date:20130104

Hi,

This is an important issue for me.  I would really appreciate, if any one
can help.

Server 1:
I have a server with Red Hat Enterprise Linux AS release 4 (Nahant Update
5) and having gnupg version 1.2.6.


When I am trying to import a key, I am getting below problem and the key is
not getting imported.  The key is 2048 bits.


# gpg --import /key.asc
gpg: DSA requires the use of a 160 bit hash algorithm
gpg: DSA requires the use of a 160 bit hash algorithm
gpg: DSA requires the use of a 160 bit hash algorithm
gpg: DSA requires the use of a 160 bit hash algorithm
gpg: key ACF6FA22: no valid user IDs
gpg: this may be caused by a missing self-signature
gpg: Total number processed: 1
gpg:   w/o user IDs: 1
#


Server 2:

I have an another server with Red Hat Enterprise Linux Server release 5.5
(Tikanga) and with gncpg version 1.4.5.  On this I am able to import the
same key successfully.

Unfortunately, I cannot upgrade Linux on Server 1.  What I have to do to
solve the problem with gpg import on Server 1?

Do I have to upgrade the gncpg on Server 1 or is there alternate solution?
If I have to upgrade gncpg, to which version of gncpg I have to update?  I
cannot use up2date because the Server 1 is not subscribed to RHN.  So what
will be the alternate way to upgrade without up2date.

Thank you very much,

Anil.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gnupg not working with RHEL 4

2013-01-04 Thread Robert J. Hansen

On 1/3/2013 2:37 PM, Anilkumar Padmaraju wrote:
 This is an important issue for me.  I would really appreciate, if any
 one can help.

The fix is easy: upgrade GnuPG.

Version 1.2.6 is old, really old.  The certificate you're trying to
import uses an algorithm (DSA2) which is relatively new.  GnuPG is
trying to treat this as a DSA certificate and is complaining that it
uses the wrong parameters.

Download and install the GnuPG 1.4.13 source code from:

ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.13.tar.bz2

... and this problem will go away.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Is a document signed with hellosign legally binding?

2013-01-04 Thread Mark H. Wood

I don't know, but I must say that I'm wary of dealing with unknown
people who are collecting signature samples from all over Europe,
offering a service which seems to accomplish very little and making
disputed claims about its legal effect.

-- 
Mark H. Wood, Lead System Programmer   mw...@iupui.edu
There's an app for that:  your browser


pgpsy88REgYEZ.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gnupg not working with RHEL 4

On Jan 3, 2013, at 2:37 PM, Anilkumar Padmaraju apadmar...@prounlimited.com 
wrote:

 Hi,
 
 This is an important issue for me.  I would really appreciate, if any one can 
 help.
 
 Server 1:
 I have a server with Red Hat Enterprise Linux AS release 4 (Nahant Update 5) 
 and having gnupg version 1.2.6.
 
 
 When I am trying to import a key, I am getting below problem and the key is 
 not getting imported.  The key is 2048 bits.
 
 
 
 # gpg --import /key.asc
 gpg: DSA requires the use of a 160 bit hash algorithm

This means that you are trying to import a key with a version of GnuPG that is 
too old to understand it.  That key uses a feature (called DSA2) that didn't 
exist in version 1.2.6 of GnuPG.

 Unfortunately, I cannot upgrade Linux on Server 1.  What I have to do to 
 solve the problem with gpg import on Server 1?  

While you don't have to upgrade Linux on server 1, you do need to at least 
upgrade GnuPG.

Go to http://www.gnupg.org/download/ and grab the latest 1.4 version of GnuPG 
(at the moment, it's 1.4.13).  That is the easiest replacement for 1.2.6, and 
will handle that DSA2 key just fine.

David


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Paperkey 1.3

2013-01-04 Thread Johan Wevers

On 04-01-2013 5:42, David Shaw wrote:

 Paperkey 1.3 is released.

You might want to update the website, it reads a bit outdated.
CD/DVD-ROMs are going the way of the floppy disc; flash memory is much
more reliable than either. Future support of USB ports or memory card
readers seems the biggest concern for me.

