Re: GPG and PGP
Op 16-3-2011 17:38, ved...@nym.hush.com schreef: I've had a problem running Disastry's PGP 2.6.3 multi6 on 64 bit windows systems, because the DOS command line window didn't work with even Disastry's 32 bit pgp.exe. That is because his executables are DOS executables and not win32 commandline programs. AFAIK win64 dumped the support for 16 bit DOS programs altogether, I'm surprised the executable could be made to run anyway. Compiling the source with a Windows compiler should solve that (I have both pgp 2.6.3m6 and gnupg 1.4.11 on a flash drive, and they both run on 64 bit windows systems from a command line dos window, without having pgp or gnupg installed.) Technically on Windows NT and up, you don't have a DOS window but a command shell, like Unix tcsh or bash. As mobile phones become bundled with OSes, it shouldn't be long before gnupg can be run on a mobile. I hope so, but this isn't an easy job. I remember it has been discussed here before. -- ir. J.C.A. Wevers // Physics and science fiction site: joh...@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP
On Wednesday 16 March 2011, Mark H. Wood wrote: On Wed, Mar 16, 2011 at 09:15:45AM +0100, Johan Wevers wrote: Op 15-3-2011 21:32, Ben McGinnes schreef: That's probably a worthwhile discussion to have. Even if RFC1991 support is maintained, there's still value in migrating encrypted data to more robust algorithms. Only if IDEA gets broken (or the pgp 2.x implementation of it turns out flawed) or, very unlikely, 128 bit can be brute-forced in the future. On that day it would be well to already know what to do about it and already have the tools in hand. Obviously. It would be best to have already done so. I'm not so sure about this. Migration requires decryption of the encrypted data. This introduces an attack vector that does not exist if you keep the data encrypted with IDEA. Regards, Ingo signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP
On Wednesday 16 March 2011, Johan Wevers wrote: Op 15-3-2011 21:57, Ingo Klöcker schreef: Why migrate away? Even if GnuPG 3 stops supporting RFC1991 there will always be GnuPG 1 and GnuPG 2 around to decrypt ancient data and verify signatures made decades ago. If that is the case, you could also say we still have pgp 2.x arround including source code. Sure. That's definitely an option for old data that can be decrypted with PGP 2. That's the beauty of Free Software. Nobody can take it away and since it's Open Source it will always be possible to compile it on new OSes (provided we will be able/allowed to install what we want on those OSes). Current OSes pose already a problem. PGP 2 did not provide nagtive binaries for win32 so I compiled them myself, which was easy (just make a new project file in VC5, add all C files and press compile). Added benefit was long filename support. Now I have a Symbian phone and an Android tablet, but I have no idea how to decrypt messages on those devices. The source of pgp and GnuPG is freely available, but without a C compiler you need to port them to the Symbian version of C and the Google Java clone, or write a compiler yourself. The first task is a huge effort I'm not sure I could even do myself and I'm certainly not up to the second. The good thing is that you are not alone. ;-) And if nobody wants to do it you still have the option to pay somebody for doing it. Regards, Ingo signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP
Op 15-3-2011 21:16, Robert J. Hansen schreef: This may not be so much an argument for IDEA's inclusion as it might be an argument for data migration. How do I re-sign a message with someone else's private key? And for that matter, how do I do that convenient with a mailbox with many encrypted messages? I don't want to store them unencrypted, they might still be sensitive, and I also don't want to loose the meta information (date, sender, etc.). If forever, then sure, IDEA support, v3 keys, etc., etc. It is obvious that I would prefer forever. Or, at least as long as the people who have used pgp 2 died out, which means for another century or so (ignoring corporate users). Which is probably in any IT planning the same as forever. -- ir. J.C.A. Wevers // Physics and science fiction site: joh...@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP
Op 15-3-2011 21:32, Ben McGinnes schreef: That's probably a worthwhile discussion to have. Even if RFC1991 support is maintained, there's still value in migrating encrypted data to more robust algorithms. Only if IDEA gets broken (or the pgp 2.x implementation of it turns out flawed) or, very unlikely, 128 bit can be brute-forced in the future. For now, I trust my most secret data to 128 bit strength. -- ir. J.C.A. Wevers // Physics and science fiction site: joh...@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP
Op 15-3-2011 21:57, Ingo Klöcker schreef: Why migrate away? Even if GnuPG 3 stops supporting RFC1991 there will always be GnuPG 1 and GnuPG 2 around to decrypt ancient data and verify signatures made decades ago. If that is the case, you could also say we still have pgp 2.x arround including source code. That's the beauty of Free Software. Nobody can take it away and since it's Open Source it will always be possible to compile it on new OSes (provided we will be able/allowed to install what we want on those OSes). Current OSes pose already a problem. PGP 2 did not provide nagtive binaries for win32 so I compiled them myself, which was easy (just make a new project file in VC5, add all C files and press compile). Added benefit was long filename support. Now I have a Symbian phone and an Android tablet, but I have no idea how to decrypt messages on those devices. The source of pgp and GnuPG is freely available, but without a C compiler you need to port them to the Symbian version of C and the Google Java clone, or write a compiler yourself. The first task is a huge effort I'm not sure I could even do myself and I'm certainly not up to the second. -- ir. J.C.A. Wevers // Physics and science fiction site: joh...@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP
On Wed, 16 Mar 2011 06:33, b...@adversary.org said: Okay, so that would cover 3DES too? Surely there can't be many No. DES and thus 3DES have a blocksize of 64 bit. The blocksize is not related to the keysize. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP
On 16/03/11 8:50 PM, Werner Koch wrote: On Wed, 16 Mar 2011 06:33, b...@adversary.org said: Okay, so that would cover 3DES too? Surely there can't be many No. DES and thus 3DES have a blocksize of 64 bit. The blocksize is not related to the keysize. Ah, right, got it. Thanks. Regards, Ben signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP
On Wed, Mar 16, 2011 at 09:15:45AM +0100, Johan Wevers wrote: Op 15-3-2011 21:32, Ben McGinnes schreef: That's probably a worthwhile discussion to have. Even if RFC1991 support is maintained, there's still value in migrating encrypted data to more robust algorithms. Only if IDEA gets broken (or the pgp 2.x implementation of it turns out flawed) or, very unlikely, 128 bit can be brute-forced in the future. On that day it would be well to already know what to do about it and already have the tools in hand. It would be best to have already done so. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart. pgp2HMAJFicFn.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP
Op 16-3-2011 13:53, Mark H. Wood schreef: Only if IDEA gets broken (or the pgp 2.x implementation of it turns out flawed) or, very unlikely, 128 bit can be brute-forced in the future. On that day it would be well to already know what to do about it and already have the tools in hand. It would be best to have already done so. That, however, is true for any crypto algorithm, not specifically for IDEA. -- ir. J.C.A. Wevers // Physics and science fiction site: joh...@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP
On Wed, Mar 16, 2011 at 9:41 AM, ved...@nym.hush.com wrote: David Shaw dshaw at jabberwocky.com wrote on Wed Mar 16 00:42:48 CET 2011 : GnuPG does the MDC by default whenever all the keys can handle it What kind of key can't handle it in gnupg? I sent messages to all key types, including v3 keys, using the forced MDC, (my preferred cipher is 3DES, not that I have anything against any others, but have been used to using it and see no particular reason to change), 2 key or 3 key? 2TDEA only provides about 80 bits of security, and is usually not recommend for use. NIST SP 800-57: http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf ECRYPT2 Yearly report on Key Sizes: http://www.ecrypt.eu.org/documents/D.SPA.13.pdf Jeff ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP
On 3/16/2011 10:05 AM, Jeffrey Walton wrote: 2 key or 3 key? 2TDEA only provides about 80 bits of security, and is usually not recommend for use. The OpenPGP spec requires three-key 3DES, and GnuPG conforms to the spec. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP
On Mar 16, 2011, at 9:41 AM, ved...@nym.hush.com wrote: David Shaw dshaw at jabberwocky.com wrote on Wed Mar 16 00:42:48 CET 2011 : GnuPG does the MDC by default whenever all the keys can handle it What kind of key can't handle it in gnupg? None. It's not a key type, but a feature/detail of the implementation, like supporting a particular cipher. The user IDs have a flag on them to indicate whether an MDC can be used. Run gpg --edit-key on your key and enter showpref. Look at the Features line(s). They should say (among other stuff) MDC. That's the flag. Forcing the use of the MDC is similar to forcing the use of a cipher: it might work (probably will, these days), but if someone is using an implementation that doesn't understand the MDC, they won't be able to decrypt your message, any more than they would be if you forced the use of a cipher their implementation doesn't understand. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP
On Mar 16, 2011, at 10:05 AM, Jeffrey Walton wrote: On Wed, Mar 16, 2011 at 9:41 AM, ved...@nym.hush.com wrote: David Shaw dshaw at jabberwocky.com wrote on Wed Mar 16 00:42:48 CET 2011 : GnuPG does the MDC by default whenever all the keys can handle it What kind of key can't handle it in gnupg? I sent messages to all key types, including v3 keys, using the forced MDC, (my preferred cipher is 3DES, not that I have anything against any others, but have been used to using it and see no particular reason to change), 2 key or 3 key? 2TDEA only provides about 80 bits of security, and is usually not recommend for use. 3DES in OpenPGP is only 3 key. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
re: GPG and PGP
Johan Wevers johanw at vulcan.xs4all.nl wrote on Wed Mar 16 09:16:56 CET 2011 : Current OSes pose already a problem. PGP 2 did not provide nagtive binaries for win32 so I compiled them myself I've had a problem running Disastry's PGP 2.6.3 multi6 on 64 bit windows systems, because the DOS command line window didn't work with even Disastry's 32 bit pgp.exe. Finally found a workaround by writing a simple new batch file: set PGPHome = home %SystemRoot%\system32\cmd.exe and saved this as pgp64.bat (I have both pgp 2.6.3m6 and gnupg 1.4.11 on a flash drive, and they both run on 64 bit windows systems from a command line dos window, without having pgp or gnupg installed.) For 'gnupg64.bat' the first line of the above two lines should read: set GNUPGHOME=home As mobile phones become bundled with OSes, it shouldn't be long before gnupg can be run on a mobile. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP
On Mon, 14 Mar 2011 17:53, ved...@nym.hush.com said: Disastry's signature is on the ideadll file in the ideadll.zip file on his site. So you trust some binary blob? .-) Is that your signature on the idea.c module from key ID 621CC013 ? Yes. Back in 1997 I implemented PGP 2 compatible code as the first towards GPG. Obviously I needed IDEA and RSA for testing. That is the reason why we have this code at all. Later a lot of people demanded that IDEA and RSA should be added to GPG so that existing files could be decrypted. The claim was that RSA is only patented in the U.S. and the IDEA patent is not valid in some European countries like Luxembourg and Denmark. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP
On Tue, Mar 15, 2011 at 10:22:45AM +0100, Werner Koch wrote: Yes. Back in 1997 I implemented PGP 2 compatible code as the first towards GPG. Obviously I needed IDEA and RSA for testing. That is the reason why we have this code at all. Later a lot of people demanded that IDEA and RSA should be added to GPG so that existing files could be decrypted. The claim was that RSA is only patented in the U.S. and the IDEA patent is not valid in some European countries like Luxembourg and Denmark. Three things- 1. The U.S. patent expires for IDEA on January 7, 2012. 2. IDEA has already been succeeded by IDEA NXT, another patented algo. 3. Both IDEA and IDEA NXT don't meet the rigor of many of today's open algos. So, if you ask me, I don't see the need to support even the capability of a module with GnuPG. PGP 2 is long since dead, and anyone still using IDEA for whatever reason, should migrate to more robust, secure and open algos. Just my 2¢. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP
3. Both IDEA and IDEA NXT don't meet the rigor of many of today's open algos. Substitute safety margin for rigor and I'll agree with you. IDEA is a competent design by credible people and has had a whole lot of people beating on it to only limited degrees of success: it seems to me they've met the requirements for rigor. So, if you ask me, I don't see the need to support even the capability of a module with GnuPG. I am generally in favor of modular design on general principle: it makes it easier to write custom additions to GnuPG should the need arise. Whether an IDEA module should exist or not ... eh. I've always thought that if people really needed RFC1991 compatibility, they know where to find PGP 2.6. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP
Op 15-3-2011 14:19, Aaron Toponce schreef: 1. The U.S. patent expires for IDEA on January 7, 2012. I propose to include the IDEA module then in GnuPG 1.4.12 and 2.2.(then current + 1), just like the extra version that came out when the RSA patent expired. 2. IDEA has already been succeeded by IDEA NXT, another patented algo. 3. Both IDEA and IDEA NXT don't meet the rigor of many of today's open algos. So, if you ask me, I don't see the need to support even the capability of a module with GnuPG. PGP 2 is long since dead, and anyone still using IDEA for whatever reason, should migrate to more robust, secure and open algos. I disagree. People might still need access to encrypted archives and old keys with significant weight in the WoT might still be around. Further pgp 2.x format can still be used with software like Mixmaster remailer. -- With kind regards, Johan Wevers ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP
Op 15-3-2011 15:55, Aaron Toponce schreef: Using this line of logic, web developers should continue support for IE6. I would not mind them using fallbacks when it doesn't hinder other code or bloat things. This last requirement, however, is in web development much more difficult to achieve than adding another crypto algorithm to GnuPG. The IDEA code does not hinder or complicate other code. Even the crypto algo const (1) for IDEA is already defined. After all, it has 35% market share in China, and roughly 12% world-wide, given recent statistics. My former employer still uses it. That's what you get for investing too much in company and product specific code. I would venture to guess that PGP v2 has much less of a share in crypto circles. I don't know, but I do know that adding IDEA does not complicate or bloat GnuPG. -- With kind regards, Johan Wevers ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP
On Tue, Mar 15, 2011 at 04:14:25PM +0100, Johan Wevers wrote: I don't know, but I do know that adding IDEA does not complicate or bloat GnuPG. You're probably right. I guess I just don't understand supporting dead, deprecated, proprietary technology, bloat or no bloat. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP
Op 15-3-2011 16:29, Aaron Toponce schreef: I don't know, but I do know that adding IDEA does not complicate or bloat GnuPG. You're probably right. I guess I just don't understand supporting dead, deprecated, proprietary technology, bloat or no bloat. IDEA is far from dead. I have mailarchives dating back to the pgp 2.3 days and I would like to decrypt those mails from within my current mail reader that uses GnuPG. And it isn't proprietary, the algorithm is fully public (as the availability of the source code proves). About deprecated, well, opinions differ. Currently there may be better options, but I remember back in the pgp 5/6 days before CAST5 had had as much public scrutiny as it has had now, many people trusted IDEA more than CAST5 and still used it, which again increases the availability of IDEA encrypted archive material. -- Met vriendelijke groet / with kind regards, Johan Wevers ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP
On 3/15/11 3:53 PM, Ben McGinnes wrote: It's simple, data which may have been encrypted 15+ years ago may still have value to the people who encrypted it, even if they have since chosen to move from older programs (e.g. PGP 2.x) for their current needs. This may not be so much an argument for IDEA's inclusion as it might be an argument for data migration. How long will we support RFC1991? There are really only two interesting answers: forever and for a while. If forever, then sure, IDEA support, v3 keys, etc., etc. If not-forever, then we should start talking about when precisely we'll stop supporting RFC1991, and how we can help users migrate away. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP
David Shaw dshaw at jabberwocky.com wrote on Tue Mar 15 15:34:47 CET 2011 : would like to see IDEA included once the various patents expire As long as the non-256 bit symmetrical algorithms (IDEA, CAST5, 3DES, BLOWFISH) will remain part of open PGP, and the MDC needs revision eventually to move up from SHA-1, then can the MDC be modified to apply to the non-256 bit ciphers as well, (or at least amend the gnupg error message to a less ominous one, that MDC's are not generated for non-256 bit ciphers) ? vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP
On 16/03/11 7:16 AM, Robert J. Hansen wrote: On 3/15/11 3:53 PM, Ben McGinnes wrote: It's simple, data which may have been encrypted 15+ years ago may still have value to the people who encrypted it, even if they have since chosen to move from older programs (e.g. PGP 2.x) for their current needs. This may not be so much an argument for IDEA's inclusion as it might be an argument for data migration. True. In my case I'm pretty sure that all the stuff that I've moved to my current system has been migrated from IDEA and CAST5 to AES256. I'm less sure about the stuff that's archived on old drives and other media. If not-forever, then we should start talking about when precisely we'll stop supporting RFC1991, and how we can help users migrate away. That's probably a worthwhile discussion to have. Even if RFC1991 support is maintained, there's still value in migrating encrypted data to more robust algorithms. Regards, Ben signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP
On Tuesday 15 March 2011, Robert J. Hansen wrote: On 3/15/11 3:53 PM, Ben McGinnes wrote: It's simple, data which may have been encrypted 15+ years ago may still have value to the people who encrypted it, even if they have since chosen to move from older programs (e.g. PGP 2.x) for their current needs. This may not be so much an argument for IDEA's inclusion as it might be an argument for data migration. How long will we support RFC1991? There are really only two interesting answers: forever and for a while. If forever, then sure, IDEA support, v3 keys, etc., etc. If not-forever, then we should start talking about when precisely we'll stop supporting RFC1991, and how we can help users migrate away. Why migrate away? Even if GnuPG 3 stops supporting RFC1991 there will always be GnuPG 1 and GnuPG 2 around to decrypt ancient data and verify signatures made decades ago. That's the beauty of Free Software. Nobody can take it away and since it's Open Source it will always be possible to compile it on new OSes (provided we will be able/allowed to install what we want on those OSes). I fully understand that some people will want to migrate but I don't think an easy migration path should be one of the guiding design goals for a version not supporting RFC1991. Regards, Ingo signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP
On Mar 15, 2011, at 4:24 PM, ved...@nym.hush.com wrote: David Shaw dshaw at jabberwocky.com wrote on Tue Mar 15 15:34:47 CET 2011 : would like to see IDEA included once the various patents expire As long as the non-256 bit symmetrical algorithms (IDEA, CAST5, 3DES, BLOWFISH) will remain part of open PGP, and the MDC needs revision eventually to move up from SHA-1, then can the MDC be modified to apply to the non-256 bit ciphers as well, (or at least amend the gnupg error message to a less ominous one, that MDC's are not generated for non-256 bit ciphers) ? I'm not quite sure what you mean. The MDC can be used on any OpenPGP cipher, no matter what the size. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP
David Shaw dshaw at jabberwocky.com wrot on Tue Mar 15 22:28:23 CET 2011 : I'm not quite sure what you mean. The MDC can be used on any OpenPGP cipher, no matter what the size. Yes, but it's done by gnupg by default for 256 bit ciphers, while it needs the option of '--force-mdc' for non-256 bit ciphers. When this option isn't used, MDC is not done, and when gnupg decrypts the message, it gives an alert of: gpg: WARNING: message was not integrity protected My suggestion is to have gnupg do the MDC by default for all ciphers sizes. (makes it easier for beginners who might get a little concerned about the above alert message ;-) ) vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP
On 16/03/11 10:42 AM, David Shaw wrote: GnuPG does the MDC by default whenever all the keys can handle it (or if the chosen cipher is 256 bits) Is that 256 bits only or 256 bits and larger? Regards, Ben signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP
On Mar 15, 2011, at 11:41 PM, David Shaw wrote: On Mar 15, 2011, at 11:28 PM, Ben McGinnes wrote: On 16/03/11 10:42 AM, David Shaw wrote: GnuPG does the MDC by default whenever all the keys can handle it (or if the chosen cipher is 256 bits) Is that 256 bits only or 256 bits and larger? Strictly speaking, it's anything with a cipher blocksize that isn't 128 bits. In the case of OpenPGP, that means AES (any of them) or Twofish. GnuPG will flip on the MDC when it sees any of those ciphers in the preferences, or failing that, it does the blocksize test. Err - meant to say anything with a cipher blocksize that isn't 64 bits. AES Twofish are of course 128 bits. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP
On Mar 15, 2011, at 11:28 PM, Ben McGinnes wrote: On 16/03/11 10:42 AM, David Shaw wrote: GnuPG does the MDC by default whenever all the keys can handle it (or if the chosen cipher is 256 bits) Is that 256 bits only or 256 bits and larger? Strictly speaking, it's anything with a cipher blocksize that isn't 128 bits. In the case of OpenPGP, that means AES (any of them) or Twofish. GnuPG will flip on the MDC when it sees any of those ciphers in the preferences, or failing that, it does the blocksize test. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP
On 16/03/11 2:37 PM, Robert J. Hansen wrote: On 3/15/2011 11:28 PM, Ben McGinnes wrote: Is that 256 bits only or 256 bits and larger? Given there are no symmetric ciphers in OpenPGP that use more than a 256-bit key, I think the answer here is yes. :) Heh. For some reason my brain was thinking hashes instead of ciphers. I've been awake for a little while, though. Regards, Ben signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP
Gloria.Teo at bit.admin.ch Gloria.Teo at bit.admin.ch wrote on Mon Mar 14 11:23:26 CET 2011 : gpg: epflpepfl: preference for cipher algorithm 1 Cipher Algorithm 1 is IDEA, and was used as a default cipher for RSA keys by 6.5.8 GnuPG does not use IDEA although it will accept the IDEA module. You need a passphrase to unlock the secret key for user: epflpepfl 1024-bit DSA key, ID B5AC473D, created 2003-01-09 This is unusual, because the 6.5.8 default cipher for a DSA key is CAST5, not IDEA, unless you specifically set up 6.5.8 to use IDEA even for DSA keys. Be that as it may, there are two ways you can unlock your secret key: [1] If you have an existing workable 6.5.8 on any machine, use it to edit the key, and REMOVE the passphrase, then import it into GnupG and edit it again to set the passphrase, then, once you're satisfied that that works, delete any copies of the key that had the passphrase removed. [2] Use GnuPG with the IDEA module. IDEA.dll can be downloaded from Disastry's preserved site: http://www.spywarewarrior.com/uiuc/disastry/gpg.htm (btw, Disastry is the one who wrote the IDEA.dll module, specifically to bridge the gap between gnupg and pgp users.) (a) Copy idea.dll into your gnupg home directory (b) add the following line to your gpg.conf load-extension 'pathway to your gnupg home directory'/idea.dll (backward slash '\' if you're doing this on windows) (c) save gpg.conf (d) open gnupg, and at the prompt, type gpg -h gnupg should then list the following; Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: IDEA (S1), 3DES (S2), CAST5 (S3), BLOWFISH (S4), AES (S7), AES192 (S8), AES256 (S9), TWOFISH (S10), CAMELLIA128 (S11), CAMELLIA192 (S12), CAMELLIA256 (S13) If IDEA is listed, then everything you want to do will work. (Don't worry if CAMEllIA isn't listed, it just means you aren't using the latest version of GnuPG.) vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP
On Mon, 14 Mar 2011 15:50, ved...@nym.hush.com said: (btw, Disastry is the one who wrote the IDEA.dll module, specifically to bridge the gap between gnupg and pgp users.) Hmmm, the signature claims that I wrote it. However, I still recommend not to use it. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP
iOn Mon, 14 Mar 2011 11:50:29 -0400 Werner Koch w...@gnupg.org wrote: On Mon, 14 Mar 2011 15:50, ved...@nym.hush.com said: (btw, Disastry is the one who wrote the IDEA.dll module, specifically to bridge the gap between gnupg and pgp users.) Hmmm, the signature claims that I wrote it. I stand corrected, and am in awe. Disastry's signature is on the ideadll file in the ideadll.zip file on his site. Is that your signature on the idea.c module from key ID 621CC013 ? =[begin quoted section]= idea.c - IDEA function * Copyright (c) 1997, 1998, 1999, 2001 by Werner Koch (dd9jn) * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the Software), * to deal in the Software without restriction, including without limitation * the rights to use, copy, modify, merge, publish, distribute, sublicense, * and/or sell copies of the Software, and to permit persons to whom the * Software is furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL * WERNER KOCH BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. * * Except as contained in this notice, the name of Werner Koch shall not be * used in advertising or otherwise to promote the sale, use or other dealings * in this Software without prior written authorization from Werner Koch. =[end quoted section]= Well even if you don't recommend it, at least people who *need* it, can now trust the author ;-)) vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP Compatibility
On Tue, 17 Oct 2006 23:18, Ryan Malayter said: file extension for encrypted files, whereas PGP Corp.'s products use .pgp. But that can be overcome with configuration settings, either in one of the programs, or by telling Windows what programs to associate with which file extensions. An easy solution would be to have Enigmail map .gpg suffixes to .gpg when sending attachments. Shalom-Salam, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP Compatibility
Alphax wrote: re: setting the extension in Enigmail I've filed an RFE at http://bugzilla.mozdev.org/show_bug.cgi?id=15442. Well, apparantly it's already doable: You can set this with the following two preferences in about:config (or in Thunderbird via Preferences/Advanced/Config Editor): extensions.enigmail.inlineAttachExt extensions.enigmail.inlineSigAttachExt Hope that helps, -- Alphax Death to all fanatics! Down with categorical imperative! OpenPGP key: http://tinyurl.com/lvq4g signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP Compatibility
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alphax wrote: Conan Purves wrote: Hello everybody, snip When I encode attachments, it gives them a .gpg suffix. My colleagues who are using PGP Desktop cannot decode those files. Though I can decode their files, either using the gpgee contextual menu or automatically through enigmail. Practically speaking, is there a solution for this? My colleagues are most likely going to want to continue using PGP Desktop. Although it's only freeware and not open source, GPGShell http://www.jumaros.de/rsoft/index.html will give you explorer and system tray integration, and let you use a .pgp extension. I've filed an RFE at http://bugzilla.mozdev.org/show_bug.cgi?id=15442. There's no need for an RFE against Enigmail. There are preferences available that allow to modify the default .pgp to something else (the prefs are not available via GUI). - -Patrick -BEGIN PGP SIGNATURE- Version: GnuPG v1.9.92 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRTYQuXcOpHodsOiwAQJB4Qf/TVOxH8gJ0e8IqfRQA2pdboSm74gHmZvM W2GEX0jfwn9A10MQN82VFJoNLswRQOZpnNzkfsupEkpSe+GHRKsJXQOBRAQvPE9w amJ/i7wr7qDv8hoZGMxlriV2WzAACLyUMzfwFXF7ENx8XNPq07n36DJ/P83O3iRd Y5Oc/iktfFGynQeGHEle0R7QRJRfDEab7+B+9WVbRO6LT2N1g3j4mvCFwdgXdvUU x2fgw59NX/jof/RJMRQcAEQTsbw2Jc1kiq+6TWKNK3TkySuEG2UARmc0PTK5nlYe lfCyE4/o2XqTZA+6pltOQ0oX49xGV/jIhIIuyM8Wlzxy1U4uQAwUEQ== =OEvK -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP Compatibility (Conan Purves)
