From wk at gnupg.org Sun Apr 1 12:07:42 2012 From: wk at gnupg.org (Werner Koch) Date: Sun, 01 Apr 2012 12:07:42 +0200 Subject: gpgconf on FreeBSD-8.2 In-Reply-To: <20120331102543.410224e1@scorpio> (jerry@seibercom.net's message of "Sat, 31 Mar 2012 10:25:43 -0400") References: <20120331102543.410224e1@scorpio> Message-ID: <87wr5zojdd.fsf@vigenere.g10code.de> On Sat, 31 Mar 2012 16:25, jerry at seibercom.net said: > $ gpgconf --check-config > gpgconf: can not open global config file `/usr/local/etc/gnupg/gpgconf.conf': No such file or directory gpgconf.conf is an optional file it can be used to change the defaults compiled into gpgconf on a per user base. The idea is to disallow users to change certain options from Kleopatra or another frontend. Sure, they can still edit the respective configuration files manually. > gpgconf --check-config ~/.gnupg/gpg.conf The gpgconf.conf file as a different syntax than gpg.conf, gpg-agent.conf et al. What to you want to do? Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From jerry at seibercom.net Sun Apr 1 14:19:37 2012 From: jerry at seibercom.net (Jerry) Date: Sun, 1 Apr 2012 08:19:37 -0400 Subject: gpgconf on FreeBSD-8.2 In-Reply-To: <87wr5zojdd.fsf@vigenere.g10code.de> References: <20120331102543.410224e1@scorpio> <87wr5zojdd.fsf@vigenere.g10code.de> Message-ID: <20120401081937.1ce9fafd@scorpio> On Sun, 01 Apr 2012 12:07:42 +0200 Werner Koch articulated: > On Sat, 31 Mar 2012 16:25, jerry at seibercom.net said: > > > $ gpgconf --check-config > > gpgconf: can not open global config file > > `/usr/local/etc/gnupg/gpgconf.conf': No such file or directory > > gpgconf.conf is an optional file it can be used to change the defaults > compiled into gpgconf on a per user base. The idea is to disallow > users to change certain options from Kleopatra or another frontend. > Sure, they can still edit the respective configuration files > manually. > > > gpgconf --check-config ~/.gnupg/gpg.conf > > The gpgconf.conf file as a different syntax than gpg.conf, > gpg-agent.conf et al. > > What to you want to do? Sorry, I thought that was obvious. I want to check the file, in this case the ~/.gnupg/gpg.conf file for proper syntax, etc. I am attempting to use in in the same fashion that I use "postconf" to check Postfix's configuration files. Many applications have utilities to check their config files, "Dovecot", "ClamAV", etcetera. I thought that the "gpgconf" utility would accomplish the same thing. While the documentation does not specifically state that it DOES work on the gpg.conf file, nothing says that it doesn't either. In my humble opinion, the documentation is slightly ambiguous. Sorry to have wasted your time. -- Jerry ? Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ The rose of yore is but a name, mere names are left to us. From wk at gnupg.org Mon Apr 2 11:25:32 2012 From: wk at gnupg.org (Werner Koch) Date: Mon, 02 Apr 2012 11:25:32 +0200 Subject: gpgconf on FreeBSD-8.2 In-Reply-To: <20120401081937.1ce9fafd@scorpio> (jerry@seibercom.net's message of "Sun, 1 Apr 2012 08:19:37 -0400") References: <20120331102543.410224e1@scorpio> <87wr5zojdd.fsf@vigenere.g10code.de> <20120401081937.1ce9fafd@scorpio> Message-ID: <87k41yo583.fsf@vigenere.g10code.de> On Sun, 1 Apr 2012 14:19, jerry at seibercom.net said: > Sorry, I thought that was obvious. I want to check the file, in this > case the ~/.gnupg/gpg.conf file for proper syntax, etc. I am attempting Oh sure. gpgconf --check-programs checks that all programs are properly installed and that there config files are okay. Here is an en example for the output gpg:GPG for OpenPGP:/usr/local/bin/gpg2:1:1: gpg-agent:GPG Agent:/usr/local/bin/gpg-agent:1:1: scdaemon:Smartcard Daemon:/usr/local/bin/scdaemon:1:1: gpgsm:[...]:/usr[...]gpgsm:1:0:/home/[...]/gpgsm.conf:24:invalid option: dirmngr:Directory Manager:/usr/local/bin/dirmngr:1:1: pinentry:PIN and Passphrase Entry:/usr/local/bin/pinentry:1:1: The "1:1" test you that everything is fine for that program, the "1:0" for gpgsm indicates an error in the config file. You may also run it for a single module: gpg--check-options gpgsm which will return just the line for gpgsm. I just figure that the exit code of gpgconf will always be 0 - that is a unfortunate for scripts. The reason is that we developed it for a GUI which parsed the output. I will need to check the GUI code to see whether we can change it to return 1 on error. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From jerry at seibercom.net Mon Apr 2 14:22:07 2012 From: jerry at seibercom.net (Jerry) Date: Mon, 2 Apr 2012 08:22:07 -0400 Subject: gpgconf on FreeBSD-8.2 In-Reply-To: <87k41yo583.fsf@vigenere.g10code.de> References: <20120331102543.410224e1@scorpio> <87wr5zojdd.fsf@vigenere.g10code.de> <20120401081937.1ce9fafd@scorpio> <87k41yo583.fsf@vigenere.g10code.de> Message-ID: <20120402082207.57047d1f@scorpio> On Mon, 02 Apr 2012 11:25:32 +0200 Werner Koch articulated: > On Sun, 1 Apr 2012 14:19, jerry at seibercom.net said: > > > Sorry, I thought that was obvious. I want to check the file, in this > > case the ~/.gnupg/gpg.conf file for proper syntax, etc. I am > > attempting > > Oh sure. > > gpgconf --check-programs > > checks that all programs are properly installed and that there config > files are okay. Here is an en example for the output > > gpg:GPG for OpenPGP:/usr/local/bin/gpg2:1:1: > gpg-agent:GPG Agent:/usr/local/bin/gpg-agent:1:1: > scdaemon:Smartcard Daemon:/usr/local/bin/scdaemon:1:1: > gpgsm:[...]:/usr[...]gpgsm:1:0:/home/[...]/gpgsm.conf:24:invalid > option: dirmngr:Directory Manager:/usr/local/bin/dirmngr:1:1: > pinentry:PIN and Passphrase Entry:/usr/local/bin/pinentry:1:1: > > The "1:1" test you that everything is fine for that program, the "1:0" > for gpgsm indicates an error in the config file. You may also run it > for a single module: > > gpg--check-options gpgsm > > which will return just the line for gpgsm. I just figure that the > exit code of gpgconf will always be 0 - that is a unfortunate for > scripts. The reason is that we developed it for a GUI which parsed > the output. I will need to check the GUI code to see whether we can > change it to return 1 on error. $ gpgconf --check-programs gpg:GPG for OpenPGP:/usr/local/bin/gpg2:1:1: gpg-agent:GPG Agent:/usr/local/bin/gpg-agent:1:1: gpgconf: error running `/usr/local/bin/scdaemon': probably not installed scdaemon:Smartcard Daemon:/usr/local/bin/scdaemon:0:0: gpgsm:GPG for S/MIME:/usr/local/bin/gpgsm:1:1: dirmngr:Directory Manager:/usr/local/bin/dirmngr:1:1: $ gpgconf --check-options gpg gpg:GPG for OpenPGP:/usr/local/bin/gpg2:1:1: However, since I do not have a global gpg configuration file, what file is it checking, if any? I assume it is not checking the ~/.gnupg.gpg.conf file, since if I try to check it manually with gpgconf, it reports errors. -- Jerry ? Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ From c.brueckner at zertificon.com Mon Apr 2 16:02:29 2012 From: c.brueckner at zertificon.com (c.brueckner at zertificon.com) Date: Mon, 2 Apr 2012 16:02:29 +0200 Subject: AUTO: Christoph Brueckner is out of the office. (returning 10.04.2012) Message-ID: I am out of the office until 10.04.2012. I will respond to your message when I return. Note: This is an automated response to your message "Re: gpgconf on FreeBSD-8.2 [ Z1 UNGESICHERT ]" sent on 04/02/2012 2:22:07 PM. This is the only notification you will receive while this person is away. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3892 bytes Desc: not available URL: From wk at gnupg.org Mon Apr 2 18:54:18 2012 From: wk at gnupg.org (Werner Koch) Date: Mon, 02 Apr 2012 18:54:18 +0200 Subject: gpgconf on FreeBSD-8.2 In-Reply-To: <20120402082207.57047d1f@scorpio> (jerry@seibercom.net's message of "Mon, 2 Apr 2012 08:22:07 -0400") References: <20120331102543.410224e1@scorpio> <87wr5zojdd.fsf@vigenere.g10code.de> <20120401081937.1ce9fafd@scorpio> <87k41yo583.fsf@vigenere.g10code.de> <20120402082207.57047d1f@scorpio> Message-ID: <877gxynkg5.fsf@vigenere.g10code.de> On Mon, 2 Apr 2012 14:22, jerry at seibercom.net said: > However, since I do not have a global gpg configuration file, what > file is it checking, if any? I assume it is not checking the > ~/.gnupg.gpg.conf file, since if I try to check it manually with > gpgconf, it reports errors. You can't check it manually. gpgconf knows which configuration files belongs to which modules. Technically gpgconf calls gpg with the options this way: gpg2 --gpgconf-test However, it is better to use gpgconf, the way you did it. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Mon Apr 2 19:17:12 2012 From: wk at gnupg.org (Werner Koch) Date: Mon, 02 Apr 2012 19:17:12 +0200 Subject: AUTO: Christoph Brueckner is out of the office. (returning 10.04.2012) In-Reply-To: (c. brueckner's message of "Mon, 2 Apr 2012 16:02:29 +0200") References: Message-ID: <87zkaum4tj.fsf@vigenere.g10code.de> On Mon, 2 Apr 2012 16:02, c.brueckner at zertificon.com said: > I will respond to your message when I return. Well, this is a mailing list. You should fix your mail gateway software to comply with best mail practises establish 20 years or so ago. > Note: This is an automated response to your message "Re: gpgconf on > FreeBSD-8.2 [ Z1 UNGESICHERT ]" sent on 04/02/2012 2:22:07 PM. BTW, your Z1 certificate server seems to run a pretty old GnuPG version (1.4.6). Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From vedaal at nym.hush.com Wed Apr 4 19:38:04 2012 From: vedaal at nym.hush.com (vedaal at nym.hush.com) Date: Wed, 04 Apr 2012 13:38:04 -0400 Subject: gnupg error messages Message-ID: <20120404173804.1E5E814DBE6@smtp.hushmail.com> Is there a listing anywhere of the different 'error messages' that gnupg gives when something is wrong, (specifically, when there is an error message in trying to decrypt) ? TIA vedaal From auto15963931 at hushmail.com Wed Apr 4 21:03:26 2012 From: auto15963931 at hushmail.com (auto15963931 at hushmail.com) Date: Wed, 04 Apr 2012 14:03:26 -0500 Subject: pinentry Message-ID: <20120404190326.F3E6814DBEB@smtp.hushmail.com> I use gpg on Windows OS. On the command line when I use this command: gpg -d filename.asc a pinentry window pops up requesting my passphrase. If it happens that the message was encrypted with the option --throw-keyids, then the pinentry window, not knowing which key was used, starts with one of my keys arbitrarily and requests the passphrase for it. I have two questions about this procedure. First, if I know which key was used and I want to select it, I can click the "Cancel" button at the time I see the arbitrary key dialogue window, and then the program will select another key, again apparently arbitrarily, and so on in succession, until it gets to the one I want, at which time I can enter the correct passphrase and get the decrypted result. However, much of the time I find that using this procedure does not cause the pinentry dialogue to move from one key to another but instead causes the dialogue window to close after either the first or second clicking on the cancel button instead of continuing on down through the complete list of keys I have available. It just fails to decrypt. This failure occurs mostly when I first try to use the procedure, but then it starts working properly after a few tries even though I do exactly the same steps each time. Why does it fail initially? Is this a known issue? I have noticed a number of instances of failures during batch decryption too, even though the pinentry dialogue does not arise of course. These failures result in the "--status-file" indicating that the decryption failed although in fact I can find the decrypted message present. Secondly, what is the correct way to handle this sort of procedure under these circumstances so that indeed all the keys would be tried each time? My initial thought is to include the option "-- try-all-secrets" in order to prevent the failure and premature closing of the decryption attempts during batch processes. Thanks. From auto15963931 at hushmail.com Thu Apr 5 03:51:16 2012 From: auto15963931 at hushmail.com (auto15963931) Date: Wed, 04 Apr 2012 20:51:16 -0500 Subject: [admin] Re: signature verification data In-Reply-To: <87ty1arkrk.fsf__49885.8036044568$1332871250$gmane$org@vigenere.g10code.de> References: <20120327063315.9DB4A6F448@smtp.hushmail.com> <87ty1arkrk.fsf__49885.8036044568$1332871250$gmane$org@vigenere.g10code.de> Message-ID: On 3/27/2012 12:55 PM, Werner Koch wrote: > Hi, > > please remember to strip your quotes down to a reasonable size. > > > Shalom-Salam, > > Werner > Shalom to you likewise. My bad, Werner! Thanks for the reminder about your preferences. What is this url for: gmane-discuss at hawk.netfonds.no? How is it different from this one: gmane.comp.encryption.gpg.user? I mean, do they differ merely in having different routing protocols but have the same distribution destinations? Thanks. From mailinglisten at hauke-laging.de Thu Apr 5 04:50:58 2012 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Thu, 05 Apr 2012 04:50:58 +0200 Subject: pinentry In-Reply-To: <20120404190326.F3E6814DBEB@smtp.hushmail.com> References: <20120404190326.F3E6814DBEB@smtp.hushmail.com> Message-ID: <5516431.4Fxe8yBGE6@inno> Am Mi 04.04.2012, 14:03:26 schrieb auto15963931 at hushmail.com: > I use gpg on Windows OS. On the command line when I use this > command: > > gpg -d filename.asc > to another but instead causes the dialogue window to close after > either the first or second clicking on the cancel button This does not happen here (Linux, though). I don't know how to tell gpg which key(s) to try first but if you use the command line then there's a work around: You may call gpg with --no-default-keyring --keyring --secret-keyring and point it at a file which contains one key only. I assume that gpg tries the keys in the order in which they are in the keyring. Thus you may export all keys (secret and public), rename the keyring files and import the keys in the desired order. This may have to be repeated after changed to the keys (I don't know how the keyring files work). Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 555 bytes Desc: This is a digitally signed message part. URL: From ml at kairaven.de Thu Apr 5 15:27:24 2012 From: ml at kairaven.de (ml at kairaven.de) Date: Thu, 05 Apr 2012 15:27:24 +0200 Subject: pinentry In-Reply-To: <5516431.4Fxe8yBGE6@inno> References: <20120404190326.F3E6814DBEB@smtp.hushmail.com> <5516431.4Fxe8yBGE6@inno> Message-ID: <4F7D9DBC.8030500@kairaven.de> Hi, > This does not happen here (Linux, though). I don't know how to tell gpg which > key(s) to try first but if you use the command line then there's a work > around: You may call gpg with > --no-default-keyring > --keyring > --secret-keyring > and point it at a file which contains one key only. gpg2 man page: --try-secret-key name (>= gpg 2.1?) For hidden recipients GPG needs to know the keys to use for trial decryption. The key set with --default-key is always tried first... so, put "default-key key-id" in gpg.conf and this key will be tried first. --default-key name Use name as the default key to sign with. If this option is not used, the default key is the first key found in the secret keyring. So i think, if you have not a default-key defined in gpg.conf, the first secret key will be tried. -- Ciao Kai From john.gill at computer.org Thu Apr 5 21:09:11 2012 From: john.gill at computer.org (John Gill) Date: Thu, 5 Apr 2012 14:09:11 -0500 Subject: List-packets help Message-ID: Please point me to a detailed explanation for the output of list-packets. I have googled and read manuals, etc. but just can't seem to locate the knowledge. John -------------- next part -------------- An HTML attachment was scrubbed... URL: From dkg at fifthhorseman.net Thu Apr 5 23:56:49 2012 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Thu, 05 Apr 2012 17:56:49 -0400 Subject: List-packets help In-Reply-To: References: Message-ID: <4F7E1521.9050802@fifthhorseman.net> On 04/05/2012 03:09 PM, John Gill wrote: > Please point me to a detailed explanation for the output of list-packets. > I have googled and read manuals, etc. but just can't seem to locate the > knowledge. the output of "gpg --list-packets" tends to make a lot of implicit references to the tables and packet type information found in RFC 4880 and other standards. https://tools.ietf.org/html/rfc4880 Are you looking for answers to a specific question? If so, you might have better luck getting those answers by asking the question explicitly; people on this list might be able to point you to the relevant section of the standards, and to help you figure out how to answer your own questions from reading the standards in the future. hth, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From John at enigmail.net Thu Apr 5 23:29:57 2012 From: John at enigmail.net (John Clizbe) Date: Thu, 05 Apr 2012 16:29:57 -0500 Subject: List-packets help In-Reply-To: References: Message-ID: <4F7E0ED5.2030800@enigmail.net> John Gill wrote: > Please point me to a detailed explanation for the output of > list-packets. I have googled and read manuals, etc. but just can't seem > to locate the knowledge. RFC 4880 - OpenPGP Message Format https://tools.ietf.org/html/rfc4880 You may run into values from RFC 5581 - The Camellia Cipher in OpenPGP https://tools.ietf.org/html/rfc5581 In a few months, there should, hopefully, be an additional RFC for Elliptic Curve Cryptography in OpenPGP based on http://www.ietf.org/internet-drafts/draft-jivsov-openpgp-ecc-11.txt Kazu Yamamoto's excellent pgpdump tool and web interface may also be of value. http://www.mew.org/~kazu/proj/pgpdump/en/ http://www.pgpdump.net/ HTH, -John -- John P. Clizbe Inet: John (a) Gingerbear DAWT net SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Cowboy Haiku -- Reflections on Rodeo So many Cowboys. / Round Wrangler butts drive me nuts. / Never enough rope. From amr_mahmoud at maktoob.com Fri Apr 6 00:34:58 2012 From: amr_mahmoud at maktoob.com (=?utf-8?Q?=D8=B9=D9=85=D8=B1=D9=88=20?==?utf-8?Q?=D9=85=D8=AD=D9=85=D9=88=D8=AF?=) Date: Thu, 05 Apr 2012 22:34:58 +0000 Subject: =?windows-1256?B?ZmFpbGVkIHRvIGJ1aWxkIGEgYmluYXJ5IGZvciB2ZXJzaW9uIDIuMC4xOSBwbGVhc2UgYWR2aXNl?= Message-ID: Hi ,every one I am a new user to using gnupg software and I tried to build it but it failed several times , can you please help me about the steps that I need to take in order to build this version on a windows xp SP3 as it failed building please help What version of environment platform should I use is it mingw ? Thanks for your help ------------------------- ??????: http://adsnew.maktoob.com/advertpro/servlet/click/media?mid=6839&pid=0&lookup=true&position=1 ?? ????? ??????? ?????? ???? ???? ??? ???? ????? ???? ???? ?? ????? ???? ??? ????? ???? ? ????* ????? ?????? ???? ????? ???????? ???! ?? ?????? ???? ??? ???? http://www.Closeuparabia.com ????? ?????. ???????? ??? ???? ???? ??? ???? ???????? ??? ???? facebook http://www.facebook.com/closeuparabia *???? ??????? ????? ?????? ?? ????? ???? ???? ???????? http://adsnew.maktoob.com/advertpro/servlet/click/media?mid=6839&pid=0&lookup=true&position=1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Fri Apr 6 02:20:17 2012 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 05 Apr 2012 20:20:17 -0400 Subject: failed to build a binary for version 2.0.19 please advise In-Reply-To: References: Message-ID: <4F7E36C1.6010801@sixdemonbag.org> On 4/5/12 6:34 PM, ???? ????? wrote: > Hi ,every one I am a new user to using gnupg software and I tried to > build it but it failed several times , can you please help me about the > steps that I need to take in order to build this version on a windows > xp SP3 as it failed building please help Building on Windows is explicitly not supported. You need to build from a UNIX environment using a cross-compiler. From wk at gnupg.org Fri Apr 6 10:45:17 2012 From: wk at gnupg.org (Werner Koch) Date: Fri, 06 Apr 2012 10:45:17 +0200 Subject: List-packets help In-Reply-To: (John Gill's message of "Thu, 5 Apr 2012 14:09:11 -0500") References: Message-ID: <87ty0xb65e.fsf@vigenere.g10code.de> On Thu, 5 Apr 2012 21:09, john.gill at computer.org said: > Please point me to a detailed explanation for the output of list-packets. > I have googled and read manuals, etc. but just can't seem to locate the > knowledge. There is no definitive reference because it does not make up a defined interface. We may change the format at any time. To understand it, you need to read RFC-4880 (OpenPGP) and probably also the GPG source. As Daniel already pointed out, you may also ask here if you have a specific question. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Fri Apr 6 10:47:15 2012 From: wk at gnupg.org (Werner Koch) Date: Fri, 06 Apr 2012 10:47:15 +0200 Subject: failed to build a binary for version 2.0.19 please advise In-Reply-To: <4F7E36C1.6010801@sixdemonbag.org> (Robert J. Hansen's message of "Thu, 05 Apr 2012 20:20:17 -0400") References: <4F7E36C1.6010801@sixdemonbag.org> Message-ID: <87pqblb624.fsf@vigenere.g10code.de> On Fri, 6 Apr 2012 02:20, rjh at sixdemonbag.org said: > Building on Windows is explicitly not supported. You need to build from > a UNIX environment using a cross-compiler. FWIW: This is described in the file doc/README.W32 which also comes with the binary installer. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From MichaelQuigley at TheWay.Org Fri Apr 6 15:13:52 2012 From: MichaelQuigley at TheWay.Org (MichaelQuigley at TheWay.Org) Date: Fri, 6 Apr 2012 09:13:52 -0400 Subject: How to check an exported key's fingerprint Message-ID: Hello, Using GnuPG 1.4.11 is there a way to check the fingerprint of a public key before importing it to the keyring? The key was exported using the --armor option. i.e., The file I have is named exported-key.asc Also where would I find the instructions for this in the documentation? (So I won't need to ask again.) The documentation I've located is either for GnuPG 2 or rather sketchy. Thanks, Michael -------------- next part -------------- An HTML attachment was scrubbed... URL: From wk at gnupg.org Fri Apr 6 17:12:27 2012 From: wk at gnupg.org (Werner Koch) Date: Fri, 06 Apr 2012 17:12:27 +0200 Subject: How to check an exported key's fingerprint In-Reply-To: (MichaelQuigley@theway.org's message of "Fri, 6 Apr 2012 09:13:52 -0400") References: Message-ID: <87fwcgc2sk.fsf@vigenere.g10code.de> On Fri, 6 Apr 2012 15:13, MichaelQuigley at TheWay.Org said: > Using GnuPG 1.4.11 is there a way to check the fingerprint of a public key > before importing it to the keyring? The key was exported using the There is no such option. However, you may use gpg --with-fingerprint FILE to show the content of a file. If you use gpg --with-fingerprint --with-colons FILE you get the output in a machine readable format. > (So I won't need to ask again.) The documentation I've located is either > for GnuPG 2 or rather sketchy. man gpg But anyway, the gpg and gpg2 are almost identical from the user interface. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From john.gill at computer.org Fri Apr 6 16:32:31 2012 From: john.gill at computer.org (John Gill) Date: Fri, 6 Apr 2012 09:32:31 -0500 Subject: List-packets help In-Reply-To: References: Message-ID: Thank you all for your answers. I've been reading 2440, 4880, and trying to read the source to several old and current versions of gnupg 1.x series for some time. My question was an attempt to verify my understanding of how the specific output was structured. There was sample pgpdump output posted online that confirmed my assumptions and understanding about the output from list-packets. I am feeding the output of a list-packets for my keying into an awk script to build a report on the keys and the preferences for each key. With-colons doesn't provide enough detail for this report. I vaguely remember reading several years back that the output from list packets was subject to change between revisions. I'll have to include that risk in any future maintenance of the report. Of course, if there is a better way to extract all the preferences data, using just the gpg program, please let me know. Thank you, John Gill -------------- next part -------------- An HTML attachment was scrubbed... URL: From peter at digitalbrains.com Fri Apr 6 18:31:22 2012 From: peter at digitalbrains.com (Peter Lebbing) Date: Fri, 06 Apr 2012 18:31:22 +0200 Subject: List-packets help In-Reply-To: References: Message-ID: <4F7F1A5A.8080908@digitalbrains.com> On 06/04/12 16:32, John Gill wrote: > Of course, if there is a better way to extract all the preferences data, > using just the gpg program, please let me know. I just found this in the manual: $ gpg --list-options show-sig-subpackets --with-colons --list-sigs KEYID And I see for my own self signature: sig:::1:AC46EFE6DE500B3E:2011-11-01::::Peter Lebbing :13x: spk:30:1:1:%01 spk:27:1:1:%01 spk:23:1:1:%80 spk:22:1:3:%02%03%01 spk:21:1:3:%08%03%02 spk:16:0:8:%ACF%EF%E6%DEP%0B> spk:11:1:5:%07%09%08%03%02 spk:9:1:4:%05%95%0A%03 spk:2:1:4:N%AF%D7%1D Referring to RFC 4880, subpacket 11 is preferred symmetric algorithms, for example. But you need to parse the quoted octets that follow it. For subpacket 11, this is rather trivial, since %07%09%08%03%02 just means "S7 S9 S8 S3 S2" as preference string (each octet a symmetric algorithm number). If you look at other strings, I see %ACF%EF... at subpacket 16, which is a nice tricky example where the second octet appears to be 46 hex, ASCII F. Since 16 is the issuer, it's no surprise the string expands to AC46EFE6DE500B3E in hex, my long key id. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From wk at gnupg.org Fri Apr 6 19:14:27 2012 From: wk at gnupg.org (Werner Koch) Date: Fri, 06 Apr 2012 19:14:27 +0200 Subject: List-packets help In-Reply-To: (John Gill's message of "Fri, 6 Apr 2012 09:32:31 -0500") References: Message-ID: <877gxsbx58.fsf@vigenere.g10code.de> On Fri, 6 Apr 2012 16:32, john.gill at computer.org said: > I am feeding the output of a list-packets for my keying into an awk script > to build a report on the keys and the preferences for each key. You wrongly assume that signatures are valid. --list-packets does not tell you this. > With-colons doesn't provide enough detail for this report. I vaguely That's right. For what to you need this information? Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From auto15963931 at hushmail.com Sat Apr 7 17:31:57 2012 From: auto15963931 at hushmail.com (auto15963931) Date: Sat, 07 Apr 2012 10:31:57 -0500 Subject: pinentry In-Reply-To: <5516431.4Fxe8yBGE6__49207.5982424014$1333594294$gmane$org@inno> References: <20120404190326.F3E6814DBEB@smtp.hushmail.com> <5516431.4Fxe8yBGE6__49207.5982424014$1333594294$gmane$org@inno> Message-ID: On 4/4/2012 9:50 PM, Hauke Laging wrote: > This does not happen here (Linux, though). Hauke, hello. I expect when I get to the bottom of it all, I will find the fault is caused not by Windows but by my error or need for an adjustment of some kind. I was hoping that my description would trigger someone's idea about a similar experience so that they could provide a pointer to jump start my fixing the issue. Anyway, I have made some progress. [snip] > However, much of the time I find that using this > procedure does not cause the pinentry dialogue to move from one key > to another but instead causes the dialogue window to close after > either the first or second clicking on the cancel button instead of > continuing on down through the complete list of keys I have > available. It just fails to decrypt. This failure occurs mostly > when I first try to use the procedure, but then it starts working > properly after a few tries even though I do exactly the same steps > each time. Why does it fail initially? Is this a known issue? This part of the problem still exists. Individually trying to decrypt a file encrypted with throw-keyids will fail, often but not always, to try all the keys before aborting the effort. I can prevent the problem by using "--try-all-secrets"; but, so far as I can see, this problem arises only during individual file decryption and not during batch decryption procedures. At least, this has been my experience up to now. It is a puzzling phenomenon and not apparent to me what is behind it. It almost seems like a memory thing or caching issue, but I'm not sure, yet. > > I have noticed a number of instances of failures during batch > decryption too, even though the pinentry dialogue does not arise of > course. These failures result in the "--status-file" indicating > that the decryption failed although in fact I can find the > decrypted message present. This part I have solved. My batch routine was overwriting the good output after the routine looped through the files again. I have changed it now to circumvent the occurences and I get the correct results. -- From amr_mahmoud at maktoob.com Sun Apr 8 05:28:03 2012 From: amr_mahmoud at maktoob.com (=?utf-8?Q?=D8=B9=D9=85=D8=B1=D9=88=20?==?utf-8?Q?=D9=85=D8=AD=D9=85=D9=88=D8=AF?=) Date: Sun, 08 Apr 2012 03:28:03 +0000 Subject: =?windows-1256?B?UmU6IGZhaWxlZCB0byBidWlsZCBhIGJpbmFyeSBmb3IgdmVyc2lvbiAyLjAuMTkgcGxlYXNlIGFkdmlzZQ==?= In-Reply-To: <87pqblb624.fsf@vigenere.g10code.de> References: <4F7E36C1.6010801@sixdemonbag.org> <87pqblb624.fsf@vigenere.g10code.de> Message-ID: On Fri, 06 Apr 2012 10:47:15 +0200, Werner Koch wrote: On Fri, 6 Apr 2012 02:20, mailto:rjh at sixdemonbag.org said: > Building on Windows is explicitly not supported. You need to build from > a UNIX environment using a cross-compiler. FWIW: This is described in the file doc/README.W32 which also comes with the binary installer. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. Execuse me where can I find the binaries of this new version on a windows platform Thanks a lot for your help ------------------------- ??????: http://adsnew.maktoob.com/advertpro/servlet/click/media?mid=6839&pid=0&lookup=true&position=1 ?? ????? ??????? ?????? ???? ???? ??? ???? ????? ???? ???? ?? ????? ???? ??? ????? ???? ? ????* ????? ?????? ???? ????? ???????? ???! ?? ?????? ???? ??? ???? http://www.Closeuparabia.com ????? ?????. ???????? ??? ???? ???? ??? ???? ???????? ??? ???? facebook http://www.facebook.com/closeuparabia *???? ??????? ????? ?????? ?? ????? ???? ???? ???????? http://adsnew.maktoob.com/advertpro/servlet/click/media?mid=6839&pid=0&lookup=true&position=1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Sun Apr 8 06:03:12 2012 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 08 Apr 2012 00:03:12 -0400 Subject: failed to build a binary for version 2.0.19 please advise In-Reply-To: References: <4F7E36C1.6010801@sixdemonbag.org> <87pqblb624.fsf@vigenere.g10code.de> Message-ID: <4F810E00.6020708@sixdemonbag.org> On 04/07/2012 11:28 PM, ???? ????? wrote: > Execuse me where can I find the binaries of this new version on a > windows platform http://files.gpg4win.org/gpg4win-2.1.0.exe Enjoy. From gnupg at lists.grepular.com Mon Apr 9 12:49:01 2012 From: gnupg at lists.grepular.com (gnupg at lists.grepular.com) Date: Mon, 09 Apr 2012 11:49:01 +0100 Subject: Attaching subkeys to a different master key Message-ID: <4F82BE9D.9000003@lists.grepular.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is there a way to detach subkeys from a master key and attach them to a different master key? I'm guessing not, but just double checking. The problem is, I'm using APG (Android Privacy Guard) on my phone, and it wont accept keys exported using --export-secret-subkeys. I was hoping to generate a new "fake" master key so I don't need to put my real master key on the phone. - -- Mike Cardwell https://grepular.com/ http://cardwellit.com/ OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4 -----BEGIN PGP SIGNATURE----- iQGGBAEBAgBwBQJPgr6dMBSAAAAAACAAB3ByZWZlcnJlZC1lbWFpbC1lbmNvZGlu Z0BwZ3AuY29tcGdwbWltZTgUgAAAAAAVABpwa2EtYWRkcmVzc0BnbnVwZy5vcmdt aWtlLmNhcmR3ZWxsQGdyZXB1bGFyLmNvbQAKCRCdJiMBwdHnBLUDB/4+jh/FsTr5 gBVSVT/UmeuFqYuT5gra9oTH4dpl0kPMRPXKUlJ4F3IEmfcFGoszAXLGwsGfofDK wMloSNEJ32XUbZKIaGorWOBfsqVYsqy5jXoX4ULCasfog7RuspgR8ru+r0beTUOc jDem3OQoqdfWUBlNkiWeHIHyDExblv/WZT+cziOlXSnaYg51T6+Fm5/ecLI/4+99 b+p6h3k3zgEsERZW99lnHzMr09pa7E6fVvM12RZJ/M+LpN3+kGoho+rew4Cxf0Wd XE9E6gh1OvNca6Py1PTQJms0tY+0GuALCC+YlZgwYaSUHdHxZWAKl1m7qrvazOAi QhHdIth3HbfZ =XnOJ -----END PGP SIGNATURE----- From john.gill at computer.org Mon Apr 9 16:52:34 2012 From: john.gill at computer.org (John Gill) Date: Mon, 9 Apr 2012 09:52:34 -0500 Subject: List-packets help In-Reply-To: <877gxsbx58.fsf@vigenere.g10code.de> References: <877gxsbx58.fsf@vigenere.g10code.de> Message-ID: I'm assuming the the signatures indicate, roughly the set of options that my recipients will not receive an error about ignored preferences. For instance, symmetric algo 9 has been around for the last 10 years at least. but if I force it on someone who doesn't have it as a preference, the recipient will get a message about my ignoring preferences. For systems that are automated, this message may have repercussions, depending on how they were coded. I'm identifying any recipients in my keyring that have preferences that conflict with my disabling of specific algorithms and functions. Thank you. John On Apr 6, 2012 12:15 PM, "Werner Koch" wrote: > > On Fri, 6 Apr 2012 16:32, john.gill at computer.org said: > > > I am feeding the output of a list-packets for my keying into an awk script > > to build a report on the keys and the preferences for each key. > > You wrongly assume that signatures are valid. --list-packets does not > tell you this. > > > With-colons doesn't provide enough detail for this report. I vaguely > > That's right. For what to you need this information? > > > Shalom-Salam, > > Werner > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dshaw at jabberwocky.com Mon Apr 9 19:56:38 2012 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 9 Apr 2012 13:56:38 -0400 Subject: List-packets help In-Reply-To: References: <877gxsbx58.fsf@vigenere.g10code.de> Message-ID: <47269C18-2721-44D4-882B-5932A30BF2F4@jabberwocky.com> On Apr 9, 2012, at 10:52 AM, John Gill wrote: > I'm assuming the the signatures indicate, roughly the set of options that my recipients will not receive an error about ignored preferences. For instance, symmetric algo 9 has been around for the last 10 years at least. but if I force it on someone who doesn't have it as a preference, the recipient will get a message about my ignoring preferences. For systems that are automated, this message may have repercussions, depending on how they were coded. > > I'm identifying any recipients in my keyring that have preferences that conflict with my disabling of specific algorithms and functions. You don't need to do that. GnuPG does it for you automatically. When encrypting to a particular set of user IDs, GPG ensures that the algorithms and features that are chosen are acceptable to all recipients. In your example, if algo 9 (AES256) isn't available for a particular recipient, GPG will use something else. David From wk at gnupg.org Mon Apr 9 20:31:50 2012 From: wk at gnupg.org (Werner Koch) Date: Mon, 09 Apr 2012 20:31:50 +0200 Subject: Attaching subkeys to a different master key In-Reply-To: <4F82BE9D.9000003@lists.grepular.com> (gnupg@lists.grepular.com's message of "Mon, 09 Apr 2012 11:49:01 +0100") References: <4F82BE9D.9000003@lists.grepular.com> Message-ID: <87ehrw92p5.fsf@vigenere.g10code.de> On Mon, 9 Apr 2012 12:49, gnupg at lists.grepular.com said: > Is there a way to detach subkeys from a master key and attach them to > a different master key? I'm guessing not, but just double checking. There is no command for this. If you know the OpenPGP specs you may use a combination of gpgsplit and a patched version of gpg to do this. This is a common question and you may find more answers in the archive. However, in almost all cases it is not worth the trouble. Just go ahead and create a new subkey - OpenPGP applications should handle subkeys automagically; the interesting piece is the master key (with the fingerprint) and the signed user ids. > it wont accept keys exported using --export-secret-subkeys. I was > hoping to generate a new "fake" master key so I don't need to put my > real master key on the phone. That won't work in practice because you would end up with a different fingerprint. What about fixing APG? Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From gnupg at lists.grepular.com Mon Apr 9 21:11:39 2012 From: gnupg at lists.grepular.com (gnupg at lists.grepular.com) Date: Mon, 09 Apr 2012 20:11:39 +0100 Subject: Attaching subkeys to a different master key In-Reply-To: <87ehrw92p5.fsf@vigenere.g10code.de> References: <4F82BE9D.9000003@lists.grepular.com> <87ehrw92p5.fsf@vigenere.g10code.de> Message-ID: <4F83346B.5050004@lists.grepular.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/04/12 19:31, Werner Koch wrote: >> it wont accept keys exported using --export-secret-subkeys. I >> was hoping to generate a new "fake" master key so I don't need to >> put my real master key on the phone. > > That won't work in practice because you would end up with a > different fingerprint. This is what I suspected. Thanks for the confirmation. > What about fixing APG? This would be the best option of course. There's been a bug report open for about a year. APG hasn't had much work done on it for a while so I'm not confident it will be addressed any time soon: https://code.google.com/p/android-privacy-guard/issues/detail?id=104 - -- Mike Cardwell https://grepular.com/ http://cardwellit.com/ OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4 -----BEGIN PGP SIGNATURE----- iQGGBAEBAgBwBQJPgzRrMBSAAAAAACAAB3ByZWZlcnJlZC1lbWFpbC1lbmNvZGlu Z0BwZ3AuY29tcGdwbWltZTgUgAAAAAAVABpwa2EtYWRkcmVzc0BnbnVwZy5vcmdt aWtlLmNhcmR3ZWxsQGdyZXB1bGFyLmNvbQAKCRCdJiMBwdHnBAA8CADWqpoeJoW9 96m+vUevDIXSyz4lVlDhbAtUfX/XvX/VUBOhRzMYWzXs4uBIlBENmSdiVYKnZGbR UX3rohay0cjuCGv8g6H2RtuGVPgNCMzOaOmeX3qdjyakJeH1gJf1jMHj/arOjCWm dAIySt91Pu+vujYsOF+ExzHmR4Oj1389xxSE6xZYAIDqLBcTrIRK7tYujhdG/IWe qlmK9aXOFHXpr5MsgcEFsex0N0lm/rWxVHxApfGMBgyT8izUPXKSCSXcJjM7Zz4g qQu5dBXeYp+vV3KaOoFkT0zX2jBU/QHoLXo5qNWeIhXlrXiZUysAtGP+0CEqNjOT J8swHch+OlNs =Kn3C -----END PGP SIGNATURE----- From abhilashroy.g at gmail.com Sat Apr 7 06:15:51 2012 From: abhilashroy.g at gmail.com (Abhilash Roy Gollamandala) Date: Sat, 7 Apr 2012 09:45:51 +0530 Subject: libgpg-error-1.10 make install error Message-ID: Hi, I am getting the following error: /bin/bash ../libtool --mode=install /usr/bin/install -c 'libgpg-error.la' '/usr/local/lib/libgpg-error.la' libtool: install: /usr/bin/install -c .libs/libgpg-error.so.0.8.0 /usr/local/lib/libgpg-error.so.0.8.0 /usr/bin/install: cannot create regular file `/usr/local/lib/libgpg-error.so.0.8.0': Permission denied Please help. Thank you. P.S.: I tried searching in google. I tried searching your mailing list(only 2012,2011 ones). But in vain. -------------- next part -------------- An HTML attachment was scrubbed... URL: From john.gill at computer.org Mon Apr 9 23:01:21 2012 From: john.gill at computer.org (John Gill) Date: Mon, 9 Apr 2012 16:01:21 -0500 Subject: List-packets help In-Reply-To: <47269C18-2721-44D4-882B-5932A30BF2F4@jabberwocky.com> References: <877gxsbx58.fsf@vigenere.g10code.de> <47269C18-2721-44D4-882B-5932A30BF2F4@jabberwocky.com> Message-ID: I know that gpg chooses common algos between the sender and recipient. (I've not tested what will happen with recipients who have no preferences in common with my enabled algos, but that's a problem for a new day.) I'm not trying to out-think the intelligence codified in the application. I am analyzing my keyring contents to identify how using "disable-cipher-algo" and similar options, may impact exchanges with my recipients. My original question was to clarify my understanding of the output from "list-packets", so I could finish writing out the report. Thank you, John On Apr 9, 2012 1:16 PM, "David Shaw" wrote: > On Apr 9, 2012, at 10:52 AM, John Gill wrote: > > > I'm assuming the the signatures indicate, roughly the set of options > that my recipients will not receive an error about ignored preferences. > For instance, symmetric algo 9 has been around for the last 10 years at > least. but if I force it on someone who doesn't have it as a preference, > the recipient will get a message about my ignoring preferences. For systems > that are automated, this message may have repercussions, depending on how > they were coded. > > > > I'm identifying any recipients in my keyring that have preferences that > conflict with my disabling of specific algorithms and functions. > > You don't need to do that. GnuPG does it for you automatically. When > encrypting to a particular set of user IDs, GPG ensures that the algorithms > and features that are chosen are acceptable to all recipients. > > In your example, if algo 9 (AES256) isn't available for a particular > recipient, GPG will use something else. > > David > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From John at enigmail.net Tue Apr 10 03:55:11 2012 From: John at enigmail.net (John Clizbe) Date: Mon, 09 Apr 2012 20:55:11 -0500 Subject: List-packets help In-Reply-To: References: <877gxsbx58.fsf@vigenere.g10code.de> <47269C18-2721-44D4-882B-5932A30BF2F4@jabberwocky.com> Message-ID: <4F8392FF.1010906@enigmail.net> John Gill wrote: > I know that gpg chooses common algos between the sender and recipient. > (I've not tested what will happen with recipients who have no > preferences in common with my enabled algos, but that's a problem for a > new day.) 3DES will be used. That's why it is an implementation MUST in the RFCs -- John P. Clizbe Inet: John (a) Gingerbear DAWT net SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" From John at enigmail.net Tue Apr 10 04:01:20 2012 From: John at enigmail.net (John Clizbe) Date: Mon, 09 Apr 2012 21:01:20 -0500 Subject: libgpg-error-1.10 make install error In-Reply-To: References: Message-ID: <4F839470.5080400@enigmail.net> Abhilash Roy Gollamandala wrote: > Hi, > I am getting the following error: > > /bin/bash ../libtool --mode=install /usr/bin/install -c > 'libgpg-error.la ' > '/usr/local/lib/libgpg-error.la ' > libtool: install: /usr/bin/install -c .libs/libgpg-error.so.0.8.0 > /usr/local/lib/libgpg-error.so.0.8.0 > /usr/bin/install: cannot create regular file > `/usr/local/lib/libgpg-error.so.0.8.0': Permission denied 'sudo make install' may do the trick. That, or you have wonky permissions on an already existing /usr/local/lib/libgpg-error.so.0.8.0 HTH, -John -- John P. Clizbe Inet: John (a) Gingerbear DAWT net SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" From wk at gnupg.org Tue Apr 10 09:33:16 2012 From: wk at gnupg.org (Werner Koch) Date: Tue, 10 Apr 2012 09:33:16 +0200 Subject: Attaching subkeys to a different master key In-Reply-To: <4F83346B.5050004@lists.grepular.com> (gnupg@lists.grepular.com's message of "Mon, 09 Apr 2012 20:11:39 +0100") References: <4F82BE9D.9000003@lists.grepular.com> <87ehrw92p5.fsf@vigenere.g10code.de> <4F83346B.5050004@lists.grepular.com> Message-ID: <87obr06nyb.fsf@vigenere.g10code.de> On Mon, 9 Apr 2012 21:11, gnupg at lists.grepular.com said: > open for about a year. APG hasn't had much work done on it for a while > so I'm not confident it will be addressed any time soon: > https://code.google.com/p/android-privacy-guard/issues/detail?id=104 The guardianproject.info is working on a GnuPG port to Android. It basically works now, so eventually you may use as the OpenPGP engine for Android. See the gnupg-devel ML archives for status reports. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From john.gill at computer.org Tue Apr 10 16:05:51 2012 From: john.gill at computer.org (John Gill) Date: Tue, 10 Apr 2012 09:05:51 -0500 Subject: List-packets help In-Reply-To: <4F8392FF.1010906@enigmail.net> References: <877gxsbx58.fsf@vigenere.g10code.de> <47269C18-2721-44D4-882B-5932A30BF2F4@jabberwocky.com> <4F8392FF.1010906@enigmail.net> Message-ID: On Apr 9, 2012 8:57 PM, "John Clizbe" wrote: > > John Gill wrote: > > I know that gpg chooses common algos between the sender and recipient. > > (I've not tested what will happen with recipients who have no > > preferences in common with my enabled algos, but that's a problem for a > > new day.) > > 3DES will be used. That's why it is an implementation MUST in the RFCs > Thank you for that knowledge. Saves time. John > -- > John P. Clizbe Inet: John (a) Gingerbear DAWT net > SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net > FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or > mailto:pgp-public-keys at gingerbear.net?subject=HELP > > Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" > A:"An odd melody / island voices on the winds / surplus of vowels" > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From john.gill at computer.org Tue Apr 10 16:09:06 2012 From: john.gill at computer.org (John Gill) Date: Tue, 10 Apr 2012 09:09:06 -0500 Subject: List-packets help In-Reply-To: <877gxsbx58.fsf@vigenere.g10code.de> References: <877gxsbx58.fsf@vigenere.g10code.de> Message-ID: On Apr 6, 2012 12:15 PM, "Werner Koch" wrote: > > On Fri, 6 Apr 2012 16:32, john.gill at computer.org said: > > > I am feeding the output of a list-packets for my keying into an awk script > > to build a report on the keys and the preferences for each key. > > You wrongly assume that signatures are valid. --list-packets does not > tell you this. > Could you help me understand what you are referring to? Thank you. John > > With-colons doesn't provide enough detail for this report. I vaguely > > That's right. For what to you need this information? > > > Shalom-Salam, > > Werner > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Tue Apr 10 16:36:42 2012 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 10 Apr 2012 10:36:42 -0400 Subject: List-packets help In-Reply-To: References: <877gxsbx58.fsf@vigenere.g10code.de> Message-ID: <4F84457A.5090803@sixdemonbag.org> On 4/10/12 10:09 AM, John Gill wrote: >> You wrongly assume that signatures are valid. --list-packets does not >> tell you this. > > Could you help me understand what you are referring to? I am, of course, not Werner, but let's see if I can't take a stab at it. All --list-packets does is take the input, in a human-unreadable format, and transform it into a human-readable format. It performs none of the computationally expensive mathematics that are required to validate the message. From gnupg at lists.grepular.com Tue Apr 10 19:31:58 2012 From: gnupg at lists.grepular.com (gnupg at lists.grepular.com) Date: Tue, 10 Apr 2012 18:31:58 +0100 Subject: Attaching subkeys to a different master key In-Reply-To: <4F83346B.5050004@lists.grepular.com> References: <4F82BE9D.9000003@lists.grepular.com> <87ehrw92p5.fsf@vigenere.g10code.de> <4F83346B.5050004@lists.grepular.com> Message-ID: <4F846E8E.8090505@lists.grepular.