Expected behaviour setting TOFU policy

[Konstantin Ryabitsev]

Hi, all:

I am not sure if what I am experiencing is expected TOFU behaviour or 
not, and I'm hoping someone can help me figure that out. I'll show on a 
live example (skipping irrelevant output).

This is gnupg-2.2.4 on Fedora 26.

 [user@disp1132 ~]$ export GNUPGHOME=$(mktemp -d)
 [user@disp1132 ~]$ gpg2 --locate-keys gre...@kernel.org
 [user@disp1132 ~]$ curl -O 
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.3
 [user@disp1132 ~]$ curl -O 
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.3.sign
 [user@disp1132 ~]$ gpg2 --verify ChangeLog-4.15.3.sign
 gpg: assuming signed data in 'ChangeLog-4.15.3'
 gpg: Signature made Mon Feb 12 01:07:40 2018 EST
 gpg:using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
 gpg: Good signature from "Greg Kroah-Hartman " [unknown]
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:  There is no indication that the signature belongs to the owner.
 Primary key fingerprint: 647F 2865 4894 E3BD 4571  99BE 38DB BDC8 6092 693E

Since there is no exiting TOFU db, that's expected output, right? The trust
model guesser decides we're using the PGP model. So, let's create tofu.db by
setting tofu-policy to good on Greg's key:

 [user@disp1132 ~]$ gpg2 --tofu-policy good 
647F28654894E3BD457199BE38DBBDC86092693E
 gpg: Setting TOFU trust policy for new binding > to good.
 [user@disp1132 ~]$ gpg2 --check-trustdb
 gpg: no ultimately trusted keys found

Here is where I get unexpected result rerunning the --verify command, 
which I expected to return a different result:


 [user@disp1132 ~]$ gpg2 --verify ChangeLog-4.15.3.sign 
 gpg: assuming signed data in 'ChangeLog-4.15.3'

 gpg: Signature made Mon Feb 12 01:07:40 2018 EST
 gpg:using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
 gpg: Good signature from "Greg Kroah-Hartman " [unknown]
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:  There is no indication that the signature belongs to the owner.
 Primary key fingerprint: 647F 2865 4894 E3BD 4571  99BE 38DB BDC8 6092 693E

Same as before. Since I have tofu.db now, the trust-model should have
switched to tofu+pgp, no?

 [user@disp1132 ~]$ ls $GNUPGHOME
 crls.d  private-keys-v1.d  pubring.kbx  pubring.kbx~  tofu.db  trustdb.gpg

At least, if I set trust-model on the command line, I get the TOFU output I
expect:

 [user@disp1132 ~]$ gpg2 --trust-model tofu+pgp --verify ChangeLog-4.15.3.sign 
 gpg: assuming signed data in 'ChangeLog-4.15.3'

 gpg: Signature made Mon Feb 12 01:07:40 2018 EST
 gpg:using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
 gpg: checking the trustdb
 gpg: no ultimately trusted keys found
 gpg: Good signature from "Greg Kroah-Hartman " [full]
 gpg: gre...@kernel.org: Verified 1 signature in the past 0 seconds.  Encrypted
   0 messages.

But wait, now I can omit --trust-model from the command line and I get the same
TOFU-based result, implying that trust-model tofu+pgp now sticks, even though
I've modified no config files:

 [user@disp1132 ~]$ gpg2 --verify ChangeLog-4.15.3.sign 
 gpg: assuming signed data in 'ChangeLog-4.15.3'

 gpg: Signature made Mon Feb 12 01:07:40 2018 EST
 gpg:using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
 gpg: Good signature from "Greg Kroah-Hartman " [full]
 gpg: gre...@kernel.org: Verified 1 signature in the past 58 seconds.  Encrypted
   0 messages.

I'm guessing this is not exactly the expected behaviour?

Best,
Konstantin


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Configuration for offline usage - best practice tips?

