[Announce] GnuPG's 10th birthday
A Short History of the GNU Privacy Guard It's been a decade now that the very first version of the GNU Privacy Guard [0] has been released. This very first version was not yet known under the name of GnuPG but dubbed g10 as a reference on the German constitution article on freedom of telecommunication (Grundgesetz Artikel 10) and as a pun on the G-10 law which allows the secret services to bypass these constitutional guaranteed freedoms. Version 0.0.0 released on December 20th 1997 [1], was a barely working replacement of PGP avoiding all patented algorithm by using Elgamal and Blowfish instead of RSA and IDEA. It was prominently marked as a test version but nevertheless included most of the features of the current GnuPG. The data format however was not compatible with OpenPGP but oriented towards the PGP 2 format with a few extensions (e.g. to allow streaming of data). The OpenPGP working group was founded back in fall 1997 and I learned a bit to late about it to build g10 according to the then existing draft. For copyright reasons it was practically not possible to reverse engineer the format used by PGP-5, so the establishment of the OpenPGP WG was the right thing at the right time. Before talking about GnuPG we need to go some more years back in history: To help political activists Phil Zimmermann published a software called Pretty Good Privacy (PGP) in 1991. PGP was designed as an easy to use encryption tool with no backdoors and disclosed source code. PGP was indeed intended to be cryptographically strong and not just pretty good; however it had a couple of inital bugs, most of all a home designed cipher algorithm. With the availability of the source code a community of hackers (Branko Lankester, Colin Plumb, Derek Atkins, Hal Finney, Peter Gutmann and others) helped him to fix these flaws and a get a solid version 2 out. Soon after that the trouble started. As in many counties the use or export of cryptographic devices and software was also strongly restricted in the USA. Only weak cryptography was generally allowed. PGP was much stronger and due to the Usenet and the availability of FTP servers and BBSs, PGP accidently leaked out of the country and soon Phil was sued for unlicensed munitions export. Those export control laws were not quite up to the age of software with the funny effect that exporting the software in printed form seemed not to be restricted. MIT Press thus published a book with the PGP source code which was then scanned outside the USA to form the base of PGP-2i (i for international). Since then that version was used widely. The criminal investigations against Phil ended in 1996 and he founded PGP Inc to write PGP-5. The first public release was done in spring 1997. The same year at the 39th IETF meeting at Munich in August Phil Zimmermann and Jon Callas asked the IETF to setup a working group to publish a standard for the protocol used by PGP-5 under the name OpenPGP. The main drive behind this was to allow widespread use of strong encryption even if at some point the new company would decide to stop selling and supporting PGP. As it turned out PGP Inc was acquired by Network Associates just a few months later and in 2002 this company actually ceased support and development of PGP (though the PGP product was later continued by the new PGP Corporation). Also often claimed to be Free Software, PGP has never fulfilled the requirements for it: PGP-5 is straight proprietary software; the availability of the source code alonedoes not make it free. PGP-2 has certain restrictions on commercial use [2] and thus puts restrictions on the software which makes it also non-free. Another problem with PGP-2 is that it requires the use of the patented RSA and IDEA algorithms. The patent on RSA was only valid in the USA but the patent on IDEA was and is still valid [3] in most countries. Although the GNU project listed a requirement for a PGP replacement for some years on its task list, it was not possible to start implementing it as long as patents on all public key algorithms were valid. That changed when in April 1997 the basic patent on public key algorithms expired (the Diffie-Hellman US patent 4200770) and finally in August when the broader Hellman-Merkle patent (4218582) expired. A month later, at the Individual-Network Betriebstagung at Aachen [4], Richard Stallman continued his talk with a BoF session where he asked the European hackers to start implementing public key software. The arms trafficker laws of the USA prohibited the GNU project to write such software in their country or even by US citizens working abroad. Thus he told the European hackers that they are in the unique position to help the GNU with crypto software. Being tired of writing SMGL conversion software and without a current fun project, I soon found my self hacking on PGP-2 parsing code based on the description in
How can I compile the CardMan 4000 driver on Kubuntu 7.10?
