From volker at ixolution.de Thu Nov 1 08:07:25 2007 From: volker at ixolution.de (Volker Dormeyer) Date: Thu, 1 Nov 2007 08:07:25 +0100 Subject: Decryption using Smartcard using CCID and PCSCD driver Message-ID: <200711010807.26154.volker@ixolution.de> Hi, I'm experiencing problems decrypting an email I received, recently. Decryption of other emails, even from the same sender works fine. Although the other recipients of this particular email don't seem to have a problem with the decryption of it. GPG tells me (recipients have been anonymised by xxxxxxxx, except myself): volker at freedom:~$ gpg -v email.asc gpg: armor header: Version: GnuPG v2.0.5 (GNU/Linux) gpg: public key is xxxxxxxx gpg: public key is 9107C5AC gpg: using subkey 9107C5AC instead of primary key DB5349DB gpg: sending command `SCD PKDECRYPT' to agent failed: ec=6.131 gpg: public key is xxxxxxxx gpg: public key is xxxxxxxx gpg: using subkey xxxxxxxx instead of primary key xxxxxxxx gpg: encrypted with 2048-bit RSA key, ID xxxxxxxx, created xxxxxxxx "other recipient " gpg: using subkey xxxxxxxx instead of primary key xxxxxxxx gpg: encrypted with 1024-bit RSA key, ID xxxxxxxx, created xxxxxxxx "other recipient " gpg: using subkey 9107C5AC instead of primary key DB5349DB gpg: encrypted with 1024-bit RSA key, ID 9107C5AC, created 2005-08-31 "Volker Dormeyer " gpg: public key decryption failed: general error gpg: using subkey xxxxxxxx instead of primary key xxxxxxxx gpg: encrypted with 1024-bit RSA key, ID xxxxxxxx, created xxxxxxxx "other recipient " gpg: decryption failed: secret key not available I've set the debug-level of scdaemon and gpg-agent to guru to receive the following log: volker at freedom:~$ watchgnupg --force .gnupg/log-socket >watchgnupg.log [client at fd 6 connected] [client at fd 7 connected] 6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: -> OK Pleased to meet you 6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: <- OPTION display=:0.0 6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: -> OK 6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: <- OPTION ttyname=/dev/pts/1 6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: -> OK 6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: <- OPTION ttytype=xterm 7 - 2007-11-01 07:39:32 scdaemon[4213]: listening on socket `/tmp/gpg-glRCWp/S.scdaemon' 7 - 2007-11-01 07:39:32 scdaemon[4213]: handler for fd -1 started 6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: -> OK 6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: <- OPTION lc-ctype=en_US.UTF-8 6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: -> OK 6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: <- OPTION lc-messages=en_US.UTF-8 6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: -> OK 6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: <- SCD SERIALNO openpgp 6 - 2007-11-01 07:39:32 gpg-agent[4052]: no running SCdaemon - starting it 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: using CCID reader 0 (ID=04E6:5115:60500033:0) 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: idVendor: 04E6 idProduct: 5115 bcdDevice: 0514 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: ChipCard Interface Descriptor: 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: bLength 54 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: bDescriptorType 33 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: bcdCCID 1.00 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: nMaxSlotIndex 0 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: bVoltageSupport 1 5.0V 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: dwProtocols 3 T=0 T=1 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: dwDefaultClock 4000 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: dwMaxiumumClock 12000 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: bNumClockSupported 0 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: dwDataRate 9600 bps 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: dwMaxDataRate 307200 bps 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: bNumDataRatesSupp. 0 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: dwMaxIFSD 252 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: dwSyncProtocols 00000000 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: dwMechanical 00000000 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: dwFeatures 000100BA 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: Auto configuration based on ATR 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: Auto voltage selection 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: Auto clock change 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: Auto baud rate change 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: Auto PPS made by CCID 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: TPDU level exchange 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: dwMaxCCIDMsgLen 263 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: bClassGetResponse echo 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: bClassEnvelope echo 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: wlcdLayout none 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: bPINSupport 0 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: bMaxCCIDBusySlots 1 7 - 2007-11-01 07:39:33 scdaemon[4213]: DBG: ccid-driver: usb_bulk_read error: Resource temporarily unavailable 7 - 2007-11-01 07:39:33 scdaemon[4213]: DBG: ccid-driver: USB: CALLING USB_CLEAR_HALT 7 - 2007-11-01 07:39:34 scdaemon[4213]: DBG: ccid-driver: usb_bulk_read error: Resource temporarily unavailable 7 - 2007-11-01 07:39:34 scdaemon[4213]: DBG: ccid-driver: USB: RETRYING bulk_in AGAIN 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: usb_bulk_read error: Resource temporarily unavailable 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: USB: RETRYING bulk_in AGAIN 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: status: 00 error: 00 octet[9]: 00 7 - 2007-11-01 07:39:35 data: 3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: status: 00 error: 00 octet[9]: 01 7 - 2007-11-01 07:39:35 data: 11 10 00 45 00 80 00 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: GetParametes returned 82 07 00 00 00 00 05 00 00 01 11 10 00 45 00 80 00 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: protocol ..........: T=1 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: bmFindexDindex ....: 11 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: bmTCCKST1 .........: 10 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: bGuardTimeT1 ......: 00 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: bmWaitingIntegersT1: 45 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: bClockStop ........: 00 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: bIFSC .............: 128 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: bNadValue .........: 0 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: sending 61 07 00 00 00 00 06 01 00 00 11 10 00 45 00 80 00 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: status: 00 error: 00 octet[9]: 01 7 - 2007-11-01 07:39:35 data: 11 10 00 45 00 80 00 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: sending 6F 05 00 00 00 00 07 00 00 00 00 C1 01 FC 3C 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: status: 00 error: 00 octet[9]: 00 7 - 2007-11-01 07:39:35 data: 00 E1 01 FC 1C 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: IFSD has been set to 252 7 - 2007-11-01 07:39:35 scdaemon[4213]: reader slot 0: using ccid driver 7 - 2007-11-01 07:39:35 scdaemon[4213]: slot 0: ATR=3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1 7 - 2007-11-01 07:39:35 scdaemon[4213.0] DBG: -> OK GNU Privacy Guard's Smartcard server ready 6 - 2007-11-01 07:39:35 gpg-agent[4052]: DBG: first connection to SCdaemon established 7 - 2007-11-01 07:39:35 scdaemon[4213]: updating status of slot 0 to 0x0007 7 - 2007-11-01 07:39:35 scdaemon[4213.0] DBG: <- GETINFO socket_name 7 - 2007-11-01 07:39:35 scdaemon[4213.0] DBG: -> D /tmp/gpg-glRCWp/S.scdaemon 7 - 2007-11-01 07:39:35 scdaemon[4213.0] DBG: -> OK 7 - 2007-11-01 07:39:35 scdaemon[4213.0] DBG: <- OPTION event-signal=12 7 - 2007-11-01 07:39:35 scdaemon[4213.0] DBG: -> OK 7 - 2007-11-01 07:39:35 scdaemon[4213.0] DBG: <- SERIALNO openpgp 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: send apdu: c=00 i=A4 p0=00 p1=0C lc=2 le=-1 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: APDU_data: 00 A4 00 0C 02 3F 00 6 - 2007-11-01 07:39:35 gpg-agent[4052]: DBG: additional connections at `/tmp/gpg-glRCWp/S.scdaemon' 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: sending 6F 0B 00 00 00 00 09 04 00 00 00 00 07 00 A4 00 0C 02 3F 00 92 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: status: 00 error: 00 octet[9]: 04 7 - 2007-11-01 07:39:35 data: 00 00 02 6B 00 69 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: response: sw=6B00 datalen=0 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: send apdu: c=00 i=A4 p0=04 p1=00 lc=6 le=-1 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: APDU_data: 00 A4 04 00 06 D2 76 00 01 24 01 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: sending 6F 0F 00 00 00 00 0A 04 00 00 00 40 0B 00 A4 04 00 06 D2 76 00 01 24 01 6D 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: status: 00 error: 00 octet[9]: 04 7 - 2007-11-01 07:39:35 data: 00 40 16 6F 12 84 10 D2 76 00 01 24 01 01 01 00 01 00 00 02 EB 00 00 90 00 47 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: response: sw=9000 datalen=20 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: dump: 6F 12 84 10 D2 76 00 01 24 01 01 01 00 01 00 00 02 EB 00 00 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: send apdu: c=00 i=CA p0=00 p1=4F lc=-1 le=256 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: APDU_data: 00 CA 00 4F 00 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: sending 6F 09 00 00 00 00 0B 04 00 00 00 00 05 00 CA 00 4F 00 80 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: status: 00 error: 00 octet[9]: 04 7 - 2007-11-01 07:39:35 data: 00 00 12 D2 76 00 01 24 01 01 01 00 01 00 00 02 EB 00 00 90 00 EA 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: response: sw=9000 datalen=16 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: dump: D2 76 00 01 24 01 01 01 00 01 00 00 02 EB 00 00 7 - 2007-11-01 07:39:35 scdaemon[4213]: AID: D2 76 00 01 24 01 01 01 00 01 00 00 02 EB 00 00 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: send apdu: c=00 i=CA p0=00 p1=C4 lc=-1 le=256 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: APDU_data: 00 CA 00 C4 00 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: sending 6F 09 00 00 00 00 0C 04 00 00 00 40 05 00 CA 00 C4 00 4B 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: status: 00 error: 00 octet[9]: 04 7 - 2007-11-01 07:39:35 data: 00 40 09 00 FE FE FE 03 03 03 90 00 24 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: response: sw=9000 datalen=7 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: dump: 00 FE FE FE 03 03 03 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: send apdu: c=00 i=CA p0=00 p1=6E lc=-1 le=256 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: APDU_data: 00 CA 00 6E 00 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: sending 6F 09 00 00 00 00 0D 04 00 00 00 00 05 00 CA 00 6E 00 A1 7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG: ccid-driver: status: 00 error: 00 octet[9]: 04 7 - 2007-11-01 07:39:36 data: 00 00 CA 4F 10 D2 76 00 01 24 01 01 01 00 01 00 00 02 EB 00 00 73 81 9D C0 01 78 C1 05 01 04 00 00 20 C2 05 01 04 00 00 20 C3 05 01 04 00 00 20 C4 07 00 FE FE FE 03 03 03 C5 3C 14 B6 61 3A 82 AF 0D D7 11 7D 6A 10 10 96 7F 77 2E 30 51 1B 82 E8 9C C3 85 F6 92 F8 40 50 64 36 36 40 86 9B 91 07 C5 AC B9 94 D5 C4 0C 93 39 16 15 FC 39 D9 96 36 0E 36 24 38 0E 54 C6 3C C4 85 A6 CD 7E C6 6E 9E EC 33 65 F2 70 F2 75 E4 C3 2F 6C A5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 43 16 11 B6 43 16 13 0D 43 16 13 46 5E 06 76 6F 6C 6B 65 72 90 00 30 7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG: response: sw=9000 datalen=200 7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG: dump: 4F 10 D2 76 00 01 24 01 01 01 00 01 00 00 02 EB 00 00 73 81 9D C0 01 78 C1 05 01 04 00 00 20 C2 05 01 04 00 00 20 C3 05 01 04 00 00 20 C4 07 00 FE FE FE 03 03 03 C5 3C 14 B6 61 3A 82 AF 0D D7 11 7D 6A 10 10 96 7F 77 2E 30 51 1B 82 E8 9C C3 85 F6 92 F8 40 50 64 36 36 40 86 9B 91 07 C5 AC B9 94 D5 C4 0C 93 39 16 15 FC 39 D9 96 36 0E 36 24 38 0E 54 C6 3C C4 85 A6 CD 7E C6 6E 9E EC 33 65 F2 70 F2 75 E4 C3 2F 6C A5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 43 16 11 B6 43 16 13 0D 43 16 13 46 5E 06 76 6F 6C 6B 65 72 7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG: send apdu: c=00 i=CA p0=00 p1=5E lc=-1 le=256 7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG: APDU_data: 00 CA 00 5E 00 7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG: ccid-driver: sending 6F 09 00 00 00 00 0E 04 00 00 00 40 05 00 CA 00 5E 00 D1 7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG: ccid-driver: status: 00 error: 00 octet[9]: 04 7 - 2007-11-01 07:39:36 data: 00 40 08 76 6F 6C 6B 65 72 90 00 D1 7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG: response: sw=9000 datalen=6 7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG: dump: 76 6F 6C 6B 65 72 7 - 2007-11-01 07:39:36 scdaemon[4213.0] DBG: -> S SERIALNO D2760001240101010001000002EB0000 0 7 - 2007-11-01 07:39:36 scdaemon[4213.0] DBG: -> OK 6 - 2007-11-01 07:39:36 gpg-agent[4052.6] DBG: -> S SERIALNO D2760001240101010001000002EB0000 0 6 - 2007-11-01 07:39:36 gpg-agent[4052.6] DBG: -> OK 6 - 2007-11-01 07:39:36 gpg-agent[4052.6] DBG: <- SCD SETDATA FEF51A7BB7DC6A19710A98D918C3DD54DA95C1E0F72264276C97534B1A11B9D043149BD3DF00254F2FAADC6D6F5DBB1FA14C6DFD53EE6C7553BD71FBFAC9C8F1FD01F6097321F021D3D67F1DC3C7A9F2E43274CB3B8BD39E1B684B21AE01AAB6D216A6B7A3056D677997D84A3C34AC8267EC4A49AF726A56D35645B66C070B 7 - 2007-11-01 07:39:36 scdaemon[4213.0] DBG: <- SETDATA FEF51A7BB7DC6A19710A98D918C3DD54DA95C1E0F72264276C97534B1A11B9D043149BD3DF00254F2FAADC6D6F5DBB1FA14C6DFD53EE6C7553BD71FBFAC9C8F1FD01F6097321F021D3D67F1DC3C7A9F2E43274CB3B8BD39E1B684B21AE01AAB6D216A6B7A3056D677997D84A3C34AC8267EC4A49AF726A56D35645B66C070B 7 - 2007-11-01 07:39:36 scdaemon[4213.0] DBG: -> OK 6 - 2007-11-01 07:39:36 gpg-agent[4052.6] DBG: -> OK 6 - 2007-11-01 07:39:36 gpg-agent[4052.6] DBG: <- SCD PKDECRYPT D2760001240101010001000002EB0000/82E89CC385F692F8405064363640869B9107C5AC 7 - 2007-11-01 07:39:36 scdaemon[4213.0] DBG: <- PKDECRYPT D2760001240101010001000002EB0000/82E89CC385F692F8405064363640869B9107C5AC 7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG: send apdu: c=00 i=CA p0=00 p1=6E lc=-1 le=256 7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG: APDU_data: 00 CA 00 6E 00 7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG: ccid-driver: sending 6F 09 00 00 00 00 0F 04 00 00 00 00 05 00 CA 00 6E 00 A1 7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG: ccid-driver: status: 00 error: 00 octet[9]: 04 7 - 2007-11-01 07:39:36 data: 00 00 CA 4F 10 D2 76 00 01 24 01 01 01 00 01 00 00 02 EB 00 00 73 81 9D C0 01 78 C1 05 01 04 00 00 20 C2 05 01 04 00 00 20 C3 05 01 04 00 00 20 C4 07 00 FE FE FE 03 03 03 C5 3C 14 B6 61 3A 82 AF 0D D7 11 7D 6A 10 10 96 7F 77 2E 30 51 1B 82 E8 9C C3 85 F6 92 F8 40 50 64 36 36 40 86 9B 91 07 C5 AC B9 94 D5 C4 0C 93 39 16 15 FC 39 D9 96 36 0E 36 24 38 0E 54 C6 3C C4 85 A6 CD 7E C6 6E 9E EC 33 65 F2 70 F2 75 E4 C3 2F 6C A5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 43 16 11 B6 43 16 13 0D 43 16 13 46 5E 06 76 6F 6C 6B 65 72 90 00 30 7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG: response: sw=9000 datalen=200 7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG: dump: 4F 10 D2 76 00 01 24 01 01 01 00 01 00 00 02 EB 00 00 73 81 9D C0 01 78 C1 05 01 04 00 00 20 C2 05 01 04 00 00 20 C3 05 01 04 00 00 20 C4 07 00 FE FE FE 03 03 03 C5 3C 14 B6 61 3A 82 AF 0D D7 11 7D 6A 10 10 96 7F 77 2E 30 51 1B 82 E8 9C C3 85 F6 92 F8 40 50 64 36 36 40 86 9B 91 07 C5 AC B9 94 D5 C4 0C 93 39 16 15 FC 39 D9 96 36 0E 36 24 38 0E 54 C6 3C C4 85 A6 CD 7E C6 6E 9E EC 33 65 F2 70 F2 75 E4 C3 2F 6C A5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 43 16 11 B6 43 16 13 0D 43 16 13 46 5E 06 76 6F 6C 6B 65 72 7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG: asking for PIN 'PIN' 7 - 2007-11-01 07:39:36 scdaemon[4213.0] DBG: -> INQUIRE NEEDPIN PIN 6 - 2007-11-01 07:39:36 gpg-agent[4052]: starting a new PIN Entry 6 - 2007-11-01 07:39:36 gpg-agent[4052]: DBG: connection to PIN entry established 7 - 2007-11-01 07:39:48 scdaemon[4213.0] DBG: <- [ 44 20 33 31 31 32 38 32 00 00 00 00 ...(80 bytes skipped) ] 7 - 2007-11-01 07:39:48 scdaemon[4213.0] DBG: <- END 7 - 2007-11-01 07:39:48 scdaemon[4213]: DBG: send apdu: c=00 i=20 p0=00 p1=82 lc=6 le=-1 7 - 2007-11-01 07:39:48 scdaemon[4213]: DBG: APDU_data: 00 20 00 82 06 33 31 31 32 38 32 7 - 2007-11-01 07:39:48 scdaemon[4213]: DBG: ccid-driver: sending 6F 0F 00 00 00 00 16 04 00 00 00 40 0B 00 20 00 82 06 33 31 31 32 38 32 E4 7 - 2007-11-01 07:39:49 scdaemon[4213]: DBG: ccid-driver: status: 00 error: 00 octet[9]: 04 7 - 2007-11-01 07:39:49 data: 00 40 02 90 00 D2 7 - 2007-11-01 07:39:49 scdaemon[4213]: DBG: response: sw=9000 datalen=0 7 - 2007-11-01 07:39:49 scdaemon[4213]: DBG: dump: 7 - 2007-11-01 07:39:49 scdaemon[4213]: DBG: send apdu: c=00 i=2A p0=80 p1=86 lc=128 le=256 7 - 2007-11-01 07:39:49 scdaemon[4213]: DBG: APDU_data: 00 2A 80 86 80 00 FE F5 1A 7B B7 DC 6A 19 71 0A 98 D9 18 C3 DD 54 DA 95 C1 E0 F7 22 64 27 6C 97 53 4B 1A 11 B9 D0 43 14 9B D3 DF 00 25 4F 2F AA DC 6D 6F 5D BB 1F A1 4C 6D FD 53 EE 6C 75 53 BD 71 FB FA C9 C8 F1 FD 01 F6 09 73 21 F0 21 D3 D6 7F 1D C3 C7 A9 F2 E4 32 74 CB 3B 8B D3 9E 1B 68 4B 21 AE 01 AA B6 D2 16 A6 B7 A3 05 6D 67 79 97 D8 4A 3C 34 AC 82 67 EC 4A 49 AF 72 6A 56 D3 56 45 B6 6C 07 0B 7 - 2007-11-01 07:39:49 scdaemon[4213]: DBG: ccid-driver: sending 6F 84 00 00 00 00 17 04 00 00 00 20 80 00 2A 80 86 80 00 FE F5 1A 7B B7 DC 6A 19 71 0A 98 D9 18 C3 DD 54 DA 95 C1 E0 F7 22 64 27 6C 97 53 4B 1A 11 B9 D0 43 14 9B D3 DF 00 25 4F 2F AA DC 6D 6F 5D BB 1F A1 4C 6D FD 53 EE 6C 75 53 BD 71 FB FA C9 C8 F1 FD 01 F6 09 73 21 F0 21 D3 D6 7F 1D C3 C7 A9 F2 E4 32 74 CB 3B 8B D3 9E 1B 68 4B 21 AE 01 AA B6 D2 16 A6 B7 A3 05 6D 67 79 97 D8 4A 3C 34 AC 82 67 EC 4A 49 AF 72 6A 56 D3 56 99 7 - 2007-11-01 07:39:49 scdaemon[4213]: DBG: ccid-driver: status: 00 error: 00 octet[9]: 04 7 - 2007-11-01 07:39:49 data: 00 90 00 90 7 - 2007-11-01 07:39:49 scdaemon[4213]: DBG: ccid-driver: sending 6F 09 00 00 00 00 18 04 00 00 00 40 05 45 B6 6C 07 0B D6 7 - 2007-11-01 07:39:49 scdaemon[4213]: DBG: ccid-driver: status: 00 error: 00 octet[9]: 04 7 - 2007-11-01 07:39:49 data: 00 00 02 69 85 EE 7 - 2007-11-01 07:39:49 scdaemon[4213]: DBG: response: sw=6985 datalen=0 7 - 2007-11-01 07:39:49 scdaemon[4213]: operation decipher result: Conditions of use not satisfied 6 - 2007-11-01 07:39:49 gpg-agent[4052.6] DBG: -> ERR 100663427 Conditions of use not satisfied 6 - 2007-11-01 07:39:49 gpg-agent[4052.6] DBG: <- BYE 6 - 2007-11-01 07:39:49 gpg-agent[4052.6] DBG: -> OK closing connection 6 - 2007-11-01 07:39:49 gpg-agent[4052]: handler 0x8092f90 for fd 6 terminated 7 - 2007-11-01 07:39:49 scdaemon[4213]: card_create_signature failed: Conditions of use not satisfied 7 - 2007-11-01 07:39:49 scdaemon[4213.0] DBG: -> ERR 100663427 Conditions of use not satisfied 7 - 2007-11-01 07:39:49 scdaemon[4213.0] DBG: <- RESTART 7 - 2007-11-01 07:39:49 scdaemon[4213.0] DBG: -> OK Does anybody have an idea on this? The outcome is similiar to when I use the pcscd driver. Thanks, Volker From hs2412 at gmail.com Thu Nov 1 11:13:07 2007 From: hs2412 at gmail.com (Hardeep Singh) Date: Thu, 1 Nov 2007 15:43:07 +0530 Subject: Fwd: ECC - how does it compare In-Reply-To: References: Message-ID: Hi All Thanks for your thoughts. I was also looking forward to your comments on what NSA is saying. For one, they claim RSA is "old" even with longer keys. Why are they making a case for ECC. Is it easier to crack. Another thing I could think of us that ECC key generation is like a one-way hash. If you input the same password, given the same curve, the key generated will always be the same. So, basically, there is no randomness involved in key generation. Doesnt that make ECC more prone to dictionary attacks? Regards Hardeep ---------- Forwarded message ---------- From: Hardeep Singh Date: Oct 29, 2007 11:05 PM Subject: ECC - how does it compare To: gnupg-users at gnupg.org Hi All I recently looked at software called 'seccure' which is available for linux. Its a tool for public key encryption using ECC rather than prime number factoring. http://www.nsa.gov/ia/industry/crypto_elliptic_curve.cfm Here NSA is making a case for ECC. One advantage that does seem to exist is that there is no need to persistently store any part of the key - so the threat of someone meddling with your key on the pen drive seems to be removed. What do you all think about this? Should we start building an ECC WOT? :-) Regards Hardeep Singh -- Hardeep Singh From roam at ringlet.net Thu Nov 1 09:54:31 2007 From: roam at ringlet.net (Peter Pentchev) Date: Thu, 1 Nov 2007 10:54:31 +0200 Subject: GPG fails to encrypt In-Reply-To: <990711.73653.qm@web54306.mail.re2.yahoo.com> References: <990711.73653.qm@web54306.mail.re2.yahoo.com> Message-ID: <20071101085431.GA1136@straylight.m.ringlet.net> On Tue, Oct 30, 2007 at 04:04:58PM -0700, William Bradshaw wrote: > When calling the GPG command from within a Vitria Businessware automator > process, files larger than 20MB fail to encrypt. Files smaller than > 20MB encrypt just fine. If I run the GPG command outside of the Vitria > Businessware process the large (20MB plus) files encrypt just fine. The > GPG command being called by Vitria is: > > /usr/local/bin/gpg --always-trust -e -r "FFFFF" > /vitria/bw3dev1/encrypt/FSA/$FSA.560167.$FHP.cere07110938.txt.01102007_11-13-08 Try getting an actual error message - that should help point to an actual problem :) There are several ways you could look for an error message, and most of them involve writing a simple shell script wrapper for gpg and having Vitria invoke the script instead of the gpg binary itself. Maybe something like the following could help (and yes, I'm aware of all the security problems within - predictable filenames, file/directory permissions and stuff): #!/bin/sh set -e GNUPG='/usr/local/bin/gpg' OUTDIR='/tmp/gpg' STDOUT="$OUTDIR/out.$$" STDERR="$OUTDIR/err.$$" $GNUPG "$@" > "$STDOUT" 2>"$STDERR" errcode="$?" echo "The GnuPG process's exit code is $errcode" >> "$STDERR" exit "$errcode" To use it, create a directory /tmp/gpg writeable by the user that Vitria should run as, then make Vitria execute it instead of the actual gpg binary. As a result, each time Vitria tries to run GnuPG, you'll get two files in the /tmp/gpg directory containing the data that gpg sent to its standard output and its standard error streams, and the exit code. If this does not help a whole lot, you could put an strace or ltrace or something like that in the script for further information gathering. Hope that helps! G'luck, Peter -- Peter Pentchev roam at ringlet.net roam at cnsys.bg roam at FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 What would this sentence be like if pi were 3? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20071101/c841c8de/attachment.pgp From email at sven-radde.de Thu Nov 1 12:45:49 2007 From: email at sven-radde.de (Sven Radde) Date: Thu, 01 Nov 2007 12:45:49 +0100 Subject: GNuPG Newb In-Reply-To: <13510878.post@talk.nabble.com> References: <13510878.post@talk.nabble.com> Message-ID: <4729BC6D.5000803@sven-radde.de> Hi! jramro schrieb: > I'm trying to send a php mail form and not able to get it to encrypt or do > much of anything. First of all, make sure that you have access to the gpg executable from your php script and that safe mode and similar restrictions do not cause problems. Make also sure that the necessary keys are imported, set to trustworthy on the machine you are running GnuPG and the like. > I was a bit confused because i heard that PGP can intercept a mail form > through SMTP and encrypt it , but that GnuPG can not? What is confusing about the fact that different softwares can have a different set of features? It should however be reasonably easy to write a wrapper around GnuPG that works as an SMTP proxy if this is really necessary. Maybe someone can point you to an existing solution, I would be surprised if there wasn't one already. A quick look at turned up Anubis but I have no idea about the quality of that project (last update 2004 - either it's very stable or very abandoned or both). > Do i have to first output my mail form into a temp folder as a .txt file, > and then encrypt the .txt file? You could do that, but gpg can also be used to handle piped standard in-/output. I think, this would be the preferred way. The command line would be roughly like: gpg --armor --recipient KEYID --encrypt --> write text to GnuPG stdin, terminate with EOF <-- read "PGP MESSAGE" from GnuPG stdout You can easily try this in the console. > When reaching last page, the mail form is assembled and populated and sent. So, at this point, before passing the assembled mail body string to the PHP mail()-function, you could just pipe it through a call to gpg. HTH, Sven From rjh at sixdemonbag.org Thu Nov 1 19:52:53 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 01 Nov 2007 13:52:53 -0500 Subject: GNuPG Newb In-Reply-To: <13510878.post@talk.nabble.com> References: <13510878.post@talk.nabble.com> Message-ID: <472A2085.3040509@sixdemonbag.org> jramro wrote: > I was a bit confused because i heard that PGP can intercept a mail form > through SMTP and encrypt it , but that GnuPG can not? GnuPG and PGP both support the OpenPGP specification (RFC2440). They also each have some additional functionality. PGP has a mail proxy as part of its additional functionality. GnuPG does not provide this. I am not fond of the mail proxy idea, myself. > Do i have to first output my mail form into a temp folder as a .txt file, > and then encrypt the .txt file? Probably not. I/O redirection will probably do the job for you. From wk at gnupg.org Thu Nov 1 20:34:34 2007 From: wk at gnupg.org (Werner Koch) Date: Thu, 01 Nov 2007 20:34:34 +0100 Subject: AS400 PGP In-Reply-To: <4728F816.6050704@sixdemonbag.org> (Robert J. Hansen's message of "Wed, 31 Oct 2007 16:48:06 -0500") References: <4728F816.6050704@sixdemonbag.org> Message-ID: <87k5p1220l.fsf@wheatstone.g10code.de> On Wed, 31 Oct 2007 22:48, rjh at sixdemonbag.org said: > product of g10 Code GmbH and the GnuPG community; PGP is a product of ^^^^^^^^ FWIW: Although we do quite some work on GnuPG there are other authors and contributors as well. GnuPG is part of the GNU project and legally "belongs" to the FSF. Shalom-Salam, Werner -- Werner Koch The GnuPG Experts http://g10code.com From dshaw at jabberwocky.com Fri Nov 2 03:11:18 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 1 Nov 2007 22:11:18 -0400 Subject: Key safety vs Backup : History of a bad day (key-restoration problem) In-Reply-To: References: <9f76a5860710271634i2e516e6djb2600650c7a90b9c@mail.gmail.com> Message-ID: <20071102021118.GC27408@jabberwocky.com> On Wed, Oct 31, 2007 at 04:59:29PM +0930, Roscoe wrote: > Not answering your questions but two handy tools I like :) > > > A while ago we had a big discussion regarding printing out keys for backup, > which (I think) prompted David Shaw to write a following small program to > assist those wanting to do so, here's part of the description of that program: > > "Due to metadata and redundancy, OpenPGP secret keys are significantly > larger than just the "secret bits". In fact, the secret key contains > a complete copy of the public key. Since the public key generally > doesn't need to be escrowed (most people have many copies of it on > various keyservers, web pages, etc), only extracting the secret parts > can be a real advantage. > > Paperkey extracts just those secret bytes and prints them. To > reconstruct, you re-enter those bytes (whether by hand or via OCR) and > paperkey can use them to transform your existing public key into a > secret key." > > -- http://www.jabberwocky.com/software/paperkey/ I've actually been rather surprised with the number of downloads of paperkey. I expected it to be in the tens, but there have been several hundred downloads. > (I think splitting a password into a few shares and distributing them > in suitable places is a sane way of writing down passwords. Other > people may disagree.) Is secret sharing a feature that people would want in paperkey? You'd be able to print out a number of pages, and pick some threshold number of pages that would be needed to reconstruct the key. I consider paperkey as the "backup of last resort", and it occurs to me that the ability to stash different printed backups in multiple places is useful, in case there is fading/damage to a printout as happened to the poor fellow who started this thread. That said, I am not completely convinced that it is better to use multiple secret-shared printouts rather than just multiple copies of the same printout. Does anyone see a good use case (aside from the cool-trick factor) to using secret sharing in paperkey? David From atom at smasher.org Fri Nov 2 03:27:59 2007 From: atom at smasher.org (Atom Smasher) Date: Fri, 2 Nov 2007 15:27:59 +1300 (NZDT) Subject: Key safety vs Backup : History of a bad day (key-restoration problem) In-Reply-To: <20071102021118.GC27408@jabberwocky.com> References: <9f76a5860710271634i2e516e6djb2600650c7a90b9c@mail.gmail.com> <20071102021118.GC27408@jabberwocky.com> Message-ID: <20071102022800.33011.qmail@smasher.org> On Thu, 1 Nov 2007, David Shaw wrote: > Does anyone see a good use case (aside from the cool-trick factor) to > using secret sharing in paperkey? ================ 1) weak passphrase on the key 2) no passphrase on the key #2 may be more useful than it seems, if a key is very rarely used and there's a risk that the passphrase will be lost/forgotten. this would allow a way to distribute the secret to trusted parties and/or hidden places without a passphrase on the key. of course the real questions: is there a need for that? would anyone use it? -- ...atom ________________________ http://atom.smasher.org/ 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "Sometimes I think we're alone in the universe, and sometimes I think we're not. In either case the idea is quite staggering." -- Arthur C. Clarke From yyz01 at yahoo.com Fri Nov 2 03:37:26 2007 From: yyz01 at yahoo.com (YYZ) Date: Thu, 1 Nov 2007 19:37:26 -0700 (PDT) Subject: A note to Atom Smasher [WAS: Subkey DSA signature changes...] In-Reply-To: <20071031110916.20027.qmail@smasher.org> Message-ID: <64011.95624.qm@web45516.mail.sp1.yahoo.com> --- Atom Smasher wrote: > On Tue, 30 Oct 2007, YYZ wrote: > > > Going through the list archives, I came across a few of your > postings > > that seem to indicate that you have more insight into the way > subkey > > self-signatures are generated than what I can gather from the RFC. > > Arguably, it's one of the most confusing sections... > > > > http://lists.gnupg.org/pipermail/gnupg-users/2004-May/022511.html > > > > However, i didn't find any more posts from you explaining how did > you > > manage to generate the missing self-signatures on your subkeys. I'd > > > appreciate if you could share that knowledge with us... > =================== > > don't try this at home - http://atom.smasher.org/gpg/gpg-migrate.txt > > it's an ugly hack, there's really no reason you should ever have to > do it, > and last i checked it didn't even work with gpg since 1.2.4. > Thanks! I can confirm that it doesn't work anymore. However, I have been able to hack the gpg code to do this, should I ever need to... > > > Since the signatures are computed from the hash of the key material > > > (which differs in the secret and the public key packets), I'd > suppose > > the secret subkey signature to be different from the public subkey > > signature. > ================= > > it's been a while since i've dug through the RFC... > > RFC2440:11.2. Key IDs and Fingerprints; A V4 fingerprint is the > 160-bit > SHA-1 hash of the one-octet Packet Tag, followed by the two-octet > packet > length, followed by the entire _Public_ Key packet starting with the > version field. > > fingerprint are calculated using just the public parts of the > [sub]key. > Hash used for computing signatures is different from the fingerprint. It changes every time a new signature is generated. However, what you stated is true for signature hashes too - they are computed just using the public parts of the key. Anyway, i got my answers from the gpg source code. When generating a new subkey pair, for some reason, it generates the signature twice, one for the public keyring and one for the private keyring. Can't see the rationale behind it, since it's computed over the same data... yyz __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From rjh at sixdemonbag.org Thu Nov 1 01:26:15 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 31 Oct 2007 19:26:15 -0500 Subject: Key safety vs Backup : History of a bad day (key-restoration problem) In-Reply-To: <20071102021118.GC27408@jabberwocky.com> References: <9f76a5860710271634i2e516e6djb2600650c7a90b9c@mail.gmail.com> <20071102021118.GC27408@jabberwocky.com> Message-ID: <1193876775.7681.13.camel@vmsamuel> > Does anyone see a good use case (aside from the cool-trick > factor) to using secret sharing in paperkey? Yes. E.g., I may wish to give shares to my best friend and my cousin. This way, even if their homes and/or offices are broken into, or one of them misplaces/loses their share, I don't need to worry about where that copy is: I just have the other person burn their share and issue two more. From dshaw at jabberwocky.com Fri Nov 2 04:14:09 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 1 Nov 2007 23:14:09 -0400 Subject: Key safety vs Backup : History of a bad day (key-restoration problem) In-Reply-To: <1193876775.7681.13.camel@vmsamuel> References: <9f76a5860710271634i2e516e6djb2600650c7a90b9c@mail.gmail.com> <20071102021118.GC27408@jabberwocky.com> <1193876775.7681.13.camel@vmsamuel> Message-ID: <20071102031409.GD27408@jabberwocky.com> On Wed, Oct 31, 2007 at 07:26:15PM -0500, Robert J. Hansen wrote: > > Does anyone see a good use case (aside from the cool-trick > > factor) to using secret sharing in paperkey? > > Yes. E.g., I may wish to give shares to my best friend and my cousin. > This way, even if their homes and/or offices are broken into, or one of > them misplaces/loses their share, I don't need to worry about where that > copy is: I just have the other person burn their share and issue two > more. Makes sense, especially if you are printing out the secret key with no passphrase (as if there was a passphrase, then even multiple lost copies shouldn't matter). Given the "backup of last resort" mentality, I think that printing the secret key without a passphrase can be a real benefit, and secret sharing can make that a bit more safe. David From rjh at sixdemonbag.org Thu Nov 1 01:59:31 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 31 Oct 2007 19:59:31 -0500 Subject: AS400 PGP In-Reply-To: <87k5p1220l.fsf@wheatstone.g10code.de> References: <4728F816.6050704@sixdemonbag.org> <87k5p1220l.fsf@wheatstone.g10code.de> Message-ID: <1193878771.7681.17.camel@vmsamuel> On Thu, 2007-11-01 at 20:34 +0100, Werner Koch wrote: > On Wed, 31 Oct 2007 22:48, rjh at sixdemonbag.org said: > > product of g10 Code GmbH and the GnuPG community; PGP is a product of ^^^^^^^^ > > FWIW: Although we do quite some work on GnuPG there are other authors > and contributors as well. GnuPG is part of the GNU project and legally > "belongs" to the FSF. Right. This may be an ambiguity in English: 'product' can mean either 'owned by' or 'created by'. I should have specified "created by g10 Code and the GnuPG community." It wasn't my intent to mislead anyone with respect to the copyright holder. Thank you for clearing up my clumsy words. :) From yyz01 at yahoo.com Fri Nov 2 03:58:41 2007 From: yyz01 at yahoo.com (YYZ) Date: Thu, 1 Nov 2007 19:58:41 -0700 (PDT) Subject: Key safety vs Backup : History of a bad day (key-restoration problem) In-Reply-To: <20071102022800.33011.qmail@smasher.org> Message-ID: <719762.95243.qm@web45503.mail.sp1.yahoo.com> Why not just pick a strong passphrase and mail a copy to all your email accounts? You would only need to worry about remembering the passphrase. One solution is to pick a bunch of friends who regularly use pgp (maybe even the active members from this list), encrypt the text of you passphrase to these recipients and keep several copies of it at different places (and obviously not mail it to any of the recipients). If ever you forget your passphrase, just ask anyone from the recipient list to decrypt it for you. You can then change the passphrase - no damage done! To be on the safe side, add a symmetric enc key too, with a simple password that you would always remember... yyz __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From rjh at sixdemonbag.org Thu Nov 1 02:50:55 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 31 Oct 2007 20:50:55 -0500 Subject: Key safety vs Backup : History of a bad day (key-restoration problem) In-Reply-To: <719762.95243.qm@web45503.mail.sp1.yahoo.com> References: <719762.95243.qm@web45503.mail.sp1.yahoo.com> Message-ID: <1193881855.7681.23.camel@vmsamuel> > Why not just pick a strong passphrase and mail a copy to all > your email accounts? You would only need to worry about remembering > the passphrase. Doesn't help if I'm dead. I have some encrypted traffic which my estate will need to read in the event of my death. So I can give my key and passphrase to my lawyer, I can store a copy in a safe deposit box, I can... etc. But all options involve leaving my key and passphrase under the control of a single person. A single person can make mistakes. They can be corrupted. They can lose it. They can... etc., etc. Secret shares make it possible for me to give shares to people I trust not to conspire against me, as opposed to people I trust to never make typical human errors. I am fortunate enough to have a fair number of the former, but like most people, none of the latter. From eocsor at gmail.com Fri Nov 2 05:50:43 2007 From: eocsor at gmail.com (Roscoe) Date: Fri, 2 Nov 2007 14:20:43 +0930 Subject: Key safety vs Backup : History of a bad day (key-restoration problem) In-Reply-To: <1193876775.7681.13.camel@vmsamuel> References: <9f76a5860710271634i2e516e6djb2600650c7a90b9c@mail.gmail.com> <20071102021118.GC27408@jabberwocky.com> <1193876775.7681.13.camel@vmsamuel> Message-ID: I don't see any worthwhile gain over setting a strong passphrase, and then secret sharing that passphrase with ssss. In Roberts example if you were to use ssss+paperkey you'd merely export an encrypted secret key, and then print in the line above it an ssss share. As far as I can see this would produce an equivalent state of affairs. The biggest practical difference is that since you're secret sharing just a passphrase and not a secret key it's going to