smartcard in it. Kind regards, Philipp Kern From pete at gingermonkey.co.uk Wed Nov 9 23:11:38 2005 From: pete at gingermonkey.co.uk (Pete Croft) Date: Wed Nov 9 23:11:30 2005 Subject: gpg and PHP (return value 2)[Scanned] Message-ID: > I have frequently heard of file permissions on the key-ring > as a source of trouble in the setting you describe. PHP is > probably running a nobody or Apache or something equally > restrictive, with good reason. For other good reasons the > key-rings usually have read and write permissions for only the user. Many thanks Samuel. Have just spent a merry half hour moving the keyrings about and changing ownership/groups and folder permissions, and it now all works perfectly. Regards, Pete From ryan at malayter.com Thu Nov 10 00:26:38 2005 From: ryan at malayter.com (Ryan Malayter) Date: Thu Nov 10 00:26:27 2005 Subject: USB tokens instead of smartcards In-Reply-To: <18003C7C-EA00-4676-9FCB-98DEA1A85AFC@debian.org> References: <76261BB7-0A12-4082-8A53-36B938C67134@debian.org> <43726EF8.1090505@pengdows.com> <18003C7C-EA00-4676-9FCB-98DEA1A85AFC@debian.org> Message-ID: <5d7f07420511091526l9181bc5xa1fed6bca13f58be@mail.gmail.com> On 11/9/05, Philipp Kern wrote: > Yeah, I got that fact. So to clarify: A USB token with a supported > smartcard in it. I don't know if they are supported by GnuPG, but we have several of the Aladdin eToken devices bundled by PGP Corp. with PGP Desktop v9. They work fairly well with that commercial PGP implementation. http://www.aladdin.com/etoken/pro/usb.asp -- RPM ========================= All problems can be solved by diplomacy, but violence and treachery are equally effective, and more fun. -Anonymous From wk at gnupg.org Thu Nov 10 09:49:42 2005 From: wk at gnupg.org (Werner Koch) Date: Thu Nov 10 09:51:51 2005 Subject: USB tokens instead of smartcards In-Reply-To: <18003C7C-EA00-4676-9FCB-98DEA1A85AFC@debian.org> (Philipp Kern's message of "Wed, 9 Nov 2005 22:55:29 +0100") References: <76261BB7-0A12-4082-8A53-36B938C67134@debian.org> <43726EF8.1090505@pengdows.com> <18003C7C-EA00-4676-9FCB-98DEA1A85AFC@debian.org> Message-ID: <87ek5osx95.fsf@wheatstone.g10code.de> On Wed, 9 Nov 2005 22:55:29 +0100, Philipp Kern said: > Yeah, I got that fact. So to clarify: A USB token with a supported > smartcard in it. You may try to cut an OpenPGP card to ID-000 size. Shalom-Salam, Werner From cam at mathematica.scientia.net Thu Nov 10 21:00:56 2005 From: cam at mathematica.scientia.net (Christoph Anton Mitterer) Date: Thu Nov 10 21:00:49 2005 Subject: back signatures In-Reply-To: <20051107153630.GA12184@jabberwocky.com> References: <20051104191516.GA3364@sky.schizandra.ru> <20051104192409.GB5239@jabberwocky.com> <436C4CA4.4080108@gmail.com> <20051105133043.GC5220@jabberwocky.com> <436F55AE.2080901@gmail.com> <20051107134125.GF9758@jabberwocky.com> <436F7000.4030307@mathematica.scientia.net> <20051107153630.GA12184@jabberwocky.com> Message-ID: <4373A6F8.5000608@mathematica.scientia.net> David Shaw wrote: >>And what is the "theory" behind them,... e.g. how do they improve security? >> >> >Current signing subkeys have a weakness in that they can be moved from >one key to another without the key owner's approval. > >This means that if I sign a message with a signing subkey, someone >else can lift the (public) signing subkey off of my key, attach it to >theirs, and issue a new binding signature for it. This person can >then claim to be the person who signed the message. > > Ah,... I see,.. but is this problem only limited to signing subkeys? It should be, right? Because the primary is protected by the selfsigned user id? Or is there another reason? (just want to check if I'm slowly understand how all these things work :-D ) btw: You remember my C-only thread (I'll answer you lastest posts soon),... I played around a bit and read some parts of rfc2440. Ok when I split a key using gpgsplit I get about the following: pubkey uid selfsig on uid (Sig type - Positive certification of a User ID and Public Key packet(0x13)) subkey selfsig on subkey (Sig type - Subkey Binding Signature(0x18)) Ok,.. the 0x18 signature ist the one that binds the sub to the primary. =>so nobody can add his own subkey to my primary because he wouldn't be able to make a subkey binding sig, correct? =>but he is able do take my subkey and remove my 0x18 and add his one (that is where your back sig come into the game, correct?) Is it correct that the primary has not directly a single self sig packet, but rather 0x13s are used therefor? If so,.. what is 0x1F (signature direct on key) used for? I thought this is used for primary selfsigs. >Note that this person doesn't have the secret key or the passphrase - >they can't issue NEW signatures. They can only claim to be the signer >for existing signatures. They also can't stop the original signer >from claiming ownership. If it comes down to two people, both >claiming they issued a particular signature, just ask them both to >sign a challenge (a different challenge for each). The impostor won't >be able to. > >Anyway, back signatures avoid all that by adding a signature from the >signing subkey on the primary key. This proves that the owner of the >signing subkey is not an impostor, since the impostor could not issue >such a signature. > > Ah,.. ok,.. than backsignatures are VERY IMPORTANT, aren't they? And everybody should add them to existing keys.... Will gnupg and other clients autmatically indicate if an signing subkey has no backsig? Best wishes, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: cam.vcf Type: text/x-vcard Size: 449 bytes Desc: not available Url : /pipermail/attachments/20051110/e449e084/cam.vcf From dshaw at jabberwocky.com Thu Nov 10 21:24:34 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Thu Nov 10 21:24:59 2005 Subject: back signatures In-Reply-To: <4373A6F8.5000608@mathematica.scientia.net> References: <20051104191516.GA3364@sky.schizandra.ru> <20051104192409.GB5239@jabberwocky.com> <436C4CA4.4080108@gmail.com> <20051105133043.GC5220@jabberwocky.com> <436F55AE.2080901@gmail.com> <20051107134125.GF9758@jabberwocky.com> <436F7000.4030307@mathematica.scientia.net> <20051107153630.GA12184@jabberwocky.com> <4373A6F8.5000608@mathematica.scientia.net> Message-ID: <20051110202434.GB13632@jabberwocky.com> On Thu, Nov 10, 2005 at 09:00:56PM +0100, Christoph Anton Mitterer wrote: > David Shaw wrote: > > >>And what is the "theory" behind them,... e.g. how do they improve > >>security? > >> > >> > >Current signing subkeys have a weakness in that they can be moved from > >one key to another without the key owner's approval. > > > >This means that if I sign a message with a signing subkey, someone > >else can lift the (public) signing subkey off of my key, attach it to > >theirs, and issue a new binding signature for it. This person can > >then claim to be the person who signed the message. > > > > > Ah,... I see,.. but is this problem only limited to signing subkeys? It > should be, right? Because the primary is protected by the selfsigned > user id? Or is there another reason? (just want to check if I'm slowly > understand how all these things work :-D ) Not exactly. The problem is limited to signing subkeys because identity is attached to the primary key. When you make a signature with your primary key, you're saying "key XXXX made this signature, and key XXXX is owned by Joe Smith". When you make a signature with a signing subkey, you're saying "key XXXX made this signature, and key XXXX is owned by key YYYY and key YYYY is owned by Joe Smith". The problem is that only key YYYY (the primary) asserts ownership of key XXXX (the signing subkey), which means that ZZZZ (someone elses primary) can come along and also assert ownership of XXXX. The fix ("back signatures") is to have XXXX assert posession by YYYY. This foils ZZZZ since she cannot issue a signature from XXXX. > btw: You remember my C-only thread (I'll answer you lastest posts > soon),... I played around a bit and read some parts of rfc2440. > Ok when I split a key using gpgsplit I get about the following: > pubkey > uid > selfsig on uid (Sig type - Positive certification of a User ID and > Public Key packet(0x13)) > subkey > selfsig on subkey (Sig type - Subkey Binding Signature(0x18)) > > Ok,.. the 0x18 signature ist the one that binds the sub to the primary. > =>so nobody can add his own subkey to my primary because he wouldn't be > able to make a subkey binding sig, correct? Right. > =>but he is able do take my subkey and remove my 0x18 and add his one > (that is where your back sig come into the game, correct?) Right. > Is it correct that the primary has not directly a single self sig > packet, but rather 0x13s are used therefor? If so,.. what is 0x1F > (signature direct on key) used for? I thought this is used for primary > selfsigs. No, 0x13 (or 0x10, 0x11, 0x12) are used to sign a user ID and primary key together. Historically, people call this "signing a key", but it's really signing a user ID + key. 0x1F signatures are truly signing a key alone. > >Note that this person doesn't have the secret key or the passphrase - > >they can't issue NEW signatures. They can only claim to be the signer > >for existing signatures. They also can't stop the original signer > >from claiming ownership. If it comes down to two people, both > >claiming they issued a particular signature, just ask them both to > >sign a challenge (a different challenge for each). The impostor won't > >be able to. > > > >Anyway, back signatures avoid all that by adding a signature from the > >signing subkey on the primary key. This proves that the owner of the > >signing subkey is not an impostor, since the impostor could not issue > >such a signature. > > > > > Ah,.. ok,.. than backsignatures are VERY IMPORTANT, aren't they? And > everybody should add them to existing keys.... Yes, indeed. > Will gnupg and other clients autmatically indicate if an signing subkey > has no backsig? GnuPG does, as of 1.4.3. I expect other clients will do as well. David From alphasigmax at gmail.com Fri Nov 11 04:52:50 2005 From: alphasigmax at gmail.com (Alphax) Date: Fri Nov 11 04:53:34 2005 Subject: back signatures In-Reply-To: <20051110202434.GB13632@jabberwocky.com> References: <20051104191516.GA3364@sky.schizandra.ru> <20051104192409.GB5239@jabberwocky.com> <436C4CA4.4080108@gmail.com> <20051105133043.GC5220@jabberwocky.com> <436F55AE.2080901@gmail.com> <20051107134125.GF9758@jabberwocky.com> <436F7000.4030307@mathematica.scientia.net> <20051107153630.GA12184@jabberwocky.com> <4373A6F8.5000608@mathematica.scientia.net> <20051110202434.GB13632@jabberwocky.com> Message-ID: <43741591.9040809@gmail.com> David Shaw wrote: > On Thu, Nov 10, 2005 at 09:00:56PM +0100, Christoph Anton Mitterer wrote: > >snip> > >>btw: You remember my C-only thread (I'll answer you lastest posts >>soon),... I played around a bit and read some parts of rfc2440. >>Ok when I split a key using gpgsplit I get about the following: >>pubkey >>uid >>selfsig on uid (Sig type - Positive certification of a User ID and >>Public Key packet(0x13)) >>subkey >>selfsig on subkey (Sig type - Subkey Binding Signature(0x18)) >> >>Ok,.. the 0x18 signature ist the one that binds the sub to the primary. >>=>so nobody can add his own subkey to my primary because he wouldn't be >>able to make a subkey binding sig, correct? > > > Right. > > >>=>but he is able do take my subkey and remove my 0x18 and add his one >>(that is where your back sig come into the game, correct?) > > > Right. > > >>Is it correct that the primary has not directly a single self sig >>packet, but rather 0x13s are used therefor? If so,.. what is 0x1F >>(signature direct on key) used for? I thought this is used for primary >>selfsigs. > > > No, 0x13 (or 0x10, 0x11, 0x12) are used to sign a user ID and primary > key together. Historically, people call this "signing a key", but > it's really signing a user ID + key. > > 0x1F signatures are truly signing a key alone. > > So is a backsig of type 0x1F then?? -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 | X Against HTML email & vCards http://tinyurl.com/cc9up | / \ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 546 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20051111/f8cd3cd5/signature.pgp From dshaw at jabberwocky.com Fri Nov 11 05:33:23 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Fri Nov 11 05:34:01 2005 Subject: back signatures In-Reply-To: <43741591.9040809@gmail.com> References: <20051104192409.GB5239@jabberwocky.com> <436C4CA4.4080108@gmail.com> <20051105133043.GC5220@jabberwocky.com> <436F55AE.2080901@gmail.com> <20051107134125.GF9758@jabberwocky.com> <436F7000.4030307@mathematica.scientia.net> <20051107153630.GA12184@jabberwocky.com> <4373A6F8.5000608@mathematica.scientia.net> <20051110202434.GB13632@jabberwocky.com> <43741591.9040809@gmail.com> Message-ID: <20051111043323.GA14113@jabberwocky.com> On Fri, Nov 11, 2005 at 02:22:50PM +1030, Alphax wrote: > > 0x1F signatures are truly signing a key alone. > > > > > > So is a backsig of type 0x1F then?? No, they have their own type. They are 0x19. David From parthasarathiraju at hotmail.com Fri Nov 11 13:27:50 2005 From: parthasarathiraju at hotmail.com (partha sarathi) Date: Fri Nov 11 14:55:49 2005 Subject: How to execute gpgkeys_ldap, gpgkeys_curl, gpgkeys_finger, gpgkeys_hkp on hp-ux Message-ID: Hello All, I have built the GnuPG -1.4.2 with ldap and curl support.As I am new to this product i don't know how to run the binaries like gpgkeys_curl, gpgkeys_finger, gpgkeys_hkp,gpgkeys_ldap.Through searching on the net i failed to find any helpful resources regarding these ones. Can anyone please suggest me the way, how to execute these binaries or locate any helpful resources. Thanks, Partha _________________________________________________________________ Tried the new MSN Messenger? It’s cool! Download now. http://messenger.msn.com/Download/Default.aspx?mkt=en-in From parthasarathiraju at hotmail.com Fri Nov 11 13:28:08 2005 From: parthasarathiraju at hotmail.com (partha sarathi) Date: Fri Nov 11 14:55:57 2005 Subject: How to execute gpgkeys_ldap, gpgkeys_curl, gpgkeys_finger, gpgkeys_hkp on hp-ux Message-ID: Hello All, I have built the GnuPG -1.4.2 with ldap and curl support.As I am new to this product i don't know how to run the binaries like gpgkeys_curl, gpgkeys_finger, gpgkeys_hkp,gpgkeys_ldap.Through searching on the net i failed to find any helpful resources regarding these ones. Can anyone please suggest me the way, how to execute these binaries or locate any helpful resources. Thanks, Partha _________________________________________________________________ Shah Rukh fan? Know all about the Baadshah of Bollywood. On MSN Search http://server1.msn.co.in/profile/shahrukh.asp From dshaw at jabberwocky.com Fri Nov 11 15:05:21 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Fri Nov 11 15:05:40 2005 Subject: How to execute gpgkeys_ldap, gpgkeys_curl, gpgkeys_finger, gpgkeys_hkp on hp-ux In-Reply-To: References: Message-ID: <20051111140521.GB14113@jabberwocky.com> On Fri, Nov 11, 2005 at 12:28:08PM +0000, partha sarathi wrote: > Hello All, > > I have built the GnuPG -1.4.2 with ldap and curl support.As I am new to > this product i don't know how to run the binaries like gpgkeys_curl, > gpgkeys_finger, gpgkeys_hkp,gpgkeys_ldap.Through searching on the net i > failed to find any helpful resources regarding these ones. > Can anyone please suggest me the way, how to execute these binaries or > locate any helpful resources. You don't execute them. GPG executes them as needed. For example, if you are using a HKP keyserver like subkeys.pgp.net, then GPG will execute gpgkeys_hkp for you. David From sean_cerney at