FreeBSD ports for libassuan 1.0.1 and gnupg 2.0.1

[Doug Barton]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

For FreeBSD users eager to get started with the new versions, I'm told
that the official ports will be updated "soon." They are just waiting
on a repo copy of the old gnupg-devel port, and the CVS folks are a
bit backlogged right now.

Meanwhile, I've updated my unofficial patches. The libassuan patch is
at http://dougbarton.us/libassuan.diff, and should apply cleanly to
the existing port. For gnupg, 'cd /usr/ports/security && cp -Rp
gnupg-devel gnupg2 && cd gnupg2 && patch < gnupg2.diff'. You can find
the patch at http://dougbarton.us/gnupg2.diff.

hth,

Doug

- --

If you're never wrong, you're not trying hard enough
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.1 (FreeBSD)

iD8DBQFFbVpUyIakK9Wy8PsRAn/7AJ9xHzaoNgn3Tn0RS/osX4ctSWkpQACfWCqU
/hlIJ0lwl1BMJkihkJSDJms=
=tPLv
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Two servers...one KeyPair

[Alphax]

Joseph Oreste Bruni wrote:
> Your question is ambiguous. What are you trying to do? Use one key pair
> on two systems, or use two key pairs on two systems?
> 
> If the former, simply copy the .gnupg directory to the second system.

That advice is seriously flawed. You do *not* want to copy the
random-seed file!

-- 
Alphax
Death to all fanatics!
  Down with categorical imperative!
OpenPGP key: http://tinyurl.com/lvq4g



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG 2.0 compilation fails with "undefined reference to gpg_err_code_from_syserror"

[Werner Koch]

On Tue, 28 Nov 2006 22:11, [EMAIL PROTECTED] said:

>  ../jnlib/libjnlib.a ../common/libcommonpth.a ../gl/libgnu.a -lgcrypt
>  -lgpg-error -L/usr/local/libassuan-1.0.1/lib -lassuan-pth -L/usr/lib
>  -lpth -lnsl -L/usr/local/libgpg-error-1.4/lib -lgpg-error -ldl

 -L/usr/lib -lpth -lnsl -L/usr/local/libgpg-error-1.4/lib
 ^^ ^^^
 From pth-configfrom gpg-error-config

Thus pth-config tells the linker to search the standard lib directory
first and there you have an old version of libgpg-error which does not
match the one tested by configure (installed under
/usr/local/libgpg-error-1.4).  I can mitigate the problem by changing
the order.  However, these kinds of problems are not completly
solvable.  

As a quick hack, I suggest to fix pth-config by removing the
superfluous -L/usr/lib.



Salam-Shalom,

   Werner


p.s.
You might also want to use stow(1) instead of having an own hierachy
for all libs.  Then you only need to do:

  ./configure
  make 
  make install prefix=/usr/local/stow/libgpg-error
  sudo stow -d /usr/local/stow libgpg-error

after having created the libgpg-error diectory chown to you.  This
allows to easily update or remove of libs.




___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Two servers...one KeyPair

[Henry Bremridge]

On Wed, Nov 29, 2006 at 08:20:06PM +1030, Alphax wrote:
 
> That advice is seriously flawed. You do *not* want to copy the
> random-seed file!
> 
Just out of interest: why?


--
Henry
Wed Nov 29 10:40:15 GMT 2006


signature.asc
Description: Digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Two servers...one KeyPair

[Alphax]

Henry Bremridge wrote:
> On Wed, Nov 29, 2006 at 08:20:06PM +1030, Alphax wrote:
>  
>> That advice is seriously flawed. You do *not* want to copy the
>> random-seed file!
>>
> Just out of interest: why?
> 

As someone a lot smarter than me pointed out in a message I can't find
when I suggested "just copy the .gnupg directory" (and with a bit of
background info thrown in, and I'm not a cryptographer and haven't
really studied the GnuPG internals so I might be wrong):

GPG is a hybrid cryptosystem; messages are (symmetrically) encrypted to
"random" session keys, which are then (asymmetrically) encrypted to a
number of recipient public keys. Part of the security of the system is
that the session key is "random" or as close to it as possible; because
GPG will work on many different and varying systems, there is no
guarantee of a system-wide random data source, so you can't just read
from /dev/random or /dev/urandom every time you want a bit of random
data, because it might not exist (and these have their own problems).
So, GPG has it's own internal pseudorandom number generator. In order to
speed things up a bit, it normally has an internal seed of pooled random
data - which it stores in .gnupg/random_seed while it's not using it.
When GPG decides it wants some random data, it generates it using this
file as the seed - so if you know what the random seed file was, it's
(somewhat) easier to predict what the next lot of random data is going
to be. So, you don't want two installations of GPG to have the same
random_seed, because you're going to start producing deterministic output...