-- 
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: New packet headers and gpg


Somebody claiming to be David Shaw wrote:

On Jan 3, 2013, at 9:53 PM, Stephen Paul Weber singpol...@singpolyma.net 
wrote:
tell gpg or gpg2 to produce new packet length headers for output?  


No.  GPG automatically uses the old packet headers for those packets that 
can be described that way


Hmm, ok.  I was hoping that with all the advanced mode, you probably don't 
care about this features, there would be one for this.


--
Stephen Paul Weber, @singpolyma
See http://singpolyma.net for how I prefer to be contacted
edition right joseph


signature.asc
Description: Digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

poldi

2013-01-04 Thread Fabio Coatti

Hi, 
I'm playing a bit with a fsfe card and trying to find a way to use smartcard 
for xscreensaver I've stumbled on poldi references, but the sources seems 
untouched since long time.
before starting to work on a updated ebuild (I'm on gentoo installation), is 
poldi still alive or do we have better way to reach the same goal (basically, 
having xscreensaver and other pam enabled things using the card)?

sorry if the question is silly, but I found no helpful references so far...


--
Fabio

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Paperkey 1.3

2013-01-04 Thread Werner Koch

On Fri,  4 Jan 2013 15:27, joh...@vulcan.xs4all.nl said:

 CD/DVD-ROMs are going the way of the floppy disc; flash memory is much
 more reliable than either. Future support of USB ports or memory card

FWIW: Some time ago I copied a bunch of ~25 years old 5.25 floppies to a
disk.  I had only problems with some of the very cheap or the dusted,
wet and oiled ones stored for too many years in my non-heated garage.

Nobody has experience with flash for more than a decade.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: New packet headers and gpg

On Jan 4, 2013, at 9:39 AM, Stephen Paul Weber singpol...@singpolyma.net 
wrote:

 Somebody claiming to be David Shaw wrote:
 On Jan 3, 2013, at 9:53 PM, Stephen Paul Weber singpol...@singpolyma.net 
 wrote:
 tell gpg or gpg2 to produce new packet length headers for output?  
 
 No.  GPG automatically uses the old packet headers for those packets that 
 can be described that way
 
 Hmm, ok.  I was hoping that with all the advanced mode, you probably don't 
 care about this features, there would be one for this.

You could patch the code (look in build-packet.c) fairly easily if you need 
this.  Out of curiosity, why do you want to use only new packet headers?

David


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Paperkey 1.3

2013-01-04 Thread Thomas Harning Jr.

You may want to check out my blog post about key backup[1]. In it I
mention two bar-code style backup solutions:
* PaperBack [2]
* Twibright Optar [3]

I also investigated QR codes and other 2D bar codes.. however they did
not seem to scale well to large amounts of data...

I found that PaperBack, while being a Win32 app (runs fine in Wine)
works beautifully for storing quite a bit of data with redundancy and
handling for user-level printers. Quoting the page If you have a good
laser printer with the 600 dpi resolution, you can save up to 500,000
bytes of uncompressed data on the single A4/Letter sheet. ... quite a
bit to store your entire secret keyring ... though you could use
paperkey + this to permit bumping up redundancy / dot-size quite a
bit.

Twibright Optar has quite a bit of promise, but requires quite a bit
of pre-processing and noise removal (not to mention source-code edit
to change dot-size to work nicely with non-super printers).

1: http://blog.eharning.us/2011/04/key-backup-for-paranoid.html
2: http://ollydbg.de/Paperbak/
3: http://ronja.twibright.com/optar/

On Fri, Jan 4, 2013 at 4:01 AM, Branko Majic bra...@majic.rs wrote:
On Thu, 3 Jan 2013 23:42:07 -0500
David Shaw ds...@jabberwocky.com wrote:

Paperkey 1.3 is released. This adds ECC key support (both ECDH and
ECDSA) as well as a few more minor tweaks.

Source and Win32 binaries are available at:
http://www.jabberwocky.com/software/paperkey/

Curious piece of software. Certainly not something that comes to mind
right away for making backups.

I wonder if you could back-up even more by using 2D bar code for an
output?

