From dshaw at jabberwocky.com  Sat Aug  1 04:05:41 2009
From: dshaw at jabberwocky.com (David Shaw)
Date: Fri, 31 Jul 2009 22:05:41 -0400
Subject: latest stable version of GnuPG that decrypts Adobe PDF files
In-Reply-To: <1622E7367DEDB448A71E24C6DAD8A91E0C8FA2A6@A901US71.crowncork.com>
References: <1622E7367DEDB448A71E24C6DAD8A91E0C8FA2A6@A901US71.crowncork.com>
Message-ID: <89C2BDF9-E9D8-4D6E-94B5-E452411033EE@jabberwocky.com>

On Jul 31, 2009, at 9:21 AM, Reich, George wrote:

> Hello,
>
> Can anyone suggest the latest stable version of GnuPG that  
> successfully does decryption for Adobe PDF files? And if so, are  
> there installation instructions for that version?

I'm going to guess that you are referring to the built-in PDF  
encryption, and if so, the answer is no.  GnuPG cannot decrypt PDF  
files unless they are encrypted with OpenPGP (PGP, GnuPG, etc).

David



From rjh at sixdemonbag.org  Sun Aug  2 17:45:07 2009
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sun, 02 Aug 2009 11:45:07 -0400
Subject: Help with downloading GnuPG
In-Reply-To: <4A70532A.40705@yahoo.com>
References: <4A70532A.40705@yahoo.com>
Message-ID: <4A75B483.5030802@sixdemonbag.org>

Judi Caruso wrote:
> Everywhere I have search has lead me to www.gnupg.org 
> where I don't understand how to download in the binary fashion or what
> that means...

People from both GnuPG and Enigmail hang out on this list.  We're very
happy to help you out with downloading and setting up GnuPG.  Welcome to
the community!

The Enigmail project has put together a Quick Start Guide which will
help you get started quickly with Enigmail:

	http://enigmail.mozdev.org/documentation/quickstart.php

If you have any Enigmail-specific questions, it would be best to ask on
the Enigmail mailing list:

	http://www.mozdev.org/mailman/listinfo/enigmail



From laurent.jumet at skynet.be  Sun Aug  2 19:05:12 2009
From: laurent.jumet at skynet.be (Laurent Jumet)
Date: Sun, 02 Aug 2009 19:05:12 +0200
Subject: Needed help
In-Reply-To: <4A735063.5010204@bovonesas.it>
Message-ID: <GED4A75C919@laurent.jumet.skynet.be>


Hello Filippo !

Filippo V <filippo at bovonesas.it> wrote:

> I have this situation
> pub  1024D/01A82A13  created: 2008-09-21  expires: mai       utilizzo: SCA
> sub* 2048g/E159FB03  created: 2008-09-21  expires: mai       utilizzo: E

> i have the secret key 01A82A13, but not E159FB03
> what should i do? (replace subkey with other, remove it - the result is
> that i can't encrypt)

> what does SCA and E mean? how can i change them?

    Main key is for signing, subkey is to encrypt.
    What's the problem?

-- 
Laurent Jumet
      KeyID: 0xCFAF704C


From laurent.jumet at skynet.be  Sun Aug  2 19:10:24 2009
From: laurent.jumet at skynet.be (Laurent Jumet)
Date: Sun, 02 Aug 2009 19:10:24 +0200
Subject: Help with downloading GnuPG
In-Reply-To: <4A70532A.40705@yahoo.com>
Message-ID: <GED4A75C8F2@laurent.jumet.skynet.be>


Hello Judi !

Judi Caruso <judicaruso61 at yahoo.com> wrote:

> I am taking an IT class and learning about encryption. We were given
> instructions to download the add on for Thunderbird/Windows Vista  -
> GNUPG/Enigmail. Everywhere I have search has lead me to www.gnupg.org
> where I don't understand how to download in the binary fashion or what
> that means.. in terms of this program. I do not see a download button to
> click.   I am sure it is something easy but I don't see it could you
> help me get started with a download for my computer...

    Enigmail is an add)on for Thunderbird. You can download it here:
https://addons.mozilla.org/fr/thunderbird/

-- 
Laurent Jumet
      KeyID: 0xCFAF704C


From faramir.cl at gmail.com  Sun Aug  2 22:00:56 2009
From: faramir.cl at gmail.com (Faramir)
Date: Sun, 02 Aug 2009 16:00:56 -0400
Subject: Help with downloading GnuPG
In-Reply-To: <4A70532A.40705@yahoo.com>
References: <4A70532A.40705@yahoo.com>
Message-ID: <4A75F078.6050701@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Judi Caruso escribi?:
> Hi,
> I am taking an IT class and learning about encryption. We were given
> instructions to download the add on for Thunderbird/Windows Vista  -
> GNUPG/Enigmail. Everywhere I have search has lead me to www.gnupg.org 

  Yes, that's the right place. At
http://www.gnupg.org/download/index.en.html
  Look for the Binaries section of the page, and then, look for the line
that says "GnuPG 1.4.9 compiled for Microsoft Windows." At the right
place in that line, it says "FTP". Click on FTP, and the download should
start.

   Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJKdfB4AAoJEMV4f6PvczxAvBwIAKZziDcKSCoJFzMK+d81ph8i
q0FLytohUiPq/SXVsYHr3/+CnfyUva+aWPp07+wvy/3UWbYu+Xlf3wC0IV4fFU0Q
hNkhtGtLnruTds5TVOcIKb0ijoTcjhUE+kWSwTPUPr047KkCZIqgjHcCeS9zp9o/
M5hezfy5u8y5S7D1G7RXkMxAv5Dw1Y4coVLi5l7Dc1IOmOg9mVHdPt8IxNpmxlXp
Yvi/PwDKA0JlCoRVkYSlO3ExQlvBrqHpctOJGyGZh2/wlg+XHV7Xm/7mwf5nSiAK
WdARKEWPoqj8DZWFRTpmDGv17iii9Hysmz9qZj6Rvx+olrSIxl/e6z6E9zFn8fk=
=A3Wx
-----END PGP SIGNATURE-----


From alexanderbertram at gmail.com  Mon Aug  3 20:52:49 2009
From: alexanderbertram at gmail.com (Alexander Bertram)
Date: Mon, 3 Aug 2009 20:52:49 +0200
Subject: OpenPGP und GnuPG 2.0.12
Message-ID: <b169ee440908031152m20badea3s68c9d241d4e449da@mail.gmail.com>

Liebe Mitglieder,

ich habe mit GnuPG ein asymmetrisches Schl?sselpaar auf meiner Smartcard
generiert. *Der private und ?ffentliche Schl?ssel wurde direkt auf der Karte
erzeugt.*

Ich habe 3 Fragenkomplexe:

a) ich verwende zwei verschiedene OpenPGP Karten (V.1 und V.2). Meine GnuPG
Version ist 2.0.12. Die V.1-Karte sollte RSA Schl?ssel bis 2048 bit L?nge
erzeugen k?nnen, die neue Karte Schl?ssel bis 3072 bit. Trotzdem kann ich
bei V.1 maximal einen Schl?ssel bis 1024 bit erzeugen, bei V.2 bis 2048 bit.
Wieso besteht diese Begrenzung, wenn die Smartcard doch selbst l?ngere
Schl?ssel generieren kann? Wie umgehe ich diese Begrenzung?

b) Obwohl das Schl?sselpaar auf der Smartcard generiert wurde, wurden
offenbar von GnuPG beide Schl?ssel (privat und ?ffentlich) auch auf meinem
Computer gespeichert. Ich habe eine Sicherungskopie angefertigt (Endung
.asc) und mit dem Texteditor nachgesehen. Tats?chlich sind beide Schl?ssel
enthalten!!!!!!!
Ist dies nicht ein Sicherheitsproblem???!!! Wieso liest GnuPG den privaten
Schl?ssel aus der Karte aus und speichert ihn im System. Ohne nachzufragen
und ohne Sinn, da dieser auf der Smartcard gesch?tzt liegen soll und nicht
im System. Meiner Meinung nach sollte der Private Key die Smartcard nie
verlassen d?rfen...

c) kann ich die auf meiner OpenPGP Karte gespeicherten Schl?ssel/Daten
ansehen? Ich w?rde gerne nachpr?fen welche Schl?ssel gespeichert sind.

Ich danke f?r alle Hinweise,

P. S. Kennt jemand den Ver?ffentlichungstermin der GnuPG Vers. 2.0.*13*?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20090803/e949c43e/attachment.htm>

From classpath at arcor.de  Tue Aug  4 00:46:09 2009
From: classpath at arcor.de (Morten Gulbrandsen)
Date: Tue, 04 Aug 2009 00:46:09 +0200
Subject: OpenPGP und GnuPG 2.0.12
In-Reply-To: <b169ee440908031152m20badea3s68c9d241d4e449da@mail.gmail.com>
References: <b169ee440908031152m20badea3s68c9d241d4e449da@mail.gmail.com>
Message-ID: <4A7768B1.8020807@arcor.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alexander Bertram wrote:
> Liebe Mitglieder,
> 
> ich habe mit GnuPG ein asymmetrisches Schl?sselpaar auf meiner Smartcard
> generiert. *Der private und ?ffentliche Schl?ssel wurde direkt auf der
> Karte erzeugt.*
> 

Such a smart card , Like this ?

http://en.wikipedia.org/wiki/Smart_card


Please which card reader did you use,  there are many types of them.


as an example:

http://www.deutsche-bank.de/pbc/ser-onlinebanking-signtrustcard.html


technisch aktuellen


Chipkartenleser (Reiner SCT, Secoder)
und die neueste Version der Signatursoftware Intarsys ?SignLive! CC?


Herzlich willkommen bei REINER SCT,
dem Spezialisten f?r Chipkartenleseger?te!

http://www.reiner-sct.com/

Popular in germany but you do know that HBCI is  obsolete?


FinTS (Financial Transaction Services),

http://en.wikipedia.org/wiki/FinTS

Is the latest in greatest of all new protocols.





===

Buth card reader and software for reading frm and writing to the card is
important.


http://en.wikipedia.org/wiki/Card_reader#Smart_card_readers

With the latest PC/SC CCID specifications the PC/SC Workgroup
(www.pcscworkgroup.com) has defined a new way of smart card framework.
It works with USB devices with the specific device class 0x0B. Readers
with this class do not need device drivers because the operating system
manufacturer supplies it by default.


It would be nice if you may re post your question in English.

GnuPG may also work with the .gnupg/  directory from a usb memory stick.

There is also an openPGP card,


http://en.wikipedia.org/wiki/OpenPGP_card


and an OpenPGP smartcard specification

http://g10code.com/


I only use GnuPG and no cardreader, no smartcard. And I never copy
sensitive data on any usb device. It is simply fraught with peril.

What do you do if someone copies the private key from any usb stick or
smart card? You may easily "Loose" it and by pure accident "someone"
simply "Finds" it where you have "Lost" it ?


I'm curious how this is supposed to work and if it will ever work the
way marketing wants us to swallow SIM cards, RFIDs and whatever new cool
and fancy stuff industry and government may design together:

Chips in official IDs raise privacy fears

http://www.google.com/hostednews/ap/article/ALeqM5hHq9P54bYfXbHp-aDgs01gePq1twD99CDMT00


GnuPG is about pretty Good Privacy,


Sincerely yours,


Morten Gulbrandsen

?????????????
_____________________________________________________________________
Java programmer, C++ programmer
CAcert Assurer, GSWoT introducer, thawte Notary
Gossamer Spider Web of Trust http://www.gswot.org
Please consider the environment before printing this e-mail!



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (SunOS)
Comment: For keyID and its URL see the OpenPGP message header

iEYEARECAAYFAkp3aLEACgkQ9ymv2YGAKVSelACgzjr0o49ge56Ey+mKxstp0alF
YzsAoPPrLjmYwqp+ZGH3k/23Ht+ET6Ia
=Ffvo
-----END PGP SIGNATURE-----


From fab.furnari at gmail.com  Tue Aug  4 00:22:13 2009
From: fab.furnari at gmail.com (Fabrizio Furnari)
Date: Tue, 4 Aug 2009 00:22:13 +0200
Subject: OpenPGP card problem
Message-ID: <bad401b70908031522o53af9e72q62662b8102d7cb26@mail.gmail.com>

Hi to all,
I've just subscripted this list after a few days spent looking for a
solution to my problem:
I've just bought a OpenPGP card and a card reader (SCR 335) to use with my
Ubuntu 9.04 laptop.
I've installed the udev scripts, as explained in the fsfe howto (
http://wiki.fsfe.org/Card_howtos/Card_reader_setup_(udev)).
I've used gpg to set-up the first data on the card: Name, Language, PIN,
etc, but when I've tried to change the Admin PIN the behaviour of the
software became strange; mainly gpg doesn't want to change the PIN, nor the
Admin PIN.
I paste an example:

-----------------------------------------------------------------------------
gpg --change-pin
gpg: detected reader `SCM SCR 335 00 00'
gpg: OpenPGP card no. D27600012401020000050XXXXXXXXXXXXXXXX detected

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
Q - quit

Your selection? 1

PIN

New PIN

New PIN
Error changing the PIN: invalid argument
---------------------------------------------------------------------------------

I'm sure the pin is correct...if I try to unblock it I this:

---------------------------------------------------------------------------------
gpg: 3 Admin PIN attempts remaining before card is permanently locked

Admin PIN

New PIN

New PIN
Error unblocking the PIN: general error

---------------------------------------------------------------------------------

Also i I try to change the admin PIN (wich is still the default one) I
obtain a "invalid argument"...
I suspect that gpg wants to change the CHV2 PIN, in fact if I intentionally
put in a wrong (alphabetic) pin I obtain:

--------------------------------------------------------------------------------
PIN
gpg: PIN for CHV2 is too short; minimum length is 6
Error changing the PIN: bad passphrase
--------------------------------------------------------------------------------

and if I try with gpg --card-status this is a strange line:

--------------------------------------------------------------------------------
...
PIN retry counter : 3 0 3
--------------------------------------------------------------------------------

Should be 3 3 3, is that correct?

I don't know what to do, what do you think about?
These are the packages installed on my linux box:

ii  gnupg                                      1.4.9-3ubuntu1
rc  gnupg-agent                                2.0.9-3.1
ii  gnupg-pkcs11-scd                           0.06-4
ii  python-gnupginterface

Many thanks,

Fabrizio
-- 
@P=split//,".URRUU\c8R";@d=split//,"\niranruF oizirbaF";sub p{
@p{"r$p","u$p"}=(P,P);pipe"r$p","u$p";++$p;($q*=2)+=$f=!fork;map{$P=$P[$f^ord
($p{$_})&6];$p{$_}=/
^$P/ix?$P:close$_}keys%p}p;p;p;p;p;map{$p{$_}=~/^[P.]/&&
close$_}%p;wait until$?;map{/^r/&&<$_>}%p;$_=$d[$q];sleep
rand(2)if/\S/;print
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20090804/23e359a6/attachment-0001.htm>

From fab.furnari at gmail.com  Tue Aug  4 16:59:58 2009
From: fab.furnari at gmail.com (Fabrizio Furnari)
Date: Tue, 4 Aug 2009 16:59:58 +0200
Subject: Fwd: OpenPGP card problem
In-Reply-To: <bad401b70908031522o53af9e72q62662b8102d7cb26@mail.gmail.com>
References: <bad401b70908031522o53af9e72q62662b8102d7cb26@mail.gmail.com>
Message-ID: <bad401b70908040759s3cfbc419v95cc92b010f92e6d@mail.gmail.com>

Hi, just to inform that I've tried also on windows with the correct drivers
for the card reader and the last version of gnupg for windows...
Is there anybody out with the same problem/a solution?

---------- Forwarded message ----------
From: Fabrizio Furnari <fab.furnari at gmail.com>
Date: Tue, Aug 4, 2009 at 12:22 AM
Subject: OpenPGP card problem
To: gnupg-users at gnupg.org


Hi to all,
I've just subscripted this list after a few days spent looking for a
solution to my problem:
I've just bought a OpenPGP card and a card reader (SCR 335) to use with my
Ubuntu 9.04 laptop.
I've installed the udev scripts, as explained in the fsfe howto (
http://wiki.fsfe.org/Card_howtos/Card_reader_setup_(udev)<http://wiki.fsfe.org/Card_howtos/Card_reader_setup_%28udev%29>
).
I've used gpg to set-up the first data on the card: Name, Language, PIN,
etc, but when I've tried to change the Admin PIN the behaviour of the
software became strange; mainly gpg doesn't want to change the PIN, nor the
Admin PIN.
I paste an example:

-----------------------------------------------------------------------------
gpg --change-pin
gpg: detected reader `SCM SCR 335 00 00'
gpg: OpenPGP card no. D27600012401020000050XXXXXXXXXXXXXXXX detected

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
Q - quit

Your selection? 1

PIN

New PIN

New PIN
Error changing the PIN: invalid argument
---------------------------------------------------------------------------------

I'm sure the pin is correct...if I try to unblock it I this:

---------------------------------------------------------------------------------
gpg: 3 Admin PIN attempts remaining before card is permanently locked

Admin PIN

New PIN

New PIN
Error unblocking the PIN: general error

---------------------------------------------------------------------------------

Also i I try to change the admin PIN (wich is still the default one) I
obtain a "invalid argument"...
I suspect that gpg wants to change the CHV2 PIN, in fact if I intentionally
put in a wrong (alphabetic) pin I obtain:

--------------------------------------------------------------------------------
PIN
gpg: PIN for CHV2 is too short; minimum length is 6
Error changing the PIN: bad passphrase
--------------------------------------------------------------------------------

and if I try with gpg --card-status this is a strange line:

--------------------------------------------------------------------------------
...
PIN retry counter : 3 0 3
--------------------------------------------------------------------------------

Should be 3 3 3, is that correct?

I don't know what to do, what do you think about?
These are the packages installed on my linux box:

ii  gnupg                                      1.4.9-3ubuntu1
rc  gnupg-agent                                2.0.9-3.1
ii  gnupg-pkcs11-scd                           0.06-4
ii  python-gnupginterface

Many thanks,

Fabrizio
-- 
@P=split//,".URRUU\c8R";@d=split//,"\niranruF oizirbaF";sub p{
@p{"r$p","u$p"}=(P,P);pipe"r$p","u$p";++$p;($q*=2)+=$f=!fork;map{$P=$P[$f^ord
($p{$_})&6];$p{$_}=/
^$P/ix?$P:close$_}keys%p}p;p;p;p;p;map{$p{$_}=~/^[P.]/&&
close$_}%p;wait until$?;map{/^r/&&<$_>}%p;$_=$d[$q];sleep
rand(2)if/\S/;print




-- 
@P=split//,".URRUU\c8R";@d=split//,"\niranruF oizirbaF";sub p{
@p{"r$p","u$p"}=(P,P);pipe"r$p","u$p";++$p;($q*=2)+=$f=!fork;map{$P=$P[$f^ord
($p{$_})&6];$p{$_}=/
^$P/ix?$P:close$_}keys%p}p;p;p;p;p;map{$p{$_}=~/^[P.]/&&
close$_}%p;wait until$?;map{/^r/&&<$_>}%p;$_=$d[$q];sleep
rand(2)if/\S/;print
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20090804/ad3e99ff/attachment.htm>

From jerome.blanc at nerim.net  Tue Aug  4 22:01:20 2009
From: jerome.blanc at nerim.net (=?UTF-8?B?SsOpcsO0bWU=?= Blanc)
Date: Tue, 4 Aug 2009 22:01:20 +0200
Subject: Signing with a key on a smart card
Message-ID: <20090804220120.3c3715d5@Gemini>

Hello, 

I'm currently toying with an OpenPGP smart card, but I meet some
difficulties getting how this works. 

I have the Smart Card properly set up (at least I do think so ;-)) : 

[gemini at Gemini ~]$ gpg --card-status

gpg: detected reader `Gemplus GemPC Twin 00 00'
[?]
Signature key ....: 5898 DBEA 1139 733B ACFD  7880 E8B6 F7C5 2B20 7AEF
      created ....: 2009-08-02 11:34:17
Encryption key....: A52C FAAC D39F 252D A2C4  0149 2B0F 7310 7C9E D800
      created ....: 2009-08-02 11:37:25
Authentication key: D179 47D8 3B01 87A3 3C86  1AB0 2E8D 6DE6 F8D5 6EFC
      created ....: 2009-08-04 19:22:04
In the keyring, I have 3 private master keys, for handling 3 different
identities. 

In the gpg.conf, the default key is the master key that generated the
subkeys that are on the smart card.

I can cipher and decipher using the keys on the smart card. However,
when I try to sign a file, then I have the following : 

[gemini at Gemini ~]$ gpg --sign -u 2B207AEF test.txt
Le fichier `test.txt.gpg' existe. R??crire par-dessus ? (o/N)
gpg: detected reader `Gemplus GemPC Twin 00 00'
gpg: la signature a ?chou?: mauvaise cl? secr?te utilis?e
gpg: signing failed: mauvaise cl? secr?te utilis?e

which means => signing failed: wrong secret key used

Signing works with the two other master keys.  As well, using the same
card on another computer works, with an empty gpg keyring but the
public keys related to it.

Does this mean I have no other choice but to remove master keys of that
"identity" in order to be able to use the card with my computer ?

Thanks ! 

Regards,
-- 
J?r?me Blanc
OpenPGP : 1024D/F44DB96C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: </pipermail/attachments/20090804/64a16b9f/attachment.pgp>

From ishe.mudzingwa at barclays.com  Thu Aug  6 17:10:37 2009
From: ishe.mudzingwa at barclays.com (ishe.mudzingwa at barclays.com)
Date: Thu, 6 Aug 2009 16:10:37 +0100
Subject: Complile problem on Unixware 7.1.4 gpg-1.4.9
Message-ID: <C5015EBA421E1E42BA27AB3485371B9768F5CF@MUKPBCC1XMB0304.collab.barclayscorp.com>

Hi,

I am trying to run make on Unixware 7.1.4 and failing here is the error.

Making all in mpi
        cc -E -I.. -I../include -DHAVE_CONFIG_H mpih-mul1.S | grep -v '^#' >
_mp
ih-mul1.s
        cc -DHAVE_CONFIG_H -I. -I.. -I.. -I../include     -g   -c
_mpih-mul1.s
UX:as: ERROR: _mpih-mul1.s:17:unknown directive: .
UX:as: ERROR: _mpih-mul1.s:18:syntax error at integer constant: 1
UX:as: ERROR: _mpih-mul1.s:19:syntax error at name: mpihelp_mul_1
UX:as: ERROR: _mpih-mul1.s:22:invalid register token
UX:as: ERROR: _mpih-mul1.s:23:invalid register token
UX:as: ERROR: _mpih-mul1.s:24:invalid register token

Can anyone help

Thanks

Ishe

 


This e-mail and any attachments are confidential and intended solely for the addressee and may also be privileged or exempt from disclosure under applicable law. If you are not the addressee, or have received this e-mail in error, please notify the sender immediately, delete it from your system and do not copy, disclose or otherwise act upon any part of this e-mail or its attachments.

Internet communications are not guaranteed to be secure or virus-free.
The Barclays Group does not accept responsibility for any loss arising from unauthorised access to, or interference with, any Internet communications by any third party, or from the transmission of any viruses. Replies to this e-mail may be monitored by the Barclays Group for operational or business reasons.

Any opinion or other information in this e-mail or its attachments that does not relate to the business of the Barclays Group is personal to the sender and is not given or endorsed by the Barclays Group.

Barclays Bank PLC.Registered in England and Wales (registered no. 1026167).
Registered Office: 1 Churchill Place, London, E14 5HP, United Kingdom.

Barclays Bank PLC is authorised and regulated by the Financial Services Authority.


From classpath at arcor.de  Thu Aug  6 19:36:08 2009
From: classpath at arcor.de (Morten Gulbrandsen)
Date: Thu, 06 Aug 2009 19:36:08 +0200
Subject: Complile problem on Unixware 7.1.4 gpg-1.4.9
In-Reply-To: <C5015EBA421E1E42BA27AB3485371B9768F5CF@MUKPBCC1XMB0304.collab.barclayscorp.com>
References: <C5015EBA421E1E42BA27AB3485371B9768F5CF@MUKPBCC1XMB0304.collab.barclayscorp.com>
Message-ID: <4A7B1488.1080800@arcor.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ishe.mudzingwa at barclays.com wrote:
> Hi,
> 
> I am trying to run make on Unixware 7.1.4 and failing here is the error.
> 
> Making all in mpi
>         cc -E -I.. -I../include -DHAVE_CONFIG_H mpih-mul1.S | grep -v '^#' >
> _mp
> ih-mul1.s
>         cc -DHAVE_CONFIG_H -I. -I.. -I.. -I../include     -g   -c
> _mpih-mul1.s
> UX:as: ERROR: _mpih-mul1.s:17:unknown directive: .
> UX:as: ERROR: _mpih-mul1.s:18:syntax error at integer constant: 1
> UX:as: ERROR: _mpih-mul1.s:19:syntax error at name: mpihelp_mul_1
> UX:as: ERROR: _mpih-mul1.s:22:invalid register token
> UX:as: ERROR: _mpih-mul1.s:23:invalid register token
> UX:as: ERROR: _mpih-mul1.s:24:invalid register token
> 
> Can anyone help
> 
> Thanks
> 
> Ishe
> 
>  
> 
> 
> This e-mail and any attachments are confidential and intended solely for the addressee and may also be privileged or exempt from disclosure under applicable law. If you are not the addressee, or have received this e-mail in error, please notify the sender immediately, delete it from your system and do not copy, disclose or otherwise act upon any part of this e-mail or its attachments.
> 
> Internet communications are not guaranteed to be secure or virus-free.
> The Barclays Group does not accept responsibility for any loss arising from unauthorised access to, or interference with, any Internet communications by any third party, or from the transmission of any viruses. Replies to this e-mail may be monitored by the Barclays Group for operational or business reasons.
> 
> Any opinion or other information in this e-mail or its attachments that does not relate to the business of the Barclays Group is personal to the sender and is not given or endorsed by the Barclays Group.
> 
> Barclays Bank PLC.Registered in England and Wales (registered no. 1026167).
> Registered Office: 1 Churchill Place, London, E14 5HP, United Kingdom.
> 
> Barclays Bank PLC is authorised and regulated by the Financial Services Authority.
> 

Dear Mr. Mudzingwa

Hi Sir! An interesting question,


UX:as: ERROR:

as  may be the assembler, on UNIX you have different tools from the open
source world than some of the proprietary ones.


bash-3.00$ which  as
/usr/bin/as


bash-3.00$ as -V
as: Sun Compiler Common 12 SunOS_i386 snv_64 04/30/2007


When you use gnu software you will need the gnu assembler


you can use gmake instead of make

when you invoke gmake you may specify which assembler you need

like this

gmake AS=gas  # on the invocation command line.

please read the man page of gmake and gas


www.gnu.org/software/make/

http://www.gnu.org/software/binutils/

    *  ld - the GNU linker.
    * as - the GNU assembler.


and you most likely also need the gnu c compiler.


 cc -E -I.. -I../include

looks like the native c compiler for your unix system.

For gnu software some gnu tools are necessary.

man gcc  man gmake  man gas will help.

This is for helping you compile GnuPG on SCO Unix,


===

One workaround would be to take  PGP for unix from here
http://www.pgpi.org/

the far better solution would be to go for debian linux or some higly
secure BSD flavour.


debian is here  debian.org

right out of the box paranoic security is offereed on the fly from

obenbsd.org

If you need professional unix support you may get it from sco,
but also IBM and Sun Microsystems as well as HP offers unix.

RedHat and Ubuintu Linux is offered with a support license, but it is so
well coded and easy to use that you most likely won't need any support
if you decide to take the RedHat, Suse or Ubuntu offer from sun.

If you are legally bound and enforced to run only unix certified
software, you can ask sco,  or investigate here:

http://www.unix.org/


The unix specification says, that  a set of software,  on a given set of
hardware for a certain period of time is UNIX. Add some extension card
and some minor software configuration then you have no more unix.

GnuPG is quite easy to run on any linux or BSD but needs troubleshooting
when porting to UNIX.

Not only Gnu  compiler tools may cause strange hicups and annoying
results, even simple commands like chmod  chown chgrp  are implemented
different on for example solaris than Linux.  however the manpages can
tell you more about this.


Since you ask on behalf of a bank which I happen to be customer of, it
is in my interest that you only accept OpenBSD for higest security.

That has proactive security and is easy as anything.

here we go:

http://www.openbsd.org/

Only two remote holes in the default install, in a heck of a long time!

The OpenBSD project produces a FREE, multi-platform 4.4BSD-based
UNIX-like operating system. Our efforts emphasize portability,
standardization, correctness, proactive security and integrated
cryptography.


http://www.openbsd.org/4.5_packages/sh/gnupg-1.4.9.tgz-long.html


Package Information for gnupg-1.4.9.tgz (sh)

you find more here

http://www.google.com/BSD
search for openbsd  gnupg 1.4.9

Gnu is ported to OpenBSD without the linux emulation sometimes otherwise
needed.

Also the command line options for the UNIX native C and C++  compilers
are different than what is Gnu Standard.




Sincerely yours,

Morten Gulbrandsen

?????????????
_____________________________________________________________________
Java programmer, C++ programmer
CAcert Assurer, GSWoT introducer, thawte Notary
Gossamer Spider Web of Trust http://www.gswot.org
Please consider the environment before printing this e-mail!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (SunOS)
Comment: For keyID and its URL see the OpenPGP message header

iEYEARECAAYFAkp7FIgACgkQ9ymv2YGAKVSfkQCgnJev6LRWGhQva/2muikLoW2N
lwoAnjKHy/vDU2C8e3yeWHIECzoqUl4R
=Nav3
-----END PGP SIGNATURE-----


From benjamin at py-soft.co.uk  Fri Aug  7 01:36:21 2009
From: benjamin at py-soft.co.uk (Benjamin Donnachie)
Date: Thu, 6 Aug 2009 19:36:21 -0400
Subject: Complile problem on Unixware 7.1.4 gpg-1.4.9
In-Reply-To: <C5015EBA421E1E42BA27AB3485371B9768F5CF@MUKPBCC1XMB0304.collab.barclayscorp.com>
References: <C5015EBA421E1E42BA27AB3485371B9768F5CF@MUKPBCC1XMB0304.collab.barclayscorp.com>
Message-ID: <732076a80908061636o428047a6yb5163fb25c3303d2@mail.gmail.com>

2009/8/6  <ishe.mudzingwa at barclays.com>:
> Can anyone help

I've seen a similar problem on the Mac when it tries to use the wrong
assembly mpi modules.  Try adding --disable-asm to your ./configure
options before running make.  For good measure, run make clean first,
ie:

make clean
./configure --disable-asm
make all

Ben


From ishe.mudzingwa at barclays.com  Fri Aug  7 10:55:55 2009
From: ishe.mudzingwa at barclays.com (ishe.mudzingwa at barclays.com)
Date: Fri, 7 Aug 2009 09:55:55 +0100
Subject: Complile problem on Unixware 7.1.4 gpg-1.4.9
In-Reply-To: <732076a80908061636o428047a6yb5163fb25c3303d2@mail.gmail.com>
Message-ID: <C5015EBA421E1E42BA27AB3485371B9768F5D7@MUKPBCC1XMB0304.collab.barclayscorp.com>

Ben,

Many thanks for. With you suggestion, I was able to compile successfully and
have been able to exchange encrypted files successfully between my Unixware
server and a windows machine.

