Re: General error when creating keypair
On 29/12/2015 11:24 am, Francis Le Roy wrote: > > Hi, > I got a problem generating a key pair, when I run the > code, it return a > General error code :/. > If you could give me a sample on how to gen a key or fix my code it > would be nice :) > As you're using Thunderbird, why not add the Enigmail extension, and let that do it for you simply and automatically? Regards, Bob ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: advice please
On 28/12/2015 10:22 pm, Jay Sulzberger wrote: > > On Mon, 28 Dec 2015, Steve Butler wrote: > >> I see the attached when I do the search in Software Center on Ubuntu 15.10. >> >> >> Stephen M. Butler, PMP, PSM > > Well, I see gnupg in the list, I am not sure whether it is gnupg2 or not. > > gpg is hard to set up. Even after it is set up to do what you > want, your correspondent must also have a working gpg/PGP system, > else you will not be able to communicate using gpg as your > encrypt/decrypt system. The Free Software Forces have, so far, > failed to produce an email crypto system which one billion people > could use. We have a good central armature for such a system, > namely gpg, but the stuff around gpg is in practice very > difficult to use. > I'm not that technical - but I can tell you that basic signing and encryption with GnuPG (what else would anyone want it for?) isn't hard to use at all, even for an ancient old geezer like me. The thing to do is to forget all about command lines and run it from Enigmail within Thunderbird (easiest and best) or the appropriate extension/s within Claws Mail. Most other Linux e-mail clients will do it too - but most other Linux e-mail clients are very poor, in my experience. If, as you imply above, you are looking for a more universal system of encryption, then PGP/OpenPGP certainly isn't the one to use - it is intended to be a "person to person" system used between people known to one another and whose keys can be countersigned with absolute certainty. There is already a system, albeit far from perfect, which lends itself to large scale use and that is the X.509 certificate system - already widely used. Regards, Bob ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to get your first key signed
On 01/10/2015 11:35 am, Peter Lebbing wrote: > On 01/10/15 10:33, Bob Henson wrote: >> There might be a possible exception where there is no individual >> person to meet - the verification signature with software, say. When >> you have downloaded the software from the same, known website for >> some time it might be reasonable to sign the verification key - if a >> tad pointless if it is only really a checksum. > > Well, it doesn't help me at all to know that the developer of said > software indeed has "David Niklas" on his passport. That gives me no > more confidence in the integrity of the software than if he had a > different name. All I need to know is that that piece of software that I > previously trusted has had an update written by the guy or girl I trust, > regardless of his or her name.[1] That's what I was implying when I described it as a possible exception. > I don't understand "it's only really a checksum". The key property is > that it's signed by the same developer each and every time. A checksum > has very different properties, but I might simply misunderstand you. If the program has been altered the signature will fail, will it not? > >> Someone who I had never previously even heard of once signed my old, >> now revoked key - were that person someone "known" to be nasty, it >> would have degraded my key's value. > > No, it should not degrade the key's value. Unfortunately the key's value > is in the eye of the beholder, and that eye is often not fully aware of > the lack of implications an untrusted signature has. An untrusted > signature has precisely one implication: useless baggage. It neither > increases nor decreases the value of the key it has signed. > > One of the people who's key I've signed at a keysigning party gained a > signature by Adolph Hitler. Enter Godwin's Law. Anyway, he revoked the > key. I can understand that. It just looks bad when someone uses the web > interface of a keyserver to look up his key. But it doesn't degrade his > key in any way other than what is a misperception. Only trusted keys > matter. Untrusted keys can be wholly ignored. Even if they are from the > Führer. > >> The best it could have been is totally meaningless. > > It /is/ totally meaningless. And we should educate users that it is > meaningless. Agreed. But a new user who has yet to be educated would baulk at trusting a key signed by Genghis Khan or Atilla the Hun - however they perceived it, they might well refuse to acknowledge the signature as valid and would certainly not sign it or assign it user trust - that's human nature. Human beings are essentially illogical. :-) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to get your first key signed
On 30/09/2015 8:58 pm, Robert J. Hansen wrote: >> I create for myself a gpg key and want to get it signed > > More important than whether your certificate gets signed is who signs > the certificate, who they are connected to, and so on. > > Some people will sign almost anything. People who get a reputation for > signing anything develop a reputation for their signatures being > meaningless. Some people have very strong requirements before they'll > sign. Their signatures are often worth quite a lot of credibility, but > good luck getting them. > > The good news is this *can be done*. I promise. > > The best thing you can do right now is to get involved in the community. > Get engaged in the mailing lists (here, PGP-Basics, Enigmail-Users are > three good ones). And when you post, sign your messages. Over time > people will come to trust that your signature connects to the real you, > even if they can't promise that your name really is David Niklas, or > can't say what you look like. > Whilst that is partially useful, surely it only vouches for the fact that the postings came from the same person and not who that person is - and as such is of very limited use. I have a "newsgroup" key for that purpose - but it is a tad pointless. I think I know the person who calls himself Robert J. Hansen and you have certainly corresponded with someone called Robert H. Henson, but we have no idea who those people are unless we meet. Keys should only ever be signed in person and if the person