be less typing to reconstruct your key. It does add an extra step to the situation, but I do like the one tool one job philosophy. [BTW: Adding paperkey to the tools section of gnupg.org would be good. I only found it because I read the mailing list :]. On 11/1/07, Robert J. Hansen wrote: > > Does anyone see a good use case (aside from the cool-trick > > factor) to using secret sharing in paperkey? > > Yes. E.g., I may wish to give shares to my best friend and my cousin. > This way, even if their homes and/or offices are broken into, or one of > them misplaces/loses their share, I don't need to worry about where that > copy is: I just have the other person burn their share and issue two > more. > > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From rjh at sixdemonbag.org Thu Nov 1 03:42:06 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 31 Oct 2007 21:42:06 -0500 Subject: Key safety vs Backup : History of a bad day (key-restoration problem) In-Reply-To: References: <9f76a5860710271634i2e516e6djb2600650c7a90b9c@mail.gmail.com> <20071102021118.GC27408@jabberwocky.com> <1193876775.7681.13.camel@vmsamuel> Message-ID: <1193884926.7681.31.camel@vmsamuel> On Fri, 2007-11-02 at 14:20 +0930, Roscoe wrote: > I don't see any worthwhile gain over setting a strong passphrase, and > then secret sharing that passphrase with ssss. Fewer things can go wrong. Secret shared passphrase + private key: what happens if the private key is unavailable? E.g., I die when my house burns down and my computer cooks and even my back-ups are toast. With a SS passphrase, I have to make off-site backups of my private key... and then I have to make sure that those off-site backups are still readable, since CD-Rs tend to go bad... and if I replace one, I have to make sure the passphrase is the same as the secret-shared passphrase... Secret shared paperkey: the private key is available as long as the secret shares are available. OCR the SS paperkey, recover the private key, boom, you're off to the races. Fewer components, fewer steps, fewer dependencies, longer-term storage: it's an all-around win. > The biggest practical difference is that since you're secret sharing > just a passphrase and not a secret key it's going to be less typing to > reconstruct your key. 147 bytes is not an onerous reconstruction job, even if you have to do it by hand. Base64 it and it's about 200 characters, or two and a half lines of text. From eocsor at gmail.com Fri Nov 2 11:37:20 2007 From: eocsor at gmail.com (Roscoe) Date: Fri, 2 Nov 2007 20:07:20 +0930 Subject: Key safety vs Backup : History of a bad day (key-restoration problem) In-Reply-To: <1193884926.7681.31.camel@vmsamuel> References: <9f76a5860710271634i2e516e6djb2600650c7a90b9c@mail.gmail.com> <20071102021118.GC27408@jabberwocky.com> <1193876775.7681.13.camel@vmsamuel> <1193884926.7681.31.camel@vmsamuel> Message-ID: Hmm, maybe I lost my meaning in trying to avoid verbosity. If I decided my mum, dad and brother could be trusted, I'd encrypt my private key with a strong password. Then I'd use ssss to generate 3 shares, which when combined would reveal the password to the private key. Now I'd distribute to my mum, dad and brother a copy of my private key and a password share each. Now lets say my private key ended up being 200 characters and my password 20 characters. To reconstruct it I would have to type in 200 characters once, and around 60 characters to recover the password (from the three shares) Constrast that to if I applied secret sharing to the unencrypted private key, I would, in order to recover my private key have to type in around 600 characters (from the three shares). ssss is open source and written in C, I don't see how there is any case for longer-term storage by avoiding ssss and using just paperkey. (If C compilers disappear paperkey and gpg aren't going to be very usable either) To include secret sharing in paperkey would indeed result in fewer components and fewer steps because you're inserting the functionality like that of ssss into paperkey and thus making paperkey more complex. I suppose thats a preference thing, as I mentioned I like the one tool one job philosophy. Now in light of having to type in more data (and thus one must store more data reliably) and replicating functionality already provided by ssss/paperkey I'm not seeing any advantage. But! It is clear, there is a demand for secret sharing in paperkey :) [I've made the assumption that the shares are the same size as the secret, this makes sense to me as you're encoding things as points in N space but I don On 11/1/07, Robert J. Hansen wrote: > On Fri, 2007-11-02 at 14:20 +0930, Roscoe wrote: > > I don't see any worthwhile gain over setting a strong passphrase, and > > then secret sharing that passphrase with ssss. > > Fewer things can go wrong. > > Secret shared passphrase + private key: what happens if the private key > is unavailable? E.g., I die when my house burns down and my computer > cooks and even my back-ups are toast. With a SS passphrase, I have to > make off-site backups of my private key... and then I have to make sure > that those off-site backups are still readable, since CD-Rs tend to go > bad... and if I replace one, I have to make sure the passphrase is the > same as the secret-shared passphrase... > > Secret shared paperkey: the private key is available as long as the > secret shares are available. OCR the SS paperkey, recover the private > key, boom, you're off to the races. > > Fewer components, fewer steps, fewer dependencies, longer-term storage: > it's an all-around win. > > > The biggest practical difference is that since you're secret sharing > > just a passphrase and not a secret key it's going to be less typing to > > reconstruct your key. > > 147 bytes is not an onerous reconstruction job, even if you have to do > it by hand. Base64 it and it's about 200 characters, or two and a half > lines of text. > > > From vedaal at hush.com Fri Nov 2 14:40:47 2007 From: vedaal at hush.com (vedaal at hush.com) Date: Fri, 02 Nov 2007 08:40:47 -0500 Subject: key-restoration problem // secret sharing Message-ID: <20071102134048.06B6ADA824@mailserver7.hushmail.com> >Message: 6 >Date: Thu, 1 Nov 2007 22:11:18 -0400 >From: David Shaw >Subject: Re: Key safety vs Backup : History of a bad day > (key-restoration problem) >> Paperkey extracts just those secret bytes and prints them. To >> reconstruct, you re-enter those bytes (whether by hand or via >OCR) and >> paperkey can use them to transform your existing public key into >a >> secret key." >> >> -- http://www.jabberwocky.com/software/paperkey/ >> (I think splitting a password into a few shares and distributing >them >> in suitable places is a sane way of writing down passwords. >Other >> people may disagree.) >Is secret sharing a feature that people would want in paperkey? >You'd >be able to print out a number of pages, and pick some threshold >number >of pages that would be needed to reconstruct the key. > >I consider paperkey as the "backup of last resort", and it occurs >to >me that the ability to stash different printed backups in multiple >places is useful, in case there is fading/damage to a printout as >happened to the poor fellow who started this thread. That said, I >am >not completely convinced that it is better to use multiple >secret-shared printouts rather than just multiple copies of the >same >printout. Does anyone see a good use case (aside from the cool- >trick >factor) to using secret sharing in paperkey? there may be an effective compromise workaround: [1] remove the passphrase from the secret key [2] (if not already in armored form, armor the secret key) [3] split the armored ascii text, and distribute it (carefully including the position lines, i.e., this 'share' of the secret key block contains lines 9 through 16) CAVEAT: (am out of my depth here, and welcome any technical input) is there a section of the ascii-armored secret key block, that by itself, is enough to reconstruct the secret key, and if so, how can it be determined which part of the keyblock it is, in order to make sure that that section is 'split' for sharing ? tia, vedaal -- Click for free quote on refinancing your mortgage. http://tagline.hushmail.com/fc/Ioyw6h4d84qz60iNKiktmIVjEpW92NLmGsBqyKjQHZHBArzVDclbhN/ From dshaw at jabberwocky.com Fri Nov 2 16:52:22 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Fri, 2 Nov 2007 11:52:22 -0400 Subject: New OpenPGP standard published Message-ID: <20071102155222.GA5428@jabberwocky.com> The new OpenPGP standard has been published. It was assigned RFC number 4880 (someone at the IETF has a sense of humor): http://www.ietf.org/rfc/rfc4880.txt In terms of GnuPG, we're almost completely compliant to it already as GnuPG was updated as the various drafts of the standard were discussed. Upcoming versions of GPG will change the "--openpgp" flag to mean the new RFC-4880. The old behavior will be available as "--rfc2440" (which already exists). David From 210525p42015 at denstarfarm.us Fri Nov 2 17:04:12 2007 From: 210525p42015 at denstarfarm.us (Robert D.) Date: Fri, 02 Nov 2007 12:04:12 -0400 Subject: RSA Weak? Message-ID: <472B4A7C.3040209@denstarfarm.us> Did someone write that there is some school of thought that RSA is no longer very strong? Or, is the meaning that it's likely to take 900 years instead of 100 years to crack? Just curious. I have RSA 4096's ... could change them easily enough if someone convinced me to do it. From wk at gnupg.org Fri Nov 2 18:18:03 2007 From: wk at gnupg.org (Werner Koch) Date: Fri, 02 Nov 2007 18:18:03 +0100 Subject: New OpenPGP standard published In-Reply-To: <20071102155222.GA5428@jabberwocky.com> (David Shaw's message of "Fri, 2 Nov 2007 11:52:22 -0400") References: <20071102155222.GA5428@jabberwocky.com> Message-ID: <87abpwva5w.fsf@wheatstone.g10code.de> On Fri, 2 Nov 2007 16:52, dshaw at jabberwocky.com said: > The new OpenPGP standard has been published. It was assigned RFC > number 4880 (someone at the IETF has a sense of humor): That's good news. The first version of OpenPGP took a bit more than a year to develop. At that time we had 3 implementations with only one not really up to the standard - although OpenPGP was based on the data formats of that implementation ;-) Now, exactly 9 years after rfc2440, there are numerous implementations of OpenPGP and it has proved itself to be a solid and well backward compatible standard. The WG did a really good job to add the new features and to clarify a lot of things which used to be hard to understand for someone who did his first implemention. I am going to celebrate that now with some pints of F?chschen at the Cafe Modigliani[1]. Feel free to join. Salam-Shalom, Werner [1] http://www.bilkinfo.de/firmen/gastronomie.html -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From rjh at sixdemonbag.org Fri Nov 2 19:59:05 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 02 Nov 2007 13:59:05 -0500 Subject: RSA Weak? In-Reply-To: <472B4A7C.3040209@denstarfarm.us> References: <472B4A7C.3040209@denstarfarm.us> Message-ID: <472B7379.7060604@sixdemonbag.org> Robert D. wrote: > Did someone write that there is some school of thought that RSA is no > longer very strong? Or, is the meaning that it's likely to take 900 > years instead of 100 years to crack? RSA has never lived up to people's grand expectations. Advances in computers and algorithms cause the sorts of RSA keys we can attack to creep ever so gradually upwards. It's reasonable to think that within a decade an attacker with a ridiculous amount of resources will be able to break RSA-1024. Our current crop of conventional techniques will likely stall out there. > Just curious. I have RSA 4096's ... could change them easily enough if > someone convinced me to do it. Not even people with RSA-1024 keys should be doing this. RSA-1024 is only insufficient if you have things you need to keep secret from phenomenally well-equipped people who are willing to spend millions of dollars to recover your data. Even if you have adversaries like this, it is still very unlikely they would ever actually do it. There are much more cost-effective ways to get your confidential information than spend millions of dollars breaking your RSA-1024 key. This is not something to be concerned about. From yalla at fsfe.org Fri Nov 2 20:42:09 2007 From: yalla at fsfe.org (Alexander W. Janssen) Date: Fri, 2 Nov 2007 20:42:09 +0100 Subject: RSA Weak? In-Reply-To: <472B7379.7060604@sixdemonbag.org> References: <472B4A7C.3040209@denstarfarm.us> <472B7379.7060604@sixdemonbag.org> Message-ID: On 11/2/07, Robert J. Hansen wrote: > RSA has never lived up to people's grand expectations. Advances in > computers and algorithms cause the sorts of RSA keys we can attack to > creep ever so gradually upwards. It's reasonable to think that within a > decade an attacker with a ridiculous amount of resources will be able to > break RSA-1024. How do you come to that figure? A keyspace of 1024 is the double amount of 1023 bit, so I'm curious how you come to that figures. It's one thing to brute-force 256-bit RSA in, let's say, a couple of months, but a totally different to break 1024 bits. As long as there ain't no really better algorithm to factor primes. Who knows what clever russian kid comes along with new, unique innovative ideas. Any pointers to confirm your claim "within a decade"? Alex. -- "I am tired of all this sort of thing called science here... We have spent millions in that sort of thing for the last few years, and it is time it should be stopped." -- Simon Cameron, U.S. Senator, on the Smithsonian Institution, 1901. . From email at sven-radde.de Fri Nov 2 21:06:46 2007 From: email at sven-radde.de (Sven Radde) Date: Fri, 02 Nov 2007 21:06:46 +0100 Subject: RSA Weak? In-Reply-To: References: <472B4A7C.3040209@denstarfarm.us> <472B7379.7060604@sixdemonbag.org> Message-ID: <472B8356.9030101@sven-radde.de> Hi! Alexander W. Janssen schrieb: > How do you come to that figure? A keyspace of 1024 is the double > amount of 1023 bit, so I'm curious how you come to that figures. While this is true for symmetric ciphers, there are far more efficient attack methods on asymmetric ciphers (factoring - instead of brute-forcing). > It's one thing to brute-force 256-bit RSA in, let's say, a couple of > months, but a totally different to break 1024 bits. The current public record is a 663-bit RSA-key ("RSA-200" as it has 200 digits) AFAIK: http://www.rsa.com/rsalabs/node.asp?id=2879 More recent is the factorization of a 640-bit RSA-key: http://www.rsa.com/rsalabs/node.asp?id=2964 As mentioned above, the difficulty does not scale exponentially: The 663-bit number took 55 CPU-years on a 2,2GHz Opteron, the 640-bit number 30 CPU-years. The actual computations were apparrently carried out by a cluster with 80 machines. In fact, some mathematician has proven that factoring is a polynomial problem, IIRC. cu, Sven From yalla at fsfe.org Fri Nov 2 21:29:13 2007 From: yalla at fsfe.org (Alexander W. Janssen) Date: Fri, 2 Nov 2007 21:29:13 +0100 Subject: RSA Weak? In-Reply-To: <472B81ED.2000901@sixdemonbag.org> References: <472B4A7C.3040209@denstarfarm.us> <472B7379.7060604@sixdemonbag.org> <472B81ED.2000901@sixdemonbag.org> Message-ID: On 11/2/07, Robert J. Hansen wrote: > Alexander W. Janssen wrote: > > How do you come to that figure? A keyspace of 1024 is the double > > amount of 1023 bit, so I'm curious how you come to that figures. > > A keyspace of 1024 bits is double that of 1023 bits. Prime numbers > become more scarce as they go on. For instance, there are two primes in > a keyspace of two bits. In a seven-bit keyspace--which, by your logic, > there should be thirty-two times as many primes--there are only twelve > and a half times as many. I'm not too familiar with prime- or number-theory. Does that scale in the same factor in all keyspaces? > Read this: > > http://www.theregister.com/2007/05/22/unreadable_writing_is_on_the_wall/ Thanks for sharing that. Not sure if I'll understand it, but I'll definetly have a look at it. However, the fact that primes get more rare when the keyspace is expanded isn't necessarily connected to that point that you still need to check the whole keyspace - which stills grows linearly? In cleartest: Even if primes get more rare, you still need to find your whole way through *all* numbers as long as you don't find a better algorithm. Putting probalistic prime-tests aside. Alex. -- "I am tired of all this sort of thing called science here... We have spent millions in that sort of thing for the last few years, and it is time it should be stopped." -- Simon Cameron, U.S. Senator, on the Smithsonian Institution, 1901. . From rjh at sixdemonbag.org Fri Nov 2 21:00:45 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 02 Nov 2007 15:00:45 -0500 Subject: RSA Weak? In-Reply-To: References: <472B4A7C.3040209@denstarfarm.us> <472B7379.7060604@sixdemonbag.org> Message-ID: <472B81ED.2000901@sixdemonbag.org> Alexander W. Janssen wrote: > How do you come to that figure? A keyspace of 1024 is the double > amount of 1023 bit, so I'm curious how you come to that figures. A keyspace of 1024 bits is double that of 1023 bits. Prime numbers become more scarce as they go on. For instance, there are two primes in a keyspace of two bits. In a seven-bit keyspace--which, by your logic, there should be thirty-two times as many primes--there are only twelve and a half times as many. Primes are spaced out further and further as numbers grow larger and larger. In this case, Arjen Lenstra is closing in on RSA-1024 with great alacrity. Lenstra is a reputable cryptographer, and his results are quite interesting. Read this: http://www.theregister.com/2007/05/22/unreadable_writing_is_on_the_wall/ From yalla at fsfe.org Fri Nov 2 21:35:36 2007 From: yalla at fsfe.org (Alexander W. Janssen) Date: Fri, 2 Nov 2007 21:35:36 +0100 Subject: RSA Weak? In-Reply-To: <472B8356.9030101@sven-radde.de> References: <472B4A7C.3040209@denstarfarm.us> <472B7379.7060604@sixdemonbag.org> <472B8356.9030101@sven-radde.de> Message-ID: On 11/2/07, Sven Radde wrote: [...] > As mentioned above, the difficulty does not scale exponentially: The > 663-bit number took 55 CPU-years on a 2,2GHz Opteron, the 640-bit number > 30 CPU-years. The actual computations were apparrently carried out by a > cluster with 80 machines. > > In fact, some mathematician has proven that factoring is a polynomial > problem, IIRC. A P-problem? Really?! Factoring primes is a polynomal problem nowadays? Are you SURE about that? Or do you just mean that the current development in CPU-power compensates the exponential nature to a linear one (in history) because CPU-power became cheap and parallelization became more common, reducing the complexity a bit? (although you can't reduce exponential complexity to linear or even polynomal just *as is*) That'd put RSA into deep trouble. And not only RSA. *sigh* I'm just realizing that I missed a lot in the last years. Must watch the development more closely... > cu, Sven Alex. -- "I am tired of all this sort of thing called science here... We have spent millions in that sort of thing for the last few years, and it is time it should be stopped." -- Simon Cameron, U.S. Senator, on the Smithsonian Institution, 1901. . From rjh at sixdemonbag.org Fri Nov 2 21:49:07 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 02 Nov 2007 15:49:07 -0500 Subject: RSA Weak? In-Reply-To: References: <472B4A7C.3040209@denstarfarm.us> <472B7379.7060604@sixdemonbag.org> <472B81ED.2000901@sixdemonbag.org> Message-ID: <472B8D43.5010200@sixdemonbag.org> Alexander W. Janssen wrote: > I'm not too familiar with prime- or number-theory. Does that scale in > the same factor in all keyspaces? A good first-order approximation for the number of primes with a certain number of bits is given by the formula: X = 2**number of bits Y = 2**(number of bits - 1) (X ln Y - Y ln X) / ((X ln Y) * (Y ln X)) I don't know what you mean by 'scale by the same factor'. But hey, if you want approximations, there you go. For small numbers this will be off by a significant amount, but it asymptotically grows better. > However, the fact that primes get more rare when the keyspace is > expanded isn't necessarily connected to that point that you still need > to check the whole keyspace - which stills grows linearly? If the keyspace grew linearly, it would be a trivial problem to factor. Just throw more cycles at it. The entire point is that the keyspace grows exponentially. You were arguing the exponential factor is two, which it's definitely not. In reality the exponential factor of difficulty added per bit changes depending on how large your key already is. If your key is small, adding one bit can substantially increase your security. If your key is large, adding one bit is a who-cares? proposition. If it helps, the National Institutes of Science and Technology (NIST) has estimated a 1024-bit key is roughly equivalent in computational complexity to an 80-bit symmetric key. > In cleartest: Even if primes get more rare, you still need to find > your whole way through *all* numbers as long as you don't find a > better algorithm. Such as, say, the generalized number field sieve? > Putting probalistic prime-tests aside. This has no connection whatsoever with factoring. Miller-Rabin is used to test primality; it does not give you any useful information about the factors of a number. From email at sven-radde.de Fri Nov 2 22:00:25 2007 From: email at sven-radde.de (Sven Radde) Date: Fri, 02 Nov 2007 22:00:25 +0100 Subject: RSA Weak? In-Reply-To: References: <472B4A7C.3040209@denstarfarm.us> <472B7379.7060604@sixdemonbag.org> <472B8356.9030101@sven-radde.de> Message-ID: <472B8FE9.4050608@sven-radde.de> Alexander W. Janssen schrieb: >> In fact, some mathematician has proven that factoring is a polynomial >> problem, IIRC. > > A P-problem? Really?! Factoring primes is a polynomal problem nowadays? > Are you SURE about that? Umm, no, not sure (hence the IIRC). Apparently, I am nearing an age where this disclaimer is actually necessary... In it is stated that the problem is known to be sub-exponential but that no polynomial algorithm is known. I think, I was referring to the primality test, which is known to be in P since sometime in 2002. > That'd put RSA into deep trouble. And not only RSA. Sorry, sorry, don't panic ;-) cu, Sven From rjh at sixdemonbag.org Fri Nov 2 22:01:31 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 02 Nov 2007 16:01:31 -0500 Subject: RSA Weak? In-Reply-To: References: <472B4A7C.3040209@denstarfarm.us> <472B7379.7060604@sixdemonbag.org> <472B8356.9030101@sven-radde.de> Message-ID: <472B902B.5080406@sixdemonbag.org> Alexander W. Janssen wrote: > A P-problem? Really?! Factoring primes is a polynomal problem nowadays? > Are you SURE about that? People who do not know what P stands for should not attempt to whap other people around with it. P is shorthand for deterministic polynomial time. NP is nondeterministic polynomial time. Factoring is known to be in NP. Therefore, it is perfectly fair to say that it's a polynomial problem, as long as Sven is not claiming that it's deterministic polynomial, which he isn't. Nondeterministic polynomial time means it can be solved in polynomial time by a nondeterministic Turing Machine--a machine that is capable of making phenomenally lucky guesses. Deterministic polynomial time means it can be solved in polynomial time by a Turing Machine that cannot make phenomenally lucky guesses. ... Incidentally, I'm assuming you meant 'factoring composites'. Factoring prime numbers is most definitely in P. It's also in NC and Context-Free, but probably not Regular; you need a pushdown automata to parse the number as you read it, which means a context-free language is required. From yalla at fsfe.org Fri Nov 2 22:05:01 2007 From: yalla at fsfe.org (Alexander W. Janssen) Date: Fri, 2 Nov 2007 22:05:01 +0100 Subject: RSA Weak? In-Reply-To: <472B8FE9.4050608@sven-radde.de> References: <472B4A7C.3040209@denstarfarm.us> <472B7379.7060604@sixdemonbag.org> <472B8356.9030101@sven-radde.de> <472B8FE9.4050608@sven-radde.de> Message-ID: On 11/2/07, Sven Radde wrote: > Alexander W. Janssen schrieb: > >> In fact, some mathematician has proven that factoring is a polynomial > >> problem, IIRC. > > > > A P-problem? Really?! Factoring primes is a polynomal problem nowadays? > > Are you SURE about that? > I think, I was referring to the primality test, which is known to be in > P since sometime in 2002. Ha, I made the same wrongful assumption. My fault. *Testing* primes is in a different class than *factoring* primes. > Sorry, sorry, don't panic ;-) :-) > cu, Sven Alex. -- "I am tired of all this sort of thing called science here... We have spent millions in that sort of thing for the last few years, and it is time it should be stopped." -- Simon Cameron, U.S. Senator, on the Smithsonian Institution, 1901. . From yalla at fsfe.org Fri Nov 2 22:12:48 2007 From: yalla at fsfe.org (Alexander W. Janssen) Date: Fri, 2 Nov 2007 22:12:48 +0100 Subject: RSA Weak? In-Reply-To: References: <472B4A7C.3040209@denstarfarm.us> <472B7379.7060604@sixdemonbag.org> <472B8356.9030101@sven-radde.de> <472B902B.5080406@sixdemonbag.org> Message-ID: On 11/2/07, Robert J. Hansen wrote: > Alexander W. Janssen wrote: > > A P-problem? Really?! Factoring primes is a polynomal problem nowadays? > > Are you SURE about that? > > Factoring is known to be in NP. Therefore, it is perfectly fair to say > that it's a polynomial problem, as long as Sven is not claiming that > it's deterministic polynomial, which he isn't. We already sorted that out in that other posting. > ... Incidentally, I'm assuming you meant 'factoring composites'. That's what I meant initially. > Factoring prime numbers is most definitely in P. Hold on. Earlier you say "Factoring is known to be in NP". P is much smaller. I'm not familiar to the latest outcomes. So what do you mean? > It's also in NC and > Context-Free, but probably not Regular; you need a pushdown automata to > parse the number as you read it, which means a context-free language is > required. OK, there you got me. I only know the term context-free from languages. Alex. -- "I am tired of all this sort of thing called science here... We have spent millions in that sort of thing for the last few years, and it is time it should be stopped." -- Simon Cameron, U.S. Senator, on the Smithsonian Institution, 1901. . -- "I am tired of all this sort of thing called science here... We have spent millions in that sort of thing for the last few years, and it is time it should be stopped." -- Simon Cameron, U.S. Senator, on the Smithsonian Institution, 1901. . From rjh at sixdemonbag.org Fri Nov 2 22:21:44 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 02 Nov 2007 16:21:44 -0500 Subject: RSA Weak? In-Reply-To: <472B81ED.2000901@sixdemonbag.org> References: <472B4A7C.3040209@denstarfarm.us> <472B7379.7060604@sixdemonbag.org> <472B81ED.2000901@sixdemonbag.org> Message-ID: <472B94E8.7040605@sixdemonbag.org> Robert J. Hansen wrote: > A keyspace of 1024 bits is double that of 1023 bits. Prime numbers s/is double/is not double/ My typo, sorry. From yalla at fsfe.org Fri Nov 2 22:03:10 2007 From: yalla at fsfe.org (Alexander W. Janssen) Date: Fri, 2 Nov 2007 22:03:10 +0100 Subject: RSA Weak? In-Reply-To: <472B8D43.5010200@sixdemonbag.org> References: <472B4A7C.3040209@denstarfarm.us> <472B7379.7060604@sixdemonbag.org> <472B81ED.2000901@sixdemonbag.org> <472B8D43.5010200@sixdemonbag.org> Message-ID: On 11/2/07, Robert J. Hansen wrote: > A good first-order approximation for the number of primes with a certain > number of bits is given by the formula: > > X = 2**number of bits > Y = 2**(number of bits - 1) > > (X ln Y - Y ln X) / ((X ln Y) * (Y ln X)) Thanks. Though I must admit I must think about it before making a comment on it. > I don't know what you mean by 'scale by the same factor'. But hey, if > you want approximations, there you go. For small numbers this will be > off by a significant amount, but it asymptotically grows better. Was meant to be read as: As you add a bit you double the keyspace, but you said something else about it more below. But you're argument that it "asymptotically grows better" worries me when I think of my concept of asympotic - you mean, that the length of the key and the probabilty of finding the factors converge? > > However, the fact that primes get more rare when the keyspace is > > expanded isn't necessarily connected to that point that you still need > > to check the whole keyspace - which stills grows linearly? > > If the keyspace grew linearly, it would be a trivial problem to factor. > Just throw more cycles at it. Not really; if it scale exponentially, it wouldn't worry me. > The entire point is that the keyspace grows exponentially. That's what I meant. > You were > arguing the exponential factor is two, which it's definitely not. Uh. Did I say this? Yes, "doubles the keyspace"... Unlucky statement. Yet true? > In reality the exponential factor of difficulty added per bit changes > depending on how large your key already is. If your key is small, > adding one bit can substantially increase your security. If your key is > large, adding one bit is a who-cares? proposition. Is that related to the approximated formular - density of primes - you gave above? Must think of it. > If it helps, the National Institutes of Science and Technology (NIST) > has estimated a 1024-bit key is roughly equivalent in computational > complexity to an 80-bit symmetric key. I read about it without further thinking about it. Hey. I ain't no mathematician and last math-session at my Uni is years ago... :) > > In cleartest: Even if primes get more rare, you still need to find > > your whole way through *all* numbers as long as you don't find a > > better algorithm. > > Such as, say, the generalized number field sieve? No, like in runtime, finding your way through the problem. But see below: > > Putting probalistic prime-tests aside. > > This has no connection whatsoever with factoring. Miller-Rabin is used > to test primality; it does not give you any useful information about the > factors of a number. And that was my problem: You are absolutely right: I was implying (wrongly) that finding a prime is in the same class as *factoring* primes. Which is absolutely wrong. Thanks for your clarification. Makes more sense now, although I'm not entirely enlighted yet... Alex. -- "I am tired of all this sort of thing called science here... We have spent millions in that sort of thing for the last few years, and it is time it should be stopped." -- Simon Cameron, U.S. Senator, on the Smithsonian Institution, 1901. . From rjh at sixdemonbag.org Fri Nov 2 22:27:02 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 02 Nov 2007 16:27:02 -0500 Subject: RSA Weak? In-Reply-To: References: <472B4A7C.3040209@denstarfarm.us> <472B7379.7060604@sixdemonbag.org> <472B8356.9030101@sven-radde.de> <472B902B.5080406@sixdemonbag.org> Message-ID: <472B9626.8040902@sixdemonbag.org> Alexander W. Janssen wrote: > > Factoring prime numbers is most definitely in P. > > Hold on. Earlier you say "Factoring is known to be in NP". P is much > smaller. I'm not familiar to the latest outcomes. So what do you mean? If you have a proof that P is much smaller than NP, a million bucks is yours for the claiming. Factoring, in the general case, is in NP. Factoring, /specifically applied to prime numbers/, is in Context-Free. Like most math problems, there are certain special forms of problems that are easier to solve than others. If I ask you to factor 2,147,483,647, well, that might take you a very long time. If I tell you that 2,147,483,647 is a prime number (the eighth Mersenne) and ask you to factor it, you don't have to do any computation at all: you just give the number back to me and you're done. You can skip the entire computation step. When numbers are in a special form, there often exist special purpose algorithms that are much more efficient than the general purpose algorithms one would otherwise be forced to use. From yalla at fsfe.org Fri Nov 2 22:31:55 2007 From: yalla at fsfe.org (Alexander W. Janssen) Date: Fri, 2 Nov 2007 22:31:55 +0100 Subject: RSA Weak? In-Reply-To: <472B947F.3070801@sixdemonbag.org> References: <472B4A7C.3040209@denstarfarm.us> <472B7379.7060604@sixdemonbag.org> <472B8356.9030101@sven-radde.de> <472B902B.5080406@sixdemonbag.org> <472B947F.3070801@sixdemonbag.org> Message-ID: On 11/2/07, Robert J. Hansen wrote: > Alexander W. Janssen wrote: > >> Factoring prime numbers is most definitely in P. > > > > Hold on. Earlier you say "Factoring is known to be in NP". P is much > > smaller. I'm not familiar to the latest outcomes. So what do you mean? > > If you have a proof that P is much smaller than NP, a million bucks is > yours for the claiming. > > Factoring, in the general case, is in NP. I think we have a problem in nomenclature. Or, let's say, I have one. Apparently P and NP doesn't mean the same to you and me. Considering that my complexity-classes are years ago and you seem to know what you're talking about, I just assume you're right. However, that means that I have to rethink everything I think to know... Which is not a bad thing at all :) > Factoring, /specifically applied to prime numbers/, is in Context-Free. I still don't get what you mean with context-free in that context, but I'll think about it. > If I tell you that 2,147,483,647 is a prime number (the eighth Mersenne) > and ask you to factor it, you don't have to do any computation at all: > you just give the number back to me and you're done. You can skip the > entire computation step. If they're special primes, that's for sure. Proved a long time ago... > When numbers are in a special form, there often exist special purpose > algorithms that are much more efficient than the general purpose > algorithms one would otherwise be forced to use. Right. But the p and q we use in RSA shouldn't be special :) However. Since you just made me wonder about the meanings of P and NP, I'll rethink and come back later. Cheers, Alex. -- "I am tired of all this sort of thing called science here... We have spent millions in that sort of thing for the last few years, and it is time it should be stopped." -- Simon Cameron, U.S. Senator, on the Smithsonian Institution, 1901. . From rjh at sixdemonbag.org Fri Nov 2 22:13:44 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 02 Nov 2007 16:13:44 -0500 Subject: RSA Weak? In-Reply-To: <472B8356.9030101@sven-radde.de> References: <472B4A7C.3040209@denstarfarm.us> <472B7379.7060604@sixdemonbag.org> <472B8356.9030101@sven-radde.de> Message-ID: <472B9308.80602@sixdemonbag.org> Sven Radde wrote: > In fact, some mathematician has proven that factoring is a polynomial > problem, IIRC. Well, we know it's in NP, since polytime verification is possible; and there are strong arguments that it cannot be NP-HARD, because then it would exist in both NP and Co-NP, which would lead to various proofs that would collapse an awful lot of mathematics as we know it. It's been (trivially) proven factoring exists in NP and also in Co-NP. The open question is whether it is NP-HARD or Co-NP-HARD. If it's NP-HARD, then everybody is in a whole lot of trouble; a proof of NP-HARDness would nead to a proof that factoring was NP-Complete, which would mean that NP = Co-NP. I'm blanking on precisely the consequences after that, but I do recall that if NP = Co-NP then a lot of our commonsense understanding of math gets turned on its ear. I guess you could say we believe factoring is not NP-HARD because the consequences of it being so are too catastrophic to consider. :) From rjh at sixdemonbag.org Fri Nov 2 23:21:04 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 02 Nov 2007 17:21:04 -0500 Subject: RSA Weak? In-Reply-To: References: <472B4A7C.3040209@denstarfarm.us> <472B7379.7060604@sixdemonbag.org> <472B8356.9030101@sven-radde.de> <472B902B.5080406@sixdemonbag.org> <472B947F.3070801@sixdemonbag.org> Message-ID: <472BA2D0.5040800@sixdemonbag.org> Alexander W. Janssen wrote: > Apparently P and NP doesn't mean the same to you and me. P: the set of all decision problems that can be solved in polynomial time on a deterministic Turing machine. NP: the set of all decision problems that can be solved in polynomial time on a nondeterministic Turing machine. Equivalently: NP: the set of all decision problems whose answers can be verified in polynomial time on a deterministic Turing machine. We're handwaving a little bit by using phrases like P and NP to talk about finding prime factors of composites. Factorization is a function problem as opposed to a decision problem; their analogues are FP and FNP. However, the logic still holds, since polynomial-time function problems can be reduced in polytime to decision problems. >> If I tell you that 2,147,483,647 is a prime number (the eighth Mersenne) >> and ask you to factor it, you don't have to do any computation at all: >> you just give the number back to me and you're done. You can skip the >> entire computation step. > > If they're special primes, that's for sure. Proved a long time ago... Not 'if they're special primes'. /Any/ prime. Factoring any prime is a special case for factorization. You don't have to do anything: you just give the number back. From malayter at gmail.com Sat Nov 3 06:19:11 2007 From: malayter at gmail.com (Ryan Malayter) Date: Sat, 3 Nov 2007 00:19:11 -0500 Subject: New OpenPGP standard published In-Reply-To: <20071102155222.GA5428@jabberwocky.com> References: <20071102155222.GA5428@jabberwocky.com> Message-ID: <5d7f07420711022219y6b18aa61pd5c798d9ca958ef6@mail.gmail.com> On Nov 2, 2007 10:52 AM, David Shaw wrote: > The new OpenPGP standard has been published. It was assigned RFC > number 4880 (someone at the IETF has a sense of humor): Is there an FAQ or other document which highlights only the changes and improvements since 2440? The output of "diff rfc2440.txt rfc4880.txt" didn't help me, and such a document isn't prominent on the OpenPGP WG pages. Thanks, -- RPM From zvrba at globalnet.hr Sat Nov 3 07:28:06 2007 From: zvrba at globalnet.hr (Zeljko Vrba) Date: Sat, 03 Nov 2007 07:28:06 +0100 Subject: RSA Weak? In-Reply-To: <472B8356.9030101@sven-radde.de> References: <472B4A7C.3040209@denstarfarm.us> <472B7379.7060604@sixdemonbag.org> <472B8356.9030101@sven-radde.de> Message-ID: <87ejf7vo5l.fsf@globalnet.hr> Sven Radde writes: > > In fact, some mathematician has proven that factoring is a polynomial > problem, IIRC. > No, what they have proven is that *primality testing* is a polynomial problem. http://en.wikipedia.org/wiki/AKS_primality_test From nabble at zaxx.ws Sat Nov 3 20:48:17 2007 From: nabble at zaxx.ws (tharrson) Date: Sat, 3 Nov 2007 12:48:17 -0700 (PDT) Subject: GPG Mac questions Message-ID: <13542105.post@talk.nabble.com> I'm considering using GPG on Mac, but it seems a bit intimidating. Are there any easy step-by-step setup instructions anywhere? My correspondents tend to be Windows people who send me files encrypted by PGP7. Will I be able to decrypt these on Mac with GPG? -- View this message in context: http://www.nabble.com/GPG-Mac-questions-tf4735506.html#a13542105 Sent from the GnuPG - User mailing list archive at Nabble.com. From shavital at mac.com Sat Nov 3 21:07:57 2007 From: shavital at mac.com (Charly Avital) Date: Sat, 03 Nov 2007 16:07:57 -0400 Subject: GPG Mac questions In-Reply-To: <13542105.post@talk.nabble.com> References: <13542105.post@talk.nabble.com> Message-ID: <472CD51D.40605@mac.