Arguments for inline PGP (was: Leave clearsigned content encoding alone, how?)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > Just say no to inline PGP! Some reasons I use inline: * My email has a much better chance of reaching people whose systems bounce (or discard!) attachments. * It is easy to transfer my message to another format (such as a webpage) while keeping the signature. It is also easy for people to forward the signed message. * It never messes up in mailing list archives (although some mailing list programs now handle sig attachments properly). * It's easy to send my email from anywhere (e.g. a webmail account) by simply cutting and pasting text. * I don't keep my key on a internet-connected machine, so cutting and pasting a clearsigned message also makes life much easier. - -- Greg Sabino Mullane [EMAIL PROTECTED] PGP Key: 0x14964AC8 200508082141 http://biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8 -BEGIN PGP SIGNATURE- iD8DBQFC+ApXvJuQZxSWSsgRAolOAJ43Cm19NslSDsfRBPZi+KtrMkOi3QCgjlqv ipatEGZ9o/KbKN8haDPkn1c= =tqmU -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Extra information in public key
Hello,
I just found up-to-date RFC 2440:
http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-14.txt
Here is 5.12:
5.12. User Attribute Packet (Tag 17)
The User Attribute packet is a variation of the User ID packet. It
is capable of storing more types of data than the User ID packet
which is limited to text. Like the User ID packet, a User Attribute
packet may be certified by the key owner ("self-signed") or any
other key owner who cares to certify it. Except as noted, a User
Attribute packet may be used anywhere that a User ID packet may be
used.
While User Attribute packets are not a required part of the OpenPGP
standard, implementations SHOULD provide at least enough
compatibility to properly handle a certification signature on the
User Attribute packet. A simple way to do this is by treating the
User Attribute packet as a User ID packet with opaque contents, but
an implementation may use any method desired.
The User Attribute packet is made up of one or more attribute
subpackets. Each subpacket consists of a subpacket header and a
body. The header consists of:
- the subpacket length (1, 2, or 5 octets)
- the subpacket type (1 octet)
and is followed by the subpacket specific data.
The only currently defined subpacket type is 1, signifying an image.
An implementation SHOULD ignore any subpacket of a type that it does
not recognize. Subpacket types 100 through 110 are reserved for
private or experimental use.
>
The important sentence is the last one: there are 11 types to play with.
I suggest to take pick one type between 100 and 110 and use it to store
extra information. Since we may want to add various data, I suggest to
store them as a series of named proprieties.
The attribute format could look like this:
- Magic number identifying this experimental attribute
- UTF-8 Name of property 1
- Data length for property 1
- Data of property 1
- UTF-8 Name of property 2
- Data length for property 2
- Data of property 2
- etc...
And the content might look like this:
First name=David
Last name=Srbecky
Country=Czech Republic
City=Usti nad Labem
Telephone=+65 536 1024
ICQ=#128-256-512
Homepage url=http://www.gnupg.org/
Prefers encrypted mail=true
Prefers signed mail=true
Preferred encapsulation=MIME
PGP key url=http://www.gnupg.org/dsrbecky/pgp.key
As this attribute will contain a lot of text, it should be encapsulated
in Compressed Data Packet (Tag 8).
So, what do you think?
David
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Automaticaly import public keys by e-mails
Roscoe wrote:
Well, I don't know about a pure gnupg way but where theres a idea
theres a broken piece of sh script trying to implement it! And without
further ado I present my broken piece of sh script:
$ cat > emaillist
[EMAIL PROTECTED]
[EMAIL PROTECTED]
$ for i in `cat emaillist`; do lynx -dump
"http://stinkfoot.org:11371/pks/looku
p?op=index&search=$i"|grep '1. http://'|awk '{print $2}'|xargs lynx
-dump|gpg -- import; done
gpg: key 2DC6523A: public key "David Srbecky <[EMAIL PROTECTED]>" imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model
gpg: depth: 0 valid: 4 signed: 4 trust: 0-, 0q, 0n, 0m, 0f, 4u
gpg: depth: 1 valid: 4 signed: 0 trust: 1-, 0q, 0n, 3m, 0f, 0u
gpg: next trustdb check due at 2005-10-06
gpg: key 699B3EBE: "Roscoe <[EMAIL PROTECTED]>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
$
That might not be immediately usable, but you get the idea :)
Sorry for the late reply - I had to download, install and learn Cygwin,
but it works now! Thanks!