-- 
Alphax
Death to all fanatics!
  Down with categorical imperative!
OpenPGP key: http://tinyurl.com/lvq4g



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Smart Card Use with GnuPG

[Adam Gould]

Hi all,

I was looking into Smart Cards for use with GnuPG email encryption (I'm
running Windows XP with Thunderbird and Enigmail) and found that the
OpenPGP Smart Card from g10code only supports 1024 bit RSA keys.  I'm
aware that there are some Smart Cards available (not OpenPGP branded)
that support 2048 bit RSA - would these work with GnuPG?  If so, what
type of card would I require to use?  If I did get a non-OpenPGP Smart
Card, would I require some additional software to enable me to transfer
existing keys to the card?

Thanks for any advice,

Adam

-- 
e-ignite: 
OpenPGP Key: 0x4B45F6F5 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Smart Card Use with GnuPG

[Werner Koch]

On Wed, 29 Nov 2006 11:44, [EMAIL PROTECTED] said:

> OpenPGP Smart Card from g10code only supports 1024 bit RSA keys.  I'm
> aware that there are some Smart Cards available (not OpenPGP branded)

That is not a branding but a specification for smartcards. GnuPG 1.4.x
does only support this smartcard specification.

GnuPG 2.0 supports several other smart cards but only for X.509
(S/MIME) and not for OpenPGP.



Shalom-Salam,

   Werner


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG 2.0 compilation fails with "undefined reference to gpg_err_code_from_syserror"

[Ralph Seichter]

Werner Koch wrote:

> I can mitigate the problem by changing the order. However, these kinds
> of problems are not completly solvable.

Well, even though it is not a perfect solution, it might be a good idea
to check the user-supplied library directories before /usr/lib.

> As a quick hack, I suggest to fix pth-config by removing the
> superfluous -L/usr/lib.

I'll attach a small patch for the "configure" script of GnuPG 2.0.1
which works for me.

-- 
Mit freundlichen Grüßen / Sincerely
Dipl. Inform. Ralph Seichter

*** /tmp/gnupg-2.0.1-orig/configure Tue Nov 28 17:05:22 2006
--- configure   Wed Nov 29 14:41:48 2006
***
*** 7344,7351 
  
  if test $have_pth = yes; then
 PTH_CFLAGS=`$PTH_CONFIG --cflags`
!PTH_LIBS=`$PTH_CONFIG --ldflags`
!PTH_LIBS="$PTH_LIBS `$PTH_CONFIG --libs --all`"
  
  cat >>confdefs.h <<\_ACEOF
  #define HAVE_PTH 1
--- 7344,7352 
  
  if test $have_pth = yes; then
 PTH_CFLAGS=`$PTH_CONFIG --cflags`
!#PTH_LIBS=`$PTH_CONFIG --ldflags`
!#PTH_LIBS="$PTH_LIBS `$PTH_CONFIG --libs --all`"
!PTH_LIBS="`$PTH_CONFIG --libs --all`"
  
  cat >>confdefs.h <<\_ACEOF
  #define HAVE_PTH 1
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

[Announce] GnuPG 2.0.1 released

[Werner Koch]

Hello!

We are pleased to announce the availability of a new stable GnuPG-2
release: Version 2.0.1

This is maintenance release to fix build problems found after the
release of 2.0.0 and to fix a buffer overflow in gpg2

The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication
and data storage.  It can be used to encrypt data, create digital
signatures, help authenticating using Secure Shell and to provide a
framework for public key cryptography.  It includes an advanced key
management facility and is compliant with the OpenPGP and S/MIME
standards.

GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.5) in that
it splits up functionality into several modules.  However, both
versions may be installed alongside without any conflict.  In fact,
the gpg version from GnuPG-1 is able to make use of the gpg-agent as
included in GnuPG-2 and allows for seamless passphrase caching.  The
advantage of GnuPG-1 is its smaller size and the lack of dependency on
other modules at run and build time.  We will keep maintaining GnuPG-1
versions because they are very useful for small systems and for server
based applications requiring only OpenPGP support.

GnuPG is distributed under the terms of the GNU General Public License
(GPL).  GnuPG-2 works best on GNU/Linux or *BSD systems.  A port
Windows is planned but work has not yet started.


Getting the Software


Please follow the instructions found at http://www.gnupg.org/download/
or read on:

GnuPG 2.0.1 may be downloaded from one of the GnuPG mirror sites or
direct from ftp://ftp.gnupg.org/gcrypt/ .  The list of mirrors can be
found at http://www.gnupg.org/mirrors.html .  Note, that GnuPG is not
available at ftp.gnu.org.

