Re: PGP Signatures
On Wed, Jan 29, 2003 at 04:07:04PM +, Colin Watson wrote: On Wed, Jan 29, 2003 at 03:21:53PM +0100, mess-mate wrote: On Wed, 29 Jan 2003 07:07:30 -0500 Seneca [EMAIL PROTECTED] wrote: | In ~/.gnupg/gnupg.conf, uncomment or add | keyserver-options auto-key-retrieve. ?? there is no gnupg.conf !! Did I missing somewhat ? For ~/.gnupg/gnupg.conf, read ~/.gnupg/options. From the gpg manpage: OPTIONS Long options can be put in an options file (default ~/.gnupg/gpg.conf). I had .gnupg/options, but gpg appears to use whichever is there. If they're both there, it opens gpg.conf and ignores options. --Pete -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: PGP Signatures
on Mon, Jan 27, 2003 at 02:51:39PM +, debian parisc ([EMAIL PROTECTED]) wrote: Friends, forgive me for my ignorance, but I see a lot of emails on this list with PGP signatures. Exactly what purpose does it serve having PGP as part of your signature? They just look like a string of characters that could have been made up to me. It maybe because I receive most of the emails from this list in windows95 (I'm at work), that they have no significance. An essay I happen to have handy on the subject... Note that the tone may not be directly relevant to you -- attitudes on PKI-signed mail seem to be improving with time. I've also (temporarially) abandoned signing my mail due to a disturbingly shifting HW situation at my end A (not so) Short Rant / FAQ on the Subject of Signed E-Mail and Public Key Infrastructure By Karsten M. Self [EMAIL PROTECTED] You're probably reading this because you either stumbled across it at my website, or I sent it to you in response to an email you sent me saying you can't read my mail. The reason is that I'm using an open Internet standard, RFC 2015 encoding, to sign, or authenticate, my mail. This standard has existed since 1996, and can be freely implemented by any email software author. It provides means to both authenticate, and encrypt, email. You have a legal right to do this in many parts of the free world. And the standard is written such that any compliant mailer _can still read_ the body of a signed message, though it may not be able to validate it, or understand the signature itself. By sending mail encoded per RFC 2015, I and others are creating compelling content under this standard. At some point it's sufficient that others will want to access it. By doing so, they are also (usually) availing themselves of *practical* crypto, including generating keys, getting these signed, and the other appurtenances of a viable public key infrastructure. Merely having a legal right to encryption doesn't mean you have the technical means. Merely having the technical capability doesn't mean you have (or know how to use) your keys. Merely having a key doesn't mean that it is signed, in use, well known, or part of a web of trust. If you find yourself with a need to produce authenticated or encrypted content, you're going to have to find, install, learn to use, and build the infrastructures necessary, for same. There's a saying among the Boy Scouts here, be prepared. Hence the intentional role I and others play as goads to the online world. As to the immediate problem, the short answer is that: - Your mailer is broken. - This is your problem, not mine. - File a bug report with your vendor. - I'm going to continue signing my mail, and if you don't change your end of things, you're going to continue having problems reading it. In some cases (you're cute, my mom, or you're offering sufficient reasons per hour), I'll make exceptions, but this is on a case-by-case basis, and I'm intentionally leaving it as a PITA manual process so that each of us is reminded it's a bad idea: me, when I do it, you, when I forget and you're stuck with unreadable mail from me. GET A REAL MAILER. - No, this isn't a virus, a bomb, a bug, a worm, or any other executable code. And if it is, that's your problem, not mine. For signed mail, both the content and the signature are simply text with a particular semantic context significat to a validation program. - If your IT or MIS department is brain-dead enough to actually strip off these attachments before you get your mail, I'm going to laugh at you in public. Sorry, this ain't the sympathy department. There's a nice rant below about why this is such a pathetic action, though, you might enjoy reading it. The long answer is the rest of this document. For a well-reasoned essay on why public key infrastructures, including encryption and authentication, are vital to a modern economy, please read: http://gnu-darwin.sourceforge.net/war.html Your Mail is Weird I use a combination of tools in my email to create messages which are cryptographically signed in such a way that it is readily possible for the recipient to gain a good level of assurance that the message: - Originates from me. - Hasn't been modified in any way en route. This is sometimes called a digital signature (a technical term, not to be confused with the recently passed US legislation on electronic
Re: PGP Signatures
Thanks to all for your help. Indeed, options or a conf are both valuable after a test. mess-mate On Wed, 29 Jan 2003 16:10:24 -0500 Robert L. Harris [EMAIL PROTECTED] wrote: | | | Move the file from .gnupg/options to .gnupg/gpg.conf, they changed the | location of the file a bit back. | | May want to try different keyservers (comment out the gatech, etc. | | Thus spake mess-mate ([EMAIL PROTECTED]): | | On Wed, 29 Jan 2003 10:28:31 -0500 | Robert L. Harris [EMAIL PROTECTED] wrote: | | | | | | | Make one. | | | | Here's mine: | | # So we can work with pgp keys | | force-v3-sigs | | # To deal with mailer and From lines | | escape-from-lines | | # we only need to do this once while the gpg process is using the ring | | lock-once | | # Our options | | keyserver-options auto-key-retrieve include-disabled include-revoked |honor-http-proxy | | keyserver x-hkp://pgp.gatech.edu | | keyserver x-hkp://pgp.mit.edu | | keyserver x-hkp://wwwkeys.us.pgp.net | Thanks, but when I add this keyservers like above and key-server-options... in | ~/.gnupg/options my system freezes :-( | I'm running woody and toke gnupg there. | mess-mate | | | | | | | | Thus spake mess-mate ([EMAIL PROTECTED]): | | | | On Wed, 29 Jan 2003 07:07:30 -0500 | | Seneca [EMAIL PROTECTED] wrote: | | | | | On Wed, Jan 29, 2003 at 11:39:57AM +0100, mess-mate wrote: | | | On Tue, 28 Jan 2003 17:26:26 -0800 | | | Paul Johnson [EMAIL PROTECTED] wrote: | | | | | | | On Mon, Jan 27, 2003 at 08:50:06PM +0100, mess-mate wrote: | | | | But the senders public key must be retrieved from a key-server and |added | | | | to your own key-list before an automated check is possible. | | | | mess-mate | | | | | | | | Unless you've set your gnupg to automagically grab public keys from | | | | the keyserver for you. | | | | | | | Uhh, good idea, how can I do that ?? | | | | | | In ~/.gnupg/gnupg.conf, uncomment or add | | | keyserver-options auto-key-retrieve. | | | | | ?? there is no gnupg.conf !! Did I missing somewhat ? | | here are the files I have in ~/.gnupg : | | mess.txt options pubring.gpg pubring.gpg~ random_seed secring.gpg |trustdb.gpg | | mess-mate | | | | -- | | Computers are like air conditioners, they are useless when you open | | Windows. | | | | | | | | | | :wq! | | --- | | Robert L. Harris | PGP Key ID: FC96D405 | | | | DISCLAIMER: | | These are MY OPINIONS ALONE. I speak for no-one else. | | FYI: | | perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);' | | | | | | | -- | Computers are like air conditioners, they are useless when you open | Windows. | | | | | :wq! | --- | Robert L. Harris | PGP Key ID: FC96D405 | | DISCLAIMER: | These are MY OPINIONS ALONE. I speak for no-one else. | FYI: | perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);' | | -- Computers are like air conditioners, they are useless when you open Windows. msg27503/pgp0.pgp Description: PGP signature
Re: PGP Signatures
Colin Watson [EMAIL PROTECTED] writes: On Mon, Jan 27, 2003 at 02:51:39PM +, debian parisc wrote: Friends, forgive me for my ignorance, but I see a lot of emails on this list with PGP signatures. Exactly what purpose does it serve having PGP as part of your signature? They just look like a string of characters that could have been made up to me. It maybe because I receive most of the emails from this list in windows95 (I'm at work), that they have no significance. That last sounds about right. Good mail clients can verify the signatures automatically. It doesn't really matter what OS he's using. GnuPG has a Windows port available, and even Outlook Express has a GnuPG plugin available, if anyone is foolish enough to actually use that email client. Of course, none of this is supported by default in Windows... -- My secret to happiness... is that I have a heart of a 12-year-old boy. It's over here in a jar. Would you like to see it? msg27508/pgp0.pgp Description: PGP signature
Re: PGP Signatures
On Tue, 28 Jan 2003 17:26:26 -0800 Paul Johnson [EMAIL PROTECTED] wrote: | On Mon, Jan 27, 2003 at 08:50:06PM +0100, mess-mate wrote: | But the senders public key must be retrieved from a key-server and added | to your own key-list before an automated check is possible. | mess-mate | | Unless you've set your gnupg to automagically grab public keys from | the keyserver for you. | Uhh, good idea, how can I do that ?? -- Computers are like air conditioners, they are useless when you open Windows. msg27114/pgp0.pgp Description: PGP signature
Re: PGP Signatures
On Wed, Jan 29, 2003 at 11:39:57AM +0100, mess-mate wrote: On Tue, 28 Jan 2003 17:26:26 -0800 Paul Johnson [EMAIL PROTECTED] wrote: | On Mon, Jan 27, 2003 at 08:50:06PM +0100, mess-mate wrote: | But the senders public key must be retrieved from a key-server and added | to your own key-list before an automated check is possible. | mess-mate | | Unless you've set your gnupg to automagically grab public keys from | the keyserver for you. | Uhh, good idea, how can I do that ?? In ~/.gnupg/gnupg.conf, uncomment or add keyserver-options auto-key-retrieve. -- Seneca [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: PGP Signatures
On Wed, 29 Jan 2003 07:07:30 -0500 Seneca [EMAIL PROTECTED] wrote: | On Wed, Jan 29, 2003 at 11:39:57AM +0100, mess-mate wrote: | On Tue, 28 Jan 2003 17:26:26 -0800 | Paul Johnson [EMAIL PROTECTED] wrote: | | | On Mon, Jan 27, 2003 at 08:50:06PM +0100, mess-mate wrote: | | But the senders public key must be retrieved from a key-server and added | | to your own key-list before an automated check is possible. | | mess-mate | | | | Unless you've set your gnupg to automagically grab public keys from | | the keyserver for you. | | | Uhh, good idea, how can I do that ?? | | In ~/.gnupg/gnupg.conf, uncomment or add | keyserver-options auto-key-retrieve. | ?? there is no gnupg.conf !! Did I missing somewhat ? here are the files I have in ~/.gnupg : mess.txt options pubring.gpg pubring.gpg~ random_seed secring.gpg trustdb.gpg mess-mate -- Computers are like air conditioners, they are useless when you open Windows. msg27139/pgp0.pgp Description: PGP signature
Re: PGP Signatures
Make one. Here's mine: # So we can work with pgp keys force-v3-sigs # To deal with mailer and From lines escape-from-lines # we only need to do this once while the gpg process is using the ring lock-once # Our options keyserver-options auto-key-retrieve include-disabled include-revoked honor-http-proxy keyserver x-hkp://pgp.gatech.edu keyserver x-hkp://pgp.mit.edu keyserver x-hkp://wwwkeys.us.pgp.net Thus spake mess-mate ([EMAIL PROTECTED]): On Wed, 29 Jan 2003 07:07:30 -0500 Seneca [EMAIL PROTECTED] wrote: | On Wed, Jan 29, 2003 at 11:39:57AM +0100, mess-mate wrote: | On Tue, 28 Jan 2003 17:26:26 -0800 | Paul Johnson [EMAIL PROTECTED] wrote: | | | On Mon, Jan 27, 2003 at 08:50:06PM +0100, mess-mate wrote: | | But the senders public key must be retrieved from a key-server and added | | to your own key-list before an automated check is possible. | | mess-mate | | | | Unless you've set your gnupg to automagically grab public keys from | | the keyserver for you. | | | Uhh, good idea, how can I do that ?? | | In ~/.gnupg/gnupg.conf, uncomment or add | keyserver-options auto-key-retrieve. | ?? there is no gnupg.conf !! Did I missing somewhat ? here are the files I have in ~/.gnupg : mess.txt options pubring.gpg pubring.gpg~ random_seed secring.gpg trustdb.gpg mess-mate -- Computers are like air conditioners, they are useless when you open Windows. :wq! --- Robert L. Harris | PGP Key ID: FC96D405 DISCLAIMER: These are MY OPINIONS ALONE. I speak for no-one else. FYI: perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);' msg27165/pgp0.pgp Description: PGP signature
Re: PGP Signatures
On Wed, Jan 29, 2003 at 11:39:57AM +0100, mess-mate wrote: Uhh, good idea, how can I do that ?? Go look at the comments in your .gnupg/options -- .''`. Baloo [EMAIL PROTECTED] : :' :proud Debian admin and user `. `'` `- Debian - when you have better things to do than to fix a system msg27169/pgp0.pgp Description: PGP signature
Re: PGP Signatures
On Wed, Jan 29, 2003 at 03:21:53PM +0100, mess-mate wrote: On Wed, 29 Jan 2003 07:07:30 -0500 Seneca [EMAIL PROTECTED] wrote: | In ~/.gnupg/gnupg.conf, uncomment or add | keyserver-options auto-key-retrieve. ?? there is no gnupg.conf !! Did I missing somewhat ? For ~/.gnupg/gnupg.conf, read ~/.gnupg/options. Cheers, -- Colin Watson [[EMAIL PROTECTED]] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: PGP Signatures
This one time, at band camp, mess-mate said: On Wed, 29 Jan 2003 07:07:30 -0500 Seneca [EMAIL PROTECTED] wrote: | In ~/.gnupg/gnupg.conf, uncomment or add | keyserver-options auto-key-retrieve. | ?? there is no gnupg.conf !! Did I missing somewhat ? here are the files I have in ~/.gnupg : mess.txt options pubring.gpg pubring.gpg~ random_seed secring.gpg trustdb.gpg It goes in options. -- -- | Stephen Gran | Man has never reconciled himself to the | | [EMAIL PROTECTED] | ten commandments. | | http://www.lobefin.net/~steve | | -- msg27179/pgp0.pgp Description: PGP signature
Re: PGP Signatures
Move the file from .gnupg/options to .gnupg/gpg.conf, they changed the location of the file a bit back. May want to try different keyservers (comment out the gatech, etc. Thus spake mess-mate ([EMAIL PROTECTED]): On Wed, 29 Jan 2003 10:28:31 -0500 Robert L. Harris [EMAIL PROTECTED] wrote: | | | Make one. | | Here's mine: | # So we can work with pgp keys | force-v3-sigs | # To deal with mailer and From lines | escape-from-lines | # we only need to do this once while the gpg process is using the ring | lock-once | # Our options | keyserver-options auto-key-retrieve include-disabled include-revoked honor-http-proxy | keyserver x-hkp://pgp.gatech.edu | keyserver x-hkp://pgp.mit.edu | keyserver x-hkp://wwwkeys.us.pgp.net Thanks, but when I add this keyservers like above and key-server-options... in ~/.gnupg/options my system freezes :-( I'm running woody and toke gnupg there. mess-mate | | | | Thus spake mess-mate ([EMAIL PROTECTED]): | | On Wed, 29 Jan 2003 07:07:30 -0500 | Seneca [EMAIL PROTECTED] wrote: | | | On Wed, Jan 29, 2003 at 11:39:57AM +0100, mess-mate wrote: | | On Tue, 28 Jan 2003 17:26:26 -0800 | | Paul Johnson [EMAIL PROTECTED] wrote: | | | | | On Mon, Jan 27, 2003 at 08:50:06PM +0100, mess-mate wrote: | | | But the senders public key must be retrieved from a key-server and added | | | to your own key-list before an automated check is possible. | | | mess-mate | | | | | | Unless you've set your gnupg to automagically grab public keys from | | | the keyserver for you. | | | | | Uhh, good idea, how can I do that ?? | | | | In ~/.gnupg/gnupg.conf, uncomment or add | | keyserver-options auto-key-retrieve. | | | ?? there is no gnupg.conf !! Did I missing somewhat ? | here are the files I have in ~/.gnupg : | mess.txt options pubring.gpg pubring.gpg~ random_seed secring.gpg trustdb.gpg | mess-mate | | -- | Computers are like air conditioners, they are useless when you open | Windows. | | | | | :wq! | --- | Robert L. Harris | PGP Key ID: FC96D405 | | DISCLAIMER: | These are MY OPINIONS ALONE. I speak for no-one else. | FYI: | perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);' | | -- Computers are like air conditioners, they are useless when you open Windows. :wq! --- Robert L. Harris | PGP Key ID: FC96D405 DISCLAIMER: These are MY OPINIONS ALONE. I speak for no-one else. FYI: perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);' msg27263/pgp0.pgp Description: PGP signature
Re: PGP Signatures
On Wed, Jan 29, 2003 at 10:28:31AM -0500, Robert L. Harris wrote: Make one. No, the preferred file this is in is .gnupg/options. Having two different options files *will* be a pain in the ass. -- .''`. Baloo [EMAIL PROTECTED] : :' :proud Debian admin and user `. `'` `- Debian - when you have better things to do than to fix a system msg27281/pgp0.pgp Description: PGP signature
Re: PGP Signatures
On Monday 27 Jan 2003 2:51 pm, debian parisc wrote: It maybe because I receive most of the emails from this list in windows95 (I'm at work), that they have no significance. If you are using pgp you can verify the authenticity of the message - i.e. it comes from who the 'from' line says, rather than someone else. It also verifies that the message hasnt been altered during transmission. (This is a simplistic explanation, see www.gnupg.org for more). Tom msg26591/pgp0.pgp Description: signature
Re: PGP Signatures
On Mon, Jan 27, 2003 at 02:51:39PM +, debian parisc wrote: Friends, forgive me for my ignorance, but I see a lot of emails on this list with PGP signatures. Exactly what purpose does it serve having PGP as part of your signature? They just look like a string of characters that could have been made up to me. It maybe because I receive most of the emails from this list in windows95 (I'm at work), that they have no significance. That last sounds about right. Good mail clients can verify the signatures automatically. -- Colin Watson [[EMAIL PROTECTED]] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: PGP Signatures
On Mon, Jan 27, 2003 at 02:51:39PM +, debian parisc wrote: forgive me for my ignorance, but I see a lot of emails on this list with PGP signatures. Exactly what purpose does it serve having PGP as part of your signature? They just look like a string of characters that could have been made up to me. It maybe because I receive most of the emails from this list in windows95 (I'm at work), that they have no significance. The signatures are a way of verifying the sender and content of an email. The sender of a message has two keys, a private key, and a public key. The sender signs the message with the private key, and the signature can be verified with the sender's public key. If the contents of the message are changed, the signature does not match the message. -- Seneca [EMAIL PROTECTED] msg26602/pgp0.pgp Description: PGP signature
Re: PGP Signatures
On Mon, 27 Jan 2003 11:06:27 -0500 Seneca [EMAIL PROTECTED] wrote: | On Mon, Jan 27, 2003 at 02:51:39PM +, debian parisc wrote: | forgive me for my ignorance, but I see a lot of emails on this list with | PGP signatures. Exactly what purpose does it serve having PGP as part of | your signature? They just look like a string of characters that could have | been made up to me. | | It maybe because I receive most of the emails from this list in windows95 | (I'm at work), that they have no significance. | | The signatures are a way of verifying the sender and content of an | email. The sender of a message has two keys, a private key, and a | public key. The sender signs the message with the private key, and the | signature can be verified with the sender's public key. If the contents | of the message are changed, the signature does not match the message. | | -- | Seneca | [EMAIL PROTECTED] | But the senders public key must be retrieved from a key-server and added to your own key-list before an automated check is possible. mess-mate -- Computers are like air conditioners, they are useless when you open Windows. msg26656/pgp0.pgp Description: PGP signature
Re: PGP Signatures
On Mon, 27 Jan 2003 11:06:27 -0500 Seneca [EMAIL PROTECTED] wrote: | On Mon, Jan 27, 2003 at 02:51:39PM +, debian parisc wrote: | forgive me for my ignorance, but I see a lot of emails on this list with | PGP signatures. Exactly what purpose does it serve having PGP as part of | your signature? They just look like a string of characters that could have | been made up to me. | | It maybe because I receive most of the emails from this list in windows95 | (I'm at work), that they have no significance. | | The signatures are a way of verifying the sender and content of an | email. The sender of a message has two keys, a private key, and a | public key. The sender signs the message with the private key, and the | signature can be verified with the sender's public key. If the contents | of the message are changed, the signature does not match the message. | | -- | Seneca | [EMAIL PROTECTED] | But the senders public key must be retrieved from a key-server and added to your own key-list before an automated check is possible. mess-mate like this: Signature made lun 27 jan 2003 17:06:27 CET Good signature from Seneca Cunningham [EMAIL PROTECTED] -- Computers are like air conditioners, they are useless when you open Windows. 0001.mimetmp Description: PGP signature msg26658/pgp0.pgp Description: PGP signature
