From anotst01 at fastmail.fm Mon Sep 3 14:07:12 2012 From: anotst01 at fastmail.fm (anotst01 at fastmail.fm) Date: Mon, 03 Sep 2012 05:07:12 -0700 Subject: gpg clear signed message on website Message-ID: <1346674032.4807.140661122984673.058CFD10@webmail.messagingengine.com> The goal is to sign a message on a webserver. I clear signed a plain text file and double checked I can still verify it. The resulting clear signed text has been put into a new file surrounded by
-----BEGIN PGP SIGNED MESSAGE-----
.......
-----END PGP SIGNATURE-----
and saved as file.html. When I open file.html with a browser, copy the text into a text file and store it, I get a bad signature. What is the correct syntax for a website source to show a gpg signed message? -- http://www.fastmail.fm - Or how I learned to stop worrying and love email again From hka at qbs.com.pl Mon Sep 3 15:39:00 2012 From: hka at qbs.com.pl (Hubert Kario) Date: Mon, 03 Sep 2012 15:39 +0200 Subject: gpg clear signed message on website In-Reply-To: <1346674032.4807.140661122984673.058CFD10@webmail.messagingengine.com> References: <1346674032.4807.140661122984673.058CFD10@webmail.messagingengine.com> Message-ID: <9309289.OpccPCNKyU@bursa22> On Monday 03 of September 2012 05:07:12 anotst01 at fastmail.fm wrote: > The goal is to sign a message on a webserver. > > I clear signed a plain text file and double checked I can still verify > it. The resulting clear signed text has been put into a new file > surrounded by > >
> -----BEGIN PGP SIGNED MESSAGE-----
> .......
> -----END PGP SIGNATURE-----
> 
> > and saved as file.html. When I open file.html with a browser, copy the > text into a text file and store it, I get a bad signature. > > What is the correct syntax for a website source to show a gpg signed > message? do a binary diff (in linux: diff <(hexdump -C original.txt) <(hexdump -C copy-from-website.txt) I'd guess have a problem with line endings Regards, -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawer?w 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl From gnupg at lists.grepular.com Mon Sep 3 16:22:02 2012 From: gnupg at lists.grepular.com (gnupg at lists.grepular.com) Date: Mon, 03 Sep 2012 15:22:02 +0100 Subject: gpg clear signed message on website In-Reply-To: <1346674032.4807.140661122984673.058CFD10@webmail.messagingengine.com> References: <1346674032.4807.140661122984673.058CFD10@webmail.messagingengine.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 03/09/12 13:07, anotst01 at fastmail.fm wrote: > The goal is to sign a message on a webserver. > > I clear signed a plain text file and double checked I can still > verify it. The resulting clear signed text has been put into a new > file surrounded by > >
 -----BEGIN PGP SIGNED MESSAGE----- ....... -----END PGP
> SIGNATURE----- 
> > and saved as file.html. When I open file.html with a browser, copy > the text into a text file and store it, I get a bad signature. > > What is the correct syntax for a website source to show a gpg > signed message? It's a complete ball-ache. I've done this myself on my front page here: https://grepular.com/ - I found that different browsers put different things in the clipboard when you select text and copy it. They usually mess with white-space and line endings. I originally used
 myself for that page, but ended up using a 

and lots of
instead to make it play nicely with more browsers. To stop the white-space collapsing in on it's self, for alignment, I replaced every other consecutive space with a unicode no-break space character instead. That might not be obvious to you if you just do a "view source". Also, to make things difficult that page is "compressed". Sorry. I don't have any hard and fast rules to make this work, but I've messed with it long enough to have a feeling for what to do when something doesn't. - -- Mike Cardwell https://grepular.com/ http://cardwellit.com/ OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4 -----BEGIN PGP SIGNATURE----- iQGGBAEBCgBwBQJQRL0KMBSAAAAAACAAB3ByZWZlcnJlZC1lbWFpbC1lbmNvZGlu Z0BwZ3AuY29tcGdwbWltZTgUgAAAAAAVABpwa2EtYWRkcmVzc0BnbnVwZy5vcmdt aWtlLmNhcmR3ZWxsQGdyZXB1bGFyLmNvbQAKCRCdJiMBwdHnBKbKB/9H0/QE1qII WXYvkjvqWcEk4Q79YNIxuKOwI5Wi/3HL/SlV+4HQbe9eAHRi7Fho8zeoMZ/1T55H AalJanfGdus6aX5b5A/kFJEXkSV97KM2Ok8yAiHz35gaAS4gLxgQOIBCJbffrUuh VQnrr8VSQk9lkyNnNyS1xqaoSwtnyEAbb9TqOw2abfCH8O4YcViQZsaQQfRw/ZdZ MWtlJNlwARhrxYzWziU7ty4KuF/NgEJD4TKDvB80tjT3i3GDg4+s5zU0SnZLcmxb CKV1lrxDLqrQeDE5Zbep3J1XL5ZJ4e98+CrRyKJkVXmKwH5+A/ySMk3CTNXKtoWT 3H34WvVdMTJb =qU7I -----END PGP SIGNATURE----- From gnupg at lists.grepular.com Mon Sep 3 16:24:47 2012 From: gnupg at lists.grepular.com (gnupg at lists.grepular.com) Date: Mon, 03 Sep 2012 15:24:47 +0100 Subject: gpg clear signed message on website In-Reply-To: <1346674032.4807.140661122984673.058CFD10@webmail.messagingengine.com> References: <1346674032.4807.140661122984673.058CFD10@webmail.messagingengine.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 03/09/12 13:07, anotst01 at fastmail.fm wrote: > The goal is to sign a message on a webserver. > > I clear signed a plain text file and double checked I can still > verify it. The resulting clear signed text has been put into a new > file surrounded by > >

 -----BEGIN PGP SIGNED MESSAGE----- ....... -----END PGP
> SIGNATURE----- 
> > and saved as file.html. When I open file.html with a browser, copy > the text into a text file and store it, I get a bad signature. > > What is the correct syntax for a website source to show a gpg > signed message? Just a thought. If you're not doing anything overly complicated with the message, you could serve it as text/plain instead of text/html, and then embed it inside your HTML using an iframe. - -- Mike Cardwell https://grepular.com/ http://cardwellit.com/ OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4 -----BEGIN PGP SIGNATURE----- iQGGBAEBCgBwBQJQRL2vMBSAAAAAACAAB3ByZWZlcnJlZC1lbWFpbC1lbmNvZGlu Z0BwZ3AuY29tcGdwbWltZTgUgAAAAAAVABpwa2EtYWRkcmVzc0BnbnVwZy5vcmdt aWtlLmNhcmR3ZWxsQGdyZXB1bGFyLmNvbQAKCRCdJiMBwdHnBGlbCACai99Aurju fXsG3ywNMGdS0jtQju2zrIICBJCqkMFE6+qRMxyXRfqzGGlLanao5su/KXk+jk7k a9mH50vYVuQb83aQAKlx2yrIVyIqhTLpU11GyNxpl3YRZvf2pBFZYedA0fce4uoj 98RVyofvjL1miAe+RPJck8jX62H8zDHHKyF2Mh1a1aIRGo5sb2QxwcTaAYW/HOQZ lxosTzV8H1hLCsMTvihRYtXk3kYHZRzbdmS/T9Au04m88lvJwn4Z5znqmQR0Rakr DW56W1h1QGuEwfzg/8kNQEg73sFVTZoLngw+vdnJfGFqUWRyJ3sqLM6/cFDvsLdV tXTXl4ZT3M+c =k6/t -----END PGP SIGNATURE----- From antispam06 at sent.at Wed Sep 5 09:39:00 2012 From: antispam06 at sent.at (antispam06 at sent.at) Date: Wed, 05 Sep 2012 09:39:00 +0200 Subject: A safe text editor Message-ID: <1346830740.32188.140661123812897.4449562B@webmail.messagingengine.com> Could you recommend a safe text editor, in the sense it does protect the edited contents in memory, but, most important, on the disk (temp files and such). Having functions to interact with gnupg would be even better. The point is to edit a text and have it all encrypted on disk. I'd like one that goes for .asc instead of .txt. Cheers! -------------- next part -------------- An HTML attachment was scrubbed... URL: From jtanago at dilmun.ls.fi.upm.es Wed Sep 5 16:03:22 2012 From: jtanago at dilmun.ls.fi.upm.es (=?ISO-8859-1?Q?Javier_Gonz=E1lez_del_T=E1nago?=) Date: Wed, 05 Sep 2012 16:03:22 +0200 Subject: [gnupg-user] Get secring path with command-line Message-ID: <50475BAA.7030004@dilmun.ls.fi.upm.es> Hi, I want to get the secring path with a script, until now I used this command: $ gpg --secret-keyring /home/user/keyring/secring.gpg --list-secret-keyring /home/user/keyring/secring.gpg [......] But if the keyring is empty I got no output. There is another way to get this option? Thanks -- ------------------------------------- Javier Gonz?lez del T?nago Liberal ------------------------------------- e-mail: jtanago at dilmun.ls.fi.upm.es ------------------------------------- CriptoLab. Despacho 6305. Facultad de Inform?tica. Campus de Montegancedo S/N Universidad Polit?cnica de Madrid. Boadilla del Monte. Madrid (Spain) ------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2925 bytes Desc: S/MIME Cryptographic Signature URL: From rjh at sixdemonbag.org Wed Sep 5 16:05:35 2012 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 05 Sep 2012 10:05:35 -0400 Subject: A safe text editor In-Reply-To: <1346830740.32188.140661123812897.4449562B@webmail.messagingengine.com> References: <1346830740.32188.140661123812897.4449562B@webmail.messagingengine.com> Message-ID: <50475C2F.9040709@sixdemonbag.org> On 09/05/2012 03:39 AM, antispam06 at sent.at wrote: > Could you recommend a safe text editor, in the sense it does protect > the edited contents in memory, but, most important, on the disk (temp > files and such). Having functions to interact with gnupg would be > even better. The best bet here is probably to use TrueCrypt or somesuch to encrypt your hard drive, rather than depending on a text editor to encrypt files when saving to the hard drive. That said, if you need this particular functionality, I think I saw a gEdit plugin a while back that offered something similar. From nblock at archlinux.us Wed Sep 5 14:56:40 2012 From: nblock at archlinux.us (notizblock) Date: Wed, 05 Sep 2012 14:56:40 +0200 Subject: A safe text editor In-Reply-To: <1346830740.32188.140661123812897.4449562B@webmail.messagingengine.com> References: <1346830740.32188.140661123812897.4449562B@webmail.messagingengine.com> Message-ID: <50474C08.1010404@archlinux.us> Am 2012-09-05 09:39, schrieb antispam06 at sent.at: Hello, > Could you recommend a safe text editor, in the sense it does protect the > edited contents in memory, but, most important, on the disk (temp files > and such). Having functions to interact with gnupg would be even better. > > The point is to edit a text and have it all encrypted on disk. I'd like > one that goes for .asc instead of .txt. You could use vim with the gnupg.vim [1] plugin. It turns off swapfiles and viminfo by default and handles filenames with a ".gpg", ".pgp" or ".asc" suffix. [1] http://www.vim.org/scripts/script.php?script_id=3645 > > Cheers! > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From peter at digitalbrains.com Wed Sep 5 21:25:13 2012 From: peter at digitalbrains.com (Peter Lebbing) Date: Wed, 05 Sep 2012 21:25:13 +0200 Subject: A safe text editor In-Reply-To: <50474C08.1010404@archlinux.us> References: <1346830740.32188.140661123812897.4449562B@webmail.messagingengine.com> <50474C08.1010404@archlinux.us> Message-ID: <5047A719.5020203@digitalbrains.com> On 05/09/12 14:56, notizblock wrote: > You could use vim with the gnupg.vim [1] plugin. Is it me or does that plugin default to using temporary files, pretty much defeating the whole purpose? Makes me wonder how well thought out this script is. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From andy at gamubaru.com Thu Sep 6 03:07:49 2012 From: andy at gamubaru.com (Andy Howell) Date: Wed, 05 Sep 2012 20:07:49 -0500 Subject: corrupt file Message-ID: <5047F765.1020505@gamubaru.com> I have a file that I'm unable to decrypt. I use a vim script that calls gpg to encrypt and decrypt files. That has worked fine for years, until today. I tried to decrypt in on the command line with gpg, but not luck. Search the net I found a command to dump the packets in the file, but its gibberish to me: gpg --no-batch --verbose --list-packets /tmp/file.gpg :pubkey enc packet: version 3, algo 16, keyid D155A8A1E1BACB99 data: [1023 bits] data: [1023 bits] gpg: public key is E1BACB99 gpg: using subkey E1BACB99 instead of primary key 7D90BD92 You need a passphrase to unlock the secret key for user: "Me" gpg: using subkey E1BACB99 instead of primary key 7D90BD92 1024-bit ELG-E key, ID E1BACB99, created 2007-07-18 (main key ID 7D90BD92) gpg: gpg-agent is not available in this session gpg: block_filter 0x2baaa848e650: read error (size=5336,a->size=433) :encrypted data packet: length: unknown mdc_method: 2 gpg: block_filter: pending bytes! An old version of the file gives: gpg --no-batch --verbose --list-packets oldfile.gpg :pubkey enc packet: version 3, algo 16, keyid D155A8A1E1BACB99 data: [1021 bits] data: [1024 bits] gpg: public key is E1BACB99 gpg: using subkey E1BACB99 instead of primary key 7D90BD92 You need a passphrase to unlock the secret key for user: "Me" gpg: using subkey E1BACB99 instead of primary key 7D90BD92 1024-bit ELG-E key, ID E1BACB99, created 2007-07-18 (main key ID 7D90BD92) gpg: gpg-agent is not available in this session :encrypted data packet: length: unknown mdc_method: 2 gpg: encrypted with 1024-bit ELG-E key, ID E1BACB99, created 2007-07-18 "Me" gpg: AES256 encrypted data :compressed packet: algo=2 :literal data packet: mode b (62), created 1346892948, name="", raw data: unknown length Is there anything I can do to recover the file? Thanks, Andy From laurent.jumet at skynet.be Thu Sep 6 07:36:25 2012 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Thu, 06 Sep 2012 07:36:25 +0200 Subject: corrupt file In-Reply-To: <5047F765.1020505@gamubaru.com> Message-ID: Hello Andy ! Andy Howell wrote: > I have a file that I'm unable to decrypt. I use a vim script that calls gpg > to encrypt and decrypt files. That has worked fine for years, until today. The only time I got this, is when file was compressed with an algorithm not supported by that version of GPG. -- Laurent Jumet KeyID: 0xCFAF704C From nblock at archlinux.us Thu Sep 6 09:23:24 2012 From: nblock at archlinux.us (notizblock) Date: Thu, 06 Sep 2012 09:23:24 +0200 Subject: A safe text editor In-Reply-To: <5047A719.5020203@digitalbrains.com> References: <1346830740.32188.140661123812897.4449562B@webmail.messagingengine.com> <50474C08.1010404@archlinux.us> <5047A719.5020203@digitalbrains.com> Message-ID: <50484F6C.30800@archlinux.us> >> You could use vim with the gnupg.vim [1] plugin. > > Is it me or does that plugin default to using temporary files, pretty much > defeating the whole purpose? Makes me wonder how well thought out this script is. Yes it does (default). But you can configure it to use pipes instead: g:GPGUsePipes If set to 1, use pipes instead of temporary files when interacting with gnupg. When set to 1, this can cause terminal-based gpg agents to not display correctly when prompting for passwords. Defaults to 0. From jeffmic at hotmail.com Thu Sep 6 05:16:11 2012 From: jeffmic at hotmail.com (Jeff Michelson) Date: Wed, 5 Sep 2012 20:16:11 -0700 (PDT) Subject: gpg.exe Command Line - check if file is already encrypted Message-ID: <34395622.post@talk.nabble.com> I'm using the following command line: C:\"Program Files (x86)"\GNU\GnuPG\pub\gpg.exe --batch -v -r "MyEVU" -o "c:\users\anonymoose\desktop\test.pdf.gpg" -e "c:\users\anonymoose\desktop\test.pdf" Encryption works fine. I'm trying to figure out how to use the gpg.exe to check if the file is encrypted. In my example above, the obvious answer that the new test.pdf.gpg is encrypted. However, I'm also going to be given a set of files that won't have the gpg extension, and I won't know if they are already encrypted using that MyEVU key. Is there a command line option/syntax that would just return information telling me the file is already encrypted? Much appreciated, y'all. --Jeff -- View this message in context: http://old.nabble.com/gpg.exe-Command-Line---check-if-file-is-already-encrypted-tp34395622p34395622.html Sent from the GnuPG - User mailing list archive at Nabble.com. From jeffmic at hotmail.com Thu Sep 6 05:18:58 2012 From: jeffmic at hotmail.com (Jeff Michelson) Date: Wed, 5 Sep 2012 20:18:58 -0700 (PDT) Subject: gpg.exe Command Line - check if file is already encrypted Message-ID: <34395622.post@talk.nabble.com> I'm using the following command line: C:\"Program Files (x86)"\GNU\GnuPG\pub\gpg.exe --batch -v -r "MyEVU" -o "c:\users\anonymoose\desktop\test.pdf.gpg" -e "c:\users\anonymoose\desktop\test.pdf" That command encrypts the files correctly and the new test.pdf.gpg file is created successfully. I'm trying to figure out how to use the gpg.exe to check if the file is encrypted. In my example above, the obvious answer is that the new test.pdf.gpg is encrypted. However, I'm also going to be given a set of files that won't have the gpg extension, and I won't know if they are already encrypted. I do not have whatever is necessary to un-encrypt the files encrypted by that MyEVU key, and I don't care if the file was encrypted using that key or not. I only need to know if the file is encrypted at all. Is there a command line option/syntax that would just return information telling me the file is already encrypted? Much appreciated, y'all. --Jeff -- View this message in context: http://old.nabble.com/gpg.exe-Command-Line---check-if-file-is-already-encrypted-tp34395622p34395622.html Sent from the GnuPG - User mailing list archive at Nabble.com. From jeffmic at hotmail.com Thu Sep 6 07:15:00 2012 From: jeffmic at hotmail.com (Jeff Michelson) Date: Wed, 5 Sep 2012 22:15:00 -0700 (PDT) Subject: gpg.exe Command Line - check if file is already encrypted Message-ID: <34395622.post@talk.nabble.com> I'm using the following command line: C:\"Program Files (x86)"\GNU\GnuPG\pub\gpg.exe --batch -v -r "MyEVU" -o "c:\users\anonymoose\desktop\test.pdf.gpg" -e "c:\users\anonymoose\desktop\test.pdf" That command encrypts the files correctly and the new test.pdf.gpg file is created successfully. I'm trying to figure out how to use the gpg.exe to check if the file is encrypted. In my example above, the obvious answer is that the new test.pdf.gpg is encrypted. However, I'm also going to be given a set of files that won't have the gpg extension, and I won't know if they are already encrypted. I do not have whatever is necessary to un-encrypt the files encrypted by that MyEVU key, and I don't care if the file was encrypted using that key or not. I only need to know if the file is encrypted at all so that I don't double encrypt it. Is there a command line option/syntax that would just return information telling me the file is already encrypted? Much appreciated, y'all. --Jeff -- View this message in context: http://old.nabble.com/gpg.exe-Command-Line---check-if-file-is-already-encrypted-tp34395622p34395622.html Sent from the GnuPG - User mailing list archive at Nabble.com. From jaimefdez86 at gmail.com Thu Sep 6 16:16:42 2012 From: jaimefdez86 at gmail.com (=?ISO-8859-1?Q?Jaime_Fern=E1ndez?=) Date: Thu, 6 Sep 2012 16:16:42 +0200 Subject: [gnupg-user] Get options from gpg.conf Message-ID: Hi, is there any way to dump the options included in gpg.conf like the homedir? Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: From jtanago at dilmun.ls.fi.upm.es Thu Sep 6 23:45:38 2012 From: jtanago at dilmun.ls.fi.upm.es (=?ISO-8859-1?Q?Javier_Gonz=E1lez_del_T=E1nago?=) Date: Thu, 06 Sep 2012 23:45:38 +0200 Subject: gpg.exe Command Line - check if file is already encrypted Message-ID: Hi, try this: $ gpg --decrypt --list-only --status-fd 1 Jeff Michelson wrote: > >I'm using the following command line: > >C:\"Program Files (x86)"\GNU\GnuPG\pub\gpg.exe --batch -v -r "MyEVU" -o >"c:\users\anonymoose\desktop\test.pdf.gpg" -e >"c:\users\anonymoose\desktop\test.pdf" > >That command encrypts the files correctly and the new test.pdf.gpg file is >created successfully. > >I'm trying to figure out how to use the gpg.exe to check if the file is >encrypted. In my example above, the obvious answer is that the new >test.pdf.gpg is encrypted. However, I'm also going to be given a set of >files that won't have the gpg extension, and I won't know if they are >already encrypted. > >I do not have whatever is necessary to un-encrypt the files encrypted by >that MyEVU key, and I don't care if the file was encrypted using that key or >not. I only need to know if the file is encrypted at all so that I don't >double encrypt it. > >Is there a command line option/syntax that would just return information >telling me the file is already encrypted? > >Much appreciated, y'all. > >--Jeff >-- >View this message in context: http://old.nabble.com/gpg.exe-Command-Line---check-if-file-is-already-encrypted-tp34395622p34395622.html >Sent from the GnuPG - User mailing list archive at Nabble.com. > > >_______________________________________________ >Gnupg-users mailing list >Gnupg-users at gnupg.org >http://lists.gnupg.org/mailman/listinfo/gnupg-users From john at zultron.com Fri Sep 7 01:34:16 2012 From: john at zultron.com (John Morris) Date: Thu, 06 Sep 2012 18:34:16 -0500 Subject: gpgme passphrase_cb Message-ID: <504932F8.6040101@zultron.com> Hi, I'm having trouble with passphrase_cb seemingly being ignored. The GPG_AGENT_INFO environment variable is unset. It could be similar to this bug here, and I am indeed using pygpgme: https://bugs.launchpad.net/pygpgme/+bug/999949 Can someone eyeball this trace and see if anything obvious sticks out? I've gone through both the pygpgme and gpgme code to some degree and can't seem to figure out why the supplied passphrase_cb isn't ever executed. The point in the trace where passphrase_cb is set is quite clear, and the value stays the same until the end: passphrase_cb=0x2e30e0/0xb7435194 However, instead of the pygpgme callback function executing, the gnome pinentry window pops up. I've pasted a bunch of debugging statements into the code of pygpgme. They confirm that up until the line where gpgme_op_sign is called, the passphrase_cb is set as expected. It is also set as expected coming out of op_sign. However, the debug statements planted in the callback function itself are never touched. I tried instrumenting t-sign.c and t-support.h the same way, but the data types are opaque there and wasn't able to get hex pointer values for the cb function. The cb function in t-support.h does seem never to be called, but there's no gnome pinentry dialog either, and the tests pass, so I'm quite confused. (My crude instrumentation appends lines to a debug file in /tmp, opening and closing after each write, so that there's no confusion about stderr/stdout getting swallowed or lines being written out of order.) Thanks- John > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_debug: level=5 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_check_version: call: 0=(nil), req_version=(null), VERSION=1.3.0 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_check_version_internal: call: 0=(nil), req_version=(null), offset_sig_validity=32 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_new: enter: r_ctx=0xb77550a8 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_new: leave: ctx=0x96811f8 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_new_from_cbs: enter: r_dh=0xbffd4d10, handle=0xb742a498 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_new_from_cbs: leave: dh=0x96aa890 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import: enter: ctx=0x96811f8, keydata=0x96aa890 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_get_encoding: call: dh=0x96aa890, dh->encoding=0 > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_add_io_cb: call: ctx=0x96811f8, fd 5, dir=1 -> tag=0x969e588 > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_add_io_cb: call: ctx=0x96811f8, fd 9, dir=0 -> tag=0x95d2b48 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme:gpg_io_event: call: gpg=0x9674040, event 0x4b87dcf0, type 0, type_data (nil) > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x95d2b58, need