From wk at gnupg.org  Wed Oct  1 10:46:24 2025
From: wk at gnupg.org (Werner Koch)
Date: Wed, 01 Oct 2025 10:46:24 +0200
Subject: GPG is waiting for a lock held by a process that does not exist
In-Reply-To: <CA+-Lr-B6Pg3KmKoirvhSgXAspNr37nrcPS+xNCmc4JRkK-g1wQ@mail.gmail.com>
 (Evan Aad via Gnupg-users's message of "Mon, 29 Sep 2025 10:01:22
 +0300")
References: <CA+-Lr-B6Pg3KmKoirvhSgXAspNr37nrcPS+xNCmc4JRkK-g1wQ@mail.gmail.com>
Message-ID: <87o6qr3t7j.fsf@jacob.g10code.de>

Hi!

On Mon, 29 Sep 2025 10:01, Evan Aad said:

> Working on a PC running Windows 11 Pro, I'm trying to verify a the

> gpg: Note: database_open 134217901 waiting for lock (held by 1819) ...

That is strange: This message will only be emitted on Unix systems.  On
Windows we have no way to know which process holds the lock.  See
gnupg/common/dotlock.c:dotlock_take_w32 respective dotlock_take_unix.

In case you are running a GnuPG version build using Cygwin - just don't
do this.  Use a proper Windows version; gpg4win.org is the best choice
(use the 5.0.0-beta which will soon be 5.0.0).


Salam-Shalom,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 284 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251001/e5632be0/attachment.sig>

From oddeveneven at gmail.com  Fri Oct  3 11:55:47 2025
From: oddeveneven at gmail.com (Evan Aad)
Date: Fri, 3 Oct 2025 12:55:47 +0300
Subject: GPG is waiting for a lock held by a process that does not exist
In-Reply-To: <87o6qr3t7j.fsf@jacob.g10code.de>
References: <CA+-Lr-B6Pg3KmKoirvhSgXAspNr37nrcPS+xNCmc4JRkK-g1wQ@mail.gmail.com>
 <87o6qr3t7j.fsf@jacob.g10code.de>
Message-ID: <CA+-Lr-CSFYmjMpGeLUVmmJohoPM-gaGRy=BqPXFcy=5bD0d_BQ@mail.gmail.com>

How can I tell if I am running a GnuPG version build using Cygwin?
I am running it from the Git Bash command line.

On Wed, Oct 1, 2025 at 11:44?AM Werner Koch <wk at gnupg.org> wrote:
>
> Hi!
>
> On Mon, 29 Sep 2025 10:01, Evan Aad said:
>
> > Working on a PC running Windows 11 Pro, I'm trying to verify a the
>
> > gpg: Note: database_open 134217901 waiting for lock (held by 1819) ...
>
> That is strange: This message will only be emitted on Unix systems.  On
> Windows we have no way to know which process holds the lock.  See
> gnupg/common/dotlock.c:dotlock_take_w32 respective dotlock_take_unix.
>
> In case you are running a GnuPG version build using Cygwin - just don't
> do this.  Use a proper Windows version; gpg4win.org is the best choice
> (use the 5.0.0-beta which will soon be 5.0.0).
>
>
> Salam-Shalom,
>
>    Werner
>
> --
> The pioneers of a warless world are the youth that
> refuse military service.             - A. Einstein


From andrewg at andrewg.com  Fri Oct  3 13:24:57 2025
From: andrewg at andrewg.com (Andrew Gallagher)
Date: Fri, 3 Oct 2025 12:24:57 +0100
Subject: GPG is waiting for a lock held by a process that does not exist
In-Reply-To: <CA+-Lr-CSFYmjMpGeLUVmmJohoPM-gaGRy=BqPXFcy=5bD0d_BQ@mail.gmail.com>
References: <CA+-Lr-B6Pg3KmKoirvhSgXAspNr37nrcPS+xNCmc4JRkK-g1wQ@mail.gmail.com>
 <87o6qr3t7j.fsf@jacob.g10code.de>
 <CA+-Lr-CSFYmjMpGeLUVmmJohoPM-gaGRy=BqPXFcy=5bD0d_BQ@mail.gmail.com>
Message-ID: <cf67bff6-5903-4095-bba0-89bfc0e5a609@andrewg.com>

On 03/10/2025 10:55, Evan Aad via Gnupg-users wrote:
> How can I tell if I am running a GnuPG version build using Cygwin?
> I am running it from the Git Bash command line.

Do you mean this Git Bash?

https://www.atlassian.com/git/tutorials/git-bash

A



From andrewg at andrewg.com  Fri Oct  3 13:24:57 2025
From: andrewg at andrewg.com (Andrew Gallagher)
Date: Fri, 3 Oct 2025 12:24:57 +0100
Subject: GPG is waiting for a lock held by a process that does not exist
In-Reply-To: <CA+-Lr-CSFYmjMpGeLUVmmJohoPM-gaGRy=BqPXFcy=5bD0d_BQ@mail.gmail.com>
References: <CA+-Lr-B6Pg3KmKoirvhSgXAspNr37nrcPS+xNCmc4JRkK-g1wQ@mail.gmail.com>
 <87o6qr3t7j.fsf@jacob.g10code.de>
 <CA+-Lr-CSFYmjMpGeLUVmmJohoPM-gaGRy=BqPXFcy=5bD0d_BQ@mail.gmail.com>
Message-ID: <cf67bff6-5903-4095-bba0-89bfc0e5a609@andrewg.com>

On 03/10/2025 10:55, Evan Aad via Gnupg-users wrote:
> How can I tell if I am running a GnuPG version build using Cygwin?
> I am running it from the Git Bash command line.

Do you mean this Git Bash?

https://www.atlassian.com/git/tutorials/git-bash

A



From oddeveneven at gmail.com  Fri Oct  3 13:50:53 2025
From: oddeveneven at gmail.com (Evan Aad)
Date: Fri, 3 Oct 2025 14:50:53 +0300
Subject: GPG is waiting for a lock held by a process that does not exist
In-Reply-To: <cf67bff6-5903-4095-bba0-89bfc0e5a609@andrewg.com>
References: <CA+-Lr-B6Pg3KmKoirvhSgXAspNr37nrcPS+xNCmc4JRkK-g1wQ@mail.gmail.com>
 <87o6qr3t7j.fsf@jacob.g10code.de>
 <CA+-Lr-CSFYmjMpGeLUVmmJohoPM-gaGRy=BqPXFcy=5bD0d_BQ@mail.gmail.com>
 <cf67bff6-5903-4095-bba0-89bfc0e5a609@andrewg.com>
Message-ID: <CA+-Lr-BbkXcaVvieMXZsM0i3pHU9BAhR3Z8z=+qq-+zoNAcdqQ@mail.gmail.com>

Yes, I meant that Git Bash.

On Fri, Oct 3, 2025 at 2:25?PM Andrew Gallagher via Gnupg-users
<gnupg-users at gnupg.org> wrote:
>
> On 03/10/2025 10:55, Evan Aad via Gnupg-users wrote:
> > How can I tell if I am running a GnuPG version build using Cygwin?
> > I am running it from the Git Bash command line.
>
> Do you mean this Git Bash?
>
> https://www.atlassian.com/git/tutorials/git-bash
>
> A
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users


From andrewg at andrewg.com  Fri Oct  3 13:52:36 2025
From: andrewg at andrewg.com (Andrew Gallagher)
Date: Fri, 3 Oct 2025 12:52:36 +0100
Subject: GPG is waiting for a lock held by a process that does not exist
In-Reply-To: <cf67bff6-5903-4095-bba0-89bfc0e5a609@andrewg.com>
References: <CA+-Lr-B6Pg3KmKoirvhSgXAspNr37nrcPS+xNCmc4JRkK-g1wQ@mail.gmail.com>
 <87o6qr3t7j.fsf@jacob.g10code.de>
 <CA+-Lr-CSFYmjMpGeLUVmmJohoPM-gaGRy=BqPXFcy=5bD0d_BQ@mail.gmail.com>
 <cf67bff6-5903-4095-bba0-89bfc0e5a609@andrewg.com>
Message-ID: <23d78bc9-40e2-4621-b872-c020862b7fb2@andrewg.com>

On 03/10/2025 12:24, Andrew Gallagher via Gnupg-users wrote:
> On 03/10/2025 10:55, Evan Aad via Gnupg-users wrote:
>> How can I tell if I am running a GnuPG version build using Cygwin?
>> I am running it from the Git Bash command line.
> 
> Do you mean this Git Bash?
> 
> https://www.atlassian.com/git/tutorials/git-bash

It looks like Git for Windows ships the gnupg from MSYS2:

* https://github.com/git-for-windows/MSYS2-packages/tree/main/gnupg
* https://github.com/msys2/MSYS2-packages

What does `gpg --version` say?

A



From oddeveneven at gmail.com  Fri Oct  3 14:02:02 2025
From: oddeveneven at gmail.com (Evan Aad)
Date: Fri, 3 Oct 2025 15:02:02 +0300
Subject: GPG is waiting for a lock held by a process that does not exist
In-Reply-To: <23d78bc9-40e2-4621-b872-c020862b7fb2@andrewg.com>
References: <CA+-Lr-B6Pg3KmKoirvhSgXAspNr37nrcPS+xNCmc4JRkK-g1wQ@mail.gmail.com>
 <87o6qr3t7j.fsf@jacob.g10code.de>
 <CA+-Lr-CSFYmjMpGeLUVmmJohoPM-gaGRy=BqPXFcy=5bD0d_BQ@mail.gmail.com>
 <cf67bff6-5903-4095-bba0-89bfc0e5a609@andrewg.com>
 <23d78bc9-40e2-4621-b872-c020862b7fb2@andrewg.com>
Message-ID: <CA+-Lr-B1uJ3CyK7Aak0wYAsZJxe+8GC-4X3VTPH1UfEGW3HT7Q@mail.gmail.com>

The first four lines are:
> gpg (GnuPG) 2.4.7-unknown
> libgcrypt 1.9.4-unknown
> Copyright (C) 2024 g10 Code GmbH
> License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>

On Fri, Oct 3, 2025 at 2:53?PM Andrew Gallagher via Gnupg-users
<gnupg-users at gnupg.org> wrote:
>
> On 03/10/2025 12:24, Andrew Gallagher via Gnupg-users wrote:
> > On 03/10/2025 10:55, Evan Aad via Gnupg-users wrote:
> >> How can I tell if I am running a GnuPG version build using Cygwin?
> >> I am running it from the Git Bash command line.
> >
> > Do you mean this Git Bash?
> >
> > https://www.atlassian.com/git/tutorials/git-bash
>
> It looks like Git for Windows ships the gnupg from MSYS2:
>
> * https://github.com/git-for-windows/MSYS2-packages/tree/main/gnupg
> * https://github.com/msys2/MSYS2-packages
>
> What does `gpg --version` say?
>
> A
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users


From martin at postzone.org  Sat Oct  4 12:54:06 2025
From: martin at postzone.org (Martin)
Date: Sat, 4 Oct 2025 12:54:06 +0200
Subject: Announced chat control by the EU
Message-ID: <701d6c39-5d52-414d-b93d-f1310cfcd154@postzone.org>

Hi

Perhaps I missed the discussion here - if so, please send me the link.

My question would be, what will actually happen to GnuPG if the EU's 
announced and threatened chat control really comes into effect? What 
impact will this have on encrypted emails? Will GnuPG still have a 
future, and if so, how?

Thanks.



From andrewg at andrewg.com  Sat Oct  4 14:08:23 2025
From: andrewg at andrewg.com (Andrew Gallagher)
Date: Sat, 4 Oct 2025 13:08:23 +0100
Subject: Announced chat control by the EU
In-Reply-To: <701d6c39-5d52-414d-b93d-f1310cfcd154@postzone.org>
References: <701d6c39-5d52-414d-b93d-f1310cfcd154@postzone.org>
Message-ID: <30375897-cf87-4dca-a848-fc928f109a30@andrewg.com>

On 04/10/2025 11:54, Martin wrote:
> 
> My question would be, what will actually happen to GnuPG if the EU's 
> announced and threatened chat control really comes into effect? What 
> impact will this have on encrypted emails? Will GnuPG still have a 
> future, and if so, how?

It would depend heavily on what the precise wording was, but based on 
the public discussion so far it seems to be targeted at service 
providers - so gnupg and similar encryption software would probably not 
be directly affected, but anyone offering a service using encryption 
software (such as Proton or Signal) probably would. Services like XMPP 
or DeltaChat, where the software developers and service operators are 
not the same people, would on the other hand have lots of fun parsing 
obscure legalese.

tl;dr: who knows, it's a shitshow. I am not a lawyer, etc.

A



From wk at gnupg.org  Sat Oct  4 15:05:46 2025
From: wk at gnupg.org (Werner Koch)
Date: Sat, 04 Oct 2025 15:05:46 +0200
Subject: GPG is waiting for a lock held by a process that does not exist
In-Reply-To: <CA+-Lr-CSFYmjMpGeLUVmmJohoPM-gaGRy=BqPXFcy=5bD0d_BQ@mail.gmail.com>
 (Evan Aad via Gnupg-users's message of "Fri, 3 Oct 2025 12:55:47
 +0300")
References: <CA+-Lr-B6Pg3KmKoirvhSgXAspNr37nrcPS+xNCmc4JRkK-g1wQ@mail.gmail.com>
 <87o6qr3t7j.fsf@jacob.g10code.de>
 <CA+-Lr-CSFYmjMpGeLUVmmJohoPM-gaGRy=BqPXFcy=5bD0d_BQ@mail.gmail.com>
Message-ID: <871pni4y1h.fsf@jacob.g10code.de>

On Fri,  3 Oct 2025 12:55, Evan Aad said:
> How can I tell if I am running a GnuPG version build using Cygwin?

From the diagnositic message you posted, it is clear that you are using
a Unix approach which is very likley based on Cygwin (a Posix emulation
on top of Windows).  Over the years we have mentioned it often enough
that a Cygwin based approach for GnuPG is not supported.


Salam-Shalom,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 284 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251004/f01e408c/attachment.sig>

From dirkx at webweaving.org  Sat Oct  4 14:21:43 2025
From: dirkx at webweaving.org (Dirk-Willem van Gulik)
Date: Sat, 4 Oct 2025 14:21:43 +0200
Subject: Announced chat control by the EU
In-Reply-To: <701d6c39-5d52-414d-b93d-f1310cfcd154@postzone.org>
References: <701d6c39-5d52-414d-b93d-f1310cfcd154@postzone.org>
Message-ID: <5F094BA4-C8C4-4575-BC14-984274655882@webweaving.org>

On 4 Oct 2025, at 12:54, Martin <martin at postzone.org> wrote:

> My question would be, what will actually happen to GnuPG if the EU's announced and threatened chat control really comes into effect? What impact will this have on encrypted emails? Will GnuPG still have a future, and if so, how?

First - this is quite far off still. Secondly - this type of legislation generally attached itself at the point a product with such elements is placed onto the European Market. So it is the service provider, software vendor or similar party that is on the hook here. 

Dw

From hfollmann at itcfollmann.com  Sat Oct  4 14:06:37 2025
From: hfollmann at itcfollmann.com (Henning Follmann)
Date: Sat, 4 Oct 2025 08:06:37 -0400
Subject: Announced chat control by the EU
In-Reply-To: <701d6c39-5d52-414d-b93d-f1310cfcd154@postzone.org>
References: <701d6c39-5d52-414d-b93d-f1310cfcd154@postzone.org>
Message-ID: <40826194-982B-4804-994F-0398B7EDC4A3@itcfollmann.com>




> On Oct 4, 2025, at 07:53, Martin <martin at postzone.org> wrote:
> 
> ?Hi
> 
?
> My question would be, what will actually happen to GnuPG if the EU's announced and threatened chat control really comes into effect? What impact will this have on encrypted emails? Will GnuPG still have a future, and if so,
?
IANAL, so ?

If I understand correctly, this applies to provider with a certain number of customers.
But your ?individual? use of encryption is not affected by this ( how could your provider compel you to hand out the private key ).
But of course all the metadata is free game.

-H




From rjh at sixdemonbag.org  Sat Oct  4 17:23:29 2025
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sat, 4 Oct 2025 11:23:29 -0400
Subject: Announced chat control by the EU
In-Reply-To: <701d6c39-5d52-414d-b93d-f1310cfcd154@postzone.org>
References: <701d6c39-5d52-414d-b93d-f1310cfcd154@postzone.org>
Message-ID: <ee0debfc-0de3-494c-aef6-84258d7f2c22@sixdemonbag.org>

> My question would be, what will actually happen to GnuPG if the EU's 
> announced and threatened chat control really comes into effect? What 
> impact will this have on encrypted emails? Will GnuPG still have a 
> future, and if so, how?

In the United States, source code is considered expressive speech and is 
protected by our First Amendment and has been for almost thirty years.

This means that in the absolute worst case scenario, US-based hackers 
with long affiliations with GnuPG and who are trusted by the GnuPG 
community would take the source code and keep moving forward with the 
project, most likely with engineering guidance from the existing 
European GnuPG hackers.

There are several other countries that are well-situated to be a home 
for GnuPG in a crisis. Breathe easy: GnuPG isn't going anywhere.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251004/92250119/attachment.sig>

From oddeveneven at gmail.com  Sun Oct  5 01:36:48 2025
From: oddeveneven at gmail.com (Evan Aad)
Date: Sun, 5 Oct 2025 02:36:48 +0300
Subject: GPG is waiting for a lock held by a process that does not exist
In-Reply-To: <871pni4y1h.fsf@jacob.g10code.de>
References: <CA+-Lr-B6Pg3KmKoirvhSgXAspNr37nrcPS+xNCmc4JRkK-g1wQ@mail.gmail.com>
 <87o6qr3t7j.fsf@jacob.g10code.de>
 <CA+-Lr-CSFYmjMpGeLUVmmJohoPM-gaGRy=BqPXFcy=5bD0d_BQ@mail.gmail.com>
 <871pni4y1h.fsf@jacob.g10code.de>
Message-ID: <CA+-Lr-ARbEPxs6ryQxKSHUP5eewMNNkSi47kx7TLEzG94+bEnw@mail.gmail.com>

So how do I install a non-Cygwin, native-Windows, fully-supported
version of Gnu-GPG?

On Sat, Oct 4, 2025 at 4:02?PM Werner Koch <wk at gnupg.org> wrote:
>
> On Fri,  3 Oct 2025 12:55, Evan Aad said:
> > How can I tell if I am running a GnuPG version build using Cygwin?
>
> From the diagnositic message you posted, it is clear that you are using
> a Unix approach which is very likley based on Cygwin (a Posix emulation
> on top of Windows).  Over the years we have mentioned it often enough
> that a Cygwin based approach for GnuPG is not supported.
>
>
> Salam-Shalom,
>
>    Werner
>
> --
> The pioneers of a warless world are the youth that
> refuse military service.             - A. Einstein


From rjh at sixdemonbag.org  Sun Oct  5 02:20:21 2025
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sat, 4 Oct 2025 20:20:21 -0400
Subject: GPG is waiting for a lock held by a process that does not exist
In-Reply-To: <CA+-Lr-ARbEPxs6ryQxKSHUP5eewMNNkSi47kx7TLEzG94+bEnw@mail.gmail.com>
References: <CA+-Lr-B6Pg3KmKoirvhSgXAspNr37nrcPS+xNCmc4JRkK-g1wQ@mail.gmail.com>
 <87o6qr3t7j.fsf@jacob.g10code.de>
 <CA+-Lr-CSFYmjMpGeLUVmmJohoPM-gaGRy=BqPXFcy=5bD0d_BQ@mail.gmail.com>
 <871pni4y1h.fsf@jacob.g10code.de>
 <CA+-Lr-ARbEPxs6ryQxKSHUP5eewMNNkSi47kx7TLEzG94+bEnw@mail.gmail.com>
Message-ID: <5bc244b8-e779-4768-aef7-ba61489af9cd@sixdemonbag.org>

> So how do I install a non-Cygwin, native-Windows, fully-supported
> version of Gnu-GPG?

https://gnupg.org/download/index.html

Scroll down to "GnuPG Binary Releases" and you'll find prebuilt binaries 
for Windows, macOS, Debian, Android, VMS, RISC OS, and various Red Hat 
derivatives.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251004/e341ba65/attachment.sig>

From steffen at sdaoden.eu  Sun Oct  5 02:19:32 2025
From: steffen at sdaoden.eu (Steffen Nurpmeso)
Date: Sun, 05 Oct 2025 02:19:32 +0200
Subject: GPG is waiting for a lock held by a process that does
 not exist
In-Reply-To: <CA+-Lr-ARbEPxs6ryQxKSHUP5eewMNNkSi47kx7TLEzG94+bEnw@mail.gmail.com>
References: <CA+-Lr-B6Pg3KmKoirvhSgXAspNr37nrcPS+xNCmc4JRkK-g1wQ@mail.gmail.com>
 <87o6qr3t7j.fsf@jacob.g10code.de>
 <CA+-Lr-CSFYmjMpGeLUVmmJohoPM-gaGRy=BqPXFcy=5bD0d_BQ@mail.gmail.com>
 <871pni4y1h.fsf@jacob.g10code.de>
 <CA+-Lr-ARbEPxs6ryQxKSHUP5eewMNNkSi47kx7TLEzG94+bEnw@mail.gmail.com>
Message-ID: <20251005001932.YqBRIoom@steffen%sdaoden.eu>

Evan Aad via Gnupg-users wrote in
 <CA+-Lr-ARbEPxs6ryQxKSHUP5eewMNNkSi47kx7TLEzG94+bEnw at mail.gmail.com>:
 |So how do I install a non-Cygwin, native-Windows, fully-supported
 |version of Gnu-GPG?

I think he already talked about his (theirs)

  https://gnupg.org/software/swlist.html
  ->
  https://www.gpg4win.org/about.html

in his second to last reply, unless i recall this falsely.

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)


From deceroadiez at gmx.es  Sun Oct  5 10:48:32 2025
From: deceroadiez at gmx.es (Nombre y Apellidos)
Date: Sun, 05 Oct 2025 10:48:32 +0200
Subject: Announced chat control by the EU
In-Reply-To: <30375897-cf87-4dca-a848-fc928f109a30@andrewg.com>
References: <701d6c39-5d52-414d-b93d-f1310cfcd154@postzone.org>
 <30375897-cf87-4dca-a848-fc928f109a30@andrewg.com>
Message-ID: <95964f81df4ea77685284d2f4c213febdca11b2e.camel@gmx.es>

El s?b, 04-10-2025 a las 13:08 +0100, Andrew Gallagher via Gnupg-users
escribi?:
> On 04/10/2025 11:54, Martin wrote:
> > 
> > My question would be, what will actually happen to GnuPG if the
> > EU's 
> > announced and threatened chat control really comes into effect?
> > What 
> > impact will this have on encrypted emails? Will GnuPG still have a 
> > future, and if so, how?
> 
> It would depend heavily on what the precise wording was, but based on
> the public discussion so far it seems to be targeted at service 
> providers - so gnupg and similar encryption software would probably
> not 
> be directly affected, but anyone offering a service using encryption 
> software (such as Proton or Signal) probably would. Services like
> XMPP 
> or DeltaChat, where the software developers and service operators are
> not the same people, would on the other hand have lots of fun parsing
> obscure legalese.
> 
> tl;dr: who knows, it's a shitshow. I am not a lawyer, etc.

From XNet (https://xnet-x.net/es/pegasus-para-todos-chatcontrol/)
translation:

?This proposal includes mandatory mass scanning of private
communications and aims to break secure encryption by forcing client-
side scanning into your messaging apps.?

XNet is a activists network (https://xnet-x.net/en/who-we-are/)

In the other hand, Spain's Interior Minister is in favor of banning
encryption outright.

https://fightchatcontrol.eu/
Is a web to send petitions to European MPs

Regards



-- 

OpenPGP fingerprint
-------------------
CBA7 480A 5FBC DB67 857F 54D3 434C 945C 1278 2FD7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251005/5b5cc068/attachment-0001.sig>

From rms at gnu.org  Sun Oct  5 02:09:10 2025
From: rms at gnu.org (Richard Stallman)
Date: Sat, 04 Oct 2025 20:09:10 -0400
Subject: GnuPG 2.5.8 released
In-Reply-To: <87ikkq1kla.fsf@jacob.g10code.de> (message from Werner Koch on
 Fri, 20 Jun 2025 17:47:13 +0200)
References: <87ikkq1kla.fsf@jacob.g10code.de>
Message-ID: <E1v5CJK-0001TW-NL@fencepost.gnu.org>

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

Belated congratulations on the new release.

-- 
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)




From ratbag at gmx.com  Mon Oct  6 11:23:51 2025
From: ratbag at gmx.com (Rat Bag)
Date: Mon, 6 Oct 2025 11:23:51 +0200
Subject: Announced chat control by the EU
In-Reply-To: <ee0debfc-0de3-494c-aef6-84258d7f2c22@sixdemonbag.org>
References: <701d6c39-5d52-414d-b93d-f1310cfcd154@postzone.org>
 <ee0debfc-0de3-494c-aef6-84258d7f2c22@sixdemonbag.org>
Message-ID: <94e10829-3220-4518-a1e9-9f3df37bf81f@gmx.com>

> In the United States, source code is considered expressive speech...

That is the good part. The bad part is that in that jurisdiction
the government can legally compel any company or individual to
assist it by whatever means deemed necessary in the subversion
of communication secrecy in any product it provides to the
public. While this may - and has been - tested in court, I very
much doubt GnuPG has the resources to to so.

All of this is however hypothetical: EU is simply attempting to
gain the same access to communication mass-surveillance that
the vendors of operating systems and hardware devices already
provide to the authorities of their domicile jurisdictions under
the arrangement described in the previous paragraph.

R.B.


From rjh at sixdemonbag.org  Mon Oct  6 15:55:38 2025
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon, 6 Oct 2025 09:55:38 -0400
Subject: Announced chat control by the EU
In-Reply-To: <94e10829-3220-4518-a1e9-9f3df37bf81f@gmx.com>
References: <701d6c39-5d52-414d-b93d-f1310cfcd154@postzone.org>
 <ee0debfc-0de3-494c-aef6-84258d7f2c22@sixdemonbag.org>
 <94e10829-3220-4518-a1e9-9f3df37bf81f@gmx.com>
Message-ID: <25fb5897-2bcd-414d-a46e-a83added2d0f@sixdemonbag.org>

> That is the good part. The bad part is that in that jurisdiction
> the government can legally compel any company or individual to
> assist it by whatever means deemed necessary in the subversion
> of communication secrecy in any product it provides to the
> public. While this may - and has been - tested in court, I very
> much doubt GnuPG has the resources to to so.

