From vivarto at gmail.com Tue Nov 1 00:04:19 2011 From: vivarto at gmail.com (Veet Vivarto) Date: Mon, 31 Oct 2011 13:04:19 -1000 Subject: How to get the list of all keys to which the file has been encrypded Message-ID: Someone may encrypt the message to me and to 10 other recipients, I would like to know who they are. Is there a command line option for displaying all recipients to whom the message was encrypted. Thank you in advance for your help. Vivarto -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailinglisten at hauke-laging.de Tue Nov 1 01:44:50 2011 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Tue, 1 Nov 2011 01:44:50 +0100 Subject: How to get the list of all keys to which the file has been encrypded In-Reply-To: References: Message-ID: <201111010144.55815.mailinglisten@hauke-laging.de> Am Dienstag, 1. November 2011, 00:04:19 schrieb Veet Vivarto: > Someone may encrypt the message to me and to 10 other recipients, I would > like to know who they are. > > Is there a command line option for displaying all recipients to whom > the message was encrypted. --list-packets In case the data was encrypted normally and not with --hidden-recipient or --throw-keyids. But I don't know whether key servers allow the search for subkeys. If you don't have all the target keys in your keyring then it may be just an ID without any useful information to you. Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 555 bytes Desc: This is a digitally signed message part. URL: From jw72253 at verizon.net Tue Nov 1 03:20:24 2011 From: jw72253 at verizon.net (John A. Wallace) Date: Mon, 31 Oct 2011 21:20:24 -0500 Subject: batch decryption key identification In-Reply-To: References: Message-ID: <000001cc983c$d0fccd30$72f66790$@net> Hello. On this website (http://www.gnupg.org/faq/GnuPG-FAQ.html#how-can-i-get-list-of-key-ids-used- to-encrypt-a-message) I found this FAQ and answer: Question: How can I get list of key IDs used to encrypt a message? $ gpg --batch --decrypt --list-only --status-fd 1 2>/dev/null | \ awk '/^\[GNUPG:\] ENC_TO / { print $3 }' As it relates in part to my original question below, I want to ask about this in more detail. Knowing which particular key was used for encryption would allow me to pinpoint which of the several keys on a key-ring to use for decryption and would help save much time and effort in the process when looking at a batch of messages. I am not a programmer, but I can see that the above command uses the program 'awk' to identify the key used; and I understand that the Gnu program 'gawk' has equivalent functionality. I have two questions about it. First, using the above command, whereabouts should I put the "path/filenames.asc" in it for the command to analyze for decryption, and should I put any other unlisted parameters in the command for it to complete? I tried testing it like this: gpg --batch --decrypt --list-only --status-fd 1 But I saw nothing output on the screen related to the key used on the file. The 'filename.asc' tested was just an individual encrypted file, but I later intend to use this on a batch of files named such as 'path/*.asc'. Secondly, are the 'gawk' program commands equivalent to the above listed awk commands, or will I need to alter it in some way? Thanks. John -----Original Message----- From: gnupg-users-bounces at gnupg.org [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of gnupg-users-request at gnupg.org Sent: Tuesday, October 11, 2011 2:58 AM To: gnupg-users at gnupg.org Subject: Gnupg-users Digest, Vol 97, Issue 9 [snip] Message: 8 Date: Tue, 11 Oct 2011 09:35:30 +0200 From: Werner Koch To: "John A. Wallace" Cc: gnupg-users at gnupg.org Subject: Re: key selection in batch decryptions Message-ID: <87sjn07zgd.fsf at vigenere.g10code.de> Content-Type: text/plain; charset=us-ascii On Mon, 10 Oct 2011 23:18, jw72253 at verizon.net said: > keys in turn. Is there a way to tell gpg to use just one of the keys if > any? I have tried specifying this as one of the options "-u userID", but it No there is no way to do this. The best suggestion for all automated systems is not to use a passphrase. If you really want a passphrase and you require full control over it you have three choices: - Write your own pinentry and send CANCEL back until the desired passphrase is requested. Then send the right passphrase. - Write a simple pinentry to always send a CANCEL back (GnuPG 2.1 will have an option to emulate this). The use gpg-preset-passphrase to seed gpg-agent with the desired passphrase. - Use --status-fd/--command-fd. These options allow you to pass a passphrase to gpg entirely under script control. They work even with GnuPG 1.4. From jw72253 at verizon.net Tue Nov 1 08:04:31 2011 From: jw72253 at verizon.net (John A. Wallace) Date: Tue, 01 Nov 2011 02:04:31 -0500 Subject: small security glitches Message-ID: <000001cc9864$81961530$84c23f90$@net> Hello. I was reading this page, http://www.gnupg.org/faq/GnuPG-FAQ.html#cant-we-have-a-gpg-library , and I found this comment near the end of it in the section entitled "How does this whole thing work?": "There is a small security glitch in the OpenPGP (and therefore GnuPG) system; to avoid this you should always sign and encrypt a message instead of only encrypting it." If this is still applicable, would you explain what the small glitch is? Are there any other small glitches explained elsewhere, which I may not have noticed? There is a lot of documentation, and I am hoping to absorb it as much as I can. Thanks. John A. Wallace -------------- next part -------------- An HTML attachment was scrubbed... URL: From Dave.Smith at st.com Tue Nov 1 12:55:11 2011 From: Dave.Smith at st.com (David Smith) Date: Tue, 1 Nov 2011 11:55:11 +0000 Subject: GnuPG decryption problem In-Reply-To: <49467.46.100.80.211.1320091686.squirrel@utservm.ut.ac.ir> References: <49467.46.100.80.211.1320091686.squirrel@utservm.ut.ac.ir> Message-ID: <4EAFDE1F.7050101@st.com> m.aflakparast at ut.ac.ir wrote: > I need to decrypt .gz.gpg files (e.g. 70195_C1_WTCCCT442627.CEL.gz.gpg). > I have the encryption key(passphrase). Remember that the passphrase is not the key. The key is stored in a file, and that file is protected by the passphrase so that only people who know the passphrase can use it. > I used Gnp4win and ran into this error: > "bad session key" > Then I downloaded gnupg-1.4.9 for windows from the following link: > > http://techgenie.com/latest/how-to-install-gnupg-1-4-9-on-windows-xp-vista-and-7/ > > I followed the instructions and installed. > Now, when I use the full path to the gpg program (gpg.exe) > in the command line, and enter the following command: > > gpg --decrypt "myfile.gpg" > > I am asked a passphrase, but the problem is that it is not possible to > write any thing in fron of the statement" Enter Passphrase:", e.i. > whatever you type, nothing appears on the screen! That is probably intentional, to stop someone seeing your passphrase by looking over your shoulder. Personally, rather than using --decrypt, I'd use --decrypt-file. That might help. From aaron.toponce at gmail.com Tue Nov 1 13:35:11 2011 From: aaron.toponce at gmail.com (Aaron Toponce) Date: Tue, 1 Nov 2011 06:35:11 -0600 Subject: small security glitches In-Reply-To: <000001cc9864$81961530$84c23f90$@net> References: <000001cc9864$81961530$84c23f90$@net> Message-ID: <20111101123511.GA28478@poseidon.cocyt.us> On Tue, Nov 01, 2011 at 02:04:31AM -0500, John A. Wallace wrote: > Hello. I was reading this page, > http://www.gnupg.org/faq/GnuPG-FAQ.html#cant-we-have-a-gpg-library , and I > found this comment near the end of it in the section entitled "How does this > whole thing work?": "There is a small security glitch in the OpenPGP (and > therefore GnuPG) system; to avoid this you should always sign and encrypt a > message instead of only encrypting it." If this is still applicable, would > you explain what the small glitch is? Are there any other small glitches > explained elsewhere, which I may not have noticed? There is a lot of > documentation, and I am hoping to absorb it as much as I can. Thanks. The "glitch" is exactly as described: you should always sign and encrypt a message instead of only encrypting it. I could send you malicious encrypted content, and masquerade as someone else behind a different email address- maybe someone with a good reputation for security in the OpenPGP community. Without signing the message, and only encrypting it to your public key, you have no way to verify who really sent you the message. Now switch sides. Suppose you're sending an encrypted mail to a collegue. You're encrypting it for his eyes only. If you don't sign the message, he may or may not choose to decrypt it. If you sign the encrypted mail, then he can verify the signature, see if he trusts that key, and make a more meaningful decision. The "glitch" is that for security AND trust, messages must be both encrypted and signed. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 519 bytes Desc: Digital signature URL: From peter at digitalbrains.com Tue Nov 1 13:37:16 2011 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 01 Nov 2011 13:37:16 +0100 Subject: How to get the list of all keys to which the file has been encrypded In-Reply-To: <201111010144.55815.mailinglisten@hauke-laging.de> References: <201111010144.55815.mailinglisten@hauke-laging.de> Message-ID: <4EAFE7FC.8090205@digitalbrains.com> On 01/11/11 01:44, Hauke Laging wrote: > But I don't know whether key servers allow the search for subkeys. $ gpg --search-keys DE6CDCA1 gpg: searching for "DE6CDCA1" from hkp server pool.sks-keyservers.net (1) Peter Lebbing 2048 bit RSA key DE500B3E, created: 2009-11-12 Yup, searching for subkeys works. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From mailinglisten at hauke-laging.de Tue Nov 1 13:44:11 2011 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Tue, 1 Nov 2011 13:44:11 +0100 Subject: small security glitches In-Reply-To: <20111101123511.GA28478@poseidon.cocyt.us> References: <000001cc9864$81961530$84c23f90$@net> <20111101123511.GA28478@poseidon.cocyt.us> Message-ID: <201111011344.12248.mailinglisten@hauke-laging.de> Am Dienstag, 1. November 2011, 13:35:11 schrieb Aaron Toponce: > Now switch sides. Suppose you're sending an encrypted mail to a collegue. > You're encrypting it for his eyes only. If you don't sign the message, he > may or may not choose to decrypt it. If you sign the encrypted mail, then > he can verify the signature, see if he trusts that key, and make a more > meaningful decision. But this isn't possible with email, is it? Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 555 bytes Desc: This is a digitally signed message part. URL: From lists at chrispoole.com Tue Nov 1 12:53:20 2011 From: lists at chrispoole.com (Chris Poole) Date: Tue, 1 Nov 2011 11:53:20 +0000 Subject: GnuPG decryption problem In-Reply-To: <49467.46.100.80.211.1320091686.squirrel@utservm.ut.ac.ir> References: <49467.46.100.80.211.1320091686.squirrel@utservm.ut.ac.ir> Message-ID: On Mon, Oct 31, 2011 at 8:08 PM, wrote: > I am asked a passphrase, but the problem is that it is not possible to > write any thing in fron of the statement" Enter Passphrase:", e.i. > whatever you type, nothing appears on the screen! I have not used the gpg.exe you are talking about, but presumably it is the same as on unix-like machines. In this case, the things you type are being passed to the program correctly, it's just that nothing is shown on screen (no ***'s, etc) to inform you of this. Cheers Chris Poole [PGP BAD246F9] From peter at digitalbrains.com Tue Nov 1 13:51:29 2011 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 01 Nov 2011 13:51:29 +0100 Subject: small security glitches In-Reply-To: <20111101123511.GA28478@poseidon.cocyt.us> References: <000001cc9864$81961530$84c23f90$@net> <20111101123511.GA28478@poseidon.cocyt.us> Message-ID: <4EAFEB51.6010403@digitalbrains.com> On 01/11/11 13:35, Aaron Toponce wrote: > The "glitch" is that for security AND trust, messages must be both > encrypted and signed. In that case, I find it to be phrased very awkwardly. Encryption provides encryption: people can't see what is in it. Period. Signing provides a form of integrity: people can see that the signer attests that the data is correct in some way. So how is it a security glitch that encryption does not provide trust? It is a glitch in someone's thinking to think that it does. PEBKAC. The advice to also sign is sound, the absolute "you should always" is overdoing it, IMHO. Personally, I was more thinking along the lines of the reasons to introduce the MDC. Can't remember off the top of my head how that all pieced together. In that case it might be useful to revise the text to say a few words on MDC's. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From gnupg at lists.grepular.com Tue Nov 1 13:52:18 2011 From: gnupg at lists.grepular.com (gnupg at lists.grepular.com) Date: Tue, 01 Nov 2011 12:52:18 +0000 Subject: small security glitches In-Reply-To: <201111011344.12248.mailinglisten@hauke-laging.de> References: <000001cc9864$81961530$84c23f90$@net> <20111101123511.GA28478@poseidon.cocyt.us> <201111011344.12248.mailinglisten@hauke-laging.de> Message-ID: <4EAFEB82.5050603@lists.grepular.com> On 01/11/11 12:44, Hauke Laging wrote: >> Now switch sides. Suppose you're sending an encrypted mail to a collegue. >> You're encrypting it for his eyes only. If you don't sign the message, he >> may or may not choose to decrypt it. If you sign the encrypted mail, then >> he can verify the signature, see if he trusts that key, and make a more >> meaningful decision. > > But this isn't possible with email, is it? Thunderbird + Enigmail here automatically decrypts encrypted email when you view it, regardless of whether or not it is signed. -- Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From Dave.Smith at st.com Tue Nov 1 15:23:39 2011 From: Dave.Smith at st.com (David Smith) Date: Tue, 1 Nov 2011 14:23:39 +0000 Subject: GnuPG decryption problem In-Reply-To: <50440.46.100.82.176.1320157165.squirrel@utservm.ut.ac.ir> References: <49467.46.100.80.211.1320091686.squirrel@utservm.ut.ac.ir> <4EAFDE1F.7050101@st.com> <50440.46.100.82.176.1320157165.squirrel@utservm.ut.ac.ir> Message-ID: <4EB000EB.10303@st.com> Please remember to keep the GnuPG users' mailing list in copy in case anyone else has any better ideas. m.aflakparast at ut.ac.ir wrote: > Thank you Dave, > > I tried again with this command: > > gpg --decrypt-file "myfile.gpg" > > and entered the passphrase when I was asekd to enter it. > But, this error comes up: > > gpg: encrypted with 1 passphrase > gpg: decryption error: bad key! Is that it, or is there any more diagnostic information? From peter at digitalbrains.com Tue Nov 1 15:47:08 2011 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 01 Nov 2011 15:47:08 +0100 Subject: GnuPG decryption problem In-Reply-To: <4EB000EB.10303@st.com> References: <49467.46.100.80.211.1320091686.squirrel@utservm.ut.ac.ir> <4EAFDE1F.7050101@st.com> <50440.46.100.82.176.1320157165.squirrel@utservm.ut.ac.ir> <4EB000EB.10303@st.com> Message-ID: <4EB0066C.3040600@digitalbrains.com> > m.aflakparast at ut.ac.ir wrote: >> Thank you Dave, >> >> I tried again with this command: >> >> gpg --decrypt-file "myfile.gpg" >> >> and entered the passphrase when I was asekd to enter it. >> But, this error comes up: >> >> gpg: encrypted with 1 passphrase >> gpg: decryption error: bad key! > > Is that it, or is there any more diagnostic information? That is the exact same error message you would get when you simply enter an incorrect passphrase. The file might be damaged, or you might have misunderstood the sender (that is, you actually enter the wrong passphrase). If the passphrase contains "special" symbols (umlauts, c-cedillas, anything other than letters, numbers, spaces and a few symbols), you might have a problem with entering those, though. That is something that doesn't always work correctly out-of-the-box. And which is beyond my expertise, by the way. The website you mentioned earlier on installing the gnupg command line tool without using GPG4Win calls their method "the proper way to install the GnuPG in a modern Windows environment". I respectfully disagree, usually the proper way /is/ using GPG4Win. There are situations where the more "manual" method described on that site is appropriate, but not for day-to-day use. I think you'll be better off with GPG4Win. Good luck, Peter. PS: The following table could be useful. It's a list of symbols that I think shouldn't give problems when entering those. If one of the symbols in your passphrase is not in this table, you might have a "language issue" that prevents you from entering that symbol in the passphrase. 0 @ P ` p ! 1 A Q a q " 2 B R b r # 3 C S c s $ 4 D T d t % 5 E U e u & 6 F V f v ? 7 G W g w ( 8 H X h x ) 9 I Y i y * : J Z j z + ; K [ k { , < L \ l | - = M ] m } . > N ^ n ~ / ? O _ o -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From lists at chrispoole.com Tue Nov 1 15:47:49 2011 From: lists at chrispoole.com (Chris Poole) Date: Tue, 1 Nov 2011 14:47:49 +0000 Subject: GnuPG decryption problem In-Reply-To: <49467.46.100.80.211.1320091686.squirrel@utservm.ut.ac.ir> References: <49467.46.100.80.211.1320091686.squirrel@utservm.ut.ac.ir> Message-ID: Have you confirmed that the passphrase you have is correct, and it's entered correctly? I would make sure this is the issue, by checking that gpg itself works as expected. 1. Open Notepad, write something in it. It doesn't matter what. Save the file as test.txt or similar. 2. Use gpg to encrypt this file, with a command like `gpg -c -o test.gpg test.txt`. I am unsure of the exact command as I don't use Windows, but this command (with the `-c` option) will have gpg use a symmetric passphrase (i.e., no keys). Keep it simple, just enter a passphrase like "hello". 3. Delete test.txt 4. Open test.gpg with Notepad and ensure it's unrecognisable. 5. Decrypt test.gpg, something like `gpg -d -o test-dec.txt test.gpg`. It'll ask you for the passphrase you entered earlier. 6. Open test-dec.txt with Notepad, and check that you get the same text as you started with. This should confirm that gpg works correctly for you, such that your "bad passphrase" warning you're getting is the result of you having and/or entering an incorrect passphrase. Best of luck. Chris Poole [PGP BAD246F9] From jrollins at finestructure.net Tue Nov 1 16:41:09 2011 From: jrollins at finestructure.net (Jameson Graef Rollins) Date: Tue, 01 Nov 2011 08:41:09 -0700 Subject: How can I know all the recipients of a GPG encrypted message In-Reply-To: <32754880.post@talk.nabble.com> References: <32754880.post@talk.nabble.com> Message-ID: <87vcr34zqi.fsf@servo.finestructure.net> On Mon, 31 Oct 2011 13:04:21 -0700 (PDT), vivarto wrote: > Someone may encrypt the message to me and to 10 other recipients, I would > like to know who they are. How do you know it was encrypted to 10 other people? > Is there a command line option for displaying all recipients to whom the > message was encrypted. Since message headers aren't encrypted, you should just be able to look at the To: or Cc: fields to see the recipients. Otherwise the message was at least effectively a Bcc:, in which case I don't think there is any other way. jamie. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: not available URL: From dkg at fifthhorseman.net Tue Nov 1 18:20:03 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Tue, 01 Nov 2011 13:20:03 -0400 Subject: How can I know all the recipients of a GPG encrypted message In-Reply-To: <32754880.post@talk.nabble.com> References: <32754880.post@talk.nabble.com> Message-ID: <4EB02A43.50400@fifthhorseman.net> On 10/31/2011 04:04 PM, vivarto wrote: > Is there a command line option for displaying all recipients to whom the > message was encrypted. feed the message body (not decrypted) itself through gpg --list-packets. You should see output like this: dkg at pip:~$ gpg --list-packets 2>/dev/null < .mail/msg.12345 :pubkey enc packet: version 3, algo 1, keyid 77A0D9461321E649 data: [4095 bits] :pubkey enc packet: version 3, algo 1, keyid 1FE3FFC22D967C01 data: [4096 bits] :encrypted data packet: length: 64 mdc_method: 2 dkg at pip:~$ Each of the "pubkey enc packet" stanzas identifies a particular key to which the message was ostensibly encrypted. You may find that you need to fetch the relevant keys to learn more about the identity of the recipient. Without holding the corresponding secret keys, of course, you can't tell for sure that the message has been actually encrypted to the listed key. It's possible to create a pubkey enc packet with bogus data in it, so that it looks like the message has been encrypted to DEADBEEFDEADBEEF, but in fact it cannot be decrypted by the holder of that secret key. Note also that it's possible (e.g. with --throw-keyids or --hidden-recipient) to craft messages that don't advertise the people to whom the message was encrypted. These kind of messages are a hassle for the intended recipients, however, because a recipient needs to try each of their secret keys against each pubkey enc packet to see if any decryption is possible. In short: there's no way to be absolutely sure of all the intended recipients; but in common practice you can have a reasonable guess. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From dougb at dougbarton.us Tue Nov 1 19:22:47 2011 From: dougb at dougbarton.us (Doug Barton) Date: Tue, 01 Nov 2011 11:22:47 -0700 Subject: small security glitches In-Reply-To: <4EAFEB82.5050603@lists.grepular.com> References: <000001cc9864$81961530$84c23f90$@net> <20111101123511.GA28478@poseidon.cocyt.us> <201111011344.12248.mailinglisten@hauke-laging.de> <4EAFEB82.5050603@lists.grepular.com> Message-ID: <4EB038F7.5060502@dougbarton.us> On 11/01/2011 05:52, gnupg at lists.grepular.com wrote: > Thunderbird + Enigmail here automatically decrypts encrypted email when > you view it, regardless of whether or not it is signed. That's a local preference, which you can easily disable. -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ From jw72253 at verizon.net Tue Nov 1 22:17:49 2011 From: jw72253 at verizon.net (John A. Wallace) Date: Tue, 01 Nov 2011 16:17:49 -0500 Subject: gpg option "--list-only" Message-ID: <000001cc98db$b5842d60$208c8820$@net> Hello. The online manual for gpg states this about the "-list-keys" option: "Changes the behaviour of some commands. This is like --dry-run but different in some cases. The semantic of this command may be extended in the future. Currently it only skips the actual decryption pass and therefore enables a fast listing of the encryption keys." I was testing some procedures with this option, using in one instance a message encrypted with a public key passphrase and in another instance a message encrypted with symmetric encryption only. Indeed, as stated, in the first case I was shown to which sub key ID it had been encrypted. on the other hand, in the second case, I was shown only a symmetric cipher type (e.g., CAST5), the one which was used for encryption. These results are consistent with what I expected. My question is, should I expect this sort of outcome in all cases? I should be shown a key ID for encryption with a public key, and I should be shown an encryption cipher when symmetric encryption was used? Thanks. John -------------- next part -------------- An HTML attachment was scrubbed... URL: From jw72253 at verizon.net Wed Nov 2 04:26:31 2011 From: jw72253 at verizon.net (John A. Wallace) Date: Tue, 01 Nov 2011 22:26:31 -0500 Subject: batch decryption key Identification In-Reply-To: References: Message-ID: <000001cc990f$37842cb0$a68c8610$@net> > > Message: 7 > Date: Mon, 31 Oct 2011 21:20:24 -0500 > From: "John A. Wallace" > To: > Subject: batch decryption key identification > Message-ID: <000001cc983c$d0fccd30$72f66790$@net> > Content-Type: text/plain; charset=us-ascii > > Hello. On this website > (http://www.gnupg.org/faq/GnuPG-FAQ.html#how-can-i-get-list-of-key-ids-used- > to-encrypt-a-message) I found this FAQ and answer: > > Question: How can I get list of key IDs used to encrypt a message? > > $ gpg --batch --decrypt --list-only --status-fd 1 2>/dev/null | \ > awk '/^\[GNUPG:\] ENC_TO / { print $3 }' > > > As it relates in part to my original question below, I want to ask about > this in more detail. Knowing which particular key was used for encryption > would allow me to pinpoint which of the several keys on a key-ring to use > for decryption and would help save much time and effort in the process when > looking at a batch of messages. > > I am not a programmer, but I can see that the above command uses the program > 'awk' to identify the key used; and I understand that the Gnu program 'gawk' > has equivalent functionality. I have two questions about it. First, using > the above command, whereabouts should I put the "path/filenames.asc" in it > for the command to analyze for decryption, and should I put any other > unlisted parameters in the command for it to complete? I tried testing it > like this: > > gpg --batch --decrypt --list-only --status-fd 1 > > But I saw nothing output on the screen related to the key used on the file. [snip] I found, after fiddling with this a bit and looking at some documentation online, that the problem is with the posted answer to the FAQ. For the above command to work as intended, it needs to have the part "--decrypt " moved to the end of the line. The Options are supposed to precede the Commands. Once moved to the end, the command's output does in fact show me the information about which key it was encrypted to, assuming that I have the key on my key-ring and that it was not a hidden recipient. John > Secondly, are the 'gawk' program commands equivalent to the above listed awk > commands, or will I need to alter it in some way? Thanks. > > John From andreas-j-a-froehlich at gmx.de Tue Nov 1 16:35:37 2011 From: andreas-j-a-froehlich at gmx.de (myNameScreen) Date: Tue, 1 Nov 2011 08:35:37 -0700 (PDT) Subject: revoke an revoked userID and e-mail from the GnuPG-Server Message-ID: <32759434.post@talk.nabble.com> How can I revoke an revoked userID and e-mail from the GnuPG-Server? How can I solve my problem in any way? I am new at this topic. I created my gpg key with one e-mail address. Later I decided to add a second e-mail. I recognised that my second e-mail was the default signature and could not change it. -- Now I know it, but it is to late. (Edit description) gpg --edit-key uid 1 primary quit ---------------------------------------- But I revoked my second E-Mail and send it to the GnuPG-Server. But now I want to add this e-mail, I can not, because the old second name and e-mail is used! Hope you understand me and can help me, because I am very harassed... -- View this message in context: http://old.nabble.com/revoke-an-revoked-userID-and-e-mail-from-the-GnuPG-Server-tp32759434p32759434.html Sent from the GnuPG - User mailing list archive at Nabble.com. From andreas-j-a-froehlich at gmx.de Tue Nov 1 16:36:53 2011 From: andreas-j-a-froehlich at gmx.de (myNameScreen) Date: Tue, 1 Nov 2011 08:36:53 -0700 (PDT) Subject: revoke a revoked userID and e-mail from the GnuPG-Server Message-ID: <32759434.post@talk.nabble.com> How can I revoke an revoked userID and e-mail from the GnuPG-Server? How can I solve my problem in any way? I am new at this topic. I created my gpg key with one e-mail address. Later I decided to add a second e-mail. I recognised that my second e-mail was the default signature and could not change it. -- Now I know it, but it is to late. (Edit description) gpg --edit-key uid 1 primary quit ---------------------------------------- But I revoked my second E-Mail and send it to the GnuPG-Server. But now I want to add this e-mail, I can not, because the old second name and e-mail is used! Hope you understand me and can help me, because I am very harassed... -- View this message in context: http://old.nabble.com/revoke-a-revoked-userID-and-e-mail-from-the-GnuPG-Server-tp32759434p32759434.html Sent from the GnuPG - User mailing list archive at Nabble.com. From laurent.jumet at skynet.be Wed Nov 2 11:37:24 2011 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Wed, 02 Nov 2011 12:37:24 +0200 Subject: revoke a revoked userID and e-mail from the GnuPG-Server In-Reply-To: <32759434.post@talk.nabble.com> Message-ID: Hello myNameScreen ! myNameScreen wrote: > How can I revoke an revoked userID and e-mail from the GnuPG-Server? > How can I solve my problem in any way? > default signature and could not change it. > -- Now I know it, but it is to late. > (Edit description) > gpg --edit-key > uid 1 > primary > quit > ---------------------------------------- > But I revoked my second E-Mail and send it to the GnuPG-Server. > But now I want to add this e-mail, I can not, because the old second name > and e-mail is used! > Hope you understand me and can help me, because I am very harassed... From that moment you sent a key to a keyserver, you cannot Delete UID from it (only locally but obviously it's useless). But you may instead Revoque and send the updated key to the keyserver. Remember that "quit" means "exit without updating the keyring"; "save" means "save all changes to the keyrings and quit". May be you'd like to print the help: In PDF: http://www.pointdechat.net/MyMan_GnuPG-1411.pdf In .DOC: http://www.pointdechat.net/MyMan_GnuPG-1411.doc -- Laurent Jumet KeyID: 0xCFAF704C From expires2011 at ymail.com Wed Nov 2 20:55:57 2011 From: expires2011 at ymail.com (MFPA) Date: Wed, 2 Nov 2011 19:55:57 +0000 Subject: revoke a revoked userID and e-mail from the GnuPG-Server In-Reply-To: <32759434.post@talk.nabble.com> References: <32759434.post@talk.nabble.com> Message-ID: <402947612.20111102195557@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Tuesday 1 November 2011 at 3:36:53 PM, in , myNameScreen wrote: > But I revoked my second E-Mail and send it to the > GnuPG-Server. > But now I want to add this e-mail, I can not, because > the old second name and e-mail is used! You have a key on the server with two user-IDs, one of which is revoked. There is nothing stopping you from creating a third user-ID that includes the same email address as the revoked user-ID. - -- Best regards MFPA mailto:expires2011 at ymail.com Take my advice - I don't use it anyway. -----BEGIN PGP SIGNATURE----- iQCVAwUBTrGgXaipC46tDG5pAQoqIAQAve0BpWmgE6xVlIHbVtHOSJCu2Se5mrWJ +N5FXpuMPP7njFWBhhYFQXcgHTPG5okkp77jTdsn6/BXkNLBCTOD2Yh3/ehuPnX0 JvTqrtkJr9n90EzxLCcUgNKzv4tSyQ+nU/bZsKtWCdFLG5hbfSDiUvc1dMMW94Hz YiQQmjqqUfI= =GpDJ -----END PGP SIGNATURE----- From kloecker at kde.org Wed Nov 2 23:03:07 2011 From: kloecker at kde.org (Ingo =?iso-8859-15?q?Kl=F6cker?=) Date: Wed, 02 Nov 2011 23:03:07 +0100 Subject: Sign a multipart/alternative mail In-Reply-To: <4EA90E31.2000800@fansubcode.org> References: <4EA7D06B.60601@fansubcode.org> <201110262203.19353@thufir.ingo-kloecker.de> <4EA90E31.2000800@fansubcode.org> Message-ID: <201111022303.07963@thufir.ingo-kloecker.de> On Thursday 27 October 2011, Pascal Nitsche wrote: > Am 26.10.2011 22:03, schrieb Ingo Kl?cker: > > On Wednesday 26 October 2011, Pascal Nitsche wrote: > >> Hello folks, > >> > >> I'm trying to sign a mail of the mime type "multipart/alternative" > >> using pgp in PHP. > >> The generation of the signature and the correct boundaries works > >> just fine, but I can't bring it to generate a valid signature. > >> > >> I think I'm missing something important here. > >> > >> First of all I encode the text and html portions of the mail as > >> quoted-printable and replace every new line character with > >> as to be found in the RFCs (which seem not to state > >> anything about multipart). > >> > >> Now I generate the signature of the complete mime part and put it > >> into its own mime part. [snip] > > You also do not mention whether you remove trailing whitespace. If > > you quoted-printable encode trailing spaces as =20 then you do not > > need to remove it. [snip] > > Hello Ingo, > > thanks for your help. I found out about this yesterday evening myself > through (It's only logical if you think about it...) I just thought > of the message content another way at first. > > Also thanks for the tip with the trailing whitespaces, I'll test > it... But there shouldn't be whitespaces after the last boundary > line of the message or is this considered to be done for each line > and not just for the last one of the message to be signed? This has to be done for each line. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From andreas-j-a-froehlich at gmx.de Wed Nov 2 21:17:57 2011 From: andreas-j-a-froehlich at gmx.de (myNameScreen) Date: Wed, 2 Nov 2011 13:17:57 -0700 (PDT) Subject: revoke a revoked userID and e-mail from the GnuPG-Server In-Reply-To: References: <32759434.post@talk.nabble.com> Message-ID: <32767894.post@talk.nabble.com> Laurent Jumet-2 wrote: > > > Hello myNameScreen ! > > myNameScreen wrote: > >> How can I revoke an revoked userID and e-mail from the GnuPG-Server? >> How can I solve my problem in any way? >> default signature and could not change it. >> -- Now I know it, but it is to late. >> (Edit description) >> gpg --edit-key >> uid 1 >> primary >> quit >> ---------------------------------------- >> But I revoked my second E-Mail and send it to the GnuPG-Server. >> But now I want to add this e-mail, I can not, because the old second name >> and e-mail is used! >> Hope you understand me and can help me, because I am very harassed... > > From that moment you sent a key to a keyserver, you cannot Delete UID > from it (only locally but obviously it's useless). But you may instead > Revoque and send the updated key to the keyserver. > Remember that "quit" means "exit without updating the keyring"; "save" > means "save all changes to the keyrings and quit". > > May be you'd like to print the help: > In PDF: http://www.pointdechat.net/MyMan_GnuPG-1411.pdf > In .DOC: http://www.pointdechat.net/MyMan_GnuPG-1411.doc > > -- > Laurent Jumet > KeyID: 0xCFAF704C > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > Hello Laurent, > But you may instead Revoque and send the updated key to the keyserver. When I try to add the same user with ( adduid ) it is not possible. GPG answer: (Such a user ID already exists on this key!) But I do not want to change my name or e-mail! What do you mean exactly by "Revoque"??? Revoke of the Revoke?? How? Sorry, I stuck a little bit. -- View this message in context: http://old.nabble.com/revoke-a-revoked-userID-and-e-mail-from-the-GnuPG-Server-tp32759434p32767894.html Sent from the GnuPG - User mailing list archive at Nabble.com. From laurent.jumet at skynet.be Thu Nov 3 12:38:21 2011 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Thu, 03 Nov 2011 13:38:21 +0200 Subject: revoke a revoked userID and e-mail from the GnuPG-Server In-Reply-To: <32767894.post@talk.nabble.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hello myNameScreen ! myNameScreen wrote: > When I try to add the same user with ( adduid ) it is not possible. > GPG answer: (Such a user ID already exists on this key!) > But I do not want to change my name or e-mail! > What do you mean exactly by "Revoque"??? Revoke of the Revoke?? How? > Sorry, I stuck a little bit. First ensure the old UID is revoqued. Try --edit/clean on that key. This should remove all UID that are not longer usable. Save to the Keyrings. Then, EDIT again and create a new UID. Does this work? - -- Laurent Jumet KeyID: 0xCFAF704C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) iHEEAREDADEFAk6yfjUqGGh0dHA6Ly93d3cucG9pbnRkZWNoYXQubmV0LzB4Q0ZB RjcwNEMuYXNjAAoJEPUdbaDPr3BMp7gAoOtaV1Ta5Cc8NwtBhbbxvE+lLhq2AJ9J MAeRHFdBX1pWtv1P6uVqe86n5A== =kYcM -----END PGP SIGNATURE----- From reynt0 at cs.albany.edu Sat Nov 5 00:05:59 2011 From: reynt0 at cs.albany.edu (reynt0) Date: Fri, 4 Nov 2011 19:05:59 -0400 (EDT) Subject: STEED - Usable end-to-end encryption In-Reply-To: <4EA72EBC.4020801@lists.grepular.com> References: <11355546.20111021185547@my_localhost> <20111024151516.GA5109@IUPUI.Edu> <4EA58338.7080204@sixdemonbag.org> <20111024160207.GB5109@IUPUI.Edu> <4EA59F96.5050101@sixdemonbag.org> <4EA680E1.6070406@digitalbrains.com> <4EA6B19F.2020000@sixdemonbag.org> <4EA6CE3D.7000808@digitalbrains.com> <4EA6D137.1070003@sixdemonbag.org> <4EA702AA.8010203@digitalbrains.com> <20111025201140.GA23055@IUPUI.Edu> <4EA72EBC.4020801@lists.grepular.com> Message-ID: On Oct 25, 2011, gnupg at lists.grepular.com wrote: . . . > (*) there's a nasty privacy issue when you're able to trigger a > receiving email client to do arbitrary http lookups. It means the sender > is able to determine when the recipient downloaded the email, and what > IP address they were using at the time. Perhaps MTAs could look up the > public key on delivery and add it to the email headers. . . . A comment about social psychology, FWIW: Just from talking to ordinary users, it seems to me that a hesitation they have is not to get involved with something they do not much understand, particularly when the people trying to sell it to them are telling stories about bad things happening to people because of stuff the people do not understand. People live their lives aware they are dependent on a lot of stuff they can not control or really understand, and cope by separating what is their own self and what is "other". Isolating the user's involvement in the system as much as possible (eg to just locally running en/decrypt actions including using whatever keys) might both (i) technically protect users from bad stuff (including the bad effect mentioned in the quote above) and (ii) make it more comfortable for them to internalize into their own psychology that there is this security stuff happening, because it is OK since the experts are taking care of it for them and if things go wrong, they (users) themselves are not to blame. If users do not internalize the situation, they are unlikely to want to go along with it, that is how psychology works. Cf consider a strategy of aiming for something like technical modularity which mimics users' psychological modularity about the product. The system designers' problem is that they have to look at the overall system objectively technically as well as to take the position of the individual user and look at the system from that point of view, too. From jw72253 at verizon.net Sat Nov 5 21:25:39 2011 From: jw72253 at verizon.net (John A. Wallace) Date: Sat, 05 Nov 2011 15:25:39 -0500 Subject: "--status-fd" Message-ID: <000001cc9bf9$15cdc2b0$41694810$@net> When I have a group of messages in a folder, which were encrypted by others with one of my public keys, and I enter the command "gpg -status-fd", the gpg program will scroll through all of these messages one by one showing me the keyID for which each message was encrypted. However, when I add a message that I have myself encrypted to one of these same keys on my keyring, and I put this message in the folder, and run the same command, the gpg program will scroll through all of these messages just the same way showing me the keyIDs; but for the message that I just encrypted and added to the group, it does not show me the keyed. I tried flushing the cache beforehand, but the same result occurs. Why is this message handled differently? Thanks. John -------------- next part -------------- An HTML attachment was scrubbed... URL: From mjkortve at optusnet.com.au Mon Nov 7 10:41:10 2011 From: mjkortve at optusnet.com.au (Michael K) Date: Mon, 07 Nov 2011 19:41:10 +1000 Subject: Use of gen-random In-Reply-To: <490B40EA.7010503@optusnet.com.au> References: <490B40EA.7010503@optusnet.com.au> Message-ID: <4EB7A7B6.2040600@optusnet.com.au> point taken. Randomness can be regenerated or reseeded. Which /form/ of randomness you get will be taken from different sources. That's why it actually /asks/ you to hit a few random keys and move the mouse about during the generation of the random "pool" that gpg uses when generating it's key-pair. At least I /think/ that's what is going on. For a definitive answer (depending on your machine) simply ask /dev/random Yeah?? Oh yeah. -- ^^^^^ |o o| \---/ m From adam_w67 at yahoo.com Tue Nov 8 13:15:47 2011 From: adam_w67 at yahoo.com (Adam) Date: Tue, 08 Nov 2011 13:15:47 +0100 Subject: Why is there a subkey and a selfsig in a new key? Message-ID: <87ehxibynt.fsf@earth.home> when creating a new key, gpg2 creates a selfsig and a subkey which is selfsiged as well. Why does it do so? Why not create just a plain key without subkey and selfsig? From crimer at crimer90.co.cc Tue Nov 8 16:01:05 2011 From: crimer at crimer90.co.cc (Simone Cianfriglia) Date: Tue, 8 Nov 2011 16:01:05 +0100 Subject: Why is there a subkey and a selfsig in a new key? In-Reply-To: <87ehxibynt.fsf@earth.home> References: <87ehxibynt.fsf@earth.home> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Adam, 2011/11/8 Adam : > when creating a new key, gpg2 creates a selfsig and a subkey which is > selfsiged as well. Why does it do so? Why not create just a plain key > without subkey and selfsig? gpg2 (and gpg 1 the same) by default creates a 'certificate' with two keys, one for signing/certifying and the other for encryption. Actually, this 'certificate', composed by a master signing key and an encryption subkey, is what is generally called 'key'. There are some reasons behind this choice, I think the main one is because it's safer to manage different keys for different needs. You can have only a signing key for authenticate the messages you sent and, at the same time, have more than one encryption key to enhance your security. You can, for instance, revoke an encryption key if you think it's compromised or if you want to change it because it's superseded or what you want... while keeping working your signing one, validating what you sign, independently. About the self-signature: Your 'certificate' is an association between your cryptographic keys and your identities. The self-signature is what makes this 'magic' work, thus binding the two in a strong and verifiable relationship. Without it, someone could, for example, add other uids to your key without any problem, and it could be dangerous for the whole functioning of the web of trust. There's also a 'key-binding signature' between your master key and your subkeys, for the same important reason. Hope it helps. :-) Simone -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBCgAGBQJOuUQnAAoJEGfVQEsGVc2ArpcP/1ZL1Wo9/GldKbremU3bMNwg Sz3KiR8GJeyEyCz3WI7pjLy6zjrfcCzi59dQ/xvlvBseE6xvhn1DiDNhL05VebvY IaMCH2axqGNWgTU4FGsMdmQAf9eKwwRSmOYfb6URp8219TgyDG20TzWs1lQo0Sl8 tMaHuyNUUfMW7ICFAlvZxHwddjnxnRQLW7GdpRUe45Gwb/EBK2TIYW2BHlq4L0xE 5KJi5JvjcfSgq0q2xt6umP+IXDD/bKIhciKvmmBfNGXI2jBWb9sBbKh8ll7sRRSo +q/9r9DXnR7QE0R6y1A9LYqUtLakAcKKckGo72BuwoSfKmB/shXfAudALpGf04Oj HdutRUFwUEneDBJDVbD2JFWIA3v0hwRHPVasDBbwS+piaZs2iVnPygwxnN7Uf0HA NpJoYFGbh85NTzy2H58EOs06BnYMoOY6DdItldcBI9lGNmK0jlce+1vxbH6NiqS8 q3cGNDEFgb+H6ddyEsf53GcUjnjipRgNBm5jTye/p64fm05hKavjfwKCjfCnJWLr h+U/3ozdagYrKrHBiwndkEmMLVRZw8xQJRyNyUz4oXhYbENlbxX6PjxODFGs6Tta QK6rvAWomKAtjSz28xqzjq7UkIdahLwpraJRlSrZyh3UFrgXaUATA1z/rNg6SnAc DOpsf6WiR6U7zsPYxtD9 =TwD5 -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Tue Nov 8 16:06:38 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 08 Nov 2011 10:06:38 -0500 Subject: Why is there a subkey and a selfsig in a new key? In-Reply-To: References: <87ehxibynt.fsf@earth.home> Message-ID: <4EB9457E.7050306@sixdemonbag.org> On 11/8/11 10:01 AM, Simone Cianfriglia wrote: > There are some reasons behind this choice, I think the main one is because > it's safer to manage different keys for different needs. IIRC, it was a response to laws like the United Kingdom's RIPA which allows the authorities to demand encryption keys from users. By separating encryption and signing into separate subkeys, and making the signing subkey the 'master' one, it allows users to divulge encryption subkeys to the authorities when required, then immediately revoke those encryption subkeys and resume encrypted communications with others. I may be in error. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature URL: From Dave.Smith at st.com Tue Nov 8 16:29:15 2011 From: Dave.Smith at st.com (David Smith) Date: Tue, 8 Nov 2011 15:29:15 +0000 Subject: Why is there a subkey and a selfsig in a new key? In-Reply-To: <4EB9457E.7050306@sixdemonbag.org> References: <87ehxibynt.fsf@earth.home> <4EB9457E.7050306@sixdemonbag.org> Message-ID: <4EB94ACB.6060406@st.com> Robert J. Hansen wrote: > IIRC, it was a response to laws like the United Kingdom's RIPA which > allows the authorities to demand encryption keys from users. By > separating encryption and signing into separate subkeys, and making the > signing subkey the 'master' one, it allows users to divulge encryption > subkeys to the authorities when required, then immediately revoke those > encryption subkeys and resume encrypted communications with others. > > I may be in error. In my case, it's because I like to change my encryption key on a regular basis (so that if an encryption key ever were to be cracked, it limits the damage to a smaller number of files/messages), but don't want the hassle of having to go around and get everyone to sign my new key every time I issue a new one. So, I have a master signing key with a long (or infinite) lifetime, but an encryption subkey with a short lifetime. When the encryption subkey expires, I generate a new encryption subkey which is signed by the master key, so all my contacts still consider it to be valid without them having to sign it (at a keysigning party etc.) From wk at gnupg.org Tue Nov 8 18:02:58 2011 From: wk at gnupg.org (Werner Koch) Date: Tue, 08 Nov 2011 18:02:58 +0100 Subject: Why is there a subkey and a selfsig in a new key? In-Reply-To: <4EB9457E.7050306@sixdemonbag.org> (Robert J. Hansen's message of "Tue, 08 Nov 2011 10:06:38 -0500") References: <87ehxibynt.fsf@earth.home> <4EB9457E.7050306@sixdemonbag.org> Message-ID: <877h3a7dj1.fsf@vigenere.g10code.de> On Tue, 8 Nov 2011 16:06, rjh at sixdemonbag.org said: > IIRC, it was a response to laws like the United Kingdom's RIPA which > allows the authorities to demand encryption keys from users. By No, that is not the case. The RIP act was first introduced in 2000 whereas the OpenPGP draft was first defined in autumn 1997. A technical case which required the use of two keys was the patent status of RSA. The DH patents expired in April 97 which allowed to do patent unencumbered public key crypto. For signature DSA was a natural choice; DSA however can't be used for encryption (at least it is not designed for that) and thus Elgamal was used for encryption. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From jan.orel at gooddata.com Thu Nov 10 09:17:53 2011 From: jan.orel at gooddata.com (jan.orel) Date: Thu, 10 Nov 2011 00:17:53 -0800 (PST) Subject: Error: invalid packet (ctb=2d) Message-ID: <32816812.post@talk.nabble.com> Hello, I am getting this error when trying to decrypt message from our client: invalid packet (ctb=2d) The message was created using Java library BouncyCastle, but seems correct. Do you have any idea what could be wrong? Thanks [xorel at lachtan sso]$ gpg --decrypt -vvv --homedir . message.enc gpg: WARNING: unsafe permissions on homedir `.' gpg: using character set `utf-8' gpg: armor: BEGIN PGP MESSAGE gpg: armor header: Version: BCPG v1.46 :pubkey enc packet: version 3, algo 1, keyid 877B2C47204341F5 data: [2043 bits] gpg: public key is 204341F5 gpg: public key encrypted data: good DEK :encrypted data packet: length: 609 gpg: encrypted with 2048-bit RSA key, ID 204341F5, created 2010-08-17 "XXX SSO " gpg: AES192 encrypted data gpg: [don't know]: invalid packet (ctb=2d) gpg: decryption okay gpg: WARNING: message was not integrity protected gpg: [don't know]: invalid packet (ctb=2d) -- View this message in context: http://old.nabble.com/Error%3A-invalid-packet-%28ctb%3D2d%29-tp32816812p32816812.html Sent from the GnuPG - User mailing list archive at Nabble.com. From lists at chrispoole.com Fri Nov 11 20:24:17 2011 From: lists at chrispoole.com (Chris Poole) Date: Fri, 11 Nov 2011 19:24:17 +0000 Subject: Signing already-encrypted files (all to self)? Message-ID: Hi, I have thousands of files in a maildir directory. I've encrypted them all, individually, with the recipient as myself. Just in case someone steals the machine or something. It occurs to me it would be a good idea to sign these emails. Making the assumption that I can trust they haven't already been tampered with, is it OK to simply run gpg -o somefile.gpg -s somefile.gpg or is it better to decrypt them all, and then sign and encrypt in one go? Thanks, Chris Poole From lists at chrispoole.com Fri Nov 11 23:54:16 2011 From: lists at chrispoole.com (Chris Poole) Date: Fri, 11 Nov 2011 22:54:16 +0000 Subject: Signing already-encrypted files (all to self)? In-Reply-To: References: Message-ID: On Fri, Nov 11, 2011 at 10:27 PM, David Tomaschik wrote: > I would just produce a list of SHA1s of the files and then sign that. OK thanks, I hadn't thought of that. I'd still have to decrypt and re-encrypt them to keep hashes of all plaintext versions of the files though. (Thinking about running this script every few days and hashing the latest files pulled from the IMAP server; it'd be far easier just to find any files not ending in ".gpg" to hash.) Thanks. From david at systemoverlord.com Fri Nov 11 23:55:02 2011 From: david at systemoverlord.com (David Tomaschik) Date: Fri, 11 Nov 2011 17:55:02 -0500 Subject: Fwd: Signing already-encrypted files (all to self)? In-Reply-To: References: Message-ID: Accidentally responded off-list... ---------- Forwarded message ---------- From: David Tomaschik Date: Fri, Nov 11, 2011 at 5:27 PM Subject: Re: Signing already-encrypted files (all to self)? To: Chris Poole I would just produce a list of SHA1s of the files and then sign that. sha1sum * | gpg -s --armor -o sigs.asc David On Fri, Nov 11, 2011 at 2:24 PM, Chris Poole wrote: > Hi, > > I have thousands of files in a maildir directory. > > I've encrypted them all, individually, with the recipient as myself. > Just in case someone steals the machine or something. > > It occurs to me it would be a good idea to sign these emails. Making > the assumption that I can trust they haven't already been tampered > with, is it OK to simply run > > ? ?gpg -o somefile.gpg -s somefile.gpg > > or is it better to decrypt them all, and then sign and encrypt in one go? > > > Thanks, > > Chris Poole > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- David Tomaschik, RHCE, LPIC-1 System Administrator/Open Source Advocate OpenPGP: 0x5DEA789B http://systemoverlord.com david at systemoverlord.com -- David Tomaschik, RHCE, LPIC-1 System Administrator/Open Source Advocate OpenPGP: 0x5DEA789B http://systemoverlord.com david at systemoverlord.com From dougb at dougbarton.us Fri Nov 11 23:57:53 2011 From: dougb at dougbarton.us (Doug Barton) Date: Fri, 11 Nov 2011 14:57:53 -0800 Subject: Signing already-encrypted files (all to self)? In-Reply-To: References: Message-ID: <4EBDA871.9060801@dougbarton.us> On 11/11/2011 14:54, Chris Poole wrote: > On Fri, Nov 11, 2011 at 10:27 PM, David Tomaschik > wrote: >> I would just produce a list of SHA1s of the files and then sign that. > > OK thanks, I hadn't thought of that. I'd still have to decrypt and re-encrypt > them to keep hashes of all plaintext versions of the files though. (Thinking > about running this script every few days and hashing the latest files pulled > from the IMAP server; it'd be far easier just to find any files not ending in > ".gpg" to hash.) I think this came up last time and I don't remember the reason you didn't like the solution, but wouldn't something like truecrypt be a whole heckuva lot easier? -- "We could put the whole Internet into a book." "Too practical." Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ From csabi.hlw at gmail.com Sat Nov 12 10:17:35 2011 From: csabi.hlw at gmail.com (Csabi) Date: Sat, 12 Nov 2011 10:17:35 +0100 Subject: Convert a .sig file to .asc file (is it possible)? Message-ID: <4EBE39AF.5070503@gmail.com> Hi all! It is possible to convert an already created .sig file to .asc file? (ASCII armored output)? I would like to convert some .sig (detached signature) files to .asc files. Can anybody write a method how can i do it? Best regards, Csabi From gnupg at lists.grepular.com Sat Nov 12 13:56:24 2011 From: gnupg at lists.grepular.com (gnupg at lists.grepular.com) Date: Sat, 12 Nov 2011 12:56:24 +0000 Subject: Signing already-encrypted files (all to self)? In-Reply-To: References: Message-ID: <4EBE6CF8.2080705@lists.grepular.com> On 11/11/11 22:54, Chris Poole wrote: >> I would just produce a list of SHA1s of the files and then sign that. > > OK thanks, I hadn't thought of that. I'd still have to decrypt and re-encrypt > them to keep hashes of all plaintext versions of the files though. (Thinking > about running this script every few days and hashing the latest files pulled > from the IMAP server; it'd be far easier just to find any files not ending in > ".gpg" to hash.) If you'd prefer to automatically encrypt your emails with your public GPG key on delivery, rather than using a batch job every few days, you can read up on the technique I use to do that here: https://grepular.com/Automatically_Encrypting_all_Incoming_Email -- Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From lists at chrispoole.com Sat Nov 12 14:45:15 2011 From: lists at chrispoole.com (Chris Poole) Date: Sat, 12 Nov 2011 13:45:15 +0000 Subject: Signing already-encrypted files (all to self)? In-Reply-To: <4EBE6CF8.2080705@lists.grepular.com> References: <4EBE6CF8.2080705@lists.grepular.com> Message-ID: On Fri, Nov 11, 2011 at 10:57 PM, Doug Barton wrote: > I think this came up last time and I don't remember the reason you > didn't like the solution, but wouldn't something like truecrypt be a > whole heckuva lot easier? I don't remember asking it before, but one reason I don't like Truecrypt is that I use Duplicity to backup my local files, so having the individually encrypted makes things easier (since it'll just ignore the ones already backed up). Adding them to the truecrypt container would cause the entire thing to change (ignoring homomorphic encryption or things iterating towards that). On Sat, Nov 12, 2011 at 12:56 PM, wrote: > If you'd prefer to automatically encrypt your emails with your public > GPG key on delivery, rather than using a batch job every few days, you > can read up on the technique I use to do that here: > https://grepular.com/Automatically_Encrypting_all_Incoming_Email Thanks, that's interesting reading. I use `getmail` to grab the messages, and just pass them through gpg when this runs, so it works well for what I want. Cheers Chris Poole [PGP BAD246F9] From peter at digitalbrains.com Sat Nov 12 18:18:38 2011 From: peter at digitalbrains.com (Peter Lebbing) Date: Sat, 12 Nov 2011 18:18:38 +0100 Subject: Signing already-encrypted files (all to self)? In-Reply-To: References: <4EBE6CF8.2080705@lists.grepular.com> Message-ID: <4EBEAA6E.201@digitalbrains.com> On 12/11/11 14:45, Chris Poole wrote: > I don't remember asking it before, but one reason I don't like Truecrypt is > that I use Duplicity to backup my local files, so having the individually > encrypted makes things easier (since it'll just ignore the ones already > backed up). Adding them to the truecrypt container would cause the entire > thing to change (ignoring homomorphic encryption or things iterating towards > that). I think it was someone else (carrying an USB stick with a lot of individually encrypted files) who mentioned disliking Truecrypt for their purpose. For backups, you can get away without resorting to homomorphic encryption and still have a small data transfer from live system to backup, at the cost of a lot of sequential disk I/O at both sides. In Truecrypt, only changing information changes (or rather, the sector or block containing it). So if you have no problem with f.e. rsync doing rolling checksums to find the parts that have changed, the actual data transfer will still be rather small. But the rolling checksums are of course much more intensive than a simple metadata check of each individual file, which is probably what your setup does with individually encrypted files. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From jerome+person at jeromebaum.com Sat Nov 12 00:03:29 2011 From: jerome+person at jeromebaum.com (Jerome Baum) Date: Sat, 12 Nov 2011 00:03:29 +0100 Subject: Signing already-encrypted files (all to self)? In-Reply-To: <4EBDA871.9060801@dougbarton.us> References: <4EBDA871.9060801@dougbarton.us> Message-ID: <4EBDA9C1.2000301@jeromebaum.com> On 2011-11-11 23:57, Doug Barton wrote: > On 11/11/2011 14:54, Chris Poole wrote: >> OK thanks, I hadn't thought of that. I'd still have to decrypt and re-encrypt >> them to keep hashes of all plaintext versions of the files though. (Thinking >> about running this script every few days and hashing the latest files pulled >> from the IMAP server; it'd be far easier just to find any files not ending in >> ".gpg" to hash.) > > I think this came up last time and I don't remember the reason you > didn't like the solution, but wouldn't something like truecrypt be a > whole heckuva lot easier? Can't speak for Chris of course, but maybe you don't want the private key "open" too much. You can encrypt without the private key. Same doesn't go for TrueCrypt. (When it comes to signing that's another matter, but you could always make a separate key for signing.) Now the thing that I _do_ wonder about, Chris, is why you want to hash the plaintext files? Why not hash them encrypted? (No need to decrypt-then-hash-then-encrypt a bunch of files.) -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA -- Quitting? You're quitting like a quitter? I have no room for quitters on my team! You're fired! -- Of all the things the problem that wasn't his was, being not his problem wasn't one of them. -- No situation is so dire that panic cannot make it worse. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 878 bytes Desc: OpenPGP digital signature URL: From dkg at fifthhorseman.net Sat Nov 12 19:29:51 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Sat, 12 Nov 2011 13:29:51 -0500 Subject: Convert a .sig file to .asc file (is it possible)? In-Reply-To: <4EBE39AF.5070503@gmail.com> References: <4EBE39AF.5070503@gmail.com> Message-ID: <4EBEBB1F.8040500@fifthhorseman.net> On 11/12/2011 04:17 AM, Csabi wrote: > It is possible to convert an already created .sig file to .asc file? > (ASCII armored output)? ascii armor is just a standard header and footer, wrapped around base64-encoded data plus a checksum: https://tools.ietf.org/html/rfc4880#section-6 If you have perl installed, you can use the attached script to convert from a binary version to an ascii-armored version. Invoke it like: openpgp-armor-convert < foo.sig > foo.asc hth, --dkg -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: openpgp-armor-convert URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From csabi.hlw at gmail.com Sun Nov 13 10:34:27 2011 From: csabi.hlw at gmail.com (Csabi) Date: Sun, 13 Nov 2011 10:34:27 +0100 Subject: Convert a .sig file to .asc file (is it possible)? In-Reply-To: <4EBEBB1F.8040500@fifthhorseman.net> References: <4EBE39AF.5070503@gmail.com> <4EBEBB1F.8040500@fifthhorseman.net> Message-ID: <4EBF8F23.4070001@gmail.com> Thx the script, i will try it. Many thanx! Best regards, Csabi From faramir.cl at gmail.com Sun Nov 13 11:36:31 2011 From: faramir.cl at gmail.com (Faramir) Date: Sun, 13 Nov 2011 07:36:31 -0300 Subject: Signing already-encrypted files (all to self)? In-Reply-To: <4EBDA871.9060801@dougbarton.us> References: <4EBDA871.9060801@dougbarton.us> Message-ID: <4EBF9DAF.9000109@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 11-11-2011 19:57, Doug Barton escribi?: > On 11/11/2011 14:54, Chris Poole wrote: ... >> OK thanks, I hadn't thought of that. I'd still have to decrypt >> and re-encrypt them to keep hashes of all plaintext versions of >> the files though. (Thinking about running this script every few >> days and hashing the latest files pulled from the IMAP server; >> it'd be far easier just to find any files not ending in ".gpg" to >> hash.) > > I think this came up last time and I don't remember the reason you > didn't like the solution, but wouldn't something like truecrypt be > a whole heckuva lot easier? That time there was a portability requirement, but that doesn't seem to be the current case. A truecrypt container would solve the problem, since it both keeps the files encrypted, and unless the container is decrypted, people can't put fake files inside. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJOv52vAAoJEMV4f6PvczxAmzkH/3pOcSJC15vEL9CsSkhfTF00 WVkwVneOD9Gbl0lgW3HDI2AIRkoxQeg8wQvjlVlhvIH+q5+3yPQ5H+fj1ZBxoaU4 HINiXQgU0GD0ShMG+fe/PH3pi3XRbZATaXlFbkq56geg2hLkxlrIaHwekZ2MKN5R at8EVDrFcESumiGcGWJ0+ajnfiwBfTqm5Jn/CPxhpVWP6H+98HKEKmEOtEwyZ8iV KhfdyzAwmLL+eKt77sw63NNuDGHvqDFVuvmrbqupjkB0nhBVDvDYnht1//t82ToC u7JYYLqxzUcb+7yLkinaGgqxrAn0DlHDTF5FWKXnXgvu4TsPI1e6noBqDKXBt48= =CHVf -----END PGP SIGNATURE----- From seanrima at me.com Sun Nov 13 15:22:28 2011 From: seanrima at me.com (Sean Rima) Date: Sun, 13 Nov 2011 14:22:28 +0000 Subject: group in gpg.conf but gpgmail does not honor/see Message-ID: Hi I am looking for a work around to the gpgmail on osx not using the group line in the gpg.conf file. I can drop to a terminal but it is not the best idea. I was wondering if I created a key with the address of the group line, would gpg encrypt to the group line or just the key. It is for the pgpnet group on yahoo if that help Sean From expires2011 at ymail.com Sun Nov 13 18:29:27 2011 From: expires2011 at ymail.com (MFPA) Date: Sun, 13 Nov 2011 17:29:27 +0000 Subject: group in gpg.conf but gpgmail does not honor/see In-Reply-To: References: Message-ID: <906597005.20111113172927@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Sunday 13 November 2011 at 2:22:28 PM, in , Sean Rima wrote: > I am looking for a work around to the gpgmail on osx > not using the group line in the gpg.conf file. I can > drop to a terminal but it is not the best idea. There was a brief discussion about group lines on PGPNET a few months ago. IIRC, the specifics under discussion were spaces and angle brackets. I don't think any conclusions were reached, but it may be worth experimenting with group =0x group =0x group = 0x group pgpnet at yahoogroups.com=0x group pgpnet at yahoogroups.com =0x group pgpnet at yahoogroups.com = 0x Experience has shown me The Bat! will only match on email address and requires the angle brackets for the group line to work. And testing has shown that the spaces make no difference in my current set-up. I'm reasonably sure somebody posted that they had to remove the angle brackets to get the group line to work on their set-up. I don't recall whether anybody reported any significance of spaces, or whether it was just noted that somebody else used them and I didn't, and that each of us was just following the pattern we first saw. > I was wondering if I created a key with the address of > the group line, would gpg encrypt to the group line or > just the key. I suspect if it is not "seeing" the group line, it would still not see it. But who knows? - -- Best regards MFPA mailto:expires2011 at ymail.com Gypsy Dwarf Escapes Prison: Small Medium at large -----BEGIN PGP SIGNATURE----- iQCVAwUBTr/+iaipC46tDG5pAQoFGAP+OYHzgkTrFaW1lTmyqEH7MWaIos+m9F+W iPLU+l2hEm5dWsA5ExswL+dwyVhcefnjQWz6Z3GZ+mxMrK136QvwJIsDfrLVOnok zdelk3kgfQz/GMEmML129M88GvlOPF//UcfY1tI9T6to88oEE7dEJDzfC1vMQyZ3 cCVd2WMnJ54= =3Sg4 -----END PGP SIGNATURE----- From src=gnupg at lion.leolix.org Sun Nov 13 17:03:47 2011 From: src=gnupg at lion.leolix.org (Philipp Schafft) Date: Sun, 13 Nov 2011 17:03:47 +0100 Subject: Convert a .sig file to .asc file (is it possible)? In-Reply-To: <4EBE39AF.5070503@gmail.com> References: <4EBE39AF.5070503@gmail.com> Message-ID: <20111113160349.B16F579E29@priderock.keep-cool.org> reflum, On Sat, 2011-11-12 at 10:17 +0100, Csabi wrote: > Hi all! > > It is possible to convert an already created .sig file to .asc file? > (ASCII armored output)? > > I would like to convert some .sig (detached signature) files to .asc files. > Can anybody write a method how can i do it? > > Best regards, Csabi gpg --enarmor bla.sig -- Philipp. (Rah of PH2) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 482 bytes Desc: This is a digitally signed message part URL: From seanrima at me.com Sun Nov 13 19:31:30 2011 From: seanrima at me.com (Sean Rima) Date: Sun, 13 Nov 2011 18:31:30 +0000 Subject: group in gpg.conf but gpgmail does not honor/see In-Reply-To: <906597005.20111113172927@my_localhost> References: <906597005.20111113172927@my_localhost> Message-ID: <6D966C55-4526-4990-836F-F6D0BF6F3505@me.com> On 13 Nov 2011, at 17:29, MFPA wrote: > > Hash: SHA512 > > Hi > > > On Sunday 13 November 2011 at 2:22:28 PM, in > , Sean Rima wrote: > >> I am looking for a work around to the gpgmail on osx >> not using the group line in the gpg.conf file. I can >> drop to a terminal but it is not the best idea. > > > There was a brief discussion about group lines on PGPNET a few months > ago. IIRC, the specifics under discussion were spaces and angle > brackets. > > I don't think any conclusions were reached, but it may be worth > experimenting with > > group =0x > group =0x > group = 0x > group pgpnet at yahoogroups.com=0x > group pgpnet at yahoogroups.com =0x > group pgpnet at yahoogroups.com = 0x > > Experience has shown me The Bat! will only match on email address and > requires the angle brackets for the group line to work. And testing > has shown that the spaces make no difference in my current set-up. I'm > reasonably sure somebody posted that they had to remove the angle > brackets to get the group line to work on their set-up. > > I don't recall whether anybody reported any significance of spaces, or > whether it was just noted that somebody else used them and I didn't, > and that each of us was just following the pattern we first saw. If I goto the command line and use the -r command line option gpg picks up the group ok, however gpgmail is just scanning the keyfile and not finding a key for the group, ie the email address I think the group line is a feature that is not widely used, if it is used elsewhere indeed. Apart from the pgpnet group on Yahoo, I have not seen it used > >> I was wondering if I created a key with the address of >> the group line, would gpg encrypt to the group line or >> just the key. > > I suspect if it is not "seeing" the group line, it would still not see > it. But who knows? > I think it is the way that gpgmail is written it scans the keyfile and not the gpg.conf file, I guess few email rograms would. I may try creating a simple key for the group and see if gpg will encrypt to the group line as well or instead of the created key. Sean From dougb at dougbarton.us Sun Nov 13 22:31:07 2011 From: dougb at dougbarton.us (Doug Barton) Date: Sun, 13 Nov 2011 13:31:07 -0800 Subject: group in gpg.conf but gpgmail does not honor/see In-Reply-To: <906597005.20111113172927@my_localhost> References: <906597005.20111113172927@my_localhost> Message-ID: <4EC0371B.8010702@dougbarton.us> On 11/13/2011 09:29, MFPA wrote: > There was a brief discussion about group lines on PGPNET a few months > ago. IIRC, the specifics under discussion were spaces and angle > brackets. > > I don't think any conclusions were reached, but it may be worth > experimenting with > > group =0x > group =0x > group = 0x > group pgpnet at yahoogroups.com=0x > group pgpnet at yahoogroups.com =0x > group pgpnet at yahoogroups.com = 0x Sean, take MFPA's advice and try different combinations of spaces and angle brackets as above. I would be very surprised if gpgmail scanned the gpg.conf or the key files directly. It's far more likely that it's asking gpg to encrypt to an e-mail address that looks like $this. Figuring out what the "$this" is should allow you to use the group line transparently. Doug -- "We could put the whole Internet into a book." "Too practical." Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ From seanrima at me.com Mon Nov 14 08:37:28 2011 From: seanrima at me.com (Sean Rima) Date: Mon, 14 Nov 2011 07:37:28 +0000 Subject: group in gpg.conf but gpgmail does not honor/see In-Reply-To: <4EC0371B.8010702@dougbarton.us> References: <906597005.20111113172927@my_localhost> <4EC0371B.8010702@dougbarton.us> Message-ID: On 13 Nov 2011, at 21:31, Doug Barton wrote: > On 11/13/2011 09:29, MFPA wrote: >> There was a brief discussion about group lines on PGPNET a few months >> ago. IIRC, the specifics under discussion were spaces and angle >> brackets. >> >> I don't think any conclusions were reached, but it may be worth >> experimenting with >> >> group =0x >> group =0x >> group = 0x >> group pgpnet at yahoogroups.com=0x >> group pgpnet at yahoogroups.com =0x >> group pgpnet at yahoogroups.com = 0x > > Sean, take MFPA's advice and try different combinations of spaces and > angle brackets as above. I would be very surprised if gpgmail scanned > the gpg.conf or the key files directly. It's far more likely that it's > asking gpg to encrypt to an e-mail address that looks like $this. > Figuring out what the "$this" is should allow you to use the group line > transparently. > I will have aplay later on, but I am nearly sure that it is reading the key file. I created a dummy key for the group and gpgmail gave me the option to encrypt but with out the key no option to encrypt is available, only sign sean From pascal.sartoretti at elca.ch Mon Nov 14 10:28:56 2011 From: pascal.sartoretti at elca.ch (Sartoretti Pascal) Date: Mon, 14 Nov 2011 10:28:56 +0100 Subject: GPA File Manager : double-click not possible ? Message-ID: <26958EDC00C9F545A300BAC81C5A652D6EDDC4@ms02.elca.ch> Hello, I am a new user to the GNU Privacy Assistant; it works fine, but there is one thing that annoys me in the "File Manager" window : it is not possible to double-click on a decrypted file to open it (using the application associated to it in the operating system), I have to open it via Window's Explorer, which is complex because the file is in a temporary location created by Microsoft Outlook. Hence my questions : - Is there an easy way to open a file from GPA's "File Manager" window ? - Why is it so complex, for security reasons ? Thanks for any help Pascal Sartoretti From wk at gnupg.org Mon Nov 14 11:52:44 2011 From: wk at gnupg.org (Werner Koch) Date: Mon, 14 Nov 2011 11:52:44 +0100 Subject: Convert a .sig file to .asc file (is it possible)? In-Reply-To: <20111113160349.B16F579E29@priderock.keep-cool.org> (Philipp Schafft's message of "Sun, 13 Nov 2011 17:03:47 +0100") References: <4EBE39AF.5070503@gmail.com> <20111113160349.B16F579E29@priderock.keep-cool.org> Message-ID: <87wrb3ascj.fsf@gnupg.org> On Sun, 13 Nov 2011 17:03, src=gnupg at lion.leolix.org said: > gpg --enarmor bla.sig you need to edit the "-----" header/footer lines after that. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From csabi.hlw at gmail.com Mon Nov 14 12:32:06 2011 From: csabi.hlw at gmail.com (Csabi) Date: Mon, 14 Nov 2011 12:32:06 +0100 Subject: Convert a .sig file to .asc file (is it possible)? In-Reply-To: <87wrb3ascj.fsf@gnupg.org> References: <4EBE39AF.5070503@gmail.com> <20111113160349.B16F579E29@priderock.keep-cool.org> <87wrb3ascj.fsf@gnupg.org> Message-ID: <4EC0FC36.2070607@gmail.com> Hi! 2011.11.14. 11:52 keltez?ssel, Werner Koch ?rta: > On Sun, 13 Nov 2011 17:03, src=gnupg at lion.leolix.org said: > >> gpg --enarmor bla.sig > you need to edit the "-----" header/footer lines after that. > > If i change the following lines: -----BEGIN PGP ARMORED FILE----- -----END PGP ARMORED FILE----- To the following lines: -----BEGIN PGP SIGNATURE----- -----END PGP SIGNATURE----- It was enough? Best regards, Csabi From lists at chrispoole.com Mon Nov 14 12:11:56 2011 From: lists at chrispoole.com (Chris Poole) Date: Mon, 14 Nov 2011 11:11:56 +0000 Subject: Signing already-encrypted files (all to self)? In-Reply-To: <4EBDA9C1.2000301@jeromebaum.com> References: <4EBDA871.9060801@dougbarton.us> <4EBDA9C1.2000301@jeromebaum.com> Message-ID: On Fri, Nov 11, 2011 at 11:03 PM, Jerome Baum wrote: > Now the thing that I _do_ wonder about, Chris, is why you want to hash > the plaintext files? Why not hash them encrypted? (No need to > decrypt-then-hash-then-encrypt a bunch of files.) That's perfectly acceptable, I'm just unsure of how to match the encrypted files that haven't already been hashed. Here's what I do: 1. Run getmail, which puts a few more files in the maildir directory 2. `find maildir/ -not -name '*.gpg' | gpg ...` to encrypt these new files At this point in the script now, I would want to hash the new files, but now they'll have the `.gpg` output extension. I guess the easiest thing is just to have gpg output with a filename `.tempgpg` or something, then hash, and then rename to `.gpg`. (How else to match only these newly-encrypted files, when the directory has thousands of files already ending in `.gpg`?) Cheers Chris Poole [PGP BAD246F9] From peter at digitalbrains.com Mon Nov 14 15:42:58 2011 From: peter at digitalbrains.com (Peter Lebbing) Date: Mon, 14 Nov 2011 15:42:58 +0100 Subject: Signing already-encrypted files (all to self)? In-Reply-To: References: <4EBDA871.9060801@dougbarton.us> <4EBDA9C1.2000301@jeromebaum.com> Message-ID: <4EC128F2.4070105@digitalbrains.com> On 14/11/11 12:11, Chris Poole wrote: > 2. `find maildir/ -not -name '*.gpg' | gpg ...` to encrypt these new files > > At this point in the script now, I would want to hash the new files, but now > they'll have the `.gpg` output extension. The following is just a sketch, I'm not completely checking if I do it right. find maildir/ -not -name '*.gpg' \ -execdir gpg -r you -o '{}.gpg' -e '{}' ';' \ -execdir gpg --print-md SHA256 '{}.gpg' ';' The trick obviously is that find can do multiple executions. I didn't know this either, I just tried it out :). There are different variations. This one outputs the hashes on stdout, and I don't know a way to separate the stdout's, for when the encryption command would start printing stuff on stdout. But a different variation is to define a helper program (called do_gpg): --8<----------(cut here)---------->8-- #!/bin/sh gpg -r you -o "$1.gpg" -e "$1" gpg --print-md SHA256 "$1.gpg" >>sha256sums --8<----------(cut here)---------->8-- and then: find maildir/ -not -name '*.gpg' \ -execdir do_gpg '{}' ';' As a third variation, you could only define a helper program to do the checksumming, and have two -execdir arguments to find. Note that piping the output from find like you write gives issues with filenames with special characters (space, newline, etcetera), but that might not be a problem for you. And also note that encrypting identical plaintexts will lead to different ciphertexts, and hence, hashes. If you sometimes re-encrypt the same data, you need to be aware of this or you'll think your files have been tampered with because the hash no longer checks out. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From lists at chrispoole.com Mon Nov 14 15:51:57 2011 From: lists at chrispoole.com (Chris Poole) Date: Mon, 14 Nov 2011 14:51:57 +0000 Subject: Signing already-encrypted files (all to self)? In-Reply-To: <4EC128F2.4070105@digitalbrains.com> References: <4EBDA871.9060801@dougbarton.us> <4EBDA9C1.2000301@jeromebaum.com> <4EC128F2.4070105@digitalbrains.com> Message-ID: On Mon, Nov 14, 2011 at 2:42 PM, Peter Lebbing wrote: > The trick obviously is that find can do multiple executions. I didn't know this > either, I just tried it out :). There are different variations. This one outputs > the hashes on stdout, and I don't know a way to separate the stdout's, for when > the encryption command would start printing stuff on stdout. Thank you. Doing something like this had totally slipped my mind. I actually pass find's output to xargs anyway, so could do something like find . -not -name '*.gpg' -print0 | xargs -0I{} 'bash -c "gpg {} && md5 {} >> hashes"' This solution now seems, well, very obvious. > And also note that encrypting identical plaintexts will lead to different > ciphertexts, and hence, hashes. If you sometimes re-encrypt the same data, you > need to be aware of this or you'll think your files have been tampered with > because the hash no longer checks out. Yes I'm aware of this, thanks. (This was why I was going to hash the plaintexts in the first place.) From wk at gnupg.org Mon Nov 14 16:12:09 2011 From: wk at gnupg.org (Werner Koch) Date: Mon, 14 Nov 2011 16:12:09 +0100 Subject: Convert a .sig file to .asc file (is it possible)? In-Reply-To: <4EC0FC36.2070607@gmail.com> (Csabi's message of "Mon, 14 Nov 2011 12:32:06 +0100") References: <4EBE39AF.5070503@gmail.com> <20111113160349.B16F579E29@priderock.keep-cool.org> <87wrb3ascj.fsf@gnupg.org> <4EC0FC36.2070607@gmail.com> Message-ID: <87wrb2lovq.fsf@vigenere.g10code.de> On Mon, 14 Nov 2011 12:32, csabi.hlw at gmail.com said: >> If i change the following lines: > -----BEGIN PGP ARMORED FILE----- > -----END PGP ARMORED FILE----- > To the following lines: > > -----BEGIN PGP SIGNATURE----- > -----END PGP SIGNATURE----- > > It was enough? Yes. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From jw72253 at verizon.net Tue Nov 15 09:23:45 2011 From: jw72253 at verizon.net (John A. Wallace) Date: Tue, 15 Nov 2011 02:23:45 -0600 Subject: GPA File Manager In-Reply-To: References: Message-ID: <000d01cca36f$e4b905d0$ae2b1170$@net> Message: 8 Date: Mon, 14 Nov 2011 10:28:56 +0100 From: "Sartoretti Pascal" To: Subject: GPA File Manager : double-click not possible ? Message-ID: <26958EDC00C9F545A300BAC81C5A652D6EDDC4 at ms02.elca.ch> Content-Type: text/plain; charset="us-ascii" Hello, I am a new user to the GNU Privacy Assistant; it works fine, but there is one thing that annoys me in the "File Manager" window : it is not possible to double-click on a decrypted file to open it (using the application associated to it in the operating system), I have to open it via Window's Explorer, which is complex because the file is in a temporary location created by Microsoft Outlook. Hence my questions : - Is there an easy way to open a file from GPA's "File Manager" window ? - Why is it so complex, for security reasons ? Thanks for any help Pascal Sartoretti Take a look at GPGshell. It will do what you want, and them some. From pascal.sartoretti at elca.ch Tue Nov 15 09:39:27 2011 From: pascal.sartoretti at elca.ch (Sartoretti Pascal) Date: Tue, 15 Nov 2011 09:39:27 +0100 Subject: GPA File Manager In-Reply-To: <000d01cca36f$e4b905d0$ae2b1170$@net> References: <000d01cca36f$e4b905d0$ae2b1170$@net> Message-ID: <26958EDC00C9F545A300BAC81C5A652D6EE0E3@ms02.elca.ch> > Take a look at GPGshell. It will do what you want, and them some. I am confused : is this "GPGshell" the same as the "GpgEX" component included in the Gpg4Win package ? "GpgEX" is described as "GnuPG Shell extension" in the installer. I couldn't find any info on any of those component in the Gpg4Win documentation... Pascal From wk at gnupg.org Tue Nov 15 14:26:43 2011 From: wk at gnupg.org (Werner Koch) Date: Tue, 15 Nov 2011 14:26:43 +0100 Subject: GPA File Manager : double-click not possible ? In-Reply-To: <26958EDC00C9F545A300BAC81C5A652D6EDDC4@ms02.elca.ch> (Sartoretti Pascal's message of "Mon, 14 Nov 2011 10:28:56 +0100") References: <26958EDC00C9F545A300BAC81C5A652D6EDDC4@ms02.elca.ch> Message-ID: <87sjlpldnw.fsf@vigenere.g10code.de> On Mon, 14 Nov 2011 10:28, pascal.sartoretti at elca.ch said: > - Is there an easy way to open a file from GPA's "File Manager" window ? No. However feel free to add support for it. In case you are using Gpg4win, the GpgEx file explorer extension is much better suited for the task. > - Why is it so complex, for security reasons ? Historic reasons. GPA has been written once as a simple tool without any desktop abstractions in mind. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From expires2011 at ymail.com Tue Nov 15 22:13:16 2011 From: expires2011 at ymail.com (MFPA) Date: Tue, 15 Nov 2011 21:13:16 +0000 Subject: GPA File Manager In-Reply-To: <26958EDC00C9F545A300BAC81C5A652D6EE0E3@ms02.elca.ch> References: <000d01cca36f$e4b905d0$ae2b1170$@net> <26958EDC00C9F545A300BAC81C5A652D6EE0E3@ms02.elca.ch> Message-ID: <1181174303.20111115211316@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Tuesday 15 November 2011 at 8:39:27 AM, in , Sartoretti Pascal wrote: >> Take a look at GPGshell. It will do what you want, >> and them some. > I am confused : is this "GPGshell" the same as the > "GpgEX" component included in the Gpg4Win package ? > "GpgEX" is described as "GnuPG Shell extension" in the > installer. GPGshell is a GUI frontend for GnuPG. See http://www.jumaros.de/rsoft/index.html - -- Best regards MFPA mailto:expires2011 at ymail.com Versifiers write poems for it. -----BEGIN PGP SIGNATURE----- iQCVAwUBTsLV8qipC46tDG5pAQplRgQAih5VbPIRC4Pv18exFNCegtRRXUlqHMul W0VmbwWxucz9L2TwbT5YXAV/Se6+5NWflmFbAtIZzE9TCHCfXa+/ZlS+xtamWIfs CSCBi33tpMGwzxm6f+QrjXwMtuvFhvnbJ+2t7HCJrOmym8064l0JbKDgEk6KDZOV 6dmhkASY6lw= =jSU1 -----END PGP SIGNATURE----- From pascal.sartoretti at elca.ch Wed Nov 16 11:33:07 2011 From: pascal.sartoretti at elca.ch (Sartoretti Pascal) Date: Wed, 16 Nov 2011 11:33:07 +0100 Subject: GPA File Manager : double-click not possible ? In-Reply-To: <87sjlpldnw.fsf@vigenere.g10code.de> References: <26958EDC00C9F545A300BAC81C5A652D6EDDC4@ms02.elca.ch> <87sjlpldnw.fsf@vigenere.g10code.de> Message-ID: <26958EDC00C9F545A300BAC81C5A652D6EE429@ms02.elca.ch> >> - Is there an easy way to open a file from GPA's "File Manager" window ? > No. However feel free to add support for it. I couldn't find GPA's source code in neither the GPG4Win source code, nor on the GPG4win's web site. Can you point me to the code ? > In case you are using Gpg4win, the GpgEx file explorer extension is much better suited for the task. Yes, but it doesn't work (yet?) on 64 bit Windows. Best regards Pascal From wk at gnupg.org Wed Nov 16 15:59:31 2011 From: wk at gnupg.org (Werner Koch) Date: Wed, 16 Nov 2011 15:59:31 +0100 Subject: GPA File Manager In-Reply-To: <1181174303.20111115211316@my_localhost> (MFPA's message of "Tue, 15 Nov 2011 21:13:16 +0000") References: <000d01cca36f$e4b905d0$ae2b1170$@net> <26958EDC00C9F545A300BAC81C5A652D6EE0E3@ms02.elca.ch> <1181174303.20111115211316@my_localhost> Message-ID: <87ipmkjep8.fsf@vigenere.g10code.de> On Tue, 15 Nov 2011 22:13, expires2011 at ymail.com said: > GPGshell is a GUI frontend for GnuPG. Note that this is proprietary software. I'd prefer if you would not suggest this on a GnuPG mailing list. The GNU project (which GnuPG is a part of) is a about software freedom; proprietary software is about taking away your freedoms. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Wed Nov 16 15:55:47 2011 From: wk at gnupg.org (Werner Koch) Date: Wed, 16 Nov 2011 15:55:47 +0100 Subject: GPA File Manager : double-click not possible ? In-Reply-To: <26958EDC00C9F545A300BAC81C5A652D6EE429@ms02.elca.ch> (Sartoretti Pascal's message of "Wed, 16 Nov 2011 11:33:07 +0100") References: <26958EDC00C9F545A300BAC81C5A652D6EDDC4@ms02.elca.ch> <87sjlpldnw.fsf@vigenere.g10code.de> <26958EDC00C9F545A300BAC81C5A652D6EE429@ms02.elca.ch> Message-ID: <87mxbwjevg.fsf@vigenere.g10code.de> On Wed, 16 Nov 2011 11:33, pascal.sartoretti at elca.ch said: > I couldn't find GPA's source code in neither the GPG4Win source code, > nor on the GPG4win's web site. Can you point me to the code ? It is for sure included in the gpg4win source tarball (300mb or so). However to get the actually used repository, you use: git clone git://git.gnupg.org/gpa.git > much better suited for the task. > Yes, but it doesn't work (yet?) on 64 bit Windows. Sorry, it is merely a financial problem to work on this. We don't expect any technical difficulties. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From jw72253 at verizon.net Wed Nov 16 19:09:38 2011 From: jw72253 at verizon.net (John A. Wallace) Date: Wed, 16 Nov 2011 12:09:38 -0600 Subject: "--status-fd" Message-ID: <000601cca48a$e784e470$b68ead50$@net> Hello, When I have a group of messages in a folder, which were encrypted by others with one of my public keys, and I enter the command "gpg -status-fd", the gpg program will scroll through all of these messages one by one showing me the keyID for which each message was encrypted. However, when I add a message that I have myself encrypted to one of these same keys on my keyring, and I put this message in the folder, and run the same command, the gpg program will scroll through all of these messages just the same way showing me the keyIDs, except for the message that I just encrypted and added to the group; for it there is no keyID shown. I tried flushing the cache beforehand, but the same result occurs. Why is this message handled differently? Thanks. John -------------- next part -------------- An HTML attachment was scrubbed... URL: From expires2011 at ymail.com Wed Nov 16 22:03:07 2011 From: expires2011 at ymail.com (MFPA) Date: Wed, 16 Nov 2011 21:03:07 +0000 Subject: GPA File Manager In-Reply-To: <87ipmkjep8.fsf@vigenere.g10code.de> References: <000d01cca36f$e4b905d0$ae2b1170$@net> <26958EDC00C9F545A300BAC81C5A652D6EE0E3@ms02.elca.ch> <1181174303.20111115211316@my_localhost> <87ipmkjep8.fsf@vigenere.g10code.de> Message-ID: <773117198.20111116210307@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Wednesday 16 November 2011 at 2:59:31 PM, in , Werner Koch wrote: > On Tue, 15 Nov 2011 22:13, expires2011 at ymail.com said: >> GPGshell is a GUI frontend for GnuPG. > Note that this is proprietary software. I'd prefer if > you would not suggest this on a GnuPG mailing list. > The GNU project (which GnuPG is a part of) is a about > software freedom; proprietary software is about taking > away your freedoms. Sorry. - -- Best regards MFPA mailto:expires2011 at ymail.com I don't suffer from insanity I enjoy every minute of it. -----BEGIN PGP SIGNATURE----- iQCVAwUBTsQlEqipC46tDG5pAQrmEQQArqmXLMzEViGKo9uDp8xM6IzgXchuWp+1 iSn+XqAdaSJnPrJQSTZe30fka3OKTWrR1p3K23HdhivLrvpCBgNy4WVRySNucskw xTnXjM4pgDQPfNBT1/o8wRvdgg5Ij9vuGDyQ0f2OKkxJxg/k8RvmIfTYScROmlDW 7FNFxMQRMAo= =r7sC -----END PGP SIGNATURE----- From dougb at dougbarton.us Wed Nov 16 23:36:48 2011 From: dougb at dougbarton.us (Doug Barton) Date: Wed, 16 Nov 2011 14:36:48 -0800 Subject: GPA File Manager In-Reply-To: <87ipmkjep8.fsf@vigenere.g10code.de> References: <000d01cca36f$e4b905d0$ae2b1170$@net> <26958EDC00C9F545A300BAC81C5A652D6EE0E3@ms02.elca.ch> <1181174303.20111115211316@my_localhost> <87ipmkjep8.fsf@vigenere.g10code.de> Message-ID: <4EC43B00.3030006@dougbarton.us> On 11/16/2011 06:59, Werner Koch wrote: > On Tue, 15 Nov 2011 22:13, expires2011 at ymail.com said: > >> GPGshell is a GUI frontend for GnuPG. > > Note that this is proprietary software. I'd prefer if you would not > suggest this on a GnuPG mailing list. The GNU project (which GnuPG is a > part of) is a about software freedom; proprietary software is about > taking away your freedoms. So you're saying that we don't have the freedom to discuss all the different alternatives? Ok, got it. Thanks. :) Doug -- "We could put the whole Internet into a book." "Too practical." Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ From mail at mark-kirchner.de Thu Nov 17 00:07:13 2011 From: mail at mark-kirchner.de (Mark Kirchner) Date: Thu, 17 Nov 2011 00:07:13 +0100 Subject: GPA File Manager In-Reply-To: <87ipmkjep8.fsf@vigenere.g10code.de> References: <000d01cca36f$e4b905d0$ae2b1170$@net> <26958EDC00C9F545A300BAC81C5A652D6EE0E3@ms02.elca.ch> <1181174303.20111115211316@my_localhost> <87ipmkjep8.fsf@vigenere.g10code.de> Message-ID: <4EC44221.9030306@mark-kirchner.de> Am 16.11.2011 15:59, schrieb Werner Koch: > Note that this is proprietary software. I'd prefer if you would not > suggest this on a GnuPG mailing list. The GNU project (which GnuPG > is a part of) is a about software freedom; proprietary software is > about taking away your freedoms. While I'm definitively with you that it should be mentioned and made clear that GPGshell is proprietary software, I can't help but frown a little bit at your comment: I've always perceived you as a free software advocate, but now at the same time you seem to try to deny others the freedom to discuss software alternatives on a public mailing list? And so, in the end, limit the freedom of everybody to chose whatever he or she likes best, be it proprietary or not? That doesn't seem to fit together completely, but this is obviously only my personal opinion. Kind regards, Mark From gnupg at oneiroi.net Wed Nov 16 23:55:26 2011 From: gnupg at oneiroi.net (Milo) Date: Wed, 16 Nov 2011 23:55:26 +0100 Subject: GPA File Manager In-Reply-To: <4EC43B00.3030006@dougbarton.us> References: <000d01cca36f$e4b905d0$ae2b1170$@net> <26958EDC00C9F545A300BAC81C5A652D6EE0E3@ms02.elca.ch> <1181174303.20111115211316@my_localhost> <87ipmkjep8.fsf@vigenere.g10code.de> <4EC43B00.3030006@dougbarton.us> Message-ID: <4EC43F5E.1030304@oneiroi.net> On 11/16/2011 11:36 PM, Doug Barton wrote: > On 11/16/2011 06:59, Werner Koch wrote: >> On Tue, 15 Nov 2011 22:13, expires2011 at ymail.com said: >> >>> GPGshell is a GUI frontend for GnuPG. >> >> Note that this is proprietary software. I'd prefer if you would not >> suggest this on a GnuPG mailing list. The GNU project (which GnuPG is a >> part of) is a about software freedom; proprietary software is about >> taking away your freedoms. > > So you're saying that we don't have the freedom to discuss all the > different alternatives? Ok, got it. Thanks. :) > > > Doug > You are missing a slight difference between discussing alternatives and - more or less - advertising proprietary software on "GPL-powered" project's mailing list. -- Regards, Milo From expires2011 at ymail.com Thu Nov 17 02:00:14 2011 From: expires2011 at ymail.com (MFPA) Date: Thu, 17 Nov 2011 01:00:14 +0000 Subject: GPA File Manager In-Reply-To: <4EC43F5E.1030304@oneiroi.net> References: <000d01cca36f$e4b905d0$ae2b1170$@net> <26958EDC00C9F545A300BAC81C5A652D6EE0E3@ms02.elca.ch> <1181174303.20111115211316@my_localhost> <87ipmkjep8.fsf@vigenere.g10code.de> <4EC43B00.3030006@dougbarton.us> <4EC43F5E.1030304@oneiroi.net> Message-ID: <147504544.20111117010014@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Wednesday 16 November 2011 at 10:55:26 PM, in , Milo wrote: > You are missing a slight difference between discussing > alternatives and - more or less - advertising > proprietary software on "GPL-powered" project's mailing > list. A question was posted as to whether a certain proprietary software app was the same as a component in the GPG4win package. I answered briefly and provided a link so that the person who asked could easily read more if they so wished. I am sorry my posting caused upset. However, I don't think it amounted to "advertising." I have no link to any proprietary app or the author thereof. - -- Best regards MFPA mailto:expires2011 at ymail.com Is it possible to be a closet claustrophobic? -----BEGIN PGP SIGNATURE----- iQCVAwUBTsRcpKipC46tDG5pAQqGewP/fjXd131QsycCi8ws820K7qbO0+X8hzC0 8QOgZVilrBPWJiXNBItk0b6brCOScb3YWoFYvBdbbbuGZSrNu2icNb5BIqRhHPzc ZC795/oTqQaDTbNAhNmbVEJSbqgQrqo37lxcCmETU+dr5wZ+XTW59Z2mCNJHSnG2 mA3FBEN7U18= =d5Af -----END PGP SIGNATURE----- From xhe at phocus.ca Wed Nov 16 19:25:01 2011 From: xhe at phocus.ca (Xiao Cheng He) Date: Wed, 16 Nov 2011 10:25:01 -0800 Subject: FW: Re: GnuPG 2.0.17's gpgtar option Message-ID: Hi, Werner Koch I read your post: http://lists.gnupg.org/pipermail/gnupg-users/2011-January/040424.html about the gpgtar option, I am looking for the gpgtar command to archive and encrypt a folder to one pgp file. I am issuing the command like this: C:\progra~1\Gnu\GnuPG\gpgtar --recipient --openpgp --skip-crypto --output c:\temp\test.tar.gpg -e C:\temp\Test The C:\temp\Test is the folder I want archive and encrypt. Why the command always fail with error: skipping invalid name 'C:/temp/test'? Can you help me out this issue? Or where I can find out the full command options? Thanks Xiao Cheng He CONFIDENTIALIT? Ce courriel est confidentiel et est destin? ? l'usage exclusif de son destinataire. Il est strictement interdit de divulguer, de distribuer ou de reproduire ce courriel. Si le destinataire ne peut ?tre joint ou vous est inconnu, nous vous prions de bien vouloir nous en informer imm?diatement par courriel, et de d?truire ce courriel et toute copie. Merci. CONFIDENTIALITY This email message is confidential and is intended for the exclusive use of the addressee. Any other person is strictly prohibited from disclosing, distributing or reproducing it. If the addressee cannot be reached or is unknown to you, please inform the sender by return email immediately, delete this email message and destroy all copies. Thank you -------------- next part -------------- An HTML attachment was scrubbed... URL: From klnreddy212 at gmail.com Wed Nov 16 19:37:32 2011 From: klnreddy212 at gmail.com (kln) Date: Wed, 16 Nov 2011 10:37:32 -0800 (PST) Subject: Error while decrypting a file using gpg Message-ID: <32856708.post@talk.nabble.com> We have a file sweeper which decrypts the incoming files. The file sweeper is usually a scheduled process. Following is the error messages with file sweeper scheduled processing in production. gpg: block_filter: 1st length byte missinggpg: block_filter: 1st length byte missinggpg: WARNING: message was not integrity protected For now we are doing the Decryption manually using GPG.exe in production, And it works but when the process is scheduled it doesn't works. Can any one help me in resolving this issue. Thanks, -- View this message in context: http://old.nabble.com/Error-while-decrypting-a-file-using-gpg-tp32856708p32856708.html Sent from the GnuPG - User mailing list archive at Nabble.com. From wk at gnupg.org Thu Nov 17 12:38:27 2011 From: wk at gnupg.org (Werner Koch) Date: Thu, 17 Nov 2011 12:38:27 +0100 Subject: GPA File Manager In-Reply-To: <4EC44221.9030306@mark-kirchner.de> (Mark Kirchner's message of "Thu, 17 Nov 2011 00:07:13 +0100") References: <000d01cca36f$e4b905d0$ae2b1170$@net> <26958EDC00C9F545A300BAC81C5A652D6EE0E3@ms02.elca.ch> <1181174303.20111115211316@my_localhost> <87ipmkjep8.fsf@vigenere.g10code.de> <4EC44221.9030306@mark-kirchner.de> Message-ID: <87ehx7vv0s.fsf@gnupg.org> On Thu, 17 Nov 2011 00:07, mail at mark-kirchner.de said: > I've always perceived you as a free software advocate, but now at the > same time you seem to try to deny others the freedom to discuss software > alternatives on a public mailing list? And so, in the end, limit the Most mailing lists have topics; this one is about GnuPG. Despite that the GNU maintainer rules say that we shall not mention proprietary software at all (one of the conflicts between the FSF and Debian), it is okay for me to discuss interoperability issues and similar things between proprietary and free implementations of OpenPGP and S/MIME on the gnupg lists. However, pointing users to a software without mentioning that it is non-free software, deserves a comment. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From emmanuel.jooris at gmail.com Thu Nov 17 11:58:41 2011 From: emmanuel.jooris at gmail.com (Emmanuel JOORIS) Date: Thu, 17 Nov 2011 11:58:41 +0100 Subject: Problem with gpg smartcard / 4096bits keys Message-ID: <1321527521.2163.5.camel@LinTaff> Hello, I have some problems with my smartcard : I use Debian testing with gnupg2 2.0.18, i have a BCM5880 smart card reader and a zeitcontrol openpgp card. I read that now gnupg can use 4096bit keys with those smartcard but : when i load a 4096 bits key in the card i can sign but i'm unable to uncrypt when i generate on card keys, i'm unable to complete the generation with general error... Here the log file for generation of onkeys card : scdaemon[2840]: please wait while key is being generated ... scdaemon[2840]: pcsc_transmit failed: not transacted (0x80100016) scdaemon[2840]: apdu_send_simple(0) failed: general error scdaemon[2840]: generating key failed gpg: key generation failed: Card error Key generation failed: Card error Anyone have idea ? Regards -- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: Ceci est une partie de message num?riquement sign?e URL: From wk at gnupg.org Thu Nov 17 14:31:57 2011 From: wk at gnupg.org (Werner Koch) Date: Thu, 17 Nov 2011 14:31:57 +0100 Subject: Problem with gpg smartcard / 4096bits keys In-Reply-To: <1321527521.2163.5.camel@LinTaff> (Emmanuel JOORIS's message of "Thu, 17 Nov 2011 11:58:41 +0100") References: <1321527521.2163.5.camel@LinTaff> Message-ID: <8762iix4c2.fsf@gnupg.org> On Thu, 17 Nov 2011 11:58, emmanuel.jooris at gmail.com said: > I use Debian testing with gnupg2 2.0.18, i have a BCM5880 smart card I don't know thisreader. Is this from Broadcom? > scdaemon[2840]: pcsc_transmit failed: not transacted (0x80100016) This error message is kind of "general error". It usually has nothing to do with transactions. Adding "debug 2048" to scdaemon.conf will log all I/O with the reader. You may also try running without pcscd and thus use scdaemon's internal ccid reader. Make sure that you have write permissions to the USB device. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From emmanuel.jooris at gmail.com Thu Nov 17 16:09:31 2011 From: emmanuel.jooris at gmail.com (Emmanuel JOORIS) Date: Thu, 17 Nov 2011 16:09:31 +0100 Subject: Problem with gpg smartcard / 4096bits keys In-Reply-To: <8762iix4c2.fsf@gnupg.org> References: <1321527521.2163.5.camel@LinTaff> <8762iix4c2.fsf@gnupg.org> Message-ID: Here a full log, before i stop system pcscd but i seams that it is reload by gpg2. Also, i success to create or load and use 3072 bits keys. mahoru at debian:~/.gnupg$ gpg2 --card-edit scdaemon[3299]: enabled debug flags: cardio scdaemon[3299]: listening on socket `/tmp/gpg-9QyA9z/S.scdaemon' scdaemon[3299]: handler for fd -1 started scdaemon[3299]: reader slot 0: not connected scdaemon[3299]: slot 0: ATR=3B DA 18 FF 81 B1 FE 75 1F 03 00 31 C5 73 C0 01 40 00 90 00 0C scdaemon[3299]: DBG: send apdu: c=00 i=A4 p1=00 p2=0C lc=2 le=-1 em=0 scdaemon[3299]: DBG: PCSC_data: 00 A4 00 0C 02 3F 00 scdaemon[3299]: DBG: response: sw=6B00 datalen=0 scdaemon[3299]: DBG: send apdu: c=00 i=A4 p1=04 p2=00 lc=6 le=-1 em=0 scdaemon[3299]: DBG: PCSC_data: 00 A4 04 00 06 D2 76 00 01 24 01 scdaemon[3299]: DBG: response: sw=9000 datalen=0 scdaemon[3299]: DBG: dump: scdaemon[3299]: DBG: send apdu: c=00 i=CA p1=00 p2=4F lc=-1 le=256 em=0 scdaemon[3299]: DBG: PCSC_data: 00 CA 00 4F 00 scdaemon[3299]: DBG: response: sw=9000 datalen=16 scdaemon[3299]: DBG: dump: D2 76 00 01 24 01 02 00 00 05 00 00 10 E5 00 00 scdaemon[3299]: AID: D2 76 00 01 24 01 02 00 00 05 00 00 10 E5 00 00 scdaemon[3299]: DBG: send apdu: c=00 i=CA p1=5F p2=52 lc=-1 le=256 em=0 scdaemon[3299]: DBG: PCSC_data: 00 CA 5F 52 00 scdaemon[3299]: DBG: response: sw=9000 datalen=10 scdaemon[3299]: DBG: dump: 00 31 C5 73 C0 01 40 05 90 00 scdaemon[3299]: Historical Bytes: 00 31 C5 73 C0 01 40 05 90 00 scdaemon[3299]: DBG: send apdu: c=00 i=CA p1=00 p2=C4 lc=-1 le=256 em=0 scdaemon[3299]: DBG: PCSC_data: 00 CA 00 C4 00 scdaemon[3299]: DBG: response: sw=9000 datalen=7 scdaemon[3299]: DBG: dump: 01 20 20 20 03 00 03 scdaemon[3299]: DBG: send apdu: c=00 i=CA p1=00 p2=6E lc=-1 le=256 em=0 scdaemon[3299]: DBG: PCSC_data: 00 CA 00 6E 00 scdaemon[3299]: DBG: response: sw=9000 datalen=217 scdaemon[3299]: DBG: dump: 4F 10 D2 76 00 01 24 01 02 00 00 05 00 00 10 E5 00 00 5F 52 0A 00 31 C5 73 C0 01 40 05 90 00 73 81 B7 C0 0A 7C 00 08 00 08 00 08 00 08 00 C1 06 01 10 00 00 20 00 C2 06 01 10 00 00 20 00 C3 06 01 10 00 00 20 00 C4 07 01 20 20 20 03 00 03 C5 3C 64 89 1D 7C 09 CC 65 8A 31 B2 D1 A4 90 2E 9E 03 D6 1B A0 38 87 A7 40 2C 8B 32 E3 80 8A 41 95 32 6D BC 54 33 FF A4 6E BA 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C6 3C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 4E C3 D4 75 4E C3 D4 75 00 00 00 00 scdaemon[3299]: DBG: send apdu: c=00 i=CA p1=00 p2=5E lc=-1 le=256 em=0 scdaemon[3299]: DBG: PCSC_data: 00 CA 00 5E 00 scdaemon[3299]: DBG: response: sw=9000 datalen=0 scdaemon[3299]: DBG: dump: scdaemon[3299]: Version-2 ......: yes scdaemon[3299]: Get-Challenge ..: yes (2048 bytes max) scdaemon[3299]: Key-Import .....: yes scdaemon[3299]: Change-Force-PW1: yes scdaemon[3299]: Private-DOs ....: yes scdaemon[3299]: Algo-Attr-Change: yes scdaemon[3299]: SM-Support .....: no scdaemon[3299]: Max-Cert3-Len ..: 2048 scdaemon[3299]: Max-Cmd-Data ...: 2048 scdaemon[3299]: Max-Rsp-Data ...: 2048 scdaemon[3299]: Cmd-Chaining ...: no scdaemon[3299]: Ext-Lc-Le ......: yes scdaemon[3299]: Status Indicator: 05 scdaemon[3299]: GnuPG-No-Sync ..: no scdaemon[3299]: GnuPG-Def-PW2 ..: no scdaemon[3299]: DBG: send apdu: c=00 i=CA p1=00 p2=6E lc=-1 le=256 em=0 scdaemon[3299]: DBG: PCSC_data: 00 CA 00 6E 00 scdaemon[3299]: DBG: response: sw=9000 datalen=217 scdaemon[3299]: DBG: dump: 4F 10 D2 76 00 01 24 01 02 00 00 05 00 00 10 E5 00 00 5F 52 0A 00 31 C5 73 C0 01 40 05 90 00 73 81 B7 C0 0A 7C 00 08 00 08 00 08 00 08 00 C1 06 01 10 00 00 20 00 C2 06 01 10 00 00 20 00 C3 06 01 10 00 00 20 00 C4 07 01 20 20 20 03 00 03 C5 3C 64 89 1D 7C 09 CC 65 8A 31 B2 D1 A4 90 2E 9E 03 D6 1B A0 38 87 A7 40 2C 8B 32 E3 80 8A 41 95 32 6D BC 54 33 FF A4 6E BA 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C6 3C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 4E C3 D4 75 4E C3 D4 75 00 00 00 00 scdaemon[3299]: Key-Attr-sign ..: RSA, n=4096, e=32, fmt=std scdaemon[3299]: DBG: send apdu: c=00 i=CA p1=00 p2=6E lc=-1 le=256 em=0 scdaemon[3299]: DBG: PCSC_data: 00 CA 00 6E 00 scdaemon[3299]: DBG: response: sw=9000 datalen=217 scdaemon[3299]: DBG: dump: 4F 10 D2 76 00 01 24 01 02 00 00 05 00 00 10 E5 00 00 5F 52 0A 00 31 C5 73 C0 01 40 05 90 00 73 81 B7 C0 0A 7C 00 08 00 08 00 08 00 08 00 C1 06 01 10 00 00 20 00 C2 06 01 10 00 00 20 00 C3 06 01 10 00 00 20 00 C4 07 01 20 20 20 03 00 03 C5 3C 64 89 1D 7C 09 CC 65 8A 31 B2 D1 A4 90 2E 9E 03 D6 1B A0 38 87 A7 40 2C 8B 32 E3 80 8A 41 95 32 6D BC 54 33 FF A4 6E BA 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C6 3C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 4E C3 D4 75 4E C3 D4 75 00 00 00 00 scdaemon[3299]: Key-Attr-encr ..: RSA, n=4096, e=32, fmt=std scdaemon[3299]: DBG: send apdu: c=00 i=CA p1=00 p2=6E lc=-1 le=256 em=0 scdaemon[3299]: DBG: PCSC_data: 00 CA 00 6E 00 scdaemon[3299]: DBG: response: sw=9000 datalen=217 scdaemon[3299]: DBG: dump: 4F 10 D2 76 00 01 24 01 02 00 00 05 00 00 10 E5 00 00 5F 52 0A 00 31 C5 73 C0 01 40 05 90 00 73 81 B7 C0 0A 7C 00 08 00 08 00 08 00 08 00 C1 06 01 10 00 00 20 00 C2 06 01 10 00 00 20 00 C3 06 01 10 00 00 20 00 C4 07 01 20 20 20 03 00 03 C5 3C 64 89 1D 7C 09 CC 65 8A 31 B2 D1 A4 90 2E 9E 03 D6 1B A0 38 87 A7 40 2C 8B 32 E3 80 8A 41 95 32 6D BC 54 33 FF A4 6E BA 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C6 3C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 4E C3 D4 75 4E C3 D4 75 00 00 00 00 scdaemon[3299]: Key-Attr-auth ..: RSA, n=4096, e=32, fmt=std scdaemon[3299]: DBG: send apdu: c=00 i=CA p1=00 p2=65 lc=-1 le=256 em=0 scdaemon[3299]: DBG: PCSC_data: 00 CA 00 65 00 scdaemon[3299]: DBG: response: sw=9000 datalen=27 scdaemon[3299]: DBG: dump: 5B 10 4A 4F 4F 52 49 53 3C 3C 45 6D 6D 61 6E 75 65 6C 5F 2D 02 66 72 5F 35 01 31 scdaemon[3299]: DBG: send apdu: c=00 i=CA p1=5F p2=50 lc=-1 le=256 em=0 scdaemon[3299]: DBG: PCSC_data: 00 CA 5F 50 00 scdaemon[3299]: DBG: response: sw=9000 datalen=68 scdaemon[3299]: DBG: dump: 68 74 74 70 3A 2F 2F 70 67 70 2E 6D 69 74 2E 65 64 75 3A 31 31 33 37 31 2F 70 6B 73 2F 6C 6F 6F 6B 75 70 3F 6F 70 3D 67 65 74 26 73 65 61 72 63 68 3D 30 78 45 46 38 31 46 37 32 43 32 39 41 39 44 36 45 46 scdaemon[3299]: DBG: send apdu: c=00 i=CA p1=00 p2=6E lc=-1 le=256 em=0 scdaemon[3299]: DBG: PCSC_data: 00 CA 00 6E 00 scdaemon[3299]: DBG: response: sw=9000 datalen=217 scdaemon[3299]: DBG: dump: 4F 10 D2 76 00 01 24 01 02 00 00 05 00 00 10 E5 00 00 5F 52 0A 00 31 C5 73 C0 01 40 05 90 00 73 81 B7 C0 0A 7C 00 08 00 08 00 08 00 08 00 C1 06 01 10 00 00 20 00 C2 06 01 10 00 00 20 00 C3 06 01 10 00 00 20 00 C4 07 01 20 20 20 03 00 03 C5 3C 64 89 1D 7C 09 CC 65 8A 31 B2 D1 A4 90 2E 9E 03 D6 1B A0 38 87 A7 40 2C 8B 32 E3 80 8A 41 95 32 6D BC 54 33 FF A4 6E BA 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C6 3C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 4E C3 D4 75 4E C3 D4 75 00 00 00 00 scdaemon[3299]: DBG: send apdu: c=00 i=CA p1=00 p2=C4 lc=-1 le=256 em=0 scdaemon[3299]: DBG: PCSC_data: 00 CA 00 C4 00 scdaemon[3299]: DBG: response: sw=9000 datalen=7 scdaemon[3299]: DBG: dump: 01 20 20 20 03 00 03 scdaemon[3299]: DBG: send apdu: c=00 i=CA p1=00 p2=7A lc=-1 le=256 em=0 scdaemon[3299]: DBG: PCSC_data: 00 CA 00 7A 00 scdaemon[3299]: DBG: response: sw=9000 datalen=5 scdaemon[3299]: DBG: dump: 93 03 00 00 01 scdaemon[3299]: DBG: send apdu: c=00 i=CA p1=01 p2=01 lc=-1 le=256 em=0 scdaemon[3299]: DBG: PCSC_data: 00 CA 01 01 00 scdaemon[3299]: DBG: response: sw=9000 datalen=0 scdaemon[3299]: DBG: dump: scdaemon[3299]: DBG: send apdu: c=00 i=CA p1=01 p2=02 lc=-1 le=256 em=0 scdaemon[3299]: DBG: PCSC_data: 00 CA 01 02 00 scdaemon[3299]: DBG: response: sw=9000 datalen=0 scdaemon[3299]: DBG: dump: scdaemon[3299]: DBG: send apdu: c=00 i=47 p1=81 p2=00 lc=2 le=2048 em=1 scdaemon[3299]: DBG: PCSC_data: 00 47 81 00 00 00 02 B6 00 08 00 scdaemon[3299]: DBG: response: sw=9000 datalen=527 scdaemon[3299]: DBG: dump: 7F 49 82 02 0A 81 82 02 00 BF 41 94 00 D8 8C DF AA 8F AB 59 52 8D AF 3C 67 E1 76 0D 70 55 81 8A E0 1E 0E E4 A4 BC FC C9 3D 9B 25 A5 E0 8E 0C FB 14 00 C3 8F AE 16 AE C4 62 2A 84 41 B0 3D 2E 3A 19 F8 85 23 E8 96 69 67 CF 86 3A DF BB B6 F2 4F 0D 8F 2D EB DF 5B FE 13 6C BC B9 A7 89 E6 07 C7 45 75 AA BD 99 2A 94 02 45 11 6B 63 64 6B 1D C6 EB 21 1D C2 2F 54 45 0A 3F 1E 4C CA F1 0D 38 BB 2D 1C 3F 02 76 9E 99 1B 2E 8D 63 20 8C 2B 41 71 3B D7 78 0D 0F 7D 3D 88 0C 65 01 D9 A1 57 D0 48 56 9D F1 02 D2 30 7D 67 2C 83 21 E1 AA B3 A7 52 8D 3D E7 38 6A 40 16 C5 D2 4D 8C B1 6C A3 C3 3C 8A EA 94 50 1B 2C 51 3F 19 E8 DA 68 F4 7E AA 68 FE 44 2E 79 A1 09 23 09 25 44 88 63 0C 1B 6A D8 90 9B E4 40 86 62 03 D3 A6 B6 78 6A 07 8A 6E 16 FE 6B 10 10 AF EB 7A 8F 8C 65 63 E5 15 91 4C 0A 07 A5 3C 1E 99 9D FD 36 9F 05 18 D4 6A EB 81 36 C0 87 CD 7C 31 57 1F 04 38 75 9B CB 3D 87 30 1C E3 49 8F B7 B4 48 E9 46 A2 2F CF CD F4 FB 49 7E 3C 6B 2B 92 20 C0 19 F9 32 A2 E0 EF D6 E3 ED 47 26 91 E9 D7 17 7B 63 76 53 31 FC 95 3E 53 14 B1 27 04 D7 AC 16 7F 85 F2 1A E9 BF D5 53 4C A1 87 40 0E B3 54 92 20 52 F5 CE 49 9E 07 84 CF 25 84 76 27 E6 B8 73 1D A4 D6 8E 98 7A 83 80 31 C9 3C 04 20 B9 9B 49 E5 70 61 85 D1 22 8D D1 F9 99 FA 3F 87 77 38 BC 85 BD 79 11 0A 07 01 CB E6 03 8D 90 FA 81 4E 2F AC 2D CE 5D 46 A5 8D C3 4B 0C 56 24 B5 B8 DB 3C A0 4E B1 BF D8 4B 82 29 8A EE DD E9 01 9B 06 F9 F7 6F E9 75 81 89 F2 70 88 6E D9 BA 48 28 31 10 DF 85 7E 5C 93 80 5C B1 9B CE 4A E7 07 C9 32 94 C7 E0 5A DA 5D E5 10 83 35 35 31 8D 6B 9C 4D CB 28 B4 9A 2D 22 63 D7 6F C1 9D 4A 58 24 BB 08 5E 44 E3 F5 5B 82 04 00 01 00 01 scdaemon[3299]: DBG: send apdu: c=00 i=47 p1=81 p2=00 lc=2 le=2048 em=1 scdaemon[3299]: DBG: PCSC_data: 00 47 81 00 00 00 02 B8 00 08 00 scdaemon[3299]: DBG: response: sw=9000 datalen=527 scdaemon[3299]: DBG: dump: 7F 49 82 02 0A 81 82 02 00 D2 B8 FE 17 D2 42 D7 B1 39 20 BE B8 71 64 BA 95 0C AA A0 BD 48 2F 6D F1 B8 36 56 41 E3 E2 97 3B 96 76 60 A2 DA 73 1C AA 33 32 FD F6 8F CE 34 47 56 3D 8A 88 D3 30 40 02 77 4F F5 A1 D3 1A B8 CE 07 37 58 75 3E 05 1A F7 3C 51 C0 03 F7 B8 88 F3 C1 80 6C 0D 0B 6D 1B A0 D8 50 9A F7 06 B5 C5 CC 83 D6 9E 47 E3 B3 27 24 9C 4E 86 AE 0F A6 85 79 0D 0F 8F 90 29 BB BC EC 4A D4 FD 57 47 B5 81 05 85 6C C7 36 27 C0 75 BA E3 3B DB 9E 0E 20 4D BA E2 81 04 C3 B8 90 7B 23 DE BA 0E 28 70 00 E0 8E 23 8F D2 0E A4 D9 6B 25 50 D9 66 A0 3E EA 36 95 55 14 BA 24 F6 D7 94 C0 34 FE 6F AB DF 4A E7 BE DF 50 F8 75 9D E1 CD 00 9A 1B 64 DB 95 BE 64 E0 E4 2E CC D6 77 0F D5 30 5B C6 7A D9 30 E4 A0 F0 8E 3D 93 04 E0 12 8C 63 19 F4 04 63 38 17 45 46 F5 4B E0 B9 68 28 C8 FF 0F 3D DC 3E 48 7F 16 C4 CC B7 3D 29 AF 13 1E 8E EF 8B CB D5 7A 85 97 44 C6 76 CB 6A 09 EB B4 F0 A3 C8 36 35 B4 22 3F 9B 0F 48 BF 2D DC C8 2F 11 33 A1 50 E2 6E 91 2C 65 50 FC D2 C1 76 AB A0 27 8E 71 D0 A0 A5 9A 64 C7 4C A2 DC 58 64 93 3A 94 E7 CE AC EC 5B 99 01 23 E8 69 30 40 C0 80 86 CE 57 CD DB F7 6E E5 36 7F 34 65 93 C2 A2 BC 07 CB D6 CC A3 0D 1D C2 A2 F1 3C 04 4D B8 EA B9 AF C0 1C C6 6B D4 92 DD C3 0D 13 B9 33 C8 CD 22 64 CF F7 F7 C7 C8 ED 4D 11 90 81 A0 6F CC 8D EA BE 4E 79 EA 3C 6B D8 82 4D B8 7D C5 30 85 F8 75 BD 99 6A CA 1A 2E 5D 9D C4 0E 94 D7 E0 08 BE BC 39 74 76 A9 CF 44 8B 8F 18 78 3A 72 10 9A D4 8F ED 94 34 A2 CA 81 55 D9 34 1D 68 C0 F8 1B 04 55 9F 44 45 0F 80 F3 F9 36 5B 1E 30 00 8D 92 06 7A E6 07 63 C1 EC 08 AE A1 A5 D8 A1 84 3C B2 8F 9B 5E C5 F3 B0 66 18 BF FE 0D B5 82 04 00 01 00 01 scdaemon[3299]: DBG: send apdu: c=00 i=47 p1=81 p2=00 lc=2 le=2048 em=1 scdaemon[3299]: DBG: PCSC_data: 00 47 81 00 00 00 02 A4 00 08 00 scdaemon[3299]: DBG: response: sw=6A88 datalen=0 scdaemon[3299]: la lecture de la cl? publique a ?chou?: ?l?ment manquant dans l'objet Application ID ...: D2760001240102000005000010E50000 Version ..........: 2.0 Manufacturer .....: ZeitControl Serial number ....: 000010E5 Name of cardholder: Emmanuel JOORIS Language prefs ...: fr Sex ..............: masculin URL of public key : http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xEF81F72C29A9D6EF Login data .......: [non positionn?] Signature PIN ....: non forc? Key attributes ...: 4096R 4096R 4096R Max. PIN lengths .: 32 32 32 PIN retry counter : 3 0 3 Signature counter : 1 Signature key ....: 6489 1D7C 09CC 658A 31B2 D1A4 902E 9E03 D61B A038 created ....: 2011-11-16 15:19:17 Encryption key....: 87A7 402C 8B32 E380 8A41 9532 6DBC 5433 FFA4 6EBA created ....: 2011-11-16 15:19:17 Authentication key: [none] General key info..: [none] gpg/card> scdaemon[3299]: updating slot 0 status: 0x0000->0x0007 (0->1) admin Les commandes d'administration sont permises gpg/card> generate scdaemon[3299]: DBG: send apdu: c=00 i=CA p1=00 p2=C4 lc=-1 le=256 em=0 scdaemon[3299]: DBG: PCSC_data: 00 CA 00 C4 00 scdaemon[3299]: DBG: response: sw=9000 datalen=7 scdaemon[3299]: DBG: dump: 01 20 20 20 03 00 03 Faire une sauvegarde hors carte de la cl? de chiffrement ? (O/n) n gpg: signal Interrupt caught ... exiting scdaemon[3299]: SIGINT received - immediate shutdown scdaemon[3299]: scdaemon (GnuPG) 2.0.18 stopped scdaemon[3299]: error sending PC/SC CLOSE request: Relais bris? (pipe) mahoru at debian:~/.gnupg$ killall pcscd mahoru at debian:~/.gnupg$ killall pcscd pcscd: aucun processus trouv? mahoru at debian:~/.gnupg$ LANG=C gpg2 --card-edit scdaemon[3313]: enabled debug flags: cardio scdaemon[3313]: listening on socket `/tmp/gpg-ielsWY/S.scdaemon' scdaemon[3313]: handler for fd -1 started scdaemon[3313]: reader slot 0: not connected scdaemon[3313]: slot 0: ATR=3B DA 18 FF 81 B1 FE 75 1F 03 00 31 C5 73 C0 01 40 00 90 00 0C scdaemon[3313]: DBG: send apdu: c=00 i=A4 p1=00 p2=0C lc=2 le=-1 em=0 scdaemon[3313]: DBG: PCSC_data: 00 A4 00 0C 02 3F 00 scdaemon[3313]: DBG: response: sw=6B00 datalen=0 scdaemon[3313]: DBG: send apdu: c=00 i=A4 p1=04 p2=00 lc=6 le=-1 em=0 scdaemon[3313]: DBG: PCSC_data: 00 A4 04 00 06 D2 76 00 01 24 01 scdaemon[3313]: DBG: response: sw=9000 datalen=0 scdaemon[3313]: DBG: dump: scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=00 p2=4F lc=-1 le=256 em=0 scdaemon[3313]: DBG: PCSC_data: 00 CA 00 4F 00 scdaemon[3313]: DBG: response: sw=9000 datalen=16 scdaemon[3313]: DBG: dump: D2 76 00 01 24 01 02 00 00 05 00 00 10 E5 00 00 scdaemon[3313]: AID: D2 76 00 01 24 01 02 00 00 05 00 00 10 E5 00 00 scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=5F p2=52 lc=-1 le=256 em=0 scdaemon[3313]: DBG: PCSC_data: 00 CA 5F 52 00 scdaemon[3313]: DBG: response: sw=9000 datalen=10 scdaemon[3313]: DBG: dump: 00 31 C5 73 C0 01 40 05 90 00 scdaemon[3313]: Historical Bytes: 00 31 C5 73 C0 01 40 05 90 00 scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=00 p2=C4 lc=-1 le=256 em=0 scdaemon[3313]: DBG: PCSC_data: 00 CA 00 C4 00 scdaemon[3313]: DBG: response: sw=9000 datalen=7 scdaemon[3313]: DBG: dump: 01 20 20 20 03 00 03 scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=00 p2=6E lc=-1 le=256 em=0 scdaemon[3313]: DBG: PCSC_data: 00 CA 00 6E 00 scdaemon[3313]: DBG: response: sw=9000 datalen=217 scdaemon[3313]: DBG: dump: 4F 10 D2 76 00 01 24 01 02 00 00 05 00 00 10 E5 00 00 5F 52 0A 00 31 C5 73 C0 01 40 05 90 00 73 81 B7 C0 0A 7C 00 08 00 08 00 08 00 08 00 C1 06 01 10 00 00 20 00 C2 06 01 10 00 00 20 00 C3 06 01 10 00 00 20 00 C4 07 01 20 20 20 03 00 03 C5 3C 64 89 1D 7C 09 CC 65 8A 31 B2 D1 A4 90 2E 9E 03 D6 1B A0 38 87 A7 40 2C 8B 32 E3 80 8A 41 95 32 6D BC 54 33 FF A4 6E BA 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C6 3C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 4E C3 D4 75 4E C3 D4 75 00 00 00 00 scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=00 p2=5E lc=-1 le=256 em=0 scdaemon[3313]: DBG: PCSC_data: 00 CA 00 5E 00 scdaemon[3313]: DBG: response: sw=9000 datalen=0 scdaemon[3313]: DBG: dump: scdaemon[3313]: Version-2 ......: yes scdaemon[3313]: Get-Challenge ..: yes (2048 bytes max) scdaemon[3313]: Key-Import .....: yes scdaemon[3313]: Change-Force-PW1: yes scdaemon[3313]: Private-DOs ....: yes scdaemon[3313]: Algo-Attr-Change: yes scdaemon[3313]: SM-Support .....: no scdaemon[3313]: Max-Cert3-Len ..: 2048 scdaemon[3313]: Max-Cmd-Data ...: 2048 scdaemon[3313]: Max-Rsp-Data ...: 2048 scdaemon[3313]: Cmd-Chaining ...: no scdaemon[3313]: Ext-Lc-Le ......: yes scdaemon[3313]: Status Indicator: 05 scdaemon[3313]: GnuPG-No-Sync ..: no scdaemon[3313]: GnuPG-Def-PW2 ..: no scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=00 p2=6E lc=-1 le=256 em=0 scdaemon[3313]: DBG: PCSC_data: 00 CA 00 6E 00 scdaemon[3313]: DBG: response: sw=9000 datalen=217 scdaemon[3313]: DBG: dump: 4F 10 D2 76 00 01 24 01 02 00 00 05 00 00 10 E5 00 00 5F 52 0A 00 31 C5 73 C0 01 40 05 90 00 73 81 B7 C0 0A 7C 00 08 00 08 00 08 00 08 00 C1 06 01 10 00 00 20 00 C2 06 01 10 00 00 20 00 C3 06 01 10 00 00 20 00 C4 07 01 20 20 20 03 00 03 C5 3C 64 89 1D 7C 09 CC 65 8A 31 B2 D1 A4 90 2E 9E 03 D6 1B A0 38 87 A7 40 2C 8B 32 E3 80 8A 41 95 32 6D BC 54 33 FF A4 6E BA 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C6 3C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 4E C3 D4 75 4E C3 D4 75 00 00 00 00 scdaemon[3313]: Key-Attr-sign ..: RSA, n=4096, e=32, fmt=std scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=00 p2=6E lc=-1 le=256 em=0 scdaemon[3313]: DBG: PCSC_data: 00 CA 00 6E 00 scdaemon[3313]: DBG: response: sw=9000 datalen=217 scdaemon[3313]: DBG: dump: 4F 10 D2 76 00 01 24 01 02 00 00 05 00 00 10 E5 00 00 5F 52 0A 00 31 C5 73 C0 01 40 05 90 00 73 81 B7 C0 0A 7C 00 08 00 08 00 08 00 08 00 C1 06 01 10 00 00 20 00 C2 06 01 10 00 00 20 00 C3 06 01 10 00 00 20 00 C4 07 01 20 20 20 03 00 03 C5 3C 64 89 1D 7C 09 CC 65 8A 31 B2 D1 A4 90 2E 9E 03 D6 1B A0 38 87 A7 40 2C 8B 32 E3 80 8A 41 95 32 6D BC 54 33 FF A4 6E BA 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C6 3C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 4E C3 D4 75 4E C3 D4 75 00 00 00 00 scdaemon[3313]: Key-Attr-encr ..: RSA, n=4096, e=32, fmt=std scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=00 p2=6E lc=-1 le=256 em=0 scdaemon[3313]: DBG: PCSC_data: 00 CA 00 6E 00 scdaemon[3313]: DBG: response: sw=9000 datalen=217 scdaemon[3313]: DBG: dump: 4F 10 D2 76 00 01 24 01 02 00 00 05 00 00 10 E5 00 00 5F 52 0A 00 31 C5 73 C0 01 40 05 90 00 73 81 B7 C0 0A 7C 00 08 00 08 00 08 00 08 00 C1 06 01 10 00 00 20 00 C2 06 01 10 00 00 20 00 C3 06 01 10 00 00 20 00 C4 07 01 20 20 20 03 00 03 C5 3C 64 89 1D 7C 09 CC 65 8A 31 B2 D1 A4 90 2E 9E 03 D6 1B A0 38 87 A7 40 2C 8B 32 E3 80 8A 41 95 32 6D BC 54 33 FF A4 6E BA 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C6 3C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 4E C3 D4 75 4E C3 D4 75 00 00 00 00 scdaemon[3313]: Key-Attr-auth ..: RSA, n=4096, e=32, fmt=std scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=00 p2=65 lc=-1 le=256 em=0 scdaemon[3313]: DBG: PCSC_data: 00 CA 00 65 00 scdaemon[3313]: DBG: response: sw=9000 datalen=27 scdaemon[3313]: DBG: dump: 5B 10 4A 4F 4F 52 49 53 3C 3C 45 6D 6D 61 6E 75 65 6C 5F 2D 02 66 72 5F 35 01 31 scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=5F p2=50 lc=-1 le=256 em=0 scdaemon[3313]: DBG: PCSC_data: 00 CA 5F 50 00 scdaemon[3313]: DBG: response: sw=9000 datalen=68 scdaemon[3313]: DBG: dump: 68 74 74 70 3A 2F 2F 70 67 70 2E 6D 69 74 2E 65 64 75 3A 31 31 33 37 31 2F 70 6B 73 2F 6C 6F 6F 6B 75 70 3F 6F 70 3D 67 65 74 26 73 65 61 72 63 68 3D 30 78 45 46 38 31 46 37 32 43 32 39 41 39 44 36 45 46 scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=00 p2=6E lc=-1 le=256 em=0 scdaemon[3313]: DBG: PCSC_data: 00 CA 00 6E 00 scdaemon[3313]: DBG: response: sw=9000 datalen=217 scdaemon[3313]: DBG: dump: 4F 10 D2 76 00 01 24 01 02 00 00 05 00 00 10 E5 00 00 5F 52 0A 00 31 C5 73 C0 01 40 05 90 00 73 81 B7 C0 0A 7C 00 08 00 08 00 08 00 08 00 C1 06 01 10 00 00 20 00 C2 06 01 10 00 00 20 00 C3 06 01 10 00 00 20 00 C4 07 01 20 20 20 03 00 03 C5 3C 64 89 1D 7C 09 CC 65 8A 31 B2 D1 A4 90 2E 9E 03 D6 1B A0 38 87 A7 40 2C 8B 32 E3 80 8A 41 95 32 6D BC 54 33 FF A4 6E BA 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C6 3C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 4E C3 D4 75 4E C3 D4 75 00 00 00 00 scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=00 p2=C4 lc=-1 le=256 em=0 scdaemon[3313]: DBG: PCSC_data: 00 CA 00 C4 00 scdaemon[3313]: DBG: response: sw=9000 datalen=7 scdaemon[3313]: DBG: dump: 01 20 20 20 03 00 03 scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=00 p2=7A lc=-1 le=256 em=0 scdaemon[3313]: DBG: PCSC_data: 00 CA 00 7A 00 scdaemon[3313]: DBG: response: sw=9000 datalen=5 scdaemon[3313]: DBG: dump: 93 03 00 00 01 scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=01 p2=01 lc=-1 le=256 em=0 scdaemon[3313]: DBG: PCSC_data: 00 CA 01 01 00 scdaemon[3313]: DBG: response: sw=9000 datalen=0 scdaemon[3313]: DBG: dump: scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=01 p2=02 lc=-1 le=256 em=0 scdaemon[3313]: DBG: PCSC_data: 00 CA 01 02 00 scdaemon[3313]: DBG: response: sw=9000 datalen=0 scdaemon[3313]: DBG: dump: scdaemon[3313]: DBG: send apdu: c=00 i=47 p1=81 p2=00 lc=2 le=2048 em=1 scdaemon[3313]: DBG: PCSC_data: 00 47 81 00 00 00 02 B6 00 08 00 scdaemon[3313]: DBG: response: sw=9000 datalen=527 scdaemon[3313]: DBG: dump: 7F 49 82 02 0A 81 82 02 00 BF 41 94 00 D8 8C DF AA 8F AB 59 52 8D AF 3C 67 E1 76 0D 70 55 81 8A E0 1E 0E E4 A4 BC FC C9 3D 9B 25 A5 E0 8E 0C FB 14 00 C3 8F AE 16 AE C4 62 2A 84 41 B0 3D 2E 3A 19 F8 85 23 E8 96 69 67 CF 86 3A DF BB B6 F2 4F 0D 8F 2D EB DF 5B FE 13 6C BC B9 A7 89 E6 07 C7 45 75 AA BD 99 2A 94 02 45 11 6B 63 64 6B 1D C6 EB 21 1D C2 2F 54 45 0A 3F 1E 4C CA F1 0D 38 BB 2D 1C 3F 02 76 9E 99 1B 2E 8D 63 20 8C 2B 41 71 3B D7 78 0D 0F 7D 3D 88 0C 65 01 D9 A1 57 D0 48 56 9D F1 02 D2 30 7D 67 2C 83 21 E1 AA B3 A7 52 8D 3D E7 38 6A 40 16 C5 D2 4D 8C B1 6C A3 C3 3C 8A EA 94 50 1B 2C 51 3F 19 E8 DA 68 F4 7E AA 68 FE 44 2E 79 A1 09 23 09 25 44 88 63 0C 1B 6A D8 90 9B E4 40 86 62 03 D3 A6 B6 78 6A 07 8A 6E 16 FE 6B 10 10 AF EB 7A 8F 8C 65 63 E5 15 91 4C 0A 07 A5 3C 1E 99 9D FD 36 9F 05 18 D4 6A EB 81 36 C0 87 CD 7C 31 57 1F 04 38 75 9B CB 3D 87 30 1C E3 49 8F B7 B4 48 E9 46 A2 2F CF CD F4 FB 49 7E 3C 6B 2B 92 20 C0 19 F9 32 A2 E0 EF D6 E3 ED 47 26 91 E9 D7 17 7B 63 76 53 31 FC 95 3E 53 14 B1 27 04 D7 AC 16 7F 85 F2 1A E9 BF D5 53 4C A1 87 40 0E B3 54 92 20 52 F5 CE 49 9E 07 84 CF 25 84 76 27 E6 B8 73 1D A4 D6 8E 98 7A 83 80 31 C9 3C 04 20 B9 9B 49 E5 70 61 85 D1 22 8D D1 F9 99 FA 3F 87 77 38 BC 85 BD 79 11 0A 07 01 CB E6 03 8D 90 FA 81 4E 2F AC 2D CE 5D 46 A5 8D C3 4B 0C 56 24 B5 B8 DB 3C A0 4E B1 BF D8 4B 82 29 8A EE DD E9 01 9B 06 F9 F7 6F E9 75 81 89 F2 70 88 6E D9 BA 48 28 31 10 DF 85 7E 5C 93 80 5C B1 9B CE 4A E7 07 C9 32 94 C7 E0 5A DA 5D E5 10 83 35 35 31 8D 6B 9C 4D CB 28 B4 9A 2D 22 63 D7 6F C1 9D 4A 58 24 BB 08 5E 44 E3 F5 5B 82 04 00 01 00 01 scdaemon[3313]: DBG: send apdu: c=00 i=47 p1=81 p2=00 lc=2 le=2048 em=1 scdaemon[3313]: DBG: PCSC_data: 00 47 81 00 00 00 02 B8 00 08 00 scdaemon[3313]: DBG: response: sw=9000 datalen=527 scdaemon[3313]: DBG: dump: 7F 49 82 02 0A 81 82 02 00 D2 B8 FE 17 D2 42 D7 B1 39 20 BE B8 71 64 BA 95 0C AA A0 BD 48 2F 6D F1 B8 36 56 41 E3 E2 97 3B 96 76 60 A2 DA 73 1C AA 33 32 FD F6 8F CE 34 47 56 3D 8A 88 D3 30 40 02 77 4F F5 A1 D3 1A B8 CE 07 37 58 75 3E 05 1A F7 3C 51 C0 03 F7 B8 88 F3 C1 80 6C 0D 0B 6D 1B A0 D8 50 9A F7 06 B5 C5 CC 83 D6 9E 47 E3 B3 27 24 9C 4E 86 AE 0F A6 85 79 0D 0F 8F 90 29 BB BC EC 4A D4 FD 57 47 B5 81 05 85 6C C7 36 27 C0 75 BA E3 3B DB 9E 0E 20 4D BA E2 81 04 C3 B8 90 7B 23 DE BA 0E 28 70 00 E0 8E 23 8F D2 0E A4 D9 6B 25 50 D9 66 A0 3E EA 36 95 55 14 BA 24 F6 D7 94 C0 34 FE 6F AB DF 4A E7 BE DF 50 F8 75 9D E1 CD 00 9A 1B 64 DB 95 BE 64 E0 E4 2E CC D6 77 0F D5 30 5B C6 7A D9 30 E4 A0 F0 8E 3D 93 04 E0 12 8C 63 19 F4 04 63 38 17 45 46 F5 4B E0 B9 68 28 C8 FF 0F 3D DC 3E 48 7F 16 C4 CC B7 3D 29 AF 13 1E 8E EF 8B CB D5 7A 85 97 44 C6 76 CB 6A 09 EB B4 F0 A3 C8 36 35 B4 22 3F 9B 0F 48 BF 2D DC C8 2F 11 33 A1 50 E2 6E 91 2C 65 50 FC D2 C1 76 AB A0 27 8E 71 D0 A0 A5 9A 64 C7 4C A2 DC 58 64 93 3A 94 E7 CE AC EC 5B 99 01 23 E8 69 30 40 C0 80 86 CE 57 CD DB F7 6E E5 36 7F 34 65 93 C2 A2 BC 07 CB D6 CC A3 0D 1D C2 A2 F1 3C 04 4D B8 EA B9 AF C0 1C C6 6B D4 92 DD C3 0D 13 B9 33 C8 CD 22 64 CF F7 F7 C7 C8 ED 4D 11 90 81 A0 6F CC 8D EA BE 4E 79 EA 3C 6B D8 82 4D B8 7D C5 30 85 F8 75 BD 99 6A CA 1A 2E 5D 9D C4 0E 94 D7 E0 08 BE BC 39 74 76 A9 CF 44 8B 8F 18 78 3A 72 10 9A D4 8F ED 94 34 A2 CA 81 55 D9 34 1D 68 C0 F8 1B 04 55 9F 44 45 0F 80 F3 F9 36 5B 1E 30 00 8D 92 06 7A E6 07 63 C1 EC 08 AE A1 A5 D8 A1 84 3C B2 8F 9B 5E C5 F3 B0 66 18 BF FE 0D B5 82 04 00 01 00 01 scdaemon[3313]: DBG: send apdu: c=00 i=47 p1=81 p2=00 lc=2 le=2048 em=1 scdaemon[3313]: DBG: PCSC_data: 00 47 81 00 00 00 02 A4 00 08 00 scdaemon[3313]: DBG: response: sw=6A88 datalen=0 scdaemon[3313]: reading public key failed: Missing item in object Application ID ...: D2760001240102000005000010E50000 Version ..........: 2.0 Manufacturer .....: ZeitControl Serial number ....: XXXXXXXX Name of cardholder: Emmanuel JOORIS Language prefs ...: fr Sex ..............: male URL of public key : http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xEF81F72C29A9D6EF Login data .......: [not set] Signature PIN ....: not forced Key attributes ...: 4096R 4096R 4096R Max. PIN lengths .: 32 32 32 PIN retry counter : 3 0 3 Signature counter : 1 Signature key ....: 6489 1D7C 09CC 658A 31B2 D1A4 902E 9E03 D61B A038 created ....: 2011-11-16 15:19:17 Encryption key....: 87A7 402C 8B32 E380 8A41 9532 6DBC 5433 FFA4 6EBA created ....: 2011-11-16 15:19:17 Authentication key: [none] General key info..: [none] gpg/card> scdaemon[3313]: updating slot 0 status: 0x0000->0x0007 (0->1) admin Admin commands are allowed gpg/card> generate scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=00 p2=C4 lc=-1 le=256 em=0 scdaemon[3313]: DBG: PCSC_data: 00 CA 00 C4 00 scdaemon[3313]: DBG: response: sw=9000 datalen=7 scdaemon[3313]: DBG: dump: 01 20 20 20 03 00 03 Make off-card backup of encryption key? (Y/n) n gpg: NOTE: keys are already stored on the card! Replace existing keys? (y/N) y scdaemon[3313]: DBG: asking for PIN '||Please enter the PIN' (pinentry:3322): GLib-GObject-CRITICAL **: Object class GtkSecureEntry doesn't implement property 'editing-canceled' from interface 'GtkCellEditable' scdaemon[3313]: DBG: send apdu: c=00 i=20 p1=00 p2=82 lc=6 le=-1 em=0 scdaemon[3313]: DBG: PCSC_data: 00 20 00 82 06 31 32 33 34 35 36 scdaemon[3313]: DBG: response: sw=9000 datalen=0 scdaemon[3313]: DBG: dump: scdaemon[3313]: DBG: send apdu: c=00 i=20 p1=00 p2=81 lc=6 le=-1 em=0 scdaemon[3313]: DBG: PCSC_data: 00 20 00 81 06 31 32 33 34 35 36 scdaemon[3313]: DBG: response: sw=9000 datalen=0 scdaemon[3313]: DBG: dump: scdaemon[3313]: operation check_pin result: Success What keysize do you want for the Signature key? (4096) What keysize do you want for the Encryption key? (4096) What keysize do you want for the Authentication key? (4096) Please specify how long the key should be valid. 