From reynt0 at cs.albany.edu Tue Feb 1 17:00:31 2011 From: reynt0 at cs.albany.edu (reynt0) Date: Tue, 1 Feb 2011 11:00:31 -0500 (EST) Subject: What is the benefit of signing an encrypted email In-Reply-To: <87aaiwrblc.fsf@vigenere.g10code.de> References: <201101181236.59404.mailinglisten@hauke-laging.de> <4D35A442.8020107@sixdemonbag.org> <201101182109.53268@thufir.ingo-kloecker.de> <87aaiwrblc.fsf@vigenere.g10code.de> Message-ID: On Wed, 19 Jan 2011, Werner Koch wrote: > I'd like to see a feature in MUAs to wrap the entire mail as presented > in the composer into a message/rfc822 container and send the actual > message out with the same headers as in the rfc822 container. This > allows to sign the entire mail including the headers. On the receiving > site the MUA should figure out that the signed headers match the actual > ones and visually indicate the message including the header as signed. > This is fully MIME compliant and should not break any MIME aware mailer > (except for those only claiming to support MIME). I am late to speak up on this, but FWIW the basic idea as a standard seems to me useful as a simplification for unsophisticated users. The whole original package can be created signed and presented signed--that is the way simple users want to think about things. Questions about receiving mailer softwares having trouble comparing inner and outer header copies are about an added feature which seems not essential. The user can evaluate those to the extent they want or are able. The basic mental experience of the user is kept simple, with the possibility for the user to practice increased involvement and understanding as their ability/learning/time/etc allow. From dkg at fifthhorseman.net Thu Feb 3 08:28:05 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Thu, 03 Feb 2011 02:28:05 -0500 Subject: learning which symmetric cipher via --status-fd when --decrypting Message-ID: <4D4A5905.1020501@fifthhorseman.net> Hi GnuPG folks-- is there a way to get information about which symmetric cipher was used on an encrypted message when decrypting? for example: < test.pgp gpg --decrypt --batch --status-fd=2 >/dev/null yields: > [GNUPG:] ENC_TO C61BD3EC21484CFF 1 0 > [GNUPG:] USERID_HINT C61BD3EC21484CFF Daniel Kahn Gillmor > [GNUPG:] NEED_PASSPHRASE C61BD3EC21484CFF CCD2ED94D21739E9 1 0 > [GNUPG:] GOOD_PASSPHRASE > gpg: encrypted with 4096-bit RSA key, ID 21484CFF, created 2007-06-02 > "Daniel Kahn Gillmor " > [GNUPG:] BEGIN_DECRYPTION > [GNUPG:] PLAINTEXT 62 1296717746 > [GNUPG:] PLAINTEXT_LENGTH 5 > [GNUPG:] DECRYPTION_OKAY > [GNUPG:] GOODMDC > [GNUPG:] END_DECRYPTION if i add --verbose, i get additional info, but i think that's from the --logger-fd, not --status-fd: > [GNUPG:] ENC_TO C61BD3EC21484CFF 1 0 > gpg: using subkey 21484CFF instead of primary key D21739E9 > [GNUPG:] USERID_HINT C61BD3EC21484CFF Daniel Kahn Gillmor > [GNUPG:] NEED_PASSPHRASE C61BD3EC21484CFF CCD2ED94D21739E9 1 0 > gpg: using subkey 21484CFF instead of primary key D21739E9 > [GNUPG:] GOOD_PASSPHRASE > gpg: encrypted with 4096-bit RSA key, ID 21484CFF, created 2007-06-02 > "Daniel Kahn Gillmor " > [GNUPG:] BEGIN_DECRYPTION > gpg: AES256 encrypted data > gpg: original file name='' > [GNUPG:] PLAINTEXT 62 1296717919 > [GNUPG:] PLAINTEXT_LENGTH 5 > [GNUPG:] DECRYPTION_OKAY > [GNUPG:] GOODMDC > [GNUPG:] END_DECRYPTION is there a way for a program that parses --status-fd to get this information, or does the program need to parse --logger-fd as well to find this out? --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From sascha-ml-reply-to-2011-2 at silbe.org Thu Feb 3 12:38:20 2011 From: sascha-ml-reply-to-2011-2 at silbe.org (Sascha Silbe) Date: Thu, 03 Feb 2011 12:38:20 +0100 Subject: OpenLDAP schema to store OpenPGP keys? In-Reply-To: <20060218211132.GA32475@asteria.noreply.org> References: <43F74D60.8010908@gmx.at> <20060218211132.GA32475@asteria.noreply.org> Message-ID: <1296732316-sup-8044@xo15-sascha.sascha.silbe.org> Excerpts from 's message of Mon Feb 20 10:56:32 +0100 2006: > Walter Haidinger schrieb am Samstag, dem 18. Feber 2006: > > > Now, I'd like to setup an OpenLDAP server to store the OpenPGP keys (for > > use with GnuPG). [...] > > However, I was unable to find any schema definiton... > > http://asteria.noreply.org/~weasel/PGPKeyserverSchema.zip Like Walter, I'd like to add OpenPGP keys to an LDAP server, but can't locate the schema used / understood by GnuPG. The file mentioned above has since gone. Where did the schema come from originally? If the license is GPL compatible, would it be possibly to include it as part of the GnuPG documentation? Sascha -- http://sascha.silbe.org/ http://www.infra-silbe.de/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 494 bytes Desc: not available URL: From gmcclellan at broadmarkasset.com Thu Feb 3 00:29:49 2011 From: gmcclellan at broadmarkasset.com (griffmcc) Date: Wed, 2 Feb 2011 15:29:49 -0800 (PST) Subject: =?UTF-8?Q?Crontab_running_gpg_script_can=E2=80=99t_find_secret_key?= Message-ID: <30831486.post@talk.nabble.com> Although I can encrypt a file using a script, when crontab runs the same script, it returns the error message ?no default secret key: No secret key?. I have one secret key: sananselmo backupscripts.d # gpg --list-secret-keys /root/.gnupg/secring.gpg ------------------------ sec 2048R/AC1E8E28 2011-01-11 uid Griff McClellan (Broadmark Asset Management) ssb 2048R/81E9591C 2011-01-11 Here is my script: gpg -vvv --batch --output /usr/share/tararchive/file.gpg --encrypt ?sign /usr/share/tararchive/file.tar.bz2 When I run it I am prompted for a password, even though I have the batch flag. However the file.gpg encrypted file is created. When I run the same script as root using crontab, I get: gpg: no default secret key: No secret key Does anyone have any suggestions about how to fix this problem? I tried setting the default-flag in gpg.conf but that didn?t change the outcome. -- View this message in context: http://old.nabble.com/Crontab-running-gpg-script-can%E2%80%99t-find-secret-key-tp30831486p30831486.html Sent from the GnuPG - User mailing list archive at Nabble.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From Dave.Smith at st.com Thu Feb 3 14:31:38 2011 From: Dave.Smith at st.com (David Smith) Date: Thu, 3 Feb 2011 13:31:38 +0000 Subject: Crontab running gpg script =?UTF-8?B?Y2Fu4oCZdCBmaW5kIHNlY3Jl?= =?UTF-8?B?dCBrZXk=?= In-Reply-To: <30831486.post@talk.nabble.com> References: <30831486.post@talk.nabble.com> Message-ID: <4D4AAE3A.6090902@st.com> griffmcc wrote: > Although I can encrypt a file using a script, when crontab runs the same > script, it returns the error message ?no default secret key: No secret > key?. I have one secret key: > > sananselmo backupscripts.d # gpg --list-secret-keys > /root/.gnupg/secring.gpg > ------------------------ > sec 2048R/AC1E8E28 2011-01-11 > uid Griff McClellan (Broadmark Asset Management) > ssb 2048R/81E9591C 2011-01-11 > > Here is my script: > > gpg -vvv --batch --output /usr/share/tararchive/file.gpg --encrypt ?sign /usr/share/tararchive/file.tar.bz2 > > When I run it I am prompted for a password, even though I have the batch > flag. However the file.gpg encrypted file is created. When I run the > same script as root using crontab, I get: > > gpg: no default secret key: No secret key > > Does anyone have any suggestions about how to fix this problem? I tried > setting the default-flag in gpg.conf but that didn?t change the outcome. Which user ID is the cron script running under? Is that user the same one that owns the key? From peter at palfrader.org Thu Feb 3 13:12:24 2011 From: peter at palfrader.org (Peter Palfrader) Date: Thu, 3 Feb 2011 13:12:24 +0100 Subject: OpenLDAP schema to store OpenPGP keys? In-Reply-To: <1296732316-sup-8044@xo15-sascha.sascha.silbe.org> References: <43F74D60.8010908@gmx.at> <20060218211132.GA32475@asteria.noreply.org> <1296732316-sup-8044@xo15-sascha.sascha.silbe.org> Message-ID: <20110203121224.GY11786@anguilla.noreply.org> On Thu, 03 Feb 2011, Sascha Silbe wrote: > Excerpts from 's message of Mon Feb 20 10:56:32 +0100 2006: > > Walter Haidinger schrieb am Samstag, dem 18. Feber 2006: > > > > > Now, I'd like to setup an OpenLDAP server to store the OpenPGP keys (for > > > use with GnuPG). [...] > > > However, I was unable to find any schema definiton... > > > > http://asteria.noreply.org/~weasel/PGPKeyserverSchema.zip > > Like Walter, I'd like to add OpenPGP keys to an LDAP server, but can't > locate the schema used / understood by GnuPG. The file mentioned above > has since gone. > > Where did the schema come from originally? If the license is GPL > compatible, would it be possibly to include it as part of the GnuPG > documentation? It came from PGP Corporation in 2003, licensed BSD style. I've dug through my old mail and restored the file at http://www.palfrader.org/pgp/PGPKeyserverSchema.zip Cheers, -- | .''`. ** Debian GNU/Linux ** Peter Palfrader | : :' : The universal http://www.palfrader.org/ | `. `' Operating System | `- http://www.debian.org/ From alphazo at gmail.com Thu Feb 3 15:38:12 2011 From: alphazo at gmail.com (Alphazo) Date: Thu, 3 Feb 2011 15:38:12 +0100 Subject: Add/remove recipient without re-encrypting Message-ID: Is it possible to add or remove a recipient to an already encrypted file and thus without re-encrypting the whole file? >From what I understand GnuPG encrypts the payload (my binary file) with a symmetric session key. Then it stores each recipient key ID (optional) as well as an encrypted version of the session key using the public key of the recipient (asymmetric encryption). Assuming I own the private key of one the original recipient, could GnuPG decrypt the session key and add/remove new recipients to the existing file? Thanks Alphazo -------------- next part -------------- An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Thu Feb 3 15:56:28 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 03 Feb 2011 09:56:28 -0500 Subject: Add/remove recipient without re-encrypting In-Reply-To: References: Message-ID: <4D4AC21C.30203@sixdemonbag.org> On 2/3/11 9:38 AM, Alphazo wrote: > Is it possible to add or remove a recipient to an already encrypted file > and thus without re-encrypting the whole file? Technically, yes, although you would need to write the tool yourself. > Assuming I own the private key of one the original recipient, could > GnuPG decrypt the session key and add/remove new recipients to > the existing file? GnuPG does not have this functionality. From dshaw at jabberwocky.com Thu Feb 3 16:02:56 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 3 Feb 2011 10:02:56 -0500 Subject: Add/remove recipient without re-encrypting In-Reply-To: References: Message-ID: <6ADD104E-8924-4B08-A03A-8DD48BDA9F9F@jabberwocky.com> On Feb 3, 2011, at 9:38 AM, Alphazo wrote: > Is it possible to add or remove a recipient to an already encrypted file and thus without re-encrypting the whole file? > > From what I understand GnuPG encrypts the payload (my binary file) with a symmetric session key. Then it stores each recipient key ID (optional) as well as an encrypted version of the session key using the public key of the recipient (asymmetric encryption). You understand correctly. > Assuming I own the private key of one the original recipient, could GnuPG decrypt the session key and add/remove new recipients to the existing file? This is technically possible, but GnuPG doesn't have it as a feature. You could use the 'gpgsplit' tool that comes with GnuPG to *remove* recipients by splitting the file into its packets, deleting the packet for the recipient you want to get rid of, and then using cat to put the packets together. Adding new recipients is more difficult, though you could probably hack it into GnuPG if you really wanted it. David From mailinglisten at hauke-laging.de Thu Feb 3 16:07:50 2011 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Thu, 3 Feb 2011 16:07:50 +0100 Subject: Add/remove recipient without re-encrypting In-Reply-To: References: Message-ID: <201102031608.00321.mailinglisten@hauke-laging.de> Am Donnerstag 03 Februar 2011 15:38:12 schrieb Alphazo: > Is it possible to add or remove a recipient to an already encrypted file > and thus without re-encrypting the whole file? Not an answer but a proposal: I have read this question several times on this list. I know that this is possible today but complicated (and AFAIK not part of the gpg documentation). I prefer an easy solution within gpg. Thus I suggest the feature that recipient packets can be stored in a seperate file. Thus only a small file has to be changed (extended or partially erased). A solution with better compatibility would be: The session key of the content file is the encrypted content of the recipients file. Thus implementations with a feature like --override-session-key can still access the content file (with some manual assistance) if they don't support such an extension file. That could look like this: gpg --encrypt --recipient 11111111 --recipient 11111112 file.txt would change to gpg --encrypt --recipient 11111111 --ext-rec-file --recipient 11111112 \ file.txt with all recipients given after --ext-rec-file (or --ext-rec-file=filename) being written to the extension file. If this is not implemented and we stick to "you would need to write the tool yourself" then it might be helpful to add the option to write some dummy recipients (just to have enough space in the file which can be overwritten). Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 555 bytes Desc: This is a digitally signed message part. URL: From nboullis at debian.org Thu Feb 3 16:56:41 2011 From: nboullis at debian.org (Nicolas Boullis) Date: Thu, 3 Feb 2011 16:56:41 +0100 Subject: Add/remove recipient without re-encrypting In-Reply-To: References: Message-ID: <20110203155641.GE3515@tryphon.debian.net> Hello, On Thu, Feb 03, 2011 at 03:38:12PM +0100, Alphazo wrote: > Is it possible to add or remove a recipient to an already encrypted file and > thus without re-encrypting the whole file? > > From what I understand GnuPG encrypts the payload (my binary file) with a > symmetric session key. Then it stores each recipient key ID (optional) as > well as an encrypted version of the session key using the public key of the > recipient (asymmetric encryption). > Assuming I own the private key of one the original recipient, could GnuPG > decrypt the session key and add/remove new recipients to the existing file? For what it's worth, I tried to write such a tool for my own, and annouced it on this list; see http://www.mail-archive.com/gnupg-users at gnupg.org/msg13495.html for the announcement. If you are interrested, I think it would be possible to resurrect this project. Cheers, -- Nicolas Boullis From xray316 at hotmail.com Thu Feb 3 18:34:33 2011 From: xray316 at hotmail.com (Keith Theman) Date: Thu, 3 Feb 2011 12:34:33 -0500 Subject: Is commerical PGP.com compatible with Gnupg ??? Message-ID: Hello, Is the pgp from pgp.com compatible with gnupg ?? Is gnupg FIPS 140-2 compliant? Dave -------------- next part -------------- An HTML attachment was scrubbed... URL: From sharma.umesh1977 at gmail.com Thu Feb 3 18:52:33 2011 From: sharma.umesh1977 at gmail.com (hare krishna) Date: Thu, 3 Feb 2011 09:52:33 -0800 Subject: GPG Decrypt Messages Message-ID: Hi, Can some please help me how to avoid these messages whenever the gpg files is decrypted. Here are the messages gpg: Signature made Wed Feb 02 14:26:25 2011 PST using DSA key ID BD6608B2 gpg: Good signature from "umesh (GPG encryptionl) " It is printing in logs everytime. Please advice what should i use to avoid them. Here is the command i am using: gpg -q -d abc.gpg Thanks, Umesh -------------- next part -------------- An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Thu Feb 3 20:21:13 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 03 Feb 2011 14:21:13 -0500 Subject: Is commerical PGP.com compatible with Gnupg ??? In-Reply-To: References: Message-ID: <4D4B0029.3060608@sixdemonbag.org> On 2/3/11 12:34 PM, Keith Theman wrote: > Is the pgp from pgp.com compatible with gnupg ?? Generally, yes. PGP holds a patent on the Additional Decryption Key functionality (which GnuPG developers have said will not be implemented in GnuPG, even if it weren't patented), though, so that's an example of one of the minor incompatibilities between the two. > Is gnupg FIPS 140-2 compliant? I am unaware of any certified laboratory which has declared GnuPG conformant to any FIPS. From wk at gnupg.org Thu Feb 3 21:01:59 2011 From: wk at gnupg.org (Werner Koch) Date: Thu, 03 Feb 2011 21:01:59 +0100 Subject: learning which symmetric cipher via --status-fd when --decrypting In-Reply-To: <4D4A5905.1020501@fifthhorseman.net> (Daniel Kahn Gillmor's message of "Thu, 03 Feb 2011 02:28:05 -0500") References: <4D4A5905.1020501@fifthhorseman.net> Message-ID: <87tygkj39k.fsf@vigenere.g10code.de> On Thu, 3 Feb 2011 08:28, dkg at fifthhorseman.net said: > is there a way for a program that parses --status-fd to get this Not yet. > information, or does the program need to parse --logger-fd as well to better don't do that; the messages may change. What about this new feature: DECRYPTION_INFO Print information about the symmetric encryption algorithm and the MDC method. This will be emitted even if the decryption fails. $ ~/b/gnupg/g10/gpg2 --status-fd 2 " [GNUPG:] BEGIN_DECRYPTION [GNUPG:] DECRYPTION_INFO 2 7 [GNUPG:] PLAINTEXT 62 1296751201 [GNUPG:] PLAINTEXT_LENGTH 139 The difference between the right word and the almost right word is the difference between lightning and the lightning bug. -- Mark Twain gpg: Signature made Thu Feb 3 17:40:01 2011 CET using ECDSA key ID 6AE8EAC3 [GNUPG:] SIG_ID Fh+ZrREGtHN97DZR1dRxaRCohdo 2011-02-03 1296751201 [GNUPG:] GOODSIG 9A7AE1B86AE8EAC3 Joe Random Hacker (test key with... gpg: Good signature from "Joe Random Hacker (test key with passphrase... [GNUPG:] VALIDSIG 1C5AD3334C35780012F7D6979A7AE1B86AE8EAC3 2011-02-03 ... [GNUPG:] TRUST_FULLY [GNUPG:] DECRYPTION_OKAY [GNUPG:] GOODMDC [GNUPG:] END_DECRYPTION Commit 5667e33. There is no support in GPGME yet, but I added some framework to support it. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From dkg at fifthhorseman.net Thu Feb 3 21:13:08 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Thu, 03 Feb 2011 15:13:08 -0500 Subject: learning which symmetric cipher via --status-fd when --decrypting In-Reply-To: <87tygkj39k.fsf@vigenere.g10code.de> References: <4D4A5905.1020501@fifthhorseman.net> <87tygkj39k.fsf@vigenere.g10code.de> Message-ID: <4D4B0C54.5090401@fifthhorseman.net> On 02/03/2011 03:01 PM, Werner Koch wrote: > On Thu, 3 Feb 2011 08:28, dkg at fifthhorseman.net said: > >> is there a way for a program that parses --status-fd to get this > > Not yet. > >> information, or does the program need to parse --logger-fd as well to > > better don't do that; the messages may change. What about this new > feature: > > DECRYPTION_INFO > Print information about the symmetric encryption algorithm and > the MDC method. This will be emitted even if the decryption > fails. This looks great. Thanks, Werner! Can we expect this in the 1.x and 2.0.x branches as well? --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From dkg at fifthhorseman.net Thu Feb 3 21:59:57 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Thu, 03 Feb 2011 15:59:57 -0500 Subject: moving user ID Comments to --expert mode Message-ID: <4D4B174D.6020409@fifthhorseman.net> Hi folks-- I'd like to propose that GnuPG only prompt the user for a "Comment" for their User ID under --expert mode. Here's why: * most people just need a simple identity-driven OpenPGP certificate, one that matches their name and e-mail address. * new users see the prompt and think they need to enter something there, without understanding why or what to put there. This leads to people either making a witticism (e.g. "No Comment"), repeating their actual name, redundantly describing their e-mail address (e.g. "gmail address"), or saying something like "this is cool software", which then becomes part of their User ID and goes on the keyservers, associated with them permanently. When keysigning, if i get asked to certify a key with a "comment" like this, i don't know what to say. What am i certifying if i say that this key really belongs to "Joe Schmoe (no comment) " ? "Joe Schmoe " i can understand and certify, but the intervening comment doesn't seem sensible or verifiable. There are indeed some possibly legitimate uses of comments, but many of them would be better handled with notations attached to subkeys or notations attached to particular user IDs. What do other people think? If moving the Comment: prompt to --expert seems to radical, a more conservative proposal would be to change the prompt from: Comment: to: Comment (leave blank unless you are sure you need this and know what you are doing): or: Comment (most people should leave this blank): The example User ID prompt should also be changed (in english) from > You need a user ID to identify your key; the software constructs the user ID > from the Real Name, Comment and Email Address in this form: > "Heinrich Heine (Der Dichter) " to: > Your new key needs a User ID that identifies you; Usually, this takes > the form of your real name followed by your e-mail address: > "Heinrich Heine " Regards, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Thu Feb 3 22:07:40 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 03 Feb 2011 16:07:40 -0500 Subject: moving user ID Comments to --expert mode In-Reply-To: <4D4B174D.6020409@fifthhorseman.net> References: <4D4B174D.6020409@fifthhorseman.net> Message-ID: <4D4B191C.1080409@sixdemonbag.org> On 2/3/11 3:59 PM, Daniel Kahn Gillmor wrote: > * most people just need a simple identity-driven OpenPGP certificate, > one that matches their name and e-mail address. Whenever people talk about what "most users" need, I have to ask to see the user survey that's showing this. History has shown that technically sophisticated users' ideas of what "real users" need tends to not correlate very tightly with what "real users" say they need. > If moving the Comment: prompt to --expert seems to radical, a more > conservative proposal would be to change the prompt from: > > Comment: > > to: > > Comment (leave blank unless you are sure you need this and know what > you are doing): > > or: > > Comment (most people should leave this blank): Terse is beautiful. I think something like Comment (optional): ... would suffice, and would be a modest improvement on the current prompt. From wk at gnupg.org Thu Feb 3 22:19:20 2011 From: wk at gnupg.org (Werner Koch) Date: Thu, 03 Feb 2011 22:19:20 +0100 Subject: learning which symmetric cipher via --status-fd when --decrypting In-Reply-To: <4D4B0C54.5090401@fifthhorseman.net> (Daniel Kahn Gillmor's message of "Thu, 03 Feb 2011 15:13:08 -0500") References: <4D4A5905.1020501@fifthhorseman.net> <87tygkj39k.fsf@vigenere.g10code.de> <4D4B0C54.5090401@fifthhorseman.net> Message-ID: <87aaicizon.fsf@vigenere.g10code.de> On Thu, 3 Feb 2011 21:13, dkg at fifthhorseman.net said: > This looks great. Thanks, Werner! Can we expect this in the 1.x and > 2.0.x branches as well? Hmmm. If you really want that please out it into the tracker; there is a topic keyword "backport". Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From gmcclellan at broadmarkasset.com Thu Feb 3 20:08:34 2011 From: gmcclellan at broadmarkasset.com (griffmcc) Date: Thu, 3 Feb 2011 11:08:34 -0800 (PST) Subject: =?UTF-8?Q?Re:_Crontab_running_gpg_script_can=E2=80=99t_find_secret_key?= In-Reply-To: <4D4AAE3A.6090902@st.com> References: <30831486.post@talk.nabble.com> <4D4AAE3A.6090902@st.com> Message-ID: <30838341.post@talk.nabble.com> The user running the cron job is root and the owner of the key is root. I know this because I added whoami > whoami.txt to the script and the contents of the file were "root". David SMITH-4 wrote: > > griffmcc wrote: >> Although I can encrypt a file using a script, when crontab runs the same >> script, it returns the error message ?no default secret key: No secret >> key?. I have one secret key: >> >> sananselmo backupscripts.d # gpg --list-secret-keys >> /root/.gnupg/secring.gpg >> ------------------------ >> sec 2048R/AC1E8E28 2011-01-11 >> uid Griff McClellan (Broadmark Asset Management) >> ssb 2048R/81E9591C 2011-01-11 >> >> Here is my script: >> >> gpg -vvv --batch --output /usr/share/tararchive/file.gpg --encrypt ?sign >> /usr/share/tararchive/file.tar.bz2 >> >> When I run it I am prompted for a password, even though I have the batch >> flag. However the file.gpg encrypted file is created. When I run the >> same script as root using crontab, I get: >> >> gpg: no default secret key: No secret key >> >> Does anyone have any suggestions about how to fix this problem? I tried >> setting the default-flag in gpg.conf but that didn?t change the outcome. > > Which user ID is the cron script running under? Is that user the same > one that owns the key? > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > -- View this message in context: http://old.nabble.com/Crontab-running-gpg-script-can%E2%80%99t-find-secret-key-tp30831486p30838341.html Sent from the GnuPG - User mailing list archive at Nabble.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gmcclellan at broadmarkasset.com Thu Feb 3 21:45:47 2011 From: gmcclellan at broadmarkasset.com (griffmcc) Date: Thu, 3 Feb 2011 12:45:47 -0800 (PST) Subject: =?UTF-8?Q?Solution:_Crontab_running_gpg?= =?UTF-8?Q?_script_can=E2=80=99t_find_secret_key?= In-Reply-To: <30831486.post@talk.nabble.com> References: <30831486.post@talk.nabble.com> Message-ID: <30839184.post@talk.nabble.com> Here's what works for me: echo 'password' | gpg -vvv --homedir /root/.gnupg --batch --passphrase-fd 0 --output /usr/share/file.gpg --encrypt --sign /usr/share/file.tar.bz2 -- View this message in context: http://old.nabble.com/Crontab-running-gpg-script-can%E2%80%99t-find-secret-key-tp30831486p30839184.html Sent from the GnuPG - User mailing list archive at Nabble.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dkg at fifthhorseman.net Thu Feb 3 22:30:00 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Thu, 03 Feb 2011 16:30:00 -0500 Subject: moving user ID Comments to --expert mode In-Reply-To: <4D4B191C.1080409@sixdemonbag.org> References: <4D4B174D.6020409@fifthhorseman.net> <4D4B191C.1080409@sixdemonbag.org> Message-ID: <4D4B1E58.4050606@fifthhorseman.net> On 02/03/2011 04:07 PM, Robert J. Hansen wrote: > On 2/3/11 3:59 PM, Daniel Kahn Gillmor wrote: >> * most people just need a simple identity-driven OpenPGP certificate, >> one that matches their name and e-mail address. > > Whenever people talk about what "most users" need, I have to ask to see > the user survey that's showing this. History has shown that technically > sophisticated users' ideas of what "real users" need tends to not > correlate very tightly with what "real users" say they need. my "user survey" is from several years of trying to personally help dozens of people of all skill levels learn how to use OpenPGP for secure messaging. Regardless of the intelligence or technical savvy of the people i've personally helped get more comfortable with OpenPGP, i believe all of them have been baffled by the Comment: prompt. If anyone thinks that removing this prompt would be a Bad Thing, I would love to have a clearer explanation of the Comment prompt that i could refer to when i try to de-baffle people in the future. Looking through my keyring, i see many more useless comments (clutter) than i see comments that might possibly be useful. Of the comments in user IDs in my keyring that might possibly be useful, most of them would be better communicated in some other way than as assertions of their personal identity. I invite you to look through the User IDs in your own keyring, from the perspective of a potential certifier, and ask yourself "what does it mean for me to certify these comments?" > Terse is beautiful. Omitting the baffling prompt entirely would be the most terse, which is what i propose. Do you object to that? > I think something like > > Comment (optional): > > ... would suffice, and would be a modest improvement on the current prompt. Yes, that would be an improvement over the current situation. i suspect it will cause a non-negligible proportion of users to use the string "optional" as their comment, but you can't win 'em all :( --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From dkg at fifthhorseman.net Thu Feb 3 22:38:39 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Thu, 03 Feb 2011 16:38:39 -0500 Subject: learning which symmetric cipher via --status-fd when --decrypting In-Reply-To: <87aaicizon.fsf@vigenere.g10code.de> References: <4D4A5905.1020501@fifthhorseman.net> <87tygkj39k.fsf@vigenere.g10code.de> <4D4B0C54.5090401@fifthhorseman.net> <87aaicizon.fsf@vigenere.g10code.de> Message-ID: <4D4B205F.8080105@fifthhorseman.net> On 02/03/2011 04:19 PM, Werner Koch wrote: > On Thu, 3 Feb 2011 21:13, dkg at fifthhorseman.net said: > >> This looks great. Thanks, Werner! Can we expect this in the 1.x and >> 2.0.x branches as well? > > Hmmm. If you really want that please out it into the tracker; there is > a topic keyword "backport". reported, thanks: https://bugs.g10code.com/gnupg/issue1316 Regards, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Thu Feb 3 23:10:58 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 03 Feb 2011 17:10:58 -0500 Subject: moving user ID Comments to --expert mode In-Reply-To: <4D4B1E58.4050606@fifthhorseman.net> References: <4D4B174D.6020409@fifthhorseman.net> <4D4B191C.1080409@sixdemonbag.org> <4D4B1E58.4050606@fifthhorseman.net> Message-ID: <4D4B27F2.10701@sixdemonbag.org> On 2/3/11 4:30 PM, Daniel Kahn Gillmor wrote: > my "user survey" is from several years of trying to personally help > dozens of people of all skill levels learn how to use OpenPGP for secure > messaging. Regardless of the intelligence or technical savvy of the > people i've personally helped get more comfortable with OpenPGP, i > believe all of them have been baffled by the Comment: prompt. I'm in a similar position to you, except this is my twentieth year of helping people with PGP. (I started way back in 1991, when PGP first came out and was distributed friend-to-friend on floppy disks... five and a quarter floppy disks.) I have never seen anyone be baffled by the 'Comment:' prompt. Some people have asked, "What should I type here?", and I usually explain, "nothing, just hit return," and they do. Those who ask what the "Comment" field means generally understand it very quickly. The problem with using anecdotal evidence as opposed to surveys is there's all different kinds of cognitive biases that go on inside the mind of the person relating the anecdote. With surveys, you can go back to the original documents and say, "User #4 said this: what do we think about this user's remarks?" Ultimately, I think arguing from anecdote that "we need to change the comment prompt" is unpersuasive. > If anyone thinks that removing this prompt would be a Bad Thing, I would > love to have a clearer explanation of the Comment prompt that i could > refer to when i try to de-baffle people in the future. "Just like a user ID allows you to tell people your email address and your real name, it also lets you put a note in there in case there's anything else you really want people to know. You can skip this: just hit 'return.'" > I invite you to look through the User IDs in your own keyring, from the > perspective of a potential certifier, and ask yourself "what does it > mean for me to certify these comments?" Zero. Comments don't get certified. All my signature means is I have met this person face to face, have seen two forms of government identification, have confirmed a fingerprint and exchanged an email at that address. There's nothing in my signature policy that addresses comments, nothing at all. > Omitting the baffling prompt entirely would be the most terse, which is > what i propose. Do you object to that? Without a good basis, yes, I do. If you change this prompt you will also break a ton of scripts that expect this prompt. Not only that, but since key generation is a rare occurrence the breakage may occur months or years after the change is made. This isn't something to be done lightly. > Yes, that would be an improvement over the current situation. i suspect > it will cause a non-negligible proportion of users to use the string > "optional" as their comment, but you can't win 'em all :( You can't prevent people from being gratuitously foolish idiots. Some people think they're tremendously clever by doing things like this, and they'll continue to do it no matter how you change the user interface. It is unwise to Fisher-Price the interface in the hopes of preventing fools from being clever. From jrollins at finestructure.net Thu Feb 3 23:22:38 2011 From: jrollins at finestructure.net (Jameson Rollins) Date: Thu, 03 Feb 2011 14:22:38 -0800 Subject: moving user ID Comments to --expert mode In-Reply-To: <4D4B27F2.10701@sixdemonbag.org> References: <4D4B174D.6020409@fifthhorseman.net> <4D4B191C.1080409@sixdemonbag.org> <4D4B1E58.4050606@fifthhorseman.net> <4D4B27F2.10701@sixdemonbag.org> Message-ID: <87bp2skbbl.fsf@servo.finestructure.net> On Thu, 03 Feb 2011 17:10:58 -0500, "Robert J. Hansen" wrote: > On 2/3/11 4:30 PM, Daniel Kahn Gillmor wrote: > > my "user survey" is from several years of trying to personally help > > dozens of people of all skill levels learn how to use OpenPGP for secure > > messaging. Regardless of the intelligence or technical savvy of the > > people i've personally helped get more comfortable with OpenPGP, i > > believe all of them have been baffled by the Comment: prompt. > > I'm in a similar position to you, except this is my twentieth year of > helping people with PGP. (I started way back in 1991, when PGP first > came out and was distributed friend-to-friend on floppy disks... five > and a quarter floppy disks.) > > I have never seen anyone be baffled by the 'Comment:' prompt. Some > people have asked, "What should I type here?", and I usually explain, > "nothing, just hit return," and they do. Those who ask what the > "Comment" field means generally understand it very quickly. I have to agree with Daniel that I have in fact honestly never spoken to anyone who was *not* confused by that field. I can't ever remember seeing a comment field used in any way that made sense to me. > > I invite you to look through the User IDs in your own keyring, from the > > perspective of a potential certifier, and ask yourself "what does it > > mean for me to certify these comments?" > > Zero. Comments don't get certified. All my signature means is I have > met this person face to face, have seen two forms of government > identification, have confirmed a fingerprint and exchanged an email at > that address. There's nothing in my signature policy that addresses > comments, nothing at all. I'm not sure I understand this comment. Certifications are over user IDs. The comments are in the user IDs. By certifying the full user ID you are also certifying the comment. > > Omitting the baffling prompt entirely would be the most terse, which is > > what i propose. Do you object to that? > > Without a good basis, yes, I do. If you change this prompt you will > also break a ton of scripts that expect this prompt. Not only that, but > since key generation is a rare occurrence the breakage may occur months > or years after the change is made. This isn't something to be done lightly. I think this is why his original suggestion was to move it instead to --expert. Moving it to --expert makes a lot of sense to me. jamie. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: not available URL: From dirk.walter at semanticbits.com Thu Feb 3 22:29:41 2011 From: dirk.walter at semanticbits.com (Dirk Walter) Date: Thu, 3 Feb 2011 16:29:41 -0500 Subject: moving user ID Comments to --expert mode In-Reply-To: <4D4B191C.1080409@sixdemonbag.org> References: <4D4B174D.6020409@fifthhorseman.net> <4D4B191C.1080409@sixdemonbag.org> Message-ID: I like the idea of adding the (Optional) to the prompt because I'm a big fan of optional fields being marked as such. This is an simple and elegant fix to an issue. And I'd hesitate to move it to expert since we have been (ab)using the comment field for our keys, then again this is being used by sysadmins who should know what they are doing, so moving it to expert mode shouldn't be too bad... but what should be is not the same as what is. On Thu, Feb 3, 2011 at 4:07 PM, Robert J. Hansen wrote: > On 2/3/11 3:59 PM, Daniel Kahn Gillmor wrote: >> ?* most people just need a simple identity-driven OpenPGP certificate, >> one that matches their name and e-mail address. > > Whenever people talk about what "most users" need, I have to ask to see > the user survey that's showing this. ?History has shown that technically > sophisticated users' ideas of what "real users" need tends to not > correlate very tightly with what "real users" say they need. > >> If moving the Comment: prompt to --expert seems to radical, a more >> conservative proposal would be to change the prompt from: >> >> ?Comment: >> >> to: >> >> ?Comment (leave blank unless you are sure you need this and know what >> you are doing): >> >> or: >> >> ?Comment (most people should leave this blank): > > Terse is beautiful. ?I think something like > > Comment (optional): > > ... would suffice, and would be a modest improvement on the current prompt. > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From kloecker at kde.org Thu Feb 3 23:35:17 2011 From: kloecker at kde.org (Ingo =?iso-8859-15?q?Kl=F6cker?=) Date: Thu, 03 Feb 2011 23:35:17 +0100 Subject: Solution: Crontab running gpg script =?utf-8?q?can=E2=80=99t_find_secret?= key In-Reply-To: <30839184.post@talk.nabble.com> References: <30831486.post@talk.nabble.com> <30839184.post@talk.nabble.com> Message-ID: <201102032335.30703@thufir.ingo-kloecker.de> On Thursday 03 February 2011, griffmcc wrote: > Here's what works for me: > > > echo 'password' | gpg -vvv --homedir /root/.gnupg --batch > --passphrase-fd 0 --output /usr/share/file.gpg --encrypt --sign > /usr/share/file.tar.bz2 I suggest setting the passphrase of the key to an empty passphrase. Using a non-empty passphrase and then putting this "secret" passphrase in the crontab totally defeats the purpose of the passphrase. Moreover, the passphrase will be available to anybody who knows ps. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From gnupg.user at seibercom.net Thu Feb 3 23:36:16 2011 From: gnupg.user at seibercom.net (Jerry) Date: Thu, 3 Feb 2011 17:36:16 -0500 Subject: moving user ID Comments to --expert mode In-Reply-To: <4D4B1E58.4050606@fifthhorseman.net> References: <4D4B174D.6020409@fifthhorseman.net> <4D4B191C.1080409@sixdemonbag.org> <4D4B1E58.4050606@fifthhorseman.net> Message-ID: <20110203173616.07c681e9@scorpio> On Thu, 03 Feb 2011 16:30:00 -0500 Daniel Kahn Gillmor articulated: > On 02/03/2011 04:07 PM, Robert J. Hansen wrote: > > On 2/3/11 3:59 PM, Daniel Kahn Gillmor wrote: > >> * most people just need a simple identity-driven OpenPGP > >> certificate, one that matches their name and e-mail address. > > > > Whenever people talk about what "most users" need, I have to ask to > > see the user survey that's showing this. History has shown that > > technically sophisticated users' ideas of what "real users" need > > tends to not correlate very tightly with what "real users" say they > > need. > > my "user survey" is from several years of trying to personally help > dozens of people of all skill levels learn how to use OpenPGP for > secure messaging. Regardless of the intelligence or technical savvy > of the people i've personally helped get more comfortable with > OpenPGP, i believe all of them have been baffled by the Comment: > prompt. Statistically speaking, a few dozen users is not very meaningful. Furthermore, did you have a test group to compare these results against? In addition, did any one who claimed to be knowledgeable with the concepts of PGP ask you for assistance? Probably not which causes your statistical analyses to be in error. It reminds me of the famous Coke a Cola debacle in the 80's. Their analysis was so flawed that they eventually fired everyone involved in the fiasco, not to mention the fact that they lost millions of dollars. In any case, statistics can be made to represent anything you want them to. If 5% of a group suffers from constipation does that mean the remaining 95% enjoys it? -- Jerry ? GNUPG.user at seibercom.net _____________________________________________________________________ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. Q: What is the difference between Texas and yogurt? A: Yogurt has culture. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: not available URL: From dkg at fifthhorseman.net Thu Feb 3 23:47:02 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Thu, 03 Feb 2011 17:47:02 -0500 Subject: moving user ID Comments to --expert mode In-Reply-To: <87bp2skbbl.fsf@servo.finestructure.net> References: <4D4B174D.6020409@fifthhorseman.net> <4D4B191C.1080409@sixdemonbag.org> <4D4B1E58.4050606@fifthhorseman.net> <4D4B27F2.10701@sixdemonbag.org> <87bp2skbbl.fsf@servo.finestructure.net> Message-ID: <4D4B3066.7060004@fifthhorseman.net> On 02/03/2011 05:22 PM, Jameson Rollins wrote: > On Thu, 03 Feb 2011 17:10:58 -0500, "Robert J. Hansen" wrote: >> Zero. Comments don't get certified. All my signature means is I have >> met this person face to face, have seen two forms of government >> identification, have confirmed a fingerprint and exchanged an email at >> that address. There's nothing in my signature policy that addresses >> comments, nothing at all. > > I'm not sure I understand this comment. Certifications are over user > IDs. The comments are in the user IDs. By certifying the full user ID > you are also certifying the comment. Just to clarify this point: If i meet Robert in person, show him my gov't IDs, my fingerprint, and we exchange e-mails, Robert would probably be fine certifying this User ID: Daniel Kahn Gillmor But i suspect he would not want to certify this User ID: Daniel Kahn Gillmor (I am really Robert Hansen) And he would be right to do avoid certifying it. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Thu Feb 3 23:54:39 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 03 Feb 2011 17:54:39 -0500 Subject: moving user ID Comments to --expert mode In-Reply-To: <4D4B3066.7060004@fifthhorseman.net> References: <4D4B174D.6020409@fifthhorseman.net> <4D4B191C.1080409@sixdemonbag.org> <4D4B1E58.4050606@fifthhorseman.net> <4D4B27F2.10701@sixdemonbag.org> <87bp2skbbl.fsf@servo.finestructure.net> <4D4B3066.7060004@fifthhorseman.net> Message-ID: <4D4B322F.7090903@sixdemonbag.org> On 2/3/11 5:47 PM, Daniel Kahn Gillmor wrote: > Just to clarify this point: This is not a clarification: this is a confusion. > If i meet Robert in person, show him my gov't IDs, my fingerprint, and > we exchange e-mails, Robert would probably be fine certifying this User ID: > > Daniel Kahn Gillmor Yes. And my signature would mean exactly that: I'd seen two forms of government ID, seen you face to face, verified fingerprints, and confirmed your email address works. > But i suspect he would not want to certify this User ID: > > Daniel Kahn Gillmor (I am really Robert Hansen) Correct. Because the presence of my signature means something. The *absence* means *nothing at all*, and you're smart enough to know that. I am under no obligation to make any signatures, and I am free to add whatever conditions I want to it. Maybe I don't want to sign your certificate because you're a redhead, and I've never been able to find it in my heart to ever trust a ginger.[*] Maybe I don't want to sign your certificate because it's a Thursday. Maybe I don't want to sign your certificate because I've just had a bad day and I can't be bothered. Maybe ... If you see a signature from me, you know what it means. If you don't, then you can't draw any inferences whatsoever. Why do you want people to draw inferences from my unwillingness to sign a certificate, when it's plainly obvious there are no inferences to be drawn from that? [*] Quite tongue in cheek, given that I'm a redhead myself. From rjh at sixdemonbag.org Fri Feb 4 00:02:56 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 03 Feb 2011 18:02:56 -0500 Subject: moving user ID Comments to --expert mode In-Reply-To: <4D4B3066.7060004@fifthhorseman.net> References: <4D4B174D.6020409@fifthhorseman.net> <4D4B191C.1080409@sixdemonbag.org> <4D4B1E58.4050606@fifthhorseman.net> <4D4B27F2.10701@sixdemonbag.org> <87bp2skbbl.fsf@servo.finestructure.net> <4D4B3066.7060004@fifthhorseman.net> Message-ID: <4D4B3420.7060008@sixdemonbag.org> On 2/3/11 5:47 PM, Daniel Kahn Gillmor wrote: >> By certifying the full user ID you are also certifying the comment. This is not how either OpenPGP or GnuPG work. Certifiers get to define what their certifications mean. Bang, period, end of sentence. There are *no* certification semantics in OpenPGP: there is only a rich and comprehensive set of syntactic primitives. It's true that, say, a persona-level signature is different syntactically than an I-have-done-extensive-checking signature: but OpenPGP quite wisely says *nothing* about the level of checking which goes into each signature level. If you see a certification and you assume you know what the certifier intends, then you are living in sin. Ask the certifier what for their policy: that's the only way to know. Some people will make certifications willy-nilly ("well, I've traded emails with the guy a few times..."). Some will make certifications only very carefully. Some will make totally unreasonable certifications because they don't know any better, and some will not make reasonable certifications because they have an abundance of paranoia. Unless you ask the certifier, *you do not, and cannot, know*. By certifying the full user ID, I am making a statement that is derived from my own local certification policy. That's all. Nothing else. From jrollins at finestructure.net Fri Feb 4 00:09:42 2011 From: jrollins at finestructure.net (Jameson Rollins) Date: Thu, 03 Feb 2011 15:09:42 -0800 Subject: moving user ID Comments to --expert mode In-Reply-To: <4D4B322F.7090903@sixdemonbag.org> References: <4D4B174D.6020409@fifthhorseman.net> <4D4B191C.1080409@sixdemonbag.org> <4D4B1E58.4050606@fifthhorseman.net> <4D4B27F2.10701@sixdemonbag.org> <87bp2skbbl.fsf@servo.finestructure.net> <4D4B3066.7060004@fifthhorseman.net> <4D4B322F.7090903@sixdemonbag.org> Message-ID: <8739o4k955.fsf@servo.finestructure.net> On Thu, 03 Feb 2011 17:54:39 -0500, "Robert J. Hansen" wrote: > > But i suspect he would not want to certify this User ID: > > > > Daniel Kahn Gillmor (I am really Robert Hansen) > > Correct. Because the presence of my signature means something. The > *absence* means *nothing at all*, and you're smart enough to know that. Just out of curiosity, can you explain why you wouldn't sign dkg's hypothetical user ID? jamie. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: not available URL: From mailinglisten at hauke-laging.de Fri Feb 4 00:16:47 2011 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Fri, 4 Feb 2011 00:16:47 +0100 Subject: moving user ID Comments to --expert mode In-Reply-To: <87bp2skbbl.fsf@servo.finestructure.net> References: <4D4B174D.6020409@fifthhorseman.net> <4D4B27F2.10701@sixdemonbag.org> <87bp2skbbl.fsf@servo.finestructure.net> Message-ID: <201102040016.48282.mailinglisten@hauke-laging.de> Am Donnerstag 03 Februar 2011 23:22:38 schrieb Jameson Rollins: > I think this is why his original suggestion was to move it instead to > --expert. Moving it to --expert makes a lot of sense to me. Perhaps it makes sense to extend the output of --gen-key by a hint like "Additional features are enabled by the option --expert. Have a look at the documentation." This is independent of this discussion, though. It took me several years to notice this option... ;-) Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 555 bytes Desc: This is a digitally signed message part. URL: From dougb at dougbarton.us Fri Feb 4 00:18:45 2011 From: dougb at dougbarton.us (Doug Barton) Date: Thu, 03 Feb 2011 15:18:45 -0800 Subject: moving user ID Comments to --expert mode In-Reply-To: <201102040016.48282.mailinglisten@hauke-laging.de> References: <4D4B174D.6020409@fifthhorseman.net> <4D4B27F2.10701@sixdemonbag.org> <87bp2skbbl.fsf@servo.finestructure.net> <201102040016.48282.mailinglisten@hauke-laging.de> Message-ID: <4D4B37D5.2060001@dougbarton.us> On 02/03/2011 15:16, Hauke Laging wrote: > Am Donnerstag 03 Februar 2011 23:22:38 schrieb Jameson Rollins: > >> I think this is why his original suggestion was to move it instead to >> --expert. Moving it to --expert makes a lot of sense to me. > > Perhaps it makes sense to extend the output of --gen-key by a hint like > "Additional features are enabled by the option --expert. Have a look at the > documentation." > > This is independent of this discussion, though. It took me several years to > notice this option... ;-) That's part of the test. Congratulations on your passing grade. :) -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ From dougb at dougbarton.us Fri Feb 4 00:22:54 2011 From: dougb at dougbarton.us (Doug Barton) Date: Thu, 03 Feb 2011 15:22:54 -0800 Subject: moving user ID Comments to --expert mode In-Reply-To: <87bp2skbbl.fsf@servo.finestructure.net> References: <4D4B174D.6020409@fifthhorseman.net> <4D4B191C.1080409@sixdemonbag.org> <4D4B1E58.4050606@fifthhorseman.net> <4D4B27F2.10701@sixdemonbag.org> <87bp2skbbl.fsf@servo.finestructure.net> Message-ID: <4D4B38CE.7080603@dougbarton.us> On 02/03/2011 14:22, Jameson Rollins wrote: > I have to agree with Daniel that I have in fact honestly never spoken to > anyone who was*not* confused by that field. I can't ever remember > seeing a comment field used in any way that made sense to me. I'm as pedantic as the next geeky dev, but I agree with this, and believe that arguing from example is perfectly valid in this case. FWIW I would love to see the comment field moved to expert mode since it rather clearly qualifies under the "If you don't already know that you need this, you don't need this" category that --expert is designed to protect the casual user from. I think (Optional) would be an Ok compromise if that's what the gnupg devs think is right, although something closer to (You probably don't want to type anything here, no, really, don't do it) would be better. :) Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ From dshaw at jabberwocky.com Fri Feb 4 00:30:23 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 3 Feb 2011 18:30:23 -0500 Subject: moving user ID Comments to --expert mode In-Reply-To: <4D4B27F2.10701@sixdemonbag.org> References: <4D4B174D.6020409@fifthhorseman.net> <4D4B191C.1080409@sixdemonbag.org> <4D4B1E58.4050606@fifthhorseman.net> <4D4B27F2.10701@sixdemonbag.org> Message-ID: <2BB92451-BFE7-41CE-8A66-455EBEA565D3@jabberwocky.com> On Feb 3, 2011, at 5:10 PM, Robert J. Hansen wrote: >> I invite you to look through the User IDs in your own keyring, from the >> perspective of a potential certifier, and ask yourself "what does it >> mean for me to certify these comments?" > > Zero. Comments don't get certified. All my signature means is I have > met this person face to face, have seen two forms of government > identification, have confirmed a fingerprint and exchanged an email at > that address. There's nothing in my signature policy that addresses > comments, nothing at all. I'm afraid I'm not parsing your point here. Comments are part of the user ID field. When you make a certification, they are included in the hash. You can't sign part of a user ID. Are you saying that you don't sign things with comments? ("Comments don't get certified"). Or are you arguing the *meaning* of the certification (you may or may not sign the user ID, but if you did sign it, the comment part should be considered null and void in terms of your particular certification)? Or something else? >> Omitting the baffling prompt entirely would be the most terse, which is >> what i propose. Do you object to that? > > Without a good basis, yes, I do. If you change this prompt you will > also break a ton of scripts that expect this prompt. Not only that, but > since key generation is a rare occurrence the breakage may occur months > or years after the change is made. This isn't something to be done lightly. I suppose I don't really have particularly strong feelings about whether "comment" is put under --expert or not, but either way this argument is not a good one. We have made many changes to the keygen prompts over time, and no doubt will continue to do so in the future. The only scriptable interface for key generation in GPG is --batch --key-gen, and it is documented as such. David From rjh at sixdemonbag.org Fri Feb 4 00:32:45 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 03 Feb 2011 18:32:45 -0500 Subject: moving user ID Comments to --expert mode In-Reply-To: <2BB92451-BFE7-41CE-8A66-455EBEA565D3@jabberwocky.com> References: <4D4B174D.6020409@fifthhorseman.net> <4D4B191C.1080409@sixdemonbag.org> <4D4B1E58.4050606@fifthhorseman.net> <4D4B27F2.10701@sixdemonbag.org> <2BB92451-BFE7-41CE-8A66-455EBEA565D3@jabberwocky.com> Message-ID: <4D4B3B1D.8080106@sixdemonbag.org> On 2/3/11 6:30 PM, David Shaw wrote: > Or are you arguing the *meaning* of the certification (you may or may > not sign the user ID, but if you did sign it, the comment part should > be considered null and void in terms of your particular > certification)? This. I may agree with the comment, I may disagree with it, but either way I am not vouching for it. From vedaal at nym.hush.com Fri Feb 4 01:13:09 2011 From: vedaal at nym.hush.com (vedaal at nym.hush.com) Date: Thu, 03 Feb 2011 19:13:09 -0500 Subject: learning which symmetric cipher via --status-fd when decrypting Message-ID: <20110204001309.6123A10E2B0@smtp.hushmail.com> >Message: 8 >Date: Thu, 03 Feb 2011 02:28:05 -0500 >From: Daniel Kahn Gillmor >is there a way to get information about which symmetric cipher was >used on an encrypted message when decrypting? There may be other direct ways, but a simple unexpected way, is to use the option of --show-session-key. Upon decryption, GnuPG shows the number of the symmetric algorithm, followed by a colon, followed by the session key string (i.e, '2:' indicates that 3DES is the symmetric cipher used). vedaal From rjh at sixdemonbag.org Fri Feb 4 01:40:04 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 03 Feb 2011 19:40:04 -0500 Subject: moving user ID Comments to --expert mode In-Reply-To: <8739o4k955.fsf@servo.finestructure.net> References: <4D4B174D.6020409@fifthhorseman.net> <4D4B191C.1080409@sixdemonbag.org> <4D4B1E58.4050606@fifthhorseman.net> <4D4B27F2.10701@sixdemonbag.org> <87bp2skbbl.fsf@servo.finestructure.net> <4D4B3066.7060004@fifthhorseman.net> <4D4B322F.7090903@sixdemonbag.org> <8739o4k955.fsf@servo.finestructure.net> Message-ID: <4D4B4AE4.5040907@sixdemonbag.org> On 2/3/11 6:09 PM, Jameson Rollins wrote: > Just out of curiosity, can you explain why you wouldn't sign dkg's > hypothetical user ID? Because with a comment like that, my impression would be that he was aiming to deliberately yank my chain: and why should I put up with that? To use that as an example, and to simultaneously lose sight of the "you know, I'm kind of being a jerk here, and why should do me a favor by making a certification if I'm being a jerk to him?" factor, is to reduce humanity to automation. It implicitly says, "you must do this, because to be otherwise is illogical." I demand logic in technical matters. In social matters, I embrace my humanity, which is to say my right to be inconsistent. I heartily recommend this course of living to everyone. From mjgoins at openflows.com Thu Feb 3 23:32:47 2011 From: mjgoins at openflows.com (Matthew James Goins) Date: Thu, 3 Feb 2011 17:32:47 -0500 Subject: moving user ID Comments to --expert mode In-Reply-To: <4D4B191C.1080409@sixdemonbag.org> References: <4D4B174D.6020409@fifthhorseman.net> <4D4B191C.1080409@sixdemonbag.org> Message-ID: <20110203223247.GA29994@burden.brokenja.ws> On Thu, Feb 03, 2011 at 04:07:40PM -0500, Robert J. Hansen wrote: > Whenever people talk about what "most users" need, I have to ask to see > the user survey that's showing this. I don't think it matters what the real numbers are. We've all seen user ids with utterly unhelpful comments, and it stands to reason that some fraction of them were put in place because novice users felt obligated to include a comment. The first time I used gnupg this is exactly what I did, as evident in my old keys on the keyservers. Personally I've never seen a comment that helped me identify the owner of a key in a meaningful way. So since it occasionally causes silliness, and rarely or never to my knowledge helps, I would go so far as to say that use of comments should be strongly discouraged. --mjgoins -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From rjh at sixdemonbag.org Fri Feb 4 02:10:51 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 03 Feb 2011 20:10:51 -0500 Subject: moving user ID Comments to --expert mode In-Reply-To: <20110203223247.GA29994@burden.brokenja.ws> References: <4D4B174D.6020409@fifthhorseman.net> <4D4B191C.1080409@sixdemonbag.org> <20110203223247.GA29994@burden.brokenja.ws> Message-ID: <4D4B521B.2080204@sixdemonbag.org> On 2/3/11 5:32 PM, Matthew James Goins wrote: > Personally I've never seen a comment that helped me identify the owner > of a key in a meaningful way. The problem with anecdote is everyone's anecdote is different. As a ham radio operator (KC0SJE), I have a fair number of keys that have comments of "Amateur radio: KC0SJE". (A former cert of mine had "Amateur Radio" tagged on my kc0sje at my.domain address, for instance.) And yes, I do find it helpful to have someone's ham call on their key: when I'm sending a contact report to someone, it's nice to be able to grep through my keyring looking for their call sign and get the email address it should go to. The user community is huge. Just because you don't see it doesn't mean other people don't use it. From dougb at dougbarton.us Fri Feb 4 02:17:14 2011 From: dougb at dougbarton.us (Doug Barton) Date: Thu, 03 Feb 2011 17:17:14 -0800 Subject: moving user ID Comments to --expert mode In-Reply-To: <4D4B521B.2080204@sixdemonbag.org> References: <4D4B174D.6020409@fifthhorseman.net> <4D4B191C.1080409@sixdemonbag.org> <20110203223247.GA29994@burden.brokenja.ws> <4D4B521B.2080204@sixdemonbag.org> Message-ID: <4D4B539A.8080409@dougbarton.us> On 02/03/2011 17:10, Robert J. Hansen wrote: > On 2/3/11 5:32 PM, Matthew James Goins wrote: >> Personally I've never seen a comment that helped me identify the owner >> of a key in a meaningful way. > > The problem with anecdote is everyone's anecdote is different. As a ham > radio operator (KC0SJE), I have a fair number of keys that have comments > of "Amateur radio: KC0SJE". So, you're saying that hams are not smart enough to figure out how to use expert mode if they really want this functionality? :) Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ From rjh at sixdemonbag.org Fri Feb 4 02:23:20 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 03 Feb 2011 20:23:20 -0500 Subject: moving user ID Comments to --expert mode In-Reply-To: <4D4B539A.8080409@dougbarton.us> References: <4D4B174D.6020409@fifthhorseman.net> <4D4B191C.1080409@sixdemonbag.org> <20110203223247.GA29994@burden.brokenja.ws> <4D4B521B.2080204@sixdemonbag.org> <4D4B539A.8080409@dougbarton.us> Message-ID: <4D4B5508.7080909@sixdemonbag.org> On 2/3/11 8:17 PM, Doug Barton wrote: > So, you're saying that hams are not smart enough to figure out how to > use expert mode if they really want this functionality? :) You're moving the goalposts. That was responding to someone who denied the usefulness of comments at all. If I'm establishing there are communities who use comments, and these communities often exist under the radar of list members, then it's disingenuous to say "but they can just use expert mode." Whether it should be in normal mode or expert mode is a completely different question from whether there exist a significant number of users who find the comment field useful. As long as we're moving things into expert mode, I'd like to see all non-default options moved into expert mode, including key lengths. I've never seen anyone outside of the intelligence community who had a need for a 4096-bit key: why do we support generating them? I've seen people screw up expiration dates more often than I've seen them use expiration dates as part of a sane, rational security policy: why is this option part of the default, why isn't setting an expiration date reserved for expert users? Etc., etc. If you open up the "well, I think it ought to be in expert mode," there are a lot of other things that ought to be moved over there first. From dougb at dougbarton.us Fri Feb 4 02:36:57 2011 From: dougb at dougbarton.us (Doug Barton) Date: Thu, 03 Feb 2011 17:36:57 -0800 Subject: moving user ID Comments to --expert mode In-Reply-To: <4D4B5508.7080909@sixdemonbag.org> References: <4D4B174D.6020409@fifthhorseman.net> <4D4B191C.1080409@sixdemonbag.org> <20110203223247.GA29994@burden.brokenja.ws> <4D4B521B.2080204@sixdemonbag.org> <4D4B539A.8080409@dougbarton.us> <4D4B5508.7080909@sixdemonbag.org> Message-ID: <4D4B5839.9060800@dougbarton.us> On 02/03/2011 17:23, Robert J. Hansen wrote: > On 2/3/11 8:17 PM, Doug Barton wrote: >> So, you're saying that hams are not smart enough to figure out how to >> use expert mode if they really want this functionality? :) > > You're moving the goalposts. That was responding to someone who denied > the usefulness of comments at all. If I'm establishing there are > communities who use comments, and these communities often exist under > the radar of list members, I don't disagree with anything above, but > then it's disingenuous to say "but they can just use expert mode." Why? Restating my argument in a more serious fashion: 1. There are very few people who usefully benefit from comments 2. Most novice users who add a comment do so badly 3. Therefore moving the option to expert mode is a win for the community. > Whether it should be in normal mode or expert mode is a completely > different question from whether there exist a significant number of > users who find the comment field useful. I actually disagree with this as stated, although I will grant you that point 2 above is included in the overall issue. :) > As long as we're moving things into expert mode, I'd like to see all > non-default options moved into expert mode, including key lengths. I've > never seen anyone outside of the intelligence community who had a need > for a 4096-bit key: why do we support generating them? I've seen people > screw up expiration dates more often than I've seen them use expiration > dates as part of a sane, rational security policy: why is this option > part of the default, why isn't setting an expiration date reserved for > expert users? Etc., etc. That all sounds good to me. Doug (seriously) -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ From rjh at sixdemonbag.org Fri Feb 4 02:52:40 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 03 Feb 2011 20:52:40 -0500 Subject: moving user ID Comments to --expert mode In-Reply-To: <4D4B5839.9060800@dougbarton.us> References: <4D4B174D.6020409@fifthhorseman.net> <4D4B191C.1080409@sixdemonbag.org> <20110203223247.GA29994@burden.brokenja.ws> <4D4B521B.2080204@sixdemonbag.org> <4D4B539A.8080409@dougbarton.us> <4D4B5508.7080909@sixdemonbag.org> <4D4B5839.9060800@dougbarton.us> Message-ID: <4D4B5BE8.5090207@sixdemonbag.org> On 2/3/11 8:36 PM, Doug Barton wrote: >> then it's disingenuous to say "but they can just use expert mode." > > Why? Because it does not recognize the validity of a well-answered question. When a question is asked and answered, it is good form to recognize the answer, rather than say "... well, but!...". Moving the goalposts, in addition to being a logical fallacy, tends to persuade people that you're not really interested in the answer. ... E.g., "Lee Harvey Oswald didn't kill Jack Kennedy! The shots weren't fired from the Texas Book Depository." Well, in point of fact, his co-workers saw him going up to the floor where he fired from, and a lifelong hunter co-worker of his was exactly one floor below and heard the gunshots, the shooter working the bolt of the rifle, and the brass ejecting on the floor. "But there's no way any human being could fire those shots that quickly and accurately! That's the work of a military sniper, not a deranged gunman! Oswald couldn't have been the shooter!" Well, now you're moving the goalposts: but, while we're talking about it, the Warren Commission was able to find an Army specialist[*] who was able to not only fire faster than that, but with better accuracy. "But what about the grassy knoll and the fourth gunshot?!" ... Listen, you're not really interested in having a discussion about this, are you? For every claim of yours that gets refuted, you just move the goalposts somewhere else. I'm done talking: it doesn't matter what answer I give, you're going to keep subscribing to these ridiculous and refuted conspiracy theories. [*] Non-Americans: 'specialist' is a rank in the United States Army, just barely above a raw recruit. Instead of being a "specialist shooter," as you might think from the phrase "Army specialist," it really means, "the Warren Commission found a young soldier who was barely able to tie his own shoes without a sergeant's help, and even *he* was able to do a better job than Oswald." From faramir.cl at gmail.com Fri Feb 4 03:35:07 2011 From: faramir.cl at gmail.com (Faramir) Date: Thu, 03 Feb 2011 23:35:07 -0300 Subject: moving user ID Comments to --expert mode In-Reply-To: <4D4B174D.6020409@fifthhorseman.net> References: <4D4B174D.6020409@fifthhorseman.net> Message-ID: <4D4B65DB.3020705@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 03-02-2011 17:59, Daniel Kahn Gillmor escribi?: ... > When keysigning, if i get asked to certify a key with a "comment" like > this, i don't know what to say. What am i certifying if i say that this > key really belongs to "Joe Schmoe (no comment) " ? "Joe > Schmoe " i can understand and certify, but the > intervening comment doesn't seem sensible or verifiable. Well, but a comment is just a comment... you don't have to verify them... > There are indeed some possibly legitimate uses of comments, but many of > them would be better handled with notations attached to subkeys or > notations attached to particular user IDs. I don't know how to attach notations to subkeys, but probably in that case they would remain unread. People check UIDs, but how often do we check subkeys? When you create the key, you need to create the first UID, so the comment is already attached to a particular user ID. Later you can make another UID, make it the main UID, revoke the old one, etc. > What do other people think? I don't see the problem. Comments may be useful, or may remain empty, or may include something not useful... but it's just a comment. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJNS2XbAAoJEMV4f6PvczxAJX8H/1Di94xPmVLSIgRpS43ft52f J3YHv6GqQ/35br7nOXKEqwnfRxsnLE6bsNlCW62cu92Lubx8yUaUKK29ho2X5r7A fCLLZ6GssZ1g1hOPM67hoVgm905NjqPaNQsofMt25gFTnM7AkaZZFsWLrd4+Mlqa ygqSyp1lojht+6Jg+mx5romZTScVLdsiWnqfWhJ7bp/N2Hr2+EENi4RU1I/MKY+F aH88gnuCa0F9yHCPpLjEBxKI8Ij0xe9XduBIVGUqu6crQrL897y+OrNaoxvJ3C9f vOtdwNmUVK7MRhy7LDIsKGuAA8ZFw07V0C9vTmXGgisXy89YE4gWo+QEPFJCVXI= =bUo8 -----END PGP SIGNATURE----- From faramir.cl at gmail.com Fri Feb 4 05:54:32 2011 From: faramir.cl at gmail.com (Faramir) Date: Fri, 04 Feb 2011 01:54:32 -0300 Subject: moving user ID Comments to --expert mode In-Reply-To: <4D4B539A.8080409@dougbarton.us> References: <4D4B174D.6020409@fifthhorseman.net> <4D4B191C.1080409@sixdemonbag.org> <20110203223247.GA29994@burden.brokenja.ws> <4D4B521B.2080204@sixdemonbag.org> <4D4B539A.8080409@dougbarton.us> Message-ID: <4D4B8688.7010804@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 03-02-2011 22:17, Doug Barton escribi?: > On 02/03/2011 17:10, Robert J. Hansen wrote: ... >> The problem with anecdote is everyone's anecdote is different. As a ham >> radio operator (KC0SJE), I have a fair number of keys that have comments >> of "Amateur radio: KC0SJE". > > So, you're saying that hams are not smart enough to figure out how to > use expert mode if they really want this functionality? :) Guys, it is just a comment field, is it so hard to ignore comments that are meaningless to you? Maybe they have some meaning to someone else. Personally, I'm tired of saying "ok, where did they put that thing I used to use, and that was so easy to find in the previous version?". Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJNS4aIAAoJEMV4f6PvczxAb7IH/iNa8WB2hGBokex3HPbmihXc cEx0hSmeXKgkGbD7lVi7V9CBy6FCdYcTqTQCs3i5SIPCabBbEai/yzbg9Smgf5Nc ZbhDxb7sFimKAXrzi0+VZO9x4IlpNHZYUWvJya1xr085XKnIrBl0FUMGXqVV7MeM PRUUlFeKa2MvK3nOLlK9KeMJb3C0t/A0KRwxl7997q7d9INATAz9ZrDd2U5Bync9 aSwx74ZvGvaVnEMUK0E3Y8EwLUIb0CqDUPPtN1Y3mndxBuksGN1BDtDQmHfRjIQl l53WKG9cq2k4TzxXJ4U/OTPRTPG3pFsNAgDkpBp6Kh2cwW+qvxPLd2sQubhh0s4= =tS8D -----END PGP SIGNATURE----- From wk at gnupg.org Fri Feb 4 07:12:34 2011 From: wk at gnupg.org (Werner Koch) Date: Fri, 04 Feb 2011 07:12:34 +0100 Subject: moving user ID Comments to --expert mode In-Reply-To: <4D4B174D.6020409@fifthhorseman.net> (Daniel Kahn Gillmor's message of "Thu, 03 Feb 2011 15:59:57 -0500") References: <4D4B174D.6020409@fifthhorseman.net> Message-ID: <87mxmcgwfh.fsf@vigenere.g10code.de> On Thu, 3 Feb 2011 21:59, dkg at fifthhorseman.net said: > * new users see the prompt and think they need to enter something > there, without understanding why or what to put there. This leads to > people either making a witticism (e.g. "No Comment"), repeating their I have only seen a few of these comments; thus I don't think it is a real problem. I use the comment failed mainly to indicate a test key and I have seen other sensible usages as well. Many might nor know that there is a help feature for every input field: GnuPG needs to construct a user ID to identify your key. Real name: ddddd Email address: dddd at dddd Comment: ? Please enter an optional comment. The characters "(" and ")" are not allowed. In general there is no need for a comment. Comment: but many more users are using a GUI for key generation and thus it is up to the GUI to preset the comment field. For example GPA uses in non-advanced mode a wizard dialog for key generation and that one does not ask for comment. I don't have any strong feelings about this, however, here is my own proposal: GnuPG needs to construct a user ID to identify your key. Real name: ddddd Email address: dddd at dddd You selected this USER-ID: "ddddd " Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? c Comment: test key You selected this USER-ID: "ddddd (test key) " Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? q No expert option and no translation changes required, just one more key stroke to enter a comment. The drawback is as with the --expert option: we will receive bug reports like "I can't enter a comment anymore" ;-). Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From dougb at dougbarton.us Fri Feb 4 08:16:30 2011 From: dougb at dougbarton.us (Doug Barton) Date: Thu, 03 Feb 2011 23:16:30 -0800 Subject: moving user ID Comments to --expert mode In-Reply-To: <4D4B5BE8.5090207@sixdemonbag.org> References: <4D4B174D.6020409@fifthhorseman.net> <4D4B191C.1080409@sixdemonbag.org> <20110203223247.GA29994@burden.brokenja.ws> <4D4B521B.2080204@sixdemonbag.org> <4D4B539A.8080409@dougbarton.us> <4D4B5508.7080909@sixdemonbag.org> <4D4B5839.9060800@dougbarton.us> <4D4B5BE8.5090207@sixdemonbag.org> Message-ID: <4D4BA7CE.8080108@dougbarton.us> On 02/03/2011 17:52, Robert J. Hansen wrote: > On 2/3/11 8:36 PM, Doug Barton wrote: >>> >> then it's disingenuous to say "but they can just use expert mode." >> > >> > Why? > Because it does not recognize the validity of a well-answered question. I recognized it, but I don't think the answer is as central to the question of moving comments to expert mode as you do. Daniel's argument boils down to "almost everyone who uses a comment doesn't need to, and most of the ones who do use them poorly." Your counter argument boils down to, "yeah, but here is a group of people who use comments well." I gave a tongue-in-cheek response, but the kernel of it was (IMO) pertinent. Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ From rjh at sixdemonbag.org Fri Feb 4 08:35:33 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 04 Feb 2011 02:35:33 -0500 Subject: moving user ID Comments to --expert mode In-Reply-To: <4D4BA7CE.8080108@dougbarton.us> References: <4D4B174D.6020409@fifthhorseman.net> <4D4B191C.1080409@sixdemonbag.org> <20110203223247.GA29994@burden.brokenja.ws> <4D4B521B.2080204@sixdemonbag.org> <4D4B539A.8080409@dougbarton.us> <4D4B5508.7080909@sixdemonbag.org> <4D4B5839.9060800@dougbarton.us> <4D4B5BE8.5090207@sixdemonbag.org> <4D4BA7CE.8080108@dougbarton.us> Message-ID: <4D4BAC45.909@sixdemonbag.org> On 2/4/11 2:16 AM, Doug Barton wrote: > I recognized it, but I don't think the answer is as central to the > question of moving comments to expert mode as you do. Daniel's argument > boils down... I wasn't responding to Daniel. I was responding to Matt Goins, as was shown in my message, who said he had never seen any comment that helped him identify the owner of a key in a meaningful way. To that statement, pointing out the ham radio community's use of comment fields to store license numbers is on point. Moving the goalposts to, "but ham operators can still set comment fields with --expert," is not. From dkg at fifthhorseman.net Fri Feb 4 16:51:13 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Fri, 04 Feb 2011 10:51:13 -0500 Subject: moving user ID Comments to --expert mode In-Reply-To: <87mxmcgwfh.fsf@vigenere.g10code.de> References: <4D4B174D.6020409@fifthhorseman.net> <87mxmcgwfh.fsf@vigenere.g10code.de> Message-ID: <4D4C2071.9010603@fifthhorseman.net> On 02/04/2011 01:12 AM, Werner Koch wrote: > Many might nor know that > there is a help feature for every input field: Indeed, i had no idea that this was the case. Thanks for the tip. > but many more users are using a GUI for key generation and thus it is up > to the GUI to preset the comment field. For example GPA uses in > non-advanced mode a wizard dialog for key generation and that one does > not ask for comment. Yep, fixing the GUIs is a separate task, and i agree it's a worthwhile one. I'll take it up with the GUIs i encounter. > I don't have any strong feelings about this, however, here is my own > proposal: > > GnuPG needs to construct a user ID to identify your key. > > Real name: ddddd > Email address: dddd at dddd > You selected this USER-ID: > "ddddd " > > Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? c > Comment: test key > You selected this USER-ID: > "ddddd (test key) " > > Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? q This change in behavior sounds reasonable to me. > No expert option and no translation changes required, Some translation changes might still be worth doing; I would like to see the example User ID lose the comment (including "(Der Dichter)" in an english prompt is not helpful), and i think the wording should also be adjusted, since the User ID does not identify the key -- it identifies the user. But i'll happily pursue translation changes as a separate topic if we can do away with the Comment prompt by default. > The drawback is as with the --expert option: > we will receive bug reports like "I can't enter a comment anymore" ;-). i'm sure that's true :( We can point them at this discussion, though. Regards, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From micah at riseup.net Fri Feb 4 17:34:18 2011 From: micah at riseup.net (Micah Anderson) Date: Fri, 04 Feb 2011 11:34:18 -0500 Subject: moving user ID Comments to --expert mode References: <4D4B174D.6020409__43246.1809520193$1296766874$gmane$org@fifthhorseman.net> Message-ID: <87vd0z69o5.fsf@algae.riseup.net> Daniel Kahn Gillmor writes: > I'd like to propose that GnuPG only prompt the user for a "Comment" for > their User ID under --expert mode. I totally agree with this proposal. If someone wants to add a comment, they should be able to, but I believe that prompting for this on every key generation is a user interface mistake. micah From kloecker at kde.org Fri Feb 4 20:11:05 2011 From: kloecker at kde.org (Ingo =?iso-8859-15?q?Kl=F6cker?=) Date: Fri, 04 Feb 2011 20:11:05 +0100 Subject: moving user ID Comments to --expert mode In-Reply-To: <20110203223247.GA29994@burden.brokenja.ws> References: <4D4B174D.6020409@fifthhorseman.net> <4D4B191C.1080409@sixdemonbag.org> <20110203223247.GA29994@burden.brokenja.ws> Message-ID: <201102042011.11678@thufir.ingo-kloecker.de> On Thursday 03 February 2011, Matthew James Goins wrote: > Personally I've never seen a comment that helped me identify the > owner of a key in a meaningful way. In my keyring there are several keys where the comment contains the date of birth (and in some cases even the place of birth) of the owner of the key. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From expires2011 at ymail.com Fri Feb 4 21:08:08 2011 From: expires2011 at ymail.com (MFPA) Date: Fri, 4 Feb 2011 20:08:08 +0000 Subject: moving user ID Comments to --expert mode In-Reply-To: <4D4B38CE.7080603@dougbarton.us> References: <4D4B174D.6020409@fifthhorseman.net> <4D4B191C.1080409@sixdemonbag.org> <4D4B1E58.4050606@fifthhorseman.net> <4D4B27F2.10701@sixdemonbag.org> <87bp2skbbl.fsf@servo.finestructure.net> <4D4B38CE.7080603@dougbarton.us> Message-ID: <1633967844.20110204200808@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Thursday 3 February 2011 at 11:22:54 PM, in , Doug Barton wrote: > FWIW I would love to see the comment field moved to > expert mode since it rather clearly qualifies under the > "If you don't already know that you need this, you > don't need this" category IMHO, the comment field is firmly in the "you don't need this at all" category. If Heinrich Heine really wants his UID to be "Heinrich Heine (Der Dichter) " he can type "Heinrich Heine (Der Dichter)" in the name field and "heinrichh at duesseldorf.de" in the email address field. - -- Best regards MFPA mailto:expires2011 at ymail.com Don't be silly, it's all "make believe" anyway -----BEGIN PGP SIGNATURE----- iQE7BAEBCgClBQJNTFy7nhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pIhsD/jrD L5wwQ+0lRULKUv49zIpDD/x2jWaWhDyJajpCeRuSDPgve/ZPHqazTcZIIfZhaacP A40WjS6bsPqCdwTliyhT1XwACU1FKT7dlvsR2F6Kh8gDhfV66T6oAS2ap0jfneuC yxC0Bn5Wq8e5yTw/kCWmrCjTpcXlq8o7rf9nBJiW =0Jv3 -----END PGP SIGNATURE----- From jrollins at finestructure.net Fri Feb 4 21:32:18 2011 From: jrollins at finestructure.net (Jameson Rollins) Date: Fri, 04 Feb 2011 12:32:18 -0800 Subject: moving user ID Comments to --expert mode In-Reply-To: <1633967844.20110204200808@my_localhost> References: <4D4B174D.6020409@fifthhorseman.net> <4D4B191C.1080409@sixdemonbag.org> <4D4B1E58.4050606@fifthhorseman.net> <4D4B27F2.10701@sixdemonbag.org> <87bp2skbbl.fsf@servo.finestructure.net> <4D4B38CE.7080603@dougbarton.us> <1633967844.20110204200808@my_localhost> Message-ID: <87bp2rpmlp.fsf@servo.finestructure.net> On Fri, 4 Feb 2011 20:08:08 +0000, MFPA wrote: > IMHO, the comment field is firmly in the "you don't need this at all" > category. If Heinrich Heine really wants his UID to be > "Heinrich Heine (Der Dichter) " he can > type "Heinrich Heine (Der Dichter)" in the name field and > "heinrichh at duesseldorf.de" in the email address field. I *very* strongly agree with this sentiment. jamie. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: not available URL: From justin.teaw at tmsw.com Fri Feb 4 23:49:27 2011 From: justin.teaw at tmsw.com (Justin Teaw) Date: Fri, 4 Feb 2011 16:49:27 -0600 Subject: IPC call failed Message-ID: <4004EA591E53A14ABF012A1869532D95344F51B9@CHIEXC01.us.tmsw.com> Hi, Does anyone have a solution for this problem? Do you know what socket the gpg-agent is using? Regards, Justin Teaw Solution Architect The Marketing Store Canada 1209 King Street West Toronto, Ontario M6K 1G2 Tel: 416.583.3978 www.themarketingstore.ca -------------- next part -------------- An HTML attachment was scrubbed... URL: From kgo at grant-olson.net Sat Feb 5 20:24:56 2011 From: kgo at grant-olson.net (Grant Olson) Date: Sat, 05 Feb 2011 14:24:56 -0500 Subject: IPC call failed In-Reply-To: <4004EA591E53A14ABF012A1869532D95344F51B9@CHIEXC01.us.tmsw.com> References: <4004EA591E53A14ABF012A1869532D95344F51B9@CHIEXC01.us.tmsw.com> Message-ID: <4D4DA408.3050202@grant-olson.net> On 02/04/2011 05:49 PM, Justin Teaw wrote: > > Does anyone have a solution for this problem? Do you know what socket > the gpg-agent is using? > What OS? What version of gnupg? What commands are you trying to run? How are you trying to run them: batch file, command line, program like enigmail, somethign else? Have you verified that gpg-agent is actually running? Etc. -- -Grant "Look around! Can you construct some sort of rudimentary lathe?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 565 bytes Desc: OpenPGP digital signature URL: From mail at david-topping.com Sat Feb 5 20:06:31 2011 From: mail at david-topping.com (David Topping) Date: Sat, 05 Feb 2011 19:06:31 +0000 Subject: unsubscribe In-Reply-To: <4004EA591E53A14ABF012A1869532D95344F51B9@CHIEXC01.us.tmsw.com> References: <4004EA591E53A14ABF012A1869532D95344F51B9@CHIEXC01.us.tmsw.com> Message-ID: unsubscribe -- David Topping e: mail at david-topping.com This message may contain information which is confidential or privileged. If you are not the intended recipient, please advise the sender immediately by reply email and delete this message and any attachments without retaining a copy. On 04/02/2011 22:49, Justin Teaw wrote: > Hi, > > > > Does anyone have a solution for this problem? Do you know what socket > the gpg-agent is using? > > > > Regards, > > > > /Justin Teaw/ > > > > /Solution Architect/ > > /The Marketing Store Canada/ > > > > /1209 King Street West/ > > /Toronto, Ontario M6K 1G2/ > > /Tel: 416.583.3978/ > > > > /www.themarketingstore.ca / > > > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From shavital at mac.com Sat Feb 5 21:53:40 2011 From: shavital at mac.com (Charly Avital) Date: Sat, 05 Feb 2011 15:53:40 -0500 Subject: unsubscribe In-Reply-To: References: <4004EA591E53A14ABF012A1869532D95344F51B9@CHIEXC01.us.tmsw.com> Message-ID: <4D4DB8D4.6090103@mac.com> David Topping wrote the following on 2/5/11 2:06 PM: > > unsubscribe > -- > David Topping > e: mail at david-topping.com To unsubscribe, please go to and scroll down to the unsubscribe option. Best regards, Charly From expires2011 at ymail.com Sun Feb 6 10:24:25 2011 From: expires2011 at ymail.com (MFPA) Date: Sun, 6 Feb 2011 09:24:25 +0000 Subject: unsubscribe In-Reply-To: <4D4DB8D4.6090103@mac.com> References: <4004EA591E53A14ABF012A1869532D95344F51B9@CHIEXC01.us.tmsw.com> <4D4DB8D4.6090103@mac.com> Message-ID: <961342833.20110206092425@my_localhost> Hi On Saturday 5 February 2011 at 8:53:40 PM, in , Charly Avital wrote: > David Topping wrote the following on 2/5/11 2:06 PM: >> unsubscribe -- David Topping e: mail at david-topping.com > To unsubscribe, please go to > > and scroll down to the unsubscribe option. Or simply send a message with the single word "unsubscribe" in the subject line to gnupg-users-request at gnupg.org from the address you are unsubscribing. -- Best regards MFPA mailto:expires2011 at ymail.com Those who do not read are no better off than those who cannot. From holger.naether at mac.com Sun Feb 6 10:57:27 2011 From: holger.naether at mac.com (=?utf-8?Q?Holger_N=C3=A4ther?=) Date: Sun, 06 Feb 2011 10:57:27 +0100 Subject: GPG Decrypt Messages In-Reply-To: References: Message-ID: Am 03.02.2011 um 18:52 schrieb hare krishna: > Hi, > > Can some please help me how to avoid these messages whenever the gpg files is decrypted. Here are the messages > > gpg: Signature made Wed Feb 02 14:26:25 2011 PST using DSA key ID BD6608B2 > gpg: Good signature from "umesh (GPG encryptionl) " > > It is printing in logs everytime. Please advice what should i use to avoid them. > Here is the command i am using: > gpg -q -d abc.gpg > > Thanks, > Umesh As far as I understand the manual page of gpg2, it should be the option "--no-tty" to be used. [QUOTE] --no-tty Make sure that the TTY (terminal) is never used for any output. This option is needed in some cases because GnuPG sometimes prints warnings to the TTY even if --batch is used. [/QUOTE] So instead of -q or --quiet, you should use --no-tty. For example: gpg2 --decrypt --no-tty abc.gpg Best regards, Holger -- This email has been signed by GnuPG encryption software: Public key: 0xACE4EDD6 Signature attached: PGP.sig Jabber: gbyte at jabber.piratenpartei.de Public key: 0xE80C91A1 -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 869 bytes Desc: Signierter Teil der Nachricht URL: From wk at gnupg.org Sun Feb 6 20:01:20 2011 From: wk at gnupg.org (Werner Koch) Date: Sun, 06 Feb 2011 20:01:20 +0100 Subject: GPG Decrypt Messages In-Reply-To: ("Holger =?utf-8?Q?N=C3=A4ther=22's?= message of "Sun, 06 Feb 2011 10:57:27 +0100") References: Message-ID: <874o8hdm2n.fsf@vigenere.g10code.de> On Sun, 6 Feb 2011 10:57, holger.naether at mac.com said: > As far as I understand the manual page of gpg2, it should be the option "--no-tty" to be used. No. For all kind of unattended use you need to pass the option "--batch". "--no-tty" doesn't harm if used along with --batch, but it is not needed. All messages can't be suppressed with options. IF you don't want to see them, do it the usual way: gpg ........ 2>/dev/null (Under Windows replace /dev/null by /dev/nul). Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Sun Feb 6 20:08:58 2011 From: wk at gnupg.org (Werner Koch) Date: Sun, 06 Feb 2011 20:08:58 +0100 Subject: moving user ID Comments to --expert mode In-Reply-To: <4D4C2071.9010603@fifthhorseman.net> (Daniel Kahn Gillmor's message of "Fri, 04 Feb 2011 10:51:13 -0500") References: <4D4B174D.6020409@fifthhorseman.net> <87mxmcgwfh.fsf@vigenere.g10code.de> <4D4C2071.9010603@fifthhorseman.net> Message-ID: <87zkq9c75h.fsf@vigenere.g10code.de> On Fri, 4 Feb 2011 16:51, dkg at fifthhorseman.net said: > Some translation changes might still be worth doing; I would like to see > the example User ID lose the comment (including "(Der Dichter)" in an > english prompt is not helpful), and i think the wording should also be Fine with me, if we drop the comment prompt. > adjusted, since the User ID does not identify the key -- it identifies > the user. But i'll happily pursue translation changes as a separate I disagree. It depends on what you understand as "the user". I assume you mean the entity which has control over the secret key. Often this is not just one human but a group of people or some malware. Thus the User ID is still one way to identify the key and it is actually the most commonly used to identify the key. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From dkg at fifthhorseman.net Sun Feb 6 20:46:30 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Sun, 06 Feb 2011 14:46:30 -0500 Subject: moving user ID Comments to --expert mode In-Reply-To: <87zkq9c75h.fsf@vigenere.g10code.de> References: <4D4B174D.6020409@fifthhorseman.net> <87mxmcgwfh.fsf@vigenere.g10code.de> <4D4C2071.9010603@fifthhorseman.net> <87zkq9c75h.fsf@vigenere.g10code.de> Message-ID: <4D4EFA96.9070100@fifthhorseman.net> On 02/06/2011 02:08 PM, Werner Koch wrote: > On Fri, 4 Feb 2011 16:51, dkg at fifthhorseman.net said: > >> Some translation changes might still be worth doing; I would like to see >> the example User ID lose the comment (including "(Der Dichter)" in an >> english prompt is not helpful), and i think the wording should also be > > Fine with me, if we drop the comment prompt. great! >> adjusted, since the User ID does not identify the key -- it identifies >> the user. But i'll happily pursue translation changes as a separate > > I disagree. It depends on what you understand as "the user". I assume > you mean the entity which has control over the secret key. Yes, that's what i mean. > Often this > is not just one human but a group of people or some malware. Yep, and those keys should probably be clearly marked. Obviously, the malware *won't* self-identify, but there are legitimate keys whose users are not individual humans (like debian's archive signing key), and those do have legitimate User IDs. A User ID for such a key properly identifies the entity which has control over the secret key. It does not identify the key itself. > Thus the > User ID is still one way to identify the key and it is actually the most > commonly used to identify the key. The User ID is the most commonly-used way to *find* the key -- but it does not identify the key. It identifies the user. The fact that people are willing to cryptographically bind the User ID to the key (via OpenPGP certifications, a.k.a. keysigning) is what identifies the key. I realize these are subtle, nit-picky questions of language. Nonetheless, i think they're important to get right. OpenPGP can be a confusing environment for people, and choosing words carefully for one of the major implementations can help to reduce confusion and make the path to adoption less difficult. Regards, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From expires2011 at ymail.com Mon Feb 7 01:01:48 2011 From: expires2011 at ymail.com (MFPA) Date: Mon, 7 Feb 2011 00:01:48 +0000 Subject: moving user ID Comments to --expert mode In-Reply-To: <4D4EFA96.9070100@fifthhorseman.net> References: <4D4B174D.6020409@fifthhorseman.net> <87mxmcgwfh.fsf@vigenere.g10code.de> <4D4C2071.9010603@fifthhorseman.net> <87zkq9c75h.fsf@vigenere.g10code.de> <4D4EFA96.9070100@fifthhorseman.net> Message-ID: <164023881.20110207000148@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Sunday 6 February 2011 at 7:46:30 PM, in , Daniel Kahn Gillmor wrote: > and those > do have legitimate User IDs. What's a "legitimate User ID?" My understanding is that, whilst the de facto standard is a name and an email address, there is no compulsion over what string to choose. > The User ID is the most commonly-used way to *find* the > key -- but it does not identify the key. It identifies > the user. Isn't the User ID simply the string which the user has chosen as an identifier for their key, which can be something more human-friendly than the key id? > The fact that people are willing to > cryptographically bind the User ID to the key (via > OpenPGP certifications, a.k.a. keysigning) is what > identifies the key. I thought the Key ID and the User ID both identified the key, the certifications were an assertion from other people that the User ID was consistent with the user's real-world identity, and that these certifications in combination with the User ID identified the user. - -- Best regards MFPA mailto:expires2011 at ymail.com Two rights do not make a wrong. They make an airplane. -----BEGIN PGP SIGNATURE----- iQE7BAEBCgClBQJNTzZ5nhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5p8B0D+wbw FTKiywBgtTUSQGm1H7QiW0jkHYf4t1/25l6mzLmfQtj2TrVWbK6si6hPPBBEswLt 49TkQC7yZHJTnYAChqUjKOyjBCT/9TEHh4WTmm8f2LBJf5+xIL6Sxze9c8j79koY cw2+lBWZtmJZFEp/+V9gz1tBG2+YGfdwZKA151/i =VTDA -----END PGP SIGNATURE----- From dkg at fifthhorseman.net Mon Feb 7 06:37:11 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Mon, 07 Feb 2011 00:37:11 -0500 Subject: moving user ID Comments to --expert mode In-Reply-To: <164023881.20110207000148@my_localhost> References: <4D4B174D.6020409@fifthhorseman.net> <87mxmcgwfh.fsf@vigenere.g10code.de> <4D4C2071.9010603@fifthhorseman.net> <87zkq9c75h.fsf@vigenere.g10code.de> <4D4EFA96.9070100@fifthhorseman.net> <164023881.20110207000148@my_localhost> Message-ID: <4D4F8507.7010107@fifthhorseman.net> On 02/06/2011 07:01 PM, MFPA wrote: > What's a "legitimate User ID?" My understanding is that, whilst the de > facto standard is a name and an email address, there is no compulsion > over what string to choose. Here are some legitimate User IDs that do not correspond to a single individual: * "deb.torproject.org archive signing key" * "Debian Archive Automatic Signing Key (6.0/squeeze) " These are legitimate to my mind because the unambiguously identify an entity responsible for the key (despite the fact that the entity is not a single individual). Note that the latter happens to be an RFC 822-style e-mail address, but the former does not. The e-mail address form is *not* relevant to the legitimacy of the User ID, other than its ability to disambiguate potentially-conflicting claims to the same name (e.g. there might be multiple "John Smith"s, but there is only one john.smith at example.org if you subscribe to the global namespace described by DNS). > Isn't the User ID simply the string which the user has chosen as an > identifier for their key, which can be something more human-friendly > than the key id? User ID is short for "User Identifier". The User ID is not only friendlier than the key ID -- it actually refers to something outside the cryptographic realm in which the key operates. This is the point of a PKI, whether it is OpenPGP or X.509 or whatever: you want to be able to bind mathematical constructs (e.g. public keys) to non-mathematical entities (e.g. the entities referred to by User IDs). > I thought the Key ID and the User ID both identified the key, As their name implies, the Key ID identifies the key, and the User ID identifies the User (or keyholder). > the > certifications were an assertion from other people that the User ID > was consistent with the user's real-world identity, Yes, *and* that the real-world entity in question actually controls the associated key. An OpenPGP certification is made over a (Key + User ID) combination. It states "the owner of the key is in fact the person described by the User ID". https://tools.ietf.org/html/rfc4880#page-20 > and that these > certifications in combination with the User ID identified the user. The User ID identifies the user, but it might be (and in fact is trivially) spoofed. To decide whether you're willing to believe that a given User ID is correctly associated with a given key, you can use the known certifications of the key+userID combination, and your state of knowledge/belief about the certifiers themselves. These certifications cannot be (practically) spoofed. This is how the web of trust operates. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Mon Feb 7 09:07:34 2011 From: wk at gnupg.org (Werner Koch) Date: Mon, 07 Feb 2011 09:07:34 +0100 Subject: moving user ID Comments to --expert mode In-Reply-To: <4D4EFA96.9070100@fifthhorseman.net> (Daniel Kahn Gillmor's message of "Sun, 06 Feb 2011 14:46:30 -0500") References: <4D4B174D.6020409@fifthhorseman.net> <87mxmcgwfh.fsf@vigenere.g10code.de> <4D4C2071.9010603@fifthhorseman.net> <87zkq9c75h.fsf@vigenere.g10code.de> <4D4EFA96.9070100@fifthhorseman.net> Message-ID: <87mxm8clo9.fsf@vigenere.g10code.de> On Sun, 6 Feb 2011 20:46, dkg at fifthhorseman.net said: > The User ID is the most commonly-used way to *find* the key -- but it > does not identify the key. It identifies the user. The fact that > people are willing to cryptographically bind the User ID to the key (via In OpenPGP parlance the term "key" is used as a synonym for the term "keyblock" which in turn is the OpenPGP saying for a "certificate". To refer to the actual key material (plus some meta information), we use the term "public key packet". Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From Daniel.Kraus at telegate.com Mon Feb 7 08:59:49 2011 From: Daniel.Kraus at telegate.com (Kraus, Daniel) Date: Mon, 7 Feb 2011 08:59:49 +0100 Subject: Problems to migrate keys between two windows pcs Message-ID: Hello together! First of all, English doesn't my native language so I hope you'll forgive me if I'm wrote a mistake. Also I hope that all of you will understand what I mean. I have the following problem or mysterium: We have a virtualle machine with Windows XP running. There is also the bundle "GnuPG for Windows version 1.0.3" running. We use this VM to transfer encrypted files to other companys and also the way back, decrypt files which we recieve from other companies. But you know ... when you work several years with one VM you have many old programs on it, which you don't need anymore. So some weeks ago I started to create a new, clean VM and try to transfer only these programs which we actualy need. So far, so good ... everythings works fine with one exception. I export every key from the old GnuPG for Windows installation (secure and public) and import these into the new one (Gpg4win version 2.0.4) running on the new VM. I'm able to encrypt files with my imported old secure key and the other side can decrypt these files. Everything is the same like when I do these steps on the old VM. But if I try to decrypt a file from another party with the new Installation I get the error message that "These file doesn't a correct encrypted file". (These message must not exactly in this form. I use the german language, so I get these error message in german. But I hope I translate it correctly.) I try to give a r?sum?: I exported my whole keyring (all public and private keys) from the old version and imported it into my new version apperently succesfull. I'm able to encrypt a file with the public key of one of our partners and they are able to decrypt them. But if I'm try to decrypt a encrypted file from our partner, I get the error message above. Same behavior when I enxrypt a file and try to decrypt this one directly. Is there any mistake I oversee? Thanks for the help Daniel -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnupg.user at seibercom.net Mon Feb 7 13:11:49 2011 From: gnupg.user at seibercom.net (Jerry) Date: Mon, 7 Feb 2011 07:11:49 -0500 Subject: RFC 2015 / RFC 3156 (PGP/MIME) support Message-ID: <20110207071149.356d0605@scorpio> Can anyone tell me definitively if Microsoft Outlook, Exchange or Live Mail support RFC 2015 and preferably it's successor RFC 3156? Obviously, I would be interested in knowing only about the latest versions of each product, not some superseded version if possible. I am having an argument with a friend over the fullness of compliance with these RFC's and Microsoft. Actual documentation if available would be a plus. Thanks! -- Jerry ? GNUPG.user at seibercom.net _____________________________________________________________________ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. From wk at gnupg.org Mon Feb 7 14:56:49 2011 From: wk at gnupg.org (Werner Koch) Date: Mon, 07 Feb 2011 14:56:49 +0100 Subject: RFC 2015 / RFC 3156 (PGP/MIME) support In-Reply-To: <20110207071149.356d0605@scorpio> (Jerry's message of "Mon, 7 Feb 2011 07:11:49 -0500") References: <20110207071149.356d0605@scorpio> Message-ID: <87aai8c5i6.fsf@vigenere.g10code.de> On Mon, 7 Feb 2011 13:11, gnupg.user at seibercom.net said: > Can anyone tell me definitively if Microsoft Outlook, Exchange or Live > Mail support RFC 2015 and preferably it's successor RFC 3156? Obviously, Outlook does not support it at all. I wrote a plugin, GpgOL, which brings rfc3156 support to Outlook. However it is a very fragile implementation because it uses unspecified behaviour of Outlook 2003 and 2007. I had to implement my own MIME parser and builder on top of Outlook and make sure that certain headers are sent exactly as Outlook would have done it when sending S/MIME. It does not work with OL 2010 anymore because they dropped the Extended MAPI interface. It works usually does not work with an Exchange account. BTW, there is no really difference between 2015 and 3156. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From dkg at fifthhorseman.net Mon Feb 7 18:33:24 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Mon, 07 Feb 2011 12:33:24 -0500 Subject: moving user ID Comments to --expert mode In-Reply-To: <87mxm8clo9.fsf@vigenere.g10code.de> References: <4D4B174D.6020409@fifthhorseman.net> <87mxmcgwfh.fsf@vigenere.g10code.de> <4D4C2071.9010603@fifthhorseman.net> <87zkq9c75h.fsf@vigenere.g10code.de> <4D4EFA96.9070100@fifthhorseman.net> <87mxm8clo9.fsf@vigenere.g10code.de> Message-ID: <4D502CE4.4070005@fifthhorseman.net> On 02/07/2011 03:07 AM, Werner Koch wrote: > In OpenPGP parlance the term "key" is used as a synonym for the term > "keyblock" which in turn is the OpenPGP saying for a "certificate". While i think this terminology is unfortunate (how do we refer to the key without any additional metadata attached?), i agree with you that the use you describe is widespread. The term "OpenPGP Certificate" seems significantly less ambiguous than "OpenPGP Key" to me, which is why i try to use that term instead, but i concede that the common usage intends to conflate the two concepts. Anyway, the User ID still identifies the keyholder, not the "key" in either sense of the term. The analogous data in an X.509 certificate, the Subject field (or SubjectAltName extensions), does not identify the certificate itself -- it identifies the subject of the certificate. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From kgo at grant-olson.net Mon Feb 7 18:20:01 2011 From: kgo at grant-olson.net (Grant Olson) Date: Mon, 07 Feb 2011 12:20:01 -0500 Subject: Problems to migrate keys between two windows pcs In-Reply-To: References: Message-ID: <4D5029C1.6030705@grant-olson.net> On 2/7/11 2:59 AM, Kraus, Daniel wrote: > > I try to give a r?sum?: > I exported my whole keyring (all public and private keys) from the old > version and imported it into my new version apperently succesfull. > I'm able to encrypt a file with the public key of one of our partners > and they are able to decrypt them. > But if I'm try to decrypt a encrypted file from our partner, I get the > error message above. > Same behavior when I enxrypt a file and try to decrypt this one directly. > > Is there any mistake I oversee? > My guess is that you didn't actually import the secret keys. That would affect your ability to decrypt, but of course the secret key isn't required to encrypt. If you run 'gpg --list-secret-keys' on the new machine, does it show the keys you need? If that is the problem, you could either run something like "gpg --export-secret-keys > secret.keys" on the original machine and import the generated file on the new machine, or copy over secring.gpg. If you have the secret key, maybe double-check the trust level for the secret key. That should be set to ultimate. -- Grant "I am gravely disappointed. Again you have made me unleash my dogs of war." -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 570 bytes Desc: OpenPGP digital signature URL: From sharma.umesh1977 at gmail.com Mon Feb 7 18:27:04 2011 From: sharma.umesh1977 at gmail.com (hare krishna) Date: Mon, 7 Feb 2011 09:27:04 -0800 Subject: GPG Decrypt Messages In-Reply-To: <874o8hdm2n.fsf@vigenere.g10code.de> References: <874o8hdm2n.fsf@vigenere.g10code.de> Message-ID: Thanks Holger & Werner for giving me your kind help. Can you please help how to implement what Werner has suggested Here is the command what i am using gpg -q -d abc.gpg What would i need to implement in your way - using gpg ........ 2>/dev/null Can you please guide me. Thanks, Umesh On Sun, Feb 6, 2011 at 11:01 AM, Werner Koch wrote: > On Sun, 6 Feb 2011 10:57, holger.naether at mac.com said: > > > As far as I understand the manual page of gpg2, it should be the option > "--no-tty" to be used. > > No. For all kind of unattended use you need to pass the option > "--batch". "--no-tty" doesn't harm if used along with --batch, but it > is not needed. > > All messages can't be suppressed with options. IF you don't want to see > them, do it the usual way: > > gpg ........ 2>/dev/null > > (Under Windows replace /dev/null by /dev/nul). > > > > Shalom-Salam, > > Werner > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From m999 at vp.pl Mon Feb 7 19:21:12 2011 From: m999 at vp.pl (m999 at vp.pl) Date: Mon, 07 Feb 2011 19:21:12 +0100 Subject: Symmetric cipher question Message-ID: <16393238-6512c407a23f57f5c70cd031dd19e659@pkn5.m5r2.onet> Hello I have a question. I want to encrypt file that consists of one word for example 'home with AES'. When I did encryption I got file that is 49 bytes. How can I separate my encrypted 4-byte word from the rest of file. I need only encrypted part of my word, I don't want to implement AES on my own. Best regards Michael -------------- next part -------------- An HTML attachment was scrubbed... URL: From Dave.Smith at st.com Mon Feb 7 20:50:19 2011 From: Dave.Smith at st.com (David Smith) Date: Mon, 7 Feb 2011 19:50:19 +0000 Subject: Symmetric cipher question In-Reply-To: <16393238-6512c407a23f57f5c70cd031dd19e659@pkn5.m5r2.onet> References: <16393238-6512c407a23f57f5c70cd031dd19e659@pkn5.m5r2.onet> Message-ID: <4D504CFB.802@st.com> m999 at vp.pl wrote: > Hello > I have a question. I want to encrypt file that consists of one word for > example 'home with AES'. When I did encryption I got file that is 49 > bytes. How can I separate my encrypted 4-byte word from the rest of > file. I need only encrypted part of my word, I don't want to implement > AES on my own. Well, for a start, you're unlikely to get an output from AES that exactly matches the number of bytes you put in, unless your input is an exact multiple of 128 bits (16 bytes). This is because AES is a block cipher algorithm, in that it only works on 128-bit blocks. If your input (cleartext) is not a multiple of 128 bits, some extra stuffing will be added to the last part-block to make it up to a full 128 bits before the block is encrypted. As for why you're getting 49 bytes, I'm not sure. I guess GnuPG is adding some extra metadata (e.g. the ID of the key that was used to do the encryption), but I'm afraid the exact behaviour is beyond my knowledge. Perhaps if you were to post the precise gpg command line you are running, it will give us more info. From justin.teaw at tmsw.com Mon Feb 7 20:26:59 2011 From: justin.teaw at tmsw.com (Justin Teaw) Date: Mon, 7 Feb 2011 13:26:59 -0600 Subject: IPC call failed Message-ID: <4004EA591E53A14ABF012A1869532D95344F56FE@CHIEXC01.us.tmsw.com> Hi, Does anyone have a solution for this problem? Do you know what socket the gpg-agent is using? version: GnuPG 2.0.14 OS: Windows 2003 server How: Batch file I'm not sure if the gpg-agent is running or not. How do I check? I installed on my local and on testing and proceeding to do to the same on staging. It failed on staging. Any ideas? Regards, Justin Teaw The Marketing Store Canada www.themarketingstore.ca -------------- next part -------------- An HTML attachment was scrubbed... URL: From m999 at vp.pl Tue Feb 8 13:49:49 2011 From: m999 at vp.pl (m999 at vp.pl) Date: Tue, 08 Feb 2011 13:49:49 +0100 Subject: Symmetric cipher question Message-ID: <16539674-22880234e7fb5017f94c6666f7631b90@pkn5.m5r2.onet> I need clear encryption output not only for AES, but also for DES, RC5 and BLOWFISH so I taught that GnuPG is universal tool but in that case it looks I have to find separable encryptors for all of these methods. Best regards Michael "Sven Radde" napisa?(a): > Hi, > > Am 20:59, schrieb m999 at vp.pl: > > How can I separate my encrypted 4-byte word from the rest of file. I > > need only encrypted part of my word, I don't want to implement AES on > > my own. > GnuPG is most probably not the optimal tool for what you are trying to > do. (I might be too unimaginative, though ;-) > > Apart from the encrypted data, the output also includes a random AES > key, encrypted by your password and possibly other information such as > salt, initialization vector and the like -- all of which you will need > in order to do something meaningful with the encrypted data (i.e., > decrypt it again). Also, GnuPG does not implement "plain" AES but uses > its crypto algorithms in a slightly non-standard way (for historical > reasons, I am told), so you would most probably need GnuPG again to work > on the ciphertext, anyway. > > I am almost sure that there is a conveniently usable AES library for > whatever programming language you are working in and I suggest looking > into that, if you want to have "just AES". > > cu, Sven From david at gbenet.com Tue Feb 8 14:10:29 2011 From: david at gbenet.com (david at gbenet.com) Date: Tue, 08 Feb 2011 13:10:29 +0000 Subject: IPC call failed In-Reply-To: <4004EA591E53A14ABF012A1869532D95344F56FE@CHIEXC01.us.tmsw.com> References: <4004EA591E53A14ABF012A1869532D95344F56FE@CHIEXC01.us.tmsw.com> Message-ID: <4D5140C5.7030500@gbenet.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello, I run Linux but I guess from the DOS prompt you can type gpg --version - it should give you the following output: > gpg (GnuPG) 1.4.9 > Copyright (C) 2008 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. > > Home: ~/.gnupg > Supported algorithms: > Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA > Cypher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH > Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 > Compression: Uncompressed, ZIP, ZLIB, BZIP2 > david at laptop-1:~$ David Justin Teaw wrote: > Hi, > > > > Does anyone have a solution for this problem? Do you know what socket > the gpg-agent is using? > > > > version: GnuPG 2.0.14 > > OS: Windows 2003 server > > How: Batch file > > > > I'm not sure if the gpg-agent is running or not. How do I check? I > installed on my local and on testing and proceeding to > > do to the same on staging. It failed on staging. Any ideas? > > > > Regards, > > > > /Justin Teaw/ > > > > /The Marketing Store Canada/ > > > > /www.themarketingstore.ca / > > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users - -- ?See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind. Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJNUUC2AAoJEOJpqm7flRExsTQH/jBo+zf/CS5NASCqIc9G2/jQ Qb3r2dYdHYwQv/QOfKLRpUrDRMwc1yTWNh88lbW1NwV2a0OMQ/WlNPZywpCR6kuz KUDC1Yfxf2BNR2G9WIAkifK9mCUuYOcnzJ4FKGVR7/6D1Agq9GdXCXv/ujZ1R8cY gVfpGDOiX4oIwCNaFycClUPtEDR3KmAG7Wq50TIGFdoMNQ+rtxtAZoWxyugyOehZ Q91DgVsgK3ygkaDux/kHwUfBjjxd4GhGbC6dGi4uKNkNP2YrLZ9w2he07sDGzO6a u29e08yRYcktYSp/VIpb8MrbL3j7ewhPYpJeDxvmTOmqKWViqyw9l89H98lik7o= =Z9Tj -----END PGP SIGNATURE----- From f_philipp at fastmail.net Tue Feb 8 15:16:00 2011 From: f_philipp at fastmail.net (Florian Philipp) Date: Tue, 08 Feb 2011 15:16:00 +0100 Subject: Symmetric cipher question In-Reply-To: <16539674-22880234e7fb5017f94c6666f7631b90@pkn5.m5r2.onet> References: <16539674-22880234e7fb5017f94c6666f7631b90@pkn5.m5r2.onet> Message-ID: <4D515020.1020304@fastmail.net> Am 08.02.2011 13:49, schrieb m999 at vp.pl: > I need clear encryption output not only for AES, but also for DES, RC5 and BLOWFISH so I taught that GnuPG is universal tool but in that case it looks I have to find separable encryptors for all of these methods. > > Best regards > Michael > Take a look at `openssl enc`. It seems to be what you want but I have not tried it. The man-page is found under `man ssl-enc` BTW: Please don't top-post. Put your responses below the message that you quote. It makes long threads more readable. Hope this helps, Florian Philipp -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 262 bytes Desc: OpenPGP digital signature URL: From m999 at vp.pl Tue Feb 8 19:07:45 2011 From: m999 at vp.pl (m999 at vp.pl) Date: Tue, 08 Feb 2011 19:07:45 +0100 Subject: Symmetric cipher question Message-ID: <16662814-35e8710bf067d1efe35b69a7c555330c@pkn6.m5r2.onet> I think that OpenSSL is very good for my purposes, Thank you very much Michael "Florian Philipp" napisa?