From alan at batie.org Tue Dec 1 01:13:05 2009 From: alan at batie.org (Alan Batie) Date: Mon, 30 Nov 2009 16:13:05 -0800 Subject: dumping a gpg message In-Reply-To: <4B1438A5.4040502@fifthhorseman.net> References: <4B142575.2050306@batie.org> <4B1438A5.4040502@fifthhorseman.net> Message-ID: <4B145F91.2070402@batie.org> Daniel Kahn Gillmor wrote: > You might be interested in gpg --list-packets Thanks, that's exactly what I wanted! -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5249 bytes Desc: S/MIME Cryptographic Signature URL: From danm at prime.gushi.org Tue Dec 1 01:18:05 2009 From: danm at prime.gushi.org (Dan Mahoney, System Admin) Date: Mon, 30 Nov 2009 19:18:05 -0500 (EST) Subject: Newbie where to find script for FTP In-Reply-To: <6.1.2.0.2.20091130145221.01d31ae8@insurancecompany.com> References: <6.1.2.0.2.20091130145221.01d31ae8@insurancecompany.com> Message-ID: On Mon, 30 Nov 2009, cleardata at earthlink.net wrote: > Hi gang --- I subscribed awhile back so I could try and absorb some of the > tech stuff on the forum. Q: I have a BlueOnyx box and what to take the next > step in finding a script that will use GnuPG (still need to get) to FTP some > of my files on this box to an end user. Any suggestions? GPG is not the tool you want. GPG is not an ftp tool. Perhaps if you describe what you're trying to do, and what role you want encryption to play in that, someone can provide you with an answer. -Dan Mahoney -- "If you need web space, give him a hard drive. If you need to do something really heavy, build him a computer." -Ilzarion, late friday night --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org --------------------------- From dkg at fifthhorseman.net Tue Dec 1 19:12:15 2009 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Tue, 01 Dec 2009 13:12:15 -0500 Subject: Equivalent segments between different Fedora & RPM Fusion ASCII armored key blocks In-Reply-To: <26566574.post@talk.nabble.com> References: <26566574.post@talk.nabble.com> Message-ID: <4B155C7F.2070108@fifthhorseman.net> On 11/29/2009 04:51 PM, wavelength wrote: > Can someone explain why large segments within the ASCII armored key blocks of > Fedora 11 & 12 match? Attached below are the respective key blocks. Two > matching regions between the blocks are highlighted with bold arrows. These blocks are actually certificates, not just public keys -- that is, each one contains a public key, one more more User IDs, and a signature for each User ID from the public key, binding it to the given User ID. The entire thing is Base64-encoded, but the User ID packets in there are simple UTF-8 text (and the two certificates have very similar User IDs). So the similar regions are most likely the regions of each certificate that contains the User ID. Try the following transformation on each key to see the internals in ascii-ish form: grep '^[^-]' $KEYFILE | base64 -d | hd search through the right-hand columns of the output for "fedora". You might also be interested in breaking the certificate apart into its component elements. You can use gpgsplit for this. Set KEYID to the key you're interested in, and: mkdir $KEYID-parts && \ (cd $KEYID-parts && gpg --export $KEYID | gpgsplit) && \ ls -l $KEYID-parts Compare the *.user_id pieces of each of each key to see how similar they are. > Also, what do the last 8 digits signify in the output below? > > rpm -qa gpg-pubkey* > > gpg-pubkey-16ca1a56-4a100959 > gpg-pubkey-57bbccba-4a6f97af No idea. These appear to be fedora package names, if my memory of rpm is correct. Perhaps you should ask this question on a fedora list? --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 891 bytes Desc: OpenPGP digital signature URL: From dshaw at jabberwocky.com Tue Dec 1 19:21:56 2009 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 1 Dec 2009 13:21:56 -0500 Subject: Equivalent segments between different Fedora & RPM Fusion ASCII armored key blocks In-Reply-To: <26566574.post@talk.nabble.com> References: <26566574.post@talk.nabble.com> Message-ID: On Nov 29, 2009, at 4:51 PM, wavelength wrote: > > Can someone explain why large segments within the ASCII armored key blocks of > Fedora 11 & 12 match? Attached below are the respective key blocks. Two > matching regions between the blocks are highlighted with bold arrows. > > In addition, large segments within the > RPM-GPG-KEY-rpmfusion-free-fedora-12-primary key match parts of these same > segments (highlighted in italics - see below). I assume this is normal, but > it's unclear why this would be the case. It is normal. Keys contain a certain amount of metadata and structure that is the same or similar for many keys. When you convert keys to ASCII armored form, a few lines will thus naturally line up as the same. > Also, what do the last 8 digits signify in the output below? > > rpm -qa gpg-pubkey* > > gpg-pubkey-16ca1a56-4a100959 > gpg-pubkey-57bbccba-4a6f97af It's an rpm timestamp. David From jeffinnova at hotmail.com Wed Dec 2 05:21:42 2009 From: jeffinnova at hotmail.com (wavelength) Date: Tue, 1 Dec 2009 20:21:42 -0800 (PST) Subject: Equivalent segments between different Fedora & RPM Fusion ASCII armored key blocks In-Reply-To: <26566574.post@talk.nabble.com> References: <26566574.post@talk.nabble.com> Message-ID: <26601656.post@talk.nabble.com> Thanks to Daniel Kahn Gillmor-7 and David Shaw for the responses. Very much appreciated. -- View this message in context: http://old.nabble.com/Equivalent-segments-between-different-Fedora---RPM-Fusion-ASCII-armored-key-blocks-tp26566574p26601656.html Sent from the GnuPG - User mailing list archive at Nabble.com. From juanmanuel_fa at hotmail.com Fri Dec 4 05:11:02 2009 From: juanmanuel_fa at hotmail.com (Juan Manuel Fernandez Arauz) Date: Fri, 4 Dec 2009 02:11:02 -0200 Subject: problem with ownertrust value Message-ID: Hello, i have the this doubt: I have tried this: gpg --local-user UID1 --edit-key UID3 > trust 5 and later: gpg --local-user UID2 --edit-key UID3 > trust 1 But if i later execute this again: gpg --local-user UID1 --edit-key UID3 i see "trust: dont know", and it supose that that value was for UID2, not for UID1. So i think im setting the ownertrust value for all users. How can i set the ownertrust value user by user for a given UID? Regards. _________________________________________________________________ Windows Live Messenger GRATIS: lo que faltaba en tu BlackBerry http://www.messengerentublackberry.com?ocid=WL_BB_LandPage_TagLine -------------- next part -------------- An HTML attachment was scrubbed... URL: From mkesper at schokokeks.org Fri Dec 4 14:27:49 2009 From: mkesper at schokokeks.org (Michael Kesper) Date: Fri, 4 Dec 2009 14:27:49 +0100 Subject: Error on gpg encription using perl cgi In-Reply-To: <22177190.post@talk.nabble.com> References: <22177190.post@talk.nabble.com> Message-ID: <20091204132749.GA6060@akoya> Hi, On Mon, Feb 23, 2009 at 11:33:02PM -0800, hxzeng wrote: > But when I deployed first.cgi in apache and run it using: > http://localhost/cgi-bin/test.cgi > The file cannot be successfully encrypted and also in error.log there has > such errors: > > [Tue Feb 24 15:01:40 2009] [error] [client 127.0.0.1] gpg: Henry: skipped: > public key not found\r > [Tue Feb 24 15:01:40 2009] [error] [client 127.0.0.1] gpg: > C:\\apache\\cgi-bin\\451080.txt: encryption failed: public key not found\r Apache runs with a different user than you tested before. It has got to have access to that key and know where it can find it. Best wishes Michael -- Free Software Foundation Europe (FSFE) [] (http://fsfe.org) Treten Sie der Fellowship bei! [][][] (http://fellowship.fsfe.org/join?ref=mkesper) Ihre Spende erm?glicht unsere Arbeit! || (http://fsfe.org/donate) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 315 bytes Desc: Digital signature URL: From haveyouworked at aol.com Fri Dec 4 17:08:24 2009 From: haveyouworked at aol.com (BlueGnu) Date: Fri, 4 Dec 2009 08:08:24 -0800 (PST) Subject: Can't import valid GPG keys in Ubuntu Message-ID: <26635935.post@talk.nabble.com> I have a multi-boot system, Windows and Ubuntu 9.10. I installed Gpg4win on Windows, and on Ubuntu I installed GNU Privacy Assistant and Kleopatra to make the encryption process similar on each OS. All the keys imported correctly in each OS when I first set up this system, but recently all my keys disappeared from the Ubuntu installation. I know the original keys are still good because I can still import them to Windows, but I get different results when importing on Ubuntu. Errors: Importing any key from GNU Privacy Assistant give the error, "No keys were found." Importing from Kleopatra gives me "Total number processed: 0 Imported: 0." Using the Passwords and Encryption Keys applet that came with Ubuntu nothing happens at all. When I try to create a key in GNU Privacy Assistant it says, "The GPGME library returned an unexpected error. The error was: General error This is probably a bug in GPA. GPA will now try to recover from this error. >From Kleopatra I tell it to create a personal OpenPGP key pair and it gives me the error: Could not create certificate: General error." >From Passwords and Encryption Keys, I try to create a PGP key and it gives, "Couldn't generate PGP key. General error." All my keys are like this: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.12 (MingW32) blahblahblahblah -----END PGP PUBLIC KEY BLOCK----- What can I do to resume using GnuPG on Ubuntu? -- View this message in context: http://old.nabble.com/Can%27t-import-valid-GPG-keys-in-Ubuntu-tp26635935p26635935.html Sent from the GnuPG - User mailing list archive at Nabble.com. From bsdkaffee at gmail.com Sat Dec 5 08:49:01 2009 From: bsdkaffee at gmail.com (Jason E. Hale) Date: Sat, 5 Dec 2009 02:49:01 -0500 Subject: gpgme not compiling when gpgsm support disabled Message-ID: <200912050249.01602.bsdkaffee@gmail.com> I tried to compile gpgme-1.2.0 on FreeBSD 8.0 with the following configure arguments: --with-gpg=/usr/local/bin/gpg2 --with-gpgsm=no --with- gpgconf=/usr/local/bin/gpgconf The build stops because it cannot find assuan.h. libtool: compile: cc -DHAVE_CONFIG_H -I. -I.. -I/usr/local/include -O2 -fno- strict-aliasing -pipe -march=prescott -Wall -Wcast-align -Wshadow -Wstrict- prototypes -MT engine-gpgconf.lo -MD -MP -MF .deps/engine-gpgconf.Tpo -c engine-gpgconf.c -fPIC -DPIC -o .libs/engine-gpgconf.o engine-gpgconf.c:41:20: libtool: compile: cc -DHAVE_CONFIG_H -I. -I.. - I/usr/local/include -O2 -fno-strict-aliasing -pipe -march=prescott -Wall - Wcast-align -Wshadow -Wstrict-prototypes -MT opassuan.lo -MD -MP -MF .deps/opassuan.Tpo -c opassuan.c -o opassuan.o >/dev/null 2>&1 error: assuan.h: No such file or directory gmake[3]: libtool: compile: cc -DHAVE_CONFIG_H -I. -I.. -I/usr/local/include -O2 -fno-strict-aliasing -pipe -march=prescott -Wall -Wcast-align -Wshadow - Wstrict-prototypes -MT engine.lo -MD -MP -MF .deps/engine.Tpo -c engine.c -o engine.o >/dev/null 2>&1 *** [engine-gpgconf.lo] Error 1 gmake[3]: *** Waiting for unfinished jobs.... mv -f .deps/opassuan.Tpo .deps/opassuan.Plo mv -f .deps/engine.Tpo .deps/engine.Plo libtool: compile: cc -DHAVE_CONFIG_H -I. -I.. -I/usr/local/include -O2 -fno- strict-aliasing -pipe -march=prescott -Wall -Wcast-align -Wshadow -Wstrict- prototypes -MT engine-gpg.lo -MD -MP -MF .deps/engine-gpg.Tpo -c engine-gpg.c -o engine-gpg.o >/dev/null 2>&1 mv -f .deps/engine-gpg.Tpo .deps/engine-gpg.Plo gmake[3]: Leaving directory `/usr/ports/security/gpgme/work/gpgme-1.2.0/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/usr/ports/security/gpgme/work/gpgme-1.2.0/src' gmake[1]: *** [all-recursive] Error 1 gmake[1]: Leaving directory `/usr/ports/security/gpgme/work/gpgme-1.2.0' gmake: *** [all] Error 2 *** Error code 1 Stop in /usr/ports/security/gpgme. *** Error code 1 I removed the #include "assuan.h" line from engine-gpgconf.c and the build succeeded. Is the include neccessary? Is libassuan needed for gpgconf support or only gpgsm? I am not subscribed to the list...please CC me. Thanks, Jason From dougb at dougbarton.us Mon Dec 7 00:54:20 2009 From: dougb at dougbarton.us (Doug Barton) Date: Sun, 06 Dec 2009 15:54:20 -0800 Subject: gpgme not compiling when gpgsm support disabled In-Reply-To: <200912050249.01602.bsdkaffee@gmail.com> References: <200912050249.01602.bsdkaffee@gmail.com> Message-ID: <4B1C442C.8060505@dougbarton.us> Jason E. Hale wrote: > I tried to compile gpgme-1.2.0 on FreeBSD 8.0 with the following configure > arguments: > --with-gpg=/usr/local/bin/gpg2 --with-gpgsm=no --with- > gpgconf=/usr/local/bin/gpgconf There is a port for that in /usr/ports/security/gpgme, you might want to try that. Looks like you'd have to change the value of --with-gpgconf in the port's Makefile, but that's trivial. hth, Doug -- Improve the effectiveness of your Internet presence with a domain name makeover! http://SupersetSolutions.com/ From bsdkaffee at gmail.com Mon Dec 7 08:01:18 2009 From: bsdkaffee at gmail.com (Jason E. Hale) Date: Mon, 7 Dec 2009 02:01:18 -0500 Subject: gpgme not compiling when gpgsm support disabled In-Reply-To: <4B1C442C.8060505@dougbarton.us> References: <200912050249.01602.bsdkaffee@gmail.com> <4B1C442C.8060505@dougbarton.us> Message-ID: <200912070201.18308.bsdkaffee@gmail.com> On Sunday 06 December 2009 18:54:20 Doug Barton wrote: > Jason E. Hale wrote: > > I tried to compile gpgme-1.2.0 on FreeBSD 8.0 with the following > > configure arguments: > > --with-gpg=/usr/local/bin/gpg2 --with-gpgsm=no --with- > > gpgconf=/usr/local/bin/gpgconf > > There is a port for that in /usr/ports/security/gpgme, you might want > to try that. Looks like you'd have to change the value of > --with-gpgconf in the port's Makefile, but that's trivial. > > > hth, > > Doug > I know, I am the port's maintainer. I am trying to figure out if removing the header is an appropriate solution to the build error. There is a PR about this (ports/141168) and I have been getting pointyhat error logs. - Jason From dennis.putnam at aimaudit.com Tue Dec 8 13:21:39 2009 From: dennis.putnam at aimaudit.com (Dennis Putnam) Date: Tue, 8 Dec 2009 07:21:39 -0500 Subject: user-agent failing with Open Directory mounted home directories Message-ID: I am trying to install GnuPG and have a problem with the path for '.gnupg'. The path extracted is incorrect for an OD mounted home. Is there a configuration setting that lets me change the prefix for the '.gnupg' path? Thanks. Dennis Putnam Sr. IT Systems Administrator AIM Systems, Inc. 11675 Rainwater Dr., Suite 200 Alpharetta, GA 30009 Phone: 678-240-4112 Main Phone: 678-297-0700 FAX: 678-297-2666 or 770-576-1000 The information contained in this e-mail and any attachments is strictly confidential. If you are not the intended recipient, any use, dissemination, distribution, or duplication of any part of this e-mail or any attachment is prohibited. If you are not the intended recipient, please notify the sender by return e-mail and delete all copies, including the attachments. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: PastedGraphic-3.tiff Type: image/tiff Size: 1758 bytes Desc: not available URL: From dennis.putnam at aimaudit.com Tue Dec 8 17:53:48 2009 From: dennis.putnam at aimaudit.com (Dennis Putnam) Date: Tue, 8 Dec 2009 11:53:48 -0500 Subject: user-agent failing with Open Directory mounted home directories In-Reply-To: References: Message-ID: I just realized I was not clear about what was going on here. The problem is that the user-agent will not launch since it cannot find '.gnupg'. On Dec 8, 2009, at 7:21 AM, Dennis Putnam wrote: > I am trying to install GnuPG and have a problem with the path for '.gnupg'. The path extracted is incorrect for an OD mounted home. Is there a configuration setting that lets me change the prefix for the '.gnupg' path? Thanks. > > Dennis Putnam > Sr. IT Systems Administrator > > AIM Systems, Inc. > 11675 Rainwater Dr., Suite 200 > Alpharetta, GA 30009 > Phone: 678-240-4112 > Main Phone: 678-297-0700 > FAX: 678-297-2666 or 770-576-1000 > The information contained in this e-mail and any attachments is strictly confidential. If you are not the intended recipient, any use, dissemination, distribution, or duplication of any part of this e-mail or any attachment is prohibited. If you are not the intended recipient, please notify the sender by return e-mail and delete all copies, including the attachments. > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users Dennis Putnam Sr. IT Systems Administrator AIM Systems, Inc. 11675 Rainwater Dr., Suite 200 Alpharetta, GA 30009 Phone: 678-240-4112 Main Phone: 678-297-0700 FAX: 678-297-2666 or 770-576-1000 The information contained in this e-mail and any attachments is strictly confidential. If you are not the intended recipient, any use, dissemination, distribution, or duplication of any part of this e-mail or any attachment is prohibited. If you are not the intended recipient, please notify the sender by return e-mail and delete all copies, including the attachments. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: PastedGraphic-3.tiff Type: image/tiff Size: 1758 bytes Desc: not available URL: From mariocastelancastro at gmail.com Wed Dec 9 02:16:26 2009 From: mariocastelancastro at gmail.com (=?ISO-8859-1?Q?Mario_Castel=E1n_Castro?=) Date: Tue, 8 Dec 2009 19:16:26 -0600 Subject: Can't import valid GPG keys in Ubuntu In-Reply-To: <4B1CF556.9010307@aol.com> References: <26635935.post@talk.nabble.com> <4B1CF556.9010307@aol.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 November 6th 2009 for gnupg-users at gnupg.org thread "Can't import valid GPG keys in Ubuntu" Hi, I think than keys got imported sucefully but please do not write personal messages for technical support, write it to list (Or with carbon copy to list). I personally usually have no time nor english fluidity enought to response very often in the list, much less to response to a dobut personally sent. In advance, thanks by your understading Regards. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEAREIAAYFAkse990ACgkQZ4DA0TLic4htXACffqxFwCxtlS3evqHPRrlzr2mQ aBsAnjXS3x3NWAt8GXI7DhpazSIkUw35 =ZOW9 -----END PGP SIGNATURE----- 2009/12/7 George Mathews : > Please forgive me if I'm not proceeding correctly. ?I've never used this > kind of forum before, so feel free to set me straight on anything I do > wrong. > I used: > > --import PATH_TO_KEY_FILE > > and got: > > gpg: key lettersandnumbers: public key "my name " imported > > gpg: key lettersandnumbers: secret key imported > > gpg: key lettersandnumbers: "my name " not changed > > gpg: Total number processed: 2 > > gpg: ? ? ? ? ? ? ? imported: 1 ?(RSA: 1) > > gpg: ? ? ? ? ? ? ?unchanged: 1 > > gpg: ? ? ? secret keys read: 1 > > gpg: ? secret keys imported: 1 > > So it looks like I should have a secret key imported, but when I look in any > of the three programs that I'm familiar with, it looks like I don't have any > keys. > > Mario Castel?n Castro wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> November 6th 2009 for gnupg-users at gnupg.org thread "Can't import valid >> GPG keys in Ubuntu" >> >> Try to import keys from command line, gpg --import PATH_TO_KEY_FILE. >> >> And switch to a truly free distribution!, ubuntu contains blobs and >> lots of others propietary programs. >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.9 (GNU/Linux) >> >> iEYEAREIAAYFAkscbe0ACgkQZ4DA0TLic4gNngCggNBKJMoJbQtRBl0wHb8QJVFf >> cIYAn33T/T9owGO5oCkWyYe6SYbCdBVC >> =wGkP >> -----END PGP SIGNATURE----- From cpollock at embarqmail.com Wed Dec 9 04:53:24 2009 From: cpollock at embarqmail.com (Chris) Date: Tue, 08 Dec 2009 21:53:24 -0600 Subject: Evolution locks up when sending large pgp signed file Message-ID: <1260330804.18560.6.camel@localhost.localdomain> First of all I'm not sure if this is a sudden pgp problem or as is more likely an Evolution issue. The just started after my upgrade a few weeks ago to Mandriva 2010, Evolution 2.28.1 and Gnome 2.28. When trying to send a signed message with a file over approximately 40k Evo will lockup and have to be killed. Not signing the message allows any size file to go through. This is version 1.4.10. I've asked on the Evolution list and apparently have been ignored. Any suggestions would be welcome. Chris -- KeyID 0xE372A7DA98E6705C -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part URL: From wk at gnupg.org Wed Dec 9 11:41:53 2009 From: wk at gnupg.org (Werner Koch) Date: Wed, 09 Dec 2009 11:41:53 +0100 Subject: Evolution locks up when sending large pgp signed file In-Reply-To: <1260330804.18560.6.camel@localhost.localdomain> References: <1260330804.18560.6.camel@localhost.localdomain> Message-ID: <87y6lcqvim.fsf@vigenere.g10code.de> On Tue, 08 Dec 2009 21:53:24 -0600, Chris wrote: > ago to Mandriva 2010, Evolution 2.28.1 and Gnome 2.28. When trying to > send a signed message with a file over approximately 40k Evo will lockup > and have to be killed. Not signing the message allows any size file to I am pretty sure that this is an Evo problem. However you may check whether there is a Pinentry somewhere hidden behind the Evo window. This is a new problem I have not yet investigated; see . Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From jdever at triad.rr.com Thu Dec 10 02:23:22 2009 From: jdever at triad.rr.com (Jim Dever) Date: Wed, 09 Dec 2009 20:23:22 -0500 Subject: Can't import valid GPG keys in Ubuntu In-Reply-To: References: <26635935.post@talk.nabble.com> <4B1CF556.9010307@aol.com> Message-ID: <4B204D8A.8050407@triad.rr.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Mario Castel?n Castro wrote: > > Hi, I think than keys got imported sucefully but please do not write > personal messages for technical support, write it to list (Or with > carbon copy to list). I'm sure he meant to reply to the list. Unfortunately this list doesn't generate a "Reply-To" back to the list so if one just hits "Reply" it goes back to the original sender and not to the list. I've been called on this before until I realized what was happening. If anyone on the list knows who to contact to get this fixed it would be greatly appreciated. Or if I'm totally missing something... please tell me! Thanks Jim - -- -----BEGIN PGP SIGNATURE----- iEYEAREDAAYFAksgTYoACgkQygKI8gBpGS56sACg2XjETgv2KYfSRcNwru02a77f D6cAoN8K0yXXf9JAt70MmRozsMhx/b/q =/Rbc -----END PGP SIGNATURE----- From tmz at pobox.com Thu Dec 10 04:09:11 2009 From: tmz at pobox.com (Todd Zullinger) Date: Wed, 9 Dec 2009 22:09:11 -0500 Subject: Can't import valid GPG keys in Ubuntu In-Reply-To: <4B204D8A.8050407@triad.rr.com> References: <26635935.post@talk.nabble.com> <4B1CF556.9010307@aol.com> <4B204D8A.8050407@triad.rr.com> Message-ID: <20091210030911.GB5004@inocybe.localdomain> Jim Dever wrote: > I'm sure he meant to reply to the list. Unfortunately this list > doesn't generate a "Reply-To" back to the list so if one just hits > "Reply" it goes back to the original sender and not to the list. > I've been called on this before until I realized what was happening. > > If anyone on the list knows who to contact to get this fixed it > would be greatly appreciated. Or if I'm totally missing > something... please tell me! Any list configuration inquiries should be sent to the list owner. The list owners are listed on the listinfo page, included in the footer of each post. That said, it's likely intentional that the list does not munge the Reply-To header. For much more than you may care to read, check out: Reply-To Munging Considered Harmful http://www.unicom.com/pw/reply-to-harmful.html Reply-To Munging Considered Useful http://www.metasystema.net/essays/reply-to.mhtml And perhaps even: Reply-To Munging Still Considered Harmful. Really. http://woozle.org/~neale/papers/reply-to-still-harmful.html It's sad that relatively few mail clients have proper list-reply functionality. But if you use one that does, it's easy to forget why folks regularly ask for Reply-To munging. :) -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The sunshine bores the daylights out of me. Chasing shadows moonlight mystery. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 542 bytes Desc: not available URL: From jdever at triad.rr.com Thu Dec 10 05:20:03 2009 From: jdever at triad.rr.com (Jim Dever) Date: Wed, 09 Dec 2009 23:20:03 -0500 Subject: Can't import valid GPG keys in Ubuntu In-Reply-To: <20091210030911.GB5004@inocybe.localdomain> References: <26635935.post@talk.nabble.com> <4B1CF556.9010307@aol.com> <4B204D8A.8050407@triad.rr.com> <20091210030911.GB5004@inocybe.localdomain> Message-ID: <4B2076F3.7000806@triad.rr.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Todd Zullinger wrote: > Any list configuration inquiries should be sent to the list owner. > The list owners are listed on the listinfo page, included in the > footer of each post. Thanks for the pointer! > That said, it's likely intentional that the list does not munge the > Reply-To header. For much more than you may care to read, check out: Will do. Didn't realize there were reasons why doing that might not be desirable in cases. Seems to be done on ever other list I've seen except this one so I'm curious enough to read your links as to why. > It's sad that relatively few mail clients have proper list-reply > functionality. But if you use one that does, it's easy to forget why > folks regularly ask for Reply-To munging. :) Ok I'll bite. Which one does handle it properly? I did notice that doing a reply all on your message sent it back to the list. Reply All on most messages go back to the sender with a CC: to the list. Anyway I'll hush since this is off-topic. Thanks for the education! - -- Jim -----BEGIN PGP SIGNATURE----- iEYEAREDAAYFAksgdvMACgkQygKI8gBpGS6BmgCfdcFU0z50jAVi2wF9RodfnNWq j1cAoNEwUgrfZO98FveGtIqu4I7R/kBy =irtT -----END PGP SIGNATURE----- From wk at gnupg.org Thu Dec 10 10:15:55 2009 From: wk at gnupg.org (Werner Koch) Date: Thu, 10 Dec 2009 10:15:55 +0100 Subject: Can't import valid GPG keys in Ubuntu In-Reply-To: <4B2076F3.7000806@triad.rr.com> References: <26635935.post@talk.nabble.com> <4B1CF556.9010307@aol.com> <4B204D8A.8050407@triad.rr.com> <20091210030911.GB5004@inocybe.localdomain> <4B2076F3.7000806@triad.rr.com> Message-ID: <87my1rqjec.fsf@vigenere.g10code.de> On Wed, 09 Dec 2009 23:20:03 -0500, Jim Dever wrote: > Ok I'll bite. Which one does handle it properly? I did notice that Mutt, Gnus, Claws and probably others I have not used. At least all MUAs I have seen have a "Reply to all" or "Group reply" feature. > doing a reply all on your message sent it back to the list. Reply All > on most messages go back to the sender with a CC: to the list. Anyway > I'll hush since this is off-topic. Thanks for the education! It is a matter of the original sender. If a Mail-Followup-To header is included conforming MUAs (Mail User Agents) will reply only to addresses listed there if the user is known to be subscribed to the list. If not they add them self to the MFT header. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From vedaal at hush.com Thu Dec 10 15:55:43 2009 From: vedaal at hush.com (vedaal at hush.com) Date: Thu, 10 Dec 2009 09:55:43 -0500 Subject: Can't import valid GPG keys in Ubuntu Message-ID: <20091210145543.995E728040@smtp.hushmail.com> BlueGnu wrote on 2009-12-04 16:08:24 : >I have a multi-boot system, Windows and Ubuntu 9.10. I installed >Gpg4win on Windows, and on Ubuntu I installed GNU Privacy Assistant and Kleopatra to >make the encryption process similar on each OS. All the keys imported >correctly in each OS when I first set up this system, but recently all my >keys disappeared from the Ubuntu installation. i have a similar setup with ubuntu 9.10 and winxp and gpg4win but didn't install Kleopatra or GNU Privacy assistant on ubuntu gpg4win installs gpg 2.x and ubuntu ships with 1.4.9 already installed this may be one of the problem roots one of the nice things about a dual boot ubuntu/windows system, is that ubuntu can see everything in the nt windows partition and import it you can drag and drop your gnupg keys from windows into ubuntu by using the ubuntu equivalent of windows explorer (so much for the security of windows xp logon passwords ;-) [anyone can boot from an ubuntu cd and get any unencrypted file in windows]) it's very time consuming for me to test this on my system, because, for the above reason, i true-crypt encrypted the entire nt windows partition from windows, and it's inaccessible from ubuntu first try importing the keys into ubuntu from windows see if ubuntu gnupg works with this through Kleopatra if not, then try accessing the keys from the ubuntu gnupg commandline in the terminal if this does work, then the problem is somehow in kleopatra if this also doesn't work, then maybe those here with more linux experience can help vedaal From Jagadeesh.Bantrotu at infotech-enterprises.com Tue Dec 8 14:22:54 2009 From: Jagadeesh.Bantrotu at infotech-enterprises.com (Jagadeesh Bantrotu) Date: Tue, 8 Dec 2009 18:52:54 +0530 Subject: Regarding Encryption through vb.net code using gpg Message-ID: Hi, I am trying to encrypt the file using vb.net code but the data is not encrypting and it is not giving error. But if I do from cmd prompt the file is encrypted. Can you tell me what mistake I did in my code? I first used gpg version 1.4.9 with this version the code was not executed after that I tried with gpg version 1.2.0 but no use. Any one can help me ASAP. Dim vGPGExecutable As Variables Dts.VariableDispenser.LockOneForRead("GPGExecutable", vGPGExecutable) Dim gpgExecutable As String gpgExecutable = vGPGExecutable("GPGExecutable").Value.ToString vGPGExecutable.Unlock() Dim vHomeDir As Variables Dts.VariableDispenser.LockOneForRead("HomeDirectory", vHomeDir) Dim HomeDir As String HomeDir = vHomeDir("HomeDirectory").Value.ToString vHomeDir.Unlock() Dim vPassPhrase As Variables Dts.VariableDispenser.LockOneForRead("recipient", vPassPhrase) Dim recipient As String = vPassPhrase("recipient").Value.ToString vPassPhrase.Unlock() Dim outputFile As String = Dts.Connections("Encrypt").ConnectionString Dim inputfile As String = Dts.Connections("File").ConnectionString If System.IO.File.Exists(inputfile) = True Then Dim gpgOptions As String Dim optionsBuilder As StringBuilder = New StringBuilder() optionsBuilder.Append("--homedir ") optionsBuilder.Append(HomeDir) optionsBuilder.Append(" --yes --batch --armor --recipient ") optionsBuilder.Append(recipient) optionsBuilder.Append(" --no-verbose --output ") optionsBuilder.Append(outputFile) optionsBuilder.Append(" --always-trust") optionsBuilder.Append(" --encrypt ") optionsBuilder.Append(inputfile) gpgOptions = optionsBuilder.ToString() Dim process As Process = New Process() Dim streamWriter As StreamWriter Dim streamReader As StreamReader Dim err As StreamReader Dim prStartInfo As ProcessStartInfo = New ProcessStartInfo(gpgExecutable, gpgOptions) prStartInfo.UseShellExecute = False prStartInfo.RedirectStandardInput = True prStartInfo.RedirectStandardOutput = True prStartInfo.RedirectStandardError = True prStartInfo.CreateNoWindow = True process.StartInfo = prStartInfo process.Start() streamWriter = process.StandardInput streamReader = process.StandardOutput err = process.StandardError streamWriter.Close() Else Dim logConstr As String logConstr = Dts.Connections("Log File Connection String").ConnectionString Dim logfile As StreamWriter = New StreamWriter(logConstr, False) logfile.WriteLine("Fail to Find Records File to be Encrypted.") Dts.TaskResult = Dts.Results.Failure logfile.Close() End If Thanks&Regards, Jagadeesh B ________________________________ DISCLAIMER: This email may contain confidential information and is intended only for the use of the specific individual(s) to which it is addressed. If you are not the intended recipient of this email, you are hereby notified that any unauthorized use, dissemination or copying of this email or the information contained in it or attached to it is strictly prohibited. If you received this message in error, please immediately notify the sender at Infotech or Mail.Admin at infotech-enterprises.com and delete the original message. -------------- next part -------------- An HTML attachment was scrubbed... URL: From emma at sixflagsmail.com Wed Dec 9 01:03:01 2009 From: emma at sixflagsmail.com (emma) Date: Wed, 09 Dec 2009 00:03:01 +0000 Subject: Secret Key Needed and Location on Mac Leopard Message-ID: <4B1EE935.2060307@sixflagsmail.com> Hello, I recently changed my harddrive and upgraded to Leopard. I'm getting Enigmail up and running again and get the following error message: Error - secret key needed to decrypt message; click on 'Details' button for more information Looking through the forums I think this means I need to copy over my secret key, but I can't seem to find where this is located on a mac, nor how to search for it. Please could someone help me by explaining if with the error message I received above this is what I need to do and if so, where do I find this secret key and where do I put it? Thanks in advance. Best wishes emma From haveyouworked at aol.com Wed Dec 9 03:13:44 2009 From: haveyouworked at aol.com (BlueGnu) Date: Tue, 8 Dec 2009 18:13:44 -0800 (PST) Subject: Can't import valid GPG keys in Ubuntu In-Reply-To: References: <26635935.post@talk.nabble.com> Message-ID: <26704102.post@talk.nabble.com> That's possible, but I can't seem to use them. I even checked with Enigmail and it gives: Send operation aborted. Error - encryption command failed gpg command line and output: /usr/bin/gpg gpg: /home/administrator/.gnupg/gpg.conf:243: invalid option gpg: /home/administrator/.gnupg/gpg.conf:244: invalid option Mario Xerxes Castel?n Castro wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > November 6th 2009 for gnupg-users at gnupg.org thread "Can't import valid > GPG keys in Ubuntu" > > Hi, I think than keys got imported sucefully but please do not write > personal messages for technical support, write it to list (Or with > carbon copy to list). > -- View this message in context: http://old.nabble.com/Can%27t-import-valid-GPG-keys-in-Ubuntu-tp26635935p26704102.html Sent from the GnuPG - User mailing list archive at Nabble.com. From dkg at fifthhorseman.net Thu Dec 10 17:46:29 2009 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Thu, 10 Dec 2009 11:46:29 -0500 Subject: Can't import valid GPG keys in Ubuntu In-Reply-To: <26704102.post@talk.nabble.com> References: <26635935.post@talk.nabble.com> <26704102.post@talk.nabble.com> Message-ID: <4B2125E5.8010503@fifthhorseman.net> On 12/08/2009 09:13 PM, BlueGnu wrote: > gpg command line and output: > /usr/bin/gpg > gpg: /home/administrator/.gnupg/gpg.conf:243: invalid option > gpg: /home/administrator/.gnupg/gpg.conf:244: invalid option And what is on lines 243 and 244 of the file /home/administrator/.gnupg/gpg.conf ? --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 891 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Thu Dec 10 17:54:20 2009 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 10 Dec 2009 11:54:20 -0500 Subject: Secret Key Needed and Location on Mac Leopard In-Reply-To: <4B1EE935.2060307@sixflagsmail.com> References: <4B1EE935.2060307@sixflagsmail.com> Message-ID: <4B2127BC.9040704@sixdemonbag.org> On 12/8/09 7:03 PM, emma wrote: > Looking through the forums I think this means I need to copy over my > secret key, but I can't seem to find where this is located on a mac, nor > how to search for it. It will be in a folder called ".gnupg". By default, this folder will not appear in Finder. Once you're in .gnupg, then copy "secring.gpg" and "pubring.gpg" over to your new machine. Presto, you're done. :) From hamilric at us.ibm.com Thu Dec 10 18:05:59 2009 From: hamilric at us.ibm.com (Richard Hamilton) Date: Thu, 10 Dec 2009 10:05:59 -0700 Subject: AUTO: Richard Hamilton is out of the office (returning 12/14/2009) Message-ID: I am out of the office until 12/14/2009. I am out of the office until December 14th 2009. If this is a production problem, please call the solution center at 918-573-2336 or email Bob Olson at Robert.Olson at williams.com. I will have limited mail and cell phone access. Note: This is an automated response to your message "Re: Can't import valid GPG keys in Ubuntu" sent on 12/10/09 9:46:29. This is the only notification you will receive while this person is away. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ussenterprise at babylonfarms.com Thu Dec 10 17:55:41 2009 From: ussenterprise at babylonfarms.com (Troy) Date: Thu, 10 Dec 2009 10:55:41 -0600 Subject: Can't import valid GPG keys in Ubuntu In-Reply-To: <26704102.post@talk.nabble.com> References: <26635935.post@talk.nabble.com> <26704102.post@talk.nabble.com> Message-ID: <4B21280D.2020608@babylonfarms.com> Hello, BlueGnu wrote: > That's possible, but I can't seem to use them. I even checked with Enigmail > and it gives: > Send operation aborted. > > Error - encryption command failed > > gpg command line and output: > /usr/bin/gpg > gpg: /home/administrator/.gnupg/gpg.conf:243: invalid option > gpg: /home/administrator/.gnupg/gpg.conf:244: invalid option Try removing lines 243 & 244 from the gpg.conf file or insert a "#" before each line. it appears you have a conflicting options Troy From wk at gnupg.org Fri Dec 11 17:48:02 2009 From: wk at gnupg.org (Werner Koch) Date: Fri, 11 Dec 2009 17:48:02 +0100 Subject: [Announce] Libgcrypt 1.4.5 released Message-ID: <87bpi5qwxp.fsf@vigenere.g10code.de> Hello! The GNU project is pleased to announce the availability of Libgcrypt version 1.4.5. Libgcrypt is a general purpose library of cryptographic building blocks. It is originally based on code used by GnuPG. It does not provide any implementation of OpenPGP or other protocols. Thorough understanding of applied cryptography is required to use Libgcrypt. Noteworthy changes in version 1.4.5: * Fixed minor memory leak in DSA key generation. * No more switching to FIPS mode if /proc/version is not readable. * Fixed a sigill during Padlock detection on old CPUs. * Fixed a hang on some W2000 machines. * Boosted SHA-512 performance by 30% on ia32 boxes and gcc 4.3; SHA-256 went up by 25%. Source code is hosted at the GnuPG FTP server and its mirrors as listed at . On the primary server the source file and its digital signature is: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.5.tar.bz2 (1121k) ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.5.tar.bz2.sig This file is bzip2 compressed. A gzip compressed version is also available: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.5.tar.gz (1386k) ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.5.tar.gz.sig Alternativley you may upgrade version 1.4.4 using this patch file: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.4-1.4.5.diff.bz2 (93k) The SHA-1 checksums are: ef7ecbd3a03a7978094366bcd1257b3654608d28 libgcrypt-1.4.5.tar.bz2 8d83a60ca55f2ea40b5d5bc99463905b7a1dcb56 libgcrypt-1.4.5.tar.gz 5307e361da5232cd771c300adddc69e57f0e366d libgcrypt-1.4.4-1.4.5.diff.bz2 For help on developing with Libgcrypt you should read the included manual and optional ask on the gcrypt-devel mailing list [1]. Note that this version is from the stable branch; the current development