Re: paperkey // recommended OCR font ?

[Robert J. Hansen]

On 1/4/2013 7:17 PM, David Shaw wrote:
> I've done this, with regular old Courier.

My experiences are similar.  One additional thing: the larger the font
the easier it is for OCR to recognize it (up to a point: I doubt there's
much difference between 48- and 72-point recognition).  So try using 12-
or 14-point if possible.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: paperkey // recommended OCR font ?

[David Shaw]

On Jan 4, 2013, at 1:06 PM, ved...@nym.hush.com wrote:

> My scanner is broken (lamp problem) and the multifunction printer hasn't 
> arrived yet ;-(  so I can't test this myself.
> 
> 
> Has anyone tested Paperkey by scanning it in, having the OCR recognize it 
> without error, and then successfully import it into a keyring ?
> 
> If so, what is the recommended font and size to be used for accurate OCR ?
> 
> OCR-A, OCR-B,  Ordinary Courier 10,  other ?

I've done this, with regular old Courier.  It basically worked, with a few 
glitches that I had to correct by hand.  Paperkey has a checksum on each line 
so you can easily tell which line got the glitch.  I suspect a OCR font would 
have done better.

David


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gnupg not working with RHEL 4

[Anilkumar Padmaraju]

I am using http://www.faqs.org/docs/securing/chap19sec152.html to do the
upgrade.  Please let me know, if I have to do any additional steps.

Since I am already using gpg on this server, do I have to do "gpg
--gen-key" after the upgrade?

Thank you,

Anil.

On Fri, Jan 4, 2013 at 1:09 PM, Anilkumar Padmaraju <
apadmar...@prounlimited.com> wrote:

> Thank you, David and Werner.
>
> This is first time I am upgrading gnupg.  Are there any steps or document
> to download source, compile, and upgrade?  I did some search in google, but
> could not find detailed one.
>
> After upgrading do I have to do gpg --gen-key or it is only needed when we
> install for the first time?
>
> Thank you,
>
> Anil.
>
> On Fri, Jan 4, 2013 at 12:45 PM, Werner Koch  wrote:
>
>> On Fri,  4 Jan 2013 18:34, apadmar...@prounlimited.com said:
>>
>> > Can I go ahead and update gnupg from 1.2.6 to 1.4.5 on "Red Hat
>> Enterprise
>> > Linux AS release 4 (Nahant Update 5)"?  Is 1.4.5 compatible with this
>> Linux
>> > version?  I did not find any information regarding this compatibility.
>>
>> GnuPG is compatible with all Unix style operating systems inclduing
>> Linux and RHEL [1].  You just need to build it yourself.  And please use
>> the latest versions (1.4.13).
>>
>>
>> Shalom-Salam,
>>
>>Werner
>>
>>
>>
>> [1] And with VMS and Windows.  However, you better get a prebuild
>> version for these OSes.
>>
>> --
>> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
>>
>>
>
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: simple-sk-checksum

[Stephen Paul Weber]

Somebody claiming to be David Shaw wrote:

On Jan 4, 2013, at 4:37 PM, Stephen Paul Weber  
wrote:
Does anyone know what the actual security risk is?  Using a weaker 
checksum obviously makes it easier to forge data, but in this case the 
data being forged is just the secret parts of a secret key.  What are the 
attack vectors there?


http://eprint.iacr.org/2002/076.pdf


Thanks!  That paper implies that both the public *and* private elements must 
be integrity protected to defeat the attack (depending on algorithm), 
however it seems that only the private elements are protected by the SHA1 
under RFC4880.  Was the need to protect the public elements discovered to be 
unnecessary?