[Juergen Christoffel]

Hi folks,

I'm looking for best practice tips for offline usage of GnuPG. What Do I
mean by offline usage? I plan to encrypt backups or files on my machines
with GnuPG and generate weekly or monthly keys for that purpose so backups
for example can run unattended and simply encrypt with today's public key.
As the backups need to be compatible with my software only, I could
possibly choose different configuration options than for my "online" usage.

While I can find a number of configuration hints for compatibility between
implementations and standards or strong encryption in general, I expect
that a configuration for offline usage might be different from one for
general purpose encrypted communication.

Regards, JC

--
 Doctorow's Law: Anytime someone puts a lock on something you own, against
 your wishes, and doesn't give you the key, they're not doing it for your
 benefit.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: How can we utilize latest GPG from RPM repository?

[Lightner, Jeffrey]

CentOS isn't a vendor.   It is a project that does binary compiles of RHEL 
sources.

RedHat is the vendor that creates RHEL and its source is used to make CentOS.   
RHEL is supported by RedHat if you have a subscription.  CentOS has no direct 
support though RedHat hosts the project nowadays.

RHEL (and therefore CentOS) major versions such as 7 start with base upstream 
versions of packages.   RedHat modifies that base upstream package to backport 
bug and security fixes from later upstream packages if relevant to the original 
base.   They then add extended versioning to the RPM name.   

For example on a test system I just looked at  "yum list gnupg2" shows:
Installed Packages
gnupg2.x86_64  2.0.22-3.el7   @anaconda/7.0
Available Packages
gnupg2.x86_64  2.0.22-4.el7   rhel-7-server-rpms

Notice the base upstream for both the installed and the available is 2.0.22 but 
the extended versioning is different (3.el7 vs 4.el7).   You'd have to examine 
the errata to see what is different about the latter.

In general unless there is a specific feature in upstream you need that is not 
in the RHEL/CentOS provided version you should use the RHEL/CentOS version on 
your RHEL/CentOS system.   

If you really want the latest of everything you should use Fedora instead of 
CentOS.   Just be aware that Fedora is bleeding edge and releases a new version 
twice a year.   Generally that means you HAVE to do a full upgrade at least 
once a year as they won't offer updated packages for more than two major 
versions at a time.   For a Production environment that pace of upgrade is 
usually not desirable which is why people use RHEL/CentOS instead.

-Original Message-
From: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of Daniel 
Kahn Gillmor
Sent: Wednesday, February 14, 2018 5:31 PM
To: helices; gnupg-users@gnupg.org
Subject: Re: How can we utilize latest GPG from RPM repository?

On Wed 2018-02-14 14:20:10 -0600, helices wrote:
> CentOS 7 uses gnupg2 v2.0.22. EPEL doesn't have anything newer.
>
> We want to move to v2.2.x, and stay current, but we don't want to 
> download source and compile for dozens of systems.
>
> We want all users to be using the same version all of the time.

This sounds like a problem for your operating system and/or package manager.  
GnuPG has a chain of build dependencies which often makes it difficult to just 
import directly from a single RPM.

If you were running a more recent operating system, you'd likely get something 
from the GnuPG "modern" branch as well anyway.

Perhaps you want to ask your operating system vendor what their recommendation 
is for "backports" of specific packages?

  --dkg

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Huawei manual about Gnupg

[Robert J. Hansen]

> Could you please take a look at it and make some suggestions to
> Huawei to improve it. Thank you!

The documentation we create is free for the world to use for any
purpose.  If Huawei wants to use it, they can, so long as they respect
the license.  But so long as Huawei is selling proprietary stuff, why
should we volunteer our time and labor to help them sell more
proprietary stuff?

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: How can we utilize latest GPG from RPM repository?