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years Key is valid for? (0) 7 Key expires at Thu Nov 24 16:06:15 2011 CET Is this correct? (y/N) y GnuPG needs to construct a user ID to identify your key. Real name: TESTtest Email address: Comment: You selected this USER-ID: "TESTtest" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=00 p2=6E lc=-1 le=256 em=0 scdaemon[3313]: DBG: PCSC_data: 00 CA 00 6E 00 scdaemon[3313]: DBG: response: sw=9000 datalen=217 scdaemon[3313]: DBG: dump: 4F 10 D2 76 00 01 24 01 02 00 00 05 00 00 10 E5 00 00 5F 52 0A 00 31 C5 73 C0 01 40 05 90 00 73 81 B7 C0 0A 7C 00 08 00 08 00 08 00 08 00 C1 06 01 10 00 00 20 00 C2 06 01 10 00 00 20 00 C3 06 01 10 00 00 20 00 C4 07 01 20 20 20 03 00 03 C5 3C 64 89 1D 7C 09 CC 65 8A 31 B2 D1 A4 90 2E 9E 03 D6 1B A0 38 87 A7 40 2C 8B 32 E3 80 8A 41 95 32 6D BC 54 33 FF A4 6E BA 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C6 3C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 4E C3 D4 75 4E C3 D4 75 00 00 00 00 scdaemon[3313]: existing key will be replaced scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=00 p2=C4 lc=-1 le=256 em=0 scdaemon[3313]: DBG: PCSC_data: 00 CA 00 C4 00 scdaemon[3313]: DBG: response: sw=9000 datalen=7 scdaemon[3313]: DBG: dump: 01 20 20 20 03 00 03 scdaemon[3313]: 3 Admin PIN attempts remaining before card is permanently locked scdaemon[3313]: DBG: asking for PIN '|A|Please enter the Admin PIN' (pinentry:3326): GLib-GObject-CRITICAL **: Object class GtkSecureEntry doesn't implement property 'editing-canceled' from interface 'GtkCellEditable' scdaemon[3313]: DBG: send apdu: c=00 i=20 p1=00 p2=83 lc=8 le=-1 em=0 scdaemon[3313]: DBG: PCSC_data: 00 20 00 83 08 31 32 33 34 35 36 37 38 scdaemon[3313]: DBG: response: sw=9000 datalen=0 scdaemon[3313]: DBG: dump: scdaemon[3313]: please wait while key is being generated ... scdaemon[3313]: DBG: send apdu: c=00 i=47 p1=80 p2=00 lc=2 le=2048 em=1 scdaemon[3313]: DBG: PCSC_data: 00 47 80 00 00 00 02 B6 00 08 00 scdaemon[3313]: pcsc_transmit failed: not transacted (0x80100016) scdaemon[3313]: apdu_send_simple(0) failed: general error scdaemon[3313]: generating key failed scdaemon[3313]: operation genkey result: Card error gpg: key generation failed: Card error Key generation failed: Card error 2011/11/17, Werner Koch : > On Thu, 17 Nov 2011 11:58, emmanuel.jooris at gmail.com said: > >> I use Debian testing with gnupg2 2.0.18, i have a BCM5880 smart card > > I don't know thisreader. Is this from Broadcom? > >> scdaemon[2840]: pcsc_transmit failed: not transacted (0x80100016) > > This error message is kind of "general error". It usually has nothing to > do with transactions. Adding "debug 2048" to scdaemon.conf will log all > I/O with the reader. > > You may also try running without pcscd and thus use scdaemon's internal > ccid reader. Make sure that you have write permissions to the USB > device. > > > > Salam-Shalom, > > Werner > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > > From mail at mark-kirchner.de Thu Nov 17 20:39:12 2011 From: mail at mark-kirchner.de (Mark Kirchner) Date: Thu, 17 Nov 2011 20:39:12 +0100 Subject: GPA File Manager In-Reply-To: <87ehx7vv0s.fsf@gnupg.org> References: <000d01cca36f$e4b905d0$ae2b1170$@net> <26958EDC00C9F545A300BAC81C5A652D6EE0E3@ms02.elca.ch> <1181174303.20111115211316@my_localhost> <87ipmkjep8.fsf@vigenere.g10code.de> <4EC44221.9030306@mark-kirchner.de> <87ehx7vv0s.fsf@gnupg.org> Message-ID: <4EC562E0.60203@mark-kirchner.de> Am 17.11.2011 12:38, schrieb Werner Koch: > Despite that the GNU maintainer rules say that we shall not mention > proprietary software at all I see. So, since my "frown" was obviously misdirected at you, Werner, I think I owe you an apology. But please let me re-phrase: Those rules seem to deny people the freedom to discuss software alternatives on a public mailing list? [...] Or to put it differently: Any mailing list or forum about some piece of proprietary software that sets up rules like that ("you are not allowed to mention free software here") would be called intolerant and freedom-of-choice-denying - and rightfully so. IMHO, not an example I would want to follow. Anyways, since I'm not going to try to change those rules and the whole thing is going off-topic fast, I guess I'll rest my case now. Kind regards, Mark From rjh at sixdemonbag.org Thu Nov 17 21:31:04 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 17 Nov 2011 15:31:04 -0500 Subject: GPA File Manager In-Reply-To: <4EC562E0.60203@mark-kirchner.de> References: <000d01cca36f$e4b905d0$ae2b1170$@net> <26958EDC00C9F545A300BAC81C5A652D6EE0E3@ms02.elca.ch> <1181174303.20111115211316@my_localhost> <87ipmkjep8.fsf@vigenere.g10code.de> <4EC44221.9030306@mark-kirchner.de> <87ehx7vv0s.fsf@gnupg.org> <4EC562E0.60203@mark-kirchner.de> Message-ID: <4EC56F08.5040704@sixdemonbag.org> On 11/17/2011 2:39 PM, Mark Kirchner wrote: > But please let me re-phrase: Those rules seem to deny people the > freedom to discuss software alternatives on a public mailing list? If this was a public mailing list, I'd agree with you. This mailing list is owned and operated by private citizens. We're guests in someone else's home, and that someone else has established rules. The courteous thing to do is to abide by those rules, to the extent we can do so without running afoul of our own moral code. Saying, "please do not recommend proprietary software" is not a rule that gives me the moral heebie-jeebies, so I'm happy to comply with it. > Or to put it differently: Any mailing list or forum about some piece > of proprietary software that sets up rules like that ("you are not > allowed to mention free software here") would be called intolerant > and freedom-of-choice-denying - and rightfully so. No: *you* would call them intolerant and freedom-of-choice-denying. Please be careful about making universal statements about what the world in general would say: the world generally does not conform to our expectations. Do you feel you have the right to stand in the middle of an Audi dealership and loudly extoll the praises of the Peugeot? Or would the dealership owner be within his rights to tell you, "look, I'm very happy you love the Peugeot RCZ, but you need to take your advocacy of it somewhere else"? From expires2011 at ymail.com Thu Nov 17 22:23:43 2011 From: expires2011 at ymail.com (MFPA) Date: Thu, 17 Nov 2011 21:23:43 +0000 Subject: GPA File Manager In-Reply-To: <4EC56F08.5040704@sixdemonbag.org> References: <000d01cca36f$e4b905d0$ae2b1170$@net> <26958EDC00C9F545A300BAC81C5A652D6EE0E3@ms02.elca.ch> <1181174303.20111115211316@my_localhost> <87ipmkjep8.fsf@vigenere.g10code.de> <4EC44221.9030306@mark-kirchner.de> <87ehx7vv0s.fsf@gnupg.org> <4EC562E0.60203@mark-kirchner.de> <4EC56F08.5040704@sixdemonbag.org> Message-ID: <249463570.20111117212343@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Thursday 17 November 2011 at 8:31:04 PM, in , Robert J. Hansen wrote: > Saying, "please do not recommend proprietary software" > is not a rule that gives me the moral heebie-jeebies, > so I'm happy to comply with it. For what it's worth, I didn't try to recommend anything. A question had been asked and I tried to answer it by pointing the enquirer to some relevant information. I chose not to mention it was propreitary software because the page I linked to has a prominent FAQ and one of the first questions deals with his source code not being published. I naively thought that said it for me. - -- Best regards MFPA mailto:expires2011 at ymail.com Learning without thought is naught; thought without learning is dangerous. -----BEGIN PGP SIGNATURE----- iQCVAwUBTsV7ZaipC46tDG5pAQq+rgP/WNEdErPqIaK+PloE1PsGUmCSLnzhgxGV IhrEj81n8uZtDE1hRmhzapg/7ncWFDTG1iysY5BuHfyGea0ZbRQjozOtLHRJbxQQ +9yzYR2WlLaU4b0Lmr+vg4TTPIYe5rScdkQ7++IygnwM+nxVJKKVty1wU+OcSjWa RcRxmX/H5hg= =hJIo -----END PGP SIGNATURE----- From peter at digitalbrains.com Thu Nov 17 22:36:12 2011 From: peter at digitalbrains.com (Peter Lebbing) Date: Thu, 17 Nov 2011 22:36:12 +0100 Subject: GPA File Manager In-Reply-To: <249463570.20111117212343@my_localhost> References: <000d01cca36f$e4b905d0$ae2b1170$@net> <26958EDC00C9F545A300BAC81C5A652D6EE0E3@ms02.elca.ch> <1181174303.20111115211316@my_localhost> <87ipmkjep8.fsf@vigenere.g10code.de> <4EC44221.9030306@mark-kirchner.de> <87ehx7vv0s.fsf@gnupg.org> <4EC562E0.60203@mark-kirchner.de> <4EC56F08.5040704@sixdemonbag.org> <249463570.20111117212343@my_localhost> Message-ID: <4EC57E4C.4050608@digitalbrains.com> On 17/11/11 22:23, MFPA wrote: > For what it's worth, I didn't try to recommend anything. /Somebody/ did though, although I only see a quote and no author... please notice the quote below is quoting yet someone else; it is not Sartoretti who recommended GPGshell. On 15/11/11 09:39, Sartoretti Pascal wrote: >> Take a look at GPGshell. It will do what you want, and them some. > > I am confused : is this "GPGshell" the same as the "GpgEX" component > included in the Gpg4Win package ? "GpgEX" is described as "GnuPG Shell > extension" in the installer. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From mail at mark-kirchner.de Thu Nov 17 22:39:40 2011 From: mail at mark-kirchner.de (Mark Kirchner) Date: Thu, 17 Nov 2011 22:39:40 +0100 Subject: GPA File Manager In-Reply-To: <4EC56F08.5040704@sixdemonbag.org> References: <000d01cca36f$e4b905d0$ae2b1170$@net> <26958EDC00C9F545A300BAC81C5A652D6EE0E3@ms02.elca.ch> <1181174303.20111115211316@my_localhost> <87ipmkjep8.fsf@vigenere.g10code.de> <4EC44221.9030306@mark-kirchner.de> <87ehx7vv0s.fsf@gnupg.org> <4EC562E0.60203@mark-kirchner.de> <4EC56F08.5040704@sixdemonbag.org> Message-ID: <4EC57F1C.3010308@mark-kirchner.de> Am 17.11.2011 21:31, schrieb Robert J. Hansen: > On 11/17/2011 2:39 PM, Mark Kirchner wrote: >> But please let me re-phrase: Those rules seem to deny people the >> freedom to discuss software alternatives on a public mailing list? > > If this was a public mailing list, I'd agree with you. I used "public" as in "open to the public". At least that was what I was trying to do, but since I'm not a native speaker, I might have mis-used the word. > Saying, "please do not recommend proprietary software" is not a rule > that gives me the moral heebie-jeebies, so I'm happy to comply with > it. Well, I haven't broken the rule and now that I know of it, I will certainly not do so in the future. But still, I'm questioning the reasonableness of the rule. >> Or to put it differently: Any mailing list or forum about some >> piece of proprietary software that sets up rules like that ("you >> are not allowed to mention free software here") would be called >> intolerant and freedom-of-choice-denying - and rightfully so. > > No: *you* would call them intolerant and freedom-of-choice-denying. > Please be careful about making universal statements about what the > world in general would say: the world generally does not conform to > our expectations. Yes, you're right, it is my personal opinion which could only backed by anecdotal evidence - if at all. Anyways, I'm still quite confident that quite a lot of people would feel that way. > Do you feel you have the right to stand in the middle of an Audi > dealership and loudly extoll the praises of the Peugeot? Or would > the dealership owner be within his rights to tell you, "look, I'm > very happy you love the Peugeot RCZ, but you need to take your > advocacy of it somewhere else"? Hm, in my totally personal opinion that comparison is a bit skewed: The rule of not mentioning proprietary software should -also in my opinion- better be compared to "not being allowed to ask the dealer / another customer / a random bystander what he thinks of a Peugeot at all". Yes, the dealer could choose to try to enforce his rights in such a case. Would it be wise to do so? In my opinion: No, he has way better alternatives than that. Kind regards, Mark P.S.: Any further answers from my side will not go to the list; I feel I have stretched everybodys patience enough. From rjh at sixdemonbag.org Fri Nov 18 03:31:31 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 17 Nov 2011 21:31:31 -0500 Subject: GPA File Manager In-Reply-To: <4EC57F1C.3010308@mark-kirchner.de> References: <000d01cca36f$e4b905d0$ae2b1170$@net> <26958EDC00C9F545A300BAC81C5A652D6EE0E3@ms02.elca.ch> <1181174303.20111115211316@my_localhost> <87ipmkjep8.fsf@vigenere.g10code.de> <4EC44221.9030306@mark-kirchner.de> <87ehx7vv0s.fsf@gnupg.org> <4EC562E0.60203@mark-kirchner.de> <4EC56F08.5040704@sixdemonbag.org> <4EC57F1C.3010308@mark-kirchner.de> Message-ID: <4EC5C383.7040607@sixdemonbag.org> On 11/17/2011 4:39 PM, Mark Kirchner wrote: > I used "public" as in "open to the public". At least that was what I was > trying to do, but since I'm not a native speaker, I might have mis-used > the word. Speaking generally, in English saying something is a "public so-and-so" means it belongs to the public, not that it is open to the public. The opposite, a "private so-and-so," means it belongs to an individual or a company. There are exceptions, of course, but this is the general rule. I hope this helps. :) > Hm, in my totally personal opinion that comparison is a bit skewed: The > rule of not mentioning proprietary software should -also in my opinion- > better be compared to "not being allowed to ask the dealer / another > customer / a random bystander what he thinks of a Peugeot at all". But that's not what the rule is. The rule is against *recommending or encouraging the use* of proprietary software, the same way that in an Audi dealership you might be forbidden from recommending or encouraging the use of Peugeots. The remark that caused the reminder about the rule was someone advising to look at GPGShell, that it would do everything they needed and more. That's not mentioning GPGShell: that's recommending it. I can tell you from personal experience I've mentioned proprietary software here before without running afoul of the rules. For instance, "what are the major differences between GnuPG and PGP?" PGP is a proprietary piece of software, but since I'm not encouraging the use of PGP no one really cares. It's the same way that in an Audi dealership I might be allowed to ask, "so what's the difference in performance between an R8 and an RCZ?" From jw72253 at verizon.net Fri Nov 18 05:55:02 2011 From: jw72253 at verizon.net (John A. Wallace) Date: Thu, 17 Nov 2011 22:55:02 -0600 Subject: Gpg Agent is listening on port xyz In-Reply-To: References: Message-ID: <000001cca5ae$3b8869b0$b2993d10$@net> Hello. When my firewall advises me that GPG agent is "listening on:xyz", what exactly is it listening for and is that necessary? Thanks. John From pascal.sartoretti at elca.ch Fri Nov 18 09:03:22 2011 From: pascal.sartoretti at elca.ch (Sartoretti Pascal) Date: Fri, 18 Nov 2011 09:03:22 +0100 Subject: GPA File Manager : double-click not possible ? In-Reply-To: <87mxbwjevg.fsf@vigenere.g10code.de> References: <26958EDC00C9F545A300BAC81C5A652D6EDDC4@ms02.elca.ch><87sjlpldnw.fsf@vigenere.g10code.de><26958EDC00C9F545A300BAC81C5A652D6EE429@ms02.elca.ch> <87mxbwjevg.fsf@vigenere.g10code.de> Message-ID: <26958EDC00C9F545A300BAC81C5A652D6EE886@ms02.elca.ch> > It is for sure included in the gpg4win source tarball (300mb or so). [Pascal Sartoretti] I only found a tarball named "gpg4win-2.1.0.tar.bz2" of 5.8 MB, could you point me to the 300 MB one ? For now, I only want to have a look at GPA to see if my company has the skills required to extend it, then I will use the git access. Best regards Pascal From wk at gnupg.org Fri Nov 18 09:54:28 2011 From: wk at gnupg.org (Werner Koch) Date: Fri, 18 Nov 2011 09:54:28 +0100 Subject: Gpg Agent is listening on port xyz In-Reply-To: <000001cca5ae$3b8869b0$b2993d10$@net> (John A. Wallace's message of "Thu, 17 Nov 2011 22:55:02 -0600") References: <000001cca5ae$3b8869b0$b2993d10$@net> Message-ID: <87vcqhhku3.fsf@gnupg.org> On Fri, 18 Nov 2011 05:55, jw72253 at verizon.net said: > Hello. When my firewall advises me that GPG agent is "listening on:xyz", > what exactly is it listening for and is that necessary? Thanks. On Windows we don't have Unix Domain Sockets. The emulation we use consists of a plain file giving a TCP port number. The server (e.g. gpg-gent) is listening on localhost and that port number. The client connects to localhost and that port number. This emulation yields semantics similar to a Unix Domain Socket. We use this IPC mechanism for interprocess communication between gpg and gpg-agent. gpg-agent and scdameon, etc. Given that the server is only listening for connections from localhost, this scheme is a pure local IPC mechanism. Unfortunately some firewalls don't get it right and try to protect against attacks from one-self. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Fri Nov 18 10:01:03 2011 From: wk at gnupg.org (Werner Koch) Date: Fri, 18 Nov 2011 10:01:03 +0100 Subject: GPA File Manager : double-click not possible ? In-Reply-To: <26958EDC00C9F545A300BAC81C5A652D6EE886@ms02.elca.ch> (Sartoretti Pascal's message of "Fri, 18 Nov 2011 09:03:22 +0100") References: <26958EDC00C9F545A300BAC81C5A652D6EDDC4@ms02.elca.ch> <87sjlpldnw.fsf@vigenere.g10code.de> <26958EDC00C9F545A300BAC81C5A652D6EE429@ms02.elca.ch> <87mxbwjevg.fsf@vigenere.g10code.de> <26958EDC00C9F545A300BAC81C5A652D6EE886@ms02.elca.ch> Message-ID: <87r515hkj4.fsf@gnupg.org> On Fri, 18 Nov 2011 09:03, pascal.sartoretti at elca.ch said: > For now, I only want to have a look at GPA to see if my company has the > skills required to extend it, then I will use the git access. The git server even allows you to create a tarball. But cloning the repo is much easier. Save you the trouble of downloading 300MB gpg4win source and a build time of several hours. Anyway, you will find that huge tarball easily if look at the download page of gpg4win.org. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From jerome at jeromebaum.com Fri Nov 18 09:25:37 2011 From: jerome at jeromebaum.com (Jerome Baum) Date: Fri, 18 Nov 2011 09:25:37 +0100 Subject: GPA File Manager In-Reply-To: <4EC57F1C.3010308@mark-kirchner.de> References: <000d01cca36f$e4b905d0$ae2b1170$@net> <26958EDC00C9F545A300BAC81C5A652D6EE0E3@ms02.elca.ch> <1181174303.20111115211316@my_localhost> <87ipmkjep8.fsf@vigenere.g10code.de> <4EC44221.9030306@mark-kirchner.de> <87ehx7vv0s.fsf@gnupg.org> <4EC562E0.60203@mark-kirchner.de> <4EC56F08.5040704@sixdemonbag.org> <4EC57F1C.3010308@mark-kirchner.de> Message-ID: <4EC61681.5070307@jeromebaum.com> On 2011-11-17 22:39, Mark Kirchner wrote: > Am 17.11.2011 21:31, schrieb Robert J. Hansen: >> No: *you* would call them intolerant and freedom-of-choice-denying. >> Please be careful about making universal statements about what the >> world in general would say: the world generally does not conform to >> our expectations. > > Yes, you're right, it is my personal opinion which could only backed by > anecdotal evidence - if at all. Anyways, I'm still quite confident that > quite a lot of people would feel that way. For what it's worth, I don't feel that it would be "intolerant and freedom-of-choice-denying" at all if Symantec were to say "in the PGP forums you should not advocate other alternatives" because "the PGP forums" are their turf. gnupg-users is GnuPG-the-project's turf so we follow the rules GnuPG has chosen to adapt. It seems to work out well: GnuPG-the-project doesn't bother Symantec, and Symantec doesn't bother GnuPG. Everyone's happy! -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA -- Leader, n.: A short strip of nonfunctioning material. -- Of all the things the problem that wasn't his was, being not his problem wasn't one of them. -- No situation is so dire that panic cannot make it worse. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 878 bytes Desc: OpenPGP digital signature URL: From dougb at dougbarton.us Fri Nov 18 19:50:14 2011 From: dougb at dougbarton.us (Doug Barton) Date: Fri, 18 Nov 2011 10:50:14 -0800 Subject: GPA File Manager In-Reply-To: <4EC61681.5070307@jeromebaum.com> References: <000d01cca36f$e4b905d0$ae2b1170$@net> <26958EDC00C9F545A300BAC81C5A652D6EE0E3@ms02.elca.ch> <1181174303.20111115211316@my_localhost> <87ipmkjep8.fsf@vigenere.g10code.de> <4EC44221.9030306@mark-kirchner.de> <87ehx7vv0s.fsf@gnupg.org> <4EC562E0.60203@mark-kirchner.de> <4EC56F08.5040704@sixdemonbag.org> <4EC57F1C.3010308@mark-kirchner.de> <4EC61681.5070307@jeromebaum.com> Message-ID: <4EC6A8E6.6090303@dougbarton.us> On 11/18/2011 00:25, Jerome Baum wrote: > For what it's worth, I don't feel that it would be "intolerant and > freedom-of-choice-denying" at all if Symantec were to say "in the PGP > forums you should not advocate other alternatives" because "the PGP > forums" are their turf. gnupg-users is GnuPG-the-project's turf so we > follow the rules GnuPG has chosen to adapt. I don't think anyone is saying that the managers of the gnupg lists don't have the right to create restrictions for their use. At least I'm not saying that. It's their list, their rules. No worries. My original post was intended to be a humorous jab pointing out the irony of restricting our freedom to discuss other, relevant, software projects; in the name of freedom. That's all. :) Doug -- "We could put the whole Internet into a book." "Too practical." Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ From rjh at sixdemonbag.org Fri Nov 18 20:07:50 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 18 Nov 2011 14:07:50 -0500 Subject: GPA File Manager In-Reply-To: <4EC6A8E6.6090303@dougbarton.us> References: <000d01cca36f$e4b905d0$ae2b1170$@net> <26958EDC00C9F545A300BAC81C5A652D6EE0E3@ms02.elca.ch> <1181174303.20111115211316@my_localhost> <87ipmkjep8.fsf@vigenere.g10code.de> <4EC44221.9030306@mark-kirchner.de> <87ehx7vv0s.fsf@gnupg.org> <4EC562E0.60203@mark-kirchner.de> <4EC56F08.5040704@sixdemonbag.org> <4EC57F1C.3010308@mark-kirchner.de> <4EC61681.5070307@jeromebaum.com> <4EC6A8E6.6090303@dougbarton.us> Message-ID: <4EC6AD06.5010900@sixdemonbag.org> On 11/18/11 1:50 PM, Doug Barton wrote: > My original post was intended to be a humorous jab pointing out the > irony of restricting our freedom to discuss other, relevant, software > projects; in the name of freedom. That's all. :) Is it really irony at all? The GPL itself restricts freedom for the purpose of preserving freedom. Discussion restrictions seem like a natural extension: GPLism introduced to the world of written discourse. :) (No license flamewars, please: I'm not making any normative statements here. I'm just pointing out that such restrictions are not unexpected given the chosen licensing of GnuPG.) From dougb at dougbarton.us Fri Nov 18 20:21:03 2011 From: dougb at dougbarton.us (Doug Barton) Date: Fri, 18 Nov 2011 11:21:03 -0800 Subject: GPA File Manager In-Reply-To: <4EC6AD06.5010900@sixdemonbag.org> References: <000d01cca36f$e4b905d0$ae2b1170$@net> <26958EDC00C9F545A300BAC81C5A652D6EE0E3@ms02.elca.ch> <1181174303.20111115211316@my_localhost> <87ipmkjep8.fsf@vigenere.g10code.de> <4EC44221.9030306@mark-kirchner.de> <87ehx7vv0s.fsf@gnupg.org> <4EC562E0.60203@mark-kirchner.de> <4EC56F08.5040704@sixdemonbag.org> <4EC57F1C.3010308@mark-kirchner.de> <4EC61681.5070307@jeromebaum.com> <4EC6A8E6.6090303@dougbarton.us> <4EC6AD06.5010900@sixdemonbag.org> Message-ID: <4EC6B01F.5090205@dougbarton.us> On 11/18/2011 11:07, Robert J. Hansen wrote: > On 11/18/11 1:50 PM, Doug Barton wrote: >> My original post was intended to be a humorous jab pointing out the >> irony of restricting our freedom to discuss other, relevant, software >> projects; in the name of freedom. That's all. :) > > Is it really irony at all? Well *I* certainly think it is, but then I'm a BSD person, so I have that kind of strange heretical view about things. :) > (No license flamewars, please Agreed, and that wasn't my intent either (hence the smileys, and general light-hearted tone of my posts). I have no problem agreeing to disagree with my fine upstanding GNU colleagues. But hopefully we can all agree that it's Ok to poke a bit of fun at ourselves ... it's all just 1's and 0's in the end, right? Doug -- "We could put the whole Internet into a book." "Too practical." Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ From expires2011 at ymail.com Fri Nov 18 20:30:08 2011 From: expires2011 at ymail.com (MFPA) Date: Fri, 18 Nov 2011 19:30:08 +0000 Subject: GPA File Manager In-Reply-To: <4EC5C383.7040607@sixdemonbag.org> References: <000d01cca36f$e4b905d0$ae2b1170$@net> <26958EDC00C9F545A300BAC81C5A652D6EE0E3@ms02.elca.ch> <1181174303.20111115211316@my_localhost> <87ipmkjep8.fsf@vigenere.g10code.de> <4EC44221.9030306@mark-kirchner.de> <87ehx7vv0s.fsf@gnupg.org> <4EC562E0.60203@mark-kirchner.de> <4EC56F08.5040704@sixdemonbag.org> <4EC57F1C.3010308@mark-kirchner.de> <4EC5C383.7040607@sixdemonbag.org> Message-ID: <1954216967.20111118193008@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Friday 18 November 2011 at 2:31:31 AM, in , Robert J. Hansen wrote: > Speaking generally, in English saying something is a > "public so-and-so" means it belongs to the public, not > that it is open to the public. The opposite, a > "private so-and-so," means it belongs to an individual > or a company. There are exceptions, of course, but > this is the general rule. I hope this helps. :) In the UK, "open to the public" is the more usual meaning. For example: place, telephone, footpath, right of way, transport, park, car park. Although there is also "funded with taxpayers' money" as in a "public body." [...] > The remark that caused the reminder > about the rule was someone advising to look at > GPGShell, that it would do everything they needed and > more. That's not mentioning GPGShell: that's > recommending it. Oh. Glad to read it wasn't my comment that caused the reminder about the rule. - -- Best regards MFPA mailto:expires2011 at ymail.com It is easy to propose impossible remedies. -----BEGIN PGP SIGNATURE----- iQCVAwUBTsayRqipC46tDG5pAQpN3QP8Dx+roqcO6mkOqUgFyIglbWy9QC4BhzMT x7cWbpu8kr25Gl58o7zwSJfZX3r5vUk3XpnUTW+V2v7nSxcvWg4uFbednst/UZdO pLFSu8Pp8LZUGFsOqrvwjSp3+9xJgbrbLoc/dasiiivSBTOngKhH9qOyQ1tf8LR6 oXqw/D0b0l8= =fn3F -----END PGP SIGNATURE----- From andreead_lucau at yahoo.com Fri Nov 18 22:07:38 2011 From: andreead_lucau at yahoo.com (Andreea Diana Lucau) Date: Fri, 18 Nov 2011 13:07:38 -0800 (PST) Subject: Key File for GPG Message-ID: <1321650458.21694.YahooMailNeo@web112516.mail.gq1.yahoo.com> Hi, I need to load the public key used fir encryption from a local file. Does GPG or GPGme offer this possibility? I've scanned the d and didn't seen something similar. I have gnupgp 2.0.18 and gpgme 1.3.1. Thanks, Andreea Lucau -------------- next part -------------- An HTML attachment was scrubbed... URL: From dkg at fifthhorseman.net Fri Nov 18 23:10:45 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Fri, 18 Nov 2011 17:10:45 -0500 Subject: Key File for GPG In-Reply-To: <1321650458.21694.YahooMailNeo@web112516.mail.gq1.yahoo.com> References: <1321650458.21694.YahooMailNeo@web112516.mail.gq1.yahoo.com> Message-ID: <4EC6D7E5.20907@fifthhorseman.net> On 11/18/2011 04:07 PM, Andreea Diana Lucau wrote: > I need to load the public key used fir encryption from a local file. Does GPG or GPGme offer this possibility? I've scanned the d and didn't seen something similar. I have gnupgp 2.0.18 and gpgme 1.3.1. first, do: gpg --import < localfile.key then do other gpg stuff, referring to the key by its ID or by the user ID associated with it. a single file could contain multiple independent keys, or a single primary key with a bunch of subkeys, so it doesn't make sense to use the file itself to indicate which key to use. hth, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From mailinglisten at hauke-laging.de Fri Nov 18 23:10:48 2011 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Fri, 18 Nov 2011 23:10:48 +0100 Subject: Key File for GPG In-Reply-To: <1321650458.21694.YahooMailNeo@web112516.mail.gq1.yahoo.com> References: <1321650458.21694.YahooMailNeo@web112516.mail.gq1.yahoo.com> Message-ID: <201111182310.53836.mailinglisten@hauke-laging.de> Am Freitag, 18. November 2011, 22:07:38 schrieb Andreea Diana Lucau: > Hi, > > I need to load the public key used fir encryption from a local file. Does > GPG or GPGme offer this possibility? import, encrypt, delete? :-) -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 555 bytes Desc: This is a digitally signed message part. URL: From jw72253 at verizon.net Sat Nov 19 04:07:32 2011 From: jw72253 at verizon.net (John A. Wallace) Date: Fri, 18 Nov 2011 21:07:32 -0600 Subject: keys.gnupg.net In-Reply-To: References: Message-ID: <000001cca668$61b4f300$251ed900$@net> Hello. In my web browser I am looking at the url of keys.gnupg.net, which has the following title on top of its page: SKS OpenPGP Keyserver at zimmermann.mayfirst.org. This site allows me to check or submit public keys. On that page there are some instructions in a section called "Access", and it states: To use this server directly via HKP add this to your .PGP keyserver list: x-hkp://zimmermann.mayfirst.org http://zimmermann.mayfirst.org:11371 For users of GnuPG, add the following to ~/.gnupg/gpg.conf: keyserver hkp://zimmermann.mayfirst.org Now when I went to look at the site noted above (i.e., http://zimmermann.mayfirst.org), it appears to be exactly the same as the first page, the one with a url of "keys.gnupg.net". So, is this an officialy sanctioned site by gnupg, one which is simply redirected? Secondly, regarding the instructions, already in my gpg.conf file I have this line: "keyserver hkp://keys.gnupg.net"; so, would there be any point in changing it? More importantly, in the same instructions it states this: "This server is also available secured by TLS (via hkps).... You can use HKPS by dropping the May First/People Link Certificate Authority's certificate into ~/.gnupg/mfpl.crt, and then adding the following lines to ~/.gnupg/gpg.conf: keyserver hkps://zimmermann.mayfirst.org keyserver-options ca-cert-file=/home/YOURNAME/.gnupg/mfpl.crt" Therefore, if this is in fact an officially sanctioned site, I should prefer to have this latter option for use as it supports encrypted key transfer processes. I am assuming that there should be only one entry for the "keyserver" name option although the online instructions do not explicitly state so? Thanks. John From olav at enigmail.net Sat Nov 19 04:26:46 2011 From: olav at enigmail.net (Olav Seyfarth) Date: Sat, 19 Nov 2011 04:26:46 +0100 Subject: Which ExpressCard/54? Message-ID: <4EC721F6.1090607@enigmail.