from:"Charly Avital"

Unsubscribing temporarily

2014-11-12 Thread Charly Avital

Hi,
for health reasons I am unsubscribing for the time being.
I shall subscribe again in due time.
My apologies to the list.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] [security fix] GnuPG 1.4.17 released

2014-06-23 Thread Charly Avital

Hi,

Version info:   gnupg 1.4.17
Configured for: Darwin (x86_64-apple-darwin13.2.0)

Thanks,
Charly

0x15E4F2EA
OS X OS X 10.9.3 (13D65)
gpg (GnuPG) 1.4.17
TB 24.6.0  Enigmail version 1.7.a1pre 2014/04/06


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Decryption problem - Large .png file

2014-02-16 Thread Charly Avital

Hi,

I have received from a friend a very large file in txt. that I have been
so far unable to decrypt:

[serial number].png.asc.txt. Size is 36.1 MB and it is supposed to be
the encryption of a 600 DPI color file.
Sender is running GnuPG v1.4.12 (GNU/Linux).
Because of the size of the file, sender has used Dropbox, and I received
it via my Dropbox.
I have tried to decrypt it using Terminal/CLI, with -d and -a options.
The output was gibberish, with bell sounds now and then.
After typing in Terminal gpg [return], I get the prompt "go ahead and
type your message". I copied/pasted the ASCII text, and at the end I
got: "gpg: CRC error; E9433F - B65688", instead of the expected
information about the keys the file had been encrypted to. Googling CRC
error etc., didn't bring several examples from this list (and others)
but nothing that I could use.
Sender is positive about having used my public key to encrypt the file.

Your help will be greatly appreciated.
Charly
0x15E4F2EA
Mac OS X 10.9.1 (13B42)
MacBook Intel C2Duo 2GHz 13-inch, Aluminum, Late 2008 .
(GnuPG/MacGPG2) 2.0.22 - gpg (GnuPG) 1.4.16
TB 24.2.0 Enigmail version 1.6 (20131006-1849)



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: What is the latest version

2013-12-19 Thread Charly Avital

Matt D wrote on 12/19/13, 3:25 PM:
> I am running enigmail 1.5.2 .   Is this old?  How can I get the
> latest?  Thanks!

According to the raw source of your message, you are running:
"User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101
 Thunderbird/24.2.0"
and
"X-Enigmail-Version: 1.5.2" (which you already indicated in your post).

It seems that this combination is part of the Linux distro you are running.

You might update to Enigmail 1.6 by downloading the appropriate release
from  and proceed according
to the instructions.

I think your query might be best answered in Enigmail User's list.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] [security fix] GnuPG 1.4.16 released

2013-12-18 Thread Charly Avital

Werner Koch wrote on 12/18/13, 4:05 PM:
> Hello!
> 
> Along with the publication of an interesting new side channel attack by
> Daniel Genkin, Adi Shamir, and Eran Tromer we announce the availability
> of a new stable GnuPG release to relieve this bug: Version 1.4.16.
> 
> This is a *security fix* release and all users of GnuPG versions 1.x are
> advised to updated to this version.  GnuPG versions 2.x are not
> affected.  See below for the impact of the problem.

[...]

Hi,

compiled from source:

Version info:   gnupg 1.4.16
Configured for: Darwin (x86_64-apple-darwin13.0.0)

gpg (GnuPG) 1.4.16
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later

This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Thank you for your work.
Charly
0x15E4F2EA
Mac OS X 10.9.1 (13B42)
MacBook Intel C2Duo 2GHz 13-inch, Aluminum, Late 2008 .
(GnuPG/MacGPG2) 2.0.22 - gpg (GnuPG) 1.4.16
TB 24.2.0 Enigmail version 1.6 (20131006-1849)

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Renewing expiring key - done correctly?

2013-12-04 Thread Charly Avital

Eric Poellinger wrote on 12/3/13, 6:22 PM:
> This is the key before issuing the 'expire' command:
> 
> pub  2048R/4A4DBDC7  created: 2012-01-13  expires: 2014-01-12  usage: SC
>  trust: ultimate  validity: ultimate
> sub  2048R/0C0305EC  created: 2012-01-13  expires: 2014-01-12  usage: E
> 
> 
> I did a 2 year expiration and the master key (4A4DBDC7 ) was updated as
> expected (to 2015-12-03)
> 
> PRIMARY QUESTIONS - I am uncertain about the sub-key.  When I attempt to
> 'expire' it the date does not seem to change.  Maybe you cannot expire a
> sub-key?  Maybe I do not need to care because we are not using it in our
> encryption commands??  FYI, this key is only with one trading partner,
> so managing the change is not difficult.

I had the same problem a short time ago, and solved it with the help of
a friend, and this is what I did in MacOSX's Terminal

$ gpg edit-key [key ID]
[..]
Secret key is available,

pub 2048R/[key ID] created: [..] expires: [..]  usage: SC
   trust: ultimate validity: ultimate
sub 2048R/[sub-key ID] created: [..] expires: [..]  usage: E

Then:

> key 1 expire
pub  2048R/[key ID] created: [..] expires: [..]  usage: SC
trust: ultimate validity: ultimate
sub*  2048R/[sub-key ID]  created: [..] expires: [..] usage: E

[note the asterisk after sub, that indicates that this is the key which
has been selected for expiry]

then again:
expiry
I got:
Changing expiration time for a subkey.
Please specify how long the key should be valid.
 0 = key does not expire
= key expires in n days
  w = key expires in n weeks
  m = key expires in n months
  y = key expires in n years

Hope this helps.
I don't know whether you can use this method in your system.
You seem to be using web-mail with html format.

Charly
0x15E4F2EA
Mac OS X 10.9 13A603
MacBook Intel C2Duo 2GHz 13-inch, Aluminum, Late 2008 .
(GnuPG/MacGPG2) 2.0.20 - gpg (GnuPG) 1.4.15
TB 24.1.1  Enigmail version 1.6 (20131006-1849)

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Using Gnupg from the command line with no arguments

2013-11-27 Thread Charly Avital

Michael wrote on 11/26/13, 11:46 PM:
>  Hi, I am a new GPG user.  (New to the command line, that is.)  I know
> that if you type "gpg" without any arguments in a command line it starts
> a primitive sort of text editor where you can type a message that you
> later encrypt, sign, etc.   How do you tell the text editor when you are
> done with the message?  I have actually been flipping madly through the
> GPG documentation; I am not sure this is scenario is exactly covered.
>  Can someone point me in the right direction?  Using GPG Tools on Mac OS
> 10.9 and just trying to get more command line fluent.
> 
>  
> 
> Thank you for your help.
> 
>  
> 
> Mike  

Mike,
after I type gpg without arguments I get:
gpg: Go ahead and type your message ...

and when I type immediately after ControlC, I get:
^C
gpg: Interrupt caught ... exiting


I'm not sure this answers your query.
Charly

0x15E4F2EA
Mac OS X 10.9 13A603
MacBook Intel C2Duo 2GHz 13-inch, Aluminum, Late 2008 .
(GnuPG/MacGPG2) 2.0.20 - gpg (GnuPG) 1.4.15
TB 24.1.1  Enigmail version 1.6 (20131006-1849)


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Threema.

2013-11-09 Thread Charly Avital


kendrick eastes wrote on 11/10/13, 3:17 AM:
> might be better received at a cryptography based mailing list, also, do
> you plan on releasing source? 
> 
> 
> apologies if this double sends, I've been having network issues recently.

The source belongs to the company whose web site figures in the link I sent.

I have no connection whatsoever with that company, I was just asking the
GnuPG-users list for an opinion.

Sorry for the misunderstanding.
Charly
0x15E4F2EA
Mac OS X 10.9 13A603
MacBook Intel C2Duo 2GHz 13-inch, Aluminum, Late 2008 .
(GnuPG/MacGPG2) 2.0.20 - gpg (GnuPG) 1.4.15
TB 24.0.1 Enigmail version 1.6 (20131006-1849)




___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Threema.

2013-11-09 Thread Charly Avital

Hi,



in German:


What do you think of it?
Charly

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Threema.

2013-11-09 Thread Charly Avital

Hi,



in German:


What do you think of it?
Charly

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] [security fix] GnuPG 1.4.15 released

2013-10-05 Thread Charly Avital

Philip Neukom wrote on 10/5/13 7:56 PM:
> 
> 
> On 5.10.2013 9:53 , gnupg-users-requ...@gnupg.org wrote:
>> From: Charly Avital  To:
>> Subject: Re: [Announce] [security fix] GnuPG
>> 1.4.15 released
>>
>> [...]
>> Hi,
>>
>> "Version info:   gnupg 1.4.15
>>  Configured for: Darwin (x86_64-apple-darwin12.5.0)"
>>
>> Thanks Werner and the GnuPG team.
>> Charly
> 
> Charly, did you compile with Xcode 5?

No, I used the Terminal:
1. Download and verify the source code.
2. cd to expanded source code.
3. ./configure
4. make
5. sudo make install.

Hope this helps.
Charly
0x15E4F2EA
Mac OS X 10.8.5 (12F37)
MacBook Intel C2Duo 2GHz 13-inch, Aluminum, Late 2008 .
(GnuPG/MacGPG2) 2.0.20 - gpg (GnuPG) 1.4.15
TB 24.0 Enigmail version 1.5.2 (20130703-1322)

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] [security fix] GnuPG 1.4.15 released

2013-10-05 Thread Charly Avital

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Werner Koch wrote on 10/5/13 11:56 AM:
> Hello!
> 
> We are pleased to announce the availability of a new stable
> GnuPG-1 release: Version 1.4.15.  This is a *security fix* release
> and all users are advised to updated to this version.  See below
> for the impact of the problem.

[...]

> Happy Hacking,
> 
> The GnuPG Team

Hi,

"Version info:   gnupg 1.4.15
 Configured for: Darwin (x86_64-apple-darwin12.5.0)"

Thanks Werner and the GnuPG team.
Charly
0x15E4F2EA
Mac OS X 10.8.5 (12F37)
MacBook Intel C2Duo 2GHz 13-inch, Aluminum, Late 2008 .
(GnuPG/MacGPG2) 2.0.20 - gpg (GnuPG) 1.4.15
TB 24.0 Enigmail version 1.5.2 (20130703-1322)
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJST/2aAAoJEPPf0YAV5PLqYDsQAJeuhBsgniHwYWyu1/GAtcLy
YrYUK5xQzk+OJgrzytdfmBfz/dD+VpZz4spSTKhe1BHcnq5Ar9VBJX91UnngR6En
/L0+pK/np0AGXfwyhzisYntjDSt8jQl31qhDYthPjkAUL3vnUAPtQRN5m1HKuw9H
AtCUvjfIXAXKBZAqlque3CpeMA2j5279KI5oyMpvQnzeV+Y8yhcs9RPiY+NLnQQ8
Iee069oVDVmnwJjU7GiusD/z+poR1THapAu31EuNVCkFSZclXZd/d5+mrHPdDjUH
fN1Te+4GqXRBJV4PZNuXZV9IvFnSwJ5FaT+6vySMMB0UHxbNIgosVQpqZX8AW3Fu
UeWv6imcCGpsj9KpZSP8laAo5s/t3765nbVCczxzF8YrREO7+y9XP1xHNBt+awPK
anCmpfpzB+gJkvUmXaaVizDQEFiOVZX1xdknkO/XVSZU9tnWfm+m1h8xQyOqsed9
YERBj5vU3LT3Ldd8ykaSNsqFazuXTVAA9R/II9cRlc7NMeuiicFWM1JLmOCRp+Zy
gXjhnBNk+1dhj5OSujMyNi6pP1ASFAAIm3DKYZC9umC5+L3YPeMkOvVC4VeZl/VH
twhb0zxiOZ+VK5g4WVhh8qD6CpkOI9f4uRWcyU6mDmvm19WbXOSxCtEBH3LMPy4N
PQazHVPgFVvlRIL2cVUF
=08bX
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] [security fix] GnuPG 1.4.14 released

2013-07-26 Thread Charly Avital

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Werner Koch wrote on 7/25/13 6:26 AM:
> Hello!
> 
> We are pleased to announce the availability of a new stable GnuPG-1
> release: Version 1.4.14.  This is a *security fix* release and all users
> of GnuPG < 2.0 are advised to updated to this version.  See below for
> the impact of the problem.

Hi,
- From Terminal:

Version info:   gnupg 1.4.14
Configured for: Darwin (x86_64-apple-darwin12.4.0)
gpg (GnuPG) 1.4.14
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later

This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA (S1), 3DES (S2), CAST5 (S3), BLOWFISH (S4), AES (S7),
AES192 (S8), AES256 (S9), TWOFISH (S10), CAMELLIA128 (S11),
CAMELLIA192 (S12), CAMELLIA256 (S13)
Hash: MD5 (H1), SHA1 (H2), RIPEMD160 (H3), SHA256 (H8), SHA384 (H9),
  SHA512 (H10), SHA224 (H11)
Compression: Uncompressed (Z0), ZIP (Z1), ZLIB (Z2), BZIP2 (Z3)


Thank you.
Charly
0x15E4F2EA
Mac OS X 10.8.3 (12D78)
MacBook Intel C2Duo 2GHz 13-inch, Aluminum, Late 2008 .
GnuPG v2.0.19 (Darwin) - gpg (GnuPG) 1.4.14
TB 17.0.7  Enigmail version 1.5.1 (20130205-0013)




-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (Darwin)

iQIcBAEBCgAGBQJR8X4BAAoJEPPf0YAV5PLqXycP/A8VsxYaukt5ZpRIJLyvLaBd
bVvcLsxv5E9PgG9qQd9jfOTgMu9heGH+nmkiCgaYwzbf6zpI1QXNF8HOW8UtitrC
wkS6JXwFC3oTP6foL74dmg2CwVknWr6blFD4ggfbSn4k3xLWiB93IOff7euhw1yd
klt9/aQ4tXXLYlv6nZe+gVeEH7A2HAyGqeqzwZ89NxY9aX64/3GOJkuwx4Bnpnsy
V8qXjbsYW5VJXuI5IQLPiLpF0wZNA1695FuKkqiObRBtL8n033iWJZr421iywj1x
9u8xxQgNqigiJAmj5pdaYhHzlGnYXcPBlLeN3PENi35Z5EKBlSBilZFY3cL2ERCm
rBZXvkwmSmaLN4TNnZLu22MzE2N8NqCjqJkgXwNHF/+SmUqu8QCJht2R1Ih+wust
3lxuNXXI+Rqci11p/WbBl5nuTpqHdnJ3VITQzFDJ96HqN0dwQKoWKNgj0MTh+htn
jElpidjwEBSMtVEWDa2pIxHo3dgVuB2u50furuQJm1dj7McwdUokB6MANrur7KjC
iZoqnE60snHpN2bZRqkUjxq7DT4kANtBKpmVgxEzoh0xR6eKX1qbS23L35E9cL3V
ClF8tnpHMGuxOQgmGNOLTMSdpxExFLrITiyOa7iYKbLiL9+RNrhaecYQjHLA4ux4
0JMQeSIOn2NRKA0/WkJc
=FVTA
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] [security fix] GnuPG 1.4.14 released

2013-07-25 Thread Charly Avital

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Werner Koch wrote on 7/25/13 6:26 AM:
> Hello!
>
> We are pleased to announce the availability of a new stable GnuPG-1
> release: Version 1.4.14.  This is a *security fix* release and all users
> of GnuPG < 2.0 are advised to updated to this version.  See below for
> the impact of the problem.