[edgar]

On Feb 15, 2018 9:06 AM, "Lightner, Jeffrey"  wrote:
>
> What you’re missing is WHY you want a later upstream version.   Is there a 
> specific feature you’re needing that isn’t in the one that comes with your 
> distro?
>
>  
>
> You can’t have it both ways:  You want to stay on a stable distro/version 
> which is the raison d’etre for RHEL/CentOS but want to have the latest 
> package.    As I noted in my prior post you can get the latest of everything 
> by abandoning CentOS in favor of Fedora at the expense of stability.    Your 
> choice of distro is based on many factors.   Some people even build their own 
> packages all from scratch because they don’t like any of the distros.  
>

Just to add a little extra. Say you have 12 machines. Use one as your build box 
and just build and install to a fake root tar it up and untar it on the rest of 
the machines. Make a few simple scripts to keep track of what files are 
associated with each "package" so you can easily delete them later. Most 
distros packaging systems are too difficult in my humble opinion. Plus you will 
get the software you want built to your needs.

>  
>
> Not all packages have people that build rpm’s for them.   Many FOSS projects 
> seem to prefer building for Debian or something else and MAY package it for 
> whatever distro they like but some don’t package it for anything and expect 
> you to do the legwork yourself.
>
>  
>
> In general if it isn’t in RHEL/CentOS I look for it in the EPEL.  If it isn’t 
> there I almost always download the source then configure/compile it.   This 
> isn’t really a difficult process for most packages.  
>
>  
>
> There ARE other locations that MAY provide a package you want.   Have you 
> looked at rpmfind?  rpmbone?
>
>  
>
> And of course YOU could create the rpm and share it on EPEL yourself so 
> others will have it.
>
>  
>
>  
>
> From: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of helices
> Sent: Thursday, February 15, 2018 9:10 AM
> To: gnupg-users@gnupg.org
> Subject: Re: How can we utilize latest GPG from RPM repository?
>
>  
>
> Yes, I know that.
>
> In general, that scheme works well.
>
> However, in another case, rsyslog, a certain function has been broken for 
> many years, and the only fix is to track the developers' most recent 
> versions. In that case, the developers maintain their own repository: 
> http://rpms.adiscon.com ; which is easy to incorporate into: 
> /etc/yum.repos.d/rsyslog.repo
>
> We are hoping something similar is available for gnupg. I have not found 
> that; which is the reason for my posts here.
>
> What am I missing?
>
> Please, advise. Thank you.
>
>  
>
>  
>
> On Thu, Feb 15, 2018 at 7:56 AM, Lightner, Jeffrey  
> wrote:
>
> CentOS isn't a vendor.   It is a project that does binary compiles of RHEL 
> sources.
>
> RedHat is the vendor that creates RHEL and its source is used to make CentOS. 
>   RHEL is supported by RedHat if you have a subscription.  CentOS has no 
> direct support though RedHat hosts the project nowadays.
>
> RHEL (and therefore CentOS) major versions such as 7 start with base upstream 
> versions of packages.   RedHat modifies that base upstream package to 
> backport bug and security fixes from later upstream packages if relevant to 
> the original base.   They then add extended versioning to the RPM name.
>
> For example on a test system I just looked at  "yum list gnupg2" shows:
> Installed Packages
> gnupg2.x86_64                  2.0.22-3.el7                   @anaconda/7.0
> Available Packages
> gnupg2.x86_64                  2.0.22-4.el7                   
> rhel-7-server-rpms
>
> Notice the base upstream for both the installed and the available is 2.0.22 
> but the extended versioning is different (3.el7 vs 4.el7).   You'd have to 
> examine the errata to see what is different about the latter.
>
> In general unless there is a specific feature in upstream you need that is 
> not in the RHEL/CentOS provided version you should use the RHEL/CentOS 
> version on your RHEL/CentOS system.
>
> If you really want the latest of everything you should use Fedora instead of 
> CentOS.   Just be aware that Fedora is bleeding edge and releases a new 
> version twice a year.   Generally that means you HAVE to do a full upgrade at 
> least once a year as they won't offer updated packages for more than two 
> major versions at a time.   For a Production environment that pace of upgrade 
> is usually not desirable which is why people use RHEL/CentOS instead.
>
>
> -Original Message-
> From: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of Daniel 
> Kahn Gillmor
> Sent: Wednesday, February 14, 2018 5:31 PM
> To: helices; gnupg-users@gnupg.org
> Subject: Re: How can we utilize latest GPG from RPM repository?
>
> On Wed 2018-02-14 14:20:10 -0600, helices wrote:
> > CentOS 7 uses gnupg2 v2.0.22. EPEL doesn't have anything newer.
> >
> > We want to move to 

Re: How can we utilize latest GPG from RPM repository?