to check > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x95d2b58, handler (0x96aa890, 9) > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_data_outbound_handler: enter: dh=0x96aa890, fd=0x9 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_read: enter: dh=0x96aa890, buffer=0x96aa898, size=4096 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_read: leave: result=908 > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_data_outbound_handler: leave > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x95d2b58, need to check > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x95d2b58, handler (0x96aa890, 9) > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_data_outbound_handler: enter: dh=0x96aa890, fd=0x9 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_read: enter: dh=0x96aa890, buffer=0x96aa898, size=4096 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_read: leave: result=0 > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_remove_io_cb: call: data=0x95d2b48, setting fd 0x9 (item=0x95d2b58) done > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_data_outbound_handler: leave > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e598, need to check > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e598, handler (0x9674040, 5) > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e598, need to check > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e598, handler (0x9674040, 5) > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e598, need to check > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e598, handler (0x9674040, 5) > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e598, need to check > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e598, handler (0x9674040, 5) > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_remove_io_cb: call: data=0x969e588, setting fd 0x5 (item=0x969e598) done > GPGME 2012-09-06 17:43:28 <0x464e> gpgme:gpg_io_event: call: gpg=0x9674040, event 0x4b87dcf0, type 1, type_data 0xbffd4c54 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import: leave > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_release: call: dh=0x96aa890 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: enter: ctx=0x96811f8 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: ctx=0x96811f8, 1 considered, 0 no UID, 1 imported, 0 imported RSA, 0 unchanged > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: ctx=0x96811f8, 0 new UIDs, 0 new sub keys, 0 new signatures, 0 new revocations > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: ctx=0x96811f8, 0 secret keys, 0 imported, 0 unchanged > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: ctx=0x96811f8, 0 skipped new keys, 0 not imported > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: ctx=0x96811f8, import[0] for EFB052B4230BBBC51914BCBB54DCBBC8DBFB9EB3 = 0x1 ((null)) > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: leave: result=0x9697104 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_new_from_cbs: enter: r_dh=0xbffd4d10, handle=0xb742a4f0 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_new_from_cbs: leave: dh=0x96aa890 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import: enter: ctx=0x96811f8, keydata=0x96aa890 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_get_encoding: call: dh=0x96aa890, dh->encoding=0 > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_add_io_cb: call: ctx=0x96811f8, fd 5, dir=1 -> tag=0x96a98e8 > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_add_io_cb: call: ctx=0x96811f8, fd 9, dir=0 -> tag=0x969e540 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme:gpg_io_event: call: gpg=0x9674040, event 0x4b87dcf0, type 0, type_data (nil) > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e550, need to check > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e550, handler (0x96aa890, 9) > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_data_outbound_handler: enter: dh=0x96aa890, fd=0x9 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_read: enter: dh=0x96aa890, buffer=0x96aa898, size=4096 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_read: leave: result=1045 > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_data_outbound_handler: leave > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e550, need to check > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e550, handler (0x96aa890, 9) > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_data_outbound_handler: enter: dh=0x96aa890, fd=0x9 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_read: enter: dh=0x96aa890, buffer=0x96aa898, size=4096 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_read: leave: result=0 > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_remove_io_cb: call: data=0x969e540, setting fd 0x9 (item=0x969e550) done > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_data_outbound_handler: leave > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e528, need to check > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e528, handler (0x9674040, 5) > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e528, need to check > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e528, handler (0x9674040, 5) > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e528, need to check > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e528, handler (0x9674040, 5) > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e528, need to check > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e528, handler (0x9674040, 5) > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_remove_io_cb: call: data=0x96a98e8, setting fd 0x5 (item=0x969e528) done > GPGME 2012-09-06 17:43:28 <0x464e> gpgme:gpg_io_event: call: gpg=0x9674040, event 0x4b87dcf0, type 1, type_data 0xbffd4c54 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import: leave > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_release: call: dh=0x96aa890 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: enter: ctx=0x96811f8 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: ctx=0x96811f8, 1 considered, 0 no UID, 0 imported, 0 imported RSA, 0 unchanged > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: ctx=0x96811f8, 0 new UIDs, 0 new sub keys, 1 new signatures, 0 new revocations > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: ctx=0x96811f8, 1 secret keys, 1 imported, 0 unchanged > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: ctx=0x96811f8, 0 skipped new keys, 0 not imported > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: ctx=0x96811f8, import[0] for EFB052B4230BBBC51914BCBB54DCBBC8DBFB9EB3 = 0x11 ((null)) > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: ctx=0x96811f8, import[1] for EFB052B4230BBBC51914BCBB54DCBBC8DBFB9EB3 = 0x4 ((null)) > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: leave: result=0x9696a24 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_get_passphrase_cb: call: ctx=0x96811f8, ctx->passphrase_cb=(nil)/(nil) > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_get_progress_cb: call: ctx=0x96811f8, ctx->progress_cb=(nil)/(nil) > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_release: call: ctx=0x96811f8 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_new: enter: r_ctx=0xb77550a8 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_new: leave: ctx=0x96811f8 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_get_key: enter: ctx=0x96811f8, fpr=EFB052B4230BBBC51914BCBB54DCBBC8DBFB9EB3, secret=0 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_new: enter: r_ctx=0xbffd4cd8 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_new: leave: ctx=0x9674040 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_get_protocol: call: ctx=0x96811f8, ctx->protocol=0 (OpenPGP) > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_set_protocol: enter: ctx=0x9674040, protocol=0 (OpenPGP) > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_set_protocol: leave > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_get_keylist_mode: call: ctx=0x96811f8, ctx->keylist_mode=0x1 > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_add_io_cb: call: ctx=0x96811f8, fd 9, dir=0 -> tag=0x969e540 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme:gpg_io_event: call: gpg=0x9674040, event 0x4b87dcf0, type 0, type_data (nil) > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e550, need to check > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e550, handler (0x96aa890, 9) > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_data_outbound_handler: enter: dh=0x96aa890, fd=0x9 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_read: enter: dh=0x96aa890, buffer=0x96aa898, size=4096 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_read: leave: result=1045 > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_data_outbound_handler: leave > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e550, need to check > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e550, handler (0x96aa890, 9) > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_data_outbound_handler: enter: dh=0x96aa890, fd=0x9 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_read: enter: dh=0x96aa890, buffer=0x96aa898, size=4096 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_read: leave: result=0 > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_remove_io_cb: call: data=0x969e540, setting fd 0x9 (item=0x969e550) done > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_data_outbound_handler: leave > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e528, need to check > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e528, handler (0x9674040, 5) > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e528, need to check > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e528, handler (0x9674040, 5) > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e528, need to check > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e528, handler (0x9674040, 5) > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e528, need to check > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e528, handler (0x9674040, 5) > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_remove_io_cb: call: data=0x96a98e8, setting fd 0x5 (item=0x969e528) done > GPGME 2012-09-06 17:43:28 <0x464e> gpgme:gpg_io_event: call: gpg=0x9674040, event 0x4b87dcf0, type 1, type_data 0xbffd4c54 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import: leave > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_release: call: dh=0x96aa890 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: enter: ctx=0x96811f8 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: ctx=0x96811f8, 1 considered, 0 no UID, 0 imported, 0 imported RSA, 0 unchanged > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: ctx=0x96811f8, 0 new UIDs, 0 new sub keys, 1 new signatures, 0 new revocations > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: ctx=0x96811f8, 1 secret keys, 1 imported, 0 unchanged > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: ctx=0x96811f8, 0 skipped new keys, 0 not imported > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: ctx=0x96811f8, import[0] for EFB052B4230BBBC51914BCBB54DCBBC8DBFB9EB3 = 0x11 ((null)) > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: ctx=0x96811f8, import[1] for EFB052B4230BBBC51914BCBB54DCBBC8DBFB9EB3 = 0x4 ((null)) > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: leave: result=0x9696a24 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_get_passphrase_cb: call: ctx=0x96811f8, ctx->passphrase_cb=(nil)/(nil) > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_get_progress_cb: call: ctx=0x96811f8, ctx->progress_cb=(nil)/(nil) > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_release: call: ctx=0x96811f8 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_new: enter: r_ctx=0xb77550a8 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_new: leave: ctx=0x96811f8 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_get_key: enter: ctx=0x96811f8, fpr=EFB052B4230BBBC51914BCBB54DCBBC8DBFB9EB3, secret=0 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_new: enter: r_ctx=0xbffd4cd8 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_new: leave: ctx=0x9674040 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_get_protocol: call: ctx=0x96811f8, ctx->protocol=0 (OpenPGP) > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_set_protocol: enter: ctx=0x9674040, protocol=0 (OpenPGP) > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_set_protocol: leave > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_get_keylist_mode: call: ctx=0x96811f8, ctx->keylist_mode=0x1 > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_add_io_cb: call: ctx=0x96811f8, fd 9, dir=0 -> tag=0x969e540 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme:gpg_io_event: call: gpg=0x9674040, event 0x4b87dcf0, type 0, type_data (nil) > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e550, need to check > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e550, handler (0x96aa890, 9) > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_data_outbound_handler: enter: dh=0x96aa890, fd=0x9 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_read: enter: dh=0x96aa890, buffer=0x96aa898, size=4096 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_read: leave: result=1045 > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_data_outbound_handler: leave > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e550, need to check > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e550, handler (0x96aa890, 9) > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_data_outbound_handler: enter: dh=0x96aa890, fd=0x9 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_read: enter: dh=0x96aa890, buffer=0x96aa898, size=4096 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_read: leave: result=0 > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_remove_io_cb: call: data=0x969e540, setting fd 0x9 (item=0x969e550) done > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_data_outbound_handler: leave > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e528, need to check > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e528, handler (0x9674040, 5) > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e528, need to check > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e528, handler (0x9674040, 5) > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e528, need to check > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e528, handler (0x9674040, 5) > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e528, need to check > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: item=0x969e528, handler (0x9674040, 5) > GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_remove_io_cb: call: data=0x96a98e8, setting fd 0x5 (item=0x969e528) done > GPGME 2012-09-06 17:43:28 <0x464e> gpgme:gpg_io_event: call: gpg=0x9674040, event 0x4b87dcf0, type 1, type_data 0xbffd4c54 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import: leave > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_release: call: dh=0x96aa890 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: enter: ctx=0x96811f8 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: ctx=0x96811f8, 1 considered, 0 no UID, 0 imported, 0 imported RSA, 0 unchanged > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: ctx=0x96811f8, 0 new UIDs, 0 new sub keys, 1 new signatures, 0 new revocations > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: ctx=0x96811f8, 1 secret keys, 1 imported, 0 unchanged > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: ctx=0x96811f8, 0 skipped new keys, 0 not imported > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: ctx=0x96811f8, import[0] for EFB052B4230BBBC51914BCBB54DCBBC8DBFB9EB3 = 0x11 ((null)) > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: ctx=0x96811f8, import[1] for EFB052B4230BBBC51914BCBB54DCBBC8DBFB9EB3 = 0x4 ((null)) > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: leave: result=0x9696a24 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_get_passphrase_cb: call: ctx=0x96811f8, ctx->passphrase_cb=(nil)/(nil) > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_get_progress_cb: call: ctx=0x96811f8, ctx->progress_cb=(nil)/(nil) > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_release: call: ctx=0x96811f8 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_new: enter: r_ctx=0xb77550a8 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_new: leave: ctx=0x96811f8 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_get_key: enter: ctx=0x96811f8, fpr=EFB052B4230BBBC51914BCBB54DCBBC8DBFB9EB3, secret=0 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_new: enter: r_ctx=0xbffd4cd8 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_new: leave: ctx=0x9674040 > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_get_protocol: call: ctx=0x96811f8, ctx->protocol=0 (OpenPGP) > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_set_protocol: enter: ctx=0x9674040, protocol=0 (OpenPGP) > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_set_protocol: leave > GPGME 2012-09-06 17:43:28 <0x464e> gpgme_get_keylist_mode: call: ctx=0x96811f8, ctx->keylist_mode=0x1 > GPGME 2012-09-06 17:43:31 <0x464e> gpgme_release: call: ctx=0x96811f8 From cloudpg at informationelle-selbstbestimmung-im-internet.de Fri Sep 7 09:55:53 2012 From: cloudpg at informationelle-selbstbestimmung-im-internet.de (Jens Lechtenboerger) Date: Fri, 07 Sep 2012 09:55:53 +0200 Subject: A safe text editor In-Reply-To: <50474C08.1010404@archlinux.us> (notizblock's message of "Wed, 05 Sep 2012 14:56:40 +0200") References: <1346830740.32188.140661123812897.4449562B@webmail.messagingengine.com> <50474C08.1010404@archlinux.us> Message-ID: <86r4qegtbq.fsf@spam.invalid> On Mi, Sep 05 2012, notizblock wrote: > Am 2012-09-05 09:39, schrieb antispam06 at sent.at: > >> Could you recommend a safe text editor, in the sense it does protect the >> edited contents in memory, but, most important, on the disk (temp files >> and such). Having functions to interact with gnupg would be even better. > > You could use vim with the gnupg.vim [1] plugin. It turns off swapfiles > and viminfo by default and handles filenames with a ".gpg", ".pgp" or > ".asc" suffix. > > [1] http://www.vim.org/scripts/script.php?script_id=3645 If you prefer Emacs over vim, I suggest the EasyPG Assistant: https://www.gnu.org/software/emacs/manual/html_mono/epa.html Best wishes Jens From ricul77 at gmail.com Fri Sep 7 15:15:41 2012 From: ricul77 at gmail.com (Richi Lists) Date: Fri, 07 Sep 2012 15:15:41 +0200 Subject: Changing the email address of a key In-Reply-To: <503F28D3.40907@digitalbrains.com> References: <1346101143.4337.24.camel@quadulrich> <20120827215706.GC16163@WOPR.ST.HMC.Edu> <87sjb72yze.fsf@vigenere.g10code.de> <503C8620.9010606@digitalbrains.com> <1346183649.2815.9.camel@onenc> <503DBB84.4080002@digitalbrains.com> <1346241206.2701.4.camel@onenc> <503E070F.1090700@digitalbrains.com> <1346315107.2609.8.camel@onenc> <503F28D3.40907@digitalbrains.com> Message-ID: <1347023741.556.4.camel@onenc> That worked. Thanks a lot! Rgds Richard On Do, 2012-08-30 at 10:48 +0200, Peter Lebbing wrote: > On 30/08/12 10:25, Richi Lists wrote: > > Using the primary key was what I tried first. But when I saw the error > > message "signing failed", I thought I'd have to force the proper signing > > subkey, like I have to do for signing emails. > > > > My setup is more or less the following: > > http://wiki.fsfe.org/Card_howtos/Card_with_subkeys_using_backups > > with the addition of a sub key for ssh authentication: > > http://www.programmierecke.net/howto/gpg-ssh.html -> section "with > > smartcard (openpgp)" > > The thing is that for a new UID, you need the, what they call, master key. That > would be the primary key. So when you followed the instructions under the > heading "Remove the master key from the keyring", you where after that unable to > use your master/primary key to create a new UID. > > So you go back a little in the document to the part where you had your USB stick > with the primary key and all subkeys guarded by Orcs or some other fearsome > creature. Plead with the creature to have your USB stick back, once again follow > the section "Go offline", import your primary key from the USB stick (wipe away > the Orc spittle before inserting; ignore the chew marks on the protective cap). > > After you have created the new UID with the primary key and exported the whole > to the USB stick, re-remove the primary key from the system. > > Oh, by the way, the reason you need the exclamation mark to specify which key to > use to sign is because you have two signing keys. Apparently GnuPG tries it with > the one you don't have the secret part for if you don't give the exclamation > mark. But bear in mind the difference between a signature on a key(/UID) and on > data. The signing subkey is for signatures on data. > > Good luck, > > Peter. > From john at zultron.com Sat Sep 8 03:23:11 2012 From: john at zultron.com (John Morris) Date: Fri, 07 Sep 2012 20:23:11 -0500 Subject: gpgme passphrase_cb In-Reply-To: <504932F8.6040101@zultron.com> References: <504932F8.6040101@zultron.com> Message-ID: <504A9DFF.4030705@zultron.com> Hi again, After spending a second day debugging this problem, I think I've narrowed it down. (Sorry for the top-post, but the original post isn't too relevant anymore!) I still have not found a case where passphrase_cb is actually used. In the gpg2 manpage, the description of the '--{no-}use-agent' options indicate that the gpg agent is *always* used, which would imply that there is no way for gpg2 to read in a passphrase through a file descriptor. The gpgme test cases work because they create a 'gpg-agent.conf' file in $GNUPGHOME pointing to the simple but workable 'pinentry' script in the same directory. Although there is a 'passphrase_cb' function defined in t-support.h, it is presumably never used with gpg2, even though it is set up and ready to go. The pygpgme test cases fail because, although there is a working passphrase_cb, it is never called, and there is no gpg-agent configured capable of supplying the passphrase. All the above seems to be true, and yet the application I'm having trouble with (sigul) was working well a couple of months ago. Can anyone confirm or deny the above? Thanks- John On 09/06/2012 06:34 PM, John Morris wrote: > Hi, > > I'm having trouble with passphrase_cb seemingly being ignored. The > GPG_AGENT_INFO environment variable is unset. > > It could be similar to this bug here, and I am indeed using pygpgme: > https://bugs.launchpad.net/pygpgme/+bug/999949 > > Can someone eyeball this trace and see if anything obvious sticks out? > I've gone through both the pygpgme and gpgme code to some degree and > can't seem to figure out why the supplied passphrase_cb isn't ever > executed. > > The point in the trace where passphrase_cb is set is quite clear, and > the value stays the same until the end: > passphrase_cb=0x2e30e0/0xb7435194 > > However, instead of the pygpgme callback function executing, the gnome > pinentry window pops up. > > I've pasted a bunch of debugging statements into the code of pygpgme. > They confirm that up