From roberthazelett at gmail.com Wed Jul 2 10:29:18 2008 From: roberthazelett at gmail.com (Robert Earl Hazelett) Date: Wed, 2 Jul 2008 16:29:18 +0800 Subject: GnuPG (win32) on a USB stick Message-ID: <000501c8dc1e$03e6dc10$b537093d@RobertHazelett> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello John, I'm a 74 year old retired American writing to you from the island of Luzon in the Philippines. I live in a place called Baguio City. I blundered across an old message on the internet in which, among other things, you apparently said: > I shall Update the Binaries to 1.4.8 tonight and they should > be available by this time tomorrow. Based on the context of the message I infer that you were saying you planned to modify GPG v.1.4.8 in such a way as to make it usable on a USB stick. A kind of latter-day GPG2GO If I am right about that, I ask if that later model of GPG2GO is now available and if you will share a copy of it with me. I've been using the older version (1.4.1) but a few problems developed for me. If you require payment for that later version, and if you will tell me what it is, I will somehow manage to send the money to you. Be aware that I have a PGP package I'd be willing to trade. Using a number of additional programs and a few batch files, I cobbled together an encryption packet using PGP 2.6.3i multi 06 that works quite nicely. Using it from a hard drive is a snap, but it can also be used from a USB stick without leaving traces in the Windows registry. I'm doing essentially the same thing with GPG 1.4.1 except GPG will not securely WIPE a file as PGP will. Nothing is perfect, I guess. :^) Thanks, Bob Hazelett roberthazelett at gmail.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) - GPGshell v3.70 iQEcBAEBAgAGBQJIazveAAoJEGIbHB1h/JPLMRMH/3IX4kUQNmFuOc92D8Gj5DGP vs1uzp4+9tERXG20PJAoVzQJpXK9wHR7SNfcWO/E5RRLGQ8rocDbb2mCstHvuamj BdIhi/O6CX8sQa7sWfvZ0LvwBNBR4f79mjbsp01VR+kGQCMA8Bk44aAiFHvJ6vzg kyYmgWtLJsOWum3LQdg2u/STOzh++7OZeinD4fJx4RqCMyveHu798xwaVE6+AIfH VinoYQ+qMesIkqhxyvIfEHkDSGR5WQR3iaLNcz4vn8rs2gTqkVMVK9RSd/0C5Ps3 rx47YgQre+RQxnp92+bfKJplH4wV8wJoICizi5RiW8qJSOZi0pm/4J4TFBYN4w4= =d176 -----END PGP SIGNATURE----- -------------- next part -------------- An HTML attachment was scrubbed... URL: From vedaal at hush.com Thu Jul 3 00:38:00 2008 From: vedaal at hush.com (vedaal at hush.com) Date: Wed, 02 Jul 2008 18:38:00 -0400 Subject: GnuPG (win32) on a USB stick Message-ID: <20080702223801.81E2BD032F@mailserver10.hushmail.com> Robert Earl Hazelett roberthazelett at gmail.com wrote on Wed Jul 2 10:29:18 CEST 2008 : >I ask if that later model of GPG2GO >is now available unfortunately, Maxine Brandt, the author of GPG2GO passed on ... i have copied and have been updating her site, here: http://www.angelfire.com/mb2/mbgpg2go/tp.html she originally planned for it to be used on a floppy, but it can easily be used on a usb stick i have kept her site as she left it, and put the updates in purple italic print, as additions read both her site and the updates, and you can easily run it from a usb as you have room on the USB, copy all the gnupg files, not just gpg.exe into whatever directory the site instructs you to put gpg.exe as you are using Disastry's PGP, copy the idea.dll also all the caveats about insecure public computers still apply all is completely FREE as per the FSF guidelines Thanks go to the gnupg development team (and remember Maxine in your Prayers/Thoughts/etc. ...) vedaal any ads or links below this message are added by hushmail without my endorsement or awareness of the nature of the link -- Stop foreclosure. Click here to stay in your home and rebuild credit. http://tagline.hushmail.com/fc/Ioyw6h4djyMiaYVDnvrHlxW45kFClmk5TEFrcFXK05t2FkswtsE3S3/ From quasaur at hotmail.com Thu Jul 3 05:05:04 2008 From: quasaur at hotmail.com (Calvin Mitchell) Date: Wed, 2 Jul 2008 23:05:04 -0400 Subject: Recovering Encrypted Zip Message-ID: Platform: Kubuntu 8.0.4 (Hardy Heron) Laptop: Dell Inspiron 1505n (Model PP29L) Processor: Intel? Pentium(R) Dual Core? T2330 (1.60GHz/500Mhz FSB/1MB cache) RAM: 2GB The zipped directory that I need to unencrypt is here: http://www.clmitchell.net/dotnet1/files/hcspry.zip.asc.bz2 This is all the info I have about the key pair I used to encrypt the file: Name: Simple Key Pair Email: calvin674 at clmitchell.net Key ID: C1668441 Fingerprint: 9480886CFB00F63FC903A57BA70645A7C1668441 Passphrase: simple The directory is a web project that I'm working on: http://www.clmitchell.net/hcspry/ If there is anyone that can help me decrypt this file, I would greatly appreciate it. From rjh at sixdemonbag.org Thu Jul 3 05:50:51 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 02 Jul 2008 22:50:51 -0500 Subject: Recovering Encrypted Zip In-Reply-To: References: Message-ID: <486C4C9B.8040807@sixdemonbag.org> Calvin Mitchell wrote: > If there is anyone that can help me decrypt this file, I would greatly > appreciate it. Recovery is not feasible without the private key. From atom at smasher.org Thu Jul 3 05:52:05 2008 From: atom at smasher.org (Atom Smasher) Date: Thu, 3 Jul 2008 15:52:05 +1200 (NZST) Subject: Recovering Encrypted Zip In-Reply-To: References: Message-ID: <20080703035210.62963.qmail@smasher.org> i haven't downloaded the file, but lemme guess... you encrypted a zip file with gpg? then you lost access to the secret key? game over. you lose. to put it in perspective - http://www.schneier.com/blog/archives/2008/06/kaspersky_labs.html http://en.wikipedia.org/wiki/RSA_Factoring_Challenge On Wed, 2 Jul 2008, Calvin Mitchell wrote: > Platform: Kubuntu 8.0.4 (Hardy Heron) > Laptop: Dell Inspiron 1505n (Model PP29L) > Processor: Intel? Pentium(R) Dual Core T2330 (1.60GHz/500Mhz FSB/1MB cache) > RAM: 2GB > > The zipped directory that I need to unencrypt is here: > > http://www.clmitchell.net/dotnet1/files/hcspry.zip.asc.bz2 > > > This is all the info I have about the key pair I used to encrypt the file: > > Name: Simple Key Pair > Email: calvin674 at clmitchell.net > Key ID: C1668441 > Fingerprint: 9480886CFB00F63FC903A57BA70645A7C1668441 > Passphrase: simple > > The directory is a web project that I'm working on: > > http://www.clmitchell.net/hcspry/ > > If there is anyone that can help me decrypt this file, I would greatly > appreciate it. -- ...atom ________________________ http://atom.smasher.org/ 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "I made a pilgrimage to save this human race Never comprehending the race that's long gone by" -- Modern English From rjh at sixdemonbag.org Thu Jul 3 07:04:44 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 03 Jul 2008 00:04:44 -0500 Subject: Recovering Encrypted Zip In-Reply-To: <20080703035210.62963.qmail@smasher.org> References: <20080703035210.62963.qmail@smasher.org> Message-ID: <486C5DEC.1020900@sixdemonbag.org> Atom Smasher wrote: > to put it in perspective - > http://www.schneier.com/blog/archives/2008/06/kaspersky_labs.html > http://en.wikipedia.org/wiki/RSA_Factoring_Challenge You may also find my FAQ to be of interest here: http://sixdemonbag.org/cryptofaq.xhtml#entropy From dkaruppiah at qualedi.com Thu Jul 3 16:44:16 2008 From: dkaruppiah at qualedi.com (Devaraj Karuppiah) Date: Thu, 3 Jul 2008 10:44:16 -0400 Subject: Decryption error (block_filter read error) Message-ID: <000201c8dd1b$455a2410$3801a8c0@qualedi.com> Hi, I'm getting the following error when trying to decrypt a file received through HTTPS on command line: ... gpg: CAST5 encrypted data gpg: block_filter 00AF8A00: read error (size=4245,a->size=1002) Detached signature. Please enter name of data file: No such file, try again or hit enter to quit. Please enter name of data file: gpg: can't hash datafile: file read error gpg: WARNING: message was not integrity protected gpg: block_filter: pending bytes! Sender claims that the signature is attached and this error does not duplicate on all the files received from the same sender. I am using GPG 1.4.2 on windows (tried decrypting on version 1.4.8 too); the sender uses PGP 6.5.8. There is no CRC error reported. Any ideas? Thanks, Devaraj. From naeem.m.afzal at intel.com Thu Jul 3 19:36:48 2008 From: naeem.m.afzal at intel.com (Afzal, Naeem M) Date: Thu, 3 Jul 2008 10:36:48 -0700 Subject: how to get private key In-Reply-To: References: Message-ID: <821A1558D8819A4BB700FFF265F6781F06535C34@orsmsx505.amr.corp.intel.com> Hi I have general question regarding private key security. If a user creates its private public key pair by using some passphrase on a system. Can this pair be taken to a different system and decrypt files that were generated using its public key? My guess is no, but needed to confirm with you guys. If it is possible, then how it will be done, any command to list private key etc. Also how can we protect where no one can steel this private key from a system other than restricting users access to the system? Thanks naeem From JPClizbe at tx.rr.com Thu Jul 3 21:05:12 2008 From: JPClizbe at tx.rr.com (John Clizbe) Date: Thu, 03 Jul 2008 14:05:12 -0500 Subject: how to get private key In-Reply-To: <821A1558D8819A4BB700FFF265F6781F06535C34@orsmsx505.amr.corp.intel.com> References: <821A1558D8819A4BB700FFF265F6781F06535C34@orsmsx505.amr.corp.intel.com> Message-ID: <486D22E8.2010300@tx.rr.com> Afzal, Naeem M wrote: > I have general question regarding private key security. > If a user creates his private public key pair by using some passphrase on a > system. Can this pair be taken to a different system and decrypt files that were > generated using its public key? Certainly, if one also knows the key's passphrase BTW, the passphrase is used to secure the private key, not create it > My guess is no, but needed to confirm with you guys. If it is possible, then > how it will be done, any command to list private key etc. It's as simple as copying the keyring files to a new system, though export/import is the canonical process. > Also how can we protect where no one can steal this private key from a > system other than restricting users access to the system? That is the reason for choosing a strong passphrase for the secret key. Appropriate file permissions also help, but the passphrase is really all you've got against a determined attacker especially if they have access to the computer. -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 677 bytes Desc: OpenPGP digital signature URL: From sseller at usatoday.com Thu Jul 3 20:36:07 2008 From: sseller at usatoday.com (Seller, Scott) Date: Thu, 3 Jul 2008 14:36:07 -0400 Subject: unable to use the public key Message-ID: <5261E3E0DC69AC4F825AA96C5D1D999C15AF5584B9@ENT-MOCEXMB10.us.ad.gannett.com> Hello. I am using gpg v 1.4.7 on Windows. I have successfully traded keys with a vendor I am working with. Gpg insists on using the subkey and will not use the primary key.. here is what I am seeing: gpg -seav -r 3DDD3ABE -u 6BEC8C4E --passphrase "passphrase" "C:\Documents and Settings\user\Desktop\pgptest\test.txt" You need a passphrase to unlock the secret key for user: "USA TODAY " 1024-bit DSA key, ID 6BEC8C4E, created 2008-07-02 gpg: using subkey C970A114 instead of primary key 3DDD3ABE gpg: using classic trust model gpg: This key belongs to us File `C:\\Documents and Settings\\xxx\\Desktop\\pgptest\\test.txt.asc' exists. Overwrite? (y/N) y gpg: writing to `C:\\Documents and Settings\\xxx\\Desktop\\pgptest\\test.txt.asc' gpg: ELG-E/AES256 encrypted for: "C970A114 BOAD072013 " gpg: DSA/SHA1 signature from: "6BEC8C4E USA TODAY " Is there any way around this. The vendor cannot decrypt the file unless I use the primary key. Thanks ______________________________ Scott Seller Senior Business Systems Analyst, Enterprise Solutions USA TODAY 7950 Jones Branch Drive McLean, Virginia 22108 Tel: 703.854.4513 Fax: 703.854.2003 sseller at usatoday.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From hlmuller at yahoo.com Thu Jul 3 20:59:43 2008 From: hlmuller at yahoo.com (Harvey Muller) Date: Thu, 3 Jul 2008 11:59:43 -0700 (PDT) Subject: how to get private key Message-ID: <406193.53029.qm@web53604.mail.re2.yahoo.com> Naeem, It's highly unlikely that an individual would be capable of stealing a secret key and using it to decrypt messages.? A large corporation or government, maybe.? Make your passphrases complex. I'm a little cautious myself with my secret keys, so I use two hardware based approaches to ease my paranoia: 1.? I use an openpgp card to keep my normal signing and encryption subkeys secure. 2.? I keep my main secret key on a usb flash drive, along with backups of my secret subkeys, and public keys. These are useful resources for further reading: http://www.gnupg.org/howtos/card-howto/en/smartcard-howto.html http://fortytwo.ch/gpg/subkeys Best regards, Harvey ----- Original Message ---- > From: "Afzal, Naeem M" > To: "gnupg-users at gnupg.org" > Sent: Thursday, July 3, 2008 1:36:48 PM > Subject: how to get private key > > Hi > > I have general question regarding private key security. > If a user creates its private public key pair by using some passphrase on a > system. Can this pair be taken to a different system and decrypt files that were > generated using its public key? My guess is no, but needed to confirm with you > guys. If it is possible, then how it will be done, any command to list private > key etc. Also how can we protect where no one can steel this private key from a > system other than restricting users access to the system? > > Thanks > naeem > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From dshaw at jabberwocky.com Thu Jul 3 23:10:29 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 3 Jul 2008 17:10:29 -0400 Subject: unable to use the public key In-Reply-To: <5261E3E0DC69AC4F825AA96C5D1D999C15AF5584B9@ENT-MOCEXMB10.us.ad.gannett.com> References: <5261E3E0DC69AC4F825AA96C5D1D999C15AF5584B9@ENT-MOCEXMB10.us.ad.gannett.com> Message-ID: <20080703211029.GC65059@jabberwocky.com> On Thu, Jul 03, 2008 at 02:36:07PM -0400, Seller, Scott wrote: > Hello. I am using gpg v 1.4.7 on Windows. > > I have successfully traded keys with a vendor I am working with. Gpg insists on using the subkey and will not use the primary key.. here is what I am seeing: > > gpg -seav -r 3DDD3ABE -u 6BEC8C4E --passphrase "passphrase" "C:\Documents and Settings\user\Desktop\pgptest\test.txt" > > You need a passphrase to unlock the secret key for > user: "USA TODAY " > 1024-bit DSA key, ID 6BEC8C4E, created 2008-07-02 > > gpg: using subkey C970A114 instead of primary key 3DDD3ABE > gpg: using classic trust model > gpg: This key belongs to us > File `C:\\Documents and Settings\\xxx\\Desktop\\pgptest\\test.txt.asc' exists. Overwrite? (y/N) y > gpg: writing to `C:\\Documents and Settings\\xxx\\Desktop\\pgptest\\test.txt.asc' > gpg: ELG-E/AES256 encrypted for: "C970A114 BOAD072013 " > gpg: DSA/SHA1 signature from: "6BEC8C4E USA TODAY " > > Is there any way around this. The vendor cannot decrypt the file unless I use the primary key. There is confusion here. Your key is a DSA primary. You cannot encrypt to it. It's not a question of GPG disallowing it, it's a question of the math simply not working that way. DSA is not an encryption algorithm. Where is the origin of the belief that the vendor can only decrypt from a primary key? This is directly contrary to the behavior of all known OpenPGP programs (GPG, PGP, etc). David From faramir.cl at gmail.com Fri Jul 4 00:16:14 2008 From: faramir.cl at gmail.com (Faramir) Date: Thu, 03 Jul 2008 18:16:14 -0400 Subject: Recovering Encrypted Zip In-Reply-To: References: Message-ID: <486D4FAE.4030505@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Calvin Mitchell escribi?: > Platform: Kubuntu 8.0.4 (Hardy Heron) > Laptop: Dell Inspiron 1505n (Model PP29L) > Processor: Intel? Pentium(R) Dual Core? T2330 (1.60GHz/500Mhz FSB/1MB > cache) > RAM: 2GB > > The zipped directory that I need to unencrypt is here: > > http://www.clmitchell.net/dotnet1/files/hcspry.zip.asc.bz2 Had you encrypted it with zip built in password stuff, maybe something could have been done... but with gpg... didn't you keep a backup of the keys? How did you lose them? maybe you should try to focus in trying to recover the key pair... Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJIbU+uAAoJEMV4f6PvczxAQM4H/3DXAJOOwfNCcle+NKmBNExJ N918qdGLIIjHE5TwaNgRDrOWo4O2oJ3bFLlb64+ATkLzaDwjOuGUNDSxOQq9Av+L IacKTysAZKnT9cav55c1SSd423RPrFL008EUgK62CAot4G7Wwjfi/HbwX6Yhjx2I fCcqpFKW7b+PjeEmcyGFEp5FaZQdGi6hvROlBism2Qr/qBLzczFN2BlE5apllvLV iBwg+jcwC9W7BVv3fjFFG6Yk696/mLCGBrAP6NRzxe+lF4suWYSaRvJMd4FZB1M6 RGqD4IKkXq3Vz12Hr2kWPrMKSKKlli87QIx0oz7XswwlVcv9P+igjKOVM221qsU= =cwxp -----END PGP SIGNATURE----- From wk at gnupg.org Fri Jul 4 12:47:42 2008 From: wk at gnupg.org (Werner Koch) Date: Fri, 04 Jul 2008 12:47:42 +0200 Subject: Decryption error (block_filter read error) In-Reply-To: <000201c8dd1b$455a2410$3801a8c0@qualedi.com> (Devaraj Karuppiah's message of "Thu, 3 Jul 2008 10:44:16 -0400") References: <000201c8dd1b$455a2410$3801a8c0@qualedi.com> Message-ID: <87iqvm0vu9.fsf@wheatstone.g10code.de> On Thu, 3 Jul 2008 16:44, dkaruppiah at qualedi.com said: > gpg: CAST5 encrypted data > gpg: block_filter 00AF8A00: read error (size=4245,a->size=1002) That looks pretty much like currupted data. Check that you received the message intact, for example by asking the sender to provide a sha1sum and compare that to the sha1sum you got. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From a24061 at ducksburg.com Fri Jul 4 15:07:30 2008 From: a24061 at ducksburg.com (Adam Funk) Date: Fri, 4 Jul 2008 14:07:30 +0100 Subject: Strange problem with seahorse (and consequently enigmail). Message-ID: I have a strange problem with seahorse not working on only one of two Ubuntu computers. The gpg-agent works in the curses-like way when I call gpg in xterm, but seahorse doesn't. (Because seahorse isn't working but Thunderbird enigmail detects the agent running, Enigmail doesn't work either.) The output 'ps aux OT' after logging into GNOME includes these commands (with the same start time, owned by my userid): /usr/bin/gpg-agent --daemon --sh --write-env-file=/home/adam/.gnupg/gpg-agent-info-beetle /usr/bin/seahorse-agent --execute /usr/bin/gnome-session [seahorse-agent] (On the computer that isn't giving me this problem, the first line is the same except for the hostname, but the next line says /usr/bin/seahorse-agent --execute /usr/bin/gnome-session and everything works.) When I try to run 'seahorse-preferences' from a command-line, I get the following errors: ** (seahorse-preferences:11283): CRITICAL **: init_gpgme: assertion `GPG_IS_OK (err)' failed ** (seahorse-preferences:11283): CRITICAL **: seahorse_pgp_source_init: assertion `GPG_IS_OK (err)' failed Segmentation fault I'd be grateful for any suggestions or debugging tips. I'm using gnupg 1.4.8 and the additional packages listed below. I've tried purging and reinstalling most of them. ii gnupg-agent 2.0.7-1 GNU privacy guard - password agent ii gnupg-doc 2003.04.06-6 GNU Privacy Guard documentation ii gnupg2 2.0.7-1 GNU privacy guard - a free PGP replacement ii gpgsm 2.0.7-1 GNU privacy guard - S/MIME version ii gpgv 1.4.6-2ubuntu5 GNU privacy guard - signature verification tool ii libgpg-error0 1.4-2ubuntu7 library for common error values and messages in GnuPG components ii libgpgme11 1.1.5-2ubuntu1 GPGME - GnuPG Made Easy ii pgpgpg 0.13-9 Wrapper for using GnuPG in programs designed for PGP ii python-gnupginterface 0.3.2-9ubuntu1 Python interface to GnuPG (GPG) ii seahorse 2.22.2-0ubuntu1 A Gnome front end for GnuPG From faramir.cl at gmail.com Sat Jul 5 01:06:08 2008 From: faramir.cl at gmail.com (Faramir) Date: Fri, 04 Jul 2008 19:06:08 -0400 Subject: I need a portable GUI for GnuPG Message-ID: <486EACE0.9020105@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello! I have been carrying portable thunderbird with portable gnupg in my flash memory stick, plus GPGShell, and it works fine. But GPGShell licence forbids to redistribute it. The idea is to make that "combo" available for download... it is not making any modification, just saving the "end user" the problem of having to install these apps by themselves (also, to put GPGShell in the flash drive, the user needs to have it already in his computer). So I need another tool to make easy for the user to verify the signature of a file (or to send and receive encrypted email). I am not intending to actually make it available for donwload, just to be able to say "we would use that combo to provide our customers free software capable of dealing with privacy and authenticity, already configured (fool-proof)". But I don't know about other GUI tools available under windows environment (or under any other environment... but I am focusing on windows). Any idea? Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJIbqzgAAoJEMV4f6PvczxAWjIH/0/0Pt4Nutmcb2NF8r1TPRrP ok3g4otxq3+/EHyxz99KvnP35y8gasg299c4q4MKPptRae4Vyd+Zs1rIpu84sfJL OXVL4S89uBAPaCTEURU79G24gWCzL6xNiby4vUny3PP3eTpDP/39+PJRFGODDOIz ovsUTS5v+jngOKi9RVrDVn35l26HFWvecnRiTX9QDCjhIJ1tQcwxEb/NN23g92gf CA+fqLpQQIVDTG18f36AbauFtXQd8Ewnc6Xk4tDyKags/FkMNfPWPPlpjjBNvv1p ap84lRCXAytchPz0d/JkB+xQ5GBMl+FNbJvCi1E/6X31iAiJw23K/3ubRPzGJaw= =4Bgi -----END PGP SIGNATURE----- From bahamutzero8825 at gmail.com Sat Jul 5 07:05:42 2008 From: bahamutzero8825 at gmail.com (Andrew Berg) Date: Sat, 05 Jul 2008 00:05:42 -0500 Subject: I need a portable GUI for GnuPG In-Reply-To: <486EACE0.9020105@gmail.com> References: <486EACE0.9020105@gmail.com> Message-ID: <486F0126.8030305@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Faramir wrote: | Hello! | I have been carrying portable thunderbird with portable gnupg in | my flash memory stick, plus GPGShell, and it works fine. But GPGShell | licence forbids to redistribute it. The idea is to make that "combo" | available for download... it is not making any modification, just saving | the "end user" the problem of having to install these apps by themselves | (also, to put GPGShell in the flash drive, the user needs to have it | already in his computer). You're not allowed to distribute Enigmail (or any other extension) preinstalled with Thunderbird, so even if you get some other frontend for GPG, you still have that problem. - -- Key ID: 0xF88E034060A78FCB Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB Windows NT 6.0.6001 | GPG 1.4.9 | Thunderbird 2.0.0.14 | Enigmail 0.95.6 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBAwAGBQJIbwEmAAoJEPiOA0Bgp4/LAPoH/3zeyl6idwRnBDAaRH7L0cWk kDd8AK4qH5O6cD6Cr7Gyq6WGfDbQPBj6EffkMuWYSvS79yJ8gTuO76sDCn3ijiWj bDx0OM5o2IXhVDXXJJzthgKOaDGVg/XPIfEe3Yfary1CN2YegIH8JSK7R7OU986T xZV6mYC62K9mDM20kKme3FFc1mUYwZNuuPRpn6c1TagiiE4omlHf2rc27vWUIXn4 cBZko9BNuvwSW0G43uyXtLji4oXCJHG7BVL2pkilMgmjH2ZhN2ZCthcGg51unYEe cRfOQQhDUBISZuoSDd6izKJKWHr1sSYy/NL9knWRABMpe/HMsQDtocGPZkkZpDA= =epaK -----END PGP SIGNATURE----- From faramir.cl at gmail.com Sat Jul 5 08:32:51 2008 From: faramir.cl at gmail.com (Faramir) Date: Sat, 05 Jul 2008 02:32:51 -0400 Subject: I need a portable GUI for GnuPG In-Reply-To: <486F0126.8030305@gmail.com> References: <486EACE0.9020105@gmail.com> <486F0126.8030305@gmail.com> Message-ID: <486F1593.5080100@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Andrew Berg escribi?: > Faramir wrote: > | Hello! > | I have been carrying portable thunderbird with portable gnupg in > | my flash memory stick, plus GPGShell, and it works fine. But GPGShell > | licence forbids to redistribute it. The idea is to make that "combo" > | available for download... it is not making any modification, just saving > | the "end user" the problem of having to install these apps by themselves > | (also, to put GPGShell in the flash drive, the user needs to have it > | already in his computer). > You're not allowed to distribute Enigmail (or any other extension) > preinstalled with Thunderbird, so even if you get some other frontend > for GPG, you still have that problem. Good point... however, installing an extension in Thunderbird is a lot easier than installing something in the computer... the main problem is to make gpg +gui available without the need to install (I mean, without the need to use an installer) it... something like a zipped combo... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJIbxWTAAoJEMV4f6PvczxA/SgH/2Sk/uHApxX4A2ucV9WDAFb1 hDgq4CeYrnBQYJPCKe/h/Rw/cXlpcbSJqL9xls3EL7CTH41aykb/OFg1yDeKa1+9 8RRrBOVJis2KVokM+/VRDNS93r18CPIwGjlTgC2BuXGuoFH/J0RpiajwvKwdAF/+ /YIfgouQ2u2a7Z5kpRqIW3cAZ0yg/+Apb/jPf8SXy0XaxBja32DevyDjRa66RY2F cQtSRVmzvz6dcaRcv0nKLP2K9iOkEgIud5XbZSh3MhceY7veCMVp8tcvPWKtPSOj rN5M4bAqGWHkVbij3C6ihHux9yGGGlEq9hVQWncowN7eEnZ+SfbKmW2RQn9KrKw= =05SD -----END PGP SIGNATURE----- From decouk at gmail.com Sat Jul 5 19:59:38 2008 From: decouk at gmail.com (Andre Amorim) Date: Sat, 5 Jul 2008 18:59:38 +0100 Subject: I need a portable GUI for GnuPG In-Reply-To: <486F1593.5080100@gmail.com> References: <486EACE0.9020105@gmail.com> <486F0126.8030305@gmail.com> <486F1593.5080100@gmail.com> Message-ID: Have you checked: http://portableapps.com/support/thunderbird_portable#encryption Also I trying to get gpg safer while using it as portable app. This is a nice freeware tool to avoid keyloggers. http://www.aplin.com.au/?page_id=246 But It was discussed here before. If you have no control on your hardware, you cannot have your keys safer. [s] Andre Amorim. 2008/7/5 Faramir : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Andrew Berg escribi?: >> Faramir wrote: >> | Hello! >> | I have been carrying portable thunderbird with portable gnupg in >> | my flash memory stick, plus GPGShell, and it works fine. But GPGShell >> | licence forbids to redistribute it. The idea is to make that "combo" >> | available for download... it is not making any modification, just saving >> | the "end user" the problem of having to install these apps by themselves >> | (also, to put GPGShell in the flash drive, the user needs to have it >> | already in his computer). >> You're not allowed to distribute Enigmail (or any other extension) >> preinstalled with Thunderbird, so even if you get some other frontend >> for GPG, you still have that problem. > > Good point... however, installing an extension in Thunderbird is a lot > easier than installing something in the computer... the main problem is > to make gpg +gui available without the need to install (I mean, without > the need to use an installer) it... something like a zipped combo... > > Best Regards > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iQEcBAEBCAAGBQJIbxWTAAoJEMV4f6PvczxA/SgH/2Sk/uHApxX4A2ucV9WDAFb1 > hDgq4CeYrnBQYJPCKe/h/Rw/cXlpcbSJqL9xls3EL7CTH41aykb/OFg1yDeKa1+9 > 8RRrBOVJis2KVokM+/VRDNS93r18CPIwGjlTgC2BuXGuoFH/J0RpiajwvKwdAF/+ > /YIfgouQ2u2a7Z5kpRqIW3cAZ0yg/+Apb/jPf8SXy0XaxBja32DevyDjRa66RY2F > cQtSRVmzvz6dcaRcv0nKLP2K9iOkEgIud5XbZSh3MhceY7veCMVp8tcvPWKtPSOj > rN5M4bAqGWHkVbij3C6ihHux9yGGGlEq9hVQWncowN7eEnZ+SfbKmW2RQn9KrKw= > =05SD > -----END PGP SIGNATURE----- > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- Andre Amorim GnuPG KEY: 2048R/3E10FF47 Download: http://pgp.zdv.uni-mainz.de:11371/pks/lookup?op=get&search=0x7C3B77763E10FF47 From rjh at sixdemonbag.org Sat Jul 5 20:12:56 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 05 Jul 2008 13:12:56 -0500 Subject: I need a portable GUI for GnuPG In-Reply-To: References: <486EACE0.9020105@gmail.com> <486F0126.8030305@gmail.com> <486F1593.5080100@gmail.com> Message-ID: <486FB9A8.9000300@sixdemonbag.org> Andre Amorim wrote: > But It was discussed here before. > If you have no control on your hardware, you cannot have your keys safer. I would actually recommend against "anti-keylogger" tools like that. Psychologists tell us that human beings tend not to be risk-averse so much as risk-adjusting. For instance, one result of air bags becoming common automotive equipment is people began to drive faster. If you decide "well, if I _have_ to use an untrusted machine, then at least I'll be using an on-screen keyboard", that's all well and good. But it's a very, very small cognitive leap from that to "I can use this untrusted machine, after all, I'll be using an on-screen keyboard," which is really stupid. Better to not use the tool at all, and retain your sense of healthy paranoia. From faramir.cl at gmail.com Sun Jul 6 03:29:36 2008 From: faramir.cl at gmail.com (Faramir) Date: Sat, 05 Jul 2008 21:29:36 -0400 Subject: I need a portable GUI for GnuPG In-Reply-To: References: Message-ID: <48702000.70302@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Laurent Jumet escribi?: > > Hello Faramir ! >> Good point... however, installing an extension in Thunderbird is a lot >> easier than installing something in the computer... the main problem is >> to make gpg +gui available without the need to install (I mean, without >> the need to use an installer) it... something >> like a zipped combo... > > I understand what you mean: you'd like a shell with no installation that > could replace the command line. Exactly... mainly, to make easier to verify signed files. I am working on an eCommerce project, and I want to use gpg to secure comunications and to check integrity of downloads from the site. However, that site will never "be real", I just have to show it working (I have it hosted in my own computer), hear the teacher saying "it looks good, approved", and then I will forget everything about it :-P Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJIcCAAAAoJEMV4f6PvczxAXB0H/j8n2gh0Vt/Nt+j/zWs+/Cwy 0H58mrrC0npbvVR3zua67vaJi9dcMEfreX1d+Sr+pjimHgz9pkB31JCe0u7q+JQv r/wAWPPtyow7bw0oZkN1YgYCaB1TvtR/4OR6jQWU0zqlpmg2Cg5i1s4dOIZdvnJ9 8uwaSFfwhO6eehGQ2SCQPf0IlsolL3FsBr68/pjh8zFfC7AI3YOM15sa9COy+7JR CUQ/SFCKAIziBzcDPqNMTqUtUmPZm4kcWf9FbCEu9Ed1dCwWsLt0a2tjR0it9Phi IrBtTCuY9Nlg4RNq1qF9MsjBkP9/2sJ4lXPmVIGefjuRjgoSo0afrLNw+hiJwME= =+P3R -----END PGP SIGNATURE----- From faramir.cl at gmail.com Sun Jul 6 04:30:23 2008 From: faramir.cl at gmail.com (Faramir) Date: Sat, 05 Jul 2008 22:30:23 -0400 Subject: I need a portable GUI for GnuPG In-Reply-To: References: <486EACE0.9020105@gmail.com> <486F0126.8030305@gmail.com> <486F1593.5080100@gmail.com> Message-ID: <48702E3F.6000507@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Andre Amorim escribi?: > Have you checked: > http://portableapps.com/support/thunderbird_portable#encryption > Yes, I love portable TB with portable gpg... but the problem is the user would have ot go to command prompt to check a signed file... something that most people probably wont do. Ok, I know most people wont care about the signature... but I just need to be able to say "I have covered the authenticity problem with... and the software is free, and friendly enough to be used by anybody" (if I say "and the user just need to go to command prompt and..." I would get the following answer "do you seriously think the user will bother himself to go to the command prompt? probably the user won't even know what is a command prompt") > Also I trying to get gpg safer while using it as portable app. This is > a nice freeware tool to avoid keyloggers. > http://www.aplin.com.au/?page_id=246 Nice! I saw something like that as a plugin for keepass, but it uses the windows keyboard on screen, and do some thing to the registry... so that plugin is not so portable... I will try this one. Anyway, my current problem requires portable apps, not to be able to use the software "anywhere", but to avoid the need to install things... I think people is much more likely to use these tools if they read "download it, unzip it, and you are ready to use it... if you no longer want it on your computer, just delete the folder, nothing is stored in your registry", than if they read "go to gnupg.org, locate the most recent windows installer (don't be afraid about the source codes... that is mainly for linux people and developers). Then go to mozilla.org, and... then install all that and..." > But It was discussed here before. > If you have no control on your hardware, you cannot have your keys safer. Yes, that is true... I don't carry the primary key in the usb memory stick, and I usually just use it on friend's computers, my friends usually know how to stay free from virus and other unwanted stuff... Best Regards >>>> | I have been carrying portable thunderbird with portable gnupg in >>>> | my flash memory stick, plus GPGShell, and it works fine. But GPGShell >>>> | licence forbids to redistribute it. The idea is to make that "combo" >>>> | available for download... it is not making any modification, just saving >>>> | the "end user" the problem of having to install these apps by themselves >>>> | (also, to put GPGShell in the flash drive, the user needs to have it >>>> | already in his computer). >>>> You're not allowed to distribute Enigmail (or any other extension) >>>> preinstalled with Thunderbird, so even if you get some other frontend >>>> for GPG, you still have that problem. > Good point... however, installing an extension in Thunderbird is a lot > easier than installing something in the computer... the main problem is > to make gpg +gui available without the need to install (I mean, without > the need to use an installer) it... something like a zipped combo... -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJIcC4/AAoJEMV4f6PvczxAXjIH/iT8ZkrgvKw3UDxjihgGG2H1 yxZITyO8DNagKTV2hr2/izLb9wJakVU87GwoA3qc5ap2bnhS0/wRrkCp5l3x8kyO 3Tp0OPeMN1ej+JQ5I/+cV9CFRz62lwO5jxRp+Cj7wXuQBW7Jz8xA0iLayAeqAmSX NQHaQ/b8N7z3wZe5UOE0Pq9pckIxqrX+sVFf7iGmEtH9VVPLZmZxLTUbRdUQvNdJ W9KjJP39TrvmNHgDrjeu0Dsd6+DOpzov8DC/Cg6ntnKanSblebzGiB4gI65ISeV2 KbQKR4EJUv3U0m4YdaByIwZQ3YkuItJBL8z8XMJ8FDrxFZVVdbUPgr/NDz+nkas= =OEvP -----END PGP SIGNATURE----- From faramir.cl at gmail.com Sun Jul 6 04:50:44 2008 From: faramir.cl at gmail.com (Faramir) Date: Sat, 05 Jul 2008 22:50:44 -0400 Subject: I need a portable GUI for GnuPG In-Reply-To: <486FB9A8.9000300@sixdemonbag.org> References: <486EACE0.9020105@gmail.com> <486F0126.8030305@gmail.com> <486F1593.5080100@gmail.com> <486FB9A8.9000300@sixdemonbag.org> Message-ID: <48703304.4010508@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Robert J. Hansen escribi?: > Andre Amorim wrote: >> But It was discussed here before. >> If you have no control on your hardware, you cannot have your keys safer. > > I would actually recommend against "anti-keylogger" tools like that. > > Psychologists tell us that human beings tend not to be risk-averse so > much as risk-adjusting. For instance, one result of air bags becoming > common automotive equipment is people began to drive faster. That is bad... but I know somebody who crashed her car at less than 40 km/h (less than 25 mph) and bruised he face against the wheel... maybe an airbag would have avoided that... (I don't know what amount of deaceleration is required to activate the airbag) so, I welcome airbags and anti-keyloggers... and try to don't depend on them... > If you decide "well, if I _have_ to use an untrusted machine, then at > least I'll be using an on-screen keyboard", that's all well and good. That is the idea ;) > But it's a very, very small cognitive leap from that to "I can use this > untrusted machine, after all, I'll be using an on-screen keyboard," > which is really stupid. We could say the same about the use of condoms to prevent ADIS... people should keep always in mind the fact that we can lower the risks, but not suppress them... well, I will try the anti-keylogger, for myself, but I don't intend to promote it's use among people I don't know and won't hear about the risks about untrusted machines. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJIcDMEAAoJEMV4f6PvczxAb94H/iNKH808VbMdPppP1wb0H+h0 npZatsl8Q1VCUvmahSOwcIwXZCE2R+iQ7EBE4xjUUxV/Plr5+X0xQ4a42ta9VA4r 9F6dwfV9tiATZmVzJp2GelQAmXxYRlTkazTPL9z0IvZWPAVMPQ+tU7m0s1qjJO4f ST9ek2GB4ITLXCcw1QwDoLwXAF/0bpIuCCvQ2OSjpcCO5j4nUiUTGUy77lfaV127 Ff3x7FOMJ+q+UCzt2WqQYZUCof1SeyQthLxQEr81uNFBysvXpNX9Q5p64YoRf4kq cS8ankkOSBk01JxMjQpVsx1xsoVJvebK+ZKOLJ9B/v9sgh0XTsLdUplmtWS3KTI= =8mCH -----END PGP SIGNATURE----- From laurent.jumet at skynet.be Sun Jul 6 08:49:35 2008 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Sun, 06 Jul 2008 08:49:35 +0200 Subject: I need a portable GUI for GnuPG In-Reply-To: <48702000.70302@gmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hello Faramir ! Faramir wrote: >> I understand what you mean: you'd like a shell with no installation >> that could replace the command line. > Exactly... mainly, to make easier to verify signed files. I am working > on an eCommerce project, and I want to use gpg to secure comunications > and to check integrity of downloads from the site. However, that site > will never "be real", I just have to show it working (I have it hosted > in my own computer), hear the teacher saying "it looks good, approved", > and then I will forget everything about it :-P I would make a batch for that. - -- Laurent Jumet KeyID: 0xCFAF704C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) iHEEAREDADEFAkhwbGUqGGh0dHA6Ly93d3cucG9pbnRkZWNoYXQubmV0LzB4Q0ZB RjcwNEMuYXNjAAoJEPUdbaDPr3BMKR0AnRU6ZhBXQURB7xwP4GBj0qM52c7KAKDz unUWfiCBbLttG4UUcwYng0sVfQ== =2Ews -----END PGP SIGNATURE----- From wk at gnupg.org Sun Jul 6 15:22:27 2008 From: wk at gnupg.org (Werner Koch) Date: Sun, 06 Jul 2008 15:22:27 +0200 Subject: I need a portable GUI for GnuPG In-Reply-To: <486F0126.8030305@gmail.com> (Andrew Berg's message of "Sat, 05 Jul 2008 00:05:42 -0500") References: <486EACE0.9020105@gmail.com> <486F0126.8030305@gmail.com> Message-ID: <87d4lrw3jg.fsf@wheatstone.g10code.de> On Sat, 5 Jul 2008 07:05, bahamutzero8825 at gmail.com said: > You're not allowed to distribute Enigmail (or any other extension) > preinstalled with Thunderbird, so even if you get some other frontend > for GPG, you still have that problem. That is not really true. Thunderbird is free Software and one of the most important properties of Free Software is that you are allowed to distribute modified copies. But beware, the Mozilla Corporation has a trademark on the name of Thunderbird and that allows them to deny you the right to use the name "Thunderbird" in any context related to trademark laws. To make things easier for you you can just grab the Icedove package from Debian: Icedove is an unbranded Thunderbird mail client suitable for free distribution. The goal of Thunderbird is to produce a cross platform stand- alone mail application using the XUL user interface language. and distribute that along with Enigmail included. Or use Claws-mail instead of Icedove. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From a24061 at ducksburg.com Sun Jul 6 15:17:47 2008 From: a24061 at ducksburg.com (Adam Funk) Date: Sun, 6 Jul 2008 14:17:47 +0100 Subject: Strange problem with seahorse (and consequently enigmail). Message-ID: [Note: I posted this to the Ubuntu-users list recently too. Apologies to those who have already seen it.] I have a strange problem with seahorse not working on only one of two Ubuntu computers. The gpg-agent works in the curses-like way when I call gpg in xterm, but seahorse doesn't. (Because seahorse isn't working but Thunderbird enigmail detects the agent running, Enigmail doesn't work either.) The output 'ps aux OT' after logging into GNOME includes these commands (with the same start time, owned by my userid): /usr/bin/gpg-agent --daemon --sh --write-env-file=/home/adam/.gnupg/gpg-agent-info-beetle /usr/bin/seahorse-agent --execute /usr/bin/gnome-session [seahorse-agent] (On the computer that isn't giving me this problem, the first line is the same except for the hostname, but the next line says /usr/bin/seahorse-agent --execute /usr/bin/gnome-session and everything works.) When I try to run 'seahorse-preferences' from a command-line, I get the following errors: ** (seahorse-preferences:11283): CRITICAL **: init_gpgme: assertion `GPG_IS_OK (err)' failed ** (seahorse-preferences:11283): CRITICAL **: seahorse_pgp_source_init: assertion `GPG_IS_OK (err)' failed Segmentation fault I'd be grateful for any suggestions or debugging tips. I'm using gnupg 1.4.8 and the additional packages listed below. I've tried purging and reinstalling most of them. ii gnupg-agent 2.0.7-1 GNU privacy guard - password agent ii gnupg-doc 2003.04.06-6 GNU Privacy Guard documentation ii gnupg2 2.0.7-1 GNU privacy guard - a free PGP replacement ii gpgsm 2.0.7-1 GNU privacy guard - S/MIME version ii gpgv 1.4.6-2ubuntu5 GNU privacy guard - signature verification tool ii libgpg-error0 1.4-2ubuntu7 library for common error values and messages in GnuPG components ii libgpgme11 1.1.5-2ubuntu1 GPGME - GnuPG Made Easy ii pgpgpg 0.13-9 Wrapper for using GnuPG in programs designed for PGP ii python-gnupginterface 0.3.2-9ubuntu1 Python interface to GnuPG (GPG) ii seahorse 2.22.2-0ubuntu1 A Gnome front end for GnuPG From faramir.cl at gmail.com Sun Jul 6 15:54:05 2008 From: faramir.cl at gmail.com (Faramir) Date: Sun, 06 Jul 2008 09:54:05 -0400 Subject: I need a portable GUI for GnuPG In-Reply-To: References: Message-ID: <4870CE7D.5000604@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Laurent Jumet escribi?: > >>>> Exactly... mainly, to make easier to verify signed files. I am working >>>> on an eCommerce project, and I want to use gpg to secure comunications >>>> and to check integrity of downloads from the site. However, that site >>>> will never "be real", I just have to show it working (I have it hosted >>>> in my own computer), hear the teacher saying "it looks good, approved", >>>> and then I will forget everything about it :-P >>> I would make a batch for that. > >> How would it be? > > I'm not using COMMAND.COM/CMD.EXE; since years, I use 4DOS/4NT > For both, you need a training by yourself. You can do almost everything > you'd like, from the command line. > I wrote a message to Roger Sondermann, the author of GPGShell, asking him > if it's possible to run it from a FlashKey without any interaction with the > local HD. I tried batch files some years ago... about 10 years ago... but never knew "complex" commands... so I don't have any idea how to make it read a parameter, like the name of the file to verify. Yes, it is very possible, he made a utility named copy2usb that takes the files of your local gpg and gpgshell, and copy them to the usb flash stick. But you require to have an installed copy of those programs... and the licence forbids to distribute the copied files... of course, since my teacher probably doesn't even know the existence of these programs (probably he knows about pgp, but I doubt he knows about gpg), I could lie and say it is possible to distribute such package... but I don't want to do that. If I cant find a work around this, I will just say the company will provide support to the customers willing to use these programs... after all, we have a support forum, it wouldn't be a problem to give basic support for gpg... (and since there won't be any real customer, there won't be complex problems to solve :-P ). Maybe I can do something in VB.net something to pass the parameters to gpg... Best Regards P.S: sorry to extend too much this subject... my team mates have done an excellent work with the theory part of the project (cashflow and such things), so I really want to be able to do a good work with the commerce portal... I think we already have the best implementation of all the tools required (we even got the SSL certificate, and it's not self signed... no ugly "phishing" warnings), but... I am still nervous... -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJIcM59AAoJEMV4f6PvczxAuIoIAI7Daf76RYYrTL6E2cDry16V 1dAxHaUczPxs8S6DRE+9LPlBQEtjC/7urS6/PeqOJaNosWezs1bnZp20C10YgHP0 Ta0Cum3e793fyEr12GxJHcR5Rb1RR3qsRIYZD6Lm6ego8djhXmuDtV9Y/KGL5CJk kGhuusMeGdS1bXI0Gg5KHX7nFfMGRPDsSmgOAMBl+7o5xrmWFZJ87zHIr9oYucQM nJsZh3sT/m6NaZXPQkY+CUt4afgSLhC1Z4I3fuibHFmcehz97nac//RJyDCcSGBR 5Im16LzvF3SMZxLnsJRfrOgIgXDuqSs3Ii8AyfxUfipmyW8CqqDEnb3BO+Grnuc= =haxf -----END PGP SIGNATURE----- From jmoore3rd at bellsouth.net Sun Jul 6 16:53:35 2008 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Sun, 06 Jul 2008 10:53:35 -0400 Subject: I need a portable GUI for GnuPG In-Reply-To: <4870CE7D.5000604@gmail.com> References: <4870CE7D.5000604@gmail.com> Message-ID: <4870DC6F.7010105@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Faramir wrote: > Yes, it is very possible, he made a utility named copy2usb that takes > the files of your local gpg and gpgshell, and copy them to the usb flash > stick. But you require to have an installed copy of those programs... > and the licence forbids to distribute the copied files Have You contacted Roger Sonderman & explained the nature of Your Project requesting permission to 'share/distribute' in the context of Your Project? He has a 'Contact Me' link on His site and You may be surprised to learn that Roger is actually a very pleasant & helpful fellow. JOHN ;) Timestamp: Sunday 06 Jul 2008, 10:53 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.5.0-svn4754: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: TokBox: http://www.tokbox.com/John234 Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJIcNxtAAoJEBCGy9eAtCsPER0H/R7eJ6a+ghmZD04+2NhDuWkC L6aantKyp9gesoH1jLqD0ZcpjQdjvFFx4TmXczfY7KtEweIwVEatI6oZpVgdjbmb WvV9KKXqEPNf78KsxiU83Cv4+aliGLTfKXpTCA/pIlba351I6AQ+HizS5b52Mxg3 QhnV8DOWcN/aI1XySyVtiSlorNobCPr85lNQJpZ69FQHpRfXTlhGMiH1dELR62mP O524Te9MgSCFD6FbswSXlo+j76Wyw4pntTMo90CATZMrqTtBIFfydSptMESVmDLt VZhamdcK2tEmIPcuYfIOjV2cyXqgoukGY7RKh+rK3/0l4fzhIBssmFE4rwD99jc= =XW8M -----END PGP SIGNATURE----- From faramir.cl at gmail.com Sun Jul 6 17:36:18 2008 From: faramir.cl at gmail.com (Faramir) Date: Sun, 06 Jul 2008 11:36:18 -0400 Subject: I need a portable GUI for GnuPG In-Reply-To: <4870DC6F.7010105@bellsouth.net> References: <4870CE7D.5000604@gmail.com> <4870DC6F.7010105@bellsouth.net> Message-ID: <4870E672.5030903@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 John W. Moore III escribi?: >> stick. But you require to have an installed copy of those programs... >> and the licence forbids to distribute the copied files > > Have You contacted Roger Sonderman & explained the nature of Your > Project requesting permission to 'share/distribute' in the context of > Your Project? Well... no... since he chose to don't allow distribution of it (unless it is in a magazine's CD... but not in a CD without a magazine), I supposed it was no point asking... after all, it is not even the installer file, it would be a copy of the installed files... > He has a 'Contact Me' link on His site and You may be surprised to learn > that Roger is actually a very pleasant & helpful fellow. Yes, indeed, and he answers very fast... I contacted him a few days ago, when I was trying to figure how to give gpg a relative path (but a path to a parallel folder, not for a subfolder...). Maybe the trees are not allowing me to see the forest... I thought it would be easier to find a tool for this... since I had heard "there are several GUIs for gpg". But maybe I should think about this subject in a different way... maybe use gpg for emails, and sha1 for files... there are a lot of tools for sha, md5, etc verification... and let advanced users to verify the signatures using the command console, if they want to. I will try to check if my pathetic programmer skill is enough to make that simple GUI (it just have to pick the name, and call gpg.exe giving the parameters...) Thanks for all the help provided (that goes to all the list members), you are great, I got a lot of answers... a lot more than a whole month of answers in other lists. Best regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJIcOZyAAoJEMV4f6PvczxAmvgH/0xW+ubr7l1gMModv/+feFuh lr3sFw/WkB1qyZ6BV8AuXj1jSHLCPmQl0w+/bT52Z5b+OnAkV66q2ErY6rdr01OM Gd3ZijBEEN95Z8K4SFBAtbZqbv8vM5LC6VnGN2I+2Dr8XpvkeHH6JGYvP++jv2Ty Wa+bvU7oqIbDebKdtE4sh8ubehcAJChbY4nOXCgFLXxrsrzOLArrrmxPHqMn1e0P 1+TgtQPHDJ5jBJN6/4tHPHytCVB8DyAX/TWMVRsXmVsHhKVrXgQIyARG9PaSmQeA e0/qPD8q+AjbtvSNo/lTCi99/ezKbO1gSgjNxJu/uOw32aGakItbYK/t0dYfo2Y= =zPwh -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Sun Jul 6 18:05:45 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 06 Jul 2008 11:05:45 -0500 Subject: I need a portable GUI for GnuPG In-Reply-To: <4870E672.5030903@gmail.com> References: <4870CE7D.5000604@gmail.com> <4870DC6F.7010105@bellsouth.net> <4870E672.5030903@gmail.com> Message-ID: <4870ED59.7010307@sixdemonbag.org> Faramir wrote: > Well... no... since he chose to don't allow distribution of it (unless > it is in a magazine's CD... but not in a CD without a magazine), I > supposed it was no point asking... after all, it is not even the > installer file, it would be a copy of the installed files... As a general rule, you can get away with murder as long as you show people that you've done your homework. If you write a courteous note and explain "yes, I understand your general policy is [insert policy here] because [insert reasons here], but I was hoping that since my use is a little different, you might be willing to consider granting me permission." Seriously. Be polite, understand that you're asking him for a favor, don't second-guess someone's decisions, and you can get away with _anything_. :) > Maybe the trees are not allowing me to see the forest... I thought it > would be easier to find a tool for this... since I had heard "there are > several GUIs for gpg". But maybe I should think about this subject in a > different way... maybe use gpg for emails, and sha1 for files... there > are a lot of tools for sha, md5, etc verification... and let advanced > users to verify the signatures using the command console, if they want to. Or say "to hell with it, I'm going to use S/MIME". S/MIME has the major advantage of pretty much every mail client supporting it out-of-the-box. The end users would need to download nothing. From laurent.jumet at skynet.be Sun Jul 6 20:41:19 2008 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Sun, 06 Jul 2008 20:41:19 +0200 Subject: Portable SHELL... Message-ID: Hello ! The author of GPGShell reminds that since version 3.50, it's possible to install GPGShell in a portable form, using Copy2USB -- Laurent Jumet KeyID: 0xCFAF704C From faramir.cl at gmail.com Mon Jul 7 01:36:18 2008 From: faramir.cl at gmail.com (Faramir) Date: Sun, 06 Jul 2008 19:36:18 -0400 Subject: Portable SHELL... In-Reply-To: References: Message-ID: <487156F2.3090305@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Laurent Jumet escribi?: > Hello ! > > The author of GPGShell reminds that since version 3.50, it's possible to install GPGShell in a portable form, > using Copy2USB Yes, that is true, but as far as I know, each end user must do it by themselves... and that is what I'd like to avoid (to make the user to install GnuPG, gpgshell, and then make them portable). Anyway, maybe other members of the list would find that info interesting, as I found it when I saw it, some time ago. Thanks for your help, now I don't feel so lone with my "problem" ;) Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJIcVbxAAoJEMV4f6PvczxAKm8H+wXizlEcqE0sFvCwWwGhjLZU A3mDHG7LiGzQJ/TxiBMU1xKHEmkNdx06wxX4EuMMcDJLDetOSaEC7D2RojGufVxL 1wHJon9kzNs3p06ozPQKfRFkkGPgDT05iENVGCdjsAlMN/8+m8nEkKLlp/0pFWQb uknq3ED9BuEhrF1QiCdcSOx+6g9+a4wUN75flz2NmtfeFgNUS/g6JJsPjHU4CRNA b/3r2JHjjn54AVkO/kaf1tqjY+hxjhNeXS1rDa1y/TBb7oDjRqTJwMEqAeyo35Nc MG23FokX9nIirt38Md/+wgE+1AFiAcdkIJSOnuXS8cBGlUTgP1LALQ58e/Q11mo= =hUKb -----END PGP SIGNATURE----- From bahamutzero8825 at gmail.com Mon Jul 7 09:15:19 2008 From: bahamutzero8825 at gmail.com (Andrew Berg) Date: Mon, 07 Jul 2008 02:15:19 -0500 Subject: I need a portable GUI for GnuPG In-Reply-To: <87d4lrw3jg.fsf@wheatstone.g10code.de> References: <486EACE0.9020105@gmail.com> <486F0126.8030305@gmail.com> <87d4lrw3jg.fsf@wheatstone.g10code.de> Message-ID: <4871C287.2020302@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Werner Koch wrote: | Thunderbird is free Software and one of the | most important properties of Free Software is that you are allowed to | distribute modified copies. | | But beware, the Mozilla Corporation has a trademark on the name of | Thunderbird and that allows them to deny you the right to use the name | "Thunderbird" in any context related to trademark laws. To make things | easier for you you can just grab the Icedove package from Debian: | | Icedove is an unbranded Thunderbird mail client suitable for free | distribution. The goal of Thunderbird is to produce a cross platform stand- | alone mail application using the XUL user interface language. | | and distribute that along with Enigmail included. Even if the whole point of Icedove is to have a purely unmodified Thunderbird that is unencumbered by the trademark restrictions (which may very well be the case; I am not familiar with the Icedove project), most people will either not know/understand that, want the official artwork, or both. - -- Key ID: 0xF88E034060A78FCB Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB Windows NT 6.0.6001 | GPG 1.4.9 | Thunderbird 2.0.0.14 | Enigmail 0.95.6 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBAwAGBQJIccJrAAoJEPiOA0Bgp4/Li3kH/2d+awrjDfMABRCgKtn6fbXB 7HDrDjtb0KJCiCLdAqQDWepbg7i2GVuWe6aDh4b2a20GGWzovfI9tRE25+9nGQS8 75U90oTbicAOEigRbkfx0f6oBUrugOKsaIBx7i6BkhjBuDAWiSnISZi3tYqwcQHp zPttELIJngdqGbnS/lPoTvFFqqR6Rq7/URRKsAXVlbPrg8/AvFdr2ufuG/H4CICi YdPPnHw+Tb7RNFCJr+YR54JpiOl5lhKW0z83lm8YLkH3/Qg0rY8IOa+Y3vjZLMYK SUqeeC6CjPmBvlonSUN0E6A+KApBBvuXh1590UaUOiedLj42lM07utDUaPEf5u8= =jwkd -----END PGP SIGNATURE----- From dkaruppiah at qualedi.com Mon Jul 7 16:11:42 2008 From: dkaruppiah at qualedi.com (Devaraj Karuppiah) Date: Mon, 7 Jul 2008 10:11:42 -0400 Subject: Decryption error (block_filter read error) In-Reply-To: <87iqvm0vu9.fsf@wheatstone.g10code.de> Message-ID: <000401c8e03b$61e02170$3801a8c0@qualedi.com> How do I compute sha1sum in GPG? I can't seem to find an option that computes sha1sum in the GPG manual. Thanks, Devaraj. -----Original Message----- From: Werner Koch [mailto:wk at gnupg.org] Sent: Friday, July 04, 2008 6:48 AM To: dkaruppiah at qualedi.com Cc: gnupg-users at gnupg.org Subject: Re: Decryption error (block_filter read error) On Thu, 3 Jul 2008 16:44, dkaruppiah at qualedi.com said: > gpg: CAST5 encrypted data > gpg: block_filter 00AF8A00: read error (size=4245,a->size=1002) That looks pretty much like currupted data. Check that you received the message intact, for example by asking the sender to provide a sha1sum and compare that to the sha1sum you got. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From rjh at sixdemonbag.org Mon Jul 7 18:53:35 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 07 Jul 2008 11:53:35 -0500 Subject: Decryption error (block_filter read error) In-Reply-To: <000401c8e03b$61e02170$3801a8c0@qualedi.com> References: <000401c8e03b$61e02170$3801a8c0@qualedi.com> Message-ID: <48724A0F.1080101@sixdemonbag.org> Devaraj Karuppiah wrote: > How do I compute sha1sum in GPG? gpg --print-md sha1 [filename] From reynt0 at cs.albany.edu Mon Jul 7 21:10:26 2008 From: reynt0 at cs.albany.edu (reynt0) Date: Mon, 7 Jul 2008 15:10:26 -0400 (EDT) Subject: I need a portable GUI for GnuPG In-Reply-To: <486FB9A8.9000300@sixdemonbag.org> References: <486EACE0.9020105@gmail.com> <486F0126.8030305@gmail.com> <486F1593.5080100@gmail.com> <486FB9A8.9000300@sixdemonbag.org> Message-ID: On Sat, 5 Jul 2008, Robert J. Hansen wrote: . . . > If you decide "well, if I _have_ to use an untrusted machine, then at > least I'll be using an on-screen keyboard", that's all well and good. . . . FWIW as a generaI comment because I haven't looked at the prog in question: Aren't on-screen keyboards and similar vulnerable to sniffers of video memory? Or, I suppose, less straightforward, to the current very sensitive recorders and evaluators of any light variations, including of video screen display content reflected off walls many meters away from the recorder? From rjh at sixdemonbag.org Mon Jul 7 22:38:17 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 07 Jul 2008 15:38:17 -0500 Subject: I need a portable GUI for GnuPG In-Reply-To: References: <486EACE0.9020105@gmail.com> <486F0126.8030305@gmail.com> <486F1593.5080100@gmail.com> <486FB9A8.9000300@sixdemonbag.org> Message-ID: <48727EB9.9010503@sixdemonbag.org> reynt0 wrote: > FWIW as a generaI comment because I haven't looked at the > prog in question: Aren't on-screen keyboards and similar > vulnerable to sniffers of video memory? Don't know, don't care. This entire discussion is analogous to talking about the pros and cons of bringing a condom with you on a trip to Zimbabwe. Your best defense against disease is to not expose yourself to disease vectors. The instant a person says "well, it's okay to have a one-night stand with a random person in Zimbabwe, because after all, I've got a condom" is the instant I stand up and walk away. You see, I'm allergic to folly and I need to find an epipen before anaphylaxis sets in. Your best defense against malware is to not expose yourself to it. This much is plainly obvious. The instant a person says "well, it's okay to use a portable GnuPG on a USB token and plug it into random public kiosks which are probably malware-infested, because after all, I'm using anti-keylogger software" is the instant I dial 911, because I don't think the epipen is gonna save me. I am not opposed to portable applications. If you regularly walk around from one trusted machine to another to another, like I do in my daily work, then it can be handy and safe to have apps preinstalled on a portable drive. But the way some people are talking about using it ... it just unnerves me. Badly. From kevhilton at gmail.com Wed Jul 9 17:05:16 2008 From: kevhilton at gmail.com (Kevin Hilton) Date: Wed, 9 Jul 2008 10:05:16 -0500 Subject: GPG2 compile problems on cygwin Message-ID: <96c450350807090805w6c2e609dgce1473df5809c55a@mail.gmail.com> Perhaps the belongs in development section. Again have never successfully compiled gpg2 for cygwin. I'm trying to compile gnupg2 svn version 4797. I'm getting following error (I've received same error with many of previous revisions also:) libcommon.a(libcommon_a-convert.o): In function `do_bin2hex': /home/klal/temp/gnupg/gpg2/common/convert.c:120: undefined reference to `_gcry_m alloc' Is there something I can do to help with the debugging of this error? Thanks for any suggestions. -- Kevin Hilton -------------- next part -------------- An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Wed Jul 9 18:32:50 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 09 Jul 2008 11:32:50 -0500 Subject: GPG2 compile problems on cygwin In-Reply-To: <96c450350807090805w6c2e609dgce1473df5809c55a@mail.gmail.com> References: <96c450350807090805w6c2e609dgce1473df5809c55a@mail.gmail.com> Message-ID: <4874E832.3060400@sixdemonbag.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Kevin Hilton wrote: > Again have never successfully compiled gpg2 for cygwin. I'm trying to > compile gnupg2 svn version 4797. I'm getting following error (I've > received same error with many of previous revisions also:) At present, the only supported way to build GnuPG on Windows is to do a cross-compile from a UNIX running the GNU toolchain. If you're dead-set on doing this from Cygwin (not recommended), I would suggest beginning on an official GnuPG 2.x release. If SVN builds fail to compile, this could be because of something you're doing wrong, or it could be because the SVN code doesn't build. Most development crews try to keep SVN code in a buildable state, but problems have been known to arise. Learn the process for building a released version of GnuPG 2.x via Cygwin and/or MinGW. Once you can do that reliably, then you can apply those same skills to the SVN branch if you want. -----BEGIN PGP SIGNATURE----- iFYEAREIAAYFAkh06DEACgkQf2XByo0Cu7OAeQDeLGBDhGOBGQ0MGzoObHNuDqNU gH0ejK5HjelSOgDcCJ6VylE8CVcRfgN8Rq4GUSe9hz6Fab562D8AuYkBHAQBAQgA BgUCSHToMQAKCRC3APSC/q+BCcjFB/9D+PxLhwdC0y/CcUpya23gPZubiTwq+xvU nteXtGd2rXL92CqskK09SwY4lxZNGwyhKO5q/ZjFya+IHqhllomiZkY/u9XnFShc GkYCobX2edPxyu7C18sW/SweUxFoQ4QUb9qsafhVlgDU2Ab2f+g5W7Xf24yFMny9 mLnu7tB1AlNgjIACAERxX60jqXDuiNuXzUF+H0gsy7GfbO5S+U4hdmLafxqqky4d 8q6+GGk4LeO7aDXWEDuuTxa4Q2GbUjDhMTBpNulFHlNOykzX6M/u0PAPJyeWeWpN dZfXPVxLJBm3dJK7SlGfE5XaMd3KfXzdCEDm3Z0+ZkKpecbvpOeB =Ehit -----END PGP SIGNATURE----- From naeem.m.afzal at intel.com Thu Jul 10 03:50:22 2008 From: naeem.m.afzal at intel.com (Afzal, Naeem M) Date: Wed, 9 Jul 2008 18:50:22 -0700 Subject: key generation in a script or non interactive mode? Message-ID: <821A1558D8819A4BB700FFF265F6781F0666EADF@orsmsx505.amr.corp.intel.com> Hi guys, I am trying to write a bash script to generate key pairs, but not having any luck. It always goes to interactive mode when you run this script. Does GPG has command line way to generate public/private key pair? This is what I wrote: #!/bin/bash gpg --gen-key < References: <821A1558D8819A4BB700FFF265F6781F0666EADF@orsmsx505.amr.corp.intel.com> Message-ID: On Jul 9, 2008, at 9:50 PM, Afzal, Naeem M wrote: > Hi guys, > > I am trying to write a bash script to generate key pairs, but not > having any luck. It always goes to interactive mode when you run > this script. Does GPG has command line way to generate public/ > private key pair? This is what I wrote: Please read the section "Unattended key generation" in doc/DETAILS. David From JPClizbe at tx.rr.com Thu Jul 10 05:41:52 2008 From: JPClizbe at tx.rr.com (John Clizbe) Date: Wed, 09 Jul 2008 22:41:52 -0500 Subject: GPG2 compile problems on cygwin In-Reply-To: <96c450350807090805w6c2e609dgce1473df5809c55a@mail.gmail.com> References: <96c450350807090805w6c2e609dgce1473df5809c55a@mail.gmail.com> Message-ID: <48758500.8070404@tx.rr.com> Kevin Hilton wrote: > Perhaps the belongs in development section. Ummm, yeah. It does. > Again have never successfully compiled gpg2 for cygwin. I'm trying to > compile gnupg2 svn version 4797. I'm getting following error (I've > received same error with many of previous revisions also:) You should take that as a sign. The canonical response here is that building for Win32 is only supported on Gnu/Linux systems using the MinGW cross-compile environment. It took a LOT of effort on the 1.3 tree to get GnuPG 1 to build cleanly on an MSYS hosted MinGW. Even then, there were still small nits that showed up and were fixed later. Before building trunk head revisions, it's best to first verify that you have a working build environment by building a release version using release, not development, versions of any dependent libraries. Building from the svn head is for folks who know about the pitfalls of life on the Bleeding Edge of software development. They also know why it's called Bleeding and they're willing to deal/live with those reasons. > libcommon.a(libcommon_a-convert.o): In function `do_bin2hex': > /home/klal/temp/gnupg/gpg2/common/convert.c:120: undefined reference to > `_gcry_malloc' From just a cursory look, it looks like the linker isn't finding libgcrypt. Did you build and install it? Where? Which library is configure finding and where? If it's finding a Cygwin copy, have you installed the dev package for it... Have you tried telling configure to look in some other location, eg --with-=/usr/local ? There's nothing in 2.x that I need so I haven't invested effort in getting it built/running on any of my Windows boxen, so there's not much specific guidance I can furnish. AIR, There are "latest & greatest" GnuPG 2.0 Win32 binaries at the GPG4Win site -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP "what's the key to success?" / "two words: good decisions." "what's the key to good decisions?" / "one word: experience." "how do i get experience?" / "two words: bad decisions." Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 654 bytes Desc: OpenPGP digital signature URL: From n00bical at gmail.com Thu Jul 10 10:16:00 2008 From: n00bical at gmail.com (Sander de Bakker) Date: Thu, 10 Jul 2008 10:16:00 +0200 Subject: make data available for a certain amount of time Message-ID: <9c8606aa0807100116u4017ea40v483ce1408984c577@mail.gmail.com> Hello list, I want to know if it is possible with gpg to offer data for a certain amount of time. I want to do the following : I create a website and pack it in a zip file when a complete stranger opens the website in the zip it checks for a valid key on a keyserver. when they key is valid the site opens when the key is invalid the website never opens and the contentfiles of the website in the zipfile cannot be accessed in any way thanks in advance for your replies n00bical -------------- next part -------------- An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Thu Jul 10 11:33:35 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 10 Jul 2008 04:33:35 -0500 Subject: make data available for a certain amount of time In-Reply-To: <9c8606aa0807100116u4017ea40v483ce1408984c577@mail.gmail.com> References: <9c8606aa0807100116u4017ea40v483ce1408984c577@mail.gmail.com> Message-ID: <4875D76F.1000003@sixdemonbag.org> Sander de Bakker wrote: > I want to know if it is possible with gpg to offer data for a certain > amount of time. No. From faramir.cl at gmail.com Thu Jul 10 13:04:16 2008 From: faramir.cl at gmail.com (Faramir) Date: Thu, 10 Jul 2008 07:04:16 -0400 Subject: make data available for a certain amount of time In-Reply-To: <9c8606aa0807100116u4017ea40v483ce1408984c577@mail.gmail.com> References: <9c8606aa0807100116u4017ea40v483ce1408984c577@mail.gmail.com> Message-ID: <4875ECB0.2000406@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Sander de Bakker escribi?: > Hello list, > > I want to know if it is possible with gpg to offer data for a certain > amount of time. > > I want to do the following : > > I create a website and pack it in a zip file > when a complete stranger opens the website in the zip it checks for a > valid key on a keyserver. > > when they key is valid the site opens > when the key is invalid the website never opens and the contentfiles of > the website in the zipfile cannot be accessed in any way > > thanks in advance for your replies You need DRM software... I have tried Locklizard, it looks very good... and very expensive too. I am still thinking there may be a cheaper alternative... but I think it is unlikely to find a Gnu version of those programs... ok, I know free software doesn't mean absence of copyright, but I *feel* Gnu people would focus the subjet in a different way... it's not something I can express with words, just a "feeling". What locklizard does, it is to encrypt the document, lets say, a pdf file, which now can only be open with a special (free) viewer... basically, a pdf viewer with other functions (FileOpen, another DRM company, uses a pluging for adobe acrobat reader). The viewer checks for a user ID in the computer (which is sent to the user, and I don't know how do it identifies the computer... but supposedly, it can't be copied to another computer), and then connects to an internet hosted database, checks the user rights to access the document, and then grant or deny the document. It can be configured to restrict some rights, or everything, and also the frequency (for each document) the reader checks the current status of the user, in the online database. They have solutions for websites too, but I don't know how does it work. I write this just to see if this is what you need... and maybe somebody will say: "hey, you are wrong, there are free software alternatives for that". Best Regards P.S: sorry for the off topic, I don't intend to keep on the subject, unless it returns to gpg, or unless other people is not against this subject. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJIdeywAAoJEMV4f6PvczxAVJYH/189egiTEFAa2Zq+WFF3lKps 3+uuhwvPkq3sVin+wraQbE/YUeDtEnZvbnPk0LDF+q0xLDn4i5GS/tVDxZBYWA5k GterPmFCLPBhQSUR3BxojdMjZFQC7NIWVLOGhiKXlhgJnLHZ+KSRONI7xkJ98Zkm W/He+xo79SC8tJYbBW1fSVYenhiE0Thq4b/wHzuCi/9sTQOeVfssCpK6uAp5hdRG fmJZcYhjkXjh1rQwdDrAmp2mCaNMc+4y3fKjfZEjcG5gWnvEF+4sX3nj/oL3GXx/ 1FYLoa+HMvtkLb/ECk3EwxgNoQ/RPzloH6kXw8ZM+KuzQ16/VlDovYoBiGm9zC0= =xWM5 -----END PGP SIGNATURE----- From n00bical at gmail.com Thu Jul 10 14:32:20 2008 From: n00bical at gmail.com (Sander de Bakker) Date: Thu, 10 Jul 2008 14:32:20 +0200 Subject: make data available for a certain amount of time In-Reply-To: <4875ECB0.2000406@gmail.com> References: <9c8606aa0807100116u4017ea40v483ce1408984c577@mail.gmail.com> <4875ECB0.2000406@gmail.com> Message-ID: <9c8606aa0807100532h1d1a95a9o266604e60abdfd95@mail.gmail.com> Hello Faramir and Robert, thank you for the responses. I want everyone to be able to acces the data as long as the data is valid. When the data becomes invalid i want it to be inaccesible for everyone. I want to control and force when the data should be invalid, i was thinking of using the expiration of a gpg key. Any suggestions are appreciated. N00bical On 7/10/08, Faramir wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Sander de Bakker escribi?: > > Hello list, > > > > I want to know if it is possible with gpg to offer data for a certain > > amount of time. > > > > I want to do the following : > > > > I create a website and pack it in a zip file > > when a complete stranger opens the website in the zip it checks for a > > valid key on a keyserver. > > > > when they key is valid the site opens > > when the key is invalid the website never opens and the contentfiles of > > the website in the zipfile cannot be accessed in any way > > > > thanks in advance for your replies > > You need DRM software... I have tried Locklizard, it looks very > good... and very expensive too. I am still thinking there may be a > cheaper alternative... but I think it is unlikely to find a Gnu version > of those programs... ok, I know free software doesn't mean absence of > copyright, but I *feel* Gnu people would focus the subjet in a different > way... it's not something I can express with words, just a "feeling". > > What locklizard does, it is to encrypt the document, lets say, a pdf > file, which now can only be open with a special (free) viewer... > basically, a pdf viewer with other functions (FileOpen, another DRM > company, uses a pluging for adobe acrobat reader). The viewer checks for > a user ID in the computer (which is sent to the user, and I don't know > how do it identifies the computer... but supposedly, it can't be copied > to another computer), and then connects to an internet hosted database, > checks the user rights to access the document, and then grant or deny > the document. It can be configured to restrict some rights, or > everything, and also the frequency (for each document) the reader checks > the current status of the user, in the online database. They have > solutions for websites too, but I don't know how does it work. > > I write this just to see if this is what you need... and maybe > somebody will say: "hey, you are wrong, there are free software > alternatives for that". > > Best Regards > > P.S: sorry for the off topic, I don't intend to keep on the subject, > unless it returns to gpg, or unless other people is not against this > subject. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iQEcBAEBCAAGBQJIdeywAAoJEMV4f6PvczxAVJYH/189egiTEFAa2Zq+WFF3lKps > 3+uuhwvPkq3sVin+wraQbE/YUeDtEnZvbnPk0LDF+q0xLDn4i5GS/tVDxZBYWA5k > GterPmFCLPBhQSUR3BxojdMjZFQC7NIWVLOGhiKXlhgJnLHZ+KSRONI7xkJ98Zkm > W/He+xo79SC8tJYbBW1fSVYenhiE0Thq4b/wHzuCi/9sTQOeVfssCpK6uAp5hdRG > fmJZcYhjkXjh1rQwdDrAmp2mCaNMc+4y3fKjfZEjcG5gWnvEF+4sX3nj/oL3GXx/ > 1FYLoa+HMvtkLb/ECk3EwxgNoQ/RPzloH6kXw8ZM+KuzQ16/VlDovYoBiGm9zC0= > =xWM5 > -----END PGP SIGNATURE----- > -------------- next part -------------- An HTML attachment was scrubbed... URL: From bhushan1988 at gmail.com Thu Jul 10 15:40:07 2008 From: bhushan1988 at gmail.com (Bhushan Jain) Date: Thu, 10 Jul 2008 19:10:07 +0530 Subject: File Extensions supported by GnuPG..... Message-ID: <62fd3c0a0807100640u72b75761h636d6224b3fe2f14@mail.gmail.com> Hi, I am using Bouncy Castle Libraries(a JAVA library for PGP encryption(rfc2440)) for encrypting the files. If I use any other extension than .gpg for the output encrypted file and try to decrypt the file using command-line GnuPG the following error message is shown:-------- Unknown Suffix. Now if I change just the extension of the same encrypted file to .gpg and then try to decrypt using GnuPG, it works fine. Also, due to similar experiences what I have understood is that GnuPG supports following extensions for following cases:--- Encryption-----> .gpg Sign--------------> .asc I don't know if my understanding is correct or not. Can someone please state clearly which extensions are supported by GnuPG for following file types:-------- 1. Encrypt only 2. Sign only 3. Encrypt and sign Thanks, ----------------- Bhushan Jain -------------- next part -------------- An HTML attachment was scrubbed... URL: From vedaal at hush.com Thu Jul 10 17:49:17 2008 From: vedaal at hush.com (vedaal at hush.com) Date: Thu, 10 Jul 2008 11:49:17 -0400 Subject: make data available for a certain amount of time Message-ID: <20080710154918.569F0D032F@mailserver10.hushmail.com> >Message: 6 >Date: Thu, 10 Jul 2008 10:16:00 +0200 >From: "Sander de Bakker" >Subject: make data available for a certain amount of time >I create a website and pack it in a zip file >when a complete stranger opens the website in the zip it checks >for a valid key on a keyserver. >when they key is valid the site opens >when the key is invalid the website never opens and the >contentfiles of website in the zipfile cannot be accessed in any way a workaround can be done to do what you want, but requires some input on your part assuming the visitor to the website does not know which key on which webserver is being checked, and you are not worried about people on the keyserver deliberately interfering with your site you can do the following: [1] let the passphrase for the zipfile be the hashfile of your public key block of the key on your keyserver [2] when someone tries to access your site, arrange for your site to get the key from the keyserver, and hash the public key, and enter the hash as passphrase for the zipfile [3] whenever you want to stop access, add a subkey to your key, and upload it to the keyserver the hash will change, and the zipfile won't decrypt vedaal any ads or links below this message are added by hushmail without my endorsement or awareness of the nature of the link -- Hit it out of the park with a new bat. Click now! http://tagline.hushmail.com/fc/Ioyw6h4fAyoZU3DmUvpqkQxJjzzLBUKz2fZdIRBjvh0trk3S1i2gAf/ From f_philipp at fastmail.net Thu Jul 10 18:14:27 2008 From: f_philipp at fastmail.net (Florian Philipp) Date: Thu, 10 Jul 2008 18:14:27 +0200 Subject: make data available for a certain amount of time In-Reply-To: <9c8606aa0807100532h1d1a95a9o266604e60abdfd95@mail.gmail.com> References: <9c8606aa0807100116u4017ea40v483ce1408984c577@mail.gmail.com> <4875ECB0.2000406@gmail.com> <9c8606aa0807100532h1d1a95a9o266604e60abdfd95@mail.gmail.com> Message-ID: <20080710181427.5272f409@NOTE_GENTOO64.PHHEIMNETZ> On Thu, 10 Jul 2008 14:32:20 +0200 "Sander de Bakker" wrote: > Hello Faramir and Robert, > > thank you for the responses. > > I want everyone to be able to acces the data as long as the data is > valid. When the data becomes invalid i want it to be inaccesible for > everyone. > > I want to control and force when the data should be invalid, i was > thinking of using the expiration of a gpg key. > > Any suggestions are appreciated. > > N00bical What I've seen once was a self-extracting archive built with bash. It was basically a bash-script with some binary data attached to it. It was created with something like: #!/bin/bash cat script.sh archive.tar > archive.sh The script did something like #!/bin/bash tail -n 30 archive.sh | tar x That way you could all sorts of things like contacting a server, checking the date and so forth. Of course, things get a bit ugly as soon as it has to run on Windows. In that case I'd use Java and put the data and the script into a jar. Of course, that way you can't lock the file completely (at least, not so easy) but you can warn the user that it's outdated. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From naeem.m.afzal at intel.com Thu Jul 10 20:04:39 2008 From: naeem.m.afzal at intel.com (Afzal, Naeem M) Date: Thu, 10 Jul 2008 11:04:39 -0700 Subject: key generation in a script or non interactive mode? In-Reply-To: <0F1EBE8E-FF43-4BE3-B11A-0C93CB9E2DFD@jabberwocky.com> References: <821A1558D8819A4BB700FFF265F6781F0666EADF@orsmsx505.amr.corp.intel.com> <0F1EBE8E-FF43-4BE3-B11A-0C93CB9E2DFD@jabberwocky.com> Message-ID: <821A1558D8819A4BB700FFF265F6781F0666EFB0@orsmsx505.amr.corp.intel.com> Thanks, that was exactly what I was looking for. I followed the instructions in the doc, and it works on Ubuntu host as user, but if I chroot to a filesystem within this host, I get the following error within chroot'd filesystem: user at ubuntu-host$ sudo chroot ~/target/fs root at ubuntu-host# cat >foo <Please read the section "Unattended key generation" in doc/DETAILS. > >David From faramir.cl at gmail.com Thu Jul 10 21:14:51 2008 From: faramir.cl at gmail.com (Faramir) Date: Thu, 10 Jul 2008 15:14:51 -0400 Subject: make data available for a certain amount of time In-Reply-To: <20080710154918.569F0D032F@mailserver10.hushmail.com> References: <20080710154918.569F0D032F@mailserver10.hushmail.com> Message-ID: <48765FAB.6080100@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 vedaal at hush.com escribi?: >> I create a website and pack it in a zip file >> when a complete stranger opens the website in the zip it checks >> for a valid key on a keyserver. > >> when they key is valid the site opens >> when the key is invalid the website never opens and the >> contentfiles of website in the zipfile cannot be accessed in any > way > > > a workaround can be done to do what you want, > but requires some input on your part > > assuming the visitor to the website does not know which key on > which webserver is being checked, > and you are not worried about people on the keyserver deliberately > interfering with your site > > you can do the following: > > [1] let the passphrase for the zipfile be the hashfile of your > public key block of the key on your keyserver > > [2] when someone tries to access your site, > arrange for your site to get the key from the keyserver, and hash > the public key, and enter the hash as passphrase for the zipfile > > [3] whenever you want to stop access, > add a subkey to your key, and upload it to the keyserver > > the hash will change, > and the zipfile won't decrypt Then, he can store the hash in a txt file in a protected folder of the server, and the website can check it... but then... why don't you just remove the zip file, if it becomes invalid? Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJIdl+rAAoJEMV4f6PvczxApR4H/R8jfhxJvS5dGTXIQlepFUu8 B3ZtoEBOiuieSxexNShIgBNmDyocf7teDlitaLnjE864IXsnCSpjpJ9wVQWbk71H oBXxYqA9E3CklTtkVGf4SK6XrWhQg+tHO+VP53iYszHT/uolhc5pDRhewNbUTGyv bZc2LwyHTLC17faJXdJgEIkbo678zRovu5c5Ycu0jdWXtjZ0rmo+rWglDNnceEfT iINgljABUYckqGysvU2WcWk36KpqoWohZpX7RAGJTafbuO8c3AHGdyt6gzCouPyV V1SfR9appkdDgNm0MZ2z6Y6J3SVTI4aGkbDiNr/3CFNFFfCafPrwSyySumwpr5Q= =Ljf1 -----END PGP SIGNATURE----- From faramir.cl at gmail.com Thu Jul 10 21:11:26 2008 From: faramir.cl at gmail.com (Faramir) Date: Thu, 10 Jul 2008 15:11:26 -0400 Subject: File Extensions supported by GnuPG..... In-Reply-To: <62fd3c0a0807100640u72b75761h636d6224b3fe2f14@mail.gmail.com> References: <62fd3c0a0807100640u72b75761h636d6224b3fe2f14@mail.gmail.com> Message-ID: <48765EDE.2030306@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Bhushan Jain escribi?: > Also, due to similar experiences what I have understood is that GnuPG > supports following extensions for following cases:--- > > Encryption-----> .gpg > > Sign--------------> .asc > > I don't know if my understanding is correct or not. Can someone please > state clearly which extensions are supported by GnuPG for following file > types:-------- > > 1. Encrypt only > 2. Sign only > 3. Encrypt and sign As far as I know (mainly, by checking and unchecking the "Armored ASCII" option in gpgshell, .gpg files can be encrypted or signed (or detached signature) files... and .asc are also those kind of files, but with the "standard" extension, used by pgp. In other words, gpg files are for use with gpg (and programs gpg compatible... like uncompressing a zip file using winrar), and asc files are for any program capable of openpgp standard... But I may be wrong about the compatibility thing. I am sure about you can chose if you want to use gpg file extension, or asc file extension, to perform the same task. Best Regards... -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJIdl7eAAoJEMV4f6PvczxAzSUH/j6a1X0mNhfb97kiXJnDDL5V HKqON6iiakFgHdBJhduHhMhCZRyYyE3y71/VbvOPj5DPee35b6O68L1rjHc6rLHr iOFXCFUqhlmXw+Vrt16XPe6gUlKmSr5mF+3DjRmxGyEoZTN2+u2Yi+Wt+6SsSdWe PZajHJ02pVGyTMMFFIj6W6Hkof56RLqVkliscbwFEnQ2u8HGd7cOz9V2AX6dRFKy 1S1uLJ30cQxvuXUX6ZcFPXRDeap0pwZzSPNyyAUYBDjtIhVuJQbyqHJajMWPh8Av Qw668QywQ6QSlu4B35jT1Ncp17mEYEocxAbE7zPBx262KZDgzg4QYXykFgF9MMw= =x3ps -----END PGP SIGNATURE----- From naeem.m.afzal at intel.com Thu Jul 10 23:41:01 2008 From: naeem.m.afzal at intel.com (Afzal, Naeem M) Date: Thu, 10 Jul 2008 14:41:01 -0700 Subject: key generation in a script or non interactive mode? In-Reply-To: <821A1558D8819A4BB700FFF265F6781F0666EFB0@orsmsx505.amr.corp.intel.com> References: <821A1558D8819A4BB700FFF265F6781F0666EADF@orsmsx505.amr.corp.intel.com> <0F1EBE8E-FF43-4BE3-B11A-0C93CB9E2DFD@jabberwocky.com> <821A1558D8819A4BB700FFF265F6781F0666EFB0@orsmsx505.amr.corp.intel.com> Message-ID: <821A1558D8819A4BB700FFF265F6781F0666F396@orsmsx505.amr.corp.intel.com> Ok, I was able to resolve this issue. I have to set HOME=/root inside the shell to get it going. Now I have new problem, script runs ok from within this chroot fs, but when keys generation process just hangs with statement: "Not enough random bytes available. Please do some other work....