(a): > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From expires2011 at ymail.com Wed Feb 9 00:27:00 2011 From: expires2011 at ymail.com (MFPA) Date: Tue, 8 Feb 2011 23:27:00 +0000 Subject: moving user ID Comments to --expert mode In-Reply-To: <4D4F8507.7010107@fifthhorseman.net> References: <4D4B174D.6020409@fifthhorseman.net> <87mxmcgwfh.fsf@vigenere.g10code.de> <4D4C2071.9010603@fifthhorseman.net> <87zkq9c75h.fsf@vigenere.g10code.de> <4D4EFA96.9070100@fifthhorseman.net> <164023881.20110207000148@my_localhost> <4D4F8507.7010107@fifthhorseman.net> Message-ID: <1248025111.20110208232700@my_localhost> Hi On Monday 7 February 2011 at 5:37:11 AM, in , Daniel Kahn Gillmor wrote: > Here are some legitimate User IDs that do not > correspond to a single individual: > * "deb.torproject.org archive signing key" * "Debian > Archive Automatic Signing Key (6.0/squeeze) > " > These are legitimate to my mind because the > unambiguously identify an entity responsible for the > key (despite the fact that the entity is not a single > individual). Note that the latter happens to be an RFC > 822-style e-mail address, but the former does not. The > e-mail address form is *not* relevant to the legitimacy > of the User ID, other than its ability to disambiguate > potentially-conflicting claims to the same name (e.g. > there might be multiple "John Smith"s, but there is > only one john.smith at example.org if you subscribe to the > global namespace described by DNS). Does this ambiguity cause you to not consider the string "John Smith" to be a legitimate User ID? >> Isn't the User ID simply the string which the user has >> chosen as an identifier for their key, which can be >> something more human-friendly than the key id? > User ID is short for "User Identifier". The User ID is > not only friendlier than the key ID -- it actually > refers to something outside the cryptographic realm in > which the key operates. Or might be a name the user has given to the key itself to enable easy identification, for example there are many called "Test Key." >> I thought the Key ID and the User ID both identified >> the key, > As their name implies, the Key ID identifies the key, > and the User ID identifies the User (or keyholder). Does it actually _imply_ that, or does that merely fit the de facto standard of User IDs containing real names (and usually email addresses)? The terms Key ID and User ID also reflect one being mathematically derived from the key material whereas the other is chosen by the user. -- Best regards MFPA mailto:expires2011 at ymail.com Consistency is the last refuge of the unimaginative From rjh at sixdemonbag.org Wed Feb 9 00:34:19 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 08 Feb 2011 18:34:19 -0500 Subject: moving user ID Comments to --expert mode In-Reply-To: <1248025111.20110208232700@my_localhost> References: <4D4B174D.6020409@fifthhorseman.net> <87mxmcgwfh.fsf@vigenere.g10code.de> <4D4C2071.9010603@fifthhorseman.net> <87zkq9c75h.fsf@vigenere.g10code.de> <4D4EFA96.9070100@fifthhorseman.net> <164023881.20110207000148@my_localhost> <4D4F8507.7010107@fifthhorseman.net> <1248025111.20110208232700@my_localhost> Message-ID: <4D51D2FB.4040900@sixdemonbag.org> On 2/8/11 6:27 PM, MFPA wrote: > Does this ambiguity cause you to not consider the string "John Smith" > to be a legitimate User ID? Let's stop talking about 'legitimate' user IDs, because there is no authority that can determine for all users what are or are not 'legitimate' user IDs. Each user/group gets to determine for themselves what it means to be a 'legitimate' user ID. This explosion of authorities means this line of discussion is unlikely to be fruitful. >> As their name implies, the Key ID identifies the key, >> and the User ID identifies the User (or keyholder). > > Does it actually _imply_ that, or does that merely fit the de facto > standard of User IDs containing real names (and usually email > addresses)? The terms Key ID and User ID also reflect one being > mathematically derived from the key material whereas the other is > chosen by the user. De facto standard. There is no canonical authority on what a user ID should be, or which ones are legitimate and which ones aren't. From christian.rehbein at dfs.de Wed Feb 9 16:41:27 2011 From: christian.rehbein at dfs.de (christian.rehbein at dfs.de) Date: Wed, 9 Feb 2011 16:41:27 +0100 Subject: how to store the public keys in a db? Message-ID: Hey Guys, at first i?m descripe my situation: At the moment i use a postfix(sles 11 sp1) as the mta for my email infrastructure. My goal is to encrypt all outgoing emails with gnupg. The encryption on the server side still works with a content_filter and a shellscript which pipe the incoming email through the gpg command and deliver it encrypt to the intended recipient. gpg uses the /home/filter/.gnupg directory to store the keys. My problem is that the requirements says that ive to store the keys in a database like postges or mysql. At the end i wanna check: "if the recipient is in the database; do encrypt the mail with gpg and the intended key and send it; else send an error message back to the sender." Ive already heard about the sks keyserver, but i do not know how it works on sles 11 sp1? Perhaps u can help. Thx for ur answer. Chris -------------- next part -------------- An HTML attachment was scrubbed... URL: From dkg at fifthhorseman.net Wed Feb 9 21:00:02 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Wed, 09 Feb 2011 15:00:02 -0500 Subject: gpg --check-sigs should indicate if a signature is made by a revoked/compromised key Message-ID: <4D52F242.3040605@fifthhorseman.net> gpg --check-sigs produces information about whether a certification was revoked, but not whether the certification was made by a key which itself was revoked. This seems troublesome to me. Consider this scenario: Alice has key A, and Bob has key B. Alice's key gets compromised by Mallory. Alice notices the compromise, and revokes her key, indicating that it was compromised. Mallory makes a new key, M, attaches Bob's user ID to it, and makes a certification over (Bob,M) with key A. Charles knows Alice, and wants to communicate with Bob. He fetches key M, and runs "gpg --check-sigs Bob", which shows Alice's signature. The output of --check-sigs shows no warning that A has been revoked (marked compromised). Maybe gpg should emit the same "X" that it currently emits for revoked certifications as it does for certifications made from revoked (or at least revoked-due-to-compromise) keys? --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From kgo at grant-olson.net Wed Feb 9 21:27:13 2011 From: kgo at grant-olson.net (Grant Olson) Date: Wed, 09 Feb 2011 15:27:13 -0500 Subject: gpg --check-sigs should indicate if a signature is made by a revoked/compromised key In-Reply-To: <4D52F242.3040605@fifthhorseman.net> References: <4D52F242.3040605@fifthhorseman.net> Message-ID: <4D52F8A1.5040703@grant-olson.net> On 2/9/11 3:00 PM, Daniel Kahn Gillmor wrote: > gpg --check-sigs produces information about whether a certification was > revoked, but not whether the certification was made by a key which > itself was revoked. > The man page does say that this is intentionally not done for performance reasons: --check-sigs Same as --list-sigs, but the signatures are verified. Note that for performance reasons the revocation status of a signing key is not shown. This command has the same effect as using --list- keys with --with-sig-check. > Consider this scenario: > > Alice has key A, and Bob has key B. > > Alice's key gets compromised by Mallory. > > Alice notices the compromise, and revokes her key, indicating that it > was compromised. > > Mallory makes a new key, M, attaches Bob's user ID to it, and makes a > certification over (Bob,M) with key A. > > Charles knows Alice, and wants to communicate with Bob. He fetches key > M, and runs "gpg --check-sigs Bob", which shows Alice's signature. > > The output of --check-sigs shows no warning that A has been revoked > (marked compromised). > > Maybe gpg should emit the same "X" that it currently emits for revoked > certifications as it does for certifications made from revoked (or at > least revoked-due-to-compromise) keys? But shouldn't a user let the trust calculations do their magic and break the WoT to Bob's key once Alice's key has been revoked? Before the key was valid because Alice had full trust, now it's unvalidated because Alice's key is revoked. It seems like this attack only works if you ignore the WoT and explicitly start signing keys X-degrees-of-separation away without proper verification. (Not that I'm saying I can't conceive of real people doing this.) -- Grant "I am gravely disappointed. Again you have made me unleash my dogs of war." -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 570 bytes Desc: OpenPGP digital signature URL: From dkg at fifthhorseman.net Wed Feb 9 22:46:38 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Wed, 09 Feb 2011 16:46:38 -0500 Subject: gpg --check-sigs should indicate if a signature is made by a revoked/compromised key In-Reply-To: <4D52F8A1.5040703@grant-olson.net> References: <4D52F242.3040605@fifthhorseman.net> <4D52F8A1.5040703@grant-olson.net> Message-ID: <4D530B3E.5020608@fifthhorseman.net> On 02/09/2011 03:27 PM, Grant Olson wrote: > The man page does say that this is intentionally not done for > performance reasons: > > --check-sigs > Same as --list-sigs, but the signatures are verified. Note that > for performance reasons the revocation status of a signing key > is not shown. This command has the same effect as using --list- > keys with --with-sig-check. ah, thanks for helping me RTFM :) sorry i missed that. is the same thing true about key expiry? > But shouldn't a user let the trust calculations do their magic and break > the WoT to Bob's key once Alice's key has been revoked? Before the key > was valid because Alice had full trust, now it's unvalidated because > Alice's key is revoked. yes, it would be good if people did that. > It seems like this attack only works if you ignore the WoT and > explicitly start signing keys X-degrees-of-separation away without > proper verification. (Not that I'm saying I can't conceive of real > people doing this.) yeah, i think the problem is that people don't think about these different ways that manual checking can fail. By not reporting key expirations, --check-sigs puts the extra burden on the user -- this might be a performance hit, but it's way more of a performance hit if the user then has to go and manually look up each key, no? --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From alves.h88 at gmail.com Sat Feb 12 12:25:02 2011 From: alves.h88 at gmail.com (Hans Alves) Date: Sat, 12 Feb 2011 12:25:02 +0100 Subject: gpgme passphrase help Message-ID: <1297509902.22925.27.camel@hans-laptop> Hello folks, I am trying to write a GPG plugin for Geany, using GPGME. So far, i got the encryption working, but, when the user does not select any recipients, i want the plugin to use a symmetric cipher. The problem is that i can't seem to figure out how to get the passphrase callback working (safely). From the GPGME manual I understood that it would be better to make use of gpg-agent instead of writing my own passphrase callback. But, I can't find how to get GPGME to use gpg-agent. Another option would be to use pin-entry directly, but than i would need a way to redirect pinentry's output to the provided file descriptor on Windows (I really want it to work cross-platform, even though i don't use Windows myself, and as far as I know windows doesn't implement dup(2)) Any ideas on what i should do? Thanks in advance, Hans From wk at gnupg.org Sat Feb 12 17:26:16 2011 From: wk at gnupg.org (Werner Koch) Date: Sat, 12 Feb 2011 17:26:16 +0100 Subject: gpgme passphrase help In-Reply-To: <1297509902.22925.27.camel@hans-laptop> (Hans Alves's message of "Sat, 12 Feb 2011 12:25:02 +0100") References: <1297509902.22925.27.camel@hans-laptop> Message-ID: <87d3mx9q3b.fsf@vigenere.g10code.de> On Sat, 12 Feb 2011 12:25, alves.h88 at gmail.com said: > recipients, i want the plugin to use a symmetric cipher. The problem > is that i can't seem to figure out how to get the passphrase > callback working (safely). From the GPGME manual I understood that it Under Windows you need to work with system handles, not libc file descriptors. That is you need to use ReadFile and WriteFile. However, if you use GnuPG-2 (or gpg 1.4 with the use-agent option), the callback will not be used at all. Instead the pinentry pops up - you can't control that. If you want to control that you need to implement some kind of loopback pinentry. Your loopback pinentry might look at the envvar PINENTRY_USER_DATA, get the passphrase directly or indirectly from in and pass that back to gpg-agent. Your application then needs to make sure that before you call something which might need a passphrase, it has to set the appropriate info into PINENTRY_USER_DATA. Still you won't get the callback. > Windows (I really want it to work cross-platform, even though i don't > use Windows myself, and as far as I know windows doesn't implement > dup(2)) Windows (but not Windows CE < 6) does support dup() in the libc and DuplicateHandle in the W32 API. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From kgo at grant-olson.net Sun Feb 13 01:41:26 2011 From: kgo at grant-olson.net (Grant Olson) Date: Sat, 12 Feb 2011 19:41:26 -0500 Subject: How do I import an X.509 Certificate onto an OpenPGP smartcard? Message-ID: <4D5728B6.4060703@grant-olson.net> In both the product description for the OpenPGP V2.0 card and the spec itself there is some discussion of a "Cardholder Certificate" Data Object in the V2.0 cards. I've got one of those free X.509 email certificate from Comodo, and was attempting to upload it to the card. I can import the .p12 file into gpgsm, but then it resides in a file under .gnupg. Firstly, can I actually import a certificate like this onto the card? Or do I simply misunderstand the specs? Secondly, is there a command somewhere in gpg/gpgsm/gpg* to do this, or is it specified and implemented on the OpenPGP card only at this point in time? Thirdly, the SCUTE docs start by generating a certificate request from your OpenPGP authentication key. In this scenario, are you just using the Same RSA key for both your OpenPGP and X509 certificates? Does the certificate imported into gpgsm just contain the public key and the CA's signature and somehow defer operations to the card? -- -Grant "Look around! Can you construct some sort of rudimentary lathe?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 565 bytes Desc: OpenPGP digital signature URL: From pyromaniacwolf1994 at gmail.com Sun Feb 13 09:03:12 2011 From: pyromaniacwolf1994 at gmail.com (AgoristTeen1994) Date: Sun, 13 Feb 2011 00:03:12 -0800 (PST) Subject: Help with OpenPGP plugin in Mozilla Thunderbird and Claws Mail Message-ID: <30913160.post@talk.nabble.com> Hey, this is going to seem like stupid questions, but, I just found out about PGP, OpenPGP, and GnuPG yesterday, and I didn't create a key pair until about 2 hours ago, so I'm pretty unaware of how some thing work...First is, that using either Mozilla Thunderbird, with the OpenPGP plugin, or Claws Mail, to generate a key pair, it only lists, one key, my "key id" Is that my public key or my secret key? Or is it supposed to be both? If it's only one of them, how do I find the other? Also. I was wondering, in my reading on the internet about this sort of thing, it mentioned signing a message, say an e-mail, with my secret key, so the recipient knows it's from me...but I"m confused, since doesn't that mean, that any one I send a message to, that I "sign" will have my secret key and thus will be able to decrypt any messages they intercept? Thank you for any help, and have a nice day. -- View this message in context: http://old.nabble.com/Help-with-OpenPGP-plugin-in-Mozilla-Thunderbird-and-Claws-Mail-tp30913160p30913160.html Sent from the GnuPG - User mailing list archive at Nabble.com. From ikrabbe.ask at gmail.com Sun Feb 13 13:34:49 2011 From: ikrabbe.ask at gmail.com (Ingo Krabbe) Date: Sun, 13 Feb 2011 13:34:49 +0100 Subject: how to store the public keys in a db? In-Reply-To: References: Message-ID: <20110213123449.GA1314@ask-laptop> On Wed, Feb 09, 2011 at 04:41:27PM +0100, christian.rehbein at dfs.de wrote: > > Hey Guys, > > at first i?m descripe my situation: > > At the moment i use a postfix(sles 11 sp1) as the mta for my email > infrastructure. My goal is to encrypt all outgoing emails with gnupg. > The encryption on the server side still works with a content_filter > and a shellscript which pipe the incoming email through the gpg > command and deliver it encrypt to the intended recipient. gpg uses the > /home/filter/.gnupg directory to store the keys. My problem is that > the requirements says that ive to store the keys in a database like > postges or mysql. At the end i wanna check: "if the recipient is in > the database; do encrypt the mail with gpg and the intended key and > send it; else send an error message back to the sender." > > Ive already heard about the sks keyserver, but i do not know how it > works on sles 11 sp1? Hi Chris, as you want to use gnupg anyway to encrypt your mails, I don't think you should care about storage of public keys in a database as you don't gain anything from using a database to store the keys. Actually gnupg uses its own database to store keys. I don't know how optimized that database is storing several thousands of keys, but I don't think that it will result into a bottleneck before reaching 10^6-10^12 keys (I didn't prove this statement!). Getting keys you don't have yet is quite easy using public keyservers too. GnuPG and any other pgp should come with a simple set of commands to import from these public keyservers. But in the end gnupg will always work with keys, that has been imported into the keyring. So if you still plan to keep keys in some database you will have a redundant set of keys in the keyring unless you don't cleanup the keyring regularly (which doesn't make much sense to me and will likely be the most expensive operation you can do (this statement a pure guess too!)). But you can use gnupg anytime to export public keys and store these text blobs in a database. I just can't figure out any use for such operations. bye ingo From david at systemoverlord.com Sun Feb 13 17:19:39 2011 From: david at systemoverlord.com (David Tomaschik) Date: Sun, 13 Feb 2011 11:19:39 -0500 Subject: Help with OpenPGP plugin in Mozilla Thunderbird and Claws Mail In-Reply-To: <30913160.post@talk.nabble.com> References: <30913160.post@talk.nabble.com> Message-ID: <4D58049B.5030709@systemoverlord.com> On 02/13/2011 03:03 AM, AgoristTeen1994 wrote: > > Hey, this is going to seem like stupid questions, but, I just found out about > PGP, OpenPGP, and GnuPG yesterday, and I didn't create a key pair until > about 2 hours ago, so I'm pretty unaware of how some thing work...First is, > that using either Mozilla Thunderbird, with the OpenPGP plugin, or Claws > Mail, to generate a key pair, it only lists, one key, my "key id" Is that my > public key or my secret key? Or is it supposed to be both? If it's only one > of them, how do I find the other? Also. I was wondering, in my reading on > the internet about this sort of thing, it mentioned signing a message, say > an e-mail, with my secret key, so the recipient knows it's from me...but I"m > confused, since doesn't that mean, that any one I send a message to, that I > "sign" will have my secret key and thus will be able to decrypt any messages > they intercept? Thank you for any help, and have a nice day. Not at all a stupid question. Your keyid actually refers to an entire keypair -- both a public and private key. It can also refer to a master key with several subkeys, but that's a more advanced usage. Your 2nd question deals with the design of public key cryptography in general. My explanation here is an oversimplification that glosses over the technical details, but should suffice. The way RSA and DSA work is that anything encrypted by your public key can only be decrypted by your private key, and anything encrypted by your private key can be decrypted by your public key. You never give ANYONE your private key. When you sign a message, you essentially take a hash of the message (SHA-1 commonly) that is basically a condensed form of the message. Then you encrypt that with your PRIVATE key. That is a signature A recipient can attempt to decrypt the signature using your public key. If they are able to, they know your private key was used to produce the signature, and if you have kept control of your private key, it must have been signed by you. Hope that helps. -- David Tomaschik, RHCE, LPIC-1 System Administrator/Open Source Advocate OpenPGP: 0x5DEA789B http://systemoverlord.com david at systemoverlord.com From kgo at grant-olson.net Sun Feb 13 18:46:02 2011 From: kgo at grant-olson.net (Grant Olson) Date: Sun, 13 Feb 2011 12:46:02 -0500 Subject: Help with OpenPGP plugin in Mozilla Thunderbird and Claws Mail In-Reply-To: <30913160.post@talk.nabble.com> References: <30913160.post@talk.nabble.com> Message-ID: <4D5818DA.3000307@grant-olson.net> On 02/13/2011 03:03 AM, AgoristTeen1994 wrote: > > Hey, this is going to seem like stupid questions, but, I just found out about > PGP, OpenPGP, and GnuPG yesterday, and I didn't create a key pair until > about 2 hours ago, so I'm pretty unaware of how some thing work...First is, > that using either Mozilla Thunderbird, with the OpenPGP plugin, or Claws > Mail, to generate a key pair, it only lists, one key, my "key id" Is that my > public key or my secret key? Or is it supposed to be both? If it's only one > of them, how do I find the other? They short answer is yes, it contains everything. If you add another user's public key to your keyring, it will contain everything minus the secret key. > Also. I was wondering, in my reading on > the internet about this sort of thing, it mentioned signing a message, say > an e-mail, with my secret key, so the recipient knows it's from me...but I"m > confused, since doesn't that mean, that any one I send a message to, that I > "sign" will have my secret key and thus will be able to decrypt any messages > they intercept? Thank you for any help, and have a nice day. Signing works in reverse compared to encryption. With encryption, anyone can generate an encrypted message with your public key, but only you can decrypt it because only you have the private key. With signing, only you can generate a valid signature because only you have the private key, but anyone with your public key can verify the signature. Signing a message to a complete stranger won't compromise your private part of the key in any way. -- -Grant "Look around! Can you construct some sort of rudimentary lathe?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 565 bytes Desc: OpenPGP digital signature URL: From alex at willner.ws Mon Feb 14 08:49:21 2011 From: alex at willner.ws (Alexander Willner) Date: Mon, 14 Feb 2011 08:49:21 +0100 Subject: GPGTools: short introduction In-Reply-To: <87y66w3l95.fsf@vigenere.g10code.de> References: <4B23331C-7098-4372-8A3F-49755087D6A4@willner.ws> <87y66w3l95.fsf@vigenere.g10code.de> Message-ID: <37417FC4-E77A-412E-9AEE-338C7EC04B0F@willner.ws> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Dear (OS X) GnuPG users, On 07.01.2011, at 14:18, Werner Koch wrote: > On Fri, 7 Jan 2011 13:03, alex at willner.ws said: >> I would like to suggest to add GPGTools[1] to the list of GnuPG Frontends for the Mac platform at [2]. > Please explain the project at gnupg-users at gnupg.org; I can't see from the web page what this is about. since Werner suggested to post a short explanation to this list and users asked why the GPGTools are not linked at gnupg.org: As you might know different (GUI based) software packages are needed to use OpenPGP on OS X. Some of them are no longer developed, were updated years ago or fixed versions could be found in user forums and similar sources. In conjunction with their authors, we, the GPGTools Project Team, started to update some applications and established an infrastructure for all GnuPG related OS X software. Including but not limited to: * MacGPG2 - author: Benjamin Donnachie. * GPGMail - former author: St?phane Corth?sy. * GPG Keychain Access - new author: Roman Zechmeister. At http://gpgtools.org we provide an all-in-one (un-)installer and a web page for each project that links to: * Signed binaries including installer, uninstaller, and beta versions / release candidates. * The git source repository, license files, and wiki pages. * An unified issue/ticket system. * A single mailing list and twitter account. * The change log, including an app cast news feed and partly Sparkle integration. Some questions you might have could already be answered in our FAQ at http://gpgtools.org/faq.html. Please do not hesitate to get in touch with us: http://gpgtools.org/about.html. Best regards, Alex on behalf of the GPGTools Project Team -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAk1Y3oEACgkQdtePBQDQJsRH8gD/dCMSK6zJ6jTFJOjYUhBWtHTN fuZ6nQKRmQVV4YBLvxwBAM7cUcAO86WIcXcLKEfoeuBxWRjyr4pg16HssxhHUmdI =piAm -----END PGP SIGNATURE----- From wk at gnupg.org Mon Feb 14 09:58:30 2011 From: wk at gnupg.org (Werner Koch) Date: Mon, 14 Feb 2011 09:58:30 +0100 Subject: how to store the public keys in a db? In-Reply-To: <20110213123449.GA1314@ask-laptop> (Ingo Krabbe's message of "Sun, 13 Feb 2011 13:34:49 +0100") References: <20110213123449.GA1314@ask-laptop> Message-ID: <878vxj9emh.fsf@vigenere.g10code.de> On Sun, 13 Feb 2011 13:34, ikrabbe.ask at gmail.com said: > don't think that it will result into a bottleneck before reaching > 10^6-10^12 keys (I didn't prove this statement!). This won't work. We do a sequential scans of the pubring.gpg all the time. This includes the computation of fingerprints etc for each and every key. It is more a miracle that it still works fine with many thousand keys. One upon a time we had support for gdbm backend;that was dropped due to several architectural problems. The current plan is to use the keybox format which we are using for gpgsm. It allows to store meta information and will make key lookups much faster. With this you should be able to handle a few million keys. Adding another backend is not very complicated, all access to the keyrings is routed trough the keydb.c module which has provisions to register several backends. Adding an RDBMS backend is thus possible. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From jameshofmann at montana.com Sun Feb 13 22:50:50 2011 From: jameshofmann at montana.com (James Hofmann) Date: Sun, 13 Feb 2011 14:50:50 -0700 Subject: Help with OpenPGP plugin in Mozilla Thunderbird and Claws Mail In-Reply-To: <4D5818DA.3000307@grant-olson.net> References: <30913160.post@talk.nabble.com> <4D5818DA.3000307@grant-olson.net> Message-ID: <20110213215050.GB3048@montana.com> On Sun, Feb 13, 2011 at 12:46:02PM -0500, Grant Olson wrote: > On 02/13/2011 03:03 AM, AgoristTeen1994 wrote: > > > > Hey, this is going to seem like stupid questions, but, I just found out about > > PGP, OpenPGP, and GnuPG yesterday, and I didn't create a key pair until > > about 2 hours ago, so I'm pretty unaware of how some thing work...First is, > > that using either Mozilla Thunderbird, with the OpenPGP plugin, or Claws > > Mail, to generate a key pair, it only lists, one key, my "key id" Is that my > > public key or my secret key? Or is it supposed to be both? If it's only one > > of them, how do I find the other? > > They short answer is yes, it contains everything. If you add another > user's public key to your keyring, it will contain everything minus the > secret key. > > > Also. I was wondering, in my reading on > > the internet about this sort of thing, it mentioned signing a message, say > > an e-mail, with my secret key, so the recipient knows it's from me...but I"m > > confused, since doesn't that mean, that any one I send a message to, that I > > "sign" will have my secret key and thus will be able to decrypt any messages > > they intercept? Thank you for any help, and have a nice day. > > Signing works in reverse compared to encryption. With encryption, > anyone can generate an encrypted message with your public key, but only > you can decrypt it because only you have the private key. With signing, > only you can generate a valid signature because only you have the > private key, but anyone with your public key can verify the signature. > > Signing a message to a complete stranger won't compromise your private > part of the key in any way. > > -- > -Grant > > "Look around! Can you construct some sort of rudimentary lathe?" > I read AgoristTeen1994's question a bit differently. Using your secret key to encrypt something is not at all the same thing as giving somebody your secret key. Using your key doesn't give it away. Jim > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From dkg at fifthhorseman.net Mon Feb 14 15:20:11 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Mon, 14 Feb 2011 09:20:11 -0500 Subject: how to store the public keys in a db? In-Reply-To: <878vxj9emh.fsf@vigenere.g10code.de> References: <20110213123449.GA1314@ask-laptop> <878vxj9emh.fsf@vigenere.g10code.de> Message-ID: <4D593A1B.6030600@fifthhorseman.net> On 02/14/2011 03:58 AM, Werner Koch wrote: > On Sun, 13 Feb 2011 13:34, ikrabbe.ask at gmail.com said: > >> don't think that it will result into a bottleneck before reaching >> 10^6-10^12 keys (I didn't prove this statement!). > > This won't work. We do a sequential scans of the pubring.gpg all the > time. This includes the computation of fingerprints etc for each and > every key. It is more a miracle that it still works fine with many > thousand keys. fwiw, it doesn't really "work fine" with many thousand keys. i've got 1785 keys in my pubring, and performance is noticeably poor. This may be due to my running somewhat older/low-end hardware (900Mhz Celeron M processor, 1GiB RAM), but it's bad enough that i've taken the step of setting no-auto-check-trustdb, and running --check-trustdb manually from a nightly cronjob. otherwise, with the amount of signed and/or encrypted mail that i get, and the fact that i'm signing software and using it to verify ssh connections and web connections, my machine would be regularly blocked on gpg for many many tasks. I'm looking forward to the speedup promised by the keybox format; i hope the trustdb recalculations can be comparably sped up as well. Thanks for working on this, Werner. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From benjamin at py-soft.co.uk Mon Feb 14 16:22:18 2011 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Mon, 14 Feb 2011 15:22:18 +0000 Subject: MacGPG2 v2.0.17-9 released! Message-ID: MacGPG2 v2.0.17-9 is available from https://github.com/downloads/GPGTools/MacGPG2/MacGPG2-2.0.17-9.zip Please use the detached signature to confirm the integrity of your download prior to install. Public key needed available from http://www.gpgtools.org/ Unzip the archive and then run the MacGPG2 installer. MD5 (MacGPG2-2.0.17-9.zip) = 36dec9b2b7f24234a2286d736397d8e9 MD5 (MacGPG2-2.0.17-9.pkg) = 1d6698bca1450496543030247934579b * 121,836 downloads of MacGPG2 from 165 countries in two years! What's New: * Following fixes: http://gpgtools.lighthouseapp.com/projects/66001/tickets/21-gpg-agent-patch-missing http://gpgtools.lighthouseapp.com/projects/66001/tickets/24-add-gpg2-gpgconf-test-to-the-postflight-script http://gpgtools.lighthouseapp.com/projects/66001/tickets/32-incorrect-permissions-on-launchagent-plist http://gpgtools.lighthouseapp.com/projects/66001/tickets/33-check-for-incorrect-options-in-gpg-agentconf http://gpgtools.lighthouseapp.com/projects/66001/tickets/40-secret-keys-unusable * Patch to facilitate IDEA support; requires alternative encryption library *NOT INCLUDED* * Supports 32- and 64-bit Intel Macs running OS X Leopard (10.5) and higher. * Core upgraded to GnuPG v2.0.17 = Configured to use standard socket and daemonise gpg agent on the fly if required. * Maximum key size increased to 8192 bits; not recommended and requires --expert command line option. * Includes GPGTools gpg-agent cache-id option patch. * Pinentry updated by GPGTools team and includes keychain support * Installs exclusively under /usr/local/MacGPG2/ removing previous v2.0.16 install. * Libksba upgraded to v1.1.0 * Libusb upgraded to v1.0.8 Credits * Werner Koch and the GnuPG Project, http://www.gnupg.org/ * St?phane Corth?sy for the launchd patches. * Charly Avital for his patient testing. * Dr Alun J Carr for his kind donation. Noteworthy changes in GnuPG version 2.0.17 (2011-01-13) * Allow more hash algorithms with the OpenPGP v2 card. * The gpg-agent now tests for a new gpg-agent.conf on a HUP. * Fixed output of "gpgconf --check-options". * Fixed a bug where Scdaemon sends a signal to Gpg-agent running in non-daemon mode. * Fixed TTY management for pinentries and session variable update problem. * Minor bug fixes. From wk at gnupg.org Mon Feb 14 18:35:17 2011 From: wk at gnupg.org (Werner Koch) Date: Mon, 14 Feb 2011 18:35:17 +0100 Subject: how to store the public keys in a db? In-Reply-To: <4D593A1B.6030600@fifthhorseman.net> (Daniel Kahn Gillmor's message of "Mon, 14 Feb 2011 09:20:11 -0500") References: <20110213123449.GA1314@ask-laptop> <878vxj9emh.fsf@vigenere.g10code.de> <4D593A1B.6030600@fifthhorseman.net> Message-ID: <87wrl28qp6.fsf@vigenere.g10code.de> On Mon, 14 Feb 2011 15:20, dkg at fifthhorseman.net said: > processor, 1GiB RAM), but it's bad enough that i've taken the step of > setting no-auto-check-trustdb, and running --check-trustdb manually from > a nightly cronjob. otherwise, with the amount of signed and/or Sure; I always forget about this because I use this since I implemented the stuff. However, making --no-auto-check-trustdb the default is not a good idea because many users might have problems setting up a cronjob. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From dkg at fifthhorseman.net Mon Feb 14 18:52:03 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Mon, 14 Feb 2011 12:52:03 -0500 Subject: how to store the public keys in a db? In-Reply-To: <87wrl28qp6.fsf@vigenere.g10code.de> References: <20110213123449.GA1314@ask-laptop> <878vxj9emh.fsf@vigenere.g10code.de> <4D593A1B.6030600@fifthhorseman.net> <87wrl28qp6.fsf@vigenere.g10code.de> Message-ID: <4D596BC3.4010008@fifthhorseman.net> On 02/14/2011 12:35 PM, Werner Koch wrote: > On Mon, 14 Feb 2011 15:20, dkg at fifthhorseman.net said: > >> processor, 1GiB RAM), but it's bad enough that i've taken the step of >> setting no-auto-check-trustdb, and running --check-trustdb manually from >> a nightly cronjob. otherwise, with the amount of signed and/or > > Sure; I always forget about this because I use this since I implemented > the stuff. However, making --no-auto-check-trustdb the default is not a > good idea because many users might have problems setting up a cronjob. I agree. and frankly, the nightly cronjob isn't really what i want either; i'd like gpg to pick up the validity of a key's user ID as soon as it sees the new key, without waiting a day or manually-invoking the minutes-long check-trustdb. Do you expect that we'll be able to run with auto-check-trustdb once you make the transition to keybox? --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From shavital at mac.com Mon Feb 14 19:31:43 2011 From: shavital at mac.com (Charly Avital) Date: Mon, 14 Feb 2011 13:31:43 -0500 Subject: MacGPG2 v2.0.17-9 released! In-Reply-To: References: Message-ID: <4D59750F.6070906@mac.com> Benjamin Donnachie wrote the following on 2/14/11 10:22 AM: > MacGPG2 v2.0.17-9 is available from > https://github.com/downloads/GPGTools/MacGPG2/MacGPG2-2.0.17-9.zip [snip] > MD5 (MacGPG2-2.0.17-9.zip) = 36dec9b2b7f24234a2286d736397d8e9 MD5(MacGPG2-2.0.17-9.zip)= 36dec9b2b7f24234a2286d736397d8e9 > MD5 (MacGPG2-2.0.17-9.pkg) = 1d6698bca1450496543030247934579b MD5(MacGPG2-2.0.17-9.pkg) = 1d6698bca1450496543030247934579b [snip] > * Supports 32- and 64-bit Intel Macs running OS X Leopard (10.5) and higher. Running MacBook5,1 Intel Core 2 Duo 32-bit MacOSX 10.6.6 [snip] Test commands ran smoothly: $ gpg2 --version $ gpg-agent $ ps waux | grep gpg-agent $ echo test | gpg2 -aser "Your Name" | gpg2 $ echo test | gpg2 -aser "Your Name" | gpg2 $ ps waux | grep gpg-agent (after testing signing, verifying decrypting with gpg-agent). Thank you Ben! Charly From wk at gnupg.org Tue Feb 15 09:33:02 2011 From: wk at gnupg.org (Werner Koch) Date: Tue, 15 Feb 2011 09:33:02 +0100 Subject: how to store the public keys in a db? In-Reply-To: <4D596BC3.4010008@fifthhorseman.net> (Daniel Kahn Gillmor's message of "Mon, 14 Feb 2011 12:52:03 -0500") References: <20110213123449.GA1314@ask-laptop> <878vxj9emh.fsf@vigenere.g10code.de> <4D593A1B.6030600@fifthhorseman.net> <87wrl28qp6.fsf@vigenere.g10code.de> <4D596BC3.4010008@fifthhorseman.net> Message-ID: <87k4h18zpd.fsf@vigenere.g10code.de> On Mon, 14 Feb 2011 18:52, dkg at fifthhorseman.net said: > Do you expect that we'll be able to run with auto-check-trustdb once you > make the transition to keybox? It should be much faster. I won't promise anything, though. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Tue Feb 15 10:19:47 2011 From: wk at gnupg.org (Werner Koch) Date: Tue, 15 Feb 2011 10:19:47 +0100 Subject: GPGTools: short introduction In-Reply-To: <37417FC4-E77A-412E-9AEE-338C7EC04B0F@willner.ws> (Alexander Willner's message of "Mon, 14 Feb 2011 08:49:21 +0100") References: <4B23331C-7098-4372-8A3F-49755087D6A4@willner.ws> <87y66w3l95.fsf@vigenere.g10code.de> <37417FC4-E77A-412E-9AEE-338C7EC04B0F@willner.ws> Message-ID: <87d3mt8xjg.fsf@vigenere.g10code.de> Hi, thanks for explaining the project. I looked at your packes and found no reason not to include it. In particular the quick links to the license files were helpful for checking that this is indeed all about free software. I added GPGTools to the related software section and also featured it on the frontpage next to Gpg4win. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Tue Feb 15 10:29:10 2011 From: wk at gnupg.org (Werner Koch) Date: Tue, 15 Feb 2011 10:29:10 +0100 Subject: How do I import an X.509 Certificate onto an OpenPGP smartcard? In-Reply-To: <4D5728B6.4060703@grant-olson.net> (Grant Olson's message of "Sat, 12 Feb 2011 19:41:26 -0500") References: <4D5728B6.4060703@grant-olson.net> Message-ID: <878vxh8x3t.fsf@vigenere.g10code.de> On Sun, 13 Feb 2011 01:41, kgo at grant-olson.net said: > Firstly, can I actually import a certificate like this onto the card? > Or do I simply misunderstand the specs? Yes. > Secondly, is there a command somewhere in gpg/gpgsm/gpg* to do this, or > is it specified and implemented on the OpenPGP card only at this point > in time? There are two hidden commands in the --card-edit sub-menu: readcert 3 >foo.crt and obviously: writecert 3 (Grant Olson's message of "Sat, 12 Feb 2011 19:41:26 -0500") References: <4D5728B6.4060703@grant-olson.net> Message-ID: <874o858wml.fsf@vigenere.g10code.de> On Sun, 13 Feb 2011 01:41, kgo at grant-olson.net said: > Thirdly, the SCUTE docs start by generating a certificate request from > your OpenPGP authentication key. In this scenario, are you just using > the Same RSA key for both your OpenPGP and X509 certificates? Does the Yes, it is possible to create a CSR from an existing key. If you run gpgsm --gen-key you see Please select what kind of key you want: (1) RSA (2) Existing key (3) Existing key from card Your selection? 2 Enter the keygrip: With GnuPG 2.1 you may now easily use any existing key, run gpg[sm] --with-keygrip -K to get the keygrip. The keygrip is also used as the name of the file holding the key at private-keys-v1.d/. IIRC, Scute does exactly this. I have not looked at Scute for a long time thus you better check yourself. > certificate imported into gpgsm just contain the public key and the CA's > signature and somehow defer operations to the card? Yes, you have to run gpgsm --learn-card first so that the agent knows what public keys are stored on the card. The certificates on the cards are in general not necessary. If the card contains X.509 certificates, gpgsm --learn-card will import them for future use. Scute usually fetches the certificates via gpgsm but will also take care of the certificates stored on the card. This clearly needs more documentation. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Tue Feb 15 10:44:07 2011 From: wk at gnupg.org (Werner Koch) Date: Tue, 15 Feb 2011 10:44:07 +0100 Subject: SSH authentication using OpenPGP 2.0 smartcard In-Reply-To: <20110127150120.GA6230@patryks-laptop.softexor.net> (Patryk Cisek's message of "Thu, 27 Jan 2011 16:01:20 +0100") References: <20110125150518.GB3867@patryks-laptop.softexor.net> <4D3F0552.9030501@grant-olson.net> <4D3F0AD5.8050500@grant-olson.net> <8739ogn573.fsf@vigenere.g10code.de> <20110127150120.GA6230@patryks-laptop.softexor.net> Message-ID: <87zkpx7hug.fsf@vigenere.g10code.de> On Thu, 27 Jan 2011 16:01, patryk at debian.org said: > I've got 2 readers: > OmniKey CardMan 3121 (USB device) > OmniKey CardMan 4040 (PCMCIA device) All Omnikey based readers don't work with 2k keys. There is a hack in scdaemon which sometimes helps, but in general they are not supported; neither with the internal ccid driver nor by pcsc-lite. They work under Windows because the proprietary driver there is able to use an undocumented feature of the readers. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From npaq.sleq at ntlworld.com Mon Feb 14 15:59:03 2011 From: npaq.sleq at ntlworld.com (M. Henry) Date: Mon, 14 Feb 2011 14:59:03 -0000 Subject: GPG (MingW32) defaults to revoked key/uid Message-ID: <4D594337.12073.7622EB@npaq.sleq.ntlworld.com> Forgive me if this is a terribly common problem/issue, but I've had a lengthy search both of this list and the web generally (as well as trawling at great length through the GPG man) and have found nothing on it. Being a recent convert to PGP/GPG I have been playing around a bit to get used to it before really deploying it in active use. I recently revoked my first key, and created another, for reasons of convenience I won't go into. By accident I rendered this second key unusable and ended up with a third, did something similar to that one and am now on a fourth (which I will hopefully treat much more sensibly!). Because of this I have three revoked keys (all have been successfully revoked) and one non- revoked key, all with at least one uid identical. Now, when I use gpg to look up a key by any part of a uid (for example when using --edit- key), it automatically selects the first-created _revoked_ key, not the sole non-revoked one. I have tried revoking and deleting specific uids from the revoked keys, but this makes no difference. Obviously this causes grave problems as maybe encrypting and signing will also default to a revoked key - though I haven't tested really yet - but at very least it's annoying as I have to do --edit-key etc for the newest, active key via the hexadecimal identifier rather than uid. Any help on sorting out this issue would be much appreciated. Using GPG 1.4.11 (MingW32), Win XP SP3. Thanks, Mark Henry. From lopaki at gmail.com Tue Feb 15 15:18:44 2011 From: lopaki at gmail.com (Scott Lambdin) Date: Tue, 15 Feb 2011 09:18:44 -0500 Subject: how to store the public keys in a db? In-Reply-To: <87k4h18zpd.fsf@vigenere.g10code.de> References: <20110213123449.GA1314@ask-laptop> <878vxj9emh.fsf@vigenere.g10code.de> <4D593A1B.6030600@fifthhorseman.net> <87wrl28qp6.fsf@vigenere.g10code.de> <4D596BC3.4010008@fifthhorseman.net> <87k4h18zpd.fsf@vigenere.g10code.de> Message-ID: On Tue, Feb 15, 2011 at 3:33 AM, Werner Koch wrote: > I won't promise anything, though. > > > Salam-Shalom, > > Werner > > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > Would there be a way to have gpg use a database for keys without it being a particular database? -- There's a box? -------------- next part -------------- An HTML attachment was scrubbed... URL: From pyromaniacwolf1994 at gmail.com Tue Feb 15 14:38:47 2011 From: pyromaniacwolf1994 at gmail.com (AgoristTeen1994) Date: Tue, 15 Feb 2011 05:38:47 -0800 (PST) Subject: Help with OpenPGP plugin in Mozilla Thunderbird and Claws Mail In-Reply-To: <30913160.post@talk.nabble.com> References: <30913160.post@talk.nabble.com> Message-ID: <30930916.post@talk.nabble.com> Okay thanks for the help though I'm still somewhat confused...I understand that they key id is the entire keypair, but then how do I found out what is just my public key, and just my secret key, the reason I"m asking is that if I want to give my public key to someone, then I apparently give the entire keyid since that has my secret key too..or am I wrong on that and I can give them the entire keyid? Thanks again and have a nice day. -- View this message in context: http://old.nabble.com/Help-with-OpenPGP-plugin-in-Mozilla-Thunderbird-and-Claws-Mail-tp30913160p30930916.html Sent from the GnuPG - User mailing list archive at Nabble.com. From kgo at grant-olson.net Tue Feb 15 17:12:08 2011 From: kgo at grant-olson.net (Grant Olson) Date: Tue, 15 Feb 2011 11:12:08 -0500 Subject: Help with OpenPGP plugin in Mozilla Thunderbird and Claws Mail In-Reply-To: <30930916.post@talk.nabble.com> References: <30913160.post@talk.nabble.com> <30930916.post@talk.nabble.com> Message-ID: <4D5AA5D8.5020607@grant-olson.net> On 2/15/11 8:38 AM, AgoristTeen1994 wrote: > > Okay thanks for the help though I'm still somewhat confused...I understand > that they key id is the entire keypair, but then how do I found out what is > just my public key, and just my secret key, the reason I"m asking is that if > I want to give my public key to someone, then I apparently give the entire > keyid since that has my secret key too..or am I wrong on that and I can give > them the entire keyid? Thanks again and have a nice day. In my opinion, the easiest way is to: 1) Send your key to a keyserver like pool.sks-keyservers.net. Rest assured this only sends the public part of your key. (In Thunderbird/Enigmail you do this by going to OpenPGP -> Key Management -> Right clicking on your key -> Upload public keys to keyservers) 2) Send a signed email to the person you want to correspond with. That person can then import the key and verify the signature. And once they have your key they can encrypt to you. If you don't want to send your keys to the keyserver, you can email them a copy of the key. (In Enigmail you do this by going to OpenPGP -> Key Management -> Right clicking on your key -> Send public keys by email.) If you want to test everything out, there is a robot email address at adele-en at gnupp.de . If you try to send that your public key, it well tell you if you did everything right or not, and suggest some next steps to continue testing. -- Grant "I am gravely disappointed. Again you have made me unleash my dogs of war." -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 570 bytes Desc: OpenPGP digital signature URL: From dkg at fifthhorseman.net Tue Feb 15 17:26:53 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Tue, 15 Feb 2011 11:26:53 -0500 Subject: GPG (MingW32) defaults to revoked key/uid In-Reply-To: <4D594337.12073.7622EB@npaq.sleq.ntlworld.com> References: <4D594337.12073.7622EB@npaq.sleq.ntlworld.com> Message-ID: <4D5AA94D.7010207@fifthhorseman.net> On 02/14/2011 09:59 AM, M. Henry wrote: > Now, when I use gpg to look up a key by any part of a uid (for example when using --edit- > key), it automatically selects the first-created _revoked_ key, not the sole non-revoked one. I > have tried revoking and deleting specific uids from the revoked keys, but this makes no > difference. I think this discussion is relevant to your question: http://lists.gnupg.org/pipermail/gnupg-users/2009-September/037376.html which resulted in the following bug report: https://bugs.g10code.com/gnupg/issue1143 Your best bet is to remove the old keys from your keyring entirely, so that your preferred key is the first one in the output of gpg --list-keys (if they get re-imported later, they'll show up later in the list). i agree, this is a suboptimal situation, i'm just sharing the workarounds that i've found. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From bmarwell at googlemail.com Tue Feb 15 17:59:18 2011 From: bmarwell at googlemail.com (Benjamin Marwell) Date: Tue, 15 Feb 2011 17:59:18 +0100 Subject: how to store the public keys in a db? In-Reply-To: References: <20110213123449.GA1314@ask-laptop> <878vxj9emh.fsf@vigenere.g10code.de> <4D593A1B.6030600@fifthhorseman.net> <87wrl28qp6.fsf@vigenere.g10code.de> <4D596BC3.4010008@fifthhorseman.net> <87k4h18zpd.fsf@vigenere.g10code.de> Message-ID: Just my idea. I tried to understand the dispatcher code and keyring.c Werner was referring to, but I would not know how to implement it. Save each chunk as a seperate relational tuple? By the way: Because of database design, even SQLite would probably be faster for reading, but not for writing. But yes, a connection to mysql/postgresql would be interesting for key servers. So, yes, please keep the interface as generic as possible. I'm very interested in it. Regards, Ben 2011/2/15 Scott Lambdin : > > > On Tue, Feb 15, 2011 at 3:33 AM, Werner Koch wrote: >> >> ?I won't promise anything, though. >> >> >> Salam-Shalom, >> >> ? Werner >> >> Gnupg-users mailing list >> Gnupg-users at gnupg.org >> http://lists.gnupg.org/mailman/listinfo/gnupg-users > > Would there be a way to have gpg use a database for keys without it being a > particular database? > > -- > There's a box? > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > From alves.h88 at gmail.com Tue Feb 15 19:11:24 2011 From: alves.h88 at gmail.com (Hans Alves) Date: Tue, 15 Feb 2011 19:11:24 +0100 Subject: Default algorithm and gpgme questions Message-ID: <1297793484.28156.21.camel@hans-laptop> Hey, I noticed that when I use a symetric cipher, the default algorithm is CAST5 which allways gives me this warning when decrypting: gpg: WARNING: message was not integrity protected So, is there a way to change the default algorithm to AES or TWOFISH without having to specify it as a command-line option every time? I also noticed that GPGME always uses /usr/bin/gpg even though I have a later version installed at /usr/local/bin/gpg can I get GPGME to use the newer version, and if yes, how? Thanks, Hans From gnupg.user at seibercom.net Tue Feb 15 21:15:22 2011 From: gnupg.user at seibercom.net (Jerry) Date: Tue, 15 Feb 2011 15:15:22 -0500 Subject: Default algorithm and gpgme questions In-Reply-To: <1297793484.28156.21.camel@hans-laptop> References: <1297793484.28156.21.camel@hans-laptop> Message-ID: <20110215151522.114a4925@scorpio> On Tue, 15 Feb 2011 19:11:24 +0100 Hans Alves articulated: > Hey, > > I noticed that when I use a symetric cipher, the default algorithm is > CAST5 which allways gives me this warning when decrypting: > gpg: WARNING: message was not integrity protected > So, is there a way to change the default algorithm to AES or TWOFISH > without having to specify it as a command-line option every time? > > I also noticed that GPGME always uses /usr/bin/gpg even though I have > a later version installed at /usr/local/bin/gpg can I get GPGME to > use the newer version, and if yes, how? Why can't you just link them? -- Jerry ? GNUPG.user at seibercom.net _____________________________________________________________________ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. From sharma.umesh1977 at gmail.com Tue Feb 15 22:16:36 2011 From: sharma.umesh1977 at gmail.com (hare krishna) Date: Tue, 15 Feb 2011 13:16:36 -0800 Subject: ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or directory Message-ID: Hi, Can someone help me out why i am facing this problem. OS - Unix. I have set the LD_LIBRARY_PATH=/usr/sfw/lib:/lib:/usr/lib:/usr/local/lib:/lib/64:/usr/lib/64 But when i run this command: gpg --list-keys i am getting this error: *ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or directory Killed* Please help me its very urgent. -------------- next part -------------- An HTML attachment was scrubbed... URL: From alves.h88 at gmail.com Tue Feb 15 22:53:11 2011 From: alves.h88 at gmail.com (Hans Alves) Date: Tue, 15 Feb 2011 22:53:11 +0100 Subject: Default algorithm and gpgme questions In-Reply-To: <20110215151522.114a4925@scorpio> References: <1297793484.28156.21.camel@hans-laptop> <20110215151522.114a4925@scorpio> Message-ID: <1297806791.2329.9.camel@hans-laptop> El Tue, 15-02-2011 a las 15:15 -0500, Jerry escribi?: > On Tue, 15 Feb 2011 19:11:24 +0100 > Hans Alves articulated: > > > Hey, > > > > I noticed that when I use a symetric cipher, the default algorithm is > > CAST5 which allways gives me this warning when decrypting: > > gpg: WARNING: message was not integrity protected > > So, is there a way to change the default algorithm to AES or TWOFISH > > without having to specify it as a command-line option every time? > > > > I also noticed that GPGME always uses /usr/bin/gpg even though I have > > a later version installed at /usr/local/bin/gpg can I get GPGME to > > use the newer version, and if yes, how? > > Why can't you just link them? > Yes, I should have thought of that. Thanks. Just wondering though, /usr/local/bin/gpg is the first one in the path, if I just run gpg from a terminal that one is used. So why does gpgme use the other one? From rjh at sixdemonbag.org Tue Feb 15 23:14:39 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 15 Feb 2011 17:14:39 -0500 Subject: ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or directory In-Reply-To: References: Message-ID: <4D5AFACF.6010505@sixdemonbag.org> On 2/15/11 4:16 PM, hare krishna wrote: > Can someone help me out why i am facing this problem. > OS - Unix. There is no "UNIX" operating system. I am guessing that you're running some version of x86_64 Solaris, but am uncertain of this. We'll have a much easier time helping if you answer these questions: (a) What OS are you running? (b) Which version? (c) From where did you acquire GnuPG? (d) Where is GnuPG located? From sharma.umesh1977 at gmail.com Tue Feb 15 23:25:57 2011 From: sharma.umesh1977 at gmail.com (hare krishna) Date: Tue, 15 Feb 2011 14:25:57 -0800 Subject: ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or directory In-Reply-To: <4D5AFACF.6010505@sixdemonbag.org> References: <4D5AFACF.6010505@sixdemonbag.org> Message-ID: This is the output of ldd /gpg/gpg1.4.9/bin/gpg libresolv.so.2 => /lib/libresolv.so.2 libz.so.1 => /usr/lib/libz.so.1 libbz2.so.1 => /usr/lib/libbz2.so.1 libsocket.so.1 => /lib/libsocket.so.1 libnsl.so.1 => /lib/libnsl.so.1 libusb.so.1 => /usr/sfw/lib/libusb.so.1 libc.so.1 => /lib/libc.so.1 libmp.so.2 => /lib/libmp.so.2 libmd.so.1 => /lib/libmd.so.1 libscf.so.1 => /lib/libscf.so.1 libdl.so.1 => /lib/libdl.so.1 libdoor.so.1 => /lib/libdoor.so.1 libuutil.so.1 => /lib/libuutil.so.1 libgen.so.1 => /lib/libgen.so.1 libm.so.2 => /lib/libm.so.2 /platform/SUNW,Sun-Fire-V490/lib/libc_psr.so.1 /platform/SUNW,Sun-Fire-V490/lib/libmd_psr.so.1 On Tue, Feb 15, 2011 at 2:14 PM, Robert J. Hansen wrote: > On 2/15/11 4:16 PM, hare krishna wrote: > > Can someone help me out why i am facing this problem. > > OS - Unix. > > There is no "UNIX" operating system. I am guessing that you're running > some version of x86_64 Solaris, but am uncertain of this. We'll have a > much easier time helping if you answer these questions: > > (a) What OS are you running? > (b) Which version? > (c) From where did you acquire GnuPG? > (d) Where is GnuPG located? > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Tue Feb 15 23:30:39 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 15 Feb 2011 17:30:39 -0500 Subject: ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or directory In-Reply-To: References: <4D5AFACF.6010505@sixdemonbag.org> Message-ID: <4D5AFE8F.1050409@sixdemonbag.org> On 2/15/11 5:25 PM, hare krishna wrote: > This is the output of ldd /gpg/gpg1.4.9/bin/gpg Which does not answer any of my four questions, and does not help me solve your problem. From sharma.umesh1977 at gmail.com Tue Feb 15 23:40:01 2011 From: sharma.umesh1977 at gmail.com (hare krishna) Date: Tue, 15 Feb 2011 14:40:01 -0800 Subject: ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or directory In-Reply-To: <4D5AFE8F.1050409@sixdemonbag.org> References: <4D5AFACF.6010505@sixdemonbag.org> <4D5AFE8F.1050409@sixdemonbag.org> Message-ID: (a) What OS are you running? - UNIX (b) Which version? - platform/SUNW,Sun-Fire-V490 (c) From where did you acquire GnuPG? i dont remember exactly (d) Where is GnuPG located? - /opt/app/test1/gpg/gpg1.4.9/bin/gpg On Tue, Feb 15, 2011 at 2:30 PM, Robert J. Hansen wrote: > On 2/15/11 5:25 PM, hare krishna wrote: > > This is the output of ldd /gpg/gpg1.4.9/bin/gpg > > Which does not answer any of my four questions, and does not help me > solve your problem. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Tue Feb 15 23:44:28 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 15 Feb 2011 17:44:28 -0500 Subject: ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or directory In-Reply-To: References: <4D5AFACF.6010505@sixdemonbag.org> <4D5AFE8F.1050409@sixdemonbag.org> Message-ID: <4D5B01CC.9070402@sixdemonbag.org> On 2/15/11 5:40 PM, hare krishna wrote: > (a) What OS are you running? - UNIX Once again, there is no "UNIX" operating system. There are many different vendors who provide operating systems that conform to varying levels of the UNIX specifications. For instance, my Macbook Pro conforms to the UNIX specifications, but I wouldn't say my operating system is UNIX: I'd say it was Mac OS X. The reason why I'm asking is because different operating systems handle things differently. It *looks* like you're using Solaris: but so far I don't have much confirmation of this, nor do I know which version of Solaris. > (c) From where did you acquire GnuPG? i dont remember exactly Then that might be your problem. Get a GnuPG package for your version of Solaris, either from the Oracle open-source download page or from Blastwave, install that, and see if it works better for you. From dshaw at jabberwocky.com Tue Feb 15 23:50:11 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 15 Feb 2011 17:50:11 -0500 Subject: ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or directory In-Reply-To: References: Message-ID: On Feb 15, 2011, at 4:16 PM, hare krishna wrote: > Hi, > > Can someone help me out why i am facing this problem. > OS - Unix. > > I have set the LD_LIBRARY_PATH=/usr/sfw/lib:/lib:/usr/lib:/usr/local/lib:/lib/64:/usr/lib/64 > > But when i run this command: > gpg --list-keys > i am getting this error: > > ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or directory > Killed That's an error from your loader. It can't run gpg, because the gpg binary is built with USB smartcard reader support via libusb, but your system doesn't have libusb available within your LD_LIBRARY_PATH. This isn't a gpg error - gpg never even got executed here. The fix is to either figure out where you have libusb and include that in your path, to get libusb, or rebuild gpg to not require libusb. David From Lists.gnupg at mephisto.fastmail.net Wed Feb 16 03:22:29 2011 From: Lists.gnupg at mephisto.fastmail.net (Lists.gnupg at mephisto.fastmail.net) Date: Tue, 15 Feb 2011 21:22:29 -0500 Subject: Help with OpenPGP plugin in Mozilla Thunderbird and Claws Mail In-Reply-To: <30930916.post@talk.nabble.com> References: <30913160.post@talk.nabble.com> <30930916.post@talk.nabble.com> Message-ID: <20110216022229.GB14150@debian.hansaeditions.net> On Tue, Feb 15, 2011 at 05:38:47AM -0800 Also sprach AgoristTeen1994: > > Okay thanks for the help though I'm still somewhat confused...I understand > that they key id is the entire keypair, but then how do I found out what is > just my public key, and just my secret key, the reason I"m asking is that if > I want to give my public key to someone, then I apparently give the entire > keyid since that has my secret key too..or am I wrong on that and I can give > them the entire keyid? Thanks again and have a nice day. > -- There is a distinction I believe you are missing; please feel free to admonish me if I am oversimplifying things, however: The Key ID is not the entire key pair; it merely represents the key pair. It is a unique name for your key pair, if you would like to think of it that way. When you give someone your Key ID, you are not literally giving them any part of your Secret or Public key--you are merely giving them a convenient way to reference it. The actual public key can be quite long, and inconvenient to read out to someone, or jot down on the back of a cocktail napkin, so we have these Key IDs to use as short-hand. If you have your public key published somewhere, such as on a key server, the Key ID is a way for other people to unambiguously look up the full key. If you have more than one key pair (e.g. one for personal use, and one for work), the Key ID of each key pair (which will be unique to each) is a way to tell them apart on such a key server, or within your own keychain. Note, however, that only giving someone your Key ID does not help them to encrypt messages to you, or verify your signature, if they do not have someplace to access the actual key (like a public key server). It just helps them look up your individual key if it is in such a place. Generally speaking, good OpenPGP implementations (like GnuPG) will require that you explicitly state you want to export your _Secret_ key before they will ever spit it out (e.g. "gpg --export-secret-keys" is pretty obvious). Under all other circumstances, when you issue a command to export a key, it will release only the public part of the key pair. Hope this helps, Kevin -- "Le hasard favorise l'esprit pr?par?." --Louis Pasteur -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 665 bytes Desc: Digital signature URL: From dkg at fifthhorseman.net Wed Feb 16 05:35:58 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Tue, 15 Feb 2011 23:35:58 -0500 Subject: on possible ambiguity in Key IDs [was: Re: Help with OpenPGP plugin in Mozilla Thunderbird and Claws Mail] In-Reply-To: <20110216022229.GB14150@debian.hansaeditions.net> References: <30913160.post@talk.nabble.com> <30930916.post@talk.nabble.com> <20110216022229.GB14150@debian.hansaeditions.net> Message-ID: <4D5B542E.70102@fifthhorseman.net> On 02/15/2011 09:22 PM, Lists.gnupg at mephisto.fastmail.net wrote: > If you have your public key published somewhere, such as on a key > server, the Key ID is a way for other people to unambiguously look up > the full key. You're quite correct that the key ID provides a handle that references the actual public key, and is not the public key itself. However, the key ID is not guaranteed to be unique. In fact, short key IDs (of the form 0xDEADBEEF) are trivial to find collisions for -- there just aren't enough of them, so the search space is small enough to exhaust with very commonplace hardware. Long-form keyIDs (of the form 0xDECAFBADDEADBEEF) are significantly harder to spoof, but easily within reach of a well-funded organization. the full fingerprint itself (mine is 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9) is much closer to what you describe as an "unambiguous lookup". While the spec counsels that it is also possible for two keys to share a fingerprint, the chances of that happening are believed to be dramatically closer to 0 than the other shorter forms: https://tools.ietf.org/html/rfc4880#section-12.2 Note also that long-form keyID is just the last 16 hex digits of the fingerprint, and the short-form keyID is just the last 8 hex digits. So if you know the fingerprint, you know the other identifiers. Regards, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Wed Feb 16 05:44:00 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 15 Feb 2011 23:44:00 -0500 Subject: on possible ambiguity in Key IDs [was: Re: Help with OpenPGP plugin in Mozilla Thunderbird and Claws Mail] In-Reply-To: <4D5B542E.70102@fifthhorseman.net> References: <30913160.post@talk.nabble.com> <30930916.post@talk.nabble.com> <20110216022229.GB14150@debian.hansaeditions.net> <4D5B542E.70102@fifthhorseman.net> Message-ID: <4D5B5610.20301@sixdemonbag.org> On 2/15/11 11:35 PM, Daniel Kahn Gillmor wrote: > Long-form keyIDs (of the form 0xDECAFBADDEADBEEF) are significantly > harder to spoof, but easily within reach of a well-funded organization. IIRC, Jon Callas says an accidental long-ID collision has occurred. I don't recall the details. Still, the point is that collisions don't just happen by deliberate attack. From dshaw at jabberwocky.com Wed Feb 16 06:02:43 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 16 Feb 2011 00:02:43 -0500 Subject: ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or directory In-Reply-To: <20110216042513.GA41283@wilma.widomaker.com> References: <20110216042513.GA41283@wilma.widomaker.com> Message-ID: <0B9175B5-2337-4A9F-9962-91CF9CF67FCF@jabberwocky.com> On Feb 15, 2011, at 11:25 PM, Jason Harris wrote: > On Tue, Feb 15, 2011 at 05:50:11PM -0500, David Shaw wrote: >>> I have set the LD_LIBRARY_PATH=/usr/sfw/lib:/lib:/usr/lib:/usr/local/lib:/lib/64:/usr/lib/64 >>> >>> But when i run this command: >>> gpg --list-keys >>> i am getting this error: >>> >>> ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or directory >>> Killed >> >> That's an error from your loader. It can't run gpg, because the gpg binary is built with USB smartcard reader support via libusb, but your system doesn't have libusb available within your LD_LIBRARY_PATH. This isn't a gpg error - gpg never even got executed here. >> >> The fix is to either figure out where you have libusb and include that in your path, to get libusb, or rebuild gpg to not require libusb. > > Geez, doesn't anybody READ anymore?! Even _I_ just managed to read: > > [ldd output quoted to whatever level] >>>>> libusb.so.1 => /usr/sfw/lib/libusb.so.1 > > So, it is in the LD_LIBRARY_PATH quoted above, and therefore > IT IS ON THE SYSTEM, right? In future I will always ensure to use my time machine when replying, since clearly people replying to a message from 4:26 should know the information revealed in a completely different message from one hour later at 5:25. Really, it's just a shame we don't all have your amazing skills for reading messages that haven't been sent yet. David From sharma.umesh1977 at gmail.com Wed Feb 16 06:14:15 2011 From: sharma.umesh1977 at gmail.com (hare krishna) Date: Tue, 15 Feb 2011 21:14:15 -0800 Subject: ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or directory In-Reply-To: <0B9175B5-2337-4A9F-9962-91CF9CF67FCF@jabberwocky.com> References: <20110216042513.GA41283@wilma.widomaker.com> <0B9175B5-2337-4A9F-9962-91CF9CF67FCF@jabberwocky.com> Message-ID: Thanks david.. it got worked.. gr8!!!! On Tue, Feb 15, 2011 at 9:02 PM, David Shaw wrote: > On Feb 15, 2011, at 11:25 PM, Jason Harris wrote: > > > On Tue, Feb 15, 2011 at 05:50:11PM -0500, David Shaw wrote: > >>> I have set the > LD_LIBRARY_PATH=/usr/sfw/lib:/lib:/usr/lib:/usr/local/lib:/lib/64:/usr/lib/64 > >>> > >>> But when i run this command: > >>> gpg --list-keys > >>> i am getting this error: > >>> > >>> ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or > directory > >>> Killed > >> > >> That's an error from your loader. It can't run gpg, because the gpg > binary is built with USB smartcard reader support via libusb, but your > system doesn't have libusb available within your LD_LIBRARY_PATH. This > isn't a gpg error - gpg never even got executed here. > >> > >> The fix is to either figure out where you have libusb and include that > in your path, to get libusb, or rebuild gpg to not require libusb. > > > > Geez, doesn't anybody READ anymore?! Even _I_ just managed to read: > > > > [ldd output quoted to whatever level] > >>>>> libusb.so.1 => /usr/sfw/lib/libusb.so.1 > > > > So, it is in the LD_LIBRARY_PATH quoted above, and therefore > > IT IS ON THE SYSTEM, right? > > In future I will always ensure to use my time machine when replying, since > clearly people replying to a message from 4:26 should know the information > revealed in a completely different message from one hour later at 5:25. > > Really, it's just a shame we don't all have your amazing skills for reading > messages that haven't been sent yet. > > David > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From kgo at grant-olson.net Wed Feb 16 06:33:23 2011 From: kgo at grant-olson.net (Grant Olson) Date: Wed, 16 Feb 2011 00:33:23 -0500 Subject: ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or directory In-Reply-To: <0B9175B5-2337-4A9F-9962-91CF9CF67FCF@jabberwocky.com> References: <20110216042513.GA41283@wilma.widomaker.com> <0B9175B5-2337-4A9F-9962-91CF9CF67FCF@jabberwocky.com> Message-ID: <4D5B61A3.7060006@grant-olson.net> On 02/16/2011 12:02 AM, David Shaw wrote: > > In future I will always ensure to use my time machine when replying, since clearly people replying to a message from 4:26 should know the information revealed in a completely different message from one hour later at 5:25. > > Really, it's just a shame we don't all have your amazing skills for reading messages that haven't been sent yet. > > David > Completely off-topic, but this reminded me of Raymond Chen's ongoing series about psychic debugging: https://encrypted.google.com/search?q=sites%3Amsdn.com+psychic+debugging -- -Grant "Look around! Can you construct some sort of rudimentary lathe?