GPGTools: short introduction
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dear (OS X) GnuPG users, On 07.01.2011, at 14:18, Werner Koch wrote: On Fri, 7 Jan 2011 13:03, a...@willner.ws said: I would like to suggest to add GPGTools[1] to the list of GnuPG Frontends for the Mac platform at [2]. Please explain the project at gnupg-users@gnupg.org; I can't see from the web page what this is about. since Werner suggested to post a short explanation to this list and users asked why the GPGTools are not linked at gnupg.org: As you might know different (GUI based) software packages are needed to use OpenPGP on OS X. Some of them are no longer developed, were updated years ago or fixed versions could be found in user forums and similar sources. In conjunction with their authors, we, the GPGTools Project Team, started to update some applications and established an infrastructure for all GnuPG related OS X software. Including but not limited to: * MacGPG2 - author: Benjamin Donnachie. * GPGMail - former author: Stéphane Corthésy. * GPG Keychain Access - new author: Roman Zechmeister. At http://gpgtools.org we provide an all-in-one (un-)installer and a web page for each project that links to: * Signed binaries including installer, uninstaller, and beta versions / release candidates. * The git source repository, license files, and wiki pages. * An unified issue/ticket system. * A single mailing list and twitter account. * The change log, including an app cast news feed and partly Sparkle integration. Some questions you might have could already be answered in our FAQ at http://gpgtools.org/faq.html. Please do not hesitate to get in touch with us: http://gpgtools.org/about.html. Best regards, Alex on behalf of the GPGTools Project Team -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAk1Y3oEACgkQdtePBQDQJsRH8gD/dCMSK6zJ6jTFJOjYUhBWtHTN fuZ6nQKRmQVV4YBLvxwBAM7cUcAO86WIcXcLKEfoeuBxWRjyr4pg16HssxhHUmdI =piAm -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: how to store the public keys in a db?
On Sun, 13 Feb 2011 13:34, ikrabbe@gmail.com said: don't think that it will result into a bottleneck before reaching 10^6-10^12 keys (I didn't prove this statement!). This won't work. We do a sequential scans of the pubring.gpg all the time. This includes the computation of fingerprints etc for each and every key. It is more a miracle that it still works fine with many thousand keys. One upon a time we had support for gdbm backend;that was dropped due to several architectural problems. The current plan is to use the keybox format which we are using for gpgsm. It allows to store meta information and will make key lookups much faster. With this you should be able to handle a few million keys. Adding another backend is not very complicated, all access to the keyrings is routed trough the keydb.c module which has provisions to register several backends. Adding an RDBMS backend is thus possible. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help with OpenPGP plugin in Mozilla Thunderbird and Claws Mail
On Sun, Feb 13, 2011 at 12:46:02PM -0500, Grant Olson wrote: On 02/13/2011 03:03 AM, AgoristTeen1994 wrote: Hey, this is going to seem like stupid questions, but, I just found out about PGP, OpenPGP, and GnuPG yesterday, and I didn't create a key pair until about 2 hours ago, so I'm pretty unaware of how some thing work...First is, that using either Mozilla Thunderbird, with the OpenPGP plugin, or Claws Mail, to generate a key pair, it only lists, one key, my key id Is that my public key or my secret key? Or is it supposed to be both? If it's only one of them, how do I find the other? They short answer is yes, it contains everything. If you add another user's public key to your keyring, it will contain everything minus the secret key. Also. I was wondering, in my reading on the internet about this sort of thing, it mentioned signing a message, say an e-mail, with my secret key, so the recipient knows it's from me...but Im confused, since doesn't that mean, that any one I send a message to, that I sign will have my secret key and thus will be able to decrypt any messages they intercept? Thank you for any help, and have a nice day. Signing works in reverse compared to encryption. With encryption, anyone can generate an encrypted message with your public key, but only you can decrypt it because only you have the private key. With signing, only you can generate a valid signature because only you have the private key, but anyone with your public key can verify the signature. Signing a message to a complete stranger won't compromise your private part of the key in any way. -- -Grant Look around! Can you construct some sort of rudimentary lathe? I read AgoristTeen1994's question a bit differently. Using your secret key to encrypt something is not at all the same thing as giving somebody your secret key. Using your key doesn't give it away. Jim ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: how to store the public keys in a db?
On 02/14/2011 03:58 AM, Werner Koch wrote: On Sun, 13 Feb 2011 13:34, ikrabbe@gmail.com said: don't think that it will result into a bottleneck before reaching 10^6-10^12 keys (I didn't prove this statement!). This won't work. We do a sequential scans of the pubring.gpg all the time. This includes the computation of fingerprints etc for each and every key. It is more a miracle that it still works fine with many thousand keys. fwiw, it doesn't really work fine with many thousand keys. i've got 1785 keys in my pubring, and performance is noticeably poor. This may be due to my running somewhat older/low-end hardware (900Mhz Celeron M processor, 1GiB RAM), but it's bad enough that i've taken the step of setting no-auto-check-trustdb, and running --check-trustdb manually from a nightly cronjob. otherwise, with the amount of signed and/or encrypted mail that i get, and the fact that i'm signing software and using it to verify ssh connections and web connections, my machine would be regularly blocked on gpg for many many tasks. I'm looking forward to the speedup promised by the keybox format; i hope the trustdb recalculations can be comparably sped up as well. Thanks for working on this, Werner. --dkg signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
MacGPG2 v2.0.17-9 released!