Hi Guys, I downloaded the CM4000 driver from http://svn.gnumonks.org/trunk/omnikey_cardman/new/kernel/cm4000/ and I tried to compile it on both a Kubuntu 7.10 with kernel 2.6.22-14 and a Linux Mint 3.0 (== Kubuntu 7.04) with kernel 2.6.20-16 (on both machines I installed both the kernel headers and the kernel sources). I'm keep on getting a flood of error messages and I'm not able to compile the driver. It looks like the compiler does not find some header (cm4000.h?) or something like that. I tried to fix it but I was not lucky... Does anybody know hot to compile this driver on Kunbuntu 7.10? Do I have to put it in any particular location (maybe in /lib/modules/2.6.20-16-generic/build/drivers/)? Am I missing any required component/header? Any suggestion? Many thanks in advance. -- Alessandro Bottoni Website: http://www.alessandrobottoni.it/ Reality is that which, when you stop believing in it, doesn't go away. -- Philip K. Dick ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
how to create a key with two user ids and two number ids
how to create a key with twoids what is the command line? ie [EMAIL PROTECTED] and [EMAIL PROTECTED] thanks dmdm -- View this message in context: http://www.nabble.com/how-to-create-a-key-with-two-user-ids-and-two-number-ids-tp14364461p14364461.html Sent from the GnuPG - User mailing list archive at Nabble.com. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Problems with GPG, a Cardman4000 and the FSFE card
Hi Guys, I'm trying to use this stuff: Card Reader: PCMCIA CardMan4000 Smartcard: FSFE (OpenGPG) Card Distro: Linux Mint 3.0 (something like Kubuntu 7.04) GPG 1.4.6 (and GPG2 2.0.3, as an alternative) OpenSC 0.11.1.3 (ubuntu) PCSCD 1.3.3.1 (ubuntu) PCSC-Lite 1.3.3.1 (ubuntu) All this stuff works fine with Windows XP (winscard.dll). On Linux, the card is reacheable from opensc-tool, openct-tool and from the PKCS#11 part of Mozilla Thunderbird (that is: edit/options/security/devices...). But: There is no way to see the card from GPG 1.4 or GPG 2.0.3. There is no way to see it from the Enigmail part of Mozilla Thunderbird (that is: the OpenGPG menu). I just keep on getting this message: $ gpg --card-status winscard_clnt.c:3349:SCardCheckDaemonAvailability() PCSC Not Running gpg: pcsc_establish_context failed: no service (0x8010001d) gpg: reader not available gpg: OpenPGP card not available Thunderbird/Enigmail says: Your card reader is not accessible. So, it looks like my reader is not visible but... that is not true! The CardMan4000 is visible from PCSC (that should be used by GPG, behind the scene). Even the card is visible from PCSC (and PCSCD is obviously running...). Here the output of a few diagnostic programs: $ openct-tool list 0 OMNIKEY CardMan 4000 $ opensc-tool -l winscard_clnt.c:3349:SCardCheckDaemonAvailability() PCSC Not Running Readers known about: Nr.Driver Name 0 openct OMNIKEY CardMan 4000 1 openct OpenCT reader (detached) 2 openct OpenCT reader (detached) 3 openct OpenCT reader (detached) 4 openct OpenCT reader (detached) $ opensc-tool -n winscard_clnt.c:3349:SCardCheckDaemonAvailability() PCSC Not Running OpenPGP $ opensc-tool -a winscard_clnt.c:3349:SCardCheckDaemonAvailability() PCSC Not Running 3b:fa:13:00:ff:81:31:80:45:00:31:c1:73:c0:01:00:00:90:00:b1 $ opensc-tool --serial winscard_clnt.c:3349:SCardCheckDaemonAvailability() PCSC Not Running sc_card_ctl(*, SC_CARDCTL_GET_SERIALNR, *) failed Thunderbird is able to access the card from within its PKCS#11 internal support and lists the FSFE card, as expected, amongst the others security devices in its preferences/security/devices page. (I tried both GPG1.4 and GPG2, with and without the --disable-ccid option, and it does not make any difference.) Is anybody able to understand why this card is not visible/usable from GPG and GPG2 while it is still visible from PCSC? Many thanks in advance -- Alessandro Bottoni Website: http://www.alessandrobottoni.it/ Don't ask what Linux can do for you, ask what you can do for Linux -- Greg Klebus ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GnuPG and Eutron SmartPocket on Linux?
Hi Guys, I'm trying to use a Eutron SmartPocket reader to read a FSFE card with GnuPG 1.4.6 on a Linux Mint 3.0 (== Kubuntu 7.04) and on a Kubuntu 7.10. I tried the --disable-ccid tip I found here: http://www.fsfe.org/en/forums/fellowship_smoothers/problems_writing_on_smartcard_on_ubuntu_breezy but it does not work. Any suggestion? -- Alessandro Bottoni Website: http://www.alessandrobottoni.it/ In mathematics you don't understand things. You just get used to them. -- John von Neumann ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Decrypt only if signed
Hi I am writing a batch script and the basic requirement is that GPG should only decrypt the file if its signed by using one of the keys in the keyring. If it has not been signed, just encrypted, it should leave it encrypted and not decrypt it. The additional requirement, if possible, is that it should only decrypt if signed by a specific KEY ID. Please let me know if this is possible through GPG with some shell scripting if needed. Thanks Regards Hardeep Singh ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GPG 1.4.x v.s 2.x