On the mirrors you should find the following files in the *gnupg*
directory:

  gnupg-2.0.1.tar.bz2 (3.8Mk)
  gnupg-2.0.1.tar.bz2.sig

  GnuPG source compressed using BZIP2 and OpenPGP signature.

  gnupg-2.0.0-2.0.1.diff.bz2 (220k)

  A patch file to upgrade a 2.0.0 GnuPG source.  This is only that
  large arge due to an update of the included gettext module.

Note, that we don't distribute gzip compressed tarballs.  


Checking the Integrity
==

In order to check that the version of GnuPG which you are going to
install is an original and unmodified one, you can do it in one of
the following ways:

 * If you already have a trusted version of GnuPG installed, you
   can simply check the supplied signature.  For example to check the
   signature of the file gnupg-2.0.1.tar.bz2 you would use this command:

 gpg --verify gnupg-2.0.1.tar.bz2.sig

   This checks whether the signature file matches the source file.
   You should see a message indicating that the signature is good and
   made by that signing key.  Make sure that you have the right key,
   either by checking the fingerprint of that key with other sources
   or by checking that the key has been signed by a trustworthy other
   key.  Note, that you can retrieve the signing key using the command

 finger wk ,at' g10code.com

   or using a keyserver like

 gpg --recv-key 1CE0C630

   The distribution key 1CE0C630 is signed by the well known key
   5B0358A2.  If you get an key expired message, you should retrieve a
   fresh copy as the expiration date might have been prolonged.

   NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE
   INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION!

 * If you are not able to use an old version of GnuPG, you have to verify
   the SHA-1 checksum.  Assuming you downloaded the file
   gnupg-2.0.1.tar.bz2, you would run the sha1sum command like this:

 sha1sum gnupg-2.0.1.tar.bz2

   and check that the output matches the first line from the
   following list:

ec84ffb1d2ac013dc0afb5bdf8b9df2c838673e9  gnupg-2.0.1.tar.bz2
c6cca309b12700503bb4c671491ebf7a4cd6f1be  gnupg-2.0.0-2.0.1.diff.bz2


What's New
===

 * Experimental support for the PIN pads of the SPR 532 and the Kaan
   Advanced card readers.  Add "disable-keypad" scdaemon.conf if you
   don't want it.  Does currently only work for the OpenPGP card and
   its authentication and decrypt keys.

 * Fixed build problems on some some platforms and crashes on amd64.

 * Fixed a buffer overflow in gpg2. [bug#728]


Internationalization


GnuPG comes with support for 27 languages.  Due to a lot of new and
changed strings most translations are not entirely complete. However
the Turkish, German and Russian translators have meanwhile finished
their translations.  Updates of the other translations are expected
for the next releases.


Documentation
=

We are currently working on an installation guide to explain in more
detail how to configure the new features.  As of now the chapters on
gpg-agent and gpgsm include brief information on how to set up the
whole thing.  Please watch the GnuPG website for updates of the
documentation.  In the meantime you may search the GnuPG mailin

Re: Smart Card Use with GnuPG

[Benjamin Donnachie]

Adam Gould wrote:
> I was looking into Smart Cards for use with GnuPG email encryption (I'm
> running Windows XP with Thunderbird and Enigmail) and found that the
> OpenPGP Smart Card from g10code only supports 1024 bit RSA keys.


The gnupg-pkcs11[1] patches /may/ do what you want; it enables the use
of PKCS#11 tokens with gnupg.  But I haven't haven't had chance to look
into it in detail yet.

Also, I am in the process of starting an "open openpgp" implementation
and one of the goals is to support 4096 bit RSA.  See [2] to join the
mailing list and read the archives.

Ben

[1] http://gnupg-pkcs11.sourceforge.net/
[2] http://www.py-soft.co.uk/mailman/listinfo/open-openpgp-card

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Logo ballot reminder

[Adam Cripps]

On 11/23/06, Werner Koch <[EMAIL PROTECTED]> wrote:

Hi,



As of now only 151 out of 1230 casted their vote.

Hurry, the deadline is next Thursday.


Salam-Shalom,

   Werner


I don't seem to have received the URL either - please can you forward it?

Adam

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] GnuPG 2.0.1 released

[Johan Wevers]

Werner Koch wrote:

>This is maintenance release to fix build problems found after the
>release of 2.0.0 and to fix a buffer overflow in gpg2

Will there come a 1.4.6 too?

-- 
ir. J.C.A. Wevers //  Physics and science fiction site:
[EMAIL PROTECTED]   //  http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG 2.0 compilation fails with "undefined reference to gpg_err_code_from_syserror"

[Werner Koch]

On Wed, 29 Nov 2006 15:10, [EMAIL PROTECTED] said:

> I'll attach a small patch for the "configure" script of GnuPG 2.0.1
> which works for me.