Thanks and regards

Ishe

-----Original Message-----
From: Benjamin Donnachie [mailto:benjamin at py-soft.co.uk]
Sent: 07 August 2009 00:36
To: Mudzingwa, Ishe : GRCB Technology
Cc: gnupg-users at gnupg.org
Subject: Re: Complile problem on Unixware 7.1.4 gpg-1.4.9


2009/8/6  <ishe.mudzingwa at barclays.com>:
> Can anyone help

I've seen a similar problem on the Mac when it tries to use the wrong
assembly mpi modules.  Try adding --disable-asm to your ./configure
options before running make.  For good measure, run make clean first,
ie:

make clean
./configure --disable-asm
make all

Ben

This e-mail and any attachments are confidential and intended solely for the addressee and may also be privileged or exempt from disclosure under applicable law. If you are not the addressee, or have received this e-mail in error, please notify the sender immediately, delete it from your system and do not copy, disclose or otherwise act upon any part of this e-mail or its attachments.

Internet communications are not guaranteed to be secure or virus-free.
The Barclays Group does not accept responsibility for any loss arising from unauthorised access to, or interference with, any Internet communications by any third party, or from the transmission of any viruses. Replies to this e-mail may be monitored by the Barclays Group for operational or business reasons.

Any opinion or other information in this e-mail or its attachments that does not relate to the business of the Barclays Group is personal to the sender and is not given or endorsed by the Barclays Group.

Barclays Bank PLC.Registered in England and Wales (registered no. 1026167).
Registered Office: 1 Churchill Place, London, E14 5HP, United Kingdom.

Barclays Bank PLC is authorised and regulated by the Financial Services Authority.


From benjamin at py-soft.co.uk  Fri Aug  7 17:20:38 2009
From: benjamin at py-soft.co.uk (Benjamin Donnachie)
Date: Fri, 7 Aug 2009 11:20:38 -0400
Subject: Complile problem on Unixware 7.1.4 gpg-1.4.9
In-Reply-To: <C5015EBA421E1E42BA27AB3485371B9768F5D7@MUKPBCC1XMB0304.collab.barclayscorp.com>
References: <732076a80908061636o428047a6yb5163fb25c3303d2@mail.gmail.com>
	<C5015EBA421E1E42BA27AB3485371B9768F5D7@MUKPBCC1XMB0304.collab.barclayscorp.com>
Message-ID: <732076a80908070820q5dd298b7p483888320bdf8fcb@mail.gmail.com>

2009/8/7  <ishe.mudzingwa at barclays.com>:
> Many thanks for. With you suggestion, I was able to compile successfully and
> have been able to exchange encrypted files successfully between my Unixware
> server and a windows machine.

Great news!  Glad to have helped! :)

Take care,

Ben


From afb at paradise.net.nz  Sat Aug  8 00:43:24 2009
From: afb at paradise.net.nz (Adam Bogacki)
Date: Sat, 08 Aug 2009 10:43:24 +1200
Subject: Transferring GnuPG accounts
Message-ID: <20090807224324.GA3610@paradise.net.nz>

Hi, Having recently set up lenny on a new box, I copied
the contents of ~/.gnupg from the old etch box to a
USB stick and then to the lenny box - but find that
mutt does not do digital signatures as it did on the old one.

What am I missing here ?

T2: ~/.gnupg# ls
gpg.conf  pubring.gpg  pubring.gpg~  random_seed  secring.gpg  trustdb.gpg

Adam Bogacki,
afb at paradise.net.nz



From dshaw at jabberwocky.com  Sat Aug  8 05:45:07 2009
From: dshaw at jabberwocky.com (David Shaw)
Date: Fri, 7 Aug 2009 23:45:07 -0400
Subject: Transferring GnuPG accounts
In-Reply-To: <20090807224324.GA3610@paradise.net.nz>
References: <20090807224324.GA3610@paradise.net.nz>
Message-ID: <8E490C63-F995-4504-BF9F-9188E3C48300@jabberwocky.com>

On Aug 7, 2009, at 6:43 PM, Adam Bogacki wrote:

> Hi, Having recently set up lenny on a new box, I copied
> the contents of ~/.gnupg from the old etch box to a
> USB stick and then to the lenny box - but find that
> mutt does not do digital signatures as it did on the old one.
>
> What am I missing here ?
>
> T2: ~/.gnupg# ls
> gpg.conf  pubring.gpg  pubring.gpg~  random_seed  secring.gpg   
> trustdb.gpg

To properly answer your question, you'd have to say what "does not do  
digital signature as it did" means.

Does it not work at all?  Does it work, but in an unexpected way?   
What does it do?  There just isn't any information to go on here.

David



From afb at paradise.net.nz  Sun Aug  9 07:15:01 2009
From: afb at paradise.net.nz (Adam Bogacki)
Date: Sun, 09 Aug 2009 17:15:01 +1200
Subject: Transferring GnuPG accounts
In-Reply-To: <8E490C63-F995-4504-BF9F-9188E3C48300@jabberwocky.com>
References: <20090807224324.GA3610@paradise.net.nz>
	<8E490C63-F995-4504-BF9F-9188E3C48300@jabberwocky.com>
Message-ID: <20090809051501.GA5477@paradise.net.nz>

On Fri, Aug 07, 2009 at 11:45:07PM -0400, David Shaw wrote:
> On Aug 7, 2009, at 6:43 PM, Adam Bogacki wrote:
> 
> >Hi, Having recently set up lenny on a new box, I copied
> >the contents of ~/.gnupg from the old etch box to a
> >USB stick and then to the lenny box - but find that
> >mutt does not do digital signatures as it did on the old one.
> >
> >What am I missing here ?
> >
> >T2: ~/.gnupg# ls
> >gpg.conf  pubring.gpg  pubring.gpg~  random_seed  secring.gpg
> >trustdb.gpg
> 
> To properly answer your question, you'd have to say what "does not do
> digital signature as it did" means.
> 
> Does it not work at all?  Does it work, but in an unexpected way?
> What does it do?  There just isn't any information to go on here.
>

Thanks. Following another msg from is list, I removed 'random_seed'
and tried sending a signed mutt mail.

All seemed well until the final stage when I received the following
error message...

>gpg: no default secret key: secret key not available
>gpg: signing failed: secret key not available
>Press any key to continue...

Regards,

Adam Bogacki,
afb at paradise.net.nz




From nathaniel.wieriks at gmail.com  Mon Aug  3 07:54:32 2009
From: nathaniel.wieriks at gmail.com (Nathaniel Wieriks)
Date: Mon, 03 Aug 2009 15:54:32 +1000
Subject: pool.sks-keyservers.net connection error
Message-ID: <4A767B98.6010201@gmail.com>

Hi All,

I'm having issues uploading my public key to the pool.sks-keyservers.net
servers.  It seems that the DNS servers (ns1.kfwebs.net ns2.kfwebs.net)
are having issues.

Is anyone coming up with the same issue?  Is their a solution? I have
further diagnostic info if anyone needs it.

Best Regards,
Nathaniel.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20090803/fa6f9f7f/attachment.htm>

From jmoore3rd at bellsouth.net  Tue Aug 11 17:32:03 2009
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Tue, 11 Aug 2009 11:32:03 -0400
Subject: pool.sks-keyservers.net connection error
In-Reply-To: <4A767B98.6010201@gmail.com>
References: <4A767B98.6010201@gmail.com>
Message-ID: <4A818EF3.3000306@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Nathaniel Wieriks wrote:
> Hi All,
> 
> I'm having issues uploading my public key to the pool.sks-keyservers.net
> servers.  It seems that the DNS servers (ns1.kfwebs.net ns2.kfwebs.net)
> are having issues.

I use OpenDNS.  You might try using a different DNS server.

You could always try going to a Keyserver's Site and manually adding
Your Key.

http://www.sks-keyservers.net/status/

The above Link will allow You to check on the status of the Keyserver Pool.

JOHN ;)
Timestamp: Tuesday 11 Aug 2009, 11:31  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn5068: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: http://www.gswot.org
Comment: Personal Web Page:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJKgY7wAAoJEBCGy9eAtCsPLbQH/2+ruB33xdnEMbLhrYg5xOgF
dMSeog6g0rqfGsRtmiKcBahVHZwf/D3+FDC0AeeNfEzmN7XOKCuObtt7BsrD+U1v
Fak+RQ2xRK7w4kOOAfOxSoyOcQSytLF/SdET8r/Z6DS47mXBIlJFJ34gKhYG9Ht1
ADwg33P5hVRZMihGHwFH8JslZDphFq+jzGuKROnCfg+/iiifS6KVVAJ3HF6e9+tv
oIYJXI4yfwR29pS/ASrr/wW2V5oXrpFgw3LbbJUBJEd4CBul4uR778SYPPqz49qw
52b6XQXlwdLKqt2aa5XOEmBV8AQJ3lbg1ufKvg8vvOVImLsH8crOi0mwcBq9ydM=
=xByt
-----END PGP SIGNATURE-----


From jalockli at uwaterloo.ca  Tue Aug 11 18:04:37 2009
From: jalockli at uwaterloo.ca (Jason Locklin)
Date: Tue, 11 Aug 2009 12:04:37 -0400
Subject: pool.sks-keyservers.net connection error
In-Reply-To: <4A818EF3.3000306__30630.633669398$1250004856$gmane$org@bellsouth.net>
References: <4A767B98.6010201@gmail.com>
	<4A818EF3.3000306__30630.633669398$1250004856$gmane$org@bellsouth.net>
Message-ID: <h5s4qm$m1b$1@ger.gmane.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John W. Moore III wrote:
> Nathaniel Wieriks wrote:
>> Hi All,
> 
>> I'm having issues uploading my public key to the pool.sks-keyservers.net
>> servers.  It seems that the DNS servers (ns1.kfwebs.net ns2.kfwebs.net)
>> are having issues.
> 
> I use OpenDNS.  You might try using a different DNS server.
> 
> You could always try going to a Keyserver's Site and manually adding
> Your Key.
> 
> http://www.sks-keyservers.net/status/
> 
> The above Link will allow You to check on the status of the Keyserver Pool.
> 
> JOHN ;)
> Timestamp: Tuesday 11 Aug 2009, 11:31  --400 (Eastern Daylight Time)

I would avoid OpenDNS as they break a lot of stuff. If your ISP DNS
servers are down, I would suggest emailing them.

For now, the IP address of pool.sks-keyservers.net is 76.184.75.94
You can use the ip address directly until your DNS servers are back up.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: 'http://artsweb.uwaterloo.ca/~jalockli'
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkqBlooACgkQb2BKgf4F4OhoawCgom/iGoPphzF5vm0nga4CN6v/
LZIAn1m+icFPBldTdI2xZs/CGduNUP6C
=Z1ix
-----END PGP SIGNATURE-----



From gnupg.users at ml.karotte.org  Tue Aug 11 18:31:50 2009
From: gnupg.users at ml.karotte.org (Sebastian Wiesinger)
Date: Tue, 11 Aug 2009 18:31:50 +0200
Subject: Setting up SKS Keyserver
Message-ID: <20090811163150.GA7671@danton.fire-world.de>

Hi,

I'm thinking about setting up an SKS Keyserver. My question is, is
there some sort of mailinglist or something where this is ontopic?

As I understand I would also be in need of some "gossip" partners.

Is http://www.nongnu.org/sks/ the software I want to use or is there
something else? The Documentation Wiki for sks seems to be offline...

Any pointers in the right direction would be appreciated.

Kind Regards,

Sebastian

-- 
GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
            -- Terry Pratchett, The Fifth Elephant


From dshaw at jabberwocky.com  Tue Aug 11 19:31:38 2009
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 11 Aug 2009 13:31:38 -0400
Subject: Setting up SKS Keyserver
In-Reply-To: <20090811163150.GA7671@danton.fire-world.de>
References: <20090811163150.GA7671@danton.fire-world.de>
Message-ID: <83CBDF4B-C12A-44FD-B799-0173DE209518@jabberwocky.com>

On Aug 11, 2009, at 12:31 PM, Sebastian Wiesinger wrote:

> I'm thinking about setting up an SKS Keyserver. My question is, is
> there some sort of mailinglist or something where this is ontopic?

http://lists.nongnu.org/mailman/listinfo/sks-devel is the place.

> As I understand I would also be in need of some "gossip" partners.

Yes.  Many folks on sks-devel are happy to sync with people.  Just ask.

> Is http://www.nongnu.org/sks/ the software I want to use or is there
> something else? The Documentation Wiki for sks seems to be offline...

The software posted there is the latest official release.  On sks- 
devel there are usually a handful of patches and bug fixes being  
discussed before they are rolled into the official release.

David



From dshaw at jabberwocky.com  Tue Aug 11 19:48:27 2009
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 11 Aug 2009 13:48:27 -0400
Subject: Entropy-on-a-key
Message-ID: <7800EE20-C5EF-4DEE-B77D-55D6E1E6FC42@jabberwocky.com>

This is cute:

http://www.entropykey.co.uk/

(Reasonably on-topic as the device would work with GnuPG (at least on  
Linux), as it seems to feed /dev/random)

David



From dkg at fifthhorseman.net  Tue Aug 11 20:35:16 2009
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Tue, 11 Aug 2009 14:35:16 -0400
Subject: Entropy-on-a-key
In-Reply-To: <7800EE20-C5EF-4DEE-B77D-55D6E1E6FC42@jabberwocky.com>
References: <7800EE20-C5EF-4DEE-B77D-55D6E1E6FC42@jabberwocky.com>
Message-ID: <4A81B9E4.9020508@fifthhorseman.net>

On 08/11/2009 01:48 PM, David Shaw wrote:

> http://www.entropykey.co.uk/
> 
> (Reasonably on-topic as the device would work with GnuPG (at least on
> Linux), as it seems to feed /dev/random)

Bdale Garbee reports a prototype of that key working quite well with debian:

http://www.gag.com/bdale/blog/posts/More_Entropy_is_Better_Entropy.html

i think it could be very useful.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090811/809f108b/attachment-0001.pgp>

From ewrobinson at fedex.com  Tue Aug 11 20:44:48 2009
From: ewrobinson at fedex.com (Eric Robinson)
Date: Tue, 11 Aug 2009 13:44:48 -0500
Subject: GPG on iSeries (AS400)
In-Reply-To: <4A81B9E4.9020508@fifthhorseman.net>
References: <7800EE20-C5EF-4DEE-B77D-55D6E1E6FC42@jabberwocky.com>
	<4A81B9E4.9020508@fifthhorseman.net>
Message-ID: <B948C11507EC8148A158AD3FC6C1D87744C02C@MEMEXCH06V.corp.ds.fedex.com>

Does GPG run on an iSeries platform?  If that's a yes, could some direct
me to some information as to how, if it's a no, is this projected for
the future?


Thanks,
Eric

-------------------------------------------
Eric Robinson
Business Application Advisor
Global Information eXchange
Customer Integration Solutions
FedEx Corporate Services
469.524.6431
------------------------------------------




-----Original Message-----
From: gnupg-users-bounces at gnupg.org
[mailto:gnupg-users-bounces at gnupg.org] On Behalf Of Daniel Kahn Gillmor
Sent: Tuesday, August 11, 2009 1:35 PM
To: GnuPG Users
Subject: Re: Entropy-on-a-key

On 08/11/2009 01:48 PM, David Shaw wrote:

> http://www.entropykey.co.uk/
> 
> (Reasonably on-topic as the device would work with GnuPG (at least on 
> Linux), as it seems to feed /dev/random)

Bdale Garbee reports a prototype of that key working quite well with
debian:

http://www.gag.com/bdale/blog/posts/More_Entropy_is_Better_Entropy.html

i think it could be very useful.

	--dkg



From John at Mozilla-Enigmail.org  Tue Aug 11 22:31:03 2009
From: John at Mozilla-Enigmail.org (John Clizbe)
Date: Tue, 11 Aug 2009 15:31:03 -0500
Subject: Setting up SKS Keyserver
In-Reply-To: <20090811163150.GA7671@danton.fire-world.de>
References: <20090811163150.GA7671@danton.fire-world.de>
Message-ID: <4A81D507.7010509@Mozilla-Enigmail.org>

Sebastian Wiesinger wrote:
> Hi,
> 
> I'm thinking about setting up an SKS Keyserver. My question is, is
> there some sort of mailinglist or something where this is ontopic?

The sks-devel mailing list, see
http://lists.nongnu.org/mailman/listinfo/sks-devel for subscription info

> As I understand I would also be in need of some "gossip" partners.

Ask on sks-devel and you should get plenty of responses

> Is http://www.nongnu.org/sks/ the software I want to use or is there
> something else? The Documentation Wiki for sks seems to be offline...

That's the official site. Please be sure to use 1.1.0 and not 1.0.10

See http://www.keysigning.org/sks/ for helpful docs

Anything else, just ask on sks-devel



-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 679 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090811/75f448ae/attachment.pgp>

From dshaw at jabberwocky.com  Wed Aug 12 01:45:42 2009
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 11 Aug 2009 19:45:42 -0400
Subject: GPG on iSeries (AS400)
In-Reply-To: <B948C11507EC8148A158AD3FC6C1D87744C02C@MEMEXCH06V.corp.ds.fedex.com>
References: <7800EE20-C5EF-4DEE-B77D-55D6E1E6FC42@jabberwocky.com>
	<4A81B9E4.9020508@fifthhorseman.net>
	<B948C11507EC8148A158AD3FC6C1D87744C02C@MEMEXCH06V.corp.ds.fedex.com>
Message-ID: <535522E4-A500-4335-B16B-A35529C55CC5@jabberwocky.com>

On Aug 11, 2009, at 2:44 PM, Eric Robinson wrote:

> Does GPG run on an iSeries platform?  If that's a yes, could some  
> direct
> me to some information as to how, if it's a no, is this projected for
> the future?

iSeries running what?  Linux?

If it's Linux, just compile it like you'd compile it anywhere else.   
If it's OS/400, you might take a look at running it under PASE.

David



From christoph.anton.mitterer at physik.uni-muenchen.de  Wed Aug 12 01:41:10 2009
From: christoph.anton.mitterer at physik.uni-muenchen.de (Christoph Anton Mitterer)
Date: Wed, 12 Aug 2009 01:41:10 +0200
Subject: pool.sks-keyservers.net connection error
In-Reply-To: <h5s4qm$m1b$1@ger.gmane.org>
References: <4A767B98.6010201@gmail.com>
	<4A818EF3.3000306__30630.633669398$1250004856$gmane$org@bellsouth.net>
	<h5s4qm$m1b$1@ger.gmane.org>
Message-ID: <1250034453.10241.1.camel@fermat.scientia.net>

For me, pool.sks-keyservers.net seems to work right now:
$ dig any pool.sks-keyservers.net 

; <<>> DiG 9.6.1-P1 <<>> any pool.sks-keyservers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11901
;; flags: qr rd ra; QUERY: 1, ANSWER: 10, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;pool.sks-keyservers.net.	IN	ANY

;; ANSWER SECTION:
pool.sks-keyservers.net. 21515	IN	A	194.97.110.154
pool.sks-keyservers.net. 21515	IN	A	202.125.41.160
pool.sks-keyservers.net. 21515	IN	A	212.12.104.213
pool.sks-keyservers.net. 21515	IN	A	213.133.98.226
pool.sks-keyservers.net. 21515	IN	A	76.184.75.94
pool.sks-keyservers.net. 21515	IN	A	84.16.235.61
pool.sks-keyservers.net. 21515	IN	A	91.121.167.18
pool.sks-keyservers.net. 21515	IN	A	94.142.241.93
pool.sks-keyservers.net. 21515	IN	A	134.93.230.21
pool.sks-keyservers.net. 21515	IN	A	193.174.13.74

;; AUTHORITY SECTION:
sks-keyservers.net.	15558	IN	NS	ns1.kfwebs.net.
sks-keyservers.net.	15558	IN	NS	ns2.kfwebs.net.

;; ADDITIONAL SECTION:
ns1.kfwebs.net.		15558	IN	A	213.161.224.2
ns2.kfwebs.net.		15558	IN	A	84.215.42.117

;; Query time: 17 msec
;; SERVER: 84.16.235.61#53(84.16.235.61)
;; WHEN: Wed Aug 12 01:40:07 2009
;; MSG SIZE  rcvd: 276




On Tue, 2009-08-11 at 12:04 -0400, Jason Locklin wrote:
> For now, the IP address of pool.sks-keyservers.net is 76.184.75.94
> You can use the ip address directly until your DNS servers are back up.
btw: This is not the IP of pool.sks-keyservers.net, it's the IP of
keyserver.gingerbear.net,... and just one of many A RRs of
pool.sks-keyservers.net .


Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3387 bytes
Desc: not available
URL: </pipermail/attachments/20090812/9167d722/attachment.bin>

From steveo at syslang.net  Wed Aug 12 06:33:43 2009
From: steveo at syslang.net (Steven W. Orr)
Date: Wed, 12 Aug 2009 00:33:43 -0400
Subject: pool.sks-keyservers.net connection error
In-Reply-To: <h5s4qm$m1b$1@ger.gmane.org>
References: <4A767B98.6010201@gmail.com>	<4A818EF3.3000306__30630.633669398$1250004856$gmane$org@bellsouth.net>
	<h5s4qm$m1b$1@ger.gmane.org>
Message-ID: <4A824627.20508@syslang.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/11/09 12:04, quoth Jason Locklin:

>> Timestamp: Tuesday 11 Aug 2009, 11:31  --400 (Eastern Daylight Time)
> 
> I would avoid OpenDNS as they break a lot of stuff. If your ISP DNS
> servers are down, I would suggest emailing them.
> 
> For now, the IP address of pool.sks-keyservers.net is 76.184.75.94
> You can use the ip address directly until your DNS servers are back up.

I'm sorry but I switched from my ISP's DNS as my resolver to OpenDNS and life
has generally been better ever since. I found that a major performance issue
for lots of people is that the resolver provided by the ISP is frequently very
slow. I'd like to know more specifics on "they break lots of stuff".

I'm completely stumped as to what you might have to offer but if there's
something I should know I really want to hear it.

- --
Time flies like the wind. Fruit flies like a banana. Stranger things have  .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkqCRicACgkQRIVy4fC+NyQPfgCdHIz4hBCQYoTSSqRZGzhCkEHA
cFwAnjJbdm30XOhFbhc7hWsh00hfH9ek
=pZQg
-----END PGP SIGNATURE-----


From schot at A-Eskwadraat.nl  Wed Aug 12 11:25:36 2009
From: schot at A-Eskwadraat.nl (Jeroen Schot)
Date: Wed, 12 Aug 2009 11:25:36 +0200
Subject: pool.sks-keyservers.net connection error
In-Reply-To: <4A824627.20508@syslang.net>
References: <4A767B98.6010201@gmail.com>
	<4A818EF3.3000306__30630.633669398$1250004856$gmane$org@bellsouth.net>
	<h5s4qm$m1b$1@ger.gmane.org> <4A824627.20508@syslang.net>
Message-ID: <20090812092536.GA11582@A-Eskwadraat.nl>

On Wed, Aug 12, 2009 at 12:33:43AM -0400, Steven W. Orr wrote:
> On 08/11/09 12:04, quoth Jason Locklin:
> > I would avoid OpenDNS as they break a lot of stuff. If your ISP DNS servers
> > are down, I would suggest emailing them.
> > 
> I'm sorry but I switched from my ISP's DNS as my resolver to OpenDNS and life
> has generally been better ever since. I found that a major performance issue
> for lots of people is that the resolver provided by the ISP is frequently
> very slow. I'd like to know more specifics on "they break lots of stuff".
> 
> I'm completely stumped as to what you might have to offer but if there's
> something I should know I really want to hear it.

The main problem is that they redirect queries for non-existent domains instead
of returning NXDOMAIN. (Although you can turn this 'feature' off I think.)

See also the Wikipedia page on OpenDNS:
<http://en.wikipedia.org/wiki/OpenDNS#Privacy_issues.2C_conflicts_and_covert_redirection>

Regards,
-- 
Jeroen Schot
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 295 bytes
Desc: Digital signature
URL: </pipermail/attachments/20090812/fb17249e/attachment.pgp>

From jbruni at me.com  Thu Aug 13 04:46:52 2009
From: jbruni at me.com (Joseph Oreste Bruni)
Date: Wed, 12 Aug 2009 19:46:52 -0700
Subject: Two convicted in U.K. for refusal to decrypt data
Message-ID: <92983AE9-EB54-4D70-AA3F-9C75DA6FF2F2@me.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


http://www.securityfocus.com/news/11556

Not entirely on topic, but for those using GnuPG (or other encryption  
software), you should always keep abreast of the encryption laws of  
your country.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)

iQEcBAEBCAAGBQJKg36cAAoJEFGV1jrNVRjHWIUIAJLGzlNq50u6wKkFMNE6BIFE
RR1urE7EXngtZIvIrtRz97stReP2iJITQ0sfZUzwSziJ4DkB77jZCwHnQ0/SfT3z
u0WY2nIdP0924Ff6+Wgu+jZUr7/oYbLgv/o0j1JeXyKm+nsLVu4TlR2iJg6urr45
vXLPAgyYK3ETLExAiXRMsbhIs/Lmbs1p/6DHFNANOzdiSdlCX4xY1B+nBxj1dbWt
nHFCHXsApzOgzB+zIPXpbs0kzvzVIVzxqu4hk6hGaQlP4C1boowiDcCrOgfDt5cW
WaUJpJ3mM+Wiold7GCdtcHL87zz7mlFH7CX9p8GrouSduzhgCEcM0HW5iqtXh5E=
=Y3sE
-----END PGP SIGNATURE-----


From faramir.cl at gmail.com  Thu Aug 13 09:32:05 2009
From: faramir.cl at gmail.com (Faramir)
Date: Thu, 13 Aug 2009 03:32:05 -0400
Subject: Two convicted in U.K. for refusal to decrypt data
In-Reply-To: <92983AE9-EB54-4D70-AA3F-9C75DA6FF2F2@me.com>
References: <92983AE9-EB54-4D70-AA3F-9C75DA6FF2F2@me.com>
Message-ID: <4A83C175.2070105@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Joseph Oreste Bruni escribi?:
> 
> http://www.securityfocus.com/news/11556
> 
> Not entirely on topic, but for those using GnuPG (or other encryption
> software), you should always keep abreast of the encryption laws of your
> country.

  Unfortunately, it is not unusual people forgets the passphrases used
to protect files, or secret keys...

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJKg8F1AAoJEMV4f6PvczxAsrEH/2ltwMl0GWt/VZU8wiTRfDcE
X3F3ezKgd60zjb8NYZSm3PT4PcawC+Ta3MB5GHU7anhZG8+RTCM0lT0eg6fkSKT4
Q+/1WQqQ/PKgYIUbv9nxcug1zM7iTB1AcgcfitTRM8TLIhK4Y7fSorgA8ad2g/bv
k66OzWgTgyNWwPlAANm1aGrJ9x/uTPj6z9WuMcKYywfOluu5b3Xv8jw7e2NZj9FN
IBndZmK8+UOdb9iRtO9bm3FuxvHvTMmcoEcGmEUe0bdVMwJ+17nCSX75T2xiug+p
KE9bbHgG1cTCN8sV1wRFJHrardqYUkzAc6lxgSFBTVS2H7x/pIViCHnFQCSgmps=
=6pzl
-----END PGP SIGNATURE-----


From wk at gnupg.org  Thu Aug 13 10:37:33 2009
From: wk at gnupg.org (Werner Koch)
Date: Thu, 13 Aug 2009 10:37:33 +0200
Subject: [Announce] Gpg4win 2.0.0 has been released
Message-ID: <87bpmk6rea.fsf@wheatstone.g10code.de>

Hi!

Building and installing GnuPG on the Microsoft Windows platform is more
complicated than doing this on a Unix platform.  To help users we are
providing binary versions of GnuPG as part of the Gpg4win project.

Thus if you need GnuPG on Microsoft Windows, we suggest to use the
Gpg4win installer.  The installer allows to select the required
components.  If you only need GnuPG, you may just download the light
version of the installer.  However, most users want the full fledged
version with all the GUI tools.

Find below the original announcement.  With the exception of the KDE
parts and a few utility libraries, the installer has been build from the
original sources by me.  There are a few patches applied to add features
From the soon to be released 2.0.13 version of GnuPG; these patches are
part of the installer source tarball.


Shalom-Salam,

   Werner


==============
 From: Emanuel Sch?tze <emanuel at intevation.de>
 Subject: [Gpg4win-announce] Gpg4win 2.0.0 released
 To: gpg4win-announce at wald.intevation.org
 Date: Wed, 12 Aug 2009 20:28:33 +0200

Hello,

we are pleased to announce the availability of a new stable Gpg4win
release: Version 2.0.0.

This is the first production release of the major redesign. Over the last 15 
months we did 16 beta releases and hopefully squashed most of the serious 
bugs.

The download is available via the usual download page:

        http://www.gpg4win.org/download.html


Changes
-------

Gpg4win2 has major changes compared to Gpg4win 1.x.  Below is a list
of the most important ones:

- Kleopatra is the new certificate manager.  Kleopatra is the S/MIME
  certificate manager of KDE (a desktop environment used on many
  GNU/Linux systems).  For use in Gpg4win it has been extended to
  support OpenPGP and to act as a graphical user interface for all
  cryptographic operations.  It is automatically started if another
  component requests its services and then runs permanently in your
  system tray.  WinPT has been dropped.

- GpgEX is the new plugin for the Microsoft Explorer and replaces GpgEE.

- The mail program Claws Mail has been updated to a modern version.
  It now supports SSL, NNTP and IMAP.

- GpgOL, the plugin for Outlook 2003 and 2007 has been comprehensively
  updated.  It now supports PGP/MIME and thus makes the use of
  encrypted or signed attachments much easier and standard conform.
  Support for S/MIME has been added.  Most dialogs are now provided by
  Kleopatra for graphical user dialogs.

- The German "Gpg4win-Kompendium" is the new documentation for Gpg4win.
  This combines the previous "Einsteiger" and "Durchblicker" manuals.
  All chapters were reworked and extended to describe the new Gpg4win
  Version 2.0. Among other things, this means adaption to Kleopatra,
  GpgEX and PGP/MIME and new texts for S/MIME and X.509.

- Support of these platforms:
  Operating System: Windows 2000, XP (32/64), Vista (32/64)
  Outlook: 2003, 2007

- Included components are:
	GnuPG:        2.0.12
	Kleopatra:    2.0.11-svn1008232 (20090807)
	GPA:          0.9.0
	GpgOL:        1.0.0
	GpgEX:        0.9.3
	Claws-Mail:   3.7.2
	Kompendium:   3.0.0-beta3


Installation
------------

For installation instructions, please visit http://www.gpg4win.org or
read on.

Developers who want to *build an installer* need to get the following
files from http://wald.intevation.org/projects/gpg4win/ :

? gpg4win-2.0.0.tar.bz2  (5M)
? gpg4win-2.0.0.tar.bz2.sig

The second file is a digital signature of the the first file. ?Either
check that this signature is fine or compare with the checksums given
below. ?(see also http://www.gpg4win.org/package-integrity.html)

The *ready to use installer* is available at:

? http://ftp.gpg4win.org/gpg4win-2.0.0.exe ?(35M)
? http://ftp.gpg4win.org/gpg4win-2.0.0.exe.sig

Or using the ftp protocol at:

? ftp://ftp.gpg4win.org/gpg4win/gpg4win-2.0.0.exe ?(35M)
? ftp://ftp.gpg4win.org/gpg4win/gpg4win-2.0.0.exe.sig

SHA1 checksums for these files are given below.