I used to work professionally in a digital forensics lab that had a lot 
of government customers. I *am* one of the people the United States 
government has called upon to subvert security mechanisms in order to 
gain access to information. I was regularly briefed by Legal on 
government cooperation.

At the end of each briefing we received the same bottom line: "if any 
representative of the government tells you to do something, don't do 
that something. Say 'I want my lawyer', *nothing else*, and then make 
two phone calls: one to us here in Legal, and one to your own national 
security attorney. We're three floors above you and we'll be in your 
office in five minutes. Don't even touch the warrant or the device 
unless we're in the room telling you to do it."

My takeaway from a decade of briefings on just this subject is it's way 
more complicated than you seem to think. Specifically, you're glorifying 
the All Writs Act and the Communications Assistance for Law Enforcement 
Act above the blackletter text of the Constitution. You're also 
forgetting that individuals have a lot more ability to resist such 
orders than do corporations.

(Note: the following is a fairly deep dive into the subject. This is an 
off-the-top-of-my-head summary of a decade of legal briefings I had to 
sit through, nothing more. I am not a lawyer. I am especially not your 
lawyer. This is really super especially not legal advice. If you need 
legal advice, seek competent counsel in your jurisdiction, not me!)

The Fifth Amendment guarantees your right against self-incrimination. 
Imagine there's a safe which was used by a mobster, but they don't know 
who the mobsters are. So they seize the safe with a warrant and start 
parading suspects in front of it: "open the safe, now." One person after 
another says "I don't know the combination" and is let go. Now it's your 
turn. You're completely innocent, but you DO know the combination. 
Revealing the fact you know the combination might reasonably expose you 
to risk of criminal prosecution, so ... ding ding ding!, Fifth Amendment 
applies. "I invoke my Fifth Amendment right against self-incrimination. 
Hey, also, I want a lawyer before we go further."

Would the FBI know you were a mobster? Sure, absolutely. But they would 
know it in a way that couldn't lawfully be used by the government for 
any purpose, *including investigation,* since invocations of the Fifth 
and Sixth Amendments ("I want a lawyer") are considered sacred and 
cannot be used to support government action.

So, right there's one very broad way individuals can refuse to cooperate 
with United States government investigations: assert their Fifth 
Amendment rights. Are there legal countermoves to this? Sure, mostly 
involving involuntary grants of immunity, and there are countermoves to 
countermoves. The existence of countermoves does not change the bottom 
line: the Fifth Amendment can be *incredibly* useful in refusing to 
cooperate with a government investigation.

Next up is the Thirteenth Amendment. "Neither slavery nor involuntary 
servitude, except as a punishment for crime whereof the party shall have 
been duly convicted, shall exist within the United States, or any place 
subject to their jurisdiction." We fought a war about that one. The text 
is clear: there will be no involuntary service except as punishment for 
crimes. Criminal convicts can be ordered to perform a variety of tasks, 
but the government has no authority to order *anyone* to perform 
services for them involuntarily. (How this balances against military 
conscription is, of course, a deeply fascinating ball of yarn: start 
with _Arver_ in 1918.)

Okay. The Constitutional issues aside, let's look at the All Writs Act, 
which the FBI attempted to use to compel Apple to bypass a PIN for them 
in 2015.

You know what people forget about that case?

The Department of Justice dropped it.

The day before oral argument was due to be made, FBI dropped the case 
saying they'd found a third party (rumor is Azimuth; Grayshift and 
Cellebrite are other likely suspects) who was able to bypass the iPhone 
security measures in question.

If DoJ had been confident of winning, they wouldn't have dropped it. 
They would've taken it to a final judgment and used that precedent in 
other cases. Instead, there was a significant risk they would lose, and 
they elected to drop it.

So, yeah. The question of whether companies can be compelled via the All 
Writs Act or CALEA to cooperate with government investigations is 
complicated, there are no easy answers, and DoJ has been really eager to 
*not* explore this one in court. They're afraid they'd lose.

There's a lot of room for hope here.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251006/d6545bef/attachment.sig>

From andrewg at andrewg.com  Mon Oct  6 16:22:08 2025
From: andrewg at andrewg.com (Andrew Gallagher)
Date: Mon, 6 Oct 2025 15:22:08 +0100
Subject: Announced chat control by the EU
In-Reply-To: <25fb5897-2bcd-414d-a46e-a83added2d0f@sixdemonbag.org>
References: <701d6c39-5d52-414d-b93d-f1310cfcd154@postzone.org>
 <ee0debfc-0de3-494c-aef6-84258d7f2c22@sixdemonbag.org>
 <94e10829-3220-4518-a1e9-9f3df37bf81f@gmx.com>
 <25fb5897-2bcd-414d-a46e-a83added2d0f@sixdemonbag.org>
Message-ID: <fbc17b3b-25df-4928-8e7c-24ea1f47c7c9@andrewg.com>

On 06/10/2025 14:55, Robert J. Hansen via Gnupg-users wrote:
> There's a lot of room for hope here.

Seconded. The United States Constitution, and the European Convention on 
Human Rights, continue to exist and be judiciable in courts systems that 
(for the most part) continue to function normally.

We should not panic, but neither should we be complacent. I appreciate 
of course that this is a hard balance to strike with the news looking 
like... well, this. *gestures around*

We will (eventually) prevail. It will be bumpy in the meantime though, 
so buckle in.

A

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xFB73E21AF1163937.asc
Type: application/pgp-keys
Size: 78750 bytes
Desc: OpenPGP public key
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251006/61dd0d4d/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251006/61dd0d4d/attachment-0001.sig>

From qmisell at mpi-inf.mpg.de  Mon Oct  6 16:56:26 2025
From: qmisell at mpi-inf.mpg.de (Q Misell)
Date: Mon, 6 Oct 2025 16:56:26 +0200
Subject: Announced chat control by the EU
Message-ID: <7ABCB3AC-6706-4767-8FFF-A3D8A4248B08@mpi-inf.mpg.de>

Hi all,

Personally, I don't think its much use to speculate on a law that isn't even at the draft stage yet about how it'll interact with fairly low level things like GnuPG.
One might find more success in talking to their MEPs (https://www.europarl.europa.eu/meps/en/home) to explain to them how unworkable the proposal is on sheer mathematical grounds alone.

If the EU does somehow try to force decryption and scanning the correct response at that point is "screw you, make me".

Q
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251006/2779d5cd/attachment.html>

From collin.funk1 at gmail.com  Mon Oct  6 19:39:08 2025
From: collin.funk1 at gmail.com (Collin Funk)
Date: Mon, 06 Oct 2025 10:39:08 -0700
Subject: Announced chat control by the EU
In-Reply-To: <fbc17b3b-25df-4928-8e7c-24ea1f47c7c9@andrewg.com>
References: <701d6c39-5d52-414d-b93d-f1310cfcd154@postzone.org>
 <ee0debfc-0de3-494c-aef6-84258d7f2c22@sixdemonbag.org>
 <94e10829-3220-4518-a1e9-9f3df37bf81f@gmx.com>
 <25fb5897-2bcd-414d-a46e-a83added2d0f@sixdemonbag.org>
 <fbc17b3b-25df-4928-8e7c-24ea1f47c7c9@andrewg.com>
Message-ID: <87ecrg2amb.fsf@gmail.com>

Andrew Gallagher via Gnupg-users <gnupg-users at gnupg.org> writes:

> On 06/10/2025 14:55, Robert J. Hansen via Gnupg-users wrote:
>> There's a lot of room for hope here.
>
> Seconded. The United States Constitution, and the European Convention
> on Human Rights, continue to exist and be judiciable in courts systems
> that (for the most part) continue to function normally.

Well, the current US Supreme Court has decided that Section 3 of the
14th amendment is unenforceable [1]. And our current president has
decided he can unilaterally get rid of Section 1 of the 14th amendment
[2].

Collin

[1] https://www.supremecourt.gov/opinions/23pdf/23-719_19m2.pdf
[2] https://www.whitehouse.gov/presidential-actions/2025/01/protecting-the-meaning-and-value-of-american-citizenship/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251006/264f9348/attachment.sig>

From rjh at sixdemonbag.org  Mon Oct  6 20:11:27 2025
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon, 6 Oct 2025 14:11:27 -0400
Subject: Announced chat control by the EU
In-Reply-To: <87ecrg2amb.fsf@gmail.com>
References: <701d6c39-5d52-414d-b93d-f1310cfcd154@postzone.org>
 <ee0debfc-0de3-494c-aef6-84258d7f2c22@sixdemonbag.org>
 <94e10829-3220-4518-a1e9-9f3df37bf81f@gmx.com>
 <25fb5897-2bcd-414d-a46e-a83added2d0f@sixdemonbag.org>
 <fbc17b3b-25df-4928-8e7c-24ea1f47c7c9@andrewg.com> <87ecrg2amb.fsf@gmail.com>
Message-ID: <47e7cbb8-d86f-43c9-a008-d839e7785c93@sixdemonbag.org>

> Well, the current US Supreme Court has decided that Section 3 of the
> 14th amendment is unenforceable [1].

[sigh]

No, it has not. If you're going to link to a SCOTUS opinion, please read 
the first page. You say they found Section 3 unenforceable; the first 
page of the opinion says they found Congress to be responsible for 
drafting laws that would enforce Section 3 ("[b]ecause the Constitution 
makes Congress, rather than the States, responsible for enforcing 
Section 3?").

It may be correct to say "SCOTUS erred by not finding Section 3 
self-enforcing." It's completely defensible to say that. (In fact, I 
agree with it!) But please, don't spread lies and disinformation by 
claiming SCOTUS found Section 3 to be *unenforceable*.

All of this is spectacularly off-topic for GnuPG. I am going to opt out 
of all future discussion about law from graduates of YouTube University 
School of Law. If you have a J.D. after your name and want to discuss 
this off-list, my emailbox is open to you.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251006/5a6858f0/attachment.sig>

From collin.funk1 at gmail.com  Mon Oct  6 20:56:47 2025
From: collin.funk1 at gmail.com (Collin Funk)
Date: Mon, 06 Oct 2025 11:56:47 -0700
Subject: Announced chat control by the EU
In-Reply-To: <47e7cbb8-d86f-43c9-a008-d839e7785c93@sixdemonbag.org>
References: <701d6c39-5d52-414d-b93d-f1310cfcd154@postzone.org>
 <ee0debfc-0de3-494c-aef6-84258d7f2c22@sixdemonbag.org>
 <94e10829-3220-4518-a1e9-9f3df37bf81f@gmx.com>
 <25fb5897-2bcd-414d-a46e-a83added2d0f@sixdemonbag.org>
 <fbc17b3b-25df-4928-8e7c-24ea1f47c7c9@andrewg.com>
 <87ecrg2amb.fsf@gmail.com>
 <47e7cbb8-d86f-43c9-a008-d839e7785c93@sixdemonbag.org>
Message-ID: <87wm57270w.fsf@gmail.com>

"Robert J. Hansen via Gnupg-users" <gnupg-users at gnupg.org> writes:

>> Well, the current US Supreme Court has decided that Section 3 of the
>> 14th amendment is unenforceable [1].
>
> [sigh]
>
> No, it has not. If you're going to link to a SCOTUS opinion, please
> read the first page. You say they found Section 3 unenforceable; the
> first page of the opinion says they found Congress to be responsible
> for drafting laws that would enforce Section 3 ("[b]ecause the
> Constitution makes Congress, rather than the States, responsible for
> enforcing Section 3?").
>
> It may be correct to say "SCOTUS erred by not finding Section 3
> self-enforcing." It's completely defensible to say that. (In fact, I
> agree with it!) But please, don't spread lies and disinformation by
> claiming SCOTUS found Section 3 to be *unenforceable*.

My sincerest apologies for not adding the words "in practice" to my
sentence. You are truly focused on the important things, thank you so
much for correcting me.

Collin

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251006/bddd7de7/attachment.sig>

From rjh at sixdemonbag.org  Mon Oct  6 22:01:08 2025
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon, 6 Oct 2025 16:01:08 -0400
Subject: Announced chat control by the EU
In-Reply-To: <87wm57270w.fsf@gmail.com>
References: <701d6c39-5d52-414d-b93d-f1310cfcd154@postzone.org>
 <ee0debfc-0de3-494c-aef6-84258d7f2c22@sixdemonbag.org>
 <94e10829-3220-4518-a1e9-9f3df37bf81f@gmx.com>
 <25fb5897-2bcd-414d-a46e-a83added2d0f@sixdemonbag.org>
 <fbc17b3b-25df-4928-8e7c-24ea1f47c7c9@andrewg.com> <87ecrg2amb.fsf@gmail.com>
 <47e7cbb8-d86f-43c9-a008-d839e7785c93@sixdemonbag.org>
 <87wm57270w.fsf@gmail.com>
Message-ID: <ff536fdc-20ff-45f2-9612-cb6addfb5d60@sixdemonbag.org>

> [T]hank you so much for correcting me.

Text being a rather difficult medium for discerning subtext, it's hard
for me to guess whether you're being sincere or sarcastic. I'm going to
assume it's sincere, because that seems more kind than the alternative,
and in today's culture we desperately need more kindness. So, please
read this in a tone of great sincerity: I've made that mistake before ?
many people have. Cut yourself a little slack, learn, and keep moving on. :)

Keep on paying attention to the legal landscape. Seriously. As
frustrating as it is to me when people get things wrong, I would much
rather live in a society where people pay attention to their rights and
occasionally get things wrong than live in a society where nobody pays
attention to them at all. I think I speak for a lot of people here on that.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251006/eeac31ad/attachment.sig>

From dbs at brandes.xyz  Mon Oct  6 21:47:09 2025
From: dbs at brandes.xyz (Daniel Brandes)
Date: Mon, 6 Oct 2025 21:47:09 +0200
Subject: Announced chat control by the EU
In-Reply-To: <87wm57270w.fsf@gmail.com>
References: <701d6c39-5d52-414d-b93d-f1310cfcd154@postzone.org>
 <ee0debfc-0de3-494c-aef6-84258d7f2c22@sixdemonbag.org>
 <94e10829-3220-4518-a1e9-9f3df37bf81f@gmx.com>
 <25fb5897-2bcd-414d-a46e-a83added2d0f@sixdemonbag.org>
 <fbc17b3b-25df-4928-8e7c-24ea1f47c7c9@andrewg.com> <87ecrg2amb.fsf@gmail.com>
 <47e7cbb8-d86f-43c9-a008-d839e7785c93@sixdemonbag.org>
 <87wm57270w.fsf@gmail.com>
Message-ID: <2e221621-2e7f-42ef-a779-f5c5e87a4d7b@brandes.xyz>

Regarding the implementation in the EU, in my understanding, the 
scanning is baked in on an OS level with pattern recognition, and the 
forwarding to law enforcement agencies happens fully automated (so only 
the more obscure OSs, with dev communities instead of single legal 
entities behind them, may remain free). 'Client-side' in that sense of 
course means your transfer encryption, e.g. PGP, remains intact; your 
privacy nevertheless won't.

Btw, I just cannot imagine much CSAM being distributed via email, but 
who knows.





From rjh at sixdemonbag.org  Tue Oct  7 19:29:34 2025
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 7 Oct 2025 13:29:34 -0400
Subject: Announced chat control by the EU
In-Reply-To: <CA+0jWE1=jS1cR-NF+_w5nhzz+C9Oucn=Z3ruYcxL34LOEpmKbg@mail.gmail.com>
References: <701d6c39-5d52-414d-b93d-f1310cfcd154@postzone.org>
 <ee0debfc-0de3-494c-aef6-84258d7f2c22@sixdemonbag.org>
 <CA+0jWE1=jS1cR-NF+_w5nhzz+C9Oucn=Z3ruYcxL34LOEpmKbg@mail.gmail.com>
Message-ID: <f854a418-bbf0-4342-abb4-83f3d6b7b4ac@sixdemonbag.org>

> Not sure whether the US is a pleasantly inviting jurisdiction at the moment.

I'm going to dodge the non-GnuPG-related political aspects of that 
question. Let's keep this as on-topic as possible, okay?

The question isn't whether, in the *unusual and unlikely* event the EU 
becomes cryptographically hostile, the U.S. would be a pleasantly 
inviting jurisdiction. The question is whether it would be a sufficient 
jurisdiction to keep GnuPG alive and development moving forward while 
future plans could be figured out.

Or, put another way: if you're traveling in a luxury suite on a posh 
cruise liner, and it suddenly catches fire and you have to abandon ship, 
a fishing trawler that offers you hot meals, a place to sleep, and a 
lavatory for your three days travel back to port, suddenly looks pretty 
darn good.

Whether the U.S. is the bastion of freedoms that it once was is a 
complicated political question. We could get lost in that for months to 
no productive end. Whether the U.S. retains *enough* of its freedoms to 
be a suitable home to GnuPG while it figures out its new direction is a 
simple political question: yes, it is.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251007/001ab31e/attachment.sig>

From marcio.barbado at gmail.com  Tue Oct  7 18:39:22 2025
From: marcio.barbado at gmail.com (Marcio Barbado, Jr.)
Date: Tue, 7 Oct 2025 13:39:22 -0300
Subject: Announced chat control by the EU
In-Reply-To: <ee0debfc-0de3-494c-aef6-84258d7f2c22@sixdemonbag.org>
References: <701d6c39-5d52-414d-b93d-f1310cfcd154@postzone.org>
 <ee0debfc-0de3-494c-aef6-84258d7f2c22@sixdemonbag.org>
Message-ID: <CA+0jWE1=jS1cR-NF+_w5nhzz+C9Oucn=Z3ruYcxL34LOEpmKbg@mail.gmail.com>

Not sure whether the US is a pleasantly inviting jurisdiction at the moment.

On Sat, Oct 4, 2025 at 12:24?PM Robert J. Hansen via Gnupg-users
<gnupg-users at gnupg.org> wrote:
>
> > My question would be, what will actually happen to GnuPG if the EU's
> > announced and threatened chat control really comes into effect? What
> > impact will this have on encrypted emails? Will GnuPG still have a
> > future, and if so, how?
>
> In the United States, source code is considered expressive speech and is
> protected by our First Amendment and has been for almost thirty years.
>
> This means that in the absolute worst case scenario, US-based hackers
> with long affiliations with GnuPG and who are trusted by the GnuPG
> community would take the source code and keep moving forward with the
> project, most likely with engineering guidance from the existing
> European GnuPG hackers.
>
> There are several other countries that are well-situated to be a home
> for GnuPG in a crisis. Breathe easy: GnuPG isn't going anywhere.
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users


Marcio Barbado, Jr.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A MENSAGEM E SEUS POSS?VEIS ANEXOS S?O CONFIDENCIAIS

"... Pratica crime de viola??o de telecomunica??es quem, transgredindo
lei ou regulamento, exiba aut?grafo ou qualquer documento ou arquivo,
divulgue ou comunique, informe ou capte, transmita a outrem ou utilize
o conte?do, resumo, significado, interpreta??o, indica??o ou efeito de
qualquer comunica??o dirigida a terceiro..." ? Art. 56 da Lei n? 4.117
de 27 de Agosto de 1962, aplic?vel aos crimes em telecomunica??es, nos
termos do Art. 215, I, da Lei 9.472 de 1997
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTICE
This message including any attachments is confidential information of
Marcio Barbado Junior. Disclosure, copying or distribution is
prohibited without permission of Marcio Barbado Junior. If you are not
the intended recipient,  please reply to the sender and then delete
this message.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


From jcb62281 at gmail.com  Wed Oct  8 05:23:59 2025
From: jcb62281 at gmail.com (Jacob Bachmeyer)
Date: Tue, 7 Oct 2025 22:23:59 -0500
Subject: Announced chat control by the EU
In-Reply-To: <2e221621-2e7f-42ef-a779-f5c5e87a4d7b@brandes.xyz>
References: <701d6c39-5d52-414d-b93d-f1310cfcd154@postzone.org>
 <ee0debfc-0de3-494c-aef6-84258d7f2c22@sixdemonbag.org>
 <94e10829-3220-4518-a1e9-9f3df37bf81f@gmx.com>
 <25fb5897-2bcd-414d-a46e-a83added2d0f@sixdemonbag.org>
 <fbc17b3b-25df-4928-8e7c-24ea1f47c7c9@andrewg.com> <87ecrg2amb.fsf@gmail.com>
 <47e7cbb8-d86f-43c9-a008-d839e7785c93@sixdemonbag.org>
 <87wm57270w.fsf@gmail.com> <2e221621-2e7f-42ef-a779-f5c5e87a4d7b@brandes.xyz>
Message-ID: <6eaaaf45-f5cf-43e4-a56f-0aedf1199675@gmail.com>

On 10/6/25 14:47, Daniel Brandes via Gnupg-users wrote:
> Regarding the implementation in the EU, in my understanding, the 
> scanning is baked in on an OS level with pattern recognition, and the 
> forwarding to law enforcement agencies happens fully automated (so 
> only the more obscure OSs, with dev communities instead of single 
> legal entities behind them, may remain free). 'Client-side' in that 
> sense of course means your transfer encryption, e.g. PGP, remains 
> intact; your privacy nevertheless won't.

This sounds like it is only applicable to mobile devices.

In any case, there is a simple solution to that kind of OS-level 
backdoor:? the classic "paranoid" PGP setup where you keep your keys on 
a separate, offline, air-gapped box and Internet-connected machines only 
see your encrypted traffic.

I also highly doubt that Debian or Gentoo would ever tolerate such 
malware in their distributions.


-- Jacob




From ratbag at gmx.com  Wed Oct  8 13:47:13 2025
From: ratbag at gmx.com (Rat Bag)
Date: Wed, 8 Oct 2025 13:47:13 +0200
Subject: Announced chat control by the EU
In-Reply-To: <6eaaaf45-f5cf-43e4-a56f-0aedf1199675@gmail.com>
References: <701d6c39-5d52-414d-b93d-f1310cfcd154@postzone.org>
 <ee0debfc-0de3-494c-aef6-84258d7f2c22@sixdemonbag.org>
 <94e10829-3220-4518-a1e9-9f3df37bf81f@gmx.com>
 <25fb5897-2bcd-414d-a46e-a83added2d0f@sixdemonbag.org>
 <fbc17b3b-25df-4928-8e7c-24ea1f47c7c9@andrewg.com> <87ecrg2amb.fsf@gmail.com>
 <47e7cbb8-d86f-43c9-a008-d839e7785c93@sixdemonbag.org>
 <87wm57270w.fsf@gmail.com> <2e221621-2e7f-42ef-a779-f5c5e87a4d7b@brandes.xyz>
 <6eaaaf45-f5cf-43e4-a56f-0aedf1199675@gmail.com>
Message-ID: <652fb53d-f713-4d6b-8450-bd2266dd81b6@gmx.com>

On 10/8/25 05:27, Jacob Bachmeyer via Gnupg-users
'gnupg-users at gnupg.org' wrote:

> This sounds like it is only applicable to mobile devices.

Since the proposal and discussions around it explicitly
mention both messaging and email, I would assume the
regulation, when (if?) enacted will apply to both mobile
devices and Internet-connected computers.

> ...offline, air-gapped box....

Even at the moment, this is the prudent MO for those that
must assume that their communication device (mobile or
laptop/desktop) operating system provider is cooperating
with their adversary.

It may well be that it is only practical to use 1.4x on an
air-gapped device. If 4096bit RSA is considered sufficiently
resistant to cryptanalysis (i.e., ignoring signing!), can
such keys generated by 1.4x be considered just as secure as
are the equivalent keys generated by 2.xx?

R.B.







From rjh at sixdemonbag.org  Wed Oct  8 22:04:18 2025
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 8 Oct 2025 16:04:18 -0400
Subject: Announced chat control by the EU
In-Reply-To: <CAPHRpdXjvLCx+cKAeuefZGH5VG-stNotq03i8jzv65SLcNupKQ@mail.gmail.com>
References: <701d6c39-5d52-414d-b93d-f1310cfcd154@postzone.org>
 <CAPHRpdXjvLCx+cKAeuefZGH5VG-stNotq03i8jzv65SLcNupKQ@mail.gmail.com>
Message-ID: <9170963c-b023-4dc4-947c-6552995df6a5@sixdemonbag.org>

> Means, you need a Git account and chat over two GIT Accounts via a GIT 
> Server with each other, and it appears as a git commit with ciphertext :-)

This may be an interesting proof of concept, but I wouldn't use it for 
anything serious. The entire point of Git is to keep records forever and 
track who said what, when, and where.

If you can't reliably delete the messages, then you're in reality 
creating an archive of traffic that can be exploited at some future 
date. Further, the amount of metadata being generated is nontrivial.

Secure communications require much more than ciphertext. The metadata 
generated by Git alone, in this context, gives me serious concern.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251008/df52223a/attachment-0001.sig>

From rjh at sixdemonbag.org  Wed Oct  8 22:21:10 2025
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 8 Oct 2025 16:21:10 -0400
Subject: Announced chat control by the EU
In-Reply-To: <652fb53d-f713-4d6b-8450-bd2266dd81b6@gmx.com>
References: <701d6c39-5d52-414d-b93d-f1310cfcd154@postzone.org>
 <ee0debfc-0de3-494c-aef6-84258d7f2c22@sixdemonbag.org>
 <94e10829-3220-4518-a1e9-9f3df37bf81f@gmx.com>
 <25fb5897-2bcd-414d-a46e-a83added2d0f@sixdemonbag.org>
 <fbc17b3b-25df-4928-8e7c-24ea1f47c7c9@andrewg.com> <87ecrg2amb.fsf@gmail.com>
 <47e7cbb8-d86f-43c9-a008-d839e7785c93@sixdemonbag.org>
 <87wm57270w.fsf@gmail.com> <2e221621-2e7f-42ef-a779-f5c5e87a4d7b@brandes.xyz>
 <6eaaaf45-f5cf-43e4-a56f-0aedf1199675@gmail.com>
 <652fb53d-f713-4d6b-8450-bd2266dd81b6@gmx.com>
Message-ID: <7449a9c6-c633-4496-b3fc-5d53b579e4bf@sixdemonbag.org>

> It may well be that it is only practical to use 1.4x on an
> air-gapped device. If 4096bit RSA is considered sufficiently
> resistant to cryptanalysis (i.e., ignoring signing!), can
> such keys generated by 1.4x be considered just as secure as
> are the equivalent keys generated by 2.xx?

There is no reason to doubt RSA-4096's safety for signing: none 
whatsoever. The United States National Security Agency has certified 
RSA-3072 for signing TOP SECRET data until 2030.[1] Given TOP SECRET 
data has a default classification period of 25 years, that means NSA 
expects RSA-3072 to be secure until 2055.

Now, to answer your question: there are no known security issues with 
generating certificates on GnuPG 1.4. But please, please, please, stop 
using 1.4 already. Switch to the 2.6 series.