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 The place I work needs to upgrade gpg badly. They know this. The question is do they go with the 1.4.x tree or should they go to the 2.x codebase? Suggestions? Recommendations? We get files from clients all over the world. Are there features used in the 2.x versions that 1.4.x cannot handle? Thanks. -BEGIN PGP SIGNATURE- Version: 9.5.3 (Build 5003) wsBVAwUBR2gWw2qdmbpu7ejzAQpaDwf7B8HQHiC+JY4yzfU6nB9RDuGT9LwqQ8FU 0iFCdYTHscqyUyUg92A2kf5CUT1Cv+QRthQELa9AXSJvBoCa43cn19h4bbQfGNC2 SXBJFH9vvSQ1KHcnndimlvaRtoyyUqcjij5VRZvrWPoLi4dlP5qXCE9JM3TO3X3W F+J2CzTu5BTXEZ3bhkjjIcgevrJNoRdRY9cnpzWHOJcBkpn352OdiO77GEZYXF5d +kZ1k6JdIkNtOBZPGxYvpnVHLDXa3wxDRV5rg52qUAAKVLH6VmaZt+l4R/3P5t0L hBwJ95mh92Dv7zQ/ysDsTdpFhVl1yROSBVSCPA4HR8XL5UPzyEEa6g== =Lbp4 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG 1.4.8 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Werner Koch wrote the following on 12/20/07 4:40 AM: Hello We are pleased to announce the availability of a new stable GnuPG-1 release: Version 1.4.8. MacOSX (10.5.1) Compiled with idea.c 1. Intel Core 2 Duo Version info: gnupg 1.4.8 Configured for: Darwin (i386-apple-darwin9.1.0) 2. G4 PPC Version info: gnupg 1.4.8 Configured for: Darwin (powerpc-apple-darwin9.1.0) This is GnuPG's 10th birthday celebration release. [...] Warm greetings, many happy returns, and Seasonal Greetings. Thanks to the GnuPG team. Charly -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: GnuPG for Privacy Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJHamI3AAoJEM3GMi2FW4PvYFIH/3AZs5qdjm+eLRsNqZMkyphV x3Ovsk2ptPxOr7mhHkgUZLumxf7qBR2miLTWd8LTOEU0easZk3YdKrwKx0cWz1GY k5wnNFXBVsyZB36BNe4bttfwgeJ8qaRTQrcrnpiSOd6eCDuSKZPKe/OQSHTBbiK4 7lvTy+3gkG7VC/YkIael9gkjfjPe7cnxhwCRNcrB7PXbP/aE3bR8RpLCmTxlBerW JoYobJrz33ekUO2QlIsxFqjpZnt8VGrucBdajJ65ZZBKwra9hqrRkBPwSRNfo1bU XJj2BPESAnC5oOtPuwyxP8Mf5+Ip97KMTwbt3sJqLM1n+BM00tbG5f2AhXCSncU= =KRQz -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Looking for missing Lib modules
I was trying to build 2.0.8 on my Intel mac and came across these errors and found libassuan and libksba but not Pth and also wonder where do I put them so the make-file can find them? *** You need libassuan with Pth support to build this program. *** This library is for example available at *** ftp://ftp.gnupg.org/gcrypt/libassuan/ *** (at least version 1.0.4 (API 1) is required). *** configure: *** *** You need libksba to build this program. *** This library is for example available at *** ftp://ftp.gnupg.org/gcrypt/libksba/ *** (at least version 1.0.2 using API 1 is required). *** configure: *** *** It is now required to build with support for the *** GNU Portable Threads Library (Pth). Please install this *** library first. The library is for example available at *** ftp://ftp.gnu.org/gnu/pth/ *** On a Debian GNU/Linux system you can install it using *** apt-get install libpth-dev *** To build GnuPG for Windows you need to use the W32PTH *** package; available at: *** ftp://ftp.g10code.com/g10code/w32pth/ *** configure: error: *** *** Required libraries not found. Please consult the above messages ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
[Announce] GnuPG 2.0.8 released
Hello! We are pleased to announce the availability of a new stable GnuPG-2 release: Version 2.0.8 This is GnuPG's 10th birthday celebration release. The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data, create digital signatures, help authenticating using Secure Shell and to provide a framework for public key cryptography. It includes an advanced key management facility and is compliant with the OpenPGP and S/MIME standards. GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.8) in that it splits up functionality into several modules. However, both versions may be installed alongside without any conflict. In fact, the gpg version from GnuPG-1 is able to make use of the gpg-agent as included in GnuPG-2 and allows for seamless passphrase caching. The advantage of GnuPG-1 is its smaller size and the lack of dependency on other modules at run and build time. We will keep maintaining GnuPG-1 versions because they are very useful for small systems and for server based applications requiring only OpenPGP support. GnuPG is distributed under the terms of the GNU General Public License (GPL version 3). GnuPG-2 works best on GNU/Linux or *BSD systems. What's New === * Enhanced gpg-connect-agent with a small scripting language. * New option --list-config for gpgconf. * Fixed a crash in gpgconf. * Gpg-agent now supports the passphrase quality bar of the latest Pinentry. * The envvars XAUTHORITY and PINENTRY_USER_DATA are now passed to the pinentry. * Fixed the auto creation of the key stub for smartcards. * Fixed a rare bug in decryption using the OpenPGP card. * Creating DSA2 keys is now possible. * New option --extra-digest-algo for gpgsm to allow verification of broken signatures. * Allow encryption with legacy Elgamal sign+encrypt keys with option --rfc2440. * Windows is now a supported platform. * Made sure that under Windows the file permissions of the socket are taken into account. This required a change of our socket emulation code and changed the IPC protocol under Windows. Getting the Software Please follow the instructions found at http://www.gnupg.org/download/ or read on: GnuPG 2.0.8 may be downloaded from one of the GnuPG mirror sites or direct from ftp://ftp.gnupg.org/gcrypt/gnupg/ . The list of mirrors can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG is not available at ftp.gnu.org. On the FTP server and ist mirrors you should find the following files in the gnupg/ directory: gnupg-2.0.8.tar.bz2 (3568k) gnupg-2.0.8.tar.bz2.sig GnuPG source compressed using BZIP2 and OpenPGP signature. gnupg-2.0.7-2.0.8.diff.bz2 (156k) A patch file to upgrade a 2.0.7 GnuPG source tree. This patch does not include updates of the language files. Note, that we don't distribute gzip compressed tarballs for GnuPG-2. Checking the Integrity == In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-2.0.8.tar.bz2 you would use this command: gpg --verify gnupg-2.0.8.