If you don't need the manuals or the GnuPG2 command line tools for
S/MIME, you might alternatively download the "light" version of the
installer:

? http://ftp.gpg4win.org/gpg4win-light-2.0.0.exe ?(12M)
? http://ftp.gpg4win.org/gpg4win-light-2.0.0.exe.sig

or using FTP at:

? ftp://ftp.gpg4win.org/gpg4win/gpg4win-light-2.0.0.exe  (12M)
? ftp://ftp.gpg4win.org/gpg4win/gpg4win-light-2.0.0.exe.sig

A separate installer with the source files used to build the above
installer is available at:

? ftp://ftp.gpg4win.org/gpg4win/gpg4win-src-2.0.0.exe ?(277M)
? ftp://ftp.gpg4win.org/gpg4win/gpg4win-src-2.0.0.exe.sig

Most people don't need this source installer; it is merely stored on
that server to satisfy the conditions of the GPL. In general it is
better to get the gpg4win builder tarball (see above) and follow the
instructions in the README to build new installers; building the
installer is not possible on Windows machines and works best on current
Debian GNU/Linux systems.

SHA1 checksums are:

5a900a6807d2b4753d88cdb9548c528cf4bbbe3e  gpg4win-2.0.0.exe
d00fe78e71a55861a4ccbf92d6e06f4dcbe6aa82  gpg4win-light-2.0.0.exe
ba6e4c56bc721707e363640e357d87350c441e02  gpg4win-src-2.0.0.exe
f5457f61c8544cbae856738aabfff1a140c754b6  gpg4win-2.0.0.tar.bz2


If you have problems downloading the above files, you may try the mirror
server listed at the download page.

We like to thank the authors of the included packages, the NSIS authors,
all other contributors and first of all, those folks who stayed with us
and helped testing Gpg4win.

To help furthering this project, please consider to sponsor the
development. ?See http://www.gpg4win.org .


With best regards

? ?your Gpg4win Development Team


-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 205 bytes
Desc: not available
URL: </pipermail/attachments/20090813/4776c6e7/attachment.pgp>
-------------- next part --------------
_______________________________________________
Gnupg-announce mailing list
Gnupg-announce at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce

From shavital at mac.com  Thu Aug 13 12:59:55 2009
From: shavital at mac.com (Charly Avital)
Date: Thu, 13 Aug 2009 06:59:55 -0400
Subject: Two convicted in U.K. for refusal to decrypt data
In-Reply-To: <4A83C175.2070105@gmail.com>
References: <92983AE9-EB54-4D70-AA3F-9C75DA6FF2F2@me.com>
	<4A83C175.2070105@gmail.com>
Message-ID: <4A83F22B.6000300@mac.com>

Faramir wrote the following on 8/13/09 3:32 AM:
[...]

>   Unfortunately, it is not unusual people forgets the passphrases used
> to protect files, or secret keys...
> 
>   Best Regards


"Two people have been successfully prosecuted for *refusing* to provide
U.K......."

Charly


From ceprn at hotmail.com  Thu Aug 13 14:40:42 2009
From: ceprn at hotmail.com (the dragon)
Date: Thu, 13 Aug 2009 07:40:42 -0500
Subject: Two convicted in U.K. for refusal to decrypt data
In-Reply-To: <4A83F22B.6000300@mac.com>
References: <92983AE9-EB54-4D70-AA3F-9C75DA6FF2F2@me.com>
	<4A83C175.2070105@gmail.com>  <4A83F22B.6000300@mac.com>
Message-ID: <BLU113-W19FF7F24E1A65D7B4B406A5050@phx.gbl>


oops, didn't reply all...
 
And if you look at the cases reported, these are not system admins refusing to divulge data, or even regular people trying to protect their privacy - they are child molestors and wanna-be terrorists.
 
encrytion is about maintaining personal and data privacy; it's not about having a tool to break the law. 



PSA: Salary <> Slavery. If you earn a salary, your employer is renting your services for 40 hours a week, not purchasing your soul. Your time is the only real finite asset that you have, and once used it can never be recovered, so don't waste it by giving it away.

I work to live; I don't live to work.

"Time is the coin of your life. It is the only coin you have, and only you can determine how it will be spent. Be careful lest you let other people spend it for you." -- Carl Sandburg (1878 - 1967)

It is impossible to defeat an ignorant man in argument. -- William G. McAdoo

Religion is regarded by the common people as true, by the wise as false, and by the rulers as useful. -- Seneca

"I distrust those people who know so well what God wants them to do because I notice it always coincides with their own desires." - Susan B. Anthony





----------------------------------------
> Date: Thu, 13 Aug 2009 06:59:55 -0400
> From: shavital at mac.com
> Subject: Re: Two convicted in U.K. for refusal to decrypt data
> To: gnupg-users at gnupg.org
>
> Faramir wrote the following on 8/13/09 3:32 AM:
> [...]
>
>> Unfortunately, it is not unusual people forgets the passphrases used
>> to protect files, or secret keys...
>>
>> Best Regards
>
>
> "Two people have been successfully prosecuted for *refusing* to provide
> U.K......."
>
> Charly
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
_________________________________________________________________
Get your vacation photos on your phone!
http://windowsliveformobile.com/en-us/photos/default.aspx?&OCID=0809TL-HM

From dave.smith at st.com  Thu Aug 13 15:30:01 2009
From: dave.smith at st.com (David SMITH)
Date: Thu, 13 Aug 2009 14:30:01 +0100
Subject: Two convicted in U.K. for refusal to decrypt data
In-Reply-To: <4A83F22B.6000300@mac.com>
References: <92983AE9-EB54-4D70-AA3F-9C75DA6FF2F2@me.com>
	<4A83C175.2070105@gmail.com> <4A83F22B.6000300@mac.com>
Message-ID: <20090813133001.GU9608@bristol.st.com>

On Thu, Aug 13, 2009 at 06:59:55AM -0400, Charly Avital wrote:
> Faramir wrote the following on 8/13/09 3:32 AM:
> >   Unfortunately, it is not unusual people forgets the passphrases used
> > to protect files, or secret keys...
> 
> "Two people have been successfully prosecuted for *refusing* to provide
> U.K......."

You are, of course, assuming that the reporting is correct in its
implication that the defendants either admitted to having access to the
keys, or that it has been proven that they do have the keys.

I remember a lot of discussion at the time that the RIP bill was being
pushed through about the difficulty of proving that you don't have
access to a particular piece of information.

The RIPA is a particularly nasty piece of legislation in this respect.

--
David Smith        | Tel: +44 (0)1454 462380    Home: +44 (0)1454 616963
STMicroelectronics | Fax: +44 (0)1454 462305  Mobile: +44 (0)7932 642724
1000 Aztec West    | TINA: 065 2380          GPG Key: 0xF13192F2
Almondsbury        | Work Email: Dave.Smith at st.com
BRISTOL, BS32 4SQ  | Home Email: David.Smith at ds-electronics.co.uk


From ceprn at hotmail.com  Thu Aug 13 15:41:37 2009
From: ceprn at hotmail.com (the dragon)
Date: Thu, 13 Aug 2009 08:41:37 -0500
Subject: Two convicted in U.K. for refusal to decrypt data
In-Reply-To: <20090813133001.GU9608@bristol.st.com>
References: <92983AE9-EB54-4D70-AA3F-9C75DA6FF2F2@me.com>
	<4A83C175.2070105@gmail.com> <4A83F22B.6000300@mac.com> 
	<20090813133001.GU9608@bristol.st.com>
Message-ID: <BLU113-W23F16DE78C9F90E742FCDCA5050@phx.gbl>


If you're in control of the computer the files reside on, and were in control of it when the files were created and last accessed, the chances that you *don't* know the key for the encryption is so slim as to be nonexistant.

 

peace,

clark

PSA: Salary <> Slavery. If you earn a salary, your employer is renting your services for 40 hours a week, not purchasing your soul. Your time is the only real finite asset that you have, and once used it can never be recovered, so don't waste it by giving it away. 

I work to live; I don't live to work. 

"Time is the coin of your life. It is the only coin you have, and only you can determine how it will be spent. Be careful lest you let other people spend it for you." -- Carl Sandburg (1878 - 1967) 

It is impossible to defeat an ignorant man in argument. -- William G. McAdoo 

Religion is regarded by the common people as true, by the wise as false, and by the rulers as useful. -- Seneca 

"I distrust those people who know so well what God wants them to do because I notice it always coincides with their own desires." - Susan B. Anthony


 
> Date: Thu, 13 Aug 2009 14:30:01 +0100
> From: dave.smith at st.com
> To: gnupg-users at gnupg.org
> Subject: Re: Two convicted in U.K. for refusal to decrypt data
> 
> On Thu, Aug 13, 2009 at 06:59:55AM -0400, Charly Avital wrote:
> > Faramir wrote the following on 8/13/09 3:32 AM:
> > > Unfortunately, it is not unusual people forgets the passphrases used
> > > to protect files, or secret keys...
> > 
> > "Two people have been successfully prosecuted for *refusing* to provide
> > U.K......."
> 
> You are, of course, assuming that the reporting is correct in its
> implication that the defendants either admitted to having access to the
> keys, or that it has been proven that they do have the keys.
> 
> I remember a lot of discussion at the time that the RIP bill was being
> pushed through about the difficulty of proving that you don't have
> access to a particular piece of information.
> 
> The RIPA is a particularly nasty piece of legislation in this respect.
> 
> --
> David Smith | Tel: +44 (0)1454 462380 Home: +44 (0)1454 616963
> STMicroelectronics | Fax: +44 (0)1454 462305 Mobile: +44 (0)7932 642724
> 1000 Aztec West | TINA: 065 2380 GPG Key: 0xF13192F2
> Almondsbury | Work Email: Dave.Smith at st.com
> BRISTOL, BS32 4SQ | Home Email: David.Smith at ds-electronics.co.uk
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

_________________________________________________________________
Express your personality in color! Preview and select themes for Hotmail?. 
http://www.windowslive-hotmail.com/LearnMore/personalize.aspx?ocid=PID23391::T:WLMTAGL:ON:WL:en-US:WM_HYGN_express:082009
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20090813/0c1d4175/attachment.htm>

From dave.smith at st.com  Thu Aug 13 15:49:55 2009
From: dave.smith at st.com (David SMITH)
Date: Thu, 13 Aug 2009 14:49:55 +0100
Subject: Two convicted in U.K. for refusal to decrypt data
In-Reply-To: <BLU113-W23F16DE78C9F90E742FCDCA5050@phx.gbl>
References: <92983AE9-EB54-4D70-AA3F-9C75DA6FF2F2@me.com>
	<4A83C175.2070105@gmail.com> <4A83F22B.6000300@mac.com>
	<20090813133001.GU9608@bristol.st.com>
	<BLU113-W23F16DE78C9F90E742FCDCA5050@phx.gbl>
Message-ID: <20090813134955.GV9608@bristol.st.com>

On Thu, Aug 13, 2009 at 08:41:37AM -0500, the dragon wrote:
> If you're in control of the computer the files reside on, and were
> in control of it when the files were created and last accessed, the
> chances that you *don't* know the key for the encryption is so slim
> as to be nonexistant.

So the people who come on gnupg-users asking for help because they've
forgotten their passphrase or accidentally deleted their ~/.gnupg
directory don't exist?

I guess that's a new way of replying to them: "You don't exist".

Not forgetting the possibility of malicious intentions - trying to frame
someone by putting encrypted data onto someone's computer and tipping
off the authorities.

-- 
David Smith        | Tel: +44 (0)1454 462380    Home: +44 (0)1454 616963
STMicroelectronics | Fax: +44 (0)1454 462305  Mobile: +44 (0)7932 642724
1000 Aztec West    | TINA: 065 2380          GPG Key: 0xF13192F2
Almondsbury        | Work Email: Dave.Smith at st.com
BRISTOL, BS32 4SQ  | Home Email: David.Smith at ds-electronics.co.uk


From rjh at sixdemonbag.org  Thu Aug 13 15:59:45 2009
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Thu, 13 Aug 2009 09:59:45 -0400
Subject: Two convicted in U.K. for refusal to decrypt data
In-Reply-To: <BLU113-W23F16DE78C9F90E742FCDCA5050@phx.gbl>
References: <92983AE9-EB54-4D70-AA3F-9C75DA6FF2F2@me.com>	<4A83C175.2070105@gmail.com>
	<4A83F22B.6000300@mac.com> <20090813133001.GU9608@bristol.st.com>
	<BLU113-W23F16DE78C9F90E742FCDCA5050@phx.gbl>
Message-ID: <4A841C51.4030500@sixdemonbag.org>

the dragon wrote:
> If you're in control of the computer the files reside on, and were in
> control of it when the files were created and last accessed, the chances
> that you *don't* know the key for the encryption is so slim as to be
> nonexistant.

Apparently I don't exist, then.  I have files which were last accessed
by me a year ago, for which I've forgotten the passphrases to the
symmetrically-encoded data.  It's just another example of people
forgetting what they rarely use.

I'm certain there are other people here in the same boat.


From Michael.GRIFFITHS at arc-intl.com  Thu Aug 13 15:53:46 2009
From: Michael.GRIFFITHS at arc-intl.com (michael GRIFFITHS)
Date: Thu, 13 Aug 2009 15:53:46 +0200
Subject: Two convicted in U.K. for refusal to decrypt data
In-Reply-To: <20090813134955.GV9608@bristol.st.com>
References: <92983AE9-EB54-4D70-AA3F-9C75DA6FF2F2@me.com><4A83C175.2070105@gmail.com>
	<4A83F22B.6000300@mac.com><20090813133001.GU9608@bristol.st.com><BLU113-W23F16DE78C9F90E742FCDCA5050@phx.gbl>
	<20090813134955.GV9608@bristol.st.com>
Message-ID: <6740B3A8EA1647478669675F861F16CF04DE1D04@MAILFR1.emea.dmai.net>

So who is on with the plausible deniability project for gpg?  

I have to admit the thought of not being able to prove my innocence
doesn't sound like a good prospect. Innocent until proven guilty just
isnt an option anymore
________________________________________________________________________
________________________________________

Michael Griffiths - IT Systems Administrator

Direct dial: +44 (0) 113 2763422 | Office: +44 (0) 113 2710033 - Ext:
203 | Mobile: +44 (0) 788 1957504 
Address: Arc House | Middleton Grove| Beeston | Leeds | LS11 5BX | UK
Email: michael.griffiths at arc-intl.com

Please consider the environment before printing this email.
________________________________________________________________________
________________________________________


-----Original Message-----
From: gnupg-users-bounces at gnupg.org
[mailto:gnupg-users-bounces at gnupg.org] On Behalf Of David SMITH
Sent: 13 August 2009 14:50
To: gnupg-users at gnupg.org
Subject: Re: Two convicted in U.K. for refusal to decrypt data

On Thu, Aug 13, 2009 at 08:41:37AM -0500, the dragon wrote:
> If you're in control of the computer the files reside on, and were in 
> control of it when the files were created and last accessed, the 
> chances that you *don't* know the key for the encryption is so slim as

> to be nonexistant.

So the people who come on gnupg-users asking for help because they've
forgotten their passphrase or accidentally deleted their ~/.gnupg
directory don't exist?

I guess that's a new way of replying to them: "You don't exist".

Not forgetting the possibility of malicious intentions - trying to frame
someone by putting encrypted data onto someone's computer and tipping
off the authorities.

-- 
David Smith        | Tel: +44 (0)1454 462380    Home: +44 (0)1454 616963
STMicroelectronics | Fax: +44 (0)1454 462305  Mobile: +44 (0)7932 642724
1000 Aztec West    | TINA: 065 2380          GPG Key: 0xF13192F2
Almondsbury        | Work Email: Dave.Smith at st.com
BRISTOL, BS32 4SQ  | Home Email: David.Smith at ds-electronics.co.uk

_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

To ensure an optimal service, the ARC INTERNATIONAL Group uses the most powerful antiviruses and antispam systems currently available. This message and any attachments (the "message") are intended solely for the addresses and are confidential. If you receive this message in error, please delete it and immediately notify the sender. Any use not in accordance with its purpose, any dissemination or disclosure, either in whole or in part, is prohibited without formal approval. The internet cannot guarantee the integrity of this message; ARC INTERNATIONAL (and its subsidiaries) shall (will) not therefore be liable for the message if modified.



From Michael.GRIFFITHS at arc-intl.com  Thu Aug 13 15:34:32 2009
From: Michael.GRIFFITHS at arc-intl.com (michael GRIFFITHS)
Date: Thu, 13 Aug 2009 15:34:32 +0200
Subject: Two convicted in U.K. for refusal to decrypt data
In-Reply-To: <20090813133001.GU9608@bristol.st.com>
References: <92983AE9-EB54-4D70-AA3F-9C75DA6FF2F2@me.com><4A83C175.2070105@gmail.com>
	<4A83F22B.6000300@mac.com> <20090813133001.GU9608@bristol.st.com>
Message-ID: <6740B3A8EA1647478669675F861F16CF04DE1CEE@MAILFR1.emea.dmai.net>

Yes, and I'm sure that the government's (in any country) will word these
cases in there own favour and make anyone who uses this technology look
like the bad guys


________________________________________________________________________
________________________________________

Michael Griffiths - IT Systems Administrator

Direct dial: +44 (0) 113 2763422 | Office: +44 (0) 113 2710033 - Ext:
203 | Mobile: +44 (0) 788 1957504 
Address: Arc House | Middleton Grove| Beeston | Leeds | LS11 5BX | UK
Email: michael.griffiths at arc-intl.com

Please consider the environment before printing this email.
________________________________________________________________________
________________________________________


-----Original Message-----
From: gnupg-users-bounces at gnupg.org
[mailto:gnupg-users-bounces at gnupg.org] On Behalf Of David SMITH
Sent: 13 August 2009 14:30
To: gnupg-users at gnupg.org
Subject: Re: Two convicted in U.K. for refusal to decrypt data

On Thu, Aug 13, 2009 at 06:59:55AM -0400, Charly Avital wrote:
> Faramir wrote the following on 8/13/09 3:32 AM:
> >   Unfortunately, it is not unusual people forgets the passphrases 
> > used to protect files, or secret keys...
> 
> "Two people have been successfully prosecuted for *refusing* to 
> provide U.K......."

You are, of course, assuming that the reporting is correct in its
implication that the defendants either admitted to having access to the
keys, or that it has been proven that they do have the keys.

I remember a lot of discussion at the time that the RIP bill was being
pushed through about the difficulty of proving that you don't have
access to a particular piece of information.

The RIPA is a particularly nasty piece of legislation in this respect.

--
David Smith        | Tel: +44 (0)1454 462380    Home: +44 (0)1454 616963
STMicroelectronics | Fax: +44 (0)1454 462305  Mobile: +44 (0)7932 642724
1000 Aztec West    | TINA: 065 2380          GPG Key: 0xF13192F2
Almondsbury        | Work Email: Dave.Smith at st.com
BRISTOL, BS32 4SQ  | Home Email: David.Smith at ds-electronics.co.uk

_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

To ensure an optimal service, the ARC INTERNATIONAL Group uses the most powerful antiviruses and antispam systems currently available. This message and any attachments (the "message") are intended solely for the addresses and are confidential. If you receive this message in error, please delete it and immediately notify the sender. Any use not in accordance with its purpose, any dissemination or disclosure, either in whole or in part, is prohibited without formal approval. The internet cannot guarantee the integrity of this message; ARC INTERNATIONAL (and its subsidiaries) shall (will) not therefore be liable for the message if modified.



From dkg at fifthhorseman.net  Thu Aug 13 16:25:25 2009
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Thu, 13 Aug 2009 10:25:25 -0400
Subject: Two convicted in U.K. for refusal to decrypt data
In-Reply-To: <BLU113-W19FF7F24E1A65D7B4B406A5050@phx.gbl>
References: <92983AE9-EB54-4D70-AA3F-9C75DA6FF2F2@me.com>	<4A83C175.2070105@gmail.com>
	<4A83F22B.6000300@mac.com>
	<BLU113-W19FF7F24E1A65D7B4B406A5050@phx.gbl>
Message-ID: <4A842255.2090407@fifthhorseman.net>

On 08/13/2009 08:40 AM, the dragon wrote:

> And if you look at the cases reported, these are not system admins refusing 
> to divulge data, or even regular people trying to protect their privacy -
> they are child molestors and wanna-be terrorists.

Some of them may molest children and some may want to be terrorists (is
wanting to be a terrorist illegal in your jurisdiction?).  Some of them
may simply be accused of doing these things (or of other activities
which you might find more or less offensive than molestation or
terrorism-wanting).  And perhaps they are accused incorrectly.

It sounds like the innocent accused will still be at risk of conviction
(for violating RIPA if not for their alleged crimes) if they choose to
maintain personal and data privacy in the face of these accusations.

> encrytion is about maintaining personal and data 
> privacy; it's not about having a tool to break the law.

It sounds like the UK has made laws that target users of encryption
whether or not those users have actually broken other laws.  So in that
sense, encryption *is* about having a tool to break the law, at least in
the UK :(

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090813/4bb0a892/attachment.pgp>

From dshaw at jabberwocky.com  Thu Aug 13 16:33:11 2009
From: dshaw at jabberwocky.com (David Shaw)
Date: Thu, 13 Aug 2009 10:33:11 -0400
Subject: Two convicted in U.K. for refusal to decrypt data
In-Reply-To: <6740B3A8EA1647478669675F861F16CF04DE1D04@MAILFR1.emea.dmai.net>
References: <92983AE9-EB54-4D70-AA3F-9C75DA6FF2F2@me.com><4A83C175.2070105@gmail.com>
	<4A83F22B.6000300@mac.com><20090813133001.GU9608@bristol.st.com><BLU113-W23F16DE78C9F90E742FCDCA5050@phx.gbl>
	<20090813134955.GV9608@bristol.st.com>
	<6740B3A8EA1647478669675F861F16CF04DE1D04@MAILFR1.emea.dmai.net>
Message-ID: <84B6FF67-7151-4CA2-A962-4D0796A19747@jabberwocky.com>

On Aug 13, 2009, at 9:53 AM, michael GRIFFITHS wrote:

> So who is on with the plausible deniability project for gpg?
>
> I have to admit the thought of not being able to prove my innocence
> doesn't sound like a good prospect. Innocent until proven guilty just
> isnt an option anymore

While I believe Perry Metzger was referring to the US courts, this  
post is still well worth reading.  I doubt the situation is vastly  
different outside of the US:  http://www.mail-archive.com/cryptography at metzdowd.com/msg10391.html

David



From jhs at berklix.com  Thu Aug 13 16:38:42 2009
From: jhs at berklix.com (Julian H. Stacey)
Date: Thu, 13 Aug 2009 16:38:42 +0200
Subject: Two convicted in U.K. for refusal to decrypt data 
In-Reply-To: Your message "Thu, 13 Aug 2009 07:40:42 CDT."
	<BLU113-W19FF7F24E1A65D7B4B406A5050@phx.gbl> 
Message-ID: <200908131438.n7DEcgdO015139@fire.js.berklix.net>

Hi,
Reference:
> From:		the dragon <ceprn at hotmail.com> 

> And if you look at the cases reported, these are not system admins refusing to divulge data, or even regular people trying to protect their privacy - they are child molestors and wanna-be terrorists.

Bollocks, To be charged is not necessarily to be guilty, The concept
of fair trial & presumend innocent until found guilty in a court
of Law, must preceed assuming pronoun "convicted" applies to each charged.

Better stick to technology.

Cheers,
Julian
-- 
Julian Stacey: BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com
  Mail ASCII plain text not HTML & Base64.      http://asciiribbon.org
  Virused Microsoft PCs cause spam.             http://berklix.com/free/


From ceprn at hotmail.com  Thu Aug 13 16:41:10 2009
From: ceprn at hotmail.com (the dragon)
Date: Thu, 13 Aug 2009 09:41:10 -0500
Subject: Two convicted in U.K. for refusal to decrypt data
In-Reply-To: <4A842255.2090407@fifthhorseman.net>
References: <92983AE9-EB54-4D70-AA3F-9C75DA6FF2F2@me.com>
	<4A83C175.2070105@gmail.com>  <4A83F22B.6000300@mac.com>
	<BLU113-W19FF7F24E1A65D7B4B406A5050@phx.gbl>
	<4A842255.2090407@fifthhorseman.net>
Message-ID: <BLU113-W14E85C16BF8AACD1C62E3A5050@phx.gbl>


Yes, conspiracy to commit terrorism, or assisting terrorist organizations are federal felony crimes in the US.

PSA: Salary <> Slavery. If you earn a salary, your employer is renting your services for 40 hours a week, not purchasing your soul. Your time is the only real finite asset that you have, and once used it can never be recovered, so don't waste it by giving it away. 

I work to live; I don't live to work. 

"Time is the coin of your life. It is the only coin you have, and only you can determine how it will be spent. Be careful lest you let other people spend it for you." -- Carl Sandburg (1878 - 1967) 

It is impossible to defeat an ignorant man in argument. -- William G. McAdoo 

Religion is regarded by the common people as true, by the wise as false, and by the rulers as useful. -- Seneca 

"I distrust those people who know so well what God wants them to do because I notice it always coincides with their own desires." - Susan B. Anthony


 
> Date: Thu, 13 Aug 2009 10:25:25 -0400
> From: dkg at fifthhorseman.net
> To: ceprn at hotmail.com
> CC: gnupg-users at gnupg.org
> Subject: Re: Two convicted in U.K. for refusal to decrypt data
> 
> On 08/13/2009 08:40 AM, the dragon wrote:
> 
> > And if you look at the cases reported, these are not system admins refusing 
> > to divulge data, or even regular people trying to protect their privacy -
> > they are child molestors and wanna-be terrorists.
> 
> Some of them may molest children and some may want to be terrorists (is
> wanting to be a terrorist illegal in your jurisdiction?). Some of them
> may simply be accused of doing these things (or of other activities
> which you might find more or less offensive than molestation or
> terrorism-wanting). And perhaps they are accused incorrectly.
> 
> It sounds like the innocent accused will still be at risk of conviction
> (for violating RIPA if not for their alleged crimes) if they choose to
> maintain personal and data privacy in the face of these accusations.
> 
> > encrytion is about maintaining personal and data 
> > privacy; it's not about having a tool to break the law.
> 
> It sounds like the UK has made laws that target users of encryption
> whether or not those users have actually broken other laws. So in that
> sense, encryption *is* about having a tool to break the law, at least in
> the UK :(
> 
> --dkg
> 

_________________________________________________________________
Windows Live?: Keep your life in sync.
http://windowslive.com/explore?ocid=PID23384::T:WLMTAGL:ON:WL:en-US:NF_BR_sync:082009
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20090813/841e5f45/attachment-0001.htm>

From Michael.GRIFFITHS at arc-intl.com  Thu Aug 13 16:44:28 2009
From: Michael.GRIFFITHS at arc-intl.com (michael GRIFFITHS)
Date: Thu, 13 Aug 2009 16:44:28 +0200
Subject: Two convicted in U.K. for refusal to decrypt data 
In-Reply-To: <200908131438.n7DEcgdO015139@fire.js.berklix.net>
References: Your message "Thu, 13 Aug 2009 07:40:42
	CDT."<BLU113-W19FF7F24E1A65D7B4B406A5050@phx.gbl>
	<200908131438.n7DEcgdO015139@fire.js.berklix.net>
Message-ID: <6740B3A8EA1647478669675F861F16CF04DE1D5A@MAILFR1.emea.dmai.net>

This is what the uk law has to say on the matter (see below) so I
interpret it as this. You may not be guilty but if you don't give them
the info they require in the format they require you are then guilty of
that law.

3.1 Part III provides a statutory framework that enables public
authorities to require protected electronic information which they
have obtained lawfully or are likely to obtain lawfully be put into an
intelligible form; to acquire the means to gain access to protected
information and to acquire the means to put protected information
into an intelligible form.
3.2 The specific provisions are:
power to require disclosure of protected information in an
intelligible form (section 49);
power to require disclosure of the means to access protected
information (section 50(3)(c);
power to require disclosure of the means of putting protected
information into an intelligible form (section 50(3)(c)), and
power to attach a secrecy provision to any disclosure requirement
(section 54).
3.3 Failure to comply with a disclosure requirement or a secrecy
requirement is a criminal offence.
 


________________________________________________________________________
________________________________________

Michael Griffiths - IT Systems Administrator

Direct dial: +44 (0) 113 2763422 | Office: +44 (0) 113 2710033 - Ext:
203 | Mobile: +44 (0) 788 1957504 
Address: Arc House | Middleton Grove| Beeston | Leeds | LS11 5BX | UK
Email: michael.griffiths at arc-intl.com

Please consider the environment before printing this email.
________________________________________________________________________
________________________________________


-----Original Message-----
From: gnupg-users-bounces at gnupg.org
[mailto:gnupg-users-bounces at gnupg.org] On Behalf Of Julian H. Stacey
Sent: 13 August 2009 15:39
To: the dragon
Cc: gnupg-users at gnupg.org
Subject: Re: Two convicted in U.K. for refusal to decrypt data 

Hi,
Reference:
> From:		the dragon <ceprn at hotmail.com> 

> And if you look at the cases reported, these are not system admins
refusing to divulge data, or even regular people trying to protect their
privacy - they are child molestors and wanna-be terrorists.

Bollocks, To be charged is not necessarily to be guilty, The concept of
fair trial & presumend innocent until found guilty in a court of Law,
must preceed assuming pronoun "convicted" applies to each charged.

Better stick to technology.

Cheers,
Julian
--
Julian Stacey: BSD Unix Linux C Sys Eng Consultants Munich
http://berklix.com
  Mail ASCII plain text not HTML & Base64.      http://asciiribbon.org
  Virused Microsoft PCs cause spam.             http://berklix.com/free/

_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

To ensure an optimal service, the ARC INTERNATIONAL Group uses the most powerful antiviruses and antispam systems currently available. This message and any attachments (the "message") are intended solely for the addresses and are confidential. If you receive this message in error, please delete it and immediately notify the sender. Any use not in accordance with its purpose, any dissemination or disclosure, either in whole or in part, is prohibited without formal approval. The internet cannot guarantee the integrity of this message; ARC INTERNATIONAL (and its subsidiaries) shall (will) not therefore be liable for the message if modified.



From wk at gnupg.org  Thu Aug 13 16:40:25 2009
From: wk at gnupg.org (Werner Koch)
Date: Thu, 13 Aug 2009 16:40:25 +0200
Subject: 1.4.10 release candidate
Message-ID: <87ocqj6ali.fsf@wheatstone.g10code.de>

Hi,

I just uploaded a release candidate for GnuPG 1.4.10:

  ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.10rc1.tar.bz2
  ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.10rc1.tar.bz2.sig

Since the release of 1.4.9 back in March 2008 we did quite some changes.
It would be good if you can give this version a try, so that we won't
run into too many build problems with the actual release.

Please report bugs to the devel or users mailing list.


Happy hacking,

   Werner


-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.



