[Announce] GnuPG launches crowdfunding campaign
GnuPG encryption project launches crowdfunding campaign Today GNU Privacy Guard (GnuPG) has launched its first crowdfunding campaign [1] with the aim of building a new website and long term infrastructure. The 24.000 EUR target will fund: - Fresh web interfaces for gnupg.org including mobile - Completion and release of GnuPG 2.1 - Anonymous Tor network access to the website - A new user friendly download page suitable for all devices - A new server for web services - New pages convening external guides, videos, and handbooks - Facilities for processing recurring donations for long term project support Project founder and Lead Developer Werner Koch said “GnuPG has seen a huge upsurge in popularity following recent state spying revelations. After 16 years of continuous development, we are now asking for community support to capitalise on consumer demand for privacy, and make GnuPG easy to access for mainstream audiences”. GnuPG is one of the few tools remaining above suspicion in the wake of leaked NSA documents. Edward Snowden and his contacts including Bruce Schneier switched to GnuPG when they began handling the secret documents earlier this year [2]. The Wall Street Journal, The Committee to Protect Journalists, and ProPublica [3] have all embraced GnuPG for protection of staff and sources. Phil Zimmermann, original inventor of Pretty Good Privacy (PGP), has also moved to GnuPG in wake of the news. “GnuPG is a key part of modern privacy infrastructure” said Sam Tuke, Campaign Manager, GnuPG. “Millions of users rely on GnuPG to work securely on servers, laptops and smartphones, but 2013 donations totaling 3.000 EUR to date have not even covered fixed costs. Supporting new algorithms like elliptical curve and fixing newfound exploits fast takes a lot of work which is done voluntarily. Now is the time for people to contribute to making GnuPG slick and more sustainable in future”. Jacob Appelbaum, Tor Project developer, added “GnuPG is important - it allows us the assurances we need to do our work. Community funding is a critical part of a confident outlook for GnuPG in future.” For further information, please contact Sam Tuke. Email: samtuke [at] gnupg.org Phone: +49 176 81923811 [1] http://goteo.org/project/gnupg-new-website-and-infrastructure [2] http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance [3] http://www.cjr.org/behind_the_news/hacks_hackers_security_for_jou.php == About GNU Privacy Guard == GnuPG is a leading cryptography app that protects emails and data from interception. It is developed by a community of Free Software engineers led by Werner Koch. GnuPG is used and recommended by the world’s top security experts, including Bruce Schneier and Phil Zimmermann. It offers best in class privacy free of charge and restriction. Hundreds of companies have integrated GnuPG into their products to perform mission critical security, including Red Hat, Deutsche Bahn, and many others. http://gnupg.org -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-announce mailing list gnupg-annou...@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG launches crowdfunding campaign
Le 19/12/2013 11:08, Werner Koch a écrit : GnuPG encryption project launches crowdfunding campaign Today GNU Privacy Guard (GnuPG) has launched its first crowdfunding campaign [1] with the aim of building a new website and long term infrastructure. The 24.000 EUR target will fund: - Fresh web interfaces for gnupg.org including mobile - Completion and release of GnuPG 2.1 1. this is an excellent news ! 2. take care about one point : It is not very clear on the website campaign that the completion of the GnuPG 2.1 is in the scope of the campaign. If it is really in the scope, it would be necessary to emphasize this point. According to me, for many people, giving money for GnuPG development and giving money for website refresh are not the same thing imho. For the moment, the description and the title of the campaign are quite focused on the website/infrastructure refresh. Bye Christophe - Anonymous Tor network access to the website - A new user friendly download page suitable for all devices - A new server for web services - New pages convening external guides, videos, and handbooks - Facilities for processing recurring donations for long term project support Project founder and Lead Developer Werner Koch said “GnuPG has seen a huge upsurge in popularity following recent state spying revelations. After 16 years of continuous development, we are now asking for community support to capitalise on consumer demand for privacy, and make GnuPG