From mario.afa@usa.net Sun Apr 2 16:05:18 2000 From: mario.afa@usa.net (Mario Perez) Date: 2 Apr 00 16:05:18 MET DST Subject: unsubscribe Message-ID: <20000402140518.13946.qmail@nwcst279.netaddress.usa.net>

Get free email and a permanent address at http://www.netaddress.com From rabbi@quickie.net Sat Apr 1 00:35:30 2000 From: rabbi@quickie.net (L. Sassaman) Date: Fri, 31 Mar 2000 16:35:30 -0800 (PST) Subject: unsuported key algorithm? In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 1 Apr 2000, Johan Lundberg wrote: [snip] > Is this an RSA key, and if it is, how do i use the --load-extension and > rsa-keys? Where can I get the extensions? Yep, you're right, it is RSA. You should have the owner self-sign it, and set --load-extension rsa and --load-extension idea in the config file. Get the modules under contrib in the pub ftp server on ftp.gnupg.org... follow compile instructions in the source. > this is what i find in the handbook: > > load-extension object-file > Description: > Elaborate. Yes, the manual is missing a lot. I had offered to complete it if I could have the rights to reprint it as an appendix to my upcoming book, but it looks like by doing so I will need to release my book under GPL. Which I won't do... - --Len. __ L. Sassaman System Administrator | "All of the chaos Technology Consultant | Makes perfect sense..." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Joe Diffie -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1d (GNU/Linux) Comment: OpenPGP Encrypted Email Preferred. iD8DBQE45URZPYrxsgmsCmoRAvwDAKCwyzU9toZUsjZSFuGtStcAHBajwgCgtLCZ HCJ8Djz96A6YWQFVYVvfhHQ= =vXHB -----END PGP SIGNATURE----- From rabbi@quickie.net Sat Apr 1 02:10:15 2000 From: rabbi@quickie.net (L. Sassaman) Date: Fri, 31 Mar 2000 18:10:15 -0800 (PST) Subject: unsuported key algorithm? In-Reply-To: <20000401024505.C6480@bandon.nmrc.ucc.ie> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 1 Apr 2000, Lars Hecking wrote: > > > Yes, the manual is missing a lot. I had offered to complete it if I could > > have the rights to reprint it as an appendix to my upcoming book, but it > > looks like by doing so I will need to release my book under GPL. Which I > > won't do... > > Licence wars aside, post your addendum here and we'll look at it. Well, that's my point. I am either going to fill in the blanks in the GPH, or write my own "guide to GnuPG" for the book, not both... so I would need to be granted the rights to reprint part (I'm only interested in reprinting the commands/options/usage half) of the GPH before I actually spent the time working on it, since I am behind schedule as it is. > I am not sure how the GPL would apply to books, but I'm quite certain > that a way [ not involving lia^H^Hawyers ] can be found to accomodate > your situation. Hopefully. Lawyers are irrelevent, however. If Mike doesn't want me reprinting what he's written, I am not going to do it. - --Len. __ L. Sassaman System Administrator | "All of the chaos Technology Consultant | Makes perfect sense..." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Joe Diffie -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1d (GNU/Linux) Comment: OpenPGP Encrypted Email Preferred. iD8DBQE45VqNPYrxsgmsCmoRAneXAKCjAr2oxu9+bYS6P0nQWhJUo528lQCdFgQg f0HNFAtVHtH+NbQ+hOLMhps= =6QUh -----END PGP SIGNATURE----- From lhecking@nmrc.ucc.ie Sat Apr 1 01:45:05 2000 From: lhecking@nmrc.ucc.ie (Lars Hecking) Date: Sat, 1 Apr 2000 02:45:05 +0100 Subject: unsuported key algorithm? In-Reply-To: ; from rabbi@quickie.net on Fri, Mar 31, 2000 at 04:35:30PM -0800 References:

Message-ID: <20000401024505.C6480@bandon.nmrc.ucc.ie> > Yes, the manual is missing a lot. I had offered to complete it if I could > have the rights to reprint it as an appendix to my upcoming book, but it > looks like by doing so I will need to release my book under GPL. Which I > won't do... Licence wars aside, post your addendum here and we'll look at it. I am not sure how the GPL would apply to books, but I'm quite certain that a way [ not involving lia^H^Hawyers ] can be found to accomodate your situation. -- A bachelor is a selfish, undeserving guy who has cheated some woman out of a divorce. -- Don Quinn From rguyom@mail.dotcom.fr Sat Apr 1 04:33:08 2000 From: rguyom@mail.dotcom.fr (=?iso-8859-1?Q?R=E9mi_Guyomarch?=) Date: Sat, 1 Apr 2000 06:33:08 +0200 Subject: Collecting entropy? In-Reply-To: <3.0.6.32.20000331140619.00aa3670@home.factcomm.co.jp>; from darren@factcomm.co.jp on Fri, Mar 31, 2000 at 02:06:19PM +0000 References: <3.0.6.32.20000331124148.00b7a340@home.factcomm.co.jp> <3.0.6.32.20000331140619.00aa3670@home.factcomm.co.jp> Message-ID: <20000401063308.A19303@pingoo.ifn.fr> On Fri, Mar 31, 2000 at 02:06:19PM +0000, Darren Cook wrote: > At 22:51 00/03/30 -0600, Marius Strom wrote: > >BSD machine: > >in /etc/defaults/rc.conf, set rand_irqs=" >used>" > > > >It defaults to keyboard controller, IIRC, which is not helpful on a > >headless terminal. > > > >I use the IRQ of my disk controller, then run a find / creates wonderful > >entropy. =] > > Thanks (and to L. Sassaman). > > Looking at that file I see: > rand_irqs="NO" # Stir the entropy pool (like "5 11" or NO). > > Any suggestions what to do here (assuming the ISP is unwilling to change > that file and reboot their server)? Is it reasonable to create the keys on > my linux machine then upload them? > > Darren hmm, just my Euro 0.02: On FreeBSD you don't have to reboot your machine to change the IRQs used. Just do, as root : rndcontrol -s 15 rndcontrol -s 14 to add the IDE/ATAPI IRQs if they are used. Replace with your SCSI card IRQ if you have SCSI instead. I don't know if it's really secure to add a network card IRQ there. On OpenBSD, you simply can't add or remove entropy sources. At least it doesn't seems obvious to me while I was browsing man pages on www.openbsd.org. From homega@ciberia.es (Horacio) Sat Apr 1 10:38:14 2000 From: homega@ciberia.es (Horacio) (Horacio MG) Date: Sat, 1 Apr 2000 12:38:14 +0200 Subject: unsuported key algorithm? In-Reply-To: ; from rabbi@quickie.net on Fri, Mar 31, 2000 at 06:10:15PM -0800 References: <20000401024505.C6480@bandon.nmrc.ucc.ie> Message-ID: <20000401123814.A493@ciberia.es> El vie, 31 de mar de 2000, a las 06:10:15 -0800, L. Sassaman dijo: > On Sat, 1 Apr 2000, Lars Hecking wrote: > > > > > > Yes, the manual is missing a lot. I had offered to complete it if I could > > > have the rights to reprint it as an appendix to my upcoming book, but it > > > looks like by doing so I will need to release my book under GPL. Which I > > > won't do... The manual is missing a lot just because it is being developed (written) on a volunteer contribution basis. Give it time and it will become a more complete handbook or reference book. > > Licence wars aside, post your addendum here and we'll look at it. Which is to say, make your contribution available. > Well, that's my point. I am either going to fill in the blanks in the GPH, > or write my own "guide to GnuPG" for the book, not both... so I would need > to be granted the rights to reprint part (I'm only interested in > reprinting the commands/options/usage half) of the GPH before I actually > spent the time working on it, since I am behind schedule as it is. I hope you don't mind me asking but, what kind of licencing do you have in mind for the book? Regards, -- Horacio Anno MMDCCLIII aUC mailto:homega@ciberia.es ~Spain ~Spanje ~Spanien -------------------------------------------------------------------- Key fingerprint = F4EE AE5E 2F01 0DB3 62F2 A9F4 AD31 7093 4233 7AE6 From rabbi@quickie.net Sat Apr 1 09:53:51 2000 From: rabbi@quickie.net (L. Sassaman) Date: Sat, 1 Apr 2000 01:53:51 -0800 (PST) Subject: unsuported key algorithm? In-Reply-To: <20000401123814.A493@ciberia.es> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 1 Apr 2000, Horacio MG wrote: > The manual is missing a lot just because it is being developed (written) > on a volunteer contribution basis. Give it time and it will become a > more complete handbook or reference book. Right. And I offered to finish it. > Which is to say, make your contribution available. Surely. If I were to contribute, I would make the contribution available. > I hope you don't mind me asking but, what kind of licencing do you have > in mind for the book? A standard copyright, as with all published books. I don't see how the GPL fits in with the book publishing world... - --Len. __ L. Sassaman System Administrator | "All of the chaos Technology Consultant | Makes perfect sense..." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Joe Diffie -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1d (GNU/Linux) Comment: OpenPGP Encrypted Email Preferred. iD8DBQE45cc5PYrxsgmsCmoRAmEUAKDZr8M1+KJQshwxn8TQgcl6+Sh7cQCgxsMZ kEXdwvVyHaKm/faw45lwuLw= =1IQh -----END PGP SIGNATURE----- From gammapi@newsguy.com Sat Apr 1 10:01:34 2000 From: gammapi@newsguy.com (Gamma Pi) Date: Sat, 1 Apr 2000 12:01:34 +0200 Subject: Windows port? In-Reply-To: Message-ID: I have seen that a MS Windows port available as executable. Is the source also available? What is the build environment on MS Windows? Thanks. From homega@ciberia.es (Horacio) Sat Apr 1 11:36:59 2000 From: homega@ciberia.es (Horacio) (Horacio MG) Date: Sat, 1 Apr 2000 13:36:59 +0200 Subject: unsuported key algorithm? In-Reply-To: ; from rabbi@quickie.net on Sat, Apr 01, 2000 at 01:53:51AM -0800 References: <20000401123814.A493@ciberia.es> Message-ID: <20000401133659.A738@ciberia.es> El sáb, 01 de abr de 2000, a las 01:53:51 -0800, L. Sassaman dijo: > On Sat, 1 Apr 2000, Horacio MG wrote: > > > The manual is missing a lot just because it is being developed > > (written) on a volunteer contribution basis. Give it time and it > > will become a more complete handbook or reference book. > > Right. And I offered to finish it. IMHO, even if GnuPG is an already stable system, there's still lots of development in the make for having a `finished' book/guide done. Adding more information will help for a more complete handbook, but may be a bit too early to have a "definitive book". Just IMHO. > Surely. If I were to contribute, I would make the contribution > available. Good, go ahead then and post to the GnuPG Doc List then. The list I believe it was recently setup for this purpose and has been pretty inactive so far. > > I hope you don't mind me asking but, what kind of licencing do you > > have in mind for the book? > > A standard copyright, as with all published books. I don't see how the > GPL fits in with the book publishing world... Agreed with the GPL part of it. I just wondered if you would make it available in a similar fashion as the cvsbook (say both in print and some online version of it). -- Horacio Anno MMDCCLIII aUC mailto:homega@ciberia.es ~Spain ~Spanje ~Spanien -------------------------------------------------------------------- Key fingerprint = F4EE AE5E 2F01 0DB3 62F2 A9F4 AD31 7093 4233 7AE6 From rabbi@quickie.net Sat Apr 1 10:49:31 2000 From: rabbi@quickie.net (L. Sassaman) Date: Sat, 1 Apr 2000 02:49:31 -0800 (PST) Subject: unsuported key algorithm? In-Reply-To: <20000401133659.A738@ciberia.es> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 1 Apr 2000, Horacio MG wrote: > IMHO, even if GnuPG is an already stable system, there's still lots of > development in the make for having a `finished' book/guide done. Adding > more information will help for a more complete handbook, but may be a > bit too early to have a "definitive book". Just IMHO. True. As Werner adds new features, new features would need to be documented. > > Surely. If I were to contribute, I would make the contribution > > available. > > Good, go ahead then and post to the GnuPG Doc List > then. The list I believe it was recently setup for this purpose and has > been pretty inactive so far. As I said, that's an "if." If I am unable to use the GPH as an apendix in my book, I will instead concentrate on a GnuPG usage guide for inclusion in the book. > > A standard copyright, as with all published books. I don't see how the > > GPL fits in with the book publishing world... > > Agreed with the GPL part of it. I just wondered if you would make it > available in a similar fashion as the cvsbook (say both in print and > some online version of it). That's really up to my publisher. I have no plans to do so at this time. Though you'll be able to buy it from Amazon. ;) __ L. Sassaman System Administrator | "All of the chaos Technology Consultant | Makes perfect sense..." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Joe Diffie -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1d (GNU/Linux) Comment: OpenPGP Encrypted Email Preferred. iD8DBQE45dRBPYrxsgmsCmoRAiT5AJ9cPk22cFlB4P7oicgtxldpfLh4SwCfbbET ziBDo7TLAVUrVl6N0Ssoziw= =1RIq -----END PGP SIGNATURE----- From jashley@acm.org Sat Apr 1 11:57:46 2000 From: jashley@acm.org (J. Michael Ashley) Date: Sat, 1 Apr 2000 06:57:46 -0500 (EST) Subject: unsuported key algorithm? In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 31 Mar 2000, L. Sassaman wrote: > > I am not sure how the GPL would apply to books, but I'm quite certain > > that a way [ not involving lia^H^Hawyers ] can be found to accomodate > > your situation. > > Hopefully. Lawyers are irrelevent, however. If Mike doesn't want me > reprinting what he's written, I am not going to do it. In this case, what I want is irrelevant, since it's the GPL (at least, my interpretation of it) that is restricting Len's reuse of the GnuPG manual. Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjjl5EAACgkQBwMqlokEyOKsnACfT+Zd9p7nd1JUzXGGzgNUQXpU 16gAnRuLH1genwOlWcrYKpiOCQzm5q6c =SUHz -----END PGP SIGNATURE----- From jashley@acm.org Sat Apr 1 12:01:15 2000 From: jashley@acm.org (J. Michael Ashley) Date: Sat, 1 Apr 2000 07:01:15 -0500 (EST) Subject: unsuported key algorithm? In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 1 Apr 2000, Johan Lundberg wrote: > I keep getting this kind of problems, hope someone can help me out: > > gpg: requesting key from finland.keyserver.net ... > gpg: key : unsupported public key algorithm > gpg: key something>: no valid user IDs > gpg: this may be caused by a missing self-signature > gpg: Total number processed: 1 > gpg: w/o user IDs: 1 > > Then I tried with the --allow-non-selfsigned-uid (I know thats not great, > but I'm just testing this) > > but then i get: > > gpg: requesting key from finland.keyserver.net ... > gpg: key : unsupported public key algorithm > gpg: key : accepted non self-signed user ID '(some key ) > ' > gpg: key : public key imported > gpg: Total number processed: 1 > gpg: imported: 1 (RSA: 1) > > and when I do > echo testing|gpg -er 8F0E6845 > > i get: > gpg: 8F0E6845: skipped: unknown pubkey algorithm > gpg: [stdin]: encryption failed: unknown pubkey algorithm > > Is this an RSA key, and if it is, how do i use the --load-extension and > rsa-keys? Where can I get the extensions? The is described in detail, with step-by-step procedures to make it all work, in the document "Replacing PGP 2.x with GnuPG", available from http://www.gnupg.org/gph/index.html Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjjl5Q8ACgkQBwMqlokEyOLbDQCcCAe5NA7wQhFV6K9LZAGJKJIG R+UAnR9mCyK4icrQDMf4oWNAIJPcNDnC =6lha -----END PGP SIGNATURE----- From wk@gnupg.org Sat Apr 1 12:55:38 2000 From: wk@gnupg.org (Werner Koch) Date: Sat, 1 Apr 2000 14:55:38 +0200 Subject: Windows port? In-Reply-To: ; from gammapi@newsguy.com on Sat, Apr 01, 2000 at 12:01:34PM +0200 References: Message-ID: <20000401145538.D32196@djebel.gnupg.de> On Sat, 1 Apr 2000, Gamma Pi wrote: > I have seen that a MS Windows port available as executable. Is the source > also available? What is the build environment on MS Windows? Thanks. Read the README.W32 file. A new version of the toolkit is available at the address given in that file. -- Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 465357 Birkenstr. 12 email info@openit.de D-40233 Düsseldorf http://www.openit.de From bgalbraith@penguinpowered.com Sat Apr 1 13:59:31 2000 From: bgalbraith@penguinpowered.com (Brian Galbraith) Date: Sat, 01 Apr 2000 14:59:31 +0100 (BST) Subject: unsuported key algorithm? In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01-Apr-2000 L. Sassaman wrote: > A standard copyright, as with all published books. I don't see how the > GPL > fits in with the book publishing world... > > > - --Len. > I am inclined to agree....O'Reilly have recently published a Guide to Debian Gnu/Linux, and they are considered to be the ultimate in GPL practices (Debian that is) The distribution I believe is an integral part of the Publication....so how did they marry the two? I for one would be very interested in a hard copy manual, and hope you succeed. Brian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1d (GNU/Linux) Comment: Digital Signatures Verify Author and Unaltered Content iD8DBQE45fpfEPpEmWPrp2URAkJjAKCQH9GQaEeMWE/8A/lM33sebHBujQCfTRjt TzV9vZ7Ep7m0fi6yv2qqXg0= =IyzO -----END PGP SIGNATURE----- From matt@perthweb.net.au Sun Apr 2 13:47:25 2000 From: matt@perthweb.net.au (Matt Price) Date: Sun, 02 Apr 2000 21:47:25 +0800 Subject: unsubscribe In-Reply-To: References: Message-ID:
______________________________________________________
Matt Price - Managing Director - PerthWeb Pty Ltd
Internet Solutions for your business!
Level 10/105 St George's Tc - Perth - Western Australia
Ph: (08) 9226 1366 Fax: (08) 9226 1375 Mobile : 0419 949 007
Visit Perth online! : www.perthweb.net.au
From warner@lothar.com Mon Apr 3 07:57:48 2000 From: warner@lothar.com (Brian Warner) Date: 3 Apr 2000 07:57:48 -0000 Subject: EGD-0.7 released (important security fix) Message-ID: <20000403075748.19974.qmail@luther.lothar.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Howdy all. I've just released version 0.7 ("the Brown Paper Bag" release) of EGD. The Entropy Gathering Daemon is primarily intended as a source of randomness for GnuPG, for use on systems which lack a /dev/random device. version 0.6, which has been available for about 8 months, had a serious and embarrasing bug in which the gathered random data (the output from 'vmstat' and other programs) was not properly fed into the entropy pool. The resulting data stream would have been hard to predict (it was still influenced by the timing and quantity of program output), but had far far less entropy than it claimed to provide. Many thanks to Brian Carrier for spotting the problem. Other changes: Fix handling of relative socket names. Thanks to Gerard Kok. Added lsof to gatherer list. thanks to Jack Lloyd. Added self-tests. 'make test' should be useful now. Fix "should we build SHA?" tests, works much better now. Send all debug, usage, and diagnostic output to STDERR instead. This helps egd run in scripts with GPG better (doesn't interfere with pipelines as much). EGD is available from: (signature) For futher notes and updates, see . Bug reports and patches are always welcome at warner@lothar.com . Share and Enjoy, and my humblest apologies for that egregious bug.. -Brian warner@lothar.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.5 and Gnu Privacy Guard iD8DBQE46E6gkDmgv9E5zEwRAqcPAKDD0NtuyLmHsHcnLYfFnr4ER+BkXwCg679D 0Wc8fZ3Afhao4AIMqg6mnjM= =OSPi -----END PGP SIGNATURE----- From vmas@servicom2000.es Mon Apr 3 10:40:32 2000 From: vmas@servicom2000.es (V+) Date: Mon, 3 Apr 2000 12:40:32 +0200 (MEST) Subject: Q: compiling GNUPG for Win Message-ID: Hi, I've done some changes in the source code of GNUPG for Windows and now I'm trying to check if it works but I don't know how to compile the code. Can anybody help me please? -- _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ _/ _/ _/ _/ Vicente Mas _/ _/ _/ Dpto. Técnico, Servicom 2000 _/ _/ _/ e-mail: vmas@servicom2000.es _/ Share what you know. _/ _/ Tel: +34963618776 _/ Learn what you don't _/ _/ Fax: +34963605508 _/ _/ _/ _/ _/ _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ From wk@gnupg.org Mon Apr 3 11:02:05 2000 From: wk@gnupg.org (Werner Koch) Date: Mon, 3 Apr 2000 13:02:05 +0200 Subject: Q: compiling GNUPG for Win In-Reply-To: ; from vmas@servicom2000.es on Mon, Apr 03, 2000 at 12:40:32PM +0200 References: Message-ID: <20000403130205.F16834@djebel.gnupg.de> On Mon, 3 Apr 2000, V+ wrote: > I've done some changes in the source code of GNUPG for Windows and now I'm > trying to check if it works but I don't know how to compile the code. > Can anybody help me please? RTFM: less doc/README.W32 -- Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 465357 Birkenstr. 12 email info@openit.de D-40233 Düsseldorf http://www.openit.de From matt.mozur@sourwood.net Mon Apr 3 12:42:54 2000 From: matt.mozur@sourwood.net (Matt Mozur) Date: Mon, 03 Apr 2000 08:42:54 -0400 Subject: unsuported key algorithm? References: Message-ID: <38E891CE.7B5574C2@sourwood.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "L. Sassaman" wrote: > > A standard copyright, as with all published books. I don't see how the GPL > fits in with the book publishing world... > GNU has released a new license for documents, called GFDL (GNU Free Documentation License) you can get it at http://www.gnu.org/copyleft/fdl.html HTH Matt - -- My PGP public key ID: 0x727422b9 ( 1024-bit DSA ) -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.1 Comment: Made with Geheimnis iQA/AwUBOOiDPNq+l4JydCK5EQJ6KwCg/pbhMQPHnfe9y8zFrKVmnSzhomkAniMp hBxvw7Mt4Uxwx3M50n86OnpK =D0j1 -----END PGP SIGNATURE----- From rabbi@quickie.net Mon Apr 3 12:49:31 2000 From: rabbi@quickie.net (L. Sassaman) Date: Mon, 3 Apr 2000 05:49:31 -0700 (PDT) Subject: unsuported key algorithm? In-Reply-To: <38E891CE.7B5574C2@sourwood.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I think this has become far off the topic of GnuPG. Werner, feel free to declare this topic dead if you so choose. :) I'm wondering about section 7: Aggregation with independent works... does this mean that, if the GPH were released under the GFDL, that it could be reprinted as part of a whole, without the whole being released under the provisions of the GFDL? I think so... - --Len. On Mon, 3 Apr 2000, Matt Mozur wrote: > -----BEGIN PGPENVELOPE PROCESSED MESSAGE----- > > "L. Sassaman" wrote: > > > > A standard copyright, as with all published books. I don't see how the GPL > > fits in with the book publishing world... > > > > GNU has released a new license for documents, called GFDL (GNU > Free > Documentation License) > > you can get it at http://www.gnu.org/copyleft/fdl.html > > HTH > > Matt > -- > My PGP public key ID: 0x727422b9 ( 1024-bit DSA ) > > -----BEGIN PGPENVELOPE INFORMATION----- > > gpg: Signature made Mon Apr 3 04:40:44 2000 PDT using DSA key ID 727422B9 > gpg: requesting key 727422B9 from horowitz.surfnet.nl ... > gpg: BAD signature from "Matt Mozur " > > -----END PGPENVELOPE INFORMATION----- > __ L. Sassaman System Administrator | "All of the chaos Technology Consultant | Makes perfect sense..." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Joe Diffie -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1d (GNU/Linux) Comment: OpenPGP Encrypted Email Preferred. iD8DBQE46JNiPYrxsgmsCmoRAnUrAJwI+ZWeJkYbn4+UajPPWKvjxKMN5QCg5syJ qm2UZOxv8WAA1gWPU+GGtSE= =DFco -----END PGP SIGNATURE----- From mark@neurosis.net Mon Apr 3 17:45:49 2000 From: mark@neurosis.net (Mark Luntzel) Date: Mon, 3 Apr 2000 10:45:49 -0700 Subject: unsubscribe In-Reply-To: <20000402140518.13946.qmail@nwcst279.netaddress.usa.net>; from mario.afa@usa.net on Sun, Apr 02, 2000 at 04:05:18PM +0200 References: <20000402140518.13946.qmail@nwcst279.netaddress.usa.net> Message-ID: <20000403104549.A23965@severe.neurosis.net> :0 * ^Subject: .*unsubscribe.* get-a-clue On Sun, Apr 02, 2000 at 04:05:18PM +0200, Mario Perez chortled: > > _______________________________________________________________ > > Get free email and a permanent address at [1]http://www.netaddress.com > > References > > 1. http://www.netaddress.com/?N=1 From bgalbraith@penguinpowered.com Mon Apr 3 19:40:33 2000 From: bgalbraith@penguinpowered.com (Brian Galbraith) Date: Mon, 03 Apr 2000 20:40:33 +0100 (BST) Subject: GnuPG and Kmail Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I posted this several months ago...but never received any replies. Has anyone managed to integrate GnuPG and Kmail...and if so how? Regards Brian - ---------------------------------- E-Mail: Brian Galbraith Date: 03-Apr-2000 Time: 20:36:10 Sign Only Key 0x6A6DFEFB Default Key 0x63EBA765 (DH/DSA) PGP Keys from http://www.freedomhound.com/pgp/en/ - ---------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1d (GNU/Linux) Comment: Digital Signatures Verify Author and Unaltered Content iD8DBQE46PKyEPpEmWPrp2URApNDAKC3u6Aj+ebN+ploySzvQfkz3le7TwCfRUVH bZTCIsov8Ad0K95RZIIjuc0= =7tQQ -----END PGP SIGNATURE----- From johanw@vulcan.xs4all.nl Mon Apr 3 21:00:53 2000 From: johanw@vulcan.xs4all.nl (Johan Wevers) Date: Mon, 3 Apr 2000 23:00:53 +0200 (MET DST) Subject: Extra dashes when crearsigning a file? Message-ID: <200004032100.XAA10266@vulcan.xs4all.nl> Hello, This quastion was posted in the Dutch newsgroup nl.comp.crypt and I didn't know the answer so I'll ask it here: When you clearsign a file which contains lines that start with a dash, an extra dash is introduced, why is that? vulcan:~> cat 1.txt - <00000fba640b$00006af8$00005f2f@210.160.73.146> - <00001e370ac4$000003ab$000063b5@vio.co.jp> vulcan:~> gpg --clearsign 1.txt [asking for passwd, etc.] vulcan:~> cat 1.txt.asc -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - <00000fba640b$00006af8$00005f2f@210.160.73.146> - - <00001e370ac4$000003ab$000063b5@vio.co.jp> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE46QYRIWmgtYYVa4URAnKgAJ9tBkyeNmGZaE9jBipQUJS1jbUh7gCeM5yU fiesAhdnae18WIlpL4IKLAg= =u1AI -----END PGP SIGNATURE----- -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From wk@gnupg.org Mon Apr 3 21:12:41 2000 From: wk@gnupg.org (Werner Koch) Date: Mon, 3 Apr 2000 23:12:41 +0200 Subject: Extra dashes when crearsigning a file? In-Reply-To: <200004032100.XAA10266@vulcan.xs4all.nl>; from johanw@vulcan.xs4all.nl on Mon, Apr 03, 2000 at 11:00:53PM +0200 References: <200004032100.XAA10266@vulcan.xs4all.nl> Message-ID: <20000403231241.A18729@djebel.gnupg.de> On Mon, 3 Apr 2000, Johan Wevers wrote: > When you clearsign a file which contains lines that start with a dash, an > extra dash is introduced, why is that? This is called dash-escaped text. It is used to quote the -----PGP.... lines and to make the job of the parser easier. It has always been used by PGP. Werner -- Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 465357 Birkenstr. 12 email info@openit.de D-40233 Düsseldorf http://www.openit.de From nyuki@tiscalinet.it Tue Apr 4 07:06:05 2000 From: nyuki@tiscalinet.it (nyuki) Date: Tue, 4 Apr 2000 09:06:05 +0200 Subject: Build for Windows with Visual C++? Message-ID: <38e994833926f7d2@laguna.tiscalinet.it> (added by laguna.tiscalinet.it) Did anyone try to build GPG for Windows using Microsoft Visual C++ 6.0? I am looking for ROM (rough order of magnitude) estimates of the amount of work that would be required. Of course if somebody has already done it, it would be nice to have it! A version running in a console without MFC would be sufficient. -- TiscaliFreeNet, libero accesso ad Internet. http://www.tiscalinet.it From nyuki@tiscalinet.it Tue Apr 4 07:07:00 2000 From: nyuki@tiscalinet.it (nyuki) Date: Tue, 4 Apr 2000 09:07:00 +0200 Subject: Build for Windows with Visual C++? Message-ID: <38e9943639286877@twingo.tiscalinet.it> (added by twingo.tiscalinet.it) Did anyone try to build GPG for Windows using Microsoft Visual C++ 6.0? I am looking for ROM (rough order of magnitude) estimates of the amount of work that would be required. Of course if somebody has already done it, it would be nice to have it! A version running in a console without MFC would be sufficient. -- TiscaliFreeNet, libero accesso ad Internet. http://www.tiscalinet.it From nyuki@tiscalinet.it Tue Apr 4 07:07:22 2000 From: nyuki@tiscalinet.it (nyuki) Date: Tue, 4 Apr 2000 09:07:22 +0200 Subject: Build for Windows with Visual C++? Message-ID: <38e994d93926fbb1@laguna.tiscalinet.it> (added by laguna.tiscalinet.it) Did anyone try to build GPG for Windows using Microsoft Visual C++ 6.0? I am looking for ROM (rough order of magnitude) estimates of the amount of work that would be required. Of course if somebody has already done it, it would be nice to have it! A version running in a console without MFC would be sufficient. -- TiscaliFreeNet, libero accesso ad Internet. http://www.tiscalinet.it From twoaday@gmx.de Tue Apr 4 09:52:22 2000 From: twoaday@gmx.de (Timo Schulz) Date: Tue, 4 Apr 2000 11:52:22 +0200 Subject: GnuPG Win32: secmem warning Message-ID: <20000404115222.A1494@joesixpack.net> Hi, I have a problem that concern the win32 version of GnuPG (1.0.1a). It is possible to disable the message that say the system don't have secure memory ? For example I try the --quiet and the --no-secmem-warning option but gpg print out the message again. Next I try to put the no-secmem-warning in the config file in the gpg directory, without any success. -- Two-a-Day at joesixpack.net www.freenet.de/joesixpack keyid BF3DF9B4 From jsaylor@mediaone.net Wed Apr 5 00:57:00 2000 From: jsaylor@mediaone.net (John Saylor) Date: 04 Apr 2000 20:57:00 -0400 Subject: GPGnet? Message-ID: Hi I know that you can use PGPnet to connect to a VPN box using IPsec. I'm not so sure you can do the same thing with gpg. Has anyone tried this? Does anyone know if this kind of support is planned in the future? Is it even on the radar? Thanks loads. -- \js I wonder if I should put myself in ESCROW!! From rabbi@quickie.net Wed Apr 5 05:42:43 2000 From: rabbi@quickie.net (L. Sassaman) Date: Tue, 4 Apr 2000 22:42:43 -0700 (PDT) Subject: GPGnet? In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 No, you can't do this. I would doubt that it would happen in the future, as I think Werner has stated in the past that he wishes to keep gpg a pure implementation of RFC 2440 and leave unrelated tasks (such as file wiping and VPN systems) to other programs specialized to do that. Of course, I'm not Werner, so I have no idea what his plans are at present. - --Len. On 4 Apr 2000, John Saylor wrote: > Hi > > I know that you can use PGPnet to connect to a VPN box using > IPsec. I'm not so sure you can do the same thing with gpg. Has anyone > tried this? Does anyone know if this kind of support is planned in the > future? Is it even on the radar? > > Thanks loads. > > -- > \js > > I wonder if I should put myself in ESCROW!! > __ L. Sassaman System Administrator | "All of the chaos Technology Consultant | Makes perfect sense..." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Joe Diffie -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1d (GNU/Linux) Comment: OpenPGP Encrypted Email Preferred. iD4DBQE46tJZPYrxsgmsCmoRAopqAJ4/5AuPDYfc7lHJ9TSIHJcWNw/k6gCYmpYW uU5VdtKoBQAGp5sh4sM+sw== =2Efb -----END PGP SIGNATURE----- From ftobin@uiuc.edu Wed Apr 5 07:23:11 2000 From: ftobin@uiuc.edu (Frank Tobin) Date: Wed, 5 Apr 2000 02:23:11 -0500 (CDT) Subject: GPGnet? In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John Saylor, at 20:57 -0400 on 4 Apr 2000, wrote: > I know that you can use PGPnet to connect to a VPN box using > IPsec. I'm not so sure you can do the same thing with gpg. Has anyone > tried this? Does anyone know if this kind of support is planned in the > future? Is it even on the radar? Note that PGPnet has little to nothing to do with the OpenPGP protocol, or even PGP in that matter. The name PGPnet, I'm guessing, is more marketting than anything else to get you to associate the security that comes with PGP together with PGPnet, even though they are weakly related. - -- Frank Tobin http://www.uiuc.edu/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (FreeBSD) Comment: pgpenvelope - http://pgpenvelope.sourceforge.net/ iEYEARECAAYFAjjq6e0ACgkQVv/RCiYMT6MBlgCgn3+cNhRm/H9Guy1SvD5yxWUN CQ8AniZtB8kDsWhws8bfVfS4wSLBgyS0 =BNbC -----END PGP SIGNATURE----- From rabbi@quickie.net Wed Apr 5 07:53:10 2000 From: rabbi@quickie.net (L. Sassaman) Date: Wed, 5 Apr 2000 00:53:10 -0700 (PDT) Subject: GPGnet? In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 5 Apr 2000, Frank Tobin wrote: > Note that PGPnet has little to nothing to do with the OpenPGP protocol, or > even PGP in that matter. The name PGPnet, I'm guessing, is more > marketting than anything else to get you to associate the security that > comes with PGP together with PGPnet, even though they are weakly related. Actually, they are very closely related. PGPnet is an IPsec implementation that allows for the use of PGP authentication/encryption by both parties. It is part of the PGP suite. (Remember that PGP is not just the OpenPGP program; it is also PGPdisk, PGPnet, and the related plugins.) One *should* associate the security that comes with PGP together with PGPnet; PGPnet is only as secure as PGP itself. - --Len. __ L. Sassaman System Administrator | "All of the chaos Technology Consultant | Makes perfect sense..." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Joe Diffie -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1d (GNU/Linux) Comment: OpenPGP Encrypted Email Preferred. iD8DBQE46vDvPYrxsgmsCmoRAuhDAJ99k9U+WWjBhl5sPptQHCTo2M6tUwCdHv06 DsLl2i2YmfUDATWOUDVnQJw= =iwFF -----END PGP SIGNATURE----- From wk@gnupg.org Wed Apr 5 08:14:36 2000 From: wk@gnupg.org (Werner Koch) Date: Wed, 5 Apr 2000 10:14:36 +0200 Subject: GPGnet? In-Reply-To: ; from jsaylor@mediaone.net on Tue, Apr 04, 2000 at 08:57:00PM -0400 References: Message-ID: <20000405101436.K18423@djebel.gnupg.de> On Tue, 4 Apr 2000, John Saylor wrote: > I know that you can use PGPnet to connect to a VPN box using > IPsec. I'm not so sure you can do the same thing with gpg. Has anyone IPsec has nothing in common with OpenPGP or S/MIME. If you are using a Linux kernel you should checkout FreeS/WAN (www.freeswan.org) which is a free implementation of IPSec for GNU/Linux. Werner -- Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 465357 Birkenstr. 12 email info@openit.de D-40233 Düsseldorf http://www.openit.de From ftobin@uiuc.edu Wed Apr 5 08:23:47 2000 From: ftobin@uiuc.edu (Frank Tobin) Date: Wed, 5 Apr 2000 03:23:47 -0500 (CDT) Subject: GPGnet? In-Reply-To: Message-ID: L. Sassaman, at 00:53 -0700 on Wed, 5 Apr 2000, wrote: > Actually, they are very closely related. PGPnet is an IPsec implementation > that allows for the use of PGP authentication/encryption by both parties. > It is part of the PGP suite. (Remember that PGP is not just the OpenPGP > program; it is also PGPdisk, PGPnet, and the related plugins.) One > *should* associate the security that comes with PGP together with > PGPnet; PGPnet is only as secure as PGP itself. If you are calling PGP the entire suite of tools, there is no blanket security that you can apply to the entire suite. You have to break the issue down more; you can't abstract it that much. Saying PGPnet and the unnamaed program that implements OpenPGP are equal is ridiculous; just because they use similar algorithms has no effect on the possible insecureness of the protocols involved. Given your style of argument, I could abstract the Kerberos and ssh systems (public key logins, to simplify) to say that the protocols are as secure as one another (given that they are using similar algorithms). -- Frank Tobin http://www.uiuc.edu/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus From rabbi@quickie.net Wed Apr 5 08:48:21 2000 From: rabbi@quickie.net (L. Sassaman) Date: Wed, 5 Apr 2000 01:48:21 -0700 (PDT) Subject: GPGnet? In-Reply-To: <20000405101436.K18423@djebel.gnupg.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 5 Apr 2000, Werner Koch wrote: > On Tue, 4 Apr 2000, John Saylor wrote: > > > I know that you can use PGPnet to connect to a VPN box using > > IPsec. I'm not so sure you can do the same thing with gpg. Has anyone > > IPsec has nothing in common with OpenPGP or S/MIME. If you are using > a Linux kernel you should checkout FreeS/WAN (www.freeswan.org) which > is a free implementation of IPSec for GNU/Linux. > > Werner That was my original point. (Though as PGPnet shows, IPsec implementations can use OpenPGP keys as part of the session creation process.) GnuPG isn't an IPsec program. It would probably be more reasonable to expect FreeS/Wan to integrate PGP support. BTW, has anyone here gotten FreeS/Wan to work? :) - --Len. __ L. Sassaman System Administrator | "All of the chaos Technology Consultant | Makes perfect sense..." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Joe Diffie -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1d (GNU/Linux) Comment: OpenPGP Encrypted Email Preferred. iD8DBQE46v3gPYrxsgmsCmoRAhiQAJ42VNFjrMnSf/G8Lv1MVi1FT7ywGACgn5ub ADtzzR8aeW3BnEytNYhBdAw= =CNzM -----END PGP SIGNATURE----- From rabbi@quickie.net Wed Apr 5 09:02:29 2000 From: rabbi@quickie.net (L. Sassaman) Date: Wed, 5 Apr 2000 02:02:29 -0700 (PDT) Subject: GPGnet? In-Reply-To: Message-ID: Well, I didn't view this as an argument as such... I was simply countering your statement that PGPnet is only weakly related to the PGP product (which includes the OpenPGP file and email encryption mechanisms, PGPdisk, PGPwipe, and PGPnet). Saying that is like saying Netscape Messenger is only weakly related to Netscape Navigator, or Netscape Communicator. Navigator and Messenger are both main components of Netscape Communicator. Or it's like saying my foot is only weakly related to my hand. :) True, PGPnet is an IPsec implementation and not an OpenPGP implementation, but in the context of PGP they are related. Will Price has some Internet drafts describing the relationship. --Len. On Wed, 5 Apr 2000, Frank Tobin wrote: > L. Sassaman, at 00:53 -0700 on Wed, 5 Apr 2000, wrote: > > > Actually, they are very closely related. PGPnet is an IPsec implementation > > that allows for the use of PGP authentication/encryption by both parties. > > It is part of the PGP suite. (Remember that PGP is not just the OpenPGP > > program; it is also PGPdisk, PGPnet, and the related plugins.) One > > *should* associate the security that comes with PGP together with > > PGPnet; PGPnet is only as secure as PGP itself. > > If you are calling PGP the entire suite of tools, there is no blanket > security that you can apply to the entire suite. You have to break the > issue down more; you can't abstract it that much. Saying PGPnet and the > unnamaed program that implements OpenPGP are equal is ridiculous; just > because they use similar algorithms has no effect on the possible > insecureness of the protocols involved. Given your style of argument, I > could abstract the Kerberos and ssh systems (public key logins, to > simplify) to say that the protocols are as secure as one another (given > that they are using similar algorithms). > > -- > Frank Tobin http://www.uiuc.edu/~ftobin/ > > "To learn what is good and what is to be valued, > those truths which cannot be shaken or changed." Myst: The Book of Atrus > __ L. Sassaman System Administrator | "All of the chaos Technology Consultant | Makes perfect sense..." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Joe Diffie From rabbi@quickie.net Wed Apr 5 23:20:00 2000 From: rabbi@quickie.net (L. Sassaman) Date: Wed, 5 Apr 2000 16:20:00 -0700 (PDT) Subject: GPGnet? In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I dislike FreeS/Wan, but the OpenBSD IPSec program is great. PGPnet will work with it (as well as with FreeS/Wan and Checkpoint and most other IPsec programs. Check out http://www.allard.nu/openbsd for instructions on OpenBSD/PGPnet. - --Len. On 5 Apr 2000, John Saylor wrote: > >>>>> "LS" == L Sassaman writes: > > LS> BTW, has anyone here gotten FreeS/Wan to work? :) > > I'm using OpenBSD's IPsec implementation, feeling that there are less > holes to plug there [and it fits well with my general *BSD-ish > orientation]. And I haven't gotten it to work, but I'm only just > setting it up now. > > My original post was with regards to supporting remote M$ windows > users [yeech!]- but I'm way off-topic now. > > -- > \js > > I want to kill everyone here with a cute colorful Hydrogen Bomb!! > __ L. Sassaman System Administrator | "All of the chaos Technology Consultant | Makes perfect sense..." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Joe Diffie -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1d (GNU/Linux) Comment: OpenPGP Encrypted Email Preferred. iD8DBQE468onPYrxsgmsCmoRAnnIAKDkzpPZSz5Ozpv0rWHfJMxJR5fN5wCbBPIL OJJDtiygLYzORiDDkMdFPjo= =KPB4 -----END PGP SIGNATURE----- From jer@jorsm.com Thu Apr 6 20:20:24 2000 From: jer@jorsm.com (Jeremy Shaffner) Date: Thu, 6 Apr 2000 15:20:24 -0500 (CDT) Subject: Key Generation Message-ID: [Please CC me as i'm not on on the list.] Is it possible to generate a keypair when not at the console? It couldn't collect enough entropy, and using the disks (updated the locate database, doing a find / -print, etc) to finish off the last 20 bytes isn't doing anything. Normally I'd pound on the keyboard, but the machine is at a colo facility. Thanks, --- Jeremy Shaffner System Administrator JORSM Internet jer@jorsm.com http://www.jorsm.com/~jer/pgp.key From ftobin@uiuc.edu Thu Apr 6 20:48:37 2000 From: ftobin@uiuc.edu (Frank Tobin) Date: Thu, 6 Apr 2000 15:48:37 -0500 (CDT) Subject: Key Generation In-Reply-To: Message-ID: Jeremy Shaffner, at 15:20 -0500 on Thu, 6 Apr 2000, wrote: > Is it possible to generate a keypair when not at the console? It couldn't > collect enough entropy, and using the disks (updated the locate database, > doing a find / -print, etc) to finish off the last 20 bytes isn't doing > anything. What operating system are you running? Different systems gather stuff for /dev/random from different places. -- Frank Tobin http://www.uiuc.edu/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus From jer@jorsm.com Thu Apr 6 21:06:57 2000 From: jer@jorsm.com (Jeremy Shaffner) Date: Thu, 6 Apr 2000 16:06:57 -0500 (CDT) Subject: Key Generation In-Reply-To: Message-ID: Sorry, FreeBSD 3.4-STABLE. (What a coincidence..I'm just getting started with PGP::GPG::MessageProcessor.) -Jeremy On Thu, 6 Apr 2000, Frank Tobin wrote: > Jeremy Shaffner, at 15:20 -0500 on Thu, 6 Apr 2000, wrote: > > > Is it possible to generate a keypair when not at the console? It couldn't > > collect enough entropy, and using the disks (updated the locate database, > > doing a find / -print, etc) to finish off the last 20 bytes isn't doing > > anything. > > What operating system are you running? Different systems gather stuff for > /dev/random from different places. > > -- > Frank Tobin http://www.uiuc.edu/~ftobin/ > > "To learn what is good and what is to be valued, > those truths which cannot be shaken or changed." Myst: The Book of Atrus > > > --- Jeremy Shaffner System Administrator JORSM Internet jer@jorsm.com http://www.jorsm.com/~jer/pgp.key From ftobin@uiuc.edu Thu Apr 6 21:13:19 2000 From: ftobin@uiuc.edu (Frank Tobin) Date: Thu, 6 Apr 2000 16:13:19 -0500 (CDT) Subject: Key Generation In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeremy Shaffner, at 16:06 -0500 on Thu, 6 Apr 2000, wrote: > FreeBSD 3.4-STABLE. On FreeBSD, you need to pass in IRQ's to rndcontrol(8) to get it to gather entropy from other sources than the keyboard. Boot-time settings to rndcontrol(8) can be set in /etc/rc.conf; I have: rand_irqs="1 10 12 14 15" # Stir the entropy pool (like "5 11") This depends on your hardware, of course. I've got IDE devices, a PS/2 mouse, network and soundcard. I forget which IRQ is for which device; I used xosview to find out which IRQ's are doing something. > (What a coincidence..I'm just getting started with > PGP::GPG::MessageProcessor.) :) - -- Frank Tobin http://www.uiuc.edu/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (FreeBSD) Comment: pgpenvelope - http://pgpenvelope.sourceforge.net/ iEYEARECAAYFAjjs/f4ACgkQVv/RCiYMT6MAHwCgkSSk3kWzgKaii2JLcL3qYPTl kzwAnjPhHS8WvtTG4qGkhRnsMf/pxO5c =axkE -----END PGP SIGNATURE----- From ftobin@uiuc.edu Fri Apr 7 06:04:49 2000 From: ftobin@uiuc.edu (Frank Tobin) Date: Fri, 7 Apr 2000 01:04:49 -0500 (CDT) Subject: with-colons info Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've been going over the DETAILS file and the --with-colons information, and I'm wondering about Field 2, which is used to indicate the calculated trust/validity. The value 'u' can be given for a uid's validity, which means it is 'ultimately' trusted; however, if I'm not mistaken, uid's are not trusted; they have calculated validity. The use of the idea of 'ultimate trust' on a uid is confusing, I think; somehow we should be conveying validty instead of trust. - -- Frank Tobin http://www.uiuc.edu/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (FreeBSD) Comment: pgpenvelope - http://pgpenvelope.sourceforge.net/ iEYEARECAAYFAjjteo0ACgkQVv/RCiYMT6PCIwCdH28TVMGuN6eXOG4gNXxbEaCE H50AoJWbg01LOdVXYHIbPFaLBMaEeGEY =HHeh -----END PGP SIGNATURE----- From ftobin@uiuc.edu Fri Apr 7 06:22:03 2000 From: ftobin@uiuc.edu (Frank Tobin) Date: Fri, 7 Apr 2000 01:22:03 -0500 (CDT) Subject: successive calls to list-keys Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If I make two successive calls to --list-keys and with-colons --list-keys, can I be ensured that the keys presented will appear in the same order, assuming the keyring is not altered by the user during this time? - -- Frank Tobin http://www.uiuc.edu/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (FreeBSD) Comment: pgpenvelope - http://pgpenvelope.sourceforge.net/ iEYEARECAAYFAjjtfpoACgkQVv/RCiYMT6MqwQCgiTK9MVafuPA8I9rNW2CtvKYx Oo0Anjjpenxw66wkoAzz0gFNWkSiW1nd =Pk93 -----END PGP SIGNATURE----- From bgalbraith@penguinpowered.com Fri Apr 7 09:25:58 2000 From: bgalbraith@penguinpowered.com (Brian Galbraith) Date: Fri, 7 Apr 2000 10:25:58 +0100 Subject: Setting Primary UID Message-ID: <00040710295900.13635@brian> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have recently added some UIDs to my keys, but unfortunately have been unable to Change the Primary UID used . I have read the manual, but have been unable to find anything which works. Is this facility available? I would appreciate some pointers. Regards Brian - -- - ------------------------------------------------ Brian Galbraith Linux User 123411 Sign Only Key 0x6A6DFEFB Default Key 0x63EBA765 (DH/DSA) PGP Keys fromwww. http://math-www.uni-paderborn.de/pgp/ - ------------------------------------------------ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1d (GNU/Linux) Comment: Digital Signatures Verify Author and Unaltered Content iD8DBQE47aqdEPpEmWPrp2URAiMxAKDLDpqIqlyKNg6AVzKSG5ZCbBXHlwCgqe90 UmMqpRgKTpWCsdkj8Sa8YVQ= =kzI2 -----END PGP SIGNATURE----- From wk@gnupg.org Fri Apr 7 12:12:57 2000 From: wk@gnupg.org (Werner Koch) Date: Fri, 7 Apr 2000 14:12:57 +0200 Subject: successive calls to list-keys In-Reply-To: ; from ftobin@uiuc.edu on Fri, Apr 07, 2000 at 01:22:03AM -0500 References: Message-ID: <20000407141257.H30286@djebel.gnupg.de> On Fri, 7 Apr 2000, Frank Tobin wrote: > If I make two successive calls to --list-keys and with-colons --list-keys, > can I be ensured that the keys presented will appear in the same > order, assuming the keyring is not altered by the user during this > time? Yes, with the current version of gpg and probably with future versions too. -- Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 239577-0 Birkenstr. 12 email info@openit.de D-40233 Düsseldorf http://www.openit.de From wk@gnupg.org Fri Apr 7 12:17:29 2000 From: wk@gnupg.org (Werner Koch) Date: Fri, 7 Apr 2000 14:17:29 +0200 Subject: Setting Primary UID In-Reply-To: <00040710295900.13635@brian>; from bgalbraith@penguinpowered.com on Fri, Apr 07, 2000 at 10:25:58AM +0100 References: <00040710295900.13635@brian> Message-ID: <20000407141729.I30286@djebel.gnupg.de> On Fri, 7 Apr 2000, Brian Galbraith wrote: > I have recently added some UIDs to my keys, but unfortunately have been > unable to Change the Primary UID used . I have read the manual, but have > been unable to find anything which works. There is not clear way to say what's the primary user ID is. The most logical one to me, is to say that latest one created is the primary one. However there are problems with that: You way want to change some attributes (like preferences or expiration time) and this way the timestamp of the self-signature (which is the only way to tell you when a UID has been created) changes, or you have a private and a business user ID. OpenPGP has a primary key flag, but ist is allowed to put it on more than one user ID. Bottom line is that there is no clear semantic defined in (at least) gpg. Werner -- Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 239577-0 Birkenstr. 12 email info@openit.de D-40233 Düsseldorf http://www.openit.de From wk@gnupg.org Fri Apr 7 12:11:25 2000 From: wk@gnupg.org (Werner Koch) Date: Fri, 7 Apr 2000 14:11:25 +0200 Subject: with-colons info In-Reply-To: ; from ftobin@uiuc.edu on Fri, Apr 07, 2000 at 01:04:49AM -0500 References: Message-ID: <20000407141125.G30286@djebel.gnupg.de> On Fri, 7 Apr 2000, Frank Tobin wrote: > trust/validity. The value 'u' can be given for a uid's validity, which > means it is 'ultimately' trusted; however, if I'm not mistaken, uid's are > not trusted; they have calculated validity. The use of the idea of Key validity is calculated per user ID. Remember that you do not sign a key but the key+userID. > 'ultimate trust' on a uid is confusing, I think; somehow we should be I agree that the usage of the terms is confusing. There is also the idea to use the terms "the key is known" and the "key is not known" instead of the complicated validity term. Werner -- Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 239577-0 Birkenstr. 12 email info@openit.de D-40233 Düsseldorf http://www.openit.de From kyle@toehold.com Fri Apr 7 15:00:26 2000 From: kyle@toehold.com (Kyle Hasselbacher) Date: Fri, 7 Apr 2000 10:00:26 -0500 Subject: Different size output on same input with Twofish? Message-ID: <20000407100025.D5961@carefree.toehold.com> --CUfgB8w4ZwR/yMy5 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable I have a large cpio file: -rw------- 1 kyle root 510725120 Sep 26 1998 longshot-usr.cpio I encrypted and signed it twice with the same options: -rw------- 1 kyle kyle 179852840 Apr 6 21:09 longshot-usr-2.cpio= .gpg -rw------- 1 kyle kyle 179682409 Apr 7 04:05 longshot-usr-3.cpio= .gpg The options were: -z 9 --cipher-algo TWOFISH -esr kyle I also have these options in .gnupg/options: load-extension ~/.gnupg/idea load-extension ~/.gnupg/rsa # Always encrypt for me. encrypt-to 2A94C484 no-secmem-warning keyserver pgp.ai.mit.edu keyring pubring.gpg keyring debian-keyring.gpg I'm wondering whether it's normal to compress and encrypt the same input and get such different output. I wouldn't expect to get byte-by-byte the same output, but I also wouldn't expect a 150K size difference. I've checked both files, and they seem to be the same once I unencrypt them. Their signatures check out, and when I dump them to 'cpio -tv', I get the same file list. If this IS normal, I'm curious about why it happens, but mostly I just want to know that there's nothing wrong with these files. Please Cc: me any replies since I'm not subscribed to the list. Thank you. --=20 Kyle Hasselbacher All computers wait at the same speed. kyle@toehold.com --CUfgB8w4ZwR/yMy5 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEAREBAAYFAjjt+AkACgkQ10sofiqUxITbeACghv7uGYeffX41qPEyd9qWiqiP Ff4AoNajPl2UFGcPFseS0JYa0YOg6sg5 =uL4U -----END PGP SIGNATURE----- --CUfgB8w4ZwR/yMy5-- From rabbi@quickie.net Fri Apr 7 19:19:58 2000 From: rabbi@quickie.net (L. Sassaman) Date: Fri, 7 Apr 2000 12:19:58 -0700 (PDT) Subject: Setting Primary UID In-Reply-To: <20000407141729.I30286@djebel.gnupg.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 7 Apr 2000, Werner Koch wrote: > OpenPGP has a primary key flag, but ist is allowed to put it on more > than one user ID. Bottom line is that there is no clear semantic > defined in (at least) gpg. It seems to me that the most sensible way to do this would be to take the key with the most recent primary key flag sub-signature bit set, and treat that as primary. That solves all the problems associated with this. - --Len. __ L. Sassaman System Administrator | "All of the chaos Technology Consultant | Makes perfect sense..." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Joe Diffie -----BEGIN PGP SIGNATURE----- Comment: For info see http://www.gnupg.org iEYEARECAAYFAjjuNO0ACgkQPYrxsgmsCmpdYQCg79NUxlUJc6FOU1lwwkDILfM5 xP8An0ZfjdeqYAcf6cwbA+XfxYe7tkcc =TxSm -----END PGP SIGNATURE----- From holger@eit.uni-kl.de Fri Apr 7 19:56:52 2000 From: holger@eit.uni-kl.de (Holger Lamm) Date: Fri, 7 Apr 2000 21:56:52 +0200 (MEST) Subject: Asking a keyserver Message-ID: Hi, [holger@pulse mail]$ gpg --recv-key holger@flatline.de gpg: holger@flatline.de: not a valid key ID I just checked the code, GPG only accepts hex IDs. Is there a special reason for that? The keyservers also accept questions for UID parts. (I really need that!) Please CC me, Holger -- /"\ \ / ASCII Ribbon Campaign - Say NO to HTML in email and news X Sag NEIN zu HTML in email und news / \ From Alain.Culos@bigfoot.com Fri Apr 7 21:55:46 2000 From: Alain.Culos@bigfoot.com (Alain CULOS) Date: Fri, 07 Apr 2000 22:55:46 +0100 Subject: Different size output on same input with Twofish? References: <20000407100025.D5961@carefree.toehold.com> Message-ID: <38EE5962.367C4D5A@eircom.net> Kyle Hasselbacher wrote: > I have a large cpio file: > -rw------- 1 kyle root 510725120 Sep 26 1998 longshot-usr.cpio > I encrypted and signed it twice with the same options: > -rw------- 1 kyle kyle 179852840 Apr 6 21:09 longshot-usr-2.cpio.gpg > -rw------- 1 kyle kyle 179682409 Apr 7 04:05 longshot-usr-3.cpio.gpg Hi, I may open my mouth too early as I am not very knowledgeable in the area, but isn't there a time stamp with every signature (meaning the time when it was encrypted) ? If so, that would : 1/ change the data 2/ hence change the encryption and compression you can get out of it (you're using gzip -9) Best regards, Alain. From johanw@vulcan.xs4all.nl Sat Apr 8 08:51:10 2000 From: johanw@vulcan.xs4all.nl (Johan Wevers) Date: Sat, 8 Apr 2000 10:51:10 +0200 (MET DST) Subject: Different size output on same input with Twofish? In-Reply-To: <20000407100025.D5961@carefree.toehold.com> from Kyle Hasselbacher at "Apr 7, 2000 10:00:26 am" Message-ID: <200004080851.KAA02943@vulcan.xs4all.nl> You, Kyle Hasselbacher, wrote: > I'm wondering whether it's normal to compress and encrypt the same > input and get such different output. Yes, it is. The file is encrypted with the symmetric algorithm with a session key that is generated by a pseudo-random generator. This session key is also encrypted and stored with the message. This does not always preserve file size. 150kb is much, but considering the size of the files you're encrypting its relatively small. If you just encrypt them conventionally the output should be always identical. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From c.hertel@usa.net Sat Apr 8 12:34:01 2000 From: c.hertel@usa.net (Christoph Hertel) Date: Sat, 8 Apr 2000 14:34:01 +0200 Subject: default symmetric cipher? Message-ID: <20000408143401.A1117@imp.yoghurt.net> --x+6KMIRAuhnl3hBn Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable As far as I understood, standard GnuPG can use 3DES, Blowfish and CAST5 for the symmetric encryption part of the hybrid encryption which is used for e.g. my email. I know I can choose the algorithm for the symmetric cipher with the option "cipher-algo", but which algorithm is the default? Or does GnuPG randomly choose which algorithm it uses? Thanks in advance, Christoph --=20 get my PGP (GnuPG) key 0xBAC8E4D5 from a keyserver, by mailing me (subject: get gpg key), or by visiting http://www.crosswinds.net/~hertel --x+6KMIRAuhnl3hBn Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE47yc4QiQTYbrI5NURATjUAKCKW9WWfaMAt3UWwrDt5L2IWLhtmwCfZMzU jNHRoMv6ukUF9UdRvIyZMhU= =miyT -----END PGP SIGNATURE----- --x+6KMIRAuhnl3hBn-- From rabbi@quickie.net Sun Apr 9 00:43:08 2000 From: rabbi@quickie.net (L. Sassaman) Date: Sat, 8 Apr 2000 17:43:08 -0700 (PDT) Subject: default symmetric cipher? In-Reply-To: <20000408143401.A1117@imp.yoghurt.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 8 Apr 2000, Christoph Hertel wrote: > As far as I understood, standard GnuPG can use 3DES, Blowfish and CAST5 > for the symmetric encryption part of the hybrid encryption which is used > for e.g. my email. It can also use Twofish (and IDEA with a module). Note that PGP does not support blowfish, if compatability is a concern. > I know I can choose the algorithm for the symmetric cipher with the > option "cipher-algo", but which algorithm is the default? Or does GnuPG > randomly choose which algorithm it uses? I believe that Blowfish is default, but I am not sure. 3DES is the required standard cipher for OpenPGP, and CAST5 is the default in PGP, FWIW. - --Len. __ L. Sassaman System Administrator | "All of the chaos Technology Consultant | Makes perfect sense..." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Joe Diffie -----BEGIN PGP SIGNATURE----- Comment: For info see http://www.gnupg.org iEYEARECAAYFAjjv0iUACgkQPYrxsgmsCmrg6ACePXqdtcnCnDPwkgi+PAskGKGS nzMAnjBIEj6j7GHYT78FihIGSi7/Lhyi =CV5P -----END PGP SIGNATURE----- From drunkox@gmx.net Sun Apr 9 22:33:30 2000 From: drunkox@gmx.net (David Friedman) Date: Sun, 09 Apr 2000 18:33:30 -0400 Subject: Windows and Gnupg Message-ID: <38F1053A.E0241041@gmx.net> I run gpg under linux and I love it. I also have a Windows box that I wanted to put gpg on. I did only to find a few problems. This command(gpg -a --export David > c:\david.asc) makes a key file the gpg can't recongnize while this command(gpg -a --export David -o c:\david.asc) make an odd looking(at the bottom) keyfile that works. It seems to use a linux-style LF line break insteal of CRLF.. Also their appears to be a problem with the keyserver part of the code. Are there any plans to bring the windows gpg beyond alpha stage? Maybe a gui. If not I'm gonna try to work on a windows frontend under VB6.0 once I better understand the Windows version. Thanks for all your help. P.S. when is 1.0.2 due? -- David Friedman (drunkox@gmx.net) Key: http://members.xoom.com/_XMCM/niftyinc/keys/david.asc From visharam@mahindrabt.com Mon Apr 10 13:16:57 2000 From: visharam@mahindrabt.com (Vishram Kunte) Date: Mon, 10 Apr 2000 18:46:57 +0530 Subject: About Symmetric Ciphers. Message-ID: <38F1D449.F8959A18@MahindraBT.com> Hello, I am thinking to install gnupg tool in one of my software. Therefore, I wish to know more about Key Lengths provided for various symmetric ciphers in this package. Regards. From manuel.carreres@servicom2000.es Mon Apr 10 14:10:31 2000 From: manuel.carreres@servicom2000.es (Manuel Carreres) Date: Mon, 10 Apr 2000 16:10:31 +0200 Subject: GPG and Mingw32 Message-ID: <3.0.5.32.20000410161031.00955760@pop.servicom2000.es> Hi all, I'm trying to compile GNUPG1.0.1 for a Windows platform with the mingw32/cpd kit (I have to modify the gpg code and compile the modified version for Windows, so I need to know how to compile it). The environment I've used is: binutils-2.9.1, gcc-2.95.2, mingw32-cpd-0.2.4 and windows32api-0.1.2. After the execution of ./configure --target=i386-mingw32 make I got the next errors: i386--mingw32-gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../intl -g -c signal.c signal.c: In function `got_fatal_signal': signal.c:56: storage size of `nact' isn't known make[2]: *** [signal.o] Error 1 make[2]: Leaving directory `/home/a00aa119/windows/gnupg-1.0.1/g10' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/a00aa119/windows/gnupg-1.0.1' make: *** [all-recursive-am] Error 2 and the file g10/gpg was not created so I cannot create gpg.exe Does anybody know how to solve this problem? Thanks a lot. From lazarus@overdue.ompages.com Mon Apr 10 16:05:51 2000 From: lazarus@overdue.ompages.com (Lazarus Long) Date: Mon, 10 Apr 2000 16:05:51 +0000 Subject: Setting Primary UID In-Reply-To: ; from rabbi@quickie.net on Fri, Apr 07, 2000 at 12:19:58PM -0700 References: <20000407141729.I30286@djebel.gnupg.de> Message-ID: <20000410160551.A28266@overdue.dhis.net> --qMm9M+Fa2AknHoGS Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Fri, Apr 07, 2000 at 12:19:58PM -0700, L. Sassaman wrote: > key with the most recent primary key flag sub-signature bit set, and treat > that as primary. That solves all the problems associated with this. Sorry to differ here. (the word "all") I've had to create new UIDs in the past, due to temporary email addresses and a variety of other situations. Many times I have desired to *not*-change the primary UID or to change it to one that is not the most-recently-created. In an ideal world, I would have the option of specifying this. Do I consider this a show-stopper problem with GnuPG? Not at all. :-) But it definitely can be a frustration for the person wrestling with this. -- Please (OpenPGP) encrypt all mail whenever possible. Request the following Public Keys for Lazarus Long Type Bits/KeyID Fingerprint DSA KeyID: vvvv vvvv ElGamal: 2048g/41783186 47A0 0929 CD9F B53E 49C0 F06C 560E F574 ED0D F80C --qMm9M+Fa2AknHoGS Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: Now ready for primetime! http://www.gnupg.org iD8DBQE48fvfVg71dO0N+AwRAlpwAJ9/5+9Y5L9PaMHI1GokatDIMqKMGwCgr3EL BNnaRpkpseh3QiJbzI/DYnc= =Yi9V -----END PGP SIGNATURE----- --qMm9M+Fa2AknHoGS-- From Paul Dalton" Hi, I want to use gpg to sign the data input to a form on a web site, and then email it. The bit I'm having the prolems with is the signing. I can't get gpg to a) use a default private key and b) sign the file. I'm putting the data input into a text file, trying to get gpg to sign it ascii armored, but it complains that it can't send the passphrase (im using --batch). heres the command string I'm using: $command="gpg --no-secmem-warning --default-key USERID --clearsign --batch --h omedir /root/.gnupg --armor --output /PATH/$output /PATH/$filename"; my cgi script is written in perl btw, the server is redhat linux 6.1 (running apache), and its an internal web site I'm using this on, no one has access to this machine other than through http (port 80) (from the internal network, no access from outside) so I think its relatively safe. Can what I am trying to do be done? Have I got my args mixed up? Any help much appreciated. Thanks Paul From jesse@quasistatic.com Mon Apr 10 18:24:16 2000 From: jesse@quasistatic.com (jesse.oneill.oine) Date: Mon, 10 Apr 2000 13:24:16 -0500 (CDT) Subject: Decrypting programmatically. Message-ID: GNUPG Users, I'm working on a personal project that involves moving PGP encrypted files back and forth between a couple of FTP servers. I am able to encrypted the files in my application by just executing a sub-process that passes all relevant commands via the command line. My problem is that I cannot decrypt the files in my application because there seems to be no way of passing the "pass phrase" via the command line. I know that other versions of PGP have a "-z passphrase" option that will allow you to decrypt a file without the interactive passphrase gathering. Is there a way to do this with GNUPG? I'd really like to be able to use this product, as it seems to work very good, but I have to be able to decrypt the files from within my Java application. I don't want to have to buy the PGP Business Edition, but that seems to be the only way to accomplish what I need. Any ideas? This is currently a personal project, but licensing is a concern if I have to use PGP instead of GNUPG. Please CC jesse@quasistatic.com on any replys, as I'm not currently a member of this mailing list. Thank you for any insight. Jesse O'Neill Oine jesse@quasistatic.com < q u a s i s t a t i c . c o m > From ftobin@uiuc.edu Mon Apr 10 19:18:54 2000 From: ftobin@uiuc.edu (Frank Tobin) Date: Mon, 10 Apr 2000 14:18:54 -0500 (CDT) Subject: Decrypting programmatically. In-Reply-To: Message-ID: jesse.oneill.oine, at 13:24 -0500 on Mon, 10 Apr 2000, wrote: > passing the "pass phrase" via the command line. I know that other > versions of PGP have a "-z passphrase" option that will allow you to > decrypt a file without the interactive passphrase gathering. Is there a This is not allowed because on pretty much all unixes one can see everyone else's command-line arguments; hence, the passphrase could be seen by any other user on the system. The general way of passing in a passphrase to GnuPG is to do so via a handle specified in the passphrase-fd option; I don't know if you can accomplish this with Java though. There are Perl modules that allow you to accomplish this farily easily, though. -- Frank Tobin http://www.uiuc.edu/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus From ftobin@uiuc.edu Mon Apr 10 19:21:37 2000 From: ftobin@uiuc.edu (Frank Tobin) Date: Mon, 10 Apr 2000 14:21:37 -0500 (CDT) Subject: gpg to sign cgi output? In-Reply-To: <008f01bfa309$80f646c0$16c7e0c3@pncl.co.uk> Message-ID: Paul Dalton, at 17:26 +0100 on Mon, 10 Apr 2000, wrote: > Can what I am trying to do be done? Have I got my args mixed up? I recommend using one of the several Perl modules on CPAN that are designed for GnuPG interaction. -- Frank Tobin http://www.uiuc.edu/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus From bgalbraith@penguinpowered.com Mon Apr 10 19:28:13 2000 From: bgalbraith@penguinpowered.com (Brian Galbraith) Date: Mon, 10 Apr 2000 20:28:13 +0100 Subject: Error message Message-ID: <00041020325703.05320@brian> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Folks I am currently getting an error warning when I encrypt using a combination of Geheimnis,and GnuPG 1.0.1d The error received is 134514624. Can anyone explain what this means....as the messages are signed and encrypted properly. Regards Brian - -- - ------------------------------------------------ Brian Galbraith Linux User 123411 Sign Only Key 0x6A6DFEFB Default Key 0x63EBA765 (DH/DSA) PGP Keys fromwww. http://math-www.uni-paderborn.de/pgp/ - ------------------------------------------------ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1d (GNU/Linux) Comment: Digital Signatures Verify Author and Unaltered Content iD8DBQE48ixp1MQNj2pt/vsRAodBAJ92PLS8F1B9brYHl4UD2vao2L4uyQCfdvFS wCBKcl10OrMbRCfx7ri7mBo= =qj5b -----END PGP SIGNATURE----- From rabbi@quickie.net Mon Apr 10 19:51:50 2000 From: rabbi@quickie.net (L. Sassaman) Date: Mon, 10 Apr 2000 12:51:50 -0700 (PDT) Subject: Setting Primary UID In-Reply-To: <20000410155333.A27910@overdue.dhis.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 10 Apr 2000, Lazarus Long wrote: > On Fri, Apr 07, 2000 at 12:19:58PM -0700, L. Sassaman wrote: > > > key with the most recent primary key flag sub-signature bit set, and treat > > that as primary. That solves all the problems associated with this. > > Sorry to differ here. (the word "all") > > I've had to create new UIDs in the past, due to temporary email > addresses and a variety of other situations. Many times I have desired > to *not*-change the primary UID or to change it to one that is not the > most-recently-created. In an ideal world, I would have the option of > specifying this. Right. That's what the "Primary User ID" flag allows you to do. As I said, it soles all the problems... you can add new user IDs, and unless you specify then as primary, they won't change the primary UID specification. > Do I consider this a show-stopper problem with GnuPG? Not at all. :-) > But it definitely can be a frustration for the person wrestling with this. - --Len. __ L. Sassaman System Administrator | "All of the chaos Technology Consultant | Makes perfect sense..." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Joe Diffie -----BEGIN PGP SIGNATURE----- Comment: For info see http://www.gnupg.org iEYEARECAAYFAjjyMOEACgkQPYrxsgmsCmqqmQCgsE9OBgCbxAWX7YXK+SDHHnjW 43oAoOJIXRntW/RlN51Mp80O6YUt3Unn =9zLW -----END PGP SIGNATURE----- From ttn@netcom.com Mon Apr 10 21:50:50 2000 From: ttn@netcom.com (thi) Date: 10 Apr 2000 14:50:50 -0700 Subject: importing pgp-6.5.3 public keys possible? Message-ID: i read the gnu privacy handbook (nice work!), but could not find any tips on this. the other document seems specific to pgp-2.x. thi From toshi.suzuki@ntt.com Tue Apr 11 04:16:04 2000 From: toshi.suzuki@ntt.com (Toshiaki Suzuki) Date: Tue, 11 Apr 2000 13:16:04 +0900 Subject: Question about GNUPG in AIX environment Message-ID: <200004110442.NAA18811@mail1.noc.ntt.com> My name is Toshiaki Suzuki NTT Communications, Japan. This is my first time to write to this Mailing-list. I have a question about Instration of GNUPG to AIX environment. Could you give me information, if you have? Now,we are developing E-mail encryption system between Solaris machine and AIX machine. But now, we can't install GNUPG to AIX environment. The version of AIX is AIX 4.2.0 and hardware is RS6000 J40. Can GNUPG run on this environment? Installation of GNUPG fails when installer uses assembler because makefile can't recognize assembler. Even if we write AS in makefile directly which installer use, Installation of GNUPG fails. I'm looking forward to your reply. Best Regards. From sen_ml@eccosys.com Tue Apr 11 05:00:43 2000 From: sen_ml@eccosys.com (sen_ml@eccosys.com) Date: Tue, 11 Apr 2000 14:00:43 +0900 Subject: Question about GNUPG in AIX environment In-Reply-To: <200004110442.NAA18811@mail1.noc.ntt.com> References: <200004110442.NAA18811@mail1.noc.ntt.com> Message-ID: <20000411140043I.1000@eccosys.com> toshi.suzuki> Now,we are developing E-mail encryption system toshi.suzuki> between Solaris machine and AIX machine. But now, toshi.suzuki> we can't install GNUPG to AIX environment. toshi.suzuki> The version of AIX is AIX 4.2.0 and hardware is toshi.suzuki> RS6000 J40. toshi.suzuki> Can GNUPG run on this environment? there have been reports about using gnupg under aix in the past. my current impression is that the version of gcc that one uses to compile gnupg may make a different -- 2.7.3.x and 2.95 (and above) were recommended. i also got the impression that using gnu make might help. look in the september archives for 1999: http://lists.gnupg.org/gnupg-users-199909/threads.html for a thread titled "Unable to compile on AIX 4.2.1". if i understood the discussion correctly, one person did not have any success compiling: Darren Henderson while there appear to be two people who did manage: Werner Koch Michael Roth good luck. From ftobin@uiuc.edu Tue Apr 11 08:55:13 2000 From: ftobin@uiuc.edu (Frank Tobin) Date: Tue, 11 Apr 2000 03:55:13 -0500 (CDT) Subject: request for input on name of GnuPG Perl module Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm currently in the process of almost releasing a totally reworked Perl module to handle GnuPG; it's based off the same IPC-style ( communication via handles ) as my PGP::GPG::MessageProcessor, but it is more powerful and better designed (in particular it can fully parse --with-colons information and can create useful "Key" objects). Since the interface and powerfulness do much more than "message processing", I've been tempted to call it PGP::GnuPG::Interface. However, the bareword "PGP" is not that good of a choice, I feel, because it is used to relate to NAI's product, which this module does not support. OpenPGP::GnuPG::Interface might be okay, but there is the fact that my module itself doesn't implement OpenPGP; GnuPG does that for me. However, "OpenPGP" is a new top-level CPAN directory, so I'm hesitant to use this, as I plan putting it on CPAN. Simply GnuPG::Interface also is an option, but once again, GnuPG is a new top-level CPAN name. If anyone has comments on these possible names, or has good suggestions, please let me know. - -- Frank Tobin http://www.uiuc.edu/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (FreeBSD) Comment: pgpenvelope - http://pgpenvelope.sourceforge.net/ iEYEARECAAYFAjjy6H8ACgkQVv/RCiYMT6M4kQCeJrdMr1qyQem8jPSgogH8BksF 7iYAnR0qJAJtUatscxz6ygS2aQS8Ca3h =unT3 -----END PGP SIGNATURE----- From wk@gnupg.org Tue Apr 11 09:32:51 2000 From: wk@gnupg.org (Werner Koch) Date: Tue, 11 Apr 2000 11:32:51 +0200 Subject: GPG and Mingw32 In-Reply-To: <3.0.5.32.20000410161031.00955760@pop.servicom2000.es>; from manuel.carreres@servicom2000.es on Mon, Apr 10, 2000 at 04:10:31PM +0200 References: <3.0.5.32.20000410161031.00955760@pop.servicom2000.es> Message-ID: <20000411113251.M31025@djebel.gnupg.de> On Mon, 10 Apr 2000, Manuel Carreres wrote: > Hi all, > I'm trying to compile GNUPG1.0.1 for a Windows platform with the mingw32/cpd Get the latest development snapshot (IIRC, 1.0.1d) -- Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 239577-0 Birkenstr. 12 email wk@openit.de D-40233 Düsseldorf http://www.openit.de From wk@gnupg.org Tue Apr 11 09:31:12 2000 From: wk@gnupg.org (Werner Koch) Date: Tue, 11 Apr 2000 11:31:12 +0200 Subject: About Symmetric Ciphers. In-Reply-To: <38F1D449.F8959A18@MahindraBT.com>; from visharam@mahindrabt.com on Mon, Apr 10, 2000 at 06:46:57PM +0530 References: <38F1D449.F8959A18@MahindraBT.com> Message-ID: <20000411113112.L31025@djebel.gnupg.de> On Mon, 10 Apr 2000, Vishram Kunte wrote: > I am thinking to install gnupg tool in one of my software. Therefore, I > wish to know more about Key Lengths provided for various symmetric > ciphers in this package. 3DES: 168 Bit (but btter think of 112 bit) CAST5: 128 Blowfish: 128 Twofish: 128 or 256 -- Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 239577-0 Birkenstr. 12 email wk@openit.de D-40233 Düsseldorf http://www.openit.de From Jos Backus Tue Apr 11 09:25:35 2000 From: Jos Backus (Jos Backus) Date: Tue, 11 Apr 2000 11:25:35 +0200 Subject: Question about GNUPG in AIX environment In-Reply-To: <20000411140043I.1000@eccosys.com>; from sen_ml@eccosys.com on Tue, Apr 11, 2000 at 02:00:43PM +0900 References: <200004110442.NAA18811@mail1.noc.ntt.com> <20000411140043I.1000@eccosys.com> Message-ID: <20000411112535.A84258@hal.mpn.cp.philips.com> Be sure to also look at these threads: http://lists.gnupg.org/gnupg-devel-199911/msg00032.html http://lists.gnupg.org/gnupg-devel-199912/msg00007.html -- Jos Backus _/ _/_/_/ "Reliability means never _/ _/ _/ having to say you're sorry." _/ _/_/_/ -- D. J. Bernstein _/ _/ _/ _/ Jos.Backus@nl.origin-it.com _/_/ _/_/_/ use Std::Disclaimer; From sen_ml@eccosys.com Tue Apr 11 09:45:12 2000 From: sen_ml@eccosys.com (sen_ml@eccosys.com) Date: Tue, 11 Apr 2000 18:45:12 +0900 Subject: option for specifying lanugage? Message-ID: <20000411184512S.1000@eccosys.com> is there a way to specify an option to gnupg to get it to choose which language its messages are outputed as? something like the "lang" option in pgp. note: i mean command line option -- not specifying the contents of an environment variable. the reason i ask is that, a user might want to view messages in one language other than english (e.g. when using gnupg on the command line), while software has been written to process gnupg messages in english. i bring this up because i saw mention of it on a mailing list for a particular mail client today. From wk@gnupg.org Tue Apr 11 12:08:14 2000 From: wk@gnupg.org (Werner Koch) Date: Tue, 11 Apr 2000 14:08:14 +0200 Subject: option for specifying lanugage? In-Reply-To: <20000411184512S.1000@eccosys.com>; from sen_ml@eccosys.com on Tue, Apr 11, 2000 at 06:45:12PM +0900 References: <20000411184512S.1000@eccosys.com> Message-ID: <20000411140814.R31025@djebel.gnupg.de> On Tue, 11 Apr 2000, sen_ml@eccosys.com wrote: > is there a way to specify an option to gnupg to get it to choose which > language its messages are outputed as? something like the "lang" > option in pgp. note: i mean command line option -- not specifying the > contents of an environment variable. What's wrong with: $ LANG=it gpg foo (assuming a Bourne/POSIX shell) -- Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 239577-0 Birkenstr. 12 email wk@openit.de D-40233 Düsseldorf http://www.openit.de From jgh@megsinet.net Tue Apr 11 13:43:57 2000 From: jgh@megsinet.net (Jason Helfman) Date: Tue, 11 Apr 2000 08:43:57 -0500 Subject: heads up with list signing up Message-ID: <1bad819b56.19b561bad8@core.com> I have been unable to sign up for the list for 2 days now, sending 8+ emails, but now that I am at work and signing up via a web interface, I am excepted right away by Majordomo. In both instances I requested "subscribe" in the BODY to "gnupg-users-request@gnupg.org" I was using mutt as an emailing program before and have had no problems sending or receiving mailings to GNUPG. Just a fluke maybe, but I thought you should know. --- /helfman "At any given moment, you may find the ticket to the circus that has always been in your possession." Fingerprint: 2F76 2856 776A 3E07 9F3E 452A 17D9 9B28 D75E 0A36 GnuPG http://www.gnupg.org Get Private! From wk@gnupg.org Tue Apr 11 14:25:04 2000 From: wk@gnupg.org (Werner Koch) Date: Tue, 11 Apr 2000 16:25:04 +0200 Subject: heads up with list signing up In-Reply-To: <1bad819b56.19b561bad8@core.com>; from jgh@megsinet.net on Tue, Apr 11, 2000 at 08:43:57AM -0500 References: <1bad819b56.19b561bad8@core.com> Message-ID: <20000411162504.C31025@djebel.gnupg.de> On Tue, 11 Apr 2000, Jason Helfman wrote: > I have been unable to sign up for the list for 2 days now, sending 8+ > emails, but now that I am at work and signing up via a web interface, I > am excepted right away by Majordomo. There is no Majordomo running there. > In both instances I requested "subscribe" in the BODY > to "gnupg-users-request@gnupg.org" Put it into the subject as explained at the website -- Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 239577-0 Birkenstr. 12 email wk@openit.de D-40233 Düsseldorf http://www.openit.de From joerg.noack@gmx.net Tue Apr 11 14:17:46 2000 From: joerg.noack@gmx.net (=?ISO-8859-1?Q?J=F6rg?= Noack) Date: Tue, 11 Apr 2000 16:17:46 +0200 (MEST) Subject: gnupg and IRIX 6.5.6 Message-ID: <14542.955462666@www3.gmx.net> Hallo, I'm new user of gnupg. Under my linux box gnupg works fine and without problems. Now my question. Is it possible to compile and run gnupg successful under IRIX 6.5.6. I have compiled the sources gnupg-1.0.1d with # rm config.h config.cache g10defs.h # CC=cc CFLAGS=-mips3 ./configure --prefix=/yatmp/freeware/gnupg \ --enable-static-rnd=none --disable-dev-random --disable-dynload \ --disable-asm but during the key generation gnupg dies with a "Bus error" :-(. -- output ---------- You need a Passphrase to protect your secret key. gpg: WARNING: using insecure random number generator!! The random number generator is only a kludge to let it run - it is in no way a strong RNG! DON'T USE ANY DATA GENERATED BY THIS PROGRAM!! We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. Bus error -- output ----------- Have anybody the same problem? Joerg -- --- !!! Please dont send large files to this mail address !!! Sent through GMX FreeMail - http://www.gmx.net From jgh@megsinet.net Tue Apr 11 15:04:09 2000 From: jgh@megsinet.net (Jason Helfman) Date: Tue, 11 Apr 2000 10:04:09 -0500 Subject: heads up with list signing up Message-ID: <1dafe1e9d0.1e9d01dafe@core.com> i did it in the subject and body, majordomo, whatever, either way it didn't work for 8+ emailngs..... --- /helfman "At any given moment, you may find the ticket to the circus that has always been in your possession." Fingerprint: 2F76 2856 776A 3E07 9F3E 452A 17D9 9B28 D75E 0A36 GnuPG http://www.gnupg.org Get Private! ----- Original Message ----- From: Werner Koch Date: Tuesday, April 11, 2000 9:25 am Subject: Re: heads up with list signing up > On Tue, 11 Apr 2000, Jason Helfman wrote: > > > I have been unable to sign up for the list for 2 days now, > sending 8+ > > emails, but now that I am at work and signing up via a web > interface, I > > am excepted right away by Majordomo. > > There is no Majordomo running there. > > > > In both instances I requested "subscribe" in the BODY > > to "gnupg-users-request@gnupg.org" > > Put it into the subject as explained at the website > > > -- > Werner Koch OpenPGP key 621CC013 > OpenIT GmbH tel +49 211 239577-0 > Birkenstr. 12 email wk@openit.de > D-40233 Düsseldorf http://www.openit.de > > From BvdLeeden@LinuxFan.com Tue Apr 11 15:15:45 2000 From: BvdLeeden@LinuxFan.com (Ben v.d. Leeden) Date: Tue, 11 Apr 2000 17:15:45 +0200 (CEST) Subject: alternate webinterface Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello everybody, if you visit http://www.bvdl.nl/gpg/ then you will see a little different interface for the public key server. Any response is welcome... Ben v/d Leeden /---------------------------------------------------------------\ | Name : Ben van der Leeden | GCM/IT/MU d+ s+: a-- C+++ | | ICQ : #53586252 | UL++++ P L+++ E--- W++ N++ | | NickName : McBuster | e--- O- M-- V-- PS PE-- Y- | | Url : http://www.BvdL.nl | PGP++ t++@ 5 X++ R+ tv+ b | | E-Mail : BvdLeeden@Linuxfan.com | DI D++ G>++++ e+++ h r++ z? | |-----------------------------------------------------------------| | Email me with "request-key" as subject to obtain my key | \---------------------------------------------------------------/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE480G6StMixiSCXQMRAg49AJ9hp7BG6LEM8VLJE2mpfiOWLD8Z+ACgkb38 9QtdjTUqTfD51ckrLLF+FjE= =8nZH -----END PGP SIGNATURE----- From jgh@megsinet.net Tue Apr 11 15:57:21 2000 From: jgh@megsinet.net (Jason Helfman) Date: Tue, 11 Apr 2000 10:57:21 -0500 Subject: heads up with list signing up Message-ID: <225e71c1ed.1c1ed225e7@core.com> no problem...case in point ----- Original Message ----- From: Thomas Weinbrenner Date: Tuesday, April 11, 2000 10:39 am Subject: Re: heads up with list signing up > > Thank you for this mail. I have tried for weeks to unsubscribe this > list and finally using a web interface I succeeded. :-) > > -- > Thomas Weinbrenner> From rabbi@quickie.net Tue Apr 11 18:42:11 2000 From: rabbi@quickie.net (L. Sassaman) Date: Tue, 11 Apr 2000 11:42:11 -0700 (PDT) Subject: About Symmetric Ciphers. In-Reply-To: <20000411113112.L31025@djebel.gnupg.