[PATCH] Add npth socket test case

[yaowenbin via Gnupg-users]

* tests/t-socket.c: New

Signed-off-by: yaowenbin1 
---
 tests/t-socket.c | 270 +++
 1 file changed, 270 insertions(+)
 create mode 100644 tests/t-socket.c

diff --git a/tests/t-socket.c b/tests/t-socket.c
new file mode 100644
index 000..8e980d4
--- /dev/null
+++ b/tests/t-socket.c
@@ -0,0 +1,270 @@
+/* t-socket.c
+ *
+ * This file is free software; as a special exception the author gives
+ * unlimited permission to copy and/or distribute it, with or without
+ * modifications, as long as this notice is preserved.
+ *
+ * This file is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "t-support.h"
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#define NAME "Socket"
+#define DATA "Test npth socket interfaces. . ."
+
+static void *
+thread_one (void *arg)
+{
+int sock, msgsock, rval;
+struct sockaddr_un server;
+char buf[1024];
+   struct timeval tv;
+   struct timespec ts;
+
+info_msg ("thread-one started");
+   tv.tv_sec = 0;
+   tv.tv_usec = 100;
+   ts.tv_sec = 0;
+   ts.tv_nsec = 1000;
+
+sock = socket(AF_UNIX, SOCK_STREAM, 0);
+if (sock < 0) {
+perror("opening stream socket");
+exit(1);
+}
+server.sun_family = AF_UNIX;
+strcpy(server.sun_path, NAME);
+if (bind(sock, (struct sockaddr *) , sizeof(struct sockaddr_un))) {
+perror("binding stream socket");
+exit(1);
+}
+info_msg("Socket has name %s\n", server.sun_path);
+listen(sock, 5);
+msgsock = npth_accept(sock, 0, 0);
+if (msgsock == -1)
+perror("accept");
+else do {
+bzero(buf, sizeof(buf));
+if ((rval = npth_read(msgsock, buf, 1024)) < 0)
+perror("reading stream message");
+else if (rval == 0)
+info_msg("Ending connection\n");
+else
+info_msg("-->%s\n", buf);
+} while (rval > 0);
+
+   npth_select(0, NULL, NULL, NULL, );
+   npth_pselect(0, NULL, NULL, NULL, , NULL);
+close(msgsock);
+   close(sock);
+   unlink(NAME);
+  info_msg ("thread-one terminated");
+
+  return (void*)4711;
+}
+
+
+static void *
+thread_two (void *arg)
+{
+
+int sock;
+struct sockaddr_un server;
+char buf[1024];
+
+   info_msg ("thread-two started");
+sock = socket(AF_UNIX, SOCK_STREAM, 0);
+if (sock < 0) {
+perror("opening stream socket");
+exit(1);
+}
+server.sun_family = AF_UNIX;
+strcpy(server.sun_path, NAME);
+
+if (npth_connect(sock, (struct sockaddr *) , sizeof(struct 
sockaddr_un)) < 0) {
+close(sock);
+perror("connecting stream socket");
+exit(1);
+}
+if (npth_write(sock, DATA, sizeof(DATA)) < 0)
+perror("writing on stream socket");
+close(sock);
+
+  info_msg ("thread-two terminated");
+
+  return (void*)4722;
+}
+
+static void *
+thread_three (void *arg)
+{
+int sock, msgsock, rval;
+struct sockaddr_un server;
+char buf[1024];
+   struct msghdr msg;
+   struct iovec io;
+
+   msg.msg_name = NULL;
+   io.iov_base = buf;
+   io.iov_len = 1024;
+   msg.msg_iov = 
+   msg.msg_iovlen = 1;
+
+info_msg ("thread-three started");
+
+sock = socket(AF_UNIX, SOCK_STREAM, 0);
+if (sock < 0) {
+perror("opening stream socket");
+exit(1);
+}
+server.sun_family = AF_UNIX;
+strcpy(server.sun_path, NAME);
+if (bind(sock, (struct sockaddr *) , sizeof(struct sockaddr_un))) {
+perror("binding stream socket");
+exit(1);
+}
+info_msg("Socket has name %s\n", server.sun_path);
+listen(sock, 5);
+msgsock = npth_accept(sock, 0, 0);
+if (msgsock == -1)
+perror("accept");
+else {
+bzero(buf, sizeof(buf));
+   ssize_t recv_size = npth_recvmsg(msgsock, , 0);
+   char * temp = msg.msg_iov[0].iov_base;
+   temp[recv_size] = '\0';
+   info_msg("get message:%s", temp);
+};
+
+    close(msgsock);
+   close(sock);
+   unlink(NAME);
+  info_msg ("thread-three terminated");
+
+  return (void*)4711;
+}
+
+
+static void *
+thread_four (void *arg)
+{
+
+int sock;
+struct sockaddr_un server;
+char buf[1024] = "test sendmsg and recvmsg\n";
+   struct msghdr msg;
+   struct iovec io;
+
+   msg.msg_name = NULL;
+   io.iov_base = buf;
+   io.iov_len = sizeof(buf);
+   msg.msg_iov = 
+   msg.msg_iovlen = 1;
+
+   info_msg ("thread-four 

Re: Repo with test cases for covert content attacks

[Stefan Claas via Gnupg-users]

Sebastian Schinzel wrote:

> Those are two different papers.
> 
> 1. The 'Jonny, you are fired' paper solely dealt with signature spoofing
> and the repo is here:
> 
> https://github.com/RUB-NDS/Johnny-You-Are-Fired
> 
> 2. The paper mentioned in the thread above is 'Re: What's Up Johnny? --
> Covert Content Attacks on Email End-to-End Encryption' and it contains
> some leftover attack cases that didn't make it into the Efail paper. It
> aims at exfiltrating the plaintext of encrypted mails, but with some
> degree of user interaction, e.g. replying to a malicious email.
> 
> Lots of test cases and I am not aware of any current list of what MUA
> fixed which issue (correctly or incorrectly).

Thanks for pointing that out! Even if I no longer use online computers
for encryption/decryption I may take the time and study the examples,
once time permits.

Best regards
Stefan

-- 
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD)

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Repo with test cases for covert content attacks

[Sebastian Schinzel]

Am 12.08.19 um 17:47 schrieb Stefan Claas via Gnupg-users:
> Sebastian Schinzel wrote:
> 
>> Dear all,
>>
>> Jens Müller just gave a talk at DEFCON about Covert Content Attacks
>> against S/MIME and OpenPGP encryption and digital signatures in the
>> email context. He just published the PoC emails that he used in the talk
>> and they might be useful for further testing.
>>
>> https://github.com/RUB-NDS/Covert-Content-Attacks
>>
>> This is the paper describing the attacks from April 2019:
>>
>> https://arxiv.org/abs/1904.07550
> 
> Thanks for the info. I do no longer use a GPG plug-in MUA
> combination, but are these 'Johnny you are fired' issues 
> already been resolved? I must admit I am a bit out of the
> loop.

Those are two different papers.

1. The 'Jonny, you are fired' paper solely dealt with signature spoofing
and the repo is here:

https://github.com/RUB-NDS/Johnny-You-Are-Fired

2. The paper mentioned in the thread above is 'Re: What's Up Johnny? --
Covert Content Attacks on Email End-to-End Encryption' and it contains
some leftover attack cases that didn't make it into the Efail paper. It
aims at exfiltrating the plaintext of encrypted mails, but with some
degree of user interaction, e.g. replying to a malicious email.

Lots of test cases and I am not aware of any current list of what MUA
fixed which issue (correctly or incorrectly).

Best,
Sebastian

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Repo with test cases for covert content attacks

[Stefan Claas via Gnupg-users]

Sebastian Schinzel wrote:

> Dear all,
> 
> Jens Müller just gave a talk at DEFCON about Covert Content Attacks
> against S/MIME and OpenPGP encryption and digital signatures in the
> email context. He just published the PoC emails that he used in the talk
> and they might be useful for further testing.
> 
> https://github.com/RUB-NDS/Covert-Content-Attacks
> 
> This is the paper describing the attacks from April 2019:
> 
> https://arxiv.org/abs/1904.07550

Thanks for the info. I do no longer use a GPG plug-in MUA
combination, but are these 'Johnny you are fired' issues 
already been resolved? I must admit I am a bit out of the
loop.

Regards
Stefan

-- 
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD)

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Repo with test cases for covert content attacks

[Sebastian Schinzel]

Dear all,

Jens Müller just gave a talk at DEFCON about Covert Content Attacks
against S/MIME and OpenPGP encryption and digital signatures in the
email context. He just published the PoC emails that he used in the talk
and they might be useful for further testing.

https://github.com/RUB-NDS/Covert-Content-Attacks

This is the paper describing the attacks from April 2019:

https://arxiv.org/abs/1904.07550

Best,
Sebastian

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: test

[Stefan Claas via Gnupg-users]

David wrote:

> I have imported your key,

:-)

Regards
Stefan


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: test

[David]

On 14/07/2019 05:55, Stefan Claas via Gnupg-users wrote:
> David wrote:
> 
>> Hello Stefan,
>>
>> I mean to say - no keys were found :)
> 
> Maybe you have to adjust you settings.
> 
> My key is available via WKD or Hagrid.
> 
> (P.S. I forgot to insert a Message-ID,
> so now threading is not correct.)
> 
> Regards
> Stefn
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 
I have imported your key,

David

-- 
People Should Not Be Afraid Of Their Government - Their Government
Should Be Afraid Of The People - When Injustice Becomes Law, REBELLION
Becomes A DUTY! Join the Rebellion Today! https://gbenet.com


0x5C6EE7FBAAD8C47D.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: test

[Stefan Claas via Gnupg-users]

David wrote:

> Hello Stefan,
> 
> I mean to say - no keys were found :)

Maybe you have to adjust you settings.

My key is available via WKD or Hagrid.

(P.S. I forgot to insert a Message-ID,
so now threading is not correct.)