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hi list, I use my OpenPGP SmartCard in my laptop (W7+Linux) with a PCMCIA reader. I think about buying a new laptop. Unfortunately, new models often only ExpressCard/54 slot is available today (if at all). After having had trouble with built-in SmartCard readers, I think it's a good idea to use a ExpressCard/54 reader instead. It would help to have a hint which ExpressCard reader to buy. The OpenPGP SmartCard HowTo does not recommend any ExpressCard reader. I found two ExpressCard/54 readers: * Gemalto PC Express (PCMCIA HWP114310D) http://www.gemalto.com/products/pc_link_readers/#PC_Express http://support.gemalto.com/?id=70 * SCM Microsystems SCR3340 Express Card Reader http://www.identive-infrastructure.com/products-solutions/\ smart-card-readers-a-terminals/smart-card-readers/scr3340 Any hands-on experience with them or other suggestions? Thanks, Olav -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Dies ist eine elektronische Signatur - http://enigmail.mozdev.org/ iQGcBAEBAwAGBQJOxyHvAAoJEKGX32tq4e9WYDgMAJOGspc9vAAXSTpXlzOulYIj gLSDFfOL0iAyvd3w21dSMsNSsX8XxlJlGkcuunE8BijVdrMzmoB34DbcVfUL7M6H hhbMY5AQqWy6A/03CqBxN4jkThkA98p/+xERkdkqRz/fc8tN671zID7AA8+M7yuR Bs16zFWdCvkwPXaCLVzArMdrbwsZCiKqTOS+M6j6MmmI7Zn5Id7Kj/RzskeKgkwG vArLlu5pzaugaONJNXncuZOSxVNp2IeigVbqk0M6LOj4ZycVOy1AYqZLwXZt8GrE sA9UNZSr62GMxuGixmJ/kMJxEglOwEKr+NnLqvQJvvftILWRFzBKxFZ/Xg+9wEcm ttv6eUEugH8SkjgW5QGUme2DBc0YWHG/cE7iClxb7ufoSyVqdfeEytw8HUE0Iqd6 WkGnLUMLc0GAIlpKhhcvbp9DNVJgS9d8ZsZYPbMoJ1EhpAJhecEhthrnlgoPwthm wjGkqzfQXWNAez4ONizWcSR4o6gPQZOoNcDF11qDDQ== =zD74 -----END PGP SIGNATURE----- From jw72253 at verizon.net Sat Nov 19 05:09:02 2011 From: jw72253 at verizon.net (John A. Wallace) Date: Fri, 18 Nov 2011 22:09:02 -0600 Subject: keys.gnupg.net References: Message-ID: <000601cca670$f88f4a70$e9addf50$@net> > -----Original Message----- > From: John A. Wallace [mailto:jw72253 at verizon.net] > Sent: Friday, November 18, 2011 9:08 PM > To: 'gnupg-users at gnupg.org' > Subject: keys.gnupg.net > > Hello. In my web browser I am looking at the url of keys.gnupg.net, > which has the following title on top of its page: SKS OpenPGP > Keyserver at zimmermann.mayfirst.org. This site allows me to check or > submit public keys. On that page there are some instructions in a > section called "Access", and it states: > > To use this server directly via HKP add this to your .PGP keyserver > list: > > x-hkp://zimmermann.mayfirst.org > http://zimmermann.mayfirst.org:11371 > > For users of GnuPG, add the following to ~/.gnupg/gpg.conf: > > keyserver hkp://zimmermann.mayfirst.org > > > Now when I went to look at the site noted above (i.e., > http://zimmermann.mayfirst.org), it appears to be exactly the same as > the first page, the one with a url of "keys.gnupg.net". So, is this an > officialy sanctioned site by gnupg, one which is simply redirected? > > Secondly, regarding the instructions, already in my gpg.conf file I > have this line: "keyserver hkp://keys.gnupg.net"; so, would there be > any point in changing it? > > More importantly, in the same instructions it states this: > > "This server is also available secured by TLS (via hkps).... You > can use HKPS by dropping the May First/People Link Certificate > Authority's certificate into ~/.gnupg/mfpl.crt, and then adding the > following lines to ~/.gnupg/gpg.conf: > > keyserver hkps://zimmermann.mayfirst.org > keyserver-options ca-cert-file=/home/YOURNAME/.gnupg/mfpl.crt" > > Therefore, if this is in fact an officially sanctioned site, I should > prefer to have this latter option for use as it supports encrypted key > transfer processes. I am assuming that there should be only one entry > for the "keyserver" name option although the online instructions do not > explicitly state so? Thanks. > > John In addition, it seems to imply to me from the instructions online at http://www.gnupg.org/documentation/manuals/gnupg-devel/GPG-Configuration-Opt ions.html, that I could in fact use more than one "keyserver 'name'" option in my 'gpg.conf' file; and that I could use different options for different keyservers. At least that is how I understand these instructions: " After the keyserver name, optional keyserver configuration options may be provided. These are the same as the global --keyserver-options from below, but apply only to this particular keyserver." Or is this instruction referring only to different options for different "types" (e.g., hkp, ldap or mailto) of keyservers? I mean, if I am interpreting it right, I could, theoretically, use these lines in gpg.conf: keyserver hkp://keys.gnupg.net keyserver hkps://zimmermann.mayfirst.org ca-cert-file=\mfpl.crt keyserver-options verbose Thanks. John From hka at qbs.com.pl Sat Nov 19 10:50:33 2011 From: hka at qbs.com.pl (Hubert Kario) Date: Sat, 19 Nov 2011 10:50:33 +0100 Subject: Which ExpressCard/54? In-Reply-To: <4EC721F6.1090607@enigmail.net> References: <4EC721F6.1090607@enigmail.net> Message-ID: <201111191050.37928.hka@qbs.com.pl> On Saturday 19 of November 2011 04:26:46 Olav Seyfarth wrote: > Hi list, > > I use my OpenPGP SmartCard in my laptop (W7+Linux) with a PCMCIA reader. > > I think about buying a new laptop. Unfortunately, new models often only > ExpressCard/54 slot is available today (if at all). > > After having had trouble with built-in SmartCard readers, > I think it's a good idea to use a ExpressCard/54 reader instead. > > It would help to have a hint which ExpressCard reader to buy. > The OpenPGP SmartCard HowTo does not recommend any ExpressCard reader. > > I found two ExpressCard/54 readers: > > * Gemalto PC Express (PCMCIA HWP114310D) > http://www.gemalto.com/products/pc_link_readers/#PC_Express > http://support.gemalto.com/?id=70 > > * SCM Microsystems SCR3340 Express Card Reader > http://www.identive-infrastructure.com/products-solutions/\ > smart-card-readers-a-terminals/smart-card-readers/scr3340 > > Any hands-on experience with them or other suggestions? > The gemalto reader is actually a USB card reader, so any experience with USB readers should also apply. -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawer?w 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2346 bytes Desc: not available URL: From simon at josefsson.org Sat Nov 19 13:56:45 2011 From: simon at josefsson.org (Simon Josefsson) Date: Sat, 19 Nov 2011 13:56:45 +0100 Subject: Which ExpressCard/54? In-Reply-To: <4EC721F6.1090607__21467.0494701297$1321673272$gmane$org@enigmail.net> (Olav Seyfarth's message of "Sat, 19 Nov 2011 04:26:46 +0100") References: <4EC721F6.1090607__21467.0494701297$1321673272$gmane$org@enigmail.net> Message-ID: <8762igz2wi.fsf@latte.josefsson.org> Olav Seyfarth writes: > Hi list, > > I use my OpenPGP SmartCard in my laptop (W7+Linux) with a PCMCIA reader. > > I think about buying a new laptop. Unfortunately, new models often only > ExpressCard/54 slot is available today (if at all). > > After having had trouble with built-in SmartCard readers, > I think it's a good idea to use a ExpressCard/54 reader instead. > > It would help to have a hint which ExpressCard reader to buy. > The OpenPGP SmartCard HowTo does not recommend any ExpressCard reader. > > I found two ExpressCard/54 readers: > > * Gemalto PC Express (PCMCIA HWP114310D) > http://www.gemalto.com/products/pc_link_readers/#PC_Express > http://support.gemalto.com/?id=70 > > * SCM Microsystems SCR3340 Express Card Reader > http://www.identive-infrastructure.com/products-solutions/\ > smart-card-readers-a-terminals/smart-card-readers/scr3340 > > Any hands-on experience with them or other suggestions? I have the Gemalto PC Express card and has works excellent with OpenPGP (gnupg, ssh-agent, etc) for many months now. Here is some more info about it: http://pcsclite.alioth.debian.org/ccid/shouldwork.html#0x08E60x34EC http://pcsclite.alioth.debian.org/ccid/#106 Initially I bought another device, the OmniKey 4321: http://pcsclite.alioth.debian.org/ccid/#140 However it does not work well with OpenPGP cards, see this blog about the problem: http://ludovicrousseau.blogspot.com/2010/10/gnupg-v2-card-and-extended-apdu.html /Simon From wk at gnupg.org Sat Nov 19 20:31:19 2011 From: wk at gnupg.org (Werner Koch) Date: Sat, 19 Nov 2011 20:31:19 +0100 Subject: Which ExpressCard/54? In-Reply-To: <4EC721F6.1090607@enigmail.net> (Olav Seyfarth's message of "Sat, 19 Nov 2011 04:26:46 +0100") References: <4EC721F6.1090607@enigmail.net> Message-ID: <87d3cnzz7c.fsf@gnupg.org> On Sat, 19 Nov 2011 04:26, olav at enigmail.net said: > * Gemalto PC Express (PCMCIA HWP114310D) Gemalto usually works but they are not really interesting in supporting free software. > * SCM Microsystems SCR3340 Express Card Reader I have very good experience with that vendor; In case that one does not work, I promise to spend some time on fixing it. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From david at systemoverlord.com Sat Nov 19 22:35:21 2011 From: david at systemoverlord.com (David Tomaschik) Date: Sat, 19 Nov 2011 16:35:21 -0500 Subject: SCR3340 CardReader [Was: Re: Which ExpressCard/54?] In-Reply-To: <87d3cnzz7c.fsf@gnupg.org> References: <4EC721F6.1090607@enigmail.net> <87d3cnzz7c.fsf@gnupg.org> Message-ID: <4EC82119.4040906@systemoverlord.com> On 11/19/2011 02:31 PM, Werner Koch wrote: > On Sat, 19 Nov 2011 04:26, olav at enigmail.net said: > >> * Gemalto PC Express (PCMCIA HWP114310D) > > Gemalto usually works but they are not really interesting in supporting > free software. > >> * SCM Microsystems SCR3340 Express Card Reader > > I have very good experience with that vendor; In case that one does not > work, I promise to spend some time on fixing it. > > > Shalom-Salam, > > Werner > Werner & Others, I actually have an SCR3340 based reader that just doesn't want to work on my new laptop. It may not be a GnuPG issue, but perhaps you can suggest some debugging steps. (I don't mean to thread hijack, but I feel it's relevant as the OP is asking about this particular device.) $ gpg2 --card-status gpg: OpenPGP card not available: Not supported I've enabled debugging on scdaemon and attached the log file. Any insight would be greatly appreciated. -- David Tomaschik, RHCE, LPIC-1 System Administrator/Open Source Advocate OpenPGP: 0x5DEA789B http://systemoverlord.com david at systemoverlord.com -------------- next part -------------- A non-text attachment was scrubbed... Name: scdameon.log Type: text/x-log Size: 35005 bytes Desc: not available URL: From gnupg.user at seibercom.net Sun Nov 20 14:20:34 2011 From: gnupg.user at seibercom.net (Jerry) Date: Sun, 20 Nov 2011 08:20:34 -0500 Subject: SCR3340 CardReader [Was: Re: Which ExpressCard/54?] In-Reply-To: <4EC82119.4040906@systemoverlord.com> References: <4EC721F6.1090607@enigmail.net> <87d3cnzz7c.fsf@gnupg.org> <4EC82119.4040906@systemoverlord.com> Message-ID: <20111120082034.76a8c5c2@scorpio> On Sat, 19 Nov 2011 16:35:21 -0500 David Tomaschik articulated: > I actually have an SCR3340 based reader that just doesn't want to work > on my new laptop. It may not be a GnuPG issue, but perhaps you can > suggest some debugging steps. (I don't mean to thread hijack, but I > feel it's relevant as the OP is asking about this particular device.) > > $ gpg2 --card-status > gpg: OpenPGP card not available: Not supported > > I've enabled debugging on scdaemon and attached the log file. > > Any insight would be greatly appreciated. Have you tried this device on any other PC just to insure it is not a localized phenomena? It would seem like supplying your PC type, OS version and architecture and gpg2 version would be the least that is necessary to start in attempting to debug this situation. -- Jerry ? GNUPG.user at seibercom.net _____________________________________________________________________ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. From david at systemoverlord.com Sun Nov 20 20:42:50 2011 From: david at systemoverlord.com (David Tomaschik) Date: Sun, 20 Nov 2011 14:42:50 -0500 Subject: SCR3340 CardReader [Was: Re: Which ExpressCard/54?] In-Reply-To: <20111120082034.76a8c5c2@scorpio> References: <4EC721F6.1090607@enigmail.net> <87d3cnzz7c.fsf@gnupg.org> <4EC82119.4040906@systemoverlord.com> <20111120082034.76a8c5c2@scorpio> Message-ID: Jerry, I clearly was not thinking when I wrote that. The reader previously worked on another system, but not this one. This is a Dell Latitude E5420 running ubuntu 11.10 64 bit. I'm not at it right now, but I'm using all the latest packages from the repos. Thanks, David On Nov 20, 2011 7:24 AM, "Jerry" wrote: On Sat, 19 Nov 2011 16:35:21 -0500 David Tomaschik articulated: > I actually have an SCR3340 based reader that just doesn't want to work > on my new laptop. It ma... Have you tried this device on any other PC just to insure it is not a localized phenomena? It would seem like supplying your PC type, OS version and architecture and gpg2 version would be the least that is necessary to start in attempting to debug this situation. -- Jerry ? GNUPG.user at seibercom.net _____________________________________________________________________ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From tchitwoo at us.ibm.com Sun Nov 20 20:52:19 2011 From: tchitwoo at us.ibm.com (Thomas Chitwood) Date: Sun, 20 Nov 2011 12:52:19 -0700 Subject: AUTO: Out of office (returning 11/28/2011) Message-ID: I am out of the office until 11/28/2011. I will be on vacation the week of Nov 21 and will not have access to the internae or email. I will respond to your message when I return. If this is an FTP emergency, Please contact Doyle Hatfield or send and email to ftpit at us.ibm.com. Note: This is an automated response to your message "Re: SCR3340 CardReader [Was: Re: Which ExpressCard/54?]" sent on 11/20/11 6:20:34. This is the only notification you will receive while this person is away. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dkg at fifthhorseman.net Mon Nov 21 05:14:37 2011 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Sun, 20 Nov 2011 23:14:37 -0500 Subject: keys.gnupg.net In-Reply-To: <000001cca668$61b4f300$251ed900$@net> References: <000001cca668$61b4f300$251ed900$@net> Message-ID: <4EC9D02D.8060707@fifthhorseman.net> On 11/18/2011 10:07 PM, John A. Wallace wrote: > Hello. In my web browser I am looking at the url of keys.gnupg.net, keys.gnupg.net is a DNS round-robin which points to a number of OpenPGP keyservers, each of which syncs with each other. there are other DNS round-robin pools as well (one well-known one is pool.sks-keyservers.net). zimmermann.mayfirst.org (a.k.a. keys.mayfirst.org) happens to be a member of multiple pools. (i'm one of the administrators of this machine) If you visit a keys.gnupg.net again, you might very well end up at a different keyserver; that's the nature of DNS round-robin. As for the hkps -- it's significantly more complicated to do a dns round-robin between TLS-secured hosts in different administrative zones. So instructions for the use of hkps at the moment tend to encourage the use of a single hostname (rather than a pool). hth, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From olav at enigmail.net Mon Nov 21 07:32:52 2011 From: olav at enigmail.net (Olav Seyfarth) Date: Mon, 21 Nov 2011 07:32:52 +0100 Subject: Which ExpressCard/54? In-Reply-To: <87d3cnzz7c.fsf@gnupg.org> References: <4EC721F6.1090607@enigmail.net> <87d3cnzz7c.fsf@gnupg.org> Message-ID: <4EC9F094.7000404@enigmail.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hi Werner, > Gemalto usually works but they are not really interesting in supporting > free software. I have very good experience with SCM. that's a clear statement, ordered a SCR3340. > In case that one does not work, I promise to spend some time on fixing it. Cool. That's a bonus. Hopefully won't need it but thanks anyway! __ Thanks for all other responses, too, very helpful! Olav - -- The Enigmail Project - OpenPGP Email Security For Mozilla Applications -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Dies ist eine elektronische Signatur - http://enigmail.mozdev.org/ iQGcBAEBAwAGBQJOyfCIAAoJEKGX32tq4e9WjUgL/2XrrbYbRpQNgTG00YKH/ev2 WQ6pyte4SeqzwatT+IcmWFjvwf/02CI7DZpW61yOSOlnHyv7N4EmqHOKXDgHf6Dx coh1DNsUflw/idmnA4128tjn01x/08s09yEqHN4p2vzs9AN3WmiM1+qyFCk7aksF OeogvmP7rWR4Jxq83BYzes6RoEgiNMk8Ss6WMiT+oqLEIqTKFAGK7oQscVaFv1a/ zlglJz33w5ZVLS45K5xMyxFebCFYHaEK9/yJefaN3ZzcUUyNcfrp4234T5Ko9m3/ yiaf1ihc8a/25T5GM5Lb6KyUl8rydD/P5e/wbyGbS/blWWgineWsD9y30KdQV2PU KDqylBiYjfLDz2AhHicPNIDZrOU+2Q7EnT0qDsMjnmbh/mUIqTA2Oxx/hVjwYEMM exq8iPHWeTZjGtibf0P5OB9J7xgcfpEbl95vY9RnhfyttkRIbK10RnF07wqwPNDV aXJTeq7hE1MK3vR6VIhc7afgmZkVfdb3/EOJfy9VCg== =nO4x -----END PGP SIGNATURE----- From wk at gnupg.org Mon Nov 21 11:28:03 2011 From: wk at gnupg.org (Werner Koch) Date: Mon, 21 Nov 2011 11:28:03 +0100 Subject: SCR3340 CardReader In-Reply-To: (David Tomaschik's message of "Sun, 20 Nov 2011 14:42:50 -0500") References: <4EC721F6.1090607@enigmail.net> <87d3cnzz7c.fsf@gnupg.org> <4EC82119.4040906@systemoverlord.com> <20111120082034.76a8c5c2@scorpio> Message-ID: <87aa7pkbws.fsf@vigenere.g10code.de> On Sun, 20 Nov 2011 20:42, david at systemoverlord.com said: > I clearly was not thinking when I wrote that. The reader previously worked > on another system, but not this one. This is a Dell Latitude E5420 running > ubuntu 11.10 64 bit. I'm not at it right now, but I'm using all the latest Is there anyone else with problems using the internal CCID driver on a 64 bit system? Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From ljh6 at geneseo.edu Mon Nov 21 03:54:31 2011 From: ljh6 at geneseo.edu (Landon Hurley) Date: Sun, 20 Nov 2011 21:54:31 -0500 Subject: gpg: BAD signature Message-ID: <4EC9BD67.2010201@geneseo.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, I've been getting gpg command line and output: /usr/bin/gpg gpg: Signature made Sun 20 Nov 2011 07:25:22 PM EST using RSA key ID 13D0BABB gpg: BAD signature from "Landon Hurley " for a while now. I upgraded from 10.10 to 11.10 in the last month, and I'm guessing that it shouldn't be pointing to /usr/bin/gpg any longer. However gpg can still be activated from the terminal so I don't understand why it shouldn't work. I can use the same key pair from my phone with APG and OpenPGP and it still verifies, both from my phone and thunderbird. In fact, every account I have except this one that I'm emailing from works without problem. I thought I might have messed with the key pair, so I revoked the old key set and generated a new on device, and then ported them over to my phone. I still get the same results though. The only difference in output that I can find is the hash used, SHA1 (Desktop) vs SHA512, but changing that on my phone didn't result in an error either. I can get a verification through this account if I activate pgp/mime but since that only works with clients that support it, I'd rather run it as part of the email message body. Any help would be greatly appreciated, Landon Thunderbird 7.0.1 gpg --version:1.4.11 gpg2 --version:2.0.17 - --Please CC my account - -- Some people have told me they don't think a fat penguin really embodies the grace of Linux,which just tells me they have never seen an angry penguin charging at them in excess of 100 mph.They'd be a lot more careful about what they say if they had. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJOyb1nAAoJEA7RtHcT0Lq7RPoP/jAo0r/19mvdXmXTUpsZVo0F 09z00WGvh3eznmT16a4Rzoo7jubsYdvjwar/DMfF7oeSZXLc8JbxdZHODzWuiNBL 589NBs9MhsbZmFbJR79d9/3+fIVeKCDpPe2Qsdn48+FC0VP+9aI2nIcXmfgIvCgd V9yJD2rdyKXb7TrGhtr9MMDPQ8Fn81UsmDkE3KZrLYxChQDwQipZjl8McjfKyPYU x4F/r69aW2cVszG7zERKddeb61KEejm1ppJjrsr2Qt2T1IL8QmRpX6hgM3aj/pYv wksJOpDVB9E8MsNJQ5GL2GjWOwZZ7pdJ85uUi9mVsgu2UYZoz0q+GZzqb1Qpq2Fu GEVMQMK70zYtetLuUQ2y5+VVsY9T0nKNuZtjzFnj2aX7c0Sp+7Em3h0sJzw8vFAz 4fgADSdFHHiG2w30N6NAVf+xc1XdWpr80KxYI8jHOqr0IsM5AefaA6zoR8/1BV/u L7QjhGqvtMUiZ1udPYrkgQAFO+8TaoR7bnPp37QMBROb9/DQtARFIGLMN/st+Hor H7oRfk3LUF0yN/MlDC4Dhi2SRqXRZCDA7M7slVcuhKQlj06ebc3g1oVpfiwuCtaU pJPMqGDDF5pjTd4qdmSFiS1IAAAXzpzoBL5ScH2IJjKpklxw5uuaybOkiaBMniKX z653r6N0Uwi1zlvo55vW =KKCh -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Mon Nov 21 14:59:10 2011 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 21 Nov 2011 08:59:10 -0500 Subject: SCR3340 CardReader In-Reply-To: <87aa7pkbws.fsf@vigenere.g10code.de> References: <4EC721F6.1090607@enigmail.net> <87d3cnzz7c.fsf@gnupg.org> <4EC82119.4040906@systemoverlord.com> <20111120082034.76a8c5c2@scorpio> <87aa7pkbws.fsf@vigenere.g10code.de> Message-ID: <4ECA592E.8070806@sixdemonbag.org> On 11/21/11 5:28 AM, Werner Koch wrote: > Is there anyone else with problems using the internal CCID driver on > a 64 bit system? I've not had this problem on any of Fedora 15/x64, Win7/64 or OS X. I can't comment re: Ubuntu, though. From emmanuel.jooris at gmail.com Mon Nov 21 19:16:19 2011 From: emmanuel.jooris at gmail.com (Emmanuel JOORIS) Date: Mon, 21 Nov 2011 19:16:19 +0100 Subject: Problem with gpg smartcard / 4096bits keys In-Reply-To: References: <1321527521.2163.5.camel@LinTaff> <8762iix4c2.fsf@gnupg.org> Message-ID: <1321899379.2517.25.camel@kotomi.home.mahoru.net> Can i do an "up" ? Anyone have an idea or i need to re-gen my keys ? Regards Le jeudi 17 novembre 2011 ? 16:09 +0100, Emmanuel JOORIS a ?crit : > Here a full log, before i stop system pcscd but i seams that it is > reload by gpg2. > Also, i success to create or load and use 3072 bits keys. > > mahoru at debian:~/.gnupg$ gpg2 --card-edit > > scdaemon[3299]: enabled debug flags: cardio > scdaemon[3299]: listening on socket `/tmp/gpg-9QyA9z/S.scdaemon' > scdaemon[3299]: handler for fd -1 started > scdaemon[3299]: reader slot 0: not connected > scdaemon[3299]: slot 0: ATR=3B DA 18 FF 81 B1 FE 75 1F 03 00 31 C5 73 > C0 01 40 00 90 00 0C > scdaemon[3299]: DBG: send apdu: c=00 i=A4 p1=00 p2=0C lc=2 le=-1 em=0 > scdaemon[3299]: DBG: PCSC_data: 00 A4 00 0C 02 3F 00 > scdaemon[3299]: DBG: response: sw=6B00 datalen=0 > scdaemon[3299]: DBG: send apdu: c=00 i=A4 p1=04 p2=00 lc=6 le=-1 em=0 > scdaemon[3299]: DBG: PCSC_data: 00 A4 04 00 06 D2 76 00 01 24 01 > scdaemon[3299]: DBG: response: sw=9000 datalen=0 > scdaemon[3299]: DBG: dump: > scdaemon[3299]: DBG: send apdu: c=00 i=CA p1=00 p2=4F lc=-1 le=256 em=0 > scdaemon[3299]: DBG: PCSC_data: 00 CA 00 4F 00 > scdaemon[3299]: DBG: response: sw=9000 datalen=16 > scdaemon[3299]: DBG: dump: D2 76 00 01 24 01 02 00 00 05 00 00 > 10 E5 00 00 > scdaemon[3299]: AID: D2 76 00 01 24 01 02 00 00 05 00 00 10 E5 00 00 > scdaemon[3299]: DBG: send apdu: c=00 i=CA p1=5F p2=52 lc=-1 le=256 em=0 > scdaemon[3299]: DBG: PCSC_data: 00 CA 5F 52 00 > scdaemon[3299]: DBG: response: sw=9000 datalen=10 > scdaemon[3299]: DBG: dump: 00 31 C5 73 C0 01 40 05 90 00 > scdaemon[3299]: Historical Bytes: 00 31 C5 73 C0 01 40 05 90 00 > scdaemon[3299]: DBG: send apdu: c=00 i=CA p1=00 p2=C4 lc=-1 le=256 em=0 > scdaemon[3299]: DBG: PCSC_data: 00 CA 00 C4 00 > scdaemon[3299]: DBG: response: sw=9000 datalen=7 > scdaemon[3299]: DBG: dump: 01 20 20 20 03 00 03 > scdaemon[3299]: DBG: send apdu: c=00 i=CA p1=00 p2=6E lc=-1 le=256 em=0 > scdaemon[3299]: DBG: PCSC_data: 00 CA 00 6E 00 > scdaemon[3299]: DBG: response: sw=9000 datalen=217 > scdaemon[3299]: DBG: dump: 4F 10 D2 76 00 01 24 01 02 00 00 05 > 00 00 10 E5 00 00 5F 52 0A 00 31 C5 73 C0 01 40 05 90 00 73 81 B7 C0 > 0A 7C 00 08 00 08 00 08 00 08 00 C1 06 01 10 00 00 20 00 C2 06 01 10 > 00 00 20 00 C3 06 01 10 00 00 20 00 C4 07 01 20 20 20 03 00 03 C5 3C > 64 89 1D 7C 09 CC 65 8A 31 B2 D1 A4 90 2E 9E 03 D6 1B A0 38 87 A7 40 > 2C 8B 32 E3 80 8A 41 95 32 6D BC 54 33 FF A4 6E BA 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C6 3C 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 CD 0C 4E C3 D4 75 4E C3 D4 75 00 00 00 00 > scdaemon[3299]: DBG: send apdu: c=00 i=CA p1=00 p2=5E lc=-1 le=256 em=0 > scdaemon[3299]: DBG: PCSC_data: 00 CA 00 5E 00 > scdaemon[3299]: DBG: response: sw=9000 datalen=0 > scdaemon[3299]: DBG: dump: > scdaemon[3299]: Version-2 ......: yes > scdaemon[3299]: Get-Challenge ..: yes (2048 bytes max) > scdaemon[3299]: Key-Import .....: yes > scdaemon[3299]: Change-Force-PW1: yes > scdaemon[3299]: Private-DOs ....: yes > scdaemon[3299]: Algo-Attr-Change: yes > scdaemon[3299]: SM-Support .....: no > scdaemon[3299]: Max-Cert3-Len ..: 2048 > scdaemon[3299]: Max-Cmd-Data ...: 2048 > scdaemon[3299]: Max-Rsp-Data ...: 2048 > scdaemon[3299]: Cmd-Chaining ...: no > scdaemon[3299]: Ext-Lc-Le ......: yes > scdaemon[3299]: Status Indicator: 05 > scdaemon[3299]: GnuPG-No-Sync ..: no > scdaemon[3299]: GnuPG-Def-PW2 ..: no > scdaemon[3299]: DBG: send apdu: c=00 i=CA p1=00 p2=6E lc=-1 le=256 em=0 > scdaemon[3299]: DBG: PCSC_data: 00 CA 00 6E 00 > scdaemon[3299]: DBG: response: sw=9000 datalen=217 > scdaemon[3299]: DBG: dump: 4F 10 D2 76 00 01 24 01 02 00 00 05 > 00 00 10 E5 00 00 5F 52 0A 00 31 C5 73 C0 01 40 05 90 00 73 81 B7 C0 > 0A 7C 00 08 00 08 00 08 00 08 00 C1 06 01 10 00 00 20 00 C2 06 01 10 > 00 00 20 00 C3 06 01 10 00 00 20 00 C4 07 01 20 20 20 03 00 03 C5 3C > 64 89 1D 7C 09 CC 65 8A 31 B2 D1 A4 90 2E 9E 03 D6 1B A0 38 87 A7 40 > 2C 8B 32 E3 80 8A 41 95 32 6D BC 54 33 FF A4 6E BA 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C6 3C 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 CD 0C 4E C3 D4 75 4E C3 D4 75 00 00 00 00 > scdaemon[3299]: Key-Attr-sign ..: RSA, n=4096, e=32, fmt=std > scdaemon[3299]: DBG: send apdu: c=00 i=CA p1=00 p2=6E lc=-1 le=256 em=0 > scdaemon[3299]: DBG: PCSC_data: 00 CA 00 6E 00 > scdaemon[3299]: DBG: response: sw=9000 datalen=217 > scdaemon[3299]: DBG: dump: 4F 10 D2 76 00 01 24 01 02 00 00 05 > 00 00 10 E5 00 00 5F 52 0A 00 31 C5 73 C0 01 40 05 90 00 73 81 B7 C0 > 0A 7C 00 08 00 08 00 08 00 08 00 C1 06 01 10 00 00 20 00 C2 06 01 10 > 00 00 20 00 C3 06 01 10 00 00 20 00 C4 07 01 20 20 20 03 00 03 C5 3C > 64 89 1D 7C 09 CC 65 8A 31 B2 D1 A4 90 2E 9E 03 D6 1B A0 38 87 A7 40 > 2C 8B 32 E3 80 8A 41 95 32 6D BC 54 33 FF A4 6E BA 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C6 3C 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 CD 0C 4E C3 D4 75 4E C3 D4 75 00 00 00 00 > scdaemon[3299]: Key-Attr-encr ..: RSA, n=4096, e=32, fmt=std > scdaemon[3299]: DBG: send apdu: c=00 i=CA p1=00 p2=6E lc=-1 le=256 em=0 > scdaemon[3299]: DBG: PCSC_data: 00 CA 00 6E 00 > scdaemon[3299]: DBG: response: sw=9000 datalen=217 > scdaemon[3299]: DBG: dump: 4F 10 D2 76 00 01 24 01 02 00 00 05 > 00 00 10 E5 00 00 5F 52 0A 00 31 C5 73 C0 01 40 05 90 00 73 81 B7 C0 > 0A 7C 00 08 00 08 00 08 00 08 00 C1 06 01 10 00 00 20 00 C2 06 01 10 > 00 00 20 00 C3 06 01 10 00 00 20 00 C4 07 01 20 20 20 03 00 03 C5 3C > 64 89 1D 7C 09 CC 65 8A 31 B2 D1 A4 90 2E 9E 03 D6 1B A0 38 87 A7 40 > 2C 8B 32 E3 80 8A 41 95 32 6D BC 54 33 FF A4 6E BA 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C6 3C 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 CD 0C 4E C3 D4 75 4E C3 D4 75 00 00 00 00 > scdaemon[3299]: Key-Attr-auth ..: RSA, n=4096, e=32, fmt=std > scdaemon[3299]: DBG: send apdu: c=00 i=CA p1=00 p2=65 lc=-1 le=256 em=0 > scdaemon[3299]: DBG: PCSC_data: 00 CA 00 65 00 > scdaemon[3299]: DBG: response: sw=9000 datalen=27 > scdaemon[3299]: DBG: dump: 5B 10 4A 4F 4F 52 49 53 3C 3C 45 6D > 6D 61 6E 75 65 6C 5F 2D 02 66 72 5F 35 01 31 > scdaemon[3299]: DBG: send apdu: c=00 i=CA p1=5F p2=50 lc=-1 le=256 em=0 > scdaemon[3299]: DBG: PCSC_data: 00 CA 5F 50 00 > scdaemon[3299]: DBG: response: sw=9000 datalen=68 > scdaemon[3299]: DBG: dump: 68 74 74 70 3A 2F 2F 70 67 70 2E 6D > 69 74 2E 65 64 75 3A 31 31 33 37 31 2F 70 6B 73 2F 6C 6F 6F 6B 75 70 > 3F 6F 70 3D 67 65 74 26 73 65 61 72 63 68 3D 30 78 45 46 38 31 46 37 > 32 43 32 39 41 39 44 36 45 46 > scdaemon[3299]: DBG: send apdu: c=00 i=CA p1=00 p2=6E lc=-1 le=256 em=0 > scdaemon[3299]: DBG: PCSC_data: 00 CA 00 6E 00 > scdaemon[3299]: DBG: response: sw=9000 datalen=217 > scdaemon[3299]: DBG: dump: 4F 10 D2 76 00 01 24 01 02 00 00 05 > 00 00 10 E5 00 00 5F 52 0A 00 31 C5 73 C0 01 40 05 90 00 73 81 B7 C0 > 0A 7C 00 08 00 08 00 08 00 08 00 C1 06 01 10 00 00 20 00 C2 06 01 10 > 00 00 20 00 C3 06 01 10 00 00 20 00 C4 07 01 20 20 20 03 00 03 C5 3C > 64 89 1D 7C 09 CC 65 8A 31 B2 D1 A4 90 2E 9E 03 D6 1B A0 38 87 A7 40 > 2C 8B 32 E3 80 8A 41 95 32 6D BC 54 33 FF A4 6E BA 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C6 3C 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 CD 0C 4E C3 D4 75 4E C3 D4 75 00 00 00 00 > scdaemon[3299]: DBG: send apdu: c=00 i=CA p1=00 p2=C4 lc=-1 le=256 em=0 > scdaemon[3299]: DBG: PCSC_data: 00 CA 00 C4 00 > scdaemon[3299]: DBG: response: sw=9000 datalen=7 > scdaemon[3299]: DBG: dump: 01 20 20 20 03 00 03 > scdaemon[3299]: DBG: send apdu: c=00 i=CA p1=00 p2=7A lc=-1 le=256 em=0 > scdaemon[3299]: DBG: PCSC_data: 00 CA 00 7A 00 > scdaemon[3299]: DBG: response: sw=9000 datalen=5 > scdaemon[3299]: DBG: dump: 93 03 00 00 01 > scdaemon[3299]: DBG: send apdu: c=00 i=CA p1=01 p2=01 lc=-1 le=256 em=0 > scdaemon[3299]: DBG: PCSC_data: 00 CA 01 01 00 > scdaemon[3299]: DBG: response: sw=9000 datalen=0 > scdaemon[3299]: DBG: dump: > scdaemon[3299]: DBG: send apdu: c=00 i=CA p1=01 p2=02 lc=-1 le=256 em=0 > scdaemon[3299]: DBG: PCSC_data: 00 CA 01 02 00 > scdaemon[3299]: DBG: response: sw=9000 datalen=0 > scdaemon[3299]: DBG: dump: > scdaemon[3299]: DBG: send apdu: c=00 i=47 p1=81 p2=00 lc=2 le=2048 em=1 > scdaemon[3299]: DBG: PCSC_data: 00 47 81 00 00 00 02 B6 00 08 00 > scdaemon[3299]: DBG: response: sw=9000 datalen=527 > scdaemon[3299]: DBG: dump: 7F 49 82 02 0A 81 82 02 00 BF 41 94 > 00 D8 8C DF AA 8F AB 59 52 8D AF 3C 67 E1 76 0D 70 55 81 8A E0 1E 0E > E4 A4 BC FC C9 3D 9B 25 A5 E0 8E 0C FB 14 00 C3 8F AE 16 AE C4 62 2A > 84 41 B0 3D 2E 3A 19 F8 85 23 E8 96 69 67 CF 86 3A DF BB B6 F2 4F 0D > 8F 2D EB DF 5B FE 13 6C BC B9 A7 89 E6 07 C7 45 75 AA BD 99 2A 94 02 > 45 11 6B 63 64 6B 1D C6 EB 21 1D C2 2F 54 45 0A 3F 1E 4C CA F1 0D 38 > BB 2D 1C 3F 02 76 9E 99 1B 2E 8D 63 20 8C 2B 41 71 3B D7 78 0D 0F 7D > 3D 88 0C 65 01 D9 A1 57 D0 48 56 9D F1 02 D2 30 7D 67 2C 83 21 E1 AA > B3 A7 52 8D 3D E7 38 6A 40 16 C5 D2 4D 8C B1 6C A3 C3 3C 8A EA 94 50 > 1B 2C 51 3F 19 E8 DA 68 F4 7E AA 68 FE 44 2E 79 A1 09 23 09 25 44 88 > 63 0C 1B 6A D8 90 9B E4 40 86 62 03 D3 A6 B6 78 6A 07 8A 6E 16 FE 6B > 10 10 AF EB 7A 8F 8C 65 63 E5 15 91 4C 0A 07 A5 3C 1E 99 9D FD 36 9F > 05 18 D4 6A EB 81 36 C0 87 CD 7C 31 57 1F 04 38 75 9B CB 3D 87 30 1C > E3 49 8F B7 B4 48 E9 46 A2 2F CF CD F4 FB 49 7E 3C 6B 2B 92 20 C0 19 > F9 32 A2 E0 EF D6 E3 ED 47 26 91 E9 D7 17 7B 63 76 53 31 FC 95 3E 53 > 14 B1 27 04 D7 AC 16 7F 85 F2 1A E9 BF D5 53 4C A1 87 40 0E B3 54 92 > 20 52 F5 CE 49 9E 07 84 CF 25 84 76 27 E6 B8 73 1D A4 D6 8E 98 7A 83 > 80 31 C9 3C 04 20 B9 9B 49 E5 70 61 85 D1 22 8D D1 F9 99 FA 3F 87 77 > 38 BC 85 BD 79 11 0A 07 01 CB E6 03 8D 90 FA 81 4E 2F AC 2D CE 5D 46 > A5 8D C3 4B 0C 56 24 B5 B8 DB 3C A0 4E B1 BF D8 4B 82 29 8A EE DD E9 > 01 9B 06 F9 F7 6F E9 75 81 89 F2 70 88 6E D9 BA 48 28 31 10 DF 85 7E > 5C 93 80 5C B1 9B CE 4A E7 07 C9 32 94 C7 E0 5A DA 5D E5 10 83 35 35 > 31 8D 6B 9C 4D CB 28 B4 9A 2D 22 63 D7 6F C1 9D 4A 58 24 BB 08 5E 44 > E3 F5 5B 82 04 00 01 00 01 > scdaemon[3299]: DBG: send apdu: c=00 i=47 p1=81 p2=00 lc=2 le=2048 em=1 > scdaemon[3299]: DBG: PCSC_data: 00 47 81 00 00 00 02 B8 00 08 00 > scdaemon[3299]: DBG: response: sw=9000 datalen=527 > scdaemon[3299]: DBG: dump: 7F 49 82 02 0A 81 82 02 00 D2 B8 FE > 17 D2 42 D7 B1 39 20 BE B8 71 64 BA 95 0C AA A0 BD 48 2F 6D F1 B8 36 > 56 41 E3 E2 97 3B 96 76 60 A2 DA 73 1C AA 33 32 FD F6 8F CE 34 47 56 > 3D 8A 88 D3 30 40 02 77 4F F5 A1 D3 1A B8 CE 07 37 58 75 3E 05 1A F7 > 3C 51 C0 03 F7 B8 88 F3 C1 80 6C 0D 0B 6D 1B A0 D8 50 9A F7 06 B5 C5 > CC 83 D6 9E 47 E3 B3 27 24 9C 4E 86 AE 0F A6 85 79 0D 0F 8F 90 29 BB > BC EC 4A D4 FD 57 47 B5 81 05 85 6C C7 36 27 C0 75 BA E3 3B DB 9E 0E > 20 4D BA E2 81 04 C3 B8 90 7B 23 DE BA 0E 28 70 00 E0 8E 23 8F D2 0E > A4 D9 6B 25 50 D9 66 A0 3E EA 36 95 55 14 BA 24 F6 D7 94 C0 34 FE 6F > AB DF 4A E7 BE DF 50 F8 75 9D E1 CD 00 9A 1B 64 DB 95 BE 64 E0 E4 2E > CC D6 77 0F D5 30 5B C6 7A D9 30 E4 A0 F0 8E 3D 93 04 E0 12 8C 63 19 > F4 04 63 38 17 45 46 F5 4B E0 B9 68 28 C8 FF 0F 3D DC 3E 48 7F 16 C4 > CC B7 3D 29 AF 13 1E 8E EF 8B CB D5 7A 85 97 44 C6 76 CB 6A 09 EB B4 > F0 A3 C8 36 35 B4 22 3F 9B 0F 48 BF 2D DC C8 2F 11 33 A1 50 E2 6E 91 > 2C 65 50 FC D2 C1 76 AB A0 27 8E 71 D0 A0 A5 9A 64 C7 4C A2 DC 58 64 > 93 3A 94 E7 CE AC EC 5B 99 01 23 E8 69 30 40 C0 80 86 CE 57 CD DB F7 > 6E E5 36 7F 34 65 93 C2 A2 BC 07 CB D6 CC A3 0D 1D C2 A2 F1 3C 04 4D > B8 EA B9 AF C0 1C C6 6B D4 92 DD C3 0D 13 B9 33 C8 CD 22 64 CF F7 F7 > C7 C8 ED 4D 11 90 81 A0 6F CC 8D EA BE 4E 79 EA 3C 6B D8 82 4D B8 7D > C5 30 85 F8 75 BD 99 6A CA 1A 2E 5D 9D C4 0E 94 D7 E0 08 BE BC 39 74 > 76 A9 CF 44 8B 8F 18 78 3A 72 10 9A D4 8F ED 94 34 A2 CA 81 55 D9 34 > 1D 68 C0 F8 1B 04 55 9F 44 45 0F 80 F3 F9 36 5B 1E 30 00 8D 92 06 7A > E6 07 63 C1 EC 08 AE A1 A5 D8 A1 84 3C B2 8F 9B 5E C5 F3 B0 66 18 BF > FE 0D B5 82 04 00 01 00 01 > scdaemon[3299]: DBG: send apdu: c=00 i=47 p1=81 p2=00 lc=2 le=2048 em=1 > scdaemon[3299]: DBG: PCSC_data: 00 47 81 00 00 00 02 A4 00 08 00 > scdaemon[3299]: DBG: response: sw=6A88 datalen=0 > scdaemon[3299]: la lecture de la cl? publique a ?chou?: ?l?ment > manquant dans l'objet > Application ID ...: D2760001240102000005000010E50000 > Version ..........: 2.0 > Manufacturer .....: ZeitControl > Serial number ....: 000010E5 > Name of cardholder: Emmanuel JOORIS > Language prefs ...: fr > Sex ..............: masculin > URL of public key : > http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xEF81F72C29A9D6EF > Login data .......: [non positionn?] > Signature PIN ....: non forc? > Key attributes ...: 4096R 4096R 4096R > Max. PIN lengths .: 32 32 32 > PIN retry counter : 3 0 3 > Signature counter : 1 > Signature key ....: 6489 1D7C 09CC 658A 31B2 D1A4 902E 9E03 D61B A038 > created ....: 2011-11-16 15:19:17 > Encryption key....: 87A7 402C 8B32 E380 8A41 9532 6DBC 5433 FFA4 6EBA > created ....: 2011-11-16 15:19:17 > Authentication key: [none] > General key info..: [none] > > gpg/card> scdaemon[3299]: updating slot 0 status: 0x0000->0x0007 (0->1) > admin > Les commandes d'administration sont permises > > gpg/card> generate > scdaemon[3299]: DBG: send apdu: c=00 i=CA p1=00 p2=C4 lc=-1 le=256 em=0 > scdaemon[3299]: DBG: PCSC_data: 00 CA 00 C4 00 > scdaemon[3299]: DBG: response: sw=9000 datalen=7 > scdaemon[3299]: DBG: dump: 01 20 20 20 03 00 03 > Faire une sauvegarde hors carte de la cl? de chiffrement ? (O/n) n > gpg: signal Interrupt caught ... exiting > scdaemon[3299]: SIGINT received - immediate shutdown > scdaemon[3299]: scdaemon (GnuPG) 2.0.18 stopped > scdaemon[3299]: error sending PC/SC CLOSE request: Relais bris? (pipe) > > mahoru at debian:~/.gnupg$ killall pcscd > mahoru at debian:~/.gnupg$ killall pcscd > pcscd: aucun processus trouv? > mahoru at debian:~/.gnupg$ LANG=C gpg2 --card-edit > > scdaemon[3313]: enabled debug flags: cardio > scdaemon[3313]: listening on socket `/tmp/gpg-ielsWY/S.scdaemon' > scdaemon[3313]: handler for fd -1 started > scdaemon[3313]: reader slot 0: not connected > scdaemon[3313]: slot 0: ATR=3B DA 18 FF 81 B1 FE 75 1F 03 00 31 C5 73 > C0 01 40 00 90 00 0C > scdaemon[3313]: DBG: send apdu: c=00 i=A4 p1=00 p2=0C lc=2 le=-1 em=0 > scdaemon[3313]: DBG: PCSC_data: 00 A4 00 0C 02 3F 00 > scdaemon[3313]: DBG: response: sw=6B00 datalen=0 > scdaemon[3313]: DBG: send apdu: c=00 i=A4 p1=04 p2=00 lc=6 le=-1 em=0 > scdaemon[3313]: DBG: PCSC_data: 00 A4 04 00 06 D2 76 00 01 24 01 > scdaemon[3313]: DBG: response: sw=9000 datalen=0 > scdaemon[3313]: DBG: dump: > scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=00 p2=4F lc=-1 le=256 em=0 > scdaemon[3313]: DBG: PCSC_data: 00 CA 00 4F 00 > scdaemon[3313]: DBG: response: sw=9000 datalen=16 > scdaemon[3313]: DBG: dump: D2 76 00 01 24 01 02 00 00 05 00 00 > 10 E5 00 00 > scdaemon[3313]: AID: D2 76 00 01 24 01 02 00 00 05 00 00 10 E5 00 00 > scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=5F p2=52 lc=-1 le=256 em=0 > scdaemon[3313]: DBG: PCSC_data: 00 CA 5F 52 00 > scdaemon[3313]: DBG: response: sw=9000 datalen=10 > scdaemon[3313]: DBG: dump: 00 31 C5 73 C0 01 40 05 90 00 > scdaemon[3313]: Historical Bytes: 00 31 C5 73 C0 01 40 05 90 00 > scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=00 p2=C4 lc=-1 le=256 em=0 > scdaemon[3313]: DBG: PCSC_data: 00 CA 00 C4 00 > scdaemon[3313]: DBG: response: sw=9000 datalen=7 > scdaemon[3313]: DBG: dump: 01 20 20 20 03 00 03 > scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=00 p2=6E lc=-1 le=256 em=0 > scdaemon[3313]: DBG: PCSC_data: 00 CA 00 6E 00 > scdaemon[3313]: DBG: response: sw=9000 datalen=217 > scdaemon[3313]: DBG: dump: 4F 10 D2 76 00 01 24 01 02 00 00 05 > 00 00 10 E5 00 00 5F 52 0A 00 31 C5 73 C0 01 40 05 90 00 73 81 B7 C0 > 0A 7C 00 08 00 08 00 08 00 08 00 C1 06 01 10 00 00 20 00 C2 06 01 10 > 00 00 20 00 C3 06 01 10 00 00 20 00 C4 07 01 20 20 20 03 00 03 C5 3C > 64 89 1D 7C 09 CC 65 8A 31 B2 D1 A4 90 2E 9E 03 D6 1B A0 38 87 A7 40 > 2C 8B 32 E3 80 8A 41 95 32 6D BC 54 33 FF A4 6E BA 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C6 3C 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 CD 0C 4E C3 D4 75 4E C3 D4 75 00 00 00 00 > scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=00 p2=5E lc=-1 le=256 em=0 > scdaemon[3313]: DBG: PCSC_data: 00 CA 00 5E 00 > scdaemon[3313]: DBG: response: sw=9000 datalen=0 > scdaemon[3313]: DBG: dump: > scdaemon[3313]: Version-2 ......: yes > scdaemon[3313]: Get-Challenge ..: yes (2048 bytes max) > scdaemon[3313]: Key-Import .....: yes > scdaemon[3313]: Change-Force-PW1: yes > scdaemon[3313]: Private-DOs ....: yes > scdaemon[3313]: Algo-Attr-Change: yes > scdaemon[3313]: SM-Support .....: no > scdaemon[3313]: Max-Cert3-Len ..: 2048 > scdaemon[3313]: Max-Cmd-Data ...: 2048 > scdaemon[3313]: Max-Rsp-Data ...: 2048 > scdaemon[3313]: Cmd-Chaining ...: no > scdaemon[3313]: Ext-Lc-Le ......: yes > scdaemon[3313]: Status Indicator: 05 > scdaemon[3313]: GnuPG-No-Sync ..: no > scdaemon[3313]: GnuPG-Def-PW2 ..: no > scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=00 p2=6E lc=-1 le=256 em=0 > scdaemon[3313]: DBG: PCSC_data: 00 CA 00 6E 00 > scdaemon[3313]: DBG: response: sw=9000 datalen=217 > scdaemon[3313]: DBG: dump: 4F 10 D2 76 00 01 24 01 02 00 00 05 > 00 00 10 E5 00 00 5F 52 0A 00 31 C5 73 C0 01 40 05 90 00 73 81 B7 C0 > 0A 7C 00 08 00 08 00 08 00 08 00 C1 06 01 10 00 00 20 00 C2 06 01 10 > 00 00 20 00 C3 06 01 10 00 00 20 00 C4 07 01 20 20 20 03 00 03 C5 3C > 64 89 1D 7C 09 CC 65 8A 31 B2 D1 A4 90 2E 9E 03 D6 1B A0 38 87 A7 40 > 2C 8B 32 E3 80 8A 41 95 32 6D BC 54 33 FF A4 6E BA 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C6 3C 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 CD 0C 4E C3 D4 75 4E C3 D4 75 00 00 00 00 > scdaemon[3313]: Key-Attr-sign ..: RSA, n=4096, e=32, fmt=std > scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=00 p2=6E lc=-1 le=256 em=0 > scdaemon[3313]: DBG: PCSC_data: 00 CA 00 6E 00 > scdaemon[3313]: DBG: response: sw=9000 datalen=217 > scdaemon[3313]: DBG: dump: 4F 10 D2 76 00 01 24 01 02 00 00 05 > 00 00 10 E5 00 00 5F 52 0A 00 31 C5 73 C0 01 40 05 90 00 73 81 B7 C0 > 0A 7C 00 08 00 08 00 08 00 08 00 C1 06 01 10 00 00 20 00 C2 06 01 10 > 00 00 20 00 C3 06 01 10 00 00 20 00 C4 07 01 20 20 20 03 00 03 C5 3C > 64 89 1D 7C 09 CC 65 8A 31 B2 D1 A4 90 2E 9E 03 D6 1B A0 38 87 A7 40 > 2C 8B 32 E3 80 8A 41 95 32 6D BC 54 33 FF A4 6E BA 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C6 3C 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 CD 0C 4E C3 D4 75 4E C3 D4 75 00 00 00 00 > scdaemon[3313]: Key-Attr-encr ..: RSA, n=4096, e=32, fmt=std > scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=00 p2=6E lc=-1 le=256 em=0 > scdaemon[3313]: DBG: PCSC_data: 00 CA 00 6E 00 > scdaemon[3313]: DBG: response: sw=9000 datalen=217 > scdaemon[3313]: DBG: dump: 4F 10 D2 76 00 01 24 01 02 00 00 05 > 00 00 10 E5 00 00 5F 52 0A 00 31 C5 73 C0 01 40 05 90 00 73 81 B7 C0 > 0A 7C 00 08 00 08 00 08 00 08 00 C1 06 01 10 00 00 20 00 C2 06 01 10 > 00 00 20 00 C3 06 01 10 00 00 20 00 C4 07 01 20 20 20 03 00 03 C5 3C > 64 89 1D 7C 09 CC 65 8A 31 B2 D1 A4 90 2E 9E 03 D6 1B A0 38 87 A7 40 > 2C 8B 32 E3 80 8A 41 95 32 6D BC 54 33 FF A4 6E BA 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C6 3C 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 CD 0C 4E C3 D4 75 4E C3 D4 75 00 00 00 00 > scdaemon[3313]: Key-Attr-auth ..: RSA, n=4096, e=32, fmt=std > scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=00 p2=65 lc=-1 le=256 em=0 > scdaemon[3313]: DBG: PCSC_data: 00 CA 00 65 00 > scdaemon[3313]: DBG: response: sw=9000 datalen=27 > scdaemon[3313]: DBG: dump: 5B 10 4A 4F 4F 52 49 53 3C 3C 45 6D > 6D 61 6E 75 65 6C 5F 2D 02 66 72 5F 35 01 31 > scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=5F p2=50 lc=-1 le=256 em=0 > scdaemon[3313]: DBG: PCSC_data: 00 CA 5F 50 00 > scdaemon[3313]: DBG: response: sw=9000 datalen=68 > scdaemon[3313]: DBG: dump: 68 74 74 70 3A 2F 2F 70 67 70 2E 6D > 69 74 2E 65 64 75 3A 31 31 33 37 31 2F 70 6B 73 2F 6C 6F 6F 6B 75 70 > 3F 6F 70 3D 67 65 74 26 73 65 61 72 63 68 3D 30 78 45 46 38 31 46 37 > 32 43 32 39 41 39 44 36 45 46 > scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=00 p2=6E lc=-1 le=256 em=0 > scdaemon[3313]: DBG: PCSC_data: 00 CA 00 6E 00 > scdaemon[3313]: DBG: response: sw=9000 datalen=217 > scdaemon[3313]: DBG: dump: 4F 10 D2 76 00 01 24 01 02 00 00 05 > 00 00 10 E5 00 00 5F 52 0A 00 31 C5 73 C0 01 40 05 90 00 73 81 B7 C0 > 0A 7C 00 08 00 08 00 08 00 08 00 C1 06 01 10 00 00 20 00 C2 06 01 10 > 00 00 20 00 C3 06 01 10 00 00 20 00 C4 07 01 20 20 20 03 00 03 C5 3C > 64 89 1D 7C 09 CC 65 8A 31 B2 D1 A4 90 2E 9E 03 D6 1B A0 38 87 A7 40 > 2C 8B 32 E3 80 8A 41 95 32 6D BC 54 33 FF A4 6E BA 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C6 3C 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 CD 0C 4E C3 D4 75 4E C3 D4 75 00 00 00 00 > scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=00 p2=C4 lc=-1 le=256 em=0 > scdaemon[3313]: DBG: PCSC_data: 00 CA 00 C4 00 > scdaemon[3313]: DBG: response: sw=9000 datalen=7 > scdaemon[3313]: DBG: dump: 01 20 20 20 03 00 03 > scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=00 p2=7A lc=-1 le=256 em=0 > scdaemon[3313]: DBG: PCSC_data: 00 CA 00 7A 00 > scdaemon[3313]: DBG: response: sw=9000 datalen=5 > scdaemon[3313]: DBG: dump: 93 03 00 00 01 > scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=01 p2=01 lc=-1 le=256 em=0 > scdaemon[3313]: DBG: PCSC_data: 00 CA 01 01 00 > scdaemon[3313]: DBG: response: sw=9000 datalen=0 > scdaemon[3313]: DBG: dump: > scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=01 p2=02 lc=-1 le=256 em=0 > scdaemon[3313]: DBG: PCSC_data: 00 CA 01 02 00 > scdaemon[3313]: DBG: response: sw=9000 datalen=0 > scdaemon[3313]: DBG: dump: > scdaemon[3313]: DBG: send apdu: c=00 i=47 p1=81 p2=00 lc=2 le=2048 em=1 > scdaemon[3313]: DBG: PCSC_data: 00 47 81 00 00 00 02 B6 00 08 00 > scdaemon[3313]: DBG: response: sw=9000 datalen=527 > scdaemon[3313]: DBG: dump: 7F 49 82 02 0A 81 82 02 00 BF 41 94 > 00 D8 8C DF AA 8F AB 59 52 8D AF 3C 67 E1 76 0D 70 55 81 8A E0 1E 0E > E4 A4 BC FC C9 3D 9B 25 A5 E0 8E 0C FB 14 00 C3 8F AE 16 AE C4 62 2A > 84 41 B0 3D 2E 3A 19 F8 85 23 E8 96 69 67 CF 86 3A DF BB B6 F2 4F 0D > 8F 2D EB DF 5B FE 13 6C BC B9 A7 89 E6 07 C7 45 75 AA BD 99 2A 94 02 > 45 11 6B 63 64 6B 1D C6 EB 21 1D C2 2F 54 45 0A 3F 1E 4C CA F1 0D 38 > BB 2D 1C 3F 02 76 9E 99 1B 2E 8D 63 20 8C 2B 41 71 3B D7 78 0D 0F 7D > 3D 88 0C 65 01 D9 A1 57 D0 48 56 9D F1 02 D2 30 7D 67 2C 83 