is not well known to you by sight, with some form of irrefutable photo evidence being presented along with the key signature - a passport, or something carrying equal weight. There might be a possible exception where there is no individual person to meet - the verification signature with software, say. When you have downloaded the software from the same, known website for some time it might be reasonable to sign the verification key - if a tad pointless if it is only really a checksum. Perhaps the same applies to a Certificate Authority key, say. But a signature of any person's key that you have not met and positively verified is worse than useless as it degrades the whole trust process. Someone who I had never previously even heard of once signed my old, now revoked key - were that person someone "known" to be nasty, it would have degraded my key's value. The best it could have been is totally meaningless. Regards, Bob signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GnuPG 2.1
I'm not sure whether I should be asking in here or in the Enigmail group, so I'm trying here first - please refer me to the other group if it is more appropriate. I've just changed over to GnuPG 2.1.x and have been trying out an ECC key too. By and large, it all seems to work well (signatures verify, and encryption/unencryption works fine too) , but whilst sending test messages back and forth to myself using new and old keys for signing and encryption I noticed a couple of odd things, and it would be useful to know if they are related to GnuPG 2.1.x, or Enigmail (or even the ECC key - although that isn't likely). I'm using PGP/MIME for all messages. The first problem is trivial - if I send an HTML message, the signature verifies correctly, but the body of the message vanishes without trace - nothing at all shows up when trying to read the received message. There's an easy answer, I know - don't use HTML. I'm quite happy to do that, but I'm old and I forget :-( The second is a bit of a problem and will look odd if it happens when I send mail to others. Signing a message with either my old key or the new ECC key, and sending it to myself encrypted to both keys results in no problems with the signature or decryption, and the message appears OK. Above, and as part of, the message text, appear two of the message headers:- Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable This would look a bit odd to another recipient - albeit they don't prevent the rest of the message from being read. Why am I asking in here - well it didn't happen with the same versions of Thunderbird/Enigmail and GnuPG 2.0.x . That doesn't mean it isn't an Enigmail thing, of course, and I'm hoping you'll be able to tell me which it is. Please feel free to laugh out loud if I'm missing something stupidly obvious - I did tell you I was old :-) Regards, Bob signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GpgEX for 64 bit Windows test version
On 25/06/2013 9:40 AM, Josef Schneider wrote: > On Tue, Jun 25, 2013 at 9:50 AM, Werner Koch wrote: >> On Mon, 24 Jun 2013 20:18, old...@oldbob.co.uk said: >>> As I can't run the 32 bit version of GPGex anyway on this system, can I >>> not just overwrite the existing copy of gpgex.dll with the 64 bit one >>> and reboot? >> >> Yes, you can. The regsvr32 call is still required. > > But if you do this, the extension won't be available in 32bit > processes! (32bit explorer.exe, file selection dialogues in 32bit > programs, 32bit file managers...) > I put it in a separate directory in the end, so I should have the best of both worlds. I don't think I have any 32bit processes in use - but I'm covered anyway. Regards, Bob ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GpgEX for 64 bit Windows test version
On 24/06/2013 9:01 AM, Werner Koch wrote: > Now you may want to test it out. Note that I also added an About menu > which should always work, even if no UI-server is running. The > translations are not yet included in the ZIP file. > Having finally solved my problem with installation, I've been trying GpgEX this morning and so far all seems to be fine. I've tried all the functions separately, and had no problems at all yet - obviously I'll report back if I get any. Thanks for the help. Regards, Bob ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GpgEX for 64 bit Windows test version
On 25/06/2013 12:53 AM, Henry Hertz Hobbit wrote: > On 06/24/2013 06:18 PM, Bob Henson wrote: > >> When I ran >> >> regsvr32 c:\Program Files (x86)\GNU\GnuPG2\bin\gpgex.dll >> >> it just caused an error, saying "The module "c:\program" failed to load. >> Make sure the binary is stored at the specified path or debug it to >> check for problems with the binary or dependant .dll files. The >> specified module could not be found." > > Try putting double quotes at the start and end of the string, > e.g.: > > regsvr32 "c:\Program Files (x86)\GNU\GnuPG2\bin\gpgex.dll" > > I can NOT assure you that this will work but it probably > will. > That was my problem - thank you for the explanation. > I wished Microsoft had used just "C:/Programs/" instead of > "C:\Program Files\" for %ProgramFiles%. I don't know what > to say about 64 bit other than don't mix / match. Microsoft > could have used "C:/Programs/64/" but that would have made > too much sense. Microsoft wants back-slashes instead of > slashes and a nice mix of punctuation marks in addition to > dot "." plus space characters in all folder and file names. > It doesn't work very well, especially for something done from > cmd.exe instead of the GUI. How bad is it? I COPY 7za.exe > to use it in scripts because I don't want to make registry > changes (%Path%) just to make it work from where it is at. > > Sigh I can see your points. I have only recently started using Linux, and the command line functions are much more logical - however, using two sets is even more confusing. Now I can't remember which way to slash :-) I blame old age - but I get there in the end, with the help of my friends. GpgEx is now working just fine. I used to use another explorer extension ( I forget the name - I think it used to be in Gpg4win?) which stopped being developed so it will be handy to have one again. Regards, Bob ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GpgEX for 64 bit Windows test version