Best regards

--
Branko Majic
Jabber: bra...@majic.rs
Please use only Free formats when sending attachments to me.

Бранко Мајић
Џабер: bra...@majic.rs
Молим вас да додатке шаљете искључиво у слободним форматима.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

--
Thomas Harning Jr. (http://about.me/harningt)

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: New packet headers and gpg


Somebody claiming to be David Shaw wrote:

On Jan 4, 2013, at 9:39 AM, Stephen Paul Weber singpol...@singpolyma.net 
wrote:

Somebody claiming to be David Shaw wrote:

On Jan 3, 2013, at 9:53 PM, Stephen Paul Weber singpol...@singpolyma.net 
wrote:

tell gpg or gpg2 to produce new packet length headers for output?

No.
I was hoping that with all the advanced mode, you probably don't care 
about this features, there would be one for this.


You could patch the code (look in build-packet.c) fairly easily if you need 
this.  Out of curiosity, why do you want to use only new packet headers?


I might do that if I get further along.  I want to be able to have partial 
OpenPGP implementations that only bother with new-style headers.  Such 
implementations' ouput can be read by gpg, but there's currently no way to 
convince gpg to talk to them :)


My own implementations currently do support both kinds of headers, so it's 
not a pressing need.


--
Stephen Paul Weber, @singpolyma
See http://singpolyma.net for how I prefer to be contacted
edition right joseph


signature.asc
Description: Digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Paperkey 1.3

On Jan 4, 2013, at 4:01 AM, Branko Majic bra...@majic.rs wrote:

 On Thu, 3 Jan 2013 23:42:07 -0500
 David Shaw ds...@jabberwocky.com wrote:
 
 Paperkey 1.3 is released.  This adds ECC key support (both ECDH and
 ECDSA) as well as a few more minor tweaks.
 
 Source and Win32 binaries are available at:
  http://www.jabberwocky.com/software/paperkey/
 
 Curious piece of software. Certainly not something that comes to mind
 right away for making backups.
 
 I wonder if you could back-up even more by using 2D bar code for an
 output?

Sure, paperkey supports piping the output into whatever code generator you like:

  gpg --export-secret-key mykey | paperkey --output-format raw | 
your-bar-code-generator

However, 2D bar codes have some of the problems that paperkey is intended to 
address.  You need a 'thing' (a process, a device, etc) to read them, and part 
of the point of paperkey is that it's supposed to be the backup of last resort, 
and thus readable by a human without any special hardware involved.

You could also back up your whole key via a 2D bar code (without using paperkey 
at all) but then you're backing up a lot of redundant data, giving you a larger 
image.  Of course, this may not be a big deal if the intent is to scan it back 
in again rather than type it back in again.

David


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

paperkey // recommended OCR font ?

2013-01-04 Thread vedaal

My scanner is broken (lamp problem) and the multifunction printer hasn't 
arrived yet ;-(  so I can't test this myself.


Has anyone tested Paperkey by scanning it in, having the OCR recognize it 
without error, and then successfully import it into a keyring ?

If so, what is the recommended font and size to be used for accurate OCR ?

OCR-A, OCR-B,  Ordinary Courier 10,  other ?

(I know that the purpose of Paperkey is to be able to type it in by hand, if 
all else fails ;-)   
but if OCR works, it would make things much easier ... )

TIA

vedaal


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Paperkey 1.3

2013-01-04 Thread Klaus Neumann

On 01/04/2013 06:27 AM, Johan Wevers wrote:
 On 04-01-2013 5:42, David Shaw wrote:
 
 Paperkey 1.3 is released.
 
 You might want to update the website, it reads a bit outdated.
 CD/DVD-ROMs are going the way of the floppy disc; flash memory is much
 more reliable than either. Future support of USB ports or memory card
 readers seems the biggest concern for me.
 
Support for USB ports or card readers will not disappear over night.
Whenever the next better medium becomes common, you simply transfer your
back-ups. No reason to be concerned, IMHO.