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key. Note, that you can retrieve the signing key using the command finger wk ,at' g10code.com or using a keyserver like gpg --recv-key 1CE0C630 The distribution key 1CE0C630 is signed by the well known key 5B0358A2. If you get an key expired message, you should retrieve a fresh copy as the expiration date might have been prolonged. NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION! * If you are not able to use an old version of GnuPG, you have to verify the SHA-1 checksum. Assuming you downloaded the file gnupg-2.0.8.tar.bz2, you would run the sha1sum command like this: sha1sum gnupg-2.0.8.tar.bz2 and check that the output matches the first line from the following list: baeb7962f9d3d4628ada78036d1f5d4480aaa2d9 gnupg-2.0.8.tar.bz2 80f8c84834122e988eaeeaddff070097b3a9f383 gnupg-2.0.7-2.0.8.diff.bz2 Internationalization GnuPG comes with support for 27 languages. Due to a lot of new and changed strings many translations are not entirely complete. The German, Polish, Russian, Swedish and Turkish translations are close to be complete. Documentation
Re: Decrypt only if signed
Hi Hardeep, * Hardeep Singh [EMAIL PROTECTED] [17. Dez. 2007]: I am writing a batch script and the basic requirement is that GPG should only decrypt the file if its signed by using one of the keys in the keyring. If it has not been signed, just encrypted, it should leave it encrypted and not decrypt it. This is not possible since normally (via gpg --sign --encrypt ...) signed and encrypted files are first signed and then encryted in order to reveal the signature and therefore the originator of the file only to the intended audience. Therefore you have to encrypt the file in order to see the signature. If you control the way the file is generated in the first place you could do this in two steps: first encrypt then sign the encrypted file. Then you can simply check the signature of the file and proceed depending on the outcome of the signature check. Ciao, Gregor -- -... --- .-. . -.. ..--.. ...-.- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG's 10th birthday
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 20 Dec 2007 10:55:16 +0100 Werner Koch [EMAIL PROTECTED] wrote: A Short History of the GNU Privacy Guard It's been a decade now that the very first version of the GNU Privacy Guard [0] has been released. [snipped] Thank you Werner for that most informative annoucement. Certainly, kudos to all those hackers who gave us a FREE (as in freedom) privacy tool, and thanks to them all - from Phil Zimmerman onwards - who risked personal freedom to ensure we had liberty. However, as many philosophers have observed, liberty is not licence; just because you CAN do something, it doesn't mean you necessarily SHOULD be allowed to do it under all circumstances. Apart from not being able to find anyone to use encryption using PGP or GnuPG outside of our very small community, we are faced with the use of these very strong encryption tools by those who would attack the very heart of our way of life. We need to take a step back and consider how GnuPG should be used in the future. We need a debate at the widest level in the internet community. - -- Graham Todd -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Please sign and encrypt for internet privacy iD8DBQFHampbthMHx1h/UZYRAhUwAJ9EpB2ZDoaKBq6t3wW5ekvefODNKACePOOF vhgv1FnAjhDzTWqdEfWJQBA= =n7fk -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: how to create a key with two user ids and two number ids
On Sun, Dec 16, 2007 at 10:37:04AM -0800, dmdm wrote: how to create a key with twoids Create a key with one UID, then edit the key and add a second UID. what is the command line? Some hints from gpg --help: --gen-key generate a new key pair --edit-keysign or edit a key | +- adduid add a user ID HTH... -- David Smith| Tel: +44 (0)1454 462380Home: +44 (0)1454 616963 STMicroelectronics | Fax: +44 (0)1454 462305 Mobile: +44 (0)7932 642724 1000 Aztec West| TINA: 065 2380 GPG Key: 0xF13192F2 Almondsbury| Work Email: [EMAIL PROTECTED] BRISTOL, BS32 4SQ | Home Email: [EMAIL PROTECTED] ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Decrypt only if signed
On Mon, 17 Dec 2007 18:43, [EMAIL PROTECTED] said: I am writing a batch script and the basic requirement is that GPG should only decrypt the file if its signed by using one of the keys in the keyring. If it has not been signed, just encrypted, it should leave it encrypted and not decrypt it. You need to decrypt the file before you can tell whether it is signed. GnuPG emits enough information via --status-fd to detect if the file was signed as well as the keyID used to sign the file. Delete the plaintext if it has not been signed. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG and Eutron SmartPocket on Linux?