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 11 Apr 2000, Werner Koch wrote: > Twofish: 128 or 256 What does GnuPG use? 256, right? __ L. Sassaman System Administrator | "All of the chaos Technology Consultant | Makes perfect sense..." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Joe Diffie -----BEGIN PGP SIGNATURE----- Comment: For info see http://www.gnupg.org iEYEARECAAYFAjjzcg0ACgkQPYrxsgmsCmrG6wCg2lV98U9VIgQnWRBe13ES6+sh xyEAoKeVkdZKjN7hVPoqwQq/7Hkt5g4e =0Giu -----END PGP SIGNATURE----- From sen_ml@eccosys.com Wed Apr 12 00:04:06 2000 From: sen_ml@eccosys.com (sen_ml@eccosys.com) Date: Wed, 12 Apr 2000 09:04:06 +0900 Subject: option for specifying lanugage? In-Reply-To: <20000411140814.R31025@djebel.gnupg.de> References: <20000411184512S.1000@eccosys.com> <20000411140814.R31025@djebel.gnupg.de> Message-ID: <20000412090406J.1000@eccosys.com> thanks for the response. my comments follow. On Tue, 11 Apr 2000, sen_ml@eccosys.com wrote: > is there a way to specify an option to gnupg to get it to choose which > language its messages are outputed as? something like the "lang" > option in pgp. note: i mean command line option -- not specifying the > contents of an environment variable. wk> What's wrong with: wk> $ LANG=it gpg foo wk> (assuming a Bourne/POSIX shell) either my message wasn't clear or i'm not understanding something (or may be both ;-) )... one of the paragraphs in my original message that you did not quote mentions the fact that at least one program (i presume there are more) has been written to process english gnupg messages. assuming that there is more than one non-bourne/posix shell user in the world that uses that program, isn't it problematic to use the approach you suggest? -having the program forcibly specify /bin/sh seems like a waste of starting up an extra process -forcing the user to set an environment variable every time they use gpg doesn't make sense -writing a custom script that sets the environment variable first also requires an extra process -having the program try to detect which shell the user uses seems silly any other ideas? i didn't come up w/ any so it seemed like having a command line option to specify language was a good idea -- at least one to tell gpg to use english messages so that the program that talks to gpg can specify it (but if you go that far, why not allow the specification of arbitrary language?). From dstenn@fanfic.org Wed Apr 12 06:12:51 2000 From: dstenn@fanfic.org (Dennis Tenn) Date: Wed, 12 Apr 2000 02:12:51 -0400 (EDT) Subject: Problems with the gnupg 1.0.1 and FreeBSD 3.3 Message-ID: I have 2 systems and in both case I'm getting stuck generating key pairs. I have exhausted my possibilities on www.gnupg.org as well as other gnupg pages. I've also emailed the FreeBSD gnupg ports maintainer and asked this same question. The two accounts I have are dstenn@fanfic.org and dtenn@uu.net. I really hope you can help. I have successfully compiled and installed gnupg 1.0.1 but when I run gpg --gen-key and answer all the questions I get stuck. Here is the out put so far.. [/home/dtenn] jpdata1:dtenn# gpg --gen-key gpg (GnuPG) 1.0.1; Copyright (C) 1999 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. gpg: /home/dtenn/.gnupg/secring.gpg: keyring created gpg: /home/dtenn/.gnupg/pubring.gpg: keyring created Please select what kind of key you want: (1) DSA and ElGamal (default) (2) DSA (sign only) (4) ElGamal (sign and encrypt) Your selection? 1 DSA keypair will have 1024 bits. About to generate a new ELG-E keypair. minimum keysize is 768 bits default keysize is 1024 bits highest suggested keysize is 2048 bits Requested keysize is 1024 bits Please specify how long the key should be valid. 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years Key is valid for? (0) 2y Key expires at Fri Apr 12 14:32:28 2002 JST Is this correct (y/n)? y You need a User-ID to identify your key; the software constructs the user id from Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) " Real name: Dennis Tenn Email address: dtenn@uu.net Comment: You selected this USER-ID: "Dennis Tenn " Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o You need a Passphrase to protect your secret key. We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. +++++.++++++++++.+++++++++++++++++++++++++++++++++++.++++++++++++++++++++++++++++++++++++++++.+++++++++++++++.+++++++++++++++.++++++++++>++++++++++.>..+++++....................................................+++++ Not enough random bytes available. Please do some other work to give the OS a chance to collect more entropy! (Need 18 more bytes) Not enough random bytes available. Please do some other work to give the OS a chance to collect more entropy! (Need 2 more bytes) Not enough random bytes available. Please do some other work to give the OS a chance to collect more entropy! (Need 2 more bytes) We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. ++++++++++..++++++++++.++++++++++..+++++..++++++++++++++++++++.++++++++++.+++++.++++++++++++++++++++.++++++++++.++++++++++++++++++++....++++++++++..>+++++...........................................................+++++^^^ Not enough random bytes available. Please do some other work to give the OS a chance to collect more entropy! (Need 128 more bytes) -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Dennis Tenn * There will always come a time dstenn@fanfic.org * When your love will be tested LICQ# 1457509 * Stand tall and rise to the occasion * For only then will you grow strong. * -Anonymous -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From pauld@pinnacle.net.uk Wed Apr 12 06:40:24 2000 From: pauld@pinnacle.net.uk (Paul Dalton) Date: Wed, 12 Apr 2000 07:40:24 +0100 Subject: Problems with the gnupg 1.0.1 and FreeBSD 3.3 References: Message-ID: <007101bfa44a$096348a0$8211bc3e@paul> Hi Dennis, I get this a lot myself. I'm running gnupg on an old sparc 2 running redhat 6.1 . I'm using this machine for development so its not doing anything other than my telnet session usually. I get around this problem by working on the console and bashing away at the keyboard frantically until the key is generated. I also keep the key length down to 1024, which is annoying to say the least. It took be a while to figure out that typing on the keyboard from a remote session doesn't do any good, is this perhaps what you are doing? HTH Paul. ----- Original Message ----- From: Dennis Tenn To: Cc: ; Sent: Wednesday, April 12, 2000 7:12 AM Subject: Problems with the gnupg 1.0.1 and FreeBSD 3.3 > I have 2 systems and in both case I'm getting stuck generating key pairs. > I have exhausted my possibilities on www.gnupg.org as well as other gnupg > pages. I've also emailed the FreeBSD gnupg ports maintainer and asked > this same question. The two accounts I have are dstenn@fanfic.org and > dtenn@uu.net. I really hope you can help. > > I have successfully compiled and installed gnupg 1.0.1 but when I run > > gpg --gen-key > > and answer all the questions I get stuck. Here is the out put so far.. > > [/home/dtenn] > jpdata1:dtenn# gpg --gen-key > gpg (GnuPG) 1.0.1; Copyright (C) 1999 Free Software Foundation, Inc. > This program comes with ABSOLUTELY NO WARRANTY. > This is free software, and you are welcome to redistribute it > under certain conditions. See the file COPYING for details. > > gpg: /home/dtenn/.gnupg/secring.gpg: keyring created > gpg: /home/dtenn/.gnupg/pubring.gpg: keyring created > Please select what kind of key you want: > (1) DSA and ElGamal (default) > (2) DSA (sign only) > (4) ElGamal (sign and encrypt) > Your selection? 1 > DSA keypair will have 1024 bits. > About to generate a new ELG-E keypair. > minimum keysize is 768 bits > default keysize is 1024 bits > highest suggested keysize is 2048 bits > Requested keysize is 1024 bits > Please specify how long the key should be valid. > 0 = key does not expire > = key expires in n days > w = key expires in n weeks > m = key expires in n months > y = key expires in n years > Key is valid for? (0) 2y > Key expires at Fri Apr 12 14:32:28 2002 JST > Is this correct (y/n)? y > > You need a User-ID to identify your key; the software constructs the user > id > from Real Name, Comment and Email Address in this form: > "Heinrich Heine (Der Dichter) " > > Real name: Dennis Tenn > Email address: dtenn@uu.net > Comment: > You selected this USER-ID: > "Dennis Tenn " > > Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o > You need a Passphrase to protect your secret key. > > We need to generate a lot of random bytes. It is a good idea to perform > some other action (type on the keyboard, move the mouse, utilize the > disks) during the prime generation; this gives the random number > generator a better chance to gain enough entropy. > +++++.++++++++++.+++++++++++++++++++++++++++++++++++.+++++++++++++++++++++++ +++++++++++++++++.+++++++++++++++.+++++++++++++++.++++++++++>++++++++++.>..+ ++++....................................................+++++ > > Not enough random bytes available. Please do some other work to give > the OS a chance to collect more entropy! (Need 18 more bytes) > > Not enough random bytes available. Please do some other work to give > the OS a chance to collect more entropy! (Need 2 more bytes) > > Not enough random bytes available. Please do some other work to give > the OS a chance to collect more entropy! (Need 2 more bytes) > We need to generate a lot of random bytes. It is a good idea to perform > some other action (type on the keyboard, move the mouse, utilize the > disks) during the prime generation; this gives the random number > generator a better chance to gain enough entropy. > ++++++++++..++++++++++.++++++++++..+++++..++++++++++++++++++++.++++++++++.++ +++.++++++++++++++++++++.++++++++++.++++++++++++++++++++....++++++++++..>+++ ++...........................................................+++++^^^ > > Not enough random bytes available. Please do some other work to give > the OS a chance to collect more entropy! (Need 128 more bytes) > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > Dennis Tenn * There will always come a time > dstenn@fanfic.org * When your love will be tested > LICQ# 1457509 * Stand tall and rise to the occasion > * For only then will you grow strong. > * -Anonymous > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > From darren@flyingcolor.com Wed Apr 12 15:37:58 2000 From: darren@flyingcolor.com (Darren Cook) Date: Wed, 12 Apr 2000 15:37:58 Subject: Problems with the gnupg 1.0.1 and FreeBSD 3.3 In-Reply-To: Message-ID: <3.0.6.32.20000412153758.00bb1190@pop.flyingcolor.com> >I have 2 systems and in both case I'm getting stuck generating key pairs. >... >Not enough random bytes available. Please do some other work to give >the OS a chance to collect more entropy! (Need 128 more bytes) I had the same problem; here are the answers I got from this mailing list: >BSD machine: >in /etc/defaults/rc.conf, set rand_irqs="used>" And: >On FreeBSD you don't have to reboot your machine to change the IRQs used. >Just do, as root : > rndcontrol -s 15 > rndcontrol -s 14 >to add the IDE/ATAPI IRQs if they are used. Replace with your SCSI card IRQ >if you have SCSI instead. I don't know if it's really secure to add a network >card IRQ there. > >On OpenBSD, you simply can't add or remove entropy sources. At least it >doesn't seems obvious to me while I was browsing man pages on >www.openbsd.org. As it was a co-located machine, and I don't have root access, I cheated and generated keys on another machine then uploaded them. Darren From bgalbraith@penguinpowered.com Wed Apr 12 07:49:44 2000 From: bgalbraith@penguinpowered.com (Brian Galbraith) Date: Wed, 12 Apr 2000 08:49:44 +0100 Subject: Observations on GnuPG 1.0.1d Message-ID: <00041209090001.09390@brian> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Folks I posted about part of this a short time ago and received no answer. I have been investigating several combinations and permutations of mail programs and guifront ends for GnuPG. Until recently I have been using XFmail which gives good GnuPG support. I am nowplaying around with a patched version of KMail, and I have also tried the Geheimnis GUI. I have found that on a regular basis I have to delete my keyrings and reinstall from my backup. 1) XFMail is able to sign messages, but is unable to find public keys for encryption. 2)Kmail signs OK, but encrypts to the recipient and does not encrypt to self. 3)Geheimnis both encrypts and signs, but returns the following error message: Executing: gpg --no-batch --comment "Made with Geheimnis" -e -s -u 010FA449963EBA765 -a -t - --no-default-keyring - --secret-keyring /home/brian/.gnupg/secring.gpg - --keyring /home/brian/.gnupg/pubring.gpg -r 0C81AFA55D3AD93BE -r 010FA449963EBA765 -o /home/brian/GnuPGWork/3.pgp /home/brian/GnuPGWork/3 gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! You need a passphrase to unlock the secret key for user: "Brian Galbraith " 1024-bit DSA key, ID 63EBA765, created 1999-11-01 gpg: 93D14EAC: skipped: public key not found gpg: using secondary key 80312AC5 instead of primary key 63EBA765 gpg: using secondary key 6A4B0B72 instead of primary key D3AD93BE ------------------------------------------------------------------------ WARNING: The encryption program returned error code 134514624. Please close this window when you are done to return to Geheimnis. When I check my processes using kpm........Ifind a list of GPG processes which are given zombie status. When I delete and reinstall my keyrings..all is as should be......until the next time. I am using SuSE Linux 6.3 with GnuPG - -- - ------------------------------------------------ Brian Galbraith Linux User 123411 Sign Only Key 0x6A6DFEFB Default Key 0x63EBA765 (DH/DSA) PGP Keys fromwww. http://math-www.uni-paderborn.de/pgp/ - ------------------------------------------------ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1d (GNU/Linux) Comment: Digital Signatures Verify Author and Unaltered Content iD8DBQE49DLa1MQNj2pt/vsRAn9dAJ4j8THgBr/rn6ePXeuFLEHDLO1QegCfWRgc WqxxTlqBZESdi9OC7iK1Fo8= =dj/W -----END PGP SIGNATURE----- From wk@gnupg.org Wed Apr 12 08:53:41 2000 From: wk@gnupg.org (Werner Koch) Date: Wed, 12 Apr 2000 10:53:41 +0200 Subject: option for specifying lanugage? In-Reply-To: <20000412090406J.1000@eccosys.com>; from sen_ml@eccosys.com on Wed, Apr 12, 2000 at 09:04:06AM +0900 References: <20000411184512S.1000@eccosys.com> <20000411140814.R31025@djebel.gnupg.de> <20000412090406J.1000@eccosys.com> Message-ID: <20000412105341.C23984@djebel.gnupg.de> On Wed, 12 Apr 2000, sen_ml@eccosys.com wrote: > wk> $ LANG=it gpg foo > > wk> (assuming a Bourne/POSIX shell) > > one of the paragraphs in my original message that you did not quote > mentions the fact that at least one program (i presume there are more) > has been written to process english gnupg messages. assuming that No program should process GnuPG messages; programs should use the output of --status-fd. If a program needs to process the messages it should reset the locale variables. The test scripts for example do this. > -having the program forcibly specify /bin/sh seems like a > waste of starting up an extra process Giving environment variables for a program is part of the shell syntax. No extra process. > -forcing the user to set an environment variable every time they use gpg > doesn't make sense I can't see a reason to have just gpg emit English messages and other programs use the locale message version. > -having the program try to detect which shell the user uses seems silly Every script uses /bin/sh - it's Posix. Adding just an option to reset an environment variable is no good design IMHO. I know that you will now say something about --homedir vs. GNUPGHOME :-( Werner -- Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 239577-0 Birkenstr. 12 email wk@openit.de D-40233 Düsseldorf http://www.openit.de From wk@gnupg.org Wed Apr 12 08:56:17 2000 From: wk@gnupg.org (Werner Koch) Date: Wed, 12 Apr 2000 10:56:17 +0200 Subject: Observations on GnuPG 1.0.1d In-Reply-To: <00041209090001.09390@brian>; from bgalbraith@penguinpowered.com on Wed, Apr 12, 2000 at 08:49:44AM +0100 References: <00041209090001.09390@brian> Message-ID: <20000412105617.D23984@djebel.gnupg.de> On Wed, 12 Apr 2000, Brian Galbraith wrote: > WARNING: The encryption program returned error code 134514624. > Please close this window when you are done to return to Geheimnis. Run Geheimnis using "strace -f -e process geheimniss" to see who generates this starne return code - for me it looks like a Geheimniss problem. Werner -- Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 239577-0 Birkenstr. 12 email wk@openit.de D-40233 Düsseldorf http://www.openit.de From wk@gnupg.org Wed Apr 12 09:09:17 2000 From: wk@gnupg.org (Werner Koch) Date: Wed, 12 Apr 2000 11:09:17 +0200 Subject: About Symmetric Ciphers. In-Reply-To: ; from rabbi@quickie.net on Tue, Apr 11, 2000 at 11:42:11AM -0700 References: <20000411113112.L31025@djebel.gnupg.de> Message-ID: <20000412110917.G23984@djebel.gnupg.de> On Tue, 11 Apr 2000, L. Sassaman wrote: > What does GnuPG use? 256, right? The OpenPGP WG agreed on 256 Bit. I don't like it but some folks might think this is better for marketing. The probelm that I have with it is that it requires more of those precious random bytes while not giving any extra security - there are so much other parts which actually limit the strength of the encryption (Rubber hose attacks, Weak passphrase, 1024 DSA signatures to bind the key,...) Werner -- Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 239577-0 Birkenstr. 12 email wk@openit.de D-40233 Düsseldorf http://www.openit.de From sen_ml@eccosys.com Wed Apr 12 09:23:50 2000 From: sen_ml@eccosys.com (sen_ml@eccosys.com) Date: Wed, 12 Apr 2000 18:23:50 +0900 Subject: option for specifying lanugage? In-Reply-To: <20000412105341.C23984@djebel.gnupg.de> References: <20000411140814.R31025@djebel.gnupg.de> <20000412090406J.1000@eccosys.com> <20000412105341.C23984@djebel.gnupg.de> Message-ID: <20000412182350B.1000@eccosys.com> thanks for your response -- i'll pass it on to the author of the program. a few comments though... wk> $ LANG=it gpg foo wk> (assuming a Bourne/POSIX shell) > one of the paragraphs in my original message that you did not quote > mentions the fact that at least one program (i presume there are more) > has been written to process english gnupg messages. assuming that wk> No program should process GnuPG messages; programs should use the wk> output of --status-fd. If a program needs to process the messages it wk> should reset the locale variables. The test scripts for example do wk> this. ok -- i'll send this feedback on. > -having the program forcibly specify /bin/sh seems like a > waste of starting up an extra process wk> Giving environment variables for a program is part of the shell wk> syntax. No extra process. i think we are talking about different things here -- or may be i am just confused. > -forcing the user to set an environment variable every time they use gpg > doesn't make sense wk> I can't see a reason to have just gpg emit English messages and other wk> programs use the locale message version. i am not sure what you mean here. thanks for your feedback! From minter@lunenburg.org Wed Apr 12 12:02:31 2000 From: minter@lunenburg.org (H. Wade Minter) Date: Wed, 12 Apr 2000 08:02:31 -0400 (EDT) Subject: Problems with the gnupg 1.0.1 and FreeBSD 3.3 In-Reply-To: Message-ID: I had that problem - banging on the keyboard didn't work for me, since I was coming in over a telnet/SSH link. One thing I found was, before doing the --gen-key, was to run "find / &" to get the disk churning. There was plenty of entropy after that. On Wed, 12 Apr 2000, Dennis Tenn wrote: > I have 2 systems and in both case I'm getting stuck generating key pairs. > I have exhausted my possibilities on www.gnupg.org as well as other gnupg > pages. I've also emailed the FreeBSD gnupg ports maintainer and asked > this same question. The two accounts I have are dstenn@fanfic.org and > dtenn@uu.net. I really hope you can help. > > I have successfully compiled and installed gnupg 1.0.1 but when I run > > gpg --gen-key > > and answer all the questions I get stuck. Here is the out put so far.. > > [/home/dtenn] > jpdata1:dtenn# gpg --gen-key > gpg (GnuPG) 1.0.1; Copyright (C) 1999 Free Software Foundation, Inc. > This program comes with ABSOLUTELY NO WARRANTY. > This is free software, and you are welcome to redistribute it > under certain conditions. See the file COPYING for details. > > gpg: /home/dtenn/.gnupg/secring.gpg: keyring created > gpg: /home/dtenn/.gnupg/pubring.gpg: keyring created > Please select what kind of key you want: > (1) DSA and ElGamal (default) > (2) DSA (sign only) > (4) ElGamal (sign and encrypt) > Your selection? 1 > DSA keypair will have 1024 bits. > About to generate a new ELG-E keypair. > minimum keysize is 768 bits > default keysize is 1024 bits > highest suggested keysize is 2048 bits > Requested keysize is 1024 bits > Please specify how long the key should be valid. > 0 = key does not expire > = key expires in n days > w = key expires in n weeks > m = key expires in n months > y = key expires in n years > Key is valid for? (0) 2y > Key expires at Fri Apr 12 14:32:28 2002 JST > Is this correct (y/n)? y > > You need a User-ID to identify your key; the software constructs the user > id > from Real Name, Comment and Email Address in this form: > "Heinrich Heine (Der Dichter) " > > Real name: Dennis Tenn > Email address: dtenn@uu.net > Comment: > You selected this USER-ID: > "Dennis Tenn " > > Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o > You need a Passphrase to protect your secret key. > > We need to generate a lot of random bytes. It is a good idea to perform > some other action (type on the keyboard, move the mouse, utilize the > disks) during the prime generation; this gives the random number > generator a better chance to gain enough entropy. > +++++.++++++++++.+++++++++++++++++++++++++++++++++++.++++++++++++++++++++++++++++++++++++++++.+++++++++++++++.+++++++++++++++.++++++++++>++++++++++.>..+++++....................................................+++++ > > Not enough random bytes available. Please do some other work to give > the OS a chance to collect more entropy! (Need 18 more bytes) > > Not enough random bytes available. Please do some other work to give > the OS a chance to collect more entropy! (Need 2 more bytes) > > Not enough random bytes available. Please do some other work to give > the OS a chance to collect more entropy! (Need 2 more bytes) > We need to generate a lot of random bytes. It is a good idea to perform > some other action (type on the keyboard, move the mouse, utilize the > disks) during the prime generation; this gives the random number > generator a better chance to gain enough entropy. > ++++++++++..++++++++++.++++++++++..+++++..++++++++++++++++++++.++++++++++.+++++.++++++++++++++++++++.++++++++++.++++++++++++++++++++....++++++++++..>+++++...........................................................+++++^^^ > > Not enough random bytes available. Please do some other work to give > the OS a chance to collect more entropy! (Need 128 more bytes) > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > Dennis Tenn * There will always come a time > dstenn@fanfic.org * When your love will be tested > LICQ# 1457509 * Stand tall and rise to the occasion > * For only then will you grow strong. > * -Anonymous > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > From dstenn@fanfic.org Wed Apr 12 13:21:03 2000 From: dstenn@fanfic.org (Dennis Tenn) Date: Wed, 12 Apr 2000 09:21:03 -0400 (EDT) Subject: Problems with the gnupg 1.0.1 and FreeBSD 3.3 In-Reply-To: Message-ID: Well.. To tell you the truth.. I ran a 'make buildworld' and concurrent 'find / &' and as an update to the problem.. It did finally complete but it took many hours on my P266. This doesn't seem right to me. On Wed, 12 Apr 2000, H. Wade Minter wrote: |I had that problem - banging on the keyboard didn't work for me, since I |was coming in over a telnet/SSH link. One thing I found was, before doing |the --gen-key, was to run "find / &" to get the disk churning. There was |plenty of entropy after that. | |On Wed, 12 Apr 2000, Dennis Tenn wrote: | |> I have 2 systems and in both case I'm getting stuck generating key pairs. |> I have exhausted my possibilities on www.gnupg.org as well as other gnupg |> pages. I've also emailed the FreeBSD gnupg ports maintainer and asked |> this same question. The two accounts I have are dstenn@fanfic.org and |> dtenn@uu.net. I really hope you can help. |> |> I have successfully compiled and installed gnupg 1.0.1 but when I run |> |> gpg --gen-key |> |> and answer all the questions I get stuck. Here is the out put so far.. |> |> [/home/dtenn] |> jpdata1:dtenn# gpg --gen-key |> gpg (GnuPG) 1.0.1; Copyright (C) 1999 Free Software Foundation, Inc. |> Not enough random bytes available. Please do some other work to give |> the OS a chance to collect more entropy! (Need 2 more bytes) |> We need to generate a lot of random bytes. It is a good idea to perform |> some other action (type on the keyboard, move the mouse, utilize the |> disks) during the prime generation; this gives the random number |> generator a better chance to gain enough entropy. |> ++++++++++..++++++++++.++++++++++..+++++..++++++++++++++++++++.++++++++++.+++++.++++++++++++++++++++.++++++++++.++++++++++++++++++++....++++++++++..>+++++...........................................................+++++^^^ |> |> Not enough random bytes available. Please do some other work to give |> the OS a chance to collect more entropy! (Need 128 more bytes) -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Dennis Tenn * There will always come a time dstenn@fanfic.org * When your love will be tested LICQ# 1457509 * Stand tall and rise to the occasion * For only then will you grow strong. * -Anonymous -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From Jos Backus Wed Apr 12 13:59:07 2000 From: Jos Backus (Jos Backus) Date: Wed, 12 Apr 2000 15:59:07 +0200 Subject: Problems with the gnupg 1.0.1 and FreeBSD 3.3 In-Reply-To: ; from dstenn@fanfic.org on Wed, Apr 12, 2000 at 09:21:03AM -0400 References:

Message-ID: <20000412155907.D95883@hal.mpn.cp.philips.com> On Wed, Apr 12, 2000 at 09:21:03AM -0400, Dennis Tenn wrote: > Well.. To tell you the truth.. I ran a 'make buildworld' and concurrent > 'find / &' and as an update to the problem.. It did finally complete but > it took many hours on my P266. This doesn't seem right to me. Indeed. Did you configure any entropy sources using rndcontrol(8)? If not, try doing vmstat -i and configure those IRQs which have a decent rate. Be sure _not_ to use those associated with clk* and rtc*. This is on a system here: # vmstat -i interrupt total rate clk0 irq0 173824877 99 rtc0 irq8 222501722 128 pci irq10 26115597 15 pci irq11 17550519 10 pci irq5 115171 0 fdc0 irq6 1 0 Total 440107887 253 # rndcontrol rndcontrol: interrupts in use: 10 11 # Here, ``gpg --gen-key'' works fine. Hth, -- Jos Backus _/ _/_/_/ "Reliability means never _/ _/ _/ having to say you're sorry." _/ _/_/_/ -- D. J. Bernstein _/ _/ _/ _/ Jos.Backus@nl.origin-it.com _/_/ _/_/_/ use Std::Disclaimer; From dstenn@fanfic.org Wed Apr 12 19:50:39 2000 From: dstenn@fanfic.org (Dennis Tenn) Date: Wed, 12 Apr 2000 15:50:39 -0400 (EDT) Subject: Problems with the gnupg 1.0.1 and FreeBSD 3.3 In-Reply-To: <20000412155907.D95883@hal.mpn.cp.philips.com> Message-ID: Thank you Jos. This was it exactly. I checked vmstat and used irqs that would provide me with activity. As expected, the gpg key generation process flew by and I was left with a key pair in less than a minute. This should be included in the FAQ IMHO. Thank you to all. I'm happily exchanging encrypted email now. On Wed, 12 Apr 2000, Jos Backus wrote: |On Wed, Apr 12, 2000 at 09:21:03AM -0400, Dennis Tenn wrote: |> Well.. To tell you the truth.. I ran a 'make buildworld' and concurrent |> 'find / &' and as an update to the problem.. It did finally complete but |> it took many hours on my P266. This doesn't seem right to me. | |Indeed. Did you configure any entropy sources using rndcontrol(8)? If not, try |doing | | vmstat -i | |and configure those IRQs which have a decent rate. Be sure _not_ to use those |associated with clk* and rtc*. | |This is on a system here: | |# vmstat -i |interrupt total rate |clk0 irq0 173824877 99 |rtc0 irq8 222501722 128 |pci irq10 26115597 15 |pci irq11 17550519 10 |pci irq5 115171 0 |fdc0 irq6 1 0 |Total 440107887 253 |# rndcontrol |rndcontrol: interrupts in use: 10 11 |# | |Here, ``gpg --gen-key'' works fine. | |Hth, -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Dennis Tenn * There will always come a time dstenn@fanfic.org * When your love will be tested LICQ# 1457509 * Stand tall and rise to the occasion * For only then will you grow strong. * -Anonymous -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From pschoonveld@venux.net Wed Apr 12 20:54:50 2000 From: pschoonveld@venux.net (Patrick Schoonveld) Date: Wed, 12 Apr 2000 16:54:50 -0400 Subject: GPL & GnuPG Message-ID: <38F4E29A.D777FF98@venux.net> List members: I am interested in utilizing GnuPG in an existing windows app that my firm has developed. In particular, we would like to use it to generate license keys for the product. Here is the stickler: There is no way my boss will let me GPL the product. Hence, I need to fully understand the ways of the GPL before I use it. So, let me ask you this: If I use GnuPG as a library to an existing program (merely calling its functions as if it were a seperate executable), would I be required to GPL my software. If this is not the place to ask such questions, where would you recommend? Thanks, Patrick -- "When the going gets weird, the weird turn pro..." -- Hunter S. Thompson From zerohazard@hotmail.com Thu Apr 13 14:08:15 2000 From: zerohazard@hotmail.com (Kathryn Verdoorn) Date: Thu, 13 Apr 2000 14:08:15 GMT Subject: Building Gnupg on SCO 7.1 Message-ID: <20000413140815.62079.qmail@hotmail.com> I am currently in the situation of building the GNU compiler so that I may build and install the Gnupg program. However, the build program for the GNU compiler errors out while in the second stage. Id there anything different I can do to get around this? Please CC me in the response. Thanks, Kathryn ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From wk@gnupg.org Thu Apr 13 16:02:08 2000 From: wk@gnupg.org (Werner Koch) Date: Thu, 13 Apr 2000 18:02:08 +0200 Subject: GPL & GnuPG In-Reply-To: <38F4E29A.D777FF98@venux.net>; from pschoonveld@venux.net on Wed, Apr 12, 2000 at 04:54:50PM -0400 References: <38F4E29A.D777FF98@venux.net> Message-ID: <20000413180208.U23984@djebel.gnupg.de> --0OAP2g/MAC+5xKAE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, 12 Apr 2000, Patrick Schoonveld wrote: > I am interested in utilizing GnuPG in an existing windows app that my > firm has developed. In particular, we would like to use it to generate > license keys for the product. ^^^^^^^^^^^^ For what are these good?! Sorry, I won't support such mechanisms and it is sad enough that you can use gpg to do this (if it is a different process and you promise to deliver the source of gpg) Werner --=20 Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 239577-0 Birkenstr. 12 email wk@openit.de D-40233 Duesseldorf http://www.openit.de --0OAP2g/MAC+5xKAE Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE49e9/bH7huGIcwBMRAsFcAKCnnpiueN8pPduHnZEUbqP9mfuEvACgyy9G Fpa+OCgNSd7TKUvuJgvbNmA= =tZ1S -----END PGP SIGNATURE----- --0OAP2g/MAC+5xKAE-- From johanw@vulcan.xs4all.nl Thu Apr 13 17:27:14 2000 From: johanw@vulcan.xs4all.nl (Johan Wevers) Date: Thu, 13 Apr 2000 19:27:14 +0200 (MET DST) Subject: About Symmetric Ciphers. In-Reply-To: <20000412110917.G23984@djebel.gnupg.de> from Werner Koch at "Apr 12, 2000 11:09:17 am" Message-ID: <200004131727.TAA07087@vulcan.xs4all.nl> Werner Koch wrote: > The OpenPGP WG agreed on 256 Bit. I don't like it but some folks > might think this is better for marketing. The probelm that I have > with it is that it requires more of those precious random bytes while > not giving any extra security - there are so much other parts which > actually limit the strength of the encryption (Rubber hose attacks, > Weak passphrase, 1024 DSA signatures to bind the key,...) Except from the rubber hose attacks it might be usefull for symmetric encryption only. I store some files encrypted but only encrypted with a symmetric key. I don't see the need for the asymmetric cypher for personal archival purposes. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From rabbi@quickie.net Thu Apr 13 19:44:43 2000 From: rabbi@quickie.net (L. Sassaman) Date: Thu, 13 Apr 2000 12:44:43 -0700 (PDT) Subject: Compatibility In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 11 Apr 2000, Jean Claude Wishard wrote: > I was wondering if anyone can tell me if NAI 6.5.2 pgp is compatible with > gnupg 1.0.0. I am trying to encrypt files with gnupg on a linux server and > send them to a nt machine with NAI 6.5.2 pgp. It seems like there > incompatible because the nt machine is having trouble decrypting the files. > Anyone have any advice? Be sure you are using a cipher that both products can understand. 3DES is the most logical, since it is required by RFC 2440. CAST is the default cipher in PGP, and Blowfish in GnuPG. PGP does not implement Blowfish, so this is most likely your problem. - --Len. __ L. Sassaman System Administrator | "All of the chaos Technology Consultant | Makes perfect sense..." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Joe Diffie -----BEGIN PGP SIGNATURE----- Comment: For info see http://www.gnupg.org iEYEARECAAYFAjj2I7oACgkQPYrxsgmsCmqzgQCgldDZpC0vO2VhcK0SrIJWZyYr jN0AoPQ863QzHrtnXHz/rvHhoy6Air22 =UWZr -----END PGP SIGNATURE----- From p99jlu@physto.se Thu Apr 13 20:32:46 2000 From: p99jlu@physto.se (Johan Lundberg) Date: Thu, 13 Apr 2000 22:32:46 +0200 (CEST) Subject: Compatibility In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 13 Apr 2000, L. Sassaman wrote: >Be sure you are using a cipher that both products can understand. 3DES is >the most logical, since it is required by RFC 2440. CAST is the default >cipher in PGP, and Blowfish in GnuPG. PGP does not implement Blowfish, so >this is most likely your problem. So, why does GPG default to something that pgp cant handle? /johan __________________________________________________ MAIL:p99jlu@physto.se Johan Lundberg HTTP://www.physto.se/~p99jlu 17764 Jarfalla +46(0)8-580 17259 PGP: 0xD3A0A0E5 Vibblabyv. 28 B847 687B 8971 0AAC 1C29 DBA1 AB5F 664F D3A0 A0E5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE49i8Aq19mT9OgoOURAsseAJ4q8wd80u92qcQFrfDMt2RIpQL+OgCfazeq VJyopdHquN+rLjY9osLdK/0= =Elz7 -----END PGP SIGNATURE----- From lazarus@overdue.ompages.com Thu Apr 13 20:58:12 2000 From: lazarus@overdue.ompages.com (Lazarus Long) Date: Thu, 13 Apr 2000 20:58:12 +0000 Subject: Compatibility In-Reply-To: ; from p99jlu@physto.se on Thu, Apr 13, 2000 at 10:32:46PM +0200 References:

Message-ID: <20000413205812.A6988@overdue.dhis.net> --Kj7319i9nmIyA2yE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Apr 13, 2000 at 10:32:46PM +0200, Johan Lundberg wrote: > On Thu, 13 Apr 2000, L. Sassaman wrote: >=20 > >Be sure you are using a cipher that both products can understand. 3DES = is > >the most logical, since it is required by RFC 2440. CAST is the default > >cipher in PGP, and Blowfish in GnuPG. PGP does not implement Blowfish, = so > >this is most likely your problem. >=20 > So, why does GPG default to something that pgp cant handle? So why does PGP default to something that GnuPG can't handle? The point is to be compatible with the spec (the RFC) not with some commercial software. If some commercial software, any commercial software, happens to be compliant with the RFC, then interoperability should be possible. That's one of the reasons for compliance with standards. However, I am now curious why the commercial (NAI) PGP doesn't support open source Blowfish. But, being a commercial endeavor, I suppose I should not care very much what they (NAI) do or do not support. As long as GnuPG remains standards-compliant I should be happy. The fact that NAI chose to make their product noncompliant with the standard (in another manner) is deplorable (in my opinion.) They are certainly not something to be emulated. --=20 Please (OpenPGP) encrypt all mail whenever possible. Request the following Public Keys for Lazarus Long Type Bits/KeyID Fingerprint DSA KeyID: vvvv vvvv ElGamal: 2048g/41783186 47A0 0929 CD9F B53E 49C0 F06C 560E F574 ED0D F80C --Kj7319i9nmIyA2yE Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: Now ready for primetime! http://www.gnupg.org iD8DBQE49jTkVg71dO0N+AwRAhn2AJ0cZEV1bdBTIXHozAxGpP77CjvcWACeMMfI M+Dr/TGPVee3x9nMok3hiZM= =kxaj -----END PGP SIGNATURE----- --Kj7319i9nmIyA2yE-- From jsaylor@mediaone.net Thu Apr 13 21:29:05 2000 From: jsaylor@mediaone.net (John Saylor) Date: 13 Apr 2000 17:29:05 -0400 Subject: Compatibility In-Reply-To: Johan Lundberg's message of "Thu, 13 Apr 2000 22:32:46 +0200 (CEST)" References: Message-ID: Hi >>>>> "JL" == Johan Lundberg writes: JL> On Thu, 13 Apr 2000, L. Sassaman wrote: >> PGP does not implement Blowfish, so this is most likely >> your problem. JL> So, why does GPG default to something that pgp cant handle? It's a long story. Blowfish is a fast and secure [so far] algorithm. You'd have to ask NAI why they don't implement it. -- \js SHHHH!! I hear SIX TATTOOED TRUCK-DRIVERS tossing ENGINE BLOCKS into empty OIL DRUMS.. From jdoyle@ikena.com Thu Apr 13 22:00:15 2000 From: jdoyle@ikena.com (John Doyle) Date: Thu, 13 Apr 2000 22:00:15 +0000 Subject: Hacking the public key functions Message-ID: <38F6436F.B354A8EA@ikena.com> Hi, I am interested in using the public key functions of the GNUPG. I notice that there is no example of how to do this given in the ..doc/HACKING. Is there anyplace I could get an example of using these funcitons. Thanks, J.c.D -- *************************** ** John c Doyle ** ** ikena, inc. ** ** P) 617-252-3719 x269 ** ** F) 815-366-5794 ** ** E) jdoyle@ikena.com ** ** 215 First Street ** ** Cambridge, MA 02142 ** *************************** From rabbi@quickie.net Thu Apr 13 21:54:22 2000 From: rabbi@quickie.net (L. Sassaman) Date: Thu, 13 Apr 2000 14:54:22 -0700 (PDT) Subject: Compatibility In-Reply-To: <20000413205812.A6988@overdue.dhis.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 13 Apr 2000, Lazarus Long wrote: > On Thu, Apr 13, 2000 at 10:32:46PM +0200, Johan Lundberg wrote: > > On Thu, 13 Apr 2000, L. Sassaman wrote: > > > > >Be sure you are using a cipher that both products can understand. 3DES is > > >the most logical, since it is required by RFC 2440. CAST is the default > > >cipher in PGP, and Blowfish in GnuPG. PGP does not implement Blowfish, so > > >this is most likely your problem. > > > > So, why does GPG default to something that pgp cant handle? > > So why does PGP default to something that GnuPG can't handle? > > The point is to be compatible with the spec (the RFC) not with some > commercial software. If some commercial software, any commercial > software, happens to be compliant with the RFC, then interoperability > should be possible. That's one of the reasons for compliance with > standards. I personally believe that defaulting to 3DES would make sense, for any OpenPGP product. But that's just a personal opinion. And I think that being compatable with the other OpenPGP implementations is imporant... > However, I am now curious why the commercial (NAI) PGP doesn't support > open source Blowfish. But, being a commercial endeavor, I suppose I > should not care very much what they (NAI) do or do not support. As long > as GnuPG remains standards-compliant I should be happy. The fact that NAI > chose to make their product noncompliant with the standard (in another > manner) is deplorable (in my opinion.) They are certainly not something > to be emulated. Okay, get your facts straight. Aside from the photo-id packet issue, which would have/should have been in the RFC had it not been brought up rather late in the cycle, PGP is compatable with RFC 2440. If someone knows of any other issue of non-compliance, please let me know. PGP 5.x is not compliant. Why? There was no standard to comply *with*. So I don't care about 5.x violations. Show me 6.0 non-compliance issues, other than the photo-id packet. Please. (And by the way, OpenPGP *is* an emulation of PGP Inc.'s product. ;) ) As for the reasons for not implementing Blowfish, that's simple. It isn't necessary. PGP implements all the MUST and SHOULD algorithms. Incidently, GnuPG doesn't; implementing IDEA and RSA are SHOULDs. I understand Werner's reasoning, and I am sure that RSA support will be present as soon as the patent expires. Adding Blowfish wouldn't give the user anything more than they already have, in my opinion. CAST5, 3DES, IDEA, and Twofish are more than suffient. Note, also, that GnuPG does not use DSS by default. The jury is still out on the effectiveness of RIPEMD160 in place of SHA-1 when used with DSA. It could be just as secure, but "could be's" are not usually something you want to mess with in cryptography. - --Len. __ L. Sassaman System Administrator | "All of the chaos Technology Consultant | Makes perfect sense..." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Joe Diffie -----BEGIN PGP SIGNATURE----- Comment: For info see http://www.gnupg.org iEYEARECAAYFAjj2QhcACgkQPYrxsgmsCmq60QCfQSSCVPDzHKllqc4FyWQ0dIPq x40AoJQZAAJqfPm8OuGiGAcGmAmyXsXs =8taK -----END PGP SIGNATURE----- From rabbi@quickie.net Thu Apr 13 22:15:45 2000 From: rabbi@quickie.net (L. Sassaman) Date: Thu, 13 Apr 2000 15:15:45 -0700 (PDT) Subject: Compatibility In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 13 Apr 2000, L. Sassaman wrote: > Note, also, that GnuPG does not use DSS by default. The jury is still out > on the effectiveness of RIPEMD160 in place of SHA-1 when used with DSA. It > could be just as secure, but "could be's" are not usually something you > want to mess with in cryptography. And I meant to continue and say that PGP doesn't recognise signatures made with DSA that don't comply with DSS. Thus, you can use RIPEMD160 with RSA, but if used with DSA (the default in GnuPG) it will result in a "BAD SIG" warning if verified with PGP. - --Len. __ L. Sassaman System Administrator | "All of the chaos Technology Consultant | Makes perfect sense..." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Joe Diffie -----BEGIN PGP SIGNATURE----- Comment: For info see http://www.gnupg.org iEYEARECAAYFAjj2RxoACgkQPYrxsgmsCmp6OQCeITOp+/qhoDpDarzOtjc2AuzU TKcAn20WZF130X1pdFsBvDvbbwjqhiGS =t+1V -----END PGP SIGNATURE----- From mjinks@midway.uchicago.edu Fri Apr 14 05:34:01 2000 From: mjinks@midway.uchicago.edu (Michael Jinks) Date: Fri, 14 Apr 2000 00:34:01 -0500 Subject: Compiling on RH-6.2/SPARC Message-ID: <20000414003401.B387@harper.uchicago.edu> Hi-ho. Arch-newbie, here, but I couldn't find anything about this in the docs or in the mailing list archives... My system is a freshly-installed RedHat 6.2 on a Sun Ultra-5: [mjinks@embley gnupg-1.0.1]$ uname -a Linux embley 2.2.14-5.0 #1 Tue Mar 7 21:50:41 EST 2000 sparc64 unknown [mjinks@embley mjinks]$ gcc -v Reading specs from /usr/lib/gcc-lib/sparc-redhat-linux/egcs-2.91.66/specs gcc version egcs-2.91.66 19990314/Linux (egcs-1.1.2 release) [mjinks@embley mjinks]$ ld -v GNU ld version 2.9.5 (with BFD 2.9.5.0.22) I'm trying to install gpg version 1.0.1; worked fine just a few minutes ago on my box at home (RH 6.1-intel), but here I have trouble. The compile dies with this output: Making all in tools make[2]: Entering directory `/home/mjinks/src/gnupg-1.0.1/tools' gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../intl -g -O2 -Wall -c mpicalc.c gcc -g -O2 -Wall -o mpicalc mpicalc.o ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a -lz -ldl -lnsl -lgdbm -lnsl ../mpi/libmpi.a(mpih-div.o): In function `mpihelp_mod_1': /home/mjinks/src/gnupg-1.0.1/mpi/mpih-div.c:86: undefined reference to `__udiv_qrnnd' /home/mjinks/src/gnupg-1.0.1/mpi/mpih-div.c:123: undefined reference to `__udiv_qrnnd' /home/mjinks/src/gnupg-1.0.1/mpi/mpih-div.c:185: undefined reference to `__udiv_qrnnd' ../mpi/libmpi.a(mpih-div.o): In function `mpihelp_divrem': /home/mjinks/src/gnupg-1.0.1/mpi/mpih-div.c:237: undefined reference to `__udiv_qrnnd' /home/mjinks/src/gnupg-1.0.1/mpi/mpih-div.c:241: undefined reference to `__udiv_qrnnd' ../mpi/libmpi.a(mpih-div.o):/home/mjinks/src/gnupg-1.0.1/mpi/mpih-div.c:289: more undefined references to `__udiv_qrnnd' follow collect2: ld returned 1 exit status make[2]: *** [mpicalc] Error 1 make[2]: Leaving directory `/home/mjinks/src/gnupg-1.0.1/tools' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/mjinks/src/gnupg-1.0.1' make: *** [all-recursive-am] Error 2 Now, I notice that the tail end of the ./configure script prints these messages, which might maybe be relevant but I'm not sure of their significance: creating config.h linking ./mpi/sparc32/mpih-add1.S to mpi/mpih-add1.S linking ./mpi/sparc32v8/mpih-mul1.S to mpi/mpih-mul1.S linking ./mpi/sparc32v8/mpih-mul2.S to mpi/mpih-mul2.S linking ./mpi/sparc32v8/mpih-mul3.S to mpi/mpih-mul3.S linking ./mpi/sparc32/mpih-lshift.S to mpi/mpih-lshift.S linking ./mpi/sparc32/mpih-rshift.S to mpi/mpih-rshift.S linking ./mpi/generic/mpih-sub1.c to mpi/mpih-sub1.c g10defs.h created Went looking and I see that there is a ./mpi/supersparc/, but no sparc64, for example; is this even relevant to my problem? Is this a known issue? Anybody else run up against this? TIA, -m -- Michael Jinks, IB Systems Administrator, Chicago Center for Computational Psychology finger mjinks@embley.spc.uchicago.edu for public key " From wk@gnupg.org Fri Apr 14 07:59:59 2000 From: wk@gnupg.org (Werner Koch) Date: Fri, 14 Apr 2000 09:59:59 +0200 Subject: Compatibility In-Reply-To: ; from rabbi@quickie.net on Thu, Apr 13, 2000 at 12:44:43PM -0700 References:

Message-ID: <20000414095959.X23984@djebel.gnupg.de> On Thu, 13 Apr 2000, L. Sassaman wrote: > Be sure you are using a cipher that both products can understand. 3DES is > the most logical, since it is required by RFC 2440. CAST is the default > cipher in PGP, and Blowfish in GnuPG. PGP does not implement Blowfish, so > this is most likely your problem. IIRC, PGP 5.0beta something did implement Blowfish and created preferences to it. -- Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 239577-0 Birkenstr. 12 email wk@openit.de D-40233 Duesseldorf http://www.openit.de From wk@gnupg.org Fri Apr 14 08:25:43 2000 From: wk@gnupg.org (Werner Koch) Date: Fri, 14 Apr 2000 10:25:43 +0200 Subject: About Symmetric Ciphers. In-Reply-To: <200004131727.TAA07087@vulcan.xs4all.nl>; from johanw@vulcan.xs4all.nl on Thu, Apr 13, 2000 at 07:27:14PM +0200 References: <20000412110917.G23984@djebel.gnupg.de> <200004131727.TAA07087@vulcan.xs4all.nl> Message-ID: <20000414102543.B23984@djebel.gnupg.de> On Thu, 13 Apr 2000, Johan Wevers wrote: > > The OpenPGP WG agreed on 256 Bit. I don't like it but some folks > encryption only. I store some files encrypted but only encrypted with > a symmetric key. I don't see the need for the asymmetric cypher for > personal archival purposes. Just curious how you achieve to create and remember a passphrase yielding enough entropy for a 256 bit key, this seems impossible for me without a hardware token. Werner -- Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 239577-0 Birkenstr. 12 email wk@openit.de D-40233 Duesseldorf http://www.openit.de From wk@gnupg.org Fri Apr 14 08:46:13 2000 From: wk@gnupg.org (Werner Koch) Date: Fri, 14 Apr 2000 10:46:13 +0200 Subject: Compatibility In-Reply-To: ; from rabbi@quickie.net on Thu, Apr 13, 2000 at 02:54:22PM -0700 References: <20000413205812.A6988@overdue.dhis.net> Message-ID: <20000414104613.C23984@djebel.gnupg.de> On Thu, 13 Apr 2000, L. Sassaman wrote: > about 5.x violations. Show me 6.0 non-compliance issues, other than the > photo-id packet. Please. (And by the way, OpenPGP *is* an emulation of PGP > Inc.'s product. ;) ) There used to be a signature subpacket with some X.509 data, the subpacket number was not in the private/experimenatl range and not specified by OpenPGP. > Note, also, that GnuPG does not use DSS by default. The jury is still out > on the effectiveness of RIPEMD160 in place of SHA-1 when used with DSA. It Hmmm? just did a simple test without any special options (gpg -s hallo): $ gpg --list-packets hallo.gpg :compressed packet: algo=1 :onepass_sig packet: keyid 6C7EE1B8621CC013 version 3, sigclass 00, digest 2, pubkey 17, last=1 :literal data packet: mode b, created 955701015, name="hallo", raw data: 6 bytes :signature packet: algo 17, keyid 6C7EE1B8621CC013 version 3, created 955701015, md5len 5, sigclass 00 digest algo 2, begin of digest bf b4 data: [158 bits] data: [160 bits] digest algo 2 is SHA-1, so it looks very much like DSS; I have to confess that the GnuPG does not use the recommended prosecure for key generation. -- Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 239577-0 Birkenstr. 12 email wk@openit.de D-40233 Duesseldorf http://www.openit.de From rabbi@quickie.net Fri Apr 14 08:43:15 2000 From: rabbi@quickie.net (L. Sassaman) Date: Fri, 14 Apr 2000 01:43:15 -0700 (PDT) Subject: Compatibility In-Reply-To: <20000414095959.X23984@djebel.gnupg.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 14 Apr 2000, Werner Koch wrote: > On Thu, 13 Apr 2000, L. Sassaman wrote: > > > Be sure you are using a cipher that both products can understand. 3DES is > > the most logical, since it is required by RFC 2440. CAST is the default > > cipher in PGP, and Blowfish in GnuPG. PGP does not implement Blowfish, so > > this is most likely your problem. > > IIRC, PGP 5.0beta something did implement Blowfish and created > preferences to it. Hrmm. Possibly. But I don't believe that any release version of PGP ever implemented it, and I know that 6.x and up doesn't, because it is't in the SDK. __ L. Sassaman System Administrator | "All of the chaos Technology Consultant | Makes perfect sense..." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Joe Diffie -----BEGIN PGP SIGNATURE----- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE49topPYrxsgmsCmoRAoaMAJwPcRIv0a/NZfz/ivetURegYC6BBgCgpU/D z5TTTvhftJuUN+ygimRk4mY= =eyQW -----END PGP SIGNATURE----- From rabbi@quickie.net Fri Apr 14 08:44:20 2000 From: rabbi@quickie.net (L. Sassaman) Date: Fri, 14 Apr 2000 01:44:20 -0700 (PDT) Subject: About Symmetric Ciphers. In-Reply-To: <20000414102543.B23984@djebel.gnupg.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 14 Apr 2000, Werner Koch wrote: > Just curious how you achieve to create and remember a passphrase > yielding enough entropy for a 256 bit key, this seems impossible for > me without a hardware token. Ah, but it's such a warm, fuzzy feeling know think that one has a 256 bit key! __ L. Sassaman System Administrator | "All of the chaos Technology Consultant | Makes perfect sense..." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Joe Diffie -----BEGIN PGP SIGNATURE----- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE49tprPYrxsgmsCmoRAvLaAKDzdafYXq1bCi+okECYi2VJC9TwYQCglf+3 Vx1a05VX1ec14uGhUK1VR84= =JtHK -----END PGP SIGNATURE----- From wk@gnupg.org Fri Apr 14 09:06:37 2000 From: wk@gnupg.org (Werner Koch) Date: Fri, 14 Apr 2000 11:06:37 +0200 Subject: Compatibility In-Reply-To: ; from jsaylor@mediaone.net on Thu, Apr 13, 2000 at 05:29:05PM -0400 References: Message-ID: <20000414110637.D23984@djebel.gnupg.de> On Thu, 13 Apr 2000, John Saylor wrote: > It's a long story. Blowfish is a fast and secure [so far] > algorithm. You'd have to ask NAI why they don't implement it. For encryption it is relly simple: If you encrypt for a key, an OpenPGP implemenation does an intersection between the list of algorithm it implements and the ones foun in the key of the recipient. This intersection will never be empty becuase 3DES is implicty available. So, if you created a key with a preference including Blowfish, any OpenPGP implemenation may decide to use Blowfish for encryption. Yes, I know, there should be a more easy way to change preferences, without editing gpg source. Preferences don't work with signatures of course. Werner -- Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 239577-0 Birkenstr. 12 email wk@openit.de D-40233 Duesseldorf http://www.openit.de From wk@gnupg.org Fri Apr 14 09:08:30 2000 From: wk@gnupg.org (Werner Koch) Date: Fri, 14 Apr 2000 11:08:30 +0200 Subject: Hacking the public key functions In-Reply-To: <38F6436F.B354A8EA@ikena.com>; from jdoyle@ikena.com on Thu, Apr 13, 2000 at 10:00:15PM +0000 References: <38F6436F.B354A8EA@ikena.com> Message-ID: <20000414110830.E23984@djebel.gnupg.de> On Thu, 13 Apr 2000, John Doyle wrote: > I am interested in using the public key functions of > the GNUPG. I notice that there is no example of how to do this > given in the ..doc/HACKING. Is there anyplace I could get an example > of using these funcitons. Yes, get the head brach of gpg out of CVS and use libgcrypt. IIRC, there is some documentation. Get gsti or gnutls to see usage examples. Werner -- Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 239577-0 Birkenstr. 12 email wk@openit.de D-40233 Duesseldorf http://www.openit.de From wk@gnupg.org Fri Apr 14 09:13:31 2000 From: wk@gnupg.org (Werner Koch) Date: Fri, 14 Apr 2000 11:13:31 +0200 Subject: Compiling on RH-6.2/SPARC In-Reply-To: <20000414003401.B387@harper.uchicago.edu>; from mjinks@midway.uchicago.edu on Fri, Apr 14, 2000 at 12:34:01AM -0500 References: <20000414003401.B387@harper.uchicago.edu> Message-ID: <20000414111331.F23984@djebel.gnupg.de> On Fri, 14 Apr 2000, Michael Jinks wrote: > Linux embley 2.2.14-5.0 #1 Tue Mar 7 21:50:41 EST 2000 sparc64 unknown > /home/mjinks/src/gnupg-1.0.1/mpi/mpih-div.c:86: undefined reference to `__udiv_qrnnd' I have no more access to an UltraSparc, but there might be some fixes in 1.0.1d. It used to run on the very first sold UltraPenguin box here in Germany, quite a while back. Werner -- Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 239577-0 Birkenstr. 12 email wk@openit.de D-40233 Duesseldorf http://www.openit.de From rabbi@quickie.net Fri Apr 14 09:17:20 2000 From: rabbi@quickie.net (L. Sassaman) Date: Fri, 14 Apr 2000 02:17:20 -0700 (PDT) Subject: Compatibility In-Reply-To: <20000414104613.C23984@djebel.gnupg.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 14 Apr 2000, Werner Koch wrote: > On Thu, 13 Apr 2000, L. Sassaman wrote: > > > about 5.x violations. Show me 6.0 non-compliance issues, other than the > > photo-id packet. Please. (And by the way, OpenPGP *is* an emulation of PGP > > Inc.'s product. ;) ) > > There used to be a signature subpacket with some X.509 data, the > subpacket number was not in the private/experimenatl range and not > specified by OpenPGP. > > > Note, also, that GnuPG does not use DSS by default. The jury is still out > > on the effectiveness of RIPEMD160 in place of SHA-1 when used with DSA. It > > Hmmm? just did a simple test without any special options (gpg -s hallo): [snip example] > digest algo 2 is SHA-1, so it looks very much like DSS; I have to > confess that the GnuPG does not use the recommended prosecure for key > generation. Okay, I stand corrected. I must confess, I didn't test it... I just assumed from the man page that RIPEMD160 was the default: --s2k-digest-algo name Use name as the digest algorithm used to mangle the passphrases. The default algorithm is RIPE- MD-160. This digest algorithm is also used for conventional encryption if --digest-algo is not given. ... but then of course when I went back and checked it again, I realized I had thought I was looking at "--digest-algo". Oops. But the point is still valid to those who wish to tweak their settings for no reason: using RIPEMD160 instead of SHA-1 with DSA keys makes them not DSS. It is my recommendation that people use SHA-1 with DSA keys unless at some point they are given good reason not to trust SHA-1. - --Len. __ L. Sassaman System Administrator | "All of the chaos Technology Consultant | Makes perfect sense..." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Joe Diffie -----BEGIN PGP SIGNATURE----- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE49uInPYrxsgmsCmoRAvWdAKDfBESlEhsmmgRozlpE/E6G1JUl6ACghNPo 0zBFAPBxhK2LNtX2XIyAzCs= =qeSv -----END PGP SIGNATURE----- From wk@gnupg.org Fri Apr 14 09:32:54 2000 From: wk@gnupg.org (Werner Koch) Date: Fri, 14 Apr 2000 11:32:54 +0200 Subject: Compatibility In-Reply-To: ; from rabbi@quickie.net on Fri, Apr 14, 2000 at 02:17:20AM -0700 References: <20000414104613.C23984@djebel.gnupg.de> Message-ID: <20000414113254.G23984@djebel.gnupg.de> On Fri, 14 Apr 2000, L. Sassaman wrote: > But the point is still valid to those who wish to tweak their settings for > no reason: using RIPEMD160 instead of SHA-1 with DSA keys makes them not > DSS. It is my recommendation that people use SHA-1 with DSA keys unless at > some point they are given good reason not to trust SHA-1. Most banks here in Germany prefer RIPEMD160 over SHA1; I don't know why ;-) -- Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 239577-0 Birkenstr. 12 email wk@openit.de D-40233 Duesseldorf http://www.openit.de From rabbi@quickie.net Fri Apr 14 09:23:16 2000 From: rabbi@quickie.net (L. Sassaman) Date: Fri, 14 Apr 2000 02:23:16 -0700 (PDT) Subject: Compatibility In-Reply-To: <20000414110637.D23984@djebel.gnupg.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 14 Apr 2000, Werner Koch wrote: > On Thu, 13 Apr 2000, John Saylor wrote: > > > It's a long story. Blowfish is a fast and secure [so far] > > algorithm. You'd have to ask NAI why they don't implement it. > > For encryption it is relly simple: If you encrypt for a key, an > OpenPGP implemenation does an intersection between the list of > algorithm it implements and the ones foun in the key of the recipient. > This intersection will never be empty becuase 3DES is implicty > available. > > So, if you created a key with a preference including Blowfish, any > OpenPGP implemenation may decide to use Blowfish for encryption. Remember, though, that creating a key with the preferences of one OpenPGP implementation may cause you some trouble if you then use that key with an OpenPGP implementation that doesn't support some of those ciphers you had specified as accepted in the key. And example: Key is generated with GnuPG. Blowfish is preferred. Key is then moved to system using PGP. Public key is given to someone using GnuPG. Message is sent, using Blowfish (on account of the prefs). The recipient cannot view the message, because PGP doesn't have Blowfish. This seems to be a FAQ on this and the PGP-Users lists. As it doesn't look like Blowfish is going to be implemented in PGP, I'd like to see GnuPG give the option to exclude it from the preferences when keys are generated in GnuPG. - --Len. __ L. Sassaman System Administrator | "All of the chaos Technology Consultant | Makes perfect sense..." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Joe Diffie -----BEGIN PGP SIGNATURE----- Comment: For info see http://www.gnupg.org iEYEARECAAYFAjj2440ACgkQPYrxsgmsCmqPXACeKsSMKXuUhxNXoN48R6Z6v/f5 DC0AoK3b9f4aYzkLdO0e+PVrzeSuwC5S =n9zV -----END PGP SIGNATURE----- From wk@gnupg.org Fri Apr 14 09:49:46 2000 From: wk@gnupg.org (Werner Koch) Date: Fri, 14 Apr 2000 11:49:46 +0200 Subject: Compatibility In-Reply-To: ; from rabbi@quickie.net on Fri, Apr 14, 2000 at 02:23:16AM -0700 References: <20000414110637.D23984@djebel.gnupg.de> Message-ID: <20000414114946.H23984@djebel.gnupg.de> On Fri, 14 Apr 2000, L. Sassaman wrote: > As it doesn't look like Blowfish is going to be implemented in PGP, I'd > like to see GnuPG give the option to exclude it from the preferences when > keys are generated in GnuPG. No. -- Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 239577-0 Birkenstr. 12 email wk@openit.de D-40233 Duesseldorf http://www.openit.de From rabbi@quickie.net Fri Apr 14 09:46:01 2000 From: rabbi@quickie.net (L. Sassaman) Date: Fri, 14 Apr 2000 02:46:01 -0700 (PDT) Subject: Compatibility In-Reply-To: <20000414104613.C23984@djebel.gnupg.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 14 Apr 2000, Werner Koch wrote: > On Thu, 13 Apr 2000, L. Sassaman wrote: > > > about 5.x violations. Show me 6.0 non-compliance issues, other than the > > photo-id packet. Please. (And by the way, OpenPGP *is* an emulation of PGP > > Inc.'s product. ;) ) > > There used to be a signature subpacket with some X.509 data, the > subpacket number was not in the private/experimenatl range and not > specified by OpenPGP. This is an X.509 certificate: :signature packet: algo 100, keyid 0000000000000000 version 4, created 952495317, md5len 0, sigclass 10 digest algo 2, begin of digest 00 00 hashed subpkt 2 len 5 (sig created 2000-03-08) hashed subpkt 3 len 5 (sig expires after 10y0d0h0m) hashed subpkt 100 len 995 (?) unknown algorithm 100 I don't know about previous versions, but in 6.5.3 it is subpacket number 100 (internal or user defined). I personally think it would be nice for X.509 certificates to get a dedicated packet number, but in any case the current method is in compliance with OpenPGP. - --Len. __ L. Sassaman System Administrator | "All of the chaos Technology Consultant | Makes perfect sense..." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Joe Diffie -----BEGIN PGP SIGNATURE----- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE49ujgPYrxsgmsCmoRAoYAAJ95iXtEDacolxnKRTrenn2fuq0iaACfWzVc LUPGcw+7QuxK8GFUtBfM9qA= =Izic -----END PGP SIGNATURE----- From rabbi@quickie.net Fri Apr 14 09:56:42 2000 From: rabbi@quickie.net (L. Sassaman) Date: Fri, 14 Apr 2000 02:56:42 -0700 (PDT) Subject: Compatibility In-Reply-To: <20000414113254.G23984@djebel.gnupg.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 14 Apr 2000, Werner Koch wrote: > Most banks here in Germany prefer RIPEMD160 over SHA1; I don't know > why ;-) Ah, politics. I love the fact that practically all of the AES candidates have non-US cryptographers working on them... :) Regardless of who developed SHA-1, it is the opinion of numerous well-respected cryptographers both in the USA and abroad that it is sound, and that DSS is correct in requiring it. An aside: those mysterious S-Box values in DES turned out to be not a back door placed by No Such Agency, but instead a clever construction to defend against differential cryptanalysis. When the NSA does things, they generally do them well... DES is cryptographically sound; 56 bit is just too damn small now. SHA-1 is far less controversial than the DES S-Boxes. RIPEMD160 could be just as good, but I trust SHA-1 with DSS more simply based on the collective opinion of the industry experts. - --Len. __ L. Sassaman System Administrator | "All of the chaos Technology Consultant | Makes perfect sense..." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Joe Diffie -----BEGIN PGP SIGNATURE----- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE49uthPYrxsgmsCmoRAq4wAKCK1KaWpj2mIA5l4gZuyMbmM+/aJACgyWuD VIqpvFTAePuUr5tLP+AOR/Q= =JLh8 -----END PGP SIGNATURE----- From wk@gnupg.org Fri Apr 14 10:18:32 2000 From: wk@gnupg.org (Werner Koch) Date: Fri, 14 Apr 2000 12:18:32 +0200 Subject: Compatibility In-Reply-To: ; from rabbi@quickie.net on Fri, Apr 14, 2000 at 02:46:01AM -0700 References: <20000414104613.C23984@djebel.gnupg.de> Message-ID: <20000414121832.I23984@djebel.gnupg.de> On Fri, 14 Apr 2000, L. Sassaman wrote: > I don't know about previous versions, but in 6.5.3 it is subpacket number > 100 (internal or user defined). Sorry, I was wrong here. See my message from 21 Feb 2000 22:31:47 in gnupg-devel. Werner -- Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 239577-0 Birkenstr. 12 email wk@openit.de D-40233 Duesseldorf http://www.openit.de From su99-jlu@nada.kth.se Fri Apr 14 10:28:36 2000 From: su99-jlu@nada.kth.se (Johan Lundberg) Date: Fri, 14 Apr 2000 12:28:36 +0200 (MET DST) Subject: Compatibility In-Reply-To: <20000413205812.A6988@overdue.dhis.net> Message-ID: On Thu, 13 Apr 2000, Lazarus Long wrote: >However, I am now curious why the commercial (NAI) PGP doesn't support >open source Blowfish. But, being a commercial endeavor, I suppose I >should not care very much what they (NAI) do or do not support. As long >as GnuPG remains standards-compliant I should be happy. The fact that NAI >chose to make their product noncompliant with the standard (in another >manner) is deplorable (in my opinion.) They are certainly not something >to be emulated. Ohh.. I thougth that one nice thing with gnupg whas that you should be able to encrypt to and from pgp, gpg and other users without to mush problems. It's a fact that pgp is mush more used than gpg, so i think pgp should be fully compatible with pgp by default (as long as it's not a violation to openPGP). If gpg are to replace pgp (as I understand you wold like?), it would be nice to be as compatible as possible. /johan ___________________________________________ Johan Lundberg HTTP://johan.hello.to Vibblabyv. 28 PGP: 0xD3A0A0E5 17764 Jarfalla B847 687B 8971 0AAC 1C29 +46(0)8-580 17259 DBA1 AB5F 664F D3A0 A0E5 From ftobin@uiuc.edu Fri Apr 14 15:34:09 2000 From: ftobin@uiuc.edu (Frank Tobin) Date: Fri, 14 Apr 2000 10:34:09 -0500 (CDT) Subject: Compatibility In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Johan Lundberg, at 12:28 +0200 on Fri, 14 Apr 2000, wrote: > Ohh.. I thougth that one nice thing with gnupg whas that you should be > able to encrypt to and from pgp, gpg and other users without to mush > problems. It's a fact that pgp is mush more used than gpg, so i think pgp > should be fully compatible with pgp by default (as long as it's not a > violation to openPGP). If gpg are to replace pgp (as I understand you wold > like?), it would be nice to be as compatible as possible. No, the nice thing about GnuPG is that it conforms to an internet-recognized specification for exchanging OpenPGP messages. This standard is available for anyone to view and create a new implementation of. If these standards did not exist we wouldn't have working protocols like TCP or HTTP. Three are currently two major things which break compatibility: encumbering patents, and PGP. RSA and IDEA are not supported by default in GnuPG because they are not free algorithms. These are SHOULD's in the OpenPGP specifiction. RSA will likely be supported when the patent runs out this fall. IDEA's patent does not run out for several years. NAI's PGP breaks the OpenPGP specifiction with it's new packets such as the photo-id. I can see that NAI wants to further extend the powers of PGP, and that is fine with me; however, users should be aware that there is an open standard with free implementations which anyone can use, and that not abiding by this standard has a good chance of alienating those who abide by it. This the same reason why use of Word documents is highly discouraged over other open, standards-based forms such as HTML; it would be silly to think that HTML should try to replace Word, or compensate for it. Sure, MS wants to further the complexity and power of a Word document, but that does not in any way mean that the designers of HTML should want or try to compensate. Oh, and by the way, when I refer to free I mean Open Source Free. - -- Frank Tobin http://www.uiuc.edu/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (FreeBSD) Comment: pgpenvelope - http://pgpenvelope.sourceforge.net/ iEYEARECAAYFAjj3OoMACgkQVv/RCiYMT6O/FQCfbgbUaPNnjwa6kWzLOlHZMR5j 9GsAniiEqcqBW0X9dxJeyHuW2hdT4P2x =mxq+ -----END PGP SIGNATURE----- From ftobin@uiuc.edu Fri Apr 14 15:47:51 2000 From: ftobin@uiuc.edu (Frank Tobin) Date: Fri, 14 Apr 2000 10:47:51 -0500 (CDT) Subject: Compatibility In-Reply-To: <20000414114946.H23984@djebel.gnupg.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Werner Koch, at 11:49 +0200 on Fri, 14 Apr 2000, wrote: > On Fri, 14 Apr 2000, L. Sassaman wrote: > > > As it doesn't look like Blowfish is going to be implemented in PGP, I'd > > like to see GnuPG give the option to exclude it from the preferences when > > keys are generated in GnuPG. > > No. Hehehe. Of course, there is _nothing_ stopping Len from editing GnuPG himself, making the modification, releasing, and continuing to track the source, to see if users would prefer his modified version. Mmmm, GPL'd software, crunchy on the outside, soft and gooey in the middle :) - -- Frank Tobin http://www.uiuc.edu/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (FreeBSD) Comment: pgpenvelope - http://pgpenvelope.sourceforge.net/ iEYEARECAAYFAjj3PbMACgkQVv/RCiYMT6N2SwCfbxNWByGIeQoyFQM1WTTToqB6 DdkAoJLBtEWJ80h/buCD6iSP/+V6+kXi =WdYz -----END PGP SIGNATURE----- From mjinks@midway.uchicago.edu Fri Apr 14 16:22:25 2000 From: mjinks@midway.uchicago.edu (Michael Jinks) Date: Fri, 14 Apr 2000 11:22:25 -0500 Subject: Compiling on RH-6.2/SPARC In-Reply-To: <20000414111331.F23984@djebel.gnupg.de>; from wk@gnupg.org on Fri, Apr 14, 2000 at 11:13:31AM +0200 References: <20000414003401.B387@harper.uchicago.edu> <20000414111331.F23984@djebel.gnupg.de> Message-ID: <20000414112225.E28924@harper.uchicago.edu> On Fri, Apr 14, 2000 at 11:13:31AM +0200, Werner Koch wrote: > On Fri, 14 Apr 2000, Michael Jinks wrote: > > > Linux embley 2.2.14-5.0 #1 Tue Mar 7 21:50:41 EST 2000 sparc64 unknown > > > /home/mjinks/src/gnupg-1.0.1/mpi/mpih-div.c:86: undefined reference to `__udiv_qrnnd' > > I have no more access to an UltraSparc, but there might be some fixes > in 1.0.1d. It used to run on the very first sold UltraPenguin box > here in Germany, quite a while back. Well, okay... Would it help if I offered you (or another GPG developer if you aren't interested or don't have the time) a login on my box? With Ultra's being so cheap these days, and Solaris still so unusable as a desktop, I can only imagine that there will be a lot more people in the same boat as me. I don't have the expertise to debug this myself but I'd like to help any way I can. I'd offer to send you an Ultra, but they aren't _that_ cheap. ;) -m -- Michael Jinks, IB Systems Administrator, Chicago Center for Computational Psychology finger mjinks@embley.spc.uchicago.edu for public key " From jgh@megsinet.net Fri Apr 14 16:32:17 2000 From: jgh@megsinet.net (Jason Helfman) Date: Fri, 14 Apr 2000 11:32:17 -0500 Subject: clearsign? Message-ID: <4e20b545f3.545f34e20b@core.com> i am at work, and can't recall offhand....what is a clearsign option? --- /helfman "At any given moment, you may find the ticket to the circus that has always been in your possession." Fingerprint: 2F76 2856 776A 3E07 9F3E 452A 17D9 9B28 D75E 0A36 GnuPG http://www.gnupg.org Get Private! From wk@gnupg.org Fri Apr 14 17:31:04 2000 From: wk@gnupg.org (Werner Koch) Date: Fri, 14 Apr 2000 19:31:04 +0200 Subject: Compiling on RH-6.2/SPARC In-Reply-To: <20000414112225.E28924@harper.uchicago.edu>; from mjinks@midway.uchicago.edu on Fri, Apr 14, 2000 at 11:22:25AM -0500 References: <20000414003401.B387@harper.uchicago.edu> <20000414111331.F23984@djebel.gnupg.de> <20000414112225.E28924@harper.uchicago.edu> Message-ID: <20000414193104.R23984@djebel.gnupg.de> On Fri, 14 Apr 2000, Michael Jinks wrote: > Well, okay... Would it help if I offered you (or another GPG developer if you > aren't interested or don't have the time) a login on my box? With Ultra's Thanks for this offer, shall I send you my ssh v1 key? Werner -- Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 239577-0 Birkenstr. 12 email wk@openit.de D-40233 Duesseldorf http://www.openit.de From ftobin@uiuc.edu Fri Apr 14 17:44:05 2000 From: ftobin@uiuc.edu (Frank Tobin) Date: Fri, 14 Apr 2000 12:44:05 -0500 (CDT) Subject: clearsign? In-Reply-To: <4e20b545f3.545f34e20b@core.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jason Helfman, at 11:32 -0500 on Fri, 14 Apr 2000, wrote: > i am at work, and can't recall offhand....what is a clearsign option? - --clearsign is a function of GnuPG, if that's what you are asking. You can generate clear-text signatures with it (like this mail). - -- Frank Tobin http://www.uiuc.edu/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (FreeBSD) Comment: pgpenvelope - http://pgpenvelope.sourceforge.net/ iEYEARECAAYFAjj3WPQACgkQVv/RCiYMT6N2jACgn4cTIclPoRwh6e1lKY7DerH/ t/0AoKNVDeEb0hAdRcGoN9J/n0AqzNwG =1C+J -----END PGP SIGNATURE----- From jgh@megsinet.net Fri Apr 14 17:52:06 2000 From: jgh@megsinet.net (Jason Helfman) Date: Fri, 14 Apr 2000 12:52:06 -0500 Subject: clearsign? Message-ID: <569a2576b9.576b9569a2@core.com> This is a multi-part message in MIME format. ----7e536bd43c42470 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: 7bit are there any useful macros for this? it seems like it is all encryption that needs to be decrypted, but yet it isn't. I would like to see the message you sent in mutt...grrr...i'm behind webmail here and they are seen as attachments.... I have found these two, thus far... macro compose \CP "Fgpg --clearsign\ny" macro compose \CS "Fgpg --clearsing\ny^T^Uapplication/pgp; format=test; x I am learning very much by having a pgp enabled client, such as mutt, but I am still learning. I sat down after I installed gnupg and went through the entire manual, and that helped explain so much. I found it much better documented then standard pgp unix released documents. I could be wrong, but this is what I have found. ----7e536bd43c42470 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Apr 14, 2000 at 11:32:17AM -0500, Jason Helfman wrote: > X-Mailer: Netscape Webmail ^^^ You've got web access there? > i am at work, and can't recall offhand....what is a clearsign option? =46rom http://www.gnupg.org/gph/en/manual/x135.html#AEN152: # Making and verifying signatures (p1 of= 3) Clearsigned documents A common use of digital signatures is to sign usenet postings or email messages. In such situations it is undesirable to compress the document while signing it. The option --clearsign causes the document to be wrapped in an ASCII-armored signature but otherwise does not modify the document. alice% gpg --clearsign doc You need a passphrase to unlock the secret key for user: "Alice (Judge) " 1024-bit DSA key, ID BB7576AC, created 1999-06-04 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [...] -----BEGIN PGP SIGNATURE----- Version: GnuPG v0.9.7 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjdYCQoACgkQJ9S6ULt1dqz6IwCfQ7wP6i/i8HhbcOSKF4ELyQB1 oCoAoOuqpRqEzr4kOkQqHRLE/b8/Rw2k =3Dy6kj -----END PGP SIGNATURE----- Detached signatures A signed document has limited usefulness. Other users must recover the original document from the signed version, and even with clearsigned documents, the signed document must be edited to recover the original. Therefore, there is a third method for signing a document that creates a detached signature. A detached signature is created using the --detach-sig option. alice% gpg --output doc.sig --detach-sig doc You need a passphrase to unlock the secret key for user: "Alice (Judge) " 1024-bit DSA key, ID BB7576AC, created 1999-06-04 Enter passphrase: Both the document and detached signature are needed to verify the signature. The --verify option can be to check the signature. blake% gpg --verify doc.sig doc gpg: Signature made Fri Jun 4 12:38:46 1999 CDT using DSA key ID BB7576AC gpg: Good signature from "Alice (Judge) " And from http://www.gnupg.org/gph/en/manual/r684.html: clearsign Name clearsign -- make a cleartext signature clearsign filename Description This command signs a message that can be verified to ensure that the original message has not been changed. Verification of the signed message is done using the command verify. (The above were only edited for 80-column mail display.) I hope those help in some way. and of course, I hope the base URL in there is even more useful in the future. :-) Oh, and I'll clearsign this. :-) (My MUA is Mutt, so it's easy.) --=20 Please (OpenPGP) encrypt all mail whenever possible. Request the following Public Keys for Lazarus Long Type Bits/KeyID Fingerprint DSA KeyID: vvvv vvvv ElGamal: 2048g/41783186 47A0 0929 CD9F B53E 49C0 F06C 560E F574 ED0D F80C ----7e536bd43c42470-- From info@jens-lang.de Fri Apr 14 19:16:09 2000 From: info@jens-lang.de (Jens) Date: Fri, 14 Apr 2000 21:16:09 +0200 (MEST) Subject: GPL & GnuPG In-Reply-To: <20000413180208.U23984@djebel.gnupg.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 13 Apr 2000, Werner Koch wrote: > > In particular, we would like to use it to generate > > license keys for the product. > ^^^^^^^^^^^^ > For what are these good?! Sorry, I won't support such mechanisms and > it is sad enough that you can use gpg to do this (if it is a different > process and you promise to deliver the source of gpg) If you do really think so, then you should IMHO actually ask yourself if it is a good idea to release gpg under the terms of the GPL. GPL means - as far as I understand it - that everyone is free to use the product for whatever reason one wants. This is also valid for commercial use and even for creating licensing keys. Sorry to say that, but GPL means freedom. Gregory, Waiblingen, Germany -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: pgpenvelope - http://www.uiuc.edu/ph/www/ftobin/resources.html iD8DBQE4926E6sr/JQdrzbkRAnFUAKDcFFrXoOlaaXVgvxOZod/+RYI66QCfbUBy /5VVaas2+/ntLERngYTPfF4= =gc2/ -----END PGP SIGNATURE----- From ats@acm.org Fri Apr 14 20:21:34 2000 From: ats@acm.org (Alan Shutko) Date: 14 Apr 2000 16:21:34 -0400 Subject: GPL & GnuPG In-Reply-To: Jens's message of "Fri, 14 Apr 2000 21:16:09 +0200 (MEST)" References: Message-ID: Jens writes: > GPL means - as far as I understand it - that everyone is free to use the > product for whatever reason one wants. This is also valid for commercial > use and even for creating licensing keys. And likewise, when said software calls GPG to verify the license key, the user can substitute a modified version which returns what the program wants to hear. -- Alan Shutko - In a variety of flavors! 210 days, 19 hours, 14 minutes, 11 seconds till we run away. The one day you'd sell your soul for something, souls are a glut. From jgh@megsinet.net Fri Apr 14 20:54:52 2000 From: jgh@megsinet.net (Jason Helfman) Date: Fri, 14 Apr 2000 15:54:52 -0500 Subject: key storage Message-ID: <5cf9a58d4b.58d4b5cf9a@core.com> Reading through a new book I just received "Practical Unix & Internet Security," I found a statement about taking much time into learning about encryption and public key cryptography, don't go ahead and keep your key rings in your home directory. If you don't keep them local, where would you keep them, other then an encrypted filesystem? --- /helfman "At any given moment, you may find the ticket to the circus that has always been in your possession." Fingerprint: 2F76 2856 776A 3E07 9F3E 452A 17D9 9B28 D75E 0A36 GnuPG http://www.gnupg.org Get Private! From rabbi@quickie.net Fri Apr 14 21:03:07 2000 From: rabbi@quickie.net (L. Sassaman) Date: Fri, 14 Apr 2000 14:03:07 -0700 (PDT) Subject: Compatibility In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 14 Apr 2000, Frank Tobin wrote: > Three are currently two major things which break compatibility: > encumbering patents, and PGP. That's a silly statement. > RSA and IDEA are not supported by default in GnuPG because they are not > free algorithms. These are SHOULD's in the OpenPGP specifiction. RSA > will likely be supported when the patent runs out this fall. IDEA's > patent does not run out for several years. Not following SHOULDs, unless there is a very good reason, is bad. > NAI's PGP breaks the OpenPGP specifiction with it's new packets such as > the photo-id. I can see that NAI wants to further extend the powers of > PGP, and that is fine with me; however, users should be aware that there > is an open standard with free implementations which anyone can use, and > that not abiding by this standard has a good chance of alienating those > who abide by it. Photo-ID and what else? Nothing. And the photo ID breaks nothing, either. Packet 17 is unused. If it were assigned to something else, and there was a conflict there, then things would be broken. The fact is the WG was told about the photo ID, and in my opinion should have made allowances for it. (The proposal was for a "biometric data packet" that could contain things like photos, fingerprints, voice-prints, etc.) And, if you follow the suggestion of the draft: However, if an implementation wishes to be compatible with such keys, the packet may be considered to be a user id packet with opaque contents. (As GnuPG does, I believe -- or does it just trim them from the key?), PGP keys play happiliy with GnuPG. - --Len. __ L. Sassaman System Administrator | "All of the chaos Technology Consultant | Makes perfect sense..." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Joe Diffie -----BEGIN PGP SIGNATURE----- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE494eRPYrxsgmsCmoRAljwAJkBf9VnfTYjeNM3IaUMBXv6bbcWDQCghKrZ QNOYpdgeo2+1cNBKyUKHLSM= =ah0K -----END PGP SIGNATURE----- From ftobin@uiuc.edu Fri Apr 14 21:10:38 2000 From: ftobin@uiuc.edu (Frank Tobin) Date: Fri, 14 Apr 2000 16:10:38 -0500 (CDT) Subject: Compatibility In-Reply-To: Message-ID: L. Sassaman, at 14:03 -0700 on Fri, 14 Apr 2000, wrote: > Not following SHOULDs, unless there is a very good reason, is bad. Are you implying that creating unrestricted, free software is not a "vey good reason"? Remember, the FSF has strong philosophies which have changed things for many of us, because of this good reason. > Photo-ID and what else? Nothing. And the photo ID breaks nothing, > either. If this is true, I'll stop arguing this point; I'm sure you've become more intimate with PGP's internals and the RFC than I have. -- Frank Tobin http://www.uiuc.edu/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus From ftobin@uiuc.edu Fri Apr 14 21:16:12 2000 From: ftobin@uiuc.edu (Frank Tobin) Date: Fri, 14 Apr 2000 16:16:12 -0500 (CDT) Subject: GPL & GnuPG In-Reply-To: Message-ID: Jens, at 21:16 +0200 on Fri, 14 Apr 2000, wrote: > GPL means - as far as I understand it - that everyone is free to use the > product for whatever reason one wants. This is also valid for commercial > use and even for creating licensing keys. > > Sorry to say that, but GPL means freedom. I totally agree with you on this point. However, I'm interpreting Warner's statment as expressing his disappointment that people are 'foolishly' still trying to use the concept of license keys to restrict software. Kinda goes against everything the FSF is against; not that it minds _that_much_ that people still exhausting energy trying :) -- Frank Tobin http://www.uiuc.edu/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus From ats@acm.org Fri Apr 14 21:20:57 2000 From: ats@acm.org (Alan Shutko) Date: 14 Apr 2000 17:20:57 -0400 Subject: key storage In-Reply-To: Jason Helfman's message of "Fri, 14 Apr 2000 15:54:52 -0500" References: <5cf9a58d4b.58d4b5cf9a@core.com> Message-ID: Jason Helfman writes: > If you don't keep them local, where would you keep them, other then an > encrypted filesystem? A floppy disk, cdrom, compact flash or pcmcia memory card you carried with you and removed when it wasn't in use? -- Alan Shutko - In a variety of flavors! 210 days, 18 hours, 14 minutes, 34 seconds till we run away. "I am Curly of Borg. Resistance and assimilation is Nyuk, Nyuk, Nyuk!" From ftobin@uiuc.edu Fri Apr 14 21:33:01 2000 From: ftobin@uiuc.edu (Frank Tobin) Date: Fri, 14 Apr 2000 16:33:01 -0500 (CDT) Subject: key storage In-Reply-To: <5cf9a58d4b.58d4b5cf9a@core.com> Message-ID: Jason Helfman, at 15:54 -0500 on Fri, 14 Apr 2000, wrote: > If you don't keep them local, where would you keep them, other then an > encrypted filesystem? Removable drives (e.g., floppy), or other input devices such as serial ports provide a decent means of having an 'air-wall' between your secret keys and the OpenPGP application when they are not in use. There are a whole bunch of fun/exotic/paranoid measures one could go to to protect one's secret keys. Lots of them cut down on your productivity, though. Pick your favorite game. -- Frank Tobin http://www.uiuc.edu/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus From sungod@atdot.org Fri Apr 14 21:33:18 2000 From: sungod@atdot.org (sungod) Date: Fri, 14 Apr 2000 17:33:18 -0400 Subject: key storage In-Reply-To: ; from ats@acm.org on Fri, Apr 14, 2000 at 05:20:57PM -0400 References: <5cf9a58d4b.58d4b5cf9a@core.com> Message-ID: <20000414173318.A13233@potok.localdomain> On Fri, Apr 14, 2000 at 05:20:57PM -0400, Alan Shutko (ats@acm.org) wrote: > Jason Helfman writes: > > > If you don't keep them local, where would you keep them, other then an > > encrypted filesystem? > > A floppy disk, cdrom, compact flash or pcmcia memory card you carried > with you and removed when it wasn't in use? This is a really good idea, and I didn't realize until you'd said it that it's (finally) not just possible but downright easy. Anybody know where I can get CD-R blanks that are credit-card sized, like the rescue discs LinuxCare makes? This would be perfect for storing keyrings. -- Everything on television is fake. ---------------------------------------------------------------------------- sungod@atdot.org From rabbi@quickie.net Fri Apr 14 21:41:06 2000 From: rabbi@quickie.net (L. Sassaman) Date: Fri, 14 Apr 2000 14:41:06 -0700 (PDT) Subject: GPL & GnuPG In-Reply-To: Message-ID: On Fri, 14 Apr 2000, Frank Tobin wrote: > Jens, at 21:16 +0200 on Fri, 14 Apr 2000, wrote: > > > GPL means - as far as I understand it - that everyone is free to use the > > product for whatever reason one wants. This is also valid for commercial > > use and even for creating licensing keys. > > > > Sorry to say that, but GPL means freedom. > > I totally agree with you on this point. However, I'm interpreting > Warner's statment as expressing his disappointment that people are > 'foolishly' still trying to use the concept of license keys to restrict > software. Kinda goes against everything the FSF is against; not that it > minds _that_much_ that people still exhausting energy trying :) It's sort of like when people take a product with the BSD license and make changes and release it under the GPL. It annoys the original authors incredibly, but it is quite legal. __ L. Sassaman System Administrator | "All of the chaos Technology Consultant | Makes perfect sense..." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Joe Diffie From rabbi@quickie.net Fri Apr 14 21:44:50 2000 From: rabbi@quickie.net (L. Sassaman) Date: Fri, 14 Apr 2000 14:44:50 -0700 (PDT) Subject: Compatibility In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 14 Apr 2000, Frank Tobin wrote: > L. Sassaman, at 14:03 -0700 on Fri, 14 Apr 2000, wrote: > > > Not following SHOULDs, unless there is a very good reason, is bad. > > Are you implying that creating unrestricted, free software is not a "vey > good reason"? Remember, the FSF has strong philosophies which have > changed things for many of us, because of this good reason. I was not judging the particular case of not including IDEA and RSA. In fact, the modules almost make up for it (the RSA module doesn't permit key generation, I don't believe). But I was just pointing out that SHOULD statements are meant to be followed. > > Photo-ID and what else? Nothing. And the photo ID breaks nothing, > > either. > > If this is true, I'll stop arguing this point; I'm sure you've become more > intimate with PGP's internals and the RFC than I have. If the WG assigned packet 17 to something else, then there would be a problem. As it is now, Packet 17 is effectively assigned to the Photo-ID; it just isn't official. I hope the WG makes it so, as the Photo-ID is not going away, and adding it to the draft would clear up a potential problem with the standard. __ L. Sassaman System Administrator | "All of the chaos Technology Consultant | Makes perfect sense..." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Joe Diffie -----BEGIN PGP SIGNATURE----- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE495FYPYrxsgmsCmoRAonnAKDsVlx3+O+kwrVQPpZ+QIyLJW2snQCfX0FU 6L5JlCuBJ8Zjj0qYHNFcP1E= =wgum -----END PGP SIGNATURE----- From lhecking@nmrc.ucc.ie Sat Apr 15 01:56:48 2000 From: lhecking@nmrc.ucc.ie (Lars Hecking) Date: Sat, 15 Apr 2000 02:56:48 +0100 Subject: GPL & GnuPG In-Reply-To: ; from rabbi@quickie.net on Fri, Apr 14, 2000 at 02:41:06PM -0700 References:

Message-ID: <20000415025648.B17019@tehran.nmrc.ucc.ie> > > I totally agree with you on this point. However, I'm interpreting > > Warner's statment as expressing his disappointment that people are > > 'foolishly' still trying to use the concept of license keys to restrict > > software. Kinda goes against everything the FSF is against; not that it > > minds _that_much_ that people still exhausting energy trying :) > > It's sort of like when people take a product with the BSD license and make > changes and release it under the GPL. It annoys the original authors > incredibly, but it is quite legal. That's because the BSD licence has more freedom than the GPL. BSD vs. GPL wars are bloody boring. Instead, take a licence that only allows you to distribute modifications as patches, and the original authors and (C) holders have dropped out of development ages ago. That is _real_ fun:-( From johanw@vulcan.xs4all.nl Sat Apr 15 10:21:49 2000 From: johanw@vulcan.xs4all.nl (Johan Wevers) Date: Sat, 15 Apr 2000 12:21:49 +0200 (MET DST) Subject: About Symmetric Ciphers. In-Reply-To: <20000414102543.B23984@djebel.gnupg.de> from Werner Koch at "Apr 14, 2000 10:25:43 am" Message-ID: <200004151021.MAA03042@vulcan.xs4all.nl> Werner Koch wrote: > Just curious how you achieve to create and remember a passphrase > yielding enough entropy for a 256 bit key, this seems impossible for > me without a hardware token. Personally I don't, but to be honest I still use 128-bits IDEA for my archives (I doubt scientology will be able to break that by brute-force anyway). But if you use entire sentences for your passphrases, with ElItE c00l spelling and so, wouldn't that suffice? -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From johanw@vulcan.xs4all.nl Sat Apr 15 10:57:25 2000 From: johanw@vulcan.xs4all.nl (Johan Wevers) Date: Sat, 15 Apr 2000 12:57:25 +0200 (MET DST) Subject: GPL & GnuPG In-Reply-To: from Jens at "Apr 14, 2000 09:16:09 pm" Message-ID: <200004151057.MAA03276@vulcan.xs4all.nl> You, Jens, wrote: [Werner Koch] >> For what are these good?! Sorry, I won't support such mechanisms and >> it is sad enough that you can use gpg to do this (if it is a different >> process and you promise to deliver the source of gpg) > If you do really think so, then you should IMHO actually ask yourself if > it is a good idea to release gpg under the terms of the GPL. My opinion with respect to this is that GPL is the lesser evil here. Explicitly disallowing certain uses causes more problems than it's woth IMO, without solving any problems (see the crypto export rules from the USA, do they really believe that Iraq and North-Korea don't get pgp when if they want to have it?). -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From johanw@vulcan.xs4all.nl Sat Apr 15 10:44:08 2000 From: johanw@vulcan.xs4all.nl (Johan Wevers) Date: Sat, 15 Apr 2000 12:44:08 +0200 (MET DST) Subject: Compatibility In-Reply-To: from "L. Sassaman" at "Apr 14, 2000 02:23:16 am" Message-ID: <200004151044.MAA03171@vulcan.xs4all.nl> L. Sassaman wrote: > As it doesn't look like Blowfish is going to be implemented in PGP, I don't follow the recent pgp development closely, but I thought it's source is still available. Is it difficult to write Blowfish modules for pgp 6.x like the ones for GnuPG? -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From Florian.Weimer@rus.uni-stuttgart.de Sat Apr 15 18:13:07 2000 From: Florian.Weimer@rus.uni-stuttgart.de (Florian Weimer) Date: 15 Apr 2000 20:13:07 +0200 Subject: GPL & GnuPG In-Reply-To: Jens's message of "Fri, 14 Apr 2000 21:16:09 +0200 (MEST)" References: Message-ID: Jens writes: > On Thu, 13 Apr 2000, Werner Koch wrote: > > > > In particular, we would like to use it to generate > > > license keys for the product. > > ^^^^^^^^^^^^ > > For what are these good?! Sorry, I won't support such mechanisms and > > it is sad enough that you can use gpg to do this (if it is a different > > process and you promise to deliver the source of gpg) > If you do really think so, then you should IMHO actually ask yourself if > it is a good idea to release gpg under the terms of the GPL. Eh, do you really think a free software author is forced to support silly (sorry, Patrick) user requests? > Sorry to say that, but GPL means freedom. Yes, but this kind of freedom might even be abused to restrict freedom of others. And that's certainly a sad thing. From wk@gnupg.org Sun Apr 16 13:01:27 2000 From: wk@gnupg.org (Werner Koch) Date: Sun, 16 Apr 2000 15:01:27 +0200 Subject: Compatibility In-Reply-To: ; from rabbi@quickie.net on Fri, Apr 14, 2000 at 02:44:50PM -0700 References:

Message-ID: <20000416150127.C17249@djebel.gnupg.de> On Fri, 14 Apr 2000, L. Sassaman wrote: > I was not judging the particular case of not including IDEA and RSA. In It is perfectly okay not to include those algorithms. The IETF prefers unpatened algorithms if it can be done at all and one of the reasons why we have this whole OpenPGP think, is that it now allows free usage of a protocol. > fact, the modules almost make up for it (the RSA module doesn't permit key > generation, I don't believe). But I was just pointing out that SHOULD And with a good reason. 2 years back most folks agredd on that RSA is a bad thing. I remember that Phil called my on the phone to make sure that GnuPG will not switch to RSA! Because it sometimes makes sense to create RSA keys, GnuPG will have this feature on Sep 20th. > If the WG assigned packet 17 to something else, then there would be a > problem. As it is now, Packet 17 is effectively assigned to the > Photo-ID; it just isn't official. I hope the WG makes it so, as the That is the reason why there are these experimental/private packet numbers. These whole compatibilty story to PGP remembers me a bit of the strategy other (big) verndors are driving. Take a standard, add some nice little gadget which is not covered by the standard and claim that you use the new Standard. Microsoft did this recently with Kerberos. BTW, does PGP 6,7 or whatever now create v4 signature packets or does GnuPG still need the --force-v3-sigs option? Werner p.s. This discussion should be done on the OpenPGP ML. -- Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 239577-0 Birkenstr. 12 email wk@openit.de D-40233 Duesseldorf http://www.openit.de From wk@gnupg.org Sun Apr 16 13:02:11 2000 From: wk@gnupg.org (Werner Koch) Date: Sun, 16 Apr 2000 15:02:11 +0200 Subject: Compatibility In-Reply-To: <200004151044.MAA03171@vulcan.xs4all.nl>; from johanw@vulcan.xs4all.nl on Sat, Apr 15, 2000 at 12:44:08PM +0200 References: <200004151044.MAA03171@vulcan.xs4all.nl> Message-ID: <20000416150211.D17249@djebel.gnupg.de> On Sat, 15 Apr 2000, Johan Wevers wrote: > I don't follow the recent pgp development closely, but I thought it's > source is still available. Is it difficult to write Blowfish modules for > pgp 6.x like the ones for GnuPG? First look at the license.... -- Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 239577-0 Birkenstr. 12 email wk@openit.de D-40233 Duesseldorf http://www.openit.de From wk@gnupg.org Sun Apr 16 13:10:51 2000 From: wk@gnupg.org (Werner Koch) Date: Sun, 16 Apr 2000 15:10:51 +0200 Subject: GPL & GnuPG In-Reply-To: ; from info@jens-lang.de on Fri, Apr 14, 2000 at 09:16:09PM +0200 References: <20000413180208.U23984@djebel.gnupg.de> Message-ID: <20000416151051.E17249@djebel.gnupg.de> On Fri, 14 Apr 2000, Jens wrote: > GPL means - as far as I understand it - that everyone is free to use the > product for whatever reason one wants. This is also valid for commercial > use and even for creating licensing keys. > > Sorry to say that, but GPL means freedom. Yes. I simply expressed that I am not very happy about that usage. But I can't and will never decide who is going to use a software; that is simply not up to me. There are many other usage patterns I certainly don't like (miltitary usage) and which I won't support either voluntary or paid. There is a big difference between supporting a software and allowing to use it. Werner -- Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 239577-0 Birkenstr. 12 email wk@openit.de D-40233 Duesseldorf http://www.openit.de From johanw@vulcan.xs4all.nl Sun Apr 16 14:40:41 2000 From: johanw@vulcan.xs4all.nl (Johan Wevers) Date: Sun, 16 Apr 2000 16:40:41 +0200 (MET DST) Subject: Compatibility In-Reply-To: <20000416150211.D17249@djebel.gnupg.de> from Werner Koch at "Apr 16, 2000 03:02:11 pm" Message-ID: <200004161440.QAA02811@vulcan.xs4all.nl> Werner Koch wrote: >>I don't follow the recent pgp development closely, but I thought it's >>source is still available. Is it difficult to write Blowfish modules for >>pgp 6.x like the ones for GnuPG? > First look at the license.... I don't hve the licence here, but the question that would count to me is: would NAI go and sue when someone writes a patch or plugin module for pgp for Blowfish? And if so, would they probably win? -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From johanw@vulcan.xs4all.nl Sun Apr 16 14:38:28 2000 From: johanw@vulcan.xs4all.nl (Johan Wevers) Date: Sun, 16 Apr 2000 16:38:28 +0200 (MET DST) Subject: Compatibility In-Reply-To: <20000416150127.C17249@djebel.gnupg.de> from Werner Koch at "Apr 16, 2000 03:01:27 pm" Message-ID: <200004161438.QAA02802@vulcan.xs4all.nl> Werner Koch wrote: > And with a good reason. 2 years back most folks agredd on that RSA is > a bad thing. Due to legal or due to technical reasons? I believe that most cryptographers believe that when you crack one algorithm you can probably also crack the other so I guess it are non-technical reasons. > These whole compatibilty story to PGP remembers me a bit of the strategy > other (big) verndors are driving. Take a standard, add some nice little > gadget which is not covered by the standard and claim that you use the new > Standard. Microsoft did this recently with Kerberos. The difference here is that MS is not publishing its changes so any tool that wants to be compatible, like Samba, must reverse-engineer the changes. That is not the case with the photo-ID packets. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From wk@gnupg.org Sun Apr 16 16:23:25 2000 From: wk@gnupg.org (Werner Koch) Date: Sun, 16 Apr 2000 18:23:25 +0200 Subject: Compatibility In-Reply-To: <200004161438.QAA02802@vulcan.xs4all.nl>; from johanw@vulcan.xs4all.nl on Sun, Apr 16, 2000 at 04:38:28PM +0200 References: <20000416150127.C17249@djebel.gnupg.de> <200004161438.QAA02802@vulcan.xs4all.nl> Message-ID: <20000416182325.B23225@djebel.gnupg.de> On Sun, 16 Apr 2000, Johan Wevers wrote: > Due to legal or due to technical reasons? I believe that most cryptographers > believe that when you crack one algorithm you can probably also crack the v3 RSA keys also for technical reasons. > The difference here is that MS is not publishing its changes so any tool > that wants to be compatible, like Samba, must reverse-engineer the changes. > That is not the case with the photo-ID packets. I have never seen a description of the Photo-ID, although NAI promised a long time ago to send specs to the WG. I had to do some reverse engineering on that data packet too. Werner -- Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 239577-0 Birkenstr. 12 email wk@openit.de D-40233 Duesseldorf http://www.openit.de From richard@sheflug.co.uk Sat Apr 15 23:56:14 2000 From: richard@sheflug.co.uk (Richard) Date: Sun, 16 Apr 2000 00:56:14 +0100 Subject: GPG Configuration Message-ID: <38F9019E.2E3064CB@sheflug.co.uk> Hello I've installed GPG and more or less worked out what to do with it. The part that I can't work out is how to tell GPG where my keys are. By that I mean the floppy drive a:. How do I tell it to check the floppy drive ? Thanks -- Richard Sheffield UK From dstenn@fanfic.org Sun Apr 16 17:31:18 2000 From: dstenn@fanfic.org (Dennis Tenn) Date: Sun, 16 Apr 2000 13:31:18 -0400 (EDT) Subject: GPG Configuration In-Reply-To: <38F9019E.2E3064CB@sheflug.co.uk> Message-ID: On Sun, 16 Apr 2000, Richard wrote: |Hello | |I've installed GPG and more or less worked out what to do with it. | |The part that I can't work out is how to tell GPG where my keys are. By |that I mean the floppy drive a:. How do I tell it to check the floppy |drive ? 'man gpg' You would've found the option '--homedir' --homedir directory Set the name of the home directory to directory If this option is not used it defaults to "~/.gnupg". It does not make sense to use this in a options file. This also overrides the envi- ronment variable "GNUPGHOME". Set the environment variable and make sure you have the floppy mounted. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Dennis Tenn * There will always come a time dstenn@fanfic.org * When your love will be tested LICQ# 1457509 * Stand tall and rise to the occasion * For only then will you grow strong. * -Anonymous -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From richard@sheflug.co.uk Sun Apr 16 00:10:27 2000 From: richard@sheflug.co.uk (Richard) Date: Sun, 16 Apr 2000 01:10:27 +0100 Subject: GPG Configuration References: Message-ID: <38F904F3.671D298E@sheflug.co.uk> Dennis Dennis Tenn wrote: > > You would've found the option '--homedir' Thanks very much :-) -- Richard Sheffield Linux User's Group Sheffield UK http://www.sheflug.co.uk From johanw@vulcan.xs4all.nl Sun Apr 16 18:44:16 2000 From: johanw@vulcan.xs4all.nl (Johan Wevers) Date: Sun, 16 Apr 2000 20:44:16 +0200 (MET DST) Subject: Compatibility In-Reply-To: <20000416182325.B23225@djebel.gnupg.de> from Werner Koch at "Apr 16, 2000 06:23:25 pm" Message-ID: <200004161844.UAA03206@vulcan.xs4all.nl> Werner Koch wrote: > I have never seen a description of the Photo-ID, although NAI promised a > long time ago to send specs to the WG. I had to do some reverse > engineering on that data packet too. And it's also not available in the pgp source? Anyway, that's a bad thing. If NAI wants this to make it in a future RFC then they should at least publish it. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From ftobin@uiuc.edu Sun Apr 16 22:15:53 2000 From: ftobin@uiuc.edu (Frank Tobin) Date: Sun, 16 Apr 2000 17:15:53 -0500 (CDT) Subject: ann: release of GnuPG::Interface 0.01 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I am pleased to announce the first release of GnuPG::Interface. GnuPG::Interface, the successor to PGP::GPG::MessageProcessor, is a Perl module interface to interacting with GnuPG. It implements a rich set of bidirectional communications with GnuPG through filehandles and includes a rich GnuPG-key object organization structure, which has information filled in by parsing GnuPG's key listing's with-colons option. While this module is at 0.01, I have done extensive testing to help ensure that the module works correctly. Comments are welcomed. The current homepage of GnuPG::Interface is at: http://www.neverending.org/~ftobin/resources/ - -- Frank Tobin http://www.uiuc.edu/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (FreeBSD) Comment: pgpenvelope - http://pgpenvelope.sourceforge.net/ iEYEARECAAYFAjj6PAoACgkQVv/RCiYMT6P+TwCfX/GnayKssLwFkQWUAfx3ZCTH fhgAoJytleRPOgI7xFbjlUbi8o0FzhtQ =Y/uS -----END PGP SIGNATURE----- From rabbi@quickie.net Mon Apr 17 02:29:34 2000 From: rabbi@quickie.net (L. Sassaman) Date: Sun, 16 Apr 2000 19:29:34 -0700 (PDT) Subject: Compatibility In-Reply-To: <200004161438.QAA02802@vulcan.xs4all.nl> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 16 Apr 2000, Johan Wevers wrote: > Werner Koch wrote: > > > And with a good reason. 2 years back most folks agredd on that RSA is > > a bad thing. > > Due to legal or due to technical reasons? I believe that most cryptographers > believe that when you crack one algorithm you can probably also crack the > other so I guess it are non-technical reasons. Mainly non-technical. In order to use RSA in the US, you need to either use BSAFE (with a license) or RSAREF (for free). PGP used to have a custom-written RSA implementation that was a lot faster than BSAFE, but we can't use it. Yet. :) Also, v3 keys aren't as good as v4 keys. With v4 keys, you can have a different key for signing then for encrypting (actually, it is necessary if you choose to use DSS as the signing key). RSA v4 keys are possible as well, and pose no real security advantages or disadvantages; two RSA keys are created, and one is designated the signing key and the other the encrypting key. So it isn't really RSA the algorithm that is the problem, it is v3 keys and the RSA legal mess. Both of which are going away. - --Len. __ L. Sassaman System Administrator | Technology Consultant | [This space for rent] icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | -----BEGIN PGP SIGNATURE----- Comment: For info see http://www.gnupg.org iEYEARECAAYFAjj6dx4ACgkQPYrxsgmsCmpoygCfVweUu8NsH4NL2keY7UE0LvTh pE8AoLt/VEfj8/q14sGGTWm9JV9E48Xz =g0qv -----END PGP SIGNATURE----- From rabbi@quickie.net Mon Apr 17 02:31:34 2000 From: rabbi@quickie.net (L. Sassaman) Date: Sun, 16 Apr 2000 19:31:34 -0700 (PDT) Subject: Compatibility In-Reply-To: <200004161844.UAA03206@vulcan.xs4all.nl> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 16 Apr 2000, Johan Wevers wrote: > And it's also not available in the pgp source? > > Anyway, that's a bad thing. If NAI wants this to make it in a future RFC > then they should at least publish it. Everything is in the source. Even things that aren't in the Freeware version. - --Len. __ L. Sassaman System Administrator | Technology Consultant | [This space for rent] icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | -----BEGIN PGP SIGNATURE----- Comment: For info see http://www.gnupg.org iEYEARECAAYFAjj6d44ACgkQPYrxsgmsCmoOFACffwuv9hrHloZ94ntD7FUjoDiw W8gAoLC1ppFZJHd8aVR439psv0tmiz4S =qTDK -----END PGP SIGNATURE----- From rabbi@quickie.net Mon Apr 17 02:42:37 2000 From: rabbi@quickie.net (L. Sassaman) Date: Sun, 16 Apr 2000 19:42:37 -0700 (PDT) Subject: Compatibility In-Reply-To: <20000416150127.C17249@djebel.gnupg.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 16 Apr 2000, Werner Koch wrote: > That is the reason why there are these experimental/private packet > numbers. And also the reason that the X.509 certificate takes those numbers. At the time of the photo-id creation, it was fully expected to be part of the standard. > These whole compatibilty story to PGP remembers me a bit of the strategy > other (big) verndors are driving. Take a standard, add some nice little > gadget which is not covered by the standard and claim that you use the new > Standard. Microsoft did this recently with Kerberos. Ugh. Please don't compare PGP to Microsoft. Microsoft intentionally broke Kerberos so that people would be forced to use its products. (Or that's my take on it anyway). Believe me, breaking the OpenPGP standard is the last thing we want to do. Here's the original proposal: http://www.imc.org/ietf-open-pgp/mail-archive/msg01196.html - --Len. __ L. Sassaman System Administrator | Technology Consultant | [This space for rent] icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | -----BEGIN PGP SIGNATURE----- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE4+nokPYrxsgmsCmoRAkjeAJsFMwqA/5JzASQ9ShEQzQJwkMO2hwCgju1C ogGkdXb2TtLS0t9nVeP6tOg= =7XqZ -----END PGP SIGNATURE----- From 0@pigdog.org Mon Apr 17 05:26:56 2000 From: 0@pigdog.org (0) Date: 16 Apr 2000 22:26:56 -0700 Subject: Determining Key Algorithm? Message-ID: So, I have a number of keys in my PGP (2.6.x) keyring and my GPG keyring. I'd like to be able to figure out which ones use which algorithm. Is there an easy way to do this? ~0 From ftobin@uiuc.edu Mon Apr 17 06:31:21 2000 From: ftobin@uiuc.edu (Frank Tobin) Date: Mon, 17 Apr 2000 01:31:21 -0500 (CDT) Subject: Determining Key Algorithm? In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 0, at 22:26 -0700 on 16 Apr 2000, wrote: > So, I have a number of keys in my PGP (2.6.x) keyring and my GPG > keyring. I'd like to be able to figure out which ones use which > algorithm. > > Is there an easy way to do this? The "with-colons" options should achieve what you want. Details are spelled out in GnuPG's DETAILS file. - -- Frank Tobin http://www.uiuc.edu/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (FreeBSD) Comment: pgpenvelope - http://pgpenvelope.sourceforge.net/ iEYEARECAAYFAjj6r8cACgkQVv/RCiYMT6OXzgCfT0Mory6AjAOYXqo5qt6490an uVQAnRlS9fz6vZQGY6FVJG3iNZYua6+V =TlXM -----END PGP SIGNATURE----- From wk@gnupg.org Mon Apr 17 08:44:17 2000 From: wk@gnupg.org (Werner Koch) Date: Mon, 17 Apr 2000 10:44:17 +0200 Subject: Compatibility In-Reply-To: ; from rabbi@quickie.net on Sun, Apr 16, 2000 at 07:42:37PM -0700 References: <20000416150127.C17249@djebel.gnupg.de> Message-ID: <20000417104417.F25209@djebel.gnupg.de> On Sun, 16 Apr 2000, L. Sassaman wrote: > Here's the original proposal: > > http://www.imc.org/ietf-open-pgp/mail-archive/msg01196.html It is dated March 1998 and I can't remember that it ever has been in a draft nor is it in RFC2440 (November 98). This cleary means, it is not part of OpenPGP. The WG has decided on this and that is the entity which decides. During the process of creating OpenPGP the other implementors did change there apps to be in compliance with the draft or the final specs, PGP didn't. Werner -- Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 239577-0 Birkenstr. 12 email wk@openit.de D-40233 Duesseldorf http://www.openit.de From mwood@IUPUI.Edu Mon Apr 17 13:28:29 2000 From: mwood@IUPUI.Edu (Mark H. Wood) Date: Mon, 17 Apr 2000 08:28:29 -0500 (EST) Subject: Compatibility In-Reply-To: Message-ID: On Fri, 14 Apr 2000, L. Sassaman wrote: > On Fri, 14 Apr 2000, Frank Tobin wrote: [snip] > > RSA and IDEA are not supported by default in GnuPG because they are not > > free algorithms. These are SHOULD's in the OpenPGP specifiction. RSA > > will likely be supported when the patent runs out this fall. IDEA's > > patent does not run out for several years. > > Not following SHOULDs, unless there is a very good reason, is bad. Wishing not to go to jail for using patented algorithms without a license is a very good reason, IMHO. -- Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu "Where's the kaboom? There was supposed to be an Earth-shattering kaboom!" -- Marvin Martian, 01/01/2000 00:00:00 From richard@sheflug.co.uk Mon Apr 17 16:02:22 2000 From: richard@sheflug.co.uk (Richard) Date: Mon, 17 Apr 2000 17:02:22 +0100 Subject: GPG Configuration References: Message-ID: <38FB358E.2C567595@sheflug.co.uk> Dear all Thanks for your help > 'man gpg' > > You would've found the option '--homedir' >in the options file or on the command line. Look at --keyring and >--no-default-keyring on the man page. As an aside to this I thought I'd mention that when I did "man gpg" I got...... "No man page due to missing docbook-to-man" So, maybe it's missing ? Downloaded from..... http://www.gnupg.org Thanks :-) -- Richard Sheffield UK From seminar@earnware.net Mon Apr 17 20:42:37 2000 From: seminar@earnware.net (Internet Opportunities) Date: Mon, 17 Apr 2000 13:42:37 -0700 Subject: Internet Seminar-San Diego! Message-ID: <0091960a011e5207d0@[63.88.232.136]> ----PTCP_00919609011e5107d0 Content-Type: text/plain Content-Transfer-Encoding: Quoted-Printable CASHING IN ON THE INTERNET? CASH IN ON THE INTERNET! ATTEND THIS SEMINAR TO LEARN HOW! SEMINAR FEATURES: - FREE step-by-step guide to Cashing in on the Internet= distributed to all who attend! - FREE web site to all who attend. Hosting included. Instantly set up at seminar. - Learn how you can begin earning thousands of dollars each week with the click of a mouse. - The Internet revolution is happening NOW! Start building your fortune today! We will show you how it= is being done! DATE: Sunday, April 30, 2000 TIME: 1:30-3:30 p.m. LOCATION: Holiday Inn Select 5959 Hotel Circle South San Diego (at I-8 and Highway 163) In the beautiful pool-side Sierra Room!! SPEAKERS: M. Gregory May, J.D. & Geoffrey D.Schiering, J.D., M.B.A. RESERVATIONS: Seating is very limited and fills up very quickly. For FREE tickets you must reserve your seats in advance no later than Friday, April 21, 2000 by calling our 24 hour automated reservation line at 1-800-689-6813 OR by replying to this e-mail. You must leave your name, e-mail address and mailing address. You will receive your tickets by mail and an e-mail confirmation regarding your reservation. (Limit 4 tickets per caller/$10 admission day of seminar without advance reservation.) Reservation deadline is Friday, 4/21/00. CALL NOW TO GUARANTEE SEATING. NOTE: IF YOU'RE NOT IN SAN DIEGO OR CANNOT ATTEND THE SEMINAR BUT WOULD LIKE A FREE COPY OF OUR BOOKLET ENTITLED, "CASHING IN ON THE INTERNET" PLEASE SO INDICATE IN A REPLY E-MAIL. IF YOU WOULD LIKE TO BE REMOVED FROM OUR DATABASE PLEASE SO INDICATE IN A REPLY E-MAIL (Type "Remove" in the subject field) OR CALL 1-800-689-6813 (Touch tone choice 4) AND YOU WILL BE REMOVED IMMEDIATELY. ----PTCP_00919609011e5107d0-- From Ralf.Strandell@silja.com Tue Apr 18 12:24:37 2000 From: Ralf.Strandell@silja.com (Strandell, Ralf) Date: Tue, 18 Apr 2000 15:24:37 +0300 Subject: How to make gnupg-1.0.1 on Unixware 7.0.1 ? Message-ID: Hello Does anybody know how to make a working installation from gnupg-1.0.1 source on ( SCO ) Unixware 7.0.1 ? I allways get these error messages when making: # make UX:make: WARNING: No suffix list. make all-recursive UX:make: WARNING: No suffix list. Making all in intl Making all in zlib Making all in util Making all in mpi UX:make: ERROR: don't know how to make mpih-mul1.o (bu42). *** Error code 1 (bu21) UX:make: ERROR: fatal error. *** Error code 1 (bu21) UX:make: ERROR: fatal error. -------------------------------------------- - Ralf - From lhecking@nmrc.ucc.ie Tue Apr 18 13:19:14 2000 From: lhecking@nmrc.ucc.ie (Lars Hecking) Date: Tue, 18 Apr 2000 14:19:14 +0100 Subject: How to make gnupg-1.0.1 on Unixware 7.0.1 ? In-Reply-To: ; from Ralf.Strandell@silja.com on Tue, Apr 18, 2000 at 03:24:37PM +0300 References: Message-ID: <20000418141914.A4403@tehran.nmrc.ucc.ie> > Does anybody know how to make a working installation from > gnupg-1.0.1 source on ( SCO ) Unixware 7.0.1 ? > > I allways get these error messages when making: > > # make > UX:make: WARNING: No suffix list. > make all-recursive > UX:make: WARNING: No suffix list. > Making all in intl > Making all in zlib > Making all in util > Making all in mpi > UX:make: ERROR: don't know how to make mpih-mul1.o (bu42). > *** Error code 1 (bu21) > UX:make: ERROR: fatal error. > *** Error code 1 (bu21) > UX:make: ERROR: fatal error. Check whether there's a port of GNU make for your platform and try it. From wk@gnupg.org Tue Apr 18 13:43:33 2000 From: wk@gnupg.org (Werner Koch) Date: Tue, 18 Apr 2000 15:43:33 +0200 Subject: How to make gnupg-1.0.1 on Unixware 7.0.1 ? In-Reply-To: ; from Ralf.Strandell@silja.com on Tue, Apr 18, 2000 at 03:24:37PM +0300 References: Message-ID: <20000418154333.C29098@djebel.gnupg.de> On Tue, 18 Apr 2000, Strandell, Ralf wrote: > Making all in mpi > UX:make: ERROR: don't know how to make mpih-mul1.o (bu42). Use GNU make -- Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 239577-0 Birkenstr. 12 email wk@openit.de D-40233 Duesseldorf http://www.openit.de From abz@oasis.vino.co.za Tue Apr 18 22:45:36 2000 From: abz@oasis.vino.co.za (Abraham vd Merwe) Date: Tue, 18 Apr 2000 22:45:36 +0000 (GMT) Subject: Unidentified subject! Message-ID: Hi! I'm busy working on a package manager for some platform. We want to sign packages for authentication, and use gpg to do this of course, but we're worried about US import/export laws regarding strong cryptography. Is it legal to import/export gpg to the USA? If so, what about commercial entities? Regards Abraham PS: Please reply to me directly or cc me at least - I'm not subscribed to the list. From ftobin@uiuc.edu Wed Apr 19 02:07:51 2000 From: ftobin@uiuc.edu (Frank Tobin) Date: Tue, 18 Apr 2000 21:07:51 -0500 (CDT) Subject: Unidentified subject! In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Abraham vd Merwe, at 22:45 -0000 on Tue, 18 Apr 2000, wrote: > Is it legal to import/export gpg to the USA? As far as I know, there are no problems for cryptographic software arriving in the US, only the other way around (and is changing, too, for the better). > If so, what about commercial entities? I don't see why this would have any bearing on anything. GnuPG is released under the GPL, which means it can be used for commercial and non-commercial purposes. - -- Frank Tobin http://www.uiuc.edu/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (FreeBSD) Comment: pgpenvelope - http://pgpenvelope.sourceforge.net/ iEYEARECAAYFAjj9FQkACgkQVv/RCiYMT6MhogCbBVPkKvngyC5GlATtGWYiLf/L C0gAn3hN1CRg8gHyYYDcwkHph5bsZUhB =rMDm -----END PGP SIGNATURE----- From adavid@deetya.gov.au Wed Apr 19 04:34:54 2000 From: adavid@deetya.gov.au (Anthony David) Date: Wed, 19 Apr 2000 14:34:54 +1000 (EST) Subject: Unidentified subject! Message-ID: <200004190434.OAA23585@name-ext.deetya.gov.au> Frank Tobin writes: > Abraham vd Merwe, at 22:45 -0000 on Tue, 18 Apr 2000, wrote: > > > Is it legal to import/export gpg to the USA? > > As far as I know, there are no problems for cryptographic software > arriving in the US, only the other way around (and is changing, too, for > the better). > > > If so, what about commercial entities? > > I don't see why this would have any bearing on anything. GnuPG is > released under the GPL, which means it can be used for commercial and > non-commercial purposes. As long as the terms of the license are adhered to. -- ========================================================= Gambling: A discretionary tax on | Anthony David those who were asleep during high | Systems Administrator school mathematics classes | From abz@oasis.vino.co.za Wed Apr 19 08:53:50 2000 From: abz@oasis.vino.co.za (Abraham vd Merwe) Date: Wed, 19 Apr 2000 08:53:50 +0000 (GMT) Subject: Unidentified subject! In-Reply-To: Message-ID: Hi! > > Is it legal to import/export gpg to the USA? > > As far as I know, there are no problems for cryptographic software > arriving in the US, only the other way around (and is changing, too, for > the better). Well, the other thing I've been wondering about is, why is it legal to export signed messages in the US - Isn't that a violation as well? Regards Abraham From Pierre-Henri.Senesi@taloa.unice.fr Wed Apr 19 09:19:15 2000 From: Pierre-Henri.Senesi@taloa.unice.fr (Pierre-Henri SENESI) Date: Wed, 19 Apr 2000 11:19:15 +0200 Subject: Cannot verify PGP5.0i Signature References: Message-ID: <38FD7A13.D10DA53E@taloa.unice.fr> I am tired of receiving dozens of messages of this list. I tried many times to unsubscribe. The mailing system does not work properly and the owner of the list (Lord of the Lists ) explains me that I am not subscribed. It appears now to me as harassment. If everybody from the list reads this message he will probably understand his mistake and maybe do his duty. From rabbi@quickie.net Wed Apr 19 10:04:35 2000 From: rabbi@quickie.net (L. Sassaman) Date: Wed, 19 Apr 2000 03:04:35 -0700 (PDT) Subject: Unidentified subject! In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 19 Apr 2000, Abraham vd Merwe wrote: > Hi! > > > > Is it legal to import/export gpg to the USA? > > > > As far as I know, there are no problems for cryptographic software > > arriving in the US, only the other way around (and is changing, too, for > > the better). > > Well, the other thing I've been wondering about is, why is it legal to > export signed messages in the US - Isn't that a violation as well? No. That would make no sense at all. it has always been legal to "export" signed or encrypted messages. __ L. Sassaman System Administrator | Technology Consultant | [This space for rent] icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | -----BEGIN PGP SIGNATURE----- Comment: For info see http://www.gnupg.org iD8DBQE4/YS/PYrxsgmsCmoRApznAKC5bVzIILVtmWNoSQNiN53drj2ibgCffxnJ tAWRQqBi/NRBUhgXIpv+fgg= =p3zH -----END PGP SIGNATURE----- From mstevens@imaginet.co.uk Wed Apr 19 10:10:02 2000 From: mstevens@imaginet.co.uk (Michael Stevens) Date: Wed, 19 Apr 2000 11:10:02 +0100 Subject: Unidentified subject! In-Reply-To: ; from rabbi@quickie.net on Wed, Apr 19, 2000 at 03:04:35AM -0700 References:

Message-ID: <20000419111002.D17552@imaginet.co.uk> --3V7upXqbjpZ4EhLz Content-Type: text/plain; charset=us-ascii On Wed, Apr 19, 2000 at 03:04:35AM -0700, L. Sassaman wrote: > > Well, the other thing I've been wondering about is, why is it legal to > > export signed messages in the US - Isn't that a violation as well? > No. That would make no sense at all. it has always been legal to > "export" signed or encrypted messages. You say that like encryption related laws are usually sensible. --3V7upXqbjpZ4EhLz Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE4/YX61p2Dcka8PdoRAUhkAJ9eCpz77cw/jnyiqdi++7NZkCm5eQCgoos9 nNRzHm+iTF77wHatKMRtECI= =tJrS -----END PGP SIGNATURE----- --3V7upXqbjpZ4EhLz-- From rabbi@quickie.net Wed Apr 19 10:12:54 2000 From: rabbi@quickie.net (L. Sassaman) Date: Wed, 19 Apr 2000 03:12:54 -0700 (PDT) Subject: Unidentified subject! In-Reply-To: <20000419111002.D17552@imaginet.co.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 19 Apr 2000, Michael Stevens wrote: > On Wed, Apr 19, 2000 at 03:04:35AM -0700, L. Sassaman wrote: > > > Well, the other thing I've been wondering about is, why is it legal to > > > export signed messages in the US - Isn't that a violation as well? > > No. That would make no sense at all. it has always been legal to > > "export" signed or encrypted messages. > > You say that like encryption related laws are usually sensible. Laugh. True enough. But you can sort of stretch your mind to somewhat understand the idea that allowing crypto programs to be exported would be prohibited. But having a signed message doesn't give the individual any benefit if he doesn't have the technology already. __ L. Sassaman System Administrator | Technology Consultant | [This space for rent] icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | -----BEGIN PGP SIGNATURE----- Comment: For info see http://www.gnupg.org iD8DBQE4/YauPYrxsgmsCmoRAvVYAKDaMEAwSlsVAqeyoK4jILkpD2UFjwCg0M9Q ilxuO0DqkuTXeS/QDd4GIjA= =JvU+ -----END PGP SIGNATURE----- From mstevens@imaginet.co.uk Wed Apr 19 10:14:35 2000 From: mstevens@imaginet.co.uk (Michael Stevens) Date: Wed, 19 Apr 2000 11:14:35 +0100 Subject: Unidentified subject! In-Reply-To: ; from rabbi@quickie.net on Wed, Apr 19, 2000 at 03:12:54AM -0700 References: <20000419111002.D17552@imaginet.co.uk> Message-ID: <20000419111435.F17552@imaginet.co.uk> --MW5yreqqjyrRcusr Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable On Wed, Apr 19, 2000 at 03:12:54AM -0700, L. Sassaman wrote: > > You say that like encryption related laws are usually sensible. > Laugh. True enough. But you can sort of stretch your mind to somewhat > understand the idea that allowing crypto programs to be exported would be > prohibited. But having a signed message doesn't give the individual any > benefit if he doesn't have the technology already. The bit that's always puzzled me is that exports of descriptions of how to do crypto are permitted, but the actual crypto isn't. It gives the impression that the US thinks the rest of the world is=20 incapable of ever writing a line of code. --MW5yreqqjyrRcusr Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE4/YcL1p2Dcka8PdoRAX8BAJ9szpTKCuE/bQG3bpqIUMXFX5noIQCfT7Q+ YCCVdfKb6pkxfz2uMa2mCyM= =/RoG -----END PGP SIGNATURE----- --MW5yreqqjyrRcusr-- From rabbi@quickie.net Wed Apr 19 10:21:17 2000 From: rabbi@quickie.net (L. Sassaman) Date: Wed, 19 Apr 2000 03:21:17 -0700 (PDT) Subject: Unidentified subject In-Reply-To: <20000419111435.F17552@imaginet.co.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Actually, that's the whole "Free speech" thing. That's why we have been able to export PGP source in book form, but not electronically. (This has changed). Books are protected by freedom of speech. Electronic source and binaries are munitions. Go figure. On Wed, 19 Apr 2000, Michael Stevens wrote: > The bit that's always puzzled me is that exports of descriptions > of how to do crypto are permitted, but the actual crypto isn't. It > gives the impression that the US thinks the rest of the world is > incapable of ever writing a line of code. > __ L. Sassaman System Administrator | Technology Consultant | [This space for rent] icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | -----BEGIN PGP SIGNATURE----- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE4/YijPYrxsgmsCmoRAsnbAJ0QP4FcMYAL8YtlqY5BkQ5HJrPgVgCfccVG KuyEhXKA4ik5hEou+JwcrDM= =u1a1 -----END PGP SIGNATURE----- From mstevens@imaginet.co.uk Wed Apr 19 10:35:19 2000 From: mstevens@imaginet.co.uk (Michael Stevens) Date: Wed, 19 Apr 2000 11:35:19 +0100 Subject: Unidentified subject In-Reply-To: ; from rabbi@quickie.net on Wed, Apr 19, 2000 at 03:21:17AM -0700 References: <20000419111435.F17552@imaginet.co.uk> Message-ID: <20000419113519.I17552@imaginet.co.uk> --E13BgyNx05feLLmH Content-Type: text/plain; charset=us-ascii On Wed, Apr 19, 2000 at 03:21:17AM -0700, L. Sassaman wrote: > Actually, that's the whole "Free speech" thing. That's why we have been > able to export PGP source in book form, but not electronically. (This has > changed). Books are protected by freedom of speech. Electronic source and > binaries are munitions. Go figure. I can kinda see how it follows from existing rules, but it's still a bit odd. --E13BgyNx05feLLmH Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE4/Yvn1p2Dcka8PdoRAXOMAJ9bIeUh75A5GIE6EQwpSEsds4Lj+gCePm4R x+0ljcpV7Qf1ZnGWg/lhHeQ= =mYn1 -----END PGP SIGNATURE----- --E13BgyNx05feLLmH-- From abz@oasis.vino.co.za Wed Apr 19 12:09:36 2000 From: abz@oasis.vino.co.za (Abraham vd Merwe) Date: Wed, 19 Apr 2000 12:09:36 +0000 (GMT) Subject: Unidentified subject! In-Reply-To: Message-ID: Hi! What characters is allowed in a GnuPG signature? What I actually want to know is if I can import a public key into a SQL database as tinytext or a blob without escaping some characters. Regards Abraham PS: Remember to cc me, I'm not subscribed to the list From Ralf.Strandell@silja.com Wed Apr 19 11:00:41 2000 From: Ralf.Strandell@silja.com (Strandell, Ralf) Date: Wed, 19 Apr 2000 14:00:41 +0300 Subject: How to make gnupg-1.0.1 on Unixware 7.0.1 ? Message-ID: >From: Werner Koch [mailto:wk@gnupg.org] >Subject: Re: How to make gnupg-1.0.1 on Unixware 7.0.1 ? >> Making all in mpi >> UX:make: ERROR: don't know how to make mpih-mul1.o (bu42). >Use GNU make I installed gnu make 3.76.1 and now it complains: gcc -c -o mpih-mul1.o mpih-mul1.S UX:as: ERROR: /usr/tmp/ccUz1adp.s:111:syntax error at ( UX:as: ERROR: /usr/tmp/ccUz1adp.s:115:invalid register token UX:as: ERROR: /usr/tmp/ccUz1adp.s:116:invalid register token UX:as: ERROR: /usr/tmp/ccUz1adp.s:117:invalid register token UX:as: ERROR: /usr/tmp/ccUz1adp.s:118:invalid register token UX:as: ERROR: /usr/tmp/ccUz1adp.s:120:invalid register token UX:as: ERROR: /usr/tmp/ccUz1adp.s:120:invalid register token UX:as: ERROR: /usr/tmp/ccUz1adp.s:121:invalid register token UX:as: ERROR: /usr/tmp/ccUz1adp.s:121:invalid register token UX:as: ERROR: /usr/tmp/ccUz1adp.s:122:invalid register token UX:as: ERROR: /usr/tmp/ccUz1adp.s:122:invalid register token UX:as: ERROR: /usr/tmp/ccUz1adp.s:123:invalid register token UX:as: ERROR: /usr/tmp/ccUz1adp.s:123:invalid register token UX:as: ERROR: /usr/tmp/ccUz1adp.s:125:invalid register token UX:as: ERROR: /usr/tmp/ccUz1adp.s:125:invalid register token UX:as: ERROR: /usr/tmp/ccUz1adp.s:125:invalid register token UX:as: ERROR: /usr/tmp/ccUz1adp.s:126:invalid register token UX:as: ERROR: /usr/tmp/ccUz1adp.s:126:invalid register token UX:as: ERROR: /usr/tmp/ccUz1adp.s:126:invalid register token UX:as: ERROR: /usr/tmp/ccUz1adp.s:127:invalid register token UX:as: ERROR: /usr/tmp/ccUz1adp.s:128:invalid register token ...too many errors make[2]: *** [mpih-mul1.o] Error 1 make[2]: Leaving directory `/home/transadm/apps/gpg/gnupg-1.0.1/mpi' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/transadm/apps/gpg/gnupg-1.0.1' make: *** [all-recursive-am] Error 2 Any clue? ( There is also a make 3.78.1 package available for uw but it does not work. ) From Trevor Smith" Message-ID: <200004191421.LAA14848@jupiter.accesscable.net> On Wed, 19 Apr 2000 11:14:35 +0100, Michael Stevens wrote: >gives the impression that the US thinks the rest of the world is >incapable of ever writing a line of code. Lots of "official" US policy gives the impression that the US thinks the rest of the world isn't able to write a simple sentence, or tie its shoes, or wipe its nose... :-) -- Trevor Smith | trevor@haligonian.com PGP public key available at: www.haligonian.com/trevor PGP Public Key Fingerprint= A68C C4EC C163 5C0A 6CFA 671F 05D4 0B30 318B AFD6 From c.hertel@usa.net Wed Apr 19 09:29:01 2000 From: c.hertel@usa.net (Christoph Hertel) Date: Wed, 19 Apr 2000 11:29:01 +0200 Subject: 'gpg --recv-key 0xBAC8E4D5' doesn't work Message-ID: <20000419112901.A680@hyper.toast> --3V7upXqbjpZ4EhLz Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable The only way I can get keys from a keyserver is by email. When I try to connect to one directly with gnupg I get: $ gpg --keyserver wwwkeys.pgp.net --recv-key 0xBAC8E4D5 gpg: requesting key BAC8E4D5 from wwwkeys.pgp.net ... gpg: no valid OpenPGP data found. gpg: Total number processed: 0 I tried several keyserver all over the world (with name and ip-number; from 'host -l pgp.net | grep www'). I get the same message, whether I'm dialed up or not doesn't matter. I can ping the servers. The key should exist on the server. I tried other keys (in the long and short form). I tried it from another computer with a static ip-address, there I get something like 'connection refused' from the server. I have GnuPG version 1.0.1 Aren't the keyservers 'OpenPGP' compatible, serving 'invalid OpenPGP data'? Am I overlooking something really obvious? Thanks for an answer. Christoph --=20 get my PGP (GnuPG) key 0xBAC8E4D5 from a keyserver or by mailing me (subject: get gpg key) --3V7upXqbjpZ4EhLz Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE4/XxdQiQTYbrI5NURAcDGAKCKQcArJT+KYPMk7nazzZvMG9w6eQCeIJqW TxCE2Yh2uXXXkhU9t+omp/E= =LwaC -----END PGP SIGNATURE----- --3V7upXqbjpZ4EhLz-- From lzeeb@coordinated.net Wed Apr 19 21:49:44 2000 From: lzeeb@coordinated.net (Larry Zeeb) Date: Wed, 19 Apr 2000 14:49:44 -0700 Subject: md5sum gnupg-1.0.1.tar.gz Message-ID: <38FE29F8.EEC7AF9E@coordinated.net> Hi, What should the resulting checksum be for: # md5sum gnupg-1.0.1.tar.gz Thanks. Larry. Feel free to add me to the subscriber list. From lzeeb@coordinated.net Thu Apr 20 00:06:32 2000 From: lzeeb@coordinated.net (Larry Zeeb) Date: Wed, 19 Apr 2000 17:06:32 -0700 Subject: Found the answer to the previous message re: md5sum gnupg-1.0.1.tar.gz Message-ID: <38FE4A08.17312612@coordinated.net> Sorry to bug you. It was on your site: http://www.gnupg.org/download.html MD5 checksums: 14ce577afd03d56cba5d8ee59b9580ed gnupg-1.0.1.tar.gz Thanks, Larry. ------ Previous datagram. ------- Hi, What should the resulting checksum be for: # md5sum gnupg-1.0.1.tar.gz Thanks. Larry. Feel free to add me to the subscriber list. From dmat@ozemail.com.au Thu Apr 20 08:31:53 2000 From: dmat@ozemail.com.au (diana mathew) Date: Thu, 20 Apr 2000 18:01:53 +0930 Subject: Fw: subscribe Message-ID: <002d01bfaaa2$e35b5260$1fc054d2@default> -----Original Message----- From: diana mathew To: gnu@gnu.org Date: Thursday, 20 April 2000 18:00 Subject: subscribe >Hello, > >I am a recent subscriber of your service and I think I may have accidently >sent and unsubscribe email to you recently. I had today received your >information which triggered me to the mistake I made. If your unsubscribe >facility takes a few days to go through and it is not immediate I have just >snuck through on this one. Is there any way that can be checked?? >My email address is dmat@ozemail.com.au > >I hope I haven't caused any extra work for anyone, if I have I do apologise. > >Diana Mathew > > From c.hertel@usa.net Thu Apr 20 08:41:15 2000 From: c.hertel@usa.net (Christoph Hertel) Date: Thu, 20 Apr 2000 10:41:15 +0200 Subject: it works, with some servers In-Reply-To: <20000419112901.A680@hyper.toast>; from c.hertel@usa.net on Wed, Apr 19, 2000 at 11:29:01AM +0200 References: <20000419112901.A680@hyper.toast> Message-ID: <20000420104115.B417@hyper.toast> --FCuugMFkClbJLl1L Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable * Christoph Hertel [2000.04.20]: > The only way I can get keys from a keyserver is by email. When I try to > connect to one directly with gnupg I get: > $ gpg --keyserver wwwkeys.pgp.net --recv-key 0xBAC8E4D5 > gpg: requesting key BAC8E4D5 from wwwkeys.pgp.net ... > gpg: no valid OpenPGP data found. > gpg: Total number processed: 0 Thanks to Alvar and Daniel for a reply. It works with the Spanish (wwwkeys.es.pgp.net) keyserver without problems. The German (wwwkeys.de.pgp.net) can't even be pinged (I live in Germany, that's why I try it all the time). The Danish (wwwkeys.dk.pgp.net) can be pinged, but gives me the reply I got yesterday all the time from all the keyservers I tried. The '--verbose' option doesn't give me further output. The '--debug-all' gave me the following output: ~$ gpg -v --debug-all --keyserver wwwkeys.dk.pgp.net --recv-key 0xBAC8E4D5 gpg: reading options from /home/chh/.gnupg/options' gpg: DBG: iobuf-1.0: open /home/chh/.gnupg/secring.gpg' fd=3D3 gpg: DBG: iobuf-1.0: close =06ile_filter' gpg: DBG: /home/chh/.gnupg/secring.gpg: close fd 3 gpg: DBG: iobuf-2.0: open /home/chh/.gnupg/pubring.gpg' fd=3D3 gpg: DBG: iobuf-2.0: close =06ile_filter' gpg: DBG: /home/chh/.gnupg/pubring.gpg: close fd 3 gpg: requesting key BAC8E4D5 from wwwkeys.dk.pgp.net ... gpg: DBG: iobuf-3.0: fdopen =1Bfd 3]' gpg: DBG: iobuf-3.0: close =06ile_filter' gpg: DBG: [fd 3]: close fd 3 gpg: DBG: iobuf-4.0: fdopen =1Bfd 4]' gpg: DBG: iobuf-4.0: underflow: req=3D8192 got=3D2764 rc=3D0 gpg: DBG: armor-filter: control: 5 gpg: DBG: iobuf-4.1: push =01rmor_filter' gpg: DBG: armor-filter: control: 5 gpg: DBG: iobuf chain: 4.1 =01rmor_filter' filter_eof=3D0 start=3D0 len=3D0 gpg: DBG: iobuf chain: 4.0 =06ile_filter' filter_eof=3D0 start=3D194 len=3D= 2764 gpg: DBG: armor-filter: control: 1 gpg: DBG: armor-filter: control: 3 gpg: DBG: iobuf-4.0: underflow: req=3D8192 got=3D0 rc=3D-1 gpg: DBG: [fd 4]: close fd 4 gpg: DBG: iobuf-4.0: underflow: eof gpg: DBG: iobuf-4.0: underflow: eof (due to filter eof) gpg: DBG: iobuf-4.1: underflow: req=3D8192 got=3D0 rc=3D-1 gpg: DBG: armor-filter: control: 2 gpg: no valid OpenPGP data found. gpg: DBG: iobuf-4.1: pop (null)' in underflow (!len) gpg: DBG: iobuf chain: 4.1 =1Bnone]' filter_eof=3D1 start=3D0 len=3D0 gpg: DBG: iobuf chain: 4.0 =1Bnone]' filter_eof=3D0 start=3D2764 len=3D2764 gpg: DBG: iobuf chain: 4.0 =1Bnone]' filter_eof=3D0 start=3D2764 len=3D2764 gpg: DBG: iobuf-4.0: underflow: eof gpg: Total number processed: 0 gpg: DBG: iobuf-4.0: close (null)' random usage: poolsize=3D600 mixed=3D0 polls=3D0/0 added=3D0/0 outmix=3D0 getlvl1=3D0/0 getlvl2=3D0/0 secmem usage: 0/0 bytes in 0/0 blocks of pool 0/16384 Do I have a local problem? Are the servers out of sync? Thanks, Christoph --=20 get my PGP (GnuPG) key 0xBAC8E4D5 from a keyserver or by mailing me (subject: get gpg key) --FCuugMFkClbJLl1L Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE4/sKrQiQTYbrI5NURAVpGAJ0ReQx9f8RxXrGCEsUuTTf6nrgJBACfT/Co Z5mSb9LwKFf0XCDPomUSL34= =xvWe -----END PGP SIGNATURE----- --FCuugMFkClbJLl1L-- From wk@gnupg.org Thu Apr 20 10:24:45 2000 From: wk@gnupg.org (Werner Koch) Date: Thu, 20 Apr 2000 12:24:45 +0200 Subject: md5sum gnupg-1.0.1.tar.gz In-Reply-To: <38FE29F8.EEC7AF9E@coordinated.net>; from lzeeb@coordinated.net on Wed, Apr 19, 2000 at 02:49:44PM -0700 References: <38FE29F8.EEC7AF9E@coordinated.net> Message-ID: <20000420122445.A6919@djebel.gnupg.de> --vkogqOf2sHV7VnPd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, 19 Apr 2000, Larry Zeeb wrote: > What should the resulting checksum be for: > # md5sum gnupg-1.0.1.tar.gz $ md5sum gnupg-1.0.1.tar.gz 14ce577afd03d56cba5d8ee59b9580ed gnupg-1.0.1.tar.gz --=20 Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 239577-0 Birkenstr. 12 email wk@openit.de D-40233 Duesseldorf http://www.openit.de --vkogqOf2sHV7VnPd Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1d (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE4/trpbH7huGIcwBMRArqyAJ4wi7nmR3Hz5KmPtJZjIIJOj9nZTACeJqeR SOqrO8t6a3aKCbuYsfXYXD0= =oioH -----END PGP SIGNATURE----- --vkogqOf2sHV7VnPd-- From BvdLeeden@Linuxfan.com Thu Apr 20 11:59:52 2000 From: BvdLeeden@Linuxfan.com (Ben v.d. Leeden) Date: Thu, 20 Apr 2000 13:59:52 +0200 (CEST) Subject: Delete key from a keyserver Message-ID: <200004201159.NAA11808@superluminal.usn.nl> Hi, maybe it is a dumb question, but I saw a few publick keys of mine on a keyserver which aren't being used... I have read the GnuPG manual how to revoke a key (--gen-revoke) but I don't have the secret keys anymore.... Is is possible to erase them from the key- server ??? -- +-----+-----+ _.-, Ben v/d Leeden | ICQ: #53586252 .--' '-._ http://www.BvdL.nl | Nickname: McBuster _/`_ _ '. BvdLeeden@Linuxfan.com | GnuPG Key ID: C99F2D17 '----'._`.----. \ +-------------------------+-------------------------+ ` \; ;_\ From ANDRE.LEIRADELLA@bra.xerox.com Thu Apr 20 12:17:59 2000 From: ANDRE.LEIRADELLA@bra.xerox.com (Leiradella, Andre V Matos Da Cunha) Date: Thu, 20 Apr 2000 09:17:59 -0300 Subject: Secure connections Message-ID: Does anybody can point me the functions I need to: . Generate a key pair; . Encrypt/Decrypt a data buffer using one of the keys. I'm gonna use gnupg to start a secure client-server connection to exchange a DES (does DES do the job?) key that will be used to encrypt/decrypt all data that passes over the connection. I know automatic generation of keys suck because random number generators suck too, but I'll probably by using an external hardware to generate true (?) random numbers. Thanks in advance, Andre de Leiradella From ftobin@uiuc.edu Thu Apr 20 14:19:37 2000 From: ftobin@uiuc.edu (Frank Tobin) Date: Thu, 20 Apr 2000 09:19:37 -0500 (CDT) Subject: Delete key from a keyserver In-Reply-To: <200004201159.NAA11808@superluminal.usn.nl> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ben v.d. Leeden, at 13:59 +0200 on Thu, 20 Apr 2000, wrote: > Hi, maybe it is a dumb question, but I saw a few publick keys of mine on a > keyserver which aren't being used... > > I have read the GnuPG manual how to revoke a key (--gen-revoke) but I don't > have the secret keys anymore.... Is is possible to erase them from the key- > server ??? Nope, you can't remove them. The simple 'because' is that you can't verify yourself to the keyserver to tell it you don't want your key on it, because you don't have access to your key/passphrase. - -- Frank Tobin http://www.uiuc.edu/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (FreeBSD) Comment: pgpenvelope - http://pgpenvelope.sourceforge.net/ iEYEARECAAYFAjj/EgoACgkQVv/RCiYMT6ODcQCgoAYszevvvhRDQtaTwM5k8VgP eEYAnjpUpmzgUq97NIuP9Iea8Fx9kbTj =eBZq -----END PGP SIGNATURE----- From ftobin@uiuc.edu Thu Apr 20 14:28:20 2000 From: ftobin@uiuc.edu (Frank Tobin) Date: Thu, 20 Apr 2000 09:28:20 -0500 (CDT) Subject: Secure connections In-Reply-To: Message-ID: Leiradella, Andre V Matos Da Cunha, at 09:17 -0300 on Thu, 20 Apr 2000, wrote: > Does anybody can point me the functions I need to: It sounds like you really need to look through the FAQ or README that is distributed with GnuPG. Why do you think the random number generation in GnuPG is bad? I'm assuming you're using an OS, of course, that has a _real_ /dev/random, such as Linux or the BSD's. Oh, and DES won't do the job. Use something that is trusted and has a decent keysize, such as maybe 3DES. Look at http://www.openssl.org/ for implementations. -- Frank Tobin http://www.uiuc.edu/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus From ANDRE.LEIRADELLA@bra.xerox.com Thu Apr 20 17:35:37 2000 From: ANDRE.LEIRADELLA@bra.xerox.com (Leiradella, Andre V Matos Da Cunha) Date: Thu, 20 Apr 2000 14:35:37 -0300 Subject: RES: Secure connections Message-ID: Sorry, I didn't made myself clear. I know I can generate key pairs and encrypt/decrypt files using the command line. What I really need is the C functions witch do it, so I can link them into my programs. About the random number generation, don't get me wrong. I'm using Linux 2.2.12 and I know /dev/random is ok, but so much is talked about random numbers when it comes to key generation that I thought I needed something more than it. And thank you Frank for pointing me that DES won't do it. I'm already looking for 3DES. Andre de Leiradella -----Mensagem original----- De: Frank Tobin [mailto:ftobin@uiuc.edu] Enviada em: Quinta-feira, 20 de Abril de 2000 11:28 Para: 'gnupg-users@gnupg.org' Assunto: Re: Secure connections Leiradella, Andre V Matos Da Cunha, at 09:17 -0300 on Thu, 20 Apr 2000, wrote: > Does anybody can point me the functions I need to: It sounds like you really need to look through the FAQ or README that is distributed with GnuPG. Why do you think the random number generation in GnuPG is bad? I'm assuming you're using an OS, of course, that has a _real_ /dev/random, such as Linux or the BSD's. Oh, and DES won't do the job. Use something that is trusted and has a decent keysize, such as maybe 3DES. Look at http://www.openssl.org/ for implementations. -- Frank Tobin http://www.uiuc.edu/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus From ftobin@uiuc.edu Thu Apr 20 19:04:32 2000 From: ftobin@uiuc.edu (Frank Tobin) Date: Thu, 20 Apr 2000 14:04:32 -0500 (CDT) Subject: RES: Secure connections In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Leiradella, Andre V Matos Da Cunha, at 14:35 -0300 on Thu, 20 Apr 2000, wrote: > I know I can generate key pairs and encrypt/decrypt files using the > command line. What I really need is the C functions witch do it, so I > can link them into my programs. Werner has said before that he does not plan to produce an sdk; see the thread: http://lists.gnupg.org/gnupg-users-200001/msg00193.html - -- Frank Tobin http://www.uiuc.edu/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (FreeBSD) Comment: pgpenvelope - http://pgpenvelope.sourceforge.net/ iEYEARECAAYFAjj/VM4ACgkQVv/RCiYMT6MSZQCfaFdgvwv5Aa05wPJ6RGhY5jbz 0N4An1KB/Zopzbmi+4uS/xWVQR3eLydN =Nb8i -----END PGP SIGNATURE----- From phil@Stimpy.netroedge.com Thu Apr 20 20:00:25 2000 From: phil@Stimpy.netroedge.com (phil@Stimpy.netroedge.com) Date: Thu, 20 Apr 2000 13:00:25 -0700 Subject: RES: Secure connections In-Reply-To: ; from ANDRE.LEIRADELLA@bra.xerox.com on Thu, Apr 20, 2000 at 02:35:37PM -0300 References: Message-ID: <20000420130025.Q16208@Stimpy.netroedge.com> Almost related: For machines which do a lot of encrypting based on random numbers (VPN routers, SSL web servers, etc.), are there hardware products which can produce lots of high-quality random numbers? The kernel /dev/random works well, but sometimes it can run out of data, and the server will lag. I'm interested in what you people think. Phil On Thu, Apr 20, 2000 at 02:35:37PM -0300, Leiradella, Andre V Matos Da Cunha wrote: > Sorry, I didn't made myself clear. > > I know I can generate key pairs and encrypt/decrypt files using the command > line. What I really need is the C functions witch do it, so I can link them > into my programs. > > About the random number generation, don't get me wrong. I'm using Linux > 2.2.12 and I know /dev/random is ok, but so much is talked about random > numbers when it comes to key generation that I thought I needed something > more than it. -- Philip Edelbrock -- IS Manager -- Edge Design, Corvallis, OR phil@netroedge.com -- http://www.netroedge.com/~phil PGP F16: 01 D2 FD 01 B5 46 F4 F0 3A 8B 9D 7E 14 7F FB 7A From ino-waiting@gmx.net Thu Apr 20 18:10:35 2000 From: ino-waiting@gmx.net (Fischer) Date: Thu, 20 Apr 2000 20:10:35 +0200 (CEST) Subject: Delete key from a keyserver In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 20 Apr 2000, Frank Tobin wrote: > [on orphaned keys] > Nope, you can't remove them. The simple 'because' is that you can't > verify yourself to the keyserver to tell it you don't want your key on it, > because you don't have access to your key/passphrase. that's why i (usually {^) let'm expire a year from now... - -- ino-waiting@gmx.net -----BEGIN PGP SIGNATURE----- Comment: gpg 1.0.1 iD8DBQE4/0gv1GhbiEiUxIMRAj/KAKDD8DCvY/uEG/JCOtOfGoN1DUtdvQCdGA+i Pm+yujgdgY8epGv45QUfGWU= =aflX -----END PGP SIGNATURE----- From badjer@bigpond.com Fri Apr 21 06:11:33 2000 From: badjer@bigpond.com (Matt Red) Date: Fri, 21 Apr 2000 06:11:33 GMT Subject: Signatures on GnuPG Message-ID: <20000421.6113300@Nimrod.bigpond.com> HI there, I am interested in using this nice looking software, but I see some problems with teh signatures. The key I down loaded from the web site is this 1024D/57548DCD 1998-07-07 Werner Koch (gnupg sig) that is from your web site (official GnuPG). I am puzzled to find that the rpm's that I down load are signed with "pg: Signature made Mon Jan 17 04:21:20 2000 EST using DSA key ID 3DCB0CDC." Any suggestions? Where is this other key available? Why the discrepancy? Thanks, Matt From ftobin@uiuc.edu Fri Apr 21 06:54:58 2000 From: ftobin@uiuc.edu (Frank Tobin) Date: Fri, 21 Apr 2000 01:54:58 -0500 (CDT) Subject: Signatures on GnuPG In-Reply-To: <20000421.6113300@Nimrod.bigpond.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matt Red, at 06:11 -0000 on Fri, 21 Apr 2000, wrote: > I am puzzled to find that the rpm's that I down load are signed with > "pg: Signature made Mon Jan 17 04:21:20 2000 EST using DSA key ID > 3DCB0CDC." Werner doesn't do the RPM's; he signs the source. The key you are referring to is most likely the RPM builder's key. - -- Frank Tobin http://www.uiuc.edu/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (FreeBSD) Comment: pgpenvelope - http://pgpenvelope.sourceforge.net/ iEYEARECAAYFAjj/+1kACgkQVv/RCiYMT6M+DgCfUQb7jdbQJl3vc14+tEqRtxvK tj8An21sesXg5nEsM/P0yWJTPpcAi2uR =NM5q -----END PGP SIGNATURE----- From Florian.Weimer@rus.uni-stuttgart.de Fri Apr 21 13:36:27 2000 From: Florian.Weimer@rus.uni-stuttgart.de (Florian Weimer) Date: 21 Apr 2000 15:36:27 +0200 Subject: Exit status and failed decryption of session key Message-ID: If a messages is encrypted to multiple subscribers, and secret keys are present for all subscribers, but not all secret keys can be decrypted (i.e. because of a missing or wrong passphrase), GnuPG 1.0.1 exits with status 2 even if the messages was successfully decrypted because a usable secret key was found in the end. Bug or feature? It's quite annoying if you want to find out whether decryption succeed by looking at the exit status. -- Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898 http://ca.uni-stuttgart.de:11371/pks/lookup?op=get&search=0xC06EC3B5 From drew@cesspool.net Fri Apr 21 15:54:29 2000 From: drew@cesspool.net (Drew Bloechl) Date: Fri, 21 Apr 2000 08:54:29 -0700 Subject: Signatures on GnuPG In-Reply-To: ; from ftobin@uiuc.edu on Fri, Apr 21, 2000 at 01:54:58AM -0500 References: <20000421.6113300@Nimrod.bigpond.com> Message-ID: <20000421085429.A7146@owns.sith-lord.org> --k+w/mQv8wyuph6w0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Apr 21, 2000 at 01:54:58AM -0500, Frank Tobin wrote: > Matt Red, at 06:11 -0000 on Fri, 21 Apr 2000, wrote: >=20 > > I am puzzled to find that the rpm's that I down load are signed with=20 > > "pg: Signature made Mon Jan 17 04:21:20 2000 EST using DSA key ID=20 > > 3DCB0CDC." >=20 > Werner doesn't do the RPM's; he signs the source. The key you are > referring to is most likely the RPM builder's key. Which, for what it's worth, is available on the keyservers: $ gpg --recv-keys 3DCB0CDC gpg: requesting key 3DCB0CDC from wwwkeys.us.pgp.net ... gpg: key 3DCB0CDC: public key imported gpg: Total number processed: 1 gpg: imported: 1 $ gpg --list-keys 3DCB0CDC pub 1024D/3DCB0CDC 1998-10-13 Fabio Coatti (Cova) sub 2048g/2C83DFED 1998-10-13 You'll need a "keyserver" line in your .gnupg/options file for this. =20 --=20 Drew Bloechl drew@cesspool.net --k+w/mQv8wyuph6w0 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Comment: For info see http://www.gnupg.org iD8DBQE5AHm12DExozOFVRYRAnRpAKCB3DGoL3vbdhG0uqA4n1z3qwD1AACgh6c/ wz7plmCGF5kGsxdUUzCfaeY= =F9I1 -----END PGP SIGNATURE----- --k+w/mQv8wyuph6w0-- From ftobin@uiuc.edu Fri Apr 21 16:23:47 2000 From: ftobin@uiuc.edu (Frank Tobin) Date: Fri, 21 Apr 2000 11:23:47 -0500 (CDT) Subject: Exit status and failed decryption of session key In-Reply-To: Message-ID: Florian Weimer, at 15:36 +0200 on 21 Apr 2000, wrote: > Bug or feature? It's quite annoying if you want to find out whether > decryption succeed by looking at the exit status. There are so many issues that can happen as the result of an OpenPGP operation. One could verify a signature, but not have the public key or a web-of-trust line, or one could have the issue you talked aobut, etc. What you should really look into is parsing the output of the option "status-fd", which has information described in GnuPG's DETAILS file. -- Frank Tobin http://www.uiuc.edu/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus From bwise@sito.saic.com Fri Apr 21 15:17:13 2000 From: bwise@sito.saic.com (Ben Wise) Date: Fri, 21 Apr 2000 11:17:13 -0400 Subject: Can't remove 'lock' Message-ID: <390070F8.F769D569@sito.saic.com> Folks, I'm new to using GnuPG, and I am getting a puzzling error. I can list the keys with no trouble, but if I try anything else, I get this error: gpg: waiting for lock (hold by 1295 - probably dead) ... gpg: waiting for lock (hold by 1295 - probably dead) ... This continues indefinitely. It sounds to me like it somehow thinks another copy of gpg locked the keyrings somehow. In the manual and FAQ, I can't find locks anywhere, let alone how to remove them. Does anyone know the fix for this? (Please CC: me, as I have not yet subscribed) -- Ben P Wise, PhD Voice: 703-907-2555 SAIC Cell: 703-731-5144 http://www.saic.com bwise@sito.saic.com From ftobin@uiuc.edu Fri Apr 21 19:40:58 2000 From: ftobin@uiuc.edu (Frank Tobin) Date: Fri, 21 Apr 2000 14:40:58 -0500 (CDT) Subject: Can't remove 'lock' In-Reply-To: <390070F8.F769D569@sito.saic.com> Message-ID: Ben Wise, at 11:17 -0400 on Fri, 21 Apr 2000, wrote: > gpg: waiting for lock (hold by 1295 - probably dead) ... > gpg: waiting for lock (hold by 1295 - probably dead) ... Look for ~/.gnupg/*.lock and remove that file(s). -- Frank Tobin http://www.uiuc.edu/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus From drew@cesspool.net Fri Apr 21 19:42:00 2000 From: drew@cesspool.net (Drew Bloechl) Date: Fri, 21 Apr 2000 12:42:00 -0700 Subject: Can't remove 'lock' In-Reply-To: <390070F8.F769D569@sito.saic.com>; from bwise@sito.saic.com on Fri, Apr 21, 2000 at 11:17:13AM -0400 References: <390070F8.F769D569@sito.saic.com> Message-ID: <20000421124200.A11116@owns.sith-lord.org> --wRRV7LY7NUeQGEoC Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Apr 21, 2000 at 11:17:13AM -0400, Ben Wise wrote: > Folks, >=20 > I'm new to using GnuPG, and I am getting a puzzling error. > I can list the keys with no trouble, but if I > try anything else, I get this error: >=20 > gpg: waiting for lock (hold by 1295 - probably dead) ... > gpg: waiting for lock (hold by 1295 - probably dead) ... This happened to me just yesterday while I was importing a batch of=20 keys from a keyserver. I don't know what causes it, but you can=20 remove the lockfile. Look in .gnupg/ for a file that ends in .lock=20 and delete it. =20 --=20 Drew Bloechl drew@cesspool.net --wRRV7LY7NUeQGEoC Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Comment: For info see http://www.gnupg.org iD8DBQE5AK8I2DExozOFVRYRApb/AJ9YQUVvhZZoPCVBm/LvZekbBVF7UQCdEh47 wJlV0yMZx4sRREIsruTbeJQ= =71XG -----END PGP SIGNATURE----- --wRRV7LY7NUeQGEoC-- From bgalbraith@penguinpowered.com Fri Apr 21 19:55:38 2000 From: bgalbraith@penguinpowered.com (Brian Galbraith) Date: Fri, 21 Apr 2000 20:55:38 +0100 (BST) Subject: Behaviour of sub keys Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Folks I have a question regarding the behaviour of sub keys. If I have a time limited primary subkey, and generate a new subkey. without revoking the old one....what happens? Are both keys used..or.is the original used until it expires with the new one taking over? Regards Brian - ------------------------------------------------------------ Brian Galbraith Sign Only Key 0x6A6DFEFB http://picard.uni-paderborn.de:11371/pks/lookup?op=get&search=0x6A6DFEFB Default Encryption Key 0x63EBA765 (DH/DSA) http://picard.uni-paderborn.de:11371/pks/lookup?op=get&search=0x63EBA765 - ----------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1e (GNU/Linux) Comment: Digital Signatures Verify Author and Unaltered Content iD8DBQE5ALFT1MQNj2pt/vsRAubqAJ4wx8DBMf/Qba9UUbxEzeAUpEa7iACdEX4g E1b1myVGE2NFGGQXT7rnynk= =Rdvz -----END PGP SIGNATURE----- From ino-waiting@gmx.net Fri Apr 21 19:59:54 2000 From: ino-waiting@gmx.net (Fischer) Date: Fri, 21 Apr 2000 21:59:54 +0200 (CEST) Subject: Exit status and failed decryption of session key In-Reply-To: Message-ID: On Fri, 21 Apr 2000, Frank Tobin wrote: > etc. What you should really look into is parsing the output of the option > "status-fd", which has information described in GnuPG's DETAILS file. lights my fire :^) in what way? i have both the status- and logger-fd turned on for watching purposes. the output might be parsed to get the precise overall picture, and there are not many verbs, and nothing you would call "fuzzy", contextual information. on the other hand the gnupg's docs are not complete. so, how about making an incrementally learning parser, done in prolog, which will take over the whole thing in the near future, making the handling of any kind of encryption a breeze even for a child? and maybe, when the software, personalized to the most intimate utterances, takes all the shortcuts available, it might not even be neccessary to type in a passphrase, or to use gpg in the first place! -- ino-waiting@gmx.net From merlock@hom.net Fri Apr 21 20:07:09 2000 From: merlock@hom.net (Merell L. Matlock, Jr.) Date: Fri, 21 Apr 2000 16:07:09 -0400 Subject: Can't remove 'lock' In-Reply-To: <390070F8.F769D569@sito.saic.com>; from bwise@sito.saic.com on Fri, Apr 21, 2000 at 11:17:13AM -0400 References: <390070F8.F769D569@sito.saic.com> Message-ID: <20000421160709.A1585@hom.net> --bp/iNruPH9dso1Pn Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable * Ben Wise (bwise@sito.saic.com) [000421 15:53]: =20 > I'm new to using GnuPG, and I am getting a puzzling error. > I can list the keys with no trouble, but if I > try anything else, I get this error: >=20 > gpg: waiting for lock (hold by 1295 - probably dead) ... > gpg: waiting for lock (hold by 1295 - probably dead) ... I had the same thing happen. Look in ~/.gnupg, and delete the *.lock files. Mine was caused by ctrl-c'ing after waiting over 2 minuites to retrieve a key. That should fix you up. BTW, the 1295 refers to the process that was originally running gpg. HTH. Merell --=20 Merell L. Matlock, Jr. When crypto is outlawed, only outlaws Linux#: 149839 and politicians will have crypto. Microsoft: What do you want to be infected with today? --bp/iNruPH9dso1Pn Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE5ALTtYZDR+RKT0qIRAsalAJ9lpLA9xYSFtf1NmYbTP2tzO8+rbACfVF3C tqfSDfzq7dMwRsRffd6FbRw= =zjCy -----END PGP SIGNATURE----- --bp/iNruPH9dso1Pn-- From rabbi@quickie.net Fri Apr 21 21:42:37 2000 From: rabbi@quickie.net (L. Sassaman) Date: Fri, 21 Apr 2000 14:42:37 -0700 (PDT) Subject: Behaviour of sub keys In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 21 Apr 2000, Brian Galbraith wrote: > -----BEGIN PGPENVELOPE PROCESSED MESSAGE----- > > Hi Folks > > I have a question regarding the behaviour of sub keys. > If I have a time limited primary subkey, and generate a new subkey. without > revoking the old one....what happens? > > Are both keys used..or.is the original used until it expires with the new > one taking over? Okay, let me first preface this with: "I have not used subkeys in GnuPG". But the way it works currently in PGP is this: If you generate 2 subkeys, and they don't overlap as far as time goes, the one that is valid for the date specified is used. If there are two that are valid for that date, the first one is used by default. I believe that you can specify that the second one be used. - --Len. __ L. Sassaman System Administrator | Technology Consultant | [This space for rent] icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | -----BEGIN PGP SIGNATURE----- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE5AMtTPYrxsgmsCmoRAl6RAKCvlOwuA+ihQW2OkBbom0IaL+bh4wCfXmue yE4Do54Z0JLVvC7lQsndGK4= =bSkM -----END PGP SIGNATURE----- From Andreas.Schamanek@univie.ac.at Fri Apr 21 22:32:03 2000 From: Andreas.Schamanek@univie.ac.at (Andreas Schamanek) Date: Sat, 22 Apr 2000 00:32:03 +0200 (MEST) Subject: failing to import PGP 5.0 key Message-ID: This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. ---2105343395-1917002056-956356323=:29112 Content-Type: TEXT/PLAIN; charset=US-ASCII -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi GnuPGs, I am fairly new to this list, so you might want to get your flame throwers ready ;-> My problem: I want to send a message to somebody who offers a PGP 5.0 key and I only have GnuPG. To encrypt a message I have to import the key. But that does not work. There is that documentation at www.gnupg.org about interoperation with PGP 5.0 but, unfortunately, the text says nothing about importing keys. Detailed output: # gpg --version gpg (GnuPG) 1.0.1 Copyright (C) 1999 (...) Supported algorithms: Cipher: IDEA, 3DES, CAST5, BLOWFISH, TWOFISH Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG Hash: MD5, SHA1, RIPEMD160 # gpg --debug --import < tmp.pub gpg: reading options from `/uhome/schamane/.gnupg/options' gpg: no valid OpenPGP data found. gpg: processing message failed: eof I have attached the key that I want to import. MTIA, - -- Andreas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjkA1x8ACgkQIRmsLIVLKK3HSgCg2Faqo13gKuaS9ppVQswSWh2R etIAn0rjzZNw/6vGuOcbDe9LsQZM+QdE =XpQZ -----END PGP SIGNATURE----- ---2105343395-1917002056-956356323=:29112 Content-Type: TEXT/PLAIN; charset=US-ASCII; name="tmp.pub" Content-Transfer-Encoding: BASE64 Content-ID: Content-Description: Content-Disposition: attachment; filename="tmp.pub" LS0tLUJFR0lOIFBHUCBQVUJMSUMgS0VZIEJMT0NLLS0tLS0NClZlcnNpb246 IFBHUGZyZWV3YXJlIDUuMGkgZm9yIG5vbi1jb21tZXJjaWFsIHVzZQ0KDQpt UUNOQXpXaW9uOEFBQUVFQUtvODlYSmdPNGtDc0hJK1UzaklreCtPOWMrdmxN SkdrMitwV0Z0a3BCdFZ1aStHDQpWbjlBOTVKdWdFMzZkVmw1YWYyYzU4QS9q UUNseTdGSit2Wkd2UTc4ajVRYkdmV2N6TGY3YU4zY3VwWU05ZkdXDQpNVUM1 TWs4cGRZbmthcFJWM2U0RWE2QWMvdlVOb1BUZlk4SDBRdUpNcGFFOVZhOTNU WklGSkowRGhHVUZBQVVUDQp0Q1ZFWVhacFpDQkNjblZ0YkdWNUlEeGtZbkox Yld4bGVVQnpkR0Z1Wm05eVpDNWxaSFUraVFDVkF3VVFOaUtYDQpMamcxRnBV RTF5eTVBUUZDUXdRQXBOeXd1YS9xb003eGVjMGExK0NpT2pGRnFzbFM4V2hC Y2NTaWg3QWM3dUdCDQprOHpmNGllcUF6M3prY0d0NDFIemk4emlsUXptZVJt MjVWbzI5bVpQWHh4VXpmS3hRRms3M1FueG1BMlRiZ2hnDQpKZTgxUVBZWUw4 K2wyTjVGSFVGc1dRME1DOVgySTVUMjFTQ1NNTm8vQUhjOXRXN1BqdWcyMldt alF2R2NQdXVKDQpBUlVEQlJBMkpEYVlrV3NSKzAwYUo1MEJBYzc3Qi85c1hr a1lBZVNqdmZjY250b1RDd1pOLzVFV2t1aTdZdVdrDQpHc2VOLysyQ3FPZTJC QUZnSjhlaHVNalZHY0xyZUpYSUt6SnN2Umk5am5KZzc2dnZJZGpFUHc2WTVu R3BxZy9nDQp0bW1mU0pEYmt2UlJIMmI4OWR1Y1k5Ri9uc1JXYWhHQ0h4Zlcw UEFaZ1owOWZYeEtIZ2dNcGExT0l4WFlac01tDQpVb2Q3dm5KQm9TZVhqc3dU QVNpWVVCYTVkM0RRazZ4blNkMDhtV3NqWlRiOVp4TFZoZ0lnb3pCVjVCT21B OUJCDQpVUHlxNG5UNm5NendNQlVuWU1JaTVBVkttNDBkTzQ3ZjR1N3h4b3My YU9zZUpNczZPUVRoSnFMQ21mSFRnTW9EDQpkekd2ZUduVVJmMlUvaDZ0dHR6 OUpTUGNrUmR6YkRDaXlMWFRyYm9KS0J5emVIdnR6NG8waVFDVkF3VVFOaTd1 DQpJNDRDemJzSldRejlBUUhrWGdQK0tnYTlqQjV6b0pMRkJRNGlnejE0MkZ0 TjNNbnhWNWsyOWhHRm03S2NwZDMrDQpFcEVJSVlCMUdsNzFvTStIMzYveXpJ UnpVUEJ5UmNZWm5Cb0JoUXNWcEd4dXpBN2hLWTlDeE5VTGF2S3JlWkVCDQpG QXpodVpsN2FKakhNWFhjbVVlOWlnaVkzS1ZMRUMzVjJOWkZFUy9VSHBzM3Jx YlZ2VVlTNHlMVmI2U3BmMStKDQpBUlVEQlJBNEQyR2lVOGcwQStpTzl4OEJB U1RIQi85cjdnRGtoczI2OFE2Tm5aNXZoVWQ3MEtDUkF4Mjk0R1VxDQpyOE4r SElFMGxYbzVEOVVZUjJLS3RZMTBTVzFNODEwdm9keXV3L01JN0RRZVBIYmg2 cWVJUlNPY2JnekFCZUNEDQpnQlczWXd6WjdIbkM4QndtQU5wRzNoMXA0cW55 UUVZbGxod0Z3cytEdWNtZVlpUElRdzdpQXgreVBBRmhiVkdHDQpmeXNVM0w5 VWVWLzIyOHBER3pPTVpaUTBiRkl4MEtHT0xpdU0xRXdlSWduRVVkRWdwalk3 cWJOMkVmTkFxQUFjDQpXQWx1K1J0THJ6OEpZd0J6QVlJMkw4UGVzTUliTUhq WEdHUGljb2ZTdzk2V0lpYzBBVjVZZlNubG1IVk5CREFIDQpvZU9FbmhuTW5p cWdTdHQ0cFo5QndqY282aDBGSGp2emZKZ1I0QzBBWkFEU1BJUElSZDY2aVFF VkF3VVFPRmhuDQpNcDUzZkRDTFJnaWhBUUhHRVFnQWttSFpCWEVlWjJ3Y2RK S0d0Zi9BdmhpaE5RenZqWlk0NTZ5MC9nU3NaVndTDQowUzRvampjbEZ5U3h5 SkVZeDJOK0tIQjk4bHdNVGt5T2tHcXNvRDF4KzhLZHh3T1AvcDlQNzZlekpu cmZBNER6DQpVb2gzb2dyaGZ1R3ZWTWRrZXJSMUUxRHhsQmdMOXF3YTN4Ry9N WWxXZHJERnY3bS9yejNPb1R4TU1DRVFWdm8wDQpYYVZSQmk1K3hYWHZPbXJi VGxYY2QxbGEzR001REtoTG45a1UrOStxbmRVMkt3OCtUV29kcjBzVzRzWkxl Sk9lDQpzNUxDV0kxTzBKS2FtOGVTcVR6SHg5eDBXd1hMYVpJOEk0b0txTGJU TFNZZ05hUHQ2MWswcVREcVFRU1dZSTZKDQpiTWFKenR3WjZXNThTQmt4Ym0r NmpkZHY0VWgwVlYyVy9MVklJQTdoaklrQWxRTUZFRFdpcUl4QVBiMVZHREl6 DQpTUUVCZ0RjRUFKSWZ0dnJoK2F6YVY0NVpBVzlPZGJTZXZpUGZSM2JWbi81 c25IZEpJUkhqKzlkQ3I4UEs3SmozDQoyUFNkVjNsSFhoS0s0S296VmF3Y0ZH dHpFL0JMWm8zNGlrVEovQzBVb1JzbW1FeFNDZit5czBWMGkxeHF5U3k5DQpL Y29nVkEyeHF0eklYOXdQSmFBT2RsaE9xYUdsb0ZkOUdiUWhtVXU2aERYZTVE U3JLQW1VaVFDVkF3VVFOYUtvDQpSQjJYY2VCemJ1d3BBUUVscndQL1JLU0s4 Uy94QTZrZlBmc2xzYmtkci9IQjRwT1YrZm4zYjFtUnE4cTgzMUV2DQpSTkhW ejVmRUE3NXUzdzhMa2J3LzRBUlRybW0zTjYrQ1NNaGJKYWZiSVJ2cENxWGhQ cTV2R2lhZ21RQVZXbkNaDQppNlE4Q2Z5aEh0RENwK2VmMlNsZTlBRFpCMlJH QUplNVJDZmhkMmUyclphZ3ZGS3JQTmFnVjBwMW8vWVp1dTJKDQpBSlVEQlJB MW9xaERrZ1VrblFPRVpRVUJBVWliQS80dHRIUWJURUpiRzVsOVo2alpMT3c4 UXc4UDJ2dktuY3ppDQphTTVEeUdmblpNWFliMktGZ3pPWjBIT0JiQzhjZzht VFlUcHpXRDJZTDk1K0tzRHFyY0tCdTNEWENYOGswbkI2DQpDMmpGaFdUazlW bStqOUN2UE5BcFNRVXRoakNoc1M4cG9BUHFWRkt3TjFuVUtNektRdzd0ZGY5 dm5LL2FLb1JoDQpDTE5tT01PVjJwa0JvZ1E0WUF1cEVRUUE0SFhqb1ZMVWh6 