Hi,
- From Terminal:

Version info:   gnupg 1.4.14
Configured for: Darwin (x86_64-apple-darwin12.4.0)
gpg (GnuPG) 1.4.14
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later

This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA (S1), 3DES (S2), CAST5 (S3), BLOWFISH (S4), AES (S7),
AES192 (S8), AES256 (S9), TWOFISH (S10), CAMELLIA128 (S11),
CAMELLIA192 (S12), CAMELLIA256 (S13)
Hash: MD5 (H1), SHA1 (H2), RIPEMD160 (H3), SHA256 (H8), SHA384 (H9),
  SHA512 (H10), SHA224 (H11)
Compression: Uncompressed (Z0), ZIP (Z1), ZLIB (Z2), BZIP2 (Z3)


Thank you.
Charly
0x15E4F2EA
Mac OS X 10.8.3 (12D78)
MacBook Intel C2Duo 2GHz 13-inch, Aluminum, Late 2008 .
GnuPG v2.0.19 (Darwin) - gpg (GnuPG) 1.4.14
TB 17.0.7  Enigmail version 1.5.1 (20130205-0013)




-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (Darwin)

iQIcBAEBCgAGBQJR8X6zAAoJEPPf0YAV5PLqPeQQAJHGfEXMUq5FloKmRn6HJk28
+Svxu2+4+LUhGOlbABwzieG0YdphKND4bpr88C5itC31LHcpDO/Z4RWh8MFM9Gdf
kk6MTwQtJ07AE/mH2FdWe8o2WM4rvPUda7b2rQARwjrzTGU2DxZd5QLlX5mwyQr6
8gsKyNmuO6lakafJ+kv+t7nux5zdubVRvUQ8QEow80JA13fFt82dOy0Zub/qHblM
mR/sVKHwdzT0jhhehs85yjOFBIGFUtDgELukf8o/6YaLb12yZXCPpBBoVOrnJ1WS
U9VDxUXdeXEjuha/UvV6GSdeiO700dOkDJQohNdv6wq9YLpfT8rlBvBt1b7Dj0TT
OBtj8h6z3yzAGlXtlJ+L2iPmr8bHn8SSjtX6gghnoft5Y2V8IQpb2plaJa5UCGRX
7h4AkbrSWYcQ0KBV5Yw57Ox/Gd6vTbNF40Y+vDCCtynV+TiEADGP01DRYm27+rOC
cJVYXhsZpAj/W7oIqdiOYqWXhQGDWAKHX+Zgs2DOOJkb0QntB0QFIaaEN/1/eKIC
0r+r8qsAL2ZIMPOVaTkBWvAUQs38gOgst/JCVV9lB0W20+V4qFiScqgfoNPt7rOz
IAGWKHF7KiIfOcKfb0v7NUw6IzXh7yD1XIPTj7UVpEG+TDj+soi1ku8UzWD1ax7N
iQ5Xm5x5lqiQ7DmRbsSH
=qpe3
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] GnuPG 1.4.13 released

2012-12-23 Thread Charly Avital

Ludwig Hügelschäfer wrote on 12/23/12 9:01 AM:

[...]

> Could somebody please help me? Thanks!
> 
> Ludwig


Hi Ludwig,

here's copy of the message I sent to Werner only without including the
list, my bad:

> Werner Koch wrote on 12/20/12 3:20 PM:
>> Hello!
>> 
>> 15 years after the first release we are now pleased to announce the
>> availability of a new stable GnuPG-1 release: Version 1.4.13.
> 
> [...]
> 
>>
>>  gpg --verify gnupg-1.4.13.tar.bz2.sig
> 
> Verifies.
> 
> [...]
> 
> 
>> Thanks
>> ==
>>
>> We have to thank all the people who helped with this release, be it
>> testing, coding, translating, suggesting, auditing, donating money,
>> spreading the word, or answering questions on the mailing lists.
>>
>>
>> Happy Hacking,
>>
>>   The GnuPG Team (David, Werner and the other contributors)



> Version info:   gnupg 1.4.13
> Configured for: Darwin (x86_64-apple-darwin12.2.0)
> 
> $ gpg --version
> gpg (GnuPG) 1.4.13
> Copyright (C) 2012 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later
> 
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
> 
> Home: ~/.gnupg
> Supported algorithms:
> Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
> Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
> CAMELLIA128, CAMELLIA192, CAMELLIA256
> Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
> Compression: Uncompressed, ZIP, ZLIB, BZIP2
> 
> 
> 
> 
> Thank you Werner.
> Charly
> 
--

When compiling from source, I didn't experiment any problem.

Best regards,
Charly
0x15E4F2EA
Mac OS X 10.8.2 (12C54)  MacBook Intel C2Duo 2GHz.
GnuPG v2.0.19 (Darwin) - gpg (GnuPG) 1.4.13
TB 17.0  Enigmail 1.4.6 (20121105-0019)

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: my new public key

2012-09-29 Thread Charly Avital

da...@gbenet.com  da...@gbenet.com
<506724ec.8030...@gbenet.com> September 29, 2012 12:42:20 PM  wrote:
da...@gbenet.com wrote on 9/29/12 12:42 PM:

> Hello All,
> 
> I've just created a new key pair - the older one gets you realise you will 
> not live forever!
> 
> So import and be happy!
> 
> David

"The key(s) were successfully imported

gpg: key 8716853A: public key "postmas...@gbenet.com (Do not dwell in
the past, do not dream of the future, concentrate the mind on the
present moment) " imported
gpg: Total number processed: 1
gpg:   imported: 1  (RSA: 1)"

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: what is killing PKI?

2012-08-25 Thread Charly Avital

Stan Tobias <5038e22c.l1tw2+7saan+vapc%st...@mailshack.com> August 25,
2012 1:22:47 PM wrote:
> As this thread is turning into a general discussion on privacy and
> encryption, I would like just to add one more to the garden of thoughts.
> I'm not making any argument for or against, I just want to say some people
> find (forced) privacy detrimental, especially in a broad social context.

Why forced?
Nobody is forcing anyone to do anything.
You want to use encryption, use it.
You don't want to use it, don't.

> Some time ago, reading a discussion I noticed this particular
> argument against encrypting file-sharing traffic, which can be
> summarized/paraphrased as:
> 
>   "We don't want encryption, we want file-sharing be legal."
> 
> It's a strong political statement.  While privacy is important, you
> don't win anything if you *have to* hide.  Freedom is often fought for
> by asserting your rights.

Nobody has to hide, this is not about hiding.
A fortiori, when one sends or receives an encrypted message, the mere
format of such a communication hollers loud and clear that the user is
protecting his/her communications, not hiding.
Freedom is freedom to think freely; and to act freely within the rules
of law.
If one finds the law questionable, there are constitutional and
democratic means to express and ask for revision or change of the law.

> This.  I wonder how certain societies got convinced that just being
> nude - the most natural, beautiful and human thing - was indecent
> and/or illegal.  Surely not because everyone was dressed?  Or?

Or who knows?

This is my first and last contribution to this thread.
You all have a fine week end.
Charly

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Trying to compile gpg 2.0.19 for Mac OS 10.8 Mountain Lion. - Solved.

2012-08-14 Thread Charly Avital

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi,

Following my post of August 1/2012, I could compile GnuPG 2.0.19 under
Mac OS 10.8 (Mountain Lion, Darwin x86_64-apple-darwin12.0.0) using a
script written by Ludwig Hügelschäfer, based upon a script written by
Alex Willner, and with a Mac-native pinentry-mac.app written by Ben
Donnachie in cooperation with GPGtools.org.

Charly
0x15E4F2EA
OS X 10.8 (12A269}  MacBook Intel C2Duo 2GHz-GnuPG 1.4.12-MacGPG2-2.0.19
Thunderbird 14.0 Enigmail 1.5a1pre (20120810-1544)

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.19 (Darwin)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQEcBAEBCgAGBQJQKyCQAAoJEPDKqP3/J6K00aAIAK3pLVylhX7DJAf2gI1Ywd8D
DC3uf/8k8slkJAN56XXH35wr9gkjYq1lYuzGwJY4+VOA+60vgts1EGo2h4fHykMA
qLa8SOO3BxzRmEHSO+7i0mu+IeLWW8ak02MyunllUG+2A1ne0kcngfaN5Fyixuh7
bjruTfm/OKy9cc01W+vASYz27DWQ2xeeCbs+fVw0/Dleynb8kyfbv4LTJ9WDQREL
k9meFfhcrWtZEPQ6d66O8KAkcONF1sdmG9PwvV2sxC536xmVOywO2DiJhvZat4Im
jVVS8SArzdapa5VfDBHtWDoX1Zm4dmGQn/xR1/rOWDFGX1lFmU3/VWM1clY1AA0=
=oGMn
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Trying to compile gpg 2.0.19 for Mac OS 10.8 Mountain Lion.

2012-08-01 Thread Charly Avital

Hi,

After installing all the required libraries (as indicated in first run
of ./configure), I get the following:

Output of ./configure:

GnuPG v2.0.19 has been configured as follows:

Platform:  Darwin (x86_64-apple-darwin12.0.0)

OpenPGP:   yes
S/MIME:yes
Agent: yes
Smartcard: yes (without internal CCID driver)
Gpgtar:no

Protect tool:  (default)
Default agent: (default)
Default pinentry:  (default)
Default scdaemon:  (default)
Default dirmngr:   (default)

Last lines of make output:

gcc -DHAVE_CONFIG_H -I. -I..  -I../intl -I/usr/local/include
-DJNLIB_IN_JNLIB -I/usr/local/include -g -O2 -Wall -Wno-pointer-sign
-Wpointer-arith -MT utf8conv.o -MD -MP -MF .deps/utf8conv.Tpo -c -o
utf8conv.o utf8conv.c
utf8conv.c: In function ‘native_to_utf8’:
utf8conv.c:382: error: ‘ICONV_CONST’ undeclared (first use in this function)
utf8conv.c:382: error: (Each undeclared identifier is reported only once
utf8conv.c:382: error: for each function it appears in.)
utf8conv.c:382: error: expected ‘)’ before ‘char’
utf8conv.c: In function ‘do_utf8_to_native’:
utf8conv.c:648: error: ‘ICONV_CONST’ undeclared (first use in this function)
utf8conv.c:648: error: expected ‘)’ before ‘char’
utf8conv.c: In function ‘jnlib_iconv’:
utf8conv.c:724: warning: passing argument 2 of ‘libiconv’ from
incompatible pointer type
make[2]: *** [utf8conv.o] Error 1
make[1]: *** [all-recursive] Error 1
make: *** [all] Error 2


Hoping to solve the problem by installing the latest gettext 0.18.1.1, I
get the following when trying to compile gettext:

Last lines of ./configure:
checking whether make sets $(MAKE)... yes
checking whether NLS is requested... yes
checking for msgfmt... /usr/local/bin/msgfmt
checking for gmsgfmt... /usr/local/bin/msgfmt
checking for xgettext... /usr/local/bin/xgettext
checking for msgmerge... /usr/local/bin/msgmerge
configure: creating ./config.status
config.status: creating Makefile
config.status: creating installpaths
config.status: creating po/Makefile
config.status: executing po-directories commands


Last lines of make:
libtool: compile:  gcc -std=gnu99 -DHAVE_CONFIG_H -DEXEEXT=\"\"
-DEXEEXT=\"\" -DEXEEXT=\"\" -I. -I.. -I../intl -I../intl -I.. -I..
-DDEPENDS_ON_LIBICONV=1 -DDEPENDS_ON_LIBINTL=1 -I../intl
-I///usr/include/libxml2 -I./libcroco -g -O2 -c stpncpy.c  -fno-common
-DPIC -o .libs/stpncpy.o
stpncpy.c:34: error: expected declaration specifiers or ‘...’ before
numeric constant
stpncpy.c:34: error: expected ‘)’ before ‘!=’ token
stpncpy.c:34: error: expected ‘)’ before ‘?’ token
make[4]: *** [stpncpy.lo] Error 1
make[3]: *** [all] Error 2
make[2]: *** [all-recursive] Error 1
make[1]: *** [all] Error 2
make: *** [all-recursive] Error 1


I've searched for possible solutions.
One of them was trying to patch gettext with attached patch. Didn't succeed.

Thank you in advance for your assistance.

Charly
OS X 10.8 (12A269}  MacBook Intel C2Duo 2GHz-GnuPG 1.4.12-MacGPG2-2.0.17-9
Thunderbird 14.0 Enigmail 1.5a1pre (20120727-2257)
--- gettext-tools/gnulib-lib/stpncpy.c.orig 2007-10-07 23:29:35.0 
+0300
+++ gettext-tools/gnulib-lib/stpncpy.c  2011-03-11 23:34:40.0 +0200
@@ -24,7 +24,7 @@
 #include 
 
 #ifndef weak_alias
-# define __stpncpy stpncpy
+//# define __stpncpy stpncpy
 #endif
 
 /* Copy no more than N bytes of SRC to DST, returning a pointer past the
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: message signature types

2012-08-01 Thread Charly Avital

auto15963931  August 1, 2012 11:44:19 AM
wrote:

> 
> So the last question is just how do I go about checking whether one of
> these smime.p7s certificates has been revoked. What is the process of
> revocation in general? Thanks.

Sorry I can't help you, I can only suggest:
- wait for a knowledgeable list member to answer.
- Google

Charly


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: message signature types

2012-07-31 Thread Charly Avital

auto15963931  July 31, 2012 2:47:22 PM wrote:
> If this is the wrong place to ask, please point me in the right
> direction. Where can I learn more about importing, if such a thing is
> even done this way, and making use of message signatures which utilize
> an "smime.p7s" file? I got a message from someone who uses this, and I
> need to learn about verifying and downloading from a keyserver files
> like this. Especially important for me is learning how to check whether
> it had been revoked, etc.  Where is a support group for this sort of
> signature if this is not it? Thanks.

S/MIME = Secure Multipurpose Internet Mail Extensions is a standard for
public key encryption and signing of e-mail encapsulated in MIME.

It achieves goals that are similar to GnuPG's but uses different means.

The use of GnuPG requires the installation of GnuPG software, and some
kind of module that will enable interaction between that software and
the e-mail client one is using. GnuPG per se enables its user to
generate and manage certificates (aka keys).

S/MIME does not require the installation of any such software but needs
to obtain and install a certificate/key that is issued by a Certificate
Authority (CA). The certificate that is issued by the CA of your choice
has to be imported into your e-mail client (if it has S/MIME capability)
or into your browser.

You might try .

I am sure members of this list will provide more accurate information.