But only for you.  As soon as --ldflags returns a non-standard
directory it won't work.


Shalom-Salam,

   Werner


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] GnuPG 2.0.1 released

[Joseph Oreste Bruni]

Hi Werner,

Do the build-problem fixes in 2.0.1 include OS X/Darwin? Or, should I  
wait for a future release?


Joe



On Nov 29, 2006, at 6:55 AM, Werner Koch wrote:


Hello!

We are pleased to announce the availability of a new stable GnuPG-2
release: Version 2.0.1

This is maintenance release to fix build problems found after the
release of 2.0.0 and to fix a buffer overflow in gpg2

The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication
and data storage.  It can be used to encrypt data, create digital
signatures, help authenticating using Secure Shell and to provide a
framework for public key cryptography.  It includes an advanced key
management facility and is compliant with the OpenPGP and S/MIME
standards.

GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.5) in that
it splits up functionality into several modules.  However, both
versions may be installed alongside without any conflict.  In fact,
the gpg version from GnuPG-1 is able to make use of the gpg-agent as
included in GnuPG-2 and allows for seamless passphrase caching.  The
advantage of GnuPG-1 is its smaller size and the lack of dependency on
other modules at run and build time.  We will keep maintaining GnuPG-1
versions because they are very useful for small systems and for server
based applications requiring only OpenPGP support.

GnuPG is distributed under the terms of the GNU General Public License
(GPL).  GnuPG-2 works best on GNU/Linux or *BSD systems.  A port
Windows is planned but work has not yet started.


Getting the Software


Please follow the instructions found at http://www.gnupg.org/download/
or read on:

GnuPG 2.0.1 may be downloaded from one of the GnuPG mirror sites or
direct from ftp://ftp.gnupg.org/gcrypt/ .  The list of mirrors can be
found at http://www.gnupg.org/mirrors.html .  Note, that GnuPG is not
available at ftp.gnu.org.

On the mirrors you should find the following files in the *gnupg*
directory:

  gnupg-2.0.1.tar.bz2 (3.8Mk)
  gnupg-2.0.1.tar.bz2.sig

  GnuPG source compressed using BZIP2 and OpenPGP signature.

  gnupg-2.0.0-2.0.1.diff.bz2 (220k)

  A patch file to upgrade a 2.0.0 GnuPG source.  This is only that
  large arge due to an update of the included gettext module.

Note, that we don't distribute gzip compressed tarballs.


Checking the Integrity
==

In order to check that the version of GnuPG which you are going to
install is an original and unmodified one, you can do it in one of
the following ways:

 * If you already have a trusted version of GnuPG installed, you
   can simply check the supplied signature.  For example to check the
   signature of the file gnupg-2.0.1.tar.bz2 you would use this  
command:


 gpg --verify gnupg-2.0.1.tar.bz2.sig

   This checks whether the signature file matches the source file.
   You should see a message indicating that the signature is good and
   made by that signing key.  Make sure that you have the right key,
   either by checking the fingerprint of that key with other sources
   or by checking that the key has been signed by a trustworthy other
   key.  Note, that you can retrieve the signing key using the command

 finger wk ,at' g10code.com

   or using a keyserver like

 gpg --recv-key 1CE0C630

   The distribution key 1CE0C630 is signed by the well known key
   5B0358A2.  If you get an key expired message, you should retrieve a
   fresh copy as the expiration date might have been prolonged.

   NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE
   INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION!

 * If you are not able to use an old version of GnuPG, you have to  
verify

   the SHA-1 checksum.  Assuming you downloaded the file
   gnupg-2.0.1.tar.bz2, you would run the sha1sum command like this:

 sha1sum gnupg-2.0.1.tar.bz2

   and check that the output matches the first line from the
   following list:

ec84ffb1d2ac013dc0afb5bdf8b9df2c838673e9  gnupg-2.0.1.tar.bz2
c6cca309b12700503bb4c671491ebf7a4cd6f1be  gnupg-2.0.0-2.0.1.diff.bz2


What's New
===

 * Experimental support for the PIN pads of the SPR 532 and the Kaan
   Advanced card readers.  Add "disable-keypad" scdaemon.conf if you
   don't want it.  Does currently only work for the OpenPGP card and
   its authentication and decrypt keys.

 * Fixed build problems on some some platforms and crashes on amd64.

 * Fixed a buffer overflow in gpg2. [bug#728]


Internationalization


GnuPG comes with support for 27 languages.  Due to a lot of new and
changed strings most translations are not entirely complete. However
the Turkish, German and Russian translators have meanwhile finished
their translations.  Updates of the other translations are expected
for the next releases.


