Re: Batch Mode and decrypt
On Sat, Apr 14, 2007 at 10:23:24PM -0500, jane grove wrote: > Hello, > I am trying to use the GnuPG command "decrypt" in batch mode (i.e. in a > script). > When I use the option "--batch", I don't have a way to enter the user > id or passphrase. Look at the --passphrase-fd, --passphrase-file, or --passphrase options. They are all in the manual, and can be used to provide a passphrase during batch operation. However, if you are including the passphrase in a script, it is worth asking yourself if there is any security benefit in having a passphrase-protected key at all. After all, an attacker who gets access to the script needs merely to read it to know the passphrase. David ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: personal-digest-preferences
On Sat, Apr 14, 2007 at 04:38:12PM -0400, John W. Moore III wrote: > Jørgen Christiansen Lysdal wrote: > > John W. Moore III wrote: > >> Or change it; say to SHA 256? > > > > That will not work, since my goal is not to factor in my own prefs. > > Not all keys "support" sha256, so that will leave gpg complaining when > > i encrypt and sign to them, am i right?? No. You can put any hash in the list you like. If that hash is not appropriate for a given context (say, SHA256 with a DSA key), then it is skipped. The intent behind the personal-x-preferences is they are a "safe" way to specify algorithms. Unlike forcing an algorithm with something like --digest-algo, personal-digest-preferences will never cause the use of an algorithm that violates the protocol. David ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users
Batch Mode and decrypt
Hello, I am trying to use the GnuPG command "decrypt" in batch mode (i.e. in a script). When I use the option "--batch", I don't have a way to enter the user id or passphrase. In batch mode, the gpg command cannot be interactive. I tried "gpg --batch --decrypt filename userid", but it didn't work. In batch mode, how do I use the gpg command to decrypt a file with a userid? Thanks. ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: personal-digest-preferences
On Sun, Apr 15, 2007 at 12:34:26AM +0200, Laurent Jumet wrote: > Hello David ! > > David Shaw <[EMAIL PROTECTED]> wrote: > > > You can set it to whatever you like. > > This is what I have myself: > > default-preference-list S7 S1 S10 S3 S4 S2 H3 H2 H1 Z3 Z2 Z1 Z0 > personal-cipher-preferences S7 S1 S10 S3 S4 S2 > personal-digest-preferences H3 H2 H1 > personal-compress-preferences Z3 Z2 Z1 Z0 Note that you don't have to use stuff like "H3 H2 H1" anymore. As of version 1.4.0, you can use "RIPEMD160 SHA1 MD5". David ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: personal-digest-preferences
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Hello David ! David Shaw <[EMAIL PROTECTED]> wrote: > You can set it to whatever you like. This is what I have myself: default-preference-list S7 S1 S10 S3 S4 S2 H3 H2 H1 Z3 Z2 Z1 Z0 personal-cipher-preferences S7 S1 S10 S3 S4 S2 personal-digest-preferences H3 H2 H1 personal-compress-preferences Z3 Z2 Z1 Z0 - -- Laurent Jumet KeyID: 0xCFAF704C -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) iD8DBQFGIVeN9R1toM+vcEwRAxV3AKDRi0tJDV3Tw7mNvxITw22UIdLyLwCgt3/8 //SpPj4rqzh2Q1SnazpY9Qk= =1EwE -END PGP SIGNATURE- ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: personal-digest-preferences
On Sat, Apr 14, 2007 at 04:26:01PM -0400, John W. Moore III wrote: > Jørgen Christiansen Lysdal wrote: > > David Shaw wrote: > > > >> It's historical. Older versions of GPG generated keys with a standard > >> hash preference of RIPEMD/160 before SHA-1. When GPG later started > >> using that hash preference to decide which hash to pick, this resulted > >> in people who were expecting SHA-1 to suddenly get RIPEMD/160. To > >> restore the old behavior, we stuck a SHA-1 preference in > >> personal-digest-preferences. > > > > Can i have sausage with that?? // > > > > Is there an easy way to remove it?? > Or change it; say to SHA 256? You can set it to whatever you like. David ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: personal-digest-preferences