-- 
Best regards,
Klaus
--
PGP/GPG public keys at http://pgp.mit.edu
_
“Political language… is designed to make lies sound truthful and murder
respectable.”
George Orwell

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Paperkey 1.3

On Jan 4, 2013, at 9:27 AM, Johan Wevers joh...@vulcan.xs4all.nl wrote:

 On 04-01-2013 5:42, David Shaw wrote:
 
 Paperkey 1.3 is released.
 
 You might want to update the website, it reads a bit outdated.
 CD/DVD-ROMs are going the way of the floppy disc; flash memory is much
 more reliable than either. Future support of USB ports or memory card
 readers seems the biggest concern for me.

That's a very good point.  Do you know of any studies on the projected life of 
flash when used as backup?  I've read anecdotal numbers as low as 5 years, and 
marketing claims are always huge (100 years!), but most of what I see is about 
the lifespan is when the flash is actively used (so running out of read/write 
cycles), rather than the on-the-shelf lifespan of already written data.

The few numbers I've seen at manufacturers websites about retention 
specifically, suggest it's around 10 years (depending on how well the flash is 
stored - heat makes it die quicker, etc).

David


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gnupg not working with RHEL 4

Thank you very much, David.

Our other server is having 1.4.5 and to be consistent want to go from 1.2.6
to 1.4.5.

Can I go ahead and update gnupg from 1.2.6 to 1.4.5 on Red Hat Enterprise
Linux AS release 4 (Nahant Update 5)?  Is 1.4.5 compatible with this Linux
version?  I did not find any information regarding this compatibility.

Thank you,

Anil.

On Fri, Jan 4, 2013 at 5:54 AM, David Shaw ds...@jabberwocky.com wrote:

 On Jan 3, 2013, at 2:37 PM, Anilkumar Padmaraju 
 apadmar...@prounlimited.com wrote:

  Hi,
 
  This is an important issue for me.  I would really appreciate, if any
 one can help.
 
  Server 1:
  I have a server with Red Hat Enterprise Linux AS release 4 (Nahant
 Update 5) and having gnupg version 1.2.6.
 
 
  When I am trying to import a key, I am getting below problem and the key
 is not getting imported.  The key is 2048 bits.
 
 
 
  # gpg --import /key.asc
  gpg: DSA requires the use of a 160 bit hash algorithm

 This means that you are trying to import a key with a version of GnuPG
 that is too old to understand it.  That key uses a feature (called DSA2)
 that didn't exist in version 1.2.6 of GnuPG.

  Unfortunately, I cannot upgrade Linux on Server 1.  What I have to do to
 solve the problem with gpg import on Server 1?

 While you don't have to upgrade Linux on server 1, you do need to at least
 upgrade GnuPG.

 Go to http://www.gnupg.org/download/ and grab the latest 1.4 version of
 GnuPG (at the moment, it's 1.4.13).  That is the easiest replacement for
 1.2.6, and will handle that DSA2 key just fine.

 David




-- 
Anilkumar Padmaraju | Sr. Linux System Administrator
*PRO Unlimited, Inc.*
1350 Old Bayshore Highway, Suite 350, Burlingame, CA 94010
(o) 650-373-2484 | (m) 408-835-7599 | (e) apadmar...@prounlimited.com
www.prounlimited.com
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Paperkey 1.3

2013-01-04 Thread I.V. Frost


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
 
Am I the only having trouble both the key for this message and the one
with the binaries? My installation tells me it is not Key ID:
0x99242560 but key 0xA1BC4FA4 which is not found on any server that I use.

David Shaw made the following observation on 1/3/2013 10:42 PM:

 Hi folks,

 Paperkey 1.3 is released. This adds ECC key support (both ECDH and
 ECDSA) as well as a few more minor tweaks.

 Source and Win32 binaries are available at:
 http://www.jabberwocky.com/software/paperkey/

-BEGIN PGP SIGNATURE-
Comment: what is essential is invisible to the eye
Comment: - Antoine de Saint Exupery
 
iEYEAREIAAYFAlDm96wACgkQsMrrDTRrXem+cQCgpf9rv9Zj7KHr9CMezbN0YjV6
f/gAn174BhbDynOMYspBeKFztlK//xd/
=ZjMc
-END PGP SIGNATURE-
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Paperkey 1.3

On Jan 4, 2013, at 12:16 PM, I.V. Frost ivfrost2-m...@yahoo.com wrote:

 
 -BEGIN PGP SIGNED MESSAGE- 
 Hash: SHA256 
  
 Am I the only having trouble both the key for this message and the one with 
 the binaries? My installation tells me it is not Key ID: 0x99242560 but key 
 0xA1BC4FA4 which is not found on any server that I use.