(Need 284 more bytes)" How can I force it to complete it? Regards naeem >-----Original Message----- >From: gnupg-users-bounces at gnupg.org [mailto:gnupg-users-bounces at gnupg.org] >On Behalf Of Afzal, Naeem M >Sent: Thursday, July 10, 2008 11:05 AM >To: David Shaw; gnupg-users at gnupg.org >Subject: RE: key generation in a script or non interactive mode? > >Thanks, that was exactly what I was looking for. I followed the >instructions in the doc, and it works on Ubuntu host as user, but if I >chroot to a filesystem within this host, I get the following error within >chroot'd filesystem: > > From dshaw at jabberwocky.com Fri Jul 11 02:25:55 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 10 Jul 2008 20:25:55 -0400 Subject: key generation in a script or non interactive mode? In-Reply-To: <821A1558D8819A4BB700FFF265F6781F0666F396@orsmsx505.amr.corp.intel.com> References: <821A1558D8819A4BB700FFF265F6781F0666EADF@orsmsx505.amr.corp.intel.com> <0F1EBE8E-FF43-4BE3-B11A-0C93CB9E2DFD@jabberwocky.com> <821A1558D8819A4BB700FFF265F6781F0666EFB0@orsmsx505.amr.corp.intel.com> <821A1558D8819A4BB700FFF265F6781F0666F396@orsmsx505.amr.corp.intel.com> Message-ID: <412127D6-9160-476A-BE96-641FF5A86BF6@jabberwocky.com> On Jul 10, 2008, at 5:41 PM, Afzal, Naeem M wrote: > > Ok, I was able to resolve this issue. I have to set HOME=/root > inside the shell to get it going. Now I have new problem, script > runs ok from within this chroot fs, but when keys generation process > just hangs with statement: > > "Not enough random bytes available. Please do some other work.... > (Need 284 more bytes)" > > > How can I force it to complete it? Your entropy source dried up. Normally I'd suggest wiggling the mouse or poking at the keyboard to make some more entropy, but if you're running completely unattended that may be hard (you may not even have a mouse on that box). There is a good article on entropy gathering on Linux (I'm assuming you are running Linux here) at http://lwn.net/Articles/283103/ David From jhs at berklix.org Fri Jul 11 02:32:35 2008 From: jhs at berklix.org (Julian Stacey) Date: Fri, 11 Jul 2008 02:32:35 +0200 Subject: GPG encryption of binary sample requested. (fwd) Message-ID: <200807110032.m6B0WZDa059518@fire.js.berklix.net> Hi gnupg-users at gnupg.org Could a few people please post to list saying they will private mail me (off list) some encrypted binary junk please ? If you have a Microsoft PC, so much the better, (I'm using FreeBSD, but want to verify against an MS sender, though BSD or Linux sender etc also useful). Examples of junk to send: dd if=/dev/random of=junk count=20000 /boot/kernel/kernel or just some large .exe or other jubk, even pictures or music, or random binary archive of ... I don't care what, so long as its binary not text. Please also mail some cheksum output eg one of md5 junk # or kernel sha1 /boot/kernel/kernel sha256 /boot/kernel/kernel rmd160 /boot/kernel/kernel I'd like to prove my FreeBSD can receive large encrypted binary from MS, as: I have an MS sender who can't mail me large encrypted binaries, I get gpg: fatal: zlib inflate problem: invalid code lengths set secmem usage: 2048/4000 bytes in 4/9 blocks of pool 5120/32768 I'm receiving Content-Transfer-Encoding: 7bit I suspect it's not his Microsoft as such failing to send, but likely his MS mailer &/or corporate defaults or gateway failing to ascii armour & encrypt in right order. I send large base64 encrypted binaries OK using exmh & gpg. I append my GPG public key, as a MIME enclosure, to make it easy to click & save, (but guessing the mailman will chop that), indented for edit below, & also here http://www.berklix.org/~jhs/txt/pgp.html Thanks for any help ! Julian S. XX -----BEGIN PGP PUBLIC KEY BLOCK----- XX Version: GnuPG v1.4.5 (FreeBSD) XX XX mQGiBEhGVO0RBACs/CNBqX/SNaNyC4PgddejxSaqQ2saMPRD2op46RYaP8ce/wIP XX 67ckuNiHzpWQ0hA9nYsLkLAff8LFtLPpr9PsQr+efV5Q4EO7t9ddLTJA5lSUjegy XX QHf14FAMqQIiKgQkwRU8K3bXBZJUEAuuBjU/0Q0w5W4PmEsbRrMnNC4HxwCg0Ibi XX Y8hO0al6w62f5YbaAy2ruK8D/AuYqWmtKgiAHpjqSrCeqL0y7pR86cKiziqQLAbF XX fZtFn9Fmz34GjvhO3cHCE95teK9pTLN0P89dNp6X4XWqy/v3F3Vl9LAWGDkqiLbf XX Kk/bF0ucbg363LrTljcel6R1uqA0XP3yWXi8rTpcX/AnZ14i0+7AjsVJKXA5D9L3 XX tIyyA/sGZT8PXx6JEg25VwDgUrgx4+WvNzpyOxJeG4BdEnvw+tVdwo880Jkvlju+ XX uCwY7d8+j8nRMtr0a0EulhSy3eoPXaw07yR0Sdp3UDii6KZGu8EYalV8ouqXURU/ XX hykHLLtC6oO6x/Ep/fQxjWF64G58FeCZ1bFNmjl++YO/IJz3ibQzSnVsaWFuIEgu XX IFN0YWNleSAoMjAwODA2MDQxMDM5MTApIDxqaHNAYmVya2xpeC5vcmc+iGAEExEC XX ACAFAkhGVO0CGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRCMDdcn+Ybf4WpM XX AJ900uoDXQ1hqinNCF8AzWhj9LmYxgCfe63Lu6uU9nEc7AZoIVzMH7yd9BK5Ag0E XX SEZU8BAIAL3lH3/O1xzCe9XX1omUf1CVuQe02W0CPJkM0s/VaGsBViLQlMoltyud XX zXQXGB0Oa/9n+sRIKIOz/tSbCvLSyw42fO6inp1Vxn+/02SGwz9bKiWTYdW4gaJI XX 0Z3DA8n97gw8PTwP0s5GinrC5CfjHBFRHrPUHmlgb6hoFCHk3ZEISxAfU6bxixnH XX x+yJ2KVz0OPMdULhuDLP45Ep+pgjRQ6+haD1x/pPoKmSeYT+gHAeZ7gLysSLGIhw XX hCmYN1fQqwU+DC5Yd5uRJ6sEkMMRMEOWStgWkEOyGrhE8P3FwvwCC1OBRrvlmyYt XX 2JRdvuejHkU1BGRohgngDohqVp/gMsMAAwUH/ApINMJyU6zCuzjgYyk5TzzT/kEG XX XBBQ01E3TM9WstukoO+3+fku3dpYIsWchJLsvYM5j23KmRQCTpvR9zyHY9U1SeIF XX yqDEbrV9TWigUzKhEJ2qpTXmC7WuHdFB0Vt/S3yKC8GU4uZUz5KSH9x+8BOUF3rB XX 9a3jGODcwqPLKuQYubrJtzAMx/ZRgLyCiVQ98KoddyEFpb0Tw/hA1FYGMNCjFHia XX IrBcF+2AFOC+AYI40/hRTsj/oZuDoqWUebjm1oWD5TBVql/r332qn8lmDJGWmTAr XX YWZgqHBs4JvmYbRz0DtU8ezTBDbLOqCXh3Wmmc9l8gDp0D4gEmMCdzOlvgqISQQY XX EQIACQUCSEZU8AIbDAAKCRCMDdcn+Ybf4ePTAJ91bvPB230c2pD9NrNTORkY3USu XX bACgoYGo20521SC+5VgIdR4CCtmVIQqZAaIESEU9aREEALlbkl1Ae2TkpsFUa0J7 XX pU4LOz5TvQ5Y+mORLB6t9HhiP//jWX59DNogFCrt6CvKiX36PjUV+OZtAnMAbf8w XX 8x/vjMEl3gqhS/ZaWFvLsAGtRtgvP2GXT0GaINjAFmUuYTy+OjxbXkeU+H7cmH73 XX nMSPdYpn9Hgct1TfXrnNrVY3AKD01Da5Q4dOnUJvH6XDnkfQlnW2WwP/aAMUCIjI XX eiP0Q3QjbRWp/0LFlimN1BFAVcRI807IlsJ/7dobw9ZatC4ZEmitcSNhUTR/jyZ+ XX fyzPdA/6tAUFpySzO/UOWibPaTkpbOZsjq8S+VmjWEF0wpAHXS//Hk/94VeQA+jN XX C+c2E6qc05PZTYW1ne+Iu71zTpoWWwifhb8D/jB/tButD7aSo8T+sKChzUWFOyGg XX pp9fYlE/p7iQtOI5taPPlToXXb6ze3kUwmlEn/wkJPycAQCo/RPuqfy2RQ1iyWSv XX JmiA+55SczzTnRbjMUGcGLj3pzxPr0FqXulJJCtkghFBvMYa/80S68ujWKk0PvC+ XX 7LMaXRG4iXHJ6KmptCJKdWxpYW4gSC4gU3RhY2V5IDxqaHNAYmVya2xpeC5jb20+ XX iGAEExECACAFAkhFPWkCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRCl8u02 XX NZE4NLtxAJ9BSPEzsPp+zNBxdPXgtAdXfogiYQCeMOh4o+RsomG1k03D8aaGWwiP XX fCK5Ag0ESEU9bxAIALdUwOKz0sRO89+Qr4woCislFbVMpoYTMcafodbs18ROkaR/ XX MGtfAnNT/ZgdmvRIAe94LtE1GgNrf20DFNyctM5A09j4wVqGZfR0rbMYhlQ147dY XX siblTeZQEUHHb86esNzP3aETKK97d4VSrpnIETzqWWFq/j8tl3psRrjZ0gOwjSp8 XX OpcSCFIXqjYnyaGh7iRfQbBRRxU8B39/LnSpi10h+MvtY1ijuMgFElA4IiLD5f0D XX wNkNsiOT7lxPpPeKP7WNRSxPSe+oi/tpDt2aIh1k1U7FQtVFBUNjJqrPHGVMwK3F XX 9xLqj0vaE9QbzvcMzoe3obzyTnFydyksufNwqbcAAwcIAKkeezjzs0wJaQsxYkbD XX OiiPNMfcxzQoneNl5bSBEh2V1p2Yn6ULqQh6ENVXIIYDKALs2OjoRhGCuLh+SrMj XX +N0BaM9kTR6MKq2Ph24wJixmMRbcSJpkcqXsv9v7xxqJWgjU3ahI1Ln+IDfbDdgN XX qbqV3Ne8sr9qxnbMe2+aGaN9n2xXrforOfSgs8Q8bmkZMAjeAvRPO6oYO1gBG/mZ XX RLVv1KFOdzwARbpE697KDwrvuJmyFNvYDGO9VG/QKTVt4mebrCNd+WlT2qS0BUog XX sx4CS7jrj7jBGcOhBYOfu4w/O/HDWITy48ymhJtPtLc4NHpYByfzO4CZQxPDVY9W XX roOISQQYEQIACQUCSEU9bwIbDAAKCRCl8u02NZE4NPDqAKDNH+lqIk+poejpjiHT XX cFv6X4LcawCg4bqjYziIMrNIg8MukzLuOgHJV+o= XX =lwO2 XX -----END PGP PUBLIC KEY BLOCK----- Julian - -- Julian Stacey: BSDUnixLinux C Prog Admin SysEng Consult Munich www.berklix.com Mail plain ASCII text. HTML & Base64 text are spam. www.asciiribbon.org From claws at thewildbeast.co.uk Fri Jul 11 10:17:37 2008 From: claws at thewildbeast.co.uk (Paul) Date: Fri, 11 Jul 2008 09:17:37 +0100 Subject: make data available for a certain amount of time In-Reply-To: <9c8606aa0807100532h1d1a95a9o266604e60abdfd95@mail.gmail.com> References: <9c8606aa0807100116u4017ea40v483ce1408984c577@mail.gmail.com> <4875ECB0.2000406@gmail.com> <9c8606aa0807100532h1d1a95a9o266604e60abdfd95@mail.gmail.com> Message-ID: <20080711091737.5b75b1f0@thewildbeast> On Thu, 10 Jul 2008 14:32:20 +0200 "Sander de Bakker" wrote: > Any suggestions are appreciated. A perl or php solution should be possible (in theory ;). best regards Paul -- It isn't worth a nickel to two guys like you or me, but to a collector it is worth a fortune From roam at ringlet.net Fri Jul 11 12:38:59 2008 From: roam at ringlet.net (Peter Pentchev) Date: Fri, 11 Jul 2008 13:38:59 +0300 Subject: key generation in a script or non interactive mode? In-Reply-To: <412127D6-9160-476A-BE96-641FF5A86BF6@jabberwocky.com> References: <821A1558D8819A4BB700FFF265F6781F0666EADF@orsmsx505.amr.corp.intel.com> <0F1EBE8E-FF43-4BE3-B11A-0C93CB9E2DFD@jabberwocky.com> <821A1558D8819A4BB700FFF265F6781F0666EFB0@orsmsx505.amr.corp.intel.com> <821A1558D8819A4BB700FFF265F6781F0666F396@orsmsx505.amr.corp.intel.com> <412127D6-9160-476A-BE96-641FF5A86BF6@jabberwocky.com> Message-ID: <20080711103859.GC1093@straylight.m.ringlet.net> On Thu, Jul 10, 2008 at 08:25:55PM -0400, David Shaw wrote: > On Jul 10, 2008, at 5:41 PM, Afzal, Naeem M wrote: > > > > > Ok, I was able to resolve this issue. I have to set HOME=/root > > inside the shell to get it going. Now I have new problem, script > > runs ok from within this chroot fs, but when keys generation process > > just hangs with statement: > > > > "Not enough random bytes available. Please do some other work.... > > (Need 284 more bytes)" > > > > > > How can I force it to complete it? > > Your entropy source dried up. Normally I'd suggest wiggling the mouse > or poking at the keyboard to make some more entropy, but if you're > running completely unattended that may be hard (you may not even have > a mouse on that box). I usually do something like "find / -print0 | xargs -0 cksum", but that, of course, assumes that the kernel will gather entropy from the disk. > There is a good article on entropy gathering on Linux (I'm assuming > you are running Linux here) at http://lwn.net/Articles/283103/ Aye, this is a good article indeed, worth reading by both sysadmins and everyone else who is interested in randomness :) G'luck, Peter -- Peter Pentchev roam at ringlet.net roam at cnsys.bg roam at FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 When you are not looking at it, this sentence is in Spanish. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 195 bytes Desc: not available URL: From roam at ringlet.net Fri Jul 11 12:35:28 2008 From: roam at ringlet.net (Peter Pentchev) Date: Fri, 11 Jul 2008 13:35:28 +0300 Subject: make data available for a certain amount of time In-Reply-To: <20080710181427.5272f409@NOTE_GENTOO64.PHHEIMNETZ> References: <9c8606aa0807100116u4017ea40v483ce1408984c577@mail.gmail.com> <4875ECB0.2000406@gmail.com> <9c8606aa0807100532h1d1a95a9o266604e60abdfd95@mail.gmail.com> <20080710181427.5272f409@NOTE_GENTOO64.PHHEIMNETZ> Message-ID: <20080711103528.GB1093@straylight.m.ringlet.net> On Thu, Jul 10, 2008 at 06:14:27PM +0200, Florian Philipp wrote: > On Thu, 10 Jul 2008 14:32:20 +0200 > "Sander de Bakker" wrote: > > > Hello Faramir and Robert, > > > > thank you for the responses. > > > > I want everyone to be able to acces the data as long as the data is > > valid. When the data becomes invalid i want it to be inaccesible for > > everyone. > > > > I want to control and force when the data should be invalid, i was > > thinking of using the expiration of a gpg key. > > > > Any suggestions are appreciated. > > > > N00bical > > What I've seen once was a self-extracting archive built with bash. It > was basically a bash-script with some binary data attached to it. > > It was created with something like: > #!/bin/bash > cat script.sh archive.tar > archive.sh > > The script did something like > #!/bin/bash > tail -n 30 archive.sh | tar x Errr, that's a bit off-topic, but it is *much* easier to do that with shar (in the base system on most OS's, or in a package named sharutils or similar on most Linux distributions). Of course, shar wants to encode the binary data and thus makes the file a bit bigger than just a binary blob, but this is actually a good thing in view of all the weird and wonderful (not!) ways that various shells treat "special", "graphical", and other interesting characters. G'luck, Peter -- Peter Pentchev roam at ringlet.net roam at cnsys.bg roam at FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence claims to be an Epimenides paradox, but it is lying. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 195 bytes Desc: not available URL: From bhushan1988 at gmail.com Fri Jul 11 14:08:23 2008 From: bhushan1988 at gmail.com (Bhushan Jain) Date: Fri, 11 Jul 2008 17:38:23 +0530 Subject: File Extensions supported by GnuPG..... (Faramir) Message-ID: <62fd3c0a0807110508l181086c1w2bc23a7916a6610f@mail.gmail.com> Hi, I just want to know if there is some standard used by GnuPG in terms of extensions so that if I create an encrypted file or only signed file or signed and encrypted file using my own program, then the respective files would be compatible to GnuPG. Please suggest me the extensions I should use for the following file types:----------------- 1. Encrypt only 2. Sign only 3. Encrypt and sign Also if I create my own extensions say 3 different extensions for the above 3 type of files then will the encrypted files be compatible with GnuPG? If not which are the extensions the GnuPG would be compatible with? Thanks, ------------- Bhushan > Bhushan Jain escribi?: > > > Also, due to similar experiences what I have understood is that GnuPG > > supports following extensions for following cases:--- > > > > Encryption-----> .gpg > > > > Sign--------------> .asc > > > > I don't know if my understanding is correct or not. Can someone please > > state clearly which extensions are supported by GnuPG for following file > > types:-------- > > > > 1. Encrypt only > > 2. Sign only > > 3. Encrypt and sign > > As far as I know (mainly, by checking and unchecking the "Armored > ASCII" option in gpgshell, .gpg files can be encrypted or signed (or > detached signature) files... and .asc are also those kind of files, but > with the "standard" extension, used by pgp. In other words, gpg files > are for use with gpg (and programs gpg compatible... like uncompressing > a zip file using winrar), and asc files are for any program capable of > openpgp standard... But I may be wrong about the compatibility thing. I > am sure about you can chose if you want to use gpg file extension, or > asc file extension, to perform the same task. > > Best Regards... > -------------- next part -------------- An HTML attachment was scrubbed... URL: From pagerc at gmail.com Sat Jul 12 01:04:33 2008 From: pagerc at gmail.com (Raymond Page) Date: Fri, 11 Jul 2008 19:04:33 -0400 Subject: Data decryption invokes EOF/buffer underruns - help Message-ID: <70a576f10807111604p6ec74879g96e76b36b9953c9b@mail.gmail.com> Hi, I am having a problem decrypting a disk encryption key and I was hoping that someone on the list could help explain why the decryption seems not to work. I created the key a few years ago, and I don't recall exactly how it was generated. I was looking through the source to determine the EOF error and it seems caused by a buffer underrun, (might I recommend the text be changed to something more meaningful like EOB since its a buffer, not a file?) In any case, I would appreciate any comments or assistance that might help me figure out how to decrypt my disk key. $ gpg -vv --debug-all --passphrase-file pass-file key.gpg gpg: reading options from `/home/vostro/.gnupg/gpg.conf' Reading passphrase from file descriptor 0 gpg: DBG: fd_cache_open (key.gpg) not cached gpg: DBG: iobuf-1.0: open `key.gpg' fd=4 gpg: DBG: iobuf-1.0: underflow: req=8192 gpg: DBG: iobuf-1.0: underflow: got=4280 rc=0 gpg: DBG: armor-filter: control: 5 gpg: DBG: iobuf-1.1: push `armor_filter' gpg: DBG: armor-filter: control: 5 gpg: DBG: iobuf chain: 1.1 `armor_filter' filter_eof=0 start=0 len=0 gpg: DBG: iobuf chain: 1.0 `file_filter(fd)' filter_eof=0 start=0 len=4280 gpg: DBG: armor-filter: control: 1 gpg: DBG: iobuf-1.1: underflow: req=8192 gpg: DBG: armor-filter: control: 3 gpg: armor: BEGIN PGP MESSAGE gpg: armor header: Version: GnuPG v1.4.1 (GNU/Linux) gpg: DBG: iobuf-1.1: underflow: got=3089 rc=0 gpg: DBG: parse_packet(iob=1): type=3 length=13 (parse.../../g10/mainproc.c.1225) :symkey enc packet: version 4, cipher 3, s2k 3, hash 2 salt 2941cf0d39f6e260, count 65536 (96) gpg: CAST5 encrypted data gpg: DBG: free_packet() type=3 gpg: DBG: iobuf-1.2: push `block_filter' gpg: DBG: iobuf chain: 1.2 `block_filter' filter_eof=0 start=0 len=0 gpg: DBG: armor-filter: control: 5 gpg: DBG: iobuf chain: 1.1 `armor_filter' filter_eof=0 start=17 len=3089 gpg: DBG: iobuf chain: 1.0 `file_filter(fd)' filter_eof=0 start=4254 len=4280 gpg: DBG: init block_filter 0x8120e88 gpg: DBG: parse_packet(iob=1): type=9 length=0 (new_ctb) (parse.../../g10/mainproc.c.1225) :encrypted data packet: length: unknown gpg: encrypted with 1 passphrase gpg: DBG: iobuf-1.2: underflow: req=8192 gpg: DBG: iobuf-1.2: underflow: got=3069 rc=0 gpg: DBG: iobuf-1.3: push `decode_filter' gpg: DBG: iobuf chain: 1.3 `decode_filter' filter_eof=0 start=0 len=0 gpg: DBG: iobuf chain: 1.2 `block_filter' filter_eof=0 start=10 len=3069 gpg: DBG: armor-filter: control: 5 gpg: DBG: iobuf chain: 1.1 `armor_filter' filter_eof=0 start=3089 len=3089 gpg: DBG: iobuf chain: 1.0 `file_filter(fd)' filter_eof=0 start=4254 len=4280 gpg: DBG: iobuf-1.3: underflow: req=8192 gpg: DBG: iobuf-1.2: underflow: req=8192 gpg: DBG: iobuf-1.2: underflow: got=0 rc=-1 gpg: DBG: free block_filter 0x8120e88 gpg: DBG: iobuf-1.2: pop `(null)' in underflow (!len) gpg: DBG: armor-filter: control: 5 gpg: DBG: iobuf chain: 1.1 `armor_filter' filter_eof=0 start=3089 len=3089 gpg: DBG: iobuf chain: 1.0 `file_filter(fd)' filter_eof=0 start=4254 len=4280 gpg: DBG: iobuf-1.1: underflow: eof gpg: DBG: iobuf-1.3: underflow: got=3059 rc=0 gpg: DBG: parse_packet(iob=1): type=27 length=4087 (new_ctb) (parse.../../g10/mainproc.c.1225) :unknown packet: type 27, length 4087 dump: 58 13 06 27 fa 99 b0 13 5a ae 1f 9c d5 5f 9c 80 8b 83 2f bf 41 c4 73 fb 24: 38 13 66 4e fe 92 9f 4f de c5 d5 f5 f6 8b 0f 2e 48 26 58 49 47 18 eb b7 48: d9 8c 6f 5f 1f 37 9b 25 72 ee 4f e5 4a 55 a3 8c 82 10 0b 08 16 3a d1 32 72: ff 61 fa 58 23 86 a5 92 c1 dd f0 2e 51 23 f8 07 76 89 42 3f fb cb 77 70 96: ad 20 84 71 53 92 bf 2d 42 a6 64 ee 46 a6 6a fb 9a 21 26 12 46 7d 1e 5b 120: c4 f7 95 92 08 be be fa 3a 9a da d7 6b f9 2c f4 a3 c3 7e 3a c1 d6 42 0e .... 3000: 8c 54 f9 ed 11 8a 00 f7 0f 23 95 a5 da a9 68 3d a6 aa 1e 2c 5e f1 fb 50 3024: ad 40 46 d6 dd e6 de d7 96 a5 23 0f fa 1f 8b ae 71 b0 26 c3 23 d0 75 64 3048: 06 53 78 f8 10 b5 e7 30gpg: DBG: iobuf-1.3: underflow: req=8192 gpg: DBG: iobuf-1.1: underflow: req=8192 gpg: DBG: armor-filter: control: 3 gpg: DBG: iobuf-1.0: underflow: req=8192 gpg: DBG: iobuf-1.0: underflow: got=0 rc=-1 gpg: DBG: key.gpg: close fd 4 gpg: DBG: fd_cache_close (key.gpg) new slot created gpg: DBG: iobuf-1.0: underflow: eof gpg: DBG: iobuf-1.0: underflow: eof (due to filter eof) gpg: DBG: iobuf-1.1: underflow: got=0 rc=-1 gpg: DBG: armor-filter: control: 2 gpg: DBG: iobuf-1.1: pop `(null)' in underflow (!len) gpg: DBG: iobuf chain: 1.0 `[none]' filter_eof=0 start=4280 len=4280 gpg: DBG: iobuf-1.0: underflow: eof gpg: DBG: iobuf-1.3: underflow: got=0 rc=-1 gpg: DBG: iobuf-1.3: pop `(null)' in underflow (!len) gpg: DBG: iobuf chain: 1.0 `[none]' filter_eof=0 start=4280 len=4280 gpg: DBG: iobuf-1.0: underflow: eof EOFgpg: DBG: iobuf-1.0: underflow: eof (no filter) EOFgpg: DBG: iobuf-1.0: underflow: eof (no filter) EOFgpg: DBG: iobuf-1.0: underflow: eof (no filter) .... 4080: EOFgpg: DBG: iobuf-1.0: underflow: eof (no filter) EOFgpg: DBG: iobuf-1.0: underflow: eof (no filter) EOFgpg: DBG: iobuf-1.0: underflow: eof (no filter) EOFgpg: DBG: iobuf-1.0: underflow: eof (no filter) EOFgpg: DBG: iobuf-1.0: underflow: eof (no filter) EOFgpg: DBG: iobuf-1.0: underflow: eof (no filter) EOF gpg: DBG: iobuf-1.0: underflow: eof (no filter) gpg: decryption okay gpg: WARNING: message was not integrity protected gpg: DBG: free_packet() type=9 gpg: DBG: iobuf-1.0: underflow: eof (no filter) gpg: DBG: iobuf-1.0: close `(null)' random usage: poolsize=600 mixed=0 polls=0/2 added=10/176 outmix=0 getlvl1=0/0 getlvl2=0/0 secmem usage: 1696/2464 bytes in 4/7 blocks of pool 2464/32768 -- Raymond Page -------------- next part -------------- An HTML attachment was scrubbed... URL: From jhs at berklix.org Fri Jul 11 18:59:44 2008 From: jhs at berklix.org (Julian Stacey) Date: Fri, 11 Jul 2008 18:59:44 +0200 Subject: GPG encryption of binary sample requested. (fwd) In-Reply-To: Your message "Fri, 11 Jul 2008 02:32:35 +0200." <200807110032.m6B0WZDa059518@fire.js.berklix.net> Message-ID: <200807111659.m6BGxiUI005065@fire.js.berklix.net> "Julian Stacey" wrote: > Hi gnupg-users at gnupg.org > Could a few people please post to list saying they will private > mail me (off list) some encrypted binary junk please ? If you have OK, I have one sample from a freebsd.org list reader, & Chris on this list will send me one too, so thats enough samples Thanks. Worryingly, I seem to have a zlib problem. Here below is what I just posted to other list. I dont currently know if its a problem with my config or hardware (I just did a cold reboot & fsck) or ...other cause ... My zlib versions are whatever standard on latest FreeBSD release 7.0 & earlier 6.2. I'll look more at that later. ------------- ] to: hackers at freebsd.org ] ] Summary: A problem in zlib is confirmed here (for mail gpg decryption), ] do others see this too or have comment please ? ] ] Re my: ] > Could a few people please post to list saying they will private ] > mail me (off list) some encrypted binary junk please ? If you have ] > a Microsoft PC (or non BSD) to mail binary junk from, so much the ] > better, but some BSD too would help. ] ] 3 Samples: ] ] Ivan Voras sent extract below. ] > User-agent: Thunderbird 2.0.0.14 (X11/20080505) ] ..... ] ] > This is an OpenPGP/MIME encrypted message (RFC 2440 and 3156) ] > --------------enigB5EAC3335274D5D400B6D1CA ] > Content-Type: application/pgp-encrypted ] > Content-Description: PGP/MIME version identification ] > ] > Version: 1 ] > ] > --------------enigB5EAC3335274D5D400B6D1CA ] > Content-Type: application/octet-stream; name="encrypted.asc" ] > Content-Description: OpenPGP encrypted message ] > Content-Disposition: inline; filename="encrypted.asc" ] > ] > -----BEGIN PGP MESSAGE----- ] > Version: GnuPG v1.4.6 (GNU/Linux) ] > ] > hQIOA/uC25joLDZ6EAf+N4k9AImLAcSuBjG5rmfyc23WMjQum7vQ3LhaCI3lRfrH ] ] 221903 lines deleted ] ] > tY1rdGkrZ0YZ5ECQHSkBvroUNCjbbmqngnE39Do7cxtGJRMimlZfGf/xporskUkI ] > eO8ncINtD8NGOqFilyZv ] > =MTbn ] > -----END PGP MESSAGE----- ] > ] > --------------enigB5EAC3335274D5D400B6D1CA-- ] Thanks Ivan ! ] ] My EXMH-2.7.2 on FreeBSD-6.2 amd64 reported: ] encrypted with ELG-E key, ID 149FDD60 ] encrypted with 2048-bit ELG-E key, ID E82C367A, created 2008-06-04 ] "Julian H. Stacey (20080604103910) " ] fatal: zlib inflate problem: invalid distance code ] secmem usage: 2784/4128 bytes in 6/10 blocks of pool 6112/32768 ] ] ] Gary J mailed me from FreeBSD (current I guess) ] X-mailer: Claws Mail 3.5.0 (GTK+ 2.10.14; amd64-portbld-freebsd8.0) ] & EXMH reported ] encrypted with 2048-bit ELG-E key, ID F61A79A1, created 2008-06-03 ] "Gary Jennejohn (Lee) " ] encrypted with 2048-bit ELG-E key, ID E82C367A, created 2008-06-04 ] "Julian H. Stacey (20080604103910) " ] [don't know]: invalid packet (ctb=51) ] [don't know]: invalid packet (ctb=41) ] WARNING: encrypted message has been manipulated! ] [don't know]: invalid packet (ctb=41) ] no valid OpenPGP data found. ] ] ] A Microsoft user sent me a gpg encoded MIME enclosure ] I clicked to save that then reported: ] file file.asc ] PGP armored data message ] gpg -d -o xx file.asc ] You need a passphrase to unlock the secret key for ] user: "Julian H. Stacey (20080604103910) " ] 2048-bit ELG-E key, ID E82C367A, created 2008-06-04 (main key ID F986DFE1) ] ] gpg: encrypted with 2048-bit ELG-E key, ID E82C367A, created 2008-06-04 ] "Julian H. Stacey (20080604103910) " ] gpg: fatal: zlib inflate problem: invalid distance code ] secmem usage: 2048/3712 bytes in 4/8 blocks of pool 4832/32768 ] ] I ran: ] cd /usr/src ; find . -name \*zlib\* | xargs touch ; make all install ] exited & restarted exmh & retyped passphrase, & problem persists. ] ] I tried running EXMH on 7.0 686 ( very slow, problems with NFS/AMD ] (or maybe some gbde linked ~/.* initialisers ) & still a problem ] with zlib. ] ] I would try claws-mail, but a problem with gpg-agent (maybe local net related?) ] I guess I'll try thunderbird. ] Any comments/ ideas very welcome. ------------- Julian -- Julian Stacey: BSDUnixLinux C Prog Admin SysEng Consult Munich www.berklix.com Mail plain ASCII text. HTML & Base64 text are spam. www.asciiribbon.org From jelledejong at powercraft.nl Sun Jul 13 11:08:55 2008 From: jelledejong at powercraft.nl (Jelle de Jong) Date: Sun, 13 Jul 2008 11:08:55 +0200 Subject: debug-ccid-cardreader Message-ID: <4879C627.7030707@powercraft.nl> This message contains the following attachment(s): debug-ccid-cardreader.txt Hello everybody, Thank you for all your work on gnupg. I got a few issues with my smartcard system, it does not work anymore. I attached some debug info. Hopefully somebody can help me. Thanks in advance, Jelle -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: debug-ccid-cardreader.txt URL: From kissg at ssg.ki.iif.hu Mon Jul 14 11:32:53 2008 From: kissg at ssg.ki.iif.hu (Kiss Gabor (Bitman)) Date: Mon, 14 Jul 2008 11:32:53 +0200 (CEST) Subject: gpg-agent ignores preset passphrase Message-ID: Dear folks, I tried to use "preset passphrase" feature but it does not work. Log shows that gpg-agent seemingly receives passphrase but later when agent should use the cached passphrase it ask for it again from pinentry. Is the problem mentioned by Andreas Hartmann fixed? (http://www.mail-archive.com/gnupg-users at gnupg.org/msg01518.html) I have gpg-agent version 2.0.0 from Debian package gnupg-agent 2.0.0-5.2. Detailed logs: gpg-agent starts and receives passphrase: 2008-07-14 11:07:32 gpg-agent[30422] listening on socket `/tmp/gpg-qj39fc/S.gpg-agent' 2008-07-14 11:07:58 gpg-agent[30423] handler 0x808b688 for fd 7 started gpg-agent[30423.7] DBG: -> OK Pleased to meet you gpg-agent[30423.7] DBG: <- OPTION ttyname=/dev/pts/9 gpg-agent[30423.7] DBG: -> OK gpg-agent[30423.7] DBG: <- OPTION ttytype=xterm gpg-agent[30423.7] DBG: -> OK gpg-agent[30423.7] DBG: <- OPTION lc-ctype=en_US gpg-agent[30423.7] DBG: -> OK gpg-agent[30423.7] DBG: <- OPTION lc-messages=en_US gpg-agent[30423.7] DBG: -> OK gpg-agent[30423.7] DBG: <- PRESET_PASSPHRASE xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx -1 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 2008-07-14 11:07:58 gpg-agent[30423] DBG: agent_put_cache `xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' requested ttl=-1 mode=1 gpg-agent[30423.7] DBG: -> OK gpg-agent[30423.7] DBG: <- [EOF] 2008-07-14 11:07:58 gpg-agent[30423] handler 0x808b688 for fd 7 terminated Later I run gpgsm that contacts gpg-agent: gpg-agent[30442.0] DBG: -> OK Pleased to meet you gpg-agent[30442.0] DBG: <- RESET gpg-agent[30442.0] DBG: -> OK gpg-agent[30442.0] DBG: <- OPTION ttyname=/dev/pts/9 gpg-agent[30442.0] DBG: -> OK gpg-agent[30442.0] DBG: <- OPTION ttytype=xterm gpg-agent[30442.0] DBG: -> OK gpg-agent[30442.0] DBG: <- OPTION lc-ctype=en_US gpg-agent[30442.0] DBG: -> OK gpg-agent[30442.0] DBG: <- OPTION lc-messages=en_US gpg-agent[30442.0] DBG: -> OK gpg-agent[30442.0] DBG: <- HAVEKEY xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx gpg-agent[30442.0] DBG: -> OK gpg-agent[30442.0] DBG: <- ISTRUSTED xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx gpg-agent[30442.0] DBG: -> OK gpg-agent[30442.0] DBG: <- RESET gpg-agent[30442.0] DBG: -> OK gpg-agent[30442.0] DBG: <- SIGKEY xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx gpg-agent[30442.0] DBG: -> OK gpg-agent[30442.0] DBG: <- SETKEYDESC Please+enter+the+passphrase+to+unlock+the+secret+key+for:%0Ablahblahblah... gpg-agent[30442.0] DBG: -> OK gpg-agent[30442.0] DBG: <- SETHASH 2 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx gpg-agent[30442.0] DBG: -> OK gpg-agent[30442.0] DBG: <- PKSIGN 2008-07-14 11:10:00 gpg-agent[30442] DBG: agent_get_cache `xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'... 2008-07-14 11:10:00 gpg-agent[30442] DBG: ... miss 2008-07-14 11:10:00 gpg-agent[30442] starting a new PIN Entry 2008-07-14 11:10:00 gpg-agent[30442] DBG: connection to PIN entry established Then if I enter the same passphrase as for gpg-preset-passphrase gpg-agent works well. $GNUPGHOME/gpg-agent.conf: allow-preset-passphrase verbose verbose verbose verbose verbose debug-level guru log-file /tmp/gpg-agent.log Agents running at the moment of calling pinentry: USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND foobar 30423 0.0 0.1 4340 688 ? Ss 11:07 0:00 gpg-agent --daemon --allow-preset-passphrase --write-env-file=/var/run/foo/gpg-agent-info foobar 30442 0.0 0.1 4344 956 pts/9 SL+ 11:10 0:00 gpg-agent --server Any hints will be appreciated. Gabor From kurtc1972 at gmail.com Tue Jul 15 07:59:08 2008 From: kurtc1972 at gmail.com (kurt c) Date: Mon, 14 Jul 2008 22:59:08 -0700 Subject: question about hkp protocol Message-ID: <7a26d9ab0807142259x6b6d7187x5185ff834ddc03b9@mail.gmail.com> Hello. I have a beginner question, I hope you guys don't mind. I'd like to know why it is that when the key server website is in the hkp protocol, I can never access it through my web browser. For example, if I type the url hkp://random.sks.keyserver.penguine.de into my Firefox browser, it will say: Firefox doesn't know how to open this address because it's not associated with any program. I similarly can never export my public key through my GPA if the key server is in the hkp protocol. Can anyone enlighten me as to the reason for this? How can I access hkp sites? Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: From JPClizbe at tx.rr.com Tue Jul 15 20:55:56 2008 From: JPClizbe at tx.rr.com (John Clizbe) Date: Tue, 15 Jul 2008 13:55:56 -0500 Subject: question about hkp protocol In-Reply-To: <7a26d9ab0807142259x6b6d7187x5185ff834ddc03b9@mail.gmail.com> References: <7a26d9ab0807142259x6b6d7187x5185ff834ddc03b9@mail.gmail.com> Message-ID: <487CF2BC.8060604@tx.rr.com> kurt c wrote: > Hello. I have a beginner question, I hope you guys don't mind. > > I'd like to know why it is that when the key server website is in the > hkp protocol, I can never access it through my web browser. For example, > if I type the url hkp://random.sks.keyserver.penguine.de > into my Firefox browser, it > will say: Firefox doesn't know how to open this address because it's not > associated with any program. I similarly can never export my public key > through my GPA if the key server is in the hkp protocol. Can anyone > enlighten me as to the reason for this? How can I access hkp sites? HKP is implemented with HTTP over port 11371. It is not itself a browser protocol. However, many keyservers operate web interfaces as well as the automated responses. These web interfaces also operate on port 11371. For restrictive firewalls, I know of several modern SKS keyservers that also listen on port 80. And three that will accept commands via email. hkp://pool.sks-keyservers.net is equivalent to http://pool.sks-keyservers.net:11371 Web server interfaces are primarily used for searching. It's easiest to let GnuPG handle the details of submitting your key: gpg --keyserver keyserver.gingerbear.net --send-key 0xdecafbad If you /really/ need to use the web interface, just don't type hkp:// as part of the URL (you may type http://, but it's not needed) and be sure to add :11371 to the host name keyserver.gingerbear.net:11371 Most browsers will automatically prefix http:// if it is absent BTW, pool.sks-keyservers.net should be used as a replacement for random.sks.keyserver.penguin.de. It is no longer regularly being updated. -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 654 bytes Desc: OpenPGP digital signature URL: From kurtc1972 at gmail.com Wed Jul 16 04:54:38 2008 From: kurtc1972 at gmail.com (kurt c) Date: Tue, 15 Jul 2008 19:54:38 -0700 Subject: question about hkp protocol In-Reply-To: <487CF2BC.8060604@tx.rr.com> References: <7a26d9ab0807142259x6b6d7187x5185ff834ddc03b9@mail.gmail.com> <487CF2BC.8060604@tx.rr.com> Message-ID: <487D62EE.2070903@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John Clizbe wrote: > kurt c wrote: >> Hello. I have a beginner question, I hope you guys don't mind. >> >> I'd like to know why it is that when the key server website is in the >> hkp protocol, I can never access it through my web browser. For example, >> if I type the url hkp://random.sks.keyserver.penguine.de >> into my Firefox browser, it >> will say: Firefox doesn't know how to open this address because it's not >> associated with any program. I similarly can never export my public key >> through my GPA if the key server is in the hkp protocol. Can anyone >> enlighten me as to the reason for this? How can I access hkp sites? > > HKP is implemented with HTTP over port 11371. It is not itself a browser protocol. > > However, many keyservers operate web interfaces as well as the automated > responses. These web interfaces also operate on port 11371. > > For restrictive firewalls, I know of several modern SKS keyservers that also > listen on port 80. And three that will accept commands via email. > > hkp://pool.sks-keyservers.net is equivalent to http://pool.sks-keyservers.net:11371 > > Web server interfaces are primarily used for searching. > > It's easiest to let GnuPG handle the details of submitting your key: > > gpg --keyserver keyserver.gingerbear.net --send-key 0xdecafbad > > If you /really/ need to use the web interface, just don't type hkp:// as part of > the URL (you may type http://, but it's not needed) and be sure to add :11371 to > the host name > > keyserver.gingerbear.net:11371 > > Most browsers will automatically prefix http:// if it is absent > > BTW, pool.sks-keyservers.net should be used as a replacement for > random.sks.keyserver.penguin.de. It is no longer regularly being updated. > > Thanks John. My next question is then: why is it that when I tried to send my public key to a key server (whether it starts with hkp or http) using my GPA, the popup said: "there is no plugin available for this protocol". What plugin am I missing? (Excuse me for the PGP signature. I'm using Enigmail/Thunderbird and I don't feel like turning off the signature now.) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIfWLuE7PX/Y51jV8RAoFzAKDN63RdgmfgGtxJtsvzEmvElF/h/QCfa0SJ WArDE5xObrqkqaDvSozC6BE= =BiiO -----END PGP SIGNATURE----- From db111 at freemail.hu Wed Jul 16 07:14:29 2008 From: db111 at freemail.hu (Csabi) Date: Wed, 16 Jul 2008 07:14:29 +0200 (CEST) Subject: gpg.conf Message-ID: Hi all, I'm interesting about all options of gpg.conf. Can somebody send me an example gpg.conf which is contain all option? I read /usr/share/gnupg/options.skel but this file not contains all the options. I'm interesting about how to set the preferred encryption algorithm, preferred hash algorithm and preferred compression algorithm. Sorry if my question was trivial, i'm a beginner. Bye: Csabi From laurent.jumet at skynet.be Wed Jul 16 09:22:48 2008 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Wed, 16 Jul 2008 09:22:48 +0200 Subject: gpg.conf In-Reply-To: Message-ID: Hello Csabi ! Csabi wrote: > I'm interesting about all options of gpg.conf. > Can somebody send me an example gpg.conf which is contain all option? > I read /usr/share/gnupg/options.skel but this file not contains all the > options. I'm interesting about how to set the preferred encryption > algorithm, preferred hash algorithm and preferred compression algorithm. Here you can download the manual for GnuPG 1.4.9 in a 14 pages convenient mode for printing: In PDF: http://users.skynet.be/laurent.jumet/MyMan_GnuPG-149.pdf In .DOC: http://users.skynet.be/laurent.jumet/MyMan_GnuPG-149.doc -- Laurent Jumet KeyID: 0xCFAF704C From JPClizbe at tx.rr.com Wed Jul 16 10:13:03 2008 From: JPClizbe at tx.rr.com (John Clizbe) Date: Wed, 16 Jul 2008 03:13:03 -0500 Subject: question about hkp protocol In-Reply-To: <487D62EE.2070903@gmail.com> References: <7a26d9ab0807142259x6b6d7187x5185ff834ddc03b9@mail.gmail.com> <487CF2BC.8060604@tx.rr.com> <487D62EE.2070903@gmail.com> Message-ID: <487DAD8F.3080702@tx.rr.com> kurt c wrote: > Thanks John. My next question is then: why is it that when I tried to > send my public key to a key server (whether it starts with hkp or http) > using my GPA, the popup said: "there is no plugin available for this > protocol". What plugin am I missing? I don't use GPA. I don't care for the interface. You might try entering only the server, no protocol, no port. The command I gave in the the last mail will do it for you from a Windows command line. gpg --keyserver keyserver.gingerbear.net --send-key 0x8E758D5F > (Excuse me for the PGP signature. I'm using Enigmail/Thunderbird and I > don't feel like turning off the signature now.) Just click the pen in the lower right of the compose window to toggle signing off or on. BTW, Enigmail will also do this for you. In Thunderbird, OpenPGP --> Open Key Manager. Single-click your key to select it, right-click for the context menu, chose 'Upload Public Keys to Keyserver' (or 'Upload Public Keys' from the Keyserver pull-down menu). Select one of the existing servers or type in one of your choosing, only the server name is needed. Click OK. Wait about an hour before pinging keyservers to see if your key is there if you used random... or pool... It takes a while for servers to synchronize. If you use a single server, you can check it right away. But it may still take 1-2 hours to show up on all the servers. -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 656 bytes Desc: OpenPGP digital signature URL: From bhushan1988 at gmail.com Wed Jul 16 15:57:04 2008 From: bhushan1988 at gmail.com (Bhushan Jain) Date: Wed, 16 Jul 2008 19:27:04 +0530 Subject: File Extensions supported by GnuPG Message-ID: <62fd3c0a0807160657t3b7db3a5nc09e18b387cf08cc@mail.gmail.com> Hi, I just want to know if there is some standard used by GnuPG in terms of extensions so that if I create an encrypted file or only signed file or signed and encrypted file using my own program, then the respective files would be compatible to GnuPG. Please suggest me the extensions I should use for the following file types:----------------- 1. Encrypt only 2. Sign only 3. Encrypt and sign Also if I create my own extensions say 3 different extensions for the above 3 type of files then will the encrypted files be compatible with GnuPG? If not which are the extensions the GnuPG would be compatible with? Thanks, ------------- Bhushan -------------- next part -------------- An HTML attachment was scrubbed... URL: From faramir.cl at gmail.com Wed Jul 16 21:40:08 2008 From: faramir.cl at gmail.com (Faramir) Date: Wed, 16 Jul 2008 15:40:08 -0400 Subject: gpg.conf In-Reply-To: References: Message-ID: <487E4E98.7060903@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Csabi escribi?: > Hi all, > > I'm interesting about all options of gpg.conf. > Can somebody send me an example gpg.conf which is contain all option? > I read /usr/share/gnupg/options.skel but this file not contains all the > options. I'm interesting about how to set the preferred encryption > algorithm, preferred hash algorithm and preferred compression algorithm. > > Sorry if my question was trivial, i'm a beginner. This is what I have in my gpg.conf file: keyserver hkp://pool.sks-keyservers.net keyserver-options auto-key-retrieve include-disabled photo-viewer c:\archivos de programa\gpgshell\gpgview.exe %i /title 0x%k personal-cipher-preferences AES256 TWOFISH AES192 AES BLOWFISH CAST5 3DES personal-digest-preferences SHA256 SHA1 SHA512 SHA384 SHA224 RIPEMD160 MD5 personal-compress-preferences ZIP ZLIB BZIP2 Z0 ask-cert-level keyid-format 0xSHORT no-greeting no-mdc-warning The first line is the prefered keyserver, and since I was told that server is actually a group of servers, it very reliable. I disabled the auto-key-retrieve, I don't remember why. I don't have any idea about the third line, it was added by gpgshell (a GUI for gpg). and the lines starting with "personal", are my preferences. And I don't where the other lines came from, probably from gpgshell. Best Regards P.S: I am a beginner too... -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJIfk6YAAoJEMV4f6PvczxAzeAH+wSofh8eITnIyYhOXyoGomkH idVq0FdQt7l77Y1SNsHWIsGDCrsUX265Dy2s4IzQvPFUSTg1oGfwXca/cf+GTBTK JyiAN2dF8A2znNOU/qc6sY8VaSumHVx55eibF4r2JPElGPiF2vkyHBf8IbIrqS/K GtLlphMmgbzWCnZAZMtfJ0VFj0GOjAGGsmBzU/2+qWMEPAp6v7eewDR3Qy0Q0sAs 1VEfy2DB4yNT1MdkERl7CHzQ+7IlzAHX4Js5RDGIc/Ksc85jmZpUzYhPkKux7UZv YDZOkTpHIDfXFOJk25FK1BBfZPipmYmwNel/EwJeLJ7fu02CerEy5bAIszJftqo= =2hEh -----END PGP SIGNATURE----- From kurtc1972 at gmail.com Thu Jul 17 05:59:35 2008 From: kurtc1972 at gmail.com (kurt c) Date: Wed, 16 Jul 2008 20:59:35 -0700 Subject: question about hkp protocol In-Reply-To: <487DAD8F.3080702@tx.rr.com> References: <7a26d9ab0807142259x6b6d7187x5185ff834ddc03b9@mail.gmail.com> <487CF2BC.8060604@tx.rr.com> <487D62EE.2070903@gmail.com> <487DAD8F.3080702@tx.rr.com> Message-ID: <487EC3A7.5030706@gmail.com> John Clizbe wrote: > kurt c wrote: >> Thanks John. My next question is then: why is it that when I tried to >> send my public key to a key server (whether it starts with hkp or http) >> using my GPA, the popup said: "there is no plugin available for this >> protocol". What plugin am I missing? > > I don't use GPA. I don't care for the interface. > > You might try entering only the server, no protocol, no port. > > The command I gave in the the last mail will do it for you from a Windows > command line. > > gpg --keyserver keyserver.gingerbear.net --send-key 0x8E758D5F > >> (Excuse me for the PGP signature. I'm using Enigmail/Thunderbird and I >> don't feel like turning off the signature now.) > > Just click the pen in the lower right of the compose window to toggle signing > off or on. > > BTW, Enigmail will also do this for you. > > In Thunderbird, OpenPGP --> Open Key Manager. Single-click your key to select > it, right-click for the context menu, chose 'Upload Public Keys to Keyserver' > (or 'Upload Public Keys' from the Keyserver pull-down menu). Select one of the > existing servers or type in one of your choosing, only the server name is > needed. Click OK. > > Wait about an hour before pinging keyservers to see if your key is there if you > used random... or pool... It takes a while for servers to synchronize. If you > use a single server, you can check it right away. But it may still take 1-2 > hours to show up on all the servers. > Hi John, thanks so much for the thorough reply. I wasn't able to implement your direction at all, though. You said: " In Thunderbird, OpenPGP --> Open Key Manager. Single-click your key to select > it, right-click for the context menu, chose 'Upload Public Keys to Keyserver' > (or 'Upload Public Keys' from the Keyserver pull-down menu). Select one of the > existing servers or type in one of your choosing, only the server name is > needed. Click OK." When I did that, the popup appeared: "sending of keys failed gpgkeys: this keyserver type only supports key retrieval gpg: sending key -------- to hkp server keyserver.pramberger.at gpg: keyserver communications error: file read error gpg: keyserver send failed: file read error" This happened with every keyserver I chose, so I don't think it is a problem with keyserver, but with me. What exactly am I missing here? Do you know? And when I opened up my command prompt and typed in the command you suggested, I got the reply that "pgp is not a valid internal or external command". Is there some configuration of environment variable or something like that which I need to do beforehand? Thanks John for your time. From JPClizbe at tx.rr.com Thu Jul 17 06:55:18 2008 From: JPClizbe at tx.rr.com (John Clizbe) Date: Wed, 16 Jul 2008 23:55:18 -0500 Subject: question about hkp protocol In-Reply-To: <487EC3A7.5030706@gmail.com> References: <7a26d9ab0807142259x6b6d7187x5185ff834ddc03b9@mail.gmail.com> <487CF2BC.8060604@tx.rr.com> <487D62EE.2070903@gmail.com> <487DAD8F.3080702@tx.rr.com> <487EC3A7.5030706@gmail.com> Message-ID: <487ED0B6.2070506@tx.rr.com> kurt c wrote: > "sending of keys failed > gpgkeys: this keyserver type only supports key retrieval > gpg: sending key -------- to hkp server keyserver.pramberger.at There is ABSOLUTELY NO security benefit to hiding the key ID. It only makes those trying to help you have a more difficult task. You signed an earlier message, anyone can get the key ID from that, 0x8E758D5F. > gpg: keyserver communications error: file read error > gpg: keyserver send failed: file read error" > > This happened with every keyserver I chose, so I don't think it is a > problem with keyserver, but with me. What exactly am I missing here? Do > you know? I know from the message you signed that you're running GnuPG 1.4.7. Are you by chance running Windows Vista? I so, you need to upgrade GnuPG to version 1.4.9. There's a bug in keyserver access for which the fix was committed a couple weeks after 1.4.7's release. 