--
Stephen Paul Weber, @singpolyma
See  for how I prefer to be contacted
edition right joseph


signature.asc
Description: Digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: simple-sk-checksum

[David Shaw]

On Jan 4, 2013, at 4:37 PM, Stephen Paul Weber  
wrote:

> The manpage for gpg sez:
> 
>> Secret  keys  are  integrity protected by using a SHA-1 checksum. This 
>> method is part of the upcoming enhanced OpenPGP specification  but GnuPG 
>> already uses it as a countermeasure against certain attacks.  Old  
>> applications  don't  under‐ stand this new format, so this
>> option may be used to switch back to the old behaviour. Using this option 
>> bears a security risk.
> 
> Does anyone know what the actual security risk is?  Using a weaker checksum 
> obviously makes it easier to forge data, but in this case the data being 
> forged is just the secret parts of a secret key.  What are the attack vectors 
> there?

http://eprint.iacr.org/2002/076.pdf

David


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

simple-sk-checksum

[Stephen Paul Weber]

The manpage for gpg sez:

Secret  keys  are  integrity protected by using a SHA-1 checksum. This 
method is part of the upcoming enhanced OpenPGP specification  but GnuPG 
already uses it as a countermeasure against certain attacks.  Old  
applications  don't  under‐ stand this new format, so this
option may be used to switch back to the old behaviour. Using this option 
bears a security risk.


Does anyone know what the actual security risk is?  Using a weaker checksum 
obviously makes it easier to forge data, but in this case the data being 
forged is just the secret parts of a secret key.  What are the attack 
vectors there?


--
Stephen Paul Weber, @singpolyma
See  for how I prefer to be contacted
edition right joseph


signature.asc
Description: Digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gnupg not working with RHEL 4

[David Shaw]

On Jan 4, 2013, at 12:34 PM, Anilkumar Padmaraju  
wrote:

> Thank you very much, David.
> 
> Our other server is having 1.4.5 and to be consistent want to go from 1.2.6 
> to 1.4.5.
> 
> Can I go ahead and update gnupg from 1.2.6 to 1.4.5 on "Red Hat Enterprise 
> Linux AS release 4 (Nahant Update 5)"?  Is 1.4.5 compatible with this Linux 
> version?  I did not find any information regarding this compatibility.

You could upgrade to 1.4.5, but this is not recommended.  There have been a 
number of bug fixes between 1.4.5 and 1.4.13, and using the most recent version 
is usually the best course of action.

David


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gnupg not working with RHEL 4

[Anilkumar Padmaraju]

Thank you, David and Werner.

This is first time I am upgrading gnupg.  Are there any steps or document
to download source, compile, and upgrade?  I did some search in google, but
could not find detailed one.

After upgrading do I have to do gpg --gen-key or it is only needed when we
install for the first time?

Thank you,

Anil.

On Fri, Jan 4, 2013 at 12:45 PM, Werner Koch  wrote:

> On Fri,  4 Jan 2013 18:34, apadmar...@prounlimited.com said:
>
> > Can I go ahead and update gnupg from 1.2.6 to 1.4.5 on "Red Hat
> Enterprise
> > Linux AS release 4 (Nahant Update 5)"?  Is 1.4.5 compatible with this
> Linux
> > version?  I did not find any information regarding this compatibility.
>
> GnuPG is compatible with all Unix style operating systems inclduing
> Linux and RHEL [1].  You just need to build it yourself.  And please use
> the latest versions (1.4.13).
>
>
> Shalom-Salam,
>
>Werner
>
>
>
> [1] And with VMS and Windows.  However, you better get a prebuild
> version for these OSes.
>
> --
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
>
>


-- 
Anilkumar Padmaraju | Sr. Linux System Administrator
*PRO Unlimited, Inc.*
1350 Old Bayshore Highway, Suite 350, Burlingame, CA 94010
(o) 650-373-2484 | (m) 408-835-7599 | (e) apadmar...@prounlimited.com
www.prounlimited.com
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gnupg not working with RHEL 4

[Werner Koch]

On Fri,  4 Jan 2013 18:34, apadmar...@prounlimited.com said:

> Can I go ahead and update gnupg from 1.2.6 to 1.4.5 on "Red Hat Enterprise
> Linux AS release 4 (Nahant Update 5)"?  Is 1.4.5 compatible with this Linux
> version?  I did not find any information regarding this compatibility.