---BeginMessage--- On Wed, 19 Dec 2007 11:55, [EMAIL PROTECTED] said: I'm trying to use a Eutron SmartPocket reader to read a FSFE card with GnuPG 1.4.6 on a Linux Mint 3.0 (== Kubuntu 7.04) and on a Kubuntu 7.10. I don't know this reader. It is a modern CCID reader? If so your chances are pretty good that the included CCID driver of GnuPG just works. If not, send us the output of gpg --debug-ccid-driver --card-status Make sure that pcscd is not running on your system and that you have write permission for the device (/proc/bus/usb/xxx/yyy). Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. ---End Message--- -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Looking for missing Lib modules
On Thu, 20 Dec 2007 13:38, [EMAIL PROTECTED] said: I was trying to build 2.0.8 on my Intel mac and came across these errors and found libassuan and libksba but not Pth and also wonder where do I put them so the make-file can find them? I can't tell you how to get PTh for your system but in general the soruces available at ftp.gnu.org build just fine. GNU/Linux systems you just need to install the pth(-dev) package. You need to properly install these libraries inluding the development files (*.h and *.a). Then configure gnupg. IT is also possible to install these libraries locally; you then need to use the diverse --with-foo-prefix configure options. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help! I can't revoke my public Key!
On Sun, Dec 16, 2007 at 04:55:59AM -0800, geo909 wrote: Hello to everyone. I have just started using gpg in Ubuntu and I did some tests, creating keys etc. I uploaded one of them (ID is 134FE86D) in http://pgp.mit.edu/ with the username Georgios N. Tzanakis and then I tried to revoke it. I did what I have to do and got the revoke key in the form below: -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v1.4.6 (GNU/Linux) Comment: A revocation certificate should follow key -END PGP PUBLIC KEY BLOCK- But when I try to submit it (that is, pasting all that to the Enter ASCII-armored PGP key here: field, I get the message: Public Key Server -- Add Key block in add request contained no new keys, userid's, or signatures. Do this: gpg --import (the revocation file) gpg --keyserver pgp.mit.edu --send-key (the key id) David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG's 10th birthday
On Thu, 20 Dec 2007 14:12, [EMAIL PROTECTED] said: of our very small community, we are faced with the use of these very strong encryption tools by those who would attack the very heart of our way of life. We need to take a step back and consider how GnuPG should be used in the future. I strongly disagree with conclusion and state that we need to continue to tell people to use of privacy tools - without any backdoors. It needs to be as common as locking the door of your card and house. Yes, I can imagine a world where this would not be required but our world is not yet like that. Speaking of Germany, our home secretary is working on turning Germany into a surveillance state despite the terrific experience we had 70 years ago. He tells us that we need to give up some freedom to be safer against terrorism. The real terrorism experience we make here are due to neo-nazis punching people to death or a single nazis who bombed the October-Feast. Nothing which can be avoided by surveillance. Those they will catch with these measures are the little crooks and small tax dodgers. All citizens are put under general suspicion - this is in total contradiction to our long existing and hard-fought culture of justice. Instead of doing something reasonable for saving lives, like a speed limit on our streets, feeding the poor or caring about those who drown in the Mediterranean Sea on their getaway from the climatic changes, we put millions and millions into surveillance. If you want to fight terrorism you need to solve the real problems of the people and thus pulling away the volunteers of terror. Banning encryption in any way is not an option. There is well known saying attributed to Phil Zimmermann: When encryption is outlawed, only outlaws have encryption. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG's 10th birthday