From wk at gnupg.org  Thu Aug 13 16:44:54 2009
From: wk at gnupg.org (Werner Koch)
Date: Thu, 13 Aug 2009 16:44:54 +0200
Subject: Changes in 1.4.10 (was: 1.4.10 release candidate)
In-Reply-To: <87ocqj6ali.fsf@wheatstone.g10code.de> (Werner Koch's message of
	"Thu, 13 Aug 2009 16:40:25 +0200")
References: <87ocqj6ali.fsf@wheatstone.g10code.de>
Message-ID: <87k5176ae1.fsf@wheatstone.g10code.de>


Noteworthy changes in version 1.4.10 (unreleased)
-------------------------------------------------

    * 2048 bit RSA keys are now generated by default.  The default
      hash algorithm preferences has changed to prefer SHA-256 over
      SHA-1.  2048 bit DSA keys are now generated to use a 256 bit
      hash algorithm

    * Support v2 OpenPGP cards.

    * The algorithm to compute the SIG_ID status has been changed to
      match the one from 2.0.10.

    * Improved file locking.  Implemented it for W32.

    * Fixed a memory leak which made imports of many keys very slow.

    * Many smaller bug fixes.

    * Support for the Camellia cipher (RFC-5581).

    * Support for HKP keyservers over SSL ("HKPS").




-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.



From iainr at inf.ed.ac.uk  Thu Aug 13 15:44:44 2009
From: iainr at inf.ed.ac.uk (Iain Rae)
Date: Thu, 13 Aug 2009 14:44:44 +0100
Subject: Two convicted in U.K. for refusal to decrypt data
In-Reply-To: <20090813133001.GU9608@bristol.st.com>
References: <92983AE9-EB54-4D70-AA3F-9C75DA6FF2F2@me.com>	<4A83C175.2070105@gmail.com>
	<4A83F22B.6000300@mac.com> <20090813133001.GU9608@bristol.st.com>
Message-ID: <4A8418CC.2080505@inf.ed.ac.uk>

David SMITH wrote:
> On Thu, Aug 13, 2009 at 06:59:55AM -0400, Charly Avital wrote:
>   
>> Faramir wrote the following on 8/13/09 3:32 AM:
>>     
>>>   Unfortunately, it is not unusual people forgets the passphrases used
>>> to protect files, or secret keys...
>>>       
>> "Two people have been successfully prosecuted for *refusing* to provide
>> U.K......."
>>     
>
> You are, of course, assuming that the reporting is correct in its
> implication that the defendants either admitted to having access to the
> keys, or that it has been proven that they do have the keys.
>
> I remember a lot of discussion at the time that the RIP bill was being
> pushed through about the difficulty of proving that you don't have
> access to a particular piece of information.
>
> The RIPA is a particularly nasty piece of legislation in this respect.
>   
I've often wondered what the situation would be if you'd set your 
password to
"go and F**k yourself"
and were then required to provide it under the RIP bill.
At the very least it would make for a very entertaining interview.





> --
> David Smith        | Tel: +44 (0)1454 462380    Home: +44 (0)1454 616963
> STMicroelectronics | Fax: +44 (0)1454 462305  Mobile: +44 (0)7932 642724
> 1000 Aztec West    | TINA: 065 2380          GPG Key: 0xF13192F2
> Almondsbury        | Work Email: Dave.Smith at st.com
> BRISTOL, BS32 4SQ  | Home Email: David.Smith at ds-electronics.co.uk
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>   


-- 
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.



From addw at phcomp.co.uk  Thu Aug 13 16:59:58 2009
From: addw at phcomp.co.uk (Alain Williams)
Date: Thu, 13 Aug 2009 15:59:58 +0100
Subject: Two convicted in U.K. for refusal to decrypt data
In-Reply-To: <4A8418CC.2080505@inf.ed.ac.uk>
References: <92983AE9-EB54-4D70-AA3F-9C75DA6FF2F2@me.com>
	<4A83C175.2070105@gmail.com> <4A83F22B.6000300@mac.com>
	<20090813133001.GU9608@bristol.st.com>
	<4A8418CC.2080505@inf.ed.ac.uk>
Message-ID: <20090813145958.GL5287@phcomp.co.uk>

On Thu, Aug 13, 2009 at 02:44:44PM +0100, Iain Rae wrote:

> >The RIPA is a particularly nasty piece of legislation in this respect.
> >  
> I've often wondered what the situation would be if you'd set your 
> password to
> "go and F**k yourself"
> and were then required to provide it under the RIP bill.
> At the very least it would make for a very entertaining interview.

The other thing to bear in mind is that there have been some recent cases of
people impersonating policemen - so you do need to ask them to identify
themselves and prove who they are. If you do not then you would fall foul
of the data protection act.

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256  http://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: http://www.phcomp.co.uk/contact.php
Past chairman of UKUUG: http://www.ukuug.org/
#include <std_disclaimer.h>


From jmoore3rd at bellsouth.net  Thu Aug 13 16:51:18 2009
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Thu, 13 Aug 2009 10:51:18 -0400
Subject: Two convicted in U.K. for refusal to decrypt data
In-Reply-To: <200908131438.n7DEcgdO015139@fire.js.berklix.net>
References: <200908131438.n7DEcgdO015139@fire.js.berklix.net>
Message-ID: <4A842866.5040002@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Julian H. Stacey wrote:
> Hi,
> Reference:
>> From:		the dragon <ceprn at hotmail.com> 
> 
>> And if you look at the cases reported, these are not system admins refusing to divulge data, or even regular people trying to protect their privacy - they are child molestors and wanna-be terrorists.
> 
> Bollocks, To be charged is not necessarily to be guilty, The concept
> of fair trial & presumend innocent until found guilty in a court
> of Law, must preceed assuming pronoun "convicted" applies to each charged.

Just another example of the thinking that says 'The Police wouldn't have
charged Him/Her if they weren't guilty.'  Not the sort of person You'd
want on Your Jury; but probably a neighbor, friend, etc.  This attitude
is held by the vast majority of 'all people'.  :(

JOHN ;)
Timestamp: Thursday 13 Aug 2009, 10:50  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn5068: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: http://www.gswot.org
Comment: Personal Web Page:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJKhChkAAoJEBCGy9eAtCsPNnQH/RQZKvkYc9et26rmKfp+snIZ
iHh7EPTjDafjuZ5DJYVDMvU/iEWPRLFEhnjgods574zv2jh0ZqbPp5DqbfLTvx3Y
ZPh48DKz53exnF2tcJ4xnRPE2ZRTnKUED0LKd0nD9X2Ddj4Bz8XekvvRmcWdAtE3
CQXNb/AXBjN9NEtqnnR7aUJTHIsfjR2OT4Yw+dJkV3tgAQt7nHXvEx7mQjgAV6bP
M/KzB5ZxkdJYee5RAntjENQBTSh5+T9HN/4x2tHk/dtd5Tdd6J1LGdR5cFzEsxPw
zRYRAcurr/X0pzhlvgoWYHO2z/n2Z9FCgMxPaQxxtIsdvQACADPyLg+2yU0OsM4=
=3PGd
-----END PGP SIGNATURE-----


From steveo at syslang.net  Thu Aug 13 19:09:34 2009
From: steveo at syslang.net (Steven W. Orr)
Date: Thu, 13 Aug 2009 13:09:34 -0400
Subject: Two convicted in U.K. for refusal to decrypt data
In-Reply-To: <BLU113-W23F16DE78C9F90E742FCDCA5050@phx.gbl>
References: <92983AE9-EB54-4D70-AA3F-9C75DA6FF2F2@me.com>	<4A83C175.2070105@gmail.com>
	<4A83F22B.6000300@mac.com> <20090813133001.GU9608@bristol.st.com>
	<BLU113-W23F16DE78C9F90E742FCDCA5050@phx.gbl>
Message-ID: <4A8448CE.1080601@syslang.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/13/09 09:41, quoth the dragon:
> If you're in control of the computer the files reside on, and were in
> control of it when the files were created and last accessed, the chances
> that you *don't* know the key for the encryption is so slim as to be
> nonexistant.

Scuze me? I thought this was the gnupg list! I'm sorta new at this stuff but
I'm expecting just a bit more expertise from the people contributing to this
conversation.

First of all, I am running Thunderbird + Enigmail and I have gone out of my
way to set "Add my own key to the recipients" to be OFF. I very much want
email that I encrypt to others to not be readable by me at all. I am not a
child pornographer or a terrorist and I do not have anything to hide except my
own personal privacy. My personal choice is that if I send a message to
someone and it is encrypted then I do *not*, by default, want to be able to
see what I sent in my own sent-mail folder. If I want that option then I can
simply Bcc myself when I send it.

Second, I happen to be a Defendant in a case in US Federal Court. (Ever heard
the phrase "Don't make a Federal case out of it?") They did. And they're right
now in the process of losing big time against us. My only regret is that when
we were served and I had nothing to hide, I wish that some of my email that I
was required to turn over as part of the Discovery process had been encrypted.
I would dearly have wanted them to come to me and say "Hey! This is encrypted
so you have to decrypt it." and my response would have been "Sorry Your Honor,
but I have no ability to decrypt that message. It can only be decrypted by the
recipient.

And yes, when I first started learning about this stuff, I did initially add
my key when encrypting and between Enigmail and gnupg.conf and gpg-agent.conf
it actually took a bit to figure out how to shut it off.

So, when we talk about "chances that you *don't* know the key for the
encryption is so slim as to be nonexistant", I think it's time for a few of us
to take a step backwards and remember what the issue is here. As it sits right
now, I do *not* know if the people who were in trouble in the UK are the
encryptors or the decryptors and I also don't know if the encryptors even
added their own keys to the message.

- --
Time flies like the wind. Fruit flies like a banana. Stranger things have  .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkqESM4ACgkQRIVy4fC+NyQ5xACfSeTYbNZAX7pqIVd5G2WQaS33
uvMAn2gYIW8xaOIUpKtz+qk23IXM2rsK
=pXGO
-----END PGP SIGNATURE-----


From shavital at mac.com  Thu Aug 13 19:55:09 2009
From: shavital at mac.com (Charly Avital)
Date: Thu, 13 Aug 2009 13:55:09 -0400
Subject: Changes in 1.4.10
In-Reply-To: <87k5176ae1.fsf@wheatstone.g10code.de>
References: <87ocqj6ali.fsf@wheatstone.g10code.de>
	<87k5176ae1.fsf@wheatstone.g10code.de>
Message-ID: <4A84537D.6030109@mac.com>

Werner Koch wrote the following on 8/13/09 10:44 AM:
> Noteworthy changes in version 1.4.10 (unreleased)
> -------------------------------------------------

Version info:   gnupg 1.4.10rc1
Configured for: Darwin (i386-apple-darwin9.8.0)

> 
>     * 2048 bit RSA keys are now generated by default.  The default
>       hash algorithm preferences has changed to prefer SHA-256 over
>       SHA-1.  2048 bit DSA keys are now generated to use a 256 bit
>       hash algorithm

Tested.

> 
>     * Support v2 OpenPGP cards.

Didn't get my v2 card yet.

[...]

> 
>     * Support for the Camellia cipher (RFC-5581).

$ gpg --version
gpg (GnuPG) 1.4.10rc1
NOTE: THIS IS A DEVELOPMENT VERSION!
It is only intended for test purposes and should NOT be
used in a production environment or with production keys!
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128,
        CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2


Thank you Werner.
Charly
MacOS 10.5.8-MacBook Intel C2Duo 2GHz-GnuPG 1.4.10rc1-MacGPG 2.0.12
TB 2.0.0.22+EM 0.96.0-Apple's Mail+GPGMail 1.2.0 (v56), Key: 0xA57A8EFA


From steve-gnupg at gbnet.net  Thu Aug 13 20:00:29 2009
From: steve-gnupg at gbnet.net (Steve Kennedy)
Date: Thu, 13 Aug 2009 19:00:29 +0100
Subject: Two convicted in U.K. for refusal to decrypt data
In-Reply-To: <4A8448CE.1080601@syslang.net>
References: <92983AE9-EB54-4D70-AA3F-9C75DA6FF2F2@me.com>
	<4A83C175.2070105@gmail.com> <4A83F22B.6000300@mac.com>
	<20090813133001.GU9608@bristol.st.com>
	<BLU113-W23F16DE78C9F90E742FCDCA5050@phx.gbl>
	<4A8448CE.1080601@syslang.net>
Message-ID: <20090813180029.GC1353@colonelk.gbnet.net>

On Thu, Aug 13, 2009 at 01:09:34PM -0400, Steven W. Orr wrote:

> Scuze me? I thought this was the gnupg list! I'm sorta new at this stuff but
> I'm expecting just a bit more expertise from the people contributing to this
> conversation.

I think the point is that they were done under RIP and you can be
prosecuted for refusing to hand over keys to encrypted systems.

It's unlikely a judge would find you guilty (or a jury) if you didn't
have the keys).

All in the name of terrorism though ...

Steve

-- 
NetTek Ltd  UK mob +44 7775 755503
UK +44 20 7993 2612  /  US +1 310 857 7715  /  Fax +44 20 7483 2455
Skype/GoogleTalk/AIM/Gizmo/.Mac/Twitter/FriendFeed stevekennedyuk
Euro Tech News Blog http://eurotechnews.blogspot.com   MSN steve at gbnet.net


From a24061 at ducksburg.com  Thu Aug 13 21:44:16 2009
From: a24061 at ducksburg.com (Adam Funk)
Date: Thu, 13 Aug 2009 20:44:16 +0100
Subject: Two convicted in U.K. for refusal to decrypt data
References: <92983AE9-EB54-4D70-AA3F-9C75DA6FF2F2@me.com>
	<4A83C175.2070105@gmail.com> <4A83F22B.6000300@mac.com>
	<20090813133001.GU9608@bristol.st.com>
	<BLU113-W23F16DE78C9F90E742FCDCA5050@phx.gbl>
	<20090813134955.GV9608__23880.5666486316$1250171464$gmane$org@bristol.st.com>
Message-ID: <g17el6xtdc.ln2@news.ducksburg.com>

On 2009-08-13, David SMITH wrote:

> So the people who come on gnupg-users asking for help because they've
> forgotten their passphrase or accidentally deleted their ~/.gnupg
> directory don't exist?
>
> I guess that's a new way of replying to them: "You don't exist".
>
> Not forgetting the possibility of malicious intentions - trying to frame
> someone by putting encrypted data onto someone's computer and tipping
> off the authorities.

http://news.zdnet.co.uk/internet/0,1000000097,2073974,00.htm

   In a stunt organised by the civil liberties group Stand, The Home
   Secretary Jack Straw was sent details to a crime Sunday that could
   earn him up to two years in prison if the controversial e-commerce
   bill were made law.
   ...
   According to Stand an encrypted email was sent to Mr Straw Sunday
   afternoon containing a confession to a real crime. The key to
   decrypt the message will be in Mr Straw's name. Stand will tip off
   the Metropolitan Commissioner of Police Monday, informing him that
   Mr Straw has important information about a crime.

   If the e-commerce bill were in place, Straw would be required to
   hand over the decryption key or face up to two years in prison. "In
   principle, under the bill, Jack Straw would have to prove he never
   had the key in the first place. We are hoping this will help him
   understand that this is unworkable, an intolerable reversal of the
   burden of proof and against the Human Rights Act," Says Malcolm
   Hutty, spokesman for Stand.

(September 1999)



From classpath at arcor.de  Thu Aug 13 23:02:55 2009
From: classpath at arcor.de (Morten Gulbrandsen)
Date: Thu, 13 Aug 2009 23:02:55 +0200
Subject: Two convicted in U.K. for refusal to decrypt data
In-Reply-To: <g17el6xtdc.ln2@news.ducksburg.com>
References: <92983AE9-EB54-4D70-AA3F-9C75DA6FF2F2@me.com>	<4A83C175.2070105@gmail.com>
	<4A83F22B.6000300@mac.com>	<20090813133001.GU9608@bristol.st.com>	<BLU113-W23F16DE78C9F90E742FCDCA5050@phx.gbl>	<20090813134955.GV9608__23880.5666486316$1250171464$gmane$org@bristol.st.com>
	<g17el6xtdc.ln2@news.ducksburg.com>
Message-ID: <4A847F7F.10505@arcor.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Adam Funk wrote:
> On 2009-08-13, David SMITH wrote:
> 
/********SNIP**********/
>>
>> Not forgetting the possibility of malicious intentions - trying to frame
>> someone by putting encrypted data onto someone's computer and tipping
>> off the authorities.
> 
> http://news.zdnet.co.uk/internet/0,1000000097,2073974,00.htm
> 
>    In a stunt organised by the civil liberties group Stand, The Home
>    Secretary Jack Straw was sent details to a crime Sunday that could
>    earn him up to two years in prison if the controversial e-commerce
>    bill were made law.
>    ...
>    According to Stand an encrypted email was sent to Mr Straw Sunday
>    afternoon containing a confession to a real crime. The key to
>    decrypt the message will be in Mr Straw's name. Stand will tip off
>    the Metropolitan Commissioner of Police Monday, informing him that
>    Mr Straw has important information about a crime.
> 
>    If the e-commerce bill were in place, Straw would be required to
>    hand over the decryption key or face up to two years in prison. "In
>    principle, under the bill, Jack Straw would have to prove he never
>    had the key in the first place. We are hoping this will help him
>    understand that this is unworkable, an intolerable reversal of the
>    burden of proof and against the Human Rights Act," Says Malcolm
>    Hutty, spokesman for Stand.
> 
> (September 1999)
> 


Highly interesting, this was the case before 9/11-2001.


http://www.stand.org.uk/  is still online but has no stories about this
case.

See also: "An open letter to Jack Straw".


http://www.zdnet.co.uk/news/1999/38/ns-10235.html


http://news.zdnet.co.uk/emergingtech/0,1000000183,2073973,00.htm

===


Surveillance: An open letter to Jack Straw

ZDNN ZDNet.co.uk

Published: 27 Sep 1999 11:25 BST

The following is a copy of the letter sent to Jack Staw today by some
particularly cheeky British privacy activists. It highlights an
embarrassing flaw in the government's proposals for monitoring email
communication and even promises Mr Straw a prison sentence for his troubles.

Dear Mr Straw,

How the E-commerce Bill could send YOU to jail...

Please find at the end of the letter a confession to a crime, which has
been affirmed by Statutory Declaration. The Commissioner of the
Metropolitan Police has been informed that you are in possession of this
information.

You will not be able to understand the confession, because the words
have been scrambled using a strong cryptographic key. This key was
created in your name and has been registered on international public key
servers.

The police may come and demand that you supply the key required to make
this message intelligible. If you fail to do so you would be committing
an offence under the E-Commerce Bill rendering you liable to
imprisonment for up to 2 years.

The fact that you don't possess this key won't help you unless you can
prove that you don't have it. I wish you well in proving that it isn't
hidden away on a disk in your secretary's home, or squirreled away on
the Internet somewhere. We might have sent it to you last week; but
according to the Bill, the police won't have to prove you ever had it at
all.

Even if you can prove that you don't have it you would STILL be liable
for imprisonment unless you give information to the police that enables
them to decrypt the key. Unfortunately for you this is impossible,
because we've destroyed all copies of the key in our possession.

If the police ask you keep the demand to hand over the key secret,
telling anyone would render you liable to five years in jail.

So you couldn't complain, or explain your predicament, to the PM or Home
Secretary, to the Chief Whip or a journalist, or even to another policeman.

Happily for all of us, the E-Commerce Bill has not yet been enacted by
Parliament, so we have not in fact set you up for jail time. The Bill
will be introduced in the coming session. I hope this exercise has
demonstrated some of the drafting flaws in the Bill as it stands, copies
of which are available from the DTI.

I hope we have also demonstrated that it is not the perpetrators of
crime who would suffer under these draconian new powers, but innocent
parties who are in receipt of communications from miscreants. This is
why such sober organisations as BT, Hewlett-Packard and Microsoft have
publicly criticised the Bill at each stage of its development.

I trust that when the Bill reaches the House we can rely on your most
careful scrutiny. Further analysis is available on our web site at:
http://www.stand.org.uk/.

I am, Sir, Your most obedient servant,

Malcolm Hutty

===

A well explained example

get email of target to convict, create a key, confess a crime and submit.


http://keyserver.pramberger.at/pks/lookup?search=Jack+Straw


===

evan facebook has a discussion of the topic:

http://www.facebook.com/posted.php?id=54487688497


http://news.zdnet.co.uk/internet/0,1000000097,2073915,00.htm

===

"If someone who didn't like me sent me encrypted child pornography and
tipped off the police, they could come round and demand I hand over
decryption keys. As I wouldn't be able to do so, I would be going to
prison for two years,"

===

This pretty much says it all:

E-bill reverses burden of proof, says expert



Jane Wakefield ZDNet.co.uk

Published: 23 Sep 1999 15:44 BST


Newly appointed e-Minister Patricia Hewitt was forced to defend the
controversial e-commerce bill Thursday from civil liberties campaigners,
who maintain the bill is a threat to basic civil rights.

Speaking at the Scrambling for Safety conference in London, Hewitt tried
to reassure critics of the bill that they have nothing to fear from
government. She later admitted this was not always true. "In some cases,
government action itself is a threat to freedom," Hewitt said. "But it
is only action by government and law enforcement that can protect
individuals."

Prompted by questions from the floor, Hewitt had to justify the
inclusion of law-enforcement clauses in the e-commerce bill, which, she
claimed, was a necessary response to the fact "crime has gone electronic
and global".

Under government proposals, the police will have the power to demand
individuals hand over decryption keys if they are under suspicion.
Failure to comply could result in a two year prison sentence, which
breaks the rules of the European Convention on Human Rights, according
to lawyer and civil liberties campaigner Nicholas Bohm. "The Convention
states that individuals have certain rights, such as innocent until
proven guilty and the right not to incriminate oneself," he said. "The
e-commerce bill reverses the burden of proof."

Alan Duncan, shadow spokesman of Trade and Industry, gave an example of
how government proposals could affect the innocent. "If someone who
didn't like me sent me encrypted child pornography and tipped off the
police, they could come round and demand I hand over decryption keys. As
I wouldn't be able to do so, I would be going to prison for two years,"
he said.

Hewitt, who is an ex-secretary general of Liberty, denied that the
proposals reversed the burden of proof but was unable to explain why she
had reached that conclusion.

Got an opinion? Tell the Mailroom.

===

source


http://news.zdnet.co.uk/internet/0,1000000097,2073915,00.htm



also please confer this

http://www.cdt.org/crypto/risks98/


4. CONCLUSIONS

Key recovery systems are inherently less secure, more costly, and more
difficult to use than similar systems without a recovery feature.

The massive deployment of key-recovery-based infrastructures to meet law
enforcement's specifications will require significant sacrifices in
security and convenience and substantially increased costs to all users
of encryption.

Furthermore, building the secure infrastructure of the breathtaking
scale and complexity that would be required for such a scheme is beyond
the experience and current competency of the field, and may well
introduce ultimately unacceptable risks and costs.

===

No police officer would be able to operate this.

No lawyer would be able to do so.

They would need to consult third parties, like NSA or even direct
contact skype, if that is the vendor. skype has encryption keys, and it
is possible to decrypt parts of the text message, according to chinese
government. The next step will be to outlaw privacy and deploy chinese
internet censorship.

===

some of the urls can be difficult to access but google and other search
engines may dig them up. It is an attempt to enforce key escrow. Or an
attempt to destroy open source encryption. It has been rumored that
since GnuPG was funded with money from the german Government, it has a
backdoor, like some rumors said about PGP.

I feel if they cannot decrypt our keys, then it cannot have any
backdoor. It may however once in a lifetime be illegal to use GnuPG.



Sincerely yours,

Morten Gulbrandsen

?????????????
_____________________________________________________________________
Java programmer, C++ programmer
CAcert Assurer, GSWoT introducer, thawte Notary
Gossamer Spider Web of Trust http://www.gswot.org
Please consider the environment before printing this e-mail!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (SunOS)
Comment: For keyID and its URL see the OpenPGP message header

iEYEARECAAYFAkqEf34ACgkQ9ymv2YGAKVSvtACdF90YsgJGvqdm5kZ8ZkoAXQrr
V2QAn3EEKBpF4Cu23e/ii06pgjz1tcYx
=ehw9
-----END PGP SIGNATURE-----


From faramir.cl at gmail.com  Fri Aug 14 06:00:10 2009
From: faramir.cl at gmail.com (Faramir)
Date: Fri, 14 Aug 2009 00:00:10 -0400
Subject: Two convicted in U.K. for refusal to decrypt data
In-Reply-To: <BLU113-W19FF7F24E1A65D7B4B406A5050@phx.gbl>
References: <92983AE9-EB54-4D70-AA3F-9C75DA6FF2F2@me.com>	<4A83C175.2070105@gmail.com>
	<4A83F22B.6000300@mac.com>
	<BLU113-W19FF7F24E1A65D7B4B406A5050@phx.gbl>
Message-ID: <4A84E14A.10000@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

the dragon escribi?:
> oops, didn't reply all...
>  
> And if you look at the cases reported, these are not system admins refusing to divulge data, or even regular people trying to protect their privacy - they are child molestors and wanna-be terrorists.

  Should I infer from that there where already proof about their guilt?

> encrytion is about maintaining personal and data privacy; it's not about having a tool to break the law. 

  I agree. That's not the part that worries ME.


>> Faramir wrote the following on 8/13/09 3:32 AM:
>> [...]
>>
>>> Unfortunately, it is not unusual people forgets the passphrases used
>>> to protect files, or secret keys...
...
>> "Two people have been successfully prosecuted for *refusing* to provide
>> U.K......."
>>
>> Charly

   What worries me is, if somebody is unable to decrypt the files, it
may be interpreted as refusal to decrypt it. And how can you prove you
are willing to obey, but you can't do it because you forgot the
password? If somebody say "I refuse to decrypt the data", ok, it's their
fault. But would police believe it if somebody say "sorry, I forgot the
password"?

   Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJKhOFKAAoJEMV4f6PvczxAW/YH/1qhvobZgSPlKy5vl8KH6RmP
++uVoXNPA9oR1/xkUKzlMj2pASHVGWA7kfo9ituJm5SHyE57RQ07HhbxOP2vQ2+C
qm8rNPDIHcDr1G7hKgI3Dh+YrF4tuSo0ZfRRMM2VM3sNzL/RxWu4pPnvNjTdtok2
NRKiJx0d5WGWCkGqhvg4tLDGOwFGXCxwGGhFUYUPCuRPC7bKWMRzNmwPgJx9gsSv
R7NVDMhBqQiSF1q8ZtLkQ0ub3w0oRN5SKcU58ayvAt8/yUPNLUryAbqu71aeT6tU
zmmCPE4EdDclQNqfrjcSMNGR5WOrCtbfsCHvJ1CmJbI/THFxcZAZI3dvwKcnV/E=
=nEiK
-----END PGP SIGNATURE-----


From faramir.cl at gmail.com  Fri Aug 14 06:22:52 2009
From: faramir.cl at gmail.com (Faramir)
Date: Fri, 14 Aug 2009 00:22:52 -0400
Subject: Two convicted in U.K. for refusal to decrypt data
In-Reply-To: <BLU113-W23F16DE78C9F90E742FCDCA5050@phx.gbl>
References: <92983AE9-EB54-4D70-AA3F-9C75DA6FF2F2@me.com>	<4A83C175.2070105@gmail.com>
	<4A83F22B.6000300@mac.com> <20090813133001.GU9608@bristol.st.com>
	<BLU113-W23F16DE78C9F90E742FCDCA5050@phx.gbl>
Message-ID: <4A84E69C.6060908@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

the dragon escribi?:
> If you're in control of the computer the files reside on, and were in
> control of it when the files were created and last accessed, the chances
> that you *don't* know the key for the encryption is so slim as to be
> nonexistant.

  My point is about all the messages we have seen here, saying "I forgot
my passphrase, how can I recover my secret key?". Of course in "normal"
circumstances people should be able to decrypt the data, but it is not
unusual to hear about somebody who forgot the passphrase or lost the
secret key (that's the reason why usually people recommends revocation
certificates at the time of the key creation).

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJKhOabAAoJEMV4f6PvczxAZiAIAJMkPtLVXg+rVCc+NhVawYoM
lXWCIKBOUCYlpHrju3QZiiGJORk/5VQrZGwyC1keLu8nmWC4ZqVsQjO74QS5P1Co
KtQJI0Ym1/3hv19mHFTDXM4v0J5bmRzS4qe6zmb7AeJV/DO/DLLKNyNJzTp7EzKx
qZhVNqx2IcLB0xdcxpWMOsccQDo9Qancoq9v0Sg3H3l5UcuYu25MUXAIjvnKWe3V
dMxQDz6UtsZJlJcztZbl2VyP9AB4mwqMBlhZewHCC7vZNSfI6NvA/PMD1U6jO5DB
epJxenCWkoYSHT/aw+hUjjffEahOcmwoEpsnYUGqV4T56LIBm8T+cmiIuoPTGMc=
=X6X4
-----END PGP SIGNATURE-----


From faramir.cl at gmail.com  Fri Aug 14 06:37:26 2009
From: faramir.cl at gmail.com (Faramir)
Date: Fri, 14 Aug 2009 00:37:26 -0400
Subject: Two convicted in U.K. for refusal to decrypt data
In-Reply-To: <6740B3A8EA1647478669675F861F16CF04DE1D5A@MAILFR1.emea.dmai.net>
References: Your message "Thu, 13 Aug 2009
	07:40:42	CDT."<BLU113-W19FF7F24E1A65D7B4B406A5050@phx.gbl>	<200908131438.n7DEcgdO015139@fire.js.berklix.net>
	<6740B3A8EA1647478669675F861F16CF04DE1D5A@MAILFR1.emea.dmai.net>
Message-ID: <4A84EA06.5080006@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

michael GRIFFITHS escribi?:
> This is what the uk law has to say on the matter (see below) so I
> interpret it as this. You may not be guilty but if you don't give them
> the info they require in the format they require you are then guilty of
> that law.
...
> 3.3 Failure to comply with a disclosure requirement or a secrecy
> requirement is a criminal offence.

  In other words, forgetting the passphrase is a criminal offence...
Maybe people should keep an unprotected copy of their secret keys, just
in case of having a small cerebral infarction...