[helices]

Jeffrey, please, your ad hominem accusations are not helpful.

You said, "What you’re missing is WHY you want a later upstream version."

How do you know that I'm missing that? That "why" is not at all relevant to
my question.

You said, "You can’t have it both ways:  You want to stay on a stable
distro/version which is the raison d’etre for RHEL/CentOS but want to have
the latest package."

As you know, CentOS contains thousands of files, and I have given one
example of a need to deviate from the default distribution for rsyslog.
Suffice it to say, we want to do the same with gnupg.

If there is no gnupg solution similar to our rsyslog solution, then we will
do something else.

Simply because I have not found a gnupg solution similar to our rsyslog
solution, does NOT mean that such a solution does not exist.

Hence, my original post here yesterday.

Actually answering my subject question would be helpful. You have not done
that.

Thank you.


On Thu, Feb 15, 2018 at 9:06 AM, Lightner, Jeffrey  wrote:

> What you’re missing is WHY you want a later upstream version.   Is there a
> specific feature you’re needing that isn’t in the one that comes with your
> distro?
>
>
>
> You can’t have it both ways:  You want to stay on a stable distro/version
> which is the raison d’etre for RHEL/CentOS but want to have the latest
> package.As I noted in my prior post you can get the latest of
> everything by abandoning CentOS in favor of Fedora at the expense of
> stability.Your choice of distro is based on many factors.   Some people
> even build their own packages all from scratch because they don’t like any
> of the distros.
>
>
>
> Not all packages have people that build rpm’s for them.   Many FOSS
> projects seem to prefer building for Debian or something else and MAY
> package it for whatever distro they like but some don’t package it for
> anything and expect you to do the legwork yourself.
>
>
>
> In general if it isn’t in RHEL/CentOS I look for it in the EPEL.  If it
> isn’t there I almost always download the source then configure/compile
> it.   This isn’t really a difficult process for most packages.
>
>
>
> There ARE other locations that MAY provide a package you want.   Have you
> looked at rpmfind?  rpmbone?
>
>
>
> And of course YOU could create the rpm and share it on EPEL yourself so
> others will have it.
>
>
>
>
>
> *From:* Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] *On Behalf Of *
> helices
> *Sent:* Thursday, February 15, 2018 9:10 AM
> *To:* gnupg-users@gnupg.org
>
> *Subject:* Re: How can we utilize latest GPG from RPM repository?
>
>
>
> Yes, I know that.
>
> In general, that scheme works well.
>
> However, in another case, rsyslog, a certain function has been broken for
> many years, and the only fix is to track the developers' most recent
> versions. In that case, the developers maintain their own repository:
> http://rpms.adiscon.com ; which is easy to incorporate into:
> /etc/yum.repos.d/rsyslog.repo
>
> We are hoping something similar is available for gnupg. I have not found
> that; which is the reason for my posts here.
>
> What am I missing?
>
> Please, advise. Thank you.
>
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: How can we utilize latest GPG from RPM repository?

[Lightner, Jeffrey]

What you’re missing is WHY you want a later upstream version.   Is there a 
specific feature you’re needing that isn’t in the one that comes with your 
distro?

You can’t have it both ways:  You want to stay on a stable distro/version which 
is the raison d’etre for RHEL/CentOS but want to have the latest package.As 
I noted in my prior post you can get the latest of everything by abandoning 
CentOS in favor of Fedora at the expense of stability.Your choice of distro 
is based on many factors.   Some people even build their own packages all from 
scratch because they don’t like any of the distros.