David
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Extra information in public key
John W. Moore III wrote: David Srbecky wrote: And even if there was a giant site where I could enter all I wanted, I would still prefer to have everything saved on one place, in one public key. (But if there is such site, let me know !!! :-) ) How about a personal WebSite with a link to it in your "Comment Line"? I can't remember if Google offers this or not, but Yahoo does and an ID on Yahoo would make Membership very easy for Yahoo Groups (PGP-Basics, PGPNET, etc). The site would have to be: - standard site used by many users - not personal site. - easy to parse - not the fancy HTML yahoo stuff (to ensure data can be automatically fetched to MUA) Let's take a look at your signature: :-) -- My Website: http://home.joimail.com/~johnmoore3rd/ Your website - if it was in your public key, MUA could automatically add it to your card in address book Gossamer Spider Web of Trust: http://www.gswot.org Open PGP Key: http://tinyurl.com/5ztc6 Your PGP key URL - if it was in your public key, GnuPG could use it to update your key without wasting keyserver bandwidth. Encrypted Email is a Courtesy & Appreciated!! Your encryption preference - if it was in your public key, MUA could use it to automatically decide whether to encrypt mail to you. Just imagine that: My mom installs Thunderbird (in my dream with Enigmail integrated) and *just* sends you mail. Thunderbird looks up your e-mail on keyserver, downloads your public key, finds that you like encrypted mail and therefore encrypts the mail before sending. Wow!, my mom just send you an encrypted mail and does not have a clue what encryption is! ... that's my dream David signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Extra information in public key
Neil Williams wrote: On Monday 08 August 2005 7:43 pm, David Srbecky wrote: Hello, I want to provide as much information about me as possible when I send mails. I am amazed that you can save a photo as a part of you public key. How can I save more information? (telephone, address, age, etc...) Be careful about such information - remember that it is not just sent in your emails but stored on keyservers. I aware of that, the same is on MSN servers, ICQ servers, and many other locations. Do you really want such information to be publicly viewable? I want to have the option to publish as much as I want. I *want* to publish some information. (Say, personally I would publish my City, but not street address. On the other hand, company manager wants to publish everything - it is on the company website anyway) Is there is way of publishing additional information on the keyserver? Some things I would like to publish are: - The 'usual' stuff - aka ICQ servers or company vCards - Whether I prefer to receive encrypted mail or not. - Whether I prefer to receive signed mail or not. - How I want to be send signatures - MIME / inline. - URL to my public key (to remove refresh load from keyservers) and I am sure there are *many* more things. David signature.asc Description: PGP signature signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Extra information in public key
Is there is way of publishing additional information on the keyserver? Only in small chunks. Please continue... how? "User Attribute" comes to mind, but I can not find the specification. Some things I would like to publish are: - The 'usual' stuff - aka ICQ servers or company vCards - Whether I prefer to receive encrypted mail or not. - Whether I prefer to receive signed mail or not. - How I want to be send signatures - MIME / inline. - URL to my public key (to remove refresh load from keyservers) I still don't see the point The points are: - Provide some information about me - Why do people provide extensive info at ICQ? This is the same. - I do not want to annoy people and I do not want people to annoy me. Telling someone whether you like signed/encrypted messages helps. - The same holds for your preference of format. - Keyservers are not-profit - every bit of bandwidth we can save them helps. A better idea would be to simply put all the details you want on Biglumber I already have Biglumber account, but I just can not enter all the suff above. And even if there was a giant site where I could enter all I wanted, I would still prefer to have everything saved on one place, in one public key. (But if there is such site, let me know !!! :-) ) signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Extra information in public key