1.4.8 has a security issue fixed in 1.4.9. You may get the installer at ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.9.exe > And when I opened up my command prompt and typed in the command you > suggested, I got the reply that "pgp is not a valid internal or external ^^^ You typed pgp. The command is gpg. I even edited it for your keyID. Copy and paste the exact command gpg --keyserver keyserver.gingerbear.net --send-key 0x8E758D5F If gpg is not found on your path, it will be necessary to change to the directory where you installed GnuPG, usually C:\Program Files\Gnu\GnuPG > command". Is there some configuration of environment variable or > something like that which I need to do beforehand? -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 656 bytes Desc: OpenPGP digital signature URL: From josh.cepek at usa.net Thu Jul 17 07:51:26 2008 From: josh.cepek at usa.net (Josh Cepek) Date: Thu, 17 Jul 2008 00:51:26 -0500 Subject: File Extensions supported by GnuPG In-Reply-To: <62fd3c0a0807160657t3b7db3a5nc09e18b387cf08cc@mail.gmail.com> References: <62fd3c0a0807160657t3b7db3a5nc09e18b387cf08cc@mail.gmail.com> Message-ID: <487EDDDE.8050907@usa.net> Bhushan Jain wrote: > Hi, > I just want to know if there is some standard used by GnuPG in terms of > extensions so that if I create an encrypted file or only signed file or > signed and encrypted file using my own program, then the respective > files would be compatible to GnuPG. By convention the extension .gpg is used for encrypted/binary data and .asc or .sig is used for detached or clearsign signatures. The extension doesn't really matter since it is only by convention that these extensions are used. However, it is recommended to use .sig or .asc for signatures and .gpg for binary data (such as encrypted files) so the recipient knows what to expect. In addition, when verifying, GPG expects the source data in a file without the .asc or .sig extension (otherwise you usually have to point GPG to the source data to verify against.) For all GPG cares you could use .jpg for the file extension of signed/encrypted data (but I highly recommend against this!) > Please suggest me the extensions I should use for the following file > types:----------------- I've indicated the default file extensions below with a short gpg example that generates files with these defaults. I've used "--default-recipient-self" to cause any encryption operation to encrypt to your own key. > 1. Encrypt only .gpg is the conventional extension, and is automatically used as in the following command: `gpg -e --default-recipient-self test_file.txt` > 2. Sign only For creating a detached signature the extensions .sig or .asc are standard with .sig being the gpg default as in the following sample: `gpg --detach-sign test_file.txt` When using clear text signatures (where ASCII armored text denotes the start and end of the original message and signature elements) .asc is the default extension as in the following sample: `gpg --clearsign test_file.txt` When used only with the --sign option the original data will be included in the binary result and the default extension is .gpg > 3. Encrypt and sign The conventional extension for a signed and encrypted messages is .gpg and the resulting file will contain both the encrypted message as well as the signature. The following example will create a signed & encrypted .gpg file: `gpg -s -e --default-recipient-self test_file.txt` > Also if I create my own extensions say 3 different extensions for the > above 3 type of files then will the encrypted files be compatible with > GnuPG? > > If not which are the extensions the GnuPG would be compatible with? As long as you call GPG in a valid manor you can use any extension you want, although I'd suggest using the conventional extensions for ease of use and best understanding. Also note that OS's that operate on a file based on its extension (such as Windows) may take different actions depending on the extension in use. > Thanks, > ------------- > Bhushan Hope this helped! -- Josh -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From bhushan1988 at gmail.com Thu Jul 17 08:47:25 2008 From: bhushan1988 at gmail.com (Bhushan Jain) Date: Thu, 17 Jul 2008 12:17:25 +0530 Subject: File Extensions supported by GnuPG In-Reply-To: <487EDDDE.8050907@usa.net> References: <62fd3c0a0807160657t3b7db3a5nc09e18b387cf08cc@mail.gmail.com> <487EDDDE.8050907@usa.net> Message-ID: <62fd3c0a0807162347n58839070i35b89cfb56d2089@mail.gmail.com> Hi, Thanks for the reply. It was really a lot informative and well explained. But I am sorry that it still doesn't solve the problem. I am attaching with this mail an original file, a file encrypted and signed having an extension .gpgasc,a zip folder containing my keys(both secret and public)(it contains a single key for a single user) and the password for the secret key is "bhushan". The error for the command gpg --decrypt-files license.txt.gpgasc is :------ gpg: license.txt.gpgasc: unknown suffix You can check it if you wish to.......... And then as soon as I change the extension from .gpgasc to .gpg The file gets decrypted correctly and the signature is verified. I am not understanding why? Please help me! Thanks, ----------- Bhushan -------------- next part -------------- A non-text attachment was scrubbed... Name: gnupg.zip Type: application/zip Size: 4075 bytes Desc: not available URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: license.txt URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: license.txt.gpgasc Type: application/octet-stream Size: 1530 bytes Desc: not available URL: From bhushan1988 at gmail.com Thu Jul 17 10:16:02 2008 From: bhushan1988 at gmail.com (Bhushan Jain) Date: Thu, 17 Jul 2008 13:46:02 +0530 Subject: File Extensions supported by GnuPG In-Reply-To: <487EFAE6.3000203@radde.name> References: <62fd3c0a0807160657t3b7db3a5nc09e18b387cf08cc@mail.gmail.com> <487EDDDE.8050907@usa.net> <62fd3c0a0807162347n58839070i35b89cfb56d2089@mail.gmail.com> <487EFAE6.3000203@radde.name> Message-ID: <62fd3c0a0807170116w7c8b698cm90ebf50d1e977cdf@mail.gmail.com> Hi Sven, You have solved all my problems. The two commands given by you works great! You rock man!!! Thanks, ------------- Bhushan -------------- next part -------------- An HTML attachment was scrubbed... URL: From jelledejong at powercraft.nl Thu Jul 17 15:10:17 2008 From: jelledejong at powercraft.nl (Jelle de Jong) Date: Thu, 17 Jul 2008 15:10:17 +0200 Subject: debug-ccid-cardreader In-Reply-To: <4879C627.7030707@powercraft.nl> References: <4879C627.7030707@powercraft.nl> Message-ID: <487F44B9.4030900@powercraft.nl> Jelle de Jong wrote: > This message contains the following attachment(s): > debug-ccid-cardreader.txt > > Hello everybody, > > Thank you for all your work on gnupg. I got a few issues with my > smartcard system, it does not work anymore. > > I attached some debug info. > > Hopefully somebody can help me. > > Thanks in advance, > > Jelle > http://filebin.ca/eyrxrq/smarcard-debug.txt I am 100% sure the PIN is correct, I had the same problem a few months ago could not solve it. I tried again this week, and it was working fine again, and the next day the same problem again... I don't now what is wrong but i need to sign a package but cant do it anymore... somebody that ca help me? What the is wrong with my card reader? Thank in advance, Jelle -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: smarcard-debug.txt URL: From sbly585 at me.com Thu Jul 17 19:23:42 2008 From: sbly585 at me.com (Scott Blystone) Date: Thu, 17 Jul 2008 13:23:42 -0400 Subject: GPG Command Line Question Message-ID: <3069F70D-EB25-4B8B-BDF3-A2B73F229D08@me.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All, I have what I think is a fairly simple GPG question, but the answer seems to be alluding me no matter how much I go over the documentation. I want to export a public key from the command line but in minimal format with everything except the self-signatures removed. In reading the docs it looks as if "gpg --export-minimal ..." should work, but I keep getting invalid command messages. What is the proper syntax, please? - -- Scott Blystone Rochester, NY -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: GSWoT:US61 Gossamer Spider Web of Trust www.gswot.org Comment: Scott Blystone Rochester, NY sab at gswot.org Comment: Public key available at subkeys.pgp.net iEYEARECAAYFAkh/gB4ACgkQ8YNOqw3ZUkF/9gCeNTU2q4F06LOdktI7vYL36RfU IfMAnixPTxze5vp0CefDrWn1KsfupTgH =Od3S -----END PGP SIGNATURE----- From JPClizbe at tx.rr.com Thu Jul 17 21:16:13 2008 From: JPClizbe at tx.rr.com (John Clizbe) Date: Thu, 17 Jul 2008 14:16:13 -0500 Subject: GPG Command Line Question In-Reply-To: <3069F70D-EB25-4B8B-BDF3-A2B73F229D08@me.com> References: <3069F70D-EB25-4B8B-BDF3-A2B73F229D08@me.com> Message-ID: <487F9A7D.1020108@tx.rr.com> Scott Blystone wrote: > I have what I think is a fairly simple GPG question, but the answer > seems to be alluding me no matter how much I go over the > documentation. I want to export a public key from the command line but > in minimal format with everything except the self-signatures removed. > In reading the docs it looks as if "gpg --export-minimal ..." should > work, but I keep getting invalid command messages. What is the proper > syntax, please? gpg --export-options export-minimal --export 0xdecafbad -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 656 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Thu Jul 17 21:19:02 2008 From: wk at gnupg.org (Werner Koch) Date: Thu, 17 Jul 2008 21:19:02 +0200 Subject: GPG Command Line Question In-Reply-To: <3069F70D-EB25-4B8B-BDF3-A2B73F229D08@me.com> (Scott Blystone's message of "Thu, 17 Jul 2008 13:23:42 -0400") References: <3069F70D-EB25-4B8B-BDF3-A2B73F229D08@me.com> Message-ID: <87wsjknwt5.fsf@wheatstone.g10code.de> On Thu, 17 Jul 2008 19:23, sbly585 at me.com said: > In reading the docs it looks as if "gpg --export-minimal ..." should > work, but I keep getting invalid command messages. What is the proper > syntax, please? This is not a regular option but an argument to the export-options option: $ gpg --export-options help export-local-sigs export signatures that are marked as local-only export-attributes export attribute user IDs (generally photo IDs) export-sensitive-revkeys export revocation keys marked as "sensitive" export-reset-subkey-passwd remove the passphrase from exported subkeys export-clean remove unusable parts from key during export export-minimal remove as much as possible from key during export Thus you want something like: $ gpg --export-options export-minimal --export 0x12345678 Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From sbly585 at me.com Thu Jul 17 21:48:32 2008 From: sbly585 at me.com (Scott Blystone) Date: Thu, 17 Jul 2008 15:48:32 -0400 Subject: GPG Command Line Question In-Reply-To: <487F9A7D.1020108@tx.rr.com> References: <3069F70D-EB25-4B8B-BDF3-A2B73F229D08@me.com> <487F9A7D.1020108@tx.rr.com> Message-ID: <59474314-2FBB-4454-A50E-8A5CAF63E44D@me.com> Thanks to all. Some of these commands can be wickedly difficult! On Jul 17, 2008, at 3:16 PM, John Clizbe wrote: > Scott Blystone wrote: >> I have what I think is a fairly simple GPG question, but the answer >> seems to be alluding me no matter how much I go over the >> documentation. I want to export a public key from the command line >> but >> in minimal format with everything except the self-signatures removed. >> In reading the docs it looks as if "gpg --export-minimal ..." should >> work, but I keep getting invalid command messages. What is the proper >> syntax, please? > > gpg --export-options export-minimal --export 0xdecafbad > > -- > John P. Clizbe Inet: John (a) Mozilla- > Enigmail.org > You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or > mailto:pgp-public-keys at gingerbear.net?subject=HELP > > Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" > A:"An odd melody / island voices on the winds / surplus of vowels" > From gonzalob at gonz0.com.ar Thu Jul 17 21:22:42 2008 From: gonzalob at gonz0.com.ar (Gonzalo =?ISO-8859-1?Q?Berm=FAdez?=) Date: Thu, 17 Jul 2008 16:22:42 -0300 Subject: GPG Command Line Question In-Reply-To: <3069F70D-EB25-4B8B-BDF3-A2B73F229D08@me.com> References: <3069F70D-EB25-4B8B-BDF3-A2B73F229D08@me.com> Message-ID: <1216322562.3895.5.camel@gonzalo.b.home.local> What you seem to be trying to execute is gpg --export-options export-minimal isn't it? That should work, I used it today, on GnuPG 1.4.9 On Thu, 2008-07-17 at 13:23 -0400, Scott Blystone wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > All, > > I have what I think is a fairly simple GPG question, but the answer > seems to be alluding me no matter how much I go over the > documentation. I want to export a public key from the command line but > in minimal format with everything except the self-signatures removed. > In reading the docs it looks as if "gpg --export-minimal ..." should > work, but I keep getting invalid command messages. What is the proper > syntax, please? > > - -- > Scott Blystone > Rochester, NY > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (Darwin) > Comment: GSWoT:US61 Gossamer Spider Web of Trust www.gswot.org > Comment: Scott Blystone Rochester, NY sab at gswot.org > Comment: Public key available at subkeys.pgp.net > > iEYEARECAAYFAkh/gB4ACgkQ8YNOqw3ZUkF/9gCeNTU2q4F06LOdktI7vYL36RfU > IfMAnixPTxze5vp0CefDrWn1KsfupTgH > =Od3S > -----END PGP SIGNATURE----- > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Gonzalo Berm?dez http://www.gonz0.com.ar/ | ?gonzalob at gonz0.com.ar | PGP: 0xE2FC4825 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 339 bytes Desc: This is a digitally signed message part URL: From gnupg.mdmph at gmail.com Tue Jul 15 23:19:57 2008 From: gnupg.mdmph at gmail.com (GNU MD) Date: Tue, 15 Jul 2008 17:19:57 -0400 Subject: Portable GNUPG/GNUPG4WIN Message-ID: <330519960807151419t2de362d7kec233c2acb3fa2e7@mail.gmail.com> I was wondering if there was (updated) work on a USB version of a portable GNUPG that could work on any windows computer (regardless of the administrator rights that may limit user's installing software) and perhaps also on any GNU/LINUX PC? I go between many different computers including my own WINXP and GNU/LINUX boxes and many at work. I would like to be able to bring my keys and GNUPG4WIN (for the work computers that are WINXP) with me to encrypt and decrypt to anyone on my key manager (which I would also like to be portable). I prefer using GNU/LINUX but on WINXP I have become fairly comfortable with the WINPT interface. Although on my own computer I can't seem to encrypt files with GPGEE properly. Thank you, -scm 0x1036DFBA From wk at gnupg.org Thu Jul 17 23:24:12 2008 From: wk at gnupg.org (Werner Koch) Date: Thu, 17 Jul 2008 23:24:12 +0200 Subject: [admin] What is top posting, and why should you avoid it? In-Reply-To: <1216322562.3895.5.camel@gonzalo.b.home.local> ("Gonzalo =?utf-8?Q?Berm=C3=BAdez=22's?= message of "Thu, 17 Jul 2008 16:22:42 -0300") References: <3069F70D-EB25-4B8B-BDF3-A2B73F229D08@me.com> <1216322562.3895.5.camel@gonzalo.b.home.local> Message-ID: <873am8nr0j.fsf_-_@wheatstone.g10code.de> A3: Please. Q3: Should I avoid top posting on this mailing list? A2: Because, by reversing the order of a conversation, it leaves the reader without much context, and makes them read a message in an unnatural order. Q2: Why is top posting irritating? A1: It is the practice of putting your reply to a message before the quoted message, instead of after the (trimmed) message. Q1: What is top posting? -- [by Perry E. Metzger] From JPClizbe at tx.rr.com Thu Jul 17 23:39:51 2008 From: JPClizbe at tx.rr.com (John Clizbe) Date: Thu, 17 Jul 2008 16:39:51 -0500 Subject: [admin] What is top posting, and why should you avoid it? In-Reply-To: <873am8nr0j.fsf_-_@wheatstone.g10code.de> References: <3069F70D-EB25-4B8B-BDF3-A2B73F229D08@me.com> <1216322562.3895.5.camel@gonzalo.b.home.local> <873am8nr0j.fsf_-_@wheatstone.g10code.de> Message-ID: <487FBC27.4040602@tx.rr.com> A4: Yes, *only* when introducing the text of a forwarded message Q4: Is it ever OK to top post? Werner Koch wrote: > A3: Please. > Q3: Should I avoid top posting on this mailing list? > > A2: Because, by reversing the order of a conversation, it leaves the > reader without much context, and makes them read a message in an > unnatural order. > Q2: Why is top posting irritating? > > A1: It is the practice of putting your reply to a message before the > quoted message, instead of after the (trimmed) message. > Q1: What is top posting? Sorry, Werner. Couldn't resist the temptation. Best, John -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 656 bytes Desc: OpenPGP digital signature URL: From jh at jameshoward.us Thu Jul 17 23:46:30 2008 From: jh at jameshoward.us (James P. Howard, II) Date: Thu, 17 Jul 2008 17:46:30 -0400 Subject: [admin] What is top posting, and why should you avoid it? In-Reply-To: <487FBC27.4040602@tx.rr.com> References: <3069F70D-EB25-4B8B-BDF3-A2B73F229D08@me.com> <1216322562.3895.5.camel@gonzalo.b.home.local> <873am8nr0j.fsf_-_@wheatstone.g10code.de> <487FBC27.4040602@tx.rr.com> Message-ID: <88a2333a0807171446g48c7a04dt52354330a4865516@mail.gmail.com> A minor vent: the problem now is the proliferation of mobile devices which make it too difficult to not top post. Users, at this point, are fooled into thinking this is the correct form due to the lack of a practical alternative. Sent from my BlackBerry... James On 7/17/08, John Clizbe wrote: > A4: Yes, *only* when introducing the text of a forwarded message > Q4: Is it ever OK to top post? > > Werner Koch wrote: >> A3: Please. >> Q3: Should I avoid top posting on this mailing list? >> >> A2: Because, by reversing the order of a conversation, it leaves the >> reader without much context, and makes them read a message in an >> unnatural order. >> Q2: Why is top posting irritating? >> >> A1: It is the practice of putting your reply to a message before the >> quoted message, instead of after the (trimmed) message. >> Q1: What is top posting? > > Sorry, Werner. Couldn't resist the temptation. > > Best, > > John > > -- > John P. Clizbe Inet: John (a) Mozilla-Enigmail.org > You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or > mailto:pgp-public-keys at gingerbear.net?subject=HELP > > Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" > A:"An odd melody / island voices on the winds / surplus of vowels" > > -- James P. Howard, II jh at jameshoward.us http://jameshoward.us From yochanon at localnet.com Fri Jul 18 03:53:36 2008 From: yochanon at localnet.com (John B) Date: Thu, 17 Jul 2008 20:53:36 -0500 Subject: [admin] What is top posting, and why should you avoid it? In-Reply-To: <487FBC27.4040602@tx.rr.com> References: <3069F70D-EB25-4B8B-BDF3-A2B73F229D08@me.com> <873am8nr0j.fsf_-_@wheatstone.g10code.de> <487FBC27.4040602@tx.rr.com> Message-ID: <200807172053.36334.yochanon@localnet.com> On 17 July 08, John Clizbe wrote: > A4: Yes, *only* when introducing the text of a forwarded message > Q4: Is it ever OK to top post? A: Wrong, it's *never* correct, it leads only to someone, *again*, trying to argue that somehow it's okay, and still discombobulates everything. If they don't do it writing letters or in books, it shouldn't be anywhere else. It isn't even done in Hebrew. -- When you remove the people's right to bear arms, you create slaves. From yochanon at localnet.com Fri Jul 18 03:50:52 2008 From: yochanon at localnet.com (John B) Date: Thu, 17 Jul 2008 20:50:52 -0500 Subject: [admin] What is top posting, and why should you avoid it? In-Reply-To: <88a2333a0807171446g48c7a04dt52354330a4865516@mail.gmail.com> References: <3069F70D-EB25-4B8B-BDF3-A2B73F229D08@me.com> <487FBC27.4040602@tx.rr.com> <88a2333a0807171446g48c7a04dt52354330a4865516@mail.gmail.com> Message-ID: <200807172050.52853.yochanon@localnet.com> On 17 July 08, James P. Howard, II wrote: > A minor vent: the problem now is the proliferation of mobile devices > which make it too difficult to not top post. Users, at this point, > are fooled into thinking this is the correct form due to the lack of a > practical alternative. > > Sent from my BlackBerry... > James Throw it away and get one that does things correctly? -- "Democracy cannot survive overpopulation... The more people there are the less one individual matters." Isaac Asimov From bahamutzero8825 at gmail.com Fri Jul 18 04:01:12 2008 From: bahamutzero8825 at gmail.com (Andrew Berg) Date: Thu, 17 Jul 2008 21:01:12 -0500 Subject: [admin] What is top posting, and why should you avoid it? In-Reply-To: <88a2333a0807171446g48c7a04dt52354330a4865516@mail.gmail.com> References: <3069F70D-EB25-4B8B-BDF3-A2B73F229D08@me.com> <1216322562.3895.5.camel@gonzalo.b.home.local> <873am8nr0j.fsf_-_@wheatstone.g10code.de> <487FBC27.4040602@tx.rr.com> <88a2333a0807171446g48c7a04dt52354330a4865516@mail.gmail.com> Message-ID: <487FF968.9040806@gmail.com> James P. Howard, II wrote: > A minor vent: the problem now is the proliferation of mobile devices > which make it too difficult to not top post. Users, at this point, > are fooled into thinking this is the correct form due to the lack of a > practical alternative. I think top-posting is common historically because MS Outlook positions the cursor at the beginning of a message by default. Mobile devices with email programs that do this as well (combined with the fact that line navigation is a bit harder on mobile devices) is certainly making the problem worse. -- Key ID: 0xF88E034060A78FCB Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB Windows NT 6.0.6001.18000 | GPG 1.4.9 | Thunderbird 2.0.0.14 | Enigmail 0.95.6 From jelledejong at powercraft.nl Fri Jul 18 09:33:38 2008 From: jelledejong at powercraft.nl (Jelle de Jong) Date: Fri, 18 Jul 2008 09:33:38 +0200 Subject: debug-ccid-cardreader In-Reply-To: <487F44B9.4030900@powercraft.nl> References: <4879C627.7030707@powercraft.nl> <487F44B9.4030900@powercraft.nl> Message-ID: <48804752.9060303@powercraft.nl> Jelle de Jong wrote: > Jelle de Jong wrote: >> This message contains the following attachment(s): >> debug-ccid-cardreader.txt >> >> Hello everybody, >> >> Thank you for all your work on gnupg. I got a few issues with my >> smartcard system, it does not work anymore. >> >> I attached some debug info. >> >> Hopefully somebody can help me. >> >> Thanks in advance, >> >> Jelle >> > > http://filebin.ca/eyrxrq/smarcard-debug.txt > > I am 100% sure the PIN is correct, I had the same problem a few months > ago could not solve it. I tried again this week, and it was working fine > again, and the next day the same problem again... > > I don't now what is wrong but i need to sign a package but cant do it > anymore... somebody that ca help me? What the is wrong with my card reader? > > Thank in advance, > > Jelle > Does anybody uses a smartcard reader? I am using a ID 04e6:5115 SCM Microsystems, Inc. SCR335 SmartCard Reader On debian sid, is something special required to get the device working? like custom udev rules? or special local settings? I would really like to get the device working again... Does somebody else encountered the above problem before? Thanks in advance, Jelle -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: smarcard-debug-usb.txt URL: From kurtc1972 at gmail.com Fri Jul 18 09:35:54 2008 From: kurtc1972 at gmail.com (kurt c) Date: Fri, 18 Jul 2008 00:35:54 -0700 Subject: question about hkp protocol In-Reply-To: <487ED0B6.2070506@tx.rr.com> References: <7a26d9ab0807142259x6b6d7187x5185ff834ddc03b9@mail.gmail.com> <487CF2BC.8060604@tx.rr.com> <487D62EE.2070903@gmail.com> <487DAD8F.3080702@tx.rr.com> <487EC3A7.5030706@gmail.com> <487ED0B6.2070506@tx.rr.com> Message-ID: <488047DA.6080701@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John Clizbe wrote: > kurt c wrote: >> "sending of keys failed >> gpgkeys: this keyserver type only supports key retrieval >> gpg: sending key -------- to hkp server keyserver.pramberger.at > > There is ABSOLUTELY NO security benefit to hiding the key ID. It only makes > those trying to help you have a more difficult task. You signed an earlier > message, anyone can get the key ID from that, 0x8E758D5F. > >> gpg: keyserver communications error: file read error >> gpg: keyserver send failed: file read error" >> >> This happened with every keyserver I chose, so I don't think it is a >> problem with keyserver, but with me. What exactly am I missing here? Do >> you know? > > I know from the message you signed that you're running GnuPG 1.4.7. > Are you by chance running Windows Vista? > > I so, you need to upgrade GnuPG to version 1.4.9. There's a bug in keyserver > access for which the fix was committed a couple weeks after 1.4.7's release. > 1.4.8 has a security issue fixed in 1.4.9. You may get the installer at > > ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.9.exe > >> And when I opened up my command prompt and typed in the command you >> suggested, I got the reply that "pgp is not a valid internal or external > ^^^ > You typed pgp. The command is gpg. I even edited it for your keyID. > Copy and paste the exact command > > gpg --keyserver keyserver.gingerbear.net --send-key 0x8E758D5F > > If gpg is not found on your path, it will be necessary to change to the > directory where you installed GnuPG, usually C:\Program Files\Gnu\GnuPG > >> command". Is there some configuration of environment variable or >> something like that which I need to do beforehand? > Hi John, I really want to thank you for all your thorough explanations. Yes, I did upgrade, and I have successfully sent in my public key to keyservers using OpenPGP key management in my Enigmail, although I still couldn't export the key to keyservers using my gpg4win GPA (getting the same message: "no plugin available for this protocol") -- but you don't care about the GPA -- nor using the command line. I really don't know why. If someone else can explain why the latter two mechanisms don't work, please do. Thanks. Thank you John for your patience with my beginner frustration. (And I wasn't trying to hide my keyID, but just too lazy to type it.) Lawrence -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiAR9oACgkQE7PX/Y51jV9GaQCgmw3oEonPDC3htZg2USCNGttB LpEAoJHwgNS3qKW3ZrO24RT81sOyloBa =C/nw -----END PGP SIGNATURE----- From wk at gnupg.org Fri Jul 18 09:54:11 2008 From: wk at gnupg.org (Werner Koch) Date: Fri, 18 Jul 2008 09:54:11 +0200 Subject: debug-ccid-cardreader In-Reply-To: <487F44B9.4030900@powercraft.nl> (Jelle de Jong's message of "Thu, 17 Jul 2008 15:10:17 +0200") References: <4879C627.7030707@powercraft.nl> <487F44B9.4030900@powercraft.nl> Message-ID: <8763r3mxuk.fsf@wheatstone.g10code.de> On Thu, 17 Jul 2008 15:10, jelledejong at powercraft.nl said: > PIN retry counter : 3 0 3 > > gpg: verify CHV2 failed: invalid passphrase Somehow the second PIN got out of sync. gpg tries to sync the first 2 PINs but that fails because the retry counter is down to zero and thus the second PIN is blocked. You need to unblock the PIN using "gpg --card-edit", "admin", "passwd". This will set a new PIN and thus reset all retry counters. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From kurtc1972 at gmail.com Fri Jul 18 09:55:38 2008 From: kurtc1972 at gmail.com (kurt c) Date: Fri, 18 Jul 2008 00:55:38 -0700 Subject: question about hkp protocol In-Reply-To: <487ED0B6.2070506@tx.rr.com> References: <7a26d9ab0807142259x6b6d7187x5185ff834ddc03b9@mail.gmail.com> <487CF2BC.8060604@tx.rr.com> <487D62EE.2070903@gmail.com> <487DAD8F.3080702@tx.rr.com> <487EC3A7.5030706@gmail.com> <487ED0B6.2070506@tx.rr.com> Message-ID: <48804C7A.3010506@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John Clizbe wrote: > kurt c wrote: >> "sending of keys failed >> gpgkeys: this keyserver type only supports key retrieval >> gpg: sending key -------- to hkp server keyserver.pramberger.at > > There is ABSOLUTELY NO security benefit to hiding the key ID. It only makes > those trying to help you have a more difficult task. You signed an earlier > message, anyone can get the key ID from that, 0x8E758D5F. > >> gpg: keyserver communications error: file read error >> gpg: keyserver send failed: file read error" >> >> This happened with every keyserver I chose, so I don't think it is a >> problem with keyserver, but with me. What exactly am I missing here? Do >> you know? > > I know from the message you signed that you're running GnuPG 1.4.7. > Are you by chance running Windows Vista? > > I so, you need to upgrade GnuPG to version 1.4.9. There's a bug in keyserver > access for which the fix was committed a couple weeks after 1.4.7's release. > 1.4.8 has a security issue fixed in 1.4.9. You may get the installer at > > ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.9.exe > >> And when I opened up my command prompt and typed in the command you >> suggested, I got the reply that "pgp is not a valid internal or external > ^^^ > You typed pgp. The command is gpg. I even edited it for your keyID. > Copy and paste the exact command > > gpg --keyserver keyserver.gingerbear.net --send-key 0x8E758D5F > > If gpg is not found on your path, it will be necessary to change to the > directory where you installed GnuPG, usually C:\Program Files\Gnu\GnuPG > >> command". Is there some configuration of environment variable or >> something like that which I need to do beforehand? > Sorry. On my most recent try I did succeed in sending the key through the command line as John suggested. Never mind. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiATHoACgkQE7PX/Y51jV9wSQCgqV5sj9+dMaeHdQ5cJoTH8FjR it0AoItOVKK4U9/dKORM8mHCZc8fVoej =G0Gk -----END PGP SIGNATURE----- From jelledejong at powercraft.nl Fri Jul 18 10:08:14 2008 From: jelledejong at powercraft.nl (Jelle de Jong) Date: Fri, 18 Jul 2008 10:08:14 +0200 Subject: debug-ccid-cardreader In-Reply-To: <8763r3mxuk.fsf@wheatstone.g10code.de> References: <4879C627.7030707@powercraft.nl> <487F44B9.4030900@powercraft.nl> <8763r3mxuk.fsf@wheatstone.g10code.de> Message-ID: <48804F6E.2090605@powercraft.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Werner Koch wrote: | On Thu, 17 Jul 2008 15:10, jelledejong at powercraft.nl said: | |> PIN retry counter : 3 0 3 |> |> gpg: verify CHV2 failed: invalid passphrase | | Somehow the second PIN got out of sync. gpg tries to sync the first 2 | PINs but that fails because the retry counter is down to zero and thus | the second PIN is blocked. | | You need to unblock the PIN using "gpg --card-edit", "admin", "passwd". | This will set a new PIN and thus reset all retry counters. | | Shalom-Salam, | | Werner | Thank you Werner for the information! I unblocked the pin no idea how it was blocked but it works again! Now i still got the question why i cant verify my emails with my the subkey system i have been using for years now did something change and what can i do about it without changing my key infrastructure? Kind regards, Jelle -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iJwEAQECAAYFAkiAT2wACgkQ1WclBW9j5Hl5tgQAhScapgHN9PM+rLnJkirY0J4t O9h2LEri+mO2cLHYelIghj1mBg9resaHIKjW5xxjqz5aMrunV3dyDPiNHx2laQQO tOUJwKKN/hQHQA3HAhCLVfJvW4D6GZ95bnlzYR0FjtKS2cN06U5VQ/mbefKVO7zK 5baKrvFtOlZWV5vJDow= =drvk -----END PGP SIGNATURE----- From JPClizbe at tx.rr.com Fri Jul 18 10:21:08 2008 From: JPClizbe at tx.rr.com (John Clizbe) Date: Fri, 18 Jul 2008 03:21:08 -0500 Subject: question about hkp protocol In-Reply-To: <488047DA.6080701@gmail.com> References: <7a26d9ab0807142259x6b6d7187x5185ff834ddc03b9@mail.gmail.com> <487CF2BC.8060604@tx.rr.com> <487D62EE.2070903@gmail.com> <487DAD8F.3080702@tx.rr.com> <487EC3A7.5030706@gmail.com> <487ED0B6.2070506@tx.rr.com> <488047DA.6080701@gmail.com> Message-ID: <48805274.1070206@tx.rr.com> kurt c wrote: > Hi John, I really want to thank you for all your thorough explanations. You're welcome. > Yes, I did upgrade, and I have successfully sent in my public key to > keyservers using OpenPGP key management in my Enigmail, although I still > couldn't export the key to keyservers using my gpg4win GPA (getting the > same message: "no plugin available for this protocol") -- but you don't > care about the GPA -- nor using the command line. I really don't know > why. If someone else can explain why the latter two mechanisms don't > work, please do. Thanks. I do pretty much everything not handled by Enigmail when clicking Send on the command line. Your command line problems probably were due to an out-of-date version of GnuPG on Vista. I'm not sure where you came up with the idea that I don't care about using the command line. In fact, I often have to lookup the GUI steps in Enigmail when answering questions. I didn't say I don't care about GPA, I said I don't care for its interface. The two statements are quite different > Thank you John for your patience with my beginner frustration. (And I > wasn't trying to hide my keyID, but just too lazy to type it.) gpg: Signature made 07/18/08 02:35:54 using DSA key ID 8E758D5F gpg: Good signature from "kurt c " Primary key fingerprint: B42E 3B59 E2E4 8ED9 B8CA CF8C 13B3 D7FD 8E75 8D5F You look to be working just fine. If you need any assistance with Enigmail, the best place is the Enigmail list at Enigmail at mozdev.org. You don't need to subscribe, but non-subscribers are moderated. Subscription details are at https://www.mozdev.org/mailman/listinfo/enigmail -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 656 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Fri Jul 18 10:27:14 2008 From: wk at gnupg.org (Werner Koch) Date: Fri, 18 Jul 2008 10:27:14 +0200 Subject: debug-ccid-cardreader In-Reply-To: <48804F6E.2090605@powercraft.nl> (Jelle de Jong's message of "Fri, 18 Jul 2008 10:08:14 +0200") References: <4879C627.7030707@powercraft.nl> <487F44B9.4030900@powercraft.nl> <8763r3mxuk.fsf@wheatstone.g10code.de> <48804F6E.2090605@powercraft.nl> Message-ID: <87sku7lhr1.fsf@wheatstone.g10code.de> On Fri, 18 Jul 2008 10:08, jelledejong at powercraft.nl said: > Now i still got the question why i cant verify my emails with my the > subkey system i have been using for years now did something change and > what can i do about it without changing my key infrastructure? The only change we did in 1.4.8 is * By default (i.e. --gnupg mode), --require-cross-certification is now on. --rfc2440-text and --force-v3-sigs are now off. Gpg will tell you if there is no cross certifciation and point you to an URL explaining it. In case the new defaults from RFC4880 are the problem you may try to use the option --no-rfc2440-text; however the actual problem is then in your MUA. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From jelledejong at powercraft.nl Fri Jul 18 11:03:56 2008 From: jelledejong at powercraft.nl (Jelle de Jong) Date: Fri, 18 Jul 2008 11:03:56 +0200 Subject: debug-ccid-cardreader In-Reply-To: <87sku7lhr1.fsf@wheatstone.g10code.de> References: <4879C627.7030707@powercraft.nl> <487F44B9.4030900@powercraft.nl> <8763r3mxuk.fsf@wheatstone.g10code.de> <48804F6E.2090605@powercraft.nl> <87sku7lhr1.fsf@wheatstone.g10code.de> Message-ID: <48805C7C.6060009@powercraft.