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Jørgen Christiansen Lysdal wrote: > John W. Moore III wrote: >> Or change it; say to SHA 256? > > That will not work, since my goal is not to factor in my own prefs. > Not all keys "support" sha256, so that will leave gpg complaining when > i encrypt and sign to them, am i right?? OK, I'm cool with just changing it to a gpg.conf option. This way, GnuPG will parse the 'Encrypt To' Key for it's Preferences & Capabilities. JOHN ;) Timestamp: Saturday 14 Apr 2007, 16:37 --400 (Eastern Daylight Time) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8-svn4471: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: http://www.gswot.org Comment: My Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJGITuzAAoJEBCGy9eAtCsPLnMH/3XKv58plcK4ITT8nf9na6Cg hIxnQ+7RQ5AwcxU3Z7wZomFXeXhLCQO3FmBrRvv4gHP1NHY8/IeU/1qjgVPoy4SN Z7oEeHB5+yNW4hrMnnD1pUVqdnXD9PhRi2AiOLdaQcXgL89F884t6DxTguBq65zR Piw8KZ5/wXUnL8Ik0bXGqAUy7fkxb4oKc2Uc8qxEl2aWpKvO69+qCWRMxH+loay6 qhdtBg2LW3IsuyUyLFDZ8/kcd8FErZTiaLGHI3o1vNYZyGUN+24xyGV5jbR6lZ5E pfP5Bj5dxk9EU56uaNnzzFN/9jBGgkS9oa65WLFQ4BDHZ/A7+0NDYTE7Hkr6MKk= =+jZy -END PGP SIGNATURE- ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: personal-digest-preferences
On Sat, Apr 14, 2007 at 10:02:20PM +0200, Jørgen Christiansen Lysdal wrote: > David Shaw wrote: > > > It's historical. Older versions of GPG generated keys with a standard > > hash preference of RIPEMD/160 before SHA-1. When GPG later started > > using that hash preference to decide which hash to pick, this resulted > > in people who were expecting SHA-1 to suddenly get RIPEMD/160. To > > restore the old behavior, we stuck a SHA-1 preference in > > personal-digest-preferences. > > Can i have sausage with that?? // > > Is there an easy way to remove it?? Sure. Just set the preferences to whatever you actually prefer. If you want no preferences at all, do personal-digest-preferences none David ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Key Revocation
On Friday 13 April 2007 11:36 pm, John Clizbe wrote: > Chris wrote: > > This may sound simple, but I want to make sure I get it done right. My > > ISP/DSL provider, Embarq, has dumped Earthlink as their mail provider > > sine 9 April and setup their own mail servers. Simple, revoke the EL key > > and make a new key for Embarq, except, the two have come to an agreement > > and that is that Earthlink will continue to forward mail for Embarq users > > until 31 Oct. Question being do I keep the Earthlink key and also > > generate one for my Embarq address or once I have everything setup for > > the Embarq servers generate one for Embarq and at that time reovke the > > Earthlink key? > > Why revoke and create a new key? Why not just add the new address on a new > UID, and make it primary. Sometime between now and Oct 31, you can revoke > the old UID. > > My AT&T address became Comcast; that became Roadrunner. > > Same person. Same key. Just a new email address. Plus the revoked address > gives clueful folks the hint that email shouldn't be sent there. Thanks John and John, thats been the suggested way to handle this and thats what I'll do. Didn't realize though that there was so much to do when changing addresses, modifications to postfix, fetchmail, gpg and so forth. Thanks again to all for the suggestions. Chris -- Chris KeyID 0xE372A7DA98E6705C pgp9b2KOEhlLS.pgp Description: PGP signature ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: personal-digest-preferences
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Jørgen Christiansen Lysdal wrote: > David Shaw wrote: > >> It's historical. Older versions of GPG generated keys with a standard >> hash preference of RIPEMD/160 before SHA-1. When GPG later started >> using that hash preference to decide which hash to pick, this resulted >> in people who were expecting SHA-1 to suddenly get RIPEMD/160. To >> restore the old behavior, we stuck a SHA-1 preference in >> personal-digest-preferences. > > Can i have sausage with that?? // > > Is there an easy way to remove it?? Or change it; say to SHA 256? JOHN ;) Timestamp: Saturday 14 Apr 2007, 16:25 --400 (Eastern Daylight Time) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8-svn4471: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: http://www.gswot.org Comment: My Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJGITjXAAoJEBCGy9eAtCsPBvwH/Rgm6G4qkqHCwpTjqJ+i+6X9 MQ9mQJcOYltHk4hAzTn79uzuYbidF1+nqNsUbMviDtrZDKbKDKpTcjVRm2PNJ2zP jk4GK7PfneTyj83qJkTebl04ZyC8NCNML5CNkVs4tpkvjJTXyGkXCBw3JMHqA149 XL6ZZXlTlpAs1IXY15RQwnxcn8Kyoo+wKdgXq82WJmmPvPUOqMmtvzPpUO9HlrUk cCYX4kZxUKAnNkvfBI4aylg5JNmvJ2HM14n7nFwQTMa6d9cHDsHVuQGB+IBbTWnZ k7weqP3iRPYUSd1XDHvUp7G1zU/5OUlS4uQCoSyPQJEEYipaUElQfn6L4m/SPOU= =dgm1 -END PGP SIGNATURE- ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: personal-digest-preferences
David Shaw wrote: > It's historical. Older versions of GPG generated keys with a standard > hash preference of RIPEMD/160 before SHA-1. When GPG later started > using that hash preference to decide which hash to pick, this resulted > in people who were expecting SHA-1 to suddenly get RIPEMD/160. To > restore the old behavior, we stuck a SHA-1 preference in > personal-digest-preferences. Can i have sausage with that?? // Is there an easy way to remove it?? ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: personal-digest-preferences