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJKhOoGAAoJEMV4f6PvczxAtlEH/AmgzLNuf4RpmmdGWOWwhXaC
vci/yyKvy6ubS+mqr18Z38XqQdk/Sebd79or0N1KaFDkLP+pVzS2BpEVN0LdmZLe
uV1GfBupPsykRvpCuB+67W78HdGyZzWKfzlbJevrfr0Sp4vOQAaA4LKcF6wrwyUC
LokZ1Rz+2lVqYmI+9CeVo27+kct8lXkn77S1fgVyWNYPLglxP3e80pN92twOEhfI
dD3oMIh4HP6Ijwx98BMk4tEEcf90H2uW7OhfAPeNZXuf/Khc5cJEp7IHfPC1DZOf
WglFfUdy6hJYXrjI1hsmPC9PG+d6W8XiMJ24KgaDa61UYdpoVYUNC7Hjba4FVCk=
=jwtz
-----END PGP SIGNATURE-----


From dan at geer.org  Fri Aug 14 06:58:54 2009
From: dan at geer.org (dan at geer.org)
Date: Fri, 14 Aug 2009 00:58:54 -0400
Subject: Two convicted in U.K. for refusal to decrypt data 
In-Reply-To: Your message of "Fri, 14 Aug 2009 00:37:26 EDT."
	<4A84EA06.5080006@gmail.com> 
Message-ID: <20090814045854.EBE2733D6D@absinthe.tinho.net>


One might point out that TrueCrypt offers astounding
capabilities for hiding data, which the margin of
this note is too small to contain.

http://www.truecrypt.org/
http://www.truecrypt.org/docs/?s=plausible-deniability

--dan



From chd at chud.net  Fri Aug 14 05:46:44 2009
From: chd at chud.net (Chris De Young)
Date: Thu, 13 Aug 2009 20:46:44 -0700
Subject: Two convicted in U.K. for refusal to decrypt data
In-Reply-To: <BLU113-W19FF7F24E1A65D7B4B406A5050@phx.gbl>
References: <92983AE9-EB54-4D70-AA3F-9C75DA6FF2F2@me.com>	<4A83C175.2070105@gmail.com>
	<4A83F22B.6000300@mac.com>
	<BLU113-W19FF7F24E1A65D7B4B406A5050@phx.gbl>
Message-ID: <4A84DE24.90909@chud.net>

the dragon wrote:
[...]
> encrytion is about maintaining personal and data privacy; it's not about having a tool to break the law. 

If the encryption is strong and used correctly (with all the non-technical
elements that implies) how would you tell the difference?

-Chris

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090813/3fec2734/attachment.pgp>

From eocsor at gmail.com  Fri Aug 14 10:35:34 2009
From: eocsor at gmail.com (Roscoe)
Date: Fri, 14 Aug 2009 18:35:34 +1000
Subject: Two convicted in U.K. for refusal to decrypt data
In-Reply-To: <BLU113-W19FF7F24E1A65D7B4B406A5050@phx.gbl>
References: <92983AE9-EB54-4D70-AA3F-9C75DA6FF2F2@me.com>
	<4A83C175.2070105@gmail.com> <4A83F22B.6000300@mac.com>
	<BLU113-W19FF7F24E1A65D7B4B406A5050@phx.gbl>
Message-ID: <cf657bae0908140135o5395e596u6aeacdb530359f60@mail.gmail.com>

On Thu, Aug 13, 2009 at 10:40 PM, the dragon<ceprn at hotmail.com> wrote:
> encrytion is about maintaining personal and data privacy; it's not about having a tool to break the law.

Reminds me of when some in the US was talking of Law Enforcement
Access Keys being incorporated into cryptographic products.

In Australia you can also end up in jail for not handing over encryption keys.

-- Roscoe


From peter at digitalbrains.com  Fri Aug 14 10:23:39 2009
From: peter at digitalbrains.com (Peter Lebbing)
Date: Fri, 14 Aug 2009 10:23:39 +0200
Subject: Two convicted in U.K. for refusal to decrypt data
In-Reply-To: <BLU113-W19FF7F24E1A65D7B4B406A5050@phx.gbl>
References: <92983AE9-EB54-4D70-AA3F-9C75DA6FF2F2@me.com>	<4A83C175.2070105@gmail.com>
	<4A83F22B.6000300@mac.com>
	<BLU113-W19FF7F24E1A65D7B4B406A5050@phx.gbl>
Message-ID: <4A851F0B.9040006@digitalbrains.com>

the dragon wrote:
> And if you look at the cases reported, these are not system admins 
> refusing to divulge data, or even regular people trying to protect their 
> privacy - they are child molestors and wanna-be terrorists.

If I read the news report at that link, I see the following:

> The former High Court judge did not provide details of the crimes being
> investigated in the case of either individual ? neither of whom were
> necessarily suspects ? nor of the sentences they received.

Neither of whom were necessarily suspects, is the key thing.

Sounds to me like you can also be forced to disclose encrypted information
if it is thought you have incriminating evidence regarding somebody else. If
this interpretation is correct, it goes very, very far.

In The Netherlands, you can be forced to divulge /somebody else's/ password
if they think you know that. The suspect can't be forced. [1]

Still an interesting observation about other people's keys, I think. But
increasingly off-topic for this list. I hope people can still appreciate it.

Peter.

[1] http://www.iusmentis.com/beveiliging/hacken/opsporing-politie/ (in Dutch)

PS: Yesterday I accidentally sent this only to "the dragon" where I intended
to send it only to the list. Let's try again :)

-- 
I'm using the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.ewi.utwente.nl/~lebbing/pubkey.txt



From mearns.b at gmail.com  Fri Aug 14 16:38:11 2009
From: mearns.b at gmail.com (Brian Mearns)
Date: Fri, 14 Aug 2009 10:38:11 -0400
Subject: Two convicted in U.K. for refusal to decrypt data
In-Reply-To: <92983AE9-EB54-4D70-AA3F-9C75DA6FF2F2@me.com>
References: <92983AE9-EB54-4D70-AA3F-9C75DA6FF2F2@me.com>
Message-ID: <4df3a1330908140738x6f7953c1x6aa7030dbd1f75d1@mail.gmail.com>

On Wed, Aug 12, 2009 at 10:46 PM, Joseph Oreste Bruni<jbruni at me.com> wrote:
[clip]
> http://www.securityfocus.com/news/11556
>
> Not entirely on topic, but for those using GnuPG (or other encryption
> software), you should always keep abreast of the encryption laws of your
> country.
[clip]

Has everyone seen the "Vanish" project from University of Washington?
http://vanish.cs.washington.edu/

If you haven't you should really give their paper a read, it's pretty
interesting. The basic idea is that the key is random, and no-one
actually needs to "know" it: it's broken up using secret sharing and
dsitributed through a peer-to-peer network. The recipient can retrieve
the shares and reconstruct the key for a one-time decryption, but over
time, the shares should naturally leave the network and eventually the
key is lost completely.

I have my doubts, but I'm open to the possibility that it could work,
and I'm very interested to see how law-enforcement will respond if it
does. Will they force all p2p nodes to log everything, try to monitor
networks themselves, or just plain make the system illegal?

-- 
Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://keys.gnupg.net


From mearns.b at gmail.com  Fri Aug 14 16:51:07 2009
From: mearns.b at gmail.com (Brian Mearns)
Date: Fri, 14 Aug 2009 10:51:07 -0400
Subject: Two convicted in U.K. for refusal to decrypt data
In-Reply-To: <BLU113-W19FF7F24E1A65D7B4B406A5050@phx.gbl>
References: <92983AE9-EB54-4D70-AA3F-9C75DA6FF2F2@me.com>
	<4A83C175.2070105@gmail.com> 
	<4A83F22B.6000300@mac.com> <BLU113-W19FF7F24E1A65D7B4B406A5050@phx.gbl>
Message-ID: <4df3a1330908140751m7ea5dd11kfab4fb30243aae1e@mail.gmail.com>

On Thu, Aug 13, 2009 at 8:40 AM, the dragon<ceprn at hotmail.com> wrote:
>
> oops, didn't reply all...
>
> And if you look at the cases reported, these are not system admins refusing to divulge data, or even regular people trying to protect their privacy - they are child molestors and wanna-be terrorists.
>
> encrytion is about maintaining personal and data privacy; it's not about having a tool to break the law.
[clip]

If you truly believe that, then there's no reason not to hand over
your encryption key immediately to your local police department. For
that matter, turn over a copy of your house key too: that's about
protecting you from the "bad guys", not the police, right?

Clearly I'm being a little extreme (ad absurdum) , but you need to
re-read the article: it said the cases had to do with the crimes you
mention, but it specifically didn't say that the people being charged
with refusing to turn over their key were actually suspects. For all
we know, they could be childhood school mates of the suspect who
haven't seen him/her in thirty years.

And, as many on this list have already pointed out, even if they were
suspects, that in no-way means that they actually are child-molesters
or terrorists, it means somebody things they might be. I could very
well claim that there's a secret message coded in your lengthy email
signature which admits to a vile crime; that doesn't mean you actually
did it. Would you want to turn over all your encryption keys and
passphrases just because I made some accusation?

Clearly this is a tricky issue, because there are two important but
conflicting values at stake: public safety and private rights. But I'd
like to just keep one thing in your mind when this comes up; a little
mantra to chant to yourself: "I am innocent until proven guilty."

-Brian

-- 
Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://keys.gnupg.net


From hrickards at l33tmyst.com  Fri Aug 14 17:09:35 2009
From: hrickards at l33tmyst.com (Harry RIckards)
Date: Fri, 14 Aug 2009 16:09:35 +0100
Subject: Two convicted in U.K. for refusal to decrypt data
In-Reply-To: <4df3a1330908140738x6f7953c1x6aa7030dbd1f75d1@mail.gmail.com>
References: <92983AE9-EB54-4D70-AA3F-9C75DA6FF2F2@me.com>
	<4df3a1330908140738x6f7953c1x6aa7030dbd1f75d1@mail.gmail.com>
Message-ID: <4A857E2F.9030703@l33tmyst.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Brian Mearns wrote:
> On Wed, Aug 12, 2009 at 10:46 PM, Joseph Oreste Bruni<jbruni at me.com> wrote:
> [clip]
>> http://www.securityfocus.com/news/11556
>>
>> Not entirely on topic, but for those using GnuPG (or other encryption
>> software), you should always keep abreast of the encryption laws of your
>> country.
> [clip]
> 
> Has everyone seen the "Vanish" project from University of Washington?
> http://vanish.cs.washington.edu/
> 
> If you haven't you should really give their paper a read, it's pretty
> interesting. The basic idea is that the key is random, and no-one
> actually needs to "know" it: it's broken up using secret sharing and
> dsitributed through a peer-to-peer network. The recipient can retrieve
> the shares and reconstruct the key for a one-time decryption, but over
> time, the shares should naturally leave the network and eventually the
> key is lost completely.
> 
> I have my doubts, but I'm open to the possibility that it could work,
> and I'm very interested to see how law-enforcement will respond if it
> does. Will they force all p2p nodes to log everything, try to monitor
> networks themselves, or just plain make the system illegal?
> 

If I remember correctly, wasn't something like this on Slashdot recently
(or was it Vanish)?

- --
Thanks
Harry Rickards <hrickards at l33tmyst.com>

GPG Key Info:
pub   1024R/58449F6F 2009-06-12
uid                  Harry Rickards (OpenPGP Card) <hrickards at l33tmyst.com>
sub   1024R/D775CCEE 2009-06-12
sub   1024R/9394048C 2009-06-12
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iJwEAQECAAYFAkqFfi4ACgkQ+9DWHFhEn2+dkwP/ZUImyBFwcV1CmfItKLbb6Sp7
YJdlmfrUNqOrEBwAKwkV3lFe4yyvLqw0Q7Pn3RsgFy1WMNqBuVMHr6AnoxFfnFF9
aq4iHUTkxzpy+oVOsqqj5aUHuijQzAjVQ93cYyWbRBA7suJlDD86gduWS0mUXnEH
uTK6G1YrLvPQgnRU15o=
=Uq97
-----END PGP SIGNATURE-----


From lion at lion.leolix.org  Sat Aug 15 01:26:54 2009
From: lion at lion.leolix.org (Philipp Schafft)
Date: Sat, 15 Aug 2009 01:26:54 +0200
Subject: Transferring GnuPG accounts
In-Reply-To: <20090809051501.GA5477@paradise.net.nz>
References: <20090807224324.GA3610@paradise.net.nz>
	<8E490C63-F995-4504-BF9F-9188E3C48300@jabberwocky.com>
	<20090809051501.GA5477@paradise.net.nz>
Message-ID: <20090814232656.46A8E7A04F@priderock.keep-cool.org>

reflum,

On Sun, 2009-08-09 at 17:15 +1200, Adam Bogacki wrote:
> On Fri, Aug 07, 2009 at 11:45:07PM -0400, David Shaw wrote:
> > On Aug 7, 2009, at 6:43 PM, Adam Bogacki wrote:
> > 
> > >Hi, Having recently set up lenny on a new box, I copied
> > >the contents of ~/.gnupg from the old etch box to a
> > >USB stick and then to the lenny box - but find that
> > >mutt does not do digital signatures as it did on the old one.
> > >
> > >What am I missing here ?
> > >
> > >T2: ~/.gnupg# ls
> > >gpg.conf  pubring.gpg  pubring.gpg~  random_seed  secring.gpg
> > >trustdb.gpg
> > 
> > To properly answer your question, you'd have to say what "does not do
> > digital signature as it did" means.
> > 
> > Does it not work at all?  Does it work, but in an unexpected way?
> > What does it do?  There just isn't any information to go on here.
> >
> 
> Thanks. Following another msg from is list, I removed 'random_seed'
> and tried sending a signed mutt mail.
> 
> All seemed well until the final stage when I received the following
> error message...
> 
> >gpg: no default secret key: secret key not available
> >gpg: signing failed: secret key not available
> >Press any key to continue...

let me guess: your USB stick is FAT formated?
maybe the access permittions of the files aren't as they should.

rename your .gnupg/ to something else, let's say .gnupg-old, then try:
gpg --import ~/.gnupg-old/pubring.gpg ~/.gnupg-old/secring.gpg
if you have a gpg.conf:
cp ~/.gnupg-old/gpg.conf ~/.gnupg/

-- 
Philipp.
 (Rah of PH2)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: </pipermail/attachments/20090815/0e9807e5/attachment.pgp>

From shavital at mac.com  Sat Aug 15 13:05:05 2009
From: shavital at mac.com (Charly Avital)
Date: Sat, 15 Aug 2009 07:05:05 -0400
Subject: Two convicted in U.K. for refusal to decrypt data
In-Reply-To: <92983AE9-EB54-4D70-AA3F-9C75DA6FF2F2@me.com>
References: <92983AE9-EB54-4D70-AA3F-9C75DA6FF2F2@me.com>
Message-ID: <4A869661.7040501@mac.com>

Joseph Oreste Bruni wrote the following on 8/12/09 10:46 PM:
> 
> http://www.securityfocus.com/news/11556
> 
> Not entirely on topic, but for those using GnuPG (or other encryption
> software), you should always keep abreast of the encryption laws of
> your country.
> 


"Protect Your Laptop Data From Everyone, Even Yourself", by Bruce Schneier:

<http://www.wired.com/politics/security/commentary/securitymatters/2009/07/securitymatters_0715>


And have a quiet week end.
Charly



From werewolf6851 at gmail.com  Mon Aug 17 00:17:23 2009
From: werewolf6851 at gmail.com (Werewolf)
Date: Sun, 16 Aug 2009 17:17:23 -0500
Subject: Using Gpg with FreeOTFE for windows
Message-ID: <4A888573.8030207@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


Don't know where to start after looking via google, and thought ask here

asking for a simple CLI instruction in windows I can use to mount my
encrypted volumes
in Linux, use "gpg -d key.gpg | cryptsetup luksOpen /dev/loop0 mystuff

or even key=$(gpg -d key.gpg) | echo $key | cryptsetup luksOpen
/dev/loop0 mystuff
there way I can do either these with FreeOTFE in cmd/dos window XP ?

why? cause I use passwords with non-printable characters then encrypted
to gpg file
dd if=/dev/random bs=1 count=100 | tr -d '[\000\012]' | dd bs=1 count=32
| gpg -o /media/usbdrive/key.gpg -ea

- --
Werewolf
=====- http://www.nyx.net/~mdkeith/ -====
 GPG key F52A14B4 with following fingerprint
35CD 0611 2F71 BC17 5C53  29A2 5F5A 4309 F52A 14B4
=====- http://spandex31095.tripod.com/ -==

Mal: "Vitelli's out of it. That bumblebee laid down arms at the first sign
of inevitable crushing defeat, can you imagine such a cowardly creature?"
				--Episode #12, "The Message"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Portable Thunderbird version 2.0.0.21 (20090302)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iFYEAREKAAYFAkqIhXIACgkQyKLEzsWkrWg2GwDeLpBCLX1bXnt5USlETA/HyG4K
xbOmyI6bm0lOKADgqEsCCkwZPPdj98YTzPAACIZo896t3PtGhVPAwQ==
=x7FD
-----END PGP SIGNATURE-----


From dougb at dougbarton.us  Mon Aug 17 06:51:04 2009
From: dougb at dougbarton.us (Doug Barton)
Date: Sun, 16 Aug 2009 21:51:04 -0700
Subject: 1.4.10 release candidate
In-Reply-To: <87ocqj6ali.fsf@wheatstone.g10code.de>
References: <87ocqj6ali.fsf@wheatstone.g10code.de>
Message-ID: <4A88E1B8.5080103@dougbarton.us>

Werner Koch wrote:
> Hi,
> 
> I just uploaded a release candidate for GnuPG 1.4.10:

No build problems on FreeBSD 8-current (soon to be 8.0-release). The
resultant gpg binary passes a few simple regression tests as well.


hth,

Doug


From faramir.cl at gmail.com  Mon Aug 17 08:45:21 2009
From: faramir.cl at gmail.com (Faramir)
Date: Mon, 17 Aug 2009 02:45:21 -0400
Subject: Changes in 1.4.10
In-Reply-To: <87k5176ae1.fsf@wheatstone.g10code.de>
References: <87ocqj6ali.fsf@wheatstone.g10code.de>
	<87k5176ae1.fsf@wheatstone.g10code.de>
Message-ID: <4A88FC81.2080304@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Werner Koch escribi?:
> Noteworthy changes in version 1.4.10 (unreleased)

  I remember there were some improvements in the way the preferred
algorithms for encryption are chosen... Are these changes included in
this new version?

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJKiPyBAAoJEMV4f6PvczxAxWkIAKe2nsr3aQ1AAQ8ksAzFgN5w
NbtYoQGBMpjcqMZULX1+sr+Ou42FCB/K/ghrj6YU8LFVtjV8IngOyo/qG1YC0BKI
OUgaNd/lpXd5bsUzXKdvkGd7cWwWtlrVU7ul8VkWfd4wjjv4ry30w8nrbEH24uqg
TGdASNhr2+ejqwg/Cc756mfmrG6IrBl5nXREMTB6YKEfVEEVem0O4lSaXZIbVbXE
VW4fbXGF/ZlDgxg8Hd/6/Lx0ZkgKMhX4kt6SQvjzAl7LCyMcvvJchB8Cn4cCEIVv
dBliFZPrLpjPa45BzqfGcPUDqvDvp2HhMAT8aX5bSBRbx+7kyWJpwLrIqGhfb2g=
=bHwa
-----END PGP SIGNATURE-----


From email at karstenzenger.de  Mon Aug 17 11:52:06 2009
From: email at karstenzenger.de (Karsten Zenger)
Date: Mon, 17 Aug 2009 11:52:06 +0200
Subject: invalid name -> OpenPGP-Card V2.0
Message-ID: <200908171152.06494.email@karstenzenger.de>

Hello,

I want to generate a key on my new OpenPGP-Card V2.0
I use the latest svn-gpg2:  2.0.13-svn5117

~$ /usr/local/bin/gpg2 --card-status
Application ID ...: *******************************
Version ..........: 2.0
Manufacturer .....: ZeitControl
Serial number ....: ***************
Name of cardholder: [not set]
Language prefs ...: de
Sex ..............: male
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 0
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]

thats fine, okay; no I want to generate a key:
gpg: error getting current key info: Invalid name 

Of course I changed the name,
 same result... .
The log:
scdaemon[3624.0] DBG: -> OK
scdaemon[3624.0] DBG: <- GETATTR EXTCAP
scdaemon[3624.0] DBG: -> S EXTCAP gc=1+ki=1+fc=1+pd=1
scdaemon[3624.0] DBG: -> OK
scdaemon[3624.0] DBG: <- GETATTR KEY-ATTR
scdaemon[3624.0] DBG: -> ERR 100663384 Invalid name <SCD>


Please help...

Karsten Zenger


From wk at gnupg.org  Mon Aug 17 12:38:30 2009
From: wk at gnupg.org (Werner Koch)
Date: Mon, 17 Aug 2009 12:38:30 +0200
Subject: invalid name -> OpenPGP-Card V2.0
In-Reply-To: <200908171152.06494.email@karstenzenger.de> (Karsten Zenger's
	message of "Mon, 17 Aug 2009 11:52:06 +0200")
References: <200908171152.06494.email@karstenzenger.de>
Message-ID: <87my5y3eu1.fsf@wheatstone.g10code.de>

On Mon, 17 Aug 2009 11:52, email at karstenzenger.de said:

> scdaemon[3624.0] DBG: <- GETATTR KEY-ATTR
> scdaemon[3624.0] DBG: -> ERR 100663384 Invalid name <SCD>

That simply means that scdaemon does not know the attribute name
"KEY-ATTR".  KEY-ATTR are required for the 2.0 cards.

Even gpg 1.4 redirects smartcard processing to gpg-agent/scdaemon if one
is active.  Obviously these tools neet to be ware of v2 cards.  You need
the latest GnuPG-2 release from SVN - a new release will follow soon.

In general you should use gpg2 if you are using gpg-agent.

Workaround until 2.0.13 is released: Put disable scdaemon info
~/.gnupg/gpg-agent and give gpg-agent a HUP.  Remove "use-agent" from
gpg.conf and gpg uses its internal code smartcard code.
 


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.



From email at karstenzenger.de  Mon Aug 17 14:09:23 2009
From: email at karstenzenger.de (Karsten Zenger)
Date: Mon, 17 Aug 2009 14:09:23 +0200
Subject: invalid name -> OpenPGP-Card V2.0
In-Reply-To: <87my5y3eu1.fsf@wheatstone.g10code.de>
References: <200908171152.06494.email@karstenzenger.de>
	<87my5y3eu1.fsf@wheatstone.g10code.de>
Message-ID: <200908171409.23613.email@karstenzenger.de>

On Monday 17 August 2009 12:38:30 Werner Koch wrote:
> ts smartcard processing to gpg-agent/scdaemon if one
> is active. ?Obviously these tools neet to be ware of v2 cards. ?You need
> the latest GnuPG-2 release from SVN - a new release will follow soon.
>
> In general you should use gpg2 if you are using gpg-agent.
>
> Workaround until 2.0.13 is released: Put disable scdaemon info
> ~/.gnupg/gpg-agent and giv

Hi Werner,

thanks for your hints. It works :) :) :)


Karsten


From dshaw at jabberwocky.com  Mon Aug 17 17:43:37 2009
From: dshaw at jabberwocky.com (David Shaw)
Date: Mon, 17 Aug 2009 11:43:37 -0400
Subject: Changes in 1.4.10
In-Reply-To: <4A88FC81.2080304@gmail.com>
References: <87ocqj6ali.fsf@wheatstone.g10code.de>
	<87k5176ae1.fsf@wheatstone.g10code.de> <4A88FC81.2080304@gmail.com>
Message-ID: <1C8D3C1A-9929-40EE-BF9A-9608DAAEA5C0@jabberwocky.com>

On Aug 17, 2009, at 2:45 AM, Faramir wrote:

> Werner Koch escribi?:
>> Noteworthy changes in version 1.4.10 (unreleased)
>
>  I remember there were some improvements in the way the preferred
> algorithms for encryption are chosen... Are these changes included in
> this new version?

Yes.  I'll add a note to the NEWS file about it.

For the archive: the changes are that GPG now scores the preferred  
algorithms, so (for example) if there are 3 recipients, and two of the  
three vote for AES128 and one of the three votes for AES256, then the  
algorithm chosen will be AES128.  However, despite the occasional  
confusion on this point, keep in mind that this behavior is not  
required by the standard, so don't expect everyone else to do what GPG  
is doing here.  Not every OpenPGP implementation does ranking.  The  
only requirement is that each implementation picks an algorithm that  
is supported by all recipients, and beyond that, the implementation  
can choose however it likes.  It is thus legal to just force every  
message to use 3DES and never even look at the preferences.  So long  
as all recipients support them, it is even legal, though perhaps  
silly, to pick AES128 on Mondays, CAST5 on Tuesdays, but AES256 only  
on alternate Thursdays in months with the letter "r" in them.

Also keep in mind that you, as the sender of the message, are king: if  
you want algorithm X, and everyone can at least handle algorithm X,  
then their votes for what they like best don't matter.  You're the  
sender, and your wishes (via --personal-cipher-preferences and  
friends) trump all.

David



From ewrobinson at fedex.com  Wed Aug 12 15:30:40 2009
From: ewrobinson at fedex.com (Eric Robinson)
Date: Wed, 12 Aug 2009 08:30:40 -0500
Subject: GPG on iSeries (AS400)
In-Reply-To: <535522E4-A500-4335-B16B-A35529C55CC5@jabberwocky.com>
References: <7800EE20-C5EF-4DEE-B77D-55D6E1E6FC42@jabberwocky.com>
	<4A81B9E4.9020508@fifthhorseman.net>
	<B948C11507EC8148A158AD3FC6C1D87744C02C@MEMEXCH06V.corp.ds.fedex.com>
	<535522E4-A500-4335-B16B-A35529C55CC5@jabberwocky.com>
Message-ID: <B948C11507EC8148A158AD3FC6C1D87744C0CE@MEMEXCH06V.corp.ds.fedex.com>

Thanks for the information...

Eric


-----Original Message-----
From: David Shaw [mailto:dshaw at jabberwocky.com] 
Sent: Tuesday, August 11, 2009 6:46 PM
To: Eric Robinson
Cc: gnupg-users at gnupg.org
Subject: Re: GPG on iSeries (AS400)

On Aug 11, 2009, at 2:44 PM, Eric Robinson wrote:

> Does GPG run on an iSeries platform?  If that's a yes, could some 
> direct me to some information as to how, if it's a no, is this 
> projected for the future?

iSeries running what?  Linux?

If it's Linux, just compile it like you'd compile it anywhere else.   
If it's OS/400, you might take a look at running it under PASE.

David



From nik at naturalnet.de  Sat Aug 15 01:01:25 2009
From: nik at naturalnet.de (Dominik George)
Date: Sat, 15 Aug 2009 01:01:25 +0200
Subject: Updating a signature
Message-ID: <3b35f2b042369bb40b12b993deb448e7@naturalnet.de>

Hi folks,

I would like to updatea signature on a key, that is, add a sig-policy-url
and change the verification level (turn a normal sig into a sig3, that is).

Is this possible? If yes, how?

Please CC me when replying as I am not (yet) subscribed to the list :).
Thank you!

Cheers,
Nik

-- 
PGP-Key: 0xEFDFEB57
Fingerprint: AC8D E64A 5552 2BF8 B0A7 5B53 064E 42A6 EFDF EB57


From thijs at debian.org  Sun Aug 16 10:02:37 2009
From: thijs at debian.org (Thijs Kinkhorst)
Date: Sun, 16 Aug 2009 10:02:37 +0200
Subject: GnuPG 1.4.10 RC1 available from Debian Experimental
Message-ID: <200908161002.39602.thijs@debian.org>

Hi,

The recent release candidate 1 for GnuPG 1.4.10 has been packaged and uploaded 
to Debian's "experimental" distribution, in order to facilitate testing. If 
you wish, please try it out and of course report bugs found. All cautions 
around release candidates and the experimental distribution of course apply.

See: http://packages.debian.org/experimental/gnupg

cheers,
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20090816/a8810d8a/attachment-0001.pgp>

From dshaw at jabberwocky.com  Tue Aug 18 00:35:53 2009
From: dshaw at jabberwocky.com (David Shaw)
Date: Mon, 17 Aug 2009 18:35:53 -0400
Subject: Updating a signature
In-Reply-To: <3b35f2b042369bb40b12b993deb448e7@naturalnet.de>
References: <3b35f2b042369bb40b12b993deb448e7@naturalnet.de>
Message-ID: <6113C883-CA17-4E69-A611-8607D7FA4489@jabberwocky.com>

On Aug 14, 2009, at 7:01 PM, Dominik George wrote:

> Hi folks,
>
> I would like to updatea signature on a key, that is, add a sig- 
> policy-url
> and change the verification level (turn a normal sig into a sig3,  
> that is).
>
> Is this possible? If yes, how?

It is not possible.  What you need to do is make a new signature with  
the details you want (the policy URL, etc).  You can revoke the  
earlier signature, but in practice it's usually simpler to just ignore  
it since the new signature replaces the older one in trust calculations.

David



From dougb at dougbarton.us  Tue Aug 18 20:28:26 2009
From: dougb at dougbarton.us (Doug Barton)
Date: Tue, 18 Aug 2009 11:28:26 -0700
Subject: How do I flush a bad symmetric password from gpg-agent?
Message-ID: <4A8AF2CA.70409@dougbarton.us>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

I run gpg-agent with the ssh option in my .xsession file so that all
the child processes inherit the environment. This is needed mostly for
the ssh portion of course, since I could update the gpg part of the
agent stuff in .bashrc if I wanted to (although I do not do that now).
This has been working well for me for a long time.

Today I mis-typed a passphrase for a symmetrically encrypted file and
was surprised to discover that gpg-agent had stored the bad passphrase
and would not let me access the file. I have occasionally in the past
mistyped my passphrase for one of my secret keys or an ssh key and
gpg-agent just reprompts for a valid one.

Looking through the man page I don't see any way to flush the bad
password from the agent. Killing and restarting works of course, but
then I'm in bad shape on the ssh side. I could restart my window
manager session, but that sounds like a microsoft solution, not to
mention having to restart apps, etc.

So is this a bug in the agent? Is there a way to flush passwords that
I'm missing? Another solution?


Thanks,

Doug
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (FreeBSD)

iEYEAREDAAYFAkqK8soACgkQyIakK9Wy8PvaZQCcC6XkNNOv//yWrBHuPDrpm2MO
bIUAnjmbFAV4qyOEdmQW8eA+mlbfaLKD
=uN7K
-----END PGP SIGNATURE-----


From marcio.barbado at gmail.com  Tue Aug 18 19:50:16 2009
From: marcio.barbado at gmail.com (M.B.Jr.)
Date: Tue, 18 Aug 2009 14:50:16 -0300
Subject: 2 local user-ids, 2 distinct key pairs but only 1 user-id can sign.
Message-ID: <2df3b0cb0908181050p602ddc56oc23b5527e0f3da0d@mail.gmail.com>

Hi list,
this is my first message here.

Firstly, thank you Werner Koch and collaborators for such a superb software.

More than an enthusiast on cryptography, I am a Brazilian citizen,
concerned with the privacy and authenticity "components" involved in
information exchange transactions (not only in digital format).
Mainly, I'm concerned with the proper degree into which privacy and
authenticity can contribute to a fair relationship between society and
government.

Digressions left aside, I've been using GnuPG for a while both in
Linux distros and in Windows XP, without facing big issues. Until now.
Let me depict the situation.

OS: Windows XP Home SP3.
GnuPG version: 1.4.7

I have already generated a GnuPG key pair with ELG-E and DSA and
everything was working fine.
I was able then to sign files, simply with (e.g.):


(1) gpg --clearsign "myfile.txt"


by the time I generated a second key pair (again with ELG-E and DSA)
to a new, distinct "user-id", this problem took place.

Now, I want to sign some stuff with the new local user id's private
key, and I try the command (e.g.):


(2) gpg --local-user "[NEW_ID_NAME]" --clearsign "somefile.txt"


and it prompts me NOT for a passphrase, nor does it even create an
empty "asc" file.
Instead, it only returns the message:

usage: gpg [options] [filename]

So far, I can only sign files with (1), using the first private key my
GnuPG installation generated, which represents sort of a
default-and-only usable "user-id".

