Re: [offtopic] OpenGPG Smartcard with keylength 1024
Alexander W. Janssen wrote: Hi, Hi Alexander, Now I have this really cool RSA-Smartcard (based on G10's code, fab'ed by ppc-systems) which does 1024 bits and I'm wondering if anyone knows a source who sells cards with, let's say, 2048 bits. PPC-Systems don't. From what I heard, technically it's no problem to have card with bigger keylengths, although it might become slow - otoh they're probably more expensive. If this is true, an openpgp smartcard could do 2048 bits, but would cost a bit more, I'd be very intrested. Speed is not really an issue, unless of course signing or decryption would take more than say 5 seconds. -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 PGP Key fingerprint = 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end. -- Douglas Adams ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ECC - how does it compare
Sven Radde wrote: Hi! Hardeep Singh schrieb: Its a tool for public key encryption using ECC rather than prime number factoring. AFAIK, some of the really efficient algorithms for the required math are patented. in that case these patents are only valid inside the US, since no EU country accepts patents on software or mathematical algorithms. cu, Sven ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 PGP Key fingerprint = 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end. -- Douglas Adams ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ECC - how does it compare
Robert J. Hansen wrote: Hardeep Singh wrote: What do you all think about this? Should we start building an ECC WOT? :-) As soon as it gets added to the OpenPGP RFC, then we should. Until then, it's premature. So actually, you could, but you need to start lobbying to get it added to the rfc as well in that exact form or your work might be all for nothing. No of course even if it's not part of the rfc, it might be a nice exercise. -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 PGP Key fingerprint = 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end. -- Douglas Adams ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: RSA 1024 ridiculous
Crest wrote: Isn't it more usefull to switch to ECC instead of using that large keys? Does gnupg support elliptic curve crypto? ;-) -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 PGP Key fingerprint = 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end. -- Douglas Adams ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: RSA 1024 ridiculous
Snoken wrote: Hi, I just read the latest CRYPTO-GRAM, June 15, 2007, by Bruce Schneier. He writes: We have a new factoring record: 307 digits (1023 bits). It's a special number -- 2^1039 - 1 -- but the techniques can be generalized. Expect regular 1024-bit numbers to be factored soon. I hope RSA application users would have moved away from 1024-bit security years ago, but for those who haven't yet: wake up. http://www.physorg.com/news98962171.html I suppose this means that 1024 bit RSA-keys are ridiculous and the Open PGP Card is a joke. And what about all web sites protected by SSL with a 1024-bit RSA-certificate? As I read the article, last time it took 9 years to generalize the method used for the special number to any number. Now, my key is valid for one year, and I expect messages protected by that key to be a secret for maybe a year longer, that means that at the current rate I'll be able to use my card for at least 5 more years end maybe longer. And then still, it takes 11 months on a huge cluster of computers to factor out my key, or to compare, all of the compute power available in this country for a substantial amount of time. I guess you're right, if the nsa is after you, you need stronger keys. If it's just anybody else, I'd say you'll be safe for a few more years. Your ssl certificates will have expired by that time, and maybe a 2048 bit openpgp card will be available (at a reasonable prise). Snoken ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 PGP Key fingerprint = 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end. -- Douglas Adams ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: comment and version fields. [Long]
Robert J. Hansen wrote: Does it say that the comment lines I read in the (clearsigned) message before running it through GPG are not part of the signed message, that any third party between the sender and me could have altered them? I would think the line - BEGIN PGP SIGNATURE - would be a tipoff to the fact that the signed portion of the message has ended and data meant for an OpenPGP application's internal use is now beginning. Thus, yes, I do think it's flamingly obvious that anything in the signature block is not part of the signed message. Now, this is true for you and me. Now, take my secretary as an example. She has not installed any pgp/gpg aware software, nor is she an experienced user of cryptographic tools. Do you expect her to correctly interpret these hints? I don't. Now, usually I don't sign messages to people who can't do anything with those signatures to prevent confusion. Which is the entire reason why we have those - BEGIN lines. So that people can see the markers delineating which portions of the message are protected. As has been repeated here ad nauseam, this is not a GnuPG problem. This is not a PGP problem. This is not an RFC problem. This is, at best, an MUA problem and should be brought up with MUA authors who present signed data in a format that makes it easy to mistake things. So now it's blame somebody else? I guess that comments might not be the best idea for the rfc/protocol. Do they serve any purpose in the protocol? No? So maybe they are a problem in the protocol after al. IMNSHO, the comments taint the very purpose of the digital signature. Now as to this being the right mailinglist, this list is for discussions amongst users of gnupg for discussions about the problems they see in the use of gnupg. Yes in an ideal world all MUAs allways hide all gnupg internals for all users all of the time. I guess you are now volunteering to start convincing the people in Redmont? In the mean time, maybe it's easier to think about what the protocol is intended to do and conclude that maybe a comment field is not very useful, and could be counterproductive. (ps, if I want something to be part of a message, I can put it in the signed part of the message just as well... eg. my sig.) -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 PGP Key fingerprint = 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end. -- Douglas Adams ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: comment and version fields.
Robert J. Hansen wrote: p.s. of course I've altered his clearsigned post in this example. But it would still verify properly. This is my point. This is a nonissue. I can't think of a stronger way to put it. The mutability of the comment and version string is well known and clearly documented in the RFC. If you wish to use a tool, you are responsible for knowing the operation of that tool. If you wish to be ignorant, you will remain forever exploitable. There is no technological cure for this. All technological attempts to cure this are doomed to fail. For every human-factors problem there exist technological solutions which are cheap, easy and wrong. I partly agree, this is a human problem, that is, the human being to much exposed to the workings of the protocol. To me (a simple human being) I want to know just one thing: did this message come unaltered from the person who claims to have send it (signature), and can anybody but the intended recepients read it (encrypted). Now as how openpgp accomplishes this is not my problem, I don't want to know anything about it. Version and Comment fiellds are not part of the message, so I should not see them... -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 PGP Key fingerprint = 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end. -- Douglas Adams ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: storing password lists in mails to myself on IMAP?
Robert J. Hansen wrote: Nomen Nescio wrote: Given that this is an IMAP account it's possible those temp files exist on the IMAP server. :-( Can you point me to an IMAP client which does this? Or to part of the IMAP RFC which lists storing arbitrary data for the client's use on the server as a feature? Or an IMAP server which supports this? most mail-clients store draft e-mails on the imap server, thunderbird does this with user-interaction, others might do the same without you knowing. Anything can be stored on the mailserver as a mail-message. Otherwise, this seems to be paranoid fantasy. Not really. I can very well inmagine it happening without you knowing. Of course, local temp diskspace is usually faster than an imap servers, so very few applications will safe unfinished mail on imap without you noticing. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 PGP Key fingerprint = 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end. -- Douglas Adams ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: storing password lists in mails to myself on IMAP?
Robert J. Hansen wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 most mail-clients store draft e-mails on the imap server, thunderbird does this with user-interaction, others might do the same without you knowing. Anything can be stored on the mailserver as a mail-message. That's true. That doesn't mean that MUAs should be thought of as caching your passphrases on the server. If there were MUAs in common use that did this, don't you think someone would have noticed by now? You should if you mail yourself your passwords or passphrases. Highly unlikely nobody would have noticed by now, but be careful with what you do. -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 PGP Key fingerprint = 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end. -- Douglas Adams ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: smartcard and ssh
Alex Mauer wrote: Remco Post wrote: hmmm, more problems. I've decided that the ubuntu packages are broken. I'll try again in a new release or when I gain some more patience ;-) Have you looked for and/or reported the bugs you found? It works for me pretty much out of the box with ubuntu/feisty, less so with earlier releases. Here are the problems I found and what I had to do to fix them: * gnupg was trying to use pcsc-wrapper at the wrong location (see bug #68047, https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/68047 ). It is installed in /usr/lib/gnupg2 rather than /usr/lib/gnupg where the scd is looking for it. This can be solved either by copying the file, or with a symlink. This seems to have been fixed in feisty. ok, that's a nice one * Another was that the ssh-agent support is not enabled out of the box. This may be enabled by editing /etc/X11/Xsession.d/90gpg-agent and adding --enable-ssh-support in the appropriate place (around line 17). I've made a gpg-agent.conf file to the same effect. *The final thing I needed to do was to install the package libpcsclite-dev. This installs the symlink /usr/lib/libpcsclite.so, linked to /usr/lib/libpcslite.so.1.0.0. Or of course, you could create that symlink yourself. This also appears to have been fixed in feisty, though you do still need libpcsclite1 (and pcscd). since normal gpg operations (signing) do work, this doesn't seem to be a problem for me. -Alex Mauer hawke ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 PGP Key fingerprint = 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end. -- Douglas Adams ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: smartcard and ssh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alex Mauer wrote: Remco Post wrote: hmmm, more problems. I've decided that the ubuntu packages are broken. I'll try again in a new release or when I gain some more patience ;-) Have you looked for and/or reported the bugs you found? It works for me pretty much out of the box with ubuntu/feisty, less so with earlier releases. Here are the problems I found and what I had to do to fix them: * gnupg was trying to use pcsc-wrapper at the wrong location (see bug #68047, https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/68047 ). It is installed in /usr/lib/gnupg2 rather than /usr/lib/gnupg where the scd is looking for it. This can be solved either by copying the file, or with a symlink. This seems to have been fixed in feisty. ok, installing gnupg2 and symlinking this file as well as the libpcslite helped, thanks a lot! * Another was that the ssh-agent support is not enabled out of the box. This may be enabled by editing /etc/X11/Xsession.d/90gpg-agent and adding --enable-ssh-support in the appropriate place (around line 17). *The final thing I needed to do was to install the package libpcsclite-dev. This installs the symlink /usr/lib/libpcsclite.so, linked to /usr/lib/libpcslite.so.1.0.0. Or of course, you could create that symlink yourself. This also appears to have been fixed in feisty, though you do still need libpcsclite1 (and pcscd). -Alex Mauer hawke ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users - -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 PGP Key fingerprint = 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end. -- Douglas Adams -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQCVAwUBRcrxnCrZkcVehrp5AQKo2wP9GNeFlAKXH1J6xCml/tCoap16xxqn8lEp JZ99bwap7GpChuX0qEfHZT6KDK5GuVlJgJ8HzkOmERy/lXIw423bR/M1sWJH/DI2 NTeYiGZ0etS9yDGn6fGfHnLZLpN9djbEYTHCehNz7futl+oYFZxygzP6i8jPFsq3 PxqQf3E3rU4= =GUgP -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: smartcard and ssh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Werner Koch wrote: On Fri, 2 Feb 2007 14:00, [EMAIL PROTECTED] said: mope, I didn't. I tried installing it (as part of the gpgsm package) but the /usr/lib/gnupg/pcsc-wrapper seems to be missing in the package :( If you have an USB reader, try using the internal ccid-driver. You need to stop the pcscd first. You may test it with the plain gpg - it will also use the ccid-driver (--debug-ccid-driver helps to detect problems). Make sure that the usbfs is loaded and that the permissions are correct . The smart card howto at www.gnupg.org should be helpful. hmmm, more problems. I've decided that the ubuntu packages are broken. I'll try again in a new release or when I gain some more patience ;-) Normal gpg operations work, it's just the ssh-compatebility and only for the smartcard, well, I gues I can do another few months without, just like the past few years when I suffered a windows desktop ;-) Shalom-Salam, Werner - -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 PGP Key fingerprint = 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end. -- Douglas Adams -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQCVAwUBRcb6yirZkcVehrp5AQKrsgQAmmPinNNA0LUJZbEnI7ioOGZfwD6/7OsP o31ffvu7bsyuXDFbrtA/UD6gZt4xCPe3N3W/4ygQgwbkFGWgedrV9muIqtmbvexL kGzt0p0RiIxXJHZ1El1XBfiV6z0gqNEVBvAZd5AYlK+dyLE6S6IC8tfVVlcwSdLS WjqtcD+d2zE= =j0XP -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
smartcard and ssh
Hi All, just recently I've installed ubuntu 6.10 on my desktop. This comes with gpg-agent 1.9.21. I've set the agent with ssh support, and it quite nicely manages my ssh dsa key, but for some reason ssh-add -l does not show my smartcard rsa key while gpg --card-status does work (as does signing e-mail with my smartcard). Anybody any hint on what might be wrong? -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 PGP Key fingerprint = 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end. -- Douglas Adams ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: smartcard and ssh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Werner Koch wrote: On Fri, 2 Feb 2007 11:15, [EMAIL PROTECTED] said: I've set the agent with ssh support, and it quite nicely manages my ssh dsa key, but for some reason ssh-add -l does not show my smartcard rsa key while gpg --card-status does work (as does signing e-mail with my smartcard). Do you have scdaemon installed? If so, you should put mope, I didn't. I tried installing it (as part of the gpgsm package) but the /usr/lib/gnupg/pcsc-wrapper seems to be missing in the package :( verbose debug 1024 debug 2048 log-file /home/foo/scdaemon.log into the ~/.gnupg/scdaemon.conf and kill the scdaemon process. Make sure that it really got killed. Then do an ssh-add -l again and watch the log file. The log-file: 2007-02-02 13:41:20 scdaemon[5733] can't run PC/SC access module `/usr/lib/gnupg/pcsc-wrapper': No such file or directory scdaemon[5733.0x8096340] DBG: - ERR 100663404 Card error SCD scdaemon[5733.0x8096340] DBG: - RESTART scdaemon[5733.0x8096340] DBG: - OK Note, that gpg-agent starts scdaemon and restarts it if has crashed. Shalom-Salam, Werner - -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 PGP Key fingerprint = 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end. -- Douglas Adams -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQCVAwUBRcM14irZkcVehrp5AQK+4wP/du5tH3w55xUIvpBirr4HbbAw3XWPUTgx Ni5zwYqM1NEr5G9E+Dx81VaNXSiqcabtaZC9sG9iuqUCqGMA8t2N3jv9m4TZ/avi fCWdTuB4RH1QEfgYKZdKzNDpmmInlAuai8/2CVone5mdz1t9G5vpc2uMb28NRwTS PgBg5Oysf9I= =aYNG -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John W. Moore III wrote: The Bottom Line is that nothing is /missing/ in 1.4.x Builds. GPGshell WinPT will *not* work on Linux so GPG-Agent is the Linux version of a 'Shell' for easy manipulation of GnuPG within Linux. _but_ gpg-agent also provides ssh-agent functionality for authentication purposes. This is the _only_ part I'm currently intrested in from gpg v2. Unfortunately, this means I'll have to stick to an ancient beta on windows (yes, my boss makes me use this OS). IMO: You are not being denied anything by sticking with 1.4.x on your Windows Box. My hope is that now that the 2.0 version has been released, more attention will be devoted to development of the 1.4.x BRANCH. And here we disagree... for me, basically forced to use this windows thing as an X-terminal, gpg-agent does add a bit of functionality. - -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 PGP Key fingerprint = 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end. -- Douglas Adams -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQCVAwUBRVmIKSrZkcVehrp5AQIj5wP9HCOTKcB7nBb7n4pSW/6Y35612Us5IW+r +e1eMIorc0vIUgbfTFek0JX5wv+8UFIgqM0xFOLiK+Emo8PeprZ4QlOEwaBcHCOx Lf8X6gxRIveFXE8fnb+AxosSulwmS85NnXZNFIb6AmJjHxe7OpSavKORo1cHmCKD G8OYuiwOlzs= =KgpO -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg-agent and pinentry MacOS
Santhosh.G, ISDC Chennai wrote: Can anyone tell me is there any way to decrypt a file without giving the passphrase at all.plz help WHY??? The whole purpose of encrypting a file is to add a barrier, a layer of authentication, before it can be read. Now, I guess you could potentially create a 'no security'-key... one not protected by a passphrase, but you might as well not encrypt at all. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Werner Koch Sent: Wednesday, September 20, 2006 12:08 PM To: Remco Post Cc: gnupg-users@gnupg.org Subject: Re: gpg-agent and pinentry MacOS On Wed, 20 Sep 2006 08:03, Remco Post said: connect to a remote host. Not to long ago Werner responded that he would think about a change in gpg-agent to facilitate this. Now I was wondering what Werner has thought up? I can't remember the problem. I am using a card based as well as a disk based ssh key the whole day and the caching just works. There used to be a problem solved with gnupg 1.9.21 (June 20). Shalom-Salam, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 PGP Key fingerprint: 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end. -- Douglas Adams ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpg-agent and pinentry MacOS
Hi All, yeaterday I installed Ben's packages for gnupg v2 and pinentry on macos X. They absolutely work as expected, tnx Ben! But, as others (and I) have noted, gpg-agent does not cache pinentries for ssh authentication, which basically means that you'll have to enter your pin every time you connect to a remote host. Not to long ago Werner responded that he would think about a change in gpg-agent to facilitate this. Now I was wondering what Werner has thought up? -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 PGP Key fingerprint = 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end. -- Douglas Adams ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg-agent and pinentry MacOS
Werner Koch wrote: On Wed, 20 Sep 2006 08:03, Remco Post said: connect to a remote host. Not to long ago Werner responded that he would think about a change in gpg-agent to facilitate this. Now I was wondering what Werner has thought up? I can't remember the problem. I am using a card based as well as a disk based ssh key the whole day and the caching just works. There used to be a problem solved with gnupg 1.9.21 (June 20). ok, excellent. I guess my memory isn't perfect then and this must be it. Now I was wondering at work I'm more or less forced to use a windows based x-terminal (exceed on win xp), has anybody done for windows (win pinentry?) like what Ben has done for the Mac? Of course this would only solve half the problem, but still, it would be a big step forward. Shalom-Salam, Werner -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 PGP Key fingerprint: 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end. -- Douglas Adams ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg-agent and pinentry MacOS
Benjamin Donnachie wrote: I think that's been fixed in the latest version. Unfortunately, I was busy packaging up 1.4.5 and haven't had chance to look at gpg2 again. I'll try to get a proper package for gpg2 done over the next week or so. cool, thanks. Take care, Ben -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 PGP Key fingerprint: 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end. -- Douglas Adams ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Need non-writable --homedir
Josef Wolf wrote: Hello! I need a setup where the user running gpg -e -r foobar is not able to modify keyring contents. I tried: # chown -R root:user ~user/.gnupg # chmod -R o=rwX,g=rX,o= ~user/.gnupg Unfortunately, this don't work because gpg does some write operations in its .gnupg directory: 1. It locks the keyring. --lock-never will avoid this. Is it safe to use --lock-never as long as it is guaranteed that _only_ gpg -e is ever run? No key generation, no imports, no signung. Only gpg -e. Is this safe? 2. There's the random_seed file. It is modified at every run. How can I handle this? I bet it would be a security problem should someone be able to read this file. Would it be possible to put it into a different directory? 3. gpg writes temporary files into ~/.gnupg while encrypting. Any ideas? use --keyring, --secret-keyring together with --no-default-keyring (see the manpage) to store the keyrings on some ro media/place and leave the homedir alone? You could even put that in the users (ro) gpg.conf. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 PGP Key fingerprint = 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end. -- Douglas Adams ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Enabling smart card PIN cache ?
Bob Dunlop wrote: Hi, Please, what am I missing ? I'm running gpg-agent as follows: /usr/bin/gpg-agent --enable-ssh-support --daemon /home/XXX/.xsession and have the appropriate enviroment variables set. My ~/.gnupg/gpg-agent.conf contains: # Gpg-agent configuration # Enable SSH support (should be done on command line) enable-ssh-support # Set two hour PIN cache timeouts default-cache-ttl-ssh 7200 default-cache-ttl 7200 max-cache-ttl-ssh 7200 max-cache-ttl 7200 # Allow setting of the PIN by an external agent allow-preset-passphrase I execute the equivalent of echo PRESET_PASSPHRASE keygrip -1 pin | gpg-connect-agent in a startup script and see no error. Yet each and every call to ssh or scp prompts me for a PIN :( Please someone tell me the trick to enabling the PIN cache. gpg-agent for some reason does not cache pins for smartcards I've never seen it work eiter. -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 PGP Key fingerprint: 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end. -- Douglas Adams ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Corrupt file issue?
jkaye wrote: Hello all, I've had some success solving problems here before thanks to the kindness of many of you and thought I would give this another try. We've got an intermittent issue (about once a week) where a daily process that generates a text file, encrypts it and transfers it by FTP will sometimes create a file that the recipient cannot decrypt. If I run the process again, it will produce an encrypted file which is a few bytes smaller than the original file. This new file can be decrypted by the recipient without a problem. Has anyone else encountered a similar issue? Here's the command I use to perform the (signed) encryption: gpg -r key -e filename Any assistance would be greatly appreciated. things that come to mind: 1- binary safe ftp? 2- ascii armor gpg, add -a to your gpg options Thanks, - Jack Jack Kaye Senior Business Analyst Celera Systems LLC (262) 834-0080 x204 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 PGP Key fingerprint = 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end. -- Douglas Adams ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Corrupting files
Tom Thekathyil wrote: A wishes to send message to B. In theory, any encrypted message is like completely random. Question: Is there in theory any way of breaking the corrupted encryption through brute force? Brute force... trying every possible key on a message until the decrypted message makes sense. Since in theory the corrupted message could be the result of encrypting the message with a different key, brute force may yield a different key, but in theory, this added encryption does not add any security. Now, is brute force feasible, no, not against any of the strong algorithms I don't see why one would bother, not in this way. Regards, tt ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 PGP Key fingerprint = 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end. -- Douglas Adams ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpg-agent
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, well, I've been using gpg-agent (gpg v 1.9.20) on both macos and linux for some time now withj my openpgp smartcard. Everything seems to be fairly stable, though I one did experience a crash of gpg-agent on linux. I do have some questions: the GPG_AGENT_INFO envirunment variable contains a process id. I use gpg-agent with a default-socket location. After the crash and subsequent restart everything continued to work, is the pid part of the GPG_INFO var ignored? And in that case, could I just set it to an arbitrary value in the wrapper-script I build for enigmail? (not that I really care). Will that part be removed in a future relase? Though I have some cache-ttl set for both gpg as ssh use, this doesn't seem to work for use with a openpgp smartcard. Collegues do tell me that caching does work with on disk keys. Is this some misfeature/bug or just work in progress? Does anybody have a build of gnupg 1.9.20 for windows(XP) ? I'd like to test gpg-agent with putty. I do have a windows workstation available at work, but no build environment... - -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 PGP Key fingerprint: 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end. -- Douglas Adams -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) iQCVAwUBRCuvmCrZkcVehrp5AQJoLAQAjU9nSCHfkUiYA9mRb2aLjgsWfLsCouW2 ONrIjX86mQPiCWLjo7UVVmMrlwu9qzhHD6l+WGC1HmtMv0s5ixbALXd7Iqo04psB syr7Eb63CtN3Nnv8L9ctG4AXHE2t9FTJAek4wZvow2CWQTNlCgI53kAYKA9KHjfZ /amBoUPz6Go= =3IMH -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is there any GnuPG version which works with Windows Mobile 5.0?
John Clizbe wrote: Sebastian wrote: Is there any GnuPG version which works with Windows Mobile 5.0? No one I know who is building GnuPG for Windows systems is targeting WinCE. Vendors of CE hardware are claiming great compliance with desktop software. That said, have you tried the Windows installer? If so, what were your results? since the xscale cpu found in most wm 5.0 devices is in no way compatible with an ia32 (eg pentium) cpu, this is nonsense. There is some effort on gnupg on wince/wm, but it is nowhere near production ready... more like alpha software. Google is your friend ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 PGP Key fingerprint = 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end. -- Douglas Adams ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [GPGOL] No keys found
Anders Eriksson wrote: Why are you using GPG 1.2.1? There have been several security bugs detected since then, including a few in the last month; you should upgrade to 1.4.2.2 ASAP. I just did and now WinPT doesn't work! It claims that I have an old version of GPG. Sorry your GnuPG version is not compatible. You need at least GPG 1.1.9x or better One would think that 1.4.2.2 is better than 1.1.9x, but ... you'll need to download the latest beta fot winpt from the sourceforge page, it's much better. // Anders ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end. -- Douglas Adams ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OpenPGP card and signing
Michael Bienia wrote: On 2006-03-14 08:23:58 +0100, Remco Post wrote: Michael Bienia wrote: Hello, does signing with the OpenPGP card only work with SHA1 as digest-algo? With SHA1 and RIPEMD160 gpg asks for the PIN but only SHA1 generates a working signature. Trying RIPEMD160 I get: | gpg: checking created signature failed: bad signature | gpg: signing failed: bad signature | gpg: signing failed: bad signature From the basiccard website I read that it only supports sha-1, so this might be true. I noticed the same just recently. A friend who uses his OpenPGP card with enigmail under windows can successfully create a RIPEMD160 signature. I could also create one if I use gpg with pcscd. Can someone explain me, why it works if I use gpg with pcscd and not if I use gpg alone? gpg alone means gpg with ccid I guess, this might indicate a difference in implementation between the ccid and the pcsc parts of the implementation, where the ccid part might not work as designed... Michael ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 PGP Key fingerprint = 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end. -- Douglas Adams ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg-agent cache
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joerg Schmitz-Linneweber wrote: Hi Remco! Am Mittwoch, 8. März 2006 19:47 schrieb Remco Post: ... I've started gpg-agent with: /usr/local/bin/gpg-agent --use-standard-socket --pinentry-program /usr/bin/pinentry-gtk-2 --default-cache-ttl 1800 --default-cache-ttl-ssh 900 --enable-ssh-support --write-env-file $HOME/.gpg-agent-info --daemon --sh /usr/bin/fvwm2 From your mail it's not quite clear if you used the output from gpg-agent (the environment vars)... I would have guessed something like: eval $(gpg-agent --gpg-agent-options) And then start your gpg-agent-using-applications in the same shell afterwards. HTH. Salut, Jörg Ow, Maybe I should have mantioned that I use gpg-agent to start my X windowmanager (fvwm2) and run my applications from there. Of course, gpg-agent does work, I am able to sign/decrypt and even login using gpg-agent, no problem. But apperently, no caching is going on. In the mean time I've moved most of gpg-agent options to gpg-agent.conf with the same effect. - -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end. -- Douglas Adams -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) iQCVAwUBRBU4oSrZkcVehrp5AQLHrwP/XQQ1HKaCedBA+f7JheAgL7ltcohxWZ1x wlVkeBlc4TI3VA4jh1Xls0RXTvDTedGREGg/97WYAF1eVh6BquiZOfymiXH9XoQI 2CK4BSAh2VokuKZENzvZtUxL1lRI9miyxSms26BPokSsf9vhKH+pEmr7gGbAqYZI K2sTOwdJG1s= =xnpX -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OpenPGP card and signing
Michael Bienia wrote: Hello, does signing with the OpenPGP card only work with SHA1 as digest-algo? With SHA1 and RIPEMD160 gpg asks for the PIN but only SHA1 generates a working signature. Trying RIPEMD160 I get: | gpg: checking created signature failed: bad signature | gpg: signing failed: bad signature | gpg: signing failed: bad signature From the basiccard website I read that it only supports sha-1, so this might be true. I noticed the same just recently. It might be nice to have some sort of hybrid setup... half the signature generated on card half on the host, but that would probably have a huge impact on both the openpgp smartcard protocal and gnupg and the software on the card. Michael ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 PGP Key fingerprint = 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end. -- Douglas Adams ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: building gnupg-1.9.20 on macos
Charly Avital wrote: Thanks for the information. I have never succeeded to build gpg 1.9.xx on MacOS, in spite of help and tips from WK, so I gave it up. If you are kind enough to keep posting your findings and tips, I shall be very grateful. Charly Well, everything seems to work as expected but: 1- I had to build a wrapper script for gpg for use in enigmail to source the .gpg-agent-env file I had the agent write. For some reason, on Linux enigmail/thunderbird strips the required variables from gpg's environment, of course on MacOS those vars were never there. This is minor compared to the next thing. Still, not being able to statically configure the socket for gpg-agent is a nuisance. 2- pinentry. When I start the gpg-agent in a Terminal (from .bashrc/.bash_profile) I usually get a pinentry-cucrus prompt in that window, but not when enigmail starts gpg. Since there is no native gui pinentry (yet?) I'd love to be able to force gpg-agent to _allways_ use one tty for pinentry, no matter what. For now I've decided that the second issue is a 'show stopper' for implementing gpg-agent based login auth with MacOS. I have to choose between gpg-agent and decrypting/signing e-mail, and mail functionality won. So I guess the next thing on the list for me is finding some way around the second issue. ps. I've not tested gpgsm in any way on MacOS. I see it's there, I just haven't done anything with it (nor will I do so any time soon). MacOS 10.4.5 - MacGPG 1.4.3rc1 Remco Post wrote the following on 3/8/06 4:46 PM: Hi all, [snip] -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 PGP Key fingerprint = 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end. -- Douglas Adams ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpg-agent cache
Hi all, I just build gpg-agent from the 1.9.20 source-tree. Everything seems to work as expected for both signing and even ssh authentication apart from the passphrase cache. I've started gpg-agent with: /usr/local/bin/gpg-agent --use-standard-socket --pinentry-program /usr/bin/pinentry-gtk-2 --default-cache-ttl 1800 --default-cache-ttl-ssh 900 --enable-ssh-support --write-env-file $HOME/.gpg-agent-info --daemon --sh /usr/bin/fvwm2 and added the use-agent option to my config file. No problem (well ok enigmail is a bit of a pain), apart from the fact that caching doesn't seem to work. Each time I sign some mail or log in I'm prompted for my pin... What am I missing, and/or how can I maybe see why gpg-agent keeps on prompting for my pin? -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 PGP Key fingerprint = 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end. -- Douglas Adams ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
building gnupg-1.9.20 on macos
Hi all, I've just successfully build gpg 1.9.20 on macos libksba requiters one small patch (the reverse patch is:) diff -ur libksba-0.9.12/gl/Makefile.in /Users/remco/src/libksba-0.9.12/gl/Makefile.in --- libksba-0.9.12/gl/Makefile.in 2006-03-08 21:46:25.0 +0100 +++ /Users/remco/src/libksba-0.9.12/gl/Makefile.in 2005-08-01 17:15:04.0 +0200 @@ -64,7 +64,7 @@ CONFIG_CLEAN_FILES = LTLIBRARIES = $(noinst_LTLIBRARIES) libgnu_la_DEPENDENCIES = @LTLIBOBJS@ @LTALLOCA@ -am_libgnu_la_OBJECTS = alloca.lo +am_libgnu_la_OBJECTS = libgnu_la_OBJECTS = $(am_libgnu_la_OBJECTS) DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) depcomp = tools/Makefile.in on gnupg also requires one patch, gpg-connect-agent depends on pth but does not have $(PTH_LIBS) in the LDD_ADD statement: pipmac:~/src/gnupg-1.9.20/tools remco$ diff -u Makefile.in Makefile.in.remco --- Makefile.in 2005-12-20 10:49:35.0 +0100 +++ Makefile.in.remco 2006-03-08 22:38:15.0 +0100 @@ -406,7 +406,7 @@ gpg_connect_agent_SOURCES = gpg-connect-agent.c no-libgcrypt.c gpg_connect_agent_LDADD = ../jnlib/libjnlib.a \ ../common/libcommon.a ../gl/libgnu.a \ - $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) $(LIBINTL) + $(PTH_LIBS) $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) $(LIBINTL) gpgkey2ssh_SOURCES = gpgkey2ssh.c gpgkey2ssh_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) now... I have no usefull output from ssh-add -l yet, but 'make check' is successfull... -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 PGP Key fingerprint = 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end. -- Douglas Adams ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