hotmail.com Fri Nov 11 21:12:06 2005 From: sean_cerney at hotmail.com (Sean Cerney) Date: Fri Nov 11 22:55:49 2005 Subject: automating gnupg decryption Message-ID: Hello All, I am using gnupg to decrypt files that are imported to us daily. These are xml files. I use GnuPG in a Windows environment. i'm trying to find the right command line code to use to automate the decryption of these files. I can enter the following code: gpg --output (pathname)\(desired output name) --decrypt (pathname)\*.xml.pgp where *.xml.pgp is any decrypted xml file in my folder. my question is: can I automate gpg to assign a unique name to the OUTPUT file (such as 11_05.xml, etc.) instead of manually entering a name each time? thanks for any help. _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ From boldyrev+nospam at cgitftp.uiggm.nsc.ru Fri Nov 11 23:24:04 2005 From: boldyrev+nospam at cgitftp.uiggm.nsc.ru (Ivan Boldyrev) Date: Sat Nov 12 01:00:50 2005 Subject: Keytypes and changing them References: <43708B91.7020901@mathematica.scientia.net> <4370CF7D.4090402@gmail.com> <20051108172736.GA15888__9673.3933933594$1131471344$gmane$org@jabberwocky.com> Message-ID: <79if43-esb.ln1@ibhome.cgitftp.uiggm.nsc.ru> On 9287 day of my life David Shaw wrote: >> What does type "A" mean and where is it used? > > One possible (and current) use is to use an OpenPGP key for ssh > authentication. Which SSH implementation does support it? It seems OpenSSH does not (at least I can't understand how to do it). -- Ivan Boldyrev | recursion, n: | See recursion -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 205 bytes Desc: not available Url : /pipermail/attachments/20051112/6dfe9b7a/attachment.pgp From john.e.maher at gmail.com Fri Nov 11 23:20:04 2005 From: john.e.maher at gmail.com (John Maher) Date: Sat Nov 12 01:25:42 2005 Subject: automating gnupg decryption In-Reply-To: References: Message-ID: <43751914.1060506@gmail.com> Sean, in Linux you could create a script file (e.g., decrypt_file) that would do the following: gpg --output "$1_`date +%Y%m%d%H%M%S`" --decrypt $1 If you ran the script by specifying at the end the name of file to decrypt (i.e., "decrypt_file encrypted.gpg"), then it would create a decrypted file with the date and time appended to it (i.e., "encrypted_20051111173001"). I'm sorry I don't know the equivalent commands in Windows, but if you can find the equivalent then it should work. The key, I think, is finding a way to execute the "date" command, which, in this case, is executed because it is surrounded by backquotes (`). John Sean Cerney wrote: > Hello All, > > I am using gnupg to decrypt files that are imported to us daily. > These are xml files. I use GnuPG in a Windows environment. > > i'm trying to find the right command line code to use to automate the > decryption of these files. > > I can enter the following code: > > gpg --output (pathname)\(desired output name) --decrypt > (pathname)\*.xml.pgp > > where *.xml.pgp is any decrypted xml file in my folder. > > my question is: can I automate gpg to assign a unique name to the > OUTPUT file (such as 11_05.xml, etc.) instead of manually entering a > name each time? > > thanks for any help. > > _________________________________________________________________ > Express yourself instantly with MSN Messenger! Download today - it's > FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From sithtracy at yahoo.com Sat Nov 12 02:03:03 2005 From: sithtracy at yahoo.com (Tracy D. Bossong) Date: Sat Nov 12 02:04:10 2005 Subject: automating gnupg decryption In-Reply-To: Message-ID: <20051112010303.23551.qmail@web51713.mail.yahoo.com> for /F "tokens=1-4 delims=/ " %%a in ('Date/t') Do Set DTE=%%d%%b%%c set DTE=%DTE:~-6% That will help you with your date issues, but for Windows scripting, you may want to search alt.msdos.batch.nt I could help you by writing the script, but think you might appeciate it more if you did it yourself and researched it on usenet. Best of luck. --- Sean Cerney wrote: > Hello All, > > I am using gnupg to decrypt files that are imported > to us daily. These are > xml files. I use GnuPG in a Windows environment. > > i'm trying to find the right command line code to > use to automate the > decryption of these files. > > I can enter the following code: > > gpg --output (pathname)\(desired output name) > --decrypt (pathname)\*.xml.pgp > > where *.xml.pgp is any decrypted xml file in my > folder. > > my question is: can I automate gpg to assign a > unique name to the OUTPUT > file (such as 11_05.xml, etc.) instead of manually > entering a name each > time? > > thanks for any help. > > _________________________________________________________________ > Express yourself instantly with MSN Messenger! > Download today - it's FREE! > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From cam at mathematica.scientia.net Sun Nov 13 02:53:22 2005 From: cam at mathematica.scientia.net (Christoph Anton Mitterer) Date: Sun Nov 13 02:53:13 2005 Subject: Expiring UID In-Reply-To: <20051105172843.79929.qmail@web25401.mail.ukl.yahoo.com> References: <20051105172843.79929.qmail@web25401.mail.ukl.yahoo.com> Message-ID: <43769C92.10904@mathematica.scientia.net> Ok,.. my answer to this is a little bit late but here it is ... ;-) >It's not that I see a desperate need for the feature, >it just seemed an interesting omission, and I wondered >what the reason was. > >I'm surprised that compatibility is a problem - I >assumed it would be done by having the self-signature >on a UIUIDe created with an expiration date, which >surely all OpOpenPGPrograms would notice. > >The situation I thought it would be useful for is if a >UIUIDs associated with a job/position that will only >last a fixed period of time - especially if access to >the account might change after that point. > >Including it would probably require numerous changes, >such as asking a 3rd-party signer if a signature >should expire at the same time as the self-sisig.. > >As I say, probably little/no need. Just an >interesting quirk. > > Ok,.. you're right that there is probably not much need for this feature. First of all in most cases you wouldn't know the exact date when an UID will become invalid (e.g. you cannot predict when you'll lose your job or so ;-) ). The only similar thing is the following: You have some role X for an limited time (which is known in advance) e.g. President of Germany (5 year term, maximum of two terms). So you could add an UID "President of the Federal Republic of Germany " or so. But even in such a case,.. it would be better to create a key that signs the key of somebody who is in role X for a limited time. I'm going too (with support of some professors) introduce such a system on my university. There will be a key which signs the keys of enrolled sutdents (but the signature is valid only for one term and had to be renewed at the end) thus certifing that someone is enrolled student of the university. However, I think,.... if the standard supports expiring UIDs they should be supported by gnupg :) Just my 2 cents.... Best wishes, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: cam.vcf Type: text/x-vcard Size: 449 bytes Desc: not available Url : /pipermail/attachments/20051113/b1e38142/cam.vcf From cam at mathematica.scientia.net Sun Nov 13 03:57:11 2005 From: cam at mathematica.scientia.net (Christoph Anton Mitterer) Date: Sun Nov 13 03:57:06 2005 Subject: back signatures In-Reply-To: <20051110202434.GB13632@jabberwocky.com> References: <20051104191516.GA3364@sky.schizandra.ru> <20051104192409.GB5239@jabberwocky.com> <436C4CA4.4080108@gmail.com> <20051105133043.GC5220@jabberwocky.com> <436F55AE.2080901@gmail.com> <20051107134125.GF9758@jabberwocky.com> <436F7000.4030307@mathematica.scientia.net> <20051107153630.GA12184@jabberwocky.com> <4373A6F8.5000608@mathematica.scientia.net> <20051110202434.GB13632@jabberwocky.com> Message-ID: <4376AB87.8000008@mathematica.scientia.net> Hi. Took a while but now I've time to answer. David Shaw wrote: >>Ah,... I see,.. but is this problem only limited to signing subkeys? It >>should be, right? Because the primary is protected by the selfsigned >>user id? Or is there another reason? (just want to check if I'm slowly >>understand how all these things work :-D ) >> >> >Not exactly. The problem is limited to signing subkeys because >identity is attached to the primary key. When you make a signature >with your primary key, you're saying "key XXXX made this signature, >and key XXXX is owned by Joe Smith". > How is a signature bound to the key that made the signature? Just by the encrypted hash (by encrypting with the private key of the signer) or does it contain information like fingerprint (of the signing key) or which UID was used, too? I thougt it is like the following: "key XXXX made this signature" than I look at my pubring and see: "i have a key XXXX" and "an UID YYYY is attached to it" Or not? >When you make a signature with a >signing subkey, you're saying "key XXXX made this signature, and key >XXXX is owned by key YYYY and key YYYY is owned by Joe Smith". > > Same as above, I thought it would work the following: "(sub)key WWWW made this signature" than I look at my pubring and see: "i have a subkey WWWW" and "an subkey is is bound by 0x18 to primary key XXXX" than I look at my pubring and see: "i have a key XXXX" and "an UID YYYY is attached to it" Or not? >The problem is that only key YYYY (the primary) asserts ownership of >key XXXX (the signing subkey), which means that ZZZZ (someone elses >primary) can come along and also assert ownership of XXXX. The fix >("back signatures") is to have XXXX assert posession by YYYY. This >foils ZZZZ since she cannot issue a signature from XXXX. > > Yes,.. that was clear,.. btw: is there a special tag for backsignatures used? >>Is it correct that the primary has not directly a single self sig >>packet, but rather 0x13s are used therefor? If so,.. what is 0x1F >>(signature direct on key) used for? I thought this is used for primary >>selfsigs. >> >> >No, 0x13 (or 0x10, 0x11, 0x12) are used to sign a user ID and primary >key together. Historically, people call this "signing a key", but >it's really signing a user ID + key. > > Ok,.. in principle it was clear,.. I just thought, that 0x10-13 are used only for signing other user's keys. >0x1F signatures are truly signing a key alone. > > Can you give me an example where someone would do this? I mean what this is useful for? >Yes, indeed. > > I suggest that gpg should behave the following: - suggest adding backsigs if it finds a private/public keypair without backsigs (most users won't notice the backsin command) - of course warn a user if it finds signed data by a signing subkey which don't have backsigs. I'd even go so far to say that gpg should tell that the sig is invalid at all. Take care, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: cam.vcf Type: text/x-vcard Size: 449 bytes Desc: not available Url : /pipermail/attachments/20051113/afd5a98d/cam-0001.vcf From cam at mathematica.scientia.net Sun Nov 13 03:57:50 2005 From: cam at mathematica.scientia.net (Christoph Anton Mitterer) Date: Sun Nov 13 03:57:35 2005 Subject: back signatures In-Reply-To: <20051111043323.GA14113@jabberwocky.com> References: <20051104192409.GB5239@jabberwocky.com> <436C4CA4.4080108@gmail.com> <20051105133043.GC5220@jabberwocky.com> <436F55AE.2080901@gmail.com> <20051107134125.GF9758@jabberwocky.com> <436F7000.4030307@mathematica.scientia.net> <20051107153630.GA12184@jabberwocky.com> <4373A6F8.5000608@mathematica.scientia.net> <20051110202434.GB13632@jabberwocky.com> <43741591.9040809@gmail.com> <20051111043323.GA14113@jabberwocky.com> Message-ID: <4376ABAE.9080902@mathematica.scientia.net> David Shaw wrote: >No, they have their own type. They are 0x19. > > I should have read on before asking,.. sorry ;-) Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: cam.vcf Type: text/x-vcard Size: 449 bytes Desc: not available Url : /pipermail/attachments/20051113/470a8697/cam.vcf From cam at mathematica.scientia.net Sun Nov 13 04:18:17 2005 From: cam at mathematica.scientia.net (Christoph Anton Mitterer) Date: Sun Nov 13 04:18:01 2005 Subject: back signatures In-Reply-To: <4376ABAE.9080902@mathematica.scientia.net> References: <20051104192409.GB5239@jabberwocky.com> <436C4CA4.4080108@gmail.com> <20051105133043.GC5220@jabberwocky.com> <436F55AE.2080901@gmail.com> <20051107134125.GF9758@jabberwocky.com> <436F7000.4030307@mathematica.scientia.net> <20051107153630.GA12184@jabberwocky.com> <4373A6F8.5000608@mathematica.scientia.net> <20051110202434.GB13632@jabberwocky.com> <43741591.9040809@gmail.com> <20051111043323.GA14113@jabberwocky.com> <4376ABAE.9080902@mathematica.scientia.net> Message-ID: <4376B079.4030203@mathematica.scientia.net> I've just found out that 0x19 is not specified by rfc2440... Isn't that a dangerous way if gnupg add its own things to it? Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: cam.vcf Type: text/x-vcard Size: 449 bytes Desc: not available Url : /pipermail/attachments/20051113/648cff85/cam.vcf From cam at mathematica.scientia.net Sun Nov 13 04:22:28 2005 From: cam at mathematica.scientia.net (Christoph Anton Mitterer) Date: Sun Nov 13 04:22:13 2005 Subject: USB tokens instead of smartcards In-Reply-To: <76261BB7-0A12-4082-8A53-36B938C67134@debian.org> References: <76261BB7-0A12-4082-8A53-36B938C67134@debian.org> Message-ID: <4376B174.7070602@mathematica.scientia.net> Hi. When I use an USB token instead of a "normal" smartcard reader do I still need special software (e.g. pcscd and so on) or is gnupg enough. Best wishes, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: cam.vcf Type: text/x-vcard Size: 449 bytes Desc: not available Url : /pipermail/attachments/20051113/388c0c29/cam.vcf From cam at mathematica.scientia.net Sun Nov 13 04:30:00 2005 From: cam at mathematica.scientia.net (Christoph Anton Mitterer) Date: Sun Nov 13 04:29:44 2005 Subject: Keytypes and changing them In-Reply-To: <79if43-esb.ln1@ibhome.cgitftp.uiggm.nsc.ru> References: <43708B91.7020901@mathematica.scientia.net> <4370CF7D.4090402@gmail.com> <20051108172736.GA15888__9673.3933933594$1131471344$gmane$org@jabberwocky.com> <79if43-esb.ln1@ibhome.cgitftp.uiggm.nsc.ru> Message-ID: <4376B338.1050104@mathematica.scientia.net> Ivan Boldyrev wrote: >Which SSH implementation does support it? It seems OpenSSH does not >(at least I can't understand how to do it). > > I think you can do it via gpg-agent. Unfortunately I couldn't find any documentation right now. :-( Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: cam.vcf Type: text/x-vcard Size: 449 bytes Desc: not available Url : /pipermail/attachments/20051113/1adf0a6d/cam.vcf From messtic at oreka.com Sun Nov 13 10:30:46 2005 From: messtic at oreka.com (Alain Bench) Date: Sun Nov 13 16:55:55 2005 Subject: Character set and File exists In-Reply-To: <20051102051147.GB3954@jabberwocky.com> References: <20051102051147.GB3954@jabberwocky.com> Message-ID: <20051113093046.GA28031@oreka.com> Hello David, Satya, On Wednesday, November 2, 2005 at 0:11:47 -0500, David M. Shaw wrote: > On Fri, Oct 28, 2005 at 10:50:56AM +0000, bingumalla satyanarayana wrote: >> using HP Unix 11.0 [...] I am getting the following message: >>| gpg: conversion from `utf-8' to `roman8' not available > Change your locale from "C" to "C.utf8". That's not a good advice: If Satya is using an HP-Roman8 terminal, he will get corrupted UID creation and display. A suitable workaround could be to alias "utf-8" to "utf8" in /usr/lib/nls/iconv/config.iconv. For an ideal solution, GnuPG should deal itself with system-specific charset names. Bye! Alain. -- When you post a new message, beginning a new topic, use the "mail" or "post" or "new message" functions. When you reply or followup, use the "reply" or "followup" functions. Do not do the one for the other, this breaks or hijacks threads. From tpirapokin at kencast.com Mon Nov 14 22:23:42 2005 From: tpirapokin at kencast.com (Taniya Pirapokin) Date: Mon Nov 14 23:55:59 2005 Subject: invalid packet (ctb=14) Message-ID: <001701c5e961$b0655e60$d201a8c0@dickinson> Hi, I have been testing on GPG v 1.2.3 and 1.4.2 and they both give me the same problem as follows: I sometimes get the message "gpg [don't know]: invalid packet (ctb=14)" and the exit value of 2 from decrypting a file, however gpg still gives me the output file. Since I have the original file, I compare the original to the decrypted output and they are identical. So I encrypted <-> decryted that original file (on the same computer) for a couple of time and sometime gpg gives me the above error, and sometime it does not and gives exit value 0. The decryption always give me the valid decryted files (from comp). Does anyone have that problem and know what's going on there? The file is a small binary file and the file is handle as binary throughout. I also tried with ASCII armor swicth on (both end) but still get the error. I run gpg from a script which take exit value 0 as success and anything else as fail. So the main problem is the exit value 2. The command is encrypted gpg.exe --no-default-keyring --homedir "[keys' home directory]" --batch --always-trust -e -o "[encrypted file]" --cipher-algo AES256 -r [key_name] "[file_to_encrypt]" decrypted gpg.exe --no-default-keyring --homedir "[keys' home directory]" -o "[decrypt file]" "[encrypted file]" if I list-packet the encrypted file, I get the follow: - The encrypted file which will give error when decrypt. gpg.exe --list-packet --no-default-keyring --homedir "[keys' home directory]" "[encrypted file]" :pubkey enc packet: version 3, algo 16, keyid [key id] data: [1024 bits] data: [1023 bits] gpg: NOTE: cipher algorithm 9 not found in preferences :encrypted data packet: length: unknown mdc_method: 2 gpg: encrypted with 1024-bit ELG-E key, ID [ID], created 2003-03-17 "[key name]" :compressed packet: algo=2 :literal data packet: mode b, created 1131996107, name="[filename]", raw data: 9750 bytes gpg: [don't know]: invalid packet (ctb=14) - The encrypted file which does not give error and give exit value 0 gpg.exe --list-packet --no-default-keyring --homedir "[keys' home dir]" [encrypted file] :pubkey enc packet: version 3, algo 16, keyid [key id] data: [1024 bits] data: [1023 bits] gpg: NOTE: cipher algorithm 9 not found in preferences :encrypted data packet: length: unknown mdc_method: 2 gpg: encrypted with 1024-bit ELG-E key, ID [ID], created 2003-03-17 "[key name]" :compressed packet: algo=2 :literal data packet: mode b, created 1131997441, name="[filename]", raw data: 9750 bytes The two encryptions use the same original file, command, and key. The --list packet result shows the correct infomation regarding the key. Note: I cannot post the original file. I tried encrypt the original file with several keys (all ELG-E key) and they all have the problem. Thanks, Taniya From jharris at widomaker.com Tue Nov 15 02:14:44 2005 From: jharris at widomaker.com (Jason Harris) Date: Tue Nov 15 02:15:12 2005 Subject: new (2005-11-13) keyanalyze results (+sigcheck) Message-ID: <20051115011443.GA439@wilma.widomaker.com> New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2005-11-13/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the "permanent" files: 99b54a2cdab25afed65c4cfe26ac654569c43982 13054860 preprocess.keys 223e91caefae7efc7b4d65fc4785850377d72405 7914841 othersets.txt b6fe536b2d3088cf19217867c6125c9e2a06b61b 3220174 msd-sorted.txt a751f9d5477744a4f5e5ce6ebad6a60908e317ee 1372 index.html 48f8225e9481869b0173fe55320d236166396122 2290 keyring_stats 48887948b4ddd212089af927218a4057a7405e32 1266193 msd-sorted.txt.bz2 89cd48fb80ecf1c96ee59588205d9576b9f0b798 26 other.txt a5ef971afee75e0e8d25e4fb94b4c3431037897e 1710480 othersets.txt.bz2 1f17545192eda1c391af5056140afdc64943a812 5283000 preprocess.keys.bz2 2eeca26d623af39c2ed445daada2cd732dcba1e7 13289 status.txt 413141278aa696b9f92d78376e1e73820609a7b7 210047 top1000table.html 57377a5b009885b06c444d9aea86392e6d5bc3c0 30121 top1000table.html.gz aef23bbfb09a79b083723ab8206a50752c272ea2 10785 top50table.html 719884cf58db62d417b0624421cc7779527efd1b 2554 D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 313 bytes Desc: not available Url : /pipermail/attachments/20051114/4cbd0c27/attachment.pgp From unknown_kev_cat at hotmail.com Tue Nov 15 03:21:38 2005 From: unknown_kev_cat at hotmail.com (Joe Smith) Date: Tue Nov 15 03:24:01 2005 Subject: USB tokens instead of smartcards References: <76261BB7-0A12-4082-8A53-36B938C67134@debian.org> <4376B174.7070602__46703.669805038$1131852430$gmane$org@mathematica.scientia.net> Message-ID: "Christoph Anton Mitterer" wrote in message news:4376B174.7070602__46703.669805038$1131852430$gmane$org@mathematica.scientia.net... > Hi. > > When I use an USB token instead of a "normal" smartcard reader do I > still need special software (e.g. pcscd and so on) or is gnupg enough. You still need to use special software. A cyrpto token is just a card reader designed to read the smaller size cards. (like the SIM card is GSM phones). They also have one of those cards. Some varaiations might just hard wire the chip from inside the card to the reader interfaces, but others actually use a physical card. If you break open the casing you could replace the card if it has one. It may even be possible to create a cheap usb reader of full-sized smart cards from one. So basically crypto tokens are *exactly* like a "normal" reader. And the format of the included card is probably not compatible with gpg anyway. From sk at intertivity.com Tue Nov 15 21:12:52 2005 From: sk at intertivity.com (Kiefer, Sascha) Date: Tue Nov 15 22:55:47 2005 Subject: OT: Salted Hashes and dictionary attacks Message-ID: <004401c5ea20$f7023fe0$f500a8c0@HOME> Hi. I'm i right: We calculate the salted hash d of the password p and the salt s using the hash-function H like this: d = H( p + s ) + s This will have the affect that d != H( p + s' ) + s' (only if s != s') but will not protect us against a dictionary attack since we can easily precompute H( w_i ) where w_i is the ith word of our dictionary and then just have to validate d == H( H( w_i ) + s ) !?! Thanks. --sk From og at pre-secure.de Thu Nov 17 14:34:06 2005 From: og at pre-secure.de (Olaf Gellert) Date: Thu Nov 17 15:07:00 2005 Subject: Key Capabilities Message-ID: <437C86CE.8090508@pre-secure.de> Hi, I have read about the following key capabilites: - sign - encrypt - authenticate - certification When I generate an RSA key, GPG provides the capabilities sign, encrypt and authenticate (in expert mode), but not certification. Is certification somethin that is actually implemented or planned for the near future? What usage is expected to depend on this capability? Cheers, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE og@pre-secure.de A daily view on Internet Attacks https://www.ecsirt.net/sensornet From dshaw at jabberwocky.com Thu Nov 17 15:45:36 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Thu Nov 17 15:46:03 2005 Subject: Key Capabilities In-Reply-To: <437C86CE.8090508@pre-secure.de> References: <437C86CE.8090508@pre-secure.de> Message-ID: <20051117144536.GA8166@jabberwocky.com> On Thu, Nov 17, 2005 at 02:34:06PM +0100, Olaf Gellert wrote: > Hi, > > I have read about the following key capabilites: > > - sign > - encrypt > - authenticate > - certification > > When I generate an RSA key, GPG provides the capabilities > sign, encrypt and authenticate (in expert mode), but > not certification. > > Is certification somethin that is actually implemented > or planned for the near future? What usage is expected > to depend on this capability? Certification is just the ability to sign other keys. All primary keys, by definition, are able to certify, so the flag is not very meaningful there. In GPG 1.4.2 the key generation menu doesn't show you certification as an option, but it does automatically set the flag behind the scenes. 1.4.3 is a little different. To make things clearer, 1.4.3 does show certification in the list of flags, but you can't turn it off (as this would violate OpenPGP). David From cam at mathematica.scientia.net Thu Nov 17 16:09:36 2005 From: cam at mathematica.scientia.net (Christoph Anton Mitterer) Date: Thu Nov 17 16:09:33 2005 Subject: Key Capabilities In-Reply-To: <437C86CE.8090508@pre-secure.de> References: <437C86CE.8090508@pre-secure.de> Message-ID: <437C9D30.10208@mathematica.scientia.net> Olaf Gellert wrote: >When I generate an RSA key, GPG provides the capabilities >sign, encrypt and authenticate (in expert mode), but >not certification. > > Certification is always used automatically for the primary (signing) key. If you edit your key (gpg --edit-key ) you'll see a "Usage: CS" for the primary key. >Is certification somethin that is actually implemented >or planned for the near future? > It is actually implemented (its one of the most basic features: signing keys >What usage is expected to depend on this capability? > > Cryptographically it is about the same as normal signing, it simly denotes that a key may be used to sign other keys. Best wishes, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: cam.vcf Type: text/x-vcard Size: 449 bytes Desc: not available Url : /pipermail/attachments/20051117/a6b005d9/cam.vcf From gnupg at strunk-online.net Thu Nov 17 23:41:23 2005 From: gnupg at strunk-online.net (Karsten Strunk) Date: Fri Nov 18 01:25:59 2005 Subject: Problems with OpenPGP smart card Message-ID: <437D0713.3010606@strunk-online.net> Hi! I'm trying to use an OpenPGP smart card with gnupg, but I don't get it working. When I try to generate a keypair on the card, the card starts generating it but after a while I get "Key generation failed: general error". I'm using a ReinerSCT smard card reader which, I think, works fine, because I can access the card and read some data. My system is SuSE 10.0. Is there anyone who had similar problems and could help me? Thanks very much! Bye Karsten Output of gnupg: gpg --card-edit gpg: detected reader `REINER SCT CyberJack pp_a 00 00' Application ID ...: D2760001240101010000000000000000 Version ..........: 1.1 Manufacturer .....: test card Serial number ....: 00000000 Name of cardholder: Test Test Language prefs ...: de Sex ..............: male URL of public key : [not set] Login data .......: test Private DO 1 .....: [not set] Private DO 2 .....: [not set] Signature PIN ....: not forced Max. PIN lengths .: 254 254 254 PIN retry counter : 3 3 3 Signature counter : 0 Signature key ....: [none] Encryption key....: [none] Authentication key: [none] General key info..: [none] Command> admin Admin commands are allowed Command> generate Make off-card backup of encryption key? (Y/n) Y PIN Please specify how long the key should be valid. 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years Key is valid for? (0) 0 Key does not expire at all Is this correct? (y/N) y You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) " Real name: Test4 Email address: test4@test.de Comment: You selected this USER-ID: "Test4 " Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O gpg: generating new key gpg: 3 Admin PIN attempts remaining before card is permanently locked Admin PIN gpg: please wait while key is being generated ... gpg: generating key failed gpg: key generation failed: general error Key generation failed: general error gpg --version gpg (GnuPG) 1.4.2 From og at pre-secure.de Fri Nov 18 12:28:44 2005 From: og at pre-secure.de (Olaf Gellert) Date: Fri Nov 18 12:29:04 2005 Subject: Key Capabilities In-Reply-To: <437C9D30.10208@mathematica.scientia.net> References: <437C86CE.8090508@pre-secure.de> <437C9D30.10208@mathematica.scientia.net> Message-ID: <437DBAEC.8080903@pre-secure.de> Christoph Anton Mitterer wrote: > Cryptographically it is about the same as normal signing, it simly > denotes that a key may be used to sign other keys. Jep, I just stumbled on GPG not displaying it (because I was just creating a key that will mainly be used to sign other keys). Thanks, Christoph and David for enlighting me... Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE og@pre-secure.de A daily view on Internet Attacks https://www.ecsirt.net/sensornet From cybx at gmx.net Mon Nov 7 10:24:44 2005 From: cybx at gmx.net (cybx@gmx.net) Date: Mon Nov 21 11:33:26 2005 Subject: GPG on windows mobile 5 Message-ID: Hi, I've got a question about installing GPG on my newly acquired IPAQ rx 1950 and I would be very happy and thankful if anybody got some experience with and could help out. I want to install a secure, mail encryption system that's for free and widely used -> GPG. I could'nt find any GPG application for windows mobile but I found the program "pocketconsole" and a GPG for it. But it seems to me that pocketconsole doesn't work on windows mobile 5. I then installed "pocktedos" and wanted to compile the sourcecode found at PGPI. After I realized how uncommon and thus undocumented compiling software for "arm-dos" is I gave up. Afterwards I found out that "PGP mobile" is legacyware I tried to see if one could get it for free anywhere (I know about the security issues with PGP not being open-source, but I want to have at least anything.) but I wasn't able to fnd a "PGP mobile"-download either. I still want to have GPG on my PDA, especially because I think security issues are even more relevant on mobile devices than on Desktop PCs. If anyone can help or has any ideas I didn't think of to install GPG please respond. Thanks in advance, Andy From Pedro.Figueira at SEF.pt Mon Nov 21 12:26:36 2005 From: Pedro.Figueira at SEF.pt (Pedro Daniel Guedes Figueira) Date: Mon Nov 21 12:27:07 2005 Subject: [gpgol] download problem Message-ID: Hello all I'm trying to download the gpgol plugin for outlook. The problem is that the link to ftp://ftp.g10code.com/ is not working. Is there a mirror or other place I could download the zip file? Best Regards Pedro Figueira Servi?o de Estrangeiros e Fronteiras Direc??o Central de Inform?tica Departamento de Produ??o CONFIDENCIAL NOTICE: This message, as well as any existing attached files, is confidential and intended exclusively for the individual(s) named as addressees. If you are not the intended recipient, you are kindly requested not to make any use whatsoever of its contents and to proceed to the destruction of the message, thereby notifying the sender. DISCLAIMER: The sender of this message can NOT ensure the security of its electronic transmission and consequently does not accept liability for any fact, which may interfere with the integrity of its content. From wk at gnupg.org Mon Nov 21 12:22:34 2005 From: wk at gnupg.org (Werner Koch) Date: Mon Nov 21 12:52:53 2005 Subject: Problems with OpenPGP smart card In-Reply-To: <437D0713.3010606@strunk-online.net> (Karsten Strunk's message of "Thu, 17 Nov 2005 23:41:23 +0100") References: <437D0713.3010606@strunk-online.net> Message-ID: <87y83ixn2d.fsf@wheatstone.g10code.de> On Thu, 17 Nov 2005 23:41:23 +0100, Karsten Strunk said: > Is there anyone who had similar problems and could help me? Thanks very > much! Keep on trying .