Re: GnuPG asks for confirmation...
On Sunday 04 June 2006 07:54, Todd Zullinger wrote: Ingo Klöcker wrote: On Saturday 03 June 2006 04:57, engage wrote: On Thursday 01 June 2006 08:59 pm, Todd Zullinger wrote: engage wrote: Why is someone sending an encrypted message to this list? It's not encrypted. It's just signed and armored. Doesn't your mail client automatically display this for you? No. I keep getting prompted for my passphrase for this message. Kmail. My KMail (1.9.x) shows the message without asking for a passhphrase. And I'm not aware of changes in this part of the code which would explain the different behavior. Strange. Ingo, are you using the gpg-agent? Sure. Okay, that might explain the different behavior. In any case, KMail isn't fully functional without gpg-agent, e.g. you can't decrypt OpenPGP/MIME messages. So using KMail without gpg-agent is not recommended. Regards, Ingo pgpDNwEvt5Vw7.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG asks for confirmation...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 engage wrote: On Thursday 01 June 2006 08:59 pm, Todd Zullinger wrote: engage wrote: Why is someone sending an encrypted message to this list? It's not encrypted. It's just signed and armored. Doesn't your mail client automatically display this for you? No. I keep getting prompted for my passphrase for this message. Kmail. Just hit enter. There isn't any encryption, but the message is armored and as others have pointed out, email software often just assumes any pgp chunk that begins with BEGIN PGP MESSAGE is encrypted and asks for a passphrase to pass on to gpg. I've used mutt with gpg-agent for years now and have grown accustomed to not having that prompt unless a passphrase was truly required. :) - -- ToddOpenPGP - KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp == Be who you are and say what you feel because those who mind don't matter and those who matter don't mind. -- Dr Seuss, Oh the Places You'll Go -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iG0EARECAC0FAkSBIvkmGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt ei5hc2MACgkQuv+09NZUB1q4mwCgmNVQcxB4nbERt8ovWRTA8ZmBmMgAoJPpYPT5 H8TSvRoU+Nks86qDnpSS =5G/L -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG asks for confirmation...
On Saturday 03 June 2006 04:57, engage wrote: On Thursday 01 June 2006 08:59 pm, Todd Zullinger wrote: engage wrote: Why is someone sending an encrypted message to this list? It's not encrypted. It's just signed and armored. Doesn't your mail client automatically display this for you? No. I keep getting prompted for my passphrase for this message. Kmail. My KMail (1.9.x) shows the message without asking for a passhphrase. And I'm not aware of changes in this part of the code which would explain the different behavior. Strange. Regards, Ingo pgpHKDujVZC8o.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re[2]: GnuPG asks for confirmation...
Hello Ingo, Saturday, June 3, 2006, 9:19:36 PM, you wrote: On Saturday 03 June 2006 04:57, engage wrote: On Thursday 01 June 2006 08:59 pm, Todd Zullinger wrote: engage wrote: Why is someone sending an encrypted message to this list? It's not encrypted. It's just signed and armored. Doesn't your mail client automatically display this for you? No. I keep getting prompted for my passphrase for this message. Kmail. My KMail (1.9.x) shows the message without asking for a passhphrase. And I'm not aware of changes in this part of the code which would explain the different behavior. Strange. I am using TheBat! and may having the same problem, except I have to try and get the signers key which I cannot so cannot read the mail(s) -- Sean ... The most incomprehensible thing about the world is that it is at all comprehensible. - Albert Einstein Strange things happen under the midnight sun when Men and Dogs go hunting for gold To get my public GPG key send me an email with the Subject of GET GPG KEY smime.p7s Description: S/MIME Cryptographic Signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG asks for confirmation...
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Hello ! Mark Brown [EMAIL PROTECTED] wrote: Why is someone sending an encrypted message to this list? It's not encrypted. It's just signed and armored. Doesn't your mail client automatically display this for you? Many mail clients will assume that any GPG message is encrypted and prompt for a passphrase prior to invoking GPG. Are you sure? Security wouldn't be compromised if passphrase is given to anything else then gpg? - -- Laurent Jumet KeyID: 0xCFAF704C -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (MingW32) iD8DBQFEgDeB9R1toM+vcEwRA/IJAJ94cYSGch26vubs+lDki6sDIDAA+gCgvMKk /8wC6zZZ6LWc5em3Ibl54EA= =iqz9 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG asks for confirmation...
