Re: Batch key creation curve25519 not working in version 2.1.12 Windows

2016-05-06 Thread NIIBE Yutaka 
On 05/07/2016 03:41 AM, Mike Ingle wrote:
> I tried my inputs with eddsa instead of ecdsa and it worked. Not sure if
> there is still a bug to report?
> Thank you for the workaround.

No, it's not a workaround.  It is the correct way to specify the
algorithm.  Well, my description in the previous mail had been bad.
Let me explanation in detail.

In the (forthcoming) OpenPGP standard, we will have a specification
for new key with EdDSA, which has its own algorithm number (= 22).
New algorithm number is required because it's a different thing.  Not
only the curve is different, but also the algorithm is different.

On the other hand, Curve25519 ECDH encryption is considered as an
extension of existing algorighm of ECDH with the specific curve.

Theoretically speaking, we could consider ECDSA with the curve of
Ed25519.  If people really wanted to use it, I'd say, it would be a
bug of GnuPG.  The priority of fixing this (as a bug) is not that
high, though.
-- 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Help needed - again

2016-05-06 Thread Daniel H . Werner 
I sent the following message several days ago and am not sure it actually went.
I am, therefore, sending it again.
Thanks.



It appears that I made a mess of my new install.

I am on a Mac, running OS 10.11.4.
I had been using PGP ( v9.7.1?)  on a previous older Mac but, of course, that 
will not work on OS X.
I downloaded the suite and did the install on my laptop (I did not want to try 
it on the desktop machine until I was sure I could do everything right).
The Keychain was moved from my old machine to the new one. After the new 
install, I opened the GPG Keychain andI saw that I had a sec/pub key set dated 
3 months ago. I assume I mistakenly created that set when I was trying earlier 
to install GPG.

After getting some help from some of you, it appeared that the install was 
good.  I could send an encrypted and signed message to myself and receive it.
Feeling smug and on top of the world, I then sent my public key, dated in 2003, 
 to a colleague with a request that he respond. He did and …  I cannot decrypt 
his message.  I get a prompt telling me that my secret key is missing.

I still have the previous/original secret and public keys. When I tried to 
Import them, I get a prompt telling me:

"It seems that you're trying to import some non PGP related data that can't be 
processed."

I do not know what to do now. Should I Uninstall everything, cancel/revoke all 
the keys and start over from scratch?

Thank you everyone in advance, for your help.

Daniel


___



Daniel H. Werner,
President
Hillsdale Corporation
9 Oregon Yacht Club
Portland, OR 97202  USA
www.hillsdalecorp.com 
Cell: (503) 709-0950  

 
Confidentiality Notice: The information contained in this e-mail is 
confidential and for the intended recipient(s) alone. It may contain privileged 
and confidential information and is covered by Non-Disclosure Agreements. If 
you are not an intended recipient, you must not copy, distribute or take any 
action in reliance on it. If you have received this e-mail in error, please 
notify us immediately. Thank You.
 




___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GNUPG Issues.

2016-05-06 Thread Robert J. Hansen 
> Could anyone please help.

Probably not.  You're using a version of GnuPG that's 14 years old with
many known bugs.  Please upgrade to at least GnuPG 1.4.  If the problem
persists, we can probably help track down what's happening -- but our
ability to help with GnuPG 1.2.1 is pretty minimal.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: (OT) FSF involvement

2016-05-06 Thread Avi 
On Friday, May 6, 2016, Werner Koch  wrote:
>
>
> Not my quote; I can't remember its origin, though.
>

Takeoff of Monty Python & Spanish Inquisition, perhaps?

Avi


-- 
Sent from Gmail Mobile
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Batch key creation curve25519 not working in version 2.1.12 Windows

2016-05-06 Thread Mike Ingle 
I tried my inputs with eddsa instead of ecdsa and it worked. Not sure if 
there is still a bug to report?

Thank you for the workaround.