Regards
Stefn

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: test

[David]

On 13/07/2019 17:56, Stefan Claas via Gnupg-users wrote:
> Stefan Claas via Gnupg-users wrote:
> 
> David wrote:
> 
 Just testing my e-,ails are getting through :)

 But not signed :) no public key

 David
> 
> And a little reply, to see if my signature verifies properly.
> 
> Step 1. Creating the reply in Notepad++ (offline).
> Step 2. Signing the message (offline).
> Step 3. Adding Headers (offline).
> Step 4. Transfer with CoolTerm to online computer.
> Step 5. Sending the message with openssl.
> 
> Stefan
> 
> Forgot the -quiet command in openssl, hence the error.
> 
> Hope the second try is correct.
> 
> Regards
> Stefan
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 
Hello Stefan,

I mean to say - no keys were found :)

David

-- 
People Should Not Be Afraid Of Their Government - Their Government
Should Be Afraid Of The People - When Injustice Becomes Law, REBELLION
Becomes A DUTY! Join the Rebellion Today! https://gbenet.com



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: test

[David]

On 13/07/2019 17:45, Stefan Claas via Gnupg-users wrote:
> David wrote:
> 
>> Just testing my e-,ails are getting through :)
> 
>> But not signed :) no public key
> 
>> David
> 
> And a little reply, to see if my signature verifies properly.
> 
> Step 1. Creating the reply in Notepad++ (offline).
> Step 2. Signing the message (offline).
> Step 3. Adding Headers (offline).
> Step 4. Transfer with CoolTerm to online computer.
> Step 5. Sending the message with openssl.
> 
> Stefan
> 
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 

Hello Stefan - I copied and pasted your key into a file - then imported
it - but I could not find your public key in my list - you have a very
small public key :)

David


-- 
People Should Not Be Afraid Of Their Government - Their Government
Should Be Afraid Of The People - When Injustice Becomes Law, REBELLION
Becomes A DUTY! Join the Rebellion Today! https://gbenet.com



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: test

[Stefan Claas via Gnupg-users]

Stefan Claas via Gnupg-users wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> David wrote:
> 
> > Just testing my e-,ails are getting through :)
> > 
> > But not signed :) no public key
> > 
> > David
> 
> And a little reply, to see if my signature verifies properly.
> 
> Step 1. Creating the reply in Notepad++ (offline).
> Step 2. Signing the message (offline).
> Step 3. Adding Headers (offline).
> Step 4. Transfer with CoolTerm to online computer.
> Step 5. Sending the message with openssl.
> 
> Stefan
> -BEGIN PGP SIGNATURE-
> 
> iHUEARYIAB0WIQTJPiUt+ztNt+rrhGrY1GSzXhKrdwUCXSn/qwAKCRDY1GSzXhKr
> dzwHAP4pjtOH72H4ZF/WXegsao/oVf7kAVKgl1zWAy2Ypg7PTgD8CtwPDxHoHxKq
> FMf+JEVzkjuigzAhyRvE/1vbnkf5GwA=
> =3gZ2
> -END PGP SIGNATURE-

Forgot the -quiet command in openssl, hence the error.

Hope the second try is correct.

Regards
Stefan

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: test

[Stefan Claas via Gnupg-users]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

David wrote:

> Just testing my e-,ails are getting through :)
> 
> But not signed :) no public key
> 
> David

And a little reply, to see if my signature verifies properly.

Step 1. Creating the reply in Notepad++ (offline).
Step 2. Signing the message (offline).
Step 3. Adding Headers (offline).
Step 4. Transfer with CoolTerm to online computer.
Step 5. Sending the message with openssl.

Regards
Stefan
-BEGIN PGP SIGNATURE-

iHUEARYIAB0WIQTJPiUt+ztNt+rrhGrY1GSzXhKrdwUCXSn/qwAKCRDY1GSzXhKr
dzwHAP4pjtOH72H4ZF/WXegsao/oVf7kAVKgl1zWAy2Ypg7PTgD8CtwPDxHoHxKq
FMf+JEVzkjuigzAhyRvE/1vbnkf5GwA=
=3gZ2
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: test

[Stefan Claas via Gnupg-users]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

David wrote:

> Just testing my e-,ails are getting through :)
> 
> But not signed :) no public key
> 
> David

And a little reply, to see if my signature verifies properly.

Step 1. Creating the reply in Notepad++ (offline).
Step 2. Signing the message (offline).
Step 3. Adding Headers (offline).
Step 4. Transfer with CoolTerm to online computer.
Step 5. Sending the message with openssl.

Stefan
-BEGIN PGP SIGNATURE-

iHUEARYIAB0WIQTJPiUt+ztNt+rrhGrY1GSzXhKrdwUCXSn/qwAKCRDY1GSzXhKr
dzwHAP4pjtOH72H4ZF/WXegsao/oVf7kAVKgl1zWAy2Ypg7PTgD8CtwPDxHoHxKq
FMf+JEVzkjuigzAhyRvE/1vbnkf5GwA=
=3gZ2
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

test

[David]

Just testing my e-,ails are getting through :)

But not signed :) no public key

David

-- 
People Should Not Be Afraid Of Their Government - Their Government
Should Be Afraid Of The People - When Injustice Becomes Law, REBELLION
Becomes A DUTY! Join the Rebellion Today! https://gbenet.com

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Test - Please Ignore

[Stefan Claas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

My reply to Wiktor came not through yet, so let's
see if this message makes it.

Regards
Stefan
-BEGIN PGP SIGNATURE-

iHUEARYIAB0WIQTsFcZEw1lI/LR+FYmaI04LDh8f6AUCXCfYvwAKCRCaI04LDh8f
6I4xAQDz4bG/GayV/Kcb0ZRxo728Ddu9pOnZpf3WpY3MiYxmgQEAw1Pa5bSuFOUq
+hM8HbfzZWehG0dHfkMn/wAc5nTHmwQ=
=i+0A
-END PGP SIGNATURE-
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: test

[Schlacta, Christopher]

Error:  Test failure:  Testing protocol disengaged.

On Mon, Apr 16, 2018 at 9:10 AM, Paul H. Hentze <paul.hen...@posteo.de> wrote:
> test
>
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

test

[Paul H. Hentze]

test

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Test symmetrically encrypted files for errors - make sure they can be decrypted

[Neal H. Walfield]

At Sat, 22 Jul 2017 00:01:45 +0200 (CEST),
<karel-...@tutanota.com> wrote:
> I am using GnuPG 1.4.x to symmetrically encrypt files before I
> transfer them to "the cloud" for backup reasons.
> Is there any way to test these encrypted files for errors, i.e. to
> make sure they can be decrypted correctly without actually having to
> decrypt them again?
> Providing the passphrase again etc. is no problem, I only want to
> avoid to write the whole file to my disk a third time (unencrypted
> original, encrypted backup, decrypted test).
> If I can test the file somehow will I get back an errorlevel on
> success or error?
> In short I am searching for something like the test option for packed
> files that most archivers offer.

Probably the easiest solution is to sign and encrypt, and then verify
the signature.  If the encrypted data is somehow corrupted, then the
signature will be wrong.  This, of course, embeds the signature in the
OpenPGP message, which might not be desired.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Test symmetrically encrypted files for errors - make sure they can be decrypted

[Peter Lebbing]

Hi!

On 22/07/17 00:01, karel-...@tutanota.com wrote:
> In short I am searching for something like the test option for packed
> files that most archivers offer.

I don't know what OS you're using, so the details might differ but this
works for me:

$ gpg --batch -o /dev/null -d test.txt.gpg ; echo $?
gpg: AES encrypted data
gpg: encrypted with 1 passphrase
gpg: WARNING: encrypted message has been manipulated!
2

I deliberately corrupted the file. I say it should decrypt and output to
/dev/null, which on OS'es which have a /dev/null means "discard the
output". With an uncorrupted file, the exit status is 0, but here it is
2. Any non-interactive use should carry the --batch parameter so GnuPG
knows it's not currently talking to a human, and it should specify the
command (-d).

Alternatively, you could parse the status fd. The best way to
programmatically interact with GnuPG is through GPGME, but my gut
feeling says that for this really limited case, --status-fd is good
enough and cleaner than just relying on exit status. Perhaps exit status
is already good enough as long as data is not signed (which would
influence exit status), I'm not sure.

$ gpg --status-fd 3 --batch -o /dev/null -d test.txt.gpg 3>&1
1>/dev/null 2>&1
[GNUPG:] NEED_PASSPHRASE_SYM 7 3 2
[GNUPG:] BEGIN_DECRYPTION
[GNUPG:] DECRYPTION_INFO 2 7
[GNUPG:] PLAINTEXT 62 1500889574 test.txt
[GNUPG:] PLAINTEXT_LENGTH 4
[GNUPG:] BADMDC
[GNUPG:] DECRYPTION_FAILED
[GNUPG:] END_DECRYPTION

I'm just keeping what is printed on FD 3 here, be gone with all the
other cruft. What you actually want is a line that says DECRYPTION_OKAY.
If you parse the status-fd output for that line, I'd say you can be
pretty sure that the file is okay. Don't rely on the opposite
(DECRYPTION_FAILED); you want positive confirmation the file is OKAY, so
that's what you should check.

The only way to verify correctness of every byte of data is to decrypt
it; only then can the Modification Detection Code be computed and
verified. But there is no need to write the decrypted data to disk, as I
demonstrated.

HTH,

Peter.

Disclaimer: I don't usually script GnuPG, I might be forgetting about
something important like --batch (which I did remember).

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Test symmetrically encrypted files for errors - make sure they can be decrypted

[karel-v_g]

Hello!I am using GnuPG 1.4.x to symmetrically encrypt files before I transfer 
them to "the cloud" for backup reasons.Is there any way to test these encrypted 
files for errors, i.e. to make sure they can be decrypted correctly without 
actually having to decrypt them again?Providing the passphrase again etc. is no 
problem, I only want to avoid to write the whole file to my disk a third time 
(unencrypted original, encrypted backup, decrypted test).If I can test the file 
somehow will I get back an errorlevel on success or error?In short I am 
searching for something like the test option for packed files that most 
archivers offer.Thanks Karel___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Don't send encrypted messages to random users to test your gpg

[MFPA]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi


On Monday 29 May 2017 at 2:18:18 PM, in
, Marcus
Brinkmann via Gnupg-users wrote:-


> For people who want to communicate with other people
> rather than bots,
> there is also this:

> https://www.reddit.com/r/GPGpractice/
> https://www.reddit.com/r/publickeyexchange/


And there is PGPNET 
which is an encrypted discussion group - members send messages signed
and encrypted to all the members). You subscribe by emailing
 and replying to the email yahoo
sends you (unless you want to join with a Yahoo ID). For new members,
Yahoo's group emails default to a heavily HTML-polluted format that
does not play nice with pgp-inline encrypted messages, but once you
have joined an email to  removes
this silliness.