Charly
OS X 10.8 (12A269}  MacBook Intel C2Duo 2GHz-GnuPG 1.4.12-MacGPG2-2.0.17-9
Thunderbird 14.0 Enigmail 1.5a1pre (20120727-2257)

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Is there a GnuPG command that shows the number of keys on a keyring?

2012-07-24 Thread Charly Avital

Robert J. Hansen <500e5f28.4010...@sixdemonbag.org> July 24, 2012
4:43:58 AM wrote:
> On Linux, FreeBSD, OS X, etc., you can do:
> 
> $ gpg2 --list-keys|grep "^pub"|wc -l

I've got 1618, some serious and urgent cleaning is required.

Thank you Robert.

Charly


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: can someone verify the gnupg Fingerprint for pubkey?

2012-06-06 Thread Charly Avital

Sam Smith  June 6, 2012
9:25:37 AM wrote:
Sam Smith wrote on 6/6/12 8:54 AM:
> Can someone please verify that I have the legit public key to verify
> GnuPG with? I checked the website but the Fingerprint is not given anywhere.
> 
> I got this Fingerprint for the Public Key I downloaded
> 
> D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6

That's the fingerprint for Werner Koch (dist sig):

pub 2048R/4F25E3B6 created: 2011-01-12  expires: 2019-12-31  usage: SC
 trust: [] validity: []
sub 2048R/AC87C71A created: 2011-01-12  expires: 2019-12-31  usage: A
[] (1). Werner Koch (dist sig)
pub   2048R/4F25E3B6 2011-01-12 Werner Koch (dist sig)
Primary key fingerprint: D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6



Hope this is what you were looking for.
Charly
Mac OS X 10.7.4 (11E52) MacBook Intel C2Duo MacGPG2-2.0.17-9
Thunderbird 13.0 Enigmail 1.4.2 (20120519-0100)

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ, take two

2012-06-04 Thread Charly Avital

Robert J. Hansen <4fcd629e.8010...@sixdemonbag.org> June 4, 2012
10:38:58 PM wrote:

[...]

> It's reasonable to present the controversy, and I'll make mention of it
> in the next revision.  That's as far as I'll go.

Fair enough, and thanks.

> Of course, ultimately Werner is the one who gets thumbs-up or
> thumbs-down on this -- if it's to someday become the official FAQ, then
> he gets final signoff authority.  So if you disagree, feel free to pitch
> it to him, but you've heard my position on it.  :)


I agree to your position.

Charly


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ, take two

2012-06-04 Thread Charly Avital

Robert J. Hansen <4fcc11f2.6050...@sixdemonbag.org> June 4, 2012 4:22:54
PM wrote:

[snip]

> Also, if there are any questions you feel are missing, throw them out
> too.  Thank you!

Section "4.7 How do I validate another person’s certificate?" does not
deal with what one should do once she/he has signed another person's
certificate (after completing the validation process).

I believe the etiquette is that the signed key block should be returned
to the certificate's owner, for her/him to do what he/she deems
convenient, e.g. upload it to a keyserver.

The signer himself/herself should not upload the sign key block to a key
server, or publish it in any other way, without the certificate's owner
explicit authorization or request.

That may be hair splitting and not etiquette, but I believe the issue
should be clarified. I have had at least two of my certificates signed
by someone with whom I had never gone through any kind of validation
process, or even discussed the possibility of such a process. The person
just signed my certificate and uploaded it to a keyserver.

End of rant.
Charly.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Testing GPG EMail encryption AKA PGP/MIME

2012-05-23 Thread Charly Avital

Mika Suomalainen <4fbd03cb.1070...@hotmail.com> May 23, 2012 12:38:40 PM
wrote:
> I am using PGP/MIME in this email. Can you verify my signature on this
> email? You can find link to my public key in my signature.

Good signature from Mika Suomalainen 
Key ID: 0x82A46728 / Signed on: 5/23/12 11:35 AM
Key fingerprint: 24BC 1573 B8EE D666 D10A AA65 4DB5 3CFE 82A4 6728


Charly
Mac OS X 10.7.4 (11E52) MacBook Intel C2Duo 2GHz
MacGPG2-2.0.17-9 - Thunderbird 12.0.1 Enigmail 1.5a1pre (20120521-2224)

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg-agent automatically use passphrase for signing subkey?

2011-07-22 Thread Charly Avital

Chris Poole

wrote on 7/22/11 10:38:39 AM:
> On Thu, Jul 21, 2011 at 5:30 PM, Charly Avital  wrote:
>> When your passphrase has been cached for each of those *actions*, it
>> will remain in gpg-agent's "memory" for the duration of the cache set in
>> your home directory ~/.gnupg/gpg-agent.conf
> 
> That's a shame, but thanks.

Shame?
I find it very convenient.

Take care and have a fine week end.
Charly


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg-agent automatically use passphrase for signing subkey?

2011-07-21 Thread Charly Avital

Chris Poole

wrote on 7/21/11 4:40:17 PM:
> Perhaps I explained poorly.

You explained very clearly.

> I'm using gpg 1.4.11, gpg-agent 2.0.17.

You can have, as I do, both 1.4.11 and 2.0.17 installed side by side in
the same system.
You can use either one, as set in the path of your e=mail application.
You are using a @gmail.com based user ID, and the raw source of your
e-mail does not display which MUA you are using.

I am using Shredder, which is a trunk release of Thunderbird, where the
path, as displayed in OpenPGP/Preferences, is
/usr/local/MacGPG2/bin/gpg2. Thus I am using gpg2, in this case
MacGPG2-2.0.17-9

If instead I had set /usr/local/MacGPG2/bin/gpg , I would be using gpg,
that would be gpg 1.4.11

If you are using Apple's Mail application (under 10.6.8), it will chose
gpg2 by default. Under Lion, the Mailbundle for Apple's Mail application
does not work, it is being rewritten by a group of developers.
> 
> Is it possible to enter a passphrase using gpg-agent, and have it cached such
> that it's used whenever I want to use any subkeys from the same main key?
> 
> Scenario:
> 
> I sign a file with my signing subkey, and give gpg-agent my passphrase.
> 
> I then decrypt another file, which has been encrypted using my encryption key,
> which is a sister subkey to the signing key (i.e., they both have the same
> parent 'main key'). Is it possible to not be prompted for my passphrase again
> for this operation?
> 
> I understand that they're separate keys, so I'm being prompted twice, but they
> are both belonging to the same primary key: can that passphrase apply to all
> subkeys when entered for any one?
> 
> I hope that clarifies what I want to do...

Maybe *I* wasn't clear enough.

gpg-agent "goes" by *actions*:  decrypt, or sign.

gpg-agent is invoked whenever you use your secret key, either for
decrypting or for signing.

As far as gpg-agent is concerned, those are two different *actions*.

When your passphrase has been cached for each of those *actions*, it
will remain in gpg-agent's "memory" for the duration of the cache set in
your home directory ~/.gnupg/gpg-agent.conf

Charly



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg-agent automatically use passphrase for signing subkey?

2011-07-21 Thread Charly Avital

Chris Poole

wrote on 7/21/11 2:51:42 PM:
> Hi
> 
> I have a program

Which version of GnuPG are you running, and where did you download it
from, please? Just for information.

 which encrypts and signs files; I supply the same key
> ID for both operations, the 'primary ID'.
> 
> My key actually consists of the main key and two subkeys, for
> encryption and signing.


This is the information pertaining to the key whose key ID is mentioned
in your e-mail:

pub 1024D/BAD246F9  created: 2006-03-31  expires: never usage: SC
 trust: unknown   validity: unknown
sub  2048D/7ED39759  created: 2010-12-11  expires: never usage: S
sub  4096g/E71D7B3E  created: 2006-03-31  expires: never usage: E
[ unknown] (1). Chris Poole 
[ unknown] (2)  Chris Poole 

> I'm using gpg-agent to cache my passphrase.
> 
> I get asked for my passphrase (pinentry screen) once for the
> encryption key, and then again, for the signing key.


You are asked for your passphrase once for *decrypting* an e-mail that
has been encrypted using your public key; and then once again to sign an
e-mail. In other words, when you need to use your secret key.

> Can I instruct the agent to give the passphrase for any subkey? Given
> that they're both subkeys, the passphrases are the same.

gpg-agent *caches* your passphrase (in encrypted form) for each of the
two operations described above.

The passphrase remains cached (you are not requested to type it again)
for the value in seconds set in ~/.gnupg/gpg-agent.conf - You can edit
that file (gpg-agent.conf) with a suitable text editor (like TextEdit
that is a part of MacOSX, or with BBEdit light (freeware).

Best regards,
Charly
OSX 10.7 (11A511) MacBook Intel C2Duo 2GHz-GnuPG 1.4.11-MacGPG2-2.0.17
Shredder 8.0a1 (2011-07-21)  Enigmail 1.3a1pre (20110717-1422)



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: I can't stop encryption being done with a wrong key

2011-05-26 Thread Charly Avital

Anne Wilson wrote on 5/26/11 2:06 PM:
> I have a friend whose gpg key became corrupt.  He created a new key, and I 
> imported it.  Then we discovered that KMail insists on trying to encrypt 
> using 
> the old key, even though I have changed his addressbook entry to reflect the 
> new key.
> 
> At this point we thought it was a KMail issue, so I moved to Thunderbird for 
> answering his mail.  Signed mail in both directions is no problem.

That's normal.
You are verifying your friend's signature with the new public key he
created and that you imported.
Your friend is verifying your signature with your public key that is
valid and in use.

> He can 
> send an encrypted message and I can read it.  The new key is fine.

When your friend encrypts a message to you, he is using your existing
public key. This has nothing to do with your friend's new key.

> However, 
> when I send an encrypted message to him we hit the rocks.
> 
> In Thunderbird I have only a minimal addressbook.  I set his record to use 
> the 
> new key for encryption, and I can't see any way that Thunderbird should know 
> about the old key.  However, the test email I sent him was signed by the RSA 
> subkey of his old key.

I can't remember how KMail sets the usage of keys. I'm a Mac user, but I
have "dabbled" occasionally in Linux and some of KMail.

In Thunderbird, key usage is set in 'Per Recipient rules', that is not
the Address Book.
> 
> Can someone please explain to me how this could be happening, and what I need 
> to do to correct it?  Should I remove his old key from my keyring?  If I do, 
> I 
> assume that I won't be able to read his older messages.


You don't have to remove his "old" public key from your keyring.

You have to edit "Per Recipient Rules" so that your friend's new public
key (in your public keyring) is linked to his User ID (e-mail address),
and used to encrypt to him.

In Thunderbird's menu please go to OpenPGP/Edit Per-Recipient Rules,
that will launch the "Per-Recipient Rules Editor". Use the search field
to search for the entry that corresponds to your friend's user ID (his
e-mail address) or choose it manually at your convenience, click
'Modify' and make the necessary adjustments to choose your friend's new
public key as the key that will be used to encrypt to him.

Your quoted posted was composed using:
User-Agent: KMail/1.13.7 (Linux/2.6.35.13-91.fc14.i686.PAE; KDE/4.6.3;
i686; ; ), and not Thunderbird.

HTH
Charly
(Testing Shredder 3.4a1pre for Mac).

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Why is "--allow-non-selfsigned-uid" needed to import this key?

2011-05-17 Thread Charly Avital

Werner Koch <8762p9qsg4@vigenere.g10code.de> wrote on 5/17/11
5:04:27 PM:
> I can see no problems from GnuPG's perspective.  I suggest to start with
> a fixed date way before 2038.  There is also an option
> --ignore-valid-drom which pertains to the selection of subkeys.  Check
> the man page.

Did you mean (copy-paste from the man page):

--ignore-valid-from
GnuPG  normally  does  not select and use subkeys created in the
future.  This option allows  the use  of  such  keys  and  thus
exhibits the pre-1.0.7 behaviour. You should not use this option unless
you there is some clock problem. See also --ignore-time-conflict for
timestamp issues with signatures.


Charly


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How do I list all recipient of a message (including myself)?

2011-05-11 Thread Charly Avital

li...@mgreg.com <6c0bda71-fd0a-4c30-ae59-50d5fb8e4...@mgreg.com> wrote
on 5/11/11 10:49:04 PM:
> Hi All,
> 
> I am writing application in which I need to know if a GnuPG encrypted message 
> was sent to me.  It seems that whenever you list the recipients of a message 
> it will list every recipient but you -- even if you're one of them.  Surely 
> there's a way to reveal whether or not you're one of those recipients...?
> 
> Regards,
> 
> Michael

You can try this, but I don't know how to integrate it into your
application:

- launch Terminal and type gpg. This will output:
gpg: Go ahead and type your message ...

- copy/page the encrypted message. If it was encrypted to your public
key, your will be prompted to enter your passphrase. After you enter it,
the output will display to which user IDs and public keys the message
was encrypted, like:
-
You need a passphrase to unlock the secret key for
user: "Charly Avital "
4096-bit RSA key, ID 02345678, created 2011-03-26 (main key ID ABCDEF1)

[and after you type in the passphrase]:

gpg: encrypted with [the second recipient's key]
  [the second recipient's user ID]
gpg: encrypted with 4096-bit RSA key, ID 02345678, created 2011-03-26
  "Charly Avital "


Charly



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to open Windows GPG encrypted files on Mac OS X

2011-05-02 Thread Charly Avital

Alexander Willner wrote the following on 5/2/11 5:28 AM:
> From our point of view the issue lies in the TextWrangler code since it 
> "destructively modifies all files it opens".

The user insightfulmac 
who originated the request in the gnupg-users list (How to open Windows
GPG encrypted files on MacOSX), solved his problem using TextWrangler:

> After reviewing all answers, I have solved my problem! As Charly correctly
> pointed out, there is a slightly difference between TXT files from Mac OS X
> and Windows (basically Windows end-of-line is /R/F and Mac is /F)... As a
> newbie in Mac OS X, I didn't know that...
> 
> The solution was to "convert" the Windows TXT file to the Mac OS X TXT
> format. Then, GPGServices worked perfectly!
> 
> By the way: GPGServices is a very elegant solution! Better and simpler than
> all frontends I have used in order to decrypt files in Windows...


I personally prefer BBEdit, but TextWrangler (released by the same
software house) can also solve the issue of converting line ends, that
was the problem of insightfulmac .

Regards,
Charly

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Slightly OFF TOPIC - Traffic analysis...in reverse?

2011-05-02 Thread Charly Avital

John Clizbe wrote the following on 5/2/11 2:15 AM:
> Charly Avital wrote:
>> Hi,
>>
>> in the avalanche of news about the [recently] late Osama Bin Laden, I
>> noticed a small item: the area where he was caught had been *also*
>> defined/pinpointed by the lack of cellular phone communications.
> 
> Among other anomalies at the compound: No cell traffic, no internet access,
> burning trash instead of putting it out for pickup, etc...

I heard later on about no internet access and burning trash. I also read
that the compound was located in a densely populated, almost urban area.

Maybe someone will learn from all this (if all this is genuine) that too
much isolation will make you stand out.