Not all packages have people that build rpm’s for them.   Many FOSS projects 
seem to prefer building for Debian or something else and MAY package it for 
whatever distro they like but some don’t package it for anything and expect you 
to do the legwork yourself.

In general if it isn’t in RHEL/CentOS I look for it in the EPEL.  If it isn’t 
there I almost always download the source then configure/compile it.   This 
isn’t really a difficult process for most packages.

There ARE other locations that MAY provide a package you want.   Have you 
looked at rpmfind?  rpmbone?

And of course YOU could create the rpm and share it on EPEL yourself so others 
will have it.


From: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of helices
Sent: Thursday, February 15, 2018 9:10 AM
To: gnupg-users@gnupg.org
Subject: Re: How can we utilize latest GPG from RPM repository?

Yes, I know that.
In general, that scheme works well.
However, in another case, rsyslog, a certain function has been broken for many 
years, and the only fix is to track the developers' most recent versions. In 
that case, the developers maintain their own repository: 
http://rpms.adiscon.com ; which is easy to incorporate into: 
/etc/yum.repos.d/rsyslog.repo
We are hoping something similar is available for gnupg. I have not found that; 
which is the reason for my posts here.
What am I missing?
Please, advise. Thank you.


On Thu, Feb 15, 2018 at 7:56 AM, Lightner, Jeffrey 
> wrote:
CentOS isn't a vendor.   It is a project that does binary compiles of RHEL 
sources.

RedHat is the vendor that creates RHEL and its source is used to make CentOS.   
RHEL is supported by RedHat if you have a subscription.  CentOS has no direct 
support though RedHat hosts the project nowadays.

RHEL (and therefore CentOS) major versions such as 7 start with base upstream 
versions of packages.   RedHat modifies that base upstream package to backport 
bug and security fixes from later upstream packages if relevant to the original 
base.   They then add extended versioning to the RPM name.

For example on a test system I just looked at  "yum list gnupg2" shows:
Installed Packages
gnupg2.x86_64  2.0.22-3.el7   @anaconda/7.0
Available Packages
gnupg2.x86_64  2.0.22-4.el7   rhel-7-server-rpms

Notice the base upstream for both the installed and the available is 2.0.22 but 
the extended versioning is different (3.el7 vs 4.el7).   You'd have to examine 
the errata to see what is different about the latter.

In general unless there is a specific feature in upstream you need that is not 
in the RHEL/CentOS provided version you should use the RHEL/CentOS version on 
your RHEL/CentOS system.

If you really want the latest of everything you should use Fedora instead of 
CentOS.   Just be aware that Fedora is bleeding edge and releases a new version 
twice a year.   Generally that means you HAVE to do a full upgrade at least 
once a year as they won't offer updated packages for more than two major 
versions at a time.   For a Production environment that pace of upgrade is 
usually not desirable which is why people use RHEL/CentOS instead.

-Original Message-
From: Gnupg-users 
[mailto:gnupg-users-boun...@gnupg.org] On 
Behalf Of Daniel Kahn Gillmor
Sent: Wednesday, February 14, 2018 5:31 PM
To: helices; gnupg-users@gnupg.org
Subject: Re: How can we utilize latest GPG from RPM repository?

On Wed 2018-02-14 14:20:10 -0600, helices wrote:
> CentOS 7 uses gnupg2 v2.0.22. EPEL doesn't have anything newer.
>
> We want to move to v2.2.x, and stay current, but we don't want to
> download source and compile for dozens of systems.
>
> We want all users to be using the same version all of the time.

This sounds like a problem for your operating system and/or package manager.  
GnuPG has a chain of build dependencies which often makes it difficult to just 
import directly from a single RPM.

If you were running a more recent operating system, you'd likely get something 
from the GnuPG "modern" branch as well anyway.

Perhaps you want to ask your operating system vendor what their recommendation 
is for "backports" of specific packages?

  --dkg

Re: How can we utilize latest GPG from RPM repository?

[helices]

Yes, I know that.

In general, that scheme works well.