until the line where gpgme_op_sign is called, the > passphrase_cb is set as expected. It is also set as expected coming out > of op_sign. However, the debug statements planted in the callback > function itself are never touched. > > I tried instrumenting t-sign.c and t-support.h the same way, but the > data types are opaque there and wasn't able to get hex pointer values > for the cb function. The cb function in t-support.h does seem never to > be called, but there's no gnome pinentry dialog either, and the tests > pass, so I'm quite confused. (My crude instrumentation appends lines to > a debug file in /tmp, opening and closing after each write, so that > there's no confusion about stderr/stdout getting swallowed or lines > being written out of order.) > > Thanks- > > John > > > >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_debug: level=5 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_check_version: call: 0=(nil), >> req_version=(null), VERSION=1.3.0 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_check_version_internal: call: >> 0=(nil), req_version=(null), offset_sig_validity=32 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_new: enter: r_ctx=0xb77550a8 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_new: leave: ctx=0x96811f8 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_new_from_cbs: enter: >> r_dh=0xbffd4d10, handle=0xb742a498 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_new_from_cbs: leave: >> dh=0x96aa890 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import: enter: >> ctx=0x96811f8, keydata=0x96aa890 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_get_encoding: call: >> dh=0x96aa890, dh->encoding=0 >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_add_io_cb: call: >> ctx=0x96811f8, fd 5, dir=1 -> tag=0x969e588 >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_add_io_cb: call: >> ctx=0x96811f8, fd 9, dir=0 -> tag=0x95d2b48 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme:gpg_io_event: call: >> gpg=0x9674040, event 0x4b87dcf0, type 0, type_data (nil) >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x95d2b58, need to check >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x95d2b58, handler (0x96aa890, 9) >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_data_outbound_handler: >> enter: dh=0x96aa890, fd=0x9 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_read: enter: >> dh=0x96aa890, buffer=0x96aa898, size=4096 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_read: leave: result=908 >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_data_outbound_handler: leave >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x95d2b58, need to check >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x95d2b58, handler (0x96aa890, 9) >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_data_outbound_handler: >> enter: dh=0x96aa890, fd=0x9 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_read: enter: >> dh=0x96aa890, buffer=0x96aa898, size=4096 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_read: leave: result=0 >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_remove_io_cb: call: >> data=0x95d2b48, setting fd 0x9 (item=0x95d2b58) done >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_data_outbound_handler: leave >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e598, need to check >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e598, handler (0x9674040, 5) >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e598, need to check >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e598, handler (0x9674040, 5) >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e598, need to check >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e598, handler (0x9674040, 5) >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e598, need to check >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e598, handler (0x9674040, 5) >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_remove_io_cb: call: >> data=0x969e588, setting fd 0x5 (item=0x969e598) done >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme:gpg_io_event: call: >> gpg=0x9674040, event 0x4b87dcf0, type 1, type_data 0xbffd4c54 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import: leave >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_release: call: dh=0x96aa890 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: enter: >> ctx=0x96811f8 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: >> ctx=0x96811f8, 1 considered, 0 no UID, 1 imported, 0 imported RSA, 0 >> unchanged >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: >> ctx=0x96811f8, 0 new UIDs, 0 new sub keys, 0 new signatures, 0 new >> revocations >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: >> ctx=0x96811f8, 0 secret keys, 0 imported, 0 unchanged >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: >> ctx=0x96811f8, 0 skipped new keys, 0 not imported >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: >> ctx=0x96811f8, import[0] for EFB052B4230BBBC51914BCBB54DCBBC8DBFB9EB3 >> = 0x1 ((null)) >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: leave: >> result=0x9697104 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_new_from_cbs: enter: >> r_dh=0xbffd4d10, handle=0xb742a4f0 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_new_from_cbs: leave: >> dh=0x96aa890 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import: enter: >> ctx=0x96811f8, keydata=0x96aa890 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_get_encoding: call: >> dh=0x96aa890, dh->encoding=0 >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_add_io_cb: call: >> ctx=0x96811f8, fd 5, dir=1 -> tag=0x96a98e8 >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_add_io_cb: call: >> ctx=0x96811f8, fd 9, dir=0 -> tag=0x969e540 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme:gpg_io_event: call: >> gpg=0x9674040, event 0x4b87dcf0, type 0, type_data (nil) >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e550, need to check >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e550, handler (0x96aa890, 9) >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_data_outbound_handler: >> enter: dh=0x96aa890, fd=0x9 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_read: enter: >> dh=0x96aa890, buffer=0x96aa898, size=4096 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_read: leave: result=1045 >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_data_outbound_handler: leave >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e550, need to check >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e550, handler (0x96aa890, 9) >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_data_outbound_handler: >> enter: dh=0x96aa890, fd=0x9 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_read: enter: >> dh=0x96aa890, buffer=0x96aa898, size=4096 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_read: leave: result=0 >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_remove_io_cb: call: >> data=0x969e540, setting fd 0x9 (item=0x969e550) done >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_data_outbound_handler: leave >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e528, need to check >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e528, handler (0x9674040, 5) >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e528, need to check >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e528, handler (0x9674040, 5) >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e528, need to check >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e528, handler (0x9674040, 5) >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e528, need to check >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e528, handler (0x9674040, 5) >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_remove_io_cb: call: >> data=0x96a98e8, setting fd 0x5 (item=0x969e528) done >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme:gpg_io_event: call: >> gpg=0x9674040, event 0x4b87dcf0, type 1, type_data 0xbffd4c54 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import: leave >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_release: call: dh=0x96aa890 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: enter: >> ctx=0x96811f8 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: >> ctx=0x96811f8, 1 considered, 0 no UID, 0 imported, 0 imported RSA, 0 >> unchanged >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: >> ctx=0x96811f8, 0 new UIDs, 0 new sub keys, 1 new signatures, 0 new >> revocations >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: >> ctx=0x96811f8, 1 secret keys, 1 imported, 0 unchanged >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: >> ctx=0x96811f8, 0 skipped new keys, 0 not imported >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: >> ctx=0x96811f8, import[0] for EFB052B4230BBBC51914BCBB54DCBBC8DBFB9EB3 >> = 0x11 ((null)) >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: >> ctx=0x96811f8, import[1] for EFB052B4230BBBC51914BCBB54DCBBC8DBFB9EB3 >> = 0x4 ((null)) >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: leave: >> result=0x9696a24 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_get_passphrase_cb: call: >> ctx=0x96811f8, ctx->passphrase_cb=(nil)/(nil) >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_get_progress_cb: call: >> ctx=0x96811f8, ctx->progress_cb=(nil)/(nil) >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_release: call: ctx=0x96811f8 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_new: enter: r_ctx=0xb77550a8 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_new: leave: ctx=0x96811f8 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_get_key: enter: >> ctx=0x96811f8, fpr=EFB052B4230BBBC51914BCBB54DCBBC8DBFB9EB3, secret=0 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_new: enter: r_ctx=0xbffd4cd8 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_new: leave: ctx=0x9674040 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_get_protocol: call: >> ctx=0x96811f8, ctx->protocol=0 (OpenPGP) >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_set_protocol: enter: >> ctx=0x9674040, protocol=0 (OpenPGP) >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_set_protocol: leave >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_get_keylist_mode: call: >> ctx=0x96811f8, ctx->keylist_mode=0x1 >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_add_io_cb: call: >> ctx=0x96811f8, fd 9, dir=0 -> tag=0x969e540 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme:gpg_io_event: call: >> gpg=0x9674040, event 0x4b87dcf0, type 0, type_data (nil) >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e550, need to check >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e550, handler (0x96aa890, 9) >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_data_outbound_handler: >> enter: dh=0x96aa890, fd=0x9 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_read: enter: >> dh=0x96aa890, buffer=0x96aa898, size=4096 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_read: leave: result=1045 >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_data_outbound_handler: leave >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e550, need to check >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e550, handler (0x96aa890, 9) >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_data_outbound_handler: >> enter: dh=0x96aa890, fd=0x9 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_read: enter: >> dh=0x96aa890, buffer=0x96aa898, size=4096 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_read: leave: result=0 >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_remove_io_cb: call: >> data=0x969e540, setting fd 0x9 (item=0x969e550) done >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_data_outbound_handler: leave >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e528, need to check >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e528, handler (0x9674040, 5) >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e528, need to check >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e528, handler (0x9674040, 5) >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e528, need to check >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e528, handler (0x9674040, 5) >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e528, need to check >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e528, handler (0x9674040, 5) >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_remove_io_cb: call: >> data=0x96a98e8, setting fd 0x5 (item=0x969e528) done >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme:gpg_io_event: call: >> gpg=0x9674040, event 0x4b87dcf0, type 1, type_data 0xbffd4c54 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import: leave >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_release: call: dh=0x96aa890 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: enter: >> ctx=0x96811f8 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: >> ctx=0x96811f8, 1 considered, 0 no UID, 0 imported, 0 imported RSA, 0 >> unchanged >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: >> ctx=0x96811f8, 0 new UIDs, 0 new sub keys, 1 new signatures, 0 new >> revocations >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: >> ctx=0x96811f8, 1 secret keys, 1 imported, 0 unchanged >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: >> ctx=0x96811f8, 0 skipped new keys, 0 not imported >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: >> ctx=0x96811f8, import[0] for EFB052B4230BBBC51914BCBB54DCBBC8DBFB9EB3 >> = 0x11 ((null)) >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: >> ctx=0x96811f8, import[1] for EFB052B4230BBBC51914BCBB54DCBBC8DBFB9EB3 >> = 0x4 ((null)) >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: leave: >> result=0x9696a24 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_get_passphrase_cb: call: >> ctx=0x96811f8, ctx->passphrase_cb=(nil)/(nil) >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_get_progress_cb: call: >> ctx=0x96811f8, ctx->progress_cb=(nil)/(nil) >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_release: call: ctx=0x96811f8 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_new: enter: r_ctx=0xb77550a8 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_new: leave: ctx=0x96811f8 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_get_key: enter: >> ctx=0x96811f8, fpr=EFB052B4230BBBC51914BCBB54DCBBC8DBFB9EB3, secret=0 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_new: enter: r_ctx=0xbffd4cd8 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_new: leave: ctx=0x9674040 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_get_protocol: call: >> ctx=0x96811f8, ctx->protocol=0 (OpenPGP) >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_set_protocol: enter: >> ctx=0x9674040, protocol=0 (OpenPGP) >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_set_protocol: leave >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_get_keylist_mode: call: >> ctx=0x96811f8, ctx->keylist_mode=0x1 >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_add_io_cb: call: >> ctx=0x96811f8, fd 9, dir=0 -> tag=0x969e540 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme:gpg_io_event: call: >> gpg=0x9674040, event 0x4b87dcf0, type 0, type_data (nil) >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e550, need to check >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e550, handler (0x96aa890, 9) >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_data_outbound_handler: >> enter: dh=0x96aa890, fd=0x9 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_read: enter: >> dh=0x96aa890, buffer=0x96aa898, size=4096 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_read: leave: result=1045 >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_data_outbound_handler: leave >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e550, need to check >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e550, handler (0x96aa890, 9) >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_data_outbound_handler: >> enter: dh=0x96aa890, fd=0x9 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_read: enter: >> dh=0x96aa890, buffer=0x96aa898, size=4096 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_read: leave: result=0 >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_remove_io_cb: call: >> data=0x969e540, setting fd 0x9 (item=0x969e550) done >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_data_outbound_handler: leave >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e528, need to check >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e528, handler (0x9674040, 5) >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e528, need to check >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e528, handler (0x9674040, 5) >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e528, need to check >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e528, handler (0x9674040, 5) >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e528, need to check >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_run_io_cb: call: >> item=0x969e528, handler (0x9674040, 5) >> GPGME 2012-09-06 17:43:28 <0x464e> _gpgme_remove_io_cb: call: >> data=0x96a98e8, setting fd 0x5 (item=0x969e528) done >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme:gpg_io_event: call: >> gpg=0x9674040, event 0x4b87dcf0, type 1, type_data 0xbffd4c54 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import: leave >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_data_release: call: dh=0x96aa890 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: enter: >> ctx=0x96811f8 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: >> ctx=0x96811f8, 1 considered, 0 no UID, 0 imported, 0 imported RSA, 0 >> unchanged >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: >> ctx=0x96811f8, 0 new UIDs, 0 new sub keys, 1 new signatures, 0 new >> revocations >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: >> ctx=0x96811f8, 1 secret keys, 1 imported, 0 unchanged >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: >> ctx=0x96811f8, 0 skipped new keys, 0 not imported >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: >> ctx=0x96811f8, import[0] for EFB052B4230BBBC51914BCBB54DCBBC8DBFB9EB3 >> = 0x11 ((null)) >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: check: >> ctx=0x96811f8, import[1] for EFB052B4230BBBC51914BCBB54DCBBC8DBFB9EB3 >> = 0x4 ((null)) >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_op_import_result: leave: >> result=0x9696a24 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_get_passphrase_cb: call: >> ctx=0x96811f8, ctx->passphrase_cb=(nil)/(nil) >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_get_progress_cb: call: >> ctx=0x96811f8, ctx->progress_cb=(nil)/(nil) >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_release: call: ctx=0x96811f8 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_new: enter: r_ctx=0xb77550a8 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_new: leave: ctx=0x96811f8 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_get_key: enter: >> ctx=0x96811f8, fpr=EFB052B4230BBBC51914BCBB54DCBBC8DBFB9EB3, secret=0 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_new: enter: r_ctx=0xbffd4cd8 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_new: leave: ctx=0x9674040 >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_get_protocol: call: >> ctx=0x96811f8, ctx->protocol=0 (OpenPGP) >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_set_protocol: enter: >> ctx=0x9674040, protocol=0 (OpenPGP) >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_set_protocol: leave >> GPGME 2012-09-06 17:43:28 <0x464e> gpgme_get_keylist_mode: call: >> ctx=0x96811f8, ctx->keylist_mode=0x1 >> GPGME 2012-09-06 17:43:31 <0x464e> gpgme_release: call: ctx=0x96811f8 > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From john at zultron.com Sat Sep 8 19:09:11 2012 From: john at zultron.com (John Morris) Date: Sat, 08 Sep 2012 12:09:11 -0500 Subject: gpgme passphrase_cb (problem solved) In-Reply-To: <504A9DFF.4030705@zultron.com> References: <504932F8.6040101@zultron.com> <504A9DFF.4030705@zultron.com> Message-ID: <504B7BB7.1070607@zultron.com> Hi list, I believe I've figured out the bigger problem. On 09/07/2012 08:23 PM, John Morris wrote: > I still have not found a case where passphrase_cb is actually used. In > the gpg2 manpage, the description of the '--{no-}use-agent' options > indicate that the gpg agent is *always* used, which would imply that > there is no way for gpg2 to read in a passphrase through a file descriptor. I'm pretty sure now that this is correct: gpg2 password input cannot be captured without the use of a gpg-agent. > The gpgme test cases work because they create a 'gpg-agent.conf' file in > $GNUPGHOME pointing to the simple but workable 'pinentry' script in the > same directory. Although there is a 'passphrase_cb' function defined in > t-support.h, it is presumably never used with gpg2, even though it is > set up and ready to go. Has there been any thought about building a gpg-agent into gpgme that the passphrase_cb could be hooked into? The passphrase_cb is a pretty convenient interface, since it can be implemented without worrying about creating dummy pinentry programs and pointing gpg-agent.conf files at them. > The pygpgme test cases fail because, although there is a working > passphrase_cb, it is never called, and there is no gpg-agent configured > capable of supplying the passphrase. I demonstrated that the failing cases can by fixed by inserting a line after the ctx object is initialized to run gpg instead of gpg2: ctx.set_engine_info(gpgme.PROTOCOL_OpenPGP, '/usr/bin/gpg', os.environ['GNUPGHOME']) > All the above seems to be true, and yet the application I'm having > trouble with (sigul) was working well a couple of months ago. Can anyone > confirm or deny the above? If the above example will be applied, I believe my solution is imminent. Thanks for the bandwidth, and enjoy the weekend. John From free10pro at gmail.com Sun Sep 9 11:16:05 2012 From: free10pro at gmail.com (Paul Richard Ramer) Date: Sun, 09 Sep 2012 02:16:05 -0700 Subject: A safe text editor In-Reply-To: <1346830740.32188.140661123812897.4449562B@webmail.messagingengine.com> References: <1346830740.32188.140661123812897.4449562B@webmail.messagingengine.com> Message-ID: <504C5E55.9000800@gmail.com> On 09/05/2012 12:39 AM, antispam06 at sent.at wrote: > Could you recommend a safe text editor, in the sense it does protect > the edited contents in memory, but, most important, on the disk (temp > files and such). Having functions to interact with gnupg would be even > better. > > The point is to edit a text and have it all encrypted on disk. I'd like > one that goes for .asc instead of .txt. I don't know of a text editor that meets this criteria (granted I haven't done any research), but as for protecting the temporary files, you may want to use disk encryption instead. By using disk encryption, you can ensure that the temporary files are encrypted while you are editing regardless of which editor you use. But as for a text editor that uses protected memory, I don't have a recommendation for you. --Paul From gnupg at oneiroi.net Sun Sep 9 13:12:10 