version is available at . Improving Libgcrypt is costly, but you can help! We are looking for organizations that find Libgcrypt useful and wish to contribute back. You can contribute by reporting bugs, improve the software [2], order extensions or support or more general by donating money to the Free Software movement (e.g. ). Commercial support contracts for Libgcrypt are available [3], and they help finance continued maintenance. g10 Code GmbH, a Duesseldorf based company, is currently funding Libgcrypt development. We are always looking for interesting development projects. Many thanks to all who contributed to Libgcrypt development, be it bug fixes, code, documentation, testing or helping users. Happy hacking, Werner [1] See . [2] Note that copyright assignments to the FSF are required. [3] See the service directory at . -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From patelritesh at gmail.com Fri Dec 11 19:12:39 2009 From: patelritesh at gmail.com (Ritesh Patel) Date: Fri, 11 Dec 2009 13:12:39 -0500 Subject: GnuPG 1.4.5 - Problem with trustdb.gpg Message-ID: <78bab1780912111012oabdb7f9lb3b3e52b7056fb02@mail.gmail.com> Hello, I was using GnuPG 1.4.5. $ gpg --list-sigs /home/test1/.gnupg/pubring.gpg --------------------------------- pub 1024D/E913B4F9 2009-12-11 uid Test1 (Testing) sig 3 E913B4F9 2009-12-11 Test1 (Testing) sub 1024g/25D2E967 2009-12-11 sig E913B4F9 2009-12-11 Test1 (Testing) I imported two different key (test2 at test.com and test3 at test.com) in two different keyring (test2 and test3). $ gpg --keyring test2 --no-default-keyring --import /tmp/test2_pub_key gpg: keyring `/home/test1/.gnupg/test2' created gpg: key 2BD18395: public key "Test2 (Testing 2) " imported gpg: Total number processed: 1 gpg: imported: 1 $ gpg --keyring test2 --list-keys /home/test1/.gnupg/pubring.gpg --------------------------------- pub 1024D/E913B4F9 2009-12-11 uid Test1 (Testing) sub 1024g/25D2E967 2009-12-11 /home/test1/.gnupg/test2 --------------------------- pub 1024D/2BD18395 2009-12-11 uid Test2 (Testing 2) sub 1024g/474B7E93 2009-12-11 $ gpg --keyring test3 --no-default-keyring --import /tmp/test3_pub_key gpg: keyring `/home/test1/.gnupg/test3' created gpg: key 7D6F8608: public key "Test3 (Testing 3) " imported gpg: Total number processed: 1 gpg: imported: 1 $ gpg --keyring test3 --list-keys /home/test1/.gnupg/pubring.gpg --------------------------------- pub 1024D/E913B4F9 2009-12-11 uid Test1 (Testing) sub 1024g/25D2E967 2009-12-11 /home/test1/.gnupg/test3 --------------------------- pub 1024D/7D6F8608 2009-12-11 uid Test3 (Testing 3) sub 1024g/636851B8 2009-12-11 Now I signed first test2 at test.com key with my key (test1 at test.com, which is untimely trusted key) and able encrypt message using keyring test2, test2 at test.com key. $ gpg --keyring test2 --sign-key -u test1 at test.com test2 at test.com -- works fine $ gpg -se -a --keyring test2 --batch -u test1 at test.com -r test2 at test.com From olav at mozilla-enigmail.org Sun Dec 13 19:33:32 2009 From: olav at mozilla-enigmail.org (Olav Seyfarth) Date: Sun, 13 Dec 2009 19:33:32 +0100 Subject: How to create a backup card from pub+sec+sk (v1.1) to be able to decrypt - or import sk into the sec key to decrypt without card Message-ID: <4B25337C.1090702@mozilla-enigmail.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hi list, I spent a lot of time trying to find out how to set up a second SmartCard from the default card backup (public key, secret key stub, off-card sk_enc) in order to be able to read my old messages again - since the first card was broken one day: it would no longer decrypt (hardware error). Prerequisites: - - two OpenPGP SmartCards (V 1.1 !), one main card, one empty card to replace the (now broken) one - - Key generated on-card on CARD_A using GnuPG 1.4.9 (on Windows XP), with off-card backup during creation -> file "sk_ENCKEY-KEYID.asc" (ASCII-armored) - - Backup of public and secret key from the keyring after generation -> files "KEYID_pub.gpg" and "KEYID_sec.gpg" - - meanwhile I use GnuPG 2.0.12 (on Windows 7) What I did: - - kill gpg-agent (and scdaemon) - - move Homedir "\gnupg" aside - - gpg --dearmor sk_ENCKEY-KEYID.asc > sk_enc.gpg - - gpg --import KEYID_pub.gpg KEYID_sec.gpg - - insert CARD_B - - gpg --edit-key KEYID toggle bkuptocard sk_enc.gpg PIN (to decrypt sk_enc) Admin-PIN (to write to the card) q y (to save) Result: the encryption key is correctly written to the card but the keyring doesn't refer to the new CARD_B but to CARD_a still. I found http://lists.gnupg.org/pipermail/gnupg-users/2006-June/028865.html telling to delete the secret key and reimport it through the --card-edit command. Yet this didn't work: it just didn't create a new secret key (since the main key still refers to the old card I assume). I could also not just delete a secret subkey since after "toggle" and "key 2" the delkey command asked me to "toggle" (back to pubkeys) prior to being issued - I also tried to delete the whole subkey (which worked), reimported the pubkey (with "fetch" in - --card-edit but even then, no secret subkey was created from the card. Maintainers, please provide a step-by-step guide on how to recover from card failure or loss with the above prerequisites (which is the default way to set up an OpenPGP card!) in the SmartCard Howto or the FAQ on gnupg.org . Apart from the "create a backup card" scenario, I'd rather import sk_enc.gpg into the secret key (in the keyring), revoke it and accept the risk that old messages may no longer be 110% safe. How to acomplish this? It would prevent the need to switch cards when reading old messages since I now use a V2.0 card on a daily basis ... Olav - -- The Enigmail Project - OpenPGP Email Security For Mozilla Applications -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (MingW32) Comment: Diese Email ist digital signiert/verschl?sselt Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQGbBAEBAwAGBQJLJTN4AAoJEKGX32tq4e9WSIgL+MgQPTiZxee5YKKcsnLZ5sEy CROVPT5ONrLzUCMpDOHrwC1MBfCzvs8YiawPl+FnuI1aYG7v/utXH5qNb/F3SNVz ErOhxs46DwXIZTgmrCKlxpFcZllxNf4g14EtKoaew9qYM8u1l2/xpA6eY4aeED+k ssT6C1DqGg1ATUt3o0VxHGNbjgKJq72bJHwL+zgpvF/H+ETqWmDnpvgSXlWI3flz jc28pZJMM6GTxUAPfGuCUhpv5dajycoFaVQkkjWscohofVLVDpoWMMD0XW4j2YR6 eFQmVC6FTseIafw6VCxgfZVHaStueAAbl5YCIE/RZXqJmhOcJ6sZcey9ZeZ5OXcS 6OoHJ0LRDX0ejG6MIbmDbJf59zghaLh8mEyEyw1s4cwhExyTsbmLw/ndoyO0ji4a ANk9e6ArZvDVgiru83IiCIwf9Ec5vcgzVioIYGDu9WvWk701zAIGurwlrtTy4MUz TfuBj5kTp3Rla2ZfhexFXiUbmdL9qe6DWVlXV+nu =CKXf -----END PGP SIGNATURE----- From edstuckems at gmail.com Mon Dec 14 07:47:10 2009 From: edstuckems at gmail.com (ed stuckems) Date: Mon, 14 Dec 2009 01:47:10 -0500 Subject: solved newb: help did gen-key twice Message-ID: On Mon, Dec 14, 2009 at 1:24 AM, ed stuckems wrote: > So how do I sign key 1 with key 2, or how do I tell gpg that the > signing of key 1 should be done with key2 and not key1? found it ... gpg -u key2 --edit-key key1 eds From edstuckems at gmail.com Mon Dec 14 07:24:53 2009 From: edstuckems at gmail.com (ed stuckems) Date: Mon, 14 Dec 2009 01:24:53 -0500 Subject: newb: help did gen-key twice Message-ID: I ran gpg --gen-key twice and now --list-key shows two keys. I suppose I can delete the second one but I'm not sure I want to. In order to freely use either key without having people sign each of the two keys I was hoping to cross sign the keys, ie, I want to sign key 2 with key 1 and sign key 1 with key 2. I find that I can easily sign key 2 with key 1, but I can't seem to sign key 1 with key two. Here's what I did: $ gpg --gen-key $ gpg --gen-key $ gpg --edit-key command > sign command > save $ gpg --edit-key command > sign "key1" was already signed by key Nothing to sign with key command > quit So how do I sign key 1 with key 2, or how do I tell gpg that the signing of key 1 should be done with key2 and not key1? eds From haveyouworked at aol.com Fri Dec 11 01:00:31 2009 From: haveyouworked at aol.com (BlueGnu) Date: Thu, 10 Dec 2009 16:00:31 -0800 (PST) Subject: Can't import valid GPG keys in Ubuntu In-Reply-To: <4B21280D.2020608@babylonfarms.com> References: <26635935.post@talk.nabble.com> <26704102.post@talk.nabble.com> <4B21280D.2020608@babylonfarms.com> Message-ID: <26736659.post@talk.nabble.com> I commented them out. #debug-level basic #log-file socket:///home/administrator/.gnupg/log-socket Things are working now. If there's anything I should do about those lines, let me know. Daniel Kahn Gillmor-7 wrote: > > On 12/08/2009 09:13 PM, BlueGnu wrote: > And what is on lines 243 and 244 of the file > /home/administrator/.gnupg/gpg.conf ? > -- View this message in context: http://old.nabble.com/Can%27t-import-valid-GPG-keys-in-Ubuntu-tp26635935p26736659.html Sent from the GnuPG - User mailing list archive at Nabble.com. From gary at hanley.net Mon Dec 14 15:46:44 2009 From: gary at hanley.net (Gary Hanley) Date: Mon, 14 Dec 2009 09:46:44 -0500 (EST) Subject: --edit-key Information Message-ID: Hello, Try as I might I can't seem to find any solid information regarding some information under --edit-key. Consider this slightly redacted example: pub 1024D/92323698 : 2009-12-11 expires: 2011-12-11 usage: SCA trust: ultimate validity: ultimate sub 4096g/746E2A67 : 2009-12-11 expires: 2011-12-11 usage: E Where do I find information about the "D" in "1024D" and the "g" in "4096g"? What are the other potential values? And although the answer may be obvious or intuitive, is there a source of information that describes the values of the "usage:" flags? Thanks for any help you can give me. -- Gary From wk at gnupg.org Mon Dec 14 17:26:23 2009 From: wk at gnupg.org (Werner Koch) Date: Mon, 14 Dec 2009 17:26:23 +0100 Subject: --edit-key Information In-Reply-To: References: Message-ID: <87zl5lpln4.fsf@vigenere.g10code.de> On Mon, 14 Dec 2009 09:46:44 -0500 (EST), Gary Hanley wrote: > Where do I find information about the "D" in "1024D" and the "g" in > "4096g"? What are the other potential values? In the source ;-). gnupg/g10/keyid.c: int pubkey_letter( int algo ) { switch( algo ) { case PUBKEY_ALGO_RSA: return 'R' ; case PUBKEY_ALGO_RSA_E: return 'r' ; case PUBKEY_ALGO_RSA_S: return 's' ; case PUBKEY_ALGO_ELGAMAL_E: return 'g'; case PUBKEY_ALGO_ELGAMAL: return 'G' ; case PUBKEY_ALGO_DSA: return 'D' ; default: return '?'; } } 'G' is not anymore supported; it was used for sign+encrypt Elgamal. 'r' and 's' are also not used for new keys - they have been used in the past by a PGP variant. > And although the answer may be obvious or intuitive, is there a source > of information that describes the values of the "usage:" flags? I am not sure whether it is explicitly documented. In gnupg/doc/DETAILS you can find the assignments we have: 12. Field: Key capabilities: e = encrypt s = sign c = certify a = authentication A key may have any combination of them in any order. In addition to these letters, the primary key has uppercase versions of the letters to denote the _usable_ capabilities of the entire key, and a potential letter 'D' to indicate a disabled key. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From dkg at fifthhorseman.net Mon Dec 14 17:56:28 2009 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Mon, 14 Dec 2009 11:56:28 -0500 Subject: --edit-key Information In-Reply-To: <87zl5lpln4.fsf@vigenere.g10code.de> References: <87zl5lpln4.fsf@vigenere.g10code.de> Message-ID: <4B266E3C.1010508@fifthhorseman.net> On 12/14/2009 11:26 AM, Werner Koch wrote: > On Mon, 14 Dec 2009 09:46:44 -0500 (EST), Gary Hanley wrote: > >> Where do I find information about the "D" in "1024D" and the "g" in >> "4096g"? What are the other potential values? > > In the source ;-). gnupg/g10/keyid.c: maybe this info could go in DETAILS as well? >> And although the answer may be obvious or intuitive, is there a source >> of information that describes the values of the "usage:" flags? > > I am not sure whether it is explicitly documented. In > gnupg/doc/DETAILS you can find the assignments we have: > > 12. Field: Key capabilities: > e = encrypt > s = sign > c = certify > a = authentication If you're curious about what these words themselves mean in the context of OpenPGP, you might be interested in the relevant section of the OpenPGP RFC: http://tools.ietf.org/html/rfc4880#section-5.2.3.21 hth, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 891 bytes Desc: OpenPGP digital signature URL: From fab.furnari at gmail.com Mon Dec 14 17:21:10 2009 From: fab.furnari at gmail.com (Fabrizio Furnari) Date: Mon, 14 Dec 2009 17:21:10 +0100 Subject: Install on AIX 6.10 Message-ID: Hi to all, do you know if there problems installing GnuPG on AIX 6.10? Which libraries does it needs? Is there a pre-build package to speed-up the installation? Thanks, -- @P=split//,".URRUU\c8R";@d=split//,"\niranruF oizirbaF";sub p{ @p{"r$p","u$p"}=(P,P);pipe"r$p","u$p";++$p;($q*=2)+=$f=!fork;map{$P=$P[$f^ord ($p{$_})&6];$p{$_}=/ ^$P/ix?$P:close$_}keys%p}p;p;p;p;p;map{$p{$_}=~/^[P.]