0xA1BC4FA4 is a subkey on 0x99242560.  It should be available on the keyserver 
network.

David


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: New packet headers and gpg

2013-01-04 Thread Werner Koch

On Fri,  4 Jan 2013 17:34, singpol...@singpolyma.net said:

 headers.  Such implementations' ouput can be read by gpg, but there's
 currently no way to convince gpg to talk to them :)

I just checked the RFC and it says:

   If interoperability [with PGP 2] is not an issue, the new packet
   format is RECOMMENDED.

Thus there is nothing in the standard which would speak against using
the new headers.  This can either be done using a new option or by using
for example the existing compliance option --rfc4880.

I don't assume that PGP 2 is still in use.  With the recent addition of
IDEA even decryption of old data can now be done with vanilla GPG.
Shall we give this a test by using one of the compliance options and
make the new headers the default in one or two years?  Less code is
always better.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gnupg not working with RHEL 4

2013-01-04 Thread Werner Koch

On Fri,  4 Jan 2013 18:34, apadmar...@prounlimited.com said:

 Can I go ahead and update gnupg from 1.2.6 to 1.4.5 on Red Hat Enterprise
 Linux AS release 4 (Nahant Update 5)?  Is 1.4.5 compatible with this Linux
 version?  I did not find any information regarding this compatibility.

GnuPG is compatible with all Unix style operating systems inclduing
Linux and RHEL [1].  You just need to build it yourself.  And please use
the latest versions (1.4.13).


Shalom-Salam,

   Werner



[1] And with VMS and Windows.  However, you better get a prebuild
version for these OSes.

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gnupg not working with RHEL 4

Thank you, David and Werner.

This is first time I am upgrading gnupg.  Are there any steps or document
to download source, compile, and upgrade?  I did some search in google, but
could not find detailed one.

After upgrading do I have to do gpg --gen-key or it is only needed when we
install for the first time?

Thank you,

Anil.

On Fri, Jan 4, 2013 at 12:45 PM, Werner Koch w...@gnupg.org wrote:

 On Fri,  4 Jan 2013 18:34, apadmar...@prounlimited.com said:

  Can I go ahead and update gnupg from 1.2.6 to 1.4.5 on Red Hat
 Enterprise
  Linux AS release 4 (Nahant Update 5)?  Is 1.4.5 compatible with this
 Linux
  version?  I did not find any information regarding this compatibility.

 GnuPG is compatible with all Unix style operating systems inclduing
 Linux and RHEL [1].  You just need to build it yourself.  And please use
 the latest versions (1.4.13).


 Shalom-Salam,

Werner



 [1] And with VMS and Windows.  However, you better get a prebuild
 version for these OSes.

 --
 Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




-- 
Anilkumar Padmaraju | Sr. Linux System Administrator
*PRO Unlimited, Inc.*
1350 Old Bayshore Highway, Suite 350, Burlingame, CA 94010
(o) 650-373-2484 | (m) 408-835-7599 | (e) apadmar...@prounlimited.com
www.prounlimited.com
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gnupg not working with RHEL 4

On Jan 4, 2013, at 12:34 PM, Anilkumar Padmaraju apadmar...@prounlimited.com 
wrote:

 Thank you very much, David.
 
 Our other server is having 1.4.5 and to be consistent want to go from 1.2.6 
 to 1.4.5.
 
 Can I go ahead and update gnupg from 1.2.6 to 1.4.5 on Red Hat Enterprise 
 Linux AS release 4 (Nahant Update 5)?  Is 1.4.5 compatible with this Linux 
 version?  I did not find any information regarding this compatibility.

