Re: Generating a new keypair through GnuPG 2.x in Ubuntu 16.0.4

2017-10-17 Thread Szczepan Zalega | Nitrokey
On 10/15/2017 11:55 PM, ved...@nym.hush.com wrote:
> OK,
> did this, and downloaded all of the dependent libraries to ./configure  
> gnupg-2.2.1
> (...)
> libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/local/include
> -I/usr/local/include -g -O2 -fvisibility=hidden -Wall -Wno-pointer-sign
> -Wpointer-arith -MT visibility.lo -MD -MP -MF .deps/visibility.Tpo -c
> visibility.c  -fPIC -DPIC -o .libs/visibility.o
> In file included from ntbtls-int.h:251:0,
>  from visibility.h:24,
>  from visibility.c:24:
> context.h:24:18: fatal error: zlib.h: No such file or directory

Hi!

Apparently you do not have zlib's headers. apt-file says you can find
them on Ubuntu in package: zlib1g-dev (/usr/include/zlib.h).


-- 
Best regards,
Szczepan

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: Generating a new keypair through GnuPG 2.x in Ubuntu 16.0.4

2017-10-15 Thread vedaal


On 10/12/2017 at 3:18 AM, "Werner Koch"  wrote:

-Yes, you should get 1.7.  And while you are already at it, you better
-also update to gpg 2.2.1.  There are just too many fixes and changes
we
-did since January 2016.

=

OK,
did this, and downloaded all of the dependent libraries to ./configure
  gnupg-2.2.1

all went well until trying to 'make' ntbtls

Here is what happened :

=[begin quoted output]=

NTBTLS v0.1.2 has been configured as follows:

Revision:  a68e81e  (42638)
Platform:  x86_64-pc-linux-gnu
londo@londo-earth-trinket:~/gnupg-2.2.1/ntbtls-0.1.2$ make
make  all-recursive
make[1]: Entering directory '/home/londo/gnupg-2.2.1/ntbtls-0.1.2'
Making all in src
make[2]: Entering directory '/home/londo/gnupg-2.2.1/ntbtls-0.1.2/src'
/bin/bash ../libtool  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H
-I. -I..-I/usr/local/include -I/usr/local/include -g -O2
-fvisibility=hidden -Wall -Wno-pointer-sign -Wpointer-arith -MT
visibility.lo -MD -MP -MF .deps/visibility.Tpo -c -o visibility.lo
visibility.c
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/local/include
-I/usr/local/include -g -O2 -fvisibility=hidden -Wall
-Wno-pointer-sign -Wpointer-arith -MT visibility.lo -MD -MP -MF
.deps/visibility.Tpo -c visibility.c  -fPIC -DPIC -o
.libs/visibility.o
In file included from ntbtls-int.h:251:0,
 from visibility.h:24,
 from visibility.c:24:
context.h:24:18: fatal error: zlib.h: No such file or directory
compilation terminated.
Makefile:593: recipe for target 'visibility.lo' failed
make[2]: *** [visibility.lo] Error 1
make[2]: Leaving directory '/home/londo/gnupg-2.2.1/ntbtls-0.1.2/src'
Makefile:456: recipe for target 'all-recursive' failed
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory '/home/londo/gnupg-2.2.1/ntbtls-0.1.2'
Makefile:387: recipe for target 'all' failed
make: *** [all] Error 2
londo@londo-earth-trinket:~/gnupg-2.2.1/ntbtls-0.1.2$ 

=[end quoted output]=

Should I try ntbtls 0.1.1 or an even earlier version?

TIA

vedaal

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: Generating a new keypair through GnuPG 2.x in Ubuntu 16.0.4

2017-10-12 Thread Phil Dobbin
On 12/10/17 11:09, Peter Lebbing wrote:

> On 12/10/17 09:13, Werner Koch wrote:
>> And while you are already at it, you better
>> also update to gpg 2.2.1.  There are just too many fixes and changes we
>> did since January 2016.
> 
> I think Vedaal is just using the gnupg2 package provided by Ubuntu 16.04
> LTS:
> 
> https://packages.ubuntu.com/xenial/gnupg2
> 
> Current package version is 2.1.11-6ubuntu2. Shouldn't important fixes
> have been backported by Ubuntu? Although it is odd this package hasn't
> been updated for 18 months...