On Sat, Apr 14, 2007 at 05:38:30PM +0200, Jørgen Christiansen Lysdal wrote: > Hi, > > As it says in the manual --personal-digest-preferences has a default > value of sha1. But why does it have a default value when > --personal-cipher-preferences does not? It's historical. Older versions of GPG generated keys with a standard hash preference of RIPEMD/160 before SHA-1. When GPG later started using that hash preference to decide which hash to pick, this resulted in people who were expecting SHA-1 to suddenly get RIPEMD/160. To restore the old behavior, we stuck a SHA-1 preference in personal-digest-preferences. David ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Check integrity of gnupg-w32cli-1.4.7.exe
> Hi, >=20 > I do not have a previous trusted installation of gpg. >=20 > I've checked the sha1 hash for the downloaded gnupg-w32cli-1.4.7.exe on= the=20 > main page and it checks: > b806e8789c93dc6d08b129170d6beb9e1a5ae68f >=20 > The main page says to double check against announcements in the mailing= list=20 > archives> >=20 > I have found this last task impossible. Even searching for the hash it = self=20 > turns up nothing. >=20 > How do I confirm the hash? Or specifically which posting contains this = info? 1.4.7 was announced in http://lists.gnupg.org/pipermail/gnupg-announce/2007q1/000251.html and also http://lists.gnupg.org/pipermail/gnupg-devel/2007-March/023687.html http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html It did not contain the installer SHA-1 hash. --=20 John P. Clizbe Inet: John (a) Mozilla-Enigmail.org= You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A "what's the key to success?"/ "two words: good decisions." "what's the key to good decisions?" / "one word: experience." "how do i get experience?" / "two words: bad decisions." "Just how do the residents of Haiku, Hawai'i hold conversations?" signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Check integrity of gnupg-w32cli-1.4.7.exe
On Sat, Apr 14, 2007 at 05:20:33AM -0400, StephenK wrote: > I've checked the sha1 hash for the downloaded gnupg-w32cli-1.4.7.exe on the > main page and it checks: > b806e8789c93dc6d08b129170d6beb9e1a5ae68f > I have found this last task impossible. Even searching for the hash it self > turns up nothing. Choose a different search engine. google.com has several hits for that hash, and dogpile.com shows results from several search engines for that hash. -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgps0gHKVbSBq.pgp Description: PGP signature ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Gnupg cannot handle extremely large keys on 32 bit Linux
Ludwig Hügelschäfer wrote the following on 4/14/07 8:57 PM: > Hi, > > Charly Avital wrote on 14.04.2007 18:17 Uhr: > >> *Therefore, there is a difference in results (Key ID and fpr) when the >> keyblock is imported from Thunderbird+Enigmail (inside option), and when >> the same keyblock is saved in a stand-along file that is imported via CLI*. > > I just deleted the mentioned key from my keyring and reimported it using > enigmails import function by clicking on "decrypt". > > The key still identifies in the same way (0x2D879666, fingerprint > BCA2 2448 8F7C 5646 A94A CE16 35BE A302 2D87 9666) afterwards. > > Running TB 2.0.0.0pre (20070414) + Enigmail nightly 0.95b (20070409) > > Which combination do you run? > > Ludwig, cc'ing to the enigmail list. Ludwig, The most recent comments by Alexander Feigl point at the possibility that gpg 2.0.3 is writing out the key incorrectly, in such a way that gpg 1.4.7 does not recognize it. Following that comment, I have already posted to the list that I am running TB+Enigmail using gpg 2.0.3, and not gpg 1.4.7. When I imported Alexander Feigl's large key, using the 'Decrypt' icon (in TB 2.0.0.0 + Enigmail 0.95.0) or the OpenPGP option 'Sender's key>Import Public Key (in TB 1.5.0.10 + Enigmail 0.94.3), I was using gpg 2.0.3. If indeed gpg 2.0.3 is writing out the key incorrectly, why it is doing so? Just to remind what was happening: - although TB+Enigmail/gpg 2.0.3 indicated that it was going to import a key whose key ID was 2D879666, the key that was imported had the key ID 17CACAE3 - gpg --edit-key 2D879666 did not find such a key. - gpg --edit-key 17CACAE3 found a key that showed a self signature made with 2D879666 - but when the key block was imported through CLI as a copy/paste/saved file (i.e. *not* via TB+Enigmail/gpg 2.0.3), the imported key was 2D879666, without any mention of 17CACAE3. Charly Charly ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Gnupg cannot handle extremely large keys on 32 bit Linux
