Thank you for reply. I was thinking about speeding up the encryption
process. But if that's not possible then that's how it is.
Thank you for sending a plain-text email to the list! :)
The answer is a little complicated, but this should be an
accurate-enough explanation.
Encryption speed
Please do not send HTML to this list. Many of the people you very much
hope to read your questions will not read HTML email.
Anyone knows if there is a way to use all CPU threads with
*gnupg-desktop-2.4.3.0-x86_64.AppImage* ?
What exactly are you hoping to speed up? The classic mode of
Please don't send HTML to this list.
gpg: key "6O0PDA84A36B6C98B261AC2020546703CDADFA53" not found
That's not a valid key ID. Key IDs are strings of hexadecimal digits.
Your second 'digit' there is the letter O, which is not a valid hexit.
gpg --delete-secret-keys CDSXFA53
That's not a
My name is Snowden.
I don't care.
And I cannot send a decrypted version of the mail.
Then please learn how to do so.
To recap:
1. There is no point in a 32kbit RSA key.
2. For that reason, GnuPG doesn't allow you to generate one.
3. I will not help you do something that has no point.
I will not answer encrypted messages posted to the list. This is a
public mailing list. Signatures are fine, but encrypted
person-to-person messages are not.
Also, please do not send HTML email to the list. Many of the people you
hope will read your email refuse to read HTML email.
I don't know that there's anything to file a bug about. I
don't see any non-rsa4096 keys on the Tails website:
One of their certificates has a Curve-25519 subkey. I wonder if that's
what the original poster saw, and mistook it for being a 25,519-bit
subkey.
How do I upp the limit of the RSA-key to 32768?
First, come up with a reason why you need one.
A 2048-bit key is hypothesized to possess about 112 bits of entropy; a
3072-bit key, about 128; a 16k-bit, about 256. You very rapidly reach a
point of dramatically diminishing returns. A 32k key
(Please forgive the HTML email, sending from my phone)Given Python is effectively single-threaded through the global interpreter lock, this may turn out to be a total non-issue. Although I don't have an immediate answer for you I'd suggest starting by learning how Python's multi-threading support
It would be helpful to know why I can't get compression in my build.
I've tried to build from source three times now.
The answer is very simple: because you are building it incorrectly. We
can provide you with the answers, but we can't give you the software
development skills needed to
why can't gpg accept passphrase in the terminal?
Depending on how you invoke GnuPG, it can. It supports a lot of
different ways of providing the passphrase.
The one that might work best for your purposes is to put the passphrase
in a file, passphrase.txt, and then invoke GnuPG like this:
Why does gpg-agent interject itself into symmetric encryption at all?
Where in that command line do you specify a passphrase?
You don't.
gpg-agent is getting fired up in order to ask you what passphrase to use
for the symmetric encryption.
___
When I choose a RSA3076 key, keyserver.pgp.com will accept it.
When i choose an ed25519 key, keyserver.pgp.com tells me it is a v3-key.
keyserver.pgp.com is *old* and doesn't understand how to use ed25519
keys. It is erroneously telling you it's a v3 key, when the reality is
On a lark I went looking for the current iteration of PGP. It was
bought by Symantec some years ago, and the last I heard they'd renamed
it to "Symantec Encryption Desktop". However, Symantec no longer has it
available for sale or download, and scouring their site turns up
basically nothing.
Subject: How did Edward Joseph Snowden use GnuPG to uncover the
secrets of the National Security Agency?
Short answer: he didn't.
GnuPG is one of the tools that Snowden used to
uncover the secrets of the NSA.
This is incorrect.
According to Glenn Greenwald, he used GnuPG to communicate
Some years ago after they first published their OpenPGP certificate, Enigmail reached out to them offering training on effective use of OpenPGP and technical support for GnuPG and Enigmail. No cost, Enigmail had a core member who lived near their offices (namely, me), let us know how we can
3. I could use the ent command which measure the entropy, high
entropy is an indication of encryption (but jpg have also high
entropy). However I should then study the distribution of each
letter to be sure.
A JPEG *body* has high entropy. The JPEG *header* has
It seems not as much the binary name seemed the problem but the
dnf/yum/rpm dependency.
