Re: OT: FAQ and GNU

[Mario Castelán Castro]

On 13/10/17 09:30, Duane Whitty wrote:
>> Your argument is unsound, because the inference is unjustified.
>> The possibilities that a language is regulated by an official body
>> or defined by majority usage are not exhaustive.
> 
> I'd be interested to know what the other possibilities are.

I mentioned another possibility in my previous message: “one must apply
well-known rules of English and use common sense in determining words
one will regard as legitimate”. The whole of my previous message is an
elaboration of this.

> I think that if one individual tried […]

You are referring to an hypothetical individual who develops a language
reform. But that is not the case here. Here (the discussion is or was
around the word “Linux”) we simply have a misuse of a word which is not
part of a proposal of a language reform and has no rationale. Since
these cases are very different, the reasoning for one case does not
necessarily applies to the other case.

In the case of misuse of the word “Linux”, I have already given my
arguments. In the very different case of a well-made language reform, I
would immediately regard it a a legitimate variant of English. However,
it would be _inappropriate_ (not _incorrect_) to use it when it would
cause significant confusion or be an obstacle to communication.

> What about the role of media and its influence on popular culture?  If
> I say "C'mon, you gotta be kiddin me" everybody knows what I'm saying
> and its acceptability depends on the audience.

“Popular culture” is not a good source of what is correct, precisely
because of aberrations like this. Many things that are socially
acceptable are factually or morally incorrect. These concepts should not
be conflated.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: OT: FAQ and GNU

[Mario Castelán Castro]

On 12/10/17 17:50, Robert J. Hansen wrote:
>> The observation that one, some, many, or all people use a linguistic
>> construct in an incorrect way do not change the fact that it is
>> incorrect.
> 
> It quite definitely does.  Unlike, say, French or Icelandic, where
> there's an actual institution charged with the development of the
> language, the *only* definition of correctness in English is found in
> whether it conforms to everyday usage in the community in question.

Your argument is unsound, because the inference is unjustified. The
possibilities that a language is regulated by an official body or
defined by majority usage are not exhaustive.

Since you are talking about the definition of the English language, and
noticed that there is no official definition, then I contend that there
is no _definition_ of the English language at all. However, from this
does not follow that one individual or a majority are allowed to
dispense of any rules and do as they please while claiming that they are
speaking English. Instead, one must apply the well-known rules of
English and use common sense in determining which words one will regard
as legitimate. Leaving this judgment to majority amounts to the ad
populum fallacy and to such blatant absurdities as regarding the words
“u”, “gotta” and “wanna” as valid synonyms of “you”, “got to” and “want to”.

In the case of the word “Linux”, my argument is that this word was
introduced (at least in informatics) for a specific use: To refer to a
kernel. For an operating system based on Linux, the phrase “Linux-based
OS” is already accurate and unambiguous, and for one that includes GNU,
“GNU/Linux” is. Thus it is not necessity, but plain sloppiness what
explains it use as something else. Hence that I hold that any other use
should be rejected as illegitimate, in analogy with the sloppiness
behind the aforementioned aberrations (“u” for “you”, et cetera).

As a point of contrast: in the case of mathematics, it is necessary to
either coin entirely new words or use a pre-existing words with new
meanings. However, in this case it is justified because coining a new
words for each concept would require possible hundreds of words specific
to mathematics. The consequences are bad on all sides: First this
abundance of words would be hard to remember. Second, mathematicians
would hardly agree on a single new word for each concept leading to
diverging terminology. Third, the abundance of strange words would
contribute to the perception of mathematics by the general public as an
intimidating and incomprehensible subject.

In short: Your argument "_many_ people use “Linux” to refer to any
Linux-based operating system, therefore it is correct English” is a big
mistake.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

[Mario Castelán Castro]

On 12/10/17 17:58, MFPA wrote:
>> Would it be
>> correct to refer to
>> a car as an “engine”, because it includes an engine?
> 
> It is usual in and around London to call a car a "motor".

Alright.

> Calling it an "engine" seems no more or no less correct.

But one can not conclude that it is correct just because it is common.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: OT: FAQ and GNU

[Mario Castelán Castro]

Despite the bulk of your message, the only attempt at an argument is
“English is an evolving language”. The rest is completely irrelevant.

That English is a changing language is not a justification to misuse
words. The word “Linux” meant a kernel when it was introduced to
informatics and it still does. The observation that one, some, many, or
all people use a linguistic construct in an incorrect way do not change
the fact that it is incorrect. Other examples: “try and” (when it should
be “try to”), “wanna”, “gotta”, “electric current flows” (current may
flow; but most of the time this is erroneous and the phrase should be
“charge flows”).

If you reply with another iteration of the same fallacy or irrelevant
comments, I will ignore your message.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

[Mario Castelán Castro]

On 10/10/17 11:02, Ralph Corderoy wrote:
> Please note, it's "GnuPG".  That's the project name.  If you wish to
> acknowledge that it's a GNU project then it's GNU GnuPG.  :-)

Well, then blame this project for being undecided about what its own
name is. They use both “GNU Privacy Guard” (which I abbreviate as “GNU
PG”) and “GnuPG”.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

[Mario Castelán Castro]

On 10/10/17 11:05, Leo Gaspard wrote:
>> Recall that the most important contribution of the GNU project is not
>> the software packages, but starting the free software movement and
>> developing the most important licenses. GNU/Linux distributions are only
>> possible because of free software ideology, even though many such would
>> hate to acknowledge this.
> 
> So we should call FreeBSD “GNU/FreeBSD” instead? Sorry, I could not resist.

Nice straw man fallacy. I have never asked anybody to call “GNU/*” all
free software projects, or anything similar, so your argument is unsound.

Moreover, there is no analogy between “FreeBSD” and “Linux”:

*The name “FreeBSD” has always referred to a specific distribution. That
is how people use it. There is no problem here.

*The name “Linux” refers to a specific *kernel* (from “Linus”, the first
author of this kernel). If you use the name “Linux” to refer to the
kernel, there is no problem, but using it for anything else is
incorrect, even if it *includes* Linux. Would it be correct to refer to
a car as an “engine”, because it includes an engine?

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

[Mario Castelán Castro]

On 10/10/17 11:04, Ralph Corderoy wrote:
> You snipped the bit where I said "Linux" has two meanings in the English
> language depending on context.  Given your admirable, though misplaced,
> zeal, I doubt there's a considered argument to be had here.

In the previous message you said “"Linux" can be the kernel or a
distro.”. But this is outright incorrect (Linux is not a distribution).
Thus I elided this part according to my practice of omitting irrelevant
text in a reply to keep the messages to a readable size.

The name “Linux” was invented for the kernel for which Linus Torvalds is
known. Later, lazy people incorrecting began using the same word to
refer to basically any software bundle that include this kernel.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

[Mario Castelán Castro]

On 10/10/17 01:46, Robert J. Hansen wrote:
> With respect to specific distros, we ought use the name the distro
> prefers.  The Fedora Project releases Fedora, not Fedora GNU/Linux.  The
> Debian guys release Debian GNU/Linux, not Debian Linux.  The people who
> set up these distros have given their distros names, and it seems
> appropriate to use the names properly.  It is as inappropriate to refer
> to Debian Linux as it is to refer to Fedora GNU/Linux: in both cases
> that's rejecting the community's right to name their distro what they wish.

To me it appears hypocritical that you are speaking of “respecting
community rights” where the aforesaid communities (more precisely, the
founding developers who are the ones that actually choose the name of
the distribution, not the later community) have stepped over the right
of the GNU project to be given proper credit.