easy to access for mainstream audiences”. GnuPG is one of the few tools remaining above suspicion in the wake of leaked NSA documents. Edward Snowden and his contacts including Bruce Schneier switched to GnuPG when they began handling the secret documents earlier this year [2]. The Wall Street Journal, The Committee to Protect Journalists, and ProPublica [3] have all embraced GnuPG for protection of staff and sources. Phil Zimmermann, original inventor of Pretty Good Privacy (PGP), has also moved to GnuPG in wake of the news. “GnuPG is a key part of modern privacy infrastructure” said Sam Tuke, Campaign Manager, GnuPG. “Millions of users rely on GnuPG to work securely on servers, laptops and smartphones, but 2013 donations totaling 3.000 EUR to date have not even covered fixed costs. Supporting new algorithms like elliptical curve and fixing newfound exploits fast takes a lot of work which is done voluntarily. Now is the time for people to contribute to making GnuPG slick and more sustainable in future”. Jacob Appelbaum, Tor Project developer, added “GnuPG is important - it allows us the assurances we need to do our work. Community funding is a critical part of a confident outlook for GnuPG in future.” For further information, please contact Sam Tuke. Email: samtuke [at] gnupg.org Phone: +49 176 81923811 [1] http://goteo.org/project/gnupg-new-website-and-infrastructure [2] http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance [3] http://www.cjr.org/behind_the_news/hacks_hackers_security_for_jou.php == About GNU Privacy Guard == GnuPG is a leading cryptography app that protects emails and data from interception. It is developed by a community of Free Software engineers led by Werner Koch. GnuPG is used and recommended by the world’s top security experts, including Bruce Schneier and Phil Zimmermann. It offers best in class privacy free of charge and restriction. Hundreds of companies have integrated GnuPG into their products to perform mission critical security, including Red Hat, Deutsche Bahn, and many others. http://gnupg.org -- Christophe Brocas CNAMTS/DDSI/DS| 12, allées Haussmann 33300 Bordeaux (fixe)+33 557.855.355 | (mobile)+33 677.051.901 | 3072R/0x0661CBBA * Le contenu de ce courriel et ses eventuelles pièces jointes sont confidentiels. Ils s'adressent exclusivement à la personne destinataire. Si cet envoi ne vous est pas destiné, ou si vous l'avez reçu par erreur, et afin de ne pas violer le secret des correspondances, vous ne devez pas le transmettre à d'autres personnes ni le reproduire. Merci de le renvoyer à l'émetteur et de le détruire. Attention : L'Organisme de l'émetteur du message ne pourra être tenu responsable de l'altération du présent courriel. Il appartient au destinataire de vérifier que les messages et pièces jointes reçus ne contiennent pas de virus. Les opinions contenues dans ce courriel et ses éventuelles pièces jointes sont celles de l'émetteur. Elles ne reflètent pas la position de l'Organisme sauf s'il en est disposé autrement dans le présent courriel. ** ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG launches crowdfunding campaign
As this is about a crypto project, wouldn't it be adequate to accept payments in crypto currencies? Rgds Richard On Don, 2013-12-19 at 11:08 +0100, Werner Koch wrote: GnuPG encryption project launches crowdfunding campaign Today GNU Privacy Guard (GnuPG) has launched its first crowdfunding campaign [1] with the aim of building a new website and long term infrastructure. The 24.000 EUR target will fund: - Fresh web interfaces for gnupg.org including mobile - Completion and release of GnuPG 2.1 - Anonymous Tor network access to the website - A new user friendly download page suitable for all devices - A new server for web services - New pages convening external guides, videos, and handbooks - Facilities for processing recurring donations for long term project support Project founder and Lead Developer Werner Koch said “GnuPG has seen a huge upsurge in popularity following recent state spying revelations. After 16 years of continuous development, we are now asking for community support to capitalise on consumer demand for privacy, and make GnuPG easy to access for mainstream audiences”. GnuPG is one of the few tools remaining above suspicion in the wake of leaked NSA documents. Edward Snowden and his contacts including Bruce Schneier switched to GnuPG when they began handling the secret documents earlier this year [2]. The Wall Street Journal, The Committee to Protect Journalists, and ProPublica [3] have all embraced GnuPG for protection of staff and sources. Phil Zimmermann, original