2012 From: gnupg at oneiroi.net (Milo) Date: Sun, 09 Sep 2012 13:12:10 +0200 Subject: A safe text editor In-Reply-To: <504C5E55.9000800@gmail.com> References: <1346830740.32188.140661123812897.4449562B@webmail.messagingengine.com> <504C5E55.9000800@gmail.com> Message-ID: <504C798A.4080507@oneiroi.net> Hi. On 09/09/2012 11:16 AM, Paul Richard Ramer wrote: > On 09/05/2012 12:39 AM, antispam06 at sent.at wrote: >> Could you recommend a safe text editor, in the sense it does protect >> the edited contents in memory, but, most important, on the disk (temp >> files and such). Having functions to interact with gnupg would be even >> better. >> >> The point is to edit a text and have it all encrypted on disk. I'd like >> one that goes for .asc instead of .txt. > > I don't know of a text editor that meets this criteria (granted I > haven't done any research), but as for protecting the temporary files, > you may want to use disk encryption instead. By using disk encryption, > you can ensure that the temporary files are encrypted while you are > editing regardless of which editor you use. But as for a text editor > that uses protected memory, I don't have a recommendation for you. AFAIR vim 7.3 or higher is able to encrypt swap and undo files (with blowfish for example). Not sure about other (possible) temp files. Also there are vim scrips allowing some level of integration with gnupg. Please follow vim docs for details. > --Paul > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- Regards, Milo From 4tmuelle at informatik.uni-hamburg.de Sun Sep 9 13:44:59 2012 From: 4tmuelle at informatik.uni-hamburg.de (Tobias Mueller) Date: Sun, 09 Sep 2012 13:44:59 +0200 Subject: Parsing SKS key dumps In-Reply-To: <20120611022748.GB17852@informatik.uni-hamburg.de> References: <20120608081139.8CE121006005C@ccc-hanau.de> <20120611022748.GB17852@informatik.uni-hamburg.de> Message-ID: <504C813B.5000805@informatik.uni-hamburg.de> Hey folks :) For the fun of it, I tried to parse a few weekly dumps (i.e. from here: http://keys.niif.hu/keydump/) and very often, not even GnuPG can successfully parse the packets, i.e. gpg --list-packets fails. Usually with "gpg: mpi too large for this implementation (56104 bits)" but there is a myriad of errors, i.e. gpg: subpacket of type 16 too short gpg: mpi larger than indicated length (517 bytes) gpg: mpi larger than indicated length (0 bytes) gpg: signature packet: unhashed data too long gpg: signature packet: hashed data too long gpg: mpi larger than indicated length (514 bytes) gpg: packet(14) too short I usually can parse 30 to 40 out of the 206 or 207 dumps (probably containing 15k keys each). I wonder why that is. Is that just malicious data which landed in the pool? Or is SKS better on parsing OpenPGP packets than GnuPG? Because one offending key seems to be 0x5df5c3733a6ced98 which, according to is successfully parsed by SKS. Same thing for 0xb51b4b095356aac8 or 0x857625223295AAB2. These appear to be keys that carry signature from 0x9710B89BCA57AD7C, the "PGP Global Directory Verification Key". Cheers, Tobi From peter at digitalbrains.com Sun Sep 9 20:39:55 2012 From: peter at digitalbrains.com (Peter Lebbing) Date: Sun, 09 Sep 2012 20:39:55 +0200 Subject: A safe text editor In-Reply-To: <504C798A.4080507@oneiroi.net> References: <1346830740.32188.140661123812897.4449562B@webmail.messagingengine.com> <504C5E55.9000800@gmail.com> <504C798A.4080507@oneiroi.net> Message-ID: <504CE27B.3020203@digitalbrains.com> On 09/09/12 13:12, Milo wrote: > Also there are vim scrips allowing some level of integration with gnupg. Personally, I'd have more faith in a text editor that was written ground-up with security in mind. If you take a full-fledged editor that was never intended to hide the contents, and then bolt on the security with some scripts, it's quite likely you're missing some way in which it is leaking your data. On the other hand, you have to consider your threat model. It could be enough. But I wouldn't be surprised if that nephew of yours who's good with computers got hold of one of your passwords, greps your whole hard disk for that password, and thus uncovers some temp file or swap page with all your passwords neatly arranged around that one password he knew. By the way, I don't suspect vim scripts can lock memory pages, so it could indeed very well be a swapped out memory page that will match the grep expression... HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From gnupg at oneiroi.net Sun Sep 9 21:06:23 2012 From: gnupg at oneiroi.net (Milo) Date: Sun, 09 Sep 2012 21:06:23 +0200 Subject: A safe text editor In-Reply-To: <504CE27B.3020203@digitalbrains.com> References: <1346830740.32188.140661123812897.4449562B@webmail.messagingengine.com> <504C5E55.9000800@gmail.com> <504C798A.4080507@oneiroi.net> <504CE27B.3020203@digitalbrains.com> Message-ID: <504CE8AF.10709@oneiroi.net> Peter. On 09/09/2012 08:39 PM, Peter Lebbing wrote: > On 09/09/12 13:12, Milo wrote: >> Also there are vim scrips allowing some level of integration with gnupg. > > Personally, I'd have more faith in a text editor that was written ground-up with > security in mind. If you take a full-fledged editor that was never intended to > hide the contents, and then bolt on the security with some scripts, it's quite > likely you're missing some way in which it is leaking your data. > > On the other hand, you have to consider your threat model. It could be enough. > But I wouldn't be surprised if that nephew of yours who's good with computers > got hold of one of your passwords, greps your whole hard disk for that password, > and thus uncovers some temp file or swap page with all your passwords neatly > arranged around that one password he knew. > > By the way, I don't suspect vim scripts can lock memory pages, so it could > indeed very well be a swapped out memory page that will match the grep expression... > > HTH, > > Peter. > I'm not sure what you are trying to say/prove by polemics with things I didn't wrote. I won't speculate about your faith in editors, your threat model, and probably there is no real point for you to speculate about my (possible) family and my hard drive data arrangement. -- Cheers, Milo From peter at digitalbrains.com Sun Sep 9 21:16:34 2012 From: peter at digitalbrains.com (Peter Lebbing) Date: Sun, 09 Sep 2012 21:16:34 +0200 Subject: A safe text editor In-Reply-To: <504CE8AF.10709@oneiroi.net> References: <1346830740.32188.140661123812897.4449562B@webmail.messagingengine.com> <504C5E55.9000800@gmail.com> <504C798A.4080507@oneiroi.net> <504CE27B.3020203@digitalbrains.com> <504CE8AF.10709@oneiroi.net> Message-ID: <504CEB12.9090000@digitalbrains.com> On 09/09/12 21:06, Milo wrote: > I'm not sure what you are trying to say/prove by polemics with things I > didn't wrote. I won't speculate about your faith in editors, your threat > model, and probably there is no real point for you to speculate about my > (possible) family and my hard drive data arrangement. You seem to have quite misunderstood my mail? There was absolutely nothing I was trying to prove by polemics with things you didn't write, I have no clue whatsoever what you are talking about. I was merely stating that I don't have a lot of faith in the correct workings of a vim plugin that tries to keep your private texts out of temp files and the like. And the nephew was the *metaphorical* whizzkid that every now and then comes by and either completely fixes or catastrophically blows up your computer. I have no idea about your family and don't intend to have. Again, you read something completely different in that mail from what I was trying to write. I apologize that I seem to have offended you, though I am baffled as to how I did that. HTH = Hope To Help, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From gnupg at oneiroi.net Sun Sep 9 21:33:33 2012 From: gnupg at oneiroi.net (Milo) Date: Sun, 09 Sep 2012 21:33:33 +0200 Subject: A safe text editor In-Reply-To: <504CEB12.9090000@digitalbrains.com> References: <1346830740.32188.140661123812897.4449562B@webmail.messagingengine.com> <504C5E55.9000800@gmail.com> <504C798A.4080507@oneiroi.net> <504CE27B.3020203@digitalbrains.com> <504CE8AF.10709@oneiroi.net> <504CEB12.9090000@digitalbrains.com> Message-ID: <504CEF0D.9010902@oneiroi.net> Hi! On 09/09/2012 09:16 PM, Peter Lebbing wrote: > On 09/09/12 21:06, Milo wrote: >> I'm not sure what you are trying to say/prove by polemics with things I >> didn't wrote. I won't speculate about your faith in editors, your threat >> model, and probably there is no real point for you to speculate about my >> (possible) family and my hard drive data arrangement. > > You seem to have quite misunderstood my mail? There was absolutely nothing I was > trying to prove by polemics with things you didn't write, I have no clue > whatsoever what you are talking about. > > I was merely stating that I don't have a lot of faith in the correct workings of > a vim plugin that tries to keep your private texts out of temp files and the like. > > And the nephew was the *metaphorical* whizzkid that every now and then comes by > and either completely fixes or catastrophically blows up your computer. I have > no idea about your family and don't intend to have. > > Again, you read something completely different in that mail from what I was > trying to write. > > I apologize that I seem to have offended you, though I am baffled as to how I > did that. > > HTH = Hope To Help, > > Peter. > Peter, there was a question about editor's capabilities which vim is somehow (partially of course) matching - this was a "dry" hint. I'm far from taking on discussion if this is ok, or not and when and for who. Right now I'm baffled too because of your response :) - I didn't felt offended, just replied to message which purpose (in context of my own) I didn't understand. -- With kind regards, Milo From antispam06 at sent.at Sun Sep 9 22:04:59 2012 From: antispam06 at sent.at (antispam06 at sent.at) Date: Sun, 09 Sep 2012 22:04:59 +0200 Subject: A safe text editor In-Reply-To: <504CEB12.9090000@digitalbrains.com> References: <1346830740.32188.140661123812897.4449562B@webmail.messagingengine.com> <504C5E55.9000800@gmail.com> <504C798A.4080507@oneiroi.net> <504CE27B.3020203@digitalbrains.com> <504CE8AF.10709@oneiroi.net> <504CEB12.9090000@digitalbrains.com> Message-ID: <1347221099.15047.140661125644777.0B7EE860@webmail.messagingengine.com> On Sun, Sep 9, 2012, at 21:16, Peter Lebbing wrote: > On 09/09/12 21:06, Milo wrote: > > I'm not sure what you are trying to say/prove by polemics with things I > > didn't wrote. I won't speculate about your faith in editors, your threat > > model, and probably there is no real point for you to speculate about my > > (possible) family and my hard drive data arrangement. > > You seem to have quite misunderstood my mail? There was absolutely > nothing I was > trying to prove by polemics with things you didn't write, I have no clue > whatsoever what you are talking about. Actually he misunderstood my request either. So there's no problem here. It's sad to see that Pretty Good Privacy is just about pretty good and nothing more. People don't seem to care beyond playing 007. In a way it's dramatic given the Industriaised World is all about crunching data. Jake Applebaum was right: people should read IBM and the Holocaust. Myself I've appreciated much your input. Searching a drive for a particular string can work wonders without any need of more elaborate hacking skills. Cheers From nosuchclient at gmail.com Sun Sep 9 22:12:08 2012 From: nosuchclient at gmail.com (No such Client) Date: Sun, 09 Sep 2012 22:12:08 +0200 Subject: A safe text editor In-Reply-To: <1347221099.15047.140661125644777.0B7EE860@webmail.messagingengine.com> References: <1346830740.32188.140661123812897.4449562B@webmail.messagingengine.com> <504C5E55.9000800@gmail.com> <504C798A.4080507@oneiroi.net> <504CE27B.3020203@digitalbrains.com> <504CE8AF.10709@oneiroi.net> <504CEB12.9090000@digitalbrains.com> <1347221099.15047.140661125644777.0B7EE860@webmail.messagingengine.com> Message-ID: <504CF818.8030800@gmail.com> On 09/09/2012 10:04 PM, antispam06 at sent.at wrote: > > It's sad to see that Pretty Good Privacy is just about pretty good and > nothing more. People don't seem to care beyond playing 007. Finally, *someone* gets it. You always have to push the bar of sec and crypto. Not wallow in routines and complacency. That is how people get sloppy, and dogma sets in.. > In a way > it's dramatic given the Industriaised World is all about crunching data. > Jake Applebaum was right: people should read IBM and the Holocaust. > > > Or a modern-day equivalent, how western defence companies knowingly sell/give/transfer armanents to embargoed powers, (cough China, Iran, DPRK) either directly or indirectly against their own or friendly soldiers/civilians ? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: OpenPGP digital signature URL: From peter at digitalbrains.com Sun Sep 9 23:02:30 2012 From: peter at digitalbrains.com (Peter Lebbing) Date: Sun, 09 Sep 2012 23:02:30 +0200 Subject: A safe text editor In-Reply-To: <1347221099.15047.140661125644777.0B7EE860@webmail.messagingengine.com> References: <1346830740.32188.140661123812897.4449562B@webmail.messagingengine.com> <504C5E55.9000800@gmail.com> <504C798A.4080507@oneiroi.net> <504CE27B.3020203@digitalbrains.com> <504CE8AF.10709@oneiroi.net> <504CEB12.9090000@digitalbrains.com> <1347221099.15047.140661125644777.0B7EE860@webmail.messagingengine.com> Message-ID: <504D03E6.5000903@digitalbrains.com> On 09/09/12 22:04, antispam06 at sent.at wrote: > It's sad to see that Pretty Good Privacy is just about pretty good and > nothing more. People don't seem to care beyond playing 007. Are you talking about how an encryption/signing tool is not a text editor?? What's with the sudden demeaning criticism? Peter. PS: I must say I'm a bit surprised nobody here seems to know any good secret-text-editors. I just fail to see how this is a failure of OpenPGP or GnuPG. Or the people here. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From marco+gnupg at websource.ch Sun Sep 9 23:29:44 2012 From: marco+gnupg at websource.ch (Marco Steinacher) Date: Sun, 09 Sep 2012 23:29:44 +0200 Subject: A safe text editor In-Reply-To: <504CE27B.3020203@digitalbrains.com> References: <1346830740.32188.140661123812897.4449562B@webmail.messagingengine.com> <504C5E55.9000800@gmail.com> <504C798A.4080507@oneiroi.net> <504CE27B.3020203@digitalbrains.com> Message-ID: <504D0A48.4060204@websource.ch> Am 09.09.2012 20:39, schrieb Peter Lebbing: > On 09/09/12 13:12, Milo wrote: >> Also there are vim scrips allowing some level of integration with gnupg. > > Personally, I'd have more faith in a text editor that was written ground-up with > security in mind. If you take a full-fledged editor that was never intended to > hide the contents, and then bolt on the security with some scripts, it's quite > likely you're missing some way in which it is leaking your data. Isnt't that the problem with almost any data? At some point you have to decrypt it to edit or view it with some application. Be it an email message, a text file, a picture, or a PDF file. And during this process decrypted data will be stored temporarily in memory or on the disk. I think demanding all allplications to be aware of this and to handle it securely is quite a strong requirement, although somehow reasonable. (And as always, it depends on your threat model of course.) I don't know, for example, how it is done in the Enigmail plugin. Does it prevent Thunderbird to write unecrypted data to memory that could end up in a swap file? Marco From antispam06 at sent.at Sun Sep 9 23:32:06 2012 From: antispam06 at sent.at (antispam06 at sent.at) Date: Sun, 09 Sep 2012 23:32:06 +0200 Subject: A safe text editor In-Reply-To: <504D03E6.5000903@digitalbrains.com> References: <1346830740.32188.140661123812897.4449562B@webmail.messagingengine.com> <504C5E55.9000800@gmail.com> <504C798A.4080507@oneiroi.net> <504CE27B.3020203@digitalbrains.com> <504CE8AF.10709@oneiroi.net> <504CEB12.9090000@digitalbrains.com> <1347221099.15047.140661125644777.0B7EE860@webmail.messagingengine.com> <504D03E6.5000903@digitalbrains.com> Message-ID: <1347226326.31388.140661125665209.62FAF049@webmail.messagingengine.com> On Sun, Sep 9, 2012, at 23:02, Peter Lebbing wrote: > On 09/09/12 22:04, antispam06 at sent.at wrote: > > It's sad to see that Pretty Good Privacy is just about pretty good and > > nothing more. People don't seem to care beyond playing 007. > > Are you talking about how an encryption/signing tool is not a text > editor?? > What's with the sudden demeaning criticism? I just asked around about this issue. And all I get is people telling me how their fav text editor can juggle with private keys too. Than I have to ask some more questions and end up in the same point: they never understood what safe meant. So they never bothered to take the word into account. So for them it translates what text editor can do scripting too. > Peter. > > PS: I must say I'm a bit surprised nobody here seems to know any good > secret-text-editors. I just fail to see how this is a failure of OpenPGP > or > GnuPG. Or the people here. In theory there is no issue with that PGP offers. Given I use the old spy technique of dropping a message. This way I can use an embassy computer. That is cut off from unauthorised physical access and has no network connection. I can upload my message on a virgin piece of media. And find some public toilet to hide it behind the plumbing. Someone might find it by accident. But the encryption is so strong the message is rather pointless. The problem is with the user base. Let me check. Wikipedia says 1991 is the year PGP was born. 1995 is the year Internet for the masses was born. Some time later the 24/7 unlimited net connection became available to the masses. Malware, OS bugs. Searching high and low and nobody I ask has any idea of some basic tools that go hand in hand with such a strong encryption tool. So there might be something in the high waters of the 20+ pages of Google search, but it might be labeled pre?alpha or be unused for the past decade. So how does one work safely with GPG with 2 to 10 copies levitating in the cloud or on the hard drive? In theory one might just pull the network cable out and boot into a second OS. In the same Imaginationland people have been doing only art and phylosophy since 1960s when the machines started to do all the phisical work for each to have food and shelter for free. Don't get me wrong. I'm not judgemental. Everybody with their own fetishes. But I'm starting to see the futility in the search for privacy. From gnupg at oneiroi.net Mon Sep 10 08:43:12 2012 From: gnupg at oneiroi.net (Milo) Date: Mon, 10 Sep 2012 08:43:12 +0200 Subject: A safe text editor In-Reply-To: <1347226326.31388.140661125665209.62FAF049@webmail.messagingengine.com> References: <1346830740.32188.140661123812897.4449562B@webmail.messagingengine.com> <504C5E55.9000800@gmail.com> <504C798A.4080507@oneiroi.net> <504CE27B.3020203@digitalbrains.com> <504CE8AF.10709@oneiroi.net> <504CEB12.9090000@digitalbrains.com> <1347221099.15047.140661125644777.0B7EE860@webmail.messagingengine.com> <504D03E6.5000903@digitalbrains.com> <1347226326.31388.140661125665209.62FAF049@webmail.messagingengine.com> Message-ID: <504D8C00.3060404@oneiroi.net> Hello. On 09/09/2012 11:32 PM, antispam06 at sent.at wrote: > On Sun, Sep 9, 2012, at 23:02, Peter Lebbing wrote: >> On 09/09/12 22:04, antispam06 at sent.at wrote: >>> It's sad to see that Pretty Good Privacy is just about pretty good and >>> nothing more. People don't seem to care beyond playing 007. >> >> Are you talking about how an encryption/signing tool is not a text >> editor?? >> What's with the sudden demeaning criticism? > > I just asked around about this issue. And all I get is people telling me > how their fav text editor can juggle with private keys too. Than I have > to ask some more questions and end up in the same point: they never > understood what safe meant. So they never bothered to take the word into > account. So for them it translates what text editor can do scripting > too. If you are giving such requirements within mail titled "A safe text editor": "(...) but, most important, on the disk (temp files and such). *Having functions to interact with gnupg would be even better*. *The point is to edit a text and have it all encrypted on disk. I'd like one that goes for .asc instead of .txt.*" you can fully expect such answers. If you will view editor's scripting capability as "function to interact with gnupg" this is what you were asking about. Perhaps you should check for some "official"/widely accepted standards describing "secure data modification/handling" without troubling yourself with defining "safe editor". Also considering your chase after "safety" and "privacy" think about focusing on "secure" hardware and OS (could be that your "safe text editor" is a cherry on a rotting cake ;) ). > (...) -- Regards, Milo From john at zultron.com Mon Sep 10 16:28:46 2012 From: john at zultron.com (John Morris) Date: Mon, 10 Sep 2012 09:28:46 -0500 Subject: gpgme passphrase_cb (problem solved) In-Reply-To: <504B7BB7.1070607@zultron.com> References: <504932F8.6040101@zultron.com> <504A9DFF.4030705@zultron.com> <504B7BB7.1070607@zultron.com> Message-ID: <504DF91E.1030205@zultron.com> Hi list, > I believe I've figured out the bigger problem. Partly, yes. AFAICT, the '/usr/bin/gpg' distributed with gnupg v.2 is still not binary compatible with the same from gnupg v.1, and gpgme does not know how to feed it a password using a passphrase_cb. I finally hacked around the problem by recompiling the Fedora 16 RPMs (which have separate gnupg and gnupg2 packages) for EL6. Fedora 18 RPMs do away with gnupg v.1, as do EL6. Curious, but I'm starting to feel silly chattering with myself, so I'm moving on. John From albrecht.will at online.de Mon Sep 10 16:32:19 2012 From: albrecht.will at online.de (Albrecht Will) Date: Mon, 10 Sep 2012 16:32:19 +0200 Subject: Errormessage KGPG in Mint KDE 13 Message-ID: <3474787.GLZTh4ThQa@antilope> Hallo, if I start KGPG I get an error-message translated from German to English): "The start of GNUPG failed..., Details: gpg: Optionendatei ' ~/.gnupg/options': file or folder not found. This is very new for me. I never had this message before since 10 years. Can anyone help? alwi -------------- next part -------------- An HTML attachment was scrubbed... URL: From 4tmuelle at informatik.uni-hamburg.de Mon Sep 10 18:08:46 2012 From: 4tmuelle at informatik.uni-hamburg.de (Tobias Mueller) Date: Mon, 10 Sep 2012 18:08:46 +0200 Subject: Errormessage KGPG in Mint KDE 13 In-Reply-To: <3474787.GLZTh4ThQa@antilope> References: <3474787.GLZTh4ThQa@antilope> Message-ID: <20120910160844.GC15124@rzdspc6.informatik.uni-hamburg.de> Heya :) On Mon, Sep 10, 2012 at 04:32:19PM +0200, Albrecht Will wrote: > if I start KGPG I get an error-message translated from German to English): FWIW: If you start your applications with "LC_ALL=C" in the environment variables, you should get genuine messages, i.e. type "export LC_ALL=C" before then typing "kgpg". > "The start of GNUPG failed..., > Details: gpg: Optionendatei ' ~/.gnupg/options': file or folder not found. > > Can anyone help? > Seems as if gpg can't find ~/.gnupg/options... Cheers, Tobi From vedaal at nym.hush.com Mon Sep 10 19:45:29 2012 From: vedaal at nym.hush.com (vedaal at nym.hush.com) Date: Mon, 10 Sep 2012 13:45:29 -0400 Subject: A safe text editor // why?? Message-ID: <20120910174530.3096CE6739@smtp.hushmail.com> Either people are on their own computers, which they trust, and which they can cleanse the memory and reboot, or they are on untrusted computers, where memory is the least of their problems. In any event, it is simply possible to avoid the entire issue, by booting from static media (i.e. ubuntu) writing to usb only, using any ubuntu editor, and then rebooting when done. vedaal From expires2012 at rocketmail.com Mon Sep 10 21:37:51 2012 From: expires2012 at rocketmail.com (MFPA) Date: Mon, 10 Sep 2012 20:37:51 +0100 Subject: A safe text editor // why?? In-Reply-To: <20120910174530.3096CE6739@smtp.hushmail.com> References: <20120910174530.3096CE6739@smtp.hushmail.com> Message-ID: <1497059493.20120910203751@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Monday 10 September 2012 at 6:45:29 PM, in , vedaal at nym.hush.com wrote: > In any event, it is simply possible to avoid the entire > issue, by booting from static media (i.e. ubuntu) > writing to usb only, using any ubuntu editor, and then > rebooting when done. What about TEMPEST as a potential eavesdropping vector? - -- Best regards MFPA mailto:expires2012 at rocketmail.com A bird in the hand makes it awfully hard to blow your nose -----BEGIN PGP SIGNATURE----- iQCVAwUBUE5BnKipC46tDG5pAQoCcgP/VqPxfpr3ah8hkS32v9jWc44PocG8aIWO Ii0czQM3fGOoHXhfOhy7jyvhnLcPhFfloFrbDaorVJddrM1jf33Bd/FlFQhNjnbI yULZoC3OML6D3FmJIpDMJuZZwgyegEB440XePW/G1x6UhzDGZtEKFYRswUBoeWEn 6JK0t9gJMhY= =8WRG -----END PGP SIGNATURE----- From jones at atmo.arizona.edu Mon Sep 10 21:15:59 2012 From: jones at atmo.arizona.edu (Cyrus Jones) Date: Mon, 10 Sep 2012 12:15:59 -0700 Subject: Gnupg-users Digest, Vol 108, Issue 6 In-Reply-To: References: Message-ID: <504E3C6F.5060208@atmo.arizona.edu> thx On 09/10/2012 10:21 AM, gnupg-users-request at gnupg.org wrote: > Send Gnupg-users mailing list submissions to > gnupg-users at gnupg.