From aherron at kowabunga.com Sat Apr 1 00:45:09 2006
From: aherron at kowabunga.com (Andrew Herron)
Date: Sat Apr 1 02:26:23 2006
Subject: ASP Shell and GnuPG
Message-ID: <442DB0F5.3090909@kowabunga.com>
Hello all,
I'm trying to get GPG to work using the Wshell object in ASP. It
worked just fine on our Windows 2000 Server, however, after the recent
move to Windows 2003 Server, we're running into issues. I've verified
permissions on all files needed but when I run the command, I get an
error code 2 returned. Any help would be greatly appreciated, the code
used to test is below:
<%
Set WshShell = Server.CreateObject("Wscript.Shell")
command = "gpg --decrypt-files ""c:\inetpub\gpg\keytest.gpg"""
response.write "Exit Code: " & WshShell.run(command, 1, true) & "
"
set wshshell = nothing
%>
<%=command%>
done
Thanks.
Andrew Herron
From spacemarc at gmail.com Sat Apr 1 12:00:21 2006
From: spacemarc at gmail.com (spacemarc)
Date: Sat Apr 1 12:56:11 2006
Subject: Howto upgrade to 1.4.2.2 from 1.4.2
Message-ID: <200604011200.21757.spacemarc@gmail.com>
Hi
I have gpg 1.4.2 on Mandriva linux and I would upgrade it to new 1.4.2.2.
How to do?
Which syntax must I use?
thanks!
From feitao at msn.com Sat Apr 1 21:12:42 2006
From: feitao at msn.com (feitao)
Date: Sat Apr 1 22:56:22 2006
Subject: ElGamal: key length vs performance
Message-ID:
Hi,
As I understand, by default, GunPG uses ElGamal to encrypt/decrypt files,
and the recommended key length is 1024 bit. Is there any information on how
encryption/decryption time changes with the key length? Thanks a lot,
From johnmoore3rd at joimail.com Sat Apr 1 23:10:01 2006
From: johnmoore3rd at joimail.com (John W. Moore III)
Date: Sat Apr 1 23:09:36 2006
Subject: ElGamal: key length vs performance
In-Reply-To:
References:
Message-ID: <442EEC29.6080303@joimail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
feitao wrote:
> Hi,
>
> As I understand, by default, GunPG uses ElGamal to encrypt/decrypt files,
> and the recommended key length is 1024 bit. Is there any information on how
> encryption/decryption time changes with the key length? Thanks a lot,
FWIW, the larger the size of the Key being used the "longer" the time
required. However, unless you're using a Processor older than Pentium
III I doubt that it would be obvious to the User. Of course, the
difference between using a 1024 Key and an 8192 Key *would* be noticeable.
I am not quite certain where you understand ElGamal is the 'Default'
since it is possible to generate an RSA encryption Key and many folks do.
JOHN :-\
Timestamp: Saturday 01 Apr 2006, 16:09 --500 (Eastern Standard Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3-cvs4086: (MingW32)
Comment: Public Key at: http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org
Comment: Homepage: http://tinyurl.com/9ubue
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBCAAGBQJELuwnAAoJEBCGy9eAtCsP0AwH/3V95ipjY/un7sDUT5tS4eoz
IeGWXwT3PMvh4/+h+Dhn9wK7LJPfh6+p+7Eg8K8tlSYQhhYcTi9ZPUgyLTfEKi6w
SqJj8P7Y5cuiReG15zXwanKHyWGsZrYty5LAkFC4DFrzvR4nfT3nAqrIK7CndzUV
YD7gbKki7REjoKykn23NlAb73nj3J/QiHob5fjgNWMmOBzkauCbhgW96sXqpZM3/
qriVOng6+NHYVa6+KymWVFMn2nphBIU5vp30KTvpwu14bgrLIZ8qv070lCHr7XLv
QjoTHdy0sox7K6FJOVFh0Wkmk40mp+o6cf2EYpouTgs+Vdk2PwAJ9xElvaQvf+c=
=VwD5
-----END PGP SIGNATURE-----
From rjh at sixdemonbag.org Sun Apr 2 00:08:29 2006
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sun Apr 2 00:07:46 2006
Subject: ElGamal: key length vs performance
In-Reply-To:
References:
Message-ID: <442EF9DD.2000305@sixdemonbag.org>
feitao wrote:
> As I understand, by default, GunPG uses ElGamal to encrypt/decrypt files,
> and the recommended key length is 1024 bit. Is there any information on how
> encryption/decryption time changes with the key length? Thanks a lot,
This one can best be answered with a giant "it depends".
GnuPG is a hybrid cryptosystem. It uses both symmetric and asymmetric
cryptography to encrypt your file. The asymmetric component is going to
be dog slow, but the good news is that only a few bytes of data are
encrypted with it. The rest of your file is decrypted using symmetric
crypto, which is really quite fast.
For small files, the asymmetric component will take up most of the time
and it makes sense to ask how encryption/decryption times vary with key
lengths. For large files, the symmetric component will dominate, and it
won't make sense to ask how encryption/decryption times vary with key
lengths.
The best general advice I can give you is "this isn't something you need
to worry about". Even with a 4kbit key on an old Pentium-II, the
asymmetric operations are fairly brisk. It's quite usable.
From dshaw at jabberwocky.com Sun Apr 2 00:53:15 2006
From: dshaw at jabberwocky.com (David Shaw)
Date: Sun Apr 2 00:52:33 2006
Subject: ElGamal: key length vs performance
In-Reply-To: <000601c655c0$400c7d80$a3292480@yale95629b92ac>
References: <000601c655c0$400c7d80$a3292480@yale95629b92ac>
Message-ID: <20060401225315.GB9337@jabberwocky.com>
On Sat, Apr 01, 2006 at 02:12:42PM -0500, feitao wrote:
> Hi,
>
> As I understand, by default, GunPG uses ElGamal to encrypt/decrypt files,
> and the recommended key length is 1024 bit. Is there any information on how
> encryption/decryption time changes with the key length? Thanks a lot,
Not significantly. GnuPG uses Elgamal to encrypt a session key, which
is only around 16-32 bytes long. That's not going to change much
regardless of the key length. If you were encrypting many files over
and over again, perhaps, but most people never notice it in practice.
The performance between different ciphers (3DES, AES, CAST5, etc) is
where you might see something, and it will vary over different sized
files to encrypt.
David
From arildbjork at yahoo.no Sun Apr 2 08:21:29 2006
From: arildbjork at yahoo.no (Arild Bjørk)
Date: Sun Apr 2 09:56:22 2006
Subject: ElGamal: key length vs performance
In-Reply-To: <20060401225315.GB9337@jabberwocky.com>
Message-ID: <20060402062129.78940.qmail@web26201.mail.ukl.yahoo.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
- --- David Shaw wrote:
> The performance between different ciphers (3DES, AES, CAST5,
etc) is
> where you might see something, and it will vary over different
sized
> files to encrypt.
As an indication of the speed of the ciphers you should download
and install Truecrypt from www.truecrypt.org. Under the menu
Tools you'll find Benchmark which reports the speed for the
ciphers in ram. 3DES is the slowest. Blowfish seems to be the
fastest.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32) - GPGshell v3.51
iD8DBQFEL21ln1hjZcCMxG0RA5s+AJ9iWFtknJ7Ea6LGn585mWef3kTEPACfea/a
nG3Q9of43F8jn8w3TX3+GRQ=
=McPn
-----END PGP SIGNATURE-----
From malayter at gmail.com Sun Apr 2 16:37:29 2006
From: malayter at gmail.com (Ryan Malayter)
Date: Sun Apr 2 16:36:44 2006
Subject: ElGamal: key length vs performance
In-Reply-To: <442FBCC7.6070705@tiscali.it>
References: <20060402062129.78940.qmail@web26201.mail.ukl.yahoo.com>
<442FBCC7.6070705@tiscali.it>
Message-ID: <5d7f07420604020737x44b6b497ge7ec18000824da19@mail.gmail.com>
On 4/2/06, Qed wrote:
> Different implementations => different speeds.
> You cannot rely on a particular piece software to infer general
> performance figures for crypto algos.
This is very true. In my tests, for example, AES implementation in
GnuPG runs far slower than the implementation used in TrueCrypt, 7zip
or a number of other x86-specific programs.
I mentioned this speed difference to Werner a while back, and he
explained GnuPG has to work on many platforms, so using code optimized
for x86 - even if it is C-code optimized for x86 - isn't going to
happen. Which makes sense.
The easiest way to test is to simply encrypt the same file several
times using different --cipher-algo parameters on the command line. My
tests on Pentium 4s showed CAST5 to be the fastest algorithm in GnuPG
on that platform, but your own hardware is different, you should run
your own tests.
See this discussion at:
http://lists.gnupg.org/pipermail/gnupg-users/2005-August/026315.html
From rjh at sixdemonbag.org Mon Apr 3 01:05:00 2006
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon Apr 3 02:05:07 2006
Subject: Meaning of rvk in --fixed-list-mode?
Message-ID: <4430589C.5050801@sixdemonbag.org>
When looking over the output of --fixed-list-mode --with-colons
--list-sig, I discovered that one key which has a designated revoker
listed did not have a "rvk:" row in the key output.
According to doc/DETAILS, rvk is used to designate revocation keys.
So... what am I missing here? What are the precise semantics for rvk?
From dshaw at jabberwocky.com Mon Apr 3 04:00:21 2006
From: dshaw at jabberwocky.com (David Shaw)
Date: Mon Apr 3 03:59:42 2006
Subject: Meaning of rvk in --fixed-list-mode?
In-Reply-To: <4430589C.5050801@sixdemonbag.org>
References: <4430589C.5050801@sixdemonbag.org>
Message-ID: <20060403020021.GA11021@jabberwocky.com>
On Sun, Apr 02, 2006 at 06:05:00PM -0500, Robert J. Hansen wrote:
> When looking over the output of --fixed-list-mode --with-colons
> --list-sig, I discovered that one key which has a designated revoker
> listed did not have a "rvk:" row in the key output.
What key?
David
From jharris at widomaker.com Mon Apr 3 04:14:31 2006
From: jharris at widomaker.com (Jason Harris)
Date: Mon Apr 3 04:14:12 2006
Subject: new (2006-04-02) keyanalyze results (+sigcheck)
Message-ID: <20060403021431.GA1459@wilma.widomaker.com>
New keyanalyze results are available at:
http://keyserver.kjsl.com/~jharris/ka/2006-04-02/
Signatures are now being checked using keyanalyze+sigcheck:
http://dtype.org/~aaronl/
Earlier reports are also available, for comparison:
http://keyserver.kjsl.com/~jharris/ka/
Even earlier monthly reports are at:
http://dtype.org/keyanalyze/
SHA-1 hashes and sizes for all the "permanent" files:
38a0d350dc25d454aacbce078c4954cd14d45e18 13539528 preprocess.keys
45b8373dc5d0048206082d34c5236fd2e02e425e 8101039 othersets.txt
0dd567fd081b28f3eba62f0519a1cbb566d95c38 3313300 msd-sorted.txt
a751f9d5477744a4f5e5ce6ebad6a60908e317ee 1372 index.html
aa29a3e356b00c7eef2956ca8afd2889357f5d80 2290 keyring_stats
52150a26b5eca5c9877d79d60f824e60e8c984c2 1300853 msd-sorted.txt.bz2
9694659c3b5c1d60068de2deb0f04f36de1dd993 26 other.txt
d633f82621242679da179b4a7e65b6da34bb6e19 1753509 othersets.txt.bz2
0f4307256d93d8c72e996a187ce00ae1168d9a10 5484635 preprocess.keys.bz2
4e0ae351533434cf05b81704ca465d0920902e4c 13791 status.txt
bb400bee4ee400ebcf9efa585d84bff9579034a9 209785 top1000table.html
0f21e259655d76a377c7bd2a879d492c1cd508bf 29891 top1000table.html.gz
5883bd1406c034432ec60637cb2619da9a1e7c39 10776 top50table.html
ead1d8416085827976f5ed9a9e88bb819650a0fa 2544 D3/D39DA0E3
--
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/
Got photons? (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 315 bytes
Desc: not available
Url : /pipermail/attachments/20060402/698e2d83/attachment.pgp
From wk at gnupg.org Mon Apr 3 08:50:26 2006
From: wk at gnupg.org (Werner Koch)
Date: Mon Apr 3 08:57:03 2006
Subject: ElGamal: key length vs performance
In-Reply-To: <442FBCC7.6070705@tiscali.it> (qed@tiscali.it's message of "Sun,
02 Apr 2006 14:00:07 +0200")
References: <20060402062129.78940.qmail@web26201.mail.ukl.yahoo.com>
<442FBCC7.6070705@tiscali.it>
Message-ID: <87hd5b2lvx.fsf@wheatstone.g10code.de>
On Sun, 02 Apr 2006 14:00:07 +0200, Qed said:
> Different implementations => different speeds.
> You cannot rely on a particular piece software to infer general
> performance figures for crypto algos.
Here are some figures from libgcrypt which uses the same
implementation as gnupg does. CFB mode is used by OpenPGP. The
numbers are for 10^6 bytes encryption/decryption including key setup
for each. CPU is a Pentium M at 1500MHz.
ECB CBC CFB
--------------- --------------- ---------------
3DES 120ms 120ms 130ms 130ms 130ms 120ms
CAST5 40ms 30ms 50ms 60ms 40ms 50ms
BLOWFISH 50ms 50ms 60ms 70ms 60ms 60ms
AES 30ms 30ms 40ms 40ms 30ms 40ms
AES192 30ms 30ms 40ms 50ms 40ms 40ms
AES256 30ms 40ms 50ms 40ms 50ms 40ms
TWOFISH 40ms 30ms 50ms 40ms 40ms 50ms
DES 50ms 60ms 70ms 70ms 60ms 70ms
TWOFISH128 40ms 30ms 50ms 40ms 40ms 40ms
SERPENT128 90ms 90ms 100ms 100ms 100ms 100ms
SERPENT192 90ms 90ms 100ms 100ms 100ms 90ms
SERPENT256 90ms 90ms 100ms 100ms 100ms 100ms
RFC2268_40 120ms 70ms 130ms 90ms 130ms 120ms
Shalom-Salam,
Werner
From shavital at mac.com Mon Apr 3 10:43:44 2006
From: shavital at mac.com (Charly Avital)
Date: Mon Apr 3 10:43:20 2006
Subject: GnuPG 1.9.20 on MacOS X - Question about agent
Message-ID: <4430E040.5040302@mac.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Thanks to the patches posted by Remco Post in this forum, for libksba
and gnupg 1.9.20, I could have the latter configured for:
Platform: Darwin (powerpc-apple-darwin8.5.0)
OpenPGP: no
S/MIME: yes
Agent: yes
Smartcard: yes
Protect tool: (default)
Default agent: (default)
Default pinentry: (default)
Default scdaemon: (default)
Default dirmngr: (default)
PKITS based tests: no
But 'make' posts the warning:
- ----------
gpgparsemail.c:150: error: static declaration of 'stpcpy' follows
non-static declaration
gpgparsemail.c: In function 'parse_message':
gpgparsemail.c:603: warning: pointer targets in passing argument 2 of
'rfc822parse_insert' differ in signedness
make[1]: *** [gpgparsemail.o] Error 1
make: *** [check-recursive] Error 1
- ----------------
and of course 'sudo make install' warns:
- -------
then mv -f ".deps/gpgparsemail.Tpo" ".deps/gpgparsemail.Po"; else rm -f
".deps/gpgparsemail.Tpo"; exit 1; fi
gpgparsemail.c:150: error: static declaration of 'stpcpy' follows
non-static declaration
gpgparsemail.c: In function 'parse_message':
gpgparsemail.c:603: warning: pointer targets in passing argument 2 of
'rfc822parse_insert' differ in signedness
make[1]: *** [gpgparsemail.o] Error 1
make: *** [install-recursive] Error 1
- ---------------
Running MacOS X 10.4.5, gpg 1.4.2.2, S/MIME works correctly,
But when I enable the use of agent in gpg.conf and in the MUA
(Thunderbird 1.5+enigmail 0.94.0) I get a warning that the passphrase is
not correct.
Is this because of the 'parse_message' error, and if so, how could I remedy?
Thanks, and sorry for cross posting
Charly
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: GnuPG for Privacy
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIVAwUBRDDgO269XHxycyfPAQjMGA/+PQ8Tjm/rydR5LTI4yyg8Hl0vQmZYsBL2
3oex/R3aZwCSI6whG+D3x8YVQ/evyD0yAAuKhqD5SeYBXeEvi71/vteAeKtXvgVG
8YG4iuF/Ld4smhQnZlOtoSVyGJbZE2hfkQ/PCOnP8rRm2/vZCfitAISMbi2AnL6D
3tqASibokmDMePzlUSeMw5lWmlm0a1Aw53fo0dYGMDF/p4R6eISEq9iTeJFLEqp7
Z3NXuuBRccd20LBNLz3ROIY7yeWHZZ26TmWm3BgY8L2CqxV9WHjoF/OUsDI98+3r
Vd1Ug/ZyGtKhsiPXnEA1qSemEZVCc8oJWEDYSrjYklOXSCxvpkaEDM25tndpaWND
JRYuHfbHtanMgdqzgwbbcUfSZ4+Tg94OHG9UJgt0+jyyXd0hc1z05QiXy+31KqNn
7l8JwVkbgQngFXYO9RkhXU0VI0lccvz5lfr7/GpkFohJgPnl+ScFz6L9FPgMOWS0
FQUvjBngqG5OFzzbdZKF3Ly1io4X+b0kYFLItuv4BQ869h+UZ1ATiuZUZ1ScQSu7
eQVud3yku0JlSCWTDylNtw+idtCmSQlw9xZ/bA3a9Abbgh3EcejDWrdHMTU+0ofx
z+g2ffoPg6FvFnkMpJUVOK9ViL9mcoYlkcLE6hkp05q6J/0YAicCi1DtQ+3jd01J
ZlR8zfd2EWk=
=Cx5G
-----END PGP SIGNATURE-----
From wk at gnupg.org Mon Apr 3 14:13:15 2006
From: wk at gnupg.org (Werner Koch)
Date: Mon Apr 3 14:31:40 2006
Subject: [Announce] GnuPG 1.4.3 released
Message-ID: <87lkum26xw.fsf@wheatstone.g10code.de>
Skipped content of type multipart/signed-------------- next part --------------
_______________________________________________
Gnupg-announce mailing list
Gnupg-announce@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce
From shavital at mac.com Mon Apr 3 15:56:14 2006
From: shavital at mac.com (Charly Avital)
Date: Mon Apr 3 15:55:40 2006
Subject: [Announce] GnuPG 1.4.3 released
In-Reply-To: <87lkum26xw.fsf@wheatstone.g10code.de>
References: <87lkum26xw.fsf@wheatstone.g10code.de>
Message-ID: <4431297E.4050303@mac.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Compiled from source and installed under MacOS X 10.4.5 Darwin
(powerpc-apple-darwin8.5.0)
Thanks to the Team.
Charly
Thanks
Werner Koch wrote the following on 4/3/06 8:13 AM:
> Hello!
>
> We are pleased to announce the availability of a new stable GnuPG
> release: Version 1.4.3
>
[...]
>
> Thanks
> ======
>
> We have to thank all the people who helped with this release, be it
> testing, coding, translating, suggesting, auditing, administering the
> servers, spreading the word or answering questions on the mailing
> lists.
>
>
> Happy Hacking,
>
>
> The GnuPG Team (David, Werner and the other contributors)
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
Comment: GnuPG for Privacy
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIVAwUBRDEpc269XHxycyfPAQjTZA/+LqJhK8tL2yxMiEaTSCv28mriYrZnTbdj
B9ojxttdoD+fCbxJ9upGT+dJ2sfBaY4bhVp6FbNwEgAaehKdc3+mQC49iGWghh9B
3gnPoppDwK/82CiN+urXIGPf2yIIdbbOS7BKJDjBp5McvFemsRoH3FzXqfoPPBPd
eS0/IOTGUA/oN2moObjIW8jREmTIpjHA0nvihnSumHXKY8zv6rqk4rGHYWJt/Exr
9iujRF58iVcbgqwXL8/IN/NjdzSsQn54NhNB/SNd1tp6VDiYcP7w0dr9fMan9SwL
eUjX61MTBWX0XJMoW/dCEXzMJucitFjWO8fbsmE41fa7aAjQvzTmx7rmaiD+abgd
WP2mjX3n+S68BwTJfgbNaU0a6isxbVNYZGsWoxfdoF8/VEKRImL1KmZjESUCDa9h
BgbI644nCwPBsYZ0ZBMGjJ+0TxczLmcufSoIR1bsOWCQWlOWl0YJy1G/AGXQhyDR
XsMlsFElRCpSQB9VD3zyja/WDx4751ulW/LrZVdwfRnYtRupFdxSU8EP2uzHL6pU
kZjD1BvZX0dNG9xDQc3v9e2+OZiZkhAnlYhHFtUUGkx2m9RBWLv3yhpMjoy+Yzg/
kWLU3rIkg+OCNLaMcKO/Q/h5qBYO0ysHK8Z89ahjL6iUm7m+YwEckrwnuHDdyBNI
BCSkMS6oVRo=
=eNm7
-----END PGP SIGNATURE-----
From openmacnews at gmail.com Mon Apr 3 18:26:31 2006
From: openmacnews at gmail.com (OpenMacNews)
Date: Mon Apr 3 19:27:51 2006
Subject: gnupg 1.4.3 build fails @ 'make' on OSX 10.4.5,
unless "--disable-nls"
Message-ID: <44314CB7.9090207@gmail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
hi all.
1.4.2 was built/running OK on my OSX 10.4.5.
attempting the 1.4.3 build ...
./configure w/:
./configure \
--prefix=/usr/local \
--with-readline=/usr/local \
--with-zlib=/usr/local \
--with-libcurl=/usr/local/lib
results in a 'make' fail @:
...
Making all in tools
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../intl
- -L/usr/local/include -I/usr/local/include -I/usr/local/include
- -I/usr/local/include -g -O2 -Wall -Wno-pointer-sign -MT gpgsplit.o -MD
- -MP -MF ".deps/gpgsplit.Tpo" -c -o gpgsplit.o gpgsplit.c; \
then mv -f ".deps/gpgsplit.Tpo" ".deps/gpgsplit.Po"; else rm -f
".deps/gpgsplit.Tpo"; exit 1; fi
gcc -g -O2 -Wall -Wno-pointer-sign -L/usr/local/lib -lreadline -lpcre
- -L/usr/local/lib -L/usr/local/lib -o gpgsplit gpgsplit.o
../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a -liconv -lintl
- -liconv -lc -lz -lbz2
/usr/bin/ld: multiple definitions of symbol _xfree
/usr/local/lib/libreadline.dylib(xmalloc.so) definition of _xfree
../util/libutil.a(memory.o) definition of _xfree in section (__TEXT,__text)
/usr/bin/ld: multiple definitions of symbol _xmalloc
/usr/local/lib/libreadline.dylib(xmalloc.so) definition of _xmalloc
../util/libutil.a(memory.o) definition of _xmalloc in section
(__TEXT,__text)
/usr/bin/ld: multiple definitions of symbol _xrealloc
/usr/local/lib/libreadline.dylib(xmalloc.so) definition of _xrealloc
../util/libutil.a(memory.o) definition of _xrealloc in section
(__TEXT,__text)
/usr/bin/ld: warning multiple definitions of symbol _locale_charset
/usr/lib/gcc/powerpc-apple-darwin8/4.0.1/../../../libiconv.dylib(localcharset.o)
definition of _locale_charset
/usr/local/lib/libintl.dylib(localcharset.o) definition of _locale_charset
collect2: ld returned 1 exit status
make[2]: *** [gpgsplit] Error 1
make[1]: *** [all-recursive] Error 1
make: *** [all] Error 2
DISABLING nls, as:
./configure \
--prefix=/usr/local \
--with-readline=/usr/local \
--with-zlib=/usr/local \
--with-libcurl=/usr/local/lib \
--disable-nls
howeverm results in a successful 'make'
fwiw, my /usr/local/lib/libintl.dylib is from a local install of GETTEXT
v0.14.5 ...
just starting to poke around as to what changed ... any suggestions?
richard
- --
/"\
\ / ASCII Ribbon Campaign
X against HTML email, vCards
/ \ & micro$oft attachments
[GPG] OpenMacNews at gmail dot com
fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
iEYEAREDAAYFAkQxTLYACgkQlffdvTZxCMZQQwCeOf4GaBR4/1SpSuzrb0EKQD2f
/KQAn20L+B/D2wRJZ3R7OuktFCeadvxm
=ChrY
-----END PGP SIGNATURE-----
From doczook at doczook.de Mon Apr 3 18:40:04 2006
From: doczook at doczook.de (Tobias Mummert)
Date: Mon Apr 3 19:56:29 2006
Subject: GnuPG 1.4.3 failed to compile
Message-ID: <20060403164004.GA12672@doczook.de>
Hi,
Debian vanilla, GCC 3.3.5, Kernel 2.6.16.1:
memory.c: In function `xrealloc':
memory.c:512: warning: implicit declaration of function `m_alloc_secure_clear'
memory.c:512: warning: assignment makes pointer from integer without a cast
memory.c:514: warning: implicit declaration of function `m_alloc_clear'
memory.c:514: warning: assignment makes pointer from integer without a cast
memory.c:517: warning: implicit declaration of function `m_free'
memory.c:520: warning: implicit declaration of function `m_alloc'
memory.c:520: warning: assignment makes pointer from integer without a cast
and
Making check in tools
make[1]: Entering directory `/root/tmp/gnupg-1.4.3/tools'
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../intl -g -O2 -Wall -MT gpgsplit.o -MD -MP -MF ".deps/gpgsplit.Tpo" -c -o gpgsplit.o gpgsplit.c; \
then mv -f ".deps/gpgsplit.Tpo" ".deps/gpgsplit.Po"; else rm -f ".deps/gpgsplit.Tpo"; exit 1; fi
gcc -g -O2 -Wall -o gpgsplit gpgsplit.o ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a -lz
../util/libutil.a(memory.o)(.text+0x2c3): In function `xrealloc':
/root/tmp/gnupg-1.4.3/util/memory.c:514: undefined reference to `m_alloc_clear'
../util/libutil.a(memory.o)(.text+0x2e9):/root/tmp/gnupg-1.4.3/util/memory.c:517: undefined reference to `m_free'
../util/libutil.a(memory.o)(.text+0x304):/root/tmp/gnupg-1.4.3/util/memory.c:512: undefined reference to `m_alloc_secure_clear'
../util/libutil.a(memory.o)(.text+0x314):/root/tmp/gnupg-1.4.3/util/memory.c:520: undefined reference to `m_alloc'
collect2: ld returned 1 exit status
make[1]: *** [gpgsplit] Error 1
make[1]: Leaving directory `/root/tmp/gnupg-1.4.3/tools'
make: *** [check-recursive] Error 1
Any ideas?
Thanks,
Tobias
--
Linux inside - Registered Linux User #268912
-------------- next part --------------
Making check in m4
make[1]: Entering directory `/root/tmp/gnupg-1.4.3/m4'
make[1]: Nothing to be done for `check'.
make[1]: Leaving directory `/root/tmp/gnupg-1.4.3/m4'
Making check in intl
make[1]: Entering directory `/root/tmp/gnupg-1.4.3/intl'
make[1]: Nothing to be done for `check'.
make[1]: Leaving directory `/root/tmp/gnupg-1.4.3/intl'
Making check in zlib
make[1]: Entering directory `/root/tmp/gnupg-1.4.3/zlib'
make[1]: Nothing to be done for `check'.
make[1]: Leaving directory `/root/tmp/gnupg-1.4.3/zlib'
Making check in util
make[1]: Entering directory `/root/tmp/gnupg-1.4.3/util'
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT logger.o -MD -MP -MF ".deps/logger.Tpo" -c -o logger.o logger.c; \
then mv -f ".deps/logger.Tpo" ".deps/logger.Po"; else rm -f ".deps/logger.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT fileutil.o -MD -MP -MF ".deps/fileutil.Tpo" -c -o fileutil.o fileutil.c; \
then mv -f ".deps/fileutil.Tpo" ".deps/fileutil.Po"; else rm -f ".deps/fileutil.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT miscutil.o -MD -MP -MF ".deps/miscutil.Tpo" -c -o miscutil.o miscutil.c; \
then mv -f ".deps/miscutil.Tpo" ".deps/miscutil.Po"; else rm -f ".deps/miscutil.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT strgutil.o -MD -MP -MF ".deps/strgutil.Tpo" -c -o strgutil.o strgutil.c; \
then mv -f ".deps/strgutil.Tpo" ".deps/strgutil.Po"; else rm -f ".deps/strgutil.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT ttyio.o -MD -MP -MF ".deps/ttyio.Tpo" -c -o ttyio.o ttyio.c; \
then mv -f ".deps/ttyio.Tpo" ".deps/ttyio.Po"; else rm -f ".deps/ttyio.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT argparse.o -MD -MP -MF ".deps/argparse.Tpo" -c -o argparse.o argparse.c; \
then mv -f ".deps/argparse.Tpo" ".deps/argparse.Po"; else rm -f ".deps/argparse.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT memory.o -MD -MP -MF ".deps/memory.Tpo" -c -o memory.o memory.c; \
then mv -f ".deps/memory.Tpo" ".deps/memory.Po"; else rm -f ".deps/memory.Tpo"; exit 1; fi
memory.c: In function `xrealloc':
memory.c:512: warning: implicit declaration of function `m_alloc_secure_clear'
memory.c:512: warning: assignment makes pointer from integer without a cast
memory.c:514: warning: implicit declaration of function `m_alloc_clear'
memory.c:514: warning: assignment makes pointer from integer without a cast
memory.c:517: warning: implicit declaration of function `m_free'
memory.c:520: warning: implicit declaration of function `m_alloc'
memory.c:520: warning: assignment makes pointer from integer without a cast
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT secmem.o -MD -MP -MF ".deps/secmem.Tpo" -c -o secmem.o secmem.c; \
then mv -f ".deps/secmem.Tpo" ".deps/secmem.Po"; else rm -f ".deps/secmem.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT errors.o -MD -MP -MF ".deps/errors.Tpo" -c -o errors.o errors.c; \
then mv -f ".deps/errors.Tpo" ".deps/errors.Po"; else rm -f ".deps/errors.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT iobuf.o -MD -MP -MF ".deps/iobuf.Tpo" -c -o iobuf.o iobuf.c; \
then mv -f ".deps/iobuf.Tpo" ".deps/iobuf.Po"; else rm -f ".deps/iobuf.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT dotlock.o -MD -MP -MF ".deps/dotlock.Tpo" -c -o dotlock.o dotlock.c; \
then mv -f ".deps/dotlock.Tpo" ".deps/dotlock.Po"; else rm -f ".deps/dotlock.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT http.o -MD -MP -MF ".deps/http.Tpo" -c -o http.o http.c; \
then mv -f ".deps/http.Tpo" ".deps/http.Po"; else rm -f ".deps/http.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT pka.o -MD -MP -MF ".deps/pka.Tpo" -c -o pka.o pka.c; \
then mv -f ".deps/pka.Tpo" ".deps/pka.Po"; else rm -f ".deps/pka.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT membuf.o -MD -MP -MF ".deps/membuf.Tpo" -c -o membuf.o membuf.c; \
then mv -f ".deps/membuf.Tpo" ".deps/membuf.Po"; else rm -f ".deps/membuf.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT cert.o -MD -MP -MF ".deps/cert.Tpo" -c -o cert.o cert.c; \
then mv -f ".deps/cert.Tpo" ".deps/cert.Po"; else rm -f ".deps/cert.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT assuan-buffer.o -MD -MP -MF ".deps/assuan-buffer.Tpo" -c -o assuan-buffer.o assuan-buffer.c; \
then mv -f ".deps/assuan-buffer.Tpo" ".deps/assuan-buffer.Po"; else rm -f ".deps/assuan-buffer.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT assuan-client.o -MD -MP -MF ".deps/assuan-client.Tpo" -c -o assuan-client.o assuan-client.c; \
then mv -f ".deps/assuan-client.Tpo" ".deps/assuan-client.Po"; else rm -f ".deps/assuan-client.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT assuan-errors.o -MD -MP -MF ".deps/assuan-errors.Tpo" -c -o assuan-errors.o assuan-errors.c; \
then mv -f ".deps/assuan-errors.Tpo" ".deps/assuan-errors.Po"; else rm -f ".deps/assuan-errors.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT assuan-logging.o -MD -MP -MF ".deps/assuan-logging.Tpo" -c -o assuan-logging.o assuan-logging.c; \
then mv -f ".deps/assuan-logging.Tpo" ".deps/assuan-logging.Po"; else rm -f ".deps/assuan-logging.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT assuan-socket-connect.o -MD -MP -MF ".deps/assuan-socket-connect.Tpo" -c -o assuan-socket-connect.o assuan-socket-connect.c; \
then mv -f ".deps/assuan-socket-connect.Tpo" ".deps/assuan-socket-connect.Po"; else rm -f ".deps/assuan-socket-connect.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT assuan-connect.o -MD -MP -MF ".deps/assuan-connect.Tpo" -c -o assuan-connect.o assuan-connect.c; \
then mv -f ".deps/assuan-connect.Tpo" ".deps/assuan-connect.Po"; else rm -f ".deps/assuan-connect.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT assuan-socket.o -MD -MP -MF ".deps/assuan-socket.Tpo" -c -o assuan-socket.o assuan-socket.c; \
then mv -f ".deps/assuan-socket.Tpo" ".deps/assuan-socket.Po"; else rm -f ".deps/assuan-socket.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT assuan-util.o -MD -MP -MF ".deps/assuan-util.Tpo" -c -o assuan-util.o assuan-util.c; \
then mv -f ".deps/assuan-util.Tpo" ".deps/assuan-util.Po"; else rm -f ".deps/assuan-util.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT srv.o -MD -MP -MF ".deps/srv.Tpo" -c -o srv.o srv.c; \
then mv -f ".deps/srv.Tpo" ".deps/srv.Po"; else rm -f ".deps/srv.Tpo"; exit 1; fi
rm -f libutil.a
ar cru libutil.a logger.o fileutil.o miscutil.o strgutil.o ttyio.o argparse.o memory.o secmem.o errors.o iobuf.o dotlock.o http.o pka.o membuf.o cert.o assuan-buffer.o assuan-client.o assuan-errors.o assuan-logging.o assuan-socket-connect.o assuan-connect.o assuan-socket.o assuan-util.o srv.o
ranlib libutil.a
make[1]: Leaving directory `/root/tmp/gnupg-1.4.3/util'
Making check in mpi
make[1]: Entering directory `/root/tmp/gnupg-1.4.3/mpi'
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -MT mpi-add.o -MD -MP -MF ".deps/mpi-add.Tpo" -c -o mpi-add.o mpi-add.c; \
then mv -f ".deps/mpi-add.Tpo" ".deps/mpi-add.Po"; else rm -f ".deps/mpi-add.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -MT mpi-bit.o -MD -MP -MF ".deps/mpi-bit.Tpo" -c -o mpi-bit.o mpi-bit.c; \
then mv -f ".deps/mpi-bit.Tpo" ".deps/mpi-bit.Po"; else rm -f ".deps/mpi-bit.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -MT mpi-cmp.o -MD -MP -MF ".deps/mpi-cmp.Tpo" -c -o mpi-cmp.o mpi-cmp.c; \
then mv -f ".deps/mpi-cmp.Tpo" ".deps/mpi-cmp.Po"; else rm -f ".deps/mpi-cmp.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -MT mpi-div.o -MD -MP -MF ".deps/mpi-div.Tpo" -c -o mpi-div.o mpi-div.c; \
then mv -f ".deps/mpi-div.Tpo" ".deps/mpi-div.Po"; else rm -f ".deps/mpi-div.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -MT mpi-gcd.o -MD -MP -MF ".deps/mpi-gcd.Tpo" -c -o mpi-gcd.o mpi-gcd.c; \
then mv -f ".deps/mpi-gcd.Tpo" ".deps/mpi-gcd.Po"; else rm -f ".deps/mpi-gcd.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -MT mpi-inline.o -MD -MP -MF ".deps/mpi-inline.Tpo" -c -o mpi-inline.o mpi-inline.c; \
then mv -f ".deps/mpi-inline.Tpo" ".deps/mpi-inline.Po"; else rm -f ".deps/mpi-inline.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -MT mpi-inv.o -MD -MP -MF ".deps/mpi-inv.Tpo" -c -o mpi-inv.o mpi-inv.c; \
then mv -f ".deps/mpi-inv.Tpo" ".deps/mpi-inv.Po"; else rm -f ".deps/mpi-inv.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -MT mpi-mul.o -MD -MP -MF ".deps/mpi-mul.Tpo" -c -o mpi-mul.o mpi-mul.c; \
then mv -f ".deps/mpi-mul.Tpo" ".deps/mpi-mul.Po"; else rm -f ".deps/mpi-mul.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -MT mpi-pow.o -MD -MP -MF ".deps/mpi-pow.Tpo" -c -o mpi-pow.o mpi-pow.c; \
then mv -f ".deps/mpi-pow.Tpo" ".deps/mpi-pow.Po"; else rm -f ".deps/mpi-pow.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -MT mpi-mpow.o -MD -MP -MF ".deps/mpi-mpow.Tpo" -c -o mpi-mpow.o mpi-mpow.c; \
then mv -f ".deps/mpi-mpow.Tpo" ".deps/mpi-mpow.Po"; else rm -f ".deps/mpi-mpow.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -MT mpi-scan.o -MD -MP -MF ".deps/mpi-scan.Tpo" -c -o mpi-scan.o mpi-scan.c; \
then mv -f ".deps/mpi-scan.Tpo" ".deps/mpi-scan.Po"; else rm -f ".deps/mpi-scan.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -MT mpicoder.o -MD -MP -MF ".deps/mpicoder.Tpo" -c -o mpicoder.o mpicoder.c; \
then mv -f ".deps/mpicoder.Tpo" ".deps/mpicoder.Po"; else rm -f ".deps/mpicoder.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -MT mpih-cmp.o -MD -MP -MF ".deps/mpih-cmp.Tpo" -c -o mpih-cmp.o mpih-cmp.c; \
then mv -f ".deps/mpih-cmp.Tpo" ".deps/mpih-cmp.Po"; else rm -f ".deps/mpih-cmp.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -MT mpih-div.o -MD -MP -MF ".deps/mpih-div.Tpo" -c -o mpih-div.o mpih-div.c; \
then mv -f ".deps/mpih-div.Tpo" ".deps/mpih-div.Po"; else rm -f ".deps/mpih-div.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -MT mpih-mul.o -MD -MP -MF ".deps/mpih-mul.Tpo" -c -o mpih-mul.o mpih-mul.c; \
then mv -f ".deps/mpih-mul.Tpo" ".deps/mpih-mul.Po"; else rm -f ".deps/mpih-mul.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -MT mpiutil.o -MD -MP -MF ".deps/mpiutil.Tpo" -c -o mpiutil.o mpiutil.c; \
then mv -f ".deps/mpiutil.Tpo" ".deps/mpiutil.Po"; else rm -f ".deps/mpiutil.Tpo"; exit 1; fi
gcc -E -I.. -I../include -DHAVE_CONFIG_H mpih-mul1.S | grep -v '^#' > _mpih-mul1.s
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -c _mpih-mul1.s
mv -f _mpih-mul1.o mpih-mul1.o
gcc -E -I.. -I../include -DHAVE_CONFIG_H mpih-mul2.S | grep -v '^#' > _mpih-mul2.s
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -c _mpih-mul2.s
mv -f _mpih-mul2.o mpih-mul2.o
gcc -E -I.. -I../include -DHAVE_CONFIG_H mpih-mul3.S | grep -v '^#' > _mpih-mul3.s
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -c _mpih-mul3.s
mv -f _mpih-mul3.o mpih-mul3.o
gcc -E -I.. -I../include -DHAVE_CONFIG_H mpih-add1.S | grep -v '^#' > _mpih-add1.s
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -c _mpih-add1.s
mv -f _mpih-add1.o mpih-add1.o
gcc -E -I.. -I../include -DHAVE_CONFIG_H mpih-sub1.S | grep -v '^#' > _mpih-sub1.s
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -c _mpih-sub1.s
mv -f _mpih-sub1.o mpih-sub1.o
gcc -E -I.. -I../include -DHAVE_CONFIG_H mpih-lshift.S | grep -v '^#' > _mpih-lshift.s
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -c _mpih-lshift.s
mv -f _mpih-lshift.o mpih-lshift.o
gcc -E -I.. -I../include -DHAVE_CONFIG_H mpih-rshift.S | grep -v '^#' > _mpih-rshift.s
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -c _mpih-rshift.s
mv -f _mpih-rshift.o mpih-rshift.o
rm -f libmpi.a
ar cru libmpi.a mpi-add.o mpi-bit.o mpi-cmp.o mpi-div.o mpi-gcd.o mpi-inline.o mpi-inv.o mpi-mul.o mpi-pow.o mpi-mpow.o mpi-scan.o mpicoder.o mpih-cmp.o mpih-div.o mpih-mul.o mpiutil.o mpih-mul1.o mpih-mul2.o mpih-mul3.o mpih-add1.o mpih-sub1.o mpih-lshift.o mpih-rshift.o
ranlib libmpi.a
make[1]: Leaving directory `/root/tmp/gnupg-1.4.3/mpi'
Making check in cipher
make[1]: Entering directory `/root/tmp/gnupg-1.4.3/cipher'
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT cipher.o -MD -MP -MF ".deps/cipher.Tpo" -c -o cipher.o cipher.c; \
then mv -f ".deps/cipher.Tpo" ".deps/cipher.Po"; else rm -f ".deps/cipher.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT pubkey.o -MD -MP -MF ".deps/pubkey.Tpo" -c -o pubkey.o pubkey.c; \
then mv -f ".deps/pubkey.Tpo" ".deps/pubkey.Po"; else rm -f ".deps/pubkey.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT md.o -MD -MP -MF ".deps/md.Tpo" -c -o md.o md.c; \
then mv -f ".deps/md.Tpo" ".deps/md.Po"; else rm -f ".deps/md.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT dynload.o -MD -MP -MF ".deps/dynload.Tpo" -c -o dynload.o dynload.c; \
then mv -f ".deps/dynload.Tpo" ".deps/dynload.Po"; else rm -f ".deps/dynload.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT des.o -MD -MP -MF ".deps/des.Tpo" -c -o des.o des.c; \
then mv -f ".deps/des.Tpo" ".deps/des.Po"; else rm -f ".deps/des.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT twofish.o -MD -MP -MF ".deps/twofish.Tpo" -c -o twofish.o twofish.c; \
then mv -f ".deps/twofish.Tpo" ".deps/twofish.Po"; else rm -f ".deps/twofish.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT blowfish.o -MD -MP -MF ".deps/blowfish.Tpo" -c -o blowfish.o blowfish.c; \
then mv -f ".deps/blowfish.Tpo" ".deps/blowfish.Po"; else rm -f ".deps/blowfish.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT cast5.o -MD -MP -MF ".deps/cast5.Tpo" -c -o cast5.o cast5.c; \
then mv -f ".deps/cast5.Tpo" ".deps/cast5.Po"; else rm -f ".deps/cast5.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT rijndael.o -MD -MP -MF ".deps/rijndael.Tpo" -c -o rijndael.o rijndael.c; \
then mv -f ".deps/rijndael.Tpo" ".deps/rijndael.Po"; else rm -f ".deps/rijndael.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT elgamal.o -MD -MP -MF ".deps/elgamal.Tpo" -c -o elgamal.o elgamal.c; \
then mv -f ".deps/elgamal.Tpo" ".deps/elgamal.Po"; else rm -f ".deps/elgamal.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT rsa.o -MD -MP -MF ".deps/rsa.Tpo" -c -o rsa.o rsa.c; \
then mv -f ".deps/rsa.Tpo" ".deps/rsa.Po"; else rm -f ".deps/rsa.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT primegen.o -MD -MP -MF ".deps/primegen.Tpo" -c -o primegen.o primegen.c; \
then mv -f ".deps/primegen.Tpo" ".deps/primegen.Po"; else rm -f ".deps/primegen.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT random.o -MD -MP -MF ".deps/random.Tpo" -c -o random.o random.c; \
then mv -f ".deps/random.Tpo" ".deps/random.Po"; else rm -f ".deps/random.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT dsa.o -MD -MP -MF ".deps/dsa.Tpo" -c -o dsa.o dsa.c; \
then mv -f ".deps/dsa.Tpo" ".deps/dsa.Po"; else rm -f ".deps/dsa.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT smallprime.o -MD -MP -MF ".deps/smallprime.Tpo" -c -o smallprime.o smallprime.c; \
then mv -f ".deps/smallprime.Tpo" ".deps/smallprime.Po"; else rm -f ".deps/smallprime.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT md5.o -MD -MP -MF ".deps/md5.Tpo" -c -o md5.o md5.c; \
then mv -f ".deps/md5.Tpo" ".deps/md5.Po"; else rm -f ".deps/md5.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT rmd160.o -MD -MP -MF ".deps/rmd160.Tpo" -c -o rmd160.o rmd160.c; \
then mv -f ".deps/rmd160.Tpo" ".deps/rmd160.Po"; else rm -f ".deps/rmd160.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT sha1.o -MD -MP -MF ".deps/sha1.Tpo" -c -o sha1.o sha1.c; \
then mv -f ".deps/sha1.Tpo" ".deps/sha1.Po"; else rm -f ".deps/sha1.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT sha256.o -MD -MP -MF ".deps/sha256.Tpo" -c -o sha256.o sha256.c; \
then mv -f ".deps/sha256.Tpo" ".deps/sha256.Po"; else rm -f ".deps/sha256.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT rndlinux.o -MD -MP -MF ".deps/rndlinux.Tpo" -c -o rndlinux.o rndlinux.c; \
then mv -f ".deps/rndlinux.Tpo" ".deps/rndlinux.Po"; else rm -f ".deps/rndlinux.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT sha512.o -MD -MP -MF ".deps/sha512.Tpo" -c -o sha512.o sha512.c; \
then mv -f ".deps/sha512.Tpo" ".deps/sha512.Po"; else rm -f ".deps/sha512.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -MT idea-stub.o -MD -MP -MF ".deps/idea-stub.Tpo" -c -o idea-stub.o idea-stub.c; \
then mv -f ".deps/idea-stub.Tpo" ".deps/idea-stub.Po"; else rm -f ".deps/idea-stub.Tpo"; exit 1; fi
rm -f libcipher.a
ar cru libcipher.a cipher.o pubkey.o md.o dynload.o des.o twofish.o blowfish.o cast5.o rijndael.o elgamal.o rsa.o primegen.o random.o dsa.o smallprime.o md5.o rmd160.o sha1.o sha256.o rndlinux.o sha512.o idea-stub.o
ranlib libcipher.a
make[1]: Leaving directory `/root/tmp/gnupg-1.4.3/cipher'
Making check in tools
make[1]: Entering directory `/root/tmp/gnupg-1.4.3/tools'
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../intl -g -O2 -Wall -MT gpgsplit.o -MD -MP -MF ".deps/gpgsplit.Tpo" -c -o gpgsplit.o gpgsplit.c; \
then mv -f ".deps/gpgsplit.Tpo" ".deps/gpgsplit.Po"; else rm -f ".deps/gpgsplit.Tpo"; exit 1; fi
gcc -g -O2 -Wall -o gpgsplit gpgsplit.o ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a -lz
../util/libutil.a(memory.o)(.text+0x2c3): In function `xrealloc':
/root/tmp/gnupg-1.4.3/util/memory.c:514: undefined reference to `m_alloc_clear'
../util/libutil.a(memory.o)(.text+0x2e9):/root/tmp/gnupg-1.4.3/util/memory.c:517: undefined reference to `m_free'
../util/libutil.a(memory.o)(.text+0x304):/root/tmp/gnupg-1.4.3/util/memory.c:512: undefined reference to `m_alloc_secure_clear'
../util/libutil.a(memory.o)(.text+0x314):/root/tmp/gnupg-1.4.3/util/memory.c:520: undefined reference to `m_alloc'
collect2: ld returned 1 exit status
make[1]: *** [gpgsplit] Error 1
make[1]: Leaving directory `/root/tmp/gnupg-1.4.3/tools'
make: *** [check-recursive] Error 1
From dshaw at jabberwocky.com Mon Apr 3 20:54:22 2006
From: dshaw at jabberwocky.com (David Shaw)
Date: Mon Apr 3 20:53:33 2006
Subject: GnuPG 1.4.3 failed to compile
In-Reply-To: <20060403164004.GA12672@doczook.de>
References: <20060403164004.GA12672@doczook.de>
Message-ID: <20060403185422.GB24395@jabberwocky.com>
On Mon, Apr 03, 2006 at 06:40:04PM +0200, Tobias Mummert wrote:
> Hi,
>
> Debian vanilla, GCC 3.3.5, Kernel 2.6.16.1:
>
> memory.c: In function `xrealloc':
> memory.c:512: warning: implicit declaration of function `m_alloc_secure_clear'
> memory.c:512: warning: assignment makes pointer from integer without a cast
> memory.c:514: warning: implicit declaration of function `m_alloc_clear'
> memory.c:514: warning: assignment makes pointer from integer without a cast
> memory.c:517: warning: implicit declaration of function `m_free'
> memory.c:520: warning: implicit declaration of function `m_alloc'
> memory.c:520: warning: assignment makes pointer from integer without a cast
Looks like you're building with --enable-m-guard. Try turning it off.
David
From dshaw at jabberwocky.com Tue Apr 4 00:16:25 2006
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue Apr 4 00:15:45 2006
Subject: gnupg 1.4.3 build fails @ 'make' on OSX 10.4.5,
unless "--disable-nls"
In-Reply-To: <44314CB7.9090207@gmail.com>
References: <44314CB7.9090207@gmail.com>
Message-ID: <20060403221625.GD24395@jabberwocky.com>
On Mon, Apr 03, 2006 at 09:26:31AM -0700, OpenMacNews wrote:
> hi all.
>
> 1.4.2 was built/running OK on my OSX 10.4.5.
>
> attempting the 1.4.3 build ...
>
> ./configure w/:
>
> ./configure \
> --prefix=/usr/local \
> --with-readline=/usr/local \
> --with-zlib=/usr/local \
> --with-libcurl=/usr/local/lib
>
> results in a 'make' fail @:
>
> ...
> Making all in tools
> if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../intl
> -L/usr/local/include -I/usr/local/include -I/usr/local/include
> -I/usr/local/include -g -O2 -Wall -Wno-pointer-sign -MT gpgsplit.o -MD
> -MP -MF ".deps/gpgsplit.Tpo" -c -o gpgsplit.o gpgsplit.c; \
> then mv -f ".deps/gpgsplit.Tpo" ".deps/gpgsplit.Po"; else rm -f
> ".deps/gpgsplit.Tpo"; exit 1; fi
> gcc -g -O2 -Wall -Wno-pointer-sign -L/usr/local/lib -lreadline -lpcre
> -L/usr/local/lib -L/usr/local/lib -o gpgsplit gpgsplit.o
> ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a -liconv -lintl
> -liconv -lc -lz -lbz2
> /usr/bin/ld: multiple definitions of symbol _xfree
> /usr/local/lib/libreadline.dylib(xmalloc.so) definition of _xfree
> ../util/libutil.a(memory.o) definition of _xfree in section (__TEXT,__text)
> /usr/bin/ld: multiple definitions of symbol _xmalloc
> /usr/local/lib/libreadline.dylib(xmalloc.so) definition of _xmalloc
> ../util/libutil.a(memory.o) definition of _xmalloc in section
> (__TEXT,__text)
> /usr/bin/ld: multiple definitions of symbol _xrealloc
> /usr/local/lib/libreadline.dylib(xmalloc.so) definition of _xrealloc
> ../util/libutil.a(memory.o) definition of _xrealloc in section
> (__TEXT,__text)
> /usr/bin/ld: warning multiple definitions of symbol _locale_charset
> /usr/lib/gcc/powerpc-apple-darwin8/4.0.1/../../../libiconv.dylib(localcharset.o)
> definition of _locale_charset
> /usr/local/lib/libintl.dylib(localcharset.o) definition of _locale_charset
This one doesn't seem related to GnuPG: you installed a a new gettext
and it's conflicting with the Apple-shipped iconv.