Date: Tue, 17 Oct 2006 13:09:21 -0400 From: Conan Purves [EMAIL PROTECTED] Subject: GPG and PGP Compatibility have thus found Gnupg using the gpg4win front end, running through the Enigmail extension on Thunderbird. My last problem, I believe, is attachments. using gpg4win, there is a workaround to avoid attachments altogether, but still sign the file and send it as part of the the inline message, and it works for any file type: [1]use windows explorer to find the file you wish to send as an attachment, and right-click on the file [2]click on 'gpgee' and then on 'sign' [3]in the gpgee signing window, (a) in the left pane, (entitled 'Signature Options'), click 'Attached' (b) in the right pane, (entitled 'Misc. Options'), click on 'Text Output(ASCII Armor)' [4]select your signing key and sign the file, gpgee produces an ascii armored output 'file.asc' and saves it in the same directory as the original file [5] use notepad to open the file, but make sure that in the notepad bottom box entitled 'File Type', 'All Files' are checked, (the default is 'Text documents', and notepad will list only .txt files and not 'see' anything else) [6] copy the armored text and paste it into the body of the message, with an instruction for the receiver to save it as 'file.asc' [7] open file.asc using winpt's file manager, it will verify the signature and save the original file type (do 'not' try to verify it from the 'current window', as it will only verify the signature but not recover the file) [8] the same will happen in all pgp versions through 8.x, if they save the file as file.asc, and verify it using 'PGP Tools' or 'PGPMail' (i haven't tried PGP 9.x since the first time it came out, so you might need someone to test it for you using the current 9.x) this works with any type of e-mail client, and the entire message can be sent as signed and encrypted, without any indication that an attachment is included (although people might guess because of the message size ;-) ) vedaal Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP Compatibility (vedaal)
On Wed, 18 Oct 2006 05:04:14 -0400 [EMAIL PROTECTED] wrote: Send Gnupg-users mailing list submissions to [7] open file.asc using winpt's file manager, forgot to mention, it can also be done using gpgee, and the signature will be verified, and the file saved vedaal Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP Compatibility
Hi, Conan Purves schrieb: Hello everybody, I am the office manager here and trying to set up a compatible PGP for some of the employees. I am looking for an open-source, free non-corporate version of the software and have thus found Gnupg using the gpg4win front end, running through the Enigmail extension on Thunderbird. We are using Windows boxes here. I have succeeded in installing it and getting it to work. However, there have been many little details that prevent me from rolling this out to the other employees. My last problem, I believe, is attachments. I have installed gpgee which encodes and decodes attachments (as there seems to be no function to do this in Engimail or win4gpg. It is possible to do so if you check Always use PGP/MIME in the OpenPGP Preferences of Enigmail, section PGP/MIME. How much this is compatible to PGP, I don't know. Best wishes Michael -- Nobody can save your freedom but YOU - become a fellow of the FSF Europe! http://www.fsfe.org/en signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG and PGP Compatibility
Conan Purves wrote: Hello everybody, snip When I encode attachments, it gives them a .gpg suffix. My colleagues who are using PGP Desktop cannot decode those files. Though I can decode their files, either using the gpgee contextual menu or automatically through enigmail. Practically speaking, is there a solution for this? My colleagues are most likely going to want to continue using PGP Desktop. Although it's only freeware and not open source, GPGShell http://www.jumaros.de/rsoft/index.html will give you explorer and system tray integration, and let you use a .pgp extension. I've filed an RFE at http://bugzilla.mozdev.org/show_bug.cgi?id=15442. -- Alphax Death to all fanatics! Down with categorical imperative! OpenPGP key: http://tinyurl.com/lvq4g signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