/&& close$_}%p;wait until$?;map{/^r/&&<$_>}%p;$_=$d[$q];sleep rand(2)if/\S/;print -------------- next part -------------- An HTML attachment was scrubbed... URL: From pioterbrat at o2.pl Tue Dec 15 20:44:57 2009 From: pioterbrat at o2.pl (Piotr Bratkowski) Date: Tue, 15 Dec 2009 20:44:57 +0100 Subject: Trust list Message-ID: <4B27E739.1080202@o2.pl> Hello, I'm trying to use gpgme to list my trustlist, but this code doesn't work: http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/*checkout*/branches/gpgme-1-0-branch/tests/gpg/t-trustlist.c?content-type=text%2Fplain&rev=1022&root=GPGME Or I'm doing something wrong. I have in my gpg 4 keys but none of them is listed by this program. Am I missing something?? Regards, Piotr Bratkowski From rjh at sixdemonbag.org Tue Dec 15 20:53:19 2009 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 15 Dec 2009 14:53:19 -0500 Subject: Code for javagnupg? Message-ID: <4B27E92F.8080505@sixdemonbag.org> In 2005, Stefan Richter announced some JNI bindings (Java Native Interface) for GPGME, which he called javagnupg. A very early alpha version of this was uploaded to ftp.gnupg.org, where it's lived in the alpha directory ever since. As it turns out, I need JNI bindings for GnuPG. Rather than start over from scratch I thought I'd take a look at Stefan's 0.1.2 codebase and see how much work it would take to bring it up to current standards. I was surprised to discover there is no code in the jarfile that Stefan contributed. It's .class files only, along with some documentation, but nothing that seems to actually be compilable code. Does anyone have access to the code for javagnupg 0.1.2? If so, please send it on to me. From a.aboughrara at gmail.com Tue Dec 15 21:40:49 2009 From: a.aboughrara at gmail.com (bogha) Date: Tue, 15 Dec 2009 12:40:49 -0800 (PST) Subject: Import a key not successfull Message-ID: <26801424.post@talk.nabble.com> hi i'm using GnuPG "gnupg-w32cli-1.4.10b" also i used GPGshell3.75 as a GUI for the management. and i'm using Windows XP SP2 as an OS. i need to encrypt a file and send it to another person via email so he sent me his public key. i tried to import it through the GUI but it gives me this error gpg: key 05932537: no valid user IDs gpg: this may be caused by a missing self-signature gpg: Total number processed: 1 gpg: w/o user IDs: 1 i tried to import it through different GUI like GnuPG Shell also it couldn't import the key. i tried to import it through command line interface, also the same error message appears, also it gives me another error that gpg: can't convert 'utf-8' to 'CP720' or some thing like this syntax the reciever sent me another key but the same error appears again. any suggestions? Regards -- View this message in context: http://old.nabble.com/Import-a-key-not-successfull-tp26801424p26801424.html Sent from the GnuPG - User mailing list archive at Nabble.com. From jmoore3rd at bellsouth.net Tue Dec 15 22:36:29 2009 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Tue, 15 Dec 2009 16:36:29 -0500 Subject: Import a key not successfull In-Reply-To: <26801424.post@talk.nabble.com> References: <26801424.post@talk.nabble.com> Message-ID: <4B28015D.2060503@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 bogha wrote: > gpg: key 05932537: no valid user IDs > gpg: this may be caused by a missing self-signature > gpg: Total number processed: 1 > gpg: w/o user IDs: 1 Add this line to Your gpg.conf File [or in GPGshell to the selected Option(s) File]: allow-non-selfsigned-uid This should cause GPG to 'accept' the Key into Your Keyring and Encrypt to this 'less than Standard' Key. HTH JOHN ;) Timestamp: Tuesday 15 Dec 2009, 16:36 --500 (Eastern Standard Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: http://www.gswot.org Comment: Personal Web Page: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJLKAFYAAoJEBCGy9eAtCsPlsYH+wbn/O32xCFZNjCRKDMcfxi+ vcoTEHVsYvFsSDYYKaQEVUTenSC289nXHg3Ro5GFgxYJgZEmf++FLxDaxiHwng2Q jaAzeAgSR9FGLrtxJsqlCtHUpWMj/+IDKPSVRmgMdJ83oqpmKTjoWJTkFg3U1yRJ V0IkXKoUr3FN3H0HfPyLmt9rEDcEPnxCq4vVJRRZymFKwkLKE8Jt42O7L/SfkVP+ IeYFc+shpz8uEvNBz8giQUogpkuMjYmOTwg1776uKWWx1mi3e2K51LrQDg5BJO2L TK8ladcYOhJ51uzIFXKuaNTFNm0sxb3vTg+N+Cfk0BRtRRz4DJJTAoSCqyoOksg= =Xx5l -----END PGP SIGNATURE----- From arikaori at gmail.com Tue Dec 15 22:45:43 2009 From: arikaori at gmail.com (Kaori Ari) Date: Tue, 15 Dec 2009 23:45:43 +0200 Subject: The number of lines of a key opened in a text-editor Message-ID: Hi everybody, I really don't know whether I'm asking a stupid question or not. It is about the length of a Public Key of GnuPG. Such that: When I open the back-up of a public key in a text editor (say "pkey.asc" in Gedit), I see a long 'meaningless' text. It's OK. It is a perfectly justified text (I don't know why and how) and I or the editor can count how many lines there are. The longer the key strength is, the more lines there are (I guess). DSA type has constant strength: 1024 bytes. El-Gamal is between 1024 and 4096 bytes. If El-Gamal is 1024 bytes, then the number of lines of its public key in a text editor is around 25. If El-Gamal is 4096 bytes, then it is around 40. That is reasonable for me. However, I have checked many public keys from the server (pgp.mit.edu) and found some exceptions. For example, one of the Debian maintainers' public keys has El-Gamal 2048 bytes strength but has 340 lines (!!!?) when opened in a text editor. I've tried to obtain such a long key, but I couldn't. The questions are: - How can it be possible to obtain such a long text of a public key although it has 2048 bytes strength or whatever? - Is such a long text public key more secure than what we get regularly? My apologies regarding possible mistakes in the language... Sincerely, Burcu -------------- next part -------------- An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Wed Dec 16 00:05:45 2009 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 15 Dec 2009 18:05:45 -0500 Subject: The number of lines of a key opened in a text-editor In-Reply-To: References: Message-ID: <4B281649.9020008@sixdemonbag.org> On 12/15/2009 04:45 PM, Kaori Ari wrote: > I really don't know whether I'm asking a stupid question or not. The only stupid questions are the ones that don't get asked. :) > - How can it be possible to obtain such a long text of a public key > although it has 2048 bytes strength or whatever? 2048 bits, only 512 bytes. A "public key" usually has a lot more data than just the key material. User IDs and signatures are usually present, too. Some users even include a JPEG of themselves in their key. > - Is such a long text public key more secure than what we get regularly? Nope. :) From rjh at sixdemonbag.org Wed Dec 16 00:52:48 2009 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 15 Dec 2009 18:52:48 -0500 Subject: The number of lines of a key opened in a text-editor In-Reply-To: <4B281649.9020008@sixdemonbag.org> References: <4B281649.9020008@sixdemonbag.org> Message-ID: <4B282150.2030606@sixdemonbag.org> On 12/15/2009 06:05 PM, Robert J. Hansen wrote: > 2048 bits, only 512 bytes. 256 bytes. Sorry. [goes off to drink coffee directly from the pot: clearly, caffeine is needed] From olav at mozilla-enigmail.org Wed Dec 16 00:55:06 2009 From: olav at mozilla-enigmail.org (Olav Seyfarth) Date: Wed, 16 Dec 2009 00:55:06 +0100 Subject: The number of lines of a key opened in a text-editor In-Reply-To: References: Message-ID: <4B2821DA.80704@mozilla-enigmail.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hi Burcu, you tried to derive the key "strength" from the number of lines of the (ASCII armored) public key. It does not work like that. The secret of a 2048 bit key is 2048 bit, that would be approx. [1] 5.5 "lines" you counted. However, the public key also contains user identities (aka Email addresses), signatures and other information described in detail in [2]. You may examine your PUBLIC key packets by pasting them into a pgpdump [3] converter [4]. [1] http://en.wikipedia.org/wiki/Base64#OpenPGP [2] http://tools.ietf.org/html/rfc4880 [3] http://www.mew.org/~kazu/proj/pgpdump/en/ [4] http://www.pgpdump.net/ Olav - -- The Enigmail Project - OpenPGP Email Security For Mozilla Applications -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (MingW32) Comment: Diese Email ist digital signiert/verschl?sselt Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQGcBAEBAwAGBQJLKCHXAAoJEKGX32tq4e9W6sgMAIWBI3JMsoeU6Ggknkhj9lSl vkK+sLed+D9sCaDw0M3yxKwBVkiY8WrYrbYfCuiu5U4Zmlu8+RnZPnWJZSg8mgCV tmSqAPzCQDAx5CiMv4D8PmVuIt1SutZRjDdC3o4sPMD3JpvsYYztxtZxweU5wGIg RlHNuy6ZNh6p5iCAH/PsJKmlLCdqQFyoSFdOLx/+56kmhk2q6iyJdXIVcTwYEQV5 WJLJdIUlZtb4seKdH4DBw/hK2g26lTsTMWrVhWCO/v9ig/tnZDjCguGaD1zO1l6Q Jx4hLFcylAnjAdlS2MbkS2TLyL8kXHclK3lYeJF1Rvodk8i6w3flLlrQbYK3axhR v7ZA1uFU3Rco3DWXiDr25PD+hutko/QPE3FCYxaLvHbJ5s7tq5oMzzGmY0nr+/MY AvDx4af7ALjhPa1ICQMB2yPWAms5XlcB83E2bG8pvlK1uG1JfF/AyIy4Z5OJI+Kx CHW5l+QT1o9cTnhVXu1O4G4BN3Ra9E5/8gGxIOkrIw== =hKyy -----END PGP SIGNATURE----- From dkg at fifthhorseman.net Wed Dec 16 01:04:45 2009 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Tue, 15 Dec 2009 19:04:45 -0500 Subject: The number of lines of a key opened in a text-editor In-Reply-To: <4B281649.9020008@sixdemonbag.org> References: <4B281649.9020008@sixdemonbag.org> Message-ID: <4B28241D.6000802@fifthhorseman.net> On 12/15/2009 06:05 PM, Robert J. Hansen wrote: > A "public key" usually has a lot more data than just the key material. > User IDs and signatures are usually present, too. Some users even > include a JPEG of themselves in their key. If you're interested in making those unintelligible lines more intelligible, you could also try running the key through gpg --list-packets. if you've saved the file as example.cert, you'd do that like this: gpg --list-packets < example.cert (this assumes a regular shell on a modern operating system. i don't know if the windows shell supports this kind of redirection). This will print out details of what exactly is in the certificate. hth, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 891 bytes Desc: OpenPGP digital signature URL: From arikaori at gmail.com Wed Dec 16 03:25:45 2009 From: arikaori at gmail.com (Kaori Ari) Date: Wed, 16 Dec 2009 04:25:45 +0200 Subject: The number of lines of a key opened in a text-editor In-Reply-To: <4B28241D.6000802@fifthhorseman.net> References: <4B281649.9020008@sixdemonbag.org> <4B28241D.6000802@fifthhorseman.net> Message-ID: Thank you Robert, "byte" or "bit" difference is essential for me. I also attach importance to such things. Have a nice coffee drink :) Thank you Olav, I've dumped the text and seen that all Debian maintainers (I guess theirs) had signed it (about 130 signs). I've got the point. I've tried to add an extra email address to my key and it increased one more line in the text. Thank you Daniel, but at first I couldn't manage the command. After a while, instead of it, I try gpg --list-packets abc.asc > example.cert. (greater sign ">") By the way I've just noticed that Gnu Privacy Assistant (gpa) GUI lists all the signatures on the public key. Best regards, Burcu -------------- next part -------------- An HTML attachment was scrubbed... URL: From a.aboughrara at gmail.com Wed Dec 16 07:35:44 2009 From: a.aboughrara at gmail.com (bogha) Date: Tue, 15 Dec 2009 22:35:44 -0800 (PST) Subject: Import a key not successfull In-Reply-To: <4B28015D.2060503@bellsouth.net> References: <26801424.post@talk.nabble.com> <4B28015D.2060503@bellsouth.net> Message-ID: <26806837.post@talk.nabble.com> John W. Moore III-2 wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > bogha wrote: > >> gpg: key 05932537: no valid user IDs >> gpg: this may be caused by a missing self-signature >> gpg: Total number processed: 1 >> gpg: w/o user IDs: 1 > > Add this line to Your gpg.conf File [or in GPGshell to the selected > Option(s) File]: > > allow-non-selfsigned-uid > > This should cause GPG to 'accept' the Key into Your Keyring and Encrypt > to this 'less than Standard' Key. > > HTH > > JOHN ;) > Timestamp: Tuesday 15 Dec 2009, 16:36 --500 (Eastern Standard Time) > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (MingW32) > Comment: Public Key at: http://tinyurl.com/8cpho > Comment: Gossamer Spider Web of Trust: http://www.gswot.org > Comment: Personal Web Page: http://tinyurl.com/yzhbhx > > iQEcBAEBCgAGBQJLKAFYAAoJEBCGy9eAtCsPlsYH+wbn/O32xCFZNjCRKDMcfxi+ > vcoTEHVsYvFsSDYYKaQEVUTenSC289nXHg3Ro5GFgxYJgZEmf++FLxDaxiHwng2Q > jaAzeAgSR9FGLrtxJsqlCtHUpWMj/+IDKPSVRmgMdJ83oqpmKTjoWJTkFg3U1yRJ > V0IkXKoUr3FN3H0HfPyLmt9rEDcEPnxCq4vVJRRZymFKwkLKE8Jt42O7L/SfkVP+ > IeYFc+shpz8uEvNBz8giQUogpkuMjYmOTwg1776uKWWx1mi3e2K51LrQDg5BJO2L > TK8ladcYOhJ51uzIFXKuaNTFNm0sxb3vTg+N+Cfk0BRtRRz4DJJTAoSCqyoOksg= > =Xx5l > -----END PGP SIGNATURE----- > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > Thank you very much. it worked 100% -- View this message in context: http://old.nabble.com/Import-a-key-not-successfull-tp26801424p26806837.html Sent from the GnuPG - User mailing list archive at Nabble.com. From marco+gnupg at websource.ch Wed Dec 16 16:27:29 2009 From: marco+gnupg at websource.ch (Marco Steinacher) Date: Wed, 16 Dec 2009 16:27:29 +0100 Subject: cache-timeout