21 E1 AA > B3 A7 52 8D 3D E7 38 6A 40 16 C5 D2 4D 8C B1 6C A3 C3 3C 8A EA 94 50 > 1B 2C 51 3F 19 E8 DA 68 F4 7E AA 68 FE 44 2E 79 A1 09 23 09 25 44 88 > 63 0C 1B 6A D8 90 9B E4 40 86 62 03 D3 A6 B6 78 6A 07 8A 6E 16 FE 6B > 10 10 AF EB 7A 8F 8C 65 63 E5 15 91 4C 0A 07 A5 3C 1E 99 9D FD 36 9F > 05 18 D4 6A EB 81 36 C0 87 CD 7C 31 57 1F 04 38 75 9B CB 3D 87 30 1C > E3 49 8F B7 B4 48 E9 46 A2 2F CF CD F4 FB 49 7E 3C 6B 2B 92 20 C0 19 > F9 32 A2 E0 EF D6 E3 ED 47 26 91 E9 D7 17 7B 63 76 53 31 FC 95 3E 53 > 14 B1 27 04 D7 AC 16 7F 85 F2 1A E9 BF D5 53 4C A1 87 40 0E B3 54 92 > 20 52 F5 CE 49 9E 07 84 CF 25 84 76 27 E6 B8 73 1D A4 D6 8E 98 7A 83 > 80 31 C9 3C 04 20 B9 9B 49 E5 70 61 85 D1 22 8D D1 F9 99 FA 3F 87 77 > 38 BC 85 BD 79 11 0A 07 01 CB E6 03 8D 90 FA 81 4E 2F AC 2D CE 5D 46 > A5 8D C3 4B 0C 56 24 B5 B8 DB 3C A0 4E B1 BF D8 4B 82 29 8A EE DD E9 > 01 9B 06 F9 F7 6F E9 75 81 89 F2 70 88 6E D9 BA 48 28 31 10 DF 85 7E > 5C 93 80 5C B1 9B CE 4A E7 07 C9 32 94 C7 E0 5A DA 5D E5 10 83 35 35 > 31 8D 6B 9C 4D CB 28 B4 9A 2D 22 63 D7 6F C1 9D 4A 58 24 BB 08 5E 44 > E3 F5 5B 82 04 00 01 00 01 > scdaemon[3313]: DBG: send apdu: c=00 i=47 p1=81 p2=00 lc=2 le=2048 em=1 > scdaemon[3313]: DBG: PCSC_data: 00 47 81 00 00 00 02 B8 00 08 00 > scdaemon[3313]: DBG: response: sw=9000 datalen=527 > scdaemon[3313]: DBG: dump: 7F 49 82 02 0A 81 82 02 00 D2 B8 FE > 17 D2 42 D7 B1 39 20 BE B8 71 64 BA 95 0C AA A0 BD 48 2F 6D F1 B8 36 > 56 41 E3 E2 97 3B 96 76 60 A2 DA 73 1C AA 33 32 FD F6 8F CE 34 47 56 > 3D 8A 88 D3 30 40 02 77 4F F5 A1 D3 1A B8 CE 07 37 58 75 3E 05 1A F7 > 3C 51 C0 03 F7 B8 88 F3 C1 80 6C 0D 0B 6D 1B A0 D8 50 9A F7 06 B5 C5 > CC 83 D6 9E 47 E3 B3 27 24 9C 4E 86 AE 0F A6 85 79 0D 0F 8F 90 29 BB > BC EC 4A D4 FD 57 47 B5 81 05 85 6C C7 36 27 C0 75 BA E3 3B DB 9E 0E > 20 4D BA E2 81 04 C3 B8 90 7B 23 DE BA 0E 28 70 00 E0 8E 23 8F D2 0E > A4 D9 6B 25 50 D9 66 A0 3E EA 36 95 55 14 BA 24 F6 D7 94 C0 34 FE 6F > AB DF 4A E7 BE DF 50 F8 75 9D E1 CD 00 9A 1B 64 DB 95 BE 64 E0 E4 2E > CC D6 77 0F D5 30 5B C6 7A D9 30 E4 A0 F0 8E 3D 93 04 E0 12 8C 63 19 > F4 04 63 38 17 45 46 F5 4B E0 B9 68 28 C8 FF 0F 3D DC 3E 48 7F 16 C4 > CC B7 3D 29 AF 13 1E 8E EF 8B CB D5 7A 85 97 44 C6 76 CB 6A 09 EB B4 > F0 A3 C8 36 35 B4 22 3F 9B 0F 48 BF 2D DC C8 2F 11 33 A1 50 E2 6E 91 > 2C 65 50 FC D2 C1 76 AB A0 27 8E 71 D0 A0 A5 9A 64 C7 4C A2 DC 58 64 > 93 3A 94 E7 CE AC EC 5B 99 01 23 E8 69 30 40 C0 80 86 CE 57 CD DB F7 > 6E E5 36 7F 34 65 93 C2 A2 BC 07 CB D6 CC A3 0D 1D C2 A2 F1 3C 04 4D > B8 EA B9 AF C0 1C C6 6B D4 92 DD C3 0D 13 B9 33 C8 CD 22 64 CF F7 F7 > C7 C8 ED 4D 11 90 81 A0 6F CC 8D EA BE 4E 79 EA 3C 6B D8 82 4D B8 7D > C5 30 85 F8 75 BD 99 6A CA 1A 2E 5D 9D C4 0E 94 D7 E0 08 BE BC 39 74 > 76 A9 CF 44 8B 8F 18 78 3A 72 10 9A D4 8F ED 94 34 A2 CA 81 55 D9 34 > 1D 68 C0 F8 1B 04 55 9F 44 45 0F 80 F3 F9 36 5B 1E 30 00 8D 92 06 7A > E6 07 63 C1 EC 08 AE A1 A5 D8 A1 84 3C B2 8F 9B 5E C5 F3 B0 66 18 BF > FE 0D B5 82 04 00 01 00 01 > scdaemon[3313]: DBG: send apdu: c=00 i=47 p1=81 p2=00 lc=2 le=2048 em=1 > scdaemon[3313]: DBG: PCSC_data: 00 47 81 00 00 00 02 A4 00 08 00 > scdaemon[3313]: DBG: response: sw=6A88 datalen=0 > scdaemon[3313]: reading public key failed: Missing item in object > Application ID ...: D2760001240102000005000010E50000 > Version ..........: 2.0 > Manufacturer .....: ZeitControl > Serial number ....: XXXXXXXX > Name of cardholder: Emmanuel JOORIS > Language prefs ...: fr > Sex ..............: male > URL of public key : > http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xEF81F72C29A9D6EF > Login data .......: [not set] > Signature PIN ....: not forced > Key attributes ...: 4096R 4096R 4096R > Max. PIN lengths .: 32 32 32 > PIN retry counter : 3 0 3 > Signature counter : 1 > Signature key ....: 6489 1D7C 09CC 658A 31B2 D1A4 902E 9E03 D61B A038 > created ....: 2011-11-16 15:19:17 > Encryption key....: 87A7 402C 8B32 E380 8A41 9532 6DBC 5433 FFA4 6EBA > created ....: 2011-11-16 15:19:17 > Authentication key: [none] > General key info..: [none] > > gpg/card> scdaemon[3313]: updating slot 0 status: 0x0000->0x0007 (0->1) > admin > Admin commands are allowed > > gpg/card> generate > scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=00 p2=C4 lc=-1 le=256 em=0 > scdaemon[3313]: DBG: PCSC_data: 00 CA 00 C4 00 > scdaemon[3313]: DBG: response: sw=9000 datalen=7 > scdaemon[3313]: DBG: dump: 01 20 20 20 03 00 03 > Make off-card backup of encryption key? (Y/n) n > > gpg: NOTE: keys are already stored on the card! > > Replace existing keys? (y/N) y > scdaemon[3313]: DBG: asking for PIN '||Please enter the PIN' > > (pinentry:3322): GLib-GObject-CRITICAL **: Object class GtkSecureEntry > doesn't implement property 'editing-canceled' from interface > 'GtkCellEditable' > scdaemon[3313]: DBG: send apdu: c=00 i=20 p1=00 p2=82 lc=6 le=-1 em=0 > scdaemon[3313]: DBG: PCSC_data: 00 20 00 82 06 31 32 33 34 35 36 > scdaemon[3313]: DBG: response: sw=9000 datalen=0 > scdaemon[3313]: DBG: dump: > scdaemon[3313]: DBG: send apdu: c=00 i=20 p1=00 p2=81 lc=6 le=-1 em=0 > scdaemon[3313]: DBG: PCSC_data: 00 20 00 81 06 31 32 33 34 35 36 > scdaemon[3313]: DBG: response: sw=9000 datalen=0 > scdaemon[3313]: DBG: dump: > scdaemon[3313]: operation check_pin result: Success > What keysize do you want for the Signature key? (4096) > What keysize do you want for the Encryption key? (4096) > What keysize do you want for the Authentication key? (4096) > Please specify how long the key should be valid. > 0 = key does not expire > = key expires in n days > w = key expires in n weeks > m = key expires in n months > y = key expires in n years > Key is valid for? (0) 7 > Key expires at Thu Nov 24 16:06:15 2011 CET > Is this correct? (y/N) y > > GnuPG needs to construct a user ID to identify your key. > > Real name: TESTtest > Email address: > Comment: > You selected this USER-ID: > "TESTtest" > > Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o > scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=00 p2=6E lc=-1 le=256 em=0 > scdaemon[3313]: DBG: PCSC_data: 00 CA 00 6E 00 > scdaemon[3313]: DBG: response: sw=9000 datalen=217 > scdaemon[3313]: DBG: dump: 4F 10 D2 76 00 01 24 01 02 00 00 05 > 00 00 10 E5 00 00 5F 52 0A 00 31 C5 73 C0 01 40 05 90 00 73 81 B7 C0 > 0A 7C 00 08 00 08 00 08 00 08 00 C1 06 01 10 00 00 20 00 C2 06 01 10 > 00 00 20 00 C3 06 01 10 00 00 20 00 C4 07 01 20 20 20 03 00 03 C5 3C > 64 89 1D 7C 09 CC 65 8A 31 B2 D1 A4 90 2E 9E 03 D6 1B A0 38 87 A7 40 > 2C 8B 32 E3 80 8A 41 95 32 6D BC 54 33 FF A4 6E BA 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C6 3C 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 CD 0C 4E C3 D4 75 4E C3 D4 75 00 00 00 00 > scdaemon[3313]: existing key will be replaced > scdaemon[3313]: DBG: send apdu: c=00 i=CA p1=00 p2=C4 lc=-1 le=256 em=0 > scdaemon[3313]: DBG: PCSC_data: 00 CA 00 C4 00 > scdaemon[3313]: DBG: response: sw=9000 datalen=7 > scdaemon[3313]: DBG: dump: 01 20 20 20 03 00 03 > scdaemon[3313]: 3 Admin PIN attempts remaining before card is permanently locked > scdaemon[3313]: DBG: asking for PIN '|A|Please enter the Admin PIN' > > (pinentry:3326): GLib-GObject-CRITICAL **: Object class GtkSecureEntry > doesn't implement property 'editing-canceled' from interface > 'GtkCellEditable' > scdaemon[3313]: DBG: send apdu: c=00 i=20 p1=00 p2=83 lc=8 le=-1 em=0 > scdaemon[3313]: DBG: PCSC_data: 00 20 00 83 08 31 32 33 34 35 36 37 38 > scdaemon[3313]: DBG: response: sw=9000 datalen=0 > scdaemon[3313]: DBG: dump: > scdaemon[3313]: please wait while key is being generated ... > scdaemon[3313]: DBG: send apdu: c=00 i=47 p1=80 p2=00 lc=2 le=2048 em=1 > scdaemon[3313]: DBG: PCSC_data: 00 47 80 00 00 00 02 B6 00 08 00 > scdaemon[3313]: pcsc_transmit failed: not transacted (0x80100016) > scdaemon[3313]: apdu_send_simple(0) failed: general error > scdaemon[3313]: generating key failed > scdaemon[3313]: operation genkey result: Card error > gpg: key generation failed: Card error > Key generation failed: Card error > > 2011/11/17, Werner Koch : > > On Thu, 17 Nov 2011 11:58, emmanuel.jooris at gmail.com said: > > > >> I use Debian testing with gnupg2 2.0.18, i have a BCM5880 smart card > > > > I don't know thisreader. Is this from Broadcom? > > > >> scdaemon[2840]: pcsc_transmit failed: not transacted (0x80100016) > > > > This error message is kind of "general error". It usually has nothing to > > do with transactions. Adding "debug 2048" to scdaemon.conf will log all > > I/O with the reader. > > > > You may also try running without pcscd and thus use scdaemon's internal > > ccid reader. Make sure that you have write permissions to the USB > > device. > > > > > > > > Salam-Shalom, > > > > Werner > > > > -- > > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > > > > -- Emmanuel JOORIS GPG Key ID : 29A9D6EF Jabber ID : emmanuel.jooris at gmail.com -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: Ceci est une partie de message num?riquement sign?e URL: From alex at gpgtools.org Tue Nov 22 08:13:59 2011 From: alex at gpgtools.org (Alex (via GPGTools)) Date: Tue, 22 Nov 2011 08:13:59 +0100 Subject: [gpgtools-devel] Joint OpenPGP (JS) implementation In-Reply-To: <5121D268-A0E8-4223-AF11-5B0A2684B870@gpgtools.org> References: <61C40F54-2678-439C-8A13-C6CEC43C6FB9@gpgtools.org> <4EB82EED.7010209@mtu.edu> <4EB87A7C.5070703@mtu.edu> <7A5D4717-6EB1-448E-9AB3-596426C2129D@gpgtools.org> <81D15B68-F98C-4D1F-9585-A8023BCB35E0@gpgtools.org> <8C352D00-3BDE-4A67-8DF8-502C97E4C447@gpgtools.org> <4EC74C59.5080501@mtu.edu> <356B4E98-B10A-4FDB-8422-46DF5F801123@gpgtools.org> <5121D268-A0E8-4223-AF11-5B0A2684B870@gpgtools.org> Message-ID: <2BE00336-DFBA-4E4C-B7D8-36468DC6B097@gpgtools.org> (since the message was bounced (first, too many recipients, then too large) - I'm sending it again just to this list). Hi there, just updated the attached overview picture, added two more participants to this list (Jan (Crypto Stick) and David (DOMCrypt)) and also the GnuPG mailing list (might be of interest for someone there). Please have a look at the message thread below for details. If we can agree on the name OpenPGP.JS/openpgpjs (analog to videojs, pdfjs, ...) we should move the documentation, tickets and sources from https://github.com/GPGTools/openpgpjs/wiki https://github.com/GPGTools/openpgpjs/issues to https://github.com/openpgpjs/openpgpjs/wiki https://github.com/openpgpjs/openpgpjs/issues Best regards, Alex On 19.11.2011, at 23:04, Alex (via GPGTools) wrote: > Hi there, > > also attached the scope of our project from my point of view. > > Best regards, Alex > > On 19.11.2011, at 11:55, Alex (via GPGTools) wrote: > >> Hi there, >> >> just found GPG4Browsers[2], added the URL to our (temporary) wiki[2] and the contact to our (again temporary) mailing list. >> >> It seems to be clear that there is a big demand of a single core JavaScript OpenPGP implementation and we find more and more projects and developers. Still, the next issue seems to be to agree on a name before we can setup a infrastructure. Does anyone have a strong opinion on that (we can Doodle for a name)? I would like to continue with https://github.com/openpgpjs and add everyone interested in this project as admins. >> >> Best regards, Alex >> >> [1] http://gpg4browsers.recurity.com/ >> [2] https://github.com/GPGTools/openpgpjs/wiki >> >> On 19.11.2011, at 07:27, Ryan Sears wrote: >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA256 >>> >>> Hi Guys, >>> >>> So I realize that we're still in the very early stages of getting >>> everything started, but I raised an issue here: >>> >>> https://github.com/GPGTools/openpgpjs/issues/9 >>> >>> about potentially moving to a different repo, as I feel like this is >>> more under the GPGTools wing, and less of an independent project, with >>> equal shares from all the developers (which is what I would like to see). >>> >>> I also wonder if we wish to stick with openpgpjs? Maybe we could come up >>> with a cooler name? >>> >>> What are everyone else's thoughts on this? >>> >>> Also like I said last night, I'm all finished with the signature stuffs, >>> so now it's mostly just getting everything more polished then it already is: >>> >>> http://fitblip.github.com/JSPGP-Stuffs/pubkey.html >>> >>> Ryan >>> >>> On 11/18/2011 11:30 AM, Alex (via GPGTools) wrote: >>>> Thanks. Added it to the page: https://github.com/GPGTools/openpgpjs/wiki >>>> >>>> On 18.11.2011, at 16:45, Lukas Pitschl | Dressy Vagabonds wrote: >>>> >>>>> Hi, >>>>> >>>>> the most complete OpenPGP implementation besides GPG I could find was an implementation in Perl. >>>>> http://search.cpan.org/dist/Crypt-OpenPGP/ >>>>> >>>>> Maybe it's possible to learn a little from it and help by porting portions to Javascript. >>>>> >>>>> Best, >>>>> >>>>> Lukas >>>>> >>>>> Am 18.11.2011 um 12:06 schrieb Alex (via GPGTools): >>>>> >>>>>> Hi there, >>>>>> >>>>>>> I think it would be good to outreach to the GPG mailing list. >>>>>> >>>>>> I agree, this is issue 5 ( https://github.com/GPGTools/openpgpjs/issues/5 ). If someone from our small list here could sum up our current status and plan on the wiki ( https://github.com/GPGTools/openpgpjs/wiki ), I will post to other mailing lists/google/twitter/..., ask for others to participate and link to the according wiki page for more information. >>>>>> >>>>>> Best regards, Alex >>>>>> >>>>>> >>>>>> On 18.11.2011, at 03:46, Sean Colyer wrote: >>>>>> >>>>>>> I think it would be good to outreach to the GPG mailing list. Since Tino and Bill were added to this list, do either of you have any interest in working on this development? >>>>>>> >>>>>>> I still have not heard back from mete0r, unfortunately. >>>>>>> >>>>>>> I've continued to work on this from my end. I'm currently working on key generation, and seem to have most of the basics outlined... I'm having some trouble generating Key ID's that agree with the ID's generated by gpg. I believe I'm following 12.2 of RFC 4880 pretty closely, but I would love some insight if anyone has worked with this bit directly... >>>>>>> >>>>>>> On Sun, Nov 13, 2011 at 5:52 AM, Alex (via GPGTools) wrote: >>>>>>> Hi there, >>>>>>> >>>>>>>> * How to proceed (e.g. which infrastructure to use)? >>>>>>> ... >>>>>>>> I can offer to extend our existing GPGTools infrastructure to host everything related to this project. >>>>>>> >>>>>>> >>>>>>> just to take the next step: >>>>>>> >>>>>>> * Sources: https://github.com/GPGTools/openpgpjs/ >>>>>>> * Tickets: https://github.com/GPGTools/openpgpjs/issues >>>>>>> * Documentation: https://github.com/GPGTools/openpgpjs/wiki >>>>>>> >>>>>>> Best regards, Alex >>>>>>> >>>>>>> >>>>>>> On 08.11.2011, at 23:59, Alex (via GPGTools) wrote: >>>>>>> >>>>>>>> Hi there, >>>>>>>> >>>>>>>> Thank you for all your answers! I think there's a big chance for us to develop a core OpenPGP JavaScript core library. Let me try to summarize: >>>>>>>> >>>>>>>> Main Objectives (partly from https://github.com/GPGTools/Mobile/wiki/Introduction): >>>>>>>> * (Test-driven) implementation of a standard JavaScript OpenPGP implementation >>>>>>>> * Make it clean and object orientated >>>>>>>> * Merge existing code projects while starting from scratch creating a core library but without reinventing the wheel >>>>>>>> * Use/integrate it in other projects >>>>>>>> >>>>>>>> Current Issues: >>>>>>>> * How to proceed (e.g. which infrastructure to use)? >>>>>>>> * How to contact Mete0r? >>>>>>>> * Find even more developers (e.g. via gnupg mailing lists) >>>>>>>> * Write initial tests (use cases, workflows, example messages, expectations, ...) >>>>>>>> * Which BigInt library to use? >>>>>>>> * Support v3 keys? >>>>>>>> >>>>>>>> Needed Infrastructure: >>>>>>>> * Ticket system (e.g. lighthouse) >>>>>>>> * Source versioning (e.g. github) >>>>>>>> * Documentation (e.g. github wiki) >>>>>>>> * Communication (e.g. mailing list) >>>>>>>> * Continuos Testing (e.g. build bot) >>>>>>>> >>>>>>>> Codebase: >>>>>>>> * Original HaneWIN >>>>>>>> * gmail-Crypt >>>>>>>> * mete0r >>>>>>>> * JSPGP >>>>>>>> >>>>>>>> I can offer to extend our existing GPGTools infrastructure to host everything related to this project. >>>>>>>> >>>>>>>> Best regards, Alex -- http://gpgtools.org http://gpgtools.org/about (Google+, Twitter, RSS) From rdsears at mtu.edu Mon Nov 21 21:20:54 2011 From: rdsears at mtu.edu (Ryan Sears) Date: Mon, 21 Nov 2011 15:20:54 -0500 Subject: [gpgtools-devel] Joint OpenPGP (JS) implementation In-Reply-To: References: <61C40F54-2678-439C-8A13-C6CEC43C6FB9@gpgtools.org> <4EB82EED.7010209@mtu.edu> <4EB87A7C.5070703@mtu.edu> <7A5D4717-6EB1-448E-9AB3-596426C2129D@gpgtools.org> <81D15B68-F98C-4D1F-9585-A8023BCB35E0@gpgtools.org> <8C352D00-3BDE-4A67-8DF8-502C97E4C447@gpgtools.org> <4EC74C59.5080501@mtu.edu> <356B4E98-B10A-4FDB-8422-46DF5F801123@gpgtools.org> <5121D268-A0E8-4223-AF11-5B0A2684B870@gpgtools.org> Message-ID: <4ECAB2A6.3040105@mtu.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hey Alex Sounds great to me! Thanks for doing that :). I won't have too much time to be doing anything here for this week since I'm visiting the family and whatnot, but next week I'll be able to start contributing properly! Ryan On 11/21/2011 12:59 PM, Alex (via GPGTools) wrote: > Hi there, > > just updated the attached overview picture, added two more > participants to this list (Jan (Crypto Stick) and David (DOMCrypt)) > and also the GnuPG mailing list (might be of interest for someone > there). Please have a look at the message thread below for > details. > > If we can agree on the name OpenPGP.JS/openpgpjs (analog to > videojs, pdfjs, ...) we should move the documentation, tickets and > sources from > > https://github.com/GPGTools/openpgpjs/wiki > https://github.com/GPGTools/openpgpjs/issues > > to > > https://github.com/openpgpjs/openpgpjs/wiki > https://github.com/openpgpjs/openpgpjs/issues > > Best regards, Alex > > > > > > > On 19.11.2011, at 23:04, Alex (via GPGTools) wrote: > >> Hi there, >> >> also attached the scope of our project from my point of view. >> >> Best regards, Alex >> >> On 19.11.2011, at 11:55, Alex (via GPGTools) wrote: >> >>> Hi there, >>> >>> just found GPG4Browsers[2], added the URL to our (temporary) >>> wiki[2] and the contact to our (again temporary) mailing list. >>> >>> It seems to be clear that there is a big demand of a single >>> core JavaScript OpenPGP implementation and we find more and >>> more projects and developers. Still, the next issue seems to be >>> to agree on a name before we can setup a infrastructure. Does >>> anyone have a strong opinion on that (we can Doodle for a >>> name)? I would like to continue with >>> https://github.com/openpgpjs and add everyone interested in >>> this project as admins. >>> >>> Best regards, Alex >>> >>> [1] http://gpg4browsers.recurity.com/ [2] >>> https://github.com/GPGTools/openpgpjs/wiki >>> >>> On 19.11.2011, at 07:27, Ryan Sears wrote: >>> >>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 >>>> >>>> Hi Guys, >>>> >>>> So I realize that we're still in the very early stages of >>>> getting everything started, but I raised an issue here: >>>> >>>> https://github.com/GPGTools/openpgpjs/issues/9 >>>> >>>> about potentially moving to a different repo, as I feel like >>>> this is more under the GPGTools wing, and less of an >>>> independent project, with equal shares from all the >>>> developers (which is what I would like to see). >>>> >>>> I also wonder if we wish to stick with openpgpjs? Maybe we >>>> could come up with a cooler name? >>>> >>>> What are everyone else's thoughts on this? >>>> >>>> Also like I said last night, I'm all finished with the >>>> signature stuffs, so now it's mostly just getting everything >>>> more polished then it already is: >>>> >>>> http://fitblip.github.com/JSPGP-Stuffs/pubkey.html >>>> >>>> Ryan >>>> >>>> On 11/18/2011 11:30 AM, Alex (via GPGTools) wrote: >>>>> Thanks. Added it to the page: >>>>> https://github.com/GPGTools/openpgpjs/wiki >>>>> >>>>> On 18.11.2011, at 16:45, Lukas Pitschl | Dressy Vagabonds >>>>> wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> the most complete OpenPGP implementation besides GPG I >>>>>> could find was an implementation in Perl. >>>>>> http://search.cpan.org/dist/Crypt-OpenPGP/ >>>>>> >>>>>> Maybe it's possible to learn a little from it and help by >>>>>> porting portions to Javascript. >>>>>> >>>>>> Best, >>>>>> >>>>>> Lukas >>>>>> >>>>>> Am 18.11.2011 um 12:06 schrieb Alex (via GPGTools): >>>>>> >>>>>>> Hi there, >>>>>>> >>>>>>>> I think it would be good to outreach to the GPG >>>>>>>> mailing list. >>>>>>> >>>>>>> I agree, this is issue 5 ( >>>>>>> https://github.com/GPGTools/openpgpjs/issues/5 ). If >>>>>>> someone from our small list here could sum up our >>>>>>> current status and plan on the wiki ( >>>>>>> https://github.com/GPGTools/openpgpjs/wiki ), I will >>>>>>> post to other mailing lists/google/twitter/..., ask for >>>>>>> others to participate and link to the according wiki >>>>>>> page for more information. >>>>>>> >>>>>>> Best regards, Alex >>>>>>> >>>>>>> >>>>>>> On 18.11.2011, at 03:46, Sean Colyer wrote: >>>>>>> >>>>>>>> I think it would be good to outreach to the GPG >>>>>>>> mailing list. Since Tino and Bill were added to this >>>>>>>> list, do either of you have any interest in working >>>>>>>> on this development? >>>>>>>> >>>>>>>> I still have not heard back from mete0r, >>>>>>>> unfortunately. >>>>>>>> >>>>>>>> I've continued to work on this from my end. I'm >>>>>>>> currently working on key generation, and seem to have >>>>>>>> most of the basics outlined... I'm having some >>>>>>>> trouble generating Key ID's that agree with the ID's >>>>>>>> generated by gpg. I believe I'm following 12.2 of RFC >>>>>>>> 4880 pretty closely, but I would love some insight if >>>>>>>> anyone has worked with this bit directly... >>>>>>>> >>>>>>>> On Sun, Nov 13, 2011 at 5:52 AM, Alex (via GPGTools) >>>>>>>> wrote: Hi there, >>>>>>>> >>>>>>>>> * How to proceed (e.g. which infrastructure to >>>>>>>>> use)? >>>>>>>> ... >>>>>>>>> I can offer to extend our existing GPGTools >>>>>>>>> infrastructure to host everything related to this >>>>>>>>> project. >>>>>>>> >>>>>>>> >>>>>>>> just to take the next step: >>>>>>>> >>>>>>>> * Sources: https://github.com/GPGTools/openpgpjs/ * >>>>>>>> Tickets: >>>>>>>> https://github.com/GPGTools/openpgpjs/issues * >>>>>>>> Documentation: >>>>>>>> https://github.com/GPGTools/openpgpjs/wiki >>>>>>>> >>>>>>>> Best regards, Alex >>>>>>>> >>>>>>>> >>>>>>>> On 08.11.2011, at 23:59, Alex (via GPGTools) wrote: >>>>>>>> >>>>>>>>> Hi there, >>>>>>>>> >>>>>>>>> Thank you for all your answers! I think there's a >>>>>>>>> big chance for us to develop a core OpenPGP >>>>>>>>> JavaScript core library. Let me try to summarize: >>>>>>>>> >>>>>>>>> Main Objectives (partly from >>>>>>>>> https://github.com/GPGTools/Mobile/wiki/Introduction): >>>>>>>>> >>>>>>>>> * (Test-driven) implementation of a standard JavaScript OpenPGP implementation >>>>>>>>> * Make it clean and object orientated * Merge >>>>>>>>> existing code projects while starting from scratch >>>>>>>>> creating a core library but without reinventing the >>>>>>>>> wheel * Use/integrate it in other projects >>>>>>>>> >>>>>>>>> Current Issues: * How to proceed (e.g. which >>>>>>>>> infrastructure to use)? * How to contact Mete0r? * >>>>>>>>> Find even more developers (e.g. via gnupg mailing >>>>>>>>> lists) * Write initial tests (use cases, workflows, >>>>>>>>> example messages, expectations, ...) * Which BigInt >>>>>>>>> library to use? * Support v3 keys? >>>>>>>>> >>>>>>>>> Needed Infrastructure: * Ticket system (e.g. >>>>>>>>> lighthouse) * Source versioning (e.g. github) * >>>>>>>>> Documentation (e.g. github wiki) * Communication >>>>>>>>> (e.g. mailing list) * Continuos Testing (e.g. build >>>>>>>>> bot) >>>>>>>>> >>>>>>>>> Codebase: * Original HaneWIN * gmail-Crypt * >>>>>>>>> mete0r * JSPGP >>>>>>>>> >>>>>>>>> I can offer to extend our existing GPGTools >>>>>>>>> infrastructure to host everything related to this >>>>>>>>> project. >>>>>>>>> >>>>>>>>> Best regards, Alex >>> >>> >>> >>> -- http://gpgtools.org http://gpgtools.org/about (Google+, >>> Twitter, RSS) >>> >> >> >> >> >> -- http://gpgtools.org http://gpgtools.org/about (Google+, >> Twitter, RSS) > > > > > > > -- http://gpgtools.org http://gpgtools.org/about (Google+, Twitter, > RSS) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iF4EAREIAAYFAk7KsckACgkQt/95fIeU+XbprgD/bNbxr5BSjALzhGNBgQwzT8Kp H7LOg1SZdaqhLvXRBHUBAIVm7wlsOhdvcLl71IDMMNt4jjHWhVuwzal+gwwgwbl5 =uFcQ -----END PGP SIGNATURE----- From alex at gpgtools.org Mon Nov 21 18:59:11 2011 From: alex at gpgtools.org (Alex (via GPGTools)) Date: Mon, 21 Nov 2011 18:59:11 +0100 Subject: [gpgtools-devel] Joint OpenPGP (JS) implementation In-Reply-To: <5121D268-A0E8-4223-AF11-5B0A2684B870@gpgtools.org> References: <61C40F54-2678-439C-8A13-C6CEC43C6FB9@gpgtools.org> <4EB82EED.7010209@mtu.edu> <4EB87A7C.5070703@mtu.edu> <7A5D4717-6EB1-448E-9AB3-596426C2129D@gpgtools.org> <81D15B68-F98C-4D1F-9585-A8023BCB35E0@gpgtools.org> <8C352D00-3BDE-4A67-8DF8-502C97E4C447@gpgtools.org> <4EC74C59.5080501@mtu.edu> <356B4E98-B10A-4FDB-8422-46DF5F801123@gpgtools.org> <5121D268-A0E8-4223-AF11-5B0A2684B870@gpgtools.org> Message-ID: Hi there, just updated the attached overview picture, added two more participants to this list (Jan (Crypto Stick) and David (DOMCrypt)) and also the GnuPG mailing list (might be of interest for someone there). Please have a look at the message thread below for details. If we can agree on the name OpenPGP.JS/openpgpjs (analog to videojs, pdfjs, ...) we should move the documentation, tickets and sources from https://github.com/GPGTools/openpgpjs/wiki https://github.com/GPGTools/openpgpjs/issues to https://github.com/openpgpjs/openpgpjs/wiki https://github.com/openpgpjs/openpgpjs/issues Best regards, Alex -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP.js.pdf Type: application/pdf Size: 80551 bytes Desc: not available URL: -------------- next part -------------- On 19.11.2011, at 23:04, Alex (via GPGTools) wrote: > Hi there, > > also attached the scope of our project from my point of view. > > Best regards, Alex > > On 19.11.2011, at 11:55, Alex (via GPGTools) wrote: > >> Hi there, >> >> just found GPG4Browsers[2], added the URL to our (temporary) wiki[2] and the contact to our (again temporary) mailing list. >> >> It seems to be clear that there is a big demand of a single core JavaScript OpenPGP implementation and we find more and more projects and developers. Still, the next issue seems to be to agree on a name before we can setup a infrastructure. Does anyone have a strong opinion on that (we can Doodle for a name)? I would like to continue with https://github.com/openpgpjs and add everyone interested in this project as admins. >> >> Best regards, Alex >> >> [1] http://gpg4browsers.recurity.com/ >> [2] https://github.com/GPGTools/openpgpjs/wiki >> >> On 19.11.2011, at 07:27, Ryan Sears wrote: >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA256 >>> >>> Hi Guys, >>> >>> So I realize that we're still in the very early stages of getting >>> everything started, but I raised an issue here: >>> >>> https://github.com/GPGTools/openpgpjs/issues/9 >>> >>> about potentially moving to a different repo, as I feel like this is >>> more under the GPGTools wing, and less of an independent project, with >>> equal shares from all the developers (which is what I would like to see). >>> >>> I also wonder if we wish to stick with openpgpjs? Maybe we could come up >>> with a cooler name? >>> >>> What are everyone else's thoughts on this? >>> >>> Also like I said last night, I'm all finished with the signature stuffs, >>> so now it's mostly just getting everything more polished then it already is: >>> >>> http://fitblip.github.com/JSPGP-Stuffs/pubkey.html >>> >>> Ryan >>> >>> On 11/18/2011 11:30 AM, Alex (via GPGTools) wrote: >>>> Thanks. Added it to the page: https://github.com/GPGTools/openpgpjs/wiki >>>> >>>> On 18.11.2011, at 16:45, Lukas Pitschl | Dressy Vagabonds wrote: >>>> >>>>> Hi, >>>>> >>>>> the most complete OpenPGP implementation besides GPG I could find was an implementation in Perl. >>>>> http://search.cpan.org/dist/Crypt-OpenPGP/ >>>>> >>>>> Maybe it's possible to learn a little from it and help by porting portions to Javascript. >>>>> >>>>> Best, >>>>> >>>>> Lukas >>>>> >>>>> Am 18.11.2011 um 12:06 schrieb Alex (via GPGTools): >>>>> >>>>>> Hi there, >>>>>> >>>>>>> I think it would be good to outreach to the GPG mailing list. >>>>>> >>>>>> I agree, this is issue 5 ( https://github.com/GPGTools/openpgpjs/issues/5 ). If someone from our small list here could sum up our current status and plan on the wiki ( https://github.com/GPGTools/openpgpjs/wiki ), I will post to other mailing lists/google/twitter/..., ask for others to participate and link to the according wiki page for more information. >>>>>> >>>>>> Best regards, Alex >>>>>> >>>>>> >>>>>> On 18.11.2011, at 03:46, Sean Colyer wrote: >>>>>> >>>>>>> I think it would be good to outreach to the GPG mailing list. Since Tino and Bill were added to this list, do either of you have any interest in working on this development? >>>>>>> >>>>>>> I still have not heard back from mete0r, unfortunately. >>>>>>> >>>>>>> I've continued to work on this from my end. I'm currently working on key generation, and seem to have most of the basics outlined... I'm having some trouble generating Key ID's that agree with the ID's generated by gpg. I believe I'm following 12.2 of RFC 4880 pretty closely, but I would love some insight if anyone has worked with this bit directly... >>>>>>> >>>>>>> On Sun, Nov 13, 2011 at 5:52 AM, Alex (via GPGTools) wrote: >>>>>>> Hi there, >>>>>>> >>>>>>>> * How to proceed (e.g. which infrastructure to use)? >>>>>>> ... >>>>>>>> I can offer to extend our existing GPGTools infrastructure to host everything related to this project. >>>>>>> >>>>>>> >>>>>>> just to take the next step: >>>>>>> >>>>>>> * Sources: https://github.com/GPGTools/openpgpjs/ >>>>>>> * Tickets: https://github.com/GPGTools/openpgpjs/issues >>>>>>> * Documentation: https://github.com/GPGTools/openpgpjs/wiki >>>>>>> >>>>>>> Best regards, Alex >>>>>>> >>>>>>> >>>>>>> On 08.11.2011, at 23:59, Alex (via GPGTools) wrote: >>>>>>> >>>>>>>> Hi there, >>>>>>>> >>>>>>>> Thank you for all your answers! I think there's a big chance for us to develop a core OpenPGP JavaScript core library. Let me try to summarize: >>>>>>>> >>>>>>>> Main Objectives (partly from https://github.com/GPGTools/Mobile/wiki/Introduction): >>>>>>>> * (Test-driven) implementation of a standard JavaScript OpenPGP implementation >>>>>>>> * Make it clean and object orientated >>>>>>>> * Merge existing code projects while starting from scratch creating a core library but without reinventing the wheel >>>>>>>> * Use/integrate it in other projects >>>>>>>> >>>>>>>> Current Issues: >>>>>>>> * How to proceed (e.g. which infrastructure to use)? >>>>>>>> * How to contact Mete0r? >>>>>>>> * Find even more developers (e.g. via gnupg mailing lists) >>>>>>>> * Write initial tests (use cases, workflows, example messages, expectations, ...) >>>>>>>> * Which BigInt library to use? >>>>>>>> * Support v3 keys? >>>>>>>> >>>>>>>> Needed Infrastructure: >>>>>>>> * Ticket system (e.g. lighthouse) >>>>>>>> * Source versioning (e.g. github) >>>>>>>> * Documentation (e.g. github wiki) >>>>>>>> * Communication (e.g. mailing list) >>>>>>>> * Continuos Testing (e.g. build bot) >>>>>>>> >>>>>>>> Codebase: >>>>>>>> * Original HaneWIN >>>>>>>> * gmail-Crypt >>>>>>>> * mete0r >>>>>>>> * JSPGP >>>>>>>> >>>>>>>> I can offer to extend our existing GPGTools infrastructure to host everything related to this project. >>>>>>>> >>>>>>>> Best regards, Alex >> >> >> >> -- >> http://gpgtools.org >> http://gpgtools.org/about (Google+, Twitter, RSS) >> > > > > > -- > http://gpgtools.org > http://gpgtools.org/about (Google+, Twitter, RSS) -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP.js.pdf Type: application/pdf Size: 80551 bytes Desc: not available URL: -------------- next part -------------- -- http://gpgtools.org http://gpgtools.org/about (Google+, Twitter, RSS) From cryptostick at privacyfoundation.de Tue Nov 22 03:22:15 2011 From: cryptostick at privacyfoundation.de (Crypto Stick) Date: Tue, 22 Nov 2011 10:22:15 +0800 Subject: [gpgtools-devel] Joint OpenPGP (JS) implementation In-Reply-To: References: <61C40F54-2678-439C-8A13-C6CEC43C6FB9@gpgtools.org> <4EB82EED.7010209@mtu.edu> <4EB87A7C.5070703@mtu.edu> <7A5D4717-6EB1-448E-9AB3-596426C2129D@gpgtools.org> <81D15B68-F98C-4D1F-9585-A8023BCB35E0@gpgtools.org> <8C352D00-3BDE-4A67-8DF8-502C97E4C447@gpgtools.org> <4EC74C59.5080501@mtu.edu> <356B4E98-B10A-4FDB-8422-46DF5F801123@gpgtools.org> <5121D268-A0E8-4223-AF11-5B0A2684B870@gpgtools.org> Message-ID: <4ECB0757.2070902@privacyfoundation.de> Hi! I'm just wondering if unhosted.org could be an interesting and easy to implement storage backend for OpenPGP.js. It's advantage is that the keys could be stored at a different server resp. service provider than the web application is hosted. Regards, Jan Am 22.11.2011 01:59, schrieb Alex (via GPGTools): > Hi there, > > just updated the attached overview picture, added two more participants to this list (Jan (Crypto Stick) and David (DOMCrypt)) and also the GnuPG mailing list (might be of interest for someone there). Please have a look at the message thread below for details. > > If we can agree on the name OpenPGP.JS/openpgpjs (analog to videojs, pdfjs, ...) we should move the documentation, tickets and sources from > > https://github.com/GPGTools/openpgpjs/wiki > https://github.com/GPGTools/openpgpjs/issues > > to > > https://github.com/openpgpjs/openpgpjs/wiki > https://github.com/openpgpjs/openpgpjs/issues > > Best regards, Alex > > > > > > > > On 19.11.2011, at 23:04, Alex (via GPGTools) wrote: > >> Hi there, >> >> also attached the scope of our project from my point of view. >> >> Best regards, Alex >> >> On 19.11.2011, at 11:55, Alex (via GPGTools) wrote: >> >>> Hi there, >>> >>> just found GPG4Browsers[2], added the URL to our (temporary) wiki[2] and the contact to our (again temporary) mailing list. >>> >>> It seems to be clear that there is a big demand of a single core JavaScript OpenPGP implementation and we find more and more projects and developers. Still, the next issue seems to be to agree on a name before we can setup a infrastructure. Does anyone have a strong opinion on that (we can Doodle for a name)? I would like to continue with https://github.com/openpgpjs and add everyone interested in this project as admins. >>> >>> Best regards, Alex >>> >>> [1] http://gpg4browsers.recurity.com/ >>> [2] https://github.com/GPGTools/openpgpjs/wiki >>> >>> On 19.11.2011, at 07:27, Ryan Sears wrote: >>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA256 >>>> >>>> Hi Guys, >>>> >>>> So I realize that we're still in the very early stages of getting >>>> everything started, but I raised an issue here: >>>> >>>> https://github.com/GPGTools/openpgpjs/issues/9 >>>> >>>> about potentially moving to a different repo, as I feel like this is >>>> more under the GPGTools wing, and less of an independent project, with >>>> equal shares from all the developers (which is what I would like to see). >>>> >>>> I also wonder if we wish to stick with openpgpjs? Maybe we could come up >>>> with a cooler name? >>>> >>>> What are everyone else's thoughts on this? >>>> >>>> Also like I said last night, I'm all finished with the signature stuffs, >>>> so now it's mostly just getting everything more polished then it already is: >>>> >>>> http://fitblip.github.com/JSPGP-Stuffs/pubkey.html >>>> >>>> Ryan >>>> >>>> On 11/18/2011 11:30 AM, Alex (via GPGTools) wrote: >>>>> Thanks. Added it to the page: https://github.com/GPGTools/openpgpjs/wiki >>>>> >>>>> On 18.11.2011, at 16:45, Lukas Pitschl | Dressy Vagabonds wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> the most complete OpenPGP implementation besides GPG I could find was an implementation in Perl. >>>>>> http://search.cpan.org/dist/Crypt-OpenPGP/ >>>>>> >>>>>> Maybe it's possible to learn a little from it and help by porting portions to Javascript. >>>>>> >>>>>> Best, >>>>>> >>>>>> Lukas >>>>>> >>>>>> Am 18.11.2011 um 12:06 schrieb Alex (via GPGTools): >>>>>> >>>>>>> Hi there, >>>>>>> >>>>>>>> I think it would be good to outreach to the GPG mailing list. >>>>>>> >>>>>>> I agree, this is issue 5 ( https://github.com/GPGTools/openpgpjs/issues/5 ). If someone from our small list here could sum up our current status and plan on the wiki ( https://github.com/GPGTools/openpgpjs/wiki ), I will post to other mailing lists/google/twitter/..., ask for others to participate and link to the according wiki page for more information. >>>>>>> >>>>>>> Best regards, Alex >>>>>>> >>>>>>> >>>>>>> On 18.11.2011, at 03:46, Sean Colyer wrote: >>>>>>> >>>>>>>> I think it would be good to outreach to the GPG mailing list. Since Tino and Bill were added to this list, do either of you have any interest in working on this development? >>>>>>>> >>>>>>>> I still have not heard back from mete0r, unfortunately. >>>>>>>> >>>>>>>> I've continued to work on this from my end. I'm currently working on key generation, and seem to have most of the basics outlined... I'm having some trouble generating Key ID's that agree with the ID's generated by gpg. I believe I'm following 12.2 of RFC 4880 pretty closely, but I would love some insight if anyone has worked with this bit directly... >>>>>>>> >>>>>>>> On Sun, Nov 13, 2011 at 5:52 AM, Alex (via GPGTools) wrote: >>>>>>>> Hi there, >>>>>>>> >>>>>>>>> * How to proceed (e.g. which infrastructure to use)? >>>>>>>> ... >>>>>>>>> I can offer to extend our existing GPGTools infrastructure to host everything related to this project. >>>>>>>> >>>>>>>> >>>>>>>> just to take the next step: >>>>>>>> >>>>>>>> * Sources: https://github.com/GPGTools/openpgpjs/ >>>>>>>> * Tickets: https://github.com/GPGTools/openpgpjs/issues >>>>>>>> * Documentation: https://github.com/GPGTools/openpgpjs/wiki >>>>>>>> >>>>>>>> Best regards, Alex >>>>>>>> >>>>>>>> >>>>>>>> On 08.11.2011, at 23:59, Alex (via GPGTools) wrote: >>>>>>>> >>>>>>>>> Hi there, >>>>>>>>> >>>>>>>>> Thank you for all your answers! I think there's a big chance for us to develop a core OpenPGP JavaScript core library. Let me try to summarize: >>>>>>>>> >>>>>>>>> Main Objectives (partly from https://github.com/GPGTools/Mobile/wiki/Introduction): >>>>>>>>> * (Test-driven) implementation of a standard JavaScript OpenPGP implementation >>>>>>>>> * Make it clean and object orientated >>>>>>>>> * Merge existing code projects while starting from scratch creating a core library but without reinventing the wheel >>>>>>>>> * Use/integrate it in other projects >>>>>>>>> >>>>>>>>> Current Issues: >>>>>>>>> * How to proceed (e.g. which infrastructure to use)? >>>>>>>>> * How to contact Mete0r? >>>>>>>>> * Find even more developers (e.g. via gnupg mailing lists) >>>>>>>>> * Write initial tests (use cases, workflows, example messages, expectations, ...) >>>>>>>>> * Which BigInt library to use? >>>>>>>>> * Support v3 keys? >>>>>>>>> >>>>>>>>> Needed Infrastructure: >>>>>>>>> * Ticket system (e.g. lighthouse) >>>>>>>>> * Source versioning (e.g. github) >>>>>>>>> * Documentation (e.g. github wiki) >>>>>>>>> * Communication (e.g. mailing list) >>>>>>>>> * Continuos Testing (e.g. build bot) >>>>>>>>> >>>>>>>>> Codebase: >>>>>>>>> * Original HaneWIN >>>>>>>>> * gmail-Crypt >>>>>>>>> * mete0r >>>>>>>>> * JSPGP >>>>>>>>> >>>>>>>>> I can offer to extend our existing GPGTools infrastructure to host everything related to this project. >>>>>>>>> >>>>>>>>> Best regards, Alex >>> >>> >>> >>> -- >>> http://gpgtools.org >>> http://gpgtools.org/about (Google+, Twitter, RSS) >>> >> >> >> >> >> -- >> http://gpgtools.org >> http://gpgtools.org/about (Google+, Twitter, RSS) > > > > > > > > -- > http://gpgtools.org > http://gpgtools.org/about (Google+, Twitter, RSS) > From alex at gpgtools.org Tue Nov 22 08:01:11 2011 From: alex at gpgtools.org (Alex (via GPGTools)) Date: Tue, 22 Nov 2011 08:01:11 +0100 Subject: [gpgtools-devel] Joint OpenPGP (JS) implementation In-Reply-To: <5121D268-A0E8-4223-AF11-5B0A2684B870@gpgtools.org> References: <61C40F54-2678-439C-8A13-C6CEC43C6FB9@gpgtools.org> <4EB82EED.7010209@mtu.edu> <4EB87A7C.5070703@mtu.edu> <7A5D4717-6EB1-448E-9AB3-596426C2129D@gpgtools.org> <81D15B68-F98C-4D1F-9585-A8023BCB35E0@gpgtools.org> <8C352D00-3BDE-4A67-8DF8-502C97E4C447@gpgtools.org> <4EC74C59.5080501@mtu.edu> <356B4E98-B10A-4FDB-8422-46DF5F801123@gpgtools.org> <5121D268-A0E8-4223-AF11-5B0A2684B870@gpgtools.org> Message-ID: <464D14AF-B66D-4209-AAD5-30F4080AC6F4@gpgtools.org> (since the message was bounced (11 recipients) - I'm sending it again just to this list). Hi there, just updated the attached overview picture, added two more participants to this list (Jan (Crypto Stick) and David (DOMCrypt)) and also the GnuPG mailing list (might be of interest for someone there). Please have a look at the message thread below for details. If we can agree on the name OpenPGP.JS/openpgpjs (analog to videojs, pdfjs, ...) we should move the documentation, tickets and sources from https://github.com/GPGTools/openpgpjs/wiki https://github.com/GPGTools/openpgpjs/issues to https://github.com/openpgpjs/openpgpjs/wiki https://github.com/openpgpjs/openpgpjs/issues Best regards, Alex -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP.js.pdf Type: application/pdf Size: 80551 bytes Desc: not available URL: -------------- next part -------------- On 19.11.2011, at 23:04, Alex (via GPGTools) wrote: > Hi there, > > also attached the scope of our project from my point of view. > > Best regards, Alex > > On 19.11.2011, at 11:55, Alex (via GPGTools) wrote: > >> Hi there, >> >> just found GPG4Browsers[2], added the URL to our (temporary) wiki[2] and the contact to our (again temporary) mailing list. >> >> It seems to be clear that there is a big demand of a single core JavaScript OpenPGP implementation and we find more and more projects and developers. Still, the next issue seems to be to agree on a name before we can setup a infrastructure. Does anyone have a strong opinion on that (we can Doodle for a name)? I would like to continue with https://github.com/openpgpjs and add everyone interested in this project as admins. >> >> Best regards, Alex >> >> [1] http://gpg4browsers.recurity.com/ >> [2] https://github.com/GPGTools/openpgpjs/wiki >> >> On 19.11.2011, at 07:27, Ryan Sears wrote: >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA256 >>> >>> Hi Guys, >>> >>> So I realize that we're still in the very early stages of getting >>> everything started, but I raised an issue here: >>> >>> https://github.com/GPGTools/openpgpjs/issues/9 >>> >>> about potentially moving to a different repo, as I feel like this is >>> more under the GPGTools wing, and less of an independent project, with >>> equal shares from all the developers (which is what I would like to see). >>> >>> I also wonder if we wish to stick with openpgpjs? Maybe we could come up >>> with a cooler name? >>> >>> What are everyone else's thoughts on this? >>> >>> Also like I said last night, I'm all finished with the signature stuffs, >>> so now it's mostly just getting everything more polished then it already is: >>> >>> http://fitblip.github.com/JSPGP-Stuffs/pubkey.html >>> >>> Ryan >>> >>> On 11/18/2011 11:30 AM, Alex (via GPGTools) wrote: >>>> Thanks. Added it to the page: https://github.com/GPGTools/openpgpjs/wiki >>>> >>>> On 18.11.2011, at 16:45, Lukas Pitschl | Dressy Vagabonds wrote: >>>> >>>>> Hi, >>>>> >>>>> the most complete OpenPGP implementation besides GPG I could find was an implementation in Perl. >>>>> http://search.cpan.org/dist/Crypt-OpenPGP/ >>>>> >>>>> Maybe it's possible to learn a little from it and help by porting portions to Javascript. >>>>> >>>>> Best, >>>>> >>>>> Lukas >>>>> >>>>> Am 18.11.2011 um 12:06 schrieb Alex (via GPGTools): >>>>> >>>>>> Hi there, >>>>>> >>>>>>> I think it would be good to outreach to the GPG mailing list. >>>>>> >>>>>> I agree, this is issue 5 ( https://github.com/GPGTools/openpgpjs/issues/5 ). If someone from our small list here could sum up our current status and plan on the wiki ( https://github.com/GPGTools/openpgpjs/wiki ), I will post to other mailing lists/google/twitter/..., ask for others to participate and link to the according wiki page for more information. >>>>>> >>>>>> Best regards, Alex >>>>>> >>>>>> >>>>>> On 18.11.2011, at 03:46, Sean Colyer wrote: >>>>>> >>>>>>> I think it would be good to outreach to the GPG mailing list. Since Tino and Bill were added to this list, do either of you have any interest in working on this development? >>>>>>> >>>>>>> I still have not heard back from mete0r, unfortunately. >>>>>>> >>>>>>> I've continued to work on this from my end. I'm currently working on key generation, and seem to have most of the basics outlined... I'm having some trouble generating Key ID's that agree with the ID's generated by gpg. I believe I'm following 12.2 of RFC 4880 pretty closely, but I would love some insight if anyone has worked with this bit directly... >>>>>>> >>>>>>> On Sun, Nov 13, 2011 at 5:52 AM, Alex (via GPGTools) wrote: >>>>>>> Hi there, >>>>>>> >>>>>>>> * How to proceed (e.g. which infrastructure to use)? >>>>>>> ... >>>>>>>> I can offer to extend our existing GPGTools infrastructure to host everything related to this project. >>>>>>> >>>>>>> >>>>>>> just to take the next step: >>>>>>> >>>>>>> * Sources: https://github.com/GPGTools/openpgpjs/ >>>>>>> * Tickets: https://github.com/GPGTools/openpgpjs/issues >>>>>>> * Documentation: https://github.com/GPGTools/openpgpjs/wiki >>>>>>> >>>>>>> Best regards, Alex >>>>>>> >>>>>>> >>>>>>> On 08.11.2011, at 23:59, Alex (via GPGTools) wrote: >>>>>>> >>>>>>>> Hi there, >>>>>>>> >>>>>>>> Thank you for all your answers! I think there's a big chance for us to develop a core OpenPGP JavaScript core library. Let me try to summarize: >>>>>>>> >>>>>>>> Main Objectives (partly from https://github.com/GPGTools/Mobile/wiki/Introduction): >>>>>>>> * (Test-driven) implementation of a standard JavaScript OpenPGP implementation >>>>>>>> * Make it clean and object orientated >>>>>>>> * Merge existing code projects while starting from scratch creating a core library but without reinventing the wheel >>>>>>>> * Use/integrate it in other projects >>>>>>>> >>>>>>>> Current Issues: >>>>>>>> * How to proceed (e.g. which infrastructure to use)? >>>>>>>> * How to contact Mete0r? >>>>>>>> * Find even more developers (e.g. via gnupg mailing lists) >>>>>>>> * Write initial tests (use cases, workflows, example messages, expectations, ...) >>>>>>>> * Which BigInt library to use? >>>>>>>> * Support v3 keys? >>>>>>>> >>>>>>>> Needed Infrastructure: >>>>>>>> * Ticket system (e.g. lighthouse) >>>>>>>> * Source versioning (e.g. github) >>>>>>>> * Documentation (e.g. github wiki) >>>>>>>> * Communication (e.g. mailing list) >>>>>>>> * Continuos Testing (e.g. build bot) >>>>>>>> >>>>>>>> Codebase: >>>>>>>> * Original HaneWIN >>>>>>>> * gmail-Crypt >>>>>>>> * mete0r >>>>>>>> * JSPGP >>>>>>>> >>>>>>>> I can offer to extend our existing GPGTools infrastructure to host everything related to this project. >>>>>>>> >>>>>>>> Best regards, Alex -- http://gpgtools.org http://gpgtools.org/about (Google+, Twitter, RSS) From sean at colyer.name Wed Nov 23 06:08:44 2011 From: sean at colyer.name (Sean Colyer) Date: Wed, 23 Nov 2011 00:08:44 -0500 Subject: [gpgtools-devel] Joint OpenPGP (JS) implementation In-Reply-To: <4ECB0757.2070902@privacyfoundation.de> References: <61C40F54-2678-439C-8A13-C6CEC43C6FB9@gpgtools.org> <4EB82EED.7010209@mtu.edu> <4EB87A7C.5070703@mtu.edu> <7A5D4717-6EB1-448E-9AB3-596426C2129D@gpgtools.org> <81D15B68-F98C-4D1F-9585-A8023BCB35E0@gpgtools.org> <8C352D00-3BDE-4A67-8DF8-502C97E4C447@gpgtools.org> <4EC74C59.5080501@mtu.edu> <356B4E98-B10A-4FDB-8422-46DF5F801123@gpgtools.org> <5121D268-A0E8-4223-AF11-5B0A2684B870@gpgtools.org> <4ECB0757.2070902@privacyfoundation.de> Message-ID: I just came upon gpg4browser as well. Looking at the code it looks like this is the most complete implementation out there currently. I imagine that they have been working on this for some time and it's quite impressive. Ironic that there was minimal development on this for so long and now so much coincidental parallel development.. I've been working on key generation which is one area that I think gpg4browser hasn't, and I'm sure there are a few others as they have noted on their site. As for key management -- I like the concept of offering a range of solutions, I think it's important we create a common interface for the different methods that we can use to connect to a range of options. Thanks, Sean On Mon, Nov 21, 2011 at 9:22 PM, Crypto Stick < cryptostick at privacyfoundation.de> wrote: > Hi! > I'm just wondering if unhosted.org could be an interesting and easy to > implement storage backend for OpenPGP.js. It's advantage is that the > keys could be stored at a different server resp. service provider than > the web application is hosted. > > Regards, > Jan > > Am 22.11.2011 01:59, schrieb Alex (via GPGTools): > > Hi there, > > > > just updated the attached overview picture, added two more participants > to this list (Jan (Crypto Stick) and David (DOMCrypt)) and also the GnuPG > mailing list (might be of interest for someone there). Please have a look > at the message thread below for details. > > > > If we can agree on the name OpenPGP.JS/openpgpjs (analog to videojs, > pdfjs, ...) we should move the documentation, tickets and sources from > > > > https://github.com/GPGTools/openpgpjs/wiki > > https://github.com/GPGTools/openpgpjs/issues > > > > to > > > > https://github.com/openpgpjs/openpgpjs/wiki > > https://github.com/openpgpjs/openpgpjs/issues > > > > Best regards, Alex > > > > > > > > > > > > > > > > On 19.11.2011, at 23:04, Alex (via GPGTools) wrote: > > > >> Hi there, > >> > >> also attached the scope of our project from my point of view. > >> > >> Best regards, Alex > >> > >> On 19.11.2011, at 11:55, Alex (via GPGTools) wrote: > >> > >>> Hi there, > >>> > >>> just found GPG4Browsers[2], added the URL to our (temporary) wiki[2] > and the contact to our (again temporary) mailing list. > >>> > >>> It seems to be clear that there is a big demand of a single core > JavaScript OpenPGP implementation and we find more and more projects and > developers. Still, the next issue seems to be to agree on a name before we > can setup a infrastructure. Does anyone have a strong opinion on that (we > can Doodle for a name)? I would like to continue with > https://github.com/openpgpjs and add everyone interested in this project > as admins. > >>> > >>> Best regards, Alex > >>> > >>> [1] http://gpg4browsers.recurity.com/ > >>> [2] https://github.com/GPGTools/openpgpjs/wiki > >>> > >>> On 19.11.2011, at 07:27, Ryan Sears wrote: > >>> > >>>> -----BEGIN PGP SIGNED MESSAGE----- > >>>> Hash: SHA256 > >>>> > >>>> Hi Guys, > >>>> > >>>> So I realize that we're still in the very early stages of getting > >>>> everything started, but I raised an issue here: > >>>> > >>>> https://github.com/GPGTools/openpgpjs/issues/9 > >>>> > >>>> about potentially moving to a different repo, as I feel like this is > >>>> more under the GPGTools wing, and less of an independent project, with > >>>> equal shares from all the developers (which is what I would like to > see). > >>>> > >>>> I also wonder if we wish to stick with openpgpjs? Maybe we could come > up > >>>> with a cooler name? > >>>> > >>>> What are everyone else's thoughts on this? > >>>> > >>>> Also like I said last night, I'm all finished with the signature > stuffs, > >>>> so now it's mostly just getting everything more polished then it > already is: > >>>> > >>>> http://fitblip.github.com/JSPGP-Stuffs/pubkey.html > >>>> > >>>> Ryan > >>>> > >>>> On 11/18/2011 11:30 AM, Alex (via GPGTools) wrote: > >>>>> Thanks. Added it to the page: > https://github.com/GPGTools/openpgpjs/wiki > >>>>> > >>>>> On 18.11.2011, at 16:45, Lukas Pitschl | Dressy Vagabonds wrote: > >>>>> > >>>>>> Hi, > >>>>>> > >>>>>> the most complete OpenPGP implementation besides GPG I could find > was an implementation in Perl. > >>>>>> http://search.cpan.org/dist/Crypt-OpenPGP/ > >>>>>> > >>>>>> Maybe it's possible to learn a little from it and help by porting > portions to Javascript. > >>>>>> > >>>>>> Best, > >>>>>> > >>>>>> Lukas > >>>>>> > >>>>>> Am 18.11.2011 um 12:06 schrieb Alex (via GPGTools): > >>>>>> > >>>>>>> Hi there, > >>>>>>> > >>>>>>>> I think it would be good to outreach to the GPG mailing list. > >>>>>>> > >>>>>>> I agree, this is issue 5 ( > https://github.com/GPGTools/openpgpjs/issues/5 ). If someone from our > small list here could sum up our current status and plan on the wiki ( > https://github.com/GPGTools/openpgpjs/wiki ), I will post to other > mailing lists/google/twitter/..., ask for others to participate and link to > the according wiki page for more information. > >>>>>>> > >>>>>>> Best regards, Alex > >>>>>>> > >>>>>>> > >>>>>>> On 18.11.2011, at 03:46, Sean Colyer wrote: > >>>>>>> > >>>>>>>> I think it would be good to outreach to the GPG mailing list. > Since Tino and Bill were added to this list, do either of you have any > interest in working on this development? > >>>>>>>> > >>>>>>>> I still have not heard back from mete0r, unfortunately. > >>>>>>>> > >>>>>>>> I've continued to work on this from my end. I'm currently working > on key generation, and seem to have most of the basics outlined... I'm > having some trouble generating Key ID's that agree with the ID's generated > by gpg. I believe I'm following 12.2 of RFC 4880 pretty closely, but I > would love some insight if anyone has worked with this bit directly... > >>>>>>>> > >>>>>>>> On Sun, Nov 13, 2011 at 5:52 AM, Alex (via GPGTools) < > alex at gpgtools.org> wrote: > >>>>>>>> Hi there, > >>>>>>>> > >>>>>>>>> * How to proceed (e.g. which infrastructure to use)? > >>>>>>>> ... > >>>>>>>>> I can offer to extend our existing GPGTools infrastructure to > host everything related to this project. > >>>>>>>> > >>>>>>>> > >>>>>>>> just to take the next step: > >>>>>>>> > >>>>>>>> * Sources: https://github.com/GPGTools/openpgpjs/ > >>>>>>>> * Tickets: https://github.com/GPGTools/openpgpjs/issues > >>>>>>>> * Documentation: https://github.com/GPGTools/openpgpjs/wiki > >>>>>>>> > >>>>>>>> Best regards, Alex > >>>>>>>> > >>>>>>>> > >>>>>>>> On 08.11.2011, at 23:59, Alex (via GPGTools) wrote: > >>>>>>>> > >>>>>>>>> Hi there, > >>>>>>>>> > >>>>>>>>> Thank you for all your answers! I think there's a big chance for > us to develop a core OpenPGP JavaScript core library. Let me try to > summarize: > >>>>>>>>> > >>>>>>>>> Main Objectives (partly from > https://github.com/GPGTools/Mobile/wiki/Introduction): > >>>>>>>>> * (Test-driven) implementation of a standard JavaScript OpenPGP > implementation > >>>>>>>>> * Make it clean and object orientated > >>>>>>>>> * Merge existing code projects while starting from scratch > creating a core library but without reinventing the wheel > >>>>>>>>> * Use/integrate it in other projects > >>>>>>>>> > >>>>>>>>> Current Issues: > >>>>>>>>> * How to proceed (e.g. which infrastructure to use)? > >>>>>>>>> * How to contact Mete0r? > >>>>>>>>> * Find even more developers (e.g. via gnupg mailing lists) > >>>>>>>>> * Write initial tests (use cases, workflows, example messages, > expectations, ...) > >>>>>>>>> * Which BigInt library to use? > >>>>>>>>> * Support v3 keys? > >>>>>>>>> > >>>>>>>>> Needed Infrastructure: > >>>>>>>>> * Ticket system (e.g. lighthouse) > >>>>>>>>> * Source versioning (e.g. github) > >>>>>>>>> * Documentation (e.g. github wiki) > >>>>>>>>> * Communication (e.g. mailing list) > >>>>>>>>> * Continuos Testing (e.g. build bot) > >>>>>>>>> > >>>>>>>>> Codebase: > >>>>>>>>> * Original HaneWIN > >>>>>>>>> * gmail-Crypt > >>>>>>>>> * mete0r > >>>>>>>>> * JSPGP > >>>>>>>>> > >>>>>>>>> I can offer to extend our existing GPGTools infrastructure to > host everything related to this project. > >>>>>>>>> > >>>>>>>>> Best regards, Alex > >>> > >>> > >>> > >>> -- > >>> http://gpgtools.org > >>> http://gpgtools.org/about (Google+, Twitter, RSS) > >>> > >> > >> > >> > >> > >> -- > >> http://gpgtools.org > >> http://gpgtools.org/about (Google+, Twitter, RSS) > > > > > > > > > > > > > > > > -- > > http://gpgtools.org > > http://gpgtools.org/about (Google+, Twitter, RSS) > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From alex at gpgtools.org Thu Nov 24 20:58:45 2011 From: alex at gpgtools.org (Alex (via GPGTools)) Date: Thu, 24 Nov 2011 20:58:45 +0100 Subject: [gpgtools-devel] Joint OpenPGP (JS) implementation In-Reply-To: <20111124120208.5f35eb99.fx@recurity-labs.com> References: <61C40F54-2678-439C-8A13-C6CEC43C6FB9@gpgtools.org> <4EB82EED.7010209@mtu.edu> <4EB87A7C.5070703@mtu.edu> <7A5D4717-6EB1-448E-9AB3-596426C2129D@gpgtools.org> <81D15B68-F98C-4D1F-9585-A8023BCB35E0@gpgtools.org> <8C352D00-3BDE-4A67-8DF8-502C97E4C447@gpgtools.org> <4EC74C59.5080501@mtu.edu> <356B4E98-B10A-4FDB-8422-46DF5F801123@gpgtools.org> <5121D268-A0E8-4223-AF11-5B0A2684B870@gpgtools.org> <4ECB0757.2070902@privacyfoundation.de> <20111124120208.5f35eb99.fx@recurity-labs.com> Message-ID: (copy to gpgtools and gnupg for the last time) Hi Felix, > we are happy to join forces with anyone who's interested in bringing > OpenPGP functionality into browsers and web mailers. this is very good news! Do you have a Github account? > In terms of project organization, hosting, name, etc. we are completely > open. We can put up additional tools (bug tracker, wiki, etc.) or > anyone of you can take over. Do you have a continuous build server? I started to configure an infrastructure so we can move on. If anyone has objections or want to use another setup, please feel free to communicate this. Here are the links: * Most important (everyone should be part of the mailing list) * Web: openpgpjs.org * Mail: list at openpgpjs.org / list.openpgpjs.org * Second most important (with full access for seancolyer, Fitblip, me) * Web (Tickets): tickets.openpgpjs.org * Web (Sources): src.openpgpjs.org * Web (Documentation): docs.openpgpjs.org * For someday * Mail (core group): org at openpgpjs.org * Mail (core member): username at openpgpjs.org * Mail (Donations): donations at openpgpjs.org * Web (Statistics): stat.openpgpjs.org * Web (RSS): rss.openpgpjs.org * Web (Twitter): twitter.com/openpgpjs * Web (Youtube): youtube.com/openpgpjs * Web (Google): plus.google.com/101278333271226805222 * Not yet started * Web (Support): support.openpgpjs.org (e.g. tender) * Web (Buildbot): build.openpgpjs.org (e.g. buildbot) * Web (Blog): blog.openpgpjs.org (e.g. wordpress) Best regards, Alex On 24.11.2011, at 12:02, Felix 'FX' Lindner wrote: > Hi all, > > we are happy to join forces with anyone who's interested in bringing > OpenPGP functionality into browsers and web mailers. Right now, we are > incorporating the fixes that follow the initial wave of issue/bug > reports. Feel free to use the code anytime. > > In terms of project organization, hosting, name, etc. we are completely > open. We can put up additional tools (bug tracker, wiki, etc.) or > anyone of you can take over. > > Regarding key managment, I'm with Sean here. The user should be able to > choose between server side storage, client side storage, no-secret-key > (encrypt only), etc. That's why we clearly say that you should not use > our prototype for confidential communication. > > cheers > Felix > > On Wed, 23 Nov 2011 00:08:44 -0500 Sean Colyer wrote: >> I just came upon gpg4browser as well. Looking at the code it looks >> like this is the most complete implementation out there currently. I >> imagine that they have been working on this for some time and it's >> quite impressive. Ironic that there was minimal development on this >> for so long and now so much coincidental parallel development.. >> >> I've been working on key generation which is one area that I think >> gpg4browser hasn't, and I'm sure there are a few others as they have >> noted on their site. >> >> As for key management -- I like the concept of offering a range of >> solutions, I think it's important we create a common interface for the >> different methods that we can use to connect to a range of options. >> >> Thanks, >> Sean >> >> On Mon, Nov 21, 2011 at 9:22 PM, Crypto Stick < >> cryptostick at privacyfoundation.de> wrote: >> >>> Hi! >>> I'm just wondering if unhosted.org could be an interesting and easy >>> to implement storage backend for OpenPGP.js. It's advantage is that >>> the keys could be stored at a different server resp. service >>> provider than the web application is hosted. >>> >>> Regards, >>> Jan >>> >>> Am 22.11.2011 01:59, schrieb Alex (via GPGTools): >>>> Hi there, >>>> >>>> just updated the attached overview picture, added two more >>>> participants >>> to this list (Jan (Crypto Stick) and David (DOMCrypt)) and also the >>> GnuPG mailing list (might be of interest for someone there). Please >>> have a look at the message thread below for details. >>>> >>>> If we can agree on the name OpenPGP.JS/openpgpjs (analog to >>>> videojs, >>> pdfjs, ...) we should move the documentation, tickets and sources >>> from >>>> >>>> https://github.com/GPGTools/openpgpjs/wiki >>>> https://github.com/GPGTools/openpgpjs/issues >>>> >>>> to >>>> >>>> https://github.com/openpgpjs/openpgpjs/wiki >>>> https://github.com/openpgpjs/openpgpjs/issues >>>> >>>> Best regards, Alex >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> On 19.11.2011, at 23:04, Alex (via GPGTools) wrote: >>>> >>>>> Hi there, >>>>> >>>>> also attached the scope of our project from my point of view. >>>>> >>>>> Best regards, Alex >>>>> >>>>> On 19.11.2011, at 11:55, Alex (via GPGTools) wrote: >>>>> >>>>>> Hi there, >>>>>> >>>>>> just found GPG4Browsers[2], added the URL to our (temporary) >>>>>> wiki[2] >>> and the contact to our (again temporary) mailing list. >>>>>> >>>>>> It seems to be clear that there is a big demand of a single core >>> JavaScript OpenPGP implementation and we find more and more >>> projects and developers. Still, the next issue seems to be to agree >>> on a name before we can setup a infrastructure. Does anyone have a >>> strong opinion on that (we can Doodle for a name)? I would like to >>> continue with https://github.com/openpgpjs and add everyone >>> interested in this project as admins. >>>>>> >>>>>> Best regards, Alex >>>>>> >>>>>> [1] http://gpg4browsers.recurity.com/ >>>>>> [2] https://github.com/GPGTools/openpgpjs/wiki >>>>>> >>>>>> On 19.11.2011, at 07:27, Ryan Sears wrote: >>>>>> >>>>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>>>> Hash: SHA256 >>>>>>> >>>>>>> Hi Guys, >>>>>>> >>>>>>> So I realize that we're still in the very early stages of >>>>>>> getting everything started, but I raised an issue here: >>>>>>> >>>>>>> https://github.com/GPGTools/openpgpjs/issues/9 >>>>>>> >>>>>>> about potentially moving to a different repo, as I feel like >>>>>>> this is more under the GPGTools wing, and less of an >>>>>>> independent project, with equal shares from all the developers >>>>>>> (which is what I would like to >>> see). >>>>>>> >>>>>>> I also wonder if we wish to stick with openpgpjs? Maybe we >>>>>>> could come >>> up >>>>>>> with a cooler name? >>>>>>> >>>>>>> What are everyone else's thoughts on this? >>>>>>> >>>>>>> Also like I said last night, I'm all finished with the >>>>>>> signature >>> stuffs, >>>>>>> so now it's mostly just getting everything more polished then >>>>>>> it >>> already is: >>>>>>> >>>>>>> http://fitblip.github.com/JSPGP-Stuffs/pubkey.html >>>>>>> >>>>>>> Ryan >>>>>>> >>>>>>> On 11/18/2011 11:30 AM, Alex (via GPGTools) wrote: >>>>>>>> Thanks. Added it to the page: >>> https://github.com/GPGTools/openpgpjs/wiki >>>>>>>> >>>>>>>> On 18.11.2011, at 16:45, Lukas Pitschl | Dressy Vagabonds >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> the most complete OpenPGP implementation besides GPG I could >>>>>>>>> find >>> was an implementation in Perl. >>>>>>>>> http://search.cpan.org/dist/Crypt-OpenPGP/ >>>>>>>>> >>>>>>>>> Maybe it's possible to learn a little from it and help by >>>>>>>>> porting >>> portions to Javascript. >>>>>>>>> >>>>>>>>> Best, >>>>>>>>> >>>>>>>>> Lukas >>>>>>>>> >>>>>>>>> Am 18.11.2011 um 12:06 schrieb Alex (via GPGTools): >>>>>>>>> >>>>>>>>>> Hi there, >>>>>>>>>> >>>>>>>>>>> I think it would be good to outreach to the GPG mailing >>>>>>>>>>> list. >>>>>>>>>> >>>>>>>>>> I agree, this is issue 5 ( >>> https://github.com/GPGTools/openpgpjs/issues/5 ). If someone from >>> our small list here could sum up our current status and plan on the >>> wiki ( https://github.com/GPGTools/openpgpjs/wiki ), I will post to >>> other mailing lists/google/twitter/..., ask for others to >>> participate and link to the according wiki page for more >>> information. >>>>>>>>>> >>>>>>>>>> Best regards, Alex >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On 18.11.2011, at 03:46, Sean Colyer wrote: >>>>>>>>>> >>>>>>>>>>> I think it would be good to outreach to the GPG mailing >>>>>>>>>>> list. >>> Since Tino and Bill were added to this list, do either of you have >>> any interest in working on this development? >>>>>>>>>>> >>>>>>>>>>> I still have not heard back from mete0r, unfortunately. >>>>>>>>>>> >>>>>>>>>>> I've continued to work on this from my end. I'm currently >>>>>>>>>>> working >>> on key generation, and seem to have most of the basics outlined... >>> I'm having some trouble generating Key ID's that agree with the >>> ID's generated by gpg. I believe I'm following 12.2 of RFC 4880 >>> pretty closely, but I would love some insight if anyone has worked >>> with this bit directly... >>>>>>>>>>> >>>>>>>>>>> On Sun, Nov 13, 2011 at 5:52 AM, Alex (via GPGTools) < >>> alex at gpgtools.org> wrote: >>>>>>>>>>> Hi there, >>>>>>>>>>> >>>>>>>>>>>> * How to proceed (e.g. which infrastructure to use)? >>>>>>>>>>> ... >>>>>>>>>>>> I can offer to extend our existing GPGTools >>>>>>>>>>>> infrastructure to >>> host everything related to this project. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> just to take the next step: >>>>>>>>>>> >>>>>>>>>>> * Sources: https://github.com/GPGTools/openpgpjs/ >>>>>>>>>>> * Tickets: https://github.com/GPGTools/openpgpjs/issues >>>>>>>>>>> * Documentation: https://github.com/GPGTools/openpgpjs/wiki >>>>>>>>>>> >>>>>>>>>>> Best regards, Alex >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On 08.11.2011, at 23:59, Alex (via GPGTools) wrote: >>>>>>>>>>> >>>>>>>>>>>> Hi there, >>>>>>>>>>>> >>>>>>>>>>>> Thank you for all your answers! I think there's a big >>>>>>>>>>>> chance for >>> us to develop a core OpenPGP JavaScript core library. Let me try to >>> summarize: >>>>>>>>>>>> >>>>>>>>>>>> Main Objectives (partly from >>> https://github.com/GPGTools/Mobile/wiki/Introduction): >>>>>>>>>>>> * (Test-driven) implementation of a standard JavaScript >>>>>>>>>>>> OpenPGP >>> implementation >>>>>>>>>>>> * Make it clean and object orientated >>>>>>>>>>>> * Merge existing code projects while starting from scratch >>> creating a core library but without reinventing the wheel >>>>>>>>>>>> * Use/integrate it in other projects >>>>>>>>>>>> >>>>>>>>>>>> Current Issues: >>>>>>>>>>>> * How to proceed (e.g. which infrastructure to use)? >>>>>>>>>>>> * How to contact Mete0r? >>>>>>>>>>>> * Find even more developers (e.g. via gnupg mailing lists) >>>>>>>>>>>> * Write initial tests (use cases, workflows, example >>>>>>>>>>>> messages, >>> expectations, ...) >>>>>>>>>>>> * Which BigInt library to use? >>>>>>>>>>>> * Support v3 keys? >>>>>>>>>>>> >>>>>>>>>>>> Needed Infrastructure: >>>>>>>>>>>> * Ticket system (e.g. lighthouse) >>>>>>>>>>>> * Source versioning (e.g. github) >>>>>>>>>>>> * Documentation (e.g. github wiki) >>>>>>>>>>>> * Communication (e.g. mailing list) >>>>>>>>>>>> * Continuos Testing (e.g. build bot) >>>>>>>>>>>> >>>>>>>>>>>> Codebase: >>>>>>>>>>>> * Original HaneWIN >>>>>>>>>>>> * gmail-Crypt >>>>>>>>>>>> * mete0r >>>>>>>>>>>> * JSPGP >>>>>>>>>>>> >>>>>>>>>>>> I can offer to extend our existing GPGTools >>>>>>>>>>>> infrastructure to >>> host everything related to this project. >>>>>>>>>>>> >>>>>>>>>>>> Best regards, Alex >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> http://gpgtools.org >>>>>> http://gpgtools.org/about (Google+, Twitter, RSS) >>>>>> >>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> http://gpgtools.org >>>>> http://gpgtools.org/about (Google+, Twitter, RSS) >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> -- >>>> http://gpgtools.org >>>> http://gpgtools.org/about (Google+, Twitter, RSS) >>>> >>> > > > -- > Recurity Labs GmbH | Felix 'FX' Lindner > http://www.recurity-labs.com | fx at recurity-labs.com > Wrangelstrasse 4 | Fon: +49 30 69539993-0 > 10997 Berlin | PGP: A740 DE51 9891 19DF 0D05 > Germany | 13B3 1759 C388 C92D 6BBB > HRB 105213 B, Amtsgericht Charlottenburg, GF Felix Lindner -- http://gpgtools.org http://gpgtools.org/about (Google+, Twitter, RSS) From sevillep at mac.com Thu Nov 24 21:25:28 2011 From: sevillep at mac.com (Paul Z. Seville) Date: Thu, 24 Nov 2011 12:25:28 -0800 Subject: [gpgtools-users] [gpgtools-devel] Joint OpenPGP (JS) implementation In-Reply-To: References: <61C40F54-2678-439C-8A13-C6CEC43C6FB9@gpgtools.org> <4EB82EED.7010209@mtu.edu> <4EB87A7C.5070703@mtu.edu> <7A5D4717-6EB1-448E-9AB3-596426C2129D@gpgtools.org> <81D15B68-F98C-4D1F-9585-A8023BCB35E0@gpgtools.org> <8C352D00-3BDE-4A67-8DF8-502C97E4C447@gpgtools.org> <4EC74C59.5080501@mtu.edu> <356B4E98-B10A-4FDB-8422-46DF5F801123@gpgtools.org> <5121D268-A0E8-4223-AF11-5B0A2684B870@gpgtools.org> <4ECB0757.2070902@privacyfoundation.de> <20111124120208.5f35eb99.fx@recurity-labs.com> Message-ID: Hi All, This is off topic, but HAPPY THANKSGIVING!!!!! Paul On Nov 24, 2011, at 11:58 AM, Alex (via GPGTools) wrote: > (copy to gpgtools and gnupg for the last time) > > Hi Felix, > >> we are happy to join forces with anyone who's interested in bringing >> OpenPGP functionality into browsers and web mailers. > > this is very good news! Do you have a Github account? > >> In terms of project organization, hosting, name, etc. we are completely >> open. We can put up additional tools (bug tracker, wiki, etc.) or >> anyone of you can take over. > > Do you have a continuous build server? I started to configure an infrastructure so we can move on. If anyone has objections or want to use another setup, please feel free to communicate this. Here are the links: > > * Most important (everyone should be part of the mailing list) > * Web: openpgpjs.org > * Mail: list at openpgpjs.org / list.openpgpjs.org > > * Second most important (with full access for seancolyer, Fitblip, me) > * Web (Tickets): tickets.openpgpjs.org > * Web (Sources): src.openpgpjs.org > * Web (Documentation): docs.openpgpjs.org > > * For someday > * Mail (core group): org at openpgpjs.org > * Mail (core member): username at openpgpjs.org > * Mail (Donations): donations at openpgpjs.org > * Web (Statistics): stat.openpgpjs.org > * Web (RSS): rss.openpgpjs.org > * Web (Twitter): twitter.com/openpgpjs > * Web (Youtube): youtube.com/openpgpjs > * Web (Google): plus.google.com/101278333271226805222 > > * Not yet started > * Web (Support): support.openpgpjs.org (e.g. tender) > * Web (Buildbot): build.openpgpjs.org (e.g. buildbot) > * Web (Blog): blog.openpgpjs.org (e.g. wordpress) > > Best regards, Alex > > On 24.11.2011, at 12:02, Felix 'FX' Lindner wrote: > >> Hi all, >> >> we are happy to join forces with anyone who's interested in bringing >> OpenPGP functionality into browsers and web mailers. Right now, we are >> incorporating the fixes that follow the initial wave of issue/bug >> reports. Feel free to use the code anytime. >> >> In terms of project organization, hosting, name, etc. we are completely >> open. We can put up additional tools (bug tracker, wiki, etc.) or >> anyone of you can take over. >> >> Regarding key managment, I'm with Sean here. The user should be able to >> choose between server side storage, client side storage, no-secret-key >> (encrypt only), etc. That's why we clearly say that you should not use >> our prototype for confidential communication. >> >> cheers >> Felix >> >> On Wed, 23 Nov 2011 00:08:44 -0500 Sean Colyer wrote: >>> I just came upon gpg4browser as well. Looking at the code it looks >>> like this is the most complete implementation out there currently. I >>> imagine that they have been working on this for some time and it's >>> quite impressive. Ironic that there was minimal development on this >>> for so long and now so much coincidental parallel development.. >>> >>> I've been working on key generation which is one area that I think >>> gpg4browser hasn't, and I'm sure there are a few others as they have >>> noted on their site. >>> >>> As for key management -- I like the concept of offering a range of >>> solutions, I think it's important we create a common interface for the >>> different methods that we can use to connect to a range of options. >>> >>> Thanks, >>> Sean >>> >>> On Mon, Nov 21, 2011 at 9:22 PM, Crypto Stick < >>> cryptostick at privacyfoundation.de> wrote: >>> >>>> Hi! >>>> I'm just wondering if unhosted.org could be an interesting and easy >>>> to implement storage backend for OpenPGP.js. It's advantage is that >>>> the keys could be stored at a different server resp. service >>>> provider than the web application is hosted. >>>> >>>> Regards, >>>> Jan >>>> >>>> Am 22.11.2011 01:59, schrieb Alex (via GPGTools): >>>>> Hi there, >>>>> >>>>> just updated the attached overview picture, added two more >>>>> participants >>>> to this list (Jan (Crypto Stick) and David (DOMCrypt)) and also the >>>> GnuPG mailing list (might be of interest for someone there). Please >>>> have a look at the message thread below for details. >>>>> >>>>> If we can agree on the name OpenPGP.JS/openpgpjs (analog to >>>>> videojs, >>>> pdfjs, ...) we should move the documentation, tickets and sources >>>> from >>>>> >>>>> https://github.com/GPGTools/openpgpjs/wiki >>>>> https://github.com/GPGTools/openpgpjs/issues >>>>> >>>>> to >>>>> >>>>> https://github.com/openpgpjs/openpgpjs/wiki >>>>> https://github.com/openpgpjs/openpgpjs/issues >>>>> >>>>> Best regards, Alex >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On 19.11.2011, at 23:04, Alex (via GPGTools) wrote: >>>>> >>>>>> Hi there, >>>>>> >>>>>> also attached the scope of our project from my point of view. >>>>>> >>>>>> Best regards, Alex >>>>>> >>>>>> On 19.11.2011, at 11:55, Alex (via GPGTools) wrote: >>>>>> >>>>>>> Hi there, >>>>>>> >>>>>>> just found GPG4Browsers[2], added the URL to our (temporary) >>>>>>> wiki[2] >>>> and the contact to our (again temporary) mailing list. >>>>>>> >>>>>>> It seems to be clear that there is a big demand of a single core >>>> JavaScript OpenPGP implementation and we find more and more >>>> projects and developers. Still, the next issue seems to be to agree >>>> on a name before we can setup a infrastructure. Does anyone have a >>>> strong opinion on that (we can Doodle for a name)? I would like to >>>> continue with https://github.com/openpgpjs and add everyone >>>> interested in this project as admins. >>>>>>> >>>>>>> Best regards, Alex >>>>>>> >>>>>>> [1] http://gpg4browsers.recurity.com/ >>>>>>> [2] https://github.com/GPGTools/openpgpjs/wiki >>>>>>> >>>>>>> On 19.11.2011, at 07:27, Ryan Sears wrote: >>>>>>> >>>>>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>>>>> Hash: SHA256 >>>>>>>> >>>>>>>> Hi Guys, >>>>>>>> >>>>>>>> So I realize that we're still in the very early stages of >>>>>>>> getting everything started, but I raised an issue here: >>>>>>>> >>>>>>>> https://github.com/GPGTools/openpgpjs/issues/9 >>>>>>>> >>>>>>>> about potentially moving to a different repo, as I feel like >>>>>>>> this is more under the GPGTools wing, and less of an >>>>>>>> independent project, with equal shares from all the developers >>>>>>>> (which is what I would like to >>>> see). >>>>>>>> >>>>>>>> I also wonder if we wish to stick with openpgpjs? Maybe we >>>>>>>> could come >>>> up >>>>>>>> with a cooler name? >>>>>>>> >>>>>>>> What are everyone else's thoughts on this? >>>>>>>> >>>>>>>> Also like I said last night, I'm all finished with the >>>>>>>> signature >>>> stuffs, >>>>>>>> so now it's mostly just getting everything more polished then >>>>>>>> it >>>> already is: >>>>>>>> >>>>>>>> http://fitblip.github.com/JSPGP-Stuffs/pubkey.html >>>>>>>> >>>>>>>> Ryan >>>>>>>> >>>>>>>> On 11/18/2011 11:30 AM, Alex (via GPGTools) wrote: >>>>>>>>> Thanks. Added it to the page: >>>> https://github.com/GPGTools/openpgpjs/wiki >>>>>>>>> >>>>>>>>> On 18.11.2011, at 16:45, Lukas Pitschl | Dressy Vagabonds >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> Hi, >>>>>>>>>> >>>>>>>>>> the most complete OpenPGP implementation besides GPG I could >>>>>>>>>> find >>>> was an implementation in Perl. >>>>>>>>>> http://search.cpan.org/dist/Crypt-OpenPGP/ >>>>>>>>>> >>>>>>>>>> Maybe it's possible to learn a little from it and help by >>>>>>>>>> porting >>>> portions to Javascript. >>>>>>>>>> >>>>>>>>>> Best, >>>>>>>>>> >>>>>>>>>> Lukas >>>>>>>>>> >>>>>>>>>> Am 18.11.2011 um 12:06 schrieb Alex (via GPGTools): >>>>>>>>>> >>>>>>>>>>> Hi there, >>>>>>>>>>> >>>>>>>>>>>> I think it would be good to outreach to the GPG mailing >>>>>>>>>>>> list. >>>>>>>>>>> >>>>>>>>>>> I agree, this is issue 5 ( >>>> https://github.com/GPGTools/openpgpjs/issues/5 ). If someone from >>>> our small list here could sum up our current status and plan on the >>>> wiki ( https://github.com/GPGTools/openpgpjs/wiki ), I will post to >>>> other mailing lists/google/twitter/..., ask for others to >>>> participate and link to the according wiki page for more >>>> information. >>>>>>>>>>> >>>>>>>>>>> Best regards, Alex >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On 18.11.2011, at 03:46, Sean Colyer wrote: >>>>>>>>>>> >>>>>>>>>>>> I think it would be good to outreach to the GPG mailing >>>>>>>>>>>> list. >>>> Since Tino and Bill were added to this list, do either of you have >>>> any interest in working on this development? >>>>>>>>>>>> >>>>>>>>>>>> I still have not heard back from mete0r, unfortunately. >>>>>>>>>>>> >>>>>>>>>>>> I've continued to work on this from my end. I'm currently >>>>>>>>>>>> working >>>> on key generation, and seem to have most of the basics outlined... >>>> I'm having some trouble generating Key ID's that agree with the >>>> ID's generated by gpg. I believe I'm following 12.2 of RFC 4880 >>>> pretty closely, but I would love some insight if anyone has worked >>>> with this bit directly... >>>>>>>>>>>> >>>>>>>>>>>> On Sun, Nov 13, 2011 at 5:52 AM, Alex (via GPGTools) < >>>> alex at gpgtools.org> wrote: >>>>>>>>>>>> Hi there, >>>>>>>>>>>> >>>>>>>>>>>>> * How to proceed (e.g. which infrastructure to use)? >>>>>>>>>>>> ... >>>>>>>>>>>>> I can offer to extend our existing GPGTools >>>>>>>>>>>>> infrastructure to >>>> host everything related to this project. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> just to take the next step: >>>>>>>>>>>> >>>>>>>>>>>> * Sources: https://github.com/GPGTools/openpgpjs/ >>>>>>>>>>>> * Tickets: https://github.com/GPGTools/openpgpjs/issues >>>>>>>>>>>> * Documentation: https://github.com/GPGTools/openpgpjs/wiki >>>>>>>>>>>> >>>>>>>>>>>> Best regards, Alex >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On 08.11.2011, at 23:59, Alex (via GPGTools) wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Hi there, >>>>>>>>>>>>> >>>>>>>>>>>>> Thank you for all your answers! I think there's a big >>>>>>>>>>>>> chance for >>>> us to develop a core OpenPGP JavaScript core library. Let me try to >>>> summarize: >>>>>>>>>>>>> >>>>>>>>>>>>> Main Objectives (partly from >>>> https://github.com/GPGTools/Mobile/wiki/Introduction): >>>>>>>>>>>>> * (Test-driven) implementation of a standard JavaScript >>>>>>>>>>>>> OpenPGP >>>> implementation >>>>>>>>>>>>> * Make it clean and object orientated >>>>>>>>>>>>> * Merge existing code projects while starting from scratch >>>> creating a core library but without reinventing the wheel >>>>>>>>>>>>> * Use/integrate it in other projects >>>>>>>>>>>>> >>>>>>>>>>>>> Current Issues: >>>>>>>>>>>>> * How to proceed (e.g. which infrastructure to use)? >>>>>>>>>>>>> * How to contact Mete0r? >>>>>>>>>>>>> * Find even more developers (e.g. via gnupg mailing lists) >>>>>>>>>>>>> * Write initial tests (use cases, workflows, example >>>>>>>>>>>>> messages, >>>> expectations, ...) >>>>>>>>>>>>> * Which BigInt library to use? >>>>>>>>>>>>> * Support v3 keys? >>>>>>>>>>>>> >>>>>>>>>>>>> Needed Infrastructure: >>>>>>>>>>>>> * Ticket system (e.g. lighthouse) >>>>>>>>>>>>> * Source versioning (e.g. github) >>>>>>>>>>>>> * Documentation (e.g. github wiki) >>>>>>>>>>>>> * Communication (e.g. mailing list) >>>>>>>>>>>>> * Continuos Testing (e.g. build bot) >>>>>>>>>>>>> >>>>>>>>>>>>> Codebase: >>>>>>>>>>>>> * Original HaneWIN >>>>>>>>>>>>> * gmail-Crypt >>>>>>>>>>>>> * mete0r >>>>>>>>>>>>> * JSPGP >>>>>>>>>>>>> >>>>>>>>>>>>> I can offer to extend our existing GPGTools >>>>>>>>>>>>> infrastructure to >>>> host everything related to this project. >>>>>>>>>>>>> >>>>>>>>>>>>> Best regards, Alex >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> http://gpgtools.org >>>>>>> http://gpgtools.org/about (Google+, Twitter, RSS) >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> http://gpgtools.org >>>>>> http://gpgtools.org/about (Google+, Twitter, RSS) >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> http://gpgtools.org >>>>> http://gpgtools.org/about (Google+, Twitter, RSS) >>>>> >>>> >> >> >> -- >> Recurity Labs GmbH | Felix 'FX' Lindner >> http://www.recurity-labs.com | fx at recurity-labs.com >> Wrangelstrasse 4 | Fon: +49 30 69539993-0 >> 10997 Berlin | PGP: A740 DE51 9891 19DF 0D05 >> Germany | 13B3 1759 C388 C92D 6BBB >> HRB 105213 B, Amtsgericht Charlottenburg, GF Felix Lindner > > > -- > http://gpgtools.org > http://gpgtools.org/about (Google+, Twitter, RSS) > > _______________________________________________ > gpgtools-users mailing list > gpgtools-users at lists.gpgtools.org > FAQ: http://www.gpgtools.org/faq.html > Changes: http://lists.gpgtools.org/mailman/listinfo/gpgtools-users > Unsubscribe: http://lists.gpgtools.org/mailman/options/gpgtools-users/pzsgeneral at me.com?unsub=Unsubscribe&unsubconfirm=1 > > This email sent to: pzsgeneral at me.com From nicholas.cole at gmail.com Sat Nov 26 18:25:22 2011 From: nicholas.cole at gmail.com (Nicholas Cole) Date: Sat, 26 Nov 2011 17:25:22 +0000 Subject: [gpgtools-users] [gpgtools-devel] Joint OpenPGP (JS) implementation In-Reply-To: References: <61C40F54-2678-439C-8A13-C6CEC43C6FB9@gpgtools.org> <4EB82EED.7010209@mtu.edu> <4EB87A7C.5070703@mtu.edu> <7A5D4717-6EB1-448E-9AB3-596426C2129D@gpgtools.org> <81D15B68-F98C-4D1F-9585-A8023BCB35E0@gpgtools.org> <8C352D00-3BDE-4A67-8DF8-502C97E4C447@gpgtools.org> <4EC74C59.5080501@mtu.edu> <356B4E98-B10A-4FDB-8422-46DF5F801123@gpgtools.org> <5121D268-A0E8-4223-AF11-5B0A2684B870@gpgtools.org> <4ECB0757.2070902@privacyfoundation.de> <20111124120208.5f35eb99.fx@recurity-labs.com>