An an aside, and this is really off-topic, burning trash instead of
putting out for pickup is a standard and careful procedure in areas
where garbage pick up is not an alternative reliably available. To say
the least.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Slightly OFF TOPIC - Traffic analysis...in reverse?

2011-05-01 Thread Charly Avital

Hi,

in the avalanche of news about the [recently] late Osama Bin Laden, I
noticed a small item: the area where he was caught had been *also*
defined/pinpointed by the lack of cellular phone communications.

Go figure.




___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to open Windows GPG encrypted files on Mac OS X - Redux

2011-04-30 Thread Charly Avital

insightfulmac wrote the following on 4/29/11 10:17 PM:
> I have been using GPG for Windows for some years. Recently I've bought a
> Mac. I've installed the GPG for Mac OSX,


When I wrote "Mac line-ends" I mean Unix line-ends that are used by GnuPG.
Charly

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to open Windows GPG encrypted files on Mac OS X

2011-04-30 Thread Charly Avital

insightfulmac wrote the following on 4/29/11 10:17 PM:
> I have been using GPG for Windows for some years. Recently I've bought a
> Mac. I've installed the GPG for Mac OSX,

What gpg (or gpg2) version have you installed?

> but the problem is that I am not
> able to open the old GPG for Windows encrypted files.

Do you mean stand-alone encrypted files, or encrypted e-mails (or both)?

> I have installed the GPGServices, so what I do is: open the Windows
> encrypted files on Mac using the TextWrangler text editor, selecting the
> encrypted text and choosing Services->OpenPGP Decrypt.
> 
> However, I always receive the following error: "Decryption failed. No
> decryptable text was found within the selection".

As far as I know, Windows uses line-ends that are different from the
ones used by MacOSX.

When you use TextWrangler to open Windows encrypted files, have you
tried to save them using the option Mac line-ends, and then decrypt them
with MacOSX? I am not referring to the use of GPGServices.

> Does anyone know how can I decrypt Windows-GPG encrypted files on Mac OS X?

Without using GPGServices, have you been able to decrypt MacOSX
encrypted files, or e-mails, or both? Just to check that your MacOSX
installation of gpg or gpg2 is working as it should?

Charly
MacOS 10.6.7-MacBook Intel C2Duo 2GHz-GnuPG 1.4.11-MacGPG 2.0.17
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.17)
Gecko/20110414 Thunderbird/3.1.10 Enigmail 1.2a1pre (20110426-1757)
GPGMail 1.3.3




___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: (was: OFF LIST) Your signed posts.

2011-04-28 Thread Charly Avital

Mike Acker wrote the following on 4/28/11 11:29 AM:
> i have PGP/MIME set ON so this should not happen (and HTML has to be MIMEd )
> 
> from your note it sounds like Thunderbird is sending BOTH .txt and .html
> formats.  I would expect your e/mail client to selecvt one of these --
> and either should verify -- which would mean the message has to carry
> two signatures

When I set manually Thunderbird to *display* in plain text, your
signature verifies.

I have set Thunderbird to *send* in plain text (converts to plain text
if html is present).

I always compose in plain text, but I guess that when quoting html
formatted text, both formats are present.

Charly


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Is the OpenPGP model still useful?

2011-04-27 Thread Charly Avital

Robert J. Hansen wrote the following on 4/27/11 9:48 AM:
> (The subject line may be provocative, but please don't think I'm arguing
> that it's not useful.  I don't know.  I just had an idea a couple of
> days ago, and I figure it might be worth some discussion.)
> 
> 
> 
> OpenPGP takes its origins from ClassicPGP,

I'm buying.

May I cross-post and quote, with attribution (CC3 maybe)?

Thanks.

Charly

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Redux (gettext): was: gpg 1.4.11 - problem with dyld when refreshing keys. on a PowerPC Mac.

2011-04-13 Thread Charly Avital

Hi,

In my previous post:

> System: gpg 1.4.11 - Processor: PowerPC G4  (1.1) - MacOSX 10.5.8
> 
> Compiled from freshly downloaded source code:
> /.configure without flags
> Version info:   gnupg 1.4.11
> Configured for: Darwin (powerpc-apple-darwin9.8.0).
> Compiled and installed.
> 
> When running from Terminal:
> $ gpg --refresh-keys
> 
> Output starts with:
> gpg: requesting key C91B085E from http server subkeys.pgp.net
> dyld: Library not loaded: /usr/local/lib/libintl.3.dylib
>   Referenced from: /usr/local/libexec/gnupg/gpgkeys_http
>   Reason: image not found
> gpg: unnatural exit of external program
> gpg: no handler for keyserver scheme `http'


I made some research, and found pointers to the possibility that the
problem was with the version of gettext.

I was running version 0.17.

I attempted to upgrade to the current 0.18.1.1, it failed, but 0.18.1
got installed. The problem with gpg --refresh-keys remained unchanged.
I tried to install  gettext 0.18, it failed.

If someone is interested in the problem, I can copy the Terminal outputs.

By the way, gettext 0.18.1.1 installs without problems on an Intel
MacBook, where the command gpg --refresh-keys runs and completes without
warnings.

Thanks,
Charly



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Problem with migration from 1.2.4 to 2.0.9

2011-04-12 Thread Charly Avital

Michel Mansens wrote the following on 4/12/11 3:31 AM:
> can't connect to `/home/user/.gnupg/S.gpg-agent': No such file or directory
> gpg-agent[22946]: command get_passphrase failed: Operation cancelled
> gpg: cancelled by user
> Can't edit this key: General error
> 
> How can I fix this? 

I tried to find out from the raw source of your e-mail what platform you
are running. But as it often happens with @gmail.com addresses, this
kind of information is not displayed.

The current stable gpg2 is 2.0.17.
How did you install 2.0.9?


2.0.9 uses gpg-agent to cache the passphrase, and pinentry to enter the
passphrase.
"can't connect to `/home/user/.gnupg/S.gpg-agent': No such file or
directory" is typical of gpg-agent not being activated.

I'm a Macintosh user, and I don't know enough about your problem to help
you really.
If you would post to the list more information about what OS you are
running (and its version), how you installed 2.0.9, and the output to
the following commands after the prompt in Terminal:
gpg-agent

cat ~/.gpg-agent-info

I hope that more knowledgeable list members will be able to help.

Charly
MacOS 10.6.7-MacBook Intel C2Duo 2GHz-GnuPG 1.4.11-MacGPG 2.0.17
Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.6; en-US; rv:1.9.2.15)
Gecko/20110303 Thunderbird/3.1.9 Enigmail 1.2a1pre (20110408-1936)

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

gpg 1.4.11 - problem with dyld when refreshing keys.

2011-04-12 Thread Charly Avital

Hi,

System: gpg 1.4.11 - Processor: PowerPC G4  (1.1) - MacOSX 10.5.8

Compiled from freshly downloaded source code:
/.configure without flags
Version info:   gnupg 1.4.11
Configured for: Darwin (powerpc-apple-darwin9.8.0).
Compiled and installed.

When running from Terminal:
$ gpg --refresh-keys

Output starts with:
gpg: requesting key C91B085E from http server subkeys.pgp.net
dyld: Library not loaded: /usr/local/lib/libintl.3.dylib
  Referenced from: /usr/local/libexec/gnupg/gpgkeys_http
  Reason: image not found
gpg: unnatural exit of external program
gpg: no handler for keyserver scheme `http'

Followed by 9 consecutive warnings "application gpgkeys_http crashed"
(but the process continued).
All those warnings had in common the following:
Process: gpgkeys_http [1372]
Path:/usr/local/libexec/gnupg/gpgkeys_http
Identifier:  gpgkeys_http
Version: ??? (???)
Code Type:   PPC (Native)
[...]
Dyld Error Message:
  Library not loaded: /usr/local/lib/libintl.3.dylib
  Referenced from: /usr/local/libexec/gnupg/gpgkeys_http
  Reason: image not found


The process continues, checking and reporting and concludes with:
gpg: Total number processed: 37
gpg:  unchanged: 30
gpg:   new user IDs: 3
gpg: new signatures: 791




I have saved the complete outputs of gpg 1.4.11 compile, the 9 warnings,
the --refresh-keys process. It they can be useful for further reference,
I can e-mail them to whomever will ask.

Thanks,
Charly



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Signing a key (meaning)

2011-04-07 Thread Charly Avital

Faramir wrote the following on 4/7/11 8:29 PM:
>   Oh, well, encryption faeries soon or latter will upload your keys to
> keyservers. And you can't prevent people from signing it, specially the
> newbies reading support lists.

I can't prevent it, but I may naively expect people to respect conventions.
And as you write further in your remarks, there is such a thing as a
local (non-exportable) signature.

>> I didn't invite this person to sign my key.
> 
>   Yes, but the default setting of GnuPG is not encrypt to untrusted
> keys, so the first thing a newbie might do is to sign the keys of people
> providing support in the list. After all, "trust all" doesn't sound any
> good.

"Trust all keys" is expedient and "not good".

Again: local signature.


> But local signatures is something we don't learn on the first day.

Eventually, one learns.

> your new key might be uploaded, if one day one of your correspondents drink 
> decaffeinated
> coffee by mistake.

One must accept to live dangerously :-)

Thank you for remarks.
Charly

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Signing a key (meaning)

2011-04-07 Thread Charly Avital

Kevin wrote the following on 4/7/11 9:49 AM:
> If nothing else, it
> establishes that you have some kind of relationship with the owner of
> the key you signed. It may establish that you an he/she were in a
> specific place at a specific time (e.g. a keysigning party), etc. The
> words "no information" must be used with great care, because information
> leaks out of every pore in even the best crypto-systems. Whether that
> information is valuable or useful in some way, to a third party, is
> another matter.

In another forum, one of the members signed my public key and uploaded
it to the keyservers with his/her signature, without asking nor
notifying me (the key was already on the key servers, but without this
added signature)

I didn't invite this person to sign my key.

I don't know this person, never met her/him, never had any contact
except the fact that we both participate in the same forum, together
with other members.

I decided against asking this person to revoke the signature.
I generated a new key pair (that I don't intend to upload to any key
server, but instead I shall send it directly to people whom I correspond
with), and I shall gradually "phase-out" the previous key, until I
finally revoke it.

Yes, I know. Paranoia.

Charly



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Keyservers

2011-03-20 Thread Charly Avital

Ingo Klöcker wrote the following on 3/20/11 11:43 AM:
> 
> I doubt this very much because the encoding surely happens before the 
> signing.
> 
> 
> Regards,
> Ingo

In my post, I also indicated that there was a string --=20 between the
actual text and the signature disclaimer ""CONFIDENTIALITY NOTICE: This
e-mail"

After Jonathan disabled that signature add-on, his signed messages verified.

Regards,
Charly


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Keyservers

2011-03-20 Thread Charly Avital

Jonathan Ely wrote the following on 3/20/11 8:57 AM:
> It seems no matter which key server I try I encounter the alert saying
> nothing can be found. This is very annoying. Does anybody know what the
> problem is and how I can fix it? I can not seem to find a list of key
> servers online. All I want to do is search for one's public key and
> import it but I can not.

When verifying your signature and *without* importing the keyblock you
attached to your message:

gpg: Signature made Sun Mar 20 08:58:08 2011 EDT using RSA key ID 4B22824D
gpg: requesting key 4B22824D from hkp server pool.sks-keyservers.net
gpg: key 4B22824D: public key "Jonathan Ely " imported
gpg: Total number processed: 1
gpg:   imported: 1  (RSA: 1)
gpg: BAD signature from "Jonathan Ely "

That server (pool.sks-keyservers.net) is working, as well as e.g.
pgp.uni-mainz.de, keyserver.linux.it, just to mention those.

The raw source of your e-mail displays:
From: Jonathan Ely 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.15)
Gecko/20110303 Thunderbird/3.1.9
Something *might* be wrong in the settings of your OpenPGP keyserver
configuration.

Your signature does not verify. I doesn't verify either in your previous
post with subject "Re: what are subkeys"

In both e-mails the raw source displays:
Content-Transfer-Encoding: quoted-printable
and the string: --=20  between the actual text and the blurb
"CONFIDENTIALITY NOTICE: This e-mail" .

"quote-printable" might be the reason why the signature does not verify.

Charly
MacOS 10.6.6-MacBook Intel C2Duo 2GHz-GnuPG 1.4.11-MacGPG 2.0.17
Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.6; en-US; rv:1.9.2.15)
Gecko/20110303 Thunderbird/3.1.9 Enigmail 1.2a1pre (20110314-1953)


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: keyservers

2011-03-17 Thread Charly Avital

Andrew Long wrote the following on 3/17/11 4:43 PM:
> Anyone else having problems accessing pool.sks-keyservers.net? I've  
> tried pointing nslookup at a couple of the root DNS name servers and  
> get DOMAIN (not known)
> 
> Regards, Andy

Was down two hours ago, still down now 5:30 PM DST.

Charly

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Language question

2011-03-17 Thread Charly Avital

Ingo Klöcker wrote the following on 3/17/11 3:41 PM:
> On Thursday 17 March 2011, Charly Avital wrote:
>> Hi,
>>
>> when the user's locale is e.g. French, and she/he is generating a key
>> in Terminal (or DOS prompt, if that's what it is called in Windows),
>>  is the interactive dialogue displayed in French (or in the language
>> of the user's locale)?
>> Ditto for all other gpg interactive dialogues.
> 
> On Linux this the case. Why do you ask?
> 
> 
> Regards,
> Ingo

Hi Ingo,

I'm asking because in the course of localizing an application written
for Mac users, and that is a GUI for interactive actions that can be
carried via Terminal by Command Line Instructions, I have found several
terms that are exactly the ones that are displayed in Terminal.

I was surprised that in spite of being a GUI, it was still necessary to
actually include those interactive processes in the body of the
applications, whereas _*maybe*_ it would have been possible to somehow
create an interface that would have retrieved the interactive commands
and actions from GnuPG running in the language required for the
localization.

I have *not* written the application (I have no programing skills or
even knowledge), but was just helping to localize the required strings.

Thanks,
Charly

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Language question

2011-03-17 Thread Charly Avital

Hi,

when the user's locale is e.g. French, and she/he is generating a key in
Terminal (or DOS prompt, if that's what it is called in Windows),  is
the interactive dialogue displayed in French (or in the language of the
user's locale)?
Ditto for all other gpg interactive dialogues.

Thanks,
Charly

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Hashed user ID.

2011-03-12 Thread Charly Avital

Hi,

from Terminal, from two different keyservers:

(1) Barack Hussein Obama (PoC) 
  1024 bit DSA key 76F5FE21, created: 2010-04-07
(2) Barack Hussein Obama (DOD) 
  1024 bit DSA key 0B72EB0F, created: 2009-04-27


presidente can be Portuguese, Brazilian or Spanish

casabranca is both Portuguese and Brazilian

"PoC" no less that 94 acronyms can be Googled. I don't know whether PoC
stands for some Portuguese or Brazilian function.

DOD, Department of Defense?

Phishing?