Please send replies to the list: > Neil Williams wrote: > > On Monday 08 August 2005 7:43 pm, David Srbecky wrote: > >>Hello, > >> > >>I want to provide as much information about me as possible when I send > >>mails. I am amazed that you can save a photo as a part of you public > >>key. How can I save more information? (telephone, address, age, etc...) > > > > Be careful about such information - remember that it is not just sent in > > your emails but stored on keyservers. > > I aware of that, the same is on MSN servers, ICQ servers, and many other > locations. > > > Do you really want such information to be publicly viewable? > > I want to have the option to publish as much as I want. I *want* to > publish some information. (Say, personally I would publish my City, but > not street address. On the other hand, company manager wants to publish > everything - it is on the company website anyway) > > Is there is way of publishing additional information on the keyserver? Only in small chunks. > Some things I would like to publish are: > - The 'usual' stuff - aka ICQ servers or company vCards > - Whether I prefer to receive encrypted mail or not. > - Whether I prefer to receive signed mail or not. > - How I want to be send signatures - MIME / inline. > - URL to my public key (to remove refresh load from keyservers) > > and I am sure there are *many* more things. > I still don't see the point, but you could put a website URL in a comment. A better idea would be to simply put all the details you want on Biglumber where people using keys would *expect* to find details about you: http://www.biglumber.com/x/web?sn=Neil+Williams Some keyservers then offer a link to lookup the key on biglumber and locate all the information anyone could ever want. Try searching for my key here: http://keyserver.kjsl.com:11371/#extract and with the fingerprint displayed, a link to biglumber appears. Biglumber makes it easy to not only publicise your city but to locate others within your city and your local region and for others to find you. http://www.biglumber.com/x/web?sc=Devon http://www.biglumber.com/x/web?so=England -- Neil Williams = http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/ pgpZNeu53yWe4.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Extra information in public key
On Monday 08 August 2005 7:43 pm, David Srbecky wrote: > Hello, > > I want to provide as much information about me as possible when I send > mails. I am amazed that you can save a photo as a part of you public > key. How can I save more information? (telephone, address, age, etc...) Be careful about such information - remember that it is not just sent in your emails but stored on keyservers. Identities can be stolen and you are giving away a lot of the information that could be used to "identify" you in a new bank or loan application. Do you really want such information to be publicly viewable? Even if you include such info in a text signature block like mine below, remember that this too will be publicly archived by many mailing list archivers. Google and other engines visit such regularly updated sites very regularly. Some information just needs to remain private. -- Neil Williams = http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/ pgpX4BBhQ0LKi.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: validate_key_list failed
Peter Pentchev wrote: FWIW, I've been getting the same with the FreeBSD port of gnupg-1.4.2. I've reverted to using 1.4.1 for the present. I'm using 1.4.2 built from ports on both a 7-current and 4-stable system, with some pretty large keyrings, and haven't had these problems, FYI. Doug -- If you're never wrong, you're not trying hard enough ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Extra information in public key
Hello, I want to provide as much information about me as possible when I send mails. I am amazed that you can save a photo as a part of you public key. How can I save more information? (telephone, address, age, etc...) David signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: validate_key_list failed
On Mon, Aug 08, 2005 at 12:33:07PM +0300, Peter Pentchev wrote: > On Fri, Aug 05, 2005 at 04:15:47PM +0200, Thomas Klausner wrote: > > After adding some keys recently, I always get: > > gpg: mpi larger than indicated length (2 bytes) > > gpg: keyring_get_keyblock: read error: invalid packet > > gpg: keyring_get_keyblock failed: invalid keyring > > How can I fix this? > > Or how can I find out which key it is, so I can remove it > > (as workaround)? > > FWIW, I've been getting the same with the FreeBSD port of gnupg-1.4.2. > I've reverted to using 1.4.1 for the present. Try running pgpring (part of mutt): %pgpring -S -k ~/.gnupg/pubring.gpg and/or pgpdump: http://www.freebsd.org/cgi/url.cgi?ports/security/pgpdump/pkg-descr %pgpdump [-i] ~/.gnupg/pubring.gpg on the keyring(s) to help find any corruption. (I've not seen any such problems on FreeBSD 4.x with GPG 1.4.2.) -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpFyWeY5zFiX.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Automaticaly import public keys by e-mails
Well, I don't know about a pure gnupg way but where theres a idea
theres a broken piece of sh script trying to implement it! And without
further ado I present my broken piece of sh script:
$ cat > emaillist
[EMAIL PROTECTED]
[EMAIL PROTECTED]
$ for i in `cat emaillist`; do lynx -dump
"http://stinkfoot.org:11371/pks/looku
p?op=index&search=$i"|grep '1. http://'|awk '{print $2}'|xargs lynx
-dump|gpg -- import; done
gpg: key 2DC6523A: public key "David Srbecky <[EMAIL PROTECTED]>" imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model
gpg: depth: 0 valid: 4 signed: 4 trust: 0-, 0q, 0n, 0m, 0f, 4u
gpg: depth: 1 valid: 4 signed: 0 trust: 1-, 0q, 0n, 3m, 0f, 0u
gpg: next trustdb check due at 2005-10-06
gpg: key 699B3EBE: "Roscoe <[EMAIL PROTECTED]>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
$
That might not be immediately usable, but you get the idea :)
On 8/9/05, David Srbecky <[EMAIL PROTECTED]> wrote:
> Hello,
>
> I have a long list of emails. I want to look them up on a keyserver and
> automatically import any matches.
>
> I tried
>
> gpg --search-keys [EMAIL PROTECTED] < input.txt
>
> where input.txt is "1,2,3,4,5\n"
> but it did not work.
>
>
> Thanks for help.
>
> David
>
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>
>
>
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Automaticaly import public keys by e-mails
Hello, I have a long list of emails. I want to look them up on a keyserver and automatically import any matches. I tried gpg --search-keys [EMAIL PROTECTED] < input.txt where input.txt is "1,2,3,4,5\n" but it did not work. Thanks for help. David smime.p7s Description: S/MIME Cryptographic Signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proof of email ownership
On Mon, 08 Aug 2005 14:24:50 +0200, Simon Josefsson said: > gpg: can't put notation data into v3 (PGP 2.x style) signatures > [EMAIL PROTECTED]:~$ > Is my key unusable with this scheme? For better compatibility with pre OpenPGP implementations, gpg creates v3 signatures with v3 keys (yours). v3 signatures can't carry notation data. Use --force-v4-sigs to override this. Salam-Shalom, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proof of email ownership
Werner Koch <[EMAIL PROTECTED]> writes: > To create a signature on an email (or any other data) you would use: > > gpg -s [EMAIL PROTECTED]@example.org foo I get this: [EMAIL PROTECTED]:~$ gpg -s [EMAIL PROTECTED]@extundo.com foo You need a passphrase to unlock the secret key for user: “Simon Josefsson <[EMAIL PROTECTED]>” 1280-bit RSA key, ID B565716F, created 2002-05-05 gpg: can't put notation data into v3 (PGP 2.x style) signatures [EMAIL PROTECTED]:~$ Is my key unusable with this scheme? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proof of email ownership
Werner Koch <[EMAIL PROTECTED]> writes: > On Mon, 8 Aug 2005 09:37:10 +0200, Bernd Jendrissek said: > >> Do these TXT records support having multiple keys associated with the >> same email address? For example, I use D7CBA633 for "everyday" signing >> and encryption, and 24EEB426 for tin foil hat applications. > > No. I can be extended to allow for this. The current implementation > with TXT records should be considered experimental. You could have multiple TXT records, one for each key. Would that work? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proof of email ownership
