new (2006-04-16) keyanalyze results (+sigcheck)

2006-04-23 Thread Jason Harris

New keyanalyze results are available at:

  http://keyserver.kjsl.com/~jharris/ka/2006-04-16/

Signatures are now being checked using keyanalyze+sigcheck:

  http://dtype.org/~aaronl/

Earlier reports are also available, for comparison:

  http://keyserver.kjsl.com/~jharris/ka/

Even earlier monthly reports are at:

  http://dtype.org/keyanalyze/

SHA-1 hashes and sizes for all the permanent files:

bcae9e919f27181b4b6165deef9f25f4edf7601713566726preprocess.keys
e14208245d6bc0b20703c2b4ae41c00bc8d50b888118523 othersets.txt
e934a8b44346724672d8e3f1f0c60565c1e1b45a3318196 msd-sorted.txt

a751f9d5477744a4f5e5ce6ebad6a60908e317ee1372index.html
2cafbf5dd62b433f7c0b27b1cd44b765f667b5b62291keyring_stats
25ea10b490e855f21a74c60ee7d0edbf8ca59b941303775 msd-sorted.txt.bz2
84d03fab61a4d2748b77fcb37768b7db63ab9fb926  other.txt
ad6f00a117a546a2f8536f1e2ae01399cf19c01b1758078 othersets.txt.bz2
da61f8f8ab90544cc09768ddf27941b0fdcac5ae5502227 preprocess.keys.bz2
cb89d204320864bb870f114c2747d857188684e813741   status.txt
7237a3d9071073a6822ab93a99c713c7bdfdfd9f209731  top1000table.html
7e054a1b7d423bf4ead6425a252654eb0a9e40bd29874   top1000table.html.gz
9b6a0a0dbb6b85d7e951f228c1df6db0fa02f53b10776   top50table.html
83a3a2e3a1d33385b01706c729350d9606c19bc72544D3/D39DA0E3

-- 
Jason Harris   |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
[EMAIL PROTECTED] _|_ web:  http://keyserver.kjsl.com/~jharris/
  Got photons?   (TM), (C) 2004


pgpYbmxJpop18.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Modifications to key

2006-04-23 Thread Michael Nestler
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,
I'm new to this list, so if this has been answered before or is obvious,
I apologise.  If someone signs my public key, does this change the key?
i.e. would that render a copy of the public key on my website useless?
What about if I add another User ID?

Thanks,
Michael
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkRMB7YACgkQMY8MHpXUdSlingCfbU7Qu9EmOKUE4rETO32x24kX
pTwAoIRwDk9CXqjk/S+e+e6dMyWh8+2e
=GeID
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: Modifications to key

2006-04-23 Thread Robert J. Hansen
Michael Nestler wrote:
 I'm new to this list, so if this has been answered before or is 
 obvious, I apologise.

No apologies necessary.  Welcome to the GnuPG community.  :)

 If someone signs my public key, does this change the key?

Yes.

 i.e. would that render a copy of the public key on my website
 useless?

No.

 What about if I add another User ID?

Same answer--yes, it will change your key; no, it will not render it
useless.  If something is added to the key, it doesn't invalidate
existing copies of the key.  They'll still work perfectly fine.

As an example, let's say that I have key 0x5B8709EB on my website for
download.  (I do, so this isn't too much of a stretch.)  Let's say that
I want to add a user ID.  I do so, and after modifying the key send it
on to the keyserver.  Someone who gets my key from the keyserver will
get the updated version with the new user ID on it; someone who gets my
key from my web page will get the old version without the new user ID;
but both keys can be used to encrypt messages to me, or to verify the
messages I sign.

If you have any other questions, feel free to holler.  :)



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: Why are my signatures being labelled as bad?

2006-04-23 Thread Bob Smits
On Friday 21 April 2006 02:23, Samuel ]slund wrote:
 Hi Robert,

 I would guess that by signed you mean clear-signed.

Yes, the body of the message is not encrypted, but I've used a KGpg signature.

 Are you using Mime or in-line signatures?

How do I tell? I don't normally use MIME if I can help it, 
 Clear-signed, esp in-line, messages can suffer from email clients and
 MTA's that make corrections like changing character encoding or
 wrapping lines.

 HTH
 //Samuel

 On Wed, Apr 19, 2006 at 12:47:02PM -0700, Robert Smits wrote:
  I'm trying to figure out why I can send encrypted messages to myself at
  home from my work computer, and they come through just fine, but signed
  messages to myself from my work computer come labeelled as having a bad
  signature.
 
  Work computer - Suse Linux 9.3 running Kmail and KGpg. Have identity set
  to sign and encrypt with same GPG keys. Exported public address to home
  computer.
 
  Home computer Compaq laptop running Suse 10.0, also with Kmail and KGpg.
  Imported public key from work, set it as trusted.
 
  Signed files from work arrive at home with bad signatures. Encrypted
  files from work arrive at home and decrypt just fine.
 
  Signed files and encrypted files from home arrive at work just fine. Can
  anyone point me in the correct direction?
 
  Thanks
 
  --
  Robert Smits Exec Ass't Ph 753-0201 Fax 753-2954 Email [EMAIL PROTECTED]
 
  ___
  Gnupg-users mailing list
  Gnupg-users@gnupg.org
  http://lists.gnupg.org/mailman/listinfo/gnupg-users

 ___
 Gnupg-users mailing list
 Gnupg-users@gnupg.org
 http://lists.gnupg.org/mailman/listinfo/gnupg-users

-- 
Robert Smits Ph 245-2553 Fax 245-5531 Cell 246-7812 Email [EMAIL PROTECTED]
A criminal is a person with predatory instincts without sufficient capital to 
form a corporation. - Howard Scott

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Fw: Modifications to key

2006-04-23 Thread Gonzalo Bermúdez
Well, it won't render your copy useless, but you should update it so 
everyone who gets it also gets the new signature.

The same is applied if you add a new UID. Until you get your web page's
copy updated, and people start downloading it and updating their
keyrings, noone will see it. Furthermore, new UIDs won't be signed by
those who did sign your key before its creation.

On Sun, 23 Apr 2006 19:03:18 -0400
Michael Nestler [EMAIL PROTECTED] wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 Hi,
 I'm new to this list, so if this has been answered before or is
obvious,
 I apologise.  If someone signs my public key, does this change the
key?
 i.e. would that render a copy of the public key on my website useless?
 What about if I add another User ID?
 
 Thanks,
 Michael
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.1 (Darwin)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
 iEYEARECAAYFAkRMB7YACgkQMY8MHpXUdSlingCfbU7Qu9EmOKUE4rETO32x24kX
 pTwAoIRwDk9CXqjk/S+e+e6dMyWh8+2e
 =GeID
 -END PGP SIGNATURE-
 
 
 ___
 Gnupg-users mailing list
 Gnupg-users@gnupg.org
 http://lists.gnupg.org/mailman/listinfo/gnupg-users

-- 
Saludos
Gonzalo


pgpx0rJexfyci.pgp
Description: PGP signature


pgpORfs1kKOol.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: Why are my signatures being labelled as bad?

2006-04-23 Thread Bob Smits
On Friday 21 April 2006 03:21, Charly Avital wrote:
 A 'bad signature' can be caused by many different factors, one frequent
 cause being a text wrap problem.

 When a message is not only signed but encrypted+signed, the encryption
 process *might* write off the cause of a bad signature.

 You might try sending a signed message to the list; maybe some clue
 could be found.


OK. I'm back at the office tomorrow (Monday) and I'll try it then.

 I have found on the keyservers two keys that seem to belong to you:
 (1) Robert Smits [EMAIL PROTECTED]
   1024 bit RSA key 49E9AF38, created: 2006-04-19
 (2) Robert Smits [EMAIL PROTECTED]
   1024 bit DSA key E7629731, created: 2005-12-31


Both are out of date, but so far I can't figure out how to cancel them at the 
keyservers.

Bob
-- 
Robert Smits Ph 245-2553 Fax 245-5531 Cell 246-7812 Email [EMAIL PROTECTED]

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users