not working with smartcard Message-ID: <4B28FC61.40600@websource.ch> Hi, I'm using gnupg with an OpenPGP smartcard since a few days now and basically it works very well. However, one thing bothers me a bit: Neither the cache-timeout options (gpg-agent) nor the card-timeout option (scdaemon) seem to work. I have set all timeouts to very low values but the PIN is still cached forever (by the card?), as long as the card is not removed and scdaemon is running. Sending SIGHUP to scdaemon does not work either although the manpage is suggesting this. Only killing scdaemon with SIGKILL helps. The LED on the card reader (SCR-335) remains always on after using it for the first time. For keys that are not on the smartcard the cache-timeout works correctly. Another thing, which is probably connected to the cache problem, is that I have to kill the scdaemon (with SIGKILL) after disconnecting and reconnecting the card reader to get it working again. If I don't kill scdaemon gnupg complains: gpg: selecting openpgp failed: ec=6.32848 gpg: OpenPGP card not available: general error Any ideas to resolve this? Are these problems card reader (SCR-335) specific? I think the cache-timeout/card-timeout options are crucial for security because without them it seems that the only way to prevent the card from being unlocked all the time is to manually remove the card or to kill the scdaemon. Regards, Marco From wk at gnupg.org Wed Dec 16 19:38:47 2009 From: wk at gnupg.org (Werner Koch) Date: Wed, 16 Dec 2009 19:38:47 +0100 Subject: cache-timeout not working with smartcard In-Reply-To: <4B28FC61.40600@websource.ch> References: <4B28FC61.40600@websource.ch> Message-ID: <877hsmsr0o.fsf@vigenere.g10code.de> On Wed, 16 Dec 2009 16:27:29 +0100, Marco Steinacher wrote: > option (scdaemon) seem to work. I have set all timeouts to very low > values but the PIN is still cached forever (by the card?), as long as There is no cache for a PIN. A card is usually unlocked after the PIN as been given until the card is powered down. Thus is seems that there is a cache. You can power down the card using the option @item --card-timeout @var{n} @opindex card-timeout If @var{n} is not 0 and no client is actively using the card, the card will be powered down after @var{n} seconds. Powering down the card avoids a potential risk of damaging a card when used with certain cheap readers. This also allows non Scdaemon aware applications to access the card. The disadvantage of using a card timeout is that accessing the card takes longer and that the user needs to enter the PIN again after the next power up. Note that with the current version of Scdaemon the card is powered down immediately at the next timer tick for any value of @var{n} other than 0. > Another thing, which is probably connected to the cache problem, is that > I have to kill the scdaemon (with SIGKILL) after disconnecting and Better use "gpgconf --reload scdaemon". I know about this probelm and it is really very annoying if you use one of these ID-000 USB reader sticks becuase with them you don't remove the card but the reader. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From marco+gnupg at websource.ch Thu Dec 17 11:27:53 2009 From: marco+gnupg at websource.ch (marco+gnupg at websource.ch) Date: Thu, 17 Dec 2009 11:27:53 +0100 Subject: cache-timeout not working with smartcard In-Reply-To: <877hsmsr0o.fsf@vigenere.g10code.de> References: <4B28FC61.40600@websource.ch> <877hsmsr0o.fsf@vigenere.g10code.de> Message-ID: <4B2A07A9.2040801@websource.ch> Werner Koch wrote: > On Wed, 16 Dec 2009 16:27:29 +0100, Marco Steinacher wrote: > >> option (scdaemon) seem to work. I have set all timeouts to very low >> values but the PIN is still cached forever (by the card?), as long as > > There is no cache for a PIN. A card is usually unlocked after the PIN > as been given until the card is powered down. Thus is seems that > there is a cache. OK, so my question is about powering down the card and not about caching. > You can power down the card using the option > > @item --card-timeout @var{n} As I wrote in my posting I have tried to use this option but it does not work. I added 'card-timeout 15' to my scdaemon.conf and nothing happens 15 seconds after accessing the card. The card remains unlocked as long as scdaemon is running. Nothing is written to the logfile after 15 seconds, even when the 'guru' debugging level is set. What could prevent this from working properly? BTW, I'm using the following versions: scdaemon (GnuPG) 2.0.13 libgcrypt 1.4.1 libksba 1.0.3 >> Another thing, which is probably connected to the cache problem, is that >> I have to kill the scdaemon (with SIGKILL) after disconnecting and > > Better use "gpgconf --reload scdaemon". OK, thanks for that hint. This leads me to some (maybe na?ve?) thoughts: 1. Couldn't gpg-agent reload scdaemon in the same way when default/max-cache-ttl is exceeded? This would provide the same functionality for unlocked smartcards as for cached passphrases, which would make sense since both are affected by the same security risk (agent hijacking). 2. Couldn't scdaemon be configured to also access the signature key on the card every time, even if only the authentication or encryption key is needed? Then, entering the PIN would be required also every time for e.g. ssh authentication (if the force-sig flag is set on the card). This would basically provide the same functionality as 'card-timeout 1' (provided that it works) without the trouble of powering down and up the card. Marco From marco+gnupg at websource.ch Thu Dec 17 11:06:34 2009 From: marco+gnupg at websource.ch (marco+gnupg at websource.ch) Date: Thu, 17 Dec 2009 11:06:34 +0100 Subject: cache-timeout not working with smartcard In-Reply-To: <4B291300.1080506@mozilla-enigmail.org> References: <4B28FC61.40600@websource.ch> <4B291300.1080506@mozilla-enigmail.org> Message-ID: <4B2A02AA.2030203@websource.ch> Olav Seyfarth wrote: > Hi Marco, > >> I'm using gnupg with an OpenPGP smartcard since a few days now and >> basically it works very well. However, one thing bothers me a bit: >> Neither the cache-timeout options (gpg-agent) nor the card-timeout >> option (scdaemon) seem to work. I have set all timeouts to very low >> values but the PIN is still cached forever (by the card?), as long as >> the card is not removed and scdaemon is running. Sending SIGHUP to >> scdaemon does not work either although the manpage is suggesting this. >> Only killing scdaemon with SIGKILL helps. The LED on the card reader >> (SCR-335) remains always on after using it for the first time. For keys >> that are not on the smartcard the cache-timeout works correctly. > > in --card-status, what's the setting of "Signature PIN ....: " ? > You may alter it to "forced" using --card-edit admin forcesig Thanks, Olav, for this hint. Unfortunately it does not help in my case. I forgot to mention that I'm referring mainly to ssh-authentication through gpg-agent. In that case (and also for decryption) the 'Signature PIN' setting doesn't have an effect (it works perfectly for signatures, though). My main concern is that the probability that the hijacking of the gpg-agent/ssh-agent is successful is much higher when the PIN is cached for a long time than it would be with short cache-timeout settings. Marco From wk at gnupg.org Thu Dec 17 13:56:34 2009 From: wk at gnupg.org (Werner Koch) Date: Thu, 17 Dec 2009 13:56:34 +0100 Subject: cache-timeout not working with smartcard In-Reply-To: <4B2A07A9.2040801@websource.ch> References: <4B28FC61.40600@websource.ch> <877hsmsr0o.fsf@vigenere.g10code.de> <4B2A07A9.2040801@websource.ch> Message-ID: <87y6l1rc71.fsf@vigenere.g10code.de> On Thu, 17 Dec 2009 11:27:53 +0100, marco+gnupg at websource.ch wrote: > As I wrote in my posting I have tried to use this option but it does not > work. I added 'card-timeout 15' to my scdaemon.conf and nothing happens > 15 seconds after accessing the card. The card remains unlocked as long Actually it should release the card immediatley after use. It is only a boolean switch for now. I forgot to mention that this feature is only available with pcsc and not with the internal driver. > 1. Couldn't gpg-agent reload scdaemon in the same way when > default/max-cache-ttl is exceeded? This would provide the same > functionality for unlocked smartcards as for cached passphrases, which > would make sense since both are affected by the same security risk > (agent hijacking). If you are talking about malware on your box, nothing will help you. You don't have any control anymore on your box. The only advantage you have is that the bot needs to wait until you enter the PIN the next time and then it can replay the PIN as needed. Oh, you are using a pinpad reader - well in this case the malware just et you sign something it is interested in and not what you assume. > 2. Couldn't scdaemon be configured to also access the signature key on > the card every time, even if only the authentication or encryption key > is needed? Then, entering the PIN would be required also every time for > e.g. ssh authentication (if the force-sig flag is set on the card). This > would basically provide the same functionality as 'card-timeout 1' > (provided that it works) without the trouble of powering down and up the Why would you want to do that? See above. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From marco+gnupg at websource.ch Thu Dec 17 18:04:32 2009 From: marco+gnupg at websource.ch (marco+gnupg at websource.ch) Date: Thu, 17 Dec 2009 18:04:32 +0100 Subject: cache-timeout not working with smartcard In-Reply-To: <87y6l1rc71.fsf@vigenere.g10code.de> References: <4B28FC61.40600@websource.ch> <877hsmsr0o.fsf@vigenere.g10code.de> <4B2A07A9.2040801@websource.ch> <87y6l1rc71.fsf@vigenere.g10code.de> Message-ID: <4B2A64A0.4060308@websource.ch> Werner Koch wrote: > On Thu, 17 Dec 2009 11:27:53 +0100, marco+gnupg at websource.ch wrote: > >> As I wrote in my posting I have tried to use this option but it does not >> work. I added 'card-timeout 15' to my scdaemon.conf and nothing happens >> 15 seconds after accessing the card. The card remains unlocked as long > > Actually it should release the card immediatley after use. It is only > a boolean switch for now. > > I forgot to mention that this feature is only available with pcsc and > not with the internal driver. That's it. I was using the internal driver. Thanks for pointing this out! >> 1. Couldn't gpg-agent reload scdaemon in the same way when >> default/max-cache-ttl is exceeded? This would provide the same >> functionality for unlocked smartcards as for cached passphrases, which >> would make sense since both are affected by the same security risk >> (agent hijacking). > > If you are talking about malware on your box, nothing will help you. > You don't have any control anymore on your box. The only advantage > you have is that the bot needs to wait until you enter the PIN the > next time and then it can replay the PIN as needed. Oh, you are using > a pinpad reader - well in this case the malware just et you sign > something it is interested in and not what you assume. I agree that this would not completely prevent malware from hijacking the agent for ssh authentication on a remote host. But at least it would make it more difficult, and, more importantly, the chances that I would notice the break-in are much bigger. In contrast, when the card is unlocked all the time it is sufficient for a user with superuser privileges to set some environment variables to be able to connect to a remote host using my authentication key at any time and I have no chance to notice it. BTW: Doesn't your argument also apply to cached passphrases? Why would you use max-cache-ttl when you assume that you are lost anyway once you lose control over your box? In any case, what I was suggesting can easily be done by a script that regularly checks the gpg-agent log and resets the card if the last access is older than default/max-cache-ttl. So it doesn't need to be built into gpg-agent/scdaemon. Marco From hs2412 at gmail.com Fri Dec 18 08:29:14 2009 From: hs2412 at gmail.com (Hardeep Singh) Date: Fri, 18 Dec 2009 12:59:14 +0530 Subject: Regarding Encryption through vb.net code using gpg In-Reply-To: References: Message-ID: Hi Jagadeesh The discussion here might be of help: http://blog.hardeep.name/computer/20080904/auto-gpg/ Hardeep Singh On Tue, Dec 8, 2009 at 6:52 PM, Jagadeesh Bantrotu wrote: > Hi, > > > > I am trying to encrypt the file using vb.net code but the data is not > encrypting and it is not giving error. But if I do from cmd prompt the file > is encrypted. > > Can you tell me what mistake I did in my code? I first used gpg version > 1.4.9 with this version the code was not executed after that I tried with > gpg version 1.2.0 but no use. Any one can help me ASAP. > > > > ? Dim vGPGExecutable As Variables > > ??????? Dts.VariableDispenser.LockOneForRead("GPGExecutable", > vGPGExecutable) > > ??????? Dim gpgExecutable As String > > ??????? gpgExecutable = vGPGExecutable("GPGExecutable").Value.ToString > > ??????? vGPGExecutable.Unlock() > > > > ??????? Dim vHomeDir As Variables > > ??????? Dts.VariableDispenser.LockOneForRead("HomeDirectory", vHomeDir) > > ??????? Dim HomeDir As String > > ??????? HomeDir = vHomeDir("HomeDirectory").Value.ToString > > ??????? vHomeDir.Unlock() > > > > ??????? Dim vPassPhrase As Variables > > ??????? Dts.VariableDispenser.LockOneForRead("recipient", vPassPhrase) > > ??????? Dim recipient As String = vPassPhrase("recipient").Value.ToString > > ??????? vPassPhrase.Unlock() > > > > ??????? Dim outputFile As String = > Dts.Connections("Encrypt").ConnectionString > > ??????? Dim inputfile As String = Dts.Connections("File").ConnectionString > > > > > > ??????? If System.IO.File.Exists(inputfile) = True Then > > > > ??????????? Dim gpgOptions As String > > > > ??????????? Dim optionsBuilder As StringBuilder = New StringBuilder() > > ??????????? optionsBuilder.Append("--homedir ") > > ??????????? optionsBuilder.Append(HomeDir) > > ??????????? optionsBuilder.Append(" --yes --batch --armor --recipient ") > > ??????????? optionsBuilder.Append(recipient) > > ??????????? optionsBuilder.Append(" --no-verbose --output ") > > ??????????? optionsBuilder.Append(outputFile) > > ??????????? optionsBuilder.Append(" --always-trust") > > ??????????? optionsBuilder.Append(" --encrypt ") > > ??????????? optionsBuilder.Append(inputfile) > > > > ??????????? gpgOptions = optionsBuilder.ToString() > > > > ??????????? Dim process As Process = New Process() > > ??????????? Dim streamWriter As StreamWriter > > ??????????? Dim streamReader As StreamReader > > ??????????? Dim err As StreamReader > > > > ??????????? Dim prStartInfo As ProcessStartInfo = New > ProcessStartInfo(gpgExecutable, gpgOptions) > > ??????????? prStartInfo.UseShellExecute = False > > ??????????? prStartInfo.RedirectStandardInput = True > > ??????????? prStartInfo.RedirectStandardOutput = True > > ??????????? prStartInfo.RedirectStandardError = True > > ??????? ????prStartInfo.CreateNoWindow = True > > ??????????? process.StartInfo = prStartInfo > > ??????????? process.Start() > > ??????????? streamWriter = process.StandardInput > > ??????????? streamReader = process.StandardOutput > > ??????????? err = process.StandardError > > ?????? ?????streamWriter.Close() > > > > ??????? Else > > ??????????? Dim logConstr As String > > ??????????? logConstr = Dts.Connections("Log File Connection > String").ConnectionString > > ??????????? Dim logfile As StreamWriter = New StreamWriter(logConstr, False) > > ??????????? logfile.WriteLine("Fail to Find Records File to be Encrypted.") > > ??????????? Dts.TaskResult = Dts.Results.Failure > > > > ??????????? logfile.Close() > > ??????? End If > > > > Thanks&Regards, > > Jagadeesh B > > ________________________________ > DISCLAIMER: > > This email may contain confidential information and is intended only for the > use of the specific individual(s) to which it is addressed. If you are not > the intended recipient of this email, you are hereby notified that any > unauthorized use, dissemination or copying of this email or the information > contained in it or attached to it is strictly prohibited. If you received > this message in error, please immediately notify the sender at Infotech or > Mail.Admin at infotech-enterprises.com and delete the original message. > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > From peter at digitalbrains.com Fri Dec 18 09:35:08 2009 From: peter at digitalbrains.com (Peter Lebbing) Date: Fri, 18 Dec 2009 09:35:08 +0100 Subject: cache-timeout not working with smartcard In-Reply-To: <87y6l1rc71.fsf@vigenere.g10code.de> References: <4B28FC61.40600@websource.ch> <877hsmsr0o.fsf@vigenere.g10code.de> <4B2A07A9.2040801@websource.ch> <87y6l1rc71.fsf@vigenere.g10code.de> Message-ID: <4B2B3EBC.4090905@digitalbrains.com> I would also like the features requested in this thread: having the card locked again after a decryption/authentication and the possibility to easily unplug and replug an ID-000 reader. Werner Koch wrote: > If you are talking about malware on your box, nothing will help you. > You don't have any control anymore on your box. The only advantage > you have is that the bot needs to wait until you enter the PIN the > next time and then it can replay the PIN as needed. Oh, you are using > a pinpad reader - well in this case the malware just et you sign > something it is interested in and not what you assume. This is also about physical access. If I use the smart card and leave the workstation for a moment (and forget to lock the card again), somebody can sit down at my workstation and happily decrypt my gpg files and use ssh to log in to other systems. Sure, physical access can cause lots of trouble, but it takes more time and effort than just typing "ssh interesting-host". I don't feel comfortable about it. >> 2. Couldn't scdaemon be configured to also access the signature key on >> the card every time, even if only the authentication or encryption key >> is needed? > > Why would you want to do that? See above. I'm not really convinced about the security of this method anyway. Access control should be at the card. However, how about powering down _and_up_ the card after every auth/decrypt? Configurable, of course. That way, PIN entry can start immediately when the next auth/decrypt turns up, without the delay of powering up and initialising the card (actually, the delay has been moved to the moment after the previous use). Greetings, Peter. PS: I also use the internal CCID driver. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt (new, larger key created on Nov 12, 2009) From marcio.barbado at gmail.com Fri Dec 18 23:08:15 2009 From: marcio.barbado at gmail.com (M.B.Jr.) Date: Fri, 18 Dec 2009 20:08:15 -0200 Subject: same key pair for more than one e-mail address Message-ID: <2df3b0cb0912181408n6a79ea77y4d14739feb39a1c2@mail.gmail.com> Suppose I'd like to "bind" the same key pair to more than one e-mail address. Is it recommended? Any comments will be greatly appreciated. Regards, Marcio Barbado, Jr. From olav at mozilla-enigmail.org Fri Dec 18 23:51:34 2009 From: olav at mozilla-enigmail.org (Olav Seyfarth) Date: Fri, 18 Dec 2009 23:51:34 +0100 Subject: same key pair for more than one e-mail address In-Reply-To: <2df3b0cb0912181408n6a79ea77y4d14739feb39a1c2@mail.gmail.com> References: <2df3b0cb0912181408n6a79ea77y4d14739feb39a1c2@mail.gmail.com> Message-ID: <4B2C0776.60809@mozilla-enigmail.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hi Marcio, > Suppose I'd like to "bind" the same key pair to more than one e-mail address. > Is it recommended? Any comments will be greatly appreciated. it depends. Using it for two private mail addresses that both are public is no problem. You may add or revoke UIDs later on. If you use an email address only your closest friends know, then adding a UID for it to your public key would reveal it. Also, keep in mind that if you use the same key for private and business, depending of the legislation on your country, your employer might ask you to hand out the private encryption key once you leave the company. It is wise to avoid such situations by using separate keys for business and private use. There are more cases like a low-trust key just to secure transport e.g. for XMPP aka Jabber. Olav - -- The Enigmail Project - OpenPGP Email Security For Mozilla Applications -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (MingW32) Comment: Diese Email ist digital signiert/verschl?sselt Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQGcBAEBAwAGBQJLLAdsAAoJEKGX32tq4e9WVZcL/i9sN4e4X/rQkhpYs1GtBeE/ cEpGwbndm1l9f30MWtw+2fNHbich11+IFPSO5GZ0x4ccqfIXVSFuABLAmW0s3MV5 NToErwYti0BbUcLQb+46fA7lhFF7ct7bX17D/Lv7TVExcl6qLKo2zwfufbVXi/GL Kc46WIoGlHDzAQNNlpNFQQm0Evnd8ORmE6fzVAEcBIBF0i3rpeuLXrC2oleJkPe8 LgwMZkZeF/v+0xZ8VCxsvaFx3o8S2annYR1gHIjGKm0YNbyMK/dI0nVSbmjXRjF2 SCpXr/vLjKlN4C67dBy1Tw9UbtsJkQm2nkkSTiQBqC6189HHr4i0BJbe5GQJWqCs iYGFZ/r0fsm4P+ryLN7sIQW1cbfvRit5olg7RnDvy8BQourhgotAN7ATEqEEIsiQ 4i2ZDlPzmTIkXwvvsI4jOnokLAEMquGa4cj+cPFnBAl7GTdeIjrAb7jQ0JzMt7ZA wawowDOsghA2/xLbU/aYAXie9cIz5qOhR/OhX+6U7g== =wil5 -----END PGP SIGNATURE----- From jh at jameshoward.us Sat Dec 19 00:07:09 2009 From: jh at jameshoward.us (James P. Howard, II) Date: Fri, 18 Dec 2009 18:07:09 -0500 Subject: [gnupg-users] same key pair for more than one e-mail address In-Reply-To: <2df3b0cb0912181408n6a79ea77y4d14739feb39a1c2@mail.gmail.com> References: <2df3b0cb0912181408n6a79ea77y4d14739feb39a1c2@mail.gmail.com> Message-ID: <20091218230709.GA38153@byzantine.jameshoward.us> On Fri, Dec 18, 2009 at 08:08:15PM -0200, M.B.Jr. wrote: > Suppose I'd like to "bind" the same key pair to more than one e-mail address. > Is it recommended? Any comments will be greatly appreciated. I wrote a blog post on this question a couple months ago: http://bit.ly/4eTg6z James -- James P. Howard, II, MPA MBCS jh at jameshoward.us -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 455 bytes Desc: not available URL: From wk at gnupg.org Mon Dec 21 18:58:19 2009 From: wk at gnupg.org (Werner Koch) Date: Mon, 21 Dec 2009 18:58:19 +0100 Subject: [Announce] GnuPG 2.0.14 released Message-ID: <87my1cqkec.fsf@vigenere.g10code.de> Hello! We are pleased to announce the availability of a new stable GnuPG-2 release: Version 2.0.14. The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data, create digital signatures, help authenticating using Secure Shell and to provide a framework for public key cryptography. It includes an advanced key management facility and is compliant with the OpenPGP and S/MIME standards. GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.10) in that it splits up functionality into several modules. However, both versions may be installed alongside without any conflict. In fact, the gpg version from GnuPG-1 is able to make use of the gpg-agent as included in GnuPG-2 and allows for seamless passphrase caching. The advantage of GnuPG-1 is its smaller size and the lack of dependency on other modules at run and build time. We will keep maintaining GnuPG-1 versions because they are very useful for small systems and for server based applications requiring only OpenPGP support. GnuPG is distributed under the terms of the GNU General Public License (GPL version 3). GnuPG-2 works best on GNU/Linux or *BSD systems. What's New =========== * The default for --include-cert is now to include all certificates in the chain except for the root certificate. * Numerical values may now be used as an alternative to the debug-level keywords. * The GPGSM --audit-log feature is now more complete. * GPG now supports DNS lookups for SRV, PKA and CERT on W32. * New GPGSM option --ignore-cert-extension. * New and changed passphrases are now created with an iteration count requiring about 100ms of CPU work. Getting the Software ==================== Please follow the instructions found at http://www.gnupg.org/download/ or read on: GnuPG 2.0.14 may be downloaded from one of the GnuPG mirror sites or direct from ftp://ftp.gnupg.org/gcrypt/gnupg/ . The list of mirrors can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG is not available at ftp.gnu.org. On the FTP server and its mirrors you should find the following files in the gnupg/ directory: gnupg-2.0.14.tar.bz2 (3889k) gnupg-2.0.14.tar.bz2.sig GnuPG source compressed using BZIP2 and OpenPGP signature. gnupg-2.0.13-2.0.14.diff.bz2 (42k) A patch file to upgrade a 2.0.13 GnuPG source tree. This patch does not include updates of the language files. Note, that we don't distribute gzip compressed tarballs for GnuPG-2. Checking the Integrity ====================== In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-2.0.14.tar.bz2 you would use this command: gpg --verify gnupg-2.0.14.