On 5/6/2016 1:58 AM, NIIBE Yutaka wrote:

On 05/06/2016 05:59 AM, Mike Ingle wrote:
  

Key-Type: ecdsa
Name-Real: t 6
Subkey-Curve: Curve25519
Subkey-Usage: encrypt
Subkey-Type: ecdh
Name-Email: t@6
Key-Curve: Ed25519
Key-Usage: sign
Key-Length: 255
%commit



I got success with this:

Key-Type: eddsa
Key-Curve: Ed25519
Key-Usage: sign
Name-Real: Chuji Kunisada
Name-Email: ch...@gniibe.org
Subkey-Type: ecdh
Subkey-Curve: Curve25519
Subkey-Usage: encrypt
Expire-Date: 0
Passphrase: abcdef
%commit
%echo done


$ gpg2 --list-key chuji
pub   ed25519/3265921F 2016-05-06 [SC]
uid [ultimate] Chuji Kunisada 
sub   cv25519/7CB539CD 2016-05-06 [E]


The Key-Type should be eddsa (not ecdsa).
  



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: (OT) FSF involvement

2016-05-06 Thread Werner Koch 
On Fri,  6 May 2016 16:12, youcanli...@gmail.com said:

> proprietary and/or non-free/non-libre software. I feel people can
> discuss almost anything if handled in a thoughtful, respectful manner.

Take care ... Nobody expects the Free Software police!


SCNR,

  Werner


p.s
Not my quote; I can't remember its origin, though.

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Speading up key generation

2016-05-06 Thread Dashamir Hoxha 
Hi,

We all know that generating new keys currently takes a lot of time,
especially on headless environments. There are several suggestions
on the internet about how to improve this, but most of them are criticized
for making the security weaker (by lowering the quality of randomness
that they generate).

One of the suggestions is to use haveged[1]. I havn't seen any criticizm
about it yet. Is it really safe? If yes, why it is not used by default in
gpg?
Because it indeed improves the time of key generation greatly.

Peace,
Dashamir

P.s. I have started to play with the latest version of GnuPG (2.1)
in Ubuntu-16.04, and I see lots of improvements compared to gnupg-2.0
Some of these improvements make obsolete some of the things
that I have tried to fix with egpg, and this is great, because I don't want
egpg to be a bloated bunch of scripts and tricks, I'd like it to be as lean
as possible.

[1]: http://www.issihosts.com/haveged/
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: (OT) FSF involvement

2016-05-06 Thread Daniel Villarreal 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 05/06/2016 09:57 AM, flapflap wrote:
> flapflap:
>> Peter Lebbing:
>>> On 05/05/16 17:17, Werner Koch wrote:
 Well, this is not an FSF sponsored list.  I never received
 any money or other resources from the FSF.
>>> 
>>> gnu.org lists GnuPG as a "GNU package", a part of the GNU
>>> Project. I kinda assumed that that would imply some form of
>>> involvement of the FSF in GnuPG... be that infrastructure or
>>> other support or whatnot...
>> 
>> I might be wrong, but I thought that the "Thou Shalt Not
>> Advocate Proprietary Software" rule is because of the rules for
>> GNU Projects -- not because of the FSF. They are two different
>> organisations for different purposes. Previously, I believed to
>> have read these rules in the "Information for Maintainers of GNU
>> Software" [0] but could not find it any more.
> 
> I found it, finally, in the guidelines for becoming/submitting a
> GNU package [0]:
> 
> "A GNU program should not recommend use of any non-free program,
> and it should not refer the user to any non-free documentation for
> free software."
> 
> and
> 
> "Since a GNU program is released under the auspices of GNU, it
> should not say anything that contradicts the GNU Project's views."
> 
> IMHO, these are valid positions for a GNU Project.  Non-free
> software is unjust, and thus, should not be recommended (including
> advertisement) -- unless a much higher good (e.g., life and limb
> after a catastrophe) than software freedom is in danger.
> 
> As others have said earlier in this thread, it's fine to discuss 
> non-free software by the above rules, but advertisement is not
> discussion.
> 
> ~flapflap
> 
> [0] https://www.gnu.org/help/evaluation.html

hey flapflap,
I think you're onto something. I think people who care about
open-source/libre software should carefully consider how they mention
proprietary and/or non-free/non-libre software. I feel people can
discuss almost anything if handled in a thoughtful, respectful manner.

Maybe GNU people would consider touching on this topic at
https://www.gnu.org/philosophy/words-to-avoid.html
or some such page?