What happens if you build with --with-included-gettext ?
David
From openmacnews at gmail.com Tue Apr 4 01:20:43 2006
From: openmacnews at gmail.com (OpenMacNews)
Date: Tue Apr 4 01:20:00 2006
Subject: gnupg 1.4.3 build fails @ 'make' on OSX 10.4.5,
unless "--disable-nls"
In-Reply-To: <20060403221625.GD24395@jabberwocky.com>
References: <44314CB7.9090207@gmail.com>
<20060403221625.GD24395@jabberwocky.com>
Message-ID: <4431ADCB.7050408@gmail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
david,
and a little more info ... per request:
> What happens if you build with --with-included-gettext ?
configuring 143 as:
./configure \
--prefix=/usr/local/gpg143 \
--with-readline=/usr/local \
--with-zlib=/usr/local \
--with-libcurl=/usr/local/lib \
--with-included-gettext
also fails @:
...
Making all in tools
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../intl
- -L/usr/local/include -I/usr/local/include -I/usr/local/include -g -O2
- -Wall -Wno-pointer-sign -MT gpgsplit.o -MD -MP -MF ".deps/gpgsplit.Tpo"
- -c -o gpgsplit.o gpgsplit.c; \
then mv -f ".deps/gpgsplit.Tpo" ".deps/gpgsplit.Po"; else rm -f
".deps/gpgsplit.Tpo"; exit 1; fi
gcc -g -O2 -Wall -Wno-pointer-sign -L/usr/local/lib -lreadline -lpcre
- -L/usr/local/lib -L/usr/local/lib -o gpgsplit gpgsplit.o
../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a -liconv
../intl/libintl.a -liconv -lz -lbz2
/usr/bin/ld: multiple definitions of symbol _xfree
/usr/local/lib/libreadline.dylib(xmalloc.so) definition of _xfree
../util/libutil.a(memory.o) definition of _xfree in section (__TEXT,__text)
/usr/bin/ld: multiple definitions of symbol _xmalloc
/usr/local/lib/libreadline.dylib(xmalloc.so) definition of _xmalloc
../util/libutil.a(memory.o) definition of _xmalloc in section
(__TEXT,__text)
/usr/bin/ld: multiple definitions of symbol _xrealloc
/usr/local/lib/libreadline.dylib(xmalloc.so) definition of _xrealloc
../util/libutil.a(memory.o) definition of _xrealloc in section
(__TEXT,__text)
collect2: ld returned 1 exit status
make[2]: *** [gpgsplit] Error 1
make[1]: *** [all-recursive] Error 1
make: *** [all] Error 2
- --
/"\
\ / ASCII Ribbon Campaign
X against HTML email, vCards
/ \ & micro$oft attachments
[GPG] OpenMacNews at gmail dot com
fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
iEYEAREDAAYFAkQxrcoACgkQlffdvTZxCMbPuQCeO06+IfaT/HzksBEksXTIjRM3
VFwAn2Iz5eo581L6/TO45q2LELbWcsKH
=7aAx
-----END PGP SIGNATURE-----
From openmacnews at gmail.com Tue Apr 4 01:07:49 2006
From: openmacnews at gmail.com (OpenMacNews)
Date: Tue Apr 4 02:11:09 2006
Subject: gnupg 1.4.3 build fails @ 'make' on OSX 10.4.5,
unless "--disable-nls"
In-Reply-To: <20060403221625.GD24395@jabberwocky.com>
References: <44314CB7.9090207@gmail.com>
<20060403221625.GD24395@jabberwocky.com>
Message-ID: <4431AAC5.305@gmail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
hi david,
>> 1.4.2 was built/running OK on my OSX 10.4.5.
>>
>> attempting the 1.4.3 build ...
>>
>> ./configure w/:
>>
>> ./configure \
>> --prefix=/usr/local \
>> --with-readline=/usr/local \
>> --with-zlib=/usr/local \
>> --with-libcurl=/usr/local/lib
>>
>> results in a 'make' fail @:
>>
>> ...
>> Making all in tools
>> if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../intl
>> -L/usr/local/include -I/usr/local/include -I/usr/local/include
>> -I/usr/local/include -g -O2 -Wall -Wno-pointer-sign -MT gpgsplit.o -MD
>> -MP -MF ".deps/gpgsplit.Tpo" -c -o gpgsplit.o gpgsplit.c; \
>> then mv -f ".deps/gpgsplit.Tpo" ".deps/gpgsplit.Po"; else rm -f
>> ".deps/gpgsplit.Tpo"; exit 1; fi
>> gcc -g -O2 -Wall -Wno-pointer-sign -L/usr/local/lib -lreadline -lpcre
>> -L/usr/local/lib -L/usr/local/lib -o gpgsplit gpgsplit.o
>> ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a -liconv -lintl
>> -liconv -lc -lz -lbz2
>> /usr/bin/ld: multiple definitions of symbol _xfree
>> /usr/local/lib/libreadline.dylib(xmalloc.so) definition of _xfree
>> ../util/libutil.a(memory.o) definition of _xfree in section (__TEXT,__text)
>> /usr/bin/ld: multiple definitions of symbol _xmalloc
>> /usr/local/lib/libreadline.dylib(xmalloc.so) definition of _xmalloc
>> ../util/libutil.a(memory.o) definition of _xmalloc in section
>> (__TEXT,__text)
>> /usr/bin/ld: multiple definitions of symbol _xrealloc
>> /usr/local/lib/libreadline.dylib(xmalloc.so) definition of _xrealloc
>> ../util/libutil.a(memory.o) definition of _xrealloc in section
>> (__TEXT,__text)
>> /usr/bin/ld: warning multiple definitions of symbol _locale_charset
>> /usr/lib/gcc/powerpc-apple-darwin8/4.0.1/../../../libiconv.dylib(localcharset.o)
>> definition of _locale_charset
>> /usr/local/lib/libintl.dylib(localcharset.o) definition of _locale_charset
>
> This one doesn't seem related to GnuPG: you installed a a new gettext
> and it's conflicting with the Apple-shipped iconv.
well, not exactly ... yes i see the conflict, but no, i did not install
a 'new' gettext ... its' the same one i've built 1.4.2.2 against.
> What happens if you build with --with-included-gettext ?
have not tried as yet, as it is/was working w/ 1.4.2.2:
otool -L /usr/local/bin/gpg
/usr/local/lib/libreadline.5.1.dylib (compatibility version 5.0.0,
current version 5.1.0)
/usr/local/lib/libpcre.0.dylib (compatibility version 1.0.0, current
version 1.1.0)
/usr/lib/libiconv.2.dylib (compatibility version 5.0.0, current version
5.0.0)
/usr/local/lib/libintl.3.dylib (compatibility version 8.0.0, current
version 8.3.0)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current
version 88.1.5)
/usr/local/lib/libz.1.dylib (compatibility version 1.0.0, current
version 1.2.3)
/usr/lib/libbz2.1.0.dylib (compatibility version 1.0.0, current version
1.0.2)
/usr/local/lib/libusb-0.1.4.dylib (compatibility version 9.0.0, current
version 9.4.0)
/usr/local/lib/libcurl.3.dylib (compatibility version 4.0.0, current
version 4.0.0)
/usr/local/lib/libidn.11.dylib (compatibility version 17.0.0, current
version 17.17.0)
/usr/local/ssl/lib/libssl.0.9.7.dylib (compatibility version 0.9.0,
current version 0.9.7)
/usr/local/ssl/lib/libcrypto.0.9.7.dylib (compatibility version 0.9.0,
current version 0.9.7)
/usr/lib/libgcc_s.1.dylib (compatibility version 1.0.0, current version
1.0.0)
richard
- --
/"\
\ / ASCII Ribbon Campaign
X against HTML email, vCards
/ \ & micro$oft attachments
[GPG] OpenMacNews at gmail dot com
fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
iEYEAREDAAYFAkQxqsUACgkQlffdvTZxCMbaLwCfetE2xRDKXWJqlAObLsaD3OhR
rocAoLq228yqLnWARSDopomLAHrBxS/A
=qme/
-----END PGP SIGNATURE-----
From dshaw at jabberwocky.com Tue Apr 4 03:03:22 2006
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue Apr 4 03:02:40 2006
Subject: gnupg 1.4.3 build fails @ 'make' on OSX 10.4.5,
unless "--disable-nls"
In-Reply-To: <4431AAC5.305@gmail.com>
References: <44314CB7.9090207@gmail.com>
<20060403221625.GD24395@jabberwocky.com> <4431AAC5.305@gmail.com>
Message-ID: <20060404010322.GA25488@jabberwocky.com>
On Mon, Apr 03, 2006 at 04:07:49PM -0700, OpenMacNews wrote:
> >> gcc -g -O2 -Wall -Wno-pointer-sign -L/usr/local/lib -lreadline -lpcre
> >> -L/usr/local/lib -L/usr/local/lib -o gpgsplit gpgsplit.o
> >> ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a -liconv -lintl
> >> -liconv -lc -lz -lbz2
> >> /usr/bin/ld: multiple definitions of symbol _xfree
> >> /usr/local/lib/libreadline.dylib(xmalloc.so) definition of _xfree
> >> ../util/libutil.a(memory.o) definition of _xfree in section (__TEXT,__text)
> >> /usr/bin/ld: multiple definitions of symbol _xmalloc
> >> /usr/local/lib/libreadline.dylib(xmalloc.so) definition of _xmalloc
> >> ../util/libutil.a(memory.o) definition of _xmalloc in section
> >> (__TEXT,__text)
> >> /usr/bin/ld: multiple definitions of symbol _xrealloc
> >> /usr/local/lib/libreadline.dylib(xmalloc.so) definition of _xrealloc
> >> ../util/libutil.a(memory.o) definition of _xrealloc in section
> >> (__TEXT,__text)
> >> /usr/bin/ld: warning multiple definitions of symbol _locale_charset
> >> /usr/lib/gcc/powerpc-apple-darwin8/4.0.1/../../../libiconv.dylib(localcharset.o)
> >> definition of _locale_charset
> >> /usr/local/lib/libintl.dylib(localcharset.o) definition of _locale_charset
> >
> > This one doesn't seem related to GnuPG: you installed a a new gettext
> > and it's conflicting with the Apple-shipped iconv.
>
> well, not exactly ... yes i see the conflict, but no, i did not install
> a 'new' gettext ... its' the same one i've built 1.4.2.2 against.
It was just luck that 1.4.3 triggers the failure and 1.4.2 doesn't.
The code in 1.4.3 is legal. Your library setup seems not to be.
I have a Tiger box and 1.4.3 builds fine. Even if I add readline, it
still builds fine. Maybe go to the Apple site and download the latest
build environment? Aside from that, I'm not sure what to suggest to
you aside from building without your added readline or with
--disable-nls, or maybe with --disable-gnupg-iconv
David
From openmacnews at gmail.com Tue Apr 4 03:26:28 2006
From: openmacnews at gmail.com (OpenMacNews)
Date: Tue Apr 4 03:25:43 2006
Subject: gnupg 1.4.3 build fails @ 'make' on OSX 10.4.5,
unless "--disable-nls"
In-Reply-To: <20060404010322.GA25488@jabberwocky.com>
References: <44314CB7.9090207@gmail.com> <20060403221625.GD24395@jabberwocky.com>
<4431AAC5.305@gmail.com> <20060404010322.GA25488@jabberwocky.com>
Message-ID: <4431CB44.3010703@gmail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
hi david,
> It was just luck that 1.4.3 triggers the failure and 1.4.2 doesn't.
> The code in 1.4.3 is legal. Your library setup seems not to be.
> I have a Tiger box and 1.4.3 builds fine. Even if I add readline, it
> still builds fine. Maybe go to the Apple site and download the latest
> build environment? Aside from that, I'm not sure what to suggest to
> you aside from building without your added readline or with
> --disable-nls, or maybe with --disable-gnupg-iconv
thx for your insights.
odd, tho, as i routinely use gettext & readline across *dozens* of other
builds/apps/etc, with nary a problem ... even with gpg for ages (lucky'
tho i may have been ...)
as for the build environment, mine's not simply up to date with apple's
latest (it is), but further, in keeping with most upt-to-date app/tool
releases. i kinda doubt 'too old' is the problem ...
i guess i'll be sticking with stable 1.4.2.2 for now.
thx again!
cheers,
richard
- --
/"\
\ / ASCII Ribbon Campaign
X against HTML email, vCards
/ \ & micro$oft attachments
[GPG] OpenMacNews at gmail dot com
fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
iEYEAREDAAYFAkQxy0QACgkQlffdvTZxCMbSxACfThWmPE6kr9nGXLu2+gcMIo1P
1wYAoIp5EQN3J1XuX8tuu3/Sx8tSQZQm
=34DK
-----END PGP SIGNATURE-----
From dshaw at jabberwocky.com Tue Apr 4 05:14:27 2006
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue Apr 4 05:14:04 2006
Subject: renewing of expired signatures
In-Reply-To: <200603292358.22537.pg@futureware.at>
References: <200603292358.22537.pg@futureware.at>
Message-ID: <20060404031427.GB25305@jabberwocky.com>
On Wed, Mar 29, 2006 at 11:58:19PM +0200, Philipp G?hring wrote:
> Hi,
>
> GnuPG has problems renewing expired signatures on keys, when the old signature
> (that already expired) is still on the key. The old expired signature is
> still on the key, and a new signature isn?t done when trying to renew it.
> The workaround is to manually remove the old signature before creating a new
> signature.
>
> Is this a bug or an intended feature?
It depends on what version of GnuPG you are talking about. For over
two years now, (since version 1.3.3 in October 2003), GnuPG will
prompt you with:
Your current signature on "(whatever)"
has expired.
Do you want to issue a new signature to replace the expired one? (y/N)
David
From doczook at doczook.de Tue Apr 4 07:17:46 2006
From: doczook at doczook.de (Tobias Mummert)
Date: Tue Apr 4 08:56:26 2006
Subject: GnuPG 1.4.3 failed to compile
In-Reply-To: <20060403185422.GB24395@jabberwocky.com>
References: <20060403164004.GA12672@doczook.de>
<20060403185422.GB24395@jabberwocky.com>
Message-ID: <20060404051746.GA31799@doczook.de>
* David Shaw [2006-04-03 20:54 CEST]:
> On Mon, Apr 03, 2006 at 06:40:04PM +0200, Tobias Mummert wrote:
> > Hi,
> >
> > Debian vanilla, GCC 3.3.5, Kernel 2.6.16.1:
> >
> > memory.c: In function `xrealloc':
> > memory.c:512: warning: implicit declaration of function `m_alloc_secure_clear'
> > memory.c:512: warning: assignment makes pointer from integer without a cast
> > memory.c:514: warning: implicit declaration of function `m_alloc_clear'
> > memory.c:514: warning: assignment makes pointer from integer without a cast
> > memory.c:517: warning: implicit declaration of function `m_free'
> > memory.c:520: warning: implicit declaration of function `m_alloc'
> > memory.c:520: warning: assignment makes pointer from integer without a cast
>
> Looks like you're building with --enable-m-guard. Try turning it off.
Thanks! Now it works.
BTW: Under kernel 2.6.15.7 it works with this option...
Tobias
--
"You've got to ask yourself one question: Do I feel lucky? Well do ya
punk?" - Clint Eastwood (Dirty Harry)
From peter at palfrader.org Tue Apr 4 20:25:01 2006
From: peter at palfrader.org (Peter Palfrader)
Date: Tue Apr 4 20:24:19 2006
Subject: dns cert support (was: GnuPG 1.4.3 released)
In-Reply-To: <87lkum26xw.fsf@wheatstone.g10code.de>
References: <87lkum26xw.fsf@wheatstone.g10code.de>
Message-ID: <20060404182501.GP32646@asteria.noreply.org>
On Mon, 03 Apr 2006, Werner Koch wrote:
> * New auto-key-locate option that takes an ordered list of methods
> to locate a key if it is not available at encryption time (-r or
> --recipient). Possible methods include "cert" (use DNS CERT as
> per RFC2538bis, "pka" (use DNS PKA), "ldap" (consult the LDAP
> server for the domain in question), "keyserver" (use the
> currently defined keyserver), as well as arbitrary keyserver
> URIs that will be contacted for the key.
>
> * Able to retrieve keys using DNS CERT records as per RFC-2538bis
> (currently in draft): http://www.josefsson.org/rfc2538bis
How would I try to retrieve the key for peter@palfrader.org from DNS[1]
using GnuPG's command line, other than simulating an encryption (like in
gpg --auto-key-locate cert --recipient peter@palfrader.org --encrypt)
to the user in question?
Also, is there a tool that produces a snippet which is ready for
inclusion into a zone file anywhere? Something similar to ssh-keygen
for SSHFP RRs:
weasel@galaxy:~$ ssh-keygen -r galaxy -f /etc/ssh/ssh_host_rsa_key -g
galaxy IN TYPE44 \# 22 01 01 40cc5559546421d15fe9c1064713636a02373ad2
weasel@galaxy:~$ ssh-keygen -r galaxy -f /etc/ssh/ssh_host_rsa_key
galaxy IN SSHFP 1 1 40cc5559546421d15fe9c1064713636a02373ad2
Cheers,
Peter
1. no, peter.palfrader.org. does not yet have a RR of type 37
From jkaye at celerasystems.com Tue Apr 4 19:21:02 2006
From: jkaye at celerasystems.com (anglotiger)
Date: Tue Apr 4 20:31:46 2006
Subject: PGP Encryption Problem
Message-ID: <3748759.post@talk.nabble.com>
Hi all,
Newbie here, so please forgive me if this is common knowledge, but this
problem is somewhat pressing...
I have created a key with GnuPG. I have exchanged keys and fingerprints
with someone using PGP 6.5. I can encrypt files and send them, and they can
decrypt them. But when they try to encrypt a file to send to me, they have
a problem with my key:
sig? 0x00000000 (Unknown signator, can't be checked)
This sounds like the key is unsigned, but I thought it was signed by default
with the --gen-key. When I try to edit the key, it tells me:
"my key ID here" was already signed by key C4BB37C2
Nothing to sign with key C4BB37C2
In fact, when I create and send a new key, they try to import it and see the
following:
Looking for new keys...
DSS 1024 0xFBE42E2A 2006/03/31
keyfile contains 1 new keys. Add these keys to keyring ''? (Y/n) Y
Keyfile contains:
1 new key(s)
One or more of the new keys are not fully certified.
Do you want to certify any of these keys yourself (y/N)? y
Key for user ID:
1024-bit DSS key, Key ID 0xFBE42E2A, created 2006/03/31
Users cannot encrypt to this key.
Any thoughts/advice/instruction would be extremely welcome...
Thanks.
--
View this message in context: http://www.nabble.com/PGP-Encryption-Problem-t1394352.html#a3748759
Sent from the GnuPG - User forum at Nabble.com.
From jkaye at celerasystems.com Tue Apr 4 19:21:02 2006
From: jkaye at celerasystems.com (anglotiger)
Date: Tue Apr 4 20:56:09 2006
Subject: PGP Encryption Problem
Message-ID: <3748759.post@talk.nabble.com>
Hi all,
Newbie here, so please forgive me if this is common knowledge, but this
problem is somewhat pressing...
I have created a key with GnuPG. I have exchanged keys and fingerprints
with someone using PGP 6.5. I can encrypt files and send them, and they can
decrypt them. But when they try to encrypt a file to send to me, they have
a problem with my key:
sig? 0x00000000 (Unknown signator, can't be checked)
This sounds like the key is unsigned, but I thought it was signed by default
with the --gen-key. When I try to edit the key, it tells me:
"my key ID here" was already signed by key C4BB83C2
Nothing to sign with key C4BB37C2
In fact, when I create and send a new key, they try to import it and see the
following:
Looking for new keys...
DSS 1024 0xFBE42E2A 2006/03/31
keyfile contains 1 new keys. Add these keys to keyring ''? (Y/n) Y
Keyfile contains:
1 new key(s)
One or more of the new keys are not fully certified.
Do you want to certify any of these keys yourself (y/N)? y
Key for user ID:
1024-bit DSS key, Key ID 0xFBE42E2A, created 2006/03/31
Users cannot encrypt to this key.
Any thoughts/advice/instruction would be extremely welcome...
Thanks.
--
View this message in context: http://www.nabble.com/PGP-Encryption-Problem-t1394352.html#a3748759
Sent from the GnuPG - User forum at Nabble.com.
From dshaw at jabberwocky.com Tue Apr 4 23:57:07 2006
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue Apr 4 23:56:31 2006
Subject: dns cert support (was: GnuPG 1.4.3 released)
In-Reply-To: <20060404182501.GP32646@asteria.noreply.org>
References: <87lkum26xw.fsf@wheatstone.g10code.de>
<20060404182501.GP32646@asteria.noreply.org>
Message-ID: <20060404215707.GB31590@jabberwocky.com>
On Tue, Apr 04, 2006 at 08:25:01PM +0200, Peter Palfrader wrote:
> On Mon, 03 Apr 2006, Werner Koch wrote:
>
> > * New auto-key-locate option that takes an ordered list of methods
> > to locate a key if it is not available at encryption time (-r or
> > --recipient). Possible methods include "cert" (use DNS CERT as
> > per RFC2538bis, "pka" (use DNS PKA), "ldap" (consult the LDAP
> > server for the domain in question), "keyserver" (use the
> > currently defined keyserver), as well as arbitrary keyserver
> > URIs that will be contacted for the key.
> >
> > * Able to retrieve keys using DNS CERT records as per RFC-2538bis
> > (currently in draft): http://www.josefsson.org/rfc2538bis
>
> How would I try to retrieve the key for peter@palfrader.org from DNS[1]
> using GnuPG's command line, other than simulating an encryption (like in
> gpg --auto-key-locate cert --recipient peter@palfrader.org --encrypt)
> to the user in question?
While you could try and do some magic with piping the output of dig
into a script, at the moment, simulating an encryption is the only
easy way to do it directly from GnuPG. I do plan to have a
--locate-keys command to do this in the next version; I just didn't
want to delay the 1.4.3 release any further.
> Also, is there a tool that produces a snippet which is ready for
> inclusion into a zone file anywhere? Something similar to ssh-keygen
> for SSHFP RRs:
> weasel@galaxy:~$ ssh-keygen -r galaxy -f /etc/ssh/ssh_host_rsa_key -g
> galaxy IN TYPE44 \# 22 01 01 40cc5559546421d15fe9c1064713636a02373ad2
> weasel@galaxy:~$ ssh-keygen -r galaxy -f /etc/ssh/ssh_host_rsa_key
> galaxy IN SSHFP 1 1 40cc5559546421d15fe9c1064713636a02373ad2
Good idea. I just checked one in to the GnuPG SVN.
David
From arildbjork at yahoo.no Wed Apr 5 08:47:35 2006
From: arildbjork at yahoo.no (Arild Bjørk)
Date: Wed Apr 5 08:47:59 2006
Subject: gpg-zip?
Message-ID: <20060405064735.37663.qmail@web26202.mail.ukl.yahoo.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In news.txt there is a reference to gpg-zip:
* Added "gpg-zip", a program to create encrypted archives
that can
interoperate with PGP Zip.
I've searched the manual and the installation path for gnupg for
Windows and I can't find the program or find it mentioned in the
manual. Why isn't it included in the Windows version?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32) - GPGshell v3.50
iEYEARECAAYFAkQzaAEACgkQn1hjZcCMxG2WBwCfU7JpYZgOmcMZWYHlGXPaVZ4B
evYAnjgdWS2DvJqzV9kbX4xGu0zkcVDB
=7AX/
-----END PGP SIGNATURE-----
From gnupg-users=gnupg.org at lists.palfrader.org Wed Apr 5 10:02:28 2006
From: gnupg-users=gnupg.org at lists.palfrader.org (Peter Palfrader)
Date: Wed Apr 5 10:02:34 2006
Subject: dns cert support
In-Reply-To: <20060404215707.GB31590@jabberwocky.com>
References: <87lkum26xw.fsf@wheatstone.g10code.de>
<20060404182501.GP32646@asteria.noreply.org>
<20060404215707.GB31590@jabberwocky.com>
Message-ID: <20060405080228.GQ32646@asteria.noreply.org>
On Tue, 04 Apr 2006, David Shaw wrote:
> > Also, is there a tool that produces a snippet which is ready for
> > inclusion into a zone file anywhere? Something similar to ssh-keygen
> > for SSHFP RRs:
> > weasel@galaxy:~$ ssh-keygen -r galaxy -f /etc/ssh/ssh_host_rsa_key -g
> > galaxy IN TYPE44 \# 22 01 01 40cc5559546421d15fe9c1064713636a02373ad2
> > weasel@galaxy:~$ ssh-keygen -r galaxy -f /etc/ssh/ssh_host_rsa_key
> > galaxy IN SSHFP 1 1 40cc5559546421d15fe9c1064713636a02373ad2
>
> Good idea. I just checked one in to the GnuPG SVN.
It seems it considers whitespace part of the fpr when creating IPGP
data.
For instance:
| weasel@galaxy:~/local/src/gnupg/gnupg14/tools$ ./make-dns-cert -f '5B00 C96D 5D54 AEE1 206B AF84 DE7A AF6E 94C0 9C7F' -n foo
| foo TYPE37 \# 31 0006 0000 00 19 5B00 C96D 5D54 AEE1 206B AF84 DE7A AF6E 94C0 9C7F
^^
| weasel@galaxy:~/local/src/gnupg/gnupg14/tools$ ./make-dns-cert -f '5B00 C96D 5D54 AEE1 206B AF84 DE7A AF6E94C09C7F' -n foo
| foo TYPE37 \# 30 0006 0000 00 18 5B00 C96D 5D54 AEE1 206B AF84 DE7A AF6E94C09C7F
^^
It should just ignore whitespace when counting fingerprint length.
| ./make-dns-cert -f '5B00 C96D 5D54 AEE1 206B AF84 DE7A AF6E94C09C7F' -n foo
| foo TYPE37 \# 26 0006 0000 00 14 5B00 C96D 5D54 AEE1 206B AF84 DE7A AF6E94C09C7F
This should fix it:
Index: make-dns-cert.c
===================================================================
--- make-dns-cert.c (revision 4091)
+++ make-dns-cert.c (working copy)
@@ -24,6 +24,7 @@
#ifdef HAVE_GETOPT_H
#include
#endif
+#include
#include
#include
#include
@@ -97,7 +98,20 @@
if(fpr)
{
- fprlen=strlen(fpr);
+ const char *tmp = fpr;
+ while (*tmp)
+ {
+ if (isxdigit(*tmp))
+ {
+ fprlen++;
+ }
+ else if (!isspace(*tmp))
+ {
+ printf("Fingerprint must consist of only hex digits (and whitespace)\n");
+ return 1;
+ }
+ tmp++;
+ }
if(fprlen%2)
{
printf("Fingerprint must be an even number of characters\n");
And a second patch that uses stderr for errors on top of this one:
--- make-dns-cert.c.orig 2006-04-05 09:57:48.725050937 +0200
+++ make-dns-cert.c 2006-04-05 10:00:23.675749478 +0200
@@ -45,20 +45,20 @@
fd=open(keyfile,O_RDONLY);
if(fd==-1)
{
- printf("Cannot open key file %s: %s\n",keyfile,strerror(errno));
+ fprintf(stderr, "Cannot open key file %s: %s\n",keyfile,strerror(errno));
return 1;
}
err=fstat(fd,&statbuf);
if(err==-1)
{
- printf("Unable to stat key file %s: %s\n",keyfile,strerror(errno));
+ fprintf(stderr, "Unable to stat key file %s: %s\n",keyfile,strerror(errno));
goto fail;
}
if(statbuf.st_size>32768)
{
- printf("Key %s too large for CERT encoding\n",keyfile);
+ fprintf(stderr, "Key %s too large for CERT encoding\n",keyfile);
goto fail;
}
@@ -73,7 +73,7 @@
err=read(fd,buffer,1024);
if(err==-1)
{
- printf("Unable to read key file %s: %s\n",keyfile,strerror(errno));
+ fprintf(stderr, "Unable to read key file %s: %s\n",keyfile,strerror(errno));
goto fail;
}
@@ -107,14 +107,14 @@
}
else if (!isspace(*tmp))
{
- printf("Fingerprint must consist of only hex digits (and whitespace)\n");
+ fprintf(stderr, "Fingerprint must consist of only hex digits (and whitespace)\n");
return 1;
}
tmp++;
}
if(fprlen%2)
{
- printf("Fingerprint must be an even number of characters\n");
+ fprintf(stderr, "Fingerprint must be an even number of characters\n");
return 1;
}
@@ -127,7 +127,7 @@
if(!fpr && !url)
{
- printf("Cannot generate a CERT without either a fingerprint or URL\n");
+ fprintf(stderr, "Cannot generate a CERT without either a fingerprint or URL\n");
return 1;
}
@@ -150,13 +150,13 @@
}
static void
-usage(void)
+usage(FILE *f)
{
- printf("make-dns-cert\n");
- printf("\t-f\tfingerprint\n");
- printf("\t-u\tURL\n");
- printf("\t-k\tkey file\n");
- printf("\t-n\tDNS name\n");
+ fprintf(f, "make-dns-cert\n");
+ fprintf(f, "\t-f\tfingerprint\n");
+ fprintf(f, "\t-u\tURL\n");
+ fprintf(f, "\t-k\tkey file\n");
+ fprintf(f, "\t-n\tDNS name\n");
}
int
@@ -167,7 +167,7 @@
if(argc==1)
{
- usage();
+ usage(stderr);
return 0;
}
else if(argc>1 && strcmp(argv[1],"--version")==0)
@@ -177,7 +177,7 @@
}
else if(argc>1 && strcmp(argv[1],"--help")==0)
{
- usage();
+ usage(stdout);
return 0;
}
@@ -186,7 +186,7 @@
{
default:
case 'h':
- usage();
+ usage(stdout);
exit(0);
case 'f':
@@ -208,14 +208,14 @@
if(!name)
{
- printf("No name provided\n");
+ fprintf(stderr, "No name provided\n");
return 1;
}
if(keyfile && (fpr || url))
{
- printf("Cannot generate a CERT record with both a keyfile and"
- " a fingerprint or URL\n");
+ fprintf(stderr, "Cannot generate a CERT record with both a"
+ " keyfile and a fingerprint or URL\n");
return 1;
}
From wk at gnupg.org Wed Apr 5 11:11:07 2006
From: wk at gnupg.org (Werner Koch)
Date: Wed Apr 5 11:16:49 2006
Subject: gpg-zip?
In-Reply-To: <20060405064735.37663.qmail@web26202.mail.ukl.yahoo.com>
(arildbjork@yahoo.no's message of "Tue, 4 Apr 2006 23:47:35 -0700
(PDT)")
References: <20060405064735.37663.qmail@web26202.mail.ukl.yahoo.com>
Message-ID: <87vetojsk4.fsf@wheatstone.g10code.de>
On Tue, 4 Apr 2006 23:47:35 -0700 (PDT), Bj?rk said:
> I've searched the manual and the installation path for gnupg for
> Windows and I can't find the program or find it mentioned in the
> manual. Why isn't it included in the Windows version?
Because it won't work with Windows. It requires a Bourne shell and
the tar tool - this is not available under Windows.
Shalom-Salam,
Werner
From wk at gnupg.org Wed Apr 5 11:15:54 2006
From: wk at gnupg.org (Werner Koch)
Date: Wed Apr 5 11:21:53 2006
Subject: dns cert support
In-Reply-To: <20060405080228.GQ32646@asteria.noreply.org> (Peter Palfrader's
message of "Wed, 5 Apr 2006 10:02:28 +0200")
References: <87lkum26xw.fsf@wheatstone.g10code.de>
<20060404182501.GP32646@asteria.noreply.org>
<20060404215707.GB31590@jabberwocky.com>
<20060405080228.GQ32646@asteria.noreply.org>
Message-ID: <87r74cjsc5.fsf@wheatstone.g10code.de>
On Wed, 5 Apr 2006 10:02:28 +0200, Peter Palfrader said:
> + const char *tmp = fpr;
> + while (*tmp)
> + {
> + if (isxdigit(*tmp))
Will segv on many non-glibc systems if you pass non-ascii characters
to it. Never ever use isfoo functions without additional checks.
Salam-Shalom,
Werner
From gnupg-users=gnupg.org at lists.palfrader.org Wed Apr 5 12:06:04 2006
From: gnupg-users=gnupg.org at lists.palfrader.org (Peter Palfrader)
Date: Wed Apr 5 12:05:08 2006
Subject: dns cert support
In-Reply-To: <87r74cjsc5.fsf@wheatstone.g10code.de>
References: <87lkum26xw.fsf@wheatstone.g10code.de>
<20060404182501.GP32646@asteria.noreply.org>
<20060404215707.GB31590@jabberwocky.com>
<20060405080228.GQ32646@asteria.noreply.org>
<87r74cjsc5.fsf@wheatstone.g10code.de>
Message-ID: <20060405100604.GR32646@asteria.noreply.org>
On Wed, 05 Apr 2006, Werner Koch wrote:
> On Wed, 5 Apr 2006 10:02:28 +0200, Peter Palfrader said:
>
> > + const char *tmp = fpr;
> > + while (*tmp)
> > + {
> > + if (isxdigit(*tmp))
>
> Will segv on many non-glibc systems if you pass non-ascii characters
> to it. Never ever use isfoo functions without additional checks.
ick.
Index: make-dns-cert.c
===================================================================
--- make-dns-cert.c (revision 4091)
+++ make-dns-cert.c (working copy)
@@ -97,7 +97,22 @@
if(fpr)
{
- fprlen=strlen(fpr);
+ const char *tmp = fpr;
+ while (*tmp)
+ {
+ if ((*tmp >= 'A' && *tmp <= 'F') ||
+ (*tmp >= 'a' && *tmp <= 'f') ||
+ (*tmp >= '0' && *tmp <= '9'))
+ {
+ fprlen++;
+ }
+ else if (*tmp != ' ' && *tmp != '\t')
+ {
+ printf("Fingerprint must consist of only hex digits (and whitespace)\n");
+ return 1;
+ }
+ tmp++;
+ }
if(fprlen%2)
{
printf("Fingerprint must be an even number of characters\n");
--
PGP signed and encrypted | .''`. ** Debian GNU/Linux **
messages preferred. | : :' : The universal
| `. `' Operating System
http://www.palfrader.org/ | `- http://www.debian.org/
From alphasigmax at gmail.com Wed Apr 5 12:24:33 2006
From: alphasigmax at gmail.com (Alphax)
Date: Wed Apr 5 12:24:54 2006
Subject: gpg-zip?
In-Reply-To: <87vetojsk4.fsf@wheatstone.g10code.de>
References: <20060405064735.37663.qmail@web26202.mail.ukl.yahoo.com>
<87vetojsk4.fsf@wheatstone.g10code.de>
Message-ID: <44339AE1.6010302@gmail.com>
Werner Koch wrote:
> On Tue, 4 Apr 2006 23:47:35 -0700 (PDT), Bj?rk said:
>
>> I've searched the manual and the installation path for gnupg for
>> Windows and I can't find the program or find it mentioned in the
>> manual. Why isn't it included in the Windows version?
>
> Because it won't work with Windows. It requires a Bourne shell and
> the tar tool - this is not available under Windows.
>
Unless you have Cygwin or MSYS.
--
Alphax
Message composed: 2006-04-05T19:54:29+09:30
From gnupg-users=gnupg.org at lists.palfrader.org Wed Apr 5 12:30:42 2006
From: gnupg-users=gnupg.org at lists.palfrader.org (Peter Palfrader)
Date: Wed Apr 5 12:30:05 2006
Subject: dns cert support
In-Reply-To: <20060404182501.GP32646@asteria.noreply.org>
References: <87lkum26xw.fsf@wheatstone.g10code.de>
<20060404182501.GP32646@asteria.noreply.org>
Message-ID: <20060405103042.GS32646@asteria.noreply.org>
On Tue, 04 Apr 2006, Peter Palfrader wrote:
> On Mon, 03 Apr 2006, Werner Koch wrote:
>
> > * New auto-key-locate option that takes an ordered list of methods
> > to locate a key if it is not available at encryption time (-r or
> > --recipient). Possible methods include "cert" (use DNS CERT as
> > per RFC2538bis, "pka" (use DNS PKA), "ldap" (consult the LDAP
> > server for the domain in question), "keyserver" (use the
> > currently defined keyserver), as well as arbitrary keyserver
> > URIs that will be contacted for the key.
> >
> > * Able to retrieve keys using DNS CERT records as per RFC-2538bis
> > (currently in draft): http://www.josefsson.org/rfc2538bis
>
> How would I try to retrieve the key for peter@palfrader.org from DNS[1]
> using GnuPG's command line, other than simulating an encryption (like in
> gpg --auto-key-locate cert --recipient peter@palfrader.org --encrypt)
> to the user in question?
I notice that if I have both, a IPGP and a PGP CERT RR that GnuPG fails
to import the key some of the time:
| weasel@asteria:~/tmp/g$ echo fo | gpg --auto-key-locate cert --recipient peter@palfrader.org --encrypt
| gpg: peter@palfrader.org: skipped: public key not found
| gpg: [stdin]: encryption failed: public key not found
| weasel@asteria:~/tmp/g$ echo fo | gpg --auto-key-locate cert --recipient peter@palfrader.org --encrypt
| gpg: peter@palfrader.org: skipped: public key not found
| gpg: [stdin]: encryption failed: public key not found
| weasel@asteria:~/tmp/g$ echo fo | gpg --auto-key-locate cert --recipient peter@palfrader.org --encrypt
| gpg: ./trustdb.gpg: trustdb created
| gpg: key 94C09C7F: public key "Peter Palfrader" imported
} ;; ANSWER SECTION:
} peter.palfrader.org. 43200 IN CERT 6 0 0 FFsAyW1dVK7hIGuvhN56r26UwJx/
} peter.palfrader.org. 43200 IN CERT PGP 0 0 mQGiBDgp0YcRBACN9s8EycXRsu9ym3Sjou1N.....
Is having them both not supported or is there a bug somewhere?
Cheers,
Peter
--
PGP signed and encrypted | .''`. ** Debian GNU/Linux **
messages preferred. | : :' : The universal
| `. `' Operating System
http://www.palfrader.org/ | `- http://www.debian.org/
From dshaw at jabberwocky.com Wed Apr 5 14:42:20 2006
From: dshaw at jabberwocky.com (David Shaw)
Date: Wed Apr 5 14:41:42 2006
Subject: dns cert support
In-Reply-To: <20060405103042.GS32646@asteria.noreply.org>
References: <87lkum26xw.fsf@wheatstone.g10code.de>
<20060404182501.GP32646@asteria.noreply.org>
<20060405103042.GS32646@asteria.noreply.org>
Message-ID: <20060405124220.GC19546@jabberwocky.com>
On Wed, Apr 05, 2006 at 12:30:42PM +0200, Peter Palfrader wrote:
> I notice that if I have both, a IPGP and a PGP CERT RR that GnuPG fails
> to import the key some of the time:
[..]
> } ;; ANSWER SECTION:
> } peter.palfrader.org. 43200 IN CERT 6 0 0 FFsAyW1dVK7hIGuvhN56r26UwJx/
> } peter.palfrader.org. 43200 IN CERT PGP 0 0 mQGiBDgp0YcRBACN9s8EycXRsu9ym3Sjou1N.....
>
> Is having them both not supported or is there a bug somewhere?
At the moment, GnuPG will take whichever it sees first (the PGP or the
IPGP, but not both). So given round robining, if you have both, it
will seem to flip back and forth between the two. I'm thinking about
having GPG favor one or the other in these cases (probably PGP since
if it has already fetched the whole key, it may as well import it
rather than go to a web page or keyserver somewhere).
The reason it is not fetching from the IPGP record you have there is
there is only a fingerprint, and you must have a --keyserver defined
for it to fetch the fingerprint from in that case. Do you have a
--keyserver defined?
David
From gnupg-users=gnupg.org at lists.palfrader.org Wed Apr 5 15:18:31 2006
From: gnupg-users=gnupg.org at lists.palfrader.org (Peter Palfrader)
Date: Wed Apr 5 15:17:44 2006
Subject: dns cert support
In-Reply-To: <20060405124220.GC19546@jabberwocky.com>
References: <87lkum26xw.fsf@wheatstone.g10code.de>
<20060404182501.GP32646@asteria.noreply.org>
<20060405103042.GS32646@asteria.noreply.org>
<20060405124220.GC19546@jabberwocky.com>
Message-ID: <20060405131831.GT32646@asteria.noreply.org>
On Wed, 05 Apr 2006, David Shaw wrote:
> On Wed, Apr 05, 2006 at 12:30:42PM +0200, Peter Palfrader wrote:
>
> > I notice that if I have both, a IPGP and a PGP CERT RR that GnuPG fails
> > to import the key some of the time:
>
> [..]
>
> > } ;; ANSWER SECTION:
> > } peter.palfrader.org. 43200 IN CERT 6 0 0 FFsAyW1dVK7hIGuvhN56r26UwJx/
> > } peter.palfrader.org. 43200 IN CERT PGP 0 0 mQGiBDgp0YcRBACN9s8EycXRsu9ym3Sjou1N.....
> >
> > Is having them both not supported or is there a bug somewhere?
>
> At the moment, GnuPG will take whichever it sees first (the PGP or the
> IPGP, but not both). So given round robining, if you have both, it
> will seem to flip back and forth between the two. I'm thinking about
> having GPG favor one or the other in these cases (probably PGP since
> if it has already fetched the whole key, it may as well import it
> rather than go to a web page or keyserver somewhere).
On the other hand the key that is fetched via DNS has serious size
constraints - DNS limits the RDATA to 64k and I think GnuPG further
limits this to 16k. In my case I have significantly stripped down my
key in order to store it in DNS, so maybe going to the keyserver or the
location specified in IPGP might be a good idea.
> The reason it is not fetching from the IPGP record you have there is
> there is only a fingerprint, and you must have a --keyserver defined
> for it to fetch the fingerprint from in that case. Do you have a
> --keyserver defined?
Ah, now that I do it works nicely. Thanks! Maybe gpg should say that
it wants to have a keyserver in this case?
Cheers,
Peter
--
PGP signed and encrypted | .''`. ** Debian GNU/Linux **
messages preferred. | : :' : The universal
| `. `' Operating System
http://www.palfrader.org/ | `- http://www.debian.org/
From vedaal at hush.com Wed Apr 5 16:37:45 2006
From: vedaal at hush.com (vedaal@hush.com)
Date: Wed Apr 5 16:37:02 2006
Subject: gpg-zip
Message-ID: <20060405143745.AE122DA827@mailserver6.hushmail.com>
On Wed, 05 Apr 2006 05:23:40 -0400 gnupg-users-request@gnupg.org
wrote:
>Send Gnupg-users mailing list submissions to
> gnupg-users@gnupg.org
>
>Message: 6
>Date: Tue, 4 Apr 2006 23:47:35 -0700 (PDT)
>From: Arild "Bj?rk"
>Subject: gpg-zip?
> * Added "gpg-zip", a program to create encrypted archives
>that can interoperate with PGP Zip.
>
>I've searched the manual and the installation path for gnupg for
>Windows and I can't find the program or find it mentioned in the
>manual. Why isn't it included in the Windows version?
>Message: 8
>Date: Wed, 05 Apr 2006 11:11:07 +0200
>From: Werner Koch
>Subject: Re: gpg-zip?
>Because it won't work with Windows. It requires a Bourne shell
>and
>the tar tool - this is not available under Windows.
but it is easily available in a front end for windows,
and works from file manager in winpt
(for .zip files, for comaptibility with common windows unzip
programs )
but could just as easily be made to work with .rar or other format
vedaal
Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
From info at entrepreneur.co.uk Wed Apr 5 16:32:33 2006
From: info at entrepreneur.co.uk (joeking)
Date: Wed Apr 5 16:48:46 2006
Subject: GnuPG - where is the .exe file???
Message-ID: <3765831.post@talk.nabble.com>
I am trying to set up secure email encryption using Thunderbird, Enigmail
and GnuPG.
I have everything in place bar GnuPG.
I downloaded it and extracted it.
I then have to add the GnuPG executable path in Enigmail so that they work
together.
My problem is finding GnuPG.exe. It doesn't seem to be in my GnuPG folder.
Any ideas where I am going wrong?
--
View this message in context: http://www.nabble.com/GnuPG---where-is-the-.exe-file--t1399921.html#a3765831
Sent from the GnuPG - User forum at Nabble.com.
From dshaw at jabberwocky.com Wed Apr 5 16:52:39 2006
From: dshaw at jabberwocky.com (David Shaw)
Date: Wed Apr 5 16:51:54 2006
Subject: dns cert support
In-Reply-To: <20060405131831.GT32646@asteria.noreply.org>
References: <87lkum26xw.fsf@wheatstone.g10code.de>
<20060404182501.GP32646@asteria.noreply.org>
<20060405103042.GS32646@asteria.noreply.org>
<20060405124220.GC19546@jabberwocky.com>
<20060405131831.GT32646@asteria.noreply.org>
Message-ID: <20060405145239.GD19546@jabberwocky.com>
On Wed, Apr 05, 2006 at 03:18:31PM +0200, Peter Palfrader wrote:
> On Wed, 05 Apr 2006, David Shaw wrote:
>
> > On Wed, Apr 05, 2006 at 12:30:42PM +0200, Peter Palfrader wrote:
> >
> > > I notice that if I have both, a IPGP and a PGP CERT RR that GnuPG fails
> > > to import the key some of the time:
> >
> > [..]
> >
> > > } ;; ANSWER SECTION:
> > > } peter.palfrader.org. 43200 IN CERT 6 0 0 FFsAyW1dVK7hIGuvhN56r26UwJx/
> > > } peter.palfrader.org. 43200 IN CERT PGP 0 0 mQGiBDgp0YcRBACN9s8EycXRsu9ym3Sjou1N.....
> > >
> > > Is having them both not supported or is there a bug somewhere?
> >
> > At the moment, GnuPG will take whichever it sees first (the PGP or the
> > IPGP, but not both). So given round robining, if you have both, it
> > will seem to flip back and forth between the two. I'm thinking about
> > having GPG favor one or the other in these cases (probably PGP since
> > if it has already fetched the whole key, it may as well import it
> > rather than go to a web page or keyserver somewhere).
>
> On the other hand the key that is fetched via DNS has serious size
> constraints - DNS limits the RDATA to 64k and I think GnuPG further
> limits this to 16k. In my case I have significantly stripped down my
> key in order to store it in DNS, so maybe going to the keyserver or the
> location specified in IPGP might be a good idea.
Certainly the CERT PGP type has size restrictions, but I think that's
fine: I don't really see the CERT PGP type as a repository for whole
keys with dozens of signatures like on a keyserver. Rather, it's a
place to store minimal (via export-minimal) keys. Once this "seed"
key is gotten via CERT PGP, it can be fleshed out via a keyserver or
preferred keyserver subpacket on the key itself.
The GnuPG 16k max-cert-size is changeable, by the way:
--keyserver-options max-cert-size=65536
16k was a bit of a guess as to a good value since CERT is so new.
Whether to favor CERT PGP or CERT IPGP is one of those things where a
reasonable case can be made for either path. It depends on what
you're using CERT for: if you were using CERT in a PKA-like scheme,
you'd want CERT PGP to get the answer as fast as possible, while if
you were using CERT as a automatic key locater you'd probably want
CERT IPGP to get all the signatures.
> > The reason it is not fetching from the IPGP record you have there is
> > there is only a fingerprint, and you must have a --keyserver defined
> > for it to fetch the fingerprint from in that case. Do you have a
> > --keyserver defined?
>
> Ah, now that I do it works nicely. Thanks! Maybe gpg should say that
> it wants to have a keyserver in this case?
Yes, I think it should. Note that you could make your IPGP contain
both a fingerprint and a URL - that way you get to specify where the
user will fetch your key from (it may not exist in the manner you
desire on their particular keyserver).
David
From johnmoore3rd at joimail.com Wed Apr 5 16:56:13 2006
From: johnmoore3rd at joimail.com (John W. Moore III)
Date: Wed Apr 5 16:55:28 2006
Subject: pka-lookups
Message-ID: <4433DA8D.1040900@joimail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Throughout the 'snapshot' phase of 1.4.3 this ability was turned OFF by
default. With the release of 1.4.3 stable and the availability of
cross-certification and pka-lookup now widely available, will the
features once defaulted to off be defaulted to ON for the 1.4.4
'snapshot' releases?
Also, in gpg.man the reference is "see require-cross-certification" but
I have been unable so far to find that particular option in the Manual.
When I do, what will I "see"?
JOHN :)
Timestamp: Wednesday 05 Apr 2006, 10:55 --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4-4092cvs: (MingW32)
Comment: Public Key at: http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org
Comment: Homepage: http://tinyurl.com/9ubue
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBCAAGBQJEM9qGAAoJEBCGy9eAtCsP8/YH/js/PyBQGhcSrHxUXZMCC+PJ
CmuQdEBJHfQ4zEda0D5f+crQO+7A20AvH7FD10AkEspMuXoWgImAdqVhSkj7LiQ/
/VA6CynAIlt4/GhhgdWYiE96PRJf1T0DBmGypOMOxBlPUl0mAsclbDUinEn1P5c3
kTQS4G5H7uljt5k1o0l20jG1gQb2TdSKxsaBGB3ZIuGFGqpV/bStFxxYJ5R9SpXQ
KyK1aMyJgWUr0eHWX82Nn2Q6cYFoOW5tllRYngRETMvJqC/rzR6hpJGsIoqY5TtN
M2iFR8GGEsxvWMByBMN6M9ZZligjcRFB15nPXh+6BjSnykbx8FHQlmFoRn+P92I=
=RzxT
-----END PGP SIGNATURE-----
From felix.klee at inka.de Wed Apr 5 18:22:35 2006
From: felix.klee at inka.de (Felix E. Klee)
Date: Wed Apr 5 18:21:52 2006
Subject: OpenPGP card: What RSA problems? Why not for key signing?
Message-ID: <87lkukc7qs.wl%felix.klee@inka.de>
I consider creating a new master key: My old one wasn't stored securely
in the past and it has been rarely used. This new key I want to
generate on a system with a temporary fresh LINUX install and upload it
to two Smartcards (one is for backup). Now, the only thing that's
preventing me from doing this are the following paragraphs that I found
in The GnuPG Smartcard HOWTO ("How to use the Fellowship Smartcard"):
The card does not support DSA keys. Even if you are using a RSA key
you might encounter problems. The cards available at the moment only
support 1024 bit keys.
The suggestion is to use the key on the card only for signing and
decrypting but NOT for key signing.
This calls for some questions:
* What are those problems that one may encounter with RSA?
* Why should the key on the card not be used for key signing?
* Is there any advantage in using a DSA master key (not supported by the
OpenPGP card, I know) instead of an RSA master key?
