GnuPG ftp server
Is ths FTP server having problems? I can connect to it, but can't log in. -- wget ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.2.tar.bz2 --15:57:40-- ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.2.tar.bz2 = `gnupg-1.4.2.tar.bz2' Resolving ftp.gnupg.org... 217.69.76.44 Connecting to ftp.gnupg.org[217.69.76.44]:21... connected. Logging in as anonymous ... Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problem with gcry_pk_decrypt (libgcrypt)
On Wed, 03 Aug 2005 14:33:57 +0200, Claudia Reuter said: I like to encrypt and decrypt large files e.g. pdf files. I wrote some code based on libgcrypt. I tested it with .txt files. Encryption seems to work, but gcry_pk_decrypt works only, if there's a single line in the txt file. If the txt file contains more than one line of text, the Libgcrypt is a library of cryptographic building blocks. At least a medium level of cryptographic experience is required to make use of it. The usual way to encrypt large files is by using an hybrid approach. It is simple impossible to use RSA to encrypt large blocks of data in a secure and useful way. You should better look into gpg or gpgme for your task. Salam-Shalom, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: throughput of GnuPG symmetric ciphers
On 8/3/05, Henry Hertz Hobbit [EMAIL PROTECTED] wrote: Given the size of the files that you are encrypting, I would strongly advise going with the Eden chip rather than a software based solution... I actually found an open-source tool, 7-zip, that includes AES-256 encryption functionality. For whatever reason, it runs several times faster than GnuPG in software. Fast enough, in fact, that the removable hard disk devices have become the limiting factor in the system (the 7-zip process only uses 70% CPU on a 2.4 GHz P4). The code is open-source, and it uses a salted + iterated SHA256 hash to produce the AES key from a pass phrase. The AES implementation is Gladman's well-known and fast C++ code. Looking at the source, I haven't figured out whether it uses ECB or CFB mode yet; the 7-zip code is rather light on comments. I am assuming ECB, which should be fine for my application. See http://www.7-zip.org for more details. Thanks for all the help. -- Ryan = All problems can be solved by diplomacy, but violence and treachery are equally effective, and more fun. -Anonymous ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Primary certify-only key?
Is there a way to generate the following key collection with GnuPG? pub 4096R usage: C sub 4096R usage: S The problem is that I cant create the first key with only C the capability. Using the --expert option and disabling E, S and A results in CSEA. Thomas ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG 1.4.2 released
On Sat, Jul 30, 2005 at 09:28:28PM -0400, David Shaw wrote: On Sat, Jul 30, 2005 at 02:20:35PM -0400, Jason Harris wrote: Thought you'd get a kick out of that... :) Note that in the next release of GnuPG, --with-libcurl will be the default. (So the more people who try it now, and report back any problems, the better). Here's one, on a box with IPv6 support but not connectivity: %gpg --keyserver keyserver.linux.it --send 0xd39da0e3 gpg: sending key D39DA0E3 to hkp server keyserver.linux.it gpgkeys: HTTP URL is `http://keyserver.linux.it:11371/pks/add' gpgkeys: HTTP post error 22: Failed to connect to 2001:1418:13:10::1: No route to host -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpA3mJ0cewM6.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: IPv6 failover?
On Wed, Aug 03, 2005 at 02:32:16PM -0400, Jason Harris wrote: On Sat, Jul 30, 2005 at 09:28:28PM -0400, David Shaw wrote: On Sat, Jul 30, 2005 at 02:20:35PM -0400, Jason Harris wrote: Thought you'd get a kick out of that... :) Note that in the next release of GnuPG, --with-libcurl will be the default. (So the more people who try it now, and report back any problems, the better). Here's one, on a box with IPv6 support but not connectivity: %gpg --keyserver keyserver.linux.it --send 0xd39da0e3 gpg: sending key D39DA0E3 to hkp server keyserver.linux.it gpgkeys: HTTP URL is `http://keyserver.linux.it:11371/pks/add' gpgkeys: HTTP post error 22: Failed to connect to 2001:1418:13:10::1: No route to host The complaint is that keyserver.linux.it has both IPv4 and IPv6 addresses, but you can't reach it via IPv6, so you want gpgkeys to fail over to its IPv4 address? David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problem with gcry_pk_decrypt (libgcrypt)
Claudia Reuter wrote: I like to encrypt and decrypt large files e.g. pdf files. I wrote some code based on libgcrypt. I tested it with .txt files. Encryption seems to work, but gcry_pk_decrypt works only, if there's a single line in the txt file. That suggests your read operations assume textmode. fread(retSize, 1, sizeof(retSize), InputFile); //read encrypted text Buffer = (char *) malloc(retSize); fread(Buffer, 1, retSize, InputFile); Do you store the file length in the first sizeof(retSize) byte(s)? You now read sizeof(retSize) bytes of data and store them in *retSize. Now you consider retSize as a size_t and read that many bytes into Buffer. Are you sure this is what you want? -- ir. J.C.A. Wevers // Physics and science fiction site: [EMAIL PROTECTED] // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Primary certify-only key?
On Wed, 03 Aug 2005 19:26:38 +0200, Thomas Kuehne said: The problem is that I cant create the first key with only C the capability. GnuPG does not yet distinguish between C and S. So it does not make much sense to have a way of selecting this. Salam-Shalom, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Encrypting an e-mail to a Hushmail user
Hi gang, Yesterday I tried valiantly to get a Hushmail user to install GPG or PGP (6.5.8...still free and a good version) on his M$ system, but he said it was too hard to work and Hushmail was nice and easy. Anyway, after a few tries of trying to upload my public key to the Hush server, I figured out I had to upload without my picture...finally it took my key. Now that I have my friends key on my keyring and have signed it, I find I get an 'error' every time I try to encrypt a message to him. I have a feeling it's because I'm using my key and it still has the photo, but I can't figure out how to sign the e-mail to him *without* using the photo/attribute(s) in my key. Anyone care to give me a quick hand with this? It'd sure be appreciated. (Now if I can just get him to use GPG for Windows thing would be great!) John B. pgpQDeMC1Cz42.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encrypting an e-mail to a Hushmail user
On Wed, Aug 03, 2005 at 02:28:17PM -0500, JB wrote: Hi gang, Yesterday I tried valiantly to get a Hushmail user to install GPG or PGP (6.5.8...still free and a good version) on his M$ system, but he said it was too hard to work and Hushmail was nice and easy. Anyway, after a few tries of trying to upload my public key to the Hush server, I figured out I had to upload without my picture...finally it took my key. Now that I have my friends key on my keyring and have signed it, I find I get an 'error' every time I try to encrypt a message to him. I have a feeling it's because I'm using my key and it still has the photo, but I can't figure out how to sign the e-mail to him *without* using the photo/attribute(s) in my key. Anyone care to give me a quick hand with this? It'd sure be appreciated. (Now if I can just get him to use GPG for Windows thing would be great!) I'm afraid that nobody will be able to help you unless you post something more useful than I get an 'error' David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encrypting an e-mail to a Hushmail user
On Wednesday 03 August 2005 8:28 pm, JB wrote: Hi gang, 1. Please send your key (with photo) to subkeys.pgp.net so that people on the list can verify your signatures. Now that I have my friends key on my keyring and have signed it, I find I get an 'error' every time I try to encrypt a message to him. 2. The exact error message is essential. 3. Check that your own key is set to ultimate trust. (gpg --edit-key yourkey and set trust/) 4. Run gpg --update-trustdb I have a feeling it's because I'm using my key and it still has the photo, Unlikely. Usually the error is that no trusted key can be found and this error is due to you not setting your own key as trusted. -- Neil Williams = http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/ pgplqKWcZuboZ.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Leave clearsigned content encoding alone, how?
I use gnupg-1.4.1 on GNU/Linux (up-to-date Gentoo, Linux 2.6.12 on AMD64 if it matters) to sign and encrypt my mail, and everything is fine as long as I stay with strictly us-ascii. However, when I use other characters (mostly national characters covered by iso-8859-15), gnupg converts the input data to UTF-8 when signing, wreaking havoc with those characters. The fact that gnupg converts back when verifying or decrypting the data only makes matters worse since *I* am unaware of the problem that others face in reading my e-mails. My gnupg.conf explicitly states charset iso-8859-15 so that cannot really be the problem. (It's the only charset-related setting in effect for gnupg, I have checked and triple-checked this.) My MUA, muttng, correctly identifies the input data prior to signing as iso-8859-15 and after signing as utf-8, but a lot of mailers don't seem to deal very well with UTF-8 data. Not clearsigning the message avoids this problem, but is hardly an ideal solution. PGP/MIME signing is not really an option either, considering the number of broken MUAs out there. This appears to only be a problem with clearsigned messages, not PGP/MIME messages (for some odd reason) which leads to my question: How do I get gnupg to ignore the charset of the input data and just leave it *as is* when clearsigning? The exact command lines used are (long): Clearsigning: /usr/bin/gpg --no-verbose --batch --quiet --output - --passphrase-fd 0 --armor --textmode --clearsign -u $SIGNING_KEY_ID $FILENAME PGP/MIME signing: /usr/bin/gpg --no-verbose --batch --quiet --output - --passphrase-fd 0 --armor --detach-sign --textmode -u $SIGNING_KEY_ID $FILENAME No radical differences there, the only one I can see is --clearsign and --detach-sign and the ordering of --textmode and the signing option. I looked through the archives for almost a year back and couldn't find anything of relevance, but if I missed something, please feel free to let me know. -- Michael Kjörling, [EMAIL PROTECTED] - http://michael.kjorling.com/ * ASCII Ribbon Campaign: Against HTML Mail, Proprietary Attachments * * . No bird soars too high if he soars with his own wings . * pgpBfSZjj4v1w.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: IPv6 failover?
On Wed, Aug 03, 2005 at 07:25:41PM -0400, David Shaw wrote: The thing is, if you have a --with-libcurl build, this failover would need to happen within curl itself. What happens if you do: curl http://keyserver.linux.it:11371/pks/add on the command line. Obviously it won't do anything keyserver-wise, but does it manage to connect? It does: %curl -v http://keyserver.linux.it:11371/pks/add * About to connect() to keyserver.linux.it port 11371 * Trying 2001:1418:13:10::1... Failed to connect to 2001:1418:13:10::1: No route to host * Undefined error: 0 * Trying 62.94.26.10... connected * Connected to keyserver.linux.it (62.94.26.10) port 11371 [snip] Looking at http://curl.haxx.se/libcurl/c/curl_easy_setopt.html , this might do the trick: curl_easy_setopt (..., CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4); if any connection, which always seems to prefer IPv6, doesn't at first succeed. -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpzELgIB0rTb.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: IPv6 failover?
On Wed, Aug 03, 2005 at 08:18:35PM -0400, Jason Harris wrote: On Wed, Aug 03, 2005 at 07:25:41PM -0400, David Shaw wrote: The thing is, if you have a --with-libcurl build, this failover would need to happen within curl itself. What happens if you do: curl http://keyserver.linux.it:11371/pks/add on the command line. Obviously it won't do anything keyserver-wise, but does it manage to connect? It does: %curl -v http://keyserver.linux.it:11371/pks/add * About to connect() to keyserver.linux.it port 11371 * Trying 2001:1418:13:10::1... Failed to connect to 2001:1418:13:10::1: No route to host * Undefined error: 0 * Trying 62.94.26.10... connected * Connected to keyserver.linux.it (62.94.26.10) port 11371 [snip] Looking at http://curl.haxx.se/libcurl/c/curl_easy_setopt.html , this might do the trick: curl_easy_setopt (..., CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4); if any connection, which always seems to prefer IPv6, doesn't at first succeed. I'm not sure. CURL_IPRESOLVE_V4 is documented to force the connection to IPv4. That is, it'll ignore IPv6 addresses altogether, rather than try to connect and then fail over within curl. What happens if you add a -4 to the command line above? That sets CURL_IPRESOLVE_V4. Also, going back to the original problem, can you send me the output when you try fetching a key with --keyserver-options debug set? David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
SKS v. unknown HTTP headers (was: Re: IPv6 failover?)
On Wed, Aug 03, 2005 at 08:44:18PM -0400, David Shaw wrote: On Wed, Aug 03, 2005 at 08:18:35PM -0400, Jason Harris wrote: Looking at http://curl.haxx.se/libcurl/c/curl_easy_setopt.html , this might do the trick: curl_easy_setopt (..., CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4); if any connection, which always seems to prefer IPv6, doesn't at first succeed. I'm not sure. CURL_IPRESOLVE_V4 is documented to force the connection to IPv4. That is, it'll ignore IPv6 addresses altogether, rather than try to connect and then fail over within curl. What happens if you add a -4 to the command line above? That sets CURL_IPRESOLVE_V4. (That works fine, of course.) Also, going back to the original problem, can you send me the output when you try fetching a key with --keyserver-options debug set? OK, with --recv I see it falls back from v6 to v4, which is good, but it fails with --send: %gpg --keyserver-options debug --keyserver keyserver.linux.it --send ... gpg: sending key ... to hkp server keyserver.linux.it Host: keyserver.linux.it Command:SEND gpgkeys: HTTP URL is `http://keyserver.linux.it:11371/pks/add' * About to connect() to keyserver.linux.it port 11371 * Trying 2001:1418:13:10::1... * Failed to connect to 2001:1418:13:10::1: No route to host * Undefined error: 0 * Trying 62.94.26.10... * connected * Connected to keyserver.linux.it (62.94.26.10) port 11371 POST /pks/add HTTP/1.1 Host: keyserver.linux.it:11371 Accept: */* Content-Length: 2246 Content-Type: application/x-www-form-urlencoded Expect: 100-continue HTTP/1.1 100 Continue * The requested URL returned error: 500 * Closing connection #0 gpgkeys: HTTP post error 22: Failed to connect to 2001:1418:13:10::1: No route to host However, this seems to be specific to SKS. My SKS log reports: 2005-08-04 ... ... Error handling request (POST,/pks/add,[+accept:*/*+content-length:2246+content-type:application/x-www-form-urlencoded+expect:100-continue+host:skylane.kjsl.com:21371]): Scanf.Scan_failure(scanf: bad input at char number 8: looking for =, found %) so the connection is being made (in this case via IPv4; skylane also has an record). Moreover, the error messages from curl are confusing this issue. Thus, in reality, the Expect: 100-continue header appears to be confusing SKS (during POSTs). -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgp83RiibzDZH.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