Documentation
=

We are currently working on an installation guide to explain in more
detail how to configure the new features.  As of now the chapters on
gpg-agent and gpgsm inc

Importing my keys fails

[Michael Erskine]

Hi all,

I have a pair of existing keys that I've used for ssh over the past few years 
and I'd like to use them with gnupg and gpg-enabled mailers etc. but they 
won't import for some reason: -

[EMAIL PROTECTED]:~/.ssh$ gpg --import id_dsa
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

My private key looks like this...

-BEGIN DSA PRIVATE KEY-
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,A953971238701254



-END DSA PRIVATE KEY-

...and my public key is a single line beginning "ssh-dss ". Neither of them 
will import so I'm assuming they're either incompatible with my openpgp or I 
need to cast some magic to get them to work. Here's my version...

[EMAIL PROTECTED]:~/.ssh$ gpg --version
gpg (GnuPG) 1.4.3
Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cypher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Any ideas?

Regards,
Michael Erskine.


-- 
A right is not what someone gives you; it's what no one can take from you.
-- Ramsey Clark



___ 
Try the all-new Yahoo! Mail. "The New Version is radically easier to use" – The 
Wall Street Journal 
http://uk.docs.yahoo.com/nowyoucan.html


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] GnuPG 2.0.1 released

[Andrew Berg]

Johan Wevers wrote:
> Werner Koch wrote:
>
>   
>> This is maintenance release to fix build problems found after the
>> release of 2.0.0 and to fix a buffer overflow in gpg2
>> 
>
> Will there come a 1.4.6 too?
>
>   
Yes.



I don't remember if this was asked, but will 1.4.6 have a Win32 build?

-- 
 /\_/\   /\_/\   /\_/\ 
( o.o ) ( o.o ) ( o.o )
 > ^ <   > ^ <   > ^ <  Don't make me send my ASCII kitten minions.
Key ID: 0x9C6CC3A3
Fingerprint: 5474 04A6 2BAC 7138 204A D61B 4246 59CB 9C6C C3A3
(Portable) Thunderbird 1.5.0.7 w/ Enigmail 0.94.1.1 and GnuPG 1.4.5
Windows XP SP2 Home Edition
Every time you send private information unencrypted, a kitten cries.
So won't you please, please, think of the kittens?


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] GnuPG 2.0.1 released

[Benjamin Donnachie]

Joseph Oreste Bruni wrote:
> Do the build-problem fixes in 2.0.1 include OS X/Darwin? Or, should I
> wait for a future release?

What problems are you having?

Ben

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Logo ballot reminder

[Joseph Oreste Bruni]

On Nov 29, 2006, at 7:26 AM, Adam Cripps wrote:


On 11/23/06, Werner Koch <[EMAIL PROTECTED]> wrote:

Hi,



As of now only 151 out of 1230 casted their vote.

Hurry, the deadline is next Thursday.


Salam-Shalom,

   Werner

I don't seem to have received the URL either - please can you  
forward it?


Adam




Werner, your original ballot announcement ended up in my "Junk" box  
accidentally by my filter. I only noticed it after a rare venture to  
look to see what was there. Perhaps the HTML email is setting off  
people's filters?


Joe



smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] GnuPG 2.0.1 released

[Werner Koch]

On Wed, 29 Nov 2006 16:40, [EMAIL PROTECTED] said:

> I don't remember if this was asked, but will 1.4.6 have a Win32 build?

Yes.


Salam-Shalom,

   Werner


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

[Announce] Dirmngr 1.0.0 released

[Werner Koch]

Hi!

We are pleased to announce the availability of Dirmngr version 1.0.0.

Dirmngr is a server for managing and downloading certificate
revocation lists (CRLs) for X.509 certificates and for downloading the
certificates themselves.  Dirmngr also handles OCSP requests as an
alternative to CRLs.  Dirmngr is either invoked internally by gpgsm
(from GnuPG-2) or when running as a system daemon through the
dirmngr-client tool.

Get it from:

 ftp://ftp.gnupg.org/gcrypt/dirmngr/dirmngr-1.0.0.tar.bz2 (416k)
 ftp://ftp.gnupg.org/gcrypt/dirmngr/dirmngr-1.0.0.tar.bz2.sig

or as a patch against the last beta version:

 ftp://ftp.gnupg.org/gcrypt/alpha/dirmngr/dirmngr-0.9.7-1.0.0.diff.bz2 (35k)


SHA-1 checksums are:

7ab362ec505ed154b00408bb4fd902bf4773fcea  dirmngr-1.0.0.tar.bz2
6d4fee6f196daf65442b58ea923263ff5062796d  dirmngr-0.9.7-1.0.0.diff.bz2



Whats new in this release
=

 * Bumbed the version number.

 * Removed included gettext.  We now require the system to provide a
   suitable installation.



