From aherron at kowabunga.com Sat Apr 1 00:45:09 2006 From: aherron at kowabunga.com (Andrew Herron) Date: Sat Apr 1 02:26:23 2006 Subject: ASP Shell and GnuPG Message-ID: <442DB0F5.3090909@kowabunga.com> Hello all, I'm trying to get GPG to work using the Wshell object in ASP. It worked just fine on our Windows 2000 Server, however, after the recent move to Windows 2003 Server, we're running into issues. I've verified permissions on all files needed but when I run the command, I get an error code 2 returned. Any help would be greatly appreciated, the code used to test is below: <% Set WshShell = Server.CreateObject("Wscript.Shell") command = "gpg --decrypt-files ""c:\inetpub\gpg\keytest.gpg""" response.write "Exit Code: " & WshShell.run(command, 1, true) & "
" set wshshell = nothing %> <%=command%>

done Thanks. Andrew Herron From spacemarc at gmail.com Sat Apr 1 12:00:21 2006 From: spacemarc at gmail.com (spacemarc) Date: Sat Apr 1 12:56:11 2006 Subject: Howto upgrade to 1.4.2.2 from 1.4.2 Message-ID: <200604011200.21757.spacemarc@gmail.com> Hi I have gpg 1.4.2 on Mandriva linux and I would upgrade it to new 1.4.2.2. How to do? Which syntax must I use? thanks! From feitao at msn.com Sat Apr 1 21:12:42 2006 From: feitao at msn.com (feitao) Date: Sat Apr 1 22:56:22 2006 Subject: ElGamal: key length vs performance Message-ID: Hi, As I understand, by default, GunPG uses ElGamal to encrypt/decrypt files, and the recommended key length is 1024 bit. Is there any information on how encryption/decryption time changes with the key length? Thanks a lot, From johnmoore3rd at joimail.com Sat Apr 1 23:10:01 2006 From: johnmoore3rd at joimail.com (John W. Moore III) Date: Sat Apr 1 23:09:36 2006 Subject: ElGamal: key length vs performance In-Reply-To: References: Message-ID: <442EEC29.6080303@joimail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 feitao wrote: > Hi, > > As I understand, by default, GunPG uses ElGamal to encrypt/decrypt files, > and the recommended key length is 1024 bit. Is there any information on how > encryption/decryption time changes with the key length? Thanks a lot, FWIW, the larger the size of the Key being used the "longer" the time required. However, unless you're using a Processor older than Pentium III I doubt that it would be obvious to the User. Of course, the difference between using a 1024 Key and an 8192 Key *would* be noticeable. I am not quite certain where you understand ElGamal is the 'Default' since it is possible to generate an RSA encryption Key and many folks do. JOHN :-\ Timestamp: Saturday 01 Apr 2006, 16:09 --500 (Eastern Standard Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3-cvs4086: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org Comment: Homepage: http://tinyurl.com/9ubue Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJELuwnAAoJEBCGy9eAtCsP0AwH/3V95ipjY/un7sDUT5tS4eoz IeGWXwT3PMvh4/+h+Dhn9wK7LJPfh6+p+7Eg8K8tlSYQhhYcTi9ZPUgyLTfEKi6w SqJj8P7Y5cuiReG15zXwanKHyWGsZrYty5LAkFC4DFrzvR4nfT3nAqrIK7CndzUV YD7gbKki7REjoKykn23NlAb73nj3J/QiHob5fjgNWMmOBzkauCbhgW96sXqpZM3/ qriVOng6+NHYVa6+KymWVFMn2nphBIU5vp30KTvpwu14bgrLIZ8qv070lCHr7XLv QjoTHdy0sox7K6FJOVFh0Wkmk40mp+o6cf2EYpouTgs+Vdk2PwAJ9xElvaQvf+c= =VwD5 -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Sun Apr 2 00:08:29 2006 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun Apr 2 00:07:46 2006 Subject: ElGamal: key length vs performance In-Reply-To: References: Message-ID: <442EF9DD.2000305@sixdemonbag.org> feitao wrote: > As I understand, by default, GunPG uses ElGamal to encrypt/decrypt files, > and the recommended key length is 1024 bit. Is there any information on how > encryption/decryption time changes with the key length? Thanks a lot, This one can best be answered with a giant "it depends". GnuPG is a hybrid cryptosystem. It uses both symmetric and asymmetric cryptography to encrypt your file. The asymmetric component is going to be dog slow, but the good news is that only a few bytes of data are encrypted with it. The rest of your file is decrypted using symmetric crypto, which is really quite fast. For small files, the asymmetric component will take up most of the time and it makes sense to ask how encryption/decryption times vary with key lengths. For large files, the symmetric component will dominate, and it won't make sense to ask how encryption/decryption times vary with key lengths. The best general advice I can give you is "this isn't something you need to worry about". Even with a 4kbit key on an old Pentium-II, the asymmetric operations are fairly brisk. It's quite usable. From dshaw at jabberwocky.com Sun Apr 2 00:53:15 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Sun Apr 2 00:52:33 2006 Subject: ElGamal: key length vs performance In-Reply-To: <000601c655c0$400c7d80$a3292480@yale95629b92ac> References: <000601c655c0$400c7d80$a3292480@yale95629b92ac> Message-ID: <20060401225315.GB9337@jabberwocky.com> On Sat, Apr 01, 2006 at 02:12:42PM -0500, feitao wrote: > Hi, > > As I understand, by default, GunPG uses ElGamal to encrypt/decrypt files, > and the recommended key length is 1024 bit. Is there any information on how > encryption/decryption time changes with the key length? Thanks a lot, Not significantly. GnuPG uses Elgamal to encrypt a session key, which is only around 16-32 bytes long. That's not going to change much regardless of the key length. If you were encrypting many files over and over again, perhaps, but most people never notice it in practice. The performance between different ciphers (3DES, AES, CAST5, etc) is where you might see something, and it will vary over different sized files to encrypt. David From arildbjork at yahoo.no Sun Apr 2 08:21:29 2006 From: arildbjork at yahoo.no (Arild Bjørk) Date: Sun Apr 2 09:56:22 2006 Subject: ElGamal: key length vs performance In-Reply-To: <20060401225315.GB9337@jabberwocky.com> Message-ID: <20060402062129.78940.qmail@web26201.mail.ukl.yahoo.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 - --- David Shaw wrote: > The performance between different ciphers (3DES, AES, CAST5, etc) is > where you might see something, and it will vary over different sized > files to encrypt. As an indication of the speed of the ciphers you should download and install Truecrypt from www.truecrypt.org. Under the menu Tools you'll find Benchmark which reports the speed for the ciphers in ram. 3DES is the slowest. Blowfish seems to be the fastest. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) - GPGshell v3.51 iD8DBQFEL21ln1hjZcCMxG0RA5s+AJ9iWFtknJ7Ea6LGn585mWef3kTEPACfea/a nG3Q9of43F8jn8w3TX3+GRQ= =McPn -----END PGP SIGNATURE----- From malayter at gmail.com Sun Apr 2 16:37:29 2006 From: malayter at gmail.com (Ryan Malayter) Date: Sun Apr 2 16:36:44 2006 Subject: ElGamal: key length vs performance In-Reply-To: <442FBCC7.6070705@tiscali.it> References: <20060402062129.78940.qmail@web26201.mail.ukl.yahoo.com> <442FBCC7.6070705@tiscali.it> Message-ID: <5d7f07420604020737x44b6b497ge7ec18000824da19@mail.gmail.com> On 4/2/06, Qed wrote: > Different implementations => different speeds. > You cannot rely on a particular piece software to infer general > performance figures for crypto algos. This is very true. In my tests, for example, AES implementation in GnuPG runs far slower than the implementation used in TrueCrypt, 7zip or a number of other x86-specific programs. I mentioned this speed difference to Werner a while back, and he explained GnuPG has to work on many platforms, so using code optimized for x86 - even if it is C-code optimized for x86 - isn't going to happen. Which makes sense. The easiest way to test is to simply encrypt the same file several times using different --cipher-algo parameters on the command line. My tests on Pentium 4s showed CAST5 to be the fastest algorithm in GnuPG on that platform, but your own hardware is different, you should run your own tests. See this discussion at: http://lists.gnupg.org/pipermail/gnupg-users/2005-August/026315.html From rjh at sixdemonbag.org Mon Apr 3 01:05:00 2006 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon Apr 3 02:05:07 2006 Subject: Meaning of rvk in --fixed-list-mode? Message-ID: <4430589C.5050801@sixdemonbag.org> When looking over the output of --fixed-list-mode --with-colons --list-sig, I discovered that one key which has a designated revoker listed did not have a "rvk:" row in the key output. According to doc/DETAILS, rvk is used to designate revocation keys. So... what am I missing here? What are the precise semantics for rvk? From dshaw at jabberwocky.com Mon Apr 3 04:00:21 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Apr 3 03:59:42 2006 Subject: Meaning of rvk in --fixed-list-mode? In-Reply-To: <4430589C.5050801@sixdemonbag.org> References: <4430589C.5050801@sixdemonbag.org> Message-ID: <20060403020021.GA11021@jabberwocky.com> On Sun, Apr 02, 2006 at 06:05:00PM -0500, Robert J. Hansen wrote: > When looking over the output of --fixed-list-mode --with-colons > --list-sig, I discovered that one key which has a designated revoker > listed did not have a "rvk:" row in the key output. What key? David From jharris at widomaker.com Mon Apr 3 04:14:31 2006 From: jharris at widomaker.com (Jason Harris) Date: Mon Apr 3 04:14:12 2006 Subject: new (2006-04-02) keyanalyze results (+sigcheck) Message-ID: <20060403021431.GA1459@wilma.widomaker.com> New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2006-04-02/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the "permanent" files: 38a0d350dc25d454aacbce078c4954cd14d45e18 13539528 preprocess.keys 45b8373dc5d0048206082d34c5236fd2e02e425e 8101039 othersets.txt 0dd567fd081b28f3eba62f0519a1cbb566d95c38 3313300 msd-sorted.txt a751f9d5477744a4f5e5ce6ebad6a60908e317ee 1372 index.html aa29a3e356b00c7eef2956ca8afd2889357f5d80 2290 keyring_stats 52150a26b5eca5c9877d79d60f824e60e8c984c2 1300853 msd-sorted.txt.bz2 9694659c3b5c1d60068de2deb0f04f36de1dd993 26 other.txt d633f82621242679da179b4a7e65b6da34bb6e19 1753509 othersets.txt.bz2 0f4307256d93d8c72e996a187ce00ae1168d9a10 5484635 preprocess.keys.bz2 4e0ae351533434cf05b81704ca465d0920902e4c 13791 status.txt bb400bee4ee400ebcf9efa585d84bff9579034a9 209785 top1000table.html 0f21e259655d76a377c7bd2a879d492c1cd508bf 29891 top1000table.html.gz 5883bd1406c034432ec60637cb2619da9a1e7c39 10776 top50table.html ead1d8416085827976f5ed9a9e88bb819650a0fa 2544 D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 315 bytes Desc: not available Url : /pipermail/attachments/20060402/698e2d83/attachment.pgp From wk at gnupg.org Mon Apr 3 08:50:26 2006 From: wk at gnupg.org (Werner Koch) Date: Mon Apr 3 08:57:03 2006 Subject: ElGamal: key length vs performance In-Reply-To: <442FBCC7.6070705@tiscali.it> (qed@tiscali.it's message of "Sun, 02 Apr 2006 14:00:07 +0200") References: <20060402062129.78940.qmail@web26201.mail.ukl.yahoo.com> <442FBCC7.6070705@tiscali.it> Message-ID: <87hd5b2lvx.fsf@wheatstone.g10code.de> On Sun, 02 Apr 2006 14:00:07 +0200, Qed said: > Different implementations => different speeds. > You cannot rely on a particular piece software to infer general > performance figures for crypto algos. Here are some figures from libgcrypt which uses the same implementation as gnupg does. CFB mode is used by OpenPGP. The numbers are for 10^6 bytes encryption/decryption including key setup for each. CPU is a Pentium M at 1500MHz. ECB CBC CFB --------------- --------------- --------------- 3DES 120ms 120ms 130ms 130ms 130ms 120ms CAST5 40ms 30ms 50ms 60ms 40ms 50ms BLOWFISH 50ms 50ms 60ms 70ms 60ms 60ms AES 30ms 30ms 40ms 40ms 30ms 40ms AES192 30ms 30ms 40ms 50ms 40ms 40ms AES256 30ms 40ms 50ms 40ms 50ms 40ms TWOFISH 40ms 30ms 50ms 40ms 40ms 50ms DES 50ms 60ms 70ms 70ms 60ms 70ms TWOFISH128 40ms 30ms 50ms 40ms 40ms 40ms SERPENT128 90ms 90ms 100ms 100ms 100ms 100ms SERPENT192 90ms 90ms 100ms 100ms 100ms 90ms SERPENT256 90ms 90ms 100ms 100ms 100ms 100ms RFC2268_40 120ms 70ms 130ms 90ms 130ms 120ms Shalom-Salam, Werner From shavital at mac.com Mon Apr 3 10:43:44 2006 From: shavital at mac.com (Charly Avital) Date: Mon Apr 3 10:43:20 2006 Subject: GnuPG 1.9.20 on MacOS X - Question about agent Message-ID: <4430E040.5040302@mac.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Thanks to the patches posted by Remco Post in this forum, for libksba and gnupg 1.9.20, I could have the latter configured for: Platform: Darwin (powerpc-apple-darwin8.5.0) OpenPGP: no S/MIME: yes Agent: yes Smartcard: yes Protect tool: (default) Default agent: (default) Default pinentry: (default) Default scdaemon: (default) Default dirmngr: (default) PKITS based tests: no But 'make' posts the warning: - ---------- gpgparsemail.c:150: error: static declaration of 'stpcpy' follows non-static declaration gpgparsemail.c: In function 'parse_message': gpgparsemail.c:603: warning: pointer targets in passing argument 2 of 'rfc822parse_insert' differ in signedness make[1]: *** [gpgparsemail.o] Error 1 make: *** [check-recursive] Error 1 - ---------------- and of course 'sudo make install' warns: - ------- then mv -f ".deps/gpgparsemail.Tpo" ".deps/gpgparsemail.Po"; else rm -f ".deps/gpgparsemail.Tpo"; exit 1; fi gpgparsemail.c:150: error: static declaration of 'stpcpy' follows non-static declaration gpgparsemail.c: In function 'parse_message': gpgparsemail.c:603: warning: pointer targets in passing argument 2 of 'rfc822parse_insert' differ in signedness make[1]: *** [gpgparsemail.o] Error 1 make: *** [install-recursive] Error 1 - --------------- Running MacOS X 10.4.5, gpg 1.4.2.2, S/MIME works correctly, But when I enable the use of agent in gpg.conf and in the MUA (Thunderbird 1.5+enigmail 0.94.0) I get a warning that the passphrase is not correct. Is this because of the 'parse_message' error, and if so, how could I remedy? Thanks, and sorry for cross posting Charly -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (Darwin) Comment: GnuPG for Privacy Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBRDDgO269XHxycyfPAQjMGA/+PQ8Tjm/rydR5LTI4yyg8Hl0vQmZYsBL2 3oex/R3aZwCSI6whG+D3x8YVQ/evyD0yAAuKhqD5SeYBXeEvi71/vteAeKtXvgVG 8YG4iuF/Ld4smhQnZlOtoSVyGJbZE2hfkQ/PCOnP8rRm2/vZCfitAISMbi2AnL6D 3tqASibokmDMePzlUSeMw5lWmlm0a1Aw53fo0dYGMDF/p4R6eISEq9iTeJFLEqp7 Z3NXuuBRccd20LBNLz3ROIY7yeWHZZ26TmWm3BgY8L2CqxV9WHjoF/OUsDI98+3r Vd1Ug/ZyGtKhsiPXnEA1qSemEZVCc8oJWEDYSrjYklOXSCxvpkaEDM25tndpaWND JRYuHfbHtanMgdqzgwbbcUfSZ4+Tg94OHG9UJgt0+jyyXd0hc1z05QiXy+31KqNn 7l8JwVkbgQngFXYO9RkhXU0VI0lccvz5lfr7/GpkFohJgPnl+ScFz6L9FPgMOWS0 FQUvjBngqG5OFzzbdZKF3Ly1io4X+b0kYFLItuv4BQ869h+UZ1ATiuZUZ1ScQSu7 eQVud3yku0JlSCWTDylNtw+idtCmSQlw9xZ/bA3a9Abbgh3EcejDWrdHMTU+0ofx z+g2ffoPg6FvFnkMpJUVOK9ViL9mcoYlkcLE6hkp05q6J/0YAicCi1DtQ+3jd01J ZlR8zfd2EWk= =Cx5G -----END PGP SIGNATURE----- From wk at gnupg.org Mon Apr 3 14:13:15 2006 From: wk at gnupg.org (Werner Koch) Date: Mon Apr 3 14:31:40 2006 Subject: [Announce] GnuPG 1.4.3 released Message-ID: <87lkum26xw.fsf@wheatstone.g10code.de> Skipped content of type multipart/signed-------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From shavital at mac.com Mon Apr 3 15:56:14 2006 From: shavital at mac.com (Charly Avital) Date: Mon Apr 3 15:55:40 2006 Subject: [Announce] GnuPG 1.4.3 released In-Reply-To: <87lkum26xw.fsf@wheatstone.g10code.de> References: <87lkum26xw.fsf@wheatstone.g10code.de> Message-ID: <4431297E.4050303@mac.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Compiled from source and installed under MacOS X 10.4.5 Darwin (powerpc-apple-darwin8.5.0) Thanks to the Team. Charly Thanks Werner Koch wrote the following on 4/3/06 8:13 AM: > Hello! > > We are pleased to announce the availability of a new stable GnuPG > release: Version 1.4.3 > [...] > > Thanks > ====== > > We have to thank all the people who helped with this release, be it > testing, coding, translating, suggesting, auditing, administering the > servers, spreading the word or answering questions on the mailing > lists. > > > Happy Hacking, > > > The GnuPG Team (David, Werner and the other contributors) > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) Comment: GnuPG for Privacy Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBRDEpc269XHxycyfPAQjTZA/+LqJhK8tL2yxMiEaTSCv28mriYrZnTbdj B9ojxttdoD+fCbxJ9upGT+dJ2sfBaY4bhVp6FbNwEgAaehKdc3+mQC49iGWghh9B 3gnPoppDwK/82CiN+urXIGPf2yIIdbbOS7BKJDjBp5McvFemsRoH3FzXqfoPPBPd eS0/IOTGUA/oN2moObjIW8jREmTIpjHA0nvihnSumHXKY8zv6rqk4rGHYWJt/Exr 9iujRF58iVcbgqwXL8/IN/NjdzSsQn54NhNB/SNd1tp6VDiYcP7w0dr9fMan9SwL eUjX61MTBWX0XJMoW/dCEXzMJucitFjWO8fbsmE41fa7aAjQvzTmx7rmaiD+abgd WP2mjX3n+S68BwTJfgbNaU0a6isxbVNYZGsWoxfdoF8/VEKRImL1KmZjESUCDa9h BgbI644nCwPBsYZ0ZBMGjJ+0TxczLmcufSoIR1bsOWCQWlOWl0YJy1G/AGXQhyDR XsMlsFElRCpSQB9VD3zyja/WDx4751ulW/LrZVdwfRnYtRupFdxSU8EP2uzHL6pU kZjD1BvZX0dNG9xDQc3v9e2+OZiZkhAnlYhHFtUUGkx2m9RBWLv3yhpMjoy+Yzg/ kWLU3rIkg+OCNLaMcKO/Q/h5qBYO0ysHK8Z89ahjL6iUm7m+YwEckrwnuHDdyBNI BCSkMS6oVRo= =eNm7 -----END PGP SIGNATURE----- From openmacnews at gmail.com Mon Apr 3 18:26:31 2006 From: openmacnews at gmail.com (OpenMacNews) Date: Mon Apr 3 19:27:51 2006 Subject: gnupg 1.4.3 build fails @ 'make' on OSX 10.4.5, unless "--disable-nls" Message-ID: <44314CB7.9090207@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 hi all. 1.4.2 was built/running OK on my OSX 10.4.5. attempting the 1.4.3 build ... ./configure w/: ./configure \ --prefix=/usr/local \ --with-readline=/usr/local \ --with-zlib=/usr/local \ --with-libcurl=/usr/local/lib results in a 'make' fail @: ... Making all in tools if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../intl - -L/usr/local/include -I/usr/local/include -I/usr/local/include - -I/usr/local/include -g -O2 -Wall -Wno-pointer-sign -MT gpgsplit.o -MD - -MP -MF ".deps/gpgsplit.Tpo" -c -o gpgsplit.o gpgsplit.c; \ then mv -f ".deps/gpgsplit.Tpo" ".deps/gpgsplit.Po"; else rm -f ".deps/gpgsplit.Tpo"; exit 1; fi gcc -g -O2 -Wall -Wno-pointer-sign -L/usr/local/lib -lreadline -lpcre - -L/usr/local/lib -L/usr/local/lib -o gpgsplit gpgsplit.o ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a -liconv -lintl - -liconv -lc -lz -lbz2 /usr/bin/ld: multiple definitions of symbol _xfree /usr/local/lib/libreadline.dylib(xmalloc.so) definition of _xfree ../util/libutil.a(memory.o) definition of _xfree in section (__TEXT,__text) /usr/bin/ld: multiple definitions of symbol _xmalloc /usr/local/lib/libreadline.dylib(xmalloc.so) definition of _xmalloc ../util/libutil.a(memory.o) definition of _xmalloc in section (__TEXT,__text) /usr/bin/ld: multiple definitions of symbol _xrealloc /usr/local/lib/libreadline.dylib(xmalloc.so) definition of _xrealloc ../util/libutil.a(memory.o) definition of _xrealloc in section (__TEXT,__text) /usr/bin/ld: warning multiple definitions of symbol _locale_charset /usr/lib/gcc/powerpc-apple-darwin8/4.0.1/../../../libiconv.dylib(localcharset.o) definition of _locale_charset /usr/local/lib/libintl.dylib(localcharset.o) definition of _locale_charset collect2: ld returned 1 exit status make[2]: *** [gpgsplit] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 DISABLING nls, as: ./configure \ --prefix=/usr/local \ --with-readline=/usr/local \ --with-zlib=/usr/local \ --with-libcurl=/usr/local/lib \ --disable-nls howeverm results in a successful 'make' fwiw, my /usr/local/lib/libintl.dylib is from a local install of GETTEXT v0.14.5 ... just starting to poke around as to what changed ... any suggestions? richard - -- /"\ \ / ASCII Ribbon Campaign X against HTML email, vCards / \ & micro$oft attachments [GPG] OpenMacNews at gmail dot com fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (Darwin) iEYEAREDAAYFAkQxTLYACgkQlffdvTZxCMZQQwCeOf4GaBR4/1SpSuzrb0EKQD2f /KQAn20L+B/D2wRJZ3R7OuktFCeadvxm =ChrY -----END PGP SIGNATURE----- From doczook at doczook.de Mon Apr 3 18:40:04 2006 From: doczook at doczook.de (Tobias Mummert) Date: Mon Apr 3 19:56:29 2006 Subject: GnuPG 1.4.3 failed to compile Message-ID: <20060403164004.GA12672@doczook.de> Hi, Debian vanilla, GCC 3.3.5, Kernel 2.6.16.1: memory.c: In function `xrealloc': memory.c:512: warning: implicit declaration of function `m_alloc_secure_clear' memory.c:512: warning: assignment makes pointer from integer without a cast memory.c:514: warning: implicit declaration of function `m_alloc_clear' memory.c:514: warning: assignment makes pointer from integer without a cast memory.c:517: warning: implicit declaration of function `m_free' memory.c:520: warning: implicit declaration of function `m_alloc' memory.c:520: warning: assignment makes pointer from integer without a cast and Making check in tools make[1]: Entering directory `/root/tmp/gnupg-1.4.3/tools' if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../intl -g -O2 -Wall -MT gpgsplit.o -MD -MP -MF ".deps/gpgsplit.Tpo" -c -o gpgsplit.o gpgsplit.c; \ then mv -f ".deps/gpgsplit.Tpo" ".deps/gpgsplit.Po"; else rm -f ".deps/gpgsplit.Tpo"; exit 1; fi gcc -g -O2 -Wall -o gpgsplit gpgsplit.o ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a -lz ../util/libutil.a(memory.o)(.text+0x2c3): In function `xrealloc': /root/tmp/gnupg-1.4.3/util/memory.c:514: undefined reference to `m_alloc_clear' ../util/libutil.a(memory.o)(.text+0x2e9):/root/tmp/gnupg-1.4.3/util/memory.c:517: undefined reference to `m_free' ../util/libutil.a(memory.o)(.text+0x304):/root/tmp/gnupg-1.4.3/util/memory.c:512: undefined reference to `m_alloc_secure_clear' ../util/libutil.a(memory.o)(.text+0x314):/root/tmp/gnupg-1.4.3/util/memory.c:520: undefined reference to `m_alloc' collect2: ld returned 1 exit status make[1]: *** [gpgsplit] Error 1 make[1]: Leaving directory `/root/tmp/gnupg-1.4.3/tools' make: *** [check-recursive] Error 1 Any ideas? Thanks, Tobias -- Linux inside - Registered Linux User #268912 -------------- next part -------------- Making check in m4 make[1]: Entering directory `/root/tmp/gnupg-1.4.3/m4' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/root/tmp/gnupg-1.4.3/m4' Making check in intl make[1]: Entering directory `/root/tmp/gnupg-1.4.3/intl' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/root/tmp/gnupg-1.4.3/intl' Making check in zlib make[1]: Entering directory `/root/tmp/gnupg-1.4.3/zlib' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/root/tmp/gnupg-1.4.3/zlib' Making check in util make[1]: Entering directory `/root/tmp/gnupg-1.4.3/util' if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT logger.o -MD -MP -MF ".deps/logger.Tpo" -c -o logger.o logger.c; \ then mv -f ".deps/logger.Tpo" ".deps/logger.Po"; else rm -f ".deps/logger.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT fileutil.o -MD -MP -MF ".deps/fileutil.Tpo" -c -o fileutil.o fileutil.c; \ then mv -f ".deps/fileutil.Tpo" ".deps/fileutil.Po"; else rm -f ".deps/fileutil.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT miscutil.o -MD -MP -MF ".deps/miscutil.Tpo" -c -o miscutil.o miscutil.c; \ then mv -f ".deps/miscutil.Tpo" ".deps/miscutil.Po"; else rm -f ".deps/miscutil.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT strgutil.o -MD -MP -MF ".deps/strgutil.Tpo" -c -o strgutil.o strgutil.c; \ then mv -f ".deps/strgutil.Tpo" ".deps/strgutil.Po"; else rm -f ".deps/strgutil.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT ttyio.o -MD -MP -MF ".deps/ttyio.Tpo" -c -o ttyio.o ttyio.c; \ then mv -f ".deps/ttyio.Tpo" ".deps/ttyio.Po"; else rm -f ".deps/ttyio.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT argparse.o -MD -MP -MF ".deps/argparse.Tpo" -c -o argparse.o argparse.c; \ then mv -f ".deps/argparse.Tpo" ".deps/argparse.Po"; else rm -f ".deps/argparse.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT memory.o -MD -MP -MF ".deps/memory.Tpo" -c -o memory.o memory.c; \ then mv -f ".deps/memory.Tpo" ".deps/memory.Po"; else rm -f ".deps/memory.Tpo"; exit 1; fi memory.c: In function `xrealloc': memory.c:512: warning: implicit declaration of function `m_alloc_secure_clear' memory.c:512: warning: assignment makes pointer from integer without a cast memory.c:514: warning: implicit declaration of function `m_alloc_clear' memory.c:514: warning: assignment makes pointer from integer without a cast memory.c:517: warning: implicit declaration of function `m_free' memory.c:520: warning: implicit declaration of function `m_alloc' memory.c:520: warning: assignment makes pointer from integer without a cast if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT secmem.o -MD -MP -MF ".deps/secmem.Tpo" -c -o secmem.o secmem.c; \ then mv -f ".deps/secmem.Tpo" ".deps/secmem.Po"; else rm -f ".deps/secmem.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT errors.o -MD -MP -MF ".deps/errors.Tpo" -c -o errors.o errors.c; \ then mv -f ".deps/errors.Tpo" ".deps/errors.Po"; else rm -f ".deps/errors.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT iobuf.o -MD -MP -MF ".deps/iobuf.Tpo" -c -o iobuf.o iobuf.c; \ then mv -f ".deps/iobuf.Tpo" ".deps/iobuf.Po"; else rm -f ".deps/iobuf.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT dotlock.o -MD -MP -MF ".deps/dotlock.Tpo" -c -o dotlock.o dotlock.c; \ then mv -f ".deps/dotlock.Tpo" ".deps/dotlock.Po"; else rm -f ".deps/dotlock.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT http.o -MD -MP -MF ".deps/http.Tpo" -c -o http.o http.c; \ then mv -f ".deps/http.Tpo" ".deps/http.Po"; else rm -f ".deps/http.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT pka.o -MD -MP -MF ".deps/pka.Tpo" -c -o pka.o pka.c; \ then mv -f ".deps/pka.Tpo" ".deps/pka.Po"; else rm -f ".deps/pka.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT membuf.o -MD -MP -MF ".deps/membuf.Tpo" -c -o membuf.o membuf.c; \ then mv -f ".deps/membuf.Tpo" ".deps/membuf.Po"; else rm -f ".deps/membuf.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT cert.o -MD -MP -MF ".deps/cert.Tpo" -c -o cert.o cert.c; \ then mv -f ".deps/cert.Tpo" ".deps/cert.Po"; else rm -f ".deps/cert.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT assuan-buffer.o -MD -MP -MF ".deps/assuan-buffer.Tpo" -c -o assuan-buffer.o assuan-buffer.c; \ then mv -f ".deps/assuan-buffer.Tpo" ".deps/assuan-buffer.Po"; else rm -f ".deps/assuan-buffer.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT assuan-client.o -MD -MP -MF ".deps/assuan-client.Tpo" -c -o assuan-client.o assuan-client.c; \ then mv -f ".deps/assuan-client.Tpo" ".deps/assuan-client.Po"; else rm -f ".deps/assuan-client.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT assuan-errors.o -MD -MP -MF ".deps/assuan-errors.Tpo" -c -o assuan-errors.o assuan-errors.c; \ then mv -f ".deps/assuan-errors.Tpo" ".deps/assuan-errors.Po"; else rm -f ".deps/assuan-errors.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT assuan-logging.o -MD -MP -MF ".deps/assuan-logging.Tpo" -c -o assuan-logging.o assuan-logging.c; \ then mv -f ".deps/assuan-logging.Tpo" ".deps/assuan-logging.Po"; else rm -f ".deps/assuan-logging.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT assuan-socket-connect.o -MD -MP -MF ".deps/assuan-socket-connect.Tpo" -c -o assuan-socket-connect.o assuan-socket-connect.c; \ then mv -f ".deps/assuan-socket-connect.Tpo" ".deps/assuan-socket-connect.Po"; else rm -f ".deps/assuan-socket-connect.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT assuan-connect.o -MD -MP -MF ".deps/assuan-connect.Tpo" -c -o assuan-connect.o assuan-connect.c; \ then mv -f ".deps/assuan-connect.Tpo" ".deps/assuan-connect.Po"; else rm -f ".deps/assuan-connect.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT assuan-socket.o -MD -MP -MF ".deps/assuan-socket.Tpo" -c -o assuan-socket.o assuan-socket.c; \ then mv -f ".deps/assuan-socket.Tpo" ".deps/assuan-socket.Po"; else rm -f ".deps/assuan-socket.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT assuan-util.o -MD -MP -MF ".deps/assuan-util.Tpo" -c -o assuan-util.o assuan-util.c; \ then mv -f ".deps/assuan-util.Tpo" ".deps/assuan-util.Po"; else rm -f ".deps/assuan-util.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT srv.o -MD -MP -MF ".deps/srv.Tpo" -c -o srv.o srv.c; \ then mv -f ".deps/srv.Tpo" ".deps/srv.Po"; else rm -f ".deps/srv.Tpo"; exit 1; fi rm -f libutil.a ar cru libutil.a logger.o fileutil.o miscutil.o strgutil.o ttyio.o argparse.o memory.o secmem.o errors.o iobuf.o dotlock.o http.o pka.o membuf.o cert.o assuan-buffer.o assuan-client.o assuan-errors.o assuan-logging.o assuan-socket-connect.o assuan-connect.o assuan-socket.o assuan-util.o srv.o ranlib libutil.a make[1]: Leaving directory `/root/tmp/gnupg-1.4.3/util' Making check in mpi make[1]: Entering directory `/root/tmp/gnupg-1.4.3/mpi' if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -MT mpi-add.o -MD -MP -MF ".deps/mpi-add.Tpo" -c -o mpi-add.o mpi-add.c; \ then mv -f ".deps/mpi-add.Tpo" ".deps/mpi-add.Po"; else rm -f ".deps/mpi-add.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -MT mpi-bit.o -MD -MP -MF ".deps/mpi-bit.Tpo" -c -o mpi-bit.o mpi-bit.c; \ then mv -f ".deps/mpi-bit.Tpo" ".deps/mpi-bit.Po"; else rm -f ".deps/mpi-bit.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -MT mpi-cmp.o -MD -MP -MF ".deps/mpi-cmp.Tpo" -c -o mpi-cmp.o mpi-cmp.c; \ then mv -f ".deps/mpi-cmp.Tpo" ".deps/mpi-cmp.Po"; else rm -f ".deps/mpi-cmp.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -MT mpi-div.o -MD -MP -MF ".deps/mpi-div.Tpo" -c -o mpi-div.o mpi-div.c; \ then mv -f ".deps/mpi-div.Tpo" ".deps/mpi-div.Po"; else rm -f ".deps/mpi-div.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -MT mpi-gcd.o -MD -MP -MF ".deps/mpi-gcd.Tpo" -c -o mpi-gcd.o mpi-gcd.c; \ then mv -f ".deps/mpi-gcd.Tpo" ".deps/mpi-gcd.Po"; else rm -f ".deps/mpi-gcd.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -MT mpi-inline.o -MD -MP -MF ".deps/mpi-inline.Tpo" -c -o mpi-inline.o mpi-inline.c; \ then mv -f ".deps/mpi-inline.Tpo" ".deps/mpi-inline.Po"; else rm -f ".deps/mpi-inline.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -MT mpi-inv.o -MD -MP -MF ".deps/mpi-inv.Tpo" -c -o mpi-inv.o mpi-inv.c; \ then mv -f ".deps/mpi-inv.Tpo" ".deps/mpi-inv.Po"; else rm -f ".deps/mpi-inv.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -MT mpi-mul.o -MD -MP -MF ".deps/mpi-mul.Tpo" -c -o mpi-mul.o mpi-mul.c; \ then mv -f ".deps/mpi-mul.Tpo" ".deps/mpi-mul.Po"; else rm -f ".deps/mpi-mul.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -MT mpi-pow.o -MD -MP -MF ".deps/mpi-pow.Tpo" -c -o mpi-pow.o mpi-pow.c; \ then mv -f ".deps/mpi-pow.Tpo" ".deps/mpi-pow.Po"; else rm -f ".deps/mpi-pow.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -MT mpi-mpow.o -MD -MP -MF ".deps/mpi-mpow.Tpo" -c -o mpi-mpow.o mpi-mpow.c; \ then mv -f ".deps/mpi-mpow.Tpo" ".deps/mpi-mpow.Po"; else rm -f ".deps/mpi-mpow.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -MT mpi-scan.o -MD -MP -MF ".deps/mpi-scan.Tpo" -c -o mpi-scan.o mpi-scan.c; \ then mv -f ".deps/mpi-scan.Tpo" ".deps/mpi-scan.Po"; else rm -f ".deps/mpi-scan.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -MT mpicoder.o -MD -MP -MF ".deps/mpicoder.Tpo" -c -o mpicoder.o mpicoder.c; \ then mv -f ".deps/mpicoder.Tpo" ".deps/mpicoder.Po"; else rm -f ".deps/mpicoder.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -MT mpih-cmp.o -MD -MP -MF ".deps/mpih-cmp.Tpo" -c -o mpih-cmp.o mpih-cmp.c; \ then mv -f ".deps/mpih-cmp.Tpo" ".deps/mpih-cmp.Po"; else rm -f ".deps/mpih-cmp.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -MT mpih-div.o -MD -MP -MF ".deps/mpih-div.Tpo" -c -o mpih-div.o mpih-div.c; \ then mv -f ".deps/mpih-div.Tpo" ".deps/mpih-div.Po"; else rm -f ".deps/mpih-div.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -MT mpih-mul.o -MD -MP -MF ".deps/mpih-mul.Tpo" -c -o mpih-mul.o mpih-mul.c; \ then mv -f ".deps/mpih-mul.Tpo" ".deps/mpih-mul.Po"; else rm -f ".deps/mpih-mul.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -MT mpiutil.o -MD -MP -MF ".deps/mpiutil.Tpo" -c -o mpiutil.o mpiutil.c; \ then mv -f ".deps/mpiutil.Tpo" ".deps/mpiutil.Po"; else rm -f ".deps/mpiutil.Tpo"; exit 1; fi gcc -E -I.. -I../include -DHAVE_CONFIG_H mpih-mul1.S | grep -v '^#' > _mpih-mul1.s gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -c _mpih-mul1.s mv -f _mpih-mul1.o mpih-mul1.o gcc -E -I.. -I../include -DHAVE_CONFIG_H mpih-mul2.S | grep -v '^#' > _mpih-mul2.s gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -c _mpih-mul2.s mv -f _mpih-mul2.o mpih-mul2.o gcc -E -I.. -I../include -DHAVE_CONFIG_H mpih-mul3.S | grep -v '^#' > _mpih-mul3.s gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -c _mpih-mul3.s mv -f _mpih-mul3.o mpih-mul3.o gcc -E -I.. -I../include -DHAVE_CONFIG_H mpih-add1.S | grep -v '^#' > _mpih-add1.s gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -c _mpih-add1.s mv -f _mpih-add1.o mpih-add1.o gcc -E -I.. -I../include -DHAVE_CONFIG_H mpih-sub1.S | grep -v '^#' > _mpih-sub1.s gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -c _mpih-sub1.s mv -f _mpih-sub1.o mpih-sub1.o gcc -E -I.. -I../include -DHAVE_CONFIG_H mpih-lshift.S | grep -v '^#' > _mpih-lshift.s gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -c _mpih-lshift.s mv -f _mpih-lshift.o mpih-lshift.o gcc -E -I.. -I../include -DHAVE_CONFIG_H mpih-rshift.S | grep -v '^#' > _mpih-rshift.s gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -c _mpih-rshift.s mv -f _mpih-rshift.o mpih-rshift.o rm -f libmpi.a ar cru libmpi.a mpi-add.o mpi-bit.o mpi-cmp.o mpi-div.o mpi-gcd.o mpi-inline.o mpi-inv.o mpi-mul.o mpi-pow.o mpi-mpow.o mpi-scan.o mpicoder.o mpih-cmp.o mpih-div.o mpih-mul.o mpiutil.o mpih-mul1.o mpih-mul2.o mpih-mul3.o mpih-add1.o mpih-sub1.o mpih-lshift.o mpih-rshift.o ranlib libmpi.a make[1]: Leaving directory `/root/tmp/gnupg-1.4.3/mpi' Making check in cipher make[1]: Entering directory `/root/tmp/gnupg-1.4.3/cipher' if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT cipher.o -MD -MP -MF ".deps/cipher.Tpo" -c -o cipher.o cipher.c; \ then mv -f ".deps/cipher.Tpo" ".deps/cipher.Po"; else rm -f ".deps/cipher.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT pubkey.o -MD -MP -MF ".deps/pubkey.Tpo" -c -o pubkey.o pubkey.c; \ then mv -f ".deps/pubkey.Tpo" ".deps/pubkey.Po"; else rm -f ".deps/pubkey.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT md.o -MD -MP -MF ".deps/md.Tpo" -c -o md.o md.c; \ then mv -f ".deps/md.Tpo" ".deps/md.Po"; else rm -f ".deps/md.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT dynload.o -MD -MP -MF ".deps/dynload.Tpo" -c -o dynload.o dynload.c; \ then mv -f ".deps/dynload.Tpo" ".deps/dynload.Po"; else rm -f ".deps/dynload.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT des.o -MD -MP -MF ".deps/des.Tpo" -c -o des.o des.c; \ then mv -f ".deps/des.Tpo" ".deps/des.Po"; else rm -f ".deps/des.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT twofish.o -MD -MP -MF ".deps/twofish.Tpo" -c -o twofish.o twofish.c; \ then mv -f ".deps/twofish.Tpo" ".deps/twofish.Po"; else rm -f ".deps/twofish.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT blowfish.o -MD -MP -MF ".deps/blowfish.Tpo" -c -o blowfish.o blowfish.c; \ then mv -f ".deps/blowfish.Tpo" ".deps/blowfish.Po"; else rm -f ".deps/blowfish.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT cast5.o -MD -MP -MF ".deps/cast5.Tpo" -c -o cast5.o cast5.c; \ then mv -f ".deps/cast5.Tpo" ".deps/cast5.Po"; else rm -f ".deps/cast5.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT rijndael.o -MD -MP -MF ".deps/rijndael.Tpo" -c -o rijndael.o rijndael.c; \ then mv -f ".deps/rijndael.Tpo" ".deps/rijndael.Po"; else rm -f ".deps/rijndael.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT elgamal.o -MD -MP -MF ".deps/elgamal.Tpo" -c -o elgamal.o elgamal.c; \ then mv -f ".deps/elgamal.Tpo" ".deps/elgamal.Po"; else rm -f ".deps/elgamal.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT rsa.o -MD -MP -MF ".deps/rsa.Tpo" -c -o rsa.o rsa.c; \ then mv -f ".deps/rsa.Tpo" ".deps/rsa.Po"; else rm -f ".deps/rsa.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT primegen.o -MD -MP -MF ".deps/primegen.Tpo" -c -o primegen.o primegen.c; \ then mv -f ".deps/primegen.Tpo" ".deps/primegen.Po"; else rm -f ".deps/primegen.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT random.o -MD -MP -MF ".deps/random.Tpo" -c -o random.o random.c; \ then mv -f ".deps/random.Tpo" ".deps/random.Po"; else rm -f ".deps/random.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT dsa.o -MD -MP -MF ".deps/dsa.Tpo" -c -o dsa.o dsa.c; \ then mv -f ".deps/dsa.Tpo" ".deps/dsa.Po"; else rm -f ".deps/dsa.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT smallprime.o -MD -MP -MF ".deps/smallprime.Tpo" -c -o smallprime.o smallprime.c; \ then mv -f ".deps/smallprime.Tpo" ".deps/smallprime.Po"; else rm -f ".deps/smallprime.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT md5.o -MD -MP -MF ".deps/md5.Tpo" -c -o md5.o md5.c; \ then mv -f ".deps/md5.Tpo" ".deps/md5.Po"; else rm -f ".deps/md5.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT rmd160.o -MD -MP -MF ".deps/rmd160.Tpo" -c -o rmd160.o rmd160.c; \ then mv -f ".deps/rmd160.Tpo" ".deps/rmd160.Po"; else rm -f ".deps/rmd160.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT sha1.o -MD -MP -MF ".deps/sha1.Tpo" -c -o sha1.o sha1.c; \ then mv -f ".deps/sha1.Tpo" ".deps/sha1.Po"; else rm -f ".deps/sha1.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT sha256.o -MD -MP -MF ".deps/sha256.Tpo" -c -o sha256.o sha256.c; \ then mv -f ".deps/sha256.Tpo" ".deps/sha256.Po"; else rm -f ".deps/sha256.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT rndlinux.o -MD -MP -MF ".deps/rndlinux.Tpo" -c -o rndlinux.o rndlinux.c; \ then mv -f ".deps/rndlinux.Tpo" ".deps/rndlinux.Po"; else rm -f ".deps/rndlinux.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT sha512.o -MD -MP -MF ".deps/sha512.Tpo" -c -o sha512.o sha512.c; \ then mv -f ".deps/sha512.Tpo" ".deps/sha512.Po"; else rm -f ".deps/sha512.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT idea-stub.o -MD -MP -MF ".deps/idea-stub.Tpo" -c -o idea-stub.o idea-stub.c; \ then mv -f ".deps/idea-stub.Tpo" ".deps/idea-stub.Po"; else rm -f ".deps/idea-stub.Tpo"; exit 1; fi rm -f libcipher.a ar cru libcipher.a cipher.o pubkey.o md.o dynload.o des.o twofish.o blowfish.o cast5.o rijndael.o elgamal.o rsa.o primegen.o random.o dsa.o smallprime.o md5.o rmd160.o sha1.o sha256.o rndlinux.o sha512.o idea-stub.o ranlib libcipher.a make[1]: Leaving directory `/root/tmp/gnupg-1.4.3/cipher' Making check in tools make[1]: Entering directory `/root/tmp/gnupg-1.4.3/tools' if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../intl -g -O2 -Wall -MT gpgsplit.o -MD -MP -MF ".deps/gpgsplit.Tpo" -c -o gpgsplit.o gpgsplit.c; \ then mv -f ".deps/gpgsplit.Tpo" ".deps/gpgsplit.Po"; else rm -f ".deps/gpgsplit.Tpo"; exit 1; fi gcc -g -O2 -Wall -o gpgsplit gpgsplit.o ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a -lz ../util/libutil.a(memory.o)(.text+0x2c3): In function `xrealloc': /root/tmp/gnupg-1.4.3/util/memory.c:514: undefined reference to `m_alloc_clear' ../util/libutil.a(memory.o)(.text+0x2e9):/root/tmp/gnupg-1.4.3/util/memory.c:517: undefined reference to `m_free' ../util/libutil.a(memory.o)(.text+0x304):/root/tmp/gnupg-1.4.3/util/memory.c:512: undefined reference to `m_alloc_secure_clear' ../util/libutil.a(memory.o)(.text+0x314):/root/tmp/gnupg-1.4.3/util/memory.c:520: undefined reference to `m_alloc' collect2: ld returned 1 exit status make[1]: *** [gpgsplit] Error 1 make[1]: Leaving directory `/root/tmp/gnupg-1.4.3/tools' make: *** [check-recursive] Error 1 From dshaw at jabberwocky.com Mon Apr 3 20:54:22 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Apr 3 20:53:33 2006 Subject: GnuPG 1.4.3 failed to compile In-Reply-To: <20060403164004.GA12672@doczook.de> References: <20060403164004.GA12672@doczook.de> Message-ID: <20060403185422.GB24395@jabberwocky.com> On Mon, Apr 03, 2006 at 06:40:04PM +0200, Tobias Mummert wrote: > Hi, > > Debian vanilla, GCC 3.3.5, Kernel 2.6.16.1: > > memory.c: In function `xrealloc': > memory.c:512: warning: implicit declaration of function `m_alloc_secure_clear' > memory.c:512: warning: assignment makes pointer from integer without a cast > memory.c:514: warning: implicit declaration of function `m_alloc_clear' > memory.c:514: warning: assignment makes pointer from integer without a cast > memory.c:517: warning: implicit declaration of function `m_free' > memory.c:520: warning: implicit declaration of function `m_alloc' > memory.c:520: warning: assignment makes pointer from integer without a cast Looks like you're building with --enable-m-guard. Try turning it off. David From dshaw at jabberwocky.com Tue Apr 4 00:16:25 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Apr 4 00:15:45 2006 Subject: gnupg 1.4.3 build fails @ 'make' on OSX 10.4.5, unless "--disable-nls" In-Reply-To: <44314CB7.9090207@gmail.com> References: <44314CB7.9090207@gmail.com> Message-ID: <20060403221625.GD24395@jabberwocky.com> On Mon, Apr 03, 2006 at 09:26:31AM -0700, OpenMacNews wrote: > hi all. > > 1.4.2 was built/running OK on my OSX 10.4.5. > > attempting the 1.4.3 build ... > > ./configure w/: > > ./configure \ > --prefix=/usr/local \ > --with-readline=/usr/local \ > --with-zlib=/usr/local \ > --with-libcurl=/usr/local/lib > > results in a 'make' fail @: > > ... > Making all in tools > if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../intl > -L/usr/local/include -I/usr/local/include -I/usr/local/include > -I/usr/local/include -g -O2 -Wall -Wno-pointer-sign -MT gpgsplit.o -MD > -MP -MF ".deps/gpgsplit.Tpo" -c -o gpgsplit.o gpgsplit.c; \ > then mv -f ".deps/gpgsplit.Tpo" ".deps/gpgsplit.Po"; else rm -f > ".deps/gpgsplit.Tpo"; exit 1; fi > gcc -g -O2 -Wall -Wno-pointer-sign -L/usr/local/lib -lreadline -lpcre > -L/usr/local/lib -L/usr/local/lib -o gpgsplit gpgsplit.o > ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a -liconv -lintl > -liconv -lc -lz -lbz2 > /usr/bin/ld: multiple definitions of symbol _xfree > /usr/local/lib/libreadline.dylib(xmalloc.so) definition of _xfree > ../util/libutil.a(memory.o) definition of _xfree in section (__TEXT,__text) > /usr/bin/ld: multiple definitions of symbol _xmalloc > /usr/local/lib/libreadline.dylib(xmalloc.so) definition of _xmalloc > ../util/libutil.a(memory.o) definition of _xmalloc in section > (__TEXT,__text) > /usr/bin/ld: multiple definitions of symbol _xrealloc > /usr/local/lib/libreadline.dylib(xmalloc.so) definition of _xrealloc > ../util/libutil.a(memory.o) definition of _xrealloc in section > (__TEXT,__text) > /usr/bin/ld: warning multiple definitions of symbol _locale_charset > /usr/lib/gcc/powerpc-apple-darwin8/4.0.1/../../../libiconv.dylib(localcharset.o) > definition of _locale_charset > /usr/local/lib/libintl.dylib(localcharset.o) definition of _locale_charset This one doesn't seem related to GnuPG: you installed a a new gettext and it's conflicting with the Apple-shipped iconv. What happens if you build with --with-included-gettext ? David From openmacnews at gmail.com Tue Apr 4 01:20:43 2006 From: openmacnews at gmail.com (OpenMacNews) Date: Tue Apr 4 01:20:00 2006 Subject: gnupg 1.4.3 build fails @ 'make' on OSX 10.4.5, unless "--disable-nls" In-Reply-To: <20060403221625.GD24395@jabberwocky.com> References: <44314CB7.9090207@gmail.com> <20060403221625.GD24395@jabberwocky.com> Message-ID: <4431ADCB.7050408@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 david, and a little more info ... per request: > What happens if you build with --with-included-gettext ? configuring 143 as: ./configure \ --prefix=/usr/local/gpg143 \ --with-readline=/usr/local \ --with-zlib=/usr/local \ --with-libcurl=/usr/local/lib \ --with-included-gettext also fails @: ... Making all in tools if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../intl - -L/usr/local/include -I/usr/local/include -I/usr/local/include -g -O2 - -Wall -Wno-pointer-sign -MT gpgsplit.o -MD -MP -MF ".deps/gpgsplit.Tpo" - -c -o gpgsplit.o gpgsplit.c; \ then mv -f ".deps/gpgsplit.Tpo" ".deps/gpgsplit.Po"; else rm -f ".deps/gpgsplit.Tpo"; exit 1; fi gcc -g -O2 -Wall -Wno-pointer-sign -L/usr/local/lib -lreadline -lpcre - -L/usr/local/lib -L/usr/local/lib -o gpgsplit gpgsplit.o ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a -liconv ../intl/libintl.a -liconv -lz -lbz2 /usr/bin/ld: multiple definitions of symbol _xfree /usr/local/lib/libreadline.dylib(xmalloc.so) definition of _xfree ../util/libutil.a(memory.o) definition of _xfree in section (__TEXT,__text) /usr/bin/ld: multiple definitions of symbol _xmalloc /usr/local/lib/libreadline.dylib(xmalloc.so) definition of _xmalloc ../util/libutil.a(memory.o) definition of _xmalloc in section (__TEXT,__text) /usr/bin/ld: multiple definitions of symbol _xrealloc /usr/local/lib/libreadline.dylib(xmalloc.so) definition of _xrealloc ../util/libutil.a(memory.o) definition of _xrealloc in section (__TEXT,__text) collect2: ld returned 1 exit status make[2]: *** [gpgsplit] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 - -- /"\ \ / ASCII Ribbon Campaign X against HTML email, vCards / \ & micro$oft attachments [GPG] OpenMacNews at gmail dot com fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (Darwin) iEYEAREDAAYFAkQxrcoACgkQlffdvTZxCMbPuQCeO06+IfaT/HzksBEksXTIjRM3 VFwAn2Iz5eo581L6/TO45q2LELbWcsKH =7aAx -----END PGP SIGNATURE----- From openmacnews at gmail.com Tue Apr 4 01:07:49 2006 From: openmacnews at gmail.com (OpenMacNews) Date: Tue Apr 4 02:11:09 2006 Subject: gnupg 1.4.3 build fails @ 'make' on OSX 10.4.5, unless "--disable-nls" In-Reply-To: <20060403221625.GD24395@jabberwocky.com> References: <44314CB7.9090207@gmail.com> <20060403221625.GD24395@jabberwocky.com> Message-ID: <4431AAC5.305@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 hi david, >> 1.4.2 was built/running OK on my OSX 10.4.5. >> >> attempting the 1.4.3 build ... >> >> ./configure w/: >> >> ./configure \ >> --prefix=/usr/local \ >> --with-readline=/usr/local \ >> --with-zlib=/usr/local \ >> --with-libcurl=/usr/local/lib >> >> results in a 'make' fail @: >> >> ... >> Making all in tools >> if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../intl >> -L/usr/local/include -I/usr/local/include -I/usr/local/include >> -I/usr/local/include -g -O2 -Wall -Wno-pointer-sign -MT gpgsplit.o -MD >> -MP -MF ".deps/gpgsplit.Tpo" -c -o gpgsplit.o gpgsplit.c; \ >> then mv -f ".deps/gpgsplit.Tpo" ".deps/gpgsplit.Po"; else rm -f >> ".deps/gpgsplit.Tpo"; exit 1; fi >> gcc -g -O2 -Wall -Wno-pointer-sign -L/usr/local/lib -lreadline -lpcre >> -L/usr/local/lib -L/usr/local/lib -o gpgsplit gpgsplit.o >> ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a -liconv -lintl >> -liconv -lc -lz -lbz2 >> /usr/bin/ld: multiple definitions of symbol _xfree >> /usr/local/lib/libreadline.dylib(xmalloc.so) definition of _xfree >> ../util/libutil.a(memory.o) definition of _xfree in section (__TEXT,__text) >> /usr/bin/ld: multiple definitions of symbol _xmalloc >> /usr/local/lib/libreadline.dylib(xmalloc.so) definition of _xmalloc >> ../util/libutil.a(memory.o) definition of _xmalloc in section >> (__TEXT,__text) >> /usr/bin/ld: multiple definitions of symbol _xrealloc >> /usr/local/lib/libreadline.dylib(xmalloc.so) definition of _xrealloc >> ../util/libutil.a(memory.o) definition of _xrealloc in section >> (__TEXT,__text) >> /usr/bin/ld: warning multiple definitions of symbol _locale_charset >> /usr/lib/gcc/powerpc-apple-darwin8/4.0.1/../../../libiconv.dylib(localcharset.o) >> definition of _locale_charset >> /usr/local/lib/libintl.dylib(localcharset.o) definition of _locale_charset > > This one doesn't seem related to GnuPG: you installed a a new gettext > and it's conflicting with the Apple-shipped iconv. well, not exactly ... yes i see the conflict, but no, i did not install a 'new' gettext ... its' the same one i've built 1.4.2.2 against. > What happens if you build with --with-included-gettext ? have not tried as yet, as it is/was working w/ 1.4.2.2: otool -L /usr/local/bin/gpg /usr/local/lib/libreadline.5.1.dylib (compatibility version 5.0.0, current version 5.1.0) /usr/local/lib/libpcre.0.dylib (compatibility version 1.0.0, current version 1.1.0) /usr/lib/libiconv.2.dylib (compatibility version 5.0.0, current version 5.0.0) /usr/local/lib/libintl.3.dylib (compatibility version 8.0.0, current version 8.3.0) /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 88.1.5) /usr/local/lib/libz.1.dylib (compatibility version 1.0.0, current version 1.2.3) /usr/lib/libbz2.1.0.dylib (compatibility version 1.0.0, current version 1.0.2) /usr/local/lib/libusb-0.1.4.dylib (compatibility version 9.0.0, current version 9.4.0) /usr/local/lib/libcurl.3.dylib (compatibility version 4.0.0, current version 4.0.0) /usr/local/lib/libidn.11.dylib (compatibility version 17.0.0, current version 17.17.0) /usr/local/ssl/lib/libssl.0.9.7.dylib (compatibility version 0.9.0, current version 0.9.7) /usr/local/ssl/lib/libcrypto.0.9.7.dylib (compatibility version 0.9.0, current version 0.9.7) /usr/lib/libgcc_s.1.dylib (compatibility version 1.0.0, current version 1.0.0) richard - -- /"\ \ / ASCII Ribbon Campaign X against HTML email, vCards / \ & micro$oft attachments [GPG] OpenMacNews at gmail dot com fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (Darwin) iEYEAREDAAYFAkQxqsUACgkQlffdvTZxCMbaLwCfetE2xRDKXWJqlAObLsaD3OhR rocAoLq228yqLnWARSDopomLAHrBxS/A =qme/ -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Tue Apr 4 03:03:22 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Apr 4 03:02:40 2006 Subject: gnupg 1.4.3 build fails @ 'make' on OSX 10.4.5, unless "--disable-nls" In-Reply-To: <4431AAC5.305@gmail.com> References: <44314CB7.9090207@gmail.com> <20060403221625.GD24395@jabberwocky.com> <4431AAC5.305@gmail.com> Message-ID: <20060404010322.GA25488@jabberwocky.com> On Mon, Apr 03, 2006 at 04:07:49PM -0700, OpenMacNews wrote: > >> gcc -g -O2 -Wall -Wno-pointer-sign -L/usr/local/lib -lreadline -lpcre > >> -L/usr/local/lib -L/usr/local/lib -o gpgsplit gpgsplit.o > >> ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a -liconv -lintl > >> -liconv -lc -lz -lbz2 > >> /usr/bin/ld: multiple definitions of symbol _xfree > >> /usr/local/lib/libreadline.dylib(xmalloc.so) definition of _xfree > >> ../util/libutil.a(memory.o) definition of _xfree in section (__TEXT,__text) > >> /usr/bin/ld: multiple definitions of symbol _xmalloc > >> /usr/local/lib/libreadline.dylib(xmalloc.so) definition of _xmalloc > >> ../util/libutil.a(memory.o) definition of _xmalloc in section > >> (__TEXT,__text) > >> /usr/bin/ld: multiple definitions of symbol _xrealloc > >> /usr/local/lib/libreadline.dylib(xmalloc.so) definition of _xrealloc > >> ../util/libutil.a(memory.o) definition of _xrealloc in section > >> (__TEXT,__text) > >> /usr/bin/ld: warning multiple definitions of symbol _locale_charset > >> /usr/lib/gcc/powerpc-apple-darwin8/4.0.1/../../../libiconv.dylib(localcharset.o) > >> definition of _locale_charset > >> /usr/local/lib/libintl.dylib(localcharset.o) definition of _locale_charset > > > > This one doesn't seem related to GnuPG: you installed a a new gettext > > and it's conflicting with the Apple-shipped iconv. > > well, not exactly ... yes i see the conflict, but no, i did not install > a 'new' gettext ... its' the same one i've built 1.4.2.2 against. It was just luck that 1.4.3 triggers the failure and 1.4.2 doesn't. The code in 1.4.3 is legal. Your library setup seems not to be. I have a Tiger box and 1.4.3 builds fine. Even if I add readline, it still builds fine. Maybe go to the Apple site and download the latest build environment? Aside from that, I'm not sure what to suggest to you aside from building without your added readline or with --disable-nls, or maybe with --disable-gnupg-iconv David From openmacnews at gmail.com Tue Apr 4 03:26:28 2006 From: openmacnews at gmail.com (OpenMacNews) Date: Tue Apr 4 03:25:43 2006 Subject: gnupg 1.4.3 build fails @ 'make' on OSX 10.4.5, unless "--disable-nls" In-Reply-To: <20060404010322.GA25488@jabberwocky.com> References: <44314CB7.9090207@gmail.com> <20060403221625.GD24395@jabberwocky.com> <4431AAC5.305@gmail.com> <20060404010322.GA25488@jabberwocky.com> Message-ID: <4431CB44.3010703@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 hi david, > It was just luck that 1.4.3 triggers the failure and 1.4.2 doesn't. > The code in 1.4.3 is legal. Your library setup seems not to be. > I have a Tiger box and 1.4.3 builds fine. Even if I add readline, it > still builds fine. Maybe go to the Apple site and download the latest > build environment? Aside from that, I'm not sure what to suggest to > you aside from building without your added readline or with > --disable-nls, or maybe with --disable-gnupg-iconv thx for your insights. odd, tho, as i routinely use gettext & readline across *dozens* of other builds/apps/etc, with nary a problem ... even with gpg for ages (lucky' tho i may have been ...) as for the build environment, mine's not simply up to date with apple's latest (it is), but further, in keeping with most upt-to-date app/tool releases. i kinda doubt 'too old' is the problem ... i guess i'll be sticking with stable 1.4.2.2 for now. thx again! cheers, richard - -- /"\ \ / ASCII Ribbon Campaign X against HTML email, vCards / \ & micro$oft attachments [GPG] OpenMacNews at gmail dot com fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (Darwin) iEYEAREDAAYFAkQxy0QACgkQlffdvTZxCMbSxACfThWmPE6kr9nGXLu2+gcMIo1P 1wYAoIp5EQN3J1XuX8tuu3/Sx8tSQZQm =34DK -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Tue Apr 4 05:14:27 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Apr 4 05:14:04 2006 Subject: renewing of expired signatures In-Reply-To: <200603292358.22537.pg@futureware.at> References: <200603292358.22537.pg@futureware.at> Message-ID: <20060404031427.GB25305@jabberwocky.com> On Wed, Mar 29, 2006 at 11:58:19PM +0200, Philipp G?hring wrote: > Hi, > > GnuPG has problems renewing expired signatures on keys, when the old signature > (that already expired) is still on the key. The old expired signature is > still on the key, and a new signature isn?t done when trying to renew it. > The workaround is to manually remove the old signature before creating a new > signature. > > Is this a bug or an intended feature? It depends on what version of GnuPG you are talking about. For over two years now, (since version 1.3.3 in October 2003), GnuPG will prompt you with: Your current signature on "(whatever)" has expired. Do you want to issue a new signature to replace the expired one? (y/N) David From doczook at doczook.de Tue Apr 4 07:17:46 2006 From: doczook at doczook.de (Tobias Mummert) Date: Tue Apr 4 08:56:26 2006 Subject: GnuPG 1.4.3 failed to compile In-Reply-To: <20060403185422.GB24395@jabberwocky.com> References: <20060403164004.GA12672@doczook.de> <20060403185422.GB24395@jabberwocky.com> Message-ID: <20060404051746.GA31799@doczook.de> * David Shaw [2006-04-03 20:54 CEST]: > On Mon, Apr 03, 2006 at 06:40:04PM +0200, Tobias Mummert wrote: > > Hi, > > > > Debian vanilla, GCC 3.3.5, Kernel 2.6.16.1: > > > > memory.c: In function `xrealloc': > > memory.c:512: warning: implicit declaration of function `m_alloc_secure_clear' > > memory.c:512: warning: assignment makes pointer from integer without a cast > > memory.c:514: warning: implicit declaration of function `m_alloc_clear' > > memory.c:514: warning: assignment makes pointer from integer without a cast > > memory.c:517: warning: implicit declaration of function `m_free' > > memory.c:520: warning: implicit declaration of function `m_alloc' > > memory.c:520: warning: assignment makes pointer from integer without a cast > > Looks like you're building with --enable-m-guard. Try turning it off. Thanks! Now it works. BTW: Under kernel 2.6.15.7 it works with this option... Tobias -- "You've got to ask yourself one question: Do I feel lucky? Well do ya punk?" - Clint Eastwood (Dirty Harry) From peter at palfrader.org Tue Apr 4 20:25:01 2006 From: peter at palfrader.org (Peter Palfrader) Date: Tue Apr 4 20:24:19 2006 Subject: dns cert support (was: GnuPG 1.4.3 released) In-Reply-To: <87lkum26xw.fsf@wheatstone.g10code.de> References: <87lkum26xw.fsf@wheatstone.g10code.de> Message-ID: <20060404182501.GP32646@asteria.noreply.org> On Mon, 03 Apr 2006, Werner Koch wrote: > * New auto-key-locate option that takes an ordered list of methods > to locate a key if it is not available at encryption time (-r or > --recipient). Possible methods include "cert" (use DNS CERT as > per RFC2538bis, "pka" (use DNS PKA), "ldap" (consult the LDAP > server for the domain in question), "keyserver" (use the > currently defined keyserver), as well as arbitrary keyserver > URIs that will be contacted for the key. > > * Able to retrieve keys using DNS CERT records as per RFC-2538bis > (currently in draft): http://www.josefsson.org/rfc2538bis How would I try to retrieve the key for peter@palfrader.org from DNS[1] using GnuPG's command line, other than simulating an encryption (like in gpg --auto-key-locate cert --recipient peter@palfrader.org --encrypt) to the user in question? Also, is there a tool that produces a snippet which is ready for inclusion into a zone file anywhere? Something similar to ssh-keygen for SSHFP RRs: weasel@galaxy:~$ ssh-keygen -r galaxy -f /etc/ssh/ssh_host_rsa_key -g galaxy IN TYPE44 \# 22 01 01 40cc5559546421d15fe9c1064713636a02373ad2 weasel@galaxy:~$ ssh-keygen -r galaxy -f /etc/ssh/ssh_host_rsa_key galaxy IN SSHFP 1 1 40cc5559546421d15fe9c1064713636a02373ad2 Cheers, Peter 1. no, peter.palfrader.org. does not yet have a RR of type 37 From jkaye at celerasystems.com Tue Apr 4 19:21:02 2006 From: jkaye at celerasystems.com (anglotiger) Date: Tue Apr 4 20:31:46 2006 Subject: PGP Encryption Problem Message-ID: <3748759.post@talk.nabble.com> Hi all, Newbie here, so please forgive me if this is common knowledge, but this problem is somewhat pressing... I have created a key with GnuPG. I have exchanged keys and fingerprints with someone using PGP 6.5. I can encrypt files and send them, and they can decrypt them. But when they try to encrypt a file to send to me, they have a problem with my key: sig? 0x00000000 (Unknown signator, can't be checked) This sounds like the key is unsigned, but I thought it was signed by default with the --gen-key. When I try to edit the key, it tells me: "my key ID here" was already signed by key C4BB37C2 Nothing to sign with key C4BB37C2 In fact, when I create and send a new key, they try to import it and see the following: Looking for new keys... DSS 1024 0xFBE42E2A 2006/03/31 keyfile contains 1 new keys. Add these keys to keyring ''? (Y/n) Y Keyfile contains: 1 new key(s) One or more of the new keys are not fully certified. Do you want to certify any of these keys yourself (y/N)? y Key for user ID: 1024-bit DSS key, Key ID 0xFBE42E2A, created 2006/03/31 Users cannot encrypt to this key. Any thoughts/advice/instruction would be extremely welcome... Thanks. -- View this message in context: http://www.nabble.com/PGP-Encryption-Problem-t1394352.html#a3748759 Sent from the GnuPG - User forum at Nabble.com. From jkaye at celerasystems.com Tue Apr 4 19:21:02 2006 From: jkaye at celerasystems.com (anglotiger) Date: Tue Apr 4 20:56:09 2006 Subject: PGP Encryption Problem Message-ID: <3748759.post@talk.nabble.com> Hi all, Newbie here, so please forgive me if this is common knowledge, but this problem is somewhat pressing... I have created a key with GnuPG. I have exchanged keys and fingerprints with someone using PGP 6.5. I can encrypt files and send them, and they can decrypt them. But when they try to encrypt a file to send to me, they have a problem with my key: sig? 0x00000000 (Unknown signator, can't be checked) This sounds like the key is unsigned, but I thought it was signed by default with the --gen-key. When I try to edit the key, it tells me: "my key ID here" was already signed by key C4BB83C2 Nothing to sign with key C4BB37C2 In fact, when I create and send a new key, they try to import it and see the following: Looking for new keys... DSS 1024 0xFBE42E2A 2006/03/31 keyfile contains 1 new keys. Add these keys to keyring ''? (Y/n) Y Keyfile contains: 1 new key(s) One or more of the new keys are not fully certified. Do you want to certify any of these keys yourself (y/N)? y Key for user ID: 1024-bit DSS key, Key ID 0xFBE42E2A, created 2006/03/31 Users cannot encrypt to this key. Any thoughts/advice/instruction would be extremely welcome... Thanks. -- View this message in context: http://www.nabble.com/PGP-Encryption-Problem-t1394352.html#a3748759 Sent from the GnuPG - User forum at Nabble.com. From dshaw at jabberwocky.com Tue Apr 4 23:57:07 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Apr 4 23:56:31 2006 Subject: dns cert support (was: GnuPG 1.4.3 released) In-Reply-To: <20060404182501.GP32646@asteria.noreply.org> References: <87lkum26xw.fsf@wheatstone.g10code.de> <20060404182501.GP32646@asteria.noreply.org> Message-ID: <20060404215707.GB31590@jabberwocky.com> On Tue, Apr 04, 2006 at 08:25:01PM +0200, Peter Palfrader wrote: > On Mon, 03 Apr 2006, Werner Koch wrote: > > > * New auto-key-locate option that takes an ordered list of methods > > to locate a key if it is not available at encryption time (-r or > > --recipient). Possible methods include "cert" (use DNS CERT as > > per RFC2538bis, "pka" (use DNS PKA), "ldap" (consult the LDAP > > server for the domain in question), "keyserver" (use the > > currently defined keyserver), as well as arbitrary keyserver > > URIs that will be contacted for the key. > > > > * Able to retrieve keys using DNS CERT records as per RFC-2538bis > > (currently in draft): http://www.josefsson.org/rfc2538bis > > How would I try to retrieve the key for peter@palfrader.org from DNS[1] > using GnuPG's command line, other than simulating an encryption (like in > gpg --auto-key-locate cert --recipient peter@palfrader.org --encrypt) > to the user in question? While you could try and do some magic with piping the output of dig into a script, at the moment, simulating an encryption is the only easy way to do it directly from GnuPG. I do plan to have a --locate-keys command to do this in the next version; I just didn't want to delay the 1.4.3 release any further. > Also, is there a tool that produces a snippet which is ready for > inclusion into a zone file anywhere? Something similar to ssh-keygen > for SSHFP RRs: > weasel@galaxy:~$ ssh-keygen -r galaxy -f /etc/ssh/ssh_host_rsa_key -g > galaxy IN TYPE44 \# 22 01 01 40cc5559546421d15fe9c1064713636a02373ad2 > weasel@galaxy:~$ ssh-keygen -r galaxy -f /etc/ssh/ssh_host_rsa_key > galaxy IN SSHFP 1 1 40cc5559546421d15fe9c1064713636a02373ad2 Good idea. I just checked one in to the GnuPG SVN. David From arildbjork at yahoo.no Wed Apr 5 08:47:35 2006 From: arildbjork at yahoo.no (Arild Bjørk) Date: Wed Apr 5 08:47:59 2006 Subject: gpg-zip? Message-ID: <20060405064735.37663.qmail@web26202.mail.ukl.yahoo.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In news.txt there is a reference to gpg-zip: * Added "gpg-zip", a program to create encrypted archives that can interoperate with PGP Zip. I've searched the manual and the installation path for gnupg for Windows and I can't find the program or find it mentioned in the manual. Why isn't it included in the Windows version? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) - GPGshell v3.50 iEYEARECAAYFAkQzaAEACgkQn1hjZcCMxG2WBwCfU7JpYZgOmcMZWYHlGXPaVZ4B evYAnjgdWS2DvJqzV9kbX4xGu0zkcVDB =7AX/ -----END PGP SIGNATURE----- From gnupg-users=gnupg.org at lists.palfrader.org Wed Apr 5 10:02:28 2006 From: gnupg-users=gnupg.org at lists.palfrader.org (Peter Palfrader) Date: Wed Apr 5 10:02:34 2006 Subject: dns cert support In-Reply-To: <20060404215707.GB31590@jabberwocky.com> References: <87lkum26xw.fsf@wheatstone.g10code.de> <20060404182501.GP32646@asteria.noreply.org> <20060404215707.GB31590@jabberwocky.com> Message-ID: <20060405080228.GQ32646@asteria.noreply.org> On Tue, 04 Apr 2006, David Shaw wrote: > > Also, is there a tool that produces a snippet which is ready for > > inclusion into a zone file anywhere? Something similar to ssh-keygen > > for SSHFP RRs: > > weasel@galaxy:~$ ssh-keygen -r galaxy -f /etc/ssh/ssh_host_rsa_key -g > > galaxy IN TYPE44 \# 22 01 01 40cc5559546421d15fe9c1064713636a02373ad2 > > weasel@galaxy:~$ ssh-keygen -r galaxy -f /etc/ssh/ssh_host_rsa_key > > galaxy IN SSHFP 1 1 40cc5559546421d15fe9c1064713636a02373ad2 > > Good idea. I just checked one in to the GnuPG SVN. It seems it considers whitespace part of the fpr when creating IPGP data. For instance: | weasel@galaxy:~/local/src/gnupg/gnupg14/tools$ ./make-dns-cert -f '5B00 C96D 5D54 AEE1 206B AF84 DE7A AF6E 94C0 9C7F' -n foo | foo TYPE37 \# 31 0006 0000 00 19 5B00 C96D 5D54 AEE1 206B AF84 DE7A AF6E 94C0 9C7F ^^ | weasel@galaxy:~/local/src/gnupg/gnupg14/tools$ ./make-dns-cert -f '5B00 C96D 5D54 AEE1 206B AF84 DE7A AF6E94C09C7F' -n foo | foo TYPE37 \# 30 0006 0000 00 18 5B00 C96D 5D54 AEE1 206B AF84 DE7A AF6E94C09C7F ^^ It should just ignore whitespace when counting fingerprint length. | ./make-dns-cert -f '5B00 C96D 5D54 AEE1 206B AF84 DE7A AF6E94C09C7F' -n foo | foo TYPE37 \# 26 0006 0000 00 14 5B00 C96D 5D54 AEE1 206B AF84 DE7A AF6E94C09C7F This should fix it: Index: make-dns-cert.c =================================================================== --- make-dns-cert.c (revision 4091) +++ make-dns-cert.c (working copy) @@ -24,6 +24,7 @@ #ifdef HAVE_GETOPT_H #include #endif +#include #include #include #include @@ -97,7 +98,20 @@ if(fpr) { - fprlen=strlen(fpr); + const char *tmp = fpr; + while (*tmp) + { + if (isxdigit(*tmp)) + { + fprlen++; + } + else if (!isspace(*tmp)) + { + printf("Fingerprint must consist of only hex digits (and whitespace)\n"); + return 1; + } + tmp++; + } if(fprlen%2) { printf("Fingerprint must be an even number of characters\n"); And a second patch that uses stderr for errors on top of this one: --- make-dns-cert.c.orig 2006-04-05 09:57:48.725050937 +0200 +++ make-dns-cert.c 2006-04-05 10:00:23.675749478 +0200 @@ -45,20 +45,20 @@ fd=open(keyfile,O_RDONLY); if(fd==-1) { - printf("Cannot open key file %s: %s\n",keyfile,strerror(errno)); + fprintf(stderr, "Cannot open key file %s: %s\n",keyfile,strerror(errno)); return 1; } err=fstat(fd,&statbuf); if(err==-1) { - printf("Unable to stat key file %s: %s\n",keyfile,strerror(errno)); + fprintf(stderr, "Unable to stat key file %s: %s\n",keyfile,strerror(errno)); goto fail; } if(statbuf.st_size>32768) { - printf("Key %s too large for CERT encoding\n",keyfile); + fprintf(stderr, "Key %s too large for CERT encoding\n",keyfile); goto fail; } @@ -73,7 +73,7 @@ err=read(fd,buffer,1024); if(err==-1) { - printf("Unable to read key file %s: %s\n",keyfile,strerror(errno)); + fprintf(stderr, "Unable to read key file %s: %s\n",keyfile,strerror(errno)); goto fail; } @@ -107,14 +107,14 @@ } else if (!isspace(*tmp)) { - printf("Fingerprint must consist of only hex digits (and whitespace)\n"); + fprintf(stderr, "Fingerprint must consist of only hex digits (and whitespace)\n"); return 1; } tmp++; } if(fprlen%2) { - printf("Fingerprint must be an even number of characters\n"); + fprintf(stderr, "Fingerprint must be an even number of characters\n"); return 1; } @@ -127,7 +127,7 @@ if(!fpr && !url) { - printf("Cannot generate a CERT without either a fingerprint or URL\n"); + fprintf(stderr, "Cannot generate a CERT without either a fingerprint or URL\n"); return 1; } @@ -150,13 +150,13 @@ } static void -usage(void) +usage(FILE *f) { - printf("make-dns-cert\n"); - printf("\t-f\tfingerprint\n"); - printf("\t-u\tURL\n"); - printf("\t-k\tkey file\n"); - printf("\t-n\tDNS name\n"); + fprintf(f, "make-dns-cert\n"); + fprintf(f, "\t-f\tfingerprint\n"); + fprintf(f, "\t-u\tURL\n"); + fprintf(f, "\t-k\tkey file\n"); + fprintf(f, "\t-n\tDNS name\n"); } int @@ -167,7 +167,7 @@ if(argc==1) { - usage(); + usage(stderr); return 0; } else if(argc>1 && strcmp(argv[1],"--version")==0) @@ -177,7 +177,7 @@ } else if(argc>1 && strcmp(argv[1],"--help")==0) { - usage(); + usage(stdout); return 0; } @@ -186,7 +186,7 @@ { default: case 'h': - usage(); + usage(stdout); exit(0); case 'f': @@ -208,14 +208,14 @@ if(!name) { - printf("No name provided\n"); + fprintf(stderr, "No name provided\n"); return 1; } if(keyfile && (fpr || url)) { - printf("Cannot generate a CERT record with both a keyfile and" - " a fingerprint or URL\n"); + fprintf(stderr, "Cannot generate a CERT record with both a" + " keyfile and a fingerprint or URL\n"); return 1; } From wk at gnupg.org Wed Apr 5 11:11:07 2006 From: wk at gnupg.org (Werner Koch) Date: Wed Apr 5 11:16:49 2006 Subject: gpg-zip? In-Reply-To: <20060405064735.37663.qmail@web26202.mail.ukl.yahoo.com> (arildbjork@yahoo.no's message of "Tue, 4 Apr 2006 23:47:35 -0700 (PDT)") References: <20060405064735.37663.qmail@web26202.mail.ukl.yahoo.com> Message-ID: <87vetojsk4.fsf@wheatstone.g10code.de> On Tue, 4 Apr 2006 23:47:35 -0700 (PDT), Bj?rk said: > I've searched the manual and the installation path for gnupg for > Windows and I can't find the program or find it mentioned in the > manual. Why isn't it included in the Windows version? Because it won't work with Windows. It requires a Bourne shell and the tar tool - this is not available under Windows. Shalom-Salam, Werner From wk at gnupg.org Wed Apr 5 11:15:54 2006 From: wk at gnupg.org (Werner Koch) Date: Wed Apr 5 11:21:53 2006 Subject: dns cert support In-Reply-To: <20060405080228.GQ32646@asteria.noreply.org> (Peter Palfrader's message of "Wed, 5 Apr 2006 10:02:28 +0200") References: <87lkum26xw.fsf@wheatstone.g10code.de> <20060404182501.GP32646@asteria.noreply.org> <20060404215707.GB31590@jabberwocky.com> <20060405080228.GQ32646@asteria.noreply.org> Message-ID: <87r74cjsc5.fsf@wheatstone.g10code.de> On Wed, 5 Apr 2006 10:02:28 +0200, Peter Palfrader said: > + const char *tmp = fpr; > + while (*tmp) > + { > + if (isxdigit(*tmp)) Will segv on many non-glibc systems if you pass non-ascii characters to it. Never ever use isfoo functions without additional checks. Salam-Shalom, Werner From gnupg-users=gnupg.org at lists.palfrader.org Wed Apr 5 12:06:04 2006 From: gnupg-users=gnupg.org at lists.palfrader.org (Peter Palfrader) Date: Wed Apr 5 12:05:08 2006 Subject: dns cert support In-Reply-To: <87r74cjsc5.fsf@wheatstone.g10code.de> References: <87lkum26xw.fsf@wheatstone.g10code.de> <20060404182501.GP32646@asteria.noreply.org> <20060404215707.GB31590@jabberwocky.com> <20060405080228.GQ32646@asteria.noreply.org> <87r74cjsc5.fsf@wheatstone.g10code.de> Message-ID: <20060405100604.GR32646@asteria.noreply.org> On Wed, 05 Apr 2006, Werner Koch wrote: > On Wed, 5 Apr 2006 10:02:28 +0200, Peter Palfrader said: > > > + const char *tmp = fpr; > > + while (*tmp) > > + { > > + if (isxdigit(*tmp)) > > Will segv on many non-glibc systems if you pass non-ascii characters > to it. Never ever use isfoo functions without additional checks. ick. Index: make-dns-cert.c =================================================================== --- make-dns-cert.c (revision 4091) +++ make-dns-cert.c (working copy) @@ -97,7 +97,22 @@ if(fpr) { - fprlen=strlen(fpr); + const char *tmp = fpr; + while (*tmp) + { + if ((*tmp >= 'A' && *tmp <= 'F') || + (*tmp >= 'a' && *tmp <= 'f') || + (*tmp >= '0' && *tmp <= '9')) + { + fprlen++; + } + else if (*tmp != ' ' && *tmp != '\t') + { + printf("Fingerprint must consist of only hex digits (and whitespace)\n"); + return 1; + } + tmp++; + } if(fprlen%2) { printf("Fingerprint must be an even number of characters\n"); -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred. | : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `- http://www.debian.org/ From alphasigmax at gmail.com Wed Apr 5 12:24:33 2006 From: alphasigmax at gmail.com (Alphax) Date: Wed Apr 5 12:24:54 2006 Subject: gpg-zip? In-Reply-To: <87vetojsk4.fsf@wheatstone.g10code.de> References: <20060405064735.37663.qmail@web26202.mail.ukl.yahoo.com> <87vetojsk4.fsf@wheatstone.g10code.de> Message-ID: <44339AE1.6010302@gmail.com> Werner Koch wrote: > On Tue, 4 Apr 2006 23:47:35 -0700 (PDT), Bj?rk said: > >> I've searched the manual and the installation path for gnupg for >> Windows and I can't find the program or find it mentioned in the >> manual. Why isn't it included in the Windows version? > > Because it won't work with Windows. It requires a Bourne shell and > the tar tool - this is not available under Windows. > Unless you have Cygwin or MSYS. -- Alphax Message composed: 2006-04-05T19:54:29+09:30 From gnupg-users=gnupg.org at lists.palfrader.org Wed Apr 5 12:30:42 2006 From: gnupg-users=gnupg.org at lists.palfrader.org (Peter Palfrader) Date: Wed Apr 5 12:30:05 2006 Subject: dns cert support In-Reply-To: <20060404182501.GP32646@asteria.noreply.org> References: <87lkum26xw.fsf@wheatstone.g10code.de> <20060404182501.GP32646@asteria.noreply.org> Message-ID: <20060405103042.GS32646@asteria.noreply.org> On Tue, 04 Apr 2006, Peter Palfrader wrote: > On Mon, 03 Apr 2006, Werner Koch wrote: > > > * New auto-key-locate option that takes an ordered list of methods > > to locate a key if it is not available at encryption time (-r or > > --recipient). Possible methods include "cert" (use DNS CERT as > > per RFC2538bis, "pka" (use DNS PKA), "ldap" (consult the LDAP > > server for the domain in question), "keyserver" (use the > > currently defined keyserver), as well as arbitrary keyserver > > URIs that will be contacted for the key. > > > > * Able to retrieve keys using DNS CERT records as per RFC-2538bis > > (currently in draft): http://www.josefsson.org/rfc2538bis > > How would I try to retrieve the key for peter@palfrader.org from DNS[1] > using GnuPG's command line, other than simulating an encryption (like in > gpg --auto-key-locate cert --recipient peter@palfrader.org --encrypt) > to the user in question? I notice that if I have both, a IPGP and a PGP CERT RR that GnuPG fails to import the key some of the time: | weasel@asteria:~/tmp/g$ echo fo | gpg --auto-key-locate cert --recipient peter@palfrader.org --encrypt | gpg: peter@palfrader.org: skipped: public key not found | gpg: [stdin]: encryption failed: public key not found | weasel@asteria:~/tmp/g$ echo fo | gpg --auto-key-locate cert --recipient peter@palfrader.org --encrypt | gpg: peter@palfrader.org: skipped: public key not found | gpg: [stdin]: encryption failed: public key not found | weasel@asteria:~/tmp/g$ echo fo | gpg --auto-key-locate cert --recipient peter@palfrader.org --encrypt | gpg: ./trustdb.gpg: trustdb created | gpg: key 94C09C7F: public key "Peter Palfrader" imported } ;; ANSWER SECTION: } peter.palfrader.org. 43200 IN CERT 6 0 0 FFsAyW1dVK7hIGuvhN56r26UwJx/ } peter.palfrader.org. 43200 IN CERT PGP 0 0 mQGiBDgp0YcRBACN9s8EycXRsu9ym3Sjou1N..... Is having them both not supported or is there a bug somewhere? Cheers, Peter -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred. | : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `- http://www.debian.org/ From dshaw at jabberwocky.com Wed Apr 5 14:42:20 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Apr 5 14:41:42 2006 Subject: dns cert support In-Reply-To: <20060405103042.GS32646@asteria.noreply.org> References: <87lkum26xw.fsf@wheatstone.g10code.de> <20060404182501.GP32646@asteria.noreply.org> <20060405103042.GS32646@asteria.noreply.org> Message-ID: <20060405124220.GC19546@jabberwocky.com> On Wed, Apr 05, 2006 at 12:30:42PM +0200, Peter Palfrader wrote: > I notice that if I have both, a IPGP and a PGP CERT RR that GnuPG fails > to import the key some of the time: [..] > } ;; ANSWER SECTION: > } peter.palfrader.org. 43200 IN CERT 6 0 0 FFsAyW1dVK7hIGuvhN56r26UwJx/ > } peter.palfrader.org. 43200 IN CERT PGP 0 0 mQGiBDgp0YcRBACN9s8EycXRsu9ym3Sjou1N..... > > Is having them both not supported or is there a bug somewhere? At the moment, GnuPG will take whichever it sees first (the PGP or the IPGP, but not both). So given round robining, if you have both, it will seem to flip back and forth between the two. I'm thinking about having GPG favor one or the other in these cases (probably PGP since if it has already fetched the whole key, it may as well import it rather than go to a web page or keyserver somewhere). The reason it is not fetching from the IPGP record you have there is there is only a fingerprint, and you must have a --keyserver defined for it to fetch the fingerprint from in that case. Do you have a --keyserver defined? David From gnupg-users=gnupg.org at lists.palfrader.org Wed Apr 5 15:18:31 2006 From: gnupg-users=gnupg.org at lists.palfrader.org (Peter Palfrader) Date: Wed Apr 5 15:17:44 2006 Subject: dns cert support In-Reply-To: <20060405124220.GC19546@jabberwocky.com> References: <87lkum26xw.fsf@wheatstone.g10code.de> <20060404182501.GP32646@asteria.noreply.org> <20060405103042.GS32646@asteria.noreply.org> <20060405124220.GC19546@jabberwocky.com> Message-ID: <20060405131831.GT32646@asteria.noreply.org> On Wed, 05 Apr 2006, David Shaw wrote: > On Wed, Apr 05, 2006 at 12:30:42PM +0200, Peter Palfrader wrote: > > > I notice that if I have both, a IPGP and a PGP CERT RR that GnuPG fails > > to import the key some of the time: > > [..] > > > } ;; ANSWER SECTION: > > } peter.palfrader.org. 43200 IN CERT 6 0 0 FFsAyW1dVK7hIGuvhN56r26UwJx/ > > } peter.palfrader.org. 43200 IN CERT PGP 0 0 mQGiBDgp0YcRBACN9s8EycXRsu9ym3Sjou1N..... > > > > Is having them both not supported or is there a bug somewhere? > > At the moment, GnuPG will take whichever it sees first (the PGP or the > IPGP, but not both). So given round robining, if you have both, it > will seem to flip back and forth between the two. I'm thinking about > having GPG favor one or the other in these cases (probably PGP since > if it has already fetched the whole key, it may as well import it > rather than go to a web page or keyserver somewhere). On the other hand the key that is fetched via DNS has serious size constraints - DNS limits the RDATA to 64k and I think GnuPG further limits this to 16k. In my case I have significantly stripped down my key in order to store it in DNS, so maybe going to the keyserver or the location specified in IPGP might be a good idea. > The reason it is not fetching from the IPGP record you have there is > there is only a fingerprint, and you must have a --keyserver defined > for it to fetch the fingerprint from in that case. Do you have a > --keyserver defined? Ah, now that I do it works nicely. Thanks! Maybe gpg should say that it wants to have a keyserver in this case? Cheers, Peter -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred. | : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `- http://www.debian.org/ From vedaal at hush.com Wed Apr 5 16:37:45 2006 From: vedaal at hush.com (vedaal@hush.com) Date: Wed Apr 5 16:37:02 2006 Subject: gpg-zip Message-ID: <20060405143745.AE122DA827@mailserver6.hushmail.com> On Wed, 05 Apr 2006 05:23:40 -0400 gnupg-users-request@gnupg.org wrote: >Send Gnupg-users mailing list submissions to > gnupg-users@gnupg.org > >Message: 6 >Date: Tue, 4 Apr 2006 23:47:35 -0700 (PDT) >From: Arild "Bj?rk" >Subject: gpg-zip? > * Added "gpg-zip", a program to create encrypted archives >that can interoperate with PGP Zip. > >I've searched the manual and the installation path for gnupg for >Windows and I can't find the program or find it mentioned in the >manual. Why isn't it included in the Windows version? >Message: 8 >Date: Wed, 05 Apr 2006 11:11:07 +0200 >From: Werner Koch >Subject: Re: gpg-zip? >Because it won't work with Windows. It requires a Bourne shell >and >the tar tool - this is not available under Windows. but it is easily available in a front end for windows, and works from file manager in winpt (for .zip files, for comaptibility with common windows unzip programs ) but could just as easily be made to work with .rar or other format vedaal Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 From info at entrepreneur.co.uk Wed Apr 5 16:32:33 2006 From: info at entrepreneur.co.uk (joeking) Date: Wed Apr 5 16:48:46 2006 Subject: GnuPG - where is the .exe file??? Message-ID: <3765831.post@talk.nabble.com> I am trying to set up secure email encryption using Thunderbird, Enigmail and GnuPG. I have everything in place bar GnuPG. I downloaded it and extracted it. I then have to add the GnuPG executable path in Enigmail so that they work together. My problem is finding GnuPG.exe. It doesn't seem to be in my GnuPG folder. Any ideas where I am going wrong? -- View this message in context: http://www.nabble.com/GnuPG---where-is-the-.exe-file--t1399921.html#a3765831 Sent from the GnuPG - User forum at Nabble.com. From dshaw at jabberwocky.com Wed Apr 5 16:52:39 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Apr 5 16:51:54 2006 Subject: dns cert support In-Reply-To: <20060405131831.GT32646@asteria.noreply.org> References: <87lkum26xw.fsf@wheatstone.g10code.de> <20060404182501.GP32646@asteria.noreply.org> <20060405103042.GS32646@asteria.noreply.org> <20060405124220.GC19546@jabberwocky.com> <20060405131831.GT32646@asteria.noreply.org> Message-ID: <20060405145239.GD19546@jabberwocky.com> On Wed, Apr 05, 2006 at 03:18:31PM +0200, Peter Palfrader wrote: > On Wed, 05 Apr 2006, David Shaw wrote: > > > On Wed, Apr 05, 2006 at 12:30:42PM +0200, Peter Palfrader wrote: > > > > > I notice that if I have both, a IPGP and a PGP CERT RR that GnuPG fails > > > to import the key some of the time: > > > > [..] > > > > > } ;; ANSWER SECTION: > > > } peter.palfrader.org. 43200 IN CERT 6 0 0 FFsAyW1dVK7hIGuvhN56r26UwJx/ > > > } peter.palfrader.org. 43200 IN CERT PGP 0 0 mQGiBDgp0YcRBACN9s8EycXRsu9ym3Sjou1N..... > > > > > > Is having them both not supported or is there a bug somewhere? > > > > At the moment, GnuPG will take whichever it sees first (the PGP or the > > IPGP, but not both). So given round robining, if you have both, it > > will seem to flip back and forth between the two. I'm thinking about > > having GPG favor one or the other in these cases (probably PGP since > > if it has already fetched the whole key, it may as well import it > > rather than go to a web page or keyserver somewhere). > > On the other hand the key that is fetched via DNS has serious size > constraints - DNS limits the RDATA to 64k and I think GnuPG further > limits this to 16k. In my case I have significantly stripped down my > key in order to store it in DNS, so maybe going to the keyserver or the > location specified in IPGP might be a good idea. Certainly the CERT PGP type has size restrictions, but I think that's fine: I don't really see the CERT PGP type as a repository for whole keys with dozens of signatures like on a keyserver. Rather, it's a place to store minimal (via export-minimal) keys. Once this "seed" key is gotten via CERT PGP, it can be fleshed out via a keyserver or preferred keyserver subpacket on the key itself. The GnuPG 16k max-cert-size is changeable, by the way: --keyserver-options max-cert-size=65536 16k was a bit of a guess as to a good value since CERT is so new. Whether to favor CERT PGP or CERT IPGP is one of those things where a reasonable case can be made for either path. It depends on what you're using CERT for: if you were using CERT in a PKA-like scheme, you'd want CERT PGP to get the answer as fast as possible, while if you were using CERT as a automatic key locater you'd probably want CERT IPGP to get all the signatures. > > The reason it is not fetching from the IPGP record you have there is > > there is only a fingerprint, and you must have a --keyserver defined > > for it to fetch the fingerprint from in that case. Do you have a > > --keyserver defined? > > Ah, now that I do it works nicely. Thanks! Maybe gpg should say that > it wants to have a keyserver in this case? Yes, I think it should. Note that you could make your IPGP contain both a fingerprint and a URL - that way you get to specify where the user will fetch your key from (it may not exist in the manner you desire on their particular keyserver). David From johnmoore3rd at joimail.com Wed Apr 5 16:56:13 2006 From: johnmoore3rd at joimail.com (John W. Moore III) Date: Wed Apr 5 16:55:28 2006 Subject: pka-lookups Message-ID: <4433DA8D.1040900@joimail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Throughout the 'snapshot' phase of 1.4.3 this ability was turned OFF by default. With the release of 1.4.3 stable and the availability of cross-certification and pka-lookup now widely available, will the features once defaulted to off be defaulted to ON for the 1.4.4 'snapshot' releases? Also, in gpg.man the reference is "see require-cross-certification" but I have been unable so far to find that particular option in the Manual. When I do, what will I "see"? JOHN :) Timestamp: Wednesday 05 Apr 2006, 10:55 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4-4092cvs: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org Comment: Homepage: http://tinyurl.com/9ubue Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJEM9qGAAoJEBCGy9eAtCsP8/YH/js/PyBQGhcSrHxUXZMCC+PJ CmuQdEBJHfQ4zEda0D5f+crQO+7A20AvH7FD10AkEspMuXoWgImAdqVhSkj7LiQ/ /VA6CynAIlt4/GhhgdWYiE96PRJf1T0DBmGypOMOxBlPUl0mAsclbDUinEn1P5c3 kTQS4G5H7uljt5k1o0l20jG1gQb2TdSKxsaBGB3ZIuGFGqpV/bStFxxYJ5R9SpXQ KyK1aMyJgWUr0eHWX82Nn2Q6cYFoOW5tllRYngRETMvJqC/rzR6hpJGsIoqY5TtN M2iFR8GGEsxvWMByBMN6M9ZZligjcRFB15nPXh+6BjSnykbx8FHQlmFoRn+P92I= =RzxT -----END PGP SIGNATURE----- From felix.klee at inka.de Wed Apr 5 18:22:35 2006 From: felix.klee at inka.de (Felix E. Klee) Date: Wed Apr 5 18:21:52 2006 Subject: OpenPGP card: What RSA problems? Why not for key signing? Message-ID: <87lkukc7qs.wl%felix.klee@inka.de> I consider creating a new master key: My old one wasn't stored securely in the past and it has been rarely used. This new key I want to generate on a system with a temporary fresh LINUX install and upload it to two Smartcards (one is for backup). Now, the only thing that's preventing me from doing this are the following paragraphs that I found in The GnuPG Smartcard HOWTO ("How to use the Fellowship Smartcard"): The card does not support DSA keys. Even if you are using a RSA key you might encounter problems. The cards available at the moment only support 1024 bit keys. The suggestion is to use the key on the card only for signing and decrypting but NOT for key signing. This calls for some questions: * What are those problems that one may encounter with RSA? * Why should the key on the card not be used for key signing? * Is there any advantage in using a DSA master key (not supported by the OpenPGP card, I know) instead of an RSA master key? * What's the best tool for generating the 1024 bit RSA key? Should I simply use plain "gpg --gen-key --no-random-seed-file" or should the key be generated on card, or does it not really matter? PS: Of course, I will use a subkey with limited lifetime for everyday use, and I'll store this key on a third card. -- Felix E. Klee From info at entrepreneur.co.uk Wed Apr 5 18:30:03 2006 From: info at entrepreneur.co.uk (joeking) Date: Wed Apr 5 18:29:10 2006 Subject: GnuPG - where is the .exe file??? In-Reply-To: <3765831.post@talk.nabble.com> References: <3765831.post@talk.nabble.com> Message-ID: <3768339.post@talk.nabble.com> Forgot to say I am using Windows. And it helps to download the Windows version . . . -- View this message in context: http://www.nabble.com/GnuPG---where-is-the-.exe-file--t1399921.html#a3768339 Sent from the GnuPG - User forum at Nabble.com. From info at entrepreneur.co.uk Wed Apr 5 19:34:52 2006 From: info at entrepreneur.co.uk (info@entrepreneur.co.uk) Date: Wed Apr 5 19:34:32 2006 Subject: GnuPG - where is the .exe file??? In-Reply-To: <20060405163024.41655.qmail@web52713.mail.yahoo.com> References: <4433FCE9.2734.1F0BFA9@localhost> Message-ID: <44341BDC.31392.269A743@localhost> I found my problem - I did not download Windows version! I am an idiot. You are a great person for helping a stranger. On 5 Apr 2006 at 9:30, Ramprasad B wrote: > > info@entrepreneur.co.uk wrote: > > > Did you download GnuPG 1.4.3 from > > http://www.gnupg.org/(en)/download/index.html? > > yep. > > > Even searching my computer does not find that .exe file. > > Please try to uninstall and install again. > or try to find gpg.exe in program files folder. > probably u tried to search gnupg.exe > > -- > Ramprasad B > > New Yahoo! Messenger with Voice. Call regular phones from your PC and save big. From ramprasad_i82 at yahoo.com Wed Apr 5 17:07:46 2006 From: ramprasad_i82 at yahoo.com (Ramprasad B) Date: Wed Apr 5 19:56:13 2006 Subject: GnuPG - where is the .exe file??? In-Reply-To: <3765831.post@talk.nabble.com> Message-ID: <20060405150746.95437.qmail@web52701.mail.yahoo.com> --- joeking wrote: > I then have to add the GnuPG executable path in Enigmail so that they work > together. > My problem is finding GnuPG.exe. It doesn't seem to be in my GnuPG folder. I downloaded today and installed gnupg. The gpg.exe guy was at -> C:\Program Files\GNU\GnuPG\gpg.exe -- Ramprasad B __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From info at entrepreneur.co.uk Wed Apr 5 17:22:49 2006 From: info at entrepreneur.co.uk (info@entrepreneur.co.uk) Date: Wed Apr 5 19:56:20 2006 Subject: GnuPG - where is the .exe file??? In-Reply-To: <20060405150746.95437.qmail@web52701.mail.yahoo.com> References: <3765831.post@talk.nabble.com> Message-ID: <4433FCE9.2734.1F0BFA9@localhost> Thanks for your help! Did you download GnuPG 1.4.3 from http://www.gnupg.org/(en)/download/index.html? Even searching my computer does not find that .exe file. On 5 Apr 2006 at 8:07, Ramprasad B wrote: > --- joeking wrote: > > > I then have to add the GnuPG executable path in Enigmail so that they work > > together. > > > My problem is finding GnuPG.exe. It doesn't seem to be in my GnuPG folder. > > I downloaded today and installed gnupg. > The gpg.exe guy was at -> C:\Program Files\GNU\GnuPG\gpg.exe > > -- > Ramprasad B > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > > > From ramprasad_i82 at yahoo.com Wed Apr 5 17:07:51 2006 From: ramprasad_i82 at yahoo.com (Ramprasad B) Date: Wed Apr 5 19:56:31 2006 Subject: GnuPG - where is the .exe file??? In-Reply-To: <3765831.post@talk.nabble.com> Message-ID: <20060405150751.11284.qmail@web52703.mail.yahoo.com> --- joeking wrote: > I then have to add the GnuPG executable path in Enigmail so that they work > together. > My problem is finding GnuPG.exe. It doesn't seem to be in my GnuPG folder. I downloaded today and installed gnupg. The gpg.exe guy was at -> C:\Program Files\GNU\GnuPG\gpg.exe -- Ramprasad B __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From johnmoore3rd at joimail.com Wed Apr 5 20:33:27 2006 From: johnmoore3rd at joimail.com (John W. Moore III) Date: Wed Apr 5 20:32:36 2006 Subject: GnuPG - where is the .exe file??? In-Reply-To: <4433FCE9.2734.1F0BFA9@localhost> References: <3765831.post@talk.nabble.com> <4433FCE9.2734.1F0BFA9@localhost> Message-ID: <44340D77.1030506@joimail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 info@entrepreneur.co.uk wrote: > Thanks for your help! > > Did you download GnuPG 1.4.3 from http://www.gnupg.org/(en)/download/index.html? > > Even searching my computer does not find that .exe file. Perhaps you might look under C:\GnuPG You could always click on the Start Key and then use Search to look for gpg.exe JOHN ;) Timestamp: Wednesday 05 Apr 2006, 14:33 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4-4092cvs: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org Comment: Homepage: http://tinyurl.com/9ubue Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJENA12AAoJEBCGy9eAtCsPirgIAJtlbWZiyIAdg4jwSE6SM/Tz 71Sh64LTu//WrUVEuEdibtXuPXldz1AguWJQn33/MhLTs+1jtDpDmLGVyrc6jxAp oXJJBxi3UTf1rQzGQUefI5QsZfocBsckrsiC+Dd3VgcSb8yp8Yzqf+biXv9m7tEO fCHvzDjyWqS0574zzvnyUHD/x+cf5SnAo0Fzk/cuBR1DsTtrpcGF85g/9nLBZgxA bhZK0+36C+P/38S4LqOIB8zdKAzEThfa1VHx9UCxSB9NG5oa+kqhgTKHvAMkFTS0 CtRj1VFVuA1ghRoKe8Pa3wbKAwXOyMu9jHxjaYhT+FYq2rHp/3VvdOqxzO9RgiE= =HQmT -----END PGP SIGNATURE----- From vedaal at hush.com Wed Apr 5 21:50:59 2006 From: vedaal at hush.com (vedaal@hush.com) Date: Wed Apr 5 21:50:09 2006 Subject: 1.4.3 // proper syntax for --edit-key cross-certify ? Message-ID: <20060405195100.106D2DA832@mailserver6.hushmail.com> what is the syntax needed to use the cross-certify to have a signing subkey sign the master? i tried cross-certify with --edit-key and got no response (not even the polite customary error message ;-) ) here is the command and gpg output: $ gpg --edit-key 0x6A589A97 gpg (GnuPG) 1.4.3; Copyright (C) 2006 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. gpg: using PGP trust model gpg: key 6A589A97: accepted as trusted key Secret key is available. pub 4096R/6A589A97 created: 2001-04-26 expires: never usage: SCEA trust: ultimate validity: ultimate sub 4096R/04ADEE20 created: 2001-04-26 expires: never usage: SCEA [ultimate] (1). vedaal nistar (preferred e-mail address) [ultimate] (2) vedaal nistar (preferred key) [ultimate] (3) vedaal nistar Command> cross-certify Command> gnupg just returns the command prompt (the same happens after a uid is selected, and then cross-certify entered at the command prompt) the same thing also happens with the following variations: Command> cross-certify Command> Command> cross-certify sub 4096R/04ADEE20 Command> Command> cross-certify pub 4096R/6A589A97 Command> Command> cross-certify 6A589A97 Command> Command> cross-certify 04ADEE20 Command> what should the proper syntax be ? tia, vedaal Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 From john.m.church at lmco.com Wed Apr 5 20:16:44 2006 From: john.m.church at lmco.com (John M Church) Date: Wed Apr 5 23:56:18 2006 Subject: Automated Decryption via Script Running Setuid Message-ID: <4434098C.7@lmco.com> Searched the archives back through Oct. '05 and didn't see a solution to my problem... Bottom line to problem: If a script running setuid as userA but called by userB contains a GPG command, GPG responds with userB information instead of userA. I have a perl script 'parseMail_andSubmit_toDB.pl' that is being routed information from a C-wrapper that runs as userA. -rwsr-sr-x userA pass_STDIN_to_parseMail_andSubmit_toDB.exe The info contained in STDIN is an emailed message with an attached file (encrypted with userA's public key). In parseMail_andSubmit_toDB.pl, I save the attachment to a file and call a second perl script 'decrypt_file.pl'. This script contains userA's passphrase which I am attempting to use to decrypt the file ala: "cd $dir_containing_file; echo \'${passphrase}\' | /usr/local/share/bin/gpg --passphrase-fd 0 --output ${file_to_decrypt}_cleartext$$ --decrypt $file_to_decrypt". However GPG responds with: "cp: cannot create /.gnupg/gpg.conf: Permission denied gpg: fatal: can't create directory `~/.gnupg': No such file or directory secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768" It is as-if GPG knows that userB originated the call (in this case the email daemon which probably doesn't have a /home/daemon and certainly doesn't have GPG keys). So I setup a second test where jchurch (as userB) called the c-wrapper and changed the GPG command in decrypt_file.pl to 'echo \'Calling whoami\'; /usr/ucb/whoami; /usr/local/share/bin/gpg --list-keys' and I received the key info for userB instead of userA. See below. -------------------------------- pub 1024D/63A468CF 2006-03-23 uid John Church (Second Key working with Joel) sub 2048g/2D0142AB 2006-03-23 pub 1024D/F3D3D15D 2006-04-03 uid razoradm (Razor Administrator) sub 2048g/B73F17B6 2006-04-03 The key info for userA should have been returned. Does anyone have any clue as to whether GPG is this smart? I admit to being a newbie to GPG so perhaps I'm doing something stupid. Any suggestions would be appreciated. Thanks-in-advance, John_inDenver From shavital at mac.com Thu Apr 6 00:07:18 2006 From: shavital at mac.com (Charly Avital) Date: Thu Apr 6 00:07:00 2006 Subject: 1.4.3 // proper syntax for --edit-key cross-certify ? In-Reply-To: <20060405195100.106D2DA832@mailserver6.hushmail.com> References: <20060405195100.106D2DA832@mailserver6.hushmail.com> Message-ID: <44343F96.8090202@mac.