At the same time, I wouldn't want a "Chilling effect" [1]

[1] Dr.Ian Goldberg
Battling Internet censorship and surveillance
Privacy Enhancing Technologies for the Internet
Cryptography, Security, and Privacy (CrySP) Research Group
University Research Talk
18 February 2016
http://livestream.com/itmsstudio/events/4783392
University of Waterloo
https://uwaterloo.ca/


- -- 
Daniel Villarreal
http://www.youcanlinux.org
youcanli...@gmail.com
PGP key 2F6E 0DC3 85E2 5EC0 DA03  3F5B F251 8938 A83E 7B49
https://pgp.mit.edu/pks/lookup?op=get=0xF2518938A83E7B49

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXLKZOAAoJEPJRiTioPntJ1RsH/1iYry6NPGyBNTtsR6lAa+cP
TBFjEXjyL0rEaE/lAxyQUXTTOUK5IIdp32/AVgCxXgSq/+LLD2w5O5v1LauONOia
O9oYgL5ik450ivP4xNzcwI7aHV5Azw9VoeAG2eLiwh6SG313rE2ubiIVz3dHmK5V
PIALkjw+60hb8u4XvasUT6RzCrzssd2mkhXd2lJNsnUq276CefSe/pfXrG7YJIPg
PgTWpE9gzZ+beUwb6SaAlrukzt5lmlrfaod/SkglOqg0+L07Gb3okPaLw8J34O4O
nqzK5pWS4dxKoyGRerYEggdQqeESZvkliaOZvlJIJM2esV3+qD2JYoyWRzHWGck=
=Sml3
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: (OT) FSF involvement

2016-05-06 Thread Peter Lebbing 
On 06/05/16 15:22, flapflap wrote:
> Previously, I believed to have read these rules in the "Information for 
> Maintainers of GNU Software" [0] but could not find it any more.

Perhaps chapter 13: [1]

> A GNU package should not recommend use of any non-free program, nor should
> it require a non-free program (such as a non-free compiler or IDE) to build.

Furtheron it says:

> Please don’t host discussions about your package in a service that requires
> nonfree software. For instance, Google+ "communities" require running a
> nonfree JavaScript program to post a message, so they can’t be used in the
> Free World. Google Groups has the same problem. To host discussions there
> would be excluding people who live by free software principles.
> 
> Of course, you can’t order people not to use such services to talk with each
> other. What you can do is not legitimize them, and use your influence to lead
> people away from them. For instance, where you say where to have discussions
> related to the program, don’t list such a place.

You could consider promoting non-free services on the mailing list a form of
"legitimiz[ing] them" and the fact that it is not allowed here "us[ing] your
influence to lead people away from them".

Still, the way Werner phrased it:

> I think this is a good rule in general because I started GnuPG as a
> replacement for its proprietary counterpart.  I am not as strict as the
> Boston folks; so it is okay to speak about PGP etc. as long as it does
> not feel like advertising.

Combined with the earlier part of that mail, it doesn't sound to me like he is
doing this to conform to some rule from the FSF or the GNU Project.

Anyway, thanks for pointing us to a written source of the "FSF does not want
this" rule I had never seen written down before!

Cheers,

Peter.

PS: I converted the curly quotes from the gnu.org quote to straight quotes since
we're talking about netiquette and some don't like non-ASCII ;-).

[1]
https://www.gnu.org/prep/maintain/maintain.html#Ethical-and-Philosophical-Consideration

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: (OT) FSF involvement

2016-05-06 Thread flapflap 
flapflap:
> Peter Lebbing:
>> On 05/05/16 17:17, Werner Koch wrote:
>>> Well, this is not an FSF sponsored list.  I never received any money or
>>> other resources from the FSF.
>>
>> gnu.org lists GnuPG as a "GNU package", a part of the GNU Project. I
>> kinda assumed that that would imply some form of involvement of the FSF
>> in GnuPG... be that infrastructure or other support or whatnot...
> 
> I might be wrong, but I thought that the "Thou Shalt Not Advocate
> Proprietary Software" rule is because of the rules for GNU Projects --
> not because of the FSF. They are two different organisations for
> different purposes.
> Previously, I believed to have read these rules in the "Information for
> Maintainers of GNU Software" [0] but could not find it any more.

I found it, finally, in the guidelines for becoming/submitting a GNU
package [0]:

  "A GNU program should not recommend use of any non-free program, and
  it should not refer the user to any non-free documentation for free
  software."

and

  "Since a GNU program is released under the auspices of GNU, it should
  not say anything that contradicts the GNU Project's views."