Documentation
=

Dirmngr comes with man pages and as well as with a texinfo based
manual.  Run "info dirmngr" to read the manual or run

  make -C doc dirmngr.pdf 

to build a printable version.  If you have questions on the use of
Dirmngr, feel free to ask at [EMAIL PROTECTED]


Support
===

Improving Dirmngr is costly, but you can help!  We are looking for
organizations that find Dirmngr useful and wish to contribute back.
You can contribute by reporting bugs, improve the software, or by
donating money.

Commercial support contracts for Dirmngr are available, and they help
finance continued maintenance.  g10 Code GmbH, a Duesseldorf based
company owned and headed by GnuPG's principal author, is currently
funding Dirmngr development.  We are always looking for interesting
development projects.

A service directory is available at:

  http://www.gnupg.org/service.html


Thanks
==

We have to thank all the people who helped with this release.  In
particular Steffen Hansen who wrote the initial version and the folks
at Intevation GmbH who helped a lot by providing infrastructure for
testing and development.



Happy Hacking,

  Werner


-- 
Werner Koch  <[EMAIL PROTECTED]>
The GnuPG Expertshttp://g10code.com
Join the Fellowship and protect your Freedom!http://www.fsfe.org



pgpfsggYmqO93.pgp
Description: PGP signature
___
Gnupg-announce mailing list
[EMAIL PROTECTED]
http://lists.gnupg.org/mailman/listinfo/gnupg-announce
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] GnuPG 2.0.1 released

[Benjamin Donnachie]

Werner Koch wrote:
> libksba does not build out of the box.  This is a problem with gnulib
> and ar.  I might need to update gnulib in libksba - then I can check
> further.  FWIW, I am using this box for the tests:

I haven't tested it fully with the new version, but the following was in
the darwin ports and worked well previously:

edit gl/Makefile.in

Change the line "am_libgnu_la_OBJECTS =" to "am_libgnu_la_OBJECTS =
alloca.lo"

Then ./configure, make etc.

Ben

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Logo ballot reminder

[Andrew Berg]

Joseph Oreste Bruni wrote:
> Werner, your original ballot announcement ended up in my "Junk" box
> accidentally by my filter. I only noticed it after a rare venture to
> look to see what was there. Perhaps the HTML email is setting off
> people's filters?
I don't think HTML was why, it could be because of the number of links.
Were there a lot? (it arrived before I subscribed to the list)
Doesn't really matter,though. Just add [EMAIL PROTECTED] and
[EMAIL PROTECTED] to your address book.

-- 
 /\_/\   /\_/\   /\_/\ 
( o.o ) ( o.o ) ( o.o )
 > ^ <   > ^ <   > ^ <  Don't make me send my ASCII kitten minions.
Key ID: 0x9C6CC3A3
Fingerprint: 5474 04A6 2BAC 7138 204A D61B 4246 59CB 9C6C C3A3
(Portable) Thunderbird 1.5.0.7 w/ Enigmail 0.94.1.1 and GnuPG 1.4.5
Windows XP SP2 Home Edition
Every time you send private information unencrypted, a kitten cries.
So won't you please, please, think of the kittens?


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] GnuPG 2.0.1 released

[Werner Koch]

On Wed, 29 Nov 2006 18:08, [EMAIL PROTECTED] said:

> What problems are you having?

libksba does not build out of the box.  This is a problem with gnulib
and ar.  I might need to update gnulib in libksba - then I can check
further.  FWIW, I am using this box for the tests:

Darwin ppc-osx3.cf.sourceforge.net 6.8 Darwin Kernel Version 6.8: Wed Sep 10 
15:20:55 PDT 2003; root:xnu/xnu-344.49.obj~2/RELEASE_PPC  Power Macintosh 
powerpc


Shalom-Salam,

   Werner


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] GnuPG 2.0.1 released

[Joseph Oreste Bruni]

On Nov 29, 2006, at 10:08 AM, Benjamin Donnachie wrote:


Joseph Oreste Bruni wrote:

Do the build-problem fixes in 2.0.1 include OS X/Darwin? Or, should I
wait for a future release?


What problems are you having?

Ben


Two, actually. libgpg-error will not build unless I disable NLS.  
After that, libksba won't build at all.


I'm using 10.4.8 on an intel iMac.

Darwin lethe 8.8.1 Darwin Kernel Version 8.8.1: Mon Sep 25 19:42:00  
PDT 2006; root:xnu-792.13.8.obj~1/RELEASE_I386 i386 i386


-Joe





smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] GnuPG 2.0.1 released

[Benjamin Donnachie]

Benjamin Donnachie wrote:
> I haven't tested it fully with the new version, but the following was in
> the darwin ports and worked well previously:

When I get time, I will prepare a packaged up version for MacOS which
will be available through the mac-gpg project.