* What's the best tool for generating the 1024 bit RSA key? Should I
simply use plain "gpg --gen-key --no-random-seed-file" or should the
key be generated on card, or does it not really matter?
PS: Of course, I will use a subkey with limited lifetime for everyday
use, and I'll store this key on a third card.
--
Felix E. Klee
From info at entrepreneur.co.uk Wed Apr 5 18:30:03 2006
From: info at entrepreneur.co.uk (joeking)
Date: Wed Apr 5 18:29:10 2006
Subject: GnuPG - where is the .exe file???
In-Reply-To: <3765831.post@talk.nabble.com>
References: <3765831.post@talk.nabble.com>
Message-ID: <3768339.post@talk.nabble.com>
Forgot to say I am using Windows. And it helps to download the Windows
version . . .
--
View this message in context: http://www.nabble.com/GnuPG---where-is-the-.exe-file--t1399921.html#a3768339
Sent from the GnuPG - User forum at Nabble.com.
From info at entrepreneur.co.uk Wed Apr 5 19:34:52 2006
From: info at entrepreneur.co.uk (info@entrepreneur.co.uk)
Date: Wed Apr 5 19:34:32 2006
Subject: GnuPG - where is the .exe file???
In-Reply-To: <20060405163024.41655.qmail@web52713.mail.yahoo.com>
References: <4433FCE9.2734.1F0BFA9@localhost>
Message-ID: <44341BDC.31392.269A743@localhost>
I found my problem - I did not download Windows version! I am an
idiot. You are a great person for helping a stranger.
On 5 Apr 2006 at 9:30, Ramprasad B wrote:
>
> info@entrepreneur.co.uk wrote:
>
> > Did you download GnuPG 1.4.3 from
> > http://www.gnupg.org/(en)/download/index.html?
>
> yep.
>
> > Even searching my computer does not find that .exe file.
>
> Please try to uninstall and install again.
> or try to find gpg.exe in program files folder.
> probably u tried to search gnupg.exe
>
> --
> Ramprasad B
>
> New Yahoo! Messenger with Voice. Call regular phones from your PC and save big.
From ramprasad_i82 at yahoo.com Wed Apr 5 17:07:46 2006
From: ramprasad_i82 at yahoo.com (Ramprasad B)
Date: Wed Apr 5 19:56:13 2006
Subject: GnuPG - where is the .exe file???
In-Reply-To: <3765831.post@talk.nabble.com>
Message-ID: <20060405150746.95437.qmail@web52701.mail.yahoo.com>
--- joeking wrote:
> I then have to add the GnuPG executable path in Enigmail so that they work
> together.
> My problem is finding GnuPG.exe. It doesn't seem to be in my GnuPG folder.
I downloaded today and installed gnupg.
The gpg.exe guy was at -> C:\Program Files\GNU\GnuPG\gpg.exe
--
Ramprasad B
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
From info at entrepreneur.co.uk Wed Apr 5 17:22:49 2006
From: info at entrepreneur.co.uk (info@entrepreneur.co.uk)
Date: Wed Apr 5 19:56:20 2006
Subject: GnuPG - where is the .exe file???
In-Reply-To: <20060405150746.95437.qmail@web52701.mail.yahoo.com>
References: <3765831.post@talk.nabble.com>
Message-ID: <4433FCE9.2734.1F0BFA9@localhost>
Thanks for your help!
Did you download GnuPG 1.4.3 from http://www.gnupg.org/(en)/download/index.html?
Even searching my computer does not find that .exe file.
On 5 Apr 2006 at 8:07, Ramprasad B wrote:
> --- joeking wrote:
>
> > I then have to add the GnuPG executable path in Enigmail so that they work
> > together.
>
> > My problem is finding GnuPG.exe. It doesn't seem to be in my GnuPG folder.
>
> I downloaded today and installed gnupg.
> The gpg.exe guy was at -> C:\Program Files\GNU\GnuPG\gpg.exe
>
> --
> Ramprasad B
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
>
>
From ramprasad_i82 at yahoo.com Wed Apr 5 17:07:51 2006
From: ramprasad_i82 at yahoo.com (Ramprasad B)
Date: Wed Apr 5 19:56:31 2006
Subject: GnuPG - where is the .exe file???
In-Reply-To: <3765831.post@talk.nabble.com>
Message-ID: <20060405150751.11284.qmail@web52703.mail.yahoo.com>
--- joeking wrote:
> I then have to add the GnuPG executable path in Enigmail so that they work
> together.
> My problem is finding GnuPG.exe. It doesn't seem to be in my GnuPG folder.
I downloaded today and installed gnupg.
The gpg.exe guy was at -> C:\Program Files\GNU\GnuPG\gpg.exe
--
Ramprasad B
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
From johnmoore3rd at joimail.com Wed Apr 5 20:33:27 2006
From: johnmoore3rd at joimail.com (John W. Moore III)
Date: Wed Apr 5 20:32:36 2006
Subject: GnuPG - where is the .exe file???
In-Reply-To: <4433FCE9.2734.1F0BFA9@localhost>
References: <3765831.post@talk.nabble.com> <4433FCE9.2734.1F0BFA9@localhost>
Message-ID: <44340D77.1030506@joimail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
info@entrepreneur.co.uk wrote:
> Thanks for your help!
>
> Did you download GnuPG 1.4.3 from http://www.gnupg.org/(en)/download/index.html?
>
> Even searching my computer does not find that .exe file.
Perhaps you might look under C:\GnuPG
You could always click on the Start Key and then use Search to look for
gpg.exe
JOHN ;)
Timestamp: Wednesday 05 Apr 2006, 14:33 --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4-4092cvs: (MingW32)
Comment: Public Key at: http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org
Comment: Homepage: http://tinyurl.com/9ubue
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBCAAGBQJENA12AAoJEBCGy9eAtCsPirgIAJtlbWZiyIAdg4jwSE6SM/Tz
71Sh64LTu//WrUVEuEdibtXuPXldz1AguWJQn33/MhLTs+1jtDpDmLGVyrc6jxAp
oXJJBxi3UTf1rQzGQUefI5QsZfocBsckrsiC+Dd3VgcSb8yp8Yzqf+biXv9m7tEO
fCHvzDjyWqS0574zzvnyUHD/x+cf5SnAo0Fzk/cuBR1DsTtrpcGF85g/9nLBZgxA
bhZK0+36C+P/38S4LqOIB8zdKAzEThfa1VHx9UCxSB9NG5oa+kqhgTKHvAMkFTS0
CtRj1VFVuA1ghRoKe8Pa3wbKAwXOyMu9jHxjaYhT+FYq2rHp/3VvdOqxzO9RgiE=
=HQmT
-----END PGP SIGNATURE-----
From vedaal at hush.com Wed Apr 5 21:50:59 2006
From: vedaal at hush.com (vedaal@hush.com)
Date: Wed Apr 5 21:50:09 2006
Subject: 1.4.3 // proper syntax for --edit-key cross-certify ?
Message-ID: <20060405195100.106D2DA832@mailserver6.hushmail.com>
what is the syntax needed to use the cross-certify
to have a signing subkey sign the master?
i tried cross-certify with --edit-key
and got no response
(not even the polite customary error message ;-) )
here is the command and gpg output:
$ gpg --edit-key 0x6A589A97
gpg (GnuPG) 1.4.3; Copyright (C) 2006 Free Software Foundation,
Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
gpg: using PGP trust model
gpg: key 6A589A97: accepted as trusted key
Secret key is available.
pub 4096R/6A589A97 created: 2001-04-26 expires: never usage:
SCEA
trust: ultimate validity: ultimate
sub 4096R/04ADEE20 created: 2001-04-26 expires: never usage:
SCEA
[ultimate] (1). vedaal nistar (preferred e-mail address)
[ultimate] (2) vedaal nistar (preferred key)
[ultimate] (3) vedaal nistar
Command> cross-certify
Command>
gnupg just returns the command prompt
(the same happens after a uid is selected, and then cross-certify
entered at the command prompt)
the same thing also happens with the following variations:
Command> cross-certify
Command>
Command> cross-certify sub 4096R/04ADEE20
Command>
Command> cross-certify pub 4096R/6A589A97
Command>
Command> cross-certify 6A589A97
Command>
Command> cross-certify 04ADEE20
Command>
what should the proper syntax be ?
tia,
vedaal
Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
From john.m.church at lmco.com Wed Apr 5 20:16:44 2006
From: john.m.church at lmco.com (John M Church)
Date: Wed Apr 5 23:56:18 2006
Subject: Automated Decryption via Script Running Setuid
Message-ID: <4434098C.7@lmco.com>
Searched the archives back through Oct. '05 and didn't see a solution to
my problem...
Bottom line to problem: If a script running setuid as userA but called
by userB contains a GPG command, GPG responds with userB information
instead of userA.
I have a perl script 'parseMail_andSubmit_toDB.pl' that is being routed
information from a C-wrapper that runs as userA.
-rwsr-sr-x userA pass_STDIN_to_parseMail_andSubmit_toDB.exe
The info contained in STDIN is an emailed message with an attached file
(encrypted with userA's public key). In parseMail_andSubmit_toDB.pl, I
save the attachment to a file and call a second perl script
'decrypt_file.pl'. This script contains userA's passphrase which I am
attempting to use to decrypt the file ala:
"cd $dir_containing_file; echo \'${passphrase}\' |
/usr/local/share/bin/gpg --passphrase-fd 0 --output
${file_to_decrypt}_cleartext$$ --decrypt $file_to_decrypt".
However GPG responds with:
"cp: cannot create /.gnupg/gpg.conf: Permission denied
gpg: fatal: can't create directory `~/.gnupg': No such file or directory
secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768"
It is as-if GPG knows that userB originated the call (in this case the
email daemon which probably doesn't have a /home/daemon and certainly
doesn't have GPG keys). So I setup a second test where jchurch (as
userB) called the c-wrapper and changed the GPG command in
decrypt_file.pl to 'echo \'Calling whoami\'; /usr/ucb/whoami;
/usr/local/share/bin/gpg --list-keys' and I received the key info for
userB instead of userA. See below.
--------------------------------
pub 1024D/63A468CF 2006-03-23
uid John Church (Second Key working with Joel)
sub 2048g/2D0142AB 2006-03-23
pub 1024D/F3D3D15D 2006-04-03
uid razoradm (Razor Administrator)
sub 2048g/B73F17B6 2006-04-03
The key info for userA should have been returned.
Does anyone have any clue as to whether GPG is this smart? I admit to
being a newbie to GPG so perhaps I'm doing something stupid. Any
suggestions would be appreciated.
Thanks-in-advance,
John_inDenver
From shavital at mac.com Thu Apr 6 00:07:18 2006
From: shavital at mac.com (Charly Avital)
Date: Thu Apr 6 00:07:00 2006
Subject: 1.4.3 // proper syntax for --edit-key cross-certify ?
In-Reply-To: <20060405195100.106D2DA832@mailserver6.hushmail.com>
References: <20060405195100.106D2DA832@mailserver6.hushmail.com>
Message-ID: <44343F96.8090202@mac.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
vedaal@hush.com wrote the following on 4/5/06 3:50 PM:
> what is the syntax needed to use the cross-certify
> to have a signing subkey sign the master?
>
> i tried cross-certify with --edit-key
> and got no response
> (not even the polite customary error message ;-) )
When I tried that, I was prompted to enter my passphrase after a row
showing that my signing subkey was selected:
- -----
Charly-Avitals-PBG4:~ shavital$ gpg --edit-key C91B085E
gpg (GnuPG) 1.4.3; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
Secret key is available.
pub 1024D/C91B085E created: 2002-05-11 expires: never usage: SCA
trust: ultimate validity: ultimate
sub 2048g/084539C7 created: 2002-05-11 expires: never usage: E
sub 4096R/727327CF created: 2005-02-17 expires: never usage: S
[ultimate] (1). Charly Avital (1.0.7)
[ultimate] (2) Charly Avital (1.0.7)
[ revoked] (3) Charly Avital (1.0.7)
Command> cross-certify
You need a passphrase to unlock the secret key for
user: "Charly Avital (1.0.7) "
4096-bit RSA key, ID 727327CF, created 2005-02-17
Enter passphrase:
- -------------
After I enter the passphrase, I get the same output as above:
- -----
pub 1024D/C91B085E created: 2002-05-11 expires: never usage: SCA
trust: ultimate validity: ultimate
sub 2048g/084539C7 created: 2002-05-11 expires: never usage: E
sub 4096R/727327CF created: 2005-02-17 expires: never usage: S
[ultimate] (1). Charly Avital (1.0.7)
[ultimate] (2) Charly Avital (1.0.7)
[ revoked] (3) Charly Avital (1.0.7)
=============
But when I Quit, I am prompted to save changes:
- --------------
Command> quit
Save changes? (y/N) n
Quit without saving? (y/N) y
- --------------
I have chosen to quit without saving any changes, because the truth is I
do not fully understand what the change is, and what it would do to my
key and/or to my signing subkey.
[...]
> (the same happens after a uid is selected, and then cross-certify
> entered at the command prompt)
When you select a uid, can you select the signing subkey itself?
I can't. I can only select one of the existing uids (1,2 or 3).
>[...]
> what should the proper syntax be ?
>
I hope you get more significant feedback from the list. I just wanted to
let you know that cross-certify provokes, in my system, a certain
response and output that can be saved in the key.
Charly
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
Comment: GnuPG for Privacy
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIVAwUBRDQ/kG69XHxycyfPAQgg7BAAqXTx45ETj04X0OK4ILPZ8BXINE4mP37n
J+AVdrFApncNnXOx/jQ2rOvZyN/f17accOlLCef6dtpOIHGqSoXTxHFZq9yncwPQ
s1/OfERI384qFgs21YbJCE70cE2wlmJiRO06uHUFQ/QUgaP3W7uNTX4iYXHFBNQJ
VcS4bjGKEN0t5yV3M39J4wBU1yCd43TN6YYQaK0xNvvPfKm6V3HWGARQ0PhhsdyH
YX9HifwcE0BHslU9SXZIfDE9GhZJeT7VEj3Pu3CDYh5GVPnv6a5LFFZh3Wv1R3Eh
nrc0GTbUULg/oeAMkuwLZ6ZO6CLoJP8jot1BIAhX9FxlsxASgxSWlnhr7qioSiNe
nSZTklyXTdKXMJVL4+7OkxKACQqx/cWNWUJPKQogDkkAkVabcB3JB9g6jPMPIV1s
7tJezG8/LvQmOZfzlxGkARdESE0fROTmqL8Lax7xmybN5OsSNNzbWfDR4j0558Dm
FKAGEoNSZq1g8VwXCTuDTsH5ycpqjeDYYLjwecOvEyKAB6wt/vOGufei5hFmzFVC
COg+8fgF7XmqqT3ojTDTKmCJkU5xJosHLXvnY6fUia2Ik9oGiic47eN+OCMVW8Ww
0+hHtcXZlooHwcZr5QSTv2PspLiDHO/0RUqWL5nkrEMhbibS8lMQD2w/BLQTv2xq
qV9bFqDPZGU=
=bq6u
-----END PGP SIGNATURE-----
From hartmut_henkel at gmx.de Wed Apr 5 22:22:03 2006
From: hartmut_henkel at gmx.de (Hartmut Henkel)
Date: Thu Apr 6 00:56:17 2006
Subject: keytocard doesn't move key
Message-ID:
Hi,
using an SCR335 card reader with gnupg 1.4.3 under debian-sarge AMD64 i
can do
gpg --card-edit
> generate
> list
which generates new keys on the smartcard fine and puts them also into
file secring.gpg. But then trying to move the secret key to the
smartcard by
gpg --edit-key
Befehl> toggle
Befehl> keytocard
does _not_ work: The newly generated secret key persists in secring.gpg.
E. g. i can do --export-secret-key without smartcard. Gpg tells:
Really move the primary key? (y/N) y
...
W?hlen Sie den Speicherort f?r den Schl?ssel:
(1) Unterschriften-Schl?ssel
(3) Authentisierungs-Schl?ssel
Ihre Auswahl? 1
gpg: WARNING: such a key has already been stored on the card!
Vorhandenen Schl?ssel ersetzen? (j/N) j
gpg: geheimer Schl?ssel ist bereits auf einer Karte gespeichert
When i delete the secret key manually from secring.gpg, the secret key
on the card won't be found, probably as the "stub" is missing in
secring.gpg.
So the question is: How can i get the secret key away from the
secring.gpg and still have the stub so that the secret key is requested
then from the smartcard?
Thanks a lot for any hints.
Regards, Hartmut
From johnmoore3rd at joimail.com Thu Apr 6 01:13:06 2006
From: johnmoore3rd at joimail.com (John W. Moore III)
Date: Thu Apr 6 01:13:21 2006
Subject: 1.4.3 // proper syntax for --edit-key cross-certify ?
In-Reply-To: <44343F96.8090202@mac.com>
References: <20060405195100.106D2DA832@mailserver6.hushmail.com>
<44343F96.8090202@mac.com>
Message-ID: <44344F02.6050108@joimail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Charly Avital wrote:
> But when I Quit, I am prompted to save changes:
> --------------
> Command> quit
> Save changes? (y/N) n
> Quit without saving? (y/N) y
> --------------
>
> I have chosen to quit without saving any changes, because the truth is I
> do not fully understand what the change is, and what it would do to my
> key and/or to my signing subkey.
Knee-jerk response is to say "It does Nothing to you Key/sub-Key" but
that is not /exactly/ true. What occurs is that your Key & sub-Key are
inextricably linked. This is prevent a very remote & arcane possibility
of your signing sub_key being hijacked.
Real World effect.....with 'require-cross-certification' active in my
gpg.conf File your message Opened with a yellow stripe across the top of
my Enigmail Screen and a 'Red' Pen in the lower right corner. Clicking
on the pen gives me a verbose text indicating that you have *not* back
signed the sub-Key. When I comment out the gpg.conf entry I Open the
message to the familiar Green Line indicating 'Good Signature from
Trusted Key'.
Had you chosen to 'save' the changes it would have appeared Green when I
first Opened this Post. My suggestion would be to go ahead and 'save'
the changes and rest comfortably that it will have no negative effect
whatsoever.
Others will surely disagree with me and should appear here shortly.
JOHN ;)
Timestamp: Wednesday 05 Apr 2006, 19:11 --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4-4092cvs: (MingW32)
Comment: Public Key at: http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org
Comment: Homepage: http://tinyurl.com/9ubue
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBCAAGBQJENE7sAAoJEBCGy9eAtCsPFZEH/j0T49h7lh3ugrZE2WN3KB3S
cQre6aVgJ0ectjc1aam0nfu2oZJMMbrvFbpgrKHsUYZF/BBEtyvRIZ8ABwK8Wqo8
BO+JVu4egZQ4mxHOR3X/LDc956kuCOq5/DOj0oTc07dTb5OToLL/bi1GTKXx9WWn
LMgKLnU18RYCuCoJie/t9zyz/XmepQDQ5/6Lb6sjKfyQsylC+KWbIeASSjxJuphn
jQZJOvQpEZ/wA3MVByuK4oibWlLJIECldRH7uB+inD+nNpdW1hHklb721hQnAcH0
C06qsXhbDjnLmm6zeqLyWGNtCB03+0mAeulaXkwzRV5POKd+bEAUURVFm0JGFr8=
=Uz8J
-----END PGP SIGNATURE-----
From vedaal at hush.com Thu Apr 6 01:47:12 2006
From: vedaal at hush.com (vedaal@hush.com)
Date: Thu Apr 6 01:46:20 2006
Subject: 1.4.3 // proper syntax for --edit-key cross-certify ?
Message-ID: <20060405234712.7A3D8DA832@mailserver6.hushmail.com>
Charly Avital shavital at mac.com wrote on
Thu Apr 6 00:07:18 CEST 2006 :
>When I tried that, I was prompted to enter my passphrase after a
row
showing that my signing subkey was selected:
>But when I Quit, I am prompted to save changes:
hmmm,
ok,
tried this again,
same result as before,
then generated a new dh/dsa key
and a new rsa subkey
and tried it with the new key,
and it worked,
with the same result that you got,
*but*
only for new or recent keys,
the key i originally wrote in about,
is an older (but still v4) rsa key and rsa signing subkey
and i couldn't get it to cross-certify
can others try this out on any older PGP-generated keys they might
have,
and see if it works or not,
tia,
vedaal
Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
From dshaw at jabberwocky.com Thu Apr 6 03:38:24 2006
From: dshaw at jabberwocky.com (David Shaw)
Date: Thu Apr 6 03:37:41 2006
Subject: 1.4.3 // proper syntax for --edit-key cross-certify ?
In-Reply-To: <44343F96.8090202@mac.com>
References: <20060405195100.106D2DA832@mailserver6.hushmail.com>
<44343F96.8090202@mac.com>
Message-ID: <20060406013824.GA22100@jabberwocky.com>
On Wed, Apr 05, 2006 at 06:07:18PM -0400, Charly Avital wrote:
> I have chosen to quit without saving any changes, because the truth is I
> do not fully understand what the change is, and what it would do to my
> key and/or to my signing subkey.
http://www.gnupg.org/faq/subkey-cross-certify.html
You should do it.
David
From dshaw at jabberwocky.com Thu Apr 6 03:45:19 2006
From: dshaw at jabberwocky.com (David Shaw)
Date: Thu Apr 6 03:44:34 2006
Subject: pka-lookups
In-Reply-To: <4433DA8D.1040900@joimail.com>
References: <4433DA8D.1040900@joimail.com>
Message-ID: <20060406014519.GB22100@jabberwocky.com>
On Wed, Apr 05, 2006 at 10:56:13AM -0400, John W. Moore III wrote:
> Throughout the 'snapshot' phase of 1.4.3 this ability was turned OFF by
> default. With the release of 1.4.3 stable and the availability of
> cross-certification and pka-lookup now widely available, will the
> features once defaulted to off be defaulted to ON for the 1.4.4
> 'snapshot' releases?
It depends on the feature. Certainly require-cross-certification will
not be turned on by default in 1.4.4. Too soon.
> Also, in gpg.man the reference is "see require-cross-certification" but
> I have been unable so far to find that particular option in the Manual.
> When I do, what will I "see"?
It's there. It says:
When verifying a signature made from a subkey, ensure that the
cross certification "back signature" on the subkey is present and
valid. This protects against a subtle attack against subkeys that
can sign. Currently defaults to --no-require-cross-certification,
but will be changed to --require-cross-certification in the
future.
David
From dshaw at jabberwocky.com Thu Apr 6 04:02:16 2006
From: dshaw at jabberwocky.com (David Shaw)
Date: Thu Apr 6 04:01:27 2006
Subject: 1.4.3 // proper syntax for --edit-key cross-certify ?
In-Reply-To: <20060405234712.7A3D8DA832@mailserver6.hushmail.com>
References: <20060405234712.7A3D8DA832@mailserver6.hushmail.com>
Message-ID: <20060406020216.GC22100@jabberwocky.com>
On Wed, Apr 05, 2006 at 07:47:12PM -0400, vedaal@hush.com wrote:
> the key i originally wrote in about,
> is an older (but still v4) rsa key and rsa signing subkey
> and i couldn't get it to cross-certify
>
> can others try this out on any older PGP-generated keys they might
> have,
> and see if it works or not,
PGP does not generate signing subkeys. You generated a RSA encryption
key that happened to be without key flags (I guess that version of PGP
didn't use them yet), and so it appears as a RSA sign+encrypt key in
GnuPG.
Bottom line is, this does not work on PGP generated keys.
David
From shavital at mac.com Thu Apr 6 06:29:51 2006
From: shavital at mac.com (Charly Avital)
Date: Thu Apr 6 06:29:25 2006
Subject: 1.4.3 // proper syntax for --edit-key cross-certify ?
In-Reply-To: <44344F02.6050108@joimail.com>
References: <20060405195100.106D2DA832@mailserver6.hushmail.com>
<44343F96.8090202@mac.com> <44344F02.6050108@joimail.com>
Message-ID: <4434993F.8060304@mac.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
John W. Moore III wrote the following on 4/5/06 7:13 PM:
[...]
> Had you chosen to 'save' the changes it would have appeared Green when I
> first Opened this Post. My suggestion would be to go ahead and 'save'
> the changes and rest comfortably that it will have no negative effect
> whatsoever.
Thank you for the clarification. I have just done that and saved the change.
>
> Others will surely disagree with me and should appear here shortly.
Well, not really, since David Shaw concurs:
David Shaw wrote the following on 4/5/06 9:38 PM:
> On Wed, Apr 05, 2006 at 06:07:18PM -0400, Charly Avital wrote:
>
>> I have chosen to quit without saving any changes, because the truth is I
>> do not fully understand what the change is, and what it would do to my
>> key and/or to my signing subkey.
>
> http://www.gnupg.org/faq/subkey-cross-certify.html
>
> You should do it.
>
> David
I have also uploaded the 'corrected' key to a keyserver.
Thanks to all.
Charly
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
Comment: GnuPG for Privacy
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIVAwUBRDSZPG69XHxycyfPAQhwOQ/+IS4ZVVWFsxLA+J3wS9z3omySCQprvNXA
86YCjBHTTHFXebvWSMsxSXc4hnj2ewlte3/gAy6i7qCYxNv7iw3TwK2WfH7R0TPe
J+WLmqu0NCOABMqEXU3Dqrh8FXQ6rT4inL4ZYrAF3Qo7do91/uQbgkhWni0IobJq
29wKR0FS35M/RKzC398ses8YDlCWsbZifycBrGTXgW0faJoiobwQK62vXAaxlkCA
8PJgtgufG+bcbD158TYZBW48tm0oJNavQYxmVx/g4V7U6no5Ag483C8oD09n17pv
DXMvYbBhvdr6j/zEHe0Aw6UGMw7vQ28d3oXRV+b3yYwm9c+5Khvt5XhZKpqdghvM
CHTqJLXO9d4w6yG4o8HLjQTbRYz3ffCuRabWtZcorwFXUTKrK/RrhkmIvrr8m1eZ
S8cDEBFogQpieCVm8o9UWhSfP2cYgQfc+UUfYB6kwoaPIYp8CSGUCvLc3+GlRona
GuIAkzCW8ZhWDdjzCIHW8Xdza8nIdiP/y5zioYt5GhVXxiIUP4MJKKGh85pyHv0t
+zVBLR1pk+HRnJR/8AvGyvpYp56D+ZJuTR4wmNzvH3CjF+KAkxeegTs2uWne7Idc
qGFyWr/YnJMxAFhRjojkAjMu8diIbfTNcmmViY9yWHh526O2hmVXDpURyz3z56i2
KoKLghFgEGk=
=uNwC
-----END PGP SIGNATURE-----
From wk at gnupg.org Thu Apr 6 11:24:25 2006
From: wk at gnupg.org (Werner Koch)
Date: Thu Apr 6 11:26:54 2006
Subject: OpenPGP card: What RSA problems? Why not for key signing?
In-Reply-To: <87lkukc7qs.wl%felix.klee@inka.de> (Felix E. Klee's message of
"Wed, 05 Apr 2006 18:22:35 +0200")
References: <87lkukc7qs.wl%felix.klee@inka.de>
Message-ID: <871wwbgipi.fsf@wheatstone.g10code.de>
On Wed, 05 Apr 2006 18:22:35 +0200, Felix E Klee said:
> * What are those problems that one may encounter with RSA?
You can't load a non-1024 bit RSA key to the card. RSA keys are
optional in OpenPGP and thus some implementaions may not be abale to
use your key.
> * Why should the key on the card not be used for key signing?
Either becuase people feel that 1024 bit RSA/SHA-1 is not strong
enough or due to the diculties of creating a backup of that key.
Without a backup and a borken card you won't be able to properly use
your key anymore and all collected signatures are practically lost.
> * Is there any advantage in using a DSA master key (not supported by the
> OpenPGP card, I know) instead of an RSA master key?
DSA signatures are much smaller.
> * What's the best tool for generating the 1024 bit RSA key? Should I
> simply use plain "gpg --gen-key --no-random-seed-file" or should the
> key be generated on card, or does it not really matter?
gpg --gen-key
--no-random-seed-file is only useful if you don't have permission to
write it.
Shalom-Salam,
Werner
From felix.klee at inka.de Thu Apr 6 14:29:06 2006
From: felix.klee at inka.de (Felix E. Klee)
Date: Thu Apr 6 14:28:24 2006
Subject: OpenPGP card: What RSA problems? Why not for key signing?
In-Reply-To: <871wwbgipi.fsf@wheatstone.g10code.de>
References: <87lkukc7qs.wl%felix.klee@inka.de>
<871wwbgipi.fsf@wheatstone.g10code.de>
Message-ID: <873bgqq44t.wl%felix.klee@inka.de>
At Thu, 06 Apr 2006 11:24:25 +0200,
Werner Koch wrote:
> > * Why should the key on the card not be used for key signing?
>
> Either becuase people feel that 1024 bit RSA/SHA-1 is not strong
> enough
Yes, one reads this and that: Some say 1024 may become easily crackable
[1] in the upcoming years, some say that it won't. OK, my data may not
be that interesting [2] but, still, I want to do it right, or more or
less so. So, I'll probably simply create a 4096 bit RSA key with 10
years life time and store it on devices not accessible from the systems
I normally use.
So, I've one more question: How long should the passphrase reasonably
be, in case ...
... it is a phrase containing words from a dictionary (e.g. taken from a
book)?
... it is a phrase made up of easily memorizable/pronounceable but
non-real words, formatted like an ordinary phrase (i.e. one word, one
blank, etc.)?
... it is just a random string?
The goal is to make decrypting the pass phrase protected secret key
about as hard as factoring the public key. Is this even remotely
possible?
> Without a backup and a borken card you won't be able to properly use
> your key anymore and all collected signatures are practically lost.
Well, I planned to have the key stored on two smartcards (one for
backup), anyway.
If not used for storage of the master key, the smartcards, of course,
are still nice for storing sub keys, and have them available all the
time.
[1] I.e. with not too expensive equipment and in a rather short time,
say a couple of days.
[2] I plan to use the key in the context of financial transactions,
though.
--
Felix E. Klee
From vedaal at hush.com Thu Apr 6 15:51:32 2006
From: vedaal at hush.com (vedaal@hush.com)
Date: Thu Apr 6 15:50:53 2006
Subject: 1.4.3 // proper syntax for --edit-key cross-certify ?
Message-ID: <200604061351.k36DpWnB008579@mailserver2.hushmail.com>
>Message: 6
>Date: Wed, 5 Apr 2006 22:02:16 -0400
>From: David Shaw
>Subject: Re: 1.4.3 // proper syntax for --edit-key cross-certify ?
>PGP does not generate signing subkeys. You generated a RSA
>encryption
>key that happened to be without key flags (I guess that version of
>PGP
>didn't use them yet), and so it appears as a RSA sign+encrypt key
>in
>GnuPG.
well,
it is an 'atypical' pgp build ;-)
but the subkey is recognized by gnupg as a 'signing' subkey,
and moreover, is 'forced' by gnupg front ends to be used for
signing
(there is no '!' indicator available to put as an option in
gpg.conf)
here is an example of such a key:
-----BEGIN PGP PRIVATE KEY BLOCK-----
Comment: passphrase: rsav4t
lQHqBDwg+g0BBADauhzNV+0XYAg1Q8O8m8QhyxXz2HUeqB/7+lOlFQT/UnNVvtmm
9ouqwy/7HUpsxYLep3laFCUek6tSmJQKF7agjCqN3HrzE6eFWp7kVejuiDGKj0UK
OwuOUQVRtdtSZMY1Hh0MWhZDbtJYkQU81gijs9FOLva9x1jafrZuHjhdGQAFEf8D
AwLsMC6ZozNWu2D5ziUHulKzmrRwWNCyCQkxVm+0z/bO9auiMlMUqk8WPuieHHQg
ki+SvGekTtSJG8gEZeTkYo/+rYGs9bv9cm/5cZ3/5WQPEYc9zxggwIz9/E+4zOcV
D9FPZuo0cOouE9eHRSd+xTT/c+YX6ypqa/WFicx71SYZ6FahYdsKNiK11nx7SVT+
dBF7hHcgH5vgfza2ZtA0M0y3d6/NFATNqFRVdl9D20MR+fBs/RDBHDudUFV07x7R
pDPm/zai9dmLfsRsQcPKgjhC/YkNE08inkwMi7aUTKIOsKTHZuY+y2YnD0RLXakD
udpmiA/2vtGR9D7NaVW24rqdtK6r/B8DW0CtGb/JqGw80JUAz8YwvNMXbLnggAvh
IJTdjjf0CFhKQ8JF/aCBlmcXGaGo37URwKlgfdHnOa14DnO51Po3SIKisSGfLmpM
3soVFY0vj4vSXX2cibQYcnNhdjR0IDxyc2F2NHRAa2V5LnRlc3Q+nQO8BEQ0kkAB
CADjn5GScd2SFDZ046cohclmm8nob1Nj/g2bqHfN16LQ77dLSESBuo56yxLXkS/s
xVUtTOW7abZ1ksdBOF1xrq/g49bfP7i4RIrMf+CpFRO/Il1rqkjGuZSPBMRX12Ti
hY1z4HU1jocPkyuccO3+VDXnrHOhzlBxzTlYH/4oIiPimyk+0n4Xg4RShcnyL8f+
uSXwb6pHWYypCOW1QxwthK9PtLs3TORLpebOXqnNwM3y5XtIcqkdbKfqmPR5OTqx
NQmrEvzUThRmjRiiX/eOQww7tusr9CaIivBK3GcKkaUNxsT4RcLndQ8ZFR+skatY
JDBUTC7jjxqhg0i6zwYw/sgJAAUR/gMDAi3o4bzxWYK4YGlXTPOA9lFQ8NCCLAnV
BdqHIdfL8jowEowNcfhRaCKSqqF07yuTWyNfUoWuI1d1f7W8RHXgN9Ocs4cRnTeh
D7KDi6ZyBPAJ+BCYpB0USAp4b/JbFc2orhUHpy+1355CBwze8aZF42N77RZ7QEJk
0Dq3ByjVdIuCb1P5SsJGWXVKJbkLAzaXDF9NJLCzcQW2jZzwFvmYrdUE3/Xo3U8C
kK3JX4IugJhPaKq0sknX63rm7Y++CCRxJy1TGln08D8RMnwG/H+/lgT7cE/vZP7O
GBLv6VUU2FtkNToWUm4tPFhAV03UCkmZKPsbFoEiVXwEVxgSYnoaLvHMP9w7BlFK
MqyBYjPaI4JzgFvfyCrzZVH58to6Crb6Ens7kzbgums3/0rWg+2cldQyivhmoP7G
6Lx1Y1P7xtPgo7JQIsgIPaa2YsioRAoOhh338Tgu2ZJ1yvBqHhn3zxchWJZAAua0
998k6VShLO9+JAxV8J8fr6LIJiflByvqOUpjnMbYcR5VkwYcM2ebhbGiGfDS8PWy
gSyFOz9QBZW1sWP6LZjOHQKPqgUl0avPG2EdcLarg3NV4ACTNsfuJtd7uksn/fGR
E5rPlSvUFq/2ojNUT6tVZWpb3uLNFLikE6A2rM85NpG9UtZTYiBWbzRnb/DFjnJQ
bskXNbxUWN3V9AujdTKdoJit7Rb1pPhebK6w+Pyj0HXwZ/pncx2ReVh1MmQ/L6A8
1WVS6KvXYd8qgCIKTsun25t2EtJlp7029iEHq8TaNsGqD5BsFoT/y3/J9YdmmUc1
wki+1ox6BSMhREjxZ2d9fZHJ6ALmZ2PP0ryVGlNcKV/wu/QMoIttrhkjWnVWADsc
VCMkkQ8P/2MG2ukSA8qOdWLBVgTw6yLDHStkIl6Bpm+Y9Alnz6I=
=oO4q
-----END PGP PRIVATE KEY BLOCK-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: rsa v4 key with rsa signing subkey (ckt build 9 )
mQCLBDwg+g0BBADauhzNV+0XYAg1Q8O8m8QhyxXz2HUeqB/7+lOlFQT/UnNVvtmm
9ouqwy/7HUpsxYLep3laFCUek6tSmJQKF7agjCqN3HrzE6eFWp7kVejuiDGKj0UK
OwuOUQVRtdtSZMY1Hh0MWhZDbtJYkQU81gijs9FOLva9x1jafrZuHjhdGQAFEbQY
cnNhdjR0IDxyc2F2NHRAa2V5LnRlc3Q+iQCpBBABAwATBQI8IPoNCQsDBwgJBAoB
AgIZAQAKCRBdrtpCF+ndm7PhA/0Rm9Yhj9WS4Ti6mpxYZJ4A6tNqK8VaRwXoEdU4
6ItU202v8GW08wYvhNQ/kX+fwKPXde3PxSigNfDuhriuzU4KoR4i7KwFSovLM3V2
4m7eHme3payGIyVW8YxjYYT3f/3UxJcsW7DZ5Yo7k0+j04t+M27KATrk1R0ONG3l
3IJQRrkBCwRENJJAAQgA45+RknHdkhQ2dOOnKIXJZpvJ6G9TY/4Nm6h3zdei0O+3
S0hEgbqOessS15Ev7MVVLUzlu2m2dZLHQThdca6v4OPW3z+4uESKzH/gqRUTvyJd
a6pIxrmUjwTEV9dk4oWNc+B1NY6HD5MrnHDt/lQ156xzoc5Qcc05WB/+KCIj4psp
PtJ+F4OEUoXJ8i/H/rkl8G+qR1mMqQjltUMcLYSvT7S7N0zkS6Xmzl6pzcDN8uV7
SHKpHWyn6pj0eTk6sTUJqxL81E4UZo0Yol/3jkMMO7brK/QmiIrwStxnCpGlDcbE
+EXC53UPGRUfrJGrWCQwVEwu448aoYNIus8GMP7ICQAFEYkAlQMFGEQ1GQtdrtpC
F+ndmwEIfboEAL/q413KmmQUIVR/khZuyR+uDW1btlXODx+Rq06eDDrahCPhsKoV
jbXaCw3+wIGL8wLwXgRbCxdT6T8N4ndD9rXpSca6WgCQnjJktN2hVt5xKqixJ9yh
s5CnPsm7AWe66kzq07LVEea2NKHzJwhce0XjeIFOd3jD/eaeVXdzDFwb
=3A9P
-----END PGP PUBLIC KEY BLOCK-----
>Bottom line is, this does not work on PGP generated keys.
a request then,
can cross-certify be made to work with such a key, (preferred)
or,
can an option of '!' be made available so that gnupg front ends
recognize and sign with the primary subkey,
and avoid the whole issue
tia,
vedaal
Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
From dshaw at jabberwocky.com Thu Apr 6 17:03:44 2006
From: dshaw at jabberwocky.com (David Shaw)
Date: Thu Apr 6 17:02:57 2006
Subject: 1.4.3 // proper syntax for --edit-key cross-certify ?
In-Reply-To: <200604061351.k36DpWnB008579@mailserver2.hushmail.com>
References: <200604061351.k36DpWnB008579@mailserver2.hushmail.com>
Message-ID: <20060406150344.GA24093@jabberwocky.com>
On Thu, Apr 06, 2006 at 09:51:32AM -0400, vedaal@hush.com wrote:
> >Message: 6
> >Date: Wed, 5 Apr 2006 22:02:16 -0400
> >From: David Shaw
> >Subject: Re: 1.4.3 // proper syntax for --edit-key cross-certify ?
>
> >PGP does not generate signing subkeys. You generated a RSA
> >encryption
> >key that happened to be without key flags (I guess that version of
>
> >PGP
> >didn't use them yet), and so it appears as a RSA sign+encrypt key
> >in
> >GnuPG.
>
> well,
> it is an 'atypical' pgp build ;-)
>
> but the subkey is recognized by gnupg as a 'signing' subkey,
> and moreover, is 'forced' by gnupg front ends to be used for
> signing
> (there is no '!' indicator available to put as an option in
> gpg.conf)
PGP generated keys are not any different than GPG generated keys in
this regard. Go ahead and use a ! if you like.
David
From vedaal at hush.com Thu Apr 6 17:57:56 2006
From: vedaal at hush.com (vedaal@hush.com)
Date: Thu Apr 6 17:57:11 2006
Subject: 1.4.3 // proper syntax for --edit-key cross-certify ?
Message-ID: <200604061557.k36Fvutq023465@mailserver2.hushmail.com>
David Shaw dshaw at jabberwocky.com wrote on
Thu Apr 6 17:03:44 CEST 2006 :
>PGP generated keys are not any different than GPG generated keys
in
>this regard. Go ahead and use a ! if you like.
yes,
but currently only from the command line
what i was asking for,
is a 'option' equivalent to '!'
to put into gpg.conf so that gnupg front ends will recognize and
use only the primary key for signing, and not the subkey
(which is still used for encryption)
i.e.
!-signing-key keyid
otherwise,
these are the user's choices:
[1] use only command line when signing
(ok, not so terrible,
but inconvenient/difficult for some people)
[2] use only pgp for signing
(what!?
and lose all gnupg's features ?!? ;-)
[not really an option for this group ;-) ]
[3] delete/revoke the subkey and use the master for both signing
and encrypting
[as a v3 user, i can live with this ;-) ],
but it is not the preferred way to go in terms of security,
as the signing and encrypting keys really should be separate
[4] make a new key in gnupg
(and try to get it out to everybody who trusts only your old ones),
ok,
but far less convenient than [1] and [3]
while the key is still trustworthy
is it that difficult to put the '!' feature in the options file ?
it would be much appreciated
Thanks!
vedaal
Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
From dshaw at jabberwocky.com Thu Apr 6 18:09:20 2006
From: dshaw at jabberwocky.com (David Shaw)
Date: Thu Apr 6 18:08:28 2006
Subject: 1.4.3 // proper syntax for --edit-key cross-certify ?
In-Reply-To: <200604061557.k36Fvutq023465@mailserver2.hushmail.com>
References: <200604061557.k36Fvutq023465@mailserver2.hushmail.com>
Message-ID: <20060406160920.GA24262@jabberwocky.com>
On Thu, Apr 06, 2006 at 11:57:56AM -0400, vedaal@hush.com wrote:
> David Shaw dshaw at jabberwocky.com wrote on
> Thu Apr 6 17:03:44 CEST 2006 :
>
> >PGP generated keys are not any different than GPG generated keys
> in
> >this regard. Go ahead and use a ! if you like.
>
> yes,
> but currently only from the command line
>
> what i was asking for,
> is a 'option' equivalent to '!'
> to put into gpg.conf so that gnupg front ends will recognize and
> use only the primary key for signing, and not the subkey
> (which is still used for encryption)
>
> i.e.
> !-signing-key keyid
default-key !keyid
David
From vedaal at hush.com Thu Apr 6 19:05:59 2006
From: vedaal at hush.com (vedaal@hush.com)
Date: Thu Apr 6 19:05:10 2006
Subject: 1.4.3 // proper syntax for --edit-key cross-certify ?
Message-ID: <200604061705.k36H5xfZ031083@mailserver2.hushmail.com>
David Shaw dshaw at jabberwocky.com wrote on
Thu Apr 6 18:09:20 CEST 2006:
> default-key !keyid
doesn't work, ;-((
(does it need any additional input? )
here is the command line output (using cygwin):
first,
with the existing option of
default-key 0x5AA20C866A589A97
$ gpg --clearsign c:/r/1234.txt
gpg: using subkey 04ADEE20 instead of primary key 6A589A97
You need a passphrase to unlock the secret key for
user: "vedaal nistar (preferred e-mail address) "
gpg: using subkey 04ADEE20 instead of primary key 6A589A97
4096-bit RSA key, ID 04ADEE20, created 2001-04-26 (main key ID
6A589A97)
Enter passphrase:
now with the option of
default-key !0x5AA20C866A589A97
$ gpg --clearsign c:/r/1234.txt
gpg: no default secret key: secret key not available
gpg: c:/r/1234.txt: clearsign failed: secret key not available
putting the ! in front of the keyid
caused an inability to identify the key,
rather than parsing the '!'
as an option for the default keyid of 0x5AA20C866A589A97
what did you to to get it to work on your system?
(i didn't try it with the short [8 character keyid] in gpg.conf )
vedaal
Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
From vedaal at hush.com Thu Apr 6 20:27:26 2006
From: vedaal at hush.com (vedaal@hush.com)
Date: Thu Apr 6 20:26:43 2006
Subject: 1.4.3 // proper syntax for --edit-key cross-certify ? //
success ; -)
Message-ID: <200604061827.k36IRQD2040669@mailserver2.hushmail.com>
>> default-key !keyid
>doesn't work, ;-((
but what *does* work, is:
default-key keyid!
here is the gpg output with the option of
default-key 0x5AA20C866A589A97!
$ gpg --clearsign c:/r/1234.txt
You need a passphrase to unlock the secret key for
user: "vedaal nistar (preferred e-mail address) "
4096-bit RSA key, ID 6A589A97, created 2001-04-26
gpg: writing to `c:/r/1234.txt.asc'
gpg: RSA/SHA256 signature from: "6A589A97 vedaal nistar (preferred
e-mail address) "
Thanks!
(and maybe add it to the man.page)
vedaal
Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
From lusfert at gmail.com Thu Apr 6 23:31:40 2006
From: lusfert at gmail.com (lusfert)
Date: Thu Apr 6 23:31:05 2006
Subject: Date and time format
Message-ID: <443588BC.3080706@gmail.com>
Hi.
Is it possible to change date format in GPG output?
When I see
D:\>gpg --verify gnupg-w32cli-1.4.3.exe.sig
gpg: Signature made 04/03/06 14:42:33
gpg: using RSA key 0x1CE0C630
gpg: Good signature from "Werner Koch (dist sig) "
I don't understand what date does GPG mean:
? 4 March 2006?
? 3 April 2006?
? 6 March 2004?
When you see date 04/03/06 it's hard to guess what date format is used:
dd/mm/yy, mm/dd/yy, yy/mm/dd or even yy/dd/mm. By default I think it's 4
March 2006 because date format dd.mm.yy (dd.mm.yyyy) is used in my country.
Also GPG displays time (14:42:33) in such way when it's hard to guess is
it local or UTC.
Maybe it'll be better to see something like this:
D:\>gpg --verify gnupg-w32cli-1.4.3.exe.sig
gpg: Signature made 4-Apr-2006 14:42:33 (local - Russian Daylight Time)
gpg: using RSA key 0x1CE0C630
gpg: Good signature from "Werner Koch (dist sig) "
or
D:\>gpg --verify gnupg-w32cli-1.4.3.exe.sig
gpg: Signature made 04-Apr-2006 10:42:33 UTC
gpg: using RSA key 0x1CE0C630
gpg: Good signature from "Werner Koch (dist sig) "
or (maybe the best way)
D:\>gpg --verify gnupg-w32cli-1.4.3.exe.sig
gpg: Signature made 04 April 2006 14:42:33 (local - Russian Daylight Time)
gpg: using RSA key 0x1CE0C630
gpg: Good signature from "Werner Koch (dist sig) "
Suggestions are welcome.
P.S.
When I see output of PGPdump ( http://www.pgpdump.net/ ) it's much more
easier to understand what date and time are shown and what time zone is
used.
--
Regards
OpenPGP Key ID: 0x9E353B56500B8987
Encrypted e-mail preferred.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060407/1edf15d3/signature.pgp
From dshaw at jabberwocky.com Thu Apr 6 23:43:05 2006
From: dshaw at jabberwocky.com (David Shaw)
Date: Thu Apr 6 23:42:25 2006
Subject: Date and time format
In-Reply-To: <443588BC.3080706@gmail.com>
References: <443588BC.3080706@gmail.com>
Message-ID: <20060406214305.GA24502@jabberwocky.com>
On Fri, Apr 07, 2006 at 01:31:40AM +0400, lusfert wrote:
> Hi.
>
> Is it possible to change date format in GPG output?
GPG uses whatever the OS specifies as the date format. It is not
something that is changeable by GPG - you need to set the date format
in your OS.
David
From lusfert at gmail.com Fri Apr 7 00:01:57 2006
From: lusfert at gmail.com (lusfert)
Date: Fri Apr 7 00:01:12 2006
Subject: Date and time format
In-Reply-To: <20060406214305.GA24502@jabberwocky.com>
References: <443588BC.3080706@gmail.com>
<20060406214305.GA24502@jabberwocky.com>
Message-ID: <44358FD5.3020302@gmail.com>
David Shaw wrote on 07.04.2006 1:43:
> On Fri, Apr 07, 2006 at 01:31:40AM +0400, lusfert wrote:
>> Hi.
>>
>> Is it possible to change date format in GPG output?
>
> GPG uses whatever the OS specifies as the date format. It is not
> something that is changeable by GPG - you need to set the date format
> in your OS.
>
In my OS (Windows XP Pro SP2 + all updates) date format is set as
dd.mm.yyyy :
http://i10.photobucket.com/albums/a142/someuser00/winxp_date_format.png
(12 KB)
Translation*:
?????? = April
??????? = Friday
*Note that I use Russian language for date, time and other formats, but
English version of Windows XP.
However, GPG uses mm/dd/yy format...
P.S.
As you see can at the top of this message, my Thunderbird uses right
date format (specified by OS):
07.04.2006 - dd.mm.yyyy
--
Regards
OpenPGP Key ID: 0x9E353B56500B8987
Encrypted e-mail preferred.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060407/4cec46b1/signature.pgp
From dshaw at jabberwocky.com Fri Apr 7 00:23:51 2006
From: dshaw at jabberwocky.com (David Shaw)
Date: Fri Apr 7 00:23:04 2006
Subject: Date and time format
In-Reply-To: <44358FD5.3020302@gmail.com>
References: <443588BC.3080706@gmail.com>
<20060406214305.GA24502@jabberwocky.com>
<44358FD5.3020302@gmail.com>
Message-ID: <20060406222351.GC24502@jabberwocky.com>
On Fri, Apr 07, 2006 at 02:01:57AM +0400, lusfert wrote:
> David Shaw wrote on 07.04.2006 1:43:
> > On Fri, Apr 07, 2006 at 01:31:40AM +0400, lusfert wrote:
> >> Hi.
> >>
> >> Is it possible to change date format in GPG output?
> >
> > GPG uses whatever the OS specifies as the date format. It is not
> > something that is changeable by GPG - you need to set the date format
> > in your OS.
> >
>
> In my OS (Windows XP Pro SP2 + all updates) date format is set as
> dd.mm.yyyy :
> http://i10.photobucket.com/albums/a142/someuser00/winxp_date_format.png
> (12 KB)
OS setting via LC_TIME, according to Microsoft, though I have no idea
how to set it on win32.
David
From johnmoore3rd at joimail.com Fri Apr 7 00:37:08 2006
From: johnmoore3rd at joimail.com (John W. Moore III)
Date: Fri Apr 7 00:36:35 2006
Subject: Date and time format
In-Reply-To: <20060406222351.GC24502@jabberwocky.com>
References: <443588BC.3080706@gmail.com> <20060406214305.GA24502@jabberwocky.com> <44358FD5.3020302@gmail.com>
<20060406222351.GC24502@jabberwocky.com>
Message-ID: <44359814.3020806@joimail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
David Shaw wrote:
> OS setting via LC_TIME, according to Microsoft, though I have no idea
> how to set it on win32.
Right Click on the Clock, Select Setting Time/Date.
