Libgcrypt 1.6.0 released and gunpg 2.x
this looks like a significant upgrade if i have already compiled gnupg 2.x with libgcrypt 1.5.3, and i want to use the new 1.6.0, do i need to uninstall gnupg & libcrypt and then compile both again together, and re-install ? gnupg 2.x would not work with the new libgcrypt if i just install it alone, would it ? (im sure i have to do it all again...) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
re-send public key necessary after setpref changes ?
if i alter preferences to a public key after i uploaded it to keyservers, do i need to upload it a 2nd time in order for people to contact me without my public key ? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
his public key is 5 monitors high, and her same key is 1 ?
what are the factors involved in creating such discrepancies with folks' public key lengths ? i mean, some people's are 5 monitors high where as the other joe has seemingly created a similar key and that key is one half a monitor in 'monitor' height what does all this mean ? how have people such varying public key 'sizes' ? and how is this achieved ? are public, private, and key pairs in general stronger/safer (what ever that may mean) if observing their public keys are many monitors high or have they gone to extreme measures in something in particular ? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: his public key is 5 monitors high, and her same key is 1 ?
Steve Jones: > On Sat, 25 Jan 2014 00:24:14 +1100 "shm...@riseup.net" > wrote: > >> what are the factors involved in creating such discrepancies with >> folks' public key lengths ? >> >> i mean, some people's are 5 monitors high where as the other joe >> has seemingly created a similar key and that key is one half a >> monitor in 'monitor' height > > You can use the pgpdump tool to see all the data in a public key > file. A given key might contain lots of extra data beside the > actual key, like signatures and photos. thanks for that tip ... > > > > ___ Gnupg-users mailing > list Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: his public key is 5 monitors high, and her same key is 1 ?
Pete Stephenson: > On Fri, Jan 24, 2014 at 2:24 PM, shm...@riseup.net wrote: >> what are the factors involved in creating such discrepancies with folks' >> public key lengths ? > > As far as I can tell, the two major factors that affect the size of > public keys are: > 1. Key length. (That is, a 4096-bit key will be larger than a 2048-bit > or 1024-bit key.) > 2. Number of signatures on the key. A brand-new key will be > considerably shorter than one that has accumulated numerous signatures > from other people. that's makes sense; now i understand why Zimmerman's and callas' public keys are going through the ceiling as to who michael vario is it remains to be seen ! > >> are public, private, and key pairs in general stronger/safer (what ever >> that may mean) if observing their public keys are many monitors high or >> have they gone to extreme measures in something in particular ? > > Key length does have an effect on security: 2048-bit keys are larger > and harder to brute-force than 1024-bit keys. The same applies to 3072 > and 4096-bit keys compared to 2048-bit ones, though there is a point > of diminishing returns. > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: time delay unlock private key.
Werner Koch: > On Thu, 23 Jan 2014 19:20, r...@sixdemonbag.org said: > >> Not really, although DKG gave you a good heads-up about the number of >> iterations in s2k. > > FWIW: With GnuPG 2.x the default iteration count is calibrated to an > iteration time of 100ms. That is of course machine dependent. To view > that count you may run gpg-connect-agent as in this example: > > $ gpg-connect-agent 'getinfo s2k_count' /bye > D 16777216 > OK $ gpg-connect-agent 'getinfo s2k_count' /bye ERR 280 not implemented hmmm ? > > > Shalom-Salam, > >Werner > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: time delay unlock private key.
Werner Koch: > On Sat, 25 Jan 2014 10:31, shm...@riseup.net said: > >> $ gpg-connect-agent 'getinfo s2k_count' /bye >> ERR 280 not implemented > > You are using GnuPG version < 2.0.15. $ gpg2 --version gpg (GnuPG) 2.0.22 libgcrypt 1.6.0 Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECC, ? Cypher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 hmmm ... > > > Shalom-Salam, > >Werner > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
list packets output & other misc
in a test key i have 4 subkeys; 2 for sign and 2 for encrypt gnupg automatically chooses the most recently created 's' and 'e' subkeys to sign and encrypt a file how can i mandatorily specify using other subkeys for the same primary key for 's' or 'e' either on command line or in an email client for example ? when i list packets, it tells me which key was used for 's' (in long format) but for 'e' (in short format) it says gpg: encrypted with ELG key, ID 0x how do i determine which key was used for encrypt ? do i assume it used the most recently created 'e' subkey ? is there a reference for the numerical values of version, hash, cipher, algo, sk2, etc ? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: list packets output & other misc
hey pete, Pete Stephenson: > On 6/5/2014 10:44 AM, Werner Koch wrote: >> On Wed, 4 Jun 2014 23:15, shm...@riseup.net said: >> >>> how can i mandatorily specify using other subkeys for the same primary >>> key for 's' or 'e' either on command line or in an email client for >>> example ? >> >> fortune | gpg -ea -r '12345678!' >> >> assuming 12345678 is the subkeys' keyid. Same for -u. > > To clarify, it's the exclamation point ("!") that forces GPG to use a > specific key. Normally GPG will pick what it thinks is the appropriate > key, but the exclamation point will override that automatic choice and > use only the key ID specified by the user. cheers couldn't resist ;-) > > I'm not aware of any email clients that allow such an override -- it's > typically only used in the command line. > > <https://www.gnupg.org/documentation/manuals/gnupg-devel/Specify-a-User-ID.html> > has some more details. > >>> is there a reference for the numerical values of version, hash, cipher, >>> algo, sk2, etc ? >> >> --list-packets is a debugging aid and thus you need to look at the >> source or doc/DETAILS for some of these values. However, most of these >> numbers are specified in RFC-4880. > > Specifically, that information is available at > <http://tools.ietf.org/html/rfc4880#page-62>, in sections 9.1 through > 9.4, inclusive. > > Cheers! > -Pete > > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: riseup.net OpenPGP Best Practices article
MFPA: > Hi > > > On Tuesday 24 June 2014 at 8:37:30 PM, in > , Johan Wevers wrote: > > >> Al Quaida use horse couriers who memorise the >> message, the American's could not intercept them. > > Even if they did intercept them, are the Americans any good at > interrogating a horse? might be ok if they ask "why the long face" ;-) could be difficult if slang was used since that was always an issue for US intelligence trying to decipher radio comms with, literally, slang from particular farms, communities i always keep this is mind; the fact that you can throw all possible resources you have and decrypt something, then don't understand the decryption > > > -- > Best regards > > MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net > > Wisdom is a companion to age; yet age may travel alone. > > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: On the advisability of stronger digests than SHA-1 in OpenPGP certifications [was: Re: riseup.net OpenPGP Best Practices article]
Robert J. Hansen: > On 6/26/2014 5:57 PM, Daniel Kahn Gillmor wrote: >> PGP 8 was released over a decade ago, that's hardly a modern >> implementation: > > And yet, it still conforms (largely) to RFC4880. Methinks you're > objecting because it's a largely-conforming implementation that doesn't > have good support for SHA256. ;) > >> In what ways is its support for SHA-256 limited? I'm having a hard >> time finding documentation for it. > > If I recall correctly, it can understand SHA-256 but not generate > SHA-256. SHA-256 generation support was added late in the 8.x series, > but earlier 8.x releases could understand it. > >> How many people use it? > > It's not as if there are Nielsen ratings for these things. All I can do > is say that I still regularly encounter it when I talk to people about > PGP. For instance, I know of one law firm that purchased a site license > for 8.x and refuses to upgrade, since the more recent editions cost a > fortune in per-seat licenses and have very little in the way of new > functionality. i think the point daniel is making is that there is freely available software which is actively maintained and receives security updates and is not a decade old any modern OS can utilise thunderbird + enigmail as an example there's great work done to bring gnupg to windows with gpg4win why *wouldn't* you use it ? is it really a case of obdurateness, "if it ain't broke don't fix it," or an unwillingness to use and get accustomed to something new and/or different, perhaps a new gui - look, i completely sympathise with the latter especially for older people if i may generalise if you're a windows user you'll have to upgrade after 10 years if you want to keep safe or pay ($) for it; ok, now i sympathise with people not wanting a new gui with windows 8 > >> Why should anyone cater to users of PGP 8.x in 2014 when we have an >> opportunity to provide a stronger cryptographic baseline for everyone >> else? > > Because there are still people using it. see above the don't *have* to but, sure, they *can* > > Remember, GnuPG also supports most of RFC1991 because we've got a large > base of PGP 2.6 users who are refusing to upgrade... > > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
what is "correct" for users' Preferred keyserver ?
i've seen a multitude of ways people input data into this pref for example, some people put a link to their public key .asc or .txt file some others put a link to an actual keyserver from the name of the actual pref, it states a keyserver, so shouldn't users input a link to their Preferred keyserver and not a link to download a public key or txt file ? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
[2] cipher when viewing key prefs
i recently saw [2] listed as the last cipher in somebody's public key the key didn't specify 3DES neither - that goes against the RFC but how is that possible ? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpg --verify email.eml
lately some recipients have not been able to decrypt some emails ie. some can decrypt them; some can't every time i send a signed+encrypted email, enigmail reports signature verification failed but the status bar is green ! but when i send just signed emails, no problem with sig verification (status bar is still green) if thunderbird and enigmail were used to construct emails, and enigmail debug output reports everything ok: [GNUPG:] GOODSIG [GNUPG:] VALIDSIG [GNUPG:] TRUST_ULTIMATE [GNUPG:] DECRYPTION_OKAY [GNUPG:] GOODMDC [GNUPG:] END_DECRYPTION but gpg --verify -vv email.eml gpg: armor: BEGIN PGP MESSAGE gpg: armor header: Charset: utf-8 :pubkey enc packet: version 3, algo 1, keyid data: [4093 bits] gpg: verify signatures failed: unexpected data how should i proceed to debug this ? i downgraded enigmail to enigmail 1.6 because i couldn't sign or encrypt at all with the recent update ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
Mark Carousel wrote: > On 23/08/2014 11:16, d...@geer.org wrote: >> >> > On 2014-08-22 at 21:13, Rejo Zenger wrote: >> > >> > Open data and transparency should only be about what concerns everybody, >> > like government actions, trains schedule, etc. not private information. >> >> Is this not the core of the question? In a world of social media >> and sensor-driven everything, does not the very concept of private >> information fade, per se? I believe it does. > > No. Taking part in social networks and other media is a choice. One can > a) choose not to take part at all, or b) choose how one takes part and > what information one shares. actually you chose to step out of the front door today i assume ? you took the bus to work or maybe you drove ? i don't know, maybe a tractors more your thing, but you took it to the gas station and filled 'er up or you got breakfast at the deli before your meeting ? how many times were you photographed by the big bad social network before your first coffee break? how can you as an individual be in control of this ? how is it a choice ? do you honestly believe you're in control of what information you share? no prob, phone[sic] up FB or dr G and have a word to the secretary: "yes sir, we just had a looksy & can confirm all your bits are 100% accounted for, your datas are currently residing on 3,521 servers in 59 countries and if you like, we can press this red button and have it all removed straight away sir, no lawyer required, no warrant, no questions asked and a 100% satisfaction guarantee - this weeks promotion also includes free removal of your NSA vacuum trail, we can delete that too with the same red button because your data that we were forced to share can be accounted for exactly sir, we know where it went because we take pride in knowing we serve our customers best interests..." which privacy policy thesis have you read cover-to-cover ? have you read it each time it was updated ? did you prepare yourself for opt-out changes ? which CV of yours have you parted ways with to prospective employers is equipped with nice little java scripts phoning home to your elaborately setup web server all-the-while alerting you to all those, whose pdf reader allows outgoing comms, who open your file ? where is your CV from 15 years ago - you know precisely how many people have read it don't you ? used to be fun getting prints back from the lab of you and your partner having fun times; there was a certain nativity before high-speed data comms; and who prints photos now anyway, huh ! are kids confident that they know their snapchats will be deleted just like they were promised ? where are these snap chats now - do they know lest do they care ? to err is human, but to forgive divine - how do you tell hard disks this ? geer's point about moving to a new town also relevant about not forgetting the past if you truly wanna be in control of your data, your gonna have to regulate and restrain yourself until your testicles are drawn over the back of your neck *or* accept it aint possible now, it may never be, and when you accept that you'll keep out of the loony bin & fruit cake parlour or, don't have any data, go to the amazon heck, you probly knew how your traffic was being routed through iceland, why it was, who did it and what the content was, right ? > > In short, privacy of information is still real, still relevant, and > still (largely) within the control of the individual. Tools such as > encryption help retain the reality of privacy of information. > > The question of privacy of information is of critical importance to > liberty. By choosing to believe that privacy (or specifically privacy of > information) is a concept that has "fade"ed you are playing into the > hands of those who would wish to forcefully strip us all of privacy, > whether we like or or not. That would be a mistake, I think. > > > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
Jason Antony wrote: > On 2014-08-27 15:02, Mark Rousell wrote: > >> No. Taking part in social networks and other media is a choice. One >> can a) choose not to take part at all, or b) choose how one takes >> part and what information one shares. > > What can't be controlled is when people who know you give out your > personal details on social networks. > > It could happen because they may not see anything wrong with it, they > may be tricked into it [games/surveys], or they wish to harm you. it could also happen because that's what FB wants too: http://owni.eu/2012/07/24/facebook-added-informant/ > > -- Jason > > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
425 Error accepting connection; connection from invalid IP.
shm...@riseup.net wrote: > i wanted to try the latest beta but downloading any file using Tor gave > a http 425 or 400 > > for example > > ftp://ftp.gnupg.org/gcrypt/libksba/libksba-1.3.1.tar.bz2 > > this file is blocked trying the following 2 Tor IP's but the same file > can be downloaded fine using Jondo > > 96.44.189.101 > 92.222.172.41 > > i doesn't download using the Tor browser bundle nor wget but it works > using Jondo browser and wget as proxy > > > > > > $ wget ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.2.tar.bz2 > --2014-09-28 17:57:09-- > ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.2.tar.bz2 > Connecting to 127.0.0.1:4001... connected. > Proxy request sent, awaiting response... 200 Gatewaying > Length: 2476101 (2.4M) [application/octet-stream] > Saving to: ‘libgcrypt-1.6.2.tar.bz2’ > > 10% [===> > ] 268,816 9.58KB/s > eta 3m 37s > > > > > $ wget ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.16.tar.bz2 > --2014-09-28 17:26:03-- > ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.16.tar.bz2 > Connecting to 127.0.0.1:8118... connected. > Proxy request sent, awaiting response... 400 Invalid request received > from client > 2014-09-28 17:26:03 ERROR 400: Invalid request received from client. > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
425 Error accepting connection; connection from invalid IP.
i wanted to try the latest beta but downloading any file using Tor gave a http 425 or 400 for example ftp://ftp.gnupg.org/gcrypt/libksba/libksba-1.3.1.tar.bz2 this file is blocked trying the following 2 Tor IP's but the same file can be downloaded fine using Jondo 96.44.189.101 92.222.172.41 i doesn't download using the Tor browser bundle nor wget but it works using Jondo browser and wget as proxy small screngrab showing error directly downloading from link shows the 425 $ wget ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.2.tar.bz2 --2014-09-28 17:57:09-- ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.2.tar.bz2 Connecting to 127.0.0.1:4001... connected. Proxy request sent, awaiting response... 200 Gatewaying Length: 2476101 (2.4M) [application/octet-stream] Saving to: ‘libgcrypt-1.6.2.tar.bz2’ 10% [===> ] 268,816 9.58KB/s eta 3m 37s $ wget ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.16.tar.bz2 --2014-09-28 17:26:03-- ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.16.tar.bz2 Connecting to 127.0.0.1:8118... connected. Proxy request sent, awaiting response... 400 Invalid request received from client 2014-09-28 17:26:03 ERROR 400: Invalid request received from client. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Tweeting for GnuPG
Werner Koch: > I am not one of those short message people but you're not a twittiot ? respect ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users