GnuPG is compatible with all Unix style operating systems inclduing
Linux and RHEL [1].  You just need to build it yourself.  And please use
the latest versions (1.4.13).


Shalom-Salam,

   Werner



[1] And with VMS and Windows.  However, you better get a prebuild
version for these OSes.

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: "New" packet headers and gpg

[Werner Koch]

On Fri,  4 Jan 2013 17:34, singpol...@singpolyma.net said:

> headers.  Such implementations' ouput can be read by gpg, but there's
> currently no way to convince gpg to talk to them :)

I just checked the RFC and it says:

   If interoperability [with PGP 2] is not an issue, the new packet
   format is RECOMMENDED.

Thus there is nothing in the standard which would speak against using
the new headers.  This can either be done using a new option or by using
for example the existing compliance option --rfc4880.

I don't assume that PGP 2 is still in use.  With the recent addition of
IDEA even decryption of old data can now be done with vanilla GPG.
Shall we give this a test by using one of the compliance options and
make the new headers the default in one or two years?  Less code is
always better.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Paperkey 1.3

[David Shaw]

On Jan 4, 2013, at 12:16 PM, "I.V. Frost"  wrote:

> 
> -BEGIN PGP SIGNED MESSAGE- 
> Hash: SHA256 
>  
> Am I the only having trouble both the key for this message and the one with 
> the binaries? My installation tells me it is not Key ID: 0x99242560 but key 
> 0xA1BC4FA4 which is not found on any server that I use.

0xA1BC4FA4 is a subkey on 0x99242560.  It should be available on the keyserver 
network.

David


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Paperkey 1.3

[I.V. Frost]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
 
Am I the only having trouble both the key for this message and the one
with the binaries? My installation tells me it is not Key ID:
0x99242560 but key 0xA1BC4FA4 which is not found on any server that I use.

David Shaw made the following observation on 1/3/2013 10:42 PM:

> Hi folks,
>
> Paperkey 1.3 is released. This adds ECC key support (both ECDH and
> ECDSA) as well as a few more minor tweaks.
>
> Source and Win32 binaries are available at:
> http://www.jabberwocky.com/software/paperkey/

-BEGIN PGP SIGNATURE-
Comment: what is essential is invisible to the eye
Comment: - Antoine de Saint Exupery
 
iEYEAREIAAYFAlDm96wACgkQsMrrDTRrXem+cQCgpf9rv9Zj7KHr9CMezbN0YjV6
f/gAn174BhbDynOMYspBeKFztlK//xd/
=ZjMc
-END PGP SIGNATURE-
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gnupg not working with RHEL 4

[Anilkumar Padmaraju]

Thank you very much, David.

Our other server is having 1.4.5 and to be consistent want to go from 1.2.6
to 1.4.5.

Can I go ahead and update gnupg from 1.2.6 to 1.4.5 on "Red Hat Enterprise
Linux AS release 4 (Nahant Update 5)"?  Is 1.4.5 compatible with this Linux
version?  I did not find any information regarding this compatibility.

Thank you,

Anil.

On Fri, Jan 4, 2013 at 5:54 AM, David Shaw  wrote:

> On Jan 3, 2013, at 2:37 PM, Anilkumar Padmaraju <
> apadmar...@prounlimited.com> wrote:
>
> > Hi,
> >
> > This is an important issue for me.  I would really appreciate, if any
> one can help.
> >
> > Server 1:
> > I have a server with Red Hat Enterprise Linux AS release 4 (Nahant
> Update 5) and having gnupg version 1.2.6.
> >
> >
> > When I am trying to import a key, I am getting below problem and the key
> is not getting imported.  The key is 2048 bits.
> >
> >
> >
> > # gpg --import /key.asc
> > gpg: DSA requires the use of a 160 bit hash algorithm
>
> This means that you are trying to import a key with a version of GnuPG
> that is too old to understand it.  That key uses a feature (called DSA2)
> that didn't exist in version 1.2.6 of GnuPG.
>
> > Unfortunately, I cannot upgrade Linux on Server 1.  What I have to do to
> solve the problem with gpg import on Server 1?
>
> While you don't have to upgrade Linux on server 1, you do need to at least
> upgrade GnuPG.
>
> Go to http://www.gnupg.org/download/ and grab the latest 1.4 version of
> GnuPG (at the moment, it's 1.4.13).  That is the easiest replacement for
> 1.2.6, and will handle that DSA2 key just fine.
>
> David
>
>