JOHN ;)
Timestamp: Thursday 06 Apr 2006, 18:36 --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4-4094cvs: (MingW32)
Comment: Public Key at: http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org
Comment: Homepage: http://tinyurl.com/9ubue
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBCAAGBQJENZgRAAoJEBCGy9eAtCsPdQkH/1mu1LcrO8ed2ICdjqklBFrt
QHRXrNk8LqdH/m3VqpxQ/EQ5ZQwhEz7zVOhPS0p3QEDr4/6QSHn4x42nEkYt9Luv
UL0Lmop2apr0DXMxuRrHbWNMzp/LL1IEaQ979QP/aAk/B05I0E4rpTIEDZBjeEwY
MtA2U4bDFf8mANBpl/Wv00aAH1vEp8nNyruH7/bwv09ApuIVGe8wajyZIvVywNFL
MteXTCFXidL7Z9gDchukunp1WXdCeaN7Pj54F8EDayudkM6+ZyXxGlcEse10vJd/
fLV7fe0RisR+ji2Ii0dqy7SHtYwEK7MOF0vysuZe77sla97A2htAlgsehQ/I1t0=
=9m1c
-----END PGP SIGNATURE-----
From jkaye at celerasystems.com Thu Apr 6 23:57:01 2006
From: jkaye at celerasystems.com (jkaye)
Date: Fri Apr 7 01:26:14 2006
Subject: Automated processes
In-Reply-To: <443588BC.3080706@gmail.com>
Message-ID: <053b01c659c5$0b87b3f0$4ac811ac@celerasystems.com>
Hi all,
I'm new to GnuPG, and have been getting some help
from a kind soul. I seem to have all the knowledge
that I need with one single, but important, exception.
When I decrypt, it asks for my passphrase. No problem
there except for the fact that I want to have an automated
script on a unix server perform the decryption of this file.
Of course, if it needs a passphrase, it's going to hang
and I can't have that.
I know that for PGP, there's an environment setting that
can be used to prevent this. Is there a similar thing for
GnuPG, or do I have to jump through some hoops?
Thanks,
- Jack
From johnmoore3rd at joimail.com Fri Apr 7 01:42:41 2006
From: johnmoore3rd at joimail.com (John W. Moore III)
Date: Fri Apr 7 01:42:19 2006
Subject: Automated processes
In-Reply-To: <053b01c659c5$0b87b3f0$4ac811ac@celerasystems.com>
References: <053b01c659c5$0b87b3f0$4ac811ac@celerasystems.com>
Message-ID: <4435A771.5020004@joimail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
jkaye wrote:
> I know that for PGP, there's an environment setting that
> can be used to prevent this. Is there a similar thing for
> GnuPG, or do I have to jump through some hoops?
Hmm.....Let me see if I've understood you. You desire to use GPG for
security 'Point to Point' then swap security for convenience on your end?
My suggestion would be to either switch to Thunderbird w/Enigmail as
your MUA. You can set Enigmail to 'remember' your passphrase for a
specified length of time or until you Close the program.
JOHN ;)
Timestamp: Thursday 06 Apr 2006, 19:42 --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4-4094cvs: (MingW32)
Comment: Public Key at: http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org
Comment: Homepage: http://tinyurl.com/9ubue
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBCAAGBQJENadvAAoJEBCGy9eAtCsPcecIAKLnkCbOlXQR7sWASIE0oaD7
8Kf7rMw+Me2CSNujNCG6hqPOr4Uh9fhrfAtSVnqoSuq9t96SR5XRpfm7b46K+P3j
1wLoYlwvEhpflhQaMe4x9awWEZDL4LUWswFU2Q9R/h3eDGyxAbXK1CR5vJ22XewJ
25aUAlvYyndcN9G9LPDM6ypOgjKE/+/WAZ06Jegqh9oFQc7tENR0NwfQvi192411
prOXFa3y8A46gswtffdK16FPDJiGiSmFgO+iq+tgWGYkMndH9mtHkY/r2vgBHoPZ
xB/j9IWw33baG5Qe+XqZl8hkr5C8AVKZE+1KJjmx0lFM/SBSboYChDgPrJadAnA=
=++kk
-----END PGP SIGNATURE-----
From blueness at gmx.net Fri Apr 7 02:24:26 2006
From: blueness at gmx.net (Mica Mijatovic)
Date: Fri Apr 7 04:56:09 2006
Subject: Date and time format
In-Reply-To: <443588BC.3080706@gmail.com>
References: <443588BC.3080706@gmail.com>
Message-ID: <140763697.20060407022426@gmx.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Was Fri, 07 Apr 2006, at 01:31:40 +0400,
when lusfert wrote:
> Is it possible to change date format in GPG output?
I tried this to figure out many times but couldn't.
I also expected that GPG will take over the local User's setting of the
OS, as most programs do, but not, it doesn't. I don't know reasons.
It would be very good and practical addition/correction making easier
lots of administrative work.
A time given in a logical format "yyyy-mm-dd hh:mm:ss [TZone]" (with the
TZ expressed just numerically, as "[+0500]" and similar) would be
perfect.[1]
______________________
[1] The Time Zone expressed by abbreviations are a puzzle for many non
American people, but for some Americans as well.
- --
Mica
PGP keys nestled at: http://blueness.port5.com/pgpkeys/
~~~ For personal mail please use my address as it is *exactly* given
in my "From|Reply To" field(s). ~~~
Respect thine opponent, else shall the earth rise up and smite thee on
the back.
-----BEGIN PGP SIGNATURE-----
iQEVAwUBRDWxOLSpHvHEUtv8AQj7Bwf/fyUfMHVYVGgLGduWqM6sMNRcmatir1Y9
plMDcQCvj7cjJ1nXNl5KtktXx/TGJA+n0ykzChX1Oy60JzLgsn0ImyKTl7bHpS4G
592WIgjR0IXCrwAp/Cbs6Jg1zR+qgWumZoWeLDprtFfw2IIwkAetaIG1cWbC/nhh
iG9xa+qbvrYI4J9WI1+TbKyrCtEFVJdztpBxwK6601l34xd0vFo6hSt5mV+1+/EV
ItHFl3aflo4YbfyDTcJLZ18jA7EeUFvSoYew/Uch4XIrANk17jMxtNEB2u2RrMFq
Ctz5e3sKz251nUzgVUYrNi1a8yAzMjYSzYpELkshZhDm8mSVZput4Q==
=0BDv
-----END PGP SIGNATURE-----
From gnupg at raphael.poss.name Fri Apr 7 09:56:58 2006
From: gnupg at raphael.poss.name (=?ISO-8859-1?Q?Rapha=EBl_Poss?=)
Date: Fri Apr 7 09:56:33 2006
Subject: Automated processes
In-Reply-To: <053b01c659c5$0b87b3f0$4ac811ac@celerasystems.com>
References: <053b01c659c5$0b87b3f0$4ac811ac@celerasystems.com>
Message-ID: <44361B4A.8040107@raphael.poss.name>
jkaye wrote:
> Hi all,
>
> I'm new to GnuPG, and have been getting some help
> from a kind soul. I seem to have all the knowledge
> that I need with one single, but important, exception.
>
> When I decrypt, it asks for my passphrase. No problem
> there except for the fact that I want to have an automated
> script on a unix server perform the decryption of this file.
> Of course, if it needs a passphrase, it's going to hang
> and I can't have that.
>
> I know that for PGP, there's an environment setting that
> can be used to prevent this. Is there a similar thing for
> GnuPG, or do I have to jump through some hoops?
You can:
- use gpg-agent, or
- echo passphrase | gpg --batch --passphrase-fd 0
Of course the latter provides little to no security.
Regards,
--
Rapha?l
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060407/9ad1eba0/signature.pgp
From lusfert at gmail.com Fri Apr 7 11:55:47 2006
From: lusfert at gmail.com (lusfert)
Date: Fri Apr 7 11:55:13 2006
Subject: Date and time format
In-Reply-To: <44359814.3020806@joimail.com>
References: <443588BC.3080706@gmail.com> <20060406214305.GA24502@jabberwocky.com> <44358FD5.3020302@gmail.com> <20060406222351.GC24502@jabberwocky.com>
<44359814.3020806@joimail.com>
Message-ID: <44363723.7080700@gmail.com>
John W. Moore III wrote on 07.04.2006 2:37:
> David Shaw wrote:
>
>>> OS setting via LC_TIME, according to Microsoft, though I have no idea
>>> how to set it on win32.
>
> Right Click on the Clock, Select Setting Time/Date.
>
http://i10.photobucket.com/albums/a142/someuser00/right_click_on_clock.png
Where is "Setting Time/Date"?
Then I clicked Adjust Date/Time:
http://i10.photobucket.com/albums/a142/someuser00/date_and_time_settings.png
Where can I set date format (via LC_TIME)?
--
Regards
OpenPGP Key ID: 0x9E353B56500B8987
Encrypted e-mail preferred.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060407/39a9316a/signature.pgp
From JPClizbe at comcast.net Fri Apr 7 13:13:53 2006
From: JPClizbe at comcast.net (John Clizbe)
Date: Fri Apr 7 13:19:33 2006
Subject: Date and time format
In-Reply-To: <44363723.7080700@gmail.com>
References: <443588BC.3080706@gmail.com> <20060406214305.GA24502@jabberwocky.com> <44358FD5.3020302@gmail.com> <20060406222351.GC24502@jabberwocky.com> <44359814.3020806@joimail.com>
<44363723.7080700@gmail.com>
Message-ID: <44364971.5070503@comcast.net>
lusfert wrote:
> John W. Moore III wrote on 07.04.2006 2:37:
>> David Shaw wrote:
>>
>>>> OS setting via LC_TIME, according to Microsoft, though I have no idea
>>>> how to set it on win32.
>
> Where can I set date format (via LC_TIME)?
Via LC_TIME? I suppose you could specify an environment variable.
The native Windows way is:
Control Panel --> Regional and Language Options. Select the language you wish to
use, then click 'Customize'. On the Date tab you may specify short and long date
format strings; eg, 'yyyy-MM-dd' and 'dddd, MMMM dd, yyyy'.
--
John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet
Golden Bear Networks PGP/GPG KeyID: 0x608D2A10
"Be who you are and say what you feel because those who mind don't matter
and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 638 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060407/3302e51a/signature-0001.pgp
From ivalladolidt at terra.es Fri Apr 7 10:38:47 2006
From: ivalladolidt at terra.es (Ismael Valladolid Torres)
Date: Fri Apr 7 13:26:15 2006
Subject: Cygwin and 1.9 branch
Message-ID: <20060407083847.GG1632@localhost.localdomain>
Anybody compiled succesfully current 1.9 CVS branch using Cygwin on
Windows?
I'd give it a try but I'd like to know before if I'm bound to try
something imposible given the current status of the source, or if
somebody knows it's perfectly posible.
I'm sure that using Cygwin I won't be able to get smartcard support
and I guess I can live with that unless also somebody tells me that
smartcard support is the only reason for trying 1.9 branch.
Any comments welcome.
Cordially, Ismael
--
Need medicine? All here!
http://lamediahostia.blogspot.com/
http://www.flickr.com/photos/ivalladt/
From wk at gnupg.org Fri Apr 7 13:56:17 2006
From: wk at gnupg.org (Werner Koch)
Date: Fri Apr 7 14:13:10 2006
Subject: [Announce] Gpg4win 1.0.0 released
Message-ID: <8764lld2fy.fsf@wheatstone.g10code.de>
Skipped content of type multipart/signed-------------- next part --------------
_______________________________________________
Gnupg-announce mailing list
Gnupg-announce@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce
From johnmoore3rd at joimail.com Fri Apr 7 14:32:31 2006
From: johnmoore3rd at joimail.com (John W. Moore III)
Date: Fri Apr 7 14:31:56 2006
Subject: Automated processes
In-Reply-To: <44361B4A.8040107@raphael.poss.name>
References: <053b01c659c5$0b87b3f0$4ac811ac@celerasystems.com>
<44361B4A.8040107@raphael.poss.name>
Message-ID: <44365BDF.3010100@joimail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Rapha?l Poss wrote:
> You can:
>
> - use gpg-agent, or
>
> - echo passphrase | gpg --batch --passphrase-fd 0
>
> Of course the latter provides little to no security.
There is another option. Since you are using Outlook (presumably for
Corporate compliance) you should consider GPGrelay. This would allow
you automatic decryption & even the ability to store decrypted email for
later searching. (again, not very secure)
JOHN ;)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4-4094cvs: (MingW32)
Comment: Public Key at: http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org
Comment: Homepage: http://tinyurl.com/9ubue
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBCAAGBQJENlveAAoJEBCGy9eAtCsPnKEH/0AhTzEWVfbn0W4+8ZAP+h0I
13uiU1g9Nvz3vRMWUag/bY8wOSKxNRG2K/MqgV36jUzWTUm7BnIiKY6EvJWpARGr
09/TB0ocV/uB2gdOJK834ehZohp6KgTIMTWzwNqoCCqpC/Yv9ammYhxCTn4xtrwZ
yrq/9oCqA3quf4vQtx1nDX41d0PAt+tHBeCuroYinfoQzuITsi1/+zX6yG/hiRpB
sjblX4rIz2+irEAsbLmpb0Lsc+rWKjhQdDRgS6q5pQjHHpUrWKZ+YVLxlqZ0cl76
onm0QKXv6zjq6IuceRwjtoX8Pp8rBc0ZjxU+JP/hEMSfA/AywG1hJKPiAvWguZQ=
=qAAr
-----END PGP SIGNATURE-----
From peter at palfrader.org Fri Apr 7 15:40:43 2006
From: peter at palfrader.org (Peter Palfrader)
Date: Fri Apr 7 15:39:57 2006
Subject: fetching DE415B0E from sks ([don't know]: invalid packet (ctb=2d))
Message-ID: <20060407134043.GA6562@asteria.noreply.org>
Hi,
running 1.4.4-cvs, when I try to download DE415B0E I get the following
error:
| weasel@asteria:~$ gpg --keyserver random.sks.penguin.de --recv 94c09c7f DE415B0E
| gpg: requesting key DE415B0E from hkp server random.sks.penguin.de
| gpg: requesting key 94C09C7F from hkp server random.sks.penguin.de
| gpg: key DE415B0E: public key "Susumu OSAWA " imported
| gpg: [don't know]: invalid packet (ctb=2d)
| gpg: read_block: read error: invalid packet
| gpg: Total number processed: 1
| gpg: imported: 1
While it imports the key in question, it breaks the current download
action, not fetching additional keys given on the command line.
It also aborting any --refresh-keys in mid-action.
Peter
--
PGP signed and encrypted | .''`. ** Debian GNU/Linux **
messages preferred. | : :' : The universal
| `. `' Operating System
http://www.palfrader.org/ | `- http://www.debian.org/
From john.m.church at lmco.com Fri Apr 7 16:16:15 2006
From: john.m.church at lmco.com (John M Church)
Date: Fri Apr 7 16:15:31 2006
Subject: Automated processes
In-Reply-To: <4435A771.5020004@joimail.com>
References: <053b01c659c5$0b87b3f0$4ac811ac@celerasystems.com>
<4435A771.5020004@joimail.com>
Message-ID: <4436742F.5020309@lmco.com>
I think it's simplistic to just brush-off this request as a user who
wants convenience. There are very valid reasons for automated
decryption. I'm working a similar project (and have my own issue - see
"Automated Decryption via Script Running Setuid" written 4/5/06). Seems
to me if you protect your script and you are behind a firewall you're
not 'trading security for convenience'. You can even encrypt the
passphrase in your script if you're afraid someone with sudo or root
priveldges could open your script.
John_inDenver
John W. Moore III wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA256
>
>jkaye wrote:
>
>
>
>>I know that for PGP, there's an environment setting that
>>can be used to prevent this. Is there a similar thing for
>>GnuPG, or do I have to jump through some hoops?
>>
>>
>
>Hmm.....Let me see if I've understood you. You desire to use GPG for
>security 'Point to Point' then swap security for convenience on your end?
>
>My suggestion would be to either switch to Thunderbird w/Enigmail as
>your MUA. You can set Enigmail to 'remember' your passphrase for a
>specified length of time or until you Close the program.
>
>JOHN ;)
>Timestamp: Thursday 06 Apr 2006, 19:42 --400 (Eastern Daylight Time)
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.4-4094cvs: (MingW32)
>Comment: Public Key at: http://tinyurl.com/8cpho
>Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org
>Comment: Homepage: http://tinyurl.com/9ubue
>Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
>iQEcBAEBCAAGBQJENadvAAoJEBCGy9eAtCsPcecIAKLnkCbOlXQR7sWASIE0oaD7
>8Kf7rMw+Me2CSNujNCG6hqPOr4Uh9fhrfAtSVnqoSuq9t96SR5XRpfm7b46K+P3j
>1wLoYlwvEhpflhQaMe4x9awWEZDL4LUWswFU2Q9R/h3eDGyxAbXK1CR5vJ22XewJ
>25aUAlvYyndcN9G9LPDM6ypOgjKE/+/WAZ06Jegqh9oFQc7tENR0NwfQvi192411
>prOXFa3y8A46gswtffdK16FPDJiGiSmFgO+iq+tgWGYkMndH9mtHkY/r2vgBHoPZ
>xB/j9IWw33baG5Qe+XqZl8hkr5C8AVKZE+1KJjmx0lFM/SBSboYChDgPrJadAnA=
>=++kk
>-----END PGP SIGNATURE-----
>
>_______________________________________________
>Gnupg-users mailing list
>Gnupg-users@gnupg.org
>http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>
>
From dshaw at jabberwocky.com Fri Apr 7 17:30:55 2006
From: dshaw at jabberwocky.com (David Shaw)
Date: Fri Apr 7 17:30:14 2006
Subject: fetching DE415B0E from sks ([don't know]: invalid packet
(ctb=2d))
In-Reply-To: <20060407134043.GA6562@asteria.noreply.org>
References: <20060407134043.GA6562@asteria.noreply.org>
Message-ID: <20060407153055.GA26717@jabberwocky.com>
On Fri, Apr 07, 2006 at 03:40:43PM +0200, Peter Palfrader wrote:
> Hi,
>
> running 1.4.4-cvs, when I try to download DE415B0E I get the following
> error:
>
> | weasel@asteria:~$ gpg --keyserver random.sks.penguin.de --recv 94c09c7f DE415B0E
> | gpg: requesting key DE415B0E from hkp server random.sks.penguin.de
> | gpg: requesting key 94C09C7F from hkp server random.sks.penguin.de
> | gpg: key DE415B0E: public key "Susumu OSAWA " imported
> | gpg: [don't know]: invalid packet (ctb=2d)
> | gpg: read_block: read error: invalid packet
> | gpg: Total number processed: 1
> | gpg: imported: 1
>
> While it imports the key in question, it breaks the current download
> action, not fetching additional keys given on the command line.
This is a feature, believe it or not. During an import (and a
keyserver --recv-keys or --refresh-keys is really just an import), GPG
reads packets off the input stream. Once any of those packets prove
invalid (a packet starting with 2D is invalid), there is no way to
know where it is in the stream - how many bytes should it jump ahead
to get back on the track.
David
From lusfert at gmail.com Fri Apr 7 17:46:07 2006
From: lusfert at gmail.com (lusfert)
Date: Fri Apr 7 17:45:21 2006
Subject: Date and time format
In-Reply-To: <44364971.5070503@comcast.net>
References: <443588BC.3080706@gmail.com> <20060406214305.GA24502@jabberwocky.com> <44358FD5.3020302@gmail.com> <20060406222351.GC24502@jabberwocky.com> <44359814.3020806@joimail.com> <44363723.7080700@gmail.com>
<44364971.5070503@comcast.net>
Message-ID: <4436893F.4060906@gmail.com>
John Clizbe wrote on 07.04.2006 15:13:
> lusfert wrote:
>> John W. Moore III wrote on 07.04.2006 2:37:
>>> David Shaw wrote:
>>>
>>>>> OS setting via LC_TIME, according to Microsoft, though I have no idea
>>>>> how to set it on win32.
>> Where can I set date format (via LC_TIME)?
>
> Via LC_TIME? I suppose you could specify an environment variable.
>
> The native Windows way is:
>
> Control Panel --> Regional and Language Options. Select the language you wish to
> use, then click 'Customize'. On the Date tab you may specify short and long date
> format strings; eg, 'yyyy-MM-dd' and 'dddd, MMMM dd, yyyy'.
>
I have already done that.
See http://lists.gnupg.org/pipermail/gnupg-users/2006-April/028353.html
GnuPG still uses mm/dd/yy date format:
http://i10.photobucket.com/albums/a142/someuser00/gnupg_and_pgpdump_date_format.png
As you can see PGPdump output date format is much better.
Enigmail uses right format, specified in Windows XP system settings:
http://i10.photobucket.com/albums/a142/someuser00/enigmail_date_format.png
07.04.2006 15:14 - dd.mm.yyyy H:mm (24 hour)
--
Regards
OpenPGP Key ID: 0x9E353B56500B8987
Encrypted e-mail preferred.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060407/4551315d/signature.pgp
From walter.haidinger at gmx.at Fri Apr 7 17:52:12 2006
From: walter.haidinger at gmx.at (Walter Haidinger)
Date: Fri Apr 7 17:51:56 2006
Subject: Howto setup an OpenLDAP PGP keyserver
In-Reply-To: <5953.192.168.77.250.1140710468.squirrel@haidinger.dyndns.org>
References: <5953.192.168.77.250.1140710468.squirrel@haidinger.dyndns.org>
Message-ID:
On Thu, 23 Feb 2006, Walter Haidinger wrote:
> Attached is tarball with the files for OpenLDAP configuration,
> to which will be refered to below. I hope this doesn't violate
> the rules of this list but the attachment is very small anyways.
I've uploaded the tarball to my webspace too:
http://members.kstp.at/wh/pgp/openldap_pgp_keyserver.tar.gz
Regards, Walter
--
Walter Haidinger
PGP public key: http://haidinger.webhop.org/pgp/5802B67C.asc
From gnupg-users=gnupg.org at lists.palfrader.org Fri Apr 7 17:53:43 2006
From: gnupg-users=gnupg.org at lists.palfrader.org (Peter Palfrader)
Date: Fri Apr 7 17:52:50 2006
Subject: fetching DE415B0E from sks ([don't know]: invalid packet
(ctb=2d))
In-Reply-To: <20060407153055.GA26717@jabberwocky.com>
References: <20060407134043.GA6562@asteria.noreply.org>
<20060407153055.GA26717@jabberwocky.com>
Message-ID: <20060407155343.GC6562@asteria.noreply.org>
On Fri, 07 Apr 2006, David Shaw wrote:
> On Fri, Apr 07, 2006 at 03:40:43PM +0200, Peter Palfrader wrote:
> > Hi,
> >
> > running 1.4.4-cvs, when I try to download DE415B0E I get the following
> > error:
> >
> > | weasel@asteria:~$ gpg --keyserver random.sks.penguin.de --recv 94c09c7f DE415B0E
> > | gpg: requesting key DE415B0E from hkp server random.sks.penguin.de
> > | gpg: requesting key 94C09C7F from hkp server random.sks.penguin.de
> > | gpg: key DE415B0E: public key "Susumu OSAWA " imported
> > | gpg: [don't know]: invalid packet (ctb=2d)
> > | gpg: read_block: read error: invalid packet
> > | gpg: Total number processed: 1
> > | gpg: imported: 1
> >
> > While it imports the key in question, it breaks the current download
> > action, not fetching additional keys given on the command line.
>
> This is a feature, believe it or not. During an import (and a
> keyserver --recv-keys or --refresh-keys is really just an import), GPG
> reads packets off the input stream. Once any of those packets prove
> invalid (a packet starting with 2D is invalid), there is no way to
> know where it is in the stream - how many bytes should it jump ahead
> to get back on the track.
I don't believe it's a feature - yet :)
I think a --refresh should always try to refresh all keys. As it is in
this case - with a key with "evil" packets on the keyserver - I'm stuck
in a situation where "gpg --refresh-keys" only updates half of my
keyring.
I can see a point in aborting in the case of gpg --recv, but it's
confusing that it starts fetching keys starting with the last. Maybe
that could be turned around.
Cheers,
Peter
--
PGP signed and encrypted | .''`. ** Debian GNU/Linux **
messages preferred. | : :' : The universal
| `. `' Operating System
http://www.palfrader.org/ | `- http://www.debian.org/
From blueness at gmx.net Fri Apr 7 15:14:55 2006
From: blueness at gmx.net (Mica Mijatovic)
Date: Fri Apr 7 18:35:30 2006
Subject: Date and time format
In-Reply-To: <44363723.7080700@gmail.com>
References: <443588BC.3080706@gmail.com>
<20060406214305.GA24502@jabberwocky.com> <44358FD5.3020302@gmail.com>
<20060406222351.GC24502@jabberwocky.com> <44359814.3020806@joimail.com>
<44363723.7080700@gmail.com>
Message-ID: <719062512.20060407151455@gmx.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: TIGER192
Was Fri, 07 Apr 2006, at 13:55:47 +0400,
when lusfert wrote:
> John W. Moore III wrote on 07.04.2006 2:37:
>> David Shaw wrote:
>>
>>>> OS setting via LC_TIME, according to Microsoft, though I have no idea
>>>> how to set it on win32.
>>
>> Right Click on the Clock, Select Setting Time/Date.
>>
> http://i10.photobucket.com/albums/a142/someuser00/right_click_on_clock.png
> Where is "Setting Time/Date"?
> Then I clicked Adjust Date/Time:
> http://i10.photobucket.com/albums/a142/someuser00/date_and_time_settings.png
> Where can I set date format (via LC_TIME)?
Since you use XP, then...
Control Panel | Regional and Language Options | Regional Options |
Customize... | Time.
The next tab is for the Date format.
Clicking on the Clock (squatting in the tray) makes you able just to
"wind up" the clock and to set the Time Zone.
***
These settings are automatically accepted then by the "command line"
environment in XP as well, and thus should be accepted by all programs
working in this/such environment.
***
In Windows 98 SE for instance, the time/date format in DOS is set in a
different way(s). One of them is to define a permanent environment
variable via Config.sys file where you enter the "country code", which
defines time/date format.
It looks like this...
country=038,,c:\Windows\command\country.sys
...and this one gives format like this...
yyyy-mm-dd HH:mm:ss
...where the capitalized "HH" gives 24 hours time format while the lower
case "hh" gives 12 hour AM/PM format.
***
Now, some previous versions of GnuPG are, with the US time format,
displaying verbosely (the local) Time Zone as well, which is a bit
better anyway, whilst the newer 1.4x versions are displaying only the US
format giving no data about Time Zone.
For instance, in version 1.2.3-nr1 it displays this...
gpg: Signature made 04/07/06 11:55:58 Central Europe Daylight Time using
DSA key ID 500B8987
...whilst in versions 1.4x it is like this...
gpg: Signature made 04/07/06 11:55:58 using DSA key ID 500B8987.
***
The inconsistency in the, for instance, US date format (although it can
be found in some other countries as well), might be elegantly corrected
by using the so called "universal" or "astronomical" (or "military")
date/time format which makes such sort of orientation much clearer,
faster and better. It gives consistent values going from the higher to
lower ones, that is yy|yy, mm, dd, HH, mm, ss (century|year, month, day,
24hour information, minute, second), which makes it excellent for
computing/administration (and with minimum data; no PM, AM and similar).
I don't know how to solve this in GnuPG, or in some programs/parts of
the very OS. Notepad itself in XP for instance gives anyway a messed
format (via F5) displaying firstly time and then date...
14:38 06-04-07
...which makes it useless for the ".LOG" function, whilst EDXOR (and
some other programs like KeyNote, Treepad Lite etc.) gives it exactly as
it is set on the OS level...
06-04-07 14:38:44
...which shows that such a response of a program to the OS is possible.
I am not sure for EDXOR and Treepad Lite, but KeyNote is of open source
so analyzing the related parts of the code maybe might help.
- --
Mica
PGP keys nestled at: http://blueness.port5.com/pgpkeys/
~~~ For personal mail please use my address as it is *exactly* given
in my "From|Reply To" field(s). ~~~
Don't put a cat on your head, it hurts real bad!
-----BEGIN PGP SIGNATURE-----
iQEVAwUBRDZlzrSpHvHEUtv8AQbCwAf9HDdnOMJv5NJYVqnSR2yjtgqtmaIDdGFj
Cd5iQOdtWLUJ6wEip4Ed2R2bCLgGrSbFeHfhKGQzi7udozFUiQdt8WQE9F8camsF
wWfcev46QXKk9IeDDnFKbqSQc73vKawuNrM/W0fiNDvu4h1vn2XhRpqE7dYn92Qj
mUBRw6KnljAjD7ul345Mh73OUU0CjVdCdAZNSn1yb792kvsNAXeBPR92CmlQvZop
DIf2gj+kBaksoHNsFX7PDwYeJSaVuoUTBmae+28uz2DdcoXsmIst6oQLFt3Ovuqi
DuahR0mKQOH9glyQ8RhcFFT98L05Bb1NNiK4s8tktqU6YSC2Pk0qEw==
=9RV4
-----END PGP SIGNATURE-----
From john.m.church at lmco.com Fri Apr 7 18:39:10 2006
From: john.m.church at lmco.com (John M Church)
Date: Fri Apr 7 18:38:22 2006
Subject: Automated processes
In-Reply-To: <5B3792870442C04CA7CBD4D7C7D9812701F20A6D@exchange.iconnicholson.com>
References: <5B3792870442C04CA7CBD4D7C7D9812701F20A6D@exchange.iconnicholson.com>
Message-ID: <443695AE.3080403@lmco.com>
I wasn't thinking of encrypting the passphrase with gpg. I have on
occasion embedded a password in a perl script and then encyrpted that
portion of the script via Perl module Filter::CBC. The script upon
execution decrypts on-the-fly w/o the need for a passphrase. A user can
never decrypt it though so you have to keep a nonencrypted backup of
your script (w/o the password of course).
John_inDenver
Benjamin Mord wrote:
>(Don't encrypt the passphrase - if you do, then you still need a
>passphrase to decrypt the passphrase, etc... etc...)
>
>Asymmetric cryptography can be extremely handy for automated
>encryption/decryption scenarios. For example, I sometimes have a
>somewhat vulnerable general-purpose machine encrypt data using only a
>public key, and write it somewhere shared. Then I'll have a tightly
>secured single-purpose machine later read and decrypt that data for some
>purpose. This is analogous to a one-way mail drop, where you trust the
>mailman more than the general public. I use this technique in scenarios
>where although both machines are somewhat trusted, one is machine is
>more trusted than the other. This way the machine that does the
>encryption has no knowledge of how to decrypt, so that if compromised,
>only the data that it processes from point of compromise going forward
>is in any kind of danger. (At this point you've reduced the security
>problem to one of monitoring or periodic cleaning, e.g. periodic reboots
>while running off read-only media.) The second machine is entrusted with
>knowledge of how to decrypt, but in exchange it is tightly secured and
>specialized for a single task.
>
>Ben
>
>-----Original Message-----
>From: gnupg-users-bounces@gnupg.org
>[mailto:gnupg-users-bounces@gnupg.org] On Behalf Of John M Church
>Sent: Friday, April 07, 2006 10:16 AM
>To: johnmoore3rd@joimail.com; GnuPG Users List
>Subject: Re: Automated processes
>
>I think it's simplistic to just brush-off this request as a user who
>wants convenience. There are very valid reasons for automated
>decryption. I'm working a similar project (and have my own issue - see
>"Automated Decryption via Script Running Setuid" written 4/5/06). Seems
>
>to me if you protect your script and you are behind a firewall you're
>not 'trading security for convenience'. You can even encrypt the
>passphrase in your script if you're afraid someone with sudo or root
>priveldges could open your script.
>
>John_inDenver
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>John W. Moore III wrote:
>
>
>
>>-----BEGIN PGP SIGNED MESSAGE-----
>>Hash: SHA256
>>
>>jkaye wrote:
>>
>>
>>
>>
>>
>>>I know that for PGP, there's an environment setting that
>>>can be used to prevent this. Is there a similar thing for
>>>GnuPG, or do I have to jump through some hoops?
>>>
>>>
>>>
>>>
>>Hmm.....Let me see if I've understood you. You desire to use GPG for
>>security 'Point to Point' then swap security for convenience on your
>>
>>
>end?
>
>
>>My suggestion would be to either switch to Thunderbird w/Enigmail as
>>your MUA. You can set Enigmail to 'remember' your passphrase for a
>>specified length of time or until you Close the program.
>>
>>JOHN ;)
>>Timestamp: Thursday 06 Apr 2006, 19:42 --400 (Eastern Daylight Time)
>>-----BEGIN PGP SIGNATURE-----
>>Version: GnuPG v1.4.4-4094cvs: (MingW32)
>>Comment: Public Key at: http://tinyurl.com/8cpho
>>Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org
>>Comment: Homepage: http://tinyurl.com/9ubue
>>Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>>
>>iQEcBAEBCAAGBQJENadvAAoJEBCGy9eAtCsPcecIAKLnkCbOlXQR7sWASIE0oaD7
>>8Kf7rMw+Me2CSNujNCG6hqPOr4Uh9fhrfAtSVnqoSuq9t96SR5XRpfm7b46K+P3j
>>1wLoYlwvEhpflhQaMe4x9awWEZDL4LUWswFU2Q9R/h3eDGyxAbXK1CR5vJ22XewJ
>>25aUAlvYyndcN9G9LPDM6ypOgjKE/+/WAZ06Jegqh9oFQc7tENR0NwfQvi192411
>>prOXFa3y8A46gswtffdK16FPDJiGiSmFgO+iq+tgWGYkMndH9mtHkY/r2vgBHoPZ
>>xB/j9IWw33baG5Qe+XqZl8hkr5C8AVKZE+1KJjmx0lFM/SBSboYChDgPrJadAnA=
>>=++kk
>>-----END PGP SIGNATURE-----
>>
>>_______________________________________________
>>Gnupg-users mailing list
>>Gnupg-users@gnupg.org
>>http://lists.gnupg.org/mailman/listinfo/gnupg-users
>>
>>
>>
>>
>>
>
>_______________________________________________
>Gnupg-users mailing list
>Gnupg-users@gnupg.org
>http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>
>
From john.m.church at lmco.com Fri Apr 7 21:56:05 2006
From: john.m.church at lmco.com (John M Church)
Date: Fri Apr 7 21:55:22 2006
Subject: Automated processes
In-Reply-To: <44369760.4070500@tiscali.it>
References: <053b01c659c5$0b87b3f0$4ac811ac@celerasystems.com>
<4435A771.5020004@joimail.com> <4436742F.5020309@lmco.com>
<44369760.4070500@tiscali.it>
Message-ID: <4436C3D5.3040908@lmco.com>
Qed,
Not sure if "mask the passphrase in a non-obvious way" does justice to
encrypting it with a filter and strong algorithm - ref.
. Were you
thinking I was only hiding it in clear text?
In any event, I agree with you - access to my script should be extremely
limited both from a permissions standpoint and location (firewall).
John_inDenver
Qed wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: RIPEMD160
>
>On 04/07/2006 04:16 PM, John M Church wrote:
>
>
>>I think it's simplistic to just brush-off this request as a user who
>>wants convenience. There are very valid reasons for automated
>>decryption. I'm working a similar project (and have my own issue - see
>>"Automated Decryption via Script Running Setuid" written 4/5/06). Seems
>>to me if you protect your script and you are behind a firewall you're
>>not 'trading security for convenience'.
>>You can even encrypt the passphrase in your script if you're afraid
>>someone with sudo or root priveldges could open your script.
>>
>>
>???
>If you encrypt the passphrase in your script you still need a secure way
>to provide the key to decrypt it, same problem as providing the passphrase.
>Instead, if you meant "mask the passphrase in a non obvious way",
>this solution offer no additional security, since that could be easily
>reversed having access to the script.
>- --
>
> Q.E.D.
>
>ICQ UIN: 301825501
>OpenPGP key ID: 0x58D14EB3
>Key fingerprint: 00B9 3E17 630F F2A7 FF96 DA6B AEE0 EC27 58D1 4EB3
>Check fingerprints before trusting a key!
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.2.2 (GNU/Linux)
>
>iD8DBQFENpdgH+Dh0Dl5XacRAzugAJ4pW92ux9VYNp/wg8fYcWBdfcBVnACgib6v
>euCOOtD4KGRXjSjPmf5h0f0=
>=gVPv
>-----END PGP SIGNATURE-----
>
>
>_______________________________________________
>Gnupg-users mailing list
>Gnupg-users@gnupg.org
>http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>
>
From qed at tiscali.it Fri Apr 7 23:50:41 2006
From: qed at tiscali.it (Qed)
Date: Fri Apr 7 23:51:11 2006
Subject: Automated processes
In-Reply-To: <4436C3D5.3040908@lmco.com>
References: <053b01c659c5$0b87b3f0$4ac811ac@celerasystems.com>
<4435A771.5020004@joimail.com> <4436742F.5020309@lmco.com>
<44369760.4070500@tiscali.it> <4436C3D5.3040908@lmco.com>
Message-ID: <4436DEB1.8030800@tiscali.it>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
On 04/07/2006 09:56 PM, John M Church wrote:
> Not sure if "mask the passphrase in a non-obvious way" does justice to
> encrypting it with a filter and strong algorithm - ref.
> . Were you
> thinking I was only hiding it in clear text?
Simply I don't know anything about this perl module, but where the key
to decrypt the passphrase would be stored? If such a safe place exists
why not using it directly for the gpg passphrase?
- --
Q.E.D.
ICQ UIN: 301825501
OpenPGP key ID: 0x58D14EB3
Key fingerprint: 00B9 3E17 630F F2A7 FF96 DA6B AEE0 EC27 58D1 4EB3
Check fingerprints before trusting a key!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFENt6xH+Dh0Dl5XacRA53ZAJ9cgwj5/gJGetJ7atqPWKLX/hfTBACfXIGi
1djGAaNrtAzKILj1YqrjU1c=
=emRC
-----END PGP SIGNATURE-----
From john.m.church at lmco.com Sat Apr 8 01:29:13 2006
From: john.m.church at lmco.com (John M Church)
Date: Sat Apr 8 01:28:23 2006
Subject: Automated processes
In-Reply-To: <4436DEB1.8030800@tiscali.it>
References: <053b01c659c5$0b87b3f0$4ac811ac@celerasystems.com>
<4435A771.5020004@joimail.com> <4436742F.5020309@lmco.com>
<44369760.4070500@tiscali.it> <4436C3D5.3040908@lmco.com>
<4436DEB1.8030800@tiscali.it>
Message-ID: <4436F5C9.3010009@lmco.com>
Qed/Ryan et al,
Yes you have to pass the filter a seed to run the encryption but I have
to admit I don't know how it decrypts the code automagically. Ben Mord
and I took this offline and he likened the resulting block to a fancy
lock with the key in it b/c the seed I passed to start the encryption
has to be available to Perl when it interprets my code. I suspect you
would agree. Ben has a similar need for automated decryption as I do
but does the decryption via a specialized computer dedicated to the task
whose access and config is tightly controlled - see his response.
Do either of you guys do automated decryption? This doesn't seem to be
addressed in the FAQ - just automated signing. I'm open to suggestions.
btw - am I screwing up my responses? There seem to be mult. threads
being generated. I'm just hitting reply.
John
Qed wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: RIPEMD160
>
>On 04/07/2006 09:56 PM, John M Church wrote:
>
>
>>Not sure if "mask the passphrase in a non-obvious way" does justice to
>>encrypting it with a filter and strong algorithm - ref.
>>. Were you
>>thinking I was only hiding it in clear text?
>>
>>
>Simply I don't know anything about this perl module, but where the key
>to decrypt the passphrase would be stored? If such a safe place exists
>why not using it directly for the gpg passphrase?
>- --
>
> Q.E.D.
>
>ICQ UIN: 301825501
>OpenPGP key ID: 0x58D14EB3
>Key fingerprint: 00B9 3E17 630F F2A7 FF96 DA6B AEE0 EC27 58D1 4EB3
>Check fingerprints before trusting a key!
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.2.2 (GNU/Linux)
>
>iD8DBQFENt6xH+Dh0Dl5XacRA53ZAJ9cgwj5/gJGetJ7atqPWKLX/hfTBACfXIGi
>1djGAaNrtAzKILj1YqrjU1c=
>=emRC
>-----END PGP SIGNATURE-----
>
>
>_______________________________________________
>Gnupg-users mailing list
>Gnupg-users@gnupg.org
>http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>
>
From wk at gnupg.org Fri Apr 7 22:51:57 2006
From: wk at gnupg.org (Werner Koch)
Date: Sat Apr 8 02:07:13 2006
Subject: fetching DE415B0E from sks ([don't know]: invalid packet
(ctb=2d))
In-Reply-To: <20060407155343.GC6562@asteria.noreply.org> (Peter Palfrader's
message of "Fri, 7 Apr 2006 17:53:43 +0200")
References: <20060407134043.GA6562@asteria.noreply.org>
<20060407153055.GA26717@jabberwocky.com>
<20060407155343.GC6562@asteria.noreply.org>
Message-ID: <878xqhaz2q.fsf@wheatstone.g10code.de>
On Fri, 7 Apr 2006 17:53:43 +0200, Peter Palfrader said:
> I think a --refresh should always try to refresh all keys. As it is in
> this case - with a key with "evil" packets on the keyserver - I'm stuck
> in a situation where "gpg --refresh-keys" only updates half of my
Actually, keyservers should never accept such a key in the first
place.
> I can see a point in aborting in the case of gpg --recv, but it's
> confusing that it starts fetching keys starting with the last. Maybe
> that could be turned around.
I think we can do that.
Salam-Shalom,
Werner
From dshaw at jabberwocky.com Sat Apr 8 02:22:04 2006
From: dshaw at jabberwocky.com (David Shaw)
Date: Sat Apr 8 02:21:23 2006
Subject: fetching DE415B0E from sks ([don't know]: invalid packet
(ctb=2d))
In-Reply-To: <20060407155343.GC6562@asteria.noreply.org>
References: <20060407134043.GA6562@asteria.noreply.org>
<20060407153055.GA26717@jabberwocky.com>
<20060407155343.GC6562@asteria.noreply.org>
Message-ID: <20060408002204.GA27174@jabberwocky.com>
On Fri, Apr 07, 2006 at 05:53:43PM +0200, Peter Palfrader wrote:
> On Fri, 07 Apr 2006, David Shaw wrote:
>
> > On Fri, Apr 07, 2006 at 03:40:43PM +0200, Peter Palfrader wrote:
> > > Hi,
> > >
> > > running 1.4.4-cvs, when I try to download DE415B0E I get the following
> > > error:
> > >
> > > | weasel@asteria:~$ gpg --keyserver random.sks.penguin.de --recv 94c09c7f DE415B0E
> > > | gpg: requesting key DE415B0E from hkp server random.sks.penguin.de
> > > | gpg: requesting key 94C09C7F from hkp server random.sks.penguin.de
> > > | gpg: key DE415B0E: public key "Susumu OSAWA " imported
> > > | gpg: [don't know]: invalid packet (ctb=2d)
> > > | gpg: read_block: read error: invalid packet
> > > | gpg: Total number processed: 1
> > > | gpg: imported: 1
> > >
> > > While it imports the key in question, it breaks the current download
> > > action, not fetching additional keys given on the command line.
> >
> > This is a feature, believe it or not. During an import (and a
> > keyserver --recv-keys or --refresh-keys is really just an import), GPG
> > reads packets off the input stream. Once any of those packets prove
> > invalid (a packet starting with 2D is invalid), there is no way to
> > know where it is in the stream - how many bytes should it jump ahead
> > to get back on the track.
>
> I don't believe it's a feature - yet :)
>
> I think a --refresh should always try to refresh all keys. As it is in
> this case - with a key with "evil" packets on the keyserver - I'm stuck
> in a situation where "gpg --refresh-keys" only updates half of my
> keyring.
--import (and therefore --refresh) does try to handle all keys in the
stream. It just can't continue once there is a stream error as there
is no way to reestablish its place in the stream. The stream coding
more or less says stuff like "here's a signature and it's 40 bytes
long (40 bytes here)". GPG reads that and keeps going. If GPG sees
"here's garbage and it's garbage bytes long", it can't read it because
it's garbage, and it can't skip it because it doesn't know how many
(garbage) bytes to skip over. The only thing it can do at that point
is stop.
Keyserver operations result in multiple streams (one per key). If one
errors out, it might be possible to jump to the next BEGIN header, but
that would be a pretty nontrivial undertaking given how the code
currently works.
All that said, though, I'm not convinced that the armored stream you
got from the keyserver is invalid. I think there may be a problem in
GPG's armor parser (hard to imagine after this many years, but..) It
seems that the bad key is the right length (exactly 8192 bytes) to
trigger a problem.
> I can see a point in aborting in the case of gpg --recv, but it's
> confusing that it starts fetching keys starting with the last. Maybe
> that could be turned around.
That's easy. I'll do that.
David
From lusfert at gmail.com Sat Apr 8 11:58:45 2006
From: lusfert at gmail.com (lusfert)
Date: Sat Apr 8 11:57:59 2006
Subject: Date and time format
In-Reply-To: <140763697.20060407022426@gmx.net>
References: <443588BC.3080706@gmail.com> <140763697.20060407022426@gmx.net>
Message-ID: <44378955.4090002@gmail.com>
Mica Mijatovic wrote on 2006-04-07 4:24:
> Was Fri, 07 Apr 2006, at 01:31:40 +0400,
> when lusfert wrote:
>
>>> Is it possible to change date format in GPG output?
>
> I tried this to figure out many times but couldn't.
>
> I also expected that GPG will take over the local User's setting of the
> OS, as most programs do, but not, it doesn't. I don't know reasons.
>
That's very bad. :(
I haven't found any problem report about this at http://bugs.gnupg.org/
Should I create a new one?
http://bugs.gnupg.org/cgi-bin/gnatsweb.pl?debug=&database=gnupg&cmd=create
--
Regards
OpenPGP Key ID: 0x9E353B56500B8987
Encrypted e-mail preferred.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060408/1838de8f/signature.pgp
From blueness at gmx.net Sat Apr 8 12:37:06 2006
From: blueness at gmx.net (Mica Mijatovic)
Date: Sat Apr 8 12:40:57 2006
Subject: Date and time format
In-Reply-To: <44378955.4090002@gmail.com>
References: <443588BC.3080706@gmail.com> <140763697.20060407022426@gmx.net>
<44378955.4090002@gmail.com>
Message-ID: <16110312651.20060408123706@gmx.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: TIGER192
Was Sat, 08 Apr 2006, at 13:58:45 +0400,
when lusfert wrote:
>>>> Is it possible to change date format in GPG output?
>>
>> I tried this to figure out many times but couldn't.
>>
>> I also expected that GPG will take over the local User's setting of the
>> OS, as most programs do, but not, it doesn't. I don't know reasons.
>>
> That's very bad. :(
> I haven't found any problem report about this at http://bugs.gnupg.org/
> Should I create a new one?
> http://bugs.gnupg.org/cgi-bin/gnatsweb.pl?debug=&database=gnupg&cmd=create
I couldn't classify it as a bug, rather a matter of a style of coding,
where the optimal "tweak" of related code(s) has been neglected. An
omission rather.
***
I see, by the way and by, that my previous message arrived with
signature BAD (at least here was so), so just to confirm that the entire
signed text was mine. If the Archive needs it signed again, I'll do
that.
- --
Mica
PGP keys nestled at: http://blueness.port5.com/pgpkeys/
~~~ For personal mail please use my address as it is *exactly* given
in my "From|Reply To" field(s). ~~~
Don't put a cat on your lap, it hurts real bad!
-----BEGIN PGP SIGNATURE-----
iQEVAwUBRDeSULSpHvHEUtv8AQaaSAf+Mq881aAgz5bHKC35pVc3T3FWVKslyIPb
IF/bVFNyOAfPF2fax3puSmlYYIgqZ4dV9ziVSp/sJyobvg7qUNil4vDm/RPwHj/A
n6hu2inFetiRQg62GD/LjkXtI2GwrK/2TzVh6c9raMPnmDxlkfPnt3acs0Rgl/Al
lGEkBKpDrwXYwWNZd/aiinEjaYqrsuf7JwZOL74+h17iFyNE6bY5EBe9igUVslgn
FjNOSXkBl0ivejl6lR4mYmADX35AJk3w60JIjTe77QFb/97k4tbZT7aKEBGkxxiX
6yb0krkivLPgxYqhWjflBrwW3XxmFPCwB+WN1W0QAwCsynECAx+LUg==
=Vuvu
-----END PGP SIGNATURE-----
From dominique at leuenberger.net Sun Apr 9 00:17:51 2006
From: dominique at leuenberger.net (Dominique Leuenberger)
Date: Sun Apr 9 01:56:19 2006
Subject: auto-key-locate pka (gpg version 1.4.3)
Message-ID: <4438368F.2010500@leuenberger.net>
Hello,
according to the readme and man pages, I should be able to use
gpg --auto-key-locate pka --encrypt dominique@leuenberger.net
to encrypt a message to this user even if I would not have the
corresponding public key, if the dns system would be set up correctly.
ok, the latest is not done yet, but is work in progress.
But why I come to the list:
the parameter "pka" seems not to be recognised by my version of pgp
(1.4.3, downloaded as binary for Windows from gnupg.org)
Did I miss something? Neither the new parameters pka nor cert are
working. ldap and keyserver give no error.
using gpg --auto-key-locate pka I get the following error message:
gpg: invalid auto-key-locate list
Any help, or a link to another version of gpg with this support compiled
in, would be appreciated.
Thank you very much,
Dominique
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3218 bytes
Desc: S/MIME Cryptographic Signature
Url : /pipermail/attachments/20060409/44dd5e64/smime.bin
From dshaw at jabberwocky.com Sun Apr 9 02:11:48 2006
From: dshaw at jabberwocky.com (David Shaw)
Date: Sun Apr 9 02:10:59 2006
Subject: auto-key-locate pka (gpg version 1.4.3)
In-Reply-To: <4438368F.2010500@leuenberger.net>
References: <4438368F.2010500@leuenberger.net>
Message-ID: <20060409001148.GE27174@jabberwocky.com>
On Sun, Apr 09, 2006 at 12:17:51AM +0200, Dominique Leuenberger wrote:
> Hello,
>
> according to the readme and man pages, I should be able to use
> gpg --auto-key-locate pka --encrypt dominique@leuenberger.net
> to encrypt a message to this user even if I would not have the
> corresponding public key, if the dns system would be set up correctly.
>
> ok, the latest is not done yet, but is work in progress.
>
> But why I come to the list:
> the parameter "pka" seems not to be recognised by my version of pgp
> (1.4.3, downloaded as binary for Windows from gnupg.org)
>
> Did I miss something? Neither the new parameters pka nor cert are
> working. ldap and keyserver give no error.
> using gpg --auto-key-locate pka I get the following error message:
> gpg: invalid auto-key-locate list
This means that the build of GnuPG you has no DNS support (pka and
cert require DNS support, and ldap and keyserver don't).
David
From dominique at leuenberger.net Sun Apr 9 08:33:39 2006
From: dominique at leuenberger.net (Dominique Leuenberger)
Date: Sun Apr 9 08:32:08 2006
Subject: auto-key-locate pka (gpg version 1.4.3)
In-Reply-To: <20060409001148.GE27174@jabberwocky.com>
References: <4438368F.2010500@leuenberger.net>
<20060409001148.GE27174@jabberwocky.com>
Message-ID: <4438AAC3.5040403@leuenberger.net>
David Shaw wrote:
> On Sun, Apr 09, 2006 at 12:17:51AM +0200, Dominique Leuenberger wrote:
>> Did I miss something? Neither the new parameters pka nor cert are
>> working. ldap and keyserver give no error.
>> using gpg --auto-key-locate pka I get the following error message:
>> gpg: invalid auto-key-locate list
>
> This means that the build of GnuPG you has no DNS support (pka and
> cert require DNS support, and ldap and keyserver don't).