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 tharrson wrote: > I'm considering using GPG on Mac, but it seems a bit intimidating. Are there > any easy step-by-step setup instructions anywhere? > My correspondents tend to be Windows people who send me files encrypted by > PGP7. Will I be able to decrypt these on Mac with GPG? Hi, Please visit where you will find information, HOWTOs, and links. This is *not* a RTFM answer, just a recommendation so that you get yourself acquainted with MacGPG. Afterwards, I shall be glad to try and help, and suggest that you subscribe to the macgpg-users list , that is specific to Mac Users. This does not mean that you wouldn't get feedback on this list (gnupg-users), but it would be more convenient that you address your queries to a Mac Forum. Welcome! Charly -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRyzVF83GMi2FW4PvAQi78wgAo/PU4xj2yVR1vDOPFuqJ4OxtR0JxsHe8 TfOxqqwCOYEcCFBCEhS6v/Kq+PXbjJtbnVePgEJBkBcFhwzzSGgoZmwtk6d8klx7 VAOx41bjqIwTf80ITgAZxF4RWthxciZuztUmzfwTvCLbSo4pxYk0K9CzNyw8geT5 A4i+FtRJ5zAyE+mkqDveIQuHIbASnB0zkVnCtOA3LRoO/Lm0NzxsrhT4ISF9kx3p gbnKzgBOmIIxffpiBeNHDvg3urSTR+TQIPW6atAjcg1dMpBXsr6jN0fTkSfrFNZX qOV/bUrUwro2oH8SPHPD1KESCYieVed5JSgBeKIEsGzO+yKBeZ72/Q== =I109 -----END PGP SIGNATURE----- From wk at gnupg.org Sun Nov 4 14:44:03 2007 From: wk at gnupg.org (Werner Koch) Date: Sun, 04 Nov 2007 14:44:03 +0100 Subject: New OpenPGP standard published In-Reply-To: <5d7f07420711022219y6b18aa61pd5c798d9ca958ef6@mail.gmail.com> (Ryan Malayter's message of "Sat, 3 Nov 2007 00:19:11 -0500") References: <20071102155222.GA5428@jabberwocky.com> <5d7f07420711022219y6b18aa61pd5c798d9ca958ef6@mail.gmail.com> Message-ID: <871wb6t9b0.fsf@wheatstone.g10code.de> On Sat, 3 Nov 2007 06:19, malayter at gmail.com said: > Is there an FAQ or other document which highlights only the changes > and improvements since 2440? The output of "diff rfc2440.txt > rfc4880.txt" didn't help me, and such a document isn't prominent on > the OpenPGP WG pages. Not that I know. There are many editoral changes so that even a diff between the source form of the RFC is not meaningful. We had 22 drafts in the last 9 years. I remember these new features: * MDC packets (your are using them for a long time). * A new format to protect secret keys. * Backsigs * New algorithms (AES, DSA-2, SHA-256 et al.) but there are more. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From karadenizi at earthlink.net Sun Nov 4 14:52:31 2007 From: karadenizi at earthlink.net (Kara) Date: Sun, 04 Nov 2007 08:52:31 -0500 Subject: Meaning of "sig! N" self-signature Message-ID: <472DCE9F.3080509@earthlink.net> ==== I've received a key with two userIDs (identify and keyIDs changed): uid Dummy Name sig! N 12345678 2007-10-29 [self-signature] uid Dummy Name sig! 123456789 2007-10-19 [self-signature] ==== Question 1: In the first userID's self-signature what does the "N" indicate? Question 2: And how would one generate such a self-signature. Timestamp: Sun 04 Nov 07, 0852 Local (UTC -0500) ==== From dshaw at jabberwocky.com Sun Nov 4 16:05:47 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Sun, 4 Nov 2007 10:05:47 -0500 Subject: Meaning of "sig! N" self-signature In-Reply-To: <472DCE9F.3080509@earthlink.net> References: <472DCE9F.3080509@earthlink.net> Message-ID: <20071104150547.GA2975@jabberwocky.com> On Sun, Nov 04, 2007 at 08:52:31AM -0500, Kara wrote: > ==== > > I've received a key with two userIDs (identify and keyIDs changed): > > uid Dummy Name > sig! N 12345678 2007-10-29 [self-signature] > > uid Dummy Name > sig! 123456789 2007-10-19 [self-signature] > > ==== > > Question 1: In the first userID's self-signature what does > the "N" indicate? There is a notation on the signature. A notation allows the issuer of the signature to add special instructions or general information to be seen by whoever verifies the signature. > Question 2: And how would one generate such a self-signature. gpg --cert-notation "foo=bar" This sets a notation named "foo" that contains the contents "bar". David From rjh at sixdemonbag.org Sun Nov 4 17:15:23 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 04 Nov 2007 10:15:23 -0600 Subject: New OpenPGP standard published In-Reply-To: <871wb6t9b0.fsf@wheatstone.g10code.de> References: <20071102155222.GA5428@jabberwocky.com> <5d7f07420711022219y6b18aa61pd5c798d9ca958ef6@mail.gmail.com> <871wb6t9b0.fsf@wheatstone.g10code.de> Message-ID: <472DF01B.4060103@sixdemonbag.org> Werner Koch wrote: > Not that I know. There are many editoral changes so that even a diff > between the source form of the RFC is not meaningful. We had 22 drafts > in the last 9 years. Follow-up question: Has anyone ever come up with an EBNF for the format of an OpenPGP message? From email at sven-radde.de Sun Nov 4 17:31:51 2007 From: email at sven-radde.de (Sven Radde) Date: Sun, 04 Nov 2007 17:31:51 +0100 Subject: Meaning of "sig! N" self-signature In-Reply-To: <20071104150547.GA2975@jabberwocky.com> References: <472DCE9F.3080509@earthlink.net> <20071104150547.GA2975@jabberwocky.com> Message-ID: <472DF3F7.2050604@sven-radde.de> Hi! David Shaw schrieb: > A notation allows the issuer of > the signature to add special instructions or general information to be > seen by whoever verifies the signature. Are there any conventions/suggestions for these notations? I mean, something like "signer-key-url=http://..." or the like? Or is it fully arbitrary? cu, Sven From dshaw at jabberwocky.com Sun Nov 4 17:53:33 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Sun, 4 Nov 2007 11:53:33 -0500 Subject: Meaning of "sig! N" self-signature In-Reply-To: <472DF3F7.2050604@sven-radde.de> References: <472DCE9F.3080509@earthlink.net> <20071104150547.GA2975@jabberwocky.com> <472DF3F7.2050604@sven-radde.de> Message-ID: <20071104165333.GA3346@jabberwocky.com> On Sun, Nov 04, 2007 at 05:31:51PM +0100, Sven Radde wrote: > Hi! > > David Shaw schrieb: > > A notation allows the issuer of > > the signature to add special instructions or general information to be > > seen by whoever verifies the signature. > > Are there any conventions/suggestions for these notations? I mean, > something like "signer-key-url=http://..." or the like? Or is it fully > arbitrary? The rule, according to RFC-4880 is that the notation name is in the form of an email address: your-notation-name at your-domain.example.com or the like. This prevents collisions among different people (since their domain is in the notation name). There is a process in which a given notation can be made an internet standard, and thus not need the '@' sign, but there are no such standard notations yet. David From pg at futureware.at Mon Nov 5 12:00:50 2007 From: pg at futureware.at (Philipp =?iso-8859-1?q?G=FChring?=) Date: Mon, 5 Nov 2007 12:00:50 +0100 Subject: UID management Message-ID: <200711051200.51516.pg@futureware.at> Hi, I am missing the GPGME manual on the website: http://www.gnupg.org/(en)/documentation/manuals.html Does GPGME have UID management functionality? I would need deluid to delete UIDs from keys, and I can?t find it in the documentation. When I do gpg --with-colons $file then I get a list of UIDs in that file. When I do a fresh gpg --import $file and then a gpg --edit-key $uid then I also get a list of those UIDs. But that list is ordered differently. Why is it ordered differently? How are both lists ordered? Best regards, Philipp G?hring From wk at gnupg.org Mon Nov 5 12:24:41 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 05 Nov 2007 12:24:41 +0100 Subject: UID management In-Reply-To: <200711051200.51516.pg@futureware.at> ("Philipp =?utf-8?Q?G?= =?utf-8?Q?=C3=BChring=22's?= message of "Mon, 5 Nov 2007 12:00:50 +0100") References: <200711051200.51516.pg@futureware.at> Message-ID: <87r6j5orye.fsf@wheatstone.g10code.de> On Mon, 5 Nov 2007 12:00, pg at futureware.at said: > Does GPGME have UID management functionality? You need to use the edit feature and implement most things yourself. See GPA for an implementarions of this. > Why is it ordered differently? This is an implementation detail. > How are both lists ordered? The order is not specified. OpenPGP does not define any order of UIDs. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From rc647bob at aim.com Mon Nov 5 16:55:21 2007 From: rc647bob at aim.com (rc647bob at aim.com) Date: Mon, 05 Nov 2007 10:55:21 -0500 Subject: Fwd: decrypt In-Reply-To: <8C9E58B5F1CD518-FE8-63CA@WEBMAIL-MA14.sysops.aol.com> References: <8C9E58B5F1CD518-FE8-63CA@WEBMAIL-MA14.sysops.aol.com> Message-ID: <8C9EDDB67A599FD-CE4-3E46@WEBMAIL-DF06.sysops.aol.com> Returns mytest-1.cpp with no contents.? Am I using the correct key? gpg --decrypt --recipient "abcba" mytest-1.cpp.gpg > mytest-1.cpp gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information You need a passphrase to unlock the secret key for user: "abcba" gpg: encrypted with 2048-bit ELG-E key, ID 1A191739, created 2007-05-27 ????? "abcba" bob. ________________________________________________________________________ Check Out the new free AIM(R) Mail -- Unlimited storage and industry-leading spam and email virus protection. From wk at gnupg.org Mon Nov 5 18:03:31 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 05 Nov 2007 18:03:31 +0100 Subject: Fwd: decrypt In-Reply-To: <8C9EDDB67A599FD-CE4-3E46@WEBMAIL-DF06.sysops.aol.com> (rc647bob@aim.com's message of "Mon, 05 Nov 2007 10:55:21 -0500") References: <8C9E58B5F1CD518-FE8-63CA@WEBMAIL-MA14.sysops.aol.com> <8C9EDDB67A599FD-CE4-3E46@WEBMAIL-DF06.sysops.aol.com> Message-ID: <87fxzkmxp8.fsf@wheatstone.g10code.de> On Mon, 5 Nov 2007 16:55, rc647bob at aim.com said: > gpg --decrypt --recipient "abcba" mytest-1.cpp.gpg > mytest-1.cpp gpg --decrypt --recipient "abcba" --output - mytest-1.cpp.gpg > mytest-1.cpp Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From pg at futureware.at Mon Nov 5 18:18:33 2007 From: pg at futureware.at (Philipp =?iso-8859-1?q?G=FChring?=) Date: Mon, 5 Nov 2007 18:18:33 +0100 Subject: UID management In-Reply-To: <87r6j5orye.fsf@wheatstone.g10code.de> References: <200711051200.51516.pg@futureware.at> <87r6j5orye.fsf@wheatstone.g10code.de> Message-ID: <200711051818.34841.pg@futureware.at> Hi, Thanks for your answer! Ok, I need the following: 1. I need a tool that lists me all the UIDs in a key. 2. Then I select the UIDs I need, and the UIDs I do not need 3. Then I need a tool that removes all selected unneeded UIDs from the key, and returns me the stripped key. Until now I tried the do the first step with gpg --with-colons and the third step with gpg --edit-key by automating gpg. But due to the ordering problem, this doesn?t work. > > Does GPGME have UID management functionality? > > You need to use the edit feature and implement most things yourself. > See GPA for an implementarions of this. How likely will it be that such an implementation will break with the next version? It doesn?t sounds like a stable, robust and secure way to me. > > Why is it ordered differently? > > This is an implementation detail. You mean an implementation bug? Or is there some structural problem that doesnt allow for a robust ordering? Are you sorting the UIDs while importing them for faster lookup? Aren?t you just copying the public key into the keyring directly? Why isn?t it order just in the same way it is written in the file? Why is it reordered at all? Why isn?t the ordering configurable? > > How are both lists ordered? > > The order is not specified. How can I specify it then? > OpenPGP does not define any order of UIDs. Is that an issue that should be solved in the OpenPGP standard? Can you write a proposal that would suit it? Ok, which solution can you suggest? Best regards, Philipp G?hring From frank at ezprintsolutions.com Thu Nov 1 14:20:04 2007 From: frank at ezprintsolutions.com (jramro) Date: Thu, 1 Nov 2007 06:20:04 -0700 (PDT) Subject: GNuPG Newb In-Reply-To: <4729BC6D.5000803@sven-radde.de> References: <13510878.post@talk.nabble.com> <4729BC6D.5000803@sven-radde.de> Message-ID: <13528567.post@talk.nabble.com> The server/host I'm on already has a user/bin with the .gnupg I've never used it before so i dont know how to test it. The control panel only allows you to see the key pair that was generated, nothing more. there's no access to control safe modes, etc . Is there a simple script to test this just to send a basic test email I've tried a few gpg scripts so far, but the mail they send is blank . it goes through to my email, but no text , nothing. All of the websites I've researched only talk about the basics or the logic and key pairs, generating keys, or setting up gnupg on your own machine. Is there any comprehensive tutorial or scripts on how to make the gnupg intercept the mail in the in/out pipe, as you say? If i alreayd have gnupg on the server /host, would i need to even have something like Anubis on my machine? Sven Radde-3 wrote: > > Hi! > > jramro schrieb: >> I'm trying to send a php mail form and not able to get it to encrypt or >> do >> much of anything. > > First of all, make sure that you have access to the gpg executable from > your php script and that safe mode and similar restrictions do not cause > problems. > Make also sure that the necessary keys are imported, set to trustworthy > on the machine you are running GnuPG and the like. > >> I was a bit confused because i heard that PGP can intercept a mail form >> through SMTP and encrypt it , but that GnuPG can not? > > What is confusing about the fact that different softwares can have a > different set of features? > It should however be reasonably easy to write a wrapper around GnuPG > that works as an SMTP proxy if this is really necessary. Maybe someone > can point you to an existing solution, I would be surprised if there > wasn't one already. > A quick look at > turned up Anubis but I have no > idea about the quality of that project (last update 2004 - either it's > very stable or very abandoned or both). > >> Do i have to first output my mail form into a temp folder as a .txt >> file, >> and then encrypt the .txt file? > > You could do that, but gpg can also be used to handle piped standard > in-/output. I think, this would be the preferred way. > > The command line would be roughly like: > gpg --armor --recipient KEYID --encrypt > --> write text to GnuPG stdin, terminate with EOF > <-- read "PGP MESSAGE" from GnuPG stdout > > You can easily try this in the console. > >> When reaching last page, the mail form is assembled and populated and >> sent. > > So, at this point, before passing the assembled mail body string to the > PHP mail()-function, you could just pipe it through a call to gpg. > > HTH, Sven > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > -- View this message in context: http://www.nabble.com/GNuPG-Newb-tf4725529.html#a13528567 Sent from the GnuPG - User mailing list archive at Nabble.com. From nabble at zaxx.ws Fri Nov 2 05:30:54 2007 From: nabble at zaxx.ws (tharrson) Date: Thu, 1 Nov 2007 21:30:54 -0700 (PDT) Subject: GPG Mac questions Message-ID: <13542105.post@talk.nabble.com> I'm considering using GPG on Mac, but it seems a bit intimidating. Are there any easy step-by-step setup instructions anywhere? My correspondents tend to be Windows people who send me files encrypted by PGP7. Will I be able to decrypt these on Mac with GPG? -- View this message in context: http://www.nabble.com/GPG-Mac-questions-tf4735506.html#a13542105 Sent from the GnuPG - User mailing list archive at Nabble.com. From sven at radde.name Fri Nov 2 16:58:44 2007 From: sven at radde.name (Sven Radde) Date: Fri, 02 Nov 2007 16:58:44 +0100 Subject: key-restoration problem // secret sharing In-Reply-To: <20071102134048.06B6ADA824@mailserver7.hushmail.com> References: <20071102134048.06B6ADA824@mailserver7.hushmail.com> Message-ID: <472B4934.7060105@radde.name> vedaal at hush.com schrieb: > > is there a section of the ascii-armored secret key block, > > that by itself, is enough to reconstruct the secret key, > > > Based on the knowledge that paperkey exists, I would believe so. Somewhere on your key will be the, e.g., 2048 bits that make it 'interesting'. It is reasonable to assume that they are in an contiguous block and not scattered over the keyfile (given that GnuPG uses a packet-structure for all its data). > > and if so, > > how can it be determined which part of the keyblock it is, > > in order to make sure that that section is 'split' for sharing ? > I assume that splitting the ASCII-armor column-wise instead of line-wise might be a good approximation ;-) cu, Sven PS: Vedaal, a mail sent to you off-list was apparently returned as undeliverable. From alexander.janssen at gmail.com Fri Nov 2 18:52:03 2007 From: alexander.janssen at gmail.com (Alexander W. Janssen) Date: Fri, 2 Nov 2007 18:52:03 +0100 Subject: New OpenPGP standard published In-Reply-To: <87abpwva5w.fsf@wheatstone.g10code.de> References: <20071102155222.GA5428@jabberwocky.com> <87abpwva5w.fsf@wheatstone.g10code.de> Message-ID: On 11/2/07, Werner Koch wrote: > I am going to celebrate that now with some pints of F?chschen at the > Cafe Modigliani[1]. Feel free to join. Why didn't you say that like an hour ago? Now I'm stuck with my wife, cleaning the house... :-) > Salam-Shalom, Next time... Cheers! > Werner Alex. > Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. You're with us on Tuesday? http://tinyurl.com/2a3wga -- "I am tired of all this sort of thing called science here... We have spent millions in that sort of thing for the last few years, and it is time it should be stopped." -- Simon Cameron, U.S. Senator, on the Smithsonian Institution, 1901. . From 210525p42015 at denstarfarm.us Tue Nov 6 01:05:37 2007 From: 210525p42015 at denstarfarm.us (Robert D.) Date: Mon, 05 Nov 2007 19:05:37 -0500 Subject: Gen Key command done correctly Message-ID: <472FAFD1.9030605@denstarfarm.us> I tried to generate a key using commands in "Terminal" on my OS/X. This is actually a learning experience for me done on purpose. When I used gen-key, I got one, but at the end was told that I'd need to generate a sub-key that I could use to actually encrypt. \ \ So,, what I am asking in where I went wrong? I used the gpg --gen-key to generate a non-expiring 4096 RSA key; gave a name and email address. What would be the complete process done via the CLI ?? thanks From rjh at sixdemonbag.org Tue Nov 6 02:12:23 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 05 Nov 2007 19:12:23 -0600 Subject: Gen Key command done correctly In-Reply-To: <472FAFD1.9030605@denstarfarm.us> References: <472FAFD1.9030605@denstarfarm.us> Message-ID: <472FBF77.9040508@sixdemonbag.org> Robert D. wrote: > When I used gen-key, I got one, but at the end was told that I'd need to > generate a sub-key that I could use to actually encrypt. GnuPG uses "key pair" in two distinct senses. One of them means a public/private pair; and the other means two sets of public/private keys, one set used for encryption and one set used for signing. To disambiguate, I'll refer to the latter as a key set, and a public/private combination as a key pair. By default, GnuPG only creates key sets for DSA/Elgamal keys. It creates a DSA key pair for signing and an Elgamal key pair for encryption. For RSA keys, GnuPG only creates a single key pair--a signing pair. gpg --edit-key addkey 6 ... and so on, and so on, and you'll have an encryption key pair added to your signing key pair, making it a completely usable key set. From ladislav.hagara at unob.cz Tue Nov 6 02:08:46 2007 From: ladislav.hagara at unob.cz (Ladislav Hagara) Date: Tue, 06 Nov 2007 02:08:46 +0100 Subject: Gen Key command done correctly In-Reply-To: <472FAFD1.9030605@denstarfarm.us> References: <472FAFD1.9030605@denstarfarm.us> Message-ID: <472FBE9E.7020900@unob.cz> > When I used gen-key, I got one, but at the end was told that I'd need to > generate a sub-key that I could use to actually encrypt. > \ > \ > > So,, what I am asking in where I went wrong? > > I used the gpg --gen-key to generate a non-expiring 4096 RSA key; gave a > name and email address. If you chose the default option ((1) DSA and Elgamal (default)) you would have both sign and decrypt keys now. You chose ((5) RSA (sign only)) so you have sign key only. You must run "gpg --edit-key" and then "addkey" command and choose key for encryption ((6) RSA (encrypt only)). -- Ladislav Hagara From 210525p42015 at denstarfarm.us Tue Nov 6 04:26:41 2007 From: 210525p42015 at denstarfarm.us (Robert D.) Date: Mon, 05 Nov 2007 22:26:41 -0500 Subject: Gen Key command done correctly In-Reply-To: <472FBE9E.7020900@unob.cz> References: <472FAFD1.9030605@denstarfarm.us> <472FBE9E.7020900@unob.cz> Message-ID: <472FDEF1.6020104@denstarfarm.us> whoops, I goofed the reply and reply-to-all buttons Ladislav Hagara said the following: . > You must run "gpg --edit-key" and then ... Next question ... Sub-key generated. Do I still encrypt to the original public key? And thus, is the sub-key used automatically? .. I ask because it's not intuitively obvious to me how I tell gpg to select that sub-key since Thunderbird already uses the key generated originally to the email address. From dshaw at jabberwocky.com Tue Nov 6 05:27:36 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 5 Nov 2007 23:27:36 -0500 Subject: UID management In-Reply-To: <200711051818.34841.pg@futureware.at> References: <200711051200.51516.pg@futureware.at> <87r6j5orye.fsf@wheatstone.g10code.de> <200711051818.34841.pg@futureware.at> Message-ID: <20071106042736.GA12890@jabberwocky.com> On Mon, Nov 05, 2007 at 06:18:33PM +0100, Philipp G?hring wrote: > Hi, > > Thanks for your answer! > > Ok, I need the following: > 1. I need a tool that lists me all the UIDs in a key. > 2. Then I select the UIDs I need, and the UIDs I do not need > 3. Then I need a tool that removes all selected unneeded UIDs from the key, > and returns me the stripped key. > > Until now I tried the do the first step with gpg --with-colons and the third > step with gpg --edit-key by automating gpg. > But due to the ordering problem, this doesn?t work. The ordering does not matter. GPG supports selecting a user ID by hash: gpg --with-colons --list-keys (whatever) .... uid:-::::2006-08-02::A8DCEA454269C4701E724839B04AEDD404BC21EB::Foo Bar : ^^^^^^^^^^^^^^^^^^^^^^^^^^ this is the hash value gpg --edit-key (whatever) uid A8DCEA454269C4701E724839B04AEDD404BC21EB deluid save David From pelliott at io.com Tue Nov 6 04:33:52 2007 From: pelliott at io.com (Paul Elliott) Date: Mon, 5 Nov 2007 21:33:52 -0600 Subject: converting between detached undetached signatures? Message-ID: <20071106033352.GA12527@io.com> Another user has created a digital signature. I do not have the secret key. I want to convert it's form. There are two possiblities: 1) It is a detached signature, I want to convert it to a regular undetached signature. (I have the file that was signed.) 2) It is a regular not detached signature and I want to convert it to a detached signature. Can this be done with some obscure gpg command? If no, perhaps someone has written a utility that can do this work? Thank You -- Paul Elliott 1(512)837-1096 pelliott at io.com PMB 181, 11900 Metric Blvd Suite J http://www.io.com/~pelliott/pme/ Austin TX 78758-3117 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20071105/c00a2572/attachment.pgp From dshaw at jabberwocky.com Tue Nov 6 06:29:54 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 6 Nov 2007 00:29:54 -0500 Subject: converting between detached undetached signatures? In-Reply-To: <20071106033352.GA12527@io.com> References: <20071106033352.GA12527@io.com> Message-ID: <20071106052954.GB12890@jabberwocky.com> On Mon, Nov 05, 2007 at 09:33:52PM -0600, Paul Elliott wrote: > > Another user has created a digital signature. I do not have > the secret key. I want to convert it's form. There are two > possiblities: > > 1) It is a detached signature, I want to convert it to > a regular undetached signature. (I have the file that > was signed.) gpg -z0 --store the-original-file cat the-detached-sig.sig the-original-file.gpg > my-new-joined-file.gpg Note that if the signature is a text-mode signature, you need to add --textmode to the --store command. > 2) It is a regular not detached signature and > I want to convert it to a detached signature. Use gpgsplit to break the file up into packets. Note that you might need to use 'gpgsplit --uncompress' if the original file was compressed, and then run gpgsplit again on the uncompressed file. Find the file that ends in ".sig". That's the detached signature. There are a few very obscure cases where you can't do these two tricks. If you have a textmode signature, and the original document has whitespace at the end of the line, and your other user is using PGP (not GPG) then you might have a problem. Incidentally, this is one of the things that RFC-4880 resolved. David From wk at gnupg.org Tue Nov 6 11:09:51 2007 From: wk at gnupg.org (Werner Koch) Date: Tue, 06 Nov 2007 11:09:51 +0100 Subject: UID management In-Reply-To: <200711051818.34841.pg@futureware.at> ("Philipp =?utf-8?Q?G?= =?utf-8?Q?=C3=BChring=22's?= message of "Mon, 5 Nov 2007 18:18:33 +0100") References: <200711051200.51516.pg@futureware.at> <87r6j5orye.fsf@wheatstone.g10code.de> <200711051818.34841.pg@futureware.at> Message-ID: <87zlxrlm6o.fsf@wheatstone.g10code.de> On Mon, 5 Nov 2007 18:18, pg at futureware.at said: >> See GPA for an implementarions of this. > > How likely will it be that such an implementation will break with the next > version? It doesn?t sounds like a stable, robust and secure way to me. It won't break as long as you follow the main guideline to send a LF (i.e. no value) on unknown prompts. > You mean an implementation bug? Or is there some structural problem that It means that it is not speicified and that the ordering may change at any time. As David explained, you should either use the UID hash to select a UID or use --edit-key --with-colons and compute the number of the uid by counting the "uid:" lines. > doesnt allow for a robust ordering? Are you sorting the UIDs while importing > them for faster lookup? Aren?t you just copying the public key into the > keyring directly? > Why isn?t it order just in the same way it is written in the file? Why is it > reordered at all? Why isn?t the ordering configurable? Because the order has no semantic meaning. > How can I specify it then? man 1 sort >> OpenPGP does not define any order of UIDs. > > Is that an issue that should be solved in the OpenPGP standard? Can you write > a proposal that would suit it? No. No. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wk at gnupg.org Tue Nov 6 12:05:52 2007 From: wk at gnupg.org (Werner Koch) Date: Tue, 06 Nov 2007 12:05:52 +0100 Subject: New OpenPGP standard published In-Reply-To: (Alexander W. Janssen's message of "Fri, 2 Nov 2007 18:52:03 +0100") References: <20071102155222.GA5428@jabberwocky.com> <87abpwva5w.fsf@wheatstone.g10code.de> Message-ID: <87prynk50v.fsf@wheatstone.g10code.de> On Fri, 2 Nov 2007 18:52, alexander.janssen at gmail.com said: > You're with us on Tuesday? http://tinyurl.com/2a3wga Sure. [1] BTW, I do not like this centralized URL surveilance system to go to https://wiki.vorratsdatenspeicherung.de/Endspurt/Duesseldorf. Shalom-Salam, Werner [1] Germany is about to legalize and enforce traffic analysis of all modern communication by requiring to save _all_ connection data and the location of mobile phones for 6 months. Obviously nicknamed Stasi-2.0. -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From jvc214 at yahoo.com Tue Nov 6 16:29:16 2007 From: jvc214 at yahoo.com (Jim Cook) Date: Tue, 6 Nov 2007 07:29:16 -0800 (PST) Subject: PGP encryption: block or stream cipher? Message-ID: <993548.23556.qm@web51009.mail.re2.yahoo.com> Does anyone know which type of cipher is used? Thanks, Jim From rjh at sixdemonbag.org Tue Nov 6 18:49:40 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 06 Nov 2007 17:49:40 +0000 Subject: PGP encryption: block or stream cipher? In-Reply-To: <993548.23556.qm@web51009.mail.re2.yahoo.com> References: <993548.23556.qm@web51009.mail.re2.yahoo.com> Message-ID: <4730A934.3000509@sixdemonbag.org> Jim Cook wrote: > Does anyone know which type of cipher is used? No. Well, block ciphers, but beyond that nobody can tell you very much. GnuPG supports a large number of block ciphers--probably too many. Which cipher is used for a particular message depends on both your preferences and your recipient's preferences. GnuPG does a variant of the stable-marriage problem to find a cipher that's mutually agreeable to both you and your recipient. So no, without knowing what your and your recipient's preferences are, we really can't say which block ciphers are used. To see which ciphers your version of GnuPG supports, enter: gpg --version From dirk.traulsen at lypso.de Tue Nov 6 18:42:33 2007 From: dirk.traulsen at lypso.de (Dirk Traulsen) Date: Tue, 06 Nov 2007 18:42:33 +0100 Subject: New OpenPGP standard published In-Reply-To: <20071102155222.GA5428@jabberwocky.com> References: <20071102155222.GA5428@jabberwocky.com> Message-ID: <4730B599.1132.4A11B54@dirk.traulsen.lypso.de> Am 2 Nov 2007 um 11:52 hat David Shaw geschrieben: > The new OpenPGP standard has been published. Congratulations for the new RFC! But, since 2004, I report regularly at least once a year that the example for the Radix-64-Encoding in '6.5. Examples of Radix-64' on page 59 in the rfc is wrong. With David Shaw on the board, I thought, it might be different, so I tried again and really... Am 13 Jun 2006 um 17:12 hat David Shaw geschrieben: > I've spoken to the other folks and this will be fixed in the > last-call for the RFC. Now after all these versions there is a brand new rfc4880, but surprise, surprise, in this example embarrassingly 7 is still 0b1111, which leads to 0b100111, which is decimal not the correct 37, but 39. The same old error since at least NINE years in an example how to use the standard. Well, this gets really, really frustrating! This is such a blatant error, which really cannot be disputed. If even such a simple error is never corrected, how would it be if I as no committee member really wanted to comment on something important in OpenPGP itself? A totally pointless effort, I'm sure. Dirk From email at sven-radde.de Tue Nov 6 21:20:31 2007 From: email at sven-radde.de (Sven Radde) Date: Tue, 06 Nov 2007 21:20:31 +0100 Subject: PGP encryption: block or stream cipher? Message-ID: <4730CC8F.8010103@sven-radde.de> Hi! Jim Cook schrieb: > Does anyone know which type of cipher is used? GnuPG uses a number of block ciphers in a variant of CFB mode. See RFC 4880, section 13.9 for more details on the mode of operation. btw, can someone explain to me what the design rationale for that "variant" is? I did not find an explanation in the RFC as to *why* the design choices were made in that particular way. cu, Sven From dshaw at jabberwocky.com Tue Nov 6 22:23:50 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 6 Nov 2007 16:23:50 -0500 Subject: New OpenPGP standard published In-Reply-To: <4730B599.1132.4A11B54@dirk.traulsen.lypso.de> References: <20071102155222.GA5428@jabberwocky.com> <4730B599.1132.4A11B54@dirk.traulsen.lypso.de> Message-ID: <20071106212350.GA20471@jabberwocky.com> On Tue, Nov 06, 2007 at 06:42:33PM +0100, Dirk Traulsen wrote: > Am 2 Nov 2007 um 11:52 hat David Shaw geschrieben: > > The new OpenPGP standard has been published. > > Congratulations for the new RFC! > > But, since 2004, I report regularly at least once a year that the > example for the Radix-64-Encoding in '6.5. Examples of Radix-64' on > page 59 in the rfc is wrong. > > With David Shaw on the board, I thought, it might be different, so I > tried again and really... > > Am 13 Jun 2006 um 17:12 hat David Shaw geschrieben: > > I've spoken to the other folks and this will be fixed in the > > last-call for the RFC. > > Now after all these versions there is a brand new rfc4880, but > surprise, surprise, in this example embarrassingly 7 is still 0b1111, > which leads to 0b100111, which is decimal not the correct 37, but 39. > The same old error since at least NINE years in an example how to use > the standard. Drat. I did submit this, but it seems to have been accidentally left out when the document was published. I'll file it as an errata. Sorry about all that. David From ladislav.hagara at unob.cz Tue Nov 6 23:39:41 2007 From: ladislav.hagara at unob.cz (Ladislav Hagara) Date: Tue, 06 Nov 2007 23:39:41 +0100 Subject: Gen Key command done correctly In-Reply-To: <472FDEF1.6020104@denstarfarm.us> References: <472FAFD1.9030605@denstarfarm.us> <472FBE9E.7020900@unob.cz> <472FDEF1.6020104@denstarfarm.us> Message-ID: <4730ED2D.807@unob.cz> >> You must run "gpg --edit-key" and then ... >> > > Next question ... > > Sub-key generated. > > Do I still encrypt to the original public key? Nobody can encrypts files for you if your public key doesn't contain encrypt subkey. > And thus, is the sub-key > used automatically? .. I ask because it's not intuitively obvious to me > how I tell gpg to select that sub-key since Thunderbird already uses the > key generated originally to the email address. The subkey will be used automatically. You just have to export your public key again and your partners have to import it (only this subkey will be really imported). Without encrypting subkey the Thunderbird (Enigmail) will abe able only check your signature but nobody will be able to encrypt email for you. -- Ladislav Hagara From dshaw at jabberwocky.com Tue Nov 6 23:43:11 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 6 Nov 2007 17:43:11 -0500 Subject: PGP encryption: block or stream cipher? In-Reply-To: <4730CC8F.8010103@sven-radde.de> References: <4730CC8F.8010103@sven-radde.de> Message-ID: <20071106224311.GC20471@jabberwocky.com> On Tue, Nov 06, 2007 at 09:20:31PM +0100, Sven Radde wrote: > Hi! > > Jim Cook schrieb: > > Does anyone know which type of cipher is used? > > GnuPG uses a number of block ciphers in a variant of CFB mode. > See RFC 4880, section 13.9 for more details on the mode of operation. > > btw, can someone explain to me what the design rationale for that > "variant" is? I did not find an explanation in the RFC as to *why* the > design choices were made in that particular way. Short answer, it's historical. There has just never been a strong reason to change it. David From 210525p42015 at denstarfarm.us Wed Nov 7 03:48:32 2007 From: 210525p42015 at denstarfarm.us (Robert D.) Date: Tue, 06 Nov 2007 21:48:32 -0500 Subject: removing a misplaced comment in UID Message-ID: <47312780.2010305@denstarfarm.us> I am sure I goofed. I am unsure how to correct it now that I sent my keys to the servers. When I made the revised keys, I put in /name/ and /comment/ and /email addy/ the *comment* part, I should have ignored. However I was thinking of the line seen often under "Version" a /note/ or /comment/ but I put the line in that UID comment field. Now I have this huge UID with /my name/ && "keys at so-and-so" && emailATemail can I remove the comment? thanks for the help (again) From dshaw at jabberwocky.com Wed Nov 7 04:23:40 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 6 Nov 2007 22:23:40 -0500 Subject: removing a misplaced comment in UID In-Reply-To: <47312780.2010305@denstarfarm.us> References: <47312780.2010305@denstarfarm.us> Message-ID: <20071107032340.GA21324@jabberwocky.com> On Tue, Nov 06, 2007 at 09:48:32PM -0500, Robert D. wrote: > I am sure I goofed. I am unsure how to correct it now that I sent my > keys to the servers. > > When I made the revised keys, I put in /name/ and /comment/ and /email addy/ > > the *comment* part, I should have ignored. However I was thinking of the > line seen often under "Version" a /note/ or /comment/ but I put the line > in that UID comment field. Now I have this huge UID with /my name/ && > "keys at so-and-so" && emailATemail > > can I remove the comment? Now that the key has been sent to the servers, no, you can't remove it. What you can do is revoke that user ID and make a new one that looks the way you want. This doesn't remove the old user ID, but does hide it so it is not seen in most cases. David From shavital at mac.com Wed Nov 7 17:01:00 2007 From: shavital at mac.com (Charly Avital) Date: Wed, 07 Nov 2007 11:01:00 -0500 Subject: Image viewer in gpg.conf Message-ID: <4731E13C.8070707@mac.