Is it expected? Am I missing something? Is it possible to sign files
with my second "user-id"?


Regards,


-- 
Marcio Barbado, Jr.



-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.7 (MingW32)

mQGiBEf7wCkRBACqxVrmFHTHcOWveexwm2kTl+ZcbV7ceRBYfLKxtWI6EjF/leo6
g/KWzy4LxUUesuYUHoPBwPnI329c6PyK8PYvCe+u/y5xx/3308Tu70QPC8A/s23h
nVE+oyuBK1gJA35YraN/t5d6U9IgQlv18/Z/HlVIxi7FWSCcxnSIXd2FVwCgxOlx
Fq9Hskp8knV+suo64SAIz3cD/j5HFXSwTQdfeSUDd7IZCyx1Ys7A2DE+qdrmITGZ
3lT3etwQhg9y4pz9eLETCY/OwlM80rC38p3kOR1cOohzOzjWqekihwZhgsKQ/tmU
C9widY8jyAb36noyKDpvlpeZgnnZHyHeRY/JyElja3QmbRAbw7KQ1/gyo1MnDs43
TEUMBACQ2tueaRcWSLgV9E2bLZsCWfb3ctENJS1edtUyIm5K3fiHPq8c0sikjMfk
8AXpDUxtYuq3fWYFJITzcvUzQ7xOOdcZwpz4iVTaWFi5z5G5hFE8Li9KpBZzNDDt
dUSzWTFQQWxg+YOT7D8KlVOhGIukHgP/6NQ+SHtjFnQOAGNGnLQ4TWFyY2lvIEJh
cmJhZG8gSnIgKE0uIEIuIEpyLikgPG1hcmNpby5iYXJiYWRvQGdtYWlsLmNvbT6I
ZwQTEQIAJwUCR/vAKQIbAwUJEswDAAcLCQgHAwIBBBUCCAMEFgIDAQIeAQIXgAAK
CRCEiHeSH42A520XAJ44AMyXD9clAjywi0cAj4qlY/aOWQCfStjASaNt8bpYffXm
a6HeUYe9vv65AQ0ER/vAKRAEALRZYdVRRWSq2zr7DA49mCXEfdnRm1Q453+2vZrQ
TmR055xC8kP+O8fWG6HvdP2E8ZSMBoazi6PWZGTdmta3iB9XhOyIKUYd8sy2F2DF
hlXGFT+FZhwIsXdHJC4HyMGI3O6rD8p0wYsKlY0/+EVT5+BlWchms8b28gA8Npr9
MrXjAAMGBACuqjWszoffs2s/UL3T/R5Y4636yEy0AEZh9F8ZtU2Zdlywn/Hppn9+
B5kc4Y9EKaWP1gLCts/lf9d1IiP1TBaOHEYFvAPdh8mig6I71p+WyNxiHvGXsAYC
fzdaxMcRx/W3jX14X00JXVV4tjEuKmZ2rNUj48wP9G8WJsiWGgMqF4hPBBgRAgAP
BQJH+8ApAhsMBQkSzAMAAAoJEISId5IfjYDnlEUAnAzbvvUe6ejY+EjdeahvtpKd
cBqGAKCJeyTb0aOTXiqx28LNr87QAlW/gw==
=BYoa
-----END PGP PUBLIC KEY BLOCK-----


From erik at lotspeich.org  Tue Aug 18 20:56:29 2009
From: erik at lotspeich.org (Erik Lotspeich)
Date: Tue, 18 Aug 2009 13:56:29 -0500
Subject: 2 local user-ids, 2 distinct key pairs but only 1 user-id can
	sign.
In-Reply-To: <2df3b0cb0908181050p602ddc56oc23b5527e0f3da0d@mail.gmail.com>
References: <2df3b0cb0908181050p602ddc56oc23b5527e0f3da0d@mail.gmail.com>
Message-ID: <4A8AF95D.6060504@lotspeich.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I have two key pairs: one for my personal e-mail and one for work, so I
am in a similar situation as you are.

I switch between the two with the "--default-key" option to GPG and give
it my key ID as an argument (you can set this in your gpg.conf too).

Even after looking at the man page, I'm not entirely clear what "name"
the "--local-user" option is after (e.g. is it a name of a local user on
the system, or is it the uid name on the key).

Regards,

Erik

M.B.Jr. wrote:
> Hi list,
> this is my first message here.
> 
> Firstly, thank you Werner Koch and collaborators for such a superb software.
> 
> More than an enthusiast on cryptography, I am a Brazilian citizen,
> concerned with the privacy and authenticity "components" involved in
> information exchange transactions (not only in digital format).
> Mainly, I'm concerned with the proper degree into which privacy and
> authenticity can contribute to a fair relationship between society and
> government.
> 
> Digressions left aside, I've been using GnuPG for a while both in
> Linux distros and in Windows XP, without facing big issues. Until now.
> Let me depict the situation.
> 
> OS: Windows XP Home SP3.
> GnuPG version: 1.4.7
> 
> I have already generated a GnuPG key pair with ELG-E and DSA and
> everything was working fine.
> I was able then to sign files, simply with (e.g.):
> 
> 
> (1) gpg --clearsign "myfile.txt"
> 
> 
> by the time I generated a second key pair (again with ELG-E and DSA)
> to a new, distinct "user-id", this problem took place.
> 
> Now, I want to sign some stuff with the new local user id's private
> key, and I try the command (e.g.):
> 
> 
> (2) gpg --local-user "[NEW_ID_NAME]" --clearsign "somefile.txt"
> 
> 
> and it prompts me NOT for a passphrase, nor does it even create an
> empty "asc" file.
> Instead, it only returns the message:
> 
> usage: gpg [options] [filename]
> 
> So far, I can only sign files with (1), using the first private key my
> GnuPG installation generated, which represents sort of a
> default-and-only usable "user-id".
> 
> Is it expected? Am I missing something? Is it possible to sign files
> with my second "user-id"?
> 
> 
> Regards,
> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAkqK+V0ACgkQY21D/n6bGwcN+ACcDG7UONs7lJ9eX7QQcAzzFyvq
PBEAnA99VALYcOYiU/P85r8qMuDcLBbN
=9/EB
-----END PGP SIGNATURE-----


From marcio.barbado at gmail.com  Wed Aug 19 02:15:02 2009
From: marcio.barbado at gmail.com (M.B.Jr.)
Date: Tue, 18 Aug 2009 21:15:02 -0300
Subject: 2 local user-ids, 2 distinct key pairs but only 1 user-id can 
	sign.
In-Reply-To: <4A8AF95D.6060504@lotspeich.org>
References: <2df3b0cb0908181050p602ddc56oc23b5527e0f3da0d@mail.gmail.com>
	<4A8AF95D.6060504@lotspeich.org>
Message-ID: <2df3b0cb0908181715r5c3613c8o153fa1cf3ad4dcbd@mail.gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Erik and Charly,
thanks to you, I realized the problem was all about the argument I was
giving the "--local-user" option.

I was using the uid name (not a system account username) whereas I
should have used the key id.

Well, now it worked =)



On Tue, Aug 18, 2009 at 3:56 PM, Erik Lotspeich<erik at lotspeich.org> wrote:
> I have two key pairs: one for my personal e-mail and one for work, so I
> am in a similar situation as you are.
>
> I switch between the two with the "--default-key" option to GPG and give
> it my key ID as an argument (you can set this in your gpg.conf too).
>
> Even after looking at the man page, I'm not entirely clear what "name"
> the "--local-user" option is after (e.g. is it a name of a local user on
> the system, or is it the uid name on the key).
>
> Regards,
>
> Erik
>
> M.B.Jr. wrote:
>> Hi list,
>> this is my first message here.
>>
>> Firstly, thank you Werner Koch and collaborators for such a superb software.
>>
>> More than an enthusiast on cryptography, I am a Brazilian citizen,
>> concerned with the privacy and authenticity "components" involved in
>> information exchange transactions (not only in digital format).
>> Mainly, I'm concerned with the proper degree into which privacy and
>> authenticity can contribute to a fair relationship between society and
>> government.
>>
>> Digressions left aside, I've been using GnuPG for a while both in
>> Linux distros and in Windows XP, without facing big issues. Until now.
>> Let me depict the situation.
>>
>> OS: Windows XP Home SP3.
>> GnuPG version: 1.4.7
>>
>> I have already generated a GnuPG key pair with ELG-E and DSA and
>> everything was working fine.
>> I was able then to sign files, simply with (e.g.):
>>
>>
>> (1) gpg --clearsign "myfile.txt"
>>
>>
>> by the time I generated a second key pair (again with ELG-E and DSA)
>> to a new, distinct "user-id", this problem took place.
>>
>> Now, I want to sign some stuff with the new local user id's private
>> key, and I try the command (e.g.):
>>
>>
>> (2) gpg --local-user "[NEW_ID_NAME]" --clearsign "somefile.txt"
>>
>>
>> and it prompts me NOT for a passphrase, nor does it even create an
>> empty "asc" file.
>> Instead, it only returns the message:
>>
>> usage: gpg [options] [filename]
>>
>> So far, I can only sign files with (1), using the first private key my
>> GnuPG installation generated, which represents sort of a
>> default-and-only usable "user-id".
>>
>> Is it expected? Am I missing something? Is it possible to sign files
>> with my second "user-id"?
>>


Thank you very much,



- --
Marcio Barbado, Jr.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFKi0NThIh3kh+NgOcRAiYqAJ9EoZhxqXmf/CWurxfBQ3WPdkg0vQCdEE4m
OEfsumdFF+sMnxtKNv4n+kA=
=g3Xa
-----END PGP SIGNATURE-----


From wk at gnupg.org  Wed Aug 19 09:20:40 2009
From: wk at gnupg.org (Werner Koch)
Date: Wed, 19 Aug 2009 09:20:40 +0200
Subject: How do I flush a bad symmetric password from gpg-agent?
In-Reply-To: <4A8AF2CA.70409@dougbarton.us> (Doug Barton's message of "Tue, 18
	Aug 2009 11:28:26 -0700")
References: <4A8AF2CA.70409@dougbarton.us>
Message-ID: <873a7o1d87.fsf@wheatstone.g10code.de>

On Tue, 18 Aug 2009 20:28, dougb at dougbarton.us said:

> Today I mis-typed a passphrase for a symmetrically encrypted file and
> was surprised to discover that gpg-agent had stored the bad passphrase
> and would not let me access the file. I have occasionally in the past

This is a new and probably not too well tested feature.  I'll check whey
this is going wrong.

> Looking through the man page I don't see any way to flush the bad
> password from the agent. Killing and restarting works of course, but

That is pretty easy: Give the gpg-agent a HUP ("pkill -HUP gpg-agent")
or better use "gpgconf --reload gpg-agent" which basically does the
same.  


 SIGHUP 

    This signal flushes all cached passphrases and if the program has
    been started with a configuration file, the configuration file is
    read again.  Only certain options are honored: quiet, verbose,
    debug, debug-all, debug-level, no-grab, pinentry-program,
    default-cache-ttl, max-cache-ttl, ignore-cache-for-signing,
    allow-mark-trusted and disable-scdaemon.  scdaemon-program is also
    supported but due to the current implementation, which calls the
    scdaemon only once, it is not of much use unless you manually kill
    the scdaemon.



Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.



From listen at story-games.at  Wed Aug 19 11:37:05 2009
From: listen at story-games.at (Aaron)
Date: Wed, 19 Aug 2009 11:37:05 +0200
Subject: gpg-agent wants to go online
Message-ID: <4A8BC7C1.8050201@story-games.at>

Hi, everybody!

I've recently switched over (by way of gpg4win) to GPG 2.0.12 and
there's one thing I'm wondering: When I start gpg, my firewall asks me
if I want to allow gpg-agent to connect to the network. Being one of
those strange people who prefer it when his programs aren't online
unnecessarily, I've been looking for reasons why gpg-agent wants this
connection.

At first I figured it would connect to a keyserver, but it seems there
is another program for that.

So, if it an update process or something?

Aaron


From kevhilton at gmail.com  Wed Aug 19 15:28:41 2009
From: kevhilton at gmail.com (Kevin Hilton)
Date: Wed, 19 Aug 2009 08:28:41 -0500
Subject: Practical Advice for those using AES256 cipher?
Message-ID: <96c450350908190628q133d5e2ehadb0e601281feb33@mail.gmail.com>

Although I usually get a wide range of responses, is there any
practical advice an end-user should take away from the recent AES256
attacks as described
here:http://www.schneier.com/blog/archives/2009/07/another_new_aes.html?
 Should I continue to use AES256 (double AES) or default to single AES
or simply default back to 3DES, or just sit tight?  Although I found
the article interesting (not sure if I understood a lot of the blog
comments), is there any practical advice I should take away from it as
it relates to GnuPG?

-- 
Kevin Hilton


From wk at gnupg.org  Wed Aug 19 17:41:48 2009
From: wk at gnupg.org (Werner Koch)
Date: Wed, 19 Aug 2009 17:41:48 +0200
Subject: gpg-agent wants to go online
In-Reply-To: <4A8BC7C1.8050201@story-games.at> (listen@story-games.at's
	message of "Wed, 19 Aug 2009 11:37:05 +0200")
References: <4A8BC7C1.8050201@story-games.at>
Message-ID: <87bpmbzu83.fsf@wheatstone.g10code.de>

On Wed, 19 Aug 2009 11:37, listen at story-games.at said:

> I've recently switched over (by way of gpg4win) to GPG 2.0.12 and
> there's one thing I'm wondering: When I start gpg, my firewall asks me
> if I want to allow gpg-agent to connect to the network. Being one of

That is one of these stupid firewalls, not expecting that local TCP
connections (a connection to 127.0.0.1).  The Kleopatra keymanager even
has a test for this and shows an appropriate notice.

Connecting to the local host is fine, it is nothing else than a simple
inter process connection (IPC).  Put the the address 127.0.0.1 into the
whitelist of your firewall.

Background: Under Windows we don't have Unix Domain sockets.  However,
we use them in GnuPG for IPC and thus need a way to emulate them on
Windows.  Given that we use the sockets semantics it is natural that we
use a local TCP connection.  Actually this method is the only which
easily allows to restrict a server to accept connection only from the
local host: The server does only listen on 127.0.0.1 and thus is not
reachable from the outside.  The filename as sused with Unixdomain
sockets is here a real file containing the port the server is listening
to and a nonce so that only processes able to open the file are allowed
to connect to the server.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.



From wk at gnupg.org  Wed Aug 19 17:45:36 2009
From: wk at gnupg.org (Werner Koch)
Date: Wed, 19 Aug 2009 17:45:36 +0200
Subject: Practical Advice for those using AES256 cipher?
In-Reply-To: <96c450350908190628q133d5e2ehadb0e601281feb33@mail.gmail.com>
	(Kevin Hilton's message of "Wed, 19 Aug 2009 08:28:41 -0500")
References: <96c450350908190628q133d5e2ehadb0e601281feb33@mail.gmail.com>
Message-ID: <877hwzzu1r.fsf@wheatstone.g10code.de>

On Wed, 19 Aug 2009 15:28, kevhilton at gmail.com said:

> the article interesting (not sure if I understood a lot of the blog
> comments), is there any practical advice I should take away from it as
> it relates to GnuPG?

Don't care about it.  It is no threat to use AES 256 or AES 128.  The
remarkable gotcha is that the old wisdom that a longer key gives a
stronger cipher is not necessarily true.

I am sure others will start a new debate now what to do, but I consider
such a debate more or less academic.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.



From jbruni at me.com  Wed Aug 19 18:37:17 2009
From: jbruni at me.com (Joseph Oreste Bruni)
Date: Wed, 19 Aug 2009 09:37:17 -0700
Subject: Practical Advice for those using AES256 cipher?
In-Reply-To: <96c450350908190628q133d5e2ehadb0e601281feb33@mail.gmail.com>
References: <96c450350908190628q133d5e2ehadb0e601281feb33@mail.gmail.com>
Message-ID: <22145852827138155407467769205610144234-Webmail@me.com>

The successful attacks were on reduced-round versions of the algorithm, not on the current implementations. The article was mostly informative for crypto geeks as a state-of-the-art. The practical advice for end-users would be to stick with the defaults for now.

Joe


 
On Wednesday, August 19, 2009, at 06:28AM, "Kevin Hilton" <kevhilton at gmail.com> wrote:
>Although I usually get a wide range of responses, is there any
>practical advice an end-user should take away from the recent AES256
>attacks as described
>here:http://www.schneier.com/blog/archives/2009/07/another_new_aes.html?
> Should I continue to use AES256 (double AES) or default to single AES
>or simply default back to 3DES, or just sit tight?  Although I found
>the article interesting (not sure if I understood a lot of the blog
>comments), is there any practical advice I should take away from it as
>it relates to GnuPG?
>
>-- 
>Kevin Hilton
>
>_______________________________________________
>Gnupg-users mailing list
>Gnupg-users at gnupg.org
>http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>


From dshaw at jabberwocky.com  Wed Aug 19 19:24:08 2009
From: dshaw at jabberwocky.com (David Shaw)
Date: Wed, 19 Aug 2009 13:24:08 -0400
Subject: Practical Advice for those using AES256 cipher?
In-Reply-To: <96c450350908190628q133d5e2ehadb0e601281feb33@mail.gmail.com>
References: <96c450350908190628q133d5e2ehadb0e601281feb33@mail.gmail.com>
Message-ID: <A7BF0A14-23E5-434D-953B-1B92AE22C410@jabberwocky.com>

On Aug 19, 2009, at 9:28 AM, Kevin Hilton wrote:

> Although I usually get a wide range of responses, is there any
> practical advice an end-user should take away from the recent AES256
> attacks as described
> here:http://www.schneier.com/blog/archives/2009/07/another_new_aes.html?
> Should I continue to use AES256 (double AES) or default to single AES
> or simply default back to 3DES, or just sit tight?  Although I found
> the article interesting (not sure if I understood a lot of the blog
> comments), is there any practical advice I should take away from it as
> it relates to GnuPG?

The brief summary is don't worry too much about it.

The less brief summary is that given a particular relationship between  
the (session) keys in use, and multiple copies of the same plaintext  
encrypted with these particular keys, an attacker can attack a  
simplified version of AES256 in less time than it would take to attack  
it via brute force (and amusingly enough, in less time than it would  
take to attack AES128).  The multiple catches here is that you usually  
don't have special keys, you don't usually have multiple copies of the  
same plaintext encrypted with the special keys, the amount of time it  
would take to attack is still unfeasible, and GnuPG doesn't use a  
simplified version of AES256 anyway (nobody does).

Is this bad for AES256?  Absolutely.  It's a crack in the armor.  But  
is it a problem in OpenPGP today?  Not really, no.

So speaking about how it relates to GnuPG, I wouldn't bother to do  
anything about it, personally, but if it worries you, you can easily  
rank AES128 higher than AES256 in your preferences (or even remove  
AES256 altogether if you like).  Either way you're probably fine.

David



From rjh at sixdemonbag.org  Wed Aug 19 20:27:49 2009
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 19 Aug 2009 14:27:49 -0400
Subject: Practical Advice for those using AES256 cipher?
In-Reply-To: <96c450350908190628q133d5e2ehadb0e601281feb33@mail.gmail.com>
References: <96c450350908190628q133d5e2ehadb0e601281feb33@mail.gmail.com>
Message-ID: <4A8C4425.4060400@sixdemonbag.org>

Kevin Hilton wrote:
> Although I usually get a wide range of responses, is there any 
> practical advice an end-user should take away from the recent AES256 
> attacks as described here?

To repeat my usual advice:  "Unless you know what you're doing and why,
stick with the defaults."

The AES256 attack does not change that advice.  The attack is incredibly
interesting in an abstract mathematical sense; in terms of the real
world it's not worth thinking twice about.


From henkdebruijn at gswot.org  Wed Aug 19 20:33:16 2009
From: henkdebruijn at gswot.org (Henk M. de Bruijn)
Date: Wed, 19 Aug 2009 20:33:16 +0200
Subject: Practical Advice for those using AES256 cipher?
In-Reply-To: <877hwzzu1r.fsf@wheatstone.g10code.de>
References: <96c450350908190628q133d5e2ehadb0e601281feb33@mail.gmail.com>
	<877hwzzu1r.fsf@wheatstone.g10code.de>
Message-ID: <4A8C456C.4010402@gswot.org>

Werner Koch schreef:

<...snipped>
> I am sure others will start a new debate now what to do, but I consider
> such a debate more or less academic.  
Grin ;-)

-- 
Henk M. de Bruijn

________________________________________________________________________
Mozilla Thunderbird 2.0.0.22 (20090605) with Enigmail 0.95.7 
and KGpg 2.0.0 on OS:Linux 2.6.27.21-0.1-pae i686
Systeem:openSUSE 11.1 (i586) with KDE:4.1.3 (KDE 4.1.3) "release 4.10.4"



From dougb at dougbarton.us  Wed Aug 19 21:32:20 2009
From: dougb at dougbarton.us (Doug Barton)
Date: Wed, 19 Aug 2009 12:32:20 -0700
Subject: How do I flush a bad symmetric password from gpg-agent?
In-Reply-To: <873a7o1d87.fsf@wheatstone.g10code.de>
References: <4A8AF2CA.70409@dougbarton.us>
	<873a7o1d87.fsf@wheatstone.g10code.de>
Message-ID: <4A8C5344.4060701@dougbarton.us>

Werner Koch wrote:
> On Tue, 18 Aug 2009 20:28, dougb at dougbarton.us said:
> 
>> Today I mis-typed a passphrase for a symmetrically encrypted file and
>> was surprised to discover that gpg-agent had stored the bad passphrase
>> and would not let me access the file. I have occasionally in the past
> 
> This is a new and probably not too well tested feature.  I'll check whey
> this is going wrong.

Fair enough, thanks.

>> Looking through the man page I don't see any way to flush the bad
>> password from the agent. Killing and restarting works of course, but
> 
> That is pretty easy: Give the gpg-agent a HUP ("pkill -HUP gpg-agent")
> or better use "gpgconf --reload gpg-agent" which basically does the
> same.  
> 
> 
>  SIGHUP 
> 
>     This signal flushes all cached passphrases 

Ok, now I'm really embarrassed. I thought sure I had read the whole
gpg-agent man page AND searched for the word "flush" but obviously I
was wrong on both counts. :-/


Thanks again,

Doug


From ueno at unixuser.org  Thu Aug 20 03:15:48 2009
From: ueno at unixuser.org (Daiki Ueno)
Date: Thu, 20 Aug 2009 10:15:48 +0900
Subject: How do I flush a bad symmetric password from gpg-agent?
In-Reply-To: <4A8C5344.4060701__17863.5451746688$1250713354$gmane$org@dougbarton.us>
	(Doug Barton's message of "Wed, 19 Aug 2009 12:32:20 -0700")
References: <4A8AF2CA.70409@dougbarton.us>
	<873a7o1d87.fsf@wheatstone.g10code.de>
	<4A8C5344.4060701__17863.5451746688$1250713354$gmane$org@dougbarton.us>
Message-ID: <cfa30a82-0d46-454b-b397-b75e45c9ac21@broken.deisui.org>

>>>>> In <4A8C5344.4060701__17863.5451746688$1250713354$gmane$org at dougbarton.us> 
>>>>>	Doug Barton <dougb at dougbarton.us> wrote:
> >> Today I mis-typed a passphrase for a symmetrically encrypted file and
> >> was surprised to discover that gpg-agent had stored the bad passphrase
> >> and would not let me access the file. I have occasionally in the past
> > 
> > This is a new and probably not too well tested feature.  I'll check whey
> > this is going wrong.

> Fair enough, thanks.

That's my fault, sorry.  The attached patch should fix the problem.
Could you try it?

2009-08-20  Daiki Ueno  <ueno at unixuser.org>

	* mainproc.c (proc_encrypted): Clear passphrase cached with S2K
	cache ID if decryption failed.
	* passphrase.c (passphrase_to_dek_ext): Set dek->s2k_cacheid.
	* gpgv.c (passphrase_clear_cache): New stub.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: clear-symmetric-passphrase.diff
Type: text/x-diff
Size: 2761 bytes
Desc: not available
URL: </pipermail/attachments/20090820/34d9c496/attachment.diff>
-------------- next part --------------

Regards,
-- 
Daiki Ueno

From dougb at dougbarton.us  Fri Aug 21 07:12:56 2009
From: dougb at dougbarton.us (Doug Barton)
Date: Thu, 20 Aug 2009 22:12:56 -0700
Subject: How do I flush a bad symmetric password from gpg-agent?
In-Reply-To: <cfa30a82-0d46-454b-b397-b75e45c9ac21@broken.deisui.org>
References: <4A8AF2CA.70409@dougbarton.us>	<873a7o1d87.fsf@wheatstone.g10code.de>	<4A8C5344.4060701__17863.5451746688$1250713354$gmane$org@dougbarton.us>
	<cfa30a82-0d46-454b-b397-b75e45c9ac21@broken.deisui.org>
Message-ID: <4A8E2CD8.6030705@dougbarton.us>

Daiki Ueno wrote:
>>>>>> In <4A8C5344.4060701__17863.5451746688$1250713354$gmane$org at dougbarton.us> 
>>>>>> 	Doug Barton <dougb at dougbarton.us> wrote:
>>>> Today I mis-typed a passphrase for a symmetrically encrypted file and
>>>> was surprised to discover that gpg-agent had stored the bad passphrase
>>>> and would not let me access the file. I have occasionally in the past
>>> This is a new and probably not too well tested feature.  I'll check whey
>>> this is going wrong.
> 
>> Fair enough, thanks.
> 
> That's my fault, sorry.  The attached patch should fix the problem.
> Could you try it?

Thanks! This produces the following output with the wrong passphrase:

gpg --decrypt file.gpg
[...]
gpg: DBG: cleared passphrase cached with ID: ABCD1234567890
gpg: decryption failed: Bad session key

Then when I try to decrypt the file again I get reprompted for the
passphrase which is a huge improvement. If I had the chance to choose
I would prefer the same sort of UI as the private key or ssh key uses
when the wrong passphrase is entered (e.g., "Invalid passphrase;
please try again") but the change in your patch is definitely a huge
improvement.


Thanks again,

Doug


From tux.tsndcb at free.fr  Thu Aug 20 12:54:45 2009
From: tux.tsndcb at free.fr (tux.tsndcb at free.fr)
Date: Thu, 20 Aug 2009 12:54:45 +0200 (CEST)
Subject: how to validate keys on smartcard (only) on an other PC or on a
	news OS installation
In-Reply-To: <479230030.1496851250765642672.JavaMail.root@zimbra7-e1.priv.proxad.net>
Message-ID: <984434909.1503501250765685455.JavaMail.root@zimbra7-e1.priv.proxad.net>

Hi,

I don't know how to validate keys on smartcard V2 on PC2 when the keys has been generated on PC1 or if the hard disk crash on PC1 how to validate again it after new OS installation.

I ask for this, because when I put for example my smartcard on PC2 with key generate on PC1, when I done gpg2 --card-status or gpg2 --card-edit I can only see the fingerprint of the three keys but nothing on General key information.

I've done many test on debian with gnupg2 patched with (cherry keyboard (terminal xx44) and smc 3440) and with gpg4win 2.0.0. with (cherry keyboard (terminal xx44) and smc 3440).

But I've always the same result, I can only see general key info on the OS where I've generated the keys.

Perhaps I think there are some command line to validate smartcard keys on trust database or other ?

So how can I do that (import key, when I've only keys on smartcard, no public key on keyserver or on file and no file private and secret keys backup.

Thanks in advanced for your help.

Best Regards.


From tux.tsndcb at free.fr  Fri Aug 21 15:39:34 2009
From: tux.tsndcb at free.fr (tux.tsndcb at free.fr)
Date: Fri, 21 Aug 2009 15:39:34 +0200 (CEST)
Subject: how to validate keys on smartcard (only) on an other PC or on a
	news OS installation
In-Reply-To: <1723327627.1637411250861956298.JavaMail.root@zimbra7-e1.priv.proxad.net>
Message-ID: <1603470318.1637431250861974708.JavaMail.root@zimbra7-e1.priv.proxad.net>

Hi,

I don't know how to validate keys on smartcard V2 on PC2 when the keys has been generated on PC1 or if the hard disk crash on PC1 how to validate again it after new OS installation.

I ask for this, because when I put for example my smartcard on PC2 with key generate on PC1, when I done gpg2 --card-status or gpg2 --card-edit I can only see the fingerprint of the three keys but nothing on General key information.

I've done many test on debian with gnupg2 patched with (cherry keyboard (terminal xx44) and smc 3440) and with gpg4win 2.0.0. with (cherry keyboard (terminal xx44) and smc 3440).

But I've always the same result, I can only see general key info on the OS where I've generated the keys.

Perhaps I think there are some command line to validate smartcard keys on trust database or other ?

So how can I do that (import key, when I've only keys on smartcard, no public key on keyserver or on file and no file private and secret keys backup.

Thanks in advanced for your help.

Best Regards.


From steveo at syslang.net  Fri Aug 21 16:28:20 2009
From: steveo at syslang.net (Steven W. Orr)
Date: Fri, 21 Aug 2009 10:28:20 -0400
Subject: Confused about signing inline vs siging with attached signature.
Message-ID: <4A8EAF04.6020801@syslang.net>

I decided to try sending my email with a signature attached instead of using
an inline signature. Now my friend with Outlook Express is telling me that the
message body is blank and that in order for him to see the message, he now has
to open the text attachment. (He is not verifying the signature.) I'm using
gpg2/Thunderbird/Enigmail and I sent a message to an address which then
forwards back to me. Here's the structure I see when it comes back:

From: "Steven W. Orr" <me>
Organization: SysLang
User-Agent: Thunderbird 2.0.0.21 (X11/20090320)
MIME-Version: 1.0
To: linus at tivoli.mv.com
Subject: 2nd shot at testing the
X-Enigmail-Version: 0.96.0
OpenPGP: id=F0BE3724;
	url=http://steveo.syslang.net/steveo-pubkey.asc
X-GPG-PUBLIC_KEY: http://subkeys.pgp.net:11371/pks/lookup?op=get&search=0xF0BE3724
X-GPG-FINGRPRINT: 5E2A 0119 8E98 730A 87DF  205C 4485 72E1 F0BE 3724
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="------------enig3D16DCFA59224E3B4529154E"
X-Spam-Status: No, score=-3.0 required=5.0 tests=AWL,BAYES_00 autolearn=ham
	version=3.2.5 country=US US **
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on saturn.syslang.net

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig3D16DCFA59224E3B4529154E
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

EFS Emergency Farding System

--=20
Time flies like the wind. Fruit flies like a banana. Stranger things have=
  .0.
happened but none stranger than this. Does your driver's license say Orga=
n ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all=
- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net


--------------enig3D16DCFA59224E3B4529154E
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkqOq5AACgkQRIVy4fC+NyQCSgCdGoPfFC8XP1zbLI6E/trYSaXK
DK0AniX4K8dxp3L3FPvMUAEqKknifvMI
=D4Y4
-----END PGP SIGNATURE-----

--------------enig3D16DCFA59224E3B4529154E--

Should I not be using the MIME signature or is there something he should
change at his end (besides OE), or is this question something that is not gpg2
related in the first place?

