Re: Restarting gpg-agent
On Sun, Mar 14, 2010 at 10:16:00PM +0100, Michel Messerschmidt wrote: On Sun, Mar 14, 2010 at 12:24:14PM -0700, James Moe wrote: Hello, opensuse v11.2, linux 2.6.31.12-0.1-desktop x86_64, gpg v2.0.12. The docs at http://www.gnupg.org/ cover starting gpg-agent pretty well. What is missing is how to re-start it. If gpg-agent is terminated for some reason, or the system is booted, the file .gpg-agent.info is left behind. Because the file exists, when .bashrc is run it detects the file and does not start gpg-agent. Is there some way to: 1. Detect if gpg-agent is running. If not, erase .gpg-agent.info, or 2. Erase .gpg-agent.info at boot time. This works for me (in .bashrc): A good idea, and well written :) Just one minor thing... # start gpg-agent if no running instance is found if test -z ${GPG_AGENT_INFO} || ! kill -0 `grep GPG_AGENT_INFO ${GA_INFO_FILE} | cut -d: -f 2 -` 2/dev/null; then In this way, you risk a false positive if gpg-agent has died (or not been started at all, but a .gpg-agent.info file has been left over) and there is another process with the same process ID. This *can* happen, whether by random chance at system startup, or by random chance on a long-running system with PID's wrapping around. A slightly better (if somewhat more convoluted) way could be something like: gpg_agent_pid='' gpg_agent_running='' if [ -n ${GPG_AGENT_INFO} ] [ -r $GA_INFO_FILE ]; then gpg_agent_pid=`grep GPG_AGENT_INFO ${GA_INFO_FILE} | cut -d: -f 2 -` fi if [ -n $gpg_agent_pid ] expr x$gpg_agent_pid : 'x[0-9]*$' /dev/null; then if pgrep gpg-agent | fgrep -qw $gpg_agent_pid /dev/null; then gpg_agent_running='1' fi fi if [ -n $gpg_agent_running ]; then ... fi Please don't take this as criticism, just an idea :) And, of course, it assumes that the OS has pgrep(1). G'luck, Peter -- Peter Pentchev r...@ringlet.netr...@space.bgr...@freebsd.org PGP key:http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13 What would this sentence be like if pi were 3? pgpTFvqo00XDR.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: key question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Monday 15 March 2010 at 7:54:03 AM, in mid:4b9de79b.3050...@gmail.com, Paul Richard Ramer wrote: If you knew more about how I shared those e-mail addresses, you might conclude differently. OK I think that I disclosed less than you may have gotten the impression that I did, since those addresses were never private information. I don't understand the comment that they were never private information. They will have been private information from their inception up until the time you publicised them or published them. Personally, I prefer to give an e-mail address, and then filter messages based upon the sender. But that is my preference. I don't believe it is The One True Way. :-) It is simplest, and almost certainly most common, to just have a small number of addresses. Multiple addresses and/or disposable addresses can be a useful tool, but they can add complexity with no real advantage if their use is not properly thought out. If in the future I want to go underground with a pseudonymous identity, then I will create a PGP key specifically for it. And in that eventuality, do you see the attraction of optionally hashing email addresses and names in UIDs, so that somebody who knows your email address can find your key but somebody who inspects your key gains no information about you from it? Probably not. I might consider it, though. I would most likely create a UID like your's--pseudonym and nothing more. Then use the key with e-mail accounts that would never have information about my real identity. This doesn't mean that the hashed UIDs idea couldn't be good for someone else. I see the target user as somebody who wishes to keep their personal contact details private, but wants openPGP users who already have their contact details to be able to discover their key. Not wishing to reveal my email address in my key, when faced with all the literature saying I should, was one of the main reasons I didn't adopt PGP the first couple of times I looked at it. Since I have no reason to expect my thoughts on this to be unique, I believe the hashing option for the information in UIDs would remove an obstacle that deters some people from using openPGP. Anything that connects two or more messages together, whether it be a key ID, pseudonym, or secret pass phrase or sign, is less than perfect anonymity. Even speech patterns will give less than perfect anonymity. Perfect anonymity is difficult, if not impossible, to achieve. It can also be impractical, e.g. if I don't have a way of knowing that I am communicating with the same person each time, how can I know that I am not talking to an enemy. Even if you know it is the same person, you could still be talking to an enemy. You may not realise they are a spy working for a rival organisation, for example. If I am to have multiple communications with an anonymous entity, I have to know that the last anonymous entity and the one that I am talking to now are the same. There has to be something identifying. It doesn't matter what it is, but it must be there. Would I risk sharing secret information with the wrong person? That doesn't only apply to anonymous entities. For example, is today's John Smith the same John Smith I communicated with last week? Perfect anonymity is like perfect privacy. They are both impossible to have if we are to live our lives while having relationships and associations. What is perfect anonymity? If I recognise somebody by sight as being somebody I have seen before but know nothing about, are they no longer perfectly anonymous to me? Is somebody with many short-term relationships and associations more anonymous than somebody with fewer but long-term? One is known to more people but each knows less about them. Perfect privacy means not knowing anyone or seeing anyone. Because once someone has seen you, learned information about you, or seen where you have gone, you have lost some privacy. You no longer have perfect privacy. True. In fact, just by posting to this mailing list we have given up some privacy or anonymity. The nature of the way we write, what we think, the experiences that we relate--all of these reveal something about ourselves. When the reader is Big Brother, or a potential employer or blackmailer etc., that might matter. When the reader is a random stranger, I prefer to think it doesn't. I'm confident I don't post anything that should prompt anybody to identify and come after me. Similarly, perfect anonymity will fail once someone can connect multiple messages or activities to an identity (whether or not that identity is a pseudonym, real name, or something else). How is that of consequence until they make the link between the identity and the person (or people) behind it? Knowledge that John Smith engages in certain activities is of no use until the John Smith in question
Re: Restarting gpg-agent
On Mon, 15 Mar 2010 11:58, r...@ringlet.net said: # start gpg-agent if no running instance is found if test -z ${GPG_AGENT_INFO} || ! kill -0 `grep GPG_AGENT_INFO ${GA_INFO_FILE} | cut -d: -f 2 -` 2/dev/null; then In this way, you risk a false positive if gpg-agent has died (or not been started at all, but a .gpg-agent.info file has been left over) I have not follewed this thread. However the code above is far too complex. For years gpg-agent is able to test whether it is already running, just call gpg-agent and don't pass the --daemon option: $ gpg-agent gpg-agent: gpg-agent running and available $ echo $? 0 $ GPG_AGENT_INFO= gpg-agent gpg-agent: no gpg-agent running in this session $ echo $? 2 Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Portable GnuPG? (Ideally with portable TB+Enigmail)
Hi everybody! I've been using GnuPG for a while now (The 1.x branch in combination with TB and Enigmail, to be precise.) and have been very happy with it, happy enough that I keep trying to convert people, running little informal workshops showing my friends and aquaintances the basics of encryption and how to use it. One barrier so far is that people sometimes are hesistant to install a bunch of stuff just to check something out, especially when it's something weird, like crypto. So I've been thinking that a portable version, complete with TV, Enigmail and trustdb/pubring/secring files safed on a flash drive would be useful, as I could just show people how it worked right on their own pcs without much installation or configuration. Sadly, I'm not skilled enough to do this myself and my online search has only found something like http://portableapps.com/node/11402 , which didn't work when I tried it. (Installed it using the instruction at the link, Enigmail didn't find the portable gnupg version. -_-'') So, have I missed anything that's already out there or am I out of luck? Aaron ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Portable GnuPG? (Ideally with portable TB+Enigmail)
On 15.03.2010 21:14, Grant Olson wrote: I think you just found the wrong page. Install the latest thunderbirdPortable from here: http://portableapps.com/support/thunderbird_portable And install gpg from here: http://portableapps.com/support/thunderbird_portable#encryption This one isn't listed as a development test or beta status like the page you had. Then install Enigmail. It worked fine for me. Thanks, I'll try that one. (Weird that I didn't find it. Huh...) Also keep in mind it's not a good idea to insert a USB Drive with your private key into an untrusted computer. You might want to make a dummy key for demo purposes. Yeah, getting copies of your private keys on untrusted pcs (and entering the passphrase there) is a Bad Idea. I'll probably make a zipped blank package, with TB/Enigmail/Gnupg installed but without keys or anything, to show keygen, importing etc. So I could extract the prepared package, show my stuff and then just delete the whole thing and start from from the fresh package on the next computer. (Although, ideally, people would say Wow, that's awesome! and just keep using the programs. ^_^ ) Aaron ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Restarting gpg-agent
On 15 March 2010 16:54, Werner Koch w...@gnupg.org wrote: For years gpg-agent is able to test whether it is already running, just call gpg-agent and don't pass the --daemon option: This is what I use the fall back as part of MacGPG2: (* start-gpg-agent Part of the MacGPG2 project - http://macgpg2.sourceforge.net Released under v3 of the GPL *) -- Sleep for two seconds. delay 2 -- Try to contact gpg-agent set gpgAgentRunning to do shell script /usr/local/bin/gpg-agent /dev/null; echo $?; exit 0 -- If that fails, look for env file. if gpgAgentRunning 0 then set gpgAgentRunning to do shell script [ -f $HOME/.gpg-agent-info ] (source $HOME/.gpg-agent-info export GPG_AGENT_INFO /usr/local/bin/gpg-agent /dev/null) ; echo $?; exit 0 end if -- If that also fails, start a new copy of gpg-agent if gpgAgentRunning 0 then do shell script /usr/local/bin/gpg-agent --daemon --use-standard-socket --write-env /dev/null end if Should be easy to understand and implement in another scripting language. Ben ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Portable GnuPG? (Ideally with portable TB+Enigmail)
Maybe winPT portable as a GUI. But last time I got some alerts made by my antivirus while runing winpt portable Now what I'm doing is have my pendrive (better with CD read only system if you're got a truly paranoia) with Ubuntu Privacy Remix installed https://www.privacy-cd.org/ .. + Truecrypt GUI ready to run. All the best Andre Amorim. On 15 March 2010 21:24, Aaron Berthold lis...@story-games.at wrote: On 15.03.2010 21:14, Grant Olson wrote: I think you just found the wrong page. Install the latest thunderbirdPortable from here: http://portableapps.com/support/thunderbird_portable And install gpg from here: http://portableapps.com/support/thunderbird_portable#encryption This one isn't listed as a development test or beta status like the page you had. Then install Enigmail. It worked fine for me. Thanks, I'll try that one. (Weird that I didn't find it. Huh...) Also keep in mind it's not a good idea to insert a USB Drive with your private key into an untrusted computer. You might want to make a dummy key for demo purposes. Yeah, getting copies of your private keys on untrusted pcs (and entering the passphrase there) is a Bad Idea. I'll probably make a zipped blank package, with TB/Enigmail/Gnupg installed but without keys or anything, to show keygen, importing etc. So I could extract the prepared package, show my stuff and then just delete the whole thing and start from from the fresh package on the next computer. (Although, ideally, people would say Wow, that's awesome! and just keep using the programs. ^_^ ) Aaron ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Andre Amorim GnuPG KEY ID: 0x587B1970 FingerPrint: 42AE C929 4D91 4591 4E75 430F 78D9 53B4 587B 1970 Download: http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x587B1970 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Corrupted File
I have a fairly large file (about 10 mbytes) that was corrupted on disk. About 5-10 pages of the file (4096-byte blocks) were lost and set to zero. The file is a PGP encryption of a another file which is a 'tar' file of other smaller ASCII text files. I would like to decrypt as much of this file as possible. I know with several blank pages, I can never fully recover the file. However, most of the data is still legitimate. Is it possible to recover it with the gpg tools? To this point, I had been using the older PGP 5.0 version, but I can try gpg if it can decrypt most of the file. jp ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users