That's very bad, as I downloaded the official binaries from gnupg.org.
Will there be a different version that supports this new feature? I
think it's a very interestnig approach to distribute keys. Indeed the
biggest problem that exists at the moment.
Dominique
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3218 bytes
Desc: S/MIME Cryptographic Signature
Url : /pipermail/attachments/20060409/dc3adc5e/smime-0001.bin
From wk at gnupg.org Sun Apr 9 14:46:47 2006
From: wk at gnupg.org (Werner Koch)
Date: Sun Apr 9 14:51:50 2006
Subject: auto-key-locate pka (gpg version 1.4.3)
In-Reply-To: <4438AAC3.5040403@leuenberger.net> (Dominique Leuenberger's
message of "Sun, 09 Apr 2006 08:33:39 +0200")
References: <4438368F.2010500@leuenberger.net>
<20060409001148.GE27174@jabberwocky.com>
<4438AAC3.5040403@leuenberger.net>
Message-ID: <87bqva9ars.fsf@wheatstone.g10code.de>
On Sun, 09 Apr 2006 08:33:39 +0200, Dominique Leuenberger said:
> That's very bad, as I downloaded the official binaries from gnupg.org.
> Will there be a different version that supports this new feature? I
We don't support DNS queries under Windows right now. Windows does
not provide the usual resolver library so we would need to write
special code for Windows, which has not yet happen.
Shalom-Salam,
Werner
From ryan at malayter.com Sun Apr 9 15:25:34 2006
From: ryan at malayter.com (Ryan Malayter)
Date: Sun Apr 9 15:24:55 2006
Subject: Automated processes
In-Reply-To: <4436F5C9.3010009@lmco.com>
References: <053b01c659c5$0b87b3f0$4ac811ac@celerasystems.com>
<4435A771.5020004@joimail.com> <4436742F.5020309@lmco.com>
<44369760.4070500@tiscali.it> <4436C3D5.3040908@lmco.com>
<4436DEB1.8030800@tiscali.it> <4436F5C9.3010009@lmco.com>
Message-ID: <5d7f07420604090625v550e31fbna470248d2ae02b00@mail.gmail.com>
On 4/7/06, John M Church wrote:
> Qed/Ryan et al,
> Do either of you guys do automated decryption? This doesn't seem to be
> addressed in the FAQ - just automated signing. I'm open to suggestions.
I do use GnuPG for automated decryption for one batch process. To do
so, I use a low-value, single-purpose key that has *no pass phrase*
and very strict permissions on the secring.gpg file. This file is then
placed in a folder that is encrypted at the file system level (using
Windows EFS).
I think this is about as secure as you can make automatic decryption
without trusted hardware being involved. An attacker with the ability
to run code using the same account as my script would be able to read
the secret key from the encrypted file system.
Using the --passphrase-fd option would offer roughly the same security
- that is, permissions on the script file would be your only
protection, just as the permissions on secring.gpg are my only real
protection.
--
RPM
=========================
All problems can be solved by diplomacy, but violence and treachery
are equally effective, and more fun.
-Anonymous
From dshaw at jabberwocky.com Sun Apr 9 15:28:09 2006
From: dshaw at jabberwocky.com (David Shaw)
Date: Sun Apr 9 15:27:21 2006
Subject: fetching DE415B0E from sks ([don't know]: invalid packet
(ctb=2d))
In-Reply-To: <20060408002204.GA27174@jabberwocky.com>
References: <20060407134043.GA6562@asteria.noreply.org>
<20060407153055.GA26717@jabberwocky.com>
<20060407155343.GC6562@asteria.noreply.org>
<20060408002204.GA27174@jabberwocky.com>
Message-ID: <20060409132809.GB31486@jabberwocky.com>
On Fri, Apr 07, 2006 at 08:22:04PM -0400, David Shaw wrote:
> All that said, though, I'm not convinced that the armored stream you
> got from the keyserver is invalid. I think there may be a problem in
> GPG's armor parser (hard to imagine after this many years, but..) It
> seems that the bad key is the right length (exactly 8192 bytes) to
> trigger a problem.
This was indeed a bug. I've attached the fix. With this patch in
place, you should be able to import DE415B0E without error.
David
-------------- next part --------------
Index: armor.c
===================================================================
--- armor.c (revision 4096)
+++ armor.c (revision 4098)
@@ -676,7 +676,7 @@
int checkcrc=0;
int rc = 0;
size_t n = 0;
- int idx, i;
+ int idx, i, onlypad=0;
u32 crc;
crc = afx->crc;
@@ -720,6 +720,8 @@
goto again;
}
}
+ else if(n==0)
+ onlypad=1;
if( idx == 1 )
buf[n++] = val;
@@ -848,7 +850,7 @@
}
}
- if( !n )
+ if( !n && !onlypad )
rc = -1;
*retn = n;
From bob.henson at galen.org.uk Sun Apr 9 15:01:52 2006
From: bob.henson at galen.org.uk (Bob Henson)
Date: Sun Apr 9 16:26:14 2006
Subject: auto-key-locate pka (gpg version 1.4.3)
In-Reply-To: <87bqva9ars.fsf@wheatstone.g10code.de>
References: <4438368F.2010500@leuenberger.net> <20060409001148.GE27174@jabberwocky.com> <4438AAC3.5040403@leuenberger.net>
<87bqva9ars.fsf@wheatstone.g10code.de>
Message-ID: <443905C0.4070401@galen.org.uk>
Werner Koch wrote
> On Sun, 09 Apr 2006 08:33:39 +0200, Dominique Leuenberger said:
>
>> That's very bad, as I downloaded the official binaries from gnupg.org.
>> Will there be a different version that supports this new feature? I
>
> We don't support DNS queries under Windows right now. Windows does
> not provide the usual resolver library so we would need to write
> special code for Windows, which has not yet happen.
Does the same apply to the ability to cross-certify, Werner, or is that a
different matter altogether? I get no response here - not even an error
message - gpg just sits there asking for a command.
Regards,
Bob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060409/8dda902d/signature.pgp
From dshaw at jabberwocky.com Sun Apr 9 16:39:16 2006
From: dshaw at jabberwocky.com (David Shaw)
Date: Sun Apr 9 16:38:27 2006
Subject: auto-key-locate pka (gpg version 1.4.3)
In-Reply-To: <443905C0.4070401@galen.org.uk>
References: <4438368F.2010500@leuenberger.net>
<20060409001148.GE27174@jabberwocky.com>
<4438AAC3.5040403@leuenberger.net>
<87bqva9ars.fsf@wheatstone.g10code.de>
<443905C0.4070401@galen.org.uk>
Message-ID: <20060409143916.GD31486@jabberwocky.com>
On Sun, Apr 09, 2006 at 02:01:52PM +0100, Bob Henson wrote:
>
>
> Werner Koch wrote
>
> > On Sun, 09 Apr 2006 08:33:39 +0200, Dominique Leuenberger said:
> >
> >> That's very bad, as I downloaded the official binaries from gnupg.org.
> >> Will there be a different version that supports this new feature? I
> >
> > We don't support DNS queries under Windows right now. Windows does
> > not provide the usual resolver library so we would need to write
> > special code for Windows, which has not yet happen.
>
> Does the same apply to the ability to cross-certify, Werner, or is that a
> different matter altogether? I get no response here - not even an error
> message - gpg just sits there asking for a command.
Cross-certification and PKA/CERT are unrelated to each other. What
(public) key were you trying to cross-certify?
David
From bob.henson at galen.org.uk Sun Apr 9 18:09:05 2006
From: bob.henson at galen.org.uk (Bob Henson)
Date: Sun Apr 9 18:08:09 2006
Subject: auto-key-locate pka (gpg version 1.4.3)
In-Reply-To: <20060409143916.GD31486@jabberwocky.com>
References: <4438368F.2010500@leuenberger.net> <20060409001148.GE27174@jabberwocky.com> <4438AAC3.5040403@leuenberger.net> <87bqva9ars.fsf@wheatstone.g10code.de> <443905C0.4070401@galen.org.uk>
<20060409143916.GD31486@jabberwocky.com>
Message-ID: <443931A1.6050805@galen.org.uk>
David Shaw wrote
>> >> That's very bad, as I downloaded the official binaries from gnupg.org.
>> >> Will there be a different version that supports this new feature? I
>> >
>> > We don't support DNS queries under Windows right now. Windows does
>> > not provide the usual resolver library so we would need to write
>> > special code for Windows, which has not yet happen.
>>
>> Does the same apply to the ability to cross-certify, Werner, or is that a
>> different matter altogether? I get no response here - not even an error
>> message - gpg just sits there asking for a command.
> Cross-certification and PKA/CERT are unrelated to each other.
I realise that, what I was asking was did the problem also relate to the
Windows build - in other words, was I wasting my time trying to get it to
work as the OP was with his (different) problem.
> What (public) key were you trying to cross-certify?
All five of my keys - FBA06282, 31C737BD, 8FD7EAA9, A9732CF4 and 9652ABDA
Regards,
Bob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060409/8cd5e876/signature.pgp
From dshaw at jabberwocky.com Sun Apr 9 18:22:30 2006
From: dshaw at jabberwocky.com (David Shaw)
Date: Sun Apr 9 18:21:42 2006
Subject: auto-key-locate pka (gpg version 1.4.3)
In-Reply-To: <443931A1.6050805@galen.org.uk>
References: <4438368F.2010500@leuenberger.net>
<20060409001148.GE27174@jabberwocky.com>
<4438AAC3.5040403@leuenberger.net>
<87bqva9ars.fsf@wheatstone.g10code.de>
<443905C0.4070401@galen.org.uk>
<20060409143916.GD31486@jabberwocky.com>
<443931A1.6050805@galen.org.uk>
Message-ID: <20060409162230.GE31486@jabberwocky.com>
On Sun, Apr 09, 2006 at 05:09:05PM +0100, Bob Henson wrote:
> David Shaw wrote
>
> >> >> That's very bad, as I downloaded the official binaries from gnupg.org.
> >> >> Will there be a different version that supports this new feature? I
> >> >
> >> > We don't support DNS queries under Windows right now. Windows does
> >> > not provide the usual resolver library so we would need to write
> >> > special code for Windows, which has not yet happen.
> >>
> >> Does the same apply to the ability to cross-certify, Werner, or is that a
> >> different matter altogether? I get no response here - not even an error
> >> message - gpg just sits there asking for a command.
>
> > Cross-certification and PKA/CERT are unrelated to each other.
>
> I realise that, what I was asking was did the problem also relate to the
> Windows build - in other words, was I wasting my time trying to get it to
> work as the OP was with his (different) problem.
>
> > What (public) key were you trying to cross-certify?
>
> All five of my keys - FBA06282, 31C737BD, 8FD7EAA9, A9732CF4 and 9652ABDA
I think there is a misunderstanding. None of those keys have signing
subkeys. Cross-certification is meaningless without a signing subkey.
David
From bob.henson at galen.org.uk Sun Apr 9 19:37:40 2006
From: bob.henson at galen.org.uk (Bob Henson)
Date: Sun Apr 9 19:36:41 2006
Subject: auto-key-locate pka (gpg version 1.4.3)
In-Reply-To: <20060409162230.GE31486@jabberwocky.com>
References: <4438368F.2010500@leuenberger.net> <20060409001148.GE27174@jabberwocky.com> <4438AAC3.5040403@leuenberger.net> <87bqva9ars.fsf@wheatstone.g10code.de> <443905C0.4070401@galen.org.uk> <20060409143916.GD31486@jabberwocky.com> <443931A1.6050805@galen.org.uk>
<20060409162230.GE31486@jabberwocky.com>
Message-ID: <44394664.4070307@galen.org.uk>
David Shaw wrote
>> >> >> That's very bad, as I downloaded the official binaries from gnupg.org.
>> >> >> Will there be a different version that supports this new feature? I
>> >> >
>> >> > We don't support DNS queries under Windows right now. Windows does
>> >> > not provide the usual resolver library so we would need to write
>> >> > special code for Windows, which has not yet happen.
>> >>
>> >> Does the same apply to the ability to cross-certify, Werner, or is that a
>> >> different matter altogether? I get no response here - not even an error
>> >> message - gpg just sits there asking for a command.
>>
>> > Cross-certification and PKA/CERT are unrelated to each other.
>>
>> I realise that, what I was asking was did the problem also relate to the
>> Windows build - in other words, was I wasting my time trying to get it to
>> work as the OP was with his (different) problem.
>>
>> > What (public) key were you trying to cross-certify?
>>
>> All five of my keys - FBA06282, 31C737BD, 8FD7EAA9, A9732CF4 and 9652ABDA
>
> I think there is a misunderstanding. None of those keys have signing
> subkeys. Cross-certification is meaningless without a signing subkey.
OK - the usual problem - lack of knowledge on my part. I saw a post
suggesting subkeys should be cross-signed, mine had subkeys, so I just
assumed that was what was under discussion. In my own defence, it's fair to
say the lack of good documentation (or documentation simple enough for me to
understand) doesn't help those of us less technical. My apologies for
wasting your time.
Regards,
Bob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060409/be66ebc0/signature.pgp
From ben.branders at gmail.com Sun Apr 9 21:19:17 2006
From: ben.branders at gmail.com (Ben Branders)
Date: Sun Apr 9 21:24:17 2006
Subject: Error: MPI larger than indicated length
Message-ID:
Hi,
Today I wanted to do an update of the public keys in my list via Enigmail
(Refresh all public keys). I got this message:
> gpg: MPI larger than indicated length (2 bytes)
> gpg: keyring_get_keyblock: read error: invalid packet
> gpg: keydb_get_keygblock failed: invalid keyring
I thought this was because I upgraded my Slackware Linux to another GCC
version so I recompiled GnuPG. Same problem.
Enigmail Keymanagement doesn't show any keys, not even the private ones.
Please inform me what I should do to fix this.
Thank you!
Kind regards
--
Ben Branders
web http://branders.name http://www.livre.nl
jabber ben@jabberweb.be http://www.mozbrowser.nl
OpenPGP 0x46938FDB http://www.mozilla-europe.org
From dshaw at jabberwocky.com Sun Apr 9 21:41:21 2006
From: dshaw at jabberwocky.com (David Shaw)
Date: Sun Apr 9 21:40:33 2006
Subject: Error: MPI larger than indicated length
In-Reply-To:
References:
Message-ID: <20060409194121.GF31486@jabberwocky.com>
On Sun, Apr 09, 2006 at 09:19:17PM +0200, Ben Branders wrote:
> Hi,
>
>
>
> Today I wanted to do an update of the public keys in my list via Enigmail
> (Refresh all public keys). I got this message:
>
> > gpg: MPI larger than indicated length (2 bytes)
> > gpg: keyring_get_keyblock: read error: invalid packet
> > gpg: keydb_get_keygblock failed: invalid keyring
>
> I thought this was because I upgraded my Slackware Linux to another GCC
> version so I recompiled GnuPG. Same problem.
>
> Enigmail Keymanagement doesn't show any keys, not even the private ones.
>
> Please inform me what I should do to fix this.
I don't think anyone here can help you without knowing what version of
GnuPG you're talking about.
David
From trevor at haligonian.com Sun Apr 9 20:27:17 2006
From: trevor at haligonian.com (Trevor Smith)
Date: Sun Apr 9 21:56:15 2006
Subject: More questions about: "gpg: WARNING: message was not integrity
protected"
Message-ID:
Some time ago there were questions about the warning message:
gpg: WARNING: message was not integrity protected
that gpg outputs when decrypting *some* symmetrically encrypted
texts. Werner Koch wrote in
http://lists.gnupg.org/pipermail/gnupg-users/2004-October/023500.html
that:
> That message is on purpose to remind people that they should use the
> MDC feature. MDC is automagically handled through the preferences
> system but with symmetrical only encrypted mails we don't have them
> and thus we need to print the warning in all cases.
I have some questions about this:
1. How is MDC enabled? I cannot find a setting (I'm using Mac OS X
and my man pages are mysteriously missing). There is no (commented
out) option for MDC in my gpg.conf file.
2. I have observed that by switching my cipher-algo from the default,
CAST5, to AES256 (or any variant of AES, if I recall correctly), the
warning goes away. Why?
3. Werner implies that the warning is only generated for
symmetrically encrypted emails but I have noticed that an email from
my girlfriend, signed and encrypted to my public key will display
this warning, when decrypted/verified from the command line. However,
a message that I encrypt to myself then decrypt on the command line
does *not* display it. Is this, again, because I have my default
cipher-algo set to AES256 in my gpg.conf file while my girlfriend is
using the default (CAST5)?
4. All this gives the impression that CAST5 suffers from a weakness
that AES256 does not. Is this true?
--
Trevor Smith
trevor@haligonian.com
From johnmoore3rd at joimail.com Sun Apr 9 22:06:45 2006
From: johnmoore3rd at joimail.com (John W. Moore III)
Date: Sun Apr 9 22:05:56 2006
Subject: Error: MPI larger than indicated length
In-Reply-To:
References:
Message-ID: <44396955.5000002@joimail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Ben Branders wrote
> Enigmail Keymanagement doesn't show any keys, not even the private ones.
>
> Please inform me what I should do to fix this.
> Thank you!
While this would probably be a better Question on the Enigmail List; try
File > Reload Key Cache from the Enigmail Key Management window.
JOHN ;)
Timestamp: Sunday 09 Apr 2006, 16:05 --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4-svn4097: (MingW32)
Comment: Public Key at: http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org
Comment: Homepage: http://tinyurl.com/9ubue
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBCAAGBQJEOWlSAAoJEBCGy9eAtCsPyBwH/RfvEQdJh8+N1CMI3MZruH1k
84y5WJEsFpEMVjZeZzTSVNKt09a9Wa/JsUsGSngfAl55CdH2aYYSYRKopNz+iDyL
MULoMfJ0s4B98BSxA5vmTyhyb12uxWgqPOhFTpcuDQ2nFsZteWZ9Nf6yaifb4U9y
LwGqnl52ZoCazyGY35YztrsVLLH5X4auW4HkV7d26y3UVXObEEZDX5avCoJBOIfF
8F1Pr89jCl1lq4M5lyS1bEke6bRyXUBaT6K/D0gOV/uGJ6i8Th/wqf61QJqOtXyP
2AGM2P/3UxPmtt1MzrTsnGYpNXLcWVFJTq9zFClalnRvcDby8J4CHrSElRnP3DU=
=abpp
-----END PGP SIGNATURE-----
From ben.branders at gmail.com Sun Apr 9 22:17:22 2006
From: ben.branders at gmail.com (Ben Branders)
Date: Sun Apr 9 22:16:41 2006
Subject: Error: MPI larger than indicated length
In-Reply-To: <20060409194121.GF31486__37211.1330194913$1144611883$gmane$org@jabberwocky.com>
References:
<20060409194121.GF31486__37211.1330194913$1144611883$gmane$org@jabberwocky.com>
Message-ID:
David Shaw wrote:
> I don't think anyone here can help you without knowing what version of
> GnuPG you're talking about.
Oops, sorry.
I'm using GnuPG 1.4.3 on Slackware Linux (current tree).
Regards,
--
Ben Branders
web http://branders.name http://www.livre.nl
jabber ben@jabberweb.be http://www.mozbrowser.nl
OpenPGP 0x46938FDB http://www.mozilla-europe.org
From huehn-ml at arcor.de Sun Apr 9 19:52:17 2006
From: huehn-ml at arcor.de (=?ISO-8859-1?Q?Thomas_H=FChn?=)
Date: Sun Apr 9 23:26:10 2006
Subject: [Announce] Gpg4win 1.0.0 released
In-Reply-To: <8764lld2fy.fsf@wheatstone.g10code.de>
References: <8764lld2fy.fsf@wheatstone.g10code.de>
Message-ID: <008E5F66F9BCC4B445CAA71E@[192.168.2.22]>
Hi
--On Freitag, 7. April 2006 13:56 +0200 Werner Koch wrote:
> The gpg4win project aims at updating the gpg4win Windows installation
> package with GnuPG encryption tool, associated applications and
> documentation on a regular basis. Especially the documentation
> (handbooks "Einsteiger" and "Durchblicker") are directly maintained as
> part of the gpg4win project.
Is there no current man page included or did I just overlook it?
Is a current man page (including "cross-certify" etc.) available somewhere
online?
Thomas
From tmz at pobox.com Sun Apr 9 23:43:51 2006
From: tmz at pobox.com (Todd Zullinger)
Date: Sun Apr 9 23:58:08 2006
Subject: [Announce] Gpg4win 1.0.0 released
In-Reply-To: <008E5F66F9BCC4B445CAA71E@[192.168.2.22]>
References: <8764lld2fy.fsf@wheatstone.g10code.de>
<008E5F66F9BCC4B445CAA71E@[192.168.2.22]>
Message-ID: <20060409214351.GD22038@psilocybe.teonanacatl.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thomas H?hn wrote:
> --On Freitag, 7. April 2006 13:56 +0200 Werner Koch
> wrote:
>
>> The gpg4win project aims at updating the gpg4win Windows
>> installation package with GnuPG encryption tool, associated
>> applications and documentation on a regular basis. Especially the
>> documentation (handbooks "Einsteiger" and "Durchblicker") are
>> directly maintained as part of the gpg4win project.
>
> Is there no current man page included or did I just overlook it?
I don't know about the win32 builds... Building from source on linux
the man page is available and current.
> Is a current man page (including "cross-certify" etc.) available
> somewhere online?
I thought this would be what you wanted, but it's definitely not
current:
http://www.gnupg.org/documentation/manpage.en.html
It's linked from the main documentation page.
FWIW, here are the sections on cross-certify from the 1.4.3 manual:
--edit-key name
Present a menu which enables you to do all key related tasks:
[...]
cross-certify
Add cross-certification signatures to signing
subkeys that may not currently have them.
Cross-certification signatures protect against a
subtle attack against signing subkeys. See
--require-cross-certification.
[...]
--require-cross-certification
--no-require-certification
When verifying a signature made from a subkey, ensure that
the cross certification "back signature" on the subkey is
present and valid. This protects against a subtle attack
against subkeys that can sign. Currently defaults to
--no-require- cross-certification, but will be changed
to --require-cross-certification in the future.
- --
Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
======================================================================
There is no pleasure in having nothing to do; the fun is in having
lots to do and not doing it.
-- Mary Wilson Little
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.
iG0EARECAC0FAkQ5gBYmGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt
ei5hc2MACgkQuv+09NZUB1rS6wCfaIOm0dV+RhyfYH8DXr5ht+aD//oAn0KlCMIN
6pRojI6Vh2fbqv3mJg4Q
=Gw6G
-----END PGP SIGNATURE-----
From dshaw at jabberwocky.com Mon Apr 10 00:28:27 2006
From: dshaw at jabberwocky.com (David Shaw)
Date: Mon Apr 10 00:27:44 2006
Subject: More questions about: "gpg: WARNING: message was not integrity
protected"
In-Reply-To:
References:
Message-ID: <20060409222827.GB21747@jabberwocky.com>
On Sun, Apr 09, 2006 at 03:27:17PM -0300, Trevor Smith wrote:
> Some time ago there were questions about the warning message:
>
> gpg: WARNING: message was not integrity protected
>
> that gpg outputs when decrypting *some* symmetrically encrypted
> texts. Werner Koch wrote in
> http://lists.gnupg.org/pipermail/gnupg-users/2004-October/023500.html
> that:
>
> >That message is on purpose to remind people that they should use the
> >MDC feature. MDC is automagically handled through the preferences
> >system but with symmetrical only encrypted mails we don't have them
> >and thus we need to print the warning in all cases.
>
> I have some questions about this:
>
> 1. How is MDC enabled? I cannot find a setting (I'm using Mac OS X
> and my man pages are mysteriously missing). There is no (commented
> out) option for MDC in my gpg.conf file.
MDC can be forced on via --force-mdc. As Werner said, the preference
system will automatically handle this for public key encryption. For
symmetric encryption (which has no preference system), you can use
--force-mdc if you want a MDC.
> 2. I have observed that by switching my cipher-algo from the default,
> CAST5, to AES256 (or any variant of AES, if I recall correctly), the
> warning goes away. Why?
In an effort to increase the use of MDC, it was noted that all
implementations that could handle AES could also handle MDC. Thus,
using any AES (or TWOFISH) turns the MDC flag on for you.
> 3. Werner implies that the warning is only generated for
> symmetrically encrypted emails but I have noticed that an email from
> my girlfriend, signed and encrypted to my public key will display
> this warning, when decrypted/verified from the command line. However,
> a message that I encrypt to myself then decrypt on the command line
> does *not* display it. Is this, again, because I have my default
> cipher-algo set to AES256 in my gpg.conf file while my girlfriend is
> using the default (CAST5)?
It is, but this is not a complete answer. Neither of you should have
a cipher-algo set in your gpg.conf file. If you do, you're fighting
against all the automatic parts of the system. Let GPG do what it is
supposed to do and you'll be better off.
> 4. All this gives the impression that CAST5 suffers from a weakness
> that AES256 does not. Is this true?
That's sort of an apples and oranges question. CAST5 is a 128-bit
cipher. AES256 is a 256-bit cipher. Is CAST5 weaker than AES256?
Yes, but that's that not to say that CAST5 is broken somehow: AES256
is just twice as large.
David
From jam at jamux.com Mon Apr 10 00:16:14 2006
From: jam at jamux.com (John A. Martin)
Date: Mon Apr 10 01:09:12 2006
Subject: auto-key-locate pka (gpg version 1.4.3)
References: <4438368F.2010500@leuenberger.net>
<20060409001148.GE27174@jabberwocky.com>
Message-ID: <87lkues8cx.fsf@athene.jamux.com>
>>>>> "ds" == David Shaw
>>>>> "Re: auto-key-locate pka (gpg version 1.4.3)"
>>>>> Sat, 8 Apr 2006 20:11:48 -0400
ds> This means that the build of GnuPG you has no DNS support (pka
ds> and cert require DNS support, and ldap and keyserver don't).
Wouldn't it be nice if 'gpg --version' printed a list of the features
available in the version supported and not-supported by the
executable?
jam
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 154 bytes
Desc: not available
Url : /pipermail/attachments/20060409/2f21cfd7/attachment.pgp
From dshaw at jabberwocky.com Mon Apr 10 01:17:07 2006
From: dshaw at jabberwocky.com (David Shaw)
Date: Mon Apr 10 01:16:21 2006
Subject: auto-key-locate pka (gpg version 1.4.3)
In-Reply-To: <87lkues8cx.fsf@athene.jamux.com>
References: <4438368F.2010500@leuenberger.net>
<20060409001148.GE27174@jabberwocky.com>
<87lkues8cx.fsf@athene.jamux.com>
Message-ID: <20060409231707.GD21747@jabberwocky.com>
On Sun, Apr 09, 2006 at 06:16:14PM -0400, John A. Martin wrote:
> >>>>> "ds" == David Shaw
> >>>>> "Re: auto-key-locate pka (gpg version 1.4.3)"
> >>>>> Sat, 8 Apr 2006 20:11:48 -0400
>
> ds> This means that the build of GnuPG you has no DNS support (pka
> ds> and cert require DNS support, and ldap and keyserver don't).
>
> Wouldn't it be nice if 'gpg --version' printed a list of the features
> available in the version supported and not-supported by the
> executable?
That's a good idea. I'll look at doing that.
David
From rjh at sixdemonbag.org Mon Apr 10 01:44:18 2006
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon Apr 10 01:43:59 2006
Subject: More questions about: "gpg: WARNING: message was not integrity
protected"
In-Reply-To: <20060409222827.GB21747@jabberwocky.com>
References:
<20060409222827.GB21747@jabberwocky.com>
Message-ID: <44399C52.2030001@sixdemonbag.org>
David Shaw wrote:
> That's sort of an apples and oranges question. CAST5 is a 128-bit
> cipher. AES256 is a 256-bit cipher. Is CAST5 weaker than AES256?
> Yes, but that's that not to say that CAST5 is broken somehow: AES256
> is just twice as large.
Forgive me for being pedantic, but I'd like to make a small
clarification here for the benefit of people who don't understand what
key sizes mean.
The key is twice as large. That doesn't mean there are twice as many
keys. It has considerably more than that.
AES256 has about 100,000,000,000,000,000,000,000,000,000,000,000,000
times as many possible keys as CAST5. The difference between the two is
almost incomprehensible.
Again, apologies for the pedantry. :)
From johnmoore3rd at joimail.com Mon Apr 10 01:57:00 2006
From: johnmoore3rd at joimail.com (John W. Moore III)
Date: Mon Apr 10 01:56:17 2006
Subject: More questions about: "gpg: WARNING: message was not integrity
protected"
In-Reply-To: <44399C52.2030001@sixdemonbag.org>
References: <20060409222827.GB21747@jabberwocky.com>
<44399C52.2030001@sixdemonbag.org>
Message-ID: <44399F4C.90909@joimail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Robert J. Hansen wrote:
> David Shaw wrote:
>> That's sort of an apples and oranges question. CAST5 is a 128-bit
>> cipher. AES256 is a 256-bit cipher. Is CAST5 weaker than AES256?
>> Yes, but that's that not to say that CAST5 is broken somehow: AES256
>> is just twice as large.
>
> Forgive me for being pedantic, but I'd like to make a small
> clarification here for the benefit of people who don't understand what
> key sizes mean.
>
> The key is twice as large. That doesn't mean there are twice as many
> keys. It has considerably more than that.
>
> AES256 has about 100,000,000,000,000,000,000,000,000,000,000,000,000
> times as many possible keys as CAST5. The difference between the two is
> almost incomprehensible.
>
> Again, apologies for the pedantry. :)
I don't consider it 'pedantic'; however, I'm sure David meant to state
that AES256 is 'exponentially' larger. I am also glad that David
pointed out the limiting factor of specifying a particular algorithm for
encryption in the gpg.conf File.
This may work fine for communication between 2 individuals but can/will
create problems when attempting to communicate with someone whose
Preferences will not support that algorithm. Best example: PGP 8.1
*cannot* verify any signature hashed above SHA256.
JOHN ;)
Timestamp: Sunday 09 Apr 2006, 19:56 --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4-4099svn: (MingW32)
Comment: Public Key at: http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org
Comment: Homepage: http://tinyurl.com/9ubue
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBCAAGBQJEOZ9CAAoJEBCGy9eAtCsPaAgH/j/2+OhYsmVEazmcUQqBI4mS
Usmi+aZTTr8UAvmuwnEYxa0VW3Qx+WHK3JpuzQQeSPOi3EdS4kHNNVBM6CZJY69C
BuiU0f8ordUN7nOi1/jFVmCnPPEtlP124l5mWxvmIxd13a3lDP+TEqu3ZNyywKwq
fzSvV2uuHDq4PpVDLsk+Vd2KjM+03qZVv/Qu673CWqgWowkFwzsrEXbJ7ChXGXe3
TEj/Y8WEBp0me3UQHD/FVOxBsCq4oz5UVwHnddMnOFNIv/JfbuCEEUZSrr/N1j9a
qPwrPl1Qi/dRfjaVYj+Uj0IsbhWkfmYKVba362qosamY3KbXXs5V2lrMifapkDI=
=06jr
-----END PGP SIGNATURE-----
From dshaw at jabberwocky.com Mon Apr 10 02:11:04 2006
From: dshaw at jabberwocky.com (David Shaw)
Date: Mon Apr 10 02:10:15 2006
Subject: More questions about: "gpg: WARNING: message was not integrity
protected"
In-Reply-To: <44399F4C.90909@joimail.com>
References:
<20060409222827.GB21747@jabberwocky.com>
<44399C52.2030001@sixdemonbag.org> <44399F4C.90909@joimail.com>
Message-ID: <20060410001104.GE21747@jabberwocky.com>
On Sun, Apr 09, 2006 at 07:57:00PM -0400, John W. Moore III wrote:
> Robert J. Hansen wrote:
> > David Shaw wrote:
> >> That's sort of an apples and oranges question. CAST5 is a 128-bit
> >> cipher. AES256 is a 256-bit cipher. Is CAST5 weaker than AES256?
> >> Yes, but that's that not to say that CAST5 is broken somehow: AES256
> >> is just twice as large.
> >
> > Forgive me for being pedantic, but I'd like to make a small
> > clarification here for the benefit of people who don't understand what
> > key sizes mean.
> >
> > The key is twice as large. That doesn't mean there are twice as many
> > keys. It has considerably more than that.
> >
> > AES256 has about 100,000,000,000,000,000,000,000,000,000,000,000,000
> > times as many possible keys as CAST5. The difference between the two is
> > almost incomprehensible.
> >
> > Again, apologies for the pedantry. :)
>
> I don't consider it 'pedantic'; however, I'm sure David meant to state
> that AES256 is 'exponentially' larger. I am also glad that David
> pointed out the limiting factor of specifying a particular algorithm for
> encryption in the gpg.conf File.
>
> This may work fine for communication between 2 individuals but can/will
> create problems when attempting to communicate with someone whose
> Preferences will not support that algorithm. Best example: PGP 8.1
> *cannot* verify any signature hashed above SHA256.
Exactly. Which is a great example why people should not set
particular ciphers, and just let the automatic system do its job. The
main point of the automatic system is to prevent mismatches like this.
David
From dshaw at jabberwocky.com Mon Apr 10 02:12:33 2006
From: dshaw at jabberwocky.com (David Shaw)
Date: Mon Apr 10 02:11:43 2006
Subject: More questions about: "gpg: WARNING: message was not integrity
protected"
In-Reply-To: <44399C52.2030001@sixdemonbag.org>
References:
<20060409222827.GB21747@jabberwocky.com>
<44399C52.2030001@sixdemonbag.org>
Message-ID: <20060410001233.GA22289@jabberwocky.com>
On Sun, Apr 09, 2006 at 06:44:18PM -0500, Robert J. Hansen wrote:
> David Shaw wrote:
> > That's sort of an apples and oranges question. CAST5 is a 128-bit
> > cipher. AES256 is a 256-bit cipher. Is CAST5 weaker than AES256?
> > Yes, but that's that not to say that CAST5 is broken somehow: AES256
> > is just twice as large.
>
> Forgive me for being pedantic, but I'd like to make a small
> clarification here for the benefit of people who don't understand what
> key sizes mean.
>
> The key is twice as large. That doesn't mean there are twice as many
> keys. It has considerably more than that.
>
> AES256 has about 100,000,000,000,000,000,000,000,000,000,000,000,000
> times as many possible keys as CAST5. The difference between the two is
> almost incomprehensible.
Indeed. However, again, that doesn't mean CAST5 is broken. Just
smaller than AES256.
AES256 is vastly stronger than most people need in practice. Heck,
CAST5 is vastly stronger than most people need in practice. Even so,
AES256 is more or less the default for new keys in both PGP and
GnuPG.
David
From trevor at haligonian.com Mon Apr 10 04:11:48 2006
From: trevor at haligonian.com (Trevor Smith)
Date: Mon Apr 10 05:32:13 2006
Subject: More questions about: "gpg: WARNING: message was not integrity
protected"
In-Reply-To: <20060409222827.GB21747@jabberwocky.com>
References:
<20060409222827.GB21747@jabberwocky.com>
Message-ID:
On 9-Apr-06, at 7:28 PM, David Shaw wrote:
> MDC can be forced on via --force-mdc. As Werner said, the preference
Excellent. So, the follow-up question is, should one use this option
for files symmetrically encrypted for long-term storage (like if
burned to a CD)?
> system will automatically handle this for public key encryption. For
> symmetric encryption (which has no preference system), you can use
> --force-mdc if you want a MDC.
Can you briefly explain this "preference system"? As in, does this
mean a given public key may/will have a preference for some algo
stored in it and when my copy of GPG attempts to encrypt to that
public key, it uses that symmetric cipher (when possible)?
> In an effort to increase the use of MDC, it was noted that all
> implementations that could handle AES could also handle MDC. Thus,
> using any AES (or TWOFISH) turns the MDC flag on for you.
Ah, great! So there are at least two benefits of using AES over CAST5
then (larger keyspace and MDC turned on).
> It is, but this is not a complete answer. Neither of you should have
> a cipher-algo set in your gpg.conf file. If you do, you're fighting
> against all the automatic parts of the system. Let GPG do what it is
Fair enough. I had set it because I was archiving some things for
long-term storage and discovered it was defaulting to CAST5 and
thought, why not use the largest keyspace I can?
But your point is taken, because I understand now that I was also
forcing asymmetric encryption to use AES256 as the session cipher,
which might cause problems.
Then again, if I send emails that I might not want people to decrypt
5 or 10 years from now, would I want session ciphers to be defaulting
to AES256 instead of CAST5? Why is this the default?
--
Trevor Smith
trevor@haligonian.com
From alphasigmax at gmail.com Mon Apr 10 07:49:31 2006
From: alphasigmax at gmail.com (Alphax)
Date: Mon Apr 10 07:49:57 2006
Subject: auto-key-locate pka (gpg version 1.4.3)
In-Reply-To: <20060409231707.GD21747@jabberwocky.com>
References: <4438368F.2010500@leuenberger.net> <20060409001148.GE27174@jabberwocky.com> <87lkues8cx.fsf@athene.jamux.com>
<20060409231707.GD21747@jabberwocky.com>
Message-ID: <4439F1EB.6030200@gmail.com>
David Shaw wrote:
> On Sun, Apr 09, 2006 at 06:16:14PM -0400, John A. Martin wrote:
>>> "ds" == David Shaw
>>> "Re: auto-key-locate pka (gpg version 1.4.3)"
>>> Sat, 8 Apr 2006 20:11:48 -0400
>> ds> This means that the build of GnuPG you has no DNS support (pka
>> ds> and cert require DNS support, and ldap and keyserver don't).
>>
>> Wouldn't it be nice if 'gpg --version' printed a list of the features
>> available in the version supported and not-supported by the
>> executable?
>
> That's a good idea. I'll look at doing that.
>
Will that also include "undocumented" features like --enarmor?
--
Alphax
Message composed: 2006-04-10T15:19:27+09:30
From ben.branders at gmail.com Mon Apr 10 09:46:21 2006
From: ben.branders at gmail.com (Ben Branders)
Date: Mon Apr 10 09:45:47 2006
Subject: Error: MPI larger than indicated length
In-Reply-To: <44396955.5000002__19150.6085721359$1144614961$gmane$org@joimail.com>
References:
<44396955.5000002__19150.6085721359$1144614961$gmane$org@joimail.com>
Message-ID:
John W. Moore III wrote:
> While this would probably be a better Question on the Enigmail List; try
> File > Reload Key Cache from the Enigmail Key Management window.
I don't think Enigmail has anything to do with it. It is just passing the
gpg-error messages through.
Anyway, I tried you suggestion but it didn't work. I got the same error when
trying to reload the key cache.
I think something is really wrong with my keyring... :-(
Regards
--
Ben Branders
web http://branders.name http://www.livre.nl
jabber ben@jabberweb.be http://www.mozbrowser.nl
OpenPGP 0x46938FDB http://www.mozilla-europe.org
From goffioul at imec.be Thu Apr 6 17:07:04 2006
From: goffioul at imec.be (Goffioul Michael)
Date: Mon Apr 10 10:43:44 2006
Subject: [GPGol] Support for multipart/signed messages?
Message-ID: <38C0C9E3083ADB42BFFFC6C2A8B012CE02CF2F6C@WINEX2.imec.be>
Hi,
I installed the latest version of gpgol 0.9.8 (actually through
gpg4win),
hoping to get support for multipart/signed message, but it seems it does
not
work (is it supposed to work?). I'm using Outlook 2003 connected to an
exchange server.
I enabled log (in the registry) and could only detect one error in
get_msg_content_type()
function. The log content is below. I hope it can help.
Michael.
216/olflange.cpp:Install: context=0x7 (ReadNoteMessage) flags=0x0
1216/GPGol: this is gpgol 0.9.8
1216/GPGol: detected Outlook build version 0xd0625 (13.1573)
1216/GPGol: actual version 0x1030400 (1.3.4.0)
1216/GPGol: virtual version 0x1030400 (1.3.4.0)
1216/olflange.cpp:InstallCommands: context=0x7 (ReadNoteMessage)
flags=0x0
1216/olflange.cpp:DoCommand: commandID=61536 (0xf060)
1216/olflange.cpp:find_outlook_property: looking for `Close'
1216/olflange.cpp:find_outlook_property: got IDispatch=04A9D6CC
dispid=61475
1216/olflange.cpp:DoCommand: invoking Close succeeded
1216/olflange.cpp:~CGPGExchExt: cleaning up CGPGExchExt object;
context=0x7 (ReadNoteMessage)
1216/olflange.cpp:ExchEntryPoint: creating new CGPGExchExt object
1216/olflange.cpp:Install: context=0x7 (ReadNoteMessage) flags=0x0
1216/GPGol: this is gpgol 0.9.8
1216/GPGol: detected Outlook build version 0xd0625 (13.1573)
1216/GPGol: actual version 0x1030400 (1.3.4.0)
1216/GPGol: virtual version 0x1030400 (1.3.4.0)
1216/olflange.cpp:InstallCommands: context=0x7 (ReadNoteMessage)
flags=0x0
1216/olflange.cpp:OnRead: received
1216/show_mapi_property:
PR_CONVERSATION_INDEX=01C65979BF376B34AC58E7A44A69A8DF693EAD17DFE0
1216/olflange.cpp:OnReadComplete: received
1216/olflange.cpp:DoCommand: commandID=21999 (0x55ef)
1216/gpgmsg.cpp:decrypt: enter
1216/ERROR/gpgmsg.cpp:get_msg_content_type: error getting the headers
lines: hr=0x8007000e
1216/gpgmsg.cpp:decrypt: parsed content-type: media=[none]/[none]
protocol=[none]
1216/gpgmsg.cpp:loadBody: loaded body 1192 bytes of body at 024BC5E0
1216/gpgmsg.cpp:gatherAttachmentInfo: message has 1 attachments
1216/gpgmsg.cpp:gatherAttachmentInfo: attachment info:
1216/ 0 0 0 0 0 `ATT00010.dat' `application/pgp-signature' `(null)'
1216/gpgmsg.cpp:decrypt: message has 1 attachments with 0 signed and 0
encrypted
1216/msgcache_get: cache miss for key:
01C65979BF376B34AC58E7A44A69A8DF693EAD17DFE0
1216/gpgmsg.cpp:decrypt: leave (no OpenPGP data)
1216/olflange.cpp:DoCommand: commandID=61536 (0xf060)
1216/olflange.cpp:find_outlook_property: looking for `Close'
1216/olflange.cpp:find_outlook_property: got IDispatch=07DF4E48
dispid=61475
1216/olflange.cpp:DoCommand: invoking Close succeeded
1216/olflange.cpp:~CGPGExchExt: cleaning up CGPGExchExt object;
context=0x7 (ReadNoteMessage)
From cboyce at msm.edu Fri Apr 7 00:19:44 2006
From: cboyce at msm.edu (Boyce, Collin)
Date: Mon Apr 10 10:43:56 2006
Subject: MPI too large
Message-ID:
When decrypting a file I get the following error message. I saw
previous posts but was unable to find what the resolution
Error:
gpg: mpi too large for this implementation (55559 bits)
Command line
Echo passpharase| gpg --passphrase-fd 0 -u xx@xx.edu --batch --openpgp
-o "position.txt" --decrypt "position.txt.pgp"
Platform:
Microsoft Windows 2000 [Version 5.00.2195]
gpg (GnuPG) 1.4.2.2
Any help would be appreciated.
Thanks
From bmord at iconnicholson.com Fri Apr 7 17:20:26 2006
From: bmord at iconnicholson.com (Benjamin Mord)
Date: Mon Apr 10 10:44:01 2006
Subject: Automated processes
Message-ID: <5B3792870442C04CA7CBD4D7C7D9812701F20A6D@exchange.iconnicholson.com>
(Don't encrypt the passphrase - if you do, then you still need a
passphrase to decrypt the passphrase, etc... etc...)
Asymmetric cryptography can be extremely handy for automated
encryption/decryption scenarios. For example, I sometimes have a
somewhat vulnerable general-purpose machine encrypt data using only a
public key, and write it somewhere shared. Then I'll have a tightly
secured single-purpose machine later read and decrypt that data for some
purpose. This is analogous to a one-way mail drop, where you trust the
mailman more than the general public. I use this technique in scenarios
where although both machines are somewhat trusted, one is machine is
more trusted than the other. This way the machine that does the
encryption has no knowledge of how to decrypt, so that if compromised,
only the data that it processes from point of compromise going forward
is in any kind of danger. (At this point you've reduced the security
problem to one of monitoring or periodic cleaning, e.g. periodic reboots
while running off read-only media.) The second machine is entrusted with
knowledge of how to decrypt, but in exchange it is tightly secured and
specialized for a single task.
Ben
-----Original Message-----
From: gnupg-users-bounces@gnupg.org
[mailto:gnupg-users-bounces@gnupg.org] On Behalf Of John M Church
Sent: Friday, April 07, 2006 10:16 AM
To: johnmoore3rd@joimail.com; GnuPG Users List
Subject: Re: Automated processes
I think it's simplistic to just brush-off this request as a user who
wants convenience. There are very valid reasons for automated
decryption. I'm working a similar project (and have my own issue - see
"Automated Decryption via Script Running Setuid" written 4/5/06). Seems
to me if you protect your script and you are behind a firewall you're
not 'trading security for convenience'. You can even encrypt the
passphrase in your script if you're afraid someone with sudo or root
priveldges could open your script.
John_inDenver
John W. Moore III wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA256
>
>jkaye wrote:
>
>
>
>>I know that for PGP, there's an environment setting that
>>can be used to prevent this. Is there a similar thing for
>>GnuPG, or do I have to jump through some hoops?
>>
>>
>
>Hmm.....Let me see if I've understood you. You desire to use GPG for
>security 'Point to Point' then swap security for convenience on your
end?
>
>My suggestion would be to either switch to Thunderbird w/Enigmail as
>your MUA. You can set Enigmail to 'remember' your passphrase for a
>specified length of time or until you Close the program.
>
>JOHN ;)
>Timestamp: Thursday 06 Apr 2006, 19:42 --400 (Eastern Daylight Time)
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.4-4094cvs: (MingW32)
>Comment: Public Key at: http://tinyurl.com/8cpho
>Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org
>Comment: Homepage: http://tinyurl.com/9ubue
>Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
>iQEcBAEBCAAGBQJENadvAAoJEBCGy9eAtCsPcecIAKLnkCbOlXQR7sWASIE0oaD7
>8Kf7rMw+Me2CSNujNCG6hqPOr4Uh9fhrfAtSVnqoSuq9t96SR5XRpfm7b46K+P3j
>1wLoYlwvEhpflhQaMe4x9awWEZDL4LUWswFU2Q9R/h3eDGyxAbXK1CR5vJ22XewJ
>25aUAlvYyndcN9G9LPDM6ypOgjKE/+/WAZ06Jegqh9oFQc7tENR0NwfQvi192411
>prOXFa3y8A46gswtffdK16FPDJiGiSmFgO+iq+tgWGYkMndH9mtHkY/r2vgBHoPZ
>xB/j9IWw33baG5Qe+XqZl8hkr5C8AVKZE+1KJjmx0lFM/SBSboYChDgPrJadAnA=
>=++kk
>-----END PGP SIGNATURE-----
>
>_______________________________________________
>Gnupg-users mailing list
>Gnupg-users@gnupg.org
>http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>
>
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
From wk at gnupg.org Mon Apr 10 10:53:30 2006
From: wk at gnupg.org (Werner Koch)
Date: Mon Apr 10 10:56:39 2006
Subject: [Announce] Gpg4win 1.0.0 released
In-Reply-To: <008E5F66F9BCC4B445CAA71E@[192.168.2.22]> (Thomas =?utf-8?Q?H?=
=?utf-8?Q?=C3=BChn's?= message
of "Sun, 09 Apr 2006 19:52:17 +0200")
References: <8764lld2fy.fsf@wheatstone.g10code.de>
<008E5F66F9BCC4B445CAA71E@[192.168.2.22]>
Message-ID: <8764lhq0ad.fsf@wheatstone.g10code.de>
On Sun, 09 Apr 2006 19:52:17 +0200, Thomas H?hn said:
> Is there no current man page included or did I just overlook it?
I just checked and indded the page is missing. With the old installer
(at ftp.gnupg.org/gcrypt/binary/) the man page is Doc/gpg.man
I'll add the man page to the next release of gpg4win.
> Is a current man page (including "cross-certify" etc.) available somewhere
> online?
No current one.
Salam-Shalom,
Werner
From huehn-ml at arcor.de Mon Apr 10 11:09:41 2006
From: huehn-ml at arcor.de (=?ISO-8859-1?Q?Thomas_H=FChn?=)
Date: Mon Apr 10 11:08:58 2006
Subject: [Announce] Gpg4win 1.0.0 released
In-Reply-To: <8764lhq0ad.fsf@wheatstone.g10code.de>
References: <8764lld2fy.fsf@wheatstone.g10code.de>
<008E5F66F9BCC4B445CAA71E@[192.168.2.22]>
<8764lhq0ad.fsf@wheatstone.g10code.de>
Message-ID: <5D6C60AC0FFC1B9FF263FC99@[192.168.2.22]>
Hi
--On Montag, 10. April 2006 10:53 +0200 Werner Koch wrote:
>
>> Is there no current man page included or did I just overlook it?
>
> I just checked and indded the page is missing. With the old installer
> (at ftp.gnupg.org/gcrypt/binary/) the man page is Doc/gpg.man
>
> I'll add the man page to the next release of gpg4win.
Fine.
>> Is a current man page (including "cross-certify" etc.) available
>> somewhere online?
>
> No current one.
I've put one at
Thomas
From wk at gnupg.org Mon Apr 10 11:34:12 2006
From: wk at gnupg.org (Werner Koch)
Date: Mon Apr 10 11:36:38 2006
Subject: More questions about: "gpg: WARNING: message was not integrity
protected"
In-Reply-To: <20060410001233.GA22289@jabberwocky.com> (David Shaw's message of
"Sun, 9 Apr 2006 20:12:33 -0400")
References:
<20060409222827.GB21747@jabberwocky.com>
<44399C52.2030001@sixdemonbag.org>
<20060410001233.GA22289@jabberwocky.com>
Message-ID: <871ww5pyej.fsf@wheatstone.g10code.de>
On Sun, 9 Apr 2006 20:12:33 -0400, David Shaw said:
> AES256 is vastly stronger than most people need in practice. Heck,
> CAST5 is vastly stronger than most people need in practice. Even so,
For some application there is one point which makes AES stronger that
CAST5 or similar: AES works on 128 bit blocks whereas the older
algorithms work on 64 bit blocks. The block size has nothing to do
with the key size but it is important too. It is connected to the
mode of operation (CFB mode for OpenPGP).
One of the the main reasons to develop AES was to increase the block
size. A large block size effectivly reduces the probabilty of
duplicate cryptograms which would allow to get some information about
the plaintext. If you regulary encrypt large amounts (GBs) of highly
sensitive data you are better off with a 128 block size algorithm.
Shalom-Salam,
Werner
From wk at gnupg.org Mon Apr 10 11:38:53 2006
From: wk at gnupg.org (Werner Koch)
Date: Mon Apr 10 11:41:42 2006
Subject: auto-key-locate pka (gpg version 1.4.3)
In-Reply-To: <4439F1EB.6030200@gmail.com> (alphasigmax@gmail.com's message of
"Mon, 10 Apr 2006 15:19:31 +0930")
References: <4438368F.2010500@leuenberger.net>
<20060409001148.GE27174@jabberwocky.com>
<87lkues8cx.fsf@athene.jamux.com>
<20060409231707.GD21747@jabberwocky.com> <4439F1EB.6030200@gmail.com>
Message-ID: <87wtdxojma.fsf@wheatstone.g10code.de>
On Mon, 10 Apr 2006 15:19:31 +0930, Alphax said:
> Will that also include "undocumented" features like --enarmor?