- --
Best regards

MFPA  

Another person's secret is like another person's money:
you are not as careful with it as you are with your own
-BEGIN PGP SIGNATURE-

iNUEARYKAH0WIQQzrO1O6RNO695qhQYXErxGGvd45AUCWSw0OF8UgAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNB
Q0VENEVFOTEzNEVFQkRFNkE4NTA2MTcxMkJDNDYxQUY3NzhFNAAKCRAXErxGGvd4
5KZWAP98nqevY0/tF8hQ9cia6R+LSwaiMXi2uzCxYZw77waH1wD/T/8GV35GIEV5
Re34sTAb/MBxjUO66et2czullKkXhwmJAZMEAQEKAH0WIQSzrn7KmoyLMCaloPVr
fHTOsx8l8AUCWSw0OF8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0QjNBRTdFQ0E5QThDOEIzMDI2QTVBMEY1NkI3
Qzc0Q0VCMzFGMjVGMAAKCRBrfHTOsx8l8GxzB/wNZcrYXw87HL4Go4WV2VpRj+0r
3la5F+ORShvAv6IE7U+oQaIB4vbdRbd/oCzhrvTVwexkM2mScvAagFgQqrnkZCyk
BMHscHB5ARYvjH3ibc1FVNSH0hdPFpdXNTmzFQ3fBSjrpuGU8SXzFvpCj8X4nK7I
7iWAWLiCx6h5Y3kUVbF6YeSaEOCVKna4zkAb+pv3POe+XDSDG8xaoys5sHcqc6ej
yIOwufCjgQRks8t2VfZBvA23c4NJKw9JF/nj/x5z6FptqbQeTsYDI6BqdZmDmSxV
EZwzy9UIUssriMkkQejEkiRyjwVCqQqXePI9tXgkdv5gGcrb8BsN7m2rt/8p
=H+D/
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Don't send encrypted messages to random users to test your gpg

[Marcus Brinkmann via Gnupg-users]

For people who want to communicate with other people rather than bots,
there is also this:

https://www.reddit.com/r/GPGpractice/
https://www.reddit.com/r/publickeyexchange/

On 05/29/2017 01:00 PM, Duane Whitty wrote:
> Hi list,
> 
> When I checked my email this morning I had an encrypted message from
> someone I didn't know and had never heard of signed with a signature for
> which no public key was available.
> 
> When I saw the email with a subject "test, test, hello" (or something to
> that effect" I decided not to let Thunderbird/Enigmail process it but
> rather I copy and pasted the cypher text into a file and used the
> command line to look at it..
> 
> The message and relevant gpg output was:
> 
> "Subject: test, test - hello
> 
> hey, i hope you don't mind - I just wanted to test using GPG and I
> picked you at random."
> 
> gpg: Signature made Mon 29 May 2017 02:59:23 AM ADT
> gpg:using RSA key (deleting for email to list)
> gpg: Can't check signature: No public key"
> 
> To the person who sent me this my reply is that yes I do mind.  I tend
> to believe no harm is intended and I'm not terribly upset over it but I
> consider it to be bad Internet etiquette.  It would be only a little
> more acceptable if you had published your public key so that the
> signature you used to sign with could at least be verified.
> 
> Having hashed that out welcome to the community :-)
> 
> To test your setup try this link, https://emailselfdefense.fsf.org/en/
> I haven't used it myself but unless someone from the list knows why it
> shouldn't be used it should fine.
> 
> I also highly recommend reading https://www.gnupg.org/faq/gnupg-faq.html
> 
> The above links are just to get started.  Happy pgp'ing
> 
> Best Regards,
> Duane
> 
> 
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Don't send encrypted messages to random users to test your gpg

[Duane Whitty]

Hi list,

When I checked my email this morning I had an encrypted message from
someone I didn't know and had never heard of signed with a signature for
which no public key was available.

When I saw the email with a subject "test, test, hello" (or something to
that effect" I decided not to let Thunderbird/Enigmail process it but
rather I copy and pasted the cypher text into a file and used the
command line to look at it..

The message and relevant gpg output was:

"Subject: test, test - hello

hey, i hope you don't mind - I just wanted to test using GPG and I
picked you at random."

gpg: Signature made Mon 29 May 2017 02:59:23 AM ADT
gpg:using RSA key (deleting for email to list)
gpg: Can't check signature: No public key"

To the person who sent me this my reply is that yes I do mind.  I tend
to believe no harm is intended and I'm not terribly upset over it but I
consider it to be bad Internet etiquette.  It would be only a little
more acceptable if you had published your public key so that the
signature you used to sign with could at least be verified.

Having hashed that out welcome to the community :-)

To test your setup try this link, https://emailselfdefense.fsf.org/en/
I haven't used it myself but unless someone from the list knows why it
shouldn't be used it should fine.

I also highly recommend reading https://www.gnupg.org/faq/gnupg-faq.html

The above links are just to get started.  Happy pgp'ing

Best Regards,
Duane

-- 
Duane Whitty
du...@nofroth.com



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: ADMIN: Some mail addresses are now rewritten (was: Test mail from Outlook)

[antony]

On March 11, 2017 12:27:25 PM EST, Werner Koch  wrote:

>The reason for this is that some mail sites now have a DMARC reject
>policy which leads to a bounce for all subscribers whose mail provider
>honors this DMARC policy - for example gmail.  After a few bounces
>message delivery to those subscribers will blocked by our Mailman.

I noticed I was having issues with mail from mailing lists when I specified a 
DMARC reject policy for my domain, so I ended up changing it to unspecified for 
the time being to allow the receiver to decide how to deal with a DMARC 
failure. Not ideal, but DMARC (and DKIM signing for that matter) and mailing 
lists don't play nice together.


-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Test mail from Outlook

[Julian H. Stacey]

> Just a simple test message as asked by Werner to test something…

List owner[s] could ask for test@ lists to be added on domains:
http://lists.gnupg.org/mailman/listinfo/   # gnupg-users@gnupg.org
https://mail.python.org/mailman/listinfo/  # mailman-us...@python.org
Examples of domains with test lists:
https://lists.freebsd.org/mailman/listinfo/freebsd-test
http://mailman.berklix.org/mailman/listinfo/test

Cheers,
Julian
-- 
Julian Stacey, BSD Linux Unix Sys Eng Consultant Munich
 Reply below, Prefix '> '. Plain text, No .doc, base64, HTML, quoted-printable.
 http://berklix.eu/brexit/#stolen_votes  http://berklix.eu/brexit/#eu_passports

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

ADMIN: Some mail addresses are now rewritten (was: Test mail from Outlook)

[Werner Koch]

Hi!

You may have noted that the From address has been rewritten to show the
list address instead of your address.  In addition a reply-to header has
been set so that your address is also known. 

The reason for this is that some mail sites now have a DMARC reject
policy which leads to a bounce for all subscribers whose mail provider
honors this DMARC policy - for example gmail.  After a few bounces
message delivery to those subscribers will blocked by our Mailman.

I have meanwhile unblocked all those addresses but the mails since
Thursday or Friday have not been delivered to the affected accounts.

The mitigation is to either use the list address as From: address or a
modify the From: address to make it invalid (e.g. append the reserved
domain "invalid").  Mailman offers the first option and that is what is
now in use for every poster which an address where a reject policy is
is advertised.

The problem with this rewriting is that it breaks quoting.  For example
here is how I would have replied to Jeff's test mail:

  On Sat, 11 Mar 2017 15:02, gnupg-users@gnupg.org said:
  
  > Just a simple test message as asked by Werner to test something…
  
  Thank you.

Thus I think marking the address invalid would have been a better choice
for Mailman - but there is no option for this yet.


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpreAQXmHFgM.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Test mail from Outlook

[Jeffrey Stedfast via Gnupg-users]

Just a simple test message as asked by Werner to test something…

Jeff


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Test Mail

[Brian Minton]

On 01/05/2017 12:35 AM, Roger wrote:
> Test mail to mailing list testing GNUPG signing, appearance and hopefully 
> conforming to mailing list standards.

I received your post to the list.  I also verified a good signature.





signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Test Mail

[Roger]

> On Thu, Jan 05, 2017 at 11:11:13PM +0100, Ingo Kl?cker wrote:
>On Thursday 05 January 2017 15:56:18 Roger wrote:
>> Great.  However I had no idea my mailing list post finally made it to
>> the mailing list, as the mailing list did not send a copy of my post;
>> even though this option is activated within the mailing list
>> settings.
>
>As others have pointed out in the past, that's due to Google thinking 
>that they know better than you how you want your email to be handled. 
>Gmail discards the copies of your own posts received from the mailing 
>list because those posts are already in your sent-mail folder.
>

Yup.  Sure enough, changing from the currently viewed default INBOX folder to 
the GMail/"All Mail" folder reveals my posted emails to the list.  Only took me 
2-4+ years to figure this one out.



signature.asc
Description: Digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Test Mail

[Ingo Klöcker]

On Thursday 05 January 2017 15:56:18 Roger wrote:
> Great.  However I had no idea my mailing list post finally made it to
> the mailing list, as the mailing list did not send a copy of my post;
> even though this option is activated within the mailing list
> settings.

As others have pointed out in the past, that's due to Google thinking 
that they know better than you how you want your email to be handled. 
Gmail discards the copies of your own posts received from the mailing 
list because those posts are already in your sent-mail folder.


Regards,
Ingo


signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Test Mail

[Roger]

Great.  However I had no idea my mailing list post finally made it to the 
mailing list, as the mailing list did not send a copy of my post; even though 
this option is activated within the mailing list settings.  (I see similar 
activity on other mailing lists, with some merrily returning a notice the 
poster's email made it to the mailing list.)

Veiwing this email online, the GNUPG signature looks in similar format to 
others' emails with the signature with email addresses removed or stripped.  
...looks good to me.

> On Thu, Jan 05, 2017 at 12:33:30PM -0500, Ahmad wrote:
>Got it... 
>
>Sent from my iPhone
>
>> On Jan 5, 2017, at 12:35 AM, Roger <rogerx@gmail.com> wrote:
>> 
>> Test mail to mailing list testing GNUPG signing, appearance and hopefully 
>> conforming to mailing list standards.
>> 
>> -- 
>> Roger
>> http://rogerx.freeshell.org/
>> ___
>> Gnupg-users mailing list
>> Gnupg-users@gnupg.org
>> http://lists.gnupg.org/mailman/listinfo/gnupg-users



signature.asc
Description: Digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Test Mail

[Roger]

Test mail to mailing list testing GNUPG signing, appearance and hopefully 
conforming to mailing list standards.

-- 
Roger
http://rogerx.freeshell.org/


signature.asc
Description: Digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: What is a reliable way to backup/restore my keys and test?

[Werner Koch]

On Wed, 14 Sep 2016 17:10, du...@nofroth.com said:

> Once I have completed my OS upgrade how do I restore my keys and the
> trust levels assigned to them?

If you restore the backup of ~/.gnupg (with all sub directories) with
the right permissions (tar xpf) you should be done.  GnuPGnstores all
its data in a mahinve independet format and thus a copy of the directory
works on all platforms.

For cleanness, you may not want to exclude ~/.gnupg/random_seed from the
backup or delete that file from the target box after restoring.

> I use Thunderbird/Enigmail which is using gpg2 but I originally
> created my key pair using gpg 1.4.  Does this have any ramifications?

No.  If you start using gnupg 2.1 the secret keys will be automatically
migrated to the new format (the old secring.gpg will be kept but not
used by 2.1).


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgp8Mxax03ZwI.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: What is a reliable way to backup/restore my keys and test?

[Robert J. Hansen]

> Does exporting local signatures make it somehow more likely they might be
> accidentally sent to a keyserver?

No.



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: What is a reliable way to backup/restore my keys and test?

[MFPA]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



On Thursday 15 September 2016 at 3:32:22 PM, in
, Robert J.
Hansen wrote:-

> But I agree with Daniel that it's important to include those
> options if you have local signatures on your keyring.

Does exporting local signatures make it somehow more likely they might
be accidentally sent to a keyserver?

And if they are accidentally sent to a keyserver, does the keyserver
strip them because they are marked as non-exportable?