Charly

I didn't actually download the keys, so I don't know what's in them.






___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: "This key may be unsafe"

2011-03-07 Thread Charly Avital

Hi,

thanks to all who answered, explained and referred.

As far as I am concerned, I am satisfied, documented, and again, grateful.

Charly



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

"This key may be unsafe" - Redux

2011-03-07 Thread Charly Avital

> GPG Keychain Access 0.8.4 shows a red warning 'This key maybe unsafe'
> for *any* key with a length equal or inferior to 1024 bits.
[...]

> 
> Are keys whose length is equal or inferior to 1024 bits *unsafe*?
> If so, how are they unsafe?
> Where is this key length unsafe situation documented?

I am not aware of any GnuPG command in Terminal that would display or
warn about this situation. Is there any, or should there be any?


[...]

TIA.
Charly






___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

"This key may be unsafe"

2011-03-07 Thread Charly Avital

GPG Keychain Access 0.8.4 shows a red warning 'This key maybe unsafe'
for *any* key with a length equal or inferior to 1024 bits.

GPG Keychain Access 0.8.4 is a GUI for key management for Mac users.


A Google search with key sentence "This key maybe unsafe" between
inverted commas, to limit the search to the whole sentence, displays
hits that relate directly or indirectly (Twitter) only to GPGTools' lists.

I am cross-posting to gnupg-users to try and get more feedback about
this issue:
Are keys whose length is equal or inferior to 1024 bits *unsafe*?
If so, how are they unsafe?
Where is this key length unsafe situation documented?

As a personal example, my primary key A57A8EFA is a DSA "old" 1024 bit
key, but its encryption subkey is 2048 bit long, and I use a sign-only
2048 bit long RSA subkey. I also get that red warning with GPG Keychain
Access 0.8.4

TIA.
Charly






___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: MacGPG2 v2.0.17-9 released!

2011-02-14 Thread Charly Avital

Benjamin Donnachie wrote the following on 2/14/11 10:22 AM:
> MacGPG2 v2.0.17-9 is available from
> https://github.com/downloads/GPGTools/MacGPG2/MacGPG2-2.0.17-9.zip

[snip]

> MD5 (MacGPG2-2.0.17-9.zip) = 36dec9b2b7f24234a2286d736397d8e9
MD5(MacGPG2-2.0.17-9.zip)= 36dec9b2b7f24234a2286d736397d8e9
> MD5 (MacGPG2-2.0.17-9.pkg) = 1d6698bca1450496543030247934579b
MD5(MacGPG2-2.0.17-9.pkg)= 1d6698bca1450496543030247934579b

[snip]
>  * Supports 32- and 64-bit Intel Macs running OS X Leopard (10.5) and higher.

Running MacBook5,1 Intel Core 2 Duo 32-bit MacOSX 10.6.6

[snip]

Test commands ran smoothly:
$ gpg2 --version
$ gpg-agent
$ ps waux | grep gpg-agent
$ echo test | gpg2 -aser "Your Name" | gpg2
$ echo test | gpg2 -aser "Your Name" | gpg2
$ ps waux | grep gpg-agent (after testing signing, verifying decrypting
with gpg-agent).

Thank you Ben!

Charly


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: unsubscribe

2011-02-05 Thread Charly Avital

David Topping wrote the following on 2/5/11 2:06 PM:
> 
> unsubscribe
> --
> David Topping
> e: m...@david-topping.com


To unsubscribe, please go to
 and scroll down to
the unsubscribe option.

Best regards,
Charly

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

MacGPG2 2.0.17

2011-01-24 Thread Charly Avital

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Kevin Kammer wrote the following on 1/24/11 8:42 PM:
> Thanks for the suggestion, but having deactivated everything GnuPG
> related that was installed by MacPorts, and running the latest GPGTools
> installer offered from their website, I ended up with far more problems
> than I solved. So, for the time being I am going to revert to gpg from
> MacPorts and use Mutt when I need to sign or encrypt something directly
> from the mail client.
> 
> Thanks again,
> Kevin

To the best of my knowledge, there was no need to deactivate the
MacPorts installation, but it can't hurt to have done so.

I have not run the GPGTools installer, I have run the MacGPG2 2.0.17
released a few hours ago by Ben Donnachie:
> MacGPG2, a build of GnuPG2 for MacOSX with a native pinentry program,
> has been updated to GnuPG v2.0.17.
> 
> Download available from
> https://github.com/downloads/GPGTools/MacGPG2/MacGPG2-2.0.17.6.zip and
> detached signature at
> https://github.com/downloads/GPGTools/MacGPG2/MacGPG2-2.0.17.6.zip.asc

And *everything* related to MacGPG2, Thunderbird+Enigmail and GPGMail
1.3.2.RC1 is running just fine:
- - decrypt/verify
- - encrypt
- - sign

Ditto for test commands in Terminal, such as:
ps waux | grep gpg-agent
echo test | gpg2 -aser [your user name] | gpg2



Best regards,
Charly




-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GnuPG for Privacy
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJNPnjpAAoJEM3GMi2FW4PvUS4H/RuSuhv7gQa3s9SGXnBaZySG
UWm7ogt29uUn1tD05zYbW3iM/WYcfrqmXqelY4NF4lqGgrlweQjmPXFr1uCjF9VA
3bUnXrG4D3sSlzC211ZJJmthD6wa5OJOm00+9HuGZWKA04V5ziLPon+zpbz7/B1Y
wwm0Eh6CEBUlyyHpozPyUqHIKUiZ02yBkKuH4HxKuauBVsi4EZmUjInHwte6siLH
esnYc8KvyELImMkiSJ4+ccmp+LIod2lDFKKAgManQ3kMOJTzt0Pc9CCNAyEshCCo
9PaOCJfD+k3Zu754O/0IKm+UZUbCPaDA2wdx3I+z5WDzm31fG+Jvs3BQhOQ3qdI=
=wcjU
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Gpg for iPhone or iPad

2011-01-23 Thread Charly Avital

Derick Centeno wrote the following on 1/23/11 2:21 PM:
> I came across this article which may be of interest to others in this 
> thread.
> 
> Here's the article: 
> http://anthonyvance.com/blog/forensics/iphone_encryption/


Thank you Derick, very interesting.
I appreciate it,
Charly

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Gpg for iPhone or iPad

2011-01-23 Thread Charly Avital

Ingo Klöcker wrote the following on 1/23/11 1:50 PM:>
> Well, it's pretty clear that there will never be a Mobile GnuPG that is 
> available via Apple's App Store because the App Store is inherently 
> incompatible with Free Software released under the GPL.

Thank you for your clarification.

Charly



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Gpg for iPhone or iPad

2011-01-23 Thread Charly Avital

Benjamin Donnachie wrote the following on 1/23/11 7:08 AM:
> There's oPenPG Lite available from the App Store but it doesn't work
> with my private key! YMMV of course!
> 
> Ben

oPenGP Lite (couldn't find any version without the 'Lite').
This version works one way, it decrypts only, doesn't encrypt.
This is a PGP Corporation (owned by Symantec now) App, hence the upper
case PGP in oPenGP.


I don't know whether there is, or will be, a Mobile GnuPG what will work
under iPhone or iPad iOS.

I generated on my Mac a new key pair (default RSA/RSA 2048). I didn't
want to use my "regular" key.

Exported the secret key to the Mac's Desktop.

Connected the iPhone via iTunes (hardwired USB)

Imported the secret key to the iPhone via iTunes and an App called
'Files' .

In 'Files' I could see the key block, select all/copy.

Back to oPenGP, Import clipboard, ascertained that the key is now in the
keyring.

Back to 'Files', set an access locked code. Checked that it works.
Deleted the secret key keyblock.

Sent myself a test message encrypted with the public key of the above
keypair.

Downloaded the e-mail in iPhone, select all/copy.

Back to oPenGP, Import/Decrypt Clipboard, enter the passphrase.

It works.

I don't feel at ease having my secret key in my iPhone, but i can learn
to live with it, if I really want to use this iPhone feature.
I'm not sure I want to.

Charly








___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Pinentry-mac0.5 fails under MacGPG2 2.0.16

2011-01-07 Thread Charly Avital

Roman Zechmeister wrote the following on 1/6/11 6:56 AM:
> Please test these version of pinentry-mac: pinentry-mac_0.5.tar.bz2
> 


Tested pinentry-mac 0.5 with MacGPG2 2.0.16.

When trying to decrypt an encrypted-signed message
'no pinentryproblem with gpg-agent...no secret key'

Everything goes back to full functionality after running MacGPG2 2.0.16
installer.

Full functionality includes gpg-agent running for the duration of the
cache value set in ~/.gnupg/gpg-agent.conf

Have a fine week end.
Charly

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GPG on Windows 7?

2010-11-17 Thread Charly Avital

Jerry wrote the following on 11/17/10 12:26 PM:

> A simple Google: "in-line PGP deprecated" will turn up numerous hits.
> You also might want to see: Use PGP/MIME, aka RFC 3156

May I refer you to r...@sixdemonbag.org's post on the matter?

>>> In any case, Outlook 2007 is deprecated also. Comparing a
>>> nearly four year old version is counter productive. Update to the
>>> 2010 version and see if your problems still exist.

Ditto, please see r...@sixdemonbag.org comments on this issue.

>> I have no intention to update Outlook because I don't intend to use it
>> for practical purposes, but thanks for the advice.
> 
> If you have no practical use for it then why bother inquiring?

I didn't inquire. The inquire was initiated by bo.bergl...@gmail.com.

> You
> either use it or you don't. There is no such thing as "slightly
> pregnant".

Thank you for this valuable insight.

> If you are going to use it, then use an updated version or
> don't complain.

I didn't complain. I merely informed bo.bergl...@gmail.com of how the
application was behaving.

> If I were to use an antiquated version of GnuPG and
> experienced problems, what do you think might be the first thing I
> would be advised to do?

GnuPG 2.0.14 is antiquated? I am sure the gpg4win people will be
interested to know.

> 
>> This question should be answered by bo.bergl...@gmail.com.
> 
> If you could not answer the question then why mention it in your
> original post?

I did not mention the question in my post. The matter was reported by
bo.bergl...@gmail.com, and he is answering your question in a separate
e-mail.


Finally, I choose to answer appropriately and directly to Jerry
.

Charly

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GPG on Windows 7?

2010-11-17 Thread Charly Avital

Jerry wrote the following on 11/17/10 8:45 AM:
> PGP in-line is deprecated anyway.

Interesting. Can you please document? Thanks.

> Personally, it is a distraction when
> I have to strip that crap out of messages when replying.

I don't mind.
> Worse, it
> invalidates "sig-delimiters". I would call this a _welcome_ feature
> from Outlook.

Also interesting.
> In any case, Outlook 2007 is deprecated also. Comparing a
> nearly four year old version is counter productive. Update to the 2010
> version and see if your problems still exist.

I have no intention to update Outlook because I don't intend to use it
for practical purposes, but thanks for the advice.

> 
> Windows 7 (32) or (64) bit? I have heard of problems with GPG not
> working correctly with the 64 bit system due to problems with the GPG
> libraries not being true 64 bit.

That's probably the cause.

>>> We use GPGee for encrypting files since we cannot use Outlook email
>>> encryption, so we need this to work in the Explorer for Windows 7
>>> too.
> 
> Why?

This question should be answered by bo.bergl...@gmail.com.

Regards,
Charly


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GPG on Windows 7?

2010-11-17 Thread Charly Avital

Bo Berglund wrote the following on 11/17/10 1:33 AM:
> Is it possible to use GPG on Windows 7 (32 and 64 bit)?

I am running Gpg4win 2.0.4 on a desktop Acer Inspire, under Windows 7
Home Premium 64bits.

For test only. I am a Macintosh user, the Acer (incredible machine) is a
present from the family.

> We have kept using Gpg4Win 1.1.4 for some time since when we tried the
> version 2.0.0 it killed certain functions on our PC:s (I think for
> instance Outlook went haywire).

Outlook (Office 2007) recognizes gpg 2.0.14, but the interaction, IMO,
is unreliable.

For an example, Outlook strips in-line signed messages of what it calls
"extra line-returns" (?), therefore invalidating the signature.

Encrypted and signed messages are processed correctly.

I have still to text interaction with Thunderbird+Enigmail.

> But now our IT person says GPG does not work on Windows 7, so what is
> the final verdict here?

I am far, far from being an IT person. I am just an empirical end-user
> 
> We use GPGee for encrypting files since we cannot use Outlook email
> encryption, so we need this to work in the Explorer for Windows 7 too.
> 
> Or is there a  new version that can handle the Outlook emails
> properly? Note: we do not want to change into only using plain text
> emails.


Generally speaking, if you want to use *also* HTML emails with
encryption, you are headed for trouble, but that's your choice.

If I get more meaningful results of my tests, I shall update you.

Best regards,
Charly
MacOS 10.6.5-MacBook Intel C2Duo 2GHz-GnuPG 1.4.11-MacGPG 2.0.16
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.12)
Gecko/20101027 Thunderbird/3.1.6 - Running Enigmail version 1.1.2
(20100629-1412)



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg key generation options

2010-11-14 Thread Charly Avital

Francesco Savino wrote the following on 11/13/10 5:54 PM:
> 
> I have installed gpg version 1.4.10 , the last I think.

The current release for GnuPG is 1.4.11, and 2.0.16 for gpg2.

But I believe 1.4.10 is fine too.

> My final problem is to get an explanation of fourth voice RSA and RSA
> , why I can't encrypt a file with a key pair generated with this option ?


In Terminal choice number (4) is:
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)

That is: "RSA (sign only). As its name indicates, it's only for signing,
you can't use it for encryption.

As for RSA and RSA choice number (1), I ran a test, and generated an RSA
keypair, that includes an Encryption subkey.

Regards,
Charly
MacOS 10.6.5-MacBook Intel C2Duo 2GHz-GnuPG 1.4.11-MacGPG 2.0.16
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.12)
Gecko/20101027 Thunderbird/3.1.6 - Running Enigmail version 1.1.2
(20100629-1412)



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

MacOSX update 10.6.5

2010-11-11 Thread Charly Avital

Hi,

the recent MacOSX's update to 10.6.5 has not affected GnuPG 1.4.11,
MacGPG2 (with gpg-agent) under TB+Enigmail.

As expected it has affected Apple's Mail with GPGMail, I have reported
this in the appropriate forum.

Charly
MacOS 10.6.5-MacBook Intel C2Duo 2GHz-GnuPG 1.4.11-MacGPG 2.0.16
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.12)
Gecko/20101027 Thunderbird/3.1.6 - Running Enigmail version 1.1.2
(20100629-1412)

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG skips the passphrase when creating a keypair

2010-10-20 Thread Charly Avital

Raditya Arthapraja wrote the following on 10/20/10 9:57 AM:
> Hi, 
> 
> I'm using MacGPG2 version 2.0.14RC2 with MacOS X 10.6.4 - Snow Leopard as the 
> OS.

Me too.