Message-ID: >>>>>>>> It seems to be clear that there is a big demand of a single core >>>>> JavaScript OpenPGP implementation and we find more and more >>>>> projects and developers. Dear Lists, All these projects are very interesting. Forgive a slightly off-topic but important question that they raise, though. What are the legal implications of contributing to these sorts of wrapper projects? Do such projects count as "export" of "dual use" cryptography for the purpose of EU and USA laws? In the past, such questions have caused open source projects no end of headaches: http://www.debian.org/legal/cryptoinmain The "crypto law survey" attempts to answer some of these questions. Following the links for the UK and the USA, it looks to me as if *any* project that facilitates the use of cryptography would have to take legal advice, even if it is merely a wrapper for another program or library, and would have to be careful about where it was hosted, and who it accepted contributions from. Is that correct? The GPG project itself must have hit many of these issues. Is there a write-up anywhere of their conclusions? Something like that might be helpful for other people starting these sorts of projects. Best wishes, Nicholas (I am not a lawyer...) From wk at gnupg.org Sat Nov 26 20:10:36 2011 From: wk at gnupg.org (Werner Koch) Date: Sat, 26 Nov 2011 20:10:36 +0100 Subject: [gpgtools-users] [gpgtools-devel] Joint OpenPGP (JS) implementation In-Reply-To: (Nicholas Cole's message of "Sat, 26 Nov 2011 17:25:22 +0000") References: <61C40F54-2678-439C-8A13-C6CEC43C6FB9@gpgtools.org> <4EB82EED.7010209@mtu.edu> <4EB87A7C.5070703@mtu.edu> <7A5D4717-6EB1-448E-9AB3-596426C2129D@gpgtools.org> <81D15B68-F98C-4D1F-9585-A8023BCB35E0@gpgtools.org> <8C352D00-3BDE-4A67-8DF8-502C97E4C447@gpgtools.org> <4EC74C59.5080501@mtu.edu> <356B4E98-B10A-4FDB-8422-46DF5F801123@gpgtools.org> <5121D268-A0E8-4223-AF11-5B0A2684B870@gpgtools.org> <4ECB0757.2070902@privacyfoundation.de> <20111124120208.5f35eb99.fx@recurity-labs.com>

Message-ID: <87pqgebsyb.fsf@vigenere.g10code.de> On Sat, 26 Nov 2011 18:25, nicholas.cole at gmail.com said: > The GPG project itself must have hit many of these issues. Is there a No, we don't. GnuPG has originally been developed in Germany because we have been able to do that without being affected by the US _export_ restrictions. We had to reject any contributions from US citizens or from people living the the US. That changed by end of 2000 when the export restrictions were basically dropped for all kind of freely available software. In the US you only need to send an announcement mail to some address of the US Department of Commerce to contribute to a crypto project. I don't have the details at hand, because I am not affected ;-) We still keep the GnuPG infrastructure (e.g. the primary FTP server) in Europe to be prepared for the case that the US start to restrict crypto again. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From ml at mareichelt.com Mon Nov 28 20:00:09 2011 From: ml at mareichelt.com (markus reichelt) Date: Mon, 28 Nov 2011 20:00:09 +0100 Subject: Keysigning Event Aachen Message-ID: <20111128190009.GD22368@pc21.mareichelt.com> Aloha, Oecher Keysigning Party III Do 15.12.2011, 18:30 Uhr s.t. Aachen, Elisenbrunnen (linker Fl?gel) http://mareichelt.com/okp3/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From nicholas.cole at gmail.com Mon Nov 28 21:46:33 2011 From: nicholas.cole at gmail.com (Nicholas Cole) Date: Mon, 28 Nov 2011 20:46:33 +0000 Subject: [gpgtools-users] [gpgtools-devel] Joint OpenPGP (JS) implementation In-Reply-To: <87pqgebsyb.fsf@vigenere.g10code.de> References: <61C40F54-2678-439C-8A13-C6CEC43C6FB9@gpgtools.org> <4EB82EED.7010209@mtu.edu> <4EB87A7C.5070703@mtu.edu> <7A5D4717-6EB1-448E-9AB3-596426C2129D@gpgtools.org> <81D15B68-F98C-4D1F-9585-A8023BCB35E0@gpgtools.org> <8C352D00-3BDE-4A67-8DF8-502C97E4C447@gpgtools.org> <4EC74C59.5080501@mtu.edu> <356B4E98-B10A-4FDB-8422-46DF5F801123@gpgtools.org> <5121D268-A0E8-4223-AF11-5B0A2684B870@gpgtools.org> <4ECB0757.2070902@privacyfoundation.de> <20111124120208.5f35eb99.fx@recurity-labs.com>

<87pqgebsyb.fsf@vigenere.g10code.de> Message-ID: On Sat, Nov 26, 2011 at 7:10 PM, Werner Koch wrote: > On Sat, 26 Nov 2011 18:25, nicholas.cole at gmail.com said: > >> The GPG project itself must have hit many of these issues. ?Is there a > > No, we don't. ?GnuPG has originally been developed in Germany because we > have been able to do that without being affected by the US _export_ > restrictions. ?We had to reject any contributions from US citizens or > from people living the the US. ?That changed by end of 2000 when the > export restrictions were basically dropped for all kind of freely > available software. ?In the US you only need to send an announcement > mail to some address of the US Department of Commerce to contribute to a > crypto project. ?I don't have the details at hand, because I am not > affected ;-) > > We still keep the GnuPG infrastructure (e.g. the primary FTP server) in > Europe to be prepared for the case that the US start to restrict crypto > again. The rules seem so complicated that even from the UK (that is, within the E.U.) I can't work out what the rules for open source are! What a mess! Nicholas From dshaw at jabberwocky.com Mon Nov 28 23:17:30 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 28 Nov 2011 17:17:30 -0500 Subject: [gpgtools-users] [gpgtools-devel] Joint OpenPGP (JS) implementation In-Reply-To: <87pqgebsyb.fsf@vigenere.g10code.de> References: <61C40F54-2678-439C-8A13-C6CEC43C6FB9@gpgtools.org> <4EB82EED.7010209@mtu.edu> <4EB87A7C.5070703@mtu.edu> <7A5D4717-6EB1-448E-9AB3-596426C2129D@gpgtools.org> <81D15B68-F98C-4D1F-9585-A8023BCB35E0@gpgtools.org> <8C352D00-3BDE-4A67-8DF8-502C97E4C447@gpgtools.org> <4EC74C59.5080501@mtu.edu> <356B4E98-B10A-4FDB-8422-46DF5F801123@gpgtools.org> <5121D268-A0E8-4223-AF11-5B0A2684B870@gpgtools.org> <4ECB0757.2070902@privacyfoundation.de> <20111124120208.5f35eb99.fx@recurity-labs.com>

<87pqgebsyb.fsf@vigenere.g10code.de> Message-ID: <8E1066BF-8F3E-42B0-84D3-A7AEB46FFAAF@jabberwocky.com> On Nov 26, 2011, at 2:10 PM, Werner Koch wrote: > On Sat, 26 Nov 2011 18:25, nicholas.cole at gmail.com said: > >> The GPG project itself must have hit many of these issues. Is there a > > No, we don't. GnuPG has originally been developed in Germany because we > have been able to do that without being affected by the US _export_ > restrictions. We had to reject any contributions from US citizens or > from people living the the US. That changed by end of 2000 when the > export restrictions were basically dropped for all kind of freely > available software. In the US you only need to send an announcement > mail to some address of the US Department of Commerce to contribute to a > crypto project. I don't have the details at hand, because I am not > affected ;-) I had to do it for years. For each release of GPG that I contributed to, I sent an email containing a pointer to the new source code to the Commerce Department. The rules changed slightly in 2004, so that you could send a single email and then be done until the information in that email changed, so I just sent "www.gnupg.org" and haven't bothered with the email since. The rules: http://www.bis.doc.gov/encryption/pubavailencsourcecodenofify.html The 2004 rule change: http://edocket.access.gpo.gov/2004/04-26992.htm David From dshaw at jabberwocky.com Tue Nov 29 21:07:16 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 29 Nov 2011 15:07:16 -0500 Subject: keys.gnupg.net In-Reply-To: <000601cca670$f88f4a70$e9addf50$@net> References: <000601cca670$f88f4a70$e9addf50$@net> Message-ID: On Nov 18, 2011, at 11:09 PM, John A. Wallace wrote: > In addition, it seems to imply to me from the instructions online at > http://www.gnupg.org/documentation/manuals/gnupg-devel/GPG-Configuration-Opt > ions.html, that I could in fact use more than one "keyserver 'name'" option > in my 'gpg.conf' file; and that I could use different options for different > keyservers. At least that is how I understand these instructions: > > " After the keyserver name, optional keyserver configuration options may be > provided. These are the same as the global --keyserver-options from below, > but apply only to this particular keyserver." > > Or is this instruction referring only to different options for different > "types" (e.g., hkp, ldap or mailto) of keyservers? I mean, if I am > interpreting it right, I could, theoretically, use these lines in gpg.conf: > > keyserver hkp://keys.gnupg.net > keyserver hkps://zimmermann.mayfirst.org ca-cert-file= gnupghome>\mfpl.crt > keyserver-options verbose Yes, you can. It's different options per keyserver, not per type. David From cryptostick at privacyfoundation.de Tue Nov 29 21:27:50 2011 From: cryptostick at privacyfoundation.de (Crypto Stick) Date: Wed, 30 Nov 2011 04:27:50 +0800 Subject: Card only available to root user In-Reply-To: <20110804214955.GB31134@atlas> References: <20110804212536.GA31134@atlas> <20110804214955.GB31134@atlas> Message-ID: <4ED54046.3090102@privacyfoundation.de> Hi Luis, sorry for the late reply. You need an appropriate UDEV rule. On Debian you can install the following package: https://www.assembla.com/spaces/cryptostick/documents/ds_EMCisGr4k7QeJe5cbCb/download/ds_EMCisGr4k7QeJe5cbCb Alternatively and on other systems you might copy the following UDEV rule to the directory /etc/udev/rules.d https://www.privacyfoundation.de/wiki/CryptoStickSoftware?action=AttachFile&do=view&target=40-cryptostick.rules Am 05.08.2011 05:49, schrieb Luis de Bethencourt: > On Thu, Aug 04, 2011 at 11:25:36PM +0200, Luis de Bethencourt wrote: >> Hi everybody and thanks for the help. >> >> I recently upgraded my GnuPG setup with a Smart Card (GnuPG Card v2). >> >> I can get/set the information of the card through the root user, but this is >> not good for everyday use. I think I have pinpointed the problem, scdaemon >> iny my machine doesn't like anybody but root. >> >> Here is a paste of a few commands to show the problem: >> >> luisbg at atlas ~ $ gpg --card-status >> gpg: selecting openpgp failed: Unsupported certificate >> gpg: OpenPGP card not available: Unsupported certificate >> >> luisbg at atlas ~ $ sudo gpg --card-status >> scdaemon[31077]: reading public key failed: Missing item in object >> scdaemon[31077]: reading public key failed: Missing item in object >> Application ID ...: D276000124010200000500000CC90000 >> Version ..........: 2.0 >> Manufacturer .....: ZeitControl >> Serial number ....: 00000CC9 >> Name of cardholder: Luis de Bethencourt >> Language prefs ...: en >> Sex ..............: male >> URL of public key : http://people.collabora.com/~luisbg/gpg_pub_key_873B518D >> Login data .......: luisbg >> Signature PIN ....: not forced >> Key attributes ...: 2048R 2048R 2048R >> Max. PIN lengths .: 32 32 32 >> PIN retry counter : 3 0 3 >> Signature counter : 2 >> Signature key ....: 3F4A 28A6 568A CD30 480A F9EB 6BBF 9F19 873B 518D >> created ....: 2011-07-26 12:22:00 >> Encryption key....: [none] >> Authentication key: [none] >> General key info..: [none] >> scdaemon[31077]: updating slot 0 status: 0x0000->0x0007 (0->1) >> >> luisbg at atlas ~ $ gpg-agent --server gpg-connect-agent >> OK Pleased to meet you >> SCD LEARN >> S SERIALNO D276000124010200000500000CC90000 0 >> INQUIRE KNOWNCARDP D276000124010200000500000CC90000 0 >> scdaemon[31088]: updating slot 0 status: 0x0000->0x0007 (0->1) >> >> >> Notice how I can check the status as root, and do SCD Learn as my user. But not >> check the status as my user (or sign my mails, which is the main problem). Also >> pcsc_scan works with my user, it shows the Serial number of the card. >> >> If it helps, I'm running gentoo with: >> gpg (GnuPG) 2.0.17 >> scdaemon (GnuPG) 2.0.17 >> pcsc-lite version 1.7.2 >> gpg-agent (GnuPG) 2.0.17 >> >> luisbg at atlas ~ $ gpgconf >> gpg:GPG for OpenPGP:/usr/bin/gpg2 >> gpg-agent:GPG Agent:/usr/bin/gpg-agent >> scdaemon:Smartcard Daemon:/usr/bin/scdaemon >> gpgsm:GPG for S/MIME:/usr/bin/gpgsm >> dirmngr:Directory Manager:/usr/bin/dirmngr >> >> >> Thanks a million for the help, >> Luis > > > By the way, I should mention I have replicated this issue in my two gentoo-based > machines. > > But then got the card and reader working very easily in an other machine which > runs debian. So the hardware is OK. Unforunately for this case, my laptop is > one of the gentoo machines, and that is the machine I will make more use of the > card. > > Thanks, > Luis > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From olav at enigmail.net Tue Nov 29 22:06:45 2011 From: olav at enigmail.net (Olav Seyfarth) Date: Tue, 29 Nov 2011 22:06:45 +0100 Subject: Card only available to root user In-Reply-To: <4ED54046.3090102@privacyfoundation.de> References: <20110804212536.GA31134@atlas> <20110804214955.GB31134@atlas> <4ED54046.3090102@privacyfoundation.de> Message-ID: <4ED54965.4050502@enigmail.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hi anonymous "Crypto Stick" and OpenPGP card users on Linux, > You need an appropriate UDEV rule. On Debian you can install... Thanks for that link! Will the package find its way to the official debian repositories? // Historical side note: Once Linux was famous to auto-detect all necessary // drivers automatically while DOS/Windows did not. Today, it seems, // situation has switched. > Alternatively / on other systems you might copy the following UDEV rule... Oh, I did not know of that, too, thanks. I also have a CryptoStick but prefer to use my Card since it may remain while transporting the laptop. (No, I am not concerned that anyone could steal it since I'd know it immediately and revoke.) After using debian (and sometimes Ubuntu) I thought I'd give Fedora 16 a try. I was thrilled to see that the fingerprint sensor was supported automatically but still using OpenPGP SmartCard requires quite some manual tweaking :-( I looked on the GnuPG homepage first but the HowTo at http://www.gnupg.org/howtos/card-howto/en/ch02s03.html#id2519429 has broken/missing links for the two files gnupg-ccid.rules and gnupg-ccid. I finally found the FSFE HowTo and tried the files from there https://wiki.fsfe.org/Card_howtos/Card_reader_setup_(udev) My user is member of the scard group. Yet I still have the same issue as Luis - access as root OK but not als user: | $ gpg --card-status | gpg: pcsc_establish_context failed: no service (0x8010001d) | gpg: Kartenleser ist nicht vorhanden | gpg: OpenPGP Karte ist nicht vorhanden: Allgemeiner Fehler | | # gpg --card-status | Application ID ...: D2760001240102000005000002220000 | Version ..........: 2.0 | Manufacturer .....: ZeitControl | [...] It seems the above files don't solve my problem since they all trigger on USB events. However, my PCMCIA based reader Omnikey CardMan 4040 (linked as supported device on http://www.gnupg.org/howtos/card-howto/en/ch02s02.html) seems to be PCI based: lsusb doesn't list it, lspci lists | 02:04.0 CardBus bridge: Ricoh Co Ltd RL5c476 II (rev b6) and lspcmcia yields | Socket 0 Bridge: [yenta_cardbus] (bus ID: 0000:02:04.0) | Socket 0 Device 0: [cm4040_cs] (bus ID: 0.0) And I don't know where to look how to compile my own rules for cm4040_cs. Any help appreciated. Olav - -- The Enigmail Project - OpenPGP Email Security For Mozilla Applications -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Dies ist eine elektronische Signatur - http://enigmail.mozdev.org/ iQGcBAEBAwAGBQJO1UlfAAoJEKGX32tq4e9WlOAL/AhAXqsR1jF89ikpnv1ztt+T R3/I94fBb0RFlVbJkila4gNDGdN+a1jDxghuYOT687LFMiIK2vRMOSeluh/OT8hQ qhhRBioEoCqQrvmw5er+/cyhDRg93ukIYk8VCxlJRNx0av4+CxWN0GhpBkTCTAet AvZhEIOZy4bQlBaOW3ZlEgjx8FVqQiZ1CWagDFRwtH1YBleR8sVyMMtVWbdNNqe2 uabqvdaD1Hf36hXnTzhs5boVGdKcJoLEK2Do7Un3nvd6G7aMYPCSM3aIxD0V5JW4 vsZ1kgGkEv2ysYd9LqNHTALA1PLufNbzZfFjH8q0ua09Ig7Z7hlIu7wDKwMRzUhs EBGJ2qw+VlkBuMx3z/7X8ajRdUwsmiXHypPfAxF0dRxS80V2h0G/n8I0hXtrQj5Z paZYv8ap3u92A29TrabBNQE2eNYWWNK/eTIzl/CjB00/i4PB0Jj5mLL7xIrfUtV8 ToWPgk7xq+33vMz8vgVEzU/xbaUVOmnPoBZRtXxGxw== =1Lm1 -----END PGP SIGNATURE----- From lists at michel-messerschmidt.de Tue Nov 29 22:30:18 2011 From: lists at michel-messerschmidt.de (Michel Messerschmidt) Date: Tue, 29 Nov 2011 22:30:18 +0100 Subject: Card only available to root user In-Reply-To: <4ED54965.4050502@enigmail.net> References: <20110804212536.GA31134@atlas> <20110804214955.GB31134@atlas> <4ED54046.3090102@privacyfoundation.de> <4ED54965.4050502@enigmail.net> Message-ID: <20111129213018.GA4768@hiro.matrix> On Tue, Nov 29, 2011 at 10:06:45PM +0100, Olav Seyfarth wrote: > It seems the above files don't solve my problem since they all trigger on USB > events. However, my PCMCIA based reader Omnikey CardMan 4040 (linked as > supported device on http://www.gnupg.org/howtos/card-howto/en/ch02s02.html) > seems to be PCI based: > > lsusb doesn't list it, lspci lists > | 02:04.0 CardBus bridge: Ricoh Co Ltd RL5c476 II (rev b6) > and lspcmcia yields > | Socket 0 Bridge: [yenta_cardbus] (bus ID: 0000:02:04.0) > | Socket 0 Device 0: [cm4040_cs] (bus ID: 0.0) > > And I don't know where to look how to compile my own rules for cm4040_cs. > Any help appreciated. I haven't used this reader for years. But back then this udev rule worked for me: ACTION=="add", SUBSYSTEM=="cardman_4040", GROUP="scard", MODE="0660" IIRC the cs4040 created its own device entry /dev/cmx (or something similar) Michel -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 490 bytes Desc: Digital signature URL: From joetamber at yahoo.com Wed Nov 30 05:53:52 2011 From: joetamber at yahoo.com (Joe Tamber) Date: Tue, 29 Nov 2011 20:53:52 -0800 (PST) Subject: PGP decryption and "built-in" integrity checking? Message-ID: <1322628832.42444.YahooMailNeo@web110708.mail.gq1.yahoo.com> Hello all, Let's assume a file was encrypted with PGP, and then subsequently transmitted to another system over the internet. During the transmission, one byte from the PGP file was dropped off... the recipient received everything except one byte from this PGP encrypted file. When the recipient tries to decrypt the file, would the PGP software detect that there was a data integrity issue and produce an error - or - would it actually output a decrypted file (which I presume would be flawed, since the encrypted source file was missing a byte)? Thanks in advance for any insight you can provide, Joe -------------- next part -------------- An HTML attachment was scrubbed... URL: From dshaw at jabberwocky.com Wed Nov 30 07:21:23 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 30 Nov 2011 01:21:23 -0500 Subject: PGP decryption and "built-in" integrity checking? In-Reply-To: <1322628832.42444.YahooMailNeo@web110708.mail.gq1.yahoo.com> References: <1322628832.42444.YahooMailNeo@web110708.mail.gq1.yahoo.com> Message-ID: <6EB5F691-13E1-40F2-8EDA-521651EB875A@jabberwocky.com> On Nov 29, 2011, at 11:53 PM, Joe Tamber wrote: > Hello all, > > Let's assume a file was encrypted with PGP, and then subsequently transmitted to another system over the internet. > During the transmission, one byte from the PGP file was dropped off... the recipient received everything except one byte from this PGP encrypted file. > > When the recipient tries to decrypt the file, would the PGP software detect that there was a data integrity issue and produce an error - or - would it actually output a decrypted file (which I presume would be flawed, since the encrypted source file was missing a byte)? The encrypted file contains more than just the original data. There are also various headers and other structure given to the file by OpenPGP. There is a built in integrity check in OpenPGP called the MDC, which covers the original data. Any tampering to that "area" of the file will result in an error indicating an MDC failure. If there is tampering to the OpenPGP structures, it may not cause an MDC error (in your example of a single byte truncation at the end, for example, it won't), but it will most likely cause the file to not parse correctly and thus return a (different) error. Note that the MDC is on by default, but can be turned off, either via the command line/config file or by a particular key. David From jerome at jeromebaum.com Wed Nov 30 06:57:10 2011 From: jerome at jeromebaum.com (Jerome Baum) Date: Wed, 30 Nov 2011 06:57:10 +0100 Subject: PGP decryption and "built-in" integrity checking? In-Reply-To: <1322628832.42444.YahooMailNeo@web110708.mail.gq1.yahoo.com> References: <1322628832.42444.YahooMailNeo@web110708.mail.gq1.yahoo.com> Message-ID: <4ED5C5B6.4060508@jeromebaum.com> > When the recipient tries to decrypt the file, would the PGP software > detect that there was a data integrity issue and produce an error - > or - would it actually output a decrypted file (which I presume would > be flawed, since the encrypted source file was missing a byte)? Usually there will be an MDC (checksum) and that will fail. So it'll produce an error. If you need to recover the file, you could try to cycle the byte through all values -- 256 possibilities isn't a huge search space. -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA -- Recht: Internet-freier Raum. -- No situation is so dire that panic cannot make it worse. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 878 bytes Desc: OpenPGP digital signature URL: From gnupg at lists.grepular.com Wed Nov 30 13:18:10 2011 From: gnupg at lists.grepular.com (gnupg at lists.grepular.com) Date: Wed, 30 Nov 2011 12:18:10 +0000 Subject: Possible IPv6 bug for --keyserver option Message-ID: <4ED61F02.1050603@lists.grepular.com> mike at Fuzzbutt:~$ gpg --keyserver grepular.com --recv-key 11111111 gpg: requesting key 11111111 from hkp server grepular.com gpgkeys: HTTP fetch error 7: Failed to connect to 2001:470:1f09:1186::beef: Network is unreachable gpg: no valid OpenPGP data found. gpg: Total number processed: 0 mike at Fuzzbutt:~$ Why is gpg trying to connect to the IPv6 address here? The machine I'm running it from doesn't have an IPv6 address, so it should be using the A record instead of the AAAA record... mike at Fuzzbutt:~$ ifconfig|grep inet6 mike at Fuzzbutt:~$ I'm running GnuPG 2.0.14 on Ubuntu 11.04 P.S. There isn't a keyserver at grepular.com, so I wasn't expecting it to work. I just wasn't expecting it to use the AAAA record instead of the A record. -- Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Wed Nov 30 14:34:15 2011 From: wk at gnupg.org (Werner Koch) Date: Wed, 30 Nov 2011 14:34:15 +0100 Subject: Card only available to root user In-Reply-To: <4ED54965.4050502@enigmail.net> (Olav Seyfarth's message of "Tue, 29 Nov 2011 22:06:45 +0100") References: <20110804212536.GA31134@atlas> <20110804214955.GB31134@atlas> <4ED54046.3090102@privacyfoundation.de> <4ED54965.4050502@enigmail.net> Message-ID: <877h2h91k8.fsf@vigenere.g10code.de> On Tue, 29 Nov 2011 22:06, olav at enigmail.net said: > events. However, my PCMCIA based reader Omnikey CardMan 4040 (linked as > supported device on http://www.gnupg.org/howtos/card-howto/en/ch02s02.html) Omnikey based devices don't work with the v2 card on nin-Unix platforms. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From dshaw at jabberwocky.com Wed Nov 30 17:25:07 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 30 Nov 2011 11:25:07 -0500 Subject: Possible IPv6 bug for --keyserver option In-Reply-To: <4ED61F02.1050603@lists.grepular.com> References: <4ED61F02.1050603@lists.grepular.com> Message-ID: <2891EF58-6DF5-46F9-8C8C-0A0589BE0804@jabberwocky.com> On Nov 30, 2011, at 7:18 AM, gnupg at lists.grepular.com wrote: > mike at Fuzzbutt:~$ gpg --keyserver grepular.com --recv-key 11111111 > gpg: requesting key 11111111 from hkp server grepular.com > gpgkeys: HTTP fetch error 7: Failed to connect to > 2001:470:1f09:1186::beef: Network is unreachable > gpg: no valid OpenPGP data found. > gpg: Total number processed: 0 > mike at Fuzzbutt:~$ > > Why is gpg trying to connect to the IPv6 address here? The machine I'm > running it from doesn't have an IPv6 address, so it should be using the > A record instead of the AAAA record... > > mike at Fuzzbutt:~$ ifconfig|grep inet6 > mike at Fuzzbutt:~$ > > I'm running GnuPG 2.0.14 on Ubuntu 11.04 > > P.S. There isn't a keyserver at grepular.com, so I wasn't expecting it > to work. I just wasn't expecting it to use the AAAA record instead of > the A record. Hmm. GnuPG uses libcurl to do the HTTP part of fetching keys, so this might actually be a Curl question. Curl (at least on Linux) uses getaddrinfo to resolve out the IPv4 vs IPv6 question. What happens if you do "curl -v http://grepular.com:11371" on the command line? See also http://manpages.ubuntu.com/manpages/natty/man5/gai.conf.5.html David From gnupg at lists.grepular.com Wed Nov 30 17:43:11 2011 From: gnupg at lists.grepular.com (gnupg at lists.grepular.com) Date: Wed, 30 Nov 2011 16:43:11 +0000 Subject: Possible IPv6 bug for --keyserver option In-Reply-To: <2891EF58-6DF5-46F9-8C8C-0A0589BE0804@jabberwocky.com> References: <4ED61F02.1050603@lists.grepular.com> <2891EF58-6DF5-46F9-8C8C-0A0589BE0804@jabberwocky.com> Message-ID: <4ED65D1F.5020701@lists.grepular.com> On 30/11/11 16:25, David Shaw wrote: >> mike at Fuzzbutt:~$ gpg --keyserver grepular.com --recv-key 11111111 >> gpg: requesting key 11111111 from hkp server grepular.com >> gpgkeys: HTTP fetch error 7: Failed to connect to >> 2001:470:1f09:1186::beef: Network is unreachable >> gpg: no valid OpenPGP data found. >> gpg: Total number processed: 0 >> mike at Fuzzbutt:~$ >> >> Why is gpg trying to connect to the IPv6 address here? The machine I'm >> running it from doesn't have an IPv6 address, so it should be using the >> A record instead of the AAAA record... >> >> mike at Fuzzbutt:~$ ifconfig|grep inet6 >> mike at Fuzzbutt:~$ >> >> I'm running GnuPG 2.0.14 on Ubuntu 11.04 >> >> P.S. There isn't a keyserver at grepular.com, so I wasn't expecting it >> to work. I just wasn't expecting it to use the AAAA record instead of >> the A record. > > Hmm. GnuPG uses libcurl to do the HTTP part of fetching keys, so this might actually be a Curl question. Curl (at least on Linux) uses getaddrinfo to resolve out the IPv4 vs IPv6 question. What happens if you do "curl -v http://grepular.com:11371" on the command line? > > See also http://manpages.ubuntu.com/manpages/natty/man5/gai.conf.5.html Seems curl tries IPv4 then IPv6. mike at Fuzzbutt:~$ curl -v http://grepular.com:11371 * About to connect() to grepular.com port 11371 (#0) * Trying 178.79.145.246... Connection refused * Trying 2001:470:1f09:1186::beef... Failed to connect to 2001:470:1f09:1186::beef: Network is unreachable * Success * couldn't connect to host * Closing connection #0 curl: (7) Failed to connect to 2001:470:1f09:1186::beef: Network is unreachable -- Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From dshaw at jabberwocky.com Wed Nov 30 18:31:50 2011 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 30 Nov 2011 12:31:50 -0500 Subject: Possible IPv6 bug for --keyserver option In-Reply-To: <4ED65D1F.5020701@lists.grepular.com> References: <4ED61F02.1050603@lists.grepular.com> <2891EF58-6DF5-46F9-8C8C-0A0589BE0804@jabberwocky.com> <4ED65D1F.5020701@lists.grepular.com> Message-ID: <3762667F-55C3-4684-B93C-FC2BE5BD4AE6@jabberwocky.com> On Nov 30, 2011, at 11:43 AM, gnupg at lists.grepular.com wrote: > On 30/11/11 16:25, David Shaw wrote: > >>> mike at Fuzzbutt:~$ gpg --keyserver grepular.com --recv-key 11111111 >>> gpg: requesting key 11111111 from hkp server grepular.com >>> gpgkeys: HTTP fetch error 7: Failed to connect to >>> 2001:470:1f09:1186::beef: Network is unreachable >>> gpg: no valid OpenPGP data found. >>> gpg: Total number processed: 0 >>> mike at Fuzzbutt:~$ >>> >>> Why is gpg trying to connect to the IPv6 address here? The machine I'm >>> running it from doesn't have an IPv6 address, so it should be using the >>> A record instead of the AAAA record... >>> >>> mike at Fuzzbutt:~$ ifconfig|grep inet6 >>> mike at Fuzzbutt:~$ >>> >>> I'm running GnuPG 2.0.14 on Ubuntu 11.04 >>> >>> P.S. There isn't a keyserver at grepular.com, so I wasn't expecting it >>> to work. I just wasn't expecting it to use the AAAA record instead of >>> the A record. >> >> Hmm. GnuPG uses libcurl to do the HTTP part of fetching keys, so this might actually be a Curl question. Curl (at least on Linux) uses getaddrinfo to resolve out the IPv4 vs IPv6 question. What happens if you do "curl -v http://grepular.com:11371" on the command line? >> >> See also http://manpages.ubuntu.com/manpages/natty/man5/gai.conf.5.html > > Seems curl tries IPv4 then IPv6. > > mike at Fuzzbutt:~$ curl -v http://grepular.com:11371 > * About to connect() to grepular.com port 11371 (#0) > * Trying 178.79.145.246... Connection refused > * Trying 2001:470:1f09:1186::beef... Failed to connect to > 2001:470:1f09:1186::beef: Network is unreachable > * Success > * couldn't connect to host > * Closing connection #0 > curl: (7) Failed to connect to 2001:470:1f09:1186::beef: Network is > unreachable Yes, but look at the error message. It matches what you saw from GnuPG. It looks like libcurl tries the IPv4, fails, then the IPv6, and fails again. It only displays an error message for the IPv6 as that was the last thing tried. The keyserver handler uses libcurl as well, and is doing the same thing. David From gnupg at lists.grepular.com Wed Nov 30 19:05:47 2011 From: gnupg at lists.grepular.com (gnupg at lists.grepular.com) Date: Wed, 30 Nov 2011 18:05:47 +0000 Subject: Possible IPv6 bug for --keyserver option In-Reply-To: <3762667F-55C3-4684-B93C-FC2BE5BD4AE6@jabberwocky.com> References: <4ED61F02.1050603@lists.grepular.com> <2891EF58-6DF5-46F9-8C8C-0A0589BE0804@jabberwocky.com> <4ED65D1F.5020701@lists.grepular.com> <3762667F-55C3-4684-B93C-FC2BE5BD4AE6@jabberwocky.com> Message-ID: <4ED6707B.90507@lists.grepular.com> On 30/11/11 17:31, David Shaw wrote: >> Seems curl tries IPv4 then IPv6. >> >> mike at Fuzzbutt:~$ curl -v http://grepular.com:11371 >> * About to connect() to grepular.com port 11371 (#0) >> * Trying 178.79.145.246... Connection refused >> * Trying 2001:470:1f09:1186::beef... Failed to connect to >> 2001:470:1f09:1186::beef: Network is unreachable >> * Success >> * couldn't connect to host >> * Closing connection #0 >> curl: (7) Failed to connect to 2001:470:1f09:1186::beef: Network is >> unreachable > > Yes, but look at the error message. It matches what you saw from GnuPG. It looks like libcurl tries the IPv4, fails, then the IPv6, and fails again. It only displays an error message for the IPv6 as that was the last thing tried. The keyserver handler uses libcurl as well, and is doing the same thing. You're correct. tcpdump has confirmed that the initial attempt is done over IPv4. Still, the error message returned from gpg is misleading... -- Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From peter at digitalbrains.com Wed Nov 30 20:25:09 2011 From: peter at digitalbrains.com (Peter Lebbing) Date: Wed, 30 Nov 2011 20:25:09 +0100 Subject: Possible IPv6 bug for --keyserver option In-Reply-To: <4ED6707B.90507@lists.grepular.com> References: <4ED61F02.1050603@lists.grepular.com> <2891EF58-6DF5-46F9-8C8C-0A0589BE0804@jabberwocky.com> <4ED65D1F.5020701@lists.grepular.com> <3762667F-55C3-4684-B93C-FC2BE5BD4AE6@jabberwocky.com> <4ED6707B.90507@lists.grepular.com> Message-ID: <4ED68315.60103@digitalbrains.com> On 30/11/11 19:05, gnupg at lists.grepular.com wrote: > You're correct. tcpdump has confirmed that the initial attempt is done > over IPv4. Still, the error message returned from gpg is misleading... I also find the error message from curl somewhat misleading, although technically correct. I would prefer not to see any IPv6 stuff when it is totally not configured. I would in that case even prefer not to see a lookup for AAAA, it is a waste of resources. If you don't have IPv6, do you consider it unreachable or unavailable, that's what it partly boils down to. Do we need error messages for all the things a library /supports/, or only for those things we have /available/ on our system? It is only confusing to a user to see messages relating to something they might never have heard of. This time it's IPv6, next time it's IPSec, then cool-extension-X... so the library should only return errors relevant to the actual system, so the program using the library can give relevant information to the user. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From olav at enigmail.net Wed Nov 30 22:27:19 2011 From: olav at enigmail.net (Olav Seyfarth) Date: Wed, 30 Nov 2011 22:27:19 +0100 Subject: Card only available to root user In-Reply-To: <877h2h91k8.fsf@vigenere.g10code.de> References: <20110804212536.GA31134@atlas> <20110804214955.GB31134@atlas> <4ED54046.3090102@privacyfoundation.de> <4ED54965.4050502@enigmail.net> <877h2h91k8.fsf@vigenere.g10code.de> Message-ID: <4ED69FB7.3090100@enigmail.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hi Werner, > Omnikey based devices don't work with the v2 card on nin-Unix platforms. that should be mentioned in the SmartCard HowTo then. And: I can access --card-status as root, just not as user ... Olav - -- The Enigmail Project - OpenPGP Email Security For Mozilla Applications -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Dies ist eine elektronische Signatur - http://enigmail.mozdev.org/ iQGcBAEBAwAGBQJO1p+tAAoJEKGX32tq4e9WQ0kMAJQmqN3ouPpBXZXbwkUjI3Bb MK7A7DdJ+0ldsWEyTfC2iVFi292+vgtPFrwOdFA5IxaA1x3yz2k8WKEflc1W/NEv yK6lGFCT9Wn1NMK3978Ocvn2oLlROlkHrFegRSFGxn0EjdavgsBv9lEznVA8fBhw ccimNw06WNLiL8JLoBx7V6PsI9PZ7NidfEp+P8DGoCiXhRqtL3lWCV2xCG+Koelr zzcko31/HiHR5TROtfi3NIo+v39kc/P2ZZoj4jtbVgOeQ5eOFaFYDEwLzxPDNGY8 5k8gm7uGBK9qZvRtkmaXuycaybA9L04Wzl+5Fi8sZ8yUcv5RvnWvJ8jjNFfkAfHf YtW8kd+bDdSm0QHDRbpCGdAE4Bal3GC2KrYKipNR4MHhyLKBCU2kymHGpgAaJL5o dtjA4Yew7x67U1lzd//4yMUoQ6XFaQ6O5PMqo59SsPdNhkhHrCmf2UYjDuOyURdy NG64RwjT1fn+ePeSEdyvplHYn+KfuEFaZS5hTTvEyw== =DtGk -----END PGP SIGNATURE----- From dougb at dougbarton.us Wed Nov 30 23:47:43 2011 From: dougb at dougbarton.us (Doug Barton) Date: Wed, 30 Nov 2011 14:47:43 -0800 Subject: Possible IPv6 bug for --keyserver option In-Reply-To: <4ED68315.60103@digitalbrains.com> References: <4ED61F02.1050603@lists.grepular.com> <2891EF58-6DF5-46F9-8C8C-0A0589BE0804@jabberwocky.com> <4ED65D1F.5020701@lists.grepular.com> <3762667F-55C3-4684-B93C-FC2BE5BD4AE6@jabberwocky.com> <4ED6707B.90507@lists.grepular.com> <4ED68315.60103@digitalbrains.com> Message-ID: <4ED6B28F.40205@dougbarton.us> On 11/30/2011 11:25, Peter Lebbing wrote: > On 30/11/11 19:05, gnupg at lists.grepular.com wrote: >> You're correct. tcpdump has confirmed that the initial attempt is done >> over IPv4. Still, the error message returned from gpg is misleading... > > I also find the error message from curl somewhat misleading, although > technically correct. I would prefer not to see any IPv6 stuff when it is totally > not configured. I would in that case even prefer not to see a lookup for AAAA, > it is a waste of resources. > > If you don't have IPv6, do you consider it unreachable or unavailable, that's > what it partly boils down to. > > Do we need error messages for all the things a library /supports/, or only for > those things we have /available/ on our system? It is only confusing to a user > to see messages relating to something they might never have heard of. This time > it's IPv6, next time it's IPSec, then cool-extension-X... so the library should > only return errors relevant to the actual system, so the program using the > library can give relevant information to the user. This usually happens when the OS has signaled that it has IPv6 available, but it's not actually configured on any interfaces. The usual way to fix this is to flip the knob that says "IPv6 is *not* available." Of course, a better way to fix it is to get IPv6. :) Doug -- "We could put the whole Internet into a book." "Too practical." Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/