- --
Best regards

MFPA  

I think not, said Descartes, and promptly disappeared
-BEGIN PGP SIGNATURE-

iQF8BAEBCgBmBQJX2vdSXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwEDwH/1hJnVhqT5tUlw7t5O7WUihC
QQil5xxKSrgQ29x769F9l9TTh9KG/oCTWJuRbZEFMyTzenV2BImEo5xX6ESzsP4r
cOmeKCXMFylSZb7kDVybvs9IlYGz6tC8JMYcmoQ4H5dpYzwPhQ15J0mk17cyaetv
Hl8ArSNfWIVi7G+98P1miphbIVwAR4jj+UEt1fYuaBT1Ad+DRo0ST5bkrNhRbkp5
WyQnNN6EYtAmlZ7r1GygxCyE9NbUgYAS6FUGe4+RHi/A1zRBnXd1W/PYZH/kQ2ez
H2odXrkziKh/Ak8JA9gFz3h2AL1s1tCd2Lk751tzJ5jYBRhyxnBOUH87nMhui0aI
vgQBFgoAZgUCV9r3Yl8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45N9QAQCNsyoieFo7UGa7g9GJVtfA+2V+
tQKe5KRfvvylM9dk0wEArqjxpyoEtwQsOZB20qYHGJfQD1rR3gNtn3i4RtsYWw4=
=Up9A
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: What is a reliable way to backup/restore my keys and test?

[Robert J. Hansen]

> I am unable to find any references in man to export-local in
> - --export-options except for export-local-sigs.  Maybe this is an
> undocumented parameter to the --export-options option?  What is it
> supposed to do?

--export-local is the same as --export-local-sigs.  Likewise with
--import-local.

I don't use local signatures myself, which is why my process skips those.
But I agree with Daniel that it's important to include those options if you
have local signatures on your keyring.



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: What is a reliable way to backup/restore my keys and test?

[Duane Whitty]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256



On 16-09-14 05:24 PM, Daniel Kahn Gillmor wrote:
> Thanks for the very thorough walk-through, Robert.
> 
> Perhaps GnuPG ought to produce some kind of interchangeable backup 
> automatically on its own that it can re-consume, so this kind of 
> involved process isn't necessary.
> 
> A couple notes below:
> 
> On Wed 2016-09-14 15:01:47 -0400, Robert J. Hansen wrote:
>> The following is the procedure I use on UNIX systems:
>> 
>> First, export all public certificates into a public keyring:
>> 
>> $ gpg --armor --export > pub.asc
>> 
>> Second, export all secret certificates into a secret keyring:
>> 
>> $ gpg --armor --export-secret-keys > priv.asc
> 
> the above two steps should include the arguments "--export-options 
> export-local" just before "--export".
> 
I am unable to find any references in man to export-local in
- --export-options except for export-local-sigs.  Maybe this is an
undocumented parameter to the --export-options option?  What is it
supposed to do?

>> Import your secret certificates:
>> 
>> $ gpg --import < priv.asc
>> 
>> Import your public certificates:
>> 
>> $ gpg --import < pub.asc
> 
> 
> The above two steps should include the arguments "--import-options 
> import-local" just before "--import".
> 
Same here, can't find the parameter import-local, just import-local-sigs

> 
> hth,
> 
> --dkg
> 

Best Regards,
Duane

- -- 
Duane Whitty
du...@nofroth.com
-BEGIN PGP SIGNATURE-

iQEcBAEBCAAGBQJX2q4aAAoJEOJfpr8UVxtkYKQIAJXXOW0XXwa8em36YjkyzGY3
bz2QpikFEe6b4mBvEE6IUy/DR7//fy4WnA3SZCUP2JbKrdRUFJGStgirmH1uMcby
TLBslsAh3tdmQ7ryrLKISZDqLIDhXcuSnKIjgaH01a6/JqNVK3Ig/HMo4wwQ4idU
HeOc7+5bzD/JSwbaACh/oPtiDglFmRrwr0JD/QjRvWfAJkctIJzFpMiM5JtwKn5M
4sKo9Q7sCd7CupL115gqjBDyrCH/O8QDqrFtBn628KIQmUp0nBY1Pqew2jWSzOpj
BFZAq/bh8SwAYhctSPnqm7y5Wz/06LANcrXHd9Tifaypo2xZXpTcklb9SkjBgw4=
=0hD0
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: What is a reliable way to backup/restore my keys and test?

[Duane Whitty]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256



On 16-09-14 04:01 PM, Robert J. Hansen wrote:
>> I am relatively new to GNUPG so my apologies in advance if this
>> question
> is
>> trivial.
> 
> Welcome!  And your question is not trivial.
> 
> The following is the procedure I use on UNIX systems:
> 
> First, export all public certificates into a public keyring:
> 
> $ gpg --armor --export > pub.asc
> 
> Second, export all secret certificates into a secret keyring:
> 
> $ gpg --armor --export-secret-keys > priv.asc
> 
> Third, export ownertrust values and save those:
> 
> $ gpg --armor --export-ownertrust > trust.asc
> 
> Fourth, copy all the *.conf files in ~/.gnupg into your current
> directory:
> 
> $ cp ~/.gnupg/*.conf .
> 
> Fifth,  put these, and all your GnuPG .conf files, all into a
> single archive:
> 
> $ tar cJf gpg-backup.txz pub.asc priv.asc trust.asc *.conf
> 
> Copy gpg-backup.txz to the new machine.  Once you've done that,
> uncompress it on the new machine:
> 
> $ tar xJf gpg-backup.txz
> 
> Import your secret certificates:
> 
> $ gpg --import < priv.asc
> 
> Import your public certificates:
> 
> $ gpg --import < pub.asc
> 
> Import your ownertrust values:
> 
> $ gpg --import-ownertrust < trust.asc
> 
> Make sure your ~/.gnupg directory exists.  If it doesn't, run gpg
> with no arguments and hit Ctrl-C to break out of it.
> 
> $ gpg
> 
> Copy your .conf files into ~/.gnupg:
> 
> $ cp *.conf ~/.gnupg
> 
> ... And at that point you should be done.  This technique should
> work regardless of whether you're migrating from 1.4 to 2.0, 1.4 to
> 2.1, 2.0 to 1.4, 2.0 to 2.1, 2.1 to 2.0, or 2.1 to 1.4.  No matter
> which you're doing, you're covered.
> 
>> I've just copied my .gnupg directory to a usb key as a backup
>> measure,
> which
>> I found as a method (more or less) on 
>> http://www.glump.net/content/gpg_intro/.
> 
> It's a good idea to not copy the random_seed file.  PRNG states
> should not be shared between computers.
> 
>> How can I make sure my private key and trust assignments were
>> copied
> properly?
> 
> Follow the above process and they will be.  Your private
> certificates were exported, as were the trust assignments.
> 
>> Once I have completed my OS upgrade how do I restore my keys and
>> the trust levels assigned to them?
> 
> See the above process.
> 
>> I use Thunderbird/Enigmail which is using gpg2 but I originally
>> created my
> key
>> pair using gpg 1.4.  Does this have any ramifications?
> 
> None.
> 
> 

Thanks for the detailed walk-through, Robert.  Much appreciated!

Best Regards,
Duane

- -- 
Duane Whitty
du...@nofroth.com
-BEGIN PGP SIGNATURE-

iQEcBAEBCAAGBQJX2qv1AAoJEOJfpr8UVxtkNEQH/iImTGTQNomSipe0B2yccLMd
I1OKbeAIP59sORzC8UegelhtH4k1F9WZRVZUjRXfeEY4jWK5GX1pSsZbSIuDZGL/
0qHS63nrLm5qbSD7VSEzEmadHCVATkChYFBUGdPP2i1fCWjU1cWlJrNQxAohBZHr
ZUC/zh8BsXzIAbtLnb6zRgQ8lxgxLZzozLprwn5eGfnTBsC7GtSO/sjSQgC2hVpn
rRTviX3TNapt3DlnY4MtM/NNUOdWKeCGp+DkZBXiem1KDkIr+cfnuUY8+N/oJtfo
SlgJ3LrLS6I/w8eQ4Ru+qBK4qal28OChrO8fbtX+BY+4H8cdXjrsjqk7MpQZtEM=
=qOtt
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: What is a reliable way to backup/restore my keys and test?

[murphy]

Also how to handle the tofu.db?  A quick check doesn't find any
--import-tofu or --export-tofu options.  Does a simple backup and
transfer of tofu.db suffice?  --Murphy



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: What is a reliable way to backup/restore my keys and test?

[Piotr Chmielnicki]

On 09/14/2016 06:31 PM, Thomas Glanzmann wrote:
> Hello Duane,
>
>> How can I make sure my private key and trust assignments were copied
>> properly?
> for me in the past taking a backup of .gnupg was sufficient. However you
> can also export your secret key using:
>
> gpg --export-secret-keys -a  > secret.asc
>
> And the manual trust assignments by doing:
>
> gpg --export-ownertrust > ownertrust.txt
>
> Cheers,
> Thomas
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
You also migth want to take a look at --export-options in the gpg man page.

Piotr Chmielnicki
@piotrcki

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: What is a reliable way to backup/restore my keys and test?

[Daniel Kahn Gillmor]

Thanks for the very thorough walk-through, Robert.

Perhaps GnuPG ought to produce some kind of interchangeable backup
automatically on its own that it can re-consume, so this kind of
involved process isn't necessary.

A couple notes below:

On Wed 2016-09-14 15:01:47 -0400, Robert J. Hansen wrote:
> The following is the procedure I use on UNIX systems:
>
> First, export all public certificates into a public keyring:
>
>   $ gpg --armor --export > pub.asc
>
> Second, export all secret certificates into a secret keyring:
>
>   $ gpg --armor --export-secret-keys > priv.asc

the above two steps should include the arguments "--export-options
export-local" just before "--export".

> Import your secret certificates:
>
>   $ gpg --import < priv.asc
>
> Import your public certificates:
>
>   $ gpg --import < pub.asc


The above two steps should include the arguments "--import-options
import-local" just before "--import".


hth,

--dkg


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: What is a reliable way to backup/restore my keys and test?

[Robert J. Hansen]

> I am relatively new to GNUPG so my apologies in advance if this question
is
> trivial.

Welcome!  And your question is not trivial.

The following is the procedure I use on UNIX systems:

First, export all public certificates into a public keyring:

$ gpg --armor --export > pub.asc

Second, export all secret certificates into a secret keyring:

$ gpg --armor --export-secret-keys > priv.asc

Third, export ownertrust values and save those:

$ gpg --armor --export-ownertrust > trust.asc

Fourth, copy all the *.conf files in ~/.gnupg into your current directory:

$ cp ~/.gnupg/*.conf .

Fifth,  put these, and all your GnuPG .conf files, all into a single
archive:

$ tar cJf gpg-backup.txz pub.asc priv.asc trust.asc *.conf

Copy gpg-backup.txz to the new machine.  Once you've done that, uncompress
it on the new machine:

$ tar xJf gpg-backup.txz

Import your secret certificates:

$ gpg --import < priv.asc

Import your public certificates:

$ gpg --import < pub.asc

Import your ownertrust values:

$ gpg --import-ownertrust < trust.asc

Make sure your ~/.gnupg directory exists.  If it doesn't, run gpg with no
arguments and hit Ctrl-C to break out of it.

$ gpg

Copy your .conf files into ~/.gnupg:

$ cp *.conf ~/.gnupg

... And at that point you should be done.  This technique should work
regardless of whether you're migrating from 1.4 to 2.0, 1.4 to 2.1, 2.0 to
1.4, 2.0 to 2.1, 2.1 to 2.0, or 2.1 to 1.4.  No matter which you're doing,
you're covered.

> I've just copied my .gnupg directory to a usb key as a backup measure,
which
> I found as a method (more or less) on
> http://www.glump.net/content/gpg_intro/.

