Re: [Announce] Dirmngr 1.0.3 released
On 17/06/09 15:49, Werner Koch wrote: Hi! We are pleased to announce the availability of Dirmngr version 1.0.3. Dirmngr is a server for managing and downloading certificate revocation lists (CRLs) for X.509 certificates and for downloading the certificates themselves. Dirmngr also handles OCSP requests as an alternative to CRLs. Although Dirmngr can be invoked on demand, it should in general be installed as a system daemon. Get it from: ftp://ftp.gnupg.org/gcrypt/dirmngr/dirmngr-1.0.3.tar.bz2 (542k) ftp://ftp.gnupg.org/gcrypt/dirmngr/dirmngr-1.0.3.tar.bz2.sig or as a patch against the last version: ftp://ftp.gnupg.org/gcrypt/dirmngr/dirmngr-1.0.2-1.0.3.diff.bz2 (25k) The configure script said:- *** *** You need libassuan to build this program. *** This library is for example available at *** ftp://ftp.gnupg.org/pub/gcrypt/libassuan/ *** (at least version 1.0.4 is required). *** Note, that libassuan must have been build with Pth support. *** However, the ftp server said:- 550 Directory change failed; directory does not exist I think the correct location is ftp://ftp.gnupg.org/gcrypt/libassuan/ Regards, Chris ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] Dirmngr 1.0.3 released
On 18/06/09 11:47, Chris Hills wrote: The configure script said:- *** *** You need libassuan to build this program. *** This library is for example available at *** ftp://ftp.gnupg.org/pub/gcrypt/libassuan/ *** (at least version 1.0.4 is required). *** Note, that libassuan must have been build with Pth support. *** However, the ftp server said:- 550 Directory change failed; directory does not exist I think the correct location is ftp://ftp.gnupg.org/gcrypt/libassuan/ Regards, Chris In addition, I was missing libksba which was detected by the configure script. It is available from ftp://ftp.gnupg.org/gcrypt/libksba/. Regards, Chris ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] Dirmngr 1.0.3 released
On 18/06/09 11:55, Chris Hills wrote: In addition, I was missing libksba which was detected by the configure script. It is available from ftp://ftp.gnupg.org/gcrypt/libksba/. Er, was _not_ detected ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] Dirmngr 1.0.3 released
Werner Koch wrote the following on 6/17/09 9:49 AM: [...] ftp://ftp.gnupg.org/gcrypt/dirmngr/dirmngr-1.0.3.tar.bz2 (542k) ftp://ftp.gnupg.org/gcrypt/dirmngr/dirmngr-1.0.3.tar.bz2.sig verified. [...] Compiled under Darwin 9.7.0 (MacOSX 10.5.7) $ dirmngr --version dirmngr 1.0.3 Copyright (C) 2009 g10 Code GmbH This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. [...] or run make -C doc dirmngr.pdf to build a printable version. Mac users will need TeX [...] Happy Hacking, Werner Thanks to Werner and all concerned. Charly ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to verify a detached signature (gpg2: to exclusive)
On Sun, Jun 14, 2009 at 12:57 AM, Charly Avital - shavi...@mac.com +gpg2+maniams+2aaa3b1079.shavital#mac@spamgourmet.com wrote: gpg2.20.mani...@dfgh.net wrote the following on 6/13/09 12:36 AM: [...] 1. How do I find out if a signature file _is_ PGP / GPG compliant 2. Presently I use GPG command line version. With that how do I verify that the original HTML file is not tampered with. A command or set of commands would be most appreciated _Other details : _ 3. This sender has so far sent me multiple files with signatures. The data files are named filename_dd_mm_yy.html and the signature is always called signature.bin (no date of no identifiable marks). All data files are only signed and not encrypted try: gpg --verify [path to]signature.bin [path to]filename[return] Good luck, Charly Thanks for the response. I did try. But GPG cannot verify this file. I get the following answer gpg: no valid OpenPGP data found. gpg: the signature could not be verified. Please remember that the signature file (.sig or .asc) should be the first file given on the command line. Probably one of the following two is happening 1. This signature is NOT GPG compliant 2. Probably this signature is GPG / PGP compliant but GPG is unable to recognise this as a GPG signature So back to my original question 1. How do I find out if a signature file _is_ PGP / GPG compliant 1.a. Will changing the extension help ? regards maniams ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
FW: TALX PGP Key Expiration Notice for 07/28/2009