[1] 
https://media.defense.gov/2025/May/30/2003728741/-1/-1/0/CSA_CNSA_2.0_ALGORITHMS.PDF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251008/5b842400/attachment.sig>

From jcb62281 at gmail.com  Thu Oct  9 06:29:40 2025
From: jcb62281 at gmail.com (Jacob Bachmeyer)
Date: Wed, 8 Oct 2025 23:29:40 -0500
Subject: Announced chat control by the EU
In-Reply-To: <652fb53d-f713-4d6b-8450-bd2266dd81b6@gmx.com>
References: <701d6c39-5d52-414d-b93d-f1310cfcd154@postzone.org>
 <ee0debfc-0de3-494c-aef6-84258d7f2c22@sixdemonbag.org>
 <94e10829-3220-4518-a1e9-9f3df37bf81f@gmx.com>
 <25fb5897-2bcd-414d-a46e-a83added2d0f@sixdemonbag.org>
 <fbc17b3b-25df-4928-8e7c-24ea1f47c7c9@andrewg.com> <87ecrg2amb.fsf@gmail.com>
 <47e7cbb8-d86f-43c9-a008-d839e7785c93@sixdemonbag.org>
 <87wm57270w.fsf@gmail.com> <2e221621-2e7f-42ef-a779-f5c5e87a4d7b@brandes.xyz>
 <6eaaaf45-f5cf-43e4-a56f-0aedf1199675@gmail.com>
 <652fb53d-f713-4d6b-8450-bd2266dd81b6@gmx.com>
Message-ID: <6e38f973-48ef-4f51-a35c-9801c96e56a9@gmail.com>

On 10/8/25 06:47, Rat Bag via Gnupg-users wrote:
> On 10/8/25 05:27, Jacob Bachmeyer via Gnupg-users
> 'gnupg-users at gnupg.org' wrote:
>
> [...]
>
>> ...offline, air-gapped box....
>
> Even at the moment, this is the prudent MO for those that
> must assume that their communication device (mobile or
> laptop/desktop) operating system provider is cooperating
> with their adversary.

This is why you should be using Free software.? Do not store critical 
secrets on Windows if you want them to stay secret!? (or Apple, or any 
other nonfree system, for that matter)

> It may well be that it is only practical to use 1.4x on an
> air-gapped device. If 4096bit RSA is considered sufficiently
> resistant to cryptanalysis (i.e., ignoring signing!), can
> such keys generated by 1.4x be considered just as secure as
> are the equivalent keys generated by 2.xx?

I have not checked (hint!) the source code (hint!) specifically, but I 
have a vague recollection that 1.4 depended heavily or completely on 
/dev/random.? If the system RNG is secure, so are the keys generated by 
GPG 1.4.? It might be advisable to have the box running for some time (a 
day or more if possible) to ensure that sufficient entropy has been 
gathered before generating keys.

On a box using the Linux kernel, some of the values under 
/proc/sys/kernel/random might be useful to monitor.? (but not 
"uuid"---/proc/sys/kernel/random/uuid consumes some entropy to generate 
a random UUID every time you read it)

Also consider your hardware and its entropy sources.? For example, one 
of the inputs to the Linux kernel RNG is the precise timing of disk 
accesses, on the hypothesis that chaotic airflow inside a HDD will 
affect the head positioning and therefore the observed seek time.? This 
entropy source is, of course, useless if you are using an SSD.

The lack of entropy leading to weak keys is *not* theoretical, as I 
understand that some embedded devices can generate predictable SSH host 
keys due to a lack of entropy at first boot.? I have a practice of 
rotating SSH host keys after the first few hours-to-days of uptime when 
standing up a new personal server for this reason, although I am 
probably just practicing paranoia on that point.

This point about adequate entropy also applies to current GnuPG 
releases, since entropy shortage is a system issue.? This is very 
important if you generate keys on a RasPI or similar device.

All that said, I would be *very* surprised if there would be any 
difficulty running current GnuPG on an air-gapped box.? This is the 
classic maximum-security PGP usage model and I would expect GnuPG to 
maintain full support for it.


-- Jacob




From rjh at sixdemonbag.org  Thu Oct  9 09:40:05 2025
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Thu, 9 Oct 2025 03:40:05 -0400
Subject: Announced chat control by the EU
In-Reply-To: <6e38f973-48ef-4f51-a35c-9801c96e56a9@gmail.com>
References: <701d6c39-5d52-414d-b93d-f1310cfcd154@postzone.org>
 <ee0debfc-0de3-494c-aef6-84258d7f2c22@sixdemonbag.org>
 <94e10829-3220-4518-a1e9-9f3df37bf81f@gmx.com>
 <25fb5897-2bcd-414d-a46e-a83added2d0f@sixdemonbag.org>
 <fbc17b3b-25df-4928-8e7c-24ea1f47c7c9@andrewg.com> <87ecrg2amb.fsf@gmail.com>
 <47e7cbb8-d86f-43c9-a008-d839e7785c93@sixdemonbag.org>
 <87wm57270w.fsf@gmail.com> <2e221621-2e7f-42ef-a779-f5c5e87a4d7b@brandes.xyz>
 <6eaaaf45-f5cf-43e4-a56f-0aedf1199675@gmail.com>
 <652fb53d-f713-4d6b-8450-bd2266dd81b6@gmx.com>
 <6e38f973-48ef-4f51-a35c-9801c96e56a9@gmail.com>
Message-ID: <82d1961f-846d-412c-bed0-730226834acd@sixdemonbag.org>

> I have not checked (hint!) the source code (hint!) specifically, but I 
> have a vague recollection that 1.4 depended heavily or completely on / 
> dev/random.? If the system RNG is secure, so are the keys generated by 
> GPG 1.4.? It might be advisable to have the box running for some time (a 
> day or more if possible) to ensure that sufficient entropy has been 
> gathered before generating keys.

For Linux systems, for about five years now at system boot /dev/urandom 
is initialized. Once it's fully initialized calls to /dev/random are 
silently redirected to /dev/urandom. It doesn't take long at all for 
/dev/urandom to spin up, either.

A *lot* of effort has been put into making /dev/urandom a high quality 
CSPRNG. I highly recommend using it, and only it, and especially 
recommend abandoning any attempts at rolling your own CSPRNG.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251009/6005dea5/attachment.sig>

From rjh at sixdemonbag.org  Thu Oct  9 09:50:24 2025
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Thu, 9 Oct 2025 03:50:24 -0400
Subject: Announced chat control by the EU
In-Reply-To: <82d1961f-846d-412c-bed0-730226834acd@sixdemonbag.org>
References: <701d6c39-5d52-414d-b93d-f1310cfcd154@postzone.org>
 <ee0debfc-0de3-494c-aef6-84258d7f2c22@sixdemonbag.org>
 <94e10829-3220-4518-a1e9-9f3df37bf81f@gmx.com>
 <25fb5897-2bcd-414d-a46e-a83added2d0f@sixdemonbag.org>
 <fbc17b3b-25df-4928-8e7c-24ea1f47c7c9@andrewg.com> <87ecrg2amb.fsf@gmail.com>
 <47e7cbb8-d86f-43c9-a008-d839e7785c93@sixdemonbag.org>
 <87wm57270w.fsf@gmail.com> <2e221621-2e7f-42ef-a779-f5c5e87a4d7b@brandes.xyz>
 <6eaaaf45-f5cf-43e4-a56f-0aedf1199675@gmail.com>
 <652fb53d-f713-4d6b-8450-bd2266dd81b6@gmx.com>
 <6e38f973-48ef-4f51-a35c-9801c96e56a9@gmail.com>
 <82d1961f-846d-412c-bed0-730226834acd@sixdemonbag.org>
Message-ID: <627167b1-e58e-4eec-9715-4dd3de0f52a4@sixdemonbag.org>

> For Linux systems, for about five years now at system boot /dev/urandom 
> is initialized. Once it's fully initialized calls to /dev/random are 
> silently redirected to /dev/urandom. It doesn't take long at all for / 
> dev/urandom to spin up, either.

Forgot to add: ever since Ivy Bridge in 2012, the x86 (and x86_64) 
architecture has included RDRAND -- a true random number generator that 
reseeds about every 8k bytes generated.

On post-2012 x86/x86_64, Linux will cheerfully use RDRAND as one of many 
entropy sources feeding into /dev/random. It spins up fast and is rooted 
in a TRNG: what's not to love?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251009/9d815b76/attachment.sig>

From thomasasta at googlemail.com  Wed Oct  8 20:52:20 2025
From: thomasasta at googlemail.com (Tom A.)
Date: Wed, 8 Oct 2025 20:52:20 +0200
Subject: Announced chat control by the EU
In-Reply-To: <701d6c39-5d52-414d-b93d-f1310cfcd154@postzone.org>
References: <701d6c39-5d52-414d-b93d-f1310cfcd154@postzone.org>
Message-ID: <CAPHRpdXjvLCx+cKAeuefZGH5VG-stNotq03i8jzv65SLcNupKQ@mail.gmail.com>

Hi Martin
GnuPG will not be dead. The question is, which app or server will affect
the Chat Control.
When the Spot-On Messenger released in 2014 the POPTASTIC feature, which
was encrypted chat over e-Mail, and Delta.Chat was 2016 based on it, it was
not a new encryption feature, but a dual-use of a server, which cannot deny
encryption.
Now with several days release of new Spot-On Messenger for Linux (K/ubuntu)
and Mac a similar feature has been released.
GPG ist used for chat over GIT.
https://github.com/textbrowser/spot-on/releases/tag/2025.09.28
Means, you need a Git account and chat over two GIT Accounts via a GIT
Server with each other, and it appears as a git commit with ciphertext :-)
https://github.com/textbrowser/prison-blues/commits/main/
The Feature is called prison blues.
if you connect in the middle an Echo Server, the message is also sent to
GIT or to anther instance by a proxy, the feature is called Human Proxies:
https://www.amazon.com/Human-Proxies-Cryptographic-Networks-end/dp/3759705049
So use a Git Server to chat with GPG.
Works also from terminal on Linux. Discover it. Pobably it takes like
Poptastic again 10 years.
Regards Tom


On Sat, Oct 4, 2025 at 1:53?PM Martin <martin at postzone.org> wrote:

> Hi
>
> Perhaps I missed the discussion here - if so, please send me the link.
>
> My question would be, what will actually happen to GnuPG if the EU's
> announced and threatened chat control really comes into effect? What
> impact will this have on encrypted emails? Will GnuPG still have a
> future, and if so, how?
>
> Thanks.
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251008/1da7b3ab/attachment-0001.html>

From wk at gnupg.org  Thu Oct  9 16:24:14 2025
From: wk at gnupg.org (Werner Koch)
Date: Thu, 09 Oct 2025 16:24:14 +0200
Subject: GnuPG to protect citizen rights (was: Announced chat control by the
 EU)
In-Reply-To: <7449a9c6-c633-4496-b3fc-5d53b579e4bf@sixdemonbag.org> (Robert
 J. Hansen via Gnupg-users's message of "Wed, 8 Oct 2025 16:21:10
 -0400")
References: <701d6c39-5d52-414d-b93d-f1310cfcd154@postzone.org>
 <ee0debfc-0de3-494c-aef6-84258d7f2c22@sixdemonbag.org>
 <94e10829-3220-4518-a1e9-9f3df37bf81f@gmx.com>
 <25fb5897-2bcd-414d-a46e-a83added2d0f@sixdemonbag.org>
 <fbc17b3b-25df-4928-8e7c-24ea1f47c7c9@andrewg.com>
 <87ecrg2amb.fsf@gmail.com>
 <47e7cbb8-d86f-43c9-a008-d839e7785c93@sixdemonbag.org>
 <87wm57270w.fsf@gmail.com>
 <2e221621-2e7f-42ef-a779-f5c5e87a4d7b@brandes.xyz>
 <6eaaaf45-f5cf-43e4-a56f-0aedf1199675@gmail.com>
 <652fb53d-f713-4d6b-8450-bd2266dd81b6@gmx.com>
 <7449a9c6-c633-4496-b3fc-5d53b579e4bf@sixdemonbag.org>
Message-ID: <87sefs17ch.fsf_-_@jacob.g10code.de>

On Wed,  8 Oct 2025 16:21, Robert J. Hansen said:

> generating certificates on GnuPG 1.4. But please, please, please, stop
> using 1.4 already. Switch to the 2.6 series.

I can only repeat that.  Thanks for mentioning this, Rob.

Now that I attended this mail thread anyway, let me assure that I will
never accept a backdoor in GnuPG or related libraries.  I spent the
majority of my working life on that software [1] and the reason I got
into this was and still is privacy for the people.  Meanwhile my company
is on very solid financial grounds and I actually could stop working and
keep on helping with GnuPG maintenance and oversee developments without
financial compensation.

Gpg4win, our Windows installer, is very likely what most people are
using for end-to-end encryption of mail and to protect data at rest.
The very same software is also the base for GnuPG VS-Desktop which is
used in Germany, Europe, Japan and even by some companies in the US.  In
particular we build an NSIS installer for Gpg4win and by using this very
installer along with custom configuration files and extra documentation
we transform this into an MSI installer.  That MSI is what we give to
our government and industrial customer along with a support contract.

Thus all code you see in gpg4win is also in the GnuPG VS-Desktop.  Any
backdoor would be there as well.  We would be entirely crazy trying to
implement a backdoor; our repudiation would we dead and this is what
make up our business.  All my colleagues and co-hackers are also strong
privacy advocates and share my view.

The chat control idea is only one idea on how to throw away citizen
rights.  The EU as well as other states and organization are trying to
protect themselves from their citizens.  For example the EU is currently
setting up the ?Expert Group for a technology Roadmap in Encryption? [2]
to plan ahead for more control.  Take care and beware of newspeak.


Shalom-Salam,

   Werner


[1] A post on the GnuPG history from 2007
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob_plain;f=doc/a-decade-of-gnupg.txt

[2] EU encryption roadmap
https://ec.europa.eu/transparency/expert-groups-register/screen/expert-groups/consult?lang=en&groupID=4005

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 284 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251009/c6ff9925/attachment.sig>

From vedaal at nym.hush.com  Thu Oct  9 17:38:31 2025
From: vedaal at nym.hush.com (vedaal at nym.hush.com)
Date: Thu, 09 Oct 2025 11:38:31 -0400
Subject: GnuPG to protect citizen rights (was: Announced chat control by
 the EU)
In-Reply-To: <87sefs17ch.fsf_-_@jacob.g10code.de>
References: <701d6c39-5d52-414d-b93d-f1310cfcd154@postzone.org>
 <ee0debfc-0de3-494c-aef6-84258d7f2c22@sixdemonbag.org>
 <94e10829-3220-4518-a1e9-9f3df37bf81f@gmx.com>
 <25fb5897-2bcd-414d-a46e-a83added2d0f@sixdemonbag.org>
 <fbc17b3b-25df-4928-8e7c-24ea1f47c7c9@andrewg.com> <87ecrg2amb.fsf@gmail.com>
 <47e7cbb8-d86f-43c9-a008-d839e7785c93@sixdemonbag.org>
 <87wm57270w.fsf@gmail.com> <2e221621-2e7f-42ef-a779-f5c5e87a4d7b@brandes.xyz>
 <6eaaaf45-f5cf-43e4-a56f-0aedf1199675@gmail.com>
 <652fb53d-f713-4d6b-8450-bd2266dd81b6@gmx.com>
 <7449a9c6-c633-4496-b3fc-5d53b579e4bf@sixdemonbag.org>
 <87sefs17ch.fsf_-_@jacob.g10code.de> 
Message-ID: <09185aef26fa2ade4a89c87ac7d0a93bf7110a7650ff0aea@smtp.hushmail.com>

Is there any concern to not trust proprietary compilers, and instead
to compile everything from the gcc compiler? 
=====

On 10/9/2025 at 10:24 AM, "Werner Koch via Gnupg-users"  wrote:On Wed,
 8 Oct 2025 16:21, Robert J. Hansen said:

> generating certificates on GnuPG 1.4. But please, please, please,
stop
> using 1.4 already. Switch to the 2.6 series.

I can only repeat that.  Thanks for mentioning this, Rob.

Now that I attended this mail thread anyway, let me assure that I will
never accept a backdoor in GnuPG or related libraries.  I spent the
majority of my working life on that software [1] and the reason I got
into this was and still is privacy for the people.  Meanwhile my
company
is on very solid financial grounds and I actually could stop working
and
keep on helping with GnuPG maintenance and oversee developments
without
financial compensation.

Gpg4win, our Windows installer, is very likely what most people are
using for end-to-end encryption of mail and to protect data at rest.
The very same software is also the base for GnuPG VS-Desktop which is
used in Germany, Europe, Japan and even by some companies in the US. 
In
particular we build an NSIS installer for Gpg4win and by using this
very
installer along with custom configuration files and extra
documentation
we transform this into an MSI installer.  That MSI is what we give to
our government and industrial customer along with a support contract.

Thus all code you see in gpg4win is also in the GnuPG VS-Desktop.  Any
backdoor would be there as well.  We would be entirely crazy trying to
implement a backdoor; our repudiation would we dead and this is what
make up our business.  All my colleagues and co-hackers are also
strong
privacy advocates and share my view.

The chat control idea is only one idea on how to throw away citizen
rights.  The EU as well as other states and organization are trying to
protect themselves from their citizens.  For example the EU is
currently
setting up the ?Expert Group for a technology Roadmap in
Encryption? [2]
to plan ahead for more control.  Take care and beware of newspeak.
Shalom-Salam,

   Werner
[1] A post on the GnuPG history from 2007
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob_plain;f=doc/a-decade-of-gnupg.txt

[2] EU encryption roadmap
https://ec.europa.eu/transparency/expert-groups-register/screen/expert-groups/consult?lang=en&groupID=4005

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251009/36c734ce/attachment.html>

From rjh at sixdemonbag.org  Thu Oct  9 19:13:40 2025
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Thu, 9 Oct 2025 13:13:40 -0400
Subject: GnuPG to protect citizen rights
In-Reply-To: <09185aef26fa2ade4a89c87ac7d0a93bf7110a7650ff0aea@smtp.hushmail.com>
References: <701d6c39-5d52-414d-b93d-f1310cfcd154@postzone.org>
 <ee0debfc-0de3-494c-aef6-84258d7f2c22@sixdemonbag.org>
 <94e10829-3220-4518-a1e9-9f3df37bf81f@gmx.com>
 <25fb5897-2bcd-414d-a46e-a83added2d0f@sixdemonbag.org>
 <fbc17b3b-25df-4928-8e7c-24ea1f47c7c9@andrewg.com> <87ecrg2amb.fsf@gmail.com>
 <47e7cbb8-d86f-43c9-a008-d839e7785c93@sixdemonbag.org>
 <87wm57270w.fsf@gmail.com> <2e221621-2e7f-42ef-a779-f5c5e87a4d7b@brandes.xyz>
 <6eaaaf45-f5cf-43e4-a56f-0aedf1199675@gmail.com>
 <652fb53d-f713-4d6b-8450-bd2266dd81b6@gmx.com>
 <7449a9c6-c633-4496-b3fc-5d53b579e4bf@sixdemonbag.org>
 <87sefs17ch.fsf_-_@jacob.g10code.de>
 <09185aef26fa2ade4a89c87ac7d0a93bf7110a7650ff0aea@smtp.hushmail.com>
Message-ID: <324176ec-6193-4cc1-9f05-11e1db126593@sixdemonbag.org>

> Is there any concern to not trust proprietary compilers,
> and instead to compile everything from the gcc compiler?

Not really. Most proprietary compilers aren't very proprietary any more. 
The Intel C++ compiler uses the open-source LLVM as its back end, and 
Visual C++ can be configured to also use LLVM.

LLVM is really taking over the compiler world (and for good reason: it's 
kind of awesome). We're going to see more and more 'proprietary' 
compilers becoming proprietary front-ends to LLVM.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251009/a84c1cc8/attachment.sig>

From collin.funk1 at gmail.com  Thu Oct  9 19:32:51 2025
From: collin.funk1 at gmail.com (Collin Funk)
Date: Thu, 09 Oct 2025 10:32:51 -0700
Subject: GnuPG to protect citizen rights
In-Reply-To: <324176ec-6193-4cc1-9f05-11e1db126593@sixdemonbag.org> (Robert J.
 Hansen via Gnupg-users's message of "Thu,
 9 Oct 2025 13:13:40 -0400")
References: <701d6c39-5d52-414d-b93d-f1310cfcd154@postzone.org>
 <ee0debfc-0de3-494c-aef6-84258d7f2c22@sixdemonbag.org>
 <94e10829-3220-4518-a1e9-9f3df37bf81f@gmx.com>
 <25fb5897-2bcd-414d-a46e-a83added2d0f@sixdemonbag.org>
 <fbc17b3b-25df-4928-8e7c-24ea1f47c7c9@andrewg.com>
 <87ecrg2amb.fsf@gmail.com>
 <47e7cbb8-d86f-43c9-a008-d839e7785c93@sixdemonbag.org>
 <87wm57270w.fsf@gmail.com>
 <2e221621-2e7f-42ef-a779-f5c5e87a4d7b@brandes.xyz>
 <6eaaaf45-f5cf-43e4-a56f-0aedf1199675@gmail.com>
 <652fb53d-f713-4d6b-8450-bd2266dd81b6@gmx.com>
 <7449a9c6-c633-4496-b3fc-5d53b579e4bf@sixdemonbag.org>
 <87sefs17ch.fsf_-_@jacob.g10code.de>
 <09185aef26fa2ade4a89c87ac7d0a93bf7110a7650ff0aea@smtp.hushmail.com>
 <324176ec-6193-4cc1-9f05-11e1db126593@sixdemonbag.org>
Message-ID: <m1ldlkx9oc.fsf@gmail.com>

"Robert J. Hansen via Gnupg-users" <gnupg-users at gnupg.org> writes:

>> Is there any concern to not trust proprietary compilers,
>> and instead to compile everything from the gcc compiler?
>
> Not really. Most proprietary compilers aren't very proprietary any
> more. The Intel C++ compiler uses the open-source LLVM as its back
> end, and Visual C++ can be configured to also use LLVM.
>
> LLVM is really taking over the compiler world (and for good reason:
> it's kind of awesome). We're going to see more and more 'proprietary'
> compilers becoming proprietary front-ends to LLVM.

Another example, IBM announced they were creating a "next-generation" xlc
C/C++ compiler using LLVM. But I am not sure the status of that [1].

Oracle has their own C compiler, not LLVM, but I am not sure of anyone
that actually uses it [2]. I have compiled GNU Coreutils with it, so it
seems usable at least.

Collin

[1] https://community.ibm.com/community/user/blogs/si-yuan-zhang1/2022/07/28/ibm-completed-llvm-adoption-for-cc-and-fortran-lnx?CommunityKey=5d23d564-1e3e-47e6-8e47-71b8b65eedfd
[2] https://www.oracle.com/application-development/developerstudio/


From martin at postzone.org  Thu Oct  9 20:52:01 2025
From: martin at postzone.org (Martin)
Date: Thu, 9 Oct 2025 20:52:01 +0200
Subject: Announced chat control by the EU
In-Reply-To: <CAPHRpdXjvLCx+cKAeuefZGH5VG-stNotq03i8jzv65SLcNupKQ@mail.gmail.com>
References: <701d6c39-5d52-414d-b93d-f1310cfcd154@postzone.org>
 <CAPHRpdXjvLCx+cKAeuefZGH5VG-stNotq03i8jzv65SLcNupKQ@mail.gmail.com>
Message-ID: <fe954a11-c7e5-46d7-a6fd-1f6b79c5f7ad@postzone.org>

Hi

Does such a project via Github (which is Microsoft) deserve trust? I'm 
not so sure about that.


Am 08.10.25 um 20:52 schrieb Tom A. via Gnupg-users:
> Hi Martin
> GnuPG will not be dead. The question is, which app or server will 
> affect the Chat Control.
> When the Spot-On Messenger released in 2014 the POPTASTIC feature, 
> which was encrypted chat over e-Mail, and Delta.Chat was 2016 based on 
> it, it was not a new encryption feature, but a dual-use of a server, 
> which cannot deny encryption.
> Now with several days release of new Spot-On Messenger for Linux 
> (K/ubuntu) and Mac a similar feature has been released.
> GPG ist used for chat over GIT.
> https://github.com/textbrowser/spot-on/releases/tag/2025.09.28
> Means, you need a Git account and chat over two GIT Accounts via a GIT 
> Server with each other, and it appears as a git commit with ciphertext :-)
> https://github.com/textbrowser/prison-blues/commits/main/
> The Feature is called prison blues.
> if you connect in the middle an Echo Server, the message is also sent 
> to GIT or to anther instance by a proxy, the feature is called Human 
> Proxies:
> https://www.amazon.com/Human-Proxies-Cryptographic-Networks-end/dp/3759705049
> So use a Git Server to chat with GPG.
> Works also from terminal on Linux. Discover it. Pobably it takes like 
> Poptastic again 10 years.
> Regards Tom
>
>
> On Sat, Oct 4, 2025 at 1:53?PM Martin <martin at postzone.org> wrote:
>
>     Hi
>
>     Perhaps I missed the discussion here - if so, please send me the link.
>
>     My question would be, what will actually happen to GnuPG if the EU's
>     announced and threatened chat control really comes into effect? What
>     impact will this have on encrypted emails? Will GnuPG still have a
>     future, and if so, how?
>
>     Thanks.
>
>
>     _______________________________________________
>     Gnupg-users mailing list
>     Gnupg-users at gnupg.org
>     https://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users


From rjh at sixdemonbag.org  Thu Oct  9 22:30:52 2025
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Thu, 9 Oct 2025 16:30:52 -0400
Subject: Announced chat control by the EU
In-Reply-To: <fe954a11-c7e5-46d7-a6fd-1f6b79c5f7ad@postzone.org>
References: <701d6c39-5d52-414d-b93d-f1310cfcd154@postzone.org>
 <CAPHRpdXjvLCx+cKAeuefZGH5VG-stNotq03i8jzv65SLcNupKQ@mail.gmail.com>
 <fe954a11-c7e5-46d7-a6fd-1f6b79c5f7ad@postzone.org>
Message-ID: <a395ef37-f493-48df-979c-fed5e535d771@sixdemonbag.org>

> Does such a project via Github (which is Microsoft) deserve trust? I'm 
> not so sure about that.

That's unwarranted.

Source is controlled via git, the code in the repo can be trivially 
audited against the developer's known-good repo, and they encourage 
contributors to sign their commits with GnuPG. What more do you want?