However, in another case, rsyslog, a certain function has been broken for
many years, and the only fix is to track the developers' most recent
versions. In that case, the developers maintain their own repository:
http://rpms.adiscon.com ; which is easy to incorporate into:
/etc/yum.repos.d/rsyslog.repo

We are hoping something similar is available for gnupg. I have not found
that; which is the reason for my posts here.

What am I missing?

Please, advise. Thank you.



On Thu, Feb 15, 2018 at 7:56 AM, Lightner, Jeffrey  wrote:

> CentOS isn't a vendor.   It is a project that does binary compiles of RHEL
> sources.
>
> RedHat is the vendor that creates RHEL and its source is used to make
> CentOS.   RHEL is supported by RedHat if you have a subscription.  CentOS
> has no direct support though RedHat hosts the project nowadays.
>
> RHEL (and therefore CentOS) major versions such as 7 start with base
> upstream versions of packages.   RedHat modifies that base upstream package
> to backport bug and security fixes from later upstream packages if relevant
> to the original base.   They then add extended versioning to the RPM name.
>
> For example on a test system I just looked at  "yum list gnupg2" shows:
> Installed Packages
> gnupg2.x86_64  2.0.22-3.el7   @anaconda/7.0
> Available Packages
> gnupg2.x86_64  2.0.22-4.el7
>  rhel-7-server-rpms
>
> Notice the base upstream for both the installed and the available is
> 2.0.22 but the extended versioning is different (3.el7 vs 4.el7).   You'd
> have to examine the errata to see what is different about the latter.
>
> In general unless there is a specific feature in upstream you need that is
> not in the RHEL/CentOS provided version you should use the RHEL/CentOS
> version on your RHEL/CentOS system.
>
> If you really want the latest of everything you should use Fedora instead
> of CentOS.   Just be aware that Fedora is bleeding edge and releases a new
> version twice a year.   Generally that means you HAVE to do a full upgrade
> at least once a year as they won't offer updated packages for more than two
> major versions at a time.   For a Production environment that pace of
> upgrade is usually not desirable which is why people use RHEL/CentOS
> instead.
>
> -Original Message-
> From: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of
> Daniel Kahn Gillmor
> Sent: Wednesday, February 14, 2018 5:31 PM
> To: helices; gnupg-users@gnupg.org
> Subject: Re: How can we utilize latest GPG from RPM repository?
>
> On Wed 2018-02-14 14:20:10 -0600, helices wrote:
> > CentOS 7 uses gnupg2 v2.0.22. EPEL doesn't have anything newer.
> >
> > We want to move to v2.2.x, and stay current, but we don't want to
> > download source and compile for dozens of systems.
> >
> > We want all users to be using the same version all of the time.
>
> This sounds like a problem for your operating system and/or package
> manager.  GnuPG has a chain of build dependencies which often makes it
> difficult to just import directly from a single RPM.
>
> If you were running a more recent operating system, you'd likely get
> something from the GnuPG "modern" branch as well anyway.
>
> Perhaps you want to ask your operating system vendor what their
> recommendation is for "backports" of specific packages?
>
>   --dkg
>
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How can we utilize latest GPG from RPM repository?

[Dirk Gottschalk via Gnupg-users]

Hi.
Am Mittwoch, den 14.02.2018, 14:20 -0600 schrieb helices:
> CentOS 7 uses gnupg2 v2.0.22. EPEL doesn't have anything newer.

> We want to move to v2.2.x, and stay current, but we don't want to
> download
> source and compile for dozens of systems.

> We want all users to be using the same version all of the time.

> Please, advise. Thank you.

You could try to use the packages from Fedora. Actually they distribute
Version 2.2.4 for Fedora 27. In doubt it should be possible to rebuild
the source packages for CentOS.

Regards,
Dirk

-- 
Dirk Gottschalk
Paulusstrasse 6-8
52064 Aachen
Tel.: +49 1573 1152350

signature.asc
Description: This is a digitally signed message part
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users