Sm5iVmxuMmZsa1l1QUNqMlBhRWRQSUZXMjlySnRZDQpLN3MrZjhBa0xiNkZs RTdKOVFSbXg4VHB4ODljT3RMR0ZtaEdJeTc2cUlja0xHOHBodWpnK3V1NlFa dmFvb2NGDQptUi9pUlA4TjNST01EYzh5L3V4VVdmQm9ldlcraHA0M3hPZDJy NkdqeU9MUGJwYTZzR090YmJ2Q2MzeWVVSnpSDQo2RXNBb1A5UXZtMzUvamwx MDUrSVl1ZldUcEpOZ0loUEEvNDFseUNZZU5KUVZwU0tXbzMzWTFlQmFtdVY4 NEdDDQpHbWRsYUNPMnh4V2Vaa3JTSzlHREw4bDVsVFNjMFN1UDBBUW0vcE4v UkRUU2c3UEE5ZFhoRzNNUStIZEtWTkVGDQowOGhhSzhYekI3YzRUbzN5NkZy ODBzYmR2cXVJaGZlS2pEOU9SdG1wWllPSlNNMWtuV1VsR00rdzRHVUQ1byto DQpNWGJFYUhrL2VYREl3QVArTllORkRsLzhNUXJEY1kvWWE4U3dlVXo2VXZj OWY2cXZkeXl0c243Tm1ISzJscUZyDQpSeWFVL0QycWtTTGxSQmI0c0Z4NFNZ ZkVaZ1JzcXRjMDIvQXFIeEZyT2RocmRocVNleXI3SHh1cEVxNE0ra3hZDQpp SytGbU5WbENoU1lFWm9ZSHhWVk1kM0YvTXZRRS9wOXZ2ek5jaUhEUElJbnRm UWlMWjBKQUdtVlQ2bTBKVVJoDQpkbWxrSUVKeWRXMXNaWGtnUEdSaWNuVnRi R1Y1UUhOMFlXNW1iM0prTG1Wa2RUNkpBRXNFRUJFQ0FBc0ZBamhnDQpDNmtF Q3dNQkFnQUtDUkFIM1N6TkNWWk9mekN5QUtERGlmam84MmJpdExmZGFyNUJh eFZUQmtlcnR3Q2ZYcDV2DQplVTBmc3pGNnV6OTZUWC9oS0V5TFUvdTVBZzBF T0dBTHFoQUlBUFpDVjdjSWZ3Z1hjcUs2MXFsQzh3WG8rVk1SDQpPVSsyOFc2 NVN6Z2cyZ0duVnFNVTZZOUFWZlBRQjhiTFE2bVVyZmRNWklaSitBeUR2V1hw RjlTaDAxRDQ5VmxmDQozSFpTVHowOWpkdk9tZUZYa2xuTi9iaXVkRS9GL0hh OGc4VkhNR0hPZk1sbS94WDV1LzJSWHNjQnF0TmJubzJnDQpwWEk2MUJyd3Yw WUFXQ3ZsOUlqOVdFNUoyODBndEoza2tRYzJhek5zT0ExRkhROThpTE1jZkZz dGp2Ynp5U1BBDQpRL0NsV3hpTmpydFZqTGhkT05NMC9Yd1hWME9qSFJoczNq TWhMTFVxL3p6aHNTbEFHQkdOZklTbkNuTFdoc1FEDQpHY2dIS1hyS2xRelps cCtyMEFwUW13Skcwd2c5WnFSZFFaK2NmTDJKU3lJWkpycXJvbDdEVmVreUN6 c0FBZ0lIDQovUi9SUTVGY05ZWTU5VE9jdUZKZVd6Z0UyN0p2Uko0ZER3Qmxn Q3pNOWI3MHVPUlNiRXk0cmxCN3MvdWRZdkM4DQptb29vbDFLNUFuSjEwVjJh SmxlM203QU0rV2lJd3puMlBNR1B6OWR4QW4vN0Rtai9wT3RXSFZIOTJnMVcw VUxGDQpNQVBGN0xFVFFTSDRvNWdmbzZaTE9YNWNLckZJTDBITDhQMGNZYTln c2ZBTGs5RFBuL1ZSSE8wR2loK3BmVlZuDQphWEdMZ2ZKQmxUSjdsNjFSV2JD ajcrSTc5bXdMRTI1d0FScFhDNkJ6b3owcXJGRk1jMVZTdXh2ZFBzK3l6MVU2 DQpYaHQ1S1M1TEdKNlhPQXY0MFhQdHlOaWJzT3VMQk9QZ0YybEdDSWlpOXhi UWNSNEkyb0cxcXA5cjVLOXgxRUFzDQpCM0FNbnEwQXZ4TTNDVngrMWFDSEU4 aUpBRDhEQlJnNFlBdXFCOTBzelFsV1RuOFJBalUxQUowVEdycnZnRWFyDQph QW5maEk1MGtEaDk5QjJiL3dDZUlWS3BLak1raENhS0o2bGV0WjdSVFl4djZM dz0NCj13K3plDQotLS0tLUVORCBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0t DQoNCg== ---2105343395-1917002056-956356323=:29112-- From rabbi@quickie.net Fri Apr 21 23:06:17 2000 From: rabbi@quickie.net (L. Sassaman) Date: Fri, 21 Apr 2000 16:06:17 -0700 (PDT) Subject: failing to import PGP 5.0 key In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 For what it's worth, PGP (6.5.2 and 7.0) doesn't import this key either. On Sat, 22 Apr 2000, Andreas Schamanek wrote: > -----BEGIN PGPENVELOPE PROCESSED MESSAGE----- > > > Hi GnuPGs, > > I am fairly new to this list, so you might want to get your flame > throwers ready ;-> > > My problem: I want to send a message to somebody who offers a PGP 5.0 > key and I only have GnuPG. > > To encrypt a message I have to import the key. But that does not work. > There is that documentation at www.gnupg.org about interoperation with > PGP 5.0 but, unfortunately, the text says nothing about importing keys. > > Detailed output: > > # gpg --version > gpg (GnuPG) 1.0.1 > Copyright (C) 1999 (...) > > Supported algorithms: > Cipher: IDEA, 3DES, CAST5, BLOWFISH, TWOFISH > Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG > Hash: MD5, SHA1, RIPEMD160 > > # gpg --debug --import < tmp.pub > gpg: reading options from `/uhome/schamane/.gnupg/options' > gpg: no valid OpenPGP data found. > gpg: processing message failed: eof > > I have attached the key that I want to import. > MTIA, > > -- Andreas > > > -----BEGIN PGPENVELOPE INFORMATION----- > > gpg: Signature made Fri Apr 21 15:33:03 2000 PDT using DSA key ID 854B28AD > gpg: requesting key 854B28AD from horowitz.surfnet.nl ... > gpg: Good signature from "Andreas Schamanek " > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the owner. > gpg: Fingerprint: 9413 7F1C DC4A 1FF3 CB45 2B54 2119 AC2C 854B 28AD > > -----END PGPENVELOPE INFORMATION----- > > __ L. Sassaman System Administrator | Technology Consultant | [This space for rent] icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | -----BEGIN PGP SIGNATURE----- Comment: For info see http://www.gnupg.org iD8DBQE5AN72PYrxsgmsCmoRAj53AJ9PGSBn3yoNGQ4s6pLu2ka9XLKf3ACfQbOK U9iwBsitMJglHhwY8gNpsLM= =S/Ft -----END PGP SIGNATURE----- From brian.galbraith@bigfoot.com Fri Apr 21 23:09:12 2000 From: brian.galbraith@bigfoot.com (Brian Galbraith) Date: Sat, 22 Apr 2000 00:09:12 +0100 (BST) Subject: SUB KEYS Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You think you know it all ....until you have to do it. I want to create subkeys to have a natural progression , over the next few years. I have a DH/DSA key..... I assume I just want to create new subkeys which are option 3 EIGamal encryption only, and not option 4 which is sign and encrypt? regards Brian - ------------------------------------------------------------ Brian Galbraith Sign Only Key 0x6A6DFEFB http://picard.uni-paderborn.de:11371/pks/lookup?op=get&search=0x6A6DFEFB Default Encryption Key 0x63EBA765 (DH/DSA) http://picard.uni-paderborn.de:11371/pks/lookup?op=get&search=0x63EBA765 - ----------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1e (GNU/Linux) Comment: Digital Signatures Verify Author and Unaltered Content iD8DBQE5AN8y1MQNj2pt/vsRAngVAJsEmPjQ6E986q6OPK4gZ7RLwnthDgCfQrs5 Ggm3ccBt7AObZFjinmmhaLk= =3o8f -----END PGP SIGNATURE----- From rabbi@quickie.net Fri Apr 21 23:38:00 2000 From: rabbi@quickie.net (L. Sassaman) Date: Fri, 21 Apr 2000 16:38:00 -0700 (PDT) Subject: SUB KEYS In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Right. You have the DSA signing key, with DH (ElGamal) subkeys. You would add them to the keyring, and set their exp dates sequentially, of course. Note that no one should ever use ElGamal Sign and Encrypt keys. There are serious potential problems with them. (There are people who disagree with this, so I don't want to start a flame war here... but I must advise strongly against using ElGamal signing keys.) - --Len. On Sat, 22 Apr 2000, Brian Galbraith wrote: > -----BEGIN PGPENVELOPE PROCESSED MESSAGE----- > > You think you know it all ....until you have to do it. > > I want to create subkeys to have a natural progression , over the next few > years. I have a DH/DSA key..... I assume I just want to create new subkeys > which are option 3 EIGamal encryption only, and not option 4 which is sign > and encrypt? > > regards > > Brian > > ------------------------------------------------------------ > Brian Galbraith > > Sign Only Key 0x6A6DFEFB > http://picard.uni-paderborn.de:11371/pks/lookup?op=get&search=0x6A6DFEFB > Default Encryption Key 0x63EBA765 (DH/DSA) > http://picard.uni-paderborn.de:11371/pks/lookup?op=get&search=0x63EBA765 > > ----------------------------------------------------------- > > -----BEGIN PGPENVELOPE INFORMATION----- > > gpg: Signature made Fri Apr 21 16:07:30 2000 PDT using DSA key ID 6A6DFEFB > gpg: Good signature from "Brian Galbraith (GnuPG Sign) " > gpg: aka "Brian Galbraith (GnuPG Sign) " > gpg: aka "Brian Galbraith (GnuPG Sign) " > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the owner. > gpg: Fingerprint: FF88 E743 25B8 59DC 73EC 6A6A D4C4 0D8F 6A6D FEFB > > -----END PGPENVELOPE INFORMATION----- > __ L. Sassaman System Administrator | Technology Consultant | [This space for rent] icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | -----BEGIN PGP SIGNATURE----- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE5AOZePYrxsgmsCmoRAjYYAJ92+wxNjLuEIxY6zDsnNvEuRQ99zACfVjJ3 ry4Bnoibwxlpc/9D/EUXr6w= =Hs9U -----END PGP SIGNATURE----- From samj@bigpond.net.au Sat Apr 22 10:13:06 2000 From: samj@bigpond.net.au (Johnston, Sam) Date: Sat, 22 Apr 2000 20:13:06 +1000 Subject: Windoze PGP Compatability Message-ID: <309220ABC5F9D311A0E90060970810AA3B40@CPE-144-132-217-232.nsw.bigpond.net.au> Hello all, I've been a windoze pgp user for a while and am in the process of converting over to unix/gpg. For the time being, however, I need to be able to use both GPG and PGP. I've created my keys using GPG and am trying to import them to PGP, but with limited success. I've done: gpg --export-secret-keys --armor to get the secret, which I've copied to the clipboard and then done 'Add key from clipboard' (from pgptray). I can do this with the public key, but get a read error when I do it for the private. If I do it to a file: gpg --export-secret-keys -o somefile.asc or gpg --export-secret-keys --armor -o somefile.asc and then try to import them with PGPkeys I get errors about not containing any valid PGP keys. There's probably a fairly logical explaination for this... perhaps I should be doing it the other way around? ie creating under PGP and importing to GPG? I'm not on the list so copy me in when you reply please. Thanks, Sam From alex@bofh.torun.pl Sat Apr 22 12:46:26 2000 From: alex@bofh.torun.pl (Janusz A. Urbanowicz) Date: Sat, 22 Apr 2000 14:46:26 +0200 (CEST) Subject: Secure connections In-Reply-To: from "Leiradella, Andre V Matos Da Cunha" at "Apr 20, 2000 09:17:59 am" Message-ID: [Charset iso-8859-1 unsupported, filtering to ASCII...] > Does anybody can point me the functions I need to: > > . Generate a key pair; > . Encrypt/Decrypt a data buffer using one of the keys. > > I'm gonna use gnupg to start a secure client-server connection to exchange a > DES (does DES do the job?) key that will be used to encrypt/decrypt all data > that passes over the connection. I know automatic generation of keys suck > because random number generators suck too, but I'll probably by using an > external hardware to generate true (?) random numbers. > > Thanks in advance, Why wont you use SSL (OpenSSL) or ssh ? Much simplier. Alex -- * | Janusz A. "Alex" Urbanowicz, \ Home: --+~| | http://eris.phys.uni.torun.pl/~alex/ \ Work: `_|/ | \____ RSA: 512/0xAB425659 | | "Those about to hack, we salute you !" From alex@bofh.torun.pl Sat Apr 22 12:53:59 2000 From: alex@bofh.torun.pl (Janusz A. Urbanowicz) Date: Sat, 22 Apr 2000 14:53:59 +0200 (CEST) Subject: Can't remove 'lock' In-Reply-To: <390070F8.F769D569@sito.saic.com> from Ben Wise at "Apr 21, 2000 11:17:13 am" Message-ID: > Folks, > > I'm new to using GnuPG, and I am getting a puzzling error. > I can list the keys with no trouble, but if I > try anything else, I get this error: > > gpg: waiting for lock (hold by 1295 - probably dead) ... > gpg: waiting for lock (hold by 1295 - probably dead) ... > > This continues indefinitely. It sounds to me like > it somehow thinks another copy of gpg locked the > keyrings somehow. In the manual and FAQ, I can't find > locks anywhere, let alone how to remove them. > > Does anyone know the fix for this? from the other shell cd into .gnupg and do rm *.lock Alex -- * | Janusz A. "Alex" Urbanowicz, \ Home: --+~| | http://eris.phys.uni.torun.pl/~alex/ \ Work: `_|/ | \____ RSA: 512/0xAB425659 | | "Those about to hack, we salute you !" From johanw@vulcan.xs4all.nl Sat Apr 22 15:36:32 2000 From: johanw@vulcan.xs4all.nl (Johan Wevers) Date: Sat, 22 Apr 2000 17:36:32 +0200 (MET DST) Subject: Windoze PGP Compatability In-Reply-To: <309220ABC5F9D311A0E90060970810AA3B40@CPE-144-132-217-232.nsw.bigpond.net.au> from "Johnston, Sam" at "Apr 22, 2000 08:13:06 pm" Message-ID: <200004221536.RAA16931@vulcan.xs4all.nl> You, Johnston, Sam, wrote: > gpg --export-secret-keys --armor > to get the secret, which I've copied to the clipboard and then done 'Add key > from clipboard' (from pgptray). I can do this with the public key, but get a > read error when I do it for the private. If I do it to a file: What kind of read error exactly? Did you use a symmetric algorithm that pgp doesn't support? Try removing the password from the secret key, importing it and put then ther password back on the key. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From cova@ferrara.linux.it Sat Apr 22 16:20:36 2000 From: cova@ferrara.linux.it (Fabio Coatti) Date: Sat, 22 Apr 2000 18:20:36 +0200 Subject: Signatures on GnuPG In-Reply-To: <20000421085429.A7146@owns.sith-lord.org>; from drew@cesspool.net on Fri, Apr 21, 2000 at 08:54:29AM -0700 References: <20000421.6113300@Nimrod.bigpond.com> <20000421085429.A7146@owns.sith-lord.org> Message-ID: <20000422182036.A705@janus.ferrara.linux.it> --fUYQa+Pmc3FrFX/N Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Apr 21, 2000 at 08:54:29AM -0700, Drew Bloechl wrote: > On Fri, Apr 21, 2000 at 01:54:58AM -0500, Frank Tobin wrote: > > Matt Red, at 06:11 -0000 on Fri, 21 Apr 2000, wrote: > >=20 > > > I am puzzled to find that the rpm's that I down load are signed with= =20 > > > "pg: Signature made Mon Jan 17 04:21:20 2000 EST using DSA key ID=20 > > > 3DCB0CDC." > >=20 > > Werner doesn't do the RPM's; he signs the source. The key you are > > referring to is most likely the RPM builder's key. >=20 > Which, for what it's worth, is available on the keyservers: >=20 > $ gpg --recv-keys 3DCB0CDC > gpg: requesting key 3DCB0CDC from wwwkeys.us.pgp.net ... > gpg: key 3DCB0CDC: public key imported > gpg: Total number processed: 1 > gpg: imported: 1 > $ gpg --list-keys 3DCB0CDC > pub 1024D/3DCB0CDC 1998-10-13 Fabio Coatti (Cova) > sub 2048g/2C83DFED 1998-10-13 Yes, I can confirm this, the signature is mine :)) --=20 Fabio Coatti http://www.ferrara.linux.it/members/cova =20 Ferrara Linux Users Group http://ferrara.linux.it GnuPG fp:6AB9 277E 9AA7 9D20 E82C 9EE7 2D17 E351 3DCB 0CDC Old SysOps never die... they simply forget their password. --fUYQa+Pmc3FrFX/N Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjkB0VQACgkQLRfjUT3LDNwirACdHBkeTkQZ6qtNJpGEHqhdk4bK ZZgAmgPfowfgBp5KXoZfesJnJpwuEXEs =d3K8 -----END PGP SIGNATURE----- --fUYQa+Pmc3FrFX/N-- From Pierre-Henri.Senesi@taloa.unice.fr Fri Apr 21 21:05:49 2000 From: Pierre-Henri.Senesi@taloa.unice.fr (Pierre-Henri SENESI) Date: Fri, 21 Apr 2000 23:05:49 +0200 Subject: Behaviour of sub keys References: Message-ID: <3900C2AD.F9A0C69@taloa.unice.fr> I am tired of receiving dozens of messages of this list. I tried many times to unsubscribe. The mailing system does not work properly and the owner of the list (Lord of the Lists ) explains me that I am not subscribed. It appears now to me as harassment. If everybody from the list reads this message he will probably understand his mistake and maybe do his duty. Brian Galbraith wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi Folks > > I have a question regarding the behaviour of sub keys. > If I have a time limited primary subkey, and generate a new subkey. without > revoking the old one....what happens? > > Are both keys used..or.is the original used until it expires with the new > one taking over? > > Regards > > Brian > > - ------------------------------------------------------------ > Brian Galbraith > > Sign Only Key 0x6A6DFEFB > http://picard.uni-paderborn.de:11371/pks/lookup?op=get&search=0x6A6DFEFB > Default Encryption Key 0x63EBA765 (DH/DSA) > http://picard.uni-paderborn.de:11371/pks/lookup?op=get&search=0x63EBA765 > > - ----------------------------------------------------------- > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.1e (GNU/Linux) > Comment: Digital Signatures Verify Author and Unaltered Content > > iD8DBQE5ALFT1MQNj2pt/vsRAubqAJ4wx8DBMf/Qba9UUbxEzeAUpEa7iACdEX4g > E1b1myVGE2NFGGQXT7rnynk= > =Rdvz > -----END PGP SIGNATURE----- -- -'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'- Pierre - Henri S E N E S I http://www.senesi.org Formateur Techno / Technology trainer I.U.F.M. de Nice : Institut Universitaire de Formation des Maitres University Institute for Teacher Training, Nice, France Post. : I.U.F.M. Technology Dept. 43, Av. St. Liégeard F 06100 NICE Tel. & Fax : (33) or (0) 492.07.74.89 / 80 492.09.11.02 -'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'- From Pierre-Henri.Senesi@taloa.unice.fr Fri Apr 21 20:36:12 2000 From: Pierre-Henri.Senesi@taloa.unice.fr (Pierre-Henri SENESI) Date: Fri, 21 Apr 2000 22:36:12 +0200 Subject: Exit status and failed decryption of session key References: Message-ID: <3900BBBC.4C6517A1@taloa.unice.fr> I am tired of receiving dozens of messages of this list. I tried many times to unsubscribe. The mailing system does not work properly and the owner of the list (Lord of the Lists ) explains me that I am not subscribed. It appears now to me as harassment. If everybody from the list reads this message he will probably understand his mistake and maybe do his duty. Frank Tobin wrote: > Florian Weimer, at 15:36 +0200 on 21 Apr 2000, wrote: > > > Bug or feature? It's quite annoying if you want to find out whether > > decryption succeed by looking at the exit status. > > There are so many issues that can happen as the result of an OpenPGP > operation. One could verify a signature, but not have the public key or a > web-of-trust line, or one could have the issue you talked aobut, > etc. What you should really look into is parsing the output of the option > "status-fd", which has information described in GnuPG's DETAILS file. > > -- > Frank Tobin http://www.uiuc.edu/~ftobin/ > > "To learn what is good and what is to be valued, > those truths which cannot be shaken or changed." Myst: The Book of Atrus -- -'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'- Pierre - Henri S E N E S I http://www.senesi.org Formateur Techno / Technology trainer I.U.F.M. de Nice : Institut Universitaire de Formation des Maitres University Institute for Teacher Training, Nice, France Post. : I.U.F.M. Technology Dept. 43, Av. St. Liégeard F 06100 NICE Tel. & Fax : (33) or (0) 492.07.74.89 / 80 492.09.11.02 -'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'- From Pierre-Henri.Senesi@taloa.unice.fr Fri Apr 21 21:06:02 2000 From: Pierre-Henri.Senesi@taloa.unice.fr (Pierre-Henri SENESI) Date: Fri, 21 Apr 2000 23:06:02 +0200 Subject: Can't remove 'lock' References: Message-ID: <3900C2BA.EE2B40CE@taloa.unice.fr> I am tired of receiving dozens of messages of this list. I tried many times to unsubscribe. The mailing system does not work properly and the owner of the list (Lord of the Lists ) explains me that I am not subscribed. It appears now to me as harassment. If everybody from the list reads this message he will probably understand his mistake and maybe do his duty. Frank Tobin wrote: > Ben Wise, at 11:17 -0400 on Fri, 21 Apr 2000, wrote: > > > gpg: waiting for lock (hold by 1295 - probably dead) ... > > gpg: waiting for lock (hold by 1295 - probably dead) ... > > Look for ~/.gnupg/*.lock and remove that file(s). > > -- > Frank Tobin http://www.uiuc.edu/~ftobin/ > > "To learn what is good and what is to be valued, > those truths which cannot be shaken or changed." Myst: The Book of Atrus -- -'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'- Pierre - Henri S E N E S I http://www.senesi.org Formateur Techno / Technology trainer I.U.F.M. de Nice : Institut Universitaire de Formation des Maitres University Institute for Teacher Training, Nice, France Post. : I.U.F.M. Technology Dept. 43, Av. St. Liégeard F 06100 NICE Tel. & Fax : (33) or (0) 492.07.74.89 / 80 492.09.11.02 -'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'-'- From Pierre-Henri.Senesi@taloa.unice.fr Fri Apr 21 21:06:58 2000 From: Pierre-Henri.Senesi@taloa.unice.fr (Pierre-Henri SENESI) Date: Fri, 21 Apr 2000 23:06:58 +0200 Subject: Can't remove 'lock' References: <390070F8.F769D569@sito.saic.com> Message-ID: <3900C2F2.8DA22211@taloa.unice.fr> I am tired of receiving dozens of messages of this list. I tried many times to unsubscribe. The mailing system does not work properly and the owner of the list (Lord of the Lists ) explains me that I am not subscribed. It appears now to me as harassment. If everybody from the list reads this message he will probably understand his mistake and maybe do his duty. Ben Wise wrote: > Folks, > > I'm new to using GnuPG, and I am getting a puzzling error. > I can list the keys with no trouble, but if I > try anything else, I get this error: > > gpg: waiting for lock (hold by 1295 - probably dead) ... > gpg: waiting for lock (hold by 1295 - probably dead) ... > > This continues indefinitely. It sounds to me like > it somehow thinks another copy of gpg locked the > keyrings somehow. In the manual and FAQ, I can't find > locks anywhere, let alone how to remove them. > > Does anyone know the fix for this? > > (Please CC: me, as I have not yet subscribed) > > -- > Ben P Wise, PhD Voice: 703-907-2555 > SAIC Cell: 703-731-5144 > http://www.saic.com bwise@sito.saic.com From Pierre-Henri.Senesi@taloa.unice.fr Fri Apr 21 21:07:30 2000 From: Pierre-Henri.Senesi@taloa.unice.fr (Pierre-Henri SENESI) Date: Fri, 21 Apr 2000 23:07:30 +0200 Subject: Signatures on GnuPG References: <20000421.6113300@Nimrod.bigpond.com> <20000421085429.A7146@owns.sith-lord.org> Message-ID: <3900C312.E2C34C80@taloa.unice.fr> I am tired of receiving dozens of messages of this list. I tried many times to unsubscribe. The mailing system does not work properly and the owner of the list (Lord of the Lists ) explains me that I am not subscribed. It appears now to me as harassment. If everybody from the list reads this message he will probably understand his mistake and maybe do his duty. Drew Bloechl wrote: > On Fri, Apr 21, 2000 at 01:54:58AM -0500, Frank Tobin wrote: > > Matt Red, at 06:11 -0000 on Fri, 21 Apr 2000, wrote: > > > > > I am puzzled to find that the rpm's that I down load are signed with > > > "pg: Signature made Mon Jan 17 04:21:20 2000 EST using DSA key ID > > > 3DCB0CDC." > > > > Werner doesn't do the RPM's; he signs the source. The key you are > > referring to is most likely the RPM builder's key. > > Which, for what it's worth, is available on the keyservers: > > $ gpg --recv-keys 3DCB0CDC > gpg: requesting key 3DCB0CDC from wwwkeys.us.pgp.net ... > gpg: key 3DCB0CDC: public key imported > gpg: Total number processed: 1 > gpg: imported: 1 > $ gpg --list-keys 3DCB0CDC > pub 1024D/3DCB0CDC 1998-10-13 Fabio Coatti (Cova) > sub 2048g/2C83DFED 1998-10-13 > > You'll need a "keyserver" line in your .gnupg/options file for this. > > -- > Drew Bloechl > drew@cesspool.net > > ------------------------------------------------------------------------ > Part 1.2Type: application/pgp-signature From Pierre-Henri.Senesi@taloa.unice.fr Fri Apr 21 21:07:18 2000 From: Pierre-Henri.Senesi@taloa.unice.fr (Pierre-Henri SENESI) Date: Fri, 21 Apr 2000 23:07:18 +0200 Subject: Exit status and failed decryption of session key References: Message-ID: <3900C306.76CE404F@taloa.unice.fr> I am tired of receiving dozens of messages of this list. I tried many times to unsubscribe. The mailing system does not work properly and the owner of the list (Lord of the Lists ) explains me that I am not subscribed. It appears now to me as harassment. If everybody from the list reads this message he will probably understand his mistake and maybe do his duty. Florian Weimer wrote: > If a messages is encrypted to multiple subscribers, and secret keys > are present for all subscribers, but not all secret keys can be > decrypted (i.e. because of a missing or wrong passphrase), GnuPG 1.0.1 > exits with status 2 even if the messages was successfully decrypted > because a usable secret key was found in the end. > > Bug or feature? It's quite annoying if you want to find out whether > decryption succeed by looking at the exit status. > > -- > Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE > University of Stuttgart http://cert.uni-stuttgart.de/ > RUS-CERT +49-711-685-5973/fax +49-711-685-5898 > http://ca.uni-stuttgart.de:11371/pks/lookup?op=get&search=0xC06EC3B5 From Pierre-Henri.Senesi@taloa.unice.fr Fri Apr 21 21:07:09 2000 From: Pierre-Henri.Senesi@taloa.unice.fr (Pierre-Henri SENESI) Date: Fri, 21 Apr 2000 23:07:09 +0200 Subject: Can't remove 'lock' References: <390070F8.F769D569@sito.saic.com> <20000421124200.A11116@owns.sith-lord.org> Message-ID: <3900C2FD.A1493C3E@taloa.unice.fr> I am tired of receiving dozens of messages of this list. I tried many times to unsubscribe. The mailing system does not work properly and the owner of the list (Lord of the Lists ) explains me that I am not subscribed. It appears now to me as harassment. If everybody from the list reads this message he will probably understand his mistake and maybe do his duty. Drew Bloechl wrote: > On Fri, Apr 21, 2000 at 11:17:13AM -0400, Ben Wise wrote: > > Folks, > > > > I'm new to using GnuPG, and I am getting a puzzling error. > > I can list the keys with no trouble, but if I > > try anything else, I get this error: > > > > gpg: waiting for lock (hold by 1295 - probably dead) ... > > gpg: waiting for lock (hold by 1295 - probably dead) ... > > This happened to me just yesterday while I was importing a batch of > keys from a keyserver. I don't know what causes it, but you can > remove the lockfile. Look in .gnupg/ for a file that ends in .lock > and delete it. > > -- > Drew Bloechl > drew@cesspool.net > > ------------------------------------------------------------------------ > Part 1.2Type: application/pgp-signature From ino-waiting@gmx.net Sat Apr 22 18:33:14 2000 From: ino-waiting@gmx.net (Fischer) Date: Sat, 22 Apr 2000 20:33:14 +0200 (CEST) Subject: failing to import PGP 5.0 key In-Reply-To: Message-ID: On Sat, 22 Apr 2000, Andreas Schamanek wrote: > # gpg --version > gpg (GnuPG) 1.0.1 > Copyright (C) 1999 (...) > > Supported algorithms: > Cipher: IDEA, 3DES, CAST5, BLOWFISH, TWOFISH > Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG > Hash: MD5, SHA1, RIPEMD160 WHERE DID YOU GET THIS GPG VERSION FROM? mine says: gpg (GnuPG) 1.0.1 Copyright (C) 1999 Free Software Foundation, Inc. Supported algorithms: Cipher: 3DES, CAST5, BLOWFISH, TWOFISH Pubkey: ELG-E, DSA, ELG Hash: MD5, SHA1, RIPEMD160 -- ino-waiting@gmx.net From ino-waiting@gmx.net Sat Apr 22 18:16:57 2000 From: ino-waiting@gmx.net (Fischer) Date: Sat, 22 Apr 2000 20:16:57 +0200 (CEST) Subject: Can't remove 'lock' In-Reply-To: <20000421160709.A1585@hom.net> Message-ID: On Fri, 21 Apr 2000, Merell L. Matlock, Jr. wrote: > > gpg: waiting for lock (hold by 1295 - probably dead) ... > [deleted] > > Mine was caused by ctrl-c'ing after waiting over 2 minuites to > retrieve a key. did you repeat the operation afterwards? if i do keyserver operations, they never finish on first trial, but succeed immediately on restarting after ^C. -- ino-waiting@gmx.net From ftobin@uiuc.edu Sat Apr 22 18:47:40 2000 From: ftobin@uiuc.edu (Frank Tobin) Date: Sat, 22 Apr 2000 13:47:40 -0500 (CDT) Subject: Windoze PGP Compatability In-Reply-To: <309220ABC5F9D311A0E90060970810AA3B40@CPE-144-132-217-232.nsw.bigpond.net.au> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Johnston, Sam, at 20:13 +1000 on Sat, 22 Apr 2000, wrote: > gpg --export-secret-keys --armor -o somefile.asc > > and then try to import them with PGPkeys I get errors about not containing > any valid PGP keys. The problem I would guess, is that the default symmetric algorithm used to encrypt GnuPG secret keys is Blowfish, which is not supported by PGP. I don't know how you could go about resolving this issue; that is, I don't know how you could get GnuPG to change the algorithm used to encrypt an already-created secret key. There is an option "s2k-cipher-algo", but according to the documentation in the manpage, is not clear that this may have any effect while not generating a key. - -- Frank Tobin http://www.uiuc.edu/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (FreeBSD) Comment: pgpenvelope - http://pgpenvelope.sourceforge.net/ iEYEARECAAYFAjkB89gACgkQVv/RCiYMT6Ol7QCdGMUmAV+7PDXakh2+mVtdmmUq +4IAn1n7jV60tCnq0s4eJ/1y03r0Kzhj =WI7j -----END PGP SIGNATURE----- From Florian.Weimer@rus.uni-stuttgart.de Sat Apr 22 18:52:38 2000 From: Florian.Weimer@rus.uni-stuttgart.de (Florian Weimer) Date: 22 Apr 2000 20:52:38 +0200 Subject: Exit status and failed decryption of session key In-Reply-To: Frank Tobin's message of "Fri, 21 Apr 2000 11:23:47 -0500 (CDT)" References: Message-ID: Frank Tobin writes: > There are so many issues that can happen as the result of an OpenPGP > operation. One could verify a signature, but not have the public key or a > web-of-trust line, or one could have the issue you talked aobut, > etc. What you should really look into is parsing the output of the option > "status-fd", which has information described in GnuPG's DETAILS file. Yes, but status-fd is remarkably terse when it's creating some OpenPGP messages. May I assume that in this case, the exit status indicates whether the operation was successfull or not? I certainly do not want to parse standard error output. :-/ -- Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898 http://ca.uni-stuttgart.de:11371/pks/lookup?op=get&search=0xC06EC3B5 From ftobin@uiuc.edu Sat Apr 22 19:27:25 2000 From: ftobin@uiuc.edu (Frank Tobin) Date: Sat, 22 Apr 2000 14:27:25 -0500 (CDT) Subject: failing to import PGP 5.0 key In-Reply-To: Message-ID: Fischer, at 20:33 +0200 on Sat, 22 Apr 2000, wrote: > WHERE DID YOU GET THIS GPG VERSION FROM? mine says: > gpg (GnuPG) 1.0.1 > Copyright (C) 1999 Free Software Foundation, Inc. > > Supported algorithms: > Cipher: 3DES, CAST5, BLOWFISH, TWOFISH > Pubkey: ELG-E, DSA, ELG > Hash: MD5, SHA1, RIPEMD160 If what you are asking is how that person got RSA and IDEA enabled, you can find the dynamically-loadable modules at ftp://ftp.gnupg.org/pub/gcrypt/contrib/ Documentation on how to use them is described in the header of the source. -- Frank Tobin http://www.uiuc.edu/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus From ftobin@uiuc.edu Sat Apr 22 19:47:35 2000 From: ftobin@uiuc.edu (Frank Tobin) Date: Sat, 22 Apr 2000 14:47:35 -0500 (CDT) Subject: Exit status and failed decryption of session key In-Reply-To: Message-ID: Florian Weimer, at 20:52 +0200 on 22 Apr 2000, wrote: > Yes, but status-fd is remarkably terse when it's creating some OpenPGP > messages. May I assume that in this case, the exit status indicates > whether the operation was successfull or not? I certainly do not want > to parse standard error output. :-/ The question is what does "successful" mean? There can be warnings, total failure, partial success/failure, etc. Your wrapper really should try to do some processing and parse status-fd. -- Frank Tobin http://www.uiuc.edu/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus From ino-waiting@gmx.net Sat Apr 22 23:37:10 2000 From: ino-waiting@gmx.net (Fischer) Date: Sun, 23 Apr 2000 01:37:10 +0200 (CEST) Subject: failing to import PGP 5.0 key In-Reply-To: Message-ID: On Sat, 22 Apr 2000, Frank Tobin wrote: > If what you are asking is how that person got RSA and IDEA enabled, you > can find the dynamically-loadable modules at > > ftp://ftp.gnupg.org/pub/gcrypt/contrib/ > > Documentation on how to use them is described in the header of the source. au weia. warum weiss ich sowas nie? how come i dont know about such things? went to ftp.gnupg.org/..., picked up idea.c and rsa.c, read the license declarations, the compilation procedures, did as told, and: Cipher: IDEA, 3DES, CAST5, BLOWFISH, TWOFISH Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG but of course, whenever things improve, people want more. i'm no different. how do i _generate_ rsa's? not that it matters much, i can always use pgp(263i|5i) for that, but then, the sources include the facility, i just cannot tell gpg 1.0.1 to use it. or can i? the day will come when rsa is no longer the least common denominator, and decent people will generate what god made them for, but will i live to see my nephew type|say "gpg --gen-key rsa"? well. september 20th, 2000. > < to put it shortly: thanks for the info, frank. -- ino-waiting@gmx.net From Florian.Weimer@rus.uni-stuttgart.de Sun Apr 23 08:25:04 2000 From: Florian.Weimer@rus.uni-stuttgart.de (Florian Weimer) Date: 23 Apr 2000 10:25:04 +0200 Subject: Exit status and failed decryption of session key In-Reply-To: Frank Tobin's message of "Sat, 22 Apr 2000 14:47:35 -0500 (CDT)" References: Message-ID: Frank Tobin writes: > > Yes, but status-fd is remarkably terse when it's creating some OpenPGP > > messages. May I assume that in this case, the exit status indicates > > whether the operation was successfull or not? I certainly do not want > > to parse standard error output. :-/ > > The question is what does "successful" mean? There can be warnings, total > failure, partial success/failure, etc. Your wrapper really should try to > do some processing and parse status-fd. But there isn't anything to parse in this case! deneb:~$ dd if=/dev/zero count=1 | gpg --batch --output=- --status-fd=2 --encrypt -r fw@deneb > /dev/null 1+0 records in 1+0 records out deneb:~$ dd if=/dev/zero count=1 | gpg --batch --output=- --status-fd=2 --encrypt -r non-existing-id > /dev/null 1+0 records in 1+0 records out gpg: non-existing-id: skipped: public key not found gpg: [stdin]: encryption failed: public key not found deneb:~$ I think 1.0.1e is a bit better (it indicates successful encryption, at least). -- Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898 http://ca.uni-stuttgart.de:11371/pks/lookup?op=get&search=0xC06EC3B5 From johanw@vulcan.xs4all.nl Sun Apr 23 11:24:07 2000 From: johanw@vulcan.xs4all.nl (Johan Wevers) Date: Sun, 23 Apr 2000 13:24:07 +0200 (MET DST) Subject: failing to import PGP 5.0 key In-Reply-To: from Fischer at "Apr 23, 2000 01:37:10 am" Message-ID: <200004231124.NAA19402@vulcan.xs4all.nl> Fischer wrote: > how do i _generate_ rsa's? With pgp 2.63i, or wait until spetember when the RSA patent expires for this functionality to appear in gpg. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From samj@bigpond.net.au Sun Apr 23 15:33:49 2000 From: samj@bigpond.net.au (Johnston, Sam) Date: Mon, 24 Apr 2000 01:33:49 +1000 Subject: Windoze PGP Compatability Message-ID: <309220ABC5F9D311A0E90060970810AA3B52@CPE-144-132-217-232.nsw.bigpond.net.au> Hello all, Thanks to those who responded - especially those who replied within minutes! It appears the simplest way around the problem (the problem being I want to use PGP in Windoze and GPG in Unix for now) is to generate my keys in PGP and import them into GPG. This is apparantly because GPG stores its keys using Blowfish. I would have thought it could have been more friendly than that, but I suspect it is more PGP being broken than GPG :) Sam -----Original Message----- From: Frank Tobin [mailto:ftobin@uiuc.edu] Sent: Sunday, 23 April 2000 4:48 To: 'gnupg-users@gnupg.org' Cc: Johnston, Sam Subject: Re: Windoze PGP Compatability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Johnston, Sam, at 20:13 +1000 on Sat, 22 Apr 2000, wrote: > gpg --export-secret-keys --armor -o somefile.asc > > and then try to import them with PGPkeys I get errors about not containing > any valid PGP keys. The problem I would guess, is that the default symmetric algorithm used to encrypt GnuPG secret keys is Blowfish, which is not supported by PGP. I don't know how you could go about resolving this issue; that is, I don't know how you could get GnuPG to change the algorithm used to encrypt an already-created secret key. There is an option "s2k-cipher-algo", but according to the documentation in the manpage, is not clear that this may have any effect while not generating a key. - -- Frank Tobin http://www.uiuc.edu/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (FreeBSD) Comment: pgpenvelope - http://pgpenvelope.sourceforge.net/ iEYEARECAAYFAjkB89gACgkQVv/RCiYMT6Ol7QCdGMUmAV+7PDXakh2+mVtdmmUq +4IAn1n7jV60tCnq0s4eJ/1y03r0Kzhj =WI7j -----END PGP SIGNATURE----- From ftobin@uiuc.edu Sun Apr 23 18:45:46 2000 From: ftobin@uiuc.edu (Frank Tobin) Date: Sun, 23 Apr 2000 13:45:46 -0500 (CDT) Subject: Exit status and failed decryption of session key In-Reply-To: Message-ID: Florian Weimer, at 10:25 +0200 on 23 Apr 2000, wrote: > deneb:~$ dd if=/dev/zero count=1 | gpg --batch --output=- > --status-fd=2 --encrypt -r fw@deneb > /dev/null In GnuPG you don't follow options with equals '='. gpg --bach --status-fd 2 --encrypt -r fw@deneb -- Frank Tobin http://www.uiuc.edu/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus From johanw@vulcan.xs4all.nl Sun Apr 23 22:14:28 2000 From: johanw@vulcan.xs4all.nl (Johan Wevers) Date: Mon, 24 Apr 2000 00:14:28 +0200 (MET DST) Subject: failing to import PGP 5.0 key In-Reply-To: <200004231422.LAA25850@jupiter.accesscable.net> from Trevor Smith at "Apr 23, 2000 11:23:29 am" Message-ID: <200004232214.AAA21468@vulcan.xs4all.nl> Trevor Smith wrote: > Out of curiousity, is the RSA add-on being worked on now I don't know. >Or does the law demand that no work on it is even possible without a >license (while it is still patented)? The RSA patent is not valid in germany, where Werner lives, so he doesn't have to care about that patent anyway. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From rabbi@quickie.net Mon Apr 24 19:53:29 2000 From: rabbi@quickie.net (L. Sassaman) Date: Mon, 24 Apr 2000 12:53:29 -0700 (PDT) Subject: Windoze PGP Compatability In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 22 Apr 2000, Frank Tobin wrote: > -----BEGIN PGPENVELOPE PROCESSED MESSAGE----- > > Johnston, Sam, at 20:13 +1000 on Sat, 22 Apr 2000, wrote: > > > gpg --export-secret-keys --armor -o somefile.asc > > > > and then try to import them with PGPkeys I get errors about not containing > > any valid PGP keys. > > The problem I would guess, is that the default symmetric algorithm used to > encrypt GnuPG secret keys is Blowfish, which is not supported by PGP. > > I don't know how you could go about resolving this issue; that is, I don't > know how you could get GnuPG to change the algorithm used to encrypt an > already-created secret key. There is an option "s2k-cipher-algo", but > according to the documentation in the manpage, is not clear that this may > have any effect while not generating a key. That would be the "string-to-key" cipher algorithm. It is used to encrypt your private key. Set that to be one of the ciphers that PGP supports, and you should be fine. Also, disabling blowfish altogether is probably a good idea. __ L. Sassaman System Administrator | Technology Consultant | [This space for rent] icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | -----BEGIN PGP SIGNATURE----- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE5BKZCPYrxsgmsCmoRAqTLAKDmb/e1R5Wq6ZwO5ibfV83R3US5ggCgjWji xPFOo2FEOAZpf7PxfwThzp8= =MSUh -----END PGP SIGNATURE----- From rabbi@quickie.net Mon Apr 24 19:59:15 2000 From: rabbi@quickie.net (L. Sassaman) Date: Mon, 24 Apr 2000 12:59:15 -0700 (PDT) Subject: Windoze PGP Compatability In-Reply-To: <309220ABC5F9D311A0E90060970810AA3B52@CPE-144-132-217-232.nsw.bigpond.net.au> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 24 Apr 2000, Johnston, Sam wrote: > This is apparantly because GPG stores its keys using Blowfish. I would have > thought it could have been more friendly than that, but I suspect it is more > PGP being broken than GPG :) Um, no. There is nothing "broken" about an OpenPGP product not implementing Blowfish. I was just talking to Phil Z. about this issue last week. Twofish is a lot nicer than Blowfish. If you are in love with Bruce Schneier's work, use Twofish if you must. Even CAST and 3DES are probably better choices than Blowfish. I don't even think that Bruce recommends people use Blowfish anymore. __ L. Sassaman System Administrator | Technology Consultant | [This space for rent] icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | -----BEGIN PGP SIGNATURE----- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE5BKeaPYrxsgmsCmoRAi23AJ95mY76dFix2zjrPc6Ow5s85VZ8wQCgwLhs falocOMyYrPJVJ+u3HXOYDw= =hND1 -----END PGP SIGNATURE----- From jon@blading.com Mon Apr 24 22:25:07 2000 From: jon@blading.com (Jon Nathan) Date: Mon, 24 Apr 2000 18:25:07 -0400 (EDT) Subject: compiling idea,rsa modules for use with gnupg Message-ID: hello, i need to compile the idea and rsa modules for use with gnupg. however, i cannot find the document that tells how to do this and where to find the source files. i looked on the gnupg site for a while. can someone please send me a pointer to where this documentation is? thanks, -jon -- Jon Nathan jon@blading.com http://www.rupture.net/~jon/ From ino-waiting@gmx.net Mon Apr 24 22:37:25 2000 From: ino-waiting@gmx.net (Fischer) Date: Tue, 25 Apr 2000 00:37:25 +0200 (CEST) Subject: Windoze PGP Compatability In-Reply-To: Message-ID: On Mon, 24 Apr 2000, L. Sassaman wrote: > Also, disabling blowfish altogether is probably a good idea. why? -- ino-waiting@gmx.net From rabbi@quickie.net Mon Apr 24 23:06:12 2000 From: rabbi@quickie.net (L. Sassaman) Date: Mon, 24 Apr 2000 16:06:12 -0700 (PDT) Subject: Windoze PGP Compatability In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 25 Apr 2000, Fischer wrote: > On Mon, 24 Apr 2000, L. Sassaman wrote: > > > Also, disabling blowfish altogether is probably a good idea. > > why? Because it isn't as well reviewed as 3DES, well respected as CAST5 or IDEA, or as fast as Twofish. It's not supported by PGP for these reasons, and using it will cause potential problems if you intend to be able to use a GnuPG generated keypair with PGP. __ L. Sassaman System Administrator | Technology Consultant | [This space for rent] icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | -----BEGIN PGP SIGNATURE----- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE5BNNqPYrxsgmsCmoRAtAuAKCGa9jZlnwryMDUWqnD2/nG6zmH7QCfTSOB 8f+jb8uHOIUSwxZLqUOYOXE= =Edq+ -----END PGP SIGNATURE----- From ftobin@uiuc.edu Mon Apr 24 23:07:39 2000 From: ftobin@uiuc.edu (Frank Tobin) Date: Mon, 24 Apr 2000 18:07:39 -0500 (CDT) Subject: compiling idea,rsa modules for use with gnupg In-Reply-To: Message-ID: Jon Nathan, at 18:25 -0400 on Mon, 24 Apr 2000, wrote: > i need to compile the idea and rsa modules for use with gnupg. > however, i cannot find the document that tells how to do this and > where to find the source files. i looked on the gnupg site for a > while. ftp://ftp.gnupg.org/pub/gcrypt/contrib/ Documentation on how to use them is described in the header of the source. -- Frank Tobin http://www.uiuc.edu/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus From lhecking@nmrc.ucc.ie Mon Apr 24 23:10:19 2000 From: lhecking@nmrc.ucc.ie (Lars Hecking) Date: Tue, 25 Apr 2000 00:10:19 +0100 Subject: compiling idea,rsa modules for use with gnupg In-Reply-To: ; from jon@blading.com on Mon, Apr 24, 2000 at 06:25:07PM -0400 References: Message-ID: <20000425001019.A3541@tehran.nmrc.ucc.ie> Jon Nathan writes: > hello, > > i need to compile the idea and rsa modules for use with gnupg. > however, i cannot find the document that tells how to do this and > where to find the source files. i looked on the gnupg site for a > while. The idea and rsa modules are in ftp://ftp.gnupg.org/pub/gcrypt/contrib/. Compile instructions are in the files, but you may have to play around with linker options if your platform's method of creating loadable modules is different from "gcc -shared". From Andreas.Schamanek@univie.ac.at Mon Apr 24 23:14:07 2000 From: Andreas.Schamanek@univie.ac.at (Andreas Schamanek) Date: Tue, 25 Apr 2000 01:14:07 +0200 (MEST) Subject: compiling idea,rsa modules for use with gnupg In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 24 Apr 2000, Jon Nathan wrote: > i need to compile the idea and rsa modules for use with gnupg. (...) > can someone please send me a pointer to where this documentation is? you are probably looking for Replacing PGP 2.x with GnuPG http://www.gnupg.org/gph/en/pgp2x/t1.html HTH, - -- Andreas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjkE1WoACgkQIRmsLIVLKK2CiQCgxCKNMhpdQYXKdXVEkrPVhnrh xg8AoIvH/ELRMDVPgNek0LxWlnKsTt94 =rAcq -----END PGP SIGNATURE----- From ino-waiting@gmx.net Mon Apr 24 23:15:07 2000 From: ino-waiting@gmx.net (Fischer) Date: Tue, 25 Apr 2000 01:15:07 +0200 (CEST) Subject: compiling idea,rsa modules for use with gnupg In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 24 Apr 2000, Jon Nathan wrote: > i need to compile the idea and rsa modules for use with gnupg. > however, i cannot find the document that tells how to do this and > where to find the source files. i looked on the gnupg site for a > while. as i have been in your shoes only a week ago, i will let aside this ignorant and dumb question of yours as one of a naiive soul in desperate need 4 help, and even go out of my own way to even answer it: i got my copy of "idea.c" and "rsa.c" (and even "rsaref.c") at the very gnupg site, where they lay plain in the open. download and read the source. stop and copy where it says "gcc -fPIC -shared -O2 .c" and do so. this simple statement will compile the files to generate position independant code (PIC) suitable for use as shared objects. then edit your .gnupg/options to read "load-extension rsa" or "load-extension idea", copy the output of the compile runs ("idea" and "rsa") to "/usr/local/lib/gnupg/". after that, "gpg --version" will show you the light! - -- ino-waiting@gmx.net -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use Charset: noconv iQA/AwUBOQTVgtRoW4hIlMSDEQJ0kwCfTGhLEJ1Q7GmK8YCpmvEzjxoo7TAAoOil RfMizhZhw6MCX9xASWXibHNE =IzlU -----END PGP SIGNATURE----- From Florian.Weimer@rus.uni-stuttgart.de Tue Apr 25 15:34:15 2000 From: Florian.Weimer@rus.uni-stuttgart.de (Florian Weimer) Date: 25 Apr 2000 17:34:15 +0200 Subject: Exit status and failed decryption of session key In-Reply-To: Frank Tobin's message of "Sun, 23 Apr 2000 13:45:46 -0500 (CDT)" References: Message-ID: Frank Tobin writes: > In GnuPG you don't follow options with equals '='. The GNU conventions require that "=" works, and GnuPG seems to follow these conventions (see the arg_parse() function). -- Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898 http://ca.uni-stuttgart.de:11371/pks/lookup?op=get&search=0xC06EC3B5 From Andreas.Schamanek@univie.ac.at Tue Apr 25 17:10:04 2000 From: Andreas.Schamanek@univie.ac.at (Andreas Schamanek) Date: Tue, 25 Apr 2000 19:10:04 +0200 (MEST) Subject: getting rid of blowfishes (was Re: Windoze PGP Compatability) In-Reply-To: Message-ID: On Mon, 24 Apr 2000, L. Sassaman wrote: > > On Mon, 24 Apr 2000, L. Sassaman wrote: > > > > > Also, disabling blowfish altogether is probably a good idea. > > Because it isn't as well reviewed as 3DES, well respected as CAST5 or > IDEA, or as fast as Twofish. It's not supported by PGP for these reasons, > and using it will cause potential problems if you intend to be able to use > a GnuPG generated keypair with PGP. Actually, I like blowfishes (I mean the fish) but I understand that there are better alternatives when dealing with encryption. How can I move from the default BLOWFISH to some other cipher? Since my key is encrypted with BLOWFISH I can't just disable it, can I? I thought the trick is to remove the password, export the keys and import them again with BLOWFISH disabled. But when I try to reprotect my secret key GnuPG says gpg: protect_secret_key failed: unknown cipher algorithm Probably, I misunderstood some basics. Any clarification appreciated. Last question: If we should avoid BLOWFISH what cipher should we use? I know that this question cannot be dealt with in detail here. But maybe somebody can write a short note about her or his preferences (without being flamed by others ;) from an average user's point of view. The alternatives so far are: 3DES, CAST5 and TWOFISH. Regards, -- Andreas From rabbi@quickie.net Tue Apr 25 20:15:36 2000 From: rabbi@quickie.net (L. Sassaman) Date: Tue, 25 Apr 2000 13:15:36 -0700 (PDT) Subject: getting rid of blowfishes (was Re: Windoze PGP Compatability) In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 25 Apr 2000, Andreas Schamanek wrote: > How can I move from the default BLOWFISH to some other cipher? Since my > key is encrypted with BLOWFISH I can't just disable it, can I? > > I thought the trick is to remove the password, export the keys and > import them again with BLOWFISH disabled. But when I try to reprotect my > secret key GnuPG says > > gpg: protect_secret_key failed: unknown cipher algorithm > > Probably, I misunderstood some basics. Any clarification appreciated. I *think*, that if you delete your self sigs, set --s2k-cipher-algo to be a differenyt cipher, --disable-cipher-algo BLOWFISH, re-self-sign the keys, export with no password, import, assign a password, you should be fine. While you are at it, --disable-pubkey-algo ELG-S is another good precaution. > Last question: If we should avoid BLOWFISH what cipher should we use? > I know that this question cannot be dealt with in detail here. But maybe > somebody can write a short note about her or his preferences (without > being flamed by others ;) from an average user's point of view. 3DES is slow, but it is the most extensively reviewed, and it required to be in all OpenPGP products. IDEA and CAST5 are pretty well respected, are "SHOULDs" in the OpenPGP spec, and are faster than 3DES. IDEA has patent issues, and not all GnuPG users will have it enabled. So I would nix that. CAST5 is a good choice; fairly fast, fairly well respected (more so than Blowfish, not as trusted as 3DES). Twofish is the fastest of all of these, and also the newest. PGP 6.x and before does not support it. All versions of PGP greater than 1 support IDEA. PGP 5.x and up, as well as GnuPG, support CAST5 and 3DES. Take your pick... > The alternatives so far are: 3DES, CAST5 and TWOFISH. > > > Regards, > > -- Andreas > __ L. Sassaman System Administrator | Technology Consultant | [This space for rent] icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | -----BEGIN PGP SIGNATURE----- Comment: For info see http://www.gnupg.org iD8DBQE5Bfz3PYrxsgmsCmoRAhbJAKCQxSKkB2A5aoQZ1Ys6jzvfvRfw9ACgwLEh rPLASUr1NJbCzucdvaJzA5Y= =aYTy -----END PGP SIGNATURE----- From brian.galbraith@bigfoot.com Tue Apr 25 21:59:32 2000 From: brian.galbraith@bigfoot.com (Brian Galbraith) Date: Tue, 25 Apr 2000 22:59:32 +0100 (BST) Subject: Possible Bug in GnuPG? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Folks. Today I installed PGP on a windows system which uses Outlookexpress as the mail agent. All encrypted messages I send using GnuPG are displayed as a single line, with heavy vertical lines where the line ends should be. I asked for advice from the PGP users list, and was informed that this is a GnuPG Bug. I set up OE5 on my windows partition and carried out a few tests...GnuPG messages are displayed as described above. PGP 6.5.2 command line displays as it should be. Has anyone else noticed this? Regards Brian - ------------------------------------------------------------ Brian Galbraith Sign Only Key 0x6A6DFEFB http://picard.uni-paderborn.de:11371/pks/lookup?op=get&search=0x6A6DFEFB Default Encryption Key 0x63EBA765 (DH/DSA) http://picard.uni-paderborn.de:11371/pks/lookup?op=get&search=0x63EBA765 Please download latest keys (210400) - ----------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1e (GNU/Linux) Comment: Digital Signatures Verify Author and Unaltered Content iD8DBQE5BgXz1MQNj2pt/vsRAou4AJ9+rGS/717vyVoHJDALn4ai2bZBrACffT8u qy/NZ++DPmYj5VAXHgTEJwg= =xLNh -----END PGP SIGNATURE----- From brian.galbraith@bigfoot.com Tue Apr 25 22:05:48 2000 From: brian.galbraith@bigfoot.com (Brian Galbraith) Date: Tue, 25 Apr 2000 23:05:48 +0100 (BST) Subject: Possible Bug Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OOps...sorry. I am using 1.0.1e on Linux - ------------------------------------------------------------ Brian Galbraith Sign Only Key 0x6A6DFEFB http://picard.uni-paderborn.de:11371/pks/lookup?op=get&search=0x6A6DFEFB Default Encryption Key 0x63EBA765 (DH/DSA) http://picard.uni-paderborn.de:11371/pks/lookup?op=get&search=0x63EBA765 Please download latest keys (210400) - ----------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1e (GNU/Linux) Comment: Digital Signatures Verify Author and Unaltered Content iD8DBQE5BhZ8EPpEmWPrp2URAsG6AJ0fyXE/nRFE3FtBJfBgaX+2cHZ39wCgvvWM 7ZEPuM0/iAacQdXfOuQWpgM= =SssV -----END PGP SIGNATURE----- From bgalbraith@penguinpowered.com Tue Apr 25 22:26:26 2000 From: bgalbraith@penguinpowered.com (Brian Galbraith) Date: Tue, 25 Apr 2000 23:26:26 +0100 (BST) Subject: Possible Bug in GnuPG? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Folks. Today I installed PGP on a windows system which uses Outlookexpress as the mail agent. All encrypted messages I send using GnuPG are displayed as a single line, with heavy vertical lines where the line ends should be. I asked for advice from the PGP users list, and was informed that this is a GnuPG Bug. I set up OE5 on my windows partition and carried out a few tests...GnuPG messages are displayed as described above. PGP 6.5.2 command line displays as it should be. Has anyone else noticed this? Regards Brian - ------------------------------------------------------------ Brian Galbraith Sign Only Key 0x6A6DFEFB http://picard.uni-paderborn.de:11371/pks/lookup?op=get&search=0x6A6DFEFB Default Encryption Key 0x63EBA765 (DH/DSA) http://picard.uni-paderborn.de:11371/pks/lookup?op=get&search=0x63EBA765 Please download latest keys (210400) - ----------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1e (GNU/Linux) Comment: Digital Signatures Verify Author and Unaltered Content iD8DBQE5BgXz1MQNj2pt/vsRAou4AJ9+rGS/717vyVoHJDALn4ai2bZBrACffT8u qy/NZ++DPmYj5VAXHgTEJwg= =xLNh -----END PGP SIGNATURE----- From bgalbraith@penguinpowered.com Tue Apr 25 22:26:28 2000 From: bgalbraith@penguinpowered.com (Brian Galbraith) Date: Tue, 25 Apr 2000 23:26:28 +0100 (BST) Subject: Possible Bug Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OOps...sorry. I am using 1.0.1e on Linux - ------------------------------------------------------------ Brian Galbraith Sign Only Key 0x6A6DFEFB http://picard.uni-paderborn.de:11371/pks/lookup?op=get&search=0x6A6DFEFB Default Encryption Key 0x63EBA765 (DH/DSA) http://picard.uni-paderborn.de:11371/pks/lookup?op=get&search=0x63EBA765 Please download latest keys (210400) - ----------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1e (GNU/Linux) Comment: Digital Signatures Verify Author and Unaltered Content iD8DBQE5BhZ8EPpEmWPrp2URAsG6AJ0fyXE/nRFE3FtBJfBgaX+2cHZ39wCgvvWM 7ZEPuM0/iAacQdXfOuQWpgM= =SssV -----END PGP SIGNATURE----- From krishnanmen@aditi.com Wed Apr 26 05:33:29 2000 From: krishnanmen@aditi.com (Krishnan Menon (IND)) Date: Wed, 26 Apr 2000 11:03:29 +0530 Subject: Possible Bug in GnuPG? Message-ID: <608E92548499D311A89400062938380401352F50@TOMCAT> Here's the deal. Windows GUI apps, at least the basic things like Notepad that I've noticed this with, seem to require a 0xOd 0xOa character sequence to mark an end of line. Thats CR LF. Most GnuPG output seems to have only the 0x0d character to mark EOL. That's what shows up as the "heavy vertical lines". I had the same experience as you did with the command line and I think Windows command line apps perform the translation before displaying. I can't be sure though, but they seem to handle this fine. Krish -----Original Message----- From: Brian Galbraith [mailto:bgalbraith@penguinpowered.com] Sent: Wednesday, April 26, 2000 3:56 AM To: gnupg-users@gnupg.org Subject: Possible Bug in GnuPG? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Folks. Today I installed PGP on a windows system which uses Outlookexpress as the mail agent. All encrypted messages I send using GnuPG are displayed as a single line, with heavy vertical lines where the line ends should be. I asked for advice from the PGP users list, and was informed that this is a GnuPG Bug. I set up OE5 on my windows partition and carried out a few tests...GnuPG messages are displayed as described above. PGP 6.5.2 command line displays as it should be. Has anyone else noticed this? Regards Brian - ------------------------------------------------------------ Brian Galbraith Sign Only Key 0x6A6DFEFB http://picard.uni-paderborn.de:11371/pks/lookup?op=get&search=0x6A6DFEFB Default Encryption Key 0x63EBA765 (DH/DSA) http://picard.uni-paderborn.de:11371/pks/lookup?op=get&search=0x63EBA765 Please download latest keys (210400) - ----------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1e (GNU/Linux) Comment: Digital Signatures Verify Author and Unaltered Content iD8DBQE5BgXz1MQNj2pt/vsRAou4AJ9+rGS/717vyVoHJDALn4ai2bZBrACffT8u qy/NZ++DPmYj5VAXHgTEJwg= =xLNh -----END PGP SIGNATURE----- From Pierre-Henri.Senesi@taloa.unice.fr Wed Apr 26 12:06:10 2000 From: Pierre-Henri.Senesi@taloa.unice.fr (Pierre-Henri SENESI) Date: Wed, 26 Apr 2000 14:06:10 +0200 Subject: Possible Bug References: Message-ID: <3906DBB2.D6C42A16@taloa.unice.fr> I am no more interrsetd in this list I cannot unsubscribe by the normal ways please unsubcribe me Brian Galbraith a écrit: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > OOps...sorry. > > I am using 1.0.1e on Linux > > - ------------------------------------------------------------ > Brian Galbraith > > Sign Only Key 0x6A6DFEFB > http://picard.uni-paderborn.de:11371/pks/lookup?op=get&search=0x6A6DFEFB > Default Encryption Key 0x63EBA765 (DH/DSA) > http://picard.uni-paderborn.de:11371/pks/lookup?op=get&search=0x63EBA765 > Please download latest keys (210400) > > - ----------------------------------------------------------- > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.1e (GNU/Linux) > Comment: Digital Signatures Verify Author and Unaltered Content > > iD8DBQE5BhZ8EPpEmWPrp2URAsG6AJ0fyXE/nRFE3FtBJfBgaX+2cHZ39wCgvvWM > 7ZEPuM0/iAacQdXfOuQWpgM= > =SssV > -----END PGP SIGNATURE----- -- ----------------------------------------------------------------------------------------------- Pierre-Henri SENESI formateur technologie Institut Universitaire de Formation des Maitres Nice Technology trainer University Institute for Teacher Training Nice France 43, Av. Stephen Liegeard F 06100 NICE France tél/fax (33)/(0) 492.07.74.89 ----------------------------------------------------------------------------------------------- From Pierre-Henri.Senesi@taloa.unice.fr Wed Apr 26 12:06:26 2000 From: Pierre-Henri.Senesi@taloa.unice.fr (Pierre-Henri SENESI) Date: Wed, 26 Apr 2000 14:06:26 +0200 Subject: Possible Bug in GnuPG? References: Message-ID: <3906DBC2.2495CA4E@taloa.unice.fr> I am no more interrsetd in this list I cannot unsubscribe by the normal ways please unsubcribe me Brian Galbraith a écrit: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi Folks. > > Today I installed PGP on a windows system which uses Outlookexpress as the > mail agent. > > All encrypted messages I send using GnuPG are displayed as a single line, > with heavy vertical lines where the line ends should be. > > I asked for advice from the PGP users list, and was informed that this is a > GnuPG Bug. > > I set up OE5 on my windows partition and carried out a few tests...GnuPG > messages are displayed as described above. PGP 6.5.2 command line displays > as it should be. > > Has anyone else noticed this? > > Regards > Brian > > - ------------------------------------------------------------ > Brian Galbraith > > Sign Only Key 0x6A6DFEFB > http://picard.uni-paderborn.de:11371/pks/lookup?op=get&search=0x6A6DFEFB > Default Encryption Key 0x63EBA765 (DH/DSA) > http://picard.uni-paderborn.de:11371/pks/lookup?op=get&search=0x63EBA765 > Please download latest keys (210400) > > - ----------------------------------------------------------- > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.1e (GNU/Linux) > Comment: Digital Signatures Verify Author and Unaltered Content > > iD8DBQE5BgXz1MQNj2pt/vsRAou4AJ9+rGS/717vyVoHJDALn4ai2bZBrACffT8u > qy/NZ++DPmYj5VAXHgTEJwg= > =xLNh > -----END PGP SIGNATURE----- -- ----------------------------------------------------------------------------------------------- Pierre-Henri SENESI formateur technologie Institut Universitaire de Formation des Maitres Nice Technology trainer University Institute for Teacher Training Nice France 43, Av. Stephen Liegeard F 06100 NICE France tél/fax (33)/(0) 492.07.74.89 ----------------------------------------------------------------------------------------------- From Pierre-Henri.Senesi@taloa.unice.fr Wed Apr 26 12:05:40 2000 From: Pierre-Henri.Senesi@taloa.unice.fr (Pierre-Henri SENESI) Date: Wed, 26 Apr 2000 14:05:40 +0200 Subject: Possible Bug References: Message-ID: <3906DB94.2F99136D@taloa.unice.fr> I am no more interrsetd in this list I cannot unsubscribe by the normal ways please unsubcribe me Brian Galbraith a écrit: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > OOps...sorry. > > I am using 1.0.1e on Linux > > - ------------------------------------------------------------ > Brian Galbraith > > Sign Only Key 0x6A6DFEFB > http://picard.uni-paderborn.de:11371/pks/lookup?op=get&search=0x6A6DFEFB > Default Encryption Key 0x63EBA765 (DH/DSA) > http://picard.uni-paderborn.de:11371/pks/lookup?op=get&search=0x63EBA765 > Please download latest keys (210400) > > - ----------------------------------------------------------- > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.1e (GNU/Linux) > Comment: Digital Signatures Verify Author and Unaltered Content > > iD8DBQE5BhZ8EPpEmWPrp2URAsG6AJ0fyXE/nRFE3FtBJfBgaX+2cHZ39wCgvvWM > 7ZEPuM0/iAacQdXfOuQWpgM= > =SssV > -----END PGP SIGNATURE----- -- ----------------------------------------------------------------------------------------------- Pierre-Henri SENESI formateur technologie Institut Universitaire de Formation des Maitres Nice Technology trainer University Institute for Teacher Training Nice France 43, Av. Stephen Liegeard F 06100 NICE France tél/fax (33)/(0) 492.07.74.89 ----------------------------------------------------------------------------------------------- From Pierre-Henri.Senesi@taloa.unice.fr Wed Apr 26 12:06:51 2000 From: Pierre-Henri.Senesi@taloa.unice.fr (Pierre-Henri SENESI) Date: Wed, 26 Apr 2000 14:06:51 +0200 Subject: getting rid of blowfishes (was Re: Windoze PGP Compatability) References: Message-ID: <3906DBDB.B80C354C@taloa.unice.fr> I am no more interrsetd in this list I cannot unsubscribe by the normal ways please unsubcribe me Andreas Schamanek a écrit: > > On Mon, 24 Apr 2000, L. Sassaman wrote: > > > > On Mon, 24 Apr 2000, L. Sassaman wrote: > > > > > > > Also, disabling blowfish altogether is probably a good idea. > > > > Because it isn't as well reviewed as 3DES, well respected as CAST5 or > > IDEA, or as fast as Twofish. It's not supported by PGP for these reasons, > > and using it will cause potential problems if you intend to be able to use > > a GnuPG generated keypair with PGP. > > Actually, I like blowfishes (I mean the fish) but I understand that > there are better alternatives when dealing with encryption. > > How can I move from the default BLOWFISH to some other cipher? Since my > key is encrypted with BLOWFISH I can't just disable it, can I? > > I thought the trick is to remove the password, export the keys and > import them again with BLOWFISH disabled. But when I try to reprotect my > secret key GnuPG says > > gpg: protect_secret_key failed: unknown cipher algorithm > > Probably, I misunderstood some basics. Any clarification appreciated. > > Last question: If we should avoid BLOWFISH what cipher should we use? > I know that this question cannot be dealt with in detail here. But maybe > somebody can write a short note about her or his preferences (without > being flamed by others ;) from an average user's point of view. > > The alternatives so far are: 3DES, CAST5 and TWOFISH. > > Regards, > > -- Andreas -- ----------------------------------------------------------------------------------------------- Pierre-Henri SENESI formateur technologie Institut Universitaire de Formation des Maitres Nice Technology trainer University Institute for Teacher Training Nice France 43, Av. Stephen Liegeard F 06100 NICE France tél/fax (33)/(0) 492.07.74.89 ----------------------------------------------------------------------------------------------- From Pierre-Henri.Senesi@taloa.unice.fr Wed Apr 26 12:05:59 2000 From: Pierre-Henri.Senesi@taloa.unice.fr (Pierre-Henri SENESI) Date: Wed, 26 Apr 2000 14:05:59 +0200 Subject: Possible Bug in GnuPG? References: Message-ID: <3906DBA7.6D77C7EC@taloa.unice.fr> I am no more interrsetd in this list I cannot unsubscribe by the normal ways please unsubcribe me Brian Galbraith a écrit: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi Folks. > > Today I installed PGP on a windows system which uses Outlookexpress as the > mail agent. > > All encrypted messages I send using GnuPG are displayed as a single line, > with heavy vertical lines where the line ends should be. > > I asked for advice from the PGP users list, and was informed that this is a > GnuPG Bug. > > I set up OE5 on my windows partition and carried out a few tests...GnuPG > messages are displayed as described above. PGP 6.5.2 command line displays > as it should be. > > Has anyone else noticed this? > > Regards > Brian > > - ------------------------------------------------------------ > Brian Galbraith > > Sign Only Key 0x6A6DFEFB > http://picard.uni-paderborn.de:11371/pks/lookup?op=get&search=0x6A6DFEFB > Default Encryption Key 0x63EBA765 (DH/DSA) > http://picard.uni-paderborn.de:11371/pks/lookup?op=get&search=0x63EBA765 > Please download latest keys (210400) > > - ----------------------------------------------------------- > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.1e (GNU/Linux) > Comment: Digital Signatures Verify Author and Unaltered Content > > iD8DBQE5BgXz1MQNj2pt/vsRAou4AJ9+rGS/717vyVoHJDALn4ai2bZBrACffT8u > qy/NZ++DPmYj5VAXHgTEJwg= > =xLNh > -----END PGP SIGNATURE----- -- ----------------------------------------------------------------------------------------------- Pierre-Henri SENESI formateur technologie Institut Universitaire de Formation des Maitres Nice Technology trainer University Institute for Teacher Training Nice France 43, Av. Stephen Liegeard F 06100 NICE France tél/fax (33)/(0) 492.07.74.89 ----------------------------------------------------------------------------------------------- From Pierre-Henri.Senesi@taloa.unice.fr Wed Apr 26 12:06:37 2000 From: Pierre-Henri.Senesi@taloa.unice.fr (Pierre-Henri SENESI) Date: Wed, 26 Apr 2000 14:06:37 +0200 Subject: getting rid of blowfishes (was Re: Windoze PGP Compatability) References: Message-ID: <3906DBCD.57DD5FA6@taloa.unice.fr> I am no more interrsetd in this list I cannot unsubscribe by the normal ways please unsubcribe me L. Sassaman a écrit: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tue, 25 Apr 2000, Andreas Schamanek wrote: > > > How can I move from the default BLOWFISH to some other cipher? Since my > > key is encrypted with BLOWFISH I can't just disable it, can I? > > > > I thought the trick is to remove the password, export the keys and > > import them again with BLOWFISH disabled. But when I try to reprotect my > > secret key GnuPG says > > > > gpg: protect_secret_key failed: unknown cipher algorithm > > > > Probably, I misunderstood some basics. Any clarification appreciated. > > I *think*, that if you delete your self sigs, set --s2k-cipher-algo to be > a differenyt cipher, --disable-cipher-algo BLOWFISH, re-self-sign the > keys, export with no password, import, assign a password, you should be > fine. > > While you are at it, --disable-pubkey-algo ELG-S is another good > precaution. > > > Last question: If we should avoid BLOWFISH what cipher should we use? > > I know that this question cannot be dealt with in detail here. But maybe > > somebody can write a short note about her or his preferences (without > > being flamed by others ;) from an average user's point of view. > > 3DES is slow, but it is the most extensively reviewed, and it required to > be in all OpenPGP products. IDEA and CAST5 are pretty well respected, are > "SHOULDs" in the OpenPGP spec, and are faster than 3DES. IDEA has patent > issues, and not all GnuPG users will have it enabled. So I would nix > that. CAST5 is a good choice; fairly fast, fairly well respected (more so > than Blowfish, not as trusted as 3DES). > > Twofish is the fastest of all of these, and also the newest. PGP 6.x and > before does not support it. > > All versions of PGP greater than 1 support IDEA. > > PGP 5.x and up, as well as GnuPG, support CAST5 and 3DES. > > Take your pick... > > > The alternatives so far are: 3DES, CAST5 and TWOFISH. > > > > > > Regards, > > > > -- Andreas > > > > __ > > L. Sassaman > > System Administrator | > Technology Consultant | [This space for rent] > icq.. 10735603 | > pgp.. finger://ns.quickie.net/rabbi | > > -----BEGIN PGP SIGNATURE----- > Comment: For info see http://www.gnupg.org > > iD8DBQE5Bfz3PYrxsgmsCmoRAhbJAKCQxSKkB2A5aoQZ1Ys6jzvfvRfw9ACgwLEh > rPLASUr1NJbCzucdvaJzA5Y= > =aYTy > -----END PGP SIGNATURE----- -- ----------------------------------------------------------------------------------------------- Pierre-Henri SENESI formateur technologie Institut Universitaire de Formation des Maitres Nice Technology trainer University Institute for Teacher Training Nice France 43, Av. Stephen Liegeard F 06100 NICE France tél/fax (33)/(0) 492.07.74.89 ----------------------------------------------------------------------------------------------- From Pierre-Henri.Senesi@taloa.unice.fr Wed Apr 26 12:05:27 2000 From: Pierre-Henri.Senesi@taloa.unice.fr (Pierre-Henri SENESI) Date: Wed, 26 Apr 2000 14:05:27 +0200 Subject: Possible Bug in GnuPG? References: <608E92548499D311A89400062938380401352F50@TOMCAT> Message-ID: <3906DB87.E6B8244C@taloa.unice.fr> I am no more interrsetd in this list I cannot unsubscribe by the normal ways please unsubcribe me Krishnan Menon (IND) a écrit: > > Here's the deal. Windows GUI apps, at least the basic things like Notepad > that I've noticed this with, seem to require a 0xOd 0xOa character sequence > to mark an end of line. Thats CR LF. Most GnuPG output seems to have only > the 0x0d character to mark EOL. That's what shows up as the "heavy vertical > lines". > > I had the same experience as you did with the command line and I think > Windows command line apps perform the translation before displaying. I can't > be sure though, but they seem to handle this fine. > > Krish > > -----Original Message----- > From: Brian Galbraith [mailto:bgalbraith@penguinpowered.com] > Sent: Wednesday, April 26, 2000 3:56 AM > To: gnupg-users@gnupg.org > Subject: Possible Bug in GnuPG? > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi Folks. > > Today I installed PGP on a windows system which uses Outlookexpress as the > mail agent. > > All encrypted messages I send using GnuPG are displayed as a single line, > with heavy vertical lines where the line ends should be. > > I asked for advice from the PGP users list, and was informed that this is a > GnuPG Bug. > > I set up OE5 on my windows partition and carried out a few tests...GnuPG > messages are displayed as described above. PGP 6.5.2 command line displays > as it should be. > > Has anyone else noticed this? > > Regards > Brian > > - ------------------------------------------------------------ > Brian Galbraith > > Sign Only Key 0x6A6DFEFB > http://picard.uni-paderborn.de:11371/pks/lookup?op=get&search=0x6A6DFEFB > Default Encryption Key 0x63EBA765 (DH/DSA) > http://picard.uni-paderborn.de:11371/pks/lookup?op=get&search=0x63EBA765 > Please download latest keys (210400) > > - ----------------------------------------------------------- > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.1e (GNU/Linux) > Comment: Digital Signatures Verify Author and Unaltered Content > > iD8DBQE5BgXz1MQNj2pt/vsRAou4AJ9+rGS/717vyVoHJDALn4ai2bZBrACffT8u > qy/NZ++DPmYj5VAXHgTEJwg= > =xLNh > -----END PGP SIGNATURE----- -- ----------------------------------------------------------------------------------------------- Pierre-Henri SENESI formateur technologie Institut Universitaire de Formation des Maitres Nice Technology trainer University Institute for Teacher Training Nice France 43, Av. Stephen Liegeard F 06100 NICE France tél/fax (33)/(0) 492.07.74.89 ----------------------------------------------------------------------------------------------- From homega@ciberia.es (Horacio) Wed Apr 26 14:14:14 2000 From: homega@ciberia.es (Horacio) (Horacio MG) Date: Wed, 26 Apr 2000 16:14:14 +0200 Subject: Possible Bug in GnuPG? In-Reply-To: <3906DB87.E6B8244C@taloa.unice.fr>; from Pierre-Henri.Senesi@taloa.unice.fr on Wed, Apr 26, 2000 at 02:05:27PM +0200 References: <608E92548499D311A89400062938380401352F50@TOMCAT> <3906DB87.E6B8244C@taloa.unice.fr> Message-ID: <20000426161414.A1513@ciberia.es> El mié, 26 de abr de 2000, a las 02:05:27 +0200, Pierre-Henri SENESI dijo: > I am no more interrsetd in this list I cannot unsubscribe by the > normal ways please unsubcribe me Nah! We'll keep you around for good! -- Horacio Anno MMDCCLIII aUC homega@ciberia.es Valencia - ESPAŃA -------------------------------------------------------------------- Key fingerprint = F4EE AE5E 2F01 0DB3 62F2 A9F4 AD31 7093 4233 7AE6 From marius@alpha1.net Wed Apr 26 14:54:04 2000 From: marius@alpha1.net (Marius Strom) Date: Wed, 26 Apr 2000 09:54:04 -0500 (CDT) Subject: Possible Bug in GnuPG? In-Reply-To: <3906DB87.E6B8244C@taloa.unice.fr> Message-ID: I've got to agree with Pierre-Henri on this -- I've tried unsubscribing from this list as well to no avail. The only thing that remains an option to me is setting up sendmail rules to 550 the mail -- something I _don't_ want to do, because it's absurd. Who is managing the list? Why can't this get solved? Mailing lists are _not_ that difficult to administrate. -- Marius Strom Professional Geek/Unix System Administrator Alpha1 Internet http://www.marius.org/marius.pgp 0x42C74CBA Quidquid Latine Dictum Sit, Profundum Viditur. On Wed, 26 Apr 2000, Pierre-Henri SENESI wrote: > I am no more interrsetd in this list > I cannot unsubscribe by the normal ways > please unsubcribe me > > > Krishnan Menon (IND) a écrit: > > > > Here's the deal. Windows GUI apps, at least the basic things like Notepad > > that I've noticed this with, seem to require a 0xOd 0xOa character sequence > > to mark an end of line. Thats CR LF. Most GnuPG output seems to have only > > the 0x0d character to mark EOL. That's what shows up as the "heavy vertical > > lines". > > > > I had the same experience as you did with the command line and I think > > Windows command line apps perform the translation before displaying. I can't > > be sure though, but they seem to handle this fine. > > > > Krish > > > > -----Original Message----- > > From: Brian Galbraith [mailto:bgalbraith@penguinpowered.com] > > Sent: Wednesday, April 26, 2000 3:56 AM > > To: gnupg-users@gnupg.org > > Subject: Possible Bug in GnuPG? > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Hi Folks. > > > > Today I installed PGP on a windows system which uses Outlookexpress as the > > mail agent. > > > > All encrypted messages I send using GnuPG are displayed as a single line, > > with heavy vertical lines where the line ends should be. > > > > I asked for advice from the PGP users list, and was informed that this is a > > GnuPG Bug. > > > > I set up OE5 on my windows partition and carried out a few tests...GnuPG > > messages are displayed as described above. PGP 6.5.2 command line displays > > as it should be. > > > > Has anyone else noticed this? > > > > Regards > > Brian > > > > - ------------------------------------------------------------ > > Brian Galbraith > > > > Sign Only Key 0x6A6DFEFB > > http://picard.uni-paderborn.de:11371/pks/lookup?op=get&search=0x6A6DFEFB > > Default Encryption Key 0x63EBA765 (DH/DSA) > > http://picard.uni-paderborn.de:11371/pks/lookup?op=get&search=0x63EBA765 > > Please download latest keys (210400) > > > > - ----------------------------------------------------------- > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.0.1e (GNU/Linux) > > Comment: Digital Signatures Verify Author and Unaltered Content > > > > iD8DBQE5BgXz1MQNj2pt/vsRAou4AJ9+rGS/717vyVoHJDALn4ai2bZBrACffT8u > > qy/NZ++DPmYj5VAXHgTEJwg= > > =xLNh > > -----END PGP SIGNATURE----- > > From lhecking@nmrc.ucc.ie Wed Apr 26 15:03:31 2000 From: lhecking@nmrc.ucc.ie (Lars Hecking) Date: Wed, 26 Apr 2000 16:03:31 +0100 Subject: Possible Bug in GnuPG? In-Reply-To: ; from marius@alpha1.net on Wed, Apr 26, 2000 at 09:54:04AM -0500 References: <3906DB87.E6B8244C@taloa.unice.fr> Message-ID: <20000426160331.A12611@tehran.nmrc.ucc.ie> Marius Strom writes: > I've got to agree with Pierre-Henri on this -- I've tried unsubscribing > from this list as well to no avail. The only thing that remains an option > to me is setting up sendmail rules to 550 the mail -- something I _don't_ > want to do, because it's absurd. > > Who is managing the list? Why can't this get solved? Mailing lists are > _not_ that difficult to administrate. Werner will be back next week, so I guess it'll have to wait until then. From johanw@vulcan.xs4all.nl Wed Apr 26 06:41:29 2000 From: johanw@vulcan.xs4all.nl (Johan Wevers) Date: Wed, 26 Apr 2000 08:41:29 +0200 (MET DST) Subject: Possible Bug in GnuPG? In-Reply-To: from Brian Galbraith at "Apr 25, 2000 11:26:26 pm" Message-ID: <200004260641.IAA27603@vulcan.xs4all.nl> Brian Galbraith (brian.galbraith@bigfoot.com) wrote: >All encrypted messages I send using GnuPG are displayed as a single line, >with heavy vertical lines where the line ends should be. Aren't this Unix end-of-line markers (just \n, DOS uses \n\r), that are displayed this way by some windows controls? -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From dave.holland@incyte.com Wed Apr 26 16:20:38 2000 From: dave.holland@incyte.com (Dave Holland) Date: Wed, 26 Apr 2000 17:20:38 +0100 Subject: mailing list In-Reply-To: ; from marius@alpha1.net on Wed, Apr 26, 2000 at 09:54:04AM -0500 References: <3906DB87.E6B8244C@taloa.unice.fr> Message-ID: <20000426172038.I29026@rooster.eu.incyte.com> On Wed, Apr 26, 2000 at 09:54:04AM -0500, Marius Strom wrote: > I've got to agree with Pierre-Henri on this -- I've tried unsubscribing > from this list as well to no avail. This is ludicrous (as well as off-topic :-( ) I have just successfully subscribed and unsubscribed to the list (using a different email address). If it works for me I wonder why it doesn't work for you? Are you following the unsubscription instructions closely? Dave -- Dave Holland | "If a site has pages that cause Systems Manager | your browser to restart, don't Incyte Genomics | go there again" -- Microsoft Cambridge, UK | From marius@alpha1.net Wed Apr 26 16:47:03 2000 From: marius@alpha1.net (Marius Strom) Date: Wed, 26 Apr 2000 11:47:03 -0500 (CDT) Subject: mailing list In-Reply-To: <20000426172038.I29026@rooster.eu.incyte.com> Message-ID: Dave, Yes, I've sent email to gnupg-users-request@gnupg.org, with the body of unsubscribe. It claims it can't find my email address (yes, I subscribed with the same email address). -- Marius Strom Professional Geek/Unix System Administrator Alpha1 Internet http://www.marius.org/marius.pgp 0x42C74CBA Quidquid Latine Dictum Sit, Profundum Viditur. On Wed, 26 Apr 2000, Dave Holland wrote: > On Wed, Apr 26, 2000 at 09:54:04AM -0500, Marius Strom wrote: > > I've got to agree with Pierre-Henri on this -- I've tried unsubscribing > > from this list as well to no avail. > > This is ludicrous (as well as off-topic :-( ) > > I have just successfully subscribed and unsubscribed to the list > (using a different email address). If it works for me I wonder why it > doesn't work for you? > > Are you following the unsubscription instructions closely? > > Dave > From marius@alpha1.net Wed Apr 26 16:49:36 2000 From: marius@alpha1.net (Marius Strom) Date: Wed, 26 Apr 2000 11:49:36 -0500 (CDT) Subject: standing corrected Message-ID: Never ye mind. Seems Werner fixed the problem in the last two weeks since my last unsubscription attempt. (Flame away, I'm unsubscribed *chuckle*) -- Marius Strom Professional Geek/Unix System Administrator Alpha1 Internet http://www.marius.org/marius.pgp 0x42C74CBA Quidquid Latine Dictum Sit, Profundum Viditur. From mr.bad@pigdog.org Wed Apr 26 16:52:54 2000 From: mr.bad@pigdog.org (Mr. Bad) Date: 26 Apr 2000 09:52:54 -0700 Subject: Too Dumb to Unsubscribe In-Reply-To: Pierre-Henri SENESI's message of "Wed, 26 Apr 2000 14:06:37 +0200" References: <3906DBCD.57DD5FA6@taloa.unice.fr> Message-ID: >>>>> "PS" == Pierre-Henri SENESI writes: PS> I am no more interrsetd in this list I cannot unsubscribe by PS> the normal ways please unsubcribe me Pierre-Henri, Constantly bombarding the list with unsub*****e messages marks you as a complete Internet shithead. This isn't going to make you any friends, nor is it going to incent people to try and help you out. You should be able to send a message with: unsubscribe to "gnupg-users-request@gnupg.org." A common mistake is when you have multiple email addresses, and you try to unsub the wrong address. You might want to check the headers of your gnupg-users messages to see where they're being delivered to. ~Mr. Bad -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /\____/\ Mr. Bad \ / Pigdog Journal | http://pigdog.org/ | RoR - Alucard | (X \x) ( ((**) "What you do in the light/Is reflected in the dark \ Leave some doors open/Before you cross over." ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From daniel@crisman.org Wed Apr 26 16:54:11 2000 From: daniel@crisman.org (Daniel F. Crisman) Date: Wed, 26 Apr 2000 12:54:11 -0400 (EDT) Subject: mailing list In-Reply-To: Message-ID: Well as the instructions say put it in the subject line (not body), try that. > Dave, > Yes, I've sent email to gnupg-users-request@gnupg.org, with the body of > unsubscribe. It claims it can't find my email address (yes, I subscribed > with the same email address). > > -- > Marius Strom > Professional Geek/Unix System Administrator > Alpha1 Internet