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Werner Koch wrote: There is well known saying attributed to Phil Zimmermann: When encryption is outlawed, only outlaws have encryption. Borrowed no doubt from the U.S. National Rifle Association motto of the '60's: When Guns are Outlawed; Only Outlaws will have Guns! JOHN ;) Timestamp: Thursday 20 Dec 2007, 11:55 --500 (Eastern Standard Time) P.S. To paraphrase the 2nd Motto: I'll give up Encryption when they pry My Keyboard from My cold, stiff fingers! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8-svn4658: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: My Homepage: http://tinyurl.com/yzhbhx Comment: MySpace Page: http://www.myspace.com/jmoore3rd iQEcBAEBCgAGBQJHap7qAAoJEBCGy9eAtCsPub4IAJsdXcUtp9DaLbIXToQPZ/a/ 4iQrqNQTKmtjMmejdOflxnNtfSnq+RbdZA6RVJe2eU4ONIMUgmjIa8O72fPD5V1E tfdwLmCNdU69pr1EvYV/6ToEE+tA4V4ysmhx5Z/aRaywdzuXaqXzP8XbBmaoneyS NJr4i3I6qDh3kajRlYcVP3uexsIiL0M97TsZCa/UYaZssCWm3T5YXTeLG+NyEFOv SF5JL/x0nv2K+zKrYU+Lp1v2+hvWdmnW9Pmawf0I9uTGo0+zI+DfGgiFxGDLfysM KcG0k5eHvYRdjZSYQpVF4/iN2YZ4R3ng/iOlVlJZdzB1RT5zy1+fQHnazaQD+N0= =MtP4 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG's 10th birthday
Werner Koch wrote: Speaking of Germany, our home secretary is working on turning Germany into a surveillance state despite the terrific experience we had 70 years ago. 70 years? 1990 doesn't seem that long ago. For those who are not up on German history, prior to German reunification the German Democratic Republic was one of the most heavily surveilled nations on the planet. Watch Das Leben der Anderen sometime (released in the US as The Lives of Others; not sure about how it's named in other foreign releases). The movie is definitely worth watching. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Mac GNU Privacy Guard v1.4.8
The latest binary install package for GnuPG v1.4.8 for MacOSX is now available to download from http://prdownloads.sourceforge.net/macgpg/GnuPG1.4.8.dmg?download MD5 checksum: db046fd96e274dfe3c7021047561fb5a Intended for MacOSX v10.4.x or greater. Universal binary so will install on both Intel and PPC Macs. Please direct any queries to the MacGPG team - http://macgpg.sourceforge.net/ Ben ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG's 10th birthday
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Graham wrote: we are faced with the use of these very strong encryption tools by those who would attack the very heart of our way of life. Prove it. You're asserting the right to privacy and the means to enforce that right are so dangerous to our way of life that they must be restricted in their scope. That's an extraordinary claim, and it needs extraordinary evidence to back it up... extraordinary evidence I have never seen from anyone who has made this claim. As soon as you can prove that your opinion is correct, then I'll join the debate you're so keen to start. But until that time, you're fearmongering. Please stop. We have enough fearmongers in the world without you joining them. Come back over to our side of the fence, Graham. It's scary over here, but it's also free. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iFYEAREIAAYFAkdqo/gACgkQf2XByo0Cu7NkhADdGytCqHOULia3wX59GPQnjIkM Wnx/7d+hNwys5ADfaZWNYFXQx+zm797RChpu6pO1alD8K2R4k4r6VYkBHAQBAQgA BgUCR2qj+AAKCRC3APSC/q+BCRp1B/0QgQiuTqkr587tLgqeHqV18Fc4V3m4JFP6 BMRAMEv0ZKCV8gKvp//sSeNn0R5EnV3AU8/QbIboqF73Utc0y6jqOtcjkaQd6Sq3 9ysm96Ffbi65J+chsBp/k1BXwTphF9/ljeg+hf8fHySb56hAcLhCucP9Qm0VdJyy Zq2Nh5edXPDjpeTKyV4/uE8EtSY2PuqBLc2/gtYNiGJAxxczbu8dclK+f4Rg1hEM ondzIQq1+0rRrGrnX4PY2g167wzFLcMsux34nPJ/MYQn0/APow7E1IgA7kvEfxGs VDvhnv32zqj1o72jr5c9qRV/3M4c3bWqqL/D3lRu4PwgxY0n9z9Z =yfBk -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG 1.4.x v.s 2.x
Alan Olsen wrote: The place I work needs to upgrade gpg badly. They know this. The question is do they go with the 1.4.x tree or should they go to the 2.x codebase? Depends on what you want to do with it. If you're only worried about OpenPGP (RFC2440 or RFC4880) traffic, then the 1.4 tree is the one to use; it has the longest history, more eyes have looked at it, and the user community is larger. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: using pgp for web-based social networking
Adrian Thurston wrote: I have defined a protocol and described it here: http://www.cs.queensu.ca/~thurston/fif/ I get 404: file not found. Ben ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG's 10th birthday
On Thu, 20 Dec 2007 18:01, [EMAIL PROTECTED] said: 70 years? 1990 doesn't seem that long ago. I meant 1933-1945. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG's 10th birthday
Werner Koch wrote: I meant 1933-1945. I knew you were referring to the World War Two era; I just thought it was worth mentioning that many Germans lived in a surveillance society until fairly recently. I certainly did not mean to imply the modern-day Germany had any part to play in the GDR's crimes. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How can I compile the CardMan 4000 driver on Kubuntu 7.10?
On Wed, Dec 19, 2007 at 11:34:47AM +0100, Alessandro Bottoni wrote: I downloaded the CM4000 driver from http://svn.gnumonks.org/trunk/omnikey_cardman/new/kernel/cm4000/ and I tried to compile it on both a Kubuntu 7.10 with kernel 2.6.22-14 and a Linux Mint 3.0 (== Kubuntu 7.04) with kernel 2.6.20-16 (on both machines I installed both the kernel headers and the kernel sources). Why not use the one which comes with the kernel? packages.ubuntu.com lists cm4000_cs as being contained in the linux-images. I'm keep on getting a flood of error messages and I'm not able to compile the driver. It looks like the compiler does not find some header (cm4000.h?) or something like that. I tried to fix it but I was not lucky... This could be because of changes within the linux kernel. As cm4000_cs is in the vanilla kernel since a while and distributions shipping it I would use the one already in the kernel. Any suggestion? Use cm4000_cs from the kernel. Last time I've used my cardman 4000 (now replaced by a cardman 4040) I had to use openct together with pcscd to make gnupg make use of it. Greetings Daniel ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Looking for missing Lib modules
On Thursday 20 December 2007, Robert D. wrote: I was trying to build 2.0.8 on my Intel mac and came across these errors and found libassuan and libksba but not Pth and also wonder where do I put them so the make-file can find them? I suggest to have a look at the Fink project (www.finkproject.org). With respect to pth have a look at http://pdb.finkproject.org/pdb/browse.php?summary=pth Regards, Ingo signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG's 10th birthday
Hi Werner, May I translate this into Japanese? Cheers, -- Hideki Saito On Dec 20, 2007 1:55 AM, Werner Koch [EMAIL PROTECTED] wrote: A Short History of the GNU Privacy Guard It's been a decade now that the very first version of the GNU Privacy Guard [0] has been released. This very first version was not yet known under the name of GnuPG but dubbed g10 as a reference on the German constitution article on freedom of telecommunication (Grundgesetz Artikel 10) and as a pun on the G-10 law which allows the secret services to bypass these constitutional guaranteed freedoms. Version 0.0.0 released on December 20th 1997 [1], was a barely working replacement of PGP avoiding all patented algorithm by using Elgamal and Blowfish instead of RSA and IDEA. It was prominently marked as a test version but nevertheless included most of the features of the current GnuPG. The data format however was not compatible with OpenPGP but oriented towards the PGP 2 format with a few extensions (e.g. to allow streaming of data). The OpenPGP working group was founded back in fall 1997 and I learned a bit to late about it to build g10 according to the then existing draft. For copyright reasons it was practically not possible to reverse engineer the format used by PGP-5, so the establishment of the OpenPGP WG was the right thing at the right time. Before talking about GnuPG we need to go some more years back in history: To help political activists Phil Zimmermann published a software called Pretty Good Privacy (PGP) in 1991. PGP was designed as an easy to use encryption tool with no backdoors and disclosed source code. PGP was indeed intended to be cryptographically strong and not just pretty good; however it had a couple of inital bugs, most of all a home designed cipher algorithm. With the availability of the source code a community of hackers (Branko Lankester, Colin Plumb, Derek Atkins, Hal Finney, Peter Gutmann and others) helped him to fix these flaws and a get a solid version 2 out. Soon after that the trouble started. As in many counties the use or export of cryptographic devices and software was also strongly restricted in the USA. Only weak cryptography was generally allowed. PGP was much stronger and due to the Usenet and the availability of FTP servers and BBSs, PGP accidently leaked out of the country and soon Phil was sued for unlicensed munitions export. Those export control laws were not quite up to the age of software with the funny effect that exporting the software in printed form seemed not to be restricted. MIT Press thus published a book with the PGP source code which was then scanned outside the USA to form the base of PGP-2i (i for international). Since then that version was used widely. The criminal investigations against Phil ended in 1996 and he founded PGP Inc to write PGP-5. The first public release was done in spring 1997. The same year at the 39th IETF meeting at Munich in August Phil Zimmermann and Jon Callas asked the IETF to setup a working group to publish a standard for the protocol used by PGP-5 under the name OpenPGP. The main drive behind this was to allow widespread use of strong encryption even if at some point the new company would decide to stop selling and supporting PGP. As it turned out PGP Inc was acquired by Network Associates just a few months later and in 2002 this company actually ceased support and development of PGP (though the PGP product was later continued by the new PGP Corporation). Also often claimed to be Free Software, PGP has never fulfilled the requirements for it: PGP-5 is straight proprietary software; the availability of the source code alonedoes not make it free. PGP-2 has certain restrictions on commercial use [2] and thus puts restrictions on the software which makes it also non-free. Another problem with PGP-2 is that it requires the use of the patented RSA and IDEA algorithms. The patent on RSA was only valid in the USA but the patent on IDEA was and is still valid [3] in most countries. Although the GNU project listed a requirement for a PGP replacement for some years on its task list, it was not possible to start implementing it as long as patents on all public key algorithms were valid. That changed when in April 1997 the basic patent on public key algorithms expired (the Diffie-Hellman US patent 4200770) and finally in August when the broader Hellman-Merkle patent (4218582) expired. A month later, at the Individual-Network Betriebstagung at Aachen [4], Richard Stallman continued his talk with a BoF session where he asked the European hackers to start implementing public key software. The arms trafficker laws of the USA prohibited the GNU project to write such software in their country or even by US citizens working abroad. Thus he told the European hackers that they are in the unique