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, This is my first post to the Ubuntu list, and I am very new user of Ubuntu 7.10. I am Mac user since 1993, and a GnuPG user for at least 5 years. My system: Running Ubuntu 7.10 under Parallels for Mac 3.0 build 5160. MacOS X 10.5 (code name Leopard) Macbook Intel Core 2 Duo 2 GHz (i386), 2GB-RAM. GnuPG 1.4.7 and gpg2 2.0.7 I have installed: $ xloadimage -version Xloadimage version 4.1 by Jim Frost. Built on Linux terranova 2.6.12 #1 SMP Tue Aug 9 18:56:34 UTC 2005 i686 GNU/Linux I have enabled, in ~/.gnupg/gpg.conf: verify-options show-photos photo-viewer xloadimage When verifying messages that have been signed with a key that contains the owner's photo jpeg file, the picture is not shown. Thanks in advance for your feedback. Charly -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRzHhOM3GMi2FW4PvAQjo7gf+IpDH8BBF7wsrm5esU/bypoZURauZbJ60 HhEhVoQMiTvQaMslHqV1iwh/JN3fbpN8lh/dHbayao0oyQL+HL+j//zlaNPhD2g4 V7iNZPifhNoBNj57b/QRBAOieOx9up7gvRkw/pI6xwdzNr6c+kwKKImOJWv3n5Pl 4GZRAGCFoWWGuwOYo7J9hy+ZI1rIzG8DORPjQooF28vVX11P7/XSkcGNF9VVKBeT kGr/mMQ12cWkRdhOhbc+aO3DEOK9AjLCUsYsMfQaqfABSnSjeW7oYQ6AdacXnRdh 2bJnaTHMHnZM7k5NAvFbBF3M8+8aQPTsAkDiTYUTnUVx4iDANnHWNw== =/O4C -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Wed Nov 7 17:27:13 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 7 Nov 2007 11:27:13 -0500 Subject: Image viewer in gpg.conf In-Reply-To: <4731E13C.8070707@mac.com> References: <4731E13C.8070707@mac.com> Message-ID: <20071107162713.GE25886@jabberwocky.com> On Wed, Nov 07, 2007 at 11:01:00AM -0500, Charly Avital wrote: > Hi, > This is my first post to the Ubuntu list, and I am very new user of > Ubuntu 7.10. > > I am Mac user since 1993, and a GnuPG user for at least 5 years. > > My system: > Running Ubuntu 7.10 under Parallels for Mac 3.0 build 5160. > MacOS X 10.5 (code name Leopard) > Macbook Intel Core 2 Duo 2 GHz (i386), 2GB-RAM. > GnuPG 1.4.7 and gpg2 2.0.7 > > I have installed: > $ xloadimage -version > Xloadimage version 4.1 by Jim Frost. > Built on Linux terranova 2.6.12 #1 SMP Tue Aug 9 18:56:34 UTC 2005 i686 > GNU/Linux > > I have enabled, in ~/.gnupg/gpg.conf: > verify-options show-photos > photo-viewer xloadimage > > When verifying messages that have been signed with a key that contains > the owner's photo jpeg file, the picture is not shown. Try: photo-viewer "xloadimage %i" If I recall, xloadimage can't take data via stdin. David From shavital at mac.com Wed Nov 7 18:15:09 2007 From: shavital at mac.com (Charly Avital) Date: Wed, 07 Nov 2007 12:15:09 -0500 Subject: Image viewer in gpg.conf In-Reply-To: <20071107162713.GE25886@jabberwocky.com> References: <4731E13C.8070707@mac.com> <20071107162713.GE25886@jabberwocky.com> Message-ID: <4731F29D.6010506@mac.com> David Shaw wrote: > On Wed, Nov 07, 2007 at 11:01:00AM -0500, Charly Avital wrote: >> Hi, >> This is my first post to the Ubuntu list, and I am very new user of >> Ubuntu 7.10. >> >> I am Mac user since 1993, and a GnuPG user for at least 5 years. >> >> My system: >> Running Ubuntu 7.10 under Parallels for Mac 3.0 build 5160. >> MacOS X 10.5 (code name Leopard) >> Macbook Intel Core 2 Duo 2 GHz (i386), 2GB-RAM. >> GnuPG 1.4.7 and gpg2 2.0.7 >> >> I have installed: >> $ xloadimage -version >> Xloadimage version 4.1 by Jim Frost. >> Built on Linux terranova 2.6.12 #1 SMP Tue Aug 9 18:56:34 UTC 2005 i686 >> GNU/Linux >> >> I have enabled, in ~/.gnupg/gpg.conf: >> verify-options show-photos >> photo-viewer xloadimage >> >> When verifying messages that have been signed with a key that contains >> the owner's photo jpeg file, the picture is not shown. > > Try: > > photo-viewer "xloadimage %i" > > If I recall, xloadimage can't take data via stdin. > > David Thank you David, It works, both in Thunderbird+Enigmail, and in Evolution. Charly From volker at ixolution.de Wed Nov 7 18:38:24 2007 From: volker at ixolution.de (Volker Dormeyer) Date: Wed, 7 Nov 2007 18:38:24 +0100 Subject: Decryption using Smartcard using CCID and PCSCD driver In-Reply-To: <200711010807.26154.volker@ixolution.de> References: <200711010807.26154.volker@ixolution.de> Message-ID: <200711071838.25644.volker@ixolution.de> Hi, does nobody have an idea on this? Thanks, Volker * On Thursday 01 November 2007 08:07:25, * Volker Dormeyer wrote: > Hi, > > I'm experiencing problems decrypting an email I received, recently. > Decryption of other emails, even from the same sender works fine. > Although the other recipients of this particular email don't seem > to have a problem with the decryption of it. > > GPG tells me (recipients have been anonymised by xxxxxxxx, > except myself): > > volker at freedom:~$ gpg -v email.asc > gpg: armor header: Version: GnuPG v2.0.5 (GNU/Linux) > gpg: public key is xxxxxxxx > gpg: public key is 9107C5AC > gpg: using subkey 9107C5AC instead of primary key DB5349DB > gpg: sending command `SCD PKDECRYPT' to agent failed: ec=6.131 > gpg: public key is xxxxxxxx > gpg: public key is xxxxxxxx > gpg: using subkey xxxxxxxx instead of primary key xxxxxxxx > gpg: encrypted with 2048-bit RSA key, ID xxxxxxxx, created xxxxxxxx > "other recipient " > gpg: using subkey xxxxxxxx instead of primary key xxxxxxxx > gpg: encrypted with 1024-bit RSA key, ID xxxxxxxx, created xxxxxxxx > "other recipient " > gpg: using subkey 9107C5AC instead of primary key DB5349DB > gpg: encrypted with 1024-bit RSA key, ID 9107C5AC, created 2005-08-31 > "Volker Dormeyer " > gpg: public key decryption failed: general error > gpg: using subkey xxxxxxxx instead of primary key xxxxxxxx > gpg: encrypted with 1024-bit RSA key, ID xxxxxxxx, created xxxxxxxx > "other recipient " > gpg: decryption failed: secret key not available > > I've set the debug-level of scdaemon and gpg-agent to guru to receive > the following log: > > volker at freedom:~$ watchgnupg --force .gnupg/log-socket >watchgnupg.log > [client at fd 6 connected] > [client at fd 7 connected] > 6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: -> OK Pleased to meet you > 6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: <- OPTION display=:0.0 > 6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: -> OK > 6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: <- OPTION > ttyname=/dev/pts/1 6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: -> OK > 6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: <- OPTION ttytype=xterm > 7 - 2007-11-01 07:39:32 scdaemon[4213]: listening on socket > `/tmp/gpg-glRCWp/S.scdaemon' 7 - 2007-11-01 07:39:32 scdaemon[4213]: > handler for fd -1 started 6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: > -> OK > 6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: <- OPTION > lc-ctype=en_US.UTF-8 6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: -> OK > 6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: <- OPTION > lc-messages=en_US.UTF-8 6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: -> > OK > 6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: <- SCD SERIALNO openpgp > 6 - 2007-11-01 07:39:32 gpg-agent[4052]: no running SCdaemon - starting > it 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: using CCID > reader 0 (ID=04E6:5115:60500033:0) 7 - 2007-11-01 07:39:32 scdaemon[4213]: > DBG: ccid-driver: idVendor: 04E6 idProduct: 5115 bcdDevice: 0514 7 - > 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: ChipCard Interface > Descriptor: 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: > bLength 54 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: > ccid-driver: bDescriptorType 33 7 - 2007-11-01 07:39:32 > scdaemon[4213]: DBG: ccid-driver: bcdCCID 1.00 7 - > 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: nMaxSlotIndex > 0 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: > bVoltageSupport 1 5.0V 7 - 2007-11-01 07:39:32 scdaemon[4213]: > DBG: ccid-driver: dwProtocols 3 T=0 T=1 7 - 2007-11-01 > 07:39:32 scdaemon[4213]: DBG: ccid-driver: dwDefaultClock 4000 7 - > 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: dwMaxiumumClock > 12000 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: > bNumClockSupported 0 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: > ccid-driver: dwDataRate 9600 bps 7 - 2007-11-01 07:39:32 > scdaemon[4213]: DBG: ccid-driver: dwMaxDataRate 307200 bps 7 - > 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: bNumDataRatesSupp. > 0 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: > dwMaxIFSD 252 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: > ccid-driver: dwSyncProtocols 00000000 7 - 2007-11-01 07:39:32 > scdaemon[4213]: DBG: ccid-driver: dwMechanical 00000000 7 - > 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: dwFeatures > 000100BA 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: > Auto configuration based on ATR 7 - 2007-11-01 07:39:32 scdaemon[4213]: > DBG: ccid-driver: Auto voltage selection 7 - 2007-11-01 07:39:32 > scdaemon[4213]: DBG: ccid-driver: Auto clock change 7 - 2007-11-01 > 07:39:32 scdaemon[4213]: DBG: ccid-driver: Auto baud rate change 7 - > 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: Auto PPS made by > CCID 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: TPDU > level exchange 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: > dwMaxCCIDMsgLen 263 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: > ccid-driver: bClassGetResponse echo 7 - 2007-11-01 07:39:32 > scdaemon[4213]: DBG: ccid-driver: bClassEnvelope echo 7 - > 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: wlcdLayout > none 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: > bPINSupport 0 7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: > ccid-driver: bMaxCCIDBusySlots 1 7 - 2007-11-01 07:39:33 > scdaemon[4213]: DBG: ccid-driver: usb_bulk_read error: Resource > temporarily unavailable 7 - 2007-11-01 07:39:33 scdaemon[4213]: DBG: > ccid-driver: USB: CALLING USB_CLEAR_HALT 7 - 2007-11-01 07:39:34 > scdaemon[4213]: DBG: ccid-driver: usb_bulk_read error: Resource > temporarily unavailable 7 - 2007-11-01 07:39:34 scdaemon[4213]: DBG: > ccid-driver: USB: RETRYING bulk_in AGAIN 7 - 2007-11-01 07:39:35 > scdaemon[4213]: DBG: ccid-driver: usb_bulk_read error: Resource > temporarily unavailable 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: > ccid-driver: USB: RETRYING bulk_in AGAIN 7 - 2007-11-01 07:39:35 > scdaemon[4213]: DBG: ccid-driver: status: 00 error: 00 octet[9]: 00 7 - > 2007-11-01 07:39:35 data: 3B FA 13 00 FF 81 31 80 45 00 31 > C1 73 C0 01 00 00 90 00 B1 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: > ccid-driver: status: 00 error: 00 octet[9]: 01 7 - 2007-11-01 07:39:35 > data: 11 10 00 45 00 80 00 7 - 2007-11-01 07:39:35 > scdaemon[4213]: DBG: ccid-driver: GetParametes returned 82 07 00 00 00 00 > 05 00 00 01 11 10 00 45 00 80 00 7 - 2007-11-01 07:39:35 scdaemon[4213]: > DBG: ccid-driver: protocol ..........: T=1 7 - 2007-11-01 07:39:35 > scdaemon[4213]: DBG: ccid-driver: bmFindexDindex ....: 11 7 - 2007-11-01 > 07:39:35 scdaemon[4213]: DBG: ccid-driver: bmTCCKST1 .........: 10 7 - > 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: bGuardTimeT1 > ......: 00 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: > bmWaitingIntegersT1: 45 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: > ccid-driver: bClockStop ........: 00 7 - 2007-11-01 07:39:35 > scdaemon[4213]: DBG: ccid-driver: bIFSC .............: 128 7 - > 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: bNadValue > .........: 0 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: > sending 61 07 00 00 00 00 06 01 00 00 11 10 00 45 00 80 00 7 - 2007-11-01 > 07:39:35 scdaemon[4213]: DBG: ccid-driver: status: 00 error: 00 > octet[9]: 01 7 - 2007-11-01 07:39:35 data: 11 10 00 45 00 > 80 00 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: sending 6F > 05 00 00 00 00 07 00 00 00 00 C1 01 FC 3C 7 - 2007-11-01 07:39:35 > scdaemon[4213]: DBG: ccid-driver: status: 00 error: 00 octet[9]: 00 7 - > 2007-11-01 07:39:35 data: 00 E1 01 FC 1C > 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: IFSD has been > set to 252 7 - 2007-11-01 07:39:35 scdaemon[4213]: reader slot 0: using > ccid driver 7 - 2007-11-01 07:39:35 scdaemon[4213]: slot 0: ATR=3B FA 13 > 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1 7 - 2007-11-01 07:39:35 > scdaemon[4213.0] DBG: -> OK GNU Privacy Guard's Smartcard server ready 6 - > 2007-11-01 07:39:35 gpg-agent[4052]: DBG: first connection to SCdaemon > established 7 - 2007-11-01 07:39:35 scdaemon[4213]: updating status of > slot 0 to 0x0007 7 - 2007-11-01 07:39:35 scdaemon[4213.0] DBG: <- GETINFO > socket_name 7 - 2007-11-01 07:39:35 scdaemon[4213.0] DBG: -> D > /tmp/gpg-glRCWp/S.scdaemon 7 - 2007-11-01 07:39:35 scdaemon[4213.0] DBG: > -> OK > 7 - 2007-11-01 07:39:35 scdaemon[4213.0] DBG: <- OPTION event-signal=12 > 7 - 2007-11-01 07:39:35 scdaemon[4213.0] DBG: -> OK > 7 - 2007-11-01 07:39:35 scdaemon[4213.0] DBG: <- SERIALNO openpgp > 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: send apdu: c=00 i=A4 p0=00 > p1=0C lc=2 le=-1 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: APDU_data: > 00 A4 00 0C 02 3F 00 6 - 2007-11-01 07:39:35 gpg-agent[4052]: DBG: > additional connections at `/tmp/gpg-glRCWp/S.scdaemon' 7 - 2007-11-01 > 07:39:35 scdaemon[4213]: DBG: ccid-driver: sending 6F 0B 00 00 00 00 09 04 > 00 00 00 00 07 00 A4 00 0C 02 3F 00 92 7 - 2007-11-01 07:39:35 > scdaemon[4213]: DBG: ccid-driver: status: 00 error: 00 octet[9]: 04 7 - > 2007-11-01 07:39:35 data: 00 00 02 6B 00 69 > 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: response: sw=6B00 > datalen=0 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: send apdu: c=00 > i=A4 p0=04 p1=00 lc=6 le=-1 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: > APDU_data: 00 A4 04 00 06 D2 76 00 01 24 01 7 - 2007-11-01 07:39:35 > scdaemon[4213]: DBG: ccid-driver: sending 6F 0F 00 00 00 00 0A 04 00 00 00 > 40 0B 00 A4 04 00 06 D2 76 00 01 24 01 6D 7 - 2007-11-01 07:39:35 > scdaemon[4213]: DBG: ccid-driver: status: 00 error: 00 octet[9]: 04 7 - > 2007-11-01 07:39:35 data: 00 40 16 6F 12 84 10 D2 76 00 01 > 24 01 01 01 00 01 00 00 02 EB 00 00 90 00 47 7 - 2007-11-01 07:39:35 > scdaemon[4213]: DBG: response: sw=9000 datalen=20 7 - 2007-11-01 > 07:39:35 scdaemon[4213]: DBG: dump: 6F 12 84 10 D2 76 00 01 24 01 01 > 01 00 01 00 00 02 EB 00 00 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: > send apdu: c=00 i=CA p0=00 p1=4F lc=-1 le=256 7 - 2007-11-01 07:39:35 > scdaemon[4213]: DBG: APDU_data: 00 CA 00 4F 00 7 - 2007-11-01 07:39:35 > scdaemon[4213]: DBG: ccid-driver: sending 6F 09 00 00 00 00 0B 04 00 00 00 > 00 05 00 CA 00 4F 00 80 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: > ccid-driver: status: 00 error: 00 octet[9]: 04 7 - 2007-11-01 07:39:35 > data: 00 00 12 D2 76 00 01 24 01 01 01 00 01 00 00 02 EB 00 > 00 90 00 EA 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: response: > sw=9000 datalen=16 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: > dump: D2 76 00 01 24 01 01 01 00 01 00 00 02 EB 00 00 7 - 2007-11-01 > 07:39:35 scdaemon[4213]: AID: D2 76 00 01 24 01 01 01 00 01 00 00 02 EB 00 > 00 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: send apdu: c=00 i=CA p0=00 > p1=C4 lc=-1 le=256 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: > APDU_data: 00 CA 00 C4 00 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: > ccid-driver: sending 6F 09 00 00 00 00 0C 04 00 00 00 40 05 00 CA 00 C4 00 > 4B 7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: status: 00 > error: 00 octet[9]: 04 7 - 2007-11-01 07:39:35 data: 00 40 > 09 00 FE FE FE 03 03 03 90 00 24 7 - 2007-11-01 07:39:35 scdaemon[4213]: > DBG: response: sw=9000 datalen=7 7 - 2007-11-01 07:39:35 scdaemon[4213]: > DBG: dump: 00 FE FE FE 03 03 03 7 - 2007-11-01 07:39:35 > scdaemon[4213]: DBG: send apdu: c=00 i=CA p0=00 p1=6E lc=-1 le=256 7 - > 2007-11-01 07:39:35 scdaemon[4213]: DBG: APDU_data: 00 CA 00 6E 00 7 - > 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: sending 6F 09 00 00 > 00 00 0D 04 00 00 00 00 05 00 CA 00 6E 00 A1 7 - 2007-11-01 07:39:36 > scdaemon[4213]: DBG: ccid-driver: status: 00 error: 00 octet[9]: 04 7 - > 2007-11-01 07:39:36 data: 00 00 CA 4F 10 D2 76 00 01 24 01 > 01 01 00 01 00 00 02 EB 00 00 73 81 9D C0 01 78 C1 05 01 04 00 00 20 C2 05 > 01 04 00 00 20 C3 05 01 04 00 00 20 C4 07 00 FE FE FE 03 03 03 C5 3C 14 B6 > 61 3A 82 AF 0D D7 11 7D 6A 10 10 96 7F 77 2E 30 51 1B 82 E8 9C C3 85 F6 92 > F8 40 50 64 36 36 40 86 9B 91 07 C5 AC B9 94 D5 C4 0C 93 39 16 15 FC 39 D9 > 96 36 0E 36 24 38 0E 54 C6 3C C4 85 A6 CD 7E C6 6E 9E EC 33 65 F2 70 F2 75 > E4 C3 2F 6C A5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 43 16 11 > B6 43 16 13 0D 43 16 13 46 5E 06 76 6F 6C 6B 65 72 90 00 30 7 - 2007-11-01 > 07:39:36 scdaemon[4213]: DBG: response: sw=9000 datalen=200 7 - > 2007-11-01 07:39:36 scdaemon[4213]: DBG: dump: 4F 10 D2 76 00 01 24 > 01 01 01 00 01 00 00 02 EB 00 00 73 81 9D C0 01 78 C1 05 01 04 00 00 20 C2 > 05 01 04 00 00 20 C3 05 01 04 00 00 20 C4 07 00 FE FE FE 03 03 03 C5 3C 14 > B6 61 3A 82 AF 0D D7 11 7D 6A 10 10 96 7F 77 2E 30 51 1B 82 E8 9C C3 85 F6 > 92 F8 40 50 64 36 36 40 86 9B 91 07 C5 AC B9 94 D5 C4 0C 93 39 16 15 FC 39 > D9 96 36 0E 36 24 38 0E 54 C6 3C C4 85 A6 CD 7E C6 6E 9E EC 33 65 F2 70 F2 > 75 E4 C3 2F 6C A5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 43 16 > 11 B6 43 16 13 0D 43 16 13 46 5E 06 76 6F 6C 6B 65 72 7 - 2007-11-01 > 07:39:36 scdaemon[4213]: DBG: send apdu: c=00 i=CA p0=00 p1=5E lc=-1 > le=256 7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG: APDU_data: 00 CA 00 > 5E 00 7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG: ccid-driver: sending 6F > 09 00 00 00 00 0E 04 00 00 00 40 05 00 CA 00 5E 00 D1 7 - 2007-11-01 > 07:39:36 scdaemon[4213]: DBG: ccid-driver: status: 00 error: 00 > octet[9]: 04 7 - 2007-11-01 07:39:36 data: 00 40 08 76 6F > 6C 6B 65 72 90 00 D1 7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG: > response: sw=9000 datalen=6 7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG: > dump: 76 6F 6C 6B 65 72 7 - 2007-11-01 07:39:36 scdaemon[4213.0] > DBG: -> S SERIALNO D2760001240101010001000002EB0000 0 7 - 2007-11-01 > 07:39:36 scdaemon[4213.0] DBG: -> OK > 6 - 2007-11-01 07:39:36 gpg-agent[4052.6] DBG: -> S SERIALNO > D2760001240101010001000002EB0000 0 6 - 2007-11-01 07:39:36 > gpg-agent[4052.6] DBG: -> OK > 6 - 2007-11-01 07:39:36 gpg-agent[4052.6] DBG: <- SCD SETDATA > FEF51A7BB7DC6A19710A98D918C3DD54DA95C1E0F72264276C97534B1A11B9D043149BD3DF >00254F2FAADC6D6F5DBB1FA14C6DFD53EE6C7553BD71FBFAC9C8F1FD01F6097321F021D3D67 >F1DC3C7A9F2E43274CB3B8BD39E1B684B21AE01AAB6D216A6B7A3056D677997D84A3C34AC82 >67EC4A49AF726A56D35645B66C070B 7 - 2007-11-01 07:39:36 scdaemon[4213.0] > DBG: <- SETDATA > FEF51A7BB7DC6A19710A98D918C3DD54DA95C1E0F72264276C97534B1A11B9D043149BD3DF >00254F2FAADC6D6F5DBB1FA14C6DFD53EE6C7553BD71FBFAC9C8F1FD01F6097321F021D3D67 >F1DC3C7A9F2E43274CB3B8BD39E1B684B21AE01AAB6D216A6B7A3056D677997D84A3C34AC82 >67EC4A49AF726A56D35645B66C070B 7 - 2007-11-01 07:39:36 scdaemon[4213.0] > DBG: -> OK > 6 - 2007-11-01 07:39:36 gpg-agent[4052.6] DBG: -> OK > 6 - 2007-11-01 07:39:36 gpg-agent[4052.6] DBG: <- SCD PKDECRYPT > D2760001240101010001000002EB0000/82E89CC385F692F8405064363640869B9107C5AC > 7 - 2007-11-01 07:39:36 scdaemon[4213.0] DBG: <- PKDECRYPT > D2760001240101010001000002EB0000/82E89CC385F692F8405064363640869B9107C5AC > 7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG: send apdu: c=00 i=CA p0=00 > p1=6E lc=-1 le=256 7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG: > APDU_data: 00 CA 00 6E 00 7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG: > ccid-driver: sending 6F 09 00 00 00 00 0F 04 00 00 00 00 05 00 CA 00 6E 00 > A1 7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG: ccid-driver: status: 00 > error: 00 octet[9]: 04 7 - 2007-11-01 07:39:36 data: 00 00 > CA 4F 10 D2 76 00 01 24 01 01 01 00 01 00 00 02 EB 00 00 73 81 9D C0 01 78 > C1 05 01 04 00 00 20 C2 05 01 04 00 00 20 C3 05 01 04 00 00 20 C4 07 00 FE > FE FE 03 03 03 C5 3C 14 B6 61 3A 82 AF 0D D7 11 7D 6A 10 10 96 7F 77 2E 30 > 51 1B 82 E8 9C C3 85 F6 92 F8 40 50 64 36 36 40 86 9B 91 07 C5 AC B9 94 D5 > C4 0C 93 39 16 15 FC 39 D9 96 36 0E 36 24 38 0E 54 C6 3C C4 85 A6 CD 7E C6 > 6E 9E EC 33 65 F2 70 F2 75 E4 C3 2F 6C A5 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 CD 0C 43 16 11 B6 43 16 13 0D 43 16 13 46 5E 06 76 6F 6C 6B 65 > 72 90 00 30 7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG: response: > sw=9000 datalen=200 7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG: > dump: 4F 10 D2 76 00 01 24 01 01 01 00 01 00 00 02 EB 00 00 73 81 9D C0 > 01 78 C1 05 01 04 00 00 20 C2 05 01 04 00 00 20 C3 05 01 04 00 00 20 C4 07 > 00 FE FE FE 03 03 03 C5 3C 14 B6 61 3A 82 AF 0D D7 11 7D 6A 10 10 96 7F 77 > 2E 30 51 1B 82 E8 9C C3 85 F6 92 F8 40 50 64 36 36 40 86 9B 91 07 C5 AC B9 > 94 D5 C4 0C 93 39 16 15 FC 39 D9 96 36 0E 36 24 38 0E 54 C6 3C C4 85 A6 CD > 7E C6 6E 9E EC 33 65 F2 70 F2 75 E4 C3 2F 6C A5 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 CD 0C 43 16 11 B6 43 16 13 0D 43 16 13 46 5E 06 76 6F 6C > 6B 65 72 7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG: asking for PIN 'PIN' > 7 - 2007-11-01 07:39:36 scdaemon[4213.0] DBG: -> INQUIRE NEEDPIN PIN 6 - > 2007-11-01 07:39:36 gpg-agent[4052]: starting a new PIN Entry 6 - > 2007-11-01 07:39:36 gpg-agent[4052]: DBG: connection to PIN entry > established 7 - 2007-11-01 07:39:48 scdaemon[4213.0] DBG: <- [ 44 20 33 31 > 31 32 38 32 00 00 00 00 ...(80 bytes skipped) ] 7 - 2007-11-01 07:39:48 > scdaemon[4213.0] DBG: <- END > 7 - 2007-11-01 07:39:48 scdaemon[4213]: DBG: send apdu: c=00 i=20 p0=00 > p1=82 lc=6 le=-1 7 - 2007-11-01 07:39:48 scdaemon[4213]: DBG: APDU_data: > 00 20 00 82 06 33 31 31 32 38 32 7 - 2007-11-01 07:39:48 scdaemon[4213]: > DBG: ccid-driver: sending 6F 0F 00 00 00 00 16 04 00 00 00 40 0B 00 20 00 > 82 06 33 31 31 32 38 32 E4 7 - 2007-11-01 07:39:49 scdaemon[4213]: DBG: > ccid-driver: status: 00 error: 00 octet[9]: 04 7 - 2007-11-01 07:39:49 > data: 00 40 02 90 00 D2 > 7 - 2007-11-01 07:39:49 scdaemon[4213]: DBG: response: sw=9000 > datalen=0 7 - 2007-11-01 07:39:49 scdaemon[4213]: DBG: dump: > 7 - 2007-11-01 07:39:49 scdaemon[4213]: DBG: send apdu: c=00 i=2A p0=80 > p1=86 lc=128 le=256 7 - 2007-11-01 07:39:49 scdaemon[4213]: DBG: > APDU_data: 00 2A 80 86 80 00 FE F5 1A 7B B7 DC 6A 19 71 0A 98 D9 18 C3 DD > 54 DA 95 C1 E0 F7 22 64 27 6C 97 53 4B 1A 11 B9 D0 43 14 9B D3 DF 00 25 4F > 2F AA DC 6D 6F 5D BB 1F A1 4C 6D FD 53 EE 6C 75 53 BD 71 FB FA C9 C8 F1 FD > 01 F6 09 73 21 F0 21 D3 D6 7F 1D C3 C7 A9 F2 E4 32 74 CB 3B 8B D3 9E 1B 68 > 4B 21 AE 01 AA B6 D2 16 A6 B7 A3 05 6D 67 79 97 D8 4A 3C 34 AC 82 67 EC 4A > 49 AF 72 6A 56 D3 56 45 B6 6C 07 0B 7 - 2007-11-01 07:39:49 > scdaemon[4213]: DBG: ccid-driver: sending 6F 84 00 00 00 00 17 04 00 00 00 > 20 80 00 2A 80 86 80 00 FE F5 1A 7B B7 DC 6A 19 71 0A 98 D9 18 C3 DD 54 DA > 95 C1 E0 F7 22 64 27 6C 97 53 4B 1A 11 B9 D0 43 14 9B D3 DF 00 25 4F 2F AA > DC 6D 6F 5D BB 1F A1 4C 6D FD 53 EE 6C 75 53 BD 71 FB FA C9 C8 F1 FD 01 F6 > 09 73 21 F0 21 D3 D6 7F 1D C3 C7 A9 F2 E4 32 74 CB 3B 8B D3 9E 1B 68 4B 21 > AE 01 AA B6 D2 16 A6 B7 A3 05 6D 67 79 97 D8 4A 3C 34 AC 82 67 EC 4A 49 AF > 72 6A 56 D3 56 99 7 - 2007-11-01 07:39:49 scdaemon[4213]: DBG: > ccid-driver: status: 00 error: 00 octet[9]: 04 7 - 2007-11-01 07:39:49 > data: 00 90 00 90 > 7 - 2007-11-01 07:39:49 scdaemon[4213]: DBG: ccid-driver: sending 6F 09 > 00 00 00 00 18 04 00 00 00 40 05 45 B6 6C 07 0B D6 7 - 2007-11-01 07:39:49 > scdaemon[4213]: DBG: ccid-driver: status: 00 error: 00 octet[9]: 04 7 - > 2007-11-01 07:39:49 data: 00 00 02 69 85 EE > 7 - 2007-11-01 07:39:49 scdaemon[4213]: DBG: response: sw=6985 > datalen=0 7 - 2007-11-01 07:39:49 scdaemon[4213]: operation decipher > result: Conditions of use not satisfied 6 - 2007-11-01 07:39:49 > gpg-agent[4052.6] DBG: -> ERR 100663427 Conditions of use not satisfied > 6 - 2007-11-01 07:39:49 gpg-agent[4052.6] DBG: <- BYE > 6 - 2007-11-01 07:39:49 gpg-agent[4052.6] DBG: -> OK closing connection > 6 - 2007-11-01 07:39:49 gpg-agent[4052]: handler 0x8092f90 for fd 6 > terminated 7 - 2007-11-01 07:39:49 scdaemon[4213]: card_create_signature > failed: Conditions of use not satisfied 7 - 2007-11-01 07:39:49 > scdaemon[4213.0] DBG: -> ERR 100663427 Conditions of use not satisfied > 7 - 2007-11-01 07:39:49 scdaemon[4213.0] DBG: <- RESTART > 7 - 2007-11-01 07:39:49 scdaemon[4213.0] DBG: -> OK > > Does anybody have an idea on this? > The outcome is similiar to when I use the pcscd driver. From wk at gnupg.org Wed Nov 7 19:50:54 2007 From: wk at gnupg.org (Werner Koch) Date: Wed, 07 Nov 2007 19:50:54 +0100 Subject: Decryption using Smartcard using CCID and PCSCD driver In-Reply-To: <200711010807.26154.volker@ixolution.de> (Volker Dormeyer's message of "Thu, 1 Nov 2007 08:07:25 +0100") References: <200711010807.26154.volker@ixolution.de> Message-ID: <87640d3n5d.fsf@wheatstone.g10code.de> On Thu, 1 Nov 2007 08:07, volker at ixolution.de said: > GPG tells me (recipients have been anonymised by xxxxxxxx, > except myself): FWIW, we can see you PIN in the log: DBG: send apdu: c=00 i=20 p0=00 p1=82 lc=6 le=-1 DBG: APDU_data: 00 20 00 82 06 33 31 31 32 38 32 ^^^^^^^^^^^^^^^^^ the problem is this: DBG: send apdu: c=00 i=2A p0=80 p1=86 lc=128 le=256 00 2A 80 86 80 00 FE F5 1A 7B B7 DC 6A 19 71 0A 98 D9 18 C3 DD 54 DA 95 C1 E0 F7 22 64 27 6C 97 53 4B 1A 11 B9 D0 43 14 9B D3 DF 00 25 4F 2F AA DC 6D 6F 5D BB 1F A1 4C 6D FD 53 EE 6C 75 53 BD 71 FB FA C9 C8 F1 FD 01 F6 09 73 21 F0 21 D3 D6 7F 1D C3 C7 A9 F2 E4 32 74 CB 3B 8B D3 9E 1B 68 4B 21 AE 01 AA B6 D2 16 A6 B7 A3 05 6D 67 79 97 D8 4A 3C 34 AC 82 67 EC 4A 49 AF 72 6A 56 D3 56 45 B6 6C 07 0B Thus there is one byte missing. A quick test with a fresh card shows this for a correct decryption: DBG: send apdu: c=00 i=2A p0=80 p1=86 lc=129 le=256 00 2A 80 86 81 00 71 86 BC 02 50 1F CC 5D 09 CA 7A 98 FB DC 03 81 92 FA 4F B5 87 5C A4 B5 02 C1 71 1A A7 46 C7 44 95 1C 2A 7F 66 AA 8F E5 F7 97 CD 50 C5 CA 8F 25 13 28 AE F9 61 CF BF AA FE 77 F5 03 B4 F6 49 AD 65 4B F6 C7 B2 2D D9 77 C8 5F D6 1C E1 43 29 E1 E1 D5 2C C9 5A 96 CA B6 81 9A 84 C5 CF 22 9B 56 EA E2 52 1A 69 DB A6 BA 96 67 7D 79 07 D0 EF 6E 80 CA 14 C7 33 98 B5 E9 90 14 64 1E 29 AB 30 59 Can you send me the encrypted message by PM? I only need the the public key encrypted packet. Run gpgsplit on the message and send me the *.pk_enc files or just the one encrypted to your key (gpg --list-packets on the pk_enc file shows you the keyid for of that packet) Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From volker at ixolution.de Wed Nov 7 22:24:43 2007 From: volker at ixolution.de (Volker Dormeyer) Date: Wed, 7 Nov 2007 22:24:43 +0100 Subject: Decryption using Smartcard using CCID and PCSCD driver In-Reply-To: <87640d3n5d.fsf@wheatstone.g10code.de> References: <200711010807.26154.volker@ixolution.de> <87640d3n5d.fsf@wheatstone.g10code.de> Message-ID: <200711072224.43579.volker@ixolution.de> * On Wednesday 07 November 2007 19:50:54, * Werner Koch wrote: > On Thu, 1 Nov 2007 08:07, volker at ixolution.de said: > FWIW, we can see you PIN in the log: > > DBG: send apdu: c=00 i=20 p0=00 p1=82 lc=6 le=-1 > DBG: APDU_data: 00 20 00 82 06 33 31 31 32 38 32 > ^^^^^^^^^^^^^^^^^ Thanks for this hint. > Can you send me the encrypted message by PM? I only need the the public > key encrypted packet. Run gpgsplit on the message and send me the > *.pk_enc files or just the one encrypted to your key (gpg --list-packets > on the pk_enc file shows you the keyid for of that packet) Okay, I am going to send the pk_enc file via PM. Thanks, Volker From henkdebruijn at wanadoo.nl Thu Nov 8 16:40:10 2007 From: henkdebruijn at wanadoo.nl (Henk M. de Bruijn) Date: Thu, 8 Nov 2007 16:40:10 +0100 Subject: compiling gpg 147 Message-ID: <1917156977.20071108164010@wanadoo.nl> Hi, I hope this is the rigth list to ask this. I just reinstalled Cygwin and compiling 1.4.7 went ok except that at the end 16 of 27 tests failed. Is there a file in which I can see what went wrong? -- Henk M. de Bruijn ______________________________________________________________________ The Bat! Natural E-Mail System version 3.99.29 Pro on Windows XP SP2 Request-PGP: http://www.biglumber.com/x/web?qs=0x6C9F6CE78C32408B Gossamer Spider Web of Trust http://www.gswot.org A progressive and innovative Web of Trust From sh at sourcecode.de Fri Nov 9 10:28:19 2007 From: sh at sourcecode.de (Stephan Hermann) Date: Fri, 09 Nov 2007 10:28:19 +0100 Subject: how to use gpg with a smartcard, when there is no smartcard Message-ID: <47342833.3080704@sourcecode.de> Hi, I have a little problem with gnupg and smartcards. I added to my key a signing subkey for my smartcard. This works great when the smartcard reader is attached to my computer, which is my home workstation. Now I have a copy of my secret key etc. on my usb stick and want to use my key for signing at work, without having a smartcard reader attached. Gnupg complains now, that it can't find the smartcard reader, which is true at work, and I'm not able to use any signature function anymore. Is there a way to tell gnupg, to use another subkey or whatever it needs, for signing? There must be a possibility to sign something without having a smartcard reader attached, right? Thx for your help and the great software, \sh From wk at gnupg.org Fri Nov 9 17:15:33 2007 From: wk at gnupg.org (Werner Koch) Date: Fri, 09 Nov 2007 17:15:33 +0100 Subject: how to use gpg with a smartcard, when there is no smartcard In-Reply-To: <47342833.3080704@sourcecode.de> (Stephan Hermann's message of "Fri, 09 Nov 2007 10:28:19 +0100") References: <47342833.3080704@sourcecode.de> Message-ID: <874pfvtmxm.fsf@wheatstone.g10code.de> On Fri, 9 Nov 2007 10:28, sh at sourcecode.de said: > There must be a possibility to sign something without having a smartcard > reader attached, right? Sure. You need to tell gpg to use a different key for signing gpg -s -u other-key will work. If that other key is a subkey and tehre is also a smartcard based subkey which is preferred over other-key you need to apped an '!', e.g. gpg -s -u '0x1234567!' The exclamation mark forces gpg to use exactly that subkey; the default is to figure out what will be the best subkey (or primary key) to use. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wk at gnupg.org Fri Nov 9 17:16:17 2007 From: wk at gnupg.org (Werner Koch) Date: Fri, 09 Nov 2007 17:16:17 +0100 Subject: compiling gpg 147 In-Reply-To: <1917156977.20071108164010@wanadoo.nl> (Henk M. de Bruijn's message of "Thu, 8 Nov 2007 16:40:10 +0100") References: <1917156977.20071108164010@wanadoo.nl> Message-ID: <87zlxns8by.fsf@wheatstone.g10code.de> On Thu, 8 Nov 2007 16:40, henkdebruijn at wanadoo.nl said: > I just reinstalled Cygwin and compiling 1.4.7 went ok except that at the > end 16 of 27 tests failed. Is there a file in which I can see what went > wrong? The log files are all named checks/*.test.log. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From mkallas at schokokeks.org Fri Nov 9 17:32:42 2007 From: mkallas at schokokeks.org (Michael Kesper) Date: Fri, 9 Nov 2007 17:32:42 +0100 Subject: how to use gpg with a smartcard, when there is no smartcard In-Reply-To: <47342833.3080704@sourcecode.de> References: <47342833.3080704@sourcecode.de> Message-ID: <20071109163242.GA18174@zucker.schokokeks.org> Hi, On Fri, Nov 09, 2007 at 10:28:19AM +0100, Stephan Hermann wrote: > Hi, > > I have a little problem with gnupg and smartcards. > I added to my key a signing subkey for my smartcard. This works great > when the smartcard reader is attached to my computer, which is my home > workstation. > > Now I have a copy of my secret key etc. on my usb stick and want to use > my key for signing at work, without having a smartcard reader attached. This is one of the use cases where the smart card would be extremely useful. Your secret key should never be used with a compromiseable system. And you have no control over what this computer does when you insert that usb stick. Best wishes Michael From bob.henson at galen.org.uk Fri Nov 9 21:20:18 2007 From: bob.henson at galen.org.uk (Bob Henson) Date: Fri, 09 Nov 2007 20:20:18 +0000 Subject: Keyserver name command Message-ID: <4734C102.3030505@galen.org.uk> Two of my keys have keyserver names built in by using PGP's simple key editing UI. I haven't got PGP installed now, and wanted to change the keyserver using "gpg --keyserver name", as the server in the keys has now disappeared or no longer functions. I'd like to either remove it altogether and not have a specific preference, or change it to the SKS server at minsky.surfnet.nl (seems to be the best/fastest at the moment), but even after reading the man page I'm not sure of the command syntax. Do I need a full URL, or will just "minsky.surfnet.nl" suffice? If it needs a full URL, how is the URL for an SKS server constructed? Would running the command with no parameters at all remove the current name? Regards, Bob -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 546 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20071109/d7ca0e56/attachment.pgp From dshaw at jabberwocky.com Fri Nov 9 22:22:00 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Fri, 9 Nov 2007 16:22:00 -0500 Subject: Keyserver name command In-Reply-To: <4734C102.3030505@galen.org.uk> References: <4734C102.3030505@galen.org.uk> Message-ID: <20071109212200.GB7629@jabberwocky.com> On Fri, Nov 09, 2007 at 08:20:18PM +0000, Bob Henson wrote: > Two of my keys have keyserver names built in by using PGP's simple key > editing UI. I haven't got PGP installed now, and wanted to change the > keyserver using "gpg --keyserver name", as the server in the keys has > now disappeared or no longer functions. I'd like to either remove it > altogether and not have a specific preference, or change it to the SKS > server at minsky.surfnet.nl (seems to be the best/fastest at the > moment), but even after reading the man page I'm not sure of the command > syntax. Do I need a full URL, or will just "minsky.surfnet.nl" suffice? > If it needs a full URL, how is the URL for an SKS server constructed? gpg --edit-key (the-key) keyserver hkp://minsky.surfnet.nl (type your passphrase) save > Would running the command with no parameters at all remove the current name? gpg --edit-key (the-key) keyserver none (type your passphrase) save David From CronoCloud at mchsi.com Fri Nov 9 22:31:25 2007 From: CronoCloud at mchsi.com (Ron Rogers Jr.) Date: Fri, 9 Nov 2007 15:31:25 -0600 Subject: Keyserver name command In-Reply-To: <4734C102.3030505@galen.org.uk> References: <4734C102.3030505@galen.org.uk> Message-ID: <20071109153125.293b2b10@mchsi.com> On Fri, 09 Nov 2007 20:20:18 +0000 Bob Henson wrote: > Two of my keys have keyserver names built in by using PGP's > simple key editing UI. I haven't got PGP installed now, and > wanted to change the keyserver using "gpg --keyserver name", > as the server in the keys has now disappeared or no longer > functions. I'd like to either remove it altogether and not > have a specific preference, or change it to the SKS server at > minsky.surfnet.nl (seems to be the best/fastest at the > moment), but even after reading the man page I'm not sure of > the command syntax. Do I need a full URL, or will just > "minsky.surfnet.nl" suffice? If it needs a full URL, how is > the URL for an SKS server constructed? Would running the > command with no parameters at all remove the current name? > I think you have to use: gpg --edit-key and then use: keyserver full_URI_of_keyserver, for example: hkp://subkeys.pgp.net or in your case: hkp://minsky.surfnet.nl to remove the keyserver you would enter: none CronoCloud (Ron Rogers Jr.) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20071109/72c54260/attachment.pgp From gerhard at popmail.at Wed Nov 7 20:38:07 2007 From: gerhard at popmail.at (Gerhard) Date: Wed, 07 Nov 2007 20:38:07 +0100 Subject: Change GnuPG key trust from within PHP Message-ID: <4732141F.40502@popmail.at> Hi! I tried to implement gnupgp to my webmail program (written in php) via the PECL extension gnupg-1.3.1 but it was not possible to change the trust for the keys of the keyring. Then i tried the same via command line from within php. This was also not working. I tried it via the --batch command but it is only possible to retrieve the trust information but not to change them. The command i tried first was ... "/usr/local/bin/gpg --home --edit-key trust 2>&1" ... On this command i got the following error message ... "gpg: cannot open `/dev/tty': Device not configured" I tried also to interactive talk to the process but it is also the same error message. :-( With the --no-tty option it is also not working. It also shows the message "gpg: Sorry, no terminal at all requested - can't get input" ... so it is also not wirking. Afterwards i tried it with the --batch command which allowed me to get the trust information but to set it was also not possible. Is there any possibility to set the trust information of a public key via the php commandline? Or is there maybe a work around or something similar to go around this problem? Bye Gerhard From bob.henson at galen.org.uk Sat Nov 10 11:11:13 2007 From: bob.henson at galen.org.uk (Bob Henson) Date: Sat, 10 Nov 2007 10:11:13 +0000 Subject: Keyserver name command In-Reply-To: <20071109212200.GB7629@jabberwocky.com> References: <4734C102.3030505@galen.org.uk> <20071109212200.GB7629@jabberwocky.com> Message-ID: <473583C1.3070803@galen.org.uk> David Shaw wrote:- >> syntax. Do I need a full URL, or will just "minsky.surfnet.nl" suffice? >> If it needs a full URL, how is the URL for an SKS server constructed? > > gpg --edit-key (the-key) > keyserver hkp://minsky.surfnet.nl > (type your passphrase) > save Thanks David (& Ron) for the gen. It was the hkp:// prefix of which I was unsure - I did a bit of googling and couldn't find the relationship between the various schemes and the particular keyserver types. I'll away and fix it now. Regards, Bob -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 546 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20071110/e3ab22fd/attachment.pgp From sh at sourcecode.de Sat Nov 10 13:13:09 2007 From: sh at sourcecode.de (Stephan Hermann) Date: Sat, 10 Nov 2007 13:13:09 +0100 Subject: how to use gpg with a smartcard, when there is no smartcard In-Reply-To: <874pfvtmxm.fsf@wheatstone.g10code.de> References: <47342833.3080704@sourcecode.de> <874pfvtmxm.fsf@wheatstone.g10code.de> Message-ID: <4735A055.7000709@sourcecode.de> Hi, Werner Koch schrieb: > On Fri, 9 Nov 2007 10:28, sh at sourcecode.de said: > > >> There must be a possibility to sign something without having a smartcard >> reader attached, right? >> > > Sure. You need to tell gpg to use a different key for signing > > gpg -s -u other-key > > will work. If that other key is a subkey and tehre is also a smartcard > based subkey which is preferred over other-key you need to apped an '!', > e.g. > > gpg -s -u '0x1234567!' > > The exclamation mark forces gpg to use exactly that subkey; the default > is to figure out what will be the best subkey (or primary key) to use. > Thx Werner let me see if this works when I'm back in the office without any smartcard reader :) \sh From pg at futureware.at Mon Nov 12 00:29:30 2007 From: pg at futureware.at (Philipp =?iso-8859-1?q?G=FChring?=) Date: Mon, 12 Nov 2007 00:29:30 +0100 Subject: UID management In-Reply-To: <20071106042736.GA12890@jabberwocky.com> References: <200711051200.51516.pg@futureware.at> <200711051818.34841.pg@futureware.at> <20071106042736.GA12890@jabberwocky.com> Message-ID: <200711120029.31287.pg@futureware.at> Hi David, > The ordering does not matter. GPG supports selecting a user ID by hash: Thanks a lot! That looked like a good solution. Unfortuntely, it doesn?t work for the UID that is attached to the public key: pub:u:1024:17:A591FD39DD2C60F4:2007-09-29:::u:test::scESC: uid:u::::2007-09-29::5F6CE18A5E1C698C9F6AED4BD3D9AABC6948BC1F::test: Then I get this list: [ultimate] (1). test [ultimate] (2) test And I can happily select and deselect the UID 2: uid 5F6CE18A5E1C698C9F6AED4BD3D9AABC6948BC1F pub 1024D/DD2C60F4 created: 2007-09-29 expires: niemals usage: CS trust: uneingeschr?nkt G?ltigkeit: uneingeschr?nkt sub 2048g/4DD86652 created: 2007-09-29 expires: niemals usage: E [ultimate] (1). test [ultimate] (2)* test But I can?t select the first one: uid A591FD39DD2C60F4 does nothing. Any ideas? Best regards, Philipp G?hring From dshaw at jabberwocky.com Mon Nov 12 01:30:24 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Sun, 11 Nov 2007 19:30:24 -0500 Subject: UID management In-Reply-To: <200711120029.31287.pg@futureware.at> References: <200711051200.51516.pg@futureware.at> <200711051818.34841.pg@futureware.at> <20071106042736.GA12890@jabberwocky.com> <200711120029.31287.pg@futureware.at> Message-ID: <20071112003024.GA4437@jabberwocky.com> On Mon, Nov 12, 2007 at 12:29:30AM +0100, Philipp G?hring wrote: > Hi David, > > > The ordering does not matter. GPG supports selecting a user ID by hash: > > Thanks a lot! That looked like a good solution. > > Unfortuntely, it doesn?t work for the UID that is attached to the public key: > > pub:u:1024:17:A591FD39DD2C60F4:2007-09-29:::u:test::scESC: > uid:u::::2007-09-29::5F6CE18A5E1C698C9F6AED4BD3D9AABC6948BC1F::test: > > Then I get this list: > [ultimate] (1). test > [ultimate] (2) test > > And I can happily select and deselect the UID 2: > > uid 5F6CE18A5E1C698C9F6AED4BD3D9AABC6948BC1F > > pub 1024D/DD2C60F4 created: 2007-09-29 expires: niemals usage: CS > trust: uneingeschr?nkt G?ltigkeit: uneingeschr?nkt > sub 2048g/4DD86652 created: 2007-09-29 expires: niemals usage: E > [ultimate] (1). test > [ultimate] (2)* test > > But I can?t select the first one: > > uid A591FD39DD2C60F4 That's not a uid hash. That's your key id (look at the last 8 characters). When you list keys, always use --fixed-list-mode. David From pg at futureware.at Mon Nov 12 10:28:09 2007 From: pg at futureware.at (Philipp =?iso-8859-1?q?G=FChring?=) Date: Mon, 12 Nov 2007 10:28:09 +0100 Subject: UID management In-Reply-To: <20071112003024.GA4437@jabberwocky.com> References: <200711051200.51516.pg@futureware.at> <200711120029.31287.pg@futureware.at> <20071112003024.GA4437@jabberwocky.com> Message-ID: <200711121028.10520.pg@futureware.at> Hi, > That's not a uid hash. That's your key id (look at the last 8 > characters). When you list keys, always use --fixed-list-mode. Thanks! That seems to work properly now. Best regards, Philipp G?hring From rc647bob at aim.com Tue Nov 13 02:55:25 2007 From: rc647bob at aim.com (rc647bob at aim.com) Date: Mon, 12 Nov 2007 20:55:25 -0500 Subject: decrypt In-Reply-To: <87fxzkmxp8.fsf@wheatstone.g10code.de> References: <8C9E58B5F1CD518-FE8-63CA@WEBMAIL-MA14.sysops.aol.com> <8C9EDDB67A599FD-CE4-3E46@WEBMAIL-DF06.sysops.aol.com> <87fxzkmxp8.fsf@wheatstone.g10code.de> Message-ID: <8C9F3AF644F3895-C88-3697@Webmail-mg06.sysops.aol.com> thanks, however this still returns mytest-1.cpp of size 0. FYI I've got 2 keys with duplicate recipients (i.e., "rc647bob at aim.com"). Perhaps I should use the other one. What command seq. identifies the correct key to use? On Mon, 5 Nov 2007 16:55, rc647bob at aim.com said: > gpg --decrypt --recipient "abcba" mytest-1.cpp.gpg > mytest-1.cpp gpg --decrypt --recipient "abcba" --output - mytest-1.cpp.gpg > mytest-1.cpp ________________________________________________________________________ Check Out the new free AIM(R) Mail -- Unlimited storage and industry-leading spam and email virus protection. From rc647bob at aim.com Tue Nov 13 02:50:49 2007 From: rc647bob at aim.com (rc647bob at aim.com) Date: Mon, 12 Nov 2007 20:50:49 -0500 Subject: decrypt In-Reply-To: <87fxzkmxp8.fsf@wheatstone.g10code.de> References: <8C9E58B5F1CD518-FE8-63CA@WEBMAIL-MA14.sysops.aol.com> <8C9EDDB67A599FD-CE4-3E46@WEBMAIL-DF06.sysops.aol.com> <87fxzkmxp8.fsf@wheatstone.g10code.de> Message-ID: <8C9F3AEBFCE44F3-C88-3660@Webmail-mg06.sysops.aol.com> thanks, however this still returns mytest-1.cpp of size 0. FYI I've got 2 keys with duplicate recipients (i.e., "rc647bob at aim.com"). Perhaps I should use the other one. What command seq. identifies the correct key to use? On Mon, 5 Nov 2007 16:55, rc647bob at aim.com said: > gpg --decrypt --recipient "abcba" mytest-1.cpp.gpg > mytest-1.cpp gpg --decrypt --recipient "abcba" --output - mytest-1.cpp.gpg > mytest-1.cpp Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. ________________________________________________________________________ Check Out the new free AIM(R) Mail -- Unlimited storage and industry-leading spam and email virus protection. From jharris at widomaker.com Tue Nov 13 05:49:18 2007 From: jharris at widomaker.com (Jason Harris) Date: Mon, 12 Nov 2007 23:49:18 -0500 Subject: new (2007-11-11) keyanalyze results (+sigcheck) Message-ID: <20071113044918.GA1416@wilma.widomaker.com> New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2007-11-11/ Signatures are now being checked using keyanalyze+sigcheck: http://keyserver.kjsl.com/~jharris/aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the "permanent" files: 5d12bc2d9592dc211780188afac1c5f2c79b2e0e 15390954 preprocess.keys 46388600277244d5853d7ad9e79438d1e651a2d9 8863477 othersets.txt 0fec2d1c97649a5c87ce4de178f6e99070c33dce 3716540 msd-sorted.txt 8648b6c700e82dc07475a75a21c42a80e0dd2fa0 2281 keyring_stats 05e0b95147210f1283a1b259335c723057bb1225 1458143 msd-sorted.txt.bz2 b70bf3c526a6bb42d997365adc35109c47b327e3 2951370 msd.txt 8554f2ccb5cd26eb974fe8f369591747334896d0 26 other.txt de0b8b3bec31de0eaf4d75aafcf129eb5a2ca61d 1928524 othersets.txt.bz2 07454feac83631fa14acb7f28a70f38e6c4258df 6284426 preprocess.keys.bz2 aa3af20f4947f486b3f97cea2846c7308862f673 15876 status.txt ccef225a9913039308e3a8098355ad0c34fe17bf 194350 top1000table.html 06eee34ef4b44e62ea8569707f594d6bcbedf615 29427 top1000table.html.gz 5323d32e1f5e2fe189dd25f5113e4be1657a21f6 9710 top50table.html 6f84087ba24aebfc637addbe28d8f971fd27197c 2469 D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris at widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 313 bytes Desc: not available Url : /pipermail/attachments/20071112/f012b837/attachment.pgp From wk at gnupg.org Tue Nov 13 09:44:39 2007 From: wk at gnupg.org (Werner Koch) Date: Tue, 13 Nov 2007 09:44:39 +0100 Subject: decrypt In-Reply-To: <8C9F3AEBFCE44F3-C88-3660@Webmail-mg06.sysops.aol.com> (rc647bob@aim.com's message of "Mon, 12 Nov 2007 20:50:49 -0500") References: <8C9E58B5F1CD518-FE8-63CA@WEBMAIL-MA14.sysops.aol.com> <8C9EDDB67A599FD-CE4-3E46@WEBMAIL-DF06.sysops.aol.com> <87fxzkmxp8.fsf@wheatstone.g10code.de> <8C9F3AEBFCE44F3-C88-3660@Webmail-mg06.sysops.aol.com> Message-ID: <87fxzamt54.fsf@wheatstone.g10code.de> On Tue, 13 Nov 2007 02:50, rc647bob at aim.com said: > What command seq. identifies the correct key to use? You don't need to specify the key to be used for decryption. Run with --verbose to see what's going on. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From Abderrahmane.Nitaj at math.unicaen.fr Tue Nov 13 13:06:01 2007 From: Abderrahmane.Nitaj at math.unicaen.fr (Abderrahmane Nitaj) Date: Tue, 13 Nov 2007 13:06:01 +0100 (CET) Subject: Africacrypt 2008, Last Call for Papers Message-ID: <34896.193.49.103.101.1194955561.squirrel@www.math.unicaen.fr> Our apologies if you receive multiple copies of this announcement +-------------------------------------------------------------------------+ ! ! ! Africacrypt 2008 ! ! Casablanca, Maroc ! ! 11-14 Juin 2008 ! ! http://www.africacrypt.org/index_en.htm ! ! ! +-------------------------------------------------------------------------+ Africacrypt 2008 June 11 - 14, Casablanca, Morocco Call for Papers Submission: Nov. 24, 2007 Notification: Feb. 12, 2008 Final version: Mar. 13, 2008 Program Chair: Serge Vaudenay General Chair: Abdelhak Azhari Invited Speakers: T. El Gamal, J. Stern General Information Original papers on all technical aspects of cryptology are solicited for submission to Africacrypt 2008. The conference is organized by the Moroccan Association for Cryptography (AMC) in cooperation with IACR. For more information see http://www.africacrypt.org/cfp.html. The conference seeks original contributions in any area of cryptology or related fields. We welcome submissions about new cryptographic primitive proposals, cryptanalysis, security models, implementation aspects, and applications. We also consider submissions about cryptographic aspects of network security, complexity theory, information theory, coding theory, number theory, and quantum computing. We intend to have special sessions on security and privacy aspects in wireless technologies (including mobile ad hoc networks and RFID) and biometric access control. Instructions for Authors Submissions must not substantially duplicate work that any of the authors has published elsewhere or has submitted in parallel to any other conference or workshop with formally published proceedings. Information about submissions may be shared with program chairs of other conferences for that purpose. Accepted submissions may not appear in any other conference or workshop with proceedings. The submission must be anonymous, with no author names, affiliations, acknowledgments, or obvious references. It should begin with a title, a short abstract, and a list of key words, and its introduction should summarize the contributions of the paper at a level appropriate for a non-specialist reader. Submissions not meeting these guidelines risk rejection without consideration of their merits. Since the final version of accepted papers will have to follow the LNCS guidelines (see http://www.springeronline.com/lncs) with a total page limit of 18 pages including references and appendices, it is advised to submit in the same format. Committee members are not required to review more than that, so the paper should be intelligible and self-contained within this length. Papers must be submitted electronically. A detailed description of the electronic submission procedure is available at http://lasecpc11.epfl.ch/iChair. Submissions must conform to this procedure. Late submissions and non-electronic submissions will not be considered. Authors of accepted papers must guarantee that their paper will be presented at the conference. Conference Proceedings Proceedings are intended to be published in Springer-Verlag's Lecture Notes in Computer Science and will be available at the conference. Instructions about the preparation of a final proceedings version will be sent to the authors of accepted papers. Program Committee Tom Berson (Anagram, USA) Alex Biryukov (University of Luxembourg, Luxembourg) Xavier Boyen (Voltage Inc, USA) Anne Canteaut (INRIA, France) Jean-Marc Couveignes (Toulouse University, France) Mohamed El Marraki (Faculty of Science Rabat, Morrocco) Steven Galbraith (Royal Holloway University of London, UK) Helena Handschuh (Spansion, France) Tetsu Iwata (Nagoya University, Japan) Pascal Junod (Nagracard, Switzerland) Tanja Lange (TU Eindhoven, The Netherlands) Arjen Lenstra (EPFL, Switzerland) Javier Lopez (University of Malaga, Spain) Stefan Lucks (Bauhaus-University Weimar, Germany) Mitsuru Matsui (Mitsubishi Electric Corp, Japan) Alexander May (Bochum University, Germany) Atsuko Miyaji (JAIST, Japan) David Molnar (Berkeley University, USA) Refik Molva (Eurecom, France) Jean Monnerat (UCSD, USA) David Naccache (ENS, France) Raphael Phan (EPFL, Switzerland) Josef Pieprzyk (Macquarie University, Australia) Bart Preneel (K.U.Leuven, Belgium) Jean-Jacques Quisquater (UCL, Belgium) C Pandu Rangan (University of Madras, India) Vincent Rijmen (Graz University of Technology, Austria) Rei Safavi-Naini (University of Calgary, Canada) Louis Salvail (University of Aarhus, Denmark) Ali Aydin Selcuk (Bilkent University, Turkey) Serge Vaudenay (chair) (EPFL, Switzerland) Michael Wiener (Cryptographic Clarity, Canada) Amr Youssef (Concordia University, Canada) Program Chair Serge Vaudenay Ecole Polytechnique F?d?rale de Lausanne I&C - Security and Cryptography Laboratory INF 241 (INF Building), Station 14 CH-1015 Lausanne Switzerland email: Serge.Vaudenay at epfl.ch General Chair Abdelhak Azhari Ecole Normale Sup?rieure de Casablanca Department of Mathematics and Data Processing BP 50069 Casa Gandhi Casablanca Morocco email: aazhari2001 at yahoo.fr From noiano at x-privat.org Tue Nov 13 22:36:30 2007 From: noiano at x-privat.org (Noiano) Date: Tue, 13 Nov 2007 22:36:30 +0100 Subject: GnuPG agent and non-shell application Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi everybody I have GnuPg 1.4.6 installed and I have my .gnupg directory as a symbolic link pointing to an encrypted partition. As soon as I need my keys I mount the encrypted partition and the symbolic link is resolved with no problem. The problem is the use of gnupg agent: I type gpg-agent --daemon > gpg-agent-info so that the variable information are stored to that file. Under my .bashrc I have added the following line "source gpg-agent-info" so that the variable is correctly set up. The problem is the use of gnupg agent with program such as thunderbird, kpgp. They cannot see the variable GPG_AGENT_INFO as all shells do. I cannot set anything in .xsession because the encrypted partition isn't mounted on boot but on demand. Could you please tell me a reasonable solution for this matter? Thanks Noiano -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iE8DBQFHOhje+JjGoasQ6NIRCBF8AN9FzTw8rp8qrLHqV4BKexm3tJTLpb+R2daC E+r9AN0ZW65V9kmV38erjRjA1OOW0ct8M7adKZNojIYW =j0KT -----END PGP SIGNATURE----- From patrick at mozilla-enigmail.org Wed Nov 14 09:17:23 2007 From: patrick at mozilla-enigmail.org (Patrick Brunschwig) Date: Wed, 14 Nov 2007 09:17:23 +0100 Subject: GnuPG agent and non-shell application In-Reply-To: References: Message-ID: Noiano wrote: > Hi everybody > I have GnuPg 1.4.6 installed and I have my .gnupg directory as a > symbolic link pointing to an encrypted partition. As soon as I need > my keys I mount the encrypted partition and the symbolic link is > resolved with no problem. The problem is the use of gnupg agent: I > type gpg-agent --daemon > gpg-agent-info so that the variable > information are stored to that file. Under my .bashrc I have added > the following line "source gpg-agent-info" so that the variable is > correctly set up. > The problem is the use of gnupg agent with program such as > thunderbird, kpgp. They cannot see the variable GPG_AGENT_INFO as > all shells do. I cannot set anything in .xsession because the > encrypted partition isn't mounted on boot but on demand. Could you > please tell me a reasonable solution for this matter? Start Thunderbird (or kgpg) with a wrapper program that checks if gpg-agent is running and if yes export GPG_AGENT_INFO from your gpg-agent-info file. I found that gpg-connect-agent is quite nice to do this. Something like this should do the job: #!/bin/bash source /path/to/gpg-agent-info export GPG_AGENT_INFO gpg-connect-agent < -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, I have already posted on this subject, and thank in advance for guidance. I have gpg and gpg 2 compiled, installed and running under MacOSX Leopard, and Linux Ubuntu 7.10, but I have not succeeded to have it running under Windows. I have imported my keyrings from MacOSX, and they are present. 1. Output with gpg 1.4.7; ================= $ gpg --version gpg (GnuPG) 1.4.7 Copyright (C) 2006 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Home: C:/Documents and Settings/Administrator/Application Data/gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 gpg: conversion from `utf-8' to `CP720' not available gpg: LoadLibrary failed: The system cannot find the file specified. gpg: invalid module `c:\\lib\\gnupg\/usr/local/libexec/gnupg-pcsc-wrapper': The specified module could not be found. ================= The three above warnings prevent commands like gpg --list-keys, or -K to output the desired information. Trying to process an e-mail (e.g. sign) in Thunderbird+Enigmail (current stable releases) output the same warnings. How can I remedy? 2. Output with gpg 2 ==================== $ gpg2 --version gpg (GnuPG) 2.0.7 Copyright (C) 2007 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: C:/Documents and Settings/Administrator/Application Data/gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ELG Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 gpg: conversion from `utf-8' to `CP720' not available =================== There is only the utf warning, and commands like gpg2 --list-keys or -K output the desired information. Trying to process an e-mail (e.g. sign, like in the present case), or decrypt, etc. works properly. How do I get rid of the utf CP720 not available? Or is it important? 3. Finally, I have made an attempt to install MinGW32, I am not sure what the result has been, but it is present when I use gpg2 in Thunderbird+Enigmail. I know I have made quite a mess, so I apologize to the list. Thanks in advance. Charly -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (MingW32) Comment: GnuPG for Privacy Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRzsl6M3GMi2FW4PvAQhk7Qf/YeHWigXFZ01hC/9JRQZIJZT+N3gpyS8X F+Z35cLJxLhncJsrstlcAuC/f0fGp80/KZxcwqDLmVB3LMxkCxmGu2t5IF4nUqBz i1UGTUW8hReP0KagjEVwAu8J7F50PGSvyX+jCLkAwIsinLjWUdQWnJMM2iXh3ovW MCJCUex5qIQnIW47PzRWR5dVcdkr2UMS6TuYhttRdCozWNW4EQmCaCP1Wi9BUFJF pP0NJkgW7PZ9Vags1nf4p40t1q4pJCKVLnSA0iwIQ17sQqwFD12IUvlVqxJ4W7/w 8pH5EZ10IuNPBZUq3SMrhngXR1lRri9+i+61ofwyQzH0hch23H9XGg== =2yxL -----END PGP SIGNATURE----- From shavital at mac.com Wed Nov 14 18:04:51 2007 From: shavital at mac.com (Charly Avital) Date: Wed, 14 Nov 2007 12:04:51 -0500 Subject: Newbie GnuPG under Windows XP Pro - Redux Message-ID: <473B2AB3.2000409@mac.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, I have already posted on this subject, and thank in advance for guidance. I have gpg and gpg 2 compiled, installed and running under MacOSX Leopard, and Linux Ubuntu 7.10, but I have not succeeded to have it running under Windows. I have imported my keyrings from MacOSX, and they are present. 1. Output with gpg 1.4.7\; ================= $ gpg --version gpg (GnuPG) 1.4.7 Copyright (C) 2006 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Home: C:/Documents and Settings/Administrator/Application Data/gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 gpg: conversion from `utf-8' to `CP720' not available gpg: LoadLibrary failed: The system cannot find the file specified. gpg: invalid module `c:\\lib\\gnupg\/usr/local/libexec/gnupg-pcsc-wrapper': The specified module could not be found. ================= The three above warnings prevent commands like gpg --list-keys, or -K to output the desired information. Only the same warnings show. How can I remedy to the above errors? 2. Output with gpg 2 ==================== $ gpg2 --version gpg (GnuPG) 2.0.7 Copyright (C) 2007 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: C:/Documents and Settings/Administrator/Application Data/gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ELG Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 gpg: conversion from `utf-8' to `CP720' not available =================== There is on the utf warning, and commands like gpg2 --list-keys or -K output the desired informatiion 3. Finally, I have attempted to install -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (MingW32) Comment: GnuPG for Privacy Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRzsqss3GMi2FW4PvAQiYLggAi/SO+aLG3f6mFdaJJs5xdYsA+tp1THjg 6kjo48OBttXmH1iysSXAKjDyhh2gn2v1r28N7+YzghAc+IT4NGQpAUdqxde/hjZ3 3eFOxsVHq6mSnPBj2MS+37DHEsEGiwz6aZ8sSylx+9T/wnAy79nIL6ozjoK4x94E AJVfSTbqDIXOohW+xG1IKyn0UC8+mf7dWfCPlAPSnfEqNRbmFmsTaE3tiy31O1Qo fjM3/TKVnGNFDpEtgi6241DWPQXvMcqZgMGBq5pgMO5m8zPJCW1Niyi9OzYsMDtV 2+TV6nh3i96V4eZySzba+cje/k5HYcO72P//liwDNPukRRd83dWumw== =cix2 -----END PGP SIGNATURE----- From JPClizbe at tx.rr.com Wed Nov 14 21:02:44 2007 From: JPClizbe at tx.rr.com (John Clizbe) Date: Wed, 14 Nov 2007 14:02:44 -0600 Subject: Newbie GnuPG under Windows XP Pro - Redux In-Reply-To: <473B260C.3060301@mac.com> References: <473B260C.3060301@mac.com> Message-ID: <473B5464.7040504@tx.rr.com> Charly Avital wrote: > Hi, > > I have already posted on this subject, and thank in advance for guidance. > > I have gpg and gpg 2 compiled, installed and running under MacOSX > Leopard, and Linux Ubuntu 7.10, but I have not succeeded to have it > running under Windows. > > I have imported my keyrings from MacOSX, and they are present. > > 1. Output with gpg 1.4.7; > ================= > gpg: conversion from `utf-8' to `CP720' not available > gpg: LoadLibrary failed: The system cannot find the file specified. > > gpg: invalid module > `c:\\lib\\gnupg\/usr/local/libexec/gnupg-pcsc-wrapper': The > > specified module could not be found. > ================= > The three above warnings prevent commands like gpg --list-keys, or -K to > output the desired information. > Trying to process an e-mail (e.g. sign) in Thunderbird+Enigmail (current > stable releases) output the same warnings. > How can I remedy? Remove the load-extension line from gpg.conf. Win32 GnuPG 1.4 uses the native smart card interface, winscard.dll. Smartcard support in GnuPG 2.x on win32 is still incomplete (Werner, please let me know if this has changed wrt gpg-agent). > 2. Output with gpg 2 > How do I get rid of the utf CP720 not available? Or is it important? I guess it's only important if you use CP720. CP720 is DOS console Arabic support. gpg2 on win32 is still pretty much alpha-ware. While parts of it may work, I'd stick with 1.4.7+. > 3. Finally, I have made an attempt to install MinGW32, I am not sure > what the result has been, but it is present when I use gpg2 in > Thunderbird+Enigmail. MinGW (as well as MSYS) is only needed if you intend on building your own GnuPG 1.4.x on Win32. Note: This is "officially" unsupported. Building the GnuPG 2.x trunk on a win32 buildhost is unsupported > I know I have made quite a mess, so I apologize to the list. No apologies required. -- John P. Clizbe Inet: JPClizbe (a) tx DAWT rr DAHT con Ginger Bear Networks hkp://keyserver.gingerbear.net "Be who you are and say what you feel because those who mind don't matter and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 679 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20071114/d53a67e4/attachment.pgp From shavital at mac.com Wed Nov 14 22:37:47 2007 From: shavital at mac.com (Charly Avital) Date: Wed, 14 Nov 2007 16:37:47 -0500 Subject: Newbie GnuPG under Windows XP Pro - Redux In-Reply-To: <473B5464.7040504@tx.rr.com> References: <473B260C.3060301@mac.com> <473B5464.7040504@tx.rr.com> Message-ID: <473B6AAB.5010609@mac.com> John Clizbe wrote the following on 11/14/07 3:02 PM: > Charly Avital wrote: [...] > Remove the load-extension line from gpg.conf. Win32 GnuPG 1.4 uses the native > smart card interface, winscard.dll. > > Smartcard support in GnuPG 2.x on win32 is still incomplete (Werner, please let > me know if this has changed wrt gpg-agent). Thanks John, In MacOSX or in Ubuntu, I know how to open and edit ~/.gnupg/gpg.conf, where gpg.conf is a text file where from gpg reads its options. I have done it many times, when required. But in Windows, there's something called gpg.conf.exe, which to my still much limited knowledge of Windows, is an executable file, and I have no idea how to actually open it. Sorry for the basic ignorance. > >> 2. Output with gpg 2 >> How do I get rid of the utf CP720 not available? Or is it important? > > I guess it's only important if you use CP720. CP720 is DOS console Arabic support. No I don't use it. But it's still annoying to have this warning show up. > > gpg2 on win32 is still pretty much alpha-ware. While parts of it may work, I'd > stick with 1.4.7+. I would gladly do that, if I only could comment or delete the load-extension line about the wrapper (which should be required, I believe, for the use of smart cards?) > >> 3. Finally, I have made an attempt to install MinGW32, I am not sure >> what the result has been, but it is present when I use gpg2 in >> Thunderbird+Enigmail. > > MinGW (as well as MSYS) is only needed if you intend on building your own GnuPG > 1.4.x on Win32. Note: This is "officially" unsupported. > > Building the GnuPG 2.x trunk on a win32 buildhost is unsupported Well, sometime I'd like to try, if I could only comprehend how cli works in Windows. Even with a very limited knowledge of Unix, I can manage with cli in MacOSX or Ubuntu, but in Windows almost everything I try comes out with 'not known' or a similar output. > >> I know I have made quite a mess, so I apologize to the list. > > No apologies required. Well, gnupg-users is not the appropriate forum for this kind of queries. I am not really a Windows user, nor intend to be. I believe I have already indicated in a previous post that I am running Windows XP Pro, or Ubuntu under a virtualisation program named Parallels Mac, that interacts between Windows or Linux (or for that matter, some other OSs too) and my Intel based computer processor. Thanks for your feedback. Charly From JPClizbe at tx.rr.com Wed Nov 14 23:49:31 2007 From: JPClizbe at tx.rr.com (John Clizbe) Date: Wed, 14 Nov 2007 16:49:31 -0600 Subject: Newbie GnuPG under Windows XP Pro - Redux In-Reply-To: <473B6AAB.5010609@mac.com> References: <473B260C.3060301@mac.com> <473B5464.7040504@tx.rr.com> <473B6AAB.5010609@mac.com> Message-ID: <473B7B7B.9030304@tx.rr.com> Charly Avital wrote: > In MacOSX or in Ubuntu, I know how to open and edit ~/.gnupg/gpg.conf, > where gpg.conf is a text file where from gpg reads its options. I have > done it many times, when required. > > But in Windows, there's something called gpg.conf.exe, which to my still > much limited knowledge of Windows, is an executable file, and I have no > idea how to actually open it. Sorry for the basic ignorance. There is a binary gpgconf.exe installed as part of gpg2 in %PROGRAMFILES%\Gnu\GnuPG gpg.conf is a text file that lives (normally) next to your keyring files in %APPDATA%\GnuPG -- John P. Clizbe Inet: JPClizbe (a) tx DAWT rr DAHT con Ginger Bear Networks hkp://keyserver.gingerbear.net "Be who you are and say what you feel because those who mind don't matter and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 679 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20071114/ad507e5e/attachment-0001.pgp From shavital at mac.com Thu Nov 15 05:37:57 2007 From: shavital at mac.com (Charly Avital) Date: Wed, 14 Nov 2007 23:37:57 -0500 Subject: Newbie GnuPG under Windows XP Pro - Redux In-Reply-To: <473B7B7B.9030304@tx.rr.com> References: <473B260C.3060301@mac.com> <473B5464.7040504@tx.rr.com> <473B6AAB.5010609@mac.com> <473B7B7B.9030304@tx.rr.com> Message-ID: <473BCD25.2060404@mac.com> John Clizbe wrote the following on 11/14/07 5:49 PM: [...] > There is a binary gpgconf.exe installed as part of gpg2 in %PROGRAMFILES%\Gnu\GnuPG > > gpg.conf is a text file that lives (normally) next to your keyring files in > %APPDATA%\GnuPG Thanks John, I'll follow that path. Charly From isr_avi at netvision.net.il Thu Nov 15 11:27:24 2007 From: isr_avi at netvision.net.il (avi israel) Date: Thu, 15 Nov 2007 12:27:24 +0200 Subject: Identify GPG file Message-ID: Hi there, I just started with PGP and GPG. My question is: how can I identify GPG files not by their name (e.g. extension) but by their first bytes or file header. For example ? zip file starts with 'PK' (ASCII). Although searching the web and reading the GPG documentation couldn't find anything. Thanks. From vedaal at hush.com Thu Nov 15 19:56:15 2007 From: vedaal at hush.com (vedaal at hush.com) Date: Thu, 15 Nov 2007 13:56:15 -0500 Subject: Identify GPG file Message-ID: <20071115185615.D5495DA829@mailserver7.hushmail.com> avi israel isr_avi at netvision.net.il wrote on Thu Nov 15 11:27:24 CET 2007 : " ... how can I identify GPG files not by their name (e.g. extension) but by their first bytes or file header. For example ? zip file starts with 'PK' (ASCII). ..." as a general rule, comparing pgp and gnupg encrypted files in ascii armor, the gnupg encrypted message will begin with an 'h' and the pgp one will begin with a 'q' for both v4 rsa and dh keys for v3 keys, pgp will also begin with an 'h' (but *most* of us, with some notable exceptions ;-) don't use v3 keys anymore except when using pgp 2.x ) vedaal -- Click here to double your salary by becoming a medical transcriber. http://tagline.hushmail.com/fc/Ioyw6h4eKoYeGjyfZHRaPkuJICqE1YHfOmDbwoeGdPVtrQwBuW8fYj/ From wk at gnupg.org Fri Nov 16 15:38:52 2007 From: wk at gnupg.org (Werner Koch) Date: Fri, 16 Nov 2007 15:38:52 +0100 Subject: [Announce] GnuPG release candidate 1.4.8 Message-ID: <87d4uaxnk3.fsf@wheatstone.g10code.de> Hi, I just uploaded a release candidate for GnuPG 1.4.8: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.8rc1.tar.bz2 ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.8rc1.tar.bz2.sig If you have problems with 1.4.7, you may want to give it a try. Those who reported build problems should also try to build that one and report if the problems persist (to the gnupg-users ML). Note that the language files are not all updated and our translators may want to check whether they find time to send an update in. There are certainly a couple of bugs not yet fixed as we had not the time to work through all bug reports, please complain if there are important things still not resolved. The actual release of 1.4.8 is planned for December 20. Noteworthy changes in version 1.4.8 (unreleased) ------------------------------------------------ * Changed the license to GPLv3. * Improved detection of keyrings specified multiple times. * Changes to better cope with broken keyservers. * Minor bug fixes. * New option --rfc4880 which is currently identical to --openpgp. Happy hacking, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 1557 bytes Desc: not available Url : /pipermail/attachments/20071116/44d2b766/attachment.bin -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From shavital at mac.com Fri Nov 16 17:35:19 2007 From: shavital at mac.com (Charly Avital) Date: Fri, 16 Nov 2007 11:35:19 -0500 Subject: [Announce] GnuPG release candidate 1.4.8 In-Reply-To: <87d4uaxnk3.fsf@wheatstone.g10code.de> References: <87d4uaxnk3.fsf@wheatstone.g10code.de> Message-ID: <602D4380-4CFA-4DCB-9A58-85CC716226ED@mac.com> On Nov 16, 2007, at 9:38 AM, Werner Koch wrote: > Hi, > > I just uploaded a release candidate for GnuPG 1.4.8: > > ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.8rc1.tar.bz2 > ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.8rc1.tar.bz2.sig > [...] Compiled (with IDEA) on an i386 Intel Core 2 Duo Macbook, running Mac OS 10.5.1 ("Leopard"). No problems while compiling and installing. So far seems to be running fine. Thanks for your work. Charly -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 508 bytes Desc: This is a digitally signed message part Url : /pipermail/attachments/20071116/bcc4990e/attachment.pgp From 210525p42015 at denstarfarm.us Fri Nov 16 20:02:13 2007 From: 210525p42015 at denstarfarm.us (Robert D.) Date: Fri, 16 Nov 2007 14:02:13 -0500 Subject: Odd characters in Thunderbird compose of gnupg Message-ID: <473DE935.6070506@denstarfarm.us> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I had my friend set up her XP machine with Thunderbird and gnupg, based, I believe, on directions obtained here ... so I feel she got the correct pointers. However, she is here right now, and when I watch a compose window in Thunderbird, there is, at the bottom "--" MZ .. then representations of binary ,,, then "this program can not run in dos" then a *HUGE* amount of (likely) code .... then gpg4win-1.1.3.exe and several lines of likely text prompts the compose window is therefore huge and email takes a while to get sliced up for emailing. How best to eliminate this? A total re-install? thanks -----BEGIN PGP SIGNATURE----- Comment: www.denstarfarm.us/Public/P3x759.html iQIVAwUBRz3pNM+FBuO1wKhLAQpffg/7BViV1Zvdpz8zIaTLBTEm+Nungu42TajO +Q2Wh5X1VsX29ZTkx9RbvhhShm8m1ZbZ0gBAVbpWY2AwSkM/6jVnvvutnosHDVYd M6PUQCWDKriBkQ7qy1I/dKo1xgl7vQPpahfoWvdGKbg5uJinInTvkEV2LhST08Jr 5UmAP8afo0HAN74L4t78nlT+jNFvEX63T0U4mAQvm5515GqFBDIIwguAiJga4Uxs vKtTPcSY286/E7FIBh5NsuUV3HBgP9vhAN5ES22F3tdHQIZo6O2DelRJuVzAOeLc GQDdtbFELukTz0nZAsCpEPPHwkXApm5MmpnqJHDSyXUmDo4yNX9GKfejHChpEEvY mP93gtTWFPF8FbChpz7OzHqlZMNIFm42KicdUaJTER90DBqUupl5HHZEKDZQTJTt x65gz4iQFjy9hm3REIH62J9A5MZDejxz2h1flOj43iXsUq6pv3SjW5L0rDXiDI+2 Vd89TS/sNl8/0qO6Xgt5niy8GqOaX99XlIlTZym0DTIuiGoImraUNuES6JZ4EFeL oW4pkCHKtPtXXeBYIcj/6vkC16BKX894ulMH6NHkYW73kx5gOhaF/F6ejLfr1zVb pgmEHHSH15+tcMoKoaR/B4FxtvTIpWLS08WVRbNmCQmo4Ww83HdlRWDdOVDALGz0 8W7kU/mK1U8= =SXvP -----END PGP SIGNATURE----- From jmoore3rd at bellsouth.net Fri Nov 16 21:03:42 2007 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Fri, 16 Nov 2007 15:03:42 -0500 Subject: Strange [to Me] build Problem with MSYS Message-ID: <473DF79E.7040900@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Using MSYS with svn4620 the 'make' bombs in doc with: make[1]: Entering directory `/home/Compaq_Owner/4620/doc' make check-am make[2]: Entering directory `/home/Compaq_Owner/4620/doc' cc -o yat2m ./yat2m.c /bin/sh: cc: command not found make[2]: *** [yat2m] Error 127 make[2]: Leaving directory `/home/Compaq_Owner/4620/doc' make[1]: *** [check] Error 2 make[1]: Leaving directory `/home/Compaq_Owner/4620/doc' make: *** [check-recursive] Error 1 Has anyone else seen this Error? Can anyone offer a Fix? JOHN :-\ Timestamp: Friday 16 Nov 2007, 15:03 --500 (Eastern Standard Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8-svn4616: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: My Homepage: http://tinyurl.com/yzhbhx Comment: MySpace Page: http://www.myspace.com/jmoore3rd iQEcBAEBCgAGBQJHPfebAAoJEBCGy9eAtCsP/bIH/2JMWdWxj/O1xW3jgspVnAT4 4CD9O2/F8fkMIXZnzt0GYhv/Q+kwLC2FwJ84fRpWIsFcZmr+T8lhD9TFn6GcE6Wj TbtZZPdDii1ZCeDEe74Ajv8qJeLtQnvk7kdT2JQkBKDkG9kbM00f+QmW58bPP9h7 qPLEMmngp10ZW8KjVfAwYGQzLDHKg8SW3de6xKGBVYsR7NSHtNGlBPyBBXW/RVn3 k3IMbn1ZVeUW4FVZFJFoLCYvM7C/qtvLOVYrKsRjAV3SnONYSLK3KyMhHOPgLzgX X4dMmCgCIcaSqfpBsFvPMzVyqx3Sl0rOTITzwb2VNYGjuWHTN5DvoZEWbYeCkOc= =ESVu -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Fri Nov 16 22:20:52 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 16 Nov 2007 15:20:52 -0600 Subject: [Announce] GnuPG release candidate 1.4.8 In-Reply-To: <87d4uaxnk3.fsf@wheatstone.g10code.de> References: <87d4uaxnk3.fsf@wheatstone.g10code.de> Message-ID: <473E09B4.40100@sixdemonbag.org> Werner Koch wrote: > I just uploaded a release candidate for GnuPG 1.4.8: Does 1.4.8 fix the Vista problems reported with 1.4.7? From sjlopezb at hackindex.com Fri Nov 16 20:32:37 2007 From: sjlopezb at hackindex.com (=?ISO-8859-15?Q?Santiago_Jos=E9_L=F3pez_Borraz=E1s?=) Date: Fri, 16 Nov 2007 20:32:37 +0100 Subject: [Announce] GnuPG release candidate 1.4.8 In-Reply-To: <602D4380-4CFA-4DCB-9A58-85CC716226ED@mac.com> References: <87d4uaxnk3.fsf@wheatstone.g10code.de> <602D4380-4CFA-4DCB-9A58-85CC716226ED@mac.com> Message-ID: <473DF055.7040103@foo.hackindex.es> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 El 16/11/07 17:35, Charly Avital escribi?: > Compiled (with IDEA) on an i386 Intel Core 2 Duo Macbook, running Mac > OS 10.5.1 ("Leopard"). > No problems while compiling and installing. > So far seems to be running fine. In Debian Etch, ALL compiled and correct. - -- Slds de Santiago Jos? L?pez Borraz?s Conocimientos avanzados en seguridad inform?tica. Conocimientos avanzados en redes. -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJHPfBVAAoJELuF9/q6J55WMMcQAJWBV6LJT4J3jN3pDUvemjyw xXBzLfk7eNiryt624WGyZgrmkqysUTPl/lwmMRwYbCjamLP3F4Ho3SZOAQD9SpUp CI8jUlD3oAl+E0FpTOPx5gzEDJ19TleRJBJNgMBXJRNYzX3vsWwnh3yGUaYerDEg r/l1qLDw6s1KeZG8VoLWJYAN57Sw+NTAPIJU2k7ae/GM/Yo8As4O5LZWY8T549Xu vTgF2F9uXskTP0TZwZaZ/YNkxTkaA2hACkk3HEckU015YY2nWrWXQfiRyjuPqFWc AnR+bddoNGiliW4ZlVNfqkpNzIMOtUC1zi6Z2CV4OhWIZ+o7IrBbQmdDkY5E2Qut SBwLPiZER4rF3XVGO5f5c3Lp4Dy1kMjW/gUVIZ8XLoM2e0wE2Em/5XsDdeG8DcX9 mTqJ1fEUsrcUPYP4hUs/WBCv8hJv8QLr8PFR3+z+p7LycoJkpQ6wqT0w/b9Srf+N BcnPlqY/1/GZWDfSi1PsP9wzUz34P0LF39qO9raT9cceGFYGhpJJr8VqEesIByod fIQ2PPJeEyIAvl+6IbUjtbos3w+4yXCxRY04srX9FR2YgaN8+OP6QBve4Cjdsx9B ClFMXANVOJfUhVzVQ4PgoPV+YhI/4FHaSL3a1Ggi018zA8NAIl/Broz/zPeMTdSM tOcboTgtNu1oLREEno5o =xJo+ -----END PGP SIGNATURE----- From sjlopezb at hackindex.com Fri Nov 16 20:31:58 2007 From: sjlopezb at hackindex.com (=?ISO-8859-15?Q?Santiago_Jos=E9_L=F3pez_Borraz=E1s?=) Date: Fri, 16 Nov 2007 20:31:58 +0100 Subject: [Announce] GnuPG release candidate 1.4.8 In-Reply-To: <87d4uaxnk3.fsf@wheatstone.g10code.de> References: <87d4uaxnk3.fsf@wheatstone.g10code.de> Message-ID: <473DF02E.8000604@foo.hackindex.es> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 El 16/11/07 15:38, Werner Koch escribi?: (...) > The actual release of 1.4.8 is planned for December 20. Compiled for Debian Etch(as gnupg_1.4.8rc_i386.deb). I wait the version final 8-) I will study with great calm how to take it as a bundle, but with the permission added in the executable file/usr/bin/gpg. This does not cost me any work in doing it. They bring me only 3 minutes of nothing. Thank's. - -- Slds de Santiago Jos? L?pez Borraz?s Conocimientos avanzados en seguridad inform?tica. Conocimientos avanzados en redes. -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJHPfAuAAoJELuF9/q6J55Wq1YP/j58zdhHs1tG272psMYrOE0P AU8/4x+kqDh5OcxdIcQGo2PnO8xdS5BZxj1WXZKvPIqyzhRbQiDOKH/H94ToMpdf VgoZbhoDKBFNRyAcAvX2lHMfiscJ9xPLoBmXqqQ1F37FOia6hfh2s4YMLZ0LwYhz Orz78tkjoMrkZgFaFhRoP97Foq8HGXOoY8hQ/d9bcHU0L4JA4DzcxDDnakUb3dM/ FUHXKBnL33INx0s6LsS1+HD9u6B6XbfB7FG/L+K88ZxBib5yMeLFX3v3hOqYArd/ 0162sd1+aDR+7TdJFjnHMWMW5S+41NIF2r2PY26Sg4fODrucOAYLa7/hnthql5ni o57UrbPrdK0y235KINYOXz+B5VPElzTJkTGv4AK4QxxjldhS/K/yXqpBkxLT6siT mAaDh44Fft9ILLbxAX7zXAAivPl9ZQjGCY9yjdWmBU1iTHTpbGMtBV+E8gJES6cR nLCBsh+0oJ4YW3diH5bhfXqXo5Y5qvuxXCbbKajzOusRw5OKeGtEbn4Z/IOQc3Xx 0upG1Db2kT2QnX/aa/s7A1G3P1T1sYHulKfx3MkQj4vUUQlxZMmi2SvTSrymWV49 UJYRNkB6YVru1LmRkM/RSwK6Jt7gsU07fp3BqAZly4j6+ckKgam2d4uAnuIxKR19 9E61LJQgAeIwylzBplPM =H9j1 -----END PGP SIGNATURE----- From John at Mozilla-Enigmail.org Fri Nov 16 22:33:59 2007 From: John at Mozilla-Enigmail.org (John Clizbe) Date: Fri, 16 Nov 2007 15:33:59 -0600 Subject: Odd characters in Thunderbird compose of gnupg In-Reply-To: <473DE935.6070506@denstarfarm.us> References: <473DE935.6070506@denstarfarm.us> Message-ID: <473E0CC7.300@Mozilla-Enigmail.org> Robert D. wrote: > I had my friend set up her XP machine with Thunderbird and gnupg, based, > I believe, on directions obtained here ... so I feel she got the correct > pointers. Mostly likely here: http://enigmail.mozdev.org/gpgconf.html The pointers still look correct. I suspect the execution. > However, she is here right now, and when I watch a compose window in > Thunderbird, there is, at the bottom > > "--" > MZ .. then representations of binary ,,, then "this program can not run > in dos" then a *HUGE* amount of (likely) code .... then > gpg4win-1.1.3.exe and several lines of likely text prompts > > the compose window is therefore huge and email takes a while to get > sliced up for emailing. > > > How best to eliminate this? A total re-install? Or maybe, just an install. gpg4win-1.1.3.exe is the installer, not the actual gpg program. Maybe try the smaller installer from the GnuPG.org site: ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.7.exe It .looks as if your friend has Enigmail configured to run the installer, not the installed program. -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A "what's the key to success?" / "two words: good decisions." "what's the key to good decisions?" / "one word: experience." "how do i get experience?" / "two words: bad decisions." "Just how do the residents of Haiku, Hawai'i hold conversations?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 679 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20071116/d2ac6adc/attachment.pgp From dshaw at jabberwocky.com Fri Nov 16 22:38:18 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Fri, 16 Nov 2007 16:38:18 -0500 Subject: [Announce] GnuPG release candidate 1.4.8 In-Reply-To: <473E09B4.40100@sixdemonbag.org> References: <87d4uaxnk3.fsf@wheatstone.g10code.de> <473E09B4.40100@sixdemonbag.org> Message-ID: <20071116213818.GA31733@jabberwocky.com> On Fri, Nov 16, 2007 at 03:20:52PM -0600, Robert J. Hansen wrote: > Werner Koch wrote: > > I just uploaded a release candidate for GnuPG 1.4.8: > > Does 1.4.8 fix the Vista problems reported with 1.4.7? If you are referring to the keyserver problems under Vista, then yes. David From rc647bob at aim.com Fri Nov 16 22:46:51 2007 From: rc647bob at aim.com (rc647bob at aim.com) Date: Fri, 16 Nov 2007 16:46:51 -0500 Subject: decrypt In-Reply-To: <87fxzamt54.fsf@wheatstone.g10code.de> References: <8C9E58B5F1CD518-FE8-63CA@WEBMAIL-MA14.sysops.aol.com> <8C9EDDB67A599FD-CE4-3E46@WEBMAIL-DF06.sysops.aol.com> <87fxzkmxp8.fsf@wheatstone.g10code.de> <8C9F3AEBFCE44F3-C88-3660@Webmail-mg06.sysops.aol.com> <87fxzamt54.fsf@wheatstone.g10code.de> Message-ID: <8C9F6B154E6E372-17BC-C73@webmail-de14.sysops.aol.com> --verbose says; using secondary key. ? gpg --verbose --decrypt abcba.gpg > abcba.tex -----Original Message----- From: Werner Koch To: rc647bob at aim.com Cc: gnupg-users at gnupg.org Sent: Tue, 13 Nov 2007 3:44 am Subject: Re: decrypt On Tue, 13 Nov 2007 02:50, rc647bob at aim.com said: > What command seq. identifies the correct key to use? You don't need to specify the key to be used for decryption. Run with --verbose to see what's going on. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. ________________________________________________________________________ Check Out the new free AIM(R) Mail -- Unlimited storage and industry-leading spam and email virus protection. From sjlopezb at hackindex.com Fri Nov 16 23:38:25 2007 From: sjlopezb at hackindex.com (=?ISO-8859-15?Q?Santiago_Jos=E9_L=F3pez_Borraz=E1s?=) Date: Fri, 16 Nov 2007 23:38:25 +0100 Subject: decrypt In-Reply-To: <8C9F6B154E6E372-17BC-C73@webmail-de14.sysops.aol.com> References: <8C9E58B5F1CD518-FE8-63CA@WEBMAIL-MA14.sysops.aol.com> <8C9EDDB67A599FD-CE4-3E46@WEBMAIL-DF06.sysops.aol.com> <87fxzkmxp8.fsf@wheatstone.g10code.de> <8C9F3AEBFCE44F3-C88-3660@Webmail-mg06.sysops.aol.com> <87fxzamt54.fsf@wheatstone.g10code.de> <8C9F6B154E6E372-17BC-C73@webmail-de14.sysops.aol.com> Message-ID: <473E1BE1.5050509@foo.hackindex.es> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 El 16/11/07 22:46, rc647bob at aim.com escribi?: > --verbose says; using secondary key. ? > gpg --verbose --decrypt abcba.gpg > abcba.tex Yes. With probe: sjlopezb at smtp:~$ gpg --verbose --armor --encrypt example.txt gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! No ha especificado un ID de usuario (puede usar "-r") Destinatarios actuales: Introduzca ID de usuario. Acabe con una l?nea vac?a: 0xD522C952 gpg: usando subclave B251B09F en vez de clave primaria D522C952 gpg: usando classic como modelo de confianza gpg: Esta clave nos pertenece Destinatarios actuales: 4096g/B251B09F 2002-05-17 "Santiago Jos? L?pez Borraz?s " Introduzca ID de usuario. Acabe con una l?nea vac?a: gpg: leyendo desde 'example.txt' gpg: escribiendo en `example.txt.asc' gpg: ELG-E/TWOFISH cifrado para: "B251B09F Santiago Jos? L?pez Borraz?s " After: gpg --verbose --decrypt example.txt.asc > example.txt gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! gpg: la clave p?blica es B251B09F gpg: usando subclave B251B09F en vez de clave primaria D522C952 Necesita una frase contrase?a para desbloquear la clave secreta del usuario: "Santiago Jos? L?pez Borraz?s " gpg: usando subclave B251B09F en vez de clave primaria D522C952 clave ELG-E de 4096 bits, ID B251B09F, creada el 2002-05-17(ID de clave primaria D522C952) Introduzca frase contrase?a: gpg: cifrado con clave ELG-E de 4096 bits, ID B251B09F, creada el 2002-05-17 "Santiago Jos? L?pez Borraz?s " gpg: datos cifrados TWOFISH gpg: nombre fichero original='example.txt' Jeje! Quite easy! ;8-)) - -- Slds de Santiago Jos? L?pez Borraz?s Conocimientos avanzados en seguridad inform?tica. Conocimientos avanzados en redes. -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJHPhvgAAoJELuF9/q6J55Wln4P/3MPntdDdGH9MIIUor0eonwx hswPSSO0q+R0Qk7Fp+GCaKHLyp4KK0NvogC7Otp5qkL9IbfdDwTcMu3Z2R5x4ig3 lqHhUu2xjmB1qA+IKpBn/unUWD1wmXrkRuzh206okwyPh4XqJgdN8Xz1lBiYZW10 IG31KY2iuahMfMjEsuMFF8h7ntSFXQpc/1qK0t2uqBMvi2NBtZmibKgpMl0RiI7Y 1K2jV4iPuQJPCskuOTFFmwQeN3JtkPWoujH2GX0zkMSzFGqFNj7I/cddeBxLsAlM zNbCXNyszcw7WbTnvE32d9EJ0eso7XCV1C7q7CVIIv1GxfocOtJjzPOe6YRbvPPC 2e1U8xa09JlWJtLQYEyCTs2oyIcCMKRPULsH32pPiaiwL3D/RHr4SJeSZoC6YHIc T2+eu3KShcMhz4/BaCs7z6p4MRTYMZTqsgxyWh42t3zvbDyErhHLyFofuMsfuL4J L2IvYEfsBUKco6M/9nUD3V4YLMaWHZ6xDCtfnTnt/JJTlUDueeU5b1Sz8F4t6KX3 yu/39Od5xhMCKwdI1RcJufyWVYLJcXqR9wNyKvVeA/yE29F+5AkwcWRpisgJs0Vh t/IidcyFx3JQhRi3cHFPByn9GqPoItsYwu1otS9Ljqxn642bBKVpQA1eBOtg5aNR vFhLkPqbEock4RIJ0PmL =GMut -----END PGP SIGNATURE----- From jmoore3rd at bellsouth.net Sat Nov 17 00:12:29 2007 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Fri, 16 Nov 2007 18:12:29 -0500 Subject: Build Fail (cont) Message-ID: <473E23DD.9030809@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 While I was checking for the 'first cause' of the previous Failure I discovered this: make[2]: Entering directory `/home/Compaq_Owner/4620/doc' : Warning: missing faqprog.pl, cannot make FAQ echo "No FAQ due to missing faqprog.pl" > FAQ echo "See ftp://ftp.gnupg.org/gcrypt/contrib/faqprog.pl" >> FAQ : Warning: missing faqprog.pl, cannot make faq.html echo "No faq.html due to missing faqprog.pl" > faq.html echo "See ftp://ftp.gnupg.org/gcrypt/contrib/faqprog.pl" >> faq.html Would this indicate a problem in automake? JOHN :( Timestamp: Friday 16 Nov 2007, 18:12 --500 (Eastern Standard Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8-svn4616: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: My Homepage: http://tinyurl.com/yzhbhx Comment: MySpace Page: http://www.myspace.com/jmoore3rd iQEcBAEBCgAGBQJHPiPbAAoJEBCGy9eAtCsPYvoH/0ZfJUYv/PpSAKAoM9YJmBM1 dJN3NSo+TqX5I32DcWrQE1jgPpKb9L4PXXyOAS3AbJ56pzzP/P5L8Dmh052muTjZ 7D4ekhSqvNaav+Nla10J265WoADRrYydz2GApjsWW1x9Wo1QIpASecklNmw+CxYF IkSVkBmNb+LjNMDg0+sJDKqStDVJ0sgqQGoId51jNzRLgN/ARtuZlE9j+W5VSiBc a423I2ohE+TApjky7/QmOVi6d0iBzL2rKWkB4ehYmCoxn56t8zjIusigyPfRdzVV tKtzTmCBW7PIYJscitMGi3zPJflwdISmtsi6cOdvDfyCVk7KqXwZ9QLwDDQK7No= =XL28 -----END PGP SIGNATURE----- From jmoore3rd at bellsouth.net Sat Nov 17 00:43:03 2007 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Fri, 16 Nov 2007 18:43:03 -0500 Subject: Build Fail (cont) In-Reply-To: <473E28B1.8040601@tx.rr.com> References: <473E23DD.9030809@bellsouth.net> <473E28B1.8040601@tx.rr.com> Message-ID: <473E2B07.5010303@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 John Clizbe wrote: > John W. Moore III wrote: >> While I was checking for the 'first cause' of the previous Failure I >> discovered this: >> >> make[2]: Entering directory `/home/Compaq_Owner/4620/doc' >> : Warning: missing faqprog.pl, cannot make FAQ >> echo "No FAQ due to missing faqprog.pl" > FAQ >> echo "See ftp://ftp.gnupg.org/gcrypt/contrib/faqprog.pl" >> FAQ >> : Warning: missing faqprog.pl, cannot make faq.html >> echo "No faq.html due to missing faqprog.pl" > faq.html >> echo "See ftp://ftp.gnupg.org/gcrypt/contrib/faqprog.pl" >> faq.html >> >> >> Would this indicate a problem in automake? > > Possibly. Which version are you running. > > BTW: ftp://ftp.gnupg.org/gcrypt/contrib/faqprog.pl > version 1.9.6 JOHN :-\ Timestamp: Friday 16 Nov 2007, 18:42 --500 (Eastern Standard Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8-svn4616: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: My Homepage: http://tinyurl.com/yzhbhx Comment: MySpace Page: http://www.myspace.com/jmoore3rd iQEcBAEBCgAGBQJHPisGAAoJEBCGy9eAtCsPKyUH/39i2LV8PsdTVXtP0qNdO1AY DSQNioEuHDhpgTJ5mSlcg/20RxO/9If8KPD7BaMbFOh4O5hPowWhrUuTKzNheDcW BLADy0ozwV4dqAby91eFp5VpbduXTZzq7Mdb7viwYjAHqRTnE1lh/8W8Inm8wrOR c2gbXEj27b9ddot9n0NoggIGDHFgT/1urkGNM2rXbXSnHlDu4UItsvGMibhPPsiK ltmOAHCQQ5XKQTEgWQV4/pBJRbFAMg8gmFi0EAJh42a0DAS0JJPE3dD0CCn+mrcj sAcXLQ5vvTWUkHe9tq8imMKNtChN7LluQVhdFLzFIONlqIOm7yhUD6/PkrT06Vs= =rXVK -----END PGP SIGNATURE----- From JPClizbe at tx.rr.com Sat Nov 17 00:33:05 2007 From: JPClizbe at tx.rr.com (John Clizbe) Date: Fri, 16 Nov 2007 17:33:05 -0600 Subject: Build Fail (cont) In-Reply-To: <473E23DD.9030809@bellsouth.net> References: <473E23DD.9030809@bellsouth.net> Message-ID: <473E28B1.8040601@tx.rr.com> John W. Moore III wrote: > While I was checking for the 'first cause' of the previous Failure I > discovered this: > > make[2]: Entering directory `/home/Compaq_Owner/4620/doc' > : Warning: missing faqprog.pl, cannot make FAQ > echo "No FAQ due to missing faqprog.pl" > FAQ > echo "See ftp://ftp.gnupg.org/gcrypt/contrib/faqprog.pl" >> FAQ > : Warning: missing faqprog.pl, cannot make faq.html > echo "No faq.html due to missing faqprog.pl" > faq.html > echo "See ftp://ftp.gnupg.org/gcrypt/contrib/faqprog.pl" >> faq.html > > > Would this indicate a problem in automake? Possibly. Which version are you running. BTW: ftp://ftp.gnupg.org/gcrypt/contrib/faqprog.pl -- John P. Clizbe Inet: JPClizbe(a) tx DAWT rr DAHT con Ginger Bear Networks PGP/GPG KeyID: 0x608D2A10 "Be who you are and say what you feel because those who mind don't matter and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 679 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20071116/1d987422/attachment-0001.pgp From John at Mozilla-Enigmail.org Fri Nov 16 22:26:53 2007 From: John at Mozilla-Enigmail.org (John Clizbe) Date: Fri, 16 Nov 2007 15:26:53 -0600 Subject: [Announce] GnuPG release candidate 1.4.8 In-Reply-To: <87d4uaxnk3.fsf@wheatstone.g10code.de> References: <87d4uaxnk3.fsf@wheatstone.g10code.de> Message-ID: <473E0B1D.7040506@Mozilla-Enigmail.org> Werner Koch wrote: > Hi, > > I just uploaded a release candidate for GnuPG 1.4.8: > > ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.8rc1.tar.bz2 > ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.8rc1.tar.bz2.sig [...] > > Noteworthy changes in version 1.4.8 (unreleased) > ------------------------------------------------ > > * Changed the license to GPLv3. > > * Improved detection of keyrings specified multiple times. > > * Changes to better cope with broken keyservers. > > * Minor bug fixes. > > * New option --rfc4880 which is currently identical to --openpgp. * Support For Windows Vista? Any chance for a Windows Binary installer? I didn't see one in ./alpha/binary. I've seen a couple request for the patched image that used to be in /scratch in the last week. Thanks Werner and team. -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A "what's the key to success?" / "two words: good decisions." "what's the key to good decisions?" / "one word: experience." "how do i get experience?" / "two words: bad decisions." "Just how do the residents of Haiku, Hawai'i hold conversations?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 679 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20071116/42ed7fb1/attachment.pgp From alon.barlev at gmail.com Fri Nov 16 23:38:24 2007 From: alon.barlev at gmail.com (Alon Bar-Lev) Date: Sat, 17 Nov 2007 00:38:24 +0200 Subject: [Announce] GnuPG release candidate 1.4.8 In-Reply-To: <87d4uaxnk3.fsf@wheatstone.g10code.de> References: <87d4uaxnk3.fsf@wheatstone.g10code.de> Message-ID: <9e0cf0bf0711161438o2258b1e6mfeaabeb46876f186@mail.gmail.com> Hi! Can you please verify that you solve/address the following issues: http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-crypt/gnupg/files/gnupg-1.4.3-keyserver.patch?rev=1.1 http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-crypt/gnupg/files/gnupg-1.4.3-selftest.patch?rev=1.1 http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-crypt/gnupg/files/gnupg-1.4.6-badruman.patch?rev=1.1 There was also an issue with PIC: sed -i -e 's:PIC:__PIC__:' mpi/i386/mpih-{add,sub}1.S intl/relocatable.c sed -i -e 's:if PIC:ifdef __PIC__:' mpi/sparc32v8/mpih-mul{1,2}.S You can see some other issues we had with previous release, maybe some are not needed. http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-crypt/gnupg/gnupg-1.4.7-r1.ebuild?rev=1.10 Best Regards, Alon Bar-Lev. On 11/16/07, Werner Koch wrote: > Hi, > > I just uploaded a release candidate for GnuPG 1.4.8: > > ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.8rc1.tar.bz2 > ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.8rc1.tar.bz2.sig > > If you have problems with 1.4.7, you may want to give it a try. Those > who reported build problems should also try to build that one and report > if the problems persist (to the gnupg-users ML). > > Note that the language files are not all updated and our translators may > want to check whether they find time to send an update in. There are > certainly a couple of bugs not yet fixed as we had not the time to work > through all bug reports, please complain if there are important things > still not resolved. > > The actual release of 1.4.8 is planned for December 20. > > > Noteworthy changes in version 1.4.8 (unreleased) > ------------------------------------------------ > > * Changed the license to GPLv3. > > * Improved detection of keyrings specified multiple times. > > * Changes to better cope with broken keyservers. > > * Minor bug fixes. > > * New option --rfc4880 which is currently identical to --openpgp. > > > > Happy hacking, > > Werner > > > -- > Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. > > _______________________________________________ > Gnupg-announce mailing list > Gnupg-announce at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-announce > > _______________________________________________ > Gnupg-devel mailing list > Gnupg-devel at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-devel > > > From 210525p42015 at denstarfarm.us Sat Nov 17 04:24:44 2007 From: 210525p42015 at denstarfarm.us (Robert D.) Date: Fri, 16 Nov 2007 22:24:44 -0500 Subject: Odd characters in Thunderbird compose of gnupg In-Reply-To: <473E0CC7.300@Mozilla-Enigmail.org> References: <473DE935.6070506@denstarfarm.us> <473E0CC7.300@Mozilla-Enigmail.org> Message-ID: <473E5EFC.2000406@denstarfarm.us> John Clizbe said the following: > It .looks as if your friend has Enigmail configured to run the installer, not > the installed program. did a re-install from your links and we both can send back and forth encrypted, jut fine now. However, this started a different problem on her XP machine. Namely, from a command prompt, typing in gpg yields an error stating that gpg isn't registered or available or located or whatever. I took it to mean that gpg hadn't added the sys var stating its true folder location ... but his didn't exist earlier. how to fix that one? -- Apple OS/X From SeidlS at schneider.com Sat Nov 17 00:06:16 2007 From: SeidlS at schneider.com (SeidlS at schneider.com) Date: Fri, 16 Nov 2007 17:06:16 -0600 Subject: Scott Seidl/Schneider is out of the office. Message-ID: I will be out of the office starting 11/16/2007 and will not return until 11/21/2007. I will return your message when I get back. Thanks From bahamut at digital-signal.net Sat Nov 17 17:57:36 2007 From: bahamut at digital-signal.net (Andrew Berg) Date: Sat, 17 Nov 2007 10:57:36 -0600 Subject: Odd characters in Thunderbird compose of gnupg In-Reply-To: <473E5EFC.2000406@denstarfarm.us> References: <473DE935.6070506@denstarfarm.us> <473E0CC7.300@Mozilla-Enigmail.org> <473E5EFC.2000406@denstarfarm.us> Message-ID: <473F1D80.5050500@digital-signal.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Robert D. wrote: > However, this started a different problem on her XP machine. Namely, > from a command prompt, typing in gpg yields an error stating that gpg > isn't registered or available or located or whatever. > > I took it to mean that gpg hadn't added the sys var stating its true > folder location ... but his didn't exist earlier. It's not in the path. Unlike Mac OS X, installed programs have the executable in their own little directories. There isn't a central directory for executables (like /usr/bin) that would be set as a path. You can: - add the directory in which gpg.exe exists to %path% (I forget the directory since I don't use the standard directory in %programfiles%)* - copy gpg and the other related executables to a directory already in %path% (e.g. %windir%\system32) *recommended One way to do the recommended action is to go to Control Panel -> System -> Advanced -> Environment variables. From there, you need to modify the %path% variable. This is located under System Variables. Just add a semicolon followed by the directory where GPG is. This modifies the path for all users and requires admin rights. You can add the directory specifically for the current user by adding a variable named "Path" (if it doesn't already exist) to User Variables and setting it to %path%;[GPG directory]. There is also the set command, but I'm not sure if it modifies the user's path or the system's path. - -- Windows NT 5.1.2600.2180 | Thunderbird 2.0.0.6 | Enigmail 0.95.5 | GPG 1.4.7 Key ID: 0xF88E034060A78FCB - available on major keyservers and upon request Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRz8df/iOA0Bgp4/LAQOCiQf/f/2prFrUm+jr1IQ0Bf/a/iodE2D5WK46 MpmgSiPFxCNJJSQG/PQ/EwGWMK5+4p+V9aUzGZLCaJRDnNJjTsWz1Tt5KkPJHcFS dr1kD7swmsn2b9/9CSanqBDZYWiUWkUVjbmz5fEp/JM2yUNCsG2i9xqExwlAXUOG 64hhzTemCDeHcb7BCMvUMFqzE3vue3omSh/qwK6Z5A6N+BKMfBACimoLTArioYhS bVM+hHKhs0mXfKWVWcTIisAFrBpbNhqhi8N4m9klTrCj9guaFPpr1t4+xlBhvy8A XVfwPgbHLtq45CiAYvPQV2PqXPnPc/AlauXjkv97kGnW5bSQnqnyig== =Vste -----END PGP SIGNATURE----- From thomas-pries at web.de Sun Nov 18 00:39:56 2007 From: thomas-pries at web.de (Thomas Pries) Date: Sun, 18 Nov 2007 00:39:56 +0100 Subject: Decrypt problem with large file Message-ID: <200711180039.56797.thomas-pries@web.de> Hello, I encrypted a 420GB tgz-archive under SuSE 10.1 Linux with: gpg -o /USBDISK/anc.tgz.gpg -c --ciper-algo AES256 abc.tgz a few days later I try to decrypt the file on the same computer via: gpg -d <./abc.tgz.gpg >./abc_a.tgz this decryption faild with errormessage: :symkey enc packet: version 4, cipher 9, s2k 3, hash 2 salt 43b51101569918f8, count 96 gpg: AES256 encrypted data :encrypted data packet: length: unknown mdc_method: 2 gpg: encrypted with 1 passphrase :literal data packet: mode b (62), created 1193559656, name="abc.tgz", raw data: unknown length gpg: original file name='abc.tgz' gpg: packet(14) with unknown version 26 gpg: WARNING: encrypted message has been manipulated! gpg: packet(6) with unknown version 139 I repeated the decryption with different gpg versions (1.4.2, 2.0.4) on Linux and Windows but always the same error. I tryed --ignore-crc-error and --ignore-mdc-error but the decryption always failed. I found a thread discussing a similar decryption problem in the Gnupg-users mail-archive from Oct 2005, but this thread focuses on the WinXP problem with large files an did not help solving my problem. Is there any possibility to recover my data? Greetings Thomas From wk at gnupg.org Sun Nov 18 17:02:50 2007 From: wk at gnupg.org (Werner Koch) Date: Sun, 18 Nov 2007 17:02:50 +0100 Subject: Strange [to Me] build Problem with MSYS In-Reply-To: <473DF79E.7040900@bellsouth.net> (John W. Moore, III's message of "Fri, 16 Nov 2007 15:03:42 -0500") References: <473DF79E.7040900@bellsouth.net> Message-ID: <87bq9rwnh1.fsf@wheatstone.g10code.de> On Fri, 16 Nov 2007 21:03, jmoore3rd at bellsouth.net said: > /bin/sh: cc: command not found cc needs to be installed on any POSIX development systems (Not sure whether this is really in the spec, but it has a 30+ years tradition). It is used here to create a binary on the build host and not on the the we are building for. For our pusposes it should be at least a K&R C compiler which undertstands prototypes (all CC compilers do to this since about the mid-80ies.) Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wk at gnupg.org Sun Nov 18 17:03:20 2007 From: wk at gnupg.org (Werner Koch) Date: Sun, 18 Nov 2007 17:03:20 +0100 Subject: Build Fail (cont) In-Reply-To: <473E23DD.9030809@bellsouth.net> (John W. Moore, III's message of "Fri, 16 Nov 2007 18:12:29 -0500") References: <473E23DD.9030809@bellsouth.net> Message-ID: <877ikfwng7.fsf@wheatstone.g10code.de> On Sat, 17 Nov 2007 00:12, jmoore3rd at bellsouth.net said: > Would this indicate a problem in automake? No. The FAQ won't get formatted, though. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wk at gnupg.org Mon Nov 19 11:17:19 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 19 Nov 2007 11:17:19 +0100 Subject: [Announce] GnuPG release candidate 1.4.8 In-Reply-To: <473E0B1D.7040506@Mozilla-Enigmail.org> (John Clizbe's message of "Fri, 16 Nov 2007 15:26:53 -0600") References: <87d4uaxnk3.fsf@wheatstone.g10code.de> <473E0B1D.7040506@Mozilla-Enigmail.org> Message-ID: <87ve7ytu8g.fsf@wheatstone.g10code.de> On Fri, 16 Nov 2007 22:26, John at Mozilla-Enigmail.org said: > Any chance for a Windows Binary installer? I didn't see one in ./alpha/binary. > > I've seen a couple request for the patched image that used to be in /scratch in > the last week. I will consider this. Actually I am thinking of dropping the little installer we are using for years now and instead provide a really stripped down version of gpg4win - with just gpg. That would make it easier to just maintain one installer script. This allows allows for the wrapper and the public PATH. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wk at gnupg.org Mon Nov 19 11:30:14 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 19 Nov 2007 11:30:14 +0100 Subject: [Announce] GnuPG release candidate 1.4.8 In-Reply-To: <9e0cf0bf0711161438o2258b1e6mfeaabeb46876f186@mail.gmail.com> (Alon Bar-Lev's message of "Sat, 17 Nov 2007 00:38:24 +0200") References: <87d4uaxnk3.fsf@wheatstone.g10code.de> <9e0cf0bf0711161438o2258b1e6mfeaabeb46876f186@mail.gmail.com> Message-ID: <87r6imttmx.fsf@wheatstone.g10code.de> On Fri, 16 Nov 2007 23:38, alon.barlev at gmail.com said: > http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-crypt/gnupg/files/gnupg-1.4.3-keyserver.patch?rev=1.1 I can't see for what this patch is good for: - if(strcmp(type,"ldaps")==0) + if(strcmp(type,"ldap")==0) + return "ldap"; + else if(strcmp(type,"ldaps")==0) return "ldap"; else return type; The check for "ldap" seems to be superflous as it is a NOP. > http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-crypt/gnupg/files/gnupg-1.4.3-selftest.patch?rev=1.1 - echo "../g10/gpg --no-options --no-greeting \ + echo "../g10/gpg --no-options --no-greeting --homedir . \ --no-secmem-warning --batch --dearmor" >>./gpg_dearmor chmod 755 ./gpg_dearmor + if test ! -f ./pubring.gpg; then touch -t 197001020000 ./pubring.gpg; fi + if test ! -f ./secring.gpg; then touch -t 197001020000 ./secring.gpg; fi Please explain. > http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-crypt/gnupg/files/gnupg-1.4.6-badruman.patch?rev=1.1 I can't see any problem with gpg.ru. BTW, it would make thing much easier if the pacthes are creasted with description. > There was also an issue with PIC: > sed -i -e 's:PIC:__PIC__:' mpi/i386/mpih-{add,sub}1.S intl/relocatable.c > sed -i -e 's:if PIC:ifdef __PIC__:' mpi/sparc32v8/mpih-mul{1,2}.S Please send a more detailed bug report. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From rc647bob at aim.com Mon Nov 19 18:35:49 2007 From: rc647bob at aim.com (rc647bob at aim.com) Date: Mon, 19 Nov 2007 12:35:49 -0500 Subject: decrypt Message-ID: <8C9F8E9C268940F-5D4-5D22@WEBMAIL-MB21.sysops.aol.com> I actually used those instructions and options, except not with armor. However, its still not decrypting the text file. I've been reading the documentation and news articles, but precise use is new material for me, thx. This is the output I have: [abcba at neptune work1]$ gpg --verbose -d --output - mytest-1.cpp.gpg > mytest-1.cpp gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information gpg: public key is 1A191739 gpg: using secondary key 1A191739 instead of primary key 562D0500 You need a passphrase to unlock the secret key for user: "ABCBA (May 25, 2007) " gpg: using secondary key 1A191739 instead of primary key 562D0500 2048-bit ELG-E key, ID 1A191739, created 2007-05-27 (main key ID 562D0500) gpg: encrypted with 2048-bit ELG-E key, ID 1A191739, created 2007-05-27 "ABCBA (May 25, 2007) " gpg: AES256 encrypted data gpg: original file name='mytest-1.cpp' [abcba at neptune work1]$ ls -l mytest-1.cpp -rw-rw-r-- 1 abcba abcba 0 Nov 19 11:44 mytest-1.cpp [abcba at neptune work1]$ gpg --list-keys gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information /home/abcba/.gnupg/pubring.gpg ------------------------------- pub 1024D/562D0500 2007-05-27 ABCBA (May 25, 2007) sub 2048g/1A191739 2007-05-27 pub 1024D/7684A00D 2007-06-12 ABCBA (s) sub 1024g/56FD3CFA 2007-06-12 pub 1024D/4EA579C7 2007-07-27 ABCBA_1 sub 1024g/2DCBEAE5 2007-07-27 [abcba at neptune work1]$ gpg --list-secret-keys gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information /home/abcba/.gnupg/secring.gpg ------------------------------- sec 1024D/562D0500 2007-05-27 ABCBA (May 25, 2007) ssb 2048g/1A191739 2007-05-27 sec 1024D/7684A00D 2007-06-12 ABCBA (s) ssb 1024g/56FD3CFA 2007-06-12 sec 1024D/4EA579C7 2007-07-27 ABCBA_1 ssb 1024g/2DCBEAE5 2007-07-27 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 El 16/11/07 22:46, rc647bob at aim.com escribi?: > --verbose says; using secondary key. ? > gpg --verbose --decrypt abcba.gpg > abcba.tex Yes. With probe: sjlopezb at smtp:~$ gpg --verbose --armor --encrypt example.txt gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! No ha especificado un ID de usuario (puede usar "-r") Destinatarios actuales: Introduzca ID de usuario. Acabe con una l?nea vac?a: 0xD522C952 gpg: usando subclave B251B09F en vez de clave primaria D522C952 gpg: usando classic como modelo de confianza gpg: Esta clave nos pertenece Destinatarios actuales: 4096g/B251B09F 2002-05-17 "Santiago Jos? L?pez Borraz?s " Introduzca ID de usuario. Acabe con una l?nea vac?a: gpg: leyendo desde 'example.txt' gpg: escribiendo en `example.txt.asc' gpg: ELG-E/TWOFISH cifrado para: "B251B09F Santiago Jos? L?pez Borraz?s " After: gpg --verbose --decrypt example.txt.asc > example.txt gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! gpg: la clave p?blica es B251B09F gpg: usando subclave B251B09F en vez de clave primaria D522C952 Necesita una frase contrase?a para desbloquear la clave secreta del usuario: "Santiago Jos? L?pez Borraz?s " gpg: usando subclave B251B09F en vez de clave primaria D522C952 clave ELG-E de 4096 bits, ID B251B09F, creada el 2002-05-17(ID de clave primaria D522C952) Introduzca frase contrase?a: gpg: cifrado con clave ELG-E de 4096 bits, ID B251B09F, creada el 2002-05-17 "Santiago Jos? L?pez Borraz?s " gpg: datos cifrados TWOFISH gpg: nombre fichero original='example.txt' Jeje! Quite easy! ;8-)) - -- Slds de Santiago Jos? L?pez Borraz?s Conocimientos avanzados en seguridad inform?tica. Conocimientos avanzados en redes. -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJHPhvgAAoJELuF9/q6J55Wln4P/3MPntdDdGH9MIIUor0eonwx hswPSSO0q+R0Qk7Fp+GCaKHLyp4KK0NvogC7Otp5qkL9IbfdDwTcMu3Z2R5x4ig3 lqHhUu2xjmB1qA+IKpBn/unUWD1wmXrkRuzh206okwyPh4XqJgdN8Xz1lBiYZW10 IG31KY2iuahMfMjEsuMFF8h7ntSFXQpc/1qK0t2uqBMvi2NBtZmibKgpMl0RiI7Y 1K2jV4iPuQJPCskuOTFFmwQeN3JtkPWoujH2GX0zkMSzFGqFNj7I/cddeBxLsAlM zNbCXNyszcw7WbTnvE32d9EJ0eso7XCV1C7q7CVIIv1GxfocOtJjzPOe6YRbvPPC 2e1U8xa09JlWJtLQYEyCTs2oyIcCMKRPULsH32pPiaiwL3D/RHr4SJeSZoC6YHIc T2+eu3KShcMhz4/BaCs7z6p4MRTYMZTqsgxyWh42t3zvbDyErhHLyFofuMsfuL4J L2IvYEfsBUKco6M/9nUD3V4YLMaWHZ6xDCtfnTnt/JJTlUDueeU5b1Sz8F4t6KX3 yu/39Od5xhMCKwdI1RcJufyWVYLJcXqR9wNyKvVeA/yE29F+5AkwcWRpisgJs0Vh t/IidcyFx3JQhRi3cHFPByn9GqPoItsYwu1otS9Ljqxn642bBKVpQA1eBOtg5aNR vFhLkPqbEock4RIJ0PmL =GMut -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ________________________________________________________________________ Check Out the new free AIM(R) Mail -- Unlimited storage and industry-leading spam and email virus protection. From alon.barlev at gmail.com Mon Nov 19 20:28:13 2007 From: alon.barlev at gmail.com (Alon Bar-Lev) Date: Mon, 19 Nov 2007 21:28:13 +0200 Subject: [Announce] GnuPG release candidate 1.4.8 In-Reply-To: <87r6imttmx.fsf@wheatstone.g10code.de> References: <87d4uaxnk3.fsf@wheatstone.g10code.de> <9e0cf0bf0711161438o2258b1e6mfeaabeb46876f186@mail.gmail.com> <87r6imttmx.fsf@wheatstone.g10code.de> Message-ID: <9e0cf0bf0711191128x109e63f4tff99d4adfc405e58@mail.gmail.com> On Nov 19, 2007 12:30 PM, Werner Koch wrote: > On Fri, 16 Nov 2007 23:38, alon.barlev at gmail.com said: > BTW, it would make thing much easier if the pacthes are creasted with > description. You are correct... I started maintaining since 1.9... So these are older... I will try my best to determine what happened back then. > > http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-crypt/gnupg/files/gnupg-1.4.3-keyserver.patch?rev=1.1 > > I can't see for what this patch is good for: Agreed. > > http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-crypt/gnupg/files/gnupg-1.4.3-selftest.patch?rev=1.1 > > - echo "../g10/gpg --no-options --no-greeting \ > + echo "../g10/gpg --no-options --no-greeting --homedir . \ > --no-secmem-warning --batch --dearmor" >>./gpg_dearmor > chmod 755 ./gpg_dearmor > + if test ! -f ./pubring.gpg; then touch -t 197001020000 ./pubring.gpg; fi > + if test ! -f ./secring.gpg; then touch -t 197001020000 ./secring.gpg; fi > > Please explain. Will test again... But as it seems there was a problem in using the homedir of package management user... > > > http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-crypt/gnupg/files/gnupg-1.4.6-badruman.patch?rev=1.1 > > I can't see any problem with gpg.ru. Will try. > > There was also an issue with PIC: > > sed -i -e 's:PIC:__PIC__:' mpi/i386/mpih-{add,sub}1.S intl/relocatable.c > > sed -i -e 's:if PIC:ifdef __PIC__:' mpi/sparc32v8/mpih-mul{1,2}.S > > Please send a more detailed bug report. As far as I tested, gcc defines __PIC__ when you use -fPIC not PIC. Does it different at your side? Best Regards, Alon Bar-Lev. From 210525p42015 at denstarfarm.us Tue Nov 20 01:53:32 2007 From: 210525p42015 at denstarfarm.us (Robert D.) Date: Mon, 19 Nov 2007 19:53:32 -0500 Subject: Enigmail.js errors seen on Console log Message-ID: <4742300C.3060509@denstarfarm.us> Mac OS/X btw I was just looking at the Apple's Console log and saw these. I was wondering what caused them and what I could set to "not" cause them thanks ... 2007-11-19 18:53:55.157 enigmail.js: Enigmail.parseErrorOutput: 2007-11-19 18:53:55.157 enigmail.js: Enigmail.parseErrorOutput: statusFlags = 00000004 2007-11-19 18:53:55.158 gpg: Signature made Fri Nov 16 17:38:24 2007 EST using RSA key ID BA279E56 gpg: WARNING: signature digest conflict in message gpg: Can't check signature: general error 2007-11-19 18:53:55.158 enigmail.js: Enigmail.stillActive: 2007-11-19 18:53:55.158 enigmail.js: Enigmail.decryptMessageEnd: Error in command execution From rjh at sixdemonbag.org Tue Nov 20 02:18:06 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 19 Nov 2007 19:18:06 -0600 Subject: Enigmail.js errors seen on Console log In-Reply-To: <4742300C.3060509@denstarfarm.us> References: <4742300C.3060509@denstarfarm.us> Message-ID: <474235CE.2070607@sixdemonbag.org> Robert D. wrote: > I was just looking at the Apple's Console log and saw these. I was > wondering what caused them and what I could set to "not" cause them These errors occur when the digest algorithm the message claims it's using isn't the same as the one it's actually using; or if it uses an algorithm other than one which must be used. E.g., you could (pre-DSA2 support in GnuPG) get this error message if you attempted to process a message that had a DSA signature using SHA256 as opposed to SHA-1 or RIPEMD160. Looking at key 0xBA279E56, it appears to be a DSA-1024 signing key. How much do you want to bet they're using DSA2 and you don't have enable-dsa2 in your gpg.conf? From 210525p42015 at denstarfarm.us Tue Nov 20 04:03:40 2007 From: 210525p42015 at denstarfarm.us (Robert D.) Date: Mon, 19 Nov 2007 22:03:40 -0500 Subject: Enigmail.js errors seen on Console log In-Reply-To: <474235CE.2070607@sixdemonbag.org> References: <4742300C.3060509@denstarfarm.us> <474235CE.2070607@sixdemonbag.org> Message-ID: <47424E8C.5020705@denstarfarm.us> Robert J. Hansen said the following: > enable-dsa2 in your gpg.conf? > indeed. I didn't .. do now ... and also noticed just how many gpg.conf's I own after several different "installs" http://img129.imageshack.us/img129/9236/picture1mj5.jpg however, the one I believe that's real lies in /users/mine/.gnupg and doen't appear on a filtered search ..--.. .-.-. From dshaw at jabberwocky.com Tue Nov 20 04:38:14 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 19 Nov 2007 22:38:14 -0500 Subject: Enigmail.js errors seen on Console log In-Reply-To: <474235CE.2070607@sixdemonbag.org> References: <4742300C.3060509@denstarfarm.us> <474235CE.2070607@sixdemonbag.org> Message-ID: <20071120033814.GA6560@jabberwocky.com> On Mon, Nov 19, 2007 at 07:18:06PM -0600, Robert J. Hansen wrote: > Robert D. wrote: > > I was just looking at the Apple's Console log and saw these. I was > > wondering what caused them and what I could set to "not" cause them > > These errors occur when the digest algorithm the message claims it's > using isn't the same as the one it's actually using; or if it uses an > algorithm other than one which must be used. E.g., you could (pre-DSA2 > support in GnuPG) get this error message if you attempted to process a > message that had a DSA signature using SHA256 as opposed to SHA-1 or > RIPEMD160. That's not completely true. The first part is true: the error is from a message that claims to use one hash, but actually uses a different one. The error does not mean that the wrong algorithm was used for DSA. > Looking at key 0xBA279E56, it appears to be a DSA-1024 signing key. How > much do you want to bet they're using DSA2 and you don't have > enable-dsa2 in your gpg.conf? DSA2 in GPG doesn't work that way. --enable-dsa2 only controls whether you are able to issue a DSA2 signature. It does not have any impact on whether you are able to verify someone elses DSA2 signature. I've seen this error before - the cause back then was a PGP/MIME signed message where the micalg field in the email header was set to one hash, and the actual signed data was different. David From wk at gnupg.org Tue Nov 20 09:26:17 2007 From: wk at gnupg.org (Werner Koch) Date: Tue, 20 Nov 2007 09:26:17 +0100 Subject: [Announce] GnuPG release candidate 1.4.8 In-Reply-To: <9e0cf0bf0711191128x109e63f4tff99d4adfc405e58@mail.gmail.com> (Alon Bar-Lev's message of "Mon, 19 Nov 2007 21:28:13 +0200") References: <87d4uaxnk3.fsf@wheatstone.g10code.de> <9e0cf0bf0711161438o2258b1e6mfeaabeb46876f186@mail.gmail.com> <87r6imttmx.fsf@wheatstone.g10code.de> <9e0cf0bf0711191128x109e63f4tff99d4adfc405e58@mail.gmail.com> Message-ID: <87sl31mifq.fsf@wheatstone.g10code.de> On Mon, 19 Nov 2007 20:28, alon.barlev at gmail.com said: > As far as I tested, gcc defines __PIC__ when you use -fPIC not PIC. > Does it different at your side? It should be irrelevant for gnupg as we don't build a library. It is more an issue for libgcrypt. as time permits I will run a cuple of tests on a sparc box. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From matthew.loring at nsg-inc.org Tue Nov 20 22:50:16 2007 From: matthew.loring at nsg-inc.org (Matthew Loring) Date: Tue, 20 Nov 2007 15:50:16 -0600 Subject: GPG Passphrase Caching Message-ID: <2634F78A-D5EF-49EC-B921-78878E15A618@nsg-inc.org> I am using the binary version of GPG for Windows, version 1.47. Everything works fine, but I have a need to automatically decrypt files through a script. The hangup that I have right now is that GPG wants me to enter in my passphrase when decrypting files. Is there a way to cache the passphrase or save it in a file so that it does not prompt me to enter my passphrase for my secret key? From rjh at sixdemonbag.org Wed Nov 21 00:27:51 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 20 Nov 2007 17:27:51 -0600 Subject: GPG Passphrase Caching In-Reply-To: <2634F78A-D5EF-49EC-B921-78878E15A618@nsg-inc.org> References: <2634F78A-D5EF-49EC-B921-78878E15A618@nsg-inc.org> Message-ID: <47436D77.7080008@sixdemonbag.org> Matthew Loring wrote: > I am using the binary version of GPG for Windows, version 1.47. > Everything works fine, but I have a need to automatically decrypt > files through a script. The hangup that I have right now is that GPG > wants me to enter in my passphrase when decrypting files. Is there a > way to cache the passphrase or save it in a file so that it does not > prompt me to enter my passphrase for my secret key? Yes, although this usage is not recommended. --passphrase --passphrase-file Please note that the former will make the passphrase available to anyone with enough privileges to read the process table, and the latter will leave your passphrase around in a file on the system which you're then responsible for securing somehow. You may want to simply remove the passphrase from the key, which may be a superior solution. At least then there's no false sense of security which might otherwise accompany either of --passphrase or --passphrase-file. From laurent.jumet at skynet.be Wed Nov 21 00:25:06 2007 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Wed, 21 Nov 2007 00:25:06 +0100 Subject: Caching passphrase... Message-ID: Hello Matthew Loring ! > I am using the binary version of GPG for Windows, version 1.47. > Everything works fine, but I have a need to automatically decrypt > files through a script. The hangup that I have right now is that GPG > wants me to enter in my passphrase when decrypting files. Is there a > way to cache the passphrase or save it in a file so that it does not > prompt me to enter my passphrase for my secret key? --passphrase-fd n Read the passphrase from file descriptor n. Only the first line will be read from file descriptor n. If you use 0 for n, the passphrase will be read from stdin. This can only be used if only one passphrase is supplied. --passphrase-file file Read the passphrase from file file. Only the first line will be read from file file. This can only be used if only one passphrase is supplied. Obviously, a passphrase stored in a file is of questionable security if other users can read this file. Don't use this option if you can avoid it. --passphrase string Use string as the passphrase. This can only be used if only one passphrase is supplied. Obviously, this is of very ques- tionable security on a multi-user system. Don't use this option if you can avoid it. -- Laurent Jumet KeyID: 0xCFAF704C From matthew.loring at nsg-inc.org Wed Nov 21 18:52:35 2007 From: matthew.loring at nsg-inc.org (Matthew Loring) Date: Wed, 21 Nov 2007 11:52:35 -0600 Subject: GPG Output Files In-Reply-To: <2634F78A-D5EF-49EC-B921-78878E15A618@nsg-inc.org> References: <2634F78A-D5EF-49EC-B921-78878E15A618@nsg-inc.org> Message-ID: I am using the binary version of GPG for Windows, version 1.47. Everything works fine, but I have a need to automatically decrypt files through a script. The hangup that I have right now is that I need to decrypt multiple files and send the output to a file and NOT . I know I can use the --output command, but I don't want to specify a static file for this script because there are multiple files. I would also like to just retain the original filename after decryption. I have looked through the man pages for this and just can't see an option for this scenario. Has anyone encountered a situation like this? Thanks... From alon.barlev at gmail.com Wed Nov 21 18:08:50 2007 From: alon.barlev at gmail.com (Alon Bar-Lev) Date: Wed, 21 Nov 2007 19:08:50 +0200 Subject: [Announce] GnuPG release candidate 1.4.8 In-Reply-To: <9e0cf0bf0711191128x109e63f4tff99d4adfc405e58@mail.gmail.com> References: <87d4uaxnk3.fsf@wheatstone.g10code.de> <9e0cf0bf0711161438o2258b1e6mfeaabeb46876f186@mail.gmail.com> <87r6imttmx.fsf@wheatstone.g10code.de> <9e0cf0bf0711191128x109e63f4tff99d4adfc405e58@mail.gmail.com> Message-ID: <9e0cf0bf0711210908t32b6d58ay4ae8945e7220cced@mail.gmail.com> On 11/19/07, Alon Bar-Lev wrote: http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-crypt/gnupg/files/gnupg-1.4.3-selftest.patch?rev=1.1 > > > > - echo "../g10/gpg --no-options --no-greeting \ > > + echo "../g10/gpg --no-options --no-greeting --homedir . \ > > --no-secmem-warning --batch --dearmor" >>./gpg_dearmor > > chmod 755 ./gpg_dearmor > > + if test ! -f ./pubring.gpg; then touch -t 197001020000 ./pubring.gpg; fi > > + if test ! -f ./secring.gpg; then touch -t 197001020000 ./secring.gpg; fi > > > > Please explain. > Without --homedir won't it try to access the running user home directory? In some cases it cause sandbox violation. The touch stuff are not needed I guess. > > > http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-crypt/gnupg/files/gnupg-1.4.6-badruman.patch?rev=1.1 > > > > I can't see any problem with gpg.ru. > > Will try. You should put the ru man page at: /usr/man//man[1-9lno] http://tldp.org/HOWTO/Man-Page/q2.html Best Regards, Alon Bar-Lev. From wk at gnupg.org Thu Nov 22 10:17:13 2007 From: wk at gnupg.org (Werner Koch) Date: Thu, 22 Nov 2007 10:17:13 +0100 Subject: [Announce] GnuPG release candidate 1.4.8 In-Reply-To: <9e0cf0bf0711210908t32b6d58ay4ae8945e7220cced@mail.gmail.com> (Alon Bar-Lev's message of "Wed, 21 Nov 2007 19:08:50 +0200") References: <87d4uaxnk3.fsf@wheatstone.g10code.de> <9e0cf0bf0711161438o2258b1e6mfeaabeb46876f186@mail.gmail.com> <87r6imttmx.fsf@wheatstone.g10code.de> <9e0cf0bf0711191128x109e63f4tff99d4adfc405e58@mail.gmail.com> <9e0cf0bf0711210908t32b6d58ay4ae8945e7220cced@mail.gmail.com> Message-ID: <877ika63mu.fsf@wheatstone.g10code.de> On Wed, 21 Nov 2007 18:08, alon.barlev at gmail.com said: > Without --homedir won't it try to access the running user home directory? Yeah, it might create a ~/.gnupg. I applied the fix. > You should put the ru man page at: > /usr/man//man[1-9lno] Okay, I need to see how this can be done with automake. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wk at gnupg.org Thu Nov 22 10:20:27 2007 From: wk at gnupg.org (Werner Koch) Date: Thu, 22 Nov 2007 10:20:27 +0100 Subject: GPG Output Files In-Reply-To: (Matthew Loring's message of "Wed, 21 Nov 2007 11:52:35 -0600") References: <2634F78A-D5EF-49EC-B921-78878E15A618@nsg-inc.org> Message-ID: <873auy63hg.fsf@wheatstone.g10code.de> On Wed, 21 Nov 2007 18:52, matthew.loring at nsg-inc.org said: > I am using the binary version of GPG for Windows, version 1.47. > Everything works fine, but I have a need to automatically decrypt > files through a script. The hangup that I have right now is that I > need to decrypt multiple files and send the output to a file and NOT > . I know I can use the --output command, but I > don't want to specify a static file for this script because there are > multiple files. I would also like to just retain the original filename You may want to use the option: --multifile This modifies certain other commands to accept multiple files for processing on the command line or read from stdin with each filename on a separate line. This allows for many files to be processed at once. --multifile may currently be used along with --verify, --encrypt, and --decrypt. Note that `--multifile --verify' may not be used with detached signatures. You might need to compine it with --yes and --batch so that existing files are overwritten. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From bahamut at digital-signal.net Thu Nov 22 23:30:00 2007 From: bahamut at digital-signal.net (Andrew Berg) Date: Thu, 22 Nov 2007 16:30:00 -0600 Subject: Odd characters in Thunderbird compose of gnupg In-Reply-To: <473F999B.3020707@denstarfarm.us> References: <473DE935.6070506@denstarfarm.us> <473E0CC7.300@Mozilla-Enigmail.org> <473E5EFC.2000406@denstarfarm.us> <473F1D80.5050500@digital-signal.net> <473F999B.3020707@denstarfarm.us> Message-ID: <474602E8.5040203@digital-signal.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Robert D. wrote: > thank you for the help. I have relayed it to my friend. Mind you, > she's off again to her family and I am unable to watch the > "repairs" first hand. There's also another way to handle it that I forgot to mention. If you have a lot of CLI apps that you don't want in %windir%\system32, you can store them in a separate directory and add that directory to the path. I'm surprised that I forgot about this since this is what I do myself. The command line is so amazingly underrated in the Windows world. - -- Windows NT 5.1.2600.2180 | Thunderbird 2.0.0.6 | Enigmail 0.95.5 | GPG 1.4.7 Key ID: 0xF88E034060A78FCB - available on major keyservers and upon request Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBR0YC5/iOA0Bgp4/LAQMsMwf+JrjS8nmrcxvILCbOhFDCy66nnzx9dttq ZsmOP+r0/z4nh8XiWuNobNvOsqPdLxvuWsFKftR6ZZlAwx2pRqnE4TI4eigbHgRf azd1YHZSSKau4s3cY6U1CDnFWkThVXk+sWtl2Kkvjuk8OPrggBjcZZO3cwHymaGX cgO4XuRQheRR46UKEyHcqFGyjcdEGAG6aqUR+PWPMMrnJygf/3qbYs+rKEaQu9CL AoexVCyhpNR4Xwvkj8ePi3g4H6nO2mB7Pp/DBsdxWgV6vpBFjfoo+n5c7Muykgm/ EXaY1GBkjEjO6b6XihtpAQ4ycc5iG7VF0uZ24GxA3IYMjReGC0x5eg== =PzrP -----END PGP SIGNATURE----- From b.movaqar at adempiere.org Fri Nov 23 03:06:43 2007 From: b.movaqar at adempiere.org (Bahman Movaqar) Date: Fri, 23 Nov 2007 05:36:43 +0330 Subject: How to remove a key from keyserver? Message-ID: <20071123053643.1c0575cd@attila> Hi all, I, mistakenly, generated several keys, sent them to 'subkeys.pgp.net' and deleted the ~/.gnupg directory while I _had not_ generated a revocation certificate for any of those keys except one. Now my question is: Since all of the keys are for the same email address, how can I remove redundant keys and leave out only one? # gpg2 --version gpg (GnuPG) 2.0.4 Copyright (C) 2007 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ELG Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, TIGER192, SHA256, SHA384, SHA512 Compression: Uncompressed, ZIP, ZLIB, BZIP2 # gpg2 --search-key b.movaqar at adempiere.org gpg: searching for "b.movaqar at adempiere.org" from hkp server subkeys.pgp.net (1) Bahman Movaqar 1024 bit DSA key DA647509, created: 2007-11-21 (2) Bahman Movaqar 1024 bit DSA key 641F5644, created: 2007-11-20 (3) Bahman Movaqar 1024 bit DSA key 03517F4B, created: 2007-11-20 (4) Bahman M. 1024 bit DSA key 0BD83A01, created: 2007-10-04 Any idea/suggestion is appreciated. TIA, -- Bahman Movaqar PGP KeyID: 0xDA647509 (subkeys.pgp.net) If there are no known vulnerabilities, the system must be secure. If there is a vulnerability, then once it's fixed, the system is again secure. How anyone comes to this presumption is a mystery to me. -Bruce Schneier -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20071123/3f1b81f6/attachment.pgp From rjh at sixdemonbag.org Fri Nov 23 03:26:59 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 22 Nov 2007 20:26:59 -0600 Subject: How to remove a key from keyserver? In-Reply-To: <20071123053643.1c0575cd@attila> References: <20071123053643.1c0575cd@attila> Message-ID: <47463A73.7090604@sixdemonbag.org> Bahman Movaqar wrote: > Now my question is: > Since all of the keys are for the same email address, how can I remove > redundant keys and leave out only one? You don't. This isn't possible. From b.movaqar at adempiere.org Fri Nov 23 03:33:21 2007 From: b.movaqar at adempiere.org (Bahman Movaqar) Date: Fri, 23 Nov 2007 06:03:21 +0330 Subject: How to remove a key from keyserver? In-Reply-To: <47463A73.7090604@sixdemonbag.org> References: <20071123053643.1c0575cd@attila> <47463A73.7090604@sixdemonbag.org> Message-ID: <20071123060321.54ed8b78@attila> On 2007-11-22 Robert J. Hansen wrote: > Bahman Movaqar wrote: > > Now my question is: > > Since all of the keys are for the same email address, how can I > > remove redundant keys and leave out only one? > > You don't. This isn't possible. Is it possible to set an expiry date for them? -- Bahman Movaqar PGP KeyID: 0xDA647509 (subkeys.pgp.net) Talking nonsense is man's only privilege that distinguishes him from all other organisms. -Fyodor M. Dostoevsky -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20071123/7e2512c4/attachment.pgp From rjh at sixdemonbag.org Fri Nov 23 03:46:30 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 22 Nov 2007 20:46:30 -0600 Subject: How to remove a key from keyserver? In-Reply-To: <20071123060321.54ed8b78@attila> References: <20071123053643.1c0575cd@attila> <47463A73.7090604@sixdemonbag.org> <20071123060321.54ed8b78@attila> Message-ID: <47463F06.7020400@sixdemonbag.org> Bahman Movaqar wrote: > Is it possible to set an expiry date for them? Not in your case. You would need the private key. The moral of the story is to generate revocation certificates at the same time you generate your keys, test your keys to make sure they are exactly what you need, and create backups of your keyring before you ever send a key to the keyservers. From b.movaqar at adempiere.org Fri Nov 23 04:00:36 2007 From: b.movaqar at adempiere.org (Bahman Movaqar) Date: Fri, 23 Nov 2007 06:30:36 +0330 Subject: How to remove a key from keyserver? In-Reply-To: <47463F06.7020400@sixdemonbag.org> References: <20071123053643.1c0575cd@attila> <47463A73.7090604@sixdemonbag.org> <20071123060321.54ed8b78@attila> <47463F06.7020400@sixdemonbag.org> Message-ID: <20071123063036.3d7447e1@attila> On 2007-11-22 Robert J. Hansen wrote: > Bahman Movaqar wrote: > > Is it possible to set an expiry date for them? > > Not in your case. You would need the private key. > > The moral of the story is to generate revocation certificates at the > same time you generate your keys, test your keys to make sure they are > exactly what you need, and create backups of your keyring before you > ever send a key to the keyservers. Ah! Experience costs! Thanks for your time and replies, -- Bahman Movaqar PGP KeyID: 0xDA647509 (subkeys.pgp.net) The Moving Finger writes; and, having writ, Moves on: nor all your Piety nor Wit Shall lure it back to cancel half a Line, Nor all your Tears wash out a Word of it. -Khayyam -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20071123/853ff197/attachment.pgp From laurent.jumet at skynet.be Fri Nov 23 07:53:53 2007 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Fri, 23 Nov 2007 07:53:53 +0100 Subject: How to remove a key from keyserver? In-Reply-To: <20071123053643.1c0575cd@attila> Message-ID: Hello Bahman ! Bahman Movaqar wrote: > Now my question is: > Since all of the keys are for the same email address, how can I remove > redundant keys and leave out only one? Unfortunately, as soon as you don't own the secret key any more, you don't have the ability to change any parameter on the PubKey. -- Laurent Jumet KeyID: 0xCFAF704C From b.movaqar at adempiere.org Fri Nov 23 09:07:29 2007 From: b.movaqar at adempiere.org (Bahman Movaqar) Date: Fri, 23 Nov 2007 11:37:29 +0330 Subject: How Revoke an "Unrevokeable" Key In-Reply-To: <474689A0.7040301@earthlink.net> References: <474689A0.7040301@earthlink.net> Message-ID: <20071123113729.5bdefeed@attila> On 2007-11-23 Kara wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: RIPEMD160 > > ==== > > Reference your 23 Nov 2007 (0630 +0300): > "Re: How to remove a key from keyserver?": > > > Ah! Experience costs! Thanks for your time and replies, > > You're *stuck* as you are already aware. > > ==== > > I have one very, very poor possibility that you might consider -- it > won't solve your problem but is perhaps somewhat better than nothing: > > 1. Create a new key and include as a comment: Replaces 0x12345678 > > Then make a revocation certificate for the new key, > make a backup of the new key, *and then and only then*: > > a. Use that new key to sign all userIDs on 0x12345678. > > b. Then upload 0x12345678 to a public keyserver. > > c. Then, if you wish -- upload your "new" key to a > public keyserver. > > ==== > > That would work for one key (0x123456789) but if you have several keys > I'm not sure if you'd like to try the same thing using the same key > for several of your old keys, e.g.,: > > 2. Create a new key and include as a comment: > > Replaces 0x12345678, 0xABCDEFGH, 0x87654321 > > etc, etc, etc from above > > ==== > > Again, either option 1 or 2 above won't really solve your problem but > in lieu of doing nothing is all I can think of. > > I've never see the above done with more than one key -- and even then > it is an absolutely terrible solution to a problem that otherwise > doesn't have a valid solution. > > Robert H and probably all of the other "experienced" GPG/PGP users > will no doubt tell you the above suggestion is a total waste of time > and won't accomplish anything worthwhile -- and they will probably be > right! > > However, what have you got to lose? > > ==== > > PS: I'm not expert but just someone trying to provide something for > you to think about to see if it makes any sense to you. > > Good luck whatever you decide to do. Looks like that's the only way left; an ugly one but better than nothing. Thank you, PS: I CC'd users@ list. -- Bahman Movaqar PGP KeyID: 0xDA647509 (subkeys.pgp.net) YESTERDAY This Day's Madness did prepare; TO-MORROW's Silence, Triumph, or Despair: Drink! for you not know whence you came, nor why: Drink! for you know not why you go, nor where. -Khayyam -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20071123/312ee9ac/attachment.pgp From bahamut at digital-signal.net Fri Nov 23 13:25:32 2007 From: bahamut at digital-signal.net (Andrew Berg) Date: Fri, 23 Nov 2007 06:25:32 -0600 Subject: How to remove a key from keyserver? In-Reply-To: <47463A73.7090604@sixdemonbag.org> References: <20071123053643.1c0575cd@attila> <47463A73.7090604@sixdemonbag.org> Message-ID: <4746C6BC.2030305@digital-signal.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Robert J. Hansen wrote: > You don't. This isn't possible. Well, it could be /possible/, but many steps would be difficult, illegal, expensive, or some combination of the three. - -- Windows NT 5.1.2600.2180 | Thunderbird 2.0.0.6 | Enigmail 0.95.5 | GPG 1.4.7 Key ID: 0xF88E034060A78FCB - available on major keyservers and upon request Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBR0bGu/iOA0Bgp4/LAQOfnQf/bYzv19R+vcLkkUFgL18KuMHQTAXbCjJn 0V/w2EbpEJt6oF6sG/ZdfI/PGkZ64HQTgwOI/Fj8R/wQ47y49HykZu5JGex7SQh0 +PWhFX9Oy2bdOdCF2YYJPJbGyvlczNhqD3sp3QvfkxC0EEg59/VSkdsWimsQscPl h6rH0oaPeUkzx3QIzsJuvcjcaMCF0iP9lUwtrnTaCgaoaFgOw9wOtCLv0qbYfA90 /K1Qq9pSGdMMLbCZ5yZeQdylipZGzvoP7lNkcrSFcxlhY8LvPM5YZjkI3EechX5a cRzxIU6xiSE0UpyqW0cA8LWv60iJgcS84ClNXls5vDtBPR+Yql8bcw== =TzZ0 -----END PGP SIGNATURE----- From mr_canis at yahoo.co.uk Fri Nov 23 14:50:29 2007 From: mr_canis at yahoo.co.uk (Wolf Canis) Date: Fri, 23 Nov 2007 14:50:29 +0100 Subject: Revoke a key - What is with the decrypted messages? Message-ID: <4746DAA5.4030006@yahoo.co.uk> Hello all, I created a key one year ago and used this key. Therefore I have a lot decrypted messages. Now I want revoke this key. That's not the problem, I have a revocation certificate. But what is with the decrypted messages to me, can I still encrypt this messages? Or is the secret key invalid too? Thanks in advance! W. Canis -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20071123/7a44a65e/attachment.pgp From dshaw at jabberwocky.com Fri Nov 23 16:47:13 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Fri, 23 Nov 2007 10:47:13 -0500 Subject: Revoke a key - What is with the decrypted messages? In-Reply-To: <4746DAA5.4030006@yahoo.co.uk> References: <4746DAA5.4030006@yahoo.co.uk> Message-ID: <20071123154713.GA19642@jabberwocky.com> On Fri, Nov 23, 2007 at 02:50:29PM +0100, Wolf Canis wrote: > Hello all, > I created a key one year ago and used this key. Therefore I have a lot > decrypted > messages. > Now I want revoke this key. That's not the problem, I have a revocation > certificate. Excellent. :) > But what is with the decrypted messages to me, can I still encrypt this > messages? Or > is the secret key invalid too? No problem. You can always decrypt old messages (and verify old signatures) even if the key has been revoked. Revoking the key only stops new use of the key - old messages are still okay. David From thomas-pries at web.de Thu Nov 22 16:26:53 2007 From: thomas-pries at web.de (Thomas Pries) Date: Thu, 22 Nov 2007 16:26:53 +0100 Subject: Decrypt problem with large file In-Reply-To: <200711180039.56797.thomas-pries@web.de> References: <200711180039.56797.thomas-pries@web.de> Message-ID: <200711221626.53110.thomas-pries@web.de> Hallo, Am Sonntag, 18. November 2007 00:39 schrieb Thomas Pries: > this decryption faild with errormessage: > ... > gpg: WARNING: encrypted message has been manipulated! > gpg: packet(6) with unknown version 139 addition: up to this point I can restore about 30% of the archive content. Greetings Thomas From vedaal at hush.com Fri Nov 23 19:52:48 2007 From: vedaal at hush.com (vedaal at hush.com) Date: Fri, 23 Nov 2007 13:52:48 -0500 Subject: How Revoke an "Unrevokeable" Key Message-ID: <20071123185248.D60F722840@mailserver10.hushmail.com> On 2007-11-23 Kara wrote: > I have one very, very poor possibility that you might consider -- it > won't solve your problem but is perhaps somewhat better than nothing: > > 1. Create a new key and include as a comment: Replaces 0x12345678 > > Then make a revocation certificate for the new key, > make a backup of the new key, *and then and only then*: > > a. Use that new key to sign all userIDs on 0x12345678. > > b. Then upload 0x12345678 to a public keyserver. > > c. Then, if you wish -- upload your "new" key to a > public keyserver. the problem with this is, that *anybody* pretending to be you, can 'also' do this, and create impostor keys so, in order for this to be meaningful, it is even more 'tedious' as it will require all those who 'trusted' the previous key that needs to be revoked, to 'trust' the new replacement key, and sign it, (something that would not be done for an impostor's key) and then add to the comment, "signed by all keys who signed original key 0x12345678" if 'no one' signed the original key, then this is much less of a problem, as no one trusted it enough yet, so just use the 'new' key without any comments, and eventually people will begin to 'trust' that one, and ignore the previous one vedaal -- Stop collection calls. Click here to receive information on how to improve your credit. http://tagline.hushmail.com/fc/Ioyw6h4dNzsbwZmws9fhkyBJqzhDrFmg8zf7CaHbmm9Kbzyf051sjd/ From JPClizbe at tx.rr.com Fri Nov 23 20:07:24 2007 From: JPClizbe at tx.rr.com (John Clizbe) Date: Fri, 23 Nov 2007 13:07:24 -0600 Subject: How to remove a key from keyserver? In-Reply-To: <4746C6BC.2030305@digital-signal.net> References: <20071123053643.1c0575cd@attila> <47463A73.7090604@sixdemonbag.org> <4746C6BC.2030305@digital-signal.net> Message-ID: <474724EC.1030803@tx.rr.com> Andrew Berg wrote: > Robert J. Hansen wrote: >> You don't. This isn't possible. > > Well, it could be /possible/, but many steps would be difficult, > illegal, expensive, or some combination of the three. > Stick with Rob's 'not possible'. Folks won't snicker behind your back that way. You are contemplating the successful completion of a task both so extremely effortful and futile as to rightly proclaim the description Sisyphean. -- John P. Clizbe Inet: JPClizbe (a) tx DAWT rr DAHT con Ginger Bear Networks Keyserver hkp://keyserver.gingerbear.net "Be who you are and say what you feel because those who mind don't matter and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 679 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20071123/3d37c659/attachment-0001.pgp From reynt0 at cs.albany.edu Fri Nov 23 21:14:29 2007 From: reynt0 at cs.albany.edu (reynt0) Date: Fri, 23 Nov 2007 15:14:29 -0500 (EST) Subject: Revoke a key - What is with the decrypted messages? In-Reply-To: <20071123154713.GA19642@jabberwocky.com> References: <4746DAA5.4030006@yahoo.co.uk> <20071123154713.GA19642@jabberwocky.com> Message-ID: Just a maybe picky question: Does "stops new use" mean absolutely, like mechanical prevention, stops new use, or does it mean something like "stops by a social process", ie like knowledgeable users won't use it anymore? On Fri, 23 Nov 2007, David Shaw wrote: . . . > . . . Revoking the key only > stops new use of the key - old messages are still okay. From jmoore3rd at bellsouth.net Fri Nov 23 21:31:19 2007 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Fri, 23 Nov 2007 15:31:19 -0500 Subject: Revoke a key - What is with the decrypted messages? In-Reply-To: References: <4746DAA5.4030006@yahoo.co.uk> <20071123154713.GA19642@jabberwocky.com> Message-ID: <47473897.5040403@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 reynt0 wrote: > Just a maybe picky question: > Does "stops new use" mean absolutely, like mechanical > prevention, stops new use, or does it mean something like > "stops by a social process", ie like knowledgeable users > won't use it anymore? > > On Fri, 23 Nov 2007, David Shaw wrote: > . . . >> . . . Revoking the key only >> stops new use of the key - old messages are still okay. In this context it will mean "like mechanical prevention" but only for those Users who have Updated Your Key with the Revocation on their Keyring. GnuPG will _not_ Encrypt to a revoked Public Key. However, if You never tell Me that You have revoked the Key and it is on My Keyring and I Encrypt My annual Christmas Email to You using that Key then it will not show Revoked on My Keyring and You will not be able to read My Greetings unless You have kept the Secret Key for the revoked Key on Your Keyring. This assumes that I have been too lazy to 'Refresh' Your Key from the Servers prior to writing My yearly missive. An easy method for handling this is to also send the Revocation Certificate to all Your correspondents in addition to Sending the Revoked Key to the Keyservers. I would then recommend keeping a copy of the Revoked Key available somewhere prior to deleting it 'just in case' You ever receive a message Encrypted to it from someone You forgot to inform. JOHN ;) Timestamp: Friday 23 Nov 2007, 15:30 --500 (Eastern Standard Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8-svn4622: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: My Homepage: http://tinyurl.com/yzhbhx Comment: MySpace Page: http://www.myspace.com/jmoore3rd iQEcBAEBCgAGBQJHRziWAAoJEBCGy9eAtCsP9sYH/1hg8+Rlr0M1xyhmMx4oqa/y D6KGwezUVhqB2dFFiVIAhI3ROOkabJkp6YnWLKfYbiSLmanUdfGF6WbsSAZIv2vm 11vd9kf+KhImDAxOwDM/R+QkJ3d+t7EFQX1/m9kV0YkQ24VpOTly5t0PM0o1Ey33 f1MnwCXea9SjROsig5sD1zJjv64a3auJOvgPJn1Q8A9qgRMTiAZLEAcaRABACRyh tUWajMMiKac6Wu9VMSB+3qYT0FVmJTq0kt1/eu3OeQnADl7QlVP+iT7tJFkmIlxC qSlR4t3FkpEvhG+iOHCUJjJtIoB5jVNmrHf0uFsCTG6crrO/pl8DlZb6ZUuNbcw= =UtLr -----END PGP SIGNATURE----- From reynt0 at cs.albany.edu Fri Nov 23 21:43:33 2007 From: reynt0 at cs.albany.edu (reynt0) Date: Fri, 23 Nov 2007 15:43:33 -0500 (EST) Subject: Revoke a key - What is with the decrypted messages? In-Reply-To: <47473897.5040403@bellsouth.net> References: <4746DAA5.4030006@yahoo.co.uk> <20071123154713.GA19642@jabberwocky.com> <47473897.5040403@bellsouth.net> Message-ID: Thanks. That's exactly what I wanted to be clear about, but didn't want to try to specify all possible details by my (inexpert) self. On Fri, 23 Nov 2007, John W. Moore III wrote: . . . > reynt0 wrote: >> Just a maybe picky question: >> Does "stops new use" mean absolutely, like mechanical >> prevention, stops new use, or does it mean something like >> "stops by a social process", ie like knowledgeable users >> won't use it anymore? . . . > In this context it will mean "like mechanical prevention" but only for > those Users who have Updated Your Key with the Revocation on their > Keyring. GnuPG will _not_ Encrypt to a revoked Public Key. > > However, if You never tell Me that You have revoked the Key . . . > I would then recommend keeping a copy of > the Revoked Key available somewhere prior to deleting it 'just in case' > You ever receive a message Encrypted to it from someone . . . From dshaw at jabberwocky.com Fri Nov 23 22:09:02 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Fri, 23 Nov 2007 16:09:02 -0500 Subject: Revoke a key - What is with the decrypted messages? In-Reply-To: References: <4746DAA5.4030006@yahoo.co.uk> <20071123154713.GA19642@jabberwocky.com> Message-ID: <20071123210902.GB19642@jabberwocky.com> > On Fri, 23 Nov 2007, David Shaw wrote: > . . . > > . . . Revoking the key only > > stops new use of the key - old messages are still okay. On Fri, Nov 23, 2007 at 03:14:29PM -0500, reynt0 wrote: > Just a maybe picky question: > Does "stops new use" mean absolutely, like mechanical > prevention, stops new use, or does it mean something like > "stops by a social process", ie like knowledgeable users > won't use it anymore? Both, really. It's a social process in that a revocation just adds a note to a key that says "don't use this". It's mechanical in the sense that all OpenPGP software respects this flag, so the user doesn't get consulted about it. David From mr_canis at yahoo.co.uk Fri Nov 23 23:07:44 2007 From: mr_canis at yahoo.co.uk (Wolf Canis) Date: Fri, 23 Nov 2007 23:07:44 +0100 Subject: Revoke a key - What is with the decrypted messages? In-Reply-To: <4746DAA5.4030006@yahoo.co.uk> References: <4746DAA5.4030006@yahoo.co.uk> Message-ID: <47474F30.2010006@yahoo.co.uk> Hello, thanks for the answers. My doubts are dispelled. W. Canis -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20071123/b11e87a4/attachment.pgp From bahamut at digital-signal.net Sat Nov 24 14:35:36 2007 From: bahamut at digital-signal.net (Andrew Berg) Date: Sat, 24 Nov 2007 07:35:36 -0600 Subject: How to remove a key from keyserver? In-Reply-To: <474724EC.1030803@tx.rr.com> References: <20071123053643.1c0575cd@attila> <47463A73.7090604@sixdemonbag.org> <4746C6BC.2030305@digital-signal.net> <474724EC.1030803@tx.rr.com> Message-ID: <474828A8.50509@digital-signal.net> John Clizbe wrote: > You are contemplating the successful completion of a task both so extremely > effortful and futile as to rightly proclaim the description Sisyphean. > Robert J. Hansen wrote: > In the universe of practicability, what he wants to do is not possible. I know that. I just forgot to add that I know it. John Clizbe wrote: > Folks won't snicker behind your back that way. Why would people snicker behind my back? I wasn't seriously suggesting that he try to do it. -- Windows NT 5.1.2600.2180 | Thunderbird 2.0.0.6 | Enigmail 0.95.5 | GPG 1.4.7 Key ID: 0xF88E034060A78FCB - available on major keyservers and upon request Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB From rjh at sixdemonbag.org Sat Nov 24 19:00:26 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 24 Nov 2007 12:00:26 -0600 Subject: How to remove a key from keyserver? In-Reply-To: <474828A8.50509@digital-signal.net> References: <20071123053643.1c0575cd@attila> <47463A73.7090604@sixdemonbag.org> <4746C6BC.2030305@digital-signal.net> <474724EC.1030803@tx.rr.com> <474828A8.50509@digital-signal.net> Message-ID: <474866BA.2060909@sixdemonbag.org> I'm not sure how on-topic this is for the GnuPG list, but it talks a little about online etiquette, and as such it may be useful to the list as a whole. Andrew Berg wrote: > Robert J. Hansen wrote: >> In the universe of practicability, what he wants to do is not possible. > I know that. I just forgot to add that I know it. First, please do not quote private emails to public mailing lists without the original author's consent. Private emails may contain sender- or recipient-specific information which the original author would rather not see in a public list that maintains a searchable archive. Second, what you really forgot to add was a smiley. Psychologists have done a ton of studies on how we perceive others via email, and what they've discovered is that people overwhelmingly are awful judges of the emotional context of email, and they are also overwhelmingly awful about recognizing the fact they are awful judges. People read emails and feel great certainty about what the 'real' emotional context is. > John Clizbe wrote: >> Folks won't snicker behind your back that way. > Why would people snicker behind my back? I wasn't seriously suggesting > that he try to do it. In the absence of any contextual clues to make it clear you were joking, John was reading your message straight-up. When reading your message straight up, it comes across as being kind of ankle-biting. Had you added a smiley, or some note at the end to explain it was a joke, you probably wouldn't have received that reaction. All it amounts to is a joke (a) wasn't received by the intended audience and (b) the intended audience responded as if it was straight. This sort of thing happens tens of thousands of times a day on the internet. So let's all go back to our respective corners, and return a few minutes later with an appreciation for the expressive power of the simple, underutilized, smiley. :) From bahamut at digital-signal.net Sun Nov 25 14:08:59 2007 From: bahamut at digital-signal.net (Andrew Berg) Date: Sun, 25 Nov 2007 07:08:59 -0600 Subject: How to remove a key from keyserver? In-Reply-To: <474866BA.2060909@sixdemonbag.org> References: <20071123053643.1c0575cd@attila> <47463A73.7090604@sixdemonbag.org> <4746C6BC.2030305@digital-signal.net> <474724EC.1030803@tx.rr.com> <474828A8.50509@digital-signal.net> <474866BA.2060909@sixdemonbag.org> Message-ID: <474973EB.8020409@digital-signal.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Robert J. Hansen wrote: > Andrew Berg wrote: >> Robert J. Hansen wrote: >>> In the universe of practicability, what he wants to do is not possible. >> I know that. I just forgot to add that I know it. > > First, please do not quote private emails to public mailing lists > without the original author's consent. I did not realize it was a private message; it was threaded with all the other messages of the same topic. I apologize and I will certainly make sure to read header info to make sure it was from the list next time. I see that GnuPG-Users was sent a carbon copy, so quoting this to the list should be fine. ;-) > Second, what you really forgot to add was a smiley. Psychologists have > done a ton of studies on how we perceive others via email, and what > they've discovered is that people overwhelmingly are awful judges of the > emotional context of email, and they are also overwhelmingly awful about > recognizing the fact they are awful judges. People read emails and feel > great certainty about what the 'real' emotional context is. I think that stems from the fact that written language can't hold that context very well, so one is forced to interpret it. On a side note, I think written language was really only intended for formal things (widespread literacy is relatively new), and we haven't had time to adapt it enough to make it replace spoken language. >> John Clizbe wrote: >>> Folks won't snicker behind your back that way. >> Why would people snicker behind my back? I wasn't seriously suggesting >> that he try to do it. > In the absence of any contextual clues to make it clear you were joking, > John was reading your message straight-up. When reading your message > straight up, it comes across as being kind of ankle-biting. Had you > added a smiley, or some note at the end to explain it was a joke, you > probably wouldn't have received that reaction. I thought its absurdity was enough of a clue. I guess I was wrong. > All it amounts to is a joke (a) wasn't received by the intended audience > and (b) the intended audience responded as if it was straight. This > sort of thing happens tens of thousands of times a day on the internet. > So let's all go back to our respective corners, and return a few > minutes later with an appreciation for the expressive power of the > simple, underutilized, smiley. :) Agreed. :-) - -- Windows NT 5.1.2600.2180 | Thunderbird 2.0.0.6 | Enigmail 0.95.5 | GPG 1.4.7 Key ID: 0xF88E034060A78FCB - available on major keyservers and upon request Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBR0lz6viOA0Bgp4/LAQNQAQf/c5gmtyU2L8hoPIplKoKRqe5iDZhVruEl sGvIp2REQwU1rwW5motIJcsXfkHDuq3yQjRBDfpFhgh4LFpVvZL8PWE3XljHW6HJ 1TfGXxcBJrm8sCkn5NgXNF3jJSCh5n9NaVV/2PZA6+0hIfjuB5kalkc9SICOAj6H oKiB8HqDM5W8YT+atvjI7x51njXqWHoMZkHJhJ1+owC522XNv/r6r7AXo8CLCp/A 6152BNID2QlWU0fdPUXxT87+8Ns8JqU/POXAoOZrfET+t6ohG27B6qtYe/buCsUu FwcMSg7cfq/1D7JHZ6JEdfKZOe+6PBMD9c9G0VipVisLB69ZAFwH7w== =HHyh -----END PGP SIGNATURE----- From wk at gnupg.org Mon Nov 26 10:19:43 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 26 Nov 2007 10:19:43 +0100 Subject: Decrypt problem with large file In-Reply-To: <200711180039.56797.thomas-pries@web.de> (Thomas Pries's message of "Sun, 18 Nov 2007 00:39:56 +0100") References: <200711180039.56797.thomas-pries@web.de> Message-ID: <87ejedicsw.fsf@wheatstone.g10code.de> On Sun, 18 Nov 2007 00:39, thomas-pries at web.de said: > gpg: original file name='abc.tgz' > gpg: packet(14) with unknown version 26 > gpg: WARNING: encrypted message has been manipulated! > gpg: packet(6) with unknown version 139 > > I repeated the decryption with different gpg versions (1.4.2, 2.0.4) on Linux I guess that the file got corrupted on the medium. Hard disks are not 100% error free and with such a large file there is a chance that you experienced a bit flip. > I tryed --ignore-crc-error and --ignore-mdc-error but the decryption always The first is only good for the ascii armor which you don't use. --ignore-mdc-error ignores error in the Manipulation Detection Code of the data; not very useful either. > mail-archive from Oct 2005, but this thread focuses on the WinXP problem with > large files an did not help solving my problem. That was probably something with a 2GB or 4GB edge condition or missing support for large files. Not your problem as you stated in the other mail that you were able to decrypt about 30% of the 400GB file. In theory we could add code to resync the parser again but Idount that this will help you becuase yoyu would also need to fix the then corrupted ZIP tarball. Well, it can all be done but would take quite some time to do and even more time for proper testing. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From at120 at hushmail.com Mon Nov 26 10:56:06 2007 From: at120 at hushmail.com (at120 at hushmail.com) Date: Mon, 26 Nov 2007 11:56:06 +0200 Subject: Encryption keys: RSA vs. ElGamal Message-ID: <20071126095606.950CADA81F@mailserver7.hushmail.com> Hello, I need to create a subordinate key, which will be used for encryption only. I tried to find out how RSA differ from ElGamal by searching on the web, but I did not find much useful information. There are some pages that explain the algorithms in detail, but I'm not smart enough to evaluate their security and efficiency just by looking at the algorithms. So it would be great if someone could tell me how they differ when it comes to security and efficiency. I know that "A disadvantage of the ElGamal system is that the encrypted message becomes very big, about twice the size of the original message", and that both seem to be limited to use no larger than 4096-bit keys, but that's all I know. Please don't give me "they're both secure enough" or "just use the defaults" type of answers, I want detailed information. Are there any patent issues with ElGamal? The Wikipedia article mentions nothing about a patent. I found this: "Although the inventor, Taher Elgamal, did not apply for a patent on his invention, the owners of the Diffie-Hellman patent (US patent 4,200,770) felt this system was covered by their patent". I know that RSA was published in 1977, and the patent on it ran out in 2000. ElGamal is from 1984, so if there's a patent on it, will it expire/has it expired in 2007? -AT -- Click for free information on obtaining a second mortgage. http://tagline.hushmail.com/fc/Ioyw6h4d9S3P7xUJExjzpNqgOBe2rFdrpuVjhhjhKmemC0ABSFRXmX/ From wk at gnupg.org Mon Nov 26 13:44:05 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 26 Nov 2007 13:44:05 +0100 Subject: Encryption keys: RSA vs. ElGamal In-Reply-To: <20071126095606.950CADA81F@mailserver7.hushmail.com> (at120@hushmail.com's message of "Mon, 26 Nov 2007 11:56:06 +0200") References: <20071126095606.950CADA81F@mailserver7.hushmail.com> Message-ID: <873autgoru.fsf@wheatstone.g10code.de> On Mon, 26 Nov 2007 10:56, at120 at hushmail.com said: > There are some pages that explain the algorithms in detail, but I'm > not smart enough to evaluate their security and efficiency just by > looking at the algorithms. Go with Elgamal if you want that every OpenPGP impleentaion can cope with it. (I usually use RSA because it is a bit faster). > I know that RSA was published in 1977, and the patent on it ran out > in 2000. ElGamal is from 1984, so if there's a patent on it, will > it expire/has it expired in 2007? The DH patent expired in April 1997 which was the reason I started with GnuPG in the same year. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From rjh at sixdemonbag.org Mon Nov 26 16:21:24 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 26 Nov 2007 09:21:24 -0600 Subject: Encryption keys: RSA vs. ElGamal In-Reply-To: <20071126095606.950CADA81F@mailserver7.hushmail.com> References: <20071126095606.950CADA81F@mailserver7.hushmail.com> Message-ID: <474AE474.8020703@sixdemonbag.org> > So it would be great if someone could tell me how they differ when > it comes to security and efficiency. Answering this in detail will require at least a solid undergraduate degree in either CS or mathematics. I am coming close to a Ph.D. in computer science, and I still screw up some of the finer points of the relationship between the integer factorization problem and the discrete logarithm problem. Beware of any straightforward answers you get to this problem. They are almost undoubtedly simplified to the point of gross inaccuracy. > know. Please don't give me "they're both secure enough" or "just > use the defaults" type of answers, I want detailed information. Unless you know what you're doing and why, use the defaults. That is the absolute best advice I can give, the absolute best advice I think almost anyone can give. > Are there any patent issues with ElGamal? Not in the opinion of the IETF. From jmoore3rd at bellsouth.net Mon Nov 26 17:12:25 2007 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Mon, 26 Nov 2007 11:12:25 -0500 Subject: Encryption keys: RSA vs. ElGamal In-Reply-To: <474AE474.8020703@sixdemonbag.org> References: <20071126095606.950CADA81F@mailserver7.hushmail.com> <474AE474.8020703@sixdemonbag.org> Message-ID: <474AF069.7040600@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Robert J. Hansen wrote: >> So it would be great if someone could tell me how they differ when >> it comes to security and efficiency. > > Answering this in detail will require at least a solid undergraduate > degree in either CS or mathematics. Robert's statement above is quite correct. That said; I personally [subjectively] feel that Elgamal is bit-for-bit more secure. In My former career I was 'privileged' to attend several In Service Training lectures regarding this and even discuss at length these concepts with folks who most certainly knew what they were talking about. Needless to say, much of their 'proofs' were so far over My head that I didn't even feel a whiff of wind. :-D Since they were employed by the same Government Agency as I & their specific job function was to analyze these very areas; I have no problem accepting their conclusions on faith. In the 'Real World' of practical, non-tactical Communication the differences between Elgamal & RSA are probably negligible. The issue of 'time' as originally mentioned by You is also negligible today. We are now in a realm of Ghz processors and multi-core processors so 'time' is now measured in increments of a second. Hardly a viable consideration. Ultimately, You, alone, must determine what algorithm best suits Your needs and comfort level. JOHN ;) Timestamp: Monday 26 Nov 2007, 11:12 --500 (Eastern Standard Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8-svn4622: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: My Homepage: http://tinyurl.com/yzhbhx Comment: MySpace Page: http://www.myspace.com/jmoore3rd iQEcBAEBCgAGBQJHSvBoAAoJEBCGy9eAtCsPPu0H/0x0FumE0z+Th+FjAzu/ceaF mPKaHZ7SASqxPwWLuln+DWzEZnQ3OMi2atqMVvr1ty7HXYTvg2dDt7hO/5+HU6wl mZF32Zs44hx0gS/7DzdyASVeiW1Rf3tyxXr++GQ8iZ0TiwkL/ynhCV7h4qF3l7B5 Q7Qxm+/aWLxrzXK2bPyNhzvlhOIutYsev8jDzLjWz2irBG1pmelRUolH0G5CbW5C 8yxt2yDfbAhwqsZLto9rTA+w0hnps5Usc1KyhSw47+IiXVof9L0xGDEC003zEjyN +Q3XFeO9w27YhkZHSmWNUlzQ158EnjklkjKB2pRzBWviQSd+vBvDxiHGbcNYOe8= =vbsV -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Mon Nov 26 19:50:56 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 26 Nov 2007 12:50:56 -0600 Subject: Encryption keys: RSA vs. ElGamal In-Reply-To: <474AF069.7040600@bellsouth.net> References: <20071126095606.950CADA81F@mailserver7.hushmail.com> <474AE474.8020703@sixdemonbag.org> <474AF069.7040600@bellsouth.net> Message-ID: <474B1590.5020809@sixdemonbag.org> John W. Moore III wrote: > That said; I personally [subjectively] feel that Elgamal is bit-for-bit > more secure. This is common wisdom; unfortunately, I'm not sure that the common wisdom is correct. >From a pure math perspective, it's probably true that the discrete logarithm problem is harder than the integer factorization problem. (Probably. There are a lot of hidden assumptions and suppositions that go into it. While I don't find the assumptions and suppositions to be unreasonable, it does give me the heebie-jeebies when people talk about one being 'more secure' than the other without ever mentioning the assumptions.) However, both are so phenomenally hard that any attack against the system will probably target key management, sloppy communication protocols, traffic analysis, etc.--and for these sort of attacks, Elgamal is no better than RSA. From eocsor at gmail.com Mon Nov 26 23:49:43 2007 From: eocsor at gmail.com (Roscoe) Date: Tue, 27 Nov 2007 08:19:43 +0930 Subject: Encryption keys: RSA vs. ElGamal In-Reply-To: <20071126095606.950CADA81F@mailserver7.hushmail.com> References: <20071126095606.950CADA81F@mailserver7.hushmail.com> Message-ID: http://www.samsimpson.com/cryptography/pgp/pgpfaq.html PGP DH vs. RSA FAQ Copyright (c) 1999 S.Simpson - All Rights Reserved A bit old, but I still found it interesting when I read it (wasn't quite so old then :). -- Roscoe On Nov 26, 2007 7:26 PM, wrote: > Hello, > > I need to create a subordinate key, which will be used for > encryption only. I tried to find out how RSA differ from ElGamal by > searching on the web, but I did not find much useful information. > There are some pages that explain the algorithms in detail, but I'm > not smart enough to evaluate their security and efficiency just by > looking at the algorithms. > > So it would be great if someone could tell me how they differ when > it comes to security and efficiency. I know that "A disadvantage of > the ElGamal system is that the encrypted message becomes very big, > about twice the size of the original message", and that both seem > to be limited to use no larger than 4096-bit keys, but that's all I > know. Please don't give me "they're both secure enough" or "just > use the defaults" type of answers, I want detailed information. > > Are there any patent issues with ElGamal? The Wikipedia article > mentions nothing about a patent. I found this: "Although the > inventor, Taher Elgamal, did not apply for a patent on his > invention, the owners of the Diffie-Hellman patent (US patent > 4,200,770) felt this system was covered by their patent". > > I know that RSA was published in 1977, and the patent on it ran out > in 2000. ElGamal is from 1984, so if there's a patent on it, will > it expire/has it expired in 2007? > > -AT > > > -- > Click for free information on obtaining a second mortgage. > http://tagline.hushmail.com/fc/Ioyw6h4d9S3P7xUJExjzpNqgOBe2rFdrpuVjhhjhKmemC0ABSFRXmX/ > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From snoken at tunedal.nu Tue Nov 27 14:13:47 2007 From: snoken at tunedal.nu (Snoken) Date: Tue, 27 Nov 2007 14:13:47 +0100 Subject: WinXP problem with large files was: Re: Decrypt problem with large file In-Reply-To: <200711180039.56797.thomas-pries@web.de> References: <200711180039.56797.thomas-pries@web.de> Message-ID: <200711271313.lARDDs36014112@www11.aname.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, is the old problem with files greater than 4 GB solved? How large files can gpg handle on WindowsXP? On other systems? Snoken At 00:39 2007-11-18, you wrote: - --snip-- >I found a thread discussing a similar decryption problem in the Gnupg-users >mail-archive from Oct 2005, but this thread focuses on the WinXP problem with >large files an did not help solving my problem. > - --- snip--- > >Greetings >Thomas > > > > > > >_______________________________________________ >Gnupg-users mailing list >Gnupg-users at gnupg.org >http://lists.gnupg.org/mailman/listinfo/gnupg-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) - GPGrelay v0.959 iD8DBQFHTBhGWisObvnr8tQRAinvAJ0S4aaarBzX51YY7r73ggI3FLR9iQCfUlK3 F9rDaZN4/WdBs6iMrVbir5s= =M/TJ -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Tue Nov 27 20:11:44 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 27 Nov 2007 13:11:44 -0600 Subject: WinXP problem with large files was: Re: Decrypt problem with large file In-Reply-To: <200711271313.lARDDs36014112@www11.aname.net> References: <200711180039.56797.thomas-pries@web.de> <200711271313.lARDDs36014112@www11.aname.net> Message-ID: <474C6BF0.3010607@sixdemonbag.org> Snoken wrote: > is the old problem with files greater than 4 GB solved? How large > files can gpg handle on WindowsXP? On other systems? Depends a lot on your filesystem. FAT32 doesn't like files greater than 4GB, no matter what program makes them. NTFS does not have this limitation. I have seen 50Gb files processed on UNIX machines without error. Other people undoubtedly have seen more (much more). Once you hit file sizes like that, you need to start looking a lot at your OS limitations as opposed to GnuPG limitations. From malayter at gmail.com Wed Nov 28 00:59:08 2007 From: malayter at gmail.com (Ryan Malayter) Date: Tue, 27 Nov 2007 17:59:08 -0600 Subject: WinXP problem with large files was: Re: Decrypt problem with large file In-Reply-To: <474C6BF0.3010607@sixdemonbag.org> References: <200711180039.56797.thomas-pries@web.de> <200711271313.lARDDs36014112@www11.aname.net> <474C6BF0.3010607@sixdemonbag.org> Message-ID: <5d7f07420711271559w5e75d73dgd561f5d02314001f@mail.gmail.com> > Snoken wrote: > > is the old problem with files greater than 4 GB solved? How large > > files can gpg handle on WindowsXP? On other systems? My recollection is that the file size issue was fixed years ago, as it was a limitation in the MinGW layer or something that was remedied. I never followed up much, though, becuase GnuPG's encryption was very slow compared with alternatives (7-zip). When I used GnuPG, encryption was CPU-bound, even with compression turned off. When I use 7-zip, encryption of our 500 GB backup files is disk-bound. I also recall that Werner stated the AES code in GnuPG wouldn't be optimized for a number of reasons, becasue of security (timing attacks), and also a desire to keep GnuPG architecture-agnostinc. The faster AES code used by 7-zip pretty much assumes a 32-bit x86 processor is the target. It's C, not assembler, but the data alignment in 7-zip's code is very architecture specific. Regards, Ryan From snoken at tunedal.nu Wed Nov 28 10:06:43 2007 From: snoken at tunedal.nu (Snoken) Date: Wed, 28 Nov 2007 10:06:43 +0100 Subject: WinXP problem with large files was: Re: Decrypt problem with large file In-Reply-To: <5d7f07420711271559w5e75d73dgd561f5d02314001f@mail.gmail.co m> References: <200711180039.56797.thomas-pries@web.de> <200711271313.lARDDs36014112@www11.aname.net> <474C6BF0.3010607@sixdemonbag.org> <5d7f07420711271559w5e75d73dgd561f5d02314001f@mail.gmail.com> Message-ID: <200711280906.lAS96kpI001202@www11.aname.net> Hi again, I found the old thread: Trouble decrypting AES256 symmetric encrypted file: You (Ryan) wrote: This is surpisingly *not* a Windows issue. We have 200+ GB database files on many of our database servers. All using NTFS. I think the issue is that GnuPG is using a 32-bit DWORD file pointer and the older file functions. Werner mentioned using GetFIleSize, but the platform SDK indicates that you need to use GetFileSizeEx to enable files greater than 2^32 bytes: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/fileio/fs/getfilesize.asp Werner, do you use GetFileSize or GetFileSizeEx? There are also WriteFileEx and any number of other -Ex file-related functions to handle files larger than 4 GB. Fixed? Snoken At 00:59 2007-11-28, you wrote: >> Snoken wrote: >> > is the old problem with files greater than 4 GB solved? How large >> > files can gpg handle on WindowsXP? On other systems? > >My recollection is that the file size issue was fixed years ago, as it >was a limitation in the MinGW layer or something that was remedied. I >never followed up much, though, becuase GnuPG's encryption was very >slow compared with alternatives (7-zip). When I used GnuPG, encryption >was CPU-bound, even with compression turned off. When I use 7-zip, >encryption of our 500 GB backup files is disk-bound. > >I also recall that Werner stated the AES code in GnuPG wouldn't be >optimized for a number of reasons, becasue of security (timing >attacks), and also a desire to keep GnuPG architecture-agnostinc. The >faster AES code used by 7-zip pretty much assumes a 32-bit x86 >processor is the target. It's C, not assembler, but the data alignment >in 7-zip's code is very architecture specific. > >Regards, >Ryan > >_______________________________________________ >Gnupg-users mailing list >Gnupg-users at gnupg.org >http://lists.gnupg.org/mailman/listinfo/gnupg-users From wk at gnupg.org Wed Nov 28 11:59:30 2007 From: wk at gnupg.org (Werner Koch) Date: Wed, 28 Nov 2007 11:59:30 +0100 Subject: WinXP problem with large files was: Re: Decrypt problem with large file In-Reply-To: <5d7f07420711271559w5e75d73dgd561f5d02314001f@mail.gmail.com> (Ryan Malayter's message of "Tue, 27 Nov 2007 17:59:08 -0600") References: <200711180039.56797.thomas-pries@web.de> <200711271313.lARDDs36014112@www11.aname.net> <474C6BF0.3010607@sixdemonbag.org> <5d7f07420711271559w5e75d73dgd561f5d02314001f@mail.gmail.com> Message-ID: <8763zm63fx.fsf@wheatstone.g10code.de> On Wed, 28 Nov 2007 00:59, malayter at gmail.com said: > I also recall that Werner stated the AES code in GnuPG wouldn't be > optimized for a number of reasons, becasue of security (timing > attacks), and also a desire to keep GnuPG architecture-agnostinc. The Nope. It is just that nobody has found the time to optimize the code. We can't use Brian Gladman's optimized implementation due to legal reasons. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wk at gnupg.org Wed Nov 28 12:10:51 2007 From: wk at gnupg.org (Werner Koch) Date: Wed, 28 Nov 2007 12:10:51 +0100 Subject: WinXP problem with large files was: Re: Decrypt problem with large file In-Reply-To: <200711280906.lAS96kpI001202@www11.aname.net> (snoken@tunedal.nu's message of "Wed, 28 Nov 2007 10:06:43 +0100") References: <200711180039.56797.thomas-pries@web.de> <200711271313.lARDDs36014112@www11.aname.net> <474C6BF0.3010607@sixdemonbag.org> <5d7f07420711271559w5e75d73dgd561f5d02314001f@mail.gmail.com> <200711280906.lAS96kpI001202@www11.aname.net> Message-ID: <871waa62x0.fsf@wheatstone.g10code.de> On Wed, 28 Nov 2007 10:06, snoken at tunedal.nu said: > Werner, do you use GetFileSize or GetFileSizeEx? There are also Since 1.4.3 we are using GetFileSizeEx if available on the platform. We use it todecide whether a file is close to 4GB - if this is the case we use OpenPGP's partial encoding format even if we know the full file length and could go with one straigth length header. There used to be a bug that we were not able to detect the 4GB limit. To exlude potential problems with gpg's file I/O it is often better to redirect input and output to gpg. Actually, gpg has been written to allow for this and to be agnostic to the file length. Agreed, I am not doing large file test cases before a new release, so there is a possibility that something broke. > WriteFileEx and any number of other -Ex file-related functions to > handle files larger than 4 GB. WriteFileEx is only useful if you need an I/O completion function. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wrolle at smartgrp.com Wed Nov 28 18:31:41 2007 From: wrolle at smartgrp.com (Rolle, Walter) Date: Wed, 28 Nov 2007 12:31:41 -0500 Subject: artifacts and file name insert themselves before first line after decryption Message-ID: Hello, I am researching an issue that I'm having trouble finding the solution. When I encrypt a file using GnuPG and then decrypt it using a pure Java library which supports Open PGP - some artifacts are inserted in the beginning of the file. For example, the text below is inserted before the first line, and note that it contains the file name as well. ??tCustomer_Service.csvGM?... Has anyone seen this before? If both GnuPG claims to be OpenPGP compliant, shouldn't this method work? Thanks! ? -------------------------------------------------------------------------- SMART Business Advisory and Consulting, LLC and SMART and Associates, LLP have an alternative practice structure. The two companies are separate and independent legal entities that work together to meet clients' business needs. SMART Business Advisory and Consulting, LLC is not a licensed CPA firm. ? This message may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended recipient (or authorized to act on behalf of the intended recipient) of this message, you may not disclose, forward, distribute, copy, or use this message or its contents. If you have received this communication in error, please notify us immediately by return e-mail and delete the original message from your e-mail system. From lampesberger.peter at gmail.com Tue Nov 27 23:52:29 2007 From: lampesberger.peter at gmail.com (Peter Lampesberger) Date: Tue, 27 Nov 2007 23:52:29 +0100 Subject: 2 keys with same passwords and email on keyserver(but only 1 secretkey) Message-ID: <3A554BB6-8FAB-42FC-9012-8385691FE577@gmail.com> hey! Im a gpg newbie... And i did one bad thing: I generated my first key.... and uploaded the public key to the keyserver. then i decided to take a better keylength and deleted the old key on my harddisk (and yeah i ignored the warning message.) Of course, i didnt generate any revoke-cetifikates... And now i generated the second key with the same password and email but with another length and uploaded it again. Now I have 2 public keys and only one private key.... But i tried to send an encrypted mail with my first public key.... And could decrypt it?!?! I deleted my old private key.. so why can i decrypt it? or i am stupid? Can somebody help me? thx, sorry for my bad english! -- Bitte schicken Sie mir wenn m?glich nur PGP/GPG verschl?sselte E-Mails. Mein ?ffentlicher Key ist unten ersichtlich. Hilfe zur Installation solcher Programme und die Programme selbst findet man unter: http://www.gnupg.org/ GNU Privacy Guard Please send me only PGP/GPG encrypted mails if possible. My public key is at the ending of this message. Help for the installation of such programs and setups can be found under: http://www.gnupg.org/ GNU Privacy Guard -- -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: Signierter Teil der Nachricht Url : /pipermail/attachments/20071127/fdbdbb36/attachment.pgp From hesla at aem.umn.edu Wed Nov 21 00:06:12 2007 From: hesla at aem.umn.edu (Todd Hesla) Date: Tue, 20 Nov 2007 17:06:12 -0600 Subject: Newbie question Message-ID: <20071120230612.GA13233@aem.umn.edu> I am a newbie to GnuPG, and am using gpg-agent so that I only need to enter my passphrase once. If I decrypt a file (which I encrypted to myself), I am of course asked to enter my passphrase. If I decrypt it a second time, gpg-agent supplies my passphrase from its cache. However, gpg2 still displays the passphrase prompt-message in the terminal: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - $$ ll test* -rw-rw-r-- 1 todd todd 6 2007-11-20 15:14 test $$ cat test Test. $$ gpg2 -e test $$ ll test* -rw-rw-r-- 1 todd todd 6 2007-11-20 15:14 test -rw-rw-r-- 1 todd todd 599 2007-11-20 16:26 test.gpg $$ gpg2 -d test.gpg You need a passphrase to unlock the secret key for user: "Todd Hesla (General) " 2048-bit ELG key, ID 1C0B50A0, created 2007-11-20 (main key ID 65A3115F) Test. $$ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - How can I get rid of this prompt-message? Apparently, it is not sufficient to just re-direct standard output and standard error to "/dev/null": - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - $$ gpg2 -d test.gpg &>/dev/null You need a passphrase to unlock the secret key for user: "Todd Hesla (General) " 2048-bit ELG key, ID 1C0B50A0, created 2007-11-20 (main key ID 65A3115F) $$ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Any tips on how to eliminate this prompt-message (when I decrypt the file the second time) will be very much appreciated. Thank you. -- Todd Hesla Department of Aerospace Engineering and Mechanics University of Minnesota Minneapolis, Minnesota USA From zoeyyl.hung at jpmorgan.com Thu Nov 22 11:15:33 2007 From: zoeyyl.hung at jpmorgan.com (zoeyyl.hung at jpmorgan.com) Date: Thu, 22 Nov 2007 18:15:33 +0800 Subject: Error: this may be caused by a missing self-signature Message-ID: Dear support, There is an error "this may be caused by a missing self-signature" when partner sides import my public key? They are using currently using gpg 1.4.7 under Windows Server 2003, my questions are: 1) why causes the error? 2) Is it because they are using windows server 2003? can windows server 2003 works smoothly for gpg? as I see the supported systems exclude that...Pls advise, thank you. YL ----------------------------------------- This communication is for informational purposes only. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Any comments or statements made herein do not necessarily reflect those of JPMorgan Chase & Co., its subsidiaries and affiliates. This transmission may contain information that is privileged, confidential, legally privileged, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by JPMorgan Chase & Co., its subsidiaries and affiliates, as applicable, for any loss or damage arising in any way from its use. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. Please refer to http://www.jpmorgan.com/pages/disclosures for disclosures relating to UK legal entities. From sven at radde.name Fri Nov 23 16:51:46 2007 From: sven at radde.name (Sven Radde) Date: Fri, 23 Nov 2007 16:51:46 +0100 Subject: Revoke a key - What is with the decrypted messages? In-Reply-To: <4746DAA5.4030006@yahoo.co.uk> References: <4746DAA5.4030006@yahoo.co.uk> Message-ID: <4746F712.5010602@radde.name> Hi! Wolf Canis schrieb: > I have a revocation > certificate. Great! ;-) > But what is with the decrypted messages to me, can I still encrypt this > messages? Or is the secret key invalid too? You will be able to decrypt messages and others will be able to verify signatures which were issued by the revoked key when it was still valid. Others won't be able to encrypt *to* the revoked key anymore and you won't be able to sign anything new anymore with the key. Revocation isn't so much technically "destroying" the key, it is more an administrative procedure telling everybody that the key is not in active use anymore and should be treated accordingly. If you still have access to the secret key, you do not have to use your pre-generated revocation certificate. You can also directly revoke the key. This has the advantage that you can specify a reason for revoking (e.g. "replaced by new key: 0x..."). HTH, Sven From sven at radde.name Mon Nov 26 13:17:42 2007 From: sven at radde.name (Sven Radde) Date: Mon, 26 Nov 2007 13:17:42 +0100 Subject: Encryption keys: RSA vs. ElGamal In-Reply-To: <20071126095606.950CADA81F@mailserver7.hushmail.com> References: <20071126095606.950CADA81F@mailserver7.hushmail.com> Message-ID: <474AB966.8030500@radde.name> Hi! at120 at hushmail.com schrieb: > I know that "A disadvantage of > the ElGamal system is that the encrypted message becomes very big, > about twice the size of the original message", This may be true, but mind you that the "message" the ElGamal (or RSA) encrypts is only the symmetric (=256bit) key which will then be used to encrypt the actual plaintext. Therefore, the impact of size overhead is minimal. (Mostly the same goes for performance issues.) The size of the key has a vastly greater impact on performance issues than algorithm choice, IMHO. Anyway, keys are free. Go ahead and create two "test" keys: One RSA and one ElGamal and write a little script that simulates your intended use and makes a protocol of ciphertext sizes and performance measurements. This way, you will probably get the most detailed information for your intended application and make your own assumptions whether each algorithm satisfies your (unstated) requirements. > and that both seem > to be limited to use no larger than 4096-bit keys, but that's all I > know. I don't think that this is a theoretical limitation. It is definitely not for RSA (there are larger keys around). The current implementations do not generate larger keys because larger keys don't bring real advantages. > Please don't give me "they're both secure enough" Well, without going into the algorithm details, this is probably as detailed an answer as you can get. 4096 bit RSA is as secure as 4096 bit ElGamal - both are "unbreakable" (in practice). Then, if you are worried about an attacker that might break 1024 bit RSA, you won't be safe with 1024 bit ElGamal, either. One might add that (it is my impression that) more research goes into factoring algorithms (hence, into breaking RSA) than on the discrete logarithm problem. But as far as I understand the math, both problems are rather related, anyway. So, if factoring research yields practical advances in algorithms for attacking RSA, ElGamal breaking might become easier as well. > Are there any patent issues with ElGamal? IANAPL (I'm not a patent lawyer), but the general opinion is: "No." > if there's a patent on it, will > it expire/has it expired in 2007? > This depends on your jurisdiction and the exact dates when those hypothetical patents would have been filed. Regarding patent 4,200,770, it has apparently expired: HTH, Sven From dshaw at jabberwocky.com Thu Nov 29 15:50:19 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 29 Nov 2007 09:50:19 -0500 Subject: Error: this may be caused by a missing self-signature In-Reply-To: References: Message-ID: <20071129145019.GB6508@jabberwocky.com> On Thu, Nov 22, 2007 at 06:15:33PM +0800, zoeyyl.hung at jpmorgan.com wrote: > Dear support, > > There is an error "this may be caused by a missing self-signature" when > partner sides import my public key? > They are using currently using gpg 1.4.7 under Windows Server 2003, my > questions are: > > 1) why causes the error? Your key is probably missing a self-signature. > 2) Is it because they are using windows server 2003? can windows server > 2003 works smoothly for gpg? as I see the supported systems exclude > that...Pls advise, thank you. This has nothing to do with the operating system they are running. The error is on your side, not theirs. What OpenPGP programs are you using currently, and what program did you use to generate your key? David From sadam at clemson.edu Thu Nov 29 16:31:49 2007 From: sadam at clemson.edu (Adam Schreiber) Date: Thu, 29 Nov 2007 10:31:49 -0500 Subject: Fwd: 2 keys with same passwords and email on keyserver(but only 1 secretkey) In-Reply-To: <3A554BB6-8FAB-42FC-9012-8385691FE577@gmail.com> References: <3A554BB6-8FAB-42FC-9012-8385691FE577@gmail.com> Message-ID: <8298be230711290731x4f7a6216o9c577abbd02cb175@mail.gmail.com> This was sent to me individually and I can only imagine that its intended destination was here. ---------- Forwarded message ---------- From: Peter Lampesberger Date: Nov 27, 2007 5:52 PM Subject: 2 keys with same passwords and email on keyserver(but only 1 secretkey) To: sadam at clemson.edu hey! Im a gpg newbie... And i did one bad thing: I generated my first key.... and uploaded the public key to the keyserver. then i decided to take a better keylength and deleted the old key on my harddisk (and yeah i ignored the warning message.) Of course, i didnt generate any revoke-cetifikates... And now i generated the second key with the same password and email but with another length and uploaded it again. Now I have 2 public keys and only one private key.... But i tried to send an encrypted mail with my first public key.... And could decrypt it?!?! I deleted my old private key.. so why can i decrypt it? or i am stupid? Can somebody help me? thx, sorry for my bad english! -- Bitte schicken Sie mir wenn m?glich nur PGP/GPG verschl?sselte E-Mails. Mein ?ffentlicher Key ist unten ersichtlich. Hilfe zur Installation solcher Programme und die Programme selbst findet man unter: http://www.gnupg.org/ GNU Privacy Guard Please send me only PGP/GPG encrypted mails if possible. My public key is at the ending of this message. Help for the installation of such programs and setups can be found under: http://www.gnupg.org/ GNU Privacy Guard -- _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 185 bytes Desc: not available Url : /pipermail/attachments/20071129/ccb6eccb/attachment.pgp From dshaw at jabberwocky.com Thu Nov 29 17:12:32 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 29 Nov 2007 11:12:32 -0500 Subject: 2 keys with same passwords and email on keyserver(but only 1 secretkey) In-Reply-To: <3A554BB6-8FAB-42FC-9012-8385691FE577@gmail.com> References: <3A554BB6-8FAB-42FC-9012-8385691FE577@gmail.com> Message-ID: <20071129161232.GC6508@jabberwocky.com> On Tue, Nov 27, 2007 at 11:52:29PM +0100, Peter Lampesberger wrote: > hey! > > Im a gpg newbie... > > And i did one bad thing: I generated my first key.... and uploaded the > public key to the keyserver. > > then i decided to take a better keylength and deleted the old key on my > harddisk (and yeah i ignored the warning message.) > > Of course, i didnt generate any revoke-cetifikates... > > And now i generated the second key with the same password and email but > with another length and uploaded it again. > > Now I have 2 public keys and only one private key.... > > But i tried to send an encrypted mail with my first public key.... And > could decrypt it?!?! I deleted my old private key.. so why can i decrypt > it? There isn't enough information here to give a solid answer, but I suspect that since both keys have the same user ID string, you are encrypting to the new key, and only think you are encrypting to the old one. Or possibly you didn't really delete the old key. David From wk at gnupg.org Thu Nov 29 17:24:54 2007 From: wk at gnupg.org (Werner Koch) Date: Thu, 29 Nov 2007 17:24:54 +0100 Subject: artifacts and file name insert themselves before first line after decryption In-Reply-To: (Walter Rolle's message of "Wed, 28 Nov 2007 12:31:41 -0500") References: Message-ID: <87fxyp81ex.fsf@wheatstone.g10code.de> On Wed, 28 Nov 2007 18:31, wrolle at smartgrp.com said: > ?.?t.Customer_Service.csvGM.... That looks pretty much like a literal data packet. That is the OpenPGP container object used to wrap the actual data. You application needs to parse that too. Thus it is a usage problem with the Java library. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From yalla at fsfe.org Thu Nov 29 16:24:33 2007 From: yalla at fsfe.org (Alexander W. Janssen) Date: Thu, 29 Nov 2007 16:24:33 +0100 Subject: Strange decryption problem (block_filter read error) Message-ID: <474ED9B1.6090504@fsfe.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, I noticed a strange problem which occurred now three or maybe four times, all under different circumstances. I was using my Openpgp Smartcard to encrypt a file (size about 1.4 MB) to someone else and to my key as well. When I wanted to access the very same encrypted file to check if I was able to decrypt it, I got this error: ... gpg: block_filter 00B36A38: read error (size=9277,a->size=9277) gpg: Problem reading source (16560 bytes remaining) gpg: handle plaintext failed: file read error gpg: mdc_packet with invalid encoding gpg: decryption failed: invalid packet gpg: block_filter: pending bytes! It decrypted parts of the file, but stopped eventually, so the file isn't completely decrypted. I had the same problem with encrypted attachments I received from other people who encrypted only against my public key. It's weird. However, I also encrypted large files with success, so this is a sparse problem. Does anyone have an idea what the problem could be? Is my smartcard maybe borked? Using gpg 1.4.7 on Windows, same problem occurs with gpg 1.4.6 on Linux. Thanks, Alex. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iQCVAwUBR07ZsBYlVVSQ3uFxAQLJ1QP+L7+p8upKA7ertWktED6zowd60vZTqjY6 6KeEeHH1MenjU7zVqO0tRQPAJLK+pMNTncPYrnvWG/QGrp/nylvXY4KUHldn+KeP 4RoulghgJ50LTMEfEJyNjU8PDisPmjHHAO6ncx3B+5IWmBGttH6jID7aOLQ4FJG1 mMVjurr0cNU= =rEpc -----END PGP SIGNATURE----- From thomas-pries at web.de Mon Nov 26 10:58:49 2007 From: thomas-pries at web.de (Thomas Pries) Date: Mon, 26 Nov 2007 10:58:49 +0100 Subject: Decrypt problem with large file In-Reply-To: <87ejedicsw.fsf@wheatstone.g10code.de> References: <200711180039.56797.thomas-pries@web.de> <87ejedicsw.fsf@wheatstone.g10code.de> Message-ID: <200711261058.49698.thomas-pries@web.de> Hello, Am Montag, 26. November 2007 10:19 schrieb Werner Koch: > I guess that the file got corrupted on the medium. Hard disks are not > 100% error free and with such a large file there is a chance that you > experienced a bit flip. No doubt, my fault, I should have a second (and third) copy of the file :-( . > In theory we could add code to resync the parser again but Idount that > this will help you becuase yoyu would also need to fix the then > corrupted ZIP tarball. Well, it can all be done but would take quite > some time to do and even more time for proper testing. I realized, that I have lost my data :-(. Greetings Thomas From hesla at aem.umn.edu Fri Nov 30 00:44:19 2007 From: hesla at aem.umn.edu (Todd Hesla) Date: Thu, 29 Nov 2007 17:44:19 -0600 Subject: Needless passphrase prompt Message-ID: <20071129234419.GA5187@aem.umn.edu> This is a re-posting (in modified form) of a recent posting of mine under another subject heading ("Newbie question") which has not yet received any response. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - I am running GnuPG 2.0.3 on Fedora 7. I am using gpg-agent, and find that even after gpg-agent has cached my passphrase, gpg2 (needlessly) issues a passphrase prompt to the terminal when it needs to access my secret key. (The "pinentry" dialog window, however, does not appear.) Is there any way to eliminate this needless passphrase prompt? I have tried redirecting both standard output and standard error to /dev/null, but to no avail. In the following example, I first encrypt (to myself) and then decrypt a test file--after gpg-agent has already cached my passphrase. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - $$ ll test* -rw-rw-r-- 1 todd todd 6 2007-11-20 15:14 test $$ cat test Test. $$ gpg2 -e test $$ ll test* -rw-rw-r-- 1 todd todd 6 2007-11-20 15:14 test -rw-rw-r-- 1 todd todd 599 2007-11-20 16:26 test.gpg $$ gpg2 -d test.gpg You need a passphrase to unlock the secret key for user: "Todd Hesla (General) " 2048-bit ELG key, ID 1C0B50A0, created 2007-11-20 (main key ID 65A3115F) Test. $$ gpg2 -d test.gpg &>/dev/null You need a passphrase to unlock the secret key for user: "Todd Hesla (General) " 2048-bit ELG key, ID 1C0B50A0, created 2007-11-20 (main key ID 65A3115F) $$ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Thanks for any help you can give me. -- Todd Hesla Department of Aerospace Engineering and Mechanics University of Minnesota Minneapolis, Minnesota USA From dshaw at jabberwocky.com Fri Nov 30 02:05:15 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 29 Nov 2007 20:05:15 -0500 Subject: SHA-224 problem Message-ID: <20071130010515.GA11616@jabberwocky.com> A typo was recently discovered in the new OpenPGP RFC. While an errata document will be issued to take care of the RFC, there is some impact to GPG as well. The typo was in the encoded ASN.1 OID for SHA-224: a number that forms part of the signature when the hash is used with an RSA key. I've committed a fix for this for 1.4.8, so that new RSA + SHA-224 signatures use the right constants. I've also added some bug-compatibility code so that 1.4.8 (and later) will be able to verify the old, incorrect signatures. What this means: * If you make a RSA + SHA-224 signature with 1.4.8 or later, earlier versions will not be able to verify it. * Existing RSA + SHA-224 signatures that were made with 1.4.7 or earlier will still be verifiable with 1.4.8 or later. Remember that this only applies to an RSA signature made with the SHA-224 hash. There is no problem with any DSA signatures (whether they use SHA-224 or not), or RSA signatures with any other hash. Also note that this does not make the signature insecure or unsafe in any way. This is strictly a compatibility issue. David From dshaw at jabberwocky.com Fri Nov 30 05:07:17 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 29 Nov 2007 23:07:17 -0500 Subject: SHA-224 problem In-Reply-To: <20071130010515.GA11616@jabberwocky.com> References: <20071130010515.GA11616@jabberwocky.com> Message-ID: <20071130040717.GB11616@jabberwocky.com> On Thu, Nov 29, 2007 at 08:05:15PM -0500, David Shaw wrote: > I've committed a fix for this for 1.4.8, so that new RSA + SHA-224 > signatures use the right constants. I've also added some > bug-compatibility code so that 1.4.8 (and later) will be able to > verify the old, incorrect signatures. I should also add that GPG2 does not have this problem as it uses libgcrypt for its crypto, and libgcrypt does not currently support SHA-224. The version of libgcrypt currently in development does have this problem, but it will be fixed before it is released. David From wk at gnupg.org Fri Nov 30 09:09:05 2007 From: wk at gnupg.org (Werner Koch) Date: Fri, 30 Nov 2007 09:09:05 +0100 Subject: Needless passphrase prompt In-Reply-To: <20071129234419.GA5187@aem.umn.edu> (Todd Hesla's message of "Thu, 29 Nov 2007 17:44:19 -0600") References: <20071129234419.GA5187@aem.umn.edu> Message-ID: <87oddcxihq.fsf@wheatstone.g10code.de> On Fri, 30 Nov 2007 00:44, hesla at aem.umn.edu said: > Is there any way to eliminate this needless passphrase prompt? I have tried > redirecting both standard output and standard error to /dev/null, but to no > avail. Unfortunately there is no easy way to remove this prompt (or lets better say, information about the passphrase to use). gpg2 does not know in advance whether gpg-agent will be able to return the passphrase from the cache and it always print that prompt. Eventually we will move all secret key operation into the aganet, so that the agent as full control and will emit the prompt only when needed. You may remove that message (but also other prompts like "overwrite file?") by using the option --no-tty. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wk at gnupg.org Fri Nov 30 09:16:20 2007 From: wk at gnupg.org (Werner Koch) Date: Fri, 30 Nov 2007 09:16:20 +0100 Subject: Strange decryption problem (block_filter read error) In-Reply-To: <474ED9B1.6090504@fsfe.org> (Alexander W. Janssen's message of "Thu, 29 Nov 2007 16:24:33 +0100") References: <474ED9B1.6090504@fsfe.org> Message-ID: <87k5o0xi5n.fsf@wheatstone.g10code.de> On Thu, 29 Nov 2007 16:24, yalla at fsfe.org said: > gpg: block_filter 00B36A38: read error (size=9277,a->size=9277) > gpg: Problem reading source (16560 bytes remaining) > gpg: handle plaintext failed: file read error Is it possible that the file has been corrupted for example by a merge of some status output or debug messages of a frontend (mutt?) into the data stream? > Does anyone have an idea what the problem could be? Is my smartcard > maybe borked? I dont think that this is a problem with teh samrtdcard. The problems occurs during bulk decryption and not whule decrypting the session key with the smart card. However it is in theory possible that the smartcard code printed debug messages to stdout. CR/LF <-> LF mapping somewhere? Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From yalla at fsfe.org Fri Nov 30 14:24:12 2007 From: yalla at fsfe.org (Alexander W. Janssen) Date: Fri, 30 Nov 2007 14:24:12 +0100 Subject: Strange decryption problem (block_filter read error) In-Reply-To: <87k5o0xi5n.fsf@wheatstone.g10code.de> References: <474ED9B1.6090504@fsfe.org> <87k5o0xi5n.fsf@wheatstone.g10code.de> Message-ID: <47500EFC.5060806@fsfe.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Werner Koch wrote: > On Thu, 29 Nov 2007 16:24, yalla at fsfe.org said: > >> gpg: block_filter 00B36A38: read error (size=9277,a->size=9277) >> gpg: Problem reading source (16560 bytes remaining) >> gpg: handle plaintext failed: file read error > > Is it possible that the file has been corrupted for example by a merge > of some status output or debug messages of a frontend (mutt?) into the > data stream? Hi Werner, yes, you're absolutely right. I already sent a reply to my own posting, but I forgot to use the correct account so it got stuck on the moderation-list. I wrote and fuxored up the From-header: > I found the problem. It's not gpg's fault but apparently > Thunderbird/Enigmail truncates attachments every now and then. Haven't > found out under what circumstances yet... Will keep you updated though; I bet I'm not the only one with this problem. Thanks anyway, Alex. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iQCVAwUBR1AO+hYlVVSQ3uFxAQJcAAQAicHkSuo0j3JcvGqSBAtdVXHtYShPCoxa x1WbdPaaybpY1KAsFpDQ+sBrvXnFa4pSRZN/NVMwq4d/o6Rqq+zUepQ1eV+WLGSg eM5hHlFwihCkK46uM2JR65cq7MyRLaDHbecb8x9B6zo5QF3+qxEZP0S4IyTdGHwv 8H9MrdhnUMI= =E0nx -----END PGP SIGNATURE----- From alexander.janssen at gmail.com Thu Nov 29 17:45:10 2007 From: alexander.janssen at gmail.com (Alexander W. Janssen) Date: Thu, 29 Nov 2007 17:45:10 +0100 Subject: Strange decryption problem (block_filter read error) In-Reply-To: <474ED9B1.6090504@fsfe.org> References: <474ED9B1.6090504@fsfe.org> Message-ID: <474EEC96.10108@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I found the problem. It's not gpg's fault but apparently Thunderbird/Enigmail truncates attachments every now and then. Haven't found out under what circumstances yet... Thanks anyway ;-) Alex. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iQCVAwUBR07slBYlVVSQ3uFxAQKr/wP/YNl9PzlZRI1HvPjF/gnsERTRkiKLbss7 ZqjXafevTwaFxGiynsUwR5Dr+qN0g57BdtgXLGVYuBxLSFmiYhVeaYuS7BCNz94v 9GS3NYgZLAW6envjvG+K39x/rzGm6GrkhyBadLiqL9c97uChzZT+xae86wUlITC9 8ukRuxqlxvA= =TeNX -----END PGP SIGNATURE-----