Hi, Charly Avital wrote on 14.04.2007 18:17 Uhr: > *Therefore, there is a difference in results (Key ID and fpr) when the > keyblock is imported from Thunderbird+Enigmail (inside option), and when > the same keyblock is saved in a stand-along file that is imported via CLI*. I just deleted the mentioned key from my keyring and reimported it using enigmails import function by clicking on "decrypt". The key still identifies in the same way (0x2D879666, fingerprint BCA2 2448 8F7C 5646 A94A CE16 35BE A302 2D87 9666) afterwards. Running TB 2.0.0.0pre (20070414) + Enigmail nightly 0.95b (20070409) Which combination do you run? Ludwig, cc'ing to the enigmail list. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Gnupg cannot handle extremely large keys on 32 bit Linux
At 6:44 PM +0200 4/14/07, Alexander Feigl wrote: >[...] >Looks good. > >Can anybody test it with 2.0.3 on Mac? > >For me it look like there are problems with saving to key to disk. Importing >the key with 1.4.7 and then checking the key with 2.0.3 seems to work last >time I checked it (x86 Linux). At least as long as the key file is not >touched by 2.0.3. If Enigmal would use the same gnupg components as gnupg >2.0.x this would explain the behaviour. The key gets written out incorrectly >and gnupg 1.4.7 fails because of this. > >Is there any easy way to view and compare the key material (prime product, >public exponent...) of a key ring? > >Alexander Feigl Alexander, I think you may have found the cause of the confusion (mine): When I run Thunderbird+Enigmail, I am using gpg 2.0.3 (on an Inter Core 2 Duo Mac), not gpg 1.4.7, and the keyblock is imported by Enigmail+gpg 2.0.3. Therefore the problem wouldn't be related to Enigmail per se, but to gpg 2.0.3. Now, why gpg 2.0.3 would write out your key incorrectly, in such a way that gpg 1.4.7 fails to recognize it? Charly ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Gnupg cannot handle extremely large keys on 32 bit Linux
Am Samstag 14 April 2007 schrieb Charly Avital: > After reading Ludwig's post, I proceeded to import Feigl's key, using > the same procedure he followed. > > You might remember that when I originally imported Feigl's key, I used > Thunderbird+Enigmail's OpenPGP option to import the key block (I > remember I expressly reported it), without having to copy+paste+save in > a stand alone file. > > Now, when I import the stand alone file I created, I get the following > in Terminal: > > $ gpg --import /Users/admin/Desktop/Feigl.unix > gpg: key 2D879666: public key "Testing only <[EMAIL PROTECTED]>" imported > gpg: Total number processed: 1 > gpg: imported: 1 (RSA: 1) > http://lists.gnupg.org/mailman/listinfo/gnupg-users Looks good. Can anybody test it with 2.0.3 on Mac? For me it look like there are problems with saving to key to disk. Importing the key with 1.4.7 and then checking the key with 2.0.3 seems to work last time I checked it (x86 Linux). At least as long as the key file is not touched by 2.0.3. If Enigmal would use the same gnupg components as gnupg 2.0.x this would explain the behaviour. The key gets written out incorrectly and gnupg 1.4.7 fails because of this. Is there any easy way to view and compare the key material (prime product, public exponent...) of a key ring? Alexander Feigl ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Gnupg cannot handle extremely large keys on 32 bit Linux
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, (resent message after the original didn't make it through yet) Charly Avital wrote on 14.04.2007 15:18 Uhr: > I can't qualify whether it works or not, nor can I qualify whether the > key ID is incorrect. > > GnuPG recognizes 17CACAE3 (in both processors) as the key ID. Perhaps I may help here: Using gnupg 1.4.7, self compiled with idea-support under Mac OS X 10.4.9, PPC (have no intel around yet) I get these results after cutting and pasting the key from the OP (Message-ID <[EMAIL PROTECTED]>) and saving with Textwrangler: gpg --import test.asc gpg: key 2D879666: public key "Testing only <[EMAIL PROTECTED]>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) gpg --list-keys /Users//.gnupg/pubring.gpg pub 16384R/2D879666 2007-04-07 [expires: 2017-04-04] uid Testing only <[EMAIL PROTECTED]> gpg --edit-key 0x2D879666 gpg (GnuPG) 1.4.7; Copyright (C) 2006 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. pub 16384R/2D879666 created: 2007-04-07 expires: 2017-04-04 usage: SC trust: unknown validity: unknown [ unknown] (1). Testing only <[EMAIL PROTECTED]> Command> fpr pub 16384R/2D879666 2007-04-07 Testing only <[EMAIL PROTECTED]> Primary key fingerprint: BCA2 2448 8F7C 5646 A94A CE16 35BE A302 2D87 9666 Command> check uid Testing only <[EMAIL PROTECTED]> sig!32D879666 2007-04-07 [self-signature] Command> showpref [ unknown] (1). Testing only <[EMAIL PROTECTED]> Cipher: AES256, AES192, AES, CAST5, 3DES Digest: SHA512, SHA384, SHA256, SHA1, RIPEMD160 Compression: BZIP2, ZLIB, ZIP, Uncompressed Features: MDC, Keyserver no-modify Seems correct after reading all posts. HTH Ludwig -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRiDzBVYnpxVXVowdAQokhQgA1lrh5/5O2wWiZCTg+2lzuqJDpp5hIeK4 78NhApwFds6zC8QX1jzNSFfJ0d85jTmiyMKlwJ1938LjJTF+jKiI7Kc+eFatx47Q Aqd/nhZc14IE36mXfczg3oHkrOjJ5rO/hmca9GO+mRlRSDPqUJP965s3bomHdDIZ PHJh0P6yxOySEZtocFLmM90HyXmtw5xM7sNwOeaOA5Yn0vwpMxvVLtphYE8ts7se K69+hF8oRS+j91NwGAbQ72Vgth9e4QRhNcPiqRn8kPk3CSCHKVqnw98WQzVvMD0+ ofKowOtzZpiOcDVfbskI628SRLolMNQ9+zmzpAXg4wDdGedWya+u2g== =2mXi -END PGP SIGNATURE- ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Gnupg cannot handle extremely large keys on 32 bit Linux
Ludwig Hügelschäfer wrote the following on 4/14/07 4:45 PM: > Hi, > > Charly Avital wrote on 14.04.2007 15:18 Uhr: > >> I can't qualify whether it works or not, nor can I qualify whether the >> key ID is incorrect. > >> GnuPG recognizes 17CACAE3 (in both processors) as the key ID. > > Perhaps I may help here: > > Using gnupg 1.4.7, self compiled with idea-support under Mac OS X > 10.4.9, PPC (have no intel around yet) I get these results after cutting > and pasting the key from the OP and saving with Textwrangler: > > > gpg --import test.asc > gpg: key 2D879666: public key "Testing only <[EMAIL PROTECTED]>" imported > gpg: Total number processed: 1 > gpg: imported: 1 (RSA: 1) > > gpg --list-keys > /Users//.gnupg/pubring.gpg > pub 16384R/2D879666 2007-04-07 [expires: 2017-04-04] > uid Testing only <[EMAIL PROTECTED]> > > gpg --edit-key 0x2D879666 > gpg (GnuPG) 1.4.7; Copyright (C) 2006 Free Software Foundation, Inc. > This program comes with ABSOLUTELY NO WARRANTY. > This is free software, and you are welcome to redistribute it > under certain conditions. See the file COPYING for details. > > > pub 16384R/2D879666 created: 2007-04-07 expires: 2017-04-04 usage: SC > trust: unknown validity: unknown > [ unknown] (1). Testing only <[EMAIL PROTECTED]> > > Command> fpr > pub 16384R/2D879666 2007-04-07 Testing only <[EMAIL PROTECTED]> > Primary key fingerprint: BCA2 2448 8F7C 5646 A94A CE16 35BE A302 2D87 9666 > > Command> check > uid Testing only <[EMAIL PROTECTED]> > sig!32D879666 2007-04-07 [self-signature] > > Command> showpref > [ unknown] (1). Testing only <[EMAIL PROTECTED]> > Cipher: AES256, AES192, AES, CAST5, 3DES > Digest: SHA512, SHA384, SHA256, SHA1, RIPEMD160 > Compression: BZIP2, ZLIB, ZIP, Uncompressed > Features: MDC, Keyserver no-modify > > Seems correct after reading all posts. > > HTH > > Ludwig David, After reading Ludwig's post, I proceeded to import Feigl's key, using the same procedure he followed. You might remember that when I originally imported Feigl's key, I used Thunderbird+Enigmail's OpenPGP option to import the key block (I remember I expressly reported it), without having to copy+paste+save in a stand alone file. Now, when I import the stand alone file I created, I get the following in Terminal: $ gpg --import /Users/admin/Desktop/Feigl.unix gpg: key 2D879666: public key "Testing only <[EMAIL PROTECTED]>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) admin-s-computer:~ admin$ gpg --edit-key 2D879666 gpg (GnuPG) 1.4.7; Copyright (C) 2006 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. pub 16384R/2D879666 created: 2007-04-07 expires: 2017-04-04 usage: SC trust: unknown validity: unknown [ unknown] (1). Testing only <[EMAIL PROTECTED]> Command> check uid Testing only <[EMAIL PROTECTED]> sig!32D879666 2007-04-07 [self-signature] Command> fpr pub 16384R/2D879666 2007-04-07 Testing only <[EMAIL PROTECTED]> Primary key fingerprint: BCA2 2448 8F7C 5646 A94A CE16 35BE A302 2D87 9666 Command> quit -- *Therefore, there is a difference in results (Key ID and fpr) when the keyblock is imported from Thunderbird+Enigmail (inside option), and when the same keyblock is saved in a stand-along file that is imported via CLI*. By the way, I also reported that PGP Desktop (where the importing is done by drag/dropping the stand-alone file into PGP's open window) recognized the key as 0x2D879666 (with an invalid self-signature). I don't know why there is a difference, I am including Patrick Brunschwig (Enigmail) in the distribution of this message. Charly ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Gnupg cannot handle extremely large keys on 32 bit Linux
