Re: local signatures: should they be importable by default in some cases?

[Daniel Kahn Gillmor]

On 06/21/2010 06:32 PM, David Shaw wrote:
> On Jun 21, 2010, at 6:11 PM, Alex Mauer wrote:
> 
>> I see that there is currently the import-option "import-local-sigs"
>> which obviously allows the import of key-signatures marked non-exportable.
>>
>> It seems to me that it would be helpful to have a variant of this, which
>> would only allow import of local signatures where the corresponding
>> secret key was already available, and for this behavior to be the default.
> 
> Not only is it reasonable, it is already the case :)

Why is it more reasonable to auto-import local signatures if the secret
key of the issuer is available than otherwise?

I'm trying to understand the use case that you guys both seem to have
intuitively picked up.  Some of the common use cases i've seen for
non-exportable sigs definitely do *not* have people importing them from
keys they control, so i'm not seeing why it's a special case.

Can you help me understand?

--dkg



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: openpgp to sexp conversion ..

[Kahnan Patel]

yes sir it is LISP S-expressionsit's a canonical formate. open pgp has
it's own formate of keys and message and I want to convert this to sexp
format which is supported by libgcrypt protocol ..

any way apart from this if you know any auther solution for key management +
cryptolib then please explore.

Thanks,
Kahnan

On Mon, Jun 21, 2010 at 8:34 PM, Robert J. Hansen wrote:

> > My name is Kahnan and I am looking to convert openpgp keys in to sexp
> > including key data ..
>
> Explain 'sexp', please?  When I hear someone talk about sexps, I think
> they're talking about LISP S-expressions.  I don't know if that's what
> you have in mind.
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: openpgp to sexp conversion ..

[Robert J. Hansen]

> My name is Kahnan and I am looking to convert openpgp keys in to sexp
> including key data ..

Explain 'sexp', please?  When I hear someone talk about sexps, I think
they're talking about LISP S-expressions.  I don't know if that's what
you have in mind.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

openpgp to sexp conversion ..

[Kahnan Patel]

Hi Friends,

My name is Kahnan and I am looking to convert openpgp keys in to sexp
including key data ..

Or is there any way I can use key management with libgcrypt?

Please advice

Thanks,
Kahnan
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: local signatures: should they be importable by default in some cases?

[David Shaw]

On Jun 21, 2010, at 6:11 PM, Alex Mauer wrote:

> I see that there is currently the import-option "import-local-sigs"
> which obviously allows the import of key-signatures marked non-exportable.
> 
> It seems to me that it would be helpful to have a variant of this, which
> would only allow import of local signatures where the corresponding
> secret key was already available, and for this behavior to be the default.

Not only is it reasonable, it is already the case :)

David


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

local signatures: should they be importable by default in some cases?

[Alex Mauer]

I see that there is currently the import-option "import-local-sigs"
which obviously allows the import of key-signatures marked non-exportable.

It seems to me that it would be helpful to have a variant of this, which
would only allow import of local signatures where the corresponding
secret key was already available, and for this behavior to be the default.

Does this seem like a good idea?

—Alex Mauer “hawke”



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Setting up SKS Keyserver

[John Clizbe]

Роман Шерстюк wrote:
>  Good day!
>  Sorry for disturb, please.
> I have been setup SKS server on Linux Debian 5.0.3 and I'd like to ask

Perhaps your post would get a better answer on the SKS list, 
sks-de...@nongnu.org

> you how can I see detailed statistic. 

Assuming the statistics code ran at least once,

http://localhost:11371/pks/lookup?op=stats

Change localhost to point to your server

> I need to see all list of keys in my database and have possibility
> locate the keys that already expired and will be expired at nearly future.

Don't think you can without looking at each key individually. It's not stored
separately

> Is there any web interface for this futures?

You need to setup index.html in the web directory alongside KDB and PTree
See http://keyserver.gingerbear.net:11371/ for an example implementation

> Thank you very much!

You're welcome.
-- 
John P. Clizbe  Inet: John (a) Gingerbear DAWT net
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
 mailto:pgp-public-k...@gingerbear.net?subject=help

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Multiple signatures

[Robert J. Hansen]

On 6/18/10 3:39 PM, ved...@nym.hush.com wrote:
>> gpg --armor -u signer -u signer2 -u signer3 --clearsign filename
> 
> no.
> 
> 6.5.8 and 6.5.8 ckt will crash only when trying to verify multiple 
> signatures of the same text when *clearsigned*.