On 24/06/2013 9:01 AM, Werner Koch wrote: > > Hi! > > > > I just uploaded a test version of GpgEX (the GnuPG Explorer Plugin) for > > Windows 64 bit. This is just the bare standalone DLL without an > > installer. If you are using a 64 bit Windows system with Gpg4win, you > > may want to test this DLL: > > > > ftp://ftp.g10code.com/g10code/gpgex/gpgex-1.0.0-beta19-bin.zip > > ftp://ftp.g10code.com/g10code/gpgex/gpgex-1.0.0-beta19-bin.zip.sig > > To install the DLL please unzip the ZIP file and as Admin store the DLL > > as > > > > c:\Program files\GNU\GnuPG\bin\gpgex.dll > > On my Window 7 64bit system, GnuPG 1.4.13 installed itself in c:\Program Files (x86)\GNU\GnuPG\ - the 32bit section. When I installed Gpg4win, the installer offered install GPG2 in that same directory, but I added a 2 to keep the two separate, ie. it was installed in c:\Program Files (x86)\GNU\GnuPG2\ Your instructions above point to the \bin directory under the 64 bit Program Files directory, not the 32bit. I assumed that I needed to have gpgex.dll along with the other files and installed it in the \bin directory with the rest of my gpg2 files ie. under c:\Program Files (x86)\GNU\GnuPG2\bin\gpgex.dll. Should I have created a new directory under the 64bit Program File directory just for the one new file? When I ran regsvr32 c:\Program Files (x86)\GNU\GnuPG2\bin\gpgex.dll it just caused an error, saying "The module "c:\program" failed to load. Make sure the binary is stored at the specified path or debug it to check for problems with the binary or dependant .dll files. The specified module could not be found." It looks to me as though the regsvr command is looking for a program to run called "c:\program"? As I can't run the 32 bit version of GPGex anyway on this system, can I not just overwrite the existing copy of gpgex.dll with the 64 bit one and reboot? What should I try if not, please? Regards, Bob ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 1.4.13
On 14/05/2013 10:24 AM, Laurent Jumet wrote: > > Hello Bob ! > > Bob Henson wrote: > >>> ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.13.exe > >> Thanks very much - duly installed. > > I'm using this for my own, you may find it useful too: > > http://www.pointdechat.net/MyMan_GnuPG-1413.pdf > Duly downloaded - thanks. Regards, Bob ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 1.4.13
On 13/05/2013 10:11 PM, Robert J. Hansen wrote: > On 05/13/2013 07:57 AM, Bob Henson wrote: >> I've only just rejoined the list, so I'm sorry if this has already been >> asked. Is there a Windows binary for GnuPG 1.4.13 yet? > > ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.13.exe > > Enjoy! > Thanks very much - duly installed. Regards, Bob ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GnuPG 1.4.13
I've only just rejoined the list, so I'm sorry if this has already been asked. Is there a Windows binary for GnuPG 1.4.13 yet? I had a look on the site and the only reference to Windows that I could see was for Gpg4win, which only uses V.2 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Question about GnuPG Shell 1.0
John Clizbe wrote: > John Clizbe wrote: >> Allen Schultz wrote: >>> Csabi wrote: I have Windows XP with GnuPG 1.4.9 installed. >>> ... GnuPG not installed on your system. Please, install it first. >>> Have you set the System PATH and then tried the installation again? Is >>> it possible GPG Shell uses PATH and other windows settings for looking >>> for GnuPG? >> "GPGshell" is a different tool. GPGshell is closed-source (likely VB) and >> Windows-only. The OP was asking about "GnuPG Shell", >> http://www.tech-faq.com/gnupg-shell.shtml, which is cross-platform and has >> source available as well as pre-built executables for Debian, Redhat, and >> Windows. >> >> That distinction made, setting the PATH environment variable is probably a >> good >> start, either at a user or a system level for Windows. It's still possible >> that >> the Windows build of "GnuPG Shell" checks values in the registry, but those >> should have been set correctly if GnuPG was installed with the Windows >> installer. > > Checked the source tarball for GnuPG Shell... > > The NSIS installer script for the Windows build of "GnuPG Shell" is checking > for > the value "Install Directory" in the Windows registry under > HKLM\Software\GNU\GnuPG to determine if GnuPG is installed. > The Windows installer from GnuPG.org > [ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.10b.exe] correctly sets > this > value. > > Try re-running the GnuPG installer, then running the GnuPGShell installer. I think, from memory, you get the same error message if the keyring is not available at that directory. If the OP has his keyrings elsewhere than in the GnuPG directory, he may need to set/reset the registry so HOMEDIR points to the correct directory. I wonder if that might be the case? Regards, Bob ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problems changing hash algo for clearsign
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Tyler Spivey wrote: > and I can force it with --digest-algo sha256. Add just "digest-algo SHA256" (without the parentheses) to your gpg.conf file. Regards, Bob ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQEcBAEBCAAGBQJKBuuHAAoJEJ3GodtqGtFCgzwH+QF3fnU9tk1EpcEufwfzdZeW X2sZm6AzRSdd1m+WB3mUQfl7sq1nACEgY/hTG7lQxYZ+P+YAgrKKpNEkKHweXR++ Ka7YmXX7oZOK5RIzwJAwxtDqCKQEM/VqXqybuTs8psGr9H+tobzqtBwx79bU1/u+ 0mfouKz9NknqXWN/b2Ek1SWke2jTyHaQqxZ+6WJDgb1iy7c35pIb43SauwKGTMUc JLIYR/q5aV1X1O614juiZYSIlrBpVySA2Kq6/eAHYKfRsTxaAK5/o7umASYBdSEf 3JvGLjGtN8D6tuReeOR0mKzF74J4QvHyHIdZSid8/BobhPpAIo/aJqnviMMPeSY= =bYAM -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Basic file signing question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jack Kaye wrote: > I have what is probably a very basic question but for some reason I > can't seem > to find the answer anywhere online and was hoping one of you GnuPG > boffins could > assist here. GpGee will do it if you don't want to use command lines every time. http://gpgee.excelcia.org/ Regards, Bob -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQEcBAEBCAAGBQJIyNxqAAoJEJ3GodtqGtFC4EQIAKgxIneZapvxZ2y8RFO5UKUm WOK7lz94GcvK/NzdZoQ0nxagJgfW5AJMD6zcaiq/vZnGQuXvBImHYFo4xLRJ3VHu jwQpRR5qmvXkEByg15uOErS1F4zNaMhsJMmvZsaEkq3aLek3YeBxuo1+Hd6+nAmV nXQQk0x0ozSlUyvYaj8r+CgvRAK4nKM00WqW7fJT5gEBbU+2soO03zGPfVYW+vUY gST8VzPSSbitjdvn98JG77QrVk57uovSkhszCD/t0GiFe6ZsbIvvXLDY6U8s/rXg 8hQ3hxKjiUqG0xrjkKfIZ2P682gblfTCAOqqS6V7SlNfjZPrQ4N3dHSkwUEiKbE= =/obE -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Server problem?