IMHO, these are valid positions for a GNU Project.  Non-free software is
unjust, and thus, should not be recommended (including advertisement) --
unless a much higher good (e.g., life and limb after a catastrophe) than
software freedom is in danger.

As others have said earlier in this thread, it's fine to discuss
non-free software by the above rules, but advertisement is not discussion.

~flapflap

[0] https://www.gnu.org/help/evaluation.html

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: (OT) FSF involvement

2016-05-06 Thread flapflap 
Peter Lebbing:
> On 05/05/16 17:17, Werner Koch wrote:
>> Well, this is not an FSF sponsored list.  I never received any money or
>> other resources from the FSF.
> 
> gnu.org lists GnuPG as a "GNU package", a part of the GNU Project. I
> kinda assumed that that would imply some form of involvement of the FSF
> in GnuPG... be that infrastructure or other support or whatnot...

I might be wrong, but I thought that the "Thou Shalt Not Advocate
Proprietary Software" rule is because of the rules for GNU Projects --
not because of the FSF. They are two different organisations for
different purposes.
Previously, I believed to have read these rules in the "Information for
Maintainers of GNU Software" [0] but could not find it any more.

~flapflap

[0] https://www.gnu.org/prep/maintain/maintain.html

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Batch key creation curve25519 not working in version 2.1.12 Windows

2016-05-06 Thread Werner Koch 
On Fri,  6 May 2016 10:58, gni...@fsij.org said:

> I got success with this:
> 
> Key-Type: eddsa

To make this more clear: This is e*d*dsa and not e*c*dsa.  The names are
very similar but they are different algorithms.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Batch key creation curve25519 not working in version 2.1.12 Windows

2016-05-06 Thread NIIBE Yutaka 
On 05/06/2016 05:59 AM, Mike Ingle wrote:
> Key-Type: ecdsa
> Name-Real: t 6
> Subkey-Curve: Curve25519
> Subkey-Usage: encrypt
> Subkey-Type: ecdh
> Name-Email: t@6
> Key-Curve: Ed25519
> Key-Usage: sign
> Key-Length: 255
> %commit

I got success with this:

Key-Type: eddsa
Key-Curve: Ed25519
Key-Usage: sign
Name-Real: Chuji Kunisada
Name-Email: ch...@gniibe.org
Subkey-Type: ecdh
Subkey-Curve: Curve25519
Subkey-Usage: encrypt
Expire-Date: 0
Passphrase: abcdef
%commit
%echo done


$ gpg2 --list-key chuji
pub   ed25519/3265921F 2016-05-06 [SC]
uid [ultimate] Chuji Kunisada 
sub   cv25519/7CB539CD 2016-05-06 [E]


The Key-Type should be eddsa (not ecdsa).
-- 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Batch key creation curve25519 not working in version 2.1.12 Windows

2016-05-06 Thread Alexander Strobel 
Am 05.05.2016 um 22:59 schrieb Mike Ingle:
> If I create a key manually I get:
> GOOD
> pub   ed25519/C850D9A5 2016-05-05 [SC]
> uid [ultimate] test 3 
> sub   cv25519/22967908 2016-05-05 [E]
> which works, as the roles are properly assigned to the main and sub key.
> 
> If I create one in batch mode I get:
> BAD
> pub   ed25519/3CC6C1EC 2016-05-05 [SCA]
> uid [ultimate] t 3 
> sub   cv25519/154B8241 2016-05-05 []
> which cannot do anything because the roles are assigned wrong.

Same here but with GPG 2.1.11 already.
Using Brainpool curve it works as expected.


Best regards
 Alex Strobel
 www.gpg4o.com

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: (OT) FSF involvement

2016-05-06 Thread Werner Koch 
On Thu,  5 May 2016 17:52, pe...@digitalbrains.com said:

> kinda assumed that that would imply some form of involvement of the FSF
> in GnuPG... be that infrastructure or other support or whatnot...

The reason for not sharing mailing lists and web sites of GnuPG with
other GNU projects is due to the (former) US export restrictions.

> Or is the shared infra perhaps from after the split between GnuTLS and
> the FSF?

Right.   Nikos asked whether gnupg can host the gnutls stuff after he
got upset with the FSF.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users