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 vedaal@hush.com wrote the following on 4/5/06 3:50 PM: > what is the syntax needed to use the cross-certify > to have a signing subkey sign the master? > > i tried cross-certify with --edit-key > and got no response > (not even the polite customary error message ;-) ) When I tried that, I was prompted to enter my passphrase after a row showing that my signing subkey was selected: - ----- Charly-Avitals-PBG4:~ shavital$ gpg --edit-key C91B085E gpg (GnuPG) 1.4.3; Copyright (C) 2006 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Secret key is available. pub 1024D/C91B085E created: 2002-05-11 expires: never usage: SCA trust: ultimate validity: ultimate sub 2048g/084539C7 created: 2002-05-11 expires: never usage: E sub 4096R/727327CF created: 2005-02-17 expires: never usage: S [ultimate] (1). Charly Avital (1.0.7) [ultimate] (2) Charly Avital (1.0.7) [ revoked] (3) Charly Avital (1.0.7) Command> cross-certify You need a passphrase to unlock the secret key for user: "Charly Avital (1.0.7) " 4096-bit RSA key, ID 727327CF, created 2005-02-17 Enter passphrase: - ------------- After I enter the passphrase, I get the same output as above: - ----- pub 1024D/C91B085E created: 2002-05-11 expires: never usage: SCA trust: ultimate validity: ultimate sub 2048g/084539C7 created: 2002-05-11 expires: never usage: E sub 4096R/727327CF created: 2005-02-17 expires: never usage: S [ultimate] (1). Charly Avital (1.0.7) [ultimate] (2) Charly Avital (1.0.7) [ revoked] (3) Charly Avital (1.0.7) ============= But when I Quit, I am prompted to save changes: - -------------- Command> quit Save changes? (y/N) n Quit without saving? (y/N) y - -------------- I have chosen to quit without saving any changes, because the truth is I do not fully understand what the change is, and what it would do to my key and/or to my signing subkey. [...] > (the same happens after a uid is selected, and then cross-certify > entered at the command prompt) When you select a uid, can you select the signing subkey itself? I can't. I can only select one of the existing uids (1,2 or 3). >[...] > what should the proper syntax be ? > I hope you get more significant feedback from the list. I just wanted to let you know that cross-certify provokes, in my system, a certain response and output that can be saved in the key. Charly -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) Comment: GnuPG for Privacy Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBRDQ/kG69XHxycyfPAQgg7BAAqXTx45ETj04X0OK4ILPZ8BXINE4mP37n J+AVdrFApncNnXOx/jQ2rOvZyN/f17accOlLCef6dtpOIHGqSoXTxHFZq9yncwPQ s1/OfERI384qFgs21YbJCE70cE2wlmJiRO06uHUFQ/QUgaP3W7uNTX4iYXHFBNQJ VcS4bjGKEN0t5yV3M39J4wBU1yCd43TN6YYQaK0xNvvPfKm6V3HWGARQ0PhhsdyH YX9HifwcE0BHslU9SXZIfDE9GhZJeT7VEj3Pu3CDYh5GVPnv6a5LFFZh3Wv1R3Eh nrc0GTbUULg/oeAMkuwLZ6ZO6CLoJP8jot1BIAhX9FxlsxASgxSWlnhr7qioSiNe nSZTklyXTdKXMJVL4+7OkxKACQqx/cWNWUJPKQogDkkAkVabcB3JB9g6jPMPIV1s 7tJezG8/LvQmOZfzlxGkARdESE0fROTmqL8Lax7xmybN5OsSNNzbWfDR4j0558Dm FKAGEoNSZq1g8VwXCTuDTsH5ycpqjeDYYLjwecOvEyKAB6wt/vOGufei5hFmzFVC COg+8fgF7XmqqT3ojTDTKmCJkU5xJosHLXvnY6fUia2Ik9oGiic47eN+OCMVW8Ww 0+hHtcXZlooHwcZr5QSTv2PspLiDHO/0RUqWL5nkrEMhbibS8lMQD2w/BLQTv2xq qV9bFqDPZGU= =bq6u -----END PGP SIGNATURE----- From hartmut_henkel at gmx.de Wed Apr 5 22:22:03 2006 From: hartmut_henkel at gmx.de (Hartmut Henkel) Date: Thu Apr 6 00:56:17 2006 Subject: keytocard doesn't move key Message-ID: Hi, using an SCR335 card reader with gnupg 1.4.3 under debian-sarge AMD64 i can do gpg --card-edit > generate > list which generates new keys on the smartcard fine and puts them also into file secring.gpg. But then trying to move the secret key to the smartcard by gpg --edit-key Befehl> toggle Befehl> keytocard does _not_ work: The newly generated secret key persists in secring.gpg. E. g. i can do --export-secret-key without smartcard. Gpg tells: Really move the primary key? (y/N) y ... W?hlen Sie den Speicherort f?r den Schl?ssel: (1) Unterschriften-Schl?ssel (3) Authentisierungs-Schl?ssel Ihre Auswahl? 1 gpg: WARNING: such a key has already been stored on the card! Vorhandenen Schl?ssel ersetzen? (j/N) j gpg: geheimer Schl?ssel ist bereits auf einer Karte gespeichert When i delete the secret key manually from secring.gpg, the secret key on the card won't be found, probably as the "stub" is missing in secring.gpg. So the question is: How can i get the secret key away from the secring.gpg and still have the stub so that the secret key is requested then from the smartcard? Thanks a lot for any hints. Regards, Hartmut From johnmoore3rd at joimail.com Thu Apr 6 01:13:06 2006 From: johnmoore3rd at joimail.com (John W. Moore III) Date: Thu Apr 6 01:13:21 2006 Subject: 1.4.3 // proper syntax for --edit-key cross-certify ? In-Reply-To: <44343F96.8090202@mac.com> References: <20060405195100.106D2DA832@mailserver6.hushmail.com> <44343F96.8090202@mac.com> Message-ID: <44344F02.6050108@joimail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Charly Avital wrote: > But when I Quit, I am prompted to save changes: > -------------- > Command> quit > Save changes? (y/N) n > Quit without saving? (y/N) y > -------------- > > I have chosen to quit without saving any changes, because the truth is I > do not fully understand what the change is, and what it would do to my > key and/or to my signing subkey. Knee-jerk response is to say "It does Nothing to you Key/sub-Key" but that is not /exactly/ true. What occurs is that your Key & sub-Key are inextricably linked. This is prevent a very remote & arcane possibility of your signing sub_key being hijacked. Real World effect.....with 'require-cross-certification' active in my gpg.conf File your message Opened with a yellow stripe across the top of my Enigmail Screen and a 'Red' Pen in the lower right corner. Clicking on the pen gives me a verbose text indicating that you have *not* back signed the sub-Key. When I comment out the gpg.conf entry I Open the message to the familiar Green Line indicating 'Good Signature from Trusted Key'. Had you chosen to 'save' the changes it would have appeared Green when I first Opened this Post. My suggestion would be to go ahead and 'save' the changes and rest comfortably that it will have no negative effect whatsoever. Others will surely disagree with me and should appear here shortly. JOHN ;) Timestamp: Wednesday 05 Apr 2006, 19:11 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4-4092cvs: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org Comment: Homepage: http://tinyurl.com/9ubue Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJENE7sAAoJEBCGy9eAtCsPFZEH/j0T49h7lh3ugrZE2WN3KB3S cQre6aVgJ0ectjc1aam0nfu2oZJMMbrvFbpgrKHsUYZF/BBEtyvRIZ8ABwK8Wqo8 BO+JVu4egZQ4mxHOR3X/LDc956kuCOq5/DOj0oTc07dTb5OToLL/bi1GTKXx9WWn LMgKLnU18RYCuCoJie/t9zyz/XmepQDQ5/6Lb6sjKfyQsylC+KWbIeASSjxJuphn jQZJOvQpEZ/wA3MVByuK4oibWlLJIECldRH7uB+inD+nNpdW1hHklb721hQnAcH0 C06qsXhbDjnLmm6zeqLyWGNtCB03+0mAeulaXkwzRV5POKd+bEAUURVFm0JGFr8= =Uz8J -----END PGP SIGNATURE----- From vedaal at hush.com Thu Apr 6 01:47:12 2006 From: vedaal at hush.com (vedaal@hush.com) Date: Thu Apr 6 01:46:20 2006 Subject: 1.4.3 // proper syntax for --edit-key cross-certify ? Message-ID: <20060405234712.7A3D8DA832@mailserver6.hushmail.com> Charly Avital shavital at mac.com wrote on Thu Apr 6 00:07:18 CEST 2006 : >When I tried that, I was prompted to enter my passphrase after a row showing that my signing subkey was selected: >But when I Quit, I am prompted to save changes: hmmm, ok, tried this again, same result as before, then generated a new dh/dsa key and a new rsa subkey and tried it with the new key, and it worked, with the same result that you got, *but* only for new or recent keys, the key i originally wrote in about, is an older (but still v4) rsa key and rsa signing subkey and i couldn't get it to cross-certify can others try this out on any older PGP-generated keys they might have, and see if it works or not, tia, vedaal Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 From dshaw at jabberwocky.com Thu Apr 6 03:38:24 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Thu Apr 6 03:37:41 2006 Subject: 1.4.3 // proper syntax for --edit-key cross-certify ? In-Reply-To: <44343F96.8090202@mac.com> References: <20060405195100.106D2DA832@mailserver6.hushmail.com> <44343F96.8090202@mac.com> Message-ID: <20060406013824.GA22100@jabberwocky.com> On Wed, Apr 05, 2006 at 06:07:18PM -0400, Charly Avital wrote: > I have chosen to quit without saving any changes, because the truth is I > do not fully understand what the change is, and what it would do to my > key and/or to my signing subkey. http://www.gnupg.org/faq/subkey-cross-certify.html You should do it. David From dshaw at jabberwocky.com Thu Apr 6 03:45:19 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Thu Apr 6 03:44:34 2006 Subject: pka-lookups In-Reply-To: <4433DA8D.1040900@joimail.com> References: <4433DA8D.1040900@joimail.com> Message-ID: <20060406014519.GB22100@jabberwocky.com> On Wed, Apr 05, 2006 at 10:56:13AM -0400, John W. Moore III wrote: > Throughout the 'snapshot' phase of 1.4.3 this ability was turned OFF by > default. With the release of 1.4.3 stable and the availability of > cross-certification and pka-lookup now widely available, will the > features once defaulted to off be defaulted to ON for the 1.4.4 > 'snapshot' releases? It depends on the feature. Certainly require-cross-certification will not be turned on by default in 1.4.4. Too soon. > Also, in gpg.man the reference is "see require-cross-certification" but > I have been unable so far to find that particular option in the Manual. > When I do, what will I "see"? It's there. It says: When verifying a signature made from a subkey, ensure that the cross certification "back signature" on the subkey is present and valid. This protects against a subtle attack against subkeys that can sign. Currently defaults to --no-require-cross-certification, but will be changed to --require-cross-certification in the future. David From dshaw at jabberwocky.com Thu Apr 6 04:02:16 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Thu Apr 6 04:01:27 2006 Subject: 1.4.3 // proper syntax for --edit-key cross-certify ? In-Reply-To: <20060405234712.7A3D8DA832@mailserver6.hushmail.com> References: <20060405234712.7A3D8DA832@mailserver6.hushmail.com> Message-ID: <20060406020216.GC22100@jabberwocky.com> On Wed, Apr 05, 2006 at 07:47:12PM -0400, vedaal@hush.com wrote: > the key i originally wrote in about, > is an older (but still v4) rsa key and rsa signing subkey > and i couldn't get it to cross-certify > > can others try this out on any older PGP-generated keys they might > have, > and see if it works or not, PGP does not generate signing subkeys. You generated a RSA encryption key that happened to be without key flags (I guess that version of PGP didn't use them yet), and so it appears as a RSA sign+encrypt key in GnuPG. Bottom line is, this does not work on PGP generated keys. David From shavital at mac.com Thu Apr 6 06:29:51 2006 From: shavital at mac.com (Charly Avital) Date: Thu Apr 6 06:29:25 2006 Subject: 1.4.3 // proper syntax for --edit-key cross-certify ? In-Reply-To: <44344F02.6050108@joimail.com> References: <20060405195100.106D2DA832@mailserver6.hushmail.com> <44343F96.8090202@mac.com> <44344F02.6050108@joimail.com> Message-ID: <4434993F.8060304@mac.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 John W. Moore III wrote the following on 4/5/06 7:13 PM: [...] > Had you chosen to 'save' the changes it would have appeared Green when I > first Opened this Post. My suggestion would be to go ahead and 'save' > the changes and rest comfortably that it will have no negative effect > whatsoever. Thank you for the clarification. I have just done that and saved the change. > > Others will surely disagree with me and should appear here shortly. Well, not really, since David Shaw concurs: David Shaw wrote the following on 4/5/06 9:38 PM: > On Wed, Apr 05, 2006 at 06:07:18PM -0400, Charly Avital wrote: > >> I have chosen to quit without saving any changes, because the truth is I >> do not fully understand what the change is, and what it would do to my >> key and/or to my signing subkey. > > http://www.gnupg.org/faq/subkey-cross-certify.html > > You should do it. > > David I have also uploaded the 'corrected' key to a keyserver. Thanks to all. Charly -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) Comment: GnuPG for Privacy Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBRDSZPG69XHxycyfPAQhwOQ/+IS4ZVVWFsxLA+J3wS9z3omySCQprvNXA 86YCjBHTTHFXebvWSMsxSXc4hnj2ewlte3/gAy6i7qCYxNv7iw3TwK2WfH7R0TPe J+WLmqu0NCOABMqEXU3Dqrh8FXQ6rT4inL4ZYrAF3Qo7do91/uQbgkhWni0IobJq 29wKR0FS35M/RKzC398ses8YDlCWsbZifycBrGTXgW0faJoiobwQK62vXAaxlkCA 8PJgtgufG+bcbD158TYZBW48tm0oJNavQYxmVx/g4V7U6no5Ag483C8oD09n17pv DXMvYbBhvdr6j/zEHe0Aw6UGMw7vQ28d3oXRV+b3yYwm9c+5Khvt5XhZKpqdghvM CHTqJLXO9d4w6yG4o8HLjQTbRYz3ffCuRabWtZcorwFXUTKrK/RrhkmIvrr8m1eZ S8cDEBFogQpieCVm8o9UWhSfP2cYgQfc+UUfYB6kwoaPIYp8CSGUCvLc3+GlRona GuIAkzCW8ZhWDdjzCIHW8Xdza8nIdiP/y5zioYt5GhVXxiIUP4MJKKGh85pyHv0t +zVBLR1pk+HRnJR/8AvGyvpYp56D+ZJuTR4wmNzvH3CjF+KAkxeegTs2uWne7Idc qGFyWr/YnJMxAFhRjojkAjMu8diIbfTNcmmViY9yWHh526O2hmVXDpURyz3z56i2 KoKLghFgEGk= =uNwC -----END PGP SIGNATURE----- From wk at gnupg.org Thu Apr 6 11:24:25 2006 From: wk at gnupg.org (Werner Koch) Date: Thu Apr 6 11:26:54 2006 Subject: OpenPGP card: What RSA problems? Why not for key signing? In-Reply-To: <87lkukc7qs.wl%felix.klee@inka.de> (Felix E. Klee's message of "Wed, 05 Apr 2006 18:22:35 +0200") References: <87lkukc7qs.wl%felix.klee@inka.de> Message-ID: <871wwbgipi.fsf@wheatstone.g10code.de> On Wed, 05 Apr 2006 18:22:35 +0200, Felix E Klee said: > * What are those problems that one may encounter with RSA? You can't load a non-1024 bit RSA key to the card. RSA keys are optional in OpenPGP and thus some implementaions may not be abale to use your key. > * Why should the key on the card not be used for key signing? Either becuase people feel that 1024 bit RSA/SHA-1 is not strong enough or due to the diculties of creating a backup of that key. Without a backup and a borken card you won't be able to properly use your key anymore and all collected signatures are practically lost. > * Is there any advantage in using a DSA master key (not supported by the > OpenPGP card, I know) instead of an RSA master key? DSA signatures are much smaller. > * What's the best tool for generating the 1024 bit RSA key? Should I > simply use plain "gpg --gen-key --no-random-seed-file" or should the > key be generated on card, or does it not really matter? gpg --gen-key --no-random-seed-file is only useful if you don't have permission to write it. Shalom-Salam, Werner From felix.klee at inka.de Thu Apr 6 14:29:06 2006 From: felix.klee at inka.de (Felix E. Klee) Date: Thu Apr 6 14:28:24 2006 Subject: OpenPGP card: What RSA problems? Why not for key signing? In-Reply-To: <871wwbgipi.fsf@wheatstone.g10code.de> References: <87lkukc7qs.wl%felix.klee@inka.de> <871wwbgipi.fsf@wheatstone.g10code.de> Message-ID: <873bgqq44t.wl%felix.klee@inka.de> At Thu, 06 Apr 2006 11:24:25 +0200, Werner Koch wrote: > > * Why should the key on the card not be used for key signing? > > Either becuase people feel that 1024 bit RSA/SHA-1 is not strong > enough Yes, one reads this and that: Some say 1024 may become easily crackable [1] in the upcoming years, some say that it won't. OK, my data may not be that interesting [2] but, still, I want to do it right, or more or less so. So, I'll probably simply create a 4096 bit RSA key with 10 years life time and store it on devices not accessible from the systems I normally use. So, I've one more question: How long should the passphrase reasonably be, in case ... ... it is a phrase containing words from a dictionary (e.g. taken from a book)? ... it is a phrase made up of easily memorizable/pronounceable but non-real words, formatted like an ordinary phrase (i.e. one word, one blank, etc.)? ... it is just a random string? The goal is to make decrypting the pass phrase protected secret key about as hard as factoring the public key. Is this even remotely possible? > Without a backup and a borken card you won't be able to properly use > your key anymore and all collected signatures are practically lost. Well, I planned to have the key stored on two smartcards (one for backup), anyway. If not used for storage of the master key, the smartcards, of course, are still nice for storing sub keys, and have them available all the time. [1] I.e. with not too expensive equipment and in a rather short time, say a couple of days. [2] I plan to use the key in the context of financial transactions, though. -- Felix E. Klee From vedaal at hush.com Thu Apr 6 15:51:32 2006 From: vedaal at hush.com (vedaal@hush.com) Date: Thu Apr 6 15:50:53 2006 Subject: 1.4.3 // proper syntax for --edit-key cross-certify ? Message-ID: <200604061351.k36DpWnB008579@mailserver2.hushmail.com> >Message: 6 >Date: Wed, 5 Apr 2006 22:02:16 -0400 >From: David Shaw >Subject: Re: 1.4.3 // proper syntax for --edit-key cross-certify ? >PGP does not generate signing subkeys. You generated a RSA >encryption >key that happened to be without key flags (I guess that version of >PGP >didn't use them yet), and so it appears as a RSA sign+encrypt key >in >GnuPG. well, it is an 'atypical' pgp build ;-) but the subkey is recognized by gnupg as a 'signing' subkey, and moreover, is 'forced' by gnupg front ends to be used for signing (there is no '!' indicator available to put as an option in gpg.conf) here is an example of such a key: -----BEGIN PGP PRIVATE KEY BLOCK----- Comment: passphrase: rsav4t lQHqBDwg+g0BBADauhzNV+0XYAg1Q8O8m8QhyxXz2HUeqB/7+lOlFQT/UnNVvtmm 9ouqwy/7HUpsxYLep3laFCUek6tSmJQKF7agjCqN3HrzE6eFWp7kVejuiDGKj0UK OwuOUQVRtdtSZMY1Hh0MWhZDbtJYkQU81gijs9FOLva9x1jafrZuHjhdGQAFEf8D AwLsMC6ZozNWu2D5ziUHulKzmrRwWNCyCQkxVm+0z/bO9auiMlMUqk8WPuieHHQg ki+SvGekTtSJG8gEZeTkYo/+rYGs9bv9cm/5cZ3/5WQPEYc9zxggwIz9/E+4zOcV D9FPZuo0cOouE9eHRSd+xTT/c+YX6ypqa/WFicx71SYZ6FahYdsKNiK11nx7SVT+ dBF7hHcgH5vgfza2ZtA0M0y3d6/NFATNqFRVdl9D20MR+fBs/RDBHDudUFV07x7R pDPm/zai9dmLfsRsQcPKgjhC/YkNE08inkwMi7aUTKIOsKTHZuY+y2YnD0RLXakD udpmiA/2vtGR9D7NaVW24rqdtK6r/B8DW0CtGb/JqGw80JUAz8YwvNMXbLnggAvh IJTdjjf0CFhKQ8JF/aCBlmcXGaGo37URwKlgfdHnOa14DnO51Po3SIKisSGfLmpM 3soVFY0vj4vSXX2cibQYcnNhdjR0IDxyc2F2NHRAa2V5LnRlc3Q+nQO8BEQ0kkAB CADjn5GScd2SFDZ046cohclmm8nob1Nj/g2bqHfN16LQ77dLSESBuo56yxLXkS/s xVUtTOW7abZ1ksdBOF1xrq/g49bfP7i4RIrMf+CpFRO/Il1rqkjGuZSPBMRX12Ti hY1z4HU1jocPkyuccO3+VDXnrHOhzlBxzTlYH/4oIiPimyk+0n4Xg4RShcnyL8f+ uSXwb6pHWYypCOW1QxwthK9PtLs3TORLpebOXqnNwM3y5XtIcqkdbKfqmPR5OTqx NQmrEvzUThRmjRiiX/eOQww7tusr9CaIivBK3GcKkaUNxsT4RcLndQ8ZFR+skatY JDBUTC7jjxqhg0i6zwYw/sgJAAUR/gMDAi3o4bzxWYK4YGlXTPOA9lFQ8NCCLAnV BdqHIdfL8jowEowNcfhRaCKSqqF07yuTWyNfUoWuI1d1f7W8RHXgN9Ocs4cRnTeh D7KDi6ZyBPAJ+BCYpB0USAp4b/JbFc2orhUHpy+1355CBwze8aZF42N77RZ7QEJk 0Dq3ByjVdIuCb1P5SsJGWXVKJbkLAzaXDF9NJLCzcQW2jZzwFvmYrdUE3/Xo3U8C kK3JX4IugJhPaKq0sknX63rm7Y++CCRxJy1TGln08D8RMnwG/H+/lgT7cE/vZP7O GBLv6VUU2FtkNToWUm4tPFhAV03UCkmZKPsbFoEiVXwEVxgSYnoaLvHMP9w7BlFK MqyBYjPaI4JzgFvfyCrzZVH58to6Crb6Ens7kzbgums3/0rWg+2cldQyivhmoP7G 6Lx1Y1P7xtPgo7JQIsgIPaa2YsioRAoOhh338Tgu2ZJ1yvBqHhn3zxchWJZAAua0 998k6VShLO9+JAxV8J8fr6LIJiflByvqOUpjnMbYcR5VkwYcM2ebhbGiGfDS8PWy gSyFOz9QBZW1sWP6LZjOHQKPqgUl0avPG2EdcLarg3NV4ACTNsfuJtd7uksn/fGR E5rPlSvUFq/2ojNUT6tVZWpb3uLNFLikE6A2rM85NpG9UtZTYiBWbzRnb/DFjnJQ bskXNbxUWN3V9AujdTKdoJit7Rb1pPhebK6w+Pyj0HXwZ/pncx2ReVh1MmQ/L6A8 1WVS6KvXYd8qgCIKTsun25t2EtJlp7029iEHq8TaNsGqD5BsFoT/y3/J9YdmmUc1 wki+1ox6BSMhREjxZ2d9fZHJ6ALmZ2PP0ryVGlNcKV/wu/QMoIttrhkjWnVWADsc VCMkkQ8P/2MG2ukSA8qOdWLBVgTw6yLDHStkIl6Bpm+Y9Alnz6I= =oO4q -----END PGP PRIVATE KEY BLOCK----- -----BEGIN PGP PUBLIC KEY BLOCK----- Comment: rsa v4 key with rsa signing subkey (ckt build 9 ) mQCLBDwg+g0BBADauhzNV+0XYAg1Q8O8m8QhyxXz2HUeqB/7+lOlFQT/UnNVvtmm 9ouqwy/7HUpsxYLep3laFCUek6tSmJQKF7agjCqN3HrzE6eFWp7kVejuiDGKj0UK OwuOUQVRtdtSZMY1Hh0MWhZDbtJYkQU81gijs9FOLva9x1jafrZuHjhdGQAFEbQY cnNhdjR0IDxyc2F2NHRAa2V5LnRlc3Q+iQCpBBABAwATBQI8IPoNCQsDBwgJBAoB AgIZAQAKCRBdrtpCF+ndm7PhA/0Rm9Yhj9WS4Ti6mpxYZJ4A6tNqK8VaRwXoEdU4 6ItU202v8GW08wYvhNQ/kX+fwKPXde3PxSigNfDuhriuzU4KoR4i7KwFSovLM3V2 4m7eHme3payGIyVW8YxjYYT3f/3UxJcsW7DZ5Yo7k0+j04t+M27KATrk1R0ONG3l 3IJQRrkBCwRENJJAAQgA45+RknHdkhQ2dOOnKIXJZpvJ6G9TY/4Nm6h3zdei0O+3 S0hEgbqOessS15Ev7MVVLUzlu2m2dZLHQThdca6v4OPW3z+4uESKzH/gqRUTvyJd a6pIxrmUjwTEV9dk4oWNc+B1NY6HD5MrnHDt/lQ156xzoc5Qcc05WB/+KCIj4psp PtJ+F4OEUoXJ8i/H/rkl8G+qR1mMqQjltUMcLYSvT7S7N0zkS6Xmzl6pzcDN8uV7 SHKpHWyn6pj0eTk6sTUJqxL81E4UZo0Yol/3jkMMO7brK/QmiIrwStxnCpGlDcbE +EXC53UPGRUfrJGrWCQwVEwu448aoYNIus8GMP7ICQAFEYkAlQMFGEQ1GQtdrtpC F+ndmwEIfboEAL/q413KmmQUIVR/khZuyR+uDW1btlXODx+Rq06eDDrahCPhsKoV jbXaCw3+wIGL8wLwXgRbCxdT6T8N4ndD9rXpSca6WgCQnjJktN2hVt5xKqixJ9yh s5CnPsm7AWe66kzq07LVEea2NKHzJwhce0XjeIFOd3jD/eaeVXdzDFwb =3A9P -----END PGP PUBLIC KEY BLOCK----- >Bottom line is, this does not work on PGP generated keys. a request then, can cross-certify be made to work with such a key, (preferred) or, can an option of '!' be made available so that gnupg front ends recognize and sign with the primary subkey, and avoid the whole issue tia, vedaal Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 From dshaw at jabberwocky.com Thu Apr 6 17:03:44 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Thu Apr 6 17:02:57 2006 Subject: 1.4.3 // proper syntax for --edit-key cross-certify ? In-Reply-To: <200604061351.k36DpWnB008579@mailserver2.hushmail.com> References: <200604061351.k36DpWnB008579@mailserver2.hushmail.com> Message-ID: <20060406150344.GA24093@jabberwocky.com> On Thu, Apr 06, 2006 at 09:51:32AM -0400, vedaal@hush.com wrote: > >Message: 6 > >Date: Wed, 5 Apr 2006 22:02:16 -0400 > >From: David Shaw > >Subject: Re: 1.4.3 // proper syntax for --edit-key cross-certify ? > > >PGP does not generate signing subkeys. You generated a RSA > >encryption > >key that happened to be without key flags (I guess that version of > > >PGP > >didn't use them yet), and so it appears as a RSA sign+encrypt key > >in > >GnuPG. > > well, > it is an 'atypical' pgp build ;-) > > but the subkey is recognized by gnupg as a 'signing' subkey, > and moreover, is 'forced' by gnupg front ends to be used for > signing > (there is no '!' indicator available to put as an option in > gpg.conf) PGP generated keys are not any different than GPG generated keys in this regard. Go ahead and use a ! if you like. David From vedaal at hush.com Thu Apr 6 17:57:56 2006 From: vedaal at hush.com (vedaal@hush.com) Date: Thu Apr 6 17:57:11 2006 Subject: 1.4.3 // proper syntax for --edit-key cross-certify ? Message-ID: <200604061557.k36Fvutq023465@mailserver2.hushmail.com> David Shaw dshaw at jabberwocky.com wrote on Thu Apr 6 17:03:44 CEST 2006 : >PGP generated keys are not any different than GPG generated keys in >this regard. Go ahead and use a ! if you like. yes, but currently only from the command line what i was asking for, is a 'option' equivalent to '!' to put into gpg.conf so that gnupg front ends will recognize and use only the primary key for signing, and not the subkey (which is still used for encryption) i.e. !-signing-key keyid otherwise, these are the user's choices: [1] use only command line when signing (ok, not so terrible, but inconvenient/difficult for some people) [2] use only pgp for signing (what!? and lose all gnupg's features ?!? ;-) [not really an option for this group ;-) ] [3] delete/revoke the subkey and use the master for both signing and encrypting [as a v3 user, i can live with this ;-) ], but it is not the preferred way to go in terms of security, as the signing and encrypting keys really should be separate [4] make a new key in gnupg (and try to get it out to everybody who trusts only your old ones), ok, but far less convenient than [1] and [3] while the key is still trustworthy is it that difficult to put the '!' feature in the options file ? it would be much appreciated Thanks! vedaal Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 From dshaw at jabberwocky.com Thu Apr 6 18:09:20 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Thu Apr 6 18:08:28 2006 Subject: 1.4.3 // proper syntax for --edit-key cross-certify ? In-Reply-To: <200604061557.k36Fvutq023465@mailserver2.hushmail.com> References: <200604061557.k36Fvutq023465@mailserver2.hushmail.com> Message-ID: <20060406160920.GA24262@jabberwocky.com> On Thu, Apr 06, 2006 at 11:57:56AM -0400, vedaal@hush.com wrote: > David Shaw dshaw at jabberwocky.com wrote on > Thu Apr 6 17:03:44 CEST 2006 : > > >PGP generated keys are not any different than GPG generated keys > in > >this regard. Go ahead and use a ! if you like. > > yes, > but currently only from the command line > > what i was asking for, > is a 'option' equivalent to '!' > to put into gpg.conf so that gnupg front ends will recognize and > use only the primary key for signing, and not the subkey > (which is still used for encryption) > > i.e. > !-signing-key keyid default-key !keyid David From vedaal at hush.com Thu Apr 6 19:05:59 2006 From: vedaal at hush.com (vedaal@hush.com) Date: Thu Apr 6 19:05:10 2006 Subject: 1.4.3 // proper syntax for --edit-key cross-certify ? Message-ID: <200604061705.k36H5xfZ031083@mailserver2.hushmail.com> David Shaw dshaw at jabberwocky.com wrote on Thu Apr 6 18:09:20 CEST 2006: > default-key !keyid doesn't work, ;-(( (does it need any additional input? ) here is the command line output (using cygwin): first, with the existing option of default-key 0x5AA20C866A589A97 $ gpg --clearsign c:/r/1234.txt gpg: using subkey 04ADEE20 instead of primary key 6A589A97 You need a passphrase to unlock the secret key for user: "vedaal nistar (preferred e-mail address) " gpg: using subkey 04ADEE20 instead of primary key 6A589A97 4096-bit RSA key, ID 04ADEE20, created 2001-04-26 (main key ID 6A589A97) Enter passphrase: now with the option of default-key !0x5AA20C866A589A97 $ gpg --clearsign c:/r/1234.txt gpg: no default secret key: secret key not available gpg: c:/r/1234.txt: clearsign failed: secret key not available putting the ! in front of the keyid caused an inability to identify the key, rather than parsing the '!' as an option for the default keyid of 0x5AA20C866A589A97 what did you to to get it to work on your system? (i didn't try it with the short [8 character keyid] in gpg.conf ) vedaal Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 From vedaal at hush.com Thu Apr 6 20:27:26 2006 From: vedaal at hush.com (vedaal@hush.com) Date: Thu Apr 6 20:26:43 2006 Subject: 1.4.3 // proper syntax for --edit-key cross-certify ? // success ; -) Message-ID: <200604061827.k36IRQD2040669@mailserver2.hushmail.com> >> default-key !keyid >doesn't work, ;-(( but what *does* work, is: default-key keyid! here is the gpg output with the option of default-key 0x5AA20C866A589A97! $ gpg --clearsign c:/r/1234.txt You need a passphrase to unlock the secret key for user: "vedaal nistar (preferred e-mail address) " 4096-bit RSA key, ID 6A589A97, created 2001-04-26 gpg: writing to `c:/r/1234.txt.asc' gpg: RSA/SHA256 signature from: "6A589A97 vedaal nistar (preferred e-mail address) " Thanks! (and maybe add it to the man.page) vedaal Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 From lusfert at gmail.com Thu Apr 6 23:31:40 2006 From: lusfert at gmail.com (lusfert) Date: Thu Apr 6 23:31:05 2006 Subject: Date and time format Message-ID: <443588BC.3080706@gmail.com> Hi. Is it possible to change date format in GPG output? When I see D:\>gpg --verify gnupg-w32cli-1.4.3.exe.sig gpg: Signature made 04/03/06 14:42:33 gpg: using RSA key 0x1CE0C630 gpg: Good signature from "Werner Koch (dist sig) " I don't understand what date does GPG mean: ? 4 March 2006? ? 3 April 2006? ? 6 March 2004? When you see date 04/03/06 it's hard to guess what date format is used: dd/mm/yy, mm/dd/yy, yy/mm/dd or even yy/dd/mm. By default I think it's 4 March 2006 because date format dd.mm.yy (dd.mm.yyyy) is used in my country. Also GPG displays time (14:42:33) in such way when it's hard to guess is it local or UTC. Maybe it'll be better to see something like this: D:\>gpg --verify gnupg-w32cli-1.4.3.exe.sig gpg: Signature made 4-Apr-2006 14:42:33 (local - Russian Daylight Time) gpg: using RSA key 0x1CE0C630 gpg: Good signature from "Werner Koch (dist sig) " or D:\>gpg --verify gnupg-w32cli-1.4.3.exe.sig gpg: Signature made 04-Apr-2006 10:42:33 UTC gpg: using RSA key 0x1CE0C630 gpg: Good signature from "Werner Koch (dist sig) " or (maybe the best way) D:\>gpg --verify gnupg-w32cli-1.4.3.exe.sig gpg: Signature made 04 April 2006 14:42:33 (local - Russian Daylight Time) gpg: using RSA key 0x1CE0C630 gpg: Good signature from "Werner Koch (dist sig) " Suggestions are welcome. P.S. When I see output of PGPdump ( http://www.pgpdump.net/ ) it's much more easier to understand what date and time are shown and what time zone is used. -- Regards OpenPGP Key ID: 0x9E353B56500B8987 Encrypted e-mail preferred. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 163 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060407/1edf15d3/signature.pgp From dshaw at jabberwocky.com Thu Apr 6 23:43:05 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Thu Apr 6 23:42:25 2006 Subject: Date and time format In-Reply-To: <443588BC.3080706@gmail.com> References: <443588BC.3080706@gmail.com> Message-ID: <20060406214305.GA24502@jabberwocky.com> On Fri, Apr 07, 2006 at 01:31:40AM +0400, lusfert wrote: > Hi. > > Is it possible to change date format in GPG output? GPG uses whatever the OS specifies as the date format. It is not something that is changeable by GPG - you need to set the date format in your OS. David From lusfert at gmail.com Fri Apr 7 00:01:57 2006 From: lusfert at gmail.com (lusfert) Date: Fri Apr 7 00:01:12 2006 Subject: Date and time format In-Reply-To: <20060406214305.GA24502@jabberwocky.com> References: <443588BC.3080706@gmail.com> <20060406214305.GA24502@jabberwocky.com> Message-ID: <44358FD5.3020302@gmail.com> David Shaw wrote on 07.04.2006 1:43: > On Fri, Apr 07, 2006 at 01:31:40AM +0400, lusfert wrote: >> Hi. >> >> Is it possible to change date format in GPG output? > > GPG uses whatever the OS specifies as the date format. It is not > something that is changeable by GPG - you need to set the date format > in your OS. > In my OS (Windows XP Pro SP2 + all updates) date format is set as dd.mm.yyyy : http://i10.photobucket.com/albums/a142/someuser00/winxp_date_format.png (12 KB) Translation*: ?????? = April ??????? = Friday *Note that I use Russian language for date, time and other formats, but English version of Windows XP. However, GPG uses mm/dd/yy format... P.S. As you see can at the top of this message, my Thunderbird uses right date format (specified by OS): 07.04.2006 - dd.mm.yyyy -- Regards OpenPGP Key ID: 0x9E353B56500B8987 Encrypted e-mail preferred. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 163 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060407/4cec46b1/signature.pgp From dshaw at jabberwocky.com Fri Apr 7 00:23:51 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Fri Apr 7 00:23:04 2006 Subject: Date and time format In-Reply-To: <44358FD5.3020302@gmail.com> References: <443588BC.3080706@gmail.com> <20060406214305.GA24502@jabberwocky.com> <44358FD5.3020302@gmail.com> Message-ID: <20060406222351.GC24502@jabberwocky.com> On Fri, Apr 07, 2006 at 02:01:57AM +0400, lusfert wrote: > David Shaw wrote on 07.04.2006 1:43: > > On Fri, Apr 07, 2006 at 01:31:40AM +0400, lusfert wrote: > >> Hi. > >> > >> Is it possible to change date format in GPG output? > > > > GPG uses whatever the OS specifies as the date format. It is not > > something that is changeable by GPG - you need to set the date format > > in your OS. > > > > In my OS (Windows XP Pro SP2 + all updates) date format is set as > dd.mm.yyyy : > http://i10.photobucket.com/albums/a142/someuser00/winxp_date_format.png > (12 KB) OS setting via LC_TIME, according to Microsoft, though I have no idea how to set it on win32. David From johnmoore3rd at joimail.com Fri Apr 7 00:37:08 2006 From: johnmoore3rd at joimail.com (John W. Moore III) Date: Fri Apr 7 00:36:35 2006 Subject: Date and time format In-Reply-To: <20060406222351.GC24502@jabberwocky.com> References: <443588BC.3080706@gmail.com> <20060406214305.GA24502@jabberwocky.com> <44358FD5.3020302@gmail.com> <20060406222351.GC24502@jabberwocky.com> Message-ID: <44359814.3020806@joimail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 David Shaw wrote: > OS setting via LC_TIME, according to Microsoft, though I have no idea > how to set it on win32. Right Click on the Clock, Select Setting Time/Date. JOHN ;) Timestamp: Thursday 06 Apr 2006, 18:36 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4-4094cvs: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org Comment: Homepage: http://tinyurl.com/9ubue Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJENZgRAAoJEBCGy9eAtCsPdQkH/1mu1LcrO8ed2ICdjqklBFrt QHRXrNk8LqdH/m3VqpxQ/EQ5ZQwhEz7zVOhPS0p3QEDr4/6QSHn4x42nEkYt9Luv UL0Lmop2apr0DXMxuRrHbWNMzp/LL1IEaQ979QP/aAk/B05I0E4rpTIEDZBjeEwY MtA2U4bDFf8mANBpl/Wv00aAH1vEp8nNyruH7/bwv09ApuIVGe8wajyZIvVywNFL MteXTCFXidL7Z9gDchukunp1WXdCeaN7Pj54F8EDayudkM6+ZyXxGlcEse10vJd/ fLV7fe0RisR+ji2Ii0dqy7SHtYwEK7MOF0vysuZe77sla97A2htAlgsehQ/I1t0= =9m1c -----END PGP SIGNATURE----- From jkaye at celerasystems.com Thu Apr 6 23:57:01 2006 From: jkaye at celerasystems.com (jkaye) Date: Fri Apr 7 01:26:14 2006 Subject: Automated processes In-Reply-To: <443588BC.3080706@gmail.com> Message-ID: <053b01c659c5$0b87b3f0$4ac811ac@celerasystems.com> Hi all, I'm new to GnuPG, and have been getting some help from a kind soul. I seem to have all the knowledge that I need with one single, but important, exception. When I decrypt, it asks for my passphrase. No problem there except for the fact that I want to have an automated script on a unix server perform the decryption of this file. Of course, if it needs a passphrase, it's going to hang and I can't have that. I know that for PGP, there's an environment setting that can be used to prevent this. Is there a similar thing for GnuPG, or do I have to jump through some hoops? Thanks, - Jack From johnmoore3rd at joimail.com Fri Apr 7 01:42:41 2006 From: johnmoore3rd at joimail.com (John W. Moore III) Date: Fri Apr 7 01:42:19 2006 Subject: Automated processes In-Reply-To: <053b01c659c5$0b87b3f0$4ac811ac@celerasystems.com> References: <053b01c659c5$0b87b3f0$4ac811ac@celerasystems.com> Message-ID: <4435A771.5020004@joimail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 jkaye wrote: > I know that for PGP, there's an environment setting that > can be used to prevent this. Is there a similar thing for > GnuPG, or do I have to jump through some hoops? Hmm.....Let me see if I've understood you. You desire to use GPG for security 'Point to Point' then swap security for convenience on your end? My suggestion would be to either switch to Thunderbird w/Enigmail as your MUA. You can set Enigmail to 'remember' your passphrase for a specified length of time or until you Close the program. JOHN ;) Timestamp: Thursday 06 Apr 2006, 19:42 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4-4094cvs: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org Comment: Homepage: http://tinyurl.com/9ubue Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJENadvAAoJEBCGy9eAtCsPcecIAKLnkCbOlXQR7sWASIE0oaD7 8Kf7rMw+Me2CSNujNCG6hqPOr4Uh9fhrfAtSVnqoSuq9t96SR5XRpfm7b46K+P3j 1wLoYlwvEhpflhQaMe4x9awWEZDL4LUWswFU2Q9R/h3eDGyxAbXK1CR5vJ22XewJ 25aUAlvYyndcN9G9LPDM6ypOgjKE/+/WAZ06Jegqh9oFQc7tENR0NwfQvi192411 prOXFa3y8A46gswtffdK16FPDJiGiSmFgO+iq+tgWGYkMndH9mtHkY/r2vgBHoPZ xB/j9IWw33baG5Qe+XqZl8hkr5C8AVKZE+1KJjmx0lFM/SBSboYChDgPrJadAnA= =++kk -----END PGP SIGNATURE----- From blueness at gmx.net Fri Apr 7 02:24:26 2006 From: blueness at gmx.net (Mica Mijatovic) Date: Fri Apr 7 04:56:09 2006 Subject: Date and time format In-Reply-To: <443588BC.3080706@gmail.com> References: <443588BC.3080706@gmail.com> Message-ID: <140763697.20060407022426@gmx.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Was Fri, 07 Apr 2006, at 01:31:40 +0400, when lusfert wrote: > Is it possible to change date format in GPG output? I tried this to figure out many times but couldn't. I also expected that GPG will take over the local User's setting of the OS, as most programs do, but not, it doesn't. I don't know reasons. It would be very good and practical addition/correction making easier lots of administrative work. A time given in a logical format "yyyy-mm-dd hh:mm:ss [TZone]" (with the TZ expressed just numerically, as "[+0500]" and similar) would be perfect.[1] ______________________ [1] The Time Zone expressed by abbreviations are a puzzle for many non American people, but for some Americans as well. - -- Mica PGP keys nestled at: http://blueness.port5.com/pgpkeys/ ~~~ For personal mail please use my address as it is *exactly* given in my "From|Reply To" field(s). ~~~ Respect thine opponent, else shall the earth rise up and smite thee on the back. -----BEGIN PGP SIGNATURE----- iQEVAwUBRDWxOLSpHvHEUtv8AQj7Bwf/fyUfMHVYVGgLGduWqM6sMNRcmatir1Y9 plMDcQCvj7cjJ1nXNl5KtktXx/TGJA+n0ykzChX1Oy60JzLgsn0ImyKTl7bHpS4G 592WIgjR0IXCrwAp/Cbs6Jg1zR+qgWumZoWeLDprtFfw2IIwkAetaIG1cWbC/nhh iG9xa+qbvrYI4J9WI1+TbKyrCtEFVJdztpBxwK6601l34xd0vFo6hSt5mV+1+/EV ItHFl3aflo4YbfyDTcJLZ18jA7EeUFvSoYew/Uch4XIrANk17jMxtNEB2u2RrMFq Ctz5e3sKz251nUzgVUYrNi1a8yAzMjYSzYpELkshZhDm8mSVZput4Q== =0BDv -----END PGP SIGNATURE----- From gnupg at raphael.poss.name Fri Apr 7 09:56:58 2006 From: gnupg at raphael.poss.name (=?ISO-8859-1?Q?Rapha=EBl_Poss?=) Date: Fri Apr 7 09:56:33 2006 Subject: Automated processes In-Reply-To: <053b01c659c5$0b87b3f0$4ac811ac@celerasystems.com> References: <053b01c659c5$0b87b3f0$4ac811ac@celerasystems.com> Message-ID: <44361B4A.8040107@raphael.poss.name> jkaye wrote: > Hi all, > > I'm new to GnuPG, and have been getting some help > from a kind soul. I seem to have all the knowledge > that I need with one single, but important, exception. > > When I decrypt, it asks for my passphrase. No problem > there except for the fact that I want to have an automated > script on a unix server perform the decryption of this file. > Of course, if it needs a passphrase, it's going to hang > and I can't have that. > > I know that for PGP, there's an environment setting that > can be used to prevent this. Is there a similar thing for > GnuPG, or do I have to jump through some hoops? You can: - use gpg-agent, or - echo passphrase | gpg --batch --passphrase-fd 0 Of course the latter provides little to no security. Regards, -- Rapha?l -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 190 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060407/9ad1eba0/signature.pgp From lusfert at gmail.com Fri Apr 7 11:55:47 2006 From: lusfert at gmail.com (lusfert) Date: Fri Apr 7 11:55:13 2006 Subject: Date and time format In-Reply-To: <44359814.3020806@joimail.com> References: <443588BC.3080706@gmail.com> <20060406214305.GA24502@jabberwocky.com> <44358FD5.3020302@gmail.com> <20060406222351.GC24502@jabberwocky.com> <44359814.3020806@joimail.com> Message-ID: <44363723.7080700@gmail.com> John W. Moore III wrote on 07.04.2006 2:37: > David Shaw wrote: > >>> OS setting via LC_TIME, according to Microsoft, though I have no idea >>> how to set it on win32. > > Right Click on the Clock, Select Setting Time/Date. > http://i10.photobucket.com/albums/a142/someuser00/right_click_on_clock.png Where is "Setting Time/Date"? Then I clicked Adjust Date/Time: http://i10.photobucket.com/albums/a142/someuser00/date_and_time_settings.png Where can I set date format (via LC_TIME)? -- Regards OpenPGP Key ID: 0x9E353B56500B8987 Encrypted e-mail preferred. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 163 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060407/39a9316a/signature.pgp From JPClizbe at comcast.net Fri Apr 7 13:13:53 2006 From: JPClizbe at comcast.net (John Clizbe) Date: Fri Apr 7 13:19:33 2006 Subject: Date and time format In-Reply-To: <44363723.7080700@gmail.com> References: <443588BC.3080706@gmail.com> <20060406214305.GA24502@jabberwocky.com> <44358FD5.3020302@gmail.com> <20060406222351.GC24502@jabberwocky.com> <44359814.3020806@joimail.com> <44363723.7080700@gmail.com> Message-ID: <44364971.5070503@comcast.net> lusfert wrote: > John W. Moore III wrote on 07.04.2006 2:37: >> David Shaw wrote: >> >>>> OS setting via LC_TIME, according to Microsoft, though I have no idea >>>> how to set it on win32. > > Where can I set date format (via LC_TIME)? Via LC_TIME? I suppose you could specify an environment variable. The native Windows way is: Control Panel --> Regional and Language Options. Select the language you wish to use, then click 'Customize'. On the Date tab you may specify short and long date format strings; eg, 'yyyy-MM-dd' and 'dddd, MMMM dd, yyyy'. -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Be who you are and say what you feel because those who mind don't matter and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 638 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060407/3302e51a/signature-0001.pgp From ivalladolidt at terra.es Fri Apr 7 10:38:47 2006 From: ivalladolidt at terra.es (Ismael Valladolid Torres) Date: Fri Apr 7 13:26:15 2006 Subject: Cygwin and 1.9 branch Message-ID: <20060407083847.GG1632@localhost.localdomain> Anybody compiled succesfully current 1.9 CVS branch using Cygwin on Windows? I'd give it a try but I'd like to know before if I'm bound to try something imposible given the current status of the source, or if somebody knows it's perfectly posible. I'm sure that using Cygwin I won't be able to get smartcard support and I guess I can live with that unless also somebody tells me that smartcard support is the only reason for trying 1.9 branch. Any comments welcome. Cordially, Ismael -- Need medicine? All here! http://lamediahostia.blogspot.com/ http://www.flickr.com/photos/ivalladt/ From wk at gnupg.org Fri Apr 7 13:56:17 2006 From: wk at gnupg.org (Werner Koch) Date: Fri Apr 7 14:13:10 2006 Subject: [Announce] Gpg4win 1.0.0 released Message-ID: <8764lld2fy.fsf@wheatstone.g10code.de> Skipped content of type multipart/signed-------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From johnmoore3rd at joimail.com Fri Apr 7 14:32:31 2006 From: johnmoore3rd at joimail.com (John W. Moore III) Date: Fri Apr 7 14:31:56 2006 Subject: Automated processes In-Reply-To: <44361B4A.8040107@raphael.poss.name> References: <053b01c659c5$0b87b3f0$4ac811ac@celerasystems.com> <44361B4A.8040107@raphael.poss.name> Message-ID: <44365BDF.3010100@joimail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Rapha?l Poss wrote: > You can: > > - use gpg-agent, or > > - echo passphrase | gpg --batch --passphrase-fd 0 > > Of course the latter provides little to no security. There is another option. Since you are using Outlook (presumably for Corporate compliance) you should consider GPGrelay. This would allow you automatic decryption & even the ability to store decrypted email for later searching. (again, not very secure) JOHN ;) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4-4094cvs: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org Comment: Homepage: http://tinyurl.com/9ubue Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJENlveAAoJEBCGy9eAtCsPnKEH/0AhTzEWVfbn0W4+8ZAP+h0I 13uiU1g9Nvz3vRMWUag/bY8wOSKxNRG2K/MqgV36jUzWTUm7BnIiKY6EvJWpARGr 09/TB0ocV/uB2gdOJK834ehZohp6KgTIMTWzwNqoCCqpC/Yv9ammYhxCTn4xtrwZ yrq/9oCqA3quf4vQtx1nDX41d0PAt+tHBeCuroYinfoQzuITsi1/+zX6yG/hiRpB sjblX4rIz2+irEAsbLmpb0Lsc+rWKjhQdDRgS6q5pQjHHpUrWKZ+YVLxlqZ0cl76 onm0QKXv6zjq6IuceRwjtoX8Pp8rBc0ZjxU+JP/hEMSfA/AywG1hJKPiAvWguZQ= =qAAr -----END PGP SIGNATURE----- From peter at palfrader.org Fri Apr 7 15:40:43 2006 From: peter at palfrader.org (Peter Palfrader) Date: Fri Apr 7 15:39:57 2006 Subject: fetching DE415B0E from sks ([don't know]: invalid packet (ctb=2d)) Message-ID: <20060407134043.GA6562@asteria.noreply.org> Hi, running 1.4.4-cvs, when I try to download DE415B0E I get the following error: | weasel@asteria:~$ gpg --keyserver random.sks.penguin.de --recv 94c09c7f DE415B0E | gpg: requesting key DE415B0E from hkp server random.sks.penguin.de | gpg: requesting key 94C09C7F from hkp server random.sks.penguin.de | gpg: key DE415B0E: public key "Susumu OSAWA " imported | gpg: [don't know]: invalid packet (ctb=2d) | gpg: read_block: read error: invalid packet | gpg: Total number processed: 1 | gpg: imported: 1 While it imports the key in question, it breaks the current download action, not fetching additional keys given on the command line. It also aborting any --refresh-keys in mid-action. Peter -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred. | : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `- http://www.debian.org/ From john.m.church at lmco.com Fri Apr 7 16:16:15 2006 From: john.m.church at lmco.com (John M Church) Date: Fri Apr 7 16:15:31 2006 Subject: Automated processes In-Reply-To: <4435A771.5020004@joimail.com> References: <053b01c659c5$0b87b3f0$4ac811ac@celerasystems.com> <4435A771.5020004@joimail.com> Message-ID: <4436742F.5020309@lmco.com> I think it's simplistic to just brush-off this request as a user who wants convenience. There are very valid reasons for automated decryption. I'm working a similar project (and have my own issue - see "Automated Decryption via Script Running Setuid" written 4/5/06). Seems to me if you protect your script and you are behind a firewall you're not 'trading security for convenience'. You can even encrypt the passphrase in your script if you're afraid someone with sudo or root priveldges could open your script. John_inDenver John W. Moore III wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA256 > >jkaye wrote: > > > >>I know that for PGP, there's an environment setting that >>can be used to prevent this. Is there a similar thing for >>GnuPG, or do I have to jump through some hoops? >> >> > >Hmm.....Let me see if I've understood you. You desire to use GPG for >security 'Point to Point' then swap security for convenience on your end? > >My suggestion would be to either switch to Thunderbird w/Enigmail as >your MUA. You can set Enigmail to 'remember' your passphrase for a >specified length of time or until you Close the program. > >JOHN ;) >Timestamp: Thursday 06 Apr 2006, 19:42 --400 (Eastern Daylight Time) >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.4.4-4094cvs: (MingW32) >Comment: Public Key at: http://tinyurl.com/8cpho >Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org >Comment: Homepage: http://tinyurl.com/9ubue >Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > >iQEcBAEBCAAGBQJENadvAAoJEBCGy9eAtCsPcecIAKLnkCbOlXQR7sWASIE0oaD7 >8Kf7rMw+Me2CSNujNCG6hqPOr4Uh9fhrfAtSVnqoSuq9t96SR5XRpfm7b46K+P3j >1wLoYlwvEhpflhQaMe4x9awWEZDL4LUWswFU2Q9R/h3eDGyxAbXK1CR5vJ22XewJ >25aUAlvYyndcN9G9LPDM6ypOgjKE/+/WAZ06Jegqh9oFQc7tENR0NwfQvi192411 >prOXFa3y8A46gswtffdK16FPDJiGiSmFgO+iq+tgWGYkMndH9mtHkY/r2vgBHoPZ >xB/j9IWw33baG5Qe+XqZl8hkr5C8AVKZE+1KJjmx0lFM/SBSboYChDgPrJadAnA= >=++kk >-----END PGP SIGNATURE----- > >_______________________________________________ >Gnupg-users mailing list >Gnupg-users@gnupg.org >http://lists.gnupg.org/mailman/listinfo/gnupg-users > > > From dshaw at jabberwocky.com Fri Apr 7 17:30:55 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Fri Apr 7 17:30:14 2006 Subject: fetching DE415B0E from sks ([don't know]: invalid packet (ctb=2d)) In-Reply-To: <20060407134043.GA6562@asteria.noreply.org> References: <20060407134043.GA6562@asteria.noreply.org> Message-ID: <20060407153055.GA26717@jabberwocky.com> On Fri, Apr 07, 2006 at 03:40:43PM +0200, Peter Palfrader wrote: > Hi, > > running 1.4.4-cvs, when I try to download DE415B0E I get the following > error: > > | weasel@asteria:~$ gpg --keyserver random.sks.penguin.de --recv 94c09c7f DE415B0E > | gpg: requesting key DE415B0E from hkp server random.sks.penguin.de > | gpg: requesting key 94C09C7F from hkp server random.sks.penguin.de > | gpg: key DE415B0E: public key "Susumu OSAWA " imported > | gpg: [don't know]: invalid packet (ctb=2d) > | gpg: read_block: read error: invalid packet > | gpg: Total number processed: 1 > | gpg: imported: 1 > > While it imports the key in question, it breaks the current download > action, not fetching additional keys given on the command line. This is a feature, believe it or not. During an import (and a keyserver --recv-keys or --refresh-keys is really just an import), GPG reads packets off the input stream. Once any of those packets prove invalid (a packet starting with 2D is invalid), there is no way to know where it is in the stream - how many bytes should it jump ahead to get back on the track. David From lusfert at gmail.com Fri Apr 7 17:46:07 2006 From: lusfert at gmail.com (lusfert) Date: Fri Apr 7 17:45:21 2006 Subject: Date and time format In-Reply-To: <44364971.5070503@comcast.net> References: <443588BC.3080706@gmail.com> <20060406214305.GA24502@jabberwocky.com> <44358FD5.3020302@gmail.com> <20060406222351.GC24502@jabberwocky.com> <44359814.3020806@joimail.com> <44363723.7080700@gmail.com> <44364971.5070503@comcast.net> Message-ID: <4436893F.4060906@gmail.com> John Clizbe wrote on 07.04.2006 15:13: > lusfert wrote: >> John W. Moore III wrote on 07.04.2006 2:37: >>> David Shaw wrote: >>> >>>>> OS setting via LC_TIME, according to Microsoft, though I have no idea >>>>> how to set it on win32. >> Where can I set date format (via LC_TIME)? > > Via LC_TIME? I suppose you could specify an environment variable. > > The native Windows way is: > > Control Panel --> Regional and Language Options. Select the language you wish to > use, then click 'Customize'. On the Date tab you may specify short and long date > format strings; eg, 'yyyy-MM-dd' and 'dddd, MMMM dd, yyyy'. > I have already done that. See http://lists.gnupg.org/pipermail/gnupg-users/2006-April/028353.html GnuPG still uses mm/dd/yy date format: http://i10.photobucket.com/albums/a142/someuser00/gnupg_and_pgpdump_date_format.png As you can see PGPdump output date format is much better. Enigmail uses right format, specified in Windows XP system settings: http://i10.photobucket.com/albums/a142/someuser00/enigmail_date_format.png 07.04.2006 15:14 - dd.mm.yyyy H:mm (24 hour) -- Regards OpenPGP Key ID: 0x9E353B56500B8987 Encrypted e-mail preferred. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 163 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060407/4551315d/signature.pgp From walter.haidinger at gmx.at Fri Apr 7 17:52:12 2006 From: walter.haidinger at gmx.at (Walter Haidinger) Date: Fri Apr 7 17:51:56 2006 Subject: Howto setup an OpenLDAP PGP keyserver In-Reply-To: <5953.192.168.77.250.1140710468.squirrel@haidinger.dyndns.org> References: <5953.192.168.77.250.1140710468.squirrel@haidinger.dyndns.org> Message-ID: On Thu, 23 Feb 2006, Walter Haidinger wrote: > Attached is tarball with the files for OpenLDAP configuration, > to which will be refered to below. I hope this doesn't violate > the rules of this list but the attachment is very small anyways. I've uploaded the tarball to my webspace too: http://members.kstp.at/wh/pgp/openldap_pgp_keyserver.tar.gz Regards, Walter -- Walter Haidinger PGP public key: http://haidinger.webhop.org/pgp/5802B67C.asc From gnupg-users=gnupg.org at lists.palfrader.org Fri Apr 7 17:53:43 2006 From: gnupg-users=gnupg.org at lists.palfrader.org (Peter Palfrader) Date: Fri Apr 7 17:52:50 2006 Subject: fetching DE415B0E from sks ([don't know]: invalid packet (ctb=2d)) In-Reply-To: <20060407153055.GA26717@jabberwocky.com> References: <20060407134043.GA6562@asteria.noreply.org> <20060407153055.GA26717@jabberwocky.com> Message-ID: <20060407155343.GC6562@asteria.noreply.org> On Fri, 07 Apr 2006, David Shaw wrote: > On Fri, Apr 07, 2006 at 03:40:43PM +0200, Peter Palfrader wrote: > > Hi, > > > > running 1.4.4-cvs, when I try to download DE415B0E I get the following > > error: > > > > | weasel@asteria:~$ gpg --keyserver random.sks.penguin.de --recv 94c09c7f DE415B0E > > | gpg: requesting key DE415B0E from hkp server random.sks.penguin.de > > | gpg: requesting key 94C09C7F from hkp server random.sks.penguin.de > > | gpg: key DE415B0E: public key "Susumu OSAWA " imported > > | gpg: [don't know]: invalid packet (ctb=2d) > > | gpg: read_block: read error: invalid packet > > | gpg: Total number processed: 1 > > | gpg: imported: 1 > > > > While it imports the key in question, it breaks the current download > > action, not fetching additional keys given on the command line. > > This is a feature, believe it or not. During an import (and a > keyserver --recv-keys or --refresh-keys is really just an import), GPG > reads packets off the input stream. Once any of those packets prove > invalid (a packet starting with 2D is invalid), there is no way to > know where it is in the stream - how many bytes should it jump ahead > to get back on the track. I don't believe it's a feature - yet :) I think a --refresh should always try to refresh all keys. As it is in this case - with a key with "evil" packets on the keyserver - I'm stuck in a situation where "gpg --refresh-keys" only updates half of my keyring. I can see a point in aborting in the case of gpg --recv, but it's confusing that it starts fetching keys starting with the last. Maybe that could be turned around. Cheers, Peter -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred. | : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `- http://www.debian.org/ From blueness at gmx.net Fri Apr 7 15:14:55 2006 From: blueness at gmx.net (Mica Mijatovic) Date: Fri Apr 7 18:35:30 2006 Subject: Date and time format In-Reply-To: <44363723.7080700@gmail.com> References: <443588BC.3080706@gmail.com> <20060406214305.GA24502@jabberwocky.com> <44358FD5.3020302@gmail.com> <20060406222351.GC24502@jabberwocky.com> <44359814.3020806@joimail.com> <44363723.7080700@gmail.com> Message-ID: <719062512.20060407151455@gmx.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: TIGER192 Was Fri, 07 Apr 2006, at 13:55:47 +0400, when lusfert wrote: > John W. Moore III wrote on 07.04.2006 2:37: >> David Shaw wrote: >> >>>> OS setting via LC_TIME, according to Microsoft, though I have no idea >>>> how to set it on win32. >> >> Right Click on the Clock, Select Setting Time/Date. >> > http://i10.photobucket.com/albums/a142/someuser00/right_click_on_clock.png > Where is "Setting Time/Date"? > Then I clicked Adjust Date/Time: > http://i10.photobucket.com/albums/a142/someuser00/date_and_time_settings.png > Where can I set date format (via LC_TIME)? Since you use XP, then... Control Panel | Regional and Language Options | Regional Options | Customize... | Time. The next tab is for the Date format. Clicking on the Clock (squatting in the tray) makes you able just to "wind up" the clock and to set the Time Zone. *** These settings are automatically accepted then by the "command line" environment in XP as well, and thus should be accepted by all programs working in this/such environment. *** In Windows 98 SE for instance, the time/date format in DOS is set in a different way(s). One of them is to define a permanent environment variable via Config.sys file where you enter the "country code", which defines time/date format. It looks like this... country=038,,c:\Windows\command\country.sys ...and this one gives format like this... yyyy-mm-dd HH:mm:ss ...where the capitalized "HH" gives 24 hours time format while the lower case "hh" gives 12 hour AM/PM format. *** Now, some previous versions of GnuPG are, with the US time format, displaying verbosely (the local) Time Zone as well, which is a bit better anyway, whilst the newer 1.4x versions are displaying only the US format giving no data about Time Zone. For instance, in version 1.2.3-nr1 it displays this... gpg: Signature made 04/07/06 11:55:58 Central Europe Daylight Time using DSA key ID 500B8987 ...whilst in versions 1.4x it is like this... gpg: Signature made 04/07/06 11:55:58 using DSA key ID 500B8987. *** The inconsistency in the, for instance, US date format (although it can be found in some other countries as well), might be elegantly corrected by using the so called "universal" or "astronomical" (or "military") date/time format which makes such sort of orientation much clearer, faster and better. It gives consistent values going from the higher to lower ones, that is yy|yy, mm, dd, HH, mm, ss (century|year, month, day, 24hour information, minute, second), which makes it excellent for computing/administration (and with minimum data; no PM, AM and similar). I don't know how to solve this in GnuPG, or in some programs/parts of the very OS. Notepad itself in XP for instance gives anyway a messed format (via F5) displaying firstly time and then date... 14:38 06-04-07 ...which makes it useless for the ".LOG" function, whilst EDXOR (and some other programs like KeyNote, Treepad Lite etc.) gives it exactly as it is set on the OS level... 06-04-07 14:38:44 ...which shows that such a response of a program to the OS is possible. I am not sure for EDXOR and Treepad Lite, but KeyNote is of open source so analyzing the related parts of the code maybe might help. - -- Mica PGP keys nestled at: http://blueness.port5.com/pgpkeys/ ~~~ For personal mail please use my address as it is *exactly* given in my "From|Reply To" field(s). ~~~ Don't put a cat on your head, it hurts real bad! -----BEGIN PGP SIGNATURE----- iQEVAwUBRDZlzrSpHvHEUtv8AQbCwAf9HDdnOMJv5NJYVqnSR2yjtgqtmaIDdGFj Cd5iQOdtWLUJ6wEip4Ed2R2bCLgGrSbFeHfhKGQzi7udozFUiQdt8WQE9F8camsF wWfcev46QXKk9IeDDnFKbqSQc73vKawuNrM/W0fiNDvu4h1vn2XhRpqE7dYn92Qj mUBRw6KnljAjD7ul345Mh73OUU0CjVdCdAZNSn1yb792kvsNAXeBPR92CmlQvZop DIf2gj+kBaksoHNsFX7PDwYeJSaVuoUTBmae+28uz2DdcoXsmIst6oQLFt3Ovuqi DuahR0mKQOH9glyQ8RhcFFT98L05Bb1NNiK4s8tktqU6YSC2Pk0qEw== =9RV4 -----END PGP SIGNATURE----- From john.m.church at lmco.com Fri Apr 7 18:39:10 2006 From: john.m.church at lmco.com (John M Church) Date: Fri Apr 7 18:38:22 2006 Subject: Automated processes In-Reply-To: <5B3792870442C04CA7CBD4D7C7D9812701F20A6D@exchange.iconnicholson.com> References: <5B3792870442C04CA7CBD4D7C7D9812701F20A6D@exchange.iconnicholson.com> Message-ID: <443695AE.3080403@lmco.com> I wasn't thinking of encrypting the passphrase with gpg. I have on occasion embedded a password in a perl script and then encyrpted that portion of the script via Perl module Filter::CBC. The script upon execution decrypts on-the-fly w/o the need for a passphrase. A user can never decrypt it though so you have to keep a nonencrypted backup of your script (w/o the password of course). John_inDenver Benjamin Mord wrote: >(Don't encrypt the passphrase - if you do, then you still need a >passphrase to decrypt the passphrase, etc... etc...) > >Asymmetric cryptography can be extremely handy for automated >encryption/decryption scenarios. For example, I sometimes have a >somewhat vulnerable general-purpose machine encrypt data using only a >public key, and write it somewhere shared. Then I'll have a tightly >secured single-purpose machine later read and decrypt that data for some >purpose. This is analogous to a one-way mail drop, where you trust the >mailman more than the general public. I use this technique in scenarios >where although both machines are somewhat trusted, one is machine is >more trusted than the other. This way the machine that does the >encryption has no knowledge of how to decrypt, so that if compromised, >only the data that it processes from point of compromise going forward >is in any kind of danger. (At this point you've reduced the security >problem to one of monitoring or periodic cleaning, e.g. periodic reboots >while running off read-only media.) The second machine is entrusted with >knowledge of how to decrypt, but in exchange it is tightly secured and >specialized for a single task. > >Ben > >-----Original Message----- >From: gnupg-users-bounces@gnupg.org >[mailto:gnupg-users-bounces@gnupg.org] On Behalf Of John M Church >Sent: Friday, April 07, 2006 10:16 AM >To: johnmoore3rd@joimail.com; GnuPG Users List >Subject: Re: Automated processes > >I think it's simplistic to just brush-off this request as a user who >wants convenience. There are very valid reasons for automated >decryption. I'm working a similar project (and have my own issue - see >"Automated Decryption via Script Running Setuid" written 4/5/06). Seems > >to me if you protect your script and you are behind a firewall you're >not 'trading security for convenience'. You can even encrypt the >passphrase in your script if you're afraid someone with sudo or root >priveldges could open your script. > >John_inDenver > > > > > > > > > > > > > > >John W. Moore III wrote: > > > >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA256 >> >>jkaye wrote: >> >> >> >> >> >>>I know that for PGP, there's an environment setting that >>>can be used to prevent this. Is there a similar thing for >>>GnuPG, or do I have to jump through some hoops? >>> >>> >>> >>> >>Hmm.....Let me see if I've understood you. You desire to use GPG for >>security 'Point to Point' then swap security for convenience on your >> >> >end? > > >>My suggestion would be to either switch to Thunderbird w/Enigmail as >>your MUA. You can set Enigmail to 'remember' your passphrase for a >>specified length of time or until you Close the program. >> >>JOHN ;) >>Timestamp: Thursday 06 Apr 2006, 19:42 --400 (Eastern Daylight Time) >>-----BEGIN PGP SIGNATURE----- >>Version: GnuPG v1.4.4-4094cvs: (MingW32) >>Comment: Public Key at: http://tinyurl.com/8cpho >>Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org >>Comment: Homepage: http://tinyurl.com/9ubue >>Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org >> >>iQEcBAEBCAAGBQJENadvAAoJEBCGy9eAtCsPcecIAKLnkCbOlXQR7sWASIE0oaD7 >>8Kf7rMw+Me2CSNujNCG6hqPOr4Uh9fhrfAtSVnqoSuq9t96SR5XRpfm7b46K+P3j >>1wLoYlwvEhpflhQaMe4x9awWEZDL4LUWswFU2Q9R/h3eDGyxAbXK1CR5vJ22XewJ >>25aUAlvYyndcN9G9LPDM6ypOgjKE/+/WAZ06Jegqh9oFQc7tENR0NwfQvi192411 >>prOXFa3y8A46gswtffdK16FPDJiGiSmFgO+iq+tgWGYkMndH9mtHkY/r2vgBHoPZ >>xB/j9IWw33baG5Qe+XqZl8hkr5C8AVKZE+1KJjmx0lFM/SBSboYChDgPrJadAnA= >>=++kk >>-----END PGP SIGNATURE----- >> >>_______________________________________________ >>Gnupg-users mailing list >>Gnupg-users@gnupg.org >>http://lists.gnupg.org/mailman/listinfo/gnupg-users >> >> >> >> >> > >_______________________________________________ >Gnupg-users mailing list >Gnupg-users@gnupg.org >http://lists.gnupg.org/mailman/listinfo/gnupg-users > > > From john.m.church at lmco.com Fri Apr 7 21:56:05 2006 From: john.m.church at lmco.com (John M Church) Date: Fri Apr 7 21:55:22 2006 Subject: Automated processes In-Reply-To: <44369760.4070500@tiscali.it> References: <053b01c659c5$0b87b3f0$4ac811ac@celerasystems.com> <4435A771.5020004@joimail.com> <4436742F.5020309@lmco.com> <44369760.4070500@tiscali.it> Message-ID: <4436C3D5.3040908@lmco.com> Qed, Not sure if "mask the passphrase in a non-obvious way" does justice to encrypting it with a filter and strong algorithm - ref. . Were you thinking I was only hiding it in clear text? In any event, I agree with you - access to my script should be extremely limited both from a permissions standpoint and location (firewall). John_inDenver Qed wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: RIPEMD160 > >On 04/07/2006 04:16 PM, John M Church wrote: > > >>I think it's simplistic to just brush-off this request as a user who >>wants convenience. There are very valid reasons for automated >>decryption. I'm working a similar project (and have my own issue - see >>"Automated Decryption via Script Running Setuid" written 4/5/06). Seems >>to me if you protect your script and you are behind a firewall you're >>not 'trading security for convenience'. >>You can even encrypt the passphrase in your script if you're afraid >>someone with sudo or root priveldges could open your script. >> >> >??? >If you encrypt the passphrase in your script you still need a secure way >to provide the key to decrypt it, same problem as providing the passphrase. >Instead, if you meant "mask the passphrase in a non obvious way", >this solution offer no additional security, since that could be easily >reversed having access to the script. >- -- > > Q.E.D. > >ICQ UIN: 301825501 >OpenPGP key ID: 0x58D14EB3 >Key fingerprint: 00B9 3E17 630F F2A7 FF96 DA6B AEE0 EC27 58D1 4EB3 >Check fingerprints before trusting a key! > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.4.2.2 (GNU/Linux) > >iD8DBQFENpdgH+Dh0Dl5XacRAzugAJ4pW92ux9VYNp/wg8fYcWBdfcBVnACgib6v >euCOOtD4KGRXjSjPmf5h0f0= >=gVPv >-----END PGP SIGNATURE----- > > >_______________________________________________ >Gnupg-users mailing list >Gnupg-users@gnupg.org >http://lists.gnupg.org/mailman/listinfo/gnupg-users > > > From qed at tiscali.it Fri Apr 7 23:50:41 2006 From: qed at tiscali.it (Qed) Date: Fri Apr 7 23:51:11 2006 Subject: Automated processes In-Reply-To: <4436C3D5.3040908@lmco.com> References: <053b01c659c5$0b87b3f0$4ac811ac@celerasystems.com> <4435A771.5020004@joimail.com> <4436742F.5020309@lmco.com> <44369760.4070500@tiscali.it> <4436C3D5.3040908@lmco.com> Message-ID: <4436DEB1.8030800@tiscali.it> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 On 04/07/2006 09:56 PM, John M Church wrote: > Not sure if "mask the passphrase in a non-obvious way" does justice to > encrypting it with a filter and strong algorithm - ref. > . Were you > thinking I was only hiding it in clear text? Simply I don't know anything about this perl module, but where the key to decrypt the passphrase would be stored? If such a safe place exists why not using it directly for the gpg passphrase? - -- Q.E.D. ICQ UIN: 301825501 OpenPGP key ID: 0x58D14EB3 Key fingerprint: 00B9 3E17 630F F2A7 FF96 DA6B AEE0 EC27 58D1 4EB3 Check fingerprints before trusting a key! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFENt6xH+Dh0Dl5XacRA53ZAJ9cgwj5/gJGetJ7atqPWKLX/hfTBACfXIGi 1djGAaNrtAzKILj1YqrjU1c= =emRC -----END PGP SIGNATURE----- From john.m.church at lmco.com Sat Apr 8 01:29:13 2006 From: john.m.church at lmco.com (John M Church) Date: Sat Apr 8 01:28:23 2006 Subject: Automated processes In-Reply-To: <4436DEB1.8030800@tiscali.it> References: <053b01c659c5$0b87b3f0$4ac811ac@celerasystems.com> <4435A771.5020004@joimail.com> <4436742F.5020309@lmco.com> <44369760.4070500@tiscali.it> <4436C3D5.3040908@lmco.com> <4436DEB1.8030800@tiscali.it> Message-ID: <4436F5C9.3010009@lmco.com> Qed/Ryan et al, Yes you have to pass the filter a seed to run the encryption but I have to admit I don't know how it decrypts the code automagically. Ben Mord and I took this offline and he likened the resulting block to a fancy lock with the key in it b/c the seed I passed to start the encryption has to be available to Perl when it interprets my code. I suspect you would agree. Ben has a similar need for automated decryption as I do but does the decryption via a specialized computer dedicated to the task whose access and config is tightly controlled - see his response. Do either of you guys do automated decryption? This doesn't seem to be addressed in the FAQ - just automated signing. I'm open to suggestions. btw - am I screwing up my responses? There seem to be mult. threads being generated. I'm just hitting reply. John Qed wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: RIPEMD160 > >On 04/07/2006 09:56 PM, John M Church wrote: > > >>Not sure if "mask the passphrase in a non-obvious way" does justice to >>encrypting it with a filter and strong algorithm - ref. >>. Were you >>thinking I was only hiding it in clear text? >> >> >Simply I don't know anything about this perl module, but where the key >to decrypt the passphrase would be stored? If such a safe place exists >why not using it directly for the gpg passphrase? >- -- > > Q.E.D. > >ICQ UIN: 301825501 >OpenPGP key ID: 0x58D14EB3 >Key fingerprint: 00B9 3E17 630F F2A7 FF96 DA6B AEE0 EC27 58D1 4EB3 >Check fingerprints before trusting a key! > > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.4.2.2 (GNU/Linux) > >iD8DBQFENt6xH+Dh0Dl5XacRA53ZAJ9cgwj5/gJGetJ7atqPWKLX/hfTBACfXIGi >1djGAaNrtAzKILj1YqrjU1c= >=emRC >-----END PGP SIGNATURE----- > > >_______________________________________________ >Gnupg-users mailing list >Gnupg-users@gnupg.org >http://lists.gnupg.org/mailman/listinfo/gnupg-users > > > From wk at gnupg.org Fri Apr 7 22:51:57 2006 From: wk at gnupg.org (Werner Koch) Date: Sat Apr 8 02:07:13 2006 Subject: fetching DE415B0E from sks ([don't know]: invalid packet (ctb=2d)) In-Reply-To: <20060407155343.GC6562@asteria.noreply.org> (Peter Palfrader's message of "Fri, 7 Apr 2006 17:53:43 +0200") References: <20060407134043.GA6562@asteria.noreply.org> <20060407153055.GA26717@jabberwocky.com> <20060407155343.GC6562@asteria.noreply.org> Message-ID: <878xqhaz2q.fsf@wheatstone.g10code.de> On Fri, 7 Apr 2006 17:53:43 +0200, Peter Palfrader said: > I think a --refresh should always try to refresh all keys. As it is in > this case - with a key with "evil" packets on the keyserver - I'm stuck > in a situation where "gpg --refresh-keys" only updates half of my Actually, keyservers should never accept such a key in the first place. > I can see a point in aborting in the case of gpg --recv, but it's > confusing that it starts fetching keys starting with the last. Maybe > that could be turned around. I think we can do that. Salam-Shalom, Werner From dshaw at jabberwocky.com Sat Apr 8 02:22:04 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Sat Apr 8 02:21:23 2006 Subject: fetching DE415B0E from sks ([don't know]: invalid packet (ctb=2d)) In-Reply-To: <20060407155343.GC6562@asteria.noreply.org> References: <20060407134043.GA6562@asteria.noreply.org> <20060407153055.GA26717@jabberwocky.com> <20060407155343.GC6562@asteria.noreply.org> Message-ID: <20060408002204.GA27174@jabberwocky.com> On Fri, Apr 07, 2006 at 05:53:43PM +0200, Peter Palfrader wrote: > On Fri, 07 Apr 2006, David Shaw wrote: > > > On Fri, Apr 07, 2006 at 03:40:43PM +0200, Peter Palfrader wrote: > > > Hi, > > > > > > running 1.4.4-cvs, when I try to download DE415B0E I get the following > > > error: > > > > > > | weasel@asteria:~$ gpg --keyserver random.sks.penguin.de --recv 94c09c7f DE415B0E > > > | gpg: requesting key DE415B0E from hkp server random.sks.penguin.de > > > | gpg: requesting key 94C09C7F from hkp server random.sks.penguin.de > > > | gpg: key DE415B0E: public key "Susumu OSAWA " imported > > > | gpg: [don't know]: invalid packet (ctb=2d) > > > | gpg: read_block: read error: invalid packet > > > | gpg: Total number processed: 1 > > > | gpg: imported: 1 > > > > > > While it imports the key in question, it breaks the current download > > > action, not fetching additional keys given on the command line. > > > > This is a feature, believe it or not. During an import (and a > > keyserver --recv-keys or --refresh-keys is really just an import), GPG > > reads packets off the input stream. Once any of those packets prove > > invalid (a packet starting with 2D is invalid), there is no way to > > know where it is in the stream - how many bytes should it jump ahead > > to get back on the track. > > I don't believe it's a feature - yet :) > > I think a --refresh should always try to refresh all keys. As it is in > this case - with a key with "evil" packets on the keyserver - I'm stuck > in a situation where "gpg --refresh-keys" only updates half of my > keyring. --import (and therefore --refresh) does try to handle all keys in the stream. It just can't continue once there is a stream error as there is no way to reestablish its place in the stream. The stream coding more or less says stuff like "here's a signature and it's 40 bytes long (40 bytes here)". GPG reads that and keeps going. If GPG sees "here's garbage and it's garbage bytes long", it can't read it because it's garbage, and it can't skip it because it doesn't know how many (garbage) bytes to skip over. The only thing it can do at that point is stop. Keyserver operations result in multiple streams (one per key). If one errors out, it might be possible to jump to the next BEGIN header, but that would be a pretty nontrivial undertaking given how the code currently works. All that said, though, I'm not convinced that the armored stream you got from the keyserver is invalid. I think there may be a problem in GPG's armor parser (hard to imagine after this many years, but..) It seems that the bad key is the right length (exactly 8192 bytes) to trigger a problem. > I can see a point in aborting in the case of gpg --recv, but it's > confusing that it starts fetching keys starting with the last. Maybe > that could be turned around. That's easy. I'll do that. David From lusfert at gmail.com Sat Apr 8 11:58:45 2006 From: lusfert at gmail.com (lusfert) Date: Sat Apr 8 11:57:59 2006 Subject: Date and time format In-Reply-To: <140763697.20060407022426@gmx.net> References: <443588BC.3080706@gmail.com> <140763697.20060407022426@gmx.net> Message-ID: <44378955.4090002@gmail.com> Mica Mijatovic wrote on 2006-04-07 4:24: > Was Fri, 07 Apr 2006, at 01:31:40 +0400, > when lusfert wrote: > >>> Is it possible to change date format in GPG output? > > I tried this to figure out many times but couldn't. > > I also expected that GPG will take over the local User's setting of the > OS, as most programs do, but not, it doesn't. I don't know reasons. > That's very bad. :( I haven't found any problem report about this at http://bugs.gnupg.org/ Should I create a new one? http://bugs.gnupg.org/cgi-bin/gnatsweb.pl?debug=&database=gnupg&cmd=create -- Regards OpenPGP Key ID: 0x9E353B56500B8987 Encrypted e-mail preferred. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 163 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060408/1838de8f/signature.pgp From blueness at gmx.net Sat Apr 8 12:37:06 2006 From: blueness at gmx.net (Mica Mijatovic) Date: Sat Apr 8 12:40:57 2006 Subject: Date and time format In-Reply-To: <44378955.4090002@gmail.com> References: <443588BC.3080706@gmail.com> <140763697.20060407022426@gmx.net> <44378955.4090002@gmail.com> Message-ID: <16110312651.20060408123706@gmx.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: TIGER192 Was Sat, 08 Apr 2006, at 13:58:45 +0400, when lusfert wrote: >>>> Is it possible to change date format in GPG output? >> >> I tried this to figure out many times but couldn't. >> >> I also expected that GPG will take over the local User's setting of the >> OS, as most programs do, but not, it doesn't. I don't know reasons. >> > That's very bad. :( > I haven't found any problem report about this at http://bugs.gnupg.org/ > Should I create a new one? > http://bugs.gnupg.org/cgi-bin/gnatsweb.pl?debug=&database=gnupg&cmd=create I couldn't classify it as a bug, rather a matter of a style of coding, where the optimal "tweak" of related code(s) has been neglected. An omission rather. *** I see, by the way and by, that my previous message arrived with signature BAD (at least here was so), so just to confirm that the entire signed text was mine. If the Archive needs it signed again, I'll do that. - -- Mica PGP keys nestled at: http://blueness.port5.com/pgpkeys/ ~~~ For personal mail please use my address as it is *exactly* given in my "From|Reply To" field(s). ~~~ Don't put a cat on your lap, it hurts real bad! -----BEGIN PGP SIGNATURE----- iQEVAwUBRDeSULSpHvHEUtv8AQaaSAf+Mq881aAgz5bHKC35pVc3T3FWVKslyIPb IF/bVFNyOAfPF2fax3puSmlYYIgqZ4dV9ziVSp/sJyobvg7qUNil4vDm/RPwHj/A n6hu2inFetiRQg62GD/LjkXtI2GwrK/2TzVh6c9raMPnmDxlkfPnt3acs0Rgl/Al lGEkBKpDrwXYwWNZd/aiinEjaYqrsuf7JwZOL74+h17iFyNE6bY5EBe9igUVslgn FjNOSXkBl0ivejl6lR4mYmADX35AJk3w60JIjTe77QFb/97k4tbZT7aKEBGkxxiX 6yb0krkivLPgxYqhWjflBrwW3XxmFPCwB+WN1W0QAwCsynECAx+LUg== =Vuvu -----END PGP SIGNATURE----- From dominique at leuenberger.net Sun Apr 9 00:17:51 2006 From: dominique at leuenberger.net (Dominique Leuenberger) Date: Sun Apr 9 01:56:19 2006 Subject: auto-key-locate pka (gpg version 1.4.3) Message-ID: <4438368F.2010500@leuenberger.net> Hello, according to the readme and man pages, I should be able to use gpg --auto-key-locate pka --encrypt dominique@leuenberger.net to encrypt a message to this user even if I would not have the corresponding public key, if the dns system would be set up correctly. ok, the latest is not done yet, but is work in progress. But why I come to the list: the parameter "pka" seems not to be recognised by my version of pgp (1.4.3, downloaded as binary for Windows from gnupg.org) Did I miss something? Neither the new parameters pka nor cert are working. ldap and keyserver give no error. using gpg --auto-key-locate pka I get the following error message: gpg: invalid auto-key-locate list Any help, or a link to another version of gpg with this support compiled in, would be appreciated. Thank you very much, Dominique -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3218 bytes Desc: S/MIME Cryptographic Signature Url : /pipermail/attachments/20060409/44dd5e64/smime.bin From dshaw at jabberwocky.com Sun Apr 9 02:11:48 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Sun Apr 9 02:10:59 2006 Subject: auto-key-locate pka (gpg version 1.4.3) In-Reply-To: <4438368F.2010500@leuenberger.net> References: <4438368F.2010500@leuenberger.net> Message-ID: <20060409001148.GE27174@jabberwocky.com> On Sun, Apr 09, 2006 at 12:17:51AM +0200, Dominique Leuenberger wrote: > Hello, > > according to the readme and man pages, I should be able to use > gpg --auto-key-locate pka --encrypt dominique@leuenberger.net > to encrypt a message to this user even if I would not have the > corresponding public key, if the dns system would be set up correctly. > > ok, the latest is not done yet, but is work in progress. > > But why I come to the list: > the parameter "pka" seems not to be recognised by my version of pgp > (1.4.3, downloaded as binary for Windows from gnupg.org) > > Did I miss something? Neither the new parameters pka nor cert are > working. ldap and keyserver give no error. > using gpg --auto-key-locate pka I get the following error message: > gpg: invalid auto-key-locate list This means that the build of GnuPG you has no DNS support (pka and cert require DNS support, and ldap and keyserver don't). David From dominique at leuenberger.net Sun Apr 9 08:33:39 2006 From: dominique at leuenberger.net (Dominique Leuenberger) Date: Sun Apr 9 08:32:08 2006 Subject: auto-key-locate pka (gpg version 1.4.3) In-Reply-To: <20060409001148.GE27174@jabberwocky.com> References: <4438368F.2010500@leuenberger.net> <20060409001148.GE27174@jabberwocky.com> Message-ID: <4438AAC3.5040403@leuenberger.net> David Shaw wrote: > On Sun, Apr 09, 2006 at 12:17:51AM +0200, Dominique Leuenberger wrote: >> Did I miss something? Neither the new parameters pka nor cert are >> working. ldap and keyserver give no error. >> using gpg --auto-key-locate pka I get the following error message: >> gpg: invalid auto-key-locate list > > This means that the build of GnuPG you has no DNS support (pka and > cert require DNS support, and ldap and keyserver don't). That's very bad, as I downloaded the official binaries from gnupg.org. Will there be a different version that supports this new feature? I think it's a very interestnig approach to distribute keys. Indeed the biggest problem that exists at the moment. Dominique -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3218 bytes Desc: S/MIME Cryptographic Signature Url : /pipermail/attachments/20060409/dc3adc5e/smime-0001.bin From wk at gnupg.org Sun Apr 9 14:46:47 2006 From: wk at gnupg.org (Werner Koch) Date: Sun Apr 9 14:51:50 2006 Subject: auto-key-locate pka (gpg version 1.4.3) In-Reply-To: <4438AAC3.5040403@leuenberger.net> (Dominique Leuenberger's message of "Sun, 09 Apr 2006 08:33:39 +0200") References: <4438368F.2010500@leuenberger.net> <20060409001148.GE27174@jabberwocky.com> <4438AAC3.5040403@leuenberger.net> Message-ID: <87bqva9ars.fsf@wheatstone.g10code.de> On Sun, 09 Apr 2006 08:33:39 +0200, Dominique Leuenberger said: > That's very bad, as I downloaded the official binaries from gnupg.org. > Will there be a different version that supports this new feature? I We don't support DNS queries under Windows right now. Windows does not provide the usual resolver library so we would need to write special code for Windows, which has not yet happen. Shalom-Salam, Werner From ryan at malayter.com Sun Apr 9 15:25:34 2006 From: ryan at malayter.com (Ryan Malayter) Date: Sun Apr 9 15:24:55 2006 Subject: Automated processes In-Reply-To: <4436F5C9.3010009@lmco.com> References: <053b01c659c5$0b87b3f0$4ac811ac@celerasystems.com> <4435A771.5020004@joimail.com> <4436742F.5020309@lmco.com> <44369760.4070500@tiscali.it> <4436C3D5.3040908@lmco.com> <4436DEB1.8030800@tiscali.it> <4436F5C9.3010009@lmco.com> Message-ID: <5d7f07420604090625v550e31fbna470248d2ae02b00@mail.gmail.com> On 4/7/06, John M Church wrote: > Qed/Ryan et al, > Do either of you guys do automated decryption? This doesn't seem to be > addressed in the FAQ - just automated signing. I'm open to suggestions. I do use GnuPG for automated decryption for one batch process. To do so, I use a low-value, single-purpose key that has *no pass phrase* and very strict permissions on the secring.gpg file. This file is then placed in a folder that is encrypted at the file system level (using Windows EFS). I think this is about as secure as you can make automatic decryption without trusted hardware being involved. An attacker with the ability to run code using the same account as my script would be able to read the secret key from the encrypted file system. Using the --passphrase-fd option would offer roughly the same security - that is, permissions on the script file would be your only protection, just as the permissions on secring.gpg are my only real protection. -- RPM ========================= All problems can be solved by diplomacy, but violence and treachery are equally effective, and more fun. -Anonymous From dshaw at jabberwocky.com Sun Apr 9 15:28:09 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Sun Apr 9 15:27:21 2006 Subject: fetching DE415B0E from sks ([don't know]: invalid packet (ctb=2d)) In-Reply-To: <20060408002204.GA27174@jabberwocky.com> References: <20060407134043.GA6562@asteria.noreply.org> <20060407153055.GA26717@jabberwocky.com> <20060407155343.GC6562@asteria.noreply.org> <20060408002204.GA27174@jabberwocky.com> Message-ID: <20060409132809.GB31486@jabberwocky.com> On Fri, Apr 07, 2006 at 08:22:04PM -0400, David Shaw wrote: > All that said, though, I'm not convinced that the armored stream you > got from the keyserver is invalid. I think there may be a problem in > GPG's armor parser (hard to imagine after this many years, but..) It > seems that the bad key is the right length (exactly 8192 bytes) to > trigger a problem. This was indeed a bug. I've attached the fix. With this patch in place, you should be able to import DE415B0E without error. David -------------- next part -------------- Index: armor.c =================================================================== --- armor.c (revision 4096) +++ armor.c (revision 4098) @@ -676,7 +676,7 @@ int checkcrc=0; int rc = 0; size_t n = 0; - int idx, i; + int idx, i, onlypad=0; u32 crc; crc = afx->crc; @@ -720,6 +720,8 @@ goto again; } } + else if(n==0) + onlypad=1; if( idx == 1 ) buf[n++] = val; @@ -848,7 +850,7 @@ } } - if( !n ) + if( !n && !onlypad ) rc = -1; *retn = n; From bob.henson at galen.org.uk Sun Apr 9 15:01:52 2006 From: bob.henson at galen.org.uk (Bob Henson) Date: Sun Apr 9 16:26:14 2006 Subject: auto-key-locate pka (gpg version 1.4.3) In-Reply-To: <87bqva9ars.fsf@wheatstone.g10code.de> References: <4438368F.2010500@leuenberger.net> <20060409001148.GE27174@jabberwocky.com> <4438AAC3.5040403@leuenberger.net> <87bqva9ars.fsf@wheatstone.g10code.de> Message-ID: <443905C0.4070401@galen.org.uk> Werner Koch wrote > On Sun, 09 Apr 2006 08:33:39 +0200, Dominique Leuenberger said: > >> That's very bad, as I downloaded the official binaries from gnupg.org. >> Will there be a different version that supports this new feature? I > > We don't support DNS queries under Windows right now. Windows does > not provide the usual resolver library so we would need to write > special code for Windows, which has not yet happen. Does the same apply to the ability to cross-certify, Werner, or is that a different matter altogether? I get no response here - not even an error message - gpg just sits there asking for a command. Regards, Bob -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060409/8dda902d/signature.pgp From dshaw at jabberwocky.com Sun Apr 9 16:39:16 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Sun Apr 9 16:38:27 2006 Subject: auto-key-locate pka (gpg version 1.4.3) In-Reply-To: <443905C0.4070401@galen.org.uk> References: <4438368F.2010500@leuenberger.net> <20060409001148.GE27174@jabberwocky.com> <4438AAC3.5040403@leuenberger.net> <87bqva9ars.fsf@wheatstone.g10code.de> <443905C0.4070401@galen.org.uk> Message-ID: <20060409143916.GD31486@jabberwocky.com> On Sun, Apr 09, 2006 at 02:01:52PM +0100, Bob Henson wrote: > > > Werner Koch wrote > > > On Sun, 09 Apr 2006 08:33:39 +0200, Dominique Leuenberger said: > > > >> That's very bad, as I downloaded the official binaries from gnupg.org. > >> Will there be a different version that supports this new feature? I > > > > We don't support DNS queries under Windows right now. Windows does > > not provide the usual resolver library so we would need to write > > special code for Windows, which has not yet happen. > > Does the same apply to the ability to cross-certify, Werner, or is that a > different matter altogether? I get no response here - not even an error > message - gpg just sits there asking for a command. Cross-certification and PKA/CERT are unrelated to each other. What (public) key were you trying to cross-certify? David From bob.henson at galen.org.uk Sun Apr 9 18:09:05 2006 From: bob.henson at galen.org.uk (Bob Henson) Date: Sun Apr 9 18:08:09 2006 Subject: auto-key-locate pka (gpg version 1.4.3) In-Reply-To: <20060409143916.GD31486@jabberwocky.com> References: <4438368F.2010500@leuenberger.net> <20060409001148.GE27174@jabberwocky.com> <4438AAC3.5040403@leuenberger.net> <87bqva9ars.fsf@wheatstone.g10code.de> <443905C0.4070401@galen.org.uk> <20060409143916.GD31486@jabberwocky.com> Message-ID: <443931A1.6050805@galen.org.uk> David Shaw wrote >> >> That's very bad, as I downloaded the official binaries from gnupg.org. >> >> Will there be a different version that supports this new feature? I >> > >> > We don't support DNS queries under Windows right now. Windows does >> > not provide the usual resolver library so we would need to write >> > special code for Windows, which has not yet happen. >> >> Does the same apply to the ability to cross-certify, Werner, or is that a >> different matter altogether? I get no response here - not even an error >> message - gpg just sits there asking for a command. > Cross-certification and PKA/CERT are unrelated to each other. I realise that, what I was asking was did the problem also relate to the Windows build - in other words, was I wasting my time trying to get it to work as the OP was with his (different) problem. > What (public) key were you trying to cross-certify? All five of my keys - FBA06282, 31C737BD, 8FD7EAA9, A9732CF4 and 9652ABDA Regards, Bob -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060409/8cd5e876/signature.pgp From dshaw at jabberwocky.com Sun Apr 9 18:22:30 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Sun Apr 9 18:21:42 2006 Subject: auto-key-locate pka (gpg version 1.4.3) In-Reply-To: <443931A1.6050805@galen.org.uk> References: <4438368F.2010500@leuenberger.net> <20060409001148.GE27174@jabberwocky.com> <4438AAC3.5040403@leuenberger.net> <87bqva9ars.fsf@wheatstone.g10code.de> <443905C0.4070401@galen.org.uk> <20060409143916.GD31486@jabberwocky.com> <443931A1.6050805@galen.org.uk> Message-ID: <20060409162230.GE31486@jabberwocky.com> On Sun, Apr 09, 2006 at 05:09:05PM +0100, Bob Henson wrote: > David Shaw wrote > > >> >> That's very bad, as I downloaded the official binaries from gnupg.org. > >> >> Will there be a different version that supports this new feature? I > >> > > >> > We don't support DNS queries under Windows right now. Windows does > >> > not provide the usual resolver library so we would need to write > >> > special code for Windows, which has not yet happen. > >> > >> Does the same apply to the ability to cross-certify, Werner, or is that a > >> different matter altogether? I get no response here - not even an error > >> message - gpg just sits there asking for a command. > > > Cross-certification and PKA/CERT are unrelated to each other. > > I realise that, what I was asking was did the problem also relate to the > Windows build - in other words, was I wasting my time trying to get it to > work as the OP was with his (different) problem. > > > What (public) key were you trying to cross-certify? > > All five of my keys - FBA06282, 31C737BD, 8FD7EAA9, A9732CF4 and 9652ABDA I think there is a misunderstanding. None of those keys have signing subkeys. Cross-certification is meaningless without a signing subkey. David From bob.henson at galen.org.uk Sun Apr 9 19:37:40 2006 From: bob.henson at galen.org.uk (Bob Henson) Date: Sun Apr 9 19:36:41 2006 Subject: auto-key-locate pka (gpg version 1.4.3) In-Reply-To: <20060409162230.GE31486@jabberwocky.com> References: <4438368F.2010500@leuenberger.net> <20060409001148.GE27174@jabberwocky.com> <4438AAC3.5040403@leuenberger.net> <87bqva9ars.fsf@wheatstone.g10code.de> <443905C0.4070401@galen.org.uk> <20060409143916.GD31486@jabberwocky.com> <443931A1.6050805@galen.org.uk> <20060409162230.GE31486@jabberwocky.com> Message-ID: <44394664.4070307@galen.org.uk> David Shaw wrote >> >> >> That's very bad, as I downloaded the official binaries from gnupg.org. >> >> >> Will there be a different version that supports this new feature? I >> >> > >> >> > We don't support DNS queries under Windows right now. Windows does >> >> > not provide the usual resolver library so we would need to write >> >> > special code for Windows, which has not yet happen. >> >> >> >> Does the same apply to the ability to cross-certify, Werner, or is that a >> >> different matter altogether? I get no response here - not even an error >> >> message - gpg just sits there asking for a command. >> >> > Cross-certification and PKA/CERT are unrelated to each other. >> >> I realise that, what I was asking was did the problem also relate to the >> Windows build - in other words, was I wasting my time trying to get it to >> work as the OP was with his (different) problem. >> >> > What (public) key were you trying to cross-certify? >> >> All five of my keys - FBA06282, 31C737BD, 8FD7EAA9, A9732CF4 and 9652ABDA > > I think there is a misunderstanding. None of those keys have signing > subkeys. Cross-certification is meaningless without a signing subkey. OK - the usual problem - lack of knowledge on my part. I saw a post suggesting subkeys should be cross-signed, mine had subkeys, so I just assumed that was what was under discussion. In my own defence, it's fair to say the lack of good documentation (or documentation simple enough for me to understand) doesn't help those of us less technical. My apologies for wasting your time. Regards, Bob -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060409/be66ebc0/signature.pgp From ben.branders at gmail.com Sun Apr 9 21:19:17 2006 From: ben.branders at gmail.com (Ben Branders) Date: Sun Apr 9 21:24:17 2006 Subject: Error: MPI larger than indicated length Message-ID: Hi, Today I wanted to do an update of the public keys in my list via Enigmail (Refresh all public keys). I got this message: > gpg: MPI larger than indicated length (2 bytes) > gpg: keyring_get_keyblock: read error: invalid packet > gpg: keydb_get_keygblock failed: invalid keyring I thought this was because I upgraded my Slackware Linux to another GCC version so I recompiled GnuPG. Same problem. Enigmail Keymanagement doesn't show any keys, not even the private ones. Please inform me what I should do to fix this. Thank you! Kind regards -- Ben Branders web http://branders.name http://www.livre.nl jabber ben@jabberweb.be http://www.mozbrowser.nl OpenPGP 0x46938FDB http://www.mozilla-europe.org From dshaw at jabberwocky.com Sun Apr 9 21:41:21 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Sun Apr 9 21:40:33 2006 Subject: Error: MPI larger than indicated length In-Reply-To: References: Message-ID: <20060409194121.GF31486@jabberwocky.com> On Sun, Apr 09, 2006 at 09:19:17PM +0200, Ben Branders wrote: > Hi, > > > > Today I wanted to do an update of the public keys in my list via Enigmail > (Refresh all public keys). I got this message: > > > gpg: MPI larger than indicated length (2 bytes) > > gpg: keyring_get_keyblock: read error: invalid packet > > gpg: keydb_get_keygblock failed: invalid keyring > > I thought this was because I upgraded my Slackware Linux to another GCC > version so I recompiled GnuPG. Same problem. > > Enigmail Keymanagement doesn't show any keys, not even the private ones. > > Please inform me what I should do to fix this. I don't think anyone here can help you without knowing what version of GnuPG you're talking about. David From trevor at haligonian.com Sun Apr 9 20:27:17 2006 From: trevor at haligonian.com (Trevor Smith) Date: Sun Apr 9 21:56:15 2006 Subject: More questions about: "gpg: WARNING: message was not integrity protected" Message-ID: Some time ago there were questions about the warning message: gpg: WARNING: message was not integrity protected that gpg outputs when decrypting *some* symmetrically encrypted texts. Werner Koch wrote in http://lists.gnupg.org/pipermail/gnupg-users/2004-October/023500.html that: > That message is on purpose to remind people that they should use the > MDC feature. MDC is automagically handled through the preferences > system but with symmetrical only encrypted mails we don't have them > and thus we need to print the warning in all cases. I have some questions about this: 1. How is MDC enabled? I cannot find a setting (I'm using Mac OS X and my man pages are mysteriously missing). There is no (commented out) option for MDC in my gpg.conf file. 2. I have observed that by switching my cipher-algo from the default, CAST5, to AES256 (or any variant of AES, if I recall correctly), the warning goes away. Why? 3. Werner implies that the warning is only generated for symmetrically encrypted emails but I have noticed that an email from my girlfriend, signed and encrypted to my public key will display this warning, when decrypted/verified from the command line. However, a message that I encrypt to myself then decrypt on the command line does *not* display it. Is this, again, because I have my default cipher-algo set to AES256 in my gpg.conf file while my girlfriend is using the default (CAST5)? 4. All this gives the impression that CAST5 suffers from a weakness that AES256 does not. Is this true? -- Trevor Smith trevor@haligonian.com From johnmoore3rd at joimail.com Sun Apr 9 22:06:45 2006 From: johnmoore3rd at joimail.com (John W. Moore III) Date: Sun Apr 9 22:05:56 2006 Subject: Error: MPI larger than indicated length In-Reply-To: References: Message-ID: <44396955.5000002@joimail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Ben Branders wrote > Enigmail Keymanagement doesn't show any keys, not even the private ones. > > Please inform me what I should do to fix this. > Thank you! While this would probably be a better Question on the Enigmail List; try File > Reload Key Cache from the Enigmail Key Management window. JOHN ;) Timestamp: Sunday 09 Apr 2006, 16:05 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4-svn4097: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org Comment: Homepage: http://tinyurl.com/9ubue Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJEOWlSAAoJEBCGy9eAtCsPyBwH/RfvEQdJh8+N1CMI3MZruH1k 84y5WJEsFpEMVjZeZzTSVNKt09a9Wa/JsUsGSngfAl55CdH2aYYSYRKopNz+iDyL MULoMfJ0s4B98BSxA5vmTyhyb12uxWgqPOhFTpcuDQ2nFsZteWZ9Nf6yaifb4U9y LwGqnl52ZoCazyGY35YztrsVLLH5X4auW4HkV7d26y3UVXObEEZDX5avCoJBOIfF 8F1Pr89jCl1lq4M5lyS1bEke6bRyXUBaT6K/D0gOV/uGJ6i8Th/wqf61QJqOtXyP 2AGM2P/3UxPmtt1MzrTsnGYpNXLcWVFJTq9zFClalnRvcDby8J4CHrSElRnP3DU= =abpp -----END PGP SIGNATURE----- From ben.branders at gmail.com Sun Apr 9 22:17:22 2006 From: ben.branders at gmail.com (Ben Branders) Date: Sun Apr 9 22:16:41 2006 Subject: Error: MPI larger than indicated length In-Reply-To: <20060409194121.GF31486__37211.1330194913$1144611883$gmane$org@jabberwocky.com> References: <20060409194121.GF31486__37211.1330194913$1144611883$gmane$org@jabberwocky.com> Message-ID: David Shaw wrote: > I don't think anyone here can help you without knowing what version of > GnuPG you're talking about. Oops, sorry. I'm using GnuPG 1.4.3 on Slackware Linux (current tree). Regards, -- Ben Branders web http://branders.name http://www.livre.nl jabber ben@jabberweb.be http://www.mozbrowser.nl OpenPGP 0x46938FDB http://www.mozilla-europe.org From huehn-ml at arcor.de Sun Apr 9 19:52:17 2006 From: huehn-ml at arcor.de (=?ISO-8859-1?Q?Thomas_H=FChn?=) Date: Sun Apr 9 23:26:10 2006 Subject: [Announce] Gpg4win 1.0.0 released In-Reply-To: <8764lld2fy.fsf@wheatstone.g10code.de> References: <8764lld2fy.fsf@wheatstone.g10code.de> Message-ID: <008E5F66F9BCC4B445CAA71E@[192.168.2.22]> Hi --On Freitag, 7. April 2006 13:56 +0200 Werner Koch wrote: > The gpg4win project aims at updating the gpg4win Windows installation > package with GnuPG encryption tool, associated applications and > documentation on a regular basis. Especially the documentation > (handbooks "Einsteiger" and "Durchblicker") are directly maintained as > part of the gpg4win project. Is there no current man page included or did I just overlook it? Is a current man page (including "cross-certify" etc.) available somewhere online? Thomas From tmz at pobox.com Sun Apr 9 23:43:51 2006 From: tmz at pobox.com (Todd Zullinger) Date: Sun Apr 9 23:58:08 2006 Subject: [Announce] Gpg4win 1.0.0 released In-Reply-To: <008E5F66F9BCC4B445CAA71E@[192.168.2.22]> References: <8764lld2fy.fsf@wheatstone.g10code.de> <008E5F66F9BCC4B445CAA71E@[192.168.2.22]> Message-ID: <20060409214351.GD22038@psilocybe.teonanacatl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thomas H?hn wrote: > --On Freitag, 7. April 2006 13:56 +0200 Werner Koch > wrote: > >> The gpg4win project aims at updating the gpg4win Windows >> installation package with GnuPG encryption tool, associated >> applications and documentation on a regular basis. Especially the >> documentation (handbooks "Einsteiger" and "Durchblicker") are >> directly maintained as part of the gpg4win project. > > Is there no current man page included or did I just overlook it? I don't know about the win32 builds... Building from source on linux the man page is available and current. > Is a current man page (including "cross-certify" etc.) available > somewhere online? I thought this would be what you wanted, but it's definitely not current: http://www.gnupg.org/documentation/manpage.en.html It's linked from the main documentation page. FWIW, here are the sections on cross-certify from the 1.4.3 manual: --edit-key name Present a menu which enables you to do all key related tasks: [...] cross-certify Add cross-certification signatures to signing subkeys that may not currently have them. Cross-certification signatures protect against a subtle attack against signing subkeys. See --require-cross-certification. [...] --require-cross-certification --no-require-certification When verifying a signature made from a subkey, ensure that the cross certification "back signature" on the subkey is present and valid. This protects against a subtle attack against subkeys that can sign. Currently defaults to --no-require- cross-certification, but will be changed to --require-cross-certification in the future. - -- Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp ====================================================================== There is no pleasure in having nothing to do; the fun is in having lots to do and not doing it. -- Mary Wilson Little -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iG0EARECAC0FAkQ5gBYmGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt ei5hc2MACgkQuv+09NZUB1rS6wCfaIOm0dV+RhyfYH8DXr5ht+aD//oAn0KlCMIN 6pRojI6Vh2fbqv3mJg4Q =Gw6G -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Mon Apr 10 00:28:27 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Apr 10 00:27:44 2006 Subject: More questions about: "gpg: WARNING: message was not integrity protected" In-Reply-To: References: Message-ID: <20060409222827.GB21747@jabberwocky.com> On Sun, Apr 09, 2006 at 03:27:17PM -0300, Trevor Smith wrote: > Some time ago there were questions about the warning message: > > gpg: WARNING: message was not integrity protected > > that gpg outputs when decrypting *some* symmetrically encrypted > texts. Werner Koch wrote in > http://lists.gnupg.org/pipermail/gnupg-users/2004-October/023500.html > that: > > >That message is on purpose to remind people that they should use the > >MDC feature. MDC is automagically handled through the preferences > >system but with symmetrical only encrypted mails we don't have them > >and thus we need to print the warning in all cases. > > I have some questions about this: > > 1. How is MDC enabled? I cannot find a setting (I'm using Mac OS X > and my man pages are mysteriously missing). There is no (commented > out) option for MDC in my gpg.conf file. MDC can be forced on via --force-mdc. As Werner said, the preference system will automatically handle this for public key encryption. For symmetric encryption (which has no preference system), you can use --force-mdc if you want a MDC. > 2. I have observed that by switching my cipher-algo from the default, > CAST5, to AES256 (or any variant of AES, if I recall correctly), the > warning goes away. Why? In an effort to increase the use of MDC, it was noted that all implementations that could handle AES could also handle MDC. Thus, using any AES (or TWOFISH) turns the MDC flag on for you. > 3. Werner implies that the warning is only generated for > symmetrically encrypted emails but I have noticed that an email from > my girlfriend, signed and encrypted to my public key will display > this warning, when decrypted/verified from the command line. However, > a message that I encrypt to myself then decrypt on the command line > does *not* display it. Is this, again, because I have my default > cipher-algo set to AES256 in my gpg.conf file while my girlfriend is > using the default (CAST5)? It is, but this is not a complete answer. Neither of you should have a cipher-algo set in your gpg.conf file. If you do, you're fighting against all the automatic parts of the system. Let GPG do what it is supposed to do and you'll be better off. > 4. All this gives the impression that CAST5 suffers from a weakness > that AES256 does not. Is this true? That's sort of an apples and oranges question. CAST5 is a 128-bit cipher. AES256 is a 256-bit cipher. Is CAST5 weaker than AES256? Yes, but that's that not to say that CAST5 is broken somehow: AES256 is just twice as large. David From jam at jamux.com Mon Apr 10 00:16:14 2006 From: jam at jamux.com (John A. Martin) Date: Mon Apr 10 01:09:12 2006 Subject: auto-key-locate pka (gpg version 1.4.3) References: <4438368F.2010500@leuenberger.net> <20060409001148.GE27174@jabberwocky.com> Message-ID: <87lkues8cx.fsf@athene.jamux.com> >>>>> "ds" == David Shaw >>>>> "Re: auto-key-locate pka (gpg version 1.4.3)" >>>>> Sat, 8 Apr 2006 20:11:48 -0400 ds> This means that the build of GnuPG you has no DNS support (pka ds> and cert require DNS support, and ldap and keyserver don't). Wouldn't it be nice if 'gpg --version' printed a list of the features available in the version supported and not-supported by the executable? jam -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 154 bytes Desc: not available Url : /pipermail/attachments/20060409/2f21cfd7/attachment.pgp From dshaw at jabberwocky.com Mon Apr 10 01:17:07 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Apr 10 01:16:21 2006 Subject: auto-key-locate pka (gpg version 1.4.3) In-Reply-To: <87lkues8cx.fsf@athene.jamux.com> References: <4438368F.2010500@leuenberger.net> <20060409001148.GE27174@jabberwocky.com> <87lkues8cx.fsf@athene.jamux.com> Message-ID: <20060409231707.GD21747@jabberwocky.com> On Sun, Apr 09, 2006 at 06:16:14PM -0400, John A. Martin wrote: > >>>>> "ds" == David Shaw > >>>>> "Re: auto-key-locate pka (gpg version 1.4.3)" > >>>>> Sat, 8 Apr 2006 20:11:48 -0400 > > ds> This means that the build of GnuPG you has no DNS support (pka > ds> and cert require DNS support, and ldap and keyserver don't). > > Wouldn't it be nice if 'gpg --version' printed a list of the features > available in the version supported and not-supported by the > executable? That's a good idea. I'll look at doing that. David From rjh at sixdemonbag.org Mon Apr 10 01:44:18 2006 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon Apr 10 01:43:59 2006 Subject: More questions about: "gpg: WARNING: message was not integrity protected" In-Reply-To: <20060409222827.GB21747@jabberwocky.com> References: <20060409222827.GB21747@jabberwocky.com> Message-ID: <44399C52.2030001@sixdemonbag.org> David Shaw wrote: > That's sort of an apples and oranges question. CAST5 is a 128-bit > cipher. AES256 is a 256-bit cipher. Is CAST5 weaker than AES256? > Yes, but that's that not to say that CAST5 is broken somehow: AES256 > is just twice as large. Forgive me for being pedantic, but I'd like to make a small clarification here for the benefit of people who don't understand what key sizes mean. The key is twice as large. That doesn't mean there are twice as many keys. It has considerably more than that. AES256 has about 100,000,000,000,000,000,000,000,000,000,000,000,000 times as many possible keys as CAST5. The difference between the two is almost incomprehensible. Again, apologies for the pedantry. :) From johnmoore3rd at joimail.com Mon Apr 10 01:57:00 2006 From: johnmoore3rd at joimail.com (John W. Moore III) Date: Mon Apr 10 01:56:17 2006 Subject: More questions about: "gpg: WARNING: message was not integrity protected" In-Reply-To: <44399C52.2030001@sixdemonbag.org> References: <20060409222827.GB21747@jabberwocky.com> <44399C52.2030001@sixdemonbag.org> Message-ID: <44399F4C.90909@joimail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Robert J. Hansen wrote: > David Shaw wrote: >> That's sort of an apples and oranges question. CAST5 is a 128-bit >> cipher. AES256 is a 256-bit cipher. Is CAST5 weaker than AES256? >> Yes, but that's that not to say that CAST5 is broken somehow: AES256 >> is just twice as large. > > Forgive me for being pedantic, but I'd like to make a small > clarification here for the benefit of people who don't understand what > key sizes mean. > > The key is twice as large. That doesn't mean there are twice as many > keys. It has considerably more than that. > > AES256 has about 100,000,000,000,000,000,000,000,000,000,000,000,000 > times as many possible keys as CAST5. The difference between the two is > almost incomprehensible. > > Again, apologies for the pedantry. :) I don't consider it 'pedantic'; however, I'm sure David meant to state that AES256 is 'exponentially' larger. I am also glad that David pointed out the limiting factor of specifying a particular algorithm for encryption in the gpg.conf File. This may work fine for communication between 2 individuals but can/will create problems when attempting to communicate with someone whose Preferences will not support that algorithm. Best example: PGP 8.1 *cannot* verify any signature hashed above SHA256. JOHN ;) Timestamp: Sunday 09 Apr 2006, 19:56 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4-4099svn: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org Comment: Homepage: http://tinyurl.com/9ubue Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJEOZ9CAAoJEBCGy9eAtCsPaAgH/j/2+OhYsmVEazmcUQqBI4mS Usmi+aZTTr8UAvmuwnEYxa0VW3Qx+WHK3JpuzQQeSPOi3EdS4kHNNVBM6CZJY69C BuiU0f8ordUN7nOi1/jFVmCnPPEtlP124l5mWxvmIxd13a3lDP+TEqu3ZNyywKwq fzSvV2uuHDq4PpVDLsk+Vd2KjM+03qZVv/Qu673CWqgWowkFwzsrEXbJ7ChXGXe3 TEj/Y8WEBp0me3UQHD/FVOxBsCq4oz5UVwHnddMnOFNIv/JfbuCEEUZSrr/N1j9a qPwrPl1Qi/dRfjaVYj+Uj0IsbhWkfmYKVba362qosamY3KbXXs5V2lrMifapkDI= =06jr -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Mon Apr 10 02:11:04 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Apr 10 02:10:15 2006 Subject: More questions about: "gpg: WARNING: message was not integrity protected" In-Reply-To: <44399F4C.90909@joimail.com> References: <20060409222827.GB21747@jabberwocky.com> <44399C52.2030001@sixdemonbag.org> <44399F4C.90909@joimail.com> Message-ID: <20060410001104.GE21747@jabberwocky.com> On Sun, Apr 09, 2006 at 07:57:00PM -0400, John W. Moore III wrote: > Robert J. Hansen wrote: > > David Shaw wrote: > >> That's sort of an apples and oranges question. CAST5 is a 128-bit > >> cipher. AES256 is a 256-bit cipher. Is CAST5 weaker than AES256? > >> Yes, but that's that not to say that CAST5 is broken somehow: AES256 > >> is just twice as large. > > > > Forgive me for being pedantic, but I'd like to make a small > > clarification here for the benefit of people who don't understand what > > key sizes mean. > > > > The key is twice as large. That doesn't mean there are twice as many > > keys. It has considerably more than that. > > > > AES256 has about 100,000,000,000,000,000,000,000,000,000,000,000,000 > > times as many possible keys as CAST5. The difference between the two is > > almost incomprehensible. > > > > Again, apologies for the pedantry. :) > > I don't consider it 'pedantic'; however, I'm sure David meant to state > that AES256 is 'exponentially' larger. I am also glad that David > pointed out the limiting factor of specifying a particular algorithm for > encryption in the gpg.conf File. > > This may work fine for communication between 2 individuals but can/will > create problems when attempting to communicate with someone whose > Preferences will not support that algorithm. Best example: PGP 8.1 > *cannot* verify any signature hashed above SHA256. Exactly. Which is a great example why people should not set particular ciphers, and just let the automatic system do its job. The main point of the automatic system is to prevent mismatches like this. David From dshaw at jabberwocky.com Mon Apr 10 02:12:33 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Apr 10 02:11:43 2006 Subject: More questions about: "gpg: WARNING: message was not integrity protected" In-Reply-To: <44399C52.2030001@sixdemonbag.org> References: <20060409222827.GB21747@jabberwocky.com> <44399C52.2030001@sixdemonbag.org> Message-ID: <20060410001233.GA22289@jabberwocky.com> On Sun, Apr 09, 2006 at 06:44:18PM -0500, Robert J. Hansen wrote: > David Shaw wrote: > > That's sort of an apples and oranges question. CAST5 is a 128-bit > > cipher. AES256 is a 256-bit cipher. Is CAST5 weaker than AES256? > > Yes, but that's that not to say that CAST5 is broken somehow: AES256 > > is just twice as large. > > Forgive me for being pedantic, but I'd like to make a small > clarification here for the benefit of people who don't understand what > key sizes mean. > > The key is twice as large. That doesn't mean there are twice as many > keys. It has considerably more than that. > > AES256 has about 100,000,000,000,000,000,000,000,000,000,000,000,000 > times as many possible keys as CAST5. The difference between the two is > almost incomprehensible. Indeed. However, again, that doesn't mean CAST5 is broken. Just smaller than AES256. AES256 is vastly stronger than most people need in practice. Heck, CAST5 is vastly stronger than most people need in practice. Even so, AES256 is more or less the default for new keys in both PGP and GnuPG. David From trevor at haligonian.com Mon Apr 10 04:11:48 2006 From: trevor at haligonian.com (Trevor Smith) Date: Mon Apr 10 05:32:13 2006 Subject: More questions about: "gpg: WARNING: message was not integrity protected" In-Reply-To: <20060409222827.GB21747@jabberwocky.com> References: <20060409222827.GB21747@jabberwocky.com> Message-ID: On 9-Apr-06, at 7:28 PM, David Shaw wrote: > MDC can be forced on via --force-mdc. As Werner said, the preference Excellent. So, the follow-up question is, should one use this option for files symmetrically encrypted for long-term storage (like if burned to a CD)? > system will automatically handle this for public key encryption. For > symmetric encryption (which has no preference system), you can use > --force-mdc if you want a MDC. Can you briefly explain this "preference system"? As in, does this mean a given public key may/will have a preference for some algo stored in it and when my copy of GPG attempts to encrypt to that public key, it uses that symmetric cipher (when possible)? > In an effort to increase the use of MDC, it was noted that all > implementations that could handle AES could also handle MDC. Thus, > using any AES (or TWOFISH) turns the MDC flag on for you. Ah, great! So there are at least two benefits of using AES over CAST5 then (larger keyspace and MDC turned on). > It is, but this is not a complete answer. Neither of you should have > a cipher-algo set in your gpg.conf file. If you do, you're fighting > against all the automatic parts of the system. Let GPG do what it is Fair enough. I had set it because I was archiving some things for long-term storage and discovered it was defaulting to CAST5 and thought, why not use the largest keyspace I can? But your point is taken, because I understand now that I was also forcing asymmetric encryption to use AES256 as the session cipher, which might cause problems. Then again, if I send emails that I might not want people to decrypt 5 or 10 years from now, would I want session ciphers to be defaulting to AES256 instead of CAST5? Why is this the default? -- Trevor Smith trevor@haligonian.com From alphasigmax at gmail.com Mon Apr 10 07:49:31 2006 From: alphasigmax at gmail.com (Alphax) Date: Mon Apr 10 07:49:57 2006 Subject: auto-key-locate pka (gpg version 1.4.3) In-Reply-To: <20060409231707.GD21747@jabberwocky.com> References: <4438368F.2010500@leuenberger.net> <20060409001148.GE27174@jabberwocky.com> <87lkues8cx.fsf@athene.jamux.com> <20060409231707.GD21747@jabberwocky.com> Message-ID: <4439F1EB.6030200@gmail.com> David Shaw wrote: > On Sun, Apr 09, 2006 at 06:16:14PM -0400, John A. Martin wrote: >>> "ds" == David Shaw >>> "Re: auto-key-locate pka (gpg version 1.4.3)" >>> Sat, 8 Apr 2006 20:11:48 -0400 >> ds> This means that the build of GnuPG you has no DNS support (pka >> ds> and cert require DNS support, and ldap and keyserver don't). >> >> Wouldn't it be nice if 'gpg --version' printed a list of the features >> available in the version supported and not-supported by the >> executable? > > That's a good idea. I'll look at doing that. > Will that also include "undocumented" features like --enarmor? -- Alphax Message composed: 2006-04-10T15:19:27+09:30 From ben.branders at gmail.com Mon Apr 10 09:46:21 2006 From: ben.branders at gmail.com (Ben Branders) Date: Mon Apr 10 09:45:47 2006 Subject: Error: MPI larger than indicated length In-Reply-To: <44396955.5000002__19150.6085721359$1144614961$gmane$org@joimail.com> References: <44396955.5000002__19150.6085721359$1144614961$gmane$org@joimail.com> Message-ID: John W. Moore III wrote: > While this would probably be a better Question on the Enigmail List; try > File > Reload Key Cache from the Enigmail Key Management window. I don't think Enigmail has anything to do with it. It is just passing the gpg-error messages through. Anyway, I tried you suggestion but it didn't work. I got the same error when trying to reload the key cache. I think something is really wrong with my keyring... :-( Regards -- Ben Branders web http://branders.name http://www.livre.nl jabber ben@jabberweb.be http://www.mozbrowser.nl OpenPGP 0x46938FDB http://www.mozilla-europe.org From goffioul at imec.be Thu Apr 6 17:07:04 2006 From: goffioul at imec.be (Goffioul Michael) Date: Mon Apr 10 10:43:44 2006 Subject: [GPGol] Support for multipart/signed messages? Message-ID: <38C0C9E3083ADB42BFFFC6C2A8B012CE02CF2F6C@WINEX2.imec.be> Hi, I installed the latest version of gpgol 0.9.8 (actually through gpg4win), hoping to get support for multipart/signed message, but it seems it does not work (is it supposed to work?). I'm using Outlook 2003 connected to an exchange server. I enabled log (in the registry) and could only detect one error in get_msg_content_type() function. The log content is below. I hope it can help. Michael. 216/olflange.cpp:Install: context=0x7 (ReadNoteMessage) flags=0x0 1216/GPGol: this is gpgol 0.9.8 1216/GPGol: detected Outlook build version 0xd0625 (13.1573) 1216/GPGol: actual version 0x1030400 (1.3.4.0) 1216/GPGol: virtual version 0x1030400 (1.3.4.0) 1216/olflange.cpp:InstallCommands: context=0x7 (ReadNoteMessage) flags=0x0 1216/olflange.cpp:DoCommand: commandID=61536 (0xf060) 1216/olflange.cpp:find_outlook_property: looking for `Close' 1216/olflange.cpp:find_outlook_property: got IDispatch=04A9D6CC dispid=61475 1216/olflange.cpp:DoCommand: invoking Close succeeded 1216/olflange.cpp:~CGPGExchExt: cleaning up CGPGExchExt object; context=0x7 (ReadNoteMessage) 1216/olflange.cpp:ExchEntryPoint: creating new CGPGExchExt object 1216/olflange.cpp:Install: context=0x7 (ReadNoteMessage) flags=0x0 1216/GPGol: this is gpgol 0.9.8 1216/GPGol: detected Outlook build version 0xd0625 (13.1573) 1216/GPGol: actual version 0x1030400 (1.3.4.0) 1216/GPGol: virtual version 0x1030400 (1.3.4.0) 1216/olflange.cpp:InstallCommands: context=0x7 (ReadNoteMessage) flags=0x0 1216/olflange.cpp:OnRead: received 1216/show_mapi_property: PR_CONVERSATION_INDEX=01C65979BF376B34AC58E7A44A69A8DF693EAD17DFE0 1216/olflange.cpp:OnReadComplete: received 1216/olflange.cpp:DoCommand: commandID=21999 (0x55ef) 1216/gpgmsg.cpp:decrypt: enter 1216/ERROR/gpgmsg.cpp:get_msg_content_type: error getting the headers lines: hr=0x8007000e 1216/gpgmsg.cpp:decrypt: parsed content-type: media=[none]/[none] protocol=[none] 1216/gpgmsg.cpp:loadBody: loaded body 1192 bytes of body at 024BC5E0 1216/gpgmsg.cpp:gatherAttachmentInfo: message has 1 attachments 1216/gpgmsg.cpp:gatherAttachmentInfo: attachment info: 1216/ 0 0 0 0 0 `ATT00010.dat' `application/pgp-signature' `(null)' 1216/gpgmsg.cpp:decrypt: message has 1 attachments with 0 signed and 0 encrypted 1216/msgcache_get: cache miss for key: 01C65979BF376B34AC58E7A44A69A8DF693EAD17DFE0 1216/gpgmsg.cpp:decrypt: leave (no OpenPGP data) 1216/olflange.cpp:DoCommand: commandID=61536 (0xf060) 1216/olflange.cpp:find_outlook_property: looking for `Close' 1216/olflange.cpp:find_outlook_property: got IDispatch=07DF4E48 dispid=61475 1216/olflange.cpp:DoCommand: invoking Close succeeded 1216/olflange.cpp:~CGPGExchExt: cleaning up CGPGExchExt object; context=0x7 (ReadNoteMessage) From cboyce at msm.edu Fri Apr 7 00:19:44 2006 From: cboyce at msm.edu (Boyce, Collin) Date: Mon Apr 10 10:43:56 2006 Subject: MPI too large Message-ID: When decrypting a file I get the following error message. I saw previous posts but was unable to find what the resolution Error: gpg: mpi too large for this implementation (55559 bits) Command line Echo passpharase| gpg --passphrase-fd 0 -u xx@xx.edu --batch --openpgp -o "position.txt" --decrypt "position.txt.pgp" Platform: Microsoft Windows 2000 [Version 5.00.2195] gpg (GnuPG) 1.4.2.2 Any help would be appreciated. Thanks From bmord at iconnicholson.com Fri Apr 7 17:20:26 2006 From: bmord at iconnicholson.com (Benjamin Mord) Date: Mon Apr 10 10:44:01 2006 Subject: Automated processes Message-ID: <5B3792870442C04CA7CBD4D7C7D9812701F20A6D@exchange.iconnicholson.com> (Don't encrypt the passphrase - if you do, then you still need a passphrase to decrypt the passphrase, etc... etc...) Asymmetric cryptography can be extremely handy for automated encryption/decryption scenarios. For example, I sometimes have a somewhat vulnerable general-purpose machine encrypt data using only a public key, and write it somewhere shared. Then I'll have a tightly secured single-purpose machine later read and decrypt that data for some purpose. This is analogous to a one-way mail drop, where you trust the mailman more than the general public. I use this technique in scenarios where although both machines are somewhat trusted, one is machine is more trusted than the other. This way the machine that does the encryption has no knowledge of how to decrypt, so that if compromised, only the data that it processes from point of compromise going forward is in any kind of danger. (At this point you've reduced the security problem to one of monitoring or periodic cleaning, e.g. periodic reboots while running off read-only media.) The second machine is entrusted with knowledge of how to decrypt, but in exchange it is tightly secured and specialized for a single task. Ben -----Original Message----- From: gnupg-users-bounces@gnupg.org [mailto:gnupg-users-bounces@gnupg.org] On Behalf Of John M Church Sent: Friday, April 07, 2006 10:16 AM To: johnmoore3rd@joimail.com; GnuPG Users List Subject: Re: Automated processes I think it's simplistic to just brush-off this request as a user who wants convenience. There are very valid reasons for automated decryption. I'm working a similar project (and have my own issue - see "Automated Decryption via Script Running Setuid" written 4/5/06). Seems to me if you protect your script and you are behind a firewall you're not 'trading security for convenience'. You can even encrypt the passphrase in your script if you're afraid someone with sudo or root priveldges could open your script. John_inDenver John W. Moore III wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA256 > >jkaye wrote: > > > >>I know that for PGP, there's an environment setting that >>can be used to prevent this. Is there a similar thing for >>GnuPG, or do I have to jump through some hoops? >> >> > >Hmm.....Let me see if I've understood you. You desire to use GPG for >security 'Point to Point' then swap security for convenience on your end? > >My suggestion would be to either switch to Thunderbird w/Enigmail as >your MUA. You can set Enigmail to 'remember' your passphrase for a >specified length of time or until you Close the program. > >JOHN ;) >Timestamp: Thursday 06 Apr 2006, 19:42 --400 (Eastern Daylight Time) >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.4.4-4094cvs: (MingW32) >Comment: Public Key at: http://tinyurl.com/8cpho >Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org >Comment: Homepage: http://tinyurl.com/9ubue >Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > >iQEcBAEBCAAGBQJENadvAAoJEBCGy9eAtCsPcecIAKLnkCbOlXQR7sWASIE0oaD7 >8Kf7rMw+Me2CSNujNCG6hqPOr4Uh9fhrfAtSVnqoSuq9t96SR5XRpfm7b46K+P3j >1wLoYlwvEhpflhQaMe4x9awWEZDL4LUWswFU2Q9R/h3eDGyxAbXK1CR5vJ22XewJ >25aUAlvYyndcN9G9LPDM6ypOgjKE/+/WAZ06Jegqh9oFQc7tENR0NwfQvi192411 >prOXFa3y8A46gswtffdK16FPDJiGiSmFgO+iq+tgWGYkMndH9mtHkY/r2vgBHoPZ >xB/j9IWw33baG5Qe+XqZl8hkr5C8AVKZE+1KJjmx0lFM/SBSboYChDgPrJadAnA= >=++kk >-----END PGP SIGNATURE----- > >_______________________________________________ >Gnupg-users mailing list >Gnupg-users@gnupg.org >http://lists.gnupg.org/mailman/listinfo/gnupg-users > > > _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From wk at gnupg.org Mon Apr 10 10:53:30 2006 From: wk at gnupg.org (Werner Koch) Date: Mon Apr 10 10:56:39 2006 Subject: [Announce] Gpg4win 1.0.0 released In-Reply-To: <008E5F66F9BCC4B445CAA71E@[192.168.2.22]> (Thomas =?utf-8?Q?H?= =?utf-8?Q?=C3=BChn's?= message of "Sun, 09 Apr 2006 19:52:17 +0200") References: <8764lld2fy.fsf@wheatstone.g10code.de> <008E5F66F9BCC4B445CAA71E@[192.168.2.22]> Message-ID: <8764lhq0ad.fsf@wheatstone.g10code.de> On Sun, 09 Apr 2006 19:52:17 +0200, Thomas H?hn said: > Is there no current man page included or did I just overlook it? I just checked and indded the page is missing. With the old installer (at ftp.gnupg.org/gcrypt/binary/) the man page is Doc/gpg.man I'll add the man page to the next release of gpg4win. > Is a current man page (including "cross-certify" etc.) available somewhere > online? No current one. Salam-Shalom, Werner From huehn-ml at arcor.de Mon Apr 10 11:09:41 2006 From: huehn-ml at arcor.de (=?ISO-8859-1?Q?Thomas_H=FChn?=) Date: Mon Apr 10 11:08:58 2006 Subject: [Announce] Gpg4win 1.0.0 released In-Reply-To: <8764lhq0ad.fsf@wheatstone.g10code.de> References: <8764lld2fy.fsf@wheatstone.g10code.de> <008E5F66F9BCC4B445CAA71E@[192.168.2.22]> <8764lhq0ad.fsf@wheatstone.g10code.de> Message-ID: <5D6C60AC0FFC1B9FF263FC99@[192.168.2.22]> Hi --On Montag, 10. April 2006 10:53 +0200 Werner Koch wrote: > >> Is there no current man page included or did I just overlook it? > > I just checked and indded the page is missing. With the old installer > (at ftp.gnupg.org/gcrypt/binary/) the man page is Doc/gpg.man > > I'll add the man page to the next release of gpg4win. Fine. >> Is a current man page (including "cross-certify" etc.) available >> somewhere online? > > No current one. I've put one at Thomas From wk at gnupg.org Mon Apr 10 11:34:12 2006 From: wk at gnupg.org (Werner Koch) Date: Mon Apr 10 11:36:38 2006 Subject: More questions about: "gpg: WARNING: message was not integrity protected" In-Reply-To: <20060410001233.GA22289@jabberwocky.com> (David Shaw's message of "Sun, 9 Apr 2006 20:12:33 -0400") References: <20060409222827.GB21747@jabberwocky.com> <44399C52.2030001@sixdemonbag.org> <20060410001233.GA22289@jabberwocky.com> Message-ID: <871ww5pyej.fsf@wheatstone.g10code.de> On Sun, 9 Apr 2006 20:12:33 -0400, David Shaw said: > AES256 is vastly stronger than most people need in practice. Heck, > CAST5 is vastly stronger than most people need in practice. Even so, For some application there is one point which makes AES stronger that CAST5 or similar: AES works on 128 bit blocks whereas the older algorithms work on 64 bit blocks. The block size has nothing to do with the key size but it is important too. It is connected to the mode of operation (CFB mode for OpenPGP). One of the the main reasons to develop AES was to increase the block size. A large block size effectivly reduces the probabilty of duplicate cryptograms which would allow to get some information about the plaintext. If you regulary encrypt large amounts (GBs) of highly sensitive data you are better off with a 128 block size algorithm. Shalom-Salam, Werner From wk at gnupg.org Mon Apr 10 11:38:53 2006 From: wk at gnupg.org (Werner Koch) Date: Mon Apr 10 11:41:42 2006 Subject: auto-key-locate pka (gpg version 1.4.3) In-Reply-To: <4439F1EB.6030200@gmail.com> (alphasigmax@gmail.com's message of "Mon, 10 Apr 2006 15:19:31 +0930") References: <4438368F.2010500@leuenberger.net> <20060409001148.GE27174@jabberwocky.com> <87lkues8cx.fsf@athene.jamux.com> <20060409231707.GD21747@jabberwocky.com> <4439F1EB.6030200@gmail.com> Message-ID: <87wtdxojma.fsf@wheatstone.g10code.de> On Mon, 10 Apr 2006 15:19:31 +0930, Alphax said: > Will that also include "undocumented" features like --enarmor? Undocumented? Hmmm. It is not very useful in practise but it has been there for many years. You can expect that it will stay with us. We need it for our regression tests. Salam-Shalom, Werner From a24061 at yahoo.com Mon Apr 10 10:54:42 2006 From: a24061 at yahoo.com (Adam Funk) Date: Mon Apr 10 11:54:18 2006 Subject: auto-key-locate pka (gpg version 1.4.3) References: <4438368F.2010500@leuenberger.net> <20060409001148.GE27174@jabberwocky.com> <87lkues8cx.fsf@athene.jamux.com> <20060409231707.GD21747@jabberwocky.com> <4439F1EB.6030200__11847.5668401972$1144648613$gmane$org@gmail.com> Message-ID: On 2006-04-10, Alphax wrote: > David Shaw wrote: >> On Sun, Apr 09, 2006 at 06:16:14PM -0400, John A. Martin wrote: >>>> "ds" == David Shaw >>>> "Re: auto-key-locate pka (gpg version 1.4.3)" >>>> Sat, 8 Apr 2006 20:11:48 -0400 >>> ds> This means that the build of GnuPG you has no DNS support (pka >>> ds> and cert require DNS support, and ldap and keyserver don't). >>> >>> Wouldn't it be nice if 'gpg --version' printed a list of the features >>> available in the version supported and not-supported by the >>> executable? >> >> That's a good idea. I'll look at doing that. >> > > Will that also include "undocumented" features like --enarmor? Why is that now undocumented? I'm sure it used to be in the man page. From RStorm at krohne.de Mon Apr 10 11:54:30 2006 From: RStorm at krohne.de (Storm Ralf) Date: Mon Apr 10 11:54:41 2006 Subject: [gpgol] gpgol not working with Outlook 2002] Message-ID: Werner Koch said: > > On Thu, 16 Mar 2006 06:29:51 -0800, Roger Fischer said: > > > I downloaded gpgol-0.9.3 and tried it on my system > > Way too old. You should use the one included in the gpg4win > installer: http://www.gpg4win.org. Tried GPG4Win 1.0.0. Can still reproduce Rogers bug No 2): "decryped mail not shown" (in fact: same behaviour as with gpgol-0.9.3, GPG4Win 0.3.1, GPG4Win 0.6.0) System: WinXP SP2 DE, OL 2002 SP3, GPG4Win 1.0.0 / GPGol 0.9.8 - Options in OL: a) do not use MS Word to read or write b) write mail text-only every time c) read mail text-only every time (via RegKey "ReadAsPlain" = 1) d) Ansicht | [x] Vorschaufenster (preview window open all the time) - Options in GPGol: "[x] Auch im Vorschaufenster entschl?sseln" (also encrypt preview window) Steps to reproduce: 1) Select encrypted mail 2) Answer question about mantra 3) preview window shows encryped mail (is this called ascii armor?) plus new attachmemnt "PGPol-Attestation.txt", which contains the text '?berpr?fung begann am: [...] Diese Unterschrift ist korrekt. Status der Unterschrift ist "gr?n"' => expected behaviour: show decryped mail 4) double click on same encrypted mail => new window 5) press "Nachricht entschl?sseln" (decrypt message) tool bar button 6) Answer question about mantra 7) Dismiss dialog saying "signature is correct" 8) window still shows encryped mail => expected behaviour: show decryped mail 9) save mail as "mail.pgp", double click on it in file manager of choice, answer mantra => mail is decrypted ok Looking at GPGol log shows different behaviour after 2) and 6): After 6), there is a section with "display.cpp:update_display: window text is now 'complete decypted text of mail'" This is not there after 2)! However, the result is the same: no view of decrypeted text in OL. best regards Ralf . HINWEIS: Diese E-Mail kann vertrauliche Informationen beinhalten und ist ausschliesslich fuer die im Verteiler genannten Personen bestimmt. Wenn Sie nicht im Verteiler genannt sind, lesen oder verbreiten Sie diese Informationen NICHT; loeschen Sie bitte diese E-Mail. Unsere ausgehenden E-Mails einschliesslich deren Anlagen werden mit aktuellen Virenscannern geprueft, wir uebernehmen aber keinerlei Garantie dafuer, dass diese E-Mail virenfrei ist. Weiterhin uebernimmt die KROHNE Messtechnik keinerlei Verantwortung fuer einen evtl. Schaden oder Verlust, der sich aus dem Erhalt dieser Nachricht ergibt. Falls nicht ausdruecklich vermerkt, ist diese E-Mail keine gesetzlich bindende Vereinbarung. NOTE: The information transmitted in this email is for the person or entity to which it is addressed: it may contain information that is confidential and/or legally privileged. If you are not the intended recipient, please do not read, use, retransmit or disseminate this information. Although this email and any attachments are believed to be free of any virus, it is the responsibility of the recipient to ensure that they are virus