Charly Avital wrote:- > Bob Henson wrote the following on 12/22/07 7:07 AM: >> Is there a problem with the server sending messages to the list? Headers >> are appearing in Thunderbird as usual, but clicking on any message in >> the list gives a delay (presumably in downloading) of a couple of >> minutes at least, during which Thunderbird reports that it is not >> responding - eventually it does. All my other mailing lists from other >> sources are working just fine and at normal speed, and I've just checked >> my broadband speed which is also OK. > Your e-mail is the first one I have received from the list's server > since yesterday evening. > > There was no problem downloading and opening it, and verifying its > signature. Mere seconds. > > Are you running some kind of firewall or network monitoring software > that might be interfering specifically with the list's server? Hmm, quite odd, all seems to be OK now - don't you just love intermittent problems! I'm not running any firewall type software at all (apart from windows firewall, buts that has always been there) - but I did wonder if my ISP might be doing something odd with mail connected with OpenPGP. Encrypted messages (to myself, as tests) normally tend to take a a little longer than normal to return here (maybe while their anti-virus software gives them a good going-over), but signed or plain text ones have never had a problem before. After I posted the message, and before reading yours, I deleted everything in the directory that gnupg-user messages are stored in, so it may be that a grunged message was causing the problem and I've now cleared it by deleting and compacting. It was unlikely to be at my ISPs server end, because all other mailing list were OK. Anyway, so long as it stays this way, I'm not going to spend much time on it. However, thanks for spending some of your time to reply - as my Grandma used to say "a bit of help's worth a lot of pity". Regards, Bob signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Server problem?
Is there a problem with the server sending messages to the list? Headers are appearing in Thunderbird as usual, but clicking on any message in the list gives a delay (presumably in downloading) of a couple of minutes at least, during which Thunderbird reports that it is not responding - eventually it does. All my other mailing lists from other sources are working just fine and at normal speed, and I've just checked my broadband speed which is also OK. Regards, Bob signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keyserver name command
David Shaw wrote:- >> syntax. Do I need a full URL, or will just "minsky.surfnet.nl" suffice? >> If it needs a full URL, how is the URL for an SKS server constructed? > > gpg --edit-key (the-key) > keyserver hkp://minsky.surfnet.nl > (type your passphrase) > save Thanks David (& Ron) for the gen. It was the hkp:// prefix of which I was unsure - I did a bit of googling and couldn't find the relationship between the various schemes and the particular keyserver types. I'll away and fix it now. Regards, Bob signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Keyserver name command
Two of my keys have keyserver names built in by using PGP's simple key editing UI. I haven't got PGP installed now, and wanted to change the keyserver using "gpg --keyserver name", as the server in the keys has now disappeared or no longer functions. I'd like to either remove it altogether and not have a specific preference, or change it to the SKS server at minsky.surfnet.nl (seems to be the best/fastest at the moment), but even after reading the man page I'm not sure of the command syntax. Do I need a full URL, or will just "minsky.surfnet.nl" suffice? If it needs a full URL, how is the URL for an SKS server constructed? Would running the command with no parameters at all remove the current name? Regards, Bob signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [GPGol] GPGol won't install
Werner Koch wrote > On Wed, 10 Oct 2007 15:18, [EMAIL PROTECTED] said: > >> Apologies if I wasted anyone's time - I found the problem. The installer >> does not force a reboot after running and that's what it needed to get >> the new files to show up. A note for the developers though, it would be > > The installer offers to reboot if a reboot is required - thatis if a > file already exists and is in used (e.g. gpgex.dll which is loded by > explorer or gpgol.dll wwhen outlook is running). When I exited to the GnupG directory and ran gpg --version I did not notice the gpg2.exe files there - it may well be they were there and I did not notice them though, as I have to admit to not having looked thoroughly. From my position of ignorance I suppose I was expecting gpg.exe to be the new versions 2 file - I did not realise it was a separate file. Had I thought a bit more at the time, I would have remembered that both versions can run alongside each other hence their must have been two files. > Reboot is not required in other cases - that's the theory. If you can > describe again what files don't show up, I can change the the installer > to ask for a reboot. Rather than the files being missing (which I think I've explained above) there were no menu entries or configuration tab etc in Outlook, so I *assumed* it had not installed at all. It was after the reboot and when the GnuPG configuration tab eventually appeared in Outlook that I looked further, and in browsing for the key manager file (under "advanced") I realised the GPG 2 files were all there. >> (unless anyone knows better?). I tried to change Outlook's "send and >> receive" preferences, but clicking the menu item had no effect at all. I >> had to re-boot the computer again to restore its normal functionality. > > Sometimes an outlook instances is running for some time after beeing > closed. That could be the source of your problem That could well be - but I am well out of my depth here, so it did not occur to me. > GnuPG is not really supported yet - we merely install the command line > utilities. Well, all seems to be well now anyway, and it is a good point to thank all concerned for providing all these utilities for us. Your work is much appreciated. Regards, Bob signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [GPGol] GPGol won't install
Apologies if I wasted anyone's time - I found the problem. The installer does not force a reboot after running and that's what it needed to get the new files to show up. A note for the developers though, it would be a good idea to add the option for an automatic reboot - most programs do that if it is necessary. I didn't see that mentioned in the instructions either - but, of course, I may have missed it somewhere. Anyway, I think I've got it all running OK now. I did hit a problem with Outlook after installing and setting up GPGol - but it may not have been connected, perhaps just a co-incidence (unless anyone knows better?). I tried to change Outlook's "send and receive" preferences, but clicking the menu item had no effect at all. I had to re-boot the computer again to restore its normal functionality. It certainly hasn't happened before. Regards, Bob > I have been using GnuPG/Enigmail for some time. I just tried to install > GPGol into my copy of Outlook 2003 SP2 using GPG4Win, with no success. > GPA installed and seems to work fine using my existing keyrings. I > repeated the install twice, but no trace of GPG appears in Outlook. I > just checked and it appears that that GnuPG 2.x has not installed either > - typing gpg --version in the gnupg directory shows 1.4.7. Where should > I start looking for the problem? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
[GPGol] GPGol won't install
I have been using GnuPG/Enigmail for some time. I just tried to install GPGol into my copy of Outlook 2003 SP2 using GPG4Win, with no success. GPA installed and seems to work fine using my existing keyrings. I repeated the install twice, but no trace of GPG appears in Outlook. I just checked and it appears that that GnuPG 2.x has not installed either - typing gpg --version in the gnupg directory shows 1.4.7. Where should I start looking for the problem? Regards, Bob signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New Windows Binary?