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 565 bytes Desc: OpenPGP digital signature URL: From jharris at widomaker.com Wed Feb 16 05:25:13 2011 From: jharris at widomaker.com (Jason Harris) Date: Wed, 16 Feb 2011 00:25:13 -0400 Subject: ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or directory In-Reply-To: References: Message-ID: <20110216042513.GA41283@wilma.widomaker.com> On Tue, Feb 15, 2011 at 05:50:11PM -0500, David Shaw wrote: > > I have set the LD_LIBRARY_PATH=/usr/sfw/lib:/lib:/usr/lib:/usr/local/lib:/lib/64:/usr/lib/64 > > > > But when i run this command: > > gpg --list-keys > > i am getting this error: > > > > ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or directory > > Killed > > That's an error from your loader. It can't run gpg, because the gpg binary is built with USB smartcard reader support via libusb, but your system doesn't have libusb available within your LD_LIBRARY_PATH. This isn't a gpg error - gpg never even got executed here. > > The fix is to either figure out where you have libusb and include that in your path, to get libusb, or rebuild gpg to not require libusb. Geez, doesn't anybody READ anymore?! Even _I_ just managed to read: [ldd output quoted to whatever level] >>>> libusb.so.1 => /usr/sfw/lib/libusb.so.1 So, it is in the LD_LIBRARY_PATH quoted above, and therefore IT IS ON THE SYSTEM, right? If I were to guess, LD_LIBRARY_PATH is being ignored/reset... -- Jason Harris | PGP: This _is_ PGP-signed, isn't it? jharris at widomaker.com _|_ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 314 bytes Desc: not available URL: From rjh at sixdemonbag.org Wed Feb 16 06:48:15 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 16 Feb 2011 00:48:15 -0500 Subject: ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or directory In-Reply-To: <20110216042513.GA41283@wilma.widomaker.com> References: <20110216042513.GA41283@wilma.widomaker.com> Message-ID: <4D5B651F.1000607@sixdemonbag.org> On 2/15/11 11:25 PM, Jason Harris wrote: > Geez, doesn't anybody READ anymore?! Even _I_ just managed to read: Some of us read quite well: others less so. David was responding to the information he had available. The message you're quoting was sent *after* David sent his. > So, it is in the LD_LIBRARY_PATH quoted above, and therefore > IT IS ON THE SYSTEM, right? When a system isn't working, it pays to be very cautious about making assumptions about what's broken and what's working. There's a big difference between saying "it might be this, and here's a test we can do to see if it is," and saying "IT IS ON THE SYSTEM!" -- unless you've done more checking, you really shouldn't say it this confidently. From jharris at widomaker.com Wed Feb 16 07:01:15 2011 From: jharris at widomaker.com (Jason Harris) Date: Wed, 16 Feb 2011 02:01:15 -0400 Subject: ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or directory In-Reply-To: <0B9175B5-2337-4A9F-9962-91CF9CF67FCF@jabberwocky.com> References: <20110216042513.GA41283@wilma.widomaker.com> <0B9175B5-2337-4A9F-9962-91CF9CF67FCF@jabberwocky.com> Message-ID: <20110216060115.GA41685@wilma.widomaker.com> On Wed, Feb 16, 2011 at 12:02:43AM -0500, David Shaw wrote: > On Feb 15, 2011, at 11:25 PM, Jason Harris wrote: > > On Tue, Feb 15, 2011 at 05:50:11PM -0500, David Shaw wrote: > > Geez, doesn't anybody READ anymore?! Even _I_ just managed to read: > > So, it is in the LD_LIBRARY_PATH quoted above, and therefore > > IT IS ON THE SYSTEM, right? > > In future I will always ensure to use my time machine when replying, since clearly people replying to a message from 4:26 should know the information revealed in a completely different message from one hour later at 5:25. > > Really, it's just a shame we don't all have your amazing skills for reading messages that haven't been sent yet. More likely the problem was in receiving. The ldd output message was delivered to me at Tue, 15 Feb 2011 17:30:42 -0500. Your reply to the OP's 1st, thread-starting message was delivered to me at Tue, 15 Feb 2011 18:23:49 -0500. Your reply's Date: was Tue, 15 Feb 2011 17:50:11 -0500. So, the ldd output was available, at least to me, for almost 20 minutes before you hit send. If you received: Message-ID: significantly later, fine, but there is no need to inject absurdities. -- Jason Harris | PGP: This _is_ PGP-signed, isn't it? jharris at widomaker.com _|_ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 314 bytes Desc: not available URL: From dshaw at jabberwocky.com Wed Feb 16 07:26:05 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 16 Feb 2011 01:26:05 -0500 Subject: on possible ambiguity in Key IDs [was: Re: Help with OpenPGP plugin in Mozilla Thunderbird and Claws Mail] In-Reply-To: <4D5B542E.70102@fifthhorseman.net> References: <30913160.post@talk.nabble.com> <30930916.post@talk.nabble.com> <20110216022229.GB14150@debian.hansaeditions.net> <4D5B542E.70102@fifthhorseman.net> Message-ID: <9EDD696F-9ECC-4790-91A9-4471789DB1E0@jabberwocky.com> On Feb 15, 2011, at 11:35 PM, Daniel Kahn Gillmor wrote: > On 02/15/2011 09:22 PM, Lists.gnupg at mephisto.fastmail.net wrote: >> If you have your public key published somewhere, such as on a key >> server, the Key ID is a way for other people to unambiguously look up >> the full key. > > You're quite correct that the key ID provides a handle that references > the actual public key, and is not the public key itself. > > However, the key ID is not guaranteed to be unique. In fact, short key > IDs (of the form 0xDEADBEEF) are trivial to find collisions for -- there > just aren't enough of them, so the search space is small enough to > exhaust with very commonplace hardware. Here's a fun example: https://webtru.st/pks/lookup?search=0x001FA1AD&op=vindex Compare his last name to his key ID :) Way back when, there was actually a tool ("Abattoir") that you could give a chosen (short) key ID to and it would just generate keys over and over until it hit it. Given the improvements in CPU speed since then, this should be even easier now. David From dshaw at jabberwocky.com Wed Feb 16 07:31:10 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 16 Feb 2011 01:31:10 -0500 Subject: on possible ambiguity in Key IDs [was: Re: Help with OpenPGP plugin in Mozilla Thunderbird and Claws Mail] In-Reply-To: <4D5B5610.20301@sixdemonbag.org> References: <30913160.post@talk.nabble.com> <30930916.post@talk.nabble.com> <20110216022229.GB14150@debian.hansaeditions.net> <4D5B542E.70102@fifthhorseman.net> <4D5B5610.20301@sixdemonbag.org> Message-ID: <2E10384E-26C2-4418-B13A-531259D4BA18@jabberwocky.com> On Feb 15, 2011, at 11:44 PM, Robert J. Hansen wrote: > On 2/15/11 11:35 PM, Daniel Kahn Gillmor wrote: >> Long-form keyIDs (of the form 0xDECAFBADDEADBEEF) are significantly >> harder to spoof, but easily within reach of a well-funded organization. > > IIRC, Jon Callas says an accidental long-ID collision has occurred. I > don't recall the details. Still, the point is that collisions don't > just happen by deliberate attack. One of the engineers working on PGP had generated a key and the keyserver had rejected it as non-unique. Unfortunately, the engineer chucked the key and made a new one... http://www.mailinglistarchive.com/html/ietf-openpgp at imc.org/2011-01/msg00027.html David From ludovic at hirlimann.net Wed Feb 16 09:24:33 2011 From: ludovic at hirlimann.net (Ludovic Hirlimann) Date: Wed, 16 Feb 2011 09:24:33 +0100 Subject: Keysigning event party in Cebit 2011? Message-ID: <4D5B89C1.4000306@hirlimann.net> Hi, I've just learned that I might attend Cebit. I was wondering if there was plans to have a keysigning event / party ? and if so where the meet point would be. Ludo -- http://perso.hirlimann.net/~ludo/blog/ http://flickr.com/photos/lhirlimann -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 291 bytes Desc: OpenPGP digital signature URL: From pyromaniacwolf1994 at gmail.com Tue Feb 15 18:45:13 2011 From: pyromaniacwolf1994 at gmail.com (AgoristTeen1994) Date: Tue, 15 Feb 2011 09:45:13 -0800 (PST) Subject: Help with OpenPGP plugin in Mozilla Thunderbird and Claws Mail In-Reply-To: <30913160.post@talk.nabble.com> References: <30913160.post@talk.nabble.com> Message-ID: <30933366.post@talk.nabble.com> Okay thanks for the help. -- View this message in context: http://old.nabble.com/Help-with-OpenPGP-plugin-in-Mozilla-Thunderbird-and-Claws-Mail-tp30913160p30933366.html Sent from the GnuPG - User mailing list archive at Nabble.com. From Lists.gnupg-users at mephisto.fastmail.net Wed Feb 16 01:21:03 2011 From: Lists.gnupg-users at mephisto.fastmail.net (Lists.gnupg-users at mephisto.fastmail.net) Date: Tue, 15 Feb 2011 19:21:03 -0500 Subject: Help with OpenPGP plugin in Mozilla Thunderbird and Claws Mail In-Reply-To: <30930916.post@talk.nabble.com> References: <30913160.post@talk.nabble.com> <30930916.post@talk.nabble.com> Message-ID: <20110216002103.GA13641@debian.hansaeditions.net> On Tue, Feb 15, 2011 at 05:38:47AM -0800 Also sprach AgoristTeen1994: > > Okay thanks for the help though I'm still somewhat confused...I understand > that they key id is the entire keypair, but then how do I found out what is > just my public key, and just my secret key, the reason I"m asking is that if > I want to give my public key to someone, then I apparently give the entire > keyid since that has my secret key too..or am I wrong on that and I can give > them the entire keyid? Thanks again and have a nice day. > -- There is a distinction I believe you are missing; please feel free to admonish me if I am oversimplifying things, however: The Key ID is not the entire key pair; it merely represents the key pair. It is a unique name for your key pair, if you would like to think of it that way. When you give someone your Key ID, you are not literally giving them any part of your Secret or Public key--you are merely giving them a convenient way to reference it. The actual public key can be quite long, and inconvenient to read out to someone, or jot down on the back of a cocktail napkin, so we have these Key IDs to use as short-hand. If you have your public key published somewhere, such as on a key server, the Key ID is a way for other people to unambiguously look up the full key. If you have more than one key pair (e.g. one for personal use, and one for work), the Key ID of each key pair (which will be unique to each) is a way to tell them apart on such a key server, or within your own keychain. Note, however, that only giving someone your Key ID does not help them to encrypt messages to you, or verify your signature, if they do not have someplace to access the actual key (like a public key server). It just helps them look up your individual key if it is in such a place. Generally speaking, good OpenPGP implementations (like GnuPG) will require that you explicitly state you want to export your _Secret_ key before they will ever spit it out (e.g. "gpg --export-secret-keys" is pretty obvious). Under all other circumstances, when you issue a command to export a key, it will release only the public part of the key pair. Hope this helps, Kevin -- "Le hasard favorise l'esprit pr?par?." --Louis Pasteur -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 665 bytes Desc: Digital signature URL: From Lists.gnupg-users at mephisto.fastmail.net Wed Feb 16 01:21:03 2011 From: Lists.gnupg-users at mephisto.fastmail.net (Lists.gnupg-users at mephisto.fastmail.net) Date: Tue, 15 Feb 2011 19:21:03 -0500 Subject: Help with OpenPGP plugin in Mozilla Thunderbird and Claws Mail In-Reply-To: <30930916.post@talk.nabble.com> References: <30913160.post@talk.nabble.com> <30930916.post@talk.nabble.com> Message-ID: <20110216002103.GA13641@debian.hansaeditions.net> On Tue, Feb 15, 2011 at 05:38:47AM -0800 Also sprach AgoristTeen1994: > > Okay thanks for the help though I'm still somewhat confused...I understand > that they key id is the entire keypair, but then how do I found out what is > just my public key, and just my secret key, the reason I"m asking is that if > I want to give my public key to someone, then I apparently give the entire > keyid since that has my secret key too..or am I wrong on that and I can give > them the entire keyid? Thanks again and have a nice day. > -- There is a distinction I believe you are missing; please feel free to admonish me if I am oversimplifying things, however: The Key ID is not the entire key pair; it merely represents the key pair. It is a unique name for your key pair, if you would like to think of it that way. When you give someone your Key ID, you are not literally giving them any part of your Secret or Public key--you are merely giving them a convenient way to reference it. The actual public key can be quite long, and inconvenient to read out to someone, or jot down on the back of a cocktail napkin, so we have these Key IDs to use as short-hand. If you have your public key published somewhere, such as on a key server, the Key ID is a way for other people to unambiguously look up the full key. If you have more than one key pair (e.g. one for personal use, and one for work), the Key ID of each key pair (which will be unique to each) is a way to tell them apart on such a key server, or within your own keychain. Note, however, that only giving someone your Key ID does not help them to encrypt messages to you, or verify your signature, if they do not have someplace to access the actual key (like a public key server). It just helps them look up your individual key if it is in such a place. Generally speaking, good OpenPGP implementations (like GnuPG) will require that you explicitly state you want to export your _Secret_ key before they will ever spit it out (e.g. "gpg --export-secret-keys" is pretty obvious). Under all other circumstances, when you issue a command to export a key, it will release only the public part of the key pair. Hope this helps, Kevin -- "Le hasard favorise l'esprit pr?par?." --Louis Pasteur -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 665 bytes Desc: Digital signature URL: From mwood at IUPUI.Edu Wed Feb 16 15:54:39 2011 From: mwood at IUPUI.Edu (Mark H. Wood) Date: Wed, 16 Feb 2011 09:54:39 -0500 Subject: Help with OpenPGP plugin in Mozilla Thunderbird and Claws Mail In-Reply-To: <30930916.post@talk.nabble.com> References: <30913160.post@talk.nabble.com> <30930916.post@talk.nabble.com> Message-ID: <20110216145439.GA659@IUPUI.Edu> I'm going to stick my non-expert neck out, because this seems to need more than a brief answer. On Tue, Feb 15, 2011 at 05:38:47AM -0800, AgoristTeen1994 wrote: > > Okay thanks for the help though I'm still somewhat confused...I understand > that they key id is the entire keypair, but then how do I found out what is No; the key ID *names* your keypair. The public and private keys are much larger objects. The ID is related to them but doesn't contain them. The ID is used to identify particular pairs. > just my public key, and just my secret key, the reason I"m asking is that if > I want to give my public key to someone, then I apparently give the entire > keyid since that has my secret key too..or am I wrong on that and I can give > them the entire keyid? Thanks again and have a nice day. Ultimately, someone who wants to verify signatures from you or send privacy-protected messages *to* you using GnuPG will need a copy of your public key. You can deliver the public key itself, or you can publish your public key on a keyserver and give correspondents your key ID, which is usually enough to identify your public key, and they can use the ID to fetch a copy of the key from the server. The advantage of sharing the ID is that it is short enough to just type into an email or write by hand in a letter, while the keys themselves are a few *hundred* characters long. I could easily learn my key ID, but the key itself (7122 characters!) is far beyond my power to recall. The advantage of delivering key copies directly is that you control the distribution of your public key (assuming you can trust your correspondents to honor your wishes). A published key can be fetched, signed, and resubmitted by *anyone*. Some people have reason to desire control over who signs their keys. Their reasons have been discussed on this list. Keys can be exported to removable storage or attached to a message. The way I would proceed: 1. Get a list of your secret keys and locate the one you want to work with. You probably only have one so far, so this is pretty simple. 2. Note the key ID. It's an 8-character hexadecimal number. 3. Locate the public key with the same ID. That's the public key you are trying to distribute. 4a. If you intend to give copies of your public key to your correspondents, export that key to a file. If you are offered the option of producing an "armored" key file, you probably want that -- the resulting file is all printable characters and travels well through email. Unarmored files are binary and can be damaged by some methods of transmission, but have their uses too. 4b. If you intend to publish your public key to a keyserver, this is the key to publish. Tell your correspondents the ID to fetch. Or just start signing messages on the assumption that their message agents offer options to fetch and verify keys from keyservers. Specifically how you do all that depends on which tool you are using. The following use commandline tools because that's what I use. If you are using a GUI tool then it should offer similar operations. You can get a list of your secret keys using "gpg --list-secret-keys". You'll see something like: /home/foobar/.gnupg/secring.gpg ------------------------------- sec 1024D/12345678 1858-11-01 uid A. User (an optional comment) ssb 1024g/87654321 1858-11-01 The middle column of the "sec" line is the size, type, and ID of the key. The ID is the part after the slash. You can double-check this by then using "gpg --list-public-keys 12345678" (or whatever your key ID is). You should see a similar display except that it says "pub" instead of "sec". You probably have only one secret key so far, so figuring out which ID to use is pretty easy. If you ever have more than one, use the "uid" lines to figure out which is which. Now that you have your key ID, you can send your public key to a keyserver if that is how you want to work. "gpg --send-keys 12345678 --keyserver keybucket.example.com" will publish the key with id 12345678 to the server keybucket.example.com. To fetch someone else's key, use --recv-keys and the other person's ID instead of --send-keys and your ID. There are a number of public keyservers. Their merits have been discussed on this list. If you'd rather deliver copies of your public key individually, you can get it using "gpg --armor --export 12345678 > public-key.asc". The new file public-key.asc will then contain an "ASCII-armored" copy of your public key suitable for importation into someone else's OpenPGP implementation. You may be as open or secretive as you wish with this file, as it doesn't contain your private key. GnuPG has *many* other functions and options. GUI tools in front of it are similarly endowed. You should look them over so that you know what's available to you. You don't have to understand every single one of them right away, though you *do* need to thoroughly understand the ones you use. Just the use of personal cryptography is a large and complex topic. I recommend you do some further reading before relying on your understanding (or mine!) for the protection of sensitive matter. It's easy to do things that only make you *think* you are secure. -- Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu Asking whether markets are efficient is like asking whether people are smart. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From jharris at widomaker.com Wed Feb 16 16:56:55 2011 From: jharris at widomaker.com (Jason Harris) Date: Wed, 16 Feb 2011 11:56:55 -0400 Subject: ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or directory In-Reply-To: <4D5B651F.1000607@sixdemonbag.org> References: <20110216042513.GA41283@wilma.widomaker.com> <4D5B651F.1000607@sixdemonbag.org> Message-ID: <20110216155655.GA43614@wilma.widomaker.com> On Wed, Feb 16, 2011 at 12:48:15AM -0500, Robert J. Hansen wrote: > On 2/15/11 11:25 PM, Jason Harris wrote: > > Geez, doesn't anybody READ anymore?! Even _I_ just managed to read: > > Some of us read quite well: others less so. So true. You complained about seeing the ldd output, yet it was actually the next relevant information required for diagnosing this problem. > > So, it is in the LD_LIBRARY_PATH quoted above, and therefore > > IT IS ON THE SYSTEM, right? > > When a system isn't working, it pays to be very cautious about making > assumptions about what's broken and what's working. There's a big I read and understood what was provided. The ldd output indicates that the OP did the test and found the file with ldd but not when actually invoking gpg. Sometimes LD_LIBRARY_PATH is ignored for security reasons, right? But don't believe me, try the following on FreeBSD: %man ldconfig [snip] SECURITY Special care must be taken when loading shared libraries into the address space of set-user-Id programs. Whenever such a program is run by any user except the owner of the program, the dynamic linker will only load shared libraries from the hints file. In particular, the LD_LIBRARY_PATH is not used to search for libraries. Thus, the role of ldconfig is dual. In addition to building a set of hints for quick lookup, it also serves to specify the trusted collection of directories from which shared objects can be safely loaded. > difference between saying "it might be this, and here's a test we can do > to see if it is," and saying "IT IS ON THE SYSTEM!" -- unless you've > done more checking, you really shouldn't say it this confidently. ldd(1) was that (next, required) test, believe it or not. That gpg just started miraculously loading for the OP usually means that ldconfig(1) was [re-]run (as root, and for whatever reason) and found the .so.1 in question. Most likely, this step failed during the initial install. -- Jason Harris | PGP: This _is_ PGP-signed, isn't it? jharris at widomaker.com _|_ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 314 bytes Desc: not available URL: From lopaki at gmail.com Wed Feb 16 17:17:59 2011 From: lopaki at gmail.com (Scott Lambdin) Date: Wed, 16 Feb 2011 11:17:59 -0500 Subject: ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or directory In-Reply-To: <4D5B651F.1000607@sixdemonbag.org> References: <20110216042513.GA41283@wilma.widomaker.com> <4D5B651F.1000607@sixdemonbag.org> Message-ID: On 2/15/11 11:25 PM, Jason Harris wrote: > > So, it is in the LD_LIBRARY_PATH quoted above, and therefore > > IT IS ON THE SYSTEM, right? > Just wanted to point out that LD_LIBRARY_PATH is not the only way for the libraries to be found. In fact, some people think of it as the lazy way. Binaries can be compiled with information that tells where the libraries will be at compile time and at run time. > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- There's a box? -------------- next part -------------- An HTML attachment was scrubbed... URL: From stevebell at gulli.com Wed Feb 16 14:52:16 2011 From: stevebell at gulli.com (Steve) Date: Wed, 16 Feb 2011 14:52:16 +0100 Subject: [gpgtools-org] GPGTools: short introduction In-Reply-To: <87d3mt8xjg.fsf@vigenere.g10code.de> References: <4B23331C-7098-4372-8A3F-49755087D6A4@willner.ws> <87y66w3l95.fsf@vigenere.g10code.de> <37417FC4-E77A-412E-9AEE-338C7EC04B0F@willner.ws> <87d3mt8xjg.fsf@vigenere.g10code.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Werner, thanks indeed for adding GPGTools to the mac section as well as to the prominent frontpage. There are still some old links in the mac-section on the gnupg website (Related Software > Frontends): * http://gnupg.org/related_software/frontends.en.html#mac GPGMail: www.gpgmail.org no longer exists, please update link to * http://www.gpgtools.org/gpgmail.html MacGPG2: although the SF page still exists, it is planned to be deleted sometime in the far future. It is no longer updated/maintained. Please update link to * http://www.gpgtools.org/macgpg2.html All the best, steve Am 15.02.2011 um 10:19 schrieb Werner Koch: > Hi, > > thanks for explaining the project. I looked at your packes and found no > reason not to include it. In particular the quick links to the license > files were helpful for checking that this is indeed all about free > software. > > I added GPGTools to the related software section and also featured it on > the frontpage next to Gpg4win. > > > Shalom-Salam, > > Werner > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > > _______________________________________________ > gpgtools-org mailing list > gpgtools-org at lists.gpgtools.org > Changes: http://lists.gpgtools.org/mailman/listinfo/gpgtools-org > Unsubscribe: http://lists.gpgtools.org/mailman/options/gpgtools-org/stevebell at gulli.com?unsub=Unsubscribe&unsubconfirm=1 > > This email sent to: stevebell at gulli.com -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAk1b1pkACgkQ8ASQ4cFNa2u8xAD8CfCEy1QaBSpNVxzIM0K3utor n5NPWe94VcSEO1Bx3mkBAIVlqnsqm4Lwtgl6C6ETvV6xM9VHesw+aMUrawadVgS7 =MUO4 -----END PGP SIGNATURE----- From Lists.gnupg at mephisto.fastmail.net Sat Feb 19 15:53:50 2011 From: Lists.gnupg at mephisto.fastmail.net (Lists.gnupg at mephisto.fastmail.net) Date: Sat, 19 Feb 2011 09:53:50 -0500 Subject: Some SHA-2 news Message-ID: <20110219145349.GA61215@mini.hansaeditions.net> I found this linked from slashdot; I thought some readers of this list might find it interesting: http://www.thinq.co.uk/2011/2/18/nist-boosts-crypto-faster-sha-2-functions/ Think we'll see this included one day in OpenPGP, or will we just skip to SHA-3 when it's ready? -- "Le hasard favorise l'esprit pr?par?." --Louis Pasteur -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 670 bytes Desc: not available URL: From dshaw at jabberwocky.com Sat Feb 19 17:18:03 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Sat, 19 Feb 2011 11:18:03 -0500 Subject: Some SHA-2 news In-Reply-To: <20110219145349.GA61215@mini.hansaeditions.net> References: <20110219145349.GA61215@mini.hansaeditions.net> Message-ID: <94B02BB4-B88F-412F-ADAF-0D25CFA0CCB6@jabberwocky.com> On Feb 19, 2011, at 9:53 AM, Lists.gnupg at mephisto.fastmail.net wrote: > I found this linked from slashdot; I thought some readers of this list > might find it interesting: > > http://www.thinq.co.uk/2011/2/18/nist-boosts-crypto-faster-sha-2-functions/ > > Think we'll see this included one day in OpenPGP, or will we just skip > to SHA-3 when it's ready? I doubt it. The idea behind this is interesting, but OpenPGP already has digests of that size, and in the amount of time it will take to get these new hashes into code and deployed widely enough to be useful, we'll be right around SHA-3 time anyway. David From rjh at sixdemonbag.org Sat Feb 19 20:55:14 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 19 Feb 2011 14:55:14 -0500 Subject: Some SHA-2 news In-Reply-To: <20110219145349.GA61215@mini.hansaeditions.net> References: <20110219145349.GA61215@mini.hansaeditions.net> Message-ID: <4D602022.2080400@sixdemonbag.org> On 2/19/11 9:53 AM, Lists.gnupg at mephisto.fastmail.net wrote: > Think we'll see this included one day in OpenPGP, or will we just skip > to SHA-3 when it's ready? Usually, algorithms are added due to existing users with a strong need -- e.g., CAMELLIA came about because users in the Pacific Rim needed it. I'm unaware of anyone saying, "the SHA-2s are great, but they're too slow on 64-bit processors." And until there is, the odds of OpenPGP adoption are practically nil, IMO. From gnupg.user at seibercom.net Sun Feb 20 13:19:15 2011 From: gnupg.user at seibercom.net (Jerry) Date: Sun, 20 Feb 2011 07:19:15 -0500 Subject: Some SHA-2 news In-Reply-To: <4D602022.2080400@sixdemonbag.org> References: <20110219145349.GA61215@mini.hansaeditions.net> <4D602022.2080400@sixdemonbag.org> Message-ID: <20110220071915.4411eb3d@scorpio> On Sat, 19 Feb 2011 14:55:14 -0500 Robert J. Hansen articulated: > On 2/19/11 9:53 AM, Lists.gnupg at mephisto.fastmail.net wrote: > > Think we'll see this included one day in OpenPGP, or will we just > > skip to SHA-3 when it's ready? > > Usually, algorithms are added due to existing users with a strong need > -- e.g., CAMELLIA came about because users in the Pacific Rim needed > it. > > I'm unaware of anyone saying, "the SHA-2s are great, but they're too > slow on 64-bit processors." And until there is, the odds of OpenPGP > adoption are practically nil, IMO. Out of simple morbid curiosity, other than the time and effort needed to adopt the code, is there any downside to this venture? -- Jerry ? GNUPG.user at seibercom.net _____________________________________________________________________ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. From JPClizbe at tx.rr.com Sun Feb 20 23:00:44 2011 From: JPClizbe at tx.rr.com (John Clizbe) Date: Sun, 20 Feb 2011 16:00:44 -0600 Subject: Some SHA-2 news In-Reply-To: <20110220071915.4411eb3d@scorpio> References: <20110219145349.GA61215@mini.hansaeditions.net> <4D602022.2080400@sixdemonbag.org> <20110220071915.4411eb3d@scorpio> Message-ID: <4D618F0C.5070409@tx.rr.com> Jerry wrote: > On Sat, 19 Feb 2011 14:55:14 -0500 > Robert J. Hansen articulated: > >> On 2/19/11 9:53 AM, Lists.gnupg at mephisto.fastmail.net wrote: >> > Think we'll see this included one day in OpenPGP, or will we just >> > skip to SHA-3 when it's ready? >> >> Usually, algorithms are added due to existing users with a strong need >> -- e.g., CAMELLIA came about because users in the Pacific Rim needed >> it. >> >> I'm unaware of anyone saying, "the SHA-2s are great, but they're too >> slow on 64-bit processors." And until there is, the odds of OpenPGP >> adoption are practically nil, IMO. > > Out of simple morbid curiosity, other than the time and effort needed > to adopt the code, is there any downside to this venture? The downside is not just the time and effort to adopt and include this new method. New code increases the risks of introducing new bugs. Personal thought: With the exception of some much older SPARC and Alpha*, aren't 64-bit platforms usually at the higher end of the performance charts? Why speed up there? If work is needed to speed up cryptographic functions, why not concentrate on the cell phone/PDA end of the performance spectrum where it is truly needed? * - I'm sure there exist other older 64-bit architectures (MIPS, POWER,...). I only included those which I regularly use. -- John P. Clizbe Inet: John (a) Enigmail DAWT net FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 889 bytes Desc: OpenPGP digital signature URL: From Lists.gnupg at mephisto.fastmail.net Sun Feb 20 23:06:01 2011 From: Lists.gnupg at mephisto.fastmail.net (Lists.gnupg at mephisto.fastmail.net) Date: Sun, 20 Feb 2011 17:06:01 -0500 Subject: Some SHA-2 news In-Reply-To: <20110220071915.4411eb3d@scorpio> References: <20110219145349.GA61215@mini.hansaeditions.net> <4D602022.2080400@sixdemonbag.org> <20110220071915.4411eb3d@scorpio> Message-ID: <20110220220601.GA33560@mini.hansaeditions.net> On Sun, Feb 20, 2011 at 07:19:15AM -0500 Also sprach Jerry: > On Sat, 19 Feb 2011 14:55:14 -0500 > Robert J. Hansen articulated: > > > On 2/19/11 9:53 AM, Lists.gnupg at mephisto.fastmail.net wrote: > > > Think we'll see this included one day in OpenPGP, or will we just > > > skip to SHA-3 when it's ready? > > > > Usually, algorithms are added due to existing users with a strong need > > -- e.g., CAMELLIA came about because users in the Pacific Rim needed > > it. > > > > I'm unaware of anyone saying, "the SHA-2s are great, but they're too > > slow on 64-bit processors." And until there is, the odds of OpenPGP > > adoption are practically nil, IMO. > > Out of simple morbid curiosity, other than the time and effort needed > to adopt the code, is there any downside to this venture? > I can't really see much downside, except, as has been noted, a possible lack of demand. I don't believe security is affected one way or the other. It's just a matter of a slight performance improvement on certain hardware. With SHA-3 so close on the horizon, though, I find it doubtful that a minor re-working of SHA-2 would gather much adoption. It somewhat surprises me, even, that NIST bothered with it. I suppose someone, somewhere, must be saying "the SHA-2s are great, but they're too slow..." or why would anyone have put the work in to extend the standard, as has been done? I think understanding this was the motivation for my original post. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 719 bytes Desc: not available URL: From rjh at sixdemonbag.org Sun Feb 20 23:19:09 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 20 Feb 2011 17:19:09 -0500 Subject: Some SHA-2 news In-Reply-To: <4D618F0C.5070409@tx.rr.com> References: <20110219145349.GA61215@mini.hansaeditions.net> <4D602022.2080400@sixdemonbag.org> <20110220071915.4411eb3d@scorpio> <4D618F0C.5070409@tx.rr.com> Message-ID: <4D61935D.1090101@sixdemonbag.org> On 2/20/11 5:00 PM, John Clizbe wrote: > Personal thought: With the exception of some much older SPARC and Alpha*, aren't > 64-bit platforms usually at the higher end of the performance charts? Why speed > up there? If work is needed to speed up cryptographic functions, why not > concentrate on the cell phone/PDA end of the performance spectrum where it is > truly needed? Some mobile devices use 64-bit processors. E.g., the Cell processor is 64-bit, as are some Atom variants. As more 64-bit processors get thrown into mobile devices, fast 64-bit code becomes more important. At present 64-bit procs are a substantial minority, but this will change quickly in the next few years. Apple seems pretty married to 32-bit ARM architecture for their mobile devices: the rest of the world seems pretty eager to shift. From rjh at sixdemonbag.org Sun Feb 20 23:34:47 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 20 Feb 2011 17:34:47 -0500 Subject: Some SHA-2 news In-Reply-To: <4D618F0C.5070409@tx.rr.com> References: <20110219145349.GA61215@mini.hansaeditions.net> <4D602022.2080400@sixdemonbag.org> <20110220071915.4411eb3d@scorpio> <4D618F0C.5070409@tx.rr.com> Message-ID: <4D619707.5070209@sixdemonbag.org> > The downside is not just the time and effort to adopt and include this new > method. New code increases the risks of introducing new bugs. Agreement and addendum: it also increases the amount of code that has to be supported going into the future. There's a rule in software engineering, usually called the "second system effect." In essence, the first release of a software release has a tendency to be better than subsequent releases. The first release only does what it absolutely has to do: subsequent releases get weighted down by all the bells and whistles people want but which never actually get used. Look at Microsoft Word: as time has gone on, Microsoft Word has exploded in complexity to the point where it might actually be bigger and more complicated than Windows itself. (Before anyone accuses me of MS-bashing, Free Software has lots of examples, too.) Good software engineers fight the second-system effect tooth and nail. Part of that means limiting what new bells and whistles get added. So, yeah: in addition to what John says about the risk factor, there's also the second-system factor. From mwood at IUPUI.Edu Mon Feb 21 23:25:44 2011 From: mwood at IUPUI.Edu (Mark H. Wood) Date: Mon, 21 Feb 2011 17:25:44 -0500 Subject: Some SHA-2 news In-Reply-To: <4D619707.5070209@sixdemonbag.org> References: <20110219145349.GA61215@mini.hansaeditions.net> <4D602022.2080400@sixdemonbag.org> <20110220071915.4411eb3d@scorpio> <4D618F0C.5070409@tx.rr.com> <4D619707.5070209@sixdemonbag.org> Message-ID: <20110221222544.GA26033@IUPUI.Edu> Hrm, well, the Second-System Effect refers to a problem with designers, not releases. As Brooks put it, "this second is the most dangerous system a man ever designs." (1) It refers to the designer's typical advance from caution, to boldness, to mature judgment. The accumulation of complexity over time probably belongs to the Creeping Featurism family. ------------------ 1 Brooks, Frederick P., jr.: _The Mythical Man-Month_, p. 55 -- Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu Asking whether markets are efficient is like asking whether people are smart. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From rjh at sixdemonbag.org Mon Feb 21 23:40:06 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 21 Feb 2011 17:40:06 -0500 Subject: Some SHA-2 news In-Reply-To: <20110221222544.GA26033@IUPUI.Edu> References: <20110219145349.GA61215@mini.hansaeditions.net> <4D602022.2080400@sixdemonbag.org> <20110220071915.4411eb3d@scorpio> <4D618F0C.5070409@tx.rr.com> <4D619707.5070209@sixdemonbag.org> <20110221222544.GA26033@IUPUI.Edu> Message-ID: <4D62E9C6.1060204@sixdemonbag.org> On 2/21/2011 5:25 PM, Mark H. Wood wrote: > The accumulation of complexity over time probably belongs to the > Creeping Featurism family. There are no hard and fast lines here: it isn't as if there are canonical definitions that delineate where one ends and the next begins. The core of the idea matters much more than what name is put upon it. From ben at adversary.org Tue Feb 22 01:19:23 2011 From: ben at adversary.org (Ben McGinnes) Date: Tue, 22 Feb 2011 11:19:23 +1100 Subject: ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or directory In-Reply-To: References: <4D5AFACF.6010505@sixdemonbag.org> <4D5AFE8F.1050409@sixdemonbag.org> Message-ID: <4D63010B.3040601@adversary.org> On 16/02/11 9:40 AM, hare krishna wrote: > (a) What OS are you running? - UNIX > (b) Which version? - platform/SUNW,Sun-Fire-V490 There are multiple operating systems which will run on the V490, including Solaris (of course) and OpenBSD. Send the output of "uname -a" to the list if you can't tell the difference between the name of an OS and a registered trademark. Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Tue Feb 22 23:09:03 2011 From: wk at gnupg.org (Werner Koch) Date: Tue, 22 Feb 2011 23:09:03 +0100 Subject: [gpgtools-org] GPGTools: short introduction In-Reply-To: (Steve's message of "Wed, 16 Feb 2011 14:52:16 +0100") References: <4B23331C-7098-4372-8A3F-49755087D6A4@willner.ws> <87y66w3l95.fsf@vigenere.g10code.de> <37417FC4-E77A-412E-9AEE-338C7EC04B0F@willner.ws> <87d3mt8xjg.fsf@vigenere.g10code.de> Message-ID: <87ei6z203k.fsf@vigenere.g10code.de> On Wed, 16 Feb 2011 14:52, stevebell at gulli.com said: > GPGMail: www.gpgmail.org no longer exists, please update link to > MacGPG2: although the SF page still exists, it is planned to be I updated both; should go online with the net rebuild this night. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From Wayne.Butterworth at isofthealth.com Wed Feb 23 09:00:02 2011 From: Wayne.Butterworth at isofthealth.com (Wayne Butterworth) Date: Wed, 23 Feb 2011 19:00:02 +1100 Subject: gpg-agent: can't connect to the PIN entry module: End of file Message-ID: <2837AF61417B2F4E84D93DB237A903D7027963CE5D@aussyd-msg07> Hi, I'm trying to use gpg-agent as a replacement for ssh-agent, as a learning experience. It is possible that I am using the tools incorrectly, so I apologise in advance for doing something silly. When I try to load the key using ssh-add, I receive the error Error reading response length from authentication socket. Broken Pipe And the gpg-agent process dies. The command I am using to load the key is . $HOME/gpg-agent.sh; ssh-add css-dev I am prompted for the passphrase, which I enter, and then get the error mentioned above. The command ( and response ) that I used to start gpg-agent is: gpg-agent --daemon --enable-ssh-support --write-env-file "${HOME}/gpg-agent.sh" --log-file "${HOME}/gpg-agent.log" --debug-level guru gpg-agent[13551]: enabled debug flags: command mpi crypto memory cache memstat hashing assuan GPG_AGENT_INFO=/tmp/gpg-Jj1UU7/S.gpg-agent:13552:1; export GPG_AGENT_INFO; SSH_AUTH_SOCK=/tmp/gpg-yP1qF5/S.gpg-agent.ssh; export SSH_AUTH_SOCK; SSH_AGENT_PID=13552; export SSH_AGENT_PID; The contents of the log file: 2011-02-23 18:44:26 gpg-agent[13552] gpg-agent (GnuPG) 2.0.17 started 2011-02-23 18:44:49 gpg-agent[13552] ssh handler 0x760a0 for fd 8 started 2011-02-23 18:44:53 gpg-agent[13552] ssh request handler for add_identity (17) started 2011-02-23 18:44:53 gpg-agent[13552] starting a new PIN Entry 2011-02-23 18:44:53 gpg-agent[13552] can't connect to the PIN entry module: End of file I have a fresh build of pinentry 0.8.1 installed in /usr/local/bin: root at iba5:/ $ ls -l /usr/local/bin/pin* lrwxrwxrwx 1 root root 15 Feb 23 16:00 /usr/local/bin/pinentry -> pinentry-curses -rwxr-xr-x 1 root root 120368 Feb 23 15:52 /usr/local/bin/pinentry-curses -rwxr-xr-x 1 root root 300556 Feb 23 15:52 /usr/local/bin/pinentry-gtk-2 I have fresh builds of gpg 2.0.17, libassuan 2.0.0, libgcrypt 1.4.6, libska 1.1.0 and pth 2.0.7, all built using default options. I'm running Solaris 10. Any help that you could provide would be greatly appreciated. Thanks and regards, Wayne. ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ -------------- next part -------------- An HTML attachment was scrubbed... URL: From aaron.toponce at gmail.com Thu Feb 24 07:26:14 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Wed, 23 Feb 2011 23:26:14 -0700 Subject: Default hash Message-ID: <20110224062614.GB17846@poseidon.cocyt.us> Given the release of v1.4.10, the SHA256 hashing algorithm is preferred over SHA1. Yet, after updating my default preferences with 'setpref' and signing some text, SHA1 is still used as the default hashing algorithm. Is there something else I need to do to ensure that I'm using SHA256 by default for the hash? Thanks, -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 527 bytes Desc: Digital signature URL: From dougb at dougbarton.us Thu Feb 24 10:03:52 2011 From: dougb at dougbarton.us (Doug Barton) Date: Thu, 24 Feb 2011 01:03:52 -0800 Subject: Default hash In-Reply-To: <20110224062614.GB17846@poseidon.cocyt.us> References: <20110224062614.GB17846@poseidon.cocyt.us> Message-ID: <4D661EF8.5040304@dougbarton.us> On 02/23/2011 22:26, Aaron Toponce wrote: > Given the release of v1.4.10, the SHA256 hashing algorithm is preferred > over SHA1. Yet, after updating my default preferences with 'setpref' and > signing some text, SHA1 is still used as the default hashing algorithm. > Is there something else I need to do to ensure that I'm using SHA256 by > default for the hash? You're using a 1024 bit DSA key, which won't allow for 256 bit hashes. RIPEMD-160 is the largest you can use, and works well for that kind of key. hth, Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ From ben at adversary.org Thu Feb 24 10:37:50 2011 From: ben at adversary.org (Ben McGinnes) Date: Thu, 24 Feb 2011 20:37:50 +1100 Subject: Default hash In-Reply-To: <4D661EF8.5040304@dougbarton.us> References: <20110224062614.GB17846@poseidon.cocyt.us> <4D661EF8.5040304@dougbarton.us> Message-ID: <4D6626EE.1050909@adversary.org> On 24/02/11 8:03 PM, Doug Barton wrote: > On 02/23/2011 22:26, Aaron Toponce wrote: >> >> Given the release of v1.4.10, the SHA256 hashing algorithm is >> preferred over SHA1. Yet, after updating my default preferences >> with 'setpref' and signing some text, SHA1 is still used as the >> default hashing algorithm. Is there something else I need to do to >> ensure that I'm using SHA256 by default for the hash? > > You're using a 1024 bit DSA key, which won't allow for 256 bit > hashes. RIPEMD-160 is the largest you can use, and works well for > that kind of key. Well, he can use SHA256 or SHA512, but like mine it will be truncated to 160 bits, as was explained to me on this list a couple of months ago. As I recall, I edited the key with setpref to this: Cipher: AES256, TWOFISH, CAMELLIA256, AES192, CAMELLIA192, AES, CAMELLIA128, 3DES, CAST5, BLOWFISH, IDEA Digest: SHA512, SHA384, SHA256, SHA224, RIPEMD160, SHA1, MD5 Compression: BZIP2, ZLIB, ZIP, Uncompressed Features: MDC, Keyserver no-modify Then added this to gpg.conf: enable-dsa2 default-preference-list S9 S10 S13 S8 S12 S7 S11 S2 S3 S4 S1 H10 H9 H8 H11 H3 H2 H1 Z3 Z2 Z1 Z0 personal-cipher-preferences S9 S10 S13 S8 S12 S7 S11 S2 S3 S4 S1 personal-digest-preferences H10 H9 H8 H11 H3 H2 H1 personal-compress-preferences Z3 Z2 Z1 Z0 IDEA is only included because of one or two freaks I know who still use it. Oh and some ancient stuff I encrypted around fifteen years ago, but have yet to convert. Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Thu Feb 24 13:10:50 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 24 Feb 2011 07:10:50 -0500 Subject: Default hash In-Reply-To: <20110224062614.GB17846@poseidon.cocyt.us> References: <20110224062614.GB17846@poseidon.cocyt.us> Message-ID: > Given the release of v1.4.10, the SHA256 hashing algorithm is preferred > over SHA1. Yet, after updating my default preferences with 'setpref' and > signing some text, SHA1 is still used as the default hashing algorithm. > Is there something else I need to do to ensure that I'm using SHA256 by > default for the hash? Add these two lines to your gpg.conf file: enable-dsa2 personal-digest-preferences SHA256 (enable-dsa2 may no longer be necessary as of recent GnuPG versions, but it will certainly not harm anything.) From aaron.toponce at gmail.com Thu Feb 24 14:48:49 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Thu, 24 Feb 2011 06:48:49 -0700 Subject: Default hash In-Reply-To: <4D6626EE.1050909@adversary.org> References: <20110224062614.GB17846@poseidon.cocyt.us> <4D661EF8.5040304@dougbarton.us> <4D6626EE.1050909@adversary.org> Message-ID: <20110224134849.GC17846@poseidon.cocyt.us> On Thu, Feb 24, 2011 at 08:37:50PM +1100, Ben McGinnes wrote: > On 24/02/11 8:03 PM, Doug Barton wrote: > > You're using a 1024 bit DSA key, which won't allow for 256 bit > > hashes. RIPEMD-160 is the largest you can use, and works well for > > that kind of key. Okay. That's understandable. That was why I generated a 2048-bit RSA subkey, so I could take advantage of the SHA2 algorithms. For some reason, I was thinking that with the update of GPG, my 1024-bit DSA key now had access to them. > Well, he can use SHA256 or SHA512, but like mine it will be truncated > to 160 bits, as was explained to me on this list a couple of months ago. > > As I recall, I edited the key with setpref to this: > > Cipher: AES256, TWOFISH, CAMELLIA256, AES192, CAMELLIA192, AES, > CAMELLIA128, 3DES, CAST5, BLOWFISH, IDEA > Digest: SHA512, SHA384, SHA256, SHA224, RIPEMD160, SHA1, MD5 > Compression: BZIP2, ZLIB, ZIP, Uncompressed > Features: MDC, Keyserver no-modify > > Then added this to gpg.conf: > > enable-dsa2 > default-preference-list S9 S10 S13 S8 S12 S7 S11 S2 S3 S4 S1 H10 H9 H8 > H11 H3 H2 H1 Z3 Z2 Z1 Z0 > personal-cipher-preferences S9 S10 S13 S8 S12 S7 S11 S2 S3 S4 S1 > personal-digest-preferences H10 H9 H8 H11 H3 H2 H1 > personal-compress-preferences Z3 Z2 Z1 Z0 I wanted to avoid breaking from default, which was the main reason for my post, but it appears that it's not possible if I want to use the stronger hashes, which is fine. As long as I know the limitations of my keys, and don't force preferences when sending encrypted/signed mail to others, I'm good. > IDEA is only included because of one or two freaks I know who still > use it. Oh and some ancient stuff I encrypted around fifteen years > ago, but have yet to convert. Yeah, no interest in IDEA here. :) Thanks for your help. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 527 bytes Desc: Digital signature URL: From aaron.toponce at gmail.com Thu Feb 24 15:09:11 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Thu, 24 Feb 2011 07:09:11 -0700 Subject: Rebuilding the private key from signatures Message-ID: <20110224140911.GD17846@poseidon.cocyt.us> I generated my key back in 2004, and I've been a very vocal and active supporter of GnuPG, encrypting communications, and digitally signing mail. However, I was in a discussion with a friend, and the topic came up that it is theoretically possible to rebuild your private key if someone had access to all your signed mail. We debated the size of signatures and mail that would need to be collected for this to be probable. Is it? What is the likelihood that an attacker could rebuild a private key from a collections of signed mail, and would it depend on the hash used in the algorithm? -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 527 bytes Desc: Digital signature URL: From rjh at sixdemonbag.org Thu Feb 24 15:13:13 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 24 Feb 2011 09:13:13 -0500 Subject: Rebuilding the private key from signatures In-Reply-To: <20110224140911.GD17846@poseidon.cocyt.us> References: <20110224140911.GD17846@poseidon.cocyt.us> Message-ID: <4D666779.8000702@sixdemonbag.org> On 2/24/11 9:09 AM, Aaron Toponce wrote: > However, I was in a discussion with a friend, and the topic came > up that it is theoretically possible to rebuild your private key if > someone had access to all your signed mail. It is theoretically possible to rebuild your private key if someone has access to *one* signed mail. It is also theoretically possible to rebuild your private key using a fifth of gin and a Ouija board. These two theoretical possibilities are of roughly the same magnitude. Don't worry about it. :) From atom at smasher.org Thu Feb 24 15:39:10 2011 From: atom at smasher.org (Atom Smasher) Date: Fri, 25 Feb 2011 03:39:10 +1300 (NZDT) Subject: Rebuilding the private key from signatures In-Reply-To: <20110224140911.GD17846@poseidon.cocyt.us> References: <20110224140911.GD17846@poseidon.cocyt.us> Message-ID: <1102250313110.2320@smasher> On Thu, 24 Feb 2011, Aaron Toponce wrote: > However, I was in a discussion with a friend, and the topic came up that > it is theoretically possible to rebuild your private key if someone had > access to all your signed mail. We debated the size of signatures and > mail that would need to be collected for this to be probable. > > Is it? ================= if an attacker has two messages signed with DSA, and they happen to use the same value of "k" then it's trivial to recover the private key. a random "k" is the achilles heel of DSA and elgamal (and their ECC derivatives). if "k" is truly random (and reasonably large), the chances of getting a duplicate "k" approaches zero... if "k" is not reasonably large or there's a bias that can produce duplicate "k"s with the same value, you're hosed. http://www.the-fifth-hope.org/hoop/5hope_speakers.khtml#panel037 http://en.wikipedia.org/wiki/Digital_Signature_Algorithm http://en.wikipedia.org/wiki/ElGamal_signature_scheme -- ...atom ________________________ http://atom.smasher.org/ 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "To consider yourself an environmentalist and still eat meat is like saying you're a philanthropist who doesn't give to charity" -- Howard Lyman From dkg at fifthhorseman.net Thu Feb 24 16:32:11 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Thu, 24 Feb 2011 10:32:11 -0500 Subject: Default hash In-Reply-To: <4D661EF8.5040304@dougbarton.us> References: <20110224062614.GB17846@poseidon.cocyt.us> <4D661EF8.5040304@dougbarton.us> Message-ID: <4D6679FB.2070203@fifthhorseman.net> On 02/24/2011 04:03 AM, Doug Barton wrote: > On 02/23/2011 22:26, Aaron Toponce wrote: >> Given the release of v1.4.10, the SHA256 hashing algorithm is preferred >> over SHA1. Yet, after updating my default preferences with 'setpref' and >> signing some text, SHA1 is still used as the default hashing algorithm. >> Is there something else I need to do to ensure that I'm using SHA256 by >> default for the hash? > > You're using a 1024 bit DSA key, which won't allow for 256 bit hashes. > RIPEMD-160 is the largest you can use, and works well for that kind of key. This isn't actually the case. Aaron's primary key (0x8086060F) is indeed 1024-bit DSA, but his mail is signed with a 2048-bit RSA subkey (0xFC04088F), which is perfectly capable of using the stronger digests. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From dkg at fifthhorseman.net Thu Feb 24 16:38:41 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Thu, 24 Feb 2011 10:38:41 -0500 Subject: Rebuilding the private key from signatures In-Reply-To: <20110224140911.GD17846@poseidon.cocyt.us> References: <20110224140911.GD17846@poseidon.cocyt.us> Message-ID: <4D667B81.4060407@fifthhorseman.net> On 02/24/2011 09:09 AM, Aaron Toponce wrote: > What is the likelihood that an attacker could rebuild a private key from > a collections of signed mail, and would it depend on the hash used in > the algorithm? It doesn't depend as much on the digest algorithm used as it does on the type of public key and the quality of the PRNG used during the signature process. DSA keys in particular can be recovered if the random number generator used to create the signatures turns out to be predictable: http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.35.1538 Fortunately, i don't think that the PRNG used in GnuPG has any known vulnerabilities. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From gnupg.user at seibercom.net Thu Feb 24 21:58:06 2011 From: gnupg.user at seibercom.net (Jerry) Date: Thu, 24 Feb 2011 15:58:06 -0500 Subject: Rebuilding the private key from signatures In-Reply-To: <4D667B81.4060407@fifthhorseman.net> References: <20110224140911.GD17846@poseidon.cocyt.us> <4D667B81.4060407@fifthhorseman.net> Message-ID: <20110224155806.4ccd6cdd@scorpio> On Thu, 24 Feb 2011 10:38:41 -0500 Daniel Kahn Gillmor articulated: > Fortunately, i don't think that the PRNG used in GnuPG has any known > vulnerabilities. The key word there is "known"; although the feasibility of rebuilding a private key by a normal end user is extremely slight. In any case, I am not going to be losing any sleep over it. Besides, if I wanted a truly secure encryption, I would use a one-time pad system. That is about as secure as it gets. -- Jerry ? GNUPG.user at seibercom.net _____________________________________________________________________ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. Ignorance is never out of style. It was in fashion yesterday, it is the rage today, and it will set the pace tomorrow. Franklin K. Dane -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: not available URL: From aaron.toponce at gmail.com Thu Feb 24 22:28:43 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Thu, 24 Feb 2011 14:28:43 -0700 Subject: Default hash In-Reply-To: <4D6679FB.2070203@fifthhorseman.net> References: <20110224062614.GB17846@poseidon.cocyt.us> <4D661EF8.5040304@dougbarton.us> <4D6679FB.2070203@fifthhorseman.net> Message-ID: <20110224212843.GG17846@poseidon.cocyt.us> On Thu, Feb 24, 2011 at 10:32:11AM -0500, Daniel Kahn Gillmor wrote: > On 02/24/2011 04:03 AM, Doug Barton wrote: > > You're using a 1024 bit DSA key, which won't allow for 256 bit hashes. > > RIPEMD-160 is the largest you can use, and works well for that kind of key. > > This isn't actually the case. Aaron's primary key (0x8086060F) is > indeed 1024-bit DSA, but his mail is signed with a 2048-bit RSA subkey > (0xFC04088F), which is perfectly capable of using the stronger digests. I just ran 'setpref' without any arguments, and it told me that SHA256 would be the default signing algorithm. So, when attempting at doing the signatures, I found SHA1 was coming out. In the past (and now future), I signed all my mail with SHA512, just because I can. The message that started this thread, however, is signed with SHA1, as I wanted to show what was happening (run 'gpg -v --list-packets' on the sig). I didn't want to break from the defaults that GnuPG provided. Due to my 1024-bit DSA key, it appears that RIPEMD-160, SHA1 and MD5 are my only options for signatures. So, with my 2048-bit RSA subkey, I can use all the sHA2 hashes. I had just thought that with the recent update of GnuPG, the SHA2 hashes were available to my DSA key as well. No worries. I'll stick with the non-default prefs in my ~/.gnupg/gpg.conf. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 527 bytes Desc: Digital signature URL: From aaron.toponce at gmail.com Thu Feb 24 22:31:32 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Thu, 24 Feb 2011 14:31:32 -0700 Subject: Default hash In-Reply-To: <4D6626EE.1050909@adversary.org> References: <20110224062614.GB17846@poseidon.cocyt.us> <4D661EF8.5040304@dougbarton.us> <4D6626EE.1050909@adversary.org> Message-ID: <20110224213132.GH17846@poseidon.cocyt.us> On Thu, Feb 24, 2011 at 08:37:50PM +1100, Ben McGinnes wrote: > Cipher: AES256, TWOFISH, CAMELLIA256, AES192, CAMELLIA192, AES, > CAMELLIA128, 3DES, CAST5, BLOWFISH, IDEA > Digest: SHA512, SHA384, SHA256, SHA224, RIPEMD160, SHA1, MD5 > Compression: BZIP2, ZLIB, ZIP, Uncompressed > Features: MDC, Keyserver no-modify > > Then added this to gpg.conf: > > enable-dsa2 > default-preference-list S9 S10 S13 S8 S12 S7 S11 S2 S3 S4 S1 H10 H9 H8 > H11 H3 H2 H1 Z3 Z2 Z1 Z0 > personal-cipher-preferences S9 S10 S13 S8 S12 S7 S11 S2 S3 S4 S1 > personal-digest-preferences H10 H9 H8 H11 H3 H2 H1 > personal-compress-preferences Z3 Z2 Z1 Z0 If I run 'setpref S9 S10 S13 ...' when editing my key, then is adding all this to the gpg.conf file really necessary? I would think that adding all this to the config would be only if you didn't want to change the preferences in your key. Then again, now that I think about it, if you don't set the preferences, then how is a sender supposed to know what you support? -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 527 bytes Desc: Digital signature URL: From aaron.toponce at gmail.com Thu Feb 24 22:33:16 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Thu, 24 Feb 2011 14:33:16 -0700 Subject: Rebuilding the private key from signatures In-Reply-To: <1102250313110.2320@smasher> References: <20110224140911.GD17846@poseidon.cocyt.us> <1102250313110.2320@smasher> Message-ID: <20110224213316.GI17846@poseidon.cocyt.us> On Fri, Feb 25, 2011 at 03:39:10AM +1300, Atom Smasher wrote: > if an attacker has two messages signed with DSA, and they happen to > use the same value of "k" then it's trivial to recover the private > key. > > a random "k" is the achilles heel of DSA and elgamal (and their ECC > derivatives). if "k" is truly random (and reasonably large), the > chances of getting a duplicate "k" approaches zero... if "k" is not > reasonably large or there's a bias that can produce duplicate "k"s > with the same value, you're hosed. Found this: http://rdist.root.org/2010/11/19/dsa-requirements-for-random-k-value/ I've learned something new today. Thank you very, very much! -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 527 bytes Desc: Digital signature URL: From rjh at sixdemonbag.org Fri Feb 25 02:20:17 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 24 Feb 2011 20:20:17 -0500 Subject: Default hash In-Reply-To: <20110224213132.GH17846@poseidon.cocyt.us> References: <20110224062614.GB17846@poseidon.cocyt.us> <4D661EF8.5040304@dougbarton.us> <4D6626EE.1050909@adversary.org> <20110224213132.GH17846@poseidon.cocyt.us> Message-ID: <4D6703D1.2010501@sixdemonbag.org> On 2/24/11 4:31 PM, Aaron Toponce wrote: > If I run 'setpref S9 S10 S13 ...' when editing my key, then is adding > all this to the gpg.conf file really necessary? Yes. "setpref" is, IMO, a badly misnamed command. The preferences you attach to your certificate are more like a ranked set of capabilities: they are what you advertise to the world as what you're capable of accepting, and (to an extent) in which order you prefer them.[*] The default-*-pref in your gpg.conf file is how you tell GnuPG what algorithms you wish to use, and in which order. E.g., if you encrypt a message to someone, the setprefs on your certificate are never even looked at: after all, you're only using your *recipient's* certificate. But if you have a default-*-pref, then GnuPG will (almost) always read and respect that. [*] The OpenPGP spec does not require it be treated as a preference list, but only as a capability set. GnuPG does a modified Borda count, IIRC, to determine which algorithm to use -- basically, the union of sender and recipient capabilities is considered, and each of sender and recipient get to cast a "vote" on which algorithm is used. This is GnuPG-specific behavior: don't expect other OpenPGP implementations to do likewise. From rjh at sixdemonbag.org Fri Feb 25 02:22:03 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 24 Feb 2011 20:22:03 -0500 Subject: PGP/MIME considered harmful for mobile Message-ID: <4D67043B.9050501@sixdemonbag.org> Just as an FYI to the list -- On Android's mail application, PGP/MIME attachments are nigh-unusable. It won't render even the plaintext portions: it has to be downloaded and opened with a text reader. If you're concerned about your mail being readable on a mobile device (which is increasingly important nowadays), you might want to consider switching to inline signatures. From dkg at fifthhorseman.net Fri Feb 25 02:33:11 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Thu, 24 Feb 2011 20:33:11 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D67043B.9050501@sixdemonbag.org> References: <4D67043B.9050501@sixdemonbag.org> Message-ID: <4D6706D7.2080009@fifthhorseman.net> On 02/24/2011 08:22 PM, Robert J. Hansen wrote: > On Android's mail application, PGP/MIME attachments are nigh-unusable. > It won't render even the plaintext portions: it has to be downloaded and > opened with a text reader. If you're concerned about your mail being > readable on a mobile device (which is increasingly important nowadays), > you might want to consider switching to inline signatures. thanks for the heads-up, Robert. I'm assuming you're talking about PGP/MIME signed mail, not encrypted mail. Has this been reported to wherever this mailreader tracks their bugs? if so, could you provide a link to the bug report? I'd like to follow the discussion. Regards, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From jrollins at finestructure.net Fri Feb 25 02:45:03 2011 From: jrollins at finestructure.net (Jameson Rollins) Date: Thu, 24 Feb 2011 17:45:03 -0800 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D67043B.9050501@sixdemonbag.org> References: <4D67043B.9050501@sixdemonbag.org> Message-ID: <87lj14x4yo.fsf@servo.finestructure.net> On Thu, 24 Feb 2011 20:22:03 -0500, "Robert J. Hansen" wrote: > Just as an FYI to the list -- > > On Android's mail application, PGP/MIME attachments are nigh-unusable. > It won't render even the plaintext portions: it has to be downloaded and > opened with a text reader. If you're concerned about your mail being > readable on a mobile device (which is increasingly important nowadays), > you might want to consider switching to inline signatures. Yikes! I thought we were almost done killing inline signatures! Don't revive it now! If PGP/MIME is broken on android, we need to get them to fix it, not go backwards to inline pgp. jamie. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: not available URL: From aaron.toponce at gmail.com Fri Feb 25 03:24:53 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Thu, 24 Feb 2011 19:24:53 -0700 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D67043B.9050501@sixdemonbag.org> References: <4D67043B.9050501@sixdemonbag.org> Message-ID: <20110225022453.GM17846@poseidon.cocyt.us> On Thu, Feb 24, 2011 at 08:22:03PM -0500, Robert J. Hansen wrote: > On Android's mail application, PGP/MIME attachments are nigh-unusable. > It won't render even the plaintext portions: it has to be downloaded and > opened with a text reader. If you're concerned about your mail being > readable on a mobile device (which is increasingly important nowadays), > you might want to consider switching to inline signatures. I don't understand. I use PGP/MIME for all my signatures, and I've not had a problem reading the mail on my Evo, nor reading others mail that uses PGP/MIME. I do see at the top of the interface that there is a "View Attachments" link, but the mail is still readable for me. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 527 bytes Desc: Digital signature URL: From dkg at fifthhorseman.net Fri Feb 25 04:15:56 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Thu, 24 Feb 2011 22:15:56 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D67043B.9050501@sixdemonbag.org> References: <4D67043B.9050501@sixdemonbag.org> Message-ID: <4D671EEC.4070806@fifthhorseman.net> On 02/24/2011 08:22 PM, Robert J. Hansen wrote: > On Android's mail application, PGP/MIME attachments are nigh-unusable. > It won't render even the plaintext portions: it has to be downloaded and > opened with a text reader. If you're concerned about your mail being > readable on a mobile device (which is increasingly important nowadays), > you might want to consider switching to inline signatures. Hm. maybe i don't know what you mean here, but i just tried to verify this with a colleague, and i've come to a different conclusion. I sent a simple text/plain e-mail wrapped in a PGP/MIME signature, generated by enigmail (like this one). that is, the message i sent is structured like this: ???multipart/signed 2181 bytes ??text/plain 219 bytes ??application/pgp-signature attachment [signature.asc] 1030 bytes my colleague is using the application named "email", version 2.2.2 on a stock 2.2.1 motorola droid. He wrote me back: >> The email shows fine, but when I try to view the attachment the email >> application says it "cannot be displayed". So, to be clear: PGP/MIME-signed plaintext mail did not cause any problems with rendering on android in my test. The basic e-mail application is unable to verify the signature, but i think we knew that already. I do *not* consider PGP/MIME harmful for mobile. Regards, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From makrober at gmail.com Fri Feb 25 05:15:05 2011 From: makrober at gmail.com (M.R.) Date: Fri, 25 Feb 2011 04:15:05 +0000 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D671EEC.4070806@fifthhorseman.net> References: <4D67043B.9050501@sixdemonbag.org> <4D671EEC.4070806@fifthhorseman.net> Message-ID: <4D672CC9.9080508@gmail.com> On 02/25/2011 03:15 AM, Daniel Kahn Gillmor wrote: > I do *not* consider PGP/MIME harmful for mobile. They might not be harmfull for ~your~ mobile... Any mail with attachments is likely to be harmful for mobile. You just don't know what device and what program will be used to read your mail and most of those will have difficulty with attachments. If you must use signatures, please make them in-line! Mark R. From dkg at fifthhorseman.net Fri Feb 25 06:37:16 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Fri, 25 Feb 2011 00:37:16 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D672CC9.9080508@gmail.com> References: <4D67043B.9050501@sixdemonbag.org> <4D671EEC.4070806@fifthhorseman.net> <4D672CC9.9080508@gmail.com> Message-ID: <4D67400C.3090809@fifthhorseman.net> On 02/24/2011 11:15 PM, M.R. wrote: > On 02/25/2011 03:15 AM, Daniel Kahn Gillmor wrote: >> I do *not* consider PGP/MIME harmful for mobile. > > They might not be harmfull for ~your~ mobile... heh. i don't have a "mobile", so i can guarantee that :) > Any mail with attachments is likely to be harmful for mobile. > You just don't know what device and what program will be used to > read your mail and most of those will have difficulty with > attachments. If you must use signatures, please make them in-line! There are good reasons to prefer a PGP/MIME and S/MIME signature standards over inline PGP. These standards have been around for a long time, and modern mail user agents should be able to cope by now, even if all they do is discard the multipart/signed wrapper and trailing signature parts. It would be really useful to hear about specific MUAs that can't handle PGP/MIME-signed messages like this one, and to get clear descriptions of the failure modes. But without these kind of specific reports, vague statements like "most of those will have difficulty" just sound like FUD to me. Regards, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Fri Feb 25 07:39:48 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 25 Feb 2011 01:39:48 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D6706D7.2080009@fifthhorseman.net> References: <4D67043B.9050501@sixdemonbag.org> <4D6706D7.2080009@fifthhorseman.net> Message-ID: <4D674EB4.9090901@sixdemonbag.org> On 2/24/11 8:33 PM, Daniel Kahn Gillmor wrote: > thanks for the heads-up, Robert. I'm assuming you're talking about > PGP/MIME signed mail, not encrypted mail. Correct. > Has this been reported to wherever this mailreader tracks their bugs? > if so, could you provide a link to the bug report? I'd like to follow > the discussion. No, since I didn't discover it until I was in the airport checking my email on my Droid X. Notably, I haven't been able to view your messages at all: all I get is an empty message and an icon showing attachments. I have to manually d/l the plain text portions, then open them in either HTMLviewer or QuickOffice. If people doubt this, I'll be happy to show images. From rjh at sixdemonbag.org Fri Feb 25 07:43:50 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 25 Feb 2011 01:43:50 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D671EEC.4070806@fifthhorseman.net> References: <4D67043B.9050501@sixdemonbag.org> <4D671EEC.4070806@fifthhorseman.net> Message-ID: <4D674FA6.6040304@sixdemonbag.org> On 2/24/11 10:15 PM, Daniel Kahn Gillmor wrote: > my colleague is using the application named "email", version 2.2.2 on a > stock 2.2.1 motorola droid. My problem is reproducible on a stock Droid X running 2.2.something -- just got off a very long flight, funeral in the morning: I'll dig the precise version number tomorrow. From rjh at sixdemonbag.org Fri Feb 25 07:45:40 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 25 Feb 2011 01:45:40 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D67400C.3090809@fifthhorseman.net> References: <4D67043B.9050501@sixdemonbag.org> <4D671EEC.4070806@fifthhorseman.net> <4D672CC9.9080508@gmail.com> <4D67400C.3090809@fifthhorseman.net> Message-ID: <4D675014.4040307@sixdemonbag.org> On 2/25/11 12:37 AM, Daniel Kahn Gillmor wrote: > There are good reasons to prefer a PGP/MIME and S/MIME signature > standards over inline PGP. And vice-versa. In inline's defense, it *works*, and PGP/MIME often doesn't. From ludovic at hirlimann.net Fri Feb 25 09:24:07 2011 From: ludovic at hirlimann.net (Ludovic Hirlimann) Date: Fri, 25 Feb 2011 09:24:07 +0100 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D674FA6.6040304@sixdemonbag.org> References: <4D67043B.9050501@sixdemonbag.org> <4D671EEC.4070806@fifthhorseman.net> <4D674FA6.6040304@sixdemonbag.org> Message-ID: <4D676727.5060608@hirlimann.net> On 25/02/11 07:43, Robert J. Hansen wrote: > On 2/24/11 10:15 PM, Daniel Kahn Gillmor wrote: >> my colleague is using the application named "email", version 2.2.2 on a >> stock 2.2.1 motorola droid. > My problem is reproducible on a stock Droid X running 2.2.something -- > just got off a very long flight, funeral in the morning: I'll dig the > precise version number tomorrow. > Some Nokia phones also have issues. So for work related email I use a company provided cert and S/Mime for signing emails, while for my personal emails I use pgp. Ludo -- http://perso.hirlimann.net/~ludo/blog/ http://flickr.com/photos/lhirlimann -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 291 bytes Desc: OpenPGP digital signature URL: From patrick at mozilla-enigmail.org Fri Feb 25 10:07:49 2011 From: patrick at mozilla-enigmail.org (Patrick Brunschwig) Date: Fri, 25 Feb 2011 10:07:49 +0100 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D674FA6.6040304__15418.366486165$1298616278$gmane$org@sixdemonbag.org> References: <4D67043B.9050501@sixdemonbag.org> <4D671EEC.4070806@fifthhorseman.net> <4D674FA6.6040304__15418.366486165$1298616278$gmane$org@sixdemonbag.org> Message-ID: On 25.02.11 07:43, Robert J. Hansen wrote: > On 2/24/11 10:15 PM, Daniel Kahn Gillmor wrote: >> my colleague is using the application named "email", version 2.2.2 on a >> stock 2.2.1 motorola droid. > > My problem is reproducible on a stock Droid X running 2.2.something -- > just got off a very long flight, funeral in the morning: I'll dig the > precise version number tomorrow. The only mail client on Android I know of to handle OpenPGP messages is K9 (together with APG). But K9 only supports inline-PGP, PGP/MIME messages are not displayed. -Patrick From gollo at fsfe.org Fri Feb 25 18:10:19 2011 From: gollo at fsfe.org (Martin Gollowitzer) Date: Fri, 25 Feb 2011 18:10:19 +0100 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D675014.4040307@sixdemonbag.org> References: <4D67043B.9050501@sixdemonbag.org> <4D671EEC.4070806@fifthhorseman.net> <4D672CC9.9080508@gmail.com> <4D67400C.3090809@fifthhorseman.net> <4D675014.4040307@sixdemonbag.org> Message-ID: <20110225171019.GD28045@wingback.gollo.at> * Robert J. Hansen [110225 07:47]: > > There are good reasons to prefer a PGP/MIME and S/MIME signature > > standards over inline PGP. > > And vice-versa. In inline's defense, it *works*, and PGP/MIME often > doesn't. Maybe one should think about *why* this is the case. Nevertheless, your statement is not true as such. PGP/MIME *does* work, but there are MUAs out there which can't cope with it. Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 490 bytes Desc: not available URL: From gollo at fsfe.org Fri Feb 25 18:11:46 2011 From: gollo at fsfe.org (Martin Gollowitzer) Date: Fri, 25 Feb 2011 18:11:46 +0100 Subject: PGP/MIME considered harmful for mobile In-Reply-To: References: <4D67043B.9050501@sixdemonbag.org> <4D671EEC.4070806@fifthhorseman.net> <4D674FA6.6040304__15418.366486165$1298616278$gmane$org@sixdemonbag.org> Message-ID: <20110225171146.GE28045@wingback.gollo.at> * Patrick Brunschwig [110225 10:10]: > On 25.02.11 07:43, Robert J. Hansen wrote: > > On 2/24/11 10:15 PM, Daniel Kahn Gillmor wrote: > >> my colleague is using the application named "email", version 2.2.2 on a > >> stock 2.2.1 motorola droid. > > > > My problem is reproducible on a stock Droid X running 2.2.something -- > > just got off a very long flight, funeral in the morning: I'll dig the > > precise version number tomorrow. > > The only mail client on Android I know of to handle OpenPGP messages is > K9 (together with APG). But K9 only supports inline-PGP, PGP/MIME > messages are not displayed. This is true, but K9 at least does display the messages correctly. Despite that, PGP/MIME support is being worked on because it's considered better than inline PGP. Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 490 bytes Desc: not available URL: From dkg at fifthhorseman.net Fri Feb 25 18:29:21 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Fri, 25 Feb 2011 12:29:21 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <20110225171146.GE28045@wingback.gollo.at> References: <4D67043B.9050501@sixdemonbag.org> <4D671EEC.4070806@fifthhorseman.net> <4D674FA6.6040304__15418.366486165$1298616278$gmane$org@sixdemonbag.org> <20110225171146.GE28045@wingback.gollo.at> Message-ID: <4D67E6F1.3010800@fifthhorseman.net> On 02/25/2011 12:11 PM, Martin Gollowitzer wrote: > * Patrick Brunschwig [110225 10:10]: >> The only mail client on Android I know of to handle OpenPGP messages is >> K9 (together with APG). But K9 only supports inline-PGP, PGP/MIME >> messages are not displayed. > > This is true, but K9 at least does display the messages correctly. These two statements seem to be in direct contradiction to each other. Is K-9 mail able to display the body of a text/plain PGP/MIME-signed message or not? If answers differ based on the version of K-9 mail, what versions support it? I am *not* asking about validating signatures -- I'm just talking about being able to read the (unvalidated) message contents of PGP/MIME-signed messages. I don't use K-9 mail, but i would appreciate some clarity so i know what to recommend to folks who ask me for recommendations. > Despite that, PGP/MIME support is being worked on because it's > considered better than inline PGP. i'm glad to hear that. Thanks for working on it! --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From dshaw at jabberwocky.com Fri Feb 25 19:00:45 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Fri, 25 Feb 2011 13:00:45 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D67E6F1.3010800@fifthhorseman.net> References: <4D67043B.9050501@sixdemonbag.org> <4D671EEC.4070806@fifthhorseman.net> <4D674FA6.6040304__15418.366486165$1298616278$gmane$org@sixdemonbag.org> <20110225171146.GE28045@wingback.gollo.at> <4D67E6F1.3010800@fifthhorseman.net> Message-ID: On Feb 25, 2011, at 12:29 PM, Daniel Kahn Gillmor wrote: > On 02/25/2011 12:11 PM, Martin Gollowitzer wrote: >> * Patrick Brunschwig [110225 10:10]: >>> The only mail client on Android I know of to handle OpenPGP messages is >>> K9 (together with APG). But K9 only supports inline-PGP, PGP/MIME >>> messages are not displayed. >> >> This is true, but K9 at least does display the messages correctly. > > These two statements seem to be in direct contradiction to each other. > > Is K-9 mail able to display the body of a text/plain PGP/MIME-signed > message or not? If answers differ based on the version of K-9 mail, > what versions support it? > > I am *not* asking about validating signatures -- I'm just talking about > being able to read the (unvalidated) message contents of PGP/MIME-signed > messages. This is a crucial point. I'm much more concerned that a mail client can display a PGP/MIME-signed message at all than I am about having support for message verification. Message verification is very useful, but if the mail client can't display the message at all, then it is not compliant with MIME, much less PGP/MIME. David From avi.wiki at gmail.com Fri Feb 25 19:18:21 2011 From: avi.wiki at gmail.com (Avi) Date: Fri, 25 Feb 2011 13:18:21 -0500 Subject: PGP/MIME considered harmful for mobile (Jameson Rollins) Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 For those of us who use webmail, inline signatures are rather useful. - -- Avi -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) - GPGshell v3.77 Comment: Most recent key: Click show in box @ http://is.gd/4xJrs iJgEAREKAEAFAk1n8lg5GGh0dHA6Ly9wZ3AubmljLmFkLmpwL3Brcy9sb29rdXA/ b3A9Z2V0JnNlYXJjaD0weEY4MEUyOUY5AAoJEA1isBn4Din59XYA/18e3tB5ojsl lBpatsKCjKmUhXjusYXtsxv/zIcgQsbYAP9YAdU2WDym1JMXDd2tOV4/8ObwDlqu 5nkIM2o1PuKoZg== =NAhh -----END PGP SIGNATURE----- ---- User:Avraham pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key) Primary key fingerprint: 167C 063F 7981 A1F6 71EC ABAA 0D62 B019 F80E 29F9 ---------- Forwarded message ---------- > From: Jameson Rollins > To: "Robert J. Hansen" , gnupg-users at gnupg.org > Date: Thu, 24 Feb 2011 17:45:03 -0800 > Subject: Re: PGP/MIME considered harmful for mobile > On Thu, 24 Feb 2011 20:22:03 -0500, "Robert J. Hansen" < > rjh at sixdemonbag.org> wrote: > > Just as an FYI to the list -- > > > > On Android's mail application, PGP/MIME attachments are nigh-unusable. > > It won't render even the plaintext portions: it has to be downloaded and > > opened with a text reader. If you're concerned about your mail being > > readable on a mobile device (which is increasingly important nowadays), > > you might want to consider switching to inline signatures. > > Yikes! I thought we were almost done killing inline signatures! Don't > revive it now! > -------------- next part -------------- An HTML attachment was scrubbed... URL: From gollo at fsfe.org Fri Feb 25 19:37:23 2011 From: gollo at fsfe.org (Martin Gollowitzer) Date: Fri, 25 Feb 2011 19:37:23 +0100 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D67E6F1.3010800@fifthhorseman.net> References: <4D67043B.9050501@sixdemonbag.org> <4D671EEC.4070806@fifthhorseman.net> <4D674FA6.6040304__15418.366486165$1298616278$gmane$org@sixdemonbag.org> <20110225171146.GE28045@wingback.gollo.at> <4D67E6F1.3010800@fifthhorseman.net> Message-ID: <20110225183723.GB15396@wingback.gollo.at> * Daniel Kahn Gillmor [110225 18:31]: > On 02/25/2011 12:11 PM, Martin Gollowitzer wrote: > > * Patrick Brunschwig [110225 10:10]: > >> The only mail client on Android I know of to handle OpenPGP messages is > >> K9 (together with APG). But K9 only supports inline-PGP, PGP/MIME > >> messages are not displayed. > > > > This is true, but K9 at least does display the messages correctly. > > These two statements seem to be in direct contradiction to each other. Sorry for the misunderstanding: The message body is being displayed, but the signature is not verified. K9 is the only e-mail client for Android that I consider usable. All the best, Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 490 bytes Desc: not available URL: From gollo at fsfe.org Fri Feb 25 19:56:21 2011 From: gollo at fsfe.org (Martin Gollowitzer) Date: Fri, 25 Feb 2011 19:56:21 +0100 Subject: PGP/MIME considered harmful for mobile (Jameson Rollins) In-Reply-To: References: Message-ID: <20110225185621.GC15396@wingback.gollo.at> * Avi [110225 19:21]: > For those of us who use webmail, inline signatures are rather > useful. There are webmail applications supporting PGP/MIME. If yours doesn't, it is not a good one. Inline signatures are not a good thing IMHO. Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 490 bytes Desc: not available URL: From dkg at fifthhorseman.net Fri Feb 25 20:54:45 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Fri, 25 Feb 2011 14:54:45 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <20110225183723.GB15396@wingback.gollo.at> References: <4D67043B.9050501@sixdemonbag.org> <4D671EEC.4070806@fifthhorseman.net> <4D674FA6.6040304__15418.366486165$1298616278$gmane$org@sixdemonbag.org> <20110225171146.GE28045@wingback.gollo.at> <4D67E6F1.3010800@fifthhorseman.net> <20110225183723.GB15396@wingback.gollo.at> Message-ID: <4D680905.6020404@fifthhorseman.net> On 02/25/2011 01:37 PM, Martin Gollowitzer wrote: > Sorry for the misunderstanding: The message body is being displayed, but > the signature is not verified. K9 is the only e-mail client for Android > that I consider usable. I just received corroboration of a successful read (albeit without signature verification) of a PGP/MIME-signed message from another colleague who is running K-9 Mail 3.318 on CyanogenMod 6. Patrick, if there is a version of K-9 mail that you've seent hat actually doesn't display a PGP/MIME-signed message, it would be good to know more details. Regards, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From davids at russellhospital.org Fri Feb 25 20:03:31 2011 From: davids at russellhospital.org (David Schraeder) Date: Fri, 25 Feb 2011 13:03:31 -0600 Subject: PGP/MIME considered harmful for mobile (Jameson Rollins) In-Reply-To: <20110225185621.GC15396@wingback.gollo.at> References: <20110225185621.GC15396@wingback.gollo.at> Message-ID: <4D67FD03.6080604@russellhospital.org> On 2/25/2011 12:56 PM, Martin Gollowitzer wrote: > * Avi [110225 19:21]: >> For those of us who use webmail, inline signatures are rather >> useful. > > There are webmail applications supporting PGP/MIME. If yours doesn't, it > is not a good one. Inline signatures are not a good thing IMHO. > > Martin > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users Inline has a nice backup option. You can copy and past out of an email and still decode it. Havnt found a good replacement for mime yet. From ben at adversary.org Fri Feb 25 23:22:24 2011 From: ben at adversary.org (Ben McGinnes) Date: Sat, 26 Feb 2011 09:22:24 +1100 Subject: Default hash In-Reply-To: <20110224134849.GC17846@poseidon.cocyt.us> References: <20110224062614.GB17846@poseidon.cocyt.us> <4D661EF8.5040304@dougbarton.us> <4D6626EE.1050909@adversary.org> <20110224134849.GC17846@poseidon.cocyt.us> Message-ID: <4D682BA0.50607@adversary.org> On 25/02/11 12:48 AM, Aaron Toponce wrote: > > I wanted to avoid breaking from default, which was the main reason > for my post, but it appears that it's not possible if I want to use > the stronger hashes, which is fine. As long as I know the > limitations of my keys, and don't force preferences when sending > encrypted/signed mail to others, I'm good. You shouldn't need to worry about changing the preferred order. GPG will determine the most compatible combination of ciphers and hashes based on the keys used to encrypt messages. For example, my preferred symmetric cipher is AES-256, but on a certain mailing list I'm on encrypted messages sent there use Triple-DES because of the preferences/limitations of other recipients' keys. That's all the settings I listed were, an order of preference and not forcing one particular algorithm to the exclusion of all else. Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: OpenPGP digital signature URL: From aaron.toponce at gmail.com Sat Feb 26 00:05:56 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Fri, 25 Feb 2011 16:05:56 -0700 Subject: Default hash In-Reply-To: <4D682BA0.50607@adversary.org> References: <20110224062614.GB17846@poseidon.cocyt.us> <4D661EF8.5040304@dougbarton.us> <4D6626EE.1050909@adversary.org> <20110224134849.GC17846@poseidon.cocyt.us> <4D682BA0.50607@adversary.org> Message-ID: <4D6835D4.5040808@gmail.com> On 02/25/2011 03:22 PM, Ben McGinnes wrote: > You shouldn't need to worry about changing the preferred order. GPG > will determine the most compatible combination of ciphers and hashes > based on the keys used to encrypt messages. For example, my preferred > symmetric cipher is AES-256, but on a certain mailing list I'm on > encrypted messages sent there use Triple-DES because of the > preferences/limitations of other recipients' keys. That's all the > settings I listed were, an order of preference and not forcing one > particular algorithm to the exclusion of all else. Yeah. I'm not one that tends to break from default much, so if GnuPG has a good sane default set of cipher, signing and compression preferences, then who am I to argue? However, I did generate an RSA subkey, so I could get those SHA2 signing algos, and I want to use them. So, with that said, here's what I came up with for my own personal preference: Cipher: TWOFISH, CAMELLIA256, AES256, CAMELLIA192, AES192, CAMELLIA128, AES, BLOWFISH, CAST5, 3DES Digest: SHA512, SHA384, SHA256, SHA224, RIPEMD160, SHA1, MD5 Compression: BZIP2, ZLIB, ZIP, Uncompressed I chose Twofish as my first 256-bit cipher, as I support Bruce Schneier and it's shown to be a very robust and capable cipher, both in terms of speed and memory usage. I then put Camellia over AES due to the low power consumption. I don't trust 3DES, and I don't know much about CAST5 other than what Wikipedia has. Also, my understanding on how the preferences are chosen by GnuPG is the following: 1. User wishes to encrypt mail to me, so my cipher preferences in my public key are pulled. 2. My first preference, Twofish, is used, only if the sender supports the Twofish algorithm. 3. If not, the next cipher in my preference list, Camellia256, is then chosen, so long as the sender also supports Camellia256. 4. Proceed inductively, until a matching cipher that can be agreed on between the two parties is chosen. 5. Message is encrypted using the agreed algorithm. 6. The same is used for signatures and compression. Is this accurate? Thoughts on the order of my prefs? -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 591 bytes Desc: OpenPGP digital signature URL: From aaron.toponce at gmail.com Fri Feb 25 23:43:09 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Fri, 25 Feb 2011 15:43:09 -0700 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D674FA6.6040304@sixdemonbag.org> References: <4D67043B.9050501@sixdemonbag.org> <4D671EEC.4070806@fifthhorseman.net> <4D674FA6.6040304@sixdemonbag.org> Message-ID: <4D68307D.10501@gmail.com> On 02/24/2011 11:43 PM, Robert J. Hansen wrote: > My problem is reproducible on a stock Droid X running 2.2.something -- > just got off a very long flight, funeral in the morning: I'll dig the > precise version number tomorrow. So, I've been doing some triaging to see if I can reproduce this on other mail apps, and I'm coming up empty handed. So far, I've tested the official Gmail app from Google, the K9 mail app, the builtin mail app on my HTC Evo and the builtin mail app on the LG Optimus S. In every case, a PGP/MIME mail displays the body of the text as it should. Sometimes, the cryptographic signature is viewable, sometimes not. So, that brings up the question- what mail app are you using on your Droid X? We should definitely get a bug reported and get this worked on, so we don't have to digress back to using inline signatures. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 591 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Sat Feb 26 03:39:33 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 25 Feb 2011 21:39:33 -0500 Subject: Default hash In-Reply-To: <4D6835D4.5040808@gmail.com> References: <20110224062614.GB17846@poseidon.cocyt.us> <4D661EF8.5040304@dougbarton.us> <4D6626EE.1050909@adversary.org> <20110224134849.GC17846@poseidon.cocyt.us> <4D682BA0.50607@adversary.org> <4D6835D4.5040808@gmail.com> Message-ID: <4D6867E5.7070104@sixdemonbag.org> On 2/25/11 6:05 PM, Aaron Toponce wrote: > I chose Twofish as my first 256-bit cipher, as I support Bruce Schneier > and it's shown to be a very robust and capable cipher, both in terms of > speed and memory usage. Bruce himself recommends AES over TWOFISH. > I don't trust 3DES Why? Bruce himself has said that if speed isn't a concern, nothing else comes close to the trust level of 3DES. FWIW, I don't much care for the Cult of Schneier. He's a good cryppie, a good writer, a top-notch communicator -- but the idea of "supporting" him is, IMO, a little crazy. > 1. User wishes to encrypt mail to me, so my cipher preferences in my > public key are pulled. > 2. My first preference, Twofish, is used, only if the sender supports > the Twofish algorithm. No. A modified Borda count is used. With respect to your prefs, my standard advice applies: unless you know what you're doing and why, stick with the defaults. From aaron.toponce at gmail.com Sat Feb 26 04:27:52 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Fri, 25 Feb 2011 20:27:52 -0700 Subject: Default hash In-Reply-To: <4D6867E5.7070104@sixdemonbag.org> References: <20110224062614.GB17846@poseidon.cocyt.us> <4D661EF8.5040304@dougbarton.us> <4D6626EE.1050909@adversary.org> <20110224134849.GC17846@poseidon.cocyt.us> <4D682BA0.50607@adversary.org> <4D6835D4.5040808@gmail.com> <4D6867E5.7070104@sixdemonbag.org> Message-ID: <4D687338.4090102@gmail.com> On 02/25/2011 07:39 PM, Robert J. Hansen wrote: > Bruce himself recommends AES over TWOFISH. [citation needed] I know that he's recommended AES-128 over AES-256, but I've not read where he's recommended AES over TWOFISH. >> I don't trust 3DES > > Why? Bruce himself has said that if speed isn't a concern, nothing else > comes close to the trust level of 3DES. Again, [citation needed]. 3DES has an effective security of only 80 bits due to the meet-in-the-middle attack and known- or chosen-plaintext attacks, and NIST is only willing to back the algo through 2030. The cryptanalysis seems pretty strong, and it is a slow algo. To each their own, but I'll pass. > FWIW, I don't much care for the Cult of Schneier. He's a good cryppie, > a good writer, a top-notch communicator -- but the idea of "supporting" > him is, IMO, a little crazy. Okay, "support" might have been the wrong word. twofish performance is fast, and his new Skein algorithm, based off threefish, is crazy fast. That said, AES is comparable. twofish is implemented in a crazy amount of crypto software as well. Cryptanalysis is minimal, and the open license of the algorithm is commendable. > A modified Borda count is used. Ah. Okay. That works. > With respect to your prefs, my standard advice applies: unless you know > what you're doing and why, stick with the defaults. Well, I wanted the defaults, but then I couldn't use the SHA2 signing algorithms, now could I? :) -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 591 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Sat Feb 26 04:46:30 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 25 Feb 2011 22:46:30 -0500 Subject: Default hash In-Reply-To: <4D687338.4090102@gmail.com> References: <20110224062614.GB17846@poseidon.cocyt.us> <4D661EF8.5040304@dougbarton.us> <4D6626EE.1050909@adversary.org> <20110224134849.GC17846@poseidon.cocyt.us> <4D682BA0.50607@adversary.org> <4D6835D4.5040808@gmail.com> <4D6867E5.7070104@sixdemonbag.org> <4D687338.4090102@gmail.com> Message-ID: <4D687796.2050407@sixdemonbag.org> On 2/25/11 10:27 PM, Aaron Toponce wrote: > On 02/25/2011 07:39 PM, Robert J. Hansen wrote: >> Bruce himself recommends AES over TWOFISH. > > [citation needed] _Practical Cryptography_. Read it. Other people on this list can provide a page ref: I'm at a funeral in the middle of nowhere and don't have my books handy. > I know that he's recommended AES-128 over AES-256, but I've not read > where he's recommended AES over TWOFISH. Many times. It's not hard to find these recommendations: Google is your friend. > Again, [citation needed]. 3DES has an effective security of only 80 bits > due to the meet-in-the-middle attack and known- or chosen-plaintext > attacks I don't have the exact quote from sci.crypt handy (as mentioned, I'm in the middle of nowhere). I'll look for it once I'm back on the East Coast. I'm sure there are many people here who could provide it for you, though. Regardless, you really need to pay attention to the fine print. First, the numbers you cite are for *two*-key 3DES, and OpenPGP specifies *three*-key 3DES be used. 3DES's meet-in-the-middle is at 112 bits of security -- plenty enough for almost any purpose. Second, that meet-in-the-middle on 3DES requires 2**32 known plaintexts, 2**113 operations, 2**90 encryptions and 2**88 memory. This is so unrealistic it deserves to be called fantasy. Miss any of those and you're up to a work factor of 2**168. So, yeah. 3DES's effective security is 168 bits, unless you're up against the space aliens from Zarbnulax, in which case you're SOL no matter what algorithm you use. > and NIST is only willing to back the algo through 2030. 3DES's history is instructive. NIST has declared it "dead in 20 years" more often than Netcraft has declared BSD to be dying.[*] At this point, I'm unaware of anyone who seriously believes 3DES will be gone in 20 years. Most people seem to be of the belief that in about fifteen years NIST will say, "and 3DES is believed strong through 2050." [*] A humorous reference to a Slashdot meme. BSD partisans, relax, I'm not seriously suggesting this... From John at enigmail.net Sat Feb 26 06:41:38 2011 From: John at enigmail.net (John Clizbe) Date: Fri, 25 Feb 2011 23:41:38 -0600 Subject: Default hash In-Reply-To: <4D687796.2050407@sixdemonbag.org> References: <20110224062614.GB17846@poseidon.cocyt.us> <4D661EF8.5040304@dougbarton.us> <4D6626EE.1050909@adversary.org> <20110224134849.GC17846@poseidon.cocyt.us> <4D682BA0.50607@adversary.org> <4D6835D4.5040808@gmail.com> <4D6867E5.7070104@sixdemonbag.org> <4D687338.4090102@gmail.com> <4D687796.2050407@sixdemonbag.org> Message-ID: <4D689292.3080701@enigmail.net> Robert J. Hansen wrote: > On 2/25/11 10:27 PM, Aaron Toponce wrote: >> On 02/25/2011 07:39 PM, Robert J. Hansen wrote: >>> Bruce himself recommends AES over TWOFISH. >> >> [citation needed] > > _Practical Cryptography_. Read it. Other people on this list can > provide a page ref: I'm at a funeral in the middle of nowhere and don't > have my books handy. pg 64. Sect 4.5.7 - Which Block Cipher Should I Use? -John PS: Rob, peer with my new SKS box, sks.keyservers.net when you get home. I'll look for you on the IM networks later. -- John P. Clizbe Inet: John (a) Enigmail DAWT net FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 889 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Sat Feb 26 07:36:33 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 26 Feb 2011 01:36:33 -0500 Subject: Default hash In-Reply-To: <4D689292.3080701@enigmail.net> References: <20110224062614.GB17846@poseidon.cocyt.us> <4D661EF8.5040304@dougbarton.us> <4D6626EE.1050909@adversary.org> <20110224134849.GC17846@poseidon.cocyt.us> <4D682BA0.50607@adversary.org> <4D6835D4.5040808@gmail.com> <4D6867E5.7070104@sixdemonbag.org> <4D687338.4090102@gmail.com> <4D687796.2050407@sixdemonbag.org> <4D689292.3080701@enigmail.net> Message-ID: <4D689F71.3060501@sixdemonbag.org> On 2/26/11 12:41 AM, John Clizbe wrote: > pg 64. Sect 4.5.7 - Which Block Cipher Should I Use? And, I forgot: I have my Kindle with me. _Practical Cryptography_ isn't available on Kindle, but _Cryptography Engineering_ is (also by Schneier). Quoting from 3.5.6, "Which Block Cipher Should I Choose?" The recent cryptanalytic advances against AES make these a tough choice. Despite these cryptanalytic advances, AES is still what we recommend. It is fast. All known attacks are theoretical, not practical. Even though AES is now broken academically, these breaks do not imply a significant security degradation of real systems in practice. ... There are probably circumstances in which 3DES still is the best solution. If you have to be backward-compatible, or are locked into a 64-bit block size by other parts of the system, then 3DES is still your best choice. ... So, yeah. There's Schneier himself, saying "use AES if at all possible: and if you have to have a 64-bit block size cipher, use 3DES even over Blowfish, CAST5, IDEA, or any other 64-bit block cipher I mentioned in _Applied Cryptography_." Hopefully this puts the nail in the coffin, and we can end this thread. From faramir.cl at gmail.com Sat Feb 26 11:49:41 2011 From: faramir.cl at gmail.com (Faramir) Date: Sat, 26 Feb 2011 07:49:41 -0300 Subject: Default hash In-Reply-To: <4D687338.4090102@gmail.com> References: <20110224062614.GB17846@poseidon.cocyt.us> <4D661EF8.5040304@dougbarton.us> <4D6626EE.1050909@adversary.org> <20110224134849.GC17846@poseidon.cocyt.us> <4D682BA0.50607@adversary.org> <4D6835D4.5040808@gmail.com> <4D6867E5.7070104@sixdemonbag.org> <4D687338.4090102@gmail.com> Message-ID: <4D68DAC5.6090108@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 26-02-2011 0:27, Aaron Toponce escribi?: > On 02/25/2011 07:39 PM, Robert J. Hansen wrote: >> Bruce himself recommends AES over TWOFISH. > > [citation needed] > > I know that he's recommended AES-128 over AES-256, but I've not read > where he's recommended AES over TWOFISH. There is an interview somewhere (I was looking for it to provide citation, but I was unable to find it. I think it used to be in his blog). He said something like "use AES, that is the standard, and no one is fired for using AES", but that doesn't mean AES is better, it just mean it is safer (for you) to be able to say "I used the standard, it was not my fault...". But he also said something suggesting that for personal stuff, maybe you should consider using other things (but again, he didn't said explicitly "for personal stuff I recommend Twofish"). But that was before vulnerabilities were discovered in AES-256 and AES-192. I have no idea what he would recommend now. If you find the interview, please post the link, I was unable to find it. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJNaNrFAAoJEMV4f6PvczxARikH/3c2EheWVWz0ee59+oVoXnHE dQCXc89pT3Wa+75adlacyyQL8RTXYsR4M3IDbrzS3GTTtm5qjtiO0VCsd3FiuWw6 dLk/h401PvAAGyznpK/saSHX+3wAd6I40z0L3RyPa+mtvCzWLLnEGAYg9KEOcGbS oUT8IEHHCXtoxC02F9opoljX7TKXPdRds0SfIfrl1jnuAaid3AgnYld1psfvyQQK Ip1FouX5OaL1j/gWc68WgUnH9FHtrnjyM32qXCnkQEI91o2BGQoIN0E/7S0SDyze MM9oFDckXi6YGl4hLE63G2S5CLtlCLjUpBsZuoB7dYhiIp9wVAM/2yGHFk/NGYQ= =1hId -----END PGP SIGNATURE----- From aaron.toponce at gmail.com Sat Feb 26 15:10:44 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Sat, 26 Feb 2011 07:10:44 -0700 Subject: Default hash In-Reply-To: <4D687796.2050407@sixdemonbag.org> References: <20110224062614.GB17846@poseidon.cocyt.us> <4D661EF8.5040304@dougbarton.us> <4D6626EE.1050909@adversary.org> <20110224134849.GC17846@poseidon.cocyt.us> <4D682BA0.50607@adversary.org> <4D6835D4.5040808@gmail.com> <4D6867E5.7070104@sixdemonbag.org> <4D687338.4090102@gmail.com> <4D687796.2050407@sixdemonbag.org> Message-ID: <4D6909E4.9030009@gmail.com> On 02/25/2011 08:46 PM, Robert J. Hansen wrote: > On 2/25/11 10:27 PM, Aaron Toponce wrote: >> On 02/25/2011 07:39 PM, Robert J. Hansen wrote: >>> Bruce himself recommends AES over TWOFISH. >> >> [citation needed] > > _Practical Cryptography_. Read it. Other people on this list can > provide a page ref: I'm at a funeral in the middle of nowhere and don't > have my books handy. > >> I know that he's recommended AES-128 over AES-256, but I've not read >> where he's recommended AES over TWOFISH. > > Many times. It's not hard to find these recommendations: Google is your > friend. I'm using Google. I'm not seeing it. I'll keep digging. Best I can find is in 2008, he recommends Twofish over Blowfish: http://goo.gl/D3Diq > Regardless, you really need to pay attention to the fine print. First, > the numbers you cite are for *two*-key 3DES, and OpenPGP specifies > *three*-key 3DES be used. 3DES's meet-in-the-middle is at 112 bits of > security -- plenty enough for almost any purpose. > > Second, that meet-in-the-middle on 3DES requires 2**32 known plaintexts, > 2**113 operations, 2**90 encryptions and 2**88 memory. This is so > unrealistic it deserves to be called fantasy. Miss any of those and > you're up to a work factor of 2**168. > > So, yeah. 3DES's effective security is 168 bits, unless you're up > against the space aliens from Zarbnulax, in which case you're SOL no > matter what algorithm you use. Heh. I don't believe in aliens. So, good luck with that. I'm not saying 3DES isn't practical, I just said I'm not interested in using it, and I stated why. I'm also not interested in using SHA1 for my signing hash, but for all _practical_ purposes, it fits the bill just fine. Did you know OpenSSH uses SHA1 by default for their hash, and for the MAC it's MD5 or SHA1! Then again, what's the _practicality_ of your OpenSSH connection being broken by the baddies? The fact of the matter is, GnuPG supports these stronger algorithms, so why not use them? If you have the hardware that can do the math in trivial time, I don't see why you shouldn't use 256-bit or 512-bit crypto. I understand just looking at just key length for security is retarded, but GnuPG ships solid, well researched, highly available, strong crypto. > 3DES's history is instructive. NIST has declared it "dead in 20 years" > more often than Netcraft has declared BSD to be dying.[*] At this > point, I'm unaware of anyone who seriously believes 3DES will be gone in > 20 years. Most people seem to be of the belief that in about fifteen > years NIST will say, "and 3DES is believed strong through 2050." Great! If it has that sort of security, then maybe I'll give it a second thought. I was always under the impression that due to DES being cracked by the EFF in what, 9 months?, that 3DES, just using 3 of the same 56-bit key, wasn't long before we had the hardware to break it in 9 months also. I'll give reconsideration. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 591 bytes Desc: OpenPGP digital signature URL: From dshaw at jabberwocky.com Sat Feb 26 15:44:22 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Sat, 26 Feb 2011 09:44:22 -0500 Subject: Default hash In-Reply-To: <4D6835D4.5040808@gmail.com> References: <20110224062614.GB17846@poseidon.cocyt.us> <4D661EF8.5040304@dougbarton.us> <4D6626EE.1050909@adversary.org> <20110224134849.GC17846@poseidon.cocyt.us> <4D682BA0.50607@adversary.org> <4D6835D4.5040808@gmail.com> Message-ID: On Feb 25, 2011, at 6:05 PM, Aaron Toponce wrote: > Also, my understanding on how the preferences are chosen by GnuPG is the > following: > > 1. User wishes to encrypt mail to me, so my cipher preferences in my > public key are pulled. > 2. My first preference, Twofish, is used, only if the sender supports > the Twofish algorithm. > 3. If not, the next cipher in my preference list, Camellia256, is then > chosen, so long as the sender also supports Camellia256. > 4. Proceed inductively, until a matching cipher that can be agreed on > between the two parties is chosen. > 5. Message is encrypted using the agreed algorithm. > 6. The same is used for signatures and compression. > > Is this accurate? No. It works like this (not literally in this order, but conceptually): 1. User wishes to encrypt mail to you, so your cipher preferences in your public key are pulled. 2. The cipher preferences for all other recipients to that mail are also pulled (very frequently, the sender is also encrypting to his or herself, so that is another recipient). 3. If not already present, 3DES is added to the end of all lists. 4. All the cipher preferences are grouped together into a set. The sender then compares the list of ciphers that exist in their version of OpenPGP with the list of ciphers in this set. Any cipher that is not in both groups is discarded. This is because we don't know if all recipients can handle it. 5. Now we rank the ciphers that haven't been thrown out yet by using the scores given to them by the users. The first cipher in the list gets 1 point, the second cipher in the list gets 2, etc. 6. Pick the lowest numbered cipher. This gives us three things: A) A guarantee that no cipher will be used that cannot be handled by all recipients. This is crucial, as if we used a cipher that wasn't available for everyone, we'd cut off communication. B) A guarantee that all users can communicate. Since every user can handle 3DES, by defintion, it is not possible that the above algorithm will finish without picking a cipher. C) We will pick the cipher that recipients like the most, overall. A) & B) are vital, and required by the OpenPGP standard. C) is optional, but nice to have. So the bottom line here is to set your preferences to the list of ciphers that you are willing to use, in the order in which you like them. You will only get messages encrypted to one of these ciphers, and, at least if your correspondents are using GnuPG, will tend to favor the ciphers that you rank higher. David From expires2011 at ymail.com Sat Feb 26 15:52:12 2011 From: expires2011 at ymail.com (MFPA) Date: Sat, 26 Feb 2011 14:52:12 +0000 Subject: Rebuilding the private key from signatures In-Reply-To: <4D666779.8000702@sixdemonbag.org> References: <20110224140911.GD17846@poseidon.cocyt.us> <4D666779.8000702@sixdemonbag.org> Message-ID: <631290407.20110226145212@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Thursday 24 February 2011 at 2:13:13 PM, in , Robert J. Hansen wrote: > It is also theoretically possible to rebuild your > private key using a fifth of gin and a Ouija board. I couldn't resist asking: do you have a citation for this? - -- Best regards MFPA mailto:expires2011 at ymail.com Always forgive your enemies; nothing annoys them so much -----BEGIN PGP SIGNATURE----- iQE7BAEBCgClBQJNaROjnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pAGoEAJXk 8ho+2GxJatM2jAfn8bXQmbUCNCrPvewukFucFWec/Ma4vPJsH6EEO6KdLQCJtTCl xhDT3wVKE5ckn6cTFYhFERe3u78mLFT0SuXVb39ausP0f2cpnLF0hYAaKqq6zvNn wzd48/wKCtdBalvj+BsG7HwqJDPIf0G2HDOXakVG =lOSk -----END PGP SIGNATURE----- From expires2011 at ymail.com Sat Feb 26 16:48:47 2011 From: expires2011 at ymail.com (MFPA) Date: Sat, 26 Feb 2011 15:48:47 +0000 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <87lj14x4yo.fsf@servo.finestructure.net> References: <4D67043B.9050501@sixdemonbag.org> <87lj14x4yo.fsf@servo.finestructure.net> Message-ID: <142540874.20110226154847@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Friday 25 February 2011 at 1:45:03 AM, in , Jameson Rollins wrote: > Yikes! I thought we were almost done killing inline > signatures! Don't revive it now! > If PGP/MIME is broken on android, we need to get them > to fix it, not go backwards to inline pgp. Using inline PGP signatures means using the simpler and more reliable of the two solutions. The fact that its specification was defined earlier does not mean using inline signatures is a step backwards; PGP/MIME is a complement to pgp inline, not a replacement. - -- Best regards MFPA mailto:expires2011 at ymail.com Consistency is the last refuge of the unimaginative -----BEGIN PGP SIGNATURE----- iQE7BAEBCgClBQJNaSDknhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pniwEALH4 p7TaGDqN4SVjreDacbvO0HQn+ADch6q+c26QZa9I2uRDPtZg8R8ovLr8lB8qJBlR 3FSdZJQWaNEW9WX/q8FLHMLNSw8W1KqeTDkpR8AqmK4ZC0EY6xtOMMeADbfxOC73 S/8d9qI7iws6P/R4YKqsFCxMx3jhn6B8MDybmlSw =M+p2 -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Sat Feb 26 18:06:51 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Sat, 26 Feb 2011 12:06:51 -0500 Subject: Default hash In-Reply-To: <4D6909E4.9030009@gmail.com> References: <20110224062614.GB17846@poseidon.cocyt.us> <4D661EF8.5040304@dougbarton.us> <4D6626EE.1050909@adversary.org> <20110224134849.GC17846@poseidon.cocyt.us> <4D682BA0.50607@adversary.org> <4D6835D4.5040808@gmail.com> <4D6867E5.7070104@sixdemonbag.org> <4D687338.4090102@gmail.com> <4D687796.2050407@sixdemonbag.org> <4D6909E4.9030009@gmail.com> Message-ID: On Feb 26, 2011, at 9:10 AM, Aaron Toponce wrote: >> 3DES's history is instructive. NIST has declared it "dead in 20 years" >> more often than Netcraft has declared BSD to be dying.[*] At this >> point, I'm unaware of anyone who seriously believes 3DES will be gone in >> 20 years. Most people seem to be of the belief that in about fifteen >> years NIST will say, "and 3DES is believed strong through 2050." > > Great! If it has that sort of security, then maybe I'll give it a second > thought. I was always under the impression that due to DES being cracked > by the EFF in what, 9 months?, that 3DES, just using 3 of the same > 56-bit key, wasn't long before we had the hardware to break it in 9 > months also. I'll give reconsideration. Not nine months - 4.5 days on average. At least that was the performance of the DES cracker in 1998. If it were done today, it would probably do better (or at least do it cheaper). 