free. No responsibility is accepted by the KROHNE Company for any loss or damage arising from receipt of this message. Furthermore, unless explicitly stated, this email is in no way a legally binding agreement. The views represented in this email do not necessarily represent those of the corporation. From dshaw at jabberwocky.com Mon Apr 10 14:11:25 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Apr 10 14:10:44 2006 Subject: auto-key-locate pka (gpg version 1.4.3) In-Reply-To: <4439F1EB.6030200@gmail.com> References: <4438368F.2010500@leuenberger.net> <20060409001148.GE27174@jabberwocky.com> <87lkues8cx.fsf@athene.jamux.com> <20060409231707.GD21747@jabberwocky.com> <4439F1EB.6030200@gmail.com> Message-ID: <20060410121125.GF21747@jabberwocky.com> On Mon, Apr 10, 2006 at 03:19:31PM +0930, Alphax wrote: > David Shaw wrote: > > On Sun, Apr 09, 2006 at 06:16:14PM -0400, John A. Martin wrote: > >>> "ds" == David Shaw > >>> "Re: auto-key-locate pka (gpg version 1.4.3)" > >>> Sat, 8 Apr 2006 20:11:48 -0400 > >> ds> This means that the build of GnuPG you has no DNS support (pka > >> ds> and cert require DNS support, and ldap and keyserver don't). > >> > >> Wouldn't it be nice if 'gpg --version' printed a list of the features > >> available in the version supported and not-supported by the > >> executable? > > > > That's a good idea. I'll look at doing that. > > > > Will that also include "undocumented" features like --enarmor? No. There is no compile-time question whether enarmor exists or not. It just exists. If you want a list of all keywords that GnuPG understands, use "gpg --dump-options". David From a24061 at yahoo.com Mon Apr 10 14:37:57 2006 From: a24061 at yahoo.com (Adam Funk) Date: Mon Apr 10 14:43:46 2006 Subject: auto-key-locate pka (gpg version 1.4.3) References: <4438368F.2010500@leuenberger.net> <20060409001148.GE27174@jabberwocky.com> <87lkues8cx.fsf@athene.jamux.com> <20060409231707.GD21747@jabberwocky.com> <4439F1EB.6030200@gmail.com> <20060410121125.GF21747__11582.6078261764$1144671590$gmane$org@jabberwocky.com> Message-ID: <560qg3-9gi.ln1@news.ducksburg.com> On 2006-04-10, David Shaw wrote: > No. There is no compile-time question whether enarmor exists or not. > It just exists. If you want a list of all keywords that GnuPG > understands, use "gpg --dump-options". Isn't that an undocumented option too? I've just tried "gpg --help |grep dump" and "man gpg" with a search for dump, and they both find nothing. From dshaw at jabberwocky.com Mon Apr 10 14:52:48 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Apr 10 14:52:03 2006 Subject: More questions about: "gpg: WARNING: message was not integrity protected" In-Reply-To: References: <20060409222827.GB21747@jabberwocky.com> Message-ID: <20060410125248.GG21747@jabberwocky.com> On Sun, Apr 09, 2006 at 11:11:48PM -0300, Trevor Smith wrote: > On 9-Apr-06, at 7:28 PM, David Shaw wrote: > >MDC can be forced on via --force-mdc. As Werner said, the preference > > Excellent. So, the follow-up question is, should one use this option > for files symmetrically encrypted for long-term storage (like if > burned to a CD)? You should really use MDC whenever you can. The only time you should not use it is when communicating with someone who can't read it. If you are encrypting to yourself, you can assume you can read it, of course. > >system will automatically handle this for public key encryption. For > >symmetric encryption (which has no preference system), you can use > >--force-mdc if you want a MDC. > > Can you briefly explain this "preference system"? As in, does this > mean a given public key may/will have a preference for some algo > stored in it and when my copy of GPG attempts to encrypt to that > public key, it uses that symmetric cipher (when possible)? Basically, yes. Every key has a number of preferences on it (they live on the self-signature). The union of these lists are taken together which results in a list of ciphers that everyone can handle. That is, it doesn't matter in terms of interoperability which cipher is chosen from this list. To make sure that there is always a choice even if the union is empty, in this case 3DES is used. Finally, your personal-cipher-preferences are consulted to pick the one from this list that you personally like best. MDC works similarly: each key is consulted to see if it can handle MDC. If all can, then MDC is used. If AES or TWOFISH happens to be in the preferences, then it is assumed that MDC exists even if the MDC-is-usable flag isn't set. Have you ever bought a pizza with a number of people? The preference system is a bit like that. Everyone seems to like a different topping on the pizza but can more or less agree on something. (Though you can't get half one thing and half another with crypto!) > >In an effort to increase the use of MDC, it was noted that all > >implementations that could handle AES could also handle MDC. Thus, > >using any AES (or TWOFISH) turns the MDC flag on for you. > > Ah, great! So there are at least two benefits of using AES over CAST5 > then (larger keyspace and MDC turned on). Three. I had forgotten for a moment the larger blocksize of AES256, as Werner pointed out. You could turn the MDC flag on for CAST5 for yourself, of course, but that still leaves the larger keyspace and larger blocksize that AES256 has. > >It is, but this is not a complete answer. Neither of you should have > >a cipher-algo set in your gpg.conf file. If you do, you're fighting > >against all the automatic parts of the system. Let GPG do what it is > > Fair enough. I had set it because I was archiving some things for > long-term storage and discovered it was defaulting to CAST5 and > thought, why not use the largest keyspace I can? > > But your point is taken, because I understand now that I was also > forcing asymmetric encryption to use AES256 as the session cipher, > which might cause problems. > > Then again, if I send emails that I might not want people to decrypt > 5 or 10 years from now, would I want session ciphers to be defaulting > to AES256 instead of CAST5? Why is this the default? Backwards compatibility. CAST5 has been around it seems forever. AES256 hasn't. It's fine to use AES256, just don't do it with "cipher-algo AES256". Use "personal-cipher-prefs" instead, and list the ciphers you prefer in the order you prefer them. Then AES256 will be used whenever it is possible to use it (including --symmetric encryption), rather than forcing AES256 even when the recipient won't be able to read it. Incidentally, AES256 is really, really strong. How strong is your public key? In most cases, the public key is not as strong as AES256, so an attacker may choose to go up against the weaker public key encryption and not attack AES256 at all. The NIST people estimate that you'd need a 15360-bit DSA or RSA key to match the strength of AES256... Nothing wrong with using AES256 anyway, of course, so long as your public key is strong enough for your purposes. David From trevor at haligonian.com Mon Apr 10 16:47:21 2006 From: trevor at haligonian.com (Trevor Smith) Date: Mon Apr 10 17:08:16 2006 Subject: More questions about: "gpg: WARNING: message was not integrity protected" In-Reply-To: <20060410125248.GG21747@jabberwocky.com> References: <20060409222827.GB21747@jabberwocky.com> <20060410125248.GG21747@jabberwocky.com> Message-ID: On 10-Apr-06, at 9:52 AM, David Shaw wrote: > Backwards compatibility. CAST5 has been around it seems forever. > AES256 hasn't. Ah, I see. > It's fine to use AES256, just don't do it with "cipher-algo AES256". > Use "personal-cipher-prefs" instead, and list the ciphers you prefer thanks for the tip! (Interestingly, vim "knows" all the other options in my gpg.conf file and syntax highlights them, but personal-cipher- prefs appears to be unknown to it so at first I thought I had typed something wrong because it didn't get highlighted.) > Incidentally, AES256 is really, really strong. How strong is your > public key? In most cases, the public key is not as strong as AES256, Thanks. That's also an excellent point. (Naturally, my public key is not 15360-bit.) -- Trevor Smith trevor@haligonian.com From dshaw at jabberwocky.com Mon Apr 10 18:13:53 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Apr 10 18:13:31 2006 Subject: More questions about: "gpg: WARNING: message was not integrity protected" In-Reply-To: References: <20060409222827.GB21747@jabberwocky.com> <20060410125248.GG21747@jabberwocky.com> Message-ID: <20060410161353.GB24524@jabberwocky.com> On Mon, Apr 10, 2006 at 11:47:21AM -0300, Trevor Smith wrote: > On 10-Apr-06, at 9:52 AM, David Shaw wrote: > >Backwards compatibility. CAST5 has been around it seems forever. > >AES256 hasn't. > > Ah, I see. > > >It's fine to use AES256, just don't do it with "cipher-algo AES256". > >Use "personal-cipher-prefs" instead, and list the ciphers you prefer > > thanks for the tip! (Interestingly, vim "knows" all the other options > in my gpg.conf file and syntax highlights them, but personal-cipher- > prefs appears to be unknown to it so at first I thought I had typed > something wrong because it didn't get highlighted.) Try "personal-cipher-preferences". Maybe vim only highlights the longer form of the name. David From wk at gnupg.org Mon Apr 10 20:35:21 2006 From: wk at gnupg.org (Werner Koch) Date: Mon Apr 10 21:06:59 2006 Subject: auto-key-locate pka (gpg version 1.4.3) In-Reply-To: <560qg3-9gi.ln1@news.ducksburg.com> (Adam Funk's message of "Mon, 10 Apr 2006 13:37:57 +0100") References: <4438368F.2010500@leuenberger.net> <20060409001148.GE27174@jabberwocky.com> <87lkues8cx.fsf@athene.jamux.com> <20060409231707.GD21747@jabberwocky.com> <4439F1EB.6030200@gmail.com> <20060410121125.GF21747__11582.6078261764$1144671590$gmane$org@jabberwocky.com> <560qg3-9gi.ln1@news.ducksburg.com> Message-ID: <87vethwa6u.fsf@wheatstone.g10code.de> On Mon, 10 Apr 2006 13:37:57 +0100, Adam Funk said: > Isn't that an undocumented option too? I've just tried "gpg --help > |grep dump" and "man gpg" with a search for dump, and they both find > nothing. Yes, this is indeed not documented. It stems from some experiments with auto command line completion. Salam-Shalom, Werner From michael at vorlon.ping.de Tue Apr 11 13:55:17 2006 From: michael at vorlon.ping.de (Michael Bienia) Date: Tue Apr 11 13:54:29 2006 Subject: scdaemon forgets sometimes some data from an OpenPGP card Message-ID: <20060411115517.GA5179@vorlon.ping.de> Hello, I've a problem that sometimes gpg --card-status doesn't display all data from the OpenPGP card (I've use-agent in my gpg.conf). If I plug in the card the first time after booting, the output of gpg --card-status is as expected. But I call gpg --card-status again the field for PIN length and the counters display zeros: | Max. PIN lengths .: 0 0 0 | PIN retry counter : 0 0 0 | Signature counter : 0 If the card is in this state it can't be used. After killing scdaemon or reinserting the card it works again. Michael From michael at vorlon.ping.de Tue Apr 11 14:00:56 2006 From: michael at vorlon.ping.de (Michael Bienia) Date: Tue Apr 11 14:00:07 2006 Subject: setting the url field of a OpenPGP fails when using gpg-agent Message-ID: <20060411120056.GB5179@vorlon.ping.de> Hello, if I try to set the url field of an OpenPGP card using gpg with gpg-agent it fails with the following error: | gpg: sending command `SCD SETATTR' to agent failed: ec=6.32769 | gpg: error setting URL: general error But I can set an url if I use gpg without gpg-agent. Michael From wk at gnupg.org Tue Apr 11 17:03:46 2006 From: wk at gnupg.org (Werner Koch) Date: Tue Apr 11 17:06:47 2006 Subject: setting the url field of a OpenPGP fails when using gpg-agent In-Reply-To: <20060411120056.GB5179@vorlon.ping.de> (Michael Bienia's message of "Tue, 11 Apr 2006 14:00:56 +0200") References: <20060411120056.GB5179@vorlon.ping.de> Message-ID: <87lkucqhm5.fsf@wheatstone.g10code.de> On Tue, 11 Apr 2006 14:00:56 +0200, Michael Bienia said: > if I try to set the url field of an OpenPGP card using gpg with > gpg-agent it fails with the following error: > | gpg: sending command `SCD SETATTR' to agent failed: ec=6.32769 > | gpg: error setting URL: general error > But I can set an url if I use gpg without gpg-agent. To debug this, you need to use a log file scdaemon and enable debugging. Put log-file socket:///home/YOU/.gnupg/S.log verbose debug 2048 into scdaemon.conf and restart it. Then attach watchgnupg --force ~/.gnupg/S.log (you may have this already running or using the KDE frontend). Shalom-Salam, Werner From wk at gnupg.org Tue Apr 11 17:01:21 2006 From: wk at gnupg.org (Werner Koch) Date: Tue Apr 11 17:06:53 2006 Subject: scdaemon forgets sometimes some data from an OpenPGP card In-Reply-To: <20060411115517.GA5179@vorlon.ping.de> (Michael Bienia's message of "Tue, 11 Apr 2006 13:55:17 +0200") References: <20060411115517.GA5179@vorlon.ping.de> Message-ID: <87psjoqhq6.fsf@wheatstone.g10code.de> On Tue, 11 Apr 2006 13:55:17 +0200, Michael Bienia said: > I've a problem that sometimes gpg --card-status doesn't display all data > from the OpenPGP card (I've use-agent in my gpg.conf). If possible, please try the scdaemon from svn. Quite some things have been fixed since the last release in December. Salam-Shalom, Werner From michael at vorlon.ping.de Tue Apr 11 21:14:28 2006 From: michael at vorlon.ping.de (Michael Bienia) Date: Tue Apr 11 21:13:52 2006 Subject: scdaemon forgets sometimes some data from an OpenPGP card In-Reply-To: <87psjoqhq6.fsf@wheatstone.g10code.de> References: <20060411115517.GA5179@vorlon.ping.de> <87psjoqhq6.fsf@wheatstone.g10code.de> Message-ID: <20060411191428.GA30302@vorlon.ping.de> On 2006-04-11 17:01:21 +0200, Werner Koch wrote: > On Tue, 11 Apr 2006 13:55:17 +0200, Michael Bienia said: > > > I've a problem that sometimes gpg --card-status doesn't display all data > > from the OpenPGP card (I've use-agent in my gpg.conf). > > If possible, please try the scdaemon from svn. Quite some things have > been fixed since the last release in December. This is a recent svn version of scdaemon (svn version 4096). Michael From michael at vorlon.ping.de Tue Apr 11 23:43:57 2006 From: michael at vorlon.ping.de (Michael Bienia) Date: Tue Apr 11 23:43:31 2006 Subject: setting the url field of a OpenPGP fails when using gpg-agent In-Reply-To: <87lkucqhm5.fsf@wheatstone.g10code.de> References: <20060411120056.GB5179@vorlon.ping.de> <87lkucqhm5.fsf@wheatstone.g10code.de> Message-ID: <20060411214357.GA31330@vorlon.ping.de> On 2006-04-11 17:03:46 +0200, Werner Koch wrote: > On Tue, 11 Apr 2006 14:00:56 +0200, Michael Bienia said: > > > if I try to set the url field of an OpenPGP card using gpg with > > gpg-agent it fails with the following error: > > | gpg: sending command `SCD SETATTR' to agent failed: ec=6.32769 > > | gpg: error setting URL: general error > > But I can set an url if I use gpg without gpg-agent. > > To debug this, you need to use a log file scdaemon and enable > debugging. Here is the debug output: ,---- | [client at fd 4 connected] | 4 - 2006-04-11 23:34:59 scdaemon[31472]: DBG: APDU_data: 00 CA 00 C4 00 | 4 - 2006-04-11 23:34:59 scdaemon[31472]: DBG: response: sw=9000 datalen=7 | 4 - 2006-04-11 23:34:59 scdaemon[31472]: DBG: dump: 00 FE FE FE 03 03 03 | 4 - 2006-04-11 23:34:59 scdaemon[31472]: DBG: send apdu: c=00 i=CA p0=00 p1=7A lc=-1 le=256 | 4 - 2006-04-11 23:34:59 scdaemon[31472]: DBG: APDU_data: 00 CA 00 7A 00 | 4 - 2006-04-11 23:34:59 scdaemon[31472]: DBG: response: sw=9000 datalen=5 | 4 - 2006-04-11 23:34:59 scdaemon[31472]: DBG: dump: 93 03 00 00 16 | 4 - 2006-04-11 23:35:03 scdaemon[31472]: access to admin commands is not configured `---- Looking at the available options for scdaemon, is adding allow-admin into scdaemon.conf the correct solution for my problem? It is safe to use allow-admin? Michael From RStorm at krohne.de Wed Apr 12 08:46:21 2006 From: RStorm at krohne.de (Storm Ralf) Date: Wed Apr 12 08:46:38 2006 Subject: [gpgol] gpgol not working with Outlook 2002] Message-ID: me wrote: > Tried GPG4Win 1.0.0. > > Can still reproduce Rogers bug No 2): "decryped mail not shown" > > > System: WinXP SP2 DE, OL 2002 SP3, GPG4Win 1.0.0 / GPGol 0.9.8 Encrypting of mail to send does not work either: Steps to reproduce 1) write new mail 2) press "encrypt mail" toolbar button 3) select key(s) => Mail is send (no warning, no error msg). Body is plaintext as before, only attachment is encrypted. Now, _this_ is serious. btw: there is no warning that GPGol does not work with this version of OL - as written in the "einsteiger.pdf" manual, page 49. bye Ralf . HINWEIS: Diese E-Mail kann vertrauliche Informationen beinhalten und ist ausschliesslich fuer die im Verteiler genannten Personen bestimmt. Wenn Sie nicht im Verteiler genannt sind, lesen oder verbreiten Sie diese Informationen NICHT; loeschen Sie bitte diese E-Mail. Unsere ausgehenden E-Mails einschliesslich deren Anlagen werden mit aktuellen Virenscannern geprueft, wir uebernehmen aber keinerlei Garantie dafuer, dass diese E-Mail virenfrei ist. Weiterhin uebernimmt die KROHNE Messtechnik keinerlei Verantwortung fuer einen evtl. Schaden oder Verlust, der sich aus dem Erhalt dieser Nachricht ergibt. Falls nicht ausdruecklich vermerkt, ist diese E-Mail keine gesetzlich bindende Vereinbarung. NOTE: The information transmitted in this email is for the person or entity to which it is addressed: it may contain information that is confidential and/or legally privileged. If you are not the intended recipient, please do not read, use, retransmit or disseminate this information. Although this email and any attachments are believed to be free of any virus, it is the responsibility of the recipient to ensure that they are virus free. No responsibility is accepted by the KROHNE Company for any loss or damage arising from receipt of this message. Furthermore, unless explicitly stated, this email is in no way a legally binding agreement. The views represented in this email do not necessarily represent those of the corporation. From twoaday at gmx.net Wed Apr 12 12:15:44 2006 From: twoaday at gmx.net (Timo Schulz) Date: Wed Apr 12 12:12:03 2006 Subject: GnuPG for Outlook Express Message-ID: <20060412101544.GA1087@daredevil.joesixpack.net> Hi! After years in the frozen state, I decided to reawake GPGoe again. For those who don't know GPGoe, it's a GPG plug-in for the Outlook Express mailer. It provides inline-PGP operations (sign, encrypt, both) and some features to make replies to encrypted mails a lot of easier. And of course it's free software under the terms of the LGPL. Maybe some users are forced to use OE and they want at least use inline-PGP to secure and/or verify messages. In this case, GPGoe might be the right choice. The program (and also the source) can be downloaded here: http://wald.intevation.org/projects/gpgoe Timo From wk at gnupg.org Wed Apr 12 12:34:29 2006 From: wk at gnupg.org (Werner Koch) Date: Wed Apr 12 12:36:48 2006 Subject: [gpgol] gpgol not working with Outlook 2002] In-Reply-To: (Storm Ralf's message of "Wed, 12 Apr 2006 08:46:21 +0200") References: Message-ID: <87irpfozey.fsf@wheatstone.g10code.de> On Wed, 12 Apr 2006 08:46:21 +0200, Storm Ralf said: > btw: there is no warning that GPGol does not work with this version of > OL - as written in the "einsteiger.pdf" manual, page 49. Can you please enable debugging and send me the lines giving the version. They should read like: 440/GPGol: this is gpgol 0.9.8 440/GPGol: detected Outlook build version 0xd0625 (13.1573) 440/GPGol: actual version 0x1030400 (1.3.4.0) 440/GPGol: virtual version 0x1030400 (1.3.4.0) Salam-Shalom, Werner From wk at gnupg.org Wed Apr 12 12:36:55 2006 From: wk at gnupg.org (Werner Koch) Date: Wed Apr 12 12:41:44 2006 Subject: setting the url field of a OpenPGP fails when using gpg-agent In-Reply-To: <20060411214357.GA31330@vorlon.ping.de> (Michael Bienia's message of "Tue, 11 Apr 2006 23:43:57 +0200") References: <20060411120056.GB5179@vorlon.ping.de> <87lkucqhm5.fsf@wheatstone.g10code.de> <20060411214357.GA31330@vorlon.ping.de> Message-ID: <87ek03ozaw.fsf@wheatstone.g10code.de> On Tue, 11 Apr 2006 23:43:57 +0200, Michael Bienia said: > Looking at the available options for scdaemon, is adding allow-admin > into scdaemon.conf the correct solution for my problem? It is safe to > use allow-admin? Right. I forgot about this. I introduced --allow-admin to give sysadmins a way to forbid users to do possible evil things (like trying over and over to unlock a blocked PIN and by that permanently locking the card). Yes, it is safe to enable --allow-admin Shalom-Salam, Werner From wk at gnupg.org Wed Apr 12 12:39:10 2006 From: wk at gnupg.org (Werner Koch) Date: Wed Apr 12 12:41:52 2006 Subject: scdaemon forgets sometimes some data from an OpenPGP card In-Reply-To: <20060411191428.GA30302@vorlon.ping.de> (Michael Bienia's message of "Tue, 11 Apr 2006 21:14:28 +0200") References: <20060411115517.GA5179@vorlon.ping.de> <87psjoqhq6.fsf@wheatstone.g10code.de> <20060411191428.GA30302@vorlon.ping.de> Message-ID: <87acaroz75.fsf@wheatstone.g10code.de> On Tue, 11 Apr 2006 21:14:28 +0200, Michael Bienia said: > This is a recent svn version of scdaemon (svn version 4096). There is a race with removing and inserting the card. We are currently looking into it. Salam-Shalom, Werner From RStorm at krohne.de Wed Apr 12 13:15:13 2006 From: RStorm at krohne.de (Storm Ralf) Date: Wed Apr 12 13:16:05 2006 Subject: [gpgol] gpgol not working with Outlook 2002] Message-ID: > Can you please enable debugging and send me the lines giving > the version. They should read like: > > 440/GPGol: this is gpgol 0.9.8 > 440/GPGol: detected Outlook build version 0xd0625 (13.1573) > 440/GPGol: actual version 0x1030400 (1.3.4.0) > 440/GPGol: virtual version 0x1030400 (1.3.4.0) getting this: 1348/GPGol: this is gpgol 0.9.8 1348/GPGol: detected Outlook build version 0xd0625 (13.1573) 1348/GPGol: actual version 0x1030400 (1.3.4.0) 1348/GPGol: virtual version 0x1030400 (1.3.4.0) Outlook calls itself "Outlook 2002 (10.6515.6626) SP3" outlook.exe has 47816 bytes and is from 29.1.2004. File properties report product version as 10.0.6626.0 bye Ralf . HINWEIS: Diese E-Mail kann vertrauliche Informationen beinhalten und ist ausschliesslich fuer die im Verteiler genannten Personen bestimmt. Wenn Sie nicht im Verteiler genannt sind, lesen oder verbreiten Sie diese Informationen NICHT; loeschen Sie bitte diese E-Mail. Unsere ausgehenden E-Mails einschliesslich deren Anlagen werden mit aktuellen Virenscannern geprueft, wir uebernehmen aber keinerlei Garantie dafuer, dass diese E-Mail virenfrei ist. Weiterhin uebernimmt die KROHNE Messtechnik keinerlei Verantwortung fuer einen evtl. Schaden oder Verlust, der sich aus dem Erhalt dieser Nachricht ergibt. Falls nicht ausdruecklich vermerkt, ist diese E-Mail keine gesetzlich bindende Vereinbarung. NOTE: The information transmitted in this email is for the person or entity to which it is addressed: it may contain information that is confidential and/or legally privileged. If you are not the intended recipient, please do not read, use, retransmit or disseminate this information. Although this email and any attachments are believed to be free of any virus, it is the responsibility of the recipient to ensure that they are virus free. No responsibility is accepted by the KROHNE Company for any loss or damage arising from receipt of this message. Furthermore, unless explicitly stated, this email is in no way a legally binding agreement. The views represented in this email do not necessarily represent those of the corporation. From wk at gnupg.org Wed Apr 12 18:55:20 2006 From: wk at gnupg.org (Werner Koch) Date: Wed Apr 12 19:01:49 2006 Subject: [gpgol] gpgol not working with Outlook 2002] In-Reply-To: (Storm Ralf's message of "Wed, 12 Apr 2006 13:15:13 +0200") References: Message-ID: <87bqv6ohs7.fsf@wheatstone.g10code.de> On Wed, 12 Apr 2006 13:15:13 +0200, Storm Ralf said: > 1348/GPGol: detected Outlook build version 0xd0625 (13.1573) > 1348/GPGol: actual version 0x1030400 (1.3.4.0) > 1348/GPGol: virtual version 0x1030400 (1.3.4.0) > Outlook calls itself > "Outlook 2002 (10.6515.6626) SP3" Shows exactly the same version numbers as my OL2003SP2. > outlook.exe has 47816 bytes and is from 29.1.2004. File properties > report product version as 10.0.6626.0 Mine is 196608 bytes, file version 11.0.6565.0. The date seems to be irrlevant as it is the installation date. Given that it is build up out of dozens or hundreds of components it is no miracle that some things diverge. No idea what to do about this. I guess we need to look for more version numbers as the offical ones are not sufficient. Shalom-Salam, Werner From engage at n0sq.us Thu Apr 13 02:07:50 2006 From: engage at n0sq.us (engage) Date: Thu Apr 13 03:26:18 2006 Subject: GnuPG for Outlook Express In-Reply-To: <20060412101544.GA1087@daredevil.joesixpack.net> References: <20060412101544.GA1087@daredevil.joesixpack.net> Message-ID: <200604121807.51169.engage@n0sq.us> On Wednesday 12 April 2006 04:15 am, Timo Schulz wrote: >Hi! > >After years in the frozen state, I decided to reawake GPGoe again. > >For those who don't know GPGoe, it's a GPG plug-in for the Outlook >Express mailer. It provides inline-PGP operations (sign, encrypt, both) >and some features to make replies to encrypted mails a lot of easier. >And of course it's free software under the terms of the LGPL. > >Maybe some users are forced to use OE and they want at least use >inline-PGP to secure and/or verify messages. In this case, GPGoe >might be the right choice. > >The program (and also the source) can be downloaded here: >http://wald.intevation.org/projects/gpgoe > I don't use OE but I have a few friends that do and I have been trying to help them to get GPG working under Windows XP since PGP is not provided free for XP. But I have been having a lot of trouble getting the GPG plug in for OE to work. Even WinPT has been problematic. Since my friends are Windows users they aren't interested in the CLI and most have abandoned e-mail encryption since it isn't as user friendly as it once was. It does appear that the e-mail program that comes bundled with gpg4win works well with GPG but my friends are unwilling to change e-mail clients. I realize that GPG is freeware that is being developed by volunteers but I would like to see GPG become rock solid because I want my friends to continue to use e-mail encryption. Since they are unwilling to pay for PGP it's unlikely that they will donate money for a program that they have a lot of difficulty using. If GPGoe works out maybe they'll be interested in doing e-mail encryption again. From cboyce at msm.edu Mon Apr 10 20:18:39 2006 From: cboyce at msm.edu (Boyce, Collin) Date: Thu Apr 13 10:42:59 2006 Subject: MPI too large Message-ID: When decrypting a file I get the following error message. I saw previous posts but was unable to find what the resolution Error: gpg: mpi too large for this implementation (55559 bits) Command line Echo passpharase| gpg --passphrase-fd 0 -u xx@xx.edu --batch --openpgp -o "position.txt" --decrypt "position.txt.pgp" Platform: Microsoft Windows 2000 [Version 5.00.2195] gpg (GnuPG) 1.4.2.2 Any help would be appreciated. Thanks From wk at gnupg.org Thu Apr 13 14:17:06 2006 From: wk at gnupg.org (Werner Koch) Date: Thu Apr 13 14:21:41 2006 Subject: MPI too large In-Reply-To: (Collin Boyce's message of "Mon, 10 Apr 2006 14:18:39 -0400") References: Message-ID: <87d5flmzzx.fsf@wheatstone.g10code.de> On Mon, 10 Apr 2006 14:18:39 -0400, Boyce, Collin said: > Error: > gpg: mpi too large for this implementation (55559 bits) The input file is corrupted. Compare position.txt.pgp against the orginal version at the sender's side. You may use gpg --print-md sha1 position.txt.pgp to get a checksum which you can compare by mail or even phone. Salam-Shalom, Werner From widhalmt at unix.sbg.ac.at Fri Apr 14 10:10:11 2006 From: widhalmt at unix.sbg.ac.at (Thomas Widhalm) Date: Fri Apr 14 11:26:31 2006 Subject: New CA in Austria Message-ID: <443F58E3.4040108@unix.sbg.ac.at> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi! We established a gpg Key for the Unix- servers of the University of Salzburg. And we want to offer signatures by our Certification key to the public. So if you are interested in signatures to your key, you may contact me via this email- address. I can guide you how to get one. Please understand, that you have to visit us in person. We are looking for cross- signatures with other CAs, too. So please contact us, if you want to change signatures. Regards, Thomas - -- ***************************************************************** * Thomas Widhalm Unix Administrator * * University of Salzburg ITServices (ITS) * * Systems Management Unix Systems * * Hellbrunnerstr. 34 5020 Salzburg, Austria * * widhalmt@unix.sbg.ac.at +43/662/8044-6774 * * gpg: 6265BAE6 * * http://www.sbg.ac.at/zid/organisation/mitarbeiter/widhalm.htm * ***************************************************************** -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFEP1jjkbjs3GJluuYRApXcAKCCDIGVfwORtLOTapzG61ntAGT79QCgoUGp +gbheTkDSlEDyqr0LEo8wBw= =lnaA -----END PGP SIGNATURE----- From ml at bitfalle.org Fri Apr 14 14:44:49 2006 From: ml at bitfalle.org (markus reichelt) Date: Fri Apr 14 16:26:23 2006 Subject: New CA in Austria / Linuxtage Wiesbaden In-Reply-To: <443F58E3.4040108@unix.sbg.ac.at> References: <443F58E3.4040108@unix.sbg.ac.at> Message-ID: <20060414124449.GA8361@dantooine> * Thomas Widhalm wrote: > We are looking for cross- signatures with other CAs, too. So please > contact us, if you want to change signatures. Sorry for hijacking, but I guess the easiest way of obtaining those soon is to attend the upcoming Linuxtage in Wiesbaden, Germany, since it's the largest of all Linuxtage events in Germany. Chances are pretty high that you'll be able to make interesting contacts there. There's also a key-signing party which somehow seems to be not listed in the official programme: http://www.linuxtag.org/2006/en/community/keysigning.html I plan to attend on May 5th & 6th. -- left blank, right bald -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 191 bytes Desc: not available Url : /pipermail/attachments/20060414/d30d46d6/attachment.pgp From mcarroll at yesbank.com Fri Apr 14 17:55:55 2006 From: mcarroll at yesbank.com (mcarroll) Date: Fri Apr 14 18:16:51 2006 Subject: GPG Logfile Message-ID: <3918815.post@talk.nabble.com> is it possbile after decrypting a file, to generate a logfile describing what has been decrypted or if the process fails, list what happened? I tried this but it produced an empty logfile... gpg --always-trust --batch --decrypt -o pp26.pgp.txt PKTMP002.xls >logfile.txt Anyone have any ideas? -- View this message in context: http://www.nabble.com/GPG-Logfile-t1450427.html#a3918815 Sent from the GnuPG - User forum at Nabble.com. From feitao at msn.com Sat Apr 15 04:00:12 2006 From: feitao at msn.com (feitao) Date: Sat Apr 15 04:49:11 2006 Subject: Filename is not embedded when using redirection Message-ID: Hi, My environment is Windows XP, gpg 1.4.2.2. I just found out that the following are different: 1) gpg -o a.gpg -e a.txt 2) gpg -e < a.txt > a.gpg When using -o, the gpg file embeds the original filename, thus gpg --use-embedded-filenmae a.gpg is valid. However, 2) does not embed the filename, and gpg --use-embedded-filenmae a.gpg prints to stdout. My question is how I can embed the filename using Method 2 (< >)? The reason I hate Method 1 (-o) is that it fails for large (~5G) files in Windows XP. Thanks a lot! Fei From tmz at pobox.com Sat Apr 15 07:12:50 2006 From: tmz at pobox.com (Todd Zullinger) Date: Sat Apr 15 07:13:08 2006 Subject: Filename is not embedded when using redirection In-Reply-To: <000001c66030$54cd1160$a3292480@yale95629b92ac> References: <000001c66030$54cd1160$a3292480@yale95629b92ac> Message-ID: <20060415051249.GD29224@psilocybe.teonanacatl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 feitao wrote: > Hi, > > My environment is Windows XP, gpg 1.4.2.2. I just found out that the > following are different: > 1) gpg -o a.gpg -e a.txt > 2) gpg -e < a.txt> a.gpg > > When using -o, the gpg file embeds the original filename, thus > gpg --use-embedded-filenmae a.gpg > is valid. However, 2) does not embed the filename, and > gpg --use-embedded-filenmae a.gpg > prints to stdout. > > My question is how I can embed the filename using Method 2 (<>)? The > reason I hate Method 1 (-o) is that it fails for large (~5G) files > in Windows XP. I haven't tested this, but --set-filename looks like the option you want to check out. - -- Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp ====================================================================== Dawn, n.: The time when men of reason go to bed. -- Ambrose Bierce, "The Devil's Dictionary" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iG0EARECAC0FAkRAgNEmGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt ei5hc2MACgkQuv+09NZUB1o/mgCgpV7pW9C/oyUJzwSMMCzV1veAe4QAoKhQQiEM GHrqZy5Uor1v/v4dVH75 =tq1k -----END PGP SIGNATURE----- From feitao at msn.com Sat Apr 15 08:33:21 2006 From: feitao at msn.com (feitao) Date: Sat Apr 15 08:33:17 2006 Subject: Non-ascii embedded filename Message-ID: Hi, Sorry for my last post. --set-filename sets the filename. But it seems gpg has some problem with some Chinese characters. For = example, it interprets '=82S' as '\x8S':=20 gpg --set-filename "A=82S.txt" -e < d.txt > c.gpg gpg --use-embedded-filename -v c.gpg=20 gpg: original file name=3D'A=82S.txt' gpg: error creating `A\x8S.txt': No such file or directory Thanks for your attention. Fei From leonleon77 at hotmail.com Sat Apr 15 07:35:25 2006 From: leonleon77 at hotmail.com (leon z) Date: Sat Apr 15 09:26:08 2006 Subject: supported ciphers... in CBC mode? Message-ID: Hi all, my "gpg --version" lists various algos (e.g. AES, 3DES, etc.) as being supported... is there a way to determine if such algos are used in CBC mode by gpg (or is it a default behaviour?)... for example, documentation for other software such as cryptographic device drivers (cgd) in NetBSD explicitly states that aes algo is supported as aes-cbc mode... is there a similar kind of information available for gnupg? regards, Leon. _________________________________________________________________ Win 1000s of music downloads and Party MeeGos instantly. Play now! http://ninemsn.com.au/share/redir/adTrack.asp?mode=click&clientID=689&referral=hotmailtagline&URL=http://partyfever.ninemsn.com.au/compintro.aspx?compid=209 From dennis at discworld.ping.de Sat Apr 15 10:18:33 2006 From: dennis at discworld.ping.de (Dennis Heitmann) Date: Sat Apr 15 12:45:22 2006 Subject: GPG Logfile In-Reply-To: <3918815.post@talk.nabble.com> References: <3918815.post@talk.nabble.com> Message-ID: <4440AC59.2060208@discworld.ping.de> Try gpg --blahblah > logfile.txt 2>&1 Then you'll redirect stderr and stdout in the logfile.txt. Dennis From veronatif at free.fr Sat Apr 15 14:14:06 2006 From: veronatif at free.fr (Alain Bench) Date: Sat Apr 15 17:56:23 2006 Subject: Non-ascii embedded filename In-Reply-To: <000401c66056$7d573900$a3292480@yale95629b92ac> References: <000401c66056$7d573900$a3292480@yale95629b92ac> Message-ID: <20060415121405.GA11229@free.fr> Hello, On Saturday, April 15, 2006 at 2:33:21 -0400, feitao wrote: > [embedded filenames] gpg has some problem with some Chinese > characters. For example, it interprets '?S' as '\x8S' Confirmed with GnuPG 1.4.3 on Linux. It seems that in characters encoding, all bytes that are between 0x80 and 0x9F are munged. Exactly all bytes between 0x80 and 0x8F are replaced by the 3 chars "\x8", and all bytes between 0x90 and 0x9F are replaced by the 3 chars "\x9". This on a correct locale setup, and on a filesystem accepting those bytes in filenames. It seems the embedded filename is stored OK, and the munging takes place at the --use-embedded-filename stage. Additionally filenames are stored and extracted as they are, in the current charset. This gives another problem when the locale is not the same during both operations. Bye! Alain. -- Give your computer's unused idle processor cycles to a scientific goal: The Folding@home project at . From iulia_das at yahoo.com Mon Apr 17 19:25:58 2006 From: iulia_das at yahoo.com (Julia Dashkevich) Date: Mon Apr 17 21:56:21 2006 Subject: Help understanding gnupg needed! Message-ID: <20060417172558.16201.qmail@web51301.mail.yahoo.com> Hi, I have just installed GnuPG to use it with Enigmail extension for Thunderbird 1.5. Having gone through the setup and key generation, it was necessary to make my public key available on the web keyserver. Is it true that if i publish it there my email address (which comes in the user id) may become a target for spammers? Is it possible to show an existing webmail address in the user id which is not the email address i am going to use with encryption feature? Moreover, will i only be able to send encrypted mail to other gnupg users, or does it matter if the recepient has encryption software of the kind? ANy imput will be welcome - please respond, i need this info in order to make a decision whether to proceed with using this software or quit. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From mlisten at hammernoch.net Mon Apr 17 22:18:14 2006 From: mlisten at hammernoch.net (=?ISO-8859-1?Q?Ludwig_H=FCgelsch=E4fer?=) Date: Mon Apr 17 23:56:17 2006 Subject: Help understanding gnupg needed! In-Reply-To: <20060417172558.16201.qmail@web51301.mail.yahoo.com> References: <20060417172558.16201.qmail@web51301.mail.yahoo.com> Message-ID: <4443F806.9070500@hammernoch.net> Hi Julia, On 17.04.2006 19:25 Uhr, Julia Dashkevich wrote: > Hi, > I have just installed GnuPG to use it with Enigmail > extension for Thunderbird 1.5. > Having gone through the setup and key generation, it > was necessary to make my public key available on the > web keyserver. Is it true that if i publish it there > my email address (which comes in the user id) may > become a target for spammers? Yes, that is true. But the amount of spam coming through spammers that are harvesting keyservers is much less compared to posting in newsgroups. > Is it possible to show > an existing webmail address in the user id which is > not the email address i am going to use with > encryption feature? Yes, it is possible, but that breaks any encryption front end (like enigmail) which automatically searches the right key by searching for the email address in the key description. At least (with enigmail) nasty work is necessary to manually search the right key for the recipient when the mail adresses on the key doesn't match the real recipient address. Encryption with some other front end may not work at all. > Moreover, will i only be able to send encrypted mail > to other gnupg users, Yes. > or does it matter if the > recepient has encryption software of the kind? Yes, it matters. You won't be able to phone to somebody if he hasn't got a phone. (Roughly) the same is true for encrypted email. HTH Ludwig From linux at thorstenhau.de Mon Apr 17 22:19:25 2006 From: linux at thorstenhau.de (Thorsten Haude) Date: Mon Apr 17 23:56:34 2006 Subject: Help understanding gnupg needed! In-Reply-To: <20060417172558.16201.qmail@web51301.mail.yahoo.com> References: <20060417172558.16201.qmail@web51301.mail.yahoo.com> Message-ID: <20060417201924.GI1917@eumel.yoo.local> Hi, * Julia Dashkevich wrote (2006-04-17 10:25): >Having gone through the setup and key generation, it >was necessary to make my public key available on the >web keyserver. Is it true that if i publish it there >my email address (which comes in the user id) may >become a target for spammers? Yes, a far as I know. Anyway, damage done, you can't delete the key AFAIK. I hear that Thunderbird's spam filters are very good, so you shouldn't have too much trouble. >Is it possible to show an existing webmail address in the user id >which is not the email address i am going to use with encryption >feature? This could be awkward for your email partners. For example, my mail program automatically looks for the key based on the email address. >Moreover, will i only be able to send encrypted mail >to other gnupg users, or does it matter if the >recepient has encryption software of the kind? Only to GnuPG and most PGP users. >ANy imput will be welcome - please respond, i need >this info in order to make a decision whether to >proceed with using this software or quit. Well, I hope you proceed anyway. It's IMHO currently overall the best solution by far. Thorsten -- You're not supposed to be so blind with patriotism that you can't face reality. Wrong is wrong, no matter who does it or who says it. - Malcolm X -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20060417/013747cb/attachment.pgp From stef at caunter.ca Tue Apr 18 01:17:21 2006 From: stef at caunter.ca (Stef Caunter) Date: Tue Apr 18 01:44:50 2006 Subject: Help understanding gnupg needed! In-Reply-To: <20060417201924.GI1917@eumel.yoo.local> References: <20060417172558.16201.qmail@web51301.mail.yahoo.com> <20060417201924.GI1917@eumel.yoo.local> Message-ID: get over it, publishing your email results in spam; I don't think that this suprises anyone anymore - deal with it in your own way and move on. The rage against spam has resulted in excellent filtering software, but the energy on both sides amounts to equilibrium. Stef http://caunter.ca/contact.html >> Is it true that if i publish it there >> my email address (which comes in the user id) may >> become a target for spammers? > > Yes, a far as I know. Anyway, damage done, you can't delete the key > AFAIK. I hear that Thunderbird's spam filters are very good, so you > shouldn't have too much trouble. > >> Is it possible to show an existing webmail address in the user id >> which is not the email address i am going to use with encryption >> feature? > > This could be awkward for your email partners. For example, my mail > program automatically looks for the key based on the email address. From JPClizbe at comcast.net Tue Apr 18 07:56:01 2006 From: JPClizbe at comcast.net (John Clizbe) Date: Tue Apr 18 07:56:11 2006 Subject: Help understanding gnupg needed! In-Reply-To: <20060417172558.16201.qmail@web51301.mail.yahoo.com> References: <20060417172558.16201.qmail@web51301.mail.yahoo.com> Message-ID: <44447F71.7080505@comcast.net> Julia Dashkevich wrote: > Hi, > I have just installed GnuPG to use it with Enigmail extension for Thunderbird 1.5. Welcome to the GnuPG and Enigmail user communities. There is an Enigmail specific list at Enigmail@mozdev.org. > Having gone through the setup and key generation, it was necessary to make my > public key available on the web keyserver. Is it true that if i publish it > there my email address (which comes in the user id) may become a target for > spammers? Necessary? I need to have a look at the Wizard again. Yes, it's possible spammers will harvest addresses from keyservers. But you'll get more SPAM just from posting to an email list such as this than you will from making your key available on a keyserver. SPAM happens. Learn to deal with it. You're never going to defeat it. Never. You're using Thunderbird. Good. Train the Junk mail filter and stop wasting your energy try to prevent SPAM from happening. Trying to defeat spammers is a Sisyphean task. I know of only one way to prevent yourself from receiving SPAM - Don't use email. > Is it possible to show an existing webmail address in the user id which is > not the email address i am going to use with encryption feature? Yes, make the webmail address your primary UID. But you will still need to have the other address as an UID on you key if correspondents are to find your key. Lookup in mail programs is typically by email address. Keyservers may be searched by name, email address or Key ID. > Moreover, will i only be able to send encrypted mail to other gnupg users, or > does it matter if the recepient has encryption software of the kind? You may send encrypted mail to anyone using OpenPGP compliant software: GnuPG, PGP, hushmail,... S/MIME based encryption is NOT interoperable. > ANy imput will be welcome - please respond, i need this info in order to make > a decision whether to proceed with using this software or quit. Why quit? You've already done the difficult part -- setting it up. -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A "what's the key to success?" / "two words: good decisions." "what's the key to good decisions?" / "one word: experience." "how do i get experience?" / "two words: bad decisions." "Just how do the residents of Haiku, Hawai'i hold conversations?