-) Sometimes you will be lucky and a key gets generated. The problem is in pcsclite - it obviously does not handle long running operations (like key generation) correctly. I have seen the same thing with the Towitoko readers running under pcsclite. For debugging you should use the gpg option --debug 2048. pcscd also has debugging options. Shalom-Salam, Werner From linux at codehelp.co.uk Mon Nov 21 13:15:47 2005 From: linux at codehelp.co.uk (Neil Williams) Date: Mon Nov 21 13:43:21 2005 Subject: GPG on windows mobile 5 In-Reply-To: References: Message-ID: <200511211215.50679.linux@codehelp.co.uk> On Monday 07 November 2005 9:24 am, cybx@gmx.net wrote: > I've got a question about installing GPG on my newly acquired IPAQ rx 1950 Why not replace Windows with GNU/Linux by installing Familiar onto your iPAQ? I'm running Familiar with GPE on a iPAQ HP3900. GnuPG is available as a package - pre-compiled and configured for Familiar. http://www.dcglug.org.uk/wiki/?id=view/dist-reviews/misc/4 > I want to install a secure, mail encryption system GnuPG doesn't do the mail component, plus you have the usual problems with keeping a secret key protected whilst on a small, portable, device. At least with a genuine GNU system on the device you can use sensible security mechanisms and have a truly security-aware kernel. > that's for free and widely used -> GPG. Don't confuse "for free" with "free software". The benefits of gnupg do NOT arise from the lack of a price tag but from the freedom to modify, copy and distribute the source code and compiled binaries. > I still want to have GPG on my PDA, especially > because I think security issues are even more relevant on mobile devices > than on Desktop PCs. Don't forget the role of the OS. It's hard enough protecting the device, let alone the holes in windows mobile security. I couldn't even logout on my iPAQ using WinCE and anyone with SynCE installed on their GNU/Linux box could read and write all my Windows data without ANY security intervention whatsoever. That would INCLUDE a gnupg secret key. I could copy / move it off the device or replace it with a different one - you wouldn't know. I'd only need 2 minutes alone with your Windows iPAQ. At least with Familiar, you have an ordinary user with a login password, a root user with a root password and a login manager. SSH connectivity is supported (and can be secured further) and it has a genuine 2.6 Linux kernel with iptables support for a genuine firewall too. It's up to you how secure you make your Bluetooth support but it's only enabled after you login. -- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20051121/d75989d5/attachment-0001.pgp From wk at gnupg.org Mon Nov 21 19:03:37 2005 From: wk at gnupg.org (Werner Koch) Date: Mon Nov 21 19:07:00 2005 Subject: [gpgol] download problem In-Reply-To: (Pedro Daniel Guedes Figueira's message of "Mon, 21 Nov 2005 11:26:36 -0000") References: Message-ID: <87zmnxx4hy.fsf@wheatstone.g10code.de> On Mon, 21 Nov 2005 11:26:36 -0000, Pedro Daniel Guedes Figueira said: > I'm trying to download the gpgol plugin for outlook. The problem is that the link to ftp://ftp.g10code.com/ is not working. Just tested and it works fine. Make sure that you switch to passive ftp mode in case a firewall is between you and the ftp.g10code.com. Web browser as well as lftp default to passive mode, for plain old ftp clients you need to enter "passive" and for wget you should check that you have a line passive_ftp = on in /etc/wgetrc. It is in general considered a good idea to alway use passive mode FTP. This puts the burden on the server and server admins know how to cope with the FW rules then. Frankly I don't understand why wget still default to active mode out of the box (Debian install it with passive mdoe enabled). No, there is no other location to retrieve this file. Note, that GPGol is still considered alpha state. Salam-Shalom, Werner From bernhard.walle at gmx.de Mon Nov 21 21:28:40 2005 From: bernhard.walle at gmx.de (Bernhard Walle) Date: Mon Nov 21 22:55:42 2005 Subject: Using OpenPGP smartcards with Sylpheed/gpgme Message-ID: <20051121212840.6ff4261a@hugo.local> Hello, I'm using a OpenPGP smartcard. Whenever Sylpheed should ask for the password, it hangs. I found server threads about this, all ending with a request from Werner Koch to send him logfiles. Is there any solution? Of course, I can provide logfiles. Regards, Bernhard -- Ich habe solche Angst zu sterben. Aber damit verhindere ich nicht meinen Tod - sondern behindere mein Leben. -- Kristiane Allert-Wybranietz From bernhard.walle at gmx.de Mon Nov 21 22:10:38 2005 From: bernhard.walle at gmx.de (Bernhard Walle) Date: Mon Nov 21 22:55:51 2005 Subject: Problem with gpg-agent Message-ID: <20051121221038.4d05ea9c@hugo.local> Hello, after having no success with gpg and Sylpheed with the OpenPGP card, I tried gpg-agent. I do: $ eval `gpg-agent --daemon` $ gpg --sign --default-key ...... file and get sending command `SCD PKSIGN' to agent failed: ec=6.32817 ~/.gnupg/gpg.conf [...] use-agent [...] ~/.gnupg/gpg-agent.conf pinentry-program /usr/bin/pinentry-gtk-2 no-grab default-cache-ttl 1800 ~/.gnupg/scdaemon.conf reader-port 1 ctapi-driver /usr/local/lib/libtowitoko.so.2 $ gpg-agent --version 1.9.18 $ gpg --version gpg (GnuPG) 1.4.2 Same smartcard settings and drivers in ~/.gnupg/gpg.conf works without problems. I also do homebanking with that cardreader and this driver. Regards, Bernhard -- Wer etwas "Narrensicher" nennt, untersch?tzt die Narren. -- "Ratti" in suse-linux From bernhard.walle at gmx.de Tue Nov 22 22:07:25 2005 From: bernhard.walle at gmx.de (Bernhard Walle) Date: Tue Nov 22 22:07:48 2005 Subject: Using OpenPGP smartcards with Sylpheed/gpgme In-Reply-To: <20051121212840.6ff4261a@hugo.local> References: <20051121212840.6ff4261a@hugo.local> Message-ID: <20051122220725.6a5a7899@hugo.local> Hello, Bernhard Walle [2005-11-21]: > > I'm using a OpenPGP smartcard. Whenever Sylpheed should ask for the > password, it hangs. I found server threads about this, all ending with > a request from Werner Koch to send him logfiles. > > Is there any solution? Of course, I can provide logfiles. Works now with gpgme 1.0.3. One problem remains: If I forget to insert the card before sending the mail, the UI hangs. Should I blame gpgme for that or the mail client (Sylpheed)? If latter, can you shortly describe how to fix it so that I can forward this to the GPG plugin maintainer of Sylpheed Claws? Thanks! Regards, Bernhard -- Es gibt viel zu tun - schnell weg! -- Peter E. Schumacher From bernhard.walle at gmx.de Wed Nov 23 21:20:14 2005 From: bernhard.walle at gmx.de (Bernhard Walle) Date: Wed Nov 23 21:20:50 2005 Subject: OpenPGP card Message-ID: <20051123212014.6f51633c@hugo.local> Hello, two question: 1. After key creation on the card, I can enter a passphrase. I left it empty because I thought the PIN is sufficient. Is this usual? 2. Is it possible to read out the private key only after creation or every time? Regards, Bernhard -- Faulheit ist die Angewohnheit, sich auszuruhen, bevor man m?de ist. -- (unbekannt) From bpm at idiom.com Wed Nov 23 22:42:27 2005 From: bpm at idiom.com (Breen Mullins) Date: Thu Nov 24 00:25:39 2005 Subject: [gpgol] download problem In-Reply-To: <87zmnxx4hy.fsf@wheatstone.g10code.de> References: <87zmnxx4hy.fsf@wheatstone.g10code.de> Message-ID: <20051123214227.GC34430@idiom.com> On Mon, Nov 21, 2005 at 07:03:37PM +0100, Werner Koch wrote: > Frankly I don't understand why wget still default to active mode out > of the box (Debian install it with passive mdoe enabled). The developers appear to have made the change now: ChangeLog 2005-03-06 Hrvoje Niksic * init.c (defaults): Use passive FTP by default. Breen -- Breen Mullins Menlo Park, California From pats_comp_solutions at hotpop.com Thu Nov 24 00:55:09 2005 From: pats_comp_solutions at hotpop.com (Patrick Dickey) Date: Thu Nov 24 02:25:41 2005 Subject: How to unsubscribe? Message-ID: <4385015D.5010103@hotpop.com> Hey everyone, This sounds like a stupid subject, I'm sure. But, I've found that I'm not keeping up with the posts in here as I used to. And the issues that I was having with the programs are resolved. So, I've been trying to unsubscribe from the list. However, every e-mail that I send to the listsrv either gets bounced back, or just doesn't trigger anything. So, it would be appreciated if someone would give me the correct e-mail address and subject line to unsubscribe. Thanks everyone. Patrick. -- avast! Antivirus: Outbound message clean. Virus Database (VPS): 0547-2, 11/23/2005 Tested on: 11/23/2005 5:56:08 PM avast! - copyright (c) 1988-2005 ALWIL Software. http://www.avast.com From ismaeval at free.fr Thu Nov 24 13:31:31 2005 From: ismaeval at free.fr (Ismael Valladolid Torres) Date: Thu Nov 24 13:31:50 2005 Subject: How to unsubscribe? In-Reply-To: <4385015D.5010103@hotpop.com> References: <4385015D.5010103@hotpop.com> Message-ID: <4385B2A3.7000705@free.fr> Patrick Dickey wrote: > So, it would be appreciated if someone would give me the correct > e-mail address and subject line to unsubscribe. Thanks everyone. > Patrick. Check headers of each delivered mailing list post, it's clear enough there. :) List-Unsubscribe: , Cordially, Ismael -- Dropping science like when Galileo dropped his orange -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20051124/5b781c04/signature.pgp From wk at gnupg.org Thu Nov 24 17:54:44 2005 From: wk at gnupg.org (Werner Koch) Date: Thu Nov 24 17:57:06 2005 Subject: OpenPGP card In-Reply-To: <20051123212014.6f51633c@hugo.local> (Bernhard Walle's message of "Wed, 23 Nov 2005 21:20:14 +0100") References: <20051123212014.6f51633c@hugo.local> Message-ID: <87psoqq94b.fsf@wheatstone.g10code.de> On Wed, 23 Nov 2005 21:20:14 +0100, Bernhard Walle said: > 1. After key creation on the card, I can enter a passphrase. I left it > empty because I thought the PIN is sufficient. Is this usual? Thsi is for the backup of the encryption key. > 2. Is it possible to read out the private key only after creation or > every time? You can't read the private key key from the card. Salam-Shalom, Werner From eldering at phys.uu.nl Sat Nov 26 00:56:16 2005 From: eldering at phys.uu.nl (Jaap Eldering) Date: Sat Nov 26 03:01:45 2005 Subject: trust path lookup on server Message-ID: <20051125235616.GA19545@a-eskwadraat.nl> Hi all, I was wondering whether the following feature does exist within gpg or related programs: the possibility to check a signature via a (longer) trust path from my key to the signer's key. I am no expert in the use of gpg, but from what I have seen, gpg does only download the signer's key from the keyserver and then use the local keyring to check for a trust path. I have thought with some people about the concept of a server from which trust paths can be obtained. gpg itself can then verify this path and thus verify a trust path that is outside of one's keyring data. Is this a useful idea? Jaap From lusfert at gmail.com Sat Nov 26 16:01:49 2005 From: lusfert at gmail.com (lusfert) Date: Sat Nov 26 16:02:15 2005 Subject: Zero width no-break space (U+FEFF) in clearsigned output message Message-ID: <438878DD.2060904@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hi all. I wrote some text (with non-ASCII characters) in file encoded in UTF-8 with BOM and save it. Then I decided to clearsign it: gpg --verbose -u 0x500B8987 --clearsign 1.txt When I open clearsigned 1.txt.asc I can find symbol U+FEFF (Zero width no-break space) before message, but after field "Hash:". Adding option - -t does not change anything. But if source file is encoded in UTF-8 without BOM, character U+FEFF doesn't appear in output clearsigned text. Why does symbol "zero width no-break space" appear if source file has Unicode signature (BOM)? Configuration: GnuPG 1.4.2 official build, WinXP Pro SP2, standard cmd.exe Regards - -- Current OpenPGP key ID: 0x500B8987 Key fingerprint: E883 045D 36FB 8CA3 8D69 9C79 9E35 3B56 500B 8987 Encrypted e-mail preferred. -----BEGIN PGP SIGNATURE----- iD8DBQFDiHjYnjU7VlALiYcRAy2RAKCPvZ2MNSD3/SxExNrqZqqyKplljQCgkV9i pP2KweQ1wvUI6ZHWo2M+CkM= =N/yE -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Sat Nov 26 16:30:09 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Sat Nov 26 16:30:42 2005 Subject: Zero width no-break space (U+FEFF) in clearsigned output message In-Reply-To: <438878DD.2060904@gmail.com> References: <438878DD.2060904@gmail.com> Message-ID: <20051126153009.GA11424@jabberwocky.com> On Sat, Nov 26, 2005 at 06:01:49PM +0300, lusfert wrote: > Hi all. > > I wrote some text (with non-ASCII characters) in file encoded in UTF-8 > with BOM and save it. > Then I decided to clearsign it: > > gpg --verbose -u 0x500B8987 --clearsign 1.txt > > When I open clearsigned 1.txt.asc I can find symbol U+FEFF (Zero width > no-break space) before message, but after field "Hash:". Adding option > -t does not change anything. But if source file is encoded in UTF-8 > without BOM, character U+FEFF doesn't appear in output clearsigned text. U+FEFF is the BOM character. It was in the original document, so it's in the signed document as well. David From lusfert at gmail.com Sat Nov 26 22:18:08 2005 From: lusfert at gmail.com (lusfert) Date: Sat Nov 26 22:18:37 2005 Subject: Zero width no-break space (U+FEFF) in clearsigned output message In-Reply-To: <20051126153009.GA11424@jabberwocky.com> References: <438878DD.2060904@gmail.com> <20051126153009.GA11424@jabberwocky.com> Message-ID: <4388D110.50104@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 David Shaw wrote on 26.11.2005, ?? 18:30: > On Sat, Nov 26, 2005 at 06:01:49PM +0300, lusfert wrote: >> >>When I open clearsigned 1.txt.asc I can find symbol U+FEFF (Zero width >>no-break space) before message, but after field "Hash:". Adding option >>-t does not change anything. But if source file is encoded in UTF-8 >>without BOM, character U+FEFF doesn't appear in output clearsigned text. > > > U+FEFF is the BOM character. It was in the original document, so it's > in the signed document as well. > Then why this BOM character appears in clearsigned text if option - --textmode (-t) is used? As I understand from its description in man file GnuPG threat input file as text. But BOM is a file, not text signature; then why U+FEFF appears in output text? Or I'm wrong? PS And what about problem with verifying signatures from PGP Global Directory messages via GnuPG + Enigmail? GPG still writes: WARNING: signature digest conflict in message http://lists.gnupg.org/pipermail/gnupg-users/2005-September/027076.html I sent an example a long time ago. Regards - -- Current OpenPGP key ID: 0x500B8987 Key fingerprint: E883 045D 36FB 8CA3 8D69 9C79 9E35 3B56 500B 8987 Encrypted e-mail preferred. -----BEGIN PGP SIGNATURE----- iD8DBQFDiNEKnjU7VlALiYcRAyYiAJsHfCpU3zY6WErZYC1oGEjH6OIyBACgz92r RISSoLMi5NHYKT0mOBIS2vY= =ObRI -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Sat Nov 26 23:05:30 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Sat Nov 26 23:06:07 2005 Subject: Zero width no-break space (U+FEFF) in clearsigned output message In-Reply-To: <4388D110.50104@gmail.com> References: <438878DD.2060904@gmail.com> <20051126153009.GA11424@jabberwocky.com> <4388D110.50104@gmail.com> Message-ID: <20051126220530.GC11424@jabberwocky.com> On Sun, Nov 27, 2005 at 12:18:08AM +0300, lusfert wrote: > David Shaw wrote on 26.11.2005, ?? 