Re: using pgp for web-based social networking
Hi, Sorry I didn't get the subscribe confirmation until today and had some doubt as to whether or not my message got through. Then later I changed the URL. Anyways, it is now found here: http://www.cs.queensu.ca/~thurston/friendsinfeed/ Thanks, Adrian Benjamin Donnachie wrote: Adrian Thurston wrote: I have defined a protocol and described it here: http://www.cs.queensu.ca/~thurston/fif/ I get 404: file not found. Ben signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Hi to the mailing list
Hi, I am a new user of this mailing list and I am very happy to meet all of you. I am a Italian Linux user and enjoyed this Operating System for 2 years. Coming from Windows where I used PGP from vers. 6 to 8, now in Linux I am a very enthusiastic user of GnuPG. I hope to improve my use of GnuPG reading your threads and, why not?, to help someone of you in something... :) Bye, Aldo P.S. Sorry for my English!! -- Aldo Latino www.aldolat.it signature.asc Description: Questa è una parte del messaggio firmata digitalmente ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Hi to the mailing list
Welcome, Aldo! P.S. Sorry for my English!! Your English is perfectly understandable. Don't worry about it at all. :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: Looking for missing Lib modules
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 [Sorry for the top posting. Crappy Outlook makes anything else difficult/impossible.] If you are using OS X, don't use Fink. Just build the packages yourself from source. (The compilers are on the devel disc that comes with OS X.) It works fine and does not suffer from the bjorked dependancies that Fink create. I have built many many packages from gnu source with little or no problems without using Fink. It is a good idea, I am just not happy with how it turned out. - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Werner Koch Sent: Thursday, December 20, 2007 6:56 AM To: Robert D. Cc: GnuPG Users Group Subject: Re: Looking for missing Lib modules On Thu, 20 Dec 2007 13:38, [EMAIL PROTECTED] said: I was trying to build 2.0.8 on my Intel mac and came across these errors and found libassuan and libksba but not Pth and also wonder where do I put them so the make-file can find them? I can't tell you how to get PTh for your system but in general the soruces available at ftp.gnu.org build just fine. GNU/Linux systems you just need to install the pth(-dev) package. You need to properly install these libraries inluding the development files (*.h and *.a). Then configure gnupg. IT is also possible to install these libraries locally; you then need to use the diverse --with-foo-prefix configure options. Shalom-Salam, Werner - -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -BEGIN PGP SIGNATURE- Version: 9.5.3 (Build 5003) wsBVAwUBR2r+9Wqdmbpu7ejzAQpoKQgAoLOVV3nSQDbBmFW4f2/NJvNPWAzgMmn8 Fv8VNZz4EPewIzqgiRINX929P0EkB5GokMv1XgkASAUqL53LTGtmMe/0igfxKm+P lrWLJodG8iGhlzVSVejowRAaqXdUYGJCcVqve3YDr7N8x5os1kxKWPyrhvZO5JfB uRL1u+wLYweI2DzQKIM3MlPZx+lSKwYPFDzVIfw8l3plsvUm9ati6HZ1UbpggS7v X+iOzwABfgzeZXK85C2sLHeMBM2KXV5O/VStRNDYfyh4VQTS/cdSJMxtSqX9LR7X 0g7XcwJfhsh/TY3l/Z/o79iSFhKon+W2wNHjgpa7X2g9WnIuPsS4uQ== =kBV1 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Looking for missing Lib modules
Alan Olsen wrote: If you are using OS X, don't use Fink. Why not? It works fine and does not suffer from the bjorked dependancies that Fink create. Which bjorked dependencies are this? And are you certain that comparing Fink to the lead singer of the Sugarcubes is the right way to condemn it? I mean, Björk's got some fine music, I'm a big fan of Human Behavior. :) Anyway. From 'fink show-deps gnupg': To install the compiled package... The following other packages (and their dependencies) must be installed: bzip2-shlibs libgettext3-shlibs libiconv libusb-shlibs openldap23-shlibs readline5-shlibs None of these strike me as ridiculous dependencies. The requirements to build from source via Fink are identical to the above, with the addition of the correct -dev package, as well as texinfo. I have not heard of anyone having problems with GnuPG in Fink. If you're having problems, I'm sure that Benjamin Reed would love to hear them. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
[Slightly OT] Just to celebrate GnuPG's 10th birthday!
http://www.flickr.com/photos/hsaito/2125495667/ -- Hideki Saito ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG's 10th birthday
Werner Koch wrote: Also often claimed to be Free Software, PGP has never fulfilled the requirements for it: I seem to recall PGP 2.3 was distributed under the GNU GPL, but I believe that was the only version that had proper license provenance. 2.6.3i used MPILIB, which was GPLed; however, I don't recall offhand whether 2.6.3i was an official release. It's certainly true that no recent PGP has ever qualified as free software. I had hopes for it in the beginning, though. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users