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.gnupg.org/mailman/listinfo/gnupg-users > or, via email, send a message with subject or body 'help' to > gnupg-users-request at gnupg.org > > You can reach the person managing the list at > gnupg-users-owner at gnupg.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Gnupg-users digest..." > > > Today's Topics: > > 1. Re: A safe text editor (No such Client) > 2. Re: A safe text editor (Peter Lebbing) > 3. Re: A safe text editor (Marco Steinacher) > 4. Re: A safe text editor (antispam06 at sent.at) > 5. Re: A safe text editor (Milo) > 6. Re: gpgme passphrase_cb (problem solved) (John Morris) > 7. Errormessage KGPG in Mint KDE 13 (Albrecht Will) > 8. Re: Errormessage KGPG in Mint KDE 13 (Tobias Mueller) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sun, 09 Sep 2012 22:12:08 +0200 > From: No such Client > To: gnupg users > Subject: Re: A safe text editor > Message-ID: <504CF818.8030800 at gmail.com> > Content-Type: text/plain; charset="iso-8859-1" > > On 09/09/2012 10:04 PM, antispam06 at sent.at wrote: >> >> It's sad to see that Pretty Good Privacy is just about pretty good and >> nothing more. People don't seem to care beyond playing 007. > Finally, *someone* gets it. You always have to push the bar of sec and > crypto. Not wallow in routines and complacency. That is how people get > sloppy, and dogma sets in.. > >> In a way >> it's dramatic given the Industriaised World is all about crunching data. >> Jake Applebaum was right: people should read IBM and the Holocaust. >> >> >> > > Or a modern-day equivalent, how western defence companies knowingly > sell/give/transfer armanents to embargoed powers, (cough China, Iran, > DPRK) either directly or indirectly against their own or friendly > soldiers/civilians ? > > > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: signature.asc > Type: application/pgp-signature > Size: 195 bytes > Desc: OpenPGP digital signature > URL: > > ------------------------------ > > Message: 2 > Date: Sun, 09 Sep 2012 23:02:30 +0200 > From: Peter Lebbing > To: antispam06 at sent.at > Cc: gnupg-users at gnupg.org > Subject: Re: A safe text editor > Message-ID: <504D03E6.5000903 at digitalbrains.com> > Content-Type: text/plain; charset=UTF-8 > > On 09/09/12 22:04, antispam06 at sent.at wrote: >> It's sad to see that Pretty Good Privacy is just about pretty good and >> nothing more. People don't seem to care beyond playing 007. > > Are you talking about how an encryption/signing tool is not a text editor?? > What's with the sudden demeaning criticism? > > Peter. > > PS: I must say I'm a bit surprised nobody here seems to know any good > secret-text-editors. I just fail to see how this is a failure of OpenPGP or > GnuPG. Or the people here. > -- Cyrus G. Jones Institute of Atmospheric Physics University of Arizona Tucson, Arizona 85721 (520) 444-7662 From ljrhurley at gmail.com Mon Sep 10 22:46:13 2012 From: ljrhurley at gmail.com (Landon Hurley) Date: Mon, 10 Sep 2012 16:46:13 -0400 Subject: A safe text editor // why?? In-Reply-To: <1497059493.20120910203751@my_localhost> References: <20120910174530.3096CE6739@smtp.hushmail.com> <1497059493.20120910203751@my_localhost> Message-ID: <504E5195.20207@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 09/10/2012 03:37 PM, MFPA wrote: > Hi > > > On Monday 10 September 2012 at 6:45:29 PM, in > , vedaal at nym.hush.com > wrote: > > >> In any event, it is simply possible to avoid the entire >> issue, by booting from static media (i.e. ubuntu) >> writing to usb only, using any ubuntu editor, and then >> rebooting when done. > > What about TEMPEST as a potential eavesdropping vector? > If van eck phreaking is a potential surveillance vector, I think that we could categorically conclude that the person is screwed. This is assuming that the person only has access to use the computer. If it's his own computer the first thing I would recommend would be full disk encryption, which should significantly mitigate the need for an additional secure text editor, potentially combined with Tresor. Then, in theory one could use low pass filtering fonts for text data, and as our good friend wikipedia surmises, "randomising the least significant bit of the video data information". However, while it's been a while since I've been playing around with this, I don't recall software security measures ever doing a whole hell of a lot. Hardware solutions tended to be the only real mitigation, and I would strongly recommend a Faraday cage. Maybe some sort of hood made out of wire mesh to stop radiation leakage. Either way, it is both conspicuous, and without controlling the computer, very difficult. ...Or was this just an example of an argumentum ad ridiculum? //landon - -- Violence is the last refuge of the incompetent. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBCgAGBQJQTlF4AAoJEDeph/0fVJWsMKsP/RfzxGnOSXB4m9ZyP0bYxPY7 D0MnDiLNUUxHD5iemffnp3ynNWYfA0mCwzOiD6N9FOhFzeItq4R7aQDbylF6qLYD dkemepMylrSvH5/p3BA4263ayiCyM/LmtLZs7QZ+GGZ6XDB6dkAx/r8DgLZETgN6 6nwGd9lJ2qft49loKo5KF2oCZOLaOCt43O8xdBmJt1YyloA8JMoH8o/rAoOpVyVa sBfBAKuqX/xRLsfoGb6+MwQA4Ugnxnzv4Rl5bqTqE+Y6k3LJ/GEGRC+Wo/a1ADon ePGivvhfc0G+E2g6OBmZS8wJ1FJKn9IvMIDfS5v+LUh7cg0sjc/aifD5KkUOZwRB zLZ0A7uBOQV8akcdxZrYfJLkaw2FX6XDd8eIyEp/mq3uXBx1jQXVGldepnx2pVuf IZ1AQZSHICP040bWP/4vG6F/gFJcgvpqCfieMCDC/4W2KFsxm5dRSdwHj69R3yIS o5vK+qJGxkspm+8wF4xR1mA9CxEQP2pGuiBZNFammluLPEbMKov4S9UQMGH+TxDn 6yK3sQlolMPKSUrNKxyHsbCy+BRzQazFAe/txB6+lhwKi3nxzbdWHBQFoe7NmZh3 8GwuB0ri4azutCSvwUt8WYBvimkmk7I7cKiw5qaCGASiLF2DRXUraC0E7u8VoHnU B/bwavwMWi0d8imMzFt2 =OH7s -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Mon Sep 10 23:55:38 2012 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 10 Sep 2012 17:55:38 -0400 Subject: A safe text editor // why?? In-Reply-To: <1497059493.20120910203751@my_localhost> References: <20120910174530.3096CE6739@smtp.hushmail.com> <1497059493.20120910203751@my_localhost> Message-ID: <504E61DA.8030508@sixdemonbag.org> On 9/10/2012 3:37 PM, MFPA wrote: > What about TEMPEST as a potential eavesdropping vector? First, it's "Van Eck phreaking." TEMPEST refers to a NATO standard for *defending* against Van Eck phreaking. Second, no, of course the distro-on-a-stick doesn't defend against Van Eck phreaking. The only defenses against Van Eck phreaking involve the laws of physics, not mathematics. Working inside a Faraday cage may (may!) give some benefit. Not quite sure, myself.[*] [*] Although a Faraday cage blocks signals from coming *in*, the jury's out on whether it blocks signals from *leaving*. As an example, imagine you have a Faraday cage that's hooked up to electrical ground. You step into the cage while carrying a balloon that you've rubbed on your head a few times. You're locked in the cage. To signal your conspirator that you want out, you touch your balloon to the cage. The conspirator sees a couple of picocoulombs of charge stream to ground, and unlocks the cage. From inside a Faraday cage you've just electrically signaled someone outside the cage, thus demonstrating Faraday cages are *not* an absolute bar against electrical signaling from the inside going out. Whether this thought experiment is applicable to Van Eck is a different matter, of course... but the naive "you can't get any electrical signal out of a Faraday cage" view appears to be wrong, as a matter of physics. From antispam06 at sent.at Tue Sep 11 00:13:15 2012 From: antispam06 at sent.at (antispam06 at sent.at) Date: Tue, 11 Sep 2012 00:13:15 +0200 Subject: A safe text editor // why?? In-Reply-To: <20120910174530.3096CE6739@smtp.hushmail.com> References: <20120910174530.3096CE6739@smtp.hushmail.com> Message-ID: <1347315195.6564.140661126171921.7E64BE20@webmail.messagingengine.com> On Mon, Sep 10, 2012, at 19:45, vedaal at nym.hush.com wrote: > Either people are on their own computers, which they trust, and > which they can cleanse the memory and reboot, or they are on > untrusted computers, where memory is the least of their problems. > > In any event, it is simply possible to avoid the entire issue, by > booting from static media (i.e. ubuntu) writing to usb only, using > any ubuntu editor, and then rebooting when done. Why? For the same reason people are on the Internet when the postal services around the World are fastest than ever and book publisher are delivering each year more books than in the previous. PGP/GPG exist for the exact same reason. I can get a feather and write my letter. Each character written with a wider stroke is a dash and the regular ones are dots in my own gang private Morse Code. I can send the ISBN of a very common book and we can encode somehow the date into the page numbers. Than send the coordinates of the words I want to use. Or get our own private twist to one of the speedwriting alphabets. Steganography? Get a business. Say as a photographer. Send a complimentary framed photo. On the glued side of the frame there is a message. Sky is the limit! The irony: there are probably millions of text editors. And they are all working for the Big Brother. Cheers! From jw72253 at verizon.net Tue Sep 11 02:39:15 2012 From: jw72253 at verizon.net (John A. Wallace) Date: Mon, 10 Sep 2012 19:39:15 -0500 Subject: clearsign in GPA Message-ID: <000301cd8fb5$e060b860$a1222920$@net> Is it true to say, as it appears to me, that I cannot select a file in GPA's File Manager and then use a tool or menu option in order to clearsign the file? Rather, I have to have opened the file first and copied its contents to the Clipboard first, and only then can I clearsign it in GPA after opening the Clipboard? In other words, File Manager lets me sign but not clearsign. Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jw72253 at verizon.net Tue Sep 11 09:12:15 2012 From: jw72253 at verizon.net (John A. Wallace) Date: Tue, 11 Sep 2012 02:12:15 -0500 Subject: options file usage Message-ID: <000601cd8fec$c5d0c620$51725260$@net> I am using Gpg 2.0.17 in Windows. Am I correct in saying that the "options" file, if one existed, should be located in the home directory, i.e., %homepath%\appdata\roaming\gnupg, that it should be named options, and that it would be utilized automatically by the gpg program whenever commands are issued, unless one overrides this functionality by issuing a command at the prompt like so: Gpg --options filename And that no options file, not even the default one in "--homedir" would be used if one were to issue this command at the prompt: Gpg --no-options Finally, any of the long options, but nothing else, can be put into one of these options files but without the two dashes included? From john at zultron.com Tue Sep 11 15:37:31 2012 From: john at zultron.com (John Morris) Date: Tue, 11 Sep 2012 08:37:31 -0500 Subject: A safe text editor // why?? In-Reply-To: <504E61DA.8030508@sixdemonbag.org> References: <20120910174530.3096CE6739@smtp.hushmail.com> <1497059493.20120910203751@my_localhost> <504E61DA.8030508@sixdemonbag.org> Message-ID: <504F3E9B.7010007@zultron.com> On 09/10/2012 04:55 PM, Robert J. Hansen wrote: > Second, no, of course the distro-on-a-stick doesn't defend against Van > Eck phreaking. Distro-on-a-stick doesn't defend against anything if you don't trust the hardware, which you shouldn't if you don't trust the software. It's entirely feasible to set up a machine that appears to be booting your operating system from a normal system BIOS, but is actually booting it in a virtual machine, whose memory, keyboard and video screen are visible to the host OS. Anyway, if you are doing something that is all of (1) highly secret, (2) highly valuable, and (3) in a highly uncontrolled environment and this really is a serious question, you would not be advertising it on a public mailing list. If you are missing any one of those conditions, this can't be considered a question worth spending such extraordinary energy on. John From peter at digitalbrains.com Tue Sep 11 16:04:32 2012 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 11 Sep 2012 16:04:32 +0200 Subject: A safe text editor // why?? In-Reply-To: <504E5195.20207@gmail.com> References: <20120910174530.3096CE6739@smtp.hushmail.com> <1497059493.20120910203751@my_localhost> <504E5195.20207@gmail.com> Message-ID: <504F44F0.9010704@digitalbrains.com> On 10/09/12 22:46, Landon Hurley wrote: > Maybe some sort of hood made out of wire mesh to stop radiation leakage. Ah, you mean a tinfoil hat? ;P Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From peter at digitalbrains.com Tue Sep 11 16:16:42 2012 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 11 Sep 2012 16:16:42 +0200 Subject: A safe text editor // why?? In-Reply-To: <20120910174530.3096CE6739@smtp.hushmail.com> References: <20120910174530.3096CE6739@smtp.hushmail.com> Message-ID: <504F47CA.9040103@digitalbrains.com> On 10/09/12 19:45, vedaal at nym.hush.com wrote: > Either people are on their own computers, which they trust, and > which they can cleanse the memory and reboot, or they are on > untrusted computers, where memory is the least of their problems. I think people want it because editing a text file *now* might expose the data *far into the future*. Temp files and swap pages have the potential to live on your hard disk for a very long time. So you might trust that today your computer is safe, but you might feel less confident that the hard disk in your system now won't somehow be exposed to some bad guy in the possibly rather distant future. By the way, you say cleanse the memory. I'm not sure what you mean. We are talking about temp files and swap pages that end up in random blocks on your hard disk. If that block is then allocated for a 10-byte file, the rest of the block data, containing your decrypted text file, will live for at least as long as the tiny file that is now in that block. The only sure-fire remedy against a temp file that got deleted is a full wipe of the partition the file was on, as far as I know. I have done this one time or another. I knew I wanted to edit some document which would or might end up on my hard disk, but I absolutely wanted it kept "safe". So I made a full image of the hard disk (every single byte of the hard disk), edited the file, then restored the full image, every single byte of it. In this particular case it seemed the easiest way, but it does mean pumping data across for hours. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From peter at digitalbrains.com Tue Sep 11 16:32:39 2012 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 11 Sep 2012 16:32:39 +0200 Subject: A safe text editor In-Reply-To: <504D0A48.4060204@websource.ch> References: <1346830740.32188.140661123812897.4449562B@webmail.messagingengine.com> <504C5E55.9000800@gmail.com> <504C798A.4080507@oneiroi.net> <504CE27B.3020203@digitalbrains.com> <504D0A48.4060204@websource.ch> Message-ID: <504F4B87.9040007@digitalbrains.com> On 09/09/12 23:29, Marco Steinacher wrote: > Isnt't that the problem with almost any data? At some point you have to > decrypt it to edit or view it with some application. > [...] > I think demanding all allplications to be aware of this and to handle it > securely is quite a strong requirement, although somehow reasonable. You are absolutely right. But a text editor should be a rather simple target, and it would fill a lot of needs (secret memo's and such). People never seem to ask for a secure media player or photo editor, and it would be a lot more difficult to write properly. But since a basic text editor shouldn't be that hard to write, I'd think that somebody already designed one that locks its pages in memory and interfaces securely with GnuPG to read and write OpenPGP text files in a way that leaves no trace on hard disks. In fact, I would personally fork over 50 euros for such a "secure" text editor written by an author I trust. Perhaps we could ask Werner Koch to implement a basic text editor and do some sort of fundraiser? I'd trust /him/ to write a proper piece of code :). You want someone who knows where the pitfalls are with keeping all your data in memory and not trusting user input (buffer overflows and such). Validating user input should be straightforward enough if you only allow printable ASCII (and the obvious controls like line feed). Pour in a bit of copy-paste that avoids the system clipboard unless requested by the user, and I think you have a recipe for a pretty functional text editor for playing 007. Or Spy Girls. Perhaps even serious business, although /apparently/ that user base is somewhere else. (Obviously, we need to be a bit more serious and specific about requirements before actually starting this. I want my Spy Girl suit in bright pink.) Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From peter at digitalbrains.com Tue Sep 11 16:39:46 2012 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 11 Sep 2012 16:39:46 +0200 Subject: options file usage In-Reply-To: <000601cd8fec$c5d0c620$51725260$@net> References: <000601cd8fec$c5d0c620$51725260$@net> Message-ID: <504F4D32.7040406@digitalbrains.com> On 11/09/12 09:12, John A. Wallace wrote: > I am using Gpg 2.0.17 in Windows. Am I correct in saying that the "options" > file, if one existed, should be located in the home directory, i.e., > %homepath%\appdata\roaming\gnupg You can see what the home directory of GnuPG is with the command gpgconf --list-dirs > , that it should be named options, and that it would be utilized > automatically by the gpg program whenever commands are issued, unless one > overrides this functionality by issuing a command at the prompt like so: > > Gpg --options filename > > And that no options file, not even the default one in "--homedir" would be > used if one were to issue this command at the prompt: > > Gpg --no-options > > > Finally, any of the long options, but nothing else, can be put into one of > these options files but without the two dashes included? This all sounds about right, but I'm hesitant to outright confirm it because I might have a detail wrong :). And it's a nicely detailed question. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From peter at digitalbrains.com Tue Sep 11 16:57:36 2012 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 11 Sep 2012 16:57:36 +0200 Subject: options file usage In-Reply-To: <504F4D32.7040406@digitalbrains.com> References: <000601cd8fec$c5d0c620$51725260$@net> <504F4D32.7040406@digitalbrains.com> Message-ID: <504F5160.2080105@digitalbrains.com> >> , that it should be named options Oh, wait, no. I think you're supposed to name it gpg.conf, and that "options" is some sort of legacy name that is also accepted? gpg.conf is the normal file you would use to store your configuration, I know that for sure. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From peter at digitalbrains.com Tue Sep 11 17:25:43 2012 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 11 Sep 2012 17:25:43 +0200 Subject: A safe text editor // why?? In-Reply-To: <20120911145712.GA23864@fritha.org> References: <20120910174530.3096CE6739@smtp.hushmail.com> <504F47CA.9040103@digitalbrains.com> <20120911145712.GA23864@fritha.org> Message-ID: <504F57F7.2020801@digitalbrains.com> On 11/09/12 16:57, Heinz Diehl wrote: > You can mount /tmp and the various other tmpfiles to memory. That's > what I do (not for security reasons, but to have the tmp stuff deleted > on reboot). So you store the unencrypted file to /tmp and edit it there with whatever program is needed? Say you're editing an image. Personally, I have a .thumbnails directory in my *home directory*. This would probably include thumbnails of files I edit or browse in my /tmp directory. This leaks image information outside the /tmp partition. So you have to completely trust that the program you're using is keeping all data in /tmp, which I certainly do not. Not in the last place because that was never a requirement when the program was written. > If this makes sense for you, you could easily edit your file, save it > somewhere where it is secured, delete it on the harddisk and fill the > unused space with random noise via dd or similar This is not true. What if the 10-byte file I mentioned gets allocated on the block that contains unencrypted information? There are programs that will try to fill the internal fragmentation (slack space) thus created, but they warn that this is racey for obvious reasons. It's not sure-fire. And then we haven't even started discussing journalling filesystems. > Why don't you just boot from USB-stick or DVD, edit your file, save it > away and reboot? I didn't go into the specifics, partly because I'm not sure anymore. But I am sure that the tools I needed were not in an off-the-shelf live image so that rules out the booting from live option. I wasn't debating the merits of the method, to be honest. I was giving a real-life example of avoiding leaking data to your hard disk. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From htd at fritha.org Tue Sep 11 16:57:12 2012 From: htd at fritha.org (Heinz Diehl) Date: Tue, 11 Sep 2012 16:57:12 +0200 Subject: A safe text editor // why?? In-Reply-To: <504F47CA.9040103@digitalbrains.com> References: <20120910174530.3096CE6739@smtp.hushmail.com> <504F47CA.9040103@digitalbrains.com> Message-ID: <20120911145712.GA23864@fritha.org> On 11.09.2012, Peter Lebbing wrote: > The only sure-fire remedy against a > temp file that got deleted is a full wipe of the partition the file was on, as > far as I know. You can mount /tmp and the various other tmpfiles to memory. That's what I do (not for security reasons, but to have the tmp stuff deleted on reboot). > I have done this one time or another. I knew I wanted to edit some document > which would or might end up on my hard disk, but I absolutely wanted it kept > "safe". So I made a full image of the hard disk (every single byte of the hard > disk), edited the file, then restored the full image, every single byte of it. If this makes sense for you, you could easily edit your file, save it somewhere where it is secured, delete it on the harddisk and fill the unused space with random noise via dd or similar. It's a lot of work, but by far easier than what you did. Why don't you just boot from USB-stick or DVD, edit your file, save it away and reboot? From cloudpg at informationelle-selbstbestimmung-im-internet.de Tue Sep 11 16:58:40 2012 From: cloudpg at informationelle-selbstbestimmung-im-internet.de (Jens Lechtenboerger) Date: Tue, 11 Sep 2012 16:58:40 +0200 Subject: A safe text editor // why?? In-Reply-To: <504F47CA.9040103@digitalbrains.com> (Peter Lebbing's message of "Tue, 11 Sep 2012 16:16:42 +0200") References: <20120910174530.3096CE6739@smtp.hushmail.com> <504F47CA.9040103@digitalbrains.com> Message-ID: <86sjao7gin.fsf@spam.invalid> On Di, Sep 11 2012, Peter Lebbing wrote: > I think people want it because editing a text file *now* might > expose the data *far into the future*. Temp files and swap pages > have the potential to live on your hard disk for a very long time. > [...] > The only sure-fire remedy against a temp file that got deleted is > a full wipe of the partition the file was on, as far as I know. I neither see this as an editor issue nor a GnuPG one. Instead, I'm using full disk encryption. Then I neither have to worry when a device/disk gets stolen nor when it breaks and needs to be disposed. Best wishes Jens From peter at digitalbrains.com Tue Sep 11 17:55:13 2012 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 11 Sep 2012 17:55:13 +0200 Subject: A safe text editor // why?? In-Reply-To: <86sjao7gin.fsf@spam.invalid> References: <20120910174530.3096CE6739@smtp.hushmail.com> <504F47CA.9040103@digitalbrains.com> <86sjao7gin.fsf@spam.invalid> Message-ID: <504F5EE1.3010709@digitalbrains.com> On 11/09/12 16:58, Jens Lechtenboerger wrote: > Instead, I'm using full disk encryption. I also have an OS on full disk encryption (not my regular workstation OS). I still see a use for a "safe" text editor, for example as a lightweight alternative to FDE. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From expires2012 at rocketmail.com Wed Sep 12 22:47:16 2012 From: expires2012 at rocketmail.com (MFPA) Date: Wed, 12 Sep 2012 21:47:16 +0100 Subject: A safe text editor // why?? In-Reply-To: <504E5195.20207@gmail.com> References: <20120910174530.3096CE6739@smtp.hushmail.com> <1497059493.20120910203751@my_localhost> <504E5195.20207@gmail.com> Message-ID: <315864996.20120912214716@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Monday 10 September 2012 at 9:46:13 PM, in , Landon Hurley wrote: > If van eck phreaking is a potential surveillance > vector, I think that we could categorically conclude > that the person is screwed. Is there any truth in the claim from some employers that having a mobile phone switched on within about 3 metres of a computer monitor allows the potential for remote compromise of the data on the screen via the mobile phone network? - -- Best regards MFPA mailto:expires2012 at rocketmail.com Zorba the Greek - before he zorbas you -----BEGIN PGP SIGNATURE----- iQCVAwUBUFD02aipC46tDG5pAQp2rAQAmsvZYrzQ3NTtHZDkyKhw3w/qSr8fOJCe Rk2MaRUEOTxDIaRK308ZE2RtWlYFkaLnzbO/5Jthd2L4PKivIYqcs3Z2G2klcLmw W/LdL8xXrl2VFSNynt8VRWOrAdt5Rv/9uhQuMrjnKkL3KshdnOIvkCGOGVUJKp9I yZ4yY82ANho= =FzvN -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Wed Sep 12 23:29:56 2012 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 12 Sep 2012 17:29:56 -0400 Subject: A safe text editor // why?? In-Reply-To: <315864996.20120912214716@my_localhost> References: <20120910174530.3096CE6739@smtp.hushmail.com> <1497059493.20120910203751@my_localhost> <504E5195.20207@gmail.com> <315864996.20120912214716@my_localhost> Message-ID: <5050FED4.1040507@sixdemonbag.org> On 9/12/12 4:47 PM, MFPA wrote: > Is there any truth in the claim from some employers that having a > mobile phone switched on within about 3 metres of a computer monitor > allows the potential for remote compromise of the data on the screen > via the mobile phone network? Beats me. The real question is, why are you bringing a mobile phone into a secure space in the first place? A smartphone contains a microphone, a camera, a GPS, an always-on network connection, and a lot of closed-source software you can't inspect for security holes. Zero-day exploits exist for both Android and iOS. Add it all up and what you come up with is, don't bring mobile phones into secure spaces. It's not worth the risk. From mercuryrising at hush.ai Thu Sep 13 01:35:05 2012 From: mercuryrising at hush.ai (mercuryrising at hush.ai) Date: Wed, 12 Sep 2012 16:35:05 -0700 Subject: Can IPAD or Android Tablets create Keys and use gnupg Message-ID: <20120912233505.4C747E672D@smtp.hushmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 An old post from last year said: On Wed, Aug 29 at 12:42 AM (UTC), Landon Hurley wrote: _____________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users shavital at mac Jan 23, 2011, 8:48 AM Post #3 of 11 (10237 views) Permalink Re: Gpg for iPhone or iPad Remove Highlighting [In reply to] Benjamin Donnachie wrote the following on 1/23/11 7:08 AM: > There's oPenPG Lite available from the App Store but it doesn't work > with my private key! YMMV of course! > > Ben oPenGP Lite (couldn't find any version without the 'Lite'). This version works one way, it decrypts only, doesn't encrypt. This is a PGP Corporation (owned by Symantec now) App, hence the upper case PGP in oPenGP. I don't know whether there is, or will be, a Mobile GnuPG what will work under iPhone or iPad iOS. I generated on my Mac a new key pair (default RSA/RSA 2048). I didn't want to use my "regular" key. Exported the secret key to the Mac's Desktop. Connected the iPhone via iTunes (hardwired USB) Imported the secret key to the iPhone via iTunes and an App called 'Files' . In 'Files' I could see the key block, select all/copy. Back to oPenGP, Import clipboard, ascertained that the key is now in the keyring. Back to 'Files', set an access locked code. Checked that it works. Deleted the secret key keyblock. Sent myself a test message encrypted with the public key of the above keypair. Downloaded the e-mail in iPhone, select all/copy. Back to oPenGP, Import/Decrypt Clipboard, enter the passphrase. It works. I don't feel at ease having my secret key in my iPhone, but i can learn to live with it, if I really want to use this iPhone feature. I'm not sure I want to. Charly So ios can use PGP on iphones and ipads? What are the security issues? How safe is the private key and pass phrase on these devices? Procopius > APGW functions on android remarkabl y well, with key servers and > key > generation features. The only thing missing that comes to mind > is the > WOT side. As long as this is between friends, that becomes > relatively > unnecessary. Also possible is to just import pre existing keys. > Also of > interest would be whether sufficient entropy exists on the > device to > actually generate a secure key, so caveat emptor, so to speak. > Both > elgamal and rsa keys of up to unspecified sizes can be > generated, but > the instructions within the app suggest 8192 at least; more > than > sufficient. As noted in another reply, PGP/mime is not > supported. That > functionality may be an issue, but given all three of the > replies that > I've seen to your query (including mine) are inline, that > shouldn't be a > problem with day to day operations. > > Attachments do not have sigs produced for them when emailed, but > you can > manually encrypt them using the APG app before attaching them to > an > email. K-9 works well with that app. File compression and > message > compression are both supported, most if not all of the > encryption and > hashing algorithms commonly found in gnupg are incorporated, and > the app > even supports ASCII armoured docs. All in all, an excellent > tool. > Someone recently forked the APG app, around the same time I was > looking > at doing the same, since the project has been inactive for > nearly two > years. His name escapes me, but he also manages the ad-away app. > Also, > The Guardian Project is porting gnupg. > > All in all an excellent project, highly recommended. > > //landon > > > -------- Original Message -------- > From: mercuryrising at hush.ai > Sent: Tue Aug 28 19:49:57 EDT 2012 > To: Mika Suomalainen , > gnupg-users at gnupg.org > Subject: Re: Can IPAD or Android Tablets create Keys and use > gnupg > > Thank you both for replying to my question about IPODs and > Androids. It > sounds like neither will work to be fully functional with gnupg > or PGP > then. Perhaps I should get a small laptop computer. I wonder > if one of > those small driveless computers and a USB storage device would > work. I > need an inexpensive solution for a friend.in Europe. Since > Poland and > the Ukraine are in the European Union there shouldn't be any > problem > using PGP for private communication among friends right? I have > been > using PGP since the 90's as a hobby and believe if privacy is > not use > it will be lost. I used to chat with Julf at Anon penit fi back > then to > but not with PGP. > > Procopius > > On Tue, Aug 28 at 02:04 PM (UTC), Mika Suomalainen > wrote: > > > 28.08.2012 07:48, mercuryrising at hush.ai kirjoitti: > > > Can IPAD or ANDROID TABLETS create gnupgp > private/public > > keys and > > > use gnupg or is that still relegated to Windows/Vista, > Mac > > OSX and > > > Linux on desktop and laptop/notebook computer > platforms? > > > > > > > There is APG (Android Privacy Guard) in Google Play Store, > which > > can > > be used by e.g. K9 Mail, which can sign, decrypt and > encrypt > > messages. > > I am not sure can it generate keys, by itself, but it > accepts > > keys > > created in gnupg. > > > > More information at [APG home page] and [K9 Mail Google > Code > > page]. > > > > [APG home page]:http://thialfihar.org/projects/apg/ > > [K9 Mail Google Code > page]:http://code.google.com/p/k9mail/ > > > > -- > > Mika Suomalainen -----BEGIN PGP SIGNATURE----- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wsBcBAEBAgAGBQJQURwpAAoJEF5jS/7+1VEdO0EH/R7uOHoiy49MEtGeUleJe0+LHRbP idTJNW6p7Tcitko7BK8tA1aS453w07fZX1fYp0HWLN0DHhvJ0J/PX8nHWIGMQGVH/Y6U GZ/AStv78Wip4XXQPSUbqm6x6ERKAU557lovD8r3Z7CsGa0ANFnpmzNjWAdSJbFlt1w1 Sfk9WGi5kZDsLIr3I8+t/YiDXczhw624AL8v1/nILfFApb0tT3D8yUg2rwYw5fiVjJ7R f9oxqOabtVPMcIGKlqBtIIiPfNrvE8NNecMJBFkMKh7kApUvtcVEcGmMA8OhYD698TEN 3uOUia+Oii1J3BXrK56gkkWgUe8rSkGpeBmr/7ktgBk= =VK3S -----END PGP SIGNATURE----- From jhs at berklix.com Thu Sep 13 16:02:56 2012 From: jhs at berklix.com (Julian H. Stacey) Date: Thu, 13 Sep 2012 16:02:56 +0200 Subject: A safe text editor // why?? In-Reply-To: Your message "Wed, 12 Sep 2012 21:47:16 BST." <315864996.20120912214716@my_localhost> Message-ID: <201209131403.q8DE2uDP075409@fire.js.berklix.net> > Is there any truth in the claim from some employers that having a > mobile phone switched on within about 3 metres of a computer monitor > allows the potential for remote compromise of the data on the screen > via the mobile phone network? I wouldnt believe it's common or easily available. Lots of hoaxes on the net, probably some hoaxes feed from internet to vocal & back to net. Fortunately there's hoax buster web sites too. It's an interesting idea though, probably been tried. History: There's been interest in monitoring frequencies of CRTs for decades, but the equipment to do it was a lot bigger than a mobile phone. I recall way back discussion of extra metal screening round a few sensitive CRTs, beyond normal screening. Of course normal screens had metal chassis or some metal coated plastic to reduce RF intereference to neighbouring radio equipment etc. Back then we speculated on efficacy of mesh in front of screen), I saw no equipment, any that did might be less likely to discuss, as certain areas of employment have laws ... It was assumed anything sensitive was in cellars. Not just monitors, but humans speaking - spy films & product catalogues have long featured lasers shined off [dirt on] windows to pick up conversation. Some companies have long had (metal tinted) windows, eg a mobile phone operator, a pharmaceutical company & a tank manufacturer, where one needs to open & stand by a window to use a mobile. Accidental, or an appreciated secondary effect of sun screening to save building air con. costs ? An enhanced non standard phone Might be possible ? - If it had an extra radio receiver squeezed in ? difficult - If extra software squeezed in ? expensive. - extra CPU cycles needed to analyse in real time, (I'll ask a friend in that industry for opinion) - Extra antenna for signals might need to be longer for lower freq. ? CRT freqencies are a few Meg I recall GSM & UMTS: 1 & 2 Gig http://en.wikipedia.org/wiki/GSM_frequency_bands http://en.wikipedia.org/wiki/UMTS_frequency_bands Then consider options to transfer data back to bad guys: Real time high bandwidth data channel, with less processing required ? Lower bandwidth more processing & local store, intermittent call out on maybe eg an Android smart phone ? or even just walk back in office & say "Hi, I left my phone!" & empty it later. It would be expensive, but probably investigations have been tried, funded likely by governments, maybe large private corporations, or indirect from international criminal groups. There's lots of concern about Chinese spieing, theyre not short of budget. Red army apparently owns Huawei, manufacturer of mobile chips, which concerns some a lot. Considering value of secrets that might be harvested, & what it might cost to try - seems likely some will be experimenting, & that those most in the know might be constrained not to say ? Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://berklix.com Reply below not above, like a play script. Indent old text with "> ". Send plain text. Not: HTML, multipart/alternative, base64, quoted-printable. From vedaal at nym.hush.com Thu Sep 13 17:47:06 2012 From: vedaal at nym.hush.com (vedaal at nym.hush.com) Date: Thu, 13 Sep 2012 11:47:06 -0400 Subject: encryption/decryption without files Message-ID: <20120913154706.B2B6910E2C8@smtp.hushmail.com> The discussion about 'safe' text editors brings about an interesting question: Is an editor needed at all? Why not just input text into gnupg and then encrypt the inputted txt without saving it as file at all ? example: $ printf "just a test" | gpg -c -a gpg: using cipher TWOFISH gpg: writing to stdout -----BEGIN PGP MESSAGE----- Version: GnuPG v1.4.11 (MingW32) Comment: passphrase: sss jA0ECgMIJajxa3ELSBlg0kABCUd+YIT+bTKfHTQk0wci13SWrk+8LcYh6AGA9Bnu iu/ZE/7NH14hcUb8GEeGtwt6XNahGN6TSER7MYg0tLTY =hEB7 -----END PGP MESSAGE----- Is there any limitation to the size of such a text message that gnupg can handle when done this way, (or any other problems)? TIA vedaal From mailinglisten at hauke-laging.de Thu Sep 13 18:37:00 2012 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Thu, 13 Sep 2012 18:37 +0200 Subject: encryption/decryption without files In-Reply-To: <20120913154706.B2B6910E2C8@smtp.hushmail.com> References: <20120913154706.B2B6910E2C8@smtp.hushmail.com> Message-ID: <6015457.KrIr6CIpTv@inno> Am Do 13.09.2012, 11:47:06 schrieb vedaal at nym.hush.com: > Is there any limitation to the size of such a text message that > gnupg can handle when done this way, (or any other problems)? There is a limitation in comfort... -- ? PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 555 bytes Desc: This is a digitally signed message part. URL: From Dave.Smith at st.com Thu Sep 13 18:16:29 2012 From: Dave.Smith at st.com (David Smith) Date: Thu, 13 Sep 2012 17:16:29 +0100 Subject: encryption/decryption without files In-Reply-To: <20120913154706.B2B6910E2C8@smtp.hushmail.com> References: <20120913154706.B2B6910E2C8@smtp.hushmail.com> Message-ID: <505206DD.2090407@st.com> On 09/13/12 16:47, vedaal at nym.hush.com wrote: > The discussion about 'safe' text editors brings about an > interesting question: > > Is an editor needed at all? > > Why not just input text into gnupg and then encrypt the inputted > txt without saving it as file at all ? > > example: > > $ printf "just a test" | gpg -c -a OK, so here's a list of issues: 1. If you're going to write it exactly like that, then the plaintext message is going to end up in lots of places where you won't want it, like your shell command history file (unless you disable shell history), (potentially) the output of "ps", etc. 2. On the other hand, you could just run gpg directly, and type your message in on the console as stdin; however, the lack of editing facilities might be somewhat inconvenient (unless you're able to type almost perfectly and able to plan your entire message in your head before you start typing). 3. If you're thinking of piping the output of an existing, unsecured editor into gpg, then that's not going to work, as the "stdout" will contain what it wants to print on the screen and the reactions to all your keypresses, not the actual message. From peter at digitalbrains.com Thu Sep 13 19:18:30 2012 From: peter at digitalbrains.com (Peter Lebbing) Date: Thu, 13 Sep 2012 19:18:30 +0200 Subject: encryption/decryption without files In-Reply-To: <20120913154706.B2B6910E2C8@smtp.hushmail.com> References: <20120913154706.B2B6910E2C8@smtp.hushmail.com> Message-ID: <50521566.80503@digitalbrains.com> On 13/09/12 17:47, vedaal at nym.hush.com wrote: > $ printf "just a test" | gpg -c -a Also, this would obviously end up in the history file unless you turn that off. Better just invoke gpg, start typing and end with Control-D. $ gpg -c -a just a test Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From kristian.fiskerstrand at sumptuouscapital.com Thu Sep 13 18:22:06 2012 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Thu, 13 Sep 2012 18:22:06 +0200 Subject: encryption/decryption without files In-Reply-To: <20120913154706.B2B6910E2C8@smtp.hushmail.com> References: <20120913154706.B2B6910E2C8@smtp.hushmail.com> Message-ID: <5052082E.5080203@sumptuouscapital.com> On 09/13/2012 05:47 PM, vedaal at nym.hush.com wrote: > The discussion about 'safe' text editors brings about an > interesting question: > > Is an editor needed at all? > ... > Is there any limitation to the size of such a text message that > gnupg can handle when done this way, (or any other problems)? > In this particular case you'd display the plaintext in the command line as well as storing it in the history (e.g. bash) . In that sense you'd be far better off just doing "gpg -aer 0xabcdef01" and input the data you want followed by Ctrl+D for unix-like systems or Ctrl+Z && (enter) for windows based shells. hth -- ---------------------------- Kristian Fiskerstrand http://www.sumptuouscapital.com Twitter: @krifisk ---------------------------- "Be a yardstick of quality. Some people aren't used to an environment where excellence is expected." (Steve Jobs) ---------------------------- This email was digitally signed using the OpenPGP standard. If you want to read more about this The book: Sending Emails - The Safe Way: An introduction to OpenPGP security is available in both Amazon Kindle and Paperback format at http://www.amazon.com/dp/B006RSG1S4/ ---------------------------- Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 897 bytes Desc: OpenPGP digital signature URL: From kristian.fiskerstrand at sumptuouscapital.com Thu Sep 13 18:34:01 2012 From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand) Date: Thu, 13 Sep 2012 18:34:01 +0200 Subject: encryption/decryption without files In-Reply-To: <5052082E.5080203@sumptuouscapital.com> References: <20120913154706.B2B6910E2C8@smtp.hushmail.com> <5052082E.5080203@sumptuouscapital.com> Message-ID: <50520AF9.3020307@sumptuouscapital.com> On 09/13/2012 06:22 PM, Kristian Fiskerstrand wrote: > On 09/13/2012 05:47 PM, vedaal at nym.hush.com wrote: >> The discussion about 'safe' text editors brings about an >> interesting question: >> >> Is an editor needed at all? >> > > ... > >> Is there any limitation to the size of such a text message that >> gnupg can handle when done this way, (or any other problems)? >> > > In this particular case you'd display the plaintext in the command line > as well as storing it in the history (e.g. bash) . Apparently only half-awake here, this should of course be amended to include that since the plaintext is shown in the command line it is also available to other users on the system in a process list (e.g. ps) -- ---------------------------- Kristian Fiskerstrand http://www.sumptuouscapital.com Twitter: @krifisk ---------------------------- "Be a yardstick of quality. Some people aren't used to an environment where excellence is expected." (Steve Jobs) ---------------------------- This email was digitally signed using the OpenPGP standard. If you want to read more about this The book: Sending Emails - The Safe Way: An introduction to OpenPGP security is available in both Amazon Kindle and Paperback format at http://www.amazon.com/dp/B006RSG1S4/ ---------------------------- Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 897 bytes Desc: OpenPGP digital signature URL: From peter at digitalbrains.com Thu Sep 13 19:50:00 2012 From: peter at digitalbrains.com (Peter Lebbing) Date: Thu, 13 Sep 2012 19:50:00 +0200 Subject: encryption/decryption without files In-Reply-To: <50520AF9.3020307@sumptuouscapital.com> References: <20120913154706.B2B6910E2C8@smtp.hushmail.com> <5052082E.5080203@sumptuouscapital.com> <50520AF9.3020307@sumptuouscapital.com> Message-ID: <50521CC8.8090609@digitalbrains.com> On 13/09/12 18:34, Kristian Fiskerstrand wrote: > Apparently only half-awake here, this should of course be amended to > include that since the plaintext is shown in the command line it is also > available to other users on the system in a process list (e.g. ps) I just thought of the fact that probably the text can still end up in swap as well. The text is probably in the memory of the shell. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt From galdinocamargo at gmail.com Thu Sep 13 20:46:58 2012 From: galdinocamargo at gmail.com (Rodrigo Galdino Camargo) Date: Thu, 13 Sep 2012 15:46:58 -0300 Subject: Difficulty with gpg - passphrase-fd 0 on CentOS 6 Message-ID: Dear, on CentOS 6 (not tested in previous) below this line insists on opening the box asking me to enter the passphrase: echo $ PASSWORD | gpg - passphrase-fd 0 - no-tty-cv $ ARQ But how is a script that runs from cron need you to do this automatically (in case I have used the standard output of echo). -- *May or may not help me thank you for the time you spent reading my email. Thank you!,* *Rodrigo Galdino,* *Comptia Linux+ Certified* *LPIC-1 - Junior Level Linux Certified NCLA - Novell Certified Linux Administrator* * Novell Data Center Technical Specialist Technical Specifications | SUSE Linux Enterprise Desktop * *Einstein: "A mente que se abre a uma nova id?ia jamais voltar? ao seu tamanho original."