David Shaw wrote the following on 4/14/07 5:31 PM: [...] > > And this is a regular 1.4.7, no patches or anything done beyond > download, ./configure, and make ? And you tested it with the exact > key from the original email at > http://lists.gnupg.org/pipermail/gnupg-users/2007-April/030733.html ? A regular 1.4.7, with source code downloaded from gnupg.org, signature downloaded from same site, verified OK. Compiled (as I always do) with Apple's Developers Tools that is a part (optional install) of the original MacOS 10.4.*, code-named Tiger. The only thing I did, was to cp idea.c to cipher, and then ./configure, make and make install. Everything flowed from start to end. $ gpg --version gpg (GnuPG) 1.4.7 Copyright (C) 2006 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 - Tested with the key block that is embedded in Alexander Feigl's email to the gnupg-users list, as per the URL you mentioned above. > I'm not sure where to go with this from here. Clearly you and I are > doing something different. I just downloaded a brand new copy of the > 1.4.7 tarball from ftp.gnupg.org, and built it again on three > platforms and tested against the key from the original email. It > still works. > > Can someone else with a Mac try importing that key? I hope someone will pick up the hint, I'm taking the liberty of cross-posting to macgpg-users. Charly ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Gnupg cannot handle extremely large keys on 32 bit Linux
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Charly Avital wrote on 14.04.2007 15:18 Uhr: > I can't qualify whether it works or not, nor can I qualify whether the > key ID is incorrect. > > GnuPG recognizes 17CACAE3 (in both processors) as the key ID. Perhaps I may help here: Using gnupg 1.4.7, self compiled with idea-support under Mac OS X 10.4.9, PPC (have no intel around yet) I get these results after cutting and pasting the key from the OP and saving with Textwrangler: gpg --import test.asc gpg: key 2D879666: public key "Testing only <[EMAIL PROTECTED]>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) gpg --list-keys /Users//.gnupg/pubring.gpg pub 16384R/2D879666 2007-04-07 [expires: 2017-04-04] uid Testing only <[EMAIL PROTECTED]> gpg --edit-key 0x2D879666 gpg (GnuPG) 1.4.7; Copyright (C) 2006 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. pub 16384R/2D879666 created: 2007-04-07 expires: 2017-04-04 usage: SC trust: unknown validity: unknown [ unknown] (1). Testing only <[EMAIL PROTECTED]> Command> fpr pub 16384R/2D879666 2007-04-07 Testing only <[EMAIL PROTECTED]> Primary key fingerprint: BCA2 2448 8F7C 5646 A94A CE16 35BE A302 2D87 9666 Command> check uid Testing only <[EMAIL PROTECTED]> sig!32D879666 2007-04-07 [self-signature] Command> showpref [ unknown] (1). Testing only <[EMAIL PROTECTED]> Cipher: AES256, AES192, AES, CAST5, 3DES Digest: SHA512, SHA384, SHA256, SHA1, RIPEMD160 Compression: BZIP2, ZLIB, ZIP, Uncompressed Features: MDC, Keyserver no-modify Seems correct after reading all posts. HTH Ludwig -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRiDa21YnpxVXVowdAQoNBggAoKVRZFp1nUSvLfiy9QO0PLXT2VqnZ0O4 5Qot8LKHM3l3zC07lPZHliwbzrtM5u4LrzarfCzkKbA6lMAXz3kw8t9S1fpFZDoG NiwDEvuC+kp2cnV3gwJ3IW9+nOCkLvY0uzZ/KazpiFNBPUudH8kKh71tL84LTf9S fc9IrdbUIQeMtfeS376t7Hnoofqs5WC3HXalQQxz9+QjzyJqgPlsV32ioT1vn6Lx AI/S1V3MUwDhkxmBAzxPGeJkFy1QgJcR7jBKETo5GfUgtYwxRijjqQXW55MgNlld 00Mi60ywZGAJD3Un+yKSuP9eGgsfdERWB0OGwnmh7iVhzzWg5Vf9fA== =xWut -END PGP SIGNATURE- ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users
personal-digest-preferences
Hi, As it says in the manual --personal-digest-preferences has a default value of sha1. But why does it have a default value when --personal-cipher-preferences does not? ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Gnupg cannot handle extremely large keys on 32 bit Linux
On Sat, Apr 14, 2007 at 04:38:46PM +0300, Charly Avital wrote: > David Shaw wrote the following on 4/14/07 3:37 PM: > > On Sat, Apr 14, 2007 at 03:54:10AM -0400, Charly Avital wrote: > > > >> If the above is accurate, we have a key: > >> - that was apparently imported as 2D879666, but gpg --edit-key 2D879666 > >> does not find it. > >> - whose fpr shows its Key ID to be 17CACAE3 > >> - that has been signed (sig!3) with a key whose Key ID is 2D879666, back > >> to square one. > > > > Indeed, and this is very strange. Can you tell me if you compiled > > 1.4.7 yourself or downloaded it pre-built from somewhere? > > > > David > > I compiled myself 1.4.7 from source. And this is a regular 1.4.7, no patches or anything done beyond download, ./configure, and make ? And you tested it with the exact key from the original email at http://lists.gnupg.org/pipermail/gnupg-users/2007-April/030733.html ? I'm not sure where to go with this from here. Clearly you and I are doing something different. I just downloaded a brand new copy of the 1.4.7 tarball from ftp.gnupg.org, and built it again on three platforms and tested against the key from the original email. It still works. Can someone else with a Mac try importing that key? David ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Gnupg cannot handle extremely large keys on 32 bit Linux
