Re: gpg-agent and X
On Thu, 26 Aug 2021 16:23:16 +0100, Klaus Ethgen stated: >Unfortunately, the gtk3 version of pinentry has some toxic dependencies >that I never want to have. Would you be so kind as to list, and possibly explain, those toxic dependencies? -- Jerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Thunderbird / Enigmail / Autocrypt
On Sun, 22 Nov 2020 16:17:37 +, Brad Rogers stated: >True, but when my bank (just one example) tells me about their 'caring >about security' and then spewing HTML left, right, and centre, whilst >simultaneously disavowing themselves of blame should a virus be >transported by their message, they can, quite frankly, go take a >running jump. So, off the top of your head, how many viruses, parasites and other assorted malignancies has your bank infected you with? -- Jerry pgpKnU1yQ4Xrl.pgp Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private-keys-v1.d and preserve-permissions
On Thu, 10 Sep 2020 11:13:34 +0200, Martin Pätzold stated: > >> Yes, we have some period tasks that are handled by Celery. Celery > >> has its own user on the system and this user needs at least read > >> access to the keys, therefore we had to extend the permissions for > >> the "private-keys-v1.d" directory to group access. > > > > Long shot: does your system support ACLs? > >Using ACL would be possible, but we are reluctant to do so, since it >adds a second permissions layer that is only visible if you actively >look for it. Perhaps I am not understanding this correctly, but wouldn't that be a good thing? -- Jerry pgpAl6OEnu7lN.pgp Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: On Becky! Internet Mail's GnuPG Plugin
On Tue, 08 Sep 2020 16:14:13 +, Ryan McGinnis via Gnupg-users stated: >A. Yes, you can still anonymously register for almost anything. It's >not straightforward and requires a bit of forethought and jumping >through hoops. No, it probably won't defeat the NSA, but if they're >your adversary what in blue blazes are you doing using any kind of >electronic device let alone posting here. > >B. The Shadowgate documentary isn’t. This is Coo-Coo for CocoaPuffs >territory. If you want to believe that stuff that's cool, just >thought I'd make sure to stick the tinfoil tag on this one since you >speak of it like it's a legit thing. >https://www.usatoday.com/story/news/factcheck/2020/08/18/fact-check-shadowgate-spreads-misinformation-major-events/5601742002/ > >C. Replying to person you were replying to -- how pants on head >stupid does one have to be to use Tor browser (or any type of security >critical software) on XP? If you think that's a good idea then you >shouldn't be using Tor. Either you don't need Tor and using Tor is >silly for you, or you do need Tor and you're going to hurt yourself >bad by having not the slightest clue how to use Tor safely. > >D: If you really need secure anonymous email, fire up TAILS on a >bootable DVD, sign up for a free Protonmail account over Tor, use a >burner prepaid phone number to authenticate to Protonmail (Protonmail >correctly gets worried about Tor signups), access Protonmail only over >Tor (they have a hidden service). If that's not good enough to >circumvent your adversaries, again, you should probably just move up >into the remote Alaskan wilderness and live off wild animals and >shrubbery for the rest of your life and hope the bad men never find >you. > >-Original Message- >From: Gnupg-users On Behalf Of Dieter >Frye Sent: Monday, September 7, 2020 6:58 AM >To: gnupg-users@gnupg.org >Subject: On Becky! Internet Mail's GnuPG Plugin > > >> Hi, > >> curious as I am, If I understand it right, you use Windows XP with >> Becky as MUA for GnuPG or would like to use it with the lastest >> version of GnuPG? > >Howdy. > >So yes, I'm using Becky! as a MUA + an outdated GnuPG plugin on >Windows XP, but functionality is somewhat crippled for anything other >than GnuPG v1.4. > >> Your posting is done via secmail.pro, a Tor email provider, which >> requires AFAIK Tor Browser Bundle to access the service. > >> My question, if you don't mind, does the lastest Tor Browser Bundle >> still supports Windows XP and how do you use Becky with secmail.pro? >> > >Nope, they dropped support for XP (specifically the browser part) a >while ago, which thing never really affected me since I use a third >party browser which I interface with the "expert bundle" exe that they >continue to distribute. Of course, that's an gross oversimplification >of what's actually going on this computer, but you catch my drift. > >As far as secmail.pro is concerned, it's not possible to use it with >Becky! because there's no server-side support for SMTP, POP3 or IMAP, >so I'm writing directly from semail's web interface. > >Unfortunately since practically every single internet service in >existence (be it mail, fora or otherwise) has been in bed with the >worldwide private data collection operation going on right now (lookup >PRISM and the ShadowGate documentary) it's no longer possible (and so >it's been for nearly a decade now) to anonymously register any type of >account anywhere, meaning I'm technically shunned from the Internet >and it's nothing short of a miracle that I'm able to post here at all. >I'm actually shocked this place hasn't been hijacked by vpn-hating >cloudflare and the google captcha nazis because that's true everywhere >else. > >Currently I use another free, anonymous e-mail service called TorBox >which does have SMTP/POP3 support for everyday communications, though >that's only viable for people operating within the TOR network as it's >got no clearweb support unlike secmail itself, which at the end of the >day is kind of a useless thing anyways given it's blacklisted status >(and that completely without justification) among most every big and >small e-mail provider out there. Worst case of paranoia I have witnessed in quite awhile. -- Jerry pgp2DedM8b1rG.pgp Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
What is supposed to happen after I refresh keys?
FreeBSD 11.4 / amd64 gpg (GnuPG) 2.2.20 libgcrypt 1.8.5 This is probably a stupid question, but precisely what is supposed to happen after running "gpg2 --refresh-keys"? This is the log file created from running the above command: https://www.seibercom.net/logs/RefreshKeys.txt If I run the same command immediately after it completes its first invocation, the same log file is created. I thought that running 'refresh-keys" would remove deleted keys and update those that had new expirations dates or other modifications. Obviously, I must be in error. So, precisely what does the command accomplish? Thanks! -- Jerry pgp7dD8gbJtT4.pgp Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpg: keyserver refresh failed: No keyserver available
If this is the wrong place to ask this question, I apologize. FreeBSD 11.4-RELEASE I have not been able to refresh the keys on my system. I have run the following command with the error as shown. gpg2 --refresh-keys gpg: enabled debug flags: memstat gpg: refreshing 168 keys from hkp://pool.sks-keyservers.net gpg: keyserver refresh failed: No keyserver available gpg: keydb: handles=1 locks=0 parse=168 get=168 gpg:build=0 update=0 insert=0 delete=0 gpg:reset=0 found=168 not=1 cache=0 not=0 gpg: kid_not_found_cache: count=0 peak=0 flushes=0 gpg: sig_cache: total=0 cached=0 good=0 bad=0 gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0 outmix=0 getlvl1=0/0 getlvl2=0/0 gpg: rndjent stat: collector=0x calls=0 bytes=0 gpg: secmem usage: 0/32768 bytes in 0 blocks This is the version info for gpg2: gpg2 --version gpg (GnuPG) 2.2.20 libgcrypt 1.8.5 Copyright (C) 2020 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: /home/gerard/.gnupg Supported algorithms: Pubkey: RSA (1), ELG (16), DSA (17), ECDH (18), ECDSA (19), EDDSA (22) Cipher: IDEA (S1), 3DES (S2), CAST5 (S3), BLOWFISH (S4), AES (S7), AES192 (S8), AES256 (S9), TWOFISH (S10), CAMELLIA128 (S11), CAMELLIA192 (S12), CAMELLIA256 (S13) Hash: SHA1 (H2), RIPEMD160 (H3), SHA256 (H8), SHA384 (H9), SHA512 (H10), SHA224 (H11) Compression: Uncompressed (Z0), ZIP (Z1), ZLIB (Z2), BZIP2 (Z3) I don't believe it is a firewall problem, since there is no entry in the firewall log to even suggest that gpg2 tried to access anything. I have a Windows 10 machine that is using Kleopatra, on the same network, and it is working perfectly. I was hoping that someone could give me some suggestions on how to debug this problem. Thanks! -- Jerry pgpU9C9_wqH8C.pgp Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Bulk removal of expired keys
On Mon, 24 Feb 2020 12:01:42 -0500, Robert J. Hansen stated: >On 2020-02-24 07:44, Jerry wrote: >> <http://gnupg.10057.n7.nabble.com/gpg2-on-a-Windows-10-Pro-64-bit-machine-td51332.html> >> there is a listing for "pgpclean.ps1"... > >gpgclean.ps1. "PGP" is a registered trademark of Symantec. The free >software version is GPG. > >> Is there any similar program for use on a >> FreeBSD based OS? > >No, but if you give me until tonight there can be. Well, if you are not going to put a rush on it, I guess I will have too. :) -- Jerry pgp_N_dQVTmvc.pgp Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Bulk removal of expired keys
On the URL: <http://gnupg.10057.n7.nabble.com/gpg2-on-a-Windows-10-Pro-64-bit-machine-td51332.html> there is a listing for "pgpclean.ps1" that I have used successfully on my Windows machine. Is there any similar program for use on a FreeBSD based OS? My primary goal is to remove all expired keys and refresh the remaining ones if necessary. -- Jerry pgp2OnMohY6SA.pgp Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Moving sigs from Wins machine to FreeBSD
On Thu, 05 Dec 2019 20:48:01 +0100, Werner Koch stated: >On Thu, 5 Dec 2019 14:10, Jerry said: >> I have gpg4win installed on a Win 10 machine. I just installed >> FreeBSD onto a new PC. I installed GNUPG 2.2.18 and would like to >> move all of the signatures over to it from the Windows machine. Is >> that possible and how would be the best way to go about it? > >All data used by gpg and gpgsm is stored in a platform independent >format. For example, moving your GnuPG home directory from a 64bit big >endian Unix to a 32 bit Windows box will not lead to any problems. > >Data (signed or encrypted files) as created by gpg is per OpenPGP specs >also platform neutral. When using the armored format the line endings >are created as required by the platform; however all kind of line >endings are accepted by gpg. > > >Shalom-Salam, > > Werner So Werner, if I am understanding you correctly, I can just copy the C:\Users\gerar\AppData\Roaming\gnupg files over to the ~/.gnupg directory and it will work. Sounds good. Thanks! -- Jerry pgp6xYxETBExb.pgp Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Moving sigs from Wins machine to FreeBSD
I have gpg4win installed on a Win 10 machine. I just installed FreeBSD onto a new PC. I installed GNUPG 2.2.18 and would like to move all of the signatures over to it from the Windows machine. Is that possible and how would be the best way to go about it? Thanks! -- Jerry pgpRrTNcdDo4T.pgp Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We have GOT TO make things simpler
On Mon, 7 Oct 2019 15:49:35 -0400, Jean-David Beyer via Gnupg-users stated: >On 10/7/19 9:32 AM, Phillip Susi wrote: >> Bingo! And as long as the user is not interested in it, and won't >> learn how to properly use it, all they will get is the veneer of >> privacy and learn the hard way that they really aren't secure. You >> just can't make security idiot proof. > >I had a realistic uncle who used to say, "You can always design a >system to be fool-proof; but if you do, a damned-fool will come along. Every day, man is making bigger and better fool-proof things, and every day, nature is making bigger and better fools. So far, I think nature is winning. Albert Einstein -- Jerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Essay on PGP as it is used today
On Mon, 22 Jul 2019 07:07:32 -0400, Robert J. Hansen stated: >> I went to an EFF (Electronic Frontier Foundation) meeting and a big >> and tall guy came to me and told me that he had a way of Breaking PGP >> and told me he had been working on a database program that made this >> possible and spouted off terms I had never heard before. > >Yeah, these conspiracy theorists always show up. > >> I went back inside, and I couldn't find him. I had questions. > >You're in the right place. > >Mathematicians have come up with different ways to estimate how many >primes there were under a certain value -- what we call the prime >counting function, or "π(x)" in mathematicalese. There are lots of >ways to do it, but they all give answers very close to each other: >these are estimates, not precise numbers. > >The first estimate for π(x) was "x divided by the natural logarithm of >x". > >Let x be 100. The natural log of 100 is about 4.6. 100 divided by 4.6 >is about 22. Thus, we expect there to be about 22 primes under 100. >There are in fact 25 -- so while this method isn't perfect it's >definitely enough to get us in the neighborhood. > >If we do that same equation for a 2048-bit key, it turns out there are >10 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 >000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 >000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 >000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 >000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 >000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 >000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 >000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 >000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 >000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 >000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 >000 000 000 000 000 000 000 different prime numbers that could go into >it. > >Google's total data storage is about 10 exabytes. In 10 exabytes you >could store about 40 000 000 000 000 000 prime numbers. > >There's just no way anyone on earth has a list of prime numbers that >they're trying one after another. Not only isn't there enough hard >drive space, but the hard drives required would literally be bigger >than the entire Milky Way galaxy! I am not sure about that. If a good data compression algorithm was employed, they might be able to save the space of a solar system or two. -- Jerry pgp_kqZgIjIlX.pgp Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: SKS Keyserver Network Under Attack
On Sun, 30 Jun 2019 08:44:43 -0400, Robert J. Hansen stated: >> What would have prevented a state level actor from activating this >> exploit on a wide level during a time when it would have been most >> effective for them? > >A nation-state with a professional intelligence service probably isn't >very interested in taking down the keyserver network. Why should they >take down something that's not a big priority for them, especially if >it'll cost them a lot of international goodwill if it gets attributed >to them? I seriously doubt that a nation, such as North Korea or China, a nation that openly runs over its own citizens, would much care what anyone thought. However, I do agree with your general premise. >This has all the hallmarks of a child playing with matches and clapping >with glee as the house catches fire. While that is probably correct, it could also be attributed to some intelligence agency trying to test a 'proof of concept' in the real world in real time. Never-the-less, I think that Ockham's Razor applies here. -- Jerry pgplAAwhgBEFN.pgp Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: An option to generate revocation cert for subkey(s)?
On Sat, 16 Feb 2019 19:25:38 +0100, Michał Górny stated: >Hello, > >I'd like to ask whether it'd be feasible to have an option to generate >revocation certificate that revokes one (or more?) subkeys rather than >the whole key. > >Our use case involves signing key kept on a server for the purpose of >automated signatures. We'd like to keep the secret portion >of the primary key offline and use a dedicated signing subkey >on the server. At the same time, we'd like to be able to quickly >revoke the subkey if need arises without having to reach for the >primary key. > >I know that currently with a bit of hacking we can store an export >of the key with subkey revoked, and use that for the purpose. However, >I think it would be much more convenient if had an option to generate >the revocation signature separately. +1 -- Jerry pgpquFWg3Xzx8.pgp Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: showphoto
On Mon, 21 Jan 2019 23:09:10 +0100, Ángel stated: >On 2019-01-19 at 11:09 -0500, Jerry wrote: >> gpg> showphoto >> Displaying jpeg photo ID of size 88074 for key 3873063887DEC564 (uid >> 3) >> >> After a few seconds, an error message pops up on the screen. >> >> C:\Users\Gerard\AppData\Local\Temp\gpg-62cno9\87DEC564.jpg contains >> an invalid path. >> >> I have tried several times with each uid and it always issues an >> error message. >> >> I was only experimenting with the idea of adding a photo, but I would >> still like to know why it is apparently not working correctly. > >showphoto launches an external program to view the photo. Since you are >using Windows, the path has backslashes, that the receiving program >seems to be treating as escape characters rather than a path (plus, the >default of xloadimage is unlikely to be available there) > >Changing to a different viewer would probably fix it. And it will >likely work flawless if you tried the same steps from a *nix machine. This sounds more like a bug to me. I'll probably gather all the info I can and submit it and see what happens. -- Jerry pgpF8jDdc4DCU.pgp Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
showphoto
Windows 10 Pro version 1809 gpg (GnuPG) 2.2.11 libgcrypt 1.8.4 I am not sure if this is an error on my part of if something else is wrong. I added a photo to one of my keys. That seemed to work fine. When i view the key, the image is listed as uid 3, which seems correct. The screen looks like this: gpg --edit-key ger...@seibercom.net gpg (GnuPG) 2.2.11; Copyright (C) 2018 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. sec rsa2048/3873063887DEC564 created: 2019-01-19 expires: never usage: SCA trust: ultimate validity: ultimate ssb rsa2048/881E39D62E6489CA created: 2019-01-19 expires: never usage: E [ultimate] (1). Gerard E. Seibert [ultimate] (2) Gerard E. Seibert [ultimate] (3) [jpeg image of size 88074] gpg> uid 3 sec rsa2048/3873063887DEC564 created: 2019-01-19 expires: never usage: SCA trust: ultimate validity: ultimate ssb rsa2048/881E39D62E6489CA created: 2019-01-19 expires: never usage: E [ultimate] (1). Gerard E. Seibert [ultimate] (2) Gerard E. Seibert [ultimate] (3)* [jpeg image of size 88074] gpg> showphoto Displaying jpeg photo ID of size 88074 for key 3873063887DEC564 (uid 3) After a few seconds, an error message pops up on the screen. C:\Users\Gerard\AppData\Local\Temp\gpg-62cno9\87DEC564.jpg contains an invalid path. I have tried several times with each uid and it always issues an error message. I was only experimenting with the idea of adding a photo, but I would still like to know why it is apparently not working correctly. -- Jerry pgpEQhnhVNbA4.pgp Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Changing order of ids in key
On Sat, 19 Jan 2019 14:24:21 +0100, dirk1980ac via Gnupg-users stated: >Hello Jerry. > >Am Samstag, den 19.01.2019, 07:31 -0500 schrieb Jerry: >> Probably a dumb question, but I thought I would ask regardless. >> >> I created a key pair using my name and email address. I then added a >> new id to the key with the same name but a different email address. >> Now, when I send an email, the second id is the one displayed no >> matter what email address I was using when I sent the message. (I >> hope that this is making sense). > >Yes, I know what you mean. This behavior depends mostly on the MUA you >are using. One UID is marked as primary. Some MUAs only display the >primary UID, some display all and some pick the right one from the >list. > >> Is there any way to switch the position of the ids in the key other >> than deleting the key and creating a new one? Would I be better off >> creating two separate keys? I would rather keep things simple if >> possible. Would creating a sub-key be the way to go? I am sort of >> lost here. > >You can set the other UID as primary. But you would have the same >problem, when you send with the other address. You should test it with >another MUA, what this displays. In my case (evolution), it checks the >UIDs and gives an 'okay' if one of the addresses matches the sender. If >I check for the signature key by clicking the symbol for the signature >details, I see the output of GPG with the primary UID and the other >UIDs as aliases, the same way, as gpg does on the command line. > >Hth, >Dirk Thanks, that is pretty much what I thought too. I am using claws-mail. -- Jerry pgpUKIe4_9Cos.pgp Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Changing order of ids in key
Probably a dumb question, but I thought I would ask regardless. I created a key pair using my name and email address. I then added a new id to the key with the same name but a different email address. Now, when I send an email, the second id is the one displayed no matter what email address I was using when I sent the message. (I hope that this is making sense). Is there any way to switch the position of the ids in the key other than deleting the key and creating a new one? Would I be better off creating two separate keys? I would rather keep things simple if possible. Would creating a sub-key be the way to go? I am sort of lost here. Thanks! -- Jerry pgp7Eu8m2RUQV.pgp Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Removing expired keys
I am not sure if this is the best place to ask this question, but it is a start. I am using GPG4WIN 3.1.5 on a Windows 10 machine. Over the years, I have accumulated several keys that are expired. Is there a way to remove those expired keys automatically, either from within Kleopatra or from the command line? I have tried Googling, but nothing useful ever appeared. Thanks! -- Jerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problem refreshing keys
On Wed, 13 Jun 2018 23:22:19 -0400, Phil Pennock stated: >On 2018-06-13 at 09:52 -0400, Jerry wrote: >> On Wed, 13 Jun 2018 15:25:04 +0200, Werner Koch stated: >> >The common problem on Windows: You can't use ' to quote; we Unix folks >> >always forget about that. Use > >Bah, I just didn't know. :D I suspected though, which is why I >mentioned typing interactively as a fallback. > >> gpg-connect-agent --dirmngr "KEYSERVER --hosttable" /bye >> S # hosttable (idx, ipv6, ipv4, dead, name, time): >> S # 0 hkps.pool.sks-keyservers.net (216.66.15.2) >> OK >> >> Is that what it should be reporting? > >What version is it? Is there a newer version available? > > gpg-connect-agent --dirmngr "GETINFO version" /bye > >There have been a bunch of fixes for various DNS issues with dirmngr, I >would expect to see something showing that it's a pool. > >You're talking to zimmermann.mayfirst.org, which works fine; I just >overrode DNS for the pool and made sure that >hkps.pool.sks-keyservers.net only reached that IP (/etc/hosts override) >and I was able to retrieve a key fine, after which: > >> KEYSERVER --hosttable >S # hosttable (idx, ipv6, ipv4, dead, name, time): >S # 0 hkps.pool.sks-keyservers.net >S # . hkps.pool.sks-keyservers.net >S # . --> 1* >S # 1 4 216.66.15.2 (hkps.pool.sks-keyservers.net) >OK > >I suspect that you have an old dirmngr and the problems are fixed with a >newer release of gpg4win. > >-Phil gpg-connect-agent --dirmngr "GETINFO version" /bye gpg-connect-agent: no running Dirmngr - starting 'C:\Program Files (x86)\Gpg4win\..\GnuPG\bin\dirmngr.exe' gpg-connect-agent: waiting for the dirmngr to come up ... (5s) gpg-connect-agent: waiting for the dirmngr to come up ... (4s) gpg-connect-agent: connection to the dirmngr established D 2.2.7 OK I have Gpg4win Version 3.1.1 (2018-05-03) installed. That is supposed to be the latest version. -- Jerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problem refreshing keys
On Wed, 13 Jun 2018 15:25:04 +0200, Werner Koch stated: >On Wed, 13 Jun 2018 00:23, je...@seibercom.net said: > >> gpg-connect-agent --dirmngr 'KEYSERVER --hosttable' /bye > >The common problem on Windows: You can't use ' to quote; we Unix folks >always forget about that. Use > > gpg-connect-agent --dirmngr "KEYSERVER --hosttable" /bye > > >Salam-Shalom, > > Werner OK, now this is what I am receiving: gpg-connect-agent --dirmngr "KEYSERVER --hosttable" /bye S # hosttable (idx, ipv6, ipv4, dead, name, time): S # 0 hkps.pool.sks-keyservers.net (216.66.15.2) OK Is that what it should be reporting? -- Jerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problem refreshing keys
On Tue, 12 Jun 2018 16:42:25 -0400, Phil Pennock stated: >On 2018-06-12 at 10:05 -0400, Jerry wrote: >> Starting C:\Program Files (x86)\GnuPG\bin\gpg.exe --display-charset utf-8 >> --refresh-keys... gpg: refreshing 387 keys from >> hkps://hkps.pool.sks-keyservers.net gpg: keyserver refresh failed: Server >> indicated a failure >> >> This is happening on a Windows 10 PRO / amd64 machine. This has been >> occurring for several days now. Is there something wrong with the server? > >Seems likely, but there's not enough information there to track it down. > >hkps.pool.sks-keyservers.net is a collection of servers, run by >different people, with management software tracking their status and >updating DNS as needed. > >I've no idea how to use Kleopatra to ask for more debugging details to >get the IP, sorry. > >You can see some of what's going on with: > > gpg-connect-agent --dirmngr 'KEYSERVER --hosttable' /bye > >(if Windows doesn't like that quoting, then press enter after --dirmngr >and then enter each of the next strings as a command at the prompt) > >Eg, I see: > >% gpg-connect-agent --dirmngr 'KEYSERVER --hosttable' /bye >S # hosttable (idx, ipv6, ipv4, dead, name, time): >S # 0 hkps.pool.sks-keyservers.net >S # . hkps.pool.sks-keyservers.net >S # . --> 4 9* 3 2 1 8 7 6 5 >S # 1 4 216.66.15.2 >S # 2 4 193.224.163.43 (hufu.ki.iif.hu) >S # 3 4 193.164.133.100 (mail.b4ckbone.de) >S # 4 4 176.9.147.41 (mail.ntzwrk.org) >S # 5 4 92.43.111.21 (oteiza.siccegge.de) >S # 6 4 68.187.0.77 (stlhs.archreactor.org) >S # 7 4 51.15.53.138 (ams.sks.heypete.com) >S # 8 4 37.191.226.104 (host-37-191-226-104.lynet.no) >S # 9 4 18.191.65.131 >(ec2-18-191-65-131.us-east-2.compute.amazonaws.com) OK > >So the "." lines are because the previous item is a pool, so they >provide more information, and AFAICT the "-->" line is "the order we'll >try them in, with the currently active server marked with "*"; this >shows me that the second item is active. This makes sense, since the >first retrieval took a long time, but the second was very quick: the >first keyserver failed to give something sane back, so dirmngr fell over >to the next item, which responded, and dirmngr has remembered that one >as "good" so it will use it again in future. > >Given the failure you see, the "blind stabbing in the dark" approach >would be to use: > > KEYSERVER --dead IP.ADD.RE.SS > >to mark the one with a "*" as "bad" and see what happens. If that fixes >it, then you know that the IP address which was "responding" and so >selected was actually failing. You can drop a note to >sks-de...@nongnu.org with details if you manage to extract that much >information from the tooling. > >-Phil, whose keyserver is in the pool and, coincidentally, is #9 above, > the one which worked and was selected. This is what I am getting: gpg-connect-agent --dirmngr 'KEYSERVER --hosttable' /bye gpg-connect-agent: Note: '--hosttable'' is not considered an option ERR 167772435 Unknown IPC command ERR 167772435 Unknown IPC command -- Jerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Problem refreshing keys
I don't know if this is the right place to ask this, but it is a start. Kleopatra Version 3.1.1-gpg4win-3.1.1 Trying to refresh the keys, produces this error message: Starting C:\Program Files (x86)\GnuPG\bin\gpg.exe --display-charset utf-8 --refresh-keys... gpg: refreshing 387 keys from hkps://hkps.pool.sks-keyservers.net gpg: keyserver refresh failed: Server indicated a failure This is happening on a Windows 10 PRO / amd64 machine. This has been occurring for several days now. Is there something wrong with the server? -- Jerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
US-CERT now issuing a warning for OpenPGP-SMIME-Mail-Client-Vulnerabilities
NCCIC encourages users and administrators to review CERT/CC’s Vulnerability Note VU #122919. https://www.us-cert.gov/ncas/current-activity/2018/05/14/OpenPGP-SMIME-Mail-Client-Vulnerabilities -- Jerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Removing expired keys
On Sun, 25 Feb 2018 14:48:23 +0100, Dirk Gottschalk via Gnupg-users stated: >Hello. > >Am Samstag, den 24.02.2018, 07:20 -0500 schrieb Jerry: >> Kleopatra Version 3.0.2-gpg4win-3.0.3 >> >> Running the command from Kleopatra > Certificates> on a >> Windows 10 PRO amd64 machine, displays numerous expired certificates. >> The >> complete output is available here: https://seibercom.net/GPG-Expired- >> Keys.txt >> >> Is there any command that I can run from either Kleopatra or the >> Windows' >> command line that will remove all of these expired certificates? I >> would >> really love to clean up system and removed expired or revoked >> certificates. > >I run under Linux and have a shell script for this. AFAIK there is no >way to do this automatically from gpg itself. > > >> Also, how do I deal with "signatures not checked due to missing keys" >> warnings? > >You could turn on automatic key retieval in gog.conf. add the following >to the keyserver-options parameter: > >auto-key-retrieve It is already there. >This will automatically download missing keys when you try to verify a >signature. > >Regards, >Dirk ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Removing expired keys
Kleopatra Version 3.0.2-gpg4win-3.0.3 Running the command from Kleopatra on a Windows 10 PRO amd64 machine, displays numerous expired certificates. The complete output is available here: https://seibercom.net/GPG-Expired-Keys.txt Is there any command that I can run from either Kleopatra or the Windows' command line that will remove all of these expired certificates? I would really love to clean up system and removed expired or revoked certificates. Also, how do I deal with "signatures not checked due to missing keys" warnings? Thanks! -- Jerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: SHA1 collision found
On Fri, 24 Nov 2017 00:10:44 -0800, Brent Small stated: >What’s up up ADVERB toward the sky or a higher position: "he jumped up" · [more] synonyms: up · higher · uphill · upslope · to the top · skyward · heavenward to the place where someone is: "Dot didn't hear Mrs. Parvis come creeping up behind her" at or to a higher level of intensity, volume, or activity: "she turned the volume up" · [more] into the desired or a proper condition: "the mayor agreed to set up a committee" PREPOSITION from a lower to a higher point on (something); upward along: "she climbed up a flight of steps" ADJECTIVE directed or moving toward a higher place or position: "the up escalator" in a cheerful mood; ebullient: "the mood here is resolutely up" (of a computer system or industrial process) functioning properly: "the system is now up" at an end: "his contract was up in three weeks" · [more] NOUN a period of good fortune: "you can't have ups all the time in football" VERB do something abruptly or boldly: "she upped and left him" cause (a level or amount) to be increased: "capacity will be upped by 70 percent next year" lift (something) up: "everybody was cheering and upping their glasses" ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpg2 decryption issues
Presently on below version. gpg (GnuPG) 2.0.22 libgcrypt 1.5.3 I've sent vendor public key and received files back encrypted with our key. I can decrypt file when using the pinentry and manually enter passphrase. I've tried several variation of command in batch mode but all give error gpg: public key decryption failed: Bad passphrase gpg: decryption failed: No secret key gpg2 -v --batch --yes --no-tty --passphrase-file <(echo testpp) -o tempain24 -d PAIN.024.pgp cat /export/home/applmgr/testpp | gpg2 --batch --passphrase-fd 0 --armor --decrypt /export/home/applmgr/PAIN.024.pgp echo | gpg2 --batch --passphrase-fd 0 --armor --decrypt /export/home/applmgr/PAIN.024.pgp Thanks jerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Changing PINs of German bank card
arly (hopefully), he probably will forget it >>> after short time ... > >> Better use shamir's secret sharing, or just use LCD-segments >> characters printed on two acetate sheets that need to be combined to >> be read. Obviously the two sheets are to be given to two different >> people, in sealed envelopes... > >Nice ideas :-) My own security needs are not that high, though (hoping >that life won't punish me for that optimism). > >> BTW the method you use is the same that was used for our mainframe's >> master password. :) > >To add to it, if you mistrust your relatives, you could put the >password on paper into some sort of lock box and carry the key to that >lock box with you. But then what would happen if you lost that key? I have all of my important papers, including passwords to accounts that have to be kept secure, in a bank safe deposit box. If I were to die, it wouldn't matter who had the key if they were on the allowed users list. My heirs would have to get a court order to have the box opened. Not really a big deal. Usually things like this are written into the will and happen all the time. BTW, it isn't all the difficult to open a regular lock box. I have drilled out a few in my time after losing the key. Having it a bank is far more secure. -- Jerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Question on Putty and gpg-agent
On Wed, 12 Apr 2017 16:42:57 -0400, Antony Prince stated: >My old key is expiring at the beginning of next month, so I've >generated a new set of keys. Dropped down to 2048 from 4096 RSA since >4096 seemed a bit of overkill and have the master key in a single >location. That's a different discussion. Anyway, using my new >Authentication key on Linux with SSH seems to be going okay. A few >issues with ssh-agent being present, etc. All that seems to be working >okay now. The issue I'm having is using Putty and gnupg on Windows. >The versions are: > >OS: Windows 7 SP1 x64 >Putty: 0.63 > >C:\Users\antony>gpg --version >gpg (GnuPG) 2.1.20 >libgcrypt 1.7.6 >Copyright (C) 2017 Free Software Foundation, Inc. >License GPLv3+: GNU GPL version 3 or later ><https://gnu.org/licenses/gpl.html> >This is free software: you are free to change and redistribute it. >There is NO WARRANTY, to the extent permitted by law. > >Home: C:/Users/antony/AppData/Roaming/gnupg >Supported algorithms: >Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA >Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, >CAMELLIA128, CAMELLIA192, CAMELLIA256 >Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 >Compression: Uncompressed, ZIP, ZLIB, BZIP2 > >C:\Users\antony>gpg-connect-agent >> GETINFO version >D 2.1.20 >OK >> bye >OK closing connection > >The following options are in >"C:\Users\antony\AppData\Roaming\gnupg\gpg-agent.conf": > >default-cache-ttl 300 >max-cache-ttl 3000 >enable-putty-support >disable-scdaemon >daemon > >I have the keygrip listed in sshcontrol (the file was not created on >its own, I created it manually). > >When I try to connect to the server with putty using the "Attempt >authentication using Pageant" option, I just get "Disconnected: No >supported authentication methods available. (server sent: publickey)". >I was of the understanding that gpg-agent would act as a replacement >for Pageant in this mode. > >I have the public key in the ~/.ssh/authorized_keys file and can log in >successfully using ssh and gpg-agent on Linux. Before I added >"disable-scdaemon", gpg-agent would complain that it couldn't find the >key on the card (I've never had one). Since adding that option, that >error has gone away, but it still does not work and gpg-agent doesn't >provide any helpful output. The keygrip named file exists in >private-keys-v1.d, so the key is there. Any help in further >troubleshooting the issue would be greatly appreciated. I'm sorry if >this has been answered before. I looked through the archives and >googled around a bit, but couldn't find anything to point me in the >right direction. That is a very old version of Putty. Latest news 2017-02-21 PuTTY 0.68 released, containing ECC, a 64-bit build, and security fixes PuTTY 0.68, released today, supports elliptic-curve cryptography for host keys, user authentication keys, and key exchange. Also, for the first time, it comes in a 64-bit Windows version. 0.68 also contains some security fixes: a vulnerability in agent forwarding is fixed, and Windows DLL hijacking should no longer be possible. -- Jerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg2 on a Windows 10 Pro 64 bit machine
On Mon, 27 Feb 2017 05:59:09 -0500, Jerry stated: >On Sun, 26 Feb 2017 20:56:55 -0500, Robert J. Hansen stated: <> I was just thinking that it might be nice to have a way to "LOG" the output of the program so that a user could inspect it later to see what transpired or if an error occurred. There are several ways to accomplish this With Windows Power Shell. I am not all that familiar with it though. In any case, it is just a thought. -- Jerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg2 on a Windows 10 Pro 64 bit machine
goes quickly. > >If there's interest, I'll put a good-looking GUI on this. I just ran the program, and it seems to work fine. Using Windows 10 PRO 64 bit, users can simply locate the program and right click on it. A menu will come up. One of the selections is to run with Windows Power Shell. Simple click on that and you are off to the races. The first time you run the program Windows will ask if you want to change the permissions on the program so it can be run. At least it did on my machine. A GUI might be interesting. I would be willing to beta test it for you. Thanks for your hard work on this. -- Jerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpg2 on a Windows 10 Pro 64 bit machine
On a Windows 10 PRO 64 bit machine, when I run the following command: gpg2.exe --refresh-keys I receive the following error message: gpg: can't handle key algorithm 22 gpg: can't handle key algorithm 18 I am not sure what that is referring to. Also, there are numerous keys listed as revoked or expired. Is there a anything I can run from the command line that will automatically remove all revoked or expired keys? This is the gpg2 info. C:\WINDOWS\system32>gpg2.exe --version gpg (GnuPG) 2.0.30 (Gpg4win 2.3.3) libgcrypt 1.6.6 Copyright (C) 2015 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: C:/Users/Gerard/AppData/Roaming/gnupg Supported algorithms: Pubkey: RSA, RSA, RSA, ELG, DSA Cipher: IDEA (S1), 3DES (S2), CAST5 (S3), BLOWFISH (S4), AES (S7), AES192 (S8), AES256 (S9), TWOFISH (S10), CAMELLIA128 (S11), CAMELLIA192 (S12), CAMELLIA256 (S13) Hash: MD5 (H1), SHA1 (H2), RIPEMD160 (H3), SHA256 (H8), SHA384 (H9), SHA512 (H10), SHA224 (H11) Compression: Uncompressed (Z0), ZIP (Z1), ZLIB (Z2), BZIP2 (Z3) Thanks -- Jerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: pyme3 for Windows
On Mon, 23 Jan 2017 01:06:38 +0100, ankostis stated: >Has anybody managed to compile pyme3 on Windows? > >Thanks for all the Hard Work, > Kostis > I don't know if this is what yo are looking for. https://sourceforge.net/projects/pyme/files/latest/download?source=files -- Jerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Unknown Protocol error message
using claws-mail on a Windows 10 Pro / 64 bit machine, I see the following error message appear quite often on the bottom of the screen: The signature can't be checked - Unsupported protocol I don't understand the reason for this or how to correct it. Can anyone assist me? -- Jerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: 2 Q's
On Wed, 17 Aug 2016 15:36:05 +0100, Andrew Gallagher stated: >Parcimonie already exists. But it's an optional extra that most people >don't install (or even know of). People shouldn't be expected to >install or configure extras before they have a (safely) usable system. Okay, I give up. What is "Parcimonie"? -- Jerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Suddenly unable to use gpg-agent with putty
On Sun, 31 Jul 2016 16:03:37 +, Dylan Wang stated: >Putty gives me disconnected no supported authentication methods error, >and not asking me for pinentry pin, but I could do git sign without >problem. I didn't change server settings all my server can't ssh with >putty now, and I double check sshcontrol file, it doesn't change and >correctly configured, also enable-putty-support is in my >gpg-agent.conf. I tried everything I could do, re-plug my keys, >reboot, reinstall & configure gnupg, restart gpg-agent...my settings >always works well on the past few months. Right now I completely can't >figure out what's happened here, I'm running gpg 2.1.14 on windows 10, >below are the detailed log for gpg-agent: > >λ gpg-agent --daemon --verbose --debug-level guru >--enable-putty-support gpg-agent[12792]: enabled debug flags: command >mpi crypto memory cache memstat hashing ipc >gpg-agent[12792]: listening on socket >'C:\Users\goncc\AppData\Roaming\gnupg\S.gpg-agent' >gpg-agent[12792]: gpg-agent (GnuPG) 2.1.14 started >gpg-agent[12792]: putty message loop thread started >gpg-agent[12792]: handler 0x4 for fd 496 started >gpg-agent[12792]: DBG: chan_0x01f0 -> OK Pleased to meet you >gpg-agent[12792]: DBG: chan_0x0270 <- OK Pleased to meet you >gpg-agent[12792]: DBG: chan_0x0270 -> GETINFO pid >gpg-agent[12792]: DBG: chan_0x01f0 <- GETINFO pid >gpg-agent[12792]: DBG: chan_0x01f0 -> D 12792 >gpg-agent[12792]: DBG: chan_0x0270 <- D 12792 >gpg-agent[12792]: DBG: chan_0x01f0 -> OK >gpg-agent[12792]: DBG: chan_0x0270 <- OK >gpg-agent[12792]: DBG: chan_0x0270 -> BYE >gpg-agent[12792]: DBG: chan_0x01f0 <- BYE >gpg-agent[12792]: DBG: chan_0x01f0 -> OK closing connection >gpg-agent[12792]: handler 0x4 for fd 496 terminated > >Much appreciate if someone could help me or give me some advice on how >to debug this. > >Thanks, >Dylan > What version of PUTTY are you using? -- Jerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Top-posting
On Thu, 28 Apr 2016 11:26:52 +0200, Matthias Apitz stated: >Speaking more technically, the problem is that 'modern' MUA, like >OutLook crap, thunderbird or other browser-like MUA do not invite to >post and quote correctly. They put the cursor above the first line >(sometimes you can not even configure this, and also not the correct >citation with '> ') and they do not provide the required >tools/commands to trim the old text, i.e. for example delete 150 lines >with just saying '150dd' or '.,$-20d' or others. In these 'modern' MUA >you must carefully place the cursor with the mouse, highlight even >more carefully the text you want to delete, and doing this with the >limitation of a smartphone is really a PITA. I use "claws-mail" and all I have to do is highlight the text I want to reply to. If there is something I still want to eliminate, I just highlight it and delete it. Now. if I had to start counting characters, lines, etcetera and entering cryptic code to remove said items, that would be a PITA. I rarely use a smart phone to respond to an email. And if I do, I have discovered that it is possible to delete unnecessary text AND position the new text at the bottom of the message. By the way, I have also discovered that you can do the exact same thing in MS Outlook. I don't use "Thunderbird" so I cannot comment on its features or deficiencies. -- Jerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: All mails identified as spams by Google
On Fri, 25 Mar 2016 11:11:28 +0100, Guan Xin stated: >All mails from gnupg-users are identified as spams by gmail since >yesterday. Google says that the mailing list "is in violation of >Google's recommended email sender guidelines". > >Why does it happen? This is the first time that I see 100% false >positive of the gmail spam filter. 1) I personally "HATE" Gmail and stay as far away from it as possible whenever able. 2) I am not seeing that problem here. -- Jerry "You see, in this world, there's two kinds of people, my friend — those with loaded guns, and those who dig. You dig." — Clint Eastwood, The Good, the Bad, and the Ugly (1966) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Importing Certificates into Kleopatra in Windows 10
I know that this is probably a stupid question, but I cannot find the answer anywhere. I just installed Claws-Mail and GPG4Win on a Windows 10 Pro/64 machine. I want to import all of my certificates from my old machine. It is still up and running. I imported: trustdb.gpg secring.gpg pubring.gpg This gave me all of the keys I had save on the older machine. Now, I need to import my private keys; however, I cannot figure out how to do it. I would appreciate any assistance possible. -- Jerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: How to get your first key signed
> Please! For the 600th time! REMOVE ME FROM THIS MAILING LIST! Please for the 601st time, follow the directions you have been give before: List-Unsubscribe: <http://lists.gnupg.org/mailman/options/gnupg-users>, <mailto:gnupg-users-requ...@gnupg.org?subject=unsubscribe> And while you are at it, STOP hijacking threads. -- Jerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: plaintext non-ssl distribution - who things this is a good idea?
On Fri, 11 Sep 2015 01:07:52 +1000, cow...@anon.im stated: > Who else thinks someone should spring for the $10 it would take to buy and > install an SSL certificate for the principal distribution point of gpg and > it's signatures on the worlds most popular platform? > > http://gpg4win.org/download.html > http://files.gpg4win.org/gpg4win-2.2.6.exe > http://files.gpg4win.org/gpg4win-2.2.6.exe.sig I'll chip in. -- Jerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Facebook and OpenPGP
On Mon, 1 Jun 2015 22:17:33 +0200, Einar Ryeng stated: A comment worth reading in case one does not see it oneself IMHO: https://blogs.fsfe.org/gerloff/2015/06/01/facebook-offers-to-send-you-encrypted-emails-this-wont-help-you/ Well, that comment seems to identify the two main groups you want to hide information from as being Facebook and the US government. If that was true, you probably wouldn't be on FB in the first place. Honestly, the only email I ever get from FB is a notification that someone posted on my page or left me a message. I fail to see any point whatsoever in bothering to encrypt this nonsense. However, each to their own. -- Jerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
OT: Re: Removing hkp from server
On Sat, 16 May 2015 11:37:12 +0200, Werner Koch stated: FWIW: GnuPG 2.1 creates revocation certifciates for all new keys and stores them below ~/.gnupg/openpgp-recovs.d/. I have created new keys; however, they are not located in that folder. The only key I have there is for the very first one I created on this system. Am I doing something wrong? -- Jerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MIME or inline signature ?
On Tue, 17 Feb 2015 00:16:26 +, MFPA stated: I like that advantage of keeping it all visible in the message body. That is the reason I detest INLINE as opposed to PGP/MIME. The insertion of superfluous garbage in the message body is annoying to say the least. Worse, since most users have no concept of trimming a message before replying to it, even more useless garbage is transmitted when replied to, thus killing more innocent electrons and wasting bandwidth not to mention the consumption of screen territory. -- Jerry pgpPy2tM3jAwJ.pgp Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MIME or inline signature ?
On Sun, 15 Feb 2015 19:56:21 -0800, Doug Barton stated: I get that you have a preference, and personally I don't care how you sign your messages. But as I stated before, it really bothers me when the zealots (on either side) misrepresent the facts in order to bolster their case. I agree Doug, and I think this debate has gone on long enough. We are each free to use what ever method we feel most at ease with. Until an RFC is released definitively declaring one type obsolete, who really cares. -- Jerry That guy's gotta stop... He'll see us. Said to friend Rolf Wütherich in 1955 after being advised to slow his driving speed, moments before a head-on collision took his life. pgpGVmrS6F6cj.pgp Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MIME or inline signature ?
On Sun, 15 Feb 2015 20:55:05 +0100, Matthias Mansfeld stated: One point for inline vs. MIME: You can easily Ctrl-V the complete inline signed or encrypted mail in the clipboard and Ctrl-V it in any GnuPG Interface. Doesn't work with a PGP/MIME mail. I have never, ever had a reason to do that, and I cannot think of any reason that I would. I suppose thought that it is possible that it might be of use to someone. -- Jerry pgpQt6am0dOun.pgp Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MIME or inline signature ?
On Fri, 13 Feb 2015 12:22:23 +, MFPA stated: My preference is Inline: I want everything right there in the message body where I can see it. Exactly what is it you feel the over powering urge to see? -- Jerry pgpDjGfOstW1Q.pgp Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MIME or inline signature ?
On Thu, 12 Feb 2015 23:46:33 +0100, Xavier Maillard stated: Hello, in my quest of the perfect setup, I am asking myself what is the prefered way to sign a message: inline (like this one) or using a MIME header ? Is there a big thumb rule to respect ? Inline totally destroys a sig delimiter and adds a lot of useless garbage to the message body. I never use it. If someone is using an MUA that cannot handle PGP/MIME that is their problem, not mine. -- Jerry pgpmRYC0qaTbf.pgp Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Pros and cons of PGP/MIME for outgoing e-mail?
On Mon, 24 Nov 2014 14:12:48 +0100, Werner Koch stated: To be fair, that changed with Outlook 2010. We merely had not the resources to change GpgOL to make use of the new Outlook structure. Interesting; has there been any movement on that front? I use Outlook 2013 at my office and that would be a handy feature to have. -- Jerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] The sixth Beta for GnuPG 2.1 is now available for testing
On Mon, 18 Aug 2014 07:14:53 +, KA IT User stated: Again, we request to remove us from the mailing list. And again, have you checked the email headers? List-Unsubscribe: http://lists.gnupg.org/mailman/options/gnupg-users, mailto:gnupg-users-requ...@gnupg.org?subject=unsubscribe -- Jerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: It's time for PGP to die.
On Mon, 18 Aug 2014 10:04:54 +0100, Rob Ambidge stated: I read an article or something a while back stating the legal theory that if your passphrase is an admittance to a past crime, to hand over said passphrase would constitute as having said testimonial value and you could get away with not disclosing the passphrase. But it is just legal theory, and I am no expert in law, american law, or even cryptography. So what happens in practice is anyone's guess really. On 18 August 2014 07:01:46 BST, Johan Wevers joh...@vulcan.xs4all.nl wrote: On 17-08-2014 22:42, Robert J. Hansen wrote: The only time production of a passphrase is permitted is when it lacks any testimonial value. And who determines wether it has any testimonial value? That sounds like a fine legal loophole to pressure someone into telling the passphrase. In those cases where the US government is actually interested in paying lip service that it will obey the law that is - they could just as easily declare you an illegal combattant or something like that and just torture it out of you. Much of the discussion has been about what analogy comes closest. Prosecutors tend to view PGP passphrases as akin to someone possessing a key to a safe filled with incriminating documents. That person can, in general, be legally compelled to hand over the key. Other examples include the U.S. Supreme Court saying that defendants can be forced to provide fingerprints, blood samples, or voice recordings. The entire article is available here: http://www.cnet.com/news/judge-americans-can-be-forced-to-decrypt-their-laptops/ -- Jerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Windows editor destroys gpg.conf
On Wed, 15 Jan 2014 14:02:12 +0100, Hauke Laging stated: Hello, when I help Windows users create keys then my script converts the Linux version of gpg.conf (after some editing) to the Windows line endings. This works. But if I edit the file with the Windows editor (unfortunately I have forgotten the Windows version) then gpg crashes with an error message like error in gpg.conf:1. I have experienced that several times in the past already. Unfortunately I both don't have Windows at home and have forgotten to make a copy of the damaged file so that I cannot have a look at it. A wild guess is that the editor adds a UTF-8 BOM at the beginning of the file (but that wouldn't affect XP, would it?). Two concerns: 1) Does anyone know what the problem is and/or whether I can avoid it by using another program which is part of Windows (or widely used)? 2) Would it make sense to make gpg work with such config files...? 8-) Personally, I use PSPad to edit files from different OSs on a Window's machine. http://www.pspad.com. It can save in several different formats and styles. Plus, it is free. -- Jerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New GUI frontend for windows
On Wed, 25 Dec 2013 12:50:50 -0500, Robert J. Hansen stated: On 12/25/2013 7:49 AM, Alice Bob wrote: It is closed source, unlimited trialware. (a) If you're asking people to provide feedback and bug reports for closed-source software, you're asking people to help you make a buck without giving them much of anything in return. I find that unethical. I don't find closed-source software unethical, mind you, but if you're going to write closed-source software then, IMO, you need to take responsibility for doing SQA without community assistance. (b) Without source, there's no way I will trust it. (c) The web page asks, Can I trust you?, and you answer it with YES!. Sorry, but no. The only correct answer to Can I trust you? is, You need to figure that out for yourself. In my experience, people who answer that question yes are usually deeply untrustworthy. (d) As a closed-source product, this should not be advocated on GnuPG-Users. GnuPG is a GNU project, and they have some quite serious philosophical beliefs about the moral evils of closed-source software. Let's respect the GNU position by not advocating closed-source software on this list. I certainly don't want to start a flame war here; however, if you are so unequivocally anti proprietary software, then why do you even allow a version of your product to be created that will run on it. That is certainly not a consistent approach. -- Jerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New GUI frontend for windows
On Wed, 25 Dec 2013 19:04:22 -0500, Ryan Sawhill stated: I wanted to create an easy to use gui for GnuPG. Without installing, choosing options, and just working from the get-go. I appreciate your sentiment but I absolutely agree with what everyone else has said. Expecting people to use closed-source crypto software in 2013 would be a little like expecting people to only buy their music (contained in a limited-life wasteful physical container like a CD) in-person at a big chain store.. or to only rent movies in-person at Blockbuster -- namely, unrealistic at best. And as you might have guessed after the first few comments: I can tell you right now you're not going to get anyone subscribed to this list to try it. Ryan Sawhill, lets get something straight. I don't speak for you and you do not speak for me. You are most certainly free to express your own sentiments; however, they are only yours, not mine nor anyone else's. -- Jerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Using sound of CPU to extract RSA Key
Has anyone seen this? It seems interesting, but is it accurate? http://it.slashdot.org/story/13/12/18/216/scientists-extract-rsa-key-from-gnupg-using-sound-of-cpu?sdsrc=popbyskid -- Jerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Using sound of CPU to extract RSA Key
On Sun, 22 Dec 2013 22:38:43 +0100, Werner Koch stated: On Sun, 22 Dec 2013 19:56, je...@seibercom.net said: Has anyone seen this? It seems interesting, but is it accurate? Sure. Haven't you see my announcement for 1.4.16 ? Really cool side-channel attack. No, I don't remember seeing any announcement, but then I don't read every email from the list as carefully as I should I guess. -- Jerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG detection on Windows?
On Thu, 18 Jul 2013 12:15:51 -0500
Anthony Papillion articulated:
I'm designing an application that will run on Windows and utilize
GNUPG. Right now, I'm detecting if GPG is installed by calling it then
parsing the output of the command to see if it succeeded or failed.
This is VERY messy and not my preferred way.
Does GPG4Win install anything to the registry that I could check for
to see if it's installed?
The software details installed in a PC is found in the registry in the
location HEKY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
.
You can use the following code to get the list of software programs
installed in the system. You can determine whether it is latest using
the InstallDate key in the registry.
/// summary
/// Gets a list of installed software and, if known, the software's install
path.
/// /summary
/// returns/returns
private string Getinstalledsoftware()
{
//Declare the string to hold the list:
string Software = null;
//The registry key:
string SoftwareKey = @SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall;
using (RegistryKey rk = Registry.LocalMachine.OpenSubKey(SoftwareKey))
{
//Let's go through the registry keys and get the info we need:
foreach (string skName in rk.GetSubKeyNames())
{
using (RegistryKey sk = rk.OpenSubKey(skName))
{
try
{
//If the key has value, continue, if not, skip it:
if (!(sk.GetValue(DisplayName) == null))
{
//Is the install location known?
if (sk.GetValue(InstallLocation) == null)
Software += sk.GetValue(DisplayName) + - Install path not
known\n; //Nope, not here.
else
Software += sk.GetValue(DisplayName) + - +
sk.GetValue(InstallLocation) + \n; //Yes, here it is...
}
}
catch (Exception ex)
{
//No, that exception is not getting away... :P
}
}
}
}
return Software;
}
//EXAMPLE USAGE:
private void get_software_list_button__Click(object sender, EventArgs e)
{
MessageBox.Show(Getinstalledsoftware());
}
--
Jerry ♔
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG keys for multiple email accounts
On Sun, 07 Jul 2013 17:19:02 -0400 Robert J. Hansen articulated: On 07/07/2013 01:02 PM, Heinz Diehl wrote: This very much depends on how important the encrypted information is considered to be. Find me some verifiable instance of OpenPGP passphrases being brute-forced and I'll take this seriously. Until then, I will continue to treat brute-forcing as the myth I'm almost certain it is. I like to assume an attacker is at least as smart as I am. If I'm smart enough to see that brute-forcing has really bad odds of success, why would I waste time when there are so many better avenues of attack available? I need your secret key and passphrase I'd start by hiring a thousand-dollar-a-night hooker for a week and point her in your direction, with a $5,000 bonus if she's able to get your key and passphrase without you noticing. Simple, cheap and effective. I might have her plant a keylogger while she's in your bedroom. Or I might try and nab you via a carefully-prepared spearphish, or get you on a drive-by as you surf the web, or... etc., etc. It makes absolutely no sense to brute-force a passphrase when it's so easy to compromise the communication endpoint. That's where the real work lies -- not in talk about making something resistant to brute-forcing. Further, who cares if the number of bits in different parts of the system aren't balanced? For some ciphers (incl. AES), a smaller key size means faster. This is irrelevant to the discussion. If a cipher isn't fast enough for your purposes then don't choose it. It has nothing to do with whether the entropy in a system is balanced. I worked for several years for a group that's specific job was to find security holes in organizations. Social Engineering is responsible for over 90% of all leaked data. All other method combined resulted in the other 10%. However, other methods such as brute force or hacking threats were easily detected as compared to the more subtle methods used in a well planned social scheme. Many users were not even aware that they had been taken and usually were to ashamed to admit they were even when it was revealed to them. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Why OpenPGP is not wanted - stupid is in vogue right now
On Tue, 11 Jun 2013 11:15:08 -0400 Avi articulated: On Tue, Jun 11, 2013 at 10:27 AM, Fernando Cassia fcas...@gmail.com wrote: On Tue, Jun 11, 2013 at 10:04 AM, Jean-David Beyer jeandav...@verizon.net wrote: But none of that will work on my Prius. as much as I like cars,before this list turns into Top Gear, can we get this thread back *on track* please? You mean that you we should clutch to the main topic and brake any off-topic tangents before they drive the thread completely off-road? Or are you just tire_d of how these threads wheel around with no differential between the main theme and non-themes, and no filter to steer the thread back to one universal topic? I will be accepting donations of projectile fermented vegetables for a limited time. This thread is rapidly become a joke. TOP posting, HTML, etcetera. Maybe those who are actually still interested in it could take it off-list. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Generating/Exporting under another user-account(Log on as a batch job rights)
On Fri, 17 May 2013 14:57:53 +0200 Lema KB articulated: hi all I have to generate a key-pair using another user-account (which is given right in local security settings to log on as a batch job) and export its public key. i did generate on windows cmd, but after i taped the passphrase, cmd window just dissappeared. and if i type to list keys, a window appears and closes immediately, so fast that i can't read what it writes. What would you suggest, ho can i see what it did and which keys it has under this another user? Any of your help is appreciated, thanks in advance. kiblema I don't know if this will work, but have you tried: script -k file command -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpa reports error: Unsupported Protocol
On Thu, 11 Apr 2013 21:20:50 +0200 Werner Koch articulated: It seems that GPGME has not been build with support for GPGSM. The output of configure when building gpgme should tell you this. Please try the patch for GPA below. I completely removed GNUPG, GPA, GPGME and everything else related to this mix and then did a fresh install. Now everything is working correctly. I did this BEFORE I received your patch. I had tried rebuilding the apps before, but I had not deleted them all first. Evidently, it makes a difference. Thanks for your time invested though. I appreciate it. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpa reports error: Unsupported Protocol
On Thu, 11 Apr 2013 09:59:09 +0200 Werner Koch articulated: On Wed, 10 Apr 2013 23:36, je...@seibercom.net said: GPA continually displays an error screen when I start it. The screen Does gpa --disable-x509 help? Yes, that corrects the problem, but why. Shouldn't it work without that hack? Do you have gpgsm installed (run: gpgsm --version)? gpgsm --version gpgsm (GnuPG) 2.0.19 libgcrypt 1.5.0 libksba 1.3.0 Copyright (C) 2012 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Cipher: 3DES, AES, AES192, AES256, SERPENT128, SERPENT192, SERPENT256, SEED, CAMELLIA128, CAMELLIA192, CAMELLIA256 Pubkey: RSA, ECDSA Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224, WHIRLPOOL -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpa reports error: Unsupported Protocol
On Thu, 11 Apr 2013 13:52:20 +0200 Werner Koch articulated: On Thu, 11 Apr 2013 11:53, je...@seibercom.net said: Yes, that corrects the problem, but why. Shouldn't it work without that hack? Yes. Actually I recall hat I fixed a bug related to this some time ago, but this should be in the release. Do you have any X.509 keys? gpgsm should auto-import some on the first use. If nothing helps, you need to debug it using: GPGME_DEBUG=3:/tmp/foo/gpgme.log: gpa you may need to increase the log level up to 9 to see almost everything. I ran this command: gpgsm -k Warning: using insecure memory! gpgsm: enabled debug flags: assuan gpgsm: conversion from `utf-8' to `US-ASCII' failed: Illegal byte sequence There are numerous keys listed. I have no idea where they originated from. A copy of the gpgme.log file @ level #9 is available here: http://www.seibercom.net/logs/gpgme.log -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpa reports error: Unsupported Protocol
gpa 0.9.3 gpgme 1.3.2 FreeBSD 8.3-STABLE -- amd64 GPA continually displays an error screen when I start it. The screen image is available here: http://www.seibercom.net/logs/gpa-error.png I have tried rebuilding the entire port, but the problem persists. I would welcome any suggestions. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG Crashing on Windows 8
On Thu, 28 Mar 2013 15:13:17 +0400 Kristine Concha articulated: GnuPG is crashing on my Windows 8 machine: Gpg4win Version 2.1.0 Kleopatra Version 2.1.0 Using KDE 4.1.4 Please do not use HTML format with a mailing list. It makes replying to a post a lot harder than it needs to be. You might want to check out this url: https://wiki.documentfoundation.org/How_to_get_a_backtrace_with_WinDbg. It should assist in getting a useful back trace of the application when it faults. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: US banks that can send PGP/MIME e-mail
On Fri, 22 Feb 2013 20:55:57 -0500 Robert J. Hansen articulated: On 02/22/2013 01:24 PM, Anonymous Remailer (austria) wrote: Have any consumer banks in the US figured out how to use PGP, so monthly statements can be truly *delivered*? OpenPGP, no, because there's no business case for them to do so. OpenPGP users represent a phenomenally small fraction of their userbase (probably 1%) and would account for a large fraction of their tech support questions. S/MIME, yes, some banks have discovered the benefit. However that's still mostly a business-to-bank thing as opposed to consumer-to-bank, since S/MIME is a technology that's not exactly ready for consumers. I find your statement regarding S/MIME erroneous; however, we can just agree to disagree on that matter. Neither one of us will ever win the argument. My bank and credit card company, sends me a monthly link to a secure URL that affords me the opportunity to view my statements. I also have the option of downloading in PDF, CSV or MS Excel format my statement. I have never received a plain email statement detailing my banking records. Unless I am seriously misreading this thread, I am not sure what advantage either PGP or S/MIME would afford. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: US banks that can send PGP/MIME e-mail
On Sat, 23 Feb 2013 14:31:26 + Andy Ruddock articulated: Jerry wrote: On Fri, 22 Feb 2013 20:55:57 -0500 Robert J. Hansen articulated: On 02/22/2013 01:24 PM, Anonymous Remailer (austria) wrote: Have any consumer banks in the US figured out how to use PGP, so monthly statements can be truly *delivered*? [snip] My bank and credit card company, sends me a monthly link to a secure URL that affords me the opportunity to view my statements. I also have the option of downloading in PDF, CSV or MS Excel format my statement. I have never received a plain email statement detailing my banking records. Unless I am seriously misreading this thread, I am not sure what advantage either PGP or S/MIME would afford. The point being that you get a link. If the banks used PGP or S/MIME then they could actually send you your statements. Well, each to his/her own I suppose; however, I would not approve of the file being sent to my PC regardless. There is always the possibility of the email being intercepted and exploited or my PC being compromised. If I want confidential information delivered to my PC, that should be my business. If an institution wanted to offer that option, and thereby being issued a released of responsibility, I have no objections to it. I do not consider the clicking on of a secure link and downloading the document to be an inconvenience, but rather a security feature, especially when the documents(s) can be downloaded in several formats. I realize that not everyone will agree with me. Que Sera, Sera -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Error when running GPA
FreeBSD-8.3 STABLE gpg (GnuPG) 2.0.19 libgcrypt 1.5.0 gpa 0.9.3 When attempting to run 'gpa', I am greeted with an error message. The message can be viewed here: http://www.seibercom.net/logs/gpa_error.png It seems to indicate that there is a problem with the GPG library returning an unexpected value. I have tried rebuilding 'gnupg', 'gpgme' and 'gpa'. Is there something else I should be looking into? Thanks! -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Privacy selection Was: ASCII armor plus
On Sat, 29 Dec 2012 16:22:55 +0100 Klaus Slott articulated: So I guess the recommended selection should be PGP Mime like this? Unless you want to mess up signatures, etc. Seriously, while PGP inline is not dead, it is only utilized by some very old MUAs. Modern MUAs handle PGP Mime just fine. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.1 Windows 7, pinentry does not allow paste, no way to bypass?
On Sun, 03 Jun 2012 16:07:38 -0400 Robert J. Hansen articulated: On 6/3/2012 10:46 AM, L G wrote: During command line decryption, pinentry opens a popup window for the passphrase. In the pinentry window, paste (Ctl+V) is not supported. Deal breaker. Storing your passphrase in the clipboard is generally considered unwise and harmful. Your passphrase is a high-value secret: putting it on the clipboard makes it visible to every other process on your system (including malware!). Pinentry's refusal to support CP is not accidental or an oversight. It's a deliberate design decision meant to help shield you from malware, Trojans, and other skulduggery that people may use to discover your passphrase. It's fairly easy to hack the source to support CP. However, the last it was asked about on this list the answer was CP will not be supported and patches to enable CP will not be accepted. I believe that ClipCache Pro http://www.xrayz.co.uk/ can capture the passwords. It has been a long time since I had PGP on a Window's machine; however, I thought I use to do it with this utility. By the way, ClipCache Pro is the best text capture program I have ever used. I wish I could find something similar for *nix. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
On Tue, 22 May 2012 04:58:48 -0400
tim.kac...@gmail.com articulated:
{snip}
sarcasm
Interesting! I once worked for a secret government agency. We had a
working theory that anyone using encryption for other than normal
business operations was an obvious enemy of the state. I guess we must
have missed you. We will be coming soon.
/sarcasm
Seriously, have you forgotten to take your meds today?
--
Jerry ♔
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__
if all you have is a hammer, everything looks like a nail
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
On Tue, 22 May 2012 09:23:36 -0400 Robert J. Hansen articulated: On 5/22/12 8:12 AM, Jerry wrote: Seriously, have you forgotten to take your meds today? Let's not be mean. I will be the absolute first person demanding the right to criticize ideas as harshly as I want. I'll happily call an idea stupid, ill-informed, wrong, or anything else. I do this with a clear conscience because I know that I'm not my ideas, just like nobody else is theirs. But I don't ever want to the the first person to be calling *people* those things. People are special, precious, and often fragile. Our community is made up of these rare commodities, and it behooves us to treat other people with dignity and respect and consideration. Let's not be mean. Sorry, I did not mean it to sound that way. I have worked with people that when they forget to take their medication are absolutely paranoid beyond belief. You have no doubt heard the phase, Only sick people take drugs; therefore, if I don't take drugs I am not sick. Many paranoid, schizophrenics rationalize skipping their medication on just that sort of logic. What really amazed me though was that the OP wants security and yet he uses GMail. GMail and security are diametrically opposed concepts. Now if you will excuse me, I have to put new aluminum foil up on my windows. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
On Tue, 22 May 2012 13:48:26 -0500 John Clizbe articulated: All this and you're worried about overkill on the one place they WON'T attack? No one attacks the crypto. They're are too many easier routes. If you're /really/ worried about privacy and security, get your priorities straightened out. bin Laden didn't use cell phones, not because he was a techno-Luddite, but because he understood the risks of using them. You need to get a handle on all the risks of all the technology you use. Interestingly enough, Khalid Sheikh Mohammed turned on his cell phone for the first time in nearly a year and the NSA was able to pinpoint his location and arrest him in Rawalpindi, Pakistan, in March 2003. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpgconf on FreeBSD-8.2
On Mon, 02 Apr 2012 11:25:32 +0200 Werner Koch articulated: On Sun, 1 Apr 2012 14:19, je...@seibercom.net said: Sorry, I thought that was obvious. I want to check the file, in this case the ~/.gnupg/gpg.conf file for proper syntax, etc. I am attempting Oh sure. gpgconf --check-programs checks that all programs are properly installed and that there config files are okay. Here is an en example for the output gpg:GPG for OpenPGP:/usr/local/bin/gpg2:1:1: gpg-agent:GPG Agent:/usr/local/bin/gpg-agent:1:1: scdaemon:Smartcard Daemon:/usr/local/bin/scdaemon:1:1: gpgsm:[...]:/usr[...]gpgsm:1:0:/home/[...]/gpgsm.conf:24:invalid option: dirmngr:Directory Manager:/usr/local/bin/dirmngr:1:1: pinentry:PIN and Passphrase Entry:/usr/local/bin/pinentry:1:1: The 1:1 test you that everything is fine for that program, the 1:0 for gpgsm indicates an error in the config file. You may also run it for a single module: gpg--check-options gpgsm which will return just the line for gpgsm. I just figure that the exit code of gpgconf will always be 0 - that is a unfortunate for scripts. The reason is that we developed it for a GUI which parsed the output. I will need to check the GUI code to see whether we can change it to return 1 on error. $ gpgconf --check-programs gpg:GPG for OpenPGP:/usr/local/bin/gpg2:1:1: gpg-agent:GPG Agent:/usr/local/bin/gpg-agent:1:1: gpgconf: error running `/usr/local/bin/scdaemon': probably not installed scdaemon:Smartcard Daemon:/usr/local/bin/scdaemon:0:0: gpgsm:GPG for S/MIME:/usr/local/bin/gpgsm:1:1: dirmngr:Directory Manager:/usr/local/bin/dirmngr:1:1: $ gpgconf --check-options gpg gpg:GPG for OpenPGP:/usr/local/bin/gpg2:1:1: However, since I do not have a global gpg configuration file, what file is it checking, if any? I assume it is not checking the ~/.gnupg.gpg.conf file, since if I try to check it manually with gpgconf, it reports errors. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpgconf on FreeBSD-8.2
On Sun, 01 Apr 2012 12:07:42 +0200 Werner Koch articulated: On Sat, 31 Mar 2012 16:25, je...@seibercom.net said: $ gpgconf --check-config gpgconf: can not open global config file `/usr/local/etc/gnupg/gpgconf.conf': No such file or directory gpgconf.conf is an optional file it can be used to change the defaults compiled into gpgconf on a per user base. The idea is to disallow users to change certain options from Kleopatra or another frontend. Sure, they can still edit the respective configuration files manually. gpgconf --check-config ~/.gnupg/gpg.conf The gpgconf.conf file as a different syntax than gpg.conf, gpg-agent.conf et al. What to you want to do? Sorry, I thought that was obvious. I want to check the file, in this case the ~/.gnupg/gpg.conf file for proper syntax, etc. I am attempting to use in in the same fashion that I use postconf to check Postfix's configuration files. Many applications have utilities to check their config files, Dovecot, ClamAV, etcetera. I thought that the gpgconf utility would accomplish the same thing. While the documentation does not specifically state that it DOES work on the gpg.conf file, nothing says that it doesn't either. In my humble opinion, the documentation is slightly ambiguous. Sorry to have wasted your time. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ The rose of yore is but a name, mere names are left to us. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpgconf on FreeBSD-8.2
I am not sure if there is even a problem here, so please bear with me. First, I have gpg2 installed on my system: gpg (GnuPG) 2.0.18 libgcrypt 1.5.0 Home: ~/.gnupg Now, when I run gpgconf, I receive this error: $ gpgconf --check-config gpgconf: can not open global config file `/usr/local/etc/gnupg/gpgconf.conf': No such file or directory There is no gpgconf.conf file on a FreeBSD system. Therefore, I give the command the address to my gpg.conf file: gpgconf --check-config ~/.gnupg/gpg.conf which produces this output: gpgconf: missing component at `/home/gerard/.gnupg/gpg.conf', line 59 gpgconf: unknown component at `/home/gerard/.gnupg/gpg.conf', line 69 gpgconf: missing option at `/home/gerard/.gnupg/gpg.conf', line 69 gpgconf: unknown component at `/home/gerard/.gnupg/gpg.conf', line 166 gpgconf: missing option at `/home/gerard/.gnupg/gpg.conf', line 166 gpgconf: unknown component at `/home/gerard/.gnupg/gpg.conf', line 205 gpgconf: missing option at `/home/gerard/.gnupg/gpg.conf', line 205 gpgconf: missing component at `/home/gerard/.gnupg/gpg.conf', line 206 gpgconf: missing component at `/home/gerard/.gnupg/gpg.conf', line 209 gpgconf: unknown component at `/home/gerard/.gnupg/gpg.conf', line 210 gpgconf: missing option at `/home/gerard/.gnupg/gpg.conf', line 210 gpgconf: unknown component at `/home/gerard/.gnupg/gpg.conf', line 211 gpgconf: missing option at `/home/gerard/.gnupg/gpg.conf', line 211 gpgconf: unknown component at `/home/gerard/.gnupg/gpg.conf', line 213 gpgconf: missing option at `/home/gerard/.gnupg/gpg.conf', line 213 gpgconf: missing component at `/home/gerard/.gnupg/gpg.conf', line 214 I am not sure exactly what is wrong with the lines indicated. The following is the file truncated as much as possible. Line 59: require-cross-certification Line 69: charset utf-8 Line 166: keyserver-options auto-key-retrieve Line 205: default-key A14359AB219555DDC70CC277C0B4548708208E42 Line 206: use-agent ###+++--- GPGConf ---+++### Line 209: utf8-strings Line 210: auto-key-locate local Line 211: auto-key-locate keyserver Line 213: keyserver hkp://wwwkeys.us.pgp.net Line 214: verbose ###+++--- GPGConf ---+++### Wed Oct 19 09:56:39 2011 EDT # GPGConf edited this configuration file. # It will disable options before this marked block, but it will # never change anything below these lines. Everything seems to be working correctly so I am not sure why I am receiving these error messages when I run gpgconf. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Reply-to netiquette (was [META] please start To: with gnupg-users@gnupg.org...)
On Tue, 31 Jan 2012 20:18:44 -0800 Doug Barton articulated: Actually many of the FreeBSD lists moderate posts from non-members, but none of them outright block them. I realize that this isn't germane to your main point, but I wouldn't want the wrong information to live forever in the archives. :) Yes, many of them do; however, I was referring to only one of them, the FreeBSD Questions freebsd-questi...@freebsd.org list. I probably should have been more specific. In any case, it more than amply demonstrates my point of the uselessness of CCing on a closed list such as this one which you interestingly enough did not address although you did send me a copy via CC of this message even though I specifically asked not to receive one and have configured Mailman to not send me a CC'd copy. I am not sure why this one got through. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PGP/MIME use
On Wed, 01 Feb 2012 17:55:05 +0100 Werner Koch articulated: The Mozillas don't like OpenPGP. To them it is probably too much anarchy compared to S/SMIME. Ask the Mammon. Windows users prefer S/MIME. I know I use it on my Windows machines because it does not require me to install more applications. It works seamlessly in Outlook, which is probably its biggest asset. Perhaps the Mozilla folks, realizing that Microsoft users are probably its largest base audience prefer to stick with what its main constituency want. Just a guess and my own 2¢. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PGP/MIME use
On Wed, 1 Feb 2012 13:37:56 -0500 michaelquig...@theway.org articulated: However, I've written scripts to routinely sign files for transmission to our bank. Does your bank actually verify those signed documents? I have sent documents to various organizations, both signed and unsigned and never heard a word spoken from any of them regarding it. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: On message signing and Enigmail...
On Wed, 01 Feb 2012 15:45:05 -0500 Robert J. Hansen articulated: Except that it doesn't. What's to prevent me from creating a certificate with your name and email address and making posts in your name, with a signature from a certificate that claims to be yours? Nothing -- and that signature is every bit as credible as the one that's from your own certificate. You might say, but that certificate's a fraud, my certificate's real!, but the Christopher Walters impersonator will say the same thing about you. There's no way to check. I understand the desire to give people a way to verify the integrity of your message, but the way you're going about it has some glaring and obvious flaws. I have to agree with Robert on this one. The whole idea of signing a message in a forum such as this is more of a pseudo security concept AKA feel good belief. It doesn't hurt to do it, but its usefulness is limited to pacifying yourself into a false sense of security. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PGP/MIME use
On Wed, 01 Feb 2012 14:40:23 -0500 Robert J. Hansen articulated: I liked hearing the Gee, look at the time, gotta go answer. It seemed to be the most honest. YMMV, and banks are definitely different beasts from voting authorities. I used to get the Gee bit to when I asked for a raise. Anyhow, I am willing to bet that most, if not all banking establishments do not verify signed mail, or if they do they want S/MIME since their user base is vastly Microsoft orientated and S/MIME is favored on that architecture. An unverified signed document is about as useful as tits on a bull. I receive from time to time a signed document on various forums that is shown as bad by my MUA (claws-mail). Usually, it is just out of date. Occasionally, I get a revoked one though. Again, it is usually due to the PEBKC phenomenon. In any case, I have never considered the signature to be of any importance in a mail forum environment. I know that some users do, and that is their right. The only problem I have is with those friggin inliners whose signature Spams up the page and makes a sig-delimiter impotent. Then, of course, there are those intellectually challenged who fail to trim out that superfluous crap before replying to it. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PGP/MIME use
On Wed, 1 Feb 2012 21:35:21 + MFPA articulated: Seems likely to me that the majority of Windows users use neither S/MIME nor openPGP. Which would equate to the majority of non-Windows users. However, of those users on MS Windows that do use a form of document signing, I believe that majority employ S/MIME, if for no other reason than it works seamlessly in MS Outlook. As I stated elsewhere, I use S/MIME on my MS Windows machines because it is just easier to do. I really, really like the KISS principal. For that very reason, on my FreeBSD based machines, I employ PGP. I see no problem with it and both work quite well. Others are certainly entitled to their own opinion. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Reply-to netiquette (was [META] please start To: with gnupg-users@gnupg.org...)
On Wed, 1 Feb 2012 21:53:06 + MFPA articulated: Here here! Be liberal in what you accept, and conservative in what you send. I will liberallyaccept a message not CC'd to me if the individual making the reply would be conservative enough not to include me on the CC line. You cannot accidentally CC someone. Most of those responding to this tread have stated that they would not CC an individual who so requested it. The over whelming majority of users on this list, and most others as well, never CC anyone because they realize it is just a waste of time, bandwidth and serves no useful purpose. There is one glaring exception who evidently thinks his CC doesn't stink. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: On message signing and Enigmail...
On Wed, 01 Feb 2012 16:53:48 -0500 Robert J. Hansen articulated: Maybe I have a darker view of human nature than you do, that's certainly possible, but I think it's a critical mistake to apply rational-actor theory to criminals. (It's just as critical of a mistake to apply rational-actor theory to human beings. Human beings ain't rational actors.) Always expect the worst in people and you will never be disappointed. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PGP/MIME use (was Re: META)
On Mon, 30 Jan 2012 18:40:08 -0500 Robert J. Hansen articulated: This comes fairly close to my own practices, with one significant exception: since it's almost impossible for me to know whether all the MUAs used on a mailing list support PGP/MIME, I feel it's better for mailing list traffic to be inline. I take the opposite approach. Due to the way inline messes up the format of a message, and obviously renders the sig-delimiter useless, I prefer to use PGP/MIME. Plus, so many morons, I could use intellectually challenged if you prefer, fail to trim a replied to messaged; ie, they leave all of the superfluous inline garbage plus other parts of the replied to message intact rather than strip it out, just adds to the annoyance factor. Supporting the inline method is like supporting a grown child. If you keep supporting him/her, they will never leave home. Stop supporting them and they will leave. The same is true for inline PGP. If support for it were to cease, it would also. Of course, I really feel it's better for mailing list traffic to not be signed at all, since usually all it gives us is a false sense of security. A signature from an unvalidated key belonging to an unknown person whom we don't know from Adam doesn't mean much, if anything at all. I totally agree. I have never seen or heard any logical excuse for the signing of list traffic. What am I going to do, attempt to use the identity of another poster? What purpose would that serve anyway? As you so eloquently pointed out, A signature from an unvalidated key belonging to an unknown person whom we don't know from Adam doesn't mean much, if anything at all. By the way, unvalidated is probably not a word; at least accord to Merriam Webster http://www.merriam-webster.com/dictionary/unvalidated. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ Never forget: 2 + 2 = 5 for extremely large values of 2. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [META] please start To: with gnupg-users@gnupg.org, i.e.: To: gnupg-users@gnupg.org
On Mon, 30 Jan 2012 17:28:39 -0600 John Clizbe articulated: Interestingly enough, your Sig Delimiter is bonked. That is an unfortunate consequence of signing my message with GnuPG; all lines lose trailing spaces and any line beginning with a dash gets prefixed with a dash and a space. That is part of the OpenPGP standard RFC 4880. Trailing space removed and line endings canonicalized to CR-LF. Lines beginning with a hyphen/dash are dash-space escaped - in order to avoid confusion with OpenPGP message headers. There used to be a bug in the Mozilla mailnews code that left -- alone, but stripped the space from - -- . I think it was fixed some time ago. Thanks, I thought that, that behavior was specified somewhere, but I was not sure of the RFC the specified it. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Reply-to netiquette (was [META] please start To: with gnupg-users@gnupg.org...)
On Tue, 31 Jan 2012 13:22:43 +0100 Peter Lebbing articulated: On 31/01/12 00:09, John Clizbe wrote: On the Netiquette part of this thread, I too set a Reply-To header that seems at least one person regularly ignores. Please don't CC me on list replies. One copy is enough. Well, I don't know if you refer to me, my apologies if so. I know how that comes about when /I/ reply to a mail you write. Thunderbird doesn't show me your Reply-To: header. Not even if I press View-Headers-All! It took me some time to find the circumstances under which this happens. It turns out that if To: and Reply-To: have the same e-mail address, Reply-To: is silently dropped. And this is exactly the case with your messages. I just press the button reply all, and Thunderbird addresses a CC: to you. Remember I haven't seen your Reply-To header, so I can't take a decision on what it means myself, only Thunderbird gets to do that. If this dropping of Reply-To: is a bug, and fixed, then hopefully I'll notice it and remove a CC: if the person I'm responding to has Reply-To: gnupg-users... set. But it's still something that can easily be overlooked. The Thunderbird bug was fixed I thought awhile ago. I did not notice the version of Thunderbird that you are employing. You could try the latest version, V.9.0.1 and see if that corrects the problem. If I press reply to list, even people who would want a CC: when I reply to their message will not get one. I was under the impression reply to all was the convention here on gnupg-users. Isn't it? This is an OPT-INlist. Some lists, like FreeBSD are open, but not this one. Therefore, the use of a CC is neither required, nor in many instances, appreciate. In actuality, it serves no purpose at all on an OPT-IN mailing list. I read Dan J Bernsteins words on Reply-To and his propositions, Mail-Followup-To etcetera. I'm going to be blunt here: it's a pity DJB came up with these, because I think a less controversial person would have much more chance of getting it into an RFC. I don't want to spark a pro- and contra-DJB discussion here, so please take a few breaths before you reply. There should be mail headers for: - List customs: reply all/reply list - Personal preferences overriding list customs: do you want CC:'s? The net is littered with ideas from people who were well liked and respected whose ideas never made it into an RFC. The Reply-To works well for those who use it. Unfortunately, some MUA's have just never gotten their head around the concept. Filing BUG reports and basically making yourself a pain in the ass to the developers of those applications can work wonders. Either that, or we should all exclusively use Usenet ;). Do away with the concept of mailing list altogether. I have used Usenet for many years. Like any other form of communications, it has its advantages and drawbacks. PS: I'm running Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.2.24) Gecko/2014 Icedove/3.1.16, as you can see in the headers ;). On Debian wheezy. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [META] The issue of the unwelcome CC (please email me if you receive a CC from me)
On Tue, 31 Jan 2012 12:26:07 -0500 Christopher J. Walters articulated: It was my understanding that this bug had been fixed in Thunderbird, but I may be mistaken. I know that in a GNU/Linux user mailing list I have long been signed up for, I will occasionally receive CC's not for replies to my own messages, but for replies where the poster's To: line is to the person to whom they are replying and the message is CC'ed to the list. I have encounter two individuals, not on this list, who also think it is cute to mail a response directly to the OP and then CC the list. Honestly, some people are alive only because it seems cruel to kill a retard. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ Never forget: 2 + 2 = 5 for extremely large values of 2. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Reply-to netiquette (was [META] please start To: with gnupg-users@gnupg.org...)
On Tue, 31 Jan 2012 12:26:05 -0800 Doug Barton articulated: On 01/31/2012 05:05, Jerry wrote: This is an OPT-INlist. Some lists, like FreeBSD are open, but not this one. I don't understand the distinction you're trying to make. Both this list and all of the FreeBSD lists require you to subscribe. In fact FreeBSD lists also use mailman. OK, I thought it was self evident; however, I guess I need to explain the difference more clearly. I am not sure what terms mailman uses, so I will use open-posting and closed-posting The meanings will become self evident. The basic FreeBSD forum is open-posting. A poster need not be subscribed to the forum. What that means is that anyone may post to the forum. To see a response, they will either have to convince every responder to the post to CC him/her or view the replies on the web interface. Now most, but not all, forums are closed-posting. If a non-subscriber attempts to post to the forum, they will receive this response: * Your mail to 'Gnupg-users' with the subject Testing Is being held until the list moderator can review it for approval. The reason it is being held: Post by non-member to a members-only list Either the message will get posted to the list, or you will receive notification of the moderator's decision. If you would like to cancel this posting, please visit the following URL: (URL removed by me) This is an actual reply from a test message I sent awhile ago. Now, unless the poster intended to wait an indefinite period of time, said time varying from a few hours to a few days, depending on the forum, there is virtually no likelihood that anyone would waste their time posting if they were not subscribed to the forum. Now, I am sure that someone will make the statement that they wouldn't mind waiting an indefinite period, hoping that their message will be approved and then hoping that the responders to said post actually do CC them. I have a term I use for people like that. It takes only 3 minutes or less (I once subscribed to a forum and responded to the email in less than 3 minutes) to subscribed one's self. If the poster cannot take the time involved to subscribe to a list, then they don't have the time to be posting to the list. Now, this is all very simple to me; however, I am sure that someone is going to tell me what a burden subscribing to a list is. I actually find that rather amusing since I wonder if they find wiping their ass after taking a crap a burden too. Now Doug, I hope I have explained it to your satisfaction. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ Q: What came after the Big Bang? A: The walk of shame. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PGP/MIME use
On Tue, 31 Jan 2012 19:04:57 -0500 Robert J. Hansen articulated: And then I imagined my dean answering, That proves nothing: after all, if I was posting this stuff I wouldn't sign it, either. Don't apologize, I loved you post. One of the better one's I have read in a while. It appears that your Dean was a sharp individual. You analogy is interesting too. In the '50s in the USA, there was a movement to require individuals to take a loyalty oath It was at the height of the McCarthy era. The theory was that it would root out communist. Finally, it dawned upon these intellectually challenged jerks that a real communist would have no problem taking such an oath since it would be to their advantage to do so. Sometimes you just have to shout, WTF. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ What if there had been room at the inn? Linda Festa on the origins of Christianity signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [META] please start To: with gnupg-users@gnupg.org, i.e.: To: gnupg-users@gnupg.org
On Mon, 30 Jan 2012 02:23:04 + MFPA articulated: That is an unfortunate consequence of signing my message with GnuPG; all lines lose trailing spaces and any line beginning with a dash gets prefixed with a dash and a space. That is because you are using inline rather than mime for signing. The inlinemethod has been for the most part deprecated. You might want to give serious thought to switching your signing method. By the way, as clearly stated at the bottom of my post, I do not require or want a CC'd copy. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [META] please start To: with gnupg-users@gnupg.org, i.e.: To: gnupg-users@gnupg.org
On Mon, 30 Jan 2012 01:45:01 -0800 Doug Barton articulated: On 01/30/2012 01:34, Jerry wrote: On Mon, 30 Jan 2012 02:23:04 + MFPA articulated: That is an unfortunate consequence of signing my message with GnuPG; all lines lose trailing spaces and any line beginning with a dash gets prefixed with a dash and a space. That is because you are using inline rather than mime for signing. The inlinemethod has been for the most part deprecated. Jerry, you've been around long enough to know that A) that's not true, and B) bringing it up only leads to the same rathole discussion over and over again. You might want to give serious thought to switching your signing method. By the way, as clearly stated at the bottom of my post, I do not require or want a CC'd copy. A) how unfortunate then that your signature gets clipped when I reply :) or B) Yeah, that's a silly rathole too. If you don't want the dupe, you go change your mailman settings to fix it. Meanwhile, including the poster in the reply goes back from before e-mail was a thing, and often helps carry on the conversation when the list is slow. ... and now we've come full circle Unfortunately, eliminating dupes, aka CC'd mail is not that easy. I use to have a sieve rule that eliminated mail that was both sent to a mailing list and CC'd to me. I even went as far as having the superfluous copy sent to SpamCop thinking that perhaps the sender might get the idea that I didn't not want and specifically requested not to receive multiple copies of the same draft. Unfortunately, over the years I have not keep that rule updated. Now, thanks to you and a few other morons, I now have been sufficiently motivated to update it. Thanks Doug, it is not yet 6:30am and I have all ready added to my day's agenda. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [META] please start To: with gnupg-users@gnupg.org, i.e.: To: gnupg-users@gnupg.org
On Mon, 30 Jan 2012 15:27:37 +0100 Peter Lebbing articulated: On 30/01/12 12:27, Jerry wrote: Now, thanks to you and a few other morons, For crying out loud, stop crying out loud. Get over it. People will CC you. Stop bothering us with your complaints every time. We all, including you, have better things to do with our time than repeating this annyoing discussion ad infinitum I have all ready updated my sieve rules to include this forum. I hadn't bothered doing it before because for the most part, the posters on this forum are intelligent enough to know that you need only reply to the group unless specifically requested to do otherwise. Since this is an OPT-IN forum, the need to CC in order to reach a poster is not required. Obviously, some posters prefer to clutter up other readers with superfluous garbage. While I'm at it, I might point you towards DJB's Mail-Followup-To header. It might help us all to be freed of this endless litany. There is no such header as Mail-Followup-To. Dan Bernstein does not specify the email standards. RFC 5322 (and earlier, RFC 2822 and RFC 822) does. I thought you would have been aware of that. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [META] please start To: with gnupg-users@gnupg.org, i.e.: To: gnupg-users@gnupg.org
On Mon, 30 Jan 2012 01:52:44 + MFPA articulated: On Monday 30 January 2012 at 1:19:57 AM, in mid:00b101ccdeed$493a6180$dbaf2480$@abilitybusinesscomputerservices.com, gerry lowry +1 705 250-0112 alliston ontario canada wrote: AFAIK, there is no such thing as a standard signature AFAIK. But there is a standard signature delimiter or cut mark. Many mail clients cut the message at that delimiter when replying, so that when trimming quotes you don't need to delete the signature text yourself. if there were, on would expect to find it more consistently here gnupg-users@gnupg.org. Looking through recent postings, the signature delimiter seems to appear in about half of the messages on this list. - -- Best regards MFPAmailto:expires2...@rocketmail.com Interestingly enough, your Sig Delimiter is bonked. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
What do these warning messages mean
I periodically run the following commands on a FreeBSD-8.2 amd64 machine: /usr/local/bin/gpg2 --keyserver wwwkeys.us.pgp.net --refresh-keys /usr/local/bin/gpg2 --edit-key clean minimize save These commands produce output that has several of the following messages displayed: gpg: subpacket of type 20 has critical bit set gpg: key 60AE908C: removed multiple subkey binding gpg: key 60AE908C: invalid subkey binding The number of such messages varies according to the signature. The majority of signatures have no warnings whatsoever. Then, I occasionally see this message (name intentionally obscured) gpg: key 36E54C93: invalid self-signature on user ID User Name u...@domain.com I don't know what these messages mean and if there is something I am doing incorrectly. Thanks! -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Short ID Collision
Did anyone read about this reported problem with GnuPG and short keys? I found this on SlashDot this morning: http://yro.slashdot.org/story/11/12/27/0044242/gnupg-short-id-collision-has-occurred?utm_source=headlinesutm_medium=email -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Short ID Collision
On Wed, 28 Dec 2011 11:57:40 -0500 David Shaw articulated: On Dec 28, 2011, at 6:13 AM, Jerry wrote: Did anyone read about this reported problem with GnuPG and short keys? I found this on SlashDot this morning: http://yro.slashdot.org/story/11/12/27/0044242/gnupg-short-id-collision-has-occurred?utm_source=headlinesutm_medium=email The proper title of the article should have been Easy method for making a OpenPGP short collision re-discovered. Again. To his credit, the original blog poster more or less says that. Unfortunately, as various other sites picked it up, the issue and focus mutated a bit. Short key ID collisions are nothing new. They're obvious, and handling them is built into the system. It's also not hard to make one - just generate keys over and over until you get a collision. On a fast system, that won't take very long at all. Now to the bug, such as it is. Using the key from the blog post, if I do: gpg --recv-keys 70096AD1 I'll get two keys. The reason for that is that I am requesting something ambiguous. There are two keys with that short key ID, so the server (correctly) returns both. It's up to the caller (me) to decide which is the right one, using the web of trust, or whatever means I want to verify keys. The keyserver is just a database, and does not say that a given key is right or wrong. That's not the problem. However, if I do: gpg --recv-keys EC4B033C70096AD1 I'll also get two keys. Even though I gave enough information to specify one of the keys in particular, I still got both. The reason why is due to the history of PGP keyservers. When the GPG side of the keyserver code was written, the server side (a program called pksd) was not capable of understanding anything *other* than the short key ID. Because of this, GPG intentionally truncates all key IDs to their short representation when requesting keys from that type of keyserver. Other keyservers (LDAP) did not have that limitation, and so the longest possible representation is used there. Since that code was written, time has moved on, and the old pksd server is dead and replaced by the sks server, which is capable of understanding more than the short key ID. So given that there aren't any pksd servers to support any longer, it has been suggested (see https://bugs.g10code.com/gnupg/issue1340) that we should do like we do for LDAP, which never had this limitation in the first place, and send the longest key ID we can. It's a reasonable thing to do - if the user gives us 64 bits, use all 64 bits. So is this a security problem? No, for many reasons, most of which were mentioned in the responses to the blog post. Allow me to add one more reason: keyservers aren't capable of saying if a key is the right one or not. They're just a searchable database that anyone can submit to. A person who trusts a particular key is correct just because they found it on a keyserver is fooling themselves. That's what we have a web of trust and/or fingerprint checking for. It would seem, and this is strictly my own opinion, that if the old pksd servers are dead then there is no logical reason to continue to support them. Just my 2¢. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MS Exchange server corrupting PGP-MIME emails
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, 29 Oct 2011 12:06:22 +0200 Ludwig Hügelschäfer articulated: Servers were updated some months ago, and it still happens. Don't know the exact version right now, I will look for it on monday, when I'm in the office again. Thank you. I sort of have a contact at Microsoft that might be able to lend me some assistance. However, I would need very specific information. 1) The exact version of the server and any other pertinent information 2) Exact copies of the messages being mishandled. You could probably just create simple test messages for that purpose. Let me know how you make out and I will try and get a hold of my contact. - -- Jerry ✌ gnupg.u...@seibercom.net _ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. She has an alarm clock and a phone that don't ring - they applaud. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.18 (FreeBSD) iQEcBAEBAgAGBQJOq+QeAAoJEHnO4vtcDeotE1gH/jgWvJbNRwO9PznZzMZeu8cB eXehOr0ftsdWXCsk5yTYHNMNZe/hmqNt6mn+N1C76/nZvDQyPma2H+aCtUjjxY6Q G3kGecnU/i5P5yZMK0OoeSJcGtR9stIN84cS5TCkj07MlFjaY8Y/ipVsh1fGPG8Y EB4/olgJ4+CtRdIyWyaiB1Za0WGQAUYY47TDuvRLA4dNR7TLeZ3ue+rwLJQiY3JN DUEzl+R4UDzwXuIWtnCCdpJ/bc8RTk5FaxAsMT9uMc9dVMiYhzJnUgBc3rBo0TrI Q1ZUTrZCu9wsMIeInTHLHakyWx4lc0Byv80EM2Q8BfaLeqXi3kw61l7YIwddv0A= =0nTU -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MS Exchange server corrupting PGP-MIME emails
On Fri, 28 Oct 2011 14:07:53 +0100 (BST) Phil Brooke articulated: Hi, On Tue, 4 Oct 2011, David Smith wrote: Does anyone have any experience of using an MS Exchange server, where it corrupts PGP-MIME emails by re-encoding the encrypted data in base64? [...] (I'm rather late to this thread, but anyway) Nothing relating to encrypted data, but I've seen an MS Exchange system rewrite signed emails (both PGP/MIME and S/MIME) with the obvious effect of causing failed verifications. Could you please supply proof of that statement. An example of the message before and after it was processed by the server would be advantageous. -- Jerry ✌ gnupg.u...@seibercom.net _ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. Yes, we will be going to OSI, Mars and, Pluto, but not necessarily in that order. George Michaelson ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