MS has invested literally *billions* of dollars in making GitHub a 
trusted software source, a solution to the (very big) industry problem 
of supply chain security. If MS were to do any shenanigans with GitHub, 
any at all, billions of dollars of value could be lost in a single day. 
They have a very large financial interest in being an honest broker.

I may not trust Microsoft very much, but I trust their desire to make money.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251009/9da07c0c/attachment.sig>

From dan.git at lispclub.com  Sat Oct 11 00:51:33 2025
From: dan.git at lispclub.com (Daniel Cerqueira)
Date: Fri, 10 Oct 2025 23:51:33 +0100
Subject: Effects of --default-cert-level
Message-ID: <87o6qebcay.fsf@lispclub.com>

Hi.

I am studying GnuPG, and I would like to know what are the effects of
using '--default-cert-level', besides it adding a number information in
the output of '--check-sigs' ?  Are there some (other) effects?

I am not subscribed to this mailing list, so, if replying to the mailing
list, please add me to the 'Cc:' field (or vice-versa).

Cheers for Freedom,


-- 
The pioneers of a warless world are the youth that
refuse military service. ~ Albert Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 861 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251010/f61afe10/attachment.sig>

From wk at gnupg.org  Mon Oct 13 10:02:33 2025
From: wk at gnupg.org (Werner Koch)
Date: Mon, 13 Oct 2025 10:02:33 +0200
Subject: Effects of --default-cert-level
In-Reply-To: <87o6qebcay.fsf@lispclub.com> (Daniel Cerqueira's message of
 "Fri, 10 Oct 2025 23:51:33 +0100")
References: <87o6qebcay.fsf@lispclub.com>
Message-ID: <87wm4zz0ti.fsf@jacob.g10code.de>

Hi!

On Fri, 10 Oct 2025 23:51, Daniel Cerqueira said:

> I am studying GnuPG, and I would like to know what are the effects of
> using '--default-cert-level', besides it adding a number information in
> the output of '--check-sigs' ?  Are there some (other) effects?

Key signatures have different classes: 0x10 to 0x13 which correspond
with the cert levels.  If you create a self-signature (e.g. new
user-id) level 3 is used.  In all other cases level 0 is used by
default or whatever youset with --default-cert-level.

When evaluating the validity of a key (building the trustdb) by default
only key signatures of level 0, 2, and 3 are considered.  This can be
changed with --min-cert-level.


Shalom-Salam,

   Werner


-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 284 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251013/dfc6dd19/attachment.sig>

From dan.git at lispclub.com  Mon Oct 13 11:51:40 2025
From: dan.git at lispclub.com (Daniel Cerqueira)
Date: Mon, 13 Oct 2025 10:51:40 +0100
Subject: Effects of --default-cert-level
In-Reply-To: <87wm4zz0ti.fsf@jacob.g10code.de> (Werner Koch's message of "Mon, 
 13 Oct 2025 10:02:33 +0200")
References: <87o6qebcay.fsf@lispclub.com> <87wm4zz0ti.fsf@jacob.g10code.de>
Message-ID: <87sefnruxf.fsf@lispclub.com>

Hi, Werner!

Werner Koch <wk at gnupg.org> writes:

> On Fri, 10 Oct 2025 23:51, Daniel Cerqueira said:
>
>> I am studying GnuPG, and I would like to know what are the effects of
>> using '--default-cert-level', besides it adding a number information in
>> the output of '--check-sigs' ?  Are there some (other) effects?
>
> Key signatures have different classes: 0x10 to 0x13 which correspond
> with the cert levels.  If you create a self-signature (e.g. new
> user-id) level 3 is used.  In all other cases level 0 is used by
> default or whatever youset with --default-cert-level.
>
> When evaluating the validity of a key (building the trustdb) by default
> only key signatures of level 0, 2, and 3 are considered.  This can be
> changed with --min-cert-level.

Thank you for the reply.  I guess that information is enough.

Cheers for Freedom,


-- 
The pioneers of a warless world are the youth that
refuse military service. ~ Albert Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 861 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251013/0022f216/attachment.sig>

From dkg at fifthhorseman.net  Mon Oct 13 19:13:33 2025
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Mon, 13 Oct 2025 13:13:33 -0400
Subject: Effects of --default-cert-level
In-Reply-To: <87sefnruxf.fsf@lispclub.com>
References: <87o6qebcay.fsf@lispclub.com> <87wm4zz0ti.fsf@jacob.g10code.de>
 <87sefnruxf.fsf@lispclub.com>
Message-ID: <87v7kiency.fsf@fifthhorseman.net>

On Mon 2025-10-13 10:51:40 +0100, Daniel Cerqueira wrote:
> Werner Koch <wk at gnupg.org> writes:
>> On Fri, 10 Oct 2025 23:51, Daniel Cerqueira said:
>>
>>> I am studying GnuPG, and I would like to know what are the effects of
>>> using '--default-cert-level', besides it adding a number information in
>>> the output of '--check-sigs' ?  Are there some (other) effects?
>>
>> Key signatures have different classes: 0x10 to 0x13 which correspond
>> with the cert levels.  If you create a self-signature (e.g. new
>> user-id) level 3 is used.  In all other cases level 0 is used by
>> default or whatever youset with --default-cert-level.
>>
>> When evaluating the validity of a key (building the trustdb) by default
>> only key signatures of level 0, 2, and 3 are considered.  This can be
>> changed with --min-cert-level.
>
> Thank you for the reply.  I guess that information is enough.

Some of the regular readers of this list (including myself) think that
the cert-level features in gpg (and the certification levels in the
underlying standard, OpenPGP) are misfeatures.  Leaving things as the
default is the most reasonable way to go:

   https://dkg.fifthhorseman.net/blog/gpg-ask-cert-level-considered-harmful.html

Regards,

        --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 324 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251013/bc310987/attachment.sig>

From rjh at sixdemonbag.org  Mon Oct 13 22:06:14 2025
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon, 13 Oct 2025 16:06:14 -0400
Subject: Effects of --default-cert-level
In-Reply-To: <87v7kiency.fsf@fifthhorseman.net>
References: <87o6qebcay.fsf@lispclub.com> <87wm4zz0ti.fsf@jacob.g10code.de>
 <87sefnruxf.fsf@lispclub.com> <87v7kiency.fsf@fifthhorseman.net>
Message-ID: <d92c3c4b-b83b-41e4-a716-d35e80e0dab6@sixdemonbag.org>

> Some of the regular readers of this list (including myself) think
> that the cert-level features in gpg (and the certification levels in
> the underlying standard, OpenPGP) are misfeatures.  Leaving things
> as the default is the most reasonable way to go:

Wait, is it October 13 again? The one day each year dkg and I agree on
something?

(Casual list readers are urged to read that tongue-in-cheek. Daniel and
I have an earned reputation for disagreement on technical issues, but
please don't confuse "strong technical disagreement" with "unwillingness
to buy them a beer why we tell them they're wrong".)

For quite some years I was weakly in favor of it: it provided a
capability that could be useful in certain contexts and I thought it
should be preserved for that alone. But in thirty years of using
ClassicPGP and OpenPGP (and now adding LibrePGP), I have never found
anyone with a real-world use case for it and probably fifty or so people
confused by it.

Anything with that bad of a utility-to-confusion ratio should probably
be abandoned. It's just not worth it.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251013/3a3368de/attachment.sig>

From dan.git at lispclub.com  Mon Oct 13 21:03:55 2025
From: dan.git at lispclub.com (Daniel Cerqueira)
Date: Mon, 13 Oct 2025 20:03:55 +0100
Subject: Effects of --default-cert-level
In-Reply-To: <87v7kiency.fsf@fifthhorseman.net> (Daniel Kahn Gillmor's message
 of "Mon, 13 Oct 2025 13:13:33 -0400")
References: <87o6qebcay.fsf@lispclub.com> <87wm4zz0ti.fsf@jacob.g10code.de>
 <87sefnruxf.fsf@lispclub.com> <87v7kiency.fsf@fifthhorseman.net>
Message-ID: <87wm4yr5d0.fsf@lispclub.com>

Daniel Kahn Gillmor <dkg at fifthhorseman.net> writes:

> On Mon 2025-10-13 10:51:40 +0100, Daniel Cerqueira wrote:
>> Werner Koch <wk at gnupg.org> writes:
>>> On Fri, 10 Oct 2025 23:51, Daniel Cerqueira said:
>>>
>>>> I am studying GnuPG, and I would like to know what are the effects of
>>>> using '--default-cert-level', besides it adding a number information in
>>>> the output of '--check-sigs' ?  Are there some (other) effects?
>>>
>>> Key signatures have different classes: 0x10 to 0x13 which correspond
>>> with the cert levels.  If you create a self-signature (e.g. new
>>> user-id) level 3 is used.  In all other cases level 0 is used by
>>> default or whatever youset with --default-cert-level.
>>>
>>> When evaluating the validity of a key (building the trustdb) by default
>>> only key signatures of level 0, 2, and 3 are considered.  This can be
>>> changed with --min-cert-level.
>>
>> Thank you for the reply.  I guess that information is enough.
>
> Some of the regular readers of this list (including myself) think that
> the cert-level features in gpg (and the certification levels in the
> underlying standard, OpenPGP) are misfeatures.  Leaving things as the
> default is the most reasonable way to go:
>
>    https://dkg.fifthhorseman.net/blog/gpg-ask-cert-level-considered-harmful.html
>
> Regards,

Hi, Daniel!

First, I want to thank you for the link to your webpage.

Second, I will be expressing my opinion about this issue.  It is *my
personal* opinion.  I am not trying to make you, or anyone else, adopt
this same opinion.

Reading the webpage at the URL above, I could only find one thing that
stuck with me.  It was the argument that using --default-cert-level may
reveal my social graph (to big brother agent smith).

Later, I came to the conclusion that this is not a valid argument.

GnuPG states that the certification levels are from "no opinion", to
"persona", to "casual", to "extensive".  These words are very ambiguous,
evoking a personal (relative) standpoint.  Not an absolute way of
evaluating.  A "casual" certification level to me, may be different from
a "casual" certification level in other person's mind.  Which means that
it does not reveal the people that I like, and does not reveal my social
graph, at all.

It just reveals how accurate I am assuring some key's information is.

I also want to add, that I love the way that GnuPG separated the
certification level into 4 levels.  "No opinion" level means silence.
"Persona" means negative.  "Casual" means neutral.  "Extensive" means
positive.  To me, this levels perfectly reveals real-world concepts.
GnuPG just uses the specific words, in the scope of certifying keys,
taking these real-world concepts as the deeper framework.

Cheers for Freedom,



CONFIDENTIALITY WARNING The information transmitted in this message is
for the exclusive use of the person or entity to which it is addressed
and might contain privileged and or confidential information.  If you
are not the intended recipient of this message, you are prohibited
from printing, duplicating, disseminating or otherwise using or acting
in reliance upon this information.  If you have received this message
in error, please notify the sender immediately, delete this
information from your computer and destroy all copies.

GDPR SECURITY I use end-to-end encryption on my communications by
emails.  You should too!  Ask me "How can I also end-to-end cipher my
communications by email?", and I'll share how.

-- 
The pioneers of a warless world are the youth that
refuse military service. ~ Albert Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 861 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251013/d3bcaf1e/attachment-0001.sig>

From rjh at sixdemonbag.org  Mon Oct 13 23:36:19 2025
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon, 13 Oct 2025 17:36:19 -0400
Subject: Effects of --default-cert-level
In-Reply-To: <87wm4yr5d0.fsf@lispclub.com>
References: <87o6qebcay.fsf@lispclub.com> <87wm4zz0ti.fsf@jacob.g10code.de>
 <87sefnruxf.fsf@lispclub.com> <87v7kiency.fsf@fifthhorseman.net>
 <87wm4yr5d0.fsf@lispclub.com>
Message-ID: <e138b3d9-d26e-4e81-b280-86f3989a97ec@sixdemonbag.org>

> Later, I came to the conclusion that this is not a valid argument.

It being October 13, the Annual Day of Reconciliation, I find myself 
defending dkg's position.

> A "casual" certification level to me, may be different from
> a "casual" certification level in other person's mind.  Which means that
> it does not reveal the people that I like, and does not reveal my social
> graph, at all.
> 
> It just reveals how accurate I am assuring some key's information is.

No: it doesn't even reveal that, unless you first make publicly 
available your criteria for issuing each level of verification. If I see 
a persona certification, a casual certification, and a vetted 
certification, I have no idea what semantics to attach to any of them. 
For all I know your 'casual signature' requires a passport and DNA 
sample and your 'vetted signature' requires a polygraph examination. Or 
vice-versa. Or nothing at all.

The requirement that signers post their criteria for issuing different 
kinds of certifications -- a requirement neither the spec nor GnuPG 
advertise, but which is absolutely necessary for this feature to work as 
intended -- returns us to the realm of revealing a lot of information.

dkg says the revelations are too great. I disagree: each individual gets 
to decide whether the revelations are too great to be compatible with 
their risk model. But I certainly concur with him there are significant 
revelations.

> I also want to add, that I love the way that GnuPG separated the
> certification level into 4 levels.  "No opinion" level means silence.
> "Persona" means negative.  "Casual" means neutral.  "Extensive" means
> positive.

It does not. The meaning is left for individuals to precisely define. 
What does 'casual verification' mean? What IDs are acceptable? Why? Is 
the signer competent to recognize false IDs of those kinds? How do you 
*know* the signer is competent to adhere to that stated policy?

These aren't academic things. If you're doing real-world cryptographic 
engineering, these are bread-and-butter issues.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251013/fcd45595/attachment.sig>

From wk at gnupg.org  Tue Oct 14 10:56:18 2025
From: wk at gnupg.org (Werner Koch)
Date: Tue, 14 Oct 2025 10:56:18 +0200
Subject: Effects of --default-cert-level
In-Reply-To: <d92c3c4b-b83b-41e4-a716-d35e80e0dab6@sixdemonbag.org> (Robert
 J. Hansen via Gnupg-users's message of "Mon, 13 Oct 2025 16:06:14
 -0400")
References: <87o6qebcay.fsf@lispclub.com> <87wm4zz0ti.fsf@jacob.g10code.de>
 <87sefnruxf.fsf@lispclub.com> <87v7kiency.fsf@fifthhorseman.net>
 <d92c3c4b-b83b-41e4-a716-d35e80e0dab6@sixdemonbag.org>
Message-ID: <875xchzwst.fsf@jacob.g10code.de>

On Mon, 13 Oct 2025 16:06, Robert J. Hansen said:

> ClassicPGP and OpenPGP (and now adding LibrePGP), I have never found
> anyone with a real-world use case for it and probably fifty or so people
> confused by it.

And even I had to look up the details.  It is not really used but
removing or hiding this feature will lead to a outcry.  Thus we don't
touch it.


Shalom-Salam,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 284 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251014/6f2b27ca/attachment.sig>

From have at anonymous.sex  Wed Oct 15 22:53:55 2025
From: have at anonymous.sex (have at anonymous.sex)
Date: Wed, 15 Oct 2025 20:53:55 +0000
Subject: gpg4win expired code signing cert; please renew.
Message-ID: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>

The current gpg4win code signing certificate[0] is notAfter: 2025-07-02 
12:12:13.  I wish to alert the gpg4win developers so they can renew it, 
and release gpg4win 5 (and other) packages signed with the new cert.  My 
apologies if this is not an appropriate list; gpg4win-users-en and 
gpg4win-devel both seem dead.

Please note, I absolutely never use Microsoft anything, I do not use 
gpg4win, and I cannot check this myself.  I am remotely/anonymously 
urging a GnuPG newbie to install gpg4win 5 beta[1] with post-quantum 
encryption; everyone should use PQC *yesterday*.[2]  Since the user does 
not yet have a bootstrap gpg, they cannot verify the PGP signature from 
Werner Koch?s dist signing key.  The user wisely tried to verify package 
integrity with Microsoft code signing, and asked me what the expired 
cert error meant instead of ignoring it.

Good user!  Do not ignore certificate validation errors!  Complain 
loudly!

Always,

have at anonymous.sex

[0] https://gpg4win.org/package-integrity.html

[1] https://gpg4win.org/version5.html

[2] https://lists.gnupg.org/pipermail/gnupg-users/2025-January/067441.html

-- 
A makeshift way to distribute my current PQ-PGP (LibrePGP v5) key:
https://lists.gnupg.org/pipermail/gnupg-users/attachments/20250107/4732a382/attachment.key
Fingerprint:
01A6D81EEAD7EEEC393DEC1401F4894C154E1B8EE32E9059CA5566792A836823
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 297 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251015/0a0446cd/attachment.sig>

From mysidia at gmail.com  Thu Oct 16 03:00:25 2025
From: mysidia at gmail.com (Jay Acuna)
Date: Wed, 15 Oct 2025 20:00:25 -0500
Subject: gpg4win expired code signing cert; please renew.
In-Reply-To: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
References: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
Message-ID: <CAAAwwbXECFHMXt8BEFZJJ9pyvVn5r4fRvUw1YTHAi7uaTx3LZA@mail.gmail.com>

On Wed, Oct 15, 2025 at 4:41?PM have--- via Gnupg-users
<gnupg-users at gnupg.org> wrote:

> The current gpg4win code signing certificate[0] is notAfter: 2025-07-02
> 12:12:13.  I wish to alert the gpg4win developers so they can renew it,
> and release gpg4win 5 (and other) packages signed with the new cert.  My

Well they will need it when the time for their next release comes, obviously.

I don't suggest x509 PKI as the way to authenticate software, but it doesn't
have this problem. It's not important for running the older releases whether
the certificate is good to sign new releases or not.

A code signing certificate expiration affects their capability to sign
new binaries; existing
ones that have already been signed are unaffected and still verify
perfectly good.
The certificate is not invalid. It has a validity period for
signatures made by it notAfter
July 2, 2025. The key word is new signatures made by it.  The signing date
of May 21, 2025 is within the validity period, so the certificate is
valid and good.
.
At least until 2034 when the timestamping root authority's certificate expires;
and possibly every signed binary ever becomes invalid.

The gpg4 certificate and its signature are valid and good, so long the signing
timestamp  authenticates as within the validity period of the certificate,
which it does.  The signing certificate is still good and valid for signature
made on "Wed May 21 10:43:55 2025"

      C:\temp>"\Program Files (x86)\Windows
Kits\10\bin\10.0.26100.0\x64\signtool.exe" verify /pa /v
gpg4win-4.4.1.exe

      Verifying: gpg4win-4.4.1.exe

      Signature Index: 0 (Primary Signature)
      Hash of file (sha256):
D42C2645CB91037DF718534C6FDB918D4C5D7E9E114454DCFF524D1B815F6FCF

      Signing Certificate Chain:
          Issued to: GlobalSign
          Issued by: GlobalSign
          Expires:   Sun Mar 18 05:00:00 2029
          SHA1 hash: D69B561148F01C77C54578C10926DF5B856976AD

              Issued to: GlobalSign Code Signing Root R45
              Issued by: GlobalSign
              Expires:   Sat Mar 17 19:00:00 2029
              SHA1 hash: 4C5D80D2CD06B1A493C49B2E9BED4A57C2F873E5

                  Issued to: GlobalSign GCC R45 CodeSigning CA 2020
                  Issued by: GlobalSign Code Signing Root R45
                  Expires:   Sat Jul 27 19:00:00 2030
                  SHA1 hash: 7A2146EDB29E2EAD64AFBE7CEAD0B6085D437A32

                      Issued to: g10 Code GmbH
                      Issued by: GlobalSign GCC R45 CodeSigning CA 2020
                      Expires:   Wed Jul 02 07:12:13 2025
                      SHA1 hash: B2852D4490F655EBEADF9FFD8D092E8154450077

      The signature is timestamped: Wed May 21 10:43:55 2025
      Timestamp Verified by:
          Issued to: GlobalSign
          Issued by: GlobalSign
          Expires:   Sat Dec 09 19:00:00 2034
          SHA1 hash: 8094640EB5A7A1CA119C1FDDD59F810263A7FBD1

              Issued to: GlobalSign Timestamping CA - SHA384 - G4
              Issued by: GlobalSign
              Expires:   Sat Dec 09 19:00:00 2034
              SHA1 hash: F585500925786F88E721D235240A2452AE3D23F9

                  Issued to: Globalsign TSA for Advanced - G4
                  Issued by: GlobalSign Timestamping CA - SHA384 - G4
                  Expires:   Sat Dec 09 19:00:00 2034
                  SHA1 hash: B215CCA4001D61C60DDBFBF87F17BF2DD3383BF8


      Successfully verified: gpg4win-4.4.1.exe

      Number of files successfully Verified: 1
      Number of warnings: 0
      Number of errors: 0
      C:\temp>

--
-JA


From rjh at sixdemonbag.org  Thu Oct 16 06:55:14 2025
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Thu, 16 Oct 2025 00:55:14 -0400
Subject: gpg4win expired code signing cert; please renew.
In-Reply-To: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
References: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
Message-ID: <9a97191a-2371-488b-a4d6-f0430337d755@sixdemonbag.org>

> I am remotely/anonymously urging a GnuPG newbie to install gpg4win 5 
> beta[1] with post-quantum encryption; everyone should use PQC 
> *yesterday*.[2]

This is an extreme position. It is also silly. No, everyone does not
need to switch immediately to PQC. If you want to play around with it,
feel free: if you have really unusual requirements necessitating Kyber,
go for it: but please don't think it's recommended or a best practice.
It's neither.

NSA isn't requiring their vendors to switch away from RSA-3072 for TOP
SECRET data until 2030.[1] Given the default period of classification
for TOP SECRET is 25 years, we can conclude NSA believes RSA-3072 will
be suitable for protecting TOP SECRET data until 2055.

People who need beyond-30-year security do exist, and they would be
well-served to adopt PQC now. People who need to protect data of
comparable value to national security secrets should prepare to migrate
to PQC within the next few years. Everybody else is well-served by
remaining still and not panicking. The sky is not falling, no matter
what some people may say.

As the (out-of-date, but still relevant here) FAQ says, "Almost every
question in either the fields of computer security or cryptography can
honestly be answered with, 'it depends.' Real experts will avoid giving
blanket yes-or-no answers except to the simplest and most routine of
questions. They will instead hem and haw and explain the several
different factors that must be weighed."[2]

[1] Technically, different communication requirements have different
switch-by dates. The earliest ones occur in 2030, the latest occur in
2033. When the switch-by date occurs, legacy CNSA-1.0 algorithms like
RSA-3072 must be phased out in favor of quantum-resistant alternatives
like ML-KEM (formerly called "Kyber") and ML-DSA (formerly called 
"Dilithium"). See, e.g.:

https://media.defense.gov/2025/May/30/2003728741/-1/-1/0/
CSA_CNSA_2.0_ALGORITHMS.PDF

[2] https://gnupg.org/faq/gnupg-faq.html , section 4.2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251016/97711e94/attachment.sig>

From mysidia at gmail.com  Thu Oct 16 11:34:14 2025
From: mysidia at gmail.com (Jay Acuna)
Date: Thu, 16 Oct 2025 04:34:14 -0500
Subject: gpg4win expired code signing cert; please renew.
In-Reply-To: <9a97191a-2371-488b-a4d6-f0430337d755@sixdemonbag.org>
References: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
 <9a97191a-2371-488b-a4d6-f0430337d755@sixdemonbag.org>
Message-ID: <CAAAwwbX6-3yUpJVtTTw=r-BRdC=Ur1X45JmCBVjYiUXMn-yAgA@mail.gmail.com>

On Thu, Oct 16, 2025 at 12:32?AM Robert J. Hansen via Gnupg-users
<gnupg-users at gnupg.org> wrote:
>
> > I am remotely/anonymously urging a GnuPG newbie to install gpg4win 5
> > beta[1] with post-quantum encryption; everyone should use PQC
> > *yesterday*.[2]
> This is an extreme position. It is also silly. No, everyone does not

I would say it is extremely well advised as soon as possible to move
to hybrid the
PQC algorithms.  For protection against "save now decrypt later" attacks.

We need a feature where we can keep using PGP smartcards which
currently only support RSA and EC on the hardware for protection of
at least the traditional key portion.

The demise of pre-quantum crypto is likely within our lifetimes, and there
is much sensitive info we may have encrypted which is permanently sensitive.

The email we send today containing a SSN, etc, may be captured and decrypted
by an adversary  20 years from now, for example.

So it's not that extreme position to say move to PQC algorithms as
soon as possible.
It is not a good idea if it weakens your defense against current
security issues.

In this case we're stuck encrypting the data with a 3-layer sandwitch

Encrypt  Input.txt  first using a traditional RSA/EC algorithm with
PGP smart card  output  temp1.asc
Encrypt temp1.asc using a PQC algorithm (No hardware-based key
protection supported yet) write output to temp2.asc
Encrypt temp2.asc using a traditional RSA/EC algorithm crypto
performed by PGP card  write output to final.asc
Securely delete  input.txt, temp1.asc and temp2.asc

Email temp2.asc  - PQC  Hybrid layer prevents access to the temp1.asc
 in case the final output's key is compromised.


Now what would be useful is a GPG/PGP feature to automatically support
this  triple-encryption with arbitrary private key source and
algorithm  chaining.


> need to switch immediately to PQC. If you want to play around with it,
> feel free: if you have really unusual requirements necessitating Kyber,
--
-JA


From andrewg at andrewg.com  Thu Oct 16 11:50:48 2025
From: andrewg at andrewg.com (Andrew Gallagher)
Date: Thu, 16 Oct 2025 10:50:48 +0100
Subject: gpg4win expired code signing cert; please renew.
In-Reply-To: <CAAAwwbX6-3yUpJVtTTw=r-BRdC=Ur1X45JmCBVjYiUXMn-yAgA@mail.gmail.com>
References: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
 <9a97191a-2371-488b-a4d6-f0430337d755@sixdemonbag.org>
 <CAAAwwbX6-3yUpJVtTTw=r-BRdC=Ur1X45JmCBVjYiUXMn-yAgA@mail.gmail.com>
Message-ID: <48801651-b612-42fb-b063-663c520721e1@andrewg.com>

On 16/10/2025 10:34, Jay Acuna via Gnupg-users wrote:
> In this case we're stuck encrypting the data with a 3-layer sandwitch
> 
> Encrypt  Input.txt  first using a traditional RSA/EC algorithm with
> PGP smart card  output  temp1.asc
> Encrypt temp1.asc using a PQC algorithm (No hardware-based key
> protection supported yet) write output to temp2.asc
> Encrypt temp2.asc using a traditional RSA/EC algorithm crypto
> performed by PGP card  write output to final.asc
> Securely delete  input.txt, temp1.asc and temp2.asc
> 
> Email temp2.asc  - PQC  Hybrid layer prevents access to the temp1.asc
>   in case the final output's key is compromised.