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Werner Koch wrote: | On Fri, 18 Jul 2008 10:08, jelledejong at powercraft.nl said: | |> Now i still got the question why i cant verify my emails with my the |> subkey system i have been using for years now did something change and |> what can i do about it without changing my key infrastructure? | | The only change we did in 1.4.8 is | | * By default (i.e. --gnupg mode), --require-cross-certification is | now on. --rfc2440-text and --force-v3-sigs are now off. | | Gpg will tell you if there is no cross certifciation and point you to an | URL explaining it. | | In case the new defaults from RFC4880 are the problem you may try to use | the option --no-rfc2440-text; however the actual problem is then in your | MUA. | | Salam-Shalom, | | Werner | So my previous message and this message where properly signed? Then my Enigmail MUA is buggy again... This is my MUA output: OpenPGP Security Info Unverified signature gpg command line and output: /usr/bin/gpg --charset utf8 --batch --no-tty --status-fd 2 -d gpg: armor header: Hash: SHA1 gpg: armor header: Version: GnuPG v1.4.9 (GNU/Linux) gpg: armor header: Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org gpg: original file name='' gpg: Signature made Fri Jul 18 10:08:12 2008 CEST using RSA key ID 6F63E479 gpg: using subkey 6F63E479 instead of primary key 78830E32 gpg: WARNING: signing subkey 6F63E479 is not cross-certified gpg: please see http://www.gnupg.org/faq/subkey-cross-certify.html for more information gpg: Can't check signature: general error I did check the url and tried some commands like: - -- -- gpg --edit-key 6F63E479 Command> cross-certify subkey E6AACFD6 does not sign and so does not need to be cross-certified subkey 75E0E5C2 does not sign and so does not need to be cross-certified gpg: detected reader `SCM SCR 335 00 00' gpg: reader slot 0: active protocol: T1 gpg: slot 0: ATR=3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1 gpg: AID: D2 76 00 01 24 01 01 01 00 01 00 00 06 AB 00 00 gpg: signatures created so far: 65 Please enter the PIN [sigs done: 65] gpg: RSA/SHA1 signature from: "6F63E479 Jelle de Jong " gpg: secret key parts are not available gpg: update_keysig_packet failed: general error - -- -- gpg --edit-key 78830E32 gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. gpg: using PGP trust model pub 1024D/78830E32 created: 2006-11-15 expires: never usage: SC ~ trust: ultimate validity: ultimate sub 2048g/E6AACFD6 created: 2006-11-15 expires: never usage: E sub 1024R/75E0E5C2 created: 2006-11-15 expires: never usage: A sub 1024R/6F63E479 created: 2006-11-15 expires: never usage: S sub 1024R/9E25896A created: 2006-11-15 expires: never usage: E [ultimate] (1). Jelle de Jong Command> cross-certify subkey E6AACFD6 does not sign and so does not need to be cross-certified subkey 75E0E5C2 does not sign and so does not need to be cross-certified gpg: detected reader `SCM SCR 335 00 00' gpg: reader slot 0: active protocol: T1 gpg: slot 0: ATR=3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1 gpg: AID: D2 76 00 01 24 01 01 01 00 01 00 00 06 AB 00 00 gpg: signatures created so far: 66 Please enter the PIN [sigs done: 66] gpg: RSA/SHA1 signature from: "6F63E479 Jelle de Jong " gpg: secret key parts are not available gpg: update_keysig_packet failed: general error - -- -- Does this mean i need to do some other things first? Sorry if i am not more familiar with the gnupg system, i am more a user then developer with the gnupg system... Thanks in advance, Jelle -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iJwEAQECAAYFAkiAXHoACgkQ1WclBW9j5HnSRgP+LPz7dDob1GtSpMzwCZpz6OCF V15LPcaHbfV94yCzVxaPydvOBI3RABs3WcYlEZ5wAf8Z4UmqXoF7MpWG+oThOX7v 99tdUD/t2Ia2r9o9tpkz1V3XNjxC7zJrr/QBkc2uhflqPs2eM8HOI1k4GyXpSNQW d63VjGkNWt1G+N2T1uc= =xjgg -----END PGP SIGNATURE----- From kurtc1972 at gmail.com Fri Jul 18 09:44:36 2008 From: kurtc1972 at gmail.com (kurt c) Date: Fri, 18 Jul 2008 00:44:36 -0700 Subject: question about hkp protocol In-Reply-To: <487ED0B6.2070506@tx.rr.com> References: <7a26d9ab0807142259x6b6d7187x5185ff834ddc03b9@mail.gmail.com> <487CF2BC.8060604@tx.rr.com> <487D62EE.2070903@gmail.com> <487DAD8F.3080702@tx.rr.com> <487EC3A7.5030706@gmail.com> <487ED0B6.2070506@tx.rr.com> Message-ID: <488049E4.4080402@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John Clizbe wrote: > kurt c wrote: >> "sending of keys failed >> gpgkeys: this keyserver type only supports key retrieval >> gpg: sending key -------- to hkp server keyserver.pramberger.at > > There is ABSOLUTELY NO security benefit to hiding the key ID. It only makes > those trying to help you have a more difficult task. You signed an earlier > message, anyone can get the key ID from that, 0x8E758D5F. > >> gpg: keyserver communications error: file read error >> gpg: keyserver send failed: file read error" >> >> This happened with every keyserver I chose, so I don't think it is a >> problem with keyserver, but with me. What exactly am I missing here? Do >> you know? > > I know from the message you signed that you're running GnuPG 1.4.7. > Are you by chance running Windows Vista? > > I so, you need to upgrade GnuPG to version 1.4.9. There's a bug in keyserver > access for which the fix was committed a couple weeks after 1.4.7's release. > 1.4.8 has a security issue fixed in 1.4.9. You may get the installer at > > ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.9.exe > >> And when I opened up my command prompt and typed in the command you >> suggested, I got the reply that "pgp is not a valid internal or external > ^^^ > You typed pgp. The command is gpg. I even edited it for your keyID. > Copy and paste the exact command > > gpg --keyserver keyserver.gingerbear.net --send-key 0x8E758D5F > > If gpg is not found on your path, it will be necessary to change to the > directory where you installed GnuPG, usually C:\Program Files\Gnu\GnuPG > >> command". Is there some configuration of environment variable or >> something like that which I need to do beforehand? > That I didn't succeed with exporting my key using command line earlier is not because I didn't put the dollar sign before gpg, right? what's the $ before "gpg for? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiASeQACgkQE7PX/Y51jV9gPACgmt3cGrzI02jnlRp1edTarJN1 jIAAoN6E4zBdnLxo/xKRjCM8tAbPMrbm =MNhh -----END PGP SIGNATURE----- From yalla at fsfe.org Fri Jul 18 12:06:35 2008 From: yalla at fsfe.org (Alexander W. Janssen) Date: Fri, 18 Jul 2008 12:06:35 +0200 Subject: [admin] What is top posting, and why should you avoid it? In-Reply-To: <487FF968.9040806@gmail.com> References: <3069F70D-EB25-4B8B-BDF3-A2B73F229D08@me.com> <1216322562.3895.5.camel@gonzalo.b.home.local> <873am8nr0j.fsf_-_@wheatstone.g10code.de> <487FBC27.4040602@tx.rr.com> <88a2333a0807171446g48c7a04dt52354330a4865516@mail.gmail.com> <487FF968.9040806@gmail.com> Message-ID: <48806B2B.5080702@fsfe.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andrew Berg wrote: > James P. Howard, II wrote: >> A minor vent: the problem now is the proliferation of mobile devices >> which make it too difficult to not top post. Users, at this point, >> are fooled into thinking this is the correct form due to the lack of a >> practical alternative. > I think top-posting is common historically because MS Outlook positions > the cursor at the beginning of a message by default. As for Outlook, I can recomment the Outlook quote-fixes: http://jump.to/outlook-quotefix YMMV though, but it's better than nothing. Alex. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iQCVAwUBSIBm+hYlVVSQ3uFxAQIrbQP/c7Q5cNikG9r5kyOUix5JcJBY4mmTHMuX bsEghNLI4iG5ocVtOkHLNW3V/PKm6B7m3MOJJrhoo7Wo6PuWLx80Y21IldgiHBqB H/5qlKSsRkQpW39CtPRy11YICAeZFBjgB3ROQ2uxrJckezl05H5ey0HCW2BBOo9/ y3mxU9njQvg= =wY8R -----END PGP SIGNATURE----- From dave.smith at st.com Fri Jul 18 14:17:58 2008 From: dave.smith at st.com (David SMITH) Date: Fri, 18 Jul 2008 13:17:58 +0100 Subject: --export/import-ownertrust Message-ID: <20080718121758.GU8214@bristol.st.com> Hi all, Could someone please explain what the --export/import-ownertrust commands actually do? I have a colleague who is basically using it to exchange key fingerprints - i.e. if Alice wants to tell her copy of GPG that Bob's key is valid, then she gets Bob to run gpg --export-ownertrust, send her the output file, and she then runs gpg --import-ownertrust on that file. I've searched on the net, but I can't find much about what the --export/import-ownertrust do, beyond what is in the manpage. What is actually stored in this exported ownertrust database? More importantly, I suspect that this is a bad thing to do. What problems does it cause? TIA... -- David Smith | Tel: +44 (0)1454 462380 Home: +44 (0)1454 616963 STMicroelectronics | Fax: +44 (0)1454 462305 Mobile: +44 (0)7932 642724 1000 Aztec West | TINA: 065 2380 GPG Key: 0xF13192F2 Almondsbury | Work Email: Dave.Smith at st.com BRISTOL, BS32 4SQ | Home Email: David.Smith at ds-electronics.co.uk From wk at gnupg.org Fri Jul 18 14:54:32 2008 From: wk at gnupg.org (Werner Koch) Date: Fri, 18 Jul 2008 14:54:32 +0200 Subject: debug-ccid-cardreader In-Reply-To: <48805C7C.6060009@powercraft.nl> (Jelle de Jong's message of "Fri, 18 Jul 2008 11:03:56 +0200") References: <4879C627.7030707@powercraft.nl> <487F44B9.4030900@powercraft.nl> <8763r3mxuk.fsf@wheatstone.g10code.de> <48804F6E.2090605@powercraft.nl> <87sku7lhr1.fsf@wheatstone.g10code.de> <48805C7C.6060009@powercraft.nl> Message-ID: <87bq0vjqt3.fsf@wheatstone.g10code.de> On Fri, 18 Jul 2008 11:03, jelledejong at powercraft.nl said: > So my previous message and this message where properly signed? Then my Yes: gpg: Signature made Fri Jul 18 11:00:05 2008 CEST using RSA key ID 6F63E479 gpg: WARNING: signing subkey 6F63E479 is not cross-certified gpg: please see http://www.gnupg.org/faq/subkey-cross-certify.html for more information gpg: please do a --check-trustdb gpg: Good signature from "Jelle de Jong " However, I had to use gpg --verify --no-require-cross-certification Thus I suggest that you do the backsig and upload the key again to the keyservers (best keys.gnupg.net) Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From jelledejong at powercraft.nl Fri Jul 18 15:09:07 2008 From: jelledejong at powercraft.nl (Jelle de Jong) Date: Fri, 18 Jul 2008 15:09:07 +0200 Subject: how can i backsig old keys with a smartcard system to solve the cross-certification workaround In-Reply-To: <87bq0vjqt3.fsf@wheatstone.g10code.de> References: <4879C627.7030707@powercraft.nl> <487F44B9.4030900@powercraft.nl> <8763r3mxuk.fsf@wheatstone.g10code.de> <48804F6E.2090605@powercraft.nl> <87sku7lhr1.fsf@wheatstone.g10code.de> <48805C7C.6060009@powercraft.nl> <87bq0vjqt3.fsf@wheatstone.g10code.de> Message-ID: <488095F3.2040605@powercraft.nl> Werner Koch wrote: > On Fri, 18 Jul 2008 11:03, jelledejong at powercraft.nl said: > >> So my previous message and this message where properly signed? Then my > > Yes: > > gpg: Signature made Fri Jul 18 11:00:05 2008 CEST using RSA key ID 6F63E479 > gpg: WARNING: signing subkey 6F63E479 is not cross-certified > gpg: please see http://www.gnupg.org/faq/subkey-cross-certify.html for more information > gpg: please do a --check-trustdb > gpg: Good signature from "Jelle de Jong " > > However, I had to use > > gpg --verify --no-require-cross-certification > > Thus I suggest that you do the backsig and upload the key again to the > keyservers (best keys.gnupg.net) > Thank you for taking the time to answer the message, If you mean by "backsig" try to follow the instruction on the suggested subkey-cross-certify.html page then i tried to do this (see previous message) I got the following error gpg: secret key parts are not available I tried searching the internet but found no solutions only this: https://bugs.g10code.com/gnupg/issue673 The question now is, how can i backsig my old keys with my smartcard system to solve the cross-certification workaround? Thanks in advance, Jelle From wk at gnupg.org Fri Jul 18 16:32:19 2008 From: wk at gnupg.org (Werner Koch) Date: Fri, 18 Jul 2008 16:32:19 +0200 Subject: how can i backsig old keys with a smartcard system to solve the cross-certification workaround In-Reply-To: <488095F3.2040605@powercraft.nl> (Jelle de Jong's message of "Fri, 18 Jul 2008 15:09:07 +0200") References: <4879C627.7030707@powercraft.nl> <487F44B9.4030900@powercraft.nl> <8763r3mxuk.fsf@wheatstone.g10code.de> <48804F6E.2090605@powercraft.nl> <87sku7lhr1.fsf@wheatstone.g10code.de> <48805C7C.6060009@powercraft.nl> <87bq0vjqt3.fsf@wheatstone.g10code.de> <488095F3.2040605@powercraft.nl> Message-ID: <874p6ni7po.fsf@wheatstone.g10code.de> On Fri, 18 Jul 2008 15:09, jelledejong at powercraft.nl said: > I tried searching the internet but found no solutions only this: > https://bugs.g10code.com/gnupg/issue673 Right, you hit this case. > The question now is, how can i backsig my old keys with my smartcard > system to solve the cross-certification workaround? You need to do this on a system where the real key is available. The error message indicates that the actual secret key is not available but replaced by a dummy stub (protection mode 1001). This has nothing to do with a smart card stub (protection mode 1002). Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wk at gnupg.org Fri Jul 18 19:50:23 2008 From: wk at gnupg.org (Werner Koch) Date: Fri, 18 Jul 2008 19:50:23 +0200 Subject: [Jelle de Jong] Re: how can i backsign old keys with a smartcard system Message-ID: <8763r3gjz4.fsf@wheatstone.g10code.de> [Jelle asked me to forward his mail] -------------- next part -------------- An embedded message was scrubbed... From: Jelle de Jong Subject: Re: how can i backsign old keys with a smartcard system Date: Fri, 18 Jul 2008 18:15:51 +0200 Size: 13856 URL: -------------- next part -------------- -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From jelledejong at powercraft.nl Fri Jul 18 20:03:54 2008 From: jelledejong at powercraft.nl (Jelle de Jong) Date: Fri, 18 Jul 2008 20:03:54 +0200 Subject: [Jelle de Jong] Re: how can i backsign old keys with a smartcard system In-Reply-To: <8763r3gjz4.fsf@wheatstone.g10code.de> References: <8763r3gjz4.fsf@wheatstone.g10code.de> Message-ID: <4880DB0A.1040802@powercraft.nl> Werner Koch wrote: > [Jelle asked me to forward his mail] thank you Werner (I had a little pebkac :-p) > > Subject: > Re: how can i backsign old keys with a smartcard system > From: > Jelle de Jong > Date: > Fri, 18 Jul 2008 18:15:51 +0200 > To: > Werner Koch > > To: > Werner Koch > > > Werner Koch wrote: >> On Fri, 18 Jul 2008 15:09, jelledejong at powercraft.nl said: >> >>> I tried searching the internet but found no solutions only this: >>> https://bugs.g10code.com/gnupg/issue673 >> >> Right, you hit this case. >> >>> The question now is, how can i backsig my old keys with my smartcard >>> system to solve the cross-certification workaround? >> >> You need to do this on a system where the real key is available. The >> error message indicates that the actual secret key is not available but >> replaced by a dummy stub (protection mode 1001). This has nothing to do >> with a smart card stub (protection mode 1002). >> >> >> Salam-Shalom, >> >> Werner > > Thanks you again for the good information. > > I imported my real security keys and did a cross-certify and uploaded > the keys to your preferred server. When will the key server sync? > > gpg --edit-key 6F63E479 > Command> cross-certify > Command> quit > gpg --keyserver keys.gnupg.net --send-keys 6F63E479 > > Because the keys are so imported, I ask a lot and experiment little I > hope this is a bid understandable. > > I removed my ~/.gnupg/ folder and restored my original key system and > notisched the cross-certify issue was back agian. Then I updated my keys > with Enigmail agianst the keys.gnupg.net server and this updated my keys > and the cross-certify issues was gone again. > > I would like to know how I should backup this new altered keys? What > keys are changed by the cross-certify command and how should I update my > orignal keys. > > I have two original files secring.gpg and pubring.gpg > > I hope you can help me, > > Thanks in advance, > > Jelle From kunalvshah+gnupgp at gmail.com Fri Jul 18 22:10:08 2008 From: kunalvshah+gnupgp at gmail.com (Kunal Shah) Date: Fri, 18 Jul 2008 16:10:08 -0400 Subject: Encrypting external harddrive in windows vista with GnuPG Message-ID: <9e0076140807181310i4a9d46a9s702410098d82c9ee@mail.gmail.com> Hi, I need to encrypt external hard drive in windows vista with GnuPG. is there any tool available to achieve that? Regards Kunal Shah From JPClizbe at tx.rr.com Sat Jul 19 01:06:35 2008 From: JPClizbe at tx.rr.com (John Clizbe) Date: Fri, 18 Jul 2008 18:06:35 -0500 Subject: Encrypting external harddrive in windows vista with GnuPG In-Reply-To: <9e0076140807181310i4a9d46a9s702410098d82c9ee@mail.gmail.com> References: <9e0076140807181310i4a9d46a9s702410098d82c9ee@mail.gmail.com> Message-ID: <488121FB.5040903@tx.rr.com> Kunal Shah wrote: > I need to encrypt external hard drive in windows vista with GnuPG. is > there any tool available to achieve that? GnuPG isn't the right tool. Look at something like TrueCrypt (Generic advice since you do not state which OS you need to support.) -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 656 bytes Desc: OpenPGP digital signature URL: From dshaw at jabberwocky.com Sat Jul 19 01:17:10 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Fri, 18 Jul 2008 19:17:10 -0400 Subject: Encrypting external harddrive in windows vista with GnuPG In-Reply-To: <9e0076140807181310i4a9d46a9s702410098d82c9ee@mail.gmail.com> References: <9e0076140807181310i4a9d46a9s702410098d82c9ee@mail.gmail.com> Message-ID: On Jul 18, 2008, at 4:10 PM, Kunal Shah wrote: > I need to encrypt external hard drive in windows vista with GnuPG. is > there any tool available to achieve that? Not with GnuPG. That's not what GnuPG does. There are, however, a number of tools to encrypt hard drives. I suggest you Google for "full disk encryption windows vista" and see what comes up. David From bahamutzero8825 at gmail.com Sat Jul 19 01:27:41 2008 From: bahamutzero8825 at gmail.com (Andrew Berg) Date: Fri, 18 Jul 2008 18:27:41 -0500 Subject: [admin] What is top posting, and why should you avoid it? In-Reply-To: <200807172053.36334.yochanon@localnet.com> References: <3069F70D-EB25-4B8B-BDF3-A2B73F229D08@me.com> <873am8nr0j.fsf_-_@wheatstone.g10code.de> <487FBC27.4040602@tx.rr.com> <200807172053.36334.yochanon@localnet.com> Message-ID: <488126ED.1030300@gmail.com> John B wrote: > On 17 July 08, John Clizbe wrote: > >> A4: Yes, *only* when introducing the text of a forwarded message >> Q4: Is it ever OK to top post? > > A: Wrong, it's *never* correct, it leads only to someone, *again*, trying to > argue that somehow it's okay, and still discombobulates everything. I disagree. An introduction does fit logically at the top, however such an introduction should be short. One does not need to read anything below to get context for an introduction; in fact, such an introduction may be there to put the rest of the message in context. On a side note, is there any reason I didn't see the last message I sent to the list? -- Key ID: 0xF88E034060A78FCB Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB Windows NT 6.0.6001.18000 | GPG 1.4.9 | Thunderbird 2.0.0.14 | Enigmail 0.95.6 From bahamutzero8825 at gmail.com Sat Jul 19 01:31:12 2008 From: bahamutzero8825 at gmail.com (Andrew Berg) Date: Fri, 18 Jul 2008 18:31:12 -0500 Subject: [admin] What is top posting, and why should you avoid it? In-Reply-To: <48806B2B.5080702@fsfe.org> References: <3069F70D-EB25-4B8B-BDF3-A2B73F229D08@me.com> <1216322562.3895.5.camel@gonzalo.b.home.local> <873am8nr0j.fsf_-_@wheatstone.g10code.de> <487FBC27.4040602@tx.rr.com> <88a2333a0807171446g48c7a04dt52354330a4865516@mail.gmail.com> <487FF968.9040806@gmail.com> <48806B2B.5080702@fsfe.org> Message-ID: <488127C0.10306@gmail.com> Alexander W. Janssen wrote: > Andrew Berg wrote: >> James P. Howard, II wrote: >>> A minor vent: the problem now is the proliferation of mobile devices >>> which make it too difficult to not top post. Users, at this point, >>> are fooled into thinking this is the correct form due to the lack of a >>> practical alternative. >> I think top-posting is common historically because MS Outlook positions >> the cursor at the beginning of a message by default. > > As for Outlook, I can recomment the Outlook quote-fixes: > http://jump.to/outlook-quotefix I know a couple people to whom I could recommend this. I use a good MUA myself, but they don't have too much of a choice (work computers). -- Key ID: 0xF88E034060A78FCB Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB Windows NT 6.0.6001.18000 | GPG 1.4.9 | Thunderbird 2.0.0.14 | Enigmail 0.95.6 From bahamutzero8825 at gmail.com Sat Jul 19 01:54:54 2008 From: bahamutzero8825 at gmail.com (Andrew Berg) Date: Fri, 18 Jul 2008 18:54:54 -0500 Subject: question about hkp protocol In-Reply-To: <488049E4.4080402@gmail.com> References: <7a26d9ab0807142259x6b6d7187x5185ff834ddc03b9@mail.gmail.com> <487CF2BC.8060604@tx.rr.com> <487D62EE.2070903@gmail.com> <487DAD8F.3080702@tx.rr.com> <487EC3A7.5030706@gmail.com> <487ED0B6.2070506@tx.rr.com> <488049E4.4080402@gmail.com> Message-ID: <48812D4E.1060101@gmail.com> kurt c wrote: > what's > the $ before "gpg for? It's part of the prompt string. $ is for a normal user, # for root (this is for Unix-like systems). Your headers indicate that you're using Windows (I have a nifty little extension for Thunderbird that scans headers for MUA information and displays the appropriate logo), so your prompt string will not likely have either. Anyway, don't worry about the $. -- Key ID: 0xF88E034060A78FCB Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB Windows NT 6.0.6001.18000 | GPG 1.4.9 | Thunderbird 2.0.0.14 | Enigmail 0.95.6 From yalla at fsfe.org Sat Jul 19 01:42:48 2008 From: yalla at fsfe.org (Alexander W. Janssen) Date: Sat, 19 Jul 2008 01:42:48 +0200 Subject: [admin] What is top posting, and why should you avoid it? In-Reply-To: <488126ED.1030300@gmail.com> References: <3069F70D-EB25-4B8B-BDF3-A2B73F229D08@me.com> <873am8nr0j.fsf_-_@wheatstone.g10code.de> <487FBC27.4040602@tx.rr.com> <200807172053.36334.yochanon@localnet.com> <488126ED.1030300@gmail.com> Message-ID: <48812A78.4030305@fsfe.org> Andrew Berg wrote: > On a side note, is there any reason I didn't see the last message I sent > to the list? You're using Gmail... And probably IMAP? Common problem. Google calls it a "feature". You need to open the "All Mail" folder instead of the inbox. Cheers, Alex. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 305 bytes Desc: OpenPGP digital signature URL: From bahamutzero8825 at gmail.com Sat Jul 19 03:56:33 2008 From: bahamutzero8825 at gmail.com (Andrew Berg) Date: Fri, 18 Jul 2008 20:56:33 -0500 Subject: [admin] What is top posting, and why should you avoid it? In-Reply-To: <48812A78.4030305@fsfe.org> References: <3069F70D-EB25-4B8B-BDF3-A2B73F229D08@me.com> <873am8nr0j.fsf_-_@wheatstone.g10code.de> <487FBC27.4040602@tx.rr.com> <200807172053.36334.yochanon@localnet.com> <488126ED.1030300@gmail.com> <48812A78.4030305@fsfe.org> Message-ID: <488149D1.9090004@gmail.com> Alexander W. Janssen wrote: > Andrew Berg wrote: >> On a side note, is there any reason I didn't see the last message I sent >> to the list? > > You're using Gmail... And probably IMAP? Common problem. Google calls it > a "feature". You need to open the "All Mail" folder instead of the inbox. I'm using POP3 (IMAP wants me to be connected to the internet when I read my mail. It also wanted to have the same messages in the Inbox folder as well as the All Mail folder. How silly. Anyway, I don't have an "All Mail" folder (probably because I'm not using IMAP). I even double-checked my preferences and I do have the list set to mail me my own messages. -- Key ID: 0xF88E034060A78FCB Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB Windows NT 6.0.6001.18000 | GPG 1.4.9 | Thunderbird 2.0.0.14 | Enigmail 0.95.6 From yalla at fsfe.org Sat Jul 19 04:13:30 2008 From: yalla at fsfe.org (Alexander W. Janssen) Date: Sat, 19 Jul 2008 04:13:30 +0200 Subject: [admin] What is top posting, and why should you avoid it? In-Reply-To: <488149D1.9090004@gmail.com> References: <3069F70D-EB25-4B8B-BDF3-A2B73F229D08@me.com> <873am8nr0j.fsf_-_@wheatstone.g10code.de> <487FBC27.4040602@tx.rr.com> <200807172053.36334.yochanon@localnet.com> <488126ED.1030300@gmail.com> <48812A78.4030305@fsfe.org> <488149D1.9090004@gmail.com> Message-ID: <48814DCA.50408@fsfe.org> Andrew Berg wrote: > Alexander W. Janssen wrote: >> Andrew Berg wrote: >>> On a side note, is there any reason I didn't see the last message >>> I sent to the list? >> >> You're using Gmail... And probably IMAP? Common problem. Google >> calls it a "feature". You need to open the "All Mail" folder >> instead of the inbox. > I'm using POP3 (IMAP wants me to be connected to the internet when I > read my mail. Naaa, not really. You can do that with IMAP too, in Thunderbird for example just do a right-click on the folder you want to have locally - go to the offline-tab and check the "Select this folder for offline use checkbox. Not a big deal. YMMV with other email-clients though. > It also wanted to have the same messages in the Inbox folder as well > as the All Mail folder. How silly. Yeah, Google makes a difference between Inbox and "All Mail". They have this enormous stupid claim: "Messages sent to mailing lists don't show in my inbox When you send a message to any mailing list you subscribe to, Gmail automatically skips your inbox and archives the message to save you time and prevent clutter. The message will appear in your inbox if someone responds to it or if there is an error delivering the message. If you'd like to view your message, you can find it in Sent Mail or All Mail." Oh yeah baby, how convenient... > Anyway, I don't have an "All Mail" folder (probably because I'm not > using IMAP) I don't know about POP3. But with IMAP you surely have that. > I even double-checked my preferences and I do have the list set to > mail me my own messages. Yeah. Though since you can also use IMAP for offline use if you tell your MUA to download the folders, it works just perfectly. Apart from the fact that Google's IMAP-servers have been quite sluggly the last couple of months... Hope that helps, Alex. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 305 bytes Desc: OpenPGP digital signature URL: From yalla at fsfe.org Sat Jul 19 04:19:47 2008 From: yalla at fsfe.org (Alexander W. Janssen) Date: Sat, 19 Jul 2008 04:19:47 +0200 Subject: [admin] What is top posting, and why should you avoid it? In-Reply-To: <200807172050.52853.yochanon@localnet.com> References: <3069F70D-EB25-4B8B-BDF3-A2B73F229D08@me.com> <487FBC27.4040602@tx.rr.com> <88a2333a0807171446g48c7a04dt52354330a4865516@mail.gmail.com> <200807172050.52853.yochanon@localnet.com> Message-ID: <48814F43.40906@fsfe.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John B wrote: > Throw it away and get one that does things correctly? Unfortunately many people are stuck with inconvenient solution where they have no influence in getting something better. Ha. Me and my Outlook at work. Bargh. Alex. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iQCVAwUBSIFPQBYlVVSQ3uFxAQKnGgQAt4JQAeVQ0Z6Dyq7JnTJOimD8Fydb27HY 2Qp/SvaKWTFSjc5FYVLBzjNzba754bg4Q2WYxbSiN3nlTGRchBUY7kHkAF1cnGZ0 Y73Zj2pfGe2QjepDTo5F6kZqejHx9UBR6n0z+SDizIkDS57x4tfoxmqs/fuVoaX2 mhJk2J282FA= =cZb3 -----END PGP SIGNATURE----- From kunalvshah+gnupgp at gmail.com Sat Jul 19 04:56:59 2008 From: kunalvshah+gnupgp at gmail.com (Kunal Shah) Date: Fri, 18 Jul 2008 22:56:59 -0400 Subject: Encrypting external harddrive in windows vista with GnuPG In-Reply-To: <488121FB.5040903@tx.rr.com> References: <9e0076140807181310i4a9d46a9s702410098d82c9ee@mail.gmail.com> <488121FB.5040903@tx.rr.com> Message-ID: <9e0076140807181956h76f348e7l82eba662ec85ea89@mail.gmail.com> Thanks. Will take a look. Actually I did specify which OS. I am talking about Windows Vista. 2008/7/18 John Clizbe : > Kunal Shah wrote: >> I need to encrypt external hard drive in windows vista with GnuPG. is >> there any tool available to achieve that? > > GnuPG isn't the right tool. Look at something like TrueCrypt > (Generic advice since you do not state which OS you need to support.) > > -- > John P. Clizbe Inet: John (a) Mozilla-Enigmail.org > You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or > mailto:pgp-public-keys at gingerbear.net?subject=HELP > > Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" > A:"An odd melody / island voices on the winds / surplus of vowels" > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > From kunalvshah+gnupgp at gmail.com Sat Jul 19 06:25:55 2008 From: kunalvshah+gnupgp at gmail.com (Kunal Shah) Date: Sat, 19 Jul 2008 00:25:55 -0400 Subject: Encrypting external harddrive in windows vista with GnuPG In-Reply-To: <488121FB.5040903@tx.rr.com> References: <9e0076140807181310i4a9d46a9s702410098d82c9ee@mail.gmail.com> <488121FB.5040903@tx.rr.com> Message-ID: <48816CD3.9010300@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John Clizbe wrote: | Kunal Shah wrote: |> I need to encrypt external hard drive in windows vista with GnuPG. is |> there any tool available to achieve that? | | GnuPG isn't the right tool. Look at something like TrueCrypt | (Generic advice since you do not state which OS you need to support.) As I said I am using windows vista. Isn't Windows vista doing the same thing by encrypting drive or folder? | | | | - ------------------------------------------------------------------------ | | _______________________________________________ | Gnupg-users mailing list | Gnupg-users at gnupg.org | http://lists.gnupg.org/mailman/listinfo/gnupg-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) iEYEARECAAYFAkiBbNIACgkQ8p8PasEjE4JFPwCcC93c0wvyEqhbPdRwB+C9F/81 RL4AnieLIpG9t/7It1xVkl/PJ5kHO4Am =5cUn -----END PGP SIGNATURE----- From yochanon at localnet.com Sat Jul 19 05:22:21 2008 From: yochanon at localnet.com (John B) Date: Fri, 18 Jul 2008 22:22:21 -0500 Subject: [admin] What is top posting, and why should you avoid it? In-Reply-To: <488126ED.1030300@gmail.com> References: <3069F70D-EB25-4B8B-BDF3-A2B73F229D08@me.com> <200807172053.36334.yochanon@localnet.com> <488126ED.1030300@gmail.com> Message-ID: <200807182222.21939.yochanon@localnet.com> On 18 July 08, Andrew Berg wrote: > John B wrote: > > On 17 July 08, John Clizbe wrote: > >> A4: Yes, *only* when introducing the text of a forwarded message > >> Q4: Is it ever OK to top post? > > > > A: Wrong, it's *never* correct, it leads only to someone, *again*, > > trying to argue that somehow it's okay, and still discombobulates > > everything. > > I disagree. An introduction does fit logically at the top, however such > an introduction should be short. One does not need to read anything > below to get context for an introduction; in fact, such an introduction > may be there to put the rest of the message in context. That's what the subject line is for. After that, it should be all reading as if one is reading a book and seeing things in the logical order and way people were taught to read and respond. > > > On a side note, is there any reason I didn't see the last message I sent > to the list? I can't help there, sorry. -- Bureaucracy: The organization to get things done that keeps things from getting done. - Aahz (from Myth Conceptions) From rjh at sixdemonbag.org Sat Jul 19 06:52:45 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 19 Jul 2008 00:52:45 -0400 Subject: [admin] What is top posting, and why should you avoid it? In-Reply-To: <200807182222.21939.yochanon@localnet.com> References: <3069F70D-EB25-4B8B-BDF3-A2B73F229D08@me.com> <200807172053.36334.yochanon@localnet.com> <488126ED.1030300@gmail.com> <200807182222.21939.yochanon@localnet.com> Message-ID: <4881731D.9000400@sixdemonbag.org> John B wrote: > That's what the subject line is for. After that, it should be all > reading as if one is reading a book and seeing things in the logical > order and way people were taught to read and respond. I don't know about you, but when I forward an academic paper on to a colleague, I write a Post-It note and slap it on the front, telling my colleague various important details about it. The normal reading order is thus "read the introductory Post-It note, then read the paper." Compare: "Paula -- this got thrown at IJCAI09's CFP but didn't make the cut. You should get in touch with the author; I think he might have solved the problem with different semantic parses between LL_k and LALR_k, and I know you've been beating your head against the wall with that. Don't circulate this paper, though, since technically everything's embargoed until '09." As opposed to the subject line, "Re: [Fwd: from IJCAI-09 CFP] thought you might be interested" ... which is already too long for a subject line. I shall continue to top post introductory material when forwarding relevant information, and eschew top posting all other times. From JPClizbe at tx.rr.com Sat Jul 19 07:57:35 2008 From: JPClizbe at tx.rr.com (John Clizbe) Date: Sat, 19 Jul 2008 00:57:35 -0500 Subject: Encrypting external harddrive in windows vista with GnuPG In-Reply-To: <48816CD3.9010300@gmail.com> References: <9e0076140807181310i4a9d46a9s702410098d82c9ee@mail.gmail.com> <488121FB.5040903@tx.rr.com> <48816CD3.9010300@gmail.com> Message-ID: <4881824F.20000@tx.rr.com> Kunal Shah wrote: > John Clizbe wrote: > | Kunal Shah wrote: > |> I need to encrypt external hard drive in windows vista with GnuPG. is > |> there any tool available to achieve that? > | > | GnuPG isn't the right tool. Look at something like TrueCrypt > | (Generic advice since you do not state which OS you need to support.) > As I said I am using windows vista. Yeah, caught that an OHNo-second after clicking send. Distracted by spousal "Dinner!" notification. Love LONG subject lines for hiding information. Guess I'm used to folks putting all required information in the body where it may be searched w/o having to depend on the subject header. > Isn't Windows vista doing the same thing by encrypting drive or folder? By 'same thing' I'll guess you mean 'encrypting.' Yeah, it's doing that. BUT... also consider: 1) Windows Encryption (EFS) is a 'black box'. 2) It is only usable on Windows systems Truecrypt is open source and works on Windows Vista/XP, Linux, and Mac OS. (see http://www.truecrypt.org/ ) PGP also offers whole disk encryption in their products. (http://www.pgp.com/ ) Most on this list would probably go for a FOSS solution. You need to pick the solution that's best for your situation. In my own case, I use PGP for Windows-only stuff and TrueCrypt for things that need to be portable. -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 656 bytes Desc: OpenPGP digital signature URL: From jelledejong at powercraft.nl Sat Jul 19 11:16:52 2008 From: jelledejong at powercraft.nl (Jelle de Jong) Date: Sat, 19 Jul 2008 11:16:52 +0200 Subject: how can i backsign old keys with a smartcard system In-Reply-To: <4880DB0A.1040802@powercraft.nl> References: <8763r3gjz4.fsf@wheatstone.g10code.de> <4880DB0A.1040802@powercraft.nl> Message-ID: <4881B104.4040800@powercraft.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jelle de Jong wrote: |> Werner Koch wrote: |>> On Fri, 18 Jul 2008 15:09, jelledejong at powercraft.nl said: |>> |>>> I tried searching the internet but found no solutions only this: |>>> https://bugs.g10code.com/gnupg/issue673 |>> |>> Right, you hit this case. |>> |>>> The question now is, how can i backsig my old keys with my smartcard |>>> system to solve the cross-certification workaround? |>> |>> You need to do this on a system where the real key is available. The |>> error message indicates that the actual secret key is not available but |>> replaced by a dummy stub (protection mode 1001). This has nothing to do |>> with a smart card stub (protection mode 1002). |>> |>> |>> Salam-Shalom, |>> |>> Werner |> |> Thanks you again for the good information. |> |> I imported my real security keys and did a cross-certify and uploaded |> the keys to your preferred server. When will the key server sync? |> |> gpg --edit-key 6F63E479 |> Command> cross-certify |> Command> quit |> gpg --keyserver keys.gnupg.net --send-keys 6F63E479 |> |> Because the keys are so imported, I ask a lot and experiment little I |> hope this is a bid understandable. |> |> I removed my ~/.gnupg/ folder and restored my original key system and |> notisched the cross-certify issue was back agian. Then I updated my |> keys with Enigmail agianst the keys.gnupg.net server and this updated |> my keys and the cross-certify issues was gone again. |> |> I would like to know how I should backup this new altered keys? What |> keys are changed by the cross-certify command and how should I update |> my orignal keys. |> |> I have two original files secring.gpg and pubring.gpg |> |> I hope you can help me, |> |> Thanks in advance, |> |> Jelle | Somebody that can help me a bid with the above questions? Thank you all, Best regards, Jelle ps (why does Enigmail but "|" before everything as I sign the message?) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iJwEAQECAAYFAkiBsQIACgkQ1WclBW9j5HkcYwQAlqqgtA2HrDLv0lu5YlyeV3y/ ptZjPDmhq06fgp4vxFsIIN8Xd5J8u1pPaEfnLcBwKDKV+Jll20LvsXkFPvTbxqEK UFDoVY+FGtOjLvtpRtX6qNSOv5omdrmamsu43Qrkz0n1mEjzfDIoJunPIUibHj0T ig/lRtpDdFk2sF2bfKU= =mcbF -----END PGP SIGNATURE----- From dave.smith at st.com Sat Jul 19 12:33:22 2008 From: dave.smith at st.com (David SMITH) Date: Sat, 19 Jul 2008 11:33:22 +0100 Subject: [admin] What is top posting, and why should you avoid it? In-Reply-To: <48814F43.40906@fsfe.org> References: <3069F70D-EB25-4B8B-BDF3-A2B73F229D08@me.com> <487FBC27.4040602@tx.rr.com> <88a2333a0807171446g48c7a04dt52354330a4865516@mail.gmail.com> <200807172050.52853.yochanon@localnet.com> <48814F43.40906@fsfe.org> Message-ID: <20080719103322.GW8214@bristol.st.com> On Sat, Jul 19, 2008 at 04:19:47AM +0200, Alexander W. Janssen wrote: > John B wrote: > > Throw it away and get one that does things correctly? > > Unfortunately many people are stuck with inconvenient solution where > they have no influence in getting something better. > > Ha. Me and my Outlook at work. Bargh. On that subject, and dragging things vaguely back to GnuPG... Does anyone know of a way to get M$ LookOut to support PGP/MIME properly (in particular, mails with attachments)? I'm fed up of having to re-send mails to colleagues because they can't read PGP/MIME. -- David Smith | Tel: +44 (0)1454 462380 Home: +44 (0)1454 616963 STMicroelectronics | Fax: +44 (0)1454 462305 Mobile: +44 (0)7932 642724 1000 Aztec West | TINA: 065 2380 GPG Key: 0xF13192F2 Almondsbury | Work Email: Dave.Smith at st.com BRISTOL, BS32 4SQ | Home Email: David.Smith at ds-electronics.co.uk From wk at gnupg.org Sat Jul 19 14:03:09 2008 From: wk at gnupg.org (Werner Koch) Date: Sat, 19 Jul 2008 14:03:09 +0200 Subject: [admin] What is top posting, and why should you avoid it? In-Reply-To: <20080719103322.GW8214@bristol.st.com> (David SMITH's message of "Sat, 19 Jul 2008 11:33:22 +0100") References: <3069F70D-EB25-4B8B-BDF3-A2B73F229D08@me.com> <487FBC27.4040602@tx.rr.com> <88a2333a0807171446g48c7a04dt52354330a4865516@mail.gmail.com> <200807172050.52853.yochanon@localnet.com> <48814F43.40906@fsfe.org> <20080719103322.GW8214@bristol.st.com> Message-ID: <87bq0uf5du.fsf@wheatstone.g10code.de> On Sat, 19 Jul 2008 12:33, dave.smith at st.com said: > Does anyone know of a way to get M$ LookOut to support PGP/MIME properly > (in particular, mails with attachments)? GpgOL (from gpg4win) does that. The version in 1.1.3 is a bit limited and probably has a couple of bugs. The beta version in 1.9.x is far better and displays the attachments in the usual way and concatenates all inline text parts. Inline images are not shown, though. That version also sends PGP/MIME. There are some drawbacks: A couple of minor bugs related to the fact that GpgOL creates extra hidden attachments and a bit more of storage needed. There is also a report that PGP/MIME sending does not work with Exchange 2007. Anyway, it is beta and I am working on it. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From yochanon at localnet.com Sat Jul 19 16:48:47 2008 From: yochanon at localnet.com (John B) Date: Sat, 19 Jul 2008 09:48:47 -0500 Subject: [admin] What is top posting, and why should you avoid it? In-Reply-To: <4881731D.9000400@sixdemonbag.org> References: <3069F70D-EB25-4B8B-BDF3-A2B73F229D08@me.com> <200807182222.21939.yochanon@localnet.com> <4881731D.9000400@sixdemonbag.org> Message-ID: <200807190948.47502.yochanon@localnet.com> On 18 July 08, Robert J. Hansen wrote: > John B wrote: > > That's what the subject line is for. After that, it should be all > > reading as if one is reading a book and seeing things in the logical > > order and way people were taught to read and respond. > > I don't know about you, but when I forward an academic paper on to a > colleague, I write a Post-It note and slap it on the front, telling my > colleague various important details about it. A 'Post It' note, on the outside of a paper, envelope, folder, what-have-you, is *not* the same as writing some introductory message *into* said paper. It doesn't interrupt the flow of said paper when the paper itself is being read, because the Post It note is removed or out of the way once its been looked at. Besides, as I said, that note serves as the 'subject line' to whatever it is that's going to be read. -- When you remove the people's right to bear arms, you create slaves. From kurtc1972 at gmail.com Sun Jul 20 07:04:08 2008 From: kurtc1972 at gmail.com (kurt c) Date: Sat, 19 Jul 2008 22:04:08 -0700 Subject: can't verify my own signature Message-ID: <4882C748.20106@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello. I'm puzzled here. I sent a signed email with my Enigmail to my other Gmail account, but some how when I tried to verify the signature by clicking on my Windows PT --> cliboard -> decrypt/verify, it said that the signature is bad. I certainly have my own public key on my key ring, why did it say that? Thanks -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiCx0cACgkQE7PX/Y51jV+KJgCguNurzqL7qoJiYqSh02EQGbvt ntQAoKEALho/HvUcox4jYB8EX1mTk5Va =JIzL -----END PGP SIGNATURE----- From John at Mozilla-Enigmail.org Sun Jul 20 14:22:03 2008 From: John at Mozilla-Enigmail.org (John Clizbe) Date: Sun, 20 Jul 2008 07:22:03 -0500 Subject: can't verify my own signature In-Reply-To: <4882C748.20106@gmail.com> References: <4882C748.20106@gmail.com> Message-ID: <48832DEB.2070002@Mozilla-Enigmail.org> kurt c wrote: > I'm puzzled here. I sent a signed email with my Enigmail to my other > Gmail account, but some how when I tried to verify the signature by > clicking on Windows PT --> clipboard -> decrypt/verify, it said that > the signature is bad. I certainly have my own public key on my key ring, "Having your public key" or not is a Red Herring. > why did it say that? Because the message you asked it to verify is not the *exact* message you sent. Welcome to the "Wonderful" world of webmail. If you're wanting to use OpenPGP with GMail, perhaps you should set up POP or IMAP access to the messages. Does your copy in the Sent folder verify? If you need any assistance with Enigmail, the _best_ place is the Enigmail list at Enigmail at mozdev.org. You don't need to subscribe, but non-subscribers are moderated to reduce SPAM. Subscription details are at https://www.mozdev.org/mailman/listinfo/enigmail -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 656 bytes Desc: OpenPGP digital signature URL: From faramir.cl at gmail.com Sun Jul 20 14:54:27 2008 From: faramir.cl at gmail.com (Faramir) Date: Sun, 20 Jul 2008 08:54:27 -0400 Subject: [admin] What is top posting, and why should you avoid it? In-Reply-To: <48812A78.4030305@fsfe.org> References: <3069F70D-EB25-4B8B-BDF3-A2B73F229D08@me.com> <873am8nr0j.fsf_-_@wheatstone.g10code.de> <487FBC27.4040602@tx.rr.com> <200807172053.36334.yochanon@localnet.com> <488126ED.1030300@gmail.com> <48812A78.4030305@fsfe.org> Message-ID: <48833583.1010108@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Alexander W. Janssen escribi?: > Andrew Berg wrote: >> On a side note, is there any reason I didn't see the last message I sent >> to the list? > > You're using Gmail... And probably IMAP? Common problem. Google calls it > a "feature". You need to open the "All Mail" folder instead of the inbox. It happens too with pop3... I hate that "feature"... well, it (gmail) had to have some disadvantage... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJIgzWDAAoJEMV4f6PvczxA8ioH/0I/KNC1nOCgDaF3QzQmy06Q Afm4g5TfLj4PPvFa1ceqE2RJ8whxOSv9IukqVerkyiL0Y8Sc+dCyOIcSG0R/5WCf 8aaYtxXJuX0ftlMjoMiOfVILVHl2jqZ3+DR5nYJ4PHKnDtfuUx4aNrA3sYUvWRKL 4ZSuVj7jxs4Irz+DsyM1pJ8pNzNVsDbQbiFZVxg6NrQXSN75J4VFzllDTn+juBpB q8j5gxF4Doiz4ciTo/8QSk2XkgBz2YqWjp2o3nXP52HTDb4JSAVGUBGuWRj95hu4 WwGdJ7iM23lbDaLfUSlE7bGMUrp03OzXqN9tjOiaeL+J4myRimMeAs9R8vnJWuI= =OSUN -----END PGP SIGNATURE----- From faramir.cl at gmail.com Sun Jul 20 15:05:40 2008 From: faramir.cl at gmail.com (Faramir) Date: Sun, 20 Jul 2008 09:05:40 -0400 Subject: [admin] What is top posting, and why should you avoid it? In-Reply-To: <48814DCA.50408@fsfe.org> References: <3069F70D-EB25-4B8B-BDF3-A2B73F229D08@me.com> <873am8nr0j.fsf_-_@wheatstone.g10code.de> <487FBC27.4040602@tx.rr.com> <200807172053.36334.yochanon@localnet.com> <488126ED.1030300@gmail.com> <48812A78.4030305@fsfe.org> <488149D1.9090004@gmail.com> <48814DCA.50408@fsfe.org> Message-ID: <48833824.1040107@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Alexander W. Janssen escribi?: >> It also wanted to have the same messages in the Inbox folder as well >> as the All Mail folder. How silly. > > Yeah, Google makes a difference between Inbox and "All Mail". They have > this enormous stupid claim: > > "Messages sent to mailing lists don't show in my inbox > When you send a message to any mailing list you subscribe to, Gmail > automatically skips your inbox and archives the message to save you time > and prevent clutter. The message will appear in your inbox if someone > responds to it or if there is an error delivering the message. If you'd > like to view your message, you can find it in Sent Mail or All Mail." > > Oh yeah baby, how convenient... Yes... they think 6 Gb of storage means there is no need to delete messages anymore... but a few plain text messages can clutter the inbox??? I wanted to tell them a few thing about that "feature", but I never found a way to send my opinion to gmail, instead of a user-based help list... other users are not likely to be able to do something about it... > >> Anyway, I don't have an "All Mail" folder (probably because I'm not >> using IMAP) > > I don't know about POP3. But with IMAP you surely have that. If you login to gmail through the browser, instead of using the mail client, you will see it... I don't know if using IMAP the folder is available too in the mail client... >> I even double-checked my preferences and I do have the list set to >> mail me my own messages. I think I did it too, but I still don't receive them... maybe I should check those settings again... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJIgzgkAAoJEMV4f6PvczxABQUH/irk9ZoXSAKTcIKcoR8Zj3Y0 AiyzmP+KKm6lwwOhwesRNtQ/UvEnzyxUUlsYPPz2syt/J4wk2aymDvTntaBxIJEw qPKdYQGmcBvUObo6mnqQOioubHDocl0Wj68UV36+aPDD7HCaudquw5VcaYL2utpw Ip6CMLvOHD6GPkT7cZku4qU017El0evfpGcla7DA43u3fOc7GvHxfvZLrm9WksDX NCWSGP0mOmKweAY5CmnD+bUo/wDbKl9ygDdsTUoZfm1U4EeHA4O/A3kjD0ybVcwz +HwkBQur+IuddxKJVrNtCVfg9KE18fiw1KOGEeJ+XEVFZCDGdtmqb37gESiYJRI= =7VWN -----END PGP SIGNATURE----- From faramir.cl at gmail.com Sun Jul 20 15:21:42 2008 From: faramir.cl at gmail.com (Faramir) Date: Sun, 20 Jul 2008 09:21:42 -0400 Subject: Encrypting external harddrive in windows vista with GnuPG In-Reply-To: <4881824F.20000@tx.rr.com> References: <9e0076140807181310i4a9d46a9s702410098d82c9ee@mail.gmail.com> <488121FB.5040903@tx.rr.com> <48816CD3.9010300@gmail.com> <4881824F.20000@tx.rr.com> Message-ID: <48833BE6.1090709@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 John Clizbe escribi?: > Kunal Shah wrote: >> John Clizbe wrote: >> | Kunal Shah wrote: >> |> I need to encrypt external hard drive in windows vista with GnuPG. is >> |> there any tool available to achieve that? ... > PGP also offers whole disk encryption in their products. (http://www.pgp.com/ ) Now I see why he asked about a way to do it with GnuPG, since pgp does it, and GnuPG is "the gnu alternative for pgp" (but I can't recall now where did I saw that description of gpg...). > Most on this list would probably go for a FOSS solution. You need to pick the > solution that's best for your situation. In my own case, I use PGP for > Windows-only stuff and TrueCrypt for things that need to be portable. I read some years ago (when windows XP was released) that there was some way to encrypt folders using windows... but if you had to reinstall windows, there was no way to recover the encrypted folders... at that time I didn't put attention, and now I just have the "don't trust windows encryption" feeling... Anyway, since Kunal Shah was talking about an external harddrive, I would vote for TrueCrypt... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJIgzvmAAoJEMV4f6PvczxA6wwH/1CmoHh5JzJ04h5SiUwkXzkd nx9cK/eXdASc7lk4Fljdp+sv25YJTWIWNNWx2aSahD2YOWpkXPpm6VYhmS3snNRn TXkIC3BLldOmskHwzWEOKVkafvsmivfQOCcQTcl5sup1HbOzAWNTIuZvVNPG61zx TrKmd9CBBEMmYSxrZdAMMjd0zkN7NLRTom79gnnTfSeTndVx3bMYBzgwuH4fhcW/ byftyLvzkEau7i/YlIcUo1GS5N9X3Y1zVSywP2KdvLlgUf567d5hkuu4+YGW/OCW PoauvAqU4hAo2SJx/kbbSRAD7YApFXpuNxkJ/r9P8dbCizbfjK9pJCBGwr/95Rw= =DUgX -----END PGP SIGNATURE----- From gnupg.mdmph at gmail.com Sun Jul 20 19:17:08 2008 From: gnupg.mdmph at gmail.com (GNU MD) Date: Sun, 20 Jul 2008 13:17:08 -0400 Subject: General Posting Questions Message-ID: <330519960807201017w323aa882sf9045ec7100720fa@mail.gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Being new, I realized I better learn the proper netiquette for sending and replying to the gnupg digest I received today. 1) Change the subject to the relevant post. This seems obvious, but gmail does not like to prompt for this, others may notice one must think to do this versus simply replying to the original message. I fell for this mistake already. My apologies. 2) Question - Do we include the entire digest or merely the part to which we are replying? It makes more sense to simply copy/paste the part we are responding to and using a new message with a new subject line. Please correct me if I am wrong. 3) Question - when submitting a new inquiry - what information and process is preferred. I will sign my posts with my key and also include my keyid. I presume it is acceptable to simply send a new message with a relevant subject line to the gnupg-users list. Please correct me if I am wrong. Thank you for your patience with me, I am eager to improve and wish to not offend or inconvenience others working together. In liberty, GNUMD/scm ID: 0x1036DFBA -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) - WinPT 1.2.0 iD8DBQFIg3L4AS9dxxA237oRAsF4AKCkVoaRtydYfIDfaHBrRYqgB4a2sQCgzm2n 4wfCMCEslff2kPZ4a7FlUOw= =IbCZ -----END PGP SIGNATURE----- From John.Groom at sanderson.com Fri Jul 18 12:22:17 2008 From: John.Groom at sanderson.com (John Groom) Date: Fri, 18 Jul 2008 11:22:17 +0100 Subject: API Message-ID: Good morning I would like to be able to access GNUpg programmatically via an API from a Visual Basic 6 program in order to encrypt/decrypt text. I have GPG4Win installed. Could someone point me in the right direction please. Regards John This email is from Sanderson Group plc or a subsidiary of Sanderson Group plc ('the company') and is for the personal use of the intended recipient(s). The email and any files transmitted with it are confidential to the intended recipient(s) and may be legally privileged or contain proprietary and private information. If you are not an intended recipient, you may not review, copy or distribute this message. If received in error, please notify the sender and delete the message from your system. Any views or opinions expressed in this email and any files transmitted with it are those of the author only and may not necessarily reflect the views of the company. Unless otherwise pre-agreed by exchange of hard copy documents signed by duly authorised representatives, contracts may not be concluded on behalf of the company by email. Please note that neither the company nor the sender accepts any responsibility for any viruses and it is your responsibility to scan the email and any attachments. All email received and sent by the company may be monitored to protect its business interests. Members of Sanderson Group plc: Sanderson Group plc: Registered in England, Registered No. 04968444 Sanderson Limited: Registered in England, Registered No. 03743507 Sanderson Multi-Channel Solutions Limited: Registered in England, Registered No. 05684599 Sanderson PCSL Limited: Registered in England, Registered No. 03112970 Sanderson Retail Systems Limited: Registered in England, Registered No. 01240790 Registered Office for all aforementioned companies: Sanderson House, Manor Road, Coventry, CV1 2GF Sanderson RBS Limited: Registered in England, Registered No. 3722018 Registered Office: 24-26 Vincent Avenue, Crowhill, Milton Keynes, MK8 0AB -------------- next part -------------- An HTML attachment was scrubbed... URL: From itz at buug.org Sun Jul 20 22:45:34 2008 From: itz at buug.org (Ian Zimmerman) Date: Sun, 20 Jul 2008 13:45:34 -0700 Subject: identical files -> non-identical encrypted files Message-ID: <87k5fgcmj5.fsf@matica.localdomain> I just noticed this today. I suppose this is completely obvious to most readers of the list and perhaps not something they want to be bothered with; apalogies if that's the case. I have a problem to solve :( itz at matica:~$ echo foo > foo itz at matica:~$ gpg-encrypt.sh foo foo1.gpg itz at matica:~$ gpg-encrypt.sh foo foo2.gpg itz at matica:~$ ls -l foo* -rw-r--r-- 1 itz itz 4 Jul 20 13:33 foo -rw-r--r-- 1 itz itz 904 Jul 20 13:33 foo1.gpg -rw-r--r-- 1 itz itz 904 Jul 20 13:33 foo2.gpg itz at matica:~$ cmp foo1.gpg foo2.gpg foo1.gpg foo2.gpg differ: char 84, line 4 itz at matica:~$ cat mirror/bin/gpg-encrypt.sh #! /bin/sh set -e if [ $# != 2 ]; then echo 'usage: gpg-encrypt.sh FILE DESTINATION' >&2 exit 2 fi file=$1 destination=$2 gpg --encrypt --recipient ABCD1234 --output $destination --armor --yes $file So I suppose gpg puts some salt probably based on timestamp in. Can this be disabled? Pretty please? -- Ian Zimmerman gpg public key: 1024D/C6FF61AD fingerprint: 66DC D68F 5C1B 4D71 2EE5 BD03 8A00 786C C6FF 61AD From John.Groom at sanderson.com Mon Jul 21 10:23:03 2008 From: John.Groom at sanderson.com (John Groom) Date: Mon, 21 Jul 2008 09:23:03 +0100 Subject: API Message-ID: Good morning I need to access gpg.exe from a VB6 application in order to decrypt some data. Is there an API available or does someone have some code for activating it via Shell. I can Shell it easily but have been unsuccessful in sending keystrokes to it. Any help will be appreciated. John This email is from Sanderson Group plc or a subsidiary of Sanderson Group plc ('the company') and is for the personal use of the intended recipient(s). The email and any files transmitted with it are confidential to the intended recipient(s) and may be legally privileged or contain proprietary and private information. If you are not an intended recipient, you may not review, copy or distribute this message. If received in error, please notify the sender and delete the message from your system. Any views or opinions expressed in this email and any files transmitted with it are those of the author only and may not necessarily reflect the views of the company. Unless otherwise pre-agreed by exchange of hard copy documents signed by duly authorised representatives, contracts may not be concluded on behalf of the company by email. Please note that neither the company nor the sender accepts any responsibility for any viruses and it is your responsibility to scan the email and any attachments. All email received and sent by the company may be monitored to protect its business interests. Members of Sanderson Group plc: Sanderson Group plc: Registered in England, Registered No. 04968444 Sanderson Limited: Registered in England, Registered No. 03743507 Sanderson Multi-Channel Solutions Limited: Registered in England, Registered No. 05684599 Sanderson PCSL Limited: Registered in England, Registered No. 03112970 Sanderson Retail Systems Limited: Registered in England, Registered No. 01240790 Registered Office for all aforementioned companies: Sanderson House, Manor Road, Coventry, CV1 2GF Sanderson RBS Limited: Registered in England, Registered No. 3722018 Registered Office: 24-26 Vincent Avenue, Crowhill, Milton Keynes, MK8 0AB -------------- next part -------------- An HTML attachment was scrubbed... URL: From John.Groom at sanderson.com Mon Jul 21 10:31:08 2008 From: John.Groom at sanderson.com (John Groom) Date: Mon, 21 Jul 2008 09:31:08 +0100 Subject: membership Message-ID: Good morning I have tried twice to add a topic to the list - both times I have received an email saying The reason it is being held: Post by non-member to a members-only list Here is a copy of my accepance email. Welcome to the Gnupg-users at gnupg.org mailing list! To post to this list, send your email to: gnupg-users at gnupg.org General information about the mailing list is at: http://lists.gnupg.org/mailman/listinfo/gnupg-users If you ever want to unsubscribe or change your options (eg, switch to or from digest mode, change your password, etc.), visit your subscription page at: http://lists.gnupg.org/mailman/options/gnupg-users/jgroom%40elucid.co.uk You can also make such adjustments via email by sending a message to: Gnupg-users-request at gnupg.org with the word `help' in the subject or body (don't include the quotes), and you will get back a message with instructions. You must know your password to change your options (including changing the password, itself) or to unsubscribe. It is: aaaaaa Normally, Mailman will remind you of your gnupg.org mailing list passwords once every month, although you can disable this if you prefer. This reminder will also include instructions on how to unsubscribe or change your account options. There is also a button on your options page that will email your current password to you. Please let me know what the problem is. John This email is from Sanderson Group plc or a subsidiary of Sanderson Group plc ('the company') and is for the personal use of the intended recipient(s). The email and any files transmitted with it are confidential to the intended recipient(s) and may be legally privileged or contain proprietary and private information. If you are not an intended recipient, you may not review, copy or distribute this message. If received in error, please notify the sender and delete the message from your system. Any views or opinions expressed in this email and any files transmitted with it are those of the author only and may not necessarily reflect the views of the company. Unless otherwise pre-agreed by exchange of hard copy documents signed by duly authorised representatives, contracts may not be concluded on behalf of the company by email. Please note that neither the company nor the sender accepts any responsibility for any viruses and it is your responsibility to scan the email and any attachments. All email received and sent by the company may be monitored to protect its business interests. Members of Sanderson Group plc: Sanderson Group plc: Registered in England, Registered No. 04968444 Sanderson Limited: Registered in England, Registered No. 03743507 Sanderson Multi-Channel Solutions Limited: Registered in England, Registered No. 05684599 Sanderson PCSL Limited: Registered in England, Registered No. 03112970 Sanderson Retail Systems Limited: Registered in England, Registered No. 01240790 Registered Office for all aforementioned companies: Sanderson House, Manor Road, Coventry, CV1 2GF Sanderson RBS Limited: Registered in England, Registered No. 3722018 Registered Office: 24-26 Vincent Avenue, Crowhill, Milton Keynes, MK8 0AB -------------- next part -------------- An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Tue Jul 22 00:22:23 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 21 Jul 2008 18:22:23 -0400 Subject: General Posting Questions In-Reply-To: <330519960807201017w323aa882sf9045ec7100720fa@mail.gmail.com> References: <330519960807201017w323aa882sf9045ec7100720fa@mail.gmail.com> Message-ID: <48850C1F.3010500@sixdemonbag.org> GNU MD wrote: > 2) Question - Do we include the entire digest or merely the part to > which we are replying? Please do _not_ quote the entire digest. Quote the part of the digest that's directly relevant to what you have to say; clearly identify whom it is you're quoting; and bottom-post as opposed to top-posting. > 3) Question - when submitting a new inquiry - what information and > process is preferred. A good rule of thumb is "if someone were to come to me with this question, what information would I ask for?" What information we will need depends on your particular query. For most questions, information about your GnuPG version and what OS you're running it on will suffice. > I presume it is acceptable to simply send a new message with a > relevant subject line to the gnupg-users list. This is perfectly acceptable, yes. :) From rjh at sixdemonbag.org Tue Jul 22 00:25:30 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 21 Jul 2008 18:25:30 -0400 Subject: identical files -> non-identical encrypted files In-Reply-To: <87k5fgcmj5.fsf@matica.localdomain> References: <87k5fgcmj5.fsf@matica.localdomain> Message-ID: <48850CDA.6020905@sixdemonbag.org> Ian Zimmerman wrote: > I have a problem to solve :( I fail to see the problem. > So I suppose gpg puts some salt probably based on timestamp in. Can > this be disabled? Pretty please? GnuPG uses a random session key to encrypt each message. That means the payload of each message will be totally different. This is good, solid crypto practice, and changing this behavior simply isn't going to happen. From dshaw at jabberwocky.com Tue Jul 22 00:50:23 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 21 Jul 2008 18:50:23 -0400 Subject: identical files -> non-identical encrypted files In-Reply-To: <87k5fgcmj5.fsf@matica.localdomain> References: <87k5fgcmj5.fsf@matica.localdomain> Message-ID: On Jul 20, 2008, at 4:45 PM, Ian Zimmerman wrote: > I just noticed this today. I suppose this is completely obvious to > most > readers of the list and perhaps not something they want to be > bothered with; > apalogies if that's the case. I have a problem to solve :( > So I suppose gpg puts some salt probably based on timestamp in. Can > this > be disabled? Pretty please? It's not salt - the session key is random. If it wasn't, well, decrypting would be pretty easy. David From bahamutzero8825 at gmail.com Tue Jul 22 01:41:12 2008 From: bahamutzero8825 at gmail.com (Andrew Berg) Date: Mon, 21 Jul 2008 18:41:12 -0500 Subject: [admin] What is top posting, and why should you avoid it? In-Reply-To: <48833583.1010108@gmail.com> References: <3069F70D-EB25-4B8B-BDF3-A2B73F229D08@me.com> <873am8nr0j.fsf_-_@wheatstone.g10code.de> <487FBC27.4040602@tx.rr.com> <200807172053.36334.yochanon@localnet.com> <488126ED.1030300@gmail.com> <48812A78.4030305@fsfe.org> <48833583.1010108@gmail.com> Message-ID: <48851E98.9050406@gmail.com> Faramir wrote: > It happens too with pop3... I hate that "feature"... well, it (gmail) > had to have some disadvantage... Not in my experience. That's why I use POP3 instead of IMAP. -- Key ID: 0xF88E034060A78FCB Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB Windows NT 6.0.6001.18000 | GPG 1.4.9 | Thunderbird 2.0.0.14 | Enigmail 0.95.6 From JPClizbe at tx.rr.com Tue Jul 22 02:23:02 2008 From: JPClizbe at tx.rr.com (John Clizbe) Date: Mon, 21 Jul 2008 19:23:02 -0500 Subject: membership In-Reply-To: References: Message-ID: <48852866.9000407@tx.rr.com> John Groom wrote: > I have tried twice to add a topic to the list - both times I have > received an email saying > > The reason it is being held: > > Post by non-member to a members-only list > > Here is a copy of my acceptance email. > If you ever want to unsubscribe or change your options (eg, switch to or > from digest mode, change your password, etc.), visit your subscription > page at: > > _http://lists.gnupg.org/mailman/options/gnupg-users/jgroom%40elucid.co.uk_ > > Please let me know what the problem is. You are _subscribed_ as jgroom (at) elucid DOT co DAWT uk You are _posting_ as John DOT Groom (at) sanderson DAWT com Your "From" address is not the subscribed address, thus, your post is held for moderation. You may fix this by subscribing the second address and then setting the subscription properties to not receive messages. -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 656 bytes Desc: OpenPGP digital signature URL: From kurtc1972 at gmail.com Tue Jul 22 04:20:35 2008 From: kurtc1972 at gmail.com (kurt c) Date: Mon, 21 Jul 2008 19:20:35 -0700 Subject: information in the public key block Message-ID: <488543F3.7060601@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Another beginner idiot's question from me. Please excuse me. How is it that when I import the PGP public key block from someone's webpage for example, GnuPG automatically knows the key ID and email address and all the stuff? Is this information embedded in all the letters in the key block somewhere? Where? Thanks. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiFQ/MACgkQE7PX/Y51jV8eoACgn+XjEW5iNRC0VHCBRYk22Iep JkAAoKIs1Upe1QL9L1yR6x78uCMXeie4 =A5jU -----END PGP SIGNATURE----- From kurtc1972 at gmail.com Tue Jul 22 04:27:35 2008 From: kurtc1972 at gmail.com (kurt c) Date: Mon, 21 Jul 2008 19:27:35 -0700 Subject: can't verify my own signature In-Reply-To: <48832DEB.2070002@Mozilla-Enigmail.org> References: <4882C748.20106@gmail.com> <48832DEB.2070002@Mozilla-Enigmail.org> Message-ID: <48854597.2050501@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John Clizbe wrote: > kurt c wrote: >> I'm puzzled here. I sent a signed email with my Enigmail to my other >> Gmail account, but some how when I tried to verify the signature by >> clicking on Windows PT --> clipboard -> decrypt/verify, it said that >> the signature is bad. I certainly have my own public key on my key ring, > > "Having your public key" or not is a Red Herring. > >> why did it say that? > > Because the message you asked it to verify is not the *exact* message you sent. > > Welcome to the "Wonderful" world of webmail. If you're wanting to use OpenPGP > with GMail, perhaps you should set up POP or IMAP access to the messages. > > Does your copy in the Sent folder verify? > > If you need any assistance with Enigmail, the _best_ place is the Enigmail list > at Enigmail at mozdev.org. You don't need to subscribe, but non-subscribers are > moderated to reduce SPAM. Subscription details are at > https://www.mozdev.org/mailman/listinfo/enigmail > > > ------------------------------------------------------------------------ > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users Well, John, why is it then that when I sent an encrypted and signed message to this other Gmail account of mine without Enigmail, and clicked on Privacy Tray's "clickboard" -> "decrypt/verify", the message is both decrypted and verified as with good signature? If the message is altered through the webmail system so that its signature can't be verified, why is it that when it's encrypted it can both be decrypted and verified? Thanks, John, for the earlier reply. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiFRZcACgkQE7PX/Y51jV/n+ACfXqs98yTeca05mjh1jcpfKgmU cNAAoIe76iVx+pw06rNZqn9xvPe5ObSj =gBCe -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Tue Jul 22 04:30:47 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 21 Jul 2008 22:30:47 -0400 Subject: information in the public key block In-Reply-To: <488543F3.7060601@gmail.com> References: <488543F3.7060601@gmail.com> Message-ID: <44EDD49B-D798-4322-BA0D-8C7CC38BD2ED@jabberwocky.com> On Jul 21, 2008, at 10:20 PM, kurt c wrote: > Another beginner idiot's question from me. Please excuse me. > > How is it that when I import the PGP public key block from someone's > webpage for example, GnuPG automatically knows the key ID and email > address and all the stuff? Is this information embedded in all the > letters in the key block somewhere? Where? The key block is just a base64 transformation of the key. The key format is specified in RFC-4880, and yes, it includes email addresses, the information necessary to calculate the key ID, and so on. http://tools.ietf.org/html/rfc4880 David From faramir.cl at gmail.com Tue Jul 22 06:13:34 2008 From: faramir.cl at gmail.com (Faramir) Date: Tue, 22 Jul 2008 00:13:34 -0400 Subject: [admin] What is top posting, and why should you avoid it? In-Reply-To: <48851E98.9050406@gmail.com> References: <3069F70D-EB25-4B8B-BDF3-A2B73F229D08@me.com> <873am8nr0j.fsf_-_@wheatstone.g10code.de> <487FBC27.4040602@tx.rr.com> <200807172053.36334.yochanon@localnet.com> <488126ED.1030300@gmail.com> <48812A78.4030305@fsfe.org> <48833583.1010108@gmail.com> <48851E98.9050406@gmail.com> Message-ID: <48855E6E.10104@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Andrew Berg escribi?: > Faramir wrote: >> It happens too with pop3... I hate that "feature"... well, it (gmail) >> had to have some disadvantage... > > Not in my experience. That's why I use POP3 instead of IMAP. Do you mean you can see the messages you send to the list? Then I have to check my config... I am using pop3 too. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJIhV5uAAoJEMV4f6PvczxAa2UH/1G+PnVdmG7kOZKOwnLtBzo7 VeM8YroQFRoBccN35/GzsImaoiGuj5ZMAGrl4EWqUREy6Y0CVG0QJLyblnOkmyrf 4DL9a0S3hYzuvxBWxgDBVbrlKkQXUhaSZYFwoVPbaRaxQVSwAbXPUuIbvDPVnWzT PytLn7CiqKt4hu7uUYjeRkdP0J7wl9cqvEYynr44I8PWPn28lDpm7thFG/5hHvuf OFS0FqIkGqXD872ohAiKTAnpEzivN9IPVhUcJzhWoEYwfiEYIM+asEBvK/tiPPvo 01agaRu36zvChA4cYRWtaEb7vvUoASrvn9ZwgkkLRTCAlR5VINY+CzvzP81CMhk= =LwmG -----END PGP SIGNATURE----- From faramir.cl at gmail.com Tue Jul 22 06:48:01 2008 From: faramir.cl at gmail.com (Faramir) Date: Tue, 22 Jul 2008 00:48:01 -0400 Subject: API In-Reply-To: References: Message-ID: <48856681.1000103@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 John Groom escribi?: > Good morning > > I need to access gpg.exe from a VB6 application in order to decrypt some > data. > Is there an API available or does someone have some code for activating > it via Shell. > > I can Shell it easily but have been unsuccessful in sending keystrokes > to it. > > Any help will be appreciated. I was trying to make something to be able to verify a signed message, with VB (visual studio 2005), but even trying an example I found about how to pass some commands to windows command shell, the output captured was flawed... I could never solve it, and now it doesn't matter anymore... I wish you better luck than I had. If you want, I think I still have the url of the tutorial I followed, but since it is a different version of VB, probably it won't be of any use for you. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJIhWaBAAoJEMV4f6PvczxAL7gH/jaan4rKRfdofSSfeekuenbA 6L44qiU17EFlug8nrF8/lPTUnqlUkRXRdU7Rp/14L1pQE3/tKb+xtShnT5cek6ed SYZKMzFmb763lc8igYGJXDf0Zgwrtvmi1VF0pjad62G0Y01YlYFOJ/YSaX06IgkW NLVrDudJKTv3zLEgIEsNF4j1c6y4M5ae0RolwuDBuidgpHnOH8dHORLLEhlBccF6 R/GdIsLM+o45p4GpYtCNboWpel3PpAPD3U/FAzH6K3G2s4BVZscsItTW5fHLByDX wyOIUggh8KtCzL2ulbhDkeB5KM7phCT9E3H/ibNpJ1/S+6v3cyF5pS7F2scPY8I= =P/+d -----END PGP SIGNATURE----- From kurtc1972 at gmail.com Tue Jul 22 06:59:36 2008 From: kurtc1972 at gmail.com (kurt c) Date: Mon, 21 Jul 2008 21:59:36 -0700 Subject: so how do you get others to sign your key? Message-ID: <48856938.2020505@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Well dumb me has another question. When I looked at the listing of John's public key from a public key server, for example (John Clizbe, that is), I saw that he had all the other people's names listed with him, like Anthony Jones or Tony Jones or Robot CAs. I suppose these are the people or robots that have signed his key? Is this the so called web of trust? How do you get people to sign your key? And how do you get a certificate authority to sign your key? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiFaTgACgkQE7PX/Y51jV85pQCgvpgp+LtntpJF6AK7Xrpjo6gg mdUAn0jprKJFnd8+7iVNil+vGkz/M+Di =vxUo -----END PGP SIGNATURE----- From kurtc1972 at gmail.com Tue Jul 22 07:01:23 2008 From: kurtc1972 at gmail.com (kurt c) Date: Mon, 21 Jul 2008 22:01:23 -0700 Subject: so how do you get others to sign your key? In-Reply-To: <48856938.2020505@gmail.com> References: <48856938.2020505@gmail.com> Message-ID: <488569A3.7080809@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 kurt c wrote: > Well dumb me has another question. > > When I looked at the listing of John's public key from a public key > server, for example (John Clizbe, that is), I saw that he had all the > other people's names listed with him, like Anthony Jones or Tony Jones > or Robot CAs. I suppose these are the people or robots that have signed > his key? Is this the so called web of trust? How do you get people to > sign your key? And how do you get a certificate authority to sign your key? My name is Lawrence, by the way. I created this email account on a whim to test Enigmail, that's why it has this kurt c stuff on it. And now that I'm getting serious with this email account I wish I could change it. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiFaaMACgkQE7PX/Y51jV+4CgCg2hKoUlRgtoyDp8PG2lF8my96 QX0AoJ/uXwaXfbvj7Jcu+8V5WesHotai =VMTy -----END PGP SIGNATURE----- From cwal989 at comcast.net Tue Jul 22 08:32:21 2008 From: cwal989 at comcast.net (Chris Walters) Date: Tue, 22 Jul 2008 02:32:21 -0400 Subject: identical files -> non-identical encrypted files In-Reply-To: <87k5fgcmj5.fsf@matica.localdomain> References: <87k5fgcmj5.fsf@matica.localdomain> Message-ID: <48857EF5.20005@comcast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Ian Zimmerman wrote: | I just noticed this today. I suppose this is completely obvious to most | readers of the list and perhaps not something they want to be bothered with; | apalogies if that's the case. I have a problem to solve :( [snip] | So I suppose gpg puts some salt probably based on timestamp in. Can this | be disabled? Pretty please? As has already been mentioned, this has nothing to do with salt. It has to do with the fact that the session key - used to encrypt the plaintext - is random, so it will produce different ciphertext each time to encrypt a file. This is a good thing, as it makes it much harder to apply a certain type of attack on the ciphertext. I'm not sure why you would want to disable this security feature. I will say that I wouldn't use an encryption program that did not use random session keys. Regards, Chris -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJIhX7rAAoJEE8J0h3nbis2zBoQALXwjG7h4EKJIsZYb5/Ep/Zg rTEg61KNPSGWrFgdB7sNmnjm2FGqxNlWson4BhFr6d4Dz93n3dvRx1NsBQPvSFm1 I2bPCO7xVgX9KIISU6nvieAFd+GDKPEquf1ZmaZc2Ew5Eeu99OQCpwr9t8dPsEyW 8r2gekBzUAlHbOONSzg627UrZiUbtvjIiK6gT6EjM4a5rB7r1Rqphet7M1rQRuld vKoSP5Vber56EBHIWCKiePugGmu1STVCZqX/w6X60moGNV/W/gCtEr3g1WG0ibJD qGj3K+2Z+xaAWg9KL/kZLRcfXSmuN6QOSbMTDFgHHFrSeR4MOpoYnJK6ocnuQBdM hjEIJp3l/czjTh7P+qQLl0gD7AMlmvJVLhgPUFHZgbsKDZsFN8pz4DXw/UvDZ7L+ o99UiiG1heGwXmhapL3tarYj5bUVmnRVKe4iL38zKli3Ui0FsQC0fzn+9ZDeRPA2 zrSId0vimXAwDMCTzoGi0hBOmdU8/5lJujlv1/Qn7vD9CPNOWi/2NBXng+F8cTAP FOW/fFjqNfjja0GWiEEwdlIZZuQNs2NUOSnvqskuz7bQTWYrc+tUZhtaOyPRx/KZ J/KTvlgvzhGW15jIKdqrwlR+ZZ38ES3cw7YgQC0AObcksaLvWeeRR4HhNAj43dTb KgSQ3q8o3+uveGl9ovLo =wygW -----END PGP SIGNATURE----- From faramir.cl at gmail.com Tue Jul 22 09:22:18 2008 From: faramir.cl at gmail.com (Faramir) Date: Tue, 22 Jul 2008 03:22:18 -0400 Subject: identical files -> non-identical encrypted files In-Reply-To: <48857EF5.20005@comcast.net> References: <87k5fgcmj5.fsf@matica.localdomain> <48857EF5.20005@comcast.net> Message-ID: <48858AAA.9030803@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > Ian Zimmerman wrote: ... > | apalogies if that's the case. I have a problem to solve :( > [snip] > | So I suppose gpg puts some salt probably based on timestamp in. Can this > | be disabled? Pretty please? In my experience, people here is very supportive, so I don't think you need to apologise for a valid question. But if you tell us why this feature is a problem to you, them it is more likely people can help you to solve the problem, probably by finding a work around it, since that is a very useful feature, so it is unlikely there is a way to disable it, and even if there is one, probably you will be strongly advised to don't disable it. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJIhYqqAAoJEMV4f6PvczxAnUkH/RJw7A3yh0ETcSCtj3Q4Q+CU gXICXPfMlBzKtvXRdqQegCvz+GWH7GiRyPGz1gf63W5aHndz/Raqug9ZenV7UC85 iegBC+h8ZpVRHTy8CcP/YCv4fQqGjp1zGmUgIZVbo3k/+rhp1OgldFlR+B9geIb3 ujBrdYtLcG4b7DoV/TyqmHujOFl10mE9HXxdmuGXnaejm1Gv4TTeRO/EZyP9PFcz xaMsTzqDmIA/ojG+CEfPjfSOhXFOLgbm85vOzvSC9m7PYeL94tlhxIhmOeaKnUfv CEQXolnT8y0ekXuPmSPLcQDw0LoJL3+Wsg5M6sIR5tayyhx17M0LCWF8wYwM1Vw= =GwQw -----END PGP SIGNATURE----- From david at miradoiro.com Tue Jul 22 09:31:39 2008 From: david at miradoiro.com (=?iso-8859-1?Q?David_Pic=F3n_=C1lvarez?=) Date: Tue, 22 Jul 2008 09:31:39 +0200 Subject: identical files -> non-identical encrypted files References: <87k5fgcmj5.fsf@matica.localdomain> <48857EF5.20005@comcast.net> <48858AAA.9030803@gmail.com> Message-ID: <012001c8ebcc$fbcd7160$0302a8c0@Nautilus> If you need to have this guarantee, you could try overriding the session key. Note you will lose security by the bucketload by doing so. I really would not advice it. If you're trying to have some kind of filesystem encryption (which is my impression, but not sure) gnupg is not the best tool. --David. From dave.smith at st.com Tue Jul 22 10:11:36 2008 From: dave.smith at st.com (David SMITH) Date: Tue, 22 Jul 2008 09:11:36 +0100 Subject: so how do you get others to sign your key? In-Reply-To: <48856938.2020505@gmail.com> References: <48856938.2020505@gmail.com> Message-ID: <20080722081136.GE24639@bristol.st.com> On Mon, Jul 21, 2008 at 09:59:36PM -0700, kurt c wrote: > When I looked at the listing of John's public key from a public key > server, for example (John Clizbe, that is), I saw that he had all the > other people's names listed with him, like Anthony Jones or Tony Jones > or Robot CAs. I suppose these are the people or robots that have signed > his key? Is this the so called web of trust? How do you get people to > sign your key? And how do you get a certificate authority to sign your key? Check the GNU Privacy Handbook; in particular the references to key signing, and keysigning parties. -- David Smith | Tel: +44 (0)1454 462380 Home: +44 (0)1454 616963 STMicroelectronics | Fax: +44 (0)1454 462305 Mobile: +44 (0)7932 642724 1000 Aztec West | TINA: 065 2380 GPG Key: 0xF13192F2 Almondsbury | Work Email: Dave.Smith at st.com BRISTOL, BS32 4SQ | Home Email: David.Smith at ds-electronics.co.uk From BruderB at cation.de Tue Jul 22 10:47:15 2008 From: BruderB at cation.de (B) Date: Tue, 22 Jul 2008 10:47:15 +0200 Subject: so how do you get others to sign your key? In-Reply-To: <48856938.2020505@gmail.com> References: <48856938.2020505@gmail.com> Message-ID: <48859E93.6080509@cation.de> kurt c schrieb: > Well dumb me has another question. > > When I looked at the listing of John's public key from a public key > server, for example (John Clizbe, that is), I saw that he had all the > other people's names listed with him, like Anthony Jones or Tony Jones > or Robot CAs. I suppose these are the people or robots that have signed > his key? Is this the so called web of trust? How do you get people to > sign your key? And how do you get a certificate authority to sign your key? You could take part in a local key signing party or make contact to an universty for IT and arrange a meeting with people with the same interest, what actually would be a key signing party. Also, for the second question, have a look at CaCert.org. Boris From JPClizbe at tx.rr.com Tue Jul 22 14:49:57 2008 From: JPClizbe at tx.rr.com (John Clizbe) Date: Tue, 22 Jul 2008 07:49:57 -0500 Subject: [admin] What is top posting, and why should you avoid it? In-Reply-To: <48855E6E.10104@gmail.com> References: <3069F70D-EB25-4B8B-BDF3-A2B73F229D08@me.com> <873am8nr0j.fsf_-_@wheatstone.g10code.de> <487FBC27.4040602@tx.rr.com> <200807172053.36334.yochanon@localnet.com> <488126ED.1030300@gmail.com> <48812A78.4030305@fsfe.org> <48833583.1010108@gmail.com> <48851E98.9050406@gmail.com> <48855E6E.10104@gmail.com> Message-ID: <4885D775.4010400@tx.rr.com> Faramir wrote: > Do you mean you can see the messages you send to the list? Then I have > to check my config... I am using pop3 too. http://lists.gnupg.org/mailman/listinfo/gnupg-users Bottom of the page, enter email address and click 'Unsubscribe or edit options'. Enter list password and 'log in', Fourth option, "Receive your own posts to the list?" should be Yes Click 'Submit My Changes' at the bottom of the page to save -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 656 bytes Desc: OpenPGP digital signature URL: From JPClizbe at tx.rr.com Tue Jul 22 15:04:25 2008 From: JPClizbe at tx.rr.com (John Clizbe) Date: Tue, 22 Jul 2008 08:04:25 -0500 Subject: can't verify my own signature In-Reply-To: <48854597.2050501@gmail.com> References: <4882C748.20106@gmail.com> <48832DEB.2070002@Mozilla-Enigmail.org> <48854597.2050501@gmail.com> Message-ID: <4885DAD9.8010308@tx.rr.com> kurt c wrote: > Well, John, why is it then that when I sent an encrypted and signed > message to this other Gmail account of mine without Enigmail, and > clicked on Privacy Tray's "clickboard" -> "decrypt/verify", the message > is both decrypted and verified as with good signature? If the message is > altered through the webmail system so that its signature can't be > verified, why is it that when it's encrypted it can both be decrypted > and verified? Please address messages to the list, not a person. Short Answer: The text manipulations performed by Web mail user agents which break inline signed OpenPGP messages are not possible with encrypted messages. Trying to compare what happens to encrypted (& signed) messages versus inlined signed messages in transit is somewhat of an 'apples to oranges' proposition. -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 656 bytes Desc: OpenPGP digital signature URL: From rick at rickv.com Tue Jul 22 17:11:31 2008 From: rick at rickv.com (Rick Valenzuela) Date: Tue, 22 Jul 2008 11:11:31 -0400 Subject: so how do you get others to sign your key? In-Reply-To: <48859E93.6080509@cation.de> References: <48856938.2020505@gmail.com> <48859E93.6080509@cation.de> Message-ID: <4885F8A3.1070600@rickv.com> B wrote: > > kurt c schrieb: >> How do you get people to >> sign your key? And how do you get a certificate authority to sign your key? > > You could take part in a local key signing party or make contact to an > universty for IT and arrange a meeting with people with the same > interest, what actually would be a key signing party. > Also, for the second question, have a look at CaCert.org. You could also search www.biglumber.com to see if there are keysigning events in your area (e.g., through your local Linux Users Group), or if you can find an individual who will meet with you one-on-one. -- Rick Valenzuela photographer | reporter +1 267 694 3642 | www.rickv.com GnuPG ID: 0xD5644029 From bahamutzero8825 at gmail.com Tue Jul 22 18:03:50 2008 From: bahamutzero8825 at gmail.com (Andrew Berg) Date: Tue, 22 Jul 2008 11:03:50 -0500 Subject: [admin] What is top posting, and why should you avoid it? In-Reply-To: <48855E6E.10104@gmail.com> References: <3069F70D-EB25-4B8B-BDF3-A2B73F229D08@me.com> <873am8nr0j.fsf_-_@wheatstone.g10code.de> <487FBC27.4040602@tx.rr.com> <200807172053.36334.yochanon@localnet.com> <488126ED.1030300@gmail.com> <48812A78.4030305@fsfe.org> <48833583.1010108@gmail.com> <48851E98.9050406@gmail.com> <48855E6E.10104@gmail.com> Message-ID: <488604E6.4070304@gmail.com> Faramir wrote: > Andrew Berg escribi?: >> Faramir wrote: >>> It happens too with pop3... I hate that "feature"... well, it (gmail) >>> had to have some disadvantage... >> Not in my experience. That's why I use POP3 instead of IMAP. > > Do you mean you can see the messages you send to the list? Then I have > to check my config... I am using pop3 too. No; I misread that post and thought you were talking about something else. -- Key ID: 0xF88E034060A78FCB Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB Windows NT 6.0.6001.18000 | GPG 1.4.9 | Thunderbird 2.0.0.14 | Enigmail 0.95.6 From christopher.eliot at nagrastar.com Tue Jul 22 20:59:40 2008 From: christopher.eliot at nagrastar.com (Eliot, Christopher) Date: Tue, 22 Jul 2008 12:59:40 -0600 Subject: Searching mail that arrived encrypted on Outlook Server Message-ID: <5C27B2F8693FA3458E71B4A81551253F03881983@NSTAR-MAIL1.windows.nagrastar.com> We use a typical Microsoft Outlook server setup. We use GPG to encrypt mail coming and going over those internet tube things. My problem is that I'd like to be able to use the Outlook search facility to search through old mail that I've received or sent. Right now it appears that any mail that arrives or that I send is stored in encrypted form on the Outlook server, and that the search mechanisms just search the encrypted text, not a decrypted version of it. Which makes searching unusable. I consider our Outlook server sufficiently secure for my needs here; I don't feel that I need to encrypt each email there. So I'd like my email items to be stored unencrypted, so that I can do searches on their contents. Alternatively, if the search mechanism could somehow be taught to decrypt mail before searching it that could work, but I imagine it would be very slow. Right now I can sort of achieve what I want by forwarding arriving email to myself with encryption disabled, and saving the result. This of course is tedious, and also means that the email is listed as being from me, rather than from whomever really sent it. Does anyone have a better suggestion for this? Topher Eliot christopher.eliot at nagrastar.com [] -------------- next part -------------- An HTML attachment was scrubbed... URL: From kurtc1972 at gmail.com Wed Jul 23 01:24:20 2008 From: kurtc1972 at gmail.com (kurt c) Date: Tue, 22 Jul 2008 16:24:20 -0700 Subject: can't verify my own signature In-Reply-To: <4885DAD9.8010308@tx.rr.com> References: <4882C748.20106@gmail.com> <48832DEB.2070002@Mozilla-Enigmail.org> <48854597.2050501@gmail.com> <4885DAD9.8010308@tx.rr.com> Message-ID: <48866C24.20807@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John Clizbe wrote: > kurt c wrote: >> Well, John, why is it then that when I sent an encrypted and signed >> message to this other Gmail account of mine without Enigmail, and >> clicked on Privacy Tray's "clickboard" -> "decrypt/verify", the message >> is both decrypted and verified as with good signature? If the message is >> altered through the webmail system so that its signature can't be >> verified, why is it that when it's encrypted it can both be decrypted >> and verified? > > Please address messages to the list, not a person. > > Short Answer: The text manipulations performed by Web mail user agents which > break inline signed OpenPGP messages are not possible with encrypted messages. > > Trying to compare what happens to encrypted (& signed) messages versus inlined > signed messages in transit is somewhat of an 'apples to oranges' proposition. > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users Thanks John, you make my learning process so much easier. Lawrence -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiGbCQACgkQE7PX/Y51jV/2tQCbBACyrroEriqla0K2jbw7Lkez 9iYAn3+gCaYGPo4f9tB5aXEldmdGw0jZ =Jobf -----END PGP SIGNATURE----- From kurtc1972 at gmail.com Wed Jul 23 02:11:59 2008 From: kurtc1972 at gmail.com (kurt c) Date: Tue, 22 Jul 2008 17:11:59 -0700 Subject: export key: access denied Message-ID: <4886774F.6050207@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ah so sorry, I run into another problem. I followed the instruction and typed into my command prompt gpg --export - -a 0x8e758d5f>mykey.asc in order to create an ASCII armored version of my key and somehow I got the reply: "access is denied". Why? Why? Why? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiGd08ACgkQE7PX/Y51jV/OJgCePHWTpVBAKCf7bmhI3AtPDOkZ ryQAnjB1jBiI9TZhml1gITXk/JnIWVbe =YJ54 -----END PGP SIGNATURE----- From kurtc1972 at gmail.com Wed Jul 23 02:26:32 2008 From: kurtc1972 at gmail.com (kurt c) Date: Tue, 22 Jul 2008 17:26:32 -0700 Subject: Thanks Message-ID: <48867AB8.4090503@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks David, Boris, Rick, and especially Kara and Charly for all the thorough explanations. And sorry for anybody if I've been only sending replies to you that I meant to send to the mailing list :P Stupid me, still clumsy with Thunderbird. I also seem to have problem posting replies to the posts on the mailing list using Thunderbird, though not questions. Hmm... And remember my name is Lawrence. This kurt account I created on a whim to test Enigmail, so I just typed in some garbage, thinking that I'd discard it later. But no, I'm enjoying this Enigmail. And by the way, I live in Los Angeles. If anyone from here wants key-signing, I'd love to participate. Thank you all. Lawrence -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiGergACgkQE7PX/Y51jV+HmwCgiZU1tZrGfXTEI5rXm5DKzIGi gnwAnjZInHxKE7U5xZG0cT6L/qAb8JIQ =wfij -----END PGP SIGNATURE----- From kurtc1972 at gmail.com Wed Jul 23 01:52:34 2008 From: kurtc1972 at gmail.com (kurt c) Date: Tue, 22 Jul 2008 16:52:34 -0700 Subject: information in the public key block In-Reply-To: <488543F3.7060601@gmail.com> References: <488543F3.7060601@gmail.com> Message-ID: <488672C2.9060203@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 kurt c wrote: > Another beginner idiot's question from me. Please excuse me. > > How is it that when I import the PGP public key block from someone's > webpage for example, GnuPG automatically knows the key ID and email > address and all the stuff? Is this information embedded in all the > letters in the key block somewhere? Where? > > Thanks. Thanks David for your explanation :) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiGcsIACgkQE7PX/Y51jV/oTwCggMgy/oX0oiXvCP2Xw/ituJ8o Dy4AnR1B+28ozhxDT8UnOvPHWMaGhxOK =iXjq -----END PGP SIGNATURE----- From kurtc1972 at gmail.com Wed Jul 23 01:51:39 2008 From: kurtc1972 at gmail.com (kurt c) Date: Tue, 22 Jul 2008 16:51:39 -0700 Subject: so how do you get others to sign your key? In-Reply-To: <48856938.2020505@gmail.com> References: <48856938.2020505@gmail.com> Message-ID: <4886728B.5030103@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 kurt c wrote: > Well dumb me has another question. > > When I looked at the listing of John's public key from a public key > server, for example (John Clizbe, that is), I saw that he had all the > other people's names listed with him, like Anthony Jones or Tony Jones > or Robot CAs. I suppose these are the people or robots that have signed > his key? Is this the so called web of trust? How do you get people to > sign your key? And how do you get a certificate authority to sign your key? Thanks David, Boris, Rick, and especially Kara for such a thorough explanation. And sorry for anybody if I've been only sending replies to you that I meant to send to the mailing list :P Stupid me, still clumsy with Thunderbird. And remember my name is Lawrence. This kurt account I created on a whim to test Enigmail, so I just typed in some garbage, thinking that I'd discard it later. But no, I'm enjoying this Enigmail. And by the way, I live in Los Angeles. If anyone from here wants key-signing, I'd love to participate. Thank you all. Lawrence -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEUEARECAAYFAkiGcosACgkQE7PX/Y51jV+FeACXW3l0vxTzUO5ABaizcVnfp6Id GQCeJ09l0j2AUVoTcJbDcL4lBYEF4U8= =wvnG -----END PGP SIGNATURE----- From rick at rickv.com Wed Jul 23 03:37:43 2008 From: rick at rickv.com (Rick Valenzuela) Date: Tue, 22 Jul 2008 21:37:43 -0400 Subject: so how do you get others to sign your key? In-Reply-To: <4886728B.5030103@gmail.com> References: <48856938.2020505@gmail.com> <4886728B.5030103@gmail.com> Message-ID: <48868B67.8010900@rickv.com> Lawrence/kurt c wrote: > And remember my name is Lawrence. This kurt account I created on a whim > to test Enigmail, so I just typed in some garbage, thinking that I'd > discard it later. But no, I'm enjoying this Enigmail. > > And by the way, I live in Los Angeles. If anyone from here wants > key-signing, I'd love to participate. it's good that you're having fun and psyched on GnuPG, but to go through with a key-signing, the Kurt persona won't cut it. You'll have to create a key associated with your real name, so you can offer up an acceptable photo ID with that name during the meeting. -rick From JPClizbe at tx.rr.com Wed Jul 23 07:14:10 2008 From: JPClizbe at tx.rr.com (John Clizbe) Date: Wed, 23 Jul 2008 00:14:10 -0500 Subject: so how do you get others to sign your key? In-Reply-To: <48868B67.8010900@rickv.com> References: <48856938.2020505@gmail.com> <4886728B.5030103@gmail.com> <48868B67.8010900@rickv.com> Message-ID: <4886BE22.5010507@tx.rr.com> Rick Valenzuela wrote: > Lawrence/kurt c wrote: >> And remember my name is Lawrence. This kurt account I created on a whim >> to test Enigmail, so I just typed in some garbage, thinking that I'd >> discard it later. But no, I'm enjoying this Enigmail. >> >> And by the way, I live in Los Angeles. If anyone from here wants >> key-signing, I'd love to participate. I miss L.A. grew up in LB and spent a couple years "Behind the Orange Curtain" six years ago. BigLumber is a good resource for finding folks nearby > > it's good that you're having fun and psyched on GnuPG, but to go through > with a key-signing, the Kurt persona won't cut it. You'll have to create > a key associated with your real name, so you can offer up an acceptable > photo ID with that name during the meeting. You can keep you existing key by adding a new UID with your real name and revoking the other UID. Won't be able to delete it though. If you decide to start over with a new key, revoke the unwanted key so it's not orphaned out on the servers. -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 656 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Wed Jul 23 09:33:02 2008 From: wk at gnupg.org (Werner Koch) Date: Wed, 23 Jul 2008 09:33:02 +0200 Subject: --export/import-ownertrust In-Reply-To: <20080718121758.GU8214@bristol.st.com> (David SMITH's message of "Fri, 18 Jul 2008 13:17:58 +0100") References: <20080718121758.GU8214@bristol.st.com> Message-ID: <87fxq1gimp.fsf@wheatstone.g10code.de> On Fri, 18 Jul 2008 14:17, dave.smith at st.com said: > I've searched on the net, but I can't find much about what the > --export/import-ownertrust do, beyond what is in the manpage. What is > actually stored in this exported ownertrust database? These commands are used for backup or to migrate to a newer version of GnuPG with a changed format of the trust database (We had this case many years ago; however gpg did this for you on the fly). So backup is the main purpose. The format is very simple: B4D94345B0986AB5EE9DCD755DE249961B012345:3: The first field is the fingerprint of the key and the second field is the ownertrust you assigned to that key ("never trust" in this example). Publishing this information is not a good idea because you tell the world how far you trust the holder of that key to correctly verify others keys. This won't be a security issue but the holder of the key might get upset if he notices that you do not trust to correctly sign other keys. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From BruderB at cation.de Wed Jul 23 12:02:33 2008 From: BruderB at cation.de (B) Date: Wed, 23 Jul 2008 12:02:33 +0200 Subject: so how do you get others to sign your key? In-Reply-To: <4886728B.5030103@gmail.com> References: <48856938.2020505@gmail.com> <4886728B.5030103@gmail.com> Message-ID: <488701B9.1030203@cation.de> Hej Lawrence, kurt c schrieb: > And sorry for anybody if I've been only sending replies to you that I > meant to send to the mailing list :P Stupid me, still clumsy with > Thunderbird. Have a look at this: http://alumnit.ca/wiki/?ReplyToListThunderbirdExtension > And remember my name is Lawrence. This kurt account I created on a whim > to test Enigmail, so I just typed in some garbage, thinking that I'd > discard it later. But no, I'm enjoying this Enigmail. me too. > And by the way, I live in Los Angeles. If anyone from here wants > key-signing, I'd love to participate. Well, I live in Kiel, Germany, but I'm going to visit Califorina in October... Boris From BruderB at cation.de Wed Jul 23 12:06:22 2008 From: BruderB at cation.de (B) Date: Wed, 23 Jul 2008 12:06:22 +0200 Subject: export key: access denied In-Reply-To: <4886774F.6050207@gmail.com> References: <4886774F.6050207@gmail.com> Message-ID: <4887029E.2010800@cation.de> kurt c schrieb: > Ah so sorry, I run into another problem. > > I followed the instruction and typed into my command prompt gpg --export > -a 0x8e758d5f>mykey.asc in order to create an ASCII armored version of > my key and somehow I got the reply: > > "access is denied". > > Why? Why? Why? I see you're running Windows, so I cannot help you with this. But Enigmail should include a feature for exporting keys on the GUI, doesn't it? Boris From shavital at mac.com Wed Jul 23 17:03:17 2008 From: shavital at mac.com (Charly Avital) Date: Wed, 23 Jul 2008 11:03:17 -0400 Subject: export key: access denied In-Reply-To: <4886774F.6050207@gmail.com> References: <4886774F.6050207@gmail.com> Message-ID: <48874835.50709@mac.com> kurt c wrote the following on 7/22/08 8:11 PM: > Ah so sorry, I run into another problem. > > I followed the instruction and typed into my command prompt gpg --export > -a 0x8e758d5f>mykey.asc in order to create an ASCII armored version of > my key and somehow I got the reply: > > "access is denied". > > Why? Why? Why? You are a Windows user, I don't know whether the command should be gpg.exe, instead of gpg only. Be that as it may, in MacOSX, the command line is gpg -a --export 0x8E758D5F > mykey.asc gpg -a --export 0x8E758D5F>mykey.asc will work too. Take care, Charly MacOS 10.5.4 - MacBook Intel C2Duo - GnuPG 1.4.9 - GPG2 2.0.9 - Thunderbird 2.0.0.14 - Enigmail 0.96a (20080706-1537)- Apple's Mail+GPGMail d53 From itz at buug.org Tue Jul 22 04:38:19 2008 From: itz at buug.org (Ian Zimmerman) Date: Mon, 21 Jul 2008 19:38:19 -0700 Subject: identical files -> non-identical encrypted files In-Reply-To: <48850CDA.6020905@sixdemonbag.org> (Robert J. Hansen's message of "Mon\, 21 Jul 2008 18\:25\:30 -0400") References: <87k5fgcmj5.fsf@matica.localdomain> <48850CDA.6020905@sixdemonbag.org> Message-ID: <871w1my76s.fsf@matica.localdomain> Ian> I have a problem to solve :( Robert> I fail to see the problem. Not your fault, since I didn't say what it was :-) I have a local file that I want to encrypt and upload to a remote machine in encrypted form. Encrypting is farily quick, but uploading is slow, so I use rsync for the other (unencrypted) files. But the fact that the encrypted file is different each time defeats the rsync incremental upload. A partial workaround is only encrypting when the plaintext file is newer than the encrypted one, but it's not bulletproof because sometimes the plaintext _does_ get saved even if it's identical. Not a huge deal, in all, but someone must have faced this situation before. -- Ian Zimmerman gpg public key: 1024D/C6FF61AD fingerprint: 66DC D68F 5C1B 4D71 2EE5 BD03 8A00 786C C6FF 61AD From John.Groom at sanderson.com Tue Jul 22 10:02:32 2008 From: John.Groom at sanderson.com (John Groom) Date: Tue, 22 Jul 2008 09:02:32 +0100 Subject: membership References: <48852866.9000407@tx.rr.com> Message-ID: Thanx John - I have now done that. Regards John Groom -----Original Message----- From: John Clizbe [mailto:JPClizbe at tx.rr.com] Sent: 2008-07-22 01:23 To: GnuPG Users Subject: Re: membership John Groom wrote: > I have tried twice to add a topic to the list - both times I have > received an email saying > > The reason it is being held: > > Post by non-member to a members-only list > > Here is a copy of my acceptance email. > If you ever want to unsubscribe or change your options (eg, switch to > or from digest mode, change your password, etc.), visit your > subscription page at: > > _http://lists.gnupg.org/mailman/options/gnupg-users/jgroom%40elucid.co > .uk_ > > Please let me know what the problem is. You are _subscribed_ as jgroom (at) elucid DOT co DAWT uk You are _posting_ as John DOT Groom (at) sanderson DAWT com Your "From" address is not the subscribed address, thus, your post is held for moderation. You may fix this by subscribing the second address and then setting the subscription properties to not receive messages. -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" This email is from Sanderson Group plc or a subsidiary of Sanderson Group plc ('the company') and is for the personal use of the intended recipient(s). The email and any files transmitted with it are confidential to the intended recipient(s) and may be legally privileged or contain proprietary and private information. If you are not an intended recipient, you may not review, copy or distribute this message. If received in error, please notify the sender and delete the message from your system. Any views or opinions expressed in this email and any files transmitted with it are those of the author only and may not necessarily reflect the views of the company. Unless otherwise pre-agreed by exchange of hard copy documents signed by duly authorised representatives, contracts may not be concluded on behalf of the company by email. Please note that neither the company nor the sender accepts any responsibility for any viruses and it is your responsibility to scan the email and any attachments. All email received and sent by the company may be monitored to protect its business interests. Members of Sanderson Group plc: Sanderson Group plc: Registered in England, Registered No. 04968444 Sanderson Limited: Registered in England, Registered No. 03743507 Sanderson Multi-Channel Solutions Limited: Registered in England, Registered No. 05684599 Sanderson PCSL Limited: Registered in England, Registered No. 03112970 Sanderson Retail Systems Limited: Registered in England, Registered No. 01240790 Registered Office for all aforementioned companies: Sanderson House, Manor Road, Coventry, CV1 2GF Sanderson RBS Limited: Registered in England, Registered No. 3722018 Registered Office: 24-26 Vincent Avenue, Crowhill, Milton Keynes, MK8 0AB From faramir.cl at gmail.com Wed Jul 23 23:44:46 2008 From: faramir.cl at gmail.com (Faramir) Date: Wed, 23 Jul 2008 17:44:46 -0400 Subject: export key: access denied In-Reply-To: <48874835.50709@mac.com> References: <4886774F.6050207@gmail.com> <48874835.50709@mac.com> Message-ID: <4887A64E.2080708@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Charly Avital escribi?: > kurt c wrote the following on 7/22/08 8:11 PM: >> I followed the instruction and typed into my command prompt gpg --export >> -a 0x8e758d5f>mykey.asc in order to create an ASCII armored version of >> my key and somehow I got the reply: >> >> "access is denied". > You are a Windows user, I don't know whether the command should be > gpg.exe, instead of gpg only. No, it works fine without the .exe > Be that as it may, in MacOSX, the command line is > gpg -a --export 0x8E758D5F > mykey.asc > > gpg -a --export 0x8E758D5F>mykey.asc will work too. I tried this one, on Windows XP, and it works fine... I like gpgshell, it provides a good GUI for most of things I need to do... just google it and you will find it. (for kurt c) Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJIh6ZOAAoJEMV4f6PvczxAa9YH/ibeRX5nb4FgqYsHTAveaQnJ BNT0l1UBEpZGTDnQhLauQnYsKnBuLdUBp7wx3vbz7GNquVljzx4c8CwFaC1S6QQN iFEUfh/lDP5nTW0qtU34ncFyrqYxonhsIwwpPkmOkFrYWC06vaOKmZkIOUCJXP4C DHIkOfLe1yJyy3JSGnG/zOsHkVjtNdjn5Fp4Xa58qfDOdYm3j9ddYEDlw7rneE2X gbmpAcR3Ug41SALSyaSCGF0/CLMi4yWjJkKXpgY9+mD43YwrHCSY8RwMlqem+ub8 F4eFYA2fY62uY4dcCoO9tgmdKKWHUQXgxXLZcjnpkjj3nrxPTju6b/2Ksfor+VI= =f+06 -----END PGP SIGNATURE----- From kurtc1972 at gmail.com Thu Jul 24 00:54:35 2008 From: kurtc1972 at gmail.com (kurt c) Date: Wed, 23 Jul 2008 15:54:35 -0700 Subject: export key: access denied In-Reply-To: <4887A64E.2080708@gmail.com> References: <4886774F.6050207@gmail.com> <48874835.50709@mac.com> <4887A64E.2080708@gmail.com> Message-ID: <4887B6AB.7020909@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Faramir wrote: > Charly Avital escribi?: >> kurt c wrote the following on 7/22/08 8:11 PM: > >>> I followed the instruction and typed into my command prompt gpg --export >>> -a 0x8e758d5f>mykey.asc in order to create an ASCII armored version of >>> my key and somehow I got the reply: >>> >>> "access is denied". > >> You are a Windows user, I don't know whether the command should be >> gpg.exe, instead of gpg only. > > No, it works fine without the .exe > >> Be that as it may, in MacOSX, the command line is >> gpg -a --export 0x8E758D5F > mykey.asc > >> gpg -a --export 0x8E758D5F>mykey.asc will work too. > > I tried this one, on Windows XP, and it works fine... > > I like gpgshell, it provides a good GUI for most of things I need to > do... just google it and you will find it. (for kurt c) > > Best Regards no, i typed in my windows vista command prompt: gpg -a --export 0x8e758d5f > mykey.asc and i only get "access is denied". i guess no one knows why. _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiHtqsACgkQE7PX/Y51jV8otgCguZ1a9iBerrKb5Ut5V5Km9vq2 b/0AnAiJmWK7tdg9ZVci5W5MCvZoG0Xx =MEDR -----END PGP SIGNATURE----- From faramir.cl at gmail.com Thu Jul 24 02:04:39 2008 From: faramir.cl at gmail.com (Faramir) Date: Wed, 23 Jul 2008 20:04:39 -0400 Subject: export key: access denied In-Reply-To: <4887B6AB.7020909@gmail.com> References: <4886774F.6050207@gmail.com> <48874835.50709@mac.com> <4887A64E.2080708@gmail.com> <4887B6AB.7020909@gmail.com> Message-ID: <4887C717.1080706@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 kurt c escribi?: > Faramir wrote: >>> gpg -a --export 0x8E758D5F>mykey.asc will work too. >> I tried this one, on Windows XP, and it works fine... > >> I like gpgshell, it provides a good GUI for most of things I need to >> do... just google it and you will find it. (for kurt c) > >> Best Regards > > no, i typed in my windows vista command prompt: gpg -a --export > 0x8e758d5f > mykey.asc and i only get "access is denied". i guess no one > knows why. Yes, I think I know why... it's Windows Vista permission management... probably you need to run gpg with admin rights... I don't know much about user permissions in Vista, I used it just once, and anything I tried, was denied because I didn't had enough privileges... I think I have a document about user rights management, somewhere... if you want, I can search for it, and send it to you by mail... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJIh8cXAAoJEMV4f6PvczxAIG8H/3epmRjh2+SXkx+a+6vuq5tw KUVPVzN2fVOiFrTa6M9omi1jZa4G5RfbmhYtCa84yunhXIDfEgh3rG41PadFkDo5 z7GN0xYhIKSNlHurjrnkXpHgr7QbwStQBQN30ChnDMIofiYOTtQsuUnx5talnkCa 0nPchVUV2KC9pSHuyrlxVUT9Ee2MIh/YQToA6013P5rXWs61m7NUVxwCrJBoqfAu jFaFgOaTpl8a9O+USvmRNMFielXpsihKPz63zMYV+MDxEA1E54uj1rtC0NKdnqN1 lyo4Ro0r6auVWz2X8IbUr9UUrknV+gkCy8BeHMJBUddWgjjv6jMv6XOORohuNdw= =LhYn -----END PGP SIGNATURE----- From lists at michel-messerschmidt.de Thu Jul 24 01:40:00 2008 From: lists at michel-messerschmidt.de (Michel Messerschmidt) Date: Thu, 24 Jul 2008 01:40:00 +0200 Subject: export key: access denied In-Reply-To: <4887B6AB.7020909@gmail.com> References: <4886774F.6050207@gmail.com> <48874835.50709@mac.com> <4887A64E.2080708@gmail.com> <4887B6AB.7020909@gmail.com> Message-ID: <20080723233959.GA9466@ryu.matrix> On Wed, Jul 23, 2008 at 03:54:35PM -0700, kurt c wrote: > no, i typed in my windows vista command prompt: gpg -a --export > 0x8e758d5f > mykey.asc and i only get "access is denied". i guess no one > knows why. Are you sure that your user has write permissions in the current directory? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 315 bytes Desc: Digital signature URL: From bahamutzero8825 at gmail.com Thu Jul 24 02:59:30 2008 From: bahamutzero8825 at gmail.com (Andrew Berg) Date: Wed, 23 Jul 2008 19:59:30 -0500 Subject: export key: access denied In-Reply-To: <4886774F.6050207@gmail.com> References: <4886774F.6050207@gmail.com> Message-ID: <4887D3F2.6070005@gmail.com> kurt c wrote: > Ah so sorry, I run into another problem. > > I followed the instruction and typed into my command prompt gpg --export > -a 0x8e758d5f>mykey.asc in order to create an ASCII armored version of > my key and somehow I got the reply: > > "access is denied". > > Why? Why? Why? What was your working directory? -- Key ID: 0xF88E034060A78FCB Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB Windows NT 6.0.6001.18000 | GPG 1.4.9 | Thunderbird 2.0.0.14 | Enigmail 0.95.6 From reynt0 at cs.albany.edu Thu Jul 24 05:05:28 2008 From: reynt0 at cs.albany.edu (reynt0) Date: Wed, 23 Jul 2008 23:05:28 -0400 (EDT) Subject: so how do you get others to sign your key? In-Reply-To: <488569A3.7080809@gmail.com> References: <48856938.2020505@gmail.com> <488569A3.7080809@gmail.com> Message-ID: On Mon, 21 Jul 2008, kurt c wrote: . . . > My name is Lawrence, by the way. I created this email account on a whim > to test Enigmail, that's why it has this kurt c stuff on it. And now . . . FWIW, Do you know that, as I understand things, Google saves and records of, and analyzes including for affinity grouping, all the email content and email accounts you communicate with, and so by using gmail you are in some small way compromising the privacy and maybe security of everyone posting on any email list you get email from? From kissg at ssg.ki.iif.hu Thu Jul 24 07:40:11 2008 From: kissg at ssg.ki.iif.hu (Kiss Gabor (Bitman)) Date: Thu, 24 Jul 2008 07:40:11 +0200 (CEST) Subject: [GnuPG-users] identical files -> non-identical encrypted files In-Reply-To: <871w1my76s.fsf@matica.localdomain> References: <87k5fgcmj5.fsf@matica.localdomain> <48850CDA.6020905@sixdemonbag.org> <871w1my76s.fsf@matica.localdomain> Message-ID: > I have a local file that I want to encrypt and upload to a remote > machine in encrypted form. Encrypting is farily quick, but uploading is > slow, so I use rsync for the other (unencrypted) files. But the fact > that the encrypted file is different each time defeats the rsync > incremental upload. > > A partial workaround is only encrypting when the plaintext file is newer > than the encrypted one, but it's not bulletproof because sometimes the > plaintext _does_ get saved even if it's identical. > > Not a huge deal, in all, but someone must have faced this situation before. Jari Ruusu's loop-aes uses the following method: - it encrypts disk/file with AES - it has 1-65 pieces of 128-256 bit keys for this symmetric cipher - disk keys are stored in a file that is encrypted by GPG - Several users may have access to this file (each with his own secret key) So I suggest to use some similar way. Loop-aes utility 'aespipe' does the above key handling automagically. Gabor From yalla at fsfe.org Thu Jul 24 11:02:08 2008 From: yalla at fsfe.org (Alexander W. Janssen) Date: Thu, 24 Jul 2008 11:02:08 +0200 Subject: so how do you get others to sign your key? In-Reply-To: References: <48856938.2020505@gmail.com> <488569A3.7080809@gmail.com> Message-ID: <48884510.2060502@fsfe.org> reynt0 wrote: > On Mon, 21 Jul 2008, kurt c wrote: > . . . >> My name is Lawrence, by the way. I created this email account on a whim >> to test Enigmail, that's why it has this kurt c stuff on it. And now > . . . > > FWIW, > Do you know that, as I understand things, Google saves > and records of, and analyzes including for affinity > grouping, all the email content and email accounts you > communicate with, and so by using gmail you are in some > small way compromising the privacy and maybe security of > everyone posting on any email list you get email from? Says someone without even a real name in his from-line. Why should that be a security problem? What would hinder $evildoer from subscribing themselves? Also, your comment wasn't helpful. Oh man. Do you really want to open this can of worms? Sorry, I had to say this. I'm usually not the flamy type of a person. Alex. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 305 bytes Desc: OpenPGP digital signature URL: From faramir.cl at gmail.com Thu Jul 24 12:43:59 2008 From: faramir.cl at gmail.com (Faramir) Date: Thu, 24 Jul 2008 06:43:59 -0400 Subject: so how do you get others to sign your key? In-Reply-To: References: <48856938.2020505@gmail.com> <488569A3.7080809@gmail.com> Message-ID: <48885CEF.2040904@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 reynt0 escribi?: > On Mon, 21 Jul 2008, kurt c wrote: > . . . >> My name is Lawrence, by the way. I created this email account on a whim >> to test Enigmail, that's why it has this kurt c stuff on it. And now > . . . > > FWIW, > Do you know that, as I understand things, Google saves > and records of, and analyzes including for affinity > grouping, all the email content and email accounts you > communicate with, and so by using gmail you are in some > small way compromising the privacy and maybe security of > everyone posting on any email list you get email from? Writing a plain text email, gmail or not, already does that... do you know if your ISP sniffs your messages? Do you know if my ISP does it? Do you know if somebody in the list is an SPECTRE agent? Gmail's policy states they don't have people readying the emails, and it also says they respect your privacy and don't give that info to anybody... of course, we don't have any way to know if they actually do that... but I would be more afraid about other instances that don't even say what they do or what they don't do... and, after all, that is the reason why PGP and GnuPG were invented... And... here comes the best part of this: the messages sent to the list are available at the list's web site, and no subscription or login is required to access them... so no doubt, even if gmail doesn't search the message's content, google, yahoo, msn, and all other searchers surely have indexed them with their robots... unless there is a robots.txt file stopping them... but it won't stop any bad boy... I don't understand why you say to Lawrence he is "compromising the privacy and maybe security of everyone posting on any email list you get email from?", in special, because he is not the first nor the only one using a gmail account... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJIiFzvAAoJEMV4f6PvczxAAvoH/3sCDPt+J8S9HjXZhECk5cxo z6IKgaN7P9PjExISZfx26uFZ8a5RVvJCqHAMbJinItBpUaDn2W2C59KxMlauegk1 vb3+RN89zj4nLupanjTfMlx5opsvGEsagLrIP38MwIEmM9h+zWAZ9aOasi9hCPQV fjtJsi1zIfOuSM8wyOT47bbn4s1fYHUIwR0/AWP8NGr81m9tTgY/MnZdNz91hKiM +HjEu5MIcnkk0/A2lS5CNP6LbAKUHbZ7J0GgsU+CGz0PRQxCgSXvq0Hu1Ksr/n1B uywgyYqtNUPh70FMdCoMufVLlO9ln6za+ziwmrrF5gVQk8uOc/Mvd+n4mU5L/JA= =30Cx -----END PGP SIGNATURE----- From faramir.cl at gmail.com Thu Jul 24 12:52:11 2008 From: faramir.cl at gmail.com (Faramir) Date: Thu, 24 Jul 2008 06:52:11 -0400 Subject: so how do you get others to sign your key? In-Reply-To: <48884510.2060502@fsfe.org> References: <48856938.2020505@gmail.com> <488569A3.7080809@gmail.com> <48884510.2060502@fsfe.org> Message-ID: <48885EDB.2030604@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Alexander W. Janssen escribi?: > reynt0 wrote: ... >> Do you know that, as I understand things, Google saves >> and records of, and analyzes including for affinity .... > Oh man. Do you really want to open this can of worms? > > Sorry, I had to say this. I'm usually not the flamy type of a person. > Alex. Me neither... (or neither me?) I hope your reply (and mine... I replied too, before seeing your message) is not flamy enough to be considered a "flame"... certainly, if it is, mine is it too... and I should apologise... Best regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJIiF7bAAoJEMV4f6PvczxA9BcIAIDD5aIQqWMd0F7D6qnRZk/I GmnxuE2QaiMHvnD4ZYzUM9rSq1BIAJxXKmmeOt6qlcYX02Hm+rsO/zE3jNfCISh+ 6FFz2GbrrmX9x4MTVoVxWTq8ahEptpOX0BcctwuQjHpYavhzQLWnvP13S/QY59ue 3pvPulFXoPmCTDAQ3B1vkZdW9PHwSrbt6lksDbU9os4mXo0iFHNZ4ufE1TSeHpkr rTjF2z+JOd+FjpyiZgegqEREL4goYi4NdPz5BQfj7kb06Dg73iF4Tdii/ZM60Q6K J4dpIvw792LsNVO6UV+kGE2ke8DExLPl/fjIODhTD29QDFuPOdc/SGuj8rXWU6E= =kDqs -----END PGP SIGNATURE----- From roam at ringlet.net Thu Jul 24 12:53:27 2008 From: roam at ringlet.net (Peter Pentchev) Date: Thu, 24 Jul 2008 13:53:27 +0300 Subject: so how do you get others to sign your key? In-Reply-To: <48885CEF.2040904@gmail.com> References: <48856938.2020505@gmail.com> <488569A3.7080809@gmail.com> <48885CEF.2040904@gmail.com> Message-ID: <20080724105327.GA1080@straylight.m.ringlet.net> On Thu, Jul 24, 2008 at 06:43:59AM -0400, Faramir wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > reynt0 escribi??: > > On Mon, 21 Jul 2008, kurt c wrote: > > . . . > >> My name is Lawrence, by the way. I created this email account on a whim > >> to test Enigmail, that's why it has this kurt c stuff on it. And now > > . . . > > > > FWIW, > > Do you know that, as I understand things, Google saves > > and records of, and analyzes including for affinity > > grouping, all the email content and email accounts you > > communicate with, and so by using gmail you are in some > > small way compromising the privacy and maybe security of > > everyone posting on any email list you get email from? > > Writing a plain text email, gmail or not, already does that... do you > know if your ISP sniffs your messages? Do you know if my ISP does it? Do > you know if somebody in the list is an SPECTRE agent? [snip] > > And... here comes the best part of this: the messages sent to the > list are available at the list's web site, and no subscription or login > is required to access them... so no doubt, even if gmail doesn't search > the message's content, google, yahoo, msn, and all other searchers > surely have indexed them with their robots... unless there is a > robots.txt file stopping them... but it won't stop any bad boy... And then there are things like http://marc.theaimsgroup.com/ ... :) But let's not feed the troll any more :) G'luck, Peter -- Peter Pentchev roam at ringlet.net roam at cnsys.bg roam at FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 No language can express every thought unambiguously, least of all this one. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 195 bytes Desc: not available URL: From wk at gnupg.org Fri Jul 25 00:00:59 2008 From: wk at gnupg.org (Werner Koch) Date: Fri, 25 Jul 2008 00:00:59 +0200 Subject: FYI: mail outage Message-ID: <873alzuelg.fsf@wheatstone.g10code.de> Hi! Unfortunately we had to shutdown the mail server as well as a couple of other services, hosted on my companies box. New hardware is now in place and services are gradually restored. If you see that mail, posting should work again. The bug tracker is still down and will be restored tomorrow. Thanks to the folks at OpenIT for helping me getting the server with the new hardware back on the net pretty soon. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From jeandavid8 at verizon.net Thu Jul 24 12:54:52 2008 From: jeandavid8 at verizon.net (Jean-David Beyer) Date: Thu, 24 Jul 2008 06:54:52 -0400 Subject: so how do you get others to sign your key? In-Reply-To: <48884510.2060502@fsfe.org> References: <48856938.2020505@gmail.com> <488569A3.7080809@gmail.com> <48884510.2060502@fsfe.org> Message-ID: <48885F7C.8090009@verizon.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alexander W. Janssen wrote: > reynt0 wrote: >> On Mon, 21 Jul 2008, kurt c wrote: >> . . . >>> My name is Lawrence, by the way. I created this email account on a whim >>> to test Enigmail, that's why it has this kurt c stuff on it. And now >> . . . >> >> FWIW, >> Do you know that, as I understand things, Google saves >> and records of, and analyzes including for affinity >> grouping, all the email content and email accounts you >> communicate with, and so by using gmail you are in some >> small way compromising the privacy and maybe security of >> everyone posting on any email list you get email from? No, I do not know that, and I still do not know that. That does not mean it is not true. While it would not prevent google from looking at the envelope (sender's address, etc., receiver's address, etc., Subject...), you could keep them from analyzing the content by encrypting it with gnupg (e.g., with enigmail). This would require your destinations to have pgp or gnupg and use it. This would not work on mailing lists except private ones with only a few users. > > Says someone without even a real name in his from-line. > > Why should that be a security problem? What would hinder $evildoer from > subscribing themselves? > Also, your comment wasn't helpful. > > Oh man. Do you really want to open this can of worms? One of Murphy's laws goes: When you open a can of worms, to recan them takes a larger size can. > > Sorry, I had to say this. I'm usually not the flamy type of a person. > Alex. - -- .