Hi, We got new GPG key, We need to apply in Unix AIX server. I never done before, Do we need to install Cygwin software? Can you help me on this and how to test also. Please check below steps is correct? Installation steps cd ~/.gnupg gpg --import filename gpg --sign-key uid Command trust 1 = I don't know or won't say 2 = I do NOT trust 3 = I trust marginally 4 = I trust fully 5 = I trust ultimately m = back to the main menu Your decision? 5 Do you really want to set this key to ultimate trust? (y/N) y Command save Regards, Sam Desk: 918-573-6631 Mobile: 386-631-8079 Email : samkr...@in.ibm.com mailto:samkr...@in.ibm.com sambath.krishnasw...@williams.com mailto:sambath.krishnasw...@williams.com From: Arjay, Terry Sent: Tuesday, June 16, 2009 8:13 AM To: Krishnaswamy, Sambath Cc: Ligon, Teresa; Pandey, Omprakash Subject: FW: TALX PGP Key Expiration Notice for 07/28/2009 Sam, The TALX PGP Key expires periodically. We have some time, but wanted to get this on your radar so that you have plenty of time to do what is necessary to comply and keep us current. Thanks, Terrance M. Arjay IBM Global Services PeopleSoft HRMS Voice: 918-573-5214 Cell: 918-698-7480 E-mail: terry.ar...@williams.com OR tmar...@us.ibm.com From: TALX Operations Team [mailto:nore...@noreply.talx.com] Sent: Tuesday, June 16, 2009 5:17 AM To: Arjay, Terry Subject: TALX PGP Key Expiration Notice for 07/28/2009 http://www.talx.com/images/email/talx_header.jpg Dear TALX Client, Just a friendly reminder that the current TALX Corporation PGP Public key will expire on 7/28/2009 and will no longer encrypt files after this date. As part of TALX's security policy, PGP keys expire on a semi-annual basis to better protect confidential data. The new TALX public key is attached to this e-mail and is also available at the following websites (The key is the same on each site): http://www.talx.com/pgp/ http://www.talx.com/pgp/ http://www.theworknumber.com/pgp/ http://www.theworknumber.com/pgp/ http://www.ucexpress.com/pgp/ http://www.ucexpress.com/pgp/ Please begin using this new key on or before 7/28/2009. Instructions for downloading and using this key are at the end of this email. The new TALX public key file name is talxcorp01312010Public.asc and is scheduled to expire on 1/31/2010. Approximately one month before the key expiration we will provide a new public key for you to download. We will notify you via email once the new key is available in order for you to have time to implement. If you have any questions or concerns, please contact your Client Relationship Manager (CRM). Do not reply to this e-mail as it is being sent from a send-only account that is not being monitored. MORE PGP FILE ENCRYPTION INFORMATION TALX requires using file-based encryption when transmitting over the Internet. The encryption method is Pretty Good Privacy (PGP) version 6.5 or greater by PGP Corporation (http://www.pgp.com/index.html http://www.pgp.com/index.html ). This software is downward compatible to all UNIX and Windows NT/2000/XP/Vista versions. PGP works by using a PUBLIC key and a PRIVATE key. The transmitter of data encrypts the transmission file with the receiver's public key. The only way that this file can be unencrypted is when the right private key (which is under security control by the TALX Dataload team) is then matched with the encrypted file and the correct pass phrase is entered. The key talxcorp01312010Public.asc is for PGP versions 6.5 and greater. The key uses Diffie-Hellman/Digital Signal Standard encryption, with a 2048 bit Diffie-Hellman key size. This new public key will expire on January 31, 2010. A new version of this key will be available for download within a month of that date. Along with encryption, PGP software also compresses the file to around 10 percent of the original size, greatly reducing transfer times. The implementation procedure is as follows: 1. Client downloads the TALX public key from http://www.talx.com/pgp http://www.talx.com/pgp , http://www.theworknumber.com/pgp/ http://www.theworknumber.com/pgp/ or http://www.ucexpress.com/pgp/ http://www.ucexpress.com/pgp/ (The key is the same at each URL) and save the key to a local drive by right clicking on the hyperlink on the website and selecting Save Target As. 2. Client imports public key with PGP software onto their PGP software keyring * Open PGP keys * Select Keys * Select Import Key and find where you saved the TALX Public Key * Verify and sign key if required in your configuration 3. Client prepares file for transmission. 4. Client encrypts file