Here's where I hate to sound like a jerk, but I can't help you. I'm not
an AIX guy and I don't do packaging for it. This is a packaging issue,
not a GnuPG one. :(
There might be an AIX person on the
1 What is the difference between gnupg2 and gnupg-2.X.X?
Possibly quite a lot. GnuPG exists in three different branches. For
sake of simplicity I'll call them "modern", "standard", and "classic".
Modern: GnuPG 2.3 and later.
Standard: GnuPG 2.2
Classic: GnuPG 1.4
The differences among
Since paper as we know it today doesn't even exist so long that can't
be true. Maybe you are pointing to the few surviving papyrus texts?
Most have not survived.
I've personally seen paper ballots from elections in the Senate of
ancient Rome. Admittedly, this was 15 years ago so I can no
You're barking up the wrong tree: It wasn't me who brought politics to
this list.
You're the one who is turning a single throwaway line in someone's
signature block into an angry argument.
Nonsense. The OP issued a statement, I replied and that could have been
it. It is you who is obviously
Just as I am free to comment on a political statement that I find
provocative, blatantly wrong and in the context of current events almost
derisive.
Excepting that this is not a mailing list for politics.
Matthias has a line in his signature that you object to. I object to
it, too, but the
Given recent events: can't you spare us your stupid signature?
Matthias should be, and is, free to advocate for his beliefs in his
signature.
If we don't stand up for people's right to peacefully say things we
don't like, we have failed as a community.
I say this as an American who's a
First of all, thank you for taking your time to reply to this email. I
tried it using the -l flag. The config file was found in the directory
before that. Below is the command I executed.
I don't want to sound dismissive or discouraging, but you may want to
consider whether you have the
You will have much better luck if you send only plain-text emails to
this list. Some of the people you'd really like to see your email
refuse to read HTML email, on the grounds that it's a security risk.
I've quoted your entire message below as plaintext to help you reach
these people.
To
Sounds like a defect to me, do you have a problem report ticket with
Thunderbird or a forum entry which described the problem in more detail
(like which version is affected).
It turns out the actual behavior is a little different than I originally
described. If you have a valid certificate
Whoever told you SHA-1 is broken was gravely in error. There are certain areas of the cryptographic space where it is no longer recommended. There are others where it's strong as a rock.As part of an iterated key derivation function, SHA-1 is still believed safe. There's no reason to shy away
How can I fix this?
Specify a different keyserver.
keyserver.pgp.com was a commercial keyserver run by PGP Corporation, or
whichever corporate entity owned the PGP intellectual property at the
time. Network Associates gave way to PGP Security gave way to Symantec
gave way to...
The PGP
Yes, I know, Thunderbird doesn't use GnuPG. However, for those who do:
apparently, Thunderbird is a big fan of attaching public certificates
(and/or revocation certificates, for revoked keys) to outgoing emails
for *every private certificate on your keyring*, regardless of whether
that
this is my first post here. I'm an experienced Dev and FOSS contributor
which worked quite some with gpg recently.
Welcome to the party, pal!
:)
1. Who takes care for tasks like updating the website?
Ingo already addressed this fully and correctly, so I'll skip.
2. Difference of
Forgive my terseness, on from my phone. The OP may find this message from the archives to be useful:https://lists.gnupg.org/pipermail/gnupg-users/2021-December/065639.htmlOn Feb 2, 2022 3:59 AM, Ingo Klöcker wrote:On Mittwoch, 2. Februar 2022 08:30:56 CET B1773rm4n via Gnupg-users wrote:
>
However, the opposite also occurs: some US companies appear to be
shocked when I, as a European without any ties to the US, claim I won't
comply to a DMCA request because we don't have such a law here.
Yes! And when American companies are so foolish as to demand an EU
citizen comply with a
If person1 has a signed and encrypted email to person 2, but which
used IDEA and MD 5, and now wants to decrypt, and re-encrypt and
sign, and send to person 2, who will then destroy the original
email, why shouldn't they be allowed to know if this is safe.
They *are* allowed.
Unrelated note: I find the rhetoric of a few posts in this thread
absolutely astounding. From a crypto question to red scare and "my army
is going to kick your country's ass if it dares talk to me" in two easy
steps ? This is vile.