Please don't roll your own encryption - this includes reinventing 3DES. 
Encryption sandwiches like this never have the security properties you 
might naively think. (See 3DES...)

Also keep in mind that you're orders of magnitude more likely to lose 
your SSN or credit card number in a data breach than to quantum 
cryptanalysis. And the feds already know your SSN and credit card 
number. ;-)

A

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xFB73E21AF1163937.asc
Type: application/pgp-keys
Size: 78750 bytes
Desc: OpenPGP public key
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251016/95f3763a/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251016/95f3763a/attachment-0001.sig>

From mysidia at gmail.com  Thu Oct 16 12:57:18 2025
From: mysidia at gmail.com (Jay Acuna)
Date: Thu, 16 Oct 2025 05:57:18 -0500
Subject: gpg4win expired code signing cert; please renew.
In-Reply-To: <48801651-b612-42fb-b063-663c520721e1@andrewg.com>
References: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
 <9a97191a-2371-488b-a4d6-f0430337d755@sixdemonbag.org>
 <CAAAwwbX6-3yUpJVtTTw=r-BRdC=Ur1X45JmCBVjYiUXMn-yAgA@mail.gmail.com>
 <48801651-b612-42fb-b063-663c520721e1@andrewg.com>
Message-ID: <CAAAwwbW79vgvesEPyKng--LoxuzoR=egDQ0cDGEmERcjfF4qCA@mail.gmail.com>

On Thu, Oct 16, 2025 at 4:51?AM Andrew Gallagher via Gnupg-users
<gnupg-users at gnupg.org> wrote:

> > Email temp2.asc  - PQC  Hybrid layer prevents access to the temp1.asc
> Please don't roll your own encryption - this includes reinventing 3DES.

Just no.  This is not rolling your own encryption.
Also; I don't see any good points there.

You don't get to say that, unless you can provide an actual explanation
about how nested message encryption using independent keys and
unrelated algorithms
is less secure than both the RSA/EC-based method AND
the PQC method.   Please go ahead and do so.
If you can, then you have also proven that both message  encryption
options are deficient.

> Encryption sandwiches like this never have the security properties you
> might naively think. (See 3DES...)

This is not DES. DES is a weak cryptographic primitive.
The 'gpg -e' is not a cryptographic primitive.
You can discuss the special attacks which exist against DES and how
triple-encryption with the same algorithm and same key does not equal
triple the strength.  The logic is totally void in regards to "gpg -e"

> Also keep in mind that you're orders of magnitude more likely to lose
> your SSN or credit card number in a data breach than to quantum
> cryptanalysis. And the feds already know your SSN and credit card

You are making an assumption about whom quantum cryptanlysis
will eventually be available to.  If it's available to 3-letter agencies
and large firms 20 years from now, then add 15 more years, and
it will likely be available to kids with a smart phone..

> number. ;-)
--
-JA


From andrewg at andrewg.com  Thu Oct 16 13:10:38 2025
From: andrewg at andrewg.com (Andrew Gallagher)
Date: Thu, 16 Oct 2025 12:10:38 +0100
Subject: gpg4win expired code signing cert; please renew.
In-Reply-To: <CAAAwwbW79vgvesEPyKng--LoxuzoR=egDQ0cDGEmERcjfF4qCA@mail.gmail.com>
References: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
 <9a97191a-2371-488b-a4d6-f0430337d755@sixdemonbag.org>
 <CAAAwwbX6-3yUpJVtTTw=r-BRdC=Ur1X45JmCBVjYiUXMn-yAgA@mail.gmail.com>
 <48801651-b612-42fb-b063-663c520721e1@andrewg.com>
 <CAAAwwbW79vgvesEPyKng--LoxuzoR=egDQ0cDGEmERcjfF4qCA@mail.gmail.com>
Message-ID: <406ad362-0a05-43f9-aa2a-d7c1fc20d454@andrewg.com>

On 16/10/2025 11:57, Jay Acuna wrote:
> You are making an assumption about whom quantum cryptanlysis
> will eventually be available to.  If it's available to 3-letter agencies
> and large firms 20 years from now, then add 15 more years, and
> it will likely be available to kids with a smart phone..

Sure, but kids with a quantum smart phone won't have 35 years of 
collected internet logs to apply their quantum smart phone to. It's a 
matter of balancing the risks, and kludging something together in a 
hurry to save you a window of ~12 months of communications as seen from 
35 years in the future is highly unlikely to be worth the effort - 
unless you're planning to encrypt a very specific secret in the next 12 
months that you haven't already been encrypting in the last 12 months.

A



From rjh at sixdemonbag.org  Thu Oct 16 13:14:20 2025
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Thu, 16 Oct 2025 07:14:20 -0400
Subject: gpg4win expired code signing cert; please renew.
In-Reply-To: <CAAAwwbX6-3yUpJVtTTw=r-BRdC=Ur1X45JmCBVjYiUXMn-yAgA@mail.gmail.com>
References: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
 <9a97191a-2371-488b-a4d6-f0430337d755@sixdemonbag.org>
 <CAAAwwbX6-3yUpJVtTTw=r-BRdC=Ur1X45JmCBVjYiUXMn-yAgA@mail.gmail.com>
Message-ID: <742a8192-aa8c-4f35-8e9c-ce45856c8a72@sixdemonbag.org>

> The demise of pre-quantum crypto is likely within our lifetimes

You, maybe. I'm unlikely to see 2055, at which point I'd be 105.

> and there is much sensitive info we may have encrypted which is
> permanently sensitive.

I'm going to go out on a limb and say this is bunkum. Go out and buy a
copy of Chuck Hansen's[1] _Swords of Armageddon_ or John Coster-Mullen's
_Atom Bombs_, both of which openly publish details of nuclear weapon
manufacture that, at the time of their writing, the government would
have literally killed to keep secret.

I really doubt you're dealing with secrets more sensitive than radiation
implosion.

> So it's not that extreme position to say move to PQC algorithms as 
> soon as possible.

That's not what have@ wrote. He wrote that everyone needed to migrate
immediately. ("Yesterday," in fact, was the word he used.)

That's an extreme position, and a thoroughly silly one.

> In this case we're stuck encrypting the data with a 3-layer
> sandwitch

Please don't. This is one of the most amateurish mistakes to make in
cryptographic engineering.



[1] No relation to me.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251016/bfe9e406/attachment.sig>

From rjh at sixdemonbag.org  Thu Oct 16 13:36:12 2025
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Thu, 16 Oct 2025 07:36:12 -0400
Subject: gpg4win expired code signing cert; please renew.
In-Reply-To: <CAAAwwbW79vgvesEPyKng--LoxuzoR=egDQ0cDGEmERcjfF4qCA@mail.gmail.com>
References: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
 <9a97191a-2371-488b-a4d6-f0430337d755@sixdemonbag.org>
 <CAAAwwbX6-3yUpJVtTTw=r-BRdC=Ur1X45JmCBVjYiUXMn-yAgA@mail.gmail.com>
 <48801651-b612-42fb-b063-663c520721e1@andrewg.com>
 <CAAAwwbW79vgvesEPyKng--LoxuzoR=egDQ0cDGEmERcjfF4qCA@mail.gmail.com>
Message-ID: <840ee2a2-11ae-455c-80ef-6cc4964fd174@sixdemonbag.org>

> You don't get to say that, unless you can provide an actual 
> explanation about how nested message encryption using independent 
> keys and unrelated algorithms is less secure than both the RSA/EC- 
> based method AND the PQC method. Please go ahead and do so.

"Do the algorithms form a group?"

There, done. If this doesn't make sense to you, you need to study an
area of mathematics called group theory. It is extraordinarily important
to cryptanalysis.

I feel bad about telling someone, "I'm sorry, but you need an
undergraduate mathematics degree to understand why you're wrong," so
I'll try to explain using a simplification: what do you get if you apply
ROT13 encryption twice?

Layering isn't automatically a good idea. The reason why is, at root,
because every ROT algorithm forms a mathematical group.

The fact the algorithms are different doesn't matter. The question isn't
about *how they're coded* (algorithmic analysis), but *what the
underlying mathematical structure* is. And if you want to look at
underlying mathematical structure, group theory is a great place to start.

> If you can, then you have also proven that both message  encryption 
> options are deficient.

I'm afraid you don't understand: the onus is not on him to prove it's
insecure -- it's on you to prove it *is* secure.

Start by rigorously answering the question, "do these layered algorithms
form a mathematical group?"

> This is not DES. DES is a weak cryptographic primitive.

No, it is not. DES is overbuilt like a Soviet worker's housing bloc. To
this day the most effective way to attack DES is via keyspace
exhaustion. It still holds up quite well as an example of excellent design.

Do not confuse "its keyspace and blocksize are insufficient for today's
needs" with "DES is not worthy of serious study".

> You are making an assumption about whom quantum cryptanlysis will 
> eventually be available to.

NSA isn't expecting it'll be available to their enemies until 2055. Add
fifteen years to that and you're projecting out to 2070.

I'm not worried.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251016/cd64e07c/attachment.sig>

From rjh at sixdemonbag.org  Thu Oct 16 13:38:56 2025
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Thu, 16 Oct 2025 07:38:56 -0400
Subject: gpg4win expired code signing cert; please renew.
In-Reply-To: <742a8192-aa8c-4f35-8e9c-ce45856c8a72@sixdemonbag.org>
References: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
 <9a97191a-2371-488b-a4d6-f0430337d755@sixdemonbag.org>
 <CAAAwwbX6-3yUpJVtTTw=r-BRdC=Ur1X45JmCBVjYiUXMn-yAgA@mail.gmail.com>
 <742a8192-aa8c-4f35-8e9c-ce45856c8a72@sixdemonbag.org>
Message-ID: <2faa952f-647b-4548-ba33-ca1138de74ea@sixdemonbag.org>

> You, maybe. I'm unlikely to see 2055, at which point I'd be 105.

In further proof of the thesis "the longer you're in graduate school for 
mathematics, the worse your arithmetic gets", I will only be 80 in 2055, 
not 105. Lord have mercy, that's embarrassing.

Still unlikely to see 2055, though.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251016/b781bea2/attachment.sig>

From andrewg at andrewg.com  Thu Oct 16 13:45:15 2025
From: andrewg at andrewg.com (Andrew Gallagher)
Date: Thu, 16 Oct 2025 12:45:15 +0100
Subject: gpg4win expired code signing cert; please renew.
In-Reply-To: <2faa952f-647b-4548-ba33-ca1138de74ea@sixdemonbag.org>
References: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
 <9a97191a-2371-488b-a4d6-f0430337d755@sixdemonbag.org>
 <CAAAwwbX6-3yUpJVtTTw=r-BRdC=Ur1X45JmCBVjYiUXMn-yAgA@mail.gmail.com>
 <742a8192-aa8c-4f35-8e9c-ce45856c8a72@sixdemonbag.org>
 <2faa952f-647b-4548-ba33-ca1138de74ea@sixdemonbag.org>
Message-ID: <eb6a9477-1471-4fa3-9ab0-eb9aa3de5a5c@andrewg.com>

On 16/10/2025 12:38, Robert J. Hansen via Gnupg-users wrote:
>> You, maybe. I'm unlikely to see 2055, at which point I'd be 105.
> 
> In further proof of the thesis "the longer you're in graduate school for 
> mathematics, the worse your arithmetic gets", I will only be 80 in 2055, 
> not 105. Lord have mercy, that's embarrassing.

And here was me thinking you are *very* youthful for a 75 year old. 
Maybe you should stick to that story, it's more impressive! ;-)

A



From mysidia at gmail.com  Thu Oct 16 14:33:02 2025
From: mysidia at gmail.com (Jay Acuna)
Date: Thu, 16 Oct 2025 07:33:02 -0500
Subject: gpg4win expired code signing cert; please renew.
In-Reply-To: <840ee2a2-11ae-455c-80ef-6cc4964fd174@sixdemonbag.org>
References: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
 <9a97191a-2371-488b-a4d6-f0430337d755@sixdemonbag.org>
 <CAAAwwbX6-3yUpJVtTTw=r-BRdC=Ur1X45JmCBVjYiUXMn-yAgA@mail.gmail.com>
 <48801651-b612-42fb-b063-663c520721e1@andrewg.com>
 <CAAAwwbW79vgvesEPyKng--LoxuzoR=egDQ0cDGEmERcjfF4qCA@mail.gmail.com>
 <840ee2a2-11ae-455c-80ef-6cc4964fd174@sixdemonbag.org>
Message-ID: <CAAAwwbXU9ys+9xHTJZ+NT9JkHZDjpS-XjLk5MfbLe-55ZUHdag@mail.gmail.com>

On Thu, Oct 16, 2025 at 6:37?AM Robert J. Hansen via Gnupg-users
<gnupg-users at gnupg.org> wrote:

> "Do the algorithms form a group?"
> There, done. If this doesn't make sense to you, you need to study an

I would say you failed.  You still haven't shown the scheme to be less
secure than the strongest mechanism.
It is an interesting result you are proposing that I could download an
encrypted file
from you, and without knowing what keys you used: encrypt it a second
time in order to
weaken the security of that payload.  I'd never expect taking an
already-encrypted file
from someone and encrypting it again with a PQC breaks the security.
That would be a bigger issue than the future existence of large
quantum computers.

And I would say extraordinary claims require extraordinary proof.

> because every ROT algorithm forms a mathematical group.

This is not ROT, either. and the Encapsulation method has also been
included in IETF standards for PQ/T key exchange.

> I'm afraid you don't understand: the onus is not on him to prove it's
> insecure -- it's on you to prove it *is* secure.

No. If there is a Proof of security for the output of a "gpg -e" command,
then that proof should be valid for its output  no matter what you do with
the output of that command after getting it.

For example; Applying a Rot13 to the output of a gpg -e  command does
not affect the original proof.   If you think the original output is secure
without knowing the key, then by definition it must remain secure
under any transformation which does not involve a knowledge of the keys.

> NSA isn't expecting it'll be available to their enemies until 2055. Add
> fifteen years to that and you're projecting out to 2070.

That may end up being an overly optimistic scenario.
IF you are all about saying the burden of proof is to prove it is secure,
then prove large quantum computers cannot arrive earlier 30 years
earlier than expected.

--
-JA


From rjh at sixdemonbag.org  Thu Oct 16 14:59:20 2025
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Thu, 16 Oct 2025 08:59:20 -0400
Subject: gpg4win expired code signing cert; please renew.
In-Reply-To: <CAAAwwbXU9ys+9xHTJZ+NT9JkHZDjpS-XjLk5MfbLe-55ZUHdag@mail.gmail.com>
References: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
 <9a97191a-2371-488b-a4d6-f0430337d755@sixdemonbag.org>
 <CAAAwwbX6-3yUpJVtTTw=r-BRdC=Ur1X45JmCBVjYiUXMn-yAgA@mail.gmail.com>
 <48801651-b612-42fb-b063-663c520721e1@andrewg.com>
 <CAAAwwbW79vgvesEPyKng--LoxuzoR=egDQ0cDGEmERcjfF4qCA@mail.gmail.com>
 <840ee2a2-11ae-455c-80ef-6cc4964fd174@sixdemonbag.org>
 <CAAAwwbXU9ys+9xHTJZ+NT9JkHZDjpS-XjLk5MfbLe-55ZUHdag@mail.gmail.com>
Message-ID: <3360d032-48be-4ec4-988d-0ed6ef99cff3@sixdemonbag.org>

> I would say you failed.

I'm not trying to convince you.

I'm revealing to the world you might not be someone worth taking
cryptographic engineering advice from.

> You still haven't shown the scheme to be less secure than the 
> strongest mechanism.

Correct. I have, however, put out a single genuine question which you
need to be able to answer before I'll take your idea seriously: "does
your proposal form a group?"

Answer with mathematical rigor and we can keep talking.

> It is an interesting result you are proposing that I could download 
> an encrypted file from you, and without knowing what keys you used: 
> encrypt it a second time in order to weaken the security of that 
> payload.

That is, in fact, a possibility. It's one we wish to avoid. This is why
I ask, "does your proposal form a group?"

>> NSA isn't expecting it'll be available to their enemies until 
>> 2055. Add fifteen years to that and you're projecting out to 2070.
> 
> That may end up being an overly optimistic scenario.

On the one hand there's the United States National Security Agency, the
world's largest employer of cryptographers and cryptographic engineers,
who have a multibillion-dollar research budget, who have a very real
interest in producing sound information security policies to keep their
25-year secrets safe from some of the most cunning, underhanded, well-
equipped, well-funded, and smartest adversaries in the world --

And on the other hand there's Jay from the internet saying large quantum
computers could appear 30 years earlier than NSA's projections.

Does your proposal form a group?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251016/9ac38066/attachment.sig>

From mysidia at gmail.com  Thu Oct 16 15:16:41 2025
From: mysidia at gmail.com (Jay Acuna)
Date: Thu, 16 Oct 2025 08:16:41 -0500
Subject: gpg4win expired code signing cert; please renew.
In-Reply-To: <3360d032-48be-4ec4-988d-0ed6ef99cff3@sixdemonbag.org>
References: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
 <9a97191a-2371-488b-a4d6-f0430337d755@sixdemonbag.org>
 <CAAAwwbX6-3yUpJVtTTw=r-BRdC=Ur1X45JmCBVjYiUXMn-yAgA@mail.gmail.com>
 <48801651-b612-42fb-b063-663c520721e1@andrewg.com>
 <CAAAwwbW79vgvesEPyKng--LoxuzoR=egDQ0cDGEmERcjfF4qCA@mail.gmail.com>
 <840ee2a2-11ae-455c-80ef-6cc4964fd174@sixdemonbag.org>
 <CAAAwwbXU9ys+9xHTJZ+NT9JkHZDjpS-XjLk5MfbLe-55ZUHdag@mail.gmail.com>
 <3360d032-48be-4ec4-988d-0ed6ef99cff3@sixdemonbag.org>
Message-ID: <CAAAwwbWBHGf-wDpKXr0vf8uh7i=bVuAN964JS0MZNMXTN_eOBA@mail.gmail.com>

On Thu, Oct 16, 2025 at 7:59?AM Robert J. Hansen <rjh at sixdemonbag.org> wrote:

> Correct. I have, however, put out a single genuine question which you
> need to be able to answer before I'll take your idea seriously: "does
> your proposal form a group?"

It is irrelevant whether you form a group.
Your argument equates to "PQC breaks RSA".

'I can send you a file, RSA encrypted, and you
you can break it by applying a PQC algorithm to the file'.

> On the one hand there's the United States National Security Agency, the
> world's largest employer of cryptographers and cryptographic engineers,

One of the orgs who would have the most to gain by misleading the public
as to the timelines,  so that they might 1.Gain an advantage early;
2. Keep it a secret;  and 3. Delay the advantage being eliminated through the
normal course of technological advancement.

--
-JA


From rjh at sixdemonbag.org  Thu Oct 16 15:35:08 2025
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Thu, 16 Oct 2025 09:35:08 -0400
Subject: gpg4win expired code signing cert; please renew.
In-Reply-To: <CAAAwwbWBHGf-wDpKXr0vf8uh7i=bVuAN964JS0MZNMXTN_eOBA@mail.gmail.com>
References: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
 <9a97191a-2371-488b-a4d6-f0430337d755@sixdemonbag.org>
 <CAAAwwbX6-3yUpJVtTTw=r-BRdC=Ur1X45JmCBVjYiUXMn-yAgA@mail.gmail.com>
 <48801651-b612-42fb-b063-663c520721e1@andrewg.com>
 <CAAAwwbW79vgvesEPyKng--LoxuzoR=egDQ0cDGEmERcjfF4qCA@mail.gmail.com>
 <840ee2a2-11ae-455c-80ef-6cc4964fd174@sixdemonbag.org>
 <CAAAwwbXU9ys+9xHTJZ+NT9JkHZDjpS-XjLk5MfbLe-55ZUHdag@mail.gmail.com>
 <3360d032-48be-4ec4-988d-0ed6ef99cff3@sixdemonbag.org>
 <CAAAwwbWBHGf-wDpKXr0vf8uh7i=bVuAN964JS0MZNMXTN_eOBA@mail.gmail.com>
Message-ID: <ef3f2714-dc29-4f0f-adf9-5c22d33a95d3@sixdemonbag.org>

> It is irrelevant whether you form a group.

I certainly do not form a mathematical group: while I have an identity
and I associate, I lack an inverse. :)

> Your argument equates to "PQC breaks RSA".

I'm not making an argument. I'm only asking a question. You're asserting
your layering scheme is safe. If it's safe it should not form a group
under functional composition, and that can be demonstrated
mathematically. It appears you can't demonstrate it, and that leads me
to grave doubts about whether to take you seriously.

> One of the orgs who would have the most to gain by misleading the 
> public as to the timelines,  so that they might 1.Gain an advantage 
> early; 2. Keep it a secret;  and 3. Delay the advantage being 
> eliminated through the normal course of technological advancement.

They would have even more to lose. I don't think you understand their
COMSEC mission.

-- At this point, I'm opting out. What I aimed to demonstrate, I've
demonstrated. Peace. Feel free to take the last word, if you like.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251016/4d78c7d0/attachment.sig>

From jb-gnumlists at wisemo.com  Thu Oct 16 17:20:31 2025
From: jb-gnumlists at wisemo.com (Jakob Bohm)
Date: Thu, 16 Oct 2025 17:20:31 +0200
Subject: gpg4win expired code signing cert; please renew.
In-Reply-To: <742a8192-aa8c-4f35-8e9c-ce45856c8a72@sixdemonbag.org>
References: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
 <9a97191a-2371-488b-a4d6-f0430337d755@sixdemonbag.org>
 <CAAAwwbX6-3yUpJVtTTw=r-BRdC=Ur1X45JmCBVjYiUXMn-yAgA@mail.gmail.com>
 <742a8192-aa8c-4f35-8e9c-ce45856c8a72@sixdemonbag.org>
Message-ID: <14ea1bb4-e611-d293-6553-9a9ec798a7b0@wisemo.com>

Just a point of fact: Atom bombs are not implosion weapons.? One of the 
two 1945 designs used an implosion detonator where large amounts of 
ordinary explosives crushed a specially shaped nuclear "core" to trigger 
its explosion in ways that humanity should better forget how to do.? 
This makes it as much an implosion weapon as a six shooter is a 
percussion weapon (it does use a percussive hammer to make the cartridge 
load detonate).

On 16/10/2025 13:14, Robert J. Hansen via Gnupg-users ranted:
>> The demise of pre-quantum crypto is likely within our lifetimes
>
> You, maybe. I'm unlikely to see 2055, at which point I'd be 105.
>
>> and there is much sensitive info we may have encrypted which is
>> permanently sensitive.
>
> I'm going to go out on a limb and say this is bunkum. Go out and buy a
> copy of Chuck Hansen's[1] _Swords of Armageddon_ or John Coster-Mullen's
> _Atom Bombs_, both of which openly publish details of nuclear weapon
> manufacture that, at the time of their writing, the government would
> have literally killed to keep secret.
>
> I really doubt you're dealing with secrets more sensitive than radiation
> implosion.
>
>> So it's not that extreme position to say move to PQC algorithms as 
>> soon as possible.
>
> That's not what have@ wrote. He wrote that everyone needed to migrate
> immediately. ("Yesterday," in fact, was the word he used.)
>
> That's an extreme position, and a thoroughly silly one.
>
>> In this case we're stuck encrypting the data with a 3-layer
>> sandwitch
>
> Please don't. This is one of the most amateurish mistakes to make in
> cryptographic engineering.
>
>
>
> [1] No relation to me.
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users

Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 S?borg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251016/a8ebb40a/attachment-0001.html>

From have at anonymous.sex  Thu Oct 16 21:26:12 2025
From: have at anonymous.sex (have at anonymous.sex)
Date: Thu, 16 Oct 2025 19:26:12 +0000
Subject: Yes, everyone should upgrade to PQ encryption now. (Re: gpg4win
 expired code signing cert; please renew.)
In-Reply-To: <9a97191a-2371-488b-a4d6-f0430337d755@sixdemonbag.org>
References: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
 <9a97191a-2371-488b-a4d6-f0430337d755@sixdemonbag.org>
Message-ID: <99e238b9-509d-8959-a547-c4ae04b2309d@anonymous.sex>

On Thu, 16 Oct 2025 00:55:14 -0400, "Robert J. Hansen" 
<rjh at sixdemonbag.org> wrote:

[Attribution restored:  Internal quote is <have at anonymous.sex>.]
>>I am remotely/anonymously urging a GnuPG newbie to install gpg4win 5 
>>beta[1] with post-quantum encryption; everyone should use PQC 
>>*yesterday*.[2]
>
>This is an extreme position. It is also silly. No, everyone does not 
>need to switch immediately to PQC. If you want to play around with it, 
>feel free: if you have really unusual requirements necessitating Kyber, 
>go for it: but please don't think it's recommended or a best practice.  
>It's neither.
>
>NSA [...says...]

Silently, catastrophically breaching long-term security for people who 
don?t even understand the threat models for retrospective decryption is 
*cryptographic malpractice*.  Fortunately, the most widely-used FOSS is 
now more or less on the ball with the current best practice of PQC; for 
a few examples:

  * GnuPG:  Stable, usable hybrid PQ encryption from v2.5.1, released a 
month after the NIST standard.  Good to use for the more than the past 
year, as of this writing.  Upgrade to v2.5.x *now*!

  * OpenSSH:  PQ encrypton *by default* since *2022-04-08* (v9.0), 
available earlier.

  * OpenSSL:  Stable, usable hybrid PQ encryption in TLS from v3.5.0 LTR.  
Upgrade your webserver!  Also, the Tor daemon opportunistically uses 
this (at only one of its layers of encryption) since v0.4.8.17; Tor node 
operators, please upgrade both Tor and OpenSSL.

  * Mozilla Firefox and Google Chrome/Chromium:  Both support the same 
hybrid PQ-encrypting TLS in all recent versions.  If you don?t yet have 
PQC available in your browser, then you are probably using an ancient 
version riddled with known RCE vulns.

  * Signal (much though I do not recommend the centralized, non-anonymous 
network, they must be praised for this):  Hybrid PQ encryption since 
2023.  Starting almost two and a half years ago.

Do you suggest that all of these projects and their developers wasted 
their time?  (Plus all of the TLS standarizers at IETF... plus the 
engineers at Cloudflare who have been pushing PQC deployment hard...  
plus...)  It is the logical implication of your actively attempting to 
dissuade users from upgrading to a now-standard feature, by ridiculing 
upgrade advocacy as ?silly? based on your interpretation of NSA-says-so.