3DES doesn't use 3 of the same 56-bit key. 3DES (at least the 3DES used in OpenPGP) uses three different 56-bit keys. 3DES is still quite secure. It's main problem is that it's *slow*. David From simon at bleah.co.uk Sat Feb 26 19:59:11 2011 From: simon at bleah.co.uk (Simon Ward) Date: Sat, 26 Feb 2011 18:59:11 +0000 Subject: Default hash In-Reply-To: <4D68DAC5.6090108@gmail.com> References: <20110224062614.GB17846@poseidon.cocyt.us> <4D661EF8.5040304@dougbarton.us> <4D6626EE.1050909@adversary.org> <20110224134849.GC17846@poseidon.cocyt.us> <4D682BA0.50607@adversary.org> <4D6835D4.5040808@gmail.com> <4D6867E5.7070104@sixdemonbag.org> <4D687338.4090102@gmail.com> <4D68DAC5.6090108@gmail.com> Message-ID: <20110226185613.GB2295@penfold.cosgrove.lan> On Sat, Feb 26, 2011 at 07:49:41AM -0300, Faramir wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > El 26-02-2011 0:27, Aaron Toponce escribi?: > > On 02/25/2011 07:39 PM, Robert J. Hansen wrote: > >> Bruce himself recommends AES over TWOFISH. > > > > [citation needed] > > > > I know that he's recommended AES-128 over AES-256, but I've not read > > where he's recommended AES over TWOFISH. > > There is an interview somewhere (I was looking for it to provide > citation, but I was unable to find it. I think it used to be in his blog). This one[1]? It doesn?t mention AES though? The topic was discussed on this list a couple of years ago (and probably many other times)[2]. [1]: http://www.schneier.com/news-048.html [2]: http://lists.gnupg.org/pipermail/gnupg-users/2008-September/034622.html Simon -- A complex system that works is invariably found to have evolved from a simple system that works.?John Gall -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From mrwchandler84 at yahoo.com Sat Feb 26 21:11:40 2011 From: mrwchandler84 at yahoo.com (Wayne Chandler) Date: Sat, 26 Feb 2011 14:11:40 -0600 Subject: Edit key Message-ID: <4D695E7C.2090702@yahoo.com> I have returned to a previous ISP, and they've given me a new email address for my secondary email. How do I edit it on my key? I need to delete and/or revoke uid#4, and keep #3, the new one. pub 1024D/4A00352C created: 2006-07-11 expires: never usage: SCA [ultimate] (1). Donald Wayne Chandler [ultimate] (2) Donald Wayne Chandler (GSWoT:US46) [ultimate] (3) Donald Wayne Chandler (Secondary email) [ultimate] (4) Donald Wayne Chandler (Secondary email) From rjh at sixdemonbag.org Sat Feb 26 22:16:36 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 26 Feb 2011 16:16:36 -0500 Subject: Edit key In-Reply-To: <4D695E7C.2090702@yahoo.com> References: <4D695E7C.2090702@yahoo.com> Message-ID: <4D696DB4.8000003@sixdemonbag.org> On 2/26/11 3:11 PM, Wayne Chandler wrote: > I have returned to a previous ISP, and they've given me a new email > address for my secondary email. How do I edit it on my key? I need > to delete and/or revoke uid#4, and keep #3, the new one. At the edit prompt: uid 4 revuid (enter passphrase, etc.) save Once that's done: gpg --keyserver x-hkp://pool.sks-keyservers.net --send-key 4A00352C ... to send your updated certificate to the certservers, so the entire world can see your former UID has been revoked. From faramir.cl at gmail.com Sat Feb 26 22:27:15 2011 From: faramir.cl at gmail.com (Faramir) Date: Sat, 26 Feb 2011 18:27:15 -0300 Subject: Default hash In-Reply-To: <20110226185613.GB2295@penfold.cosgrove.lan> References: <20110224062614.GB17846@poseidon.cocyt.us> <4D661EF8.5040304@dougbarton.us> <4D6626EE.1050909@adversary.org> <20110224134849.GC17846@poseidon.cocyt.us> <4D682BA0.50607@adversary.org> <4D6835D4.5040808@gmail.com> <4D6867E5.7070104@sixdemonbag.org> <4D687338.4090102@gmail.com> <4D68DAC5.6090108@gmail.com> <20110226185613.GB2295@penfold.cosgrove.lan> Message-ID: <4D697033.2030205@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 26-02-2011 15:59, Simon Ward escribi?: > On Sat, Feb 26, 2011 at 07:49:41AM -0300, Faramir wrote: ... >> There is an interview somewhere (I was looking for it to provide >> citation, but I was unable to find it. I think it used to be in his blog). > > This one[1]? It doesn?t mention AES though? The topic was discussed on > this list a couple of years ago (and probably many other times)[2]. > > [1]: http://www.schneier.com/news-048.html Right, my fault, as always I mixed things. But the following link the the one > [2]: http://lists.gnupg.org/pipermail/gnupg-users/2008-September/034622.html Here he says Twofish has speed comparable with AES, without some vulnerabilities (but Serpent is considered even more secure). However, he says if AES fails, you won't be blamed for using it (so is the safest for your career). If you chose Twofish, and it is broken, you will be blamed for choosing it Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJNaXAyAAoJEMV4f6PvczxAvTsH/i2Lf4Fg3fhIFfWQv6286PxF W3l23IqRHiBnmuoTN2t1iv4CDR0yro/w/qoj/c4+oTSFklXt8d+jFepcUkwqc2O1 jhBDsWx/6e2W9j/G6ApyO76w1F8JiAsN84IQZGLMQ3qgbTKt/7oAwuF540ZDVX3C 2lNaOZeegj7xnNfLwUPgTzGnM1qDSHNhne+wk82jUPSD0xfEm7ILZbr7aomdkGL1 31Bw5WwXucG4RkW3UlOHFi0EG+MKtUBbA5frx5JPzjMPFrT29rH3+pEa92SbLpKk m6V3fv/jIrSagNauFZWr8odRp/vFWypf6o94rsMor7j9oKm6NZCcVEczEnWQhCs= =YgI5 -----END PGP SIGNATURE----- From aaron.toponce at gmail.com Sat Feb 26 23:44:06 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Sat, 26 Feb 2011 15:44:06 -0700 Subject: Default hash In-Reply-To: <4D697033.2030205@gmail.com> References: <20110224062614.GB17846@poseidon.cocyt.us> <4D661EF8.5040304@dougbarton.us> <4D6626EE.1050909@adversary.org> <20110224134849.GC17846@poseidon.cocyt.us> <4D682BA0.50607@adversary.org> <4D6835D4.5040808@gmail.com> <4D6867E5.7070104@sixdemonbag.org> <4D687338.4090102@gmail.com> <4D68DAC5.6090108@gmail.com> <20110226185613.GB2295@penfold.cosgrove.lan> <4D697033.2030205@gmail.com> Message-ID: <4D698236.50404@gmail.com> On 02/26/2011 02:27 PM, Faramir wrote: > Here he says Twofish has speed comparable with AES, without some > vulnerabilities (but Serpent is considered even more secure). However, > he says if AES fails, you won't be blamed for using it (so is the safest > for your career). If you chose Twofish, and it is broken, you will be > blamed for choosing it Fortunately for me, this is my personal GnuPG preferences, and not those of my employer. Blowfish is good crypto, and I still haven't found a good reason to not using it. AES is the federal standard. Great. I'm not the feds. :) -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 591 bytes Desc: OpenPGP digital signature URL: From aaron.toponce at gmail.com Sun Feb 27 00:07:59 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Sat, 26 Feb 2011 16:07:59 -0700 Subject: Default hash In-Reply-To: <4D697033.2030205@gmail.com> References: <20110224062614.GB17846@poseidon.cocyt.us> <4D661EF8.5040304@dougbarton.us> <4D6626EE.1050909@adversary.org> <20110224134849.GC17846@poseidon.cocyt.us> <4D682BA0.50607@adversary.org> <4D6835D4.5040808@gmail.com> <4D6867E5.7070104@sixdemonbag.org> <4D687338.4090102@gmail.com> <4D68DAC5.6090108@gmail.com> <20110226185613.GB2295@penfold.cosgrove.lan> <4D697033.2030205@gmail.com> Message-ID: <4D6987CF.4040305@gmail.com> On 02/26/2011 02:27 PM, Faramir wrote: > Here he says Twofish has speed comparable with AES, without some > vulnerabilities (but Serpent is considered even more secure). However, > he says if AES fails, you won't be blamed for using it (so is the safest > for your career). If you chose Twofish, and it is broken, you will be > blamed for choosing it Thoughts? http://eprint.iacr.org/2010/023.pdf -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 591 bytes Desc: OpenPGP digital signature URL: From faramir.cl at gmail.com Sun Feb 27 00:37:37 2011 From: faramir.cl at gmail.com (Faramir) Date: Sat, 26 Feb 2011 20:37:37 -0300 Subject: Default hash In-Reply-To: <4D698236.50404@gmail.com> References: <20110224062614.GB17846@poseidon.cocyt.us> <4D661EF8.5040304@dougbarton.us> <4D6626EE.1050909@adversary.org> <20110224134849.GC17846@poseidon.cocyt.us> <4D682BA0.50607@adversary.org> <4D6835D4.5040808@gmail.com> <4D6867E5.7070104@sixdemonbag.org> <4D687338.4090102@gmail.com> <4D68DAC5.6090108@gmail.com> <20110226185613.GB2295@penfold.cosgrove.lan> <4D697033.2030205@gmail.com> <4D698236.50404@gmail.com> Message-ID: <4D698EC1.4010709@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 26-02-2011 19:44, Aaron Toponce escribi?: ... > Fortunately for me, this is my personal GnuPG preferences, and not those > of my employer. Blowfish is good crypto, and I still haven't found a > good reason to not using it. AES is the federal standard. Great. I'm not Because its author says you should move to Twofish? Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJNaY7BAAoJEMV4f6PvczxAyl0H/RyMCqLSJ7jIyH6QaO2C0JZF CBNYPX5y2DMxX+kSevgK9lPJ7Cn3I2DDljPUcQsjVEAJ1wv2WnDm4w8PnMO1BTRm PaExxsFj8MvRTQSG4NguLXylfvBu7fa6FQuglM+6Ufj3//xP8tbFIsOmN8AKLxvY u3Itr0N3fKs4xw5B/xzQfbwP6IcWSnRq6AJklzI4nkIN8Leyi277CRo9xgCS4zVv y6jDGA65UgKiPw0+zZGrF7qgFu1aZvTygMObWh9dr8G6Z86M06/tqF5WnArOAdfv LTQrcaNncIC3c6ZMo0ROHA6QgVKZjyiRa56Hm8SziX3Lts+FQbzlIbxbUAc2sG8= =t/RB -----END PGP SIGNATURE----- From faramir.cl at gmail.com Sun Feb 27 00:44:58 2011 From: faramir.cl at gmail.com (Faramir) Date: Sat, 26 Feb 2011 20:44:58 -0300 Subject: Default hash In-Reply-To: <4D6987CF.4040305@gmail.com> References: <20110224062614.GB17846@poseidon.cocyt.us> <4D661EF8.5040304@dougbarton.us> <4D6626EE.1050909@adversary.org> <20110224134849.GC17846@poseidon.cocyt.us> <4D682BA0.50607@adversary.org> <4D6835D4.5040808@gmail.com> <4D6867E5.7070104@sixdemonbag.org> <4D687338.4090102@gmail.com> <4D68DAC5.6090108@gmail.com> <20110226185613.GB2295@penfold.cosgrove.lan> <4D697033.2030205@gmail.com> <4D6987CF.4040305@gmail.com> Message-ID: <4D69907A.7090903@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 26-02-2011 20:07, Aaron Toponce escribi?: ... > Thoughts? > > http://eprint.iacr.org/2010/023.pdf In this section, the attack assumptions are described. ? Correct and faulty ciphertexts calculated from the same plaintext are known. ? One pair of correct plaintext and ciphertext is known. But GnuPG uses a randomly generated session key each time it encrypts something, so if an attacker has plaintext and ciphertext, he already has what he wants, and retrieving the key is useless, since it won't be used again. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJNaZB6AAoJEMV4f6PvczxAFDUH/RwBmHXHfR8c5PqVwsxTbqgd /dq86kESEalley2NMe2wGxupWfnwW+B6KwFsr48UANYfB80r/yC2naduDYLACfVm w5yDxztwrK6c9hSRM7NTc0h+qJegqSeC8z6dBiv2XrS71x7O+c80hR/2OQGgJ8rn I3MXnqk8/fZp0jr586fljaaDK5wX+5G61UBVZk00dSoqYLunhsXCcviF9GZ9b1sn B3kB7FFWIXICecKZMymjqgz2YXZ70e+thrZC8ZEhFSG/+JlqyHGn1nXiLiGKgHGV Z4IjM7nBsSDEIhOFTnhNVmq1pXcOz6pfahhjYQexFnDhHmh0n8rUwHwryevOV2k= =7s5k -----END PGP SIGNATURE----- From mrwchandler84 at yahoo.com Sun Feb 27 00:15:23 2011 From: mrwchandler84 at yahoo.com (Wayne Chandler) Date: Sat, 26 Feb 2011 17:15:23 -0600 Subject: Edit key In-Reply-To: <4D696DB4.8000003@sixdemonbag.org> References: <4D695E7C.2090702@yahoo.com> <4D696DB4.8000003@sixdemonbag.org> Message-ID: <4D69898B.5020002@yahoo.com> On 02/26/2011 03:16 PM, Robert J. Hansen wrote: > At the edit prompt: > > uid 4 > revuid > (enter passphrase, etc.) > save > > Once that's done: > > gpg --keyserver x-hkp://pool.sks-keyservers.net --send-key 4A00352C > > ... to send your updated certificate to the certservers, so the entire > world can see your former UID has been revoked. > Thank you sir, worked fine. I had read the instructions, but wanted to ensure I got them right before committing. From codegnome.consulting at gmail.com Sun Feb 27 01:45:26 2011 From: codegnome.consulting at gmail.com (Todd A. Jacobs) Date: Sat, 26 Feb 2011 16:45:26 -0800 Subject: SCR3310 reader working for root, but not scard group Message-ID: I have an SCR3310 card reader on an Ubuntu 10.10 system, and installed the drivers through the libccid package. This works out of the box for root, but mortal users can't access the card at all. I tried a lightly modified version of the scripts from http://www.gnupg.org/howtos/card-howto/en/smartcard-howto-single.html but without success. Here's all the debugging info I could think of. Anyone have any suggestions for getting this working? $ sudo aptitude install $ lsusb | fgrep SCM Bus 001 Device 012: ID 04e6:511f SCM Microsystems, Inc. $ ls -l /dev/bus/usb/001/012 crw-rw-r-- 1 root root 189, 11 2011-02-26 16:32 /dev/bus/usb/001/012 $ sudo chown .scard /dev/bus/usb/001/012 $ ls -l /dev/bus/usb/001/012 crw-rw-r-- 1 root scard 189, 11 2011-02-26 16:32 /dev/bus/usb/001/012 $ gpg --card-status gpg: selecting openpgp failed: ec=6.108 gpg: OpenPGP card not available: general error $ sudo pcscd --foreground --debug --apdu 00000000 debuglog.c:230:DebugLogSetLevel() debug level=debug 00000040 debuglog.c:259:DebugLogSetCategory() Debug options: APDU 00000385 pcscdaemon.c:512:main() pcsc-lite 1.5.5 daemon ready. 00337587 hotplug_libusb.c:403:HPEstablishUSBNotifications() Driver ifd-ccid.bundle does not support IFD_GENERATE_HOTPLUG. Using active polling instead. 00000051 hotplug_libusb.c:412:HPEstablishUSBNotifications() Polling forced every 1 second(s) $ cat gnupg-ccid.rules # GPG SmartCard Reader Support # ACTION=="add", SUBSYSTEM=="usb", ENV{PRODUCT}=="4e6/e003/*", RUN+="/usr/local/sbin/gnupg-ccid.sh" ACTION=="add", SUBSYSTEM=="usb", ENV{PRODUCT}=="4e6/5115/*", RUN+="/usr/local/sbin/gnupg-ccid.sh" ACTION=="add", SUBSYSTEM=="usb", ENV{PRODUCT}=="4e6/511f/*", RUN+="/usr/local/sbin/gnupg-ccid.sh" $ ls -l /usr/local/sbin/gnupg-ccid.sh -rwxr-xr-x 1 root root 905 2011-02-26 15:40 /usr/local/sbin/gnupg-ccid.sh $ cat /usr/local/sbin/gnupg-ccid.sh #!/bin/bash # # taken from libgphoto2 # # Sets up newly plugged in card reader so that only members of the # group can access it GROUP=scard # can access it from user space. (Replace scard with the name of the # group you want to have access to the card reader.) # # Note that for this script to work, you'll need all of the following: # a) a line in the file /etc/hotplug/gnupg-ccid.usermap that corresponds #??? to the card reader you are using. # b) a group "scard" where all users allowed access to the #??? card reader are listed # c) a Linux kernel supporting hotplug and usbdevfs # d) the hotplug package (http://linux-hotplug.sourceforge.net/) # # In the usermap file, the first field "usb module" should be named # "gnupg-ccid" like this script. # if [ "${ACTION}" = "add" ] && [ -f "${DEVICE}" ] then ??? chmod o-rwx "${DEVICE}" ??? chgrp "${GROUP}" "${DEVICE}" ??? chmod g+rw "${DEVICE}" fi From mailinglisten at hauke-laging.de Sun Feb 27 02:53:39 2011 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Sun, 27 Feb 2011 02:53:39 +0100 Subject: SCR3310 reader working for root, but not scard group In-Reply-To: References: Message-ID: <201102270253.48726.mailinglisten@hauke-laging.de> Am Sonntag 27 Februar 2011 01:45:26 schrieb Todd A. Jacobs: > $ cat /usr/local/sbin/gnupg-ccid.sh > if [ "${ACTION}" = "add" ] && [ -f "${DEVICE}" ] > then > chmod o-rwx "${DEVICE}" > chgrp "${GROUP}" "${DEVICE}" > chmod g+rw "${DEVICE}" > fi I had the same problem. My problem was that $DEVICE does not point to /dev but to /proc. You can easily check that by putting ls -l "${DEVICE}" >> /root/gnupg-ccid.log into the script. My script looks like this: dev_device="${DEVICE//proc/dev}" chgrp "${GROUP}" "${dev_device}" chmod g+rw "${dev_device}" Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 555 bytes Desc: This is a digitally signed message part. URL: From avi.wiki at gmail.com Sun Feb 27 03:02:08 2011 From: avi.wiki at gmail.com (Avi) Date: Sat, 26 Feb 2011 21:02:08 -0500 Subject: PGP/MIME considered harmful for mobile Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Why? Inline is simple and effective. I'm curious as to why you feel MIME is so much better. - --Avi -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) - GPGshell v3.77 Comment: Most recent key: Click show in box @ http://is.gd/4xJrs iJgEAREKAEAFAk1psE85GGh0dHA6Ly9wZ3AubmljLmFkLmpwL3Brcy9sb29rdXA/ b3A9Z2V0JnNlYXJjaD0weEY4MEUyOUY5AAoJEA1isBn4Din5lgMA/AwKVfy+zUNF fXBiFZ47w1AFMs8s5VNr6t8P7Jg6/H74AP9ju6yMftOZH3Ee5v7ZQfCnQ3OlkwuR +fgcgWT+PCJuzA== =HdOG -----END PGP SIGNATURE----- ---- User:Avraham pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key) Primary key fingerprint: 167C 063F 7981 A1F6 71EC ABAA 0D62 B019 F80E 29F9 From: Martin Gollowitzer > To: gnupg-users at gnupg.org > Date: Fri, 25 Feb 2011 19:56:21 +0100 > Subject: Re: PGP/MIME considered harmful for mobile (Jameson Rollins) > * Avi [110225 19:21]: > > For those of us who use webmail, inline signatures are rather > > useful. > > There are webmail applications supporting PGP/MIME. If yours doesn't, it > is not a good one. Inline signatures are not a good thing IMHO. > > Martin > -------------- next part -------------- An HTML attachment was scrubbed... URL: From codegnome.consulting at gmail.com Sun Feb 27 02:52:18 2011 From: codegnome.consulting at gmail.com (Todd A. Jacobs) Date: Sat, 26 Feb 2011 17:52:18 -0800 Subject: SCR3310 reader working for root, but not scard group Message-ID: I have an SCR3310 card reader on an Ubuntu 10.10 system, and installed the drivers through the libccid package. This works out of the box for root, but mortal users can't access the card at all. I tried a lightly modified version of the scripts from http://www.gnupg.org/howtos/card-howto/en/smartcard-howto-single.html but without success. Here's all the debugging info I could think of. Anyone have any suggestions for getting this working? $ sudo aptitude install $ lsusb | fgrep SCM Bus 001 Device 012: ID 04e6:511f SCM Microsystems, Inc. $ ls -l /dev/bus/usb/001/012 crw-rw-r-- 1 root root 189, 11 2011-02-26 16:32 /dev/bus/usb/001/012 $ sudo chown .scard /dev/bus/usb/001/012 $ ls -l /dev/bus/usb/001/012 crw-rw-r-- 1 root scard 189, 11 2011-02-26 16:32 /dev/bus/usb/001/012 $ gpg --card-status gpg: selecting openpgp failed: ec=6.108 gpg: OpenPGP card not available: general error $ sudo pcscd --foreground --debug --apdu 00000000 debuglog.c:230:DebugLogSetLevel() debug level=debug 00000040 debuglog.c:259:DebugLogSetCategory() Debug options: APDU 00000385 pcscdaemon.c:512:main() pcsc-lite 1.5.5 daemon ready. 00337587 hotplug_libusb.c:403:HPEstablishUSBNotifications() Driver ifd-ccid.bundle does not support IFD_GENERATE_HOTPLUG. Using active polling instead. 00000051 hotplug_libusb.c:412:HPEstablishUSBNotifications() Polling forced every 1 second(s) $ cat gnupg-ccid.rules # GPG SmartCard Reader Support # ACTION=="add", SUBSYSTEM=="usb", ENV{PRODUCT}=="4e6/e003/*", RUN+="/usr/local/sbin/gnupg-ccid.sh" ACTION=="add", SUBSYSTEM=="usb", ENV{PRODUCT}=="4e6/5115/*", RUN+="/usr/local/sbin/gnupg-ccid.sh" ACTION=="add", SUBSYSTEM=="usb", ENV{PRODUCT}=="4e6/511f/*", RUN+="/usr/local/sbin/gnupg-ccid.sh" $ ls -l /usr/local/sbin/gnupg-ccid.sh -rwxr-xr-x 1 root root 905 2011-02-26 15:40 /usr/local/sbin/gnupg-ccid.sh $ cat /usr/local/sbin/gnupg-ccid.sh #!/bin/bash # # taken from libgphoto2 # # Sets up newly plugged in card reader so that only members of the # group can access it GROUP=scard # can access it from user space. (Replace scard with the name of the # group you want to have access to the card reader.) # # Note that for this script to work, you'll need all of the following: # a) a line in the file /etc/hotplug/gnupg-ccid.usermap that corresponds # ? ?to the card reader you are using. # b) a group "scard" where all users allowed access to the # ? ?card reader are listed # c) a Linux kernel supporting hotplug and usbdevfs # d) the hotplug package (http://linux-hotplug.sourceforge.net/) # # In the usermap file, the first field "usb module" should be named # "gnupg-ccid" like this script. # if [ "${ACTION}" = "add" ] && [ -f "${DEVICE}" ] then ? ?chmod o-rwx "${DEVICE}" ? ?chgrp "${GROUP}" "${DEVICE}" ? ?chmod g+rw "${DEVICE}" fi From jrollins at finestructure.net Sun Feb 27 03:24:58 2011 From: jrollins at finestructure.net (Jameson Rollins) Date: Sat, 26 Feb 2011 18:24:58 -0800 Subject: PGP/MIME considered harmful for mobile In-Reply-To: References: Message-ID: <87ei6uciyt.fsf@servo.finestructure.net> On Sat, 26 Feb 2011 21:02:08 -0500, Avi wrote: > Why? Inline is simple and effective. I'm curious as to why you > feel MIME is so much better. http://josefsson.org/inline-openpgp-considered-harmful.html jamie. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: not available URL: From kgo at grant-olson.net Sun Feb 27 03:36:57 2011 From: kgo at grant-olson.net (Grant Olson) Date: Sat, 26 Feb 2011 21:36:57 -0500 Subject: SCR3310 reader working for root, but not scard group In-Reply-To: References: Message-ID: <4D69B8C9.1000201@grant-olson.net> On 02/26/2011 07:45 PM, Todd A. Jacobs wrote: > I have an SCR3310 card reader on an Ubuntu 10.10 system, and installed > the drivers through the libccid package. This works out of the box for > root, but mortal users can't access the card at all. I tried a lightly > modified version of the scripts from > http://www.gnupg.org/howtos/card-howto/en/smartcard-howto-single.html > but without success. > That doc is pretty out of date, at least regarding hardware configuration. You shouldn't need to do anything config-wise to get a CCID-enabled reader working these days. I've used my SCR3310 on Ubuntu 10.10 as well as 10.4 without any problems and without having to do any manual configuration. I do seem to remember that I had to install the gpgsm package. For some reason the smart card daemon program was bundled there. You might want to give that a try. (But I guess that'd only matter if you have 'use-agent' configured or are running gpg2 instead of gpg.) You also might want to make sure that root or another user didn't grab on to the reader and refuse to release the resources while you were testing, either by looking at your processes, or doing a good old-fashioned reboot. -- -Grant "Look around! Can you construct some sort of rudimentary lathe?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 565 bytes Desc: OpenPGP digital signature URL: From david at systemoverlord.com Sun Feb 27 03:40:07 2011 From: david at systemoverlord.com (David Tomaschik) Date: Sat, 26 Feb 2011 21:40:07 -0500 Subject: Smart Card Physical Best Practices? Message-ID: <4D69B987.9010400@systemoverlord.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've recently received my smart card, but was wondering what the "best practices" are, mainly from a physical standpoint. When I use it in my laptop reader, it sticks about 2" out of the side, and I have some concern about this (i.e., getting damaged by being pushed into something, etc.). I am using the Authentication key on it for SSH, and the normal signing & encryption operations, so I suppose I need it when sending signed email and signing into a system. Do most people leave it in the computer most of the time, or just insert it as needed? This brings to mind: how many insertion cycles can these cards handle? Looking online, various smart cards are rated anywhere from 10,000 to 250,000 insertions. (At 10,000, as few as 10 insertions per day would net a 3 year lifetime.) I hope this all makes sense... David -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQGcBAEBAgAGBQJNabl/AAoJEP2raL8/Cn3qTkQMAJATxn190hUC+FYUIP3KilkQ CUpP8EMthfW7Rm8jzyLkaILXvOlwsO8xM4WebBwStMj6r1HldE6K4BhuUwF+cm6j /JkbKGPDFoZ8H4kcVMBFej/gUJQuk3F7OaU9/0XQv6V+zV9wVz96xSQMIR3HqIJZ jC6LR5Q5cLY6YwsUfQNxqV9SC8xvVVjtF1ojUV6MQ+eUxtsSsUcBluXNtWolj5Hs TRWefFG/tOgPv+IMHBQZndRWYgm05t34AFMcLtR1/lsx3MDahoLw/mbw4FuptYtH SMWOr+k+7gJ7SepChoficwmQWLyOS1kRK+K2N8sEkMw3QizOXSuSRp9cI+GKl1rT 0NoAI3BOIYe9d1gmWayBY+trQjqh2XOhd829WMATRjmogaw7Kv22H7gExP6xkcRO OhcJRFaOp3yPBcSa1jvipXBnf5Upyo3B4CQX+wJMgFsr61mTsPsZj1xneh6tBRTy NwLzjcM28gdls+jtiqZxFy9bo1EWw9zREb6OKMHgLA== =7i+r -----END PGP SIGNATURE----- From codegnome.consulting at gmail.com Sun Feb 27 03:20:00 2011 From: codegnome.consulting at gmail.com (Todd A. Jacobs) Date: Sat, 26 Feb 2011 18:20:00 -0800 Subject: SCR3310 reader working for root, but not scard group In-Reply-To: References: <201102270253.48726.mailinglisten@hauke-laging.de> Message-ID: The following line in gnupg-ccid.rules will now create the /dev node with the correct permissions, but the card reader itself still remains inaccessible to non-root users: ACTION=="add", SUBSYSTEM=="usb", ENV{PRODUCT}=="4e6/511f/*", GROUP="scard" This seems like a simpler way to assign the GID, rather than shelling out to an external script. Of course, I'm still getting: $ gpg --card-status gpg: selecting openpgp failed: ec=6.108 gpg: OpenPGP card not available: general error which implies the problem wasn't just the device node permissions; could it be something to do with pcscd itself? From ben at adversary.org Sun Feb 27 03:53:46 2011 From: ben at adversary.org (Ben McGinnes) Date: Sun, 27 Feb 2011 13:53:46 +1100 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <87ei6uciyt.fsf@servo.finestructure.net> References: <87ei6uciyt.fsf@servo.finestructure.net> Message-ID: <4D69BCBA.3000700@adversary.org> On 27/02/11 1:24 PM, Jameson Rollins wrote: > On Sat, 26 Feb 2011 21:02:08 -0500, Avi wrote: >> Why? Inline is simple and effective. I'm curious as to why you >> feel MIME is so much better. > > http://josefsson.org/inline-openpgp-considered-harmful.html Thanks for the link. I'd only add that in-line is fine for encrypting messages since all the data in-line signing may whinge about (e.g. some UTF-8 characters) would be safely tucked away inside the encrypted block. Personally I only use in-line signing in a few places (or with a few correspondents) where I've got no choice. Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: OpenPGP digital signature URL: From david at systemoverlord.com Sun Feb 27 02:52:27 2011 From: david at systemoverlord.com (David Tomaschik) Date: Sat, 26 Feb 2011 20:52:27 -0500 Subject: SCR3310 reader working for root, but not scard group In-Reply-To: References: Message-ID: <4D69AE5B.6020109@systemoverlord.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have a 3310 and with pcscd, I haven't even found the need to use the scard group. I have found that occasionally I have to restart scdaemon in order to get new readers/cards recognized. I haven't narrowed it down specifically yet. (I just got my readers & cards Thursday/Friday.) Let me know if you find something that works for you. David On 02/26/2011 07:45 PM, Todd A. Jacobs wrote: > I have an SCR3310 card reader on an Ubuntu 10.10 system, and installed > the drivers through the libccid package. This works out of the box for > root, but mortal users can't access the card at all. I tried a lightly > modified version of the scripts from > http://www.gnupg.org/howtos/card-howto/en/smartcard-howto-single.html > but without success. > > Here's all the debugging info I could think of. Anyone have any > suggestions for getting this working? > > $ sudo aptitude install > > $ lsusb | fgrep SCM > Bus 001 Device 012: ID 04e6:511f SCM Microsystems, Inc. > > $ ls -l /dev/bus/usb/001/012 > crw-rw-r-- 1 root root 189, 11 2011-02-26 16:32 /dev/bus/usb/001/012 > > $ sudo chown .scard /dev/bus/usb/001/012 > > $ ls -l /dev/bus/usb/001/012 > crw-rw-r-- 1 root scard 189, 11 2011-02-26 16:32 /dev/bus/usb/001/012 > > $ gpg --card-status > gpg: selecting openpgp failed: ec=6.108 > gpg: OpenPGP card not available: general error > > $ sudo pcscd --foreground --debug --apdu > 00000000 debuglog.c:230:DebugLogSetLevel() debug level=debug > 00000040 debuglog.c:259:DebugLogSetCategory() Debug options: APDU > 00000385 pcscdaemon.c:512:main() pcsc-lite 1.5.5 daemon ready. > 00337587 hotplug_libusb.c:403:HPEstablishUSBNotifications() Driver > ifd-ccid.bundle does not support IFD_GENERATE_HOTPLUG. Using active > polling instead. > 00000051 hotplug_libusb.c:412:HPEstablishUSBNotifications() Polling > forced every 1 second(s) > > $ cat gnupg-ccid.rules > # GPG SmartCard Reader Support > # > > ACTION=="add", SUBSYSTEM=="usb", ENV{PRODUCT}=="4e6/e003/*", > RUN+="/usr/local/sbin/gnupg-ccid.sh" > ACTION=="add", SUBSYSTEM=="usb", ENV{PRODUCT}=="4e6/5115/*", > RUN+="/usr/local/sbin/gnupg-ccid.sh" > ACTION=="add", SUBSYSTEM=="usb", ENV{PRODUCT}=="4e6/511f/*", > RUN+="/usr/local/sbin/gnupg-ccid.sh" > > $ ls -l /usr/local/sbin/gnupg-ccid.sh > -rwxr-xr-x 1 root root 905 2011-02-26 15:40 /usr/local/sbin/gnupg-ccid.sh > > $ cat /usr/local/sbin/gnupg-ccid.sh > #!/bin/bash > # > # taken from libgphoto2 > # > # Sets up newly plugged in card reader so that only members of the > # group can access it > > GROUP=scard > > # can access it from user space. (Replace scard with the name of the > # group you want to have access to the card reader.) > # > # Note that for this script to work, you'll need all of the following: > # a) a line in the file /etc/hotplug/gnupg-ccid.usermap that corresponds > # to the card reader you are using. > # b) a group "scard" where all users allowed access to the > # card reader are listed > # c) a Linux kernel supporting hotplug and usbdevfs > # d) the hotplug package (http://linux-hotplug.sourceforge.net/) > # > # In the usermap file, the first field "usb module" should be named > # "gnupg-ccid" like this script. > # > > if [ "${ACTION}" = "add" ] && [ -f "${DEVICE}" ] > then > chmod o-rwx "${DEVICE}" > chgrp "${GROUP}" "${DEVICE}" > chmod g+rw "${DEVICE}" > fi > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQGcBAEBAgAGBQJNaa5UAAoJEP2raL8/Cn3q3pwMAJdmaGqcBWC+wQA7fSs7nIeO 3aiGvye3jDNTlSothHqXFqJUuVqpCyxGEFvBIPt1ScxYeSZu2eUjJz3ItZGUyqrO Mx2LBjkHMtugIaBO2K4Fwgdhmfv1fLeK3GuYKf/zlIJ30aLnNjU1fR2YOZ5OQoGJ Hhgv0VabmYAYKzJKnjYoAwFF8Dw3+jnN1ApMIOe7s7UNM1/cfExCjxzRwkyyZeI5 B095VNGPq7MCbDDL2nX+38TmtK5viH70wlXI9sPAMZDEs7qqHYO2UaY2O+Ub9dyU nlb+gYf4sA3f6nuWD4XEhnNlFTVh9PXGG+A5XSPOogEJJBPG5pnc3wOaHiKMkJ5C dIIrBZ3zt464/3+2a8mJ4TVvtnJ/P8m4EPIbK8F68DoKILXPUef32FRsgJdO2ecD tHxqCrPVpj4RMID0d7vjcYnJTp7t/JeNlGU3rSvRZTLWhRbcyHrApZLglr8+P/K3 6WDF9ELRk0g+vsedoN95Uf+O+Nuw47I1O/EQA/r2Pg== =Hav1 -----END PGP SIGNATURE----- From codegnome.consulting at gmail.com Sun Feb 27 04:00:25 2011 From: codegnome.consulting at gmail.com (Todd A. Jacobs) Date: Sat, 26 Feb 2011 19:00:25 -0800 Subject: [SOLVED] SCR3310 reader working for root, but not scard group In-Reply-To: <4D69B8C9.1000201@grant-olson.net> References: <4D69B8C9.1000201@grant-olson.net> Message-ID: Here are the steps I needed to take under Ubuntu 10.10 to get this particular reader working properly as a mortal user. 1. sudo aptitude install --with-recommends libccid 2. sudo addgroup --system pcscd 3. sudo addgroup pcscd 4. cat << EOF | sudo tee /etc/udev/rules.d/gnupg-ccid.rules SUBSYSTEM!="usb", GOTO="ccid_rules_end" ACTION!="add", GOTO="ccid_rules_end" ATTR{idVendor}=="04e6", ATTR{idProduct}=="e003", MODE="0660", GROUP="pcscd" ATTR{idVendor}=="04e6", ATTR{idProduct}=="5115", MODE="0660", GROUP="pcscd" ATTR{idVendor}=="04e6", ATTR{idProduct}=="511f", MODE="0660", GROUP="pcscd" LABEL="ccid_rules_end" EOF 5. cat << EOF | sudo tee /etc/udev/rules.d/pcscd.rules ACTION!="add", GOTO="pcscd_ccid_rules_end" SUBSYSTEM!="usb", GOTO="pcscd_ccid_rules_end" ENV{DEVTYPE}!="usb_device", GOTO="pcscd_ccid_rules_end" # generic CCID device ATTRS{bInterfaceClass}=="0b", RUN+="/bin/chgrp pcscd $root/$parent" LABEL="pcscd_ccid_rules_end" EOF 6. Remove and plug in the card reader to trigger the new rules. 7. Log in again to be part of the pcscd group. 8. Enjoy success with "gpg --card-status" as a mortal user. I'm honestly not sure why both rules are necessary, but I couldn't get this working at all without them both in place. The following blog post by the maintainer wasn't particularly clear to me, but did point me in the right direction: http://ludovicrousseau.blogspot.com/2010/09/pcscd-auto-start.html Perhaps my experiences with this will help others, too. From kgo at grant-olson.net Sun Feb 27 04:10:49 2011 From: kgo at grant-olson.net (Grant Olson) Date: Sat, 26 Feb 2011 22:10:49 -0500 Subject: Smart Card Physical Best Practices? In-Reply-To: <4D69B987.9010400@systemoverlord.com> References: <4D69B987.9010400@systemoverlord.com> Message-ID: <4D69C0B9.1050409@grant-olson.net> On 02/26/2011 09:40 PM, David Tomaschik wrote: > > I've recently received my smart card, but was wondering what the "best > practices" are, mainly from a physical standpoint. When I use it in > my laptop reader, it sticks about 2" out of the side, and I have some > concern about this (i.e., getting damaged by being pushed into > something, etc.). I am using the Authentication key on it for SSH, > and the normal signing & encryption operations, so I suppose I need it > when sending signed email and signing into a system. Do most people > leave it in the computer most of the time, or just insert it as > needed? This brings to mind: how many insertion cycles can these > cards handle? Looking online, various smart cards are rated anywhere > from 10,000 to 250,000 insertions. (At 10,000, as few as 10 > insertions per day would net a 3 year lifetime.) > > I hope this all makes sense... > I usually just leave it in until I leave the computer for lunch or a meeting or whatever. One thing I didn't realize at first, is that once you've unlocked either your encryption or authentication key, it will remain unlocked as long as the card is powered up, regardless of any password cache settings you've set in your gpg configuration. If that bothers you, but you don't want to keep yanking and inserting the smartcard, you can kill the scdaemon process and it'll effectively 'unplug' your card. I'm pretty sure there's an easier command to do this too, but I can't remember it off-hand. But I personally just assume I'll notice the blinking activity light on my reader if some malware script or something weird tries to run gpg commands while the card is activated. -- -Grant "Look around! Can you construct some sort of rudimentary lathe?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 565 bytes Desc: OpenPGP digital signature URL: From codegnome.consulting at gmail.com Sun Feb 27 03:06:55 2011 From: codegnome.consulting at gmail.com (Todd A. Jacobs) Date: Sat, 26 Feb 2011 18:06:55 -0800 Subject: SCR3310 reader working for root, but not scard group In-Reply-To: <201102270253.48726.mailinglisten@hauke-laging.de> References: <201102270253.48726.mailinglisten@hauke-laging.de> Message-ID: On Sat, Feb 26, 2011 at 5:53 PM, Hauke Laging > dev_device="${DEVICE//proc/dev}" > chgrp "${GROUP}" "${dev_device}" > chmod g+rw "${dev_device}" Thanks for the suggestion. However, $DEVICE isn't populated at all, although the udev rule appears to be triggering. My script now contains: #!/bin/bash GROUP=scard echo "${DEVICE}" > /tmp/gnupg-ccid.log if [ "${ACTION}" = "add" ] && [ -f "${DEVICE}" ] then dev_device="${DEVICE//proc/dev}" chgrp "${GROUP}" "${dev_device}" chmod g+rw "${dev_device}" fi but the log file always ends up with a blank line. So, no DEVICE variable is being exported by udev, as far as I can tell. From kgo at grant-olson.net Sun Feb 27 04:29:55 2011 From: kgo at grant-olson.net (Grant Olson) Date: Sat, 26 Feb 2011 22:29:55 -0500 Subject: SCR3310 reader working for root, but not scard group In-Reply-To: <4D69AE5B.6020109@systemoverlord.com> References: <4D69AE5B.6020109@systemoverlord.com> Message-ID: <4D69C533.60701@grant-olson.net> On 02/26/2011 08:52 PM, David Tomaschik wrote: > > I have a 3310 and with pcscd, I haven't even found the need to use the > scard group. I have found that occasionally I have to restart > scdaemon in order to get new readers/cards recognized. I haven't > narrowed it down specifically yet. (I just got my readers & cards > Thursday/Friday.) > If you issue a smartcard related command before the reader is plugged in, or unplug the reader and replug after scdaemon is running, the process will lock up and you need to kill it. There is a fix for this in the git repository, but won't be available otherwise until the 2.0.19 release, whenever that happens. -- -Grant "Look around! Can you construct some sort of rudimentary lathe?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 565 bytes Desc: OpenPGP digital signature URL: From david at systemoverlord.com Sun Feb 27 04:37:20 2011 From: david at systemoverlord.com (David Tomaschik) Date: Sat, 26 Feb 2011 22:37:20 -0500 Subject: SCR3310 reader working for root, but not scard group In-Reply-To: <4D69C533.60701@grant-olson.net> References: <4D69AE5B.6020109@systemoverlord.com> <4D69C533.60701@grant-olson.net> Message-ID: <4D69C6F0.8030403@systemoverlord.com> On 02/26/2011 10:29 PM, Grant Olson wrote: > On 02/26/2011 08:52 PM, David Tomaschik wrote: >> I have a 3310 and with pcscd, I haven't even found the need to use the >> scard group. I have found that occasionally I have to restart >> scdaemon in order to get new readers/cards recognized. I haven't >> narrowed it down specifically yet. (I just got my readers & cards >> Thursday/Friday.) >> > If you issue a smartcard related command before the reader is plugged > in, or unplug the reader and replug after scdaemon is running, the > process will lock up and you need to kill it. There is a fix for this > in the git repository, but won't be available otherwise until the 2.0.19 > release, whenever that happens. > That explains so much about what happened when I was switching several readers (just testing my new ones). Thanks for the information! David From aaron.toponce at gmail.com Sun Feb 27 05:04:58 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Sat, 26 Feb 2011 21:04:58 -0700 Subject: Default hash In-Reply-To: <4D698EC1.4010709@gmail.com> References: <20110224062614.GB17846@poseidon.cocyt.us> <4D661EF8.5040304@dougbarton.us> <4D6626EE.1050909@adversary.org> <20110224134849.GC17846@poseidon.cocyt.us> <4D682BA0.50607@adversary.org> <4D6835D4.5040808@gmail.com> <4D6867E5.7070104@sixdemonbag.org> <4D687338.4090102@gmail.com> <4D68DAC5.6090108@gmail.com> <20110226185613.GB2295@penfold.cosgrove.lan> <4D697033.2030205@gmail.com> <4D698236.50404@gmail.com> <4D698EC1.4010709@gmail.com> Message-ID: <4D69CD6A.7020503@gmail.com> On 02/26/2011 04:37 PM, Faramir wrote: > Because its author says you should move to Twofish? Dammit! I meant Twofish, not Blowfish. I knew what I meant, but I didn't type it. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 591 bytes Desc: OpenPGP digital signature URL: From brady at frogandbear.net Sun Feb 27 04:06:43 2011 From: brady at frogandbear.net (Brady Young) Date: Sat, 26 Feb 2011 19:06:43 -0800 Subject: GnuPG Card with ssh authentication problems Message-ID: <86hbbqnpks.fsf@frogandbear.net> So I've been trying to get my GnuPG card to work with ssh authentication, but I can't seem to get it to work. As there are quite a few success stories out there, I'm probably missing something, or doing something stupid, so I'd appreciate any pointers. This is a largely underdocumented feature, which is one reason I'm writing out all the steps here in one place. First of all, my card has subkeys only on it, though there is a full corresponding public key on my computer. Also, I'm using: gpg (GnuPG) 2.0.14 libgcrypt 1.4.4 Here are the steps I'm doing: I start up gpg-agent like so: $ eval `gpg-agent --enable-ssh-support --daemon` ..and check that my environment variables are pointed at the right PID, and that ssh-agent is not running: $ ps ax |egrep 'AGENT|SSH' (they are..) I edit my key, and make a subkey with the 'A' (authentication) flag: $ gpg2 --expert --edit-key C3C297C1 Command> addkey (toggle for authentication only) Afterwards, I have a subkey and corresponding secret key that looks like so: sub 1024R/3B70AC3E created: 2011-02-26 expires: never usage: A ssb 1024R/3B70AC3E created: 2011-02-26 expires: never Next, I add the key to the card: Command> toggle Command> key x (where x is the number corresponding to my secret auth subkey) Command> keytocard I verify that the key is indeed on the card: $ gpg2 --card-status ... Authentication key: 4B01 B8E3 F5FE 4B2F A295 710F E151 A452 3B70 AC3E ... Finally, I attempt to add the key to gpg-agent. I read this should automatically detect the auth key on the card, adding it to sshcontrol and such: $ ssh-add -l The agent has no identities. This is where I get stuck, I think. My debug log clearly shows ssh-add querying the card, with this output: gpg-agent[29524]: ssh handler 0x1ebe840 for fd 7 started gpg-agent[29524]: ssh request 1 is not supported gpg-agent[29524]: ssh request handler for request_identities (11) started gpg-agent[29524]: new connection to SCdaemon established (reusing) gpg-agent[29524]: no suitable card key found: No public key gpg-agent[29524]: ssh request handler for request_identities (11) ready gpg-agent[29524]: ssh handler 0x1ebe840 for fd 7 terminated I'm thinking the problem may lay in this "No public key" error.. In any case, I undertsand the next step is to get the ssh-ified version of the key, adding to to ~/.ssh/authorized_keys on the remote host: $ gpgkey2ssh 3B70AC3E > file_to_upload (file_to_upload is scp'd over to remote host in correct location..) (I sohuld also note gpgkey2ssh is in dire need of documentation and proper error handling.) sshing into my host at this point, ssh fails to recognize I have a key at all (although does attempt to send the empty ~/.ssh/id_dsa and id_rsa), and falls back to a password login. My GnuPG card has been working fine with signing and encryption subkeys, so I'm not suspecting a card communication error here.. Thanks! -- Brady Young From dougb at dougbarton.us Sun Feb 27 05:28:53 2011 From: dougb at dougbarton.us (Doug Barton) Date: Sat, 26 Feb 2011 20:28:53 -0800 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D69BCBA.3000700@adversary.org> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D69BCBA.3000700@adversary.org> Message-ID: <4D69D305.5050903@dougbarton.us> On 02/26/2011 18:53, Ben McGinnes wrote: > On 27/02/11 1:24 PM, Jameson Rollins wrote: >> On Sat, 26 Feb 2011 21:02:08 -0500, Avi wrote: >>> Why? Inline is simple and effective. I'm curious as to why you >>> feel MIME is so much better. >> >> http://josefsson.org/inline-openpgp-considered-harmful.html > > Thanks for the link. > > I'd only add that in-line is fine for encrypting messages since all > the data in-line signing may whinge about (e.g. some UTF-8 characters) > would be safely tucked away inside the encrypted block. If you look at the characteristics of the actual messages encrypted mail is very similar whether it's in-line or MIME. It's signed messages that make things interesting because the signature in a MIME message is actually (sort of) an attachment but also sort of not, which is why it confuses simple mail readers like Outlook Express. Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ From kgo at grant-olson.net Sun Feb 27 05:45:43 2011 From: kgo at grant-olson.net (Grant Olson) Date: Sat, 26 Feb 2011 23:45:43 -0500 Subject: GnuPG Card with ssh authentication problems In-Reply-To: <86hbbqnpks.fsf@frogandbear.net> References: <86hbbqnpks.fsf@frogandbear.net> Message-ID: <4D69D6F7.3020307@grant-olson.net> On 02/26/2011 10:06 PM, Brady Young wrote: > > > In any case, I undertsand the next step is to get the ssh-ified version > of the key, adding to to ~/.ssh/authorized_keys on the remote host: > > $ gpgkey2ssh 3B70AC3E > file_to_upload > > (file_to_upload is scp'd over to remote host in correct location..) > (I sohuld also note gpgkey2ssh is in dire need of documentation and > proper error handling.) > "ssh-add -L" does this a little better. But yes, the more obscure features in gpg get, the more obscure the documentation is. ;-) > sshing into my host at this point, ssh fails to recognize I have a key > at all (although does attempt to send the empty ~/.ssh/id_dsa and id_rsa), > and falls back to a password login. > > > My GnuPG card has been working fine with signing and encryption subkeys, > so I'm not suspecting a card communication error here.. > You can check to see if gpg-agent knows about the key by checking the contents of ~/.gnupg/private-keys-v1.d/. If there's nothing there, the key didn't make it into gpg-agent: grant at johnyaya:~$ ls /home/grant/.gnupg/private-keys-v1.d/ E7B0B073ECB5F3F3CCD4405BA1A2FB22271800A5.key Another thing that might help... If gpg-agent is working properly, it'll also import your old keys like ~/.ssh/id_rsa, asking you for an old password, and then asking for a new password to save, and generating a file under ~/.gnupg/private-keys-v1.d/. So you could try creating normal ssh keys, adding those to your authorized keys file normally, ssh'ing normally, without gpg-agent. If all that works, enable gpg-agent again and see if pinentry takes over when you ssh to the box, and tries to import ~/,ssh/id_rsa. That will at least let you know if it's gpg-agent or the card that's giving you problems. -- -Grant "Look around! Can you construct some sort of rudimentary lathe?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 565 bytes Desc: OpenPGP digital signature URL: From brady at frogandbear.net Sun Feb 27 05:51:33 2011 From: brady at frogandbear.net (Brady Young) Date: Sat, 26 Feb 2011 20:51:33 -0800 Subject: GnuPG Card with ssh authentication problems In-Reply-To: <86hbbqnpks.fsf@frogandbear.net> (Brady Young's message of "Sat, 26 Feb 2011 19:06:43 -0800") References: <86hbbqnpks.fsf@frogandbear.net> Message-ID: <8639nankq2.fsf@frogandbear.net> Thought I would update and say I finally got this working correctly. Apparently with the Omnikey Cardman 3121, the vendor drivers *must* be used. Once those were installed, and daemons restarted, ssh-add -l had no problem grabbing the key off the card. Regardless, I hope my documentation is helpful to someone in the future who may struggle to get this feature. -- Brady Young Brady Young writes: > So I've been trying to get my GnuPG card to work with ssh > authentication, but I can't seem to get it to work. As there are quite a > few success stories out there, I'm probably missing something, or doing > something stupid, so I'd appreciate any pointers. > From kgo at grant-olson.net Sun Feb 27 06:15:57 2011 From: kgo at grant-olson.net (Grant Olson) Date: Sun, 27 Feb 2011 00:15:57 -0500 Subject: GnuPG Card with ssh authentication problems In-Reply-To: <8639nankq2.fsf@frogandbear.net> References: <86hbbqnpks.fsf@frogandbear.net> <8639nankq2.fsf@frogandbear.net> Message-ID: <4D69DE0D.8010709@grant-olson.net> On 02/26/2011 11:51 PM, Brady Young wrote: > > Thought I would update and say I finally got this working correctly. > > Apparently with the Omnikey Cardman 3121, the vendor drivers *must* be > used. Once those were installed, and daemons restarted, ssh-add -l had > no problem grabbing the key off the card. > > Regardless, I hope my documentation is helpful to someone in the future > who may struggle to get this feature. > The exact same issue came up a month ago: http://www.gossamer-threads.com/lists/gnupg/users/53031#53031 Maybe this is worth a FAQ entry on the website. -- -Grant "Look around! Can you construct some sort of rudimentary lathe?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 565 bytes Desc: OpenPGP digital signature URL: From brady at frogandbear.net Sun Feb 27 06:43:38 2011 From: brady at frogandbear.net (Brady Young) Date: Sat, 26 Feb 2011 21:43:38 -0800 Subject: GnuPG Card with ssh authentication problems In-Reply-To: <4D69DE0D.8010709@grant-olson.net> (Grant Olson's message of "Sun, 27 Feb 2011 00:15:57 -0500") References: <86hbbqnpks.fsf@frogandbear.net> <8639nankq2.fsf@frogandbear.net> <4D69DE0D.8010709@grant-olson.net> Message-ID: <86pqqeav79.fsf@frogandbear.net> Grant Olson writes: > On 02/26/2011 11:51 PM, Brady Young wrote: >> Thought I would update and say I finally got this working correctly. >> Apparently with the Omnikey Cardman 3121, the vendor drivers *must* be >> used. Once those were installed, and daemons restarted, ssh-add -l had >> no problem grabbing the key off the card. >> > > The exact same issue came up a month ago: > > http://www.gossamer-threads.com/lists/gnupg/users/53031#53031 > > Maybe this is worth a FAQ entry on the website. It's that very thread that finally clued me in. I do find it a little odd that GnuPG's very own (and from the looks of it, old) documentation (1) lists the 3121 as a supported reader, along with several other outdated models. (1) http://www.gnupg.org/howtos/card-howto/en/ch02s02.html -- Brady Young From ben at adversary.org Sun Feb 27 08:44:26 2011 From: ben at adversary.org (Ben McGinnes) Date: Sun, 27 Feb 2011 18:44:26 +1100 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D69D305.5050903@dougbarton.us> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D69BCBA.3000700@adversary.org> <4D69D305.5050903@dougbarton.us> Message-ID: <4D6A00DA.9070802@adversary.org> On 27/02/11 3:28 PM, Doug Barton wrote: > > If you look at the characteristics of the actual messages encrypted > mail is very similar whether it's in-line or MIME. Exactly, the encrypted output in both methods uses base-64 encoding. > It's signed messages that make things interesting because the > signature in a MIME message is actually (sort of) an attachment but > also sort of not, which is why it confuses simple mail readers like > Outlook Express. Lots of things confuse Outlook Express. As for attachments, at first glance the body of a message appears to be an attachment to the headers, which leads to all sorts of fun with munged mbox format inboxes. Or it did when I last had to pay attention to such things. Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: OpenPGP digital signature URL: From gollo at fsfe.org Sun Feb 27 09:25:34 2011 From: gollo at fsfe.org (Martin Gollowitzer) Date: Sun, 27 Feb 2011 09:25:34 +0100 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D69D305.5050903@dougbarton.us> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D69BCBA.3000700@adversary.org> <4D69D305.5050903@dougbarton.us> Message-ID: <20110227082534.GA28241@wingback.gollo.at> * Doug Barton [110227 05:30]: > If you look at the characteristics of the actual messages encrypted mail > is very similar whether it's in-line or MIME. It's signed messages that > make things interesting because the signature in a MIME message is > actually (sort of) an attachment but also sort of not, which is why it > confuses simple mail readers like Outlook Express. Encrypted messages differ from signed messages. The percentage of inline-signed messages I receive with bad signatures is much higher than the number of PGP/MIME messages with broken signatures. Despite that, there are MUAs which do not automatically parse every message completely to see if there's inline PGP content in them, but if the see that a message uses PGP/MIME they immediately try to decrypt/verify the message. Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 490 bytes Desc: not available URL: From gollo at fsfe.org Sun Feb 27 09:34:00 2011 From: gollo at fsfe.org (Martin Gollowitzer) Date: Sun, 27 Feb 2011 09:34:00 +0100 Subject: [SOLVED] SCR3310 reader working for root, but not scard group In-Reply-To: References: <4D69B8C9.1000201@grant-olson.net> Message-ID: <20110227083400.GB28241@wingback.gollo.at> * Todd A. Jacobs [110227 04:02]: > Here are the steps I needed to take under Ubuntu 10.10 to get this > particular reader working properly as a mortal user. You could also have run the script [1] linked from the only up-to-date OpenPGP smartcard howto [2] I'm aware of. [1] http://download.fsfe.org/tools/cardreader/udev-howto-automatization.sh [2] http://wiki.fsfe.org/Card_howtos/Card_with_subkeys_using_backups All the best, Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 490 bytes Desc: not available URL: From gollo at fsfe.org Sun Feb 27 09:39:20 2011 From: gollo at fsfe.org (Martin Gollowitzer) Date: Sun, 27 Feb 2011 09:39:20 +0100 Subject: Smart Card Physical Best Practices? In-Reply-To: <4D69C0B9.1050409@grant-olson.net> References: <4D69B987.9010400@systemoverlord.com> <4D69C0B9.1050409@grant-olson.net> Message-ID: <20110227083920.GC28241@wingback.gollo.at> * Grant Olson [110227 04:11]: > I usually just leave it in until I leave the computer for lunch or a > meeting or whatever. Same here, but I always take the card with me if I leave the room. > One thing I didn't realize at first, is that once you've unlocked either > your encryption or authentication key, it will remain unlocked as long > as the card is powered up, regardless of any password cache settings > you've set in your gpg configuration. > > If that bothers you, but you don't want to keep yanking and inserting > the smartcard, you can kill the scdaemon process and it'll effectively > 'unplug' your card. I'm pretty sure there's an easier command to do > this too, but I can't remember it off-hand. Yes, this might be an issue. What I do is that I run my gpg-agent in a loop and the agent is killed every 10 minutes or so, also causing scdaemon to exit. This works pretty well. And, of course, you should force the card to ask for the PIN for every single signature (this can be set on the card itseld). > But I personally just assume I'll notice the blinking activity light on > my reader if some malware script or something weird tries to run gpg > commands while the card is activated. My multitasking capabilities are not good enough for parallely working on my PC and always watching my card reader at the same time ;-) Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 490 bytes Desc: not available URL: From kloecker at kde.org Sun Feb 27 11:04:59 2011 From: kloecker at kde.org (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Sun, 27 Feb 2011 11:04:59 +0100 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <142540874.20110226154847@my_localhost> References: <4D67043B.9050501@sixdemonbag.org> <87lj14x4yo.fsf@servo.finestructure.net> <142540874.20110226154847@my_localhost> Message-ID: <201102271105.04715@thufir.ingo-kloecker.de> On Saturday, February 26, 2011, MFPA wrote: > Hi > > > On Friday 25 February 2011 at 1:45:03 AM, in > > , Jameson Rollins wrote: > > Yikes! I thought we were almost done killing inline > > signatures! Don't revive it now! > > > > If PGP/MIME is broken on android, we need to get them > > to fix it, not go backwards to inline pgp. > > Using inline PGP signatures means using the simpler and more reliable > of the two solutions. The fact that its specification was defined > earlier does not mean using inline signatures is a step backwards; > PGP/MIME is a complement to pgp inline, not a replacement. The major problem I see with using cleartext signatures in email is the lack for support of non-ASCII text (or, more precisely, character encoding). Obviously, using ASCII armor to protect the text from being re-encoded to another encoding is no solution, since this will make inline PGP signed messages much less accessible than PGP/MIME messages. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From wk at gnupg.org Sun Feb 27 17:40:38 2011 From: wk at gnupg.org (Werner Koch) Date: Sun, 27 Feb 2011 17:40:38 +0100 Subject: GnuPG Card with ssh authentication problems In-Reply-To: <86pqqeav79.fsf@frogandbear.net> (Brady Young's message of "Sat, 26 Feb 2011 21:43:38 -0800") References: <86hbbqnpks.fsf@frogandbear.net> <8639nankq2.fsf@frogandbear.net> <4D69DE0D.8010709@grant-olson.net> <86pqqeav79.fsf@frogandbear.net> Message-ID: <87ipw5xwft.fsf@vigenere.g10code.de> On Sun, 27 Feb 2011 06:43, brady at frogandbear.net said: > I do find it a little odd that GnuPG's very own (and from the looks of > it, old) documentation (1) lists the 3121 as a supported reader, along > with several other outdated models. Sorry for that, the howto is a bit outdated. Omnikey based readers work well with keys < 2048 bit. But the don't work with the others. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From rjh at sixdemonbag.org Sun Feb 27 18:21:35 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 27 Feb 2011 12:21:35 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <87ei6uciyt.fsf@servo.finestructure.net> References: <87ei6uciyt.fsf@servo.finestructure.net> Message-ID: <4D6A881F.3030601@sixdemonbag.org> On 2/26/11 9:24 PM, Jameson Rollins wrote: > http://josefsson.org/inline-openpgp-considered-harmful.html * IT DOESN'T HANDLE ATTACHMENTS. That's fine with me: 95%+ of my messages don't require attachments. Any technology that can hit 95% of the use case is fine by me. * IT DOESN'T LIKE CHARACTER ENCODINGS. Works fine for me with Latin-1 and UTF-8. * FORMAT=FLOWED DOESN'T WORK RELIABLY. I don't use format=flowed in the first place. ... and so on and so on. When I look at the objections to inline PGP, the more I realize inline PGP hits the sweet spot for me and for a great many other users. From noloader at gmail.com Sun Feb 27 17:54:36 2011 From: noloader at gmail.com (Jeffrey Walton) Date: Sun, 27 Feb 2011 11:54:36 -0500 Subject: GPA - Message-ID: Hi All, I recently installed GPA. I'm trying to locate a friend's public key by either name or email address. GPA appears to only offer Key ID (which I don't have). Does anyone have tricks for locating a key by name or email? Thanks, Jeff From david at systemoverlord.com Sun Feb 27 19:13:26 2011 From: david at systemoverlord.com (David Tomaschik) Date: Sun, 27 Feb 2011 13:13:26 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D6A881F.3030601@sixdemonbag.org> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> Message-ID: <4D6A9446.70705@systemoverlord.com> On 02/27/2011 12:21 PM, Robert J. Hansen wrote: > On 2/26/11 9:24 PM, Jameson Rollins wrote: >> http://josefsson.org/inline-openpgp-considered-harmful.html > > * IT DOESN'T HANDLE ATTACHMENTS. That's fine with me: 95%+ of my > messages don't require attachments. Any technology that can hit 95% of > the use case is fine by me. > > * IT DOESN'T LIKE CHARACTER ENCODINGS. Works fine for me with Latin-1 > and UTF-8. > > * FORMAT=FLOWED DOESN'T WORK RELIABLY. I don't use format=flowed in the > first place. > > ... and so on and so on. When I look at the objections to inline PGP, > the more I realize inline PGP hits the sweet spot for me and for a great > many other users. How about "inline confuses users who don't know anything about OpenPGP"? David From gollo at fsfe.org Sun Feb 27 19:30:55 2011 From: gollo at fsfe.org (Martin Gollowitzer) Date: Sun, 27 Feb 2011 19:30:55 +0100 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D6A9446.70705@systemoverlord.com> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> Message-ID: <20110227183055.GA10435@wingback.gollo.at> * David Tomaschik [110227 19:22]: > How about "inline confuses users who don't know anything about OpenPGP"? 100% agreed. Thank you! Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 490 bytes Desc: not available URL: From kgo at grant-olson.net Sun Feb 27 20:16:14 2011 From: kgo at grant-olson.net (Grant Olson) Date: Sun, 27 Feb 2011 14:16:14 -0500 Subject: GnuPG Card with ssh authentication problems In-Reply-To: <87ipw5xwft.fsf@vigenere.g10code.de> References: <86hbbqnpks.fsf@frogandbear.net> <8639nankq2.fsf@frogandbear.net> <4D69DE0D.8010709@grant-olson.net> <86pqqeav79.fsf@frogandbear.net> <87ipw5xwft.fsf@vigenere.g10code.de> Message-ID: <4D6AA2FE.8050401@grant-olson.net> On 02/27/2011 11:40 AM, Werner Koch wrote: > On Sun, 27 Feb 2011 06:43, brady at frogandbear.net said: > >> I do find it a little odd that GnuPG's very own (and from the looks of >> it, old) documentation (1) lists the 3121 as a supported reader, along >> with several other outdated models. > > Sorry for that, the howto is a bit outdated. Omnikey based readers work > well with keys < 2048 bit. But the don't work with the others. > > > Shalom-Salam, > > Werner > If you want someone to cleanup and update the howto, I volunteer. I just need to know the name of the cvs project. 'card-howto' didn't seem to work. -- -Grant "Look around! Can you construct some sort of rudimentary lathe?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 565 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Sun Feb 27 20:18:30 2011 From: wk at gnupg.org (Werner Koch) Date: Sun, 27 Feb 2011 20:18:30 +0100 Subject: GPA - In-Reply-To: (Jeffrey Walton's message of "Sun, 27 Feb 2011 11:54:36 -0500") References: Message-ID: <87ei6txp4p.fsf@vigenere.g10code.de> On Sun, 27 Feb 2011 17:54, noloader at gmail.com said: > I recently installed GPA. I'm trying to locate a friend's public key > by either name or email address. GPA appears to only offer Key ID > (which I don't have). You have to use the command line: gpg2 --search-key foo at example.org then follow the prompts. If gpg2 is not installed, use gpg. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From rjh at sixdemonbag.org Sun Feb 27 20:27:11 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 27 Feb 2011 14:27:11 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D6A9446.70705@systemoverlord.com> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> Message-ID: <4D6AA58F.6030803@sixdemonbag.org> On 2/27/11 1:13 PM, David Tomaschik wrote: > How about "inline confuses users who don't know anything about OpenPGP"? 1. Why are you sending them signed emails anyway? 