MacGPG2 v2.0.17-9 is available from https://github.com/downloads/GPGTools/MacGPG2/MacGPG2-2.0.17-9.zip Please use the detached signature to confirm the integrity of your download prior to install. Public key needed available from http://www.gpgtools.org/ Unzip the archive and then run the MacGPG2 installer. MD5 (MacGPG2-2.0.17-9.zip) = 36dec9b2b7f24234a2286d736397d8e9 MD5 (MacGPG2-2.0.17-9.pkg) = 1d6698bca1450496543030247934579b * 121,836 downloads of MacGPG2 from 165 countries in two years! What's New: * Following fixes: http://gpgtools.lighthouseapp.com/projects/66001/tickets/21-gpg-agent-patch-missing http://gpgtools.lighthouseapp.com/projects/66001/tickets/24-add-gpg2-gpgconf-test-to-the-postflight-script http://gpgtools.lighthouseapp.com/projects/66001/tickets/32-incorrect-permissions-on-launchagent-plist http://gpgtools.lighthouseapp.com/projects/66001/tickets/33-check-for-incorrect-options-in-gpg-agentconf http://gpgtools.lighthouseapp.com/projects/66001/tickets/40-secret-keys-unusable * Patch to facilitate IDEA support; requires alternative encryption library *NOT INCLUDED* * Supports 32- and 64-bit Intel Macs running OS X Leopard (10.5) and higher. * Core upgraded to GnuPG v2.0.17 = Configured to use standard socket and daemonise gpg agent on the fly if required. * Maximum key size increased to 8192 bits; not recommended and requires --expert command line option. * Includes GPGTools gpg-agent cache-id option patch. * Pinentry updated by GPGTools team and includes keychain support * Installs exclusively under /usr/local/MacGPG2/ removing previous v2.0.16 install. * Libksba upgraded to v1.1.0 * Libusb upgraded to v1.0.8 Credits * Werner Koch and the GnuPG Project, http://www.gnupg.org/ * Stéphane Corthésy for the launchd patches. * Charly Avital for his patient testing. * Dr Alun J Carr for his kind donation. Noteworthy changes in GnuPG version 2.0.17 (2011-01-13) * Allow more hash algorithms with the OpenPGP v2 card. * The gpg-agent now tests for a new gpg-agent.conf on a HUP. * Fixed output of gpgconf --check-options. * Fixed a bug where Scdaemon sends a signal to Gpg-agent running in non-daemon mode. * Fixed TTY management for pinentries and session variable update problem. * Minor bug fixes. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: how to store the public keys in a db?
On 02/14/2011 12:35 PM, Werner Koch wrote: On Mon, 14 Feb 2011 15:20, d...@fifthhorseman.net said: processor, 1GiB RAM), but it's bad enough that i've taken the step of setting no-auto-check-trustdb, and running --check-trustdb manually from a nightly cronjob. otherwise, with the amount of signed and/or Sure; I always forget about this because I use this since I implemented the stuff. However, making --no-auto-check-trustdb the default is not a good idea because many users might have problems setting up a cronjob. I agree. and frankly, the nightly cronjob isn't really what i want either; i'd like gpg to pick up the validity of a key's user ID as soon as it sees the new key, without waiting a day or manually-invoking the minutes-long check-trustdb. Do you expect that we'll be able to run with auto-check-trustdb once you make the transition to keybox? --dkg signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MacGPG2 v2.0.17-9 released!
Benjamin Donnachie wrote the following on 2/14/11 10:22 AM: MacGPG2 v2.0.17-9 is available from https://github.com/downloads/GPGTools/MacGPG2/MacGPG2-2.0.17-9.zip [snip] MD5 (MacGPG2-2.0.17-9.zip) = 36dec9b2b7f24234a2286d736397d8e9 MD5(MacGPG2-2.0.17-9.zip)= 36dec9b2b7f24234a2286d736397d8e9 MD5 (MacGPG2-2.0.17-9.pkg) = 1d6698bca1450496543030247934579b MD5(MacGPG2-2.0.17-9.pkg)= 1d6698bca1450496543030247934579b [snip] * Supports 32- and 64-bit Intel Macs running OS X Leopard (10.5) and higher. Running MacBook5,1 Intel Core 2 Duo 32-bit MacOSX 10.6.6 [snip] Test commands ran smoothly: $ gpg2 --version $ gpg-agent $ ps waux | grep gpg-agent $ echo test | gpg2 -aser Your Name | gpg2 $ echo test | gpg2 -aser Your Name | gpg2 $ ps waux | grep gpg-agent (after testing signing, verifying decrypting with gpg-agent). Thank you Ben! Charly ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