-- 
Anilkumar Padmaraju | Sr. Linux System Administrator
*PRO Unlimited, Inc.*
1350 Old Bayshore Highway, Suite 350, Burlingame, CA 94010
(o) 650-373-2484 | (m) 408-835-7599 | (e) apadmar...@prounlimited.com
www.prounlimited.com
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Paperkey 1.3

[David Shaw]

On Jan 4, 2013, at 9:27 AM, Johan Wevers  wrote:

> On 04-01-2013 5:42, David Shaw wrote:
> 
>> Paperkey 1.3 is released.
> 
> You might want to update the website, it reads a bit outdated.
> CD/DVD-ROMs are going the way of the floppy disc; flash memory is much
> more reliable than either. Future support of USB ports or memory card
> readers seems the biggest concern for me.

That's a very good point.  Do you know of any studies on the projected life of 
flash when used as backup?  I've read anecdotal numbers as low as 5 years, and 
marketing claims are always huge (100 years!), but most of what I see is about 
the lifespan is when the flash is actively used (so running out of read/write 
cycles), rather than the on-the-shelf lifespan of already written data.

The few numbers I've seen at manufacturers websites about retention 
specifically, suggest it's around 10 years (depending on how well the flash is 
stored - heat makes it die quicker, etc).

David


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Paperkey 1.3

[Klaus Neumann]

On 01/04/2013 06:27 AM, Johan Wevers wrote:
> On 04-01-2013 5:42, David Shaw wrote:
> 
>> Paperkey 1.3 is released.
> 
> You might want to update the website, it reads a bit outdated.
> CD/DVD-ROMs are going the way of the floppy disc; flash memory is much
> more reliable than either. Future support of USB ports or memory card
> readers seems the biggest concern for me.
> 
Support for USB ports or card readers will not disappear over night.
Whenever the next better medium becomes common, you simply transfer your
back-ups. No reason to be concerned, IMHO.

-- 
Best regards,
Klaus
--
PGP/GPG public keys at http://pgp.mit.edu
_
“Political language… is designed to make lies sound truthful and murder
respectable.”
George Orwell

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

paperkey // recommended OCR font ?

[vedaal]

My scanner is broken (lamp problem) and the multifunction printer hasn't 
arrived yet ;-(  so I can't test this myself.


Has anyone tested Paperkey by scanning it in, having the OCR recognize it 
without error, and then successfully import it into a keyring ?

If so, what is the recommended font and size to be used for accurate OCR ?

OCR-A, OCR-B,  Ordinary Courier 10,  other ?

(I know that the purpose of Paperkey is to be able to type it in by hand, if 
all else fails ;-)   
but if OCR works, it would make things much easier ... )

TIA

vedaal


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Paperkey 1.3

[David Shaw]

On Jan 4, 2013, at 4:01 AM, Branko Majic  wrote:

> On Thu, 3 Jan 2013 23:42:07 -0500
> David Shaw  wrote:
> 
>> Paperkey 1.3 is released.  This adds ECC key support (both ECDH and
>> ECDSA) as well as a few more minor tweaks.
>> 
>> Source and Win32 binaries are available at:
>>  http://www.jabberwocky.com/software/paperkey/
> 
> Curious piece of software. Certainly not something that comes to mind
> right away for making backups.
> 
> I wonder if you could back-up even more by using 2D bar code for an
> output?