It's a good idea to not copy the random_seed file.  PRNG states should not
be shared between computers.

> How can I make sure my private key and trust assignments were copied
properly?

Follow the above process and they will be.  Your private certificates were
exported, as were the trust assignments.

> Once I have completed my OS upgrade how do I restore my keys and the
> trust levels assigned to them?

See the above process.

> I use Thunderbird/Enigmail which is using gpg2 but I originally created my
key
> pair using gpg 1.4.  Does this have any ramifications?

None.



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: What is a reliable way to backup/restore my keys and test?

[Thomas Glanzmann]

Hello Duane,

> How can I make sure my private key and trust assignments were copied
> properly?

for me in the past taking a backup of .gnupg was sufficient. However you
can also export your secret key using:

gpg --export-secret-keys -a  > secret.asc

And the manual trust assignments by doing:

gpg --export-ownertrust > ownertrust.txt

Cheers,
Thomas

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

What is a reliable way to backup/restore my keys and test?

[Duane Whitty]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hello,

I am relatively new to GNUPG so my apologies in advance if this
question is trivial.  I have been following the list and have seen
discussions of how to fix problems regarding backing up and restoring
of keys but I have not seen anything on how to do it properly to begin
with.

I've just copied my .gnupg directory to a usb key as a backup measure,
which I found as a method (more or less) on
http://www.glump.net/content/gpg_intro/.  I am planning on upgrading
my OS and I need to test this backup.  How can I make sure my private
key and trust assignments were copied properly?

Once I have completed my OS upgrade how do I restore my keys and the
trust levels assigned to them?

I use Thunderbird/Enigmail which is using gpg2 but I originally
created my key pair using gpg 1.4.  Does this have any ramifications?

$ uname -a
Linux XXX 4.2.0-38-generic #45~14.04.1-Ubuntu SMP Thu Jun 9 09:28:50
UTC 2016 i686 i686 i686 GNU/Linux

$ /usr/bin/gpg --version
gpg (GnuPG) 1.4.16
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

$ /usr/bin/gpg2 --version
gpg (GnuPG) 2.0.22
libgcrypt 1.5.3
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ?, ?
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Thunderbird 38.8.0

I hope this provides the required information.  Please let me know if
I should include something else.

Best Regards,
Duane

- -- 
Duane Whitty
du...@nofroth.com
-BEGIN PGP SIGNATURE-

iQEcBAEBCAAGBQJX2WhlAAoJEOJfpr8UVxtkQ/sH/jZm9A0C927WXrEk68jk6+KF
Dj3M0KzOqjtb1h6VJJOPWxbbqRFwgnrksnn/Le8CBT0THwobbMd9wdlmT4PRBL6o
K0u1ir0bG5HwghYmzH7/nUmVio1c4s7SO8LfxzAW5AzaheTrcRaaCmspoP4fFXo+
eVbegU0RVt0Om9iXIxb8C/Ti1vmNmzT2SYrUraTUMsFYF5bqi1lE+TUhWO3Bi55z
kzLqFIVaSq6PfncmdSLzeUEy/4PG3aRRM1VC23jCqeUWUm6Ch2EO7nlWAWJIQqjF
xujHiMJzqckufNIC4f6wYSUeuiqGzt32Cj0FNkS8CK8TCeimwQkFaWbooGcwjAQ=
=njvq
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: OpenPGP understanding test (now in English)

[Hauke Laging]

Am Di 07.10.2014, 02:01:37 schrieb Hauke Laging:

 The first version is for beginners and in German only. Translating
 that should not be too much work thus I will probably make an English
 version myself (if noone else does before me).

And there it is:

http://www.openpgp-courses.org/comprehension-test/

I hope many of you find that useful (for new users, not for yourselves).


Hauke
-- 
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5


signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

OpenPGP understanding test (German)

[Hauke Laging]

Hello,

a few days ago at a Cryptoparty I noticed that it is not only important 
to teach people. Determining how much they have understood is important, 
too. After all, the overall security you get from real world crypto is 
technical in nature only in a minority share. More important is that you 
know what you are doing.

Thus there should be online tests which allow people on different levels 
of knowlege (beginners, experienced users) to find out how much they 
have really understood.

As I am not aware of something like that I did it myself:

http://www.openpgp-schulungen.de/verstaendnistest/

The first version is for beginners and in German only. Translating that 
should not be too much work thus I will probably make an English version 
myself (if noone else does before me). But maybe someone here likes the 
idea and does something like that for another language (if so then I 
would like to be noticed so that I can set a link to the other 
versions).

The Germans here may find it useful if they teach others how to use 
OpenPGP. I am interested in the experiences you gain with it (for 
improving the test).


Hauke
-- 
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5


signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signed message test

[Chris]

I sent myself a post and signed it. The icon for the signed message
stays red (I seem to remember on my old Mandriva box it would be green
if valid). Clicking the icon the output shows:

gpg: using character set `utf-8'
gpg: armor: BEGIN PGP SIGNATURE
Version: GnuPG v2.0.22 (GNU/Linux)
:signature packet: algo 17, keyid E372A7DA98E6705C
version 4, created 1412384205, md5len 0, sigclass 0x00
digest algo 2, begin of digest 52 ba
hashed subpkt 2 len 4 (sig created 2014-10-04)
subpkt 16 len 8 (issuer key ID E372A7DA98E6705C)
data: [158 bits]
data: [159 bits]
gpg: armor header: 
gpg: Signature made Fri 03 Oct 2014 07:56:45 PM CDT using DSA key ID
98E6705C
gpg: using PGP trust model
gpg: key 98E6705C: accepted as trusted key
gpg: Good signature from Chris Pollock (New email address as of
04/21/07) cpoll...@embarqmail.com
gpg: aka Chris Pollock cpoll...@earthlink.net
gpg: binary signature, digest algorithm SHA1

I'm still trying to work out glitches in this new Ubuntu install and I'm
wondering if this is an issue with my setup or with Evolution.

Thanks in advance for any advice

Chris

-- 
Chris
KeyID 0xE372A7DA98E6705C
31.11°N 97.89°W (Elev. 1092 ft)
20:25:32 up 3 days, 4:41, 2 users, load average: 0.10, 0.17, 0.20
Ubuntu 14.04.1 LTS, kernel 3.13.0-37-generic


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG 2.1.0-beta442: t-timestuff.c:118: test 17 failed

[Werner Koch]

On Tue, 24 Jun 2014 04:38, ca+gn...@esmtp.org said:

 This patch (hack?) fixes it for me (local timezone is PDT).

I changed the test to use timegm and only if that is missing I use this
patch.

Thanks,

  Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

GnuPG 2.1.0-beta442: t-timestuff.c:118: test 17 failed

[Claus Assmann]

On OpenBSD 5.3 i386 one test fails:
t-timestuff.c:118: test 17 failed
FAIL: t-timestuff

This patch (hack?) fixes it for me (local timezone is PDT).

--- t-timestuff.c-  Mon Jun 23 19:33:25 2014
+++ t-timestuff.c   Mon Jun 23 19:33:38 2014
@@ -146,6 +146,7 @@
   (void)argc;
   (void)argv;
 
+  setenv(TZ, UTC, 1); tzset();
   test_timegm ();
 
   return 0;

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

building a pgp mime test suite

[Tim Prepscius]

Greetings,

So, I'm slowly building a test suite of pgp mime for:
https://github.com/timprepscius/mv

If you'd like to help out, please send a mail
(encrypted/signed/signed+encrypted/html/just-text/attachment/etc,etc/whatever-you-would-like)
to:

g...@pmx.mooo.com

g's public key is:
http://pastebin.com/raw.php?i=rW3qmbnE


If you'd like your mail to be put in a public set of
mails+known-pgp-public-keys, (for other people besides me to test
pgp-mime), please indicate in the body of your mail, else I will test
with it only privately.

If you have any problems sending mail to g, let me know, I'm using
postfix with the default configuration, perhaps it needs to be
tweaked.

I would appreciate any help.

Thanks,

-tim

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

test suite of pgp mime messages

[Tim Prepscius]

Is there a test suite of pgp mime messages somewhere in the source code?

-tim

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Team Speak USA Test

[Henry Hertz Hobbit]

It looks like the initial guess (not my guess) is correct as my
test shows (message from TeamSpeaK USA to me)

http://www.securemecca.com/tmp/TeamSpeakUSA-Direct.txt
http://www.securemecca.com/tmp/TeamSpeakUSA-Msg.txt

Setting up a system like this which can spam a mailing list is
an abuse.  Whether it is accidental or intentional remains to be
seen.  It may be wise to not send until the spam issue can be
resolved.

HHH
-- 
Gnome 3, Ubuntu Unity, Windows 8 - poor iPhone GUI on Desktop.
Thinking has been suspended indefinitely.
Anybody caught thinking will be immediately shot!



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Aw: Re: GpgEX for 64 bit Windows test version

[Werner Koch]

On Mon, 15 Jul 2013 19:51, jo...@netpage.dk said:
 I have the same problem on my german 64bit Windows 8 with Version 2.2.0-beta31

Are you shure that you are using the new version; i.e. did you reboot
your machine?


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Aw: Re: GpgEX for 64 bit Windows test version

[Werner Koch]

On Tue, 16 Jul 2013 10:28, jo...@netpage.dk said:
 Yes I am sure. I even uninstalled it completely right now, rebooted
 and then reinstalled!

Thanks.  Well, there is a problem we need to figure out.

Using my Windows versions (no Windows8 here right now), I can't
replicate the problem.  Thus I build debug versions for Andre who then
tested the fix confirmed that the fix is correct.  The last step was to
remove the debug output and use this updated fix.  Something might have
gone wrong during the build process - we need to check.

 Strangely, the gibberish now changed somehow (it is shorter now), but

That is expected without the fix.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GpgEX for 64 bit Windows test version

[Werner Koch]

On Tue, 16 Jul 2013 12:09, w...@gnupg.org said:

 remove the debug output and use this updated fix.  Something might have
 gone wrong during the build process - we need to check.

We figured out what has gone wrong:  The problem affects only the 64
bit version of gpgex.  The gpg4win installer uses some extra code to
build 64 bit versions of some packages.  The build process consists of

   - unpack the source
   - apply patches
   - run configure
   - run make
   - stow the results

Patches are taken from a patches/PACKAGENAME-VERSION/ directory.  For 64
bit the patches are taken from patches/PACKAGENAME-VERSION-ex/
directory.  I was not aware of that separate directory and put my fix
only into the 32 bit patch directory.  Thus the 64 bit version was build
without the fix.

Given that there is currently no need for separate 64 and 32 bit
patches, we will now change this to use only one patch directory.

A new Beta version will be released in a few hours.

Thanks for beta testing.