inventor of Pretty Good Privacy (PGP), has also moved to GnuPG in wake of the news. “GnuPG is a key part of modern privacy infrastructure” said Sam Tuke, Campaign Manager, GnuPG. “Millions of users rely on GnuPG to work securely on servers, laptops and smartphones, but 2013 donations totaling 3.000 EUR to date have not even covered fixed costs. Supporting new algorithms like elliptical curve and fixing newfound exploits fast takes a lot of work which is done voluntarily. Now is the time for people to contribute to making GnuPG slick and more sustainable in future”. Jacob Appelbaum, Tor Project developer, added “GnuPG is important - it allows us the assurances we need to do our work. Community funding is a critical part of a confident outlook for GnuPG in future.” For further information, please contact Sam Tuke. Email: samtuke [at] gnupg.org Phone: +49 176 81923811 [1] http://goteo.org/project/gnupg-new-website-and-infrastructure [2] http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance [3] http://www.cjr.org/behind_the_news/hacks_hackers_security_for_jou.php == About GNU Privacy Guard == GnuPG is a leading cryptography app that protects emails and data from interception. It is developed by a community of Free Software engineers led by Werner Koch. GnuPG is used and recommended by the world’s top security experts, including Bruce Schneier and Phil Zimmermann. It offers best in class privacy free of charge and restriction. Hundreds of companies have integrated GnuPG into their products to perform mission critical security, including Red Hat, Deutsche Bahn, and many others. http://gnupg.org signature.asc Description: This is a digitally signed message part ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
What is the latest version
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I am running enigmail 1.5.2 . Is this old? How can I get the latest? Thanks! -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.21 (GNU/Linux) Comment: MacGPG2 - http://www.gpgtools.org/macgpg2.html Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSsvPLAAoJECrdp7MWSIVbdCgH/1YSseWaWgppLHseMmpN36qW OuiYuGKhctDl/J6EnIvan0RrRoCaixCl57or/xGs3kxgzJYfCnGkIHjpjjOzYfDh lWNHWaFPRoPezjMc/08+TiPz5Ez3SNnI0DKbwlzHBSwyP0HLCUYEkTzEC6I8ndio ZSGZ531beDLyevnakT9pUsuof8XaqdDA/RFbPsqq99mYFc61ZMRImlukXFVENre8 cfwQWbyAjhcDQ2uxCuZBvXRB/eKjh7/FNswuacO5gxaUtJNcTAixPH7UkkmZHCbf v3mbMOk+UjhV/GApGHkFbwJq6P4T8uTyfRk2qCjOtsLHCJp91CQQAFhHOODMzbE= =5ULF -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG launches crowdfunding campaign
* Richard Ulrich ricu...@gmail.com [131219 13:47, mID 1387457142.1836.18.camel@XPS13dev]: As this is about a crypto project, wouldn't it be adequate to accept payments in crypto currencies? I wouldn't consider this a priority. Bitcoin violates one of the fundamental laws of economics and is therefore supposed to crash at some point. Choosing goteo was IMHO a good idea because their system is Free Software and I don't know if they even support BTC et al. Just my €0,02 Martin signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG launches crowdfunding campaign
On Thu, 19 Dec 2013 12:17, christophe.bro...@cnamts.fr said: It is not very clear on the website campaign that the completion of the GnuPG 2.1 is in the scope of the campaign. GnuPG 2.1 will be ready with the new website or even earlier. However, 2.1 won't immediately replace 2.0 (or 1.4) on all platforms I expect that this takes some time. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What is the latest version
On 12/19/2013 8:25 AM, Matt D wrote: I am running enigmail 1.5.2 . Is this old? How can I get the latest? Thanks! The latest Enigmail is 1.6. 1.5.2 is not tremendously old, but it's not the latest-and-greatest, either. Given that you got GnuPG and Enigmail from GPGtools, your best bet is to ask the GPGtools maintainers (politely!) to update the version of Enigmail they include with GPGtools. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG launches crowdfunding campaign
On Thu, 19 Dec 2013 13:45, ricu...@gmail.com said: As this is about a crypto project, wouldn't it be adequate to accept payments in crypto currencies? Agreed. However, we don't have the resources to do that. The new infrastructure topic covers payment options and likely we will accept Bitcoins then. The funding platform seems not to support it yet. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG launches crowdfunding campaign
