from:"Richard"

Sirs.

2024-05-02 Thread Richard Bostrom via Gnupg-users

Clearsign not working on new debian install. NisT-P21.
encryption/ decryption works. Hej.

Yours sincerely
Richardh Bostrom___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

No secret key

2024-03-04 Thread Richard Bostrom via Gnupg-users

Sirs and ladie!

I received this message when using --clear-sign.
gpg: no default secret key: No secret key
gpg: clear-sign dialed: No secret key

Both my public and private key has been imported.
The key was made with a different user (as sudo)The current user is a non-sudo 
user.

Yours truly
Richardh Bostrom

Sent with [Proton Mail](https://proton.me/) secure email.___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Public Key

2023-02-26 Thread Richard Bostrom via Gnupg-users

Dear sirs and ladies!

May I please ask why some 4096 bit keys are longer then others?

Richard Stallmans key is much longer then my 4096 bit key.

Thank you.

Best regards

Richardh Bostrom

Sent with [Proton Mail](https://proton.me/) secure email.___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Estonian e-residency

2017-02-08 Thread Richard Ulrich



Am Dienstag, den 07.02.2017, 11:33 + schrieb Andrew Gallagher:
> On 06/02/17 09:37, Richard Ulrich wrote:
> > 
> > So we sometimes resort to keybase.io. There the key is verified by 
> > some social media. Sure, if the social media profile have existed 
> > for some years and have some legitimate looking interactions, it is
> > a good indicator that its not a face account. But still, I would 
> > trust a government verification more than social media.
> keybase.io is a great idea. But its main use is to tie a PGP key to a
> social media account or accounts that act as a surrogate web of trust
> (by being referenced in multiple independent places by hopefully
> reputable third parties). But if your correspondent's social network
> does not overlap with yours, again I'm not sure much value is added.
Every piece adds to the probability of the key being valid.

> > For example I bought a car last week with Bitcoin. The person that 
> > handled the payment for the seller was not present, but gave me
> > his 
> > keybase.io user name on the phone. He signed the email containing 
> > the Bitcoin address for the payments with his GPG key. He didn't 
> > have any signatures on his key.
> I'm not sure I would have the cojones to follow through with this
> deal,
> signatures or no. ;-)
> 
> > 
> > In this scenario I'm grateful for every piece of validation to give
> > the key more credibility.
> In a scenario where you do not know the intermediary, the only
> meaningful validation is whether the vendor vouches for both the
> intermediary's person and key. The fact that the intermediary
> offers you *an* identity doesn't mean you are validating the correct
> identity.
He is the business partner of the son of the seller. The son was
present and wrote the info down for me.

> If for example he had given you a key signed by a Russian government
> agency, would you have had more confidence? Granted, you like (and
> obviously trust to some extent) the Estonian e-ID system. Others
> might
> not have so much faith.
> 
> Sorry if I'm coming across as a little harsh, but you are proposing
> spending hard cash and I'd hate to see you do so and not get your
> money's worth. By all means, get an e-ID for the fun, for experiment,
> or to start up a company. But signing PGP keys with it is non-
> standard,
> and it's hard enough to convince most people to verify
> keys via standard methods.
> 
> The problem with any PKI (which we still haven't cracked) is that the
> motivation to get your key signed is "How do I prove my identity to
> others", while the motivation of the person verifying the key is "To
> what extent should I trust this person". And unfortunately, the two
> questions are far from equivalent.
Usually the prove of identity is done with government issued IDs. So
the estonian e-residency smart card is not so much different in that
regard.
Of course it would be better if every country issued something like
that to its citizens. And even better if that was compatible with GPG.
But until that happens we might have to improvise sometimes.
There is also SuisseID somehow similar, but the cost is so high that
nobody is interested. 

Rgds
Richard

> 
> A
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc
Description: This is a digitally signed message part
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Estonian e-residency

2017-02-06 Thread Richard Ulrich

Hi Andrew,

of course it is better to directly sign the key.
And it is also better if there is a short path in the web of trust.
But my use case is for when there is no path at all in the web of
trust.

Most people I know don't even have a GPG key. And of the ones that have
a key, chances are high that they don't have any signatures on it.

So we sometimes resort to keybase.io. There the key is verified by some
social media. Sure, if the social media profile have existed for some
years and have some legitimate looking interactions, it is a good
indicator that its not a face account.
But still, I would trust a government verification more than social
media.

For example I bought a car last week with Bitcoin. The person that
handled the payment for the seller was not present, but gave me his
keybase.io user name on the phone. He signed the email containing the
Bitcoin address for the payments with his GPG key.
He didn't have any signatures on his key. 
In this scenario I'm grateful for every piece of validation to give the
key more credibility.

Rgds
Richard

Am Donnerstag, den 02.02.2017, 13:42 + schrieb Andrew Gallagher:
> On 02/02/17 12:02, Richard Ulrich wrote:
> > 
> > I thought about applying for Estonian e-residency for the sole
> > reason of adding credibility to my GPG key. My idea would be to
> > sign
> > my GPG key with the ID card. This could give people who are not in
> > my web of trust a head start.
> Which particular people? And a head start at doing what?
> 
> AIUI the e-residency signature is not PGP-compatible, so people will
> need to verify it using a separate tool. And once I have verified
> your
> e-residency signature, what does it mean to me? At best, it tells me
> that you are one of possibly many people known to the Estonian
> Government as "Richard Ulrich". Unless I have already dealt with you
> elsewhere via your Estonian ID, how does this help me?
> 
> What particular problem are you trying to solve? It seems to me that
> unless you are going to use your E-identity for some other purpose,
> tying your GPG key to it adds little value. You say your sole reason
> for applying for e-residency is to add "credibility" to your existing
> key. But how is asking the Estonian government to verify your
> passport
> more credible than producing your passport at a keysigning party? Or
> better still, showing it to the actual person you want to talk to?
> 
> Andrew.
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc
Description: This is a digitally signed message part
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gnupg website

2017-01-30 Thread Richard Höchenberger

Hi,

On Mon, Jan 30, 2017 at 7:54 AM, Glenn Rempe <gl...@rempe.us> wrote:

> I believe all Safari and iOS users are excluded from
> gnupg.org without action on the TLS setup.
>

I can confirm that Safari won't open https://gnupg.org/ on macOS 10.12.3.
Very frustrating indeed!

Best,

Richard
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Proof for a creation date

2016-12-30 Thread Richard Ulrich

Hi Bertram,

sorry for the late answer. 
Blockchain was mentioned in some answers, but nothing in concrete.
Check this out:
https://github.com/opentimestamps

Rgds
Richard

Am Freitag, den 02.12.2016, 03:12 +0100 schrieb Bertram Scharpf:
> Hi,
> 
> we all know that kidnappers do publish a picture of their
> hostage holding up a todays newpaper. The purpose of this is
> to proof that the victim was alive _after_ a certain point
> of time. I want to do the opposite. I want to make evidence
> that I created a document _before_ a certain point of time.
> 
> I could use self-darkening ink but that won't be reflected
> in a JPEG scan and my pen won't make the job that TeX does.
> I could sign a newspapers home page but that cannot be
> reproduced at a later point of time to verify the signature.
> 
> Is there a standard way in GnuPG and in the keyholder
> infrastructure to accomplish this task?
> 
> Thanks in advance.
> 
> Bertram
> 
> 

signature.asc
Description: This is a digitally signed message part
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Terminology - certificate or key ?

2016-10-03 Thread Richard Höchenberger

On Mon, Oct 3, 2016 at 4:14 PM, Werner Koch <w...@gnupg.org> wrote:
> Here are two padlocks:
>
>   
> <https://de.wikipedia.org/wiki/Vorh%C3%A4ngeschloss#/media/File:3_Vorhangschloesser.jpg>
>
> We would call the left one a "normales Vorhangeschloss" (simple
> padlock).  But the middle one is known as a "Schappschloss" - referring
> to the feature that you do not need a key to lock it.

Growing up in (East) Germany myself, I've never, ever, heard or read
this word before. I always assumed all padlocks would lock without a
key, hence be "Schnappschlösser". Never seen or handled anything else.
:) But maybe I'm simply too young, the padlock-without-Schnappschloss
type appears to be kind of ancient?

Cheers,

Richard

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GPG and Mailinglists using IBCPRE

2016-07-17 Thread Richard Höchenberger

Hi,

we've been using Schleuder2 for many years now, and it has always
worked flawlessly on a medium-traffic mailing list as long as everyone
used OpenPGP/MIME. Inline PGP will cause trouble from time to time.

Richard

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: managing OpenPGP cards in batch mode?

2016-05-04 Thread Richard Höchenberger

On Wed, May 4, 2016 at 9:12 PM, Dashamir Hoxha  wrote:
> I do not advertise, I expess my opinion.

Please keep you it to yourself, then. Your provocative,
passive-aggressive communication style is outrageous and
disrespectful.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

gpg and smartcard on ubuntu 16.04

2016-04-27 Thread Richard Ulrich

I didn't read this list for a while, so forgive me if this was
discussed before.

For many years I have used gpg and gpg-agent with ssh support with an
OpenPGP smartcard. 
On every ubuntu upgrade I had to fiddle a little bit to have gpg-agent
act for ssh auth. No big deal usually.

But this time, after the usual fiddling, I have it working nicely for
ssh and evolution. But now it's the direct usage of gpg on the command
line that is giving me a hard time. This aspect always worked out of
the box so far.

I use the stock versions from the ubuntu 16.04 repository:
gnupg  1.4.20-1ubuntu3
gnupg2 2.1.11-6ubuntu2
gnupg-agent 2.1.11-6ubuntu2
scdaemon 2.1.11-6ubuntu2

In ~/.bashrc I terminate gpg-agent if it was started without ssh
support, and start it again with:
/usr/bin/gpg-agent --daemon --enable-ssh-support  > /dev/null

Now if I want to decrypt a file:

gpg -d Dokumente/somefile.txt.gpg 
gpg: Anonymer Empfänger; Versuch mit geheimem Schlüssel 0AAA …
gpg: pcsc_list_readers failed: unknown PC/SC error code (0x8010002e)
gpg: Kartenleser ist nicht vorhanden

gpg --use-agent -d Dokumente/somefile.txt.gpg 
gpg: Anonymer Empfänger;
Versuch mit geheimem Schlüssel 0AAA …
gpg: pcsc_list_readers failed:
unknown PC/SC error code (0x8010002e)
gpg: Kartenleser ist nicht
vorhanden

gpg2 -d Dokumente/somefile.txt.gpg 
gpg: verschlüsselt mit RSA
Schlüssel, ID 
gpg: Entschlüsselung fehlgeschlagen: Kein
geheimer Schlüssel

gpg --card-status
gpg: pcsc_list_readers failed: unknown PC/SC error code (0x8010002e)
gpg: Kartenleser ist nicht vorhanden
gpg: OpenPGP Karte ist nicht vorhanden: Allgemeiner Fehler

gpg2 --card-status
Reader ...: ...
Application ID ...: ...
Version ..: 2.0
Manufacturer .: ZeitControl

All this was never a problem until now.
Are there any tricks to get the interfacing with smartcards working smoother 
again?

If I powercycle the smartcard, and kill scdaemon, It will first ask me for the 
other smart card that contains the master key. If I don't provide this, I could 
not figure out how to decrypt the file. 
The only way was to plugin in that other smart card, and have gpg find out that 
this is not the one we need. Then it asks me to plug in the card that I indeed 
need. Now I can enter the pin, but strangely in the console, and not the 
pinentry window. With this awkward workflow I am able to decrypt the file.

Rgds
Richard


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Single GPG key and multiple yubikeys

2016-02-25 Thread Richard Genthner

Yeah, what I'm hoping to do is be able to carry my card with me and jump 
on a terminal while traveling and sign and login to things.



Peter Lebbing <mailto:pe...@digitalbrains.com>
February 25, 2016 at 9:56 AM


gpg --delete-secret-keys XXX

But don't do this when your primary key is on-disk, only do this when 
all your secret key material is stubs.


Note that it is very impractical to regularly use two smartcards on 
the same computer because of all this. You should probably stick to 
using a single smartcard on any single computer.


HTH,

Peter.

Kristian Fiskerstrand <mailto:kristian.fiskerstr...@sumptuouscapital.com>
February 25, 2016 at 9:48 AM
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Delete the stubs and do gpg --card-status to learn of the new smartcard


- -- 
- 

Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
- 
Public OpenPGP key at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- 
Aquila non capit muscas
The eagle does not hunt flies
-BEGIN PGP SIGNATURE-

iQEcBAEBCgAGBQJWzxQsAAoJECULev7WN52FVoIIAMSkMuc0/v01e9qHYsC7GL+K
eVbUBKtZlmOQIhigVs9dU5hXYVMs9kGLDkCmPQJ8M38VzkpELtwOXUiZq7Bm/4rn
5NEvzL+PBbHfYo+yAn5ddhUv/usQP3dxVjKNDAF7vsf7arETiddDcuz3xJ6xdDaJ
A3DlqfTAMqzZaOi0iSMMniXcyn/YsMzoB+WXF0FAKzWZQRuh/BOdfV9h/jZTRShe
4WKP26KBwCKViJQGfOzdwIfsSUG54eCh5nL+sMmkBBR942hDQceLcJtw1QRLZc5e
0lZqQrVHciJRSOClL4Tr8T5lp2dlVGVb2QepMfsFZNX1JXVBqkgCnBCId/EIxKQ=
=xZws
-END PGP SIGNATURE-
Richard Genthner <mailto:richard.genth...@wheniwork.com>
February 25, 2016 at 9:44 AM
How do I delete the stubs with out deleting key? and when I do gpg 
--card-status never updates the application id.



Richard Genthner <mailto:richard.genth...@wheniwork.com>
February 25, 2016 at 8:38 AM
So I have a single gpg key for work with 3 sub keys. I have copied it 
to a yubikey nano just fine. Removed the yubi and removed my gpg key 
and then reimported the gpg key and inserted yubikey number two and 
did keytocard again for the second yubikey. When ever I do


ssh -l git github.com

gpg-agent[99732]: chan_10 -> SETDESC Please remove the current card 
and insert the one with serial number:%0A%0A  
"D276000124010201000604163260"


--
Richard Genthner

Sr DevOps Engineer

When I Work, Inc. <http://www.wheniwork.com/>

St Paul, MN


Meet Sam <https://www.youtube.com/watch?v=AQ4NuyrZTPc>orGet a free 
T-Shirt here. 
<http://bit.ly/1ENa2Hv><https://www.postbox-inc.com/?utm_source=email_medium=siglink_campaign=reach>
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Single GPG key and multiple yubikeys

2016-02-25 Thread Richard Genthner

How do I delete the stubs with out deleting key? and when I do gpg 
--card-status never updates the application id.



Kristian Fiskerstrand <mailto:kristian.fiskerstr...@sumptuouscapital.com>
February 25, 2016 at 9:48 AM
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Delete the stubs and do gpg --card-status to learn of the new smartcard


- -- 
- 

Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
- 
Public OpenPGP key at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- 
Aquila non capit muscas
The eagle does not hunt flies
-BEGIN PGP SIGNATURE-

iQEcBAEBCgAGBQJWzxQsAAoJECULev7WN52FVoIIAMSkMuc0/v01e9qHYsC7GL+K
eVbUBKtZlmOQIhigVs9dU5hXYVMs9kGLDkCmPQJ8M38VzkpELtwOXUiZq7Bm/4rn
5NEvzL+PBbHfYo+yAn5ddhUv/usQP3dxVjKNDAF7vsf7arETiddDcuz3xJ6xdDaJ
A3DlqfTAMqzZaOi0iSMMniXcyn/YsMzoB+WXF0FAKzWZQRuh/BOdfV9h/jZTRShe
4WKP26KBwCKViJQGfOzdwIfsSUG54eCh5nL+sMmkBBR942hDQceLcJtw1QRLZc5e
0lZqQrVHciJRSOClL4Tr8T5lp2dlVGVb2QepMfsFZNX1JXVBqkgCnBCId/EIxKQ=
=xZws
-END PGP SIGNATURE-


--
Richard Genthner

Sr DevOps Engineer

When I Work, Inc. <http://www.wheniwork.com/>

St Paul, MN


Meet Sam <https://www.youtube.com/watch?v=AQ4NuyrZTPc>orGet a free 
T-Shirt here. 
<http://bit.ly/1ENa2Hv><https://www.postbox-inc.com/?utm_source=email_medium=siglink_campaign=reach>
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Single GPG key and multiple yubikeys

2016-02-25 Thread Richard Genthner

So I have a single gpg key for work with 3 sub keys. I have copied it to 
a yubikey nano just fine. Removed the yubi and removed my gpg key and 
then reimported the gpg key and inserted yubikey number two and did 
keytocard again for the second yubikey. When ever I do


ssh -l git github.com

gpg-agent[99732]: chan_10 -> SETDESC Please remove the current card and 
insert the one with serial number:%0A%0A  "D276000124010201000604163260"


which is the nano. It seems that even killing the gpg-agent and 
inserting the other yubikey doesn't seem to work. Suggestions?



--
Richard Genthner

Sr DevOps Engineer

When I Work, Inc. <http://www.wheniwork.com/>

St Paul, MN


Meet Sam <https://www.youtube.com/watch?v=AQ4NuyrZTPc>orGet a free 
T-Shirt here. 
<http://bit.ly/1ENa2Hv><https://www.postbox-inc.com/?utm_source=email_medium=siglink_campaign=reach>
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Unsubscription Request (was: Re: How to get your first key signed)

2015-10-04 Thread Richard Höchenberger

Hello Peter,

On Sun, Oct 4, 2015 at 9:55 PM, Peter Lebbing <pe...@digitalbrains.com>
wrote:

> I personally
> find this statement disrespectful to the people who tried to help miss
> Lynn,
> when she is not very approachable and offers no more explanation as to
> why she can't just unsubscribe than the following
>

you certainly got a point there. My apologies to anyone who may have felt
insulted. Nevertheless, it can be extremely hard for a not-so-tech-savvy
person to provide a good description of the exact problems they are
encountering. A possible explanation for her weak responsiveness could be
that she was simply overwhelmed by the amount of (undesired) email flooding
her inbox. Who knows. And while I usually always prefer helping people to
help themselves (as you and others did), this approach was undoubtedly
unfruitful here over the course of several weeks. Remote support can be a
very tricky and time-consuming endeavor :) At any rate, thanks to all who
were trying to help. Still, I'm hoping some moderator or admin could simply
remove her address from the list.

Richard
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Unsubscription Request (was: Re: How to get your first key signed)

2015-10-04 Thread Richard Höchenberger

Hello everyone,

On Sat, Oct 3, 2015 at 8:23 PM, Crissy Lynn <misscrissyl...@gmail.com>
wrote:

> Please! For the 600th time! REMOVE ME FROM THIS MAILING LIST!


so for whatever reason, this user is obviously unable to successfully
unsubscribe from this mailing list. Will not any of the list
admins/moderators have mercy and remove her email address from the list? I
find the repeated explanations of how to unsubscribe extremely unhelpful,
bordering to disrespect, since it does not provide the kind of help this
users needs. You told her "601 times", she somehow failed equally often, is
unable to comply, so please HELP her already and remove that email address!

Richard
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG 2.0.27 stable released

2015-02-19 Thread Richard Stallman

[[[ To any NSA and FBI agents reading my email: please consider]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

Congratulations on the new release.

-- 
Dr Richard Stallman
President, Free Software Foundation
51 Franklin St
Boston MA 02110
USA
www.fsf.org  www.gnu.org
Skype: No way! See stallman.org/skype.html.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Help need to use truecryt + openpgp applet.

2015-02-19 Thread Richard Ulrich

Hi Ranjini,

Does it have to be truecrypt?
LUKS works very well with OpenPGP SmartCards or JavaApplets implementing
it (e.g. YubiKey NEO).
Just follow the steps in this blog post:
https://blog.kumina.nl/2010/07/two-factor-luks-using-ubuntu

Rgds
Richard

Am Donnerstag, den 19.02.2015, 13:53 +0530 schrieb Ranjini H.K:
 Thanks Pete Stephenson.
 Yes my java card supports PKCS#11. Am not so sure about OpenPGP applet.
 What should i do othercase To make my OpenPGP applet support PKCS#11.
 
 Ranjini HK
 
 Software Engineer - Tyfone, Inc.
 
 Bangalore
 www.tyfone.com
 
 Mobile: +91-9886262192
 
 On Thu, Feb 19, 2015 at 1:46 PM, Pete Stephenson p...@heypete.com wrote:
 
  On Thu, Feb 19, 2015 at 5:53 AM, Ranjini H.K ranjin...@tyfone.com wrote:
   Hi all,
  
   Am trying to implement disk encryption/decryption using truecrypt with
   security token support. I have a java card with openPGP applet loaded on
  to
   it. Inspite of configuring truecrypt to use the security token, its not
   finding it and notififng me with an error saying : security token error
   FUNCTION NOT SUPPORTED .
 
  Considering the way it was abandoned by its developers, TrueCrypt is
  probably not the best choice going forward.
 
  That said, TrueCrypt only supports smartcards that use PKCS #11
  libraries. Does the JavaCard you're using support PKCS #11? Does the
  OpenPGP applet?
 
  --
  Pete Stephenson
 
 ___
 Gnupg-users mailing list
 Gnupg-users@gnupg.org
 http://lists.gnupg.org/mailman/listinfo/gnupg-users



signature.asc
Description: This is a digitally signed message part
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: setting env vars for gpg-agent

2014-09-15 Thread Richard Ulrich

Hi Werner,

So, I replaced my content in .bashrc with yours, but the behavior is
still exactly the same.
* ssh smartcard auth works accross different terminals. (so the agent
must be functional)
* evolution signiging works only if started from the terminal, even if I
comment out the line : if [ $PS1 ]; then
* enigform in firefox doesn't sign the headers.

I did not understand the last paragraph with gpg-connect-agent /bye.
But since the ssh part is working, I don't think that's necessary.

Rgds
Richard

Am Sonntag, den 14.09.2014, 11:31 +0200 schrieb Werner Koch:
 On Sat, 13 Sep 2014 22:02, ricu...@gmail.com said:
  After gpg-agent stopped to work for ssh auth from OpenPGP smartcard
  after some ubuntu upgrade a while back, I launch it and set the env
  variables in ~/.bashrc. 
 
 I suggest to lauch gpg-agent on the fly: Add
 
 use-standard-socket
 
 to ~/.gnupg/gpg-agent.conf and remove all settings of GPG_AGENT_INFO.  I
 use this in my ~/.bashrc :
 
 --8---cut here---start-8---
 # If running interactively, then:
 if [ $PS1 ]; then
 
 # Setup information required by GnuPG and ssh.  We use the standard
 # socket in GnuPG's homedir, thus there is no need for an
 # environment variable.  We reset any left over envvar.
 # SSH_AGENT_PID should not be set either because it is only used to
 # kill ssh-agent (option -k) but we don't want this to kill
 # gpg-agent.  Because ssh does not know about GnuPG's homedir we
 # need to set its envvar to gpg-agent's ssh socket.  GPG_TTY needs
 # to be set to the current TTY.  The extra test is used to avoid
 # setting SSH_AUTH_SOCK if gpg-agent has been started with the
 # shell on the command line (often used for testing).
 unset GPG_AGENT_INFO
 unset SSH_AGENT_PID
 if [ ${gnupg_SSH_AUTH_SOCK_by:-0} -ne $$ ]; then
   export SSH_AUTH_SOCK=${HOME}/.gnupg/S.gpg-agent.ssh
 fi
 fi
 
 export GPG_TTY=$(tty)
 --8---cut here---end---8---
 
 If you want to use gpg-agent's ssh-agent implementaion, you need to make
 sure that gpg-agent is started (becuase ssh does not know how to start
 gpg-agent).  You may do this with gpg-connect-agent /bye
 
 This works since 2.0.16 released 4 years ago.  Recent veNote that if you
 have ~/.gnupg on some remote file system, this may not work.
 
 
 
 Salam-Shalom,
 
Werner
 
 



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: setting env vars for gpg-agent

2014-09-15 Thread Richard Ulrich

Hi Werner,

I just discovered that signing deb packages is not as smooth as before. 

* If I have an active gpg-agent session, it fails with the following
error:
clearsign failed: Allgemeiner Fehler

* If I reinsert the card, I get thw following :
gpg: GPG-Agent ist in dieser Sitzung nicht vorhanden
Geben Sie die PIN ein:
Then I have to enter the pin twice in the terminal. In all other
instances so far it was always in the graphical pinentry dialog.

I can verify, that gpg-agent is still running, and still working for
ssh. 

But for regular gpg operation I discovered also other problems:

$ gpg -d mhs_paraeasy_ch.txt.gpg 
gpg: Anonymer Empfänger; Versuch mit geheimem Schlüssel 0xx …
Bitte entfernen Sie die Karte und legen stattdessen die Karte mit
folgender Seriennummer ein:
   D27xxx
Drücken Sie 'Eingabe' wenn fertig; oder drücken Sie 'c' um abzubrechen:

All this worked with the previous content in .bashrc.


Rgds
Richard

Am Montag, den 15.09.2014, 21:17 +0200 schrieb Richard Ulrich:
 Hi Werner,
 
 So, I replaced my content in .bashrc with yours, but the behavior is
 still exactly the same.
 * ssh smartcard auth works accross different terminals. (so the agent
 must be functional)
 * evolution signiging works only if started from the terminal, even if I
 comment out the line : if [ $PS1 ]; then
 * enigform in firefox doesn't sign the headers.
 
 I did not understand the last paragraph with gpg-connect-agent /bye.
 But since the ssh part is working, I don't think that's necessary.
 
 Rgds
 Richard
 
 Am Sonntag, den 14.09.2014, 11:31 +0200 schrieb Werner Koch:
  On Sat, 13 Sep 2014 22:02, ricu...@gmail.com said:
   After gpg-agent stopped to work for ssh auth from OpenPGP smartcard
   after some ubuntu upgrade a while back, I launch it and set the env
   variables in ~/.bashrc. 
  
  I suggest to lauch gpg-agent on the fly: Add
  
  use-standard-socket
  
  to ~/.gnupg/gpg-agent.conf and remove all settings of GPG_AGENT_INFO.  I
  use this in my ~/.bashrc :
  
  --8---cut here---start-8---
  # If running interactively, then:
  if [ $PS1 ]; then
  
  # Setup information required by GnuPG and ssh.  We use the standard
  # socket in GnuPG's homedir, thus there is no need for an
  # environment variable.  We reset any left over envvar.
  # SSH_AGENT_PID should not be set either because it is only used to
  # kill ssh-agent (option -k) but we don't want this to kill
  # gpg-agent.  Because ssh does not know about GnuPG's homedir we
  # need to set its envvar to gpg-agent's ssh socket.  GPG_TTY needs
  # to be set to the current TTY.  The extra test is used to avoid
  # setting SSH_AUTH_SOCK if gpg-agent has been started with the
  # shell on the command line (often used for testing).
  unset GPG_AGENT_INFO
  unset SSH_AGENT_PID
  if [ ${gnupg_SSH_AUTH_SOCK_by:-0} -ne $$ ]; then
export SSH_AUTH_SOCK=${HOME}/.gnupg/S.gpg-agent.ssh
  fi
  fi
  
  export GPG_TTY=$(tty)
  --8---cut here---end---8---
  
  If you want to use gpg-agent's ssh-agent implementaion, you need to make
  sure that gpg-agent is started (becuase ssh does not know how to start
  gpg-agent).  You may do this with gpg-connect-agent /bye
  
  This works since 2.0.16 released 4 years ago.  Recent veNote that if you
  have ~/.gnupg on some remote file system, this may not work.
  
  
  
  Salam-Shalom,
  
 Werner
  
  
 



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

setting env vars for gpg-agent

2014-09-13 Thread Richard Ulrich

After gpg-agent stopped to work for ssh auth from OpenPGP smartcard
after some ubuntu upgrade a while back, I launch it and set the env
variables in ~/.bashrc. 
Since then I have to launch evolution from the terminal to have gnupg
correctly work with it. But even if I launch firefox from the terminal,
it doesn't seem to get the settings for enigform. 
Where would be a better place for that. The gnupg docs suggest
~/.xsession. But that file didn't exist on my machine, 
 and since unity is not based on X11 I doubth that it is read at all. In
fact, I just copied the relevant lines from my .bashrc to .xsession and
it didn't work neither for evolution nor for firefox.
Also ~/.profile doesn't seem to be the right place, as it just
calls .bashrc

These are my lines in .bashrc:

# If the agent is not already running, start it
if ! ps aux | grep -q [e]nable-ssh-support; then
/usr/bin/gpg-agent --daemon --enable-ssh-support --write-env-file
${HOME}/.gpg-agent-info  /dev/null
fi;

#And then read info back
eval $(cat $HOME/.gpg-agent-info)  /dev/null

And here is the documentation I was referring to:
https://www.gnupg.org/documentation/manuals/gnupg/Invoking-GPG_002dAGENT.html

So, where should I put those lines for that firefox receives the correct
env vars?

Rgds
Richard



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

So on so forth

2014-08-15 Thread Richard Outerbridge

Still waiting for my email address, yet my blackphone is already in
my hands.  Keep up the good work.

I’m not going to bother with 2.1 until the Mac guyz come to their
senses about not forking the crypto.  Could be a long wait.

On 2014-08-14 (226), at 11:57:06, Werner Koch w...@gnupg.org wrote:
__outer

 Hello!
 
 I just released the sixth *beta* version of GnuPG *2.1*.  It has been
 released to give you the opportunity to check out new features and to
 help fixing bugs.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

using different encryption key in evolution

2014-07-10 Thread Richard Ulrich

I realize, this question is more related to evolution than gpg directly,
but people here might know better than in an evolution mailing list
(which I'm not subscribed anyway).

Suppose a company has a mail address that is distributed among a group
of employees. E.g. if I send a mail to sa...@compa.ny that mail is
forwarded to al...@compa.ny and b...@compa.ny.

Now I want to send an encrypted mail to sa...@compa.ny, but there is no
gpg key to that address. Instead I find keys for some people that will
finally get the mail. 

Is there a way in evolution to explicitly state which encryption keys to
use?
Judging from the gpg manpage, it could be done on the commandline, but
that would be difficult to then send as a regular email, I guess.

Rgds
Richard


signature.asc
Description: This is a digitally signed message part
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Order of keys attempted to decrypt

2014-06-18 Thread Richard Ulrich

I have my private sub keys on a smart card, and up until recently
decrypting was always fine.
Then I found out that for signing other people's keys, I need to have
the primary private key available. So I put it on a second smart card as
described here:
http://gnupg.10057.n7.nabble.com/Issues-with-primary-key-amp-subkeys-on-different-smartcards-td32228.html
Now decryption still works, but with a small hiccup: 

$ gpg -d test.txt.gpg 
gpg: Anonymer Empfänger; Versuch mit geheimem Schlüssel 0AE275A9 …
gpg: sending command `SCD PKDECRYPT' to agent failed: ec=6.91
gpg: Anonymer Empfänger; Versuch mit geheimem Schlüssel 8760DB3E …
gpg: Alles klar, wir sind der ungenannte Empfänger.
gpg: verschlüsselt mit RSA Schlüssel, ID 

It first tries to decrypt using the primary key. And since the card with
the primary key is not plugged in, it outputs an error, before it tries
the sub key that succeeds.
I tried using the -r option to specify the key to use, but it was
seemingly ignored.

Is there a way to specify which key to try first?

The problem I have at the moment ist that some scripts fail probably
because the error that is output.
For example, it never reaches line 43 of the following script since I
have the stub for the primary key: 
https://github.com/ulrichard/locally_encrypted_remote_storage/blob/master/open_locally_encrypted_remote_storage.sh

Rgds
Richard


PS: out of curiosity: What does the ID  mean in the output
from gpg : 
gpg: verschlüsselt mit RSA Schlüssel, ID 



signature.asc
Description: This is a digitally signed message part
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] GnuPG launches crowdfunding campaign

2013-12-19 Thread Richard Ulrich

As this is about a crypto project, wouldn't it be adequate to accept
payments in crypto currencies?

Rgds
Richard

On Don, 2013-12-19 at 11:08 +0100, Werner Koch wrote:
 GnuPG encryption project launches crowdfunding campaign
 
 Today GNU Privacy Guard (GnuPG) has launched its first crowdfunding
 campaign [1] with the aim of building a new website and long term
 infrastructure. The 24.000 EUR target will fund:
 
   - Fresh web interfaces for gnupg.org including mobile
   - Completion and release of GnuPG 2.1
   - Anonymous Tor network access to the website
   - A new user friendly download page suitable for all devices
   - A new server for web services
   - New pages convening external guides, videos, and handbooks
   - Facilities for processing recurring donations for long
 term project support
 
 Project founder and Lead Developer Werner Koch said “GnuPG has
 seen a huge upsurge in popularity following recent state spying
 revelations. After 16 years of continuous development, we are now
 asking for community support to capitalise on consumer demand for
 privacy, and make GnuPG easy to access for mainstream audiences”.
 
 GnuPG is one of the few tools remaining above suspicion in the wake
 of leaked NSA documents. Edward Snowden and his contacts including
 Bruce Schneier switched to GnuPG when they began handling the secret
 documents earlier this year [2]. The Wall Street Journal, The
 Committee to Protect Journalists, and ProPublica [3] have all embraced
 GnuPG for protection of staff and sources. Phil Zimmermann, original
 inventor of Pretty Good Privacy (PGP), has also moved to GnuPG in
 wake of the news.
 
 “GnuPG is a key part of modern privacy infrastructure” said Sam Tuke,
 Campaign Manager, GnuPG. “Millions of users rely on GnuPG to work
 securely on servers, laptops and smartphones, but 2013 donations
 totaling 3.000 EUR to date have not even covered fixed costs.
 Supporting new algorithms like elliptical curve and fixing newfound
 exploits fast takes a lot of work which is done voluntarily. Now is the
 time for people to contribute to making GnuPG slick and more sustainable
 in future”.
 
 Jacob Appelbaum, Tor Project developer, added “GnuPG is important - it
 allows us the assurances we need to do our work.  Community funding is a
 critical part of a confident outlook for GnuPG in future.”
 
 
 For further information, please contact Sam Tuke.
 Email: samtuke [at] gnupg.org
 Phone: +49 176 81923811
 
 
 [1] http://goteo.org/project/gnupg-new-website-and-infrastructure
 [2] 
 http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance
 [3] http://www.cjr.org/behind_the_news/hacks_hackers_security_for_jou.php
 
 == About GNU Privacy Guard ==
 
 GnuPG is a leading cryptography app that protects emails and data from
 interception. It is developed by a community of Free Software engineers
 led by Werner Koch. GnuPG is used and recommended by the world’s top
 security experts, including Bruce Schneier and Phil Zimmermann. It
 offers best in class privacy free of charge and restriction. Hundreds of
 companies have integrated GnuPG into their products to perform mission
 critical security, including Red Hat, Deutsche Bahn, and many others.
 
 http://gnupg.org
 
 



signature.asc
Description: This is a digitally signed message part
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: UK Guardian newspaper publishes USA NSA papers

2013-11-04 Thread Richard Ibbotson

On Monday 04 Nov 2013 21:07:01 Julian H. Stacey wrote:
 http://www.theguardian.com/world/interactive/2013/nov/01/snowden-nsa
 -files-surveillance-revelations-decoded

And in other news...

http://slashdot.org/topic/datacenter/google-chief-eric-schmidt-slams-nsa-for-tapping-datacenters/

Google Chief Eric Schmidt Slams NSA. 

-- 
Richard

https://twitter.com/SleepyPenguin1

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: UK Guardian newspaper publishes USA NSA papers

2013-11-04 Thread Richard Ibbotson

On Monday 04 Nov 2013 21:07:01 Julian H. Stacey wrote:
 http://www.theguardian.com/world/interactive/2013/nov/01/snowden-nsa
 -files-surveillance-revelations-decoded

And in other news...

http://slashdot.org/topic/datacenter/google-chief-eric-schmidt-slams-nsa-for-tapping-datacenters/

Google Chief Eric Schmidt Slams NSA.  I met him in North Korea once.  

-- 
Richard

https://twitter.com/SleepyPenguin1

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

enable-ssh-support not enabled after upgrade to ubuntu saucy (gpg 1.4.14)

2013-10-27 Thread Richard Ulrich

I set up ssh authentication a long time ago according to the second half
of this guide (with smartcard):
http://www.programmierecke.net/howto/gpg-ssh.html
It worked without an issue until I recently upgraded to Ubuntu 13.10.
After the upgrade I had to disable the gnome-keyring-ssh and
gnome-keyring-gpg as well as ssh-agent again, as I did after previous
upgrades.
The configuration for enable-ssh-support in ~/.gnupg/gpg-agent.conf was
still intact.
On another system where the whole stuff still works, ps aux | grep
gpg-agent shows only one instance with lots of options:
/usr/bin/gpg-agent --daemon --sh
--write-env-file=/home/richi/.gnupg/gpg-agent-info-quadulrich 
/usr/bin/dbus-launch --exit-with-session /usr/bin/im-launch gnome-session 
--session=ubuntu
But on this system, it shows 5 instances 4 with only --daemon and the
fifth with an additional --sh. 
If I type gpg-agent --daemon --enable-ssh-support and execute the
output in a terminal, I get an instance that works and handles the ssh
key authentication.

Is anybody here aware of some changes in this area, and knows how I need
to configure my system, to have it as seamless as before? More
specifically, what I need to do to have the gpg-agent started with all
these options?

Rgds
Richard


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] [security fix] GnuPG 1.4.14 released

2013-07-26 Thread Richard Outerbridge

Werner:

No problems.

MacBookPro9,1; Mountain Lion OS X 10.8.4 (12E55)
Xcode 4.6.3
__outer

On 2013-07-25 (206), at 06:26:55, Werner Koch w...@gnupg.org wrote:

 Hello!
 
 We are pleased to announce the availability of a new stable GnuPG-1
 release: Version 1.4.14.  This is a *security fix* release and all users
 of GnuPG  2.0 are advised to updated to this version.  See below for
 the impact of the problem.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] [security fix] Libgcrypt 1.5.3 released

2013-07-26 Thread Richard Outerbridge

Werner:

No problems.

MacBookPro9,1; Mountain Lion OS X 10.8.4 (12E55)
Xcode 4.6.3
__outer

On 2013-07-25 (206), at 05:53:33, Werner Koch w...@gnupg.org wrote:

 Hello!
 
 I am pleased to announce the availability of Libgcrypt version 1.5.3.
 This is a *security fix* release for the stable branch.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] GPA 0.9.4 released

2013-05-02 Thread Richard Outerbridge

-BEGIN PGP SIGNED MESSAGE-

w - does the new GPA work with win7-64?

or are you still waiting 4funding?

On 2013-05-01 (121), at 06:18:43, Werner Koch w...@gnupg.org wrote:
__outer

-BEGIN PGP SIGNATURE-
Version: 10.3.0.8741

wsBVAwUBUYGdRUJrWteExW9jAQGMLwgAurmlVYGmxQpKHso9C4MzjnVeoMnV+6aL
nA28FT/TlHHsDEHQZFSTtA9N7976qg08C7rPW7KNqe30eouIO49kLAACPLQDvCL1
vGiCqy36nfMwCnak8HHpFCYkEBHHnuDLClbfqwmi5tR9ucs+/5na2+z3iVPy7ZgU
LtNbvxSBcpsBhXwVBJyQf9aKTtdjHAT2QIzGFykVZ3x+a7SBIgCKHybJGsOjvj90
JihR5XU+5PPB2IriUkrUPeEFcQC6JXYzXxwIlISj/toqulTTMrokGRJXHfDeLwmI
OVlK3XhCUKwJ2IA/HfyFpZmt2psixMd5rfsWqoSYCLPJBGmMUnbI2g==
=Qal0
-END PGP SIGNATURE-

 Hello!
 
 We are pleased to announce GPA version 0.9.4.



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] Libgcrypt 1.5.1 released

2013-03-19 Thread Richard Outerbridge

Herr Koch:

No problems here: Mountain Lion OS X 10.8.3 (12D78), Xcode v4.6.1.

Some guidance on how to set up the HMAC256 self-checking correctly
might be of assistance.  hmac256 is built and installed, but it
doesn't seem to be invoked in order to generate the required files.
__outer

On 2013-03-18 (77), at 12:13:55, Werner Koch w...@gnupg.org wrote:

 ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.1.tar.bz2


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: OT: USB key with hardware encryption?

2012-12-02 Thread Richard Höchenberger

Apparently I just now figured out how to use Google ;) Found two flash
drives with built-in encryption  pinpad:

http://www.lok-it.net/
http://www.corsair.com/usb-drive/flash-padlock-2-usb-drive.html

Do you guys have any experience with one of these?

Best,

Richard

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

OT: USB key with hardware encryption?

2012-12-02 Thread Richard Höchenberger

Hello,

so, it happened again. Since I have neither a scanner nor printer at
home, I had to scan and print some important documents (CV, copies of
some certificates) at my workplace. Scanned them right onto a USB key,
which of course had to be unencrypted and formatted with a FAT file system.

When I got back home, the key with all its sensitive data was gone.
Probably left it somewhere on the train, I don't know.

This is not the first time this has happened to me. I usually encrypt
every mass storage device in my possession; but I cannot use full disk
encryption software at my workplace because of access restrictions.
Also, the standalone scanners require plain FAT, as mentioned earlier.

I was wondering whether there are USB flash memory devices available
that support some kind of hardware encryption, i.e. maybe some USB key
with a keypad, which only exposes a (transparently) decrypted filesystem
to the host computer.

I am using Linux, OS X, and Windows.

Do you have any thoughts and recommendations on this issue?

Richard

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: A safe text editor

2012-09-09 Thread Paul Richard Ramer

On 09/05/2012 12:39 AM, antispa...@sent.at wrote:
 Could you recommend a safe text editor, in the sense it does protect
 the edited contents in memory, but, most important, on the disk (temp
 files and such). Having functions to interact with gnupg would be even
 better.
 
 The point is to edit a text and have it all encrypted on disk. I'd like
 one that goes for .asc instead of .txt.

I don't know of a text editor that meets this criteria (granted I
haven't done any research), but as for protecting the temporary files,
you may want to use disk encryption instead.  By using disk encryption,
you can ensure that the temporary files are encrypted while you are
editing regardless of which editor you use.  But as for a text editor
that uses protected memory, I don't have a recommendation for you.


--Paul

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Changing the email address of a key

2012-08-27 Thread Richard Ulrich

When I generated my new private key, I used one of my email addresses.
This email address is stored both on the crypto stick (smart card) and
in the secring.gpg or pubring.gpg, probably both.
Now I would like to use that key with another email address. 
Is it possible to change the email address of a key, and how would I
proceed to have it on the stick and in the gpg stub files?

Rgds
Richard


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Signing eMails doesn't work anymore

2012-08-27 Thread Richard Ulrich

Hi, 

this is my first post to this list.

I have a crypto stick from www.privacyfoundation.de, and when I first
set it up, signing emails worked flawlessly.
But then I wanted to also be able to use my crypto-stick for ssh
authentication.
As adding the authentication sub key turned out to be difficult, I
generated an entirely new private key with encryption-, signature- and
authentication subkeys generated before putting them onto the crypto
stick.
SSH authentication works nicely now, but with the new key, signing
emails always fails. Ecryption and decryption still works. I'm using
evolution, but I also tried with thunderbird. The errormessage I get is
the same I get when trying to sign something with gpg directly. Could it
be that gpg is confused which key to use?



#gpg --sign setup_my_system.sh
gpg: sending command `SCD PKSIGN' to agent failed: ec=6.18
gpg: Beglaubigung fehlgeschlagen: Allgemeiner Fehler
gpg: signing failed: Allgemeiner Fehler



#gpg2 --card-status
Application ID ...: D276000124010205115F
Version ..: 2.0
Manufacturer .: ZeitControl
Serial number : 115F
Name of cardholder: Richard Ulrich
Language prefs ...: de
Sex ..: männlich
URL of public key : [nicht gesetzt]
Login data ...: [nicht gesetzt]
Signature PIN : nicht zwingend
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 0
Signature key : 6555 FA9F AEEF 386C 50E2  7AE1 02EC 6014 E840 1492
  created : 2012-08-07 19:01:59
Encryption key: 3A6C CF0A C29F 3DFC 60AF  DCCE 31AA D811 8760 DB3E
  created : 2012-08-07 19:00:54
Authentication key: 2C12 F55B 69D3 088E BFD9  C010 BABF AE12 5A09 7EF6
  created : 2012-08-07 19:04:12
General key info..: pub  2048R/E8401492 2012-08-07 Richard Ulrich
(ulrichard) xx...@gmail.com
sec#  2048R/0AE275A9  erzeugt: 2012-08-07  verfällt: 2022-08-05
ssb  2048R/8760DB3E  erzeugt: 2012-08-07  verfällt: niemals 
  Kartennummer: 0005 115F
ssb  2048R/E8401492  erzeugt: 2012-08-07  verfällt: niemals 
  Kartennummer: 0005 115F
ssb  2048R/5A097EF6  erzeugt: 2012-08-07  verfällt: niemals 
  Kartennummer: 0005 115F


#gpg2 --list-keys
/home/richi/.gnupg/pubring.gpg
--
pub   2048R/0AE275A9 2012-08-07 [verfällt: 2022-08-05]
uid  Richard Ulrich (ulrichard) xx...@gmail.com
sub   2048R/8760DB3E 2012-08-07
sub   2048R/E8401492 2012-08-07
sub   2048R/5A097EF6 2012-08-07
sub   2048R/EC980139 2012-08-07 [verfällt: 2022-08-05]


Rgds
Richard


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Mac OS X 10.8 and OpenPGP Cards

2012-07-27 Thread Richard Höchenberger

On 27/7/2012 20:12, Kevin Kammer wrote:
 It has been so long since I had to mess with it (on my mac anyway) that
 I don't remember.  Which libraries do you mean?

I never had to install any additional libraries, at least not until
10.7.4. Don't know about ML though :)

Richard

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG 2.0.19 + Cryptostick - decryption fails with 4096 bit key

2012-06-05 Thread Richard

On Tue, Jun 5, 2012 at 6:43 PM, Mathieu Jolicoeur m...@spoked.ca wrote:
 On this topic, I have found the following thread on the GPF forums,
 which lead me back to this list.

 https://www.privacyfoundation.de/forum/viewtopic.php?f=13t=1145

This could be pretty much the same issue which Edmond and Kevin are
experiencing:

http://lists.gnupg.org/pipermail/gnupg-users/2012-April/044195.html
http://lists.gnupg.org/pipermail/gnupg-users/2012-May/044335.html

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [META] The issue of the unwelcome CC (please email me if you receive a CC from me)

2012-01-31 Thread Richard

On Wed, Feb 1, 2012 at 06:35, Jerry je...@seibercom.net wrote:
 I have encounter two individuals, not on this list, who also think it
 is cute to mail a response directly to the OP and then CC the list.
 Honestly, some people are alive only because it seems cruel to kill a
 retard.

I've done this before (on this list), but only because I had the
impression almost everyone else here did it, so I just wanted to go
with what I assumed to be expected. I don't think this makes me look
like a retard, but rather considerate, since I tried to figure out
what appeared to be the netiquette on this very list before posting
anything.

But thanks for the clarification anyway.

Richard

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Win7: Kleopatra does not open

2011-10-22 Thread Richard

Hi Roland,

On Fri, Oct 21, 2011 at 11:21, Roland Siemons (P) siem...@cleanfuels.nl wrote:
On 2 occasions it got working, but gave up a
 day later. Reinstall  some success, and then failure again ...

 Any suggestions?

do you see the Kleopatra process running in the task manager? If it's
shown as running, could you look into the task bar? Maybe Kleopatra is
hiding as a small tray icon there.

Richard

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Expired keys

2011-10-20 Thread Richard

On Thu, Oct 20, 2011 at 17:23, Jerry gnupg.u...@seibercom.net wrote:
 Is there a way to delete all
 expired keys at once

Have a look at gpgkeymgr (http://nudin.github.com/GnuPGP-Tools/),
that's probably what you want.

Best,

Richard

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Migrating to Smartcards

2011-09-01 Thread Richard

On Thu, Sep 1, 2011 at 06:11, Patryk Cisek pat...@debian.org wrote:
 Or just go ahead and compile it yourself.

Unfortunately I only have a 64 Gig hard drive and no space left to
install XCode :(

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Migrating to Smartcards

2011-08-30 Thread Richard

Hello,

for security reasons, I have decided to migrate my most important
subkeys to smartcards. I have a number of questions regarding the
transfer/migration.

a) I've bought two OpenPGP smartcards (v2). Their overprint says they
support RSA with up to 3072 bit. In the GnuPG 2.0.18 release notes
one change was to Allow generation of card keys up to 4096 bit. Does
that apply to the OpenPGP v2 card?

b) As far as I know, the cards can only store subkeys, i.e. no primary
key. That way, only decryption, singing and authenticaion will be
possible. If I want to sign other keys, will I have to keep the
primary key somewhere safe off-card?

c) For convenience, I bought two cards which are supposed to store the
same keys. I want to carry one card around with me every day for
mobile use (I also bought an SCR3500 reader for that purpose) and
leave the other one at home in the card reader on my desk. Now the
problem is that the keytocard command can only be issued once, since
it deletes the key from the computer. To copy the keys to both cards,
I would have to backup my secret keys, insert card #1, issue
keytocard, restore the backup, insert card #2, issue keytocard again.
Will that cause any problems in later GnuPG use as the cards' IDs are
different?

Thanks!

Richard

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Migrating to Smartcards

2011-08-30 Thread Richard

On Tue, Aug 30, 2011 at 20:49, David Tomaschik da...@systemoverlord.com wrote:

 No, you can store a primary key.  And you can use the 3 slots for any
 purpose (though I believe they must all tie to the same primary key.).
  It would be common to combine signing  certification into one key
 (and I believe that is the default).

So it is impossible to use a separate signing subkey if I want to
retain the possibility to sign other keys without keeping an off-card
backup of the primary key? In the past I switched my singing subkeys
every couple of years, keeping my primary key in place.

Richard

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Migrating to Smartcards

2011-08-30 Thread Richard

Hello,

On Tue, Aug 30, 2011 at 21:08, David Tomaschik da...@systemoverlord.com wrote:
 No, I was just stating common practice.  You could do a
 certification/primary key, a signing key, and an encryption key in the
 3 slots.

are you sure about that? Everywhere I read the slots can only be used
for: signing, decryption, authentication. If the signing slot is
filled with the primary key, there is no more room for a singing
subkey...

Richard

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Migrating to Smartcards

2011-08-30 Thread Richard

Thanks for all your help!

I just noticed that on my mobile computer (running Mac OS X) I am
still stuck with GnuPG 2.0.17 since MacGPG2 has not yet been updated.
I will have to wait for an updated package before I can start moving
my keys to smartcards.

Best,

Richard

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How secure are smartcards?

2011-08-06 Thread Richard

Hello,

On Mon, Jul 25, 2011 at 12:05, Olav Seyfarth o...@enigmail.net wrote:
 I did so but unfortunately my (old) card broke. So I was busted. To avoid that
 in the future, I now generated my new key for usage in the card on an offline
 system (e.g. Live-CD in RAM disk) and copied it on an old small memony card 
 (to
 allow to easily decrypt by importing the whole key to my keyring after 
 revoking
 it) which I encrypted differently and physically locked securely. I imported
 the key to 2 SmartCards while also locking one away as easy backup and another
 one for daily use. After shutting down the offline system, only the one card 
 is
 used with computers connected to the net. If this one is lost or stolen, I'd
 revoke the key (with a rev cert that I also generated separately).

would it be sensible to encrypt the key on the memory card key using
the encryption key stored on both smartcards? If one smartcard breaks,
you could still decrypt the key using the other card. And since the
secret key for decryption cannot leave the cards, it would be a pretty
secure solution, I guess. :)

Richard

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How secure are smartcards?

2011-08-06 Thread Richard

Whoops, typo:

On Sat, Aug 6, 2011 at 12:46, Richard rich...@r-selected.de wrote:
 would it be sensible to encrypt the key on the memory card key using
 the encryption key stored on both smartcards?

was meant to read:

 would it be sensible to encrypt the key on the memory card using
 the encryption key stored on both smartcards?

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How secure are smartcards?

2011-07-29 Thread Richard

On Fri, Jul 29, 2011 at 02:05, Crypto Stick
cryptost...@privacyfoundation.de wrote:
 For a state-of-the-art smart card like the OpenPGP Card 2, I
 guess the price tag would be around 100.000 Euros

100.000 as a one-time investment for breaking into an unlimited number
of OpenPGP smart cards? If I were a government, I would definitely buy
such a machinery... While at the same time, German authorities fail to
break GnuPG's encryption for private keys, given a dictionary attack
doesn't work out. (See
http://annalist.noblogs.org/post/2009/01/04/bka-ratespielchen-rund-um-gnupg/
-- but it's written in German).

Hence, one has to assume it's safer to use encrypted harddrives for
key storage than a smartcard if one wants to protect their data from
German authorities, I guess.

Richard

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg-agent automatically use passphrase for signing subkey?

2011-07-23 Thread Richard

As far as I know every subkey holds its own passphrase (per default,
they are all identical for a given primary key). This means that
passphrase requests are actually not action-based, but key-based.

Please correct me if I'm wrong. :)

Richard

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Can version 1.4.11 be configured to use IDEA?

2011-07-21 Thread Richard

All right, thanks! :)

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Can version 1.4.11 be configured to use IDEA?

2011-07-20 Thread Richard

Hello,

On Tue, Jul 19, 2011 at 03:57, Robert J. Hansen r...@sixdemonbag.org wrote:
 Is there some particular reason why you send messages in an obfuscated format?

how is that working anyway? Apparently GPG automatically decrypted
those messages for me. How were they generated? What is that? :)

Thanks,

Richard

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Establishing new key - key setup recommendations

2011-04-17 Thread Paul Richard Ramer

On 04/15/2011 02:01 PM, Thomas Harning Jr. wrote:
 I've generated and published a 8192-bit non-expiring RSA 'master' key
 for signing other keys as well as 2048-bit RSA keys for signing and
 encryption (expiring in a few years).  The master key is protected by
 
 I have not had it signed by other users yet and am concerned that I
 might want to generate a new keyset before I get the 8192-bit key in
 wide circulation.  I have, however, signed tags in my Git source
 repository with a subkey... so would it make sense to migrate those
 subkeys (through trickery i've seen)... or would the fact that they
 are available under the 8192-bit key be a general problem?

An 8192-bit key could be incompatible with most OpenPGP software.  For
that reason I wouldn't recommend it.  However, compatibility won't make
a difference if you will be the only one using your public key.  On the
other hand if the key is for communication or code signing,
compatibility is important.

I believe that 4096 bits would be the largest size that you should use.
 Just know that if you want to use an OpenPGP smartcard that 3072 bits
is currently the largest key size for a key stored on the card (if you
use subkeys for encryption, signing, or authentication then the 3072
bits size doesn't apply to the master key).

As far as migration is concerned, I don't know what you are referring
to.  Would you expound on this?

 Some options I am considering after reading blogs/etc:
  * Generate RSA 4096-bit master signing key and revoke the 8192-bit
 key noting that it has been superceded

I would recommend this since you want to use the key with other people.
 In which case, you need compatibility.

  * Generate DSA 3072-bit master signing key and revoke... (this is
 well supported, right?)

It will work fine for anyone who uses GnuPG, as far as I know, but I
don't know about PGP.  You'll have to ask about PGP's support 3072-bit
DSA keys.  But whether you should or shouldn't use a 3072-bit DSA key
versus a 4096-bit RSA key is simply personal preference, notwithstanding
any compatibility issues, if there is any.

  * Wait for ECC to be in standard and supported by PGP and GnuPG

Don't wait; use cryptography now.  There will always be a better
solution coming.  Just switch when it becomes available.

And once again, remember compatiblility.  It is fine to switch to ECC
when it becomes available, but don't throw away using regular
RSA/DSA/Elgamal keys until most everyone else has switched to ECC.

  * Generate ECC key and keep it alongside my better-supported 8192-bit
 key until better software support arrives (perhaps keeping both
 well-signed?)
   - this implies the ECC public key storage for signing it has been
 set in stone...

Notwithstanding my comments about a 8192-bit key, I would probably do
this too after ECC has become available in GnuPG and has been well
tested.  I would have an ECC key and prefer its use, but have a non-ECC
key for those who are still using non-ECC keys.

Just know that everything that I have said is just one man's opinion,
but the compatibility issue is several men's.

Cheers,


-Paul

--
PGP Key ID: 0x3DB6D884
PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: public key not found, but it is there!

2011-04-16 Thread Paul Richard Ramer

On 4/14/11 5:02 PM, Felipe Alvarez wrote:
 now, whenever I try to encrypt to user alice It fails, saying
 encryption failed: public key not found
 
 The public key is there! But it has a different fingerprint
 (17D11744). GPG is looking for Alice's Old hash fingerprint
 (DE0155B3). How can I remedy this?
 
 
 felipe@felipes /cygdrive/C/Program Files/GNU/GnuPG
 $
 felipe@felipes /cygdrive/C/Program Files/GNU/GnuPG
 $ ./gpg --list-keys
 C:/Documents and Settings/felipe/Application Data/gnupg\pubring.gpg
 ---
 pub   2048R/1A80C23E 2011-04-07
 uid  Bob Fresh bob.fr...@example.com
 sub   2048R/402C0B65 2011-04-07
 
 pub   1024D/17D11744 2011-04-14
 uid  alice fresh alice.fr...@example.net
 sub   2048g/C2509E95 2011-04-14
 
 
 felipe@felipes /cygdrive/C/Program Files/GNU/GnuPG
 $ ./gpg -r alice -e random1
 gpg: DE0155B3: skipped: public key not found
 gpg: random1: encryption failed: public key not found

I would suggest looking in your gpg.conf file to see if there is an
entry that contains alice.  It may be that there is an entry that is
like following:

group alice=DE0155B3

If that is the case, then specifying alice as a recipient would
encrypt to whatever keys are listed in the group alice.  Try gpg
--list-keys alice to see what response you get.  Also, try the
following command to encrypt to Alice: gpg -r 17D11744 -e some_file.


-Paul

-- 
PGP Key ID: 3DB6D884
PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Enquiries about GnuPG

2011-03-25 Thread Richard

Hello,

your questions have already been answered a couple weeks ago, please
see the thread at

http://lists.gnupg.org/pipermail/gnupg-users/2011-March/040942.html


Best,

Richard

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg command output language???

2011-01-16 Thread Paul Richard Ramer

On 01/15/2011 11:34 PM, Bo Berglund wrote:
 It beats me why a program like gpg should detect the keyboard type and
 change its language like this, language setting should be a volontary
 change by the user always! Just think how good it would be for an
 English speaking user to try and use a PC that happened to be set for
 say a Slovenian keyboard. Not possible to understand the output,
 right?
 
 So how can I change gpg such that it sends its responses in English
 only? I have checked gpg.conf, but there is no language setting there.

The GPG man page gives the following information:

  Operation is further controlled by a few environment variables:
  [...]

  LANGUAGE
 Apart from its use by GNU, it is used in the W32 version to
 override the language selection done through the Registry. If
 used and set to a valid and available language name (langid),
 the file with the translation is loaded from
 gpgdir/gnupg.nls/langid.mo. Here gpgdir is the directory out of
 which the gpg binary has been loaded. If it can't be loaded the
 Registry is tried and as last resort the native Windows locale
 system is used.


-Paul

-- 
Please use my PGP key when sending me e-mail, if you can.

PGP Key ID: 0x3DB6D884
PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Organizing GPA public key list into favourites groups????

2011-01-13 Thread Paul Richard Ramer

On 01/11/2011 02:12 PM, Bo Berglund wrote:
 What I did next was to locate the gpg.conf file in AppData in my
 profile (I am running Windows7 X64).
 Here I found a text part where it looked like one could add a group
 specification.
 
 So I went ahead and added this line:
 group developers = 0xDBC3175B 0x9209B308 0x8A51A0EE

The entry you made is syntactically correct.

 If I use GPA to encrypt a file, what happens is exactly like before, I
 get the unwieldy (not even sorted by name) list of recipients public
 keys to select from and nowhere at all is there any sight of my
 developers group! :-(
 

Try clicking on the heading User Name.  That will make GPA sort by
name rather than key ID.

 Is there some other application that can be used to encrypt a file
 with GPG which actually works in Windows 7 X64 and also shows the
 group?

I don't know, I don't use Windows.  But check out the list of frontends
for GnuPG at http://gnupg.org/related_software/frontends.en.htm.

 Finally, is it possible to have more than one group in GPG?
 If so what is the syntax in the conf file?
 Can there be more than one line starting with group?

Yes, you can have more than one group in GPG, and each group entry
begins with group some_name=some_identifier (without the quotation
marks, of course).  The GPG man page gives the following explanation:

--group name=value1
   Sets up a named group, which is similar to aliases in email pro‐
   grams. Any time the group name is a recipient (-r or --recipi‐
   ent), it will be expanded to the values specified. Multiple
   groups with the same name are automatically merged into a single
   group.

   The values are key IDs or fingerprints, but any key description
   is accepted. Note that a value with spaces in it will be treated
   as two different values. Note also there is only one level of
   expansion --- you cannot make an group that points to another
   group. When used from the command line, it may be necessary to
   quote the argument to this option to prevent the shell from
   treating it as multiple arguments.

Cheers,


-Paul

-- 
Please use my PGP key when sending me e-mail, if you can.

PGP Key ID: 0x3DB6D884
PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Organizing GPA public key list into favourites groups????

2011-01-13 Thread Paul Richard Ramer

On 01/12/2011 02:58 PM, Bo Berglund wrote:
 On Tue, 11 Jan 2011 23:12:48 +0100, Bo Berglund
 bo.bergl...@gmail.com wrote:
 
 Seems like noone can answer this question

Cheer up. :-) Sometimes it can take a few days before someone can get
you the answer that you need.


 What I want to do is to encrypt a specific file before sending it as
 an attachment in an email. I need to encrypt it several times a week
 after it has been revised because it is a live specification document
 and it is very tedious to always sift through the long list of keys to
 select the keys for the development team members...
 A group would have made life so much easier.

What you want to do is easy with the command line, but I don't know
about how to do it with GPA.


-Paul

-- 
Please use my PGP key when sending me e-mail, if you can.

PGP Key ID: 0x3DB6D884
PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Organizing GPA public key list into favourites groups????

2011-01-13 Thread Paul Richard Ramer

On 01/12/2011 03:42 PM, Bo Berglund wrote:
 Well, I created a batch file with the command:
 
 gpg -r groupname --encrypt filename
 
 When I execute this batch file it actually does what I need provided
 that the file is not open in MS Word. If it is then there is a very
 strange error message about an illegal argument...
 
 Funnily, if I use PGA to encrypt the doc file while MSWord has it
 open, then encryption works just fine.
 Is there a gpg option to open the file in read-only mode such that I
 don't get this error?

Could you give us the error message?  It may help someone figure out
what the issue is.


-Paul

-- 
Please use my PGP key when sending me e-mail, if you can.

PGP Key ID: 0x3DB6D884
PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

AUTO: Richard Hamilton is out of the office (returning 01/13/2011)

2011-01-12 Thread Richard Hamilton



I am out of the office until 01/13/2011.

I am out of the office until Thursday January 13th, 2011.  If this is a
production problem, please call the solution center at 918-573-2336 or
email Bob Olson at robert.ol...@williams.com. I will have limited mail and
cell phone access.


Note: This is an automated response to your message  Re: What is the
benefit of signing an encrypted email sent on 1/12/11 9:15:48.

This is the only notification you will receive while this person is away.___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Having trouble getting GPG to accept input from a pinpad

2011-01-11 Thread Paul Richard Ramer

On 01/03/2011 02:25 AM, Michel Messerschmidt wrote:
 Have you tried it with gnupg 2.0.x ?
 IIRC you need at least 2.0.12 for the SPR-532 pinpad and gnupg-agent
 should be running. 
 If not, please post more details about your environment and how you
 execute gnupg. The pinpad works for me, so I guess you will find a way.

Good news--it works.  Initially, I tried gpg2 (version 2.0.14), but it
didn't work.  Instead, I got an error message that scdaemon wasn't
running.  I searched for scdaemon on my system with which scdaemon,
but I couldn't find it.

But now I can find scdaemon with which scdaemon, and the only thing
that has changed has been that I compiled some software, installed some
packages, and, just this last evening, performed an update on my system.
 I hadn't had any success with the pinpad until some time after the
update last night.

So I don't know what happened to fix my situation (I wish I knew).  But
thank you to all of you who helped me.  You have been a big help. :-)


-Paul

--
PGP Key ID: 0x3DB6D884
PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Having trouble getting GPG to accept input from a pinpad

2011-01-03 Thread Paul Richard Ramer

On 01/02/2011 05:32 AM, Simon Josefsson wrote:
 I am using an OpenPGP v2 card with an SCM SPR-532 smartcard reader, and
 I can't get GPG to take a PIN from the pinpad instead of the keyboard.
 When I run gpg --card-edit followed by any command that requires a PIN
 or Admin PIN, I get a password dialog box from pinentry, but I can only
 enter the PIN via a keyboard.
 
 IIRC the on-device PIN entry is only used for signing operations, not
 admin stuff -- so try proceeding anyway and then try signing.  This kind
 of harms the point of having a on-device PIN entry, but it is still
 possible to setup the card on a secure machine and then use it in other
 environments.  I'm using a SPR-532 too with GnuPG on Mac for SSH
 authentication, and I enter the PIN on the SPR-532 just fine.

Unfortunately, GPG isn't taking input from the pinpad regardless of what
operations I am performing--signing, decrypting, change card
information.  This behavior is true of both the PIN and the Admin PIN.

Everything else that I have done so far with my OpenPGP v2 card works.
So I have no issues there.  Things such as generating a key, changing
card information, decrypting and signing e-mail work without any trouble.

I'll gladly answer any questions about my setup or tools or run
different stuff to debug this situation.  I just want to start using my
pinpad. :-)


-Paul

-- 
PGP Key ID: 0x3DB6D884
PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Having trouble getting GPG to accept input from a pinpad

2011-01-02 Thread Paul Richard Ramer

Hi,

I am using an OpenPGP v2 card with an SCM SPR-532 smartcard reader, and
I can't get GPG to take a PIN from the pinpad instead of the keyboard.
When I run gpg --card-edit followed by any command that requires a PIN
or Admin PIN, I get a password dialog box from pinentry, but I can only
enter the PIN via a keyboard.

I have followed the GnuPG Smartcard HOWTO, including setting up the udev
rules and creating and adding my user account to the scard group.
According to this post at
http://lists.gnupg.org/pipermail/gnupg-users/2010-November/039845.html, using
the pinpad of my card reader should work (except when it doesn't ;-)).

I don't have pcsc-lite installed.  I am using GnuPG 1.4.10 (but also
have GnuPG 2.0.14 installed) and am running it on top of Ubuntu 10.04.
The versions of GnuPG that I have are what was available through my
package manager.

Thanks in advance for any help you can provide.


-Paul

-- 
PGP Key ID: 0x3DB6D884
PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

AUTO: Richard Hamilton is out of the office (returning 01/03/2011)

2011-01-02 Thread Richard Hamilton



I am out of the office until 01/03/2011.

I am out of the office until Monday January 3rd, 2011.  If this is a
production problem, please call the solution center at 918-573-2336 or
email Bob Olson at robert.ol...@williams.com. I will have limited mail and
cell phone access.


Note: This is an automated response to your message  Re: Is self-signing
necessary? Basic questions. sent on 1/2/11 12:43:27.

This is the only notification you will receive while this person is away.___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: verify signature from Windows and Ubuntu does not work

2010-11-24 Thread Paul Richard Ramer

Sat, 20 Nov 2010 09:07:13 +0100, Mike wrote:
 I use IMAP for my mailbox and I am accessing this from Win/Outlook and
 Ubuntu/Evolution.
 
 When I get an email and I access it first with Outlook, then I can not
 verify the signature anymore in Ubuntu as the whole email got detached
 into a separate attachment.
 
 How can I resolve this?
 I could not find any options in gpg4win or kleopatra.

When you say that the e-mail got detached into a separate attachment,
are you talking about the copy of the e-mail that is stored on your
computer or the message that is stored on the mail server?


-Paul

--
PGP ID: 3DB6D884
PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D88



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GPG 4 Win

2010-11-24 Thread Paul Richard Ramer

Thu, 18 Nov 2010 11:44:56 +, Lee Elcocks wrote:
 I have finaly managed to import PKSC12 files into GPGSM. Is their a 
 way of importing OpenPGP keys into GPGSM?

No. GPGSM is for CMS and S/MIME; GnuPG is for OpenPGP and PGP/MIME.

 The client insists that we use RSA keys using openSSL and bundle into
 
 P.12 Files, their public key are come as .txt files, they will ont 
 import into GPGSM, but will import into GPG no problem, so i assume
 they are open PGP keys, that is indeed what Kleopatra displays.

If the key that you were importing into GnuPG were not an OpenPGP key it
would give the following error.

gpg: no valid OpenPGP data found.

Given the fact that you were successful in importing the key into GnuPG,
it must be an OpenPGP certificate.  A way of examining a file to see if
it is an OpenPGP certificate is to use gpg --list-packets
certificate_file.  If the certificate is valid, gpg will output a bunch
of information about the various data packets in the file.


-Paul

--
PGP ID: 3DB6D884
PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Do I need to put my keys on a server???

2010-11-13 Thread Paul Richard Ramer

On 11/10/2010 07:23 AM, Visual GPG WoT Project wrote:
 I've created two key pairs for two different email accounts (lets say
 email1@ and email2@)
 and signed each one with each other and set the owner trust to
 ultimate...
 
 When I send an encripted email from email1@ to email2@
 my Enigmail client says:
 
 Decrypted message; Unverified signature
 
 What I am doing wrong?
 Do I need to put my keys on a server???

Putting your keys on a keyserver won't fix this situation.  On the
machine that you decrypted the message, did you have the public key for
ema...@?


-Paul

-- 
Please use my PGP key when sending me e-mail, if you can.

PGP Key ID: 0x3DB6D884
PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Changing secret key encryption algorithms

2010-10-22 Thread Paul Richard Ramer

On Thu, 21 Oct 2010 09:40:11 -0700, Dan Cowsill wrote:
 It seems the algorithms are mapped to algo ID's.  I can confirm that the
 algorithm is different than than the one used on my real secret key, but
 I had not been able to find any resources that map the algo ID's to
 their respective names with any completeness.  I was able to find an
 excellent (if dated) resource on secret keys in the process[1].

Page 62 of RFC4880 http://www.rfc-editor.org/rfc/rfc4880.txt specifies
the IDs of symmetric algorithms, and RFC5581
http://www.rfc-editor.org/rfc/rfc5581.txt specifies the IDs for the
Camellia cipher.


-Paul

-- 
Please use my PGP key when sending me e-mail, if you can.

PGP Key ID: 0x3DB6D884
PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Paranoid People's User Group?

2010-10-14 Thread Paul Richard Ramer

On Thu, 14 Oct 2010 08:45:59 +0200, Remco Rijnders wrote:
 I've looked at this before and haven't been able to tell... is there any
 way to subscribe to this group without needing to create a yahoo ID and
 email address?

No.  Yahoo! requires you to log in with a Yahoo! ID, or if you don't
have one, you must create a Yahoo! ID.


-Paul


-- 
Please use my PGP key when sending me messages.

PGP ID: 3DB6D884
PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Paranoid People's User Group?

2010-10-13 Thread Paul Richard Ramer

On Wed, 13 Oct 2010 17:57:08 -0700, Dan Cowsill wrote:
 After some googling, I decided this would be the best place to start. 
 What I'm after is a mailing list or user group that exchanges encrypted
 communications with each other.  Or, if no such mailing list exists, I
 wonder if I might be able to pick up a pen-pal or two that wants to use
 PGP to communicate.

There is such a mailing list, which is called PGPNET.  It is part of
Yahoo! Groups and is located at
http://tech.groups.yahoo.com/group/PGPNET/.  All mail, with few
exceptions, is encrypted to all members of the group.


-Paul

-- 
Please use my PGP key when sending me e-mail, if you can.

PGP Key ID: 0x3DB6D884
PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: generating X.509 certificates using gnupg

2010-09-08 Thread Paul Richard Ramer

On Tue, 7 Sep 2010 13:56:08 +0530 (IST), Alex Smily wrote:
 please dont mind if this forum in not the correct one to ask...i have
 installed gnupg on windows... gpg ,gpg2 ,gpgsm are working fine.
 is it possible to generate x.509 certificates using gnupg? if s
 please help me.

This is the right mailing list.  You can generate a certificate signing
request with gpgsm, e.g. gpgsm --output certificate.csr --gen-key.  If
you are looking to do more than that, you may wish to use OpenSSL
instead.  And if this doesn't fully answer your question, or you have
more questions, post back--this mailing list is friendly to newcomers.


-Paul

--
Please use my PGP key when sending me e-mail, if you can.

PGP Key ID: 0x3DB6D884
PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encryption with no recipient

2010-09-01 Thread Paul Richard Ramer

On Tue, 31 Aug 2010 07:49:48 -0400, Ted Rolle Jr. wrote:
 I tried -ace and it aways asked for a userid.  -c and -ac worked just
 fine.  Apparently when -e is specified that triggers the request for a
 recipient.

Hi Ted.  -c or --symmetric encrypts with a symmetric key that is
derived from a passphrase.  No public key is used.  Because of that,
using gpg -c some_file will ask for a passphrase, and that passphrase
must be used when you want to decrypt the file.

But when you specify -e or --encrypt, GnuPG will use a public key to
encrypt the file, and a recipient's public key must be specified.  This
means that when you specify both -c and -e, you will get a file that
is encrypted by a symmetric key and a public key.  That is why GnuPG is
asking for a recipient.


-Paul

--
PGP Key ID: 0x3DB6D884
PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Strange behaviour of gpg when importing key from keyserver

2010-08-25 Thread Paul Richard Ramer

On Wed, 25 Aug 2010 17:55:17 -0400, Faramir wrote:
   Now, the problem: I search keys by an email address, and gpg shows
 me the different matches found, and ask me to enter the number of the
 match I want to import, or O for other, or F to finish. But if I enter O
 or F, it just repeats the question, it doesn't finish the process. I
 tried different characters based on English words I thought may have
 been used in English version of GPG, and found 'Q' (for Quit) is the
 right answer to finish the process and exit, but I don't know the
 equivalent for 'other', nor what is it supposed to do.

[snip]

 P.S: this is the question:
 Keys 1-3 of 3 for theAddressIused.  Introduzca número(s), O)tro, o F)in 

The equivalent for O is N, because the English word here would be
Next.  For example:

Keys 1-6 of 12 for Faramir.  Enter number(s), N)ext, or Q)uit 


-Paul

--
PGP Key ID: 0x3DB6D884
PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gnuPGP Setup

2010-08-24 Thread Paul Richard Ramer

On Sat, 21 Aug 2010 04:21:07 -0700 (PDT), BernePGP wrote:
 Im really new to this and I have about 80% understood, I am at the stage
 where I have sent my key in a word file to my recipient that is sorted.  I
 then tell the reciepient to download and load the gnupgp programe and to
 read the setup for novice readme file.

 After the recipient has loaded the programe he generates a personal key
 but does he do as I have done and copy out his public key in a wordfile
 and send it to me?

He can do one of two things.  He can export his public key into a file
and, by some means, deliver the file to you, or he send his public key
to a keyserver so the you can fetch it from the keyserver.

 In other words when the recipient got my email with my public key
 encrypted in a wordfile , what does he then do?  Does he copy and paste my
 public key somewhere in his gnupgp programe?

He imports it into his program.  If he is using the program that you are
using, then he clicks the Import button and selects the file.

Also, note that public keys are not encrypted when exported.  That is
only done for private keys, because there is no danger in revealing a
public key but the inverse for a private key.

 In what form should I expect to recieve the senders public key?  Will it
 arrive already encrypted in a word file and if so what do I do with that
 enc public key in regard to my gnuPGP programe?

Concerning the first question here, it depends on the way he chooses to
deliver his key to you (please see my top paragraph).  And concerning
the second, you import it into your program.  In the program that you
are using, click the Import button and select the public key file.

 Again a newbie , a few words to clear the matter please.  I did read the
 novice helpfile but you can see the whole process is not fully understood.

No problem.  No one was ever born an expert.  ;-)

 To be upfront, Im no further on, I just cant follow the great advice shown
 here.  The only thing I can do is to provide a screenshot and then follow
 exactly an A), B), C) format no further advice until a return screenshot has
 proven that Ive understood and executed that step?  So here is the first
 screenshot of my GnuPGP UI ( if I should use an easier UI please advise
 where I can get it but this one seems ok )?   Oh, re the word file it was a
 misprint, wordpad was used, But now I cant seem to reproduce my own public
 key in wordpad?

All right.  Let's start by exporting your public key.  And since your
GUI is GNU Privacy Assistant, I will refer to it as GPA.

A) Select your key in GPA.
B) Click the Export button.
C) Enter the filename that you want.

You're done.  Now give that file to your recipient by whatever means you
will.  Now wait for him to give you his public key.  If he gives you a
file with his public key in it, follow the steps below.

A) In GPA, click the Import button.
B) Select the file that your recipient gave you.

Done.  Now have your recipient perform each of these series of steps as
you have, and both of you will be able communicate securely.

Also, please follow the advice given to you by Simon Richter and Faramir
about ensuring that you and your recipient have the correct keys.


-Paul

PGP Key ID: 0x3DB6D884
PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Accessing the 2nd card reader

2010-08-13 Thread Richard

On Thu, Aug 12, 2010 at 12:31, Richard rich...@r-selected.de wrote:
 Well I stumbled upon another problem.

 I actually wanted to use one of my card readers with GnuPG/scdaemon
 exclusively, and the other one with OpenSC's PAM-PKCS#11 module.
[...]

 I just wanted ask whether scdaemon always blocks _all_ PC/SC readers,
 even when told to use one specific reader only?

All right, this appears to be a PAM-PKCS#11 bug. I am going to drop a
note on this list if I find a solution.

Richard

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Accessing the 2nd card reader

2010-08-13 Thread Richard

On Fri, Aug 13, 2010 at 16:38, Richard rich...@r-selected.de wrote:

 All right, this appears to be a PAM-PKCS#11 bug.

That's not correct: It is a bug in OpenSC's PKCS#11 module. Someone
wrote a patch for OpenSC (SVN, trunk), which fixes the problem for me:

http://www.opensc-project.org/pipermail/opensc-user/2010-August/004224.html


Best reagrds,

Richard

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Accessing the 2nd card reader

2010-08-12 Thread Richard

Well I stumbled upon another problem.

I actually wanted to use one of my card readers with GnuPG/scdaemon
exclusively, and the other one with OpenSC's PAM-PKCS#11 module.

As already mentioned, both of my readers are accessible via PC/SC.

Having set

reader-port REINER SCT CyberJack pp_a (8928928328) 00 00

in my ~/.gnupg/scdaemon.conf, I thought the other reader could now be
used smoothly with PAM-PKCS#11. However, pcscd tells me
SCardConnect() Error Reader Exclusive. I'll have to figure out which
the two readers it is trying to access here (although I have set the
reader slot to use to the 1st reader, which should not be opened
exclusively by scdaemon).

I just wanted ask whether scdaemon always blocks _all_ PC/SC readers,
even when told to use one specific reader only?

If it doesn't, then this is probably a PAM-PKCS#11-related problem and
I will have to contact the OpenSC people for support.

Thanks,

Richard

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Accessing the 2nd card reader

2010-08-11 Thread Richard

Hello everyone,

I have connected two card readers to my computer, but want only to use
the 2nd one with GnuPG 2/scdaemon.
Both are PCSC readers:

$ opensc-tool -l
Readers known about:
Nr.Driver Name
0  pcsc   SCM SPR 532 [Vendor Interface] (21250837209929) 00 00
1  pcsc   REINER SCT CyberJack pp_a (8928928328) 00 00

However, GnuPG only recognizes the 1st reader:

$ echo scd getinfo reader_list | gpg-connect-agent --decode | awk
'/^D/ {print $2}'
04E6:E003:21250837209929:0

How can I force GnuPG to use the 2nd reader only? I don't know what
which reader-port option to set in ~/.gnupg/scdaemon.conf.


Thanks,

Richard

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Accessing the 2nd card reader

2010-08-11 Thread Richard

Hello Werner,

On Wed, Aug 11, 2010 at 12:34, Werner Koch w...@gnupg.org wrote:
To convince pcscd to use the second
 reader you need to use the

  reader-port REINER SCT CyberJack pp_a

 or a bit more of the string shown by opensc-tool.

thanks for your advice. I had to use the whole identifier as issued by
opensc-tool to get the reader to work:

reader-port REINER SCT CyberJack pp_a (8928928328) 00 00

Now I can finally access my OpenPGP smart card in my second reader using GPG :)
Thanks again for your help,

Richard

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Gnupg good for big groups?

2010-08-10 Thread Paul Richard Ramer

On Mon, 09 Aug 2010 13:55:41 -0400, Robert J. Hansen wrote:
 You would have to ask Paul.  I suspect, though, that with only a
 low-thirtysomething number of nodes and a total number of messages in
 the neighborhood of six hundred, that there's not much confidence to be
 had in any trend.

Exactly.  I figured from the start that with few people and messages
that I wasn't going to find anything more than gross trends.


-Paul

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Gnupg good for big groups?

2010-08-09 Thread Paul Richard Ramer

Hi MFPA,

Sun, 8 Aug 2010 15:49:40 +0100, MFPA wrote:
 681 Messages sent by members of the list
 628 Encrypted messages
 
 I'm surprised the difference is so large - it doesn't feel like that
 large a proportion is unencrypted. But that number not encrypted looks
 correct if it includes about ten notification messages from Yahoo
 about new file uploads, etc.

Actually, the number of encrypted messages that I originally posted was
incorrect.  The real number is 641.  I replied to my original post and
posted the correct numbers.  You can find them at this link
http://lists.gnupg.org/pipermail/gnupg-users/2010-August/039335.html.

No Yahoo notifications were counted in any of the numbers that I posted,
since none of those messages were from someone on or joining the list.
But all other messages were counted, including my initial post of my
public key.

 36 NETMK messages
 
 I have difficulty counting those because my email program is poor at
 searching inside encrypted messages. It finds six plaintext, and this
 only rises to 13 if I tell it to also look inside encrypted messages;
 I know this is a very long way short.

36 is correct. I took note of every NETMK (Not Encrypted To My Key)
message, who was complaining, and who hadn't encrypted.

Also note that 36 NETMK messages does not mean 36 messages that weren't
encrypted to someone's key.  Sometimes a person had multiples messages
that he couldn't decrypt, and sometimes multiple people responded to the
same initial message with NETMK messages.

 13 Members were responsible for not encrypting to someone's key
 12 Members sent NETMK messages
 And for what it's worth:
 22 Messages weren't encrypted to my key
 
 How many of these 22 were within the first week or so?
 I find very few messages not encrypted to mine.

I agree with Hansen that this is seems almost like cherry picking, but I
will give it to you anyway. Six in the first week and four in the last week.

But before you say, Ah ha, know that four of the first week's messages
were from a person that had successfully sent encrypted messages to me
prior in that same week.  Also two of the last week's were not due to
someone removing my key from his list of keys.  In both cases someone
else couldn't read the poster's message and the poster replied with a
message the NETMK complainer and I could read.

It's not that you need this much detail, but without it you might come
to incorrect conclusions about the causes of the messages that I
couldn't decrypt.

 and 1 in 12 of all messages was either not encrypted to my key or a
 NETMK complaint.
 
 Wow!
 
 Hope this is enlightening. :-)
 
 It is. I'm quite surprised at the proportion of unencrypted messages,
 and at the proportion of members not encrypting to somebody's key. I
 would hope that latter figure dropped significantly if non-encryption
 to keys posted within the last week were disregarded.

As for the proportion of unencrypted message, see the top of this message.

No one sent NETMK messages in the last week.  But if I deduct the 4
messages that I could not decrypt that were sent in the last week, then
the ratio of NETMK messages plus messages not encrypted me to all
messages is approximately 1 in 13.


-Paul

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Gnupg good for big groups?

2010-08-09 Thread Paul Richard Ramer

On Sat, 07 Aug 2010 20:30:22 -0400, Faramir wrote:
   The interesting thing, is a lot of times the NETMK messages are caused
 by less active members who (somehow) broken their configurations.

Actually, the most amusing and bizarre mistake is that people sometimes
encrypt to only *their* key.  That happened 30% of the time.


-Paul

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Gnupg good for big groups?

2010-08-08 Thread Paul Richard Ramer

On Sat, 07 Aug 2010 12:59:45 -0700, Paul Richard Ramer wrote:
 681 Messages sent by members of the list
 628 Encrypted messages
 36 NETMK messages
 37-41 Keys
 37-40 Members
 32 Members sent encrypted messages
 13 Members were responsible for not encrypting to someone's key
 12 Members sent NETMK messages
 
 And for what it's worth:
 
 22 Messages weren't encrypted to my key
 
 So for me that makes approximately 1 in 29 encrypted messages was not
 encrypted to my key, 1 in 19 of all messages was a NETMK message, and 1
 in 12 of all messages was either not encrypted to my key or a NETMK
 complaint.

My apology.  Two of the numbers that I posted were wrong.  The total of
encrypted messages should be 641, and the number of members who didn't
encrypt to someone's key was 18.  Also, note that the ratios that I gave
are still correct despite the corrections.  I have reposted the original
message with the corrected numbers below.


-Paul

-Corrected message below-

Well, I have some numbers to show the frequency of NETMK (Not
Encrypted To My Key) messages.  I was on the PGPNET mailing list for
just over three months, and these are my findings (note that all of
these numbers are from the day that I joined to the day that roll call
ended and my key was removed).

681 Messages sent by members of the list
641 Encrypted messages
36 NETMK messages
37-41 Keys
37-40 Members
32 Members sent encrypted messages
18 Members were responsible for not encrypting to someone's key
12 Members sent NETMK messages

And for what it's worth:

22 Messages weren't encrypted to my key

So for me that makes approximately 1 in 29 encrypted messages was not
encrypted to my key, 1 in 19 of all messages was a NETMK message, and 1
in 12 of all messages was either not encrypted to my key or a NETMK
complaint.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Gnupg good for big groups?

2010-08-08 Thread Paul Richard Ramer

On Sat, 07 Aug 2010 20:30:22 -0400, Faramir wrote:
 El 07-08-2010 15:59, Paul Richard Ramer escribió:
 ...
 So for me that makes approximately 1 in 29 encrypted messages was not
 encrypted to my key, 1 in 19 of all messages was a NETMK message, and 1
 in 12 of all messages was either not encrypted to my key or a NETMK
 complaint.
 
 Hope this is enlightening. :-)
 
   The interesting thing, is a lot of times the NETMK messages are caused
 by less active members who (somehow) broken their configurations.

True.  In fact over a third of all NETMK messages (14 to be exact) were
to members who posted fewer than ten messages in that three month period.


-Paul

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Gnupg good for big groups?

2010-08-07 Thread Paul Richard Ramer

On Wed, 04 Aug 2010 13:57:57 -0400, Robert J. Hansen wrote:
 It is also worth noting that PGPNET has some very big problems with key
 management.  PGPNET users are apparently comfortable wrestling with
 these problems (more power to them for that), but we shouldn't pretend
 the problems don't exist.
 
 In a completely connected graph of N nodes there are (N^2 - N)/2
 different edges.  Or, in English, 40 members equals 780 separate
 communications links, each one of which can fail and produce problems
 for other people.  The network begins to get spammed with that last
 message wasn't encrypted to my new key, please re-send.  The network
 slowly begins to drown with communications overhead: key
 synchronization, resend requests, failure notifications, etc.  PGPNET is
 probably operating pretty close to the limits of OpenPGP.  At some point
 the math bites you hard and doesn't let go.

Well, I have some numbers to show the frequency of NETMK (Not
Encrypted To My Key) messages.  I was on the PGPNET mailing list for
just over three months, and these are my findings (note that all of
these numbers are from the day that I joined to the day that roll call
ended and my key was removed).

681 Messages sent by members of the list
628 Encrypted messages
36 NETMK messages
37-41 Keys
37-40 Members
32 Members sent encrypted messages
13 Members were responsible for not encrypting to someone's key
12 Members sent NETMK messages

And for what it's worth:

22 Messages weren't encrypted to my key

So for me that makes approximately 1 in 29 encrypted messages was not
encrypted to my key, 1 in 19 of all messages was a NETMK message, and 1
in 12 of all messages was either not encrypted to my key or a NETMK
complaint.

Hope this is enlightening. :-)


-Paul

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

poldi unattended authentication

2010-07-16 Thread Richard

Hello everyone!

I would like to authenticate using poldi without the need to enter my
PIN. In an old blog posting, they use auth sufficient pam_poldi.so
try-pin=123456 quiet in PAM config files the achieve this behavior
(http://www.schiessle.org/howto/poldi.php). However, this specific
feature seems not to be available with the latest poldi release
(0.4.1) anymore.

Is there another way to authenticate using an OpenPGP smart card, but
without the need of having to enter a PIN?

Since the OpenPGP smart card itself cannot be used without setting an
(at least) 6 characters long PIN, I don't know what to do with the
try-pin option removed.

Richard.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

AUTO: Richard Hamilton is out of the office (returning 06/24/2010)

2010-06-17 Thread Richard Hamilton



I am out of the office until 06/24/2010.

I am out of the office until Thursday June 24th.  If this is a production
problem, please call the solution center at 918-573-2336 or email Bob Olson
at robert.ol...@williams.com. I will have limited mail and cell phone
access.


Note: This is an automated response to your message  Re: Can we use GNUPG
with PGP for commercial use sent on 6/17/10 10:21:32.

This is the only notification you will receive while this person is away.___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Test mail to richih.mailingl...@gmail.com

2010-06-11 Thread Richard Hartmann

On Fri, Jun 11, 2010 at 09:39, Werner Koch w...@gnupg.org wrote:

 Sorry for the inconvenience,

No problem. It's not me :)


Richard

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PGP Installation Problems on Sun OS

2010-04-27 Thread Paul Richard Ramer

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Mon, 26 Apr 2010 18:57:15 +0530, Varaprasad Kota wrote:
 I have downloaded gnupg-2.0.15.tar.bz2 and done the below steps to install
 them on SunOS.
 
 Step1: unzipped it
 Step2: Moved into the parent directory(gnupg/gnupg-2.0.15.tar.bz2) and types
 ./configure.
 Step3: I have also tried checking whether gpg is already installed or not.
 
 For all the above commands I get KSH: NOT FOUND reply.

So by that last line, do you mean that each time that you typed a
command you got a KSH: NOT FOUND error? For example:

 Step1: unzipped it
KSH: NOT FOUND

 Step2: Moved into the parent directory(gnupg/gnupg-2.0.15.tar.bz2) and types
 ./configure.
KSH: NOT FOUND

 Step3: I have also tried checking whether gpg is already installed or not.
KSH: NOT FOUND

Or do you mean that ./configure gives you a KSH: NOT FOUND error?
Also, did ./configure succeed and did it fail and give an error?  If
./configure failed, please reply with the contents of the error.  It
will make a big difference in determining what went wrong.


- -Paul

- --
Karl Marx, a famous deadbeat dad. --self

+-+
| PGP Key ID: 0x3DB6D884  |
| PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884 |
+-+
-BEGIN PGP SIGNATURE-

iQGcBAEBCAAGBQJL11MeAAoJEJhBiuhgbQLIfRkL/1VAZZQOADGsCv1YW9rsbJ96
OPJvv82w97lednVu3du535kNaUKjwwOazuxgfPEqTZHK8vub3VC/xcmAPLc5AV2t
HLM4ErkLP4MWOgsZMnhRmS2T+4en0jwQqi5BehzXSaqmKCRYGlEfWJpC2n0aEIKQ
cRKnrh2huf52pDv178YeotbDnvCn47Y4L7ttt+3RJHBUr88nx78a0mgfBEDiL5R6
rjdRNARbNQr7tcw06A837KL57vcVbXjwZYo9kWveWT1t5YTH/hCTfeZ9i8IVsafS
iJkN2HTmXZOnaXgJ+/y+t2lo0vbiZIZHrN5VTM3ZpBPxkqMbXaJeY3hL3xFkf7AL
Y/mrZLbKyBwaxCrOaTONAxLxEox7Ym/+WIEAWyAm+GE77gESK0OIV51HV8bqHAJn
YOoCS0FnwWoTw7OrMKmqRJNSn48anmjSV+WIaXsQqecMgbBsXeAobgza6KQIerju
pkm6PJubnrvylkynua//3cM0UJ9+e7XxPZScxCKafw==
=yDfM
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Receiving invalid packet errors when decryption Ascii Armored data

2010-04-06 Thread Paul Richard Ramer

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Tue, 6 Apr 2010 14:25:09 -0500, Seidl, Scott wrote:
 I am sending data to a vendor for processing and they are at times having 
issues decrypting our files.  We are ASCII armoring the file before we send
it, and they are receiving a error of:
 
 gpg: [don't know]: invalid packet (ctb=2d)
 
 gpg: [don't know]: invalid packet (ctb=2d)
 
 
 
 I've look at the file we sent to them and see no issues or extra data 
around the ASCII Armor header/trailer records.
 
 Can someone provide more details on what would be causing this error?  
I've seen this with Binary (non- ASCII armored) files.
 
 I am using GNUPG v 1.4.9 to encrypt the files on a Linux box.  I can tell 
that the vendor is also using GNUPG from the error email I get, but I don't
know the version.

Have you and the vendor compared checksums on the ASCII-armored files to
confirm that the files that you sent and the files that they received
are identical?


- -Paul

- --
You wouldn't send all of your mail written on the back of postcards
would you?  Then why would you send your e-mail the same way?
http://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html

+-+
| PGP Key ID: 0x3DB6D884  |
| PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884 |
+-+
-BEGIN PGP SIGNATURE-

iQGcBAEBCAAGBQJLu8dRAAoJEJhBiuhgbQLIW+EL/06DQg1qhFvED1CbfZJkebXO
5i2SPVrTkkr+iR9DsLxHWTItoq79FrxEdGgTf8PVR1rTy/Ejb5xHYrVgbzKAA1eK
2hMApNH8t4ujUH8fkG37H+eHhcLTMfdPoywzl/ybUlxBZ0P0UvTRQke8zTrxvMal
+SsSgy0opwt+yqQUwf23sXU11V1HyQuQ/wVFTOpbUSCHHaKV0m2lY/Rf4mvsq8w6
7fbPnu+jDIvhewIzZAbfT/rGP/Bg1PcGiFjTjtL4ao54xCaQrj2TL2mvc3jC+hmO
A0VeDvGwZQjxQAgn5yHXBTsaPLHgCKsZhEKD8IyXKcHfdJRi/o6WUdZwuOEygzWl
BmhmciOm1pgZ+YglZD1QwnRfubyjADtEM4rxGyBbU2qLOG2Ro9vrCZEVwernZJg4
I9p5RCcYhVvlsW83f91LGwaqwM817Ak5ssJO8jRiAeX5z0MgbxpSXuH4QSg+VSJM
0YjP42gPxgu7RD935GCaRyWQ2ww3gQMODOWMmdLf8w==
=G8RZ
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: What to do when subkey expires?

2010-04-05 Thread Paul Richard Ramer

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Mon, 5 Apr 2010 20:20:06 -0400, Brian Mearns wrote:
 Sorry for such a simple question, but I can't find a simple answer. My
 signing and encryption subkeys have expired, so do I just create new
 subkeys, and upload to the SKS servers? Do I have to delete the
 subkeys, or revoke them?

Create new ones.  You don't need to delete or revoke them, because no
one is going to use them now that they have expired.


- -Paul

- --
New Windows 7: Double the DRM, Double the fun! Learn more:
http://windows7sins.org

+-+
| PGP Key ID: 0x3DB6D884  |
| PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884 |
+-+
-BEGIN PGP SIGNATURE-

iQGcBAEBCAAGBQJLupBIAAoJEJhBiuhgbQLIGgQMAIinK9gsub6vrZzdJnIliau0
kouwvV4PQjEMlxGT8nIPfuWXjI0yub2vMx+QbwbxO92YKsTBQvTknp1MlXzXw1kv
nuR7KcrwaOtLvFGYHGfG1r/MaIyD0Z0QS1foHwzd6HPKCrWiF0CUgG6ZuNrweEGB
auIRjUud6RmD3Xzk3F1HhvSRr9vP7N2VyjP6ZSVPCeOOCGkCXQgR2uGiDuhFmMmI
DLnmQmtXApDAbQq3+K04MYyX6iItMBp0T0WKDo99C3mk3UUQ1WqhlYy+T7Oj+v/q
ioNDrRCEmgBi54Ell7qqWkIJv6IIs00841lVAc+Ij9KyU2SbOWV+C/+qDtgL481W
ePwiU2aA/yyRgfNfaFlEbUBSOWWkXdy3PQEnRXcmDVpAEP6z5Dt5U1NhL6NnqvaQ
ytwvIEaCSIZTfHEJpEBrrhHwUKD6k1o9vTp2rn/Cpx45JFwjwA0/IedRkTKanUFf
/bruZ+CODyButJX70Head8/FmVC4GAOUWvCcqkitmw==
=6yJm
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: URGENT: GNuPG 1.2.1 - secret keys help

2010-03-28 Thread Paul Richard Ramer

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

On Fri, 26 Mar 2010 02:12:00 -0400, Kannan, Aarthi [Tech] wrote:
 Here is the command I use:
 gpg --home /home/gpgfiles --keyring /home/gpgfiles/pubring.gpg 
 --list-secret-keys
 
 From: Kannan, Aarthi [Tech]
 Sent: Friday, March 26, 2010 11:36 AM
 To: 'gnupg-users@gnupg.org'
 Subject: URGENT: GNuPG 1.2.1 - secret keys help
 
 Hi,
 I am using gpg1.2.1.
 I created a key using gen-key.
 When I do a -list-keys, it lists my public key fine.
 
 When I do a -list-secret-key, I get the following error:
 gpg: keyring_get_keyblock: read error: invalid packet
 gpg: keydb_get_keyblock failed: invalid keyring
 
 I have read  write access to pubring.gpg, secring.gpg, trustdb.gpg  
 random_seed.
 
 Am I missing something here? Can you please help, it's urgent - am stuck on 
 this for a while now!

I think that it means that your secret keyring is corrupted.


- -Paul

- --
New Windows 7: Double the DRM, Double the fun! Learn more:
http://windows7sins.org

+-+
| PGP Key ID: 0x3DB6D884  |
| PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884 |
+-+
-BEGIN PGP SIGNATURE-

iQGcBAEBCAAGBQJLr/zvAAoJEJhBiuhgbQLInBwL+QGgH1dZ3Y5cu9lrLzqVCG3S
Paa7ODFdHgCJYjwAtM4WBB/WDphWFwzLgUiPJb6mHTZY0RpqJFeguSBoXFfS2m0S
jxXCfgTREYlKUG05H60xQFJyj11DAoHKWvyMf0UjTUig03tAStjSAoQ2PYaZ3+Cn
wlnhyGC1KRo4Luh4dz2PcMsIT1TxLJRQBggbKr+CnYQFdz98GoTzBYntVlcBrjQJ
JCz2I2O7HLbMylLK0U1t6IdFpm2SmgQKbcoLON7FE91bZEhAAsZKpVNtzlSAVHZC
q5irY7/aTwNr3ctW56HSlK1P4nmm6RbNbGodAE4uWhaWa0hbRiS0kGovryKi1OxI
kC2DeL6CK2j+Jg22K7P2V8kPlP8YRZQxpb4AtSRPdItsvmPugslpSu8Cf8tYKnV7
+duXd+1ZQM5z230MMDsSHfAGBZqY/e5ztwYzo39f832LLpmzYTmGbcAv83C17Qgm
r1EFM9xGecDDVPZJs6YKeUjtnG48AdRD2s7FbxlhQw==
=Z3rp
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Corrupted File

2010-03-24 Thread Paul Richard Ramer

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Wed, 24 Mar 2010 15:56:48 -0700 (PDT), James Board wrote:
 Have you tried decrypting the file with either PGP or
 GnuPG?  Also,
 where in the file is the corruption?

 The file is corrupted (a 4096-byte page full of zereos), at seemingly
random places, but not near the front of the file.

 The file was encrypted with PGP 5.0.  I tried to decrypt with PGP 5.0
and that didn't work. [...]

I haven't used PGP 5.0, but does it give an error message when you try
to decrypt the file.  If it does, please let us know what the error
message is.  It could be helpful.

 [...] Should I try with gpg?  Does gpg behave gracefully if the input
file is corrupted? [...]

It wouldn't hurt to try.  As for the second question, I don't know.  I
don't have the knowledge or experience with these situations to answer that.

 [...] I don't normally use gpg: can I decrypt a file with gpg that was
originally encrypted with pgp 5.0?

To the best of my knowledge, GnuPG can work with old versions of PGP
going back to PGP 2.x.  So I think that it may.  If you do use GnuPG to
decrypt your file, let us know whether it works or not.  And if it
doesn't work, post the error message so that we can further diagnose.


- -Paul

- --
You wouldn't send all of your mail written on the back of postcards
would you?  Then why would you send your e-mail the same way?
http://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html

+-+
| PGP Key ID: 0x3DB6D884  |
| PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884 |
+-+
-BEGIN PGP SIGNATURE-

iQGcBAEBCAAGBQJLqrLVAAoJEJhBiuhgbQLInbEL/iU8azdfLK6tH2/CiNDjBtq9
PCzDDf7vFCZqChkNeNJJLJ1qPmhpjDPnakZLCHmhTiPhlA/AKlHOP2H6HhgReNmR
Lr7rLP0OYRcUj5VgWmFod7624qdwrqK05zS70may15fCRpi7z/VssGNNbf9FMVyT
GsPZm2KFUC++ZHCjFYo6qKVKltNuMHiH7SuNzACuOOSkASkdoBR+uQoUcUvL3ngF
XZuzgtfi4m13r+q8IfKBqh/sMI61qQs7f6Ky+Ji4PHom4mSDoVBT9cw5lbt1fUeZ
Z3w+W9HdxmFsoh+qH/qRvyut9szyPvVdZvB2+K4/Mcd8+vbq3Hk/CPwfI3UOjtKj
voxpAdgz6qageCSRGvGAg0vFbt/0CoJdAFanxKa7LJP8hounFY/uy87x9R5ktw7c
+uVRDdGatPC4Jv5fxKI5xkf1vuWv4BFtuLaExt6kelHnwwH4k+gmLsWTJfgNvHkx
6DhRIjXA/HegJOvDIyq6ZJas0XQHL/0MvNccT+xSPg==
=rjHb
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Generating a new key

2010-03-21 Thread Paul Richard Ramer

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Sun, 21 Mar 2010 00:40:08 -0300 Faramir wrote:
   Another thing to consider, is SHA is not as safe as it used to be, and
 it it becomes easily crackeable, signatures issued using SHA can become
 unsafe. So maybe you'd like to use SHA-256 instead of SHA-128. If I'm

I believe that you meant SHA-1 and not SHA-128, because there isn't a
hash called SHA-128.  Also SHA-1 is a 160 bit hash.

 The first line tells gnupg to use SHA-256 instead of SHA-1 to mangle the
 passphrases. I don't really know what is that mangling thing, but if the
 idea is to replace SHA-1 with SHA-256, it can be useful. (I have a bad
 feeling about telling other people to use that line).

In addition to what David said, the passphrase mangling uses iterations
of the hash algorithm to slow down a brute force attack on the
passphrase.  So for a fictional example, GnuPG will hash the word dog
and produce 0123456789.  Then it will iterate by taking the output of
the hash algorithm and use it as input to another instance of hashing.
So in this example it would take the output of 0123456789 and hash it
to produce 9876543210.

The default iteration count is 65536 and can be set by --s2k-count
option.  However, if you want to change the default, I would suggest
that you read this first
http://lists.gnupg.org/pipermail/gnupg-users/2009-November/037760.html.


- -Paul

- --
Plagiarism is the greatest form of flattery. --self

+-+
| PGP Key ID: 0x3DB6D884  |
| PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884 |
+-+
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)

iQGcBAEBCAAGBQJLppatAAoJEJhBiuhgbQLIGSIMAJZXHvZxkq4SbscU/gykyaYC
o/Eb5G/+VC+DRZuskUHCJ5nZykfKu3Wy93G4pj6zTEaLyJQChH22NGzp3PF185RN
XF/x04StFdjJ9AB/2QgB4gOk2JVCGkUAd75C0wP2wywyfKE57+tdNA7W5Og3duIm
7pq0ixINjlO/06cVuzy8VzE45TcUKYtweT4eboA/WkRZrd2IgwBETvgYIpyjM96n
TrJ7vQKBQBGtGmbNTGa1jNMuGYUGUqj8P+CCt3OvGjNUIl2wfwoXm13evQdd6gTY
8maXd3Zcshr7ethhpAo575J9hn568tBXj2bc0avEd1PZ3hWn1GyNQki/XZP7QV8Q
4g2n6ISJ1mEhSQuVeyBZ3gLp7ispARRxgOI+j02pTyLn69xPe33Afr44P/hNxXRB
HrV56GdT3TvoS0IJgy5IH2drsMO+q4oN65EKhYxllpJ+gNtuFdGpV2xqfYh0VVfj
hLWGtmY5bUkO53XFiB7ECXjqeq2RLkyctIRbHfqAgg==
=b8BH
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: key question

2010-03-19 Thread Paul Richard Ramer

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Sat, 13 Mar 2010 20:05:21 + MFPA wrote:
 I can't speak for other people, but I can for me.  Take
  a look at the UIDs on my key, which is
  0xC7C66ADF3DB6D884.  And also, take a look at my master
  key 0x2188A92DF05045C2 that I signed the other key
  with.
 
  Each of those e-mail addresses on my keys are ones that
  were already associated with my real name.  I had given
  each of those addresses to family, friends, associates,
  businesses, or a combination of them.  Not one of those
  accounts had given me any anonymity, and each had been
  shared outside of people I knew personally.
 
  By uploading a key with those addresses on it, does
  that mean I gave up privacy that I already had?  No.
 
 It looks to me as if the answer is yes. Unless each person who had
 one of your email addresses already knew the other addresses before
 seeing them on your key, they now have extra information about you.
 And the addresses have jumped from shared outside of people [you]
 knew personally to published in a universally-accessible location.
 However minor/negligible or unimportant you may consider it, that's a
 reduction in privacy.

You are, of course, assuming all of my contacts know what PGP is, how to
use a keyserver, and have fetched and examined my key.  Although I have
potentially disclosed my e-mail addresses to the whole world, my actual
disclosure has been less than had I posted those e-mail addresses to a
web page or handed a copy of my key UIDs to whomever.

But you know what?  I don't care.  I created those UIDs with the belief
that if I shared them with one person, I shared them with the world.  I
intentionally made that information public, which is different from
accidental disclosure.

Also the use of a keyserver in my case was good, because I don't have
any means of distributing my key electronically other than by e-mailing
my key to every person that may request it.  So a keyserver fits the way
I want to work.


- -Paul

- --
Privacy is good.  Use PGP.

+-+
| PGP Key ID: 0x3DB6D884  |
| PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884 |
+-+
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)

iQGcBAEBCAAGBQJLox97AAoJEJhBiuhgbQLIgEAL/1hXd6DAMcX+goDdipUMt1Yd
5dqnSKbGsC0Rp9Ewa2aZTPzfb4AyAdhjugp+2oX17+47Ijz8CgRP5iCSzEwhW6gl
JqKWrKL13f88vN97iauBI/TYiUoEBpMFvreYlu0X8g7qGK9WN1ul4SfFUNaBbXJt
/OXfACs7PbSUSN8XvqprOHV+p9uAFNpLIjIYpKZpt4GzhjIF7ifg7fBSw8VdXXBI
qahG0c6OqFBU10kJgZlHOM+ZSoqlS9B3M3DR54DLmgwNOhzFkOu5lgOpURY9FrZP
4XYt5hasn/FapiUh5qk8A0QRSLrXUyM7jgntK6KwIFHmurss+eyZRfxBnzveVVbR
M2WM9k+AyQnpWwjpxeAR2qQAAjljBDj5TuAEYwlXw6dBb/eQAUcr3SmEdSUDx9BV
Q2x37xMN5191xEYqVjNT5FtQko2wGCFSA4qWRbvi+DXV0KVGbTW1N2FBXLtQS1Gc
QtndM+4MIf9UkLMnUYJriDnQmgOPiQmJAJzi8gnhuQ==
=hLHd
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

AUTO: Richard Hamilton is out of the office (returning 03/22/2010)

2010-03-19 Thread Richard Hamilton



I am out of the office until 03/22/2010.

I am out of the office until Monday March 21st.  If this is a production
problem, please call the solution center at 918-573-2336 or email Bob Olson
at robert.ol...@williams.com. I will have limited mail and cell phone
access.


Note: This is an automated response to your message  Re: Secure unattended
decryption sent on 3/19/10 14:26:09.

This is the only notification you will receive while this person is away.___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Corrupted File

2010-03-17 Thread Paul Richard Ramer

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hello James,

On Mon, 15 Mar 2010 18:02:41 -0700 (PDT) James Board wrote:
 I have a fairly large file (about 10 mbytes) that was corrupted on 
disk.  About 5-10 pages of the file (4096-byte blocks) were lost and
set to zero.  The file is a PGP encryption of a another file which
is a 'tar' file of other smaller ASCII text files.
 
 I would like to decrypt as much of this file as possible.  I know 
with several blank pages, I can never fully recover the file.  However,
most of the data is still legitimate.  Is it possible to recover it
with the gpg tools?  To this point, I had been using the older PGP 5.0
version, but I can try gpg if it can decrypt most of the file.

Have you tried decrypting the file with either PGP or GnuPG?  Also,
where in the file is the corruption?

If the head of the file is corrupted, then you won't get your data back.
 The reason why is that with an OpenPGP message the file is encrypted
with a symmetric encryption key (a.k.a. session key), and then the
symmetric key is encrypted with the recipient's asymmetric encryption
key (a.k.a. public key) and stored in a packet inside the encrypted
file.  This packet precedes the data packet, which contains the
encrypted data.

An OpenPGP message would look something like this:

++
| Various packets, including | --- Without this ...
|session key packet  |
++
||
|   Data packet  | --- ... you can't decrypt that.
||
++

However, if only the data packet is damaged, you may be able to get some
of the data back.  I experimented with this by using a tar file of a few
ASCII files in order to simulate your situation.  I corrupted the
beginning of the file, and gpg couldn't recognize it as an OpenPGP
message.  Then I tried corrupting some of the end of the file, and I
could successfully decrypt and extract the text files from the tar file.
 Out of four text files in the tar file, three were good and the last
was damaged too badly to understand what its original content was.

Restoring from a backup would be best, if you have one.  Also, if
anything that I said was unclear to you, just let me know.


- -Paul

- --
New Windows 7: Double the DRM, Double the fun! Learn more:
http://windows7sins.org

+-+
| PGP Key ID: 0x3DB6D884  |
| PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884 |
+-+
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)

iQGcBAEBCAAGBQJLobCPAAoJEJhBiuhgbQLI3QYL/0EWtWOc/0AC01jOD/uEW27O
8CJkSM0qJaDQQB+oCUeDsPUIWcX6si2v90+dpFvl7ecMi0x/aizSdVjWC9Pd6/u2
X+JWKsHw/2OKG7yKcgpozwSwdOP8fi1FjGkcKllnWrYbT0GC3G0ewCxidqs5aG4p
zsojJ6pmkfqlHdw5HYreJlmBS8MGujDy48Z5hY5xhgbDboTbZoSdyWarQfOODLYR
9zYh8bOKv8oDjCMcoQuexfwxAOn9y8YdxTiunqAcW026NfZ32d4C3X0xjYCAzja8
DkGzuKtipreEG1amKG0JO44TY8hb/6/BkGNQAl4BwonGgWXEWbiWCe7OJdq77FEJ
GE3wdG3T7cgi6P6TuafUm3OOL36Ay9xwBe901OfM5qW/yH9QoIJ9+5y2Ibi9fiqF
JISIA3XFC40bvybizLV7kU1YP52g+g0H8QDbuv97Ssxg27MHUE8cuQT2LzOEnbQN
/NSG2W3a/Y4FmaFDr5GZrQVLk3Rt52zu9Gz+RR824A==
=eLxS
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: key question

2010-03-13 Thread Paul Richard Ramer

Hello MFPA,

I couldn't respond to your post for a while.  So here it is.

On Mon, 8 Mar 2010 21:38:18 + MFPA wrote:
 I never asserted that you said the key's originator owned the
 information stored in the key.  I was quoting the context of what your
 reply about the originator having some rights was about.  I would
 never try to insert words into your mouth.
 
 I just wanted anybody reading this after the event to be clear the
 quoted line about owning was not anything *I* have said.

Okay.  So we both misunderstood each other.  Problem solved.

 Really, I am not interested in talking about what the law says.  The law
 may be right, or the law may be wrong.  I don't want to know what the
 law thinks, I want to know what you think.
 
 The legal aspect is an integral part of the answer to your question;
 it demonstrates that rights to privacy and to an element of control
 over one's personal information are not something I dreamt out of thin
 air. Whatever different views people may have on moral or ethical
 rights, there are situations where processing/storage/dissemination of
 personal information is the subject of an established body of
 legislation and legal precedent. All that is open to question is the
 extent and nature of privacy rights that may exist beyond the narrow
 set enshrined in law and the slightly wider set in documents such as
 ECHR.

The issue of law is not an integral part of the answer to the question
of what should be.  It is an integral part of the answer to what is.

If I were to ask you whether every day should be like Christmas, you
would likely respond that every day couldn't be like Christmas.  Sure,
every day couldn't be like Christmas, because of the way people are, but
that doesn't mean that that is the way things ought to be.

The reason I wanted you to discuss what you believe without regard to
the law is because the law is just another man's opinion.  I was asking
for only yours.

 For the record, I don't believe that the key holder should upload the
 key if the key's originator doesn't want
 
 Seeing as we are framing this in terms of rights, do you believe the
 holder has a right to upload in these circumstances but should not
 exercise that right?

It depends.  Are we talking about ethical rights or lawful rights.

I think the key holder has the ethical and lawful rights to use and
distribute the key if the key's originator doesn't forbid him.  If the
keyholder is forbidden, he has the lawful right, but not an ethical right.

But the key holder shouldn't have to ask the originator what he may do
with the key.  The key holder should, by default, have freedom.  But if
the originator doesn't want his key disseminated, he should say so.

And by the way, I apply this rule to me.

 But I don't believe the originator has a /right/ to prevent the key
 holder from sharing it.
 
 Morally and ethically, I disagree. To use an example with phone
 numbers: say I had a personal friend who was an insurance broker with
 a teenaged daughter and elderly parents. I would suggest it's
 perfectly in order for me to pass to a third party my mate's business
 number. I definitely have no moral or ethical right to pass on his
 daughter's or parent's numbers or his personal number. Some would
 argue he has a right to give me a good beating if I did.

So a buddy's business number is public information, and you can share it
if you like.  But a /public/ key, which by default is considered
publicly shareable information, isn't.

I get it!  So it goes like this.  A business telephone number is
considered by most to be shareable, and because of that, it is ethically
shareable.  A public key is considered by most to be shareable, and
because of that, it isn't ethically shareable.

 In practical terms, the originator currently has no means to prevent
 this sharing, whether or not he has a right. In a certain narrow set
 of circumstances, there could be an argument for legal redress if the
 originator's personal information was shared.

Interesting.  ... [C]urrently has no means   Sounds like you may
want some delicious DRM.

 I don't believe the keyserver (or the church) is responsible for
 another's actions.  But I wanted to see whether you thought the
 keyserver should be responsible.
 
 I also don't think a webhost should be deemed responsible if somebody
 posts unlawful material on a site or forum that happens to be hosted
 on their servers.

I agree. I don't believe in guilt by association, including
unintentional association.

 The rights that you are asserting are similar to copyrights.  They
 both restrict the copying and dissemination of the information
 associated with them.
 
 I cannot conceive of anything other than a presumption of privacy in
 respect of the personal information usually present in the UIDs, and
 have always been amazed at the number of people displaying it openly
 on their public keys.

I can't speak for other people, but I can for me.  Take a look at the
UIDs on

Re: key question

2010-03-07 Thread Paul Richard Ramer

MFPA wrote:
 On Saturday 6 March 2010 at 8:55:48 AM, you wrote:
 
 
 On Sat, 27 Feb 2010 03:52:02 + MFPA wrote:
 (b) the person owns the information has the right to
 control how it is disseminated, and
 
 This was someone's re-interpretation of my point. Spot the extra ?

Hello MFPA,

I never asserted that you said the key's originator owned the
information stored in the key.  I was quoting the context of what your
reply about the originator having some rights was about.  I would
never try to insert words into your mouth.

 The data subject does have various rights concerning the personal
 information that is about him.

This is the reply you gave to Robert J. Hansen.  I have asked about what
you believe the limit of the rights of the originator is.  I didn't
ask this because I am trying to twist your words to make it seem as
though you believe that the originator has a right by law to prevent the
key holder from disseminating it.  I used this quote, because I believe
that it states, in your own words, what you have been saying, either
directly or by implication, during this whole discussion thread.

 The concept of *owning* your personal information makes little sense.
[snipped the rest of the paragraph]

You have began by answering a question that I never asked.  I have only
asserted that you believe that the originator has some rights.  I
never used the word own.  I used the word rights.

 Exactly as far as everything else that would fall under the basic
 right to privacy (described in Article 8 of the European Convention of
 Human Rights as the right to respect for private and family life).
 The OECD's Guidelines on the Protection of Privacy and Transborder
 Flows of Personal Data is a slightly more international view.
 http://www.oecd.org/document/20/0,3343,en_2649_34255_15589524_1_1_1_1,00.html
 
 The use, storage or dissemination of personal information is the
 subject of specific laws in many places, as mentioned above and linked
 from earlier in the thread.
 
 I'm referring to the personal information that is often present in key
 UIDs. Others may wish to extend similar discussion to cover the key
 ID/fingerprint, which I view as problematic. The key ID/fingerprint is
 not personal information in and of itself. But if the key is on a
 server, the de facto standard for key UIDs leads to, in most cases,
 personal information being revealed to anybody in possession of the
 key ID.

Really, I am not interested in talking about what the law says.  The law
may be right, or the law may be wrong.  I don't want to know what the
law thinks, I want to know what you think.

 You say that the key's originator should control the dissemination
 of the key to the keyserver,
 
 (I would point out that other opinions are available and have been
 shared in this thread. Also, the conditional should is important
 since anybody in possession of the key has the *ability* to upload it
 whether they should or not.)

I know what the others have said--I have read every posting in this
thread.  As for should, I intentionally chose that word.

 I say that if the key's originator does not disseminate said key to
 said keyserver, nobody else is in a legitimate position to make that
 decision on their behalf. If the originator actively *wanted* their
 key to be on that server (or network of servers), they would probably
 have uploaded it there.
 
 The originator may have been unaware of that server's existence. They
 may simply have taken no action regarding keyservers. They may have
 considered a particular keyserver (or network) and made a decision
 that they did not want their key on it. They may not want their key on
 any keyserver. The point is, without referring to the key originator,
 a third party cannot know their intentions and should not have the
 arrogance to presume.
 
 The OpenPGP standard and GnuPG can both be seen to concede that the
 key originator could have some say in the matter: the
 keyserver-no-modify flag was defined quite a while ago in RFC 2440
 as meaning the key holder requests that this key only be modified or
 updated by the key holder or an administrator of the key server, and
 has long been set by default in GnuPG. Unfortunately, I don't see
 evidence that any keyservers honour this flag.

For the record, I don't believe that the key holder should upload the
key if the key's originator doesn't want the key in some public venue
(forget the keyservers, it's about public availability).  But I don't
believe the originator has a /right/ to prevent the key holder from
sharing it.

 but what about from the keyserver?  Isn't the keyserver unwittingly
 sharing the key without the originator's permission?
 
 Difficult to answer.

Good.  I accomplished my goal of making you think about your position. :-)

 Say, for example, I was to print out your photograph, name, address,
 phone number, etc. and display it on a public noticeboard in the
 church. Would you consider that the noticeboard was unwittingly

1 2 >

1 - 100 of 154 matches

Mail list logo