Re: Posting short GnuPG clear signed messages on social media sites
On 05/08/17 12:44, Stefan Claas wrote: > On Sat, 5 Aug 2017 11:30:08 +0100, da...@gbenet.com wrote: > >> Hello Stefan, >> >> Firstly the "<" did the trick - I used QtQr - to decode back and then >> to decrypt Kleopatra - and it worked fine QtQR creates pngs but did >> not use this feature. > > Hi David, > > glad that it works now for you. My experience has been from te early 80s I thought encrypted communications would grow to a world wide phenomena - but I was a bit optimistic. Top security professional in my opinion don't tell people to encrypt which is there best form of security. It seems to me there are two or three types that use encryption (1) those that actually need it (2) computer nerds who think it's some holy grail (3) ordinary people trying to get more ordinary people to see sense I posted your little bit of advice to a Linux group on FB - the reaction was not as I expected - condescending replies in the main - none of whom and the intelligence to see the implications - I felt I was defending what was a good idea. Today with increased surveillance from security forces reading everything we do you would have thought that those involved in politics would at least use encryption - they have no idea what one is talking about. Thirty odd years have past - and still 90 per cent of the population who use computers and smart phones have no idea. Well 99.9 per cent :) I seem to hanging on to a vital bit of technology - and every one I know is still throwing flint spears at Hairy Mammoths :) Rant over - I shall go back to silent observation :) David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Posting short GnuPG clear signed messages on social media sites
On 04/08/17 13:46, Stefan Claas wrote: > zbarimg image.jpg > output.txt && sed "s/QR-Code:-/-/g" output.txt Hello, I decided to follow your instructions: (1) I encrypted some text file size 1569 bytes (2) I ran qrencode -o david.png david.asc (3) Got david.png 291 bytes (4) I ran your command zbarimg david.png > david.asc && sed "s/QR-Code:-/-/g" david.asc (5) created david.asc 18 bytes (6) All david.asc contained was "QR-Code:david.asc" (7) Which was not the original text. (8) zbarimg can display a png like any other but seems not capable of converting it back to its original form. Am working on a solution David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Your Thoughts
Hi All, I was sharing thoughts on AI in Linux facebook and Sean Rickerd shared this link https://arstechnica.com/information-technology/2016/10/google-ai-neural-network-cryptography/ David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: A Quick Question
On 14/07/17 15:01, Daniel Villarreal wrote: > On 07/14/17 04:59, da...@gbenet.com wrote: Thank you for your contributions Daniel and Robert Best Wishes David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
A Quick Question
Hi All, I want to back up and move all the keys I have - without moving the whole directory - I have gpa kgpg and Kleopatra but none of these as far as I can see back up all your keys. Help appreciated and thanks David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com 0xAAD8C47D.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: FAQ maintenance
On 04/02/16 09:29, Robert J. Hansen wrote: >> Out of curiosity - have you reviewed the latest version of ESD? > > The FSF asked Patrick Brunschwig and me to review it prior to > publication. I don't know if Patrick turned in criticisms; I gave a > couple of pages' worth. I'm pleased with the end result. > > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > A list of do's and don'ts - weird and impracticable keys common sense usage - common sense things to put in your gpg.conf :) David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com 0xAAD8C47D.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: FAQ maintenance
On 04/02/16 08:56, Robert J. Hansen wrote: >> I propose to explain the different key in the keyring: > > As near as I can tell, this question isn't asked very frequently. If > the opinion of the list is that it is, though, I'll certainly add it. > What say y'all? > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > Yes David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Ian Murdock
Apparently the founder of the Debian project, Ian Murdock, has died [1]. There is some interesting discussion on Reddit, especially the link to his last tweets [2]. This is very sad news, especially given the alleged circumstances. [1] https://blog.docker.com/2015/12/ian-murdock/ [2] https://www.reddit.com/r/programming/comments/3ytdsi/ian_murdock_creator_of_debian_has_died/ David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com 0xAAD8C47D.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Merry Christmas
-- http://www.bbc.com/news/uk-35058761 David “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPA - unsupported certificate
On 05/12/15 19:33, Dark Penguin wrote: > I wanted to report a few bugs in GPA that I've been getting on Debian > Squeeze, but I thought > I should check if they still exist in the latest version. So, I've installed > Debian Jessie > and got the latest release (0.9.9) to see if there was any improvement since > few years ago. > > So, I start "gpa". The first thing I see is the Key Manager window and an > invitation to > create a new key. On top of it, an error message ("Unsupported certificate") > pops up > immediately; on top of this message, "GnuPG is rebuilding the trust > database", which "might > take a few seconds", but takes forever. > > I tried to wait, but in the end I just had to close the "trust database" > popup and the > "Unsupported certificate" error message. then I proceeded with generating a > new key, and > made sure all those old bugs are still there. And what's more, every time I > open the Key > Manager window, the "Unsupported certificate" error pops up again, and there > are no keys in > the Key Manager. Not even the one I've created. > > Are those really bugs or am I doing something wrong?.. I've tried that on an > Ubuntu 14.04 > LTS livecd right after booting it up, to see if it works on one of the most > popular > distributions, but all the problems were exactly the same. > > So, the problems are there on Debian Jessie with 3.16 kernel, gpa 0.9.5/0.9.9 > and gpg > 1.4.18/2.0.26 and Ubuntu 14.04 LTS with 3.19 kernel, gpa 0.9.4-1 and gpg > 1.4.16/2.0.22. (I > didn't upgrade Ubuntu before trying. Also, seems like GPA uses the > gpg2-branch, but does it > really call upon gpg2 and not old gpg, which is hardly possible to remove > from the system > without breaking a LOT of dependencies like APT?..) Should I go on and submit > all those > things as bug reports, or am I missing something important here?.. Seriously, > things don't > work out of the box and nobody has even noticed?.. I just have a hard time > believing it... > > Hi Dark Penguin, The first thing to say is - when installing any Linux distro you need to ensure that the distro has installed every software update every security fix first. This is important when installing GPA Kleopatra and KGPG. Every Linux distro has gnupg installed - so at a terminal just type gpg - this will create ALL the folders and files needed (.gnupg) it's pointless installing GPA without running gpg first - I think it's pretty silly. Then you may wish to install gpgv2 via the package manager. Only then install GPA Kleopatra or KGPG. And only after installing all the updates and security fixes. Once you have done this you can use any of the packages to create a set of keys - GPA Kleopatra or Kgpg. There are no bugs in GPA - all these programmes expect to find a valid existing .gnupg David There are no bugs in GPA -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What causes this bad signature
On 16/11/15 15:01, Sebastian Wiesinger wrote: > Hello, > > my key is not bad, the signature by 0x5E5CCCB4A4BF43D7 is bad. The > question is why. > > Regards > > Sebastian > Hello Sebastian, I downloaded the key and all sub-keys. Neither GPA Kgpg or Kleopatra give any warnings about this key. You don't say what's bad about it - which is why your not getting much help here. David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What causes this bad signature
On 14/11/15 20:28, Sebastian Wiesinger wrote: > Hello, > > for fun I tried a German government (or public-private partnership) > service that signs your PGP key if your name on a uid matches the > electronic data on your ID card (Neuer Personalausweis, nPA). I tried > this and got my signed key back. I tried to import it into my keyring > and imagine my surprise when it didn't show up. Reason being: I have > "import-options import-clean" set and the signature is somehow bad. > > Is there a way to see why the signature is bad? If I decide to let > them know that their service fails I would like to be able to tell > them what they did wrong. > > My key is 0x58A2D94A93A0B9CE and their signature comes from > 0x5E5CCCB4A4BF43D7: > > pub 2048R/0x58A2D94A93A0B9CE 2009-08-11 > uid [ultimate] Sebastian Wiesinger> sig!3 P0x58A2D94A93A0B9CE 2015-03-27 never Sebastian Wiesinger > > sig-3 1 0x5E5CCCB4A4BF43D7 2015-11-14 never Governikus OpenPGP > Signaturservice (Neuer Personalausweis) > > I attached the signed key for your interest. > > Regards Sebastian > > > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > Sabastian, Your key has been signed by 16 other people - all unknown. No ID apart from one 65D0FD58 - CA Cert Signing Authority (Root CA) though your key is fully detailed at http://keys.gnupg.net/pks/lookup?search=+0x58A2D94A93A0B9CE=vindex - may be you need to download your public key from a key server - always a good idea when you have uploaded it after your key has been signed. You can only use this signature for signing (not encrypting) and for certification. Bad? There appears to be nothing bad about this public key - why would you get 16 people to sign a key if you were not going to communicate with them? David signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keys have expired??
da...@gbenet.com: > Hello All, > > Am getting a strange message when signing e-mails - Enigmail says my key can > not be found or > a sub-key has expired. Yet Enigmail Kleopatra and Kgpg all show my key - and > it has no > expiry date set in any of the main or sub-keys. > > I'm using Linux Lubuntu Thunderbird 38.3 Enigmail 1.8.2 and gnupg gpg (GnuPG) > 2.0.22 > > Any help to figuring this out would be appreciated. > > Thanks > > David > Solved: What I had to do was I had to add the following line to /.gnupg/gpg-agent.conf: pinentry-program /usr/bin/pinentry-gtk-2 -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Keys have expired??
Hello All, Am getting a strange message when signing e-mails - Enigmail says my key can not be found or a sub-key has expired. Yet Enigmail Kleopatra and Kgpg all show my key - and it has no expiry date set in any of the main or sub-keys. I'm using Linux Lubuntu Thunderbird 38.3 Enigmail 1.8.2 and gnupg gpg (GnuPG) 2.0.22 Any help to figuring this out would be appreciated. Thanks David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New Everyman's software from CeBIT in Germany
On 19/03/15 22:32, Ingo Klöcker wrote: On Thursday 19 March 2015 09:18:03 Thomas F. Ruddy wrote: Dear all, I'd be interested in hearing Werner Koch's take on this recent innovation. Werner, you speak German: A new Everyman's software featuring certification, key servers, currently Windows only (Linux planned), https://www.sit.fraunhofer.de/de/volksverschluesselung/ Said to be Open Source in this news-story, http://www.nzz.ch/mehr/digital/cebit-2015-fraunhofer-volksverschluesselung-1 .18505017 Both links do not provide technical details. They talk about two things provided by their solution: A central PKI and some end-user-friendly software for certificate creation which automagically adds the certificate to the user's software (email client, browser, other software). I don't see any indication for a new crypto-standard. So their solution will either uses S/MIME or OpenPGP. I suspect it will be S/MIME because more software supports S/MIME out-of-the-box. ... I guessed correctly. It's based on S/MIME: http://www.golem.de/news/projekt-volksverschluesselung-fraunhofer-institut-vereinfacht-s-mime-einrichtung-1503-113011.html Moreover, at first one will have to use the eID feature of the new German personal identification card for requesting the certification of one's certificate. https://www.sit.fraunhofer.de/de/news/aktuelles/presse/details/news-article/verschluesselung-fuer-alle/ (also in German) Another crypto project is shown at CeBIT. It's also based on the eID feature. Governikus (developed for the German BSI) offers web application for certifying one's OpenPGP key with one's personal identification card. So it's basically key certification by the German government (for German citizen's only). https://www.governikus.com/de/pressemitteilungen#entry_6938266 Both services appear to be restricted to Germany. Regards, Ingo ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Well if it's Windoz - then Microsoft are lurking in the woodwork - and that smells like very bad news. Microsoft are never into free as in a free beer - Microsoft are into tying people in to their software. End-user friendly software? Yeah right - whatever Microsoft does - it's primary objective is to make more money - and does not give a shit about end-user security. It's just another ploy to get users to give up Linux - or move to a Linux that they control - and we have all seen how they play tricks over the years. We have the whole house for free - that may still erk those that do not support free software - and free encryption. David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What am I doing wrong?
On 18/03/15 12:18, Mark Walter wrote: Hello all. I'm having issues with encrypt and decrypt and I know it's something I'm doing wrong. I created a key with Kelopatra. Imported it into GNU Privacy Assistant. It shows up as Fully Valid. Next, to test, I created the text file test.txt and used the following command to encrypt it. gpg -e -u myu...@domain.net -r myu...@domain.net test.txt The file test.txt.gpg showed up in my folder. Next, I tried to decrypt it using the following syntax. gpg -d test.txt.gpg And I get the following error. Gpg decryption failed: No secret key Not sure what I'm doing wrong here. This used to not be an issue. This is Windows Server 2012. Thanks in advance Mark Walter Business to Business Data Integration Specialist Certified IBM System i Specialist Paragon Consulting Services, Inc. mwal...@paragon-csi.com 717-764-7909 ext. 20 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users So you created a private and public key - then encrypted a file and you entered your passphrase (password you created when generating your keys)? David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keysigning
On 02/12/14 08:27, Robin Mathew Rajan wrote: Hello, Where can I get my keys signed? Does here anyone provide keysigning services through video conference? :) Thanks and regards, Robin Mathew Rajan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Hello Robin, The first thing you need to do is upload your public key to a key server. Perhaps you can find people where you live - a local Windows group or Linux group they would be happy to sign your key. Video conferencing? You need to produce some documentation of who you are - some here may feel that video conferencing is not a good idea. But first get your public key to a key server. David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keysigning
On 02/12/14 10:53, Robin Mathew Rajan wrote: Hello David, :) I already uploaded my public key to a public key server some months ago. But there's no local Linux users group where I live! I sent emails to some people listed at biglumber.com with my Government issued ID card attached. But no reply came from them. :( Some of them are CACert Assurers! If someone could sign my key over video conferencing, that would be very much helpful to me. Yes, I know it's much less trusted than actual person-person meetups in real world. But at the same time, it offers an easy solution for someone living in a very remote area. And it's also particularly helpful if he/she can't afford travel expenses to get keys signed. I think it's just like performance vs. security in cryptography. Signing someone's key through video conferencing is less secure but at the same time it's an effective solution for remote areas. I think key signing through video conferencing, might help in reducing 'crypto divide' (like that in 'digital divide'). :) Regards, Robin Mathew Rajan https://www.robinmathewrajan.com/ On 02-12-2014 PM 03:05, da...@gbenet.com wrote: On 02/12/14 08:27, Robin Mathew Rajan wrote: Hello, Where can I get my keys signed? Does here anyone provide keysigning services through video conference? :) Thanks and regards, Robin Mathew Rajan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Hello Robin, The first thing you need to do is upload your public key to a key server. Perhaps you can find people where you live - a local Windows group or Linux group they would be happy to sign your key. Video conferencing? You need to produce some documentation of who you are - some here may feel that video conferencing is not a good idea. But first get your public key to a key server. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Hello Robin, I tried to download your public key from several servers - without any luck. As your using Thunderbird you can always attach your public key. As for key signing - then face to face communications are better. I've asked myself what is the importance of people signing my keys? There is no valid reason as far as I can see - though people like to build the web of trust - and for the most part - people on here are who they say they are - and over the years you get to build up trust. Though having said that I'm not about to rush out and sign every one's keys. Why not start your own group? There are lots of Linux groups around the world - unless your stuck in the middle of nowhere! Perhaps you can provide a link to where you uploaded your public key? David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Update
Hi Al, As so many have been aware, I tried LUbuntu amd64 LXDE with Thunderbird and Enigmail - which singularly failed to sign or even encrypt. I made add that Kleopatra Kgpg GPA also failed to work. As some of you are stuck with the mind-set that the earth is flat eg Oh it works for me therefore it works for everyone else is delusional. As stated I'd not ask 98 per cent of you to change a light bulb. I have now installed Debian release (wheezy) 64-bit and icedove 31.20 with Enigmail 1.72. Considering that icedove is Thunderbird and the same version as is Enigmail - I am at a loss to explain the failings. I just copied folders and files over with no problems. David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Update
On 26/11/14 19:52, Tristan Santore wrote: On 26/11/14 19:37, da...@gbenet.com wrote: Hi Al, As so many have been aware, I tried LUbuntu amd64 LXDE with Thunderbird and Enigmail - which singularly failed to sign or even encrypt. I made add that Kleopatra Kgpg GPA also failed to work. As some of you are stuck with the mind-set that the earth is flat eg Oh it works for me therefore it works for everyone else is delusional. As stated I'd not ask 98 per cent of you to change a light bulb. I have now installed Debian release (wheezy) 64-bit and icedove 31.20 with Enigmail 1.72. Considering that icedove is Thunderbird and the same version as is Enigmail - I am at a loss to explain the failings. I just copied folders and files over with no problems. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users So, does this mean it works now or not ? David, with the deepest respect, you are not very good at providing the correct information you have been asked for, namely detailed steps, detailed failure messages, detailed versions of your packages/distributions. This is going to be my last response to you, if I feel that you are not providing the correct information. Further, just because somebody renames and rebuilds something, does not mean it is THE SAME as the original. The Debian folks might be applying patches, as we do in Fedora and Red Hat/CentOS. That is the thing with free software, just because something sounds or looks similar, does not mean it is! Hence, the requirement for detailed package names and versions and distribution versions. Werner, I know I know! Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 tristan.sant...@internexusconnect.net Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: tsant...@fedoraproject.org ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Tristan, It all works on Debian - Fedora-16 64-bit well no and LUbuntu LXDE 64-bit no. And it's not LXDE - LUbuntu - is it a kernel issue? Maybe I could never find out. Considering that Kleopatra Kgpg GPA Thunderbird Enigmail ALL Failed - it points to a kernel issue. As happens on this list when people point out that something's not working - those with very limited intelligence start bleating as if we are completely ignorant of what we do. Anyway, I keep away from Fedora - a dodgy system as now I keep well away from LUbuntu 64-bit. Not all Linux Distros work. Not all Linux applications work. This is a fact of life. David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Nearly fixed
On 17/11/14 23:06, Paul R. Ramer wrote: On November 15, 2014 10:02:44 AM PST, Samir Nassar sa...@samirnassar.com wrote: For those of you who come to David's post in the future through the mailing list archive: Disregard this misconception. Many of us, myself included, use gpg2 on a 64bit system without a problem. Personally, I have used gpg2 and gpg on 64-bit and 32-bit versions of Linux, Macintosh, and Windows. It has always been transparent. No issues to write home about. Cheers, -Paul -- PGP: 3DB6D884 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Paul, Just because you have no problems - and then to take on the role of an authority is misguided - and i must say completely stupid of you. Everything's all right with my world and so everything's right in the world - all other people's wrongs are fictions. Your remarks are entirely your own - and have no basis in the real world. The more you write the more fictions you will produce. (1) I accept without any questions that people run Linux and Windoz 64 bit and have no problems - I accept this as a reality. (2) Another reality which I accept is that running a Linux 64 bit O/S you can not sign or encrypt files. (3) Another reality I have to accept is none or very very very few of you have the technical know-how to come up with a solution. (4) I'd not ask most of you to change a light-bulb. But I still like you :) David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: The Facts:
On 16/11/14 09:43, Gabriel Niebler wrote: David, it is not a gpg2 problem and it is also not relatd to modern versions of your mail programmes. In my case Thunderbird 31.2 with Enigmail 1.7 runs just fine with GnuPG 1.4.16. I also have GnuPG 2.0.22 installed as gpg2, but I'm not actively using it. You don't need to downgrade your Thunderbird, if it has problems signing and encrypting mail, somthing else is amiss. I now think you may be hitting the pinentry issue Philip Jackson reported several months ago. There seems to be a problem specifically with pinentry-gtk2 and IIRC that's what you're using. You're on KDE, I believe, so have you tried removing 'pinentry-gtk2' and replacing it with 'pinentry-qt4'? If that doesn't work, could you try using 'pinentry-curses'? Also, what's the content of your gpg.conf? (Just do 'cat ~/.gnupg/gpg.conf') Best gabe Gabriel, I had to reinstall again my 64 bit LXDE Linux. I created a brand new .gnupg folder and imported my private and public key. They are the only keys I have. But am stuck with the issue of bad passphrase I can not edit my keys - in fact I can't change anything with my keys. I don't even have gpg2 installed. So am writing on my trusty 32 bit LXDE Linux. I have no idea what's going on. I'm on Ubuntu LXDE. On both laptops. I will try your suggestions. I applied all your suggestions but still get bad passphrase the contents of my gpg.conf: david@laptop-2:~$ cat ~/.gnupg/gpg.conf # Options for GnuPG # Copyright 1998, 1999, 2000, 2001, 2002, 2003, # 2010 Free Software Foundation, Inc. # # This file is free software; as a special exception the author gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. # # This file is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # # Unless you specify which option file to use (with the command line # option --options filename), GnuPG uses the file ~/.gnupg/gpg.conf # by default. # # An options file can contain any long options which are available in # GnuPG. If the first non white space character of a line is a '#', # this line is ignored. Empty lines are also ignored. # # See the man page for a list of options. # Uncomment the following option to get rid of the copyright notice #no-greeting # If you have more than 1 secret key in your keyring, you may want to # uncomment the following option and set your preferred keyid. #default-key 621CC013 # If you do not pass a recipient to gpg, it will ask for one. Using # this option you can encrypt to a default key. Key validation will # not be done in this case. The second form uses the default key as # default recipient. #default-recipient some-user-id #default-recipient-self # Use --encrypt-to to add the specified key as a recipient to all # messages. This is useful, for example, when sending mail through a # mail client that does not automatically encrypt mail to your key. # In the example, this option allows you to read your local copy of # encrypted mail that you've sent to others. #encrypt-to some-key-id # By default GnuPG creates version 4 signatures for data files as # specified by OpenPGP. Some earlier (PGP 6, PGP 7) versions of PGP # require the older version 3 signatures. Setting this option forces # GnuPG to create version 3 signatures. #force-v3-sigs # Because some mailers change lines starting with From to From # it is good to handle such lines in a special way when creating # cleartext signatures; all other PGP versions do it this way too. #no-escape-from-lines # If you do not use the Latin-1 (ISO-8859-1) charset, you should tell # GnuPG which is the native character set. Please check the man page # for supported character sets. This character set is only used for # metadata and not for the actual message which does not undergo any # translation. Note that future version of GnuPG will change to UTF-8 # as default character set. In most cases this option is not required # as GnuPG is able to figure out the correct charset at runtime. #charset utf-8 # Group names may be defined like this: # group mynames = paige 0x12345678 joe patti # # Any time mynames is a recipient (-r or --recipient), it will be # expanded to the names paige, joe, and patti, and the key ID # 0x12345678. Note there is only one level of expansion - you # cannot make an group that points to another group. Note also that # if there are spaces in the recipient name, this will appear as two # recipients. In these cases it is better to use the key ID. #group mynames = paige 0x12345678 joe patti # Lock the file only once for the lifetime of a process. If you do # not define this, the lock will be obtained and released every time # it is needed, which is usually preferable. #lock-once # GnuPG can
Re: The Facts:
On 16/11/14 16:54, Philip Jackson wrote: On 16/11/14 05:59, da...@gbenet.com wrote: Werner, I have partly resolved the problem - which seems to be related to gnupg2 Thunderbird and Enigmail running on a 64 bit Linux. The only error message am now getting is bad passphrase when I've not even entered a passphrase but am about to too. I had this same difficulty around June this year when I migrated from Windows7 to UbuntuStudio 1404. (both 64 bit). I wanted to use gnupg2 rather than the standard gnupg1-4.-16 which was packaged with Ubuntu and the gnupg website said that gnupg1 and gnupg2 could co-exist ok on the same machine. So I installed the Ubuntu gnupg2 package 2.0.22. I had migrated my Thunderbird profile ok from Windows7 to Ubuntu and was happily using Thunderbird 24.6 and enigmail 1.6 before I installed gnupg2. Afterwards, I could not get emails to be signed. I did get the bad passphrase message without having been asked to provide one. I also got a 'no pinentry' message. I removed the Ubuntu gnupg2.0.22 package and using only gnupg1.4.16, Thunderbird and enigmail worked perfectly. I then set about learning how to install myself the latest version (at that time) which was gnupg2.0.26 with help from this list. When I got it installed, enigmail then worked perfectly. I cannot advise how to install gnupg2.0.26 - it was above my pay-grade at the time but I did manage it. And I have subsequently upgraded Thunderbird many times (now at 31.2) and enigmail too (now at 1.7.2). I confirm that on UbuntuStudio 14.04 64 bit, Thunderbird 31.2 with enigmail 1.7.2 works just fine with gnupg2.0.26. I wrote up some of my problem on launchpad (Ubuntu bug reports) and there is at least one other bug reporting similar behaviour. For further info on these, try these links : https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/1332864 https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/1313879 My conclusion was that there must have been some issue with the gnupg2.0.22 package as prepared and released by ubuntu. Philip ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Hi Philip, I have not installed gnupg2 on my new Ubuntu LXDE 64 bit laptop. But am still stuck with bad passphrase until I get that resolved I'll not be installing gnupg2 from the web site. David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Update
Having spent many many days on this problem I have failed to come with any working solution. Running a 64 bit version of LUbuntu does not work. This is a real fact of life no matter what all you people say. It does not work for me. I have tried Fedora-16 64 bit in the past - it failed - I tried Suse-14 64 bit in the past and it too failed. And now LUbuntu 64 bit fails too. My only option is to install a 32 bit Linux O/S and a 64 bit laptop. Or wipe the partition and give it all to Windoz. Thank you for putting up with my ravings and my frustrations and I thank the very very small band of people that offered practical help. All I do know is: (1) When I remove gnupg2 from Enigmail all but one problem goes away. (2) Then up stuck with bad passphrase without even entering the passphrase. (3) 32 bit Linux works fine for me (4) 64 bit Linux does not work for me. For those of you that can not accept reality see a psychiatrist. David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: The Facts:
On 15/11/14 12:36, Johannes Zarl wrote: Hi, On Saturday 15 November 2014 11:52:02 da...@gbenet.com wrote: Laptop-1 and laptop-2 are a mirror image of each. They contain the same software. I copied programmes like Thunderbird Firefox from laptop-1 to laptop-2 without any problems. It seems like the mirroring of laptop-1 to laptop-2 did not actually work as expected: (1) david@laptop-1:~$ gpg gpg: directory `/home/david/.gnupg' created gpg: new configuration file `/home/david/.gnupg/gpg.conf' created gpg: WARNING: options in `/home/david/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/home/david/.gnupg/secring.gpg' created gpg: keyring `/home/david/.gnupg/pubring.gpg' created gpg: Go ahead and type your message ... The above command output tells you that no .gnupg folder exists in your home directory and that a new one is created. As some people pointed out before, you have to copy the .gnupg folder from your laptop-1 to your laptop-2. Maybe you forgot to restore your home directory when you migrated from laptop-1 to laptop-2? Cheers, Johannes ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users The nature of Linux is that your home directory is automatically created so one can hardly forget to create it. As stated laptop-1 has a 32 bit O/S and laptop-2 as a 64 bit O/S this means installing an 64 bit Linux Operating System and copying ALL programmes that are on the 32 bit Linux Operating System. They have the same programmes. This means that are a mirror of each - except that one is 32 bit and one 64 bit. No migration of an Linux operating system took place - it would be meaningless to put a 32 bit O/S on a laptop with more than 4 MB RAM as it would not recognise the additional memory. David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help needed
On 15/11/14 15:17, MFPA wrote: Hi On Thursday 13 November 2014 at 10:33:31 PM, in mid:546531bb.2000...@gbenet.com, da...@gbenet.com wrote: I exported my keys to a USB stick. Then I copied my .gnupg to a new Linux laptop. Then I imported my keys. I thought that I would be fine. But I get the following error when signing my mail: Key 0xAAd8C47D not found or not valid. The (sub-)key might have expired. Assuming you exported/imported the private keys as well as the public keys, did you set the ownertrust back to ultimate after importing? Yes The key is visible in Enigmail Kgpg Kleopatra GPA I'm not able to edit my key I can't enter my passphrase. For what it's worth, you don't need the passphrase to edit the ownertrust. -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: The Facts:
On 15/11/14 17:00, Patrick Brunschwig wrote: On 15.11.14 12:52, da...@gbenet.com wrote: The steps I have taken to move my /.gnupg folder Background: I have two laptops (1) a 32 bit LXD laptop-1 (2) a 64 bit LXD laptop-2 one mouse and one WD 1.0 TB (1,000,202,043,392 bytes) external drive that plugs into the USB port of either laptop-1 or laptop-2 = david@laptop-1:/media/store$. Laptop-1 and laptop-2 are a mirror image of each. They contain the same software. I copied programmes like Thunderbird Firefox from laptop-1 to laptop-2 without any problems. Why don't you simply do this: 1. on your old laptop: tar zcf gnupg-backup.tgz $HOME/.gnupg 2. Copy the resulting file gnupg-backup.tgz to your new laptop 3. on your new laptop: tar zxf gnupg-backup.tgz -Patrick Patric, I did that. But now I have half resolved the issue. The error only appears on a 64 bit gpg2 system - I removed all refs in Enigmail to gpg2 - now the only error message I get is bad passphrase. I recall having a 64 bit Fedora O/S and experiencing the same kind of problems about 4 years ago. Now my only problem is I can not change the passphrase GPA Kleopatra KGpg or from the terminal. So am going to un-install gpg2 - I hope that fixes the problems. David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: The Facts:
On 15/11/14 17:16, Paul R. Ramer wrote: On November 15, 2014 3:52:02 AM PST, da...@gbenet.com da...@gbenet.com wrote: [snip] david@laptop-1:/media/david/store$ gpg -ao --import --allow-non-selfsigned-uid david-public.key gpg: armour header: Version: GnuPG v1.4.11 (GNU/Linux) pub 4096R/AAD8C47D 2014-08-17 postmaster (There's always light at the end of the tunnel) postmas...@gbenet.com sigAAD8C47D 2014-11-15 [selfsig] gpg: can't handle public key algorithm 19 gpg: can't handle public key algorithm 18 sig32521C09 2014-08-25 Carolyn Hoyle (I respect privacy) carolynbelk...@yahoo.co.uk sub 4096R/FDDA1EF2 2014-08-17 sigAAD8C47D 2014-08-17 [keybind] david@laptop-1:/media/david/store$ Now to test emails - the results: skip...@gbenet.com to postmas...@gbenet.com subject test body: test - now send: Key 0xAAD8C47D not found or not valid. The (sub-)key might of expired. I'm stuck - can you solve this problem? David, If this is the entirety of what you did, you forgot to import your private key in the file david-private.gpg. Cheers, -Paul -- PGP: 3DB6D884 I've installed my private key - am not that stupid! Anyway things have moved on - it's a gpg2 problem David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Nearly fixed
Hi All, The problem is with gpg2 on a 64 bit O/S I removed gpg2 and also lost GPA and Kleopatra and Kgpg no longer runs on my 64 bit Linux. Now my only error is bad passphrase. Which I can not change from the terminal. Also as I recall the problem is with Enigmail - I have to install a version of Thunderbird at least 3 years older than my current version with an enigmail current to that version. This will get rid of all errors. Hopefully :) A rule maybe - don't run gpg2 on a 64 bit Linux system - and install a much older version of Thunderbird and enigmail - and never upgrade Thunderbird to a newer version. David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: The Facts:
On 15/11/14 20:24, Werner Koch wrote: On Sat, 15 Nov 2014 19:10, joh...@vulcan.xs4all.nl said: I believe there exist some differences between gpg2 keyrings and gpg 1.x keyrings, but I don't know the details. Does gpg2 still use trustdb.gpg? No. Only with 2.1 tehre is the new keybox format (pubring.kbx) which will be used for new installations but an existing pubring.gpg from pre 2.1 will be used if it exists. And since gpg 2.1 dropped v3 key support, how does it react on a keyring with v3 keys in it? At the next write access to the keyring v3 keys are removed. David send me one of his mails privately without mentioning that he also send he to the ML :-(. I looked at it anyway; see below. Salam-Shalom, Werner On Sat, 15 Nov 2014 12:58, da...@gbenet.com said: sec 4096R/AAD8C47D 2014-08-17 uid postmaster (There's always light at the end of the tunnel) postmas...@gbenet.com ssb 4096R/FDDA1EF2 2014-08-17 david@laptop-1:/media/store$ gpg --output mykey1.asc --export -a AAD8C47D gpg --output mykey2.asc --export -a FDDA1EF2 You are about to export the same key iwtice. Unless special options are used the --export command exports the main key sec and all subkeys ssb. Not a problem but may be surprising. gpg: can't handle public key algorithm 19 gpg: can't handle public key algorithm 18 You played with the new ECC algorithms but not a problem. david@laptop-1:/media/store$ gpg -ao allow-non-selfsigned-uid david-public.key --export FDDA1EF2 You wrote output to the file allow-non-selfsigned-uid ;-) gpg: writing to `david-public.key' gpg: can't handle public key algorithm 19 gpg: can't handle public key algorithm 18 david@laptop-1:/media/store$ Got the same error message. there's something wrong with subkey binding signatures for secret keys. I can't see an error message. can't handle public... are just warnings about some othe keys found in the keyring or your key? david@laptop-1:/media/david/store$ gpg -ao --import --allow-non-selfsigned-uid david-public.key gpg: armour header: Version: GnuPG v1.4.11 (GNU/Linux) pub 4096R/AAD8C47D 2014-08-17 postmaster (There's always light at the end of the tunnel) postmas...@gbenet.com sigAAD8C47D 2014-11-15 [selfsig] gpg: can't handle public key algorithm 19 gpg: can't handle public key algorithm 18 sig32521C09 2014-08-25 Carolyn Hoyle (I respect privacy) carolynbelk...@yahoo.co.uk sub 4096R/FDDA1EF2 2014-08-17 sigAAD8C47D 2014-08-17 [keybind] david@laptop-1:/media/david/store$ It seems that you have ECC subkeys on your key or signed a key woth an ECC key. I can't check that because the keyservers do not yet all support ECC. Key 0xAAD8C47D not found or not valid. The (sub-)key might of expired. Please send me your complete key. The copy from the keyservers might not be complete. --export is sufficient. Salam-Shalom, Werner Werner, I have partly resolved the problem - which seems to be related to gnupg2 Thunderbird and Enigmail running on a 64 bit Linux. The only error message am now getting is bad passphrase when I've not even entered a passphrase but am about to too. As I recall the only options I have are installing a version of Thunderbird at least 4 years older than the current version. I'm using Thunderbird 24.6.0 at the moment with the same error message - bad passphrase with no ability at the terminal or in Enigmail to correct or change it. Even gnupg 1.4 does not accept -passwd. As I recall I had the same problem with Fedora and Suse 14 64 bit. I'm on Linux 3.11.0-26-generic (x86_64) Ubuntu 13.10. And as I recall others had similar problems with Fedora on a 64 bit O/S. I've enclosed a copy of my private key - but as I've got rid of gnupg2 the error message Key 0xAAD8C47D not found or not valid. The (sub-)key might of expired has vanished. The only error message am stuck with is bad passphrase and no ability to sign or encrypt emails or files or anything else. So am going to install a copy of Thunderbird at least 4 years older than the current version with an appropriate Enigmail. As stated and as aa fact of daily life there are problems running a Linux distro in x86_64 there are problems with gnupg2 there are problems with Thunderbird and there are problems with Enigmail. David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com david-public.key Description: application/pgp-keys 0xAAD8C47D.asc Description: application/pgp-keys ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help needed
On 14/11/14 04:11, Daniel Kahn Gillmor wrote: Hi David-- You sound frustrated. hopefully we can help you figure things out. Some of the details of what's happened on your machine(s) sound unclear to me, and we'll be able to help you better with more precise information. On 11/13/2014 04:31 PM, da...@gbenet.com wrote: Even when I use a backup programme and restore I still get the same error message. What backup program did you use? What version of gnupg were you using on your old computer? what platform was your old machine? what platform is your new machine? If you feel comfortable sharing any of this information, i'd be curious to see the outcome (on both old and new machines) of any of the following series of commands: uname -a ls -la ~/.gnupg gpg --version gpg --list-secret-keys 0xAAD8C47D echo test | gpg --clearsign -u 0xAAD8C47D If it looks like this information is too sensitive to post to the list, but you feel ok sending it to me privately, you're welcome to send it to me privately (my OpenPGP fingerprint is at the bottom of this mail if you wish to encrypt it). So no-one has ever copied their .gnupg folder to another laptop. No one has ever done this with any success. I can say based on personal experience that this is not the case. I have done several such transfers, for myself and for other people. You have all failed. Clearly there's something wrong with gnupg that does not like being backed up copied whatever. If it were another programme say Thunderbird no one would use Thunderbird. They would say Thunderbird was crap. I'm going to treat this paragraph as you expressing your frustration, instead of reading it as an attack on the developers of GnuPG. Other people might read it differently, and may find it demotivating in terms of helping you with your current situation. Please remember that there are human beings on the other side of your e-mail, people who are remarkably committed to helping others, but who also have their own feelings. Regards, --dkg OpenPGP Fingerprint: 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9 Hi Daniel, Firstly I can neither encrypt or sign. I have two laptops (1) 32 bit LXD (2) 64 bit LXD my 64 bit machine crashed and went off for repairs. It came back I reinstalled the operating system and all programmes - now a mirror image of my 32 bit LXD. Then I did the following: (1) david@laptop-1:~$ gpg gpg: directory `/home/david/.gnupg' created gpg: new configuration file `/home/david/.gnupg/gpg.conf' created gpg: WARNING: options in `/home/david/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/home/david/.gnupg/secring.gpg' created gpg: keyring `/home/david/.gnupg/pubring.gpg' created gpg: Go ahead and type your message ... (2) Run ALL your GUIs eg Kgpg Kleopatra GPA - but do not create a new set of keys! Kgpg will complain and not run. (3) Reboot your system - very important! (4) Type david@laptop-1:~$ gpg-agent gpg-agent: gpg-agent running and available david@laptop-1:~$ Then I copied ALL .gnupg files from the 32 bit laptop to the 64 bit laptop - on the 32 bit laptop I exported my keys saving them to a file - I did this twice. Then I imported my keys into the 64 bit laptop. All programmes see my key - even gpg but I always get the same error message: Key 0xAAd8C47D not found or not valid. The (sub-)key might have expired when I try to sign or encrypt a message. Now insted of copying ALL the files from one .gnupg to another am just going to copy secring.gpg and trustdb.gpg - then import my keys - if this works then you will know how to do it in the future - if it does not work - hmmm... David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
My Conclusions
Hi All, After spending 62 hours on what I thought would be a simple task namely to get a fully functioning gnupg mirror on my 64 bit Linux system - I realise this is an impossible task to do. In the past I've ended up creating a new set of certificates - but this time round I thought that I would apply some effort. My conclusion is It IS Impossible To Transfer Your Keys From The Same O/S To Another Machine. There is no one in the entire universe that has ever attempted it. And if they have THEY HAVE FAILED. Not one person on this list knows how to do it successfully. No one. NOT ONE OF YOU can transfer a mirror image of your .gnupg folder and expect it to work. This tells me what I have long suspected - yes it's good at encryption and signing but the programme is fundamentally flawed as to make it utter crap. My keys are PERFECT but the software is CRAP. Werner Koch knows it's crap. Every one knows it's crap. So, If I want to go on signing and encrypting my emails I HAVE TO CREATE ANOTHER SET A BLOODY KEYS I am not a happy bunny!!! David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Why the software is crap
Hello All, I even tried exporting my private and public key from the command line and then tried importing. The same error message as before. I have checked on the internet - most of the suggestions are crap - the authors have never ever tried to do what they suggest others to do. If they had done so then they would have known just how crappy their supposed expertise was. I have even looked through https://www.gnupg.org/faq/GnuPG-FAQ.html and found this to be a useless pile of crap also. I am faced with two options: (1) Create yet another set of keys (2) Give up using gnupg after some 20 years I think I will unsubscribe from this list and give up on gnupg as a pile of crap. David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: My Conclusions
On 14/11/14 11:34, Nicholas Cole wrote: David, I'm sorry you are having problems, but I think this is just nonsense. Of course people move keys between machines all the time. I have done it myself often. I don't think that anyone deserves that level of abuse -- certainly not someone who has put years of work into a program that is an industry standard and released it for free. Nicholas On Fri, Nov 14, 2014 at 10:42 AM, da...@gbenet.com da...@gbenet.com wrote: Hi All, After spending 62 hours on what I thought would be a simple task namely to get a fully functioning gnupg mirror on my 64 bit Linux system - I realise this is an impossible task to do. In the past I've ended up creating a new set of certificates - but this time round I thought that I would apply some effort. My conclusion is It IS Impossible To Transfer Your Keys From The Same O/S To Another Machine. There is no one in the entire universe that has ever attempted it. And if they have THEY HAVE FAILED. Not one person on this list knows how to do it successfully. No one. NOT ONE OF YOU can transfer a mirror image of your .gnupg folder and expect it to work. This tells me what I have long suspected - yes it's good at encryption and signing but the programme is fundamentally flawed as to make it utter crap. My keys are PERFECT but the software is CRAP. Werner Koch knows it's crap. Every one knows it's crap. So, If I want to go on signing and encrypting my emails I HAVE TO CREATE ANOTHER SET A BLOODY KEYS I am not a happy bunny!!! David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users I have done everything correctly - and my conclusions are still the same NO ONE HAS EVER SUCCESSFULLY MADE A MIRROR COPY OF THEIR .GNUPG AND HAD A FULLY 100 PER CENT WORKING SIGNING AND ENCRYPTION PROGRAMME THAT WORKS. THERE IS NO CLEAR INSTRUCTIONS FROM ANYONE - SIMPLY BECAUSE YOU HAVE NEVER EVER DONE IT. David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Why the software is crap
On 14/11/14 11:55, Martin Behrendt wrote: Am 14.11.2014 um 12:41 schrieb da...@gbenet.com: Hello All, I even tried exporting my private and public key from the command line and then tried importing. The same error message as before. I have checked on the internet - most of the suggestions are crap - the authors have never ever tried to do what they suggest others to do. If they had done so then they would have known just how crappy their supposed expertise was. I have even looked through https://www.gnupg.org/faq/GnuPG-FAQ.html and found this to be a useless pile of crap also. I am faced with two options: (1) Create yet another set of keys (2) Give up using gnupg after some 20 years I think I will unsubscribe from this list and give up on gnupg as a pile of crap. David I think unsubscribing is the best thing you can do. Because you probably successfully destroyed the good intension and motivation of anyone helping you, with the offending nonsense you wrote in your last mails. If you are angry just shut up and write again after you cooled yourself down. The problem is more likely with you because there are not many people reporting such problems. And I can tell from my own experience that it is not even a problem copying the content of the gnupg directory between windows and linux. Tried that successfully. Maybe you should read the FAQ again (and try to understand what is written). Maybe there is a difference between exporting the public part of a key and the private part. Anyway, enjoy your life. Martin ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Martin, I have cooled. You can export your private key - you can export your public key. You can import your private key you can import your public key. In 20 years I have always had the same problem - the same error message and have each time created a new set of keys. I have done this 4 times. I notice that no one on this list - for all the talk of oh I've done it can offer no practical information has to HOW. No one. No one. No one knows how to do this simple task. In all my 20 years I have never found out how. Perhaps things are different under a Windows O/S but on Linux there is NO SOLUTION. Perhaps the only solution is to import ones private and public keys and lose all your contacts - ie a brand new installation. But I repeat BUT no one has ever created a mirror image of a .gnupg and had a fully 100 per cent working signing and encryption functionality. No one. There are no real practical solutions written anywhere on the internet. There is nothing of any value in https://www.gnupg.org/faq/GnuPG-FAQ.html - there never was in all the 20 years of reading it. Sure you can moan criticise me for my getting frustrated - and you can all moan and cringe and all withdraw your support - BUT NO ONE HAS EVER OFFERED ANY PRACTICAL USEFUL ADVICE THAT WILL ENABLE ME TO TRANSFER MY KEYS AND HAVE THEM WORKING CORRECTLY. NO ONE. NOT EVEN YOU. You are offended? Why? It is an easy thing to do is it not to moan about what and how people express themselves - yet you completely ignore the real issue. You ignore is because you can offer no real meaningful solution. As I have said no one has ever successfully transferred their public and private keys between machines and got them to successfully work. That's a real fact. And no one on this list as any practical solutions that work in the real world. That's a fact. The fact is no one on this list has ever done it with 100 per cent success. That's a fact. There is no practical advice on the internet. That's a fact. David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help needed
On 14/11/14 15:28, Jason Antony wrote: On 2014-11-14 09:33, da...@gbenet.com wrote: But I get the following error when signing my mail: Key 0xAAd8C47D not found or not valid. The (sub-)key might have expired. The key is visible in Enigmail Kgpg Kleopatra GPA I'm not able to edit my key I can't enter my passphrase. The solution may be to re-install pinentry, as described here: http://baitisj.blogspot.com.au/2014/07/enigmail-key-not-found-or-not-valid.html Let us know how you go. Cheers, Jason ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users I get: david@laptop-1:~$ sudo pkg install pinentry-gtk2 [sudo] password for david: sudo: pkg: command not found david@laptop-1:~$ sudo apt-get install pinentry-gtk2 Reading package lists... Done Building dependency tree Reading state information... Done pinentry-gtk2 is already the newest version. pinentry-gtk2 set to manually installed. 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. david@laptop-1:~$ So that's a complete failure David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Why the software is crap
On 14/11/14 11:47, NdK wrote: Il 14/11/2014 12:41, da...@gbenet.com ha scritto: I usually just lurk, but that's too much... I even tried exporting my private and public key from the command line and then tried importing. The same error message as before. I have checked on the internet - most of the suggestions are crap - the authors have never ever tried to do what they suggest others to do. If they had done so then they would have known just how crappy their supposed expertise was. I have even looked through https://www.gnupg.org/faq/GnuPG-FAQ.html and found this to be a useless pile of crap also. Surely you're doing it wrong, overlooking some passage. So don't blame others for something *you* are doing wrong. I am faced with two options: (1) Create yet another set of keys (2) Give up using gnupg after some 20 years (3) Do it the right way as everyone else and admit you were doing something wrong. I think I will unsubscribe from this list and give up on gnupg as a pile of crap. And that will be better for the whole community. BYtE, Diego. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Another completely pointless response David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: My Conclusions
On 14/11/14 12:15, Jason Antony wrote: On 2014-11-14 22:45, da...@gbenet.com wrote: I have done everything correctly - and my conclusions are still the same NO ONE HAS EVER SUCCESSFULLY MADE A MIRROR COPY OF THEIR .GNUPG AND HAD A FULLY 100 PER CENT WORKING SIGNING AND ENCRYPTION PROGRAMME THAT WORKS. But many have succeeded in it. Add myself to the list of people who have successfully backed up and re-used my GPG data files for over ten years, across various operating systems. It would be best to re-visit the problem when you're in a clear, calm frame of mind. All the best, Jason ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Another pointless answer - no practical data - so there's no validity in what you say David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Why the software is crap
On 14/11/14 12:37, Samir Nassar wrote: David, It might not be clear, but many of us have easily and simply migrated our .gnupg directories from computer to computer. I've even deleted my .gnupg directory and restored it from backups. I've intentionally messed up my private key and restored my private key to working status from backups. I guess I don't understand why you can't copy .gnupg from one system to another system. Yelling on the mailing list is extremely rude. It is now very clear, and archived, how you feel about the topic. Repeating yourself further in the manner you have been using will only alienate people and will not move you to a resolution. You've registered your complaint, it has been discussed, and now your behavior is counter-productive. Samir ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Backups don't work there are no practical solutions and therefor what you say haS NO VALIDITY David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Why the software is crap
On 14/11/14 12:41, Tristan Santore wrote: On 14/11/14 13:24, da...@gbenet.com wrote: On 14/11/14 11:55, Martin Behrendt wrote: Am 14.11.2014 um 12:41 schrieb da...@gbenet.com: Hello All, I even tried exporting my private and public key from the command line and then tried importing. The same error message as before. I have checked on the internet - most of the suggestions are crap - the authors have never ever tried to do what they suggest others to do. If they had done so then they would have known just how crappy their supposed expertise was. I have even looked through https://www.gnupg.org/faq/GnuPG-FAQ.html and found this to be a useless pile of crap also. I am faced with two options: (1) Create yet another set of keys (2) Give up using gnupg after some 20 years I think I will unsubscribe from this list and give up on gnupg as a pile of crap. David I think unsubscribing is the best thing you can do. Because you probably successfully destroyed the good intension and motivation of anyone helping you, with the offending nonsense you wrote in your last mails. If you are angry just shut up and write again after you cooled yourself down. The problem is more likely with you because there are not many people reporting such problems. And I can tell from my own experience that it is not even a problem copying the content of the gnupg directory between windows and linux. Tried that successfully. Maybe you should read the FAQ again (and try to understand what is written). Maybe there is a difference between exporting the public part of a key and the private part. Anyway, enjoy your life. Martin ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Martin, I have cooled. You can export your private key - you can export your public key. You can import your private key you can import your public key. In 20 years I have always had the same problem - the same error message and have each time created a new set of keys. I have done this 4 times. I notice that no one on this list - for all the talk of oh I've done it can offer no practical information has to HOW. No one. No one. No one knows how to do this simple task. In all my 20 years I have never found out how. Perhaps things are different under a Windows O/S but on Linux there is NO SOLUTION. Perhaps the only solution is to import ones private and public keys and lose all your contacts - ie a brand new installation. But I repeat BUT no one has ever created a mirror image of a .gnupg and had a fully 100 per cent working signing and encryption functionality. No one. There are no real practical solutions written anywhere on the internet. There is nothing of any value in https://www.gnupg.org/faq/GnuPG-FAQ.html - there never was in all the 20 years of reading it. Sure you can moan criticise me for my getting frustrated - and you can all moan and cringe and all withdraw your support - BUT NO ONE HAS EVER OFFERED ANY PRACTICAL USEFUL ADVICE THAT WILL ENABLE ME TO TRANSFER MY KEYS AND HAVE THEM WORKING CORRECTLY. NO ONE. NOT EVEN YOU. You are offended? Why? It is an easy thing to do is it not to moan about what and how people express themselves - yet you completely ignore the real issue. You ignore is because you can offer no real meaningful solution. As I have said no one has ever successfully transferred their public and private keys between machines and got them to successfully work. That's a real fact. And no one on this list as any practical solutions that work in the real world. That's a fact. The fact is no one on this list has ever done it with 100 per cent success. That's a fact. There is no practical advice on the internet. That's a fact. David David, I am pretty sure I have seen advice on how to backup and restore your keys, if not on this list, in the countless smartcard how to. I must admit I have not followed previous threads from you, but you must admit and be fair, that generally most people here are friendly and supportive. But I have seen the topic come up a few times, so maybe this is a security versus usability issue ? But again, I have not followed exactly what your problem is. Just wanted to point out that most people are reasonably helpful and friendly. Labelling gnupg as crap is, not exactly a fair assessment I think, and falls within the lines of labelling selinux crap, because people do not understand it/are confused by what is going on. Anyway. I hope you work it out in the end and I am sure, somebody will be willing yo nudge you in the right direction. Regards, Tristan Another pointless response David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death
Re: My Conclusions
On 14/11/14 12:46, Werner Koch wrote: On Fri, 14 Nov 2014 12:34, nicholas.c...@gmail.com said: I'm sorry you are having problems, but I think this is just nonsense. Of course people move keys between machines all the time. I have done Right. And you may even copy it from one OS to an entirely different one. The files are fully platform independent. Yet another of these gnome-keyring-daemon problems? Salam-Shalom, Werner Werner, I have done everything - but have a complete and absolute failure. Nothing works - I get the same error time and time again. David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: My Conclusions
On 14/11/14 13:14, Johan Wevers wrote: On 14-11-2014 12:45, da...@gbenet.com wrote: I have done everything correctly Apparently not. Or maybe the files are corrupted? Do they still work on the original computer? - and my conclusions are still the same NO ONE HAS EVER SUCCESSFULLY MADE A MIRROR COPY OF THEIR .GNUPG AND HAD A FULLY 100 PER CENT WORKING SIGNING AND ENCRYPTION PROGRAMME THAT WORKS. I did. Switched even between Linux and Windows, no problems. In the latter case, I did make a few changes to gnupg.conf since Windows has a different directory structure but that's all. THERE IS NO CLEAR INSTRUCTIONS FROM ANYONE - SIMPLY BECAUSE YOU HAVE NEVER EVER DONE IT. Stop shouting, we're neither deaf nor blind. Everything works 100 per cent fine on the other laptop David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Why the software is crap
On 14/11/14 13:11, NdK wrote: Il 14/11/2014 13:24, da...@gbenet.com ha scritto: I have cooled. You can export your private key - you can export your public key. You can import your private key you can import your public key. In 20 years I have always had the same problem - the same error message and have each time created a new set of keys. I have done this 4 times. If all four times you did the same wrong thing, then it's obvious that you got the same wrong result. Just to prove it's your error, I copied my .gnupg from one system (str957-142) to another (str957-004), with the most basic method I ould think of. I'm not an expert (probably I transferred more than what was needed!), but as you can see I succeeded at the first try! diego@str957-142:~$ gpg --list-secret-keys /home/diego/.gnupg/secring.gpg sec 2048R/F9B9D307 2014-11-14 uid Diego t...@example.com ssb 2048R/3A4AD1C0 2014-11-14 diego@str957-142:~$ tar cvfz GnuPG-backup.tar.gz --exclude random_seed .gnupg diego@str957-142:~$ gpg --clearsign GnuPG-backup.tar.gz È necessaria una passphrase per sbloccare la chiave segreta dell'utente: Diego t...@example.com 2048-bit chiave RSA, ID F9B9D307, creata 2014-11-14 diego@str957-142:~$ ls GnuPG-backup.tar.gz* GnuPG-backup.tar.gz GnuPG-backup.tar.gz.asc diego@str957-142:~$ scp GnuPG-backup.tar.gz diego@str957-004:/home/diego Then on the other PC: diego@str957-004:~$ tar xvfz GnuPG-backup.tar.gz .gnupg/ .gnupg/gpg-agent-info .gnupg/pubring.kbx .gnupg/gpg.conf .gnupg/private-keys-v1.d/ .gnupg/reader_0.status .gnupg/pubring.gpg~ .gnupg/secring.gpg .gnupg/scdaemon.conf .gnupg/gpa.conf .gnupg/trustdb.gpg .gnupg/pubring.gpg diego@str957-004:~$ gpg --clearsign GnuPG-backup.tar.gz È necessaria una passphrase per sbloccare la chiave segreta dell'utente: Diego t...@example.com 2048-bit chiave RSA, ID F9B9D307, creata 2014-11-14 diego@str957-004:~$ gpg --verify GnuPG-backup.tar.gz.asc gpg: Firma eseguita in data ven 14 nov 2014 14:07:57 CET usando RSA, ID chiave F9B9D307 gpg: Firma valida da Diego t...@example.com I notice that no one on this list - for all the talk of oh I've done it can offer no practical information has to HOW. No one. No one. No one knows how to do this simple task. In all my 20 years I have never found out how. Perhaps things are different under a Windows O/S but on Linux there is NO SOLUTION. Done just now in Ubuntu. So there's an error on your side. BYtE, Diego. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users I have a clean install of 64 bit LXD - all programmes are working 100 per cent. My keys get imported perfectly - every programme including Enigmail knows they are there. But when I try to sign or sign and encrypt I get the error referred too. No amount of copying no amount of backups no amount of anything will change that fact. David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Why the software is crap
On 14/11/14 13:31, Johan Wevers wrote: On 14-11-2014 13:24, da...@gbenet.com wrote: I have cooled. You can export your private key - you can export your public key. I've never done that, except when I imported my old pgp 2.x keys in GnuPG a long time ago (sometime when GnuPG became really usable on windows, with 1.0.4 or so). Exporting and re-importing keys can often lead to warnings about thrust issues. I just copied pubring.gpg, secring.gpg, trustdb.gpg and gpg.conf. The last one sometimes required manual editing, especially in the time when IDEA and RSA were loadable modules, but that's long over. Sometimes the owner/group and properties need to be set but my experience is that GnuPG complains clearly when you do that wrong (importing a key while pubring is not writable will fail of course). That fails David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Why the software is crap
On 14/11/14 13:38, Gabriel Niebler wrote: Dear David, dear fellow GnuPG users, this conversation made me curious, so I tried to do it myself. Here's what I did on my work laptop, just now, five minutes ago (in my home dir): $ rm -rf .gnupg $ scp -r ${myfileserver}:${pathtobackupsfromOTHERlaptop}/.gnupg/ . (...) $ rm .gnupg/random_seed $ echo My hovercraft is full of fish, but I tell everyone they're eels. my_big_secret.txt $ gpg --encrypt --recipient 0x65A3F1CC8303C0EC my_big_secret.txt $ rm my_big_secret.txt $ gpg --decrypt my_big_secret.txt.gpg You need a passphrase to unlock the secret key for user: Gabriel Niebler gabriel.nieb...@gmail.com 2048-bit RSA key, ID 0x65A3F1CC8303C0EC, created 2014-03-16 (subkey on main key ID 0xD05AF6C786CB34F4) gpg: encrypted with 2048-bit RSA key, ID 0x65A3F1CC8303C0EC, created 2014-03-16 Gabriel Niebler gabriel.nieb...@gmail.com My hovercraft is full of fish, but I tell everyone they're eels. So this all worked and the fact that this message is signed (using Enigmail/Thunderbird) is further proof that the method worked for me. Now that we have established that simply copying over your .gnupg directory from one machine to another and deleting random_seed does indeed produce the desired result for some people, maybe you can walk us through exactly what you did and we'll see if we can't figure out what the problem is. I suggest copying and pasting shell commands and their output verbatim. If you do not want to bother the rest of the list with this you are welcome to send mails directly to me. I am not an expert, but I'm willing to help you. Best gabe ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users I tried this with my keys - it was successful - I even imported my keys successfully but I get the same error as before. David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: My Conclusions
On 14/11/14 11:56, Nicole Faerber wrote: Oh please, I am using gnupg with the same keys on at least five machines with no issue. I simply copied the .gnupg directory, end of story. Cheers nicole Am 14.11.2014 um 12:45 schrieb da...@gbenet.com: On 14/11/14 11:34, Nicholas Cole wrote: David, I'm sorry you are having problems, but I think this is just nonsense. Of course people move keys between machines all the time. I have done it myself often. I don't think that anyone deserves that level of abuse -- certainly not someone who has put years of work into a program that is an industry standard and released it for free. Nicholas On Fri, Nov 14, 2014 at 10:42 AM, da...@gbenet.com da...@gbenet.com wrote: Hi All, After spending 62 hours on what I thought would be a simple task namely to get a fully functioning gnupg mirror on my 64 bit Linux system - I realise this is an impossible task to do. In the past I've ended up creating a new set of certificates - but this time round I thought that I would apply some effort. My conclusion is It IS Impossible To Transfer Your Keys From The Same O/S To Another Machine. There is no one in the entire universe that has ever attempted it. And if they have THEY HAVE FAILED. Not one person on this list knows how to do it successfully. No one. NOT ONE OF YOU can transfer a mirror image of your .gnupg folder and expect it to work. This tells me what I have long suspected - yes it's good at encryption and signing but the programme is fundamentally flawed as to make it utter crap. My keys are PERFECT but the software is CRAP. Werner Koch knows it's crap. Every one knows it's crap. So, If I want to go on signing and encrypting my emails I HAVE TO CREATE ANOTHER SET A BLOODY KEYS I am not a happy bunny!!! David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users I have done everything correctly - and my conclusions are still the same NO ONE HAS EVER SUCCESSFULLY MADE A MIRROR COPY OF THEIR .GNUPG AND HAD A FULLY 100 PER CENT WORKING SIGNING AND ENCRYPTION PROGRAMME THAT WORKS. THERE IS NO CLEAR INSTRUCTIONS FROM ANYONE - SIMPLY BECAUSE YOU HAVE NEVER EVER DONE IT. David Viele Grüße nicole faerber ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users That does not work David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Help needed
Hi All, Background: I exported my keys to a USB stick. Then I copied my .gnupg to a new Linux laptop. Then I imported my keys. I thought that I would be fine. But I get the following error when signing my mail: Key 0xAAd8C47D not found or not valid. The (sub-)key might have expired. The key is visible in Enigmail Kgpg Kleopatra GPA I'm not able to edit my key I can't enter my passphrase. Any help to resolve this issue gratefully appreciated. David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com 0xAAD8C47D.asc Description: application/pgp-keys ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help needed
On 13/11/14 22:42, Hauke Laging wrote: Am Do 13.11.2014, 22:33:31 schrieb da...@gbenet.com: I exported my keys to a USB stick. Then I copied my .gnupg to a new Linux laptop. Then I imported my keys. I thought that I would be fine. It is unclear to me what exactly you are talking about. The terms export and import usually refer to the commands gpg --export[...] gpg --import But it also sounds like you have copied the whole directory ~/.gnupg/ If you have copied the directory then maybe the file permissions have not been preserved. Check whether secring.gpg has 600. And delete the file random_seed. If you have exported and imported instead then you are missing the trust database. You should either copy trustdb.gpg or export and import this data, too: gpg --export-ownertrust gpg --import-ownertrust Hauke Hauke I have my trustdb.gpg And I still get the same error message. Perhaps the correct question to ask is: How do I transfer ALL files in my .gnupg onto another Linux laptop so that ALL functions work as before - i.e it works the same on both machines. I hope that is within the bounds of your understanding. David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com 0xAAD8C47D.asc Description: application/pgp-keys ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help needed
On 13/11/14 22:42, Doug Barton wrote: On 11/13/14 2:33 PM, da...@gbenet.com wrote: Hi All, Background: I exported my keys to a USB stick. Then I copied my .gnupg to a new Linux laptop. Then I imported my keys. I thought that I would be fine. Why did you perform the second step? Just copy ~/.gnupg to the new system, delete random_seed, and you're done. Doug Doug, I just did that - and I get the same error message. David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com 0xAAD8C47D.asc Description: application/pgp-keys ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help needed
On 14/11/14 00:55, Doug Barton wrote: On 11/13/14 3:59 PM, da...@gbenet.com wrote: On 13/11/14 22:42, Doug Barton wrote: On 11/13/14 2:33 PM, da...@gbenet.com wrote: Hi All, Background: I exported my keys to a USB stick. Then I copied my .gnupg to a new Linux laptop. Then I imported my keys. I thought that I would be fine. Why did you perform the second step? Just copy ~/.gnupg to the new system, delete random_seed, and you're done. Doug Doug, I just did that - and I get the same error message. Did you fix the permissions on the ~/.gnupg directory to be 0700? What happens when you do 'gpg --list-keys' at the command line? BTW, please stop attaching your key to your posts. :) Doug Doug, Permissions: View content: Only owner Change content: Only owner Access control: Only owner When I do gpg --list-keys: pub 4096R/AAD8C47D 2014-08-17 uid postmaster (There's always light at the end of the tunnel) postmas...@gbenet.com sub 4096R/FDDA1EF2 2014-08-17 gpg list all keys 198 of them David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help needed
On 14/11/14 00:55, Doug Barton wrote: On 11/13/14 3:59 PM, da...@gbenet.com wrote: On 13/11/14 22:42, Doug Barton wrote: On 11/13/14 2:33 PM, da...@gbenet.com wrote: Hi All, Background: I exported my keys to a USB stick. Then I copied my .gnupg to a new Linux laptop. Then I imported my keys. I thought that I would be fine. Why did you perform the second step? Just copy ~/.gnupg to the new system, delete random_seed, and you're done. Doug Doug, I just did that - and I get the same error message. Did you fix the permissions on the ~/.gnupg directory to be 0700? What happens when you do 'gpg --list-keys' at the command line? BTW, please stop attaching your key to your posts. :) Doug Doug, Even when I use a backup programme and restore I still get the same error message. So no-one has ever copied their .gnupg folder to another laptop. No one has ever done this with any success. You have all failed. Clearly there's something wrong with gnupg that does not like being backed up copied whatever. If it were another programme say Thunderbird no one would use Thunderbird. They would say Thunderbird was crap. David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Free Software Foundation statement on the GNU Bash shellshock vulnerability
Free Software Foundation Free Software Foundation statement on the GNU Bash shellshock vulnerability /This post can be viewed online at https://fsf.org/news/free-software-foundation-statement-on-the-gnu-bash-shellshock-vulnerability./ A major security vulnerability has been discovered in the free software shell GNU Bash. The most serious issues have already been fixed, and a complete fix is well underway. GNU/Linux distributions are working quickly to release updated packages for their users. All Bash users should upgrade immediately, and audit the list of remote network services running on their systems. Bash is the GNU Project's https://www.gnu.org shell; it is part of the suite of software that makes up the GNU operating system. The GNU programs plus the kernel Linux form a commonly used complete free software https://www.gnu.org/philosophy/free-sw operating system, called GNU/Linux. The bug, which is being referred to as shellshock, can allow, in some circumstances, attackers to remotely access and control systems using Bash (and programs that call Bash) as an attack vector, regardless of what kernel they are running. The bug probably affects many GNU/Linux users, along with those using Bash on proprietary operating systems like Apple's OS X and Microsoft Windows. Additional technical details about the issue can be found at CVE-2014-6271 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271 and CVE-2014-7169 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169. GNU Bash https://www.gnu.org/software/bash/ has been widely adopted because it is a free (as in freedom), reliable, and featureful shell. This popularity means the serious bug that was published yesterday is just as widespread. Fortunately, GNU Bash's license, the GNU General Public License version 3 https://www.gnu.org/licenses/gpl, has facilitated a rapid response. It allowed Red Hat https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ to develop and share patches in conjunction with Bash upstream developers efforts to fix the bug, which anyone can download and apply themselves. Everyone using Bash has the freedom to download, inspect, and modify the code -- unlike with Microsoft, Apple, or other proprietary software. Software freedom is a precondition for secure computing; it guarantees everyone the ability to examine the code to detect vulnerabilities, and to create new and safe versions if a vulnerability is discovered. Your software freedom does not guarantee bug-free code, and neither does proprietary software: bugs happen no matter how the software is licensed. But when a bug is discovered in free software, everyone has the permission, rights, and source code to expose and fix the problem. That fix can then be immediately freely distributed to everyone who needs it. Thus, these freedoms https://www.gnu.org/philosophy/free-sw are crucial for ethical, secure computing. Proprietary, (aka nonfree) software relies on an unjust development model that denies users the basic freedom to control their computers. When software's code is kept hidden, it is vulnerable not only to bugs that go undetected, but to the easier deliberate addition and maintenance of malicious features https://gnu.org/philosophy/proprietary. Companies can use the obscurity of their code to hide serious problems, and it has been documented that Microsoft provides intelligence agencies with information about security vulnerabilities before fixing them http://www.computerworlduk.com/blogs/open-enterprise/how-can-any-company-ever-trust-microsoft-again-3569376/. Free software cannot guarantee your security, and in certain situations may appear less secure on specific vectors than some proprietary programs. As was widely agreed in the aftermath of the OpenSSL Heartbleed bug, the solution is not to trade one security bug for the very deep insecurity inherently created by proprietary software -- the solution is to put energy and resources into auditing and improving free programs. Development of Bash, and GNU in general, is almost exclusively a volunteer effort, and you can contribute https://www.gnu.org/software/bash/. We are reviewing Bash development, to see if increased funding can help prevent future problems. If you or your organization use Bash and are potentially interested in supporting its development, please contact us https://brains.fsf.org/wiki/campaigns/blogs/libby/shellshock-statement/don...@fsf.org. The patches to fix this issue can be obtained directly at http://ftp.gnu.org/gnu/bash/. Media Contacts John Sullivan Executive Director Free Software Foundation +1 (617) 542 5942 campai...@fsf.org mailto:campai...@fsf.org 0xAAD8C47D.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org
Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Original Message Subject:GNU hackers discover HACIENDA government surveillance and give us a way to fight back Date: Wed, 20 Aug 2014 18:02:21 -0400 From: Free Software Foundation i...@fsf.org Reply-To: Free Software Foundation i...@fsf.org To: david cooper da...@gbenet.com Dear david, GNU community members and collaborators have discovered threatening details about a five-country government surveillance program codenamed HACIENDA. The good news? Those same hackers have already worked out a free software countermeasure to thwart the program. According to Heise newspaper http://www.heise.de/ct/artikel/NSA-GCHQ-The-HACIENDA-Program-for-Internet-Colonization-2292681.html, the intelligence agencies of the United States, Canada, United Kingdom, Australia, and New Zealand, have used HACIENDA to map every server in twenty-seven countries, employing a technique known as port scanning. The agencies have shared this map and use it to plan intrusions into the servers. Disturbingly, the HACIENDA system actually hijacks civilian computers to do some of its dirty work, allowing it to leach computing resources and cover its tracks. But this was not enough to stop the team of GNU hackers and their collaborators. After making key discoveries about the details of HACIENDA, Julian Kirsch, Christian Grothoff, Jacob Appelbaum, and Holger Kenn designed the TCP Stealth https://gnunet.org/kirsch2014knock system to protect unadvertised servers from port scanning. They revealed their work at the recent annual GNU Hackers' Meeting https://www.gnu.org/ghm/ in Germany. You can view a video announcing the discovery on fsf.org. Please be sure to share this with everyone you know who cares about bulk surveillance. https://fsf.org/blogs/community/gnu-hackers-discover-hacienda-government-surveillance-and-give-us-a-way-to-fight-back?pk_campaign=haciendapk_kwd=email We must fight the political battle for an end to mass surveillance and reduce the amount of data collected about people in the first place https://www.gnu.org/philosophy/surveillance-vs-democracy. On an individual level we have to do everything we can to thwart the surveillance programs that are already in place. *No matter your skill level, you can get involved at the FSF's surveillance page https://www.fsf.org/campaigns/surveillance/?pk_campaign=haciendapk_kwd=email.* Ethical developers inside and outside GNU have been working for years on free software that does not keep secrets from users, and programs that anyone can review to remove potential vulnerabilities. These capabilities give free software users a fighting chance against surveillance. Now, our community is turning its attention to uncovering and undermining insidious programs like HACIENDA. Free software and its ideals are crucial to putting an end to government bulk surveillance. *Share this news with your friends, to help make people aware of the importance of free software in fighting bulk surveillance.* /Jacob Appelbaum of the TCP Stealth team gave a remote keynote address at the FSF's LibrePlanet conference this year. Watch the recording of Free Software for freedom: Surveillance and you. http://media.libreplanet.org/u/zakkai/m/free-software-for-freedom-surveillance-and-you// Libby Reinish and Zak Rogoff Campaigns Managers /You can view this post online https://fsf.org/blogs/community/gnu-hackers-discover-hacienda-government-surveillance-and-give-us-a-way-to-fight-back?pk_campaign=haciendapk_kwd=email./ Follow us on GNU social https://status.fsf.org/fsf | Subscribe to our blogs via RSS https://fsf.org/blogs/RSS | Join us as an associate member https://www.fsf.org/jf Sent from the Free Software Foundation, 51 Franklin Street Floor 5 Boston, Massachusetts 02110-1301 United States Unsubscribe https://crm.fsf.org/civicrm/mailing/unsubscribe?reset=1jid=130737qid=8855621h=99b000cc86f54969 from this mailing list. Stop all email https://crm.fsf.org/civicrm/mailing/optout?reset=1jid=130737qid=8855621h=99b000cc86f54969 from the Free Software Foundation, including Defective by Design, and the Free Software Supporter newsletter. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJT9fHvAAoJENIbRAX92h7yw2gP/jKM6E+MJ/60m5Hh9Pd5Po/U 86429oQ6oxBhrPbYvGmvhBKEMpVy6ueoHE21cDrsD555JxLecLbwLk1izDLovgbX HLe5utkRsH+t7L5BcvBDMsKfgmmPMxxrG9PxIZHYE5R07taMvs0Wx3+MJytziNrG +UorpWHynOKT4LSbnFXxT0psq+sk6D2bZXXmEcbpr6Rv5+Uf1KF0EukxVi54qtsN 5R4HVZkCmr/fVUIxMEjQpdZTcuNXQHZni2b5LHXXLII72/Rw6bR9Frp1pU29bWl2 4zKeD2D7o7l1tsMiKuLrM0aWPzrdfXbqmZTrqxNew1DFNdr0CdTZhAz/eP76SVj8 4av9WxlN9EEdMQmN1yA6C96pKs6ZDOVfajRmx6O5/aFQjOA8PY8b4AcBtyfbKWK9 n6O3op2xvR6vfPJletqffFuCkCWCmkhU7155gBc3M6rLoxTj9jreCjB4duAnQi23 e6Wt3Kwvq+GH8jUJt30QpzCkeRcPz4wOrPaiO4dMdi1xV3G5/5BB2si+qmWHecuu
Re: It's time for PGP to die.
On 17/08/14 08:57, Heinz Diehl wrote: On 16.08.2014, Kristy Chambers wrote: Sorry for that crap subject. I just want to leave this. [] The use of PGP/GPG depends entirely on the respective needs and and context. For me, it has been working perfectly in many years, and thus, what's described in this article is a good example for theory which doesn't affect practice. At least in my case. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users I've been using gnupg for many many years. I have 199 users in my key ring and 99.99 per cent are untrusted. A fact that I for one do not mind. You don't trust my key is from me - right? Trust is relative - you have all been here for many many years - but I will not sign keys from you as trusted. Leaving aside the issue of how popular encryption of mail is - we are faced with the fact that 98 per cent of computer users are completely ignorant about software and hardware. They just go into PC World and buy what they like. There is No Microsoft pre-loaded security features built-in and so end users have no idea about encrypting their emails - and no easy way to instantly share keys between users. There is no automatic key generation at the point of switching the computer on for the very first time and then sharing your key with millions of other people. Same with so-called smart phones and tablets - there is no automatic simple key creation and automatic posting to a secure key server. We make an effort - but I have very very few friends that I have had to install gnupg on their computers - every one I know knows nothing about computers. While we are concerned with our rights to private communication - concerned with NSA GCHQ 99.99 per cent of the world's population while having a general or non-existent idea of security have no idea of what they should do. We fiddle while Rome burns. After 20 odd years while there has been advances in cryptography and GUIs there has been an almost zero growth in take up. No wonder Yahoo and Google (who can not be trusted) are providing solutions to end users who are completely ignorant. Can you imagine the horror of Microsoft entering the market? That thought scares me to death. But we have to face the fact that Microsoft has a hold on hard drive manufacturers - in that they are all sold with a version of Windows on them. What is required is that at first boot up of a computer an Iphone or an Itablet whatever a programme needs to run that will install and create a set of keys automatically. Your public key will automatically be sent to key servers. If there are any bugs security holes - then updates should be automatic. Time to die? Well after 20 years I think it is all very academic - professors sit in class rooms the world over - not much common sense comes out of their mouths. The real issues are: (a) do we want to implement our own security on our own devices as a geek or (b) have some automated pre-installed software that will create all that's necessary at first boot or (c) rely on some large corporation to handle the encryption and decryption for us Will global encryption and de-cryption of all emails and there attachments be fully automatic? The implications for security and intelligence services are a real head ache but who cares!! Some countries do not allow encryption by law and those that do will change their laws to have access to All private keys or face long term jail sentences. All governments are against the people. GNUpg would have a great future if the developers had greater vision. We are in a very very tiny minority of people. So small we are insignificant. The use of gpg will die out because we are ALL getting a bit long in the tooth. Service providers will make their own solutions available simply as an added end-user benefit but without any legal binding on their own security. We know that the NSA and GCHQ would be horrified by the thought of every one in the entire world encrypting their emails. They have a vested interest of keeping it under their control. The fact is 99.99 per cent of the world's population does not know gnupg exists. Or GPG4WIN. Perhaps when we are all in our 90's we will say Oh gpg was a good idea, pity it did not catch on. David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com 0xAAD8C47D.asc Description: application/pgp-keys ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Back to normal now
Hauke, Yesterday whilst figuring out what to do, I found that I was logged out - my Linux box refused to accept my password. Anyway having copied the contents of my home directory - I reinstalled LXDE. Then slowly configured. I installed gpg2 - created the directory and associated files and then copied over my files. All works perfectly now - thanks to being locked out!! David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com 0x8716853A.asc Description: application/pgp-keys ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
can any one send me....
Hi All, I am stuck, I need a working copy of gpg-agent.conf and a working copy of gpg.conf - for a Linux system. Am still failing to sign and encrypt. Thanks David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Error - bad passphrase
On 12/08/14 08:17, Hauke Laging wrote: Am Mo 11.08.2014, 09:10:23 schrieb da...@gbenet.com: Am getting the following msg now Error - key extraction command failed /usr/bin/gpg --charset utf-8 --display-charset utf-8 --batch --no-tty --status-fd 2 -a --export 0x8716853A gpg: WARNING: unsafe enclosing directory permissions on configuration file `/home/david/.gnupg/gpg.conf' gpg: /home/david/.gnupg/gpg.conf:6: argument not expected Interesting. What happens if you try this command in the shell? What is in line 6 of gpg.conf? debug-level basic? Can you avoid the error by commenting out the line which causes the problem and fixing the permissions for ~/.gnupg/? Hauke Hauke, I have tried all this - but I still get the same errors even after restarting my laptop. KGpg fails to start Kleopatra keeps warming me of errors and enigmail refuses to send mail unless I force no signing force no encryption. If I try to use gpg2 in enigmail it shuts down completely refusing to do anything. The more I do the more it seems that I do not fix this problem. All I get is the same error message from enigmail: Error - key extraction command failed /usr/bin/gpg --charset utf-8 --display-charset utf-8 --batch --no-tty --status-fd 2 -a --export 0x8716853A gpg: WARNING: unsafe enclosing directory permissions on configuration file `/home/david/.gnupg/gpg.conf' gpg: /home/david/.gnupg/gpg.conf:6: argument not expected I'm getting brain ache!! Ha! David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Error - bad passphrase
On 10/08/14 20:48, Hauke Laging wrote: Am So 10.08.2014, 20:39:26 schrieb da...@gbenet.com: david@laptop1:~$ gpg-agent --daemon GPG_AGENT_INFO=/tmp/gpg-6uIYXp/S.gpg-agent:1874:1; export You obviously have not set use-standard-socket in the config file gpg-agent.conf Hauke Hauke, Am getting the following msg now Error - key extraction command failed /usr/bin/gpg --charset utf-8 --display-charset utf-8 --batch --no-tty --status-fd 2 -a --export 0x8716853A gpg: WARNING: unsafe enclosing directory permissions on configuration file `/home/david/.gnupg/gpg.conf' gpg: /home/david/.gnupg/gpg.conf:6: argument not expected David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Error - bad passphrase
Hi All, Am at a loss now. I've Thunderbird 31 and Enigmail 1.7 Since this upgrade I've had various issues - unable to sign unable to encrypt - I get an error message from Enigmail Error - bad passphrase - when I've not even entered it at the time. Also KGpg comes up with the following error Gnupg failed to start - gpg: option file `/home/david/.gnupg/gpg.conf': No such file or directory. Kleopatra - Check that gpg-agent is running and that the GPG_AGENT_INFO variable is set and up-to-date. david@laptop1:~$ gpg-agent gpg-agent: no gpg-agent running in this session when I type david@laptop1:~$ gpg gpg: Go ahead and type your message ... and david@laptop1:~$ gpg2 gpg: Go ahead and type your message ... But sometimes gpg-agent is running... Am at a loss what to do - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com 0x8716853A.asc Description: application/pgp-keys ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Error - bad passphrase
On 10/08/14 15:44, Hauke Laging wrote: Hello, Am So 10.08.2014, 08:13:12 schrieb da...@gbenet.com: Since this upgrade I have no idea why the upgrade may have caused this. Also KGpg comes up with the following error Gnupg failed to start - gpg: option file `/home/david/.gnupg/gpg.conf': No such file or directory. Does the file exist? But sometimes gpg-agent is running... I don't know what the reason for the change is but I have a suggestion for a work-around: You can put use-standard-socket in the config file gpg-agent.conf. If you do that and gpg-agent is not running (which you may check every few minutes via cron) then you can simply restart it: gpg-agent --daemon Due to the config file setting the applications will connect to the new gpg-agent as they would have connected to the old one. Hauke Hi Hauke, david@laptop1:~$ gpg-agent --daemon GPG_AGENT_INFO=/tmp/gpg-6uIYXp/S.gpg-agent:1874:1; export GPG_AGENT_INFO; david@laptop1:~$ gpg-agent gpg-agent: no gpg-agent running in this session david@laptop1:~$ and I have no gpg.conf David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com 0x8716853A.asc Description: application/pgp-keys ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG4Win question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/07/14 14:10, Philip Jackson wrote: On 11/07/14 11:45, da...@gbenet.com wrote: Hi All, In what folder does gpg4win store it's gpa.conf and pubring.gpg files? In Windows 7, 64bit, these files are in /Users/your_user_name/AppData/Roaming/gnupg/ regards, Philip ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Thanks for taking the time to advise me. David - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iJwEAQECAAYFAlPA62MACgkQPsGd8ZKwe+f+pgQAlV7P/TqmX47kU5dt3xrW4cJg rpFuCr1KVKUJHE4WOvv1LI/FN9QUejK9M1+7OmfO5xpBrJDbOeiJMovwaTFQ4aEz FITE3eiNGt57hhuZp/F5LOdLTnuaVx23mTXAHSV4fGQxtjTGSgtK9CPi2I5X6Uol LUBORhgPEu2L0pSUDd8= =P4Ev -END PGP SIGNATURE- 0x8716853A.asc Description: application/pgp-keys ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG4Win question
On 12/07/14 17:22, Ingo Kl�cker wrote: Hi David, On Saturday 12 July 2014 09:02:09 da...@gbenet.com wrote: htmlhead meta http-equiv=Content-Type content=text/html; charset=utf-8 /head body bgcolor=#FF text=#00 br -BEGIN PGP SIGNED MESSAGE-br Hash: SHA1br br [snip] -BEGIN PGP SIGNATURE-br Version: GnuPG v1.4.11 (GNU/Linux)br Comment: Using GnuPG with Thunderbird - a class=moz-txt-link-freetext href=http://www.enigmail.net/;http://www.enigmail.net//abr br iJwEAQECAAYFAlPA62MACgkQPsGd8ZKwe#43;f#43;pgQAlV7P/TqmX47kU5dt3xrW4c Jgbr rpFuCr1KVKUJHE4WOvv1LI/FN9QUejK9M1#43;7OmfO5xpBrJDbOeiJMovwaTFQ4aEz br FITE3eiNGt57hhuZp/F5LOdLTnuaVx23mTXAHSV4fGQxtjTGSgtK9CPi2I5X6Uolbr LUBORhgPEu2L0pSUDd8=br =P4Evbr -END PGP SIGNATURE-br br /body /html You are sending your mails in HTML format and you are trying to use inline PGP signatures. This doesn't work. The HTML formatting breaks the inline PGP signatures. There are two ways to make it work: a) Tell Thunderbird to send plain text messages instead of HTML messages. b) Tell the Enigmail-plugin to use OpenPGP/MIME instead of inline OpenPGP for signatures. The third option you have is to do a) and b), i.e. send OpenPGP/MIME- signed plain text messages. That's what I do. Regards, Ingo ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users hi Ingo, I realised my errors - I just re-installed Linux - and changed my partners Windows machine to Linux. All I have now to do is sort out her Thunderbird Mail to move it over to Linux. Thanks for reminding me :) David -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com 0x8716853A.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GPG4Win question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi All, In what folder does gpg4win store it's gpa.conf and pubring.gpg files? Thanks David - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iJwEAQECAAYFAlO/sg0ACgkQPsGd8ZKwe+d1BQP+Nsc2U50XxG9nZcZn7mVcvjIu pEXuvug1pVg75DdjzAYD45ZfdJf2s4kX1CWTkOlw6fIBlGVWPGVVMhmhcIfoF6Dc SIZFUNnkY4R+U6/Kqwz3bj/SVAGufdYRpPII18V3jq8Fbg3TA9bqDEjktSOYVL55 7q4Q9fxQ0Fnjf6sQOC8= =ZiMK -END PGP SIGNATURE- 0x8716853A.asc Description: application/pgp-keys ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
my new public key
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello All, I've just created a new key pair - the older one gets you realise you will not live forever! So import and be happy! David - -- https://linuxcounter.net/user/512854.html - http://gbenet.com/blog - cryptology - for books howto's - mailing lists and more -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iJwEAQECAAYFAlBnJNsACgkQPsGd8ZKwe+d0dQQApZz8Sj2YIkRZwxkeRRsauFQA 7JMRb0I9wJd8uOOu6DS+J8ykz9sMrGd92nmG5mVk3GFuExbhNVzGS1nCQvdxQLiH 2+Qr+IA+c3EB95zqjtaLqr4n4nRSwzazixJzVC0FMMQa5EvPa+A1VdgC9Jds3SLn 3H27gmnHFhcDZCkgxdQ= =j/TN -END PGP SIGNATURE- 0x8716853A.asc Description: application/pgp-keys ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
revoked DF951131
Hi All, I have revoked my public and private key DF951131 (postmas...@gbenet.com) and sent a revocation certificate to key servers - if you see it's been revoked after the update you can delete the key. Over the next few days I will create another. David -- https://linuxcounter.net/user/512854.html - http://gbenet.com/blog - cryptology - for books howto's - mailing lists and more ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Visible Password
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 22/06/12 16:54, David Chadwick wrote: Hi All I was demonstrating GPA for the first time to a class of students yesterday and a very strange thing happened. (Note that I am new to GPA, having used OpenPGP for the last 10 years, so I am not familiar with its normal behaviour). When I signed a message in the clipboard and was asked for my private key password, I typed it in, and to my horror saw that the password was displayed in the clear in another small window at the bottom left hand side of the screen, instead of showing as in the normal password window. The class thought this was very humorous. This small window then disappeared (without me doing anything). Later on in class I decided to change my password, and this time, when the new password screen appeared, and I typed in my new password, and it also appeared in a new small window, in the clear, at the bottom left hand side of the screen. Then it disappeared. Has anyone every come across anything like this before? I have tried to repeat this several times since the class, and am unable to. My PC was running very slowly at the time of the demo and I initially wondered if it was a timing issue. Otherwise I can only think that a very clever student in the class had hacked into my PC (which was connected to the wireless Internet the whole time) during the lecture, and had placed the key pop-up window ther braine on cue to capture my passwords as I typed. But this would seem to be a very difficult thing to do, and a very clever student regardst David Hello David, GPA on Linux has not done this - is it Windows? What other applications were running at the time? Perhaps one of them captured it - your passphrase? All I can think of is that you started a programme or a log-in that required a password - that programme was still running and captured your passphrase - but their are better brains then me :) David - -- https://linuxcounter.net/user/512854.html - http://gbenet.com/blog - cryptology - for books how-to's - mailing lists and more -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJP5JeYAAoJEOJpqm7flRExFY8H/2hR73oDIRNDTCkDimFB0BWi LrEnUSmseDNf5OGYOFZqyLnFvSEAz0/BnzvWfoQZWELmZJkeHvHTg9F1reatircU Ty7yRZvILtc8xnpvkKw06drcm4hQ9ZX5ReNgmX74ak3jTKUUorURP6FRKuCGI27y hC+8u/LXkYt4fUpJhbjGoFQvf9FGTqyVjJqtT+xnRc2bMGvcScdlpOjhaX3Z8krS FqRqkBSG4LnduhD3HBQj0MIWNnKcE+kttT8nrs9t+eYhD9xToEApG+D57YnnZH/V wKCMpFE/vdAm/vho6eHsUKQETyChoaZOvLVQkZF2zm4wJlhhTr3peRmTcM3URsM= =e/KO -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Stumped and need some help with agent
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 16/06/12 21:42, Anthony Papillion wrote: Hello Everyone, I'm having a devil of a time with Ubuntu 11.04 with GnuPG and need a bit of help. This MIGHT be a problem with the Enigmail plugin but I think it's probably something to do with my GnuPG configuration so I'm asking here first. Basically, I have GPG 1.4.11 installed. For some reason, I also have the binary for gpg2 at /usr/bin/gpg2. However, my Enigmail is picking up /usr/bin/gpg so all should be fine (I think). For some reason, every time I do anything to an encrypted message, I have to re-enter my passphrase. If I open a message, I enter my passphrase, then, when I reply to it, I have to enter it again. And to send that reply? Yep, enter it again! Obviously, something is amiss. Can anyone lend me a hand and help me figure this out? I've even gone as far as to rename the gpg2 binary so it couldn't be found by the system, renamed the gpa.conf file (just in case) and added the no-use-agent entry to my gpg.conf file with no result. Help?!? Please! Anthony ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Hello Anthony, In your .gnupg directory you want to edit the file (or create one) gpg-agent.conf and add the lines default-cache-ttl 9000 default-cache-ttl-ssh 1800 You can install the programme GPA and it will under preferences edit it for you. If I recall Ubuntu does not have it so go to ftp://ftp.gnupg.org/gcrypt/gpa// download gpa - you have to ./configure - make - make install. Also make sure gpg-agent's running. David - -- https://linuxcounter.net/user/512854.html - http://gbenet.com/blog - cryptology - for books how-to's - mailing lists and more -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJP3QqEAAoJEOJpqm7flRExAFEH+wTSqxeM9z4+yxKHJ55dszfZ f3lBLSZaae1U0Ij21TY4pAa1kEW9y0bSMZwcAwFijmmj2ACiK26+jDinA9A/9zO7 I5XOCLyzyaCKSL73CEh/zoySII/u5KBHJbCA8lDY2dmbRBCYbXwYwj59D6cnmPDW 6/le/wy/mQrweymo63sSDLQ6HrhdcOhYMDp6hHCZNYbc2w6tCtSh00KI99WvVk7l ZC6sDm/x3PAZL7EeRR7i+78xrMzGCBQHjoSIOfzHaYsrdaMJPEVOtJrUZScu3ojQ iLAg8Oi4UynznDJJxzBZ/mDtcJyR+FlRtF4TGSSDL5/x2A7ZUggc0nsY3b9SQwE= =YD/g -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: can someone verify the gnupg Fingerprint for pubkey?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/06/12 15:36, Sam Smith wrote: Mr. Koch, can you (or anyone else) recommend a book that is good for novices like myself that covers GPG public keys and can help me learn how to verify identity based on the chain of trust (self-signatures and other signatures as you said in your email ) and covers other aspects of how GPG works with regards to the PGP model? From: w...@gnupg.org To: smick...@hotmail.com CC: da...@gbenet.com; gnupg-users@gnupg.org Subject: Re: can someone verify the gnupg Fingerprint for pubkey? Date: Sat, 9 Jun 2012 10:19:37 +0200 On Fri, 8 Jun 2012 23:41, smick...@hotmail.com said: Another thing is that downloading the key from that link you provided is no guarantee of safety in and of itself either because the page is not being hosted over SSL with confirmed identity information. So That is not relevant. The key (correct OpenPGP term is �keyblock� but sometimes also called �certificate�) is in itself secure; the included self-signature and signatures from other people shall be used to evaluate the identity of the key owner. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Hello Sam, I am constantly adding books to my web site - take a look at my web site - see link below. David - -- https://linuxcounter.net/user/512854.html - http://gbenet.com/blog - cryptology - for books how-to's - mailing lists and more -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJP1lwcAAoJEOJpqm7flRExMpIIAKl0XejEx4i9TvMEMHnm/pA4 Tara9UeIFagIgRIMXc9eLd8qYk1ylogF5SYdEklGAlT4RaCABxyLMM3HbnNCJv+R +UDoFOkNgqmmBXNWbWQE+zO2Z1E9pAhmVLc1oSp2x0JsgC8KAQr8V5Vz6zRhxmd+ NPfrmRAeRqZg1Z6GvfFMEFeds6JyR7QapbRTNrNZqzl6uC17SyABNHfafuYuTflp f+9RJEsfMZ+F1PNZSLf7dcDLSgMtdfa2hi3eOCZEJXNMdPJ49mXg0Nco2Y5BdTOB YOrDbvAMApJ/tBdl+cCqoI7V0eVwU8/ZGluY6hboOtkyHxMxJEDTpEcg2i/veLs= =ph8b -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Need a GUI for e ncrypt/decrypt in Ubuntu 11.10
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/06/12 13:15, . wrote: Does anyone have a GUI that will accomplish all key management and also provide for easy file encrypt/decrypt/verify signature etc, etc? You could try Kleopatra or GPA but Enigmail/Openpgp does all that the others can do - - if you install Thunderbird e-mail client that is David https://linuxcounter.net/user/512854.html - http://gbenet.com/blog - cryptology - for books how-to's - mailing lists and more -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJP1l8XAAoJEOJpqm7flRExgR8IAKl4spAMUULAlQ26wbraTicv TyRHC+3vaVyPEh9wGFRt0P4AhfSA+3vjN52ALPYhNyX+BgHeK9PKE5rF1hARXybF hhgx4CckARukoCXBWlbgStXAesAqxJ0DDI7MTCSH8UyZieSPJPx1edRpOvWIGjF6 YNgjWfn3KIkRVJY2hq/JP3/5ls8z67/78psDjuNSwczJywicNaYDSHc1nEYilEjj sjNmWAvfWGzmijnyU4FpeZH88j/PguA1nRKUVFeORMVILaHQfb6yq1+gUtth0N5l jDtdqEjJmHvOZNgFUzPcvvnKa0HRTXjHZUVGHutmkQbFJmPLkLuQeiNL+O6Z6DQ= =3bQ3 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: can someone verify the gnupg Fingerprint for pubkey?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/06/12 14:59, Sam Smith wrote: Okay. So please let me know if I understand correctly what I am supposed to do (or what you guys are recommending be done) with key signing: I downloaded the GnuPG program and ran gpg --verify. I am told the keyID that signed the program. I download that KeyID from a keyserver. I now ask people on this list to verify the fingerprint of the key I got from the keyserver as a legit key. (So far this behavior is okay, right)? Since people on this list verified the fingerprint, I have enough confidence to verify the GnuPG program with the key. BUT I do not have enough confidence to mark the key (the one I got from the keyserver) as Trusted or to Sign the key because I have not met with Werner Koch in person and seen credentials. Summation of Proper Key Signing Behavior: 1.) I should NOT sign a key as trusted unless I have actually met with the person and seen his/her credentials. I can sign if I KNOW the person and verify the fingerprint with that person. But even these situations run the risk of dealing with a secret agent. Applying this rule, since I have not met Werner Koch, I should not sign his key. Verifying the fingerprint on a downloaded key is enough to use the key to verify software, but it's not enough to actually trust and sign the key. Hence using it to verify runs some risk because the key is not totally trustworthy. Every time I use Werner Koch's key to verify a GnuPG program, I will get the warning that I am verifying with an untrusted key. You guys all get this warning because all of you are also not signing keys (even if you've verified the fingerprint with others) because you have not met with all the people needed in order to sign all the keys you have. Right? You guys all get this warning whenever you gpg --verify, right? In short, I should always be seeing the notice that I have verified using an untrusted key when using Werner Koch's key unless/until I actually meet him and see credentials. The only time you guys don't see this notice when verifying a key is when you use a key that you have actually met the signer of face to face, right? Do I understand correctly. Is this all accurate? With this behavior, would I be doing Best Practices and what you guys all do? Thanks for the instruction, guys. I appreciate the time and energy you guys spent writing the emails to me. means a lot to me. Date: Sat, 9 Jun 2012 06:09:54 +0100 From: da...@gbenet.com To: smick...@hotmail.com CC: gnupg-users@gnupg.org Subject: Re: can someone verify the gnupg Fingerprint for pubkey? On 08/06/12 22:41, Sam Smith wrote: Another thing is that downloading the key from that link you provided is no guarantee of safety in and of itself either because the page is not being hosted over SSL with confirmed identity information. So technically there's no guarantee I'm actually interacting with teh GnuPG.org website. Date: Thu, 7 Jun 2012 05:23:43 +0100 From: da...@gbenet.com To: gnupg-users@gnupg.org Subject: Re: can someone verify the gnupg Fingerprint for pubkey? On 07/06/12 00:15, Sam Smith wrote: yes, impersonation of the UID [Werner Koch (dist sig)] is what I'm trying to guard against. My efforts to verify the fingerprint are the best way to do this, correct? Date: Wed, 6 Jun 2012 21:54:01 +0200 From: pe...@digitalbrains.com To: gnupg-users@gnupg.org Subject: Re: can someone verify the gnupg Fingerprint for pubkey? On 06/06/12 17:58, Mika Suomalainen wrote: D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 Looks correct. ``` % gpg --recv-keys D8692123C4065DEA5E0F3AB5249B39D24F25E3B6 gpg: requesting key 4F25E3B6 from hkp server pool.sks-keyservers.net gpg: key 4F25E3B6: public key Werner Koch (dist sig) imported I agree it appears he has the correct key. I did a local sig on it after what checking I seemed to be able to do without meeting people in person. But it's a bit unclear to me on what basis you decided it looked correct? Your mail suggests to me that you decided that based on the fact that the UID on that key is Werner Koch (dist sig). But that would be the very first thing a potential attacker would duplicate in his effort to fool our OP. Even if he's using MITM tricks to subvert his system, he can still post his personally generated key to the keyserver with this UID. Peter. PS: I briefly considered signing this message, because the attacker might MITM my message to the OP. Then I realised what good that signature would do :). -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman
Re: can someone verify the gnupg Fingerprint for pubkey?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/06/12 22:41, Sam Smith wrote: Another thing is that downloading the key from that link you provided is no guarantee of safety in and of itself either because the page is not being hosted over SSL with confirmed identity information. So technically there's no guarantee I'm actually interacting with teh GnuPG.org website. Date: Thu, 7 Jun 2012 05:23:43 +0100 From: da...@gbenet.com To: gnupg-users@gnupg.org Subject: Re: can someone verify the gnupg Fingerprint for pubkey? On 07/06/12 00:15, Sam Smith wrote: yes, impersonation of the UID [Werner Koch (dist sig)] is what I'm trying to guard against. My efforts to verify the fingerprint are the best way to do this, correct? Date: Wed, 6 Jun 2012 21:54:01 +0200 From: pe...@digitalbrains.com To: gnupg-users@gnupg.org Subject: Re: can someone verify the gnupg Fingerprint for pubkey? On 06/06/12 17:58, Mika Suomalainen wrote: D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 Looks correct. ``` % gpg --recv-keys D8692123C4065DEA5E0F3AB5249B39D24F25E3B6 gpg: requesting key 4F25E3B6 from hkp server pool.sks-keyservers.net gpg: key 4F25E3B6: public key Werner Koch (dist sig) imported I agree it appears he has the correct key. I did a local sig on it after what checking I seemed to be able to do without meeting people in person. But it's a bit unclear to me on what basis you decided it looked correct? Your mail suggests to me that you decided that based on the fact that the UID on that key is Werner Koch (dist sig). But that would be the very first thing a potential attacker would duplicate in his effort to fool our OP. Even if he's using MITM tricks to subvert his system, he can still post his personally generated key to the keyserver with this UID. Peter. PS: I briefly considered signing this message, because the attacker might MITM my message to the OP. Then I realised what good that signature would do :). -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Sam, You are a little confused - you ask ask can some one verify the gnupg fingerprint for pubkey and you use Verners key to verify gnupg. Then you worry about impersonation - now clearly Verner and gnupg have different keys. Or don't you know that? Clearly you failed to follow my link and clearly you failed to check the public key for gnupg. Now being a little confused try and get a clear question in your mind - is it Verner's key that you have such a passion to verify or gnupg? Verner's had about three keys two of which have expired - to the best of my knowledge he's a real person - he even maintains this list. You could always try encrypting an e-mail to his public key asking him if he's a real person. I'd suggest you not do the same for the public key of gnupg. People generate a private and a public key imaginary people don't do this - granted some one can set up a false ID and create a set of keys - but though they have created a false ID to do so they are nevertheless real people. If you are so concerned about Verner's key why not take a trip to Germany and arrange to meet him? You can't meet the gnupg (as its a bit of software) but you can verify it's running on your computer. All your keys are untrusted. Everyone of them - apart from your own public key. They all remain so until you actually meet that person and verify that they are who they say they are. You carefully check their passport their driving licence. But gnupg has not got a passport or a driving license. The only way you can check if gnupg is real is to check if it's running on your computer gpg --version - this will tell you if you have the software installed. If it's installed and working correctly it must be real. What if that fails? Well you do the same thing gpg2 --version and hope that Verner does not pop up and say Hello. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Sam, You have to apply some logic - and some common sense. I have about 180 public keys - all apart from about 5 or 6 are untrusted. Now a lot of people have my public key say 175 and all those people have my public key marked as untrusted. The whole idea behind the web of trust is that you have met real people. On the whole most people are who they say
Re: can someone verify the gnupg Fingerprint for pubkey?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/06/12 14:17, Peter Lebbing wrote: On 07/06/12 06:23, da...@gbenet.com wrote: Clearly you failed to follow my link and clearly you failed to check the public key for gnupg. Now being a little confused try and get a clear question in your mind - is it Verner's key that you have such a passion to verify or gnupg? I'm sorry, but I'm tech savvy and have some knowledge of OpenPGP and stuff and I'm quite confused about what you are trying to say in this mail. I'm also a bit worried that your mail can be read as quite brusque for no good reason. Perhaps it comes across diferently than you meant. Peter. Peter, To put matters simply, (1) Verner's key is not the same as gnupg's key (2) You can confirm the validity of Verner's key by meeting him (3) you can confirm that gnupg is running on your computer gpg/2 --version.. The subject of your e-mail is: can someone verify the gnupg Fingerprint for pubkey? I gave you a direct link to import gnupg's public key - but pointed out to you that the normal procedure for verification would not work i.e all your public keys are by default untrustworthy and that the only way to verify a public key is owned by a person is to meet that person. You have no way to verify that the public key belonging to gnupg is valid - but it does exist on your computer. It's entirely up to you whether you trust it or not. It's a question of reality. Verner's key and gnupg's key are two separate keys - you can not confuse the two. Verner's already explained this to you in some detail. To conclude - the only key you can trust ultimately is your own. When you have met some one and confirmed their ID as indicated you can set a level of trust to fully. It does not matter how many people have signed a public key belonging to someone - they are all untrustedworthy - until that is you meet that person in reality. As to the question: can someone verify the gnupg Fingerprint for pubkey? The answer is no. Why? It is not a person but a bit of software. I am usually quite good natured :) David - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com/blog -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJP0MZJAAoJEOJpqm7flRExmHEIAIJhfJF5/H62o2Plrj54/jMi hUb7pyp9e+X1LLazT7R80PEsA03z8xU7N0yOqfp70HmE5y6+RrNYc0hyyCPnaYXB 1sLShpb9bA0DxUknP51QHeWDxp19noDEwCWDUC6xkrQYgj8L8lPkOTAynbm2Wd+f DGQAyxiFd7b5Pglyd+lxAwvcGHKosyfePofI5JJuj+bABmS+RNGzGUiX4ssVl+Ft 63bfDJd+Ow6ew1U0m+e265KcugRe6mlAdCTdRgGTyGBuKL+tbV0yiyc9x7FlpHsz gBjC6b8EmTWJeAk3C9YMtvsonPnkJ2/i2SggYU4WrprEJlexWlD+O1oUJBxA4n8= =Fla8 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: can someone verify the gnupg Fingerprint for pubkey?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/06/12 17:14, Robert J. Hansen wrote: On 6/7/12 11:18 AM, da...@gbenet.com wrote: To put matters simply, (1) Verner's key is not the same as gnupg's key (2) You can confirm the validity of Verner's key by meeting him (3) you can confirm that gnupg is running on your computer gpg/2 --version.. As an FYI, you are consistently misspelling Werner's name. It's Werner, not Verner. As to the question: can someone verify the gnupg Fingerprint for pubkey? The answer is no. Why? It is not a person but a bit of software. The certificate belongs to someone. If Werner were to appear before me with his passport and said I control the certificates corresponding to these email addresses and gave me their fingerprints, I would consider those certificates to be fully validated. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users It's the German in me :) David - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com/blog -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJP0NbNAAoJEOJpqm7flRExAUcH/0N0ZwRLAxpd8dzAF7oIlQ3j nYibmtsoUQ/P7Nr6S6nBF9N/butYONXoEa/H69IctCgb28FenrQuq8joamImVEpD g5u70rmsX7T0vqHEE0juuz4jC9Vfmpa8waGcA5WQ8xATTIkf5RS9qElw6yQrbNdS kkoqlb4HTv8L5fiodztgJxXPQ7f1+gkn5CxUe63TT2wZlrqKSULvkIo4wtfrqxbc XY71vZbKdxmgCi41WzaErLQQTswDlHw0HeJhh0+a1itRRVxU4ghRsGP2LOBwuAgg J2CZgzz6u2Dt6ej10j2s+9jYWf53aSHS2bzCdEVly5taDE8crdHKkO1z51aMZ2Q= =RNJU -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: can someone verify the gnupg Fingerprint for pubkey?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/06/12 13:54, Sam Smith wrote: Can someone please verify that I have the legit public key to verify GnuPG with? I checked the website but the Fingerprint is not given anywhere. I got this Fingerprint for the Public Key I downloaded D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Hello, You want to go to this link http://gnupg.org/signature_key.en.html and select the public key block - then copy then open whatever gnupg frontend you have and import from clipboard David - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPz3WOAAoJEOJpqm7flREx+oIIAKnveVZkvxaMEqAPNk/cIxrM 7/v56CJ+vDZPz0rL9yBv5F8WxLDmle8oB/RvLsnHR5qGwqgkltDDv5uxn3rq9EHy fTry8ObW45HzkAsS4+DlAXq61eDIwtxCo2dhzVzwWExQf4UKlh2r27Kqi6tV8apG PEwVLo4JC3hVAp6OX1PNo+ydbRERSI/aeCGalhNN8/dBZuHEcguTGGe6WGJcPLU4 pMrSIXwge3czFj8OYj/XQ/OChvZva0UIEpuLZKUQTmdM7aD1GAKgAoFnKWlzGzIW VjO116fyuldvTNkl9mXNqX7lwlZbLPKMWT2YZst/FQCDeq01tTN2G49IzeXEoI4= =Ream -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: can someone verify the gnupg Fingerprint for pubkey?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/06/12 00:15, Sam Smith wrote: yes, impersonation of the UID [Werner Koch (dist sig)] is what I'm trying to guard against. My efforts to verify the fingerprint are the best way to do this, correct? Date: Wed, 6 Jun 2012 21:54:01 +0200 From: pe...@digitalbrains.com To: gnupg-users@gnupg.org Subject: Re: can someone verify the gnupg Fingerprint for pubkey? On 06/06/12 17:58, Mika Suomalainen wrote: D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 Looks correct. ``` % gpg --recv-keys D8692123C4065DEA5E0F3AB5249B39D24F25E3B6 gpg: requesting key 4F25E3B6 from hkp server pool.sks-keyservers.net gpg: key 4F25E3B6: public key Werner Koch (dist sig) imported I agree it appears he has the correct key. I did a local sig on it after what checking I seemed to be able to do without meeting people in person. But it's a bit unclear to me on what basis you decided it looked correct? Your mail suggests to me that you decided that based on the fact that the UID on that key is Werner Koch (dist sig). But that would be the very first thing a potential attacker would duplicate in his effort to fool our OP. Even if he's using MITM tricks to subvert his system, he can still post his personally generated key to the keyserver with this UID. Peter. PS: I briefly considered signing this message, because the attacker might MITM my message to the OP. Then I realised what good that signature would do :). -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Sam, You are a little confused - you ask ask can some one verify the gnupg fingerprint for pubkey and you use Verners key to verify gnupg. Then you worry about impersonation - now clearly Verner and gnupg have different keys. Or don't you know that? Clearly you failed to follow my link and clearly you failed to check the public key for gnupg. Now being a little confused try and get a clear question in your mind - is it Verner's key that you have such a passion to verify or gnupg? Verner's had about three keys two of which have expired - to the best of my knowledge he's a real person - he even maintains this list. You could always try encrypting an e-mail to his public key asking him if he's a real person. I'd suggest you not do the same for the public key of gnupg. People generate a private and a public key imaginary people don't do this - granted some one can set up a false ID and create a set of keys - but though they have created a false ID to do so they are nevertheless real people. If you are so concerned about Verner's key why not take a trip to Germany and arrange to meet him? You can't meet the gnupg (as its a bit of software) but you can verify it's running on your computer. All your keys are untrusted. Everyone of them - apart from your own public key. They all remain so until you actually meet that person and verify that they are who they say they are. You carefully check their passport their driving licence. But gnupg has not got a passport or a driving license. The only way you can check if gnupg is real is to check if it's running on your computer gpg --version - this will tell you if you have the software installed. If it's installed and working correctly it must be real. What if that fails? Well you do the same thing gpg2 --version and hope that Verner does not pop up and say Hello. David - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJP0CzCAAoJEOJpqm7flRExrRoH+gIVpmZ+pLRh3iT13AzX7oUn qcJ8F9WT8RvfpTEK4gWPmu6MXmSVLbIvzJPcQswVFCGSgHeisIxkKSdZzXzsV1Ay Yge0MPrZIxR/xA8ZJFC2+Oirx7ERPf615neoIAFwGu6Ern4XHWS7D2iCpfdknFfe B2zmQGHhHmonZG99MOUyAAO9ndDxeXtBMxcTFFPn3ilSqErQ3Xhc9uDOaSWG5uc+ prgXt8E9Ku4sptk7vDnArxri5i5xs6QAxP7JzGYZda/9vqyDfj5ZniIht+8VAu3x eugnoPGyyBiJJ/blmeRoizbqG2xwwxkpb9lE8/cCPKw/4pdUo+638IGd2LXYkp8= =5tt8 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Testing GPG EMail encryption
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 25/05/12 14:03, Mark H. Wood wrote: On Thu, May 24, 2012 at 04:55:59PM +0100, da...@gbenet.com wrote: - From tests carried out - Mandrava Linux was ok. I suspect that other Linux distros have no real problems - just because your works - does not mean that every other Linux distro works. However: because it works on my system, even though there is no GPG v1 installed on it anywhere, does demonstrate that gpg v1 is not required and gpg v2 is not the problem. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Therefore, are we saying that with some Linux distros that happen to have installed gp2 automatically that those Linux distros have a problem with gpg2? For example opensuse - all versions tested: (1) When you open the address book in TB select an address right mouse click you get an option to create a per-recipient rule for that person. (Openpgp/inigmail is installed for you to do this). With gpg2 installed this option flickers jumps and fades out. (2) With gpg1 - it is clear - no jumping -no fading no fuzziness - you get other options - such a delete - which are not available when just pgp2 is installed. This same flickering and fuzzing occurs with Fedora-16 all GUIs 32/64 bit and you only have one menu option which is to create a rule - though it flickers on and off one does not know one's created a rule till you go an check it within the options of openpgp. (3) Having created such a rule you decide to digitally sign and send an encrypted e-mail to that person using their public key. (4) But - and this is the big big big but - you can not digitally sign whilst encrypting - and worse when the person gets that e-mail they say Why did you send me an e-mail that I can not open. These are real person to person facts with gpg2 installed on all the Linux distros I tested. (5) Now I say that gpg2 does not work with the Linux distros I tested. Not all Linux distros are the same they convert open source to proprietary branded Linux. (6) And what's worse when end users download Thunderbird from Mozilla when they download enigmail from their respective web sites and correctly install correctly configure they still have the same problems with gpg2. This is why I said and listed those Linux distros that gpg2 does not work with. Now I suggested that perhaps enigmail/openpgp was at fault - and got told to bugger off cos it was a gpg2 problem. Now as a scientist who believes in the scientific method I have tested and have drawn my tests into the public domain. Now some people's reaction was not helpful - reading in that I was angry without reading the contents of my e-mail - these are fuck-wits. Lowlife cyber-hoodies. But I am patient even with fuck-wits. I may add that I do not consider you a fuck wwit or indeed a cyber-hoodie. But we are still faced with the issues raised thy don't go away: (1) Because Oh it works on my system so it must work on other people's. (2) Bugger off we are not interested in how many Linux distros you tested it's not got anything to do with us. (3) Its not gpg2 it's something else. The something else is always a mystery. To conclude: (1) Some heavily branded Linux distros do re-write all the open source code to lock users in and deprive them of some functionality - Seahorse is a case in point (2) Even when installing the open source for TB and Enigmail gpg2 does not work on Linux distros (I tested) (3) Some Linux distros (the one's I tested) do not support gpg2 These are the tested facts of the matter - these are real person to person experiences. There is one commonality which stands out and that is gpg2. We may also say: (1) Do not Install any version of opensuse any version of Ubuntu any version of Fedora-16 and any version of Linux Mint. Why? The gpg2 that get's installed does not work. (2) All heavily branded Linux distros are no respecter's of open source. (3) Further more if you decide to download all the open source from their respective web sites they will not work on these Linux distros. (4) It took me 10 days sometimes 18 hours per day to test something like 50 Linux Distros against (a) A person running Windows XP with GPG4Win installed (they had their fair share of problems too) (b) a person running Mandriva with gpg2 install with no probs. I trust that matters are clear David - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPv8WdAAoJEOJpqm7flRExpdAIAJTcXMq9BwdlqVt7mDU+f2Lh bwm2l/s3
Re: Testing GPG EMail encryption
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 25/05/12 21:47, Robert J. Hansen wrote: On 5/25/12 1:47 PM, da...@gbenet.com wrote: For example opensuse - all versions tested: (1) When you open the address book in TB select an address right mouse click you get an option to create a per-recipient rule for that person. (Openpgp/inigmail is installed for you to do this). With gpg2 installed this option flickers jumps and fades out. I have an OpenSUSE 12.1 system here on my desktop. I cannot recreate this. (2) With gpg1 - it is clear - no jumping -no fading no fuzziness - you get other options - such a delete - which are not available when just pgp2 is installed. This same flickering and fuzzing occurs with Fedora-16 all GUIs 32/64 bit and you only have one menu option which is to create a rule - though it flickers on and off one does not know one's created a rule till you go an check it within the options of openpgp. I have a Fedora 16 server in the closet. I cannot recreate this. (4) But - and this is the big big big but - you can not digitally sign whilst encrypting - and worse when the person gets that e-mail they say Why did you send me an e-mail that I can not open. These are real person to person facts with gpg2 installed on all the Linux distros I tested. I cannot recreate this on either my Ubuntu 12.04LTS laptop, my OpenSUSE desktop, or my Fedora 16 server. (5) Now I say that gpg2 does not work with the Linux distros I tested. Not all Linux distros are the same they convert open source to proprietary branded Linux. Them's fightin' words, convert[ing] open source to proprietary. This is why I said and listed those Linux distros that gpg2 does not work with. Now I suggested that perhaps enigmail/openpgp was at fault - and got told to bugger off cos it was a gpg2 problem. No one told you to do this. Instead, you were told that if you were so certain this was a GnuPG 2 problem that you should take it to GnuPG-Users. People also volunteered to help you discover the root of your problem with GnuPG 2, but you did not take them up on it. Now some people's reaction was not helpful - reading in that I was angry without reading the contents of my e-mail - these are ... We try to keep this mailing list free of vulgarity. I understand you're frustrated and find these people (e.g., me) to be vexing, but many of us would appreciate it if you would avoid vulgar language. (1) Because Oh it works on my system so it must work on other people's. As opposed to, because it doesn't work on my system it must not work, period? (2) Bugger off we are not interested in how many Linux distros you tested it's not got anything to do with us. Which is, you know, *true*. If you're certain the problem is with GnuPG 2, then complaining about it on the Enigmail list isn't going to be very productive. The GnuPG developers are on this list, not that one. (1) Some heavily branded Linux distros do re-write all the open source code to lock users in and deprive them of some functionality - Seahorse is a case in point This does not seem to be true. Which distros are forbidding you from getting the source code for Seahorse? If they are doing this then they are violating the copyright license of the Seahorse code, and I'm certain the Seahorse developers would take great umbrage at that. (2) Even when installing the open source for TB and Enigmail gpg2 does not work on Linux distros (I tested) It does not work *for you*. (3) Some Linux distros (the one's I tested) do not support gpg2 It does not work *for you*. There is one commonality which stands out and that is gpg2. The other commonality is you. It's quite possible you're doing something wrong. And to repeat, we would be happy to try and help, but so far your attitude towards help seems to have been one of angry defiance. (1) Do not Install any version of opensuse any version of Ubuntu any version of Fedora-16 and any version of Linux Mint. Why? The gpg2 that get's installed does not work. My experience, and that of tens of thousands of other Fedora 16, Ubuntu and Linux Mint users, is different. (2) All heavily branded Linux distros are no respecter's of open source. I need to see specific instances of their violating the copyright license attached to the code, please. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Let me reiterate I am not angry. Which means in common English let me explain again to you I am not angry. I gave you an example which was Seahorse - clearly you failed to read. I have set out quite clearly the issues found on Linux distros - you are unable to provide a solution to any. I am neither angry or disappointed. I state observations quite clearly - the recorded facts - and you are at a loss. As previously
Re: Testing GPG EMail encryption
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 25/05/12 23:01, Aaron Toponce wrote: On Wed, May 23, 2012 at 08:07:54PM +0100, da...@gbenet.com wrote: Openpgp/enigmail does not support gpg2 unless one has installed gpg 1.4.11 - but I no longer trust Openpgp/enigmail to do anything. That's unfortunate. While I'm mostly a Mutt user these days, I have Debian Icedove installed with Enigmal and GnuPG v2, and I personally haven't had any problems. Then again, I have both v1 and v2 installed. In fact, I highly recommend Enigmail. It's a fine piece of software. Aron, As stated when you have gpg 1.4.11 and gpg2 installed you do not experience any problems on the Linux distros that I tested. It is only when you have gpg2 on the Linux distros that I tested do you have problems. But some Linux distros are ok with gpg2 and nothing else whilst others that I tested have problems. David - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPwAwyAAoJEOJpqm7flRExTKMH/0o4qCVQJv+7aW21/GnjYxkt 0mYpR+VNlVAo7ReIIpF8dNt4iE5wgOKIrpjRuibmt5bYxEY1rQrPM3UgWmDoKp3x rpaNVIbcrJ5xitwFXrg0RQWew/VcLCkCMo/ZsVAwSlS/R5Ob3cmMC6WVS7xGxLf+ IidfgnbSiya8i2sY4bdRd5taprBD3shieUJ5CbGOKWG4JRzhAi52UCINrxg+q6ai P1q0/d6+s2bGj2WTz4pwd9aeQ9CtCvysLgIN7q9sYxft5fEZSAguB0S5rrPBzq57 ugsYKxX1IMKci4n2OP3RcSY3PThyxKjRkLpvK5wiiLAXh5rSxya9uAfS9MaUxRk= =abYa -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Testing GPG EMail encryption
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 24/05/12 13:55, Mark H. Wood wrote: On Wed, May 23, 2012 at 09:39:04PM +0100, da...@gbenet.com wrote: I ran the debugging programme with Openpgp debugging options to console and I got the message that with gpg2 installed one was not able to digitally sign an e-mail whilst encrypting to their public key which in all the named distros it encrypted to my private key - fact. I have no idea how a debugger would know that you couldn't sign an email. It is a fact that Openpgp will only work if BOTH gpg 1.4.11 and the widget gpg2 is then added. Fact. Most Linux users have BOTH by default. Fact. That's why no one's reporting aany problems. Fact. If you remove from your system gpg 1.4.11 then you have real problems with open Openpgp - even Kleopatra. Fact On my Gentoo system, there is no gpg v1 installed: mwood@mhw ~ $ dir /usr/bin/gpg* lrwxrwxrwx 1 root root 4 Sep 15 2011 /usr/bin/gpg - gpg2 -rwxr-xr-x 1 root root 699072 Jun 29 2011 /usr/bin/gpg2 -rwxr-xr-x 1 root root 268352 Jun 29 2011 /usr/bin/gpg-agent -rwxr-xr-x 1 root root 130720 Jun 29 2011 /usr/bin/gpgconf -rwxr-xr-x 1 root root 142736 Jun 29 2011 /usr/bin/gpg-connect-agent -rwxr-xr-x 1 root root 50627 Apr 2 15:28 /usr/bin/gpgdir -rwxr-xr-x 1 root root205 Jun 30 2011 /usr/bin/gpgen -rwxr-xr-x 1 root root 18448 Sep 21 2011 /usr/bin/gpg-error -rwxr-xr-x 1 root root 1804 Sep 21 2011 /usr/bin/gpg-error-config -rwxr-xr-x 1 root root 8990 Apr 2 15:28 /usr/bin/gpg-key2ps -rwxr-xr-x 1 root root 39320 Jun 29 2011 /usr/bin/gpgkey2ssh -rwxr-xr-x 1 root root 4005 Apr 2 15:28 /usr/bin/gpglist -rwxr-xr-x 1 root root 2750 Apr 2 15:28 /usr/bin/gpg-mailkeys -rwxr-xr-x 1 root root 3521 Jan 11 09:14 /usr/bin/gpgme-config -rwxr-xr-x 1 root root 26864 Jun 29 2011 /usr/bin/gpgparsemail -rwxr-xr-x 1 root root 1708 Apr 2 15:28 /usr/bin/gpgparticipants -rwxr-xr-x 1 root root 13830 Apr 2 15:28 /usr/bin/gpgsigs -rwxr-xr-x 1 root root 382016 Jun 29 2011 /usr/bin/gpgsm -rwxr-xr-x 1 root root 4635 Jun 29 2011 /usr/bin/gpgsm-gencert.sh lrwxrwxrwx 1 root root 5 Sep 15 2011 /usr/bin/gpgv - gpgv2 -rwxr-xr-x 1 root root 327504 Jun 29 2011 /usr/bin/gpgv2 -rwxr-xr-x 1 root root 22760 Apr 2 15:28 /usr/bin/gpgwrap mwood@mhw ~ $ gpg --version gpg (GnuPG) 2.0.17 libgcrypt 1.4.6 Copyright (C) 2011 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. As you can see, 'gpg' and 'gpgv' are symlinks to the v2 programs. Nevertheless, I just sent a signed message to myself at another address, from Thunderbird, using Enigmail. It arrived signed, with a valid signature. Thunderbird + Enigmail + gpg2 works. You should consider the possibility that you have a different problem. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users - From tests carried out - Mandrava Linux was ok. I suspect that other Linux distros have no real problems - just because your works - does not mean that every other Linux distro works. I stated I only ran tests on a few Linux Distros - I too have 5 e-mail accounts and could do multiple testing - with surprising results. We all think that at the core all Linux distros are the same - they are not. Heavily branded distros where the core of every programme is re-written is bad news for the user. I case in point. Seahorse. You are supposed to set how long a passphrase will exist for. In Ubuntu and opensuse this feature has been removed. Such programmes as apt are not installed - and do not appear on opensuse's list of approved apps. But it's not all about re-writing all the code for hard-wired branding. A women wrote to the enigmail list and said that her Fedora-16 64 bit had failed to initialise gpg2 - she ven whent as far as going to Mozilla and downloading and installing Thunderbird. She even went to the enigmail's home page and downloaded and installed the correct version of enigmail for Thunderbird. The result? Openpgp caused her system to freeze. I was the only person who answered her - I was the only person to conduct tests on Fedora-16 KDE/Gnome/LXDE 32/64 bit. I stated the results of my tests. Further in opensuse gpg2 is installed by default - a user-agent is installed by default - but in all versions of opensuse tested no user-agent was ever running. As stated the Seahorse was the default daemon - but had the ability to set how long a passphase would last had been programmed out. With branded versions (not all) of popular Linux distros the term open source means closed source. But we are still faced with the problems of GPG4WIN and the problem of directly installing from source. We are still faced with the fact
Re: Testing GPG EMail encryption
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 24/05/12 19:48, Werner Koch wrote: Hi David, your mails are hard to read because you do not trim the quotes and use lines of 90 characters or longer. Please don't use more than about 72. One hint anyway: GNOME has a thing called gnome-keyring which hijacks the gpg-agent IPC and thus you run into problems when using GnuPG-2. It is possible to switch this off (look for a components configure options in gnome-keyring). Seahorse does something quite similar but usually does not break GnuPG's internal communication channels. I don't know which distribution versions enable these misfeatures, though. Salam-Shalom, Werner Hello Verner - first off I will try to write much shorter sentences :) I have gnome-keyring installed - but no icon to click on and nothing in my menus to launch the programme. If I open a terminal and type gnome-keyring - all I get is: david@laptop-1 ~ $ gnome-keyring usage: gnome-keyring command [options] commands: certificate-exception import version david@laptop-1 ~ $ The help gnome-keyring --help does not give a list of user commands. A quick search shows I've got gnome-keyring files in my /etc - /usr/bin - usr/include - usr/lib -usr/lib/cli - usr/lib/debug/usr/lib - the list goes on :) So how may I edit components in the gnome-keyring? David - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPvpvxAAoJEOJpqm7flRExU9UIAJWiTwDZMqdzKKeP/3vnkMos +uXe5iLa82YBgAXOuGFZ+F7I8KmJbZ3WlSR94QmbANOk/RYYkplyz5cyXDdehrTB ElCiVw8RQN+/fantrvdKT9c/Syx0XXY1ps/bBZ3kOrApdjFTPI/+h2KA/OcQwuQL Pc/ya0b3OejrgnrLQP+JZ0+YV/gwp+zXKCJIOLXb7vL3pElbdjG2n88K3+KZqAK2 aHsvfc+IjWxtJbxsJxQv8sS8zakrnf2uUlypgPLO/EAcVY1z2ymj56cUPwFO4xmX KtgoRFRzPQGa7XHuFNDbFq6oSa7/mkTlh/jyzNH0wI5P0OzOVKIenwp566G6TYQ= =aGYL -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 22/05/12 19:40, Robert J. Hansen wrote: On 5/22/12 2:26 PM, Hauke Laging wrote: Given the frequency of this discussion and the amount of effort takes by the participants: Wouldn't it make sense to make this a FAQ entry? I think so, yes. The question is who's going to write it? I suspect Werner doesn't have the time. If he wants, I would be happy to take a stab at writing it. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users A good idea Robert! David - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPvKNjAAoJEOJpqm7flRExCLwH/RkpUwsTVZhXog8abFgosJqe th4H1d3yejkbO1fxytyxwufQEZmzruz4SPpoWT2TcZ71SmznoSWXqWm5rQ53K1sD WoRvGdutOiVRTghR1wS3bvsR+BcH2lUXQqvWqqiu0WYkEvKierEpR+rw+p5vrEsS P2CQ8GqKDwNeipZn+7zcx5ZE2jykSk/Yzc47ptEv9PrKuIA4R7Gs8FqZ3Hbr4gCM wWPz+YmjIlvl3YSncMOOWnMbFD2HqJhVB6kQN/9rGVUy3H09aqhbQSYFUwwns/tE 1AnrZ8VytiMJGUGt8il0KWZtTtHkqs1Rzn6nOrtHo2agxb0ELpECXDqFTnI1fLs= =yP71 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Fwd: The UK's cruelest cut
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Original Message Subject: The UK's cruelest cut Date: Wed, 23 May 2012 07:51:49 -0400 From: Emma Ruby-Sachs - Avaaz.org av...@avaaz.org To: da...@gbenet.com da...@gbenet.com Dear friends across the UK, Each year, tens of thousands of girls in the UK are forced to have their genitals cut, often with no anesthesia. But there has been never been a conviction for female genital mutilation here -- even though in London alone, police have received 166 complaints in the last four years! Now we have a chance to help. Undercover reporters for the Sunday Times recently caught three medics on film offering to mutilate young girls, massively scaling up the pressure on law enforcement to act. We can use this moment to call on Home Secretary Theresa May for real accountability. She is in charge of every police chief in England and Wales -- if she takes the issue up personally, the entire police system could be shaken into action. Avaaz member Ruth Burnett has created a petition calling on the Home Secretary to start prosecuting people involved with these assaults and already more than 2000 people have signed! If we reach 20,000 signatures, Avaaz will deliver it directly to Home Secretary May and the head of Metropolitan Police Force -- click below to sign and forward to everyone: http://www.avaaz.org/en/petition/Stop_female_genital_mutilation_in_the_UK/?cl=1821616703amp;v=14523 Female Genital Mutilation is a custom widespread in nearly 30 Middle Eastern and African countries. But FGM has been illegal in the UK since 1985 and in 2003 the law was tightened to stop girls being taken abroad for the operation -- on so-called “FGM holidays”. Still, the practice is widespread here in the UK! When the undercover Sunday Times reporter explained to Mohammed Sahib, an alternative medicine practitioner in East London that he represented a Ghanaian couple who wanted to have their two daughters -- aged 10 and 13 -- circumcised, he said “I can do it here,” confirming that he would both remove the clitoris and sew up the vagina. “This is my work. I know what I’m doing. I’m going to do it. I will tell you how [much] to pay [for one]: £750.” Home Secretary Theresa May -- who oversees women’s issues for David Cameron, and who has the power to hold police chiefs all across England and Wales accountable -- recently admitted people would be “shocked” by the number of young girls in Britain subjected to FGM. Now we can push her to take concrete action to end FGM in the UK -- click below to sign the petition now and share with everyone: http://www.avaaz.org/en/petition/Stop_female_genital_mutilation_in_the_UK/?cl=1821616703amp;v=14523 From Iran to Morocco to South Africa, our community has fought back attacks on women’s fundamental rights. In the world we all want, a woman would never be forced to suffer the horror, pain and trauma involved with FGM. Today, here in Britain, we have a chance to take a giant step closer to making that world a reality. Let’s stand with these women and eliminate this practice from our country. With hope and determination, Emma, Maria Paz, Ricken, Alex, Rewan, Emily and the whole Avaaz team MORE INFORMATION: Female genital mutilation 'offered by UK medics' (The Guardian) http://www.guardian.co.uk/uk/2012/apr/22/female-genital-mutilation-uk-medics Birmingham arrests over female genital mutilation (BBC) http://www.bbc.co.uk/news/uk-england-birmingham-17955330 Cruel Cuts (Avaaz.org Daily Briefing) https://en.avaaz.org/418/female-circumcision-scandal-uk Genital mutilation in the UK, an investigation (Sunday Times, paywall): http://www.thesundaytimes.co.uk/sto/comment/leaders/article1021882.ece The Prevalence of Female Genital Mutilation in England and Wales (DoH study, 2007): http://www.forwarduk.org.uk/key-issues/fgm/research This message was sent to da...@gbenet.com. To change your email address, language, or other information, contact us here: http://www.avaaz.org/en/contact/?footer Want to leave this list? Send a message to unsubscr...@avaaz.org, or click here: https://secure.avaaz.org/act/?r=unsubamp;cl=1821616703amp;email=da...@gbenet.comamp;b=1831amp;v=14523amp;lang=enTo contact Avaaz, please do not reply to this email. Instead, write to us via the form at http://www.avaaz.org/en/contact. You can also call us at +1-888-922-8229 (US). __ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPvQRkAAoJEOJpqm7flRExb6gH/1XHIpojd63SuPpQ9lKQFniZ XdOwhVpfZhN93jr1rGrAoWWfKaUEEmqOLUD9NC0+msXQyJ6SAud56/rtZy9f1zd5 nv8TtS7wsuCii+XQJ3wtO5e6p9nC4QSmWStlbXbsqL9+3PM75ZfIGl0sftqeGa7q dv2/ZzMCaxiWL63dcN+m7OfddhL2qtvcNJ3pQ0K4rZ9JRqN8SYg1jMfNLJcsQ457 labiBK1GU6u6DcnVQCoJ+1LM0VPeRBbUtEbOcaB8rvODKRgQ5rTNpBh5YwJReh/N ZhzjCqF/Xn5zKbYWQK/cwIBcmxb/C0Q5LM5Gcb+jxtXaL+8j8WpFWPan//7Acqg= =31C1 -END PGP
Re: Testing GPG EMail encryption
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 23/05/12 16:38, Mika Suomalainen wrote: On 23.05.2012 16:24, Robert J. Hansen wrote: On 5/23/12 2:50 AM, Steve wrote: I absolutely agree. At GPGTools we thought about an automatic testing system. Checking if the mail was encrypted and / or signed and then sending out the according reply. You may want to move this discussion over to the Enigmail list. We have a system set up that does much of this already, called Adele. We'd be happy to share. Why to move it to Enigmail list? That email which you quoted doesn't have mention Enigmail. As far as I know, GPGTools doesn't even include Enigmail. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Yup and I was on there list too - and effectively told to shove off when I pointed out errors in enigmail - they don't like testing and error reporting - so kfuc em David - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPvQlPAAoJEOJpqm7flREx71MH/AhKdugWlY764s7OaHv8EDbq 1NFHolY8ToJVBt7jTqaJCGykvmloaRwEgKjRLG4hZTvbLGQkaL3Jh7usCL9GG4FA wNEVwF69YxPjWYPjChu59nPMEFISMa0zfhiktK74tOatQQCwVHKBh6VqWoKxvvtO Dxd17EYf4LylqC8A1WLURShehh9JxC7axkMrwBlTK0h8QktFu4WnttLo43/O1A39 DMqmyaIcFnLorKVT7roEAcUIMfy1ie3Tir5L2Ct4fu/yFZ39yNXgxRh12IUCZky0 1AVlTqYw2DV3zKlMCcZ4lDXGnXMAaso8elwatv/z4zgLm0NkHyyf7q85hVx+sKg= =bglt -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Testing GPG EMail encryption AKA PGP/MIME
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 23/05/12 16:54, Werner Koch wrote: On Wed, 23 May 2012 17:35, mika.henrik.mai...@hotmail.com said: On 23.05.2012 12:56, Steve wrote: I think we had the PGP/MIME vs inline discussion already. I am using PGP/MIME in this email. Can you verify my signature on this email? You can find link to my public key in my signature. Sure: [[PGP Signed Part:Good signature from 4DB53CFE82A46728 Mika Suomalainen (trust undefined) created at 2012-05-23T17:35:40+0200 using RSA]] Salam-Shalom, Werner Hi Verner, I've had your key for ages - so why not attach it? David - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPvQ20AAoJEOJpqm7flRExbMkH/jOiHf9n76WrKXBmyWmp6cx4 ICXNF2ijkNrFmKE08v7E9zW9DpropD94mtIrtnuiLRMKKnwcMBxz7YnJNYNllOwr Ef278lwE6cfWJ/KXSRvFrrigZbkywyw2pfXDME7mElFqIJg8uvvT5Akl581Y7TXj 4vzbcQ2B8EELQUsK9QyBiaVmL4+VLPSEvp4Pq9N0D9I+C0BDjlMX8k+4//TdBj+j p8qfSBM1oIGTwXLOhCz9p/E0q8C6SH3//e6LYqu/mY0MxNNzxgKo7v8X3ECDnL0d f40WO36cP1XSzZInkhnmjHS1sWkXv1iq4zXVxrini7jtwX1DuOWcVYLod4BDK/4= =JXUz -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Draft of nine new FAQ questions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 23/05/12 17:34, michael crane wrote: On Wed, May 23, 2012 5:18 pm, Robert J. Hansen wrote: I have a draft version of nine frequently asked questions ready for community review: http://keyservers.org/gnupgfaq.xhtml for me the first should always be what is gnupg ? regards mick I too felt that there was something missing. This whole topic got kicked off by some one questioning the strength - the security of keys. No other contribution from the original poster has been made - may be he disappeared. Anyway I felt that there was something missing - and that's a write of gpg 1.4.11 version 2's an add-on and only needs a few words. Needs to be more informative - authoritative and a bit more on the maths :) David - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPvS+4AAoJEOJpqm7flRExmeEH/jndZrwunmnYQqvfxkdS16YH GNJvRh7MmcAMSjBuB543aveRFjf+yl1tOcLrXVA3uO1/ktW6grHWrLJZ06W+U9Sv h9CEHie+wGmNqs0qgBRYMp8cJvoPpJSO6P2EV4ZdmTORRs4ETI5B7CVKq7bnK3qL MR4+QvlsomwokWJjSSFmPOcWA2+TxsyCj/I41Hz0bI8iNnmyDqkHFmPleiIiRUef uKgJtezNg/SHHIYEUuu0QeBMlNwtFv1J4kuWteVxbCO70EN3lnSyWNIIQxuUQAJS SsEzCaDo/M6dsHs44MdZiXWv4Wa8oIPUwD01zyO8o6IvQXI1X/IoQC1ySdzvVOc= =GAGl -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 22/05/12 13:12, Jerry wrote: On Tue, 22 May 2012 04:58:48 -0400 tim.kac...@gmail.com articulated: {snip} sarcasm Interesting! I once worked for a secret government agency. We had a working theory that anyone using encryption for other than normal business operations was an obvious enemy of the state. I guess we must have missed you. We will be coming soon. /sarcasm Seriously, have you forgotten to take your meds today? Knock! Knock! I think that here in the UK the intelligence services have always considered that the real enemy of the state was the people! I take a dispersible Aspirin every day - keeps the spooks away! Ha! David - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPu5ZMAAoJEOJpqm7flRExQbQH/RpzFyB5fZ4wWvds+L09MHfS 0mnw+8PNfIXEOczswWGRkzMmbHcqTfhH2k669VppcQx1UXCYcJseTquRArlcxVl/ Et/I8cBIJu0TnkDvJmbzEacJAJpM6LRSqfZtjzIS4BTFnaJCsrNg1Z+mXAH0qaNT 6oL1VTOUTVsQuLytNeZSUCTppIlt6UtSB38c3HqxOZufJmH2GQK7bzYUnbPbvODo mLJ/psupfAEBmk81wAinIe0JxX2d+enVGYsZyOk0cvCLe2JY+4JBpMJx2Iydhv+N Zc4ee4kkbTvMHjEBxHQ6UcK+A2c515F/xmmaBgo8/fUw1VOTYuG3Wd8BbLp9JjY= =xXwi -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 22/05/12 18:23, Hubert Kario wrote: On Tuesday 22 of May 2012 13:34:20 da...@gbenet.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 22/05/12 09:58, tim.kac...@gmail.com wrote: I think it should be okay to dredge up this topic ever couple years. From what I am reading, links below, I do not feel comfortable with the key length and algorithmic security offered by GPG's defaults. I have not been able to figure out how to get keylengths greater than 3072 for DSA/elgmal or 4094 rsa, so I conclude that generating them is unsupported by GPG although GPG can use them. I have seen many people saying that these types of key lengths are way more than anyone could reasonably need, but I am skeptical. I am involved in a local Occupy (bet you thought occupy was kaput eh? well as it were known it is but that's another story) and frankly we aren't just up against one intelligence agency, but all intel agencies put together. An entire global class of people. You can argue that they may be uninterested in me, however I don't buy that argument at all because they have spent (possibly a lot) more than a thousand dollars at least on me personally at this point I am sure in policing costs to try to survielle and intimidate me, after you divide down. The eviction alone at my occupy cost (probably greatly) in excess of $16,000 to arrest 8 people, and involved almost 200 cops for 4 hours. There are also estimates made that in the US 1 in 6 protestors is actually a government agent of one sort or another, dept of defense, homeland security, fbi what have you. And that exludes any thugs the bankers put in the crowd as privately hired types. Secondly I want my communications to remain unread into the relatively distant future. Given the sort of crap the 1% do wrt murdering and maiming vast quantites of people for a couple extra bucks I would not be the least bit surprised if 20 years from now they dissapeared me because I passed our some pamphlets that said end class war now. An enemy is an enemy, and enemies must be smooshed, right? Why take risks like letting an innocent person live if they might concievable scratch your gravy train at some point in the future? Abductions and bullets aren't that expensive once you got everything all set up, it's a good investement. I'm 23 now and I take various modest precautions to ensure that I have the best chance I can to remain in good health when I am 43. Or 63. A couple hundred extra milliseconds of decryption/encryption time per message for a key longer than 3072 or 4092 sounds like a good choice frankly. Is that not what we are looking at? And yes I recognize that it would be a lot easier for them to plant spyware on my computers than break the keys, however they can't plant spyware on everone's computer. without people noticing They do slurp up and probably store indefinitely all text -and many other- communications on the internet (carnivore etc.). In the future, data they don't have they can't use. There is always a substantial probability that they will not get my keys with spyware, and I would like capitalize (If you'll pardon me) on that. Fourthly a little safety margin never hurt. I think it should be easier to pick longer keys. Also info should be included in the compendium regarding practical aspects of key choice, like a table that shows how long it takes to encrypt a symmetric key with 2048, 4092 etc. Or event just a table in which you select your adversary, then your time horizon, and it tells you what key lengths are suitable, with due warnings and notes regarding the possibility of quantum computers, mathematical advances etc. I understand that no matter how long the keys are it's still only a relatively small part of the equation. However I thought it was the norm to pick something that basically eliminated concern about the encryption being broken, so one could forget about that part and focus on the rest.of your security worries. My trust in GPG has been disturbed by this state of affairs. I thought I could just trust the defaults but I am finding that they may not really include the safety margin that people desire. I shudder to think of people who are doing more serious stuff in the class war than little ol' me (which isn't hard). Links: http://en.wikipedia.org/wiki/RSA_%28algorithm%29 -http://www.schneier.com/essay-368.html note that this was written in 1998 http://www.rsa.com/rsalabs/node.asp?id=2004 this one in particular makes it clear that it is not unreasonable for someone in my position to choose a 4096 bit key. http://en.wikipedia.org/wiki/Key_length wikipedia says the U.S. Government requires 192 or 256-bit AES keys for highly sensitive data. A 3072 bit RSA or elGamal key is about equivalent to 128
Re: Some people say longer keys are silly. I think they should be supported by gpg.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 22/05/12 19:09, Peter Lebbing wrote: chain sawed Oh all right :) Ha! Ha! David - no offence meant btw :) just so funny :) - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPu9dwAAoJEOJpqm7flRExb0oH/Alv+svuTQ2P+b1XfT05ke1u c62vV/LXL4n8XM9WmSd0DRm9qjpmJ77KdRR4cn5RCsz9CdiaFTQGVuB44EGWkudt RYTxiSnirn+hpZ31PWnvT6SNNN06xJFevTLpNt33oF1POC7Jfuz618LAi6VIWK3U 6IBY7QLqx+BxcJmRWpayXYcvCBCP0NBN2wi1ay5mwnHcXiaxHs7pg2M+sXaWXeun Iiiiz7MmnJGIzeBhvp8jO4gqoJ68LpnBRAH43D0DQ33EA/T2AkVxGVUQwTxLtIdp ful2lQbA3q3oOnWD61pMz+nlCDQeMHo8lc+YU468DD0vT7Ds2cd03gc7fbewBds= =A1dH -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Website link broken
-BEGIN PGP SIGNED MESSAGE- On 15/05/12 22:43, MFPA wrote: Hi On Tuesday 15 May 2012 at 9:21:13 PM, in mid:4fb2bab9.4020...@gbenet.com, da...@gbenet.com wrote: It works now :) Not from here - I just visited http://xfmail.slappy.org/ and was served a domain parked holding page. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users How odd is that? I rechecked the link and it still works David - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBT7NKKOJpqm7flRExAQHFTwgAodLomaeNIG2W51ZGnlgi3yScqNcAkqzn 5X1+BmAZicTNEkAFYnzdL5i7G0YTAmh8VreNWdZPp8niXVU2YaoDVPeb3RKdeamZ tbBZaGrac17OCkWooh2Udpjf9KG7Fzj0nb9X6yV4ORiurZG3a6OY7uTx9yyfgkHH avtbH2ji4IjiKCFRc7LLXqCFFzlKI+ZRHdhBx9zwrLKSaoV7SIGfQPD5wzFj0kYo 1lYcjyipthxJEpQGNNo7uCGNRKRC2XD2ffNMtUK3CD5HEPCEFAG3fH4cgoMaupwU x1tGcbVhI6mRgEQ8k0bZF0qp1Cqy0LGW8a6FPV8Sil2Ht+FQiG2tog== =ZQ7R -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Website link broken
-BEGIN PGP SIGNED MESSAGE- On 16/05/12 08:01, Brad Rogers wrote: On Wed, 16 May 2012 07:33:12 +0100 da...@gbenet.com da...@gbenet.com wrote: Hello da...@gbenet.com, How odd is that? I rechecked the link and it still works I can confirm MFPA's (and the OP's) findings that the link goers to a place holder. Are you, possibly, seeing a locally cached version of that page? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users I just deleted my cache - it still works - very odd David - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBT7OmcOJpqm7flRExAQGagQgAkoQ7UV7ciwwkmijBE7QH8eaJEDSoP1vL VLRMOI0irtfMNCtvrR3VR3Ft8ZnZ4lONrGrVvQRw2NQJNxbM9XTDr5FOddb0gYXM rEnJxGDvdgl2h8xKarTWKm9Cv2V4xlU8T85ISc9mML1z0QDnTKeksMlu2AhOxHAp nqCCJilvsupxsfXyYUou5WXtG1abXIP1LKVNVECVk6VyVKZy4ZN4LeP+nThQHyN1 jZYbNMkbyc64U2mvdOs8Ev4fjbEJE3vsUsWDLxcM/w8swyltDb6iKy0AE3eGegJe +OXpex6zYZrvAvoIFxdXQqJdT25it8DGsn01fYEXwQPAJMAeX2VDWQ== =V1B3 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Website link broken
-BEGIN PGP SIGNED MESSAGE- On 15/05/12 16:51, Prakash Sankar wrote: http://www.gnupg.org/related_software/frontends.html#mua *XFmail http://xfmail.slappy.org/* http://xfmail.slappy.org/ The link above is broken it points to godaddy page now. Please fix or remove. Thanks Prakash ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users It works now :) David - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBT7K6ueJpqm7flRExAQEejAgAkt+1ncg7VhFIwkadm6jrQIuHDuFyE+52 k7kZ3KEdOYFDdbcCk6uXFf8IWjI1PTm/0b11ofcmm9s2WeGW6qqhOSCkNliBZNWx EyrNSxYoMQc6evWP+mHUcvwnd3v5QehB1JUJ9s1qCVFQMHpOcbvb+I8fBrO/RNZ3 MwP5KGmlNF9BneJksU4+iwutt/8S0bVZbAjD2S4N7NFvE/mpHtBOkkCiMR+jcCFk w2kr0Lz+lBdEbjguldrwPFlONTV4JXjFJ8bM8g8sqj/VO0VteKE13KP5OdVGWZoJ CxeY+KfbbpwTQEAwJASub35ujkgftKSgF+FaDg5dYufQsE1rxxmT5w== =GN7q -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpg.conf
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi All, I wonder if someone can help me. I'm running opensuse 11.1 lxde I have no gpa-agent running and the following commands in my gpg.conf file produce error messages when I remove the hash (#) ###+++--- GPGConf ---+++### ###+++--- GPGConf ---+++### Wed 11 Apr 2012 01:55:18 BST # GPGConf edited this configuration file. # It will disable options before this marked block, but it will # never change anything below these lines. # --pgp2 # cert-digest-algo SHA256 # --rfc1991 # -- use-agent # --max-cache-ttl 7200 # --max-cache-ttl-ssh 7200 # --use-standard-socket #-- agent-awareness gpg2 # --homedir dir /.gnupg # --auto-check-trustdb # --no-permission-warning # --force-v4-certs # --trust-model pgp classic # utf8-strings keyserver hkp://keys.gnupg.net the keyserver is the only one not to produce any error messages. David - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPotJfAAoJEOJpqm7flREx6uMH/0liAkEgulIZA2Wxd0ye9xY/ yTSghJQfPUtIBF97NFZxILlYskFJME+qQfDowwPg7PtbjKgbjb3+mUGNhqZwQ/Ti PY5hnCkO54QlpTdFN5zDt6NtDNskkYjfxDe1alVkNZpwTxCQd57SPyZ/NzyJyFRf GPbFGHpuKR075XsCcXA/92PYUkpZWwaotDoC1MwlLv2Ig+Xe1sFDc2N2iGKD9WEN Yp9f57BEyTvB1/uNmV5XhNRjIKqUq54FSeykrwOGInzmj3ihrdN/ZPEX4YajNV0Z HG9HyWOvpTGchPMPh5IIZntVwnncFezxi75Z/R6FVGf3faZI1ksIWB36YSxnkLw= =RWjY -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg.conf
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/05/12 20:33, Mika Suomalainen wrote: Hi, 03.05.2012 21:45, da...@gbenet.com kirjoitti: Hi All, I wonder if someone can help me. I'm running opensuse 11.1 lxde I have no gpa-agent running and the following commands in my gpg.conf file produce error messages when I remove the hash (#) ###+++--- GPGConf ---+++### ###+++--- GPGConf ---+++### Wed 11 Apr 2012 01:55:18 BST # GPGConf edited this configuration file. # It will disable options before this marked block, but it will # never change anything below these lines. # --pgp2 # cert-digest-algo SHA256 # --rfc1991 # -- use-agent # --max-cache-ttl 7200 # --max-cache-ttl-ssh 7200 # --use-standard-socket #-- agent-awareness gpg2 # --homedir dir /.gnupg # --auto-check-trustdb # --no-permission-warning # --force-v4-certs # --trust-model pgp classic # utf8-strings keyserver hkp://keys.gnupg.net the keyserver is the only one not to produce any error messages. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users I think that your issue is, because you are uncommenting flags. See manual page gpg for correct configuration flags. I will attach my gpg.conf to this message for example in case you find it useful. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Hello Mika, Having read gnupg.pdf I added a number of variables to my gpg.conf file. Most of the listed functions cause pgp2 to generate errors. I have listed these below. GPG2 is supposed to support all these options - but all fail. The list: # GnuPG config file created by KGpg default-key F521F3585F0D2C868DAD44E1E269AA6EDF951131 encrypt-to F521F3585F0D2C868DAD44E1E269AA6EDF951131 ###+++--- GPGConf ---+++### Wed 11 Apr 2012 01:55:18 BST # GPGConf edited this configuration file. # It will disable options before this marked block, but it will # never change anything below these lines. pgp2 # check-trustdb # trust-model classic keyid-format 0xshort cert-digest-algo SHA256 rfc1991 use-agent # max-cache-ttl 7200 # max-cache-ttl-ssh 7200 # use-standard-socket # agent-awareness gpg2 # homedir dir /.gnupg # auto-check-trustdb # no-permission-warning # force-v4-certs # trust-model pgp classic utf8-strings # auto-key-retrieve # honor-keyserver-url # honor-pka-record # timeout 160 no-permission-warning armor textmode personal-cipher-preferences SHA512 keyserver-options auto-key-retrieve no-include-revoked verbose keyserver hkp://keys.gnupg.net A re-think of valid user options are required by the developers I think :) David - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBT6L1ieJpqm7flRExAQLxcAgAkD6o6M0aJ/vOgYRGhqNLi1F2Budb5M2p rJ5+U1Qi5r689x5eCnEBU/fEF9umF/sHiti23W+nDVuz/wjQswf7YwN6k4R/jXSe nqEpMv3/qwY7ymQl1Nbaknlw4qSQESu2+C8AKzZhMqEPwuS7YSXNDWu79EpXlcZE vjExp95kDtK/h4mCsuGKtmp5AjObyXQWbwqNoESjXNn6q3AT5cIXW0cEDaGSEfCb gLPDddJhzAyUWKfEWC6o8zi3ssplVRZRvoz/hjdxvrIMnTPTw7mT9+cRfL/7/d1Q 5HPQTnRh1iCuXQf08DmHnUBrPVoAoMQywZvFwV5yoIQAjuuG4wtiuw== =cK2s -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to make GPG release the token?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26/04/12 05:49, Nguyễn Hồng Quân wrote: Hello all, I'm using GnuPG and OpenSC to test my token. Each time I've done using GPG, the OpenSC cannot access the token. I have to reboot the computer to use OpenSC. There is a way to make the GnuPG release the token completely after use? Hello Quan, I'm a little unclear what you mean by 'token?' You mean the passphrase? I know that Linux Mint Ubuntu Debian has problems with rebooting when programmes are in memory.May be your Smart Card is not compatible with OpenSC? Anyhow without knowing exactly what you mean by token am at a loss. David - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind. Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPmOU+AAoJEOJpqm7flRExp+0H/jLREtDPoh23MrQAdL8srpYm ew+Jklx7+e+9irN/VLQI7m5pIKgnBRpnRFvirn1Wh7iSV5pNARriUBu5hNC2dqH+ CD7gGQTAjjImJsSxgW1DHqwDHSbdYJuqjN0MdTYozMTzCzODOcQjpA2b5248/lbv 7VC0SuDR06VIwhsDBph4nt9XmIdlxYUWMiXpglqbSliD97Iui7hQRKKIfRvYelze V6g+I/9sXUHMFKyevuNQYiUMzgbw0CrYItZz3ZNs4P6IHxhcID5xutkJ25BKMPhF Qmf7yl8m/MV7oo7Wsy4Z6BG3ssBPxtbrzgcGMrq7r57pfU2VD4rl8Wt3VSCr/Qg= =UZ6B -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to make GPG release the token?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26/04/12 05:49, Nguyễn Hồng Quân wrote: Hello all, I'm using GnuPG and OpenSC to test my token. Each time I've done using GPG, the OpenSC cannot access the token. I have to reboot the computer to use OpenSC. There is a way to make the GnuPG release the token completely after use? A further thought: http://gnupg-pkcs11.sourceforge.net/ David - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind. Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPmOZRAAoJEOJpqm7flRExp8AH/11n0ytNXxz3lOiA9WZ1rIsw 6tvCu2eIb3a5xnNE0Pc+ixWjspl6JtQEAzxIBaLKBGZHDWw3he5Crpry/+Y8OOYA JyIMxyxqoj1uSYZPxj/8BjryJ5yb6j5Gc9dbZD4OU02GR/usN88j/B5Aq6Y/JwWA W3k0jf0/nQzkLJvdsYX3si9zSLkUVKqfxsmp2iSrOTCb454jt48l8FtxYfgNotbA tB3wHundBUpXDJududx+SiR993Q2pYuhPa58Axpdwb3454ryIWbAeKQfwunieScP 9iyyW0KfSUVy6ArfOkxprolWr0fJDsgqkjtIkTFgBziLPfmA8khckLwI6aS7Gu4= =ulTK -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to make GPG release the token?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26/04/12 08:17, Nguyễn Hồng Quân wrote: Hello, That's the Crypto Stick http://www.crypto-stick.com/ After trying pgp --card-status or gpg --card-edit, I cannot access the Crypto Stick with OpenSC, meaning opensc-tool does not work. Each time I use GPG, I have to reboot the computer in order to use OpenSC. On 04/26/2012 01:03 PM, da...@gbenet.com wrote: Hello Quan, I'm a little unclear what you mean by 'token?' You mean the passphrase? I know that Linux Mint Ubuntu Debian has problems with rebooting when programmes are in memory.May be your Smart Card is not compatible with OpenSC? Anyhow without knowing exactly what you mean by token am at a loss. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Hi Quan, I strongly suggest you read: http://www.opensc-project.org/opensc/wiki/FrequentlyAskedQuestions and a possible solution to your problem is to uninstall OpenSC and install: http://gnupg-pkcs11.sourceforge.net/ Which hopefully will resolve problems you are having with GNUGPG with OpenSC David - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind. Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPmPv1AAoJEOJpqm7flRExzgEH/1p8oA0cqRE3KNtxbdjhzEIR 6uCfEnLPRl5T81LNtvyfTl2lNDvQZFg2JQyK/4ohggIs4cscNgSGdKJ8DyoYMLd1 zwOEErJHdhMaN2dqu1w37+G+hKkeWwVnTx1vM2q0LtoZQkjZKcFfxaXiQvpBZboq j9IE1dfxXWkDdj63fwuZY27wXivfzKduIY3hIoRyJsO8/mGtf3hXpr3vkpjG1s3k Z5HXSfgLoRjpjnkUBlTZSljdYUnxrqlZp0Uo0RhQiogxjFWibtDq0w8RUAwqsHKb nR5QbMzcRw9FrUKqZs37vgSJtI+/1PtrWq0YPgbBjDhx6HVKsW/aKLJtvb/iIy0= =spsg -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to make GPG release the token?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26/04/12 08:51, Nguyễn Hồng Quân wrote: Thanks David, I'm starting to develop OpenSC to make it support fully the CryptoStick (which uses OpenPGP card). So I cannot uninstall OpenSC. Because the OpenSC does not support OpenPGP card fully, I sometimes use GPG to test the card. So there is no way to leave these two together? -- Regards, Quân Hi Quan, Sadly no two Linux Distros are the same. If you are using a Ubuntu/Debian/Gnome - you may want to consider opensuse with KDE desktop. The drop in replacement for Debian I've already given you - perhaps you could mention the problem in the forum relating to your card or OpenSC - but I'd experiment with other Linux distros. David - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind. Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPmQk2AAoJEOJpqm7flRExwNcH/1ysDvjpx6SaMBeEYQRR/IbE Fc86DBdOj7/SpJgJY26M24EwbyC4JDvKxF9o9xltc271dXLQCMYTnZ4d1GopFH1K 01s6E44EToF/IAm1sPzYH2iVUWo16yL7xQejmveSVAiCz/ABIS8IPuEJn6GGijef uJXIG62I9+6+KhQd7ELwjE9UHyUOWxUN7RNkXPjUCrkGD4yiCJbEJS6KribqMjQu fFEuGOH65SZCa/NVxBOikV60gRZU/KP5HeL+NnK9dleTuZVhX6VjsgToVdt+YOW3 aBt++DOLdOmE5798gFJsk9Zlvy4yR1mH4b4nV+D3rs2w22I2d3AZPzYZtZvM4lw= =FfMD -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Sha256
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi All, I did have some commands in my old gpg.conf file which happened to end up in Limmassol harbour. So the general question is - are there any special security commands that I can add to my .conf file? Which seems to be gpg2? David - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind. Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPl+C9AAoJEOJpqm7flRExXLAH/2g9NdCv675cEr6LuiHBJu2N r4PZfFTvs+PQInzdQSAj4bolATdG/LRcdKXKt+SxL5Gs3OEbdkSikcasApqAl1dZ Un0ND7Czzg7Z5AR08AwD/V3DxWV3YbIs1EczuwfL7kZab92ax4+YVDk6wUVPl4yt ALeFQ3aH9Qgin5kFniYudHwLslqVBN1ZgfmMlB1SX8zNuiTKNSoIWeFSKL95o4BT Rj2EYnFYKXpfmE//JPLhaOTzUchawrY9k1OSOn0ZSkMTXay+XsyuxaIRtoOZstTF l6oamylAFlElJr/I8Mo/z+cmqIY9j8U8km6gF8Wyi1w317xeMtuRpAnam4W6IGQ= =gHdG -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Sha256 - gpg.conf
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 25/04/12 12:40, kwadronaut wrote: On 25/04/12 13:32, da...@gbenet.com wrote: I did have some commands in my old gpg.conf file which happened to end up in Limmassol That's quite an accomplishment. Only that file or a whole storage device? harbour. So the general question is - are there any special security commands that I can add to my .conf file? Which seems to be gpg2? gpg --version and gpg2 --version will tell you were there configuration file lies, and they're very likely both going to use the same file. Thanks to the developers that goes just fine (up until now, for me). 'Any special security commands' is vague, are you looking for ideas along the lines of personal-digest-preferences SHA256, cert-digest-algo SHA256, or something totally different? kwadronaut. Hi Kwadronaut, The devise was a mobile phone into which I'd made a copy of my gnupg directory - thinking all is safe - with a password file. But then you never expect to fall from a mast fracturing your skull spine and pelvis. Worse is the bastards that went through my boat helping themselves to laptops sailing gear. I was reading old e-mails on a CD and noticed Sha256 so I must have had a line in my conf file for it to appear in an old e-mail. It got me thinking - - what other lines did I have cert-digest-algo SHA256 - I will try it :) any others would be welcome David - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind. Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPmCAxAAoJEOJpqm7flRExebYIAI1E8vBmDUI6cIYP3ncof18C fMLPhOc17NKeZv0FgS3qudVNxkQvV4gdFo95ihLR2ra1newYkvqZOwCwlD6n4zaO YvrRsMS2K1byX6Z+SkNqA/KvHSDOZR1s24J4Ejd+3LxdC/3m6cc3TkFxnNlBL6G1 UFWXxCdQJaNZ/qDmfs9bPMml+3QYaJgqO/YIZwWkkXXT+h92wLC840Elr6r6Ee1B j4dDHgKGdz44gbWDKExb7qnb9x17wgsi2PdEtSUqDVXKaFy7/cEAN9pGBkIkY7/l CEAnok6CgqqbQOmKtAgvOok1l1nXGj6mvTxOe6rPCBkgoXoVe93Tp4NAzfLyvOU= =+lx+ -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpg2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi All, I'm using Mint Linux - gpg2 and gpg are both using /.gpg I have no /.gpg2 dir on my system and no dir gets created when I run gpg2 --version. No dirs are created in usr/bin either - in fact I had to create a home/david/.gpg The question are: What (and where) script calls gpg to load? Can I delete gpg and then run gpg2? Can I make a dir ie /.gpg2 and copy all to it and then get enigmail to use gpg2? David - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind. Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” http:/counter.li.org 512854 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPllLYAAoJEOJpqm7flRExQUkIAJYJICJDNcxv9/ldFheZlPqf BdI/6v2rZ35wTAqB5Ycfsmobqm1PK9kQMirRneT8LY2QkHbWX54JZSDC76T121FW DGnlJeaAbnDw5ihPR7yAyh2Zydbgt4GGLYdszbISgDkvOH1HctPO+2RttbRtRQ1g AmHnmtreUf4Q0lD/Lz/RBA0GUfG3Ckuv2ocWpg2kFjLoEVxRm/QK7HjZ0xoiRBj0 bkqiVQhpyDuo3tJvaOJDX6cCOH7+XRJQjmMFgye2+2eSNfEbAHy0+LgbpaWK0NeW dP8z9Pm4gQxgY79rn2Twz8FeItTxCEtnETp1qt9+R6yf1KWssBSeQO0p1khtj1U= =+svH -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users