On Thu, 19 Dec 2013 14:31, go...@fsfe.org said: point. Choosing goteo was IMHO a good idea because their system is Free Software and I don't know if they even support BTC et al. Indeed. After all crowd funding is about community building and thus I consider it the Right Thing to help each other. Goteo is mainly used in Spain but it is worth to get better known. Agreed there a a couple of problems, like missing translations but Goteo has evolved much enough since we first looked at in September, to assume that the remaining problems will soon be fixed. The privacy policy and the terms or services are not translated to English - this is an unfortunate oversight of us. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG launches crowdfunding campaign
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Hi Werner, am 19.12.2013 11:08, schrieb Werner Koch: Today GNU Privacy Guard (GnuPG) has launched its first crowdfunding campaign [1] with the aim of building a new website and long term infrastructure. The 24.000 EUR target ... congratulations, 6 hours after your post, nearly half of that target is pledged. One note: apart from the data privacy statement being not available in english, my concern is invoices - I am self-employed and can just pledge without invoice, but most companies cannot. In the process, I only got the following receipt: FUNDACION FUENTES ABIERTAS (logo) On-line shopping (some other logo) Operation AUTHORIZED Operation number: some number Amount: 35.00 Euros (check mark) Card Payment Data that identifies the operation: (printer symbol) Operation number: some number Amount: 35.00 Euros Date / Time: 19/12/2013 time Authorisation: some number Reference: some long number (payment service logo) ACCEPT One cannot use that as a proof that one donated for something, it does not even state the project the pledge is about. There is also no information on any document to receive later (apart from account / credit card / Paypal statement), not in the Projekt (where it does not belong anyway), but also not in Goteos FAQ Maybe you/Sam should discuss this with Goteo before you start the NEXT round :-) Olav - -- The Enigmail Project - OpenPGP Email Security For Mozilla Applications -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) Comment: Dies ist eine elektronische Signatur - http://www.enigmail.net/ iQGcBAEBAwAGBQJSsx0nAAoJEKGX32tq4e9WBuIL/3Y5b5J4ShPqIWPbXvqJlk+t lkvX9N9TAL7/pSxxfXNqfY2wAxnmdtaRIge3fjFIM7pn+uszarsXxcUyZddHsXMu 8FYQ5eL0lwywb3EJANEiLNyM5rhkDgW+n8fhQYdnpV5Jn0zW0ZIRq0rF+FFrbu84 otuCkgnuXosvwKYUKBMqrzQkqxiB/H5Aq4BHamu3vWWpz0BgVjz+obBmMof1DBZy QWFhLeFytVKV3t3LZOX8lbAiTbComeRzQZnAHQgiwTOO6e69g1E16DvuU7uxzSfP gXUKnJUmsdZ8w8NQCzABSuCk/27TiGg2Nd8e9RPEYCNh4WPOzrdqC1f25teijN/M YbnvZ9BYELn2pTinu2D0X5ByBqxGPtFl2KIkT9AVE7pzyCFPaM/XqTnGO9tWuDgA IM5djN+AIjImxpLgv75wK/QrOMUwuAPayj7dbhnE4L+4GN2e9SrTKP0RwgWRHFkL lyxEAOpSrfd5C61E48iyz7wXcgZBJpTx5XesFfphHA== =PNoZ -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG launches crowdfunding campaign
Hi Werner all Re http://goteo.org The privacy policy and the terms or services are not translated to English - this is an unfortunate oversight of us. http://gnupg.org/ http://goteo.org/project/gnupg-new-website-and-infrastructure http://goteo.org/legal/terms Seems to be in mid edit from Spanish to English, at the 3rd paragraph of section SECOND: TERMS http://goteo.org/legal/privacy All Spanish Here's an automatic translation of privacy to English: http://translate.google.com/translate?sl=estl=enjs=nprev=_thl=enie=UTF-8u=http%3A%2F%2Fgoteo.org%2Flegal%2Fprivacy You might want to suggest to goteo.org it might be quicker for them to use a translater engine then hand correct, rather than translate type all ? I only know of 2 free translaters so far, listed on my http://www.berklix.eu/~jhs/trans/ Other URLs for that page welcome. Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://berklix.com Interleave replies below like a play script. Indent old text with . Send plain text, not quoted-printable, HTML, base64, or multipart/alternative. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG launches crowdfunding campaign
Hi, Maybe my English is a little rusty, but what exactly is a spanking server? From the goteo page: The world's most trusted data encryption tool gets a new website with spanking server, platform and design. Johannes ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg-rsa-key decryption with a mobile
Werner == Werner Koch w...@gnupg.org writes: On Wed, 18 Dec 2013 18:31, sys...@ioioioio.eu said: Here, we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG's current implementation of RSA. The attack can Well that is what I posted a few hours ago to this list ;-). Since you are mentioned in this webpage, do you know by any chance whether gpgsm is vulnerable in a similar way? Uwe Brauer smime.p7s Description: S/MIME cryptographic signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG launches crowdfunding campaign