Perhaps I'm in error here, but -- isn't a clearsign the command I specified?



smime.p7s
Description: S/MIME Cryptographic Signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: AUTO: Richard Hamilton is out of the office (returning 06/24/2010)

[Mark H. Wood]

RFC2919, anyone?  This list uses the List-* headers.

-- 
Mark H. Wood, Lead System Programmer   mw...@iupui.edu
Balance your desire for bells and whistles with the reality that only a 
little more than 2 percent of world population has broadband.
-- Ledford and Tyler, _Google Analytics 2.0_


pgpSFczHZMoPd.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

AW: Gnupg-users Digest, Vol 81, Issue 22

[Juergen Bader]

-- Gesendet von meinem Palm Prē
gnupg-users-requ...@gnupg.org schrieb:

Send Gnupg-users mailing list submissions to

gnupg-users@gnupg.org



To subscribe or unsubscribe via the World Wide Web, visit

http://lists.gnupg.org/mailman/listinfo/gnupg-users

or, via email, send a message with subject or body 'help' to

gnupg-users-requ...@gnupg.org



You can reach the person managing the list at

gnupg-users-ow...@gnupg.org



When replying, please edit your Subject line so it is more specific

than "Re: Contents of Gnupg-users digest..."





Today's Topics:



   1. Re: Can we use GNUPG with PGP for commercial use

  (Daniel Kahn Gillmor)

   2. Re: Can we use GNUPG with PGP for commercial use (David Smith)

   3. Re: Can we use GNUPG with PGP for commercial use (Joke de Buhr)

   4. Re: Importing public key in OpenGPG - error. MAC OS X (MFPA)

   5. Re: auto refresh-keys (MFPA)

   6. Re: Can we use GNUPG with PGP for commercial use

  (m...@imparisystems.com)

   7. Re: auto refresh-keys (Hauke Laging)





--



Message: 1

Date: Thu, 17 Jun 2010 13:00:21 -0400

From: Daniel Kahn Gillmor 

Subject: Re: Can we use GNUPG with PGP for commercial use

To: GnuPG Users 

Message-ID: <4c1a54a5.5020...@fifthhorseman.net>

Content-Type: text/plain; charset="utf-8"



On 06/17/2010 12:45 PM, Joke de Buhr wrote:

> Unlike PGP GnuPG is a non-commercial tool. There is no warranty. You can't 
> sue 

> anyone if GnuPG does not do what it's supposed to do.



If your goal is to be able to sue someone over proprietary software, i

strongly advise you to read the relevant EULA first:



 http://www.pgp.com/products/eula.html



section 9 in particular is illuminating about the scope and duration of

whatever minimal warranty you get from having purchased a license.



> If you need commercial support and liability stick to PGP and pay for it.



If you need commercial support, there is no reason to avoid free

software.  Several companies offer commercial support for GnuPG:



  http://www.gnupg.org/service.en.html



Please don't spread the false idea that only proprietary software is

available with commercial support.



Regards,



--dkg



-- next part --

A non-text attachment was scrubbed...

Name: signature.asc

Type: application/pgp-signature

Size: 892 bytes

Desc: OpenPGP digital signature

URL: 



--



Message: 2

Date: Thu, 17 Jun 2010 17:15:23 +0100

From: David Smith 

Subject: Re: Can we use GNUPG with PGP for commercial use

To: "Gorugantu, Prakash" ,



Message-ID: <4c1a4a1b.9080...@st.com>

Content-Type: text/plain; charset="ISO-8859-1"



Gorugantu, Prakash wrote:

> Our project has a requirement where we need to pull a file using PGP

> encryption/decryption from one of our clients ftp servers. Please let us

> know if we can use GNUPG to encrypt/decrypt files with PGP.  We read

> somewhere in your licensing agreement that GNUPG for PGP is only for

> non-commercial use and we have to purchase it from PGP Corp. if we have

> to use it.



GnuPG and PGP are different tools.



PGP is a commercial tool, although some versions of it are free for

non-commercial use.