2. And seeing strange MIME attachments doesn't confuse people? From aaron.toponce at gmail.com Sun Feb 27 20:29:28 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Sun, 27 Feb 2011 12:29:28 -0700 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D6A9446.70705@systemoverlord.com> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 David Tomaschik wrote: >How about "inline confuses users who don't know anything about >OpenPGP"? Meh. If anything, inline signatures sparked conversation. - -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -----BEGIN PGP SIGNATURE----- Version: APG v1.0.8 iQFFBAEBCgAvBQJNaqYYKBxBYXJvbiBUb3BvbmNlIDxhYXJvbi50b3BvbmNlQGdt YWlsLmNvbT4ACgkQznkRt/wECI/ixQf+OdKjfR/eeYJAYZ/lZg2YcImYg9fLZ3ih 9q8QklaOFLHRE3zts7B2KQG2lTZrEOZjO061MMbcooqaLWAkYT5lNCSpNNutqPv7 xmn7JBqSwJF3AYrf25nsLcTT0edytrneO+Wq6/TrzhoVgU20lG51DnznggPqQClX 3KpwM7rEZ5L9PKV4X211TTgifM2Jh+SxXGmoTOcaZFgpkoJVRj8wdgXdkUqQPWbl ny5/YLhhIhYwIYB1M+J3aYnep+jUWqe2ykSjtBv28TCgB4NtBuel8DEt+eUQBd2N znZtOA1Cd8x1Z5lbys2ZWlfzgVbtxBNoW7J6GtfiKAq5PItrj7XWHA== =aVXF -----END PGP SIGNATURE----- From gollo at fsfe.org Sun Feb 27 20:37:31 2011 From: gollo at fsfe.org (Martin Gollowitzer) Date: Sun, 27 Feb 2011 20:37:31 +0100 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D6AA58F.6030803@sixdemonbag.org> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> <4D6AA58F.6030803@sixdemonbag.org> Message-ID: <20110227193731.GA14868@wingback.gollo.at> * Robert J. Hansen [110227 20:28]: > > How about "inline confuses users who don't know anything about OpenPGP"? > > 1. Why are you sending them signed emails anyway? I sign *all* my e-mail except for messages sent from my mobile (in that case, my signature tells the receiver why the message is not signed and offers the receiver to request a signed proof of authenticity later) or messages to people who can't receive signed messages (I had a case where e-mails arrived empty because of the MS Exchange/Antivirus/whatever combination at the receivers working place). > 2. And seeing strange MIME attachments doesn't confuse people? Less than strange text fragments at the head and the bottom of a message (Some people even think they are being spammed when they see inline PGP data), because an attachment without useful data will rather be ignored. Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 490 bytes Desc: not available URL: From wk at gnupg.org Sun Feb 27 20:36:54 2011 From: wk at gnupg.org (Werner Koch) Date: Sun, 27 Feb 2011 20:36:54 +0100 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D6A881F.3030601@sixdemonbag.org> (Robert J. Hansen's message of "Sun, 27 Feb 2011 12:21:35 -0500") References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> Message-ID: <87aahhxoa1.fsf@vigenere.g10code.de> Hi, I once hoped the discussion about MIME vs. crufty inline signatures has been settled a long time ago. Today that even Microsoft Outlook handles it correctly for more than 7 years, the new excuse seems to be some buggy new mail applications. I don't buy such an excuse. MIME is so primitive and easy to implement that any application can handle it. In fact it is easier to handle core MIME services correctly than not to do it. An application which does not handle MOSS correctly will for sure be broken in other areas as well. And you trust such buggy code to render HTML mails? It's been more than 15 years that MOSS as been defined: 1847 Security Multiparts for MIME: Multipart/Signed and Multipart/Encrypted. J. Galvin, S. Murphy, S. Crocker, N. Freed. October 1995. (Format: TXT=23679 bytes) (Status: PROPOSED STANDARD) PGP/MIME (rfc2015, 1996) is not required to display signed MOSS mails. We should expect that 1847 has been implemented in any MIME aware MUA; in particular as it seems that S/MIME, which is also based on MOSS, does work. Please go an fix these buggy mail applications. I heard rumors that Android is about Free Software and the reason for its success; thus where is the problem? .-) Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From rjh at sixdemonbag.org Sun Feb 27 20:48:33 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 27 Feb 2011 14:48:33 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <20110227193731.GA14868@wingback.gollo.at> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> <4D6AA58F.6030803@sixdemonbag.org> <20110227193731.GA14868@wingback.gollo.at> Message-ID: <4D6AAA91.3090901@sixdemonbag.org> On 2/27/11 2:37 PM, Martin Gollowitzer wrote: > I sign *all* my e-mail except for messages sent from my mobile (in that > case, my signature tells the receiver why the message is not signed and > offers the receiver to request a signed proof of authenticity later) or > messages to people who can't receive signed messages (I had a case where > e-mails arrived empty because of the MS Exchange/Antivirus/whatever > combination at the receivers working place). You may want to reconsider this practice. Signatures have value if they are correct, originating from a validated key, belonging to a trusted individual. If any of those are absent the signature is more or less just line noise. You cannot make any logical inferences from a signature that is bad, that comes from a non-validated key, or an untrusted individual. The overwhelming majority of signatures I've seen have been somewhere between irrelevant and useless. People tend to fetishize them something fierce. >> 2. And seeing strange MIME attachments doesn't confuse people? > > Less than strange text fragments at the head and the bottom of a message > (Some people even think they are being spammed when they see inline PGP > data), because an attachment without useful data will rather be ignored. Show me the HCI study, please. This may be a true claim, but I'm not willing to accept it as such on the basis of one person's anecdotal experiences. From kgo at grant-olson.net Sun Feb 27 21:00:00 2011 From: kgo at grant-olson.net (Grant Olson) Date: Sun, 27 Feb 2011 15:00:00 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <20110227193731.GA14868@wingback.gollo.at> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> <4D6AA58F.6030803@sixdemonbag.org> <20110227193731.GA14868@wingback.gollo.at> Message-ID: <4D6AAD40.5080609@grant-olson.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 02/27/2011 02:37 PM, Martin Gollowitzer wrote: > * Robert J. Hansen [110227 20:28]: >>> How about "inline confuses users who don't know anything about OpenPGP"? >> >> 1. Why are you sending them signed emails anyway? > > I sign *all* my e-mail except for messages sent from my mobile (in that > case, my signature tells the receiver why the message is not signed and > offers the receiver to request a signed proof of authenticity later) or > messages to people who can't receive signed messages (I had a case where > e-mails arrived empty because of the MS Exchange/Antivirus/whatever > combination at the receivers working place). > >> 2. And seeing strange MIME attachments doesn't confuse people? > > Less than strange text fragments at the head and the bottom of a message > (Some people even think they are being spammed when they see inline PGP > data), because an attachment without useful data will rather be ignored. > > Martin > Hey guys, Both camps can argue all day and they're not going to change anyone's mind. Both standards are valid, one doesn't supersede the other, and if you're interested in OpenPGP, you're probably want to run a mail client that can handle both Inline and PGP/Mime messages. If your contacts aren't interested, they should at least be able to read your emails. Which takes us back to the start of this conversation. Apparently Robert's mail client on Android doesn't like PGP/MIME messages, and won't display the body of a PGP/MIME message. Several other people have said that the default mail client shows the message body just fine, and that alternate mail clients like K-9 do the same. Can we narrow down exactly when PGP/MIME is broken on droid phones? Maybe start a new thread where people report their results since this one is getting pretty big and has many side arguments? Subject "Android PGP/Mime Test" List whether or not your phone displays PGP/Mime messages, the model and manufacturer, droid version, email client and version? I do have a droid, but I don't use email on it. I'll fire up a test account and report back. I suppose if anyone wants to test on an iPhone, Blackberry, or other smartphone, that info would be handy as well. - -- - -Grant "Look around! Can you construct some sort of rudimentary lathe?" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18-gitcb2f55e (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCgAGBQJNaq07AAoJEP5F5V2hilTWgxUH/Az030ku4pq+w2pla3LYzElC 6xQNKvNnPplI1IWNXq9Sfi0yf910ti/Y/d+vJUPT5PehZ76gzFyAsHuN5+DX7hux /7gKzxIw+vaMaaZ4KTyieW5rkRgfEYlhDOfGjFo/GIzmXwyI4+wMqZGArdqfaZO/ Mxh7jpbVVrhgbUXZRle6EX7Mzh09M9iVP70sqTFY4ZJxkktvkCNAhBsfFuGvBgW/ dSRgC3QazJpsJrsY6y5ZkWtlBF4QopnMMbO2naG7MmlrfWb9SMvRKOBNAZ6B+MJX Kqnh+RlabokVAsy3DxHa308p1VhSamgGtPy8VBnNhbQOYDW1ASWtPHLspU+TkWg= =VPUx -----END PGP SIGNATURE----- From kloecker at kde.org Sun Feb 27 21:11:02 2011 From: kloecker at kde.org (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Sun, 27 Feb 2011 21:11:02 +0100 Subject: PGP/MIME considered harmful for mobile In-Reply-To: References: <4D6A9446.70705@systemoverlord.com> Message-ID: <201102272111.07418@thufir.ingo-kloecker.de> On Sunday 27 February 2011, Aaron Toponce wrote: > David Tomaschik wrote: > >How about "inline confuses users who don't know anything about > >OpenPGP"? > > Meh. If anything, inline signatures sparked conversation. Yeah. I think we should stop this pointless discussion. I doubt that any person was convinced one way or the other by this thread. Apparently, the message that started this thread was a gross overreaction as tests by others who couldn't reproduce the problem on multiple mobiles with multiple mail clients seem to show. I will continue to sign my messages in blue. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From kgo at grant-olson.net Sun Feb 27 21:26:43 2011 From: kgo at grant-olson.net (Grant Olson) Date: Sun, 27 Feb 2011 15:26:43 -0500 Subject: Android PGP/MIME test results Message-ID: <4D6AB383.5040000@grant-olson.net> Provider: Boost Manufacturer: Motorola Model: I1 Droid version: 1.5 This phone has two mail applications by default, one called 'email' and another called 'gmail'. Both displayed PGP/MIME messages without any trouble. Neither verified sigs of course. I see no easy way to determine the version number of either of these apps. If anyone has tips on how I can get this info, let me know. -- -Grant "Look around! Can you construct some sort of rudimentary lathe?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 565 bytes Desc: OpenPGP digital signature URL: From avi.wiki at gmail.com Sun Feb 27 22:51:31 2011 From: avi.wiki at gmail.com (Avi) Date: Sun, 27 Feb 2011 16:51:31 -0500 Subject: PGP/MIME considered harmful for mobile Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 As usual, Robert explains it clearly and succinctly. - --Avi -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) - GPGshell v3.77 Comment: Most recent key: Click show in box @ http://is.gd/4xJrs iJcEAREKAEAFAk1qx1I5GGh0dHA6Ly9wZ3AubmljLmFkLmpwL3Brcy9sb29rdXA/ b3A9Z2V0JnNlYXJjaD0weEY4MEUyOUY5AAoJEA1isBn4Din5oCgA91VmmVWU15cj jukZ2K71UTA9fisSfLWQbd9brx4aBukA+QHshimsCmiWTVQ/L3GcyhJkqpH7iqQT 6r9pPjoQXgP0 =B/Tt -----END PGP SIGNATURE----- ---- User:Avraham pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key) Primary key fingerprint: 167C 063F 7981 A1F6 71EC ABAA 0D62 B019 F80E 29F9 From: "Robert J. Hansen" > To: gnupg-users at gnupg.org > Date: Sun, 27 Feb 2011 12:21:35 -0500 > Subject: Re: PGP/MIME considered harmful for mobile > On 2/26/11 9:24 PM, Jameson Rollins wrote: > > http://josefsson.org/inline-openpgp-considered-harmful.html > > * IT DOESN'T HANDLE ATTACHMENTS. That's fine with me: 95%+ of my > messages don't require attachments. Any technology that can hit 95% of > the use case is fine by me. > > * IT DOESN'T LIKE CHARACTER ENCODINGS. Works fine for me with Latin-1 > and UTF-8. > > * FORMAT=FLOWED DOESN'T WORK RELIABLY. I don't use format=flowed in the > first place. > > ... and so on and so on. When I look at the objections to inline PGP, > the more I realize inline PGP hits the sweet spot for me and for a great > many other users. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From avi.wiki at gmail.com Sun Feb 27 22:53:33 2011 From: avi.wiki at gmail.com (Avi) Date: Sun, 27 Feb 2011 16:53:33 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Nothing a simple on-line search won't rectify. - --Avi -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) - GPGshell v3.77 Comment: Most recent key: Click show in box @ http://is.gd/4xJrs iJgEAREKAEAFAk1qx8U5GGh0dHA6Ly9wZ3AubmljLmFkLmpwL3Brcy9sb29rdXA/ b3A9Z2V0JnNlYXJjaD0weEY4MEUyOUY5AAoJEA1isBn4Din5zE8A/3U3/iFajiN4 DybVjOMvdk1L0DH9G3VuTPEdRS6L3efwAPsE8FyS4rroYr5NS+lrsgvNfXUTuwyH XT9np0Utx/7hkA== =HvIc -----END PGP SIGNATURE----- ---- User:Avraham pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key) Primary key fingerprint: 167C 063F 7981 A1F6 71EC ABAA 0D62 B019 F80E 29F9 From: David Tomaschik > To: gnupg-users at gnupg.org > Date: Sun, 27 Feb 2011 13:13:26 -0500 > Subject: Re: PGP/MIME considered harmful for mobile > How about "inline confuses users who don't know anything about OpenPGP"? > > David > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dshaw at jabberwocky.com Sun Feb 27 23:17:03 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Sun, 27 Feb 2011 17:17:03 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D6AAA91.3090901@sixdemonbag.org> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> <4D6AA58F.6030803@sixdemonbag.org> <20110227193731.GA14868@wingback.gollo.at> <4D6AAA91.3090901@sixdemonbag.org> Message-ID: On Feb 27, 2011, at 2:48 PM, Robert J. Hansen wrote: >>> 2. And seeing strange MIME attachments doesn't confuse people? >> >> Less than strange text fragments at the head and the bottom of a message >> (Some people even think they are being spammed when they see inline PGP >> data), because an attachment without useful data will rather be ignored. > > Show me the HCI study, please. This may be a true claim, but I'm not > willing to accept it as such on the basis of one person's anecdotal > experiences. Can I see the HCI study that MIME attachments confuse people? ;) David From aaron.toponce at gmail.com Sun Feb 27 23:35:33 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Sun, 27 Feb 2011 15:35:33 -0700 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <20110227193731.GA14868@wingback.gollo.at> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> <4D6AA58F.6030803@sixdemonbag.org> <20110227193731.GA14868@wingback.gollo.at> Message-ID: <4D6AD1B5.8040701@gmail.com> On 02/27/2011 12:37 PM, Martin Gollowitzer wrote: > I sign *all* my e-mail except for messages sent from my mobile (in that > case, my signature tells the receiver why the message is not signed and > offers the receiver to request a signed proof of authenticity later) or > messages to people who can't receive signed messages (I had a case where > e-mails arrived empty because of the MS Exchange/Antivirus/whatever > combination at the receivers working place). Not me. I only sign those that I'm willing to stand behind (which is the vast majority), but If I want to go "off-the-record", I encrypt the mail with the recipients key and not sign it. I may change the "from:" header and use Tor, depending on the sensitivity and the need to remain anonymous. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 591 bytes Desc: OpenPGP digital signature URL: From dougb at dougbarton.us Sun Feb 27 23:52:56 2011 From: dougb at dougbarton.us (Doug Barton) Date: Sun, 27 Feb 2011 14:52:56 -0800 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <201102271105.04715@thufir.ingo-kloecker.de> References: <4D67043B.9050501@sixdemonbag.org> <87lj14x4yo.fsf@servo.finestructure.net> <142540874.20110226154847@my_localhost> <201102271105.04715@thufir.ingo-kloecker.de> Message-ID: <4D6AD5C8.7040000@dougbarton.us> On 02/27/2011 02:04, Ingo Kl?cker wrote: > On Saturday, February 26, 2011, MFPA wrote: >> Hi >> >> >> On Friday 25 February 2011 at 1:45:03 AM, in >> >> , Jameson Rollins wrote: >>> Yikes! I thought we were almost done killing inline >>> signatures! Don't revive it now! >>> >>> If PGP/MIME is broken on android, we need to get them >>> to fix it, not go backwards to inline pgp. >> >> Using inline PGP signatures means using the simpler and more reliable >> of the two solutions. The fact that its specification was defined >> earlier does not mean using inline signatures is a step backwards; >> PGP/MIME is a complement to pgp inline, not a replacement. > > The major problem I see with using cleartext signatures in email is the > lack for support of non-ASCII text (or, more precisely, character > encoding). Can you provide examples that do not work when both the mail client(s) and gnupg are properly configured to use UTF-8? -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ From dougb at dougbarton.us Sun Feb 27 23:59:15 2011 From: dougb at dougbarton.us (Doug Barton) Date: Sun, 27 Feb 2011 14:59:15 -0800 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <20110227082534.GA28241@wingback.gollo.at> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D69BCBA.3000700@adversary.org> <4D69D305.5050903@dougbarton.us> <20110227082534.GA28241@wingback.gollo.at> Message-ID: <4D6AD743.5060109@dougbarton.us> On 02/27/2011 00:25, Martin Gollowitzer wrote: > * Doug Barton [110227 05:30]: >> If you look at the characteristics of the actual messages encrypted mail >> is very similar whether it's in-line or MIME. It's signed messages that >> make things interesting because the signature in a MIME message is >> actually (sort of) an attachment but also sort of not, which is why it >> confuses simple mail readers like Outlook Express. > > Encrypted messages differ from signed messages. Yes, of course. Not sure how that's relevant. :) > The percentage of > inline-signed messages I receive with bad signatures is much higher than > the number of PGP/MIME messages with broken signatures. If you're using Mutt exclusively, that's likely the problem. My experience is different because I use Thunderbird primarily, and I see a failure rate (very) slightly higher for MIME-signed messages but that's usually because enigmail hasn't done the appropriate EOL munging. I have a set of scripts for PGP on Alpine that render most of those correctly, so the actual failure rate for the signatures themselves is pretty much equal. > Despite that, there are MUAs which do not automatically parse every > message completely to see if there's inline PGP content in them, but if > the see that a message uses PGP/MIME they immediately try to > decrypt/verify the message. Once again, while what you're saying may be true, it's not really relevant to the fact that there are a non-trivial number of MUAs in the installed base that simply choke on PGP/MIME. The simple fact is that both types of signatures have valid use cases, and there is really no point in trying to convince people not to use one method or the other. It's equally silly to use disparaging language about either method. Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ From dougb at dougbarton.us Mon Feb 28 00:03:04 2011 From: dougb at dougbarton.us (Doug Barton) Date: Sun, 27 Feb 2011 15:03:04 -0800 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <87aahhxoa1.fsf@vigenere.g10code.de> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <87aahhxoa1.fsf@vigenere.g10code.de> Message-ID: <4D6AD828.7050505@dougbarton.us> On 02/27/2011 11:36, Werner Koch wrote: > Hi, > > I once hoped the discussion about MIME vs. crufty inline signatures has > been settled a long time ago. I love/admire your optimism. :) > Today that even Microsoft Outlook handles > it correctly for more than 7 years, the new excuse seems to be some > buggy new mail applications. [...] There is still a large installed base of MUAs that don't handle PGP/MIME properly, such as Outlook Express. So ... > Please go an fix these buggy mail applications. ... is a totally unrealistic way to view the world. There are valid use cases for both types of signatures, hoping that one or the other will go away is equally unrealistic. :) Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ From dshaw at jabberwocky.com Mon Feb 28 00:03:29 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Sun, 27 Feb 2011 18:03:29 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D6AAA91.3090901@sixdemonbag.org> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> <4D6AA58F.6030803@sixdemonbag.org> <20110227193731.GA14868@wingback.gollo.at> <4D6AAA91.3090901@sixdemonbag.org> Message-ID: On Feb 27, 2011, at 2:48 PM, Robert J. Hansen wrote: > On 2/27/11 2:37 PM, Martin Gollowitzer wrote: >> I sign *all* my e-mail except for messages sent from my mobile (in that >> case, my signature tells the receiver why the message is not signed and >> offers the receiver to request a signed proof of authenticity later) or >> messages to people who can't receive signed messages (I had a case where >> e-mails arrived empty because of the MS Exchange/Antivirus/whatever >> combination at the receivers working place). > > You may want to reconsider this practice. > > Signatures have value if they are correct, originating from a validated > key, belonging to a trusted individual. If any of those are absent the > signature is more or less just line noise. You cannot make any logical > inferences from a signature that is bad, that comes from a non-validated > key, or an untrusted individual. I disagree with this. Obviously a bad signature doesn't say much (except perhaps "check your mail system - it's breaking things"), but there is still value in the continuity between multiple signed messages. It's important to not make of that more than it is: for all I know there are 200 people all sharing key 1CF3A917, but it does raise the bar for someone who wants to claim to be Martin. (and insert key ID collision attack here!) David From faramir.cl at gmail.com Mon Feb 28 00:05:53 2011 From: faramir.cl at gmail.com (Faramir) Date: Sun, 27 Feb 2011 20:05:53 -0300 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <20110227183055.GA10435@wingback.gollo.at> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> <20110227183055.GA10435@wingback.gollo.at> Message-ID: <4D6AD8D1.3020508@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 27-02-2011 15:30, Martin Gollowitzer escribi?: > * David Tomaschik [110227 19:22]: >> How about "inline confuses users who don't know anything about OpenPGP"? > > 100% agreed. Thank you! IMHO they would be even more confused if they can read the message. And some others see the attached signatures and think "Virus! Hit delete, hit delete!". Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJNatjRAAoJEMV4f6PvczxAYI0IAJtWqRP98Jg6Mu2Hy/xAjTtM Odc4yd3+M45Ujja3JC1JbcjYCCW3AdiQzJ9PwizQ13JLwy+amVWptCzQpixEIjBn h0CkUezcDdkB9PDnGpzb0Y8DJQ3jwcWmsalYhaxn/20iKj8kdQEt32ngwQzFi1Vo 85k2Ysdjb9IkwkTan6M14fFuS//I2fW8QfSaCdsZDF25tGOsTBmpbGdV4KHcQwju AuihTdEO6KsVkbrU3c9OUwiDlVx+e05UpIN2/MKq9kp+BK0N0BYIkxWtHFaIvtg/ Z0GRz4Mq/lMTVdT7sxV8xQGYqiEEpQrky/H3Df0jn922ASmx3bhS4svHo2m3N5U= =IP4u -----END PGP SIGNATURE----- From aaron.toponce at gmail.com Mon Feb 28 01:15:38 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Sun, 27 Feb 2011 17:15:38 -0700 Subject: Android PGP/MIME test results In-Reply-To: <4D6AB383.5040000@grant-olson.net> References: <4D6AB383.5040000@grant-olson.net> Message-ID: <519c7e8b-7888-45d9-a3c8-9d8962730f19@email.android.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Grant Olson wrote: >Provider: Boost >Manufacturer: Motorola >Model: I1 >Droid version: 1.5 > >This phone has two mail applications by default, one called 'email' and >another called 'gmail'. Both displayed PGP/MIME messages without any >trouble. Neither verified sigs of course. > >I see no easy way to determine the version number of either of these >apps. If anyone has tips on how I can get this info, let me know. > >-- >-Grant > >"Look around! Can you construct some sort of rudimentary lathe?" > >_______________________________________________ >Gnupg-users mailing list >Gnupg-users at gnupg.org >http://lists.gnupg.org/mailman/listinfo/gnupg-users This mail reads fine on K9, the default mail client shipped with the HTC Evo, and Google's Gmail client. K9 can verify the signature due to the integration with APG. The other two cannot, but they can view the signature.asc text. FYI. Provider: Sprint Phone: HTC Evo 4g Android: 2.2.1 - -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -----BEGIN PGP SIGNATURE----- Version: APG v1.0.8 iQFFBAEBCgAvBQJNaukpKBxBYXJvbiBUb3BvbmNlIDxhYXJvbi50b3BvbmNlQGdt YWlsLmNvbT4ACgkQznkRt/wECI+fHQf/b2fpz0N4LKkHtNUPRbQJsGdmgzZ5AppI GYrkmRNTL+6n09XRIffYFKURX+eYOR7HWIc+1dcNOIwPYDq+NhA56iYbdaxolYyz Q8Aw6tCnrp7k356cg/3WZhd96GucUFe9n6GFCXVkBHXuNzjXAYY0abzdiFRah47d lcvrYgZqrC8aRnfcDeZFR7SSABH2CZCHCDTN21fIlGFM7dM+yipRSH3et1PVsYl9 6f3oj5OIKhefSU8SNatzoKOOn/Cn90gfXkNi/4+cexWFyxVaEO63Jt/ShjJZmMnP M8A17DCwZ44/3vskUWlMearEpXst9r40J/n8sI7AvQOvOZKDlwTR5g== =1HpL -----END PGP SIGNATURE----- From jeandavid8 at verizon.net Mon Feb 28 00:54:47 2011 From: jeandavid8 at verizon.net (Jean-David Beyer) Date: Sun, 27 Feb 2011 18:54:47 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D6AD8D1.3020508@gmail.com> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> <20110227183055.GA10435@wingback.gollo.at> <4D6AD8D1.3020508@gmail.com> Message-ID: <4D6AE447.8090902@verizon.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Faramir wrote: > El 27-02-2011 15:30, Martin Gollowitzer escribi?: >> * David Tomaschik [110227 19:22]: >>> How about "inline confuses users who don't know anything about OpenPGP"? >> 100% agreed. Thank you! > > IMHO they would be even more confused if they can read the message. > And some others see the attached signatures and think "Virus! Hit > delete, hit delete!". > > Best Regards If someone sees my inline signature and thinks Virus..., let them. If it were a virus, by the time they saw that it would be too late, would it not? - -- .~. Jean-David Beyer Registered Linux User 85642. /V\ PGP-Key: 9A2FC99A Registered Machine 241939. /( )\ Shrewsbury, New Jersey http://counter.li.org ^^-^^ 18:50:01 up 40 days, 3:25, 3 users, load average: 4.69, 4.82, 4.75 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org/ iD8DBQFNauRHPtu2XpovyZoRAtJiAJ9dO+uuWXq+1BnBdgLpH0dhjF8IpwCZAQl5 0jDGfUbfhOm0qdFPzd708tY= =O0EK -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Mon Feb 28 02:31:06 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 27 Feb 2011 20:31:06 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <87aahhxoa1.fsf@vigenere.g10code.de> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <87aahhxoa1.fsf@vigenere.g10code.de> Message-ID: <53EF3147-1B4B-449A-AF39-6FFAE6BCBBB9@sixdemonbag.org> > PGP/MIME (rfc2015, 1996) is not required to display signed MOSS mails. > We should expect that 1847 has been implemented in any MIME aware MUA; > in particular as it seems that S/MIME, which is also based on MOSS, does > work. "Should" usually just means "I want." The world should be a just place and freedom should prevail: I want the world to be a just place and I want freedom to prevail. We should expect MIME to be correctly implemented in MUAs: we want MIME to be correctly implemented in MUAs. It's a great sentiment, one I happen to agree with: but it is not the world we live in. Broken and buggy MIME implementations are a fact of life, and I think it is worth mentioning that, "the default mail app on a Verizon Droid X running Android 2.2 has broken MIME support." From rjh at sixdemonbag.org Mon Feb 28 02:35:33 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 27 Feb 2011 20:35:33 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> <4D6AA58F.6030803@sixdemonbag.org> <20110227193731.GA14868@wingback.gollo.at> <4D6AAA91.3090901@sixdemonbag.org> Message-ID: On Feb 27, 2011, at 5:17 PM, David Shaw wrote: > Can I see the HCI study that MIME attachments confuse people? ;) I would love to see such a study. However, I never made that claim. :) Someone else made the claim PGP/MIME is superior because inline OpenPGP signatures confuse people. Okay, I'll stipulate the latter: but to argue that inline OpenPGP signatures confuse people but PGP/MIME signatures don't (or that they confuse people much less) seems to me to be kind of a stretch. If someone is arguing either that PGP/MIME signatures confuse people more or less than inline OpenPGP signatures, well, it's a neat hypothesis, but I want to see usability data before I'll sign onto that. From Chinatinte at gmx.ch Mon Feb 28 02:25:25 2011 From: Chinatinte at gmx.ch (Denise Schmid) Date: Mon, 28 Feb 2011 02:25:25 +0100 Subject: Question regarding shared keys Message-ID: <20110228012525.33010@gmx.net> Hello list, first of all: Sorry if my question reaches the wrong list, but I have a question someone on this list may probably answer easily. If a company has shared keys: How does encryption work then? Are several owners of a share needed to encrypt data? I just try to find out how it works in the real world... Thanks a lot Denise -- NEU: FreePhone - kostenlos mobil telefonieren und surfen! Jetzt informieren: http://www.gmx.net/de/go/freephone From rjh at sixdemonbag.org Mon Feb 28 03:38:43 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 27 Feb 2011 21:38:43 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> <4D6AA58F.6030803@sixdemonbag.org> <20110227193731.GA14868@wingback.gollo.at> <4D6AAA91.3090901@sixdemonbag.org> Message-ID: <45E19A0B-3584-4064-B9FA-77CCA68E06D4@sixdemonbag.org> > I disagree with this. Obviously a bad signature doesn't say much (except perhaps "check your mail system - it's breaking things"), but there is still value in the continuity between multiple signed messages. It's important to not make of that more than it is: for all I know there are 200 people all sharing key 1CF3A917, but it does raise the bar for someone who wants to claim to be Martin. I used to believe this, up until John Moore, John Clizbe and I did a small experiment on PGP-Basics. We all shared a certificate and used it to sign our emails. It was literally weeks before anyone noticed. Continuity is a great idea, but based on my own (limited and anecdotal) experience, it does not play a significant role in the real world. Unfortunately, I don't have anything more empirical to stand upon than that one ad-hoc experiment! From faramir.cl at gmail.com Mon Feb 28 03:53:55 2011 From: faramir.cl at gmail.com (Faramir) Date: Sun, 27 Feb 2011 23:53:55 -0300 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D6AE447.8090902@verizon.net> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> <20110227183055.GA10435@wingback.gollo.at> <4D6AD8D1.3020508@gmail.com> <4D6AE447.8090902@verizon.net> Message-ID: <4D6B0E43.4000503@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 27-02-2011 20:54, Jean-David Beyer escribi?: > Faramir wrote: ... >> IMHO they would be even more confused if they can read the message. >> And some others see the attached signatures and think "Virus! Hit >> delete, hit delete!". ... > > If someone sees my inline signature and thinks Virus..., let them. > If it were a virus, by the time they saw that it would be too late, > would it not? Well, I was talking about attached signatures, like in PGP/MIME. But it would be interesting to receive a text saying "please compile this virus source code and run it. Thanks" Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJNaw5DAAoJEMV4f6PvczxA8XIH/3CK1lj4MfcJrcSAPOZ5KjW2 abzAshy1vDY3jI6Vbl87XzqsYtQ4GNmZvFOwDzcLRE7WliSktcKMRPl16JKyIg8b iXBRc6qnK6TKBa3ITG4o/3zlqfuie0tEHVcvIF/u4Oi2ZzVn7hMP1BSmo75u9C+l PLW6gOKq6mC/BvtS2iy1yOQzMbhy0jLxJ2nQw7BpTgCZDA31OJacJTzz0EYqhEBx Im9crWRZDfqltK+PDReu8oz0sASvKXE0dNOMfbgQI5mtkKyZGhwp/rjcaNrRCp1r DIoCao0NRExWadO2jCUr4YOBGa1tHeYE3WFvVAcgdQLuznaNR54W4f8OBVYS6MU= =7+Ji -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Mon Feb 28 04:02:08 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Sun, 27 Feb 2011 22:02:08 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <45E19A0B-3584-4064-B9FA-77CCA68E06D4@sixdemonbag.org> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> <4D6AA58F.6030803@sixdemonbag.org> <20110227193731.GA14868@wingback.gollo.at> <4D6AAA91.3090901@sixdemonbag.org> <45E19A0B-3584-4064-B9FA-77CCA68E06D4@sixdemonbag.org> Message-ID: <010B72F5-DCB7-4877-A955-92CA0998B706@jabberwocky.com> On Feb 27, 2011, at 9:38 PM, Robert J. Hansen wrote: >> I disagree with this. Obviously a bad signature doesn't say much (except perhaps "check your mail system - it's breaking things"), but there is still value in the continuity between multiple signed messages. It's important to not make of that more than it is: for all I know there are 200 people all sharing key 1CF3A917, but it does raise the bar for someone who wants to claim to be Martin. > > I used to believe this, up until John Moore, John Clizbe and I did a small experiment on PGP-Basics. We all shared a certificate and used it to sign our emails. It was literally weeks before anyone noticed. > > Continuity is a great idea, but based on my own (limited and anecdotal) experience, it does not play a significant role in the real world. Unfortunately, I don't have anything more empirical to stand upon than that one ad-hoc experiment! I'm not at all surprised that you had those results. A limited subset of people have support for OpenPGP signatures. A limited subset of those people actually verify signatures. A limited subset of those people actually pay attention to what those signatures say. Still, that experiment doesn't exactly measure what I'm suggesting. In your experiment, you all kept quiet and waited for other people to notice. It is reasonable that if someone was being masqueraded, that person would speak up and challenge the forger (e.g. "Hey, you're not Martin! I'm the real Martin, and I can prove it by signing this message with the same key I've used all along...."). If the real Martin waited for someone else to notice, well, he may end up waiting for a long time. David From rjh at sixdemonbag.org Mon Feb 28 04:05:13 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 27 Feb 2011 22:05:13 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <010B72F5-DCB7-4877-A955-92CA0998B706@jabberwocky.com> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> <4D6AA58F.6030803@sixdemonbag.org> <20110227193731.GA14868@wingback.gollo.at> <4D6AAA91.3090901@sixdemonbag.org> <45E19A0B-3584-4064-B9FA-77CCA68E06D4@sixdemonbag.org> <010B72F5-DCB7-4877-A955-92CA0998B706@jabberwocky.com> Message-ID: <8D4F9854-51AA-4811-9408-BDEAB447BC42@sixdemonbag.org> > I'm not at all surprised that you had those results. A limited subset of people have support for OpenPGP signatures. A limited subset of those people actually verify signatures. A limited subset of those people actually pay attention to what those signatures say. Yes: but one would hope that on PGP-Basics those "limited subsets" would be present in significant numbers, much as on GnuPG-Users. > It is reasonable that if someone was being masqueraded, that person would speak up and challenge the forger (e.g. "Hey, you're not Martin! I'm the real Martin, and I can prove it by signing this message with the same key I've used all along...."). If the real Martin waited for someone else to notice, well, he may end up waiting for a long time. I'm not sure this is reasonable. If the real Martin doesn't care about what I'm saying, what motive does he have to check the signatures on my messages? From dshaw at jabberwocky.com Mon Feb 28 04:15:20 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Sun, 27 Feb 2011 22:15:20 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <8D4F9854-51AA-4811-9408-BDEAB447BC42@sixdemonbag.org> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> <4D6AA58F.6030803@sixdemonbag.org> <20110227193731.GA14868@wingback.gollo.at> <4D6AAA91.3090901@sixdemonbag.org> <45E19A0B-3584-4064-B9FA-77CCA68E06D4@sixdemonbag.org> <010B72F5-DCB7-4877-A955-92CA0998B706@jabberwocky.com> <8D4F9854-51AA-4811-9408-BDEAB447BC42@sixdemonbag.org> Message-ID: On Feb 27, 2011, at 10:05 PM, Robert J. Hansen wrote: >> I'm not at all surprised that you had those results. A limited subset of people have support for OpenPGP signatures. A limited subset of those people actually verify signatures. A limited subset of those people actually pay attention to what those signatures say. > > Yes: but one would hope that on PGP-Basics those "limited subsets" would be present in significant numbers, much as on GnuPG-Users. I wouldn't hope that. Or perhaps, I might hope that, but certainly not expect it. Do you check the signatures on each message you get on PGP-Basics of GnuPG-Users? I certainly don't. The fact that a message is signed on a public list is of little interest to me. Barring a situation like the Martin/Fake Martin we're talking about (i.e. if someone felt they were being spoofed and called the group's attention to it), I probably wouldn't bother to look at the signatures at all. >> It is reasonable that if someone was being masqueraded, that person would speak up and challenge the forger (e.g. "Hey, you're not Martin! I'm the real Martin, and I can prove it by signing this message with the same key I've used all along...."). If the real Martin waited for someone else to notice, well, he may end up waiting for a long time. > > I'm not sure this is reasonable. If the real Martin doesn't care about what I'm saying, what motive does he have to check the signatures on my messages? I think we're missing each other here. We have Martin (the real one), the fake Martin (let's call him "Marty"), and various other people on a mailing list. Martin always signs his messages. One day Marty shows up and tries to pretend to be Martin. Martin, not wanting someone else to pretend to be him, can easily say: "You're not Martin. I am Martin, and I can prove it: I have signed this message with the same key that I've used for all my other messages". David From ben at adversary.org Mon Feb 28 04:19:49 2011 From: ben at adversary.org (Ben McGinnes) Date: Mon, 28 Feb 2011 14:19:49 +1100 Subject: PGP/MIME considered harmful for mobile In-Reply-To: References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> <4D6AA58F.6030803@sixdemonbag.org> <20110227193731.GA14868@wingback.gollo.at> <4D6AAA91.3090901@sixdemonbag.org> Message-ID: <4D6B1455.80006@adversary.org> On 28/02/11 12:35 PM, Robert J. Hansen wrote: > > On Feb 27, 2011, at 5:17 PM, David Shaw wrote: > >> Can I see the HCI study that MIME attachments confuse people? ;) > > I would love to see such a study. However, I never made that claim. :) > > Someone else made the claim PGP/MIME is superior because inline > OpenPGP signatures confuse people. Okay, I'll stipulate the latter: > but to argue that inline OpenPGP signatures confuse people but > PGP/MIME signatures don't (or that they confuse people much less) > seems to me to be kind of a stretch. I've seen both confuse people. In-line generally produced general confusion about what it was, PGP/MIME produced either "I couldn't open that attachment" or "careful, you might have a virus." At which point I usually responded with a pre-written explanation of what it was, why I used it and why their (usually Microsoft) MUA couldn't handle it. I haven't received a panicked or confused response like that in a few years, but I do occasionally get questions as to what it is that are more just people being curious. I see this gradual shift in reactions as a good thing. Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: OpenPGP digital signature URL: From ben at adversary.org Mon Feb 28 04:22:31 2011 From: ben at adversary.org (Ben McGinnes) Date: Mon, 28 Feb 2011 14:22:31 +1100 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <010B72F5-DCB7-4877-A955-92CA0998B706@jabberwocky.com> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> <4D6AA58F.6030803@sixdemonbag.org> <20110227193731.GA14868@wingback.gollo.at> <4D6AAA91.3090901@sixdemonbag.org> <45E19A0B-3584-4064-B9FA-77CCA68E06D4@sixdemonbag.org> <010B72F5-DCB7-4877-A955-92CA0998B706@jabberwocky.com> Message-ID: <4D6B14F7.1090307@adversary.org> On 28/02/11 2:02 PM, David Shaw wrote: > > I'm not at all surprised that you had those results. A limited > subset of people have support for OpenPGP signatures. A limited > subset of those people actually verify signatures. A limited subset > of those people actually pay attention to what those signatures say. And a limited subset of those will actually speak up. ;) Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Mon Feb 28 04:27:06 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 27 Feb 2011 22:27:06 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> <4D6AA58F.6030803@sixdemonbag.org> <20110227193731.GA14868@wingback.gollo.at> <4D6AAA91.3090901@sixdemonbag.org> <45E19A0B-3584-4064-B9FA-77CCA68E06D4@sixdemonbag.org> <010B72F5-DCB7-4877-A955-92CA0998B706@jabberwocky.com> <8D4F9854-51AA-4811-9408-BDEAB447BC42@sixdemonbag.org> Message-ID: <12AA8816-AB3F-4E35-8EDC-BF8F6DB74118@sixdemonbag.org> > I think we're missing each other here. We have Martin (the real one), the fake Martin (let's call him "Marty"), and various other people on a mailing list. Martin always signs his messages. One day Marty shows up and tries to pretend to be Martin. Martin, not wanting someone else to pretend to be him, can easily say: "You're not Martin. I am Martin, and I can prove it: I have signed this message with the same key that I've used for all my other messages". Then we're at an impasse, because that claim wouldn't fly with me. Let's imagine Fake-Martin and Real-Martin (FM and RM). FM: [message] RM: Hey, that's not me! I'm me. See? I've signed this with the same cert I've used for everything else on this list. FM: No, I'm the real Martin. I didn't sign up for this mailing list until last week. You signed up here a long time ago and posted messages pretending to be me, so that when I came on the list you could falsely claim to be me! RM: But I'm the real Martin! I've been posting here for months! FM: Prove it. You can't! Therefore, I'm the real Martin. RM: But you can't prove it either! We like to view signatures as purely mathematical things. If certain preconditions are met, then a signature has this semantic meaning, etcetera. Unfortunately, signatures are also social constructs, and social machinery tends to be full of people behaving irrationally. Given this, I would have to say, "I don't know who's real and who's fake. They both make very credible claims. If I wanted to do a credibility attack on Martin, you'd better believe I'd make it a point to get on the mailing list first." From dshaw at jabberwocky.com Mon Feb 28 04:40:03 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Sun, 27 Feb 2011 22:40:03 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <12AA8816-AB3F-4E35-8EDC-BF8F6DB74118@sixdemonbag.org> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> <4D6AA58F.6030803@sixdemonbag.org> <20110227193731.GA14868@wingback.gollo.at> <4D6AAA91.3090901@sixdemonbag.org> <45E19A0B-3584-4064-B9FA-77CCA68E06D4@sixdemonbag.org> <010B72F5-DCB7-4877-A955-92CA0998B706@jabberwocky.com> <8D4F9854-51AA-4811-9408-BDEAB447BC42@sixdemonbag.org> <12AA8816-AB3F-4E35-8EDC-BF8F6DB74118@sixdemonbag.org> Message-ID: <76C9226B-12AB-4015-B6F1-34D823E6D4AB@jabberwocky.com> On Feb 27, 2011, at 10:27 PM, Robert J. Hansen wrote: >> I think we're missing each other here. We have Martin (the real one), the fake Martin (let's call him "Marty"), and various other people on a mailing list. Martin always signs his messages. One day Marty shows up and tries to pretend to be Martin. Martin, not wanting someone else to pretend to be him, can easily say: "You're not Martin. I am Martin, and I can prove it: I have signed this message with the same key that I've used for all my other messages". > > Then we're at an impasse, because that claim wouldn't fly with me. Let's imagine Fake-Martin and Real-Martin (FM and RM). > > > FM: [message] > RM: Hey, that's not me! I'm me. See? I've signed this with the same cert I've used for everything else on this list. > FM: No, I'm the real Martin. I didn't sign up for this mailing list until last week. You signed up here a long time ago and posted messages pretending to be me, so that when I came on the list you could falsely claim to be me! > RM: But I'm the real Martin! I've been posting here for months! > FM: Prove it. You can't! Therefore, I'm the real Martin. > RM: But you can't prove it either! I'm not talking about proving who is *named* Martin and who isn't. That's not very important (or doable on a mailing list anyway). What is significant is that the "Martin" that has been posting on the list and signing their messages has a continuity he can point to. If I were Martin, I'd respond: I am the Martin that has been using this mailing list for the past few months. I've had many interesting conversations here, and signed them all. I am signing this message too. I am the same Martin that you all have been conversing with. This man claims to be Martin too. Whether he is or not, *he's not the guy you've been talking to for months*. Or put another way, he's the Martin that they know. There is nothing dramatically new about this idea. It's how nym users have identified themselves for years. David From dkg at fifthhorseman.net Mon Feb 28 04:51:20 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Sun, 27 Feb 2011 22:51:20 -0500 Subject: [was: Re: PGP/MIME considered harmful for mobile] In-Reply-To: <53EF3147-1B4B-449A-AF39-6FFAE6BCBBB9@sixdemonbag.org> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <87aahhxoa1.fsf@vigenere.g10code.de> <53EF3147-1B4B-449A-AF39-6FFAE6BCBBB9@sixdemonbag.org> Message-ID: <4D6B1BB8.9010900@fifthhorseman.net> On 02/27/2011 08:31 PM, Robert J. Hansen wrote: > the default mail app on a Verizon Droid X running Android 2.2 has broken MIME support. Please post this bit of useful details to the "Android PGP/MIME test results" thread started by Grant Olson, which actually has an acceptable signal-to-noise ratio. If you could be more specific about versions and application names, that'd be great (an earlier e-mail from you mentioned "droid 2.2.something", so i'm not sure what to make of the version numbers in this e-mail). Thanks for trying to make a useful bug report. Hopefully someone who knows more about android can actually get it to the right people and follow up here about it. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From kgo at grant-olson.net Mon Feb 28 04:59:39 2011 From: kgo at grant-olson.net (Grant Olson) Date: Sun, 27 Feb 2011 22:59:39 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D6B14F7.1090307@adversary.org> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> <4D6AA58F.6030803@sixdemonbag.org> <20110227193731.GA14868@wingback.gollo.at> <4D6AAA91.3090901@sixdemonbag.org> <45E19A0B-3584-4064-B9FA-77CCA68E06D4@sixdemonbag.org> <010B72F5-DCB7-4877-A955-92CA0998B706@jabberwocky.com> <4D6B14F7.1090307@adversary.org> Message-ID: <4D6B1DAB.8020600@grant-olson.net> On 02/27/2011 10:22 PM, Ben McGinnes wrote: > On 28/02/11 2:02 PM, David Shaw wrote: >> >> I'm not at all surprised that you had those results. A limited >> subset of people have support for OpenPGP signatures. A limited >> subset of those people actually verify signatures. A limited subset >> of those people actually pay attention to what those signatures say. > > And a limited subset of those will actually speak up. ;) > > Especially on a list where many people self-identify as newbies. I've been toying with the idea of expiring my key and seeing how long it takes for anyone to notice. In fact, I've just decided I will do this sometime in the next year. It'll be interesting to see how long it takes people to notice even after I've announced my intentions. If anyone remembers this conversation when I do this, please let me know my key is expired off-list, so we can collect more data than the first responder. -- -Grant "Look around! Can you construct some sort of rudimentary lathe?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 565 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Mon Feb 28 05:06:38 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 27 Feb 2011 23:06:38 -0500 Subject: [was: Re: PGP/MIME considered harmful for mobile] In-Reply-To: <4D6B1BB8.9010900@fifthhorseman.net> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <87aahhxoa1.fsf@vigenere.g10code.de> <53EF3147-1B4B-449A-AF39-6FFAE6BCBBB9@sixdemonbag.org> <4D6B1BB8.9010900@fifthhorseman.net> Message-ID: <3C145DA9-22CC-4A65-B4D3-9D3840D516BE@sixdemonbag.org> > Please post this bit of useful details to the "Android PGP/MIME test > results" thread started by Grant Olson, which actually has an acceptable > signal-to-noise ratio. As I have said a few times now, I have been out of town at a funeral. I have just now returned and am for the most part exhausted. For the most part, the messages I've been replying to have not demanded much out of me: nothing more than just a couple of facts off the top of my head and a little bit of logical thought. Putting together a formal bug report, complete with screen shots and whatnot, is a little more demanding. I'll get to it when I no longer feel wrung-out and exhausted from burying my uncle. Thanks. :) From dshaw at jabberwocky.com Mon Feb 28 05:13:05 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Sun, 27 Feb 2011 23:13:05 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> <4D6AA58F.6030803@sixdemonbag.org> <20110227193731.GA14868@wingback.gollo.at> <4D6AAA91.3090901@sixdemonbag.org> Message-ID: <71162B43-2CFA-4BCA-9D71-F11909D52BF9@jabberwocky.com> On Feb 27, 2011, at 8:35 PM, Robert J. Hansen wrote: > > On Feb 27, 2011, at 5:17 PM, David Shaw wrote: > >> Can I see the HCI study that MIME attachments confuse people? ;) > > I would love to see such a study. However, I never made that claim. :) > > Someone else made the claim PGP/MIME is superior because inline OpenPGP signatures confuse people. Okay, I'll stipulate the latter: but to argue that inline OpenPGP signatures confuse people but PGP/MIME signatures don't (or that they confuse people much less) seems to me to be kind of a stretch. I suspect that given a client that properly implements MIME (meaning in this case that it would show the regular text, whether or not they were capable of verifying the signature), inline would be more confusing, for reason of numbers. For users of those mail clients, they see a signed message as much the same thing they'd have seen if the mail hadn't been signed at all. For example, Apple's various mail programs do this (I suspect some common code there). For those clients, inline (where you see something) is bound to be more confusing than MIME (where you see nothing) for the simple reason that something is more visible than nothing. Like you, I have no study to point to, but it seems reasonable. Of course, your phone notwithstanding, how large the set of clients that properly implement MIME is an open question... Personally, when I need to make a signature, I usually just consider the audience. For a list like this, I'd probably PGP/MIME it. For other audiences, perhaps not. David From dshaw at jabberwocky.com Mon Feb 28 05:17:09 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Sun, 27 Feb 2011 23:17:09 -0500 Subject: Question regarding shared keys In-Reply-To: <20110228012525.33010@gmx.net> References: <20110228012525.33010@gmx.net> Message-ID: <162DFC33-15A5-4A0D-BA1A-7A933D7B9129@jabberwocky.com> On Feb 27, 2011, at 8:25 PM, Denise Schmid wrote: > Hello list, > > first of all: Sorry if my question reaches the wrong list, but I have a question someone on this list may probably answer easily. > > If a company has shared keys: How does encryption work then? Are several owners of a share needed to encrypt data? I just try to find out how it works in the real world... It depends on what you mean by a "shared key". There is just giving a copy of the key to multiple people (in which case any one of them can use it), or there are various key splitting algorithms where a key is broken into a number of pieces, and a specified subset of those pieces can come together, reconstruct the key, and do whatever they need to do. Which do you mean? The OpenPGP standard (which specifies how different implementations can interoperate) does not really specify shared keys, beyond acknowledging that they exist. The PGP *implementation* of the standard, has a shared key feature in the break-the-key-into-multiple-pieces sense. The GnuPG implementation does not have this feature. David From faramir.cl at gmail.com Mon Feb 28 05:17:38 2011 From: faramir.cl at gmail.com (Faramir) Date: Mon, 28 Feb 2011 01:17:38 -0300 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <12AA8816-AB3F-4E35-8EDC-BF8F6DB74118@sixdemonbag.org> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> <4D6AA58F.6030803@sixdemonbag.org> <20110227193731.GA14868@wingback.gollo.at> <4D6AAA91.3090901@sixdemonbag.org> <45E19A0B-3584-4064-B9FA-77CCA68E06D4@sixdemonbag.org> <010B72F5-DCB7-4877-A955-92CA0998B706@jabberwocky.com> <8D4F9854-51AA-4811-9408-BDEAB447BC42@sixdemonbag.org> <12AA8816-AB3F-4E35-8EDC-BF8F6DB74118@sixdemonbag.org> Message-ID: <4D6B21E2.4060702@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 28-02-2011 0:27, Robert J. Hansen escribi?: ... > Then we're at an impasse, because that claim wouldn't fly with me. Let's imagine Fake-Martin and Real-Martin (FM and RM). > > > FM: [message] > RM: Hey, that's not me! I'm me. See? I've signed this with the same cert I've used for everything else on this list. > FM: No, I'm the real Martin. I didn't sign up for this mailing list until last week. You signed up here a long time ago and posted messages pretending to be me, so that when I came on the list you could falsely claim to be me! ... At this point, and since it is about a mailing list, I would be more interested in knowing who is the real Martin, even if his name is not Martin. In other words, I don't know if you write using your real name, but I still would like to know if someone else is trying to impersonate you. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJNayHhAAoJEMV4f6PvczxAhGMH/j9fM86ddLEp4jaP1rQdHFKo iyKmibXNtaGMrNQuilbBX9Dsdkl90yR+6mrWYdi0SLl+VVPKmMvp2hw27ysKsT8F wtJcUYd0xTrxjMxG+o4Vxy8f9ky3YtLzM7TArgd6U6F+E9wzfA4B+9r90FQti+0r 582tnlnsZ6XRnrogYjcEuvhDUveP8gD5BJv+1cb4g4VFix+TXcmqb+3ERWUoPzoY F1mu5/hV5Oa6Vk5LrwAVLx0fY5xGO2qjhl0x0luKXwQSsJpNspwxxOYHnrLOxBD+ J6RDtv7edjquQddBOfqpv3gwiSk1LjbnBFMY92w3IM77CDuba69RbcNk+Qs6N6Q= =WN0I -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Mon Feb 28 05:29:23 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Sun, 27 Feb 2011 23:29:23 -0500 Subject: Android PGP/MIME test results In-Reply-To: <4D6AB383.5040000@grant-olson.net> References: <4D6AB383.5040000@grant-olson.net> Message-ID: <115AE220-D534-44AA-811B-CDF58DAA66A9@jabberwocky.com> Not exactly Android, but FWIW, an iPod touch (which has the same mail program as an iPhone) displays PGP/MIME just fine (as in shows the mail - but doesn't verify the signature). David From dshaw at jabberwocky.com Mon Feb 28 05:56:57 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Sun, 27 Feb 2011 23:56:57 -0500 Subject: Rebuilding the private key from signatures In-Reply-To: <1102250313110.2320@smasher> References: <20110224140911.GD17846@poseidon.cocyt.us> <1102250313110.2320@smasher> Message-ID: <34F1CF35-5D2C-4767-ABC1-DCDEAB0D732C@jabberwocky.com> On Feb 24, 2011, at 9:39 AM, Atom Smasher wrote: > On Thu, 24 Feb 2011, Aaron Toponce wrote: > >> However, I was in a discussion with a friend, and the topic came up that it is theoretically possible to rebuild your private key if someone had access to all your signed mail. We debated the size of signatures and mail that would need to be collected for this to be probable. >> >> Is it? > ================= > > if an attacker has two messages signed with DSA, and they happen to use the same value of "k" then it's trivial to recover the private key. > > a random "k" is the achilles heel of DSA and elgamal (and their ECC derivatives). if "k" is truly random (and reasonably large), the chances of getting a duplicate "k" approaches zero... if "k" is not reasonably large or there's a bias that can produce duplicate "k"s with the same value, you're hosed. > > http://www.the-fifth-hope.org/hoop/5hope_speakers.khtml#panel037 > http://en.wikipedia.org/wiki/Digital_Signature_Algorithm > http://en.wikipedia.org/wiki/ElGamal_signature_scheme It's worth mentioning that a variant of this is what caused the Elgamal signing key problem back in 2003 (and indirectly, what caused Elgamal signatures to be dropped from the OpenPGP standard altogether). See http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000160.html for the details. In that attack, all you usually needed was the public key alone, since most Elgamal signing keys were primary keys, and primary keys issue signatures over the user ID, giving you the signature needed to mount the attack. David From ben at adversary.org Mon Feb 28 05:48:22 2011 From: ben at adversary.org (Ben McGinnes) Date: Mon, 28 Feb 2011 15:48:22 +1100 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D6B1DAB.8020600@grant-olson.net> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> <4D6AA58F.6030803@sixdemonbag.org> <20110227193731.GA14868@wingback.gollo.at> <4D6AAA91.3090901@sixdemonbag.org> <45E19A0B-3584-4064-B9FA-77CCA68E06D4@sixdemonbag.org> <010B72F5-DCB7-4877-A955-92CA0998B706@jabberwocky.com> <4D6B14F7.1090307@adversary.org> <4D6B1DAB.8020600@grant-olson.net> Message-ID: <4D6B2916.3090106@adversary.org> On 28/02/11 2:59 PM, Grant Olson wrote: > > I've been toying with the idea of expiring my key and seeing how > long it takes for anyone to notice. In fact, I've just decided I > will do this sometime in the next year. It'll be interesting to see > how long it takes people to notice even after I've announced my > intentions. Heh. Are you aiming for some kind of simultaneously expired and accepted key? Schr?dinger's Key, if you will. > If anyone remembers this conversation when I do this, please let me > know my key is expired off-list, so we can collect more data than > the first responder. Great, it'll be like a scavenger hunt! :) Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: OpenPGP digital signature URL: From kgo at grant-olson.net Mon Feb 28 06:27:55 2011 From: kgo at grant-olson.net (Grant Olson) Date: Mon, 28 Feb 2011 00:27:55 -0500 Subject: Android PGP/MIME test results In-Reply-To: <115AE220-D534-44AA-811B-CDF58DAA66A9@jabberwocky.com> References: <4D6AB383.5040000@grant-olson.net> <115AE220-D534-44AA-811B-CDF58DAA66A9@jabberwocky.com> Message-ID: <4D6B325B.6000307@grant-olson.net> On 02/27/2011 11:29 PM, David Shaw wrote: > Not exactly Android, but FWIW, an iPod touch (which has the same mail program as an iPhone) displays PGP/MIME just fine (as in shows the mail - but doesn't verify the signature). > > David > > It's worth a lot. Since the rational behind this thread is buried in a long convoluted thread about PGP/MIME vs PGP/Inline, allow me to re-explain. I imagine some people got sick of that thread and are ignoring it. It seems Robert experienced the "Outlook Express" problem on his Droid, where a PGP/MIME message didn't get displayed properly on his phone, and instead showed a blank message. I just wanted to gague how severe the problem was, by getting feedback from various people's smartphones. So if you've got a smartphone, and you check your email on it, please do reply to this thread, letting me know: - The service provider - The make and model of the phone. - The droid version. - The email application(s) installed. - If said application(s) displayed the text of a PGP/MIME message so that you could read the message. - If said application(s) could verify a message. (The answer here is probably no, but it seems like at least one person said K-9 mail could verify PGP/MIME.) - Any other pertinent information. That'll help everyone gauge the severity of the problem and adjust their preferences accordingly. Thanks, -- -Grant "Look around! Can you construct some sort of rudimentary lathe?