Johannes Zarl wrote: Hi, Maybe my English is a little rusty, but what exactly is a spanking server? Presumably a contraction from brand spanking new a phrase normal common in England when I grew up there. I think brand spanking new server might also leave nationals of some other international english variant speaking countries (eg USA) non native speakers puzzled. Spanking server will set some grinning salaciously ;-) Shiney/super new or similar might be more internationaly understandable :-) From the goteo page: The world's most trusted data encryption tool gets a new website with spanking server, platform and design. Johannes Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://berklix.com Interleave replies below like a play script. Indent old text with . Send plain text, not quoted-printable, HTML, base64, or multipart/alternative. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG launches crowdfunding campaign
Maybe my English is a little rusty, but what exactly is a spanking server? They omitted the word new. Spanking new is an English idiom for something that's brand-new; it comes from the tradition of spanking a newborn child in order to spur the child into taking its first breath. Something that's spanking new is supposed to be as new as a newborn child. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG launches crowdfunding campaign
I think brand spanking new server might also leave nationals of some other international english variant speaking countries (eg USA) non native speakers puzzled. It's in common usage in the U.S., although I more often hear it without the brand prefix. That said, brand spanking new is not unusual usage over here. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG launches crowdfunding campaign
On Thu, 19 Dec 2013 17:35, j...@berklix.com said: You might want to suggest to goteo.org it might be quicker for them to use a translater engine then hand correct, rather than translate type all ? A reason might be that they have concerns publishing a translation if not done by lawyer. However, the half-translated TOS would contradict this assumption. I only know of 2 free translaters so far, listed on my http://www.berklix.eu/~jhs/trans/ I bet we will eventually hear about the NSA project to track translation engines. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG launches crowdfunding campaign
On Thursday 19 December 2013 10:09:22 Robert J. Hansen wrote: Maybe my English is a little rusty, but what exactly is a spanking server? They omitted the word new. Ah! I should have thought of this. The phrase as a whole is known to me, but without the new it was only nonsense to me... it comes from the tradition of spanking a newborn child in order to spur the child into taking its first breath. ...and I have learned something new today ;-) Thanks, Johannes ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg-rsa-key decryption with a mobile
On Thu, 19 Dec 2013 17:54, o...@mat.ucm.es said: Since you are mentioned in this webpage, do you know by any chance whether gpgsm is vulnerable in a similar way? gpgsm uses Libgcrypt and Libgcrypt employs RSA blinding for a long time now. Thus it is not vulnerable. The reason Libgcrypt has RSA blinding is that it is used by online protocols like TLS were it is easy to mount certain timing attacks in the LAN. With GnuPG these calls of network based attacks are not possible and thus we did not used blinding in GnuPG-1. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG launches crowdfunding campaign
From: Johannes it comes from the tradition of spanking a newborn child in order to spur the child into taking its first breath. ...and I have learned something new today ;-) I didnt know the original derivation either :-) From: Werner I bet we will eventually hear about the NSA project to track translation engines. Seems likely. (Nice that some NSA activity has just been declared un-constitutional (glimpsed on TV)). Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://berklix.com Interleave replies below like a play script. Indent old text with . Send plain text, not quoted-printable, HTML, base64, or multipart/alternative. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Holiday giving