Werner Koch wrote > On Sat, 15 Jul 2006 21:43, Bob Henson said: > >> I read some days ago on the GPGee forum that a new Windows binary would >> be released to correct the change in GPG 1.4.4 that broke GPGee. Is it >> around/about to appear? I have some files encrypted using GPGee and > > No. However, I released gpg4win 1.0.4 today with a patched version of > gpg. You might want to take the gpg binary from that package (use the > light installer). Thanks, Werner. I'll get that a.s.a.p Regards, Bob signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
New Windows Binary?
I read some days ago on the GPGee forum that a new Windows binary would be released to correct the change in GPG 1.4.4 that broke GPGee. Is it around/about to appear? I have some files encrypted using GPGee and can't get at them until the problem is fixed - for some reason I can't decrypt them using GnuPG alone - probably my ineptitude, but either way round it would be good to have the fix. Regards, Bob signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keyring Directory
Alphax wrote > However, the "best" fix on Windows is in the registry: > > [HKEY_CURRENT_USER\Software\GNU\GnuPG] > "HomeDir"="C:\\Documents and Settings\\Username\\Application Data\\GnuPG" > "OptFile"="C:\\Documents and Settings\\Username\\Application > Data\\GnuPG\\gpg.conf" That worked just fine - all that was necessary was to change the homedir entry. I had a minor problem in that I was trying to set the path to a Truecrypt volume which kept moving drive numbers; however once I found how to set the Truecrypt volume to the same, fixed, drive letter all was well. Regards, Bob signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Keyring Directory
Would someone kindly confirm the gpg.conf line for setting the keyring directory elsewhere than the standard one, please. As far as I can see, the --homedir command sets the directory for the executable files, but I'm not sure what to set to move the keyrings to another path to the standard (Win XP) path of ./application data/gnupg. Maybe it's an environment variable needs setting? Regards, Bob signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: auto-key-locate pka (gpg version 1.4.3)
David Shaw wrote >> >> >> That's very bad, as I downloaded the official binaries from gnupg.org. >> >> >> Will there be a different version that supports this new feature? I >> >> > >> >> > We don't support DNS queries under Windows right now. Windows does >> >> > not provide the usual resolver library so we would need to write >> >> > special code for Windows, which has not yet happen. >> >> >> >> Does the same apply to the ability to cross-certify, Werner, or is that a >> >> different matter altogether? I get no response here - not even an error >> >> message - gpg just sits there asking for a command. >> >> > Cross-certification and PKA/CERT are unrelated to each other. >> >> I realise that, what I was asking was did the problem also relate to the >> Windows build - in other words, was I wasting my time trying to get it to >> work as the OP was with his (different) problem. >> >> > What (public) key were you trying to cross-certify? >> >> All five of my keys - FBA06282, 31C737BD, 8FD7EAA9, A9732CF4 and 9652ABDA > > I think there is a misunderstanding. None of those keys have signing > subkeys. Cross-certification is meaningless without a signing subkey. OK - the usual problem - lack of knowledge on my part. I saw a post suggesting subkeys should be cross-signed, mine had subkeys, so I just assumed that was what was under discussion. In my own defence, it's fair to say the lack of good documentation (or documentation simple enough for me to understand) doesn't help those of us less technical. My apologies for wasting your time. Regards, Bob signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: auto-key-locate pka (gpg version 1.4.3)
David Shaw wrote >> >> That's very bad, as I downloaded the official binaries from gnupg.org. >> >> Will there be a different version that supports this new feature? I >> > >> > We don't support DNS queries under Windows right now. Windows does >> > not provide the usual resolver library so we would need to write >> > special code for Windows, which has not yet happen. >> >> Does the same apply to the ability to cross-certify, Werner, or is that a >> different matter altogether? I get no response here - not even an error >> message - gpg just sits there asking for a command. > Cross-certification and PKA/CERT are unrelated to each other. I realise that, what I was asking was did the problem also relate to the Windows build - in other words, was I wasting my time trying to get it to work as the OP was with his (different) problem. > What (public) key were you trying to cross-certify? All five of my keys - FBA06282, 31C737BD, 8FD7EAA9, A9732CF4 and 9652ABDA Regards, Bob signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: auto-key-locate pka (gpg version 1.4.3)
Werner Koch wrote > On Sun, 09 Apr 2006 08:33:39 +0200, Dominique Leuenberger said: > >> That's very bad, as I downloaded the official binaries from gnupg.org. >> Will there be a different version that supports this new feature? I > > We don't support DNS queries under Windows right now. Windows does > not provide the usual resolver library so we would need to write > special code for Windows, which has not yet happen. Does the same apply to the ability to cross-certify, Werner, or is that a different matter altogether? I get no response here - not even an error message - gpg just sits there asking for a command. Regards, Bob signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPGOL breaks Enigmail
Werner Koch wrote > On Mon, 23 Jan 2006 19:43:11 +0000, Bob Henson said: > >> Anyway, thanks to everyone for the help. Now the only problem is to get rid >> of the bits of GPGOL left in Outlook - every time I run it I get an error >> message telling me it can't find the GPGOL .dll file - hardly surprising > > You need to unregister it. Type > > regsvr32 /u gpgol.dll > > Obviously you need to have gpgol.dll available. Outlook also offers > an option to disable non-working plugins; you may use this as a > workaround. I found and applied the work-around. Now I'll try the unregister. Thanks very much, again, for your help. Regards, Bob signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Trouble with enigmail and Thunderbird 1.5