Sure, paperkey supports piping the output into whatever code generator you like:

  gpg --export-secret-key mykey | paperkey --output-format raw | 
your-bar-code-generator

However, 2D bar codes have some of the problems that paperkey is intended to 
address.  You need a 'thing' (a process, a device, etc) to read them, and part 
of the point of paperkey is that it's supposed to be the backup of last resort, 
and thus readable by a human without any special hardware involved.

You could also back up your whole key via a 2D bar code (without using paperkey 
at all) but then you're backing up a lot of redundant data, giving you a larger 
image.  Of course, this may not be a big deal if the intent is to scan it back 
in again rather than type it back in again.

David


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: "New" packet headers and gpg

[Stephen Paul Weber]

Somebody claiming to be David Shaw wrote:

On Jan 4, 2013, at 9:39 AM, Stephen Paul Weber  
wrote:

Somebody claiming to be David Shaw wrote:

On Jan 3, 2013, at 9:53 PM, Stephen Paul Weber  
wrote:

tell gpg or gpg2 to produce "new" packet length headers for output?

No.
I was hoping that with all the "advanced mode, you probably don't care 
about this" features, there would be one for this.


You could patch the code (look in build-packet.c) fairly easily if you need 
this.  Out of curiosity, why do you want to use only new packet headers?


I might do that if I get further along.  I want to be able to have partial 
OpenPGP implementations that only bother with new-style headers.  Such 
implementations' ouput can be read by gpg, but there's currently no way to 
convince gpg to talk to them :)


My own implementations currently do support both kinds of headers, so it's 
not a pressing need.


--
Stephen Paul Weber, @singpolyma
See  for how I prefer to be contacted
edition right joseph


signature.asc
Description: Digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Paperkey 1.3

[Thomas Harning Jr.]

You may want to check out my blog post about key backup[1]. In it I
mention two bar-code style backup solutions:
 * PaperBack [2]
 * Twibright Optar [3]

I also investigated QR codes and other 2D bar codes.. however they did
not seem to scale well to large amounts of data...

I found that PaperBack, while being a Win32 app (runs fine in Wine)
works beautifully for storing quite a bit of data with redundancy and
handling for user-level printers. Quoting the page "If you have a good
laser printer with the 600 dpi resolution, you can save up to 500,000
bytes of uncompressed data on the single A4/Letter sheet." ... quite a
bit to store your entire secret keyring ... though you could use
paperkey + this to permit bumping up redundancy / dot-size quite a
bit.

Twibright Optar has quite a bit of promise, but requires quite a bit
of pre-processing and noise removal (not to mention source-code edit
to change dot-size to work nicely with non-super printers).



1: http://blog.eharning.us/2011/04/key-backup-for-paranoid.html
2: http://ollydbg.de/Paperbak/
3: http://ronja.twibright.com/optar/

On Fri, Jan 4, 2013 at 4:01 AM, Branko Majic  wrote:
> On Thu, 3 Jan 2013 23:42:07 -0500
> David Shaw  wrote:
>
>> Paperkey 1.3 is released.  This adds ECC key support (both ECDH and
>> ECDSA) as well as a few more minor tweaks.
>>
>> Source and Win32 binaries are available at:
>>   http://www.jabberwocky.com/software/paperkey/
>
> Curious piece of software. Certainly not something that comes to mind
> right away for making backups.
>
> I wonder if you could back-up even more by using 2D bar code for an
> output?
>
> Best regards
>
> --
> Branko Majic
> Jabber: bra...@majic.rs
> Please use only Free formats when sending attachments to me.
>
> Бранко Мајић
> Џабер: bra...@majic.rs
> Молим вас да додатке шаљете искључиво у слободним форматима.
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>



-- 
Thomas Harning Jr. (http://about.me/harningt)

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: "New" packet headers and gpg

[David Shaw]

On Jan 4, 2013, at 9:39 AM, Stephen Paul Weber  
wrote:

> Somebody claiming to be David Shaw wrote:
>> On Jan 3, 2013, at 9:53 PM, Stephen Paul Weber  
>> wrote:
>>> tell gpg or gpg2 to produce "new" packet length headers for output?  
>> 
>> No.  GPG automatically uses the old packet headers for those packets that 
>> can be described that way
> 
> Hmm, ok.  I was hoping that with all the "advanced mode, you probably don't 
> care about this" features, there would be one for this.