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key. Note, that you can retrieve the signing key using the command finger wk ,at' g10code.com or using a keyserver like gpg --recv-key 1CE0C630 The distribution key 1CE0C630 is signed by the well known key 5B0358A2. If you get an key expired message, you should retrieve a fresh copy as the expiration date might have been prolonged. NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION! * If you are not able to use an old version of GnuPG, you have to verify the SHA-1 checksum. Assuming you downloaded the file gnupg-2.0.14.tar.bz2, you would run the sha1sum command like this: sha1sum gnupg-2.0.14.tar.bz2 and check that the output matches the first line from the following list: cc5e4637f37f5bc82b00c73fc094ddadb7401821 gnupg-2.0.14.tar.bz2 cad88a7f3653479df41ddb7956b9f8a0ff6f2185 gnupg-2.0.13-2.0.14.diff.bz2 Internationalization ==================== GnuPG comes with support for 27 languages. Due to a lot of new and changed strings many translations are not entirely complete. Jedi, Maxim Britov, Jaime Su?rez and Nilg?n Belma Bug?ner have been kind enough to go over their translations and thus the Chinese, German, Russian, Spanish, and Turkish translations are pretty much complete. Documentation ============= We are currently working on an installation guide to explain in more detail how to configure the new features. As of now the chapters on gpg-agent and gpgsm include brief information on how to set up the whole thing. Please watch the GnuPG website for updates of the documentation. In the meantime you may search the GnuPG mailing list archives or ask on the gnupg-users mailing lists for advise on how to solve problems. Many of the new features are around for several years and thus enough public knowledge is already available. KDE's KMail is the most prominent user of GnuPG-2. In fact it has been developed along with the KMail folks. Mutt users might want to use the configure option "--enable-gpgme" and "set use_crypt_gpgme" in ~/.muttrc to make use of GnuPG-2 to enable S/MIME in addition to a reworked OpenPGP support. The manual is also available online in HTML format at http://www.gnupg.org/documentation/manuals/gnupg/ and in Portable Document Format at http://www.gnupg.org/documentation/manuals/gnupg.pdf . Support ======= Improving GnuPG is costly, but you can help! We are looking for organizations that find GnuPG useful and wish to contribute back. You can contribute by reporting bugs, improve the software, order extensions or support or more general by donating money to the Free Software movement (e.g. http://www.fsfeurope.org/help/donate.en.html). Commercial support contracts for GnuPG are available, and they help finance continued maintenance. g10 Code GmbH, a Duesseldorf based company owned and headed by GnuPG's principal author, is currently funding GnuPG development. We are always looking for interesting development projects. The GnuPG service directory is available at: http://www.gnupg.org/service.html Thanks ====== We have to thank all the people who helped with this release, be it testing, coding, translating, suggesting, auditing, administering the servers, spreading the word or answering questions on the mailing lists. Happy Hacking, The GnuPG Team -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP Digital Signature URL: -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From rjh at sixdemonbag.org Wed Dec 23 08:23:32 2009 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 23 Dec 2009 02:23:32 -0500 Subject: 'Tis the Season. Message-ID: <4B31C574.10005@sixdemonbag.org> Regardless of your personal beliefs or lack thereof, I think we can broadly agree that this is a good time of the year to reflect on the year, what's happened in it, what good fortune we've had and our hopes for the future. As with many previous years, I feel that it's been our good fortune to have GnuPG and an active, involved community. A lot of people volunteer their time, effort and knowledge to help people out, to develop new code, to provide new translations, to... the list of contributors to GnuPG is legion, and I'm grateful for every single one. So, to the developers, to the testers, to the people who answer newbie questions, to the people who generate signal and absorb noise, to the people who advocate healthy paranoia, and to everyone who cares about email privacy... Thank you, deeply and sincerely, for all you've done in this last year. Please keep up the good work. I appreciate it more than you know. Rather than donate to GnuPG directly -- which, for a lot of reasons, is really hard to do: how do you decide who should get how much of the donation? -- I'm making a donation to the EFF this year, since they're a charitable organization that seems to be very much in line with GnuPG's goals. If you're interested in doing likewise, you can donate on-line at: http://www.eff.org/ Just click the big red "Donate" button. :) From invite+oocrcvrf at facebookmail.com Wed Dec 23 23:08:00 2009 From: invite+oocrcvrf at facebookmail.com (Doug Bateman) Date: Wed, 23 Dec 2009 14:08:00 -0800 Subject: Check out my photos on Facebook Message-ID: Hi GnuPG, I set up a Facebook profile where I can post my pictures, videos and events and I want to add you as a friend so you can see it. First, you need to join Facebook! Once you join, you can also create your own profile. Thanks, Doug To sign up for Facebook, follow the link below: http://www.facebook.com/p.php?i=555126862&k=5Z142X64WTXO2EMBR1VVPVWRUUECX4&r Already have an account? Add this email address to your account http://www.facebook.com/n/?merge_accounts.php&e=gnupg-users at gnupg.org&c=a255a774def1a9a43bf129c9611afb0a.gnupg-users at gnupg.org was invited to join Facebook by Doug Bateman. If you do not wish to receive this type of email from Facebook in the future, please click on the link below to unsubscribe. http://www.facebook.com/o.php?k=75ee67&u=684792329&mid=19c91edG28d11a09G0G8 Facebook's offices are located at 1601 S. California Ave., Palo Alto, CA 94304. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jarif at iki.fi Fri Dec 25 05:56:18 2009 From: jarif at iki.fi (Jari Fredriksson) Date: Fri, 25 Dec 2009 06:56:18 +0200 Subject: How to make GnuPG 1.4.10b binary work on Windows 7? In-Reply-To: <87bcf3800910291851k5f6b1d8by587269a2463c39da@mail.gmail.com> References: <87bcf3800910291851k5f6b1d8by587269a2463c39da@mail.gmail.com> Message-ID: <4B3445F2.3080704@iki.fi> On 30.10.2009 3:51, Moses wrote: > Hi, > > GPG 1.4.10b does not work on Windows 7, does anyone know how to make it > work? +1 -- http://www.iki.fi/jarif/ From jesus.diaz.vico at gmail.com Sun Dec 27 21:47:00 2009 From: jesus.diaz.vico at gmail.com (Jesus) Date: Sun, 27 Dec 2009 21:47:00 +0100 Subject: Manually seeding CSPRNG? Message-ID: <1261946820.3778.9.camel@jesus-desktop> Hello everybody, I have a simple question. I've been reading the "Random Numbers" chapter from the Libgcrypt Reference Manual and I haven't seen a way to manually establishing the seed of the CSPRNG algorithms (may be because that could make a CSPRNG produce not Cryptographically Secure random sequences if the seed is not adequate?), so, my question is if it would be possible to manual-seed any libgcrypt CSPRNG algorithm (and if there is a "quick" way -a function or similar- for doing so) or if it is not recommendable. Thank you. From vedaal at hush.com Tue Dec 29 02:06:38 2009 From: vedaal at hush.com (vedaal at hush.com) Date: Mon, 28 Dec 2009 20:06:38 -0500 Subject: SCEA and V3 keys Message-ID: <20091229010638.D8F762803F@smtp.hushmail.com> was checking my original v3 rsa key in gnupg1.4.9 and got the following gnupg output with the 'edit' command: pub 2048R/85306D25 created: 2000-09-05 expires: never usage: SCEA trust: ultimate validity: ultimate [ultimate] (1). vedaal nistar [ultimate] (2) vedaal nistar [ultimate] (3) vedaal nistar are all v3 keys imported to gnupg automatically accorded SCEA status ? ('SE' is understandable, 'C' is a nice touch, 'A' was totally unexpected,) just another talking point to try to get the die-hard remailer crowd who want to keep their v3 keys, to upgrade to gnupg ;-) vedaal From baiju at ispg.in Wed Dec 23 06:04:57 2009 From: baiju at ispg.in (baiju) Date: Wed, 23 Dec 2009 10:34:57 +0530 Subject: PGP encrypt/GnuPG decrypt problem Message-ID: <001201ca838d$7bfd0f90$73f72eb0$@in> Hi, Is it possible to decrypt a message in PGP if that message is encrypted from GnuPg and vice versa. I am a .Net Programmer so I used GnupG to encrypt and decrypt messages in my program. But My client using PGP for encrypting and Decrypting message. So my message cannot be decrypted by my client. They also provide a public key in .asc file . I search a lot .But didn't get any solution. Please Provide Solution if you have any idea. Thanks baiju at ispg.in -------------- next part -------------- An HTML attachment was scrubbed... URL: From d.durham26 at yahoo.com Tue Dec 22 15:46:39 2009 From: d.durham26 at yahoo.com (David Durham) Date: Tue, 22 Dec 2009 06:46:39 -0800 (PST) Subject: verify gcc download Message-ID: <143611.94605.qm@web114108.mail.gq1.yahoo.com> Hello, I am trying to verify the download of a gcc-4.1.0.tar.bz2 file. I also downloaded the corresponding gcc-4.1.0.tar.bz2.sig file. I have tried gpg --verify gcc-4.1.0.tar.bz2.sig gcc-4.1.0.tar.bz2, but it says "can't check signature, public key not found." Does this mean the file has been verified, but just not the signature? The file at ftp.gnu.org/MISSING-FILES.README says that all releases after 8-1-2003 will be signed by the gpg maintainer who prepared the release. Does this mean I need to get the public keys of each maintainer for each software release I download? If so, could you please tell me how and where to get the appropriate public keys? -------------- next part -------------- An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Tue Dec 29 20:10:05 2009 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 29 Dec 2009 14:10:05 -0500 Subject: PGP encrypt/GnuPG decrypt problem In-Reply-To: <001201ca838d$7bfd0f90$73f72eb0$@in> References: <001201ca838d$7bfd0f90$73f72eb0$@in> Message-ID: <4B3A540D.7030404@sixdemonbag.org> On 12/23/2009 12:04 AM, baiju wrote: > Is it possible to decrypt a message in PGP if that message is encrypted > from GnuPg and vice versa. The answer to this one is, "it depends." Really old versions of PGP will have trouble interoperating with new versions of GnuPG. Newer versions of PGP interoperate well. From John at Mozilla-Enigmail.org Tue Dec 29 21:09:24 2009 From: John at Mozilla-Enigmail.org (John Clizbe) Date: Tue, 29 Dec 2009 14:09:24 -0600 Subject: verify gcc download In-Reply-To: <143611.94605.qm@web114108.mail.gq1.yahoo.com> References: <143611.94605.qm@web114108.mail.gq1.yahoo.com> Message-ID: <4B3A61F4.8060308@Mozilla-Enigmail.org> David Durham wrote: > Hello, > > I am trying to verify the download of a gcc-4.1.0.tar.bz2 file. I also > downloaded the corresponding gcc-4.1.0.tar.bz2.sig file. I have tried > gpg --verify gcc-4.1.0.tar.bz2.sig gcc-4.1.0.tar.bz2, but it says "can't > check signature, public key not found." Does this mean the file has been > verified, but just not the signature? The file at > ftp.gnu.org/MISSING-FILES.README says that all releases after 8-1-2003 > will be signed by the gpg maintainer who prepared the release. Does this > mean I need to get the public keys of each maintainer for each software > release I download? If so, could you please tell me how and where to get > the appropriate public keys? Yep, you need the public key(s). From looking at the sig file it was signed by Mark Mitchell 0xB75C61B8 You may fetch the key beforehand (if you know the ID): $ gpg --keyserver yogi --recv-key 0xB75C61B8 or add the appropriate options to the gpg command line: $ gpg --keyserver yogi --keyserver-options auto-key-retrieve \ --verify gcc-4.1.0.tar.bz2.sig gcc-4.1.0.tar.bz2 gpg: Signature made 02/28/06 12:57:12 using DSA key ID B75C61B8 gpg: requesting key B75C61B8 from hkp server yogi gpg: key B75C61B8: public key "Mark Mitchell " imported gpg: Total number processed: 1 gpg: imported: 1 gpg: please do a --check-trustdb gpg: Good signature from "Mark Mitchell " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: B3C4 2148 A44E 6983 B3E4 CC07 93FA 9B1A B75C 61B8 You'd need to change the keyserver to something publicly accessible such as pool.sks-keyservers.net. I would have thought there'd be an easily found keyring for gcc distros. -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 679 bytes Desc: OpenPGP digital signature URL: From one.jsim at gmail.com Tue Dec 29 22:21:21 2009 From: one.jsim at gmail.com (J Simoes) Date: Tue, 29 Dec 2009 21:21:21 +0000 Subject: Fwd: PGP encrypt/GnuPG decrypt problem In-Reply-To: <36e7820f0912291319i7f56a04di85a1dade9695909c@mail.gmail.com> References: <001201ca838d$7bfd0f90$73f72eb0$@in> <36e7820f0912291319i7f56a04di85a1dade9695909c@mail.gmail.com> Message-ID: <36e7820f0912291321h45a7fc66ldfe3e3bc48f2be4c@mail.gmail.com> ---------- Forwarded message ---------- From: J Simoes <> Date: Tue, Dec 29, 2009 at 21:19 Subject: Re: PGP encrypt/GnuPG decrypt problem To: baiju <> As a measure of caution I always encrypt my backups with gnupg using my public key. I have been doing that for ages. New public key every 5 years or so ?(standard options, but a lot of bits in the keys) Once in a while I decrypt a backup archive with the most recent "free version" of PGP. Perhaps 1% of my backups are tested. Never had a problem, I have to give it my private key, off-course, but the programs figure out all the other needed information by itself . Since my archives have CRC into them, and I use it to check the integrity of my files, I am confident that I can recover my backups with PGP only. Just my 0.02 euro Jose Simoes On Wed, Dec 23, 2009 at 05:04, baiju <> wrote: > Hi, > > > > Is it possible to decrypt a message in? PGP if that message is encrypted > from GnuPg and vice versa. > > > > I am a .Net Programmer so I used GnupG to encrypt and decrypt messages in my > program. But My client using PGP for encrypting and Decrypting message. So > my message cannot be decrypted by my client. They also provide a public key > in .asc file . I search a lot .But didn?t get any solution. Please Provide > Solution if you have any idea. > > > > Thanks >