Jean-David Beyer wrote > I have recently switched ISP, but I also upgraded Thunderbird at the same > time. > > Now when I get a gpg signed e-mail, I supposedly can check the pen? and it > will offer to download the key, giving me a choice of keyservers. I > generally pick random.sks.keyserver.penguin.de > > But now, when I do that, it just buzzes around and never downloads the key. > I looked at my firewall, and it is not blocking it. I tried it manually with > > gpg --keyserver keyserver.kjsl.com --recv-key 0xF621EDAD > > for example, and it worked fine. > > Is this a known problem? Or should I find a Thunderbird newsgroup to ask? > And if so, which one? > I use Thunderbird 1.5/GnuPG/Enigmail and haven't had any major problems ( I just downloaded your key quite quickly from random.sks.keyserver.penguin.de a minute or two ago) but I have noticed that server to be intermittently slow during the last few days - I recall one one occasion changing server to get a key quickly. I put it down to the server being busy or under repair or whatever. I haven't seen any mention of problems in the Thunderbird support newsgroup or forums, so it may just be a coincidence that the server had problems just as you switched to TB. On the other hand, encryption doesn't get discussed much in the forums. Sorry that's not very positive. Regards, Bob signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPGOL breaks Enigmail
Neil Williams wrote > On Sunday 22 January 2006 8:35 pm, Bob Henson wrote: >> I decided to try GPGOL for the few occasions that I use Outlook. >> Unfortunately, since installing it, Enigmail's Key Management shows an >> empty screen and I cannot use GnuPG via Enigmail at all. How do I get out >> of this, please? In desperation I removed all the programs and registry >> entries that I could find relating to GPGOL, but it hasn't helped. > > Check that your own keys are still set to ultimate trust, then run > $ gpg --update-trustdb > (It should find and re-import the old trust settings once your own key(s) > is/are ultimately trusted again). > > I had this problem once or twice with Kgpg - the key management GUI front-end > for KDE - when I upgraded to KDE 3.5. It shouldn't happen but Luckily, the key-ring was only "lost" not damaged and all the trust levels etc appear unchanged - does it still need running? I don't suppose it will do any harm to run it anyway, just to make sure all is back as it was? Regards, Bob signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPGOL breaks Enigmail
Patrick Brunschwig wrote > Werner Koch wrote: >>> On Mon, 23 Jan 2006 09:25:18 +0100, Patrick Brunschwig said: >>> Does GPGOL install gpg, or does it modify the path to the GnuPG home directory? >>> >>> Yes, it installs gpg into the same location as the new installer of >>> gpg does. The HOMEDIR is the user specific directory. >>> >>> c:\Program files\gnu\gnupg\gpg --version >>> >>> should show the homedir. > > So, possibly the HOMEDIR could have changed, which would result in an > "empty" keyring. > > Bob, if your keyring is originally stored in C:\Gnupg, then you should > move it to the directory that "c:\Program files\gnu\gnupg\gpg --version" > will tell you. > > -Patrick That's exactly what had happened. GnuPG was looking for the keyring in its own directory, c:\program files\gnu\gnupg, rather than under the user specific directory where the keyring lives normally. I'm not used to using it from the command line, but I saw that in the gpg directory there were 0 byte keyrings so I deleted them, then ran the --list-keys command and it recreated them. Assuming, therefore, that it had "lost" the directory, I read back in the install notes and found the appropriate registry key and reset it to point GnuPG back at my keyrings and voila! - all was well. Anyway, thanks to everyone for the help. Now the only problem is to get rid of the bits of GPGOL left in Outlook - every time I run it I get an error message telling me it can't find the GPGOL .dll file - hardly surprising because I deleted it. It looks as though there are a few registry entries I haven't found and deleted yet. Still, now everything is working again that's the least of my worries. Regards, Bob signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GPGOL breaks Enigmail
I decided to try GPGOL for the few occasions that I use Outlook. Unfortunately, since installing it, Enigmail's Key Management shows an empty screen and I cannot use GnuPG via Enigmail at all. How do I get out of this, please? In desperation I removed all the programs and registry entries that I could find relating to GPGOL, but it hasn't helped. Regards, Bob ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Delete key from keyserver
David Shaw wrote: > On Sat, Oct 22, 2005 at 06:26:51PM +0200, B. Kuestner wrote: > >> all: Joe Smith has no way of fixing the situation, even if he is >> legitimate owner of the [EMAIL PROTECTED] e-mail address. >> >> It strikes me, that GNU-supporters would bash MS (or for that reason >> any vendor of proprietary software) for dishing out once more a >> thoughtless, immature and insecure software design. >> >> I understand it must not be simple to revoke or disable keys. But it >> shouldn't be impossible either, especially in the light of anybody's >> capability to put public keys under my name on the server. >> >> Am I missing something? >> >> >It's an inherent scaling problem of the keyserver net. I've >> >seen estimates that the majority of the keys on the keyserver net are >> >not used for one reason or another, but can't be deleted. Even with >> >the garbage keys, the keyserver database isn't too large to be served >> >though. >> >> Well, my issue is not so much with the keyservers. I guess with >> faster and more hardware this scheme could be maintained for decades. >> >> But if the keyservers are not directories to look up public keys, >> then what are they? And if they are meant as directories, how good >> are they if they are flooded with garbage keys. >> >> >The PGP company is running a different sort of keyserver at >> >http://keyserver.pgp.com. This type of keyserver allows you to remove >> >keys if you can prove (by answering an email challenge) that you have >> >access to the email address on the key. This keyserver obviously does >> >not synchronize with the others, however. >> >> Can gpg use this keyserver? It is listed in the settings of my MacPG. > > GPG can use this keyserver. Just set: > > keyserver ldap://keyserver.pgp.com > > in your gpg.conf file (or whatever GUI you happen to be using). > >> Is using this server recommendable for everybody? > > This is a harder question. I would unhesitatingly recommend it for > beginning users. It's also useful for any level user who wants to > simplify the whole key selection process - it guarantees there is only > one key per email address. If you want to mail to a particular > address, there is no question which is the "right" key, as there is > only the one key there. > > I believe it is also the default keyserver for PGP users. > > Some people do not like this server as it does email address > verification (via sending a mail to the email address on the key, if > any), and then signs the key. These signatures are reissued every 2 > weeks or so if people keep requesting the key. The list of signatures > can get long. Both PGP and GPG have features to delete the expired > ones. > > David That's not the only reason though. The PGP Global Keyserver is dangerous, as well as a nuisance, for a number of reasons. As it only shows one key on a search for a users name, it might cause people to miss a revoked key and continue using it. Similarly, because it doesn't synchronise with other servers, such a key could be missed. My key was on there because I tried PGP 9.x and it puts it there without asking - most undesirable in itself - but at least by ignoring the requests to repeat the e-mail verification it should have been removed by now. The "verification" is dangerous in itself, since people may rely on the server signature for trust - which is not a good idea for obvious reasons - anyone could upload a key from a particular address, and e-mail verification *alone* is of little value. If anyone *does* use it, whatever you do *don't* sign the PGP verification key, as it will impart an unwarranted trust to other keys signed with the same key. My advice (shared by many more knowledgeable than I) would be to steer clear of it at all costs. Regards, Bob signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Delete key from keyserver
[EMAIL PROTECTED] wrote: >> If you want a formalised external method of identity verification, consider >> using x.509 and people like Thawte will provide an alternative to GnuPG's >> personal (face-to-face) methods. >> > Actually, at one point in time I did think about getting myself a "real" > X.509 certificate and use it as "my own CA" certificate by which I sign > my other ad-hoce keys as I see fit. The thing I don't like about commercial > X.509 certificates is their short lifetime. It's a pure ripoff and no-work > money generator for the CA, after you get your 1st certificate. You don't have to pay for X.509 certificates, not for personal use any way. Thawtes issue free personal certificates, and so do CAcert. http://www.cacert.org/ The latter publish their Root Authority PGP key on their website, which you can import to your keyring and use as a partial "bridge" across the two types of verification. For example, with their PGP key on my keyring, if I sign (locally, I cannot credit it with sufficient trust to sign with an exportable signature, since I cannot meet with them and fully verify it) their key it assigns a degree of trust to John W Moore III's key, since his key has been signed by their key already. One of my keys has been signed by Thawtes (they don't do this any more - I guess for commercial reasons) so there is a partial bridge there to another system. However, the only key on my keyring which is fully trusted is Neil's, since we have met up and correctly verified our keys. > I have yet to play a bit with gpgsm and see how well can you mix PGP and > X.509 keys. I.e. can I use my X.509 cert to sign other people OpenPGP keys? > Can I at least re-use the X.509 private key for my own OpenPGP key? I haven't used gpgsm, but I have fully functional X.509 key pairs on my key ring and can sign OpenPGP keys with them. If you have a running copy of PGP on your system you can import X.509 certificates to PGP and then export them as armoured ASCII files, which you can then import straight into OpenPGP. BTW, do you live anywhere near Pula? If so, and you can wait for another year till I make my annual visit to my friends there, we might be able to solve part of your problem with not being able to meet people to countersign any keys. The downside is, I haven't got many signatures on mine either, so it's no big deal :-( Regards, Bob signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Importing keys
Mica Mijatovic wrote:
> Was Wed, 14 Sep 2005, at 10:42:10 +0100,
> when Bob wrote:
>
>>> I can't find anything in the man page about key import file formats.
>>> Other than ascii files, can GnuPG import any other file formats and if
>>> so what?
>
> Every file containing a valid key data can be imported by GnuPG,
> regardless the file extension and the file format.
>
> As I know there are only two formats: ascii ("armored"), which is
> actually a plain text format, and the binary format (the one not very
> readable by a human).
>
> GnuPG (as a genuinely *nix application) reads and recognizes actually
> the file format primarily and doesn't pay attention at its "extension"
> (as is the case with Windows).
>
> Usually, extensions for these formats are:
>
> ascii binary
> = ==
> .txt .gpg
> .asc .pgp
> .sec .sigetc.
> .pub
> .rev etc.
>
> GnuPG also can read (import) properly even if a file has no any
> extension, and/or if a file has _any_ extension, even mangled one or
> completely arbitrary one.
>
> It will, for instance, properly import a valid key data even if a file
> is with extension key.jpg (mangled extension), key (no extension) and
> key.fricassee (arbitrary extension).
>
> (PGP, though, as an exclusively Windows application, will be deluded by
> such extensions, and will say it doesn't recognize the file format, even
> without reading it, so that will import nothing.)
Thanks, that's what I was trying to find out. I was confused by all the
formats (and their extensions) for sharing information - .pfx .p7b .cer etc.
I was trying to use data from Windows and import to GPG. As you remark, the
extension is irrelevant, so long as the file is DER encoded binary (
possibly base 64 as well? - I haven't tried that). I have managed (don't ask
me how) to get what appears to be a working x.509 certificate from Thawtes
onto my GPG keyring, and have self signed it. I thought I'd have a go at
getting another onto the keyring, but didn't know what format to export it
from Windows. It would appear that I can only export the *public* keys from
the X.509 certs as binary files - the key pairs will only export in .pfx
format, which GPG won't import, so I guess it's some sort of Windows
proprietary format.