Ben

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Logo ballot reminder

[Werner Koch]

On Wed, 29 Nov 2006 18:10, [EMAIL PROTECTED] said:

> Werner, your original ballot announcement ended up in my "Junk" box
> accidentally by my filter. I only noticed it after a rare venture to
> look to see what was there. Perhaps the HTML email is setting off
> people's filters?

Probably.  Frankly, I learned it only after starting that poll and
then it was too late.  Anway, setting up my own election service for
this one-time event and send proper mails (i.e. text/plain) does not
seem to be justified.

Maybe someone can come up with a patch to the CIVS software to add an
option for sending non-HTML mails.  It would be nice feature for other
projects too.



Salam-Shalom,

   Werner




___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG 2.0 compilation fails with "undefined reference to gpg_err_code_from_syserror"

[Ralph Seichter]

Werner Koch wrote:

> As soon as --ldflags returns a non-standard directory it won't work.

Indeed, it is a crude, temporary workaround. I'm looking forward to your
solution for upcoming builds. ;-)

-- 
Mit freundlichen Grüßen / Sincerely
Dipl. Inform. Ralph Seichter


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Importing my keys fails

[Joseph Bruni]

An OpenSSH key is not an OpenPGP key. There are some efforts to use OpenPGP 
keys for SSH authentication, however.


-Original Message-
>From: Michael Erskine <[EMAIL PROTECTED]>
>Sent: Nov 29, 2006 7:35 AM
>To: gnupg-users@gnupg.org
>Subject: Importing my keys fails
>
>Hi all,
>
>I have a pair of existing keys that I've used for ssh over the past few years 
>and I'd like to use them with gnupg and gpg-enabled mailers etc. but they 
>won't import for some reason: -
>
>[EMAIL PROTECTED]:~/.ssh$ gpg --import id_dsa
>gpg: no valid OpenPGP data found.
>gpg: Total number processed: 0
>
>My private key looks like this...
>
>-BEGIN DSA PRIVATE KEY-
>Proc-Type: 4,ENCRYPTED
>DEK-Info: DES-EDE3-CBC,A953971238701254
>
>
>
>-END DSA PRIVATE KEY-
>
>...and my public key is a single line beginning "ssh-dss ". Neither of them 
>will import so I'm assuming they're either incompatible with my openpgp or I 
>need to cast some magic to get them to work. Here's my version...
>
>[EMAIL PROTECTED]:~/.ssh$ gpg --version
>gpg (GnuPG) 1.4.3
>Copyright (C) 2006 Free Software Foundation, Inc.
>This program comes with ABSOLUTELY NO WARRANTY.
>This is free software, and you are welcome to redistribute it
>under certain conditions. See the file COPYING for details.
>
>Home: ~/.gnupg
>Supported algorithms:
>Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
>Cypher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
>Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512
>Compression: Uncompressed, ZIP, ZLIB, BZIP2
>
>Any ideas?
>
>Regards,
>Michael Erskine.
>
>
>-- 
>A right is not what someone gives you; it's what no one can take from you.
>   -- Ramsey Clark
>
>
>   
>___ 
>Try the all-new Yahoo! Mail. "The New Version is radically easier to use" � 
>The Wall Street Journal 
>http://uk.docs.yahoo.com/nowyoucan.html
>
>
>___
>Gnupg-users mailing list
>Gnupg-users@gnupg.org
>http://lists.gnupg.org/mailman/listinfo/gnupg-users


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Smart Card Use with GnuPG

[Alon Bar-Lev]

On Wednesday 29 November 2006 17:07, Benjamin Donnachie wrote:
> Adam Gould wrote:
> > I was looking into Smart Cards for use with GnuPG email
> > encryption (I'm running Windows XP with Thunderbird and Enigmail)
> > and found that the OpenPGP Smart Card from g10code only supports
> > 1024 bit RSA keys.
>
> The gnupg-pkcs11[1] patches /may/ do what you want; it enables the
> use of PKCS#11 tokens with gnupg.  But I haven't haven't had chance
> to look into it in detail yet.

The gnupg-pkcs11 is a standalone scdaemon and not patch, but it works 
only with gpgsm, so it won't solve the problem.

I've tried to make it work with gpg, but I had no success... It seems 
that it looks for specific card type? I didn't invest a lot of time 
in this, and we did not want to patch gpg code.

Best Regards,
Alon Bar-Lev.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

[Announce] First release candidate for 1.4.6 available

[David Shaw]

We are pleased to announce the availability of the first release
candidate for the forthcoming 1.4.6 version of GnuPG:

 ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.6rc1.tar.bz2 (3.0M)
 ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.6rc1.tar.bz2.sig

SHA-1 checksums for the above files are:

 c7fe6551350866af8509c3ba0666d1e69a1668cd  gnupg-1.4.6rc1.tar.bz2
 9a35c9b9a9544dd0b5afd91c6595655dca2c0b9c  gnupg-1.4.6rc1.tar.bz2.sig

Note that this is only a release candidate, and as such is not
intended for use on production systems.  If you are inclined to help
test, however, we would appreciate you trying this new version and
reporting any problems.

Noteworthy changes since 1.4.5:

* Fixed a bug while decrypting certain compressed and encrypted
  messages. [bug#537]
 
* Fixed a buffer overflow in gpg. [bug#728]

* Added --s2k-count to set the number of times passphrase mangling
  is repeated.  The default is 65536 times.

* Added a GPL license exception to the keyserver helper programs
  gpgkeys_ldap, gpgkeys_curl, and gpgkeys_hkp, to clarify any
  potential questions about the ability to distribute binaries
  that link to the OpenSSL library.  GnuPG does not link directly
  to OpenSSL, but libcurl (used for HKP, HTTP, and FTP) and
  OpenLDAP (used for LDAP) may.  Note that this license exception
  is considered a bug fix and is intended to forgive any
  violations pertaining to this issue, including those that may
  have occurred in the past.

Happy Hacking,

  David, Timo, Werner


pgp3pPTu5bvNC.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] First release candidate for 1.4.6 available

[Charly Avital]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

David Shaw wrote the following on 11/29/06 10:21 PM:
> We are pleased to announce the availability of the first release
> candidate for the forthcoming 1.4.6 version of GnuPG:
> 
>  ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.6rc1.tar.bz2 (3.0M)
>  ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.6rc1.tar.bz2.sig
> 
> SHA-1 checksums for the above files are:
> 
>  c7fe6551350866af8509c3ba0666d1e69a1668cd  gnupg-1.4.6rc1.tar.bz2
>  9a35c9b9a9544dd0b5afd91c6595655dca2c0b9c  gnupg-1.4.6rc1.tar.bz2.sig
> 
> Note that this is only a release candidate, and as such is not
> intended for use on production systems.  If you are inclined to help
> test, however, we would appreciate you trying this new version and
> reporting any problems.
> 
> Noteworthy changes since 1.4.5:
> 
> * Fixed a bug while decrypting certain compressed and encrypted
>   messages. [bug#537]
>  
> * Fixed a buffer overflow in gpg. [bug#728]
> 
> * Added --s2k-count to set the number of times passphrase mangling
>   is repeated.  The default is 65536 times.
> 
> * Added a GPL license exception to the keyserver helper programs
>   gpgkeys_ldap, gpgkeys_curl, and gpgkeys_hkp, to clarify any
>   potential questions about the ability to distribute binaries
>   that link to the OpenSSL library.  GnuPG does not link directly
>   to OpenSSL, but libcurl (used for HKP, HTTP, and FTP) and
>   OpenLDAP (used for LDAP) may.  Note that this license exception
>   is considered a bug fix and is intended to forgive any
>   violations pertaining to this issue, including those that may
>   have occurred in the past.
> 
> Happy Hacking,
> 
>   David, Timo, Werner


Compiled from source with idea.c added to 'cipher'.
Version info:   gnupg 1.4.6rc1
Configured for: Darwin (powerpc-apple-darwin8.8.0)

Seems to be working fine.

Thank you David, Timo and Werner.

Charly
KeyOnCard at:


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6rc1 (Darwin)
Comment: GnuPG for Privacy
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQCVAwUBRW6JriRJoUyU/RYhAQKZEgQAmYMJ+wNlFM914uxutPAqT/5+FPARwyUY
Nz2irqq+VATQv9BgVQZSqYjdtlASg/uTCGFT/m4PgMZuoUcisjn1WBYzo7C3CZip
Trddo4Etv+yCV+VMOz7smyY4wmNW/Q/ETaEWGMRiRVg50ecTVL7y8SKWA75+w/Bq
74oDfJaVgRU=
=PqrU
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] GnuPG 2.0.1 released

[Werner Koch]

On Wed, 29 Nov 2006 18:47, [EMAIL PROTECTED] said:

> edit gl/Makefile.in
>
> Change the line "am_libgnu_la_OBJECTS =" to "am_libgnu_la_OBJECTS =
> alloca.lo"

I have found a more portable way to do it.  Ii is in libksba 1.0.1.

The problem is that ar(1) does not like "ar cru foo.a" to simply
create an empty library foo.a.  Now, we won't need alloca on OS X and
thus the configure stuff creates a Makefile with no modules and thus
ar is called without any object modules by litool.  Addin a dummy
object helps.


Shalom-Salam,

   Werner


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users