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Aw: Re: GpgEX for 64 bit Windows test version

[Werner Koch]

On Fri, 12 Jul 2013 09:46, fisch@gmx.de said:

 good point and thanks for this hint. Will try to use the
 gpg4win-light-2.1.2-beta20.exe and let you know when i still have this

Actually there is a bug I am currently fixing.  We will release a new
beta in a few hours.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Aw: Re: GpgEX for 64 bit Windows test version

[Josef Schneider]

I have the same problem on my german 64bit Windows 8 with Version 2.2.0-beta31

Mit freundlichen Grüßen,
Josef Schneider


On Mon, Jul 15, 2013 at 3:02 PM, Werner Koch w...@gnupg.org wrote:
 On Fri, 12 Jul 2013 09:46, fisch@gmx.de said:

 good point and thanks for this hint. Will try to use the
 gpg4win-light-2.1.2-beta20.exe and let you know when i still have this

 Actually there is a bug I am currently fixing.  We will release a new
 beta in a few hours.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Aw: Re: GpgEX for 64 bit Windows test version

[Chris]

Hi,

 That might be the cause for the problem.  The translations (*.mo) files
 from the old installer may not match the newer gettext version as used
 by gpgex.

good point and thanks for this hint. Will try to use the
gpg4win-light-2.1.2-beta20.exe and let you know when i still have this
problem.

Thanks again for your help!

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GpgEX for 64 bit Windows test version

[Werner Koch]

On Mon,  8 Jul 2013 19:39, fisch@gmx.de said:

 I've installed gpg4win-2.1.1.exe which fails to register the gpgex and
 then installed the gpgex from the archive:

 ftp://ftp.g10code.com/g10code/gpgex/gpgex-1.0.0-beta24-bin.zip

That might be the cause for the problem.  The translations (*.mo) files
from the old installer may not match the newer gettext version as used
by gpgex.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GpgEX for 64 bit Windows test version

[Chris]

Hi,

thanks for your reply.

 I can' replicate it on my German Windows 7 Home Premium 64 bit
 (6.01.7600).  However, I recall that I noticed such a behaviour during
 development.

My windows version here is 6.1.7601.

 - Did you just install a gpgex DLL or is that the one from
   gpg4win-light-2.1.2-beta20.exe ?

I've installed gpg4win-2.1.1.exe which fails to register the gpgex and
then installed the gpgex from the archive:

ftp://ftp.g10code.com/g10code/gpgex/gpgex-1.0.0-beta24-bin.zip

with the regsrv32 command as an admin.

 - What codepage are you using?  It is different from the default?

I'm using the default codepage Deutsch (Deutschland) of a German win7
installation.

 - Did you set one of the environment variables:  LANG, LC_ALL, or
   LS_MESSAGES?

Just checked my environment variables with SET and none of the above is
set. If you need the whole output of SET i can send it to you via a
direct e-mail.

Thanks
Chris

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GpgEX for 64 bit Windows test version

[Werner Koch]

On Wed,  3 Jul 2013 23:21, fisch@gmx.de said:

 just want to let you know that using the latest gpgex-1.0.0-beta24 on a
 german windows 7 professional sp1 64bit system leads to some strange
 context menus [1].

I can' replicate it on my German Windows 7 Home Premium 64 bit
(6.01.7600).  However, I recall that I noticed such a behaviour during
development.

- Did you just install a gpgex DLL or is that the one from
  gpg4win-light-2.1.2-beta20.exe ?

- Anyone else seeing this problem?

- What codepage are you using?  It is different from the default?

- Did you set one of the environment variables:  LANG, LC_ALL, or
  LS_MESSAGES?



Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GpgEX for 64 bit Windows test version

[Chris]

Hi,

just want to let you know that using the latest gpgex-1.0.0-beta24 on a
german windows 7 professional sp1 64bit system leads to some strange
context menus [1].

Using beta19 doesn't translate the context menu to german but the
context menu is not broken.

[1] http://s1.directupload.net/images/130703/iobbaatv.png

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GpgEX for 64 bit Windows test version

[Werner Koch]

On Wed,  3 Jul 2013 23:21, fisch@gmx.de said:

 just want to let you know that using the latest gpgex-1.0.0-beta24 on a
 german windows 7 professional sp1 64bit system leads to some strange
 context menus [1].

Thanks.  I'll check what is going wrong.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GpgEX for 64 bit Windows test version

[Werner Koch]

On Wed, 26 Jun 2013 04:25, markr-gn...@signal100.com said:

 If you run any 32bit programs at all (i.e. most applications) then the
 system-supplied file open/save dialogs for those programs with be 32bit
 and so these will use 32bit Explorer extensions.

I was not ware that GpgEX is also used by the open and save
dialogs. Just tried it with DbgView and indeed - after registering the
32 bit version of gpgex it works.  They currently share the same
registry entries - maybe I need to use different ones so that it is
possible to load both.


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Another GpgEX test version

[Werner Koch]

Hi!

I just uploaded another test version of GpgEX (the GnuPG Explorer
Plugin) for Windows 32 and 64 bit.  These are just the bare standalone DLLs
without an installer.  If you are using a 64 bit Windows system with
Gpg4win, you may want to test these DLL:

  ftp://ftp.g10code.com/g10code/gpgex/gpgex-1.0.0-beta24-bin.zip
  ftp://ftp.g10code.com/g10code/gpgex/gpgex-1.0.0-beta24-bin.zip.sig

Here is the content of the ZIP file:

   589312  2013-06-26 16:37   gpgex.dll   -- The 32 bit version
   738304  2013-06-26 16:37   bin/gpgex.dll   -- The 64 bit version

To comply with the LGPL, the sources are also available as

  ftp://ftp.g10code.com/g10code/gpgex/gpgex-1.0.0-beta24.tar.bz2
  ftp://ftp.g10code.com/g10code/gpgex/gpgex-1.0.0-beta24.tar.bz2.sig

To install the DLL please unzip the ZIP file and as Admin store the DLLs
into the Gpg4win installation directory.

  c:\Program files\GNU\GnuPG\

To finish the installaion, please cd to the installation directory and
run

  regsvr32 gpgex.dll
  regsvr32 bin\gpgex.dll

Note that unregistering only one of them will make gpgex unavailabale
for 32 and 64 bit processes.

Changes in this version are some internal cleanups and improved help
file detection and loading (the help files are not included).  The 32
bit version now also does not require any non-system DLLs.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpITW80WacgC.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Gpg4win-devel] GpgEX for 64 bit Windows test version

[Josef Schneider]

On Mon, Jun 24, 2013 at 6:14 PM, Werner Koch w...@gnupg.org wrote:

 I need to check how to access the default browser.  It uses the class ID
 of InternetExplorer.Application to lookup IWebBrowser2.

Usually just with ShellExecute and Windows figures out the details!
http://support.microsoft.com/kb/224816/en-us

Best regards,
Josef Schneider

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GpgEX for 64 bit Windows test version

[Werner Koch]

On Mon, 24 Jun 2013 20:18, old...@oldbob.co.uk said:

 On my Window 7 64bit system, GnuPG 1.4.13 installed itself in c:\Program
 Files (x86)\GNU\GnuPG\  - the 32bit section. When I installed Gpg4win,

Yep, that is the default on English Windows systems.

 the installer offered install GPG2 in that same directory, but I added a
 2 to keep the two separate, ie. it was installed in

That may lead to conflicts with the registry - better don't do it.  Two
version of Gpg4win are not yet supported.  I am working on a portable
application feature in GnuPG which will allow that.

 Program Files directory, not the 32bit. I assumed that I needed to have
 gpgex.dll along with the other files and installed it in the \bin

Actually it doesn't really matter.  The plan to put them into bin is
merely so that we can easily provide a 32 bit and a 64 bit version of
gpgex.dll instead of providing two sets of installers.  But even that is
not yet set into stone.

gpgex.dll should work fine in .../GNU/GnuPG or in .../GNU/GnuPG/bin.

  regsvr32 c:\Program Files (x86)\GNU\GnuPG2\bin\gpgex.dll

 it just caused an error, saying The module c:\program failed to load.

You have to use quotes around it.  The Windows tab completion feature
usually does this for you.  It might be easier to cd to the directory
first and then run just

   regsvr32 gpgex.dll

 As I can't run the 32 bit version of GPGex anyway on this system, can I
 not just overwrite the existing copy of gpgex.dll with the 64 bit one
 and reboot?

Yes, you can.  The regsvr32 call is still required.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GpgEX for 64 bit Windows test version

[Bob Henson]

On 25/06/2013 12:53 AM, Henry Hertz Hobbit wrote:
 On 06/24/2013 06:18 PM, Bob Henson wrote:
 
 When I ran

  regsvr32 c:\Program Files (x86)\GNU\GnuPG2\bin\gpgex.dll

 it just caused an error, saying The module c:\program failed to load.
 Make sure the binary is stored at the specified path or debug it to
 check for problems with the binary or dependant .dll files. The
 specified module could not be found.
 
 Try putting double quotes at the start and end of the  string,
 e.g.:
 
 regsvr32 c:\Program Files (x86)\GNU\GnuPG2\bin\gpgex.dll
 
 I can NOT assure you that this will work but it probably
 will.
 

That was my problem - thank you for the explanation.


 I wished Microsoft had used just C:/Programs/ instead of
 C:\Program Files\ for %ProgramFiles%.  I don't know what
 to say about 64 bit other than don't mix / match.  Microsoft
 could have used C:/Programs/64/ but that would have made
 too much sense.  Microsoft wants back-slashes instead of
 slashes and a nice mix of punctuation marks in addition to
 dot . plus space characters in all folder and file names.
 It doesn't work very well, especially for something done from
 cmd.exe instead of the GUI.  How bad is it?  I COPY 7za.exe
 to use it in scripts because I don't want to make registry
 changes (%Path%) just to make it work from where it is at.
 
 Sigh

I can see your points. I have only recently started using Linux, and the
command line functions are much more logical - however, using two sets
is even more confusing. Now I can't remember which way to slash :-) I
blame old age - but I get there in the end, with the help of my friends.

GpgEx is now working just fine. I used to use another explorer extension
( I forget the name - I think it used to be in Gpg4win?) which stopped
being developed so it will be handy to have one again.

Regards,

Bob



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GpgEX for 64 bit Windows test version

[Bob Henson]

On 24/06/2013 9:01 AM, Werner Koch wrote:

 Now you may want to test it out.  Note that I also added an About menu
 which should always work, even if no UI-server is running.  The
 translations are not yet included in the ZIP file.
 

Having finally solved my problem with installation, I've been trying
GpgEX this morning and so far all seems to be fine. I've tried all the
functions separately, and had no problems at all yet - obviously I'll
report back if I get any. Thanks for the help.

Regards,

Bob



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GpgEX for 64 bit Windows test version

[Josef Schneider]

On Tue, Jun 25, 2013 at 9:50 AM, Werner Koch w...@gnupg.org wrote:
 On Mon, 24 Jun 2013 20:18, old...@oldbob.co.uk said:
 As I can't run the 32 bit version of GPGex anyway on this system, can I
 not just overwrite the existing copy of gpgex.dll with the 64 bit one
 and reboot?

 Yes, you can.  The regsvr32 call is still required.

But if you do this, the extension won't be available in 32bit
processes! (32bit explorer.exe, file selection dialogues in 32bit
programs, 32bit file managers...)

Best regards,
Josef Schneider

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GpgEX for 64 bit Windows test version

[Bob Henson]

On 25/06/2013 9:40 AM, Josef Schneider wrote:
 On Tue, Jun 25, 2013 at 9:50 AM, Werner Koch w...@gnupg.org wrote:
 On Mon, 24 Jun 2013 20:18, old...@oldbob.co.uk said:
 As I can't run the 32 bit version of GPGex anyway on this system, can I
 not just overwrite the existing copy of gpgex.dll with the 64 bit one
 and reboot?

 Yes, you can.  The regsvr32 call is still required.
 
 But if you do this, the extension won't be available in 32bit
 processes! (32bit explorer.exe, file selection dialogues in 32bit
 programs, 32bit file managers...)
 


I put it in a separate directory in the end, so I should have the best
of both worlds. I don't think I have any 32bit processes in use - but
I'm covered anyway.

Regards,

Bob




___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Gpg4win-devel] GpgEX for 64 bit Windows test version

[Werner Koch]

On Tue, 25 Jun 2013 09:38, jo...@netpage.dk said:

 Usually just with ShellExecute and Windows figures out the details!

I do this way in GpgOL.  However Marcus decided for soemthing different
in GpgEX.  I have a dark recollection that this was due to problems with
Explorer plugins.

The problem seems to appear because the helpfile is not installed or
found and thus the fallback to the website is used.  For privacy reasons
I even consider to remove this fallback and put up a message instead.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GpgEX for 64 bit Windows test version

[Werner Koch]

On Tue, 25 Jun 2013 10:25, old...@oldbob.co.uk said:

 GpgEx is now working just fine. I used to use another explorer extension
 ( I forget the name - I think it used to be in Gpg4win?) which stopped
 being developed so it will be handy to have one again.

GpgEE.  We replaced it by GpgEX because GpgEE was written in Delphi and
there was no way to build it with a free tools chain or even cross-build.

Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GpgEX for 64 bit Windows test version

[Werner Koch]

On Tue, 25 Jun 2013 10:40, jo...@netpage.dk said:

 But if you do this, the extension won't be available in 32bit
 processes! (32bit explorer.exe, file selection dialogues in 32bit

Windows 7 64 bit has no more option to use a 32 bit explorer.  This the
the very reason for the 64 bit GpgEX ;-)


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GpgEX for 64 bit Windows test version

[Mark Rousell]

On 25/06/2013 09:56, Bob Henson wrote:
 I put it in a separate directory in the end, so I should have the best
 of both worlds. I don't think I have any 32bit processes in use - but
 I'm covered anyway.

If you run any 32bit programs at all (i.e. most applications) then the
system-supplied file open/save dialogs for those programs with be 32bit
and so these will use 32bit Explorer extensions.

(Oops, forgot to reply to list previously).



-- 
MarkR

PGP public key: http://www.signal100.com/markr/pgp
Key ID: C9C5C162


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GpgEX for 64 bit Windows test version

[Mark Rousell]

On 25/06/2013 14:31, Werner Koch wrote:
 On Tue, 25 Jun 2013 10:40, jo...@netpage.dk said:

 But if you do this, the extension won't be available in 32bit
 processes! (32bit explorer.exe, file selection dialogues in 32bit

 Windows 7 64 bit has no more option to use a 32 bit explorer.  This the
 the very reason for the 64 bit GpgEX ;-)

It is true that 32bit Windows Explorer cannot be run on 64bit Windows 7
and later but what Josef said about file open/save dialogs in 32bit
programs and 32bit file managers running on 64bit Windows is correct --
these still use 32bit shell extensions Windows.


-- 
MarkR

PGP public key: http://www.signal100.com/markr/pgp
Key ID: C9C5C162


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GpgEX for 64 bit Windows test version

[Mark Rousell]

On 26/06/2013 03:25, Mark Rousell wrote:
 On 25/06/2013 09:56, Bob Henson wrote:
 I put it in a separate directory in the end, so I should have the best
 of both worlds. I don't think I have any 32bit processes in use - but
 I'm covered anyway.
 
 If you run any 32bit programs at all (i.e. most applications) then the
 system-supplied file open/save dialogs for those programs with be 32bit
 and so these will use 32bit Explorer extensions.
 
 (Oops, forgot to reply to list previously).

And I see that Josef Schneider already said the same thing. Apologies
for the repetition.


-- 
MarkR

PGP public key: http://www.signal100.com/markr/pgp
Key ID: C9C5C162


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Gpg4win-devel] GpgEX for 64 bit Windows test version

[Josef Schneider]

On Mon, Jun 24, 2013 at 10:01 AM, Werner Koch w...@gnupg.org wrote:
 Hi!

 I just uploaded a test version of GpgEX (the GnuPG Explorer Plugin) for
 Windows 64 bit.  This is just the bare standalone DLL without an
 installer.  If you are using a 64 bit Windows system with Gpg4win, you
 may want to test this DLL:

Hi, I tried all of the possible functions work.
The only problem I found is, that help asks for Admin rights. And if
the rights are granted, it starts Internet Explorer, not the default
browser!
All of this on Windows 8 Pro 64bit German

Best regards,
Josef

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Gpg4win-devel] GpgEX for 64 bit Windows test version

[Werner Koch]

On Mon, 24 Jun 2013 16:09, jo...@netpage.dk said:

 Hi, I tried all of the possible functions work.

Thanks.

 The only problem I found is, that help asks for Admin rights. And if
 the rights are granted, it starts Internet Explorer, not the default
 browser!

I need to check how to access the default browser.  It uses the class ID
of InternetExplorer.Application to lookup IWebBrowser2.

Might it be that Windows asks for Adim rights because it uses Internet
Explorer for the first time?  I can't replicate that on my Windows 7
box.

 All of this on Windows 8 Pro 64bit German

Great, at least some stuff works on Windows 8.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GpgEX for 64 bit Windows test version

[Bob Henson]

On 24/06/2013 9:01 AM, Werner Koch wrote:
  Hi!
 
  I just uploaded a test version of GpgEX (the GnuPG Explorer Plugin) for
  Windows 64 bit.  This is just the bare standalone DLL without an
  installer.  If you are using a 64 bit Windows system with Gpg4win, you
  may want to test this DLL:
 
ftp://ftp.g10code.com/g10code/gpgex/gpgex-1.0.0-beta19-bin.zip
ftp://ftp.g10code.com/g10code/gpgex/gpgex-1.0.0-beta19-bin.zip.sig

  To install the DLL please unzip the ZIP file and as Admin store the DLL
  as
 
c:\Program files\GNU\GnuPG\bin\gpgex.dll
 

On my Window 7 64bit system, GnuPG 1.4.13 installed itself in c:\Program
Files (x86)\GNU\GnuPG\  - the 32bit section. When I installed Gpg4win,
the installer offered install GPG2 in that same directory, but I added a
2 to keep the two separate, ie. it was installed in

c:\Program Files (x86)\GNU\GnuPG2\

Your instructions above point to the \bin directory under the 64 bit
Program Files directory, not the 32bit. I assumed that I needed to have
gpgex.dll along with the other files and installed it in the \bin
directory with the rest of my gpg2 files ie. under

c:\Program Files (x86)\GNU\GnuPG2\bin\gpgex.dll.

Should I have created a new directory under the 64bit Program File
directory just for the one new file?

When I ran

 regsvr32 c:\Program Files (x86)\GNU\GnuPG2\bin\gpgex.dll

it just caused an error, saying The module c:\program failed to load.
Make sure the binary is stored at the specified path or debug it to
check for problems with the binary or dependant .dll files. The
specified module could not be found.

It looks to me as though the regsvr command is looking for a program to
run called c:\program?

As I can't run the 32 bit version of GPGex anyway on this system, can I
not just overwrite the existing copy of gpgex.dll with the 64 bit one
and reboot?

What should I try if not, please?

Regards,

Bob





___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GpgEX for 64 bit Windows test version

[yyy]

On 2013.06.24. 21:18, Bob Henson wrote:
it just caused an error, saying The module c:\program failed to 
load. Make sure the binary is stored at the specified path or debug it 
to check for problems with the binary or dependant .dll files. The 
specified module could not be found. It looks to me as though the 
regsvr command is looking for a program to run called c:\program? As 
I can't run the 32 bit version of GPGex anyway on this system, can I 
not just overwrite the existing copy of gpgex.dll with the 64 bit one 
and reboot? What should I try if not, please? 


Paths with spaces needs to be escaped. Put that C:\program files... in 
quotes. ().


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GpgEX for 64 bit Windows test version

[Henry Hertz Hobbit]

On 06/24/2013 06:18 PM, Bob Henson wrote:

 When I ran
 
  regsvr32 c:\Program Files (x86)\GNU\GnuPG2\bin\gpgex.dll
 
 it just caused an error, saying The module c:\program failed to load.
 Make sure the binary is stored at the specified path or debug it to
 check for problems with the binary or dependant .dll files. The
 specified module could not be found.

Try putting double quotes at the start and end of the  string,
e.g.:

regsvr32 c:\Program Files (x86)\GNU\GnuPG2\bin\gpgex.dll

I can NOT assure you that this will work but it probably
will.

I wished Microsoft had used just C:/Programs/ instead of
C:\Program Files\ for %ProgramFiles%.  I don't know what
to say about 64 bit other than don't mix / match.  Microsoft
could have used C:/Programs/64/ but that would have made
too much sense.  Microsoft wants back-slashes instead of
slashes and a nice mix of punctuation marks in addition to
dot . plus space characters in all folder and file names.
It doesn't work very well, especially for something done from
cmd.exe instead of the GUI.  How bad is it?  I COPY 7za.exe
to use it in scripts because I don't want to make registry
changes (%Path%) just to make it work from where it is at.

Sigh


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Test failure

[Werner Koch]

On Fri,  5 Oct 2012 11:35, collin.kle...@gmail.com said:

 Contents of gnupg-2.0.9/tests/openpgp/sigs.test.log:

GnuPG 2.0.9 is pretty old.  It even does not print the used libgcrypt
version with --version.  I assume that you use a quite recent Libgcrypt
which fixes a bug, that in turn exhibits a bug in GnuPG.  Update to at
least 2.0.18:

  Noteworthy changes in version 2.0.18 (2011-08-04)
  -

   * Bug fix for newer versions of Libgcrypt.

or better to the latest version; which is 2.0.19.


Salam-Shalom,

   Werner



-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

vulnerability check and test ?

[florent ainardi]

hello

do you know if at this time, the libray has vulnerability referenced in the
CVE ? and if yes is there any patch available ?

regards
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

is there any test on prime number generation in the lib

[florent ainardi]

hello again

if p and q are two primes numbers, is there any test during  the generation
of these numbers ? some tests like : does p = q ?

do you apply the standard and recommandation for the generation of prime
number

regards
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Android PGP/MIME test results

[Grant Olson]

Provider: Boost
Manufacturer: Motorola
Model: I1
Droid version: 1.5

This phone has two mail applications by default, one called 'email' and
another called 'gmail'.  Both displayed PGP/MIME messages without any
trouble.  Neither verified sigs of course.

I see no easy way to determine the version number of either of these
apps.  If anyone has tips on how I can get this info, let me know.

-- 
-Grant

Look around! Can you construct some sort of rudimentary lathe?



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Android PGP/MIME test results

[Aaron Toponce]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Grant Olson k...@grant-olson.net wrote:

Provider: Boost
Manufacturer: Motorola
Model: I1
Droid version: 1.5

This phone has two mail applications by default, one called 'email' and
another called 'gmail'.  Both displayed PGP/MIME messages without any
trouble.  Neither verified sigs of course.

I see no easy way to determine the version number of either of these
apps.  If anyone has tips on how I can get this info, let me know.

--
-Grant

Look around! Can you construct some sort of rudimentary lathe?

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

This mail reads fine on K9, the default mail client shipped with the HTC Evo, 
and Google's Gmail client. K9 can verify the signature due to the integration 
with APG. The other two cannot, but they can view the signature.asc text. FYI.

Provider: Sprint
Phone: HTC Evo 4g
Android: 2.2.1
- --
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
-BEGIN PGP SIGNATURE-
Version: APG v1.0.8

iQFFBAEBCgAvBQJNaukpKBxBYXJvbiBUb3BvbmNlIDxhYXJvbi50b3BvbmNlQGdt
YWlsLmNvbT4ACgkQznkRt/wECI+fHQf/b2fpz0N4LKkHtNUPRbQJsGdmgzZ5AppI
GYrkmRNTL+6n09XRIffYFKURX+eYOR7HWIc+1dcNOIwPYDq+NhA56iYbdaxolYyz
Q8Aw6tCnrp7k356cg/3WZhd96GucUFe9n6GFCXVkBHXuNzjXAYY0abzdiFRah47d
lcvrYgZqrC8aRnfcDeZFR7SSABH2CZCHCDTN21fIlGFM7dM+yipRSH3et1PVsYl9
6f3oj5OIKhefSU8SNatzoKOOn/Cn90gfXkNi/4+cexWFyxVaEO63Jt/ShjJZmMnP
M8A17DCwZ44/3vskUWlMearEpXst9r40J/n8sI7AvQOvOZKDlwTR5g==
=1HpL
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Android PGP/MIME test results

[David Shaw]

Not exactly Android, but FWIW, an iPod touch (which has the same mail program 
as an iPhone) displays PGP/MIME just fine (as in shows the mail - but doesn't 
verify the signature).

David


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Android PGP/MIME test results

[Grant Olson]

On 02/27/2011 11:29 PM, David Shaw wrote:
 Not exactly Android, but FWIW, an iPod touch (which has the same mail program 
 as an iPhone) displays PGP/MIME just fine (as in shows the mail - but doesn't 
 verify the signature).
 
 David
 
 

It's worth a lot.

Since the rational behind this thread is buried in a long convoluted
thread about PGP/MIME vs PGP/Inline, allow me to re-explain.  I imagine
some people got sick of that thread and are ignoring it.

It seems Robert experienced the Outlook Express problem on his Droid,
where a PGP/MIME message didn't get displayed properly on his phone, and
instead showed a blank message.

I just wanted to gague how severe the problem was, by getting feedback
from various people's smartphones.

So if you've got a smartphone, and you check your email on it, please do
reply to this thread, letting me know:

- The service provider

- The make and model of the phone.

- The droid version.

- The email application(s) installed.

- If said application(s) displayed the text of a PGP/MIME message so
that you could read the message.

- If said application(s) could verify a message.  (The answer here is
probably no, but it seems like at least one person said K-9 mail could
verify PGP/MIME.)

- Any other pertinent information.

That'll help everyone gauge the severity of the problem and adjust their
preferences accordingly.

Thanks,

-- 
-Grant

Look around! Can you construct some sort of rudimentary lathe?



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Android PGP/MIME test results

[Robert J. Hansen]

 - The service provider

Verizon Wireless.

 - The make and model of the phone.

Droid X

 - The droid version.

2.2.1

 - The email application(s) installed.

Unknown: just the default Verizon Wireless email messaging app.

 - If said application(s) displayed the text of a PGP/MIME message so
 that you could read the message.

No.


 - If said application(s) could verify a message.  (The answer here is
 probably no, but it seems like at least one person said K-9 mail could
 verify PGP/MIME.)

No.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: What's the best way to test a long list of passphrases?

[Sven Radde]

Hi!

Am -10.01.-28163 20:59, schrieb Will McDonald:
 what's the best way for me to test my 30,000 possible
 passphrases?

No idea whether it's the best way for you, but there is a small tool
called rephrase which might do the job:
http://roguedaemon.net/rephrase/README.html

cu, Sven

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: What's the best way to test a long list of passphrases?

[Reid Thompson]

On Thu, 2010-10-07 at 20:02 -0400, Robert J. Hansen wrote:
 On 10/7/2010 7:08 PM, Reid Thompson wrote:
  given that -- split the file into 5? chunks and kick off 5? copies of
  the script
 
 Given the amount of time required to write a multithreaded application
 that intelligently divides up work units across cores, versus the eight
 hours for a single-threaded, single-cored version...
 
 There's an old rule of thumb about not using more hammer than you need
 for a given nail.  Tacks get tackhammers and railroad spikes get
 sledgehammers, but it's foolish to drive tacks with sledges or spikes
 with tackhammers.
 
 This is a tack problem.  Use a tackhammer.
 

sorry -- my assumption was that he'd already generated the 30k entry
passphrase file

n = wc -l passphrasefile
split -l n  passphrase file - aaa aab aac aad aae

kick off a script for each aaX

5 tackhammers

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

What's the best way to test a long list of passphrases?

[Will McDonald]

Hi,
I have a GPG key to which I've forgotten the passphrase. That is, I remember
the mnemonic I used, but not the particular set of l33tspeak substitutions
and punctuation used, and guessing hasn't worked. It's a ~26 character
passphrase, and since I know the options I might have used I was able to
write a perl script to generate the 30,000 or so possible permutations that
I might have used.

Given that, what's the best way for me to test my 30,000 possible
passphrases? I'd prefer to ask gnupg directly via some API (I'm fine writing
a small C program if I know the relevant functions to use) rather than
trying to script around the text ui (and it's 1-second delay after input).

Any suggestions?

-will
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: What's the best way to test a long list of passphrases?

[Reid Thompson]

On Thu, 2010-10-07 at 15:28 +, Will McDonald wrote:
 Hi,
 I have a GPG key to which I've forgotten the passphrase. That is, I
 remember the mnemonic I used, but not the particular set of l33tspeak
 substitutions and punctuation used, and guessing hasn't worked. It's a
 ~26 character passphrase, and since I know the options I might have
 used I was able to write a perl script to generate the 30,000 or so
 possible permutations that I might have used.
 
 
 Given that, what's the best way for me to test my 30,000 possible
 passphrases? I'd prefer to ask gnupg directly via some API (I'm fine
 writing a small C program if I know the relevant functions to use)
 rather than trying to script around the text ui (and it's 1-second
 delay after input).
 
 
 Any suggestions?
 
 
 -will
 ___
 Gnupg-users mailing list
 Gnupg-users@gnupg.org
 http://lists.gnupg.org/mailman/listinfo/gnupg-users

http://www.gnupg.org/related_software/libraries.en.html

see
gpgme
libgcrypt

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: What's the best way to test a long list of passphrases?

[Robert J. Hansen]

On 10/7/2010 11:28 AM, Will McDonald wrote:
 Given that, what's the best way for me to test my 30,000 possible
 passphrases?

At one per second, it'll take about nine hours.  Your fastest solution
involves spend the rest of today polishing the script, and letting it
run overnight.  Slow and stupid wins.

The smart and fast way involves doing the s2k computations yourself and
checking prospective keys one after another, but even then this will be
slow.  The s2k computation involves a lot of iterated hashing in order
to slow down brute force attempts like this.  You'll waste more time
writing code than you'll gain by a faster algorithm.

Basically, if you do things the slow and stupid way you'll be done by
morning.  If you do things the smart and fast way you might be finished
by the end of the week.  You can view this as an instance of worse is
better.

Good luck!

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: What's the best way to test a long list of passphrases?

[Robert J. Hansen]

On 10/7/2010 7:08 PM, Reid Thompson wrote:
 given that -- split the file into 5? chunks and kick off 5? copies of
 the script

Given the amount of time required to write a multithreaded application
that intelligently divides up work units across cores, versus the eight
hours for a single-threaded, single-cored version...

There's an old rule of thumb about not using more hammer than you need
for a given nail.  Tacks get tackhammers and railroad spikes get
sledgehammers, but it's foolish to drive tacks with sledges or spikes
with tackhammers.

This is a tack problem.  Use a tackhammer.



smime.p7s
Description: S/MIME Cryptographic Signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: What's the best way to test a long list of passphrases?

[Reid Thompson]

 On 10/7/2010 3:25 PM, Robert J. Hansen wrote:

On 10/7/2010 11:28 AM, Will McDonald wrote:

Given that, what's the best way for me to test my 30,000 possible
passphrases?

At one per second, it'll take about nine hours.  Your fastest solution
involves spend the rest of today polishing the script, and letting it
run overnight.  Slow and stupid wins.

The smart and fast way involves doing the s2k computations yourself and
checking prospective keys one after another, but even then this will be
slow.  The s2k computation involves a lot of iterated hashing in order
to slow down brute force attempts like this.  You'll waste more time
writing code than you'll gain by a faster algorithm.

Basically, if you do things the slow and stupid way you'll be done by
morning.  If you do things the smart and fast way you might be finished
by the end of the week.  You can view this as an instance of worse is
better.

Good luck!

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

given that -- split the file into 5? chunks and kick off 5? copies of the script

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Test mail to aldo...@gmail.com

[Aldo Latino]

2010/6/11 Werner Koch w...@gnupg.org

 Sorry for the inconvenience,


No problem.

-- 
Aldo Latino
OpenPGP key: 4096R/0xA18E41E8 | bit.ly/keyDSA
84E2 2BC8 ABE3 DCC0 9F15  E511 4357 7ECD 4397 C730
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Test mail to ...

[Road Runner]

Werner's email was a good email to look for bots.

Regards
RR


On 2010-06-13 16:24, FederalHill wrote:
 I have been reading them and trying to understand this issue, I thought it 
 was solved.
 
 
  
 
 --- On Sun, 6/13/10, Road Runner r_run...@poczta.onet.pl wrote:
 
 
 From: Road Runner r_run...@poczta.onet.pl
 Subject: Re: Test mail to ...
 To: gnupg-users gnupg-users@gnupg.org
 Date: Sunday, June 13, 2010, 10:19 AM
 
 
 On 2010-06-11 09:38, Werner Koch wrote:
 Hi!

 One of the subscribers to this list created a mail forward to an
 automated ticketing system which responds to the the poster.  The
 owner of the ticketing system at secure.mpcustomer.com does not
 respond to any of our queries to send us more information on the mails
 triggering the posting.  Thus we need to send these test mails in the
 hope to figure out the culprit.

 Sorry for the inconvenience,

Werner
 
 Like the others I'm living too.
 
 RR
 
 
 
 ___
 Gnupg-users mailing list
 Gnupg-users@gnupg.org
 http://lists.gnupg.org/mailman/listinfo/gnupg-users
 
 
 
   


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FYI: About my test mails

[Benjamin Donnachie]

On 14 Jun 2010, at 08:18, Werner Koch w...@gnupg.org wrote:

 Did alava...@gmail.com ever get removed?
 I can see no evidence that this address is abusing this ML.

It was also forwarding to the MP Customer ticket system but now seems
resolved.

Ben

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users