> 
> When trying to generate a keypair, MacGPG skips the step to input the 
> paraphrase and continues to create the key.
> 
> ex:
> ---terminal---
> me$ gpg --gen-key
> 
> Please select what kind of key you want?
> 1
> 
> Please specify how long the key should be valid.
> 0
> 
> *entered name, comment & email
> 
> Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
> You need a Passphrase to protect your secret key.
> 
> You don't want a passphrase - this is probably a *bad* idea!

Did you actually skip that option?


[...]

> Enter the new passphrase for this secret key.

Here, if everything is working correctly, you should have the pinentry
window show on screen, requesting you to enter the passphrase (with a
small square that, if unmarked, will enable you to actually see what you
are typing).

Once this down, a similar pinentry window where you are requested to
type the passphrase again, for confirmation.

> 
> gpg: problem with the agent: Not supported

Did you check whether gpg-agent is running and available?

In Terminal
gpg-agent [return]
you should get:
$ gpg-agent
gpg-agent: gpg-agent running and available

Also in Terminal:
$ which gpg-agent
you should get:
/usr/local/bin/gpg-agent

If you don't get that Terminal output, could you please copy-paste what
you get?

Please note that there is a dedicated list for gpg2 users:
Macgpg2-users mailing list
macgpg2-us...@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/macgpg2-users

You might want to join that list and post to it.

Charly


> ---terminal---
> 
> 
> I don't now if anybody else is experiencing this problem or not, if so has 
> this been resolved?

I just tried to generate a key, in Terminal. I didn't skip the
passphrase option, entered a passphrase, etc...key was generated.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] GnuPG 1.4.11 released

2010-10-18 Thread Charly Avital

Werner Koch wrote the following on 10/18/10 7:33 AM:
> Hello!
> 
> We are pleased to announce the availability of a new stable GnuPG-1
> release: Version 1.4.11.  
> 

Compiled for MacOS 10.6.4 (Darwin 10.4.0).
Thanks.

Charly
MacOS 10.6.4-MacBook Intel C2Duo 2GHz-GnuPG 1.4.11-MacGPG 2.0.14
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.8)
Gecko/20100802 Thunderbird/3.1.2 - Running Enigmail version 1.1.2
(20100629-1412)

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Can't use GPG key - secret key not available

2010-09-30 Thread Charly Avital

Madhusudan Singh wrote the following on 9/30/10 11:40 AM:
> It did not work. I still get the same error as before.
> 
> I somehow doubt that this suggested solution would work, but how do I
> get the 16 last characters ? I remember seeing it when it was generated.

In Terminal:
gpg --fingerprint [your 8 characters Key ID) return.
Select the last four 4 hexadecimal characters groups, and merge them
into one 8 characters string.


1. It works for me.
and/or
2. Configure your default key in the settings of the MUA you are using.

Charly

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Can't use GPG key - secret key not available

2010-09-30 Thread Charly Avital

Noiano wrote the following on 9/30/10 3:48 AM:
> Hi,
> check your gpg.conf. You should have a "default-key" parameter set. I
> have "default-key AB10E8D2".
> 
> Hope this helps.
> 
> 
> Noiano

If the above does not help, try using the long key ID, 16 last
characters (instead of 8) of the key's fingerprint.

Charly
MacOS 10.6.4-MacBook Intel C2Duo 2GHz-GnuPG 1.4.10-MacGPG 2.0.14
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.8)
Gecko/20100802 Thunderbird/3.1.2 - Running Enigmail version 1.1.2
(20100629-1412)

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: file contained no OpenPGPdata

2010-07-27 Thread Charly Avital

Sergey Matveev wrote the following on 7/27/10 12:33 PM:
> Greetings,
> 
> On Tue, Jul 27, 2010 at 09:14:45AM -0700, Cooperider, Brian wrote:
> 
>> Thanks, I'm correct in that GNUPG is not compatible with IDEA but is
>> with casts and 3DES?
> 
> IDEA is patented, that is why default distributions and build of GnuPG
> do not include it. But it can be recompiled and built-in and
> successfully used. GnuPG supports many other various ciphers such as
> CAMELIA, Blowfish, Twofish, AES. You should recompile it with the needed
> ones.
> 



For Windows users, I believe you would need:
ideadll.zip then
ideadll.zip.sig to authenticate, then
expand ideadll.zip and proceed from there.



In my MacOSX system I have:

gpg (GnuPG) 1.4.10
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later

This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA (S1), 3DES (S2), CAST5 (S3), BLOWFISH (S4), AES (S7),
AES192 (S8),
AES256 (S9), TWOFISH (S10), CAMELLIA128 (S11), CAMELLIA192 (S12),
CAMELLIA256 (S13)
Hash: MD5 (H1), SHA1 (H2), RIPEMD160 (H3), SHA256 (H8), SHA384 (H9),
  SHA512 (H10), SHA224 (H11)
Compression: Uncompressed (Z0), ZIP (Z1), ZLIB (Z2), BZIP2 (Z3)


Charly


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Can't open PGP file with Gnupg

2010-07-26 Thread Charly Avital

Robert J. Hansen wrote the following on 7/26/10 10:50 AM:
> On 7/26/10 10:41 AM, Cooperider, Brian wrote:
>> Thanks Charly for the quick response. We are a windows user. I'll need
>> to verify the exact version of pgp they are using. I won't be able to
>> see if that works until tomorrow but hopefully it does.
> 
> I believe Charly is in error.  The line ending convention is specified
> in RFC4880, and both GnuPG and PGP conform to that.

I possibly am. My very empirical knowledge of crypto does not include RFC's.

I remember that in order to have GnuPG import e.g. key blocks generated
by prior to Windows and even Macintosh PGP 7.0 releases, I had to
convert those key blocks to Unix line-endings. Right now, using PGP
Desktop 10.0.2.13, I have no such problem.

Another erroneous guessing would be that the file that Brian has been
trying to import is not in ASCII format?

Charly

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Can't open PGP file with Gnupg

2010-07-26 Thread Charly Avital

Cooperider, Brian wrote the following on 7/20/10 4:48 PM:

> File contained no openPGdata. 

GnuPG requires Unix line endings.

Maybe, just maybe the file that was created by 6.5 command line (would
that be PGP Command line 6.5.8?) is not Unix line ended.

You might want to try and convert that file from his current format to
Unix line-endings, using a text editor. As a Macintosh user, I would
avail myself of BBEdit. I guess that you are a Windows user, I don't
know which editor would be available.

Just a thought.
Charly

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GPGMAL english

2010-07-14 Thread Charly Avital

LJE wrote the following on 7/13/10 5:08 PM:
> When I do the same thing with the Macbook, my recipient receives an email
> with two attachments:
> mail and file attachment pgp.asc

It seems that your e-mail application in the MacBook is configured to
use PGP/MIME

(French: il semblerait que votre générique de courrier électronique dans
votre MacBook est reglé à utiliser PGP/MIME.


> Do you know how to make my recipients can receive as IMAC sending ...


If you are using Apple's Mail application with GPGMail, please go to
Mail/Preferences/PGP/Composing and disable 'By default, use OpenPGP/MIME'
(French: si vous utilisez le générique Mail de Apple, avec GPGMail,
ouvrez Mail/Préférences/PGP/Composition et démarquez le petit bouton
carré 'Par défaut, utiliser OpenPGP/MIME'

> Thank you all for your help 
> 
> Excuse me, i'm french

Nothing to be excused about :-)

Charly
MacOS 10.6.4-MacBook Intel C2Duo 2GHz-GnuPG 1.4.10-MacGPG 2.0.14
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.4)
Gecko/20100608 Thunderbird/3.1 + Running Enigmail version 1.1.2
(20100629-1412)



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Keys substitution

2010-06-13 Thread Charly Avital

Filippo Valsorda wrote the following on 6/13/10 12:34 PM:
> Hi, i created a keyring a couple of years ago without any serious
> intent. I kept my keys "not so secure".
> 
> Now i want to restart, without changing ID, as i am always the same
> person, but revoking all from the past.
> What have I to do?
> Thanks a lot
> 
> 
> sec   1024D/01A82A13 2008-09-21
> uid  Filippo V 
> uid  FiloSottile (Work and spam e-mail)
> 
> ssb   2048R/19755070 2009-07-31
> 

This is what I get:

-
pub  1024D/01A82A13  created: 2008-09-21  expires: never   usage: SCA
 trust: unknown   validity: unknown
sub  2048R/19755070  created: 2009-07-31  expires: never   usage: E
This key was revoked on 2009-07-31 by DSA key 01A82A13 FiloSottile (Work
and spam e-mail) 
sub  2048g/E159FB03  created: 2008-09-21  revoked: 2009-07-31  usage: E
[ unknown] (1). FiloSottile (Work and spam e-mail)

[ unknown] (2)  Filippo V 
-

It seems that "all from the past" has already been revoked (by you,
hopefully).
I suggest that you generate a new key pair, with a good passphrase,
generate the corresponding revocation certificate (that you will store
in a secure place), and upload your new public key to a keyserver.

Good luck.
Charly


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Test mail to shavi...@mac.com

2010-06-11 Thread Charly Avital

Werner Koch wrote the following on 6/11/10 3:39 AM:
> Hi!
> 
> One of the subscribers to this list created a mail forward to an
> automated ticketing system which responds to the the poster.  The
> owner of the ticketing system at secure.mpcustomer.com does not
> respond to any of our queries to send us more information on the mails
> triggering the posting.  Thus we need to send these test mails in the
> hope to figure out the culprit.
> 
> Sorry for the inconvenience,
> 
>   Werner
> 
> 

Text received, Werner.

Tks,
Charly


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: upgrading from 1.4.7 to 2.0.14

2010-05-27 Thread Charly Avital

Olav Seyfarth wrote the following on 5/28/10 1:07 AM:
> Hi,
> 
>> i have gnuPG 1.4.7 currently installed on windows xp
>> i want to install gnuPG 2.0.14
>> question: will there be any compatibility issues with my current keys, etc?
> 
> None that I know of. I had no troubles to use and edit old and new keys.
> 
> Olav


No problems with the keys per se, but I am referring here to the 'etc?'
in your question.

GnuPG 2.0.14 will require the configuration and use of gpg-agent, that
will cache (without writing it to disk) the passphrase of your secret key.

Thus, for the value you'll set to gpg-agent's cache, you will not have
to type your passphrase, after you have typed it once for decrypting,
and once for signing.

and others.

Charly



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Help me to import my secret key please

2010-05-09 Thread Charly Avital

Daniel Kahn Gillmor wrote the following on 5/9/10 9:33 AM:
> On 05/09/2010 04:40 AM, Charly Avital wrote:
>> Yes, you can gnerate a new key pair with the same user ID email, the key
>> server will accept it. Do not forget to generate a revocation
>> certificate and to store in a safe place.
> 
> Yup, Charly is correct about this.  You can actually have as many keys
> as you like with the same UID in the public keyservers.
> 
>> You might want to indicate in
>> the comment of the new key that the previous key (key ID) is not usable,
>> if you plan to upload the new public key to a key server
> 
> I'm not sure exactly what Charly means here,

I mean what I have seen done by many users who couldn't revoke their key
(either because they had lost the secret key, or had forgotten the
passphrase). It is not my invention :-)

KeyA is compromised, or lost, and cannot be revoked.

The new key, KeyB *might* include in its comments something like:
KeyA unusable

> but i strongly recommend
> you do *not* put this kind of remark in the comment section of the User
> ID for your new key (between the name and the e-mail).  A better
> approach is to make a key transition document that describes the
> situation, sign it with the new key, and post it publicly.  For example:
> 
>   http://fifthhorseman.net/key-transition-2007-06-15.txt

Great text, and great approach. One has to hope that people will
actually read it. I mean, it's a long text. But definitely a good
approach, much more orthodox than the comment approach, which, I repeat,
I have seen often used. But "often" is not a sufficient criteria for "good".

> 
> (if you still had access to your old key, you could have signed the
> transition statement with it too)
> 
> So why do i think you shouldn't put it in the comment section of your
> new User ID?  Your User ID is the linkage between your key and your
> real-world identity.  When you ask people to "sign your key", you are
> asking them to certify (a) that this key belongs to you, and (b) that
> they believe this User ID does really belong to you too.  If your User
> ID contains a string that does not really relate to you,

The string would relate to the user, it's all a matter of choosing the
right wording (very short).

> you're asking
> people to certify something unusual and potentially meaningless.

Not unusual (but again I say, usual is not a proof of goodness). Not
potentially meaningless, because the meaning is clear: *that* key is not
usable.

> 
> Also, consider the situation 5 years from now -- hopefully you'll still
> be able to use the key you made today.  Do you really want a remark
> about this legacy key to follow you for 5 years?

I wouldn't mind.
> 
> Lastly, since you can't revoke the old key outright, you might consider
> contacting everyone who has already certified it and asking them to
> revoke their signatures on the key.

This is a good approach, although it might "taint" the key. Users
wouldn't know why signers have revoked their signature, unless they care
to read the transition document.

> You can point them to your
> published key transition document as a start, but you'll probably want
> to also contact them offline -- this is also a good opportunity for you
> to ask them to certify your new key.

They would certify your new key only if they abide by the rules. I
wouldn't sign a key because of a key transition document. I would have
to contact directly, and better, personally, the owner of the "old" key,
of the transition document, and of the new key.

> That way, in the future, there
> will be no valid certifications on your old key, and which key people
> should choose for you should become clearer.
> 
> Regards,
> 
>   --dkg
> 

To sum it up (as far as I am concerned, and to avoid further bandwidth
usage). I am OK with whatever approach or method that would make it
clear that the "old" key is not to be used any more.

Take care,
Charly

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Help me to import my secret key please

2010-05-09 Thread Charly Avital

Yes, you can gnerate a new key pair with the same user ID email, the  
key server will accept it. Do not forget to generate a revocation  
certificate and to store in a safe place. You might want to indicate  
in the comment of the new key that the previous key (key ID) is not  
usable, if yoi plan to upload the new public key to a key server


Charly


Sent from my iPhone

On May 9, 2010, at 10:31, Stephane Dupuis  wrote:



Bad news yes. But well, nobody's dead.
It's even quite funny in fact, thinking about how often I repeat to
everybody that they need to make backup of everything.

This key is the only thing I loose, I will juste made another one.

And no, I don't have the revocation certificate :(
But I think it's not too bad, because nobody had access to this  
private

key. I just loose it...

Small and last question, If I make a new key, with the same email
inside, will I be able to send it on servers ? (because they already  
got

the old one...)

Thanks a lot for your time.



I'm afraid these are not the same key :(

The former key is a 4096-bit RSA key.  The latter key is a 1024-bit  
DSA

key with a 4096-bit ElGamal subkey bound to it.

Also, the former key has an X.509 certificate assoiated with it,  
while

the latter keys are bound to your identity via OpenPGP certification.
While it's possible to have both X.509 certificates and OpenPGP
certificates from the same key (we're doing it for TLS servers in the
monkeysphere project), it's not common.  And in your case, it's not  
what

you've done anyway, since these are clearly different keys because of
their different keylengths and algorithms.