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 668 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060418/4d06bc00/signature.pgp From iulia_das at yahoo.com Tue Apr 18 14:49:27 2006 From: iulia_das at yahoo.com (Julia Dashkevich) Date: Tue Apr 18 15:49:20 2006 Subject: Help understanding gnupg needed! In-Reply-To: Message-ID: <20060418124927.34650.qmail@web51313.mail.yahoo.com> Hello Stef, I respect your openness about the fact. But it has not reached the same volumes here as in the west i guess. Because except for Yahoo, i have 3 other accounts, which i have been maintaining, spam free, 2 of them for over 6 years and one for 3 months. I only have access to dial-up connection, which makes spam a huge disadvantage, because it takes so much time to download.. Except for yahoo (which does get a lot of spam because it is my 'registration' address, and that's why i ruled against using yahoo pops) i am getting mail from all accounts using a mail client. I like thunderbird a lot, yet it is not the fastest in downloading messages. That's why it is pretty important for me to avoid spam in any quantities. Nevertheless, i do appreciate your insight, and hope there is a way out... Julia --- Stef Caunter wrote: > get over it, publishing your email results in spam; > I don't think that this > suprises anyone anymore - deal with it in your own > way and move on. The rage > against spam has resulted in excellent filtering > software, but the > energy on both sides amounts to equilibrium. > > Stef > http://caunter.ca/contact.html > > >> Is it true that if i publish it there > >> my email address (which comes in the user id) may > >> become a target for spammers? > > > > Yes, a far as I know. Anyway, damage done, you > can't delete the key > > AFAIK. I hear that Thunderbird's spam filters are > very good, so you > > shouldn't have too much trouble. > > > >> Is it possible to show an existing webmail > address in the user id > >> which is not the email address i am going to use > with encryption > >> feature? > > > > This could be awkward for your email partners. For > example, my mail > > program automatically looks for the key based on > the email address. > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From m.d.berger at ieee.org Tue Apr 18 22:18:45 2006 From: m.d.berger at ieee.org (Michael D. Berger) Date: Tue Apr 18 23:56:21 2006 Subject: newbie: --edit-key problem Message-ID: <000001c66325$516940f0$2801a8c0@MBRC40> On FC4, I execute this command: gpg -vv --recipient mdb00 --armour --cipher-algo blowfish --encrypt tst.txt and while it works, I get a warning that blowfish is not preferred. So I ran: gpg --edit-key mdb00 and: setpref S4 I confirm that I want to do this, and then it aska for my passphrase. However, the gui (KDE) does not accept a response. I modified my passphease to something trivial to get the mouse out of the picture, but it still did not work. Note that a similar passphrase query when decrtpting the message works with no problem. What am I doing wrong? In any case, if I could get the result by editing gpg.conf I would prefer it. By the way, I have extensive experience studying gpg: 1.5 days ;) Thanks for your help. Mike. -- Michael D. Berger m.d.berger@ieee.org From johnmoore3rd at joimail.com Wed Apr 19 01:19:29 2006 From: johnmoore3rd at joimail.com (John W. Moore III) Date: Wed Apr 19 01:18:43 2006 Subject: newbie: --edit-key problem In-Reply-To: <000001c66325$516940f0$2801a8c0@MBRC40> References: <000001c66325$516940f0$2801a8c0@MBRC40> Message-ID: <44457401.50702@joimail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Michael D. Berger wrote: > What am I doing wrong? In any case, if I could get the result by > editing gpg.conf I would prefer it. Well, many folks will advise you *not* to do this because if you should send an encrypted message to someone who does not have blowfish (or any specified cipher) available you will have wasted both Parties time & patience. That said: From the Manual - --cipher-algo name Use name as cipher algorithm. Running the program with the command--version yields a list of supported algorithms. If this is not used the cipher algorithm is selected from the preferences stored with the key. > By the way, I have extensive experience studying gpg: 1.5 days ;) This is the statement that makes me fearful I have just handed a loaded pistol to a child and said "Now, go outside and play so I can be left alone." Far better to use your gpg.conf File to Set your cipher-algo Preferences and let GnuPG select a compatible algorithm. JOHN ;) Timestamp: Tuesday 18 Apr 2006, 19:18 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4-svn4110: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org Comment: Homepage: http://tinyurl.com/9ubue Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJERXP1AAoJEBCGy9eAtCsPBdUH/3pjDU4FbV68nK2GtdFwCfsq mueWS/q7t+rtlCbKBw6DdkXzptQ3I5Z0qKTplW0uCg0F3EoHjRJry1enB/NhfdIQ EpMYwYoPMfdb7M42VQ4dm/Rv8qzNqd9ZdBrpWA6Yn6Y3WMficToSEIxHhlPshKAB ycAhhVqhwdmy1CSUYBnQeWNBTEnpVwV4uhVHaRlZYj8vDiUUZDqHejFHAUq4MjBd ExSpxY8VIIA+a66TPfEd7NBRU3JlBQpZcZanVJ0JjRjc8OYvbZ8PvngvnstnKMfC +L3NvtaCiv+bkr34xPnQxoRrdI4HdDCGYR0sKSoqfiCgkc3Fak/XlxTvhMpdU4M= =Dzbb -----END PGP SIGNATURE----- From johnmoore3rd at joimail.com Wed Apr 19 01:29:41 2006 From: johnmoore3rd at joimail.com (John W. Moore III) Date: Wed Apr 19 01:29:09 2006 Subject: newbie: --edit-key problem In-Reply-To: <000001c66325$516940f0$2801a8c0@MBRC40> References: <000001c66325$516940f0$2801a8c0@MBRC40> Message-ID: <44457665.20404@joimail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 This is also from the Manual and should help set your prefs in gpg.conf. - --personal-cipher-preferences string Set the list of personal cipher preferences to string, this list should be a string similar to the one printed by the command "pref" in the edit menu. This allows the user to factor in their own preferred algorithms when algorithms are chosen via recipient key preferences. The most highly ranked cipher in this list is also used for the --symmetric encryp- tion command. Remember, when placing Commands into gpg.conf the '--' prefix is omitted. JOHN ;) Timestamp: Tuesday 18 Apr 2006, 19:29 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4-svn4110: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org Comment: Homepage: http://tinyurl.com/9ubue Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJERXZjAAoJEBCGy9eAtCsPWsAH/3NLfo9O9n3z8DiCx0bz5JaA RA0G+I3FpuLU40jMBH8d64utlZAaK35I0XBPN9L61zKvEXqUl7eJjWbvmCwnR8sc qKcwqAzXccfL+4kIiBo+OgMbfx/5X0Jqu78LKQX8rq0AIU+A2IUdl3ctwmGvbZ2H rHkorhh35HtNLFZEe4ai7d7jNBz1pNyh/jXeOoFLiDrPm9EGe9mQdYQaMUcmjmz/ OM8VRb6QqMHgW5z6d+zLOhYoTBdQdm30XjaUU9dFsqCVZmjaTQMUZ6EsySeaMh/j SsmBqU4vuvFzHKKWsLPxSssRiWoWghwrJPUWI4ciWUmYwNfpOFt/0XjK5y6uNXE= =nqic -----END PGP SIGNATURE----- From tech at commport.org Wed Apr 19 08:35:59 2006 From: tech at commport.org (Tech) Date: Wed Apr 19 09:56:28 2006 Subject: Clear all signatures on key? Message-ID: <4445DA4F.8050406@commport.org> Hello, I'm trying to figure out how to remove all signatures from all my GPG keys. I've RTFM but I've missed something I'm afraid. Here is what I am seeing: 1. Type "gpg --list-keys" and I get a list of my keys. (me@me.com is a fake email address for the sake of this post...) 2. I type gpg --edit-key me@me.com I am now in edit mode Command> list (I get my key information) Command> uid 1 (I then select my key) Command> Delsig Nothing deleted. Command> Minimize User ID "My Key etc etc": already clean. Command> check uid "My Key etc etc" 1 user ID without valid self-signature detected Command> quit 3. I type 'gpg --list-sigs" and I get a list of keys thusly: C:\Documents and Settings\Administrator>gpg --list-sigs h:/gnupg-keys\pubring.gpg ------------------------- pub 1024D/XXXXXXXX 2005-08-10 uid My Key (Email Encryption/Signing Key) sub 4096g/XXXXXXXX 2005-08-10 [expires: 2006-08-10] sig XXXXXXXX 2005-08-10 My Key (Email Encryption/Signing Key) Question: What signature is listed there that is reported from my --list-sigs command? What have I missed? I would think I have no signatures installed on my key? Thanks for the help and info, -m From alphasigmax at gmail.com Wed Apr 19 12:51:22 2006 From: alphasigmax at gmail.com (Alphax) Date: Wed Apr 19 12:52:26 2006 Subject: Clear all signatures on key? In-Reply-To: <4445DA4F.8050406@commport.org> References: <4445DA4F.8050406@commport.org> Message-ID: <4446162A.1050302@gmail.com> Tech wrote: > > Hello, > > I'm trying to figure out how to remove all signatures from all my GPG > keys. I've RTFM but I've missed something I'm afraid. Here is what I am > seeing: > > 1. Type "gpg --list-keys" and I get a list of my keys. (me@me.com is a > fake email address for the sake of this post...) > > 2. I type gpg --edit-key me@me.com > > I am now in edit mode > > Command> list > > (I get my key information) > > Command> uid 1 > > (I then select my key) > > Command> Delsig > Nothing deleted. > > Command> Minimize > User ID "My Key etc etc": > already clean. > > Command> check > uid "My Key etc etc" > 1 user ID without valid self-signature detected > > Command> quit > > > > 3. I type 'gpg --list-sigs" and I get a list of keys thusly: > > C:\Documents and Settings\Administrator>gpg --list-sigs > h:/gnupg-keys\pubring.gpg > ------------------------- > pub 1024D/XXXXXXXX 2005-08-10 > uid My Key (Email Encryption/Signing Key) > sub 4096g/XXXXXXXX 2005-08-10 [expires: 2006-08-10] > sig XXXXXXXX 2005-08-10 My Key (Email Encryption/Signing Key) > > > > > Question: What signature is listed there that is reported from my > --list-sigs command? What have I missed? I would think I have no > signatures installed on my key? > The signature listed in on the subkey, not the UID; this signature "binds" the subkey to the primary. Note that by default GPG will not like the fact that a UID doesn't have a valid self-signature; a self-signature on a UID "binds" the UID to the key itself. If it were not for selfsigs ike this, it would be trivial for someone to inject their own UID (with your name, but a different email address) into their copy of your key and then upload it to eg. a keyserver. You should probably edit your key and re-sign it by using the "sign" command. HTH, -- Alphax Death to all fanatics! Down with categorical imperative! OpenPGP key: http://tinyurl.com/lvq4g -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 551 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060419/829b0175/signature.pgp From m.d.berger at ieee.org Thu Apr 20 01:41:42 2006 From: m.d.berger at ieee.org (Michael D. Berger) Date: Thu Apr 20 02:25:31 2006 Subject: newbie: --edit-key problem In-Reply-To: <44457665.20404@joimail.com> Message-ID: <000001c6640a$d3ef8c60$2801a8c0@MBRC40> > -----Original Message----- > From: gnupg-users-bounces@gnupg.org > [mailto:gnupg-users-bounces@gnupg.org] On Behalf Of John W. Moore III > Sent: Tuesday, April 18, 2006 7:30 PM > To: GnuPG Users List > Subject: Re: newbie: --edit-key problem > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > This is also from the Manual and should help set your prefs > in gpg.conf. > > - --personal-cipher-preferences string > Set the list of personal cipher preferences to string, this > list should be a string similar to the one printed by the > command "pref" in the edit menu. This allows the user to > factor in their own preferred algorithms when algorithms are > chosen via recipient key preferences. The most highly ranked > cipher in this list is also used for the --symmetric encryp- > tion command. > > > Remember, when placing Commands into gpg.conf the '--' prefix > is omitted. > > JOHN ;) [...] --personal-cipher-preferences string did not seem to work either in the config file (without --) or in a command line. It was "seen", however, since a misspelling resulted in a diagnostic. I ultimately was able to add blowfish to my preferences with: gpg --edit-key mdb00 setpref BLOWFISH It is noteworthy that the 3DES cipher cannot be removed by this procedure, while any other cypher can. I wonder why this is. Thanks for help and encouragement. Mike. -- Michael D. Berger m.d.berger@ieee.org From alphasigmax at gmail.com Thu Apr 20 05:13:13 2006 From: alphasigmax at gmail.com (Alphax) Date: Thu Apr 20 05:14:08 2006 Subject: newbie: --edit-key problem In-Reply-To: <000001c6640a$d3ef8c60$2801a8c0@MBRC40> References: <000001c6640a$d3ef8c60$2801a8c0@MBRC40> Message-ID: <4446FC49.9020402@gmail.com> Michael D. Berger wrote: >> -----Original Message----- >> From: gnupg-users-bounces@gnupg.org >> [mailto:gnupg-users-bounces@gnupg.org] On Behalf Of John W. Moore III >> Sent: Tuesday, April 18, 2006 7:30 PM >> To: GnuPG Users List >> Subject: Re: newbie: --edit-key problem >> >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> This is also from the Manual and should help set your prefs >> in gpg.conf. >> >> - --personal-cipher-preferences string >> Set the list of personal cipher preferences to string, this >> list should be a string similar to the one printed by the >> command "pref" in the edit menu. This allows the user to >> factor in their own preferred algorithms when algorithms are >> chosen via recipient key preferences. The most highly ranked >> cipher in this list is also used for the --symmetric encryp- >> tion command. >> >> >> Remember, when placing Commands into gpg.conf the '--' prefix >> is omitted. >> >> JOHN ;) > [...] > > --personal-cipher-preferences string > > did not seem to work either in the config file (without --) or in a > command line. It was "seen", however, since a misspelling resulted > in a diagnostic. > > I ultimately was able to add blowfish to my preferences with: > > gpg --edit-key mdb00 > setpref BLOWFISH commas> > > > > > It is noteworthy that the 3DES cipher cannot be removed by this > procedure, while any other cypher can. I wonder why this is. > The OpenPGP spec (RFC 2440) says that 3DES is *required* for a cipher algorithm; it is mandatory that programs complying to the RFC implement 3DES as a cipher algorithm, DSA and Elgamal for keys, and SHA-1 for a hash function. http://en.wikipedia.org/wiki/Pretty_Good_Privacy#Feature_comparison sums it up pretty neatly. -- Alphax Death to all fanatics! Down with categorical imperative! OpenPGP key: http://tinyurl.com/lvq4g -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 551 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060420/e8da3fc9/signature.pgp From iulia_das at yahoo.com Thu Apr 20 10:03:44 2006 From: iulia_das at yahoo.com (Julia Dashkevich) Date: Thu Apr 20 10:03:30 2006 Subject: Configuring GPGrelay and MUI account settings In-Reply-To: Message-ID: <20060420080344.16470.qmail@web51311.mail.yahoo.com> Hello, I installed GPG relay and tried to use it with OE, but it did not work. configured it as advised in the readme file: SMTP: Name [display name] Local port: 32025 remote server: mail.xxxxxx.xx remote port: 25 type: SMTP ssl/tls: no POP3: Name [display name] Local port: 32110 remote server: mail.xxxxxx.xx remote port: 110 type: POP3 ssl/tsl: no Keyrules: it showed all keys on my keyring (except for one recently added) in the settings: Send mails to associated recipients : pass-through It is possible to drag and drop recepients' user ids to 'always encrypt' profile which allows for the option to encrypt and sign. But i did not find a way to add the new keys from my keyrings. it reports that probing sockets on both relays failed. error #10061 In OE: email address: [my email address that is also listed in my uid attached to the key] servers: incoming mail 127.0.0.1 outgoing mail 127.0.0.1 Incoming mail server: account name - [my login name] password [my password] my server requires authentication - yes, use same settings as incoming. connection: always connect using Local Area Network advanced: SMTP 32025 POP3 32110 server timeouts: 90 sec. What did i do wrong? Julia __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From m.d.berger at ieee.org Thu Apr 20 14:57:14 2006 From: m.d.berger at ieee.org (Michael D. Berger) Date: Thu Apr 20 15:02:26 2006 Subject: pgp & outlook Message-ID: <000001c66479$f2a0e950$2801a8c0@MBRC40> Now that I have gpg working on my linux box, I was thinking of cutting-and-pasting or attaching encrypted messages into outlook on my win2k box. On the other hand, I see that there are outlook pgp plugins. Are these good to use? Any suggestions regarding which plugin to use? Thanks for your advice. Mike. -- Michael D. Berger m.d.berger@ieee.org From iulia_das at yahoo.com Thu Apr 20 20:12:05 2006 From: iulia_das at yahoo.com (Julia Dashkevich) Date: Thu Apr 20 20:11:45 2006 Subject: Changing HomeDir for GnuPG Message-ID: <20060420181205.11158.qmail@web51301.mail.yahoo.com> Hello, Already found a way to add new keys in GPGrelay. The right answer always seems to be one click away from me with open source. I am such a deep-rooted mswin-product-user created from a bone in which there was no marrow:) trying to turn over a new leaf now. Now I am looking for a safe way to change GnuPG's HomeDir. Would the following course of action help me to do it without damage to my working programs? (1.) back up the Home Dir from its current location 2. change the directory from GPGshell's GPGconfig where it says: GnuPG registry settings: HomeDir=C:\Documents&Settings... by browsing for the desired directory 3. check if it has copied the files from the former HomeDir to the new one, if not do it manually 4. delete (if need be) the directory in the old location 5. check that it has written the correct path in the Registry using regedt32 6. check if all my programs depending on GnuPG keys are still working properly i could of course just try editing the registry and changing the folder location manually, but i don't have enough experience editing the registry, so i would rather avoid it. Julia __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From JPClizbe at comcast.net Fri Apr 21 00:34:57 2006 From: JPClizbe at comcast.net (John Clizbe) Date: Fri Apr 21 00:35:46 2006 Subject: Changing HomeDir for GnuPG In-Reply-To: <20060420181205.11158.qmail@web51301.mail.yahoo.com> References: <20060420181205.11158.qmail@web51301.mail.yahoo.com> Message-ID: <44480C91.4010004@comcast.net> Julia Dashkevich wrote: > Hello, > Already found a way to add new keys in GPGrelay. The right answer always > seems to be one click away from me with open source. I am such a deep-rooted > mswin-product-user created from a bone in which there was no marrow:) trying > to turn over a new leaf now. > > Now I am looking for a safe way to change GnuPG's HomeDir. Would the > following course of action help me to do it without damage to my working > programs? > (1.) back up the Home Dir from its current location > 2. change the directory from GPGshell's GPGconfig where it says: > GnuPG registry settings: > HomeDir=C:\Documents&Settings... > by browsing for the desired directory > 3. check if it has copied the files from the former HomeDir to the new one, if not do it manually > 4. delete (if need be) the directory in the old location > 5. check that it has written the correct path in the Registry using regedt32 > 6. check if all my programs depending on GnuPG keys are still working properly > i could of course just try editing the registry and changing the folder > location manually, but i don't have enough experience editing the registry, > so i would rather avoid it. > > Julia Registry editing isn't as scary as MSFT would make it sound. But for the Squeemish, defining the environment variable GNUPGHOME and setting its value to your new location will override the registry's HomeDir value. (Control Panel --> System --> Advanced --> 'Environment Variables' button). That will work for GnuPG. I can't guarantee that it will work for all other programs such as GPGrelay, GPGshell, WinPT. I've never had much luck trying to change things with GPGconfig; I tend to only use it asa sanity check to show what it thinks are the settings. My money is still on changing the registry. Send me the location path off-list and I'll send you back a .REG file to do the edit for you. -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Be who you are and say what you feel because those who mind don't matter and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 668 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060420/b698eaee/signature.pgp From mailinglists at futureware.at Tue Apr 18 16:53:51 2006 From: mailinglists at futureware.at (Philipp =?iso-8859-1?q?G=FChring?=) Date: Fri Apr 21 10:43:12 2006 Subject: Feature Request --import-minimal Message-ID: <200604181653.52373.mailinglists@futureware.at> Hi, GnuPG has an option called --export-minimal, which exports only the minimal key. Unfortunately, GnuPG does not have the same for importing yet, which I would need. Is it possible to have a --import-minimal function added to GnuPG? Best regards, Philipp G?hring From labour at telus.net Wed Apr 19 21:47:02 2006 From: labour at telus.net (Robert Smits) Date: Fri Apr 21 10:43:17 2006 Subject: Why are my signatures being labelled as bad? Message-ID: <200604191247.06112.labour@telus.net> I'm trying to figure out why I can send encrypted messages to myself at home from my work computer, and they come through just fine, but signed messages to myself from my work computer come labeelled as having a bad signature. Work computer - Suse Linux 9.3 running Kmail and KGpg. Have identity set to sign and encrypt with same GPG keys. Exported public address to home computer. Home computer Compaq laptop running Suse 10.0, also with Kmail and KGpg. Imported public key from work, set it as trusted. Signed files from work arrive at home with "bad" signatures. Encrypted files from work arrive at home and decrypt just fine. Signed files and encrypted files from home arrive at work just fine. Can anyone point me in the correct direction? Thanks -- Robert Smits Exec Ass't Ph 753-0201 Fax 753-2954 Email labour@telus.net From zwon at severodvinsk.ru Fri Apr 21 11:38:44 2006 From: zwon at severodvinsk.ru (Pawel Shajdo) Date: Fri Apr 21 11:59:18 2006 Subject: Feature Request --import-minimal In-Reply-To: <200604181653.52373.mailinglists@futureware.at> References: <200604181653.52373.mailinglists@futureware.at> Message-ID: <20060421093843.GA4947@d662fa3c9c1bed2b1adbb1e347577772> On Apr 18, 2006 at 16:53 +0200, Philipp G?hring wrote: > GnuPG has an option called --export-minimal, which exports only the minimal > key. Unfortunately, GnuPG does not have the same for importing yet, which I > would need. Is it possible to have a --import-minimal function added to > GnuPG? just add `--import-otions import-minimal' to gpg command line. see gpg manual --import-options Vale! -- Pawel I. Shajdo From shavital at mac.com Fri Apr 21 12:21:00 2006 From: shavital at mac.com (Charly Avital) Date: Fri Apr 21 12:20:22 2006 Subject: Why are my signatures being labelled as bad? In-Reply-To: <200604191247.06112.labour@telus.net> References: <200604191247.06112.labour@telus.net> Message-ID: <4448B20C.3080805@mac.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 A 'bad signature' can be caused by many different factors, one frequent cause being a text wrap problem. When a message is not only signed but encrypted+signed, the encryption process *might* write off the cause of a bad signature. You might try sending a signed message to the list; maybe some clue could be found. I have found on the keyservers two keys that seem to belong to you: (1) Robert Smits 1024 bit RSA key 49E9AF38, created: 2006-04-19 (2) Robert Smits 1024 bit DSA key E7629731, created: 2005-12-31 Charly Robert Smits wrote on 4/19/06 3:47 PM: > I'm trying to figure out why I can send encrypted messages to myself at home > from my work computer, and they come through just fine, but signed messages > to myself from my work computer come labeelled as having a bad signature. > > Work computer - Suse Linux 9.3 running Kmail and KGpg. Have identity set to > sign and encrypt with same GPG keys. Exported public address to home > computer. > > Home computer Compaq laptop running Suse 10.0, also with Kmail and KGpg. > Imported public key from work, set it as trusted. > > Signed files from work arrive at home with "bad" signatures. Encrypted files > from work arrive at home and decrypt just fine. > > Signed files and encrypted files from home arrive at work just fine. Can > anyone point me in the correct direction? > > Thanks > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) Comment: GnuPG for Privacy Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBREiyBm69XHxycyfPAQjq5A//Y1hnQSe1raGD2BmfO17jO3+yLR9Swdtv vVWgxGjtt8MxN/7DwepiQ2xPk0k5r8rPG2gWxp6GxZddD/pJIDYoV5hUYX28VEBD d0C5mFB9AW8nufDFRq6xk72O31Oy/V9FQBFtRwtiCLhY8VuUbMEU/i9+aOdLUDHy 6EwtyQEf929Exsf4azBlI5d3OjgA/burXNMQG9O+MSn1JkiL/dqxjUzpXnad6sCs dxtJU9M9Qp5iYY7cMxaviv8v+RcQxy0Hrxiy+QmARemgTh8QeWOjrdzdi/qehaQ+ it/1gd5ynumuC1bOorHuoW38l1EiP0N72cNj+3lwecwvPuWoN7BTmuy/64RpHpOy CPyfny5/1YQ+WuDMnmzWAop+e5uEs37wpm/R3ToG786BKJnpUNdEDFnHjbD1crBt sPIzbWbOtD0XHI4y4QPT0eUN3eIbsUC4l3Wm/omj1a8K4C3iqDpbHwCit0GH17AS I4KqtsfPUozks6/9sUnYGcSMBwzx4e5cfEt8AliHYYp9StusYll5rtgkucgh0YcD 9uHC4KCUCtMeATxOTbk6owjgLys6Y3tQa4tkZwLb71Xd9rI6h73FNTi4a8nI9p9u cT0aXavBmdO3jECubsnRZITwq3LCbIp3AvY3GruvAd1QykpdPx8lgOyO304P209w Ko9tJWqaVJU= =9cYV -----END PGP SIGNATURE----- From samuel at Update.UU.SE Fri Apr 21 11:23:29 2006 From: samuel at Update.UU.SE (Samuel ]slund) Date: Fri Apr 21 13:26:15 2006 Subject: Why are my signatures being labelled as bad? In-Reply-To: <200604191247.06112.labour@telus.net> References: <200604191247.06112.labour@telus.net> Message-ID: <20060421092329.GC26687@Update.UU.SE> Hi Robert, I would guess that by "signed" you mean clear-signed. Are you using Mime or in-line signatures? Clear-signed, esp in-line, messages can suffer from email clients and MTA's that make "corrections" like changing character encoding or wrapping lines. HTH //Samuel On Wed, Apr 19, 2006 at 12:47:02PM -0700, Robert Smits wrote: > I'm trying to figure out why I can send encrypted messages to myself at home > from my work computer, and they come through just fine, but signed messages > to myself from my work computer come labeelled as having a bad signature. > > Work computer - Suse Linux 9.3 running Kmail and KGpg. Have identity set to > sign and encrypt with same GPG keys. Exported public address to home > computer. > > Home computer Compaq laptop running Suse 10.0, also with Kmail and KGpg. > Imported public key from work, set it as trusted. > > Signed files from work arrive at home with "bad" signatures. Encrypted files > from work arrive at home and decrypt just fine. > > Signed files and encrypted files from home arrive at work just fine. Can > anyone point me in the correct direction? > > Thanks > > -- > Robert Smits Exec Ass't Ph 753-0201 Fax 753-2954 Email labour@telus.net > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From henkdebruijn at wanadoo.nl Fri Apr 21 19:11:24 2006 From: henkdebruijn at wanadoo.nl (Henk M. de Bruijn) Date: Fri Apr 21 20:26:18 2006 Subject: Feature Request --import-minimal In-Reply-To: <200604181653.52373.mailinglists@futureware.at> References: <200604181653.52373.mailinglists@futureware.at> Message-ID: <4449123C.3050700@wanadoo.nl> On 18-4-2006 16:53 Philipp G?hring wrote: > GnuPG has an option called --export-minimal, which exports only the minimal > key. Unfortunately, GnuPG does not have the same for importing yet, which I > would need. Is it possible to have a --import-minimal function added to > GnuPG? I have the following in my gpg.conf: keyserver-options import-clean -- Henk M. de Bruijn _________________________________________________________________________ Mozilla Thunderbird version 1.5 (20051201) with Enigmail 0.94.0 PGPkey at: http://www.biglumber.com/x/web?qs=0X11EECBEEB464DD0F Gossamer Spider Web of Trust http://www.gswot.org A progressive and innovative Web of Trust -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 542 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060421/44e9e304/signature.pgp From sean_cerney at hotmail.com Fri Apr 21 20:11:07 2006 From: sean_cerney at hotmail.com (Sean Cerney) Date: Fri Apr 21 21:56:14 2006 Subject: dealing with password in batch file In-Reply-To: <20060421092329.GC26687@Update.UU.SE> Message-ID: All, I've been decrypting xml files for a while now with a batch file that converts the pgp file into an xml file with a timestamp. The thing is I always have to manually enter the password each time I run the batch file. I want to automate this thing once and for all, but I have to figure out how to incorporate password entry into the batch file. I try to echo the password but that has no effect. I am using DOS command line. Any suggestions? Thank you. Here is basically what I have at the moment..(actual drive name and subfolders omitted) DriveName:\SubFolders --output DriveName:\SubFolders\ScheduledExtract.xml --decrypt DriveName:\SubFolders\*.xml.pgp @echo off :: variables set hour=%time:~0,2% if "%hour:~0,1%"==" " set hour=0%time:~1,1% set NewFileName=%date:~10,4%_%date:~4,2%_%date:~7,2%_%hour%_%time:~3,2% RENAME ScheduledExtract.xml ScheduledExtract%NewFileName%.xml once this runs it prompts for the password _________________________________________________________________ Is your PC infected? Get a FREE online computer virus scan from McAfee® Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 From trevor at haligonian.com Sat Apr 22 03:44:15 2006 From: trevor at haligonian.com (Trevor Smith) Date: Sat Apr 22 04:29:37 2006 Subject: dealing with password in batch file In-Reply-To: References: Message-ID: <51E26396-9C19-41EA-BC2F-C9F468D93781@haligonian.com> On 21-Apr-06, at 3:11 PM, Sean Cerney wrote: > I've been decrypting xml files for a while now with a batch file > that converts the pgp file into an xml file with a timestamp. > > The thing is I always have to manually enter the password each time > I run the batch file. I want to > ... > Any suggestions? Thank you. Sorry, I'm not 100% sure what you're trying to do (I couldn't see any actual gpg stuff in your batch file, but it's been about a hundred years since I've seen a .bat file so I could be missing the obvious...), but if you're trying to automate passphrase entry into a batch file, here is what I have used in a Unix (or, rather, Linux and Mac OS X, actually) bash shell script: gpg --passphrase-fd 3 "$FILE" 3<$pwfile where $FILE is the file to be decrypted and $pwfile is a variable that is set to some arbitrary file name that contains the passphrase. What the above does is (after you create a temporary file with the passphrase in it) tell gpg to read the passphrase from "file descriptor 3" and the last bit (3<$pwfile) tells Unix to redirect the file, $pwfile, into file descriptor 3. Obviously you need to modify this somewhat to run on DOS (or Windows, or whatever it's called these days) but it may point you in the right direction. -- Trevor Smith trevor@haligonian.com From malte.gell at gmx.de Sat Apr 22 04:31:35 2006 From: malte.gell at gmx.de (Malte Gell) Date: Sat Apr 22 04:31:13 2006 Subject: Why are my signatures being labelled as bad? In-Reply-To: <200604191247.06112.labour@telus.net> References: <200604191247.06112.labour@telus.net> Message-ID: <200604220431.38816.malte.gell@gmx.de> On Wednesday 19 April 2006 21:47, Robert Smits wrote: > I'm trying to figure out why I can send encrypted messages to myself > at home from my work computer, and they come through just fine, but > signed messages to myself from my work computer come labeelled as > having a bad signature. > > Work computer - Suse Linux 9.3 running Kmail and KGpg. > (...) This is probably a Kgpg issue. The same here with "Umlauts" (? ? ?),Kgpg considers clearsigned text as bad. Example: ftp://ftp.gwdg.de/linux/suse/ftp.suse.com/suse/i386/update/10.0/patches/MozillaFirefox-52838 Cut and paste the content of this patch description into Kgpg?s internal editor and it?ll say broken signature. Download the patch description and verify it manually using "gpg --verify MozillaFirefox-52838" and you?ll see the sig is fine. There must be a nasty bug somewhere in Kgpg Trying every possible configuration, either in Kgpg or gpg.conf hasn?t helped. Malte From dshaw at jabberwocky.com Sat Apr 22 15:41:54 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Sat Apr 22 15:41:20 2006 Subject: Non-ascii embedded filename In-Reply-To: <20060415121405.GA11229@free.fr> References: <000401c66056$7d573900$a3292480@yale95629b92ac> <20060415121405.GA11229@free.fr> Message-ID: <20060422134154.GC10210@jabberwocky.com> On Sat, Apr 15, 2006 at 02:14:06PM +0200, Alain Bench wrote: > Hello, > > On Saturday, April 15, 2006 at 2:33:21 -0400, feitao wrote: > > > [embedded filenames] gpg has some problem with some Chinese > > characters. For example, it interprets '?S' as '\x8S' > > Confirmed with GnuPG 1.4.3 on Linux. It seems that in characters > encoding, all bytes that are between 0x80 and 0x9F are munged. Exactly > all bytes between 0x80 and 0x8F are replaced by the 3 chars "\x8", and > all bytes between 0x90 and 0x9F are replaced by the 3 chars "\x9". This > on a correct locale setup, and on a filesystem accepting those bytes in > filenames. It seems the embedded filename is stored OK, and the munging > takes place at the --use-embedded-filename stage. > > Additionally filenames are stored and extracted as they are, in the > current charset. This gives another problem when the locale is not the > same during both operations. Indeed. This is fixed for 1.4.4. Embedded filenames are now UTF-8 encoded on the way in, and UTF-8 decoded on the way out. David From datakunskapilund at hotmail.com Sat Apr 22 20:23:29 2006 From: datakunskapilund at hotmail.com (razzel) Date: Sat Apr 22 20:22:40 2006 Subject: GPG creates two files? Message-ID: <4043624.post@talk.nabble.com> OK, I use GPG to encrypt a Word file. Everything works out ok, but the result is always two files: the Word file in plain text and an encrypted version of the same Word file. Why is GPG creating two files? Should it not just encrypt my Word file? razzel Sweden -- View this message in context: http://www.nabble.com/GPG-creates-two-files--t1492159.html#a4043624 Sent from the GnuPG - User forum at Nabble.com. From a24061 at yahoo.com Sat Apr 22 21:58:54 2006 From: a24061 at yahoo.com (Adam Funk) Date: Sat Apr 22 22:07:35 2006 Subject: GPG creates two files? References: <4043624.post__25438.8947891586$1145730710$gmane$org@talk.nabble.com> Message-ID: On 2006-04-22, razzel wrote: > > OK, I use GPG to encrypt a Word file. Everything works out ok, but the result > is always two files: the Word file in plain text and an encrypted version of > the same Word file. Why is GPG creating two files? Should it not just > encrypt my Word file? It *is* encrypting your Word file. The foo.doc file is your unencrypted original, unaltered by GPG, and foo.doc.gpg is the encrypted version. GPG doesn't remove the original because it doesn't know you want to get rid of it (you might only want to send someone the encrypted version) and it doesn't have a built-in way to delete it securely (you need some kind of file-wiping utility, which will depend on your OS). From datakunskapilund at hotmail.com Sat Apr 22 23:01:34 2006 From: datakunskapilund at hotmail.com (razzel) Date: Sat Apr 22 23:00:38 2006 Subject: GPG creates two files? In-Reply-To: References: <4043624.post@talk.nabble.com> Message-ID: <4045198.post@talk.nabble.com> Thank you very much for your answer! Do you know if there is an graphical user interface to this GnuPG? rzzel Sweden -- View this message in context: http://www.nabble.com/GPG-creates-two-files--t1492159.html#a4045198 Sent from the GnuPG - User forum at Nabble.com. From simon at ruderich.com Sat Apr 22 23:36:06 2006 From: simon at ruderich.com (Simon Ruderich) Date: Sun Apr 23 01:26:09 2006 Subject: GPG creates two files? In-Reply-To: <4045198.post@talk.nabble.com> References: <4043624.post@talk.nabble.com> <4045198.post@talk.nabble.com> Message-ID: <68A50BE8-5FC9-4BC4-BE5F-A24E16CD6E3C@ruderich.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 22.04.2006, at 23:01, razzel wrote: > > Thank you very much for your answer! Do you know if there is an > graphical > user interface to this GnuPG? > rzzel > Sweden > -- > View this message in context: http://www.nabble.com/GPG-creates-two- > files--t1492159.html#a4045198 > Sent from the GnuPG - User forum at Nabble.com. > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > You can find many frontends on the GnuPG webpage: http:// www.gnupg.org/(en)/related_software/frontends.html An installer package for windows with all needed applications is http://www.gpg4win.org/ Simon - ---- > privacy is necessary > using http://gnupg.org > public key id: 0x6115f804EFB33229 > public key http://ruderich.com/simonruderich.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) iD8DBQFESqHGYRX4BO+zMikRAo8KAJ41ms0bFlXxqKVY7YLQ0lPN6Dg+EgCgvpBn CMLqCsshpC/UKnJBGV33yz4= =P0AZ -----END PGP SIGNATURE----- From jharris at widomaker.com Sun Apr 23 22:46:04 2006 From: jharris at widomaker.com (Jason Harris) Date: Sun Apr 23 22:46:11 2006 Subject: new (2006-04-16) keyanalyze results (+sigcheck) Message-ID: <20060423204603.GA730@wilma.widomaker.com> New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2006-04-16/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the "permanent" files: bcae9e919f27181b4b6165deef9f25f4edf76017 13566726 preprocess.keys e14208245d6bc0b20703c2b4ae41c00bc8d50b88 8118523 othersets.txt e934a8b44346724672d8e3f1f0c60565c1e1b45a 3318196 msd-sorted.txt a751f9d5477744a4f5e5ce6ebad6a60908e317ee 1372 index.html 2cafbf5dd62b433f7c0b27b1cd44b765f667b5b6 2291 keyring_stats 25ea10b490e855f21a74c60ee7d0edbf8ca59b94 1303775 msd-sorted.txt.bz2 84d03fab61a4d2748b77fcb37768b7db63ab9fb9 26 other.txt ad6f00a117a546a2f8536f1e2ae01399cf19c01b 1758078 othersets.txt.bz2 da61f8f8ab90544cc09768ddf27941b0fdcac5ae 5502227 preprocess.keys.bz2 cb89d204320864bb870f114c2747d857188684e8 13741 status.txt 7237a3d9071073a6822ab93a99c713c7bdfdfd9f 209731 top1000table.html 7e054a1b7d423bf4ead6425a252654eb0a9e40bd 29874 top1000table.html.gz 9b6a0a0dbb6b85d7e951f228c1df6db0fa02f53b 10776 top50table.html 83a3a2e3a1d33385b01706c729350d9606c19bc7 2544 D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 315 bytes Desc: not available Url : /pipermail/attachments/20060423/9e95b1c5/attachment.pgp From mnestler at nerdshack.com Mon Apr 24 01:03:18 2006 From: mnestler at nerdshack.com (Michael Nestler) Date: Mon Apr 24 01:56:07 2006 Subject: Modifications to key Message-ID: <444C07B6.9070004@nerdshack.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I'm new to this list, so if this has been answered before or is obvious, I apologise. If someone signs my public key, does this change the key? i.e. would that render a copy of the public key on my website useless? What about if I add another User ID? Thanks, Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkRMB7YACgkQMY8MHpXUdSlingCfbU7Qu9EmOKUE4rETO32x24kX pTwAoIRwDk9CXqjk/S+e+e6dMyWh8+2e =GeID -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Mon Apr 24 05:48:20 2006 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon Apr 24 05:47:32 2006 Subject: Modifications to key In-Reply-To: <444C07B6.9070004@nerdshack.com> References: <444C07B6.9070004@nerdshack.com> Message-ID: <444C4A84.3020106@sixdemonbag.org> Michael Nestler wrote: > I'm new to this list, so if this has been answered before or is > obvious, I apologise. No apologies necessary. Welcome to the GnuPG community. :) > If someone signs my public key, does this change the key? Yes. > i.e. would that render a copy of the public key on my website > useless? No. > What about if I add another User ID? Same answer--yes, it will change your key; no, it will not render it useless. If something is added to the key, it doesn't invalidate existing copies of the key. They'll still work perfectly fine. As an example, let's say that I have key 0x5B8709EB on my website for download. (I do, so this isn't too much of a stretch.) Let's say that I want to add a user ID. I do so, and after modifying the key send it on to the keyserver. Someone who gets my key from the keyserver will get the updated version with the new user ID on it; someone who gets my key from my web page will get the old version without the new user ID; but both keys can be used to encrypt messages to me, or to verify the messages I sign. If you have any other questions, feel free to holler. :) From bob at rsmits.ca Mon Apr 24 06:07:32 2006 From: bob at rsmits.ca (Bob Smits) Date: Mon Apr 24 07:26:09 2006 Subject: Why are my signatures being labelled as bad? In-Reply-To: <4448B20C.3080805@mac.com> References: <200604191247.06112.labour@telus.net> <4448B20C.3080805@mac.com> Message-ID: <200604232107.33320.bob@rsmits.ca> On Friday 21 April 2006 03:21, Charly Avital wrote: > A 'bad signature' can be caused by many different factors, one frequent > cause being a text wrap problem. > > When a message is not only signed but encrypted+signed, the encryption > process *might* write off the cause of a bad signature. > > You might try sending a signed message to the list; maybe some clue > could be found. > OK. I'm back at the office tomorrow (Monday) and I'll try it then. > I have found on the keyservers two keys that seem to belong to you: > (1) Robert Smits > 1024 bit RSA key 49E9AF38, created: 2006-04-19 > (2) Robert Smits > 1024 bit DSA key E7629731, created: 2005-12-31 > Both are out of date, but so far I can't figure out how to cancel them at the keyservers. Bob -- Robert Smits Ph 245-2553 Fax 245-5531 Cell 246-7812 Email bob@rsmits.ca From bob at rsmits.ca Mon Apr 24 06:29:20 2006 From: bob at rsmits.ca (Bob Smits) Date: Mon Apr 24 07:26:30 2006 Subject: Why are my signatures being labelled as bad? In-Reply-To: <20060421092329.GC26687@Update.UU.SE> References: <200604191247.06112.labour@telus.net> <20060421092329.GC26687@Update.UU.SE> Message-ID: <200604232129.20816.bob@rsmits.ca> On Friday 21 April 2006 02:23, Samuel ]slund wrote: > Hi Robert, > > I would guess that by "signed" you mean clear-signed. Yes, the body of the message is not encrypted, but I've used a KGpg signature. > Are you using Mime or in-line signatures? How do I tell? I don't normally use MIME if I can help it, > Clear-signed, esp in-line, messages can suffer from email clients and > MTA's that make "corrections" like changing character encoding or > wrapping lines. > > HTH > //Samuel > > On Wed, Apr 19, 2006 at 12:47:02PM -0700, Robert Smits wrote: > > I'm trying to figure out why I can send encrypted messages to myself at > > home from my work computer, and they come through just fine, but signed > > messages to myself from my work computer come labeelled as having a bad > > signature. > > > > Work computer - Suse Linux 9.3 running Kmail and KGpg. Have identity set > > to sign and encrypt with same GPG keys. Exported public address to home > > computer. > > > > Home computer Compaq laptop running Suse 10.0, also with Kmail and KGpg. > > Imported public key from work, set it as trusted. > > > > Signed files from work arrive at home with "bad" signatures. Encrypted > > files from work arrive at home and decrypt just fine. > > > > Signed files and encrypted files from home arrive at work just fine. Can > > anyone point me in the correct direction? > > > > Thanks > > > > -- > > Robert Smits Exec Ass't Ph 753-0201 Fax 753-2954 Email labour@telus.net > > > > _______________________________________________ > > Gnupg-users mailing list > > Gnupg-users@gnupg.org > > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Robert Smits Ph 245-2553 Fax 245-5531 Cell 246-7812 Email bob@rsmits.ca A criminal is a person with predatory instincts without sufficient capital to form a corporation. - Howard Scott From gonzalo.bermudez at hotpop.com Mon Apr 24 04:52:59 2006 From: gonzalo.bermudez at hotpop.com (Gonzalo =?ISO-8859-1?Q?Berm=FAdez?=) Date: Mon Apr 24 07:26:54 2006 Subject: Fw: Modifications to key Message-ID: <20060423235259.1a5b48dd@gonzalo> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20060423/07d37887/attachment-0003.pgp From shavital at mac.com Mon Apr 24 07:47:00 2006 From: shavital at mac.com (Charly Avital) Date: Mon Apr 24 07:46:39 2006 Subject: Why are my signatures being labelled as bad? In-Reply-To: <200604232107.33320.bob@rsmits.ca> References: <200604191247.06112.labour@telus.net> <4448B20C.3080805@mac.com> <200604232107.33320.bob@rsmits.ca> Message-ID: <444C6654.4040807@mac.com> You cannot cancel your keys at the keyservers, you can revoke them if you have either secret.key+passphrase or a revocation certificate. Charly Bob Smits wrote on 4/24/06 12:07 AM: > On Friday 21 April 2006 03:21, Charly Avital wrote: >> A 'bad signature' can be caused by many different factors, one frequent >> cause being a text wrap problem. >> >> When a message is not only signed but encrypted+signed, the encryption >> process *might* write off the cause of a bad signature. >> >> You might try sending a signed message to the list; maybe some clue >> could be found. >> > > OK. I'm back at the office tomorrow (Monday) and I'll try it then. > >> I have found on the keyservers two keys that seem to belong to you: >> (1) Robert Smits >> 1024 bit RSA key 49E9AF38, created: 2006-04-19 >> (2) Robert Smits >> 1024 bit DSA key E7629731, created: 2005-12-31 >> > > Both are out of date, but so far I can't figure out how to cancel them at the > keyservers. > > Bob From zypher at spamcop.net Sat Apr 22 23:19:42 2006 From: zypher at spamcop.net (Ron B.) Date: Mon Apr 24 11:01:44 2006 Subject: GPG creates two files? In-Reply-To: <4045198.post@talk.nabble.com> References: <4043624.post@talk.nabble.com> <4045198.post@talk.nabble.com> Message-ID: <444A9DEE.7050106@spamcop.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 razzel wrote: > Thank you very much for your answer! Do you know if there is an graphical > user interface to this GnuPG? > rzzel > Sweden > -- > View this message in context: http://www.nabble.com/GPG-creates-two-files--t1492159.html#a4045198 > Sent from the GnuPG - User forum at Nabble.com. > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users As you are talking about Word, I assume you are using one of the Windows OS's. I've found the Windows Privacy Tray (WinPT) useful. It does include a wipe utility. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBREqd7V+iaVoeuMy2AQq2nA/8CrPcP8VoHFks5S2RCBQGDIEnIf25rq9G FELUD6/Wt9qVek6IyxcGopMaYH9na2tcAMSGSIqxQ79UNilzcf+f7KoCeZvCEenR q/7wdeEESUmlqbQjf/I2U95NeLkPDQlYDVgPHZiYNsNnRAI8bd3kUAK6q/KcgtsY Fk2jm6Q+zggUpuhNxUFkQCtWj+CKlUp41Wx/1Vv6s15klFQydIQuKPNQr89OZS6d mYk/ErBDZvXPtyi9aS07PAaZ4jJncPKvzDqgde+Cd2s+C4NJSCQZkSzWdFloM4Qd 5VLN8CFdq7jMobv4iYWI4WaKfLEx/HUcL1eYQuDBfc0D+kYJ8KP0H//DCeLQGszh nfKKoq6mfo3YFvviFQWDF7l3iUc5AvHmiPhDWl1m3DCei2Sj2sK9sj6BQVxX70Tn nBYOY2CWMDloypNGVKK+b2JK5frPvOiOiLg35Np1ymwvdmdZ+wa8/0R8NOtl+HLt WPoFrHmXrSewnNxC3F5LhgvjjRz6gUcPMrs7G+vyAvcHY1XwPV5gdjO7FosNiu1O 5ouus/ltjvN6JdIA6JJpg6a5tXDUnP5w2SGojJIIl/eWiEpstxwt14/COGvRSYSU ID/sy41LpyBbyKA7i0LPaA5pH+UOv5XDM4vv6oprfxuzESBx9p8RDrXs+GG4NPfA 7Z46coJfUfU= =ivD5 -----END PGP SIGNATURE----- From johnmoore3rd at joimail.com Mon Apr 24 13:25:57 2006 From: johnmoore3rd at joimail.com (John W. Moore III) Date: Mon Apr 24 13:25:27 2006 Subject: Why are my signatures being labelled as bad? In-Reply-To: <200604232107.33320.bob@rsmits.ca> References: <200604191247.06112.labour@telus.net> <4448B20C.3080805@mac.com> <200604232107.33320.bob@rsmits.ca> Message-ID: <444CB5C5.5080904@joimail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Bob Smits wrote: >> I have found on the keyservers two keys that seem to belong to you: >> (1) Robert Smits >> 1024 bit RSA key 49E9AF38, created: 2006-04-19 >> (2) Robert Smits >> 1024 bit DSA key E7629731, created: 2005-12-31 >> > > Both are out of date, but so far I can't figure out how to cancel them at the > keyservers. You can't! Your only option is to Revoke them if you never plan to use them for communication again. JOHN :) Timestamp: Monday 24 Apr 2006, 07:25 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4-svn4123: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org Comment: Homepage: http://tinyurl.com/9ubue Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJETLXCAAoJEBCGy9eAtCsPiQoH/2tgcRlzNlaAiqH5RsFeCAaw cvs2++wY/tGC/w2x82oh2tIfofVR7NbDZfA9IISjzft0hbwQNNKy6Upl3o3jUfK8 jlUjDDwIabQU/FwiNHTy7vdh1QkP5NKebW1NmOePoncx9p7Kcm4yOPjpa1sEhTOe PXp0pOQBzUmsAAly+5jMR8Khbse4fN0CNaGcObi2qD4vz48wWAH60r/QAUTT1i2e uDiWXdCfhYm0DZRADqBmJVcAdTGDcsb2YOC3/8oXhvAD9Nkpchis3763HUqYb/bu 10wKuVKxDVEXxkVj9mEeIXrk5oftJTQ9AFuIwRgIrCfLK3RLoS760Zvj/kn1AOE= =PvrL -----END PGP SIGNATURE----- From hhhobbit7 at netscape.net Tue Apr 25 08:09:06 2006 From: hhhobbit7 at netscape.net (Henry Hertz Hobbit) Date: Tue Apr 25 08:08:45 2006 Subject: dealing with password in batch file Message-ID: <093E545B.0AFF16A9.0307202B@netscape.net> On 21 Apr 2006 Trevor Smith wrote: >On 21-Apr-06, at 3:11 PM, Sean Cerney wrote: >> I've been decrypting xml files for a while now with a batch file >> that converts the pgp file into an xml file with a timestamp. >> >> The thing is I always have to manually enter the password each time >> I run the batch file. I want to >> ... >> Any suggestions? Thank you. > >Sorry, I'm not 100% sure what you're trying to do (I couldn't see any >actual gpg stuff in your batch file, but it's been about a hundred >years since I've seen a .bat file so I could be missing the >obvious...), but if you're trying to automate passphrase entry into a >batch file, here is what I have used in a Unix (or, rather, Linux and >Mac OS X, actually) bash shell script: > >gpg --passphrase-fd 3 "$FILE" 3<$pwfile > >where $FILE is the file to be decrypted and $pwfile is a variable >that is set to some arbitrary file name that contains the passphrase. > >What the above does is (after you create a temporary file with the >passphrase in it) tell gpg to read the passphrase from "file >descriptor 3" and the last bit (3<$pwfile) tells Unix to redirect the >file, $pwfile, into file descriptor 3. > >Obviously you need to modify this somewhat to run on DOS (or Windows, >or whatever it's called these days) but it may point you in the right >direction. You will have to modify it more than just a little. All that can be redirected in Script files (what used to be called batch files) is just STDIN and STDOUT (<, >). I don't even know a way to redirect STDERR. Please correct me if I am wrong. I tried it for a long while and gave up. It just didn't know what 2> meant. You will most likely have to write it in either a VBScript or a JScript tool (I strongly advise using VBScript). In them you have enough power to open up a file, read in the password, close the file and delete the file contaning the password immediately after reading in the password. In reality, I wouldn't even use VBScript. I would use C and compile it. The code size is about the same and it runs much faster and you have more control. You won't even need to worry about File Descriptor 3 - you will embed the everything in a system() function call with the password embedded into the command. I use the Mars compiler http://www.digitalmars.com/ Your mileage will vary. I assume you know where all of the VBScript stuff is. I just don't think you can do it in batch because cmd.exe just isn't powerful enough to handle the redirect of FD-2 (STDERR), much less FD-3. A lot of people working with very powerful Linux shells (ksh, sh, bash, etc.) just don't know how weak Windows Shell scripting is. I used to update all kind of stuff with a huge project (was working with cross compilers for the Hobbit and Intel chips of Pen systems) and finally gave up and demanded that they give me a Turrible-C compiler to do all of it. At least with that I had findfirst(), findnext() to read the dir, etc and do things accordingly. The updates were so convoluted with dirs coming into existence and going out of existence that I finally had to use recursion to handle all of the stuff. HHH HHH __________________________________________________________________ Switch to Netscape Internet Service. As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register Netscape. Just the Net You Need. New! Netscape Toolbar for Internet Explorer Search from anywhere on the Web and block those annoying pop-ups. Download now at http://channels.netscape.com/ns/search/install.jsp From james at brutalhugs.com Tue Apr 25 06:26:08 2006 From: james at brutalhugs.com (James) Date: Tue Apr 25 08:26:12 2006 Subject: Editing comments Message-ID: <20060425042608.GH9164@brutalhugs.com> Is it possible to edit or delete the comments in a key's UID? Thanks. -- GPG Fingerprint: E8B0 8163 C9DF 6C91 4567 895C 090F 1B45 87ED 9963 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 191 bytes Desc: Digital signature Url : /pipermail/attachments/20060425/c0f3d24d/attachment.pgp From JPClizbe at comcast.net Tue Apr 25 08:35:14 2006 From: JPClizbe at comcast.net (John Clizbe) Date: Tue Apr 25 08:35:24 2006 Subject: Editing comments In-Reply-To: <20060425042608.GH9164@brutalhugs.com> References: <20060425042608.GH9164@brutalhugs.com> Message-ID: <444DC322.1030503@comcast.net> James wrote: > Is it possible to edit or delete the comments in a key's UID? > > Thanks. It's much simpler to add a new UID and delete the old one. If the key is on the keyservers you'll need to revoke the old UID instead of deleting it. -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Be who you are and say what you feel because those who mind don't matter and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 668 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060425/b2db03dc/signature.pgp From shavital at mac.com Tue Apr 25 13:06:02 2006 From: shavital at mac.com (Charly Avital) Date: Tue Apr 25 13:05:31 2006 Subject: Mac OS X - Installing and configuring 'gpg-agent' Message-ID: <444E029A.5030202@mac.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 New to this list. Running Mac OSX 10.4.6 (Darwin 8.6.0), gpg 1.4.3. Installed gpg-agent 1.9.10 using darwin.ports following the instructions contained in url: . Upon completion of installation of all required libraries and 1.9.10, I have the following results: - - man gpg-agent outputs 'No manual entry for gpg-agent' - - appropos gpg-agent outputs 'gpg-agent: nothing appropriate' - - which gpg-agent outputs '/usr/local/bin/gpg-agent' - So there is a gpg-agent installed, somehow. - - locate gpg-agent outputs: /opt/local/var/db/dports/sources/rsync.rsync.opendarwin.org_dpupdate_dports/security/gpg-agent /opt/local/var/db/dports/sources/rsync.rsync.opendarwin.org_dpupdate_dports/security/gpg-agent/Portfile /usr/local/bin/gpg-agent When I type gpg-agent in Terminal, I get: gpg-agent: can't connect to `/Users/shavital/.gnupg/S.gpg-agent': No such file or directory gpg-agent: no gpg-agent running in this session I am aware that current gpg 1.9* is 1.9.20. When I try to enable gpg-agent in gpg.conf(use-agent) and in the MUA (SeaMonkey 1.0.1+enigmail_0.94), the result is 'gpg-agent not available...' Thanks in advance for any assistance. Charly -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) Comment: GnuPG for Privacy Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBRE4ClW69XHxycyfPAQiFqRAAkHibZPNDmfrdGu0wQgR/gul8Ay+3rltU 5jcHgAhFb7JAx4bBjKKiW0BhPfArYGkZcEL5F9MWQ3g/sjlClGZ6Fvadv4aJS58S 5whToOMdZEi+JcMm/VS0fXWEnsJEsF8AFrtht7DkWcVDRMLmaPEqe76K0EDM0m/6 7jJcz+IV4hDB2hOQJleV1Z+TP0hdaQuKbSPJDZOzb9iUjhMIu854ZLeE26677nSB x/Ke87VVzInKICk1ShPg/tuJx7Vefdpk1kfcQ48CEYJjVzvUyuoQTGYMjCtD6Rn1 6voUjlUcHywtbjkLW8ASeaTSiOGIKPLzvqGCsouEMK5V7fEaR2BZBo2hqZ+Paj2/ L1qvUUunwK/TOumcjk3vXyryVMNESl8ApJlbLpun6MWOIkqa3VvoDhRHOUuRyQ3E L/ZaGhaP8F0ACI5eAzLWBTlI3FFNMMTjx1kVQWk6DDkhUmliTOrJ5T862wIU31+P +QcmH9TuS0t13qZJcGHh1hpcUCNqdJ0x72W5E4n/3HjKXB3+VUfNRYv3zBtkbzJZ phn39PJugUXIxqNZQKGFpNnC/KQ0cLWVD2ovS4r5DDbsGCVnbmoHdTUE7qhckX3/ oEKDoo1QHN0C9BAe1Xkp9yzEfVJnkrDgZsGTAsmdPdsesoaF6BKSIiJtLjVx+lEK LA1vZ/LDNps= =AXSP -----END PGP SIGNATURE----- From wk at gnupg.org Tue Apr 25 14:30:56 2006 From: wk at gnupg.org (Werner Koch) Date: Tue Apr 25 14:37:50 2006 Subject: Mac OS X - Installing and configuring 'gpg-agent' In-Reply-To: <444E029A.5030202@mac.com> (Charly Avital's message of "Tue, 25 Apr 2006 07:06:02 -0400") References: <444E029A.5030202@mac.com> Message-ID: <87y7xtltvj.fsf@wheatstone.g10code.de> On Tue, 25 Apr 2006 07:06:02 -0400, Charly Avital said: > New to this list. Running Mac OSX 10.4.6 (Darwin 8.6.0), gpg 1.4.3. > Installed gpg-agent 1.9.10 using darwin.ports following the instructions That is a pretty old version. > - man gpg-agent outputs 'No manual entry for gpg-agent' There is no man page. Use "info gnupg". > When I type gpg-agent in Terminal, I get: > gpg-agent: can't connect to `/Users/shavital/.gnupg/S.gpg-agent': No > such file or directory > gpg-agent: no gpg-agent running in this session Please read the manual. Basically you need to pass the option "--daemon" to startup gpg-agent. Without gpg-agent merely checks whether an instace is already running. Salam-Shalom, Werner ps. Here is a short excerpt from the manual (current version, though): @command{gpg-agent} is a daemon to manage secret (private) keys independently from any protocol. It is used as a backend for @command{gpg} and @command{gpgsm} as well as for a couple of other utilities. @noindent The usual way to run the agent is from the @code{~/.xsession} file: @example eval `gpg-agent --daemon` @end example @noindent If you don't use an X server, you can also put this into your regular startup file @code{~/.profile} or @code{.bash_profile}. It is best not to run multiple instance of the @command{gpg-agent}, so you should make sure that only one is running: @command{gpg-agent} uses an environment variable to inform clients about the communication parameters. You can write the content of this environment variable to a file so that you can test for a running agent. This short script may do the job: @smallexample if test -f $HOME/.gpg-agent-info && \ kill -0 `cut -d: -f 2 $HOME/.gpg-agent-info` 2>/dev/null; then GPG_AGENT_INFO=`cat $HOME/.gpg-agent-info` export GPG_AGENT_INFO else eval `gpg-agent --daemon` echo $GPG_AGENT_INFO >$HOME/.gpg-agent-info fi @end smallexample @noindent Note that the new option @option{--write-env-file} may be used instead. @noindent You should always add the following lines to your @code{.bashrc} or whatever initialization file is used for all shell invocations: @smallexample GPG_TTY=`tty` export GPG_TTY @end smallexample @noindent It is important that this environment variable always reflects the output of the @code{tty} command. For W32 systems this option is not required. Please make sure that a proper pinentry program has been installed under the default filename (which is system dependant) or use the option @code{pinentry-pgm} to specify the full name of that program. It is often useful to install a symbolic link from the actual used pinentry (e.g. @file{/usr/bin/pinentry-gtk}) to the expected one (e.g. @file{/usr/bin/pinentry}). From shavital at mac.com Tue Apr 25 16:13:42 2006 From: shavital at mac.com (Charly Avital) Date: Tue Apr 25 16:13:27 2006 Subject: Mac OS X - Installing and configuring 'gpg-agent' In-Reply-To: <87y7xtltvj.fsf@wheatstone.g10code.de> References: <444E029A.5030202@mac.com> <87y7xtltvj.fsf@wheatstone.g10code.de> Message-ID: <444E2E96.7030803@mac.com> Werner, thanks for your prompt answer, and for quoting relevant parts of the manual. I'll try to do my best with them. Following are some responses embedded to your remarks. Thanks again, Charly Werner Koch wrote on 4/25/06 8:30 AM: > On Tue, 25 Apr 2006 07:06:02 -0400, Charly Avital said: > >> New to this list. Running Mac OSX 10.4.6 (Darwin 8.6.0), gpg 1.4.3. >> Installed gpg-agent 1.9.10 using darwin.ports following the instructions > > That is a pretty old version. Indeed. I never succeeded to compile 1.9.20 from source; there was always one error or other (as I reported previously to gnupg-users). So I tried DarwinPorts. They offered quite a functional set up. > >> - man gpg-agent outputs 'No manual entry for gpg-agent' > > There is no man page. Use "info gnupg". Good to know. DarwinPorts page suggests: ----- Once the software has been installed, you can find further information about using gpg-agent with these commands: % man gpg-agent % apropos gpg-agent % which gpg-agent % locate gpg-agent ----- > >> When I type gpg-agent in Terminal, I get: >> gpg-agent: can't connect to `/Users/shavital/.gnupg/S.gpg-agent': No >> such file or directory >> gpg-agent: no gpg-agent running in this session > > Please read the manual. Basically you need to pass the option > "--daemon" to startup gpg-agent. Without gpg-agent merely checks > whether an instace is already running. I knew something had to be done with daemon, but had no idea what or how to. > > > Salam-Shalom, > > Werner Take care, Charly > > ps. That's one of the most useful PSs I've ever received. > Here is a short excerpt from the manual (current version, though): [...] From wk at gnupg.org Wed Apr 26 13:29:06 2006 From: wk at gnupg.org (Werner Koch) Date: Wed Apr 26 13:47:00 2006 Subject: [Announce] Gpg4win 1.0.1 released In-Reply-To: <8764lld2fy.fsf@wheatstone.g10code.de> (Werner Koch's message of "Fri, 07 Apr 2006 13:56:17 +0200") References: <8764lld2fy.fsf@wheatstone.g10code.de> Message-ID: <871wvkk22l.fsf@wheatstone.g10code.de> Skipped content of type multipart/signed-------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From cri at linux.it Wed Apr 26 16:35:03 2006 From: cri at linux.it (Cristian Rigamonti) Date: Wed Apr 26 20:26:22 2006 Subject: Athena ASE drive IIIe card reader Message-ID: <20060426143503.GA4112@pegasus> Hi, can anyone confirm if the Athena ASE drive IIIe card reader is supported by gpg? If this is the case, would you recommend it over the SCM SCR-335 reader? Cri -- GPG/PGP Key-Id 0x943A5F0E - http://www.linux.it/~cri/cri.asc Free software, free society - http://www.fsfeurope.org From bob at rsmits.ca Wed Apr 26 21:22:51 2006 From: bob at rsmits.ca (Robert Smits) Date: Wed Apr 26 21:22:51 2006 Subject: Why are my signatures being labelled as bad? In-Reply-To: <444CB5C5.5080904@joimail.com> References: <200604191247.06112.labour@telus.net> <200604232107.33320.bob@rsmits.ca> <444CB5C5.5080904@joimail.com> Message-ID: <200604261222.51540.bob@rsmits.ca> On Monday 24 April 2006 04:25, John W. Moore III wrote: > Bob Smits wrote: > >> I have found on the keyservers two keys that seem to belong to you: > >> (1) Robert Smits > >> 1024 bit RSA key 49E9AF38, created: 2006-04-19 > >> (2) Robert Smits > >> 1024 bit DSA key E7629731, created: 2005-12-31 > > > > Both are out of date, but so far I can't figure out how to cancel them at > > the keyservers. > > You can't! Your only option is to Revoke them if you never plan to use > them for communication again. Thanks, John, but I knew that. What I can't figure out is how to upload the revocation certificates to a key server. Bob. -- President Cowichan Ladysmith NDP, Robert Smits Ph 245-2553 Fax 245-5531 Email bob@rsmits.ca From johnmoore3rd at joimail.com Wed Apr 26 21:37:33 2006 From: johnmoore3rd at joimail.com (John W. Moore III) Date: Wed Apr 26 21:36:46 2006 Subject: Why are my signatures being labelled as bad? In-Reply-To: <200604261222.51540.bob@rsmits.ca> References: <200604191247.06112.labour@telus.net> <200604232107.33320.bob@rsmits.ca> <444CB5C5.5080904@joimail.com> <200604261222.51540.bob@rsmits.ca> Message-ID: <444FCBFD.5080101@joimail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Robert Smits wrote: > Thanks, John, but I knew that. What I can't figure out is how to upload the > revocation certificates to a key server. Select the Revoke cert and Upload that to the Keyserver(s); it'll be added as a UID and become effective as soon as "sharing" is complete. My advice; Upload to all Keyservers and speed the time frame. Also, Post your Revoke Cert to Groups/List so that others may Import quickly! JOHN :-\ Timestamp: Wednesday 26 Apr 2006, 15:36 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4-svn4123: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org Comment: Homepage: http://tinyurl.com/9ubue Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJET8v8AAoJEBCGy9eAtCsP1wUIAIpwGC2QfPY90lwIE3GIcEEF YGsSEAKDKA5Ci1H+PuMSo/HkgvDiSC+vffOB9jkZHg+XgdSRNE1YQJb3nxfNSko6 1iAaAQ240bT+PCll0+QVZu1zqcpki6S/RoD3AE/v9vkuCPox8WZtJ2FuPjorPXfd 4smz/XN5CqQZOAEspRYm6K4HaXHeEvbQ66OywmEO9fXK3P0shLuf62apRznT0NjZ DvGdkEjx91cSry485eoLR1yrZd1AW/lrsJge48TjhS+m1pe5VX6j9AJ9sBre3REm +r+P78a5H4CSYIM0PUasI0ifL6UAaM25nqyCmOADlrJMJ7Klrl7C+3NBus7kZuU= =BgVS -----END PGP SIGNATURE----- From sarixe at gmail.com Wed Apr 26 23:47:07 2006 From: sarixe at gmail.com (Sarixe Avaliesz) Date: Wed Apr 26 23:49:16 2006 Subject: GPA on a USB flash drive? Message-ID: Hey all, I was wondering if it was possible to configure GPA to run solely from a USB drive. Is it possible to have a gpa.conf on the USB so that it doesn't require it in Application Data? Thanks. Sarixe -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060426/2bbdc1e4/signature.pgp From johnmoore3rd at joimail.com Thu Apr 27 00:54:15 2006 From: johnmoore3rd at joimail.com (John W. Moore III) Date: Thu Apr 27 00:53:38 2006 Subject: USB Drive Use Message-ID: <444FFA17.2080309@joimail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Sarixe Avaliesz wrote: > > Hey all, > > I was wondering if it was possible to configure GPA to run solely from a > > USB drive. Is it possible to have a gpa.conf on the USB so that it > > doesn't require it in Application Data? Thanks. > > Sarixe If you mean GPG then Yes there is. Check out GPG 2 GO on my Homepage: http://tinyurl.com/9ubue JOHN :-D Timestamp: Wednesday 26 Apr 2006, 18:54 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4-svn4123: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org Comment: Homepage: http://tinyurl.com/9ubue Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJET/oWAAoJEBCGy9eAtCsPkV0H/3isyy6X4uZ5w+PtA/mea0mV v2mIyW3SoeuW6fhBd/YlmPa3bnPag7fAV74jBBtDdldt5AaNj0tAtNaqujb+LK9Z OCnZ6nop5LTEVIJ2YYACXng/qsRJ5bXkgX8vm8WUOxC0NJcPak20F0Fo/tYiHqJn rnKK63yY+9IvcRuUHdu6svFYbSHEpy+ltFby+5kq4DL+soAu4bl6hG9XP0vPaiI4 FLkPFoAC3RTFG6Wx5lL9YTffqfbqiCj9LDkR6scwOQpg1pDmhs237JLPYCFDF0gl 9b53cHoCdxhpgPYe+EggxBcOB5crtQlvebVbfaGrfUhqmmRBVrdveKiklX/ztmY= =69Mh -----END PGP SIGNATURE----- From sarixe at gmail.com Thu Apr 27 01:13:41 2006 From: sarixe at gmail.com (Sarixe Avaliesz) Date: Thu Apr 27 01:13:23 2006 Subject: USB Drive Use In-Reply-To: <444FFA17.2080309@joimail.com> References: <444FFA17.2080309@joimail.com> Message-ID: John W. Moore III wrote: > If you mean GPG then Yes there is. Check out GPG 2 GO on my Homepage: > > http://tinyurl.com/9ubue > > JOHN :-D > Timestamp: Wednesday 26 Apr 2006, 18:54 --400 (Eastern Daylight Time) No, I mean GPA. I already have successfully installed GPG on my USB device. It's GPA (GNU Privacy Assistant). Actually, It doesn't need to be GPA, I'm just looking for a portable frontend to GPG that I can install on the USB device and use on multiple computers. One of these computers has the users configured in such a way that the privileges are very limited, thus I can't have anything with a registry value, etc. Any suggestions? Sarixe -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060426/8426592b/signature-0001.pgp From rdavelambert at gawab.com Thu Apr 27 03:26:09 2006 From: rdavelambert at gawab.com (rDeel) Date: Thu Apr 27 03:25:20 2006 Subject: GnuPG and Pegasus Mail Message-ID: <4112811.post@talk.nabble.com> What is the simplest way of integrating GnuPG with the Pegasus Mail client? Is there a plugin for Pegasus? Many thanks. -- View this message in context: http://www.nabble.com/GnuPG-and-Pegasus-Mail-t1515185.html#a4112811 Sent from the GnuPG - User forum at Nabble.com. From labour at telus.net Wed Apr 26 00:22:16 2006 From: labour at telus.net (Robert Smits) Date: Thu Apr 27 11:35:46 2006 Subject: Why are my signatures being labelled as bad? In-Reply-To: <4448B20C.3080805@mac.com> References: <200604191247.06112.labour@telus.net> <4448B20C.3080805@mac.com> Message-ID: <200604251522.26778.labour@telus.net> On Friday 21 April 2006 03:21, you wrote: > A 'bad signature' can be caused by many different factors, one frequent > cause being a text wrap problem. > > When a message is not only signed but encrypted+signed, the encryption > process *might* write off the cause of a bad signature. > > You might try sending a signed message to the list; maybe some clue > could be found. OK, here is a message to the list that is signed by me as labour@telus.net -- Robert Smits Exec Ass't Ph 753-0201 Fax 753-2954 Email labour@telus.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: not available Url : /pipermail/attachments/20060425/face16b3/attachment.pgp From alphasigmax at gmail.com Thu Apr 27 11:41:10 2006 From: alphasigmax at gmail.com (Alphax) Date: Thu Apr 27 11:41:50 2006 Subject: USB Drive Use In-Reply-To: References: <444FFA17.2080309@joimail.com> Message-ID: <445091B6.6040106@gmail.com> Sarixe Avaliesz wrote: > John W. Moore III wrote: >> If you mean GPG then Yes there is. Check out GPG 2 GO on my Homepage: >> >> http://tinyurl.com/9ubue >> >> JOHN :-D >> Timestamp: Wednesday 26 Apr 2006, 18:54 --400 (Eastern Daylight Time) > No, I mean GPA. I already have successfully installed GPG on my USB > device. It's GPA (GNU Privacy Assistant). Actually, It doesn't need to > be GPA, I'm just looking for a portable frontend to GPG that I can > install on the USB device and use on multiple computers. One of these > computers has the users configured in such a way that the privileges are > very limited, thus I can't have anything with a registry value, etc. > Any suggestions? For a multi-environment setup, the Java-based Occulti suite (http://sourceforge.net/projects/occulti) might be an option. Of course, it's still in beta, and I've never used it, and I have no idea if it would work on a USB device, but it's worth a try... -- Alphax Death to all fanatics! Down with categorical imperative! OpenPGP key: http://tinyurl.com/lvq4g -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 551 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060427/8d163cbf/signature.pgp From richard at sheflug.co.uk Thu Apr 27 11:19:15 2006 From: richard at sheflug.co.uk (Richard Ibbotson) Date: Thu Apr 27 13:26:12 2006 Subject: GnuPG and Pegasus Mail In-Reply-To: <4112811.post@talk.nabble.com> References: <4112811.post@talk.nabble.com> Message-ID: <200604271019.23404.richard@sheflug.co.uk> Hi >What is the simplest way of integrating GnuPG with the Pegasus Mail > client? Is there a plugin for Pegasus? Many thanks. http://community.wow.net/grt/qdgpg.html I haven't used because I only have access to GNU/Linux desktops. It's supposed to be reliable. Used Pegasus a lot when I was still using winduhs a long time ago. -- Richard www.sheflug.co.uk From shavital at mac.com Thu Apr 27 15:10:55 2006 From: shavital at mac.com (Charly Avital) Date: Thu Apr 27 15:10:08 2006 Subject: Why are my signatures being labelled as bad? In-Reply-To: <200604251522.26778.labour@telus.net> References: <200604191247.06112.labour@telus.net> <4448B20C.3080805@mac.com> <200604251522.26778.labour@telus.net> Message-ID: <4450C2DF.5000602@mac.com> I could verify the signature as Good. Charly Robert Smits wrote the following on 4/25/06 6:22 PM: > On Friday 21 April 2006 03:21, you wrote: >> A 'bad signature' can be caused by many different factors, one frequent >> cause being a text wrap problem. >> >> When a message is not only signed but encrypted+signed, the encryption >> process *might* write off the cause of a bad signature. >> >> You might try sending a signed message to the list; maybe some clue >> could be found. > > OK, here is a message to the list that is signed by me as labour@telus.net From henkdebruijn at wanadoo.nl Thu Apr 27 15:28:01 2006 From: henkdebruijn at wanadoo.nl (Henk M. de Bruijn) Date: Thu Apr 27 15:27:00 2006 Subject: Why are my signatures being labelled as bad? In-Reply-To: <200604261222.51540.bob@rsmits.ca> References: <200604191247.06112.labour@telus.net> <200604232107.33320.bob@rsmits.ca> <444CB5C5.5080904@joimail.com> <200604261222.51540.bob@rsmits.ca> Message-ID: <1071300306.20060427152801@wanadoo.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Wed, 26 Apr 2006 12:22:51 -0700GMT (26-4-2006, 21:22 +0200, where I live), Robert Smits wrote: > On Monday 24 April 2006 04:25, John W. Moore III wrote: >> Bob Smits wrote: >> > Both are out of date, but so far I can't figure out how to cancel them at >> > the keyservers. >> You can't! Your only option is to Revoke them if you never plan to use >> them for communication again. > Thanks, John, but I knew that. What I can't figure out is how to upload the > revocation certificates to a key server. AFAIK you have to import the revocation certificate into your key(ring) and after that upload the revoked key to the keyserver(s). HTH - -- Henk M. de Bruijn ______________________________________________________________________ The Bat! Natural E-Mail System? version 3.73 Release Candidate 1 Pro on Windows XP SP2 Request-PGP: http://www.biglumber.com/x/web?qs=0x6C9F6CE78C32408B Gossamer Spider Web of Trust http://www.gswot.org A progressive and innovative Web of Trust -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4-svn4123: (MingW32) iQEVAwUBRFDG3RHuy+60ZN0PAQg1Hwf/Tu2GIFRTOqaBGyvbqntA42y8c24hInjH 1n6wzrg3VhxABcNGgvDcsQXKh0INqO2SJeQ0wvfk4I5+yF9lkvna3VNrZkscq2cO uEPdRrJsEDXjSnm1ljqo1mRHYCeScnwRTmXMgpmaUaB30lk4kHE0/hkaecBx8jS7 +Q9QFFuZP+cfgsT1Xg7XbcvZEplWjvH9WBo6hDMJvEYi8CdGfX/LZ60ajKtyCtOC TwxRDzkkLMmg82Pe7auyuyWlFkKQ1rpfJVeSTLhJ9sGrckiV48KvABAmkqzYA+wB W34qdex3q025d67hEMax5dvnImeXyyu0loRzTDNWxcIa+C2doedzOg== =dl8e -----END PGP SIGNATURE----- From ml at bitfalle.org Thu Apr 27 19:19:18 2006 From: ml at bitfalle.org (markus reichelt) Date: Thu Apr 27 19:19:03 2006 Subject: Why are my signatures being labelled as bad? In-Reply-To: <444FCBFD.5080101@joimail.com> References: <200604191247.06112.labour@telus.net> <200604232107.33320.bob@rsmits.ca> <444CB5C5.5080904@joimail.com> <200604261222.51540.bob@rsmits.ca> <444FCBFD.5080101@joimail.com> Message-ID: <20060427171918.GB4191@dantooine> * "John W. Moore III" wrote: > Also, Post your Revoke Cert to Groups/List so that others may > Import quickly! first time that i stumble upon this kind of advice; it depends, i'd say. if the majority of that list is in fact using digital signatures and/or only encrypted messages, then's ok to post the rev. certificate itself. if not, well, then maybe a footer info line is sufficient. not half a page of annoying capital letter ascii, tho ;-) of course, routine contacts (who use signatures /encryption) shall be informed too, if not first. but please no mass mailings to those who are ignorant of the issue, anyway. -- left blank, right bald -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 191 bytes Desc: not available Url : /pipermail/attachments/20060427/e190e04b/attachment.pgp From rdavelambert at gawab.com Thu Apr 27 20:36:04 2006 From: rdavelambert at gawab.com (rDeel) Date: Thu Apr 27 20:35:06 2006 Subject: GnuPG and Pegasus Mail In-Reply-To: <200604271019.23404.richard@sheflug.co.uk> References: <4112811.post@talk.nabble.com> <200604271019.23404.richard@sheflug.co.uk> Message-ID: <4126977.post@talk.nabble.com> Richard Ibbotson wrote: > > http://community.wow.net/grt/qdgpg.html > > Yes, I found this on Google. However, when I try to download, all I get is a 0-Byte long zip file? Is there another location for this file? Many Thanks! -- View this message in context: http://www.nabble.com/GnuPG-and-Pegasus-Mail-t1515185.html#a4126977 Sent from the GnuPG - User forum at Nabble.com. From andriash at gmail.com Fri Apr 28 08:12:59 2006 From: andriash at gmail.com (Nick Andriash) Date: Fri Apr 28 09:56:13 2006 Subject: GnuPG and Pegasus Mail In-Reply-To: <4126977.post@talk.nabble.com> References: <200604271019.23404.richard@sheflug.co.uk> <4126977.post@talk.nabble.com> Message-ID: <20060427231050.7562.ANDRIASH@gmail.com> Hello rDeel, On Thursday, April 27 2006 at 11:36 AM PDT, you wrote: > Yes, I found this on Google. However, when I try to download, all I get is a > 0-Byte long zip file? No, the link works, but the download is slow. The file I was able to download was 189 KB. I think you should just keep trying. -- -=Nick Andriash=- -=Creston, B.C. Canada=- Becky Internet Mail v2.25 on Win XP Pro _______________________________________________________________ PGPKey at: http://www.biglumber.com/x/web?qs=0xDAEB2FB93BCA7DD2 PGPKey at: http://www.biglumber.com/x/web?qs=0xC9134763 Gossamer Spider Web of Trust http://www.gswot.org From widhalmt at unix.sbg.ac.at Fri Apr 28 12:33:44 2006 From: widhalmt at unix.sbg.ac.at (Thomas Widhalm) Date: Fri Apr 28 12:33:31 2006 Subject: pgp & outlook In-Reply-To: <000001c66479$f2a0e950$2801a8c0@MBRC40> References: <000001c66479$f2a0e950$2801a8c0@MBRC40> Message-ID: <4451EF88.4040601@unix.sbg.ac.at> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael D. Berger wrote: > Now that I have gpg working on my linux box, > I was thinking of cutting-and-pasting or attaching > encrypted messages into outlook on my win2k box. > On the other hand, I see that there are outlook pgp > plugins. Are these good to use? Any suggestions > regarding which plugin to use? > Hi! I would really suggest using another Emailclient, but if you are stuck to Outlook, try http://www.gpg4win.org/index.html . We try to establish this as a standard features for all the MS Outlook users within our Organizational Unit. Feel free to ask, if you have any further questions. Regards, Thomas - -- ***************************************************************** * Thomas Widhalm Unix Administrator * * University of Salzburg ITServices (ITS) * * Systems Management Unix Systems * * Hellbrunnerstr. 34 5020 Salzburg, Austria * * widhalmt@unix.sbg.ac.at +43/662/8044-6774 * * gpg: 6265BAE6 * * http://www.sbg.ac.at/zid/organisation/mitarbeiter/widhalm.htm * ***************************************************************** -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFEUe+Ikbjs3GJluuYRAlnvAJ45Vy8EczqjV1bYw2JeORqc7aDPtQCfQE4n k5V395LvNxQiOBg6S7r/RDs= =2fzK -----END PGP SIGNATURE----- From wk at gnupg.org Fri Apr 28 14:38:18 2006 From: wk at gnupg.org (Werner Koch) Date: Fri Apr 28 14:41:26 2006 Subject: Key signing at the LinuxTag Message-ID: <877j59q3id.fsf@wheatstone.g10code.de> Hi! This is just a short note, that I will attend the LinuxTag and be available for key signing. The LinuxTag[1] is the largest trade show and conference event in Europe for GNU/Linux related things. It will take place next week From May 3rd to 6th at the Rhein-Main-Hallen in Wiesbaden (close to Frankfurt). You may meet me at the FSF Europe booth or at the social events on Thursday and Friday night. Shalom-Salam, Werner [1] http://www/linuxtag.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available Url : /pipermail/attachments/20060428/b7df337c/attachment.pgp From ml at bitfalle.org Fri Apr 28 18:22:44 2006 From: ml at bitfalle.org (markus reichelt) Date: Fri Apr 28 18:22:26 2006 Subject: Key signing at the LinuxTag In-Reply-To: <877j59q3id.fsf@wheatstone.g10code.de> References: <877j59q3id.fsf@wheatstone.g10code.de> Message-ID: <20060428162244.GB7903@dantooine> * Werner Koch wrote: > This is just a short note, that I will attend the LinuxTag and be > available for key signing. will you attend the key signing party too? -- left blank, right bald -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 191 bytes Desc: not available Url : /pipermail/attachments/20060428/9265cd0d/attachment.pgp From wk at gnupg.org Fri Apr 28 19:29:00 2006 From: wk at gnupg.org (Werner Koch) Date: Fri Apr 28 19:31:18 2006 Subject: Key signing at the LinuxTag In-Reply-To: <20060428162244.GB7903@dantooine> (markus reichelt's message of "Fri, 28 Apr 2006 18:22:44 +0200") References: <877j59q3id.fsf@wheatstone.g10code.de> <20060428162244.GB7903@dantooine> Message-ID: <87odylobhf.fsf@wheatstone.g10code.de> On Fri, 28 Apr 2006 18:22:44 +0200, markus reichelt said: > will you attend the key signing party too? Only if they don't require to register for that party and use a speedy protocol; i.e. requiring participants to hand out paper stripes with the fingerprint while at the same same time presenting some kind of ID card to the other next participant; then rotating to the next one. Shalom-Salam, Werner From iam-est-hora-surgere at despammed.com Fri Apr 28 19:53:42 2006 From: iam-est-hora-surgere at despammed.com (Marcus Frings) Date: Fri Apr 28 19:53:13 2006 Subject: Key signing at the LinuxTag References: <877j59q3id.fsf@wheatstone.g10code.de> <20060428162244.GB7903@dantooine> <87odylobhf.fsf@wheatstone.g10code.de> Message-ID: * Werner Koch wrote: > On Fri, 28 Apr 2006 18:22:44 +0200, markus reichelt said: >> will you attend the key signing party too? > Only if they don't require to register for that party and use a speedy > protocol; i.e. requiring participants to hand out paper stripes with > the fingerprint while at the same same time presenting some kind of ID > card to the other next participant; then rotating to the next one. Okay, then I believe you will not attend the key signing party for they use another protocol and registration is required by this Sunday: http://www.linuxtag.org/2006/de/community/keysigning.html However, I would like to exchange fingerprints with you, Werner. I will be there on Friday. Can we set up place and time here so other people can join, too? Regards, Marcus -- "Ich hab BIND Code gelesen. Und es war schrecklich. Ich hab tinydns Code gelesen. Und es war schrecklich. Man sollte Paul Vixie und DJB mal DNS erklaeren. Akademisch betrachtet ist tinydns minderwertig. Aber es funktioniert halt. Angeblich." Thomas Ogrisegg in From JPClizbe at comcast.net Sat Apr 29 03:23:27 2006 From: JPClizbe at comcast.net (John Clizbe) Date: Sat Apr 29 03:29:32 2006 Subject: pgp & outlook In-Reply-To: <000001c66479$f2a0e950$2801a8c0@MBRC40> References: <000001c66479$f2a0e950$2801a8c0@MBRC40> Message-ID: <4452C00F.5090802@comcast.net> Michael D. Berger wrote: > Now that I have gpg working on my linux box, > I was thinking of cutting-and-pasting or attaching > encrypted messages into outlook on my win2k box. > On the other hand, I see that there are outlook pgp > plugins. Are these good to use? Any suggestions > regarding which plugin to use? No need to c&p. To access GnuPG from Outlook, you may use the GPGol Outlook extension or the current-window and clipboard functions of key managers such as WinPT and GPGshell. Never used Outlook so I can't really suggest which to use. -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Be who you are and say what you feel because those who mind don't matter and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 668 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20060428/a703eb2a/signature.pgp From rdavelambert at gawab.com Sat Apr 29 04:00:09 2006 From: rdavelambert at gawab.com (rDeel) Date: Sat Apr 29 03:59:09 2006 Subject: GnuPG and Pegasus Mail In-Reply-To: <20060427231050.7562.ANDRIASH@gmail.com> References: <4112811.post@talk.nabble.com> <200604271019.23404.richard@sheflug.co.uk> <4126977.post@talk.nabble.com> <20060427231050.7562.ANDRIASH@gmail.com> Message-ID: <4150438.post@talk.nabble.com> No, the link works, but the download is slow. The file I was able to download was 189 KB. I think you should just keep trying. Thanks Nick, I think I had a poor setting in star Downloader program. I got the file OK today via Firefox. Wish me luck :-) LOL. -- View this message in context: http://www.nabble.com/GnuPG-and-Pegasus-Mail-t1515185.html#a4150438 Sent from the GnuPG - User forum at Nabble.com. From shavital at mac.com Sun Apr 30 16:17:47 2006 From: shavital at mac.com (Charly Avital) Date: Sun Apr 30 16:17:17 2006 Subject: Problem with signing subkey - SHA256 Message-ID: <4454C70B.1030009@mac.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I have carried out checks, tests, and research, and still cannot solve the following problem. I run gpg 1.4.3 on three different Macs. All three have the same pubrings and secrings. All three have the same gpg.conf settings. On two of them, I have no problem using an additional signing subkey to clear-sign with SHA256. On the third one, whenever I try to sign in-line, with digest-algo SHA256 enabled in gpg.conf, I get the error message "DSA keys require a 160 bit hash...". The warning shows with three different MUAs (Eudora, Mail.app, SeaMonkey 1.0.1). SHA1 works fine. Does it mean that in that computer, gpg does not recognize or accept the signing subkey, and why? The only difference with this third computer, is that it is running OS 10.3.9, while the two other run 10.4.6. I cannot believe this is the reason why the signing subkey is not used. The key is the same key in the three Macs. The "third" computer's clock shows the correct time and date, therefore there is no possibility of gpg not recognizing a subkey that might have been generated "in the future". I even enabled --ignore-valid-from, but no change. Any ideas? Thanks, Charly -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) Comment: GnuPG for Privacy Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBRFTHBW69XHxycyfPAQjp8Q/+KgqGlkRJ0OTnYyV2r8j5+VZVVBV4RUAc u0eQs9KK0KQ8XB6fWpNyL5bhfIf+VxMigTUDwYHWP+oEKTzHNrPsCPESyEJY9jBs XHfRH5QZ94JkFxrancgAh/SyEYedNGWo+UXvoU4KW/LRBVcbXBxL3J+hHJEXCbol dVSosH01ptUlrVLO/3iQAbyAQJbhVx7rDbe4/hBu8gmsjnSjs7u79SYnrXNx38Pv jnUlkBHIbB9Ak0R8mh8dnynI00pWw/xIH6g1uHHctXFYZo0JdDdg8yNFXUimQBQ2 H30YaRonuv4ozbUQ1qDSr5EmbJlFB2uH6Hw2ZOwi2fcVcwQtrjvKhbEw5dlAg3jR zFzQdb3kwC/xxOE6rHXnK20D3+Ml0lWcxgdHzJSksZRVXiDC+F7Bub2TdL/r/MjU BmOsmeDxtji5z44RGkJk87zLZ1Iu6fNQhOLWqI5NQzVYsfxKiAwLvmMubspkyK9i Wu9x6fd3G0eK/NjABPeeDcf3Ez9X+DIiqOYcdGoQCecjc9BLsLi7zKfdjip0GFH0 u+imqt/EZYwPkK3fYDTcd1OghQrlJr2P60gI4kd3PNEweCTaCduew1g6+ydFGoVi 4yPUktRL7hM7MGM/vtA7OeKO3cj1hB3GjD50CBWZ7mxWaT6VJC8fixeBwpeinsaO rwJHc+V4Py0= =Comz -----END PGP SIGNATURE----- From adi-lists at koalatux.ch Sun Apr 30 16:08:07 2006 From: adi-lists at koalatux.ch (Adrian Friedli) Date: Sun Apr 30 17:26:09 2006 Subject: card inactive Message-ID: <200604301608.16577.adi-lists@koalatux.ch> Hi I've got a SCM SCR335 cardreader and a cryptocard from fsfe.org. I've setup udev, so the user has access to the device. Then when I want to access my card: $ gpg -v --card-status gpg: pcsc_connect failed: unknown reader (0x80100009) gpg: card reader not available gpg: OpenPGP card not available: general error And when I stop pcscd I get this: $ gpg -v --card-status gpg: reader slot 0: using ccid driver gpg: apdu_send_simple(0) failed: card inactive My system is a Debian sid. GnuPG is version 1.4.3. Please help. Thanks Adrian friedli -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20060430/9d461f37/attachment.pgp From shavital at mac.com Sun Apr 30 22:44:11 2006 From: shavital at mac.com (Charly Avital) Date: Sun Apr 30 22:43:28 2006 Subject: Mac OS X - Installing and configuring 'gpg-agent' In-Reply-To: <4454FBAE.5040007@py-soft.co.uk> References: <444E029A.5030202@mac.com> <4454FBAE.5040007@py-soft.co.uk> Message-ID: <4455219B.9020903@mac.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Thanks really for your feedback. I very much doubt I'll be able to do what you did. I'll try. If I don't succeed, I'll e-mail you again a week or so from now, thanking you in advance for your assistance. Charly Benjamin Donnachie wrote on 4/30/06 2:02 PM: > Charly Avital wrote: >> New to this list. Running Mac OSX 10.4.6 (Darwin 8.6.0), gpg 1.4.3. >> Installed gpg-agent 1.9.10 using darwin.ports following the instructions >> contained in url: . > > After much fuss, I recently persuaded gpg-agent v1.9.20 to compile under > Mac OS with Darwin Ports. If I remember rightly, I used ports to > install most of the libraries. However, one library was too out of date > and I used ports file from the previous version to modify it. > > I then had to modify the gpg-agent source code to refer to the PCSC > driver under Mac OS and it now works perfectly on my system. > > Unfortunately, I haven't got time to list the exact steps at the moment > but, hopefully, the above might help you enough to get it going. If it > doesn't, send me a message in about a week and I will send more detailed > information / look into updating the gpg-agent port. > > Ben > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) Comment: GnuPG for Privacy Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBRFUhl269XHxycyfPAQhKdRAAnsx38TMSqac+tD/0aw7HP17NhX2GZ/j3 v7GHasIZyzyc/Jv+mMa/Tq4gmH3FpyK98AYtAWKJS86Qi0HKsXNN2GKKSNSOHEoN 2Xf1mFW8i3/wdkvezwrwJMSIOhj4sd3AQQIwTI4AUPKDVSdaZnB4c3bb19ZfJ81e 8e8OAb0vajPx0e0ljDy4bwSnm6iP0anjFkgddeNLNxddd+eibg2at5lf2LMvbPbH l6kLhcgrG3ES1ehjD+ZqxeGFbUeTh3zyzhIeN9MiLdRgWr1ixWKt0XQZMxFaVj2e vGCUxE2WmxIl6OY8lQQ7qO4EVkcjC+qqbdiuBm6M27sZxde0eVPEWJiTPmCh1J3R JiiaBPWHj1XfhRWhGsEGGVB50PliTDNb5la1WMyOGgs6x7tGVl6TFlrzBsE1z+Of LgmUtskg2GuXGA2q0mLijnVzrjmw1vRx519Qqc9ZbNYO/9agy1EjZGp8ZGNZ3OFZ PLDbOqghiS3ELn/DwRbCWLz87igILoC3DnoVJZjoETrUYwZm9cvgCozI4xNWrhu1 4riXNpjG6rPSIjXl4/sJbS5aL+CNSpCJGBEQddL+FLkNIrTXGR/4mcoAwVoZ8YKf oUho+aHK/0MDXHCIGSVNfZBOvv7O2UGPBMAY2rrVcOLG89GWvhO/zR7voLB8XU34 ML2dNfdk08A= =RCWp -----END PGP SIGNATURE----- From benjamin at py-soft.co.uk Sun Apr 30 20:02:22 2006 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Sun Apr 30 22:56:05 2006 Subject: Mac OS X - Installing and configuring 'gpg-agent' In-Reply-To: <444E029A.5030202@mac.com> References: <444E029A.5030202@mac.com> Message-ID: <4454FBAE.5040007@py-soft.co.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Charly Avital wrote: > New to this list. Running Mac OSX 10.4.6 (Darwin 8.6.0), gpg 1.4.3. > Installed gpg-agent 1.9.10 using darwin.ports following the instructions > contained in url: . After much fuss, I recently persuaded gpg-agent v1.9.20 to compile under Mac OS with Darwin Ports. If I remember rightly, I used ports to install most of the libraries. However, one library was too out of date and I used ports file from the previous version to modify it. I then had to modify the gpg-agent source code to refer to the PCSC driver under Mac OS and it now works perfectly on my system. Unfortunately, I haven't got time to list the exact steps at the moment but, hopefully, the above might help you enough to get it going. If it doesn't, send me a message in about a week and I will send more detailed information / look into updating the gpg-agent port. Ben -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBRFT7rOgNmph0Y1E2AQJ7NA/+Ns0dj3YR8P2EFqhdIWEoL3a+21wUUZIO mnBmVntrLwnZbXEAwHB+iAu2OF7TBihemrFohfNYGg7xMZ6qDoaCm0V/HHovJ7mC AKFmbJLAVIyrMJ9Gu/AA4IjmG8D+z6JpXjgfpk82TcYC+u3tnqpYVgoWcaNJCapH /i72qyLHUlhYkCxEgNbH4iNjRb32y4PCjjGja695LH3Bds0HmT+6sDfSJAXuHgCc 09oQ9b2eANN4EJF/KCtJakpkbWftwti7O2S2yqVaHik5CDzIKeT3aDhQaavVO2Nw mxdssMFGSx+LuQ3WOn5rWo3mtmRKhKnEcCAsRD0NXjvseS39KhdnP6MbQHAOeQIq pvIBC0DHHwDH8x5n0K9hWxHZuU7u5vK+SlFDpzVLUJjr+VajEe5yV9HDZm8J/F3d cyezz5zh0I8GWMQnCMjyLm7XVkfWG6/sO9SlP3j9dIy2FwsX49jT6CNSDAJRGKJg BcXlNz2a7mZMBEUyIhs0I98BxuDXEmXW2Y052vIsADUwBCb+wjM4SQPnZwVMP6Bq PPx56MXcJkkAnAK+8QXXf9+lqvqXmjH3VNj7d7SIu3GjPz63aTAj5nuBxAQTpFv8 oSQYsvUbuTDXzN2/Nqa6adW1RnPhT9yNsYQeUR2ZYgGPy+SuNhErWHAgdyIESpEv hFzr380FdSs= =Lpwe -----END PGP SIGNATURE-----