On 07/12/13 05:16, Robert J. Hansen wrote: To show this, I'm going to be making a contribution to GnuPG. And to encourage you to make your own contribution, I will match any contribution you make between now and January 1, 2014. I just donated € 75 to the crowdfunding campaign (and will soon be wearing a nice t-shirt). Will you also match that or are you restricting yourself to the normal Christmassy donations? It's your money, it's your call. Obviously. Here's to a great funding campaign! Peter. PS: By the way, why does goteo.org insist on speaking what looks like Spanish to me? I intended to read the privacy policy, but it insisted on showing me versions I couldn't comprehend. I could get a French one from the language pulldown, but not English. My Accept-Language: is en-gb,en;q=0.7,nl;q=0.3 so that can't be the problem. Perhaps some strange interaction with Privoxy, although I feel strongly that it simply should respect my Accept-Language anyway. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://digitalbrains.com/2012/openpgp-key-peter ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG launches crowdfunding campaign
Seems likely. (Nice that some NSA activity has just been declared un-constitutional (glimpsed on TV)). A district court judge found the program unconstitutional, but his decision is *extremely* controversial right now. I would happily bet cash money on even odds that this decision will be overturned on appeal. I normally don't like to go into detail about legal cases, but what the hell -- given the general interest in this matter, I hope people will forgive me for going off-topic. The problem comes from a 1979 Supreme Court decision, _Smith v Maryland_ (often just called _Smith_). A woman was receiving harassing phone calls, so the police asked the phone company for records about who was calling her. The phone company turned these records over without a warrant. The harasser was arrested and convicted. He appealed his sentence, claiming that the police should have received a warrant. The Supreme Court refused Mr. Smith's petition using logic sort of like the following: 1. If you're asking the phone company to connect you to another phone number, the phone company knows at least your number and the number you're calling 2. This isn't different from asking a friend to drive you to a place: your friend knows where he picked you up and where he dropped you off 3. In #2, the police don't need a search warrant to get that information from your friend -- they just need a subpoena 4. So in #1, the police shouldn't need a search warrant to get that information from the phone company -- they just need a subpoena I personally find this logic simple, elegant and compelling. That doesn't mean I think it's right: it only means I think it's a very serious opinion that is extremely difficult to refute. The government has used this decision (telephone metadata requires no warrant, only a subpoena) on an extremely large scale... such a large scale that it has created a very serious counterargument. If the police are investigating a crime that happened Thursday night, asking your friends where they picked you up and dropped you off Thursday night is not an infringement of your privacy -- but asking your friends for *all* the times they've picked you up and *all* the times they've dropped you off over the last five years would certainly be seen as overreaching and as a gross privacy violation. At least, such is the counterargument. Judge Leon -- appointed by George W. Bush, a fact that will no doubt stun some people here -- was asked to choose between these two opinions. Interestingly, he really didn't choose. Instead he said, ... I cannot possibly navigate these uncharted Fourth Amendment waters using as my north star a case that predates the use of cell phones. He didn't so much agree with the plaintiffs as he found that the _Smith_ decision was no longer relevant to modern life... and that's where the controversy occurs. He's a district judge. Most judicial ethicists would say that where SCOTUS has given clear and unambiguous guidance on an issue, as _Smith_ appears to, a district court has no business overturning SCOTUS's precedent. (To which the immediate rejoinder is, Yeah, because it would've been such a bad thing for some district judge to decide _Dred Scott_ was a stupid decision.) This case is already being appealed. At the appellate level judges no longer look at the facts of the case: they assume the trial court brought all the relevant facts to light. Instead, the judges look at a much narrower set of questions: (a) was the trial fair?, (b) were the laws correctly applied?, and (c) were precedents correctly cited and followed? No one is arguing that Judge Leon was unfair or that the law is being unfairly applied: the entire appeal will revolve around whether _Smith_ still governs. My feeling is that the appellate court will decide _Smith_ still governs, reversing Judge Leon and approving the metadata program. But I also feel it's very likely SCOTUS will grant cert and agree to hear the case, at which point SCOTUS will be revisiting their _Smith_ decision and potentially giving new guidance for how to apply _Smith's_ reasoning to the modern day. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Holiday giving
I just donated € 75 to the crowdfunding campaign (and will soon be wearing a nice t-shirt). Will you also match that or are you restricting yourself to the normal Christmassy donations? On January 6 (the Feast of the Epiphany, the traditional end of the Christmas season) I'll ask Werner how many euros were raised between the time I posted my original message and 11:59pm January 5. Normal donations and crowdfunding will both be matched. Once I get a sum from Werner I will be remitting two separate donations to g10 Code: one will be the matching funds, and the other will be my Christmas contribution. Werner is free to tell the list how many funds were raised, how many I matched, and whether I lived up to my word. However, I'm going to request he keep my (private) Christmas contribution quiet: that's between me and my conscience, not between me and the list. :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Import Raw RSA Secret Key?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hello all, I'm trying to import a raw RSA secret key into GnuPG. I have p, q, d and the creation timestamp, as well as anything else that can be computed from them (n, u, e, etc etc). I've been implementing bits of RFC 4880 in an attempt to generate valid secret key files, but it looks like GnuPG won't import a key unless it has a valid self-signature, and that chunk of the specification is large and looks painful to implement. So how can I best get my (p,q,d,timestamp,n,u,e) structure into a valid GPG key which can be used to sign, encrypt, etc messages? Best regards, - -- Eric Swanson http://www.alloscomp.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSs4r8AAoJEOYgyKdLr10J8iEQAIqDwu6osCiOZgSgXo67EYN8 l2WcUInnxShAlr8Uh5NKMAK8eQIrJyaoNgH4ZQKGBTF6rzStzz5rWoZV6vGpjKZN YqeJN5SH4kJ0gXpo8UsyGgq61JjbDf0VCz1CKKYuVAie66s5k7SfUzBPvMPThYRj T8jKl0oYwZBUZH9x6Pybxral3kphD4QmgEqVhystpVAB28i3084YcO2ZDRtrWVFA 1leeyShFNb2ZV5N/djh6iHV3sazT0TYk/G4dniWkbsRYDzvPPhb9KzVRxN44dsU0 kxd26YlIx9hOrDP4twRFD8g0fRbHh9vLg0UGqV876LudqkDwkzn8ZnO844++gJj1 71JewHoWFqjXD57B/PJULBt5LNejf7fqBCo79NkXR/Bq2oVlaSkyA4dEk+6rpSSj 20sj8pT4SdZB/KOVDdpdOB2DlLU2J5FaJqGhkJZOjSbiXdUXrqgOh0cAkUU6zrsd t6P6IhwyZ8fCsHn2iuo/rsg2Ls7MGyI4aa9KDexgmnf3hpBbKN2tP2710JHCHr1A y3TR+Lk5ILR0JeMmP0fYZa2A9xG/kL/e0HpeD2LQCX+91ivZ7vxoz/3P3IVySWbr mkvBZ1YdvdE4fq2loiR/4uuYJbB2c45t1t++OBm6pGSntv6NTfyJNd2gu5HkNg2i lO2eDOw/y66gfoNRmygj =j92H -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Import Raw RSA Secret Key?
On Dec 19, 2013, at 7:10 PM, Eric Swanson eswan...@alloscomp.com wrote: I'm trying to import a raw RSA secret key into GnuPG. I have p, q, d and the creation timestamp, as well as anything else that can be computed from them (n, u, e, etc etc). I've been implementing bits of RFC 4880 in an attempt to generate valid secret key files, but it looks like GnuPG won't import a key unless it has a valid self-signature, and that chunk of the specification is large and looks painful to implement. So how can I best get my (p,q,d,timestamp,n,u,e) structure into a valid GPG key which can be used to sign, encrypt, etc messages? If you can manage to make a RFC 4880 secret key packet, you should be able to combine it with a user ID packet (either generate one yourself - no crypto needed - or just copy one from another key), and then import the result with --allow-non-selfsigned-uid. That should skip the need for a self-signature. Once you have it imported, you can self-sign it via GPG, using --edit-key xx sign. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What is the latest version
Matt D wrote on 12/19/13, 3:25 PM: I am running enigmail 1.5.2 . Is this old? How can I get the latest? Thanks! According to the raw source of your message, you are running: User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 and X-Enigmail-Version: 1.5.2 (which you already indicated in your post). It seems that this combination is part of the Linux distro you are running. You might update to Enigmail 1.6 by downloading the appropriate release from https://www.enigmail.net/download/index.php and proceed according to the instructions. I think your query might be best answered in Enigmail User's list. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users