* -------------- next part -------------- An HTML attachment was scrubbed... URL: From galdinocamargo at gmail.com Thu Sep 13 20:43:50 2012 From: galdinocamargo at gmail.com (Rodrigo Galdino Camargo) Date: Thu, 13 Sep 2012 15:43:50 -0300 Subject: Dificuldade com gpg --passphrase-fd 0 no CentOS 6 Message-ID: Boa tarde! Prezados, no CentOS 6 (N?o testei nos anteriores) esta linha abaixo insiste em abrir a caixa pedindo-me para digitar a frase secreta: echo $SENHA | gpg --passphrase-fd 0 --no-tty -cv $ARQ Por?m como ? um script que roda pelo cron preciso que fa?a isto automaticamente (no caso tenho usado a sa?da padr?o do echo). -- *Podendo ou n?o me ajudar agrade?o pelo tempo que gastou lendo meu e-mail. Muito obrigado!,* *Rodrigo Galdino,* *Comptia Linux+ Certified* *LPIC-1 - Junior Level Linux Certified NCLA - Novell Certified Linux Administrator* * Novell Data Center Technical Specialist Technical Specifications | SUSE Linux Enterprise Desktop * *Einstein: "A mente que se abre a uma nova id?ia jamais voltar? ao seu tamanho original."* -------------- next part -------------- An HTML attachment was scrubbed... URL: From ricul77 at gmail.com Fri Sep 14 00:02:21 2012 From: ricul77 at gmail.com (Richi Lists) Date: Fri, 14 Sep 2012 00:02:21 +0200 Subject: Signing eMails doesn't work anymore In-Reply-To: <87oblv2yj5.fsf@vigenere.g10code.de> References: <1346101058.4337.23.camel@quadulrich> <87oblv2yj5.fsf@vigenere.g10code.de> Message-ID: <1347573741.4899.10.camel@onenc> Now I had a similar problem with debian packages. That's what I got from dpkg-buildpackage : dpkg-buildpackage: warning: Failed to sign .dsc and .changes file Checking signature on .changes gpg: no valid OpenPGP data found. gpg: the signature could not be verified. Please remember that the signature file (.sig or .asc) should be the first file given on the command line. No signature on ./flightpred_0.0.35~precise_source.changes. I tried both of the following in .bashrc : export GPGKEY=E8401492 export GPGKEY=E8401492! If I try the following manually, then it works: gpg --clearsign -u 'E8401492!' flightpred_0.0.35~precise.dsc The next thing I tried was : dpkg-buildpackage -kE8401492! dpkg-buildpackage -k${GPGKEY} They both work, but that makes me wonder what I set the GPGKEY env var for? Rgds Richard On Di, 2012-08-28 at 10:47 +0200, Werner Koch wrote: > gpg --sign -u 'E8401492!' -v setup_my_system.sh > > to force using the first key on your card. > > > Salam-Shalom, > > Werner > From wk at gnupg.org Fri Sep 14 17:40:37 2012 From: wk at gnupg.org (Werner Koch) Date: Fri, 14 Sep 2012 17:40:37 +0200 Subject: [gnupg-user] Get options from gpg.conf In-Reply-To: ("Jaime =?utf-8?Q?Fern=C3=A1ndez=22's?= message of "Thu, 6 Sep 2012 16:16:42 +0200") References: Message-ID: <877grwliiy.fsf@vigenere.g10code.de> On Thu, 6 Sep 2012 16:16, jaimefdez86 at gmail.com said: > is there any way to dump the options included in gpg.conf like the homedir? gpgconf --list-options gpg lists common options in a machine readable format. --change-options may then be used to, well, chnage the options. gpgconf is part of GnuPG-2. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Fri Sep 14 17:46:35 2012 From: wk at gnupg.org (Werner Koch) Date: Fri, 14 Sep 2012 17:46:35 +0200 Subject: gpgme passphrase_cb (problem solved) In-Reply-To: <504B7BB7.1070607@zultron.com> (John Morris's message of "Sat, 08 Sep 2012 12:09:11 -0500") References: <504932F8.6040101@zultron.com> <504A9DFF.4030705@zultron.com> <504B7BB7.1070607@zultron.com> Message-ID: <87zk4sk3ok.fsf@vigenere.g10code.de> On Sat, 8 Sep 2012 19:09, john at zultron.com said: > I'm pretty sure now that this is correct: gpg2 password input cannot > be captured without the use of a gpg-agent. That is right. gpg2 conceptional does not know anything about the passphrase. This is all up to the gpg-agent. Version 2.1 even removed all passphrase support from gpg2. > Has there been any thought about building a gpg-agent into gpgme that > the passphrase_cb could be hooked into? The passphrase_cb is a pretty No. However, gpg-agent 2.1 has a feature to loop back the passphrase to the client (OPTION pinentry-method=loopback). GPG2 does not yet make use of that. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Fri Sep 14 17:51:34 2012 From: wk at gnupg.org (Werner Koch) Date: Fri, 14 Sep 2012 17:51:34 +0200 Subject: Errormessage KGPG in Mint KDE 13 In-Reply-To: <20120910160844.GC15124@rzdspc6.informatik.uni-hamburg.de> (Tobias Mueller's message of "Mon, 10 Sep 2012 18:08:46 +0200") References: <3474787.GLZTh4ThQa@antilope> <20120910160844.GC15124@rzdspc6.informatik.uni-hamburg.de> Message-ID: <87vcfgk3g9.fsf@vigenere.g10code.de> On Mon, 10 Sep 2012 18:08, 4tmuelle at informatik.uni-hamburg.de said: > Seems as if gpg can't find ~/.gnupg/options... A file which is deprecated in favor of gpg.conf since 1.2.0 (about a decade ago). Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From john at zultron.com Fri Sep 14 20:20:57 2012 From: john at zultron.com (John Morris) Date: Fri, 14 Sep 2012 13:20:57 -0500 Subject: gpgme passphrase_cb (problem solved) In-Reply-To: <87zk4sk3ok.fsf@vigenere.g10code.de> References: <504932F8.6040101@zultron.com> <504A9DFF.4030705@zultron.com> <504B7BB7.1070607@zultron.com> <87zk4sk3ok.fsf@vigenere.g10code.de> Message-ID: <50537589.5000007@zultron.com> Hi Werner, glad to hear from you. On 09/14/2012 10:46 AM, Werner Koch wrote: > On Sat, 8 Sep 2012 19:09, john at zultron.com said: > >> I'm pretty sure now that this is correct: gpg2 password input cannot >> be captured without the use of a gpg-agent. > > That is right. gpg2 conceptional does not know anything about the > passphrase. This is all up to the gpg-agent. Version 2.1 even removed > all passphrase support from gpg2. By 'gpg2' I think you mean '/usr/bin/gpg2'. Thanks for clearing that up. Is there anything different about '/usr/bin/gpg' distributed with gnupg v2 that would allow gpgme's passphrase_cb mechanism to work? Or is passphrase_cb something that only works with gnupg v1, and cannot be made to work with gnupg v2? At this point, that's the main unanswered question for me, and a widely-known answer might help a number of pygpgme users. John From seb.muell at gmx.de Tue Sep 18 22:23:38 2012 From: seb.muell at gmx.de (=?ISO-8859-1?Q?Sebastian_M=FCller?=) Date: Tue, 18 Sep 2012 22:23:38 +0200 Subject: password cache Windows 7 Message-ID: <5058D84A.8000704@gmx.de> hello, i use Gpg4win with Thunderbird and Enigmail on a windows 7. In Thunderbird if i want to decrypt a mail i put the pass-phrase in the opening window and i can decrypt the mail. Than i have the option that the program forget the pass-phrase. But it's says that this makes a external gpg-agent. When i close Thunderbird and reopen it the i mustn't type my pass-phrase to decrypt e-mails. Also if i wait about 10 or 20 minutes. How can i control the gpg-agent? I want that the agent forget the pass-phrase after 5 minutes. Thank you From olav at enigmail.net Wed Sep 19 00:49:01 2012 From: olav at enigmail.net (Olav Seyfarth) Date: Wed, 19 Sep 2012 00:49:01 +0200 Subject: password cache Windows 7 In-Reply-To: <5058D84A.8000704@gmx.de> References: <5058D84A.8000704@gmx.de> Message-ID: <5058FA5D.7030903@enigmail.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hi Sebastian, > How can i control the gpg-agent? http://www.gnupg.org/documentation/manuals/gnupg/Agent-Configuration.html There are a few configuration files needed for gpg-agent. By default they may all be found (or created) in the current GnuPG home directory (e.g. ~/.gnupg): gpg-agent.conf is the standard configuration file read by gpg-agent on startup. It may contain any valid long option; the leading two dashes may not be entered and the option may not be abbreviated. http://www.gnupg.org/documentation/manuals/gnupg/Agent-Options.html#option%20--options --default-cache-ttl n Set the time a cache entry is valid to n seconds. The default is 600 seconds. --max-cache-ttl n Set the maximum time a cache entry is valid to n seconds. After this time a cache entry will be expired even if it has been accessed recently. The default is 2 hours (7200 seconds). --ignore-cache-for-signing This option will let gpg-agent bypass the passphrase cache for all signing operation. Note that there is also a per-session option to control this behaviour but this command line option takes precedence. > I want that the agent forget the pass-phrase after 5 minutes. echo "default-cache-ttl 300" >> ~/.gnupg/gpg-agent.conf Olav - -- The Enigmail Project - OpenPGP Email Security For Mozilla Applications -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Dies ist eine elektronische Signatur - http://www.enigmail.net/ iQGcBAEBAwAGBQJQWPpTAAoJEKGX32tq4e9WqL4L/3Yg8PPkpRE8bZ2dVMdaxP8q Fd5NHYjGnM2E99ErA2vOzHkY7HZz1RPqRxXoMPnsUQeSeA3HKvDFJp3pb+FiQ9Q2 /ZQu3wsLx9fM4BEhHmo7aELGsTfbIPKKQ966JalQcn5zLYSxEaPf9D1z41FamWLC teiVOGJw4LlN5q3ZIFwjpPDhY9MdUKD2uj0wmg4BsL+i+26GcJKlLiJEiZbo12rC N0MeUpkubiEHv9kpuOgA1i3B3yAnxA8P30spK8jVWcmfyS343XX0/hMaCiwRQ6/q LJgJwjCeZyoSaf2tkjsWARMapk0jgvgtYasZEz23robY7MrEoYk7bkDf5lqmxzhv zYXRYFfcBcpjIuh1gcy5YDUN4NWMfY36mY2kxeIqfzqgYfKi6xWb/bwfOvBiTF8i z1NTRArSpWtCfLwRGXyTqTYQbC8R8CcKHL8e2mYxByf7Bk+wzgkSM9jfVuhjsOJU DxMgJffZ/qxXKtVeJs6WH6EDJnK6ck1g2xp29rTsMw== =+s5w -----END PGP SIGNATURE----- From mbrownlee at orbisoft.com Wed Sep 19 06:25:12 2012 From: mbrownlee at orbisoft.com (Mark Brownlee) Date: Wed, 19 Sep 2012 16:25:12 +1200 Subject: Newbie: Commandline still prompting for passphrase? Message-ID: <446B45C7A22D411A887D0E7E70FDD488@MarkVostro> echo MyPasword1432!|"C:\Program Files\GNU\GnuPG\gpg2.exe" --passphrase-fd 0 --homedir "C:\Users\Mark\AppData\Roaming\gnupg" -r "ABC Limited" -o "C:\Users\Mark\Desktop\test-sign-done.txt.gpg" -e --sign "C:\Users\Mark\Desktop\test-sign.txt" Does anyone know why the above still prompts me for a passphrase (I am trying to bypass it)? From ciprian.craciun at gmail.com Thu Sep 20 10:50:57 2012 From: ciprian.craciun at gmail.com (Ciprian Dorin Craciun) Date: Thu, 20 Sep 2012 11:50:57 +0300 Subject: encryption/decryption without files In-Reply-To: <505206DD.2090407@st.com> References: <20120913154706.B2B6910E2C8@smtp.hushmail.com> <505206DD.2090407@st.com> Message-ID: On Thu, Sep 13, 2012 at 7:16 PM, David Smith wrote: > OK, so here's a list of issues: > > 3. If you're thinking of piping the output of an existing, unsecured > editor into gpg, then that's not going to work, as the "stdout" will > contain what it wants to print on the screen and the reactions to all > your keypresses, not the actual message. Not necessarily, because a text editor could do the following... Context: * it's clear that most editors use `ncurses` (or similar) to interact with the console; * and it seems that `ncurses` does use stdin and stdout; But: * when starting a text editor could check if stdin or stdout are pipes and not TTY's; * at the same time it should check that stderr is a TTY; (this is mandatory for the following to work); * if so it could `dup` the stdin and stdout descriptors to obtain a "copy" of the pipes; * and it should `dup2(2,0); dup2(2,1)` to replace the stdin and stdout with a "copy" of the TTY; thus `ncurses` would be very happy; * use the "copy" pipes to take the text, edit it, and write the text out. Thus someone could write something similar like: ~~~~ gpg2 -a -d file-v2.asc ~~~~ Of course (to my knowledge) none of the "mainstream" editors seem to do this. You could also try to "fool" some editors by something like (not tested) (but be careful to save the file as `/dev/fd/5`): ~~~~ gpg2 -a -d ... \ | dump-editor /dev/fd/4 \ 4<&0 0&1 1>/dev/tty \ | gpg -a -e -s ~~~~ Ciprian. P.S.: For some years I'm using my own "homegrown" text editor that does exactly what I've described in the first section. https://github.com/cipriancraciun/simple-console-editor !!! BUT !!! It's written in Python (thus swap is your disclosure enemy), and if it crashes it writes a copy of the text to `/tmp` P.P.S.: I've though for some time to implement something similar in Go... From gnupg-users at henk.geekmail.org Fri Sep 21 12:50:53 2012 From: gnupg-users at henk.geekmail.org (Hendrik Jaeger) Date: Fri, 21 Sep 2012 12:50:53 +0200 Subject: gpgme and keys on smartcards Message-ID: <20120921125053.6f51014b@zwergnase.local.hnjs.ch> Hi, I am trying to replace my "old" keypair with one stored on a smartcard. I have a SCM SPR-332 (reader with pinpad), which seems to work fine with gpg. I can list the cards? contents, create signatures and I?m asked to enter the pin on the pinpad: % gpg -u '3352C710!' -b -a gpgsign.c.old -- I?m asked to enter the pin on the pinpad and do that % gpg --verify gpgsign.c.old.asc gpg: Signature made Fre 21 Sep 2012 12:34:52 CEST using RSA key ID 3352C710 gpg: Good signature from "Hendrik Niklas J?ger " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: C899 4C00 FC3E 8048 4A06 AE7D F562 C121 DC25 6ED6 Subkey fingerprint: 2CE9 418C 8088 A1A2 0B8D 0FE6 861F B11E 3352 C710 3352C710 is the keyid of my signing subkey on the card: % gpg --list-secret-keys /home/henk/.gnupg/secring.gpg ----------------------------- sec 1024D/9914042F 2004-02-27 uid Hendrik Jaeger uid Hendrik Jaeger uid Hendrik Jaeger uid Hendrik Jaeger uid Hendrik Jaeger uid Hendrik Jaeger uid Hendrik Jaeger uid Hendrik Jaeger ssb 1024g/F22214D5 2004-02-27 sec# 2048R/DC256ED6 2012-08-23 uid Hendrik Niklas J?ger ssb> 2048R/3352C710 2012-08-29 ssb> 2048R/769C5F55 2012-08-29 ssb> 2048R/E091D806 2012-08-29 % gpg --edit-key dc256ed6 gpg (GnuPG) 1.4.12; Copyright (C) 2012 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. pub 2048R/DC256ED6 created: 2012-08-23 expires: never usage: SC trust: unknown validity: unknown sub 2048R/3352C710 created: 2012-08-29 expires: 2013-08-29 usage: S sub 2048R/769C5F55 created: 2012-08-29 expires: 2013-08-29 usage: E sub 2048R/E091D806 created: 2012-08-29 expires: 2013-08-29 usage: S [ unknown] (1). Hendrik Niklas J?ger So far everything is good. The problems seem to start when gpgme gets involved. I noticed problems when trying to use the new key on the card for mail-signing in claws-mail and status-signing in psi, which both use gpgme. I was pointed to https://github.com/kylehuff/gpgme-snippets/blob/master/gpgsign/gpgsign.c for a simple signing tool using gpgme. I adjusted it a little to allow specifying the keyid to use, both versions are found on https://gist.github.com/3709761/b4812694312b4a34748a7098eb61f2f9f73635ff. The diff looks like this: % diff gpgsign.c.old gpgsign.c 31a32 > gpgme_key_t secret_key; 64a66,73 > > // Find key to use > err = gpgme_get_key(ctx, keyID, &secret_key, 1); > fail_if_err (err); > > // Adding found key to signers > err = gpgme_signers_add(ctx, secret_key); > fail_if_err (err); (I have almost no experience with C or GPGME, so I?d appreciate any advice on how to make that any better!) It does not seem to work for my new key though: % ./gpgsign 9914042f 'test test test' Signing "test test test" with key 9914042f -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 test test test -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlBcRMUACgkQ5PO/ypkUBC9nPgCfeK4N4j5/jB12l0q1dxEhSmL9 HWwAn1toIdL2pVcgZ2b0j7oAx1hzXG/4 =lk6b -----END PGP SIGNATURE----- Signature made with Key: 50F8BC65295CF4368BC9A3BAE4F3BFCA9914042F Created: 1348224197; Expires 0 Validity: unknown; Signature Status: GOOD % ./gpgsign dc256ed6 'test test test' Signing "test test test" with key dc256ed6 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 test test test gpgsign.c:153: GPGME: No data I have absolutely no idea why that is happening or how to get it working properly. Am I doing something obvious wrong? What other information should I provide? Has anyone experienced similar problems and got them solved? Thank you for reading and any comments! Best regards Hendrik -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From john at zultron.com Fri Sep 21 17:33:05 2012 From: john at zultron.com (John Morris) Date: Fri, 21 Sep 2012 10:33:05 -0500 Subject: Newbie: Commandline still prompting for passphrase? In-Reply-To: <446B45C7A22D411A887D0E7E70FDD488@MarkVostro> References: <446B45C7A22D411A887D0E7E70FDD488@MarkVostro> Message-ID: <505C88B1.2000306@zultron.com> Gnupg2 won't read the password from a fd. You must use a gpg-agent. You can get the expected behavior from gnupg v. 1. John On 09/18/2012 11:25 PM, Mark Brownlee wrote: > echo MyPasword1432!|"C:\Program Files\GNU\GnuPG\gpg2.exe" > --passphrase-fd 0 --homedir "C:\Users\Mark\AppData\Roaming\gnupg" -r > "ABC Limited" -o "C:\Users\Mark\Desktop\test-sign-done.txt.gpg" -e > --sign "C:\Users\Mark\Desktop\test-sign.txt" > > Does anyone know why the above still prompts me for a passphrase (I am > trying to bypass it)? > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From mailinglisten at hauke-laging.de Fri Sep 21 17:40:45 2012 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Fri, 21 Sep 2012 17:40:45 +0200 Subject: Newbie: Commandline still prompting for passphrase? In-Reply-To: <505C88B1.2000306@zultron.com> References: <446B45C7A22D411A887D0E7E70FDD488@MarkVostro> <505C88B1.2000306@zultron.com> Message-ID: <1837404.U91c2HYVhl@inno> Am Fr 21.09.2012, 10:33:05 schrieb John Morris: > Gnupg2 won't read the password from a fd. You must use a gpg-agent. > > You can get the expected behavior from gnupg v. 1. For gpg-agent the helper program gpg-preset-passphrase can be used. Hauke -- ? PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 555 bytes Desc: This is a digitally signed message part. URL: From david at gbenet.com Fri Sep 21 19:31:23 2012 From: david at gbenet.com (david at gbenet.com) Date: Fri, 21 Sep 2012 18:31:23 +0100 Subject: revoked DF951131 Message-ID: <505CA46B.2020908@gbenet.com> Hi All, I have revoked my public and private key DF951131 (postmaster at gbenet.com) and sent a revocation certificate to key servers - if you see it's been revoked after the update you can delete the key. Over the next few days I will create another. David -- https://linuxcounter.net/user/512854.html - http://gbenet.com/blog - cryptology - for books howto's - mailing lists and more From mbrownlee at orbisoft.com Sat Sep 22 02:30:13 2012 From: mbrownlee at orbisoft.com (MarkB123) Date: Fri, 21 Sep 2012 17:30:13 -0700 (PDT) Subject: Newbie: Commandline still prompting for passphrase? In-Reply-To: <1837404.U91c2HYVhl@inno> References: <446B45C7A22D411A887D0E7E70FDD488@MarkVostro> <505C88B1.2000306@zultron.com> <1837404.U91c2HYVhl@inno> Message-ID: <34465036.post@talk.nabble.com> Thanks. I was able to get it to work using the --batch command. Hauke Laging wrote: > > Am Fr 21.09.2012, 10:33:05 schrieb John Morris: >> Gnupg2 won't read the password from a fd. You must use a gpg-agent. >> >> You can get the expected behavior from gnupg v. 1. > > For gpg-agent the helper program gpg-preset-passphrase can be used. > > > Hauke > -- > ? > PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > -- View this message in context: http://old.nabble.com/Newbie%3A-Commandline-still-prompting-for-passphrase--tp34450891p34465036.html Sent from the GnuPG - User mailing list archive at Nabble.com. From mbrownlee at orbisoft.com Sat Sep 22 02:30:46 2012 From: mbrownlee at orbisoft.com (MarkB123) Date: Fri, 21 Sep 2012 17:30:46 -0700 (PDT) Subject: Newbie: Commandline still prompting for passphrase? In-Reply-To: <505C88B1.2000306@zultron.com> References: <446B45C7A22D411A887D0E7E70FDD488@MarkVostro> <505C88B1.2000306@zultron.com> Message-ID: <34465038.post@talk.nabble.com> Thanks. I was able to get it to work using the --batch command. John Morris-8 wrote: > > Gnupg2 won't read the password from a fd. You must use a gpg-agent. > > You can get the expected behavior from gnupg v. 1. > > John > > > On 09/18/2012 11:25 PM, Mark Brownlee wrote: >> echo MyPasword1432!|"C:\Program Files\GNU\GnuPG\gpg2.exe" >> --passphrase-fd 0 --homedir "C:\Users\Mark\AppData\Roaming\gnupg" -r >> "ABC Limited" -o "C:\Users\Mark\Desktop\test-sign-done.txt.gpg" -e >> --sign "C:\Users\Mark\Desktop\test-sign.txt" >> >> Does anyone know why the above still prompts me for a passphrase (I am >> trying to bypass it)? >> >> _______________________________________________ >> Gnupg-users mailing list >> Gnupg-users at gnupg.org >> http://lists.gnupg.org/mailman/listinfo/gnupg-users > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > -- View this message in context: http://old.nabble.com/Newbie%3A-Commandline-still-prompting-for-passphrase--tp34450891p34465038.html Sent from the GnuPG - User mailing list archive at Nabble.com. From john at zultron.com Sun Sep 23 06:51:53 2012 From: john at zultron.com (John Morris) Date: Sat, 22 Sep 2012 23:51:53 -0500 Subject: Newbie: Commandline still prompting for passphrase? In-Reply-To: <34465036.post@talk.nabble.com> References: <446B45C7A22D411A887D0E7E70FDD488@MarkVostro> <505C88B1.2000306@zultron.com> <1837404.U91c2HYVhl@inno> <34465036.post@talk.nabble.com> Message-ID: <505E9569.1000702@zultron.com> On 09/21/2012 07:30 PM, MarkB123 wrote: > > Thanks. I was able to get it to work using the --batch command. Wow, that contradicts advice I received here recently. Thanks for reporting back. John > > > Hauke Laging wrote: >> >> Am Fr 21.09.2012, 10:33:05 schrieb John Morris: >>> Gnupg2 won't read the password from a fd. You must use a gpg-agent. >>> >>> You can get the expected behavior from gnupg v. 1. >> >> For gpg-agent the helper program gpg-preset-passphrase can be used. >> >> >> Hauke >> -- >> ? >> PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 >> >> >> _______________________________________________ >> Gnupg-users mailing list >> Gnupg-users at gnupg.org >> http://lists.gnupg.org/mailman/listinfo/gnupg-users >> >> > From mbrownlee at orbisoft.com Mon Sep 24 01:05:02 2012 From: mbrownlee at orbisoft.com (Mark Brownlee) Date: Mon, 24 Sep 2012 11:05:02 +1200 Subject: Newbie: Commandline still prompting for passphrase? In-Reply-To: <505E9569.1000702@zultron.com> References: <446B45C7A22D411A887D0E7E70FDD488@MarkVostro> <505C88B1.2000306@zultron.com> <1837404.U91c2HYVhl@inno> <34465036.post@talk.nabble.com> <505E9569.1000702@zultron.com> Message-ID: <5FF64276C4A240C6A3C9E7778BE5E4EE@MarkVostro> OK. You're welcome. ----- Original Message ----- From: "John Morris" To: "MarkB123" Cc: Sent: Sunday, September 23, 2012 4:51 PM Subject: Re: Newbie: Commandline still prompting for passphrase? > On 09/21/2012 07:30 PM, MarkB123 wrote: >> >> Thanks. I was able to get it to work using the --batch command. > > Wow, that contradicts advice I received here recently. Thanks for > reporting back. > > John > > >> >> >> Hauke Laging wrote: >>> >>> Am Fr 21.09.2012, 10:33:05 schrieb John Morris: >>>> Gnupg2 won't read the password from a fd. You must use a gpg-agent. >>>> >>>> You can get the expected behavior from gnupg v. 1. >>> >>> For gpg-agent the helper program gpg-preset-passphrase can be used. >>> >>> >>> Hauke >>> -- >>> ? >>> PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 >>> >>> >>> _______________________________________________ >>> Gnupg-users mailing list >>> Gnupg-users at gnupg.org >>> http://lists.gnupg.org/mailman/listinfo/gnupg-users >>> >>> >> From rikhard.fsoss at gmail.com Mon Sep 10 19:41:33 2012 From: rikhard.fsoss at gmail.com (rikhard) Date: Mon, 10 Sep 2012 18:41:33 +0100 Subject: A safe text editor (No such Client) In-Reply-To: References: Message-ID: <504E264D.4090003@gmail.com> On 09/10/2012 06:21 PM, gnupg-users-request at gnupg.org wrote: > Send Gnupg-users mailing list submissions to > gnupg-users at gnupg.