~. Jean-David Beyer Registered Linux User 85642. /V\ PGP-Key: 9A2FC99A Registered Machine 241939. /( )\ Shrewsbury, New Jersey http://counter.li.org ^^-^^ 06:45:01 up 3 days, 11:33, 4 users, load average: 4.42, 4.16, 4.06 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFIiF98Ptu2XpovyZoRAuE1AJ9cBeXJVLJGZfyBK/TvqlsZX8LikgCeKKYc fnlM1YftqwConpH1jC3LoQM= =nYvs -----END PGP SIGNATURE----- From kunalvshah+gnupg at gmail.com Fri Jul 25 07:58:17 2008 From: kunalvshah+gnupg at gmail.com (Kunal Shah) Date: Fri, 25 Jul 2008 01:58:17 -0400 Subject: removing -----BEGIN PGP SIGNED MESSAGE---- Message-ID: <9e0076140807242258u32acf6afuf5d5bc02bb552b2e@mail.gmail.com> Hi All, while sending signed message through enigmail/thunderbird, message appends -----BEGIN PGP SIGNED MESSAGE---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is there anyway to avoid that? From rjh at sixdemonbag.org Fri Jul 25 08:45:37 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 25 Jul 2008 02:45:37 -0400 Subject: removing -----BEGIN PGP SIGNED MESSAGE---- In-Reply-To: <9e0076140807242258u32acf6afuf5d5bc02bb552b2e@mail.gmail.com> References: <9e0076140807242258u32acf6afuf5d5bc02bb552b2e@mail.gmail.com> Message-ID: <48897691.3090006@sixdemonbag.org> Kunal Shah wrote: > Is there any way to avoid that? Sort of. PGP/MIME. If PGP/MIME is not an option for you, then no, there is no way to avoid it. Inline OpenPGP signatures require that text to be present. From george.davidescu at gmail.com Mon Jul 28 17:34:05 2008 From: george.davidescu at gmail.com (bezna) Date: Mon, 28 Jul 2008 08:34:05 -0700 (PDT) Subject: Keyblock packet tree structure? Message-ID: <18691259.post@talk.nabble.com> Hello, I was wondering if someone in the know could fill me in on what, in general terms, the structure of a keyblock in GPG looks like. I know it's a tree of packets that diverges into one for the secret key and one for the public key component, but what's at the root? Just what the arrangement of packets in the keyblock is, maybe as a diagram (even an ASCII one in the email body), is all I'd like to know. Thank you, George -- View this message in context: http://www.nabble.com/Keyblock-packet-tree-structure--tp18691259p18691259.html Sent from the GnuPG - User mailing list archive at Nabble.com. From gnupg.mdmph at gmail.com Fri Jul 25 01:09:33 2008 From: gnupg.mdmph at gmail.com (GNU MD) Date: Thu, 24 Jul 2008 19:09:33 -0400 Subject: Portable GNUPG? Message-ID: <330519960807241609n399bd11ao10cf0414df493ea@mail.gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Well I apologize if in my newness I missed any replies. But I don't think I did. My problem: I am a physician, so I tend to work on these locked-down computers in various hospitals. Electronic medical records are OK, but really there is no replacement for a patient list, such as a to-do list (labs to check up on and phone numbers to call the patients regarding test results etc). I have no intention of leaking patient related information or even a fragment of a social security number or a phone number etc... so I want to be able to write myself an electronic note (ie. notepad) and encrypt that note either symmetrically or preferably to my personal public key for safe-keeping. I also want to be able to take that note with me and open it when I am somewhere else (like on another computer). I noticed that the computers I work on do not let me do invasive things such as install GNUPG (ex. gpg4win). I did find some website that is a bit out of date talking about running GPG off of a USB drive. Has anyone done this sorta thing. I mean I would even try using Truecrypt but even that program's guest feature still requires Truecrypt to already be installed by someone with administrator access. Any help would be greatly appreciated. Also I wanted to thank whomever it was that mentioned biglog, I signed up and inserted in my key. I noticed one can also create a keyring. Not real sure how that is used. I would love to get every (or any) other physician using GNUPG. I think making webs of trust and sharing them with pharmacies could really help decrease the cost of healthcare by permitting e-prescribing and keeping out the pharmaceutical industry. Well that could be a whole other post in itself. Best regards, - -Steve (gnumd) 0x1036DFBA -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) - WinPT 1.2.0 iD8DBQFIiQuUAS9dxxA237oRAu1NAJ97yuE2LfK9p78YE6Pm+0J+u3iqOQCeMfqx x76+s5i/JIaJ2cciB0wRgqE= =s8Xn -----END PGP SIGNATURE----- From kunalvshah+gnupg at gmail.com Fri Jul 25 19:08:52 2008 From: kunalvshah+gnupg at gmail.com (Kunal Shah) Date: Fri, 25 Jul 2008 13:08:52 -0400 Subject: removing -----BEGIN PGP SIGNED MESSAGE---- In-Reply-To: <4889E42A.9050300@earthlink.net> References: <4889E42A.9050300@earthlink.net> Message-ID: <9e0076140807251008l14881321q71f48c6c282726c@mail.gmail.com> On Fri, Jul 25, 2008 at 10:33 AM, Kara wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: RIPEMD160 > > ==== > > Reference: > > Subject: Re: removing -----BEGIN PGP SIGNED MESSAGE---- > Date: Fri, 25 Jul 2008 02:45:37 -0400 > From: Robert J. Hansen > To: Kunal Shah > CC: GnuPG Users > > Kunal Shah wrote: >>> >>> Is there any way to avoid that? >>> > > Robert J. Hansen wrote: >> >> Sort of. PGP/MIME. >> >> If PGP/MIME is not an option for you, then no, there is no way >> to avoid it. Inline OpenPGP signatures require that text to >> be present. >> > > Keep in mind that not all e-mail programs can handle PGP/MIME > messages. Among them. those provided by Windows which regretfully > represents an exceptionally high proportion of individuals using > computers. > > Although not a GPG/PGP solution, another alternative would be to use > your computer's S/MIME capability along with x.509 certificates > (perhaps obtained from either Thawte (www.thawte.com) or CAcert > (www.cacert.org) or any of the other Certificate authorities that > offer free x.509 certificates. > > Best wishes for an enjoyable Fri and a great weekend coming up. In that case, I will need to obtain private key with openssl package and send my pub key to CA to obtain certificate. However, if i go with that procedure, my friends who uses GNUPg or PGP will not be able to verify my signature. I guess I am running into cross platform issues. in fact, I need to sign the message using a. GNUPg private key for those who uses GNUPg and b. S/MIME for those who uses GPG/MIME or S/MIME. is that correct understanding? > > > Timestamp: Fri 25 Jul 2008, 1033 Local (UTC -0400) > > ==== > . > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: For keyID and its URL see OpenPGP message header > > iEYEAREDAAYFAkiJ5CgACgkQ15k+1L3RO5CvcgCg29YKwP8QKma1JWTVbbwDWC3U > aSQAoOACE52Pj7wQrSiVNtUn5q58Kjhk > =7QU8 > -----END PGP SIGNATURE----- > From wk at gnupg.org Mon Jul 28 18:17:17 2008 From: wk at gnupg.org (Werner Koch) Date: Mon, 28 Jul 2008 18:17:17 +0200 Subject: Keyblock packet tree structure? In-Reply-To: <18691259.post@talk.nabble.com> (george.davidescu@gmail.com's message of "Mon, 28 Jul 2008 08:34:05 -0700 (PDT)") References: <18691259.post@talk.nabble.com> Message-ID: <87vdyq2dbm.fsf@wheatstone.g10code.de> On Mon, 28 Jul 2008 17:34, george.davidescu at gmail.com said: > I was wondering if someone in the know could fill me in on what, in general > terms, the structure of a keyblock in GPG looks like. I know it's a tree of The keyblock is defined by OpenPGP (rfc4880). As of now gpg uses this very format to store the packets along with some metadata. However this is an internal implementaion detail of gpg. > packets that diverges into one for the secret key and one for the public key > component, but what's at the root? Just what the arrangement of As per OpenPGP the very first packet is either a public or secret key packet. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From kunalvshah+gnupg at gmail.com Sun Jul 27 20:31:06 2008 From: kunalvshah+gnupg at gmail.com (Kunal Shah) Date: Sun, 27 Jul 2008 18:31:06 +0000 Subject: is gnupg user mailing list down? Message-ID: <9e0076140807271131g17d836c1vebca593e00160fe5@mail.gmail.com> I am not getting my own messages or reply to any of my messages. From carloswill at gmail.com Mon Jul 28 16:58:35 2008 From: carloswill at gmail.com (Carlos Williams) Date: Mon, 28 Jul 2008 10:58:35 -0400 Subject: Trying to Understand Keys Message-ID: Looking to create keys however I really would like to understand before I select a key which is best to use. Normally I would just select "default" when I don't know however I think in this case it would be wise to understand the difference between the options listed below... Anyone explain to me the pros / cons between the 1, 2. & 5? Please select what kind of key you want: (1) DSA and Elgamal (default) (2) DSA (sign only) (5) RSA (sign only) Your selection? -- Man your battle stations... From kunalvshah+gnupg at gmail.com Fri Jul 25 18:33:08 2008 From: kunalvshah+gnupg at gmail.com (Kunal Shah) Date: Fri, 25 Jul 2008 12:33:08 -0400 Subject: removing -----BEGIN PGP SIGNED MESSAGE---- In-Reply-To: References: <9e0076140807242258u32acf6afuf5d5bc02bb552b2e@mail.gmail.com> Message-ID: <9e0076140807250933t61e512a3t7510715c43cea257@mail.gmail.com> On Fri, Jul 25, 2008 at 3:32 AM, Laurent Jumet wrote: > > Hello Kunal ! > > "Kunal Shah" wrote: > >> while sending signed message through enigmail/thunderbird, message >> appends -----BEGIN PGP SIGNED MESSAGE---- -----BEGIN PGP SIGNED >> MESSAGE----- >> Hash: SHA1 > > Of course not. It's the flag defining the beginning and the end of a crypted message. But i am not encrypting message. I am simply signing it. > > -- > Laurent Jumet > KeyID: 0xCFAF704C > From faramir.cl at gmail.com Mon Jul 28 18:47:28 2008 From: faramir.cl at gmail.com (Faramir) Date: Mon, 28 Jul 2008 12:47:28 -0400 Subject: is gnupg user mailing list down? In-Reply-To: <9e0076140807271131g17d836c1vebca593e00160fe5@mail.gmail.com> References: <9e0076140807271131g17d836c1vebca593e00160fe5@mail.gmail.com> Message-ID: <488DF820.7040806@gmail.com> Kunal Shah escribi?: > I am not getting my own messages or reply to any of my messages. It seems it is usual with gmail to don't be able to see your own messages, at least, I have never been able to. It is a "feature" to avoid flooding your inbox... But I remember having seen a messages saying something about a list with problems (being solved), but I don't remember if it was gnupg-users, or another related list... From carloswill at gmail.com Mon Jul 28 18:54:41 2008 From: carloswill at gmail.com (Carlos Williams) Date: Mon, 28 Jul 2008 12:54:41 -0400 Subject: is gnupg user mailing list down? In-Reply-To: <488DF820.7040806@gmail.com> References: <9e0076140807271131g17d836c1vebca593e00160fe5@mail.gmail.com> <488DF820.7040806@gmail.com> Message-ID: On Mon, Jul 28, 2008 at 12:47 PM, Faramir wrote: > Kunal Shah escribi?: >> I am not getting my own messages or reply to any of my messages. > > It seems it is usual with gmail to don't be able to see your own > messages, at least, I have never been able to. It is a "feature" to > avoid flooding your inbox... But I remember having seen a messages > saying something about a list with problems (being solved), but I don't > remember if it was gnupg-users, or another related list... Same with me. I sent a message a few hours ago from Gmail and never receive my own post mailed to me. I do see it in the reply when someone responds to my original post. From rjh at sixdemonbag.org Mon Jul 28 18:56:47 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 28 Jul 2008 09:56:47 -0700 Subject: Trying to Understand Keys In-Reply-To: References: Message-ID: <488DFA4F.6050003@sixdemonbag.org> Carlos Williams wrote: > Anyone explain to me the pros / cons between the 1, 2. & 5? No. If you want to understand the tradeoffs, you're going to need an undergraduate math degree at the absolute minimum. As far as the layman is concerned, the only option you should care about is (1). The general rule is "unless you know what you're doing and why, stick with the defaults." From m.mansfeld at mansfeld-elektronik.de Mon Jul 28 18:26:41 2008 From: m.mansfeld at mansfeld-elektronik.de (Matthias Mansfeld) Date: Mon, 28 Jul 2008 18:26:41 +0200 Subject: is gnupg user mailing list down? In-Reply-To: <9e0076140807271131g17d836c1vebca593e00160fe5@mail.gmail.com> References: <9e0076140807271131g17d836c1vebca593e00160fe5@mail.gmail.com> Message-ID: <488E0F61.16478.1DD79323@m.mansfeld.mansfeld-elektronik.de> On 27 Jul 2008 at 18:31, Kunal Shah wrote: > I am not getting my own messages or reply to any of my messages. > List is up and running. I got your mail. My reply goes to list gnupg-users at gnupg.org and CC: to your address kunalvshah+gnupg at gmail.com Normally, you should get it twice. Best regards Matthias Mansfeld -- Matthias Mansfeld Elektronik * Leiterplattenlayout Neithardtstr. 3, 85540 Haar; Tel.: 089/4620 093-7, Fax: -8 Internet: http://www.mansfeld-elektronik.de GPG http://www.mansfeld-elektronik.de/gnupgkey/mansfeld.asc From faramir.cl at gmail.com Mon Jul 28 19:05:23 2008 From: faramir.cl at gmail.com (Faramir) Date: Mon, 28 Jul 2008 13:05:23 -0400 Subject: Portable GNUPG? In-Reply-To: <330519960807241609n399bd11ao10cf0414df493ea@mail.gmail.com> References: <330519960807241609n399bd11ao10cf0414df493ea@mail.gmail.com> Message-ID: <488DFC53.6020703@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 GNU MD escribi?: > Well I apologize if in my newness I missed any replies. > But I don't think I did. > My problem: > I am a physician, so I tend to work on these locked-down > computers in various hospitals. Electronic medical records > are OK, but really there is no replacement for a patient list, Do you use windows? If you use it, you can install gpgshell (a GUI for GnuPG), and use an utility named Copy2USB to copy the files into a folder (and you can put that folder into an USB flash memory stick). and then, you just need to copy your keyrings into that folder (overwriting the empty keyrings), and you are ready to use a portable GnuPG, with gpgshell, which is excellent to encrypt and decrypt txt files, or from and to the clipboard... I am sure there are other solutions, but I don't know them. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJIjfxTAAoJEMV4f6PvczxAMpsH/R5pvTbYV19zGuOW8Vloaf+T CruwsWOrBDd61BkuhxALD73+ri5cpi3LhuvV1SVQvUuw84lelAzIoPzXw/UKuOgR CyBR7D0e4TyIYfa+/96jJ9iDtrYb617Yl8q2WIQkdm6Olu3Ut7uVnyV2gmRj6a7D 0+88jHr033SoElLJwvkrY58jOjJoEXZDjLAixnGDkTMGqEe5FTEQqksANPMUaLWG YMehpBAmeAxH/pEip0OhSm3Tyco+fbRjRo9+rcpraa36eIUy71NYCQgCb8Ynpm0o 6sX2oIItGBIEOT0vA6oz1V1nCGs2YCO1w+CwPkgD8pZEMFuMe8VOx1aIIFyDHAk= =p9AZ -----END PGP SIGNATURE----- From jmoore3rd at bellsouth.net Mon Jul 28 21:37:14 2008 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Mon, 28 Jul 2008 15:37:14 -0400 Subject: Portable GNUPG? In-Reply-To: <330519960807241609n399bd11ao10cf0414df493ea@mail.gmail.com> References: <330519960807241609n399bd11ao10cf0414df493ea@mail.gmail.com> Message-ID: <488E1FEA.2020109@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 GNU MD wrote: > things such as install GNUPG (ex. gpg4win). I did find some website > that is a bit out of date talking about running GPG off of a USB drive. > Has anyone done this sorta thing. I mean I would even try using Truecrypt > but even that program's guest feature still requires Truecrypt to already > be installed by someone with administrator access. > Any help would be greatly appreciated. You may find GPG2GO satisfies Your needs /if/ You are comfortable using the Command Line inputs instead of a User Interface. http://gpg2go.ifrance.com/ The files in the download package have been UPX compressed in order to fit 'comfortably' on a floppy disk but if You're using a USB device then You may feel free to replace them with uncompressed Binary Files via Copy/Paste [overwriting the existing Files]. HTH JOHN ;) Timestamp: Monday 28 Jul 2008, 15:36 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4799: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJIjh/mAAoJEBCGy9eAtCsPZEUH/2a2M3pgVOai0KWvSeBDpY5S 2lgQhba27BCop7WPRAcqCzthHJWhzsT7EaCOGl2+G60aTD5CY9DmxW5UR7IgwXog I3jC3HiFN2EFHhi4VdlNSt1vTNh3W5NG9Xv4zP/EbhGcj31j6KFs4nl2mXXnlo6G VByS7qA0j0gGe74aG0yv2CBDjPK5Fgor8cO5jI3q3J2WtIZcsI9IWMuoktK/7YHo pfT6RIxvZ2gTBm0wV0OAnbEj2TeLB2el87GPDDKOAia/owO9hqT9mCa1E7oDz3NV 4x4q5WU84+VtOF/0T+GmIFnSpHFK1XP5XV6dg0r+J8TyWfcO3v3xlGL0GdZRaYo= =lBAi -----END PGP SIGNATURE----- From lorenl at north-winds.org Mon Jul 28 22:09:18 2008 From: lorenl at north-winds.org (Loren M. Lang) Date: Mon, 28 Jul 2008 13:09:18 -0700 Subject: Key Flags Discontinuity Message-ID: <488E276E.7030905@north-winds.org> There seems to be a discontinuity on the usage of key flags between the primary key and subkeys. The key flags for subkeys is stored in the subkey binding signature of which there is one of and affects all trust on that subkey. The primary key's key flags are stored in the self-signatures of it's various user ids linking it to the trust of a specific user id. It seems to me that it would be more appropriate to put the key flags in a direct key signature (0x1F) of the primary key. Is this allowed by OpenPGP? -- Loren M. Lang lorenl at north-winds.org http://www.north-winds.org/ Public Key: ftp://ftp.north-winds.org/pub/lorenl_pubkey.asc Fingerprint: 10A0 7AE2 DAF5 4780 888A 3FA4 DCEE BB39 7654 DE5B -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature URL: From lorenl at north-winds.org Mon Jul 28 21:36:07 2008 From: lorenl at north-winds.org (Loren M. Lang) Date: Mon, 28 Jul 2008 12:36:07 -0700 Subject: Key Flags Message-ID: <488E1FA7.6040409@north-winds.org> I am trying to understand the differences between the key flags sign and certify. As I understand it all self-signatures are a type of certification so the primary key needs certify, but not sign. A subkey can have sign and not certify. Also, when signing someone elses user id or user attribute the signing key must have certify. The sign flag is used for signing things not part of the web of trust such as emails, software, etc. -- Loren M. Lang lorenl at north-winds.org http://www.north-winds.org/ Public Key: ftp://ftp.north-winds.org/pub/lorenl_pubkey.asc Fingerprint: 10A0 7AE2 DAF5 4780 888A 3FA4 DCEE BB39 7654 DE5B -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature URL: From dshaw at jabberwocky.com Mon Jul 28 22:35:08 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 28 Jul 2008 16:35:08 -0400 Subject: Key Flags In-Reply-To: <488E1FA7.6040409@north-winds.org> References: <488E1FA7.6040409@north-winds.org> Message-ID: <20080728203508.GB32125@jabberwocky.com> On Mon, Jul 28, 2008 at 12:36:07PM -0700, Loren M. Lang wrote: > I am trying to understand the differences between the key flags sign and > certify. As I understand it all self-signatures are a type of > certification so the primary key needs certify, but not sign. Yes, though in practice, most primary keys have both. > A subkey > can have sign and not certify. Yes. > Also, when signing someone elses user id > or user attribute the signing key must have certify. Yes. Note that since the web of trust is made up of primary key signatures, this naturally follows from your first statement. > The sign flag is > used for signing things not part of the web of trust such as emails, > software, etc. Yes. David From dshaw at jabberwocky.com Mon Jul 28 22:42:15 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 28 Jul 2008 16:42:15 -0400 Subject: Key Flags Discontinuity In-Reply-To: <488E276E.7030905@north-winds.org> References: <488E276E.7030905@north-winds.org> Message-ID: <20080728204215.GC32125@jabberwocky.com> On Mon, Jul 28, 2008 at 01:09:18PM -0700, Loren M. Lang wrote: > There seems to be a discontinuity on the usage of key flags between the > primary key and subkeys. The key flags for subkeys is stored in the > subkey binding signature of which there is one of and affects all trust > on that subkey. The primary key's key flags are stored in the > self-signatures of it's various user ids linking it to the trust of a > specific user id. It seems to me that it would be more appropriate to > put the key flags in a direct key signature (0x1F) of the primary key. > Is this allowed by OpenPGP? Allowed, yes. Actually done, no. There is a good bit of historical "this is the way we do it" in OpenPGP, and this is one of those cases. OpenPGP allows key flags to be in either a user ID signature (0x10-0x13) or the direct key signature (0x1F). In practice, everyone puts them in the user ID signature. David From kloecker at kde.org Tue Jul 29 23:35:50 2008 From: kloecker at kde.org (Ingo =?utf-8?q?Kl=C3=B6cker?=) Date: Tue, 29 Jul 2008 23:35:50 +0200 Subject: [OT] Re: is gnupg user mailing list down? In-Reply-To: References: <9e0076140807271131g17d836c1vebca593e00160fe5@mail.gmail.com> <488DF820.7040806@gmail.com> Message-ID: <200807292335.50646@thufir.ingo-kloecker.de> On Monday 28 July 2008, Carlos Williams wrote: > On Mon, Jul 28, 2008 at 12:47 PM, Faramir wrote: > > Kunal Shah escribi?: > >> I am not getting my own messages or reply to any of my messages. > > > > It seems it is usual with gmail to don't be able to see your own > > messages, at least, I have never been able to. It is a "feature" to > > avoid flooding your inbox... But I remember having seen a messages > > saying something about a list with problems (being solved), but I > > don't remember if it was gnupg-users, or another related list... > > Same with me. I sent a message a few hours ago from Gmail and never > receive my own post mailed to me. I do see it in the reply when > someone responds to my original post. Your own post is supposed to be visible in the [All Mail] folder/group. At least, that's what other Gmail users have said. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 194 bytes Desc: This is a digitally signed message part. URL: From vedaal at hush.com Wed Jul 30 00:18:00 2008 From: vedaal at hush.com (vedaal at hush.com) Date: Tue, 29 Jul 2008 18:18:00 -0400 Subject: portable gnupg Message-ID: <20080729221801.F1B8C20044@mailserver7.hushmail.com> >Subject: Re: Portable GNUPG? >GNU MD escribi?: >> My problem: >> I am a physician, so I tend to work on these locked-down >> computers in various hospitals. Electronic medical records >> are OK, but really there is no replacement for a patient list, any public computers are a major security risk to leaking confidential patient data, even if run from a usb disk with truecrypt/gnupg/pgp/ ... any 'secure' program the safest way is to have all your confidential data on a laptop, and NEVER connect it to the internet you can use your usb to transfer files from the laptop to the public computer, and do all the encryption/decryption/signing etc. on the laptop you can use truecrypt whole disk encryptio to encrypt the drive and operating system of the laptop, so that if it is lost or stolen, the data will remain private disclaimer: [consult the legal dept. of your hospital about the following:] i have a friend who is a systems analyst for a hospital IT dept. and he says that encrypting a harddrive with truecrypt or pgp- wholedisk is 'enough' for the HIPAA and JCAHO privacy compliance standards, even if the laptop is lost or stolen again, check with the legal dept of your hospital would be happy to follow up in private encrypted e-mail my keys are here: http://www.angelfire.com/pr/pgpf/mykeys.html vedaal any ads or links below this message are added by hushmail without my endorsement or awareness of the nature of the link -- Hotel pics, info and virtual tours. Click here to book a hotel online. http://tagline.hushmail.com/fc/Ioyw6h4eRCkgBL2BM8xebjySPg4rTEY3TJIlBbWioWzUiFIJtbrvsT/ From helge.gudmundsen at gmail.com Wed Jul 30 02:23:32 2008 From: helge.gudmundsen at gmail.com (Helge Gudmundsen) Date: Wed, 30 Jul 2008 01:23:32 +0100 Subject: gpg vs. gpg2 and smartcards on OSX Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I have a small issue with my smartcard (FSFE - OpenPGP card) on OSX. gpg --card-edit lets me edit data on the card, while gpg2 --card-edit does not. In both cases, the card info is listed, but if I try to change any settings, it only works with gpg: Command> lang Language preferences: en gpg: 3 Admin PIN attempts remaining before card is permanently locked If I try to do the same with gpg2, I run into trouble: Command> lang Language preferences: en gpg: error setting lang: Permission denied The versions I have installed are: gpg (GnuPG) 1.4.8 gpg (GnuPG) 2.0.9 Does anyone have any idea of why this could be? Best regards, Helge -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin) iEYEARECAAYFAkiPtI8ACgkQ1qMWUZY9diomegCggM2WkX4afva1SAwoMRNeK/oc zdkAnjdd4bMfOxsxu0O7AI1EQlZjAAmc =5O5P -----END PGP SIGNATURE----- From helge.gudmundsen at gmail.com Wed Jul 30 02:29:14 2008 From: helge.gudmundsen at gmail.com (Helge Gudmundsen) Date: Wed, 30 Jul 2008 01:29:14 +0100 Subject: gpg vs. gpg2 and smartcards on OSX Message-ID: Hello, I have a small issue with my smartcard (FSFE - OpenPGP card) on OSX. gpg --card-edit lets me edit data on the card, while gpg2 --card-edit does not. In both cases, the card info is list, if I try to change the language setting, it works nicely with gpg: Command> lang Language preferences: en gpg: 3 Admin PIN attempts remaining before card is permanently locked However, if I try to do the same with gpg2, I run into trouble: Command> lang Language preferences: en gpg: error setting lang: Permission denied The versions I have installed are: gpg (GnuPG) 1.4.8 gpg (GnuPG) 2.0.9 Does anyone have any idea of why this could be? Best regards, Helge From wk at gnupg.org Wed Jul 30 09:12:27 2008 From: wk at gnupg.org (Werner Koch) Date: Wed, 30 Jul 2008 09:12:27 +0200 Subject: gpg vs. gpg2 and smartcards on OSX In-Reply-To: (Helge Gudmundsen's message of "Wed, 30 Jul 2008 01:23:32 +0100") References: Message-ID: <877ib3u9pg.fsf@wheatstone.g10code.de> On Wed, 30 Jul 2008 02:23, helge.gudmundsen at gmail.com said: > If I try to do the same with gpg2, I run into trouble: > > Command> lang > Language preferences: en > gpg: error setting lang: Permission denied Put allow-admin into your ~/.gnupg/scdaemon.conf. --allow-admin --deny-admin This enables the use of Admin class commands for card applications where this is supported. Currently we support it for the OpenPGP card. Deny is the default. This commands is useful to inhibit accidental access to admin class command which could ultimately lock the card through wrong PIN numbers. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From michael at localhost Tue Jul 29 11:27:57 2008 From: michael at localhost (Michael Kesper) Date: Tue, 29 Jul 2008 11:27:57 +0200 Subject: removing -----BEGIN PGP SIGNED MESSAGE---- In-Reply-To: <9e0076140807251008l14881321q71f48c6c282726c@mail.gmail.com> References: <4889E42A.9050300@earthlink.net> <9e0076140807251008l14881321q71f48c6c282726c@mail.gmail.com> Message-ID: <20080729092757.GA4327@localhost> Hi, * Kunal Shah [2008-07-25 13:08:52 -0400]: ? > On Fri, Jul 25, 2008 at 10:33 AM, Kara wrote: > > Kunal Shah wrote: > >>> > >>> Is there any way to avoid that? > >>> > > > > Robert J. Hansen wrote: > >> > >> Sort of. PGP/MIME. [...] > In that case, I will need to obtain private key with openssl package > and send my pub key to CA to obtain certificate. However, if i go with > that procedure, my friends who uses GNUPg or PGP will not be able to > verify my signature. > > I guess I am running into cross platform issues. in fact, I need to > sign the message using a. GNUPg private key for those who uses GNUPg > and b. S/MIME for those who uses GPG/MIME or S/MIME. is that correct > understanding? GPG/MIME and S/MIME are two different approaches. My advice would be to use GPG/MIME and to give friends the advice to use mail clients that understand them. Even outlook can be teached to understand it nowadays: http://www.g10code.de/p-gpgol.html Best wishes Michael -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 315 bytes Desc: Digital signature URL: From wk at gnupg.org Thu Jul 31 10:58:51 2008 From: wk at gnupg.org (Werner Koch) Date: Thu, 31 Jul 2008 10:58:51 +0200 Subject: removing -----BEGIN PGP SIGNED MESSAGE---- In-Reply-To: <20080729092757.GA4327@localhost> (Michael Kesper's message of "Tue, 29 Jul 2008 11:27:57 +0200") References: <4889E42A.9050300@earthlink.net> <9e0076140807251008l14881321q71f48c6c282726c@mail.gmail.com> <20080729092757.GA4327@localhost> Message-ID: <87ej5amnuc.fsf@wheatstone.g10code.de> On Tue, 29 Jul 2008 11:27, michael at localhost said: > GPG/MIME and S/MIME are two different approaches. The name is PGP/MIME (rfc3156). Shalom-Salam, Werner p.s. Michael, please check your mail configuration: does not make much sense. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From satish.alreja at gmail.com Wed Jul 30 23:13:04 2008 From: satish.alreja at gmail.com (SatishK) Date: Wed, 30 Jul 2008 14:13:04 -0700 (PDT) Subject: GNUpg Version 1.4.8 on Solaris 10 (Sparc) Message-ID: <18742963.post@talk.nabble.com> We have just installed gnupg-1.4.8 on Sparc/Solaris 10. Is it possible to use gpg to encrypt a file using private key and passphrase (under program control) and send it to a remote user ? The remote user should be able to decrypt the file with the public key sent by us. Will appreciate clarification on this. Thanks, Satish -- View this message in context: http://www.nabble.com/GNUpg-Version-1.4.8-on-Solaris-10-%28Sparc%29-tp18742963p18742963.html Sent from the GnuPG - User mailing list archive at Nabble.com. From sandra.de.groot at nl.abnamro.com Thu Jul 31 14:12:42 2008 From: sandra.de.groot at nl.abnamro.com (sandra.de.groot at nl.abnamro.com) Date: Thu, 31 Jul 2008 14:12:42 +0200 Subject: compatible between GnuPG 1.4.7 and PGP 6.5.2 Message-ID: Good afternoon, I am having a question is the GnuPG 1.4.7 version working with PGP 6.5.2? One of our customers is using GnuPG 1.4.7 and we are using PGP 6.5.2 and now we got problems with decrypting the message? Could you please tell me if both versions are working with each other? Thank you very much, Sandra de Groot --------------------------------------------------------------------------- This message (including any attachments) is confidential and may be privileged. If you have received it by mistake please notify the sender by return e-mail and delete this message from your system. Any unauthorised use or dissemination of this message in whole or in part is strictly prohibited. Please note that e-mails are susceptible to change. ABN AMRO Bank N.V, which has its seat at Amsterdam, the Netherlands, and is registered in the Commercial Register under number 33002587, including its group companies, shall not be liable for the improper or incomplete transmission of the information contained in this communication nor for any delay in its receipt or damage to your system. ABN AMRO Bank N.V. (or its group companies) does not guarantee that the integrity of this communication has been maintained nor that this communication is free of viruses, interceptions or interference. --------------------------------------------------------------------------- From wk at gnupg.org Thu Jul 31 14:51:45 2008 From: wk at gnupg.org (Werner Koch) Date: Thu, 31 Jul 2008 14:51:45 +0200 Subject: [Announce] Dirmngr 1.0.2 released Message-ID: <87r69ajjxa.fsf@wheatstone.g10code.de> Hi! We are pleased to announce the availability of Dirmngr version 1.0.2. Dirmngr is a server for managing and downloading certificate revocation lists (CRLs) for X.509 certificates and for downloading the certificates themselves. Dirmngr also handles OCSP requests as an alternative to CRLs. Although Dirmngr can be invoked on demand, it should in general be installed as a system daemon. Get it from: ftp://ftp.gnupg.org/gcrypt/dirmngr/dirmngr-1.0.2.tar.bz2 (541k) ftp://ftp.gnupg.org/gcrypt/dirmngr/dirmngr-1.0.2.tar.bz2.sig or as a patch against the last beta version: ftp://ftp.gnupg.org/gcrypt/dirmngr/dirmngr-1.0.1-1.0.2.diff.bz2 (144k) SHA-1 checksums are: 55c82f918731f142cbe26d598a97c0c08bd7d1f8 dirmngr-1.0.2.tar.bz2 8d1482be8e8189aec726e0b20d66a3bcfd43e459 dirmngr-1.0.1-1.0.2.diff.bz2 Whats new in this release ========================= * New option --url for the LOOKUP command and dirmngr-client. * The LOOKUP command does now also consults the local cache. New option --cache-only for it and --local for dirmngr-client. * Port to Windows completed. * Improved certificate chain construction. * Support loading of PEM encoded CRLs via HTTP. There is now also a collection of some useful certificates in the doc/examples directory. Documentation ============= Dirmngr comes with man pages and as well as with a texinfo based manual. Run "info dirmngr" to read the manual or run make -C doc dirmngr.pdf to build a printable version. If you have questions on the use of Dirmngr, feel free to ask at gnupg-users at gnupg.org. Support ======= Improving Dirmngr is costly, but you can help! We are looking for organizations that find Dirmngr useful and wish to contribute back. You can contribute by reporting bugs, improve the software, or by donating money. Commercial support contracts for Dirmngr are available, and they help finance continued maintenance. g10 Code GmbH, a Duesseldorf based company owned and headed by GnuPG's principal author, is currently funding Dirmngr development. We are always looking for interesting development projects. A service directory is available at: http://www.gnupg.org/service.html Thanks ====== We have to thank all the people who helped with this release. The folks at Intevation helped a lot to track down bugs and to define new features. Marcus Brinkmann is mainly responsible for completing the Windows port. Happy Hacking, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 205 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From dshaw at jabberwocky.com Thu Jul 31 15:56:19 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 31 Jul 2008 09:56:19 -0400 Subject: compatible between GnuPG 1.4.7 and PGP 6.5.2 In-Reply-To: References: Message-ID: On Jul 31, 2008, at 8:12 AM, sandra.de.groot at nl.abnamro.com wrote: > > Good afternoon, > > I am having a question is the GnuPG 1.4.7 version working with PGP > 6.5.2? > > One of our customers is using GnuPG 1.4.7 and we are using PGP > 6.5.2 and > now we got problems with decrypting the message? > > Could you please tell me if both versions are working with each other? In general, GPG will work with PGP 6. However, you have not given enough information for someone to help you. We need more than "we got problems" to give you an intelligent answer. At the barest minimum, what error message did you get when you tried to decrypt? David From vedaal at hush.com Thu Jul 31 16:04:22 2008 From: vedaal at hush.com (vedaal at hush.com) Date: Thu, 31 Jul 2008 10:04:22 -0400 Subject: re; compatible between GnuPG 1.4.7 and PGP 6.5.2 Message-ID: <20080731140422.F3AC01A003A@mailserver8.hushmail.com> sandra.de.groot at nl.abnamro.com sandra.de.groot at nl.abnamro.com wrote on Thu Jul 31 14:12:42 CEST 2008 ; >is the GnuPG 1.4.7 version working with PGP 6.5.2? it can be, but only if the gnupg user uses the option of '--pgp6' >One of our customers is using GnuPG 1.4.7 >and we are using PGP 6.5.2 >and now we got problems with decrypting the message? pgp 6.x is relatively old, and does not include AES (Rijndael) or Twofish if the gnupg user, by default uses AES (as is quite likely) then pgp6.x will not be able to decrypt am curious, why are you still using pgp 6.5.2 ? is it because you have commandline pgp 6.5.2 ? if you like/need commandline, gnupg commandline is incomparably better! (and free ;-) ) if not, and your staff is just 'comfortable' with pgp you might try using the latest version of pgp 8.x (available at zedz) which has the 'feel' of 6.5.2 but allows for AES and TWOFISH (even with pgp 8.x you should caution gnupg users to use the option of '--pgp8' otherwise you might not be able to verify their signatures using SHA-512 (or, less likely, SHA 224 or 384)) dag vedaal -- Find the perfect summer camp by clicking here now! http://tagline.hushmail.com/fc/Ioyw6h4dpyJNFwpgEUWQQzYd0roWA40luSry7Pk6EgW8vnltuzhyvd/ From wk at gnupg.org Thu Jul 31 16:08:45 2008 From: wk at gnupg.org (Werner Koch) Date: Thu, 31 Jul 2008 16:08:45 +0200 Subject: GNUpg Version 1.4.8 on Solaris 10 (Sparc) In-Reply-To: <18742963.post@talk.nabble.com> (satish.alreja@gmail.com's message of "Wed, 30 Jul 2008 14:13:04 -0700 (PDT)") References: <18742963.post@talk.nabble.com> Message-ID: <87vdymi1si.fsf@wheatstone.g10code.de> On Wed, 30 Jul 2008 23:13, satish.alreja at gmail.com said: > We have just installed gnupg-1.4.8 on Sparc/Solaris 10. Is it possible to use > gpg to encrypt a file using private key and passphrase (under program Yes: gpg -cer alfa at example.net foo While decrypting gpg ask you forthe passphrase if the secret key for alfa at example.net is not available. > control) and send it to a remote user ? The remote user should be able to > decrypt the file with the public key sent by us. Nope. You use his public key to encrypt He uses his secret key to decrypt Alternativley you can use the passphrase to symmetrically encrypt and decrypt. (That is what the option -c creates). Please do not use gpg 1.4.8 but 1.4.9. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From dave.smith at st.com Thu Jul 31 15:50:02 2008 From: dave.smith at st.com (David SMITH) Date: Thu, 31 Jul 2008 14:50:02 +0100 Subject: GNUpg Version 1.4.8 on Solaris 10 (Sparc) In-Reply-To: <18742963.post@talk.nabble.com> References: <18742963.post@talk.nabble.com> Message-ID: <20080731135002.GC11660@bristol.st.com> On Wed, Jul 30, 2008 at 02:13:04PM -0700, SatishK wrote: > > We have just installed gnupg-1.4.8 on Sparc/Solaris 10. Is it possible to use > gpg to encrypt a file using private key and passphrase (under program > control) and send it to a remote user ? The remote user should be able to > decrypt the file with the public key sent by us. > > Will appreciate clarification on this. Why would you want to? Surely you would want to encrypt it with their public key, so that they can decrypt it with their own private key? Otherwise you end up with the old chestnut of key exchange problems (i.e. if you can't get the document to them securely without encrypting it, how do you get the key to them securely?) I suspect that the closest thing to what you want to do is to generate a public/private keypair yourself, and then export the private key: gpg --armor --export-secret-key You can then give them this exported secret key. Of course, you need to be very careful about how you transport this secret key around. -- David Smith | Tel: +44 (0)1454 462380 Home: +44 (0)1454 616963 STMicroelectronics | Fax: +44 (0)1454 462305 Mobile: +44 (0)7932 642724 1000 Aztec West | TINA: 065 2380 GPG Key: 0xF13192F2 Almondsbury | Work Email: Dave.Smith at st.com BRISTOL, BS32 4SQ | Home Email: David.Smith at ds-electronics.co.uk From vedaal at hush.com Thu Jul 31 16:37:13 2008 From: vedaal at hush.com (vedaal at hush.com) Date: Thu, 31 Jul 2008 10:37:13 -0400 Subject: compatible between GnuPG 1.4.7 and PGP 6.5.2 // sorry, 'bad' advice :-(( Message-ID: <20080731143715.6759F1A003A@mailserver8.hushmail.com> vedaal at hush.com vedaal at hush.com wrote on Thu Jul 31 16:04:22 CEST 2008 : sandra.de.groot at nl.abnamro.com sandra.de.groot at nl.abnamro.com wrote on Thu Jul 31 14:12:42 CEST 2008 ; ---------------^^^^^^^ >you might try using the latest version of pgp 8.x >(available at zedz) sorry, forgot that you are 'commercial' and that pgp is NOT free for commercial use, and even though you can get it freely at zedz, you might have legal problems ... ;-(( but, good news, gnupg IS free for commercial use ;-) and anyone who can work with pgp commandline will have a much easier time with gnupg commandline (i've done both, from pgp2.x to commandline pgp8.5, and gnupg 1.0.x to present, and have no affiliation with either gnupg or pgp although, truth be told, am still very fond of Disasty's pgp 2.6.3 multi06, but that wouldn't help you, as it's only for v3 keys, and quite ancient ;-) ) and even if you need/want a front end GUI, they are available for gnupg, also free for commercial use http://www.gpg4win.org/ http://www.jumaros.de/rsoft/index.html vedaal any ads or links below this message are added by hushmail without my endorsement or awareness of the nature of the link -- Keep the fire burning with great fireplace accessories. Click now! http://tagline.hushmail.com/fc/Ioyw6h4dZ3rHCB4oRv2peReaoAcVmo5M0EhrN08cHXZ831DwgBXNaX/ From rjh at sixdemonbag.org Thu Jul 31 17:26:07 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 31 Jul 2008 08:26:07 -0700 Subject: compatible between GnuPG 1.4.7 and PGP 6.5.2 // sorry, 'bad' advice :-(( In-Reply-To: <20080731143715.6759F1A003A@mailserver8.hushmail.com> References: <20080731143715.6759F1A003A@mailserver8.hushmail.com> Message-ID: <4891D98F.1090905@sixdemonbag.org> vedaal at hush.com wrote: > you might try using the latest version of pgp 8.x > (available at zedz) As I understand it, PGP 8's license agreement does not allow for it to be hosted anywhere other than pgp.com. This means that obtaining it from zedz is a copyright violation, and probably should not be advocated. From vedaal at hush.com Thu Jul 31 18:22:41 2008 From: vedaal at hush.com (vedaal at hush.com) Date: Thu, 31 Jul 2008 12:22:41 -0400 Subject: =?UTF-8?B?UmU6IGNvbXBhdGlibGUgYmV0d2VlbiBHbnVQRyAxLjQuNyBhbmQgUEdQIDYuNS4yIC8vIHNvcnJ5LAknYmFkJyBhZHZpY2UgIDotKCg=?= Message-ID: <20080731162242.858511A003B@mailserver8.hushmail.com> On Thu, 31 Jul 2008 11:26:07 -0400 "Robert J. Hansen" wrote: >vedaal at hush.com wrote: >> you might try using the latest version of pgp 8.x >> (available at zedz) > >As I understand it, PGP 8's license agreement does not allow for >it to >be hosted anywhere other than pgp.com. This means that obtaining >it >from zedz is a copyright violation, and probably should not be >advocated. moot ;-) just tried to check the pgp8.0 license 8.x is NOT available on zedz ... vedaal any ads or links below this message are added by hushmail without my endorsement or awareness of the nature of the link From faramir.cl at gmail.com Thu Jul 31 18:26:31 2008 From: faramir.cl at gmail.com (Faramir) Date: Thu, 31 Jul 2008 12:26:31 -0400 Subject: gpg4win: is it possible to upgrade part of it? Message-ID: <4891E7B7.3060005@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Well, I have been using gpg 1.4.9 for a some months, and I am quite happy with it. But I would like to try GnuPG 2, and since I am on windows, I have to use gpg4win (since it is really unlikely I am going to compile it myself). But gpg4win comes with both gpg 1.4.7 and gpg 2.0.7, so... is there a way to update the 1.4.7 version to 1.4.9? I have the files in my computer, so if it is just matter to overwrite them with the newer ones, that would be easy... but I am not sure if GPG2 uses some of these files too... if it does, then I risk breaking it if I just overwrite... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJIkee3AAoJEMV4f6PvczxANDoIAIV3l/tXBhpiTfDWERYEc2HI MHMhoUcyK40bZxRFoEX/oRAeevk1PpMZoW+n33n7oOlLqrewINuwh4mFVXIc+Vjd gzyW+QzaebC24/BJkqx/qktNL4kFB2N5ow6rRSHJYViRjsB0KZc5yyoPg1XkcFEy DFiaFHyi0LNoy2xqSHrUHgi0Bm3tfvA+ekBTURFPRmcBTYcVvpzpX4acC2ILAF61 wNROC++8fssj+RToTAAvJ92KNxBzjE/MDW6qT83aDqsBa3h6yBLhn+Cc/5/l379e TlJ9tn3xuvLW9yI5y9ux+VXmdt0SUTL2CaonpQ1NdeANxQddEZrQtf2dn75aRno= =8OTz -----END PGP SIGNATURE----- From jmoore3rd at bellsouth.net Thu Jul 31 19:04:29 2008 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Thu, 31 Jul 2008 13:04:29 -0400 Subject: gpg4win: is it possible to upgrade part of it? In-Reply-To: <4891E7B7.3060005@gmail.com> References: <4891E7B7.3060005@gmail.com> Message-ID: <4891F09D.9060307@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Faramir wrote: > the files in my computer, so if it is just matter to overwrite them with > the newer ones, that would be easy... but I am not sure if GPG2 uses > some of these files too... if it does, then I risk breaking it if I just > overwrite... Experiment! After 1.4.7 is in place, Copy those Binaries to another 'undisclosed location' then overwrite them with 1.4.9 and see. If it breaks, replace with the previously stashed 1.4.7 Files. FWIW, it won't 'break' but this is how one learns. :-D JOHN ;) Timestamp: Thursday 31 Jul 2008, 13:04 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4799: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJIkfCcAAoJEBCGy9eAtCsPcfgH/i96NcorIYtHgXLL7rTRFJuS wralbwY6RXzMzXA3Fx+hLKzT940p1lU1vUF8nvjOov6S3zW8WtnRyYUUX0Z9aQxR l6MZXNtcelEVzFy8NZ+mlW/+LcaP4jrUlUf/wm9bb0qT65W0t9ggjUAOCWQUySn+ ZcSZobCEtg2UybcbjZdKwIEnwcyyX7d1wSFlU3J+B+AuhPTmHTcZ6wujFCm/k7Zx fCoZGWZKsXNLBnR7i7QU72GZp9dPo3jy9syS6tQSU6hnuWaOyfBt0EKRn3EZ6inj Ckfj41RQlSIJGUuHs90eGJvMsH6GhIMN7+NJMQOkp0S9TnhIax5NkUR3D54X0DA= =J6YO -----END PGP SIGNATURE-----