Always,

have at anonymous.sex

-- 
A makeshift way to distribute my current PQ-PGP key:
https://lists.gnupg.org/pipermail/gnupg-users/attachments/20250107/4732a382/attachment.key
01A6D81EEAD7EEEC393DEC1401F4894C154E1B8EE32E9059CA5566792A836823
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 297 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251016/bdd80ba7/attachment.sig>

From have at anonymous.sex  Thu Oct 16 20:34:06 2025
From: have at anonymous.sex (have at anonymous.sex)
Date: Thu, 16 Oct 2025 18:34:06 +0000
Subject: gpg4win expired code signing cert; please renew.
In-Reply-To: <CAAAwwbX6-3yUpJVtTTw=r-BRdC=Ur1X45JmCBVjYiUXMn-yAgA@mail.gmail.com>
References: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
 <9a97191a-2371-488b-a4d6-f0430337d755@sixdemonbag.org>
 <CAAAwwbX6-3yUpJVtTTw=r-BRdC=Ur1X45JmCBVjYiUXMn-yAgA@mail.gmail.com>
Message-ID: <95da4ade-8c95-9e5d-b048-b7b48c5d017c@anonymous.sex>

On Wed, 15 Oct 2025 20:00:25 -0500, Jay Acuna <mysidia at gmail.com> wrote:

>On Thu, Oct 16, 2025 at 12:32?AM Robert J. Hansen via Gnupg-users 
<gnupg-users at gnupg.org> wrote:
>
>>[HAS re-adds attribution: The following is from <have at anonymous.sex>.]
>>>I am remotely/anonymously urging a GnuPG newbie to install gpg4win 5 
>>>beta[1] with post-quantum encryption; everyone should use PQC 
>>>*yesterday*.[2]
>>This is an extreme position. It is also silly. No, everyone does not
>
>I would say it is extremely well advised as soon as possible to move to 
>hybrid the PQC algorithms.  For protection against "save now decrypt 
>later" attacks.

^^^ This.  Future retrospective decryption of today?s intercepts.  Most 
people do not understand the threat model for this.

On a not unrelated note, see also, among other things, the nuanced 
discussion of ?The benefits-do-not-exist argument? in:

2025-01-18: ?As expensive as a plane flight: Looking at some claims that 
quantum computers won?t work.?
https://blog.cr.yp.to/20250118-flight.html

I do agree with Robert J. Hansen that it?s best not to (as I will put 
it) casually sketch a kind of handwavy *ad hoc* cryptographic protocol 
in a tangent that?s dragging this thread entirely off-topic, reducing 
S/N ratio.  (I will skip that part of the discussion.)

And why bother?  Real Cryptographers? have already done the hard work 
for securely hybridizing the needed algorithms, and developers such as 
WK and the GnuPG devs have already implemented it *a year ago* (v.2.5.1 
stable/forward-compatible protocol for ECC+Kyber).

Please just use their stuff. :-)

Always,

have at anonymous.sex

-- 
A makeshift way to distribute my current PQ-PGP key:
https://lists.gnupg.org/pipermail/gnupg-users/attachments/20250107/4732a382/attachment.key
01A6D81EEAD7EEEC393DEC1401F4894C154E1B8EE32E9059CA5566792A836823
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 297 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251016/1e33e21c/attachment.sig>

From have at anonymous.sex  Thu Oct 16 21:42:56 2025
From: have at anonymous.sex (have at anonymous.sex)
Date: Thu, 16 Oct 2025 19:42:56 +0000
Subject: Yes, everyone should upgrade to PQ encryption now. (Re: gpg4win
 expired code signing cert; please renew.)
In-Reply-To: <840ee2a2-11ae-455c-80ef-6cc4964fd174@sixdemonbag.org>
References: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
 <9a97191a-2371-488b-a4d6-f0430337d755@sixdemonbag.org>
 <CAAAwwbX6-3yUpJVtTTw=r-BRdC=Ur1X45JmCBVjYiUXMn-yAgA@mail.gmail.com>
 <48801651-b612-42fb-b063-663c520721e1@andrewg.com>
 <CAAAwwbW79vgvesEPyKng--LoxuzoR=egDQ0cDGEmERcjfF4qCA@mail.gmail.com>
 <840ee2a2-11ae-455c-80ef-6cc4964fd174@sixdemonbag.org>
Message-ID: <2492b788-480d-035b-a376-b08298a60351@anonymous.sex>

On Thu, 16 Oct 2025 07:36:12 -0400, "Robert J. Hansen" 
<rjh at sixdemonbag.org> wrote [internal quote is Jay Acuna]:

>Do not confuse "its keyspace and blocksize are insufficient for today's 
>needs" with "DES is not worthy of serious study".
>
>>You are making an assumption about whom quantum cryptanlysis will 
>>eventually be available to.
>
>NSA isn't expecting it'll be available to their enemies until 2055. Add 
>fifteen years to that and you're projecting out to 2070.
>
>I'm not worried.

?...to *their* enemies...?  What if NSA is an adversary in your threat 
model?  It is now a worse threat even than it was before, due to the 
2025 dictatorial self-coup in the United States.  We?ve known since 
cypherpunks that cryptography is the greatest shield of free speech? 
while on 2025-09-25, the new U.S. r?gime decreed that much domestic 
political opposition and dissident speech is ?domestic terrorism?.

https://www.whitehouse.gov/presidential-actions/2025/09/countering-domestic-terrorism-and-organized-political-violence/

In troubled times, why not have the long-term peace of mind of a free 
upgrade of your FOSS encryption software, including GnuPG 2.5.x?

As for blindly trusting NSA advice generally, sorry but I?m not:  Anyone 
who trusts NSA recommendations that *decrease* security is, in a 
charitable presumption, uninformed about events from the Church 
Committee, to NSA?s DES keyspace weakening to the point it was 
insufficient *in the 1970s*[0], to Snowden?among other things; and...

>[...] and that leads me to grave doubts about whether to take you 
>seriously.
(<https://lists.gnupg.org/pipermail/gnupg-users/2025-October/067894.html>, 
Robert J. Hansen wrote to someone else in another context.)

[0] http://www.toad.com/des-stanford-meeting.html

Always,

have at anonymous.sex

-- 
A makeshift way to distribute my current PQ-PGP key:
https://lists.gnupg.org/pipermail/gnupg-users/attachments/20250107/4732a382/attachment.key
01A6D81EEAD7EEEC393DEC1401F4894C154E1B8EE32E9059CA5566792A836823
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 297 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251016/61a1a9f0/attachment.sig>

From have at anonymous.sex  Thu Oct 16 20:15:16 2025
From: have at anonymous.sex (have at anonymous.sex)
Date: Thu, 16 Oct 2025 18:15:16 +0000
Subject: gpg4win expired code signing cert; please renew.
In-Reply-To: <CAAAwwbXECFHMXt8BEFZJJ9pyvVn5r4fRvUw1YTHAi7uaTx3LZA@mail.gmail.com>
References: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
 <CAAAwwbXECFHMXt8BEFZJJ9pyvVn5r4fRvUw1YTHAi7uaTx3LZA@mail.gmail.com>
Message-ID: <78987c6e-125a-b95a-8bd0-52d3e3a80f84@anonymous.sex>

**This post is on the thread?s topic about the gpg4win expired cert.**

On Wed, 15 Oct 2025 20:00:25 -0500, Jay Acuna <mysidia at gmail.com> wrote:

>[...]
>The certificate is not invalid. It has a validity period for signatures 
>made by it notAfter July 2, 2025. The key word is new signatures made 
>by it.  The signing date of May 21, 2025 is within the validity period, 
>so the certificate is valid and good.
>[...]

Thanks for the explanation.  I understand that Microsoft Authenticode 
uses digitally-signed timestamping.  However, per my OP, the problem is 
a real-world, in-the-wild report by a new user (not me!) with a 
Microsoft platform (not me!!).  The user got a certificate validation 
error on:

Signed file: gpg4win-5.0.0-beta369.exe
Date: **2025-09-05**

That file has a detached PGP .sig by Werner Koch.  It cannot be verified 
by someone who does not yet have a known-good (Libre|Open)PGP 
implementation already installed.  To solve this chicken-and-egg 
problem...

[Quotes re-arranged for clarity.]
>I don't suggest x509 PKI as the way to authenticate software, [...]

...the x509 PKI provides bootstrap authentication for a first-time 
gpg4win user.  IIUC, it is *entirely* the reason why the gpg4win project 
deals with Microsoft-blessed PKI bureaucracy to distribute the software 
that almost the whole FOSS world (except some BSD) uses for digital 
signatures on package distribution.

In the 1990ies, I faced the same bootstrap problem with getting my first 
PGP.  For that first PGP, I bought NAI PGP on CD-ROM off the shelf in a 
brick-and-mortar store?at least to help somewhat mitigate any risk of 
targeted attacks.  x509 PKI is easier, and much more secure. :-)

Always,

have at anonymous.sex

-- 
A makeshift way to distribute my current PQ-PGP key:
https://lists.gnupg.org/pipermail/gnupg-users/attachments/20250107/4732a382/attachment.key
01A6D81EEAD7EEEC393DEC1401F4894C154E1B8EE32E9059CA5566792A836823
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 297 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251016/d08c2a83/attachment.sig>

From rjh at sixdemonbag.org  Thu Oct 16 22:02:05 2025
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Thu, 16 Oct 2025 16:02:05 -0400
Subject: gpg4win expired code signing cert; please renew.
In-Reply-To: <14ea1bb4-e611-d293-6553-9a9ec798a7b0@wisemo.com>
References: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
 <9a97191a-2371-488b-a4d6-f0430337d755@sixdemonbag.org>
 <CAAAwwbX6-3yUpJVtTTw=r-BRdC=Ur1X45JmCBVjYiUXMn-yAgA@mail.gmail.com>
 <742a8192-aa8c-4f35-8e9c-ce45856c8a72@sixdemonbag.org>
 <14ea1bb4-e611-d293-6553-9a9ec798a7b0@wisemo.com>
Message-ID: <848d6b3c-8a76-41e6-8718-bd0b39eac497@sixdemonbag.org>

> Just a point of fact: Atom bombs are not implosion weapons.

Please read Wikipedia's page on radiation implosion.

https://en.wikipedia.org/wiki/Radiation_implosion

Radiation implosion is the defining feature of Teller-Ulam thermonuclear
devices. In 1953 the United States government would have happily killed
to protect the secret of radiation implosion: fifty years later there's
a Wikipedia page on it.

Secrets have lifetimes. This should always be remembered.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251016/a4b47277/attachment.sig>

From rjh at sixdemonbag.org  Thu Oct 16 22:41:34 2025
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Thu, 16 Oct 2025 16:41:34 -0400
Subject: Yes, everyone should upgrade to PQ encryption now. (Re: gpg4win
 expired code signing cert; please renew.)
In-Reply-To: <99e238b9-509d-8959-a547-c4ae04b2309d@anonymous.sex>
References: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
 <9a97191a-2371-488b-a4d6-f0430337d755@sixdemonbag.org>
 <99e238b9-509d-8959-a547-c4ae04b2309d@anonymous.sex>
Message-ID: <c5aa5e8d-de43-4e3b-9074-1016107db5f6@sixdemonbag.org>

> Silently, catastrophically breaching long-term security for people
> who don?t even understand the threat models for retrospective
> decryption is *cryptographic malpractice*.

You and I had this discussion back in January. Your arguments were not
persuasive then; I'm not going to re-engage them now.

> Do you suggest that all of these projects and their developers
> wasted their time?

No. I do suggest that you don't understand.

Your (extreme and silly) position is that anyone who doesn't migrate now
now now is committing cryptographic malpractice.

My position is early adopters and people with highly unusual needs
should migrate immediately, and everyone else should be making plans to
migrate in the next few years. Right now I think 2030 is a reasonable
time to have migrations achieved by. Five years is enough to make a
migration plan, test it thoroughly, retrain your IT staff, have your
help desk update their support scripts, get Legal to verify your
compliance with your obligations, and so on. The existing tools like
OpenSSL, GnuPG, etc., are ready to support your migration efforts.

You are screaming at people to do it now. I am calmly saying this should
be done in an orderly fashion in accordance with best practices.

It is the difference between screaming "fire, fire! Run for your lives!"
and "ladies and gentlemen, the fire alarm has gone off, let's keep calm
and exit the building in an orderly manner, please, no shoving, let's
link arms to make sure no one falls and gets crushed..."

An orderly evacuation saves lives. A panic-driven one results in five
people trying to get through the fire exit at once, nobody's able to get
through it as a result, and ultimately as many people die from crush
injuries as from smoke inhalation.

Likewise, urging people migrate *right this moment* is a guarantee the
migration will be done incompetently, and possibly at great harm to
one's security posture. That makes it genuinely bad advice. This is why
I advocate no one follow it.

> It is the logical implication of your actively attempting to 
> dissuade users from upgrading to a now-standard feature, by
> ridiculing upgrade advocacy as ?silly? based on your interpretation
> of NSA-says-so.

I have never dissuaded anyone from shifting to PQC. If you want to begin
your migration plan today, that's great: no time like the present!
Devise a migration plan. Test the plan. Make sure the new system will
work for you. Move deliberately. You have time.

You continue to confuse "Rob doesn't take me seriously and thinks my
advice is silly" with "Rob doesn't understand the risks involved and
wants to prevent the adoption of PQC".

The former is true. The latter is not.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251016/47f09329/attachment-0001.sig>

From rjh at sixdemonbag.org  Thu Oct 16 23:38:06 2025
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Thu, 16 Oct 2025 17:38:06 -0400
Subject: Yes, everyone should upgrade to PQ encryption now. (Re: gpg4win
 expired code signing cert; please renew.)
In-Reply-To: <2492b788-480d-035b-a376-b08298a60351@anonymous.sex>
References: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
 <9a97191a-2371-488b-a4d6-f0430337d755@sixdemonbag.org>
 <CAAAwwbX6-3yUpJVtTTw=r-BRdC=Ur1X45JmCBVjYiUXMn-yAgA@mail.gmail.com>
 <48801651-b612-42fb-b063-663c520721e1@andrewg.com>
 <CAAAwwbW79vgvesEPyKng--LoxuzoR=egDQ0cDGEmERcjfF4qCA@mail.gmail.com>
 <840ee2a2-11ae-455c-80ef-6cc4964fd174@sixdemonbag.org>
 <2492b788-480d-035b-a376-b08298a60351@anonymous.sex>
Message-ID: <6767e1d5-c561-49fd-b9db-2948b9ee7559@sixdemonbag.org>

> ?...to *their* enemies...?  What if NSA is an adversary in your
> threat model?

Let me share with you one of the unclassified secrets of NSA's
cryptographic section, as told to me by one of their instructors: they
always assume the other guy has better mathematicians, better computers,
and more money.

If they believe "okay, against an adversary with better mathematicians,
better computers, and more money, we still believe RSA-3072 will give
sufficient protection to our communications until 2055," then the only
conclusion I can draw is NSA doesn't think they'll be able to break it
either.

> In troubled times, why not have the long-term peace of mind of a
> free upgrade of your FOSS encryption software, including GnuPG
> 2.5.x?

Excellent question, and you'll note that just recently I urged someone
to migrate from 1.4 to the new 2.6 series (of which 2.5.12 is, I think,
the official beginning).

I'm not opposed to migration. I'm opposed to doing it badly.

> As for blindly trusting NSA advice generally, sorry but I?m not

Good. Blind trust is bad. So is blind *dis*trust. The trick is, in the
words of Sage Francis, "a healthy distrust".


-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251016/c5078f32/attachment.sig>

From wk at gnupg.org  Fri Oct 17 09:33:38 2025
From: wk at gnupg.org (Werner Koch)
Date: Fri, 17 Oct 2025 09:33:38 +0200
Subject: gpg4win expired code signing cert; please renew.
In-Reply-To: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex> (have's
 message of "Wed, 15 Oct 2025 20:53:55 +0000")
References: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
Message-ID: <87ikgex9rh.fsf@jacob.g10code.de>

Hi!

On Wed, 15 Oct 2025 20:53, have--- said:
> The current gpg4win code signing certificate[0] is notAfter:
> 2025-07-02 12:12:13.  I wish to alert the gpg4win developers so they
> can renew it, and release gpg4win 5 (and other) packages signed with

Of course we are using a new Authenoitcode Cert.  But we can't simply
resign old releases becuase this would require to entirely unpack
everything, resign the binaries, create a new installer and sign that
new installer.  That is a different software then and requires a new
version.

Further: Authenticode signatures have a timestamp and thus you have
assurance when they were issued.

Gpg4win 5.0 is not too far away.


Salam-Shalom,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 284 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251017/f09c5e01/attachment.sig>

From have at anonymous.sex  Fri Oct 17 11:19:54 2025
From: have at anonymous.sex (have at anonymous.sex)
Date: Fri, 17 Oct 2025 09:19:54 +0000
Subject: gpg4win expired code signing cert; please renew.
In-Reply-To: <87ikgex9rh.fsf@jacob.g10code.de>
References: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
 <87ikgex9rh.fsf@jacob.g10code.de>
Message-ID: <134ee3a6-225c-1f56-b09b-6b4cc5f1fc9c@anonymous.sex>

Hi, WK@, thanks for your attention to this.  Please note up top that 
this is a bug report about a beta release.

On Fri, 17 Oct 2025 09:33:38 +0200, Werner Koch <wk at gnupg.org> wrote:

>Further: Authenticode signatures have a timestamp and thus you have 
>assurance when they were issued.
>
>Gpg4win 5.0 is not too far away.

I don?t know if it was clear amidst other discussions on this thread:  I 
reported a real-world cert validation error on a Microsoft platform, of 
Gpg4win 5 beta.  The latest gpg4win-beta package (369) was published 
2025-09-05, two months after cert expiry ? thus, **the Authenticode 
timestamp does not help.**  Prior discussion of the Authenticode 
timestamp, which I hope was not misplaced in topic drift:

https://lists.gnupg.org/pipermail/gnupg-users/2025-October/067899.html
(I messed up my PGP authentication on the metadata of that post, whoops!  
msg sig ok.  Did anyone notice?)

IMO, a bad Authenticode signature which *actually* fails validation with 
error on Microsoft OS is a bug in beta-369.  Well, beta means to shake 
out bugs!  I respectfully suggest these fixes:

1. A gpg4win-5-beta version bump, with a valid Authenticode sig on new 
binary packages (and any other recent beta bugfixes).

2. Review gpg4win release engineering procedure to add guardrail check 
for invalid Authenticode sig.  To protect non-beta releases, too, 
automated regression test should catch the *bad signature* that causes 
Microsoft platform error on (AFAIK) the gpg4win-5.0.0-beta369.exe 
binary.  Security software should not have any security failures of 
software supply chain integrity checks.

I?m sorry, I cannot contribute any patch.  I can?t even check the 
Authenticode sig myself.  I don?t have any Authenticode stuff on my 
machine.  I do not use Gpg4win!  A Microsoft user told me of in-the-wild 
failure on a Microsoft platform; I pieced together the rest of the 
puzzle.

I myself can easily verify your PGP dist sig.  But this does not help 
the PGP-newbie Microsoft user, with whom I am communicating 
remotely/anonymously from my never-Microsoft platform.  My machine says:

>impurify at sex:~/dl/gpg4win$ gpg --verify gpg4win-5.0.0-beta369.exe.sig gpg4win-5.0.0-beta369.exe
>gpg: Signature made Fri Sep  5 12:08:09 2025 UTC
>gpg:                using EDDSA key 6DAA6E64A76D2840571B4902528897B826403ADA
>gpg: Good signature from "Werner Koch (dist signing 2020)"
>Primary key fingerprint: 6DAA 6E64 A76D 2840 571B  4902 5288 97B8 2640 3ADA

(I will try to hold topic-drift replies in abeyance until this primary 
issue is adequately addressed.)

Always,

have at anonymous.sex

-- 
A makeshift way to distribute my current PQ-PGP key:
https://lists.gnupg.org/pipermail/gnupg-users/attachments/20250107/4732a382/attachment.key
01A6D81EEAD7EEEC393DEC1401F4894C154E1B8EE32E9059CA5566792A836823
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 297 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251017/6c799d5c/attachment.sig>

From rjh at sixdemonbag.org  Fri Oct 17 11:39:43 2025
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 17 Oct 2025 05:39:43 -0400
Subject: gpg4win expired code signing cert; please renew.
In-Reply-To: <134ee3a6-225c-1f56-b09b-6b4cc5f1fc9c@anonymous.sex>
References: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
 <87ikgex9rh.fsf@jacob.g10code.de>
 <134ee3a6-225c-1f56-b09b-6b4cc5f1fc9c@anonymous.sex>
Message-ID: <d4630595-0cbb-40e0-8316-b0dbe46cffe1@sixdemonbag.org>

> IMO, a bad Authenticode signature which *actually* fails validation
> with error on Microsoft OS is a bug in beta-369.  Well, beta means
> to shake out bugs!  I respectfully suggest these fixes:

I agree this is a bug in beta-369 that needs fixing.

Werner has said it will be fixed prior to the official 5.0 release.
That's enough for me: the bug has been reported, received, and an action
plan for it exists.

> 2. Review gpg4win release engineering procedure to add guardrail
> check for invalid Authenticode sig.  To protect non-beta releases,
> too, automated regression test...

I hate to be the one to tell you this, but GnuPG has no continuous
integration and not much in the way of automated regression tests. (I
have not looked for these things lately: it's possible they've been
recently introduced.)

I don't disagree that CI is useful and that it would be nice to see
GnuPG adopt it. However, I wouldn't hold my breath waiting.

> I myself can easily verify your PGP dist sig.  But this does not
> help the PGP-newbie...

(a) it's not PGP, which is a trademark of ... I think Broadcom bought
the rights to Symantec which bought the rights from ... man, keeping
track of who owns the PGP intellectual property is just too much work.
But it's proprietary and belongs to someone else. Let's not use those
letters. :)

(b) the relevant standard is LibrePGP, which is not trademarked.

(c) if this user is new to GnuPG, please don't start them off on a beta
release. Beta releases have bugs and inadequacies and the documentation
is often not ready and everything else. Please stick to official releases.

Yes, this means you'll not be able to use FIPS 203 and PQC. Fortunately,
that really doesn't matter.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251017/601aea74/attachment.sig>

From wk at gnupg.org  Fri Oct 17 12:32:51 2025
From: wk at gnupg.org (Werner Koch)
Date: Fri, 17 Oct 2025 12:32:51 +0200
Subject: gpg4win expired code signing cert; please renew.
In-Reply-To: <134ee3a6-225c-1f56-b09b-6b4cc5f1fc9c@anonymous.sex> (have's
 message of "Fri, 17 Oct 2025 09:19:54 +0000")
References: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
 <87ikgex9rh.fsf@jacob.g10code.de>
 <134ee3a6-225c-1f56-b09b-6b4cc5f1fc9c@anonymous.sex>
Message-ID: <875xcdyg18.fsf@jacob.g10code.de>

On Fri, 17 Oct 2025 09:19, have--- said:

> I reported a real-world cert validation error on a Microsoft platform,
> of Gpg4win 5 beta.  The latest gpg4win-beta package (369) was
> published 2025-09-05, two months after cert expiry ? thus, **the

Nope.  Your system is not up to date or something else is wrong at your
site.  Here is the result on a freshly installed Windows 11 box:

  Sigcheck v2.80 - File version and signature viewer
  Copyright (C) 2004-2020 Mark Russinovich
  Sysinternals - www.sysinternals.com
  
  H:\gpg4win-5.0.0-beta369.exe:
          Verified:       Signed
          Signing date:   14:07 05/09/2025
          Publisher:      g10 Code GmbH
          Company:        g10 Code GmbH
          Description:    Gpg4win: The GNU Privacy Guard and Tools for Windows
          Product:        Gpg4win (5.0.0-beta369)
          Prod version:   n/a
          File version:   5.0.0.31191
          MachineType:    32-bit
          Binary Version: 5.0.0.31191
          Original Name:  n/a
          Internal Name:  n/a
          Copyright:      Copyright (C) 2024 g10 Code GmbH
          Comments:       Gpg4win is Free Software; you can redistribute it  and/or modify it under the terms of the GNU General Public License.  You should have received a copy of the GNU General Public License  along with this software; if not, write to the Free Software  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,  MA 02110-1301, USA
          Entropy:        7.999

And if you use the GUI you can clearly see that a new certificate is
used [1].


Salam-Shalom,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2025-10-17-sc.png
Type: image/png
Size: 46680 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251017/a9033168/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 284 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251017/a9033168/attachment-0001.sig>

From tennysontaylorbardwell at gmail.com  Fri Oct 17 03:37:20 2025
From: tennysontaylorbardwell at gmail.com (Tennyson T Bardwell)
Date: Thu, 16 Oct 2025 21:37:20 -0400
Subject: decryption outputs to stdout before verification
Message-ID: <m28qha48bz.fsf@gmail.com>

Hi gnupg-users,

In short: I experimented and found that `gpg -d > results.txt` will
write to `results.txt` even if the verification (signature or MDC) of
the wrapped message fails.

This is confirmed by the output[6] of a short script that I wrote[5],
which was inspired by a Qubes thread[1].

I think that I understand why this happens[2], why integrity is
important[3], and that writing to a temporary file (and checking the
exit code before use) is the recommended way to handle this. (Although,
I don't think that this behavior is as prominently documented as I think
that it should be[4])

However, I notice that gpg's `--decrypt` flag does not have a way to
specify the expected signer, meaning that (without parsing stderr)
there is no way to automatically verify the authenticity of an encrypted
file, only the integrity (by observing the exit code).

I guess that my questions are:

1. Am I missing something?
2. Do I need to manually verify that PGP blocks in my emails match the
   sender to avoid https://articles.59.ca/doku.php?id=pgpfan:forwarding
   or simply email sender spoofing?
3. May I, respectfully, request improvement to the documentation?

Warmly,
Tennyson
?

P.S. Should I start my emails with "Hello [name] <[email at address]>" to
ensure that the intended sender is included in the signed message?

[1]
https://groups.google.com/g/qubes-devel/c/TQr_QcXIVww

[2]
My understanding/mental-model is that our order of operations is:

1. Decrypted text is streamed and a live hash value is computed while
   the text is sent to /dev/stdout
2. The live hash value is checked
3. GPG exits with zero or non-zero code depending on the results of the check

[3]
I often see it recommended to sign messages before encrypting to ensure
integrity (and, as a byproduct, authentication). It seems that this was
so crucial that MDCs are now enabled by default. My understanding is
that MDCs provide integrity guarantees without signing. It seems that a
lack of integrity allows the injection of text into the message, such as
Efail: https://efail.de/

[4]
AI recommended that I pipe directly from GPG to my consumption program, and
made the assertion that no text would be output until verification
passed. Asserting the negative to AI in a new chat and asking for it to
find a citation didn't immediately work, nor did my own websearching. As
a result, I felt compelled to write the attached script to verify, and
to email this list.