TIA

-- 
Time flies like the wind. Fruit flies like a banana. Stranger things have  .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090821/0fbc1b63/attachment.pgp>

From shavital at mac.com  Fri Aug 21 16:57:05 2009
From: shavital at mac.com (Charly Avital)
Date: Fri, 21 Aug 2009 10:57:05 -0400
Subject: Confused about signing inline vs siging with attached signature.
In-Reply-To: <4A8EAF04.6020801@syslang.net>
References: <4A8EAF04.6020801@syslang.net>
Message-ID: <4A8EB5C1.1090902@mac.com>

Steven W. Orr wrote the following on 8/21/09 10:28 AM:
> I decided to try sending my email with a signature attached instead of using
> an inline signature. Now my friend with Outlook Express is telling me that the
> message body is blank and that in order for him to see the message, he now has
> to open the text attachment. (He is not verifying the signature.) I'm using
> gpg2/Thunderbird/Enigmail and I sent a message to an address which then
> forwards back to me. Here's the structure I see when it comes back:

Hi Steven,

that is the structure that I can see when I chose View/Message source.

[cut]

> 
> Should I not be using the MIME signature or is there something he should
> change at his end (besides OE), or is this question something that is not gpg2
> related in the first place?
> 
> TIA

I believe that's the way Windows Outlook Express (paired with some
crypto module that is installed by the GnuPG4Win installer, for all I
know) processes OpenPGP/MIME messages.

If you friend is willing to use e.g. Thunderbird, he will get a
completely different rendering of an incoming OpenPGP/MIME e-mail.

This is neither GnuPG nor gpg2 related.

Take care,
Charly
MacOS 10.5.8-MacBook Intel C2Duo 2GHz-GnuPG 1.4.10rc1-MacGPG 2.0.12
TB 2.0.0.23+EM 0.96.0-Apple's Mail+GPGMail 1.2.0 (v56), Key: 0xA57A8EFA


From erik at lotspeich.org  Fri Aug 21 17:01:56 2009
From: erik at lotspeich.org (Erik Lotspeich)
Date: Fri, 21 Aug 2009 10:01:56 -0500
Subject: Confused about signing inline vs siging with attached signature.
In-Reply-To: <4A8EAF04.6020801@syslang.net>
References: <4A8EAF04.6020801@syslang.net>
Message-ID: <4A8EB6E4.3060708@lotspeich.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Steven,

I use the OpenPGP method (inline signatures) instead of PGP/MIME
(detached signatures) for exactly this reason.  It seems to be a common
problem that Outlook Express has trouble processing PGP/MIME e-mails.

I only use PGP/MIME when I need to send the message encrypted and I need
to send encrypted file attachments that I haven't previously encrypted
independently of e-mail.

Basically, nobody should be using Outlook Express -- it is a horrible
e-mail program with dozens of design flaws.

I would recommend to your friend that he consider Office Outlook.
Office Outlook shares nothing with Outlook Express (except for the
"Outlook" name) and is tremendous improvement.  Maybe your friend would
consider Thunderbird with Enigmail?

Regards

Erik

Steven W. Orr wrote:
> I decided to try sending my email with a signature attached instead of using
> an inline signature. Now my friend with Outlook Express is telling me that the
> message body is blank and that in order for him to see the message, he now has
> to open the text attachment. (He is not verifying the signature.) I'm using
> gpg2/Thunderbird/Enigmail and I sent a message to an address which then
> forwards back to me. Here's the structure I see when it comes back:
> 
> From: "Steven W. Orr" <me>
> Organization: SysLang
> User-Agent: Thunderbird 2.0.0.21 (X11/20090320)
> MIME-Version: 1.0
> To: linus at tivoli.mv.com
> Subject: 2nd shot at testing the
> X-Enigmail-Version: 0.96.0
> OpenPGP: id=F0BE3724;
> 	url=http://steveo.syslang.net/steveo-pubkey.asc
> X-GPG-PUBLIC_KEY: http://subkeys.pgp.net:11371/pks/lookup?op=get&search=0xF0BE3724
> X-GPG-FINGRPRINT: 5E2A 0119 8E98 730A 87DF  205C 4485 72E1 F0BE 3724
> Content-Type: multipart/signed; micalg=pgp-sha1;
>  protocol="application/pgp-signature";
>  boundary="------------enig3D16DCFA59224E3B4529154E"
> X-Spam-Status: No, score=-3.0 required=5.0 tests=AWL,BAYES_00 autolearn=ham
> 	version=3.2.5 country=US US **
> X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on saturn.syslang.net
> 
> This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
> --------------enig3D16DCFA59224E3B4529154E
> Content-Type: text/plain; charset=ISO-8859-1
> Content-Transfer-Encoding: quoted-printable
> 
> EFS Emergency Farding System
> 
> --=20
> Time flies like the wind. Fruit flies like a banana. Stranger things have=
>   .0.
> happened but none stranger than this. Does your driver's license say Orga=
> n ..0
> Donor?Black holes are where God divided by zero. Listen to me! We are all=
> - 000
> individuals! What if this weren't a hypothetical question?
> steveo at syslang.net
> 
> 
> --------------enig3D16DCFA59224E3B4529154E
> Content-Type: application/pgp-signature; name="signature.asc"
> Content-Description: OpenPGP digital signature
> Content-Disposition: attachment; filename="signature.asc"
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.10 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
> 
> iEYEARECAAYFAkqOq5AACgkQRIVy4fC+NyQCSgCdGoPfFC8XP1zbLI6E/trYSaXK
> DK0AniX4K8dxp3L3FPvMUAEqKknifvMI
> =D4Y4
> -----END PGP SIGNATURE-----
> 
> --------------enig3D16DCFA59224E3B4529154E--
> 
> Should I not be using the MIME signature or is there something he should
> change at his end (besides OE), or is this question something that is not gpg2
> related in the first place?
> 
> TIA
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAkqOtuQACgkQY21D/n6bGweqtQCfd6dGX5vG8NG5yPADffWWnE0z
2ksAoL2mhN8rWijcezQiTrHnN1thCNaL
=PAPw
-----END PGP SIGNATURE-----


From david at coffeefish.org  Fri Aug 21 16:40:14 2009
From: david at coffeefish.org (David Koppenhofer)
Date: Fri, 21 Aug 2009 10:40:14 -0400
Subject: Confused about signing inline vs siging with attached signature.
In-Reply-To: <4A8EAF04.6020801@syslang.net>
References: <4A8EAF04.6020801@syslang.net>
Message-ID: <d67f0480908210740o3703662buc55e798c3afa78bb@mail.gmail.com>

On Fri, Aug 21, 2009 at 10:28, Steven W. Orr<steveo at syslang.net> wrote:
> I decided to try sending my email with a signature attached instead of using
> an inline signature. Now my friend with Outlook Express is telling me that the
> message body is blank and that in order for him to see the message, he now has
> to open the text attachment. (He is not verifying the signature.)

OE has trouble with PGP/MIME.  Switch to inline, or have your friend dump OE.
http://www.piacitelli.org/oe.php


From lists at michel-messerschmidt.de  Sat Aug 22 21:04:50 2009
From: lists at michel-messerschmidt.de (Michel Messerschmidt)
Date: Sat, 22 Aug 2009 21:04:50 +0200
Subject: how to validate keys on smartcard (only) on an other PC or on
	a news OS installation
In-Reply-To: <1603470318.1637431250861974708.JavaMail.root@zimbra7-e1.priv.proxad.net>
References: <1723327627.1637411250861956298.JavaMail.root@zimbra7-e1.priv.proxad.net>
	<1603470318.1637431250861974708.JavaMail.root@zimbra7-e1.priv.proxad.net>
Message-ID: <20090822190450.GA6368@rio.matrix>

On Fri, Aug 21, 2009 at 03:39:34PM +0200, tux.tsndcb at free.fr wrote:
> So how can I do that (import key, when I've only keys on smartcard, no public key on keyserver or on file and no file private and secret keys backup.

AFAIK the smartcard contains only your secret keys not the public keys. 
That's what the URL entry on the smartcard is for.
If you set the URL to a location where your public key is stored, you 
can import your public key on other systems using 
"gpg2 --card-edit" -> "fetch"
If you don't set an URL on the smartcard, gpg will search your default 
keyservers instead.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: </pipermail/attachments/20090822/975c9011/attachment.pgp>

From tux.tsndcb at free.fr  Sun Aug 23 14:18:32 2009
From: tux.tsndcb at free.fr (tux.tsndcb at free.fr)
Date: Sun, 23 Aug 2009 14:18:32 +0200 (CEST)
Subject: how to validate keys on smartcard (only) on an other PC or on a
	news OS installation
In-Reply-To: <20090822190450.GA6368@rio.matrix>
Message-ID: <1084291430.1752321251029912723.JavaMail.root@zimbra7-e1.priv.proxad.net>

Hi,

Thanks for your answer.

Best Regard
----- Mail Original -----
De: "Michel Messerschmidt" <lists at michel-messerschmidt.de>
?: gnupg-users at gnupg.org
Envoy?: Samedi 22 Ao?t 2009 21h04:50 GMT +02:00 Harare / Pretoria
Objet: Re: how to validate keys on smartcard (only) on an other PC or on a news OS installation

On Fri, Aug 21, 2009 at 03:39:34PM +0200, tux.tsndcb at free.fr wrote:
> So how can I do that (import key, when I've only keys on smartcard, no public key on keyserver or on file and no file private and secret keys backup.

AFAIK the smartcard contains only your secret keys not the public keys. 
That's what the URL entry on the smartcard is for.
If you set the URL to a location where your public key is stored, you 
can import your public key on other systems using 
"gpg2 --card-edit" -> "fetch"
If you don't set an URL on the smartcard, gpg will search your default 
keyservers instead.


_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


From JBetz at InFimark.com  Tue Aug 25 00:28:02 2009
From: JBetz at InFimark.com (John Betz)
Date: Mon, 24 Aug 2009 18:28:02 -0400
Subject: Help with decrypting gpg file
Message-ID: <A6F8BDEF58304BAE9EA70AB9DD5F5D1C@VAJBetz>

I was hoping to get some help with decrypting an archived file. I am using
the following command:

 

 

echo "passphrase"| gpg --passphrase-fd 0 -o output.txt -d input.pgp

 

 

The output file is created with no problem, however, there is garbage in the
first record. If I rename the file (or create it) with a .zip extension and
try to open it with WinZip it does not recognize the file as an archive
file. When I do the same operation with PGP there is no problem.

 

I have scoured the documentation looking for the correct command or option
for indicating to gpg that the file is an archive file, but no to no avail.
Any help I can get with this would be appreciated.

 

Thanks,

 

John Betz

(office) 703-490-3227

(cell) 703-304-2536

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20090824/3253bab3/attachment.htm>

From erik at lotspeich.org  Tue Aug 25 22:58:01 2009
From: erik at lotspeich.org (Erik Lotspeich)
Date: Tue, 25 Aug 2009 15:58:01 -0500
Subject: Help with decrypting gpg file
In-Reply-To: <A6F8BDEF58304BAE9EA70AB9DD5F5D1C@VAJBetz>
References: <A6F8BDEF58304BAE9EA70AB9DD5F5D1C@VAJBetz>
Message-ID: <4A945059.6050400@lotspeich.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi John:

I would just do this:

gpg --decrypt input.pgp > output.txt

Let gpg prompt for your passphrase.  That way, your passphrase is not
part of bash history.

If that doesn't work, let us know what error messages are you getting
from GnuPG.

Regards,

Erik.

John Betz wrote:
> I was hoping to get some help with decrypting an archived file. I am
> using the following command:
> 
>  
> 
>  
> 
> echo ?passphrase?| gpg --passphrase-fd 0 -o output.txt -d input.pgp
> 
>  
> 
>  
> 
> The output file is created with no problem, however, there is garbage in
> the first record. If I rename the file (or create it) with a .zip
> extension and try to open it with WinZip it does not recognize the file
> as an archive file. When I do the same operation with PGP there is no
> problem.
> 
>  
> 
> I have scoured the documentation looking for the correct command or
> option for indicating to gpg that the file is an archive file, but no to
> no avail. Any help I can get with this would be appreciated.
> 
>  
> 
> Thanks,
> 
>  
> 
> John Betz
> 
> (office) 703-490-3227
> 
> (cell) 703-304-2536
> 
>  
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAkqUUFkACgkQY21D/n6bGwccEwCdEV0axWKmHKn8wnx3v1ay9qy2
o3EAoLKmmya6zYNyU/V7xLYQOO3Ld18E
=905O
-----END PGP SIGNATURE-----


From erik at lotspeich.org  Tue Aug 25 23:37:17 2009
From: erik at lotspeich.org (Erik Lotspeich)
Date: Tue, 25 Aug 2009 16:37:17 -0500
Subject: Help with decrypting gpg file
In-Reply-To: <FFE25DC8F2CF4CE18CCEC51E74A733DD@VAJBetz>
References: <A6F8BDEF58304BAE9EA70AB9DD5F5D1C@VAJBetz>
	<4A945059.6050400@lotspeich.org>
	<FFE25DC8F2CF4CE18CCEC51E74A733DD@VAJBetz>
Message-ID: <4A94598D.4080609@lotspeich.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi John,

What you are talking about sounds like a non-standard PGP feature.  I
would definitely not recommend using this type of "mis-feature" as it
breaks standards and limits compatibility.

I would suggest creating zip archives normally (in the standard way
using pkzip or its equivalent) and then encrypting them separately
(again, in the standard way).  This way, you can decrypt the archive
with GnuPG and then unzip the file with the 'unzip' command afterwards.

As it is now, you may want to use a hex editor like "bvi" (binary vi) or
 even dd (with an offset) to remove the "garbage" and "fix" the file so
you can use GnuPG to decrypt it normally.

Regards,

Erik

John Betz wrote:
> Erik,
> 
> Thanks a lot for your response. I can successfully decrypt files with one
> exception - those that are zipped or archived. In this case the source file
> was created using Power Archiver. When the file is decrypted, there is
> garbage in the first record. It's as if gpg doesn't recognize that the input
> file is an archive file. (When I use PGP, the output file is automatically
> created as a WinZip compatible archive file when it is decrypted.)
> 
> By the way, I did use your recommended command string and got the same
> result. I suspect there is some kind of option that is required so that gpg
> knows that the output file should be created as an archive type file.
> 
> Thank you very much for your help.
> 
> John
> (office) 703-490-3227
> (cell) 703-304-2536
> 
> -----Original Message-----
> From: Erik Lotspeich [mailto:erik at lotspeich.org] 
> Sent: Tuesday, August 25, 2009 4:58 PM
> To: John Betz
> Cc: gnupg-users at gnupg.org
> Subject: Re: Help with decrypting gpg file
> 
> Hi John:
> 
> I would just do this:
> 
> gpg --decrypt input.pgp > output.txt
> 
> Let gpg prompt for your passphrase.  That way, your passphrase is not
> part of bash history.
> 
> If that doesn't work, let us know what error messages are you getting
> from GnuPG.
> 
> Regards,
> 
> Erik.
> 
> John Betz wrote:
>> I was hoping to get some help with decrypting an archived file. I am
>> using the following command:
> 
> 
> 
> 
> 
>> echo "passphrase"| gpg --passphrase-fd 0 -o output.txt -d input.pgp
> 
> 
> 
> 
> 
>> The output file is created with no problem, however, there is garbage in
>> the first record. If I rename the file (or create it) with a .zip
>> extension and try to open it with WinZip it does not recognize the file
>> as an archive file. When I do the same operation with PGP there is no
>> problem.
> 
> 
> 
>> I have scoured the documentation looking for the correct command or
>> option for indicating to gpg that the file is an archive file, but no to
>> no avail. Any help I can get with this would be appreciated.
> 
> 
> 
>> Thanks,
> 
> 
> 
>> John Betz
> 
>> (office) 703-490-3227
> 
>> (cell) 703-304-2536
> 
> 
> 
> 
>> ------------------------------------------------------------------------
> 
>> _______________________________________________
>> Gnupg-users mailing list
>> Gnupg-users at gnupg.org
>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAkqUWY0ACgkQY21D/n6bGwc9vwCfbkozbXnTsYODSoDOAx4zmYQD
5MQAn3ckBknw1hfWxn10DIJ+TQEyxrXb
=WkhW
-----END PGP SIGNATURE-----


From lopaki at gmail.com  Tue Aug 25 23:11:19 2009
From: lopaki at gmail.com (Scott Lambdin)
Date: Tue, 25 Aug 2009 17:11:19 -0400
Subject: Help with decrypting gpg file
In-Reply-To: <A6F8BDEF58304BAE9EA70AB9DD5F5D1C@VAJBetz>
References: <A6F8BDEF58304BAE9EA70AB9DD5F5D1C@VAJBetz>
Message-ID: <529e76830908251411m3419f13ft52a8dbc7c05b5643@mail.gmail.com>

Is input.pgp a test file that you created?  There is an attack that involves
inserting a small section of unencrypted garbage in the file.

 Sometimes

gpg --list-packets input.pgp

can give clues.

On Mon, Aug 24, 2009 at 6:28 PM, John Betz <JBetz at infimark.com> wrote:

>  I was hoping to get some help with decrypting an archived file. I am
> using the following command:
>
>
>
>
>
> echo ?passphrase?| gpg --passphrase-fd 0 -o output.txt -d input.pgp
>
>
>
>
>
> The output file is created with no problem, however, there is garbage in
> the first record. If I rename the file (or create it) with a .zip extension
> and try to open it with WinZip it does not recognize the file as an archive
> file. When I do the same operation with PGP there is no problem.
>
>
>
> I have scoured the documentation looking for the correct command or option
> for indicating to gpg that the file is an archive file, but no to no avail.
> Any help I can get with this would be appreciated.
>
>
>
> Thanks,
>
>
>
> John Betz
>
> (office) 703-490-3227
>
> (cell) 703-304-2536
>
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>


-- 
There's a box?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20090825/8cb59253/attachment.htm>

From dshaw at jabberwocky.com  Wed Aug 26 00:50:06 2009
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 25 Aug 2009 18:50:06 -0400
Subject: Help with decrypting gpg file
In-Reply-To: <A6F8BDEF58304BAE9EA70AB9DD5F5D1C@VAJBetz>
References: <A6F8BDEF58304BAE9EA70AB9DD5F5D1C@VAJBetz>
Message-ID: <7D957E61-8711-497B-B03B-4532A94BD810@jabberwocky.com>

On Aug 24, 2009, at 6:28 PM, John Betz wrote:

> I was hoping to get some help with decrypting an archived file. I am  
> using the following command:
>
>
> echo ?passphrase?| gpg --passphrase-fd 0 -o output.txt -d input.pgp
>
>
> The output file is created with no problem, however, there is  
> garbage in the first record. If I rename the file (or create it)  
> with a .zip extension and try to open it with WinZip it does not  
> recognize the file as an archive file. When I do the same operation  
> with PGP there is no problem.

How was the file encrypted in the first place?

David



From dshaw at jabberwocky.com  Wed Aug 26 15:41:38 2009
From: dshaw at jabberwocky.com (David Shaw)
Date: Wed, 26 Aug 2009 09:41:38 -0400
Subject: Help with decrypting gpg file
In-Reply-To: <EE707B02A70C4756990408CA49DFB71B@VAJBetz>
References: <A6F8BDEF58304BAE9EA70AB9DD5F5D1C@VAJBetz>
	<7D957E61-8711-497B-B03B-4532A94BD810@jabberwocky.com>
	<EE707B02A70C4756990408CA49DFB71B@VAJBetz>
Message-ID: <89868042-D0ED-461C-B08B-919AD0590F28@jabberwocky.com>

On Aug 26, 2009, at 9:38 AM, John Betz wrote:

> David,
>
> The file is a PowerArchiver file (containing multiple text files)  
> that was
> encrypted using PGP.

I'm not sure if that file is legal according to the OpenPGP spec.  It  
depends on how it was packed together.  If you can encrypt a sample  
file (using dummy data, but with the same number of text files) I  
would be happy to take a look at it and see what is happening  
internally to GPG.

David



From debian at neuerweg.de  Thu Aug 27 09:36:00 2009
From: debian at neuerweg.de (debianfeed)
Date: Thu, 27 Aug 2009 09:36:00 +0200
Subject: Using gpg-groups in gnome?
Message-ID: <4A963760.1090704@neuerweg.de>

Hello

does anybody here know a possibility to use gpg key-groups under gnome?
groups defined in the gpg.conf
(e.g. "group mygroupname = 0xAAAA9DB0 0xBBBB9540")
do not show up in nautilus' seahorse extension.

kgpg is capable of dealing with groups, but as it is a KDE-application
it ist not usable via the nautilus context menu.


best regards

Pete




From dshaw at jabberwocky.com  Thu Aug 27 16:48:04 2009
From: dshaw at jabberwocky.com (David Shaw)
Date: Thu, 27 Aug 2009 10:48:04 -0400
Subject: Help with decrypting gpg file
In-Reply-To: <6A81C45347C3404CBF04B7DEF63FEDAE@VAJBetz>
References: <A6F8BDEF58304BAE9EA70AB9DD5F5D1C@VAJBetz>
	<7D957E61-8711-497B-B03B-4532A94BD810@jabberwocky.com>
	<EE707B02A70C4756990408CA49DFB71B@VAJBetz>
	<89868042-D0ED-461C-B08B-919AD0590F28@jabberwocky.com>
	<6A81C45347C3404CBF04B7DEF63FEDAE@VAJBetz>
Message-ID: <ACD3F3B6-AA9A-430E-ABEB-6E2D19F5ED2B@jabberwocky.com>

On Aug 27, 2009, at 10:36 AM, John Betz wrote:

> I appreciate the offer David, but I don't have PowerArchiver so I  
> can't
> create a sample input file. The file I am trying to decrypt is  
> coming from
> another source so I would have to get them involved in order to  
> create a
> sample archive file. Because WinZip is compatible, I am able to open  
> with
> PGP and then extract the individual files. The problem is  
> specifically with
> GPG - and I am using that because PGP doesn't run in batch mode.
>
> My original thought was that there must be something I was doing  
> wrong when
> decrypting the file, but based on the feedback I am getting, and my  
> review
> of available commands and options I doubt that is the issue.

Try 'gpg --list-packets <thefile>'.  What does that return?

David



From bernhard at bksys.at  Thu Aug 27 19:36:02 2009
From: bernhard at bksys.at (Bernhard Kuemel)
Date: Thu, 27 Aug 2009 19:36:02 +0200
Subject: changing key expiration
Message-ID: <4A96C402.70501@bksys.at>

Hi gnupg-users!

I changed my expiration with --edit-key expire from never to 3y and
uploaded the key. Then I changed it to 5y and uploaded the key. Now the
uploaded key has several self signatures and expiration dates on
http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0xF732FBF3E4219D48

Type bits/keyID     cr. time   exp time   key expir

pub  1024D/E4219D48 2004-12-19

uid Bernhard Kuemel <bernhard at bksys.at>
sig  sig3  E4219D48 2004-12-19 __________ __________ [selfsig]
sig  sig3  1D503977 2008-08-13 __________ __________ Mathias Ertl
<mati at fsinf.at>
sig  sig3  E4219D48 2009-08-27 __________ 2012-08-26 [selfsig]
sig  sig3  E4219D48 2009-08-27 __________ 2014-08-26 [selfsig]

uid Bernhard K?mel <bernhard at bksys.at>
sig  sig3  E4219D48 2009-08-27 __________ 2012-08-26 [selfsig]
sig  sig3  E4219D48 2009-08-27 __________ 2014-08-26 [selfsig]

sub  1024g/0A5FA7F8 2004-12-19
sig sbind  E4219D48 2004-12-19 __________ __________ []


It appears the key expiration is part of the signatures. Will the most
recent signature have the effective expiration date?

I downloaded the key so I could revoke the unwanted signatures.
--list-packets hast 'expires 0' in the key packet and expiry dates in
the signature packets:

bernhard at be:~/.gnupg$ gpg --export bernhard at bksys.at|gpg --list-packets
:public key packet:
        version 4, algo 17, created 1103422098, expires 0
        pkey[0]: [1024 bits]
        pkey[1]: [160 bits]
        pkey[2]: [1021 bits]
        pkey[3]: [1020 bits]
:user ID packet: "Bernhard Kuemel <bernhard at bksys.at>"
:signature packet: algo 17, keyid F732FBF3E4219D48
        version 4, created 1251390038, md5len 0, sigclass 0x13
        digest algo 2, begin of digest 18 a8
        hashed subpkt 27 len 1 (key flags: 03)
        hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
        hashed subpkt 21 len 2 (pref-hash-algos: 2 3)
        hashed subpkt 22 len 2 (pref-zip-algos: 2 1)
        hashed subpkt 30 len 1 (features: 01)
        hashed subpkt 23 len 1 (key server preferences: 80)
        hashed subpkt 2 len 4 (sig created 2009-08-27)
        hashed subpkt 9 len 4 (key expires after 9y252d14h12m)
        subpkt 16 len 8 (issuer key ID F732FBF3E4219D48)
        data: [157 bits]
        data: [159 bits]
:signature packet: algo 17, keyid 3BD759FD1D503977
        version 4, created 1218642819, md5len 0, sigclass 0x13
        digest algo 2, begin of digest 6b 8a
        hashed subpkt 2 len 4 (sig created 2008-08-13)
        subpkt 16 len 8 (issuer key ID 3BD759FD1D503977)
        data: [159 bits]
        data: [160 bits]
:signature packet: algo 17, keyid F732FBF3E4219D48
        version 4, created 1103422098, md5len 0, sigclass 0x13
        digest algo 2, begin of digest cf ec
        hashed subpkt 2 len 4 (sig created 2004-12-19)
        hashed subpkt 27 len 1 (key flags: 03)
        hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
        hashed subpkt 21 len 2 (pref-hash-algos: 2 3)
        hashed subpkt 22 len 2 (pref-zip-algos: 2 1)
        hashed subpkt 30 len 1 (features: 01)
        hashed subpkt 23 len 1 (key server preferences: 80)
        subpkt 16 len 8 (issuer key ID F732FBF3E4219D48)
        data: [159 bits]
        data: [158 bits]
:signature packet: algo 17, keyid F732FBF3E4219D48
        version 4, created 1251389374, md5len 0, sigclass 0x13
        digest algo 2, begin of digest 7d 2b
        hashed subpkt 27 len 1 (key flags: 03)
        hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
        hashed subpkt 21 len 2 (pref-hash-algos: 2 3)
        hashed subpkt 22 len 2 (pref-zip-algos: 2 1)
        hashed subpkt 30 len 1 (features: 01)
        hashed subpkt 23 len 1 (key server preferences: 80)
        hashed subpkt 2 len 4 (sig created 2009-08-27)
        hashed subpkt 9 len 4 (key expires after 7y252d14h1m)
        subpkt 16 len 8 (issuer key ID F732FBF3E4219D48)
        data: [160 bits]
        data: [159 bits]
:user ID packet: "Bernhard K\xc3\xbcmel <bernhard at bksys.at>"
:signature packet: algo 17, keyid F732FBF3E4219D48
        version 4, created 1251390042, md5len 0, sigclass 0x13
        digest algo 2, begin of digest aa b4
        hashed subpkt 27 len 1 (key flags: 03)
        hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
        hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3)
        hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
        hashed subpkt 30 len 1 (features: 01)
        hashed subpkt 23 len 1 (key server preferences: 80)
        hashed subpkt 2 len 4 (sig created 2009-08-27)
        hashed subpkt 9 len 4 (key expires after 9y252d14h12m)
        subpkt 16 len 8 (issuer key ID F732FBF3E4219D48)
        data: [160 bits]
        data: [159 bits]
:signature packet: algo 17, keyid F732FBF3E4219D48
        version 4, created 1251389370, md5len 0, sigclass 0x13
        digest algo 2, begin of digest 44 14
        hashed subpkt 27 len 1 (key flags: 03)
        hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
        hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3)
        hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
        hashed subpkt 30 len 1 (features: 01)
        hashed subpkt 23 len 1 (key server preferences: 80)
        hashed subpkt 2 len 4 (sig created 2009-08-27)
        hashed subpkt 9 len 4 (key expires after 7y252d14h1m)
        subpkt 16 len 8 (issuer key ID F732FBF3E4219D48)
        data: [160 bits]
        data: [158 bits]
:public sub key packet:
        version 4, algo 16, created 1103422101, expires 0
        pkey[0]: [1024 bits]
        pkey[1]: [3 bits]
        pkey[2]: [1024 bits]
:signature packet: algo 17, keyid F732FBF3E4219D48
        version 4, created 1103422101, md5len 0, sigclass 0x18
        digest algo 2, begin of digest 19 66
        hashed subpkt 2 len 4 (sig created 2004-12-19)
        hashed subpkt 27 len 1 (key flags: 0C)
        subpkt 16 len 8 (issuer key ID F732FBF3E4219D48)
        data: [159 bits]
        data: [159 bits]

--edit-key revsig only shows me the date when the signatures were made,
but it is the same for the last 2 recently made signatures. How can I
tell them apart?

Thanks, Bernhard



From dkg at fifthhorseman.net  Thu Aug 27 21:25:57 2009
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Thu, 27 Aug 2009 15:25:57 -0400
Subject: changing key expiration
In-Reply-To: <4A96C402.70501@bksys.at>
References: <4A96C402.70501@bksys.at>
Message-ID: <4A96DDC5.6000706@fifthhorseman.net>

Hi Berhnard--

On 08/27/2009 01:36 PM, Bernhard Kuemel wrote:
> It appears the key expiration is part of the signatures. Will the most
> recent signature have the effective expiration date?

yes, the most recent certification made by the same issuer on a given
subject is considered to supercede all other signatures by the same
issuer over that subject (in your case, this is a self-signature, so the
issuer is the same as the subject).

> --edit-key revsig only shows me the date when the signatures were made,
> but it is the same for the last 2 recently made signatures. How can I
> tell them apart?

A revocation of the User ID from your Key with timestamp X will
effectively revoke *any* certification over the Key/User ID pair with a
timestamp < X.

So even if you were to issue a revocation of an earlier signature, if
the timstamp of your revocation happens to post-date a signature you
wanted to keep, it would be effectively invalidated by the same
revocation.  At least, this is how gpg appears to interpret the spec,
and it seems to be the only reasonable interpretation.

So the answer is: you don't need to issue a revocation for the earlier
certifications; they're already superceded by the new certification you
made.  And it could be actively harmful to try to issue a revocation
even for the first one (which you *can* distinguish by date) because the
revocation will effectively clobber *any* certification over the same
key/user ID made prior to the revocation.

If i've made any mistakes above, i hope someone will step in and correct me!

hth,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090827/216d6afc/attachment.pgp>

From bernhard at bksys.at  Thu Aug 27 21:30:37 2009
From: bernhard at bksys.at (Bernhard Kuemel)
Date: Thu, 27 Aug 2009 21:30:37 +0200
Subject: changing key expiration
In-Reply-To: <4A96DDC5.6000706@fifthhorseman.net>
References: <4A96C402.70501@bksys.at> <4A96DDC5.6000706@fifthhorseman.net>
Message-ID: <4A96DEDD.7060705@bksys.at>

Daniel Kahn Gillmor wrote:
> Hi Berhnard--
> 
> On 08/27/2009 01:36 PM, Bernhard Kuemel wrote:
>> It appears the key expiration is part of the signatures. Will the most
>> recent signature have the effective expiration date?
> 
> yes, the most recent certification made by the same issuer on a given
> subject is considered to supercede all other signatures by the same
> issuer over that subject (in your case, this is a self-signature, so the
> issuer is the same as the subject).