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/04/12 20:11, gnupg at lists.grepular.com wrote: >> What about fixing APG? > > This would be the best option of course. There's been a bug report > open for about a year. APG hasn't had much work done on it for a > while so I'm not confident it will be addressed any time soon: > https://code.google.com/p/android-privacy-guard/issues/detail?id=104 In > case anyone is interested, I've managed to hack APG to accept and use keyrings exported using --export-secret-subkeys. It's a pretty brutal hack, but it works. The source code: https://github.com/mikecardwell/android-privacy-guard The write-up and a link to a signed APK are here: https://grepular.com/Android_Privacy_Guard_and_Subkeys Hopefully at some point I will find the time to build a "proper" fix which I am happy to ask the original author to pull. - -- Mike Cardwell https://grepular.com/ http://cardwellit.com/ OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4 -----BEGIN PGP SIGNATURE----- iQGGBAEBAgBwBQJPhG6OMBSAAAAAACAAB3ByZWZlcnJlZC1lbWFpbC1lbmNvZGlu Z0BwZ3AuY29tcGdwbWltZTgUgAAAAAAVABpwa2EtYWRkcmVzc0BnbnVwZy5vcmdt aWtlLmNhcmR3ZWxsQGdyZXB1bGFyLmNvbQAKCRCdJiMBwdHnBCW0B/92rV0wFXx9 K4TXJkQv8TwgxlRKlQnOmLyR+x9uUPSuuM0UclF2UOmiUDghEIPZxEptilvlxr+3 MOAJiFYqDsJs2+M8aGj0D6og0BurUlxszA+BPiT3BB9sioowtWj4NPR9IrxsSDc2 VJLNtzrqHc+Hhsq/GG5OTC3CVX+9IdJWrNHs719BNHF5ZP+KoRd8gn4JpnqCtu1y FznkUnUDaK0FGtI56hmaU3/fl0V9tZ5d/F01886VqU0s8TDq7J7+MkcxmO6qqEhY cvgzR0CTqwZb3yIIiMbrmCsGTRSSPpMcSBSOnd32rU4GR0klh5sly4fUd/RQpEbq Kxfj/FfrjtnW =BZCP -----END PGP SIGNATURE----- From john.gill at computer.org Tue Apr 10 19:44:10 2012 From: john.gill at computer.org (John Gill) Date: Tue, 10 Apr 2012 12:44:10 -0500 Subject: List-packets help In-Reply-To: <4F84457A.5090803@sixdemonbag.org> References: <877gxsbx58.fsf@vigenere.g10code.de> <4F84457A.5090803@sixdemonbag.org> Message-ID: > I am, of course, not Werner, but let's see if I can't take a stab at it. > > All --list-packets does is take the input, in a human-unreadable format, > and transform it into a human-readable format. It performs none of the > computationally expensive mathematics that are required to validate the > message. > The keyring in question is closely held. All keys have been directly verified, out-of-channel, with the key owner prior to inclusion in the keyring. Using the data obtained by listing the keyring packets seems reasonable. Thank you. John -------------- next part -------------- An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Tue Apr 10 21:34:09 2012 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 10 Apr 2012 15:34:09 -0400 Subject: Incorrect send-from Message-ID: <4F848B31.1090708@sixdemonbag.org> I inadvertently sent an email to these lists a bit ago from my work email account rather than my home one. My apologies to all who were confused by the new email address. I was writing in a personal capacity, not a professional one. Since some of these lists reject and/or hold-for-moderation posts from unknown addresses, I'm reposting the message here: ===== A few weeks ago I posted a link to a report from Kyrus which called into question the effectiveness of virtually all antivirus products. SANS has done their own analysis, starting from a completely different methodology, and has reached much the same results. The takeaway for GnuPG users is this: * Keeping your system malware-free is of paramount importance. Once someone else controls your PC, it's all over. * AV is of very limited utility. Nobody is saying not to use it, nor that it's of no use at all. However, at present the evidence suggests none of us should consider our machines safe just because we have AV installed and keep it up to date. ?http://computer-forensics.sans.org/blog/2012/04/09/is-anti-virus-really-dead-a-real-world-simulation-created-for-forensic-data-yields-surprising-results From robert.hansen at redjack.com Tue Apr 10 21:28:26 2012 From: robert.hansen at redjack.com (Robert J. Hansen) Date: Tue, 10 Apr 2012 15:28:26 -0400 Subject: AV followup Message-ID: <4F8489DA.8020507@redjack.com> A few weeks ago I posted a link to a report from Kyrus which called into question the effectiveness of virtually all antivirus products. SANS has done their own analysis, starting from a completely different methodology, and has reached much the same results. The takeaway for GnuPG users is this: * Keeping your system malware-free is of paramount importance. Once someone else controls your PC, it's all over. * AV is of very limited utility. Nobody is saying not to use it, nor that it's of no use at all. However, at present the evidence suggests none of us should consider our machines safe just because we have AV installed and keep it up to date. ?http://computer-forensics.sans.org/blog/2012/04/09/is-anti-virus-really-dead-a-real-world-simulation-created-for-forensic-data-yields-surprising-results From mustrum at mustrum.net Thu Apr 12 18:41:05 2012 From: mustrum at mustrum.net (Mustrum) Date: Thu, 12 Apr 2012 18:41:05 +0200 Subject: failed to build a binary for version 2.0.19 please advise Message-ID: <4F8705A1.6000502@mustrum.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 > On 04/07/2012 11:28 PM, ???? ????? wrote: >> Execuse me where can I find the binaries of this new version on >> a windows platform > http://files.gpg4win.org/gpg4win-2.1.0.exe > Enjoy. I gather that a new build is expected soon, but last time I checked gpg4win-2.1.0 included GnuPG 2.0.18 not 2.0.19. Regards. -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJPhwWhAAoJEEy6/YZf1YOeTjAP/jKG/Vsfspz35SkCevUEITjn 2udvRivX/vOprZKOwiD83yykwlws8qDNDCCIdRL/d8ihPe1Y0F4oJU2Tn7/e/+m1 pu+zYXPjiBG7zfvhsXXH3xlPFfQkeOOXazB+A23Tuw1pCYAWcq6Qd/ouTevK7Yy8 0FIkQYa+cPsJa0xnVHmsTDmyWkq9QOLMShi8jMO4rayMpXFQTppp0sC+ndsIonX9 kzqJmJASsSUc4vcEbvFQuMUcJgcvuxl48LTpKoVblLE9ZiQ86Y6NoUnxiNunughT PSjM77fgySDDSkFq0i6dhU3swrFxSTkHRB4Pt95okDoZdtLHqfYCWBBKLgjM0yVv KXg3fo90/8thLvc39KvaeCPGJUpVqX1RUjCVtb/XrQ3SmlDAiVfChdIuwf3Oi8k3 u9GDxAjUFQf4VXQpEogvIiy9GZxNxNbJaAwtPaAoXUw0wCrBOjAMNlLhBJv+OBt3 Rj3TiGOO60A+fUKvsPvPhjv43nNg7uDv0NEh6AjmjH3r6/g5eoGLt7bDM1NVcaVZ 7ipef/8NC9wtfCjqgNqyVNvrhvQZwnbP44VZhVNIlRSaw+i+gq1YHDIb2NEKKN1P MZXM+SnczUYSRv4+1mq1p3HYUMxiYuzzcMrAJyYWmRqlQ2PpkS9v8UG4BzWfJ3D0 OWr/ONilAIavWvtIsAJs =xGgY -----END PGP SIGNATURE----- From malte.gell at gmx.de Thu Apr 12 20:38:10 2012 From: malte.gell at gmx.de (Malte Gell) Date: Thu, 12 Apr 2012 20:38:10 +0200 Subject: Current key servers Message-ID: <4F872112.7080901@malte.gell.gmx.de> Hi there, haven?t used key servers in recent time and wonder what key servers are recommended currently. I have used pool.sks-keyservers.net, they were said to be okay especially due to the subkeys issues. Any new key servers recommended to use? Thanx Malte From david.vazquez_landa at ecb.int Thu Apr 12 10:49:36 2012 From: david.vazquez_landa at ecb.int (david.vazquez_landa at ecb.int) Date: Thu, 12 Apr 2012 10:49:36 +0200 Subject: GPG Decryption fails for files > 1MB Message-ID: <0FC38DE6C8C6F049A939F4A61D28E16E0EE4E7D9@EXCVP02.ecb01.ecb.de> Hello list, We have an issue with one of our users. When he sends encrypted messages larger than ~1 MB, we get these errors: 8218 - PGP decryption error - gpg: encrypted with RSA key, ID CD5AA2E4 gpg: encrypted with 2048-bit RSA key, ID B44D925D, created 2006-03-29 "Mehdi Rahman " gpg: encrypted with 2048-bit RSA key, ID 4E9BF326, created 2010-03-16 "Mehdi Rahman " gpg: encrypted with 2048-bit ELG-E key, ID 044C8E09, created 2008-04-04 "EXDI_STC (EXDI PGP key for STC) " gpg: [don't know]: invalid packet (ctb=27) gpg: [don't know]: invalid packet (ctb=0d) gpg: mdc_packet with invalid encoding gpg: decryption failed: invalid packet gpg: [don't know]: invalid packet (ctb=0a) gpg: block_filter: pending bytes! gpg: no valid OpenPGP data found. This is the output of gpg.exe ?version: $ /cygdrive/d/GNU/GnuPG/gpg.exe --version gpg (GnuPG) 1.4.8 Copyright (C) 2007 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: C:/Users/sa_vazqula/AppData/Roaming/gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 And we run it on a Windows 2008 ? 64 Bit VM. Is this a gnupg bug? Best Regards, David V?zquez EDEN Team __________________ Tel. (+49) 69 1344 7029 Mail. david.vazquez-landa at ecb.europa.eu Any e-mail message from the European Central Bank (ECB) is sent in good faith but shall neither be binding nor construed as constituting a commitment by the ECB except where provided for in a written agreement. This e-mail is intended only for the use of the recipient(s) named above. Any unauthorised disclosure, use or dissemination, either in whole or in part, is prohibited. If you have received this e-mail in error, please notify the sender immediately via e-mail and delete this e-mail from your system. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Thu Apr 12 22:05:53 2012 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 12 Apr 2012 16:05:53 -0400 Subject: Current key servers In-Reply-To: <4F872112.7080901@malte.gell.gmx.de> References: <4F872112.7080901@malte.gell.gmx.de> Message-ID: <4F8735A1.4070606@sixdemonbag.org> On 04/12/2012 02:38 PM, Malte Gell wrote: > Any new key servers recommended to use? No. pool.sks-keyservers.net isn't really very much of a keyserver. It doesn't service your requests itself. Instead, it picks a random known-good keyserver from the global keyserver network and proxies your request there. This way, load is broken up among the entire network. As new keyservers join the global keyserver network, pool.sks-keyservers.net adds them to its own list. So really, that's the only address you need. :) From mick.crane at gmail.com Fri Apr 13 00:21:16 2012 From: mick.crane at gmail.com (michael crane) Date: Thu, 12 Apr 2012 23:21:16 +0100 Subject: [new-user] question Message-ID: <4F87555C.6070700@gmail.com> hello, I'm trying to understand the principals and benefits of using pgp/gpg I think I understand that I send the part of my key that is public to somebody and they use that key to encrypt a message which only I can decypher. So what if somebody uses my public key to send me a message purporting to come from somebody else ? what is the mechanism to ensure it came from who I think it did ? regards mick From John at enigmail.net Fri Apr 13 01:29:52 2012 From: John at enigmail.net (John Clizbe) Date: Thu, 12 Apr 2012 18:29:52 -0500 Subject: Current key servers In-Reply-To: <4F8735A1.4070606@sixdemonbag.org> References: <4F872112.7080901@malte.gell.gmx.de> <4F8735A1.4070606@sixdemonbag.org> Message-ID: <4F876570.9030901@enigmail.net> Robert J. Hansen wrote: > On 04/12/2012 02:38 PM, Malte Gell wrote: >> Any new key servers recommended to use? > > No. > > pool.sks-keyservers.net isn't really very much of a keyserver. It > doesn't service your requests itself. Instead, it picks a random > known-good keyserver from the global keyserver network and proxies your > request there. This way, load is broken up among the entire network. > > As new keyservers join the global keyserver network, > pool.sks-keyservers.net adds them to its own list. So really, that's > the only address you need. :) It's best to stick with the pool address, otherwise if you select a single server, you'll run into trouble if it's offline or there is a connectivity issue, e.g. last Friday I had new cable and DSL equipment installed, each of my servers was offline while its new CPE was installed. That was a couple hours for the AT&T U-Verse DSL link. There are usually anywhere from 80 to 100 servers in the pool. pool.sks-keyservers.net is a random selection of 20 of them. There are also some specialty pools. You may read more about those at http://sks-keyservers.net/overview-of-pools.php pool.sks-keyservers.net is the best choice ;-) -John -- John P. Clizbe Inet: John (a) Gingerbear DAWT net John (@) Enigmail DAWT net or: John (@) Keyservers DAWT net FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" From sandals at crustytoothpaste.net Fri Apr 13 02:13:58 2012 From: sandals at crustytoothpaste.net (brian m. carlson) Date: Fri, 13 Apr 2012 00:13:58 +0000 Subject: [new-user] question In-Reply-To: <4F87555C.6070700@gmail.com> References: <4F87555C.6070700@gmail.com> Message-ID: <20120413001358.GI201167@crustytoothpaste.ath.cx> On Thu, Apr 12, 2012 at 11:21:16PM +0100, michael crane wrote: > hello, > I'm trying to understand the principals and benefits of using pgp/gpg > I think I understand that I send the part of my key that is public to > somebody and they use that key to encrypt a message which only I can > decypher. > So what if somebody uses my public key to send me a message purporting > to come from somebody else ? > what is the mechanism to ensure it came from who I think it did ? The sender can sign the message to verify that it came from him or her. If someone just sends you an unsigned encrypted message, there is no way to verify that I came from who you think it did. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From rjh at sixdemonbag.org Fri Apr 13 02:47:51 2012 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 12 Apr 2012 20:47:51 -0400 Subject: [new-user] question In-Reply-To: <4F87555C.6070700@gmail.com> References: <4F87555C.6070700@gmail.com> Message-ID: <4F8777B7.40409@sixdemonbag.org> On 04/12/2012 06:21 PM, michael crane wrote: > what is the mechanism to ensure it came from who I think it did ? Turn it around. The public and the private key are inverses. Each can decrypt what the other one encrypts. When someone encrypts a message with your public key, only your private key can decrypt it. And if you encrypt a message with your private key, then anyone who has your public key can decrypt it. So if I have a copy of your public key, and it decrypts a message successfully... then I know it was encrypted with your private key. And since you're the only one who has your private key, it means I can have confidence the message came from you. Usually this process is called "signing" a message. This is how signatures work. :) From laurent.jumet at skynet.be Fri Apr 13 07:31:06 2012 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Fri, 13 Apr 2012 07:31:06 +0200 Subject: [new-user] question In-Reply-To: <4F87555C.6070700@gmail.com> Message-ID: Hello michael ! michael crane wrote: > I'm trying to understand the principals and benefits of using pgp/gpg > I think I understand that I send the part of my key that is public to > somebody and they use that key to encrypt a message which only I can > decypher. > So what if somebody uses my public key to send me a message purporting > to come from somebody else ? > what is the mechanism to ensure it came from who I think it did ? You are refering to the 2nd part of crypting: signature. Crypting to your key is only to ensure that you'll be the only one to read it, but you are supposed to know what you'll find in the message. Signing is dedicated to the receipient: it allows him to be sure that the message comes from exactly you. -- Laurent Jumet KeyID: 0xCFAF704C From Tony.Esposito at region10.org Thu Apr 12 23:14:49 2012 From: Tony.Esposito at region10.org (Tony Esposito) Date: Thu, 12 Apr 2012 21:14:49 +0000 Subject: GPG error on Windows Message-ID: <197C3C50EA91BF4DBE52558A4007816B0F05F97B@SN2PRD0202MB131.namprd02.prod.outlook.com> Hello, Getting the following error when running gpg2.exe (gpg4win) on Windows Server 2008 64-bit R2: gpg: can't connect to the agent: IPC connect call failed gpg: problem with the agent: No agent running Any ideas would be helpful... Thanks. Tony Esposito -------------- next part -------------- An HTML attachment was scrubbed... URL: From wk at gnupg.org Fri Apr 13 16:20:10 2012 From: wk at gnupg.org (Werner Koch) Date: Fri, 13 Apr 2012 16:20:10 +0200 Subject: GPG error on Windows In-Reply-To: <197C3C50EA91BF4DBE52558A4007816B0F05F97B@SN2PRD0202MB131.namprd02.prod.outlook.com> (Tony Esposito's message of "Thu, 12 Apr 2012 21:14:49 +0000") References: <197C3C50EA91BF4DBE52558A4007816B0F05F97B@SN2PRD0202MB131.namprd02.prod.outlook.com> Message-ID: <877gxjzpb9.fsf@vigenere.g10code.de> On Thu, 12 Apr 2012 23:14, Tony.Esposito at region10.org said: > gpg: can't connect to the agent: IPC connect call failed > gpg: problem with the agent: No agent running gpg should start the agent if it is not already running. You may try gpg-connect-agent --verbose tosee whether the agent is started (well, gpg-connect-agent should also start the agent). USe gpgconf --list-dirs to see the file name of the agent-socket. There might be a permission problem or something. Also try to start the agent directly gpg-agent --daemon --verbose Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Fri Apr 13 16:27:58 2012 From: wk at gnupg.org (Werner Koch) Date: Fri, 13 Apr 2012 16:27:58 +0200 Subject: GPG Decryption fails for files > 1MB In-Reply-To: <0FC38DE6C8C6F049A939F4A61D28E16E0EE4E7D9@EXCVP02.ecb01.ecb.de> (david's message of "Thu, 12 Apr 2012 10:49:36 +0200") References: <0FC38DE6C8C6F049A939F4A61D28E16E0EE4E7D9@EXCVP02.ecb01.ecb.de> Message-ID: <873987zoy9.fsf@vigenere.g10code.de> On Thu, 12 Apr 2012 10:49, david.vazquez_landa at ecb.int said: > We have an issue with one of our users. When he sends encrypted messages larger than ~1 MB, we get these errors: > gpg: [don't know]: invalid packet (ctb=0d) > > gpg: [don't know]: invalid packet (ctb=0a) This might indicate a problem in your file transfer - make sure data is not modified; i.e. the channel is 8 bit clean). As a quick test you may add the option --armor to the encryption command - this makes the message larger but it will be plain ASCII. > $ /cygdrive/d/GNU/GnuPG/gpg.exe --version > > gpg (GnuPG) 1.4.8 I don't know whether you use a version of GPG build for Cygwin - I suggest to use a native Windows version of GnuPG - and well; update to a more recent version > Is this a gnupg bug? I doubt that. If you need support, you may want to checkout the service directory at gnupg.org. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From david.vazquez_landa at ecb.int Fri Apr 13 17:11:06 2012 From: david.vazquez_landa at ecb.int (david.vazquez_landa at ecb.int) Date: Fri, 13 Apr 2012 17:11:06 +0200 Subject: GPG Decryption fails for files > 1MB In-Reply-To: <873987zoy9.fsf@vigenere.g10code.de> References: <0FC38DE6C8C6F049A939F4A61D28E16E0EE4E7D9@EXCVP02.ecb01.ecb.de> <873987zoy9.fsf@vigenere.g10code.de> Message-ID: <0FC38DE6C8C6F049A939F4A61D28E16E0EE4E805@EXCVP02.ecb01.ecb.de> Hello Werner, The files sent to us are already encoded using --armor. Funnily enough, only files larger than 1MB fail. Anything smaller can be decrypted without problems. Anyway, thanks for the hint. Best Regards, David V?zquez EDEN Team __________________ Tel. (+49) 69 1344 7029 Mail. david.vazquez-landa at ecb.europa.eu > -----Original Message----- > From: Werner Koch [mailto:wk at gnupg.org] > Sent: Friday 13 April 2012 16:28 > To: Vazquez Landa, David > Cc: gnupg-users at gnupg.org > Subject: Re: GPG Decryption fails for files > 1MB > > On Thu, 12 Apr 2012 10:49, david.vazquez_landa at ecb.int said: > > > We have an issue with one of our users. When he sends encrypted > messages larger than ~1 MB, we get these errors: > > > gpg: [don't know]: invalid packet (ctb=0d) > > > > > gpg: [don't know]: invalid packet (ctb=0a) > > > This might indicate a problem in your file transfer - make sure data is > not modified; i.e. the channel is 8 bit clean). As a quick test you may > add the option --armor to the encryption command - this makes the > message larger but it will be plain ASCII. > > > $ /cygdrive/d/GNU/GnuPG/gpg.exe --version > > > > gpg (GnuPG) 1.4.8 > > I don't know whether you use a version of GPG build for Cygwin - I > suggest to use a native Windows version of GnuPG - and well; update to > a more recent version 1.4.12.exe> > > > Is this a gnupg bug? > > I doubt that. If you need support, you may want to checkout the service > directory at gnupg.org. > > > > Salam-Shalom, > > Werner > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. Any e-mail message from the European Central Bank (ECB) is sent in good faith but shall neither be binding nor construed as constituting a commitment by the ECB except where provided for in a written agreement. This e-mail is intended only for the use of the recipient(s) named above. Any unauthorised disclosure, use or dissemination, either in whole or in part, is prohibited. If you have received this e-mail in error, please notify the sender immediately via e-mail and delete this e-mail from your system. From gabriel.rosseel at telenet.be Sat Apr 14 14:53:35 2012 From: gabriel.rosseel at telenet.be (gabriel@telenet) Date: Sat, 14 Apr 2012 14:53:35 +0200 Subject: OpenPGP Cards Message-ID: <4F89734F.2080002@telenet.be> An HTML attachment was scrubbed... URL: From mtw at view.net.au Mon Apr 16 06:12:01 2012 From: mtw at view.net.au (Michael Talbot-Wilson) Date: Mon, 16 Apr 2012 13:42:01 +0930 (CST) Subject: new user anxiety Message-ID: Found nothing in the FAQ on this. I thought I'd start using gnupg, got the latest version and went gpg --verify gnupg-2.0.19.tar.bz2.sig gnupg-2.0.19.tar.bz2 Result: gpg: Signature made Tue 27 Mar 2012 19:33:35 CST using RSA key ID 4F25E3B6 gpg: Good signature from "Werner Koch (dist sig)" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 Just wondering who is masquerading as a guy named Werner Koch and necessarily using an untrusted key. Maybe my named has been got at and I'm not getting gnupg-2.0.19.tar.bz2 from where I think, right? What is the IP address of the genuine site, can anyone tell me? Hum. Found the same re the character who supposedly signed GNU Hello, one Karl Something-or-other. Same problem, someone faking his identity...? (Assuming he exists, of course.) Is this normal? Why the capitalized WARNING if it's normal? What's going on? A newbie'd like to know. From rjh at sixdemonbag.org Mon Apr 16 07:59:59 2012 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 16 Apr 2012 01:59:59 -0400 Subject: new user anxiety In-Reply-To: References: Message-ID: <4F8BB55F.3030007@sixdemonbag.org> On 4/16/2012 12:12 AM, Michael Talbot-Wilson wrote: > Found nothing in the FAQ on this. First, it's an entirely expected thing. It's not a problem, it's just a thing. Until you have personally vouched for the fact a certificate belongs to a certain person, GnuPG will warn you about trusting signatures made by that certificate. You haven't vouched for Werner's certificate, so GnuPG is warning you. That's all. You can get rid of the error message by: gpg --edit-key 4f25e3b6 lsign Enter your passphrase, and GnuPG will know that you are vouching for the fact certificate 0x4F25E3B6 really belongs to Werner. Try verifying the signature again, and the warning message will disappear. Hope this helps! From kf at sumptuouscapital.com Mon Apr 16 11:29:51 2012 From: kf at sumptuouscapital.com (Kristian Fiskerstrand) Date: Mon, 16 Apr 2012 10:29:51 +0100 Subject: new user anxiety In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 16.04.2012 05:12, Michael Talbot-Wilson wrote: > Found nothing in the FAQ on this. > > I thought I'd start using gnupg, got the latest version and went > > gpg --verify gnupg-2.0.19.tar.bz2.sig gnupg-2.0.19.tar.bz2 Hi, As it is a little bit ambiguous whether you had GnuPG installed in the first place I just want to add a disclaimer as found on [1]; "Never use a GnuPG version you just downloaded to check the integrity of the source - use an existing GnuPG installation." The question at hand has already been answered. [1] http://gnupg.org/download/integrity_check.en.html - -- - ---------------------------- Kristian Fiskerstrand http://www.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Corruptissima re publica plurim? leges The greater the degeneration of the republic, the more of its laws - ---------------------------- This email was digitally signed using the OpenPGP standard. If you want to read more about this The book: Sending Emails - The Safe Way: An introduction to OpenPGP security is now available in both Amazon Kindle and Paperback format at http://www.amazon.com/dp/B006RSG1S4/ - ---------------------------- Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPi+aPAAoJEBbgz41rC5UIKf8P/3pQcJtPkxgv0F4XzG7uyu1i uWvvgXEIqAmv4CLKfH5gkmx2n+U8yI3nRYpdPc0t220D11ob69SEt+yuIib0Fj+L /KkvcEwJeJIIHjbXcZsbXqK9623bEeat6KunAtHfGy/l0DCki4SdbX84VdeOuknT yJQI/0Q4O7rTpR6SU2UnLb7qequCQZ4ogIyvHKtrgL0+qxRBpa7Mc1XKHHKlkY5x LqZRLiyThYO1Ya6Xw/HHatEIpYSGvAzhvDsd34eHTckH5piF4rZdbynaN+Ui9HJc cRBv20pnD4X9SKU0HHjOZnGj8sWc82K8EJosDUUt5zE99f0U5pe3ngrhLWSWE8hX kCqfVjGN5XUE818jfMJ9ze8iLDMaDlTJMzo8rMCa8l5WUBm/4/PhyjR7N9G+lhWp jo70ENrRFur4C2lT4zKyeFVqvEoTmCmMTHilG6Xh4QKu2hd+FF5jKcdoHuY33W+i Sgq87AIQ6+enNiBatW9BkB+WIxklf8K12L/BUOBACRlV68Zrp24y9S5XTI96dRUx lk1KbntlSY4D7qcxFMabO2dNXNUnFN7dzOXSqpBItMWfWGLRpq/F284nlt2XnO/2 +vdGm+rwb4fC9xi9OTTmDmYXtA+FavzYPUs8VYIcoVME98YfWUQhGxYAFqjgCMof +ns0LyIBCEYLZBhBpKCX =CKRN -----END PGP SIGNATURE----- From mika.henrik.mainio at hotmail.com Mon Apr 16 10:46:50 2012 From: mika.henrik.mainio at hotmail.com (Mika Suomalainen) Date: Mon, 16 Apr 2012 11:46:50 +0300 Subject: new user anxiety In-Reply-To: References: Message-ID: <4F8BDC7A.6090504@hotmail.com> 16.04.2012 07:12, Michael Talbot-Wilson kirjoitti: > Found nothing in the FAQ on this. > > I thought I'd start using gnupg, got the latest version and went > > gpg --verify gnupg-2.0.19.tar.bz2.sig gnupg-2.0.19.tar.bz2 > > Result: > > gpg: Signature made Tue 27 Mar 2012 19:33:35 CST using RSA key ID > 4F25E3B6 > gpg: Good signature from "Werner Koch (dist sig)" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 > E3B6 > > Just wondering who is masquerading as a guy named Werner Koch and > necessarily using an untrusted key. Maybe my named has been got at > and I'm not getting gnupg-2.0.19.tar.bz2 from where I think, right? > What is the IP address of the genuine site, can anyone tell me? > > Hum. Found the same re the character who supposedly signed GNU Hello, > one Karl Something-or-other. Same problem, someone faking his > identity...? (Assuming he exists, of course.) Is this normal? Why > the capitalized WARNING if it's normal? What's going on? A newbie'd > like to know. > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users That warning means that you (or person whose key you have signed) hasn't signed that key. See also http://www.cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html#reason_examples I hope that this helps. -- Mika Suomalainen gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728 Key fingerprint = 24BC 1573 B8EE D666 D10A AA65 4DB5 3CFE 82A4 6728 -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x82A46728.asc Type: application/pgp-keys Size: 5920 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 900 bytes Desc: OpenPGP digital signature URL: From marco+gnupg at websource.ch Mon Apr 16 11:39:07 2012 From: marco+gnupg at websource.ch (Marco Steinacher) Date: Mon, 16 Apr 2012 11:39:07 +0200 Subject: OpenPGP Cards In-Reply-To: <4F89734F.2080002@telenet.be> References: <4F89734F.2080002@telenet.be> Message-ID: <4F8BE8BB.1020401@websource.ch> Hi, On 04/14/2012 02:53 PM, gabriel at telenet wrote: > My question is now: where can I buy, preferably in Belgium, blank > OpenPGP cards? I don't know about Belgium, but you can buy OpenPGP cards from kernelconsepts in Germany: http://shop.kernelconcepts.de/product_info.php?cPath=1_26&products_id=42 Marco From davehowe.cryptouser at gmail.com Mon Apr 16 13:27:27 2012 From: davehowe.cryptouser at gmail.com (Dave Howe) Date: Mon, 16 Apr 2012 12:27:27 +0100 Subject: IDEA.c and Win32 builds? Message-ID: Hi All, Couldn't see this on this or the DEV list as asked recently so throwing it into the ring - Now that Idea is out of patent in most countries, is there a build with it compiled in already for Win32, or failing that, instructions to get 2.0.19 built and usable, on Win32, with Idea compiled in? -------------- next part -------------- An HTML attachment was scrubbed... URL: From wk at gnupg.org Mon Apr 16 17:10:04 2012 From: wk at gnupg.org (Werner Koch) Date: Mon, 16 Apr 2012 17:10:04 +0200 Subject: IDEA.c and Win32 builds? In-Reply-To: (Dave Howe's message of "Mon, 16 Apr 2012 12:27:27 +0100") References: Message-ID: <8762czyapf.fsf@vigenere.g10code.de> On Mon, 16 Apr 2012 13:27, davehowe.cryptouser at gmail.com said: > instructions to get 2.0.19 built and usable, on Win32, with Idea compiled If you use the latest Libgcrypt development version (git master) you would have IDEA support. However, I strongly discourage the use of IDEA because it is an old 64 bit blocksize cipher with no advantages compared to modern algorithms. The only plausible reason to use IDEA is to allow decryption of old PGP encrypted data. We may eventually provide a gpg4win installer with some IDEA support. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From rjh at sixdemonbag.org Mon Apr 16 17:45:01 2012 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 16 Apr 2012 11:45:01 -0400 Subject: IDEA.c and Win32 builds? In-Reply-To: <8762czyapf.fsf@vigenere.g10code.de> References: <8762czyapf.fsf@vigenere.g10code.de> Message-ID: <4F8C3E7D.7070900@sixdemonbag.org> On 4/16/12 11:10 AM, Werner Koch wrote: > However, I strongly discourage the use of IDEA because it is an old > 64 bit blocksize cipher with no advantages compared to modern > algorithms. The only plausible reason to use IDEA is to allow > decryption of old PGP encrypted data. There are substantial disadvantages, too. IDEA has a razor-thin margin of security compared to more modern algorithms. We have better-than-brute-force against what, 5 of 8 rounds now? The margin gets thinner and thinner every couple of years. From mtw at view.net.au Mon Apr 16 23:47:46 2012 From: mtw at view.net.au (Michael Talbot-Wilson) Date: Tue, 17 Apr 2012 07:17:46 +0930 (CST) Subject: new user anxiety In-Reply-To: <4F8BB55F.3030007@sixdemonbag.org> References: <4F8BB55F.3030007@sixdemonbag.org> Message-ID: On Mon, 16 Apr 2012, Robert J. Hansen wrote: > On 4/16/2012 12:12 AM, Michael Talbot-Wilson wrote: >> Found nothing in the FAQ on this. > > First, it's an entirely expected thing. It's not a problem, it's just a > thing. Thanks. And thanks to everyone who responded. I think I found the answer overnight in Lucas's book, the section "Email from Beyond Your Web of Trust" (p. 120). I guess I need to _have_ some such web. Thanks again. From elgringo at gmx.net Tue Apr 17 00:02:02 2012 From: elgringo at gmx.net (elgringo at gmx.net) Date: Tue, 17 Apr 2012 00:02:02 +0200 Subject: Search: Applikation to encrypt on the fly Message-ID: Hi, I am looking for an application the surveys a folder, and once I drop a file there it is being encrypted with my GPG key. The background is, that I want to use folder to be synced with a remote location (dropbox). And I just want to be shure the files are encrypted on the fly. Anyone knows one? Best Pete -------------- next part -------------- An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Tue Apr 17 02:23:04 2012 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 16 Apr 2012 20:23:04 -0400 Subject: Search: Applikation to encrypt on the fly In-Reply-To: References: Message-ID: <4F8CB7E8.6050803@sixdemonbag.org> On 04/16/2012 06:02 PM, elgringo at gmx.net wrote: > I am looking for an application the surveys a folder, and once I drop > a file there it is being encrypted with my GPG key. The background > is, that I want to use folder to be synced with a remote location > (dropbox). And I just want to be shure the files are encrypted on the > fly. Anyone knows one? It would help if you let us know which operating system you intend on using. From dkg at fifthhorseman.net Tue Apr 17 04:22:42 2012 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Mon, 16 Apr 2012 22:22:42 -0400 Subject: FAQ references deprecated option --list-ownertrust Message-ID: <4F8CD3F2.70207@fifthhorseman.net> Hi folks-- The GNUPG FAQ references --list-ownertrust here: http://www.gnupg.org/faq/GnuPG-FAQ.html#how-does-the-whole-trust-thing-work but that option appears to be deprecated: 0 dkg at pip:~$ gpg --list-ownertrust | head -n2 gpg: WARNING: "--list-ownertrust" is a deprecated option gpg: please use "--export-ownertrust" instead # List of assigned trustvalues, created Mon 16 Apr 2012 10:22:02 PM EDT # (Use "gpg --import-ownertrust" to restore them) 0 dkg at pip:~$ Could the FAQ be updated to match current best practices? Thanks, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: From papillion at gmail.com Tue Apr 17 04:09:09 2012 From: papillion at gmail.com (Anthony Papillon) Date: Mon, 16 Apr 2012 21:09:09 -0500 Subject: Search: Applikation to encrypt on the fly In-Reply-To: References: Message-ID: <4C5C9221-A44A-4C59-A7B2-26B437A2EF57@gmail.com> Check out TrueCrypt. Doesn't enceyp to your key but works great. -- Sent from my mobile device On Apr 16, 2012, at 5:02 PM, elgringo at gmx.net wrote: > Hi, > > I am looking for an application the surveys a folder, and once I > drop a file there it is being encrypted with my GPG key. The > background is, that I want to use folder to be synced with a remote > location (dropbox). And I just want to be shure the files are > encrypted on the fly. > Anyone knows one? > > Best > > Pete > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From ricardo at martinet.de Tue Apr 17 08:04:36 2012 From: ricardo at martinet.de (Ricardo Martinez Moya) Date: Tue, 17 Apr 2012 08:04:36 +0200 Subject: Search: Applikation to encrypt on the fly In-Reply-To: <4F8CB7E8.6050803@sixdemonbag.org> References: <4F8CB7E8.6050803@sixdemonbag.org> Message-ID: Windows 7 would be nice. But Linux would also OK. Am 17.04.2012 02:23 schrieb "Robert J. Hansen" : > > On 04/16/2012 06:02 PM, elgringo at gmx.net wrote: > > I am looking for an application the surveys a folder, and once I drop > > a file there it is being encrypted with my GPG key. The background > > is, that I want to use folder to be synced with a remote location > > (dropbox). And I just want to be shure the files are encrypted on the > > fly. Anyone knows one? > > It would help if you let us know which operating system you intend on using. > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From ricardo at martinet.de Tue Apr 17 08:07:51 2012 From: ricardo at martinet.de (Ricardo Martinez Moya) Date: Tue, 17 Apr 2012 08:07:51 +0200 Subject: Search: Applikation to encrypt on the fly In-Reply-To: <4C5C9221-A44A-4C59-A7B2-26B437A2EF57@gmail.com> References: <4C5C9221-A44A-4C59-A7B2-26B437A2EF57@gmail.com> Message-ID: Truecrypt is great, but it forces you to use containers. I need each file to be encrypted on its own. Am 17.04.2012 04:09 schrieb "Anthony Papillon" : > Check out TrueCrypt. Doesn't enceyp to your key but works great. > > -- > Sent from my mobile device > > On Apr 16, 2012, at 5:02 PM, elgringo at gmx.net wrote: > > Hi, >> >> I am looking for an application the surveys a folder, and once I drop a >> file there it is being encrypted with my GPG key. The background is, that I >> want to use folder to be synced with a remote location (dropbox). And I >> just want to be shure the files are encrypted on the fly. >> Anyone knows one? >> >> Best >> >> Pete >> >> >> ______________________________**_________________ >> Gnupg-users mailing list >> Gnupg-users at gnupg.org >> http://lists.gnupg.org/**mailman/listinfo/gnupg-users >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From wk at gnupg.org Tue Apr 17 09:54:26 2012 From: wk at gnupg.org (Werner Koch) Date: Tue, 17 Apr 2012 09:54:26 +0200 Subject: FAQ references deprecated option --list-ownertrust In-Reply-To: <4F8CD3F2.70207@fifthhorseman.net> (Daniel Kahn Gillmor's message of "Mon, 16 Apr 2012 22:22:42 -0400") References: <4F8CD3F2.70207@fifthhorseman.net> Message-ID: <871unmx07h.fsf@vigenere.g10code.de> On Tue, 17 Apr 2012 04:22, dkg at fifthhorseman.net said: > The GNUPG FAQ references --list-ownertrust here: > > http://www.gnupg.org/faq/GnuPG-FAQ.html#how-does-the-whole-trust-thing-work > > but that option appears to be deprecated: Fixed. Tnanks, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Tue Apr 17 09:50:32 2012 From: wk at gnupg.org (Werner Koch) Date: Tue, 17 Apr 2012 09:50:32 +0200 Subject: Search: Applikation to encrypt on the fly In-Reply-To: (Ricardo Martinez Moya's message of "Tue, 17 Apr 2012 08:04:36 +0200") References: <4F8CB7E8.6050803@sixdemonbag.org> Message-ID: <8762cyx0dz.fsf@vigenere.g10code.de> On Tue, 17 Apr 2012 08:04, ricardo at martinet.de said: > Windows 7 would be nice. But Linux would also OK. Write a system service / daemon, wait for changes in the directory and then call gpg (best via gpgme) to encrypt the file. Or do it with a simple script controlled by a cron job (under Unix). Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From ricardo at martinet.de Tue Apr 17 10:12:58 2012 From: ricardo at martinet.de (Ricardo Martinez Moya) Date: Tue, 17 Apr 2012 10:12:58 +0200 Subject: Search: Applikation to encrypt on the fly In-Reply-To: <8762cyx0dz.fsf@vigenere.g10code.de> References: <4F8CB7E8.6050803@sixdemonbag.org> <8762cyx0dz.fsf@vigenere.g10code.de> Message-ID: Yepp, that was what I was thinking to do if there is no ready-to-go application for it. Thanks though. Am 17.04.2012 09:56 schrieb "Werner Koch" : > On Tue, 17 Apr 2012 08:04, ricardo at martinet.de said: > > Windows 7 would be nice. But Linux would also OK. > > Write a system service / daemon, wait for changes in the directory and > then call gpg (best via gpgme) to encrypt the file. Or do it with a > simple script controlled by a cron job (under Unix). > > > Salam-Shalom, > > Werner > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From branko at majic.rs Tue Apr 17 09:13:00 2012 From: branko at majic.rs (=?UTF-8?Q?=D0=91=D1=80=D0=B0=D0=BD=D0=BA=D0=BE_=D0=9C=D0=B0=D1=98?= =?UTF-8?Q?=D0=B8=D1=9B?=) Date: Tue, 17 Apr 2012 09:13:00 +0200 Subject: Search: Applikation to encrypt on the fly In-Reply-To: References: <4C5C9221-A44A-4C59-A7B2-26B437A2EF57@gmail.com> Message-ID: Hm... Under GNU/Linux there's ecryptfs, but I'm not sure if it's capable of using a GPG key for decrypting the symmetric key? It doesn't use containers and actually encrypts each file individually. It does have its own structure for file layout, though (technically, you can identify which file is which by timestamp, for example). On 2012-04-17 08:07, Ricardo Martinez Moya wrote: > Truecrypt is great, but it forces you to use containers. > I need each file to be encrypted on its own. > Am 17.04.2012 04:09 schrieb "Anthony Papillon" : > >> Check out TrueCrypt. Doesn't enceyp to your key but works great. >> >> -- >> Sent from my mobile device >> >> On Apr 16, 2012, at 5:02 PM, elgringo at gmx.net wrote: >> >> Hi, >>> >>> I am looking for an application the surveys a folder, and once I >>> drop a >>> file there it is being encrypted with my GPG key. The background >>> is, that I >>> want to use folder to be synced with a remote location (dropbox). >>> And I >>> just want to be shure the files are encrypted on the fly. >>> Anyone knows one? >>> >>> Best >>> >>> Pete >>> >>> >>> ______________________________**_________________ >>> Gnupg-users mailing list >>> Gnupg-users at gnupg.org >>> >>> http://lists.gnupg.org/**mailman/listinfo/gnupg-users >>> >> -- Branko Majic Jabber: branko at majic.rs Please use only Free formats when sending attachments to me. ?????? ????? ?????: branko at majic.rs ????? ??? ?? ??????? ?????? ????????? ? ????????? ?????????. From wk at gnupg.org Tue Apr 17 13:56:48 2012 From: wk at gnupg.org (Werner Koch) Date: Tue, 17 Apr 2012 13:56:48 +0200 Subject: Search: Applikation to encrypt on the fly In-Reply-To: (=?utf-8?B?ItCR?= =?utf-8?B?0YDQsNC90LrQviDQnNCw0ZjQuNGbIidz?= message of "Tue, 17 Apr 2012 09:13:00 +0200") References: <4C5C9221-A44A-4C59-A7B2-26B437A2EF57@gmail.com> Message-ID: <87hawivaf3.fsf@vigenere.g10code.de> On Tue, 17 Apr 2012 09:13, branko at majic.rs said: > Hm... Under GNU/Linux there's ecryptfs, but I'm not sure if it's > capable of using a GPG key for decrypting the symmetric key? It GnuPG-2.1-beta comes with the g13 tool which uses an OpenPGP or X.509 key as the encfs key. encfs is just one backend, it is possible to implement a backend for ecryptfs as well. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From mail at scott.armitage.name Wed Apr 18 23:13:27 2012 From: mail at scott.armitage.name (Scott Armitage) Date: Wed, 18 Apr 2012 17:13:27 -0400 Subject: Cannot import private key Message-ID: Hi everyone, I am trying to integrate GnuPG with my workflow, and am in the stage of setting up a new keypair for use across all of my computers. I have created the key pair, given the private key a passphrase, and generated a revocation certificate for that key. I am now trying to import that private key on another computer, but I am having some issues. I first export the private key using: gpg --export-secret-key -a > private.asc This seems to work fine, and generates an ASCII-armored key file of the form -----BEGIN PGP PRIVATE KEY BLOCK----- Version: GnuPG v1.4.9 (MingW32) [snip] -----END PGP PRIVATE KEY BLOCK----- I then take this private key file to a new computer and try to import it using gpg --import private.asc gpg: no valid OpenPGP data found. gpg: Total number processed: 0 Any suggestions? This process works fine for exporting and importing public keys, it's only the private one that is throwing this error. I have also tried the --allow-secret-key-import, though I understand this is effectively redundant now. Regards, -Scott -------------- next part -------------- An HTML attachment was scrubbed... URL: From peter.c.dietrich at freenet.de Thu Apr 19 12:39:22 2012 From: peter.c.dietrich at freenet.de (Peter C. Dietrich) Date: Thu, 19 Apr 2012 12:39:22 +0200 Subject: Cannot import private key In-Reply-To: References: Message-ID: On Wed, 18 Apr 2012 23:13:27 +0200, Scott Armitage wrote: > Hi everyone, > > I am trying to integrate GnuPG with my workflow, and am in the stage of > setting up a new keypair for use across all of my computers. I have > created > the key pair, given the private key a passphrase, and generated a > revocation certificate for that key. I am now trying to import that > private > key on another computer, but I am having some issues. > > I first export the private key using: > > gpg --export-secret-key -a > private.asc > > This seems to work fine, and generates an ASCII-armored key file of the > form > > -----BEGIN PGP PRIVATE KEY BLOCK----- > Version: GnuPG v1.4.9 (MingW32) > [snip] > -----END PGP PRIVATE KEY BLOCK----- > > I then take this private key file to a new computer and try to import it > using > > gpg --import private.asc > gpg: no valid OpenPGP data found. > gpg: Total number processed: 0 > > Any suggestions? This process works fine for exporting and importing > public > keys, it's only the private one that is throwing this error. I have also > tried the --allow-secret-key-import, though I understand this is > effectively redundant now. > > Regards, > -Scott Dear Scott, I think you should try to export the private key unarmored, i.e. leave out the -a option. This should work. Regards, Peter From peter.c.dietrich at freenet.de Thu Apr 19 11:56:06 2012 From: peter.c.dietrich at freenet.de (Peter C. Dietrich) Date: Thu, 19 Apr 2012 11:56:06 +0200 Subject: gpg4win: homedir option not passed on to gpg-agent Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Dear members of the gnupg-users list, I use gpg on Windows XP Sp3 via gpg4win 2.1.1-svn1694. Context: I try to follow the off-line primary key paradigm (to some extent), hence on the same computer there is one directory containing the keyring of my secret primary key. There is also another directory with the keyring of the corresponding secret subkeys for daily use. The latter one is set as the gpg home directory in the Windows registry as described in the GnuPG manual. Specific Problem: When I try to generate a revocation certificate for the primary key, I issue this command (I realize the secret-keyring option is not necessary here, it is only included to make clear the distinction between primary and subkey secret): gpg2 --homedir path/to/primary/secret --secret-keyring path/to/subkeys/secret --gen-revoke PrimaryKeyID This runs as expected until the point where I have to unlock the primary key and enter my passphrase. There the pinentry box does not pop up, instead I get "can't connect to the agent: IPC connect call failed" and the process is aborted. Alternative Problem description: I can reproduce the above problem just by creating a new keyring in a directory other than the gnupg-homedir: gpg2 --homedir some/other/directory --gen-key. This also gives me the IPC connect failure, when, in fact, the pinentry dialog should have popped up. When I start the gpg-agent directly by saying gpg-agent --daemon --homedir some/other/directory, I can complete the "gpg2 --homedir some/other/directory --gen-key" successfully, i.e. with passphrase entry in the pinentry box. This leads me to believe, that the homedir option given to gpg2 is not passed on the gpg-agent. I don't know how exactly gpg2 calls gpg-agent (gpg-connect-agent, I suspect), and I don't know how to modify this call. Would somebody, please, offer their help? Kind regards, Peter C. Dietrich -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) iQEcBAEBCAAGBQJPj+DhAAoJEDrApRGFmMwGpIEH/jmWrL3IEJE7YeoBV/YWFagE tWJ59pkbmoKA3gp1kuwoTxiEyTNvAIZfhFP78k1kE+FUqRjgWecqTY9yRDbLdT47 zPXhmw46bg4uK4VMSko3lcSFqlbhalnmvPKV28rb7kBW8IsCAC4vPdknPWm6XEoa 4Q9hxkWC8mYde9bGdZUwYOmwhqj/QV4xgklzV3SpS0Y3Gel8pyK1ju+0EfqIHB+D JS+EkXyjgd4743ie6BBjzWBimOGVknuQzyo3sMSVbrzhtu9zxcJZxBqgRoVv8aIl FTOZSWoXdbVT0F/gbBEEUSZtXsKMj66RPF5dJbQcqigCYUc/MUSRqdfMKtN8Dbg= =dgbR -----END PGP SIGNATURE----- From Mike_Acker at charter.net Thu Apr 19 13:45:45 2012 From: Mike_Acker at charter.net (Mike Acker) Date: Thu, 19 Apr 2012 07:45:45 -0400 Subject: Gnupg-users Digest, Vol 103, Issue 11 In-Reply-To: References: Message-ID: <4F8FFAE9.3040409@charter.net> I'm trying to setup Enigmail on an UBUNTU system and it gives me GnuPG: Not Found override ? ( browse ) what do I give it? I found gpg in the /usr directory and I can run GPG commands from the Terminal window so GPG is clearly available. -- /MIKE -------------- next part -------------- An HTML attachment was scrubbed... URL: From mika.henrik.mainio at hotmail.com Thu Apr 19 15:21:53 2012 From: mika.henrik.mainio at hotmail.com (Mika Suomalainen) Date: Thu, 19 Apr 2012 16:21:53 +0300 Subject: Gnupg-users Digest, Vol 103, Issue 11 In-Reply-To: <4F8FFAE9.3040409@charter.net> References: <4F8FFAE9.3040409@charter.net> Message-ID: <4F901171.7030604@hotmail.com> 19.04.2012 14:45, Mike Acker kirjoitti: > I'm trying to setup Enigmail on an UBUNTU system and it gives me GnuPG: > Not Found > override ? ( browse ) > > what do I give it? I found gpg in the /usr directory and I can run GPG > commands from the Terminal window so GPG is clearly available. > > -- > /MIKE > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users This is second time when I answer, /usr/bin/gpg or /usr/bin/gpg2 depending on do you have package "gnupg" or "gnupg2" installed. If you have gnupg2, I recommend /usr/bin/gpg2. PS. Your question would be more belieable if your email client wasn't telling that you use Windows. -- Mika Suomalainen gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728 Key fingerprint = 24BC 1573 B8EE D666 D10A AA65 4DB5 3CFE 82A4 6728 -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x82A46728.asc Type: application/pgp-keys Size: 5920 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 900 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Thu Apr 19 15:59:54 2012 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 19 Apr 2012 09:59:54 -0400 Subject: Gnupg-users Digest, Vol 103, Issue 11 In-Reply-To: <4F901171.7030604@hotmail.com> References: <4F8FFAE9.3040409@charter.net> <4F901171.7030604@hotmail.com> Message-ID: <4F901A5A.9020707@sixdemonbag.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 04/19/2012 09:21 AM, Mika Suomalainen wrote: > PS. Your question would be more belieable if your email client > wasn't telling that you use Windows. We'll have none of this, please. Many people use more than one operating system. Sitting at my desktop *right now* there's an OS X box, a Windows 7/64 box and a Fedora 16 box, with FreeBSD, OpenBSD and HaikuOS virtual boxes. I find Mr. Acker's question completely believable, and suggest that other people consider it likewise. -----BEGIN PGP SIGNATURE----- iFYEAREIAAYFAk+QGloACgkQI4Br5da5jhCTSQDeJXk3dl8FiIJ9Ll3QmPmSaS04 Oy74/A+4rR5rrgDfTG2oJJn33zPPxY/7Ud9BnMnyomKUkyjIWs5OdA== =qNgt -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Thu Apr 19 16:05:18 2012 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 19 Apr 2012 10:05:18 -0400 Subject: Gnupg-users Digest, Vol 103, Issue 11 In-Reply-To: <4F901A5A.9020707@sixdemonbag.org> References: <4F8FFAE9.3040409@charter.net> <4F901171.7030604@hotmail.com> <4F901A5A.9020707@sixdemonbag.org> Message-ID: <4F901B9E.4040406@sixdemonbag.org> On 04/19/2012 09:59 AM, Robert J. Hansen wrote: > Oh, heavens to betsy, my apologies. For some reason I thought this appeared on the *Enigmail* list. My apologies to the GnuPG listmods. Obviously, I need more coffee this morning. You will note the opening tag is not closed. This is deliberate. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature URL: From dougb at dougbarton.us Thu Apr 19 22:10:11 2012 From: dougb at dougbarton.us (Doug Barton) Date: Thu, 19 Apr 2012 13:10:11 -0700 Subject: Cannot import private key In-Reply-To: References: Message-ID: <4F907123.807@dougbarton.us> On 4/18/2012 2:13 PM, Scott Armitage wrote: > I am now trying to import that private key on another computer, but I am > having some issues. Try just copying the files. IME it's almost never necessary to do the export -> import dance. If a plain copy doesn't work, then try the suggestion to do the export without -a. Doug -- If you're never wrong, you're not trying hard enough From mail at scott.armitage.name Thu Apr 19 14:38:53 2012 From: mail at scott.armitage.name (Scott Armitage) Date: Thu, 19 Apr 2012 08:38:53 -0400 Subject: Cannot import private key In-Reply-To: References: Message-ID: On Thu, 19 Apr 2012 12:39:22 +0200, Peter C. Dietrich wrote: > On Wed, 18 Apr 2012 23:13:27 +0200, Scott Armitage wrote: >> gpg --export-secret-key -a > private.asc >> > I think you should try to export the private key unarmored, i.e. leave out > the -a option. This should work. Thanks, Peter; I tried that, but couldn't get it to work either. I think I have solved the problem though (I still need to try and reproduce it from scratch, to verify my theory). It seems that Powershell uses UCS-2 character encoding when using redirectors (the ">" in my commands). Changing the file encoding to ANSI or UTF-8 allows the private key to be imported properly. It is unclear to me why the public key would import fine, however. For the record, I was using redirectors instead of the "-o" option because apparently it has no effect (at least in Powershell on Windows) if you use it after the --export option. I have now figured out that I can use "-ao " before the "--export-secret-key " and everything works fine: gpg -ao private.asc --export-secret-key gpg --import private.asc gpg: key : already in secret keyring gpg: Total number processed: 1 gpg: secret keys read: 1 gpg: secret keys unchanged: 1 Thanks for the help! -S From yanaty999 at yahoo.com Thu Apr 19 23:08:50 2012 From: yanaty999 at yahoo.com (Tatyana) Date: Thu, 19 Apr 2012 14:08:50 -0700 (PDT) Subject: unable to preset passphrase Message-ID: <1334869730.28493.YahooMailNeo@web125806.mail.ne1.yahoo.com> I need to automate the porcess of receiving an decrypting files encrypted with a gpg key. Since this is supposed to be an unattended process I need to? preset a passphrase. I run the statement (from a batch file): --------------- gpg-agent --daemon --verbose --allow-preset-passphrase echo abc | gpg-preset-passphrase --passphrase?MyPhrase --preset 56E0E3E911D2E485189CAF087ED5DCF802FB4D8 ------------ ..and receive an error message: gpg-preset-passphrase: problem with the agent gpg-preset-passphrase: caching passphrase failed: Invalid response ? I ran the following interactive session:gpg-agent.exe --server --allow-preset-passphrase OK Pleased to meet you OPTION ttyname = /dev/ttyp0 OK OPTION ttytype=xterm OK OPTION lc-ctype=C OK OPTION lc-messages=C OK PRESET_PASSPHRASE 56E06E3E911D2E485189CAF087ED5DCF802FB4D8 -1 MyPhrase ERR 67109144 IPC parameter error - invalid hexstring ? It says "invalid hexstring"! I have the only secret key on this machine, and to find its keygrip or its substitute I ran: --------------gpg2 --fingerprint --fingerprint ----------- ../AppData/Roaming/gnupg/pubring.gpg ------------------------------------------------------------- pub 2048R/79949D47 2012-04-05 Key fingerprint = 2E9E EC17 61C1 CFB9 1B67 9A17 388C CF06 7994 9D47 uid MyName? sub 2048R/802FB4D8 2012-04-05 Key fingerprint = 56E0 6E3E 911D 2E48 5189 CAF0 87ED 5DCF 802F B4D8 ? What am I doing wrong? Thank you, - Tatyana -------------- next part -------------- An HTML attachment was scrubbed... URL: From wk at gnupg.org Fri Apr 20 14:06:55 2012 From: wk at gnupg.org (Werner Koch) Date: Fri, 20 Apr 2012 14:06:55 +0200 Subject: unable to preset passphrase In-Reply-To: <1334869730.28493.YahooMailNeo@web125806.mail.ne1.yahoo.com> (Tatyana's message of "Thu, 19 Apr 2012 14:08:50 -0700 (PDT)") References: <1334869730.28493.YahooMailNeo@web125806.mail.ne1.yahoo.com> Message-ID: <87r4visj34.fsf@vigenere.g10code.de> On Thu, 19 Apr 2012 23:08, yanaty999 at yahoo.com said: > I need to automate the porcess of receiving an decrypting files encrypted with a gpg key. > Since this is supposed to be an unattended process I need to? preset a passphrase. It would be easier and equally save not to protect the key at all. However, I know that sometimes stupid security policies demands passphrases. > PRESET_PASSPHRASE 56E06E3E911D2E485189CAF087ED5DCF802FB4D8 -1 MyPhrase > ERR 67109144 IPC parameter error - invalid hexstring > ? > It says "invalid hexstring"! If you want to give the passphrase on the command line you need to pass it hex encoded: PRESET_PASSPHRASE 56E06E3E911D2E485189CAF087ED5DCF802FB4D8 -1 4D79506872617365 However, gpg-preset-passphrase should have done the hex encoding for you. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From peter at digitalbrains.com Fri Apr 20 14:29:54 2012 From: peter at digitalbrains.com (Peter Lebbing) Date: Fri, 20 Apr 2012 14:29:54 +0200 Subject: Clarification in man page? (was Re: Cannot import private key) In-Reply-To: References: Message-ID: <4F9156C2.6020608@digitalbrains.com> On 19/04/12 14:38, Scott Armitage wrote: > For the record, I was using redirectors instead of the "-o" option > because apparently it has no effect (at least in Powershell on > Windows) if you use it after the --export option. I have now figured > out that I can use "-ao " before the "--export-secret-key > " and everything works fine: Yes, this is a property of the GnuPG command line that more people don't seem to realise, that all options *must* come before the command. I initially missed it myself, and I've seen it mentioned by others on this mailing list. At least on *nix, it's relatively common that options can come in any position of the arguments. Werner, perhaps it is an idea to have the man page more explicit that all options *must* come before the command? The man page does say in two locations (section COMMANDS and section OPTIONS): > Please remember that option as well as command parsing stops as soon as a non-option is > encountered, you can explicitly stop parsing by using the special option --. However, the significance of this statement is perhaps lessened by the first sentence of the section COMMANDS: > Commands are not distinguished from options except for the fact that only one command is > allowed. I think this sentence is easily misunderstood; in fact, I doubt the statement can be made true. I read this as: since they are not distinguished, I can put the (single) command in any old place I can put an option in. While the very important difference between commands and options is that the command comes after the options, and definitely not the other way around. My suggestion would be to change the sentence > Commands are not distinguished from options except for the fact that only one command is > allowed. to something like > Only one command is allowed, and all options need to come before the command. > If the command itself takes arguments, these come after the command. Hmmmmm... ... I just notice, this does work: $ gpg2 -e -r -o foo.gpg $ gpg2 -r -o foo.gpg -e -r etc... All wanted keyid's get encrypted to, and foo.gpg is the output file. Is perhaps the point that when a command can take multiple arguments, like --export can, that the rest of the command line coming after the command is always interpreted as arguments to the command? Still, it might be best to educate users to put the options first, and then be liberal in what you actually accept. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From Mike_Acker at charter.net Fri Apr 20 14:46:41 2012 From: Mike_Acker at charter.net (Mike Acker) Date: Fri, 20 Apr 2012 08:46:41 -0400 Subject: UBUNTU\Thunderbird\ENIGMAIL\GnuPG In-Reply-To: References: Message-ID: <4F915AB1.90802@charter.net> 19.04.2012 14:45, Mike Acker kirjoitti: I'm trying to setup Enigmail on an UBUNTU system and it gives me GnuPG: Not Found override ? ( browse ) what do I give it? I found gpg in the /usr directory and I can run GPG commands from the Terminal window so GPG is clearly available. -- /MIKE _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users This is second time when I answer, /usr/bin/gpg or /usr/bin/gpg2 depending on do you have package "gnupg" or "gnupg2" installed. If you have gnupg2, I recommend /usr/bin/gpg2. PS. Your question would be more [believable] if your email client wasn't telling that you use Windows. ~~~ thanks for the help. You are right: I do use Windows but I am learning to use UBUNTU: (v11.10) I had selected pgp from the usr menu, thus /usr/pgp When I selected it as /usr/bin/pgp -- It accepted my response and I have OpenPGP on the menu line now So: I should now be able to copy over my keyring thanks for the help!! :-) -- /MIKE From mika.henrik.mainio at hotmail.com Fri Apr 20 15:11:37 2012 From: mika.henrik.mainio at hotmail.com (Mika Suomalainen) Date: Fri, 20 Apr 2012 16:11:37 +0300 Subject: UBUNTU\Thunderbird\ENIGMAIL\GnuPG In-Reply-To: <4F915AB1.90802@charter.net> References: <4F915AB1.90802@charter.net> Message-ID: <4F916089.80702@hotmail.com> 20.04.2012 15:46, Mike Acker kirjoitti: > > 19.04.2012 14:45, Mike Acker kirjoitti: > I'm trying to setup Enigmail on an UBUNTU system and it gives me GnuPG: > Not Found > override ? ( browse ) > > what do I give it? I found gpg in the /usr directory and I can run GPG > commands from the Terminal window so GPG is clearly available. > /usr/bin/gpg -- Mika Suomalainen gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728 Key fingerprint = 24BC 1573 B8EE D666 D10A AA65 4DB5 3CFE 82A4 6728 -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x82A46728.asc Type: application/pgp-keys Size: 5920 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 900 bytes Desc: OpenPGP digital signature URL: From mika.henrik.mainio at hotmail.com Fri Apr 20 15:18:19 2012 From: mika.henrik.mainio at hotmail.com (Mika Suomalainen) Date: Fri, 20 Apr 2012 16:18:19 +0300 Subject: UBUNTU\Thunderbird\ENIGMAIL\GnuPG In-Reply-To: <4F915AB1.90802@charter.net> References: <4F915AB1.90802@charter.net> Message-ID: <4F91621B.1060603@hotmail.com> 20.04.2012 15:46, Mike Acker kirjoitti: > > 19.04.2012 14:45, Mike Acker kirjoitti: > I'm trying to setup Enigmail on an UBUNTU system and it gives me GnuPG: > Not Found > override ? ( browse ) > > what do I give it? I found gpg in the /usr directory and I can run GPG > commands from the Terminal window so GPG is clearly available. > I will now reply the fourth time. I use "reply all" button, because the message doesn't seem to go anywhere with only "reply list". If you want to use gpg1 with Enigmail, use /usr/bin/gpg . If you want to use gpg2 with Enigmail, use /usr/bin/gpg2 . /usr/bin/gpg should work with default Ubuntu install, but if you want to use /usr/bin/gog2, you might need to install "gnupg2". If you are unsure, just use /usr/bin/gpg, it should work with all Debian based systems (including Debian, Ubuntu, Linux Mint etc.). -- Mika Suomalainen gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728 Key fingerprint = 24BC 1573 B8EE D666 D10A AA65 4DB5 3CFE 82A4 6728 -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x82A46728.asc Type: application/pgp-keys Size: 5920 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 900 bytes Desc: OpenPGP digital signature URL: From mika.henrik.mainio at hotmail.com Fri Apr 20 15:51:12 2012 From: mika.henrik.mainio at hotmail.com (Mika Suomalainen) Date: Fri, 20 Apr 2012 16:51:12 +0300 Subject: UBUNTU\Thunderbird\ENIGMAIL\GnuPG In-Reply-To: <4F9166AC.8060603@charter.net> References: <4F915AB1.90802@charter.net> <4F91621B.1060603@hotmail.com> <4F9166AC.8060603@charter.net> Message-ID: <4F9169D0.5040506@hotmail.com> 20.04.2012 16:37, Mike Acker kirjoitti: > On 04/20/2012 09:18 AM, Mika Suomalainen wrote: >> 20.04.2012 15:46, Mike Acker kirjoitti: >>> 19.04.2012 14:45, Mike Acker kirjoitti: >>> I'm trying to setup Enigmail on an UBUNTU system and it gives me GnuPG: >>> Not Found >>> override ? ( browse ) >>> >>> what do I give it? I found gpg in the /usr directory and I can run GPG >>> commands from the Terminal window so GPG is clearly available. >>> >> I will now reply the fourth time. I use "reply all" button, because the >> message doesn't seem to go anywhere with only "reply list". >> >> If you want to use gpg1 with Enigmail, use /usr/bin/gpg . >> If you want to use gpg2 with Enigmail, use /usr/bin/gpg2 . >> /usr/bin/gpg should work with default Ubuntu install, but if you want to >> use /usr/bin/gog2, you might need to install "gnupg2". >> >> If you are unsure, just use /usr/bin/gpg, it should work with all Debian >> based systems (including Debian, Ubuntu, Linux Mint etc.). >> > Thanks. I had received your reply and posted a note to the list > earlier. The results are successful. You may notice I'm writing from > the UBUNTU system for this message. I'm not sure why you seem to be > receiving the question over and over: I sent it once on ENIGMAIL list > and once on GnuPG User list. > > I'll try signing this one... > Note: my earlier key has expired. For that reason I've generated an > uploaded a new RSA key to the keyserver > so-- you may need to request the new key from the keyserver. > You're welcome :). I am on both lists so maybe that is why I received so much emails. Yes, it seems that you are on Linux now. > MEGB?ZHATATLAN J? al??r?s: Mike Acker > Kulcsazonos?t?: 0xD08880C3 / Al??rva: 20.04.2012 16:37 with light blue background so it seems that your signature is valid. I am automatically receiving all keys from keyserver. -- Mika Suomalainen gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728 Key fingerprint = 24BC 1573 B8EE D666 D10A AA65 4DB5 3CFE 82A4 6728 -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x82A46728.asc Type: application/pgp-keys Size: 5920 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 900 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Fri Apr 20 16:17:26 2012 From: wk at gnupg.org (Werner Koch) Date: Fri, 20 Apr 2012 16:17:26 +0200 Subject: Clarification in man page? In-Reply-To: <4F9156C2.6020608@digitalbrains.com> (Peter Lebbing's message of "Fri, 20 Apr 2012 14:29:54 +0200") References: <4F9156C2.6020608@digitalbrains.com> Message-ID: <87ehrisd1l.fsf@vigenere.g10code.de> On Fri, 20 Apr 2012 14:29, peter at digitalbrains.com said: > myself, and I've seen it mentioned by others on this mailing list. At least on > *nix, it's relatively common that options can come in any position of the arguments. That is not a general Unix feature but a GNU feature. > Werner, perhaps it is an idea to have the man page more explicit that all > options *must* come before the command? gpg from master does this: $ gpg2 foo --armor gpg: NOTE: `--armor' is not considered an option usage: gpg [options] [filename] If you really want --armor as a filename, the warning will of course not be shown $ gpg2 -- foo --armor usage: gpg [options] [filename] > I think this sentence is easily misunderstood; in fact, I doubt the statement > can be made true. I read this as: since they are not distinguished, I can put > the (single) command in any old place I can put an option in. And that is actually the case. The difference between commands and options is that you may only have one command. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From mike_acker at charter.net Fri Apr 20 15:37:48 2012 From: mike_acker at charter.net (Mike Acker) Date: Fri, 20 Apr 2012 09:37:48 -0400 Subject: UBUNTU\Thunderbird\ENIGMAIL\GnuPG In-Reply-To: <4F91621B.1060603@hotmail.com> References: <4F915AB1.90802@charter.net> <4F91621B.1060603@hotmail.com> Message-ID: <4F9166AC.8060603@charter.net> On 04/20/2012 09:18 AM, Mika Suomalainen wrote: > 20.04.2012 15:46, Mike Acker kirjoitti: >> 19.04.2012 14:45, Mike Acker kirjoitti: >> I'm trying to setup Enigmail on an UBUNTU system and it gives me GnuPG: >> Not Found >> override ? ( browse ) >> >> what do I give it? I found gpg in the /usr directory and I can run GPG >> commands from the Terminal window so GPG is clearly available. >> > I will now reply the fourth time. I use "reply all" button, because the > message doesn't seem to go anywhere with only "reply list". > > If you want to use gpg1 with Enigmail, use /usr/bin/gpg . > If you want to use gpg2 with Enigmail, use /usr/bin/gpg2 . > /usr/bin/gpg should work with default Ubuntu install, but if you want to > use /usr/bin/gog2, you might need to install "gnupg2". > > If you are unsure, just use /usr/bin/gpg, it should work with all Debian > based systems (including Debian, Ubuntu, Linux Mint etc.). > Thanks. I had received your reply and posted a note to the list earlier. The results are successful. You may notice I'm writing from the UBUNTU system for this message. I'm not sure why you seem to be receiving the question over and over: I sent it once on ENIGMAIL list and once on GnuPG User list. I'll try signing this one... Note: my earlier key has expired. For that reason I've generated an uploaded a new RSA key to the keyserver so-- you may need to request the new key from the keyserver. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 554 bytes Desc: OpenPGP digital signature URL: From dougb at dougbarton.us Fri Apr 20 18:55:54 2012 From: dougb at dougbarton.us (Doug Barton) Date: Fri, 20 Apr 2012 09:55:54 -0700 Subject: Clarification in man page? In-Reply-To: <87ehrisd1l.fsf@vigenere.g10code.de> References: <4F9156C2.6020608@digitalbrains.com> <87ehrisd1l.fsf@vigenere.g10code.de> Message-ID: <4F91951A.10800@dougbarton.us> On 4/20/2012 7:17 AM, Werner Koch wrote: > On Fri, 20 Apr 2012 14:29, peter at digitalbrains.com said: > >> myself, and I've seen it mentioned by others on this mailing list. At least on >> *nix, it's relatively common that options can come in any position of the arguments. > > That is not a general Unix feature but a GNU feature. I use/develop for a lot of different Unix', it's pretty commonly accepted at this point. >> Werner, perhaps it is an idea to have the man page more explicit that all >> options *must* come before the command? > > gpg from master does this: > > $ gpg2 foo --armor > gpg: NOTE: `--armor' is not considered an option > usage: gpg [options] [filename] That looks like a good change. >> I think this sentence is easily misunderstood; in fact, I doubt the statement >> can be made true. I read this as: since they are not distinguished, I can put >> the (single) command in any old place I can put an option in. > > And that is actually the case. The difference between commands and > options is that you may only have one command. To the OP, rather than saying, "Can you write better docs?" how about proposing changes that make sense to you? Not only is that closer to the open source model, it's notoriously hard for developers to document their own work, since it all makes perfect sense to us. :) Doug -- If you're never wrong, you're not trying hard enough From faramir.cl at gmail.com Fri Apr 20 23:51:27 2012 From: faramir.cl at gmail.com (Faramir) Date: Fri, 20 Apr 2012 18:51:27 -0300 Subject: Current key servers In-Reply-To: <4F876570.9030901@enigmail.net> References: <4F872112.7080901@malte.gell.gmx.de> <4F8735A1.4070606@sixdemonbag.org> <4F876570.9030901@enigmail.net> Message-ID: <4F91DA5F.5070202@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 12-04-2012 20:29, John Clizbe escribi?: ... >> pool.sks-keyservers.net adds them to its own list. So really, >> that's the only address you need. :) > > It's best to stick with the pool address, otherwise if you select a > single server, you'll run into trouble if it's offline or there is > a connectivity I'd also keep 1 or 2 addresses to keyservers, just in case one day the pool has troubles. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJPkdpfAAoJEMV4f6PvczxAhooH/0oxu1cjlMrBgY2JlS0jmrlk meY39pzUw3zQlT57lBmbtKENyety6wOtZn3UwwdThAz7FFGjxd7x4j66v+qVUaMD 56CJbE5k6xuFS32v0wgRsJwUV/ehZFrBUvD78XaHlAsd51nuiFbiHh5BEYdxMnZD OGV5OIcn+/L9dCaDgnB+W5KtIfXANhL+kTb4A6LdQtQ/1OlanJylcHRk4DtMaPvG 6wZUnJKHtq/UvgkVXyJTetv3+VsQkJIf+fURSQ+DKjgp0obeFqvUQpRRn9mBpFN8 tgD8QD4ZkOyB2rCCZDuD6QV1bZCo/sqEQ96vwdo6OTOA5XEjxOQCa7wlgfr6H8A= =s6sB -----END PGP SIGNATURE----- From peter at digitalbrains.com Sat Apr 21 11:55:27 2012 From: peter at digitalbrains.com (Peter Lebbing) Date: Sat, 21 Apr 2012 11:55:27 +0200 Subject: Clarification in man page? In-Reply-To: <87ehrisd1l.fsf@vigenere.g10code.de> References: <4F9156C2.6020608@digitalbrains.com> <87ehrisd1l.fsf@vigenere.g10code.de> Message-ID: <4F92840F.80200@digitalbrains.com> On 20/04/12 16:17, Werner Koch wrote: > $ gpg2 foo --armor > gpg: NOTE: `--armor' is not considered an option > usage: gpg [options] [filename] > > If you really want --armor as a filename, the warning will of course not > be shown Why is --armor dropped when it is not wanted as a filename? > And that is actually the case. The difference between commands and > options is that you may only have one command. I think you misread what I meant :). Confusion all around! I have this command: $ gpg2 -a -o foo.asc --export de500b3e Now if commands and options are equal citizens in the land of the command line, I think this should also work: $ gpg2 --export de500b3e -a -o foo.asc All I did was change the order; the only difference between commands and options is how many are allowed in one command line. I stuck by the rule as I read it. However, it doesn't do the same. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From peter at digitalbrains.com Sat Apr 21 12:04:06 2012 From: peter at digitalbrains.com (Peter Lebbing) Date: Sat, 21 Apr 2012 12:04:06 +0200 Subject: Clarification in man page? In-Reply-To: <4F91951A.10800@dougbarton.us> References: <4F9156C2.6020608@digitalbrains.com> <87ehrisd1l.fsf@vigenere.g10code.de> <4F91951A.10800@dougbarton.us> Message-ID: <4F928616.90803@digitalbrains.com> On 20/04/12 18:55, Doug Barton wrote: > To the OP, rather than saying, "Can you write better docs?" how about > proposing changes that make sense to you? Not only is that closer to the > open source model, it's notoriously hard for developers to document > their own work, since it all makes perfect sense to us. :) Because clarifying the docs is "non-invasive". If you change the way gpg parses its options, you risk breaking scripts people wrote and such. Plus, there is a good chance the parsing was deliberately designed the way it is :). So rather than challenge the design, I chose clarifying it instead. You could say I chose the lazy way (of least resistance). Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From wk at gnupg.org Sat Apr 21 19:54:55 2012 From: wk at gnupg.org (Werner Koch) Date: Sat, 21 Apr 2012 19:54:55 +0200 Subject: Clarification in man page? In-Reply-To: <4F92840F.80200@digitalbrains.com> (Peter Lebbing's message of "Sat, 21 Apr 2012 11:55:27 +0200") References: <4F9156C2.6020608@digitalbrains.com> <87ehrisd1l.fsf@vigenere.g10code.de> <4F92840F.80200@digitalbrains.com> Message-ID: <87wr59otqo.fsf@vigenere.g10code.de> On Sat, 21 Apr 2012 11:55, peter at digitalbrains.com said: > Why is --armor dropped when it is not wanted as a filename? Sorry, I don't understand you. There is just a note telling the novice that --armor is not an option. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From peter at digitalbrains.com Sat Apr 21 20:24:11 2012 From: peter at digitalbrains.com (Peter Lebbing) Date: Sat, 21 Apr 2012 20:24:11 +0200 Subject: Clarification in man page? In-Reply-To: <87wr59otqo.fsf@vigenere.g10code.de> References: <4F9156C2.6020608@digitalbrains.com> <87ehrisd1l.fsf@vigenere.g10code.de> <4F92840F.80200@digitalbrains.com> <87wr59otqo.fsf@vigenere.g10code.de> Message-ID: <4F92FB4B.30600@digitalbrains.com> On 21/04/12 19:54, Werner Koch wrote: > Sorry, I don't understand you. There is just a note telling the novice > that --armor is not an option. Okay, I initially misunderstood. Never mind. When one of the arguments to --export does not actually match a key in the keyring, GnuPG v2.0.18 silently ignores it. That means that if --armor does not match a key, it is effectively ignored when specified after --export. I like the note, it is definitely clarifying. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From John at enigmail.net Mon Apr 23 08:52:50 2012 From: John at enigmail.net (John Clizbe) Date: Mon, 23 Apr 2012 01:52:50 -0500 Subject: Current key servers In-Reply-To: <4F91DA5F.5070202@gmail.com> References: <4F872112.7080901@malte.gell.gmx.de> <4F8735A1.4070606@sixdemonbag.org> <4F876570.9030901@enigmail.net> <4F91DA5F.5070202@gmail.com> Message-ID: <4F94FC42.9070103@enigmail.net> Faramir wrote: > El 12-04-2012 20:29, John Clizbe escribi?: > ... > >>> pool.sks-keyservers.net adds them to its own list. So really, >>> that's the only address you need. :) > >> It's best to stick with the pool address, otherwise if you select a >> single server, you'll run into trouble if it's offline or there is >> a connectivity > > I'd also keep 1 or 2 addresses to keyservers, just in case one day > the pool has troubles. OK, here's my list of addresses: 192.168.1.2 booboo # Windows 2003 Svr[*] 192.168.1.4 yogi # Slackware Linux 192.168.1.5 picnic # Slackware Linux 192.168.1.18 basket # MacOS X 192.168.1.19 horse # Solaris 10 192.168.1.20 nell # Solaris 10 2[*],4 & 18 ==> keyserver.gingerbear.net 5, 19, & 20 ==> sks.keyservers.net [*] If I ever get the Win32 timing precise enough for sks recon, booboo will join yogi and basket About trouble with pool.sks-keyservers.net: Even if the pool server goes down, there are extra DNS servers in place acting as secondaries for the zone. So the pool DNS addresses should always be available, even if they aren't being regularly updated (which is now four times per day). If you query the NS records for sks-keyservers.net, 6 or 7 nameserver records should be returned. -John -- John P. Clizbe Inet: John (a) Gingerbear DAWT net SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Cowboy Haiku -- Reflections on Rodeo So many Cowboys. / Round Wrangler butts drive me nuts. / Never enough rope. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 501 bytes Desc: OpenPGP digital signature URL: From mustrum at mustrum.net Mon Apr 23 12:23:20 2012 From: mustrum at mustrum.net (Mustrum) Date: Mon, 23 Apr 2012 12:23:20 +0200 Subject: Current key servers In-Reply-To: <4F94FC42.9070103@enigmail.net> References: <4F872112.7080901@malte.gell.gmx.de> <4F8735A1.4070606@sixdemonbag.org> <4F876570.9030901@enigmail.net> <4F91DA5F.5070202@gmail.com> <4F94FC42.9070103@enigmail.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 How can we use private IPs ? >OK, here's my list of addresses: >192.168.1.2 booboo # Windows 2003 Svr[*] >192.168.1.4 yogi # Slackware Linux >192.168.1.5 picnic # Slackware Linux >192.168.1.18 basket # MacOS X >192.168.1.19 horse # Solaris 10 >192.168.1.20 nell # Solaris 10 > -----BEGIN PGP SIGNATURE----- Version: APG v1.0.8 iQI7BAEBCgAlBQJPlS2YHhxNdXN0cnVtIDxNdXN0cnVtQE11c3RydW0ubmV0PgAK CRBMuv2GX9WDnjI0D/4rjQm7rkAgVDWeU4OYWW8yqHur/l71lKga/8Gk9EFzJdY0 SSU69qPZknT2HATilCWudX/0Wixh9LAhs8Si6KQ0o9tOxZBG7FbH+LxFKG36Bj1q qA4L2kYQ4YlAZ6Le3wNHr8+ktxctfAgAUwyiNvOgAtx7cgPUOj+xo6LsNUwbG4WN esF8FLvHqEpBdR5LCHZ8mpSFyAQVWb+RnhVTYiqKh5QfgpR1TRpsSXNBP7INNNGo IbMw3dPIMkMT0s1TY34r7aULWM7kmiw3+nGqfrW8OSZ6FzcU03Asn9YXkQdTIi1S +6cW8/PVO97J2120W6lpg9PPDqZ+DbXEA1ZIClfoWWciKE4D+vfIottM1VAAfGdk jfjwn/3iMJJFuJRRvT4gqDUbq3pgrnkCPJcyvyzYDzSHhdLxaLXfD+I6eUDkAASQ u9ThpE7AGMObhcv9cXUGncK4UtD99Lk+oAVFmAUP2J6e1AMvdYiCgMcdN0dYKxXZ rvmAR4/aE2vL9/PHldWFmijWFqhYnUn5AJ4Axwt4hdV4n/do7W19ygmfcDnvlmcG 294vboQwTyv4yM5AuYyb1ghQQZCtCyG9eDfTB6GEV6rEZEiU5kBFXkfe+JI9zWQF R7XKrHTYYVHwfV5S1h7r0CBr1kJMbQSNjnt6CGTARM7KA9/W/Xy3j6TNam6bUA== =uK+d -----END PGP SIGNATURE----- From david at gbenet.com Mon Apr 23 16:33:05 2012 From: david at gbenet.com (david at gbenet.com) Date: Mon, 23 Apr 2012 15:33:05 +0100 Subject: new user anxiety In-Reply-To: References: <4F8BB55F.3030007@sixdemonbag.org> Message-ID: <4F956821.9020406@gbenet.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 16/04/12 22:47, Michael Talbot-Wilson wrote: > On Mon, 16 Apr 2012, Robert J. Hansen wrote: > >> On 4/16/2012 12:12 AM, Michael Talbot-Wilson wrote: >>> Found nothing in the FAQ on this. >> >> First, it's an entirely expected thing. It's not a problem, it's just a >> thing. > > Thanks. And thanks to everyone who responded. I think I found the > answer overnight in Lucas's book, the section "Email from Beyond Your > Web of Trust" (p. 120). I guess I need to _have_ some such web. > > Thanks again. > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > Hello Michael, Firstly, ALL keys are untrustworthy - even if signed by some one else - it's not till you have met the person - verified it's them - and checked a copy of their public key - which they show you as a print out. If you then decide to have a level of confidence (trust) in that person being who they say they are - and the key belongs to them then you can set some level of trust. The web of trust is not something you can pick up. Rather the web of trust is a group of people that have seen each other's public keys and thus signed them. So your mates and your sister all use pgp - they each agree to sign each's key - then you have a web of trust. - -- ?See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind. Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.? http:/counter.li.org 512854 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPlWgRAAoJEOJpqm7flRExR+MH/0rweTmNZRnADsS6ZZtq7F/m RWMkQ6Quqp09Ve12uTzOPKjIocaNyhv3+8P/ILXaTT1f+tGLnc2OZasxC3SdU1F9 oB+XCzwaxNp1fxGQdJBtj/DNAkWgr+EtpKvWRu+5EOiCqTcuJu/7/JdV8lRG62qx xY/vGt1UzYrsAmqnYyUl2e0JvToxPHIMRZugA3NXRX3YChd4n9TdLt/NUc6WjNUd JrvLag1HUe1qlzAUEMMAtYatkX1YwSxSk+V/R+WoyskdbDjejwX5eZ/o8X2EMMTM Dw9PpBUWmySSft1NzzPR6fC/ocgRhYuDPDan/9Mz+uI3kfvzvxT2K61lbmlM6oo= =OQg2 -----END PGP SIGNATURE----- From wk at gnupg.org Mon Apr 23 16:34:16 2012 From: wk at gnupg.org (Werner Koch) Date: Mon, 23 Apr 2012 16:34:16 +0200 Subject: gpg4win: homedir option not passed on to gpg-agent In-Reply-To: (Peter C. Dietrich's message of "Thu, 19 Apr 2012 11:56:06 +0200") References: Message-ID: <87pqayms9j.fsf@vigenere.g10code.de> On Thu, 19 Apr 2012 11:56, peter.c.dietrich at freenet.de said: > I use gpg on Windows XP Sp3 via gpg4win 2.1.1-svn1694. I don't know this version. The last released one is 2.1.0. Meanwhile we switched to git and thus the svn prefix does not make sense anymore. Please test with the 2.1.0. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From peter.c.dietrich at freenet.de Mon Apr 23 20:15:12 2012 From: peter.c.dietrich at freenet.de (Peter C. Dietrich) Date: Mon, 23 Apr 2012 20:15:12 +0200 Subject: gpg4win: homedir option not passed on to gpg-agent In-Reply-To: <87pqayms9j.fsf@vigenere.g10code.de> References: <87pqayms9j.fsf@vigenere.g10code.de> Message-ID: On Mon, 23 Apr 2012 16:34:16 +0200, Werner Koch wrote: > On Thu, 19 Apr 2012 11:56, peter.c.dietrich at freenet.de said: > >> I use gpg on Windows XP Sp3 via gpg4win 2.1.1-svn1694. > > I don't know this version. The last released one is 2.1.0. Meanwhile > we switched to git and thus the svn prefix does not make sense anymore. > Please test with the 2.1.0. > > > Salam-Shalom, > > Werner > I installed this version (2.1.1-svn1694) only after I had experienced the behavior I described with version 2.1.0. Then I searched for a solution and what I found was just said version, I don't remember where I actually got it from. I didn't know it was unbeknown to the developers. Anyway, I have reinstalled the official release (2.1.0), and the behavior is still as mentioned in my previous post (tried to generate a new keyring in a directory that is not the home directory with "gpg2 --homedir some/other/directory --gen-key" and receive gpg-agent related IPC error). Installing the newest beta of gpg4win (gpg 2.1.1-git93779b3) did not make a difference in this respect, either. So, if you know of a way to mend this, tell me, please. Kind regards, Peter From kf at sumptuouscapital.com Tue Apr 24 00:45:10 2012 From: kf at sumptuouscapital.com (Kristian Fiskerstrand) Date: Tue, 24 Apr 2012 00:45:10 +0200 Subject: Current key servers In-Reply-To: References: <4F872112.7080901@malte.gell.gmx.de> <4F8735A1.4070606@sixdemonbag.org> <4F876570.9030901@enigmail.net> <4F91DA5F.5070202@gmail.com> <4F94FC42.9070103@enigmail.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 23.04.2012 12:23, Mustrum wrote: > How can we use private IPs ? > > >> OK, here's my list of addresses: 192.168.1.2 booboo # Windows >> 2003 Svr[*] 192.168.1.4 yogi # Slackware Linux 192.168.1.5 picnic >> # Slackware Linux 192.168.1.18 basket # MacOS X 192.168.1.19 >> horse # Solaris 10 192.168.1.20 nell # Solaris 10 > John's public DNS names are listed below that snippet. On 23.04.2012 08:52, John Clizbe wrote: ... > 2[*],4 & 18 ==> keyserver.gingerbear.net 5, 19, & 20 ==> > sks.keyservers.net But as also mentioned by John, the pool is running on quite a bit of redundancy when it comes to DNS servers; Name Server: NS2.SKS-KEYSERVERS.NET Name Server: NS3.SKS-KEYSERVERS.NET Name Server: NS5.SKS-KEYSERVERS.NET Name Server: NS6.SKS-KEYSERVERS.NET Name Server: NS7.SKS-KEYSERVERS.NET of which at least one of the DNS servers is a BGP AnyCast address. So I'm very interested in hearing if anyone is having troubles with it.... - -- - ---------------------------- Kristian Fiskerstrand http://www.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Corruptissima re publica plurim? leges The greater the degeneration of the republic, the more of its laws - ---------------------------- This email was digitally signed using the OpenPGP standard. If you want to read more about this The book: Sending Emails - The Safe Way: An introduction to OpenPGP security is now available in both Amazon Kindle and Paperback format at http://www.amazon.com/dp/B006RSG1S4/ - ---------------------------- Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJPldt2AAoJEBbgz41rC5UIAYYQALy0j3eAHeaHXd69KjPx4m64 q0ixINi50dgvuywRTrZlqiMdMczpb+HgvIZOjCKblS101UbREm1MO7+dfIBug2Pt Sf2/FgyObD/p9yy8W/me3WB6SbER1kxYx/4M93t60PjR9jDCuywTEpXZmUZt7YaZ IhAPaqKVP3he66GYuHvhueSjTtBUpAyfwezRMX7XZmQiIRc2YMI2ngrHpj27b/nf cCqvvb55Mwfjs1S/Rlhp+DpIbnO70xNYEW+kK3NgOIrfpnLH3ERf+YGhT/YpUUde s2Csdk6QS04UMNTXqatcqAriy186Hmezpy9UifAOzpoyUxW5p+muWooft8QuVzrB 3jPeMe4Vq+siWp7KgTYcLb/Bk92/n/69E+koSH0e8jfdcGvuN3V1huVCdqltJgRb bHXCVYen72oP+SiinxJaAaahoJISrAFIhkzLFtCCEUoQDmqpOH3RpEtlhaY0uXuF gpE2WCx7FaDsHEptwnUHxFbamYTJnJZA53gNbw8fzRMGQptc8NuJsMqU7X8nQ9sx cM05qVEdo+BSkyIGLh0n8/5FssxKLrs866WMDlEcwxg0aOF3X99h/4QZ1dPCsxZW FMadja5d/WAFq+huyiT0ZM/gMhaeE5Vst0S5SE9C5Ud3s2tlvN7YMjUqsv95IMzi QwpX14gNyJnslfDbIlIL =jdFX -----END PGP SIGNATURE----- From JPClizbe at tx.rr.com Tue Apr 24 01:24:01 2012 From: JPClizbe at tx.rr.com (John Clizbe) Date: Mon, 23 Apr 2012 18:24:01 -0500 Subject: Current key servers In-Reply-To: References: <4F872112.7080901@malte.gell.gmx.de> <4F8735A1.4070606@sixdemonbag.org> <4F876570.9030901@enigmail.net> <4F91DA5F.5070202@gmail.com> <4F94FC42.9070103@enigmail.net> Message-ID: <4F95E491.7020304@tx.rr.com> Mustrum wrote: > How can we use private IPs ? > See below. > >>OK, here's my list of addresses: >>192.168.1.2 booboo # Windows 2003 Svr[*] >>192.168.1.4 yogi # Slackware Linux >>192.168.1.5 picnic # Slackware Linux >>192.168.1.18 basket # MacOS X >>192.168.1.19 horse # Solaris 10 >>192.168.1.20 nell # Solaris 10 > Faramir wrote: > I'd also keep 1 or 2 addresses to keyservers, just in case one day > the pool has troubles. Well,... that's _my_ list of keyservers. You are correct that they are private IP addresses. There are over 110 SKS keyservers online right now. They're not all in datacenters. :-) If you have a local keyserver it doesn't make a lot of sense to go hit the router only to be port forwarded back to the local IP address. If a public facing server (keyserver.gingerbear.net or sks.keyservers.net ) goes down for some reason, another can be put in place with a couple mouse clicks. They all "talk amongst themselves" so they are all always up-to-date. Why do I have 5 1/2 keyservers running on my local net? I do a "fair" amount of code work on SKS, the keyserver platform, https://code.google.com/r/johnclizbe-sks-keyserver/source/list Production and test boxes for two public facing keyservers gets me four of those. They're also used to test for portability to other operating systems. (Who would think one could run SKS on Windows? sks-db works fine. Still have timing issues with sks_recon.) There was a DNS issue some time back. That led to the addition of a large number of secondary nameservers. Kristian Fiskerstrand has also been working on the pool selection code to make it more robust. [sks-devel] is a fairly quiet group, but we're attentive and working. -John -- John P. Clizbe Inet: John (a) Gingerbear DAWT net SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Cowboy Haiku -- Reflections on Rodeo So many Cowboys. / Round Wrangler butts drive me nuts. / Never enough rope. From david at gbenet.com Tue Apr 24 09:14:32 2012 From: david at gbenet.com (david at gbenet.com) Date: Tue, 24 Apr 2012 08:14:32 +0100 Subject: gpg2 Message-ID: <4F9652D8.7070108@gbenet.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi All, I'm using Mint Linux - gpg2 and gpg are both using /.gpg I have no /.gpg2 dir on my system and no dir gets created when I run gpg2 --version. No dirs are created in usr/bin either - in fact I had to create a home/david/.gpg The question are: What (and where) script calls gpg to load? Can I delete gpg and then run gpg2? Can I make a dir ie /.gpg2 and copy all to it and then get enigmail to use gpg2? David - -- ?See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind. Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.? http:/counter.li.org 512854 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPllLYAAoJEOJpqm7flRExQUkIAJYJICJDNcxv9/ldFheZlPqf BdI/6v2rZ35wTAqB5Ycfsmobqm1PK9kQMirRneT8LY2QkHbWX54JZSDC76T121FW DGnlJeaAbnDw5ihPR7yAyh2Zydbgt4GGLYdszbISgDkvOH1HctPO+2RttbRtRQ1g AmHnmtreUf4Q0lD/Lz/RBA0GUfG3Ckuv2ocWpg2kFjLoEVxRm/QK7HjZ0xoiRBj0 bkqiVQhpyDuo3tJvaOJDX6cCOH7+XRJQjmMFgye2+2eSNfEbAHy0+LgbpaWK0NeW dP8z9Pm4gQxgY79rn2Twz8FeItTxCEtnETp1qt9+R6yf1KWssBSeQO0p1khtj1U= =+svH -----END PGP SIGNATURE----- From wk at gnupg.org Tue Apr 24 10:51:30 2012 From: wk at gnupg.org (Werner Koch) Date: Tue, 24 Apr 2012 10:51:30 +0200 Subject: gpg2 In-Reply-To: <4F9652D8.7070108@gbenet.com> (david@gbenet.com's message of "Tue, 24 Apr 2012 08:14:32 +0100") References: <4F9652D8.7070108@gbenet.com> Message-ID: <87ehrdldgt.fsf@vigenere.g10code.de> On Tue, 24 Apr 2012 09:14, david at gbenet.com said: > I'm using Mint Linux - gpg2 and gpg are both using /.gpg I have no /.gpg2 dir on my system Are you sure? The default home directory is ~/.gnupg and not ~/.gpg . It is not advisable to have different directories for both versions. We took great care to allow installation of both version with the same home directory. What is the output of gpg --version and gpg2 --version? Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From mika.henrik.mainio at hotmail.com Tue Apr 24 11:19:28 2012 From: mika.henrik.mainio at hotmail.com (Mika Suomalainen) Date: Tue, 24 Apr 2012 12:19:28 +0300 Subject: gpg2 In-Reply-To: <4F9652D8.7070108@gbenet.com> References: <4F9652D8.7070108@gbenet.com> Message-ID: <4F967020.6040301@hotmail.com> Hi, 24.04.2012 10:14, david at gbenet.com kirjoitti: > Hi All, > > I'm using Mint Linux - gpg2 and gpg are both using /.gpg I have no /.gpg2 dir on my system > and no dir gets created when I run gpg2 --version. No dirs are created in usr/bin either - > in fact I had to create a home/david/.gpg > > The question are: > What (and where) script calls gpg to load? > Can I delete gpg and then run gpg2? > Can I make a dir ie /.gpg2 and copy all to it and then get enigmail to use gpg2? > > David > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users Both GPG and GPG2 use the same ~/.gnupg directory. 1. I don't understand this question. 2. You said that you are on Linux Mint, which uses apt, which requires gpg1, so you might get warnings when trying to remove it. I recommend just keeping both. 3. As I said above, both use ~/.gnupg. If you want to use gpg2 with Enigmail, open Enigmail preferences and on basic tab you should see gpg location. Check the "override with" box and write (or browse) /usr/bin/gpg2. -- Mika Suomalainen gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728 Key fingerprint = 24BC 1573 B8EE D666 D10A AA65 4DB5 3CFE 82A4 6728 -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x82A46728.asc Type: application/pgp-keys Size: 5920 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 900 bytes Desc: OpenPGP digital signature URL: From david at gbenet.com Tue Apr 24 11:29:38 2012 From: david at gbenet.com (david at gbenet.com) Date: Tue, 24 Apr 2012 10:29:38 +0100 Subject: gpg2 In-Reply-To: <87ehrdldgt.fsf@vigenere.g10code.de> References: <4F9652D8.7070108@gbenet.com> <87ehrdldgt.fsf@vigenere.g10code.de> Message-ID: <4F967282.3080006@gbenet.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 24/04/12 09:51, Werner Koch wrote: > On Tue, 24 Apr 2012 09:14, david at gbenet.com said: > >> I'm using Mint Linux - gpg2 and gpg are both using /.gpg I have no /.gpg2 dir on my system > > Are you sure? The default home directory is ~/.gnupg and not ~/.gpg . > It is not advisable to have different directories for both versions. > We took great care to allow installation of both version with the same > home directory. > > What is the output of > > gpg --version > > and gpg2 --version?e re > > > Salam-Shalom, > > Werner > Hi Werner - my apologies the~/.gpg was a typo on my part The respective outputs for gpg and gpg2 are as follows: david at laptop-2 ~ $ gpg --version gpg (GnuPG) 1.4.11 Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cypher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 david at laptop-2 ~ $ gpg2 --version gpg (GnuPG) 2.0.17 libgcrypt 1.5.0 Copyright (C) 2011 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA Cypher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 As you see they point to the same home dir - I thought of uninstalling GNUpg - there is no directory (folder) ~/.gnupg2 created on my Linux I've looked as "root" and show all hidden files and none get created. David - -- ?See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind. Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.? http:/counter.li.org 512854 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPlnKBAAoJEOJpqm7flRExPZMH/0oue07rZRRTmPaLYBLw+JCS FA13oBvdW95b6Rsa3tYwNTjXwhAv024OitcuQp9rxw/rcsTw3ISTgY8gjDy46HqB 29leo3SduBN4jJcfmxTbglJrvqV96fLlpdByhf8gpRa2+oC1QQYQ9u7vJP5b7Kut 942aMzT/pZLzK80vPGNzIyZyw/KLFyMg5H9HqR3rb/n1vMWF1fQrGWcwZgofUT1S tkY3Jd+uRH0VTGGtAXjtHiQViugXR5e3gtxz03YPYKWjS435X1AkeQFC08WKPwPU zMikXXz+7U9IuInFu9u3CTXskd8Fx2rcT8/QJiA0ttLwDdNwcvQfm+8MbrxIXPw= =K5zs -----END PGP SIGNATURE----- From david at gbenet.com Tue Apr 24 12:04:36 2012 From: david at gbenet.com (david at gbenet.com) Date: Tue, 24 Apr 2012 11:04:36 +0100 Subject: gpg2 In-Reply-To: <4F967020.6040301@hotmail.com> References: <4F9652D8.7070108@gbenet.com> <4F967020.6040301@hotmail.com> Message-ID: <4F967AB4.9050204@gbenet.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 24/04/12 10:19, Mika Suomalainen wrote: > Hi, > > 24.04.2012 10:14, david at gbenet.com kirjoitti: >> Hi All, >> >> I'm using Mint Linux - gpg2 and gpg are both using /.gpg I have no /.gpg2 dir on my system >> and no dir gets created when I run gpg2 --version. No dirs are created in usr/bin either - >> in fact I had to create a home/david/.gpg >> >> The question are: >> What (and where) script calls gpg to load? >> Can I delete gpg and then run gpg2? >> Can I make a dir ie /.gpg2 and copy all to it and then get enigmail to use gpg2? >> >> David >> >> >> _______________________________________________ >> Gnupg-users mailing list >> Gnupg-users at gnupg.org >> http://lists.gnupg.org/mailman/listinfo/gnupg-users > > Both GPG and GPG2 use the same ~/.gnupg directory. > > 1. I don't understand this question. > 2. You said that you are on Linux Mint, which uses apt, which requires > gpg1, so you might get warnings when trying to remove it. I recommend > just keeping both. > 3. As I said above, both use ~/.gnupg. If you want to use gpg2 with > Enigmail, open Enigmail preferences and on basic tab you should see gpg > location. Check the "override with" box and write (or browse) /usr/bin/gpg2. > > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users Thanks Mika, I have done as you have suggested. It is to be noted that whenever I install a new Linux disro I always run gpg --version - Linux Mint does not create ~/.gnupg automatically one has to create the directory (folder) by hand -as this function's not and there's no way to set how long the passphrase will last as this function is not available in any gpg-agent. David - -- ?See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind. Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.? http:/counter.li.org 512854 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPlnq0AAoJEOJpqm7flRExcQgIAIpAxnhzGK2S24OQDqIj9MO6 Jv3WC+J+XkofsEwE8wfcNLKO1+5yHs5774kcX7k/1Ylw+PIbW2Sa2ZLMfQ+9EAJC KPOoSYcFXo/V8nSMRi45xcOwziKT/vTfluUBvLKz59v6bSiQb4rMe15FWx/i5w/s gSaiJyXdJLjqDaHCvm78RH9BNjepkz4IulcralvZTjw+VWj0M01kt2bESAv1eJjy 6uiqPC3i5pTxl9LXXyqleBHu0eqAVXmtUA8NW79E9Bksb9T2EIOC5UTU1K8wmmQM SkfK0+oP8ApN/MVuxjuhazv2BRZCDEERClfHFZZre6Tm5qwvjUpp6qcdyI4rj8A= =b78N -----END PGP SIGNATURE----- From wk at gnupg.org Tue Apr 24 13:41:19 2012 From: wk at gnupg.org (Werner Koch) Date: Tue, 24 Apr 2012 13:41:19 +0200 Subject: gpg2 In-Reply-To: <4F967AB4.9050204@gbenet.com> (david@gbenet.com's message of "Tue, 24 Apr 2012 11:04:36 +0100") References: <4F9652D8.7070108@gbenet.com> <4F967020.6040301@hotmail.com> <4F967AB4.9050204@gbenet.com> Message-ID: <87mx61jr1c.fsf@vigenere.g10code.de> On Tue, 24 Apr 2012 12:04, david at gbenet.com said: > I have done as you have suggested. It is to be noted that whenever I > install a new Linux disro I always run gpg --version - Linux Mint does > not create ~/.gnupg automatically one has I did a quick test by adding a new user on a pretty standard Debian box and running gpg: footest at soro:~$ gpg -k gpg: directory `/home/footest/.gnupg' created gpg: new configuration file `/home/footest/.gnupg/gpg.conf' created gpg: WARNING: options in `/home/footest/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/home/footest/.gnupg/secring.gpg' created gpg: keyring `/home/footest/.gnupg/pubring.gpg' created gpg: /home/footest/.gnupg/trustdb.gpg: trustdb created footest at soro:~$ gpg --version gpg (GnuPG) 1.4.10 Another new user for gpg2: bartest at soro:~$ gpg2 -k gpg: directory `/home/bartest/.gnupg' created gpg: new configuration file `/home/bartest/.gnupg/gpg.conf' created gpg: WARNING: options in `/home/bartest/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/home/bartest/.gnupg/pubring.gpg' created gpg: /home/bartest/.gnupg/trustdb.gpg: trustdb created bartest at soro:~$ gpg2 --version gpg (GnuPG) 2.0.19 libgcrypt 1.4.5 Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From david at gbenet.com Tue Apr 24 14:20:43 2012 From: david at gbenet.com (david at gbenet.com) Date: Tue, 24 Apr 2012 13:20:43 +0100 Subject: gpg2 In-Reply-To: <87mx61jr1c.fsf@vigenere.g10code.de> References: <4F9652D8.7070108@gbenet.com> <4F967020.6040301@hotmail.com> <4F967AB4.9050204@gbenet.com> <87mx61jr1c.fsf@vigenere.g10code.de> Message-ID: <4F969A9B.8010205@gbenet.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 24/04/12 12:41, Werner Koch wrote: > On Tue, 24 Apr 2012 12:04, david at gbenet.com said: > >> I have done as you have suggested. It is to be noted that whenever I >> install a new Linux disro I always run gpg --version - Linux Mint does >> not create ~/.gnupg automatically one has > > I did a quick test by adding a new user on a pretty standard Debian box > and running gpg: > > footest at soro:~$ gpg -k > gpg: directory `/home/footest/.gnupg' created > gpg: new configuration file `/home/footest/.gnupg/gpg.conf' created > gpg: WARNING: options in `/home/footest/.gnupg/gpg.conf' are not yet active during this run > gpg: keyring `/home/footest/.gnupg/secring.gpg' created > gpg: keyring `/home/footest/.gnupg/pubring.gpg' created > gpg: /home/footest/.gnupg/trustdb.gpg: trustdb created > footest at soro:~$ gpg --version > gpg (GnuPG) 1.4.10 > > Another new user for gpg2: > > bartest at soro:~$ gpg2 -k > gpg: directory `/home/bartest/.gnupg' created > gpg: new configuration file `/home/bartest/.gnupg/gpg.conf' created > gpg: WARNING: options in `/home/bartest/.gnupg/gpg.conf' are not yet active during this run > gpg: keyring `/home/bartest/.gnupg/pubring.gpg' created > gpg: /home/bartest/.gnupg/trustdb.gpg: trustdb created > bartest at soro:~$ gpg2 --version > gpg (GnuPG) 2.0.19 > libgcrypt 1.4.5 > > > Shalom-Salam, > > Werner > > Werner, I too ran the gpg -k on a new user accounts and got the same results as you. The question is: Are both run at launch time? Or can you set which one to run? David - -- ?See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind. Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.? http:/counter.li.org 512854 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPlpqbAAoJEOJpqm7flRExHngH/i0SK6sumYebXrMLvDecduT+ pNDRV4X/RnDOtrs/14UOHaTgUCmDqDqxcNCP7OsgX0cNoXXjVc2vUdJePMG/RV/d Y1CyZev5TVEC0enO4xuGlR0JGvw33EpmF0ebnbX9A5v6m9k5eIawHbJNRyYyQ1qi H6XHbd7yEQSfoA94y91R2dXrd04rCi8kpPG4/nEDQBJiraD1b4kzEYjQe2mIzJW4 zfGEqeR7+5wekCkHKRZRxgATykM7UJiJJtvqW1ncUBniZ3X1IfiLpcTYfLhydzo1 NlJyji8h+ZV5uLmdLRduoOQiYB46mRmUhPabmMLU/S8eoa5DRiNrt1ZZ3w1qZKI= =RXPJ -----END PGP SIGNATURE----- From peter at digitalbrains.com Tue Apr 24 14:33:52 2012 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 24 Apr 2012 14:33:52 +0200 Subject: gpg2 In-Reply-To: <4F969A9B.8010205@gbenet.com> References: <4F9652D8.7070108@gbenet.com> <4F967020.6040301@hotmail.com> <4F967AB4.9050204@gbenet.com> <87mx61jr1c.fsf@vigenere.g10code.de> <4F969A9B.8010205@gbenet.com> Message-ID: <4F969DB0.1080903@digitalbrains.com> On 24/04/12 14:20, david at gbenet.com wrote: > I too ran the gpg -k on a new user accounts and got the same results as you. The question > is: Are both run at launch time? Or can you set which one to run? Perhaps you should explain what you are trying to accomplish in the end. I read something about how long a passphrase will last, are you trying to decrypt multiple e-mails after entering your passphrase only once? Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From david at gbenet.com Tue Apr 24 18:47:00 2012 From: david at gbenet.com (david at gbenet.com) Date: Tue, 24 Apr 2012 17:47:00 +0100 Subject: gpg2 In-Reply-To: <4F969DB0.1080903@digitalbrains.com> References: <4F9652D8.7070108@gbenet.com> <4F967020.6040301@hotmail.com> <4F967AB4.9050204@gbenet.com> <87mx61jr1c.fsf@vigenere.g10code.de> <4F969A9B.8010205@gbenet.com> <4F969DB0.1080903@digitalbrains.com> Message-ID: <4F96D904.3080600@gbenet.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 24/04/12 13:33, Peter Lebbing wrote: > On 24/04/12 14:20, david at gbenet.com wrote: >> I too ran the gpg -k on a new user accounts and got the same results as you. The question >> is: Are both run at launch time? Or can you set which one to run? > > Perhaps you should explain what you are trying to accomplish in the end. I read > something about how long a passphrase will last, are you trying to decrypt > multiple e-mails after entering your passphrase only once? > > Peter. > Peter, To the question "are you trying to decrypt multiple e-mails at once" the answer is yes. I had the ability to set how long the passphrase was loaded - "GPA" with Ubuntu but it seems not available with Mint Linux - am discovering there's a lot I can't change with Mint Linux! Oh well .......... I tried some specific gpg2 settings in my gpg.conf - but all produced errors - which is why I asked the question when Linux first runs - it starts a number of scripts one of which must be by default launch gpg 1.4.11 and not gpg2. David - -- ?See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind. Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.? http:/counter.li.org 512854 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPltkEAAoJEOJpqm7flRExmYsH/2m6t1TlKj/AebfGDubyyHV/ UOhgTZIVOCXG6LgTjIPxhJ2kXsKk3gvY/FYKrPwQChP/dz/BqBvX85C/+BvQ1CJN aLzOQ79mwgH14WjpIrlVlgyu4r48TTrytxQ0z2VDdiQWus+T4A6PiXrv1RVINILy zm8hZI3F9Teq0+ryuqhSFStyt421pZ/NAsq3/7IZRPoeYLcdzs3BZhZ3ng3NYAcU //HS6OCGxh72DoSqd01gt7v9Y0FGktZAWrmXx7M+oPujGjnuDqwAI7YqysgNRAL8 +n456zKpPDW+KfANfgwJ8MjliCXxUmOQJtnt0AjkD3TAAsjogWyRQhoCV/9VlcE= =e58+ -----END PGP SIGNATURE----- From mika.henrik.mainio at hotmail.com Tue Apr 24 19:07:39 2012 From: mika.henrik.mainio at hotmail.com (Mika Suomalainen) Date: Tue, 24 Apr 2012 20:07:39 +0300 Subject: gpg2 In-Reply-To: <4F96D904.3080600@gbenet.com> References: <4F9652D8.7070108@gbenet.com> <4F967020.6040301@hotmail.com> <4F967AB4.9050204@gbenet.com> <87mx61jr1c.fsf@vigenere.g10code.de> <4F969A9B.8010205@gbenet.com> <4F969DB0.1080903@digitalbrains.com> <4F96D904.3080600@gbenet.com> Message-ID: <4F96DDDB.5090301@hotmail.com> On 24.04.2012 19:47, david at gbenet.com wrote: > On 24/04/12 13:33, Peter Lebbing wrote: >> On 24/04/12 14:20, david at gbenet.com wrote: >>> I too ran the gpg -k on a new user accounts and got the same results as you. The question >>> is: Are both run at launch time? Or can you set which one to run? > >> Perhaps you should explain what you are trying to accomplish in the end. I read >> something about how long a passphrase will last, are you trying to decrypt >> multiple e-mails after entering your passphrase only once? > >> Peter. > > Peter, > > To the question "are you trying to decrypt multiple e-mails at once" the answer is yes. I > had the ability to set how long the passphrase was loaded - "GPA" with Ubuntu but it seems > not available with Mint Linux - am discovering there's a lot I can't change with Mint Linux! > Oh well .......... I am almost sure that GPA is available for Linux Mint in package "gpa". > I tried some specific gpg2 settings in my gpg.conf - but all produced errors - which is why > I asked the question when Linux first runs - it starts a number of scripts one of which must > be by default launch gpg 1.4.11 and not gpg2. > > David > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Mika Suomalainen gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728 Key fingerprint = 24BC 1573 B8EE D666 D10A AA65 4DB5 3CFE 82A4 6728 -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x82A46728.asc Type: application/pgp-keys Size: 5920 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 900 bytes Desc: OpenPGP digital signature URL: From ajay.kallur at gmail.com Tue Apr 24 19:25:35 2012 From: ajay.kallur at gmail.com (Ajayk1122) Date: Tue, 24 Apr 2012 10:25:35 -0700 (PDT) Subject: GnuPG 2.0 decryption of two PGP Message blocks in one Message Message-ID: <33740429.post@talk.nabble.com> Dear Developer, Here's a peculiar scenario, I have a file which has 2 pgp messages or blocks embedded in a single file one below the other. Can GPG 2.0 be able to decrypt both the blocks and concatenate the messages inside same single file? I have attached the sample PGP file for reference and more clear picture of the scenario. Any help is greatly appreciated. Thanks. -- With Regards, Ajay Kallur http://old.nabble.com/file/p33740429/Sample%2BPGP%2Bmessage%2Bwith%2B2%2Bpgp%2Bblocks Sample+PGP+message+with+2+pgp+blocks -- View this message in context: http://old.nabble.com/GnuPG-2.0-decryption-of-two-PGP-Message-blocks-in-one-Message-tp33740429p33740429.html Sent from the GnuPG - User mailing list archive at Nabble.com. From ajay.kallur at gmail.com Tue Apr 24 18:13:48 2012 From: ajay.kallur at gmail.com (Ajay Kallur) Date: Tue, 24 Apr 2012 11:13:48 -0500 Subject: GnuPG 2.0 decryption of two PGP Message blocks in one Message Message-ID: Dear Developer, Here's a peculiar scenario, I have a file which has 2 pgp messages or blocks embedded in a single file one below the other. Can GPG 2.0 be able to decrypt both the blocks and concatenate the messages inside same single file? I have attached the sample PGP file for reference and more clear picture of the scenario. Any help is greatly appreciated. Thanks. -- With Regards, Ajay Kallur akallur at ftj.com (816) 756 1060 x1250 -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Sample PGP message with 2 pgp blocks Type: application/octet-stream Size: 8176 bytes Desc: not available URL: From mick.crane at gmail.com Wed Apr 25 01:12:05 2012 From: mick.crane at gmail.com (michael crane) Date: Wed, 25 Apr 2012 00:12:05 +0100 Subject: [off topic] Message-ID: <33a1521b25ce8804cebe245f8e6bd708.squirrel@192.168.1.50> I don't know why procmail finds this list more elusive than any other. From hka at qbs.com.pl Wed Apr 25 11:52:10 2012 From: hka at qbs.com.pl (Hubert Kario) Date: Wed, 25 Apr 2012 11:52:10 +0200 Subject: [off topic] In-Reply-To: <33a1521b25ce8804cebe245f8e6bd708.squirrel@192.168.1.50> References: <33a1521b25ce8804cebe245f8e6bd708.squirrel@192.168.1.50> Message-ID: <2021511.ryahojSZR1@k85hala03> On Wednesday 25 of April 2012 00:12:05 michael crane wrote: > I don't know why procmail finds this list more elusive than any other. It's not a real solution, but Works For Me?: fdm.sf.net Regards, -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawer?w 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2346 bytes Desc: not available URL: From david at gbenet.com Wed Apr 25 13:32:13 2012 From: david at gbenet.com (david at gbenet.com) Date: Wed, 25 Apr 2012 12:32:13 +0100 Subject: Sha256 Message-ID: <4F97E0BD.5040304@gbenet.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi All, I did have some commands in my old gpg.conf file which happened to end up in Limmassol harbour. So the general question is - are there any special security commands that I can add to my .conf file? Which seems to be gpg2? David - -- ?See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind. Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.? https://linuxcounter.net/user/512854.html. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPl+C9AAoJEOJpqm7flRExXLAH/2g9NdCv675cEr6LuiHBJu2N r4PZfFTvs+PQInzdQSAj4bolATdG/LRcdKXKt+SxL5Gs3OEbdkSikcasApqAl1dZ Un0ND7Czzg7Z5AR08AwD/V3DxWV3YbIs1EczuwfL7kZab92ax4+YVDk6wUVPl4yt ALeFQ3aH9Qgin5kFniYudHwLslqVBN1ZgfmMlB1SX8zNuiTKNSoIWeFSKL95o4BT Rj2EYnFYKXpfmE//JPLhaOTzUchawrY9k1OSOn0ZSkMTXay+XsyuxaIRtoOZstTF l6oamylAFlElJr/I8Mo/z+cmqIY9j8U8km6gF8Wyi1w317xeMtuRpAnam4W6IGQ= =gHdG -----END PGP SIGNATURE----- From kwadronaut at aktivix.org Wed Apr 25 13:40:58 2012 From: kwadronaut at aktivix.org (kwadronaut) Date: Wed, 25 Apr 2012 13:40:58 +0200 Subject: Sha256 - gpg.conf In-Reply-To: <4F97E0BD.5040304@gbenet.com> References: <4F97E0BD.5040304@gbenet.com> Message-ID: <4F97E2CA.1030301@aktivix.org> On 25/04/12 13:32, david at gbenet.com wrote: > I did have some commands in my old gpg.conf file which happened to end up in Limmassol That's quite an accomplishment. Only that file or a whole storage device? > harbour. So the general question is - are there any special security commands that I can add > to my .conf file? Which seems to be gpg2? gpg --version and gpg2 --version will tell you were there configuration file lies, and they're very likely both going to use the same file. Thanks to the developers that goes just fine (up until now, for me). 'Any special security commands' is vague, are you looking for ideas along the lines of "personal-digest-preferences SHA256", "cert-digest-algo SHA256", or something totally different? kwadronaut. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: From david at gbenet.com Wed Apr 25 18:02:58 2012 From: david at gbenet.com (david at gbenet.com) Date: Wed, 25 Apr 2012 17:02:58 +0100 Subject: Sha256 - gpg.conf In-Reply-To: <4F97E2CA.1030301@aktivix.org> References: <4F97E0BD.5040304@gbenet.com> <4F97E2CA.1030301@aktivix.org> Message-ID: <4F982032.4020801@gbenet.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 25/04/12 12:40, kwadronaut wrote: > On 25/04/12 13:32, david at gbenet.com wrote: >> I did have some commands in my old gpg.conf file which happened to end up in Limmassol > > That's quite an accomplishment. Only that file or a whole storage device? > >> harbour. So the general question is - are there any special security commands that I can add >> to my .conf file? Which seems to be gpg2? > > gpg --version and gpg2 --version will tell you were there configuration > file lies, and they're very likely both going to use the same file. > Thanks to the developers that goes just fine (up until now, for me). > > 'Any special security commands' is vague, are you looking for ideas > along the lines of "personal-digest-preferences SHA256", > "cert-digest-algo SHA256", or something totally different? > > kwadronaut. > Hi Kwadronaut, The devise was a mobile phone into which I'd made a copy of my gnupg directory - thinking all is safe - with a password file. But then you never expect to fall from a mast fracturing your skull spine and pelvis. Worse is the bastards that went through my boat helping themselves to laptops sailing gear. I was reading old e-mails on a CD and noticed Sha256 so I must have had a line in my conf file for it to appear in an old e-mail. It got me thinking - - what other lines did I have cert-digest-algo SHA256 - I will try it :) any others would be welcome David - -- ?See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind. Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.? https://linuxcounter.net/user/512854.html. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPmCAxAAoJEOJpqm7flRExebYIAI1E8vBmDUI6cIYP3ncof18C fMLPhOc17NKeZv0FgS3qudVNxkQvV4gdFo95ihLR2ra1newYkvqZOwCwlD6n4zaO YvrRsMS2K1byX6Z+SkNqA/KvHSDOZR1s24J4Ejd+3LxdC/3m6cc3TkFxnNlBL6G1 UFWXxCdQJaNZ/qDmfs9bPMml+3QYaJgqO/YIZwWkkXXT+h92wLC840Elr6r6Ee1B j4dDHgKGdz44gbWDKExb7qnb9x17wgsi2PdEtSUqDVXKaFy7/cEAN9pGBkIkY7/l CEAnok6CgqqbQOmKtAgvOok1l1nXGj6mvTxOe6rPCBkgoXoVe93Tp4NAzfLyvOU= =+lx+ -----END PGP SIGNATURE----- From quannguyen at mbm.vn Thu Apr 26 06:49:20 2012 From: quannguyen at mbm.vn (=?UTF-8?B?Tmd1eeG7hW4gSOG7k25nIFF1w6Ju?=) Date: Thu, 26 Apr 2012 11:49:20 +0700 Subject: How to make GPG release the token? Message-ID: <4F98D3D0.2070908@mbm.vn> Hello all, I'm using GnuPG and OpenSC to test my token. Each time I've done using GPG, the OpenSC cannot access the token. I have to reboot the computer to use OpenSC. There is a way to make the GnuPG release the token completely after use? -- Regards, Qu?n From david at gbenet.com Thu Apr 26 08:03:43 2012 From: david at gbenet.com (david at gbenet.com) Date: Thu, 26 Apr 2012 07:03:43 +0100 Subject: How to make GPG release the token? In-Reply-To: <4F98D3D0.2070908@mbm.vn> References: <4F98D3D0.2070908@mbm.vn> Message-ID: <4F98E53F.50309@gbenet.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 26/04/12 05:49, Nguy?n H?ng Qu?n wrote: > Hello all, > > I'm using GnuPG and OpenSC to test my token. Each time I've done using > GPG, the OpenSC cannot access the token. I have to reboot the computer > to use OpenSC. > > There is a way to make the GnuPG release the token completely after use? > Hello Quan, I'm a little unclear what you mean by 'token?' You mean the passphrase? I know that Linux Mint Ubuntu Debian has problems with rebooting when programmes are in memory.May be your Smart Card is not compatible with OpenSC? Anyhow without knowing exactly what you mean by token am at a loss. David - -- ?See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind. Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.? https://linuxcounter.net/user/512854.html. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPmOU+AAoJEOJpqm7flRExp+0H/jLREtDPoh23MrQAdL8srpYm ew+Jklx7+e+9irN/VLQI7m5pIKgnBRpnRFvirn1Wh7iSV5pNARriUBu5hNC2dqH+ CD7gGQTAjjImJsSxgW1DHqwDHSbdYJuqjN0MdTYozMTzCzODOcQjpA2b5248/lbv 7VC0SuDR06VIwhsDBph4nt9XmIdlxYUWMiXpglqbSliD97Iui7hQRKKIfRvYelze V6g+I/9sXUHMFKyevuNQYiUMzgbw0CrYItZz3ZNs4P6IHxhcID5xutkJ25BKMPhF Qmf7yl8m/MV7oo7Wsy4Z6BG3ssBPxtbrzgcGMrq7r57pfU2VD4rl8Wt3VSCr/Qg= =UZ6B -----END PGP SIGNATURE----- From david at gbenet.com Thu Apr 26 08:08:17 2012 From: david at gbenet.com (david at gbenet.com) Date: Thu, 26 Apr 2012 07:08:17 +0100 Subject: How to make GPG release the token? In-Reply-To: <4F98D3D0.2070908@mbm.vn> References: <4F98D3D0.2070908@mbm.vn> Message-ID: <4F98E651.1040705@gbenet.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 26/04/12 05:49, Nguy?n H?ng Qu?n wrote: > Hello all, > > I'm using GnuPG and OpenSC to test my token. Each time I've done using GPG, the OpenSC > cannot access the token. I have to reboot the computer to use OpenSC. > > There is a way to make the GnuPG release the token completely after use? > A further thought: http://gnupg-pkcs11.sourceforge.net/ David - -- ?See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind. Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.? https://linuxcounter.net/user/512854.html. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPmOZRAAoJEOJpqm7flRExp8AH/11n0ytNXxz3lOiA9WZ1rIsw 6tvCu2eIb3a5xnNE0Pc+ixWjspl6JtQEAzxIBaLKBGZHDWw3he5Crpry/+Y8OOYA JyIMxyxqoj1uSYZPxj/8BjryJ5yb6j5Gc9dbZD4OU02GR/usN88j/B5Aq6Y/JwWA W3k0jf0/nQzkLJvdsYX3si9zSLkUVKqfxsmp2iSrOTCb454jt48l8FtxYfgNotbA tB3wHundBUpXDJududx+SiR993Q2pYuhPa58Axpdwb3454ryIWbAeKQfwunieScP 9iyyW0KfSUVy6ArfOkxprolWr0fJDsgqkjtIkTFgBziLPfmA8khckLwI6aS7Gu4= =ulTK -----END PGP SIGNATURE----- From quannguyen at mbm.vn Thu Apr 26 09:17:55 2012 From: quannguyen at mbm.vn (=?UTF-8?B?Tmd1eeG7hW4gSOG7k25nIFF1w6Ju?=) Date: Thu, 26 Apr 2012 14:17:55 +0700 Subject: How to make GPG release the token? In-Reply-To: <4F98E53F.50309@gbenet.com> References: <4F98D3D0.2070908@mbm.vn> <4F98E53F.50309@gbenet.com> Message-ID: <4F98F6A3.5020507@mbm.vn> Hello, That's the Crypto Stick http://www.crypto-stick.com/ After trying pgp --card-status or gpg --card-edit, I cannot access the Crypto Stick with OpenSC, meaning opensc-tool does not work. Each time I use GPG, I have to reboot the computer in order to use OpenSC. On 04/26/2012 01:03 PM, david at gbenet.com wrote: > Hello Quan, > > I'm a little unclear what you mean by 'token?' You mean the > passphrase? I know that Linux > Mint Ubuntu Debian has problems with rebooting when programmes are in > memory.May be your > Smart Card is not compatible with OpenSC? Anyhow without knowing > exactly what you mean by > token am at a loss. > > David > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Regards, Qu?n -------------- next part -------------- An HTML attachment was scrubbed... URL: From david at gbenet.com Thu Apr 26 09:40:37 2012 From: david at gbenet.com (david at gbenet.com) Date: Thu, 26 Apr 2012 08:40:37 +0100 Subject: How to make GPG release the token? In-Reply-To: <4F98F6A3.5020507@mbm.vn> References: <4F98D3D0.2070908@mbm.vn> <4F98E53F.50309@gbenet.com> <4F98F6A3.5020507@mbm.vn> Message-ID: <4F98FBF5.7010606@gbenet.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 26/04/12 08:17, Nguy?n H?ng Qu?n wrote: > Hello, > That's the Crypto Stick http://www.crypto-stick.com/ > After trying pgp --card-status or gpg --card-edit, I cannot access the > Crypto Stick with OpenSC, meaning opensc-tool does not work. > Each time I use GPG, I have to reboot the computer in order to use OpenSC. > > On 04/26/2012 01:03 PM, david at gbenet.com wrote: >> Hello Quan, >> >> I'm a little unclear what you mean by 'token?' You mean the >> passphrase? I know that Linux >> Mint Ubuntu Debian has problems with rebooting when programmes are in >> memory.May be your >> Smart Card is not compatible with OpenSC? Anyhow without knowing >> exactly what you mean by >> token am at a loss. >> >> David >> >> >> _______________________________________________ >> Gnupg-users mailing list >> Gnupg-users at gnupg.org >> http://lists.gnupg.org/mailman/listinfo/gnupg-users > > Hi Quan, I strongly suggest you read: http://www.opensc-project.org/opensc/wiki/FrequentlyAskedQuestions and a possible solution to your problem is to uninstall OpenSC and install: http://gnupg-pkcs11.sourceforge.net/ Which hopefully will resolve problems you are having with GNUGPG with OpenSC David - -- ?See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind. Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.? https://linuxcounter.net/user/512854.html. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPmPv1AAoJEOJpqm7flRExzgEH/1p8oA0cqRE3KNtxbdjhzEIR 6uCfEnLPRl5T81LNtvyfTl2lNDvQZFg2JQyK/4ohggIs4cscNgSGdKJ8DyoYMLd1 zwOEErJHdhMaN2dqu1w37+G+hKkeWwVnTx1vM2q0LtoZQkjZKcFfxaXiQvpBZboq j9IE1dfxXWkDdj63fwuZY27wXivfzKduIY3hIoRyJsO8/mGtf3hXpr3vkpjG1s3k Z5HXSfgLoRjpjnkUBlTZSljdYUnxrqlZp0Uo0RhQiogxjFWibtDq0w8RUAwqsHKb nR5QbMzcRw9FrUKqZs37vgSJtI+/1PtrWq0YPgbBjDhx6HVKsW/aKLJtvb/iIy0= =spsg -----END PGP SIGNATURE----- From quannguyen at mbm.vn Thu Apr 26 09:51:12 2012 From: quannguyen at mbm.vn (=?UTF-8?B?Tmd1eeG7hW4gSOG7k25nIFF1w6Ju?=) Date: Thu, 26 Apr 2012 14:51:12 +0700 Subject: How to make GPG release the token? In-Reply-To: <4F98FBF5.7010606@gbenet.com> References: <4F98D3D0.2070908@mbm.vn> <4F98E53F.50309@gbenet.com> <4F98F6A3.5020507@mbm.vn> <4F98FBF5.7010606@gbenet.com> Message-ID: <4F98FE70.6060807@mbm.vn> Thanks David, I'm starting to develop OpenSC to make it support fully the CryptoStick (which uses OpenPGP card). So I cannot uninstall OpenSC. Because the OpenSC does not support OpenPGP card fully, I sometimes use GPG to test the card. So there is no way to leave these two together? -- Regards, Qu?n From david at gbenet.com Thu Apr 26 10:37:10 2012 From: david at gbenet.com (david at gbenet.com) Date: Thu, 26 Apr 2012 09:37:10 +0100 Subject: How to make GPG release the token? In-Reply-To: <4F98FE70.6060807@mbm.vn> References: <4F98D3D0.2070908@mbm.vn> <4F98E53F.50309@gbenet.com> <4F98F6A3.5020507@mbm.vn> <4F98FBF5.7010606@gbenet.com> <4F98FE70.6060807@mbm.vn> Message-ID: <4F990936.8050500@gbenet.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 26/04/12 08:51, Nguy?n H?ng Qu?n wrote: > Thanks David, > > I'm starting to develop OpenSC to make it support fully the > CryptoStick (which uses OpenPGP card). So I cannot uninstall OpenSC. > Because the OpenSC does not support OpenPGP card fully, I sometimes use > GPG to test the card. > > So there is no way to leave these two together? > -- > Regards, > Qu?n > Hi Quan, Sadly no two Linux Distros are the same. If you are using a Ubuntu/Debian/Gnome - you may want to consider opensuse with KDE desktop. The drop in replacement for Debian I've already given you - perhaps you could mention the problem in the forum relating to your card or OpenSC - but I'd experiment with other Linux distros. David - -- ?See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind. Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.? https://linuxcounter.net/user/512854.html. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPmQk2AAoJEOJpqm7flRExwNcH/1ysDvjpx6SaMBeEYQRR/IbE Fc86DBdOj7/SpJgJY26M24EwbyC4JDvKxF9o9xltc271dXLQCMYTnZ4d1GopFH1K 01s6E44EToF/IAm1sPzYH2iVUWo16yL7xQejmveSVAiCz/ABIS8IPuEJn6GGijef uJXIG62I9+6+KhQd7ELwjE9UHyUOWxUN7RNkXPjUCrkGD4yiCJbEJS6KribqMjQu fFEuGOH65SZCa/NVxBOikV60gRZU/KP5HeL+NnK9dleTuZVhX6VjsgToVdt+YOW3 aBt++DOLdOmE5798gFJsk9Zlvy4yR1mH4b4nV+D3rs2w22I2d3AZPzYZtZvM4lw= =FfMD -----END PGP SIGNATURE----- From wk at gnupg.org Thu Apr 26 10:43:17 2012 From: wk at gnupg.org (Werner Koch) Date: Thu, 26 Apr 2012 10:43:17 +0200 Subject: How to make GPG release the token? In-Reply-To: <4F98D3D0.2070908@mbm.vn> (=?utf-8?Q?=22Nguy=E1=BB=85n_H?= =?utf-8?Q?=E1=BB=93ng_Qu=C3=A2n=22's?= message of "Thu, 26 Apr 2012 11:49:20 +0700") References: <4F98D3D0.2070908@mbm.vn> Message-ID: <87vckmg9y2.fsf@vigenere.g10code.de> On Thu, 26 Apr 2012 06:49, quannguyen at mbm.vn said: > I'm using GnuPG and OpenSC to test my token. Each time I've done using > GPG, the OpenSC cannot access the token. I have to reboot the computer > to use OpenSC. GnuPG requires exclusive access to the card. The best way to work with the card from applications with only an pkcs#11 interface is the use of scute (apt-get install scute). Scute provides an pkcs#11 interface on top of the GnuPG system. > There is a way to make the GnuPG release the token completely after use? Yes. Put this option into scdaemon.conf: --card-timeout N If N is not 0 and no client is actively using the card, the card will be powered down after N seconds. Powering down the card avoids a potential risk of damaging a card when used with certain cheap readers. This also allows non Scdaemon aware applications to access the card. The disadvantage of using a card timeout is that accessing the card takes longer and that the user needs to enter the PIN again after the next power up. Note that with the current version of Scdaemon the card is powered down immediately at the next timer tick for any value of N other than 0. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From quannguyen at mbm.vn Thu Apr 26 10:59:51 2012 From: quannguyen at mbm.vn (=?UTF-8?B?Tmd1eeG7hW4gSOG7k25nIFF1w6Ju?