GnuPG is a FOSS (Free, Open Source Software) tool released under the GNU

General Public License (GPL), and it can therefore be used

free-of-charge for both commercial and non-commercial use.



GnuPG and PGP are generally compatible with each other (i.e. a file

encrypted with PGP can be decrypted with GnuPG and vice-versa), as they

both work to a publicly-defined standard.



HTH & HAND.







--



Message: 3

Date: Thu, 17 Jun 2010 19:51:38 +0200

From: Joke de Buhr 

Subject: Re: Can we use GNUPG with PGP for commercial use

To: GnuPG Users 

Message-ID: <201006171951.40684.j...@seiken.de>

Content-Type: text/plain; charset="utf-8"



On Thursday 17 June 2010 19:00:21 Daniel Kahn Gillmor wrote:

> On 06/17/2010 12:45 PM, Joke de Buhr wrote:

> > Unlike PGP GnuPG is a non-commercial tool. There is no warranty. You

> > can't sue anyone if GnuPG does not do what it's supposed to do.

> 

> If your goal is to be able to sue someone over proprietary software, i

> strongly advise you to read the relevant EULA first:

> 

>  http://www.pgp.com/products/eula.html

> 

> section 9 in particular is illuminating about the scope and duration of

> whatever minimal warranty you get from having purchased a license.



As far as I remember the software needs to do mostly what it's supposed to do. 

It should do at least some kind of encryption and start without segfaulting 

And advertised features need to be included and working.

Re: Multiple signatures

[Boris]

Ok, Thanks David,

But what if the file is signed by people working on different computers?
So they will had their signature on the current separate file
(correesponding to the people who already signed a specific file).

Koushkov

2010/6/18 David Shaw 

> On Jun 17, 2010, at 11:33 PM, Boris wrote:
>
> > Hi,
> >
> > I would like to know if there is a way to add multiple signatures for a
> file (in a separate file) and check who signed with just one command (so not
> by signing a signed file...).
>
> Sure.
>
>   gpg -u signer_1 -u signer_2 -u signer_3 --detach-sign file-to-sign
>
> You'll end up with a file-to-sign.sig that contains all three signatures.
>  When you verify file-to-sign.sig, all three signatures will be checked.
>
> Alternately, you can do the same "multiple signer" trick with regular
> --sign if you want the data and signatures to be put together into a single
> file.
>
> David
>
>
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Multiple signatures

[Boris]

Thank you very much David
It is exactly what I wanted

2010/6/18 David Shaw 

> > On Jun 17, 2010, at 11:33 PM, Boris wrote:
> >
> > > Hi,
> > >
> > > I would like to know if there is a way to add multiple signatures for a
> file (in a separate file) and check who signed with just one command (so not
> by signing a signed file...).
> >
> > Sure.
> >
> >   gpg -u signer_1 -u signer_2 -u signer_3 --detach-sign file-to-sign
> >
> > You'll end up with a file-to-sign.sig that contains all three signatures.
>  When you verify file-to-sign.sig, all three signatures will be checked.
> >
> > Alternately, you can do the same "multiple signer" trick with regular
> --sign if you want the data and signatures to be put together into a single
> file.
>
> On Jun 18, 2010, at 9:14 AM, Boris wrote:
>
> > Ok, Thanks David,
> >
> > But what if the file is signed by people working on different computers?
> > So they will had their signature on the current separate file
> (correesponding to the people who already signed a specific file).
>
> If you want a bunch of people all signing the same file, have each signer
> do this:
>
> gpg -u signer-X -o signer-X-signature --detach-sign file-to-sign
>
> Then have them all send you their "file-to-sign.sig" files.  You create a
> file containing all of them:
>
> cat signer-1-signature signer-2-signature signer-3-signature >
> file-to-sign.sig
>
> Then anyone can verify file-to-sign.sig against the original file-to-sign
> and see all the signatures verified.
>
> David
>
>
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Setting up SKS Keyserver

[Роман Шерстюк]

Good day!  
 Sorry for disturb, please.  
I have been setup SKS server on Linux Debian 5.0.3 and I'd like to ask you how 
can I see detailed statistic.   
I need to see all list of keys in my database and have possibility locate the 
keys that already expired and will be expired at nearly future.  
Is there any web interface for this futures?  
Thank you very much!  
  
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users