Recall that the most important contribution of the GNU project is not
the software packages, but starting the free software movement and
developing the most important licenses. GNU/Linux distributions are only
possible because of free software ideology, even though many such would
hate to acknowledge this.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

[Mario Castelán Castro]

On 10/10/17 01:46, Robert J. Hansen wrote:
> With respect to specific distros, we ought use the name the distro
> prefers.  The Fedora Project releases Fedora, not Fedora GNU/Linux.  The
> Debian guys release Debian GNU/Linux, not Debian Linux.  The people who
> set up these distros have given their distros names, and it seems
> appropriate to use the names properly.  It is as inappropriate to refer
> to Debian Linux as it is to refer to Fedora GNU/Linux: in both cases
> that's rejecting the community's right to name their distro what they wish.

To me it appears hypocritical that you are speaking of “respecting
community rights” where the aforesaid communities (more precisely, the
founding developers who are the ones that actually choose the name of
the distribution, not the later community) have stepped over the right
of recognition of the GNU projects.

The most important contribution of the GNU project is not the software
packages, but starting the free software movement. GNU/Linux
distributions are only possible because of free software.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

[Mario Castelán Castro]

On 10/10/17 07:13, Ralph Corderoy wrote:
> Do not change to using GNU/Linux.  It's a purely political term;  there
> is no case for technical accuracy.  Alongside GNU programs I have Clang,
> musl C library, X Windows, KDE, Firefox, LibreOffice and many other
> non-GNU project, non-GNU licensed, parts.  Singling out GNU for credit
> is unfair to those.

Your argument is self-defeating. There is no reason to single Linux. It
is just another of thousands of programs without which a computer would
be useless exactly as the others you mentioned.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ and GNU

[Mario Castelán Castro]

On 10/10/17 04:45, Peter Lebbing wrote:
> That to me means I would support leaving it as is. I don't feel strongly
> on writing it one way or another, but I do dislike the pressure some
> people exert on others pushing their view. If however you are
> consistently writing "Microsoft Windows®" everywhere in the FAQ, I'd
> find it natural to write "GNU/Linux" as well.

This is a fallacy. Windows *is* Microsoft Windows, the only thing called
“Windows” (as a proper noun) in informatics.

Not so with “GNU/Linux”. GNU/Linux is not Linux. Linux is a kernel.
GNU/Linux is the combination of this kernel with software from the GNU
project.

The word “operating system” is too vague to have a reasonable discussion
of exactly what set of programs are part of an operating system. In any
case, it is clear that Linux is a kernel, not an operating system[1].

Also, the argument that GNU PG can be used on Linux without GNU is
invalid, for it can also be used without Linux. Several BSD variants
include GNU PG.

[1] I challenge anybody who replies with “operating system”=“kernel” to
explain how this viewpoint is compatible with the practice of calling
FreeBSD, Windows, OS X (as a whole) and so on an “operating system” and
not a “kernel”.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to encrypt using public certificate\key

[Mario Castelán Castro]

On 05/09/17 23:37, shaarang tyagi wrote:
> I have a situation where I need to use GnuPG from command line and encrypt
> a file using a public certificate or PEM public key, please note that I
> will not have the private key at this point and encryption needs to be done
> only using public key.
> 
> Let me know if this is possible or not.

You can use the “gpgsm” to operate over X.509 certificates (this covers
your use case).

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: E-mail with deniable authentication

[Mario Castelán Castro]

Good point.

Note: You forgot to reply to list.

On 02/09/17 22:11, Lachlan Gunn wrote:
> Le 2017-09-03 à 11:48, Mario Castelán Castro a écrit :
>> I am well aware of that. Although deniable encryption is not a panacea
>> it is an improvement. It gives less power to the correspondent to blackmail.
> 
> I would also add that lots of servers will put a DKIM signature onto the
> email, thus showing who sent the ciphertext to whom.  Obviously this
> isn't as secure as a personal digital signature, since anyone who can
> get into your email account can send email in your name, but it does
> mean that email nowdays is at least somewhat non-repudiable.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: "Insecure memory" (yes setuid set) and "get_passphrase failed"

[Mario Castelán Castro]

On 03/09/17 17:42, Dan Horne wrote:
> Warning: using insecure memory!
> gpg-agent[10073]: command get_passphrase failed: End of file
> gpg: problem with the agent: End of file
> gpg: Key generation canceled.

There seems to be 2 different problems here:

* That gpg (or gpg-agent) fail when calling pinentry. (the
“get_passphrase” fail.

* That memory pages can not be locked (“using insecure memory!”).

However, I do not know how to solve either.

My understanding is that “insecury memory” means simply that gpg can not
lock memory pages so as to reduce the probability that they are written
to swap. This is only a security concern if an attacker can read the raw
disk device.

> Regarding the warning, the recommended response I found via Internet search
> was:
> 
> # chmod u+s /path/to/gpg
> 
> This was done, but didn't affect the warning:

Are you sure that this is required in Solaris? At least in Debian
GNU/Linux there is no need to setuid the gpg binary to root. Root setuid
programs are a security problem. If an attacker can get control of this
program, he can operate with root privileges.

Look for what the requirement for locking pages are in the Solaris
documentation.

> After a bit more Googling, I tried adding the following to my gpg.conf
> file, but it caused a syntax error:
> 
> pinentry-program /opt/csw/bin/pinentry-curses

“pinentry-program” is an option of gpg-agent, not gpg. If you want to
specify this option, you must put it in “$HOME/.gnupg/gpg-agent.conf”.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Documentation of trust model

[Mario Castelán Castro]

Hello. It appears that you forgot to reply to the mailing list.

On 04/09/17 19:29, Lou Wynn wrote:
> The PGP standard has more details in Section 5.2.3.13 Trust Signature: […]>
> Do you have specific issues or questions to discuss about the Web of
> Trust model?
I have read this section of RFC 4880 already. It does not answer my
original question.

The trust model takes signatures and user-assigned trust levels and
outputs validity. Where is this documented for the “pgp” and “classic”
models of GNU PG? I can not find anything about it in RFC 4880 (note
that the section that you linked does not describe “pgp”, “classic” nor
any other any trust model).

Thanks.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Documentation of trust model

[Mario Castelán Castro]

Hello.

Are the trust models “classical” and “pgp” as implemented in GNU PG
documented anywhere? In the manual I can only find this for “pgp”: “This
is the Web of Trust combined with trust signatures as used in PGP 5.x
and later. This is the default trust model when creating a new trust
database.”, which is a very unsatisfactory description. The situation is
the same for “classical”.

Regards.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: E-mail with deniable authentication

[Mario Castelán Castro]

On 01/09/17 08:31, Andrew Gallagher wrote:
> On 31/08/17 03:35, Mario Castelán Castro wrote:
>> Writer and recipient have a Diffie-Hellman key over the same group and
>> know each other's public key.
>>
>> The writer computers the shared secret per the DH algorithm
> 
> This is the real trick though - the DH algorithm requires two-way
> synchronisation in advance of sending the payload. This is easy enough
> with a realtime connection, but much harder with email.

Diffie-Hellman may be used interactively, but it is not necessary.

See the specification of Diffie-Hellman over an elliptic curve emplyed
for *encryption* in OpenPGP as described in RFC 6637
<https://tools.ietf.org/html/rfc6637#section-8>). There is a summary of
the protocol in page 8. Note how it requires no “two-way
synchronization”. As described here, the sender generates an ephemeral
key. If the sender uses *his* ECDH key instead of an ephemeral one then
the shared secret can be used to derive the key of a MAC algorithm and
used for deniable authentication.

Obviously there is the requirement that the receiver knows that the key
used by the sender really belongs to the sender and not an impersonator.
This is a general requirement in public key cryptography also applicable
for digital signatures.