If you have no way of recovering your old ~/.gnupg/secring.gpg, you  
have

most likely lost control of your old key.  In that case, i recommend
publishing the revocation certificate you created when you made  
your key

(hoping that you have such an old revocation certificate for 1F03B55A
stored someplace accessible to you).

Sorry to be the bearer of bad news,

   --dkg





___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg2 says "No Secret Key", gpg1.x says there is

2010-05-09 Thread Charly Avital


gpg2 requires gpg-agent to be available (installed and configured).
When it is not, the error warning is usually "...secret key not  
available".


Hope this helps
Charly


Sent from my iPhone

On May 8, 2010, at 22:14, Andreas Mattheiss > wrote:



Hello,

for some time gpg2 from subversion has been giving me grief, claiming
there was no secret key, while gpg1.xxx says there is:

highscreen [21:08] [/raidtest/CVS/gnupg] <# 44> g10/gpg2 --version
gpg (GnuPG) 2.1.0-svn5320
libgcrypt 1.5.0-svn1429
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 

This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,  
CAMELLIA128,

   CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2


highscreen [21:09] [/raidtest/CVS/gnupg] <# 46> g10/gpg2 <  
~/.cshrc.asc

gpg: encrypted with 1024-bit ELG key, ID D8F9277B, created 2001-07-15
 "Andreas Mattheiss "
gpg: decryption failed: No secret key


But gpg1.xxx, also from svn, says:

highscreen [21:11] [/raidtest/CVS/gnupg] <# 50> gpg --version
gpg (GnuPG) 1.4.11-svn5308
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 

This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,  
CAMELLIA128,

   CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: highscreen [21:11] [/raidtest/CVS/gnupg] <# 51> gpg <  
~/.cshrc.asc


You need a passphrase to unlock the secret key for
user: "Andreas Mattheiss "
1024-bit ELG-E key, ID D8F9277B, created 2001-07-15 (main key ID  
10F7D537)


Uncompressed, ZIP, ZLIB, BZIP2


This has been going on for about half a year now. libassuen &  
friends are

all from svn.

Any suggestions/workarounds/explanations are welcome.

Andreas








___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

OFF LIST

2010-02-27 Thread Charly Avital

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

news of the 8.8, or 8.3 earthquake that has stricken Chile have been
posted in many on-line dailies.

I have tried unsuccessfully to access a few portals in Chile (e.g. White
Pages, the dailies) they seem to be down.

I have also tried unsuccessfully to phone to some very close friends who
live in Chile, not in the affected areas.

I have also e-mailed Faramir directly, trying to have news.

It is probable that the Telecom infrastructure that has not been
affected by the earthquake is swamped with access attempts.

I apologize for this intrusion, and thank in advance any information
that subscribers to this list may have on the situation in the capital
(Santiago), and in coastal resorts like Viña del Mar, Cachagua,
Algarrobo (it's summer time in Chile now).

Charly

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: GnuPG for Privacy
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJLiR4wAAoJEM3GMi2FW4PveLAH/iqi2n4gOh33zkrLgdSoH0pC
iVuOLlAlt00LcD7X3FnP6naLsFov/Lvv/CGYqedYieOl9lHJbJjY7m3IOq04unn4
3yhcGrZB+FjLw5CWHx+FxhI7Lvl4uUChPWiYrBqaLqJMXFxLAKQpys1DqyijzfCx
ecNVbNe8PQmjg6azLJLnL0C26nVLxSI3tvgsXRHr/oDrBPT394il4tWFItch2+uO
a1YEIzdH5q66aqN3dLURtoxk2iduKtrkelJIC0SddzH27DgIarxwO53ay8KhMIsw
KcfbyeFfShmnDOJsJhRp9wYeFSvJw6h6woE+mlsJy0YfsQEf5w0YmSGKZBdnhAE=
=OdLZ
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Problem with the agent, gpg2

2009-11-16 Thread Charly Avital

Mario Castelán Castro wrote the following on 11/16/09 11:08 AM:
> November 16th 2009 for gnupg-users@gnupg.org, subject "Problem with
> the agent, gpg2"
> 
> I do not have that pinentry program. GNU PG 1.4.9 (The one than comes
> with debian) do not give me that message but i need the new version of
> GNU PG.


GnuPG 1.* (currently 1.4.10)  does not need pinentry.

pinentry is the interface used by gpg-agent to enter the pin (or the
passphrase), that will be cached (not written to disk) by gpg-agent.

Your query related to gpg 2.0.12 that you had compiled under Linux, but
that didn't work.

For differences between GnuPG 1.* and gpg 2.*, please see


Charly

I use currently gpg2 both under MacOSX and under Linux.




___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Problem with the agent, gpg2

2009-11-15 Thread Charly Avital

Mario Castelán Castro wrote the following on 11/14/09 11:31 PM:
> November 14th 2009 for gnupg-users@gnupg.org subject "Problem with the
> agent, gpg2"
> 
> Hi, I sucefulle compiled and installed GNU PG 2.0.12 but when i do
> some operation than requires a password i get a message like the
> following.
> 
> Someone can tellme how to fix it?.
> 
> mario...@q6600-0:~/emacs$ gpg2 --clearsign
> 
> You need a passphrase to unlock the secret key for
> user: "Mario Xerxes Castelan Castro "
> 1024-bit DSA key, ID 32E27388, created 2009-08-07
> 
> gpg: problem with the agent: Not supported
> gpg: no default secret key: General error
> gpg: [stdin]: clearsign failed: General error
> 
> mario...@q6600-0:~/emacs$ gpg2 -c
> gpg: problem with the agent: Not supported
> gpg: error creating passphrase: Operation cancelled
> gpg: symmetric encryption of `[stdin]' failed: Operation cancelled


I can only guess that gpg-agent has not been properly installed, in
spite of your successful compilation and installation.

Is gpg-agent pointing to the right pinentry program?  It probably
defaulted to one under /usr/local/ but I suspect that yours lives
under /usr/ - edit ~/.gnupg/gpg-agent.conf as appropriate and restart
gpg-agent.

A work around (not the orthodox solution I'm afraid) would be to enter
in ~/.gnupg/gpg-agent.conf a line that should point to the real location
of pinentry in your system.

Something like:
pinentry-program "path to pinentry"

Charly





___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Newbie question: Where do I put my trusted key?

2009-10-31 Thread Charly Avital

laredotornado wrote the following on 10/28/09 12:56 PM:


> What is also odd is that I'm told, "gpg: gpg-agent is not available in this
> session" but I just installed the agent.  Any help in troubleshooting is
> appreciated, - Dave
> 

Dave,

I'm afraid the key words in your e-mail are '/opt/local/bin/gpg'.
They suggest that you have installed gpg2 via Darwin Ports.

If it is so, Darwin Ports install a version of gpg-agent and pinentry
(required by gpg-agent) that are not compatible with MacOSX.

Please check the MacGPG2 Project at:

The current installer for NacGPG2 2.0.12 is available. It will install a
Mac native pinentry application.

Charly
MacOSX 10.6.1 32bits MacBook5,1 - 0xA57A8EFA Gnupg 1.4.10 - MacGPG2
2.0.13 (testing) -  Running Enigmail version 0.97b (20091027-0956) with
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.4pre)
Gecko/20090915 Thunderbird/3.0b4



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: verification/installation

2009-10-22 Thread Charly Avital

Alejandro Erickson wrote the following on 10/18/09 2:37 PM:
> Hi,
> I'm a little confused about the verification/installation process.
> 
> I have gpg 1.4.7 which came with Mac OS X - assume I trust it.

Hi Alejandro,

I am a little confused by your assertion that "gpg 1.4.7 came with Mac
OS X". GnuPG software is not included in any way in the MacOS X releases.
One has to to actually download the software and either compile it, or
download a binary installer, and install it.

> I want  
> to verify and install gpg 2.  I download gnupg-2.0.13.tar.bz2 and  
> gnupg-2.0.13.tar.bz2.sig and run
> $ gpg --verify gnupg-2.0.13.tar.bz2.sig
> but it tells me public key not found.

Not found in your public keyring, or not found at all?

In my Terminal:
$ gpg --verify gnupg-2.0.13.tar.bz2.sig gnupg-2.0.13.tar.bz2
gpg: Signature made Fri Sep  4 12:35:03 2009 EDT using RSA key ID 1CE0C630
gpg: Good signature from "Werner Koch (dist sig) "

> I checked on the gnupg website  
> and found the username associated with 1CE0C630 (the public key for  
> the signature on gpg 2).  I can get gpg to list this public key with
> $ gpg --search-keys dd...@gnu.org
> but I can't seem to find a command to import it or to search the  
> keyserver when verifying.  I can find the key online and copy/paste  
> into a file and import the key to gpg but I imagine this is automated.

When the key you are searching for, with the command search-key and not
recv-key is found in a keyserver (following your CLI in Terminal), the
Terminal output will display the key information and offer the option to
import it. Once you have imported it into your public keyring, you will
be able to verify the signature. When using the command recv-key, the
key (if found on the keyserver you are using) will be automatically
downloaded and imported into your public keyring.

By the way, if you intend to compile gnupg-2.0.13 in MacOSX, you will
not, I'm afraid, succeed to have a working gpg2 2.0.13 unless you also
download and install the libraries required by gpg2. Even then, the
resulting installation will not "work" because you need to install
gpg-agent and pinentry that are compatible with MacOSX environment.

A binary installer for MacGPG2 2.0.12 is available for download from the
MacGPG2 project at
.
I believe a similar installer for MacGPG2 2.0.13 is in the making by Ben
Donnachie, manager and maintainer of the project.

MacGPG2 is a project separate from MacGPG 

Best regards,
Charly 0xA57A8EFA
MacOSX 10.6.1 32bits MacBook5,1 - Gnupg 1.4.10 - MacGPG2 2.0.12 -
Running Enigmail version 0.97a (20091021-0809)



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg-agent "unknown value for WHAT"

2009-10-20 Thread Charly Avital

David Savage wrote the following on 10/20/09 2:04 PM:
> I'm in the process of updating gpg using the urls Charly forwarded in
> the previous email - I guess I could try to just update the gpg-agent
> in use on my machine from that release then stick with the mac port
> version of gpg? Just one less variable to tidy up?

I don't remember whether using the MacGPG2 2.0.12 installer will simply
overwrite your Darwin Ports installation.
If it does, you will have a working MacGPG2 2.0.12, complete with
gpg-agent and Mac native pinentry.app.
If it doesn't, you might still have some problems with the remnants of
the previous install.
> 
> Sound's like a patch is needed to mac ports in any case.

Yes.

> 
> I'll try pinging a mail over there and see if there's any chance they
> can update.

Wish you luck.

Charly

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg-agent "unknown value for WHAT"

2009-10-20 Thread Charly Avital

David Savage wrote the following on 10/20/09 10:41 AM:
> Hi there,
> 
> I'm attempting to generate a 4096bit RSA key using gnupg 2.0.12 and
> gpg-agent 2.0.11 but I'm getting an error message prior to entering
> the passphrase:
> 
> "gpg: problem with the agent: Not supported"

Hi David,


IMO, the problems resides with your installation of gnupg2 via Darwin Ports.

Darwin Ports installs a version of pinentry (required for gpg-agent to
function) that is not compatible with MacOSX.

If you want to install a functioning gnupg2 for MacOSX, with a Mac
native pinentry.app, you might want to try MacGPG2 2.0.12

,
that can be downloaded from:


> Having done a little digging I decided to enable --debug-all to see if
> this would shed any light on the problem - unfortunately the error
> message means very little on first inspection - hence this mail.
> 
> "gpg-agent[66760.6] DBG: -> ERR 67109144 parameter conflict - unknown
> value for WHAT"
> 
> I've included the full session output below with certain fields X'd out...
> 
> _Environment_info_
> Mac OS X 10.5.8
> gnupg2 installed via darwin ports

That should be the problem.
> 
> _Non_standard_entries_in_"~/.gnupg/gpg.conf"_
> personal-digest-preferences SHA512
> cert-digest-algo SHA512
> default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES
> CAST5 ZLIB BZIP2 ZIP Uncompressed
> 
> Any help or suggestions of where to look further appreciated.

Please see above.
[...]

> gpg: problem with the agent: Not supported

Ditto, Darwin Ports does not install gpg-agent with the required
pinentry that will function under MacOSX

Charly
MacOSX 10.6.1 32bits MacBook5,1 - Gnupg 1.4.10 - MacGPG2 2.0.12 -
Running Enigmail version 0.97a (20091019-2108), with Mozilla/5.0
(Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.4pre) Gecko/20090915
Thunderbird/3.0b4

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Gnupg 2.0.13 under Linux

2009-09-05 Thread Charly Avital

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Compiled GnuPG 2.0.13 from source, in Linux/Ubuntu 9.04 64bits, running
under VMware on an Apple MacBook Intel Core 2 Duo running MacOS 10.5.8
(Leopard)

$ gpg2 --version
gpg (GnuPG) 2.0.13
libgcrypt 1.4.4
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later

This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128,
CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB


Thank you.

Charly



-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.13 (GNU/Linux)
Comment: GnuPG for Privacy
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJKohTJAAoJEM3GMi2FW4PvOfkH+wd3AxxkACUiPVpeMUHnWLgC
eTKNcT9YTDdd0X0Y9TcqiAH/CUiJ6qBRgKHL+aiuM1xaItA6t1nBNoJx9/vKZ2Da
C3lyoA6QTOvfAiYFbp39xXWaMecfqel9tq9iWjNLEK31v5NbU+SyN5eKcHfjPTYr
koI1tYJW7nsRln/LNdbJn016zqp9GX24zVdCEFUJdSQ2hCucY8Pqd11jMbxMO9vS
pOLhRLwycjbmhlBxHqjN7Io3N8CX7GANk0SNW0Uj4BH7xb02Wkuo6XMKjFh/ot7P
I8Jd590M801xUePhmcbF9wY87p8aH5SDZbOzZcG0UqDUF91ZNDuutbt0djFSH3c=
=O3mk
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: 1.4.7 packages for OS X

2009-09-02 Thread Charly Avital

Charly Avital wrote the following on 9/2/09 9:14 AM:
> Robert J. Hansen wrote the following on 3/6/07 10:06 AM:
>> I've taken the liberty of packaging up 1.4.7 for OS X.  (I apologize
>> to Benjamin if I'm stepping on his toes here; by my recollection,
>> he's doing packages for 2.0.x, not 1.4.x, so I _should_ be safe.)

I apologize to the list, to Robert and to Benjamin. I just picked up an
old post, and reacted knee-jerk (emphasis on "jerk" -> yours truly).

I'll be back to 1.4.10RC1.

Sorry again.
Charly

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: 1.4.7 packages for OS X

2009-09-02 Thread Charly Avital

Robert J. Hansen wrote the following on 3/6/07 10:06 AM:
> I've taken the liberty of packaging up 1.4.7 for OS X.  (I apologize
> to Benjamin if I'm stepping on his toes here; by my recollection,
> he's doing packages for 2.0.x, not 1.4.x, so I _should_ be safe.)