You could patch the code (look in build-packet.c) fairly easily if you need 
this.  Out of curiosity, why do you want to use only new packet headers?

David


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Paperkey 1.3

[Werner Koch]

On Fri,  4 Jan 2013 15:27, joh...@vulcan.xs4all.nl said:

> CD/DVD-ROMs are going the way of the floppy disc; flash memory is much
> more reliable than either. Future support of USB ports or memory card

FWIW: Some time ago I copied a bunch of ~25 years old 5.25 floppies to a
disk.  I had only problems with some of the very cheap or the dusted,
wet and oiled ones stored for too many years in my non-heated garage.

Nobody has experience with flash for more than a decade.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

poldi

[Fabio Coatti]

Hi, 
I'm playing a bit with a fsfe card and trying to find a way to use smartcard 
for xscreensaver I've stumbled on poldi references, but the sources seems 
untouched since long time.
before starting to work on a updated ebuild (I'm on gentoo installation), is 
poldi still alive or do we have better way to reach the same goal (basically, 
having xscreensaver and other pam enabled things using the card)?

sorry if the question is silly, but I found no helpful references so far...


--
Fabio

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: "New" packet headers and gpg

[Stephen Paul Weber]

Somebody claiming to be David Shaw wrote:

On Jan 3, 2013, at 9:53 PM, Stephen Paul Weber  
wrote:
tell gpg or gpg2 to produce "new" packet length headers for output?  


No.  GPG automatically uses the old packet headers for those packets that 
can be described that way


Hmm, ok.  I was hoping that with all the "advanced mode, you probably don't 
care about this" features, there would be one for this.


--
Stephen Paul Weber, @singpolyma
See  for how I prefer to be contacted
edition right joseph


signature.asc
Description: Digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Paperkey 1.3

[Johan Wevers]

On 04-01-2013 5:42, David Shaw wrote:

> Paperkey 1.3 is released.

You might want to update the website, it reads a bit outdated.
CD/DVD-ROMs are going the way of the floppy disc; flash memory is much
more reliable than either. Future support of USB ports or memory card
readers seems the biggest concern for me.

-- 
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gnupg not working with RHEL 4

[David Shaw]

On Jan 3, 2013, at 2:37 PM, Anilkumar Padmaraju  
wrote:

> Hi,
> 
> This is an important issue for me.  I would really appreciate, if any one can 
> help.
> 
> Server 1:
> I have a server with Red Hat Enterprise Linux AS release 4 (Nahant Update 5) 
> and having gnupg version 1.2.6.
> 
> 
> When I am trying to import a key, I am getting below problem and the key is 
> not getting imported.  The key is 2048 bits.
> 
> 
> 
> # gpg --import /key.asc
> gpg: DSA requires the use of a 160 bit hash algorithm

This means that you are trying to import a key with a version of GnuPG that is 
too old to understand it.  That key uses a feature (called DSA2) that didn't 
exist in version 1.2.6 of GnuPG.

> Unfortunately, I cannot upgrade Linux on Server 1.  What I have to do to 
> solve the problem with gpg import on Server 1?  

While you don't have to upgrade Linux on server 1, you do need to at least 
upgrade GnuPG.

Go to http://www.gnupg.org/download/ and grab the latest 1.4 version of GnuPG 
(at the moment, it's 1.4.13).  That is the easiest replacement for 1.2.6, and 
will handle that DSA2 key just fine.

David


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Is a document signed with hellosign legally binding?

[Mark H. Wood]

I don't know, but I must say that I'm wary of dealing with unknown
people who are collecting signature samples from all over Europe,
offering a service which seems to accomplish very little and making
disputed claims about its legal effect.