I did not see the answer in the man page, nor the manual:

https://www.gnupg.org/gph/en/manual.html

And it seems like there is confusion/uncertainty from the creator of age:

https://words.filippo.io/age-authentication/#fn:mdc

As well as in the (old) Qubes thread that I linked.

[5]
```bash
#!/usr/bin/env bash
set -xeuo pipefail
IFS=$'\n\t'

gpg --version
cd "$(mktemp -d)"
dd if=/dev/zero of=test.bin bs=1k count=1k
gpg -c --batch --yes --passphrase pass --compress-level 0 test.bin
cp test.bin.gpg test-hacked.bin.gpg
ls -al
dd if=/dev/zero of=test-hacked.bin.gpg bs=1 count=1 seek=666999 conv=notrunc
xxd test.bin.gpg > test.bin.gpg.xxd
xxd test-hacked.bin.gpg > test-hacked.bin.gpg.xxd
diff test.bin.gpg.xxd test-hacked.bin.gpg.xxd || :
gpg -d --batch --yes --passphrase pass test-hacked.bin.gpg > dangerousOutput.bin || :
ls -al
du -hs dangerousOutput.bin
```

[6]
```
$ ./gpg-test.sh
+ IFS='
        '
+ gpg --version
gpg (GnuPG) 2.4.8
libgcrypt 1.10.3
Copyright (C) 2025 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /Users/tennyson/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
++ mktemp -d
+ cd /var/folders/30/9ql0lf1n509_v6q0br5pvv_r0000gn/T/tmp.6iExzO756J
+ dd if=/dev/zero of=test.bin bs=1k count=1k
1024+0 records in
1024+0 records out
1048576 bytes (1.0 MB, 1.0 MiB) copied, 0.002648 s, 396 MB/s
+ gpg -c --sign --batch --yes --passphrase pass --compress-level 0 test.bin
gpg: AES256.CFB encryption will be used
+ cp test.bin.gpg test-hacked.bin.gpg
+ ls -al
total 3080
drwx------   5 tennyson staff     160 Oct 16 18:59 .
drwx------ 417 tennyson staff   13344 Oct 16 18:59 ..
-rw-r--r--   1 tennyson staff 1048900 Oct 16 18:59 test-hacked.bin.gpg
-rw-r--r--   1 tennyson staff 1048576 Oct 16 18:59 test.bin
-rw-r--r--   1 tennyson staff 1048900 Oct 16 18:59 test.bin.gpg
+ dd if=/dev/zero of=test-hacked.bin.gpg bs=1 count=1 seek=666999 conv=notrunc
1+0 records in
1+0 records out
1 byte copied, 0.000159 s, 6.3 kB/s
+ xxd test.bin.gpg
+ xxd test-hacked.bin.gpg
+ diff test.bin.gpg.xxd test-hacked.bin.gpg.xxd
41688c41688
< 000a2d70: 720c cfea 9d8e e778 4373 768f c741 f207  r......xCsv..A..
---
> 000a2d70: 720c cfea 9d8e e700 4373 768f c741 f207  r.......Csv..A..
+ :
+ gpg -d --batch --yes --passphrase pass test-hacked.bin.gpg
gpg: AES256.CFB encrypted data
gpg: encrypted with 1 passphrase
gpg: Signature made Thu Oct 16 18:59:32 2025 CDT
gpg:                using EDDSA key AFFC0B718C7AF7AAF8B6EC2C76FA7C3D275E4D55
gpg: BAD signature from "Tennyson T Bardwell (onxy machine) <tennysontaylorbardwell at gmail.com>" [ultimate]
+ :
+ ls -al
total 12816
drwx------   8 tennyson staff     256 Oct 16 18:59 .
drwx------ 417 tennyson staff   13344 Oct 16 18:59 ..
-rw-r--r--   1 tennyson staff 1048576 Oct 16 18:59 dangerousOutput.bin
-rw-r--r--   1 tennyson staff 1048900 Oct 16 18:59 test-hacked.bin.gpg
-rw-r--r--   1 tennyson staff 4457864 Oct 16 18:59 test-hacked.bin.gpg.xxd
-rw-r--r--   1 tennyson staff 1048576 Oct 16 18:59 test.bin
-rw-r--r--   1 tennyson staff 1048900 Oct 16 18:59 test.bin.gpg
-rw-r--r--   1 tennyson staff 4457864 Oct 16 18:59 test.bin.gpg.xxd
+ du -hs dangerousOutput.bin
1.0M    dangerousOutput.bin
```


From wk at gnupg.org  Fri Oct 17 15:42:25 2025
From: wk at gnupg.org (Werner Koch)
Date: Fri, 17 Oct 2025 15:42:25 +0200
Subject: decryption outputs to stdout before verification
In-Reply-To: <m28qha48bz.fsf@gmail.com> (Tennyson T. Bardwell via
 Gnupg-users's message of "Thu, 16 Oct 2025 21:37:20 -0400")
References: <m28qha48bz.fsf@gmail.com>
Message-ID: <87sefhwsou.fsf@jacob.g10code.de>

Hi!

On Thu, 16 Oct 2025 21:37, Tennyson T Bardwell said:

> In short: I experimented and found that `gpg -d > results.txt` will
> write to `results.txt` even if the verification (signature or MDC) of
> the wrapped message fails.

Sure, gpg is a Unix tool and as such used in pipeline to process huge
amounts of data.

> I think that I understand why this happens[2], why integrity is
> important[3], and that writing to a temporary file (and checking the
> exit code before use) is the recommended way to handle this. (Although,

Right.  Before you further process the data you should verify it.  

> However, I notice that gpg's `--decrypt` flag does not have a way to
> specify the expected signer, meaning that (without parsing stderr)

You can do that with --assert-signer like:

  $ gpg -d --assert-signer 8777461F2A074EBC480D359419CC1C9E085B107A foo
  gpg: encrypted with brainpoolP384r1 key, ID 2B999FA9CE046B1B, created 2021-06-28
        "wk at gnupg.org"
  gpg: using "63113AE866587D0A" as default secret key for signing
  Today is the first day of the rest of your life.
  gpg: Signature made Fri 17 Oct 2025 03:15:13 PM CEST
  gpg:                using EDDSA key 8777461F2A074EBC480D359419CC1C9E085B107A
  gpg: Good signature from "wk at gnupg.org" [ultimate]
  gpg:                 aka "werner at eifzilla.de" [ultimate]
  gpg:                 aka "wk at g10code.com" [ultimate]
  gpg:                 aka "werner.koch at gnupg.com" [ultimate]
  gpg: asserted signer '8777461F2A074EBC480D359419CC1C9E085B107A'
  $ echo $?
  0

and here using a non-matching signer:

  $ gpg -d --assert-signer E8EC28456EA6CFD7A0B15821C1DBABEF2C2096BB foo
  gpg: encrypted with brainpoolP384r1 key, ID 2B999FA9CE046B1B, created 2021-06-28
        "wk at gnupg.org"
  gpg: WARNING: server 'keyboxd' is older than us (2.5.12-beta1 < 2.5.13-beta9)
  gpg: Note: Outdated servers may lack important security fixes.
  gpg: Note: Use the command "gpgconf --kill all" to restart them.
  gpg: using "63113AE866587D0A" as default secret key for signing
  Today is the first day of the rest of your life.
  gpg: Signature made Fri 17 Oct 2025 03:15:13 PM CEST
  gpg:                using EDDSA key 8777461F2A074EBC480D359419CC1C9E085B107A
  gpg: Good signature from "wk at gnupg.org" [ultimate]
  gpg:                 aka "werner at eifzilla.de" [ultimate]
  gpg:                 aka "wk at g10code.com" [ultimate]
  gpg:                 aka "werner.koch at gnupg.com" [ultimate]
  $ echo $?
  1

To observer more information in a scripted application use --status-fd
for example to check for a DECRYPTION_OKAY line.  You would see this line
even if you don't have the siblic key for the signature.

> 1. Am I missing something?

--assert-signer is available since 2.4.1

> 2. Do I need to manually verify that PGP blocks in my emails match the
>    sender to avoid https://articles.59.ca/doku.php?id=pgpfan:forwarding
>    or simply email sender spoofing?

I have not read that article but a good mail client should indicate
what part of the forwarded mail has been signed.

> 3. May I, respectfully, request improvement to the documentation?

There are so many use cases that a single hint does help a lot ;-)

> [3]
> I often see it recommended to sign messages before encrypting to ensure
> integrity (and, as a byproduct, authentication). It seems that this was
> so crucial that MDCs are now enabled by default. My understanding is
> that MDCs provide integrity guarantees without signing. It seems that a

An MDC implementes authenticated encryption (AE or AEAD) and for certain
use cases it is better to have integrity.  In the old PGP days we always
said, that signing is enough.  But for some uses cases authenticated
encryption is needed.

> lack of integrity allows the injection of text into the message, such as
> Efail: https://efail.de/

Actually that is about implementation bugs in MUAs which we can partly
solve with MDCs or more modern AE like OCB mode.

Authenticated Encryption does not help against malicious content.  This
can only be mitigated by  using a signature from a known key.


Shalom-Salam,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 284 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251017/f4236fe0/attachment.sig>

From kloecker at kde.org  Fri Oct 17 22:06:52 2025
From: kloecker at kde.org (Ingo =?UTF-8?B?S2zDtmNrZXI=?=)
Date: Fri, 17 Oct 2025 22:06:52 +0200
Subject: gpg4win expired code signing cert; please renew.
In-Reply-To: <875xcdyg18.fsf@jacob.g10code.de>
References: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
 <134ee3a6-225c-1f56-b09b-6b4cc5f1fc9c@anonymous.sex>
 <875xcdyg18.fsf@jacob.g10code.de>
Message-ID: <4507739.UPlyArG6xL@daneel>

On Freitag, 17. Oktober 2025 12:32:51 Mitteleurop?ische Sommerzeit Werner Koch 
via Gnupg-users wrote:
> On Fri, 17 Oct 2025 09:19, have--- said:
> > I reported a real-world cert validation error on a Microsoft platform,
> > of Gpg4win 5 beta.  The latest gpg4win-beta package (369) was
> > published 2025-09-05, two months after cert expiry ? thus, **the
> 
> Nope.  Your system is not up to date or something else is wrong at your
> site.  Here is the result on a freshly installed Windows 11 box:

In their original message the OP mentions that the latest gpg4win code signing 
certificate published at
https://gpg4win.org/package-integrity.html
has expired. That's correct. Werner should update the list of gpg4win code 
signing certificates on that page.

What's incorrect is the OP's claim that the *current* gpg4win code signing 
certificate has expired. Werner has demonstrated that the latest Gpg4win beta 
release has been signed with a new valid code signing certificate.

Obviously, the OP didn't check the code signing certificate that was used to 
sign the Gpg4win 5.0.0-beta369 release, but they blindly believed that
https://gpg4win.org/package-integrity.html
wasn't outdated and that Werner somehow managed to use an expired certificate 
for an Authenticode signature. I'm hard-pressed to believe that using an 
expired certificate for creating an Authenticode signature is even possible.

By the way, one doesn't need Microsoft's OS for checking the signature. Using 
Linux it's pretty simple to check the certificate that was used. First we 
extract the signature:
```
$ osslsigncode extract-signature -pem -in gpg4win-5.0.0-beta369.exe \
-out gpg4win-5.0.0-beta369.exe.pem
PE checksum   : 028F186B
Succeeded
```

And then we use openssl to list the certificates:
```
$ openssl pkcs7 -in gpg4win-5.0.0-beta369.exe.pem -print_certs -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:1d:f9:34:50:4f:8e:38:3b:33:bc:e5
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign GCC R45 CodeSigning CA 
2020
        Validity
            Not Before: Jun  5 12:43:59 2025 GMT
            Not After : Jun  5 12:43:59 2028 GMT
        Subject: C=DE, ST=Nordrhein-Westfalen, L=Erkrath, O=g10 Code GmbH, 
CN=g10 Code GmbH/emailAddress=code at g10code.com
[...]
```

If I had bothered to track down and download the root CA certificate I could 
have even verified the signature with osslsigncode. I leave this as exercise 
for Mr. have. Maybe this will teach them not to make false claims about 
expired signatures while at the same time telling everybody that they should 
"use PQC *yesterday*".

Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 265 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251017/22c4ebc2/attachment.sig>

From rjh at sixdemonbag.org  Fri Oct 17 23:44:11 2025
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 17 Oct 2025 17:44:11 -0400
Subject: gpg4win expired code signing cert; please renew.
In-Reply-To: <4507739.UPlyArG6xL@daneel>
References: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
 <134ee3a6-225c-1f56-b09b-6b4cc5f1fc9c@anonymous.sex>
 <875xcdyg18.fsf@jacob.g10code.de> <4507739.UPlyArG6xL@daneel>
Message-ID: <0d03242d-ff82-44c6-8c67-2f837e330e60@sixdemonbag.org>

> By the way, one doesn't need Microsoft's OS for checking the signature. Using
> Linux it's pretty simple to check the certificate that was used. First we
> extract the signature:
> ```
> $ osslsigncode extract-signature -pem -in gpg4win-5.0.0-beta369.exe \
> -out gpg4win-5.0.0-beta369.exe.pem
> PE checksum   : 028F186B
> Succeeded
> ```

FWIW, although I'm grateful osslsigncode exists I often find it to be 
unpleasant to use at the command line. Several months ago I wrote a 
Python script to make it easier for me, and a couple of other people 
have reported it makes their workflow easier.

https://github.com/rjhansen/signtool

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251017/e9286286/attachment.sig>

From mysidia at gmail.com  Sat Oct 18 02:03:45 2025
From: mysidia at gmail.com (Jay Acuna)
Date: Fri, 17 Oct 2025 19:03:45 -0500
Subject: gpg4win expired code signing cert; please renew.
In-Reply-To: <95da4ade-8c95-9e5d-b048-b7b48c5d017c@anonymous.sex>
References: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
 <9a97191a-2371-488b-a4d6-f0430337d755@sixdemonbag.org>
 <CAAAwwbX6-3yUpJVtTTw=r-BRdC=Ur1X45JmCBVjYiUXMn-yAgA@mail.gmail.com>
 <95da4ade-8c95-9e5d-b048-b7b48c5d017c@anonymous.sex>
Message-ID: <CAAAwwbVhVjEXC0YR+WSQwsPc8FUfveCisdvB8=N8e+twYd6ZVw@mail.gmail.com>

On Thu, Oct 16, 2025 at 1:35?PM <have at anonymous.sex> wrote:

> And why bother?  Real Cryptographers? have already done the hard work
> for securely hybridizing the needed algorithms, and developers such as

The why bother; is because it is best option available, for now.
The PKCS11 devices you are able to find at the store for purchase from
a trustworthy vendor don't support the PQC algorithms.

Hardware development is slow, and much of your hardware will only support RSA
and EC keys for a very long time. Good luck getting PQC on a PGP card.
Even support for RSA keys longer than 2048 are difficult to find.

Software on your computer can support the PQC algorithms as soon as
they come out, but software cannot provide appropriate key protection
against the adversaries who gain logical or physical control over your computer.

These tools such as malware who would steal your keys are real and
tangible, and a huge threat, but quantum computing is in the future.
They are, as far as you know, very different unrelated types of actors.
The concern from quantum computers is your adversaries will sniff
your traffic on the wire and save it in their 30-year cold storage for future
perusal. They are not on your computer with malware snatching your
keys. IF they were, then the PQC algorithm offers zero additional
protection. Only a hardware-based solution has anything to offer in
this area -- hardware with no PQC public-key ciphers supported.

It is logical to say   nest   E_algorithm1_key1 ( E_algorithm2_key2 )
to defend against entirely different categories of theoretical future
attackers who can break E_algorithm1.  But  keep the E_algorithm1
encryption to defend against actors who can
use malware to steal the E_algtorithm2_key straight off your computer.


It doesn't matter if in theory some ideal attacker could establish a
mathematical
association between the two algorithms, as they say.
Because your alternative is  only use E_algorithm2 which makes you
seriously vulnerable immediately.
Or only use E_algorithm1 which is to just ignore the future quantum
threat entirely.

You are in an objectively weaker position using only one level of
protection versus both.

There's no point in mulling over a theoretical subset of attacker who has
both malware to steal your PQC key and a quantum computer to
blow up your traditional key.   There are extremely strong reasons here
to Not  only use E_algorithm1  and to also not only use E_algorithm2.

And the reason for applying E_algorithm1 does not have to do with
concerns about the cryptographic properties of E_algorithm2.
It's about the form in which implementations of that algorithm have been made
available to you for use.

> WK and the GnuPG devs have already implemented it *a year ago* (v.2.5.1
> stable/forward-compatible protocol for ECC+Kyber).
--
-JA


From jcb62281 at gmail.com  Sat Oct 18 04:48:14 2025
From: jcb62281 at gmail.com (Jacob Bachmeyer)
Date: Fri, 17 Oct 2025 21:48:14 -0500
Subject: hardware tokens and malware threats (was: gpg4win expired code
 signing cert; please renew.)
In-Reply-To: <CAAAwwbVhVjEXC0YR+WSQwsPc8FUfveCisdvB8=N8e+twYd6ZVw@mail.gmail.com>
References: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
 <9a97191a-2371-488b-a4d6-f0430337d755@sixdemonbag.org>
 <CAAAwwbX6-3yUpJVtTTw=r-BRdC=Ur1X45JmCBVjYiUXMn-yAgA@mail.gmail.com>
 <95da4ade-8c95-9e5d-b048-b7b48c5d017c@anonymous.sex>
 <CAAAwwbVhVjEXC0YR+WSQwsPc8FUfveCisdvB8=N8e+twYd6ZVw@mail.gmail.com>
Message-ID: <665e629b-53db-401b-a7fe-33f97dfd71ae@gmail.com>

On 10/17/25 19:03, Jay Acuna via Gnupg-users wrote:
> [...]
>
> There's no point in mulling over a theoretical subset of attacker who has
> both malware to steal your PQC key and a quantum computer to
> blow up your traditional key.

I see a simple problem here:? if an attacker can plant resident malware 
on your computer, then that malware can simply wait for you to insert 
and unlock your hardware token and then abuse the token to decrypt/sign 
messages for the attacker, even if the attacker cannot make off with 
your private key itself.

In short, if the malware can steal your key and passphrase, it can also 
steal your token PIN and give the attacker access that way.


-- Jacob



From rjh at sixdemonbag.org  Sat Oct 18 08:29:07 2025
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sat, 18 Oct 2025 02:29:07 -0400
Subject: gpg4win expired code signing cert; please renew.
In-Reply-To: <CAAAwwbVhVjEXC0YR+WSQwsPc8FUfveCisdvB8=N8e+twYd6ZVw@mail.gmail.com>
References: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
 <9a97191a-2371-488b-a4d6-f0430337d755@sixdemonbag.org>
 <CAAAwwbX6-3yUpJVtTTw=r-BRdC=Ur1X45JmCBVjYiUXMn-yAgA@mail.gmail.com>
 <95da4ade-8c95-9e5d-b048-b7b48c5d017c@anonymous.sex>
 <CAAAwwbVhVjEXC0YR+WSQwsPc8FUfveCisdvB8=N8e+twYd6ZVw@mail.gmail.com>
Message-ID: <f01f5f67-3941-4962-8ebf-c23cbb27014b@sixdemonbag.org>

> The why bother; is because it is best option available, for now.

Your proposal has been heard, considered, and soundly rejected. Could we 
please return to discussing GnuPG?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251018/6cb65217/attachment.sig>

From mysidia at gmail.com  Sun Oct 19 13:00:09 2025
From: mysidia at gmail.com (Jay Acuna)
Date: Sun, 19 Oct 2025 06:00:09 -0500
Subject: gpg4win expired code signing cert; please renew.
In-Reply-To: <f01f5f67-3941-4962-8ebf-c23cbb27014b@sixdemonbag.org>
References: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
 <9a97191a-2371-488b-a4d6-f0430337d755@sixdemonbag.org>
 <CAAAwwbX6-3yUpJVtTTw=r-BRdC=Ur1X45JmCBVjYiUXMn-yAgA@mail.gmail.com>
 <95da4ade-8c95-9e5d-b048-b7b48c5d017c@anonymous.sex>
 <CAAAwwbVhVjEXC0YR+WSQwsPc8FUfveCisdvB8=N8e+twYd6ZVw@mail.gmail.com>
 <f01f5f67-3941-4962-8ebf-c23cbb27014b@sixdemonbag.org>
Message-ID: <CAAAwwbWZVMS+i5K5xQmhPC8+BCif1ZG=jg29WiCha2xafWiULw@mail.gmail.com>

On Sat, Oct 18, 2025 at 1:30?AM Robert J. Hansen via Gnupg-users
<gnupg-users at gnupg.org> wrote:
> > The why bother; is because it is best option available, for now.
> Your proposal has been heard, considered, and soundly rejected. Could we
> please return to discussing GnuPG?

I don't care if solely you, some random user on the internet reject it.
This is a good way to use gnupg.   This is what you have for a
solution to the problem in general.
What if I want to encrypt a file such that (USERID1), (USERID2), and (USERID3)
must all co-operate in order to read the file?  Multiple keys
necessary to unlock

gpg -e -r  USERID1 <  inputfile.txt  | gpg -e -r  USERID2  | gpg -e -r
 USERID3 > output_file.gpg
As far as I know there is no better way than that provided by GnuPG as
an option.


You speak as if you invented the crypto or whatever, and I ever came
for approval.
The point is I shared best practice to append post-quantum protections,
to your security plans, and it is fine if you disagree.

That it is now one best practice to add quantum protection, and chain it with
addition to existing procedure If the technology is not available to combine
that into a single function.  Given input -> A -> B -> output.  It is reasonable
to presume function A's security promises remained intact following
processing by
an arbitrary function B which does not have inputs available to it related to
the inputs of function A.   You cannot guarantee it 100%,  but a
mathematical proof is not the standard to extend security practices
which lower compromise probability.

You ignore added risks related to future quantum crypto development at
your own peril.
It's fine to only use PQC, but you ignore other risks the
implementation doesn't help you with,
also at your own peril.

The industry disagrees with you.
You'll find the approach appearing in various standards.
OpenSSH 10 already changed the default to a combination of ML-KEM
with 25519 ec  key exchange,  mlkem768x25519-sha256, etc.
Your rejection is soundly dismissed.

-- 
-JA


From andrewg at andrewg.com  Sun Oct 19 13:49:34 2025
From: andrewg at andrewg.com (Andrew Gallagher)
Date: Sun, 19 Oct 2025 12:49:34 +0100
Subject: gpg4win expired code signing cert; please renew.
In-Reply-To: <7C43B98E-0E35-4980-A1EE-55AEA0F2AEB8@andrewg.com>
References: <7C43B98E-0E35-4980-A1EE-55AEA0F2AEB8@andrewg.com>
Message-ID: <78DEAAE9-6DCC-4BC7-A071-2BDF35427A19@andrewg.com>

> On 19 Oct 2025, at 12:01, Jay Acuna via Gnupg-users <gnupg-users at gnupg.org> wrote:
> 
> The point is I shared best practice to append post-quantum protections,
> to your security plans, and it is fine if you disagree.

I want to make one thing really, really clear to all observers.

Jay references OpenSSH. OpenSSH?s PQ/T mechanism uses HKDF to mitigate the group analysis problem that Rob raised. So does GnuPG?s ?Kyber? PQ/T algorithm, as does the upcoming OpenPGP PQC specification, and TLS, and, and?

Jay?s proposed hybrid encryption scheme does not use a KDF. It is therefore NOT best practice. The fact that he does not understand the group analysis problem, or how a KDF is essential to protect against it, means that he is unqualified to make pronouncements about the security properties of his or any other scheme. Please do not listen to him.

A

From rjh at sixdemonbag.org  Sun Oct 19 14:37:39 2025
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sun, 19 Oct 2025 08:37:39 -0400
Subject: gpg4win expired code signing cert; please renew.
In-Reply-To: <CAAAwwbWZVMS+i5K5xQmhPC8+BCif1ZG=jg29WiCha2xafWiULw@mail.gmail.com>
References: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
 <9a97191a-2371-488b-a4d6-f0430337d755@sixdemonbag.org>
 <CAAAwwbX6-3yUpJVtTTw=r-BRdC=Ur1X45JmCBVjYiUXMn-yAgA@mail.gmail.com>
 <95da4ade-8c95-9e5d-b048-b7b48c5d017c@anonymous.sex>
 <CAAAwwbVhVjEXC0YR+WSQwsPc8FUfveCisdvB8=N8e+twYd6ZVw@mail.gmail.com>
 <f01f5f67-3941-4962-8ebf-c23cbb27014b@sixdemonbag.org>
 <CAAAwwbWZVMS+i5K5xQmhPC8+BCif1ZG=jg29WiCha2xafWiULw@mail.gmail.com>
Message-ID: <1ef1b377-2cc1-4f52-b7dc-90090da1788a@sixdemonbag.org>

> I don't care if solely you, some random user on the internet reject 
> it.

It's not just me, and you clearly do.

> This is a good way to use gnupg.

Prove it mathematically.

> What if I want to encrypt a file such that (USERID1), (USERID2), and 
> (USERID3) must all co-operate in order to read the file?  Multiple 
> keys necessary to unlock
> 
> gpg -e -r  USERID1 <  inputfile.txt  | gpg -e -r  USERID2  | gpg -e
> - r USERID3 > output_file.gpg As far as I know there is no better
> way than that provided by GnuPG as an option.

Shamir's secret-sharing protocol.

> You speak as if you invented the crypto or whatever, and I ever
> came for approval.

I'm not a cryptographer. I'm a tolerably good cryptographic engineer.
And you wouldn't spend so much time insisting I take your scheme
seriously if you weren't looking for my approval.

And honestly, that concerns me. You shouldn't want my approval. As you
say, I'm just some random user on the internet: why does my approval
matter so much? Personally, I would much rather you said, "okay, so
that's a hard pass from Rob: would anyone else like to talk the merits
and flaws of this idea?"

You're a human being deserving of dignity and professional treatment.
Your ideas deserve neither. You are not your ideas. This is really
important because good people come up with bad ideas *all the time*.

I used to work at a skunkworks research lab doing digital forensics R&D.
On our whiteboard we kept our two lab rules, things that we credited our
success to:

	1. MOST OF IT IS WRONG.
	2. WE FAIL FASTER.

99% of our ideas were awful and didn't pan out. That's the harsh
reality. We compensated by spotting theoretical problems as early as
possible, building prototypes as soon as the theory was solid, and
testing our prototypes as strenuously as possible. Whenever anyone's
idea turned out to work the entire lab put our names on the paper;
whenever our ideas didn't, we put the notes in our folder of null
results and resolved to not accidentally rediscover that wrong idea
again. (Don't laugh: it happens all the time if you're not keeping a
null folder.)