Ok, great. Could I also sign my key after it expired with a new
expiration period to revive it?

Bernhard



From kloecker at kde.org  Thu Aug 27 20:30:32 2009
From: kloecker at kde.org (Ingo =?iso-8859-1?q?Kl=F6cker?=)
Date: Thu, 27 Aug 2009 20:30:32 +0200
Subject: Using gpg-groups in gnome?
In-Reply-To: <4A963760.1090704@neuerweg.de>
References: <4A963760.1090704@neuerweg.de>
Message-ID: <200908272030.33297@thufir.ingo-kloecker.de>

On Thursday 27 August 2009, debianfeed wrote:
> Hello
>
> does anybody here know a possibility to use gpg key-groups under
> gnome? groups defined in the gpg.conf
> (e.g. "group mygroupname = 0xAAAA9DB0 0xBBBB9540")
> do not show up in nautilus' seahorse extension.
>
> kgpg is capable of dealing with groups, but as it is a
> KDE-application it ist not usable via the nautilus context menu.

I doubt very much that kgpg cannot be added to the Nautilus context 
menu. I'm pretty sure any application can be added to the Nautilus 
context menu. It's a common and hard to kill misconception that just 
because an application is based on the KDE libraries it does not work 
in Gnome and vice-versa.


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20090827/cde2574e/attachment.pgp>

From dkg at fifthhorseman.net  Thu Aug 27 22:06:39 2009
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Thu, 27 Aug 2009 16:06:39 -0400
Subject: changing key expiration
In-Reply-To: <4A96DEDD.7060705@bksys.at>
References: <4A96C402.70501@bksys.at> <4A96DDC5.6000706@fifthhorseman.net>
	<4A96DEDD.7060705@bksys.at>
Message-ID: <4A96E74F.8020307@fifthhorseman.net>

On 08/27/2009 03:30 PM, Bernhard Kuemel wrote:
> Ok, great. Could I also sign my key after it expired with a new
> expiration period to revive it?

Yes, i'm pretty sure you can do this, but i always take pains to try to
update the expiration date *before* it passes ;)

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090827/6a439244/attachment.pgp>

From jharris at widomaker.com  Thu Aug 27 21:17:49 2009
From: jharris at widomaker.com (Jason Harris)
Date: Thu, 27 Aug 2009 15:17:49 -0400
Subject: changing key expiration
In-Reply-To: <4A96C402.70501@bksys.at>
References: <4A96C402.70501@bksys.at>
Message-ID: <20090827191749.GA5930@wilma.widomaker.com>

On Thu, Aug 27, 2009 at 07:36:02PM +0200, Bernhard Kuemel wrote:

> I changed my expiration with --edit-key expire from never to 3y and
> uploaded the key. Then I changed it to 5y and uploaded the key. Now the
> uploaded key has several self signatures and expiration dates on
> http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0xF732FBF3E4219D48

> It appears the key expiration is part of the signatures. Will the most
> recent signature have the effective expiration date?

Yes:

  %gpg --with-fingerprint --with-fingerprint --check-sigs E4219D48
  pub   1024D/E4219D48 2004-12-19 [expires: 2014-08-26]
        Key fingerprint = E18F BF4D 0EE2 6522 E950  A06A F732 FBF3 E421 9D48
  uid                  Bernhard K?mel <bernhard at bksys.at>
  sig!3        E4219D48 2009-08-27  Bernhard K?mel <bernhard at bksys.at>
  sig!3        E4219D48 2009-08-27  Bernhard K?mel <bernhard at bksys.at>
  uid                  Bernhard Kuemel <bernhard at bksys.at>
  sig!3        E4219D48 2004-12-19  Bernhard K?mel <bernhard at bksys.at>
  sig!3        E4219D48 2009-08-27  Bernhard K?mel <bernhard at bksys.at>
  sig!3        E4219D48 2009-08-27  Bernhard K?mel <bernhard at bksys.at>
  sub   1024g/0A5FA7F8 2004-12-19
        Key fingerprint = A5C7 D8D4 3C01 9925 15B3  6310 04CE 1D3C 0A5F A7F8
  sig!         E4219D48 2004-12-19  Bernhard K?mel <bernhard at bksys.at>

  1 signature not checked due to a missing key

> I downloaded the key so I could revoke the unwanted signatures.

That isn't really necessary - it will just clutter your key and the
keyservers.

-- 
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
jharris at widomaker.com _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 313 bytes
Desc: not available
URL: </pipermail/attachments/20090827/b694a8a7/attachment-0001.pgp>

From jbruni at me.com  Fri Aug 28 00:03:53 2009
From: jbruni at me.com (Joseph Oreste Bruni)
Date: Thu, 27 Aug 2009 15:03:53 -0700
Subject: rotating encryption sub keys
Message-ID: <C14B9BB4-FB3F-47F7-9527-C22FC2524924@me.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Would it be considered a best practice to rotate encryption subkeys on  
an annual basis, or would that be considered overkill for most uses?

I realize that messages are encrypted using ephemeral session keys  
which in turn are encrypted with public keys. Considering the small  
amount of data (i.e. sessions keys) being encrypted using public keys,  
are ciphertext attacks really even feasible?


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)

iQEcBAEBCAAGBQJKlwLJAAoJEFGV1jrNVRjHpJUIAJ6Cv9cFXkNmSiXFjbxKlWjJ
TylQ+LDtLCwaauHVTO+hP7V557UoP5eGuB3KyD1G5Cp+4Ec3yD/vUhh8XkidEgqH
jSRQpvabpAvQL96i4IBvxMXG8s+uKtLfxf7NMNYeqSte/q7+kK+r1VGmunb0ukLO
+m+lRus94784NHx+ivcb21gmtozLEzvZi/Y3kOu8ZK/lAnUHYFsqK6H0hFYiXcEw
I1+Wk7iggDFcuS0GcWldlbiq70W+8477mlgyKAq1bTzEzZuOEf/vgXcr+/iQtk++
hZZlvBhYcsme0NFYWBXI/hrkvAfq3pJp0wcnNf+BaTYtFBemHcd4IecvWj8KC4w=
=9z+z
-----END PGP SIGNATURE-----


From rjh at sixdemonbag.org  Fri Aug 28 00:21:10 2009
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Thu, 27 Aug 2009 18:21:10 -0400
Subject: rotating encryption sub keys
In-Reply-To: <C14B9BB4-FB3F-47F7-9527-C22FC2524924@me.com>
References: <C14B9BB4-FB3F-47F7-9527-C22FC2524924@me.com>
Message-ID: <4A9706D6.4000406@sixdemonbag.org>

On 08/27/2009 06:03 PM, Joseph Oreste Bruni wrote:
> Would it be considered a best practice to rotate encryption subkeys on
> an annual basis, or would that be considered overkill for most uses?

There almost certainly exist people for whom this is a good idea.  That
said, I've never met 'em.  It seems to be massive overkill.



From dshaw at jabberwocky.com  Fri Aug 28 03:49:22 2009
From: dshaw at jabberwocky.com (David Shaw)
Date: Thu, 27 Aug 2009 21:49:22 -0400
Subject: rotating encryption sub keys
In-Reply-To: <C14B9BB4-FB3F-47F7-9527-C22FC2524924@me.com>
References: <C14B9BB4-FB3F-47F7-9527-C22FC2524924@me.com>
Message-ID: <5CA678F5-BEC1-4808-B75D-F9C778031512@jabberwocky.com>

On Aug 27, 2009, at 6:03 PM, Joseph Oreste Bruni wrote:

> Would it be considered a best practice to rotate encryption subkeys  
> on an annual basis, or would that be considered overkill for most  
> uses?

It depends on what you're trying to do. :)

> I realize that messages are encrypted using ephemeral session keys  
> which in turn are encrypted with public keys. Considering the small  
> amount of data (i.e. sessions keys) being encrypted using public  
> keys, are ciphertext attacks really even feasible?

Not really, no.  I wouldn't rotate encryption keys for that reason,  
but there are other reasons that might be more useful for you.  For  
example, if, when you make a new subkey, you also destroy the old one,  
you give yourself forward security.  All messages that were encrypted  
to the earlier key cannot be decrypted by anyone (including you).  At  
an extreme, you could use a new encryption subkey per-message  
(something which the keyserver operators would no doubt be thrilled  
about).  This is not generally useful, though, as most people do want  
the ability to go back and review their old messages.

Incidentally, there have been proposals to add forward security  
extensions to OpenPGP.  See http://www.apache-ssl.org/openpgp-pfs.txt

David



From faramir.cl at gmail.com  Fri Aug 28 08:37:02 2009
From: faramir.cl at gmail.com (Faramir)
Date: Fri, 28 Aug 2009 02:37:02 -0400
Subject: rotating encryption sub keys
In-Reply-To: <5CA678F5-BEC1-4808-B75D-F9C778031512@jabberwocky.com>
References: <C14B9BB4-FB3F-47F7-9527-C22FC2524924@me.com>
	<5CA678F5-BEC1-4808-B75D-F9C778031512@jabberwocky.com>
Message-ID: <4A977B0E.3090503@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

David Shaw escribi?:
...
> Incidentally, there have been proposals to add forward security
> extensions to OpenPGP.  See http://www.apache-ssl.org/openpgp-pfs.txt

  As a side note, I am not sure I like these proposals...

"Therefore when a public
    encryption key expires, an OpenPGP client MUST securely wipe the
    corresponding private key [4]."

  What if I want to be able to decrypt an old email message? If my
encryption key was compromised, and my messages were sniffed, I get no
advantage in deleting my copy of the key and the messages, the attacker
has his own copy of them, and surely won't delete them.


"2.2 Key surrender

    Before an OpenPGP client exports a private key as plaintext, the
    associated public key MUST be revoked and redistributed. A "reason
    for revocation" signature subpacket MUST be included in the key
    revocation specifying "Key material has been compromised" (value
    0x02)."

  That would prevent the storage a paperkey backup of the key, if the
key doesn't have a passphrase (which could be a good idea, if we assume
paper allow long term storage, and maybe in 10 years I won't remember
the passphrase I was using at the time I made the backup). Of course
that paper backup should be stored in a safe or something like that.


   Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJKl3sOAAoJEMV4f6PvczxAjBkH/0+xBZG+gfcdcjz6FjoeyIm5
cHrp97ionXfyuTxYQqUzh/b02md0c6WhMrK1lB2g0qdXZ/alYoCj7T309nqk3aCR
KuOPBnaqWo+2rRcA0sdbVc6SPGQSPx+/84FrWn9cOavq5jp5fEBaDQ3AWvT9E2nL
ob2myYrIikgs/jA1aNKqV0w5IwYXxG8OjyX6c1GVCQgy3XZE7fAyOegAYeqdMK+W
w1lot550ZT0+NHg2H8YUD9pskONhnWJyy4N8JCNS70eRJ1SUlGxGnSCOBCqxgzUx
jczdDgqdZyAhsBmShGJcaHgKPDBqeXRxw7KYgM/wyxomIAbsrR7yWMffzxss0Xc=
=prj+
-----END PGP SIGNATURE-----


From dshaw at jabberwocky.com  Fri Aug 28 15:06:56 2009
From: dshaw at jabberwocky.com (David Shaw)
Date: Fri, 28 Aug 2009 09:06:56 -0400
Subject: rotating encryption sub keys
In-Reply-To: <4A977B0E.3090503@gmail.com>
References: <C14B9BB4-FB3F-47F7-9527-C22FC2524924@me.com>
	<5CA678F5-BEC1-4808-B75D-F9C778031512@jabberwocky.com>
	<4A977B0E.3090503@gmail.com>
Message-ID: <41AAC410-D0DB-4615-96BE-B189D2AFC66E@jabberwocky.com>

On Aug 28, 2009, at 2:37 AM, Faramir wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> David Shaw escribi?:
> ...
>> Incidentally, there have been proposals to add forward security
>> extensions to OpenPGP.  See http://www.apache-ssl.org/openpgp-pfs.txt
>
>  As a side note, I am not sure I like these proposals...
>
> "Therefore when a public
>    encryption key expires, an OpenPGP client MUST securely wipe the
>    corresponding private key [4]."
>
>  What if I want to be able to decrypt an old email message? If my
> encryption key was compromised, and my messages were sniffed, I get no
> advantage in deleting my copy of the key and the messages, the  
> attacker
> has his own copy of them, and surely won't delete them.

The idea of PFS is not one that works for all situations.  For those  
that do want PFS semantics, the draft merely shows how to do it in the  
context of OpenPGP.  Nobody is required to do this.  It's strictly opt- 
in.

Not being able to decrypt an old message when using PFS is a feature,  
not a bug.

David



From JBetz at InFimark.com  Tue Aug 25 23:17:18 2009
From: JBetz at InFimark.com (John Betz)
Date: Tue, 25 Aug 2009 17:17:18 -0400
Subject: Help with decrypting gpg file
In-Reply-To: <4A945059.6050400@lotspeich.org>
References: <A6F8BDEF58304BAE9EA70AB9DD5F5D1C@VAJBetz>
	<4A945059.6050400@lotspeich.org>
Message-ID: <FFE25DC8F2CF4CE18CCEC51E74A733DD@VAJBetz>

Erik,

Thanks a lot for your response. I can successfully decrypt files with one
exception - those that are zipped or archived. In this case the source file
was created using Power Archiver. When the file is decrypted, there is
garbage in the first record. It's as if gpg doesn't recognize that the input
file is an archive file. (When I use PGP, the output file is automatically
created as a WinZip compatible archive file when it is decrypted.)

By the way, I did use your recommended command string and got the same
result. I suspect there is some kind of option that is required so that gpg
knows that the output file should be created as an archive type file.

Thank you very much for your help.

John
(office) 703-490-3227
(cell) 703-304-2536

-----Original Message-----
From: Erik Lotspeich [mailto:erik at lotspeich.org] 
Sent: Tuesday, August 25, 2009 4:58 PM
To: John Betz
Cc: gnupg-users at gnupg.org
Subject: Re: Help with decrypting gpg file

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi John:

I would just do this:

gpg --decrypt input.pgp > output.txt

Let gpg prompt for your passphrase.  That way, your passphrase is not
part of bash history.

If that doesn't work, let us know what error messages are you getting
from GnuPG.

Regards,

Erik.

John Betz wrote:
> I was hoping to get some help with decrypting an archived file. I am
> using the following command:
> 
>  
> 
>  
> 
> echo "passphrase"| gpg --passphrase-fd 0 -o output.txt -d input.pgp
> 
>  
> 
>  
> 
> The output file is created with no problem, however, there is garbage in
> the first record. If I rename the file (or create it) with a .zip
> extension and try to open it with WinZip it does not recognize the file
> as an archive file. When I do the same operation with PGP there is no
> problem.
> 
>  
> 
> I have scoured the documentation looking for the correct command or
> option for indicating to gpg that the file is an archive file, but no to
> no avail. Any help I can get with this would be appreciated.
> 
>  
> 
> Thanks,
> 
>  
> 
> John Betz
> 
> (office) 703-490-3227
> 
> (cell) 703-304-2536
> 
>  
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAkqUUFkACgkQY21D/n6bGwccEwCdEV0axWKmHKn8wnx3v1ay9qy2
o3EAoLKmmya6zYNyU/V7xLYQOO3Ld18E
=905O
-----END PGP SIGNATURE-----



From JBetz at InFimark.com  Wed Aug 26 15:38:09 2009
From: JBetz at InFimark.com (John Betz)
Date: Wed, 26 Aug 2009 09:38:09 -0400
Subject: Help with decrypting gpg file
In-Reply-To: <7D957E61-8711-497B-B03B-4532A94BD810@jabberwocky.com>
References: <A6F8BDEF58304BAE9EA70AB9DD5F5D1C@VAJBetz>
	<7D957E61-8711-497B-B03B-4532A94BD810@jabberwocky.com>
Message-ID: <EE707B02A70C4756990408CA49DFB71B@VAJBetz>

David,

The file is a PowerArchiver file (containing multiple text files) that was
encrypted using PGP.

Thanks,

John
(office) 703-490-3227
(cell) 703-304-2536

-----Original Message-----
From: David Shaw [mailto:dshaw at jabberwocky.com] 
Sent: Tuesday, August 25, 2009 6:50 PM
To: John Betz
Cc: gnupg-users at gnupg.org
Subject: Re: Help with decrypting gpg file

On Aug 24, 2009, at 6:28 PM, John Betz wrote:

> I was hoping to get some help with decrypting an archived file. I am  
> using the following command:
>
>
> echo "passphrase"| gpg --passphrase-fd 0 -o output.txt -d input.pgp
>
>
> The output file is created with no problem, however, there is  
> garbage in the first record. If I rename the file (or create it)  
> with a .zip extension and try to open it with WinZip it does not  
> recognize the file as an archive file. When I do the same operation  
> with PGP there is no problem.

How was the file encrypted in the first place?

David



From JBetz at InFimark.com  Thu Aug 27 16:36:23 2009
From: JBetz at InFimark.com (John Betz)
Date: Thu, 27 Aug 2009 10:36:23 -0400
Subject: Help with decrypting gpg file
In-Reply-To: <89868042-D0ED-461C-B08B-919AD0590F28@jabberwocky.com>
References: <A6F8BDEF58304BAE9EA70AB9DD5F5D1C@VAJBetz>
	<7D957E61-8711-497B-B03B-4532A94BD810@jabberwocky.com>
	<EE707B02A70C4756990408CA49DFB71B@VAJBetz>
	<89868042-D0ED-461C-B08B-919AD0590F28@jabberwocky.com>
Message-ID: <6A81C45347C3404CBF04B7DEF63FEDAE@VAJBetz>

I appreciate the offer David, but I don't have PowerArchiver so I can't
create a sample input file. The file I am trying to decrypt is coming from
another source so I would have to get them involved in order to create a
sample archive file. Because WinZip is compatible, I am able to open with
PGP and then extract the individual files. The problem is specifically with
GPG - and I am using that because PGP doesn't run in batch mode.

My original thought was that there must be something I was doing wrong when
decrypting the file, but based on the feedback I am getting, and my review
of available commands and options I doubt that is the issue.

I think my next step will be to purchase PowerArchiver and experiment with
that....see if I can open the output file with the same product used as the
archive input file.

Thanks

John
(office) 703-490-3227
(cell) 703-304-2536

-----Original Message-----
From: David Shaw [mailto:dshaw at jabberwocky.com] 
Sent: Wednesday, August 26, 2009 9:42 AM
To: John Betz
Cc: gnupg-users at gnupg.org
Subject: Re: Help with decrypting gpg file

On Aug 26, 2009, at 9:38 AM, John Betz wrote:

> David,
>
> The file is a PowerArchiver file (containing multiple text files)  
> that was
> encrypted using PGP.

I'm not sure if that file is legal according to the OpenPGP spec.  It  
depends on how it was packed together.  If you can encrypt a sample  
file (using dummy data, but with the same number of text files) I  
would be happy to take a look at it and see what is happening  
internally to GPG.

David



From vedaal at hush.com  Fri Aug 28 15:53:32 2009
From: vedaal at hush.com (vedaal at hush.com)
Date: Fri, 28 Aug 2009 09:53:32 -0400
Subject: rotating encryption sub keys
Message-ID: <20090828135333.05C10B0048@smtp.hushmail.com>

>Date: Fri, 28 Aug 2009 02:37:02 -0400
>From: Faramir <faramir.cl at gmail.com>
>Subject: Re: rotating encryption sub keys


>  What if I want to be able to decrypt an old email message? 


to decrypt any old messages is easy, although somewhat tedious ;-)

before you destroy your encryption/decryption key,
decrypt all the messages/files encrypted to that key,
using the option of --show-session-key

then copy the session key as a 'comment' into the encypted message

then zip all the encrypted files with their session keys together,
and encrypt the zip file to your new encyption key


>If my
>encryption key was compromised, and my messages were sniffed, I 
>get no
>advantage in deleting my copy of the key and the messages, the 
>attacker
>has his own copy of them, and surely won't delete them.

agreed,

the only usefulness i can see practically for such a feature,
is if you want to retain a certain anonymity,
and you create a new key and give that public key to only certain 
individuals, or keep it for your own uses, and then revoke your old 
key, and 'disappear off the grid' ;-)

i don't see any advantage if the key is already compromised and the 
attacker has the encrypted messages


vedaal





From rjh at sixdemonbag.org  Fri Aug 28 16:06:38 2009
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 28 Aug 2009 10:06:38 -0400
Subject: rotating encryption sub keys
In-Reply-To: <20090828135333.05C10B0048@smtp.hushmail.com>
References: <20090828135333.05C10B0048@smtp.hushmail.com>
Message-ID: <4A97E46E.4040009@sixdemonbag.org>

vedaal at hush.com wrote:
> to decrypt any old messages is easy, although somewhat tedious ;-)
> 
> before you destroy your encryption/decryption key,
> decrypt all the messages/files encrypted to that key,
> using the option of --show-session-key
> 
> then copy the session key as a 'comment' into the encypted message
> 
> then zip all the encrypted files with their session keys together,
> and encrypt the zip file to your new encyption key

Of course, this kind of defeats the entire purpose of perfect forward
secrecy by rotating your subkeys...


From wk at gnupg.org  Fri Aug 28 18:56:54 2009
From: wk at gnupg.org (Werner Koch)
Date: Fri, 28 Aug 2009 18:56:54 +0200
Subject: Help with decrypting gpg file
In-Reply-To: <FFE25DC8F2CF4CE18CCEC51E74A733DD@VAJBetz> (John Betz's message
	of "Tue, 25 Aug 2009 17:17:18 -0400")
References: <A6F8BDEF58304BAE9EA70AB9DD5F5D1C@VAJBetz>
	<4A945059.6050400@lotspeich.org>
	<FFE25DC8F2CF4CE18CCEC51E74A733DD@VAJBetz>
Message-ID: <87fxbb6fmx.fsf@vigenere.g10code.de>

On Tue, 25 Aug 2009 23:17, JBetz at InFimark.com said:

> By the way, I did use your recommended command string and got the same
> result. I suspect there is some kind of option that is required so that gpg
> knows that the output file should be created as an archive type file.

No.  gpg does not know anything about the structure of the data to
encrypt.  It encrypts and later decrypts the data verbatim.  So your
problem must be somewhere else.

The above is not 100% correct: gpg looks into the data to see whether it
is a zip or bzip compressed file and in that case disables its own
(OpenPGP specified) compression.  That compression is also 100 %
transparent to the data; this feature is only used to save a bit of
processing time if data is already compressed.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.



From dsuch at gefira.pl  Sun Aug 30 18:07:14 2009
From: dsuch at gefira.pl (Dariusz Suchojad)
Date: Sun, 30 Aug 2009 18:07:14 +0200
Subject: 1.4.10rc1 and v2 OpenPGP cards/3072 bit keys
Message-ID: <4A9AA3B2.4080803@gefira.pl>


> Noteworthy changes in version 1.4.10 (unreleased)
> -------------------------------------------------
>
>     * Support v2 OpenPGP cards.

Hello,

I have successfully created 2048 bit RSA keys with a v2 OpenPGP card
from kernelconcepts, using an SCM SCR-335 reader. I have no problems
with signing, verification and encrypting & decrypting.

However, I cannot decrypt a message encrypted with a 3072b key, also
generated on-card. I'm 100% sure I'm entering a correct PIN but still
1.4.10rc1 gives me

gpg: public key decryption failed: general error
gpg: decryption failed: secret key not available

in the end. It works flawlessly with a 2048 bit key.

I'm using 1.4.10rc1 from here
ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.10rc1.tar.bz2

I've attached complete --debug-all sessions for both 2048 and 3072 keys.
 I'd be happy to provide more information if it's needed but I'd need
some hints for what to do next.

thanks,

-- 
Dariusz Suchojad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: v20-2048.txt.bz2
Type: application/x-bzip
Size: 6892 bytes
Desc: not available
URL: </pipermail/attachments/20090830/1024be08/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: v20-3072.txt.bz2
Type: application/x-bzip
Size: 7428 bytes
Desc: not available
URL: </pipermail/attachments/20090830/1024be08/attachment-0003.bin>

From barry at fantasymail.de  Mon Aug 31 07:43:52 2009
From: barry at fantasymail.de (Barry Fantasy)
Date: Mon, 31 Aug 2009 07:43:52 +0200
Subject: New WinPT-Version 1.4.2
Message-ID: <4A9B6318.9090505@fantasymail.de>

Hello,

there has been released an new version of WinPT.
Info: http://winpt.gnupt.de


-- 
Barry


From faramir.cl at gmail.com  Mon Aug 31 09:05:05 2009
From: faramir.cl at gmail.com (Faramir)
Date: Mon, 31 Aug 2009 03:05:05 -0400
Subject: rotating encryption sub keys
In-Reply-To: <41AAC410-D0DB-4615-96BE-B189D2AFC66E@jabberwocky.com>
References: <C14B9BB4-FB3F-47F7-9527-C22FC2524924@me.com>
	<5CA678F5-BEC1-4808-B75D-F9C778031512@jabberwocky.com>
	<4A977B0E.3090503@gmail.com>
	<41AAC410-D0DB-4615-96BE-B189D2AFC66E@jabberwocky.com>
Message-ID: <4A9B7621.5020909@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

David Shaw escribi?:
> On Aug 28, 2009, at 2:37 AM, Faramir wrote:

...
>> "Therefore when a public
>>    encryption key expires, an OpenPGP client MUST securely wipe the
>>    corresponding private key [4]."
...
> The idea of PFS is not one that works for all situations.  For those
> that do want PFS semantics, the draft merely shows how to do it in the
> context of OpenPGP.  Nobody is required to do this.  It's strictly opt-in.

  Sorry, I thought it was a proposal to change the way OpenPGP works, I
didn't understand it is to add more "modes" to it...

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJKm3YhAAoJEMV4f6PvczxApRkH/ihdZgIM2mpR66QpMoi0oO5u
d7GU1R4Jd1n+mYMUnAmy5vQpz3DfFUnmuST7jQJ4XXFqbKI6mPTi+E2SXtG9W2Kd
eY2JARK0IcNgAgOoV2Xl4n/bYMWLr5R1g1P4NVMWLluawG/9cSLunmE2jwwEkO3r
exFhQseRj+O7ptsIIbk66nAXU5YGBq9V/FFFPO6ZXIo4/zZl9e9/ScHcm9bUQJL8
bpPnYjYmzFU5UIgdpWEEF5UMhRUWExPtMFbF/Q9/TdcXypomlykF5mP7yfBrS/J7
PRsKQJ28TNid7L5dqgGC4FVPhNmGWNUcipepKrHGO8vCDrq1sUcu7roKlnnEiP8=
=PQum
-----END PGP SIGNATURE-----


From kevhilton at gmail.com  Mon Aug 31 17:20:44 2009
From: kevhilton at gmail.com (Kevin Hilton)
Date: Mon, 31 Aug 2009 10:20:44 -0500
Subject: LZMA Compression
Message-ID: <96c450350908310820y107ef816x4e0dbf4588286324@mail.gmail.com>

Although I understand the compression algorithms within gnupg are
specified by the OpenGPG standard, are there any grumblings regarding
the addition of the lzma compression scheme?

-- 
Kevin Hilton


From dshaw at jabberwocky.com  Mon Aug 31 17:34:40 2009
From: dshaw at jabberwocky.com (David Shaw)
Date: Mon, 31 Aug 2009 11:34:40 -0400
Subject: LZMA Compression
In-Reply-To: <96c450350908310820y107ef816x4e0dbf4588286324@mail.gmail.com>
References: <96c450350908310820y107ef816x4e0dbf4588286324@mail.gmail.com>
Message-ID: <B0817141-C0AF-4D86-9698-CB4112469A5F@jabberwocky.com>

On Aug 31, 2009, at 11:20 AM, Kevin Hilton wrote:

> Although I understand the compression algorithms within gnupg are
> specified by the OpenGPG standard, are there any grumblings regarding
> the addition of the lzma compression scheme?

I've seen it mentioned once or twice, but not much more than that.   
That said, adding algorithms to OpenPGP - especially compression  
algorithms which have no security impact - is fairly easy to do.  I  
suggest taking your suggestion to the ietf-openpgp mailing list.  The  
folks there are very happy to discuss such things.

David



From jh at jameshoward.us  Mon Aug 31 19:24:44 2009
From: jh at jameshoward.us (James P. Howard, II)
Date: Mon, 31 Aug 2009 13:24:44 -0400
Subject: Possible bug: addkey can create certifying subkey
Message-ID: <4A9C075C.4030601@jameshoward.us>

I am not sure if this is a bug, but given the documentation it is not
the expected behavior.  I created new keys this weekend, due to a lost
USB drive.  Replicating it here, if you specify --expert and create a
RSA subkey with all the options off, it will create a subkey with all
the options, including certification turned on.  Here's a slightly
edited transcript:

howardjp at thermopylae:~$ gpg --expert --edit 0xE6602099
Secret key is available.

pub  4096R/0xE6602099  created: 2009-08-30  expires: never       usage: C
                       trust: ultimate      validity: ultimate
sub  2048R/0xFCB31625  created: 2009-08-30  expires: never       usage: E
sub  2048R/0xA40883BA  created: 2009-08-30  expires: never       usage: A
sub  2048R/0x2C3602D7  created: 2009-08-30  expires: never       usage: S
sub  2048R/0x3EE4249E  created: 2009-08-30  expires: never       usage: S
[ultimate] (1). James Patrick Howard, II

Command> addkey
Key is protected.

You need a passphrase to unlock the secret key for
user: "James Patrick Howard, II"
4096-bit RSA key, ID 0xE6602099, created 2009-08-30

Please select what kind of key you want:
   (3) DSA (sign only)
   (4) RSA (sign only)
   (5) Elgamal (encrypt only)
   (6) RSA (encrypt only)
   (7) DSA (set your own capabilities)
   (8) RSA (set your own capabilities)
Your selection? 8

Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions: Sign Encrypt

   (S) Toggle the sign capability
   (E) Toggle the encrypt capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? s

Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions: Encrypt

   (S) Toggle the sign capability
   (E) Toggle the encrypt capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? e

Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions:

   (S) Toggle the sign capability
   (E) Toggle the encrypt capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? q
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
Really create? (y/N) y
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

pub  4096R/0xE6602099  created: 2009-08-30  expires: never       usage: C
                       trust: ultimate      validity: ultimate
sub  2048R/0xFCB31625  created: 2009-08-30  expires: never       usage: E
sub  2048R/0xA40883BA  created: 2009-08-30  expires: never       usage: A
sub  2048R/0x2C3602D7  created: 2009-08-30  expires: never       usage: S
sub  2048R/0x3EE4249E  created: 2009-08-30  expires: never       usage: S
sub  2048R/0xB892F408  created: 2009-08-31  expires: never       usage: SCEA
[ultimate] (1). James Patrick Howard, II

Command> quit
Save changes? (y/N) n
Quit without saving? (y/N) y
howardjp at thermopylae:~$ gpg --version
gpg (GnuPG/MacGPG2) 2.0.12
libgcrypt 1.4.4
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128,
        CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
howardjp at thermopylae:~$

-- 
James P. Howard, II, MPA
jh at jameshoward.us

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090831/f5aee472/attachment.pgp>