Undocumented? Hmmm. It is not very useful in practise but it has
been there for many years. You can expect that it will stay with us.
We need it for our regression tests.
Salam-Shalom,
Werner
From a24061 at yahoo.com Mon Apr 10 10:54:42 2006
From: a24061 at yahoo.com (Adam Funk)
Date: Mon Apr 10 11:54:18 2006
Subject: auto-key-locate pka (gpg version 1.4.3)
References: <4438368F.2010500@leuenberger.net>
<20060409001148.GE27174@jabberwocky.com>
<87lkues8cx.fsf@athene.jamux.com>
<20060409231707.GD21747@jabberwocky.com>
<4439F1EB.6030200__11847.5668401972$1144648613$gmane$org@gmail.com>
Message-ID:
On 2006-04-10, Alphax wrote:
> David Shaw wrote:
>> On Sun, Apr 09, 2006 at 06:16:14PM -0400, John A. Martin wrote:
>>>> "ds" == David Shaw
>>>> "Re: auto-key-locate pka (gpg version 1.4.3)"
>>>> Sat, 8 Apr 2006 20:11:48 -0400
>>> ds> This means that the build of GnuPG you has no DNS support (pka
>>> ds> and cert require DNS support, and ldap and keyserver don't).
>>>
>>> Wouldn't it be nice if 'gpg --version' printed a list of the features
>>> available in the version supported and not-supported by the
>>> executable?
>>
>> That's a good idea. I'll look at doing that.
>>
>
> Will that also include "undocumented" features like --enarmor?
Why is that now undocumented? I'm sure it used to be in the man page.
From RStorm at krohne.de Mon Apr 10 11:54:30 2006
From: RStorm at krohne.de (Storm Ralf)
Date: Mon Apr 10 11:54:41 2006
Subject: [gpgol] gpgol not working with Outlook 2002]
Message-ID:
Werner Koch said:
>
> On Thu, 16 Mar 2006 06:29:51 -0800, Roger Fischer said:
>
> > I downloaded gpgol-0.9.3 and tried it on my system
>
> Way too old. You should use the one included in the gpg4win
> installer: http://www.gpg4win.org.
Tried GPG4Win 1.0.0.
Can still reproduce Rogers bug No 2): "decryped mail not shown"
(in fact: same behaviour as with gpgol-0.9.3, GPG4Win 0.3.1, GPG4Win 0.6.0)
System: WinXP SP2 DE, OL 2002 SP3, GPG4Win 1.0.0 / GPGol 0.9.8
- Options in OL:
a) do not use MS Word to read or write
b) write mail text-only every time
c) read mail text-only every time (via RegKey "ReadAsPlain" = 1)
d) Ansicht | [x] Vorschaufenster (preview window open all the time)
- Options in GPGol: "[x] Auch im Vorschaufenster entschl?sseln" (also encrypt preview window)
Steps to reproduce:
1) Select encrypted mail
2) Answer question about mantra
3) preview window shows encryped mail (is this called ascii armor?) plus new attachmemnt "PGPol-Attestation.txt", which contains the text '?berpr?fung begann am: [...] Diese Unterschrift ist korrekt. Status der Unterschrift ist "gr?n"'
=> expected behaviour: show decryped mail
4) double click on same encrypted mail => new window
5) press "Nachricht entschl?sseln" (decrypt message) tool bar button
6) Answer question about mantra
7) Dismiss dialog saying "signature is correct"
8) window still shows encryped mail
=> expected behaviour: show decryped mail
9) save mail as "mail.pgp", double click on it in file manager of choice, answer mantra => mail is decrypted ok
Looking at GPGol log shows different behaviour after 2) and 6):
After 6), there is a section with
"display.cpp:update_display: window text is now 'complete decypted text of mail'"
This is not there after 2)!
However, the result is the same: no view of decrypeted text in OL.
best regards
Ralf
.
HINWEIS:
Diese E-Mail kann vertrauliche Informationen beinhalten und ist ausschliesslich fuer die im Verteiler genannten Personen bestimmt. Wenn Sie nicht im Verteiler genannt sind, lesen oder verbreiten Sie diese Informationen NICHT; loeschen Sie bitte diese E-Mail. Unsere ausgehenden E-Mails einschliesslich deren Anlagen werden mit aktuellen Virenscannern geprueft, wir uebernehmen aber keinerlei Garantie dafuer, dass diese E-Mail virenfrei ist.
Weiterhin uebernimmt die KROHNE Messtechnik keinerlei Verantwortung fuer einen evtl. Schaden oder Verlust, der sich aus dem Erhalt dieser Nachricht ergibt. Falls nicht ausdruecklich vermerkt, ist diese E-Mail keine gesetzlich bindende Vereinbarung.
NOTE:
The information transmitted in this email is for the person or entity to which it is addressed: it may contain information that is confidential and/or legally privileged. If you are not the intended recipient, please do not read, use, retransmit or disseminate this information.
Although this email and any attachments are believed to be free of any virus, it is the responsibility of the recipient to ensure that they are virus free. No responsibility is accepted by the KROHNE Company for any loss or damage arising from receipt of this message. Furthermore, unless explicitly stated, this email is in no way a legally binding agreement. The views represented in this email do not necessarily represent those of the corporation.
From dshaw at jabberwocky.com Mon Apr 10 14:11:25 2006
From: dshaw at jabberwocky.com (David Shaw)
Date: Mon Apr 10 14:10:44 2006
Subject: auto-key-locate pka (gpg version 1.4.3)
In-Reply-To: <4439F1EB.6030200@gmail.com>
References: <4438368F.2010500@leuenberger.net>
<20060409001148.GE27174@jabberwocky.com>
<87lkues8cx.fsf@athene.jamux.com>
<20060409231707.GD21747@jabberwocky.com>
<4439F1EB.6030200@gmail.com>
Message-ID: <20060410121125.GF21747@jabberwocky.com>
On Mon, Apr 10, 2006 at 03:19:31PM +0930, Alphax wrote:
> David Shaw wrote:
> > On Sun, Apr 09, 2006 at 06:16:14PM -0400, John A. Martin wrote:
> >>> "ds" == David Shaw
> >>> "Re: auto-key-locate pka (gpg version 1.4.3)"
> >>> Sat, 8 Apr 2006 20:11:48 -0400
> >> ds> This means that the build of GnuPG you has no DNS support (pka
> >> ds> and cert require DNS support, and ldap and keyserver don't).
> >>
> >> Wouldn't it be nice if 'gpg --version' printed a list of the features
> >> available in the version supported and not-supported by the
> >> executable?
> >
> > That's a good idea. I'll look at doing that.
> >
>
> Will that also include "undocumented" features like --enarmor?
No. There is no compile-time question whether enarmor exists or not.
It just exists. If you want a list of all keywords that GnuPG
understands, use "gpg --dump-options".
David
From a24061 at yahoo.com Mon Apr 10 14:37:57 2006
From: a24061 at yahoo.com (Adam Funk)
Date: Mon Apr 10 14:43:46 2006
Subject: auto-key-locate pka (gpg version 1.4.3)
References: <4438368F.2010500@leuenberger.net>
<20060409001148.GE27174@jabberwocky.com>
<87lkues8cx.fsf@athene.jamux.com>
<20060409231707.GD21747@jabberwocky.com>
<4439F1EB.6030200@gmail.com>
<20060410121125.GF21747__11582.6078261764$1144671590$gmane$org@jabberwocky.com>
Message-ID: <560qg3-9gi.ln1@news.ducksburg.com>
On 2006-04-10, David Shaw wrote:
> No. There is no compile-time question whether enarmor exists or not.
> It just exists. If you want a list of all keywords that GnuPG
> understands, use "gpg --dump-options".
Isn't that an undocumented option too? I've just tried "gpg --help
|grep dump" and "man gpg" with a search for dump, and they both find
nothing.
From dshaw at jabberwocky.com Mon Apr 10 14:52:48 2006
From: dshaw at jabberwocky.com (David Shaw)
Date: Mon Apr 10 14:52:03 2006
Subject: More questions about: "gpg: WARNING: message was not integrity
protected"
In-Reply-To:
References:
<20060409222827.GB21747@jabberwocky.com>
Message-ID: <20060410125248.GG21747@jabberwocky.com>
On Sun, Apr 09, 2006 at 11:11:48PM -0300, Trevor Smith wrote:
> On 9-Apr-06, at 7:28 PM, David Shaw wrote:
> >MDC can be forced on via --force-mdc. As Werner said, the preference
>
> Excellent. So, the follow-up question is, should one use this option
> for files symmetrically encrypted for long-term storage (like if
> burned to a CD)?
You should really use MDC whenever you can. The only time you should
not use it is when communicating with someone who can't read it. If
you are encrypting to yourself, you can assume you can read it, of
course.
> >system will automatically handle this for public key encryption. For
> >symmetric encryption (which has no preference system), you can use
> >--force-mdc if you want a MDC.
>
> Can you briefly explain this "preference system"? As in, does this
> mean a given public key may/will have a preference for some algo
> stored in it and when my copy of GPG attempts to encrypt to that
> public key, it uses that symmetric cipher (when possible)?
Basically, yes.
Every key has a number of preferences on it (they live on the
self-signature). The union of these lists are taken together which
results in a list of ciphers that everyone can handle. That is, it
doesn't matter in terms of interoperability which cipher is chosen
from this list. To make sure that there is always a choice even if
the union is empty, in this case 3DES is used. Finally, your
personal-cipher-preferences are consulted to pick the one from this
list that you personally like best. MDC works similarly: each key is
consulted to see if it can handle MDC. If all can, then MDC is used.
If AES or TWOFISH happens to be in the preferences, then it is assumed
that MDC exists even if the MDC-is-usable flag isn't set.
Have you ever bought a pizza with a number of people? The preference
system is a bit like that. Everyone seems to like a different topping
on the pizza but can more or less agree on something. (Though you
can't get half one thing and half another with crypto!)
> >In an effort to increase the use of MDC, it was noted that all
> >implementations that could handle AES could also handle MDC. Thus,
> >using any AES (or TWOFISH) turns the MDC flag on for you.
>
> Ah, great! So there are at least two benefits of using AES over CAST5
> then (larger keyspace and MDC turned on).
Three. I had forgotten for a moment the larger blocksize of AES256, as
Werner pointed out.
You could turn the MDC flag on for CAST5 for yourself, of course, but
that still leaves the larger keyspace and larger blocksize that AES256
has.
> >It is, but this is not a complete answer. Neither of you should have
> >a cipher-algo set in your gpg.conf file. If you do, you're fighting
> >against all the automatic parts of the system. Let GPG do what it is
>
> Fair enough. I had set it because I was archiving some things for
> long-term storage and discovered it was defaulting to CAST5 and
> thought, why not use the largest keyspace I can?
>
> But your point is taken, because I understand now that I was also
> forcing asymmetric encryption to use AES256 as the session cipher,
> which might cause problems.
>
> Then again, if I send emails that I might not want people to decrypt
> 5 or 10 years from now, would I want session ciphers to be defaulting
> to AES256 instead of CAST5? Why is this the default?
Backwards compatibility. CAST5 has been around it seems forever.
AES256 hasn't.
It's fine to use AES256, just don't do it with "cipher-algo AES256".
Use "personal-cipher-prefs" instead, and list the ciphers you prefer
in the order you prefer them. Then AES256 will be used whenever it is
possible to use it (including --symmetric encryption), rather than
forcing AES256 even when the recipient won't be able to read it.
Incidentally, AES256 is really, really strong. How strong is your
public key? In most cases, the public key is not as strong as AES256,
so an attacker may choose to go up against the weaker public key
encryption and not attack AES256 at all. The NIST people estimate
that you'd need a 15360-bit DSA or RSA key to match the strength of
AES256...
Nothing wrong with using AES256 anyway, of course, so long as your
public key is strong enough for your purposes.
David
From trevor at haligonian.com Mon Apr 10 16:47:21 2006
From: trevor at haligonian.com (Trevor Smith)
Date: Mon Apr 10 17:08:16 2006
Subject: More questions about: "gpg: WARNING: message was not integrity
protected"
In-Reply-To: <20060410125248.GG21747@jabberwocky.com>
References:
<20060409222827.GB21747@jabberwocky.com>
<20060410125248.GG21747@jabberwocky.com>
Message-ID:
On 10-Apr-06, at 9:52 AM, David Shaw wrote:
> Backwards compatibility. CAST5 has been around it seems forever.
> AES256 hasn't.
Ah, I see.
> It's fine to use AES256, just don't do it with "cipher-algo AES256".
> Use "personal-cipher-prefs" instead, and list the ciphers you prefer
thanks for the tip! (Interestingly, vim "knows" all the other options
in my gpg.conf file and syntax highlights them, but personal-cipher-
prefs appears to be unknown to it so at first I thought I had typed
something wrong because it didn't get highlighted.)
> Incidentally, AES256 is really, really strong. How strong is your
> public key? In most cases, the public key is not as strong as AES256,
Thanks. That's also an excellent point. (Naturally, my public key is
not 15360-bit.)
--
Trevor Smith
trevor@haligonian.com
From dshaw at jabberwocky.com Mon Apr 10 18:13:53 2006
From: dshaw at jabberwocky.com (David Shaw)
Date: Mon Apr 10 18:13:31 2006
Subject: More questions about: "gpg: WARNING: message was not integrity
protected"
In-Reply-To:
References:
<20060409222827.GB21747@jabberwocky.com>
<20060410125248.GG21747@jabberwocky.com>
Message-ID: <20060410161353.GB24524@jabberwocky.com>
On Mon, Apr 10, 2006 at 11:47:21AM -0300, Trevor Smith wrote:
> On 10-Apr-06, at 9:52 AM, David Shaw wrote:
> >Backwards compatibility. CAST5 has been around it seems forever.
> >AES256 hasn't.
>
> Ah, I see.
>
> >It's fine to use AES256, just don't do it with "cipher-algo AES256".
> >Use "personal-cipher-prefs" instead, and list the ciphers you prefer
>
> thanks for the tip! (Interestingly, vim "knows" all the other options
> in my gpg.conf file and syntax highlights them, but personal-cipher-
> prefs appears to be unknown to it so at first I thought I had typed
> something wrong because it didn't get highlighted.)
Try "personal-cipher-preferences". Maybe vim only highlights the
longer form of the name.
David
From wk at gnupg.org Mon Apr 10 20:35:21 2006
From: wk at gnupg.org (Werner Koch)
Date: Mon Apr 10 21:06:59 2006
Subject: auto-key-locate pka (gpg version 1.4.3)
In-Reply-To: <560qg3-9gi.ln1@news.ducksburg.com> (Adam Funk's message of "Mon,
10 Apr 2006 13:37:57 +0100")
References: <4438368F.2010500@leuenberger.net>
<20060409001148.GE27174@jabberwocky.com>
<87lkues8cx.fsf@athene.jamux.com>
<20060409231707.GD21747@jabberwocky.com> <4439F1EB.6030200@gmail.com>
<20060410121125.GF21747__11582.6078261764$1144671590$gmane$org@jabberwocky.com>
<560qg3-9gi.ln1@news.ducksburg.com>
Message-ID: <87vethwa6u.fsf@wheatstone.g10code.de>
On Mon, 10 Apr 2006 13:37:57 +0100, Adam Funk said:
> Isn't that an undocumented option too? I've just tried "gpg --help
> |grep dump" and "man gpg" with a search for dump, and they both find
> nothing.
Yes, this is indeed not documented. It stems from some experiments
with auto command line completion.
Salam-Shalom,
Werner
From michael at vorlon.ping.de Tue Apr 11 13:55:17 2006
From: michael at vorlon.ping.de (Michael Bienia)
Date: Tue Apr 11 13:54:29 2006
Subject: scdaemon forgets sometimes some data from an OpenPGP card
Message-ID: <20060411115517.GA5179@vorlon.ping.de>
Hello,
I've a problem that sometimes gpg --card-status doesn't display all data
from the OpenPGP card (I've use-agent in my gpg.conf).
If I plug in the card the first time after booting, the output of
gpg --card-status is as expected. But I call gpg --card-status again the
field for PIN length and the counters display zeros:
| Max. PIN lengths .: 0 0 0
| PIN retry counter : 0 0 0
| Signature counter : 0
If the card is in this state it can't be used. After killing scdaemon or
reinserting the card it works again.
Michael
From michael at vorlon.ping.de Tue Apr 11 14:00:56 2006
From: michael at vorlon.ping.de (Michael Bienia)
Date: Tue Apr 11 14:00:07 2006
Subject: setting the url field of a OpenPGP fails when using gpg-agent
Message-ID: <20060411120056.GB5179@vorlon.ping.de>
Hello,
if I try to set the url field of an OpenPGP card using gpg with
gpg-agent it fails with the following error:
| gpg: sending command `SCD SETATTR' to agent failed: ec=6.32769
| gpg: error setting URL: general error
But I can set an url if I use gpg without gpg-agent.
Michael
From wk at gnupg.org Tue Apr 11 17:03:46 2006
From: wk at gnupg.org (Werner Koch)
Date: Tue Apr 11 17:06:47 2006
Subject: setting the url field of a OpenPGP fails when using gpg-agent
In-Reply-To: <20060411120056.GB5179@vorlon.ping.de> (Michael Bienia's message
of "Tue, 11 Apr 2006 14:00:56 +0200")
References: <20060411120056.GB5179@vorlon.ping.de>
Message-ID: <87lkucqhm5.fsf@wheatstone.g10code.de>
On Tue, 11 Apr 2006 14:00:56 +0200, Michael Bienia said:
> if I try to set the url field of an OpenPGP card using gpg with
> gpg-agent it fails with the following error:
> | gpg: sending command `SCD SETATTR' to agent failed: ec=6.32769
> | gpg: error setting URL: general error
> But I can set an url if I use gpg without gpg-agent.
To debug this, you need to use a log file scdaemon and enable
debugging. Put
log-file socket:///home/YOU/.gnupg/S.log
verbose
debug 2048
into scdaemon.conf and restart it. Then attach
watchgnupg --force ~/.gnupg/S.log
(you may have this already running or using the KDE frontend).
Shalom-Salam,
Werner
From wk at gnupg.org Tue Apr 11 17:01:21 2006
From: wk at gnupg.org (Werner Koch)
Date: Tue Apr 11 17:06:53 2006
Subject: scdaemon forgets sometimes some data from an OpenPGP card
In-Reply-To: <20060411115517.GA5179@vorlon.ping.de> (Michael Bienia's message
of "Tue, 11 Apr 2006 13:55:17 +0200")
References: <20060411115517.GA5179@vorlon.ping.de>
Message-ID: <87psjoqhq6.fsf@wheatstone.g10code.de>
On Tue, 11 Apr 2006 13:55:17 +0200, Michael Bienia said:
> I've a problem that sometimes gpg --card-status doesn't display all data
> from the OpenPGP card (I've use-agent in my gpg.conf).
If possible, please try the scdaemon from svn. Quite some things have
been fixed since the last release in December.
Salam-Shalom,
Werner
From michael at vorlon.ping.de Tue Apr 11 21:14:28 2006
From: michael at vorlon.ping.de (Michael Bienia)
Date: Tue Apr 11 21:13:52 2006
Subject: scdaemon forgets sometimes some data from an OpenPGP card
In-Reply-To: <87psjoqhq6.fsf@wheatstone.g10code.de>
References: <20060411115517.GA5179@vorlon.ping.de>
<87psjoqhq6.fsf@wheatstone.g10code.de>
Message-ID: <20060411191428.GA30302@vorlon.ping.de>
On 2006-04-11 17:01:21 +0200, Werner Koch wrote:
> On Tue, 11 Apr 2006 13:55:17 +0200, Michael Bienia said:
>
> > I've a problem that sometimes gpg --card-status doesn't display all data
> > from the OpenPGP card (I've use-agent in my gpg.conf).
>
> If possible, please try the scdaemon from svn. Quite some things have
> been fixed since the last release in December.
This is a recent svn version of scdaemon (svn version 4096).
Michael
From michael at vorlon.ping.de Tue Apr 11 23:43:57 2006
From: michael at vorlon.ping.de (Michael Bienia)
Date: Tue Apr 11 23:43:31 2006
Subject: setting the url field of a OpenPGP fails when using gpg-agent
In-Reply-To: <87lkucqhm5.fsf@wheatstone.g10code.de>
References: <20060411120056.GB5179@vorlon.ping.de>
<87lkucqhm5.fsf@wheatstone.g10code.de>
Message-ID: <20060411214357.GA31330@vorlon.ping.de>
On 2006-04-11 17:03:46 +0200, Werner Koch wrote:
> On Tue, 11 Apr 2006 14:00:56 +0200, Michael Bienia said:
>
> > if I try to set the url field of an OpenPGP card using gpg with
> > gpg-agent it fails with the following error:
> > | gpg: sending command `SCD SETATTR' to agent failed: ec=6.32769
> > | gpg: error setting URL: general error
> > But I can set an url if I use gpg without gpg-agent.
>
> To debug this, you need to use a log file scdaemon and enable
> debugging.
Here is the debug output:
,----
| [client at fd 4 connected]
| 4 - 2006-04-11 23:34:59 scdaemon[31472]: DBG: APDU_data: 00 CA 00 C4 00
| 4 - 2006-04-11 23:34:59 scdaemon[31472]: DBG: response: sw=9000 datalen=7
| 4 - 2006-04-11 23:34:59 scdaemon[31472]: DBG: dump: 00 FE FE FE 03 03 03
| 4 - 2006-04-11 23:34:59 scdaemon[31472]: DBG: send apdu: c=00 i=CA p0=00 p1=7A lc=-1 le=256
| 4 - 2006-04-11 23:34:59 scdaemon[31472]: DBG: APDU_data: 00 CA 00 7A 00
| 4 - 2006-04-11 23:34:59 scdaemon[31472]: DBG: response: sw=9000 datalen=5
| 4 - 2006-04-11 23:34:59 scdaemon[31472]: DBG: dump: 93 03 00 00 16
| 4 - 2006-04-11 23:35:03 scdaemon[31472]: access to admin commands is not configured
`----
Looking at the available options for scdaemon, is adding allow-admin
into scdaemon.conf the correct solution for my problem? It is safe to
use allow-admin?
Michael
From RStorm at krohne.de Wed Apr 12 08:46:21 2006
From: RStorm at krohne.de (Storm Ralf)
Date: Wed Apr 12 08:46:38 2006
Subject: [gpgol] gpgol not working with Outlook 2002]
Message-ID:
me wrote:
> Tried GPG4Win 1.0.0.
>
> Can still reproduce Rogers bug No 2): "decryped mail not shown"
>
>
> System: WinXP SP2 DE, OL 2002 SP3, GPG4Win 1.0.0 / GPGol 0.9.8
Encrypting of mail to send does not work either:
Steps to reproduce
1) write new mail
2) press "encrypt mail" toolbar button
3) select key(s)
=>
Mail is send (no warning, no error msg). Body is plaintext as before,
only attachment is encrypted.
Now, _this_ is serious.
btw: there is no warning that GPGol does not work with this version of
OL - as written in the "einsteiger.pdf" manual, page 49.
bye
Ralf
.
HINWEIS:
Diese E-Mail kann vertrauliche Informationen beinhalten und ist ausschliesslich fuer die im Verteiler genannten Personen bestimmt. Wenn Sie nicht im Verteiler genannt sind, lesen oder verbreiten Sie diese Informationen NICHT; loeschen Sie bitte diese E-Mail. Unsere ausgehenden E-Mails einschliesslich deren Anlagen werden mit aktuellen Virenscannern geprueft, wir uebernehmen aber keinerlei Garantie dafuer, dass diese E-Mail virenfrei ist.
Weiterhin uebernimmt die KROHNE Messtechnik keinerlei Verantwortung fuer einen evtl. Schaden oder Verlust, der sich aus dem Erhalt dieser Nachricht ergibt. Falls nicht ausdruecklich vermerkt, ist diese E-Mail keine gesetzlich bindende Vereinbarung.
NOTE:
The information transmitted in this email is for the person or entity to which it is addressed: it may contain information that is confidential and/or legally privileged. If you are not the intended recipient, please do not read, use, retransmit or disseminate this information.
Although this email and any attachments are believed to be free of any virus, it is the responsibility of the recipient to ensure that they are virus free. No responsibility is accepted by the KROHNE Company for any loss or damage arising from receipt of this message. Furthermore, unless explicitly stated, this email is in no way a legally binding agreement. The views represented in this email do not necessarily represent those of the corporation.
From twoaday at gmx.net Wed Apr 12 12:15:44 2006
From: twoaday at gmx.net (Timo Schulz)
Date: Wed Apr 12 12:12:03 2006
Subject: GnuPG for Outlook Express
Message-ID: <20060412101544.GA1087@daredevil.joesixpack.net>
Hi!
After years in the frozen state, I decided to reawake GPGoe again.
For those who don't know GPGoe, it's a GPG plug-in for the Outlook
Express mailer. It provides inline-PGP operations (sign, encrypt, both)
and some features to make replies to encrypted mails a lot of easier.
And of course it's free software under the terms of the LGPL.
Maybe some users are forced to use OE and they want at least use
inline-PGP to secure and/or verify messages. In this case, GPGoe
might be the right choice.
The program (and also the source) can be downloaded here:
http://wald.intevation.org/projects/gpgoe
Timo
From wk at gnupg.org Wed Apr 12 12:34:29 2006
From: wk at gnupg.org (Werner Koch)
Date: Wed Apr 12 12:36:48 2006
Subject: [gpgol] gpgol not working with Outlook 2002]
In-Reply-To:
(Storm Ralf's message of "Wed, 12 Apr 2006 08:46:21 +0200")
References:
Message-ID: <87irpfozey.fsf@wheatstone.g10code.de>
On Wed, 12 Apr 2006 08:46:21 +0200, Storm Ralf said:
> btw: there is no warning that GPGol does not work with this version of
> OL - as written in the "einsteiger.pdf" manual, page 49.
Can you please enable debugging and send me the lines giving the
version. They should read like:
440/GPGol: this is gpgol 0.9.8
440/GPGol: detected Outlook build version 0xd0625 (13.1573)
440/GPGol: actual version 0x1030400 (1.3.4.0)
440/GPGol: virtual version 0x1030400 (1.3.4.0)
Salam-Shalom,
Werner
From wk at gnupg.org Wed Apr 12 12:36:55 2006
From: wk at gnupg.org (Werner Koch)
Date: Wed Apr 12 12:41:44 2006
Subject: setting the url field of a OpenPGP fails when using gpg-agent
In-Reply-To: <20060411214357.GA31330@vorlon.ping.de> (Michael Bienia's message
of "Tue, 11 Apr 2006 23:43:57 +0200")
References: <20060411120056.GB5179@vorlon.ping.de>
<87lkucqhm5.fsf@wheatstone.g10code.de>
<20060411214357.GA31330@vorlon.ping.de>
Message-ID: <87ek03ozaw.fsf@wheatstone.g10code.de>
On Tue, 11 Apr 2006 23:43:57 +0200, Michael Bienia said:
> Looking at the available options for scdaemon, is adding allow-admin
> into scdaemon.conf the correct solution for my problem? It is safe to
> use allow-admin?
Right. I forgot about this. I introduced --allow-admin to give
sysadmins a way to forbid users to do possible evil things (like
trying over and over to unlock a blocked PIN and by that permanently
locking the card).
Yes, it is safe to enable --allow-admin
Shalom-Salam,
Werner
From wk at gnupg.org Wed Apr 12 12:39:10 2006
From: wk at gnupg.org (Werner Koch)
Date: Wed Apr 12 12:41:52 2006
Subject: scdaemon forgets sometimes some data from an OpenPGP card
In-Reply-To: <20060411191428.GA30302@vorlon.ping.de> (Michael Bienia's message
of "Tue, 11 Apr 2006 21:14:28 +0200")
References: <20060411115517.GA5179@vorlon.ping.de>
<87psjoqhq6.fsf@wheatstone.g10code.de>
<20060411191428.GA30302@vorlon.ping.de>
Message-ID: <87acaroz75.fsf@wheatstone.g10code.de>
On Tue, 11 Apr 2006 21:14:28 +0200, Michael Bienia said:
> This is a recent svn version of scdaemon (svn version 4096).
There is a race with removing and inserting the card. We are currently
looking into it.
Salam-Shalom,
Werner
From RStorm at krohne.de Wed Apr 12 13:15:13 2006
From: RStorm at krohne.de (Storm Ralf)
Date: Wed Apr 12 13:16:05 2006
Subject: [gpgol] gpgol not working with Outlook 2002]
Message-ID:
> Can you please enable debugging and send me the lines giving
> the version. They should read like:
>
> 440/GPGol: this is gpgol 0.9.8
> 440/GPGol: detected Outlook build version 0xd0625 (13.1573)
> 440/GPGol: actual version 0x1030400 (1.3.4.0)
> 440/GPGol: virtual version 0x1030400 (1.3.4.0)
getting this:
1348/GPGol: this is gpgol 0.9.8
1348/GPGol: detected Outlook build version 0xd0625 (13.1573)
1348/GPGol: actual version 0x1030400 (1.3.4.0)
1348/GPGol: virtual version 0x1030400 (1.3.4.0)
Outlook calls itself
"Outlook 2002 (10.6515.6626) SP3"
outlook.exe has 47816 bytes and is from 29.1.2004. File properties
report product version as 10.0.6626.0
bye
Ralf
.
HINWEIS:
Diese E-Mail kann vertrauliche Informationen beinhalten und ist ausschliesslich fuer die im Verteiler genannten Personen bestimmt. Wenn Sie nicht im Verteiler genannt sind, lesen oder verbreiten Sie diese Informationen NICHT; loeschen Sie bitte diese E-Mail. Unsere ausgehenden E-Mails einschliesslich deren Anlagen werden mit aktuellen Virenscannern geprueft, wir uebernehmen aber keinerlei Garantie dafuer, dass diese E-Mail virenfrei ist.
Weiterhin uebernimmt die KROHNE Messtechnik keinerlei Verantwortung fuer einen evtl. Schaden oder Verlust, der sich aus dem Erhalt dieser Nachricht ergibt. Falls nicht ausdruecklich vermerkt, ist diese E-Mail keine gesetzlich bindende Vereinbarung.
NOTE:
The information transmitted in this email is for the person or entity to which it is addressed: it may contain information that is confidential and/or legally privileged. If you are not the intended recipient, please do not read, use, retransmit or disseminate this information.
Although this email and any attachments are believed to be free of any virus, it is the responsibility of the recipient to ensure that they are virus free. No responsibility is accepted by the KROHNE Company for any loss or damage arising from receipt of this message. Furthermore, unless explicitly stated, this email is in no way a legally binding agreement. The views represented in this email do not necessarily represent those of the corporation.
From wk at gnupg.org Wed Apr 12 18:55:20 2006
From: wk at gnupg.org (Werner Koch)
Date: Wed Apr 12 19:01:49 2006
Subject: [gpgol] gpgol not working with Outlook 2002]
In-Reply-To:
(Storm Ralf's message of "Wed, 12 Apr 2006 13:15:13 +0200")
References:
Message-ID: <87bqv6ohs7.fsf@wheatstone.g10code.de>
On Wed, 12 Apr 2006 13:15:13 +0200, Storm Ralf said:
> 1348/GPGol: detected Outlook build version 0xd0625 (13.1573)
> 1348/GPGol: actual version 0x1030400 (1.3.4.0)
> 1348/GPGol: virtual version 0x1030400 (1.3.4.0)
> Outlook calls itself
> "Outlook 2002 (10.6515.6626) SP3"
Shows exactly the same version numbers as my OL2003SP2.
> outlook.exe has 47816 bytes and is from 29.1.2004. File properties
> report product version as 10.0.6626.0
Mine is 196608 bytes, file version 11.0.6565.0. The date seems to be
irrlevant as it is the installation date.
Given that it is build up out of dozens or hundreds of components it
is no miracle that some things diverge. No idea what to do about
this. I guess we need to look for more version numbers as the offical
ones are not sufficient.
Shalom-Salam,
Werner
From engage at n0sq.us Thu Apr 13 02:07:50 2006
From: engage at n0sq.us (engage)
Date: Thu Apr 13 03:26:18 2006
Subject: GnuPG for Outlook Express
In-Reply-To: <20060412101544.GA1087@daredevil.joesixpack.net>
References: <20060412101544.GA1087@daredevil.joesixpack.net>
Message-ID: <200604121807.51169.engage@n0sq.us>
On Wednesday 12 April 2006 04:15 am, Timo Schulz wrote:
>Hi!
>
>After years in the frozen state, I decided to reawake GPGoe again.
>
>For those who don't know GPGoe, it's a GPG plug-in for the Outlook
>Express mailer. It provides inline-PGP operations (sign, encrypt, both)
>and some features to make replies to encrypted mails a lot of easier.
>And of course it's free software under the terms of the LGPL.
>
>Maybe some users are forced to use OE and they want at least use
>inline-PGP to secure and/or verify messages. In this case, GPGoe
>might be the right choice.
>
>The program (and also the source) can be downloaded here:
>http://wald.intevation.org/projects/gpgoe
>
I don't use OE but I have a few friends that do and I have been trying to help
them to get GPG working under Windows XP since PGP is not provided free for
XP. But I have been having a lot of trouble getting the GPG plug in for OE to
work. Even WinPT has been problematic. Since my friends are Windows users
they aren't interested in the CLI and most have abandoned e-mail encryption
since it isn't as user friendly as it once was. It does appear that the
e-mail program that comes bundled with gpg4win works well with GPG but my
friends are unwilling to change e-mail clients. I realize that GPG is
freeware that is being developed by volunteers but I would like to see GPG
become rock solid because I want my friends to continue to use e-mail
encryption. Since they are unwilling to pay for PGP it's unlikely that they
will donate money for a program that they have a lot of difficulty using. If
GPGoe works out maybe they'll be interested in doing e-mail encryption again.
From cboyce at msm.edu Mon Apr 10 20:18:39 2006
From: cboyce at msm.edu (Boyce, Collin)
Date: Thu Apr 13 10:42:59 2006
Subject: MPI too large
Message-ID:
When decrypting a file I get the following error message. I saw
previous posts but was unable to find what the resolution
Error:
gpg: mpi too large for this implementation (55559 bits)
Command line
Echo passpharase| gpg --passphrase-fd 0 -u xx@xx.edu --batch --openpgp
-o "position.txt" --decrypt "position.txt.pgp"
Platform:
Microsoft Windows 2000 [Version 5.00.2195]
gpg (GnuPG) 1.4.2.2
Any help would be appreciated.
Thanks
From wk at gnupg.org Thu Apr 13 14:17:06 2006
From: wk at gnupg.org (Werner Koch)
Date: Thu Apr 13 14:21:41 2006
Subject: MPI too large
In-Reply-To: (Collin
Boyce's message of "Mon, 10 Apr 2006 14:18:39 -0400")
References:
Message-ID: <87d5flmzzx.fsf@wheatstone.g10code.de>
On Mon, 10 Apr 2006 14:18:39 -0400, Boyce, Collin said:
> Error:
> gpg: mpi too large for this implementation (55559 bits)
The input file is corrupted. Compare position.txt.pgp against the
orginal version at the sender's side. You may use
gpg --print-md sha1 position.txt.pgp
to get a checksum which you can compare by mail or even phone.
Salam-Shalom,
Werner
From widhalmt at unix.sbg.ac.at Fri Apr 14 10:10:11 2006
From: widhalmt at unix.sbg.ac.at (Thomas Widhalm)
Date: Fri Apr 14 11:26:31 2006
Subject: New CA in Austria
Message-ID: <443F58E3.4040108@unix.sbg.ac.at>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi!
We established a gpg Key for the Unix- servers of the University of
Salzburg. And we want to offer signatures by our Certification key to
the public.
So if you are interested in signatures to your key, you may contact me
via this email- address. I can guide you how to get one. Please
understand, that you have to visit us in person.
We are looking for cross- signatures with other CAs, too. So please
contact us, if you want to change signatures.
Regards,
Thomas
- --
*****************************************************************
* Thomas Widhalm Unix Administrator *
* University of Salzburg ITServices (ITS) *
* Systems Management Unix Systems *
* Hellbrunnerstr. 34 5020 Salzburg, Austria *
* widhalmt@unix.sbg.ac.at +43/662/8044-6774 *
* gpg: 6265BAE6 *
* http://www.sbg.ac.at/zid/organisation/mitarbeiter/widhalm.htm *
*****************************************************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFEP1jjkbjs3GJluuYRApXcAKCCDIGVfwORtLOTapzG61ntAGT79QCgoUGp
+gbheTkDSlEDyqr0LEo8wBw=
=lnaA
-----END PGP SIGNATURE-----
From ml at bitfalle.org Fri Apr 14 14:44:49 2006
From: ml at bitfalle.org (markus reichelt)
Date: Fri Apr 14 16:26:23 2006
Subject: New CA in Austria / Linuxtage Wiesbaden
In-Reply-To: <443F58E3.4040108@unix.sbg.ac.at>
References: <443F58E3.4040108@unix.sbg.ac.at>
Message-ID: <20060414124449.GA8361@dantooine>
* Thomas Widhalm wrote:
> We are looking for cross- signatures with other CAs, too. So please
> contact us, if you want to change signatures.
Sorry for hijacking, but I guess the easiest way of obtaining those
soon is to attend the upcoming Linuxtage in Wiesbaden, Germany, since
it's the largest of all Linuxtage events in Germany. Chances are
pretty high that you'll be able to make interesting contacts there.
There's also a key-signing party which somehow seems to be not listed
in the official programme:
http://www.linuxtag.org/2006/en/community/keysigning.html
I plan to attend on May 5th & 6th.
--
left blank, right bald
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : /pipermail/attachments/20060414/d30d46d6/attachment.pgp
From mcarroll at yesbank.com Fri Apr 14 17:55:55 2006
From: mcarroll at yesbank.com (mcarroll)
Date: Fri Apr 14 18:16:51 2006
Subject: GPG Logfile
Message-ID: <3918815.post@talk.nabble.com>
is it possbile after decrypting a file, to generate a logfile describing what
has been decrypted or if the process fails, list what happened? I tried
this but it produced an empty logfile...
gpg --always-trust --batch --decrypt -o pp26.pgp.txt PKTMP002.xls
>logfile.txt
Anyone have any ideas?
--
View this message in context: http://www.nabble.com/GPG-Logfile-t1450427.html#a3918815
Sent from the GnuPG - User forum at Nabble.com.
From feitao at msn.com Sat Apr 15 04:00:12 2006
From: feitao at msn.com (feitao)
Date: Sat Apr 15 04:49:11 2006
Subject: Filename is not embedded when using redirection
Message-ID:
Hi,
My environment is Windows XP, gpg 1.4.2.2. I just found out that the
following are different:
1) gpg -o a.gpg -e a.txt
2) gpg -e < a.txt > a.gpg
When using -o, the gpg file embeds the original filename, thus
gpg --use-embedded-filenmae a.gpg
is valid. However, 2) does not embed the filename, and
gpg --use-embedded-filenmae a.gpg
prints to stdout.
My question is how I can embed the filename using Method 2 (< >)? The reason
I hate Method 1 (-o) is that it fails for large (~5G) files in Windows XP.
Thanks a lot!
Fei
From tmz at pobox.com Sat Apr 15 07:12:50 2006
From: tmz at pobox.com (Todd Zullinger)
Date: Sat Apr 15 07:13:08 2006
Subject: Filename is not embedded when using redirection
In-Reply-To: <000001c66030$54cd1160$a3292480@yale95629b92ac>
References: <000001c66030$54cd1160$a3292480@yale95629b92ac>
Message-ID: <20060415051249.GD29224@psilocybe.teonanacatl.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
feitao wrote:
> Hi,
>
> My environment is Windows XP, gpg 1.4.2.2. I just found out that the
> following are different:
> 1) gpg -o a.gpg -e a.txt
> 2) gpg -e < a.txt> a.gpg
>
> When using -o, the gpg file embeds the original filename, thus
> gpg --use-embedded-filenmae a.gpg
> is valid. However, 2) does not embed the filename, and
> gpg --use-embedded-filenmae a.gpg
> prints to stdout.
>
> My question is how I can embed the filename using Method 2 (<>)? The
> reason I hate Method 1 (-o) is that it fails for large (~5G) files
> in Windows XP.
I haven't tested this, but --set-filename looks like the option you
want to check out.
- --
Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
======================================================================
Dawn, n.:
The time when men of reason go to bed.
-- Ambrose Bierce, "The Devil's Dictionary"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.
iG0EARECAC0FAkRAgNEmGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt
ei5hc2MACgkQuv+09NZUB1o/mgCgpV7pW9C/oyUJzwSMMCzV1veAe4QAoKhQQiEM
GHrqZy5Uor1v/v4dVH75
=tq1k
-----END PGP SIGNATURE-----
From feitao at msn.com Sat Apr 15 08:33:21 2006
From: feitao at msn.com (feitao)
Date: Sat Apr 15 08:33:17 2006
Subject: Non-ascii embedded filename
Message-ID:
Hi,
Sorry for my last post. --set-filename sets the filename.
But it seems gpg has some problem with some Chinese characters. For =
example,
it interprets '=82S' as '\x8S':=20
gpg --set-filename "A=82S.txt" -e < d.txt > c.gpg
gpg --use-embedded-filename -v c.gpg=20
gpg: original file name=3D'A=82S.txt'
gpg: error creating `A\x8S.txt': No such file or directory
Thanks for your attention.
Fei
From leonleon77 at hotmail.com Sat Apr 15 07:35:25 2006
From: leonleon77 at hotmail.com (leon z)
Date: Sat Apr 15 09:26:08 2006
Subject: supported ciphers... in CBC mode?
Message-ID:
Hi all, my
"gpg --version"
lists various algos (e.g. AES, 3DES, etc.) as being supported... is there a
way to determine if such algos are used in CBC mode by gpg (or is it a
default behaviour?)...
for example, documentation for other software such as cryptographic device
drivers (cgd) in NetBSD explicitly states that aes algo is supported as
aes-cbc mode... is there a similar kind of information available for gnupg?
regards,
Leon.
_________________________________________________________________
Win 1000s of music downloads and Party MeeGos instantly. Play now!
http://ninemsn.com.au/share/redir/adTrack.asp?mode=click&clientID=689&referral=hotmailtagline&URL=http://partyfever.ninemsn.com.au/compintro.aspx?compid=209
From dennis at discworld.ping.de Sat Apr 15 10:18:33 2006
From: dennis at discworld.ping.de (Dennis Heitmann)
Date: Sat Apr 15 12:45:22 2006
Subject: GPG Logfile
In-Reply-To: <3918815.post@talk.nabble.com>
References: <3918815.post@talk.nabble.com>
Message-ID: <4440AC59.2060208@discworld.ping.de>
Try gpg --blahblah > logfile.txt 2>&1
Then you'll redirect stderr and stdout in the logfile.txt.
Dennis
From veronatif at free.fr Sat Apr 15 14:14:06 2006
From: veronatif at free.fr (Alain Bench)
Date: Sat Apr 15 17:56:23 2006
Subject: Non-ascii embedded filename
In-Reply-To: <000401c66056$7d573900$a3292480@yale95629b92ac>
References: <000401c66056$7d573900$a3292480@yale95629b92ac>
Message-ID: <20060415121405.GA11229@free.fr>
Hello,
On Saturday, April 15, 2006 at 2:33:21 -0400, feitao wrote:
> [embedded filenames] gpg has some problem with some Chinese
> characters. For example, it interprets '?S' as '\x8S'
Confirmed with GnuPG 1.4.3 on Linux. It seems that in characters
encoding, all bytes that are between 0x80 and 0x9F are munged. Exactly
all bytes between 0x80 and 0x8F are replaced by the 3 chars "\x8", and
all bytes between 0x90 and 0x9F are replaced by the 3 chars "\x9". This
on a correct locale setup, and on a filesystem accepting those bytes in
filenames. It seems the embedded filename is stored OK, and the munging
takes place at the --use-embedded-filename stage.
Additionally filenames are stored and extracted as they are, in the
current charset. This gives another problem when the locale is not the
same during both operations.
Bye! Alain.
--
Give your computer's unused idle processor cycles to a scientific goal:
The Folding@home project at .
From iulia_das at yahoo.com Mon Apr 17 19:25:58 2006
From: iulia_das at yahoo.com (Julia Dashkevich)
Date: Mon Apr 17 21:56:21 2006
Subject: Help understanding gnupg needed!
Message-ID: <20060417172558.16201.qmail@web51301.mail.yahoo.com>
Hi,
I have just installed GnuPG to use it with Enigmail
extension for Thunderbird 1.5.
Having gone through the setup and key generation, it
was necessary to make my public key available on the
web keyserver. Is it true that if i publish it there
my email address (which comes in the user id) may
become a target for spammers? Is it possible to show
an existing webmail address in the user id which is
not the email address i am going to use with
encryption feature?
Moreover, will i only be able to send encrypted mail
to other gnupg users, or does it matter if the
recepient has encryption software of the kind?
ANy imput will be welcome - please respond, i need
this info in order to make a decision whether to
proceed with using this software or quit.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
From mlisten at hammernoch.net Mon Apr 17 22:18:14 2006
From: mlisten at hammernoch.net (=?ISO-8859-1?Q?Ludwig_H=FCgelsch=E4fer?=)
Date: Mon Apr 17 23:56:17 2006
Subject: Help understanding gnupg needed!
In-Reply-To: <20060417172558.16201.qmail@web51301.mail.yahoo.com>
References: <20060417172558.16201.qmail@web51301.mail.yahoo.com>
Message-ID: <4443F806.9070500@hammernoch.net>
Hi Julia,
On 17.04.2006 19:25 Uhr, Julia Dashkevich wrote:
> Hi,
> I have just installed GnuPG to use it with Enigmail
> extension for Thunderbird 1.5.
> Having gone through the setup and key generation, it
> was necessary to make my public key available on the
> web keyserver. Is it true that if i publish it there
> my email address (which comes in the user id) may
> become a target for spammers?
Yes, that is true. But the amount of spam coming through spammers that
are harvesting keyservers is much less compared to posting in newsgroups.
> Is it possible to show
> an existing webmail address in the user id which is
> not the email address i am going to use with
> encryption feature?
Yes, it is possible, but that breaks any encryption front end (like
enigmail) which automatically searches the right key by searching for
the email address in the key description. At least (with enigmail) nasty
work is necessary to manually search the right key for the recipient
when the mail adresses on the key doesn't match the real recipient
address. Encryption with some other front end may not work at all.
> Moreover, will i only be able to send encrypted mail
> to other gnupg users,
Yes.
> or does it matter if the
> recepient has encryption software of the kind?
Yes, it matters. You won't be able to phone to somebody if he hasn't got
a phone. (Roughly) the same is true for encrypted email.
HTH
Ludwig
From linux at thorstenhau.de Mon Apr 17 22:19:25 2006
From: linux at thorstenhau.de (Thorsten Haude)
Date: Mon Apr 17 23:56:34 2006
Subject: Help understanding gnupg needed!
In-Reply-To: <20060417172558.16201.qmail@web51301.mail.yahoo.com>
References: <20060417172558.16201.qmail@web51301.mail.yahoo.com>
Message-ID: <20060417201924.GI1917@eumel.yoo.local>
Hi,
* Julia Dashkevich wrote (2006-04-17 10:25):
>Having gone through the setup and key generation, it
>was necessary to make my public key available on the
>web keyserver. Is it true that if i publish it there
>my email address (which comes in the user id) may
>become a target for spammers?
Yes, a far as I know. Anyway, damage done, you can't delete the key
AFAIK. I hear that Thunderbird's spam filters are very good, so you
shouldn't have too much trouble.
>Is it possible to show an existing webmail address in the user id
>which is not the email address i am going to use with encryption
>feature?
This could be awkward for your email partners. For example, my mail
program automatically looks for the key based on the email address.
>Moreover, will i only be able to send encrypted mail
>to other gnupg users, or does it matter if the
>recepient has encryption software of the kind?
Only to GnuPG and most PGP users.
>ANy imput will be welcome - please respond, i need
>this info in order to make a decision whether to
>proceed with using this software or quit.
Well, I hope you proceed anyway. It's IMHO currently overall the best
solution by far.
Thorsten
--
You're not supposed to be so blind with patriotism that you can't face
reality. Wrong is wrong, no matter who does it or who says it.
- Malcolm X
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20060417/013747cb/attachment.pgp
From stef at caunter.ca Tue Apr 18 01:17:21 2006
From: stef at caunter.ca (Stef Caunter)
Date: Tue Apr 18 01:44:50 2006
Subject: Help understanding gnupg needed!
In-Reply-To: <20060417201924.GI1917@eumel.yoo.local>
References: <20060417172558.16201.qmail@web51301.mail.yahoo.com>
<20060417201924.GI1917@eumel.yoo.local>
Message-ID:
get over it, publishing your email results in spam; I don't think that this
suprises anyone anymore - deal with it in your own way and move on. The rage
against spam has resulted in excellent filtering software, but the
energy on both sides amounts to equilibrium.
Stef
http://caunter.ca/contact.html
>> Is it true that if i publish it there
>> my email address (which comes in the user id) may
>> become a target for spammers?
>
> Yes, a far as I know. Anyway, damage done, you can't delete the key
> AFAIK. I hear that Thunderbird's spam filters are very good, so you
> shouldn't have too much trouble.
>
>> Is it possible to show an existing webmail address in the user id
>> which is not the email address i am going to use with encryption
>> feature?
>
> This could be awkward for your email partners. For example, my mail
> program automatically looks for the key based on the email address.
From JPClizbe at comcast.net Tue Apr 18 07:56:01 2006
From: JPClizbe at comcast.net (John Clizbe)
Date: Tue Apr 18 07:56:11 2006
Subject: Help understanding gnupg needed!
In-Reply-To: <20060417172558.16201.qmail@web51301.mail.yahoo.com>
References: <20060417172558.16201.qmail@web51301.mail.yahoo.com>
Message-ID: <44447F71.7080505@comcast.net>
Julia Dashkevich wrote:
> Hi,
> I have just installed GnuPG to use it with Enigmail extension for Thunderbird 1.5.
Welcome to the GnuPG and Enigmail user communities. There is an Enigmail
specific list at Enigmail@mozdev.org.
> Having gone through the setup and key generation, it was necessary to make my
> public key available on the web keyserver. Is it true that if i publish it
> there my email address (which comes in the user id) may become a target for
> spammers?
Necessary? I need to have a look at the Wizard again.
Yes, it's possible spammers will harvest addresses from keyservers. But you'll
get more SPAM just from posting to an email list such as this than you will from
making your key available on a keyserver.
SPAM happens. Learn to deal with it. You're never going to defeat it. Never.
You're using Thunderbird. Good. Train the Junk mail filter and stop wasting your
energy try to prevent SPAM from happening. Trying to defeat spammers is a
Sisyphean task.
I know of only one way to prevent yourself from receiving SPAM - Don't use email.
> Is it possible to show an existing webmail address in the user id which is
> not the email address i am going to use with encryption feature?
Yes, make the webmail address your primary UID. But you will still need to have
the other address as an UID on you key if correspondents are to find your key.
Lookup in mail programs is typically by email address. Keyservers may be
searched by name, email address or Key ID.
> Moreover, will i only be able to send encrypted mail to other gnupg users, or
> does it matter if the recepient has encryption software of the kind?