> And as others have pointed out, plausible deniability isn't a panacea.
> It's only really useful in the case where your adversary must prove
> their assertions to an independent fourth party beyond reasonable doubt.
> It might keep you out of jail in a well-functioning democracy, but it
> won't save you from the mafia, the CIA or Kim Jong Un.
I am well aware of that. Although deniable encryption is not a panacea
it is an improvement. It gives less power to the correspondent to blackmail.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Questions about particular use cases (integrity verification w/o private key, add E flag to primary key, import secp256k1 key)

[Mario Castelán Castro]

On 31/08/17 17:49, s7r wrote:
>> You can use hash(private_key_1) to seed a cryptographically secure
>> pseudo-random number generator (E.g.: AES in CTR mode with the seed as
>> the key), and then use that random stream to generate (private_key_2,
>> pubic_key_2.
>>
>> This is a method applicable in general. The algorithms of private_key_1
>> and private_key_2 need not be the same, nor do they need to be defied
>> over the same curve.
>>
>> The only problem is that I do not know of a program to do they key
>> generation from a user-provided seed.
> 
> This will do for my use case.
> 
>> Please stop talking about "secp256k1 keys".  You do not have secp256k1
>> keys.  You have ExDSA or ECDH keys which are not interchangeable with
>> each other.
> 
> I think I asked in a wrong way. I do not necessarily need for both the
> primary key and the secondary key (key with Encryption capability) to be
> the same secp256k1 curve / ExDSA key / ECDH key, etc. -- all I need is
> for them to be reproductible at any time, any where, based on some seed,
> or sha256 hash of a user-generated password, etc. It's irrelevant if
> they are totally different keys that work in different ways, the only
> feature needed is to be able to reproduce them from scratch any time,
> and be able to decrypt the data.

You can use the same scheme that I described. The only difference is
that you use a hash (say, SHA-256) of the seed provided by the user as
the seed of the CSPRNG, instead of the hash of a private key (as I
originally described)

The only thing that is still missing is software that implements
deterministic generation of DSA and DH keys over secp256k1 given a seed.
You can either find one already written, write it yourself, or pay
somebody to write it for you (possibly as a modification of GNU PG).

Note that you will need to know the seed *and* the method of generation
so that you can re-generate the key in the future if it becomes
necessary. You can store the program used for the key generation in a
place where it will remain available in the future, for example, in the
same place where you store your backups, or print the source code. The
generation program needs not be kept secret. Only the seed needs to be
kept secret.

> Mario, check this out:
> 
> https://github.com/Jaxx-io/openpgpjs-secp256k1/blob/master/README_secp256k1.md
> 
> Generate keypair from bitcoin key:
> var openpgp = require('openpgp');
> var bs58check = require('bs58check');
> 
> [...]

I can not comment on this library. I have never used it nor do I plan to
use it.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: please help "No pinentry"

[Mario Castelán Castro]

On 31/08/17 16:36, Bereshka Web and Photo wrote:
> it happens all the time, solution is of itself as soon as I ask it on a forum
> or like John Robbins said “My cat, as it turns out, is an excellent debugger, 
> and she has helped me solve a number of nasty bugs when I talked to her about 
> them” :) not exact situation, but little bit similar ) 

I have heard about that. The premise is that explaining a problem
sometimes makes how to solve it evident, especially when explaining that
a program does not work. There is even a web page about something like
that: .

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: please help "No pinentry"

[Mario Castelán Castro]

Well, if the problem is solved then I am glad for you)))

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: please help "No pinentry"

[Mario Castelán Castro]

On 31/08/17 09:12, Bereshka Web and Photo wrote:
> Hello, Mario
> Thank you for your advice and attention.

Hello.

When replying to a message from a mailing list list, please reply to the
mailing list instead of the sender only. Most e-mail clients have a
“Reply to list” button to do this quickly.

>> There are several such
>> pinentry programs. You can install several of them but you just need one.
> 
> for example? is this program is not in the package of Gnupg? 
> I use Mac

A pinentry program may or may not come with GNU PG. It depends on how
you install it. If you compiled from source (you would know if you did
that), then you need to install pinentry separately.

If you used a third-party software bundle that includes GNU PG, then it
depends on the choice of the developers of *that* software bundle.

For examples of pinentry programs, take the ones I mentioned in my
previous message.

> well, then why other people on mac don’t have that problems, they just 
> download gnupg and start using, they don’t install anything additionally) 

The GNU PG project does not distribute any binaries for Mac OS X. As for
the people who “download gnu pg and start using it”, I assume they
install a software bundle containing GNU PG. However, although such
bundle may include GNU PG, it is a third-party project, not part of GNU
PG itself.

Anyway, I recommend using GNU/Linux because unlike Mac OS X it is free
software.  Installing GNU
PG in any reasonable GNU/Linux distribution is trivial.

If you want to continue using Mac OS X you probably want to use one of
those bundled made by a third party.

*To summarize:* You are probably using an unofficial software bundle for
Mac OS X that includes GNU PG. The GNU PG developers in general are not
responsible for any such bundle. You must consult the documentation of
your bundle.

Regards.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: please help "No pinentry"

[Mario Castelán Castro]

On 31/08/17 07:20, Bereshka wrote:
> Hello, Dear Creators :) 
> 
> I will very appreciate if you can help me, because I was surfing a lot in the 
> internet looking for an answer, and read tones of forums, but did not find 
> solution.
> 
> So I installed gnupg 2 , command gpg didn’t work in Terminal. I was confused 
> and decided to try Gnupg tools suite, I installed that and created my keys 
> and passphrase. Later I knew that I should type gpg2 in Terminal to work with 
> that. So I got encrypted message and I tried to decrypt it, but it just 
> didn’t show a result, it said that by whom it was encrypted and to whom, 
> that’s all. We decided that it might be a problem because go GPG tools suite, 
> maybe it causes conflict. So I decided to deinstall GPG Tools. Before to do 
> that I exported my public, private, rev certificate, then I deinstalled this 
> software. I located all keys to a folder “keys” at my user root folder). Then 
> I imported all keys through terminal. To check I do —list-keys and I see my 
> imported key and my husband’s key that was imported as well. 
> 
> 
> 1. The problem is that I can encrypt message and send it to him and that he 
> can decrypt it. But when I get encrypted message from him I can’t decrypt it. 
> It does’t ask my passphrase. It asked when I had GPG Tools, but even with 
> asked passpharase with GPG Tools being installed i didn’t get a decrypted 
> message
> Now I don’t have GPG Tools and when I do command gpg2 Enter and insert his 
> message I get this 
> 
> gpg: public key decryption failed: No pinentry
> gpg: decryption failed: No secret key

Hello. GNU PG version 2.* uses a program called “pinentry” to ask for
passwords whenever it requires a password. There are several such
pinentry programs. You can install several of them but you just need one.

If you use GNU/Linux, search for “pinentry” in the listing of package in
your package manager. There will be several such programs. The only
user-visible difference (as far as I know) is the way in which they ask
for password and the look and feel.

If you want a graphical window to ask you for password, install
“pinentry-gtk2”, “pinentry-gnome” or “pinentry-qt”. If you want to be
asked within the terminal emulator, install “pinentry-curses” or
“pinentry-tty”.

I have never used “GPG Tools” so I can not provide any help in this regard.

Regards.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: E-mail with deniable authentication

[Mario Castelán Castro]

Hello. Thanks for your reply. I am aware of the first method as well as
a variation of the second (it had not occurred to me that they both can
use the same key!; I had thought that each correspondent used one key of
his own with a meaningless ID and used only for communication with the
other correspondent). The problem is that these are an extra layer, not
currently implemented in GNU PG or any other software I know of.

I was hoping that OpenPGP had a feature of “deniable authentication of
[writer] to [recipient]”. It can be easily implemented with
Diffie-Hellman as follows.

Writer and recipient have a Diffie-Hellman key over the same group and
know each other's public key.

The writer computers the shared secret per the DH algorithm, and
processes it with a KDF. This is the key to a MAC algorithm (e.g.:
HMAC). The writer send the, the message (either encrypted or
unencrypted), the authentication code, and a nonce (if the KDF requires
it) to the recipient

To verify, the recipient computes the shared secret, the MAC key and the
authentication code of the message. The recipient knows (save for broken
algorithms or leaked private keys) that only the writer or him could
have computed the authentication code for the message. We assume that
the recipient remembers what he has written and what he has not written,
so he can discard himself, leaving the writer as the only option.

The recipient can divulge the message, but he can not prove that the
writer (as opposed to him) wrote the message, even if he is willing to
divulge his private key.

*Maybe* I will implement this scheme sometime in GNU PG as an OpenPGP
extension, if somebody doesn't do it in the meantime.

Alternatively, the writer can write an message encrypted to the
recipient public-key consisting of 3 parts: (1) A message signed by the
writer saying “I am sending *somebody* a secret message authenticated
with MAC algorithm ... and key ...”. (2) The authentication code. (3)
The message itself. The signed message (1) should not include the name
of the recipient. Obviously (3) should not be signed. (2) can be signed
without deniablity implications, but is not necessary.

The most the recipient can do is to prove that the writer wrote “I am
sending *somebody* a secret message authenticated with MAC algorithm ...
and key ...”, but he can not even prove that the writer wrote that to *him*.

Both of these methods require no prior agreement between sender and
receiver.

On 29/08/17 15:00, ved...@nym.hush.com wrote:
> There are workarounds to accomplish this:
> 
> [1] Sender 1 sends a signed and encrypted pgp e-mail to Receiver 1, 
> giving Receiver 1 a 'passphrase'  which they will agree to use for the
> next encrypted messages.
> 
> [2] Sender 1 and Receiver 1 now send conventionally encrypted messages
> with this passphrase, but without signatures.
> 
> [3] They both know that only the person who knows the passphrase could
> have sent it.
> 
> [4] If they want deniability, they can say that the passphrase 'leaked
> out' and anybody who it leaked to could have sent it.
> Alternatively,
> 
> One can generate a keypair with a random name, and send it to the
> other one, and they can both sign with it, but encrypt to their own
> non-shared keys.



-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: E-mail with deniable authentication

[Mario Castelán Castro]

On 30/08/17 00:57, Stefan Claas wrote:
> If your communication partners would use the same software, like opmsg.
> 
> https://github.com/stealth/opmsg
> 
> Or if you would use Bitmessage instead of classic email, then
> you have authenticated/encrypted messages too and can later
> nuke your keys, if needed.
> 
> https://bitmessage.org/wiki/Main_Page

According to  Bitmessage does
writer-receiver authentication (I do not know what is the standard term
for this public key operation; clearly it is not “signing”) with HMAC
using a Diffie-Hellman key derived from the shared secret between writer
and recipient. Thus the recipient can not prove to any third party that
the writer wrote the message (because he also knows the shared secret
and thus he can also compute the authentication code).

But Bitmessage gives me the impression of an highly amateurish job. I
cite the absurd use of AES-256 along with a elliptic curve providing
roughly 128 bits of security (secp256k1). Moreover, anybody who cares to
do so can build an FPGA miner for Bitmessage proofs of work and perform
a denial of service given that many users have only a CPU to compute the
POW.

I would not trust my sensitive data to it.

“opmsg” gives me an even worse impression. It seems to be the work of a
single man, and I do not even see a specification of the format. Also,
from the readme.md

“The private part of the keys which are stored inside ~/.opmsg are NOT
encrypted. It is believed that once someone gained access to your
account, its all lost anyway”

I would not trust a person with this way of thinking to write my
cryptographic software.

Regards.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: E-mail with deniable authentication

[Mario Castelán Castro]

On 30/08/17 21:35, Mario Castelán Castro wrote:
> (2) can be signed
> without deniablity implications, but is not necessary.
Apologies. The authentication code should not be signed either to keep
full deniability.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: key_confusion

[Mario Castelán Castro]

Hello.

Your message is very bad written and I can barely understand it. I will
answer what I have understood.

On 30/08/17 10:40, miz...@elude.in wrote:
> ***
> hi all,
> 
> i do not clearly understand the difference between .asc , .gpg , .sign ,
> .sig , cert and do not know the official_usage & conventions.
> i made my own research before but ... unsuccessfully.

The main specification for OpenPGP (the format used by the “gpg” command
line program) is this: .
*Apparently* it does not specify any file extension.

There are some *conventions* regarding file names. “.asc” is used for
_ASC_II-armored OpenPGP files. “.sig” is used for OpenPGP detached
signatures (generated with “gpg -b”). I think that GNU PG uses “.gpg” by
default for everything else (as long as it is in OpenPGP format).

Anyway, what matters is the content of the file, not the file name. You
can obtain a summary of the content of any OpenPGP file with “gpg
--list-packets < FILE”.

> key is also a certificate if i understood well what i read.
> it looks like :
>   - gnupg uses public.key for being exported on a server_internal 
> operation.
>   - gnupg uses public.asc for being exported on an
> e-mail/mailing-list_external

I have no idea of what you mean by “server_internal operation”. GNU PG
does not interfaces with e-mail at all. Many e-mail clients call GNU PG
in the background, but then GNU PG will do whatever the e-mail client
requests.

Some people use the word “certificate” to refer to OpenPGP primary keys.

Primary keys should not be confused with “revocation certificates”.
*Revocation* certificates are a type of signed message that say “Do not
longer this key; it may have been compromised or it is not longer in
use” in a machine-readable way.

The act of signing a key (that is, giving your word that the key belongs
to whoever it claims to belong) is also called “certification”, and the
resulting signature is called a “certification signature” in RFC 4880.

> operation.
>   - gnupg uses cert for server/vpn = multiple keys
>   - key = gpg = cert ?
>   - cert = sign = sig = every keys (subkeys inc

luded)
>   - cert = gpg = soft/file encrypted
>   - cert = asc = sign = sig = gpg = gpg2 ?
> --- is it not the same ?

GNU PG is the name of the software. “gpg” is the name of one of the
command line programs that GNU PG provides. I do not understand the rest.

> i do not clearly understand the difference between .cert .asc , .gpg ,
> .sign , .sig and do not know the official_usage & conventions.
> - could i rename the public.* as .sign and what is the difference using
> .sig ?
> - could i export the public.key on the hkps-server or must i use the
> public.asc ?
> - could i rename public.asc in public.gpg2 ?
> ... and the same questions come in my mind about the *SUMS files.
> ... and the same confusion about user-id , fpr , e-mail :
> --- is it not the same ?

These are all misguided questions. The filename is irrelevant. The file
extensions are there for *you* to help you recognize the files, not for
GNU PG.

> have you a link where all these embarrassing questions are clearly
> explained ?

Look at the “Documentation” page in the GNU PG web site
.

> OFF-TOPIC : could gnupg add a special option in his settings/option :
> quantum resistant ?
> I mean an embedded version of codecrypt.

I am not a developer of GNU PG, but I assume that public-key algorithms
resistant to quantum computing will be standardized (by some standard
group like the IETF) and added to GNU PG *when* the need arises, just as
support for ECC was recently added.

*Currently* the factorization and discrete logarithm algorithms are
enough. Also note that symmetric encryption algorithms are minimally
affected by quantum computing. GNU PG implements, for example, AES-256
and SHA-512 which should be strong against quantum computers if they are
strong against classical computers.

Instead of worrying about quantum computers, worry about proper security
practices as the end user. The chain is no stronger than the weakest
link, and the user is almost always the weakest link.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

E-mail with deniable authentication

[Mario Castelán Castro]

Hello.

We have OpenPGP/MIME to sign and encrypt e-mail, thus securing the
communication. It is my understanding that the other party can publish
the signature and the unencrypted message and thus prove that somebody
in the possession of the private key wrote (or at least signed) the message.

One way to do deniable authentication is to take a shared secret.and use
that as the key to a MAC function. However, this does not seem to be
implemented in OpenPGP, although it could be done as an additional layer.

Is there any existing, convenient way to do deniable authentication for
e-mail?

Thanks.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Questions about particular use cases (integrity verification w/o private key, add E flag to primary key, import secp256k1 key)

[Mario Castelán Castro]

On 29/08/17 02:09, s7r wrote:
> I understand that the first one is ECDSA and the second is ECDH, but
> can't I use the same secp256k1 key (if I import it) but in different two
> representations (ECDSA representation for Sign and Certify and ECDH for
> Encrypt)?

> The subkey might have a different fingerprint because it's a
> different representation of course but this is not the concern, the
> concern is for both to be computed from the same imported private key.

You can use hash(private_key_1) to seed a cryptographically secure
pseudo-random number generator (E.g.: AES in CTR mode with the seed as
the key), and then use that random stream to generate (private_key_2,
pubic_key_2.

This is a method applicable in general. The algorithms of private_key_1
and private_key_2 need not be the same, nor do they need to be defied
over the same curve.

The only problem is that I do not know of a program to do they key
generation from a user-provided seed.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Questions about particular use cases (integrity verification w/o private key, add E flag to primary key, import secp256k1 key)

[Mario Castelán Castro]

On 28/08/17 22:27, Robert J. Hansen wrote:
> secp256k1 is a certain field of numbers in which elliptical curve
> operations may be defined.  It is not an algorithm.  You do not have a
> secp256k1 key.  You have an ECDSA key which operates in the curve
> defined by secp256k1.

Although elliptic curves are defined *over* a field, they are not
themselves a field (or at least, I am not aware of any way to define a
field over them).

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Newbie Question: Creating a Key Server using GNUPG tools

[Mario Castelán Castro]

On 27/08/17 04:40, arznix via Gnupg-users wrote:
> I am developing a closed mesh network application where
> I want to encrypt the traffic using PGP. The local network
> will have no access the the greater worldwide web so it
> will not be able to access existing trusted Key Servers.

If it is an isolated network, it is a small network. Maybe it will be
more convenient to simply export all the keys the ordinary way (“gpg
.--export KEY1 KEY2 ... KEYn” and distribute that through the network.

> Any links to sample code would also be great. The system is being develop with
> Linux as the operating system for the servers attached to the mesh network.

Linux is a kernel. You mean the GNU/Linux operating system
.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Is it possible to certify (sign) a key using a subkey?

[Mario Castelán Castro]

On 2017-08-17 23:25 -0400 Daniel Kahn Gillmor 
wrote:
>I still don't think this is a good justification, fwiw.  If you think
>you'll be making these certifications for other people to consume,
>please do those other people a favor and just use your primary key.
>The OpenPGP world has a habit of trying to make things too fancy.  Keep
>it simple!

I really do not follow your argument (if any). Whether I sign with my
primary key or a subkey is a low level detail. There is no any additional
difficulty encountered by the user who verifies a certificate made by a
subkey, assuming he is using a capable OpenPGP implementation.

This is a low level detail that is for the most abstracted from the user by
the implementation (GNU PG), just as users need not know number theory in
order to use public key algorithms, they need not be concerned of whether
I use my primary key or a subkey for certifying.

>> Also, using a subkey for signing still has a size advantage. If you
>> have, say, 5 keys signed by my ECC subkey. there will be less size  
>
>Where are you trying to save these bytes?

In my own and other people's keyrings and in key servers.

>I don't know of a way to change usage flags on an existing subkey with
>GnuPG without modifying the source.
>
>You can add a new subkey with your chosen usage flags in --expert mode,
>though.  But i don't recommend it.

Like I said in a previous message, even using “gpg --expert
--edit-key” (GNU PG version 2.1.18 as shipped in Debian 9), I do not get
the option to toggle the certify capability when adding a new subkey, not
even if I choose the option “choose your own capabilities”.

Hmm... it looks like I will have to do some programming. This is not good.
GNU PG should already have this feature.

Regards.


pgp_X7CTrVKt8.pgp
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Is it possible to certify (sign) a key using a subkey?

[Mario Castelán Castro]

On 17/08/17 18:49, Daniel Kahn Gillmor wrote:
> aiui, your main goal was because the certifications are smaller, but
> you're still requiring people to fetch your larger primary key.  if you
> want to really minimize the size, just make a new OpenPGP key that is
> ECDSA-only.

I have chosen RSA as a “known good” algorithm for the primary key
because if I chose a different curve or algorithm for elliptic key once
I have the required knowledge to make an informed decision it will be
more convenient to change only a subkey than to generate a new primary
key. For example, I can keep the signatures (certifications) that I
accumulate during that time on my key, supposing I have the opportunity
to go to a signing party.

Also, using a subkey for signing still has a size advantage. If you
have, say, 5 keys signed by my ECC subkey. there will be less size

Anyway, my question still stands: How can I enable the certificate
capability on a subkey with GPG?

Regards.



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: export secret subkeys

[Mario Castelán Castro]

It is my understanding that --export-secret-subkeys outputs a *dummy*
(not the actual key) for the private part of the primary key, hence the
output of --list-packets.

The “gpg” man page says “The second form of the command [i.e.:
--export-secret-subkeys] has the special property to render the secret
part of the primary key useless;”.

Regards.

On 17/08/17 08:39, Dirk-Willem van Gulik wrote:
> [[elided]]
> 
> Instead the output of --list-packets (and the file size) suggests that both 
> the master and the subkey are exported.
> 
> Output below - followed by a script to reproduce.
> 
> Or am I misreading this ?
> 
> [[elided]]



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Is it possible to certify (sign) a key using a subkey?

[Mario Castelán Castro]

No, it does not have the certify capability. How can I enable this
capability?

If I add a subkey with  “--expert --edit-key” no option is given to
enable certify capability (as mentioned in my previous message), only
sign and authenticate in the case of ECC keys and sign, authenticate and
encrypt in the case of RSA keys.

This is version 2.1.18 of GNU PG as shipped by Debian 9.

Regards.

On 16/08/17 23:17, Robert J. Hansen wrote:
> [[elided]]
> 
> Does the subkey have the certify capability on it?  If the subkey isn't
> marked for certifying, it can't be used to certify.



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Is it possible to certify (sign) a key using a subkey?

[Mario Castelán Castro]

Suppose I would like to sign another user's key using one of my
secp256k1 subkeys, instead of my primary key, because it generates
smaller signatures. gpg does not appear to support this. If I try to
generate a subkey with certify capability “gpg --expert --edit-key ...”
and then “addkey”, the option to toggle capability is not shown. Also,
if I try to force gpg to use an *existing* subkey for signing another
key with “gpg -u FINGERPRINT1! --sign-key ANOTER_KEY” (where
FINGERPRINT1 is the fingerprint of the subkey, and it is followed by “!”
to try to force use of this subkey) it still uses my primary key.

Why is this behavior? I took a glance at RFC4880 and I could not find a
requirement that only primary keys are used for certifying, although it
is very possible that I just missed it.

Regards.




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Can I pass the password from the command line?

[Mario Castelán Castro]

El 15/12/15 a las 17:21, Anthony Papillion escribió:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 12/15/2015 5:07 PM, Andrew Gallagher wrote:



On 15 Dec 2015, at 22:58, Anthony Papillion
 wrote:

I'd like to script encryption and decryption from the command
line. Is there a way to pass the encryption passphrase to GnuPG
from the command line.


I don't think there is a password parameter, and I'd strongly
recommend not doing it even if there was. Many OSes make the
command line parameters of processes available to any local user.

Have you tried piping the password to stdin?

Andrew


Thank you for the quick answer, Andrew. After thinking about it, I can
see the absolute folly of having something set up the way I requested
and I appreciate you pointing that out. I had not thought about piping
to stdin - never even crossed my mind!

Thanks again!


I recall that there is an option "--passphrase-file", which can be used 
to pass the password programatically. Of course, make sure that the file 
has secure permissions since it's created (or at least, written to) to 
store the password.



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Continued PKA problems on Windows

[Mario Castelán Castro]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

March 3rd in gnupg-users@gnupg.org, thread Continued PKA problems on
Windows

Sean: get a real operating system as GNU/Linux, see a list of free as
in freedom distribucions in
http://www.gnu.org/distros/free-distros.html

cryptography on a propietary platform don't gives real security, you
don't know what they (The owners) are doing with your unencrupted
data.

Plus, as with any other propietary software it don't respect your
freedom, see www.gnu.org.

Good luck.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEAREIAAYFAkuPNbYACgkQZ4DA0TLic4gZXQCfQ+XQ2ytkSF2OugqZOcqhoDcx
bIAAnRctvNXvgtlTebKsUNXAP0853EfX
=o0Jd
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to give the keywork from command line.

[Mario Castelán Castro]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

February 27th 2010 in gnupg-users@gnupg.org thread Hot to give the
keyword from the command line

Also, if you encrypt to a key, you shouldn't need to provide a
passphrase at all, unless you need to sign the file too.  I get
nervous about passphrases in batch files...

I'm using the symetric AES, so I need a keyword.

Indeed.  If you have to encode a passphrase in a batch file or other
piece of code that calls GPG, it's worth asking yourself why you have
a passphrase there at all.  You might want to just remove the
passphrase altogether.

No, because the backups are stored on my USB memory stick, and they
are easy to loose, plus I often forget things, so with the password
there should't be a risk if I lose the memory stick.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEAREIAAYFAkuMVVIACgkQZ4DA0TLic4hCwQCeKLiu3a/CP7sR6BLf9EnhVyff
Q7gAniLxaDwpVVyp0KpTZ5bQ6fQ5nT5y
=8Grs
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to give the keywork from command line.

[Mario Castelán Castro]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

February 27th 2010 in gnupg-users@gnupg.org thread Hot to give the
keyword from the command line

Thanks Laurent, it works :).
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEAREIAAYFAkuKjnwACgkQZ4DA0TLic4gvbACeI6iz3fXlywEgkFDFsCelyCT5
IVwAn2l44dnfM0URtyYmP+dpVSWFN4Ad
=o3X7
-END PGP SIGNATURE-

2010/2/28 Laurent Jumet laurent.ju...@skynet.be:
 Hello Mario !

 Mario Castel n Castro mariocastelancas...@gmail.com wrote:

 Hi, I'm doing a bash script for pack (Tar), compress (lzip or bzip2)
 and encrypt (GPG with Rijndael 128) very important files, but is
 supposed to be non interactive, shouldn't ask the user for password
 when executed, please can you tellme how I can give it from the
 command line arguments?.

    Using
 --passphrase-file FILE
    means that the first line of FILE will be used as passphrase.

 --passphrase STRING
    uses STRING as the passphrase.

    Additionnaly, you'll probably need all or some of the switches:
 --batch
 --no-tty
 --yes
    to suppress console interaction.

 --
 Laurent Jumet
      KeyID: 0xCFAF704C


 ___
 Gnupg-users mailing list
 Gnupg-users@gnupg.org
 http://lists.gnupg.org/mailman/listinfo/gnupg-users


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

How to give the keywork from command line.

[Mario Castelán Castro]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

February 27th 2010 in gnupg-users@gnupg.org thread Hot to give the
keyword from the command line.

Hi, I'm doing a bash script for pack (Tar), compress (lzip or bzip2)
and encrypt (GPG with Rijndael 128) very important files, but is
supposed to be non interactive, shouldn't ask the user for password
when executed, please can you tellme how I can give it from the
command line arguments?.

Thanks in advance.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEAREIAAYFAkuJ3qcACgkQZ4DA0TLic4jAFwCdF4dw5dH3JstLYfPV5I0HHjDM
NogAoI2n3PJZ6b2h67Y7T1UTaEEQrd/v
=CxjD
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Web of Trust itself is the problem

[Mario Castelán Castro]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

January 12th 2010 in gnupg-users@gnupg.org thread Web of Trust itself
is the problem

Actually I was quoting Robert Holtzman, not Robert J. Hansen, sorry
for not including the full name.

I have no time now to read those texts because my holidays ended
alredy :(.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEAREIAAYFAktM48YACgkQZ4DA0TLic4j5CQCeOKzabnsWhEDJV9P6d4CoA8uW
t3MAn26T7s6uB3GqQqThCj7oZw8F4XGG
=6Jk1
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: very short plaintexts symmetrically encrypted

[Mario Castelán Castro]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

January 10th 2010 in gnupg-users@gnupg.org thread very short
plaintexts symmetrically encrypted

then there should be some sort of alert or advisory that the
plaintext should be a minimum length (whatever that minimum length or
alert/advisory should be, i leave it up to the developers or the ietf
open-pgp wg ;-) )

I don't think that the Open PGP standard should include alerts because
that would unable non internative implementations to fully comply with
the standard.  IMO much beter would be the support for automatic
padding, or maybe it is alredy in the standard but I dont ever
noticed, I have really not readed at detail the RFC4880.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEAREIAAYFAktKAIMACgkQZ4DA0TLic4g6dgCgjzbbuTpcaKL6SqDJkVyzSCH+
u5YAmwSW/FDXUysU3sxjeuVjFVDin++G
=0Kux
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encrypting with an message expiration date

[Mario Castelán Castro]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Januarty 3rd 2010 in gnupg-users@gnupg.org thread Encrypting with an
message expiration date

self-destructing data is a big fallacy, is almost the same issue as
computer virus.

There is no data/software (Software is data) that act by itself, it
should be interpreted to take an effect.  A computer virus is a
malware that you run accidentally.  From my old days with Windows I
remember those malware in CD-ROMs with an run.ini inside (Or something
similar) that tells W to run the malware.  That virus is not self
acting, just that operating system is designed to interpret those
run.ini.  Not even the Operating System is self acting, you instructed
the CPU to run it!.

 GnuPG-Users:

 Is there a way to force an expiration date when encrypting a message
 for additional security. I have a friend who is inquiring. I've
 already informed him of the for his/her eyes only option.

There is no real way to *enforce* an expiration data.  In the same
manner virusses don't act by itself, data don't self destructs, just
the user runs the program to enforce the expiration date without ever
notice.

They user may simply chose to not run the program or to copy the data
and put in a safe place like an DVD before it gets deleted.  There are
of course, methods that make this much more hard, and almost
impossible, like the ones currently used for DRM.

The only kinda effective way I see to efectiveley enforce data
deletion are IC with a storage of energy inside (Say, supercapacitor)
that destroys the data (Ethier by zeroizing it or to detonate an small
explosion to destroy the internal of the IC) when ethier the energy is
too low, someone try to open the IC or too many bad keys are entered.
This IC would be self acting of course, as it is a phisical object but
it would be very very expensive or maybe impossible to build and no
one warranty they can be found methods to deactivate the protection
methods without delete the data.

DRM-like software wouldn't be usefull at all as software can be run in
simulated enviroments and removed, and it may be morally unaceptable
but that depends on the exact use I think.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEAREIAAYFAktA8pcACgkQZ4DA0TLic4jWAwCdFV1sfexBOYUwIvYkeDZlySgm
l8gAn2vsJr/ln7sP4Ch1ySuSMZlgztLG
=gBku
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Can't import valid GPG keys in Ubuntu

[Mario Castelán Castro]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

November 6th 2009 for gnupg-users@gnupg.org thread Can't import valid
GPG keys in Ubuntu

Hi, I think than keys got imported sucefully but please do not write
personal messages for technical support, write it to list (Or with
carbon copy to list).

I personally usually have no time nor english fluidity enought to
response very often in the list, much less to response to a dobut
personally sent.

In advance, thanks by your understading

Regards.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEAREIAAYFAkse990ACgkQZ4DA0TLic4htXACffqxFwCxtlS3evqHPRrlzr2mQ
aBsAnjXS3x3NWAt8GXI7DhpazSIkUw35
=ZOW9
-END PGP SIGNATURE-

2009/12/7 George Mathews haveyouwor...@aol.com:
 Please forgive me if I'm not proceeding correctly.  I've never used this
 kind of forum before, so feel free to set me straight on anything I do
 wrong.
 I used:

 --import PATH_TO_KEY_FILE

 and got:

 gpg: key lettersandnumbers: public key my name m...@email.address imported

 gpg: key lettersandnumbers: secret key imported

 gpg: key lettersandnumbers: my name m...@email.address not changed

 gpg: Total number processed: 2

 gpg:               imported: 1  (RSA: 1)

 gpg:              unchanged: 1

 gpg:       secret keys read: 1

 gpg:   secret keys imported: 1

 So it looks like I should have a secret key imported, but when I look in any
 of the three programs that I'm familiar with, it looks like I don't have any
 keys.

 Mario Castelán Castro wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 November 6th 2009 for gnupg-users@gnupg.org thread Can't import valid
 GPG keys in Ubuntu

 Try to import keys from command line, gpg --import PATH_TO_KEY_FILE.

 And switch to a truly free distribution!, ubuntu contains blobs and
 lots of others propietary programs.
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.9 (GNU/Linux)

 iEYEAREIAAYFAkscbe0ACgkQZ4DA0TLic4gNngCggNBKJMoJbQtRBl0wHb8QJVFf
 cIYAn33T/T9owGO5oCkWyYe6SYbCdBVC
 =wGkP
 -END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG private key resilience against off-line brute-force attacks (was: Re: Backup of private key)

[Mario Castelán Castro]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

November 28th for gnupg-users@gnupg.org thread GnuPG private key
resilience against off-line brute-force attacks

Entropy is a relative thing AFAIR:

For one who knows than a password was generated by using diceware the
entropy will be 7776^n + 7776^n-1 ... 7776^1 where n is the number of
words.

For one who knows the lenght of password the entropy will be 256^n
where n is the length. If it is know than it is english text entropy
would be (26+26+10)^n.

In contrast for one who do not know how password has been generated
the entropy will be as if it were a random one.

In short the apparent entropy of passowrds depends of how many the
atacker know of it.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEAREIAAYFAksRVbsACgkQZ4DA0TLic4iwsgCfSpBGgu2zIYTL98CTde7QgTBu
u9sAn3fgOtJhGoj4QTXgm6A1IjE+n4HU
=t1Dq
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG private key resilience against off-line brute-force attacks (was: Re: Backup of private key)

[Mario Castelán Castro]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

November 28th 2009 for gnupg-users@gnupg.org thread GnuPG private key
resilience against off-line brute-force attacks

Loop unrolling only gives more performance in very small loops, for
not so small ones there can be in fact a performance penality since as
the unrolled code is great it leaves less cache for data.

The complexity of a S2K algoritm is constant for variable input and
constant iterations, in other words, it is O(1) but this O(1) assumes
constant number of iterations, if we consider that factor the
complexity would be O(iterations).

So that O(1) than you say is correct but meaningless in this context.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEAREIAAYFAksRpCIACgkQZ4DA0TLic4iEUACgjxnvVcF0JXiBI3MuMv8HHwdY
+P4AniUvv+j5Ysg99Qc+xDZ9e1LnCzxS
=h116
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG private key resilience against off-line brute-force attacks (was: Re: Backup of private key)

[Mario Castelán Castro]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

November 28th 2009 for gnupg-users@gnupg.org thread GnuPG private key
resilience against off-line brute-force attacks

Ciprian: Wath you say is possible but useless.

One could build a machine who computes anything in only 1 clock cycle
or than not even need clock cycles: there are circuits than change it
output as it input is changed without need of a pulse (Usually from a
clock, it is: constant frecuency pulse generator) but the change is
not inmmediate. As the compexity (Circuit complexity, not
computational complexity) increases the delay betwen input change (Or
clock signal) and output change becomes greater and greater thus they
operating frecuence is low.

So, yes, it can be built a machine than compues the S2K in one clock
cycle, but it clock cycle shold be of very very low frecuency thus
having the same performance as a machine than computes a S2K in say,
20,000 cycles but with much faster cicles.

This is the contrary version of the megahert myth: More cycles, more
speed than assumes than a 2.4 GHz CPU have the same eficiency per
cycle than a 3.2 one. You instead think than more eficience per cycle
gives more performance, your mistrake is than the cycles will be
larger and frecuency much lower.

Performance = Frecuency * Performance of each cycle. Sometimes one can
make cycles 2 times more efficient but frecuency only 20% lower as
intel do with P4 to Core 2 but this tradeoff can't be repeated infite
times. There are some point where slighty more efficient cycles
provokes a much more loss in frecuency and therefore the overall
performance will be low.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEAREIAAYFAksRwJ4ACgkQZ4DA0TLic4il2QCeKXlMID7S0K8/ay3JuWCqvxrP
Kq8An1GDC/bGlgbwjGr8ebrdRAPgJ+H4
=o+UI
-END PGP SIGNATURE-


2009/11/28 Ciprian Dorin, Craciun ciprian.crac...@gmail.com:
 On Sun, Nov 29, 2009 at 12:29 AM, Mario Castelán Castro
 mariocastelancas...@gmail.com wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 November 28th 2009 for gnupg-users@gnupg.org thread GnuPG private key
 resilience against off-line brute-force attacks

 Loop unrolling only gives more performance in very small loops, for
 not so small ones there can be in fact a performance penality since as
 the unrolled code is great it leaves less cache for data.

 The complexity of a S2K algoritm is constant for variable input and
 constant iterations, in other words, it is O(1) but this O(1) assumes
 constant number of iterations, if we consider that factor the
 complexity would be O(iterations).

 So that O(1) than you say is correct but meaningless in this context.
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.9 (GNU/Linux)

 iEYEAREIAAYFAksRpCIACgkQZ4DA0TLic4iEUACgjxnvVcF0JXiBI3MuMv8HHwdY
 +P4AniUvv+j5Ysg99Qc+xDZ9e1LnCzxS
 =h116
 -END PGP SIGNATURE-


    Again, as I've replied to Mario (off-the-list, below the excerpt
 for the rest of the list), by pipe-lining I assumed something like a
 hardware SIMD architecture.

    But I do agree that for a software-based implementation the
 iteration count does imply O(iteration_count) time complexity (which
 is constant). But not for a hardware implementation, where I can trade
 O(1) (and by `1` I don't mean constant, I actually mean `one
 heart-beat or a small number of hardware cycles`) in time with a O(n)
 in hardware complexity.

    In short:
    Now imagine that we construct `iteration_count` many hardware
 based `hash` blocks.

 password - (hash) - ... iteration_count ... - (hash) - output

    Could someone prove me wrong? (I'm not a hardware expert, but I
 believe it's technical possible.)

    Ciprian.


 On Sat, Nov 28, 2009 at 7:20 PM, Ciprian Dorin, Craciun
 ciprian.crac...@gmail.com wrote:
 On Sat, Nov 28, 2009 at 7:08 PM, Mario Castelán Castro
 mariocastelancas...@gmail.com wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 November 28th for gnupg-users@gnupg.org thread GnuPG private key
 resilience against off-line brute-force attacks

P.S.: I'm also aware of the fact that iterations do not help at all,
if a big-budget agency (NSA and the like), is going to build a
hardware based brute-force key breaking, as they can build a pipeline
of iteration functions that would try one key in O(1) time. :) (Or
I'm wrong here?)

 Pipelining do not make iterated functions go to O(1)!. They are faster
 but still of the same complexity. So: more iterations, more time that
 it took to calculate, be the CPU where ejecuted pipelined or not.
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.9 (GNU/Linux)

 iEYEAREIAAYFAksRWPcACgkQZ4DA0TLic4hC/QCfe9k3PybJ7X4W0oApBuob1OWh
 yjAAn2tYiBK3yUZkAQh8dcWwwlrgxUU5
 =Om9a
 -END PGP SIGNATURE-


    By pipeline-ing, I don't mean what we have in CPU's.

    I assume that the general working principle of the iterations work
 like this:
 
    password = ...
    iteration_count = ...
    hashed_password = password
    for i in range (0

Re: Is it possible to decide what is a gpg file?

[Mario Castelán Castro]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

November 19th 2009 for gnupg-users@gnupg.org

IMO steganography should be mixed with cryptography to be secure.

As example: LSB in pictures (Unless you have a professional camera)
will be random (High entropy and no predecible). You can replace it
with ciphertext (Undistinguible from random noise) and no one will
note the difference.

Of course if instead of replace the LSB with direct ciphertext you put
an GPG encrypted file the magic numbers will prove than there is an
encripted message. It can't be decoded w/o the key but you can be
forced to give the key.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAksF/1IACgkQZ4DA0TLic4gcdwCeO4Pj4CNLNDfP3QmLbZFGT4nz
zJUAni/BqPbPJEEqJbOTg44EED5McgeK
=LFjl
-END PGP SIGNATURE-

Note: resent because the first wasn't sent to the mailing list.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Is it possible to decide what is a gpg file?

[Mario Castelán Castro]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

November 17th for David SMITH dave.sm...@st.com

Linux do not have a file command, that belogs to the rest of the OS.

Linux is only a kernel than is commonly used with the GNU Operating
System, but the name for that system is GNU or GNU/Linux.

In advance thanks by your understanding.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAksDDTEACgkQZ4DA0TLic4h7rQCePxYym6G2KLhhdiNxCZR3U17S
7YUAnA88xhLNkHO/LsTXLBWsR6Ed9+s2
=Wzjs
-END PGP SIGNATURE-

2009/11/17 David SMITH dave.sm...@st.com:
 On Tue, Nov 17, 2009 at 10:52:29AM -0500, Melikamp The Medley wrote:
 Sorry if you get two of these, I screwed up while subscribing
 to the list.

 I have a question relating to the symmetric encryption. If I do

 gpg -c foo-file

 and enter a passphrase, I get an encrypted foo-file.gpg.
 Is there a way to tell that it is an encrypted file just by
 looking at the contents? I mean, is there a reliable way to
 tell that something is _not_ an encrypted file?

 Depends on what you mean by reliable...

 I'm sure if you read RFC-4880, you could work out a byte pattern that
 would give a very good indication, for most practical purposes.

 However, it would probably be possible for someone to generate a file
 artificially in a deliberate attempt to fool the filetype detection
 mechanism.  So, it's not reliable because it can be fooled
 intentionally, but for most likely scenarii (i.e. where people aren't
 deliberately trying to fool it), it would work.

 If you're running on UNIX (particularly Linux), look at 'man file'.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Problem with the agent, gpg2

[Mario Castelán Castro]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

November 17th for gnupg-users@gnupg.org

I need GNU PG 2 because i want to get out of the 1024 bits limit and
SHA forced for DSA, i want my next key (2010-2012) to be more secure
and accept some SHA2.

Charly Avital: Please note than Linux is a Kernel mixed commonly with
the GNU Operating System, a correct name for that mix is GNU/Linux,
but only Linux is not correct.

In advance thans by your understanding.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAksDD4MACgkQZ4DA0TLic4j9sgCbBG1tEGBnJ1aZ2OKt0owqXRYQ
jToAnRHmLg0TUxCdKr7LbyZqJCJbTctO
=L9WA
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Is it possible to decide what is a gpg file?

[Mario Castelán Castro]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

November 17th 2009 for gnupg-users@gnupg.org

Hi, I suggest to search for steganography, the cience/art of hidding
messages.

I never used a program than do steganography but search for one, there
must be a lot of free (as in freedom) ones. LSB steganography is very
easy to implement.

Remeber than a lot of (Wath appears to be) random data is
incriminatory and you will be forced to say the cipher and key
used. Depending of the
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAksDXe8ACgkQZ4DA0TLic4gBagCgh8QaOzqX5kpbJtNznIiFD6AL
mVwAmgLQprgxQaC/fYNWB7BlfM4tyt/L
=XjGI
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Problem with the agent, gpg2

[Mario Castelán Castro]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

November 17th for gnupg-users@gnupg.org

Thanks by the --enable-dsa2 tip.

Someone can tellme wath line should i put on my gpg.cong?.

BTW I also want to remove sha1 from my key preferences. I understand
than the standard requires to support sha1 but i do not want to
that. Maybe soon the computing power becomes cheap enougth so sha1 is
in the range.

PD: I will not loose my time repeating why GNU/Linux should be called
GNU/Linux, it is alredy explained very well in
http://www.gnu.org/gnu/gnu-linux-faq.html. Is pointless to discuss
with obstinate people who do not admit his mistrakes.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAksDVG0ACgkQZ4DA0TLic4hQngCeK4QrWOWsvrvtU1MoK/XfgjgI
yrMAn0+rJcKX+5U2vwX43qwTezGP9AlC
=HWeP
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Problem with the agent, gpg2

[Mario Castelán Castro]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

November 16th 2009 for gnupg-users@gnupg.org, subject Problem with
the agent, gpg2

I do not have that pinentry program. GNU PG 1.4.9 (The one than comes
with debian) do not give me that message but i need the new version of
GNU PG.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAksBeLQACgkQZ4DA0TLic4jA7wCfbXD/iWjHZit8UkDUMPzfRhON
C0AAn0jM8FRUSRahxWlWBFbcvsOx59ps
=8Uji
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Problem with the agent, gpg2

[Mario Castelán Castro]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

November 14th 2009 for gnupg-users@gnupg.org subject Problem with the
agent, gpg2

Hi, I sucefulle compiled and installed GNU PG 2.0.12 but when i do
some operation than requires a password i get a message like the
following.

Someone can tellme how to fix it?.

mario...@q6600-0:~/emacs$ gpg2 --clearsign

You need a passphrase to unlock the secret key for
user: Mario Xerxes Castelan Castro mariocastelancas...@gmail.com
1024-bit DSA key, ID 32E27388, created 2009-08-07

gpg: problem with the agent: Not supported
gpg: no default secret key: General error
gpg: [stdin]: clearsign failed: General error

mario...@q6600-0:~/emacs$ gpg2 -c
gpg: problem with the agent: Not supported
gpg: error creating passphrase: Operation cancelled
gpg: symmetric encryption of `[stdin]' failed: Operation cancelled
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkr/hCUACgkQZ4DA0TLic4jJUQCfd23PP6DfUP5rjyJU3zcvhN/q
R8IAniKLskTGDwJq8aXG1arbhkjQvYgE
=+TOZ
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users