I'm using the stock version that's installed with 16.04.3 LTS & have
encountered no problems at all FWIW.

Cheers,

  Phil.

-- 
"For 50 years it was like being chained to an idiot"
Kingsley Amis on his loss of libido when he turned fifty

https://www.linuxcounter.net/cert/550036.png



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: Generating a new keypair through GnuPG 2.x in Ubuntu 16.0.4

2017-10-12 Thread Peter Lebbing
On 12/10/17 09:13, Werner Koch wrote:
> And while you are already at it, you better
> also update to gpg 2.2.1.  There are just too many fixes and changes we
> did since January 2016.

I think Vedaal is just using the gnupg2 package provided by Ubuntu 16.04
LTS:

https://packages.ubuntu.com/xenial/gnupg2

Current package version is 2.1.11-6ubuntu2. Shouldn't important fixes
have been backported by Ubuntu? Although it is odd this package hasn't
been updated for 18 months...

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: Generating a new keypair through GnuPG 2.x in Ubuntu 16.0.4

2017-10-12 Thread Werner Koch
On Wed, 11 Oct 2017 20:56, ved...@nym.hush.com said:

> londo@londo-earth-trinket:~$ gpg2 --verbose --verbose --version
> gpg (GnuPG) 2.1.11
> libgcrypt 1.6.5
>
> Should I get the new Libcrypt?

Yes, you should get 1.7.  And while you are already at it, you better
also update to gpg 2.2.1.  There are just too many fixes and changes we
did since January 2016.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpNhFAlmzTLU.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: Generating a new keypair through GnuPG 2.x in Ubuntu 16.0.4

2017-10-11 Thread vedaal


On 10/11/2017 at 2:33 AM, "Werner Koch"  wrote:On Tue, 10 Oct 2017
20:26, ved...@nym.hush.com said:

>  gpg (GnuPG) 2.1.11; Copyright (C) 2016 Free Software Foundation,
Inc.

You left out the line which tells the libgcrypt version numbers like
in

  $ gpg --version
  gpg (GnuPG) 2.2.1-beta1
  libgcrypt 1.8.1
  [...]
=

Sorry,

here it is:

londo@londo-earth-trinket:~$ gpg2 --verbose --verbose --version
gpg (GnuPG) 2.1.11
libgcrypt 1.6.5

Should I get the new Libcrypt?
TIA

Vedaal

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: Generating a new keypair through GnuPG 2.x in Ubuntu 16.0.4

2017-10-10 Thread Werner Koch
On Tue, 10 Oct 2017 20:26, ved...@nym.hush.com said:

>   gpg (GnuPG) 2.1.11; Copyright (C) 2016 Free Software Foundation, Inc.

You left out the line which tells the libgcrypt version numbers like in

  $ gpg --version
  gpg (GnuPG) 2.2.1-beta1
  libgcrypt 1.8.1
  [...]


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpe9T1NR5y7N.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Generating a new keypair through GnuPG 2.x in Ubuntu 16.0.4

2017-10-10 Thread vedaal
I recently got a new laptop, and installed Ubuntu 16.0.4 LTS and used
the Ubuntu Software to install Kleopatra.
Ubuntu 16.0.4 has GnuPG 1.4.20 installed by default.

After installation, I tried to generate a keypair and could not.
Here is what happened:

=[begin quoted terminal]=

 p { margin-bottom: 0.1in; line-height: 120%; } 

londo@londo-earth-trinket:~$ gpg2 --gen-key 

gpg (GnuPG) 2.1.11; Copyright (C) 2016 Free Software Foundation, Inc.


This is free software: you are free to change and redistribute it. 

There is NO WARRANTY, to the extent permitted by law. 
Note: Use "gpg2 --full-gen-key" for a full featured key generation
dialog. 
GnuPG needs to construct a user ID to identify your key. 
Real name: kleo sixteenOfour 

Email address: k...@test.key 

You selected this USER-ID: 

"kleo sixteenOfour " 
Change (N)ame, (E)mail, or (O)kay/(Q)uit? o 

We need to generate a lot of random bytes. It is a good idea to
perform 

some other action (type on the keyboard, move the mouse, utilize the 

disks) during the prime generation; this gives the random number 

generator a better chance to gain enough entropy. 

gpg: agent_genkey failed: Not supported 

Key generation failed: Not supported
londo@londo-earth-trinket:~$ gpg2 --full-gen-key 

gpg (GnuPG) 2.1.11; Copyright (C) 2016 Free Software Foundation, Inc.