=) Date: Thu, 26 Apr 2012 15:59:51 +0700 Subject: How to make GPG release the token? In-Reply-To: <87vckmg9y2.fsf@vigenere.g10code.de> References: <4F98D3D0.2070908@mbm.vn> <87vckmg9y2.fsf@vigenere.g10code.de> Message-ID: <4F990E87.6050702@mbm.vn> Thank you all On Thu 26 Apr 2012 03:43:17 PM ICT, Werner Koch wrote: > > Yes. Put this option into scdaemon.conf: > > --card-timeout N -- Regards, Qu?n From anthony at papillion.me Thu Apr 26 13:48:10 2012 From: anthony at papillion.me (Anthony Papillion) Date: Thu, 26 Apr 2012 06:48:10 -0500 Subject: Question about key fingerprint uses Message-ID: So I was browsing the documentation this morning when I came across this documentation for the --fingerprint flag: "You want to see "Fingerprints" to ensure that somebody is really the person they claim (like in a telephone call). This command will result in a list of relatively small numbers." I'm not really sure how this would work in real life. For example, if I have John Smiths key I can type gpg --fingerprint "John Smith" and that will print out his key fingerprint. This would work for anyone else with John Smith's key as well. So let's say I'm on the phone with someone I think is John Smith but wanted to verify using his key fingerprint. How would asking him to tell it to me mean anything since ANYONE can get his fingerprint as long as they have his key? Thanks! Anthony From peter at digitalbrains.com Fri Apr 27 14:40:01 2012 From: peter at digitalbrains.com (Peter Lebbing) Date: Fri, 27 Apr 2012 14:40:01 +0200 Subject: Question about key fingerprint uses In-Reply-To: References: Message-ID: <4F9A93A1.8070205@digitalbrains.com> On 26/04/12 13:48, Anthony Papillion wrote: > and that will print out his key fingerprint. This would work for anyone > else with John Smith's key as well. So let's say I'm on the phone with > someone I think is John Smith but wanted to verify using his key > fingerprint. How would asking him to tell it to me mean anything since > ANYONE can get his fingerprint as long as they have his key? You're turning it around :). Rather than verify you are speaking to John using his fingerprint, you are verifying the fingerprint by speaking to John. You should already be sure the person on the line is John Smith. John Smith then tells you his fingerprint such that you can be sure the key you're looking at actually belongs to John Smith, and hasn't been exchanged by a man in the middle. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From edmond at systemli.org Sat Apr 28 12:06:22 2012 From: edmond at systemli.org (Edmond) Date: Sat, 28 Apr 2012 12:06:22 +0200 Subject: Decryption with OpenPGP card fails Message-ID: <4F9BC11E.9080701@systemli.org> Hello, I am facing problems decrypting data with my OpenPGP v2 card. Signing however is working just fine. I have collected the following output. The PIN retry counter looks a bit weird, could that be the problem? -------------------- $ echo Test >foo.txt $ gpg2 --default-key 0xF3D84563 --armor -es -r edmond at systemli.org foo.txt $ gpg2 --decrypt foo.txt.asc gpg: encrypted with 4096-bit RSA key, ID 89D322C9, created 2012-03-18 "Edmond " gpg: public key decryption failed: General error gpg: decryption failed: No secret key [I don't get asked for a PIN when signig because it is still cached by gpg-agent.] -------------------- $ gpg2 --list-keys edmond at systemli.org pub 1024D/F3D84563 2009-12-03 uid Edmond uid Edmond uid Kalle Blomquist sub 4096g/B9112F3F 2009-12-03 [expires: 2012-04-30] sub 2048D/25782A52 2011-05-22 [expires: 2012-04-30] sub 2048R/CD72BB15 2012-03-18 [expires: 2013-03-18] sub 4096R/89D322C9 2012-03-18 [expires: 2013-03-18] -------------------- $ gpg2 --card-status Application ID ...: [removed by Edmond] Version ..........: 2.0 Manufacturer .....: ZeitControl Serial number ....: [removed by Edmond] Name of cardholder: [not set] Language prefs ...: en Sex ..............: unspecified URL of public key : [not set] Login data .......: [not set] Signature PIN ....: forced Key attributes ...: 2048R 4096R 4096R Max. PIN lengths .: 32 32 32 PIN retry counter : 3 0 3 Signature counter : 13 Signature key ....: 7723 B3A9 82EC 5035 A00F 0931 DD1C 8306 CD72 BB15 created ....: 2012-03-18 08:44:51 Encryption key....: AEF8 F0EA 8B13 29F1 F370 E324 F105 21FD 89D3 22C9 created ....: 2012-03-18 08:47:00 Authentication key: 8E6F 4404 3CA3 3212 8801 61A3 DC13 CEC0 056B 9E3C created ....: 2012-01-05 12:36:35 General key info..: pub 2048R/CD72BB15 2012-03-18 Edmond sec 1024D/F3D84563 created: 2009-12-03 expires: never ssb 4096g/B9112F3F created: 2009-12-03 expires: 2012-04-30 ssb> 2048R/6703B033 created: 2010-07-13 expires: 2011-07-13 card-no: [removed by Edmond] ssb 2048D/25782A52 created: 2011-05-22 expires: 2012-04-30 ssb> 2048R/CD72BB15 created: 2012-03-18 expires: 2013-03-18 card-no: [removed by Edmond] ssb> 4096R/89D322C9 created: 2012-03-18 expires: 2013-03-18 card-no: [removed by Edmond] -------------------- $ gpg2 --version gpg (GnuPG/MacGPG2) 2.0.19 libgcrypt 1.5.0 Copyright (C) 2012 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 -------------------- Any help appreciated :) Edmond From mick.crane at gmail.com Sat Apr 28 23:21:52 2012 From: mick.crane at gmail.com (michael crane) Date: Sat, 28 Apr 2012 22:21:52 +0100 Subject: fingerprint Message-ID: <3e57156113c24720b2fc08094e784420.squirrel@192.168.1.50> what is the reasoning for attaching the key ID to the end of the fingerprint string ? regards mick -- keyID: 0x4BFEBB31 From anthony at papillion.me Fri Apr 27 21:20:02 2012 From: anthony at papillion.me (Anthony Papillion) Date: Fri, 27 Apr 2012 12:20:02 -0700 Subject: Question about key fingerprint uses Message-ID: <20120427122002.2317729a314485035761b29850183930.1d49ae9cd0.wbe@email14.secureserver.net> > -------- Original Message -------- > Subject: Re: Question about key fingerprint uses > From: Peter Lebbing > Date: Fri, April 27, 2012 5:40 am > To: Anthony Papillion > > You're turning it around :). Rather than verify you are speaking to John using > his fingerprint, you are verifying the fingerprint by speaking to John. > > You should already be sure the person on the line is John Smith. John Smith then > tells you his fingerprint such that you can be sure the key you're looking at > actually belongs to John Smith, and hasn't been exchanged by a man in the middle. Aha! That makes it crystal clear! Indeed, I had turned it around. So then that's why key signing parties rely on verifiable ID. The user verifies his ID so you can be sure the fingerprint he's providing is his actual fingerprint. Makes perfect sense now. Anthony From mailinglisten at hauke-laging.de Sat Apr 28 22:36:53 2012 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Sat, 28 Apr 2012 22:36:53 +0200 Subject: fingerprint In-Reply-To: <3e57156113c24720b2fc08094e784420.squirrel@192.168.1.50> References: <3e57156113c24720b2fc08094e784420.squirrel@192.168.1.50> Message-ID: <5023633.BICERpRJh5@inno> Am Sa 28.04.2012, 22:21:52 schrieb michael crane: > what is the reasoning for attaching the key ID to the end of the > fingerprint string ? The "reason" is that the short and long key ID are defined as the last 4/8 bytes of the fingerprint. In other words: They are not attached to the fingerprint (which has 160 bits / 20 bytes) but simply part of it. Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 555 bytes Desc: This is a digitally signed message part. URL: From kf at sumptuouscapital.com Sat Apr 28 22:40:39 2012 From: kf at sumptuouscapital.com (Kristian Fiskerstrand) Date: Sat, 28 Apr 2012 22:40:39 +0200 Subject: fingerprint In-Reply-To: <3e57156113c24720b2fc08094e784420.squirrel__12006.2052541927$1335644637$gmane$org@192.168.1.50> References: <3e57156113c24720b2fc08094e784420.squirrel__12006.2052541927$1335644637$gmane$org@192.168.1.50> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 28.04.2012 23:21, michael crane wrote: > what is the reasoning for attaching the key ID to the end of the > fingerprint string ? > Hi Mick If I understand your question correctly it is actually the other way around, with the KeyID being based on the fingerprint. Multiple keys can share the same KeyID, which is why for verification purposes the fingerprint should always be used. - -- - ---------------------------- Kristian Fiskerstrand http://www.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Corruptissima re publica plurim? leges The greater the degeneration of the republic, the more of its laws - ---------------------------- This email was digitally signed using the OpenPGP standard. If you want to read more about this The book: Sending Emails - The Safe Way: An introduction to OpenPGP security is now available in both Amazon Kindle and Paperback format at http://www.amazon.com/dp/B006RSG1S4/ - ---------------------------- Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJPnFXHAAoJEBbgz41rC5UIrwQP/AnJ7W9aZOqNkdgvJUhILyK9 mgXBX5QunHmV5R/tRE7B2jYPwwdfCAVkueQnUF3c5G5s4zmlyJ+pSj5BZ+z+GJyF yKFzaFknICbewj3NmIOBHiG9iv9m+9YFEWj1/9xwUHSdIk2U3KlNJKTcZtvdSRrV DL26Sv42GWSEHTZ1soz5DaskdXUvNy/Qk3HlKNcvNQ3VomLHWHIL6z7R/mA4QXvz faWeyoBt5lEDfrb4ZRiBGKfETlOOYGA5G8WbfxVkBkl1KNyO214Ir//8rJXV3fOi POLBvL+UUfraqLVQEwD9vBwDmcwnIEd3q8SfqTbhNyxC80ORW/Wu+els/jCSWsi5 m+XaSSn44gwpES4o1A7VipoDFrcklwKzrF5UyquEiWIqfRb4+tin2CmepMmCzu7E DYXl2yBTCAqWg1D+Mzo/WSmIkJlS3TwEx69DMVDmLkIbXedPH+veu7kDIWal66wo r8QTkxSSxEceXZNYp/L1gJgtrbGVVlL0dX2PnBAgRgyL6R7G3uAOaAsaKtCOiDqK K/WPFkdoSxmQkplTFqiuHCSthmGvQpUP/0d70SZmmHj+BfWuI2F1ChzdzCVzDtxn xQeZqzrMAbmul7cHXrbDpY7fubouZD6iAABvBRjo4G5iZt9ZoMi9pj/1y5BOHBu6 ECzWXm9159POGfyOXPfo =ofyE -----END PGP SIGNATURE----- From sandals at crustytoothpaste.net Sun Apr 29 02:28:28 2012 From: sandals at crustytoothpaste.net (brian m. carlson) Date: Sun, 29 Apr 2012 00:28:28 +0000 Subject: fingerprint In-Reply-To: <3e57156113c24720b2fc08094e784420.squirrel@192.168.1.50> References: <3e57156113c24720b2fc08094e784420.squirrel@192.168.1.50> Message-ID: <20120429002827.GB5771@crustytoothpaste.ath.cx> On Sat, Apr 28, 2012 at 10:21:52PM +0100, michael crane wrote: > what is the reasoning for attaching the key ID to the end of the > fingerprint string ? That's the way the key ID is derived for v4 keys. v4 keys use the low 64 bits (or 32 bits for short key IDs) as the key ID. v3 keys used the low 64 bits (respectively 32 bits) of the RSA modulus. However, this posed two problems. One is that the low bit is always one (multiplying two large primes together does that). The other is that originally v4 keys were all DSA or Elgamal. Those algorithms don't have a modulus in the same way[0], so a different technique had to be used to derive a unique fingerprint. [0] Basically, the one (for Elgamal) or two (for DSA) primes that are use as moduli can be shared securely among many keys, so using them as the sole basis for a key ID means arbitrarily many keys can have the same key ID, which kinda defeats the purpose. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From papillion at gmail.com Sun Apr 29 04:08:12 2012 From: papillion at gmail.com (Anthony Papillion) Date: Sat, 28 Apr 2012 21:08:12 -0500 Subject: Question about how RSA keys are generated in GnuPG Message-ID: Hi Everyone, This is a stupid question I'm sure but I can't seem to find an answer to it in the source code so I thought I'd ask here. When GnuPG is selecting primes for RSA key generation, what parameters are set for the primes? Is there a floor and a ceiling set for the numbers generated? Please feel free to point me to the right place in code if need be. Thanks! Anthony -- Anthony Papillion Software Developer and IT Consultant Phone: (918) 533-9699 My Twitter:?????? twitter.com/cajuntechie My Facebook:? facebook.com/cajuntechie My Identica:???? identi.ca/cajuntechie From wk at gnupg.org Sun Apr 29 11:12:13 2012 From: wk at gnupg.org (Werner Koch) Date: Sun, 29 Apr 2012 11:12:13 +0200 Subject: Question about how RSA keys are generated in GnuPG In-Reply-To: (Anthony Papillion's message of "Sat, 28 Apr 2012 21:08:12 -0500") References: Message-ID: <87zk9udhqq.fsf@vigenere.g10code.de> On Sun, 29 Apr 2012 04:08, papillion at gmail.com said: > This is a stupid question I'm sure but I can't seem to find an answer > to it in the source code so I thought I'd ask here. When GnuPG is Tou need to look into Libgcrypt. From its manual: The generation of random prime numbers is based on the Lim and Lee algorithm to create practically save primes. at footnote{Chae Hoon Lim and Pil Joong Lee. A key recovery attack on discrete log-based shemes using a prime order subgroup. In Burton S. Kaliski Jr., editor, Advances in Cryptology: Crypto '97, pages 249?-263, Berlin / Heidelberg / New York, 1997. Springer-Verlag. Described on page 260.} This algorithm creates a pool of smaller primes, select a few of them to create candidate primes of the form @math{2 * p_0 * p_1 * ... * p_n + 1}, tests the candidate for primality and permutates the pool until a prime has been found. It is possible to clamp one of the small primes to a certain size to help DSA style algorithms. Because most of the small primes in the pool are not used for the resulting prime number, they are saved for later use (see @code{save_pool_prime} and @code{get_pool_prime} in @file{cipher/primegen.c}). The prime generator optionally supports the finding of an appropriate generator. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Sun Apr 29 11:22:35 2012 From: wk at gnupg.org (Werner Koch) Date: Sun, 29 Apr 2012 11:22:35 +0200 Subject: Decryption with OpenPGP card fails In-Reply-To: <4F9BC11E.9080701@systemli.org> (edmond@systemli.org's message of "Sat, 28 Apr 2012 12:06:22 +0200") References: <4F9BC11E.9080701@systemli.org> Message-ID: <87vckidh9g.fsf@vigenere.g10code.de> On Sat, 28 Apr 2012 12:06, edmond at systemli.org said: > Hello, I am facing problems decrypting data with my OpenPGP v2 card. > Signing however is working just fine. I have collected the following > output. The PIN retry counter looks a bit weird, could that be the problem? The "3 0 3" are just fine. The 0 is for backward compatibility with 1.x cards. > $ gpg2 --decrypt foo.txt.asc > gpg: encrypted with 4096-bit RSA key, ID 89D322C9, created 2012-03-18 > "Edmond " > gpg: public key decryption failed: General error I assume that your gpg-agent and scdaemon are also from 2.0.19. That should indeed work. To debug this you should enable debugging for scdaemon by putting the lines debug 1024 log-file /foo/mylog.log into ~/.gnupg/scdaemon.conf This will show what gpg-agent sends to scdameon. If it does not sent anything, you can do the same for gpg-agent.conf. Still nothing? Add a line debug 2048 to scdaemon.conf and you will see all the data passing to and from the card. This also shows the PIN and other information from the card; thus you better edit the file before posting. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From edmond at systemli.org Sun Apr 29 11:50:40 2012 From: edmond at systemli.org (Edmond) Date: Sun, 29 Apr 2012 11:50:40 +0200 Subject: Decryption with OpenPGP card fails In-Reply-To: <87vckidh9g.fsf@vigenere.g10code.de> References: <4F9BC11E.9080701@systemli.org> <87vckidh9g.fsf@vigenere.g10code.de> Message-ID: <4F9D0EF0.2070306@systemli.org> Hello Werner! On 29/4/2012 11:22, Werner Koch wrote: > I assume that your gpg-agent and scdaemon are also from 2.0.19. Yes, they are. > To debug this you should enable debugging for > scdaemon by putting the lines > > debug 1024 > log-file /foo/mylog.log > > into ~/.gnupg/scdaemon.conf This only gives: -------------------- scdaemon[11960]: chan_7 <- SERIALNO openpgp scdaemon[11960]: chan_7 -> S SERIALNO D276000124010200000500000FD90000 0 scdaemon[11960]: chan_7 -> OK scdaemon[11960]: chan_7 <- RESTART scdaemon[11960]: chan_7 -> OK -------------------- when trying to decrypt. > debug 2048 Output attached to this message. > This also shows the PIN and other information from the card; thus > you better edit the file before posting. I don't even get to enter my PIN, so I guess this is not an issue here :) Best, Edmond -------------- next part -------------- 2012-04-29 11:41:30 scdaemon[11986] listening on socket `/tmp/gpg-5h9cW9/S.scdaemon' 2012-04-29 11:41:30 scdaemon[11986] handler for fd -1 started 2012-04-29 11:41:31 scdaemon[11986] reader slot 0: not connected 2012-04-29 11:41:31 scdaemon[11986] slot 0: ATR=3B DA 18 FF 81 B1 FE 75 1F 03 00 31 C5 73 C0 01 40 00 90 00 0C 2012-04-29 11:41:31 scdaemon[11986] DBG: send apdu: c=00 i=A4 p1=00 p2=0C lc=2 le=-1 em=0 2012-04-29 11:41:31 scdaemon[11986] DBG: PCSC_data: 00 A4 00 0C 02 3F 00 2012-04-29 11:41:31 scdaemon[11986] DBG: response: sw=6B00 datalen=0 2012-04-29 11:41:31 scdaemon[11986] DBG: send apdu: c=00 i=A4 p1=04 p2=00 lc=6 le=-1 em=0 2012-04-29 11:41:31 scdaemon[11986] DBG: PCSC_data: 00 A4 04 00 06 D2 76 00 01 24 01 2012-04-29 11:41:31 scdaemon[11986] DBG: response: sw=9000 datalen=0 2012-04-29 11:41:31 scdaemon[11986] DBG: dump: 2012-04-29 11:41:31 scdaemon[11986] DBG: send apdu: c=00 i=CA p1=00 p2=4F lc=-1 le=256 em=0 2012-04-29 11:41:31 scdaemon[11986] DBG: PCSC_data: 00 CA 00 4F 00 2012-04-29 11:41:31 scdaemon[11986] DBG: response: sw=9000 datalen=16 2012-04-29 11:41:31 scdaemon[11986] DBG: dump: D2 76 00 01 24 01 02 00 00 05 00 00 0F D9 00 00 2012-04-29 11:41:31 scdaemon[11986] AID: D2 76 00 01 24 01 02 00 00 05 00 00 0F D9 00 00 2012-04-29 11:41:31 scdaemon[11986] DBG: send apdu: c=00 i=CA p1=5F p2=52 lc=-1 le=256 em=0 2012-04-29 11:41:31 scdaemon[11986] DBG: PCSC_data: 00 CA 5F 52 00 2012-04-29 11:41:31 scdaemon[11986] DBG: response: sw=9000 datalen=10 2012-04-29 11:41:31 scdaemon[11986] DBG: dump: 00 31 C5 73 C0 01 40 05 90 00 2012-04-29 11:41:31 scdaemon[11986] Historical Bytes: 00 31 C5 73 C0 01 40 05 90 00 2012-04-29 11:41:31 scdaemon[11986] DBG: send apdu: c=00 i=CA p1=00 p2=C4 lc=-1 le=256 em=0 2012-04-29 11:41:31 scdaemon[11986] DBG: PCSC_data: 00 CA 00 C4 00 2012-04-29 11:41:31 scdaemon[11986] DBG: response: sw=9000 datalen=7 2012-04-29 11:41:31 scdaemon[11986] DBG: dump: 00 20 20 20 03 00 03 2012-04-29 11:41:31 scdaemon[11986] DBG: send apdu: c=00 i=CA p1=00 p2=6E lc=-1 le=256 em=0 2012-04-29 11:41:31 scdaemon[11986] DBG: PCSC_data: 00 CA 00 6E 00 2012-04-29 11:41:31 scdaemon[11986] DBG: response: sw=9000 datalen=217 2012-04-29 11:41:31 scdaemon[11986] DBG: dump: 4F 10 D2 76 00 01 24 01 02 00 00 05 00 00 0F D9 00 00 5F 52 0A 00 31 C5 73 C0 01 40 05 90 00 73 81 B7 C0 0A 7C 00 08 00 08 00 08 00 08 00 C1 06 01 08 00 00 20 00 C2 06 01 10 00 00 20 00 C3 06 01 10 00 00 20 00 C4 07 00 20 20 20 03 00 03 C5 3C 77 23 B3 A9 82 EC 50 35 A0 0F 09 31 DD 1C 83 06 CD 72 BB 15 AE F8 F0 EA 8B 13 29 F1 F3 70 E3 24 F1 05 21 FD 89 D3 22 C9 8E 6F 44 04 3C A3 32 12 88 01 61 A3 DC 13 CE C0 05 6B 9E 3C C6 3C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 4F 65 A0 83 4F 65 A1 04 4F 05 99 53 2012-04-29 11:41:31 scdaemon[11986] DBG: send apdu: c=00 i=CA p1=00 p2=5E lc=-1 le=256 em=0 2012-04-29 11:41:31 scdaemon[11986] DBG: PCSC_data: 00 CA 00 5E 00 2012-04-29 11:41:31 scdaemon[11986] DBG: response: sw=9000 datalen=0 2012-04-29 11:41:31 scdaemon[11986] DBG: dump: 2012-04-29 11:41:31 scdaemon[11986] Version-2 ......: yes 2012-04-29 11:41:31 scdaemon[11986] Get-Challenge ..: yes (2048 bytes max) 2012-04-29 11:41:31 scdaemon[11986] Key-Import .....: yes 2012-04-29 11:41:31 scdaemon[11986] Change-Force-PW1: yes 2012-04-29 11:41:31 scdaemon[11986] Private-DOs ....: yes 2012-04-29 11:41:31 scdaemon[11986] Algo-Attr-Change: yes 2012-04-29 11:41:31 scdaemon[11986] SM-Support .....: no 2012-04-29 11:41:31 scdaemon[11986] Max-Cert3-Len ..: 2048 2012-04-29 11:41:31 scdaemon[11986] Max-Cmd-Data ...: 2048 2012-04-29 11:41:31 scdaemon[11986] Max-Rsp-Data ...: 2048 2012-04-29 11:41:31 scdaemon[11986] Cmd-Chaining ...: no 2012-04-29 11:41:31 scdaemon[11986] Ext-Lc-Le ......: yes 2012-04-29 11:41:31 scdaemon[11986] Status Indicator: 05 2012-04-29 11:41:31 scdaemon[11986] GnuPG-No-Sync ..: no 2012-04-29 11:41:31 scdaemon[11986] GnuPG-Def-PW2 ..: no 2012-04-29 11:41:31 scdaemon[11986] DBG: send apdu: c=00 i=CA p1=00 p2=6E lc=-1 le=256 em=0 2012-04-29 11:41:31 scdaemon[11986] DBG: PCSC_data: 00 CA 00 6E 00 2012-04-29 11:41:31 scdaemon[11986] DBG: response: sw=9000 datalen=217 2012-04-29 11:41:31 scdaemon[11986] DBG: dump: 4F 10 D2 76 00 01 24 01 02 00 00 05 00 00 0F D9 00 00 5F 52 0A 00 31 C5 73 C0 01 40 05 90 00 73 81 B7 C0 0A 7C 00 08 00 08 00 08 00 08 00 C1 06 01 08 00 00 20 00 C2 06 01 10 00 00 20 00 C3 06 01 10 00 00 20 00 C4 07 00 20 20 20 03 00 03 C5 3C 77 23 B3 A9 82 EC 50 35 A0 0F 09 31 DD 1C 83 06 CD 72 BB 15 AE F8 F0 EA 8B 13 29 F1 F3 70 E3 24 F1 05 21 FD 89 D3 22 C9 8E 6F 44 04 3C A3 32 12 88 01 61 A3 DC 13 CE C0 05 6B 9E 3C C6 3C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 4F 65 A0 83 4F 65 A1 04 4F 05 99 53 2012-04-29 11:41:31 scdaemon[11986] Key-Attr-sign ..: RSA, n=2048, e=32, fmt=std 2012-04-29 11:41:31 scdaemon[11986] DBG: send apdu: c=00 i=CA p1=00 p2=6E lc=-1 le=256 em=0 2012-04-29 11:41:31 scdaemon[11986] DBG: PCSC_data: 00 CA 00 6E 00 2012-04-29 11:41:31 scdaemon[11986] DBG: response: sw=9000 datalen=217 2012-04-29 11:41:31 scdaemon[11986] DBG: dump: 4F 10 D2 76 00 01 24 01 02 00 00 05 00 00 0F D9 00 00 5F 52 0A 00 31 C5 73 C0 01 40 05 90 00 73 81 B7 C0 0A 7C 00 08 00 08 00 08 00 08 00 C1 06 01 08 00 00 20 00 C2 06 01 10 00 00 20 00 C3 06 01 10 00 00 20 00 C4 07 00 20 20 20 03 00 03 C5 3C 77 23 B3 A9 82 EC 50 35 A0 0F 09 31 DD 1C 83 06 CD 72 BB 15 AE F8 F0 EA 8B 13 29 F1 F3 70 E3 24 F1 05 21 FD 89 D3 22 C9 8E 6F 44 04 3C A3 32 12 88 01 61 A3 DC 13 CE C0 05 6B 9E 3C C6 3C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 4F 65 A0 83 4F 65 A1 04 4F 05 99 53 2012-04-29 11:41:31 scdaemon[11986] Key-Attr-encr ..: RSA, n=4096, e=32, fmt=std 2012-04-29 11:41:31 scdaemon[11986] DBG: send apdu: c=00 i=CA p1=00 p2=6E lc=-1 le=256 em=0 2012-04-29 11:41:31 scdaemon[11986] DBG: PCSC_data: 00 CA 00 6E 00 2012-04-29 11:41:31 scdaemon[11986] DBG: response: sw=9000 datalen=217 2012-04-29 11:41:31 scdaemon[11986] DBG: dump: 4F 10 D2 76 00 01 24 01 02 00 00 05 00 00 0F D9 00 00 5F 52 0A 00 31 C5 73 C0 01 40 05 90 00 73 81 B7 C0 0A 7C 00 08 00 08 00 08 00 08 00 C1 06 01 08 00 00 20 00 C2 06 01 10 00 00 20 00 C3 06 01 10 00 00 20 00 C4 07 00 20 20 20 03 00 03 C5 3C 77 23 B3 A9 82 EC 50 35 A0 0F 09 31 DD 1C 83 06 CD 72 BB 15 AE F8 F0 EA 8B 13 29 F1 F3 70 E3 24 F1 05 21 FD 89 D3 22 C9 8E 6F 44 04 3C A3 32 12 88 01 61 A3 DC 13 CE C0 05 6B 9E 3C C6 3C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 4F 65 A0 83 4F 65 A1 04 4F 05 99 53 2012-04-29 11:41:31 scdaemon[11986] Key-Attr-auth ..: RSA, n=4096, e=32, fmt=std 2012-04-29 11:41:32 scdaemon[11986] updating slot 0 status: 0x0000->0x0007 (0->1) 2012-04-29 11:41:32 scdaemon[11986] sending signal 31 to client 11980 From edmond at systemli.org Sun Apr 29 12:05:04 2012 From: edmond at systemli.org (Edmond) Date: Sun, 29 Apr 2012 12:05:04 +0200 Subject: Decryption with OpenPGP card fails In-Reply-To: <87vckidh9g.fsf@vigenere.g10code.de> References: <4F9BC11E.9080701@systemli.org> <87vckidh9g.fsf@vigenere.g10code.de> Message-ID: <4F9D1250.7030404@systemli.org> On 29/4/2012 11:22, Werner Koch wrote: > debug 2048 I just realized that after invoking gpg2 --card-status, a gpg2 --decrypt command does not send anything to the card at all (i.e. no new entries in the log file) Edmond From papillion at gmail.com Sun Apr 29 13:02:17 2012 From: papillion at gmail.com (Anthony Papillon) Date: Sun, 29 Apr 2012 06:02:17 -0500 Subject: Question about how RSA keys are generated in GnuPG In-Reply-To: <87zk9udhqq.fsf@vigenere.g10code.de> References: <87zk9udhqq.fsf@vigenere.g10code.de> Message-ID: Thank you sir! Anthony -- Sent from my mobile device On Apr 29, 2012, at 4:12 AM, Werner Koch wrote: > On Sun, 29 Apr 2012 04:08, papillion at gmail.com said: > >> This is a stupid question I'm sure but I can't seem to find an answer >> to it in the source code so I thought I'd ask here. When GnuPG is > > Tou need to look into Libgcrypt. From its manual: > > The generation of random prime numbers is based on the Lim and Lee > algorithm to create practically save primes. at footnote{Chae Hoon Lim > and Pil Joong Lee. A key recovery attack on discrete log-based shemes > using a prime order subgroup. In Burton S. Kaliski Jr., editor, > Advances in Cryptology: Crypto '97, pages 249 -263, Berlin / > Heidelberg / New York, 1997. Springer-Verlag. Described on page 260.} > This algorithm creates a pool of smaller primes, select a few of them > to create candidate primes of the form @math{2 * p_0 * p_1 * ... * p_n > + 1}, tests the candidate for primality and permutates the pool until > a prime has been found. It is possible to clamp one of the small > primes to a certain size to help DSA style algorithms. Because most > of the small primes in the pool are not used for the resulting prime > number, they are saved for later use (see @code{save_pool_prime} and > @code{get_pool_prime} in @file{cipher/primegen.c}). The prime > generator optionally supports the finding of an appropriate generator. > > > Shalom-Salam, > > Werner > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > From tivio100 at gmail.com Sun Apr 29 21:07:05 2012 From: tivio100 at gmail.com (Mocanu Bogdan) Date: Sun, 29 Apr 2012 12:07:05 -0700 Subject: How to decrypt message digest with multiple encrypted messages ? Message-ID: Hi, I have a .asc file.I manage to open it in flash cs5,but it's only code or something like that,how do I decrypt it? I eman how to I transform that wierd textr in readabel text? Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: