new (2006-04-16) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2006-04-16/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: bcae9e919f27181b4b6165deef9f25f4edf7601713566726preprocess.keys e14208245d6bc0b20703c2b4ae41c00bc8d50b888118523 othersets.txt e934a8b44346724672d8e3f1f0c60565c1e1b45a3318196 msd-sorted.txt a751f9d5477744a4f5e5ce6ebad6a60908e317ee1372index.html 2cafbf5dd62b433f7c0b27b1cd44b765f667b5b62291keyring_stats 25ea10b490e855f21a74c60ee7d0edbf8ca59b941303775 msd-sorted.txt.bz2 84d03fab61a4d2748b77fcb37768b7db63ab9fb926 other.txt ad6f00a117a546a2f8536f1e2ae01399cf19c01b1758078 othersets.txt.bz2 da61f8f8ab90544cc09768ddf27941b0fdcac5ae5502227 preprocess.keys.bz2 cb89d204320864bb870f114c2747d857188684e813741 status.txt 7237a3d9071073a6822ab93a99c713c7bdfdfd9f209731 top1000table.html 7e054a1b7d423bf4ead6425a252654eb0a9e40bd29874 top1000table.html.gz 9b6a0a0dbb6b85d7e951f228c1df6db0fa02f53b10776 top50table.html 83a3a2e3a1d33385b01706c729350d9606c19bc72544D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpYbmxJpop18.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Modifications to key
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I'm new to this list, so if this has been answered before or is obvious, I apologise. If someone signs my public key, does this change the key? i.e. would that render a copy of the public key on my website useless? What about if I add another User ID? Thanks, Michael -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkRMB7YACgkQMY8MHpXUdSlingCfbU7Qu9EmOKUE4rETO32x24kX pTwAoIRwDk9CXqjk/S+e+e6dMyWh8+2e =GeID -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Modifications to key
Michael Nestler wrote: I'm new to this list, so if this has been answered before or is obvious, I apologise. No apologies necessary. Welcome to the GnuPG community. :) If someone signs my public key, does this change the key? Yes. i.e. would that render a copy of the public key on my website useless? No. What about if I add another User ID? Same answer--yes, it will change your key; no, it will not render it useless. If something is added to the key, it doesn't invalidate existing copies of the key. They'll still work perfectly fine. As an example, let's say that I have key 0x5B8709EB on my website for download. (I do, so this isn't too much of a stretch.) Let's say that I want to add a user ID. I do so, and after modifying the key send it on to the keyserver. Someone who gets my key from the keyserver will get the updated version with the new user ID on it; someone who gets my key from my web page will get the old version without the new user ID; but both keys can be used to encrypt messages to me, or to verify the messages I sign. If you have any other questions, feel free to holler. :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Why are my signatures being labelled as bad?
On Friday 21 April 2006 02:23, Samuel ]slund wrote: Hi Robert, I would guess that by signed you mean clear-signed. Yes, the body of the message is not encrypted, but I've used a KGpg signature. Are you using Mime or in-line signatures? How do I tell? I don't normally use MIME if I can help it, Clear-signed, esp in-line, messages can suffer from email clients and MTA's that make corrections like changing character encoding or wrapping lines. HTH //Samuel On Wed, Apr 19, 2006 at 12:47:02PM -0700, Robert Smits wrote: I'm trying to figure out why I can send encrypted messages to myself at home from my work computer, and they come through just fine, but signed messages to myself from my work computer come labeelled as having a bad signature. Work computer - Suse Linux 9.3 running Kmail and KGpg. Have identity set to sign and encrypt with same GPG keys. Exported public address to home computer. Home computer Compaq laptop running Suse 10.0, also with Kmail and KGpg. Imported public key from work, set it as trusted. Signed files from work arrive at home with bad signatures. Encrypted files from work arrive at home and decrypt just fine. Signed files and encrypted files from home arrive at work just fine. Can anyone point me in the correct direction? Thanks -- Robert Smits Exec Ass't Ph 753-0201 Fax 753-2954 Email [EMAIL PROTECTED] ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Robert Smits Ph 245-2553 Fax 245-5531 Cell 246-7812 Email [EMAIL PROTECTED] A criminal is a person with predatory instincts without sufficient capital to form a corporation. - Howard Scott ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Fw: Modifications to key
Well, it won't render your copy useless, but you should update it so everyone who gets it also gets the new signature. The same is applied if you add a new UID. Until you get your web page's copy updated, and people start downloading it and updating their keyrings, noone will see it. Furthermore, new UIDs won't be signed by those who did sign your key before its creation. On Sun, 23 Apr 2006 19:03:18 -0400 Michael Nestler [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I'm new to this list, so if this has been answered before or is obvious, I apologise. If someone signs my public key, does this change the key? i.e. would that render a copy of the public key on my website useless? What about if I add another User ID? Thanks, Michael -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkRMB7YACgkQMY8MHpXUdSlingCfbU7Qu9EmOKUE4rETO32x24kX pTwAoIRwDk9CXqjk/S+e+e6dMyWh8+2e =GeID -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Saludos Gonzalo pgpx0rJexfyci.pgp Description: PGP signature pgpORfs1kKOol.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Why are my signatures being labelled as bad?
On Friday 21 April 2006 03:21, Charly Avital wrote: A 'bad signature' can be caused by many different factors, one frequent cause being a text wrap problem. When a message is not only signed but encrypted+signed, the encryption process *might* write off the cause of a bad signature. You might try sending a signed message to the list; maybe some clue could be found. OK. I'm back at the office tomorrow (Monday) and I'll try it then. I have found on the keyservers two keys that seem to belong to you: (1) Robert Smits [EMAIL PROTECTED] 1024 bit RSA key 49E9AF38, created: 2006-04-19 (2) Robert Smits [EMAIL PROTECTED] 1024 bit DSA key E7629731, created: 2005-12-31 Both are out of date, but so far I can't figure out how to cancel them at the keyservers. Bob -- Robert Smits Ph 245-2553 Fax 245-5531 Cell 246-7812 Email [EMAIL PROTECTED] ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