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.gnupg.org/mailman/listinfo/gnupg-users > or, via email, send a message with subject or body 'help' to > gnupg-users-request at gnupg.org > > You can reach the person managing the list at > gnupg-users-owner at gnupg.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Gnupg-users digest..." > > > Today's Topics: > > 1. Re: A safe text editor (No such Client) > About the safe text editor, the safest one is the one which is running on a operating system without a connection to any network. just use something like this https://www.privacy-cd.org/en/home-mainmenu-71/55-was-ist-ubuntu-privacy-remix do what you have to do, write read etc encrypt it and then copy it to a pen and send it from another OS with a network connection. RN -- "They who would give up an essential liberty for temporary security, deserve neither liberty or security." Benjamin Franklin Always use Free Software/Open Source Software (http://www.gnu.org) GNU/Linux is an operating system, entirely free, as in Freedom/Livre http://www.tuxradar.com/newtolinux Open source software alternatives to well-known commercial software - http://www.osalt.com/ * http://www.linuxalt.com/ Firefox / Thunderbird - Rediscover the web - http://www.mozilla.org/ Please don?t send me MS-Office attachments, use instead an open file format such as the one provided by LibreOffice / OpenOffice.org or PDF (https://www.libreoffice.org/ * http://pt.openoffice.org/ * http://www.odfalliance.org/) Os meus Blogs - http://agrandevaga.blogspot.com/ GnuPG/PGP - 1024D/AD29C160 - http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xedec8399ad29c160 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4918 bytes Desc: S/MIME Cryptographic Signature URL: From Hemant.Rumde at us.ing.com Wed Sep 12 19:58:46 2012 From: Hemant.Rumde at us.ing.com (Hemant Rumde) Date: Wed, 12 Sep 2012 17:58:46 +0000 Subject: GPG decryption in batch Message-ID: Hi, I am working in ING US Boston area. We were planning to use Symantec PGP for our requirements. However due to license cost, management has decided to use GNU GPG. Daily we receive many encrypted files from our business partners. Some files are received on Linux/Unix while some are on Windows. Our decryption operation is automated by Perl and shell scripts. On Linux/Unix, all batch scripts are decrypting files successfully. On windows, we are using cygwin. In bash shell on cygwin, I get window prompt for passphrase. I guess, windows gpg does not accept passphrase from command line or from a file. Is there any option to specify passphrase in batch process? I want to avoid window prompt for passphrase. There would be 500 to 600 encrypted files. Our operator cannot enter passphrase for each file. Thanks Hemant ING US Boston --------------------------------------------------------- NOTICE: The information contained in this electronic mail message is confidential and intended only for certain recipients. If you are not an intended recipient, you are hereby notified that any disclosure, reproduction, distribution or other use of this communication and any attachments is strictly prohibited. If you have received this communication in error, please notify the sender by reply transmission and delete the message without copying or disclosing it. ============================================================================================ -------------- next part -------------- An HTML attachment was scrubbed... URL: From dima at dzhus.org Fri Sep 21 11:49:17 2012 From: dima at dzhus.org (Dmitry Dzhus) Date: Fri, 21 Sep 2012 13:49:17 +0400 Subject: Main encryption subkey Message-ID: <468481348220957@web12g.yandex.ru> How are you gentlemen! I've generated a keypair of two non-expiring RSA keys (SC and E). In addition to them I created 3 expiring subkeys for S/E/A to be used with my smartcard. My computer keyring contains public parts for all the keys and stubs for secret parts of 3 smartcard keys. Full secret keyring is stored in a secure location. Here's my public keyring: pub 2048R/377EBC45 created: 2012-09-20 expires: never usage: SC trust: ultimate validity: ultimate sub 2048R/3A61AC1C created: 2012-09-20 expires: 2013-09-20 usage: S sub 2048R/22F8E3BB created: 2012-09-20 expires: 2013-09-20 usage: E sub 2048R/1BC713CC created: 2012-09-20 expires: 2013-09-20 usage: A sub 2048R/46503FAD created: 2012-09-20 expires: never usage: E [ultimate] (1). Dmitry Dzhus 46503FAD is the key created when generating the original keypair. Three expiring subkeys are those for the card. Now that I've pushed my keys to keyservers, my concern is how GnuPG will pick an encryption subkey when people try to encrypt a message for me, and won't it be confusing for others to see a several encryption subkeys on my keyring? Since I have only 22F8E3BB easily accessible from my smartcard, it's the key I'd prefer to be used. Apparently GnuPG's behaviour matches this intent: dzhus at glacier ~ $ LC_ALL="C" gpg -v -r Dzhus -e passwords gpg: using PGP trust model gpg: using subkey 22F8E3BB instead of primary key 377EBC45 gpg: This key belongs to us gpg: reading from `passwords' gpg: writing to `passwords.gpg' gpg: RSA/AES256 encrypted for: "22F8E3BB Dmitry Dzhus " dzhus at glacier ~ $ LC_ALL="C" gpg -v -r 46503FAD -e passwords gpg: using subkey 22F8E3BB instead of primary key 377EBC45 gpg: using PGP trust model gpg: This key belongs to us gpg: reading from `passwords' gpg: writing to `passwords.gpg' gpg: RSA/AES256 encrypted for: "22F8E3BB Dmitry Dzhus " Does GnuPG pick the most recent key? From mailinglisten at hauke-laging.de Mon Sep 24 16:46:07 2012 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Mon, 24 Sep 2012 16:46:07 +0200 Subject: Main encryption subkey In-Reply-To: <468481348220957@web12g.yandex.ru> References: <468481348220957@web12g.yandex.ru> Message-ID: <12749362.EhA1qb3yP2@inno> Am Fr 21.09.2012, 13:49:17 schrieb Dmitry Dzhus: > Does GnuPG pick the most recent key? Yes but this is not enforced by the standard. So it would be OK for another implementation to do differently. Hauke -- ? PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 555 bytes Desc: This is a digitally signed message part. URL: From mailinglisten at hauke-laging.de Mon Sep 24 19:06:17 2012 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Mon, 24 Sep 2012 19:06:17 +0200 Subject: collision vs. preimage attacks: policy for signing data created by others Message-ID: <19020731.ZpegxAa7VX@inno> Hello, not a GnuPG specific problem but perhaps relevant to GnuPG users. Given the much bigger difficulty of preimage attacks, would a rule make sense not to sign a document that someone else has created (and thus been given the opportunity for a collision attack)? The solution would be to change the file in a way that does not affect the meaning (e.g. an additional space somewhere) and can easily be detected to match this condition. There could even be a field especially for a random modification by the recipient. Often documents have to be signed by both parties. How can the sender be safe against a collision attack by the recipient's modification? One aspect is time. If you get the document back within days it seems very hard to get the attack done in that time. But perhaps it also helps to have certain requirements for the modification; requirements which make a collision attack a lot harder (but are easy to check). I can just guess what that may be. Perhaps the combination of a random value and its hash: ACAM: JIu1ZmRJdYFH9wVspZr9 a6dd2f422f95606ff3e1de4ccb662f5f3a876d92 There could be one such Anti Collision Attack Modification field for each party. It would make sense to require a hash algorithm with heavy CPU load for this. But perhaps this is exaggerated and the additional space serves just as well? :-) Of course, this is not intended as a possibility to continue using hash functions with known collision attacks but as a precautionary measure as you can never be sure that you know all your attacker knows (who need not even be the one you want to make a treaty with). Probably not even the majority of OpenPGP users is immediately aware of the publishing of new attacks. Hauke -- ? PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 555 bytes Desc: This is a digitally signed message part. URL: From james.bunnell at teligy.com Mon Sep 24 15:12:20 2012 From: james.bunnell at teligy.com (James Bunnell) Date: Mon, 24 Sep 2012 09:12:20 -0400 Subject: use of multiple keys Message-ID: <50605C34.8070002@teligy.com> Hi Users-Group, Recently, my hard drive containing my secret key side of the pair crashed, with no backup. I have created a new pair for encryption use, but that makes all the old email others have of mine unusable. Is there a setting which allows other recipients, who have both public-key sets to use them interchangeably so that old and new encrypted email are usable? Thanks James Bunnell From hka at qbs.com.pl Tue Sep 25 17:24:43 2012 From: hka at qbs.com.pl (Hubert Kario) Date: Tue, 25 Sep 2012 17:24:43 +0200 Subject: use of multiple keys In-Reply-To: <50605C34.8070002@teligy.com> References: <50605C34.8070002@teligy.com> Message-ID: <3145303.sJl9ddX75O@k85hala03> On Monday 24 of September 2012 09:12:20 James Bunnell wrote: > Is there a setting which allows other recipients, who have both > public-key sets to use them interchangeably so that old and new > encrypted email are usable? I'd guess so. My experience is restricted to S/MIME part of GPG used through kmail, but when a person has two valid certificates I'm presented with a dialog asking me which cert to use for encryption. Small note though: I can save my choice and I won't be asked again about this e-mail. I'd say that other MUAs have similar abilities. So, it's not foolproof, but should be usable as long as the user knows what he's doing. Regards, -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawer?w 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl From koukopoulos at gmail.com Wed Sep 26 14:08:51 2012 From: koukopoulos at gmail.com (Kostantinos Koukopoulos) Date: Wed, 26 Sep 2012 15:08:51 +0300 Subject: regenerate sub key binding, change primary key to subkey Message-ID: Hi, I've been reading Atom Smasher's tutorial [1] about migrating a key to another, but unfortunately from some experimentation his warning [2] about it needing an update seems spot-on. I wonder if someone could mention what issues there are with it and maybe help me move a recently recovered key into my current key. My problem, possibly unrelated to the outdatedness of the tutorial, is that after following through with the instructions I get keyrings that look almost completely right but are unusable in at least two ways: 1) upon export and import gpg loses the public part of the old, formerly primary key. 2) upon signing gpg complains that the subkey is unusable. One thing that doesn't seem right is that the subkey's key usage flags go missing, even though --list-packets shows the key flags. Also --edit-keys only temporarily updates the expiration period, which is lost after typing 'save'. Here is an example output from the resulting keyrings: $ date | gpg -u '3FA8B141!' --clearsign --debug 64 gpg: WARNING: unsafe permissions on homedir `/tmp/test' gpg: NOTE: no default option file `/tmp/test/gpg.conf' Warning: using insecure memory! gpg: enabled debug flags: cache gpg: DBG: finish_lookup: checking key ABFB5763 (all)(req_usage=0) gpg: DBG: using key ABFB5763 gpg: DBG: finish_lookup: checking key ABFB5763 (one)(req_usage=1) gpg: DBG: checking subkey 3FA8B141 gpg: DBG: subkey not valid gpg: DBG: no suitable key found - giving up gpg: skipped "3FA8B141!": Unusable secret key gpg: [stdin]: clearsign failed: Unusable secret key secmem usage: 0/32768 bytes in 0 blocks I assume that gpg does not regenerate the key-binding signature correctly or at all. If this is the problem, is there an alternative way to fix the keyring? Many thanks for any hints or solutions, Konstantinos 1. http://atom.smasher.org/gpg/gpg-migrate.txt 2. http://atom.smasher.org/gpg/ From mailinglisten at hauke-laging.de Thu Sep 27 06:49:34 2012 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Thu, 27 Sep 2012 06:49:34 +0200 Subject: key specification by word match does not work as expected Message-ID: <1464021.eahaRdE5dE@inno> Hello, ijust read this in the man page: ########################### By word match. All words must match exactly (not case sensitive) but can appear in any order in the user ID or a subjects name. Words are any sequences of letters, digits, the underscore and all characters with bit 7 set. +Heinrich Heine duesseldorf ########################### So I tried: start cmd:> gpg --list-keys ="Hauke Laging " pub 1024D/0xECCB5814 2005-09-05 uid [ uneing.] Hauke Laging [...] BUT: start cmd:> LC_ALL=C gpg --list-keys +"Hauke Laging" gpg: error reading key: No public key Right before sending this mail I noticed that it is the quotes: start cmd:> gpg --list-keys +Hauke Laging pub 1024D/0xECCB5814 2005-09-05 uid [ uneing.] Hauke Laging [...] I find this strange because non-quoting of arguments is generally unusual. Furthermore key selection can occur in the options part of the command line though I admit that word match is probably mostly used for finding a key instead of for specifying it in another command. Next step of insight: Leaving out the quotes does not solve that problem but makes it worse: +Hauke Laging without quotes is not understood by gpg as "Find all UIDs which contain the words 'Hauke' and 'Laging'" but as an OR relation of "Find all UIDs that contain Laging" and whatever. Even stranger: start cmd:> gpg --list-keys +lalala Laging works (finds all the UIDs with "Laging") but doesn't the other way round: start cmd:> LC_ALL=C gpg --list-keys lalala +Laging gpg: error reading key: No public key start cmd:> LC_ALL=C gpg --list-keys +Hauke gpg: error reading key: No public key Hauke -- ? PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 555 bytes Desc: This is a digitally signed message part. URL: From wk at gnupg.org Thu Sep 27 17:03:36 2012 From: wk at gnupg.org (Werner Koch) Date: Thu, 27 Sep 2012 17:03:36 +0200 Subject: key specification by word match does not work as expected In-Reply-To: <1464021.eahaRdE5dE@inno> (Hauke Laging's message of "Thu, 27 Sep 2012 06:49:34 +0200") References: <1464021.eahaRdE5dE@inno> Message-ID: <87mx0b4iev.fsf@vigenere.g10code.de> On Thu, 27 Sep 2012 06:49, mailinglisten at hauke-laging.de said: > ijust read this in the man page: > > ########################### > By word match. Well, case '+': /* Compare individual words. Note that this has not yet been implemented in the search code. */ mode = KEYDB_SEARCH_MODE_WORDS; s++; desc->u.name = s; break; :-( > start cmd:> gpg --list-keys +Hauke Laging > pub 1024D/0xECCB5814 2005-09-05 > uid [ uneing.] Hauke Laging > [...] > > I find this strange because non-quoting of arguments is generally unusual. gpg does not know about the quotes - that is a shell thing. In your example above youy are looking for two user ids: "+Hauke" or "Laging". Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Thu Sep 27 16:54:39 2012 From: wk at gnupg.org (Werner Koch) Date: Thu, 27 Sep 2012 16:54:39 +0200 Subject: [Announce] Libksba 1.3.0 released Message-ID: <87r4pn4its.fsf@vigenere.g10code.de> Hello! I am pleased to announce version 1.3.0 of Libksba. Libksba is an X.509 and CMS (PKCS#7) library. It is for example required to build the S/MIME part of GnuPG-2 (gpgsm). The only build requirement for Libksba itself is the libgpg-error package. There are no other dependencies; actual cryptographic operations need to be done by the user. Libksba is distributed under the LGPLv3+/GPLv2+. There are no user tools accompanying this software, thus it is mostly relevant to developers. The main reason for this release is the change to the GNU Lesser General Public License. You may download the library and its OpenPGP signature from: ftp://ftp.gnupg.org/gcrypt/libksba/libksba-1.3.0.tar.bz2 (610k) ftp://ftp.gnupg.org/gcrypt/libksba/libksba-1.3.0.tar.bz2.sig As an alternative you may use a patch file to upgrade the previous version of the library: ftp://ftp.gnupg.org/gcrypt/libksba/libksba-1.2.0-1.3.0.diff.bz2 (217k) SHA-1 checksums are: 241afcb2dfbf3f3fc27891a53a33f12d9084d772 libksba-1.3.0.tar.bz2 17f6e5fe2fdf6f9205cdec9de0e17194f4ece048 libksba-1.2.0-1.3.0.diff.bz2 Noteworthy changes in version 1.3.0 (2012-09-27) ------------------------------------------------ * Changed the license of the library from GPLv3 to LGPLv3/GPLv2; see the file AUTHORS for details. * Minor bug fixes. Commercial support contracts for Libksba are available, and they help finance continued maintenance. g10 Code, a Duesseldorf based company owned and headed by Libksba's principal author, is currently funding its development. We are always looking for interesting development projects. See also http://www.gnupg.org/service.html . Happy hacking, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 203 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From christian at quelltextlich.at Fri Sep 28 12:21:38 2012 From: christian at quelltextlich.at (Christian Aistleitner) Date: Fri, 28 Sep 2012 12:21:38 +0200 Subject: Support of card readers with displays Message-ID: <20120928102138.GA3409@quelltextlich.at> Dear list, while several shops list smart card readers having built-in pin pads and displays, I fail to find even a single such reader that is fully supported by GnuPG. By that I mean - Signing, encrypting, and other basic operations work, - Pin entry via the card reader's pin pad is possible, and - Pin prompts get shown on the card reader's display. The list's last item is the problem. Am I just lacking search engine foo, or does no such card reader exist? Best regards, Christian P.S.: Required operating systems, driver layers, etc are less of an issue. But there are bonus points if the reader can be used under GNU/Linux using free software only. -- ---- quelltextlich e.U. ---- \\ ---- Christian Aistleitner ---- Companies' registry: 360296y in Linz Christian Aistleitner Gruendbergstrasze 65a Email: christian at quelltextlich.at 4040 Linz, Austria Phone: +43 732 / 26 95 63 Fax: +43 732 / 26 95 63 Homepage: http://quelltextlich.at/ --------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 490 bytes Desc: Digital signature URL: From mailinglisten at hauke-laging.de Fri Sep 28 23:38:57 2012 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Fri, 28 Sep 2012 23:38:57 +0200 Subject: key specification by word match does not work as expected In-Reply-To: <87mx0b4iev.fsf@vigenere.g10code.de> References: <1464021.eahaRdE5dE@inno> <87mx0b4iev.fsf@vigenere.g10code.de> Message-ID: <1614882.IrIqFSbny6@inno> Am Do 27.09.2012, 17:03:36 schrieb Werner Koch: > case '+': /* Compare individual words. Note that this has not > yet been implemented in the search code. */ No big problem, the few cases in which that may be needed can easily be covered externally. But wouldn't it make sense to take this feature out of the documentation then and maybe issue a warning if this mode is encountered? Hauke -- ? PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 555 bytes Desc: This is a digitally signed message part. URL: From wk at gnupg.org Sat Sep 29 12:03:33 2012 From: wk at gnupg.org (Werner Koch) Date: Sat, 29 Sep 2012 12:03:33 +0200 Subject: key specification by word match does not work as expected In-Reply-To: <1614882.IrIqFSbny6@inno> (Hauke Laging's message of "Fri, 28 Sep 2012 23:38:57 +0200") References: <1464021.eahaRdE5dE@inno> <87mx0b4iev.fsf@vigenere.g10code.de> <1614882.IrIqFSbny6@inno> Message-ID: <87r4pl2lje.fsf@vigenere.g10code.de> On Fri, 28 Sep 2012 23:38, mailinglisten at hauke-laging.de said: > No big problem, the few cases in which that may be needed can easily be > covered externally. But wouldn't it make sense to take this feature out of the > documentation then and maybe issue a warning if this mode is encountered? Aehm, yes. Or implement it. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From david at gbenet.com Sat Sep 29 18:42:20 2012 From: david at gbenet.com (david at gbenet.com) Date: Sat, 29 Sep 2012 17:42:20 +0100 Subject: my new public key Message-ID: <506724EC.8030003@gbenet.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello All, I've just created a new key pair - the older one gets you realise you will not live forever! So import and be happy! David - -- https://linuxcounter.net/user/512854.html - http://gbenet.com/blog - cryptology - for books howto's - mailing lists and more -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iJwEAQECAAYFAlBnJNsACgkQPsGd8ZKwe+d0dQQApZz8Sj2YIkRZwxkeRRsauFQA 7JMRb0I9wJd8uOOu6DS+J8ykz9sMrGd92nmG5mVk3GFuExbhNVzGS1nCQvdxQLiH 2+Qr+IA+c3EB95zqjtaLqr4n4nRSwzazixJzVC0FMMQa5EvPa+A1VdgC9Jds3SLn 3H27gmnHFhcDZCkgxdQ= =j/TN -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x8716853A.asc Type: application/pgp-keys Size: 1926 bytes Desc: not available URL: From shavital at gmail.com Sat Sep 29 18:57:49 2012 From: shavital at gmail.com (Charly Avital) Date: Sat, 29 Sep 2012 12:57:49 -0400 Subject: my new public key In-Reply-To: <506724EC.8030003@gbenet.com> References: <506724EC.8030003@gbenet.com> Message-ID: <5067288D.1060201@gmail.com> david at gbenet.com david at gbenet.com <506724EC.8030003 at gbenet.com> September 29, 2012 12:42:20 PM wrote: david at gbenet.com wrote on 9/29/12 12:42 PM: > Hello All, > > I've just created a new key pair - the older one gets you realise you will not live forever! > > So import and be happy! > > David "The key(s) were successfully imported gpg: key 8716853A: public key "postmaster at gbenet.com (Do not dwell in the past, do not dream of the future, concentrate the mind on the present moment) " imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1)" From ad707 at ncf.ca Sun Sep 30 20:00:11 2012 From: ad707 at ncf.ca (Allan Topp) Date: Sun, 30 Sep 2012 14:00:11 -0400 Subject: Am I attempting the impossible? Message-ID: <506888AB.5010005@ncf.ca> I have a number of files that I would like to protect that I (tend to) open simultaneously and I would like to do that (and protect them again) with a single command line instruction like: gpg -c filename1.ods, filename2.odb, file/... and thereby only enter 1 passphrase for all of them. I couldn't find any information but have been playing around with commas, semi-colons and the like ... and I have come up empty. I would think it surprising that gpg doesn't support what I am trying to do but, in the lack of any information, who knows. Can anyone help? TIA