Re: A postmortem on Efail
I've used PGP ever since I discovered it when I ran a BBS back in the late 80's early 90's. I rarely post but always listening. Definitely time to break backward compatibility if it will help move it forward! Go for it! On 5/20/2018 3:28 AM, Robert J. Hansen wrote: >> Break backwards compatibility already: it’s time. Ignore the haters. I >> trust you. > > :) :) :) :) :) > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Web of Trust itself is the problem
On 1/11/2010 1:26 AM, Robert J. Hansen wrote: I've seen computerized votes authenticated by MD5 hash... sent over email... in the same message as the official vote record. As in, the attachment has MD5 hash XXX, if your version hashes out to XXX then the vote record is authenticated. I just about had a heart attack. The voting authorities thought this was just fine, and a perfectly correct use of hashes. E... unbelievable! -- Jim ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Key types
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Just a quick question: Are there any caveats I should be aware of if I generate an RSA signing key with an Elgamal encryption subkey? - -- Jim -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) iEYEAREDAAYFAkrSp6IACgkQygKI8gBpGS4Q4gCg1KwqAjmj4yR9SBJF1e38bx/r MOMAoPyXi2OAPJWC4KgQ+pSt8wPj1Ry1 =PMyc -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg error messag
David Shaw wrote: Ah, I recall this problem. I reported it to the PGP GD people quite a while ago, and I thought it had been fixed. The GD was generating a PGP/MIME micalg setting of pgp-sha1, but the actual signature was being made with SHA256. Found it. That's exactly what's happening and obviously the problem still hasn't been fixed (or else it raised its ugly head again). = Content-type: multipart/signed; protocol=application/pgp-signature; micalg=pgp-sha1; boundary=PGP_Universal_2F4EB16A_4F41CA65_EABA882D_FCFE19A6 = Thanks to you both! -- Jim ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpg error messag
Can anyone help me out with the meaning of this error message? Thanks! = enigmail C:\Program Files\GNU\GnuPG\gpg.exe --charset utf8 --no-version --batch --no-tty --status-fd 2 --verify gpg: Signature made 10/10/06 01:02:23 using RSA key ID CA57AD7C gpg: WARNING: signature digest conflict in message gpg: Can't check signature: general error enigmail.js: Enigmail.decryptMessageEnd: Error in command execution = -- Jim ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg error messag
Robert J. Hansen wrote: Jim Dever wrote: Can anyone help me out with the meaning of this error message? It will help us out considerably if you can tell us more about your problem. What operating system are you using? What version of GnuPG are you using? What hash algorithm does the message say it's using? What program generated the message in question? What version of Enigmail? What... etcetera? Ok... Using Windows XP Pro, Thunderbird 1.5.0.7 Enigmail 0.94.1.0, GnuPG 1.4.5. I'm trying to verify the signature on the automated email from the PGP Global directory keyserver. This is the only email that has ever shown this message. Here's the Enigmail Console output with a -vv added to it. Hash appears to be SHA1. Thanks. = enigmail C:\Program Files\GNU\GnuPG\gpg.exe --charset utf8 --no-version -vv --b atch --no-tty --status-fd 2 --verify gpg: armor: BEGIN PGP SIGNED MESSAGE gpg: armor header: Hash: SHA1 :packet 63: length 11 :literal data packet: mode t (74), created 0, name=, raw data: unknown length gpg: original file name='' gpg: armor: BEGIN PGP SIGNATURE gpg: armor header: Version: PGP Universal 2.0.4 :signature packet: algo 1, keyid 9710B89BCA57AD7C version 3, created 1160456543, md5len 5, sigclass 01 digest algo 8, begin of digest 0b 1a data: [2046 bits] gpg: Signature made 10/10/06 01:02:23 using RSA key ID CA57AD7C gpg: WARNING: signature digest conflict in message gpg: Can't check signature: general error enigmail.js: Enigmail.decryptMessageEnd: Error in command execution = -- Jim OpenPGP KeyID: 0x006921e Keyserver: ldap://keyserver.pgp.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg error messag
David Shaw wrote: You might be able to manipulate things into verifying the signature by editing the file to change the SHA1 string to SHA256, but the real problem is probably in whatever program generated the message. Thanks! I thought that might be the problem although I didn't know how to determine what hash the message was actually using. What's ridiculous is that the message was produced by the PGP Global Directory keyserver. The message is PGP/MIME in HTML format and I don't even see a HASH string in the message source at all. Thanks for your help! -- Jim ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users