"Tell it to the Marines" is a standard American and British
Ok, you made me actually look at pgp263iamulti06. :-)
I almost feel like I should apologize.
However, the entropy gathering seems overly optimistic:
*wince*
That's quite a bit worse than I remember. (I haven't looked at 2.6.3
source code in probably 25 years.)
So, yeah. I'm
PS: I guess by the "emotional reactions" you mean Robert J. Hansen
mails, since replies by other people seem much more technical in
nature.
If by 'emotional' people mean 'amused', then yes. I thought it was
cuter than a pailful of kittens. :)
If by 'emotional' people mean angry, annoyed,
I was simply trying to help an organization
that is, for *their own good business reasons* very much
motivated to adhere to GDPR, use existing IT infrastructure
to move to a more secure method of communication.
And, for those people and businesses who have to do business with the
EU, the GDPR
If an individual that requests his personal information is
removed (i.e., the "right to be forgotten") is EU resident,
GDPR applies regardless of the jurisdiction in which the
information server is located.
"Right to be forgotten" doesn't exist in the United States. It's a
violation of our
Would you be able to suggest the version to use in "portable" mode?
GnuPG 1.4, but I'd honestly prefer to run a bootable Linux distro.
Portable apps are a monstrous security hazard if they're used on
computers beyond your control. USB malware is a very real thing.
I remember using a Windows-95-native PGP years ago that also used
keyboard and mouse events to acquire entropy; presumably, there was not
that much determinism, or every PGP key generated on Windows is likely
to be weak.
Win95 still allowed direct access to underlying hardware. In the
Is this also used when generating symmetric keys? Or only used by secret
key generation? If the last is the case, then existing keys generated on
DOS (or Linux?) might be safe (apart from a possibly short key length).
Existing certificates would be unaffected, but since the CSPRNG is used
for
When generating the key-pair with Re: pgp263iamulti06, the
"randomness" is obtained by user's keyboard input. Is it
then that the above applies only when the session key is
generated?
No, the whole CSPRNG is (probably) compromised. PGP 2.6.3 used keyboard
interrupts harvested directly from
Are there known, documented security deficiencies in it?
The CSPRNG is almost certainly broken.
PGP 2.6.3 was a DOS program, which meant it could easily get direct
access to hardware. That meant it could use the uncertainty of the
physical world as a key factor in the CSPRNG.
But ever
What's the difference between `|--personal-cipher-preferences' and
`default-preference-list'?|
The former is your preferences for the traffic you generate. The latter
is your advertised list of preferences that are affixed to new
certificates you generate.
E.g.: if you have p-c-p of
Migrate? That data is in my mail archive. While it would be possible for
me to write a program to scan the mail file for pgp blockes, check which
pgp version is used, decrypt the data, re-encrypt it with a modern gpg
version and replace that textblock, it would still lose information
about dates
Lucky for me I never use that version, as I never respected the
copyright of the RSA and IDEA algorithms (questionable in Europe anyway).
Patents, not copyrights.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
1.4 should be able to decrypt all 2.6 generated data.
Not from the Disastry builds, which extended 2.6 to support newer
algorithms.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Well, a bit more respect for backwards compatibility would help a lot
by that. Now I'm forced to keep an 1.4 and pgp 2.6 version installed
just to be able to read all my old data. Some people just refuse to
update to versions that routinely break backwards compatibility.
You've had literally 27
On this mailing list we sometimes see requests for help from people
running dangerously antique versions of GnuPG. Wasn't all that long ago
I was asked for help with something in the 1.2 series (!!). Without
exception, our first response is usually "for the love of God, upgrade!"
They
Likewise, Edwards DSA can be tortured into becoming a Curve25519 key.
But once you do that, *you're no longer using Edwards DSA*.
Can you be more specific why this is a problem?
I apologize in advance for sounding grumpy (I am, it's been an annoying
day so far) and condescending (which I'm
5) Importing the key on Linux does not generate any warning or error. And I
can also properly use the keypair generated on Windows to encrypt, decrypt,
sign and verify files between Linux clients without problem. It's just
encrypting on Windows and decrypting on Linux with a keypair generated on
There is anequivalence given (two functions) in the Ed25519 wikipedia page,
but I don't know if this allows the same curve used in both algorithms.
Yes, in the same way that if you torture a DSA key long enough you can
get the Elgamal encryption algorithm out of it. But once you do that,
I know that "ed25519" and "cv25519" are different algorithms,
but from my limited understanding the same key-pair should be
usable for both encrypting and signing in theory?
Ed25519 is (effectively) a Schnorr signature done over an Edwards curve.
Schnorr signatures have really no capability
I did spend about six months doing a clean-room implementation of
RFC2440 in PHP3. It was a vile experience and one I don't recommend.
I am simultaneously shocked, impressed, and disgusted. ;-)
I rarely talk about that job because it's sort of like saying you made a
healthy and tasty meal
Werner, this is amazing news. Thank you for sharing it!
For the list: as you may remember, each Christmas I run a fundraiser for
GnuPG. You pledge $X and I match it, that sort of thing. I didn't do
one this year because Werner contacted me earlier asking me not to,
saying he would soon
> I would've thought that a clearsign signature preserves the data
above the pgp signature, in plaintext. Isn't the plaintext above the
signature the original data?
In that case, it is. I spoke inartfully: I meant to say that detached
signatures can be done in either a binary format or
Shouldn't I be able to verify the signature independently?
Why?
A signature is a piece of data that attests another piece of data is
unchanged. If it doesn't have a second piece of data to compare to, all
it can say is "I have a good digital signature that attests to a hash
value of XYZ
seems as though my entry into this realm was clearly... bad. I wanted
to learn the system without using separate encryption software like
kleopatra. I wanted to know how to do it with just gpg and any email
provider. It's difficult, and I have a lot to learn.
Don't do that. Seriously. This
What other keys would it hold?
Behold:
pub ed25519/1E7A94D4E87F91D5 2021-02-22 [SC]
7D8EC4B85B6FEDD6C10D3C791E7A94D4E87F91D5
uid [ultimate] Robert J. Hansen
uid [ultimate] Robert J. Hansen
sub cv25519/7D6CCDB66CA1202F 2021-02-22 [E]
My public
The document snapshot analogy really helps.
I'm glad it's helped!
No, and I'm going to strongly encourage you to stop asking
implementation questions.
I think I'll take that advice.
When you think you're ready, we'll be here to answer your implementation
questions. It would break my
That key block did not match the one on his profile. That’s what
confused me. But I’m learning (from you guys) that the key blocks
don’t necessarily have to match. So I can assume that:
More accurately, they're very unlikely to match. The version on his
site may lack some signatures or user
when i compared the imported pgp public key block (which I obtained
using the import command and the provided fingerprint) to the
displated pgp public key block, they didn't match
shouldn't they match?
No.
The key block is not a human-readable format. It's a binary format
that's meant to be
I make different observations (using self-compiled gpg installed to /opt/
gnupg/master with a non-standard GNUPGHOME):
It turns out the source of the trouble was systemd, which was starting
gpg-agent on demand, and was forcing it to use /usr/bin/gpg-agent.
Setting a user override file fixed
Turns out the problem was keyboxd was waiting for a lock. Unfortunately
I wasn't able to find the lock: so, after making a backup, I decided to
resort to harsh measures: I nuked my .gnupg directory. Now GnuPG is
getting a little further along, but it's still not working properly.
Let's
"gpgconf --kill all" solved my problem, but I'd still advise y'all to
look into where it got wedged and why -- this was an incredibly annoying
problem to solve, and the total lack of debugging output elevated it to
tremendously frustrating.
I'm such an idiot, I forgot I was sshed into another
Try attaching gdb to see where it hangs.
(gdb) run
Starting program: /usr/local/bin/gpg --list-keys
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Detaching after fork from child process 41865]
^C
"gpgconf --kill all"
Which version exactly are you using?
2.3.3.
Try attaching gdb to see where it hangs.
(gdb) run
Starting program: /usr/local/bin/gpg --list-keys
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Detaching after fork from
rjh@ripley:~$ gpg - --list-keys
gpg: using character set 'utf-8'
gpg: Note: RFC4880bis features are enabled.
gpg: key 1DCBDC01B44427C7: accepted as trusted key
gpg: key 1E7A94D4E87F91D5: accepted as trusted key
gpg: key A3C418D1C6F3453A: accepted as trusted key
... No output is ever
Mapping a "Real Name" to an email address is a conceptually different
thing from mapping an email address to a public key.
Except that should we be mapping keys to email addresses in the first
place?
When we sign a certificate we make an assertion that this cryptographic
material is
Why not do a detached signature using e.g. gpg -sb --output file.sig
file? Then, someone can run gpg --verify file.sig file to ensure that
the signature is valid.
(a) because the OP specifically said he was looking for integrated
signatures, and
(b) detached signatures have a way of getting
We’ve been using v1.4 of gnupg because I read in the documentation
and user comments and in my testing, that v2.X couldn’t be used in
software automation workflows.
This might have been true several years ago, but it isn't true today.
there was a feature (that seemed intentional) that the
all is well and good. At least, on Windows. But what about linux?
As a general rule, Windows signs executables more than it signs
packages; Linux signs packages more than it signs executables. The best
practice seems to be to use GnuPG to attach a digital signature to an
RPM or DEB (or Snap
gpg -k and gpg -K both show my main key. I compiled a copy of gpg1 (not
installed to the system) to try to use locally, since it doesn't enforce
the use of a passphrase for the secret key. Unfortunately, without
secring.gpg, it doesn't see the secret key at all.
I haven't tried this, but it
Is 'Стефан Васильев ' the same person that
was ban from this very list a fiew month back?
No, because no one was ever banned. One user, also named Stefan, was
set to moderation (his messages had to be approved by an admin before
appearing on list), but this was only for two weeks, and he was
I am trying to write in plain text mode so hopefully you won't be
seeing it in HTML.
Success! Thank you.
Can you please suggest to me the steps that I should follow to
redesign my solution, considering the password security?
I already have, twice.
For the third time: remove the passphrase
I am writing this email to you in plain text... I am surprised how is it
coming to as HTML.
As I don't use GMail, I can't help you. You'll need to ask Google.
Your message comes through as having both plaintext and HTML parts.
This, for instance, is part of the source of your email:
But, this command had a risk of exposing *$PASSPHRASE* to the UNIX
console if any user executes *ps -ef* command while the code is running.
This was a huge security breach so I chose the *--passphrase-file*
option to read the decryption password from a file.
Now, all I need is to place the
I'm not going to respond to this until you re-send it as plain text
without HTML. The very first thing I wrote in my last email was that
this mailing list strongly prefers plain text without HTML.
We're willing to help you, but you need to follow the rules.
Please do not send HTML to this mailing list. Many of our members
refuse to open HTML emails from unknown parties, so when you send HTML
email to this list you're limiting the number of people who can see your
question -- and maybe be able to help you!
Step 2. Instead, I have thought of
nd use it as an OTP, and throw it into a garbage
>incinerator afterwards.
>If you are up against adversaries where this is necessary,this methods
>may ultimately not help ...
>=
>
>On 5/4/2021 at 1:19 PM, "Ingo Klöcker" wrote:On Dienstag, 4. Mai
>2021 18:47:50 CEST R
Modern harddisks don't allow that anymore. Should I assume that
"low-level format" in this case means something like
dd if=/dev/zero of=/dev/sdX
[puts on forensics professional hat]
Good question! The tl;dr of it is that the technique to wipe a hard
drive will vary according to the kind of
Neal Stephenson's novel Cryptonomicon is excellent. I strongly
recommend it to anyone who enjoys reading & is interested in crypto.
Part of the plot involves a cipher that operates a bit like RC-4,
permuting an array, but the array is a deck of cards.
https://www.schneier.com/academic/solitaire/
I have dealt with a similar problem in real life, as a real problem with real
people.
We created a custom Linux environment, burned it to Blu-Ray, and Alice crossed
the border with her Linux environment tucked into her CD player.
On the other side she acquired a laptop, Blu-Ray drive, and USB
The only thing that I can say is that I would rather see a FAQ that
reflect the current inplementation of GPG than a non-up to date FAQ per
lack of user consensus (1).
The problem there is without community buy-in, the FAQ lacks
credibility. It's supposed to be the *community's* FAQ, which is
The FAQ (https://www.gnupg.org/faq/gnupg-faq.html) claims the other
way round, namely:
Yep. Which was why I stepped away: I've ended my affiliations with FSF
and GNU. However, that FAQ was last overhauled in October 2017, and
apparently the relationship has changed in the last three and a
A few weeks have passed, and I figured a recap might be appropriate:
* FSF continues to support RMS
* FSFE has ended collaboration with FSF and GNU ("we see
ourselves unable to collaborate both with the FSF and any
other organisation in which Richard Stallman has a
So to me, your statement is too general and may provoke some folks.
(You could see that Werner and myself also refrained from general
reasoning. :) )
I would also like to say that I have tried to make my stepping-away as
painless and as friendly as possible. I don't want to see ill will
The FSFE is an independent sister organisation with a separate
leadership, and the framework agreement FSFE has with FSF does not give a
single person a special influcence or one of the organisations a special
power over the other.
Regardless of whether he officially has power, he clearly
There's a song I really enjoy[*] with a line that always hits me as
being both beautiful and wise:
"You talk far too much for someone so unkind."
I first heard of the GNU Project and the Free Software Foundation in
1995. For twenty-six years I've supported the FSF and FSFE in a
The next default is ECC (ed25519+cv25519) which is supported by most
OpenPGP implementations. Only if you have a need to communicate with
some niche implementaions you need to use rsa3072.
Last I checked, Thunderbird 78 did not support ed25519+cv25519 keys.
That's not a niche implementation.
I'd like to know current best practices for obtaining a new one?
This question gets asked so often that it has its own FAQ entry. Yes,
parts of the FAQ are outdated, but this particular one is very current.
https://www.gnupg.org/faq/gnupg-faq.html#tuning
* You don't need to "tune" GnuPG
Reading the URLs given by the OP, I see that the GPG FAQ (1) talks about
a default of '2048' but in the latest (2.2.17) release of GPG it looks
like the default is now '3072':
Yep.
[puts on maintainer hat]
The last time I suggested revisions to that text there was no community
consensus on
Our legacy Symantec users (who have not yet transferred over to GNU) are
unable to decrypt/read GNU PGP emails.
Symantec is unfortunately not keeping current with the latest iterations
of the OpenPGP specification. Further, some features of current GnuPG
keys are not supported by Symantec
Hello gnupg-users!
Hello and welcome!
First, please only send plain text (not HTML) to the list. Some of the
most knowledgeable people here refuse to open HTML mails from people
they don't know. :)
I have recently been required to use GnuPG to encrypt messages, and have
been
*Appologies* Robert for highjacking your thread!!!
I have never understood why people apologize for doing something they
know is wrong, and then do it anyway. You could see that starting a new
thread was appropriate; you know that starting a new thread is easy; you
apologized for your
A little more than a month ago I said I'd match all donations made to
GnuPG from December 10 to January 6. I'm happy to report y'all made me
contribute 370 Euros, or about $450 USD. The money has been paid and
is sitting in GnuPG's account.
I hope this encouraged some of y'all to donate to
> The landscape has changed dramatically from the times when the
> original PGP fundamentals were introduced. Today, for any secure
> personal communication system to be of practical use, it must
> be designed from the ground up observing the following simple
> principle: *anonymity is the
On Tue, 2021-01-05 at 15:38 +0100, Werner Koch via Gnupg-users wrote:
> Virtually nobody uses the WoT...
Strangely, the Linux kernel folks still use it a decent amount.
They're the only large group I can think of offhand, though.
signature.asc
Description: This is a digitally signed message
> I assume the following: Werner is globally known as the author of
> GnuPG and it is generally accepted that GnuPG is a defacto security
> standard globally besides S/MIME when it comes for example to private
> email communications.
No. OpenPGP is; GnuPG is just one implementation of the
> I know there are and have been fierce discussions about the useful
> length of RSA-Keys. I don't want to dive deeper into that, and I hope
> this special question has not been discussed recently:
If you're going to propose a change like that, you need to make a case
for it.
* Who currently is
People who have difficulties to create a long passphrase and
remembering those, when using differrent ones for different use cases.
Then why aren't you using PBKDF2 or Argon2?
If you're writing a key derivation app -- use a key derivation function.
Had I used PBKDF2 for my litle program
1 - 100 of 113 matches
Mail list logo
