Re: Encryption of data in smart cards
On Wed, 12 Mar 2003 23:08:26 +0100 (MET), Krister Walfridsson said: > This is not completely true -- I have seen some high-end cards that use > the PIN code entered by the user as the encryption key. And it is quite Sorry my fault, by "read out the data" I meant to do this using a side channel or with a hardware probe. 4 - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Encryption of data in smart cards
On Tue, 11 Mar 2003 10:39:17 +0530, N Raghavendra said: > Can anyone point me to sources about encryption of data in smart > cards. What I am looking for is protocols for encrypting sensitive > data (e.g., medical information about the card-holder), so that Usually you don't need to encrypt data stored on a card. The files on the card (where you store the data) are protected by ACLs or whatever the card application provides for this. If you want to encrypt the data on the card, you also need to store the key on it. And well, if you are able to read out the data, you are also able to read out the key (more or less trivial for most mass market cards). If you fear an eavesdropper between the box generating the data and the actual smartcard, one uses secure messaging to protect against this. See your card's OS manual (or ISO 7816-8) on how to do it. If your are talking about memory cards, you can use whatever protocol you would use for encrypting files. Salam-Shalom, Werner - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: PGPfreeware 8.0: Not so good news for crypto newcomers
On Mon, 9 Dec 2002 15:10:05 +, Nicko van Someren said: > Unix and PGP user I think that the GUI on PGP 8.0 will save me an hour > of effort over the lifetime of the product, which means it saves me > money in the long run. As long as PGP Corp has the same assumption about the lifetime as you. Recently a lot of users made a bad experience with NAI and PGP. Nobody knows what will happen after the VC has been burnt ;-) So please have a close look at PGP that it will always comply with the OpenPGP standard and that it does not get away with proprietary and undocumented extensions again. I am confident that PGP Corp will do a much better job than NAI in this regard. Salam-Shalom, Werner - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Just how bad is the Microsoft Visual C++ 6 rand function,anyway?
On Tue, 21 May 2002 11:52:01 -0400, Trei, Peter said: > int __cdecl rand (void) > { > return(((holdrand = holdrand * 214013L + 2531011L) >> 16) & 0x7fff); > } Which looks pretty standard and ISO-C compatible as long as RAND_MAX yields 0x7fff. Recall that rand() was never intended as a cryptographic strong RNG - IIRC the specs say that it must produce the same sequence of number for a given seed (set with srand()). Ah yes, latest Posix draft: The rand () function shall compute a sequence of pseudo-random integers in the range 0 to {RAND_MAX} with a period of at least 232. The rand( ) function need not be reentrant. A function that is not required to be reentrant is not required to be thread-safe. The rand_r( ) function shall compute a sequence of pseudo-random integers in the range 0 to {RAND_MAX}. (The value of the {RAND_MAX} macro shall be at least 32 767.) Werner - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: PGP & GPG compatibility
On Tue, 22 Jan 2002 16:28:17 +0100, Gilles Gravier said: > Isn't it time GnuPG / PGP started offering AES as a standard algorithm? Since version 1.0.4 all keys are created with AES as top cipher preference. The snapshot version 1.0.6c allows to change preferences. If you encrypt to such a key and your application supports AES, it will be used. Ciao, Werner -- Werner KochOmnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions-- Augustinus - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: PGP & GPG compatibility
On Mon, 21 Jan 2002 20:50:22 +, Adam Back said: > GPG on the other hand is simply wilfully damaging interoperability by > putting their anti-patent stance over the benefit of PGP users. I > know there are modules to add IDEA support but they're not shipped by The reason to write GnuPG were the patent problems with RSA (at that time) and IDEA. The GNU project is about Free Software and IDEA does not allow the use of the software in a lot of countries. It is not sufficient that Ascom grants (on request) gratis licenses for private use (there scope of private use is actual very narrow, as you are not allowed to use the same box for any business purposes and even charitable organisations have to pay per-user fees), the GPL does not distinguish between private and commercial use. See section 7 of the GPL for the reason why we can't distribute an IDEA implementation. Noone but Ascom and the patent laws are disallowing the use of the IDEA module - we are just not able to distribute it along with GPLed software and guess why we have this loadable module feature in GnuPG. If you want to use IDEA (instead of using a CAST5 enabled PGP 2.6) write to Ascom and ask them to grant a royality-free and perpetual license to use the IDEA algorithm with GPLed software. Or even better help to abolish all patents on algorithms and software: http://www.no-epatents.org or http://petition.eurolinux.org > It seems that the result of GPG and PGP intentionally induced > incompabilities has greatly reduced PGP use. I used to use PGP a lot, This may be true for you and the small set of long term users. In general the use of PGP (well in the form of the IETF OpenPGP protocol) has grown far beyond a small group of geeks. There is at least one major car vendor who demands the use of PGP enrcypted mail from all suppliers. If you look at the keyring anylyses at dtype.org you will notice that there is a large user base. keyserver admins should be able to give some numbers to prove that PGP is actually in use. > However it should be possible to automatically select that option > based on the public key parameters of the person you're sending to, Yes, this is indeed possible and GnuPG does it for a long time. Because encryption interoperability with 2.6 is hampered by the IDEA patent problem it did not made too much sense for me to put a lot of effort into fixing some litlle annoyances related to the inability of PGP 2 to encrypt in streaming mode. Well, I believe David fixed most of this while adding the --pgp2 option. Ciao, Werner -- Werner KochOmnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions-- Augustinus - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: PGP & GPG compatibility
On Mon, 21 Jan 2002 16:02:07 +1300 (NZDT), Peter Gutmann said: > There are already a number of S/MIME gateways which do exactly this. > The most typical mode of operation is org-to-org, where all mail > from an organisation is BTW, there is such a gateway for OpenPGP at ftp://ftp.gnupg.org/geam/ which can also be used for org-to-end-user etc. S/MIME support will come soon. Werner -- Werner KochOmnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions-- Augustinus - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: PGP & GPG compatibility
On 20 Jan 2002 21:46:35 -0500, Derek Atkins said: > Question: How many users of PGP 2.x are still out there? If people > have upgraded to more recent versions, then it's not quite as bad. > OTOH, I have successfully interoperated with PGP 2.6 fairly recently. Things would get much better if a PGP 2 version with support for CAST5 would get more into use. We can't officially support IDEA for patent reasons in GnuPG; the next release comes with a --pgp2 option to bundle all the options needed for pgp 2 cmpatibility and furthermore you will get a warning if a message can't be encrypted in a PGP2 compatible way. There is a pgp 2 version by Disastry (http://disastry.dhs.org/pgp) which support all OpenPGP defined ciphers. Werner -- Werner KochOmnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions-- Augustinus - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: PGP & GPG compatibility
On Tue, 15 Jan 2002 17:25:15 -0800, Will Price said: > above is as well. That's like saying, "have you stopped beating your > wife?" I would encourage some objectivity on that. Huh? Go to the gnupg-users lists archive and search for PGP problems. You will notice a couple of reports wrt PGP 7.0.3 - this is what I have described. I have not the time to dig out the messages for you as too much of my time is already spend to cope with all those little PGP bugs. It is really an annoying job which does not get easier by the "verbosity" of PGP's error messages ;-) >> At least they still don't understand version 4 signatures on data >> packets (only on keys). I had in mind that this was fixed some >> time ago, but obviously this isn't the case. > I'm fairly sure we support that in 7.1.0 and up. According to Len this was indeed fixed in 7.0 but it seems that it was dropped in later versions. I have not seen any message from 7.1. > That's not the only problem with text mode signatures. International > characters present an even larger challenge. Most of this is not RFC2440 - 5.9. Literal Data Packet (Tag 11) A Literal Data packet contains the body of a message; data that is not to be further interpreted. So there are no conversion issues here. Unless textmode is used - which IMHO should be dropped entirely for clearness of protocol layering. But we should not discuss it here. > don't handle it well either. Going forward, UTF8 migration is likely > to cause some growing pains for everybody. Not unlikely for Windows or KDE who are using UCS-2. > It is a mystery to us as well what happened with that... We were > ready to proceed, but we were not the organizer so it was out of our My feeling is that the proprietary vendors are not interested in OpenPGP due to the fact that S/MIME does better feed the PKI cash cow. Well the trademark PGP is a different story and probably good to sell other products. Ciao, Werner -- Werner KochOmnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions-- Augustinus - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: PGP & GPG compatibility
On Tue, 15 Jan 2002 09:42:32 +0100, Axel H Horns said: > I'm using PGP 6.5.8 for my professional confidential e-mails and > sometimes I get complaints from GnuPG users saying they can't use my > Pubkey. So, you can't decrypt the attached message? Or does this problem only occur with another key? I have never received a bug report regarding such a problem. BTW, even NAI says that PGP (before 7.0) is not OpenPGP compliant. Werner -- Werner KochOmnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions-- Augustinus x Description: Binary data
Re: PGP & GPG compatibility
On Sat, 3 Jan 1970 09:41:26 +1000, Nicholas Brawn said: > What's the state of the game with PGP and GPG compatibility? According to the bug reports I receive for GnuPG, it seems that even the latest versions of PGP (7.0.3?) are still not OpenPGP compatible. At least they still don't understand version 4 signatures on data packets (only on keys). I had in mind that this was fixed some time ago, but obviously this isn't the case. There is a problem wrt text mode signatures: no agreement was found on what a line ending consists of. PGP translates a CR inside a line (well, what most non Apple programmers consider a line ending) into a CR,LF sequence for hashing. The proper solution is not to use textmode signatures except for cleartext signed messages. About two years ago we agreed on a way to implement MDC and defined new packet types for it. I did some tests with Hal Finney and it used to work. The OpenPGP draft was later changed to introduce key flags and use one to enable MDC mode. However, GnuPG uses MDC mode with all ciphers of a block length other than 64 bits (i.e. Twofish and AES*). The draft has still not been released as a new RFC so this may change again :-(. The flaw in the secret key protection mechanism was discussed for a short time but it seems that nobody is willing to continue with this. I made several suggestion on how to do it. Interoperability tests should have happened last summer but for unknown reasons they didn't. It is very sad to see that after 3 years we have not achieved to get OpenPGP into draft status :-(. Werner -- Werner KochOmnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions-- Augustinus - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: wu-ftpd-2.6.2 fails GPG & PGP2 signature verifications, passesPGP6!
On Sat, 01 Dec 2001 03:14:11 -0800, Hugh Daniel said: > file signature validations should NOT be failing across different > versions of the horrid PGP/GPG/OpenPGP mess. I don't know what you mean by this mess. PGP >= 5 is simply not OpenPGP compliant, even the 7.x versions seem to have a lot of problems. > against it's own signature with either GPG nor PGP2. This is VERY bad, > as you should have tested this before posting the .gs/.asc files, or I remember a bug report for one of the last releases of wu-ftp where the signature was also not valid. The problem that time was that the signature was created in textmode which wrong. textmode should only be used on human readable textfiles to cope with trailing whitespace and line-ending issues. There are many bugs in the way textmode is treated - it even differs between the PGP 2.x versions; see rfc3156 for the ways which should be taken to overcome these problems. You may want to do a gpg --list-packets sigfile to see how the message is actually composed and to track the problem further down, gpg --debug 1024 foo.sig foo should be of great help, because it dumps the data which gets hashed to some file. The source of pgp 6.5.8 is available and you may want to add similar debugging stuff - I am pretty sure that they hash different things. Ciao, Werner - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]