You could upgrade to 1.4.5, but this is not recommended.  There have been a 
number of bug fixes between 1.4.5 and 1.4.13, and using the most recent version 
is usually the best course of action.

David


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

simple-sk-checksum


The manpage for gpg sez:

Secret  keys  are  integrity protected by using a SHA-1 checksum. This 
method is part of the upcoming enhanced OpenPGP specification  but GnuPG 
already uses it as a countermeasure against certain attacks.  Old  
applications  don't  under‐ stand this new format, so this
option may be used to switch back to the old behaviour. Using this option 
bears a security risk.


Does anyone know what the actual security risk is?  Using a weaker checksum 
obviously makes it easier to forge data, but in this case the data being 
forged is just the secret parts of a secret key.  What are the attack 
vectors there?


--
Stephen Paul Weber, @singpolyma
See http://singpolyma.net for how I prefer to be contacted
edition right joseph


signature.asc
Description: Digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: simple-sk-checksum

On Jan 4, 2013, at 4:37 PM, Stephen Paul Weber singpol...@singpolyma.net 
wrote:

 The manpage for gpg sez:
 
 Secret  keys  are  integrity protected by using a SHA-1 checksum. This 
 method is part of the upcoming enhanced OpenPGP specification  but GnuPG 
 already uses it as a countermeasure against certain attacks.  Old  
 applications  don't  under‐ stand this new format, so this
 option may be used to switch back to the old behaviour. Using this option 
 bears a security risk.
 
 Does anyone know what the actual security risk is?  Using a weaker checksum 
 obviously makes it easier to forge data, but in this case the data being 
 forged is just the secret parts of a secret key.  What are the attack vectors 
 there?

http://eprint.iacr.org/2002/076.pdf

David


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: simple-sk-checksum


Somebody claiming to be David Shaw wrote:

On Jan 4, 2013, at 4:37 PM, Stephen Paul Weber singpol...@singpolyma.net 
wrote:
Does anyone know what the actual security risk is?  Using a weaker 
checksum obviously makes it easier to forge data, but in this case the 
data being forged is just the secret parts of a secret key.  What are the 
attack vectors there?


http://eprint.iacr.org/2002/076.pdf


Thanks!  That paper implies that both the public *and* private elements must 
be integrity protected to defeat the attack (depending on algorithm), 
however it seems that only the private elements are protected by the SHA1 
under RFC4880.  Was the need to protect the public elements discovered to be 
unnecessary?


--
Stephen Paul Weber, @singpolyma
See http://singpolyma.net for how I prefer to be contacted
edition right joseph


signature.asc
Description: Digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gnupg not working with RHEL 4

I am using http://www.faqs.org/docs/securing/chap19sec152.html to do the
upgrade.  Please let me know, if I have to do any additional steps.

Since I am already using gpg on this server, do I have to do gpg
--gen-key after the upgrade?

Thank you,

Anil.

On Fri, Jan 4, 2013 at 1:09 PM, Anilkumar Padmaraju 
apadmar...@prounlimited.com wrote:

 Thank you, David and Werner.

 This is first time I am upgrading gnupg.  Are there any steps or document
 to download source, compile, and upgrade?  I did some search in google, but
 could not find detailed one.

 After upgrading do I have to do gpg --gen-key or it is only needed when we
 install for the first time?

 Thank you,

 Anil.

 On Fri, Jan 4, 2013 at 12:45 PM, Werner Koch w...@gnupg.org wrote:

 On Fri,  4 Jan 2013 18:34, apadmar...@prounlimited.com said:

  Can I go ahead and update gnupg from 1.2.6 to 1.4.5 on Red Hat
 Enterprise
  Linux AS release 4 (Nahant Update 5)?  Is 1.4.5 compatible with this
 Linux
  version?  I did not find any information regarding this compatibility.

 GnuPG is compatible with all Unix style operating systems inclduing
 Linux and RHEL [1].  You just need to build it yourself.  And please use
 the latest versions (1.4.13).


 Shalom-Salam,

Werner



 [1] And with VMS and Windows.  However, you better get a prebuild
 version for these OSes.

 --
 Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: paperkey // recommended OCR font ?