This is free software: you are free to change and redistribute it. 

There is NO WARRANTY, to the extent permitted by law. 
Please select what kind of key you want: 

   (1) RSA and RSA (default) 

   (2) DSA and Elgamal 

   (3) DSA (sign only) 

   (4) RSA (sign only) 

Your selection? 1 

RSA keys may be between 1024 and 4096 bits long. 

What keysize do you want? (2048)   

Requested keysize is 2048 bits 

Please specify how long the key should be valid. 

 0 = key does not expire 

= key expires in n days 

  w = key expires in n weeks 

  m = key expires in n months 

  y = key expires in n years 

Key is valid for? (0)   

Key does not expire at all 

Is this correct? (y/N) y 
GnuPG needs to construct a user ID to identify your key. 
Real name: kleo sixteenOfour 

Email address: k...@test.key 

Comment: local keysigning only 

You selected this USER-ID: 

"kleo sixteenOfour (local keysigning only) " 
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o 

We need to generate a lot of random bytes. It is a good idea to
perform 

some other action (type on the keyboard, move the mouse, utilize the 

disks) during the prime generation; this gives the random number 

generator a better chance to gain enough entropy. 

gpg: agent_genkey failed: Not supported 

Key generation failed: Not supported 

londo@londo-earth-trinket:~$ 
=[end quoted terminal]=
What am I forgetting/doing wrong?
TIA

vedaal
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: Very slow symmetric encryption/decryption with GnuPG 2.X

2016-06-26 Thread Werner Koch
On Sun, 26 Jun 2016 19:50, wurzelsepp1...@web.de said:

> I use a Bashscript for Cloud-Encryption-Purposes under Debian Testing. It uses
> GnuPG for symmetrically encryption of many files with a for loop. With GnuPG
> 1.4.20, the encryption/decryption runs always very fast on my machine,
> GnuPG 2.X the speed is many many times slower. This process is really slow, I

For small files most time is spend on the KDF function to convert a
passphrase into a key.  With 1.4. you may be using an low iteration
count but since 2.x we set the iteration count to a value which results
in about 100ms for the KDF.  We have an open bug that it is not possible
to modify that iteration count (--s2k-count) for 2.1.

It might be possible to allow --multifile with --symmetric so that the
KDF is run only once.  However, you would use the very same key for all
files which might not be what you want.  If you have a high entropy
passphrase for symmetric encryption, there is no need for a KDF
function and you could use --s2k-mode 0 to use that key directly.  Given
that you need to store such a key anyway in a file, I would suggest to
use regular public key encryption instead and store the secret key on
the receiving machine.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
/* EFH in Erkrath: https://alt-hochdahl.de/haus */


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Very slow symmetric encryption/decryption with GnuPG 2.X

2016-06-26 Thread wurzelsepp1337
Hello

 


I use a Bashscript for Cloud-Encryption-Purposes under Debian Testing. It uses GnuPG for symmetrically encryption of many files with a for loop. With GnuPG 1.4.20, the encryption/decryption runs always very fast on my machine, but with GnuPG 2.X the speed is many many times slower. This process is really slow, I see the slow encryption/decryption of every (even small) single file.

 

Versions:
GnuPG 1.4.20
GnuPG 2.1.11 (even very slow with 2.0.X)

 

Commandline:
tar -cf - "$file" | gpg2 -z 0 --yes --batch --no-tty --symmetric --cipher-algo twofish --digest-algo sha512 --passphrase-file FILE -o /PATH/FILE

 

I've tested out that the RNG is not the problem. But even with "ln -s /dev/urandom /dev/random", the speed remains very slow.

Is there any way to analyse these performance differences? I've no idea.
But I think its better to use newer versions, when GnuPG 2.X represents the future.