18:30: > > On Sat, Nov 26, 2005 at 06:01:49PM +0300, lusfert wrote: > >> > >>When I open clearsigned 1.txt.asc I can find symbol U+FEFF (Zero width > >>no-break space) before message, but after field "Hash:". Adding option > >>-t does not change anything. But if source file is encoded in UTF-8 > >>without BOM, character U+FEFF doesn't appear in output clearsigned text. > > > > > > U+FEFF is the BOM character. It was in the original document, so it's > > in the signed document as well. > > > Then why this BOM character appears in clearsigned text if option > --textmode (-t) is used? As I understand from its description in man > file GnuPG threat input file as text. But BOM is a file, not text > signature; then why U+FEFF appears in output text? Or I'm wrong? I'm not sure what question you're asking here. The BOM character is in your original document. GnuPG doesn't modify input text, so therefore the BOM character is in the output text as well. If you use --textmode, GnuPG canonicalizes line endings to CRLF, but again does not change actual text, including the BOM. If you don't want a BOM character in your output, don't put a BOM character in your input. > PS > And what about problem with verifying signatures from PGP Global > Directory messages via GnuPG + Enigmail? > GPG still writes: > > WARNING: signature digest conflict in message I have yet to receive a readable copy of a mail with that problem. Note that forwarding me the message will not tell me what I need to know since a forwarded mail will rearrange and break the signature. I need the actual mail file. David From lusfert at gmail.com Sat Nov 26 23:41:08 2005 From: lusfert at gmail.com (lusfert) Date: Sat Nov 26 23:41:33 2005 Subject: Zero width no-break space (U+FEFF) in clearsigned output message In-Reply-To: <20051126220530.GC11424@jabberwocky.com> References: <438878DD.2060904@gmail.com> <20051126153009.GA11424@jabberwocky.com> <4388D110.50104@gmail.com> <20051126220530.GC11424@jabberwocky.com> Message-ID: <4388E484.2060901@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 David Shaw wrote on 27.11.2005 1:05: > On Sun, Nov 27, 2005 at 12:18:08AM +0300, lusfert wrote: > >>David Shaw wrote on 26.11.2005, ?? 18:30: >> >>>U+FEFF is the BOM character. It was in the original document, so it's >>>in the signed document as well. >>> >> >>Then why this BOM character appears in clearsigned text if option >>--textmode (-t) is used? As I understand from its description in man >>file GnuPG threat input file as text. But BOM is a file, not text >>signature; then why U+FEFF appears in output text? Or I'm wrong? > > > I'm not sure what question you're asking here. The BOM character is > in your original document. GnuPG doesn't modify input text, so > therefore the BOM character is in the output text as well. If you use > --textmode, GnuPG canonicalizes line endings to CRLF, but again does > not change actual text, including the BOM. > As I understand GnuPG handles input as text file, not as plain text, even if option -t used? > If you don't want a BOM character in your output, don't put a BOM > character in your input. Thanks, I already do that. Now I understand why clearsigned via command line UTF-8 with BOM text has BAD sig using WinPT or GPGshell: they just can't handle Unicode... Regards - -- Current OpenPGP key ID: 0x500B8987 Key fingerprint: E883 045D 36FB 8CA3 8D69 9C79 9E35 3B56 500B 8987 Encrypted e-mail preferred. -----BEGIN PGP SIGNATURE----- iD8DBQFDiOSAnjU7VlALiYcRA2BIAKDD0s+D1BXTXQNQuGW6ya+mY3CZYgCeKB8N pxL6nPj8yrv650UfWfAhPbw= =LYJ/ -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Sun Nov 27 01:42:43 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Sun Nov 27 01:43:13 2005 Subject: Zero width no-break space (U+FEFF) in clearsigned output message In-Reply-To: <4388E484.2060901@gmail.com> References: <438878DD.2060904@gmail.com> <20051126153009.GA11424@jabberwocky.com> <4388D110.50104@gmail.com> <20051126220530.GC11424@jabberwocky.com> <4388E484.2060901@gmail.com> Message-ID: <20051127004243.GD11424@jabberwocky.com> On Sun, Nov 27, 2005 at 01:41:08AM +0300, lusfert wrote: > David Shaw wrote on 27.11.2005 1:05: > > On Sun, Nov 27, 2005 at 12:18:08AM +0300, lusfert wrote: > > > >>David Shaw wrote on 26.11.2005, ?? 18:30: > >> > >>>U+FEFF is the BOM character. It was in the original document, so it's > >>>in the signed document as well. > >>> > >> > >>Then why this BOM character appears in clearsigned text if option > >>--textmode (-t) is used? As I understand from its description in man > >>file GnuPG threat input file as text. But BOM is a file, not text > >>signature; then why U+FEFF appears in output text? Or I'm wrong? > > > > > > I'm not sure what question you're asking here. The BOM character is > > in your original document. GnuPG doesn't modify input text, so > > therefore the BOM character is in the output text as well. If you use > > --textmode, GnuPG canonicalizes line endings to CRLF, but again does > > not change actual text, including the BOM. > > > As I understand GnuPG handles input as text file, not as plain text, > even if option -t used? For clearsigned files, effectively --textmode is always set. David From plail at web.de Sun Nov 27 11:32:03 2005 From: plail at web.de (Markus Plail) Date: Sun Nov 27 13:56:33 2005 Subject: Using TC Trustcenter.de certificates Message-ID: <87zmnqs7l3.fsf@plailis.daheim.bs> Hi there! I'd like to use gpg with the free certificates from TC Trustcenter.de. I managed to import my private/public key into gpgsm and the Trustcenter CA certificates into gpg, but I can't get my private/public key into gpg. Originally I have a p12 certificate. Is it possible to extract the keys in the needed format for gpg? What I want to do in the end is sign/encrypt my emails with Emacs/Gnus. I am using the latest versions of both in debian unstable. thanks in advance and regards Markus Plail From bob at proulx.com Mon Nov 28 02:04:56 2005 From: bob at proulx.com (Bob Proulx) Date: Mon Nov 28 03:25:41 2005 Subject: no-ask-cert-level, default-cert-level, and keysigning Message-ID: <20051128010456.GB3828@dementia.proulx.com> I recently signed a key using gpg-1.4.1 and see that (at least on my Debian Sarge system) no-ask-cert-level apears to be the default default-cert-level is "0 (no particular claim)". In the old days I remember it would always ask this question upon signing and so assume the default must have been ask-cert-level. Now it does not ask and unless you add that option ahead of time it will create a signature without any claim. I have been out of touch and thought I would ask about the current status of these levels in a signed key. I would appreciate the education. If a key has been signed with a default-cert-level of 0 is it possible to go back and edit the key signature and increase the level on a key? I could not find a way to do this. The best I could find was to delete the key plus signature and sign it again using a different level. Of course that worked. Is this cert level no longer considered useful? Should I not include a cert level with keys I sign now? Or should we always add that option when signing a key? What is the standard proceedure? Thanks Bob -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : /pipermail/attachments/20051127/5d24faf1/attachment.pgp From bob at proulx.com Mon Nov 28 01:48:32 2005 From: bob at proulx.com (Bob Proulx) Date: Mon Nov 28 03:26:34 2005 Subject: How to unsubscribe? In-Reply-To: <4385B2A3.7000705@free.fr> References: <4385015D.5010103@hotpop.com> <4385B2A3.7000705@free.fr> Message-ID: <20051128004832.GA3828@dementia.proulx.com> Ismael Valladolid Torres wrote: > Patrick Dickey wrote: > > > So, it would be appreciated if someone would give me the correct > > e-mail address and subject line to unsubscribe. Thanks everyone. > > Patrick. > > Check headers of each delivered mailing list post, it's clear enough > there. :) > > List-Unsubscribe: , > That should definitely get you off of the list. Most likely the address you are trying to unsubscribe does not appear to be subscribed. Such as it being forwarded from some other account. In those cases that mail is being forwarded but you can't send from the forwarded address you will need to enter the address to which you are subscribed in the web form and confirm it from the mail. In general if you are having trouble with a mailing list and can't get the list robot to work for you then normally the best source of help is the list owner. Send to the listname-owner address. In this case it would be gnupg-users-owner@gnupg.org. The -owner address will go to a real person who would be able to help you with the list operations. Bob "the -owner person for many gnu.org lists" -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : /pipermail/attachments/20051127/9cba9338/attachment.pgp From dshaw at jabberwocky.com Mon Nov 28 05:02:52 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Nov 28 05:03:32 2005 Subject: no-ask-cert-level, default-cert-level, and keysigning In-Reply-To: <20051128010456.GB3828@dementia.proulx.com> References: <20051128010456.GB3828@dementia.proulx.com> Message-ID: <20051128040252.GA15238@jabberwocky.com> On Sun, Nov 27, 2005 at 06:04:56PM -0700, Bob Proulx wrote: > I recently signed a key using gpg-1.4.1 and see that (at least on my > Debian Sarge system) no-ask-cert-level apears to be the default > default-cert-level is "0 (no particular claim)". Yes. > In the old days I remember it would always ask this question upon > signing and so assume the default must have been ask-cert-level. Now > it does not ask and unless you add that option ahead of time it will > create a signature without any claim. I have been out of touch and > thought I would ask about the current status of these levels in a > signed key. I would appreciate the education. You pretty much summarized it. --ask-cert-level turns on the question. If you don't have the question turned on, GPG will use the value from --default-cert-level, which defaults to 0. > If a key has been signed with a default-cert-level of 0 is it possible > to go back and edit the key signature and increase the level on a key? > I could not find a way to do this. The best I could find was to > delete the key plus signature and sign it again using a different > level. Of course that worked. That is the only way to do it. The cert level is part of the signature, and thus changing it requires issuing a new signature. > Is this cert level no longer considered useful? Should I not include > a cert level with keys I sign now? Or should we always add that > option when signing a key? What is the standard proceedure? It's a matter of personal taste, really. Some people like it, and some don't. It doesn't make much difference in practice since (unless you're issuing level 1 sigatures, which are ignored by default), all signature levels (or 0) are treated the same. David From wk at gnupg.org Mon Nov 28 16:10:31 2005 From: wk at gnupg.org (Werner Koch) Date: Mon Nov 28 16:17:15 2005 Subject: Using TC Trustcenter.de certificates In-Reply-To: <87zmnqs7l3.fsf@plailis.daheim.bs> (Markus Plail's message of "Sun, 27 Nov 2005 11:32:03 +0100") References: <87zmnqs7l3.fsf@plailis.daheim.bs> Message-ID: <87ek50oljs.fsf@wheatstone.g10code.de> On Sun, 27 Nov 2005 11:32:03 +0100, Markus Plail said: > CA certificates into gpg, but I can't get my private/public key into > gpg. Originally I have a p12 certificate. Is it possible to extract the > keys in the needed format for gpg? A gpgsm --import foo.p12 should be all you need. Make sure that the gpg-agent is running. There used to be a long standing bug in the p12 import code which has been fixed recently. You may want to try the snapshot gnupg-1.9.20-cvs3947.tar.bz2 in the alpha/gnupg directory. Salam-Shalom, Werner From bob at proulx.com Mon Nov 28 16:45:36 2005 From: bob at proulx.com (Bob Proulx) Date: Mon Nov 28 16:45:20 2005 Subject: no-ask-cert-level, default-cert-level, and keysigning In-Reply-To: <20051128040252.GA15238@jabberwocky.com> References: <20051128010456.GB3828@dementia.proulx.com> <20051128040252.GA15238@jabberwocky.com> Message-ID: <20051128154536.GA13629@dementia.proulx.com> David Shaw wrote: > Bob Proulx wrote: > > If a key has been signed with a default-cert-level of 0 is it possible > > to go back and edit the key signature and increase the level on a key? > > I could not find a way to do this. The best I could find was to > > delete the key plus signature and sign it again using a different > > level. Of course that worked. > > That is the only way to do it. The cert level is part of the > signature, and thus changing it requires issuing a new signature. Ah... That makes sense. But I did not realize that before. > > Is this cert level no longer considered useful? Should I not include > > a cert level with keys I sign now? Or should we always add that > > option when signing a key? What is the standard proceedure? > > It's a matter of personal taste, really. Some people like it, and > some don't. It doesn't make much difference in practice since (unless > you're issuing level 1 sigatures, which are ignored by default), all > signature levels (or 0) are treated the same. Okay. I was thinking that somehow in the trust model the different levels were used differently. Such as something like three signatures of trust level 2 or one signature of trust level 3 were needed to trust a key, or some such. My memory is vague. Thanks for the update. Bob -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : /pipermail/attachments/20051128/7a33c37f/attachment.pgp From plail at web.de Mon Nov 28 17:10:39 2005 From: plail at web.de (Markus Plail) Date: Mon Nov 28 17:12:30 2005 Subject: Using TC Trustcenter.de certificates In-Reply-To: <87ek50oljs.fsf@wheatstone.g10code.de> (Werner Koch's message of "Mon, 28 Nov 2005 16:10:31 +0100") References: <87zmnqs7l3.fsf@plailis.daheim.bs> <87ek50oljs.fsf@wheatstone.g10code.de> Message-ID: <87veycwy68.fsf@plailis.daheim.bs> Werner Koch writes: > On Sun, 27 Nov 2005 11:32:03 +0100, Markus Plail said: > >> CA certificates into gpg, but I can't get my private/public key into >> gpg. Originally I have a p12 certificate. Is it possible to extract >> the keys in the needed format for gpg? > > A > > gpgsm --import foo.p12 > > should be all you need. Make sure that the gpg-agent is running. > There used to be a long standing bug in the p12 import code which has > been fixed recently. You may want to try the snapshot > > gnupg-1.9.20-cvs3947.tar.bz2 > > in the alpha/gnupg directory. But how do I use gpgsm with Gnus then? Normally it uses gpg, doesn't it? regards Markus From cam at mathematica.scientia.net Tue Nov 29 01:24:18 2005 From: cam at mathematica.scientia.net (Christoph Anton Mitterer) Date: Tue Nov 29 01:50:25 2005 Subject: Forging fingerprints/KeyID? Message-ID: <438B9FB2.8040707@mathematica.scientia.net> Hi. Somewhere (unfortunately I've lost the URL) I've read about forging fingerprints and/keyIDs (not sure).... Meaning that an attacker could create a key (but as far as I remember with a different keysize onlz) that has the same fingerprint and/or keyID as another key. Is that true? Are there any information about that issue? How it works, how I can secure myself against it, etc. Best wishes, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: cam.vcf Type: text/x-vcard Size: 449 bytes Desc: not available Url : /pipermail/attachments/20051129/28b3e13c/cam.vcf From cam at mathematica.scientia.net Tue Nov 29 02:28:40 2005 From: cam at mathematica.scientia.net (Christoph Anton Mitterer) Date: Tue Nov 29 02:55:42 2005 Subject: --openpgp, MDC and similar flags Message-ID: <438BAEC8.4050708@mathematica.scientia.net> Hi.... I've got some questions ;-) About the differences between what OpenPGP (RFC2440) specifies and what GnuPG does: 1) I've created my key with "openpgp" in the config file,... so everything should have been absolutely rfc2440 confomant, right? Ok, but: Command> showpref pub 4096R/5BB9A53D created: 2005-10-28 expires: never usage: CS trust: unknown validity: unknown [ unknown] (1). Christoph Anton Mitterer Cipher: AES256, AES192, AES, CAST5, 3DES Digest: SHA1, RIPEMD160 Compression: ZLIB, ZIP, Uncompressed Features: MDC, Keyserver no-modify [ unknown] (2) Christoph Anton Mitterer Cipher: AES256, AES192, AES, CAST5, 3DES Digest: SHA1, RIPEMD160 Compression: ZLIB, ZIP, Uncompressed Features: MDC, Keyserver no-modify [ unknown] (3) Christoph Anton Mitterer Cipher: AES256, AES192, AES, CAST5, 3DES Digest: SHA1, RIPEMD160 Compression: ZLIB, ZIP, Uncompressed Features: MDC, Keyserver no-modify ... as you can see, MDC is set. Referring to http://lists.gnupg.org/pipermail/gnupg-users/2003-May/018442.html and RFC2440 I assume that MDC is still not part of the standard. Why is it activated in my key? (Of course this is a good thing, but I just wonder that if "openpgp" did not work for MDC, other things might be "incompatible", too) 2) What other things does GPG that are beyond RFC2440? a) I've had that discussion with David about backsignatures which use 0x19 sigs or so (he didn't answer yet, so I'm not sure if this is RFC2440 compliant). b) rfc 2440 seems to specify values only for MD5 and SHA1 but not for SHAxxx, RIPEMD160, etc. same thing with AESxxx and other modern symmetric algorithms. Same thing with bzip2. => Are these things standardized or not? If not yet, is the working groupt on OpenPGP going to use the same values as GPG uses? What if not? If some have been already standardized: Where? *G* => Any other things like this, where GPG goes beyond rfc2440? (btw: can PGP (the commercial one) open signatures/messages using AESxxx as cipher and SHAxxx as hash?) 3) Are there any other flags like MDC? I know about keyserver-no-modify but that is documented in RFC2440. 