* Laurent Jumet [EMAIL PROTECTED] wrote: Many mail clients will assume that any GPG message is encrypted and prompt for a passphrase prior to invoking GPG. Are you sure? Security wouldn't be compromised if passphrase is given to anything else then gpg? F.e. mutt itself asks for a passphrase and passes it on to gpg. It's a normal thing for email clients to do, as with frontends for gpg as well. In case an attacker replaces the gpg binary with a wrapper... well, security is compromised the moment when an attacker gains system access anyway. Btw, good to see GoldEd still floating around. How's fidonet? -- 2:2433/480 Sorry to the people I drove nuts back then, hehe pgpuLcMMaWO04.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG asks for confirmation...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark Brown wrote: On Thu, Jun 01, 2006 at 10:59:54PM -0400, Todd Zullinger wrote: engage wrote: Why is someone sending an encrypted message to this list? It's not encrypted. It's just signed and armored. Doesn't your mail client automatically display this for you? Many mail clients will assume that any GPG message is encrypted and prompt for a passphrase prior to invoking GPG. I guess I just take it for granted because using mutt along with gpg-agent, I don't get such a password request. I'd be curious if kmail would do the same if configured to use the gpg-agent. Without the agent, mutt prompts as well. It's just been a long long time since I wasn't using gpg-agent. :) - -- ToddOpenPGP - KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp == Nothing says, Obey me! like a bloody head on a fence post. -- Stewie Griffin -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iG0EARECAC0FAkSAg2kmGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt ei5hc2MACgkQuv+09NZUB1qhxQCggs0wv8cejnK4Q4Wjdt632zMzX2UAoJz7rb3m KbVGtmAeLGjkE//lkFuf =gim2 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG asks for confirmation...
On Thursday 01 June 2006 08:59 pm, Todd Zullinger wrote: engage wrote: Why is someone sending an encrypted message to this list? It's not encrypted. It's just signed and armored. Doesn't your mail client automatically display this for you? No. I keep getting prompted for my passphrase for this message. Kmail. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG asks for confirmation...
-BEGIN PGP MESSAGE- Version: GnuPG v1.4.3 (MingW32) owNCWmg2MUFZJlNZvE3tWgAByP/3+nYhAmBn//X//92YP+f/4RBBRo3MIoeA0kAA i0oQQAJHZ3cZxcImkmFPGqaep5Q9TQ2piZPUNPUeoAGhoZAGQB6hoHqGQNPRP1Qi aAphkp5DTJMmQaNAADRoABqp+TRGpiNI9INAGgaBpoAAAGgAAAan pRlTyNED0jIzUAaBoBoDQ0AGQGgaBAyIhXffQNNUjwqpa4pkAhIYG2XF8W/L GByrhAvGpjSqlyljBOUQRfbvDnBMCMzigBFAI/UYyU596881p0VClRgo6Sy8hgrc jB6xYRQLGIpyUVtN2RCAkYz8ZxtUczY8NaNjdecn8cUwyghQb8E+lUdIWaxKxO40 Yogs8QEJRECSXwz3MrKhijkQkOVCWjwgAZ1fGYtkcwEpPvkfSE2CFRKsplWi3tWa BEC1I3nj05QlOZRTtMHbzHjYjqiNTTmZtstGAjY/WIGOv7DlfG+oRJEMcUCuZYlR SmTRMMkXBzWvCYSV3qwPx3RIwAKkptGXDZeSAHRBZEmepYjrly3bwSF3ISzUIu5S tWZZ1qFGQHmgSSpAH5x91h2al+BSEkNUXqYtKie98thwPxIAq3Dah3sEkxmyiIiI TCKpNYp0LVtSoGpB04MRoQySSS+o1US6mTpjN40yvoY0Vctggdvaqa5z4JDMUK7J MwvOCzkrE+CV0ySx1K1YZ6l0KhFkuJoeVHXGN/lEiKFKe5CElKvkXLCpxMgiJtwo LUdXhmAwWkuITAfM+MtBSViViV1ITYIgbp1Z8TbEpFUlaHAOVjSDnIcOMCyBIkrR lgJjgbGB196gsJkIUBgFsOUSt04pYRtxWKwmeYKI2BlR2BDMhiAzEqI6gJwqFhfh dEDOiNaNQ108CGTnBgUCCajheaPOOBpMSQTWxgQjoglUQoOu9RG1DbNgoswENg5J cgLq4FIuWBmXcf3r+oQ50W1PPbvgZCxZ3rFoNw9n7/QiitVpVZylUk/0TNs4n/xd yRThQkLxN7Vo =/6Aq -END PGP MESSAGE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG asks for confirmation...
-BEGIN PGP MESSAGE- Version: GnuPG v1.4.3 (MingW32) owNCWmg2MUFZJlNZLMzs4gABJn//+nIoAvQXV7X9/EYAP///4QTQSoJBJo7hAQKA EAAYAogwAYltKwamplJtNJ7UmJ6gNMQ9IMEA0aNoIbUaAaaMGk9IYyDU0mBNAKZN Gg0AAeoBoA00NBkAaCEp5I/VG0yhkNBoaA0yAGgAANB0L26igoXVF92F EW5m9AAD3g6khlhsgcvJru0hRj/8XZzD+ggTIjgCGcEUG1Lhbe80VrJ+BNl7Xcqd LD2ltRYrMkSu7kebYaU2++xrDpQuApVPqQookKJCGCi8pkRFL2KnfpfjExQ1102V Y0FGqLdQptdrSU86qQEFcixIWatb3Az2WKffyddqtHcKhwQzjpmfAua29Um2RCie /Qp1ddtdEQUhXLUZGdZ4SwVNBVQGDFRcRVDoDVdSvz5R744DYNBLLTFCiHRuEhBz lSx25GYJDchUHETIgZD+SRWSIZDqPnOcDpNE1mtDIIGnK0QNiwfJ73ARJQJYrcnv Mvpk8OcUjLAnqoMGJhtigtnBwVwGXRtJcJ8AlaaoKSaGSZ5Y9Qs6CEQjI8xiSKcy YwIZbZd4molEKndZxqkx4BnGEtZy5zYHGxI3AWcJBhscEIMUnQjtlLsKAqZcDaPc jbCQk0Aq6EGIEcyqjkgXvVl1WXixuBj8pbYL7cdDTwdy/uR/K/LeXpPGY41PO0+/ nF3JFOFCQLMzs4g= =fCpG -END PGP MESSAGE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG asks for confirmation...