On 07/08/05 14.48, Werner Koch wrote: > Hi! > > Let me note that I am currently working on a simplified key validation > scheme. The basic idea is to connect a signature to an DNS entry. Is this only for signatures, or will there also be a method to put this notation in a key, or would that be useless? /dossen pgpyAZAucXlXn.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proof of email ownership
On Mon, 8 Aug 2005 09:37:10 +0200, Bernd Jendrissek said: > Do these TXT records support having multiple keys associated with the > same email address? For example, I use D7CBA633 for "everyday" signing > and encryption, and 24EEB426 for tin foil hat applications. No. I can be extended to allow for this. The current implementation with TXT records should be considered experimental. Shalom-Salam, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: validate_key_list failed
On Fri, Aug 05, 2005 at 04:15:47PM +0200, Thomas Klausner wrote: > Hi! > > After adding some keys recently, I always get: [snip] > gpg: mpi larger than indicated length (2 bytes) > gpg: keyring_get_keyblock: read error: invalid packet > gpg: keyring_get_keyblock failed: invalid keyring > gpg: failed to rebuild keyring cache: invalid keyring > gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model > gpg: mpi larger than indicated length (2 bytes) > gpg: keyring_get_keyblock: read error: invalid packet > gpg: keydb_get_keyblock failed: invalid keyring > gpg: validate_key_list failed > > And the trustdb is not updated, because on the next run > I get the same error. > > How can I fix this? > Or how can I find out which key it is, so I can remove it > (as workaround)? FWIW, I've been getting the same with the FreeBSD port of gnupg-1.4.2. I've reverted to using 1.4.1 for the present. G'luck, Peter -- Peter Pentchev [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED] PGP key:http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence was in the past tense. pgpi0OJZKuUOe.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proof of email ownership
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, Aug 07, 2005 at 02:48:56PM +0200, Werner Koch wrote: > gpg detects that foo.gpg has the notation key [EMAIL PROTECTED] > and takes its value ([EMAIL PROTECTED]) to run a DNS query like: > > $ host -t txt werner._pka.example.org > werner._pka.example.org text "v=pka1\;fpr=A4D94E92B0986AB5EE9DC\ > D755DE249965B0358A2\;uri=finger:[EMAIL PROTECTED]" > > Now it compares the fingerprint given in that Text record against the ^^^ Do these TXT records support having multiple keys associated with the same email address? For example, I use D7CBA633 for "everyday" signing and encryption, and 24EEB426 for tin foil hat applications. [Yes, I know I should start using a newer GnuPG.] - -- > BTW, sometimes the lack of a specific response indicates *agreement*. Just in case you thought I was agreeing with you. -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQFC9wuX/FmLrNfLpjMRAvYZAKCIb6kJOq45fSwHpR5DH11wQShG3ACfa+G7 GXE0m2WUf28NkcvUP1hlEUw= =51r3 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
secret key not available
We recently generated a new key pair because of a server domain change. We generated a new armored public key and provided it to companies that send us files via ftp. They have encrypted files with our new public key and sent these files. We cannot decrypt them. Here is what we get when we try to decrypt: gpg: Warning: using insecure memory! gpg: encrypted with ELG-E key, ID 7725AAB6 gpg: decryption failed: secret key not available We're using GnuPG version 1.0.6. What have we done wrong? William F. Holmes Sr. PeopleSoft Oracle Database Administrator Desk: 703-818-5635 E-mail: [EMAIL PROTECTED] This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Save signature in mail headers
Hello, I would like to sign all my mail, but I do not want to annoy people that have incompatible e-mail clients with extra attachment file or signature in the text of the message. Is it possible to send the signature in mail headers? Regards, David Srbecky ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
validate_key_list failed
Hi! After adding some keys recently, I always get: gpg: public key 6E05F681 is 27717 seconds newer than the signature gpg: public key 8D1C8442 is 86014 seconds newer than the signature gpg: public key 8D1C8442 is 86010 seconds newer than the signature gpg: public key 8D1C8442 is 86010 seconds newer than the signature gpg: public key 4A90E7A1 is 30558 seconds newer than the signature gpg: public key 3022C951 is 31305 seconds newer than the signature gpg: public key 8F1B19A5 is 9972 seconds newer than the signature gpg: public key 4A90E7A1 is 30494 seconds newer than the signature gpg: mpi larger than indicated length (2 bytes) gpg: keyring_get_keyblock: read error: invalid packet gpg: keyring_get_keyblock failed: invalid keyring gpg: failed to rebuild keyring cache: invalid keyring gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model gpg: mpi larger than indicated length (2 bytes) gpg: keyring_get_keyblock: read error: invalid packet gpg: keydb_get_keyblock failed: invalid keyring gpg: validate_key_list failed And the trustdb is not updated, because on the next run I get the same error. How can I fix this? Or how can I find out which key it is, so I can remove it (as workaround)? Cheers, Thomas ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpg-1.4.2 --key-gen error (in unattended mode)
Hello, Using generation key in unattended mode, I have the following error even with the sample fil "foo" provided in DETAILS file (from the distribution) gpg: Generating a standard key +++..+.++>++...+ +..++.+++.+...+++>+.>.+.+ Assertion failed: (pkt->pkt.generic), function build_packet, file build-packet.c, line 74. Abort trap: 6 % cat foo %echo Generating a standard key Key-Type: DSA Key-Length: 1024 Subkey-Type: ELG-E Subkey-Length: 1024 Name-Real: Joe Tester Name-Comment: with stupid passphrase Name-Email: [EMAIL PROTECTED] Expire-Date: 0 Passphrase: abc %pubring foo.pub %secring foo.sec # Do a commit here, so that we can later print "done" :-) %commit %echo done % uname -mnsr FreeBSD 7.0-CURRENT #21: Thu Jul 28 20:15:14 CEST 2005 % gpg --version gpg (GnuPG) 1.4.2 Copyright (C) 2005 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512 Compression: Uncompressed, ZIP, ZLIB, BZIP2 (build from port) GnuPG-1.4.1 works fine on this system for months. I tried 1.4.2 compiled from source on a "old" FreeBSB-CURRENT (FreeBSD 6.0-CURRENT #14: Tue Apr 12 13:10:18 CEST 2005) and it's the same thing. How could I debug/provide more informations ? Cya -- Stephane Clodic France Teaser ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Multiple self signatures
Hello, I have multiple self signatures within my key and I haven't found a reason yet. I usually don't self-sign my key several times (well, at least I'm not aware of it). :) http://pgpkeys.pca.dfn.de:11371/pks/lookup?op=vindex&fingerprint=on&search=0x7E9154BFDA817013 How can I prevent this? I'd really appreciate any hints. Could you please CC me? I'm not subscribed to this list. GnuPG version is 1.4.2 (on Windows XP SP 2) Thanks Tobias ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Choosing a keyserver
What differences are there between different keyservers? What should one take in consideration when choosing witch keyserver to use? Oskar ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
[Fwd: Re: Proof of email ownership]
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Forwarded since it seems useful - Original Message Subject: Re: Proof of email ownership Date: Mon, 08 Aug 2005 09:07:24 +0200 From: Werner Koch <[EMAIL PROTECTED]> To: Alphax <[EMAIL PROTECTED]> CC: gnupg-users@gnupg.org References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> On Mon, 08 Aug 2005 00:11:26 +0930, Alphax said: > Your other assumption is that everyone has continuous and unrestricted > (no proxies, firewalls) internet access. I can't even get GPG to work To clarify this: It is NOT a change of the trust modeel but an optional feature. Without access to the net you can't do it but wou won't either be able to download a key. OTOH, this feature may also be implemented at a trusted upstream MTA. Salam-Shalom, Werner - -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 |X Against HTML email & vCards http://tinyurl.com/cc9up| / \ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC9wn5/RxM5Ph0xhMRA0V2AKCMMt8H1GCObGWXw86y5MO7KfJhZwCfdv0y O1usUCWsElK1ocbYgh5WerE= =B8J1 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proof of email ownership
On Sun, 07 Aug 2005 22:02:44 +0200, Jeroen Massar said: > - DNS is not a directory for random information It is not random information it just extends the domain system by local parts. Anyway, DNS is nowadays not anymore as for what it has been designed. > - Don't overload TXT records (though you can go the SPF >way and just make a record called SPF which is a TXT) I know. For experimenting TXT records are just fine. Obviously this should be replaced by a special record type designed for that purpose. > example.org > PGPSRV https keyserver.example.net /pks/ > PGPSRV hkp keyserver.example.net That is a different thing. The crucial point with PKA is to connect a key to the DNS using the fingerprint. Having a way to specify a keyserver does not help: The information returned by a keyserver is not trustworthy. There are other ways of downloading a key; having the URI part in the PKA record is mainly for convenience. > Btw I specified https above, which is something I would really like to > see implemented and usable in gpg. This allows everybody, who has access > to their DNS that is, to specify a keyserver of their choice for that > domain. The HTTPS, which implies SSL, makes it able for gnupg to have a > secure transfer of this data and verification of the SSL certificate to There is no need for a secure transfer of keys. The keys are intrinsic secure. A keyserver is just a bunch of untrusted keys the decision whether to trust a key is put onto the client. You can't trust them. BTW, gpg when build with cURL supports SSL. > Another note is that this all indeed still does not imply any trust, > that needs to come from a lot of users signing your key, one way to If you trust www.example.com you should also be able to trust mails coming from [EMAIL PROTECTED] The PKA scheme does exactly this. It can be used as a good protection agains faked mails. > solve it would be to have the domain admin have a trusted key, thus > someone who has been verified, and have this key sign the keys in that The Web of Trust does only for work closed groups and won't work on a large scale. In particular because it is impossible to teach an average user to assign the ownertrust levels. Those of the mail users who are able to do it are also smart enough not to get tricked by phishing mails - I am pretty sure that at least 95% of all users are pretty good tragets. Having a way to semi-automatically check the sender address might be helpful. Shalom-Salam, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: more than one message digest per signed message?
On Sun, 07 Aug 2005 19:02:21 +0200, Thomas Kuehne said: > Is it possible to use more than one message digest when signing a > message with GnuPG? No. Shalom-Salam, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Feature request: Automatically import public keys
On Sun, 07 Aug 2005 18:23:04 +0200, David Srbecky said: > Enigmail is great, but I find that public key import is very repetitive > and unnecessary action. Could Enigmail just try to import public keys > automatically for incoming mail? put keyserver-options aut-kye-retrieve into gpg.conf. Salam-Shalom, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proof of email ownership
On Mon, 08 Aug 2005 00:11:26 +0930, Alphax said: > Your other assumption is that everyone has continuous and unrestricted > (no proxies, firewalls) internet access. I can't even get GPG to work To clarify this: It is NOT a change of the trust modeel but an optional feature. Without access to the net you can't do it but wou won't either be able to download a key. OTOH, this feature may also be implemented at a trusted upstream MTA. Salam-Shalom, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proof of email ownership
On Sun, 7 Aug 2005 07:17:13 -0700 (PDT), S K said: > How would this work out for people who do not have > control over the DNS record of domains? Best examples > are free email services like hotmail and gmail? Convince them to have a feature for upload a key or a key's fingerprint into the user settings. Then they can generate a zone file from it. Shalom-Salam, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