4) Does GnuPG support 0x10 (private key split) and 0x80 (group key) for the key usage flag? Best wishes, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: cam.vcf Type: text/x-vcard Size: 449 bytes Desc: not available Url : /pipermail/attachments/20051129/a0dc8f13/cam.vcf From cam at mathematica.scientia.net Tue Nov 29 04:08:06 2005 From: cam at mathematica.scientia.net (Christoph Anton Mitterer) Date: Tue Nov 29 04:07:47 2005 Subject: Keytypes and changing them In-Reply-To: <20051109010947.GB16521@jabberwocky.com> References: <43708B91.7020901@mathematica.scientia.net> <20051108132416.GB12617@jabberwocky.com> <4370B653.2050405@mathematica.scientia.net> <20051108144211.GA15713@jabberwocky.com> <437129A7.5090409@mathematica.scientia.net> <43713A89.2030509@mathematica.scientia.net> <20051109010947.GB16521@jabberwocky.com> Message-ID: <438BC616.6010605@mathematica.scientia.net> Hi :-) Ok,.. it took some time,.. but now I came back to that issue ... David Shaw wrote: >On Wed, Nov 09, 2005 at 12:53:45AM +0100, Christoph Anton Mitterer wrote: > > >>Or is there perhaps another software that I could use for chaging the >>key usage flags (without damaging my key or changing the format or so). >>Of course I'd prefer using GnuPG because I trust this the most :-) >> >>Once again,.. I'm only going to do this,.. if it wouldn't have >>disadvantages for the security. But if the only disadvantage is that I >>have more work when someone asks me to response to a challenge I would >>live with that ;-) >> >> > >It has absolutely no impact on security, either for or against.It is >a 90% meaningless flag, and is in fact happily ignored in virtually >all OpenPGP applications. If you insist on making such a key, the >only impact that you'll notice is that you won't be able to answer >email challenges using GnuPG. > > Well,... "insist" ... *g* ... let me explain: If you look at professional CAs (e.g. DFN-PCA) they clearly state in their Policies that e.g. they'll NEVER use their root keys for signing data but only for signing keys (DFN does this with its root-PGP-keys for example). I think the advantage is,... that other users can at least think that the key is more likely not used in daily-bussines (with potentially insecure applications,.. Thunderbird,.. etc.) but only when the owner signs a key. But of course this is only a personal opinion ;-) However: => It is defenitely sure that with a C-only primary key (and a S-subkey - of course WITH backsigs) I would NOT loose any security or cryptography strength, at all, right? The only problem is that issue with challenge-response, right? >You sound like you really, really, want to do this. I'm telling you >it's a bad idea, but it's your key. You have to be happy with it. > > *g* You make me insecure... But you mean "bad idea" only because of the issues with backsigning, right? btw: Wouldn't it just work to answer the challenge by signing with the signing subkey? If someone would trust my primary key he should also trust my secondary (because it is bound to the primary by the 0x18-sig), or am I wrong? Best wishes, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: cam.vcf Type: text/x-vcard Size: 449 bytes Desc: not available Url : /pipermail/attachments/20051129/79e866f5/cam.vcf From cam at mathematica.scientia.net Tue Nov 29 04:08:19 2005 From: cam at mathematica.scientia.net (Christoph Anton Mitterer) Date: Tue Nov 29 04:08:03 2005 Subject: Keytypes and changing them In-Reply-To: <20051109011003.GA16552@jabberwocky.com> References: <43708B91.7020901@mathematica.scientia.net> <20051108132416.GB12617@jabberwocky.com> <4370B653.2050405@mathematica.scientia.net> <20051108144211.GA15713@jabberwocky.com> <437129A7.5090409@mathematica.scientia.net> <20051109011003.GA16552@jabberwocky.com> Message-ID: <438BC623.3060802@mathematica.scientia.net> David Shaw wrote: >On Tue, Nov 08, 2005 at 11:41:43PM +0100, Christoph Anton Mitterer wrote: > > >>Ok,.. you told me that the disadvantage of C-only keys would be that you >>can't response to challenges. Is this the only reason? >>As far as I know a challenge/response is used by some users to verify >>the email of an UID before they sign it. But lots of people do not >>validate this, because they think it wouldn make sense at all. E.g. if >>someone uses some freemail address he could lose the address after >>validation because the provider stops his service. So signing the eMail >>as part of an UID does not really secure that the address is under the >>controll of the keyholder, does it? >> >> >That is not how email challenges work. If someone loses their email >address, the signature is effectively invalid. > Yes,.. the person who made the signature would not notice that if the key-owner does not revoke the uid OR if the person writes an email to the owner, right? If so: -If the owner is evil, stupid, lazy, etc. he would not revoke the invalid UID.... -and someone who makes a signature CAN NOT verify that email periodically... of course he could,.. but most people wouldn't like it if they'd have to answer challenges over and over again. So the only solutions would be: -Make challenges periodically (e.g. with something like PGP Global Directory or a personal script or so) -make only expiring signatures... Right? >That's a feature, not >a flaw. When you sign an email address, you are certifying that it is >valid at that point. > Yes... >Obviously you can't certify it as valid forever. > > Yes... but this IS the problem about the whole thing with verify-email-address-when-signing, I think. >>The only solution (in my opinion) are services like PGP Global Directory >>Key or so,... >>But I think it is not so important to secure if the email is under >>controll of the keyowner. The worst thing that could happen is, that an >>encrypted message isn't received by the (private)-key owner, because the >>email is wrong. But this can even happen when the email is correct (e.g. >>if someone controlls part of the network). >>What it all comes down to is: In my opinion - and correct me if I'm >>wrong - validating the email once does not make much sense. The only >>good alternative is some service like PGP Global Directory Key. >> >>What are the advantages of using C-only keys? >>Uhm,.. inm y opinion the stanard intends using C-only keys, if not they >>would have created only the S-flag, that stands for both, signing and >>certification. >>But they created the following flags: >> >>0x01 - This key may be used to certify other keys. >>0x02 - This key may be used to sign data. >>0x04 - This key may be used to encrypt communications. >>0x08 - This key may be used to encrypt storage. >>0x10 - The private component of this key may have been split by a >>secret-sharing mechanism. >>0x80 - The private component of this key may be in the possession of more >>than one person. >> >> >Isn't this really saying you want to use a C-only key because it is >possible to use it? I don't see you presenting a reason to use them >aside from "the standard has them, and since they exist in the >standard, clearly they're supposed to be used". Lots of things are >possible, but not necessarily useful. C-only keys are possible, but >not viable in the real world. > > Please see my "weak" reason in the other email ;) >Note that it's also possible to make a CS Elgamal-E key. It's utterly >meaningless, but physically possible to create. Not every bit pattern >is useful. > > Eh? I thought GPG wouldn't support signing with ElGamal as that is very complex? There was an issue with such key, as far as I can remember, wasn't it? >>Another advantage is perhaps, that a C-only key shows other users that >>the key is perhaps used in a more secure way (because it's not used for >>signing plain data). >> >> > >It doesn't say this. > (also: see other email) You are right,.. it doesn't _prove_ it,.. but I think it indicates it. Refer to my example with the DFN-PCA (other email). They say: "We don't use our root ca key for signing plain data." Neither a key flag (C-only) nor their policy could proof this. Someone who works there could just take the key and sign his personal mp3 collection,... nobody would ever know ;-) >You could make a CS key, sign some data, then >flip it to a C-only key. The other user can infer exactly nothing >about the past usage of a CS key compared to a C key. > > Yes,.. as above,... a C-only flag proves nothing,... but indicates a little bit,... btw: If the key owner (who can change the flags as he like) is good,.. he'd upload the modified key to the servers,... the server would save the selfsigs and other users could trace the changes to the usage flags, right? Ok,... I hope I can end that thread with the following: -I think the developers are not going to introduce such a feature in the next time, correct? => I'm not very familiar with the GPG code, but if a developer would tell me that such a feature wouldn't be too difficult to implement, I'd try to do it... (if I find the time,... have to write my diploma.... :-( ) Unfortunately, now one here could tell me an tool that let me change the deep internals of OpenPGP keys (including key usage of course ;-) ) so I tried to do it manually: -As I told you in some other thread (think the backsig-thread) I've already read most parts of rfc2440,.. and played a bit with some testkeys and with gpgsplit and a hexeditor.... I've already managed to find the correct bits (for example for the usage flags) for various things... When I tried to change the usage flag it worked,.. but of course... gpg complained due to the invalid signature... So: When I change settings (shouldn't matter which ones) in my selfsigs,.. how can I recreate the signaturedata itself? And what is the right way to reassemble the parts that I receive from gpgsplit? Simply a cat * > key ? Best wishes and thanks in advance, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: cam.vcf Type: text/x-vcard Size: 449 bytes Desc: not available Url : /pipermail/attachments/20051129/6df14c38/cam.vcf From dshaw at jabberwocky.com Tue Nov 29 05:17:54 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Nov 29 05:25:03 2005 Subject: Forging fingerprints/KeyID? In-Reply-To: <438B9FB2.8040707@mathematica.scientia.net> References: <438B9FB2.8040707@mathematica.scientia.net> Message-ID: <20051129041754.GA18829@jabberwocky.com> On Tue, Nov 29, 2005 at 01:24:18AM +0100, Christoph Anton Mitterer wrote: > Hi. > > Somewhere (unfortunately I've lost the URL) I've read about forging > fingerprints and/keyIDs (not sure).... > Meaning that an attacker could create a key (but as far as I remember > with a different keysize onlz) that has the same fingerprint and/or > keyID as another key. > > Is that true? > Are there any information about that issue? How it works, how I can > secure myself against it, etc. It was true, but not true any longer. Back in the PGP 2.x days, it was possible to create a key with (almost) any key ID you liked. See the various "DEADBEEF" keys on the keyservers for example. Similarly, it was possible to create a key that had the same fingerprint as a (also PGP 2.x) victim/target key. If you have a OpenPGP (v4) key, such as created by GnuPG, then this basically doesn't apply to you. David From cam at mathematica.scientia.net Tue Nov 29 05:36:38 2005 From: cam at mathematica.scientia.net (Christoph Anton Mitterer) Date: Tue Nov 29 05:36:18 2005 Subject: Forging fingerprints/KeyID? In-Reply-To: <20051129041754.GA18829@jabberwocky.com> References: <438B9FB2.8040707@mathematica.scientia.net> <20051129041754.GA18829@jabberwocky.com> Message-ID: <438BDAD6.2060500@mathematica.scientia.net> Ah,.. tanks :-) So it sould be completely enough to verify Name/eMail and the Fingerprint when signing another key,... and I don't have to compare creation date/keysize/algorithm/etc., right? Best wishes, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: cam.vcf Type: text/x-vcard Size: 449 bytes Desc: not available Url : /pipermail/attachments/20051129/c692ce85/cam.vcf From dshaw at jabberwocky.com Tue Nov 29 05:41:51 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Nov 29 05:43:53 2005 Subject: trust path lookup on server In-Reply-To: <20051125235616.GA19545@a-eskwadraat.nl> References: <20051125235616.GA19545@a-eskwadraat.nl> Message-ID: <20051129044151.GC18812@jabberwocky.com> On Sat, Nov 26, 2005 at 12:56:16AM +0100, Jaap Eldering wrote: > Hi all, > > I was wondering whether the following feature does exist within gpg > or related programs: the possibility to check a signature via a > (longer) trust path from my key to the signer's key. > > I am no expert in the use of gpg, but from what I have seen, gpg does > only download the signer's key from the keyserver and then use the > local keyring to check for a trust path. > > I have thought with some people about the concept of a server from > which trust paths can be obtained. gpg itself can then verify this > path and thus verify a trust path that is outside of one's keyring > data. Is this a useful idea? Yes, it is. There are a few servers that do more or less what you describe (for example http://www.lysator.liu.se/~jc/wotsap/). It's useful to see the various paths, but unless you trust each step in the chain, it doesn't really help you get trust in the end point. David From dshaw at jabberwocky.com Tue Nov 29 05:21:24 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Nov 29 05:57:39 2005 Subject: Forging fingerprints/KeyID? In-Reply-To: <438B9FB2.8040707@mathematica.scientia.net> References: <438B9FB2.8040707@mathematica.scientia.net> Message-ID: <20051129042124.GC18829@jabberwocky.com> On Tue, Nov 29, 2005 at 01:24:18AM +0100, Christoph Anton Mitterer wrote: > Hi. > > Somewhere (unfortunately I've lost the URL) I've read about forging > fingerprints and/keyIDs (not sure).... > Meaning that an attacker could create a key (but as far as I remember > with a different keysize onlz) that has the same fingerprint and/or > keyID as another key. > > Is that true? > Are there any information about that issue? How it works, how I can > secure myself against it, etc. It was true, but not true any longer. Back in the PGP 2.x days, it was possible to create a key with (almost) any key ID you liked. See the various "DEADBEEF" keys on the keyservers for example. Similarly, it was possible to create a key that had the same fingerprint as a (also PGP 2.x) victim/target key. If you have a OpenPGP (v4) key, such as created by GnuPG, then this basically doesn't apply to you. David From dshaw at jabberwocky.com Tue Nov 29 05:25:04 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Nov 29 05:57:51 2005 Subject: Keytypes and changing them In-Reply-To: <438BC616.6010605@mathematica.scientia.net> References: <43708B91.7020901@mathematica.scientia.net> <20051108132416.GB12617@jabberwocky.com> <4370B653.2050405@mathematica.scientia.net> <20051108144211.GA15713@jabberwocky.com> <437129A7.5090409@mathematica.scientia.net> <43713A89.2030509@mathematica.scientia.net> <20051109010947.GB16521@jabberwocky.com> <438BC616.6010605@mathematica.scientia.net> Message-ID: <20051129042504.GB18812@jabberwocky.com> On Tue, Nov 29, 2005 at 04:08:06AM +0100, Christoph Anton Mitterer wrote: > If you look at professional CAs (e.g. DFN-PCA) they clearly state in > their Policies that e.g. they'll NEVER use their root keys for signing > data but only for signing keys (DFN does this with its root-PGP-keys for > example). > I think the advantage is,... that other users can at least think that > the key is more likely not used in daily-bussines (with potentially > insecure applications,.. Thunderbird,.. etc.) but only when the owner > signs a key. > But of course this is only a personal opinion ;-) > However: > => It is defenitely sure that with a C-only primary key (and a S-subkey > - of course WITH backsigs) I would NOT loose any security or > cryptography strength, at all, right? The only problem is that issue > with challenge-response, right? This is not a cryptographic question. The key is same either way. This is just a flag that says "I intend this key to be used for xxxxxx". And - this is the important bit - the user can *reissue the flags as desired*. I can make my key claim to be anything I like, and then change it 5 seconds later. Anyone who bases any decisions on what flags the key has is fooling themselves. > btw: Wouldn't it just work to answer the challenge by signing with the > signing subkey? If someone would trust my primary key he should also > trust my secondary (because it is bound to the primary by the 0x18-sig), > or am I wrong? No. A certification signature is made over the primary key and the user ID. A signing subkey is not involved in this, and is thus not really able to answer the challenge. David From dshaw at jabberwocky.com Tue Nov 29 05:53:25 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Nov 29 06:10:29 2005 Subject: Forging fingerprints/KeyID? In-Reply-To: <438BDAD6.2060500@mathematica.scientia.net> References: <438B9FB2.8040707@mathematica.scientia.net> <20051129041754.GA18829@jabberwocky.com> <438BDAD6.2060500@mathematica.scientia.net> Message-ID: <20051129045325.GE18812@jabberwocky.com> On Tue, Nov 29, 2005 at 05:36:38AM +0100, Christoph Anton Mitterer wrote: > Ah,.. tanks :-) > So it sould be completely enough to verify Name/eMail and the > Fingerprint when signing another key,... and I don't have to compare > creation date/keysize/algorithm/etc., right? Not unless you're signing a PGP 2.x (v3) key. David From wk at gnupg.org Tue Nov 29 08:41:52 2005 From: wk at gnupg.org (Werner Koch) Date: Tue Nov 29 08:47:08 2005 Subject: Using TC Trustcenter.de certificates In-Reply-To: <87veycwy68.fsf@plailis.daheim.bs> (Markus Plail's message of "Mon, 28 Nov 2005 17:10:39 +0100") References: <87zmnqs7l3.fsf@plailis.daheim.bs> <87ek50oljs.fsf@wheatstone.g10code.de> <87veycwy68.fsf@plailis.daheim.bs> Message-ID: <87y837rjcv.fsf@wheatstone.g10code.de> On Mon, 28 Nov 2005 17:10:39 +0100, Markus Plail said: > But how do I use gpgsm with Gnus then? Normally it uses gpg, doesn't it? It uses OpenSSL. However, Simon Josefsson is working on using gpgsm with Gnus. Salam-Shalom, Werner From atom at smasher.org Tue Nov 29 12:00:32 2005 From: atom at smasher.org (Atom Smasher) Date: Tue Nov 29 14:25:42 2005 Subject: Forging fingerprints/KeyID? In-Reply-To: <20051129045325.GE18812@jabberwocky.com> References: <438B9FB2.8040707@mathematica.scientia.net> <20051129041754.GA18829@jabberwocky.com> <438BDAD6.2060500@mathematica.scientia.net> <20051129045325.GE18812@jabberwocky.com> Message-ID: <20051129110037.90176.qmail@smasher.org> On Mon, 28 Nov 2005, David Shaw wrote: > On Tue, Nov 29, 2005 at 05:36:38AM +0100, Christoph Anton Mitterer wrote: >> Ah,.. tanks :-) >> So it sould be completely enough to verify Name/eMail and the >> Fingerprint when signing another key,... and I don't have to compare >> creation date/keysize/algorithm/etc., right? > > Not unless you're signing a PGP 2.x (v3) key. ================== how feasible would it be for an attacker to create a small (512 bit?) v4 key with the same key id as a target key (irrelevant of the size and algorithm of the target key)? it may not be practical today to do this with a fingerprint collision, but i subscribe to the theory that it doesn't hurt to check the size and algorithm of keys before signing them. -- ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "Written laws are like spiders' webs, and will, like them, only entangle and hold the poor and weak, while the rich and powerful easily break through them." -- Anacharsis - (Scythian philosopher - 600 B.C.E.) From dshaw at jabberwocky.com Tue Nov 29 16:01:59 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Nov 29 16:01:50 2005 Subject: Forging fingerprints/KeyID? In-Reply-To: <20051129110037.90176.qmail@smasher.org> References: <438B9FB2.8040707@mathematica.scientia.net> <20051129041754.GA18829@jabberwocky.com> <438BDAD6.2060500@mathematica.scientia.net> <20051129045325.GE18812@jabberwocky.com> <20051129110037.90176.qmail@smasher.org> Message-ID: <20051129150159.GB20601@jabberwocky.com> On Tue, Nov 29, 2005 at 06:00:32AM -0500, Atom Smasher wrote: > On Mon, 28 Nov 2005, David Shaw wrote: > > >On Tue, Nov 29, 2005 at 05:36:38AM +0100, Christoph Anton Mitterer wrote: > >>Ah,.. tanks :-) > >>So it sould be completely enough to verify Name/eMail and the > >>Fingerprint when signing another key,... and I don't have to compare > >>creation date/keysize/algorithm/etc., right? > > > >Not unless you're signing a PGP 2.x (v3) key. > ================== > > how feasible would it be for an attacker to create a small (512 bit?) v4 > key with the same key id as a target key (irrelevant of the size and > algorithm of the target key)? It's pretty easy to create a short (eg, 99242560) key ID collision - just generate keys over and over on a resonably fast desktop machine until you collide. It's not yet realistic to create a long key ID collision (eg, DB698D7199242560) intentionally, though it does happen every now and then by accident. It's currently completely out of the question to intentionally create a colliding v4 fingerprint. To do so would imply a total break of SHA-1, in which case we have other problems. Note that even MD5 isn't broken to that extent. > it may not be practical today to do this with a fingerprint collision, but > i subscribe to the theory that it doesn't hurt to check the size and > algorithm of keys before signing them. It doesn't hurt, but it doesn't help either. Actually, it's not true that it doesn hurt - it does hurt a little if people start to believe that this actually protects them in a meaningful way. It's important to be honest with yourself. David From plail at web.de Tue Nov 29 16:26:38 2005 From: plail at web.de (Markus Plail) Date: Tue Nov 29 16:26:49 2005 Subject: Using TC Trustcenter.de certificates In-Reply-To: <87y837rjcv.fsf@wheatstone.g10code.de> (Werner Koch's message of "Tue, 29 Nov 2005 08:41:52 +0100") References: <87zmnqs7l3.fsf@plailis.daheim.bs> <87ek50oljs.fsf@wheatstone.g10code.de> <87veycwy68.fsf@plailis.daheim.bs> <87y837rjcv.fsf@wheatstone.g10code.de> Message-ID: <871x0z5vbl.fsf@plailis.daheim.bs> Werner Koch writes: > On Mon, 28 Nov 2005 17:10:39 +0100, Markus Plail said: > >> But how do I use gpgsm with Gnus then? Normally it uses gpg, doesn't it? > > It uses OpenSSL. However, Simon Josefsson is working on using gpgsm > with Gnus. Ok, thanks for the info, but is there a way to import p12 into gpg? I didn't get it to work and so worked around it by importing the p12 key into PGP, export it and import that key into gpg. That worked but I didn't find a way to do the same with gpg, gpgsm and openssl. regards Markus From telegraph at gmx.net Wed Nov 30 16:29:21 2005 From: telegraph at gmx.net (Gregor Zattler) Date: Wed Nov 30 18:56:54 2005 Subject: disjunct paths (was: Re: trust path lookup on server) In-Reply-To: <20051129044151.GC18812@jabberwocky.com> References: <20051125235616.GA19545@a-eskwadraat.nl> <20051129044151.GC18812@jabberwocky.com> Message-ID: <20051130152921.GL5208@pit.ID-43118.user.dfncis.de> Hi David, * David Shaw [28. Nov. 2005]: > On Sat, Nov 26, 2005 at 12:56:16AM +0100, Jaap Eldering wrote: > Yes, it is. There are a few servers that do more or less what you > describe (for example http://www.lysator.liu.se/~jc/wotsap/). It's > useful to see the various paths, but unless you trust each step in the > chain, it doesn't really help you get trust in the end point. Doesn't it help if there are several disjunct paths? Couldn't I say I trust a User-Id if more than n discunct paths of trust exist from my key to the other? Ciao, Gregor From kfitzner at excelcia.org Wed Nov 30 16:33:07 2005 From: kfitzner at excelcia.org (Kurt Fitzner) Date: Wed Nov 30 18:57:06 2005 Subject: PK-Encrypt-only Message-ID: <438DC633.2050305@excelcia.org> I am contemplating a change to my GnuPG Explorer Extension, but I need some background information. I know that encrypting a file without signing it is commonly done with symmetrical encryption. My question is, do people commonly use GnuPG to encrypt a file without signing it using PK-encryption? Personally, I don't think this would be very common at all. I mean, I can come up with conceptual reasons why someone might want to encrypt a file to someone else's key without signing the file, but in practice I would think it would be very rare. I would appreciate knowing if this is something that is commonly done, or if it is very rare. Kurt. From cam at mathematica.scientia.net Wed Nov 30 19:39:22 2005 From: cam at mathematica.scientia.net (Christoph Anton Mitterer) Date: Wed Nov 30 19:39:16 2005 Subject: PK-Encrypt-only In-Reply-To: <438DC633.2050305@excelcia.org> References: <438DC633.2050305@excelcia.org> Message-ID: <438DF1DA.1050803@mathematica.scientia.net> Kurt Fitzner wrote: >I know that encrypting a file without signing it is commonly done with >symmetrical encryption. My question is, do people commonly use GnuPG to >encrypt a file without signing it using PK-encryption? > > Well that's totally up to your personal taste =) >Personally, I don't think this would be very common at all. I mean, I >can come up with conceptual reasons why someone might want to encrypt a >file to someone else's key without signing the file, but in practice I >would think it would be very rare. > >I would appreciate knowing if this is something that is commonly done, >or if it is very rare. > > Well of course it is more secure if you sign it, too. And it should not cost that much.... Chris. From dshaw at jabberwocky.com Wed Nov 30 19:42:17 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Nov 30 19:42:05 2005 Subject: disjunct paths (was: Re: trust path lookup on server) In-Reply-To: <20051130152921.GL5208@pit.ID-43118.user.dfncis.de> References: <20051125235616.GA19545@a-eskwadraat.nl> <20051129044151.GC18812@jabberwocky.com> <20051130152921.GL5208@pit.ID-43118.user.dfncis.de> Message-ID: <20051130184217.GA23434@jabberwocky.com> On Wed, Nov 30, 2005 at 04:29:21PM +0100, Gregor Zattler wrote: > Hi David, > * David Shaw [28. Nov. 2005]: > > On Sat, Nov 26, 2005 at 12:56:16AM +0100, Jaap Eldering wrote: > > Yes, it is. There are a few servers that do more or less what you > > describe (for example http://www.lysator.liu.se/~jc/wotsap/). It's > > useful to see the various paths, but unless you trust each step in the > > chain, it doesn't really help you get trust in the end point. > > Doesn't it help if there are several disjunct paths? Couldn't I > say I trust a User-Id if more than n discunct paths of trust > exist from my key to the other? Yes, if you trust those disjunct paths :) A hundred disjunct paths that you don't trust don't help much. There is a notion of partial trust, where if you gather enough partially trusted signatures then it equals full trust. You can tune the trust calculations with the --marginals-needed and --completes-needed options. By default, you need 3 marginally trusted signatures or 1 completely trusted signature. David From rdieter at math.unl.edu Wed Nov 30 19:34:52 2005 From: rdieter at math.unl.edu (Rex Dieter) Date: Wed Nov 30 20:10:43 2005 Subject: libksba > 0.9.11 + gnupg-1.9.19 'make check' failures on x86_64 Message-ID: Here's a copy of what I recently sent to the -devel list... in case someone here can help or has comment. ------------------------------------- I've been trying to build gnupg-1.9.19 on Fedora Core 3/4 x86_64, but 'make check' always fails (because gpgsm segfaults)... relavent section of the build.log appended below. i386 and ppc builds and checks fine. On x86_64, gnupg-1.9.19 hacked to build against libksba-0.9.11 builds and checks fine too. Full build.log available at: http://buildsys.fedoraproject.org/logs/fedora-development-extras/1443-gnupg2-1.9.19-3.fc5/x86_64/ make[1]: Entering directory `/builddir/build/BUILD/gnupg-1.9.19/tests' make check-TESTS make[2]: Entering directory `/builddir/build/BUILD/gnupg-1.9.19/tests' gpgsm: WARNING: running with faked system time: 2002-12-02 13:29:59 read_assuan: read "OK GNU Privacy Guard's S/M server 1.9.19 ready" read_assuan: read " " sending `INPUT FD=9' expecting OK read_assuan: read "OK" read_assuan: read " " sending `OUTPUT FD=10' expecting OK read_assuan: read "OK" read_assuan: read " " sending `SIGN' expecting OK gpgsm: can't connect to `/builddir/build/BUILD/gnupg-1.9.19/tests/S.gpg-agent': No such file or directory gpgsm: CRLs not checked due to --disable-crl-checks option gpgsm: DBG: adding certificates at level 1 gpgsm: signature created read_assuan: read "S PROGRESS starting_agent ? 0 0" read_assuan: read " " read_assuan: read "S SIG_CREATED S 1 2 00 20021202T132959 3CF405464F66ED4A7DF45BBDD1E4282E33BDB76E " read_assuan: read "OK" read_assuan: read " " sending `RESET' expecting OK read_assuan: read "OK" read_assuan: read " " sending `INPUT FD=11' expecting OK read_assuan: read "OK" read_assuan: read " " sending `OUTPUT FD=12' expecting OK read_assuan: read "OK" read_assuan: read " " sending `VERIFY' expecting OK gpgsm: signal Segmentation fault caught ... exiting read_assuan: read "" asschk: read_assuan: received incomplete line on fd 13 FAIL: sm-sign+verify From telegraph at gmx.net Wed Nov 30 20:11:44 2005 From: telegraph at gmx.net (Gregor Zattler) Date: Wed Nov 30 20:12:38 2005 Subject: disjunct paths In-Reply-To: <20051130184217.GA23434@jabberwocky.com> References: <20051125235616.GA19545@a-eskwadraat.nl> <20051129044151.GC18812@jabberwocky.com> <20051130152921.GL5208@pit.ID-43118.user.dfncis.de> <20051130184217.GA23434@jabberwocky.com> Message-ID: <20051130191144.GB32380@pit.ID-43118.user.dfncis.de> Hi David, * David Shaw [30. Nov. 2005]: > On Wed, Nov 30, 2005 at 04:29:21PM +0100, Gregor Zattler wrote: > > Hi David, > > * David Shaw [28. Nov. 2005]: > > > On Sat, Nov 26, 2005 at 12:56:16AM +0100, Jaap Eldering wrote: > > > Yes, it is. There are a few servers that do more or less what you > > > describe (for example http://www.lysator.liu.se/~jc/wotsap/). It's > > > useful to see the various paths, but unless you trust each step in the > > > chain, it doesn't really help you get trust in the end point. > > > > Doesn't it help if there are several disjunct paths? Couldn't I > > say I trust a User-Id if more than n discunct paths of trust > > exist from my key to the other? > > Yes, if you trust those disjunct paths :) A hundred disjunct paths > that you don't trust don't help much. Why not? The disjunct paths from my key to the target key all start with keys signed by me. So all owners of this said keys must be part of an conspiracy. If I met the different key owners in different contextes this isn't very likely to happen. > There is a notion of partial trust, where if you gather enough > partially trusted signatures then it equals full trust. You can tune > the trust calculations with the --marginals-needed and > --completes-needed options. By default, you need 3 marginally trusted > signatures or 1 completely trusted signature. !? Does gpg calculate trust several hops along the trust path? Ciao, Gregor -- -... --- .