David Shaw wrote the following on 4/14/07 3:37 PM: > On Sat, Apr 14, 2007 at 03:54:10AM -0400, Charly Avital wrote: > >> If the above is accurate, we have a key: >> - that was apparently imported as 2D879666, but gpg --edit-key 2D879666 >> does not find it. >> - whose fpr shows its Key ID to be 17CACAE3 >> - that has been signed (sig!3) with a key whose Key ID is 2D879666, back >> to square one. > > Indeed, and this is very strange. Can you tell me if you compiled > 1.4.7 yourself or downloaded it pre-built from somewhere? > > David I compiled myself 1.4.7 from source. Charly ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Gnupg cannot handle extremely large keys on 32 bit Linux
David Shaw wrote the following on 4/14/07 3:35 PM: [...] I have gone through the same process as described in my message sent >> from a PPC. >> >> I find exactly the *same results* in this Intel Core 2 Duo MacBook. > > Just to be clear, it does not work for you on either PPC or Intel? In > both cases you get the incorrect key ID? (Is it 17CACAE3 both times?) I can't qualify whether it works or not, nor can I qualify whether the key ID is incorrect. GnuPG recognizes 17CACAE3 (in both processors) as the key ID. Charly ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Gnupg cannot handle extremely large keys on 32 bit Linux
On Sat, Apr 14, 2007 at 11:09:42AM +0300, Charly Avital wrote: > David Shaw wrote the following on 4/14/07 2:57 AM: > > On Sun, Apr 08, 2007 at 01:00:13AM +0300, Charly Avital wrote: > > > >> Running gpg 1.4.7 under Mac OSX 10.4.9 > >> --- > >> pub 16384R/17CACAE3 created: 2007-04-07 expires: never usage: SCEA > >> trust: unknown validity: unknown > >> [ unknown] (1). Testing only <[EMAIL PROTECTED]> > >> > >> Command> check > >> uid Testing only <[EMAIL PROTECTED]> > >> sig!32D879666 2007-04-07 [User ID not found] > >> 1 user ID without valid self-signature detected > > > > I cannot confirm this. I tested GPG 1.4.7 on OSX 10.4.9 running on > > both PPC and Intel. The 16k key works correctly on both. Can you > > double check your report? > > > > David > > David, > > I have gone through the same process as described in my message sent > from a PPC. > > I find exactly the *same results* in this Intel Core 2 Duo MacBook. Just to be clear, it does not work for you on either PPC or Intel? In both cases you get the incorrect key ID? (Is it 17CACAE3 both times?) David ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Gnupg cannot handle extremely large keys on 32 bit Linux
On Sat, Apr 14, 2007 at 03:54:10AM -0400, Charly Avital wrote: > If the above is accurate, we have a key: > - that was apparently imported as 2D879666, but gpg --edit-key 2D879666 > does not find it. > - whose fpr shows its Key ID to be 17CACAE3 > - that has been signed (sig!3) with a key whose Key ID is 2D879666, back > to square one. Indeed, and this is very strange. Can you tell me if you compiled 1.4.7 yourself or downloaded it pre-built from somewhere? David ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Check integrity of gnupg-w32cli-1.4.7.exe
StephenK wrote: > The main page says to double check against announcements in the mailing list > archives> I guess you have to look at the Gnupg-announce list.. http://lists.gnupg.org/mailman/listinfo/gnupg-announce ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users
Check integrity of gnupg-w32cli-1.4.7.exe
Hi, I do not have a previous trusted installation of gpg. I've checked the sha1 hash for the downloaded gnupg-w32cli-1.4.7.exe on the main page and it checks: b806e8789c93dc6d08b129170d6beb9e1a5ae68f The main page says to double check against announcements in the mailing list archives> I have found this last task impossible. Even searching for the hash it self turns up nothing. How do I confirm the hash? Or specifically which posting contains this info? Thanks, Steve ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Gnupg cannot handle extremely large keys on 32 bit Linux