I believe you are.
> 

Using the recent release of 1.4.9, I have just compiled from source
1.4.9 with IDEA for MacOSX 10.5.8.(straightforward in Terminal). I guess
that when I upgrade to 10.6 (a couple of weeks from now), I may be in
from some surprises, according to what I have read in this list.
So far, so good.

Thank you Robert.

Charly


$ gpg --version
gpg (GnuPG) 1.4.9
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later

This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Confused about signing inline vs siging with attached signature.

2009-08-21 Thread Charly Avital

Steven W. Orr wrote the following on 8/21/09 10:28 AM:
> I decided to try sending my email with a signature attached instead of using
> an inline signature. Now my friend with Outlook Express is telling me that the
> message body is blank and that in order for him to see the message, he now has
> to open the text attachment. (He is not verifying the signature.) I'm using
> gpg2/Thunderbird/Enigmail and I sent a message to an address which then
> forwards back to me. Here's the structure I see when it comes back:

Hi Steven,

that is the structure that I can see when I chose View/Message source.

[cut]

> 
> Should I not be using the MIME signature or is there something he should
> change at his end (besides OE), or is this question something that is not gpg2
> related in the first place?
> 
> TIA

I believe that's the way Windows Outlook Express (paired with some
crypto module that is installed by the GnuPG4Win installer, for all I
know) processes OpenPGP/MIME messages.

If you friend is willing to use e.g. Thunderbird, he will get a
completely different rendering of an incoming OpenPGP/MIME e-mail.

This is neither GnuPG nor gpg2 related.

Take care,
Charly
MacOS 10.5.8-MacBook Intel C2Duo 2GHz-GnuPG 1.4.10rc1-MacGPG 2.0.12
TB 2.0.0.23+EM 0.96.0-Apple's Mail+GPGMail 1.2.0 (v56), Key: 0xA57A8EFA

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Two convicted in U.K. for refusal to decrypt data

2009-08-15 Thread Charly Avital

Joseph Oreste Bruni wrote the following on 8/12/09 10:46 PM:
> 
> http://www.securityfocus.com/news/11556
> 
> Not entirely on topic, but for those using GnuPG (or other encryption
> software), you should always keep abreast of the encryption laws of
> your country.
> 


"Protect Your Laptop Data From Everyone, Even Yourself", by Bruce Schneier:




And have a quiet week end.
Charly


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Changes in 1.4.10

2009-08-13 Thread Charly Avital

Werner Koch wrote the following on 8/13/09 10:44 AM:
> Noteworthy changes in version 1.4.10 (unreleased)
> -

Version info:   gnupg 1.4.10rc1
Configured for: Darwin (i386-apple-darwin9.8.0)

> 
> * 2048 bit RSA keys are now generated by default.  The default
>   hash algorithm preferences has changed to prefer SHA-256 over
>   SHA-1.  2048 bit DSA keys are now generated to use a 256 bit
>   hash algorithm

Tested.

> 
> * Support v2 OpenPGP cards.

Didn't get my v2 card yet.

[...]

> 
> * Support for the Camellia cipher (RFC-5581).

$ gpg --version
gpg (GnuPG) 1.4.10rc1
NOTE: THIS IS A DEVELOPMENT VERSION!
It is only intended for test purposes and should NOT be
used in a production environment or with production keys!
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later

This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128,
CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2


Thank you Werner.
Charly
MacOS 10.5.8-MacBook Intel C2Duo 2GHz-GnuPG 1.4.10rc1-MacGPG 2.0.12
TB 2.0.0.22+EM 0.96.0-Apple's Mail+GPGMail 1.2.0 (v56), Key: 0xA57A8EFA

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Two convicted in U.K. for refusal to decrypt data

2009-08-13 Thread Charly Avital

Faramir wrote the following on 8/13/09 3:32 AM:
[...]

>   Unfortunately, it is not unusual people forgets the passphrases used
> to protect files, or secret keys...
> 
>   Best Regards


"Two people have been successfully prosecuted for *refusing* to provide
U.K..."

Charly

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Choice of signing hash.

2009-07-07 Thread Charly Avital

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

thank you David and Robert for your clarifications about the nature of
hashes SHA224 and SHA256, and your recommendation of the syntax that
should be used in gpg.conf.

I have commented digest-algo and added personal-digest-preferences
SHA256, and tested it from TB+Enigmail and GPGMail.


I should have paid more attention to man gpg:

- --personal-digest-preferences string
Set the list of personal digest preferences to string, this list
should be a string similar to the one printed by the command
"pref" in the edit menu. This allows the user to factor in their
own preferred algorithms when algorithms are chosen via recipi-
ent key preferences. The most highly ranked digest algorithm in
this list is algo used when signing without encryption (e.g.
- --clearsign or --sign). The default value is SHA-1.

- --digest-algo name
Use name as the message digest algorithm. Running the program
with the command --version yields a list of supported algo-
rithms. In general, you do not want to use this option as it
allows you to violate the OpenPGP standard. --personal-digest-
preferences is the safe way to accomplish the same thing.


By November 2005, I was instructed by someone in this list how to add a
sign-only subkey of 2048 bits. It had to be a RSA subkey, because at the
moment DSA2 was not yet available.

That's the signing subkey I have been using since then.

Thanks again for the information.
Charly
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.12 (Darwin)
Comment: GnuPG for Privacy
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJKVD0IAAoJEM3GMi2FW4PvGzUIAJJodUezq4EZb/Z0JpKrX7rx
kn3QAw0HHpzseHUHEgPd2fiRizpnp8lusGyClvxIiFNOZNalPBmTcTpdKxbneHoV
iTg2gU/oKj2wHEy3VA4AAAwtCZ6i+1xbJtuKyLVOWu0s3VXtIa3VQUVF/l0LALkG
npTx54Z+nuxFjwn5eS7qXWrwpOwpCGpBvnNEfmM00vNXESlWHge+qJmdoxXIzdhw
dg1KL8RH2lxvTrtU9g1uFjIDa3+4Od7bCMgI4j2x/Rp+Vrxu/Q7u6Bfe6VDoxLtW
NhIYLYxHYMnJvWwhgruYh29BtD2NRnFm9z+ib9ylM75/zXV7vzz+CpBJjJvPLnQ=
=mgY9
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: algorithm 11 mistake mac

2009-07-07 Thread Charly Avital



On Jul 7, 2009, at 2:55 AM, Friedrich Fuhr wrote:


Hello to all.
I have a Problem:
When i try to send a signed mail message i get a window with the  
following text:


internal failure: the hash algorithmus 11 is not allowed with rfc3156
the message couldn´t signed with gpg

system:
mac os x 10,5,6
gpgmail 1.2.0
gpgpreferences 1.2.2
macgpg 2-2.0.12

background:

i made 2 new keys for 2 different email-adresses.
i forgot the passphrase without having a revocation possibility
i deleted both keys
#then i made a new one with one of the addresses
from this point on the mentioned above mistake happened.
as long as i remembered my passphrase everything worked fine.

what ca i do to solve the problem?
may i uninstall everything?

thank you very much for your patience
and your help


Friedrich Fuhr
ff...@gmx.de




According to previous posts and result of tests, it seems that the  
problem is with GPGMail signing with OpenPGP/MIME *and* SHA224.


OpenPGP/MIME is set by default when sending a message with an  
attachment, or a multi-part message (e.g. HTML format).


You'd better check your gpg.conf, and:
disable the option digest-algo SHA224

and use instead:
digest-algo SHA256

Best regards,
Charly




___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: algorythm 11 mistake mac

2009-07-07 Thread Charly Avital

Daniel Kahn Gillmor wrote the following on 7/7/09 1:59 PM:
> On 07/07/2009 01:49 PM, Charly Avital wrote:
>> On Jul 7, 2009, at 12:03 PM, David Shaw wrote:
>>> You are using SHA-256.  Try SHA-224.
>> Here you go.
> 
> 
> I think the difference here is that the OP is using PGP/MIME (hence the
> reference to RFC 3156), whereas Charly is using inline PGP.
> 
> Charly, can you try one more time with SHA-224 and PGP/MIME to see if
> you can replicate the error?
> 
>   --dkg
> 


Hi Daniel,
you're right.


I already tested, and posted to the list.

GPGMail signing fails when using SHA224 *and* OpenPGP/MIME.

It works fine from Thunderbird+Enigmail.

Charly


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: algorythm 11 mistake mac

2009-07-07 Thread Charly Avital



On Jul 7, 2009, at 1:56 PM, David Shaw wrote:


On Jul 7, 2009, at 1:49 PM, Charly Avital wrote:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA224


On Jul 7, 2009, at 12:03 PM, David Shaw wrote:


[...]




You are using SHA-256.  Try SHA-224.



Here you go.


With PGP/MIME turned on.

David




It fails:
PGP Signing Failed
Internal error: The hash algorithm '11' is not allowed by RFC3156.

When I try it with Thunderbird+Enigmail, it works.


So, as you write, GPGMail's author should be contacted. I have  
included GPGMail-users list in the distribution of this message.


Thank you for your prompt feedback.
Charly

I am back to SHA256










PGP.sig
Description: This is a digitally signed message part
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: algorythm 11 mistake mac

2009-07-07 Thread Charly Avital


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA224


On Jul 7, 2009, at 12:03 PM, David Shaw wrote:


[...]




You are using SHA-256.  Try SHA-224.

David




Here you go.

Charly
From GPGMail 1.2.0 (v56).







-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.12 (Darwin)
Comment: GnuPG for Privacy

iQEcBAEBCwAGBQJKU4q7AAoJEM3GMi2FW4PvVhQIAIFYkg/WLbea7JmUCt3KMGGc
kMNWGmb9hkT18MH86pXakb7AkjsK1OFmL+wcAOmPwbQ3tPiGUBylDl6Zp8BdN/X1
ArwT2Vv/Q0Wvoe8Dlw/qO+So/Thxe954gZe4ECkZk0Twj7sMgvF6rdVBLuTf8PK0
9HMUY13+XAL1bHEXufmGTpzVM0Mhv0cicbj0c6+HR0DNL+i9A4/ISvHM8aemp3zh
vQ4MEoQ6ai90HRdTwBN5P5b49yB90h2GqN8XPLuWvIhmlrcoCBuoy755ZQlSPWGR
AvP2DwsKzxsz4UoUYaq8ApztNYRwBUW/YL9cv1QZ/1E8oGMuwoCIcY5Il//YXNM=
=Ylkg
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: algorythm 11 mistake mac

2009-07-07 Thread Charly Avital


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256


On Jul 7, 2009, at 9:08 AM, David Shaw wrote:


On Jul 7, 2009, at 2:55 AM, Friedrich Fuhr wrote:


Hello to all.
I have a Problem:
When i try to send a signed mail message i get a window with the  
following text:


internal failure: the hash algorithmus 11 is not allowed with rfc3156
the message couldn´t signed with gpg


You need to contact the author of gpgmail.  Algorithm 11 (SHA-224)  
is a later addition to the list of hashes in OpenPGP, but is  
perfectly allowable in RFC-3156 (PGP/MIME) messages.


David



I am using GPGMail to sign this message.
I have had no problems using GPGMail till now.

Charly
My system:
MacOS X 10.5.7
GPGMail 1.2.0 (v56)
MacGPG2 2.0.12





-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.12 (Darwin)
Comment: GnuPG for Privacy

iQEcBAEBCAAGBQJKU12TAAoJEM3GMi2FW4PvfQMH/2nexqy2qcenBXHh+YP8EFyr
jD7WYuOTvOVsRjpOQ5u1JNKM/sXxuETj/+XnnzJP0nlYcfK1IgYlfoJUDWjjR0m7
dSUvYKxliT3vWgjV7X2+ePopdhR/Xedyl3FkPk6DFxDYjf2D9RDZEvYNbi1RqtI4
/5G3VOaf1wxRX6RqbLCb+QCELwYJMwSw8bA1RaiD0Ukz8KFL5+SNjki4ut5/Ibdl
PhB300z1yKz7FFyNN0RUh58pFrSy7qe+6LmvQRfxfHoGMYdagRGUcBKM8f+P8F9v
imrZW+8prlhJu5daLx1N1OAxn7VPxRz5PjTcwDO5js4UAA18+eeSMBxgeVTxmD4=
=o6Dr
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: algorythm 11 mistake mac

2009-07-07 Thread Charly Avital

Friedrich Fuhr wrote the following on 7/7/09 2:55 AM:
> Hello to all. 
> I have a Problem:
> When i try to send a signed mail message i get a window with the
> following text:
> 
> internal failure: the hash algorithmus 11 is not allowed with rfc3156
> the message couldn´t signed with gpg
> 
> system:
> mac os x 10,5,6 
> gpgmail 1.2.0
> gpgpreferences 1.2.2
> macgpg 2-2.0.12
> 
> background:
> 
> i made 2 new keys for 2 different email-adresses.
> i forgot the passphrase without having a revocation possibility
> i deleted both keys 
> #then i made a new one with one of the addresses
> from this point on the mentioned above mistake happened. 
> as long as i remembered my passphrase everything worked fine.
> 
> what ca i do to solve the problem?
> may i uninstall everything?
> 
> thank you very much for your patience
> and your help
> 
> 
> Friedrich Fuhr
> ff...@gmx.de 

Hi Friedrich,

Server server blackhole.pca.dfn.de shows:

(1) Friedrich Fuhr 
  2048 bit DSA key 339FBBAE, created: 2009-07-03
(2) Friedrich Fuhr (Friedrich Fuhr (privat)) 
  1024 bit DSA key 911BEFC3, created: 2009-06-23

Some information about your public keys:

Is key (1) the new one you generated after deleting (in your keyring)
the previous two keys whose passphrase you had forgotten? Is this the
key you are using now as your default key?

Is key (2) valid, or have you deleted it (in your keyring)?


Since you are using GPGPreferences, please go to System
Preferences/GnuPG, click on the last bezel 'Expert'. This will display,
in graphical form, the contents of your gpg.conf file.


Please check whether 'rfc 3156' is enabled (the small square button at
the left of rfc 3156 is marked.

If it is, please unmark it.

If you have already an option named simply 'gnupg', and the small square
button is not marked, please mark it.

If not, please add a new option, name it gnupg and enable it (use the
square with the plus + sign at the bottom of the window.

Please check what 'digest-also' you are using.

If your key is 339FBBAE, I suggest you use SHA256, since that key is a
DSA2 key, and it will enable you to use SHA256.

Errors that mention 'algorithm 11' usually refer to algorithm H11
(SHA224), and *there might be* (I am not sure) some kind of problem
between hash algorithm SHA224 and RFC 3156 (related to OpenPGP MIME).
Again I insist: I am not sure about this SHA224 issue, but I remember
that a few years ago, it created problems. But that was some time ago,
and there shouldn't be any problems now.


Finally, please note that there are specific mailing lists for GPGMail
and MacGPG2 users.

Charly







___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

1 2 3 4 >

1 - 100 of 347 matches

Mail list logo