Syncing GnuPG data between computers

[Steve McKown via Gnupg-users]

I use different computers at different times, either my office computer
or one on-site provided by a customer.

I want to be able to propagate changes I make to GnuPG on one computer
to other computer I use, without resorting to duplicating the changes
manually.

I currently only manage one GnuPG identity, and its private key material
is stored on a smart card (Yubikey).  So I think I'm only caring about
other's keys, trust relationships, and the like.

I do this kind of thing for several data types today, for example my
"dot" files.  I use a 'master copy' scheme, where changes made on one
computer are "pushed" to the master copy, and other computers' copies
can be updated by "pulling" from the master copy.

A GnuPG example.  If I import, verify, and sign some new keys, I'd
"push" from that computer and then later "pull" from a different
computer so I could use those new keys there.

The GnuPG configuration files are simple enough, but the database files
are another story I imagine.

My search-fu keeps suggesting using gpg import and export, like:

https://lists.gnupg.org/pipermail/gnupg-users/2011-May/041766.html.

Has anyone else done something like this?  Any references or suggestions
are appreciated.

Thanks,
Steve

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Newer gnupg doesn't ask for key size on generate?

[R. Steve McKown]

Hi all,

We use Yubikey 4's as GnuPG smart cards.  When setting up a new card, we
use 'gpg --card-edit's 'generate' command to generate keys on the card
itself.  If it matters, we do not ask for off-card backups of the keys.

Today we set up a new Yubikey from a Windows 7 system running GnuPG
2.2.10.  Its generate command did not ask us for key size, and the
result was rsa2048 keys generated on the Yubikey.

We have always generated rsa4096 keys on Yubikeys in the past.  I was
able to take the same Yubikey to a Linux computer with GnuPG 2.1.11
installed; its generate command did ask for key size, and I was
successfully able to generate rsa4096 keys on the Yubikey.

I see that the admin docs do not show the generate command asking key
size: https://www.gnupg.org/howtos/card-howto/en/ch03s03.html#id2521952.

I'm presuming that there is some other process or command option that we
must use on newer GnuPG to request larger keys to be generated on our
Yubikeys.  Can someone point me in the right direction for this information?

Thanks,
-- 
R. Steve McKown
Titanium Mirror, Inc.



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Passphrase cache w/Yubikey varies: sign vs auth

[Steve McKown]

On 04/09/2017 08:49 PM, NIIBE Yutaka wrote:
> Steve McKown  wrote:
>> Can someone explain why ssh after sign asks for the passphrase again,
>> and what I might be able to do to avoid this condition?  It's not a big
>> deal, but I do wonder if it suggests a misconfiguration on my part.
> 
> It is not misconfiguration.  It is expected behavior.
> 
> Please note that there is no passphrase cache on host side for
> smartcard.  It is the OpenPGP card which has the "authenticated" status.
> Once it gets authenticated by PIN, a user can ask crypto operations.
> 
> And there are two different authenticated statuses for a user.  We call
> them CHV1 and CHV2, where CHV means Card Holder Verification.  One for
> signing (CHV1) and another for others (= decryption and authentication,
> CHV2).
> 
> For OpenPGP card itself, CHV1 and CHV2 are independent (for v2 and
> later).
> 
> By using GnuPG, they are not independent.  When a user authenticate for
> CHV2, CHV1 is also authenticated automatically (provided the flag of the
> card for "Signature PIN" is "not forced").  When a user authenticate for
> CHV1, CHV2 is not affected.
> 
> I agree this is a bit confusing.  I don't know why it is so.  Perhaps,
> we had some compatibility issue with older OpenPGP card.
> 
> I don't think we have an easy way to avoid being asked PIN for SSH after
> signing.
> 

Thanks for the clear and informative answer.  Much appreciated!

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Passphrase cache w/Yubikey varies: sign vs auth

[Steve McKown]

Hi,

I'm using a Yubikey NEO with GnuPG 2.1.11 on Ubuntu 16.04 LTS.
Everything is working fine except that caching of the passphrase works
differently depending upon whether the first operation is sign or
authenticate.  I can show this with two GnuPG operations: sign a file
and ssh key-based login (I'm using gpg-agent.conf enable-ssh-support).

If after inserting the Yubikey I sign first and then ssh second, both
operations ask for the passphrase via pinentry.

  gpg2 --clearsign somefile  # pinentry dialog
  ssh someserver # pinentry dialog

I'm not sure why the ssh login above asks again for the passphrase.

If after re-inserting the Yubikey I do ssh before sign, the sign uses
the passphrase cached from the previous ssh, as expected:

  ssh someserver # pinentry dialog
  gpg2 --clearsign somefile  # NO pinentry dialog

It is true that the passphrase entered on first sign is cached, because
if I run two back to back the second doesn't ask.  Again, after
re-inserting the Yubikey:

  gpg2 --clearsign somefile  # pinentry dialog
  gpg2 --clearsign somefile  # NO pinentry dialog

The pinentry dialog for signing includes the text "[sigs done:NNN]" that
is not present for auth or crypt operations.

Can someone explain why ssh after sign asks for the passphrase again,
and what I might be able to do to avoid this condition?  It's not a big
deal, but I do wonder if it suggests a misconfiguration on my part.

Thanks,
Steve

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: Syntax Question on GPG2 on LINUX

[Steve Butler]

Jim,

I don't use modern but I do have a script for classic that works in unattended 
mode on a Linux box.  The caller knows the input file name and the script knows 
my passphrase -- default gpg_pass2.  Hope this helps with gpg2! --Steve

$ cat gpg_encrypt
#!/bin/ksh
usage="gpg_encrypt [ -a -b -e ext -n -s ] PK_ID source"
#
#   Interface script for edi and ftpexec to encrypt files vi GnuPG
#
#   -a  Use Ascii Armor (--armor switch)
#   -b  Use binary (e.g. opposite of -a)
#   -e  Use ext as value of file extension (defaults to pgp when not specified)
#   -n  Do not sign (e.g. opposite of -s)
#   -s  Sign using key for helpd...@fchn.com as signing key
# For conflicting options, the last one entered takes precedence.
#
#   PK_ID  Key ID to which the file is to be encrypted.
#   source Source file name to encrypt.
#
# Encryptes to a file of source.ext and name is echoed to stdlist

XRG_DBA=${XRG_DBA:=/usr/xrg_dba}
xrgbin=$XRG_DBA/bin
homedir=$($xrgbin/default gpg_home)

EXT=pgp
ARMOR=""
SIGN="--sign"

while getopts ":abe:ns" opt
do
  case $opt in
a) ARMOR="--armor" ;;
b) ARMOR="" ;;
e) EXT=$OPTARG ;;
n) SIGN="" ;;
s) SIGN="--sign" ;;
*) echo $usage
   exit 2
   ;;
  esac
done

shift $(($OPTIND - 1))

if [[ $# -ne 2 ]]; then
  echo "gpg_encrypt:  Must supply 2 parameters" >&2
  echo " usage: $usage" >&2
  exit 99
fi

rm -f "$2.$EXT" > /dev/null

if [[ -z $SIGN ]]; then
  gpg --batch --homedir $homedir --quiet --no-tty --always-trust $ARMOR \
  --no-permission-warning --recipient $1 --output "$2.$EXT" --encrypt "$2"
  x=$?
else
  $xrgbin/default gpg_pass2  | gpg \
 --batch --homedir $homedir --quiet --no-tty --always-trust $ARMOR \
  --sign --passphrase-fd 0 --default-key helpd...@fchn.com \
  --no-permission-warning --recipient $1 --output "$2.$EXT" --encrypt "$2"
  x=$?
fi

if [ $x -ne 0 ]; then
  echo "gpg_encrypt: gpg failure code '$x'" >&2
fi
echo "$2.$EXT"
exit $x
#

From: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of Jim Ernst
Sent: Thursday, October 06, 2016 5:39 AM
To: gnupg-users@gnupg.org
Subject: Syntax Question on GPG2 on LINUX

Hello All -

I am working in a LINUX environment using GPG version 2.1.15

Can anyone give me the syntax to use gpg2  to create a signed, encrypted file 
using a passphrase in a LINUX shell script ?  This is being run from Oracle EBS 
on a schedule so there would not be a user interacting to answer prompts. With 
this mode, is there any terminal settings I would need to set ?

Thanks !!
Jim Ernst
NTT Data
NOTE: The sender of this email is an independent contractor of Invacare 
Corporation or one of its subsidiaries. CONFIDENTIALITY NOTICE: The information 
in this e-mail message and any attachments may contain privileged, confidential 
or proprietary information, including confidential health information, 
protected by applicable Federal or state laws. Such information is intended 
only for the recipient named above. If you are not the intended recipient, 
please notify the sender immediately, and take notice that any use, disclosure 
or distribution of such information is prohibited by law.

-- 
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, 
is for the sole use of the intended recipient(s) and may contain 
confidential 
and privileged information. Any unauthorized review, use, disclosure or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: What to do at failed integrity check?

[Steve Butler]

Go to any public key server and get that key ID.

However, before doing that, I'd first verify the checksum without using GnuPG.  
That process should also have been described on the download page.



-Original Message-
From: Gnupg-users [mailto:gnupg-users-bounces+sbutler=fchn@gnupg.org] On 
Behalf Of Simon Albrecht
Sent: Monday, October 03, 2016 6:36 AM
To: gnupg-users@gnupg.org
Subject: What to do at failed integrity check?

Hello everybody,

I’m having a problem getting GnuPG set up: I downloaded the tarball and 
signature (for v2.0.30), then did the integrity check as described on 
 using the packaged 
version of GnuPG (1.4.something), and it failed with this message:

gpg: Signature made Do 31 Mär 2016 12:56:02 CEST using RSA key ID 4F25E3B6
gpg: Can't check signature: public key not found

I already tried getting the files from a mirror – same thing.

Now, the instructions on the linked webpage only say ‘the file should be 
treated suspiciously’. But what can I do now? Just use it anyway and hope it’s 
not a real problem?

Best regards,
Simon Albrecht

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

-- 
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, 
is for the sole use of the intended recipient(s) and may contain 
confidential 
and privileged information. Any unauthorized review, use, disclosure or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: Decryption failed: No secret key found (Please help !)

[Steve Butler]

-Original Message-
From: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of Hariharan 
Shweta

Thanks for the response. We have provided them our public key. 
The key 31743B64 is not our public key. I'm confused as our vendor is able to 
decrypt our message but we are not able to do it. 

Any advise is appreciated.

From: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of Ben 
McGinnes
Sent: Thursday, August 18, 2016 2:40 PM
> 
> We have setup the entire GnuPG software along with the keys in our 
> Linux server. We are able to encrypt our message and send it to our 
> vendor. even our vendor is able to decrypt it at their end. But we are 
> not able to decrypt the message sent by the vendor to us.

Let's say that you public key has an ID of PKA and your vendor has public key 
ID of PKB.

When you encrypt your message to the vendor you encrypt with their PKB key ID.  
If you also want to decrypt that same message later for yourself you need to 
also encrypt it to PKA (encrypt to both key IDs).

When your vendor sends a message to you they need to encrypt to your public key 
ID of PKA.  It looks like they encrypted the message to two public keys.  
However, neither one is yours.  You need to contact the vendor and ensure they 
encrypt messages to you with your PKA key ID. [Substitute actual fingerprint 
values as needed.]

Give them the key IDs to which they did encrypt the message as that will help 
them figure out what they did wrong on their end.

On a couple of occasions I've had vendors send me their private key along with 
the public key.  [Holding head in hands!]  You may need to hold their hands to 
get this working right for you.

--Steve

-- 
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, 
is for the sole use of the intended recipient(s) and may contain 
confidential 
and privileged information. Any unauthorized review, use, disclosure or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: UK Investigatory Powers Bill

[Steve Karmeinsky]

On Thu, May 05, 2016 at 11:33:34AM +0100, keith wrote:

> Otherwise welcome to Full On Hard Core DPI across the whole of the UK
> that is going to affect all internal traffic and anything transiting the
> borders Not that you could trust them, or others, anyway but it
> might be time to set up BGP to steer all traffic away from DataStrip
> One.

Have a look on Google Streetview around Bude (in Cornwall), what was C&W
land all their cables there (very pretty little cove, with a concrete
hut at the top). 'Oddly' there's a GCHQ 'listening' station right next
door and allegedly they don't even need to tap the cables, they're just
given a splice. (Again allegedly) they have the capability to store 30
days worth of traffic while they do any analysis of stuff and can then
move any interesting data elsewhere for further analysis.

Already doing bulk intercept, now just legitimising it ...

Steve

-- 
NetTek Ltd  UK mob +44 7775 755503
UK +44 20 3432 3735  /  US +1 (650) 423 1390  /  Fax +44 20 7483 2455
social id stevekennedyuk
Euro Tech News Blog http://eurotechnews.blogspot.com

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: UK Investigatory Powers Bill

[Steve Karmeinsky]

On Wed, May 04, 2016 at 11:15:47PM +0100, MFPA wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> On Wednesday 4 May 2016 at 6:04:55 PM, in
> , keith wrote:
> > Personally I almost realise that
> > some of this may be
> > needed and/or indeed necessary
> By contrast, I am 100% certain that none of it is needed. If "the
> authorities" think they need access to some specific group or
> individual's communications, they can employ plain old-fashioned
> deception to have undercover agents worm their way in and get
> themselves trusted and included in the encryption list.

Unfortunately it doesn't matter if it's needed, it's becoming law (well
it's already law under RIP, but DRIP 'expires' this year, so now
enshrined under IP Act).

It's a blanked law to ensure what's being done already is now legalised.

Steve

-- 
NetTek Ltd  UK mob +44 7775 755503
UK +44 20 3432 3735  /  US +1 (650) 423 1390  /  Fax +44 20 7483 2455
social id stevekennedyuk
Euro Tech News Blog http://eurotechnews.blogspot.com

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: UK Investigatory Powers Bill

[Steve Karmeinsky]

On Wed, May 04, 2016 at 03:38:18PM +0100, keith wrote:

> This UK legislation will have impact elsewhere.

Currently encryption isn't banned, however say you encrypt an email and
send it to someone and the 'authorities' want to read it, they can then
force you to hand over the keys and if you refuse, you go to jail until
you do ...

There are other major issues like equipment interference and bulk
interception to name a few.

Steve

-- 
NetTek Ltd  UK mob +44 7775 755503
UK +44 20 3432 3735  /  US +1 (650) 423 1390  /  Fax +44 20 7483 2455
social id stevekennedyuk
Euro Tech News Blog http://eurotechnews.blogspot.com

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: Use of --passphrase-file

[Steve Butler]

Any "secure" storage for the passphrase will itself need a mechanism to 
"unlock".  This only digs the hole one more level down.  Only you can decide 
when to stop digging.  But remember, whatever the automated script can do, a 
human following the script can also do.  [Note to self, use "hacker" instead of 
"human" next time.]

After wrestling with this for some time several years ago, I came to the 
conclusion that I could only delay the inevitable and could not prevent it.  I 
my case I chose to "hide" the plaintext passphrase in a fashion that kept the 
casual looker (non-hacker) at bay (1 level down) but was real easy to implement 
and didn't require another password/phrase.  Any serious programmer could 
easily read the code and reveal the passphrase.  Then I limit who has access to 
that particular box.

Stephen M. Butler, PMP, PSM
IT Manager - Software Engineering
First Choice Health Network
Email: sbut...@fchn.com
Voice: 206-268-2309
Fax:  206-268-6173

From: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of Harman, 
Michael
Sent: Wednesday, February 17, 2016 8:34 AM
To: gnupg-users@gnupg.org
Subject: Use of --passphrase-file

I am attempting to automate a process that decrypts files. The files are 
encrypted with my key which has a passphrase. I have determined I can use the 
"--passphrase-file" option to get the passphrase of my key. In the gpg 
documentation at 
https://www.gnupg.org/documentation/manuals/gnupg/GPG-Esoteric-Options.html, 
under "--passphrase-file file" it says "Don't use this option if you can avoid 
it", but I can't find any alternative solution in the documentation. I found 
one blog that says to just remove the passphrase, however I'd like to preserve 
the passphrase. Do you have any recommendations where I can have a passphrase 
but still use it in an unattended fashion that is secure?

Michael W. Harman, MIT | Senior Application Architect, Information Services | 
UHS of Delaware, Inc. | a subsidiary of Universal Health Services | Phone 
610.768.3416

UHS of Delaware, Inc. Confidentiality Notice: This e-mail message, including 
any attachments, is for the sole use of the intended recipient(s) and may 
contain confidential and privileged information. Any unauthorized review, use, 
disclosure or distribution of this information is prohibited, and may be 
punishable by law. If this was sent to you in error, please notify the sender 
by reply e-mail and destroy all copies of the original message.

-- 
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, 
is for the sole use of the intended recipient(s) and may contain 
confidential 
and privileged information. Any unauthorized review, use, disclosure or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: BAD signatures for GnuPG Stable

[Steve Butler]

Did you say this was on a VM?  We've had corrupted files with 'cp' from one 
file system to another on a VM box if it decided to do a vmotion while the copy 
was in progress.

Just remember -- "To err is human, but to really foul things up you need a 
computer."(Paul Ehrlich)


-Original Message-
From: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of Ingo 
Klöcker
Sent: Thursday, January 28, 2016 11:52 AM
To: gnupg-users@gnupg.org
Subject: Re: BAD signatures for GnuPG Stable

On Thursday 28 January 2016 09:31:31 Aaron Tovo wrote:
> Thanks for the info.
> 
> Today I re-downloaded the .bz2 and .sig. And the verification worked 
> (see output below). I did file diffs between the new and the previous 
> downloads with 'diff' and they are identical. So I tried verify on the 
> previous download and it worked this time. Very confusing.

I had a similarly confusing incident with some FLAC files intermittently being 
logged as corrupted by vlc. It turned out that I had bad RAM that lead to 
subtle differences in the files if they happened to be put onto the bad RAM by 
the kernel's file cache.

Long story short, I suggest that you check your RAM.


Regards,
Ingo

-- 
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, 
is for the sole use of the intended recipient(s) and may contain 
confidential 
and privileged information. Any unauthorized review, use, disclosure or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: BAD signatures for GnuPG Stable

[Steve Butler]

Perhaps an ASCII download instead of binary?  That would make the download file 
larger!


-Original Message-
From: Gnupg-users [mailto:gnupg-users-bounces+sbutler=fchn@gnupg.org] On 
Behalf Of Aaron Tovo
Sent: Tuesday, January 26, 2016 8:45 PM
To: gnupg-users@gnupg.org
Subject: Re: BAD signatures for GnuPG Stable

Interesting. The file I downloaded is actually larger than what it should be!

-rw-rw-r--  1 aaron aaron  855815 Jan 25 21:44 libgpg-error-1.21.tar.bz2


On 01/26/2016 03:26 AM, Werner Koch wrote:
> On Tue, 26 Jan 2016 05:41, aaront...@gmail.com said:
>
>> $ gpg --verify libgpg-error-1.21.tar.bz2.sig 
>> libgpg-error-1.21.tar.bz2
>> gpg: Signature made Sat 12 Dec 2015 06:03:30 AM CST using RSA key ID
>> 4F25E3B6
>> gpg: BAD signature from "Werner Koch (dist sig)"
> Please check the length of the file to make sure you downloaded it 
> complelety.
>
> The size of libgpg-error-1.21.tar.bz2 is 763186 bytes.
>
>
> Shalom-Salam,
>
>Werner
>


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

-- 
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, 
is for the sole use of the intended recipient(s) and may contain 
confidential 
and privileged information. Any unauthorized review, use, disclosure or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: Get gpg to use keyring files in the current directory

[Steve Butler]

Either set --homedir on the command line or in the options file.

-Original Message-
From: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of Jarle 
Hammen Knudsen
Sent: Wednesday, December 16, 2015 8:19 AM
To: Gnupg-users@gnupg.org
Subject: Get gpg to use keyring files in the current directory

I'm trying to get gpg to create and use keyryring files in the current 
directory.
In e:\test I have this options file named test.conf :

 utf8-strings
 no-default-keyring
 keyring test-public.keyring
 secret-keyring test-secret.keyring

If I cd to e:\test and use this command line:

 gpg --gen-key --options test.conf

the keyrings are not created in the current directory, but in 
C:\Users\username\AppData\Roaming\gnupg
The options file is read, since the keyring files use the specified names.

I'm using gpg to encrypt small backup files which will be decrypted by 
non-tech-savvy users that do not usually use gpg. I'm going to store the 
keyrings ready for use on a USB-stick and will not know the absolute path to 
the keyfiles.

Any suggestions?

gpg (GnuPG) 2.0.29 (Gpg4win 2.3.0)
Windows 10


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

-- 
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, 
is for the sole use of the intended recipient(s) and may contain 
confidential 
and privileged information. Any unauthorized review, use, disclosure or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: Can I pass the password from the command line?

[Steve Butler]

There is under 1.4.  Don't know if it is in v2.  I'm not at my desk to pop the 
script open.   But you could pipe the passphrase via stain and tell gpg  to 
grab it from there.  Be careful as that still leaves it in the clear to those 
reading your script.   Potential local users could also see it if you echo'd it 
to the pipe.



Sent from my Verizon Wireless 4G LTE smartphone


 Original message 
From: Andrew Gallagher 
Date: 12/15/2015 15:09 (GMT-08:00)
To: Anthony Papillion 
Cc: gnupg-users@gnupg.org
Subject: Re: Can I pass the password from the command line?


> On 15 Dec 2015, at 22:58, Anthony Papillion  wrote:
>
> I'd like to script encryption and decryption from the command line. Is
> there a way to pass the encryption passphrase to GnuPG from the
> command line.

I don't think there is a password parameter, and I'd strongly recommend not 
doing it even if there was. Many OSes make the command line parameters of 
processes available to any local user.

Have you tried piping the password to stdin?

Andrew
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

-- 
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, 
is for the sole use of the intended recipient(s) and may contain 
confidential 
and privileged information. Any unauthorized review, use, disclosure or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Please remove MacGPG from gnupg.org due to serious security concerns

[steve]

Dear all,

any bug reports should be filed on our support platform at 
https://gpgtools.tenderapp.com <https://gpgtools.tenderapp.com/>. For highly 
sensitive inquiries you can always get in touch at t...@gpgtools.org 
<mailto:t...@gpgtools.org> - our public key is on our homepage, bottom left, 
and has fingerprint 85E3 8F69 046B 44C1 EC9F  B07B 76D7 8F05 00D0 26C4.

The source in question is on GitHub at https://github.com/GPGTools/localizeXIB 
<https://github.com/GPGTools/localizeXIB> and the binary is no longer required 
to compile pinentry-mac.

Kind regards,
steve (GPGTools)


> Am 23.08.2015 um 14:28 schrieb Jonathan Schleifer 
> :
> 
> Sorry for reviving this old thread. But since you guys still don't accept bug 
> reports (why?!)…
> 
> I'm not sure whether this is better or worse than the old situation, but now 
> you include an unsigned binary in your tree that is executed as part of the 
> build process. Nowhere can be found what this binary does or from which 
> sources it has been built. This is at least as bad as executing remove code. 
> Can you please explain why you do this, or why you thought this would be a 
> good idea after that long discussion on how important security is for a 
> security product?
> 
> --
> Jonathan
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: Gnupg Decryption Question

[Steve Butler]

-Original Message-
From: Werner Koch [mailto:w...@gnupg.org] 
Sent: Friday, July 24, 2015 4:24 AM

On Thu, 23 Jul 2015 19:11, sbut...@fchn.com said:
> This is a snippet of the script I use to decrypt any file coming to me that 
> has my private key (or my companies private key)
>
>   $DFLT gpg_pass2 \
>   | gpg --homedir $homedir --quiet --passphrase-fd 0 --no-tty --skip-verify \
> --no-permission-warning --no-mdc-warning --batch  \
> --output "$oname" --decrypt "$x" > /dev/null 2>&1

If you receive arbitrary data you may want to add

  --max-output SUITABLELARGENUMBEROFBYTES

to avoid a DoS using special crafted compression data.


Shalom-Salam,

   Werner
===

I'll look into that.  We do IP filtering on the firewall so we do know who is 
getting to our SFTP box (on Aug 3 we will shut down port 21 and standard FTP).  
All who send data to us must sign a business agreement (HIPAA rules).  One such 
does send us encrypted files that approach 25 GB in size -- yikes!!  Thankfully 
that is once a month.


-- 
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, 
is for the sole use of the intended recipient(s) and may contain 
confidential 
and privileged information. Any unauthorized review, use, disclosure or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: Gnupg Decryption Question

[Steve Butler]

This is a snippet of the script I use to decrypt any file coming to me that has 
my private key (or my companies private key)

  $DFLT gpg_pass2 \
  | gpg --homedir $homedir --quiet --passphrase-fd 0 --no-tty --skip-verify \
--no-permission-warning --no-mdc-warning --batch  \
--output "$oname" --decrypt "$x" > /dev/null 2>&1

The DFLT gpg_pass2 script manages to obtain the pass phrase for the private key 
and pipe it to gpg via stdin
The statement right after the above does check to see if the status ($?) is 0.

From: Gnupg-users [mailto:gnupg-users-bounces+sbutler=fchn@gnupg.org] On 
Behalf Of David Carter
Sent: Thursday, July 23, 2015 7:47 AM
To: gnupg-users@gnupg.org
Subject: Gnupg Decryption Question

Hello,

We currently use Gnupg 1.4.10 as part of our interactions with an online 
mailbox system. We are able to successfully encrypt our data files but we 
haven't been able to find the combination of options that will let us decrypt 
files that we receive - so we've used a different product for that purpose.  
Our desire is to use only one product to perform both encryption and decryption.

This is a sample of how we would call gpg to encrypt a text file prior to 
transmission:

gpg -c -o DataFile.gpg --batch --compress-algo 1 --cipher-algo cast5 
--passphrase KeyValue DataFile.txt


The files that we receive share the same KeyValue, so we would appreciate some 
guidance on undoing what was done above.

Thanks very much.

-- 
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, 
is for the sole use of the intended recipient(s) and may contain 
confidential 
and privileged information. Any unauthorized review, use, disclosure or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: Teaching GnuPG to noobs

[Steve Butler]

Biggest pitfall -- new users sending me both their public and private keys. 
Most have a mental block on how these are used.

I generated a set of documents about a decade ago that someone asked permission 
to post on the web.  Just did a search and could not find.  I'll try to dig 
through my thumb drive at home to see if they are buried someplace there.

--Steve 


-Original Message-
From: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of A.T. 
Leibson
Sent: Tuesday, June 16, 2015 6:50 AM
To: Gnupg-users@gnupg.org
Subject: Teaching GnuPG to noobs

Hi everyone,

What has your experience been teaching inexperienced users how to use GnuPG 
properly? What are common pitfalls on the part of the instructor?
What aspects are the most challenging for new users to understand?

Lastly, what's your favorite noob-friendly guide, and why?

Thanks,
Adamh

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

-- 
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, 
is for the sole use of the intended recipient(s) and may contain 
confidential 
and privileged information. Any unauthorized review, use, disclosure or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: Facebook and OpenPGP

[Steve Butler]

MFPA:
> 
> 
> On Monday 1 June 2015 at 5:37:33 PM, in 
> ,
> gnupg-us...@henk.geekmail.org wrote:
> 
> 
>> A comment worth reading in case one does not see it oneself IMHO:
>> https://blogs.fsfe.org/gerloff/2015/06/01/facebook-offers-to-send-you
>> -encrypted-emails-this-wont-help-you/
> 
> Whatever Facebook's motivation, doesn't anything that increases the 
> proportion of emails that are encrypted during transit count as a Good 
> Thing?

Yeah, I think it sets a great precedent for other large organizations to 
follow.  Plus it increases the amount of PGP-encrypted email flowing around, 
which reduces PGP as a marker for "secret messages".

.hc

==
One thing I learned in college, if all inbound mail came in the same color 
(pink) and scented then nobody knew which one came from the girl-friend.  It 
was easier to get her to use a brown non-descript envelope though!


-- 
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, 
is for the sole use of the intended recipient(s) and may contain 
confidential 
and privileged information. Any unauthorized review, use, disclosure or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Block Filter: 1st byte missing

[Steve Butler]

Client with PGP is encrypting files that we can usually decrypt with GnuPG 
1.4.16 on an Oracle Enterprise Linux (2.6.8-274.17.1.0.1.e15).

Occasionally gpg reports:  gpg: block_filter: 1st length byte missing.

Client will re-encrypt and resend.  That file always (even with different name) 
is not decrypted with above message.

Do a:  gpg --no-batch --verbose --verbose --list-packets [filename]

:marker packet: PGP
:pubkey enc packet: version 3, algo 16, keyid 6BA0BA0A5A2CEA48
data: [2047 bits]
data: [2048 bits]
gpg: public key is 5A2CEA48
gpg: using subkey 5A2CEA48 instead of primary key 1B32D54B

You need a passphrase to unlock the secret key for
user: "First Choice Health Network (FCHN) "
gpg: using subkey 5A2CEA48 instead of primary key 1B32D54B
2048-bit ELG-E key, ID 5A2CEA48, created 2001-10-16 (main key ID 1B32D54B)

gpg: public key encrypted data: good DEK
:encrypted data packet:
length: unknown
gpg: encrypted with 2048-bit ELG-E key, ID 5A2CEA48, created 2001-10-16
  "First Choice Health Network (FCHN) "
gpg: CAST5 encrypted data
gpg: block_filter: 1st length byte missing
:compressed packet: algo=1
gpg: decryption okay
gpg: WARNING: message was not integrity protected

But gpg  exits with status 2.

The 'gpg: decryption okay' message is not seen unless the 2nd -verbose is 
listed on the command line.  Not conducive to automated processing.


Manual inspection of the file with xxd shows it starts with:  000:  
a803 5047 50c1 c14e 03 [my pk sub key id] etc.
I believe that third packet starts at hex location 217 in this line:  210: 
3e65 83a0 73a7 c9ec xx   I believe the c9ec means tag 9 with 4096 packet 
length.
That should take us to locatin 1219 in this line: 
0001210: 34ed 52dd 5afb 457a 0c06   I think 0c is the next packet length of 
12 of which the 06 is the first byte.
The file ends on the next line: 
   0001220: 0edb ef22 ac

This all looks good to me.  Is gpg expecting another packet?  Or another length 
byte?

--Steve

PS  I've been using GnuPG for well over a decade and have run into this problem 
on occasion.  Always a re-encrypt has solved it.  With this client that is no 
longer the case.

Stephen M. Butler, PMP, PSM
IT Manager - Software Engineering
First Choice Health Network
Email: sbut...@fchn.com<mailto:sbut...@fchn.com>
Voice: 206-268-2309
Fax:  206-268-6173




-- 
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, 
is for the sole use of the intended recipient(s) and may contain 
confidential 
and privileged information. Any unauthorized review, use, disclosure or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Thoughts on GnuPG and automation

[Steve Jones]

On Wed, 04 Mar 2015 10:50:53 +0100
"Robert J. Hansen"  wrote:

> The possibility of *every encrypted communication* being intercepted
> and stored for later exploitation ... is not real, and we need to stop
> treating it as such.

I remember when we used to think this about the NSA or GCHQ taking in
every single email that crossed their borders.

-- 
Steve Jones 
Key fingerprint: 3550 BFC8 D7BA 4286 0FBC  4272 2AC8 A680 7167 C896


pgpb9gmjiGWFb.pgp
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: email verification as casual checking?

[Steve Jones]

On Thu, 28 Aug 2014 13:12:30 +0200
Philip Jackson  wrote:

> Whether or not I want to send secrets to a person depends on lots of
> things.  I think at present that I would be unlikely to send any
> important secret by email. I cannot imagine my confidence levels on
> the person's identity or trustworthiness being enhanced at all by a
> keyserver process alone.  Not even if the keyserver were linked to a
> lie detector :-)

The process described isn't about validating the person, it's about
validating the key against an email address. If you're going to email
the person anyway you might as well have some confidence that you're
using the right key.

-- 
Steve Jones 
Key fingerprint: 3550 BFC8 D7BA 4286 0FBC  4272 2AC8 A680 7167 C896


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: email verification as casual checking?

[Steve Jones]

On Sat, 23 Aug 2014 12:56:11 +0200
Philip Jackson  wrote:

> - the email address belongs to a person who does control the key and
> he may or may not be the person named in the email address.  I am
> risking my secrets with an unknown person.  I had better take care of
> the nature of those secrets.  It looks like this is the case covered
> by your original post.

Presumably you have an email address of the person for some reason,
whether or not you want to send secrets to that address depends on
where you got it. What you want to know is: how do you send those
secrets securely? If the keyserver has certified the key with a
challenge response protocol you've got your answer.

Ideally you'd have an email address and a fingerprint, but often you
don't.

-- 
Steve Jones 
Key fingerprint: 3550 BFC8 D7BA 4286 0FBC  4272 2AC8 A680 7167 C896


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: mailto with pgp fingerprint

[steve]

Wouldn’t it be a nice solution, if key server software had a mechanism for 
users to verify their UserID by sending a mail to the mail address in question.

Those verified keys then could be prioritized over the not verified keys when a 
search is done. Could still be faked, but would make faking a lot harder.

I assume this has already been discussed on some key server devel list? But 
have not followed that discussion, so I’m not aware.

All the best,
steve



Am 22.07.2014 um 16:27 schrieb Werner Koch :

> On Tue, 22 Jul 2014 09:40, enigm...@josuttis.de said:
>> More and more we seem to have the problem of faked keys in the key
>> servers. This especially applies to "well known" keys such as
>> authors of magazines and famous tools.
> 
> This is actually the problem of checking the validity of the key.
> Granted, gpg is not smart enough to figure out the best matching key but
> that is something which can be fixed.
> 
> A more simple way of tackling this is to use PKA or DANE for key
> validation: For sending mail you already need DNS and thus it would be
> easy to retrieve the matching key from the DNS.  The drawback is that
> this must be configured by the key owner and can't be changed by the
> sender.
> 
> 
> Shalom-Salam,
> 
>   Werner
> 
> --
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
> 
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Size of client key jumped from 2KB to 25KB

[Steve Strobel]

Thanks, Olav and Pete, for the info about how to clean up the signatures.
 Adding the "--export-options export-minimal" option reduced the file to
the expected size.  So that is a great solution for the keys I already have.

Peter Lebbing wrote:
> Perhaps it created a whole bunch of self-signatures?

I don't know why it would have, but I haven't looked specifically for that
either.

> Could you still send me the overlong key and one that has been "correctly"
> generated? I'm curious if we can figure out what it was. That's all it is
to me,
> a hobby :).

Sure.  I will send you those keys by direct email.

Steve


-- 
Steve Strobel
Link Communications, Inc.
1035 Cerise Rd
Billings, MT 59101-7378
(406) 245-5002 ext 102
(406) 245-4889 (fax)
WWW: http://www.link-comm.com
MailTo:steve.stro...@link-comm.com
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Size of client key jumped from 2KB to 25KB

[Steve Strobel]

Johan Wevers 
> Perhaps it collected a lot of signatures?

I would not have said so, but you are right.

On Sat, Mar 8, 2014 at 2:42 AM, Peter Lebbing 
 wrote:

> You can inspect the data with a command like:
> $ gpg --list-packets "C:/Documents and Settings/steve.strobel/Application
> Data/gnupg\pubring.gpg"
>

Thanks for that command.  It does show a couple dozen additional sections
for the large key, sections like this:

:trust packet: flag=00 sigcache=03
:signature packet: algo 1, keyid E497A900BC02EE05
version 4, created 1392850339, md5len 0, sigclass 0x13
digest algo 2, begin of digest 15 d2
hashed subpkt 2 len 4 (sig created 2014-02-19)
hashed subpkt 27 len 1 (key flags: 2F)
hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2)
hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (key server preferences: 80)
subpkt 16 len 8 (issuer key ID E497A900BC02EE05)
data: [2040 bits]

Our application doesn't use the trust system for much, but the client does
assign ultimate trust to the server's key.  Maybe it is doing that more
than once (such as each time the program is started).  It could skip that
step if it has already been done.  Is there a better way to check that than
to use --list-packets and parse the output?

When we export the public key with a command like "gpg --output
client-key.gpg --export -a ID49C207DF", is there a way to do so without the
signatures?  We send that key to the server so it can be used to encrypt
data for the client, but we don't really need to transfer any information
about how trusted the client is.  Does that make sense?  Now that I think
about it, the client key shouldn't have any signatures at all;  there is
nothing else in the system to attest to them.  I posted the complete
--list-packets (and --list-keys) output at the URLs below in case it is
helpful:

<http://link-comm.com/temp/small.txt>
<http://link-comm.com/temp/big.txt>

Thanks, Peter and Johan, for your help.

Steve


-- 
Steve Strobel
Link Communications, Inc.
1035 Cerise Rd
Billings, MT 59101-7378
(406) 245-5002 ext 102
(406) 245-4889 (fax)
WWW: http://www.link-comm.com
MailTo:steve.stro...@link-comm.com
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Size of client key jumped from 2KB to 25KB

[Steve Strobel]

We have a Windows application that automatically generates a key pair on
first startup (no passphrase), then sends its public key to a server.  It
exports its public key to a file with a command like this:

gpg --output client-key.gpg --export -a ID49C207DF

I recently got an error message caused by the keyfile it created exceeding
a 10 KB threshold in the application code.  It is normally 2 KB or 3 KB,
but in this case it was 25KB.  Its size apparently jumped suddenly rather
than growing slowly, or it would have errored out at 11 KB rather than at
25 KB.  The extra-large key file has typical GPG headers and footers, but a
lot more data between them than usual.

Renaming the gnupg directory (which forces it to generate a new key pair)
resolved the issue for now, but I would like to know what might have gone
wrong to make the public key so large.

In both cases, the info about the keys looks normal, something like this:

$ gpg --list-keys
C:/Documents and Settings/steve.strobel/Application Data/gnupg\pubring.gpg
--
pub   2048R/49C207DF 2014-03-07
uid  ID49C207DF (N/A) 
uid  IDLINKTDS 

I would be glad to send the keyring file if that would make troubleshooting
easier (the keys are not valuable).  Thanks for any pointers.

Steve


-- 
Steve Strobel
Link Communications, Inc.
1035 Cerise Rd
Billings, MT 59101-7378
(406) 245-5002 ext 102
(406) 245-4889 (fax)
WWW: http://www.link-comm.com
MailTo:steve.stro...@link-comm.com
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: MUA "automatically signs keys"?

[Steve Jones]

On Fri, 31 Jan 2014 16:37:28 +0100
Johannes Zarl  wrote:

> As far as I understood the original idea, it would use local
> signatures only (preferably done with a special purpose local key
> only used for these signatures).
> 
> If one would export these signatures, that would just DDoS the key
> server infrastructure for no gain.

Well I was thinking of exporting at first, but it's too fraught with
problems. I would in general like to see more use of persona
signatures as certifying keys as good enough. Essentially I see the
requirements for certifying keys as a massive barrier to entry for
common use.

Greater integration of local signatures into mail clients would be
great though, essentially you could use your public key ring as an
address book. Currently none (AFAIK) even offer the security of the SSH
known hosts file of ensuring the same key is used as from the first
contact.

-- 
Steve Jones 
Key fingerprint: 3550 BFC8 D7BA 4286 0FBC  4272 2AC8 A680 7167 C896


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: MUA "automatically signs keys"?

[Steve Jones]

On Fri, 31 Jan 2014 15:02:14 +0100
NdK  wrote:

> Il 31/01/2014 10:24, Steve Jones ha scritto:
> 
> > Well the conventions of use, for example the key signing party
> > protocol, requires photographic id. If I publicly sign a key it has
> > to be in line with how I expect others to interpret it. Policies and
> > notations on signatures go some way to alleviate that but only if
> > the tools support it.
> I tried looking around for some tutorials about notations, but could
> only find minimal information ("it's a string in 'tag@domain=value'
> format").

RFC 4880 seems to be the primary documentation.

> IIUC in *my* policy I could specify that when signing a key I use
> "ndk@mydomain=X" notation and that X=0 means "just checked the person
> can access the given mailbox", X=1 means "at least 2 other persons
> have confirmed that the same user used that email address for the
> last year" and so on.

That's pretty much it. I wouldn't worry about tracking what other
people have seen though if I were implementing a scheme like this. My
thinking is more notations like "only-emai...@example.org=true". But
the point of the @domain part is that anyone can implement whatever
namespaces they want.

> Is my understanding right? When I sign a key and use a notation, am I
> actually signing *all* the identities associated with that key? Or
> just one?

All signatures are on particular UIDs, and notations are part of
signatures, so you can sign as few or as many identities as you like.

-- 
Steve Jones 
Key fingerprint: 3550 BFC8 D7BA 4286 0FBC  4272 2AC8 A680 7167 C896


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: MUA "automatically signs keys"?

[Steve Jones]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Fri, 31 Jan 2014 01:15:07 +
MFPA <2014-667rhzu3dc-lists-gro...@riseup.net> wrote:

> On Thursday 30 January 2014 at 10:43:39 PM, in
> , Steve Jones wrote:
> 
> > Well therein lies my problem with the PGP system. It
> > relies on the notion of there being this singular thing
> > called your identity.
> 
> I'll take that to mean your problem with the web of trust.

To be really pedantic the web of trust established by conventional use
of the OpenPGP protocol :-P

> The pedantry about verifying government-issued identity is perhaps
> necessary if you have the need to be confident the government knows
> the other person as "John Smith" and that they are the right one of
> the many "John Smiths" in existence. If that is not needed, the
> name by which any government knows the person is irrelevant.

> 

> Your certification on a key means exactly what you want it to mean.
> If your certification is published with a key, it is up to each user
> to interpret that certification as they see fit (or to ignore it
> entirely).

Well the conventions of use, for example the key signing party
protocol, requires photographic id. If I publicly sign a key it has to
be in line with how I expect others to interpret it. Policies and
notations on signatures go some way to alleviate that but only if the
tools support it.

> > In online communications so many people are just
> > names, urls or email addresses, their identity is just
> > the things they've said and published.
> 
> Is that so different from the person you don't actually know, but they
> are sometimes on the train when you are commuting, and just
> occasionally you chat?

Nope, the difference is that in real life I have good mechanisms for
being sure that the person I'm talking to today is the same as the
person I was talking to yesterday. To me, you are just an email
address, for all I know you're a dozen different people spoofing emails
to the list. If all your mails are signed with the same key then I can
at least assume all those people are working in concert :-)

The issue is that the tools around OpenPGP use are designed around the
idea that it's for verifying some fixed identity, whereas in this case
it's continuity of identity that's more important. If your key had
dozens of signatures at the persona level going back a few years then
I'd have a reasonable belief that you're not just a brand new identity
created for mischievousness (not that I'm claiming that you're
trolling, it's just an example). With notations you get a system of
distributed tagging, where identity becomes a matter of a collection of
attested to attributes. Obviously this could create a lot of noise so
you'd have a limited set of folks (including ephemeral Internet folks)
who's tags you trust, probably the same people who's signatures you
trust - which is handy. :-)

My mail client, and all the others I've used, is only interested in
whether I, or someone else, has certified that MFPA is your real name.

> >  If I was
> > accepting a cheque from one of those people I'd
> > probably look for an identity confirmation,
> 
> If I didn't know their name or address, depending on the amount
> involved I may not accept the cheque.

Certainly. This BTW is why I think anonymous cryptocurrency is a daft
idea.

> > if I just
> > wanted to talk to them in probable privacy then a few
> > other people saying effectively "Yeah I've used that
> > key for that person" is enough.
> 
> Is what the signature means? Are they not simply saying, in effect,
> "Yeah I've used that key for that _email address_?"

Yes, I was being sloppy there.

> > To put it somewhat glibly, if a friend introduces
> > someone to you do you ask for an affidavit that your
> > friend has seen two forms of state issued photo id
> > before you'll talk to them?
> 
> Depends on the conversation. (-;

True, "This person is a police officer and would like to know where you
were last night," might lead you to wanting to see id. It would be nice
to be able to cryptographically verify such things.

> There is no standard threat model. But the NSA and others are, at
> least anecdotally, monitoring all communications and retaining copies
> if they are encrypted. And any person could come under scrutiny as a
> result of being only a small number of communication hops from a
> "person of interest."

By standard threat model I'm extrapolating from what all the docs seem
to say. It appears to be an entity with the NSA's (purported) ability
to monitor and intercept the Internet but witho

Re: MUA "automatically signs keys"?

[Steve Jones]

On Thu, 30 Jan 2014 21:09:45 +
MFPA <2014-667rhzu3dc-lists-gro...@riseup.net> wrote:

> On Thursday 30 January 2014 at 12:58:44 AM, in
> , Steve Jones wrote:
> > The advantage you have here though is the web of trust.
> > 1 level 1 signature would probably be not enough, but
> > 5, 10, 100..?
> 
> If the signatures are made automatically be email software without
> verifying identity, where is the web of trust? Lots of such signatures
> would tie the key to the email address but not to a person. Email
> addresses, just like phone numbers, may be re-used by a different
> person today to who used them last year.

Well therein lies my problem with the PGP system. It relies on the
notion of there being this singular thing called your identity. This
doesn't really match how people work in the world, it certainly doesn't
match how things work online. There are plenty of people I've known for
years by a particular name and using a particular email address, but by
the standards of PGP I haven't verified their identity so shouldn't
sign their key. In online communications so many people are just names,
urls or email addresses, their identity is just the things they've said
and published. If I was accepting a cheque from one of those people I'd
probably look for an identity confirmation, if I just wanted to talk to
them in probable privacy then a few other people saying effectively
"Yeah I've used that key for that person" is enough.

To put it somewhat glibly, if a friend introduces someone to you do you
ask for an affidavit that your friend has seen two forms of state issued
photo id before you'll talk to them?

> > There comes a point where you have to
> > decide that a certain level of security is good enough.
> 
> That is one of the points of the oft-repeated mantra "It depends on
> your threat model."

Yes, entirely. As it stands however the standard thread model seems that
we have to assume that all attackers are the NSA.

-- 
Steve Jones 
Key fingerprint: 3550 BFC8 D7BA 4286 0FBC  4272 2AC8 A680 7167 C896


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Non email addresses in UID

[Steve Jones]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, 30 Jan 2014 00:22:08 +
MFPA <2014-667rhzu3dc-lists-gro...@riseup.net> wrote:

> On Tuesday 28 January 2014 at 11:37:25 PM, in
> , Steve Jones wrote:
> 
> 
> > A more sophisticated approach
> > would be for OpenPGP to include a new signature type
> > for this purpose.
> 
> There are already more than enough signature types. Wouldn't this lend
> itself quite well to using a signature notation?

Yes, in fact a policy url may be even more appropriate.

- -- 
Steve Jones 
Key fingerprint: 3550 BFC8 D7BA 4286 0FBC  4272 2AC8 A680 7167 C896
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBCAAGBQJS6aWPAAoJEEgVHtdrBwIARAsH/18vWhC4H+9HZlf+t8/ITrkr
gqs4nV9M30M3k3o6d/Zj0eCn15Wj0cuaAem5o3oW/owXmvaM1GBkkoqDcnNlfN8S
SQwKqNW01KuFYYel9fa37ahgM6I6LrgeRj6R24MehNN1tzPas8RTCJb+WcGgaROY
9niJF0LlgqhHEptvvBgrzMRV5LY6/gXOkLULohyhG7Md4tud98TAPD68hUo/A+in
wVWBnIu/Gjjva29Je5l68l40AhCRclCA6Jg2qV7pSqexkQMXHS6aJcTKuj64TKc6
u2UdUtQq+XdeP6/k3jGhTuMkxcZtq0p41RK4KTqLYF1F09e9EOq7bUK1Mtd02Ps=
=Zaxx
-END PGP SIGNATURE-
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: MUA "automatically signs keys"?

[Steve Jones]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, 30 Jan 2014 00:04:17 +
MFPA <2014-667rhzu3dc-lists-gro...@riseup.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> Hi
> 
> 
> On Wednesday 29 January 2014 at 7:57:12 PM, in
> , Johannes Zarl wrote:
> 
> 
> > Under the assumption
> > that an attacker can't reliably do a MITM attack on
> > every message that is sent over an extended time
> > period
> 
> Why would that be assumed? In a corporate setting the MITM could be
> placed within the company's network, for a home user their ISP or
> email provider could be used, and for mobiles, the phone network.

The advantage you have here though is the web of trust. 1 level 1
signature would probably be not enough, but 5, 10, 100..? There comes a
point where you have to decide that a certain level of security is good
enough. An attacker that can MITM not only your communications with the
key server and your emails but that of all your friends can probably do
a lot more than just MITM communications - like insert custom hardware
into the supply chain rendering software based security useless.

> > , you would place almost no trust in a fresh
> > persona-certified key, but high trust in an old and
> > frequently encountered key.
> 
> The older the key, the greater the opportunity for compromise.

Yes, I'd say it's the number of signatures rather than their age which
would lend trust.

> > The trust would grow with
> > time (just like the trust into someone you know in real
> > life).
> 
> If a person I knew well in real life were "compromised" they are
> likely a poor enough actor for it to be easily-noticed.

Maybe, a lot of compromised actors have gotten away with it for a long
time. But that's a different story, all the trust in a person's key and
identity is useless if they're secretly working against you.

- -- 
Steve Jones 
Key fingerprint: 3550 BFC8 D7BA 4286 0FBC  4272 2AC8 A680 7167 C896
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBCAAGBQJS6aPEAAoJEEgVHtdrBwIA3cMIAOR684K06OPgZP30NeK7qu3u
fdP9tq8TkwsIBRdZBFEgR6wkp9YfCu4+qGVqutn4txC+4qyVzbfhMDDFGb17DNHL
PVZ3LS0w2jjjpYxU6GUbU6icn4otzqU7GUqsWjQxkjUvDeKW4vuuiz75+dLiXi5B
8SttzmogWzAazVtTVMk4h0PE3dDb8mfWuv02h/BhemfMeN10VT6YJfBhSqmevTiw
4An+GEmvMbtH0lPPRQHtTNvsz632Szp/6I3LObnDKrQWUtPVITqx8cPL3HXC0ozz
BwMCaPLDlKO69qnhuzoaqkHBfJ4UuXTKBwfiI9+cmxiFUvyphYm6LBaw7ZmSnNQ=
=WDKc
-END PGP SIGNATURE-
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: MUA "automatically signs keys"?

[Steve Jones]

On Wed, 29 Jan 2014 11:14:11 +
"nb.linux"  wrote:

> Gregor Zattler:
> > Hi Steve, gnupg users,
> > * Steve Jones  [24. Jan. 2014]:
> > That's an interesting idea.  But there is still the possibility
> > of a man in the middle attac...  The web of trust is supposed to
> > counter MITM attacks by signing keys only if the verification was
> > done directly (no middle person).
> 
> maybe you already discussed that, but what about sending someone an
> encrypted email (with the challenge) and wait for an encrypted reply
> with the signed challenge? (as you seem to talk only about sending a
> clear text challenge)

Yes, the message being sent would have to be encrypted for the
procedure to be valid, otherwise an attacker could read the mail and
spoof a response (after having already spoofed your communication with
the key server).

> Personally, I don't want such behaviour. When I'm making a
> certification, then it's me doing it manually as I have the
> responsibility. I don't want some program to be able to make
> automatized certifications with my key.

Well, it could be semi-automatic. I'm only talking about persona
certifications, which appear to be understood as verifying that the key
and the email address are under the control of the same person. Having
your mail client being able to determine that the key and the email
address seem to match and offering you a one click (plus passphrase)
option to verify that fact would be nice.

-- 
Steve Jones 
Key fingerprint: 3550 BFC8 D7BA 4286 0FBC  4272 2AC8 A680 7167 C896


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Non email addresses in UID

[Steve Jones]

On Tue, 28 Jan 2014 20:13:30 +0100
Leo Gaspard  wrote:

> On Fri, Jan 24, 2014 at 11:08:16PM +0000, Steve Jones wrote:
> > [...]
> > 
> > Finally there's the possibility of explicit verification, if someone
> > sends me a challenge and I publish that challenge's signature on my
> > blog then that verifies that I am in control of that private key and
> > can publish to that blog.
> > 
> > [...]
> 
> Wouldn't it be better to publish unencrypted (and unsigned) a challenge 
> received
> encrypted? As signing unknown data should be avoided, as noone knows whether
> this data won't ever have a real meaning one does not intend to mean.

The challenge would not need to be the sole content of the message that
is signed, so long as it is contained in the signed content. A simple
human readable message to the effect that the signature is for response
to a challenge should suffice. A more sophisticated approach would be
for OpenPGP to include a new signature type for this purpose.

-- 
Steve Jones 
Key fingerprint: 3550 BFC8 D7BA 4286 0FBC  4272 2AC8 A680 7167 C896


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Non email addresses in UID

[Steve Jones]

On Fri, 24 Jan 2014 17:16:28 -0500
Daniel Kahn Gillmor  wrote:

> what do you mean "complete connection security via OpenPGP"?  OpenPGP
> is not a stream-based communications protocol, it's a specification
> of a message format and a certificate format.   Inventing a new
> stream-based communications protocol from scratch and shoehorning it
> into OpenPGP doesn't sound like a great idea to me.

OpenPGP is a packetised data format. There's nothing stopping it being
used to send a stream of encrypted and signed data packets. The main
thing you lose is the complicated and messy handshake at the start
which seems to be the cause of so many implementation bugs. You do
loose the possibility of perfect forward secrecy though.

It was more an idle musing than anything else though.

> how are other people going to verify these propose User IDs?
> 
> If you make a data element a subkey or a notation in your
> self-signature, you are not asking other people to attempt to certify
> it.
> 
> If you make the same data element a User ID or User Attribute, then
> you are effectively putting it out there for other people to attempt
> to verify and then certify.
> 
> If you came to me and said "I am the person who blogs at
> https://www.example.com/stevejones"; , how am i supposed to verify
> that? when would you want me to certify it?

Well the simplest way would be if I signed my blog posts. It's easy
enough to verify that my emails and posts are signed with the same key.
Cryptographically easy that is, the existing tools are not so good for
this kind of method of operation.

Otherwise by usual web of trust means. If people who know me by other
means are convinced that that blog is mine they can sign that UID, in
the same manner as people could sign a photo attribute if they know
what I look like.

Finally there's the possibility of explicit verification, if someone
sends me a challenge and I publish that challenge's signature on my
blog then that verifies that I am in control of that private key and
can publish to that blog.

Which reminds me that I'd really like an email client that
automatically signs keys at level 1 (persona) of anyone who replies
with a signed email that quotes a significant portion of the text I
sent, as this effectively counts as a challenge response protocol in my
book.

-- 
Steve Jones 
Key fingerprint: 3550 BFC8 D7BA 4286 0FBC  4272 2AC8 A680 7167 C896


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Non email addresses in UID

[Steve Jones]

On Fri, 24 Jan 2014 12:15:40 -0500
Daniel Kahn Gillmor  wrote:

> There are already systems that make use of the flexibility in this
> field.  For example SSH hosts can publish their RSA host key in an
> OpenPGP certificate using the monkeysphere (i'm a contributor to the
> monkeysphere project):
> 
>  http://web.monkeysphere.info/

This looks pretty cool, and does cover some of the things I've been
thinking about. I've been wondering about communications secured with
OpenPGP, it strikes me that it's not really necessary to even involve
SSL; and the nightmares that seems to involve. Does monkeysphere have
any aims to do complete connection security via OpenPGP?

> Other people advocate including a human-readable name without an
> e-mail address as a User ID, so that you can refer to a person
> without making any claim about e-mail addresses (i'm don't find the
> utility of this use case particularly convincing myself, but it
> doesn't seem terrible).

The use case for this would match more closely what the GPG manpage and
the PGP key signing party protocol dictate; i.e. that participants
verify state issued photo Id to confirm the name of the key holder is
their "real name" - none of my state issued Id has my email address on
it. Plus it makes a bit more sense in the case of multiple UIDs, one
for your name and possibly many for your email address.

> So the general question you're asking about is being done already.  As
> for facebook or openid or webforums other identifiers, i don't think
> those have been particularly well-thought through yet.  Under what
> circumstances would you use them?

My thinking is that identity as it is used on the Internet (or
the world in general) doesn't really match the way OpenPGP is used. To
take an obscure example: some people have noticed that Github has no
verification that commits submitted in repositories are actually made
by the users registered with those name and email addresses with them,
nor can it. This makes it possible, and some trolls have, to
impersonate Github users. Git allows for signing commits with keys, but
there's not really any way to associate those keys with accounts.
Sticking the URL of a Github account in a UID field and having other
contributors to a project sign that UID makes it possible to cross
verify commits with users. Note that at no stage in this processes is
Github required to implement or do anything and no-one's state
confirmed identity is involved. Github could of course sign that URL
UID if they wished to without saying anything about the user's
passport. 

So I'm led to the idea that associating keys with areas on the web
where a person's work, writings, etc... are known is more important
than some sort of confirmation of a person's name, which is not even a
unique identifier. If, for example, you'd signed your commits to
monkeysphere I'd be able to verify your claim that you are a
contributor to it (not that I doubt, or have any reason to doubt that).

-- 
Steve Jones 
Key fingerprint: 3550 BFC8 D7BA 4286 0FBC  4272 2AC8 A680 7167 C896


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: his public key is 5 monitors high, and her same key is 1 ?

[Steve Jones]

On Sat, 25 Jan 2014 00:24:14 +1100
"shm...@riseup.net"  wrote:

> what are the factors involved in creating such discrepancies with folks'
> public key lengths ?
> 
> i mean, some people's are 5 monitors high where as the other joe has
> seemingly created a similar key and that key is one half a monitor in
> 'monitor' height

You can use the pgpdump tool to see all the data in a public key file. A given 
key might contain lots of extra data beside the actual key, like signatures and 
photos.

-- 
Steve Jones 
Key fingerprint: 3550 BFC8 D7BA 4286 0FBC  4272 2AC8 A680 7167 C896


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Non email addresses in UID

[Steve Jones]

I've been thinking about UIDs in keys, rfc4880 section 5.1 says that by 
convention a UID is an rfc2822 email address but this is not a requirement[1]. 
Gnupg does enforce that restriction unless you explicitly disable it. It would 
seem to make sense to include other strings that can identify a user, many 
people have various URLs which could be said to relate to their identity, 
Facebook accounts, blogs etc... It could potentially be useful to be able to 
associate a key with these other identities, i.e. if you get an email 
purporting to be from someone you only know on a webforum it would be useful to 
be able to verify this. I'm curious what other people on this list think of 
this.


[1] http://tools.ietf.org/html/rfc4880#section-5.11

-- 
Steve Jones 
Key fingerprint: 3550 BFC8 D7BA 4286 0FBC  4272 2AC8 A680 7167 C896


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Any way for two correspondents to set up gnupg within a few moments without having to become expert?

[Steve Jones]

On Tue, 21 Jan 2014 17:39:13 +0100
Pete Stephenson  wrote:

> I've found http://www.debian-administration.org/users/dkg/weblog/48 to be a
> reasonably sensible guide for setting stronger preferences. I also added
> Twofish and Blowfish after AES256 and AES, respectively.
> 
> I've not heard of any issues with that setup, but your mileage may vary.

Thanks, that was quite helpful. I've found I can just delete the self 
signatures on my UID and replace them with better ones but I can't see a way to 
change the subkey binding signature.

-- 
Steve Jones 
Key fingerprint: 3550 BFC8 D7BA 4286 0FBC  4272 2AC8 A680 7167 C896


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Any way for two correspondents to set up gnupg within a few moments without having to become expert?

[Steve Jones]

On Tue, 21 Jan 2014 14:03:07 +0100
Michael Anders  wrote:

> My opinion is that SHA1 should no longer be used.
> 
> A link on SHA1 security:
> 
> https://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html 

How do I prevent gnupg from using SHA1? Also how do I update my key to not use 
SHA1 digests which it appears to be using, as well as listing SHA1 as my second 
favourite algorithm.

-- 
Steve Jones 
Key fingerprint: 3550 BFC8 D7BA 4286 0FBC  4272 2AC8 A680 7167 C896


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

compile failure

[Steve Zhou]

Hi GNUPG team,
When I tried to do make operation i got the following error:
compress.o: In function 
`do_compress':/home/steve/Desktop/gnupg-2.0.19/g10/compress.c:107: undefined 
reference to `deflate'compress.o: In function 
`init_uncompress':/home/steve/Desktop/gnupg-2.0.19/g10/compress.c:147: 
undefined reference to `inflateInit_'compress.o: In function 
`do_uncompress':/home/steve/Desktop/gnupg-2.0.19/g10/compress.c:196: undefined 
reference to `inflate'compress.o: In function 
`init_compress':/home/steve/Desktop/gnupg-2.0.19/g10/compress.c:82: undefined 
reference to `deflateInit_'compress.o: In function 
`init_uncompress':/home/steve/Desktop/gnupg-2.0.19/g10/compress.c:147: 
undefined reference to `inflateInit2_'compress.o: In function 
`init_compress':/home/steve/Desktop/gnupg-2.0.19/g10/compress.c:82: undefined 
reference to `deflateInit2_'compress.o: In function 
`compress_filter':/home/steve/Desktop/gnupg-2.0.19/g10/compress.c:264: 
undefined reference to 
`inflateEnd'/home/steve/Desktop/gnupg-2.0.19/g10/compress.c:273: undefined 
reference to `deflateEnd'collect2: ld returned 1 exit statusmake[2]: *** [gpg2] 
Error 1make[2]: Leaving directory 
`/home/steve/Desktop/gnupg-2.0.19/g10'make[1]: *** [all-recursive] Error 
1make[1]: Leaving directory `/home/steve/Desktop/gnupg-2.0.19'make: *** [all] 
Error 2
May i know what was missing?
thank you for your help in advance!
Regards,Steve ___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

cannot access FTP site to download missing library

[Steve Zhou]

Hi team,
I downloaded gnupg-2.0.19 and got several errors reported by ./configure. The 
error message is very clear said i missed some library and corresponding FTP 
link was provided. But i was prompt for username/password when try to access. 
Below is the link example.
*** It is now required to build with support for the*** GNU Portable Threads 
Library (Pth). Please install this*** library first.  The library is for 
example available at***   ftp://ftp.gnu.org/gnu/pth/
Could you please let me know how to get the missing package?
thank you very much!  ___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: ideal.dll // fixing thread breaking

[Steve]

Oh dear. I found it. The bug has been reported 2003: 
https://bugs.launchpad.net/mailman/+bug/265961

I wish I had better coding skills, but I don't. Sorry I can't code the fix...

signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: ideal.dll // fixing thread breaking

[Steve]

Hey all,

not meaning to spark up new discussions about this issue (we've had that 
before). But I really think, the energy invested in this discussion would be 
better invested in writing mailman tweaks.

Also, someone mentioned, that there already in fact *is* a mailman patch for 
PGP/MIME to work properly? Do I recall that memory correctly? I'm stunned that 
this issue keeps coming up.

http://www.gnu.org/software/mailman/ says Mailman 2.1.15 has been released on 
13-June-2012. Is the patch in question included in that release?

Imo, things should rather move forward than stagnate and arguing that a mailing 
list software breaks PGP/MIME is fine. But as a consequence arguing for a non 
documented standard (OpenPGP Inline) is strange. I'd rather argue, that mailman 
needs a fix.

Let's not start a war over this. But could someone please elaborate why mailman 
after such a long time still breaks PGP/MIME?

All the best and kind regards,
steve


Am 29.06.2012 um 17:48 schrieb Robert J. Hansen:

> On 06/29/2012 08:06 AM, Brad Rogers wrote:
>>> If you ask on Enigmail mailing list, they will tell you that that
>>> issue is with Mailman (or other mailing list software) which messes up
>>> with headers and makes PGP/MIME unverifiable. They will also say that
>> 
>> Headers are outside what is signed, surely?
> 
> Mika is more or less right, except it isn't headers -- it's the PGP/MIME
> attachment separator.  Mailman makes a very slight tweak and that's
> enough to bollix up the signature.
> 
> This mailing list does not play nice with PGP/MIME, the last time I
> checked.  (For a long time Enigmail's list didn't, either, but that
> problem has since been fixed.)  In general, PGP/MIME with GNU Mailman is
> always a roll of the dice.
> 
> 
> 
> And yes, Mika is right: that's why Enigmail recommends inline OpenPGP.
> We've all seen PGP/MIME break in too many different contexts.  For
> instance, I've seen MTAs that strip off attachments, inspect the
> attachments for malware, then re-attach them but with very slight
> differences that break PGP/MIME.  I've seen MUAs that can't understand
> it, mailing list software that breaks it, and so on.
> 
> PGP/MIME is a superior technical standard, but it's quite fragile.  We
> believe PGP/MIME is the clear choice *if possible*, but given how often
> it's not possible we recommend inline OpenPGP by default.
> 
> 
> 
> (This message is PGP/MIME signed.  I know my system works correctly with
> PGP/MIME and that neither my MUA nor MTA mangle it.  If it's not coming
> through, the most likely culprit is the list's GNU Mailman installation.)
> 
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Testing GPG EMail encryption

[Steve]

Hey David et all,

first: GPGTools Installer does indeed contain Enigmail and allows installation. 
Not sure if it has the latest version since Mozilla's crazy versioning means 
lots of maintenance and we couldn't find a way to automate including new 
Enigmail versions. Also not sure if it is smart to include it in the future. 
We'd have to find some smart mechanism to deal with updates.

David, which list are you referring to? GPGTools mailing list? If so, I'm not 
so sure what you write is correct. Can't recall anybody ever was told to shove 
off. We had the Inline vs. GPG/MIME discussion in the GPGTools Project and have 
made a decision for PGP/MIME since we believe that it is the future and is a 
documented standard. If mailing-list software has issues it is at the devs of 
that software to step up and continue development of their software. The fact 
that Werner even wrote a patch which seems to have been ignored is even more 
frustrating.

If Enigmail encounters problems with mails encrypted with GPGTools, we'll be 
happy to work things out with Patrick from the Enigmail team. And I know that 
the GPGTools project was in direct contact with him. So I don't really see the 
drama. Let's try to be constructive and solve problems. Not cause some where 
there aren't any.

And as always: feel free to write a patch. :)

<3

steve


> Signierter PGP Teil
> > Why to move it to Enigmail list? That email which you quoted doesn't
> > have mention Enigmail. As far as I know, GPGTools doesn't even include
> > Enigmail.
> 
> Yup and I was on there list too - and effectively told to shove off when I 
> pointed out
> errors in enigmail - they don't like testing and error reporting - so kfuc em



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Testing GPG EMail encryption AKA PGP/MIME

[Steve]

I think we had the PGP/MIME vs inline discussion already. 

@Robert: Would that qualify for a second entry in your FAQ with the pro/cons 
listed? I really would love to see some distilled output. The discussions on 
this list are very valuable and having the pro / con arguments in some sort of 
wiki / faq (maybe editable by the users) would imo bring benefit to users, 
trying to understand backgrounds.

@David let us know once you get the basic setup done. Would GitHub maybe be 
sufficient as a wiki? I am sure there are other nice solutions around, too.

Cheers,
steve



> 
> I cannot verify your signature, because you use PGP/MIME and this
> mailing list uses mailing list software which somehow messes up with
> headers and makes PGP/MIME signatures unverifiable.
> 
> You can test email encryption by emailing Adele.
> pub   1024D/92AB3FF7 2002-03-06
> uid  Adele (The friendly OpenPGP email robot)
> 
> uid  Adele (Der freundliche E-Mail-Roboter)
> 
> sub   1024g/62BDBFD4 2002-03-06


signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Testing GPG EMail encryption

[Steve]

> I don't know how much the demand is (or could be) but perhaps it would help 
> make more people use OpenPGP to have a round-robin email contact system. 
> Whoever is willing to help new users (like in this case) registers his email 
> address with the languages he's capable of communicating in. A new user could 
> send a mail to
> 
> d...@newusers.gnupg.org
> e...@newusers.gnupg.org
> ...
> 
> and the mail would be forwarded to one or two people. OpenPGP-Addons for 
> email 
> software (like Enigmail) could hint the user at this service.

Hi all,

I absolutely agree. At GPGTools we thought about an automatic testing system. 
Checking if the mail was encrypted and / or signed and then sending out the 
according reply.

As with so many things and I assume Werner and the Enigmail people know the 
problem, we never managed to get it done. I'm not sure if one system to rule 
them all is ideal. Since if a user of GPGTools sendss an unencrypted but signed 
mail we'd direct him at the according knowledge base article. If we'd use one 
mail address for GPTools / Enigmail / terminal users, it might be hard to 
provide the correct information to help users. So it might not be automatable 
thus create more work.

Currently we encourage the user to send a test mail and do all this manually.

All the best,
steve

signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Testing GPG EMail encryption

[Steve]

Hey Robin,

I'll send you a testmail in a minute. I'm the guy from the GPGTools support 
discussion we had today.

Talk to you off-list.

If any of the GnuPG wizards like to chime in on the technical side on the bug 
tracker we're happy about any input.

Cheers,
steve


Am 22.05.2012 um 20:06 schrieb Robin Kipp:

> Hello all,
> well, as of today, I finally decided to start signing my EMail messages using 
> GPG to prove the integrety of my messages. As I am primarily using Mac OS, I 
> downloaded MacGPG (http://gpgtools.org), installed it and set it all up. As 
> I'm completely blind, I first had some issues with MacGPG, as it uses a 
> special window (called, I think, the PINEntry window) to ask for the 
> passphrase. Unfortunately, this window isn't accessible using VoiceOver, the 
> screenreader built into Mac OS. However, I was now able to come up with a 
> workaround and now it seems as if I can sign and encrypt messages without 
> much trouble. I've informed the MacGPG developers about the accessibility 
> issues in their software, and they seem very committed  to solving it in an 
> upcoming version. If anyone is interested, the related ticket can be found at 
> http://gpgtools.lighthouseapp.com/projects/66001-macgpg2/tickets/94-pinentry-window-not-recognized-by-voiceover
> 
> Now, I'd really like to test out EMail encryption so that I can verify this 
> works properly, but for that, of course, I need one other party also using 
> GPG. So, I was wondering, would it be possible for any of the GPG users on 
> here to contact me offlist so that we could try this out once? If anyone on 
> here would be willing to do that, I'd greatly appreciate that!
> Thanks for any help :-)
> Best regards,
> Robin.
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PGP/MIME use

[Steve]

> . . .
>> Mozilla is founded ["funded" probably] by Google. Without Google
>> they would be gone.
>> Googles business model is not to protect the user but to analyze him.
>> That is not possible when you use mail encryption.
>> 
>> The question is still valid and imo, some pressure from the user
>> community might help to bring Thunderbird to the point where it can
>> be downloaded containing enigmail.
> . . .
> 
> Just considering your own points, would you trust an encryption
> functionality you thought was written in a way satisfying Google?


Sorry. Funded of course. And to answer your question. No I wouldn't. But would 
you still trust OpenPGP if it was delivered with every chromebook? Maybe that 
wouldn't satisfy Google, but I never asked for encryption technology that 
satisfied Google.

Robert wrote:
> I'm not a particular fan of Google (or Facebook or what-have-you), but
> let's make sure our criticisms of them match up to reality.

You might be correct. But also we all know that if Google has access the US gov 
does have access as well (other expamples would be dropbox, twitter, …). And 
although I might only tell my mom to buy 6 egg for a cake I'm going to make, I 
still don't want them to read that. Neither Google (which you say they don't  - 
but since we can't look into their internal mechanisms we'd have to trust them 
and if you ask me "do you trust google" I'd rather not) nor the US gov (which 
we know they do). Why again was it, that europe needed to sign swift-treaty?

> 
>> The question is still valid and imo, some pressure from the user 
>> community might help to bring Thunderbird to the point where it can
>> be downloaded containing enigmail.
> 
> You're certainly welcome to.  If you'd like to see Enigmail bundled with
> Thunderbird, then please write the Thunderbird developers a
> politely-worded email asking them to look into it.  

Will do.

>> The arguments by Robert seem to be rather minor compared to the huge
>> benefit delivery of save communication would bring.
> 
> There is virtually nothing OpenPGP can do that S/MIME cannot do.

Hm, that was also bothering me with the other mails you wrote on this topic 
earlier. It's already very late here, so bare with me I'm taking this from 
remembrance. You said due to the fact that the world is very big and web of 
trust not used much, it can't serve as a good information tool since most 
likely the signatures will be from people I don't know. 

I'm not so sure about that.  Wonder why google called the grouping feature in 
G+ "circle"? We communicate and behave and live in circles. This list is just 
another circle. And I might know e.g. our beloved Werner Koch from another 
project than this list. Or I might know Robert from another context than this 
list. The context might be the same (e.g. computersecurity) but it will still 
be the same people because at any time only so and so much people are currently 
dealing with a certain topic with a certain level of expertise. Wouldn't that 
mean that actually the web of trust should work well?

I think the web of trust is an awesome idea and again (as with encryption in 
general) it's up to each and every human to make use of those tools. Eventually 
the web of trust might become very informative indeed.

Isn't the big difference that OpenPGP is a decentralized concept while S/MIME 
requires centralized infrastructure?  And I have to say, currently I'd rather 
go with decentralized. Again, it boils down to the question of trust. I'd 
rather trust the web of trust than an anonymous centralized entity for which I 
don't know why they are in this business and who exactly is behind  the curtain 
of a company name (there is no business with a decentralized web of trust and 
imo it's much harder to corrupt it).


> There are certainly some implementation differences between the two, but in
> terms of broad capabilities they're almost identical.  If you want email
> encryption capabilities, they're already there.  If you want OpenPGP
> specifically, you'll need to find things OpenPGP can do that S/MIME
> can't do, and pitch it to the Thunderbird developers on that score.

See above.

>> Imagine a world in which Windows and OS X are delivered with
>> OpenPGP.
> 
> Windows and OS X are delivered with S/MIME already.  If people aren't
> using S/MIME (and they overwhelmingly are not!), why should we believe
> the presence of an OpenPGP suite would change their behavior?

Again, see above

>> Call me idealistic, but I think it's up to the community to make that
>> happen.
> 
> I'm not trying to dissuade yo

Re: PGP/MIME use

[Steve]

>> Has there been a concerted effort to make Enigmail an integral part of
>> Thunderbird, distributed with it? If yes, what are the reasons that it
>> has been rejected so far? If no, why not?
> Werner replied:
> The Mozillas don't like OpenPGP.  To them it is probably too much
> anarchy compared to S/SMIME.  Ask the Mammon.
Robert replied: 
>   * S/MIME is already irrelevant to the vast majority of
> Thunderbird users, and providing OpenPGP would just
> introduce a redundant irrelevant capability
> 
>   * Enigmail requires a binary that's not maintained by
> Mozilla, which is released on its own schedule, and
> is licensed under terms other than those Mozilla
> prefers

Mozilla is founded by Google. Without Google they would be gone. Googles 
business model is not to protect the user but to analyze him. That is not 
possible when you use mail encryption.

The question is still valid and imo, some pressure from the user community 
might help to bring Thunderbird to the point where it can be downloaded 
containing enigmail. That would be a huge step! The arguments by Robert seem to 
be rather minor compared to the huge benefit delivery of save communication 
would bring.

Imagine a world in which Windows and OS X are delivered with OpenPGP. I don't 
see why that should not happen. It's all a question of community requests and 
pressure on the according companies behind that OSs. That pressure could also 
take share in pure statistics: If people simply buy machines which come with 
build in OpenSource crypto. That would be the case, if average people (not like 
us who are subscribed to this geeky mailing list) become more security aware 
and realize that privacy matters). Call me idealistic, but I think it's up to 
the community to make that happen.

All the best,
steve

signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PGP/MIME use (was Re: META)

[Steve]

> Supporting the "inline" method is like supporting a grown child. If you
> keep supporting him/her, they will never leave home. Stop supporting
> them and they will leave. The same is true for "inline" PGP. If support
> for it were to cease, it would also.

That was the idea behind the question I posed about Enigmail inline default 
setting. I understand the replies but it's similar to iOS-devices and flash 
support. Only since adobe got some pressure from the market, flash is under 
development and has become a little more effective (and also superfluous, since 
HTML5 is working just fine).

Sometimes if the right parties decide to no longer support an old standard the 
software that does not support the new (better) standard will die or get 
improved but I'm not sure I wanna wait for Microsoft to properly program their 
mail-client. They obviously have enough money to through at that problem but 
decide not to.


>> Of course, I really feel it's better for mailing list traffic to not
>> be signed at all, since usually all it gives us is a false sense of
>> security.  A signature from an unvalidated key belonging to an unknown
>> person whom we don't know from Adam doesn't mean much, if anything at
>> all.

You at least know that the person with that key is the author. That is some 
information. Should I still stop signing list mails? So far, I used to do that, 
because I though people then could check and if my key is signed by someone 
they know it's a lot of important information, right?

all the best, steve

signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [META] please start To: with gnupg-users@gnupg.org, i.e.: To: gnupg-users@gnupg.org

[Steve]

> That is because you are using "inline" rather than "mime" for signing.
> The "inline"method has been for the most part deprecated. You might
> want to give serious thought to switching your signing method.

Which is, why I don't understand why Enigmail still uses inline as a default 
setting…

Cheers,
steve

signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GPG encryption and decryption in windows

[Steve Strobel]

My question is how to get rid of the passphrase prompt during 
runtime in windows platform?


This may be completely unrelated, but I also ran into a problem where 
I was prompted for a passphrase when the real issue was something 
else.  Running on an Ubuntu host trying to connect to and Ubuntu 
server running on Amazon web services:


ssh -i keyfile.pem ubu...@mydomain.net
Enter passphrase for key 'keyfile.pem': 
Permission denied (publickey).

sudo ssh -i keyfile.pem ubu...@vtrunk.net


The keyfile was created without a passphrase, but trying to use it 
when I didn't have permission for the host's filesystem caused a 
prompt for a passphrase that AFAIK doesn't exist.  I don't see how or 
why using sudo had anything to do with a passphrase for the 
key.  When the key was created without a passphrase, it seems wrong 
for gpg to prompt for one regardless of what else might be wrong.


I guess what I am suggesting is that the logic that causes gpg to 
prompt for a passphrase either has a problem or my understanding of 
it does.  Whether the problem you are experiencing on a Windows 
system is related at all is a question I can't answer.



Thanks
Sethukumar


Steve


---
Steve Strobel
Link Communications, Inc.
1035 Cerise Rd
Billings, MT 59101-7378
(406) 245-5002 ext 102
(406) 245-4889 (fax)
WWW: http://www.link-comm.com
MailTo:steve.stro...@link-comm.com


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Why is "--allow-non-selfsigned-uid" needed to import this key?

[Steve Strobel]

On Mon, 16 May 2011 19:32, steve.stro...@link-comm.com said:
> root:~> gpg --import test-key.gpg
> gpg: key CBF38289 was created 137948617 seconds in the 
future (time warp or clock problem)


At 03:04 AM 5/17/2011, Werner Koch wrote:

Try the option --ignore-time-conflict .


That works perfectly.  Thanks a bunch.

Steve



---
Steve Strobel
Link Communications, Inc.
1035 Cerise Rd
Billings, MT 59101-7378
(406) 245-5002 ext 102
(406) 245-4889 (fax)
WWW: http://www.link-comm.com
MailTo:steve.stro...@link-comm.com


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Why is "--allow-non-selfsigned-uid" needed to import this key?

[Steve Strobel]

At 12:50 PM 5/16/2011, Robert J. Hansen wrote:

On Mon, 16 May 2011 11:32:15 -0600, Steve Strobel
 wrote:
> root:~> gpg --import test-key.gpg
> gpg: key CBF38289 was created 137948617 seconds in the future
> (time warp or clock problem)

This is exactly what it sounds like: according to your certificate, it was
created about five and a half months from now.[1]  To GnuPG, that sounds
like something's hinky and it refuses to allow it to be imported.  You've
managed to get around it by telling GnuPG, "listen, fine, strip off the
hinky signature: /now/ will you accept it?"

And in that case, sure, GnuPG will: but the consequence of it is you've
got a UID that's missing a signature.  Hence, "allow-nonselfsigned-uid"
must be passed on the command line.


Thanks for the tip.  Just setting the date on the embedded device 
before importing the key made it work without "--allow-non-selfsigned-uid".


That still leaves me without a straightforward solution, though.  The 
embedded device doesn't have a battery-backed clock and doesn't need 
one.  It will sometimes have Internet access and could potentially 
use NTP when available to set the date.  That seems like a lot of 
extra complexity just to import a key.  The user interface doesn't 
make it easy to ask the user for the date.  What would the security 
implications be of just setting the clock to a fixed future date 
before importing the key?


[1] As an undergraduate Prof. Hill once mused to me, "Math is funny.  You

tell someone how many seconds are in a year, they forget it immediately.
You tell them that accurate to half a percent there are pi seconds in a
nanocentury and they remember it for life."  He was right, I've never
forgotten, and that's made it easy to remember there are 31.4 million (3.14
* 10**7) seconds in a year.  13.8 million / 31.4 million = 137/314 = 0.44
of a year, * 12 = five and a half months, more or less.  Not really
relevant to GnuPG, but a handy factoid for timestamp calculations, if you
ever need to do them in a hurry.


That is a great way to remember.  Now if remembering names was just as easy...

Thanks again,
Steve


---
Steve Strobel
Link Communications, Inc.
1035 Cerise Rd
Billings, MT 59101-7378
(406) 245-5002 ext 102
(406) 245-4889 (fax)
WWW: http://www.link-comm.com
MailTo:steve.stro...@link-comm.com


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Why is "--allow-non-selfsigned-uid" needed to import this key?

[Steve Strobel]

I am using gnupg to encrypt and sign a file transferred from a 
server to an embedded client.  I generated a 2048 bit RSA keypair on 
the server (using gpg V1.4.6) with "gpg --gen-key" and got the output:


gpg: key CBF38289 marked as ultimately trusted
public and secret key created and signed.


I exported it with "
gpg --output test-key.gpg --export --armor 
CBF38289", transferred the file to the client and tried to import it 
using gpg V1.4.11 (the embedded device doesn't have a real-time clock):


root:~> gpg --import test-key.gpg
gpg: key CBF38289 was created 137948617 seconds in the future (time 
warp or clock problem)
gpg: key CBF38289 was created 137948617 seconds in the future (time 
warp or clock problem)
gpg: key CBF38289: no valid user IDs
gpg: this may be caused by a missing self-signature
gpg: Total number processed: 1
gpg:   w/o user IDs: 1

I can import it using the "--allow-non-selfsigned-uid" option:

root:~> gpg --import --allow-non-selfsigned-uid test-key.gpg
gpg: key CBF38289 was created 137948550 seconds in the future (time 
warp or clock problem)
gpg: key CBF38289 was created 137948550 seconds in the future (time 
warp or clock problem)
gpg: key CBF38289: accepted non self-signed user ID "Test User (do not 
use) "
gpg: key CBF38289 was created 137948550 seconds in the future (time 
warp or clock problem)
gpg: key CBF38289: public key "Test User (do not use) 
" imported
gpg: Total number processed: 1
gpg:   imported: 1  (RSA: 1)

I have tried a variety of things but been unable to get import to 
work without using "--allow-non-selfsigned-uid".  When the key was 
created, the output indicated it was signed.  When I edit it, the 
output looks like this:

Secret key is available.

pub  2048R/CBF38289  created: 2011-05-16  expires: never   usage: SC
 trust: ultimate  validity: ultimate
[ultimate] (1). Test User (do not use) 

What am I missing?  I presume that there security implications of using 
"--allow-non-selfsigned-uid"?  Thanks for any suggestions.

Steve



---
Steve Strobel
Link Communications, Inc.
1035 Cerise Rd
Billings, MT 59101-7378
(406) 245-5002 ext 102
(406) 245-4889 (fax)
WWW: http://www.link-comm.com
MailTo:steve.stro...@link-comm.com


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [gpgtools-org] GPGTools: short introduction

[Steve]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi Werner,

thanks indeed for adding GPGTools to the mac section as well as to the 
prominent frontpage. There are still some old links in the mac-section on the 
gnupg website (Related Software > Frontends):
* http://gnupg.org/related_software/frontends.en.html#mac


GPGMail: www.gpgmail.org no longer exists, please update link to 
* http://www.gpgtools.org/gpgmail.html


MacGPG2: although the SF page still exists, it is planned to be deleted 
sometime in the far future. It is no longer updated/maintained. Please update 
link to
* http://www.gpgtools.org/macgpg2.html


All the best,
steve




Am 15.02.2011 um 10:19 schrieb Werner Koch:

> Hi,
> 
> thanks for explaining the project.  I looked at your packes and found no
> reason not to include it.  In particular the quick links to the license
> files were helpful for checking that this is indeed all about free
> software.
> 
> I added GPGTools to the related software section and also featured it on
> the frontpage next to Gpg4win.
> 
> 
> Shalom-Salam,
> 
>   Werner
> 
> -- 
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
> 
> ___
> gpgtools-org mailing list
> gpgtools-...@lists.gpgtools.org
> Changes: http://lists.gpgtools.org/mailman/listinfo/gpgtools-org
> Unsubscribe: 
> http://lists.gpgtools.org/mailman/options/gpgtools-org/steveb...@gulli.com?unsub=Unsubscribe&unsubconfirm=1
> 
> This email sent to: steveb...@gulli.com

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iF4EAREIAAYFAk1b1pkACgkQ8ASQ4cFNa2u8xAD8CfCEy1QaBSpNVxzIM0K3utor
n5NPWe94VcSEO1Bx3mkBAIVlqnsqm4Lwtgl6C6ETvV6xM9VHesw+aMUrawadVgS7
=MUO4
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Two convicted in U.K. for refusal to decrypt data

[Steve Kennedy]

On Thu, Aug 13, 2009 at 01:09:34PM -0400, Steven W. Orr wrote:

> Scuze me? I thought this was the gnupg list! I'm sorta new at this stuff but
> I'm expecting just a bit more expertise from the people contributing to this
> conversation.

I think the point is that they were done under RIP and you can be
prosecuted for refusing to hand over keys to encrypted systems.

It's unlikely a judge would find you guilty (or a jury) if you didn't
have the keys).

All in the name of terrorism though ...

Steve

-- 
NetTek Ltd  UK mob +44 7775 755503
UK +44 20 7993 2612  /  US +1 310 857 7715  /  Fax +44 20 7483 2455
Skype/GoogleTalk/AIM/Gizmo/.Mac/Twitter/FriendFeed stevekennedyuk
Euro Tech News Blog http://eurotechnews.blogspot.com   MSN st...@gbnet.net

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Signing all outgoing mails on MTA, not on MUA

[Steve Revilak]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

grover> We'd like to be able to sign all our outgoing mails.

grover> But not on each client system, which would mean everyone has
grover> to install some plugin or gpg-aware mail client, but on the
grover> mailserver itself.

grover> This way nobody has to think about it and signing works
grover> transparently for everyone. We would have one key for all,
grover> like a corporate key.

cbabcock> The corporate value of public key cryptography is much more
cbabcock> readily attained using DKIM. Milter setup and key management
cbabcock> for signing DKIM mail is pretty straight forward. You place
cbabcock> your key in Text records in DNS. That establishes a
cbabcock> meaningful connection between the identity of the sender (or
cbabcock> at least ownership of the mail server) and the owner of the
cbabcock> domain. Setting up DKIM with Postfix was at least as easy as
cbabcock> setting up GPG with Claws and it makes an identity assertion
cbabcock> that is appropriate for a server environment.

I agree with Chris -- this seems like a good application for DKIM.

In addition to non-repudiation, some email service providers will be
much less likely to categorize DKIM-signed messages as spam (if that
kind of thing matters to you.)

One DKIM implementation I've used is
<http://sourceforge.net/projects/dkim-milter/>.  dkim-milter is very
straightforward to set up with sendmail, and I know of people who've
used it with postfix (configured as a mail filter.)

Steve
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.10 (Darwin)

iEYEARECAAYFAknOR4kACgkQX7YJI4BuyDSrnQCfQ3HjyT2VSwqaw6Hx0QrPyrUu
6Z0AoKi2PIMJG1h/kpyKPeP9lJ9y3gM/
=9O3c
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: Passphrase problem

[Steve Brockbank]

 
Can anyone tell me how to replace a passphrase in a key - when the current 
passphrase is unknown ? 


regards
 
steve brockbank


No virus found in this outgoing message.
Checked by AVG - http://www.avg.com 
Version: 8.0.176 / Virus Database: 270.10.10/1903 - Release Date: 1/19/2009 
8:52 PM

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: confusing message: 'no pinentry'

[Steve Revilak]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

> From: Petr Uzel <[EMAIL PROTECTED]>
> Date: Tue, 2 Sep 2008 16:15:02 +0200
> Subject: Re: confusing message: 'no pinentry'

srevilak> This sounds like normal behavior for su.  "su -" is supposed
srevilak> to simulate a full login of the target account; it discards
srevilak> most environment.  By contrast, "su" (without the minus)
srevilak> doesn't discard the environment.

petr.uzel> I know all of this. My question was whether the gpg
petr.uzel> behavior under specified circumstances ('incorrect'
petr.uzel> GPG_AGENT_INFO env. variable) should not be adjusted
petr.uzel> somehow.
petr.uzel> 
petr.uzel> In other words, I know how to solve my issue (use 'su
petr.uzel> -'/unset GPG_AGENT_INFO/killall gpg-agent/whatever), but
petr.uzel> I'm uncertain that all other gpg users know it
petr.uzel> too. Especially when the message about missing pinentry is
petr.uzel> quite confusing.

Ah, sorry I misunderstood.

Steve
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.8 (Darwin)

iEYEARECAAYFAki9TpQACgkQX7YJI4BuyDQMzQCg5DyR3ucEq8BxNQthNxAHrPjS
OiYAnicckZDRr/hQgB9NuymJCC8clA3f
=nKiJ
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: confusing message: 'no pinentry'

[Steve Revilak]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


From: Petr Uzel
Date: Tue, 2 Sep 2008 14:37:57 +0200
Subject: confusing message: 'no pinentry'



Today I've tried to generate gpg key as root and got the following error:

gpg: problem with the agent: No pinentry
gpg: Key generation canceled.

This seemed strange because I'm sure that I have pinentry (both -curses
and -qt) properly installed.


Is there a pinentry in root's path?  For example, on my system, I have

 $ type pinentry
 pinentry is /opt/local/bin/pinentry



Further investigation revealed that the problem only arises if I 'su' from my
normal user account (running gpg-agent and thus with GPG_AGENT_INFO
set). 'su' preserves GPG_AGENT_INFO variable and gpg then tries to connect to
gpg-agent running under my normal account, and then gpg fails. When switched
to root with 'su -', gpg works fine.


This sounds like normal behavior for su.  "su -" is supposed to
simulate a full login of the target account; it discards most
environment.  By contrast, "su" (without the minus) doesn't discard
the environment.

The su(1) manpage on your system should give more specific about how
"su - " is handled.

Steve
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.8 (Darwin)

iEYEARECAAYFAki9Rr4ACgkQX7YJI4BuyDQpLQCfYIQtq5hp6MmZ6cxZBEj6noj+
pVIAn06rbPeNRcHDdcipYqxHMWCnb2vj
=4Bym
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Unable to run gpg command in JAVA

[Steve Revilak]

nishant> open(COMMAND, "echo $text | gpg --homedir $ENV{HOME}/.gnupg -s -u \"The 
Certificate Key\" |");

srevilak> Try providing the command as a String[], e.g.
srevilak> 
srevilak>String cmd[] = {

srevilak>   "gpg",
srevilak>  "--homedir",
srevilak>  System.getProperty("user.dir") + File.separator + ".gnupg",
srevilak>  "-s",
srevilak>  "-u",
srevilak>  "The Certificate Key"
srevilak>};
srevilak> 
srevilak>runtime.exec(cmd);


Harakiri> All of that is still not the right way to do it, what people
Harakiri> need to know about java is that Runtime.exec does not START
Harakiri> a shell - i.e. its not a bash or anything you are used.

Sorry, my java example was more incomplete than it should have been.
I was only trying to show how to preserve the integrity of
command-line arguments, and I completed glossed over the mechanics of
writing data to and reading data back from from the gpg process.

As you note, Runtime.exec does not start a shell; it's much closer in
spirit to C's execv than to perl's piped open.

Steve


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Unable to run gpg command in JAVA

[Steve Revilak]

From: nishant sonone
Subject: Unable to run gpg command in JAVA



I am porting an existing perl-mason code to java.
I need to create certificates for certain inputs.
The command used on perl-mason was

open(COMMAND, "echo $text | gpg --homedir $ENV{HOME}/.gnupg -s -u \"The
Certificate Key\" |");
my $enc = join('',);
my $encCert = encode_base64($encrypted);

When i tried to use the dame command in java, its not able to recognize the
input to '-u' option.
I think java is not able to interpret the spaces between the words of input
string  \"The Certificate Key\".


The perl seems reasonable, but what does your java code look like? :)

If you gave the entire command line as a single string, then you're at
the mercy of java's tokenization of the command line.  For example,
the javadoc for java.lang.Runtime says this:

  More precisely, the command string is broken into tokens using a
  StringTokenizer created by the call new StringTokenizer(command) with
  no further modification of the character categories. The tokens
  produced by the tokenizer are then placed in the new string array
  cmdarray, in the same order.

My guess is that `"The', `Certificate', and `Key"', are being treated
as three separate arguments.

Try providing the command as a String[], e.g.

  String cmd[] = {
 "gpg",
"--homedir",
System.getProperty("user.dir") + File.separator + ".gnupg",
"-s",
"-u",
"The Certificate Key"
  };

  runtime.exec(cmd);



Steve

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Decyrption via scheduled task fails

[Steve Revilak]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


From: bdorroh



I'm using v1.4.8 for Windows. I've have a batch file setup to decrypt a file
and then to move the decrypted file to another location for further
processing. I can successfully decrypt the file by double-clicking my batch
file. But when I setup a scheduled task to run it, the decryption fails. I
can confirm that the scheduled task is executing, but I can't figure out why
the decryption fails as a task. Obviously, I can't see the output.

I've tried outputting the results to a file, but it only shows the command
executed and not what actually appears on the screen when run manually.
Also, i do have the path to GNU set in the windows path statement.


Here's something you might try.  Let's your scheduled task is calling
a.bat.  Have it call b.bat, where b.bat is

  @echo on
  a.bat > output.txt 2>&1

That should give you stdout and stderr from cmd.exe, as well as
gpg.ext.

You might also try checking for differences between the set of
environment variables your batch file sees under Windows task manager
vs the set of environment variables your batch file sees from an
interactive login session.

Steve

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.8 (Darwin)

iEYEARECAAYFAkfjBgwACgkQX7YJI4BuyDQFGwCffgxG/cVH6Ky8GrgtuDWNPrfu
FewAn1TxMY2uMdenYO4XyfIF1qA8pZ7c
=cevF
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Help with version gpg-agent on Mac-Tiger

[Steve Revilak]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


From: Robert D.



is there anyone using Mac OSX 10.4.11 and successfully using gpg-agent with
any 2.x version of gpg?


Yes, I've been using gpg 2.0.8 on OSX 10.4.11 for about two months.  I
built it via the macports "gpg2" package.  I use gpg2/gpg-agent in
conjunction with Alpine (a curses-based MUA).

As a user, one of the first differences you'll see between gpg and
gpg2 is they way you're prompted for passphrases.  gpg 1.4.8 reads
passphrases directly from the terminal, but gpg2 hands the passphrase
reading off to a separate program called "pinentry".

As I understand things, gpg2 uses GPG_AGENT_INFO to figure out how to
talk to gpg-agent, and gpg-agent uses the GPG_TTY environment variable
to tell pinentry which tty to grab when prompting for a passphrase.
(I suppose gpg2 passes the value of GPG_TTY to the agent?)

If anyone can give a more accurate outline of gpg2 -> agent ->
pinentry communications, please chime in.

The macports gpg2 package only includes pinentry-ncurses.  For me, I'd
assume that means the passphrase prompt _has_ to come from a terminal.
Since I use a curses-based MUA, that's fine.  But I don't know how
well it would work for a Carbon app like Thunderbird.

Did your gpg2 build install any other pinentry programs?  You can try
running them directly, to see what kind of prompt shows up.  Here's a
description of pinentry's protocol

  http://arcib.dowling.edu/cgi-bin/info2html?(pinentry.info.gz)Protocol

Another question - are you starting thunderbird in a way that provides
access to the GPG_TTY and GPG_AGENT_INFO environment variables?  If
these environment variables are set in your shell and you start
Thunderbird via "open /Applications/Thunderbird.app", then Thunderbird
should see them.  (~/.MacOSX/environment.plist doesn't seem like a
good option for this).  gpg-agent's man page gives a pretty good
recipie for setting the environment variables.

HTH

Steve
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.8 (Darwin)

iEYEARECAAYFAkfjBCsACgkQX7YJI4BuyDSoOACeMI+UG+dw+7jl1mwW3CunTY2n
SVcAoKpooNNFmUwbcb9rjfoP1uE8Nhw8
=HM+Z
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: _almost_ working, now a command line question...

[Steve Revilak]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

From: Maury Markowitz 
Date: Fri, 29 Feb 2008 15:10:47 -0500

Subject: _almost_ working, now a command line question...



All that's left now is to fully automate this, and my Windows CMD
noobishness is an issue. Here's my command line:

O:\Utilities>echo o:\apricing\pass.txt | o:\utilities\gpg --homedir o:\utilities
\ --passphrase-fd 0 --load-extension o:\utilities\idea.dll -o "o:\apricing\morga
n_cds_20080229.txt" -d "o:\apricing\24476.txt.pgp"

And here are the results (slightly trimmed to protect the innocent):

Reading passphrase from file descriptor 0

You need a passphrase to unlock the secret key for
user: "Polar Securities Inc <[EMAIL PROTECTED]>"
2048-bit ELG-E key, ID 3E396FC9, created 2000-10-27 (main key ID F0ED5CDC)

gpg: encrypted with 2048-bit ELG-E key, [snip]
gpg: public key decryption failed: bad passphrase

pass.txt absolutely has the right key in it. I tried both | and >, the
later did nothing at all (which I guess makes sense).



Doesn't

  echo o:\apricing\pass.txt

produce output of "o:\apricing\pass.txt"?

You might have better luck redirecting gpg's standard input from
pass.txt, like this:

  o:\utilities\gpg
  --homedir o:\utilities \
  --passphrase-fd 0  \
  --load-extension o:\utilities\idea.dll \
  -o "o:\apricing\morgan_cds_20080229.txt" \
  -d "o:\apricing\24476.txt.pgp" < o:\apricing\pass.txt

Also, be careful of extra whitespace in pass.txt.

Steve
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.8 (Darwin)

iEYEARECAAYFAkfIiyYACgkQX7YJI4BuyDQf0QCg2AUA0Bd/o6h7mI1RF4gswPYT
/uwAoLJGeBhHn62VHZA1LhCHhkIeVbPn
=oJI2
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: pinentry stdin problems

[Steve Revilak]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

From: S3 
Subject: pinentry stdin problems



I recently upgraded from GPG v1.4 to GPG v2.
Previously, I was able to do this:
tar c | gpg -s > a.tar.gpg

However, with the new version that uses pinentry,
it does not allow me to insert my password
whenever I redirect stdin as above.  I don't
even get the ncurses password entry box.

Is there a way to make this work as before?
Can pinentry be made to fallback to the plain text
password entry, should the other ones fail?


I noticed a (slightly) similar thing when moving from gpg to gpg2, but
I happened to be going in the other direction.

Here's a small bit of text that was encrypted with gpg2 --armour
- --symmetric.  The passphrase is "gpg".

- -BEGIN PGP MESSAGE-
Version: GnuPG v2.0.8 (Darwin)

jA0EAgMCwmLYzXKpwBxgySkGIGW4LYjxGKTNBJDIslO1M0GLMlbjW9ZqJk2HZis7
wqsB2DBwAHpVZw==
=juzP
- -END PGP MESSAGE-

With gpg 1.4.8, one could select the text starting with the "BEGIN"
line, ending with the "END" line, and paste it as stdin to "gpg
- --decrypt".  gpg would ask for the passphrase, then decrypt the
message.

If you try to do the same thing with "gpg2 --decrypt", pinentry-curses
winds up getting "-END PGP MESSAGE-" as the passphrase.

(In my case, the workaround is "don't select the END line".  I'm not
sure about yours, though).

Steve


-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.8 (Darwin)

iEYEARECAAYFAke7jj4ACgkQX7YJI4BuyDStLQCfVRnC2wUQL42VpH3TNA0WZ2FF
evcAnjNNN8jRHI/Ej4BMEHFaEapLkUpj
=XaHo
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Safe decryption with GnuPG?

[Steve Revilak]

I have a file that I encrypted for myself 
and I want to read some information from it. 
The file is a text file and I need to read several lines of it.


The following requirements must be met:


I was going to suggest

  gpg --decrypt file.gpg | grep "interesting stuff" | banner | less >/dev/null

but I'll try to be more serious. :)

Out of curiosity, what kind of a threat vector are you anticipating?
By reading your list of requirements, the ones I've extracted are

 * Access to sensitive data via system memory is a threat.

 * Access to sensitive data via the file system (i.e. by examining
   swap space) is a threat.

 * Access to sensitive data via the graphics system framebuffer is a
   threat.

 * Access to sensitive data via visual observation (someone sees the
   text on the screen, or takes a picture of the text on the screen)
   is a threat.

As someone else mentioned, this brings up a lot of issues in the area
of trusting the hardware, trusting the operating system and so fourth.
Granted, they are interesting issues, but my gut instinct tells me
that this problem might be easier to solve with physical security.

For example, the first three threats imply that the data has to leave
the system where it is being viewed.  Removing network access to that
system (unplug the ethernet cable, remove any wireless/bluetooth
hardware), would mitigate those threats, no?

As for threat #4, if you're viewing the data in a small, bare-walled,
locked room, you'd be able to tell (a) whether someone else was in the
room looking over your shoulder or (b) whether there was a camera
being pointed at your screen.

And if you don't trust the isolated computer in the small locked room,
you could even go as far as removing its hard drive -- you'd walk in
with a bootable CD that contained your encrypted file, boot up, read
what you needed, then halt.

Steve





From: Philipp Gühring <[EMAIL PROTECTED]>
Date: Wed, 6 Feb 2008 02:22:09 +0100
Subject: Re: Safe decryption with GnuPG?
Message-ID: <[EMAIL PROTECTED]>
To: gnupg-users@gnupg.org
Cc: Krzysztof Żelechowski <[EMAIL PROTECTED]>

Hi,


1.
The decrypted information must not make it to any persistent medium
(I understand gpg '-d' already guarantees it
as long as it manages the decrypted text,
 but what happens after it leaves gpg?)


Use a full-disc encryption system for all your persistent media.


2.
The decrypted text must not be stored in volatile memory
any longer than it is needed.


You can use TaintedBochs or TaintedQemu to investigate that.


In particular, it should be converted to a human-viewable bitmap
and the computer-readable representation must be immediately erased.


Doesn´t help much to try that, I would say. But feel free to try ...


3. Only the information I need should be displayed.


You need a Do-What-I-Mean system for that.


4.
The bitmap must not be updated automatically
(the containing window must not display it
when it is in the background, whatever it means).
(It would be best to forget the bitmap altogether
and regenerate it upon request,
but it seems to be a hard thing to do
because the gpg output stream is not scrollable backwards).


Use Overlay mode to display it.



5.
The bitmap itself should not make it to any persistent medium
and it should be scrambled, if possible, in the volatile memory.


Implement the viewer in the graphic card, with the CUDA SDK or something
similar.


6.
It should not be possible
to make a snapshot of the graphic in the window
with any programmatic means
(you can of course make a picture of the screen with a camera).


Overlay mode does that.


7.
If more information is requested,
it should be displayed in small chunks.
The program should be fully unaware
of the content of the chunks that are not being displayed.



(That probably means a garbage-collected language cannot be used).


I don´t understand why you need that.
I would suggest that you seperate the small chunks into seperated encrypted
files, to ensure that the reader only gets those chunks that you actually
decrypted.


8.
The application should be as lightweight as possible
(for source code audit).


Agreed.


Can you direct me to some implementation meeting these requirements?


I think your specification isn´t complete yet. You forgot about half of the
requirements.

I guess that:

* You want a machine that seperates code from data (to be secure against
trojans, virii and other malware)

* You want secure documents, that can´t change dynamically, or otherwise
contain invisible contents

* You want a secure path to the user

(and some more requirements that I forgot at the moment)

What´s your budget for this small project?

Best regards,
Philipp Gühring


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

___
Gnupg-users mailing l

Re: Safe decryption with GnuPG?

[Steve Revilak]

I have a file that I encrypted for myself and I want to read some information 
from it. The file is a text file and I need to read several lines of it.


The following requirements must be met:


I was going to suggest

  gpg --decrypt file.gpg | grep "interesting stuff" | banner | less >/dev/null

but I'll try to be more serious. :)

Out of curiosity, what kind of a threat vector are you anticipating?
By reading your list of requirements, the ones I've extracted are

 * Access to sensitive data via system memory is a threat.

 * Access to sensitive data via the file system (i.e. by examining
   swap space) is a threat.

 * Access to sensitive data via the graphics system framebuffer is a
   threat.

 * Access to sensitive data via visual observation (someone sees the
   text on the screen, or takes a picture of the text on the screen)
   is a threat.

As someone else mentioned, this brings up a lot of issues in the area
of trusting the hardware, trusting the operating system and so fourth.
Granted, they are interesting issues, but my gut instinct tells me
that this problem might be easier to solve with physical security.

For example, the first three threats imply that the data has to leave
the system where it is being viewed.  Removing network access to that
system (unplug the ethernet cable, remove any wireless/bluetooth
hardware), would mitigate those threats, no?

As for threat #4, if you're viewing the data in a small, bare-walled,
locked room, you'd be able to tell (a) whether someone else was in the
room looking over your shoulder or (b) whether there was a camera
being pointed at your screen.

And if you don't trust the isolated computer in the small locked room,
you could even go as far as removing its hard drive -- you'd walk in
with a bootable CD that contained your encrypted file, boot up, read
what you needed, then halt.

Steve





From: Philipp Gühring <[EMAIL PROTECTED]>
Date: Wed, 6 Feb 2008 02:22:09 +0100
Subject: Re: Safe decryption with GnuPG?
Message-ID: <[EMAIL PROTECTED]>
To: gnupg-users@gnupg.org
Cc: Krzysztof Żelechowski <[EMAIL PROTECTED]>

Hi,


1.
The decrypted information must not make it to any persistent medium
(I understand gpg '-d' already guarantees it
as long as it manages the decrypted text,
 but what happens after it leaves gpg?)


Use a full-disc encryption system for all your persistent media.


2.
The decrypted text must not be stored in volatile memory
any longer than it is needed.


You can use TaintedBochs or TaintedQemu to investigate that.


In particular, it should be converted to a human-viewable bitmap
and the computer-readable representation must be immediately erased.


Doesn´t help much to try that, I would say. But feel free to try ...


3. Only the information I need should be displayed.


You need a Do-What-I-Mean system for that.


4.
The bitmap must not be updated automatically
(the containing window must not display it
when it is in the background, whatever it means).
(It would be best to forget the bitmap altogether
and regenerate it upon request,
but it seems to be a hard thing to do
because the gpg output stream is not scrollable backwards).


Use Overlay mode to display it.



5.
The bitmap itself should not make it to any persistent medium
and it should be scrambled, if possible, in the volatile memory.


Implement the viewer in the graphic card, with the CUDA SDK or something
similar.


6.
It should not be possible
to make a snapshot of the graphic in the window
with any programmatic means
(you can of course make a picture of the screen with a camera).


Overlay mode does that.


7.
If more information is requested,
it should be displayed in small chunks.
The program should be fully unaware
of the content of the chunks that are not being displayed.



(That probably means a garbage-collected language cannot be used).


I don´t understand why you need that.
I would suggest that you seperate the small chunks into seperated encrypted
files, to ensure that the reader only gets those chunks that you actually
decrypted.


8.
The application should be as lightweight as possible
(for source code audit).


Agreed.


Can you direct me to some implementation meeting these requirements?


I think your specification isn´t complete yet. You forgot about half of the
requirements.

I guess that:

* You want a machine that seperates code from data (to be secure against
trojans, virii and other malware)

* You want secure documents, that can´t change dynamically, or otherwise
contain invisible contents

* You want a secure path to the user

(and some more requirements that I forgot at the moment)

What´s your budget for this small project?

Best regards,
Philipp Gühring


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

GPG Decryption of a PGP encrypted zip file resulting in garbled zip file

[Steve Liu]

Hello,

I'm a newbie here, but I have a problem decrypting a zip file encrypted with
pgp. I was trying to subscribe to the gpg group, but it didn't reply, so I
couldn't post there.  So I thought I'd ask the folks here.

The problem is this, I generate a standard 2048-bit ELG-E key and sent off
the public part to the client.
Similarly they sent me a 1024D (1024bit?) key which I was able to import
successfully

They then uploaded a file reportedly encrypted with their key. I take
the file, decrypt it, and it seems to decrypt successfully (just a warning
that it was not integrity protected).  This results in a zip file

However, when I try to uncompress the zip file, it would not decrypt Winzip
would complain that it is an invalid archive

I'm using GPG 1.4.7
I don't know what the client is using, but they required a DH/DSS key
from me (though this should have nothing to do with the file that they
send me, right?)

The symptom seem to match a little with what was described in:
http://marc.info/?l=gnupg-users&m=104982312123419&w=2
But, as that was supposed to be resolved 4 years ago, I hope that this
is just some user error on my part.
Cheers,
Steve
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Encrypt from memory to disc?

[Steve Leibel]

I have an application where I have data in memory that needs to be 
encrypted without ever being written to disc, even temporarily.


Using PGP I can run "pgp -feat" and then pipe the data to the pgp 
process. That works very well.


I have to do the same thing for GPG, but I can't figure out how to 
send data to GPG directly from memory.


Any suggestions greatly appreciated.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Need help exchanging keys with PGP 6.5.2 on AIX

[Steve M. Fabac, Jr.]

I have not been successful in exchanging encrypted messages between
PGP 6.5.2 on AIX and GnuPG 1.4.1. 

I am still learning with GnuPG and the curve is steep. 

The FAQ has suggestions for Encrypting messages with
GnuPG for decryption with PGP, but no section on how to
generate compatible public/private keys for exchange with
PGP 6.5.2 on the AIX system. 

My first attempt to run gpg --gen-key and exchanging the
public key with the AIX administrator resulted in

> [smf] unix!/u/smf/test $ gpg --decrypt testfile.txt.pgp | head
> gpg: [don't know]: invalid packet (ctb=6f)

when I tried to decrypt the test message. Then I tried 

> gpg --pgp6 --gen-key

and specified (1) DSA and Elgamal (default) and

DSA key pair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 1024

After sending the resulting public key to the AIX administrator,
decrypting the test message resulted in:

[smf] unix!/u/smf $ gpg --pgp6 --decrypt testfile.txt.pgp > bob
gpg: mpi too large (57092 bits)  

and 
[smf] unix!/u/smf $ gpg --decrypt testfile.txt.pgp > bob
gpg: mpi too large (57092 bits)

What should I try next? 

--

      Steve Fabac
   S.M. Fabac & Associates
816/765-1670


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: General newbe questions using GnuPG

[Steve M. Fabac, Jr.]

As a newbe, I have scanned the GnuPG FAQ looking for help on the question
of configuring GnuPG for encrypting and exchanging files between GnuPG 1.4.1
and a client site running GPG on AiX.

I am running GnuPG 1.4.1  on my end.

My client running PGP 6.52 on AIX.

I generated my key pair taking the defaults when prompted and 
used gpg --armor --export KeyID > testkey.pub 

In the FAQ, the section 5.1 (shown below) has no corresponding section on
"How can I encrypt a message with PGP so that GnuPG is able to decrypt it? 

> 5. COMPATIBILITY ISSUES 
> 
> 5.1) How can I encrypt a message with GnuPG so that PGP is able to decrypt 
> it? 

As a newbe, I have not got a clue on what choices to make running 
gpg --gen-key to make the necessary PGP compatible public key.

On my system, I get:

Please select what kind of key you want:
   (1) DSA and Elgamal (default)
   (2) DSA (sign only)
   (5) RSA (sign only)
Your selection? 1
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 

When I provide the key to my client and he uses it to encrypt
a test message using PGP 6.5 on AIX, I get the following 
when I try to decrypt it with GnuPG:

[smf] unix!/u/smf/test $ gpg --decrypt testfile.txt.pgp | head
gpg: [don't know]: invalid packet (ctb=6f)

Additionally: The key pair I generated was a test pair using 
a non existing user name, a random comment, and bogus
e-mail. (This test key is to be replaced with a production
key with appropriate name, comment, and e-mail ID after testing
is complete).  I then imported the test public key on my
office system and signed the public test key with my 
private key for my e-mail ID.  I exported the signed key
with: gpg --armor --export keyid > testkey2.pub and sent it via
email to my client. 

I can only trust that he did the appropriate steps on his 
AIX box to import the key and generate a test encrypted
message. The result of trying to decrypt the test message 
on the production system is shown above. 

When I use the signed public key on my office system to
encrypt a test file and transfer it to the production
system, I can decrypt the message without problem. 

--

      Steve Fabac
   S.M. Fabac & Associates
816/765-1670


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

New user problems please help

[Steve M. Fabac, Jr.]

I have downloaded the gnupg-1.4.1.tar.gz from 
http://mirrors.rootmode.com/ftp.gnupg.org/
as well as gnupg-1.4.1.tar.gz.sig

and followed the steps to verify the
archive by running

gpg --verify gnupg-1.4.1.tar.gz.asc
 (after renaming gnupg-1.4.1.tar.gz.sig to 
gnupg-1.4.1.tar.gz.asc )

I get:
gpg: Signature made Tue Mar 15 10:29:15 2005 CST using DSA key ID 57548DCD
gpg: BAD signature from "Werner Koch (gnupg sig) <[EMAIL PROTECTED]>"

>From the second line above, I take it that the "BAD" indicates some
problem.  What's wrong? 

PS, I downloaded gnupg 1.2 pre-compiled and installed it and used it
to run the gpg commands above. 

--

  Steve Fabac
   S.M. Fabac & Associates
816/765-1670


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users