You may send encrypted mail to anyone using OpenPGP compliant software: GnuPG,
PGP, hushmail,... S/MIME based encryption is NOT interoperable.
> ANy imput will be welcome - please respond, i need this info in order to make
> a decision whether to proceed with using this software or quit.
Why quit? You've already done the difficult part -- setting it up.
--
John P. Clizbe Inet: John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A
"what's the key to success?" / "two words: good decisions."
"what's the key to good decisions?" / "one word: experience."
"how do i get experience?" / "two words: bad decisions."
"Just how do the residents of Haiku, Hawai'i hold conversations?"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 668 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060418/4d06bc00/signature.pgp
From iulia_das at yahoo.com Tue Apr 18 14:49:27 2006
From: iulia_das at yahoo.com (Julia Dashkevich)
Date: Tue Apr 18 15:49:20 2006
Subject: Help understanding gnupg needed!
In-Reply-To:
Message-ID: <20060418124927.34650.qmail@web51313.mail.yahoo.com>
Hello Stef,
I respect your openness about the fact. But it has
not reached the same volumes here as in the west i
guess. Because except for Yahoo, i have 3 other
accounts, which i have been maintaining, spam free, 2
of them for over 6 years and one for 3 months. I only
have access to dial-up connection, which makes spam a
huge disadvantage, because it takes so much time to
download.. Except for yahoo (which does get a lot of
spam because it is my 'registration' address, and
that's why i ruled against using yahoo pops) i am
getting mail from all accounts using a mail client. I
like thunderbird a lot, yet it is not the fastest in
downloading messages. That's why it is pretty
important for me to avoid spam in any quantities.
Nevertheless, i do appreciate your insight, and hope
there is a way out...
Julia
--- Stef Caunter wrote:
> get over it, publishing your email results in spam;
> I don't think that this
> suprises anyone anymore - deal with it in your own
> way and move on. The rage
> against spam has resulted in excellent filtering
> software, but the
> energy on both sides amounts to equilibrium.
>
> Stef
> http://caunter.ca/contact.html
>
> >> Is it true that if i publish it there
> >> my email address (which comes in the user id) may
> >> become a target for spammers?
> >
> > Yes, a far as I know. Anyway, damage done, you
> can't delete the key
> > AFAIK. I hear that Thunderbird's spam filters are
> very good, so you
> > shouldn't have too much trouble.
> >
> >> Is it possible to show an existing webmail
> address in the user id
> >> which is not the email address i am going to use
> with encryption
> >> feature?
> >
> > This could be awkward for your email partners. For
> example, my mail
> > program automatically looks for the key based on
> the email address.
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
From m.d.berger at ieee.org Tue Apr 18 22:18:45 2006
From: m.d.berger at ieee.org (Michael D. Berger)
Date: Tue Apr 18 23:56:21 2006
Subject: newbie: --edit-key problem
Message-ID: <000001c66325$516940f0$2801a8c0@MBRC40>
On FC4, I execute this command:
gpg -vv --recipient mdb00 --armour --cipher-algo blowfish --encrypt
tst.txt
and while it works, I get a warning that blowfish is not preferred.
So I ran:
gpg --edit-key mdb00
and:
setpref S4
I confirm that I want to do this, and then it aska for my passphrase.
However, the gui (KDE) does not accept a response. I modified my
passphease to something trivial to get the mouse out of the picture, but
it still did not work.
Note that a similar passphrase query when decrtpting the message works
with no problem.
What am I doing wrong? In any case, if I could get the result by
editing gpg.conf I would prefer it.
By the way, I have extensive experience studying gpg: 1.5 days ;)
Thanks for your help.
Mike.
--
Michael D. Berger
m.d.berger@ieee.org
From johnmoore3rd at joimail.com Wed Apr 19 01:19:29 2006
From: johnmoore3rd at joimail.com (John W. Moore III)
Date: Wed Apr 19 01:18:43 2006
Subject: newbie: --edit-key problem
In-Reply-To: <000001c66325$516940f0$2801a8c0@MBRC40>
References: <000001c66325$516940f0$2801a8c0@MBRC40>
Message-ID: <44457401.50702@joimail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Michael D. Berger wrote:
> What am I doing wrong? In any case, if I could get the result by
> editing gpg.conf I would prefer it.
Well, many folks will advise you *not* to do this because if you should
send an encrypted message to someone who does not have blowfish (or any
specified cipher) available you will have wasted both Parties time &
patience.
That said: From the Manual
- --cipher-algo name
Use name as cipher algorithm. Running the program with the
command--version yields a list of supported algorithms. If this is not
used the cipher algorithm is selected from the preferences stored
with the key.
> By the way, I have extensive experience studying gpg: 1.5 days ;)
This is the statement that makes me fearful I have just handed a loaded
pistol to a child and said "Now, go outside and play so I can be left
alone."
Far better to use your gpg.conf File to Set your cipher-algo Preferences
and let GnuPG select a compatible algorithm.
JOHN ;)
Timestamp: Tuesday 18 Apr 2006, 19:18 --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4-svn4110: (MingW32)
Comment: Public Key at: http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org
Comment: Homepage: http://tinyurl.com/9ubue
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBCAAGBQJERXP1AAoJEBCGy9eAtCsPBdUH/3pjDU4FbV68nK2GtdFwCfsq
mueWS/q7t+rtlCbKBw6DdkXzptQ3I5Z0qKTplW0uCg0F3EoHjRJry1enB/NhfdIQ
EpMYwYoPMfdb7M42VQ4dm/Rv8qzNqd9ZdBrpWA6Yn6Y3WMficToSEIxHhlPshKAB
ycAhhVqhwdmy1CSUYBnQeWNBTEnpVwV4uhVHaRlZYj8vDiUUZDqHejFHAUq4MjBd
ExSpxY8VIIA+a66TPfEd7NBRU3JlBQpZcZanVJ0JjRjc8OYvbZ8PvngvnstnKMfC
+L3NvtaCiv+bkr34xPnQxoRrdI4HdDCGYR0sKSoqfiCgkc3Fak/XlxTvhMpdU4M=
=Dzbb
-----END PGP SIGNATURE-----
From johnmoore3rd at joimail.com Wed Apr 19 01:29:41 2006
From: johnmoore3rd at joimail.com (John W. Moore III)
Date: Wed Apr 19 01:29:09 2006
Subject: newbie: --edit-key problem
In-Reply-To: <000001c66325$516940f0$2801a8c0@MBRC40>
References: <000001c66325$516940f0$2801a8c0@MBRC40>
Message-ID: <44457665.20404@joimail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
This is also from the Manual and should help set your prefs in gpg.conf.
- --personal-cipher-preferences string
Set the list of personal cipher preferences to string, this
list should be a string similar to the one printed by the
command "pref" in the edit menu. This allows the user to
factor in their own preferred algorithms when algorithms are
chosen via recipient key preferences. The most highly ranked
cipher in this list is also used for the --symmetric encryp-
tion command.
Remember, when placing Commands into gpg.conf the '--' prefix is omitted.
JOHN ;)
Timestamp: Tuesday 18 Apr 2006, 19:29 --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4-svn4110: (MingW32)
Comment: Public Key at: http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org
Comment: Homepage: http://tinyurl.com/9ubue
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBCAAGBQJERXZjAAoJEBCGy9eAtCsPWsAH/3NLfo9O9n3z8DiCx0bz5JaA
RA0G+I3FpuLU40jMBH8d64utlZAaK35I0XBPN9L61zKvEXqUl7eJjWbvmCwnR8sc
qKcwqAzXccfL+4kIiBo+OgMbfx/5X0Jqu78LKQX8rq0AIU+A2IUdl3ctwmGvbZ2H
rHkorhh35HtNLFZEe4ai7d7jNBz1pNyh/jXeOoFLiDrPm9EGe9mQdYQaMUcmjmz/
OM8VRb6QqMHgW5z6d+zLOhYoTBdQdm30XjaUU9dFsqCVZmjaTQMUZ6EsySeaMh/j
SsmBqU4vuvFzHKKWsLPxSssRiWoWghwrJPUWI4ciWUmYwNfpOFt/0XjK5y6uNXE=
=nqic
-----END PGP SIGNATURE-----
From tech at commport.org Wed Apr 19 08:35:59 2006
From: tech at commport.org (Tech)
Date: Wed Apr 19 09:56:28 2006
Subject: Clear all signatures on key?
Message-ID: <4445DA4F.8050406@commport.org>
Hello,
I'm trying to figure out how to remove all signatures from all my GPG
keys. I've RTFM but I've missed something I'm afraid. Here is what I am
seeing:
1. Type "gpg --list-keys" and I get a list of my keys. (me@me.com is a
fake email address for the sake of this post...)
2. I type gpg --edit-key me@me.com
I am now in edit mode
Command> list
(I get my key information)
Command> uid 1
(I then select my key)
Command> Delsig
Nothing deleted.
Command> Minimize
User ID "My Key etc etc":
already clean.
Command> check
uid "My Key etc etc"
1 user ID without valid self-signature detected
Command> quit
3. I type 'gpg --list-sigs" and I get a list of keys thusly:
C:\Documents and Settings\Administrator>gpg --list-sigs
h:/gnupg-keys\pubring.gpg
-------------------------
pub 1024D/XXXXXXXX 2005-08-10
uid My Key (Email Encryption/Signing Key)
sub 4096g/XXXXXXXX 2005-08-10 [expires: 2006-08-10]
sig XXXXXXXX 2005-08-10 My Key (Email Encryption/Signing Key)
Question: What signature is listed there that is reported from my
--list-sigs command? What have I missed? I would think I have no
signatures installed on my key?
Thanks for the help and info,
-m
From alphasigmax at gmail.com Wed Apr 19 12:51:22 2006
From: alphasigmax at gmail.com (Alphax)
Date: Wed Apr 19 12:52:26 2006
Subject: Clear all signatures on key?
In-Reply-To: <4445DA4F.8050406@commport.org>
References: <4445DA4F.8050406@commport.org>
Message-ID: <4446162A.1050302@gmail.com>
Tech wrote:
>
> Hello,
>
> I'm trying to figure out how to remove all signatures from all my GPG
> keys. I've RTFM but I've missed something I'm afraid. Here is what I am
> seeing:
>
> 1. Type "gpg --list-keys" and I get a list of my keys. (me@me.com is a
> fake email address for the sake of this post...)
>
> 2. I type gpg --edit-key me@me.com
>
> I am now in edit mode
>
> Command> list
>
> (I get my key information)
>
> Command> uid 1
>
> (I then select my key)
>
> Command> Delsig
> Nothing deleted.
>
> Command> Minimize
> User ID "My Key etc etc":
> already clean.
>
> Command> check
> uid "My Key etc etc"
> 1 user ID without valid self-signature detected
>
> Command> quit
>
>
>
> 3. I type 'gpg --list-sigs" and I get a list of keys thusly:
>
> C:\Documents and Settings\Administrator>gpg --list-sigs
> h:/gnupg-keys\pubring.gpg
> -------------------------
> pub 1024D/XXXXXXXX 2005-08-10
> uid My Key (Email Encryption/Signing Key)
> sub 4096g/XXXXXXXX 2005-08-10 [expires: 2006-08-10]
> sig XXXXXXXX 2005-08-10 My Key (Email Encryption/Signing Key)
>
>
>
>
> Question: What signature is listed there that is reported from my
> --list-sigs command? What have I missed? I would think I have no
> signatures installed on my key?
>
The signature listed in on the subkey, not the UID; this signature
"binds" the subkey to the primary. Note that by default GPG will not
like the fact that a UID doesn't have a valid self-signature; a
self-signature on a UID "binds" the UID to the key itself. If it were
not for selfsigs ike this, it would be trivial for someone to inject
their own UID (with your name, but a different email address) into their
copy of your key and then upload it to eg. a keyserver. You should
probably edit your key and re-sign it by using the "sign" command.
HTH,
--
Alphax
Death to all fanatics!
Down with categorical imperative!
OpenPGP key: http://tinyurl.com/lvq4g
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 551 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060419/829b0175/signature.pgp
From m.d.berger at ieee.org Thu Apr 20 01:41:42 2006
From: m.d.berger at ieee.org (Michael D. Berger)
Date: Thu Apr 20 02:25:31 2006
Subject: newbie: --edit-key problem
In-Reply-To: <44457665.20404@joimail.com>
Message-ID: <000001c6640a$d3ef8c60$2801a8c0@MBRC40>
> -----Original Message-----
> From: gnupg-users-bounces@gnupg.org
> [mailto:gnupg-users-bounces@gnupg.org] On Behalf Of John W. Moore III
> Sent: Tuesday, April 18, 2006 7:30 PM
> To: GnuPG Users List
> Subject: Re: newbie: --edit-key problem
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> This is also from the Manual and should help set your prefs
> in gpg.conf.
>
> - --personal-cipher-preferences string
> Set the list of personal cipher preferences to string, this
> list should be a string similar to the one printed by the
> command "pref" in the edit menu. This allows the user to
> factor in their own preferred algorithms when algorithms are
> chosen via recipient key preferences. The most highly ranked
> cipher in this list is also used for the --symmetric encryp-
> tion command.
>
>
> Remember, when placing Commands into gpg.conf the '--' prefix
> is omitted.
>
> JOHN ;)
[...]
--personal-cipher-preferences string
did not seem to work either in the config file (without --) or in a
command line. It was "seen", however, since a misspelling resulted
in a diagnostic.
I ultimately was able to add blowfish to my preferences with:
gpg --edit-key mdb00
setpref BLOWFISH
It is noteworthy that the 3DES cipher cannot be removed by this
procedure, while any other cypher can. I wonder why this is.
Thanks for help and encouragement.
Mike.
--
Michael D. Berger
m.d.berger@ieee.org
From alphasigmax at gmail.com Thu Apr 20 05:13:13 2006
From: alphasigmax at gmail.com (Alphax)
Date: Thu Apr 20 05:14:08 2006
Subject: newbie: --edit-key problem
In-Reply-To: <000001c6640a$d3ef8c60$2801a8c0@MBRC40>
References: <000001c6640a$d3ef8c60$2801a8c0@MBRC40>
Message-ID: <4446FC49.9020402@gmail.com>
Michael D. Berger wrote:
>> -----Original Message-----
>> From: gnupg-users-bounces@gnupg.org
>> [mailto:gnupg-users-bounces@gnupg.org] On Behalf Of John W. Moore III
>> Sent: Tuesday, April 18, 2006 7:30 PM
>> To: GnuPG Users List
>> Subject: Re: newbie: --edit-key problem
>>
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> This is also from the Manual and should help set your prefs
>> in gpg.conf.
>>
>> - --personal-cipher-preferences string
>> Set the list of personal cipher preferences to string, this
>> list should be a string similar to the one printed by the
>> command "pref" in the edit menu. This allows the user to
>> factor in their own preferred algorithms when algorithms are
>> chosen via recipient key preferences. The most highly ranked
>> cipher in this list is also used for the --symmetric encryp-
>> tion command.
>>
>>
>> Remember, when placing Commands into gpg.conf the '--' prefix
>> is omitted.
>>
>> JOHN ;)
> [...]
>
> --personal-cipher-preferences string
>
> did not seem to work either in the config file (without --) or in a
> command line. It was "seen", however, since a misspelling resulted
> in a diagnostic.
>
> I ultimately was able to add blowfish to my preferences with:
>
> gpg --edit-key mdb00
> setpref BLOWFISH commas>
>
>
>
>
> It is noteworthy that the 3DES cipher cannot be removed by this
> procedure, while any other cypher can. I wonder why this is.
>
The OpenPGP spec (RFC 2440) says that 3DES is *required* for a cipher
algorithm; it is mandatory that programs complying to the RFC implement
3DES as a cipher algorithm, DSA and Elgamal for keys, and SHA-1 for a
hash function.
http://en.wikipedia.org/wiki/Pretty_Good_Privacy#Feature_comparison sums
it up pretty neatly.
--
Alphax
Death to all fanatics!
Down with categorical imperative!
OpenPGP key: http://tinyurl.com/lvq4g
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 551 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060420/e8da3fc9/signature.pgp
From iulia_das at yahoo.com Thu Apr 20 10:03:44 2006
From: iulia_das at yahoo.com (Julia Dashkevich)
Date: Thu Apr 20 10:03:30 2006
Subject: Configuring GPGrelay and MUI account settings
In-Reply-To:
Message-ID: <20060420080344.16470.qmail@web51311.mail.yahoo.com>
Hello,
I installed GPG relay and tried to use it with OE, but
it did not work. configured it as advised in the
readme file:
SMTP:
Name [display name]
Local port: 32025
remote server: mail.xxxxxx.xx
remote port: 25
type: SMTP
ssl/tls: no
POP3:
Name [display name]
Local port: 32110
remote server: mail.xxxxxx.xx
remote port: 110
type: POP3
ssl/tsl: no
Keyrules: it showed all keys on my keyring (except for
one recently added) in the
settings:
Send mails to associated recipients : pass-through
It is possible to drag and drop recepients' user ids
to 'always encrypt' profile which allows for the
option to encrypt and sign. But i did not find a way
to add the new keys from my keyrings. it reports that
probing sockets on both relays failed. error #10061
In OE: email address: [my email address that is also
listed in my uid attached to the key]
servers: incoming mail 127.0.0.1
outgoing mail 127.0.0.1
Incoming mail server:
account name - [my login name]
password [my password]
my server requires authentication - yes, use same
settings as incoming.
connection: always connect using Local Area Network
advanced: SMTP 32025
POP3 32110
server timeouts: 90 sec.
What did i do wrong?
Julia
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
From m.d.berger at ieee.org Thu Apr 20 14:57:14 2006
From: m.d.berger at ieee.org (Michael D. Berger)
Date: Thu Apr 20 15:02:26 2006
Subject: pgp & outlook
Message-ID: <000001c66479$f2a0e950$2801a8c0@MBRC40>
Now that I have gpg working on my linux box,
I was thinking of cutting-and-pasting or attaching
encrypted messages into outlook on my win2k box.
On the other hand, I see that there are outlook pgp
plugins. Are these good to use? Any suggestions
regarding which plugin to use?
Thanks for your advice.
Mike.
--
Michael D. Berger
m.d.berger@ieee.org
From iulia_das at yahoo.com Thu Apr 20 20:12:05 2006
From: iulia_das at yahoo.com (Julia Dashkevich)
Date: Thu Apr 20 20:11:45 2006
Subject: Changing HomeDir for GnuPG
Message-ID: <20060420181205.11158.qmail@web51301.mail.yahoo.com>
Hello,
Already found a way to add new keys in GPGrelay. The
right answer always seems to be one click away from me
with open source. I am such a deep-rooted
mswin-product-user created from a bone in which there
was no marrow:) trying to turn over a new leaf now.
Now I am looking for a safe way to change GnuPG's
HomeDir. Would the following course of action help me
to do it without damage to my working programs?
(1.) back up the Home Dir from its current location
2. change the directory from GPGshell's GPGconfig
where it says:
GnuPG registry settings:
HomeDir=C:\Documents&Settings...
by browsing for the desired directory
3. check if it has copied the files from the former
HomeDir to the new one, if not do it manually
4. delete (if need be) the directory in the old
location
5. check that it has written the correct path in the
Registry using regedt32
6. check if all my programs depending on GnuPG keys
are still working properly
i could of course just try editing the registry and
changing the folder location manually, but i don't
have enough experience editing the registry, so i
would rather avoid it.
Julia
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
From JPClizbe at comcast.net Fri Apr 21 00:34:57 2006
From: JPClizbe at comcast.net (John Clizbe)
Date: Fri Apr 21 00:35:46 2006
Subject: Changing HomeDir for GnuPG
In-Reply-To: <20060420181205.11158.qmail@web51301.mail.yahoo.com>
References: <20060420181205.11158.qmail@web51301.mail.yahoo.com>
Message-ID: <44480C91.4010004@comcast.net>
Julia Dashkevich wrote:
> Hello,
> Already found a way to add new keys in GPGrelay. The right answer always
> seems to be one click away from me with open source. I am such a deep-rooted
> mswin-product-user created from a bone in which there was no marrow:) trying
> to turn over a new leaf now.
>
> Now I am looking for a safe way to change GnuPG's HomeDir. Would the
> following course of action help me to do it without damage to my working
> programs?
> (1.) back up the Home Dir from its current location
> 2. change the directory from GPGshell's GPGconfig where it says:
> GnuPG registry settings:
> HomeDir=C:\Documents&Settings...
> by browsing for the desired directory
> 3. check if it has copied the files from the former HomeDir to the new one, if not do it manually
> 4. delete (if need be) the directory in the old location
> 5. check that it has written the correct path in the Registry using regedt32
> 6. check if all my programs depending on GnuPG keys are still working properly
> i could of course just try editing the registry and changing the folder
> location manually, but i don't have enough experience editing the registry,
> so i would rather avoid it.
>
> Julia
Registry editing isn't as scary as MSFT would make it sound.
But for the Squeemish, defining the environment variable GNUPGHOME and setting
its value to your new location will override the registry's HomeDir value.
(Control Panel --> System --> Advanced --> 'Environment Variables' button).
That will work for GnuPG. I can't guarantee that it will work for all other
programs such as GPGrelay, GPGshell, WinPT. I've never had much luck trying to
change things with GPGconfig; I tend to only use it asa sanity check to show
what it thinks are the settings.
My money is still on changing the registry. Send me the location path off-list
and I'll send you back a .REG file to do the edit for you.
--
John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet
Golden Bear Networks PGP/GPG KeyID: 0x608D2A10
"Be who you are and say what you feel because those who mind don't matter
and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 668 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060420/b698eaee/signature.pgp
From mailinglists at futureware.at Tue Apr 18 16:53:51 2006
From: mailinglists at futureware.at (Philipp =?iso-8859-1?q?G=FChring?=)
Date: Fri Apr 21 10:43:12 2006
Subject: Feature Request --import-minimal
Message-ID: <200604181653.52373.mailinglists@futureware.at>
Hi,
GnuPG has an option called --export-minimal, which exports only the minimal
key. Unfortunately, GnuPG does not have the same for importing yet, which I
would need. Is it possible to have a --import-minimal function added to
GnuPG?
Best regards,
Philipp G?hring
From labour at telus.net Wed Apr 19 21:47:02 2006
From: labour at telus.net (Robert Smits)
Date: Fri Apr 21 10:43:17 2006
Subject: Why are my signatures being labelled as bad?
Message-ID: <200604191247.06112.labour@telus.net>
I'm trying to figure out why I can send encrypted messages to myself at home
from my work computer, and they come through just fine, but signed messages
to myself from my work computer come labeelled as having a bad signature.
Work computer - Suse Linux 9.3 running Kmail and KGpg. Have identity set to
sign and encrypt with same GPG keys. Exported public address to home
computer.
Home computer Compaq laptop running Suse 10.0, also with Kmail and KGpg.
Imported public key from work, set it as trusted.
Signed files from work arrive at home with "bad" signatures. Encrypted files
from work arrive at home and decrypt just fine.
Signed files and encrypted files from home arrive at work just fine. Can
anyone point me in the correct direction?
Thanks
--
Robert Smits Exec Ass't Ph 753-0201 Fax 753-2954 Email labour@telus.net
From zwon at severodvinsk.ru Fri Apr 21 11:38:44 2006
From: zwon at severodvinsk.ru (Pawel Shajdo)
Date: Fri Apr 21 11:59:18 2006
Subject: Feature Request --import-minimal
In-Reply-To: <200604181653.52373.mailinglists@futureware.at>
References: <200604181653.52373.mailinglists@futureware.at>
Message-ID: <20060421093843.GA4947@d662fa3c9c1bed2b1adbb1e347577772>
On Apr 18, 2006 at 16:53 +0200, Philipp G?hring wrote:
> GnuPG has an option called --export-minimal, which exports only the minimal
> key. Unfortunately, GnuPG does not have the same for importing yet, which I
> would need. Is it possible to have a --import-minimal function added to
> GnuPG?
just add `--import-otions import-minimal' to gpg command line.
see gpg manual --import-options
Vale!
--
Pawel I. Shajdo
From shavital at mac.com Fri Apr 21 12:21:00 2006
From: shavital at mac.com (Charly Avital)
Date: Fri Apr 21 12:20:22 2006
Subject: Why are my signatures being labelled as bad?
In-Reply-To: <200604191247.06112.labour@telus.net>
References: <200604191247.06112.labour@telus.net>
Message-ID: <4448B20C.3080805@mac.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
A 'bad signature' can be caused by many different factors, one frequent
cause being a text wrap problem.
When a message is not only signed but encrypted+signed, the encryption
process *might* write off the cause of a bad signature.
You might try sending a signed message to the list; maybe some clue
could be found.
I have found on the keyservers two keys that seem to belong to you:
(1) Robert Smits
1024 bit RSA key 49E9AF38, created: 2006-04-19
(2) Robert Smits
1024 bit DSA key E7629731, created: 2005-12-31
Charly
Robert Smits wrote on 4/19/06 3:47 PM:
> I'm trying to figure out why I can send encrypted messages to myself at home
> from my work computer, and they come through just fine, but signed messages
> to myself from my work computer come labeelled as having a bad signature.
>
> Work computer - Suse Linux 9.3 running Kmail and KGpg. Have identity set to
> sign and encrypt with same GPG keys. Exported public address to home
> computer.
>
> Home computer Compaq laptop running Suse 10.0, also with Kmail and KGpg.
> Imported public key from work, set it as trusted.
>
> Signed files from work arrive at home with "bad" signatures. Encrypted files
> from work arrive at home and decrypt just fine.
>
> Signed files and encrypted files from home arrive at work just fine. Can
> anyone point me in the correct direction?
>
> Thanks
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
Comment: GnuPG for Privacy
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIVAwUBREiyBm69XHxycyfPAQjq5A//Y1hnQSe1raGD2BmfO17jO3+yLR9Swdtv
vVWgxGjtt8MxN/7DwepiQ2xPk0k5r8rPG2gWxp6GxZddD/pJIDYoV5hUYX28VEBD
d0C5mFB9AW8nufDFRq6xk72O31Oy/V9FQBFtRwtiCLhY8VuUbMEU/i9+aOdLUDHy
6EwtyQEf929Exsf4azBlI5d3OjgA/burXNMQG9O+MSn1JkiL/dqxjUzpXnad6sCs
dxtJU9M9Qp5iYY7cMxaviv8v+RcQxy0Hrxiy+QmARemgTh8QeWOjrdzdi/qehaQ+
it/1gd5ynumuC1bOorHuoW38l1EiP0N72cNj+3lwecwvPuWoN7BTmuy/64RpHpOy
CPyfny5/1YQ+WuDMnmzWAop+e5uEs37wpm/R3ToG786BKJnpUNdEDFnHjbD1crBt
sPIzbWbOtD0XHI4y4QPT0eUN3eIbsUC4l3Wm/omj1a8K4C3iqDpbHwCit0GH17AS
I4KqtsfPUozks6/9sUnYGcSMBwzx4e5cfEt8AliHYYp9StusYll5rtgkucgh0YcD
9uHC4KCUCtMeATxOTbk6owjgLys6Y3tQa4tkZwLb71Xd9rI6h73FNTi4a8nI9p9u
cT0aXavBmdO3jECubsnRZITwq3LCbIp3AvY3GruvAd1QykpdPx8lgOyO304P209w
Ko9tJWqaVJU=
=9cYV
-----END PGP SIGNATURE-----
From samuel at Update.UU.SE Fri Apr 21 11:23:29 2006
From: samuel at Update.UU.SE (Samuel ]slund)
Date: Fri Apr 21 13:26:15 2006
Subject: Why are my signatures being labelled as bad?
In-Reply-To: <200604191247.06112.labour@telus.net>
References: <200604191247.06112.labour@telus.net>
Message-ID: <20060421092329.GC26687@Update.UU.SE>
Hi Robert,
I would guess that by "signed" you mean clear-signed.
Are you using Mime or in-line signatures?
Clear-signed, esp in-line, messages can suffer from email clients and
MTA's that make "corrections" like changing character encoding or
wrapping lines.
HTH
//Samuel
On Wed, Apr 19, 2006 at 12:47:02PM -0700, Robert Smits wrote:
> I'm trying to figure out why I can send encrypted messages to myself at home
> from my work computer, and they come through just fine, but signed messages
> to myself from my work computer come labeelled as having a bad signature.
>
> Work computer - Suse Linux 9.3 running Kmail and KGpg. Have identity set to
> sign and encrypt with same GPG keys. Exported public address to home
> computer.
>
> Home computer Compaq laptop running Suse 10.0, also with Kmail and KGpg.
> Imported public key from work, set it as trusted.
>
> Signed files from work arrive at home with "bad" signatures. Encrypted files
> from work arrive at home and decrypt just fine.
>
> Signed files and encrypted files from home arrive at work just fine. Can
> anyone point me in the correct direction?
>
> Thanks
>
> --
> Robert Smits Exec Ass't Ph 753-0201 Fax 753-2954 Email labour@telus.net
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
From henkdebruijn at wanadoo.nl Fri Apr 21 19:11:24 2006
From: henkdebruijn at wanadoo.nl (Henk M. de Bruijn)
Date: Fri Apr 21 20:26:18 2006
Subject: Feature Request --import-minimal
In-Reply-To: <200604181653.52373.mailinglists@futureware.at>
References: <200604181653.52373.mailinglists@futureware.at>
Message-ID: <4449123C.3050700@wanadoo.nl>
On 18-4-2006 16:53 Philipp G?hring wrote:
> GnuPG has an option called --export-minimal, which exports only the minimal
> key. Unfortunately, GnuPG does not have the same for importing yet, which I
> would need. Is it possible to have a --import-minimal function added to
> GnuPG?
I have the following in my gpg.conf:
keyserver-options import-clean
--
Henk M. de Bruijn
_________________________________________________________________________
Mozilla Thunderbird version 1.5 (20051201) with Enigmail 0.94.0
PGPkey at: http://www.biglumber.com/x/web?qs=0X11EECBEEB464DD0F
Gossamer Spider Web of Trust http://www.gswot.org
A progressive and innovative Web of Trust
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 542 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060421/44e9e304/signature.pgp
From sean_cerney at hotmail.com Fri Apr 21 20:11:07 2006
From: sean_cerney at hotmail.com (Sean Cerney)
Date: Fri Apr 21 21:56:14 2006
Subject: dealing with password in batch file
In-Reply-To: <20060421092329.GC26687@Update.UU.SE>
Message-ID:
All,
I've been decrypting xml files for a while now with a batch file that
converts the pgp file into an xml file with a timestamp.
The thing is I always have to manually enter the password each time I run
the batch file. I want to automate this thing once and for all, but I have
to figure out how to incorporate password entry into the batch file. I try
to echo the password but that has no effect. I am using DOS command line.
Any suggestions? Thank you.
Here is basically what I have at the moment..(actual drive name and
subfolders omitted)
DriveName:\SubFolders --output DriveName:\SubFolders\ScheduledExtract.xml
--decrypt DriveName:\SubFolders\*.xml.pgp
@echo off
:: variables
set hour=%time:~0,2%
if "%hour:~0,1%"==" " set hour=0%time:~1,1%
set NewFileName=%date:~10,4%_%date:~4,2%_%date:~7,2%_%hour%_%time:~3,2%
RENAME ScheduledExtract.xml ScheduledExtract%NewFileName%.xml
once this runs it prompts for the password
_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfee®
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
From trevor at haligonian.com Sat Apr 22 03:44:15 2006
From: trevor at haligonian.com (Trevor Smith)
Date: Sat Apr 22 04:29:37 2006
Subject: dealing with password in batch file
In-Reply-To:
References:
Message-ID: <51E26396-9C19-41EA-BC2F-C9F468D93781@haligonian.com>
On 21-Apr-06, at 3:11 PM, Sean Cerney wrote:
> I've been decrypting xml files for a while now with a batch file
> that converts the pgp file into an xml file with a timestamp.
>
> The thing is I always have to manually enter the password each time
> I run the batch file. I want to
> ...
> Any suggestions? Thank you.
Sorry, I'm not 100% sure what you're trying to do (I couldn't see any
actual gpg stuff in your batch file, but it's been about a hundred
years since I've seen a .bat file so I could be missing the
obvious...), but if you're trying to automate passphrase entry into a
batch file, here is what I have used in a Unix (or, rather, Linux and
Mac OS X, actually) bash shell script:
gpg --passphrase-fd 3 "$FILE" 3<$pwfile
where $FILE is the file to be decrypted and $pwfile is a variable
that is set to some arbitrary file name that contains the passphrase.
What the above does is (after you create a temporary file with the
passphrase in it) tell gpg to read the passphrase from "file
descriptor 3" and the last bit (3<$pwfile) tells Unix to redirect the
file, $pwfile, into file descriptor 3.
Obviously you need to modify this somewhat to run on DOS (or Windows,
or whatever it's called these days) but it may point you in the right
direction.
--
Trevor Smith
trevor@haligonian.com
From malte.gell at gmx.de Sat Apr 22 04:31:35 2006
From: malte.gell at gmx.de (Malte Gell)
Date: Sat Apr 22 04:31:13 2006
Subject: Why are my signatures being labelled as bad?
In-Reply-To: <200604191247.06112.labour@telus.net>
References: <200604191247.06112.labour@telus.net>
Message-ID: <200604220431.38816.malte.gell@gmx.de>
On Wednesday 19 April 2006 21:47, Robert Smits wrote:
> I'm trying to figure out why I can send encrypted messages to myself
> at home from my work computer, and they come through just fine, but
> signed messages to myself from my work computer come labeelled as
> having a bad signature.
>
> Work computer - Suse Linux 9.3 running Kmail and KGpg.
> (...)
This is probably a Kgpg issue. The same here with "Umlauts" (? ? ?),Kgpg
considers clearsigned text as bad. Example:
ftp://ftp.gwdg.de/linux/suse/ftp.suse.com/suse/i386/update/10.0/patches/MozillaFirefox-52838
Cut and paste the content of this patch description into Kgpg?s internal
editor and it?ll say broken signature. Download the patch description
and verify it manually using "gpg --verify MozillaFirefox-52838" and
you?ll see the sig is fine. There must be a nasty bug somewhere in Kgpg
Trying every possible configuration, either in Kgpg or gpg.conf hasn?t
helped.
Malte
From dshaw at jabberwocky.com Sat Apr 22 15:41:54 2006
From: dshaw at jabberwocky.com (David Shaw)
Date: Sat Apr 22 15:41:20 2006
Subject: Non-ascii embedded filename
In-Reply-To: <20060415121405.GA11229@free.fr>
References: <000401c66056$7d573900$a3292480@yale95629b92ac>
<20060415121405.GA11229@free.fr>
Message-ID: <20060422134154.GC10210@jabberwocky.com>
On Sat, Apr 15, 2006 at 02:14:06PM +0200, Alain Bench wrote:
> Hello,
>
> On Saturday, April 15, 2006 at 2:33:21 -0400, feitao wrote:
>
> > [embedded filenames] gpg has some problem with some Chinese
> > characters. For example, it interprets '?S' as '\x8S'
>
> Confirmed with GnuPG 1.4.3 on Linux. It seems that in characters
> encoding, all bytes that are between 0x80 and 0x9F are munged. Exactly
> all bytes between 0x80 and 0x8F are replaced by the 3 chars "\x8", and
> all bytes between 0x90 and 0x9F are replaced by the 3 chars "\x9". This
> on a correct locale setup, and on a filesystem accepting those bytes in
> filenames. It seems the embedded filename is stored OK, and the munging
> takes place at the --use-embedded-filename stage.
>
> Additionally filenames are stored and extracted as they are, in the
> current charset. This gives another problem when the locale is not the
> same during both operations.
Indeed. This is fixed for 1.4.4. Embedded filenames are now UTF-8
encoded on the way in, and UTF-8 decoded on the way out.
David
From datakunskapilund at hotmail.com Sat Apr 22 20:23:29 2006
From: datakunskapilund at hotmail.com (razzel)
Date: Sat Apr 22 20:22:40 2006
Subject: GPG creates two files?
Message-ID: <4043624.post@talk.nabble.com>
OK, I use GPG to encrypt a Word file. Everything works out ok, but the result
is always two files: the Word file in plain text and an encrypted version of
the same Word file. Why is GPG creating two files? Should it not just
encrypt my Word file?
razzel
Sweden
--
View this message in context: http://www.nabble.com/GPG-creates-two-files--t1492159.html#a4043624
Sent from the GnuPG - User forum at Nabble.com.
From a24061 at yahoo.com Sat Apr 22 21:58:54 2006
From: a24061 at yahoo.com (Adam Funk)
Date: Sat Apr 22 22:07:35 2006
Subject: GPG creates two files?
References: <4043624.post__25438.8947891586$1145730710$gmane$org@talk.nabble.com>
Message-ID:
On 2006-04-22, razzel wrote:
>
> OK, I use GPG to encrypt a Word file. Everything works out ok, but the result
> is always two files: the Word file in plain text and an encrypted version of
> the same Word file. Why is GPG creating two files? Should it not just
> encrypt my Word file?
It *is* encrypting your Word file. The foo.doc file is your
unencrypted original, unaltered by GPG, and foo.doc.gpg is the
encrypted version. GPG doesn't remove the original because it doesn't
know you want to get rid of it (you might only want to send someone
the encrypted version) and it doesn't have a built-in way to delete it
securely (you need some kind of file-wiping utility, which will depend
on your OS).
From datakunskapilund at hotmail.com Sat Apr 22 23:01:34 2006
From: datakunskapilund at hotmail.com (razzel)
Date: Sat Apr 22 23:00:38 2006
Subject: GPG creates two files?
In-Reply-To:
References: <4043624.post@talk.nabble.com>
Message-ID: <4045198.post@talk.nabble.com>
Thank you very much for your answer! Do you know if there is an graphical
user interface to this GnuPG?
rzzel
Sweden
--
View this message in context: http://www.nabble.com/GPG-creates-two-files--t1492159.html#a4045198
Sent from the GnuPG - User forum at Nabble.com.
From simon at ruderich.com Sat Apr 22 23:36:06 2006
From: simon at ruderich.com (Simon Ruderich)
Date: Sun Apr 23 01:26:09 2006
Subject: GPG creates two files?
In-Reply-To: <4045198.post@talk.nabble.com>
References: <4043624.post@talk.nabble.com>
<4045198.post@talk.nabble.com>
Message-ID: <68A50BE8-5FC9-4BC4-BE5F-A24E16CD6E3C@ruderich.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 22.04.2006, at 23:01, razzel wrote:
>
> Thank you very much for your answer! Do you know if there is an
> graphical
> user interface to this GnuPG?
> rzzel
> Sweden
> --
> View this message in context: http://www.nabble.com/GPG-creates-two-
> files--t1492159.html#a4045198
> Sent from the GnuPG - User forum at Nabble.com.
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
You can find many frontends on the GnuPG webpage: http://
www.gnupg.org/(en)/related_software/frontends.html
An installer package for windows with all needed applications is
http://www.gpg4win.org/
Simon
- ----
> privacy is necessary
> using http://gnupg.org
> public key id: 0x6115f804EFB33229
> public key http://ruderich.com/simonruderich.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
iD8DBQFESqHGYRX4BO+zMikRAo8KAJ41ms0bFlXxqKVY7YLQ0lPN6Dg+EgCgvpBn
CMLqCsshpC/UKnJBGV33yz4=
=P0AZ
-----END PGP SIGNATURE-----
From jharris at widomaker.com Sun Apr 23 22:46:04 2006
From: jharris at widomaker.com (Jason Harris)
Date: Sun Apr 23 22:46:11 2006
Subject: new (2006-04-16) keyanalyze results (+sigcheck)
Message-ID: <20060423204603.GA730@wilma.widomaker.com>
New keyanalyze results are available at:
http://keyserver.kjsl.com/~jharris/ka/2006-04-16/
Signatures are now being checked using keyanalyze+sigcheck:
http://dtype.org/~aaronl/
Earlier reports are also available, for comparison:
http://keyserver.kjsl.com/~jharris/ka/
Even earlier monthly reports are at:
http://dtype.org/keyanalyze/
SHA-1 hashes and sizes for all the "permanent" files:
bcae9e919f27181b4b6165deef9f25f4edf76017 13566726 preprocess.keys
e14208245d6bc0b20703c2b4ae41c00bc8d50b88 8118523 othersets.txt
e934a8b44346724672d8e3f1f0c60565c1e1b45a 3318196 msd-sorted.txt
a751f9d5477744a4f5e5ce6ebad6a60908e317ee 1372 index.html
2cafbf5dd62b433f7c0b27b1cd44b765f667b5b6 2291 keyring_stats
25ea10b490e855f21a74c60ee7d0edbf8ca59b94 1303775 msd-sorted.txt.bz2
84d03fab61a4d2748b77fcb37768b7db63ab9fb9 26 other.txt
ad6f00a117a546a2f8536f1e2ae01399cf19c01b 1758078 othersets.txt.bz2
da61f8f8ab90544cc09768ddf27941b0fdcac5ae 5502227 preprocess.keys.bz2
cb89d204320864bb870f114c2747d857188684e8 13741 status.txt
7237a3d9071073a6822ab93a99c713c7bdfdfd9f 209731 top1000table.html
7e054a1b7d423bf4ead6425a252654eb0a9e40bd 29874 top1000table.html.gz
9b6a0a0dbb6b85d7e951f228c1df6db0fa02f53b 10776 top50table.html
83a3a2e3a1d33385b01706c729350d9606c19bc7 2544 D3/D39DA0E3
--
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/
Got photons? (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 315 bytes
Desc: not available
Url : /pipermail/attachments/20060423/9e95b1c5/attachment.pgp
From mnestler at nerdshack.com Mon Apr 24 01:03:18 2006
From: mnestler at nerdshack.com (Michael Nestler)
Date: Mon Apr 24 01:56:07 2006
Subject: Modifications to key
Message-ID: <444C07B6.9070004@nerdshack.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I'm new to this list, so if this has been answered before or is obvious,
I apologise. If someone signs my public key, does this change the key?
i.e. would that render a copy of the public key on my website useless?
What about if I add another User ID?
Thanks,
Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkRMB7YACgkQMY8MHpXUdSlingCfbU7Qu9EmOKUE4rETO32x24kX
pTwAoIRwDk9CXqjk/S+e+e6dMyWh8+2e
=GeID
-----END PGP SIGNATURE-----
From rjh at sixdemonbag.org Mon Apr 24 05:48:20 2006
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon Apr 24 05:47:32 2006
Subject: Modifications to key
In-Reply-To: <444C07B6.9070004@nerdshack.com>
References: <444C07B6.9070004@nerdshack.com>
Message-ID: <444C4A84.3020106@sixdemonbag.org>
Michael Nestler wrote:
> I'm new to this list, so if this has been answered before or is
> obvious, I apologise.
No apologies necessary. Welcome to the GnuPG community. :)
> If someone signs my public key, does this change the key?
Yes.
> i.e. would that render a copy of the public key on my website
> useless?
No.
> What about if I add another User ID?
Same answer--yes, it will change your key; no, it will not render it
useless. If something is added to the key, it doesn't invalidate
existing copies of the key. They'll still work perfectly fine.
As an example, let's say that I have key 0x5B8709EB on my website for
download. (I do, so this isn't too much of a stretch.) Let's say that
I want to add a user ID. I do so, and after modifying the key send it
on to the keyserver. Someone who gets my key from the keyserver will
get the updated version with the new user ID on it; someone who gets my
key from my web page will get the old version without the new user ID;
but both keys can be used to encrypt messages to me, or to verify the
messages I sign.
If you have any other questions, feel free to holler. :)
From bob at rsmits.ca Mon Apr 24 06:07:32 2006
From: bob at rsmits.ca (Bob Smits)
Date: Mon Apr 24 07:26:09 2006
Subject: Why are my signatures being labelled as bad?
In-Reply-To: <4448B20C.3080805@mac.com>
References: <200604191247.06112.labour@telus.net> <4448B20C.3080805@mac.com>
Message-ID: <200604232107.33320.bob@rsmits.ca>
On Friday 21 April 2006 03:21, Charly Avital wrote:
> A 'bad signature' can be caused by many different factors, one frequent
> cause being a text wrap problem.
>
> When a message is not only signed but encrypted+signed, the encryption
> process *might* write off the cause of a bad signature.
>
> You might try sending a signed message to the list; maybe some clue
> could be found.
>
OK. I'm back at the office tomorrow (Monday) and I'll try it then.
> I have found on the keyservers two keys that seem to belong to you:
> (1) Robert Smits
> 1024 bit RSA key 49E9AF38, created: 2006-04-19
> (2) Robert Smits
> 1024 bit DSA key E7629731, created: 2005-12-31
>
Both are out of date, but so far I can't figure out how to cancel them at the
keyservers.
Bob
--
Robert Smits Ph 245-2553 Fax 245-5531 Cell 246-7812 Email bob@rsmits.ca
From bob at rsmits.ca Mon Apr 24 06:29:20 2006
From: bob at rsmits.ca (Bob Smits)
Date: Mon Apr 24 07:26:30 2006
Subject: Why are my signatures being labelled as bad?
In-Reply-To: <20060421092329.GC26687@Update.UU.SE>
References: <200604191247.06112.labour@telus.net>
<20060421092329.GC26687@Update.UU.SE>
Message-ID: <200604232129.20816.bob@rsmits.ca>
On Friday 21 April 2006 02:23, Samuel ]slund wrote:
> Hi Robert,
>
> I would guess that by "signed" you mean clear-signed.
Yes, the body of the message is not encrypted, but I've used a KGpg signature.
> Are you using Mime or in-line signatures?
How do I tell? I don't normally use MIME if I can help it,
> Clear-signed, esp in-line, messages can suffer from email clients and
> MTA's that make "corrections" like changing character encoding or
> wrapping lines.
>
> HTH
> //Samuel
>
> On Wed, Apr 19, 2006 at 12:47:02PM -0700, Robert Smits wrote:
> > I'm trying to figure out why I can send encrypted messages to myself at
> > home from my work computer, and they come through just fine, but signed
> > messages to myself from my work computer come labeelled as having a bad
> > signature.
> >
> > Work computer - Suse Linux 9.3 running Kmail and KGpg. Have identity set
> > to sign and encrypt with same GPG keys. Exported public address to home
> > computer.
> >
> > Home computer Compaq laptop running Suse 10.0, also with Kmail and KGpg.
> > Imported public key from work, set it as trusted.
> >
> > Signed files from work arrive at home with "bad" signatures. Encrypted
> > files from work arrive at home and decrypt just fine.
> >
> > Signed files and encrypted files from home arrive at work just fine. Can
> > anyone point me in the correct direction?
> >
> > Thanks
> >
> > --
> > Robert Smits Exec Ass't Ph 753-0201 Fax 753-2954 Email labour@telus.net
> >
> > _______________________________________________
> > Gnupg-users mailing list
> > Gnupg-users@gnupg.org
> > http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
--
Robert Smits Ph 245-2553 Fax 245-5531 Cell 246-7812 Email bob@rsmits.ca
A criminal is a person with predatory instincts without sufficient capital to
form a corporation. - Howard Scott
From gonzalo.bermudez at hotpop.com Mon Apr 24 04:52:59 2006
From: gonzalo.bermudez at hotpop.com (Gonzalo =?ISO-8859-1?Q?Berm=FAdez?=)
Date: Mon Apr 24 07:26:54 2006
Subject: Fw: Modifications to key
Message-ID: <20060423235259.1a5b48dd@gonzalo>
Skipped content of type multipart/mixed-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20060423/07d37887/attachment-0003.pgp
From shavital at mac.com Mon Apr 24 07:47:00 2006
From: shavital at mac.com (Charly Avital)
Date: Mon Apr 24 07:46:39 2006
Subject: Why are my signatures being labelled as bad?
In-Reply-To: <200604232107.33320.bob@rsmits.ca>
References: <200604191247.06112.labour@telus.net> <4448B20C.3080805@mac.com>
<200604232107.33320.bob@rsmits.ca>
Message-ID: <444C6654.4040807@mac.com>
You cannot cancel your keys at the keyservers, you can revoke them if
you have either secret.key+passphrase or a revocation certificate.
Charly
Bob Smits wrote on 4/24/06 12:07 AM:
> On Friday 21 April 2006 03:21, Charly Avital wrote:
>> A 'bad signature' can be caused by many different factors, one frequent
>> cause being a text wrap problem.
>>
>> When a message is not only signed but encrypted+signed, the encryption
>> process *might* write off the cause of a bad signature.
>>
>> You might try sending a signed message to the list; maybe some clue
>> could be found.
>>
>
> OK. I'm back at the office tomorrow (Monday) and I'll try it then.
>
>> I have found on the keyservers two keys that seem to belong to you:
>> (1) Robert Smits
>> 1024 bit RSA key 49E9AF38, created: 2006-04-19
>> (2) Robert Smits
>> 1024 bit DSA key E7629731, created: 2005-12-31
>>
>
> Both are out of date, but so far I can't figure out how to cancel them at the
> keyservers.
>
> Bob
From zypher at spamcop.net Sat Apr 22 23:19:42 2006
From: zypher at spamcop.net (Ron B.)
Date: Mon Apr 24 11:01:44 2006
Subject: GPG creates two files?
In-Reply-To: <4045198.post@talk.nabble.com>
References: <4043624.post@talk.nabble.com>
<4045198.post@talk.nabble.com>
Message-ID: <444A9DEE.7050106@spamcop.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
razzel wrote:
> Thank you very much for your answer! Do you know if there is an graphical
> user interface to this GnuPG?
> rzzel
> Sweden
> --
> View this message in context:
http://www.nabble.com/GPG-creates-two-files--t1492159.html#a4045198
> Sent from the GnuPG - User forum at Nabble.com.
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
As you are talking about Word, I assume you are using one of the
Windows OS's.
I've found the Windows Privacy Tray (WinPT) useful. It does include a
wipe utility.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIVAwUBREqd7V+iaVoeuMy2AQq2nA/8CrPcP8VoHFks5S2RCBQGDIEnIf25rq9G
FELUD6/Wt9qVek6IyxcGopMaYH9na2tcAMSGSIqxQ79UNilzcf+f7KoCeZvCEenR
q/7wdeEESUmlqbQjf/I2U95NeLkPDQlYDVgPHZiYNsNnRAI8bd3kUAK6q/KcgtsY
Fk2jm6Q+zggUpuhNxUFkQCtWj+CKlUp41Wx/1Vv6s15klFQydIQuKPNQr89OZS6d
mYk/ErBDZvXPtyi9aS07PAaZ4jJncPKvzDqgde+Cd2s+C4NJSCQZkSzWdFloM4Qd
5VLN8CFdq7jMobv4iYWI4WaKfLEx/HUcL1eYQuDBfc0D+kYJ8KP0H//DCeLQGszh
nfKKoq6mfo3YFvviFQWDF7l3iUc5AvHmiPhDWl1m3DCei2Sj2sK9sj6BQVxX70Tn
nBYOY2CWMDloypNGVKK+b2JK5frPvOiOiLg35Np1ymwvdmdZ+wa8/0R8NOtl+HLt
WPoFrHmXrSewnNxC3F5LhgvjjRz6gUcPMrs7G+vyAvcHY1XwPV5gdjO7FosNiu1O
5ouus/ltjvN6JdIA6JJpg6a5tXDUnP5w2SGojJIIl/eWiEpstxwt14/COGvRSYSU
ID/sy41LpyBbyKA7i0LPaA5pH+UOv5XDM4vv6oprfxuzESBx9p8RDrXs+GG4NPfA
7Z46coJfUfU=
=ivD5
-----END PGP SIGNATURE-----
From johnmoore3rd at joimail.com Mon Apr 24 13:25:57 2006
From: johnmoore3rd at joimail.com (John W. Moore III)
Date: Mon Apr 24 13:25:27 2006
Subject: Why are my signatures being labelled as bad?