Hello ! Sven Radde [EMAIL PROTECTED] wrote: But this is logical, isn't it? You don't trust a key (what's there to trust?). You trust the fact that *a certain key belongs to a certain user-id* and if new ids are added, you would have to think again if the owner of the key actually owns that id. Of course, he owns. It's impossible to add or revoque a UserID without the SecretKey. No matter if I add an UserID to my Key: it's the same Key. Trust is not about owning the key. It is about owning the *user-id* and in particular linking a user-id (= a real person) to a key. In other words: Who would prevent you from adding [EMAIL PROTECTED] as a user-id to your key? (Or, creating a new key with that user-id.) Still, as nobody would believe that my email-address belongs to your key (i.e. that new user-id on your key is not trusted by anyone), my emails would not get encrypted to your key. People would approach me (my user-id) for verification of the key's fingerprint and I could deny that the key belongs to me / my user-id. You are right. But what I noticed is this: Let's suppose your Key has 4 UserID's and all fully trusted. You add one UserID more Winston Churchill. All 4 previous UserID's are compromised too, at the moment you added another one. That's what *I think* I noticed. -- Laurent Jumet KeyID: 0xCFAF704C ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG asks for confirmation...
Why is someone sending an encrypted message to this list? On Wednesday 31 May 2006 09:12 pm, Alphax wrote: -BEGIN PGP MESSAGE- Version: GnuPG v1.4.4-svn4147:IDEA-TIGER192-DSA2 (MingW32) owNCWmg2MUFZJlNZeXIg9QABDH/3mvZv7d3u1u7+6/9u9+fv7zbr3P+Y et9XR/NAAbdzYbgyhoAA0aGgAAAB6gAAANBoAaDQAPUAAAD1AAAGgGgPKBo9TE09 T0nptUKqaep6npDQGgyD0gDQGjQA9TIAaGgaADIAaaaABpiAGgANABoyaAADTQNG mgiqeRGwk0bUDIGTQaAAGgaAAABo0DQNAANAANAGgACKehBTAU/JTT1M h6jyARmgE0aaGI2gmATIw0AIwQ09TEAGCaPUNMAjABMBMg0aZMTQCXTolHwkEpi9 Cy3oMcVcyQoedCij54i8qBKFR6k9J0vF5BuAxAAMabOnGlwu4MRAEjAL0igIkNTS ui3UzEttszPynEW6+sl0T3CzrCE11BAPEUDiO6slqDlPXW5gYRMImPkDWqUyMSWQ Cj0hgZJXjhZkCEmi4ELRi6ORp+plJcCEXWSavnE8yq/gIUUe/GO0wz1w1zeS0pFF 3fp1mZNg33ihfOAAIShdI6SFCJmDsQZjewL+iIhgwMtrCNZqHWHONm1NEWlaPYbt r9MF+EcWYOxtmU8eRBJlYN+CN5ooG4V2e1ATMzXB4YjnUXq3XEclCWjAIBfgvQEJ j8g3vxdwUZevhsj2w2fPSF2dgKN/j6zH0pJqMxIetO2fcRNK9Qt2CBRFpIsgwwPp UMRg3FU0ySgofeziOi1C+WHK3wytgsIdavJUFya16OaIgUJnDfUcF8SVETSeEVxl GbEihWIJwDnggVVBNTsApy1kuBIy3wFAwLjFAUR4oimyWcYKPqUjMBKAswmQHEAs qLmy59c8ehCn2WgNrMOuDrNUzlwgpVC6KK5j3n+yEp+kFwL77EHYDyqCCQvEDlya I3DdaAVMzoCkZTmmHqr8MlRypwvo6MFcuQy6lC9CG+IaDWKXrDuGUnVEfqT8KPxL MsdKkw6ZuEBi1BahSWTxNaENJ4EnIwTVBmoi4sIqUMLh3SjAjNO+o0nADcnkB2EB CnrM3Tf4u5IpwoSDy5EHqA== =pDFk -END PGP MESSAGE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG asks for confirmation...
Hello ! Charly Avital [EMAIL PROTECTED] wrote: This is a bit strange. You mean that you cannot read compressed (not crypted) messages. -- Laurent Jumet KeyID: 0xCFAF704C ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users