I recommend the same approach to you.

Your current idea -- maybe it's right! Maybe it's wrong. It falls into
the realm of what Wolfgang Pauli condemned as ideas that "aren't even
wrong": ideas that never showed up ready to be critically examined and
judged.

It all starts with mathematics.

You deserve dignity and professional treatment, but your idea is not
ready to be taken seriously because you have not shown the math. I know
that's hard to hear.

Finally...

> You ignore added risks related to future quantum crypto development 
> at your own peril.

A tip about being taken seriously in the community: most of us react
with laughter to "you'll be sorry if you don't listen to me!".
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251019/d68bf795/attachment.sig>

From rjh at sixdemonbag.org  Sun Oct 19 14:43:34 2025
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sun, 19 Oct 2025 08:43:34 -0400
Subject: gpg4win expired code signing cert; please renew.
In-Reply-To: <78DEAAE9-6DCC-4BC7-A071-2BDF35427A19@andrewg.com>
References: <7C43B98E-0E35-4980-A1EE-55AEA0F2AEB8@andrewg.com>
 <78DEAAE9-6DCC-4BC7-A071-2BDF35427A19@andrewg.com>
Message-ID: <4d9c30f0-5bb2-42e1-a02d-ece41eb4befa@sixdemonbag.org>

> I want to make one thing really, really clear to all observers.

Andrew and I both have made strong statements this morning. We are not 
coordinating anything, haven't discussed this proposal at all. (I did 
write him an email a few days ago seeking input on a different matter, 
but not this one.)

I don't want anyone to get buried under a dogpile of criticism, so I'll 
back out of future discussion. I've raised the points I feel are 
salient, and they can speak for themselves.

Andrew is plenty competent to answer any questions people have about 
this proposal.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251019/74a98d9a/attachment-0001.sig>

From wk at gnupg.org  Sun Oct 19 19:47:24 2025
From: wk at gnupg.org (Werner Koch)
Date: Sun, 19 Oct 2025 19:47:24 +0200
Subject: gpg4win expired code signing cert; please renew.
In-Reply-To: <4507739.UPlyArG6xL@daneel> ("Ingo =?utf-8?Q?Kl=C3=B6cker=22'?=
 =?utf-8?Q?s?= message of "Fri, 17 Oct 2025 22:06:52 +0200")
References: <48418b8e-6bac-845a-8866-9c96835fdd10@anonymous.sex>
 <134ee3a6-225c-1f56-b09b-6b4cc5f1fc9c@anonymous.sex>
 <875xcdyg18.fsf@jacob.g10code.de> <4507739.UPlyArG6xL@daneel>
Message-ID: <87bjm2wzpv.fsf@jacob.g10code.de>

On Fri, 17 Oct 2025 22:06, Ingo Kl?cker said:

> certificate published at
> https://gpg4win.org/package-integrity.html
> has expired. That's correct. Werner should update the list of gpg4win code 

Actually I was not aware that someone(tm) put the X.509 certificate
details for AuthentiCode there.  I see no real need in this because the
PKI should guarantee that this is a valid one.  We use Authenticode only
because Microsoft demands that and some sites only allow running
programs with Authenticode signatures.  For package integrity we use
*PGP signatures.


Salam-Shalom,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 284 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251019/f0a43edf/attachment.sig>

From rjh at sixdemonbag.org  Mon Oct 20 04:23:41 2025
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sun, 19 Oct 2025 22:23:41 -0400
Subject: Cryptography 101
Message-ID: <adf23b34-5acd-47bf-917c-103526d1a221@sixdemonbag.org>

(For non-US readers: in the United States university system, classes 
have departments, names, and numbers. In any department, the 101 class 
is almost always "Introduction to...". Hence, Computer Science 101 is 
Introduction to Computer Science, and Cryptography 101 would be...)

I've said a lot recently about how important it is to be able to ask 
basic questions about whether a cipher forms a mathematical group. I 
figure people might benefit from hearing a little bit about it.

Group theory is to mathematics what Perl scripting is to system 
administration: it doesn't get much respect but knowing it is an 
essential, non-negotiable skill purely because of how much it glues the 
whole system together.

Put broadly, group theory is the study of absolutely anything that has 
these properties: well-defined inputs and outputs taken from the same 
set, and a function that obeys the associative property and can be used 
to do identities and inverses.

For instance, do the integers form a group under addition?

	* Inputs: and outputs are from the same set? Yes, integers!
	* Can addition do identities? Yes, add zero!
	* Can addition invert itself? Yes, add a negative!
	* Does addition associate? Yes!

Therefore, we would say the integers form a group under addition, and 
that means anything involving adding two integers together can be 
studied with group theory.

Hmm.

Do Rubik's cubes form groups under rotations?

	* Inputs and outputs are from the same set? Yes, cube configs!
	* Can you rotate a face such that the cube doesn't change? Yes!
	* Can rotations invert themselves? Yes, twist it the other way!
	* Do cubes associate? Yes! (higher math proof omitted)

So wait, we've got a single coherent mathematical theory that describes 
not just numbers like arithmetic, but big complicated objects like 
Rubik's cubes.

When considering a mathematical concept, one of the very first things 
mathematicians -- and every cryptographer is a mathematician -- ask is, 
"does this thing form a group?" Because if so, wow, you can do the 
mathematical equivalent of running off to look at CPAN to see all the 
stuff people have *already proved about your problem* just by nature of 
the fact it's a group.

The moment you say "oh, it's a group," you have something like 3,500 
major results in mathematics pre-proven for your problem. Answer four 
questions, get 3,500 theorems about your problem. That is *breathtaking* 
power.

For instance, with respect to layering ciphers: there's a theorem which 
says "if your cipher is a group, nope, you're fooling yourself." You can 
prove ROT is a group (go ahead: try to prove it yourself!), so we know 
layering is ineffective.

=====

Another good reason to study group theory: it is the foundation of RSA, 
Diffie-Hellman, DSA, and Elgamal, including elliptical curve variants. 
All of those algorithms are based on the "hidden subgroup problem", 
which, as you might guess from the name, is a part of group theory best 
described with tools from group theory.

=====

If you're interested, MIT makes their entire abstract algebra curriculum 
("abstract algebra" being the branch of math that contains group theory) 
available via their Open CourseWare site:

https://ocw.mit.edu/courses/18-703-modern-algebra-spring-2013/pages/lecture-notes/

It will be hard. It will challenge you. But if you can understand the 
basics of group theory, you will have in your mathematical repertoire 
the equivalent of Perl and a copy of the Camel book. It is powerful, it 
is useful, and it's there for the taking.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251019/afd3288d/attachment.sig>

From johnz at pleasantnightmare.com  Tue Oct 21 18:23:31 2025
From: johnz at pleasantnightmare.com (John Z.)
Date: Tue, 21 Oct 2025 10:23:31 -0600
Subject: Cryptography 101
In-Reply-To: <adf23b34-5acd-47bf-917c-103526d1a221@sixdemonbag.org>
References: <adf23b34-5acd-47bf-917c-103526d1a221@sixdemonbag.org>
Message-ID: <aPezgy4fb1I7Bpus@johnslap>

I absolutely share your sentiments about group theory. It elevated my
thinking and problem solving like nothing else, and I don't mean just
cryptography, but software engineering as a whole.
According to my own experience, I strongly believe that advanced math
studies would be an essential thing for any sweng to engage in.

(P.S. Lurking this group for nearly a decade, but never have anything
useful to add - much like right now. Loving nearly everything I read,
tho.)

-- 
John Z.
"All my thoughts are burning,
 and I like how warm the fire can be..."


On Sun, Oct 19, 2025 at 10:23:41PM -0400, Robert J. Hansen via Gnupg-users wrote:
> (For non-US readers: in the United States university system, classes have
> departments, names, and numbers. In any department, the 101 class is almost
> always "Introduction to...". Hence, Computer Science 101 is Introduction to
> Computer Science, and Cryptography 101 would be...)
> 
> I've said a lot recently about how important it is to be able to ask basic
> questions about whether a cipher forms a mathematical group. I figure people
> might benefit from hearing a little bit about it.
> 
> Group theory is to mathematics what Perl scripting is to system
> administration: it doesn't get much respect but knowing it is an essential,
> non-negotiable skill purely because of how much it glues the whole system
> together.
> 
> Put broadly, group theory is the study of absolutely anything that has these
> properties: well-defined inputs and outputs taken from the same set, and a
> function that obeys the associative property and can be used to do
> identities and inverses.
> 
> For instance, do the integers form a group under addition?
> 
> 	* Inputs: and outputs are from the same set? Yes, integers!
> 	* Can addition do identities? Yes, add zero!
> 	* Can addition invert itself? Yes, add a negative!
> 	* Does addition associate? Yes!
> 
> Therefore, we would say the integers form a group under addition, and that
> means anything involving adding two integers together can be studied with
> group theory.
> 
> Hmm.
> 
> Do Rubik's cubes form groups under rotations?
> 
> 	* Inputs and outputs are from the same set? Yes, cube configs!
> 	* Can you rotate a face such that the cube doesn't change? Yes!
> 	* Can rotations invert themselves? Yes, twist it the other way!
> 	* Do cubes associate? Yes! (higher math proof omitted)
> 
> So wait, we've got a single coherent mathematical theory that describes not
> just numbers like arithmetic, but big complicated objects like Rubik's
> cubes.
> 
> When considering a mathematical concept, one of the very first things
> mathematicians -- and every cryptographer is a mathematician -- ask is,
> "does this thing form a group?" Because if so, wow, you can do the
> mathematical equivalent of running off to look at CPAN to see all the stuff
> people have *already proved about your problem* just by nature of the fact
> it's a group.
> 
> The moment you say "oh, it's a group," you have something like 3,500 major
> results in mathematics pre-proven for your problem. Answer four questions,
> get 3,500 theorems about your problem. That is *breathtaking* power.
> 
> For instance, with respect to layering ciphers: there's a theorem which says
> "if your cipher is a group, nope, you're fooling yourself." You can prove
> ROT is a group (go ahead: try to prove it yourself!), so we know layering is
> ineffective.
> 
> =====
> 
> Another good reason to study group theory: it is the foundation of RSA,
> Diffie-Hellman, DSA, and Elgamal, including elliptical curve variants. All
> of those algorithms are based on the "hidden subgroup problem", which, as
> you might guess from the name, is a part of group theory best described with
> tools from group theory.
> 
> =====
> 
> If you're interested, MIT makes their entire abstract algebra curriculum
> ("abstract algebra" being the branch of math that contains group theory)
> available via their Open CourseWare site:
> 
> https://ocw.mit.edu/courses/18-703-modern-algebra-spring-2013/pages/lecture-notes/
> 
> It will be hard. It will challenge you. But if you can understand the basics
> of group theory, you will have in your mathematical repertoire the
> equivalent of Perl and a copy of the Camel book. It is powerful, it is
> useful, and it's there for the taking.
> 
> 




> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users



From vedaal at nym.hush.com  Tue Oct 21 19:53:13 2025
From: vedaal at nym.hush.com (vedaal at nym.hush.com)
Date: Tue, 21 Oct 2025 13:53:13 -0400
Subject: Cryptography 101
In-Reply-To: <adf23b34-5acd-47bf-917c-103526d1a221@sixdemonbag.org>
Message-ID: <f35a0b70be69e050d7ea36fb4402c55bca2e7b1479dec45e@smtp.hushmail.com>

Here's the simplified non-M.I.T. Group theory
101:https://www.geeksforgeeks.org/maths/group-theory/
=====

On 10/19/2025 at 10:26 PM, "Robert J. Hansen via Gnupg-users" 
wrote:(For non-US readers: in the United States university system,
classes 
have departments, names, and numbers. In any department, the 101 class

is almost always "Introduction to...". Hence, Computer Science 101 is 
Introduction to Computer Science, and Cryptography 101 would be...)

I've said a lot recently about how important it is to be able to ask 
basic questions about whether a cipher forms a mathematical group. I 
figure people might benefit from hearing a little bit about it.

Group theory is to mathematics what Perl scripting is to system 
administration: it doesn't get much respect but knowing it is an 
essential, non-negotiable skill purely because of how much it glues
the 
whole system together.

Put broadly, group theory is the study of absolutely anything that has

these properties: well-defined inputs and outputs taken from the same 
set, and a function that obeys the associative property and can be
used 
to do identities and inverses.

For instance, do the integers form a group under addition?

 * Inputs: and outputs are from the same set? Yes, integers!
 * Can addition do identities? Yes, add zero!
 * Can addition invert itself? Yes, add a negative!
 * Does addition associate? Yes!

Therefore, we would say the integers form a group under addition, and 
that means anything involving adding two integers together can be 
studied with group theory.

Hmm.

Do Rubik's cubes form groups under rotations?

 * Inputs and outputs are from the same set? Yes, cube configs!
 * Can you rotate a face such that the cube doesn't change? Yes!
 * Can rotations invert themselves? Yes, twist it the other way!
 * Do cubes associate? Yes! (higher math proof omitted)

So wait, we've got a single coherent mathematical theory that
describes 
not just numbers like arithmetic, but big complicated objects like 
Rubik's cubes.

When considering a mathematical concept, one of the very first things 
mathematicians -- and every cryptographer is a mathematician -- ask
is, 
"does this thing form a group?" Because if so, wow, you can do the 
mathematical equivalent of running off to look at CPAN to see all the 
stuff people have *already proved about your problem* just by nature
of 
the fact it's a group.

The moment you say "oh, it's a group," you have something like 3,500 
major results in mathematics pre-proven for your problem. Answer four 
questions, get 3,500 theorems about your problem. That is
*breathtaking* 
power.

For instance, with respect to layering ciphers: there's a theorem
which 
says "if your cipher is a group, nope, you're fooling yourself." You
can 
prove ROT is a group (go ahead: try to prove it yourself!), so we know

layering is ineffective.

=====

Another good reason to study group theory: it is the foundation of
RSA, 
Diffie-Hellman, DSA, and Elgamal, including elliptical curve variants.

All of those algorithms are based on the "hidden subgroup problem", 
which, as you might guess from the name, is a part of group theory
best 
described with tools from group theory.

=====

If you're interested, MIT makes their entire abstract algebra
curriculum 
("abstract algebra" being the branch of math that contains group
theory) 
available via their Open CourseWare site:

https://ocw.mit.edu/courses/18-703-modern-algebra-spring-2013/pages/lecture-notes/

It will be hard. It will challenge you. But if you can understand the 
basics of group theory, you will have in your mathematical repertoire 
the equivalent of Perl and a copy of the Camel book. It is powerful,
it 
is useful, and it's there for the taking.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251021/db45f0bd/attachment-0001.html>

From rjh at sixdemonbag.org  Tue Oct 21 23:33:45 2025
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 21 Oct 2025 17:33:45 -0400
Subject: Cryptography 101
In-Reply-To: <aPezgy4fb1I7Bpus@johnslap>
References: <adf23b34-5acd-47bf-917c-103526d1a221@sixdemonbag.org>
 <aPezgy4fb1I7Bpus@johnslap>
Message-ID: <791ad1c4-2ccd-4b92-8e3b-baf086989da1@sixdemonbag.org>

> According to my own experience, I strongly believe that advanced math
> studies would be an essential thing for any sweng to engage in.

I'm of the opinion that computer science is horribly misnamed. Imagine 
if we described astrophysics, optics, opticians (lens-grinders), and 
astrologers all with the same term. That's what we do for computer science.

There are a lot of astrologers in the field. I don't like that, but it's 
the reality. You can get good work as an astrologer. Someone will always 
be willing to hire you, and you don't need hardly any math.

But the more you want to climb out of the astrology ghetto, the more 
you'll need math. Computational theory, type theory, group theory, and 
statistics have all been quite useful in my career.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251021/c6aa74ac/attachment.sig>

From wk at gnupg.org  Wed Oct 22 16:20:04 2025
From: wk at gnupg.org (Werner Koch)
Date: Wed, 22 Oct 2025 16:20:04 +0200
Subject: [Announce] GnuPG 2.5.13 released
Message-ID: <874irruigb.fsf@jacob.g10code.de>

Hello!

We are pleased to announce the availability of a new GnuPG release:
Version 2.5.13.  This release adds new features and fixes a couple of
bugs.

Note that this 2.5 series is fully supported and thus ready for
production use.  This means we won't break anything but may add some
more features before 2.6.

The main features in the 2.5 and 2.6 series are improvements for 64 bit
Windows and the introduction of Kyber (aka ML-KEM or FIPS-203) as PQC
encryption algorithm.  Other than PQC support the 2.6 series will not
differ a lot from 2.4 because the majority of changes are internal to
make use of newer features from the supporting libraries.  Please be
aware that the 2.4 series will reach end of life in June next of year.


What is GnuPG
=============

The GNU Privacy Guard (GnuPG, GPG) is a complete and free implementation
of the OpenPGP and S/MIME standards.

GnuPG allows to encrypt and sign data and communication, features a
versatile key management system as well as access modules for public key
directories.  GnuPG itself is a command line tool with features for easy
integration with other applications.  The separate library GPGME provides
a uniform API to use the GnuPG engine by software written in common
programming languages.  A wealth of frontend applications and libraries
making use of GnuPG are available.  As an universal crypto engine GnuPG
provides support for S/MIME and Secure Shell in addition to OpenPGP.

GnuPG is Free Software (meaning that it respects your freedom).  It can
be freely used, modified and distributed under the terms of the GNU
General Public License.


Noteworthy changes in version 2.5.13 (2025-10-22)
=================================================
         [compared to version 2.5.12]

  * gpg: Fix de-vs compliance with OCB and additional password.
    [T7804]

  * gpg: Detect duplicate keys with --add-recipients.  [T1825]

  * gpg: Take care about the prefix for cv25519 encryption.  [T7649]

  * gpg: Avoid potential downgrade to SHA1 in 3rd party key
    signatures.  [rGdb9705ef59]

  * gpg: Error out on unverified output for non-detached signatures.
    [rG8abc320f2a]

  * gpgsm: Use KEM interface for en- and decryption.  [T7811,T7845]

  * gpgsm: Fix delete and store certificate locking glitches.  [T7855]

  * gpg,gpgsm: Run keybox compression only when there are no other
    users.  [T7855]

  * gpg,gpgsm: Improve keybox closing and locking order on read and
    write.  [T7855]

  * gpg,gpgsm: Always use share mode read-write for the keybox file
    access.  [T7829]

  * scd:openpgp: Fix an oddity in changing the PIN.  [T7840]

  * dirmngr: New LDAP keyserver flag "upload".  [T7866]

  * agent: Retry private key deletion in case of sharing violations
    for up to 400ms.  [T7863]

  * Take care of a possible race on daemon startup under Windows.
    [T7829]

  * Improve file renaming on Windows in case of a sharing violation
    error.  [T7829]

  Release-info: https://dev.gnupg.org/T7801


Getting the Software
====================

Please follow the instructions found at <https://gnupg.org/download/> or
read on:

GnuPG may be downloaded from one of the GnuPG mirror sites or direct
from its primary file server.  The list of mirrors can be found at
<https://gnupg.org/download/mirrors.html>.  Note that GnuPG is not
available at ftp.gnu.org.

The GnuPG source code compressed using BZIP2 and its OpenPGP signature
are available here:

 https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.5.13.tar.bz2 (8035k)
 https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.5.13.tar.bz2.sig

An installer for Windows without any graphical frontend except for a
very minimal Pinentry tool is available here:

 https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.5.13_20251022.exe (5534k)
 https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.5.13_20251022.exe.sig

The source used to build this installer for 64-bit Windows is available as

 https://gnupg.org/ftp/gcrypt/gnupg/gnupg-w32-2.5.13_20251022.tar.xz (15M)
 https://gnupg.org/ftp/gcrypt/gnupg/gnupg-w32-2.5.13_20251022.tar.xz.sig

This source tarball may also be used to download all required libraries
at once to build a Unix version on any modern system.  See the included
README.


Debian Packages
===============

We also provide Debian style packages for a couple of Debian variants.
See https://repos.gnupg.org/deb/gnupg/bookworm-devel/ or use the menu to
switch to other distros/releases.  If you encounter packaging problems
please report them to the gnupg-devel mailing list.  Using the -devel
versions is suggested.


Windows Installer
=================

A new beta version of Gpg4win, our full featured Windows installer,
including this version of GnuPG, the Kleopatra GUI, and a PDF reader has
also been released.  Head over to https://gpg4win.org/version5.html


Checking the Integrity
======================

In order to check that the version of GnuPG which you are going to
install is an original and unmodified one, you can do it in one of
the following ways:

 * If you already have a version of GnuPG installed, you can simply
   verify the supplied signature.  For example to verify the signature
   of the file gnupg-2.5.13.tar.bz2 you would use this command:

     gpg --verify gnupg-2.5.13.tar.bz2.sig gnupg-2.5.13.tar.bz2

   This checks whether the signature file matches the source file.
   You should see a message indicating that the signature is good and
   made by one or more of the release signing keys.  Make sure that
   this is a valid key, either by matching the shown fingerprint
   against a trustworthy list of valid release signing keys or by
   checking that the key has been signed by trustworthy other keys.
   See the end of this mail for information on the signing keys.

 * If you are not able to use an existing version of GnuPG, you have
   to verify the SHA-1 checksum.  On Unix systems the command to do
   this is either "sha1sum" or "shasum".  Assuming you downloaded the
   file gnupg-2.5.13.tar.bz2, you run the command like this:

     sha1sum gnupg-2.5.13.tar.bz2

   and check that the output matches the next line:

37044ada2ba33bfdd32035ac9f0b91a69162b4ee  gnupg-2.5.13.tar.bz2
57b58ef55e114a8a847d05773bdfe577876f2981  gnupg-w32-2.5.13_20251022.tar.xz
48524f5211ce3859f223dcd7d0593aea000e2aa0  gnupg-w32-2.5.13_20251022.exe
bf423f18545e5ef7744d7f531b86615edac92cc9  gpg4win-5.0.0-beta395.exe
7601a54f6da31136273945256e0ed460a0ea2e45  gpg4win-5.0.0-beta395.tar.xz


Internationalization
====================

This version of GnuPG has support for 26 languages with Chinese
(traditional and simplified), Czech, Dutch, French, German, Italian,
Japanese, Norwegian, Polish, Portuguese, Russian, Turkish, and Ukrainian
being almost completely translated.


Documentation and Support
=========================

The file gnupg.info has the complete reference manual of the system.
Separate man pages are included as well but they miss some of the
details available only in the manual.  The manual is also available
online at

  https://gnupg.org/documentation/manuals/gnupg/

or can be downloaded as PDF at

  https://gnupg.org/documentation/manuals/gnupg.pdf

You may also want to search the GnuPG mailing list archives or ask on
the gnupg-users mailing list for advise on how to solve problems.  Most
of the new features are around for several years and thus enough public
experience is available.  https://wiki.gnupg.org has user contributed
information around GnuPG and relate software.

In case of build problems specific to this release please first check
https://dev.gnupg.org/T7801 for updated information.

Please consult the archive of the gnupg-users mailing list before
reporting a bug: https://gnupg.org/documentation/mailing-lists.html.
We suggest to send bug reports for a new release to this list in favor
of filing a bug at https://bugs.gnupg.org.  If you need commercial
support go to https://gnupg.com or https://gnupg.org/service.html.

If you are a developer and you need a certain feature for your project,
please do not hesitate to bring it to the gnupg-devel mailing list for
discussion.


Thanks
======

Since 2001 maintenance and development of GnuPG is done by g10 Code GmbH
and has mostly been financed by donations.  A team of full-time employed
developers and contractors are working exclusively on GnuPG and related
software like Libgcrypt, GPGME, Kleopatra, Okular, and Gpg4win.

Fortunately, and this is still not common with free software, we have
established a way of financing the development while keeping all our
software free and freely available for everyone.  Our model is similar
to the way RedHat manages RHEL and Fedora: Except for the actual binary
of the MSI installer for Windows and client specific configuration
files, all the software is available under the GNU GPL and other Open
Source licenses.  Thus customers may even build and distribute their own
version of the software as long as they do not use our trademarks
GnuPG Desktop? or GnuPG VS-Desktop?.

We like to thank all the nice people who are helping the GnuPG project,
be it testing, coding, translating, suggesting, auditing, administering
the servers, spreading the word, answering questions on the mailing
lists, or helped with donations.

*Thank you all*

   Your GnuPG hackers


p.s.
This is an announcement only mailing list.  Please send replies only to
the gnupg-users at gnupg.org mailing list.

* List of Release Signing Keys:
  To guarantee that a downloaded GnuPG version has not been tampered by
  malicious entities we provide signature files for all tarballs and
  binary versions.  The keys are also signed by the long term keys of
  their respective owners.  Current releases are signed by one or more
  of these four keys:

    ed25519 2020-08-24 [SC] [expires: 2030-06-30]
    6DAA 6E64 A76D 2840 571B  4902 5288 97B8 2640 3ADA
    Werner Koch (dist signing 2020)
  
    ed25519 2021-05-19 [SC] [expires: 2027-04-04]
    AC8E 115B F73E 2D8D 47FA  9908 E98E 9B2D 19C6 C8BD
    Niibe Yutaka (GnuPG Release Key)
  
    rsa3072 2025-05-09 [SC] [expires: 2033-03-03]
    3B76 1AE4 E63B F351 9CE7  D63B ECB6 64CB E133 2EEF
    Alexander Kulbartsch (GnuPG Release Key)
  
    brainpoolP256r1 2021-10-15 [SC] [expires: 2029-12-31]
    02F3 8DFF 731F F97C B039  A1DA 549E 695E 905B A208
    GnuPG.com (Release Signing Key 2021)

  The keys are available at https://gnupg.org/signature_key.html and in
  any recently released GnuPG tarball in the file g10/distsigkey.gpg .
  Note that this mail has been signed by a different key.

* Debian Package Signing Key:
  The new Debian style packages are signed using this key:

  ed25519 2025-07-08 [SC] [expires: 2035-07-14]
  3209 7B71 9B37 45D6 E61D DA1B 85C4 5AE3 E1A2 B355
  GnuPG.org Package Signing Key <package-maintainers at gnupg.org>

  See the package website (https://repos.gnupg.org/deb/gnupg) for a list
  of supported distributions and a download link for the key.

-- 
Arguing that you don't care about the right to privacy because you have
nothing to hide is no different from saying you don't care about free
speech because you have nothing to say.                - Edward Snowden
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 284 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251022/1f26fa31/attachment.sig>
-------------- next part --------------
_______________________________________________
Gnupg-announce mailing list
Gnupg-announce at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce