Re: compilation information ?
On 3/14/2012 12:44 AM, brian m. carlson wrote: > From looking at the source, I don't believe so. Note that the only case > in which you have more than one option is Windows/DOS. GnuPG compiles just fine under the Intel C/C++ compilers, under the GNU Compiler Collection, under Sun Studio, under AIX's own compiler and under Clang. Probably more, too, but these are the only ones I've checked. (What's the standard compiler for OpenVMS?) There are a *ton* of options for how to compile GnuPG on non-Windows platforms. Windows is one of the more limited platforms, since you're more or less limited to MinGW-GCC or Cygwin-GCC. The last time I used MS Visual C++ to try to compile GnuPG, the results were pretty awful... ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: compilation information ?
On Mon, Mar 12, 2012 at 01:24:06PM -0400, ved...@nym.hush.com wrote: > Is there any command that tells how the gnupg version was compiled? > > gpg --version > doesn't list it. > > A simple way to find out is to do > gpg --armor filename > [or any other command resulting in gpg .asc file], > and the information will be listed in the version line, > i.e. > Version: GnuPG v1.4.12 (Cygwin) > > Is there any way to find out without performing a gpg function on a > file? From looking at the source, I don't believe so. Note that the only case in which you have more than one option is Windows/DOS. For other platforms, the binary is always compiled in the ordinary way. I expect exposing this information was not considered to be terribly important since most platforms don't have this issue. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187 signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Symmetric encryption - options?
On Mar 13, 2012 4:37 PM, "Robert J. Hansen" wrote: > > > RSA is not an encryption algorithm. RSA is a means of exchanging > > keys. > > You may be thinking of the Diffie-Hellman Key Exchange Algorithm > (DHKEA). You're not thinking of RSA, though: RSA unquestionably is an > encryption algorithm. Oops, yes you are correct. I was actually thinking of how TLS and SSL works with their key exchange. --Eric ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Symmetric encryption - options?
> RSA is not an encryption algorithm. RSA is a means of exchanging > keys. You may be thinking of the Diffie-Hellman Key Exchange Algorithm (DHKEA). You're not thinking of RSA, though: RSA unquestionably is an encryption algorithm. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Symmetric encryption - options?
On Tue, Mar 13, 2012 at 10:02, jpemail2001-...@yahoo.com < jpemail2001-...@yahoo.com> wrote: > >If you choose to use someone's public certificate to encrypt a message, > >they use the private part of that certificate to decrypt it -- different > >things for encryption and decryption, thus a different kind of > >algorithm, an asymmetric one, is used. > > So you would suggest, to use RSA? I think so because it seems to be > stronger encryption. > RSA is not an encryption algorithm. RSA is a means of exchanging keys. --Eric ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Symmetric encryption - options?
> So its not really safe, is it? I have answered this question so many times that I'm just going to refer you to what I wrote on it several years ago: http://sixdemonbag.org/cryptofaq.xhtml#entropy (You will need to use Firefox or Chrome; IE doesn't support XHTML. The math looks best in Firefox.) > So you would suggest, to use RSA? I think so because it seems to be > stronger encryption. I would suggest putting on the brakes, taking a deep breath, and explaining precisely you're trying to achieve. My guess is you're making this a *lot* harder than it has to be. Speed kills. Slow down, take a breath. There are people here who can help, but before we can help we need to know exactly what problem you face. :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Symmetric encryption - options?
On Tuesday 13 March 2012, jpemail2001-...@yahoo.com wrote: > >It isn't RSA because this is symmetric encryption. CAST5 is a > >128-bit block cypher. > > So its not really safe, is it? Why do you think so? Define "really safe". > @Robert > > >If you choose to use someone's public certificate to encrypt a > >message, they use the private part of that certificate to decrypt > >it -- different things for encryption and decryption, thus a > >different kind of algorithm, an asymmetric one, is used.So you > >would suggest, to use RSA? I think so because it seems to be > >stronger encryption. > > The problem is I need to encrypt a message but I dont know the > recipient yet. So I considered a passphrase method. Cause he dont > need to send me his public key (if he has any). > > But OK I will try to encrypt the message with a new created > private key (specially created for the recipient) which I will send > later to him, so he will be able to decrypt the message. A bit > complicated but possible, I think!? ^^ That doesn't make any sense. If you use symmetric encryption then you have to tell the recipient the passphrase you used for encryption via a safe channel. If you use a private key then you have to tell the recipient the private key and the passphrase you used to protect the private key again via a safe channel. Of course, you could choose to leave the private key unprotected. In both cases you have to share a secret with the recipient via a safe channel. So, where do you see the advantage of using a private key? A possible reason would be re-use of the private key. But then you could as well re-use the passphrase. Regards, Ingo signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Symmetric encryption - options?
>It isn't RSA because this is symmetric encryption. CAST5 is a 128-bit block >cypher. So its not really safe, is it? @Robert >If you choose to use someone's public certificate to encrypt a message, >they use the private part of that certificate to decrypt it -- different >things for encryption and decryption, thus a different kind of >algorithm, an asymmetric one, is used.So you would suggest, to use RSA? I >think so because it seems to be stronger encryption. The problem is I need to encrypt a message but I dont know the recipient yet. So I considered a passphrase method. Cause he dont need to send me his public key (if he has any). But OK I will try to encrypt the message with a new created private key (specially created for the recipient) which I will send later to him, so he will be able to decrypt the message. A bit complicated but possible, I think!? ^^___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Symmetric encryption - options?
On 3/13/2012 8:36 AM, Hauke Laging wrote: > Would you explain that? Do symmetric algorithms never have an MDC or does > just > CAST5 not (why is it the default then)? Back when PGP5 was first released, PRZ needed a symmetric cipher to replace the patent-encumbered IDEA. He could've used 3DES but didn't, apparently because there were still some (now-addressed) concerns about the NSA's involvement in DES. He could've chosen Blowfish but didn't, for reasons unknown to me. He fell in love with CAST5, an algorithm which is conceptually quite similar to Blowfish, and figured to use that instead. PGP 5+ all used CAST5 for symmetric encryption, although they could also read 3DES traffic. Twofish was introduced in PGP 7.0, and AES was introduced in 7.1, I think. When GnuPG came along, Werner decided to mimic PGP's behavior in the interests of interoperability. Many years later, the MDC was introduced. It was generally not possible to retrofit this to older versions of PGP and/or GnuPG; it required some changes in how messages were created and processed. As a result, GnuPG will only use the MDC if you're using Twofish, AES, or another one of the newer ciphers. At that point GnuPG essentially says, "ah, I see you're using Twofish. Clearly this message isn't meant for a PGP5 recipient, so I'll put an MDC on that, then...". For further details, see RFC4880, section 5.14. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Symmetric encryption - options?
Am Dienstag, 13. März 2012, 13:15:26 schrieb Robert J. Hansen: > On 3/13/2012 7:09 AM, Eric Christensen wrote: > > Because this is symmetric encryption. You would need to sign the data > > to get integrity protection. > > This isn't quite right. He's getting warned about the lack of an MDC, > which is related to the symmetric algorithm choice. Would you explain that? Do symmetric algorithms never have an MDC or does just CAST5 not (why is it the default then)? Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Symmetric encryption - options?
On Mar 13, 2012 8:15 AM, "Robert J. Hansen" wrote: > > On 3/13/2012 7:09 AM, Eric Christensen wrote: > > Because this is symmetric encryption. You would need to sign the data > > to get integrity protection. > > This isn't quite right. He's getting warned about the lack of an MDC, > which is related to the symmetric algorithm choice. > Ahh, yes you are correct. I was responding without waking up fully... *yawn* --Eric ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Symmetric encryption - options?
On 3/13/2012 7:09 AM, Eric Christensen wrote: > Because this is symmetric encryption. You would need to sign the data > to get integrity protection. This isn't quite right. He's getting warned about the lack of an MDC, which is related to the symmetric algorithm choice. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Symmetric encryption - options?
On 3/13/2012 5:01 AM, jpemail2001-...@yahoo.com wrote: > What does mean CAST5 and is it a safe alghorithmus? Why not RSA? CAST5 is the default symmetric algorithm for GnuPG and PGP. It is generally accepted to be secure against cryptanalysis. Broadly speaking, ciphers can be broken down into either "symmetric" or "asymmetric" algorithms. A symmetric algorithm uses the same key to encrypt and decrypt. If you choose to use a passphrase, for instance, the same passphrase is used to encrypt and decrypt, therefore a symmetric algorithm is used. If you choose to use someone's public certificate to encrypt a message, they use the private part of that certificate to decrypt it -- different things for encryption and decryption, thus a different kind of algorithm, an asymmetric one, is used. CAST5 is a symmetric algorithm. RSA is an asymmetric algorithm. Hope this helps. :) > Can I set more than one passphrase? Not really. > And why was the message not integrity protected and how to protect it? Integrity protection is only available when using newer symmetric algorithms. For instance, if you had selected Twofish or AES256 the integrity protection feature would be used. For almost all uses, though, this is not a big deal to lose sleep over. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Symmetric encryption - options?
On Mar 13, 2012 6:23 AM, "jpemail2001-...@yahoo.com" < jpemail2001-...@yahoo.com> wrote: > gpg: CAST5 encrypted data > gpg: encrypted with 1 passphrase > Test message > gpg: WARNING: message was not integrity protected > - > > What does mean CAST5 and is it a safe alghorithmus? Why not RSA? It isn't RSA because this is symmetric encryption. CAST5 is a 128-bit block cypher. > And why was the message not integrity protected and how to protect it? Because this is symmetric encryption. You would need to sign the data to get integrity protection. --Eric ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Symmetric encryption - options?
Hello, I´ve encrypted some text to try out the passphrase-only encryption. I´ve got this "error" after decryting the message although the message was decrypted correctly. - C:\gnupg>gpg --decrypt doc.gpg gpg: CAST5 encrypted data gpg: encrypted with 1 passphrase Test message gpg: WARNING: message was not integrity protected - What does mean CAST5 and is it a safe alghorithmus? Why not RSA? Can I set more than one passphrase? And why was the message not integrity protected and how to protect it? thanks ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proper revocation
Big thanks to Daniel who helped me once again by putting me on the right track. On 07/03/12 21:16, Daniel Kahn Gillmor wrote: > "editing" a revocation certificate doesn't make much sense, since if you > modify the certificate, you'll invalidate the signature. Better to > think of it as discarding an existing revocation certificate and > creating a new one. A solution, with some comments in between the commands, so people can't simply copy-paste but think about what they're doing. $ cd $(mktemp -d) Mind what you're doing, others might be able to read in that directory. $ gpg --export $KEYID | gpgsplit -v I think gpgsplit people deserve a big thank you. $ gpg --expert --delete-keys 0x3F6C6602 expert because it would usually be a silly thing to do; removing the pubkey when there's still a private key for it. gpg: there is a secret key for public key "$KEYID"! gpg: use option "--delete-secret-keys" to delete it first. $ rm 02-002.sig Don't know what packet you need to remove, but you know what a backup is, right? $ cat * | gpg --import ciao, kwadronaut apologies to the list-maintainer for extra work signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
trouble compiling gnupg
Hi, I'm having trouble compiling gnupg v2.0.18. I'm compiling with cd /usr/opt/contrib/gnupg /usr/src/contrib/gnupg/configure --prefix=/usr make -j4 gcc 4.6.2 freebsd 10.0-CURRENT amd64 (umm, kinda, i've been replacing all the ancient gplv2 with latest gplv3 software, it's in a transitional state) anyhow, make is failing with 'libgpg-error.a function gpg_strerror "undefined reference to 'libintl_dgettext'"' I've rebuilt gettext 0.18.1.1 libgpg-error 1.10 and dependencies. I was concerned it was maybe linking to leftover stuff in /usr/local/ so I deleted /usr/local (and /usr/lib32) completely and still receive same error. :( Any help, suggestions or pointers much appreciated! Thank you, -- Waitman Gobble San Jose California USA ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users