-. . -.. ..--.. ...-.- From dshaw at jabberwocky.com Wed Nov 30 21:17:02 2005 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Nov 30 21:16:52 2005 Subject: disjunct paths In-Reply-To: <20051130191144.GB32380@pit.ID-43118.user.dfncis.de> References: <20051125235616.GA19545@a-eskwadraat.nl> <20051129044151.GC18812@jabberwocky.com> <20051130152921.GL5208@pit.ID-43118.user.dfncis.de> <20051130184217.GA23434@jabberwocky.com> <20051130191144.GB32380@pit.ID-43118.user.dfncis.de> Message-ID: <20051130201702.GB23434@jabberwocky.com> On Wed, Nov 30, 2005 at 08:11:44PM +0100, Gregor Zattler wrote: > Hi David, > * David Shaw [30. Nov. 2005]: > > On Wed, Nov 30, 2005 at 04:29:21PM +0100, Gregor Zattler wrote: > > > Hi David, > > > * David Shaw [28. Nov. 2005]: > > > > On Sat, Nov 26, 2005 at 12:56:16AM +0100, Jaap Eldering wrote: > > > > Yes, it is. There are a few servers that do more or less what you > > > > describe (for example http://www.lysator.liu.se/~jc/wotsap/). It's > > > > useful to see the various paths, but unless you trust each step in the > > > > chain, it doesn't really help you get trust in the end point. > > > > > > Doesn't it help if there are several disjunct paths? Couldn't I > > > say I trust a User-Id if more than n discunct paths of trust > > > exist from my key to the other? > > > > Yes, if you trust those disjunct paths :) A hundred disjunct paths > > that you don't trust don't help much. > > Why not? The disjunct paths from my key to the target key > all start with keys signed by me. So all owners of this said > keys must be part of an conspiracy. If I met the different key > owners in different contextes this isn't very likely to happen. Unless you're talking about paths with only one hop, it doesn't work. The paths *start* with keys signed by you. After that, you have no assurance. Given these paths: Gregor -> Alice -> Baker -> Charlie -> David Gregor -> Lorina -> Mark -> Nate -> David Gregor -> Edith -> Frank -> George -> David You know (because you signed them), that Alice, Lorina, and Edith are valid. Lets say that you also fully trust them to make good signatures, so that makes Baker, Mark, and Frank fully valid as well. However, not knowing how well Baker, Mark, or Frank issue signatures stops you from making Charlie, Nate or George valid, which stops you in turn from making my key valid. > > There is a notion of partial trust, where if you gather enough > > partially trusted signatures then it equals full trust. You can tune > > the trust calculations with the --marginals-needed and > > --completes-needed options. By default, you need 3 marginally trusted > > signatures or 1 completely trusted signature. > > !? Does gpg calculate trust several hops along the trust path? GPG will calculate trust for 5 hops along the path, by default. You can tune this with --max-cert-depth. David From bogus@does.not.exist.com Thu Nov 10 09:51:52 2005 From: bogus@does.not.exist.com () Date: Thu Dec 22 14:34:27 2005 Subject: No subject Message-ID: "As of 2003 RSA Security claims that 1024-bit RSA keys are equivalent in strength to 80-bit symmetric keys, 2048-bit RSA keys to 112-bit symmetric keys and 3072-bit RSA keys to 128-bit symmetric keys. RSA claims that 1024-bit keys are sufficient until 2010 and that 2048-bit keys are sufficient until 2030. An RSA key length of 3072 bits should be used if security is required beyond 2030. NIST key management guidelines further suggest that 15360-bit RSA keys are equivalent in strength to 256-bit symmetric keys." That certainly suggests that the increase in difficulty as keylength increases isn't nearly as steep as for a symmetric cipher. *Stops conjecture* So how is RSA keylength related to difficulty in breaking? On 12/22/05, Atom Smasher wrote: > On Wed, 21 Dec 2005, Aleksandar Milivojevic wrote: > > > From the security standpoint, more bits do not buy you more security. > > Having 16k key or 2k key will buy you about the same security. It is > > not all in the key lenght. My opinion is, just use 2k key. It will > > serve you well. I generated one 4k key some time ago, and have almost > > never used it. Looking back, that was really pointless thing to do. > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > to paraphrase bruce schneier: what's more secure? a fence that's a > thousand feet tall or a fence that's ten thousand feet tall? > > that said, computers keep getting faster and attacks keep getting better. > back in the early days of PGP(tm) a 1024 bit key would have been > considered bigger than you'd ever need. history has shown that 1024 bit > keys are now generally considered the smallest key you'd want to use, and > may not be "safe" over the course of the next 10-20 years. > > the thing to bear in mind, though, is that a 2048 bit key isn't *just* > twice as strong as a 1024 bit key... (according to my math, please correc= t > me if i'm wrong) it's this many times stronger: > > 17976931348623159077293051907890247336179769789423065727343008115773\ > 26758055009631327084773224075360211201138798713933576587897688144166\ > 22492847430639474124377767893424865485276302219601246094119453082952\ > 08500576883815068234246288147391311054082723716335051068458629823994\ > 7245938479716304835356329624224137216 > > a 1025 bit key (if there was such a thing) would be [merely] twice as > strong as a 1024 bit key. a 1028 bit key would be 16 times stronger. > compared to a 1024 bit key, a 4096 bit key is stronger by a number that's > represented by (about) 4624 decimal digits. since no one has publicly > broken a 1K key i feel pretty safe using 2K keys for everyday stuff. > > also, anyone considering huge keys should read this section from the > diceware FAQ - > and remember that breaking a key is the hardest way to "break" pgp... > there are a lot of easier methods, such as key-loggers and spy-cameras. > > > -- > ...atom > > _________________________________________ > PGP key - http://atom.smasher.org/pgp.txt > 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 > ------------------------------------------------- > > "What sane person could live in this world and not be crazy?" > -- Ursula K. LeGuin > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From bogus@does.not.exist.com Thu Nov 10 09:51:52 2005 From: bogus@does.not.exist.com () Date: Mon Feb 13 19:35:22 2006 Subject: No subject Message-ID: able to use their smartcards in open-source applications, but where not able to! Now OpenSC (All cards), Aladdin, Athena, ActivCard, Rainbow can all enjoy working applications (Firefox, Thunderbird, OpenVPN, OpenSSH, these days I try to convince KDE developers to support PKCS#11 as well...). Best Regards, Alon Bar-Lev. From bogus@does.not.exist.com Thu Nov 10 09:51:52 2005 From: bogus@does.not.exist.com () Date: Tue Mar 14 08:23:48 2006 Subject: No subject Message-ID: might be true. I noticed the same just recently. It might be nice to have some sort of hybrid setup... half the signature generated on card half on the host, but that would probably have a huge impact on both the openpgp smartcard protocal and gnupg and the software on the card. > Michael > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000 Fax. +31 20 668 3167 PGP Key fingerprint = 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC "I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end." -- Douglas Adams From bogus@does.not.exist.com Thu Nov 10 09:51:52 2005 From: bogus@does.not.exist.com () Date: Wed Mar 29 23:03:18 2006 Subject: No subject Message-ID: whether this vulnerability also applied to verification of clearsigned text. Does it? Thanks! -Phil __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From bogus@does.not.exist.com Thu Nov 10 09:51:52 2005 From: bogus@does.not.exist.com () Date: Tue Jun 6 11:25:55 2006 Subject: No subject Message-ID: --ask-sig-expire --no-ask-sig-expire When making a data signature, prompt for an expiration time. If this option is not specified, the expiration time set via --default-sig-expire is used. --no-ask-sig-expire disables this option. Note that by default, --force-v3-sigs is set which also disables this option. If you want signature expi- ration, you must set --no-force-v3-sigs as well as turning --ask-sig-expire on. --default-sig-expire The default expiration time to use for signature expiration. Valid values are "0" for no expiration, a number followed by the letter d (for days), w (for weeks), m (for months), or y (for years) (for example "2m" for two months, or "5y" for five years), or an absolute date in the form YYYY-MM-DD. Defaults to "0". > When i use the --list-sig command, is there any way i can see the > expiration date for signatures? From bogus@does.not.exist.com Thu Nov 10 09:51:52 2005 From: bogus@does.not.exist.com () Date: Tue Jun 6 11:25:56 2006 Subject: No subject Message-ID: --list-options parameters This is a space or comma delimited string that gives options used when listing keys and signatures (that is, --list-keys, --list-sigs, --list-public-keys, --list-secret-keys, and the --edit-key functions). Options can be prepended with a `no-' to give the opposite meaning. The options are: (...) show-sig-expire Show signature expiration dates (if any) during --list-sigs or --check-sigs listings. Defaults to no. The options I cited from the man page can be used on the commandline every time you need them or you can put them in the configuration file for gpg (gpg.conf) so that they are invoked every time you use gpg. Dirk From bogus@does.not.exist.com Thu Nov 10 09:51:52 2005 From: bogus@does.not.exist.com () Date: Tue Aug 1 13:49:19 2006 Subject: No subject Message-ID: key is its `gpgme_key_t' object, even if, behind the scene, it all boils down to using the key's fingerprint. Thanks, Ludovic. [0] http://marc.theaimsgroup.com/?l=gnupg-devel&m=115283285911807&w=2 [1] http://marc.theaimsgroup.com/?l=gnupg-devel&m=115286624006439&w=2 From bogus@does.not.exist.com Thu Nov 10 09:51:52 2005 From: bogus@does.not.exist.com () Date: Fri Oct 27 19:41:58 2006 Subject: No subject Message-ID: > gpg: keyring_get_keyblock: read error: invalid packet From bogus@does.not.exist.com Thu Nov 10 09:51:52 2005 From: bogus@does.not.exist.com () Date: Fri Oct 27 19:41:58 2006 Subject: No subject Message-ID: To be sure, you might want to apply the attached patch which fixes a problem with uncompressing certain messages. I can't see how this could lead to the above problem, so just to exclude this rare problem. Shalom-Salam, Werner --=national-information-infrastructure-CIDA-Bellcore-undercover-Forte=B Content-Disposition: inline; filename=fix-537.diff Fixes a bug while decrypting certain compressed and encrypted messages. See http://bugs.gnupg.org/537 . 2006-10-02 Werner Koch * encr-data.c (decrypt_data, mdc_decode_filter): Check the MDC right here and don't let parse-packet handle the MDC. Index: encr-data.c =================================================================== --- encr-data.c (.../tags/gnupg-1.4.5/g10/encr-data.c) (revision 4280) +++ encr-data.c (.../branches/STABLE-BRANCH-1-4/g10/encr-data.c) (revision 4280) @@ -1,5 +1,6 @@ /* encr-data.c - process an encrypted data packet - * Copyright (C) 1998, 1999, 2000, 2001, 2005 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2005, + * 2006 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -41,7 +42,7 @@ typedef struct { CIPHER_HANDLE cipher_hd; MD_HANDLE mdc_hash; - char defer[20]; + char defer[22]; int defer_filled; int eof_seen; } decode_filter_ctx_t; @@ -146,12 +147,30 @@ if( ed->mdc_method && dfx.eof_seen == 2 ) rc = G10ERR_INVALID_PACKET; else if( ed->mdc_method ) { /* check the mdc */ + /* We used to let parse-packet.c handle the MDC packet but + this turned out to be a problem with compressed packets: + With old style packets there is no length information + available and the decompressor uses an implicit end. + However we can't know this implicit end beforehand (:-) and + thus may feed the decompressor with more bytes than + actually needed. It would be possible to unread the extra + bytes but due to our weird iobuf system any unread is non + reliable due to filters already popped off. The easy and + sane solution is to care about the MDC packet only here and + never pass it to the packet parser. Fortunatley the + OpenPGP spec requires a strict format for the MDC packet so + that we know that 22 bytes are appended. */ int datalen = md_digest_length( ed->mdc_method ); - cipher_decrypt( dfx.cipher_hd, dfx.defer, dfx.defer, 20); + cipher_decrypt( dfx.cipher_hd, dfx.defer, dfx.defer, 22); + md_write (dfx.mdc_hash, dfx.defer, 2); md_final( dfx.mdc_hash ); - if( datalen != 20 - || memcmp(md_read( dfx.mdc_hash, 0 ), dfx.defer, datalen) ) + if (dfx.defer[0] != '\xd3' || dfx.defer[1] != '\x14' ) { + log_error("mdc_packet with invalid encoding\n"); + rc = G10ERR_INVALID_PACKET; + } + else if ( datalen != 20 + || memcmp(md_read( dfx.mdc_hash, 0 ), dfx.defer+2, datalen) ) rc = G10ERR_BAD_SIGN; /*log_hexdump("MDC calculated:", md_read( dfx.mdc_hash, 0), datalen);*/ /*log_hexdump("MDC message :", dfx.defer, 20);*/ @@ -182,23 +201,23 @@ } else if( control == IOBUFCTRL_UNDERFLOW ) { assert(a); - assert( size > 40 ); + assert( size > 44 ); /* get at least 20 bytes and put it somewhere ahead in the buffer */ - for(n=20; n < 40 ; n++ ) { + for(n=22; n < 44 ; n++ ) { if( (c = iobuf_get(a)) == -1 ) break; buf[n] = c; } - if( n == 40 ) { + if( n == 44 ) { /* we have enough stuff - flush the deferred stuff */ /* (we have asserted that the buffer is large enough) */ if( !dfx->defer_filled ) { /* the first time */ - memcpy(buf, buf+20, 20 ); - n = 20; + memcpy(buf, buf+22, 22 ); + n = 22; } else { - memcpy(buf, dfx->defer, 20 ); + memcpy(buf, dfx->defer, 22 ); } /* now fill up */ for(; n < size; n++ ) { @@ -206,22 +225,22 @@ break; buf[n] = c; } - /* move the last 20 bytes back to the defer buffer */ - /* (okay, we are wasting 20 bytes of supplied buffer) */ - n -= 20; - memcpy( dfx->defer, buf+n, 20 ); + /* Move the last 22 bytes back to the defer buffer. */ + /* (okay, we are wasting 22 bytes of supplied buffer) */ + n -= 22; + memcpy( dfx->defer, buf+n, 22 ); dfx->defer_filled = 1; } else if( !dfx->defer_filled ) { /* eof seen buf empty defer */ /* this is bad because there is an incomplete hash */ - n -= 20; - memcpy(buf, buf+20, n ); + n -= 22; + memcpy(buf, buf+22, n ); dfx->eof_seen = 2; /* eof with incomplete hash */ } else { /* eof seen */ - memcpy(buf, dfx->defer, 20 ); - n -= 20; - memcpy( dfx->defer, buf+n, 20 ); + memcpy (buf, dfx->defer, 22 ); + n -= 22; + memcpy( dfx->defer, buf+n, 22 ); dfx->eof_seen = 1; /* normal eof */ } --=national-information-infrastructure-CIDA-Bellcore-undercover-Forte=B--