This is more or less for academic interest only, and I am only able to work
on an empirical basis, not understanding the technicalities involved - but
when, as I am, you're crocked and stuck indoors and have nothing else to do
it seemed like a good idea :-)
Regards,
Bob
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Importing keys
I can't find anything in the man page about key import file formats. Other than ascii files, can GnuPG import any other file formats and if so what? Regards, Bob signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GnuPG 1.9.19
Is there a version of GnuPG 1.9.19 compiled for Windows? Regards, Bob signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Cleaning
John Clizbe wrote: > Bob Henson wrote: > >>> A P.S. to the last message. I added the above lines and tried again, and >>> neither refreshing a key from the keyserver, uploading a key, nor >>> downloading a new key cause the "clean" to run. >>> >>> I must be doing something silly in the set-up. I created a new file in the >>> same directory as gpg.exe (OK?) called gpg.conf (OK?) and added to it >>> *exactly* your lines above (not line wrapped in the case of the third line. >>> I exited Thunderbird, restarted, and tried the keyserver procedures above. >>> No joy. Does that sound correct? > > gpg.conf must be in your GnuPG home directory. On Windows systems, this is > equivalent to %APPDATA%\GnuPG or, fully expanded, > C:\Documents and Settings\User Name\Application Data\GnuPG I finally got that sorted and got it to work, so thanks for the replies and the help. Sadly, when I ran a complete keyring refresh, it screwed up the key-ring altogether (error messages discussed in here before - can't remember precise details from last night, but it concerned something being shorter then the buffer length) and I had to re-install it from an old backup. Just for the moment, I think I'd better stop meddling with things I don't understand, and just use the system when it's working OK. Having said that, I'm off to find out how to change my passphrase from the old back-up keyring to my current passphrase - so I'll probably make a complete hash of that too (pun intended :-) ) Regards, Bob signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: This IS about GD - a proposal on dealing with the problem
Doug Barton wrote: >> Bob Henson wrote: >> > >>>> Put it the other way round - what useful purpose do they serve? I haven't >>>> seen one yet, ergo they are junk. > >> >> Um, until you actually get appointed ruler of the universe, you don't get to >> make that decision for everyone else. :) Seriously though, I interact with a >> lot of people that get their keys from the GD (their choice, and I'm not in >> a position to argue), so I need to have my key there, and it needs to be >> signed by the GD system. You can argue whether what pgp.com is doing is >> wrong all day long, but it is what it is, and therefore I need to be >> compatible with it. Thus, I really like the clean options, and have the >> following in my gpg.conf which works splendidly: >> >> import-options import-clean-sigs import-clean-uids >> export-options export-clean-sigs export-clean-uids >> keyserver-options import-clean-sigs import-clean-uids export-clean-sigs >> export-clean-uids >> > >>>> It may do with the nightly builds, but it doesn't yet work on the release >>>> version of GPG. > >> >> I don't know what you mean about "release version of GPG," but the above >> works fine with 1.4.2 on both Windows and FreeBSD. Hmm, I did mean 1.4.2 - so I'd better try again then, Doug. I tried adding the keyserver options but it didn't do anything here. Maybe you need to have the import export options set too, I tried them first, and then removed them before adding the keyserver options, since I only need the latter. Anyway, I'll set them all and try again. Regards, Bob signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: This IS about GD - a proposal on dealing with the problem
Doug Barton wrote: > Bob Henson wrote: > >> Put it the other way round - what useful purpose do they serve? I haven't >> seen one yet, ergo they are junk. > > Um, until you actually get appointed ruler of the universe, you don't get to > make that decision for everyone else. :) Seriously though, I interact with a > lot of people that get their keys from the GD (their choice, and I'm not in > a position to argue), so I need to have my key there, and it needs to be > signed by the GD system. You can argue whether what pgp.com is doing is > wrong all day long, but it is what it is, and therefore I need to be > compatible with it. Thus, I really like the clean options, and have the > following in my gpg.conf which works splendidly: > > import-options import-clean-sigs import-clean-uids > export-options export-clean-sigs export-clean-uids > keyserver-options import-clean-sigs import-clean-uids export-clean-sigs > export-clean-uids > >> It may do with the nightly builds, but it doesn't yet work on the release >> version of GPG. > > I don't know what you mean about "release version of GPG," but the above > works fine with 1.4.2 on both Windows and FreeBSD. A P.S. to the last message. I added the above lines and tried again, and neither refreshing a key from the keyserver, uploading a key, nor downloading a new key cause the "clean" to run. I must be doing something silly in the set-up. I created a new file in the same directory as gpg.exe (OK?) called gpg.conf (OK?) and added to it *exactly* your lines above (not line wrapped in the case of the third line. I exited Thunderbird, restarted, and tried the keyserver procedures above. No joy. Does that sound correct? Maybe it doesn't work via Enigmail? I'm using GPG 1.4.2 via Enigmail 0.92.0.0. I checked the doc file I got with GPG 1.4.2 and whilst it lists the import/export-options "clean" command there is no equivalent key-server-option "clean" command listed - this may just be an oversight in the doc file, of course. I'll away and try exporting my keyring to see what happens. Regards, Bob signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: This IS about GD - a proposal on dealing with the problem
David Shaw wrote: >> Also, these are not "junk" signatures. They have semantic meaning, >> and are used by many people. Please clarify what makes a signature a >> "junk" signature. I'd like to understand why you classify them that >> way. Put it the other way round - what useful purpose do they serve? I haven't seen one yet, ergo they are junk. I don't even like the added signatures when a key is edited, unless it is that particular signature that is edited I would prefer to see the original signature date. Cleaning the key removes the older ones, instead of the junk ones. >> Why the outrage? I really don't understand why people are so hopping >> mad about this. Turn on "import-clean" in your gpg.conf and you'll >> never see more than one GD signature at a time. It may do with the nightly builds, but it doesn't yet work on the release version of GPG. Sadly, I doubt PGP corporation would take any notice of a petition - they don't even listen to and reply their paid subscribers comments, never mind those that don't use PGP. Regards, Bob signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