-- 
Mark H. Wood, Lead System Programmer   mw...@iupui.edu
There's an app for that:  your browser


pgpsy88REgYEZ.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gnupg not working with RHEL 4

[Robert J. Hansen]

On 1/3/2013 2:37 PM, Anilkumar Padmaraju wrote:
> This is an important issue for me.  I would really appreciate, if any
> one can help.

The fix is easy: upgrade GnuPG.

Version 1.2.6 is old, really old.  The certificate you're trying to
import uses an algorithm (DSA2) which is relatively new.  GnuPG is
trying to treat this as a DSA certificate and is complaining that it
uses the wrong parameters.

Download and install the GnuPG 1.4.13 source code from:

ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.13.tar.bz2

... and this problem will go away.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

gnupg not working with RHEL 4

[Anilkumar Padmaraju]

Hi,

This is an important issue for me.  I would really appreciate, if any one
can help.

Server 1:
I have a server with Red Hat Enterprise Linux AS release 4 (Nahant Update
5) and having gnupg version 1.2.6.


When I am trying to import a key, I am getting below problem and the key is
not getting imported.  The key is 2048 bits.


# gpg --import /key.asc
gpg: DSA requires the use of a 160 bit hash algorithm
gpg: DSA requires the use of a 160 bit hash algorithm
gpg: DSA requires the use of a 160 bit hash algorithm
gpg: DSA requires the use of a 160 bit hash algorithm
gpg: key ACF6FA22: no valid user IDs
gpg: this may be caused by a missing self-signature
gpg: Total number processed: 1
gpg:   w/o user IDs: 1
#


Server 2:

I have an another server with Red Hat Enterprise Linux Server release 5.5
(Tikanga) and with gncpg version 1.4.5.  On this I am able to import the
same key successfully.

Unfortunately, I cannot upgrade Linux on Server 1.  What I have to do to
solve the problem with gpg import on Server 1?

Do I have to upgrade the gncpg on Server 1 or is there alternate solution?
If I have to upgrade gncpg, to which version of gncpg I have to update?  I
cannot use up2date because the Server 1 is not subscribed to RHN.  So what
will be the alternate way to upgrade without up2date.

Thank you very much,

Anil.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Is a document signed with hellosign legally binding?

[Morten Kjærulff]

Thank you all!

So, a bare email is also legally binding, but it can be hard to proove who
sent it. Same for hellosign.com, it can be hard to proove who really signed
a document there, and it was that fact that confused me, I made "legally
binding" and "proove who signed" the same thing.

/Morten

On Fri, Jan 4, 2013 at 10:50 AM, David P Á wrote:

> The directive refers to two types of signatures on article 2: electronic
> signatures are those like me writing my name on the foot of this email,
> advanced electronic signatures are the ones that require certificates and
> so on. By art 5.1, advanced electronic signatures are equivalent to
> hand-written ones, by art 5.2, though, unqualified electronic signatures
> should not be denied legal validity on the mere grounds that they are
> electronic. So without advising to particulars, especially given the
> possible issues with transposition of the directive into national law, an
> electronic signature of that sort is binding, though of course it is
> possible to question whether it really was issued by the signatory and so
> on.
>
> --David.
>
>
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Paperkey 1.3

[Branko Majic]

On Thu, 3 Jan 2013 23:42:07 -0500
David Shaw  wrote:

> Paperkey 1.3 is released.  This adds ECC key support (both ECDH and
> ECDSA) as well as a few more minor tweaks.
> 
> Source and Win32 binaries are available at:
>   http://www.jabberwocky.com/software/paperkey/

Curious piece of software. Certainly not something that comes to mind
right away for making backups.

I wonder if you could back-up even more by using 2D bar code for an
output?

Best regards

-- 
Branko Majic
Jabber: bra...@majic.rs
Please use only Free formats when sending attachments to me.

Бранко Мајић
Џабер: bra...@majic.rs
Молим вас да додатке шаљете искључиво у слободним форматима.


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users