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 565 bytes Desc: OpenPGP digital signature URL: From kgo at grant-olson.net Mon Feb 28 06:35:58 2011 From: kgo at grant-olson.net (Grant Olson) Date: Mon, 28 Feb 2011 00:35:58 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D6B2916.3090106@adversary.org> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> <4D6AA58F.6030803@sixdemonbag.org> <20110227193731.GA14868@wingback.gollo.at> <4D6AAA91.3090901@sixdemonbag.org> <45E19A0B-3584-4064-B9FA-77CCA68E06D4@sixdemonbag.org> <010B72F5-DCB7-4877-A955-92CA0998B706@jabberwocky.com> <4D6B14F7.1090307@adversary.org> <4D6B1DAB.8020600@grant-olson.net> <4D6B2916.3090106@adversary.org> Message-ID: <4D6B343E.6030906@grant-olson.net> On 02/27/2011 11:48 PM, Ben McGinnes wrote: > On 28/02/11 2:59 PM, Grant Olson wrote: >> >> I've been toying with the idea of expiring my key and seeing how >> long it takes for anyone to notice. In fact, I've just decided I >> will do this sometime in the next year. It'll be interesting to see >> how long it takes people to notice even after I've announced my >> intentions. > > Heh. Are you aiming for some kind of simultaneously expired and > accepted key? Schr?dinger's Key, if you will. > Yep, basically I will set my key to expire one day later and push it to the keyservers. I will intentionally not retrieve the updated expiration on my machines and continue to sign as usual. And see how long it takes people to catch on. I've always wondered how many people would actually realize a key has been revoked after publishing a revcert to the keyservers. If could undo a revocation, I'd do that instead. But I think a expiration is a good enough simulation. It should cause people to raise some eyebrows if they're refreshing their keyrings regularly. I've already got a date picked out. You've been warned... ;-) -- -Grant "Look around! Can you construct some sort of rudimentary lathe?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 565 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Mon Feb 28 06:48:27 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 28 Feb 2011 00:48:27 -0500 Subject: Android PGP/MIME test results In-Reply-To: <4D6B325B.6000307@grant-olson.net> References: <4D6AB383.5040000@grant-olson.net> <115AE220-D534-44AA-811B-CDF58DAA66A9@jabberwocky.com> <4D6B325B.6000307@grant-olson.net> Message-ID: <71BBC5CA-80E7-4D02-BCEC-0E8ED73FB5B4@sixdemonbag.org> > - The service provider Verizon Wireless. > - The make and model of the phone. Droid X > - The droid version. 2.2.1 > - The email application(s) installed. Unknown: just the default Verizon Wireless email messaging app. > - If said application(s) displayed the text of a PGP/MIME message so > that you could read the message. No. > - If said application(s) could verify a message. (The answer here is > probably no, but it seems like at least one person said K-9 mail could > verify PGP/MIME.) No. From Chinatinte at gmx.ch Mon Feb 28 08:07:03 2011 From: Chinatinte at gmx.ch (Denise Schmid) Date: Mon, 28 Feb 2011 08:07:03 +0100 Subject: Question regarding shared keys In-Reply-To: <162DFC33-15A5-4A0D-BA1A-7A933D7B9129@jabberwocky.com> References: <20110228012525.33010@gmx.net> <162DFC33-15A5-4A0D-BA1A-7A933D7B9129@jabberwocky.com> Message-ID: <20110228070703.164560@gmx.net> > It depends on what you mean by a "shared key". There is just giving a > copy of the key to multiple people (in which case any one of them can use it), > or there are various key splitting algorithms where a key is broken into a > number of pieces, and a specified subset of those pieces can come > together, reconstruct the key, and do whatever they need to do. It is the second. > > The OpenPGP standard (which specifies how different implementations can > interoperate) does not really specify shared keys, beyond acknowledging that > they exist. The PGP *implementation* of the standard, has a shared key > feature in the break-the-key-into-multiple-pieces sense. This is what I meant. Does this mean that, if you want to encrypt a file, everybody has to use his/her key? The background of my question is that a company claims that one of their managers has forgotten the key and therefore, they can't decrypt some files. These files contain, of course, some evidence they should produce in a court case. Beside the fact that there seem to exist some ways to reconstruct keys, I ask myself if they didn't need the key to encrypt the files... Best Denise -- NEU: FreePhone - kostenlos mobil telefonieren und surfen! Jetzt informieren: http://www.gmx.net/de/go/freephone From ben at adversary.org Mon Feb 28 08:35:17 2011 From: ben at adversary.org (Ben McGinnes) Date: Mon, 28 Feb 2011 18:35:17 +1100 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D6B343E.6030906@grant-olson.net> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> <4D6AA58F.6030803@sixdemonbag.org> <20110227193731.GA14868@wingback.gollo.at> <4D6AAA91.3090901@sixdemonbag.org> <45E19A0B-3584-4064-B9FA-77CCA68E06D4@sixdemonbag.org> <010B72F5-DCB7-4877-A955-92CA0998B706@jabberwocky.com> <4D6B14F7.1090307@adversary.org> <4D6B1DAB.8020600@grant-olson.net> <4D6B2916.3090106@adversary.org> <4D6B343E.6030906@grant-olson.net> Message-ID: <4D6B5035.5050707@adversary.org> On 28/02/11 4:35 PM, Grant Olson wrote: > On 02/27/2011 11:48 PM, Ben McGinnes wrote: >> >> Heh. Are you aiming for some kind of simultaneously expired and >> accepted key? Schr?dinger's Key, if you will. >> > > Yep, basically I will set my key to expire one day later and push it > to the keyservers. I will intentionally not retrieve the updated > expiration on my machines and continue to sign as usual. And see > how long it takes people to catch on. My guess is that it will probably take a while. > I've always wondered how many people would actually realize a key > has been revoked after publishing a revcert to the keyservers. If > could undo a revocation, I'd do that instead. But I think a > expiration is a good enough simulation. It should cause people to > raise some eyebrows if they're refreshing their keyrings regularly. This is the thing. I think a lot of people do tend to be quite lax when it comes to refreshing keys from the keyservers. > I've already got a date picked out. You've been warned... ;-) This, of course, has reminded me that it has been a while since I've refreshed my own keyrings, so I'm running that now. Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: OpenPGP digital signature URL: From holger.naether at mac.com Mon Feb 28 09:34:13 2011 From: holger.naether at mac.com (=?utf-8?Q?Holger_N=C3=A4ther?=) Date: Mon, 28 Feb 2011 09:34:13 +0100 Subject: Android PGP/MIME test results In-Reply-To: <4D6B325B.6000307@grant-olson.net> References: <4D6AB383.5040000@grant-olson.net> <115AE220-D534-44AA-811B-CDF58DAA66A9@jabberwocky.com> <4D6B325B.6000307@grant-olson.net> Message-ID: > - The service provider Telekom.de 9.0 > - The make and model of the phone Apple iPhone 4 (modell: MC603DN) > - The iOS version 4.2.1 (8C148) > - The email application(s) installed iPhone Mail (8C148) Mime-Version: 1.0 > - If said application(s) displayed the text of a PGP/MIME message so that you could read the message yes > - If said application(s) could verify a message no Best regards, Holger -- This email has been signed using GnuPG encryption software: Public key: 0xACE4EDD6 Signature attached: PGP.sig Jabber: gbyte at jabber.piratenpartei.de Public key: 0xE80C91A1 -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 869 bytes Desc: Signierter Teil der Nachricht URL: From guy at cach.me Mon Feb 28 12:47:24 2011 From: guy at cach.me (Guy Halford-Thompson) Date: Mon, 28 Feb 2011 11:47:24 +0000 Subject: Security of the gpg private keyring? Message-ID: Assuming I have password protected secret keys, can I assume that the gpg private keyring is secure? I.e., if my private keyring was to fall into malicious hands, would the aforesaid hands be able to extract any useful information from my password protected keys? I am not taking about super-hackers cracking the keys here here... just things like metadata associated with the keys... email addresses, who has signed them, expiry date etc... Ty -- Guy Halford-Thompson - http://www.cach.me/blog From myetto1 at nycap.rr.com Sun Feb 27 22:33:09 2011 From: myetto1 at nycap.rr.com (Michael A. Yetto) Date: Sun, 27 Feb 2011 16:33:09 -0500 Subject: Android PGP/MIME test results In-Reply-To: <4D6AB383.5040000@grant-olson.net> References: <4D6AB383.5040000@grant-olson.net> Message-ID: <201102271633.19960.myetto1@nycap.rr.com> On Sunday February 27 2011 15:26:43 Grant Olson wrote: > Provider: Boost > Manufacturer: Motorola > Model: I1 > Droid version: 1.5 > > This phone has two mail applications by default, one called 'email' > and another called 'gmail'. Both displayed PGP/MIME messages > without any trouble. Neither verified sigs of course. > > I see no easy way to determine the version number of either of these > apps. If anyone has tips on how I can get this info, let me know. I have a Morotola Droid (no other letters, numbers or names) and if you have the same this should work. Go to Settings / Application / Manage Applications... You will find a list under the Downloaded or All tabs where you can click (poke?) an app and find the version. Gmail version 2.3.4 here. -- Mike -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part. URL: From mailinglisten at hauke-laging.de Mon Feb 28 13:39:53 2011 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Mon, 28 Feb 2011 13:39:53 +0100 Subject: Security of the gpg private keyring? In-Reply-To: References: Message-ID: <201102281339.53735.mailinglisten@hauke-laging.de> Am Montag 28 Februar 2011 12:47:24 schrieb Guy Halford-Thompson: > I am not taking about super-hackers cracking the keys here here... > just things like metadata associated with the keys... email addresses, > who has signed them, expiry date etc... All that is contained in the public keyring. Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 555 bytes Desc: This is a digitally signed message part. URL: From aaron.toponce at gmail.com Mon Feb 28 14:18:24 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Mon, 28 Feb 2011 06:18:24 -0700 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <12AA8816-AB3F-4E35-8EDC-BF8F6DB74118@sixdemonbag.org> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> <4D6AA58F.6030803@sixdemonbag.org> <20110227193731.GA14868@wingback.gollo.at> <4D6AAA91.3090901@sixdemonbag.org> <45E19A0B-3584-4064-B9FA-77CCA68E06D4@sixdemonbag.org> <010B72F5-DCB7-4877-A955-92CA0998B706@jabberwocky.com> <8D4F9854-51AA-4811-9408-BDEAB447BC42@sixdemonbag.org> <12AA8816-AB3F-4E35-8EDC-BF8F6DB74118@sixdemonbag.org> Message-ID: <4D6BA0A0.4060005@gmail.com> On 02/27/2011 08:27 PM, Robert J. Hansen wrote: > FM: [message] > RM: Hey, that's not me! I'm me. See? I've signed this with the same cert I've used for everything else on this list. > FM: No, I'm the real Martin. I didn't sign up for this mailing list until last week. You signed up here a long time ago and posted messages pretending to be me, so that when I came on the list you could falsely claim to be me! > RM: But I'm the real Martin! I've been posting here for months! > FM: Prove it. You can't! Therefore, I'm the real Martin. > RM: But you can't prove it either! If RM has a substantial amount of signatures on his public key, and FM doesn't, nor does he sign his mail, I'll be more likely to believe that RM is the real deal. Isn't that the whole point of the Web of Trust, or am I missing something here? -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 591 bytes Desc: OpenPGP digital signature URL: From aaron.toponce at gmail.com Mon Feb 28 14:29:14 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Mon, 28 Feb 2011 06:29:14 -0700 Subject: Security of the gpg private keyring? In-Reply-To: References: Message-ID: <4D6BA32A.7030809@gmail.com> On 02/28/2011 04:47 AM, Guy Halford-Thompson wrote: > Assuming I have password protected secret keys, can I assume that the > gpg private keyring is secure? I.e., if my private keyring was to > fall into malicious hands, would the aforesaid hands be able to > extract any useful information from my password protected keys? > > I am not taking about super-hackers cracking the keys here here... > just things like metadata associated with the keys... email addresses, > who has signed them, expiry date etc... No. First, all that metadata is in your public key, not your private key. Second, if your password (should be a "passphrase") is reasonably secure, and by secure, I mean containing a decent amount of entropy (like 120-bits), then you can at least sleep at night. No hacker in the immediate future will be able to use your key until the passphrase is cracked. With that said, if I knew that my private key had fallen into _anyone's_ hands other than my own, I would publish the revocation certificate immediately, push it to every public keyserver, and make an announcement of such to all my contacts. I would then go through the actions of generating a new key, getting new signatures, etc. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 591 bytes Desc: OpenPGP digital signature URL: From dshaw at jabberwocky.com Mon Feb 28 15:02:07 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 28 Feb 2011 09:02:07 -0500 Subject: Question regarding shared keys In-Reply-To: <20110228070703.164560@gmx.net> References: <20110228012525.33010@gmx.net> <162DFC33-15A5-4A0D-BA1A-7A933D7B9129@jabberwocky.com> <20110228070703.164560@gmx.net> Message-ID: On Feb 28, 2011, at 2:07 AM, Denise Schmid wrote: >> It depends on what you mean by a "shared key". There is just giving a >> copy of the key to multiple people (in which case any one of them can use it), >> or there are various key splitting algorithms where a key is broken into a >> number of pieces, and a specified subset of those pieces can come >> together, reconstruct the key, and do whatever they need to do. > > It is the second. > >> >> The OpenPGP standard (which specifies how different implementations can >> interoperate) does not really specify shared keys, beyond acknowledging that >> they exist. The PGP *implementation* of the standard, has a shared key >> feature in the break-the-key-into-multiple-pieces sense. > > This is what I meant. Does this mean that, if you want to encrypt a file, everybody has to use his/her key? No. Encryption is always possible by anyone. The shared key only needs to be rejoined for decryption or to change the details of the shared key (adding or removing people who have a share, or changing the minimum number of people needed to restore the key), or other secret-key only operations. > The background of my question is that a company claims that one of their managers has forgotten the key and therefore, they can't decrypt some files. These files contain, of course, some evidence they should produce in a court case. Beside the fact that there seem to exist some ways to reconstruct keys, I ask myself if they didn't need the key to encrypt the files... Interesting! They have no backups of the key, no key sharing set up, and didn't use the ADK (Additional Decryption Key) feature of PGP? David From dshaw at jabberwocky.com Mon Feb 28 15:09:35 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 28 Feb 2011 09:09:35 -0500 Subject: Security of the gpg private keyring? In-Reply-To: References: Message-ID: <53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com> On Feb 28, 2011, at 6:47 AM, Guy Halford-Thompson wrote: > Assuming I have password protected secret keys, can I assume that the > gpg private keyring is secure? I.e., if my private keyring was to > fall into malicious hands, would the aforesaid hands be able to > extract any useful information from my password protected keys? > > I am not taking about super-hackers cracking the keys here here... > just things like metadata associated with the keys... email addresses, > who has signed them, expiry date etc... You can do quite a lot with stuff like this. Who signed who can tell you who this person has met, and often where. If you see a bunch of signatures around a particular date, look for a keysigning party on that date - now you have evidence they were there. Email addresses can reveal an enormous amount of information about a person. Robert and I did an experiment a few months ago where starting only from his public key, I was easily able to find out real-world addresses, parents names, siblings, etc. However, all of this information is available in the *public* key as well. There is no need for an attacker to get this from your secret key when he can just get it from a handy keyserver. Assuming you have a good passphrase on your secret key, the attacker can't get into it any more than he could get into a message you send. David From dshaw at jabberwocky.com Mon Feb 28 15:12:33 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 28 Feb 2011 09:12:33 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D6BA0A0.4060005@gmail.com> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> <4D6AA58F.6030803@sixdemonbag.org> <20110227193731.GA14868@wingback.gollo.at> <4D6AAA91.3090901@sixdemonbag.org> <45E19A0B-3584-4064-B9FA-77CCA68E06D4@sixdemonbag.org> <010B72F5-DCB7-4877-A955-92CA0998B706@jabberwocky.com> <8D4F9854-51AA-4811-9408-BDEAB447BC42@sixdemonbag.org> <12AA8816-AB3F-4E35-8EDC-BF8F6DB74118@sixdemonbag.org> <4D6BA0A0.4060005@gmail.com> Message-ID: <1080BB07-3E95-4F18-BE68-1036F241659B@jabberwocky.com> On Feb 28, 2011, at 8:18 AM, Aaron Toponce wrote: > On 02/27/2011 08:27 PM, Robert J. Hansen wrote: >> FM: [message] >> RM: Hey, that's not me! I'm me. See? I've signed this with the same cert I've used for everything else on this list. >> FM: No, I'm the real Martin. I didn't sign up for this mailing list until last week. You signed up here a long time ago and posted messages pretending to be me, so that when I came on the list you could falsely claim to be me! >> RM: But I'm the real Martin! I've been posting here for months! >> FM: Prove it. You can't! Therefore, I'm the real Martin. >> RM: But you can't prove it either! > > If RM has a substantial amount of signatures on his public key, and FM > doesn't, nor does he sign his mail, I'll be more likely to believe that > RM is the real deal. Isn't that the whole point of the Web of Trust, or > am I missing something here? Unfortunately, barring the case where you have an actual trust path to either Martin, key signatures don't tell you much. After all, FM could easily make up dozens of fake people keys and use them to sign his key. In this particular case, though, key signatures aren't even necessary - RM just needs to prove that he is the same entity that signed the other messages to the list. That is, he's "real" in the sense that he is the Martin that the list knows and has been conversing with. "What's in a name? That which we call a rose By any other name would smell as sweet." David From vedaal at nym.hush.com Mon Feb 28 15:29:27 2011 From: vedaal at nym.hush.com (vedaal at nym.hush.com) Date: Mon, 28 Feb 2011 09:29:27 -0500 Subject: Question regarding shared keys Message-ID: <20110228142927.E68646F435@smtp.hushmail.com> >Date: Mon, 28 Feb 2011 08:07:03 +0100 >From: "Denise Schmid" >To: gnupg-users at gnupg.org >Subject: Re: Question regarding shared keys >Message-ID: <20110228070703.164560 at gmx.net> >Content-Type: text/plain; charset="utf-8" >Does this mean that, if you want to encrypt >a file, everybody has to use his/her key? no The 'shared' key is only the secret key. Anyone, (even someone who has no share at all, i.e. an outside client of the company) can encrypt to the public key. >The background of my >question is that a company claims that one of their managers has >forgotten the key and therefore, they can't decrypt some files. Possible. Usually though, 'shared' keys are used for 'signing' documents, proposals, orders, instructions, etc. that require a majority of the governing board, and the shares are set to that number of the majority required to pass the vote. It's less likely that ordinary documents or client files need decryption by a shared secret key, but is possible if the company wanted an 'excuse' to not decrypt the files, and intentionally did it this way. If it were an 'excuse' though, and they really do need access to the files, then it's probably encrypted somewhere else too, where they 'can' decrypt, or there are some 'shares' stored away somewhere ... If you're lucky, and they happened to sign anything with the shared key after the time they claimed not to be able to reconstruct the key, then you caught them. vedaal From aaron.toponce at gmail.com Mon Feb 28 16:13:48 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Mon, 28 Feb 2011 08:13:48 -0700 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <1080BB07-3E95-4F18-BE68-1036F241659B@jabberwocky.com> References: <20110227193731.GA14868@wingback.gollo.at> <4D6AAA91.3090901@sixdemonbag.org> <45E19A0B-3584-4064-B9FA-77CCA68E06D4@sixdemonbag.org> <010B72F5-DCB7-4877-A955-92CA0998B706@jabberwocky.com> <8D4F9854-51AA-4811-9408-BDEAB447BC42@sixdemonbag.org> <12AA8816-AB3F-4E35-8EDC-BF8F6DB74118@sixdemonbag.org> <4D6BA0A0.4060005@gmail.com> <1080BB07-3E95-4F18-BE68-1036F241659B@jabberwocky.com> Message-ID: <20110228151348.GA23553@poseidon.cocyt.us> On Mon, Feb 28, 2011 at 09:12:33AM -0500, David Shaw wrote: > Unfortunately, barring the case where you have an actual trust path to either Martin, key signatures don't tell you much. After all, FM could easily make up dozens of fake people keys and use them to sign his key. Yes. Understood. I should have mentioned that. However, as you mentioned in a previous subthread, it isn't difficult to parse the dates of the signatures, identify where they've been held, and grab other metadata. If a key has falsified signatures, it should be easy enough to find out. At least the recursion of grabbing keys from keyservers will be rather short for false sigs. At any event, I digress. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 527 bytes Desc: Digital signature URL: From makrober at gmail.com Mon Feb 28 15:20:59 2011 From: makrober at gmail.com (M.R.) Date: Mon, 28 Feb 2011 14:20:59 +0000 Subject: Question regarding shared keys In-Reply-To: <20110228070703.164560@gmx.net> References: <20110228012525.33010@gmx.net> <162DFC33-15A5-4A0D-BA1A-7A933D7B9129@jabberwocky.com> <20110228070703.164560@gmx.net> Message-ID: <4D6BAF4B.1030305@gmail.com> On 02/28/2011 07:07 AM, Denise Schmid wrote: > > ...The background of my question is that a company claims that one of their > managers has forgotten the key and therefore, they can't decrypt some > files. Do you know what program was used to encrypt the files? Mark R. From guy at cach.me Mon Feb 28 16:47:16 2011 From: guy at cach.me (Guy Halford-Thompson) Date: Mon, 28 Feb 2011 15:47:16 +0000 Subject: Security of the gpg private keyring? In-Reply-To: <53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com> References: <53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com> Message-ID: Thanks for the help, didnt really occur to me how much info is available in the public keyring, guess you cant do much about it tho. -- Guy Halford-Thompson - http://www.cach.me/blog From rjh at sixdemonbag.org Mon Feb 28 17:27:34 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 28 Feb 2011 11:27:34 -0500 Subject: Security of the gpg private keyring? In-Reply-To: <53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com> References: <53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com> Message-ID: <4D6BCCF6.9070501@sixdemonbag.org> On 2/28/11 9:09 AM, David Shaw wrote: > You can do quite a lot with stuff like this. Who signed who can > tell you who this person has met, and often where. It should be emphasized that *can* is not the same thing as *does*; and it doesn't necessarily allow you to do it with a high degree of confidence. Not that I'm disagreeing with David here: I just want to make sure people don't misinterpret. > Robert and I did an experiment a few months ago where starting only > from his public key, I was easily able to find out real-world > addresses, parents names, siblings, etc. This was, IMO, ultimately an ambiguous result. There is nothing that he was able to derive from my certificate that he couldn't have figured out from visiting my webpage, reading the GnuPG archives, and so forth. The usefulness of the certificate as a source of data was not well-established, IMO: the usefulness of OSINT was quite well-established. Rather than rehash the old debate, read the original discussion: http://www.mail-archive.com/gnupg-users at gnupg.org/msg13052.html From fainardi83 at gmail.com Mon Feb 28 17:03:03 2011 From: fainardi83 at gmail.com (florent ainardi) Date: Mon, 28 Feb 2011 17:03:03 +0100 Subject: prime number generation question ? Message-ID: hello as regards prime number generation, do you have more detail on how are built prime number regards -------------- next part -------------- An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Mon Feb 28 17:58:02 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 28 Feb 2011 11:58:02 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <20110228151348.GA23553@poseidon.cocyt.us> References: <20110227193731.GA14868@wingback.gollo.at> <4D6AAA91.3090901@sixdemonbag.org> <45E19A0B-3584-4064-B9FA-77CCA68E06D4@sixdemonbag.org> <010B72F5-DCB7-4877-A955-92CA0998B706@jabberwocky.com> <8D4F9854-51AA-4811-9408-BDEAB447BC42@sixdemonbag.org> <12AA8816-AB3F-4E35-8EDC-BF8F6DB74118@sixdemonbag.org> <4D6BA0A0.4060005@gmail.com> <1080BB07-3E95-4F18-BE68-1036F241659B@jabberwocky.com> <20110228151348.GA23553@poseidon.cocyt.us> Message-ID: <4D6BD41A.1040004@sixdemonbag.org> On 2/28/11 10:13 AM, Aaron Toponce wrote: > If a key has falsified signatures, it should be easy enough to find out. Why? I have never understood the tendency of people, particularly on this list, to assume that people who are technologically skilled and up to no good will not devote more than thirty seconds to coming up with effective methods of skulduggery. From rjh at sixdemonbag.org Mon Feb 28 18:01:03 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 28 Feb 2011 12:01:03 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <1080BB07-3E95-4F18-BE68-1036F241659B@jabberwocky.com> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> <4D6AA58F.6030803@sixdemonbag.org> <20110227193731.GA14868@wingback.gollo.at> <4D6AAA91.3090901@sixdemonbag.org> <45E19A0B-3584-4064-B9FA-77CCA68E06D4@sixdemonbag.org> <010B72F5-DCB7-4877-A955-92CA0998B706@jabberwocky.com> <8D4F9854-51AA-4811-9408-BDEAB447BC42@sixdemonbag.org> <12AA8816-AB3F-4E35-8EDC-BF8F6DB74118@sixdemonbag.org> <4D6BA0A0.4060005@gmail.com> <1080BB07-3E95-4F18-BE68-1036F241659B@jabberwocky.com> Message-ID: <4D6BD4CF.7020708@sixdemonbag.org> On 2/28/11 9:12 AM, David Shaw wrote: > In this particular case, though, key signatures aren't even necessary > - RM just needs to prove that he is the same entity that signed the > other messages to the list. That is, he's "real" in the sense that > he is the Martin that the list knows and has been conversing with. That depends a lot on what those prior conversations are. If I've built up trust in RM because I think he's been up-front and candid, and FM comes along and presents a credible threat to RM's identity, then yes, I have to revisit my trust decision in RM: I can no longer be confident he's been up-front and candid. From fainardi83 at gmail.com Mon Feb 28 17:03:55 2011 From: fainardi83 at gmail.com (florent ainardi) Date: Mon, 28 Feb 2011 17:03:55 +0100 Subject: random number information question ?? Message-ID: hi for random number, do you know if the re-treatment algorythm has a non volatil memory as specify in the standard for the generation of big random number regards -------------- next part -------------- An HTML attachment was scrubbed... URL: From fainardi83 at gmail.com Mon Feb 28 17:02:43 2011 From: fainardi83 at gmail.com (florent ainardi) Date: Mon, 28 Feb 2011 17:02:43 +0100 Subject: request information about RSA Message-ID: hi in asymetric mode for the RSA, does the size of the module are greater or equal to 2048 bits regards -------------- next part -------------- An HTML attachment was scrubbed... URL: From fainardi83 at gmail.com Mon Feb 28 17:04:35 2011 From: fainardi83 at gmail.com (florent ainardi) Date: Mon, 28 Feb 2011 17:04:35 +0100 Subject: plateform supported ? Message-ID: hello i have a simple question do you confirm that the library is supported for 32/64 bit windows systems and 32/64 bit linux system regards -------------- next part -------------- An HTML attachment was scrubbed... URL: From fainardi83 at gmail.com Mon Feb 28 17:01:56 2011 From: fainardi83 at gmail.com (florent ainardi) Date: Mon, 28 Feb 2011 17:01:56 +0100 Subject: request information about symetric crypto Message-ID: hi as regards symetric cipher algorithm, does algorithm included in the library manage key with a size greater than 128 bits regards -------------- next part -------------- An HTML attachment was scrubbed... URL: From fainardi83 at gmail.com Mon Feb 28 17:04:20 2011 From: fainardi83 at gmail.com (florent ainardi) Date: Mon, 28 Feb 2011 17:04:20 +0100 Subject: random number specification ?? Message-ID: hello does the internal state for re-treatment of random number is greater than 128 bits regards -------------- next part -------------- An HTML attachment was scrubbed... URL: From fainardi83 at gmail.com Mon Feb 28 17:04:53 2011 From: fainardi83 at gmail.com (florent ainardi) Date: Mon, 28 Feb 2011 17:04:53 +0100 Subject: vulnerability check and test ? Message-ID: hello do you know if at this time, the libray has vulnerability referenced in the CVE ? and if yes is there any patch available ? regards -------------- next part -------------- An HTML attachment was scrubbed... URL: From fainardi83 at gmail.com Mon Feb 28 17:03:26 2011 From: fainardi83 at gmail.com (florent ainardi) Date: Mon, 28 Feb 2011 17:03:26 +0100 Subject: is there any test on prime number generation in the lib Message-ID: hello again if p and q are two primes numbers, is there any test during the generation of these numbers ? some tests like : does p = q ? do you apply the standard and recommandation for the generation of prime number regards -------------- next part -------------- An HTML attachment was scrubbed... URL: From dshaw at jabberwocky.com Mon Feb 28 18:10:57 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 28 Feb 2011 12:10:57 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D6BD4CF.7020708@sixdemonbag.org> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> <4D6AA58F.6030803@sixdemonbag.org> <20110227193731.GA14868@wingback.gollo.at> <4D6AAA91.3090901@sixdemonbag.org> <45E19A0B-3584-4064-B9FA-77CCA68E06D4@sixdemonbag.org> <010B72F5-DCB7-4877-A955-92CA0998B706@jabberwocky.com> <8D4F9854-51AA-4811-9408-BDEAB447BC42@sixdemonbag.org> <12AA8816-AB3F-4E35-8EDC-BF8F6DB74118@sixdemonbag.org> <4D6BA0A0.4060005@gmail.com> <1080BB07-3E95-4F18-BE68-1036F241659B@jabberwocky.com> <4D6BD4CF.7020708@sixdemonbag.org> Message-ID: On Feb 28, 2011, at 12:01 PM, Robert J. Hansen wrote: > On 2/28/11 9:12 AM, David Shaw wrote: >> In this particular case, though, key signatures aren't even necessary >> - RM just needs to prove that he is the same entity that signed the >> other messages to the list. That is, he's "real" in the sense that >> he is the Martin that the list knows and has been conversing with. > > That depends a lot on what those prior conversations are. If I've built > up trust in RM because I think he's been up-front and candid, and FM > comes along and presents a credible threat to RM's identity, then yes, I > have to revisit my trust decision in RM: I can no longer be confident > he's been up-front and candid. Well, I suppose that's up to you whether you want to trust RM or not. A question on trustworthiness is outside crypto, and not what the discussion was about here in any event. David From fainardi83 at gmail.com Mon Feb 28 17:02:22 2011 From: fainardi83 at gmail.com (florent ainardi) Date: Mon, 28 Feb 2011 17:02:22 +0100 Subject: need information about block cipher Message-ID: hi as regards block cipher, does the algorythm included in the library has a resolution greater than 128 bit regards -------------- next part -------------- An HTML attachment was scrubbed... URL: From fainardi83 at gmail.com Mon Feb 28 17:05:15 2011 From: fainardi83 at gmail.com (florent ainardi) Date: Mon, 28 Feb 2011 17:05:15 +0100 Subject: question on random number ? Message-ID: hi for the generation of random number, does the library has its own algorithm or does it call another library like GMP regards -------------- next part -------------- An HTML attachment was scrubbed... URL: From kgo at grant-olson.net Mon Feb 28 18:34:25 2011 From: kgo at grant-olson.net (Grant Olson) Date: Mon, 28 Feb 2011 12:34:25 -0500 Subject: Question regarding shared keys In-Reply-To: <20110228070703.164560@gmx.net> References: <20110228012525.33010@gmx.net> <162DFC33-15A5-4A0D-BA1A-7A933D7B9129@jabberwocky.com> <20110228070703.164560@gmx.net> Message-ID: <4D6BDCA1.2080205@grant-olson.net> On 2/28/11 2:07 AM, Denise Schmid wrote: >> It depends on what you mean by a "shared key". There is just giving a >> copy of the key to multiple people (in which case any one of them can use it), >> or there are various key splitting algorithms where a key is broken into a >> number of pieces, and a specified subset of those pieces can come >> together, reconstruct the key, and do whatever they need to do. > > It is the second. > >> >> The OpenPGP standard (which specifies how different implementations can >> interoperate) does not really specify shared keys, beyond acknowledging that >> they exist. The PGP *implementation* of the standard, has a shared key >> feature in the break-the-key-into-multiple-pieces sense. > > This is what I meant. Does this mean that, if you want to encrypt a file, everybody has to use his/her key? The background of my question is that a company claims that one of their managers has forgotten the key and therefore, they can't decrypt some files. These files contain, of course, some evidence they should produce in a court case. Beside the fact that there seem to exist some ways to reconstruct keys, I ask myself if they didn't need the key to encrypt the files... > > Best > David's talking about an advanced scenario. And maybe the company did do this, but I've got a feeling you might be over-thinking things. Normally, if you encrypt a file to four users, each user has their own key that's completely independent of the other users. If you're trying to see if the file was encrypted to another manager, who hopefully hasn't conveniently 'lost' his key, you can examine the encrypted file and get a list of the keys it's encrypted to. So for example, here you can see that even if I claim to have lost my key, David is another person who could decrypt the contents... johnmudhead:~ grant$ gpg -r kgo at grant-olson.net -r dshaw at jabberwocky.com --encrypt bar.txt File `bar.txt.gpg' exists. Overwrite? (y/N) y johnmudhead:~ grant$ gpg --list-packets bar.txt.gpg :pubkey enc packet: version 3, algo 1, keyid 1458BCCB6A8F7CF6 data: [2045 bits] :pubkey enc packet: version 3, algo 16, keyid AE2827D11643B926 data: [2047 bits] data: [2048 bits] :encrypted data packet: length: 70 mdc_method: 2 gpg: encrypted with 2048-bit ELG key, ID 1643B926, created 2002-01-28 "David M. Shaw " gpg: encrypted with 2048-bit RSA key, ID 6A8F7CF6, created 2010-01-11 "Grant T. Olson (Personal email) " :compressed packet: algo=2 :literal data packet: mode b (62), created 1298914148, name="bar.txt", raw data: 4 bytes -- Grant "I am gravely disappointed. Again you have made me unleash my dogs of war." -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 570 bytes Desc: OpenPGP digital signature URL: From benjamin at py-soft.co.uk Mon Feb 28 18:42:26 2011 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Mon, 28 Feb 2011 17:42:26 +0000 Subject: plateform supported ? In-Reply-To: References: Message-ID: <6115805203732890706@unknownmsgid> On 28 Feb 2011, at 17:29, florent ainardi wrote: i have a simple question May I suggest that you consolidate all your queries into a single email? Ben Sent from my iPhone -------------- next part -------------- An HTML attachment was scrubbed... URL: From kgo at grant-olson.net Mon Feb 28 18:45:54 2011 From: kgo at grant-olson.net (Grant Olson) Date: Mon, 28 Feb 2011 12:45:54 -0500 Subject: plateform supported ? In-Reply-To: <6115805203732890706@unknownmsgid> References: <6115805203732890706@unknownmsgid> Message-ID: <4D6BDF52.20908@grant-olson.net> On 2/28/11 12:42 PM, Benjamin Donnachie wrote: > On 28 Feb 2011, at 17:29, florent ainardi > wrote: >> >> i have a simple question >> > May I suggest that you consolidate all your queries into a single email? > And perhaps invest 15-20 minutes giving the software a basic trial run. This document provides a good overview of the software: http://www.gnupg.org/gph/en/manual.html -- Grant "I am gravely disappointed. Again you have made me unleash my dogs of war." -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 570 bytes Desc: OpenPGP digital signature URL: From noloader at gmail.com Mon Feb 28 18:56:56 2011 From: noloader at gmail.com (Jeffrey Walton) Date: Mon, 28 Feb 2011 12:56:56 -0500 Subject: plateform supported ? In-Reply-To: <6115805203732890706@unknownmsgid> References: <6115805203732890706@unknownmsgid> Message-ID: On Mon, Feb 28, 2011 at 12:42 PM, Benjamin Donnachie wrote: > On 28 Feb 2011, at 17:29, florent ainardi wrote: > > i have a simple question > > May I suggest that you consolidate all your queries into a single email? > Ben How about all lists? http://groups.google.com/group/cryptopp-users http://marc.info/?l=openssl-users Jeff From gnupg.user at seibercom.net Mon Feb 28 19:02:09 2011 From: gnupg.user at seibercom.net (Jerry) Date: Mon, 28 Feb 2011 13:02:09 -0500 Subject: plateform supported ? In-Reply-To: <6115805203732890706@unknownmsgid> References: <6115805203732890706@unknownmsgid> Message-ID: <20110228130209.30fc900a@scorpio> On Mon, 28 Feb 2011 17:42:26 +0000 Benjamin Donnachie articulated: > On 28 Feb 2011, at 17:29, florent ainardi > wrote: > > i have a simple question > > May I suggest that you consolidate all your queries into a single > email? And while you are at it, lose the HTML formatting. Plain ASCII text will do nicely. -- Jerry ? GNUPG.user at seibercom.net _____________________________________________________________________ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. From aaron.toponce at gmail.com Mon Feb 28 21:42:05 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Mon, 28 Feb 2011 13:42:05 -0700 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D6BD41A.1040004@sixdemonbag.org> References: <45E19A0B-3584-4064-B9FA-77CCA68E06D4@sixdemonbag.org> <010B72F5-DCB7-4877-A955-92CA0998B706@jabberwocky.com> <8D4F9854-51AA-4811-9408-BDEAB447BC42@sixdemonbag.org> <12AA8816-AB3F-4E35-8EDC-BF8F6DB74118@sixdemonbag.org> <4D6BA0A0.4060005@gmail.com> <1080BB07-3E95-4F18-BE68-1036F241659B@jabberwocky.com> <20110228151348.GA23553@poseidon.cocyt.us> <4D6BD41A.1040004@sixdemonbag.org> Message-ID: <20110228204205.GB23553@poseidon.cocyt.us> On Mon, Feb 28, 2011 at 11:58:02AM -0500, Robert J. Hansen wrote: > On 2/28/11 10:13 AM, Aaron Toponce wrote: > > If a key has falsified signatures, it should be easy enough to find out. > > Why? > > I have never understood the tendency of people, particularly on this > list, to assume that people who are technologically skilled and up to no > good will not devote more than thirty seconds to coming up with > effective methods of skulduggery. Because all the signatures on the key will be falsified, that can be verified by recursively extracing the signature keys from the keyservers, and examining their signatures. Oh hey, look. The keys are isolate from the rest of the world. Hmm. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 527 bytes Desc: Digital signature URL: From expires2011 at ymail.com Mon Feb 28 22:59:08 2011 From: expires2011 at ymail.com (MFPA) Date: Mon, 28 Feb 2011 21:59:08 +0000 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <010B72F5-DCB7-4877-A955-92CA0998B706@jabberwocky.com> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> <4D6AA58F.6030803@sixdemonbag.org> <20110227193731.GA14868@wingback.gollo.at> <4D6AAA91.3090901@sixdemonbag.org> <45E19A0B-3584-4064-B9FA-77CCA68E06D4@sixdemonbag.org> <010B72F5-DCB7-4877-A955-92CA0998B706@jabberwocky.com> Message-ID: <421859072.20110228215908@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Monday 28 February 2011 at 3:02:08 AM, in , David Shaw wrote: > It is reasonable > that if someone was being masqueraded, that person > would speak up and challenge the forger (e.g. "Hey, > you're not Martin! I'm the real Martin, and I can > prove it by signing this message with the same key I've > used all along...."). In John, John and Rob's experiment (if I understand correctly) they didn't post as each other, they simply all signed messages with the same secret key. I'm sure Martin would have something to say *if* he spotted his key's signature on messages he didn't write... - -- Best regards MFPA mailto:expires2011 at ymail.com Roses smell better than onions but don't make such good soup -----BEGIN PGP SIGNATURE----- iQE7BAEBCgClBQJNbBqznhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pSWAD/32O hF3Ikmifx9fVM3AuXKJghTFT7fNguLnwBpOVtr/B9+766eiouDeaI2RoAehXlA7o mMSmEJkXZHmNparysRNmWwwJJxXnoc/Va5n1X6pzeSN4V1fDuBKwfPsOJUWqER2g NcjqB8+GwH5AQseBka3SLoCQbSLzj+QdL4Gz4Bx5 =1qnL -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Mon Feb 28 23:09:11 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 28 Feb 2011 17:09:11 -0500 Subject: request information about symetric crypto In-Reply-To: References: Message-ID: <4D6C1D07.9010409@sixdemonbag.org> On 2/28/11 11:01 AM, florent ainardi wrote: > as regards symetric cipher algorithm, does algorithm included in the > library manage key with a size greater than 128 bits Yes. > in asymetric mode for the RSA, does the size of the module are > greater or equal to 2048 bits Yes (up to 4096). > do you have more detail on how are built prime number? if p and q > are two primes numbers, is there any test during the generation > of these numbers ? some tests like : does p = q ? does the > internal state for re-treatment of random number is greater than > 128 bits? Read the source for these details. > do you apply the standard and recommandation for the generation > of prime number? There is no universal standard, but GnuPG does follow the best practices for random number generation. > for random number, do you know if the re-treatment algorythm has a > non volatil memory as specify in the standard for the generation > of big random number? do you know if at this time, the libray has > vulnerability referenced in the CVE ? and if yes is there any patch > available ? I don't understand these questions. > do you confirm that the library is supported for 32/64 bit windows > systems and 32/64 bit linux system Which library -- gpgme, libgcrypt, which? As far as Linux goes, I've seen it work on both 32- and 64-bit architectures. As far as Windows goes, I've only ever seen them come in 32-bit versions. In the future, *please* consolidate your questions into one email message. From rjh at sixdemonbag.org Mon Feb 28 23:23:28 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 28 Feb 2011 17:23:28 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <421859072.20110228215908@my_localhost> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> <4D6AA58F.6030803@sixdemonbag.org> <20110227193731.GA14868@wingback.gollo.at> <4D6AAA91.3090901@sixdemonbag.org> <45E19A0B-3584-4064-B9FA-77CCA68E06D4@sixdemonbag.org> <010B72F5-DCB7-4877-A955-92CA0998B706@jabberwocky.com> <421859072.20110228215908@my_localhost> Message-ID: <4D6C2060.102@sixdemonbag.org> On 2/28/11 4:59 PM, MFPA wrote: > I'm sure Martin would have something to say *if* he > spotted his key's signature on messages he didn't write... Yes: but I suspect that may be a big "if." If you see a message is signed by an unknown key 0xDEADBEEF, do you really notice the 0xDEADBEEF and go, "hey, that's my own key ID!", or do your eyes just gloss over it? A few years ago, a fellow Ph.D. candidate named Peter was doing some research into new anti-phishing technologies. His research was good: his HCI results were positively stunning. He packaged his anti-phishing toolkit into a Firefox extension. When visiting a page, if the toolkit decided it was probably a phishing page it would display a red bar across the top of the page: "This might be a phishing site." He set up an HCI experiment to see how easily people would notice. Of his 25 test subjects (all of whom were "regular users" -- non-geeks who weren't especially tech-savvy), not one chose to avoid the site when the warning bar came up. In post-experience interviews, *all 25* said they didn't see the bar at all. So, Peter figured he'd make the bar bigger. Same results -- except this time it was like 21, 22, or so, didn't see it. So, Peter figured he'd get really obnoxious. The bar started off at a discreet size, but steadily grew and grew until it took over a full third of the browser window. You had to click on a "I know this may be a phishing site, go away!" button to close it. 20+ users, if I recall correctly, still didn't report seeing the warning bar at all. Finally, in a fit of deepest, darkest frustration, Peter followed-up with people and asked, "WHY? WHY didn't you see this? I couldn't make it more obvious, could I? Did I need to rent out a parade and send up a parachute flare while the Marine Corps Marching Band plays a selection of Sousa marches?" He then learned that his users thought the banner across the top was "just another one of those annoying Flash ads," and they tuned it out. When Peter told me about this, I didn't believe it. It's a pretty incredible story. But given he'd videotaped the users' interactions with the system... Anyway. The lesson I draw from this is when experts say "of course users will notice!", well... it's very likely the users *won't* notice. (ObWarning: I am going on memories that are now a few years old. Doing a little hunting, I see that he published a paper on his experiences. Likarish, Peter, et al. B-APT: Bayesian Anti-Phishing Toolbar, published in _Proceedings of the International Conference on Communications_. He had another paper on a similar thing, BayeShield: Conversational Anti-Phishing User Interface, in the _Proceedings of the Symposium on Usable Privacy and Security_. If you're concerned about this stuff, read Peter's original papers: don't trust my own memory!) From dshaw at jabberwocky.com Mon Feb 28 23:33:28 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 28 Feb 2011 17:33:28 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <421859072.20110228215908@my_localhost> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> <4D6AA58F.6030803@sixdemonbag.org> <20110227193731.GA14868@wingback.gollo.at> <4D6AAA91.3090901@sixdemonbag.org> <45E19A0B-3584-4064-B9FA-77CCA68E06D4@sixdemonbag.org> <010B72F5-DCB7-4877-A955-92CA0998B706@jabberwocky.com> <421859072.20110228215908@my_localhost> Message-ID: On Feb 28, 2011, at 4:59 PM, MFPA wrote: >> It is reasonable >> that if someone was being masqueraded, that person >> would speak up and challenge the forger (e.g. "Hey, >> you're not Martin! I'm the real Martin, and I can >> prove it by signing this message with the same key I've >> used all along...."). > > In John, John and Rob's experiment (if I understand correctly) they > didn't post as each other, they simply all signed messages with the > same secret key. I'm sure Martin would have something to say *if* he > spotted his key's signature on messages he didn't write... That experiment, while interesting, is not relevant to the "real Martin" / "fake Martin" situation we've been talking about. If both Real Martin and Fake Martin have the same secret key, then there is no way to tell them apart using signatures. David From Chinatinte at gmx.ch Mon Feb 28 23:38:21 2011 From: Chinatinte at gmx.ch (Denise Schmid) Date: Mon, 28 Feb 2011 23:38:21 +0100 Subject: Question regarding shared keys In-Reply-To: <4D6BDCA1.2080205@grant-olson.net> References: <20110228012525.33010@gmx.net> <162DFC33-15A5-4A0D-BA1A-7A933D7B9129@jabberwocky.com> <20110228070703.164560@gmx.net> <4D6BDCA1.2080205@grant-olson.net> Message-ID: <20110228223821.164570@gmx.net> Thanks all for your help. Now, the story gets even more funny: They claim to have used PGP split-key, then encrypted the files with a randomized key, then encrypted the key with individual keys. So far so bad. But now comes the best: They claim that, because one of the managers wasn't able to remember his mantra, they decided to _delete_ all encrypted data. It sounds as if the whole thing is really nothing else but a bogus... Now as Vedaal wrote: Best thing that can happen is that they encrypted something later... But I see support for my opinion that the thing smells :-) Thanks again Denise > > David's talking about an advanced scenario. And maybe the company did > do this, but I've got a feeling you might be over-thinking things. > > Normally, if you encrypt a file to four users, each user has their own > key that's completely independent of the other users. If you're trying > to see if the file was encrypted to another manager, who hopefully > hasn't conveniently 'lost' his key, you can examine the encrypted file > and get a list of the keys it's encrypted to. > > So for example, here you can see that even if I claim to have lost my > key, David is another person who could decrypt the contents... > > johnmudhead:~ grant$ gpg -r kgo at grant-olson.net -r dshaw at jabberwocky.com > --encrypt bar.txt > File `bar.txt.gpg' exists. Overwrite? (y/N) y > johnmudhead:~ grant$ gpg --list-packets bar.txt.gpg > :pubkey enc packet: version 3, algo 1, keyid 1458BCCB6A8F7CF6 > data: [2045 bits] > :pubkey enc packet: version 3, algo 16, keyid AE2827D11643B926 > data: [2047 bits] > data: [2048 bits] > :encrypted data packet: > length: 70 > mdc_method: 2 > gpg: encrypted with 2048-bit ELG key, ID 1643B926, created 2002-01-28 > "David M. Shaw " > gpg: encrypted with 2048-bit RSA key, ID 6A8F7CF6, created 2010-01-11 > "Grant T. Olson (Personal email) " > :compressed packet: algo=2 > :literal data packet: > mode b (62), created 1298914148, name="bar.txt", > raw data: 4 bytes > > > -- > Grant > > "I am gravely disappointed. Again you have made me unleash my dogs of > war." > -- NEU: FreePhone - kostenlos mobil telefonieren und surfen! Jetzt informieren: http://www.gmx.net/de/go/freephone From expires2011 at ymail.com Mon Feb 28 23:40:27 2011 From: expires2011 at ymail.com (MFPA) Date: Mon, 28 Feb 2011 22:40:27 +0000 Subject: Security of the gpg private keyring? In-Reply-To: References: <53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com> Message-ID: <178555886.20110228224027@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Monday 28 February 2011 at 3:47:16 PM, in , Guy Halford-Thompson wrote: > Thanks for the help, didnt really occur to me how much > info is available in the public keyring, guess you cant > do much about it tho. I think key UIDs generally reveal more information than I am comfortable with. For example, why does your UID need to contain your email address in plain text rather than as a hash? Searching for that email address would need to return any keys that matched on the hashed version in addition to any keys that matched on the plaintext version. Somebody knowing the email address (or name or hostname) could find the key but mere inspection of the key UIDs would not reveal all its owner's names, email addresses, etc. I'm usually told such an option does not exist because it would serve no purpose and/or there would be no demand for it. - -- Best regards MFPA mailto:expires2011 at ymail.com It is not necessary to have enemies if you go out of your way to make friends hate you. -----BEGIN PGP SIGNATURE----- iQE7BAEBCgClBQJNbCRjnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pHSwEAMHh zrjvVf+j2wCkR7mERunLYQzrPB7FHMoVC9wTKGYp/EJ3/ItinP6qyBFpVBRFWwUx XmzD2q/rV/MqLeSXkCdpaWNGqOL2oNSu/W4mhf5MJ5BSj7lshIv79Wp1F0IlJ2eY bNq3tSqUFTOTpFuMMaYu6rmxT7UNyKLS4ljfDkAo =rj3N -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Mon Feb 28 23:47:32 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 28 Feb 2011 17:47:32 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> <4D6AA58F.6030803@sixdemonbag.org> <20110227193731.GA14868@wingback.gollo.at> <4D6AAA91.3090901@sixdemonbag.org> <45E19A0B-3584-4064-B9FA-77CCA68E06D4@sixdemonbag.org> <010B72F5-DCB7-4877-A955-92CA0998B706@jabberwocky.com> <8D4F9854-51AA-4811-9408-BDEAB447BC42@sixdemonbag.org> <12AA8816-AB3F-4E35-8EDC-BF8F6DB74118@sixdemonbag.org> <4D6BA0A0.4060005@gmail.com> <1080BB07-3E95-4F18-BE68-1036F241659B@jabberwocky.com> <4D6BD4CF.7020708@sixdemonbag.org> Message-ID: <4D6C2604.30509@sixdemonbag.org> On 2/28/11 12:10 PM, David Shaw wrote: > Well, I suppose that's up to you whether you want to trust RM or not. > A question on trustworthiness is outside crypto, and not what the > discussion was about here in any event. First it was, "even signatures from non-validated keys belonging to non-trusted persons can be significant, because it establishes continuity of communications." Now it's, "a question on trustworthiness is outside crypto." Which is it? Are signatures from non-validated keys belonging to non-trusted persons significant, or is trust outside the world of crypto? Ultimately, it's perfectly reasonable to say "I trust that RM is not screwing with me, and I trust that the key with fingerprint [...] really belongs to him," and from there bootstrap into getting significant signatures. But that doesn't invalidate the point of signatures needing (a) be correct, (b) come from validated keys which (c) belong to trusted persons. You're just saying, "I will trust whom I will trust, and I am assuming the validity of this key." From dshaw at jabberwocky.com Mon Feb 28 23:49:34 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 28 Feb 2011 17:49:34 -0500 Subject: PGP/MIME considered harmful for mobile In-Reply-To: <4D6C2604.30509@sixdemonbag.org> References: <87ei6uciyt.fsf@servo.finestructure.net> <4D6A881F.3030601@sixdemonbag.org> <4D6A9446.70705@systemoverlord.com> <4D6AA58F.6030803@sixdemonbag.org> <20110227193731.GA14868@wingback.gollo.at> <4D6AAA91.3090901@sixdemonbag.org> <45E19A0B-3584-4064-B9FA-77CCA68E06D4@sixdemonbag.org> <010B72F5-DCB7-4877-A955-92CA0998B706@jabberwocky.com> <8D4F9854-51AA-4811-9408-BDEAB447BC42@sixdemonbag.org> <12AA8816-AB3F-4E35-8EDC-BF8F6DB74118@sixdemonbag.org> <4D6BA0A0.4060005@gmail.com> <1080BB07-3E95-4F18-BE68-1036F241659B@jabberwocky.com> <4D6BD4CF.7020708@sixdemonbag.org> <4D6C2604.30509@sixdemonbag.org> Message-ID: <38DD5169-0C5F-46E5-AC6D-CAF54597410B@jabberwocky.com> On Feb 28, 2011, at 5:47 PM, Robert J. Hansen wrote: > On 2/28/11 12:10 PM, David Shaw wrote: >> Well, I suppose that's up to you whether you want to trust RM or not. >> A question on trustworthiness is outside crypto, and not what the >> discussion was about here in any event. > > First it was, "even signatures from non-validated keys belonging to > non-trusted persons can be significant, because it establishes > continuity of communications." Now it's, "a question on trustworthiness > is outside crypto." You know what? I'm finished with this silliness. You're (again) playing debate club games, and I'm just bored of it. See ya. From rjh at sixdemonbag.org Mon Feb 28 23:50:25 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 28 Feb 2011 17:50:25 -0500 Subject: Security of the gpg private keyring? In-Reply-To: <178555886.20110228224027@my_localhost> References: <53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com> <178555886.20110228224027@my_localhost> Message-ID: <4D6C26B1.3080809@sixdemonbag.org> On 2/28/11 5:40 PM, MFPA wrote: > For example, why does your UID need to contain your email address in > plain text rather than as a hash? It doesn't. User IDs are freeform text fields. Put Morse code in there for all I, or anyone else, cares. Just don't expect others to do likewise, or for the developers of certificate server software to drop everything and write extensive patches in order to accommodate your idiosyncrasy. From rookcifer at gmail.com Mon Feb 28 20:21:29 2011 From: rookcifer at gmail.com (chr0n0) Date: Mon, 28 Feb 2011 11:21:29 -0800 (PST) Subject: Default hash In-Reply-To: <4D69CD6A.7020503@gmail.com> References: <20110224062614.GB17846@poseidon.cocyt.us> <4D661EF8.5040304@dougbarton.us> <4D6626EE.1050909@adversary.org> <20110224134849.GC17846@poseidon.cocyt.us> <4D682BA0.50607@adversary.org> <4D6835D4.5040808@gmail.com> <4D6867E5.7070104@sixdemonbag.org> <4D687338.4090102@gmail.com> <4D68DAC5.6090108@gmail.com> <20110226185613.GB2295@penfold.cosgrove.lan> <4D697033.2030205@gmail.com> <4D698236.50404@gmail.com> <4D698EC1.4010709@gmail.com> <4D69CD6A.7020503@gmail.com> Message-ID: <31033879.post@talk.nabble.com> I believe that within the next five years someone will discover an academic attack against Rijndael. I do not believe that anyone will ever discover an attack that will allow someone to read Rijndael traffic. So while I have serious academic reservations about Rijndael, I do not have any engineering reservations about Rijndael. -- Bruce Schneier, Cryptogram Newsletter, October, 2000. >From Schneier/Ferguson's 2003 book, "Practical Cryptography": We don't quite trust the security...No other block cipher we know of has such a simple algebraic representation. We have no idea whether this leads to an attack or not, but not knowing is reason enough to be skeptical about the use of AES. However, even though he has reservations about Rijndael, he has said publicly numerous times that he prefers everyone to use AES instead of the other finalists, no doubt because it has had undeniably more analysis thrown its way. -- View this message in context: http://old.nabble.com/Default-hash-tp31002378p31033879.html Sent from the GnuPG - User mailing list archive at Nabble.com.