packet syntax

2018-04-11 Thread Edgar Pettijohn 
I'm trying to learn the pgp packet syntax. I created a new key with gpg2 
--gen-key and then gpg2 --export > pubkey.key and then gpg2 --dearmor 
pubkey.key. Which left me with a pubkey.key.gpg file. I then did a 
hexdump of the file and the first word is `99' which in binary would be 
`10011001'. I was expecting to encounter `11000110'.  I'm thinking that 
perhaps I have missed something simple and just need a nudge in the 
right direction.


Thanks in advance,


Edgar


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG installation

2018-03-21 Thread Edgar Pettijohn 



On 03/21/18 15:27, BRIONES Bobby wrote:

Hi,
Thanks for responding.
We are using linux.

Bobby


Which flavor? You will need to find out whatever the package manager is 
for whichever flavor of linux you are using. You will need root 
permissions either through su(1) or sudo(8).


Or you can download and compile yourself. It may be as easy as:

# ./configure && make && make install



-Original Message-
From: ed...@pettijohn-web.com [mailto:ed...@pettijohn-web.com]
Sent: Wednesday, 21 March 2018 10:25 PM
To: BRIONES Bobby; gnupg-users@gnupg.org
Subject: Re: GnuPG installation


On Mar 20, 2018 4:10 PM, BRIONES Bobby  wrote:

Hi,

  


I have the following questions about the abovementioned package,  can someone 
help me please:

  


What access do I need to be able to install the software?


You may want to mention what OS you are using.



Do I just download the software and install? What about access to our existing 
folders used in our SFTG/transfer of files?

  

  


Regards,

  


Bobby Briones
Technical Test Analyst

IT | Corporate

T (0288492011)

M (0431459917)

www.rms.nsw.gov.au
Every journey matters

  


Roads and Maritime Services
Level 4 27-29 Argyle St Parramatta NSW 2150

  


Before printing, please consider the environment

IMPORTANT NOTICE: This email and any attachment to it are intended only to be 
read or used by the named addressee. It is confidential and may contain legally 
privileged information. No confidentiality or privilege is waived or lost by 
any mistaken transmission to you. Roads and Maritime Services is not 
responsible for any unauthorised alterations to this email or attachment to it. 
Views expressed in this message are those of the individual sender, and are not 
necessarily the views of Roads and Maritime Services. If you receive this email 
in error, please immediately delete it from your system and notify the sender. 
You must not disclose, copy or use any part of this email if you are not the 
intended recipient.

Before printing, please consider the environment

IMPORTANT NOTICE: This email and any attachment to it are intended only to be 
read or used by the named addressee. It is confidential and may contain legally 
privileged information. No confidentiality or privilege is waived or lost by 
any mistaken transmission to you. Roads and Maritime Services is not 
responsible for any unauthorised alterations to this email or attachment to it. 
Views expressed in this message are those of the individual sender, and are not 
necessarily the views of Roads and Maritime Services. If you receive this email 
in error, please immediately delete it from your system and notify the sender. 
You must not disclose, copy or use any part of this email if you are not the 
intended recipient.



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How can we utilize latest GPG from RPM repository?

2018-02-17 Thread Edgar Pettijohn 



On 02/17/18 17:06, helices wrote:
I will probably never understand why wanting to run the most current 
version of gnupg on a plethora of servers is controversial.


Nevertheless, the two (2) greatest reasons are:

 1. PCI DSS v3.2
 2. PCI DSS compliance audits

Being able to demonstrate that we are using the latest, greatest 
encryption available on every one of our hosts, simplifies that 
portion of the audit equation more than you probably believe.


Furthermore, following feature not availabe in 2.0.22 are more than 
nice-to-haves:


  * The file secring.gpg is not used to store the secret keys anymore.
  * All support for PGP-2 keys has been removed for security reasons.
  * The standard key generation interface is now much leaner.
  * Commands to create and sign keys from the command line without any
extra prompts are now available.
  * There is no more need to manually start the gpg-agent.
  * A new format for locally storing the public keys is now used.
  * Revocation certificates are now created by default.
  * The format of the key listing has been changed to better identify
the properties of a key.


Apparently, there is no current solution to our problem similar to 
that we found for our rsyslog example. That is too bad. We will get 
over our disappointment.


However, let it be said here and now, if the gnupg community wants the 
use of gnupg to spread far further than a clique of geeks, making its 
use easier for non-geeks is probably the simplest and most direct way.


Yes, that is my opinion, humble or otherwise.

YMMV

Are there any other questions before I get a direct answer to my 
original subject question?


Thank you.


On Wed, Feb 14, 2018 at 2:20 PM, helices > wrote:


CentOS 7 uses gnupg2 v2.0.22. EPEL doesn't have anything newer.

We want to move to v2.2.x, and stay current, but we don't want to
download source and compile for dozens of systems.

We want all users to be using the same version all of the time.

Please, advise. Thank you.



Pay someone to package it for you.



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

[patches] add support for arc4random_buf()

2018-02-05 Thread Edgar Pettijohn 
Please see attached patches to add support for arc4random_buf() as an 
alternate to /dev/{u}random. I tried to be as unobtrusive as possible 
and maintain style. It should also allow the user to still define 
RANDOM_CONF_ONLY_URANDOM if they would prefer to use /dev/urandom. This 
will allow gpg to be used on filesystems mounted nodev while providing 
quick, quality randomness.



Thanks,


Edgar Pettijohn

--- configure.ac	Wed Dec 13 07:51:33 2017
+++ /home/edgar/libgcrypt-1.8.2/configure.ac	Mon Feb  5 19:59:17 2018
@@ -1721,7 +1721,7 @@
 # Other checks
 AC_CHECK_FUNCS(strerror rand mmap getpagesize sysconf waitpid wait4)
 AC_CHECK_FUNCS(gettimeofday getrusage gethrtime clock_gettime syslog)
-AC_CHECK_FUNCS(syscall fcntl ftruncate flockfile)
+AC_CHECK_FUNCS(syscall fcntl ftruncate flockfile arc4random_buf)
 
 GNUPG_CHECK_MLOCK
 
--- rndlinux.c	Thu Nov 23 12:16:58 2017
+++ /home/edgar/libgcrypt-1.8.2/random/rndlinux.c	Mon Feb  5 23:18:20 2018
@@ -154,6 +154,30 @@
 }
 
 
+/* This is the least obtrusive way I could find */
+#if defined(HAVE_ARC4RANDOM_BUF)
+  if (!only_urandom)
+{
+  do
+{
+  size_t nbytes;
+
+  nbytes = length < sizeof(buffer) ? length : sizeof(buffer);
+  /* always successful */
+  arc4random_buf (buffer, nbytes);
+
+  (*add)(buffer, nbytes, origin);
+  want = want - nbytes;
+   } while (want);
+
+  wipememory (buffer, sizeof buffer);
+
+  return 0; /* success */
+}
+
+#endif /* HAVE_ARC4RANDOM_BUF */
+
+
   /* First read from a hardware source.  However let it account only
  for up to 50% (or 25% for RDRAND) of the requested bytes.  */
   n_hw = _gcry_rndhw_poll_slow (add, origin);
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

entropy gathering daemon

2018-02-04 Thread Edgar Pettijohn 
Is it no longer possible to use egd? Most of the info I can find seems 
rather old, and so far I haven't been able to find a way to make it 
work. If it is still possible how do I do it.


Thanks in advance,


Edgar


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users