David Shaw wrote the following on 4/14/07 2:57 AM: > On Sun, Apr 08, 2007 at 01:00:13AM +0300, Charly Avital wrote: > >> Running gpg 1.4.7 under Mac OSX 10.4.9 >> --- >> pub 16384R/17CACAE3 created: 2007-04-07 expires: never usage: SCEA >> trust: unknown validity: unknown >> [ unknown] (1). Testing only <[EMAIL PROTECTED]> >> >> Command> check >> uid Testing only <[EMAIL PROTECTED]> >> sig!32D879666 2007-04-07 [User ID not found] >> 1 user ID without valid self-signature detected > > I cannot confirm this. I tested GPG 1.4.7 on OSX 10.4.9 running on > both PPC and Intel. The 16k key works correctly on both. Can you > double check your report? > > David David, I have gone through the same process as described in my message sent from a PPC. I find exactly the *same results* in this Intel Core 2 Duo MacBook. The only difference is that in this Intel Mac I am running PGP Desktop 9.6.0 (with the same findings). Charly ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Gnupg cannot handle extremely large keys on 32 bit Linux
David Shaw wrote the following on 4/13/07 7:57 PM: > On Sun, Apr 08, 2007 at 01:00:13AM +0300, Charly Avital wrote: > >> Running gpg 1.4.7 under Mac OSX 10.4.9 >> --- >> pub 16384R/17CACAE3 created: 2007-04-07 expires: never usage: SCEA >> trust: unknown validity: unknown >> [ unknown] (1). Testing only <[EMAIL PROTECTED]> >> >> Command> check >> uid Testing only <[EMAIL PROTECTED]> >> sig!32D879666 2007-04-07 [User ID not found] >> 1 user ID without valid self-signature detected > > I cannot confirm this. I tested GPG 1.4.7 on OSX 10.4.9 running on > both PPC and Intel. The 16k key works correctly on both. Can you > double check your report? > > David > David, This report comes from a Powerbook G4 PPC, running GPG 1.4.7 on OSX 10.4.9, Thunderbird version 1.5.0.10 (20070221), Enigmail 0.94.3 1. Using TB+Enigmail's OpenPGP's option 'Sender's Key->Import Public key', a on-screen sheet asked whether to import the public key embedded in the message; upon confirming the action, another on-screen sheet showed the message: -- gpg: key 2D879666: public key "[User ID not found]" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) -- 2. In Terminal: -- $ gpg --edit-key 2D879666 gpg (GnuPG) 1.4.7; Copyright (C) 2006 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details -- This, to my understanding (limited) means that gpg didn't find any key with ID 2D879666. 3. Searching with gpg --list-keys as well as in GPG Keychain Access, a GUI that lists the contents of the public and secret keyrings, I found a key bearing UID 'Testing only <[EMAIL PROTECTED]>'. This is the UID used by Alexander Feigl when he generated that large key: -- pub 16384R/17CACAE3 2007-04-07 uid Testing only <[EMAIL PROTECTED]> -- 4. Now again in Terminal: -- $ gpg --edit-key 17CACAE3 gpg (GnuPG) 1.4.7; Copyright (C) 2006 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. pub 16384R/17CACAE3 created: 2007-04-07 expires: never usage: SCEA trust: unknown validity: unknown [ unknown] (1). Testing only <[EMAIL PROTECTED]> Command> check uid Testing only <[EMAIL PROTECTED]> sig!32D879666 2007-04-07 [User ID not found] 1 user ID without valid self-signature detected Command> list pub 16384R/17CACAE3 created: 2007-04-07 expires: never usage: SCEA trust: unknown validity: unknown [ unknown] (1). Testing only <[EMAIL PROTECTED]> Command> fpr pub 16384R/17CACAE3 2007-04-07 Testing only <[EMAIL PROTECTED]> Primary key fingerprint: 3945 7320 723A 643D FB07 F7A3 C8B6 7AA7 17CA CAE3 -- If the above is accurate, we have a key: - that was apparently imported as 2D879666, but gpg --edit-key 2D879666 does not find it. - whose fpr shows its Key ID to be 17CACAE3 - that has been signed (sig!3) with a key whose Key ID is 2D879666, back to square one. 5. As you know, I am far, far from being an expert, or even knowledgeable. But I remember from my first attempts at PGP (circa 1995 or so) similar occurrences with RSA keys (and this is an RSA keys *without* subkeys) *showing* with two different Key IDs. Unfortunately, I cannot document these occurrences, after such a long time. 6. PGP Desktop 9.5.3, after the key block is imported, shows a key: - size 16834 - UID [EMAIL PROTECTED] - Key ID 0x2D879666 - Cipher CAST - Type: RSA - Created: 4/7/07 - Self-signature 0x2D879666 marked with a red dot showing a white X, suggesting that this self-signature is not valid. I'll send you a report from the Intel Mac as soon as possible. I'm not sure all this reporting should be posted to the list, occupying space. If you prefer that I report OFF list, please let me know. Charly Charly ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users