In-Reply-To: <200604232107.33320.bob@rsmits.ca>
References: <200604191247.06112.labour@telus.net> <4448B20C.3080805@mac.com>
<200604232107.33320.bob@rsmits.ca>
Message-ID: <444CB5C5.5080904@joimail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Bob Smits wrote:
>> I have found on the keyservers two keys that seem to belong to you:
>> (1) Robert Smits
>> 1024 bit RSA key 49E9AF38, created: 2006-04-19
>> (2) Robert Smits
>> 1024 bit DSA key E7629731, created: 2005-12-31
>>
>
> Both are out of date, but so far I can't figure out how to cancel them at the
> keyservers.
You can't! Your only option is to Revoke them if you never plan to use
them for communication again.
JOHN :)
Timestamp: Monday 24 Apr 2006, 07:25 --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4-svn4123: (MingW32)
Comment: Public Key at: http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org
Comment: Homepage: http://tinyurl.com/9ubue
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBCAAGBQJETLXCAAoJEBCGy9eAtCsPiQoH/2tgcRlzNlaAiqH5RsFeCAaw
cvs2++wY/tGC/w2x82oh2tIfofVR7NbDZfA9IISjzft0hbwQNNKy6Upl3o3jUfK8
jlUjDDwIabQU/FwiNHTy7vdh1QkP5NKebW1NmOePoncx9p7Kcm4yOPjpa1sEhTOe
PXp0pOQBzUmsAAly+5jMR8Khbse4fN0CNaGcObi2qD4vz48wWAH60r/QAUTT1i2e
uDiWXdCfhYm0DZRADqBmJVcAdTGDcsb2YOC3/8oXhvAD9Nkpchis3763HUqYb/bu
10wKuVKxDVEXxkVj9mEeIXrk5oftJTQ9AFuIwRgIrCfLK3RLoS760Zvj/kn1AOE=
=PvrL
-----END PGP SIGNATURE-----
From hhhobbit7 at netscape.net Tue Apr 25 08:09:06 2006
From: hhhobbit7 at netscape.net (Henry Hertz Hobbit)
Date: Tue Apr 25 08:08:45 2006
Subject: dealing with password in batch file
Message-ID: <093E545B.0AFF16A9.0307202B@netscape.net>
On 21 Apr 2006 Trevor Smith wrote:
>On 21-Apr-06, at 3:11 PM, Sean Cerney wrote:
>> I've been decrypting xml files for a while now with a batch file
>> that converts the pgp file into an xml file with a timestamp.
>>
>> The thing is I always have to manually enter the password each time
>> I run the batch file. I want to
>> ...
>> Any suggestions? Thank you.
>
>Sorry, I'm not 100% sure what you're trying to do (I couldn't see any
>actual gpg stuff in your batch file, but it's been about a hundred
>years since I've seen a .bat file so I could be missing the
>obvious...), but if you're trying to automate passphrase entry into a
>batch file, here is what I have used in a Unix (or, rather, Linux and
>Mac OS X, actually) bash shell script:
>
>gpg --passphrase-fd 3 "$FILE" 3<$pwfile
>
>where $FILE is the file to be decrypted and $pwfile is a variable
>that is set to some arbitrary file name that contains the passphrase.
>
>What the above does is (after you create a temporary file with the
>passphrase in it) tell gpg to read the passphrase from "file
>descriptor 3" and the last bit (3<$pwfile) tells Unix to redirect the
>file, $pwfile, into file descriptor 3.
>
>Obviously you need to modify this somewhat to run on DOS (or Windows,
>or whatever it's called these days) but it may point you in the right
>direction.
You will have to modify it more than just a little. All that can be redirected in Script files (what used to be called batch files) is just STDIN and STDOUT (<, >). I don't even know a way to redirect STDERR. Please correct me if I am wrong. I tried it for a long while and gave up. It just didn't know what 2> meant. You will most likely have to write it in either a VBScript or a JScript tool (I strongly advise using VBScript). In them you have enough power to open up a file, read in the password, close the file and delete the file contaning the password immediately after reading in the password. In reality, I wouldn't even use VBScript. I would use C and compile it. The code size is about the same and it runs much faster and you have more control. You won't even need to worry about File Descriptor 3 - you will embed the everything in a system() function call with the password embedded into the command. I use the Mars compiler
http://www.digitalmars.com/
Your mileage will vary. I assume you know where all of the VBScript stuff is. I just don't think you can do it in batch because cmd.exe just isn't powerful enough to handle the redirect of FD-2 (STDERR), much less FD-3.
A lot of people working with very powerful Linux shells (ksh, sh, bash, etc.) just don't know how weak Windows Shell scripting is. I used to update all kind of stuff with a huge project (was working with cross compilers for the Hobbit and Intel chips of Pen systems) and finally gave up and demanded that they give me a Turrible-C compiler to do all of it. At least with that I had findfirst(), findnext() to read the dir, etc and do things accordingly. The updates were so convoluted with dirs coming into existence and going out of existence that I finally had to use recursion to handle all of the stuff.
HHH
HHH
__________________________________________________________________
Switch to Netscape Internet Service.
As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register
Netscape. Just the Net You Need.
New! Netscape Toolbar for Internet Explorer
Search from anywhere on the Web and block those annoying pop-ups.
Download now at http://channels.netscape.com/ns/search/install.jsp
From james at brutalhugs.com Tue Apr 25 06:26:08 2006
From: james at brutalhugs.com (James)
Date: Tue Apr 25 08:26:12 2006
Subject: Editing comments
Message-ID: <20060425042608.GH9164@brutalhugs.com>
Is it possible to edit or delete the comments in a key's UID?
Thanks.
--
GPG Fingerprint: E8B0 8163 C9DF 6C91 4567 895C 090F 1B45 87ED 9963
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: Digital signature
Url : /pipermail/attachments/20060425/c0f3d24d/attachment.pgp
From JPClizbe at comcast.net Tue Apr 25 08:35:14 2006
From: JPClizbe at comcast.net (John Clizbe)
Date: Tue Apr 25 08:35:24 2006
Subject: Editing comments
In-Reply-To: <20060425042608.GH9164@brutalhugs.com>
References: <20060425042608.GH9164@brutalhugs.com>
Message-ID: <444DC322.1030503@comcast.net>
James wrote:
> Is it possible to edit or delete the comments in a key's UID?
>
> Thanks.
It's much simpler to add a new UID and delete the old one. If the key is on the
keyservers you'll need to revoke the old UID instead of deleting it.
--
John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet
Golden Bear Networks PGP/GPG KeyID: 0x608D2A10
"Be who you are and say what you feel because those who mind don't matter
and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 668 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060425/b2db03dc/signature.pgp
From shavital at mac.com Tue Apr 25 13:06:02 2006
From: shavital at mac.com (Charly Avital)
Date: Tue Apr 25 13:05:31 2006
Subject: Mac OS X - Installing and configuring 'gpg-agent'
Message-ID: <444E029A.5030202@mac.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
New to this list. Running Mac OSX 10.4.6 (Darwin 8.6.0), gpg 1.4.3.
Installed gpg-agent 1.9.10 using darwin.ports following the instructions
contained in url: .
Upon completion of installation of all required libraries and 1.9.10, I
have the following results:
- - man gpg-agent outputs 'No manual entry for gpg-agent'
- - appropos gpg-agent outputs 'gpg-agent: nothing appropriate'
- - which gpg-agent outputs '/usr/local/bin/gpg-agent' - So there is a
gpg-agent installed, somehow.
- - locate gpg-agent outputs:
/opt/local/var/db/dports/sources/rsync.rsync.opendarwin.org_dpupdate_dports/security/gpg-agent
/opt/local/var/db/dports/sources/rsync.rsync.opendarwin.org_dpupdate_dports/security/gpg-agent/Portfile
/usr/local/bin/gpg-agent
When I type gpg-agent in Terminal, I get:
gpg-agent: can't connect to `/Users/shavital/.gnupg/S.gpg-agent': No
such file or directory
gpg-agent: no gpg-agent running in this session
I am aware that current gpg 1.9* is 1.9.20.
When I try to enable gpg-agent in gpg.conf(use-agent) and in the MUA
(SeaMonkey 1.0.1+enigmail_0.94), the result is 'gpg-agent not available...'
Thanks in advance for any assistance.
Charly
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
Comment: GnuPG for Privacy
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIVAwUBRE4ClW69XHxycyfPAQiFqRAAkHibZPNDmfrdGu0wQgR/gul8Ay+3rltU
5jcHgAhFb7JAx4bBjKKiW0BhPfArYGkZcEL5F9MWQ3g/sjlClGZ6Fvadv4aJS58S
5whToOMdZEi+JcMm/VS0fXWEnsJEsF8AFrtht7DkWcVDRMLmaPEqe76K0EDM0m/6
7jJcz+IV4hDB2hOQJleV1Z+TP0hdaQuKbSPJDZOzb9iUjhMIu854ZLeE26677nSB
x/Ke87VVzInKICk1ShPg/tuJx7Vefdpk1kfcQ48CEYJjVzvUyuoQTGYMjCtD6Rn1
6voUjlUcHywtbjkLW8ASeaTSiOGIKPLzvqGCsouEMK5V7fEaR2BZBo2hqZ+Paj2/
L1qvUUunwK/TOumcjk3vXyryVMNESl8ApJlbLpun6MWOIkqa3VvoDhRHOUuRyQ3E
L/ZaGhaP8F0ACI5eAzLWBTlI3FFNMMTjx1kVQWk6DDkhUmliTOrJ5T862wIU31+P
+QcmH9TuS0t13qZJcGHh1hpcUCNqdJ0x72W5E4n/3HjKXB3+VUfNRYv3zBtkbzJZ
phn39PJugUXIxqNZQKGFpNnC/KQ0cLWVD2ovS4r5DDbsGCVnbmoHdTUE7qhckX3/
oEKDoo1QHN0C9BAe1Xkp9yzEfVJnkrDgZsGTAsmdPdsesoaF6BKSIiJtLjVx+lEK
LA1vZ/LDNps=
=AXSP
-----END PGP SIGNATURE-----
From wk at gnupg.org Tue Apr 25 14:30:56 2006
From: wk at gnupg.org (Werner Koch)
Date: Tue Apr 25 14:37:50 2006
Subject: Mac OS X - Installing and configuring 'gpg-agent'
In-Reply-To: <444E029A.5030202@mac.com> (Charly Avital's message of "Tue, 25
Apr 2006 07:06:02 -0400")
References: <444E029A.5030202@mac.com>
Message-ID: <87y7xtltvj.fsf@wheatstone.g10code.de>
On Tue, 25 Apr 2006 07:06:02 -0400, Charly Avital said:
> New to this list. Running Mac OSX 10.4.6 (Darwin 8.6.0), gpg 1.4.3.
> Installed gpg-agent 1.9.10 using darwin.ports following the instructions
That is a pretty old version.
> - man gpg-agent outputs 'No manual entry for gpg-agent'
There is no man page. Use "info gnupg".
> When I type gpg-agent in Terminal, I get:
> gpg-agent: can't connect to `/Users/shavital/.gnupg/S.gpg-agent': No
> such file or directory
> gpg-agent: no gpg-agent running in this session
Please read the manual. Basically you need to pass the option
"--daemon" to startup gpg-agent. Without gpg-agent merely checks
whether an instace is already running.
Salam-Shalom,
Werner
ps.
Here is a short excerpt from the manual (current version, though):
@command{gpg-agent} is a daemon to manage secret (private) keys
independently from any protocol. It is used as a backend for
@command{gpg} and @command{gpgsm} as well as for a couple of other
utilities.
@noindent
The usual way to run the agent is from the @code{~/.xsession} file:
@example
eval `gpg-agent --daemon`
@end example
@noindent
If you don't use an X server, you can also put this into your regular
startup file @code{~/.profile} or @code{.bash_profile}. It is best not
to run multiple instance of the @command{gpg-agent}, so you should make
sure that only one is running: @command{gpg-agent} uses an environment
variable to inform clients about the communication parameters. You can
write the content of this environment variable to a file so that you can
test for a running agent. This short script may do the job:
@smallexample
if test -f $HOME/.gpg-agent-info && \
kill -0 `cut -d: -f 2 $HOME/.gpg-agent-info` 2>/dev/null; then
GPG_AGENT_INFO=`cat $HOME/.gpg-agent-info`
export GPG_AGENT_INFO
else
eval `gpg-agent --daemon`
echo $GPG_AGENT_INFO >$HOME/.gpg-agent-info
fi
@end smallexample
@noindent
Note that the new option @option{--write-env-file} may be used instead.
@noindent
You should always add the following lines to your @code{.bashrc} or
whatever initialization file is used for all shell invocations:
@smallexample
GPG_TTY=`tty`
export GPG_TTY
@end smallexample
@noindent
It is important that this environment variable always reflects the
output of the @code{tty} command. For W32 systems this option is not
required.
Please make sure that a proper pinentry program has been installed
under the default filename (which is system dependant) or use the
option @code{pinentry-pgm} to specify the full name of that program.
It is often useful to install a symbolic link from the actual used
pinentry (e.g. @file{/usr/bin/pinentry-gtk}) to the expected
one (e.g. @file{/usr/bin/pinentry}).
From shavital at mac.com Tue Apr 25 16:13:42 2006
From: shavital at mac.com (Charly Avital)
Date: Tue Apr 25 16:13:27 2006
Subject: Mac OS X - Installing and configuring 'gpg-agent'
In-Reply-To: <87y7xtltvj.fsf@wheatstone.g10code.de>
References: <444E029A.5030202@mac.com> <87y7xtltvj.fsf@wheatstone.g10code.de>
Message-ID: <444E2E96.7030803@mac.com>
Werner,
thanks for your prompt answer, and for quoting relevant parts of the
manual. I'll try to do my best with them.
Following are some responses embedded to your remarks.
Thanks again,
Charly
Werner Koch wrote on 4/25/06 8:30 AM:
> On Tue, 25 Apr 2006 07:06:02 -0400, Charly Avital said:
>
>> New to this list. Running Mac OSX 10.4.6 (Darwin 8.6.0), gpg 1.4.3.
>> Installed gpg-agent 1.9.10 using darwin.ports following the instructions
>
> That is a pretty old version.
Indeed. I never succeeded to compile 1.9.20 from source; there was
always one error or other (as I reported previously to gnupg-users).
So I tried DarwinPorts. They offered quite a functional set up.
>
>> - man gpg-agent outputs 'No manual entry for gpg-agent'
>
> There is no man page. Use "info gnupg".
Good to know. DarwinPorts page suggests:
-----
Once the software has been installed, you can find further information
about using gpg-agent with these commands:
% man gpg-agent
% apropos gpg-agent
% which gpg-agent
% locate gpg-agent
-----
>
>> When I type gpg-agent in Terminal, I get:
>> gpg-agent: can't connect to `/Users/shavital/.gnupg/S.gpg-agent': No
>> such file or directory
>> gpg-agent: no gpg-agent running in this session
>
> Please read the manual. Basically you need to pass the option
> "--daemon" to startup gpg-agent. Without gpg-agent merely checks
> whether an instace is already running.
I knew something had to be done with daemon, but had no idea what or how to.
>
>
> Salam-Shalom,
>
> Werner
Take care,
Charly
>
> ps.
That's one of the most useful PSs I've ever received.
> Here is a short excerpt from the manual (current version, though):
[...]
From wk at gnupg.org Wed Apr 26 13:29:06 2006
From: wk at gnupg.org (Werner Koch)
Date: Wed Apr 26 13:47:00 2006
Subject: [Announce] Gpg4win 1.0.1 released
In-Reply-To: <8764lld2fy.fsf@wheatstone.g10code.de> (Werner Koch's message of
"Fri, 07 Apr 2006 13:56:17 +0200")
References: <8764lld2fy.fsf@wheatstone.g10code.de>
Message-ID: <871wvkk22l.fsf@wheatstone.g10code.de>
Skipped content of type multipart/signed-------------- next part --------------
_______________________________________________
Gnupg-announce mailing list
Gnupg-announce@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce
From cri at linux.it Wed Apr 26 16:35:03 2006
From: cri at linux.it (Cristian Rigamonti)
Date: Wed Apr 26 20:26:22 2006
Subject: Athena ASE drive IIIe card reader
Message-ID: <20060426143503.GA4112@pegasus>
Hi, can anyone confirm if the Athena ASE drive IIIe card reader is supported by
gpg? If this is the case, would you recommend it over the SCM SCR-335 reader?
Cri
--
GPG/PGP Key-Id 0x943A5F0E - http://www.linux.it/~cri/cri.asc
Free software, free society - http://www.fsfeurope.org
From bob at rsmits.ca Wed Apr 26 21:22:51 2006
From: bob at rsmits.ca (Robert Smits)
Date: Wed Apr 26 21:22:51 2006
Subject: Why are my signatures being labelled as bad?
In-Reply-To: <444CB5C5.5080904@joimail.com>
References: <200604191247.06112.labour@telus.net>
<200604232107.33320.bob@rsmits.ca> <444CB5C5.5080904@joimail.com>
Message-ID: <200604261222.51540.bob@rsmits.ca>
On Monday 24 April 2006 04:25, John W. Moore III wrote:
> Bob Smits wrote:
> >> I have found on the keyservers two keys that seem to belong to you:
> >> (1) Robert Smits
> >> 1024 bit RSA key 49E9AF38, created: 2006-04-19
> >> (2) Robert Smits
> >> 1024 bit DSA key E7629731, created: 2005-12-31
> >
> > Both are out of date, but so far I can't figure out how to cancel them at
> > the keyservers.
>
> You can't! Your only option is to Revoke them if you never plan to use
> them for communication again.
Thanks, John, but I knew that. What I can't figure out is how to upload the
revocation certificates to a key server.
Bob.
--
President Cowichan Ladysmith NDP, Robert Smits Ph 245-2553 Fax 245-5531 Email
bob@rsmits.ca
From johnmoore3rd at joimail.com Wed Apr 26 21:37:33 2006
From: johnmoore3rd at joimail.com (John W. Moore III)
Date: Wed Apr 26 21:36:46 2006
Subject: Why are my signatures being labelled as bad?
In-Reply-To: <200604261222.51540.bob@rsmits.ca>
References: <200604191247.06112.labour@telus.net> <200604232107.33320.bob@rsmits.ca>
<444CB5C5.5080904@joimail.com> <200604261222.51540.bob@rsmits.ca>
Message-ID: <444FCBFD.5080101@joimail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Robert Smits wrote:
> Thanks, John, but I knew that. What I can't figure out is how to upload the
> revocation certificates to a key server.
Select the Revoke cert and Upload that to the Keyserver(s); it'll be
added as a UID and become effective as soon as "sharing" is complete.
My advice; Upload to all Keyservers and speed the time frame.
Also, Post your Revoke Cert to Groups/List so that others may Import
quickly!
JOHN :-\
Timestamp: Wednesday 26 Apr 2006, 15:36 --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4-svn4123: (MingW32)
Comment: Public Key at: http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org
Comment: Homepage: http://tinyurl.com/9ubue
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBCAAGBQJET8v8AAoJEBCGy9eAtCsP1wUIAIpwGC2QfPY90lwIE3GIcEEF
YGsSEAKDKA5Ci1H+PuMSo/HkgvDiSC+vffOB9jkZHg+XgdSRNE1YQJb3nxfNSko6
1iAaAQ240bT+PCll0+QVZu1zqcpki6S/RoD3AE/v9vkuCPox8WZtJ2FuPjorPXfd
4smz/XN5CqQZOAEspRYm6K4HaXHeEvbQ66OywmEO9fXK3P0shLuf62apRznT0NjZ
DvGdkEjx91cSry485eoLR1yrZd1AW/lrsJge48TjhS+m1pe5VX6j9AJ9sBre3REm
+r+P78a5H4CSYIM0PUasI0ifL6UAaM25nqyCmOADlrJMJ7Klrl7C+3NBus7kZuU=
=BgVS
-----END PGP SIGNATURE-----
From sarixe at gmail.com Wed Apr 26 23:47:07 2006
From: sarixe at gmail.com (Sarixe Avaliesz)
Date: Wed Apr 26 23:49:16 2006
Subject: GPA on a USB flash drive?
Message-ID:
Hey all,
I was wondering if it was possible to configure GPA to run solely from a
USB drive. Is it possible to have a gpa.conf on the USB so that it
doesn't require it in Application Data? Thanks.
Sarixe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060426/2bbdc1e4/signature.pgp
From johnmoore3rd at joimail.com Thu Apr 27 00:54:15 2006
From: johnmoore3rd at joimail.com (John W. Moore III)
Date: Thu Apr 27 00:53:38 2006
Subject: USB Drive Use
Message-ID: <444FFA17.2080309@joimail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Sarixe Avaliesz wrote:
> > Hey all,
> > I was wondering if it was possible to configure GPA to run solely from a
> > USB drive. Is it possible to have a gpa.conf on the USB so that it
> > doesn't require it in Application Data? Thanks.
> > Sarixe
If you mean GPG then Yes there is. Check out GPG 2 GO on my Homepage:
http://tinyurl.com/9ubue
JOHN :-D
Timestamp: Wednesday 26 Apr 2006, 18:54 --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4-svn4123: (MingW32)
Comment: Public Key at: http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org
Comment: Homepage: http://tinyurl.com/9ubue
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBCAAGBQJET/oWAAoJEBCGy9eAtCsPkV0H/3isyy6X4uZ5w+PtA/mea0mV
v2mIyW3SoeuW6fhBd/YlmPa3bnPag7fAV74jBBtDdldt5AaNj0tAtNaqujb+LK9Z
OCnZ6nop5LTEVIJ2YYACXng/qsRJ5bXkgX8vm8WUOxC0NJcPak20F0Fo/tYiHqJn
rnKK63yY+9IvcRuUHdu6svFYbSHEpy+ltFby+5kq4DL+soAu4bl6hG9XP0vPaiI4
FLkPFoAC3RTFG6Wx5lL9YTffqfbqiCj9LDkR6scwOQpg1pDmhs237JLPYCFDF0gl
9b53cHoCdxhpgPYe+EggxBcOB5crtQlvebVbfaGrfUhqmmRBVrdveKiklX/ztmY=
=69Mh
-----END PGP SIGNATURE-----
From sarixe at gmail.com Thu Apr 27 01:13:41 2006
From: sarixe at gmail.com (Sarixe Avaliesz)
Date: Thu Apr 27 01:13:23 2006
Subject: USB Drive Use
In-Reply-To: <444FFA17.2080309@joimail.com>
References: <444FFA17.2080309@joimail.com>
Message-ID:
John W. Moore III wrote:
> If you mean GPG then Yes there is. Check out GPG 2 GO on my Homepage:
>
> http://tinyurl.com/9ubue
>
> JOHN :-D
> Timestamp: Wednesday 26 Apr 2006, 18:54 --400 (Eastern Daylight Time)
No, I mean GPA. I already have successfully installed GPG on my USB
device. It's GPA (GNU Privacy Assistant). Actually, It doesn't need to
be GPA, I'm just looking for a portable frontend to GPG that I can
install on the USB device and use on multiple computers. One of these
computers has the users configured in such a way that the privileges are
very limited, thus I can't have anything with a registry value, etc.
Any suggestions?
Sarixe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060426/8426592b/signature-0001.pgp
From rdavelambert at gawab.com Thu Apr 27 03:26:09 2006
From: rdavelambert at gawab.com (rDeel)
Date: Thu Apr 27 03:25:20 2006
Subject: GnuPG and Pegasus Mail
Message-ID: <4112811.post@talk.nabble.com>
What is the simplest way of integrating GnuPG with the Pegasus Mail client?
Is there a plugin for Pegasus? Many thanks.
--
View this message in context: http://www.nabble.com/GnuPG-and-Pegasus-Mail-t1515185.html#a4112811
Sent from the GnuPG - User forum at Nabble.com.
From labour at telus.net Wed Apr 26 00:22:16 2006
From: labour at telus.net (Robert Smits)
Date: Thu Apr 27 11:35:46 2006
Subject: Why are my signatures being labelled as bad?
In-Reply-To: <4448B20C.3080805@mac.com>
References: <200604191247.06112.labour@telus.net> <4448B20C.3080805@mac.com>
Message-ID: <200604251522.26778.labour@telus.net>
On Friday 21 April 2006 03:21, you wrote:
> A 'bad signature' can be caused by many different factors, one frequent
> cause being a text wrap problem.
>
> When a message is not only signed but encrypted+signed, the encryption
> process *might* write off the cause of a bad signature.
>
> You might try sending a signed message to the list; maybe some clue
> could be found.
OK, here is a message to the list that is signed by me as labour@telus.net
--
Robert Smits Exec Ass't Ph 753-0201 Fax 753-2954 Email labour@telus.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: not available
Url : /pipermail/attachments/20060425/face16b3/attachment.pgp
From alphasigmax at gmail.com Thu Apr 27 11:41:10 2006
From: alphasigmax at gmail.com (Alphax)
Date: Thu Apr 27 11:41:50 2006
Subject: USB Drive Use
In-Reply-To:
References: <444FFA17.2080309@joimail.com>
Message-ID: <445091B6.6040106@gmail.com>
Sarixe Avaliesz wrote:
> John W. Moore III wrote:
>> If you mean GPG then Yes there is. Check out GPG 2 GO on my Homepage:
>>
>> http://tinyurl.com/9ubue
>>
>> JOHN :-D
>> Timestamp: Wednesday 26 Apr 2006, 18:54 --400 (Eastern Daylight Time)
> No, I mean GPA. I already have successfully installed GPG on my USB
> device. It's GPA (GNU Privacy Assistant). Actually, It doesn't need to
> be GPA, I'm just looking for a portable frontend to GPG that I can
> install on the USB device and use on multiple computers. One of these
> computers has the users configured in such a way that the privileges are
> very limited, thus I can't have anything with a registry value, etc.
> Any suggestions?
For a multi-environment setup, the Java-based Occulti suite
(http://sourceforge.net/projects/occulti) might be an option. Of course,
it's still in beta, and I've never used it, and I have no idea if it
would work on a USB device, but it's worth a try...
--
Alphax
Death to all fanatics!
Down with categorical imperative!
OpenPGP key: http://tinyurl.com/lvq4g
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 551 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060427/8d163cbf/signature.pgp
From richard at sheflug.co.uk Thu Apr 27 11:19:15 2006
From: richard at sheflug.co.uk (Richard Ibbotson)
Date: Thu Apr 27 13:26:12 2006
Subject: GnuPG and Pegasus Mail
In-Reply-To: <4112811.post@talk.nabble.com>
References: <4112811.post@talk.nabble.com>
Message-ID: <200604271019.23404.richard@sheflug.co.uk>
Hi
>What is the simplest way of integrating GnuPG with the Pegasus Mail
> client? Is there a plugin for Pegasus? Many thanks.
http://community.wow.net/grt/qdgpg.html
I haven't used because I only have access to GNU/Linux desktops. It's
supposed to be reliable. Used Pegasus a lot when I was still using
winduhs a long time ago.
--
Richard
www.sheflug.co.uk
From shavital at mac.com Thu Apr 27 15:10:55 2006
From: shavital at mac.com (Charly Avital)
Date: Thu Apr 27 15:10:08 2006
Subject: Why are my signatures being labelled as bad?
In-Reply-To: <200604251522.26778.labour@telus.net>
References: <200604191247.06112.labour@telus.net> <4448B20C.3080805@mac.com>
<200604251522.26778.labour@telus.net>
Message-ID: <4450C2DF.5000602@mac.com>
I could verify the signature as Good.
Charly
Robert Smits wrote the following on 4/25/06 6:22 PM:
> On Friday 21 April 2006 03:21, you wrote:
>> A 'bad signature' can be caused by many different factors, one frequent
>> cause being a text wrap problem.
>>
>> When a message is not only signed but encrypted+signed, the encryption
>> process *might* write off the cause of a bad signature.
>>
>> You might try sending a signed message to the list; maybe some clue
>> could be found.
>
> OK, here is a message to the list that is signed by me as labour@telus.net
From henkdebruijn at wanadoo.nl Thu Apr 27 15:28:01 2006
From: henkdebruijn at wanadoo.nl (Henk M. de Bruijn)
Date: Thu Apr 27 15:27:00 2006
Subject: Why are my signatures being labelled as bad?
In-Reply-To: <200604261222.51540.bob@rsmits.ca>
References: <200604191247.06112.labour@telus.net>
<200604232107.33320.bob@rsmits.ca> <444CB5C5.5080904@joimail.com>
<200604261222.51540.bob@rsmits.ca>
Message-ID: <1071300306.20060427152801@wanadoo.nl>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Wed, 26 Apr 2006 12:22:51 -0700GMT (26-4-2006, 21:22 +0200, where I
live), Robert Smits wrote:
> On Monday 24 April 2006 04:25, John W. Moore III wrote:
>> Bob Smits wrote:
>> > Both are out of date, but so far I can't figure out how to cancel them at
>> > the keyservers.
>> You can't! Your only option is to Revoke them if you never plan to use
>> them for communication again.
> Thanks, John, but I knew that. What I can't figure out is how to upload the
> revocation certificates to a key server.
AFAIK you have to import the revocation certificate into your key(ring)
and after that upload the revoked key to the keyserver(s).
HTH
- --
Henk M. de Bruijn
______________________________________________________________________
The Bat! Natural E-Mail System? version 3.73 Release Candidate 1 Pro on Windows XP SP2
Request-PGP: http://www.biglumber.com/x/web?qs=0x6C9F6CE78C32408B
Gossamer Spider Web of Trust http://www.gswot.org
A progressive and innovative Web of Trust
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4-svn4123: (MingW32)
iQEVAwUBRFDG3RHuy+60ZN0PAQg1Hwf/Tu2GIFRTOqaBGyvbqntA42y8c24hInjH
1n6wzrg3VhxABcNGgvDcsQXKh0INqO2SJeQ0wvfk4I5+yF9lkvna3VNrZkscq2cO
uEPdRrJsEDXjSnm1ljqo1mRHYCeScnwRTmXMgpmaUaB30lk4kHE0/hkaecBx8jS7
+Q9QFFuZP+cfgsT1Xg7XbcvZEplWjvH9WBo6hDMJvEYi8CdGfX/LZ60ajKtyCtOC
TwxRDzkkLMmg82Pe7auyuyWlFkKQ1rpfJVeSTLhJ9sGrckiV48KvABAmkqzYA+wB
W34qdex3q025d67hEMax5dvnImeXyyu0loRzTDNWxcIa+C2doedzOg==
=dl8e
-----END PGP SIGNATURE-----
From ml at bitfalle.org Thu Apr 27 19:19:18 2006
From: ml at bitfalle.org (markus reichelt)
Date: Thu Apr 27 19:19:03 2006
Subject: Why are my signatures being labelled as bad?
In-Reply-To: <444FCBFD.5080101@joimail.com>
References: <200604191247.06112.labour@telus.net>
<200604232107.33320.bob@rsmits.ca> <444CB5C5.5080904@joimail.com>
<200604261222.51540.bob@rsmits.ca> <444FCBFD.5080101@joimail.com>
Message-ID: <20060427171918.GB4191@dantooine>
* "John W. Moore III" wrote:
> Also, Post your Revoke Cert to Groups/List so that others may
> Import quickly!
first time that i stumble upon this kind of advice; it depends, i'd
say. if the majority of that list is in fact using digital signatures
and/or only encrypted messages, then's ok to post the rev.
certificate itself. if not, well, then maybe a footer info line is
sufficient. not half a page of annoying capital letter ascii, tho ;-)
of course, routine contacts (who use signatures /encryption) shall be
informed too, if not first. but please no mass mailings to those who
are ignorant of the issue, anyway.
--
left blank, right bald
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : /pipermail/attachments/20060427/e190e04b/attachment.pgp
From rdavelambert at gawab.com Thu Apr 27 20:36:04 2006
From: rdavelambert at gawab.com (rDeel)
Date: Thu Apr 27 20:35:06 2006
Subject: GnuPG and Pegasus Mail
In-Reply-To: <200604271019.23404.richard@sheflug.co.uk>
References: <4112811.post@talk.nabble.com>
<200604271019.23404.richard@sheflug.co.uk>
Message-ID: <4126977.post@talk.nabble.com>
Richard Ibbotson wrote:
>
> http://community.wow.net/grt/qdgpg.html
>
>
Yes, I found this on Google. However, when I try to download, all I get is a
0-Byte long zip file?
Is there another location for this file?
Many Thanks!
--
View this message in context: http://www.nabble.com/GnuPG-and-Pegasus-Mail-t1515185.html#a4126977
Sent from the GnuPG - User forum at Nabble.com.
From andriash at gmail.com Fri Apr 28 08:12:59 2006
From: andriash at gmail.com (Nick Andriash)
Date: Fri Apr 28 09:56:13 2006
Subject: GnuPG and Pegasus Mail
In-Reply-To: <4126977.post@talk.nabble.com>
References: <200604271019.23404.richard@sheflug.co.uk>
<4126977.post@talk.nabble.com>
Message-ID: <20060427231050.7562.ANDRIASH@gmail.com>
Hello rDeel,
On Thursday, April 27 2006 at 11:36 AM PDT, you wrote:
> Yes, I found this on Google. However, when I try to download, all I get is a
> 0-Byte long zip file?
No, the link works, but the download is slow. The file I was able to
download was 189 KB. I think you should just keep trying.
--
-=Nick Andriash=-
-=Creston, B.C. Canada=-
Becky Internet Mail v2.25 on Win XP Pro
_______________________________________________________________
PGPKey at: http://www.biglumber.com/x/web?qs=0xDAEB2FB93BCA7DD2
PGPKey at: http://www.biglumber.com/x/web?qs=0xC9134763
Gossamer Spider Web of Trust http://www.gswot.org
From widhalmt at unix.sbg.ac.at Fri Apr 28 12:33:44 2006
From: widhalmt at unix.sbg.ac.at (Thomas Widhalm)
Date: Fri Apr 28 12:33:31 2006
Subject: pgp & outlook
In-Reply-To: <000001c66479$f2a0e950$2801a8c0@MBRC40>
References: <000001c66479$f2a0e950$2801a8c0@MBRC40>
Message-ID: <4451EF88.4040601@unix.sbg.ac.at>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael D. Berger wrote:
> Now that I have gpg working on my linux box,
> I was thinking of cutting-and-pasting or attaching
> encrypted messages into outlook on my win2k box.
> On the other hand, I see that there are outlook pgp
> plugins. Are these good to use? Any suggestions
> regarding which plugin to use?
>
Hi!
I would really suggest using another Emailclient, but if you are stuck
to Outlook, try http://www.gpg4win.org/index.html . We try to establish
this as a standard features for all the MS Outlook users within our
Organizational Unit.
Feel free to ask, if you have any further questions.
Regards,
Thomas
- --
*****************************************************************
* Thomas Widhalm Unix Administrator *
* University of Salzburg ITServices (ITS) *
* Systems Management Unix Systems *
* Hellbrunnerstr. 34 5020 Salzburg, Austria *
* widhalmt@unix.sbg.ac.at +43/662/8044-6774 *
* gpg: 6265BAE6 *
* http://www.sbg.ac.at/zid/organisation/mitarbeiter/widhalm.htm *
*****************************************************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFEUe+Ikbjs3GJluuYRAlnvAJ45Vy8EczqjV1bYw2JeORqc7aDPtQCfQE4n
k5V395LvNxQiOBg6S7r/RDs=
=2fzK
-----END PGP SIGNATURE-----
From wk at gnupg.org Fri Apr 28 14:38:18 2006
From: wk at gnupg.org (Werner Koch)
Date: Fri Apr 28 14:41:26 2006
Subject: Key signing at the LinuxTag
Message-ID: <877j59q3id.fsf@wheatstone.g10code.de>
Hi!
This is just a short note, that I will attend the LinuxTag and be
available for key signing.
The LinuxTag[1] is the largest trade show and conference event in
Europe for GNU/Linux related things. It will take place next week
From May 3rd to 6th at the Rhein-Main-Hallen in Wiesbaden (close to
Frankfurt). You may meet me at the FSF Europe booth or at the social
events on Thursday and Friday night.
Shalom-Salam,
Werner
[1] http://www/linuxtag.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : /pipermail/attachments/20060428/b7df337c/attachment.pgp
From ml at bitfalle.org Fri Apr 28 18:22:44 2006
From: ml at bitfalle.org (markus reichelt)
Date: Fri Apr 28 18:22:26 2006
Subject: Key signing at the LinuxTag
In-Reply-To: <877j59q3id.fsf@wheatstone.g10code.de>
References: <877j59q3id.fsf@wheatstone.g10code.de>
Message-ID: <20060428162244.GB7903@dantooine>
* Werner Koch wrote:
> This is just a short note, that I will attend the LinuxTag and be
> available for key signing.
will you attend the key signing party too?
--
left blank, right bald
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : /pipermail/attachments/20060428/9265cd0d/attachment.pgp
From wk at gnupg.org Fri Apr 28 19:29:00 2006
From: wk at gnupg.org (Werner Koch)
Date: Fri Apr 28 19:31:18 2006
Subject: Key signing at the LinuxTag
In-Reply-To: <20060428162244.GB7903@dantooine> (markus reichelt's message of
"Fri, 28 Apr 2006 18:22:44 +0200")
References: <877j59q3id.fsf@wheatstone.g10code.de>
<20060428162244.GB7903@dantooine>
Message-ID: <87odylobhf.fsf@wheatstone.g10code.de>
On Fri, 28 Apr 2006 18:22:44 +0200, markus reichelt said:
> will you attend the key signing party too?
Only if they don't require to register for that party and use a speedy
protocol; i.e. requiring participants to hand out paper stripes with
the fingerprint while at the same same time presenting some kind of ID
card to the other next participant; then rotating to the next one.
Shalom-Salam,
Werner
From iam-est-hora-surgere at despammed.com Fri Apr 28 19:53:42 2006
From: iam-est-hora-surgere at despammed.com (Marcus Frings)
Date: Fri Apr 28 19:53:13 2006
Subject: Key signing at the LinuxTag
References: <877j59q3id.fsf@wheatstone.g10code.de>
<20060428162244.GB7903@dantooine>
<87odylobhf.fsf@wheatstone.g10code.de>
Message-ID:
* Werner Koch wrote:
> On Fri, 28 Apr 2006 18:22:44 +0200, markus reichelt said:
>> will you attend the key signing party too?
> Only if they don't require to register for that party and use a speedy
> protocol; i.e. requiring participants to hand out paper stripes with
> the fingerprint while at the same same time presenting some kind of ID
> card to the other next participant; then rotating to the next one.
Okay, then I believe you will not attend the key signing party for they
use another protocol and registration is required by this Sunday:
http://www.linuxtag.org/2006/de/community/keysigning.html
However, I would like to exchange fingerprints with you, Werner. I will
be there on Friday. Can we set up place and time here so other people
can join, too?
Regards,
Marcus
--
"Ich hab BIND Code gelesen. Und es war schrecklich. Ich hab tinydns Code
gelesen. Und es war schrecklich. Man sollte Paul Vixie und DJB mal DNS
erklaeren. Akademisch betrachtet ist tinydns minderwertig. Aber es funktioniert
halt. Angeblich." Thomas Ogrisegg in
From JPClizbe at comcast.net Sat Apr 29 03:23:27 2006
From: JPClizbe at comcast.net (John Clizbe)
Date: Sat Apr 29 03:29:32 2006
Subject: pgp & outlook
In-Reply-To: <000001c66479$f2a0e950$2801a8c0@MBRC40>
References: <000001c66479$f2a0e950$2801a8c0@MBRC40>
Message-ID: <4452C00F.5090802@comcast.net>
Michael D. Berger wrote:
> Now that I have gpg working on my linux box,
> I was thinking of cutting-and-pasting or attaching
> encrypted messages into outlook on my win2k box.
> On the other hand, I see that there are outlook pgp
> plugins. Are these good to use? Any suggestions
> regarding which plugin to use?
No need to c&p.
To access GnuPG from Outlook, you may use the GPGol Outlook extension or the
current-window and clipboard functions of key managers such as WinPT and GPGshell.
Never used Outlook so I can't really suggest which to use.
--
John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet
Golden Bear Networks PGP/GPG KeyID: 0x608D2A10
"Be who you are and say what you feel because those who mind don't matter
and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 668 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060428/a703eb2a/signature.pgp
From rdavelambert at gawab.com Sat Apr 29 04:00:09 2006
From: rdavelambert at gawab.com (rDeel)
Date: Sat Apr 29 03:59:09 2006
Subject: GnuPG and Pegasus Mail
In-Reply-To: <20060427231050.7562.ANDRIASH@gmail.com>
References: <4112811.post@talk.nabble.com>
<200604271019.23404.richard@sheflug.co.uk>
<4126977.post@talk.nabble.com>
<20060427231050.7562.ANDRIASH@gmail.com>
Message-ID: <4150438.post@talk.nabble.com>
No, the link works, but the download is slow. The file I was able to
download was 189 KB. I think you should just keep trying.
Thanks Nick, I think I had a poor setting in star Downloader program. I got
the file OK today via Firefox.
Wish me luck :-) LOL.
--
View this message in context: http://www.nabble.com/GnuPG-and-Pegasus-Mail-t1515185.html#a4150438
Sent from the GnuPG - User forum at Nabble.com.
From shavital at mac.com Sun Apr 30 16:17:47 2006
From: shavital at mac.com (Charly Avital)
Date: Sun Apr 30 16:17:17 2006
Subject: Problem with signing subkey - SHA256
Message-ID: <4454C70B.1030009@mac.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I have carried out checks, tests, and research, and still cannot solve
the following problem.
I run gpg 1.4.3 on three different Macs.
All three have the same pubrings and secrings.
All three have the same gpg.conf settings.
On two of them, I have no problem using an additional signing subkey to
clear-sign with SHA256.
On the third one, whenever I try to sign in-line, with digest-algo
SHA256 enabled in gpg.conf, I get the error message "DSA keys require a
160 bit hash...". The warning shows with three different MUAs (Eudora,
Mail.app, SeaMonkey 1.0.1).
SHA1 works fine.
Does it mean that in that computer, gpg does not recognize or accept the
signing subkey, and why?
The only difference with this third computer, is that it is running OS
10.3.9, while the two other run 10.4.6. I cannot believe this is the
reason why the signing subkey is not used.
The key is the same key in the three Macs.
The "third" computer's clock shows the correct time and date, therefore
there is no possibility of gpg not recognizing a subkey that might have
been generated "in the future". I even enabled --ignore-valid-from, but
no change.
Any ideas?
Thanks,
Charly
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
Comment: GnuPG for Privacy
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIVAwUBRFTHBW69XHxycyfPAQjp8Q/+KgqGlkRJ0OTnYyV2r8j5+VZVVBV4RUAc
u0eQs9KK0KQ8XB6fWpNyL5bhfIf+VxMigTUDwYHWP+oEKTzHNrPsCPESyEJY9jBs
XHfRH5QZ94JkFxrancgAh/SyEYedNGWo+UXvoU4KW/LRBVcbXBxL3J+hHJEXCbol
dVSosH01ptUlrVLO/3iQAbyAQJbhVx7rDbe4/hBu8gmsjnSjs7u79SYnrXNx38Pv
jnUlkBHIbB9Ak0R8mh8dnynI00pWw/xIH6g1uHHctXFYZo0JdDdg8yNFXUimQBQ2
H30YaRonuv4ozbUQ1qDSr5EmbJlFB2uH6Hw2ZOwi2fcVcwQtrjvKhbEw5dlAg3jR
zFzQdb3kwC/xxOE6rHXnK20D3+Ml0lWcxgdHzJSksZRVXiDC+F7Bub2TdL/r/MjU
BmOsmeDxtji5z44RGkJk87zLZ1Iu6fNQhOLWqI5NQzVYsfxKiAwLvmMubspkyK9i
Wu9x6fd3G0eK/NjABPeeDcf3Ez9X+DIiqOYcdGoQCecjc9BLsLi7zKfdjip0GFH0
u+imqt/EZYwPkK3fYDTcd1OghQrlJr2P60gI4kd3PNEweCTaCduew1g6+ydFGoVi
4yPUktRL7hM7MGM/vtA7OeKO3cj1hB3GjD50CBWZ7mxWaT6VJC8fixeBwpeinsaO
rwJHc+V4Py0=
=Comz
-----END PGP SIGNATURE-----
From adi-lists at koalatux.ch Sun Apr 30 16:08:07 2006
From: adi-lists at koalatux.ch (Adrian Friedli)
Date: Sun Apr 30 17:26:09 2006
Subject: card inactive
Message-ID: <200604301608.16577.adi-lists@koalatux.ch>
Hi
I've got a SCM SCR335 cardreader and a cryptocard from fsfe.org. I've setup
udev, so the user has access to the device.
Then when I want to access my card:
$ gpg -v --card-status
gpg: pcsc_connect failed: unknown reader (0x80100009)
gpg: card reader not available
gpg: OpenPGP card not available: general error
And when I stop pcscd I get this:
$ gpg -v --card-status
gpg: reader slot 0: using ccid driver
gpg: apdu_send_simple(0) failed: card inactive
My system is a Debian sid. GnuPG is version 1.4.3.
Please help.
Thanks
Adrian friedli
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20060430/9d461f37/attachment.pgp
From shavital at mac.com Sun Apr 30 22:44:11 2006
From: shavital at mac.com (Charly Avital)
Date: Sun Apr 30 22:43:28 2006
Subject: Mac OS X - Installing and configuring 'gpg-agent'
In-Reply-To: <4454FBAE.5040007@py-soft.co.uk>
References: <444E029A.5030202@mac.com> <4454FBAE.5040007@py-soft.co.uk>
Message-ID: <4455219B.9020903@mac.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Thanks really for your feedback.
I very much doubt I'll be able to do what you did. I'll try.
If I don't succeed, I'll e-mail you again a week or so from now,
thanking you in advance for your assistance.
Charly
Benjamin Donnachie wrote on 4/30/06 2:02 PM:
> Charly Avital wrote:
>> New to this list. Running Mac OSX 10.4.6 (Darwin 8.6.0), gpg 1.4.3.
>> Installed gpg-agent 1.9.10 using darwin.ports following the instructions
>> contained in url: .
>
> After much fuss, I recently persuaded gpg-agent v1.9.20 to compile under
> Mac OS with Darwin Ports. If I remember rightly, I used ports to
> install most of the libraries. However, one library was too out of date
> and I used ports file from the previous version to modify it.
>
> I then had to modify the gpg-agent source code to refer to the PCSC
> driver under Mac OS and it now works perfectly on my system.
>
> Unfortunately, I haven't got time to list the exact steps at the moment
> but, hopefully, the above might help you enough to get it going. If it
> doesn't, send me a message in about a week and I will send more detailed
> information / look into updating the gpg-agent port.
>
> Ben
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
Comment: GnuPG for Privacy
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIVAwUBRFUhl269XHxycyfPAQhKdRAAnsx38TMSqac+tD/0aw7HP17NhX2GZ/j3
v7GHasIZyzyc/Jv+mMa/Tq4gmH3FpyK98AYtAWKJS86Qi0HKsXNN2GKKSNSOHEoN
2Xf1mFW8i3/wdkvezwrwJMSIOhj4sd3AQQIwTI4AUPKDVSdaZnB4c3bb19ZfJ81e
8e8OAb0vajPx0e0ljDy4bwSnm6iP0anjFkgddeNLNxddd+eibg2at5lf2LMvbPbH
l6kLhcgrG3ES1ehjD+ZqxeGFbUeTh3zyzhIeN9MiLdRgWr1ixWKt0XQZMxFaVj2e
vGCUxE2WmxIl6OY8lQQ7qO4EVkcjC+qqbdiuBm6M27sZxde0eVPEWJiTPmCh1J3R
JiiaBPWHj1XfhRWhGsEGGVB50PliTDNb5la1WMyOGgs6x7tGVl6TFlrzBsE1z+Of
LgmUtskg2GuXGA2q0mLijnVzrjmw1vRx519Qqc9ZbNYO/9agy1EjZGp8ZGNZ3OFZ
PLDbOqghiS3ELn/DwRbCWLz87igILoC3DnoVJZjoETrUYwZm9cvgCozI4xNWrhu1
4riXNpjG6rPSIjXl4/sJbS5aL+CNSpCJGBEQddL+FLkNIrTXGR/4mcoAwVoZ8YKf
oUho+aHK/0MDXHCIGSVNfZBOvv7O2UGPBMAY2rrVcOLG89GWvhO/zR7voLB8XU34
ML2dNfdk08A=
=RCWp
-----END PGP SIGNATURE-----
From benjamin at py-soft.co.uk Sun Apr 30 20:02:22 2006
From: benjamin at py-soft.co.uk (Benjamin Donnachie)
Date: Sun Apr 30 22:56:05 2006
Subject: Mac OS X - Installing and configuring 'gpg-agent'
In-Reply-To: <444E029A.5030202@mac.com>
References: <444E029A.5030202@mac.com>
Message-ID: <4454FBAE.5040007@py-soft.co.uk>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Charly Avital wrote:
> New to this list. Running Mac OSX 10.4.6 (Darwin 8.6.0), gpg 1.4.3.
> Installed gpg-agent 1.9.10 using darwin.ports following the instructions
> contained in url: .
After much fuss, I recently persuaded gpg-agent v1.9.20 to compile under
Mac OS with Darwin Ports. If I remember rightly, I used ports to
install most of the libraries. However, one library was too out of date
and I used ports file from the previous version to modify it.
I then had to modify the gpg-agent source code to refer to the PCSC
driver under Mac OS and it now works perfectly on my system.
Unfortunately, I haven't got time to list the exact steps at the moment
but, hopefully, the above might help you enough to get it going. If it
doesn't, send me a message in about a week and I will send more detailed
information / look into updating the gpg-agent port.
Ben
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIVAwUBRFT7rOgNmph0Y1E2AQJ7NA/+Ns0dj3YR8P2EFqhdIWEoL3a+21wUUZIO
mnBmVntrLwnZbXEAwHB+iAu2OF7TBihemrFohfNYGg7xMZ6qDoaCm0V/HHovJ7mC
AKFmbJLAVIyrMJ9Gu/AA4IjmG8D+z6JpXjgfpk82TcYC+u3tnqpYVgoWcaNJCapH
/i72qyLHUlhYkCxEgNbH4iNjRb32y4PCjjGja695LH3Bds0HmT+6sDfSJAXuHgCc
09oQ9b2eANN4EJF/KCtJakpkbWftwti7O2S2yqVaHik5CDzIKeT3aDhQaavVO2Nw
mxdssMFGSx+LuQ3WOn5rWo3mtmRKhKnEcCAsRD0NXjvseS39KhdnP6MbQHAOeQIq
pvIBC0DHHwDH8x5n0K9hWxHZuU7u5vK+SlFDpzVLUJjr+VajEe5yV9HDZm8J/F3d
cyezz5zh0I8GWMQnCMjyLm7XVkfWG6/sO9SlP3j9dIy2FwsX49jT6CNSDAJRGKJg
BcXlNz2a7mZMBEUyIhs0I98BxuDXEmXW2Y052vIsADUwBCb+wjM4SQPnZwVMP6Bq
PPx56MXcJkkAnAK+8QXXf9+lqvqXmjH3VNj7d7SIu3GjPz63aTAj5nuBxAQTpFv8
oSQYsvUbuTDXzN2/Nqa6adW1RnPhT9yNsYQeUR2ZYgGPy+SuNhErWHAgdyIESpEv
hFzr380FdSs=
=Lpwe
-----END PGP SIGNATURE-----