 

Nick


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Very slow symmetric encryption/decryption with GnuPG 2.X

2016-06-26 Thread wurzelsepp1337
Hello
 

I use a Bashscript for Cloud-Encryption-Purposes under Debian Testing. It uses 
GnuPG for symmetrically encryption of many files with a for loop. With GnuPG 
1.4.20, the encryption/decryption runs always very fast on my machine, but with 
GnuPG 2.X the speed is many many times slower. This process is really slow, I 
see the slow encryption/decryption of every (even small) single file.
 
Versions:
GnuPG 1.4.20
GnuPG 2.1.11 (even very slow with 2.0.X)
 
Commandline:
tar -cf - "$file" | gpg2 -z 0 --yes --batch --no-tty --symmetric --cipher-algo 
twofish --digest-algo sha512 --passphrase-file FILE -o /PATH/FILE
 
I've tested out that the RNG is not the problem. But even with "ln -s 
/dev/urandom /dev/random", the speed remains very slow.
Is there any way to analyse these performance differences? I've no idea.
But I think its better to use newer versions, when GnuPG 2.X represents the 
future.
 
Nick

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: Public Key Algorithms - GnuPG 2.x lists fewer than GnuPG 1.x

2014-08-28 Thread Werner Koch
On Thu, 28 Aug 2014 12:11, kristian.fiskerstr...@sumptuouscapital.com
said:

> Speaking of which, with libgcrypt 1.7.0 this has the fun variant of
> (note the 3x RSA, without distinguishing -S and -E)

be98b59 gpg: Do not show "MD5" and triplicated "RSA" in --version.


Thanks,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: Public Key Algorithms - GnuPG 2.x lists fewer than GnuPG 1.x

2014-08-28 Thread Kristian Fiskerstrand
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 08/28/2014 11:57 AM, Werner Koch wrote:
> On Wed, 27 Aug 2014 23:27, 2014-667rhzu3dc-lists-gro...@riseup.net
> said:
>> 1.4.16: RSA, RSA-E, RSA-S, ELG-E, DSA
>> 
>> 2.0.26: RSA, ELG, DSA
>> 
>> Is this actually a change in what is supported, or just how GnuPG
>>  reports it?
> 
> No.  RSA-E and RSA-S are the same as RSA.  They merely use
> different algorithm numbers.
> 

Speaking of which, with libgcrypt 1.7.0 this has the fun variant of
(note the 3x RSA, without distinguishing -S and -E)

$ gpg2 --version
gpg (GnuPG) 2.0.26
libgcrypt 1.7.0-beta108
Pubkey: RSA, RSA, RSA, ELG, DSA

$ gpg2.1 --version
gpg (GnuPG) 2.1.0-beta794
libgcrypt 1.7.0-beta108
Pubkey: RSA, RSA, RSA, ELG, DSA, ECDH, ECDSA, EDDSA

- -- 
- 
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- 
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- 
"I never worry about action, but only inaction."
(Winston Churchill)
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJT/wAqAAoJEPw7F94F4TagoFAQAIArE7FBtD/bptEOsF+3bFjU
jjvES5wLZahhbO9YNgWpG/DpFvB6UbbczvujSWYFG7caRsKGj5NNjmb1O1bpJE7a
sZgmmFXJMdkW53arBxHS3IOD8DjTKnp4XVj6QU2+29yz8jBjXZM4nVo3NkhOhAr+
cBuoI42s+yY5dt4Fo4vSqQSw+o2sWAxCMeZLt9ia/CRZSGpqKobUZPUro5noiS1X
zG1ADuhd3s0mRs+C6W+b//gaDsqt/lUOh+cg4fjrtQQ9VuXyYsLK7Qhskcqaie0l
PpbdNajiWqDsf+r49tqDQkxybKVyfajtVK+Da9iCI5W7/IfNzn4PlbMOZRod5PX8
JxoqkNDAmSZeuOOMf+Q0eNESMTzeDegxtF9+yr2Sr12JHn01Yp5upUJ+z2AHNK4f
wmFMwZQAr7tDdczUOcrfBYplkaecf3I1qdGHtjlQJUU+tjPouoCJfxWEUlbCEXiE
jUJsXNbbbC9dhLpIRaCLM1G2ISnb+f4m3uVZZaLXYNT2wDKjn0yQreqg7MbVhf1G
NMgYe/RQZQQOUOdyQk9UMkkNmfltG1pxgZDp/Q7lz3Ba78uPI6urGA0sn2FsVUpM
tg5jWo7rDcQlBGxvJkBpNIFkQJTw73aSNbL1BxVV6b56w56KnNXCrowhcuvAut6X
kki7q1lja97CiUwOfhqh
=k+Hy
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: Public Key Algorithms - GnuPG 2.x lists fewer than GnuPG 1.x

2014-08-28 Thread Werner Koch
On Wed, 27 Aug 2014 23:27, 2014-667rhzu3dc-lists-gro...@riseup.net said:
> 1.4.16: RSA, RSA-E, RSA-S, ELG-E, DSA
>
> 2.0.26: RSA, ELG, DSA
>
> Is this actually a change in what is supported, or just how GnuPG 
> reports it?

No.  RSA-E and RSA-S are the same as RSA.  They merely use different
algorithm numbers.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Public Key Algorithms - GnuPG 2.x lists fewer than GnuPG 1.x

2014-08-27 Thread MFPA
Hi


I only just noticed that among the output of "gpg --version" I get
different lists of supported public key algorithms between versions
1.4.16 and 2.0.26.

1.4.16: RSA, RSA-E, RSA-S, ELG-E, DSA

2.0.26: RSA, ELG, DSA

Is this actually a change in what is supported, or just how GnuPG 
reports it?



-- 
Best regards

MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net

A nod is as good as a wink to a blind bat!


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Gpg4Win // GnuPG 2.x

2014-01-02 Thread vedaal
Am using Gpg4win 2.2.1 /GnuPG 2.0.22

Did gpg --dump-options and noticed that the --faked-system-time option is not 
listed.

Was this option removed?


vedaal


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


OT: MFT and posting via gmane (was: Re: 2.x)

2013-12-27 Thread Jens Lechtenboerger
Hi there,

I’m posting this via gmane with header “Mail-Copies-To: never”,
which should be translated to an MFT header by Gmane (see
http://gmane.org/post.php).

From the Message manual:
For instance, if you're running Gnus and wish to insert a
`Mail-Copies-To' header in all your news articles and all messages
you send to mailing lists, you could do something like the
following:

(defun my-message-header-setup-hook ()
  (let ((group (or gnus-newsgroup-name "")))
(when (or (message-fetch-field "newsgroups")
  (gnus-group-find-parameter group 'to-address)
  (gnus-group-find-parameter group 'to-list))
  (insert "Mail-Copies-To: never\n"

(add-hook 'message-header-setup-hook
  'my-message-header-setup-hook)

Best wishes
Jens


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: 2.x

2013-12-23 Thread Uwe Brauer
>> "Jens" == Jens Lechtenboerger
>>  writes: 

   > On So, Dez 22 2013, Uwe Brauer wrote:
   >> "Jens" == Jens Lechtenboerger
   >> > P.S. Do you know Mail-Followup-To (MFT)?
   >> Do you find this annoying?

   > MFT has benefits: If I reply to a message with MFT, the To header
   > is automatically directed to the list (instead of the From e-mail
   > address).  A small joy ;) Moreover, with MFT I know whether you
   > would like to receive a separate copy for replies or not.

I still don't understand. I am not subscribed to this mailing list and
use the gmane interface.
So this message is sent to a (virtual) newsgroup, and maybe
mail-followup does not make sense there?


I have set message-use-followup-to and message-use-mail-followup-to to
'use, but it does not do a thing.

I could use message-goto-followup-to, but then which what I am supposed
to insert.

regards

Uwe Brauer 


smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


(OT) Mail-Followup-To or not? (was Re: 2.x)

2013-12-22 Thread Peter Lebbing
On 22/12/13 19:36, Jens Lechtenboerger wrote:
> Moreover, with MFT I know whether you would like to receive a separate
> copy for replies or not.

You could also interpret the absence of any headers indicating otherwise that
the person might not care enough about that to set headers.

My 2 cents,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: 2.x

2013-12-22 Thread Jens Lechtenboerger
On So, Dez 22 2013, Uwe Brauer wrote:

> "Jens" == Jens Lechtenboerger
>> P.S. Do you know Mail-Followup-To (MFT)?
>
> hm, I am reading this group via gmane (and news) I use simply 
> gnus-summary-followup-with-original which results in a mail 
> to  Newsgroups: gmane.comp.encryption.gpg.user

I don’t know about that.

> Do you find this annoying?

MFT has benefits: If I reply to a message with MFT, the To header is
automatically directed to the list (instead of the From e-mail address).
A small joy ;)
Moreover, with MFT I know whether you would like to receive a separate
copy for replies or not.

Best wishes
Jens

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: 2.x

2013-12-22 Thread Uwe Brauer
>> "Tristan" == Tristan Santore  writes:

   > On 22/12/13 17:24, Uwe Brauer wrote:
    "K" == K Raven  writes:

   > You being German has nothing to do with the fact you can read it. I am
   > British, I can also read it.
   > ;-p

Correct, but, being German :-D, it would  have been very odd, if I were
not able to read it.. 


PS
And I presume my  name is most likely be an unique German name (it exists
in Scandinavian countries but with different spellings.)


smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: 2.x

2013-12-22 Thread Tristan Santore
On 22/12/13 17:24, Uwe Brauer wrote:
>>> "K" == K Raven  writes:
>> Hi,
>
>> I'm using Kubuntu (13.10) too and because many packets depend on gnupg,
>> i use the Alternatives system to leave gnupg1 installed and use gnupg2
>> in parallel. You can see that on
>>  (in German, but
>> the commandos are readable). Sure, you must repeat the steps after gnupg
>> updates. Alternatively (at the end of the chapter), you can rename the
>> gnupg1 binaries and make symlinks to gnupg2, but i don't like that.
>
> Thanks, since I am German, I can read this document :-D 
>
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
You being German has nothing to do with the fact you can read it. I am
British, I can also read it.
;-p

Regards,

Tristan

-- 

Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812
tristan.sant...@internexusconnect.net

Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)

For Fedora related issues, please email me at:
tsant...@fedoraproject.org

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: 2.x

2013-12-22 Thread Uwe Brauer
>> "K" == K Raven  writes:

   > Hi,

   > I'm using Kubuntu (13.10) too and because many packets depend on gnupg,
   > i use the Alternatives system to leave gnupg1 installed and use gnupg2
   > in parallel. You can see that on
   >  (in German, but
   > the commandos are readable). Sure, you must repeat the steps after gnupg
   > updates. Alternatively (at the end of the chapter), you can rename the
   > gnupg1 binaries and make symlinks to gnupg2, but i don't like that.

Thanks, since I am German, I can read this document :-D 


smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: 2.x

2013-12-22 Thread Uwe Brauer
>> "Jens" == Jens Lechtenboerger
>>  writes: 

   > On Sa, Dez 21 2013, Uwe Brauer wrote:

   >> I am on Kubuntu 10.04 and I have both gnupg and gnupg2
   >> installed. Now since 2.x is not affected by the problem mentioned
   >> I prefer to use it. However how can I be sure that gnupg2 is used
   >> for my email correspondence for which I use pgp-mime and not
   >> gnupg? (I am using Xemacs+gnus)

   > You can uninstall or update gnupg :-)

well, no, because then apt-get tells me to uninstall 
roughly 36 package, some of them look pretty much like core programs.

   > Alternatively, for EasyPG you can customize epg-gpg-program.  (The
   > configuration code tries gpg first, gpg2 second.  So uninstall
   > should really help.)

Ok this was the variable I was looking for. I looked up gpg, epa but not
epg! thanks


   > Best wishes
   > Jens


Uwe 
   > P.S. Do you know Mail-Followup-To (MFT)?
   > If you customized message-subscribed-addresses, my reply would
   > automatically get the correct recipient headers, see:
   > 
https://www.gnu.org/software/emacs/manual/html_node/message/Mailing-Lists.html

hm, I am reading this group via gmane (and news) I use simply 
gnus-summary-followup-with-original which results in a mail 
to  Newsgroups: gmane.comp.encryption.gpg.user
Do you find this annoying?


smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: 2.x

2013-12-22 Thread K. Raven
Hi,

> On Sa, Dez 21 2013, Uwe Brauer wrote:
> 
>> I am on Kubuntu 10.04 and I have both gnupg and gnupg2 installed.
>> Now since 2.x is not affected by the problem mentioned I prefer to
>> use it. However how can I be sure that gnupg2 is used for my email 
>> correspondence for which I use pgp-mime and not gnupg? (I am using 
>> Xemacs+gnus)
> 
> You can uninstall or update gnupg :-)

I'm using Kubuntu (13.10) too and because many packets depend on gnupg,
i use the Alternatives system to leave gnupg1 installed and use gnupg2
in parallel. You can see that on
<http://wiki.kairaven.de/open/krypto/gpg/p/gpg4#linux> (in German, but
the commandos are readable). Sure, you must repeat the steps after gnupg
updates. Alternatively (at the end of the chapter), you can rename the
gnupg1 binaries and make symlinks to gnupg2, but i don't like that.

-- 
Ciao
Kai

http://kairaven.de/

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: 2.x

2013-12-22 Thread Jens Lechtenboerger
On Sa, Dez 21 2013, Uwe Brauer wrote:

> I am on Kubuntu 10.04 and I have both gnupg and gnupg2 installed. Now
> since 2.x is not affected by the problem mentioned I prefer to use
> it. However how can I be sure that gnupg2 is used for my email
> correspondence for which I use pgp-mime and not gnupg? (I am using
> Xemacs+gnus)

You can uninstall or update gnupg :-)

Alternatively, for EasyPG you can customize epg-gpg-program.  (The
configuration code tries gpg first, gpg2 second.  So uninstall
should really help.)

Best wishes
Jens

P.S. Do you know Mail-Followup-To (MFT)?
If you customized message-subscribed-addresses, my reply would
automatically get the correct recipient headers, see:
https://www.gnu.org/software/emacs/manual/html_node/message/Mailing-Lists.html

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


2.x (was: [Announce] [security fix] GnuPG 1.4.16 released)

2013-12-21 Thread Uwe Brauer
>> "Werner" == Werner Koch  writes:

   > Hello!

   > Along with the publication of an interesting new side channel attack by
   > Daniel Genkin, Adi Shamir, and Eran Tromer we announce the availability
   > of a new stable GnuPG release to relieve this bug: Version 1.4.16.

   > This is a *security fix* release and all users of GnuPG versions 1.x are
   > advised to updated to this version.  GnuPG versions 2.x are not
   > affected.  See below for the impact of the problem.

I am on Kubuntu 10.04 and I have both gnupg and gnupg2 installed. Now
since 2.x is not affected by the problem mentioned I prefer to use
it. However how can I be sure that gnupg2 is used for my email
correspondence for which I use pgp-mime and not gnupg? (I am using
Xemacs+gnus)

thanks

Uwe Brauer 


smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: Libgcrypt 1.6.0 released and gunpg 2.x

2013-12-17 Thread Werner Koch
On Tue, 17 Dec 2013 05:23, shm...@riseup.net said:

> use the new 1.6.0, do i need to uninstall gnupg & libcrypt and then
> compile both again together, and re-install ?

1.6.0 has a new SO number so there are no runtime conflicts.  However,
to avoid building problems, better de-install or overwrite the 1.5.3
development files (static library (if build), header files, and
libgcrypt-config).

If you installed 1.5.3 yourself, simply installing 1.6.0 should do
everything you need.  I am not 100% sure that building gnupg 2.0 will
work without problems - I only tested the latest 2.0 GIT version.

> gnupg 2.x would not work with the new libgcrypt if i just install it
> alone, would it ? (im sure i have to do it all again...)

No you need to build gnupg again.  Libgcrypt has a different ABI and
thus a different SO number (20 on common Linux systems).


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Libgcrypt 1.6.0 released and gunpg 2.x

2013-12-16 Thread shm...@riseup.net
this looks like a significant upgrade

if i have already compiled gnupg 2.x with libgcrypt 1.5.3, and i want to
use the new 1.6.0, do i need to uninstall gnupg & libcrypt and then
compile both again together, and re-install ?

gnupg 2.x would not work with the new libgcrypt if i just install it
alone, would it ? (im sure i have to do it all again...)



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: gpg 2.x or gpg 1.x // is there a way to tell which one was used from the encrypted file?

2013-05-24 Thread Werner Koch
On Fri, 24 May 2013 16:12, ved...@nym.hush.com said:

> is there a way to tell whether the message was encrypted with gnupg 1.x or 
> 2.x,


No.  It might be possible to guess a specific version by looking at some
packet details but that would be pretty fragile.  OpenPGP defines what's
on the wire and thus gpg has to conform to that.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


gpg 2.x or gpg 1.x // is there a way to tell which one was used from the encrypted file?

2013-05-24 Thread vedaal
Assuming one does not use the version line in an armored gnupg encrypted 
message,
is there a way to tell whether the message was encrypted with gnupg 1.x or 2.x,

(Assume also that the receiver can decrypt the message.)

I tried  --list-packets  with  the highest verbose option,
but no mention of the encrypting version is listed.

TIA,

vedaal


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: GPG 1.4.x, 2.x, ECC, and portability

2012-05-22 Thread Werner Koch
On Tue, 22 May 2012 17:29, avi.w...@gmail.com said:

> That would be great! To close the loop, could the installer be
> modified to ask if the current install is portable and then create
> that file before the rest of the install to make it seamless?

I am not keen to add yet another visible option.  However, there are
command line parameters which can be employed to do this.  But then you
need a script anyway and that script could also create that file.



Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: GPG 1.4.x, 2.x, ECC, and portability

2012-05-22 Thread Avi
>On Tue, May 22, 2012 at 5:15 AM, Werner Koch  wrote:
  On Tue, 15 May 2012 16:50, avi.w...@gmail.com said:

  > them temporarily each time if necessary. Allowing an option to have
  > the home and other helper directories configured as a subfolder of the
  > install directory on the install should be helpful as well.  What I

>I agree.  We could do this.  If a file "gnupg-enable-standalone" exists
>in the same directory as the gpg binary, we set the GNUPGHOME directory to
>a subdirectory (e.g. "home") and all other directories also to a
>subdirectory (iirc, we only need an "etc").

That would be great! To close the loop, could the installer be
modified to ask if the current install is portable and then create
that file before the rest of the install to make it seamless?

--Avi


User:Avraham

pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key) 
   Primary key fingerprint: 167C 063F 7981 A1F6 71EC ABAA 0D62 B019 F80E 29F9

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: GPG 1.4.x, 2.x, ECC, and portability

2012-05-22 Thread Werner Koch
On Tue, 15 May 2012 16:50, avi.w...@gmail.com said:

> them temporarily each time if necessary. Allowing an option to have
> the home and other helper directories configured as a subfolder of the
> install directory on the install should be helpful as well.  What I

I agree.  We could do this.  If a file "gnupg-enable-standalone" exists
in the same directory as the gpg binary, we set the GNUPGHOME directory to
a subdirectory (e.g. "home") and all other directories also to a
subdirectory (iirc, we only need an "etc").

On a USB stick this might look like this

  /# Binaries etc.
  |
  + home/  # pubring, trustdb etc.  (This is NEW).
  | |  
  | + private-keys-v1.d/  # Secret X.509 keys
  |   # and (for v2.1) secret OpenPGP keys
  |
  + pub/   # Stuff you may put into your PATH
  |
  + etc/   # Dirmngr configuration
  |   
  + lib/   # Stuff required by GnuPG etc.
  |
  ...


If the file "gnupg-enable-standalone"  is not in the root directory,
everything behaves as before.


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: GPG 1.4.x, 2.x, ECC, and portability

2012-05-15 Thread Avi
On Tue, May 15, 2012 at 5:33 AM, Werner Koch  wrote:
> On Mon, 14 May 2012 23:53, avi.w...@gmail.com said:
>
>> anything to work, as I am not able to figure out how to us gpgconf to
>> switch sysconfdir to my stick's drive, and everything else is failing
>
> The directory is determined by looking at CSIDL_COMMON_APPDATA.  It
> seems you can change the value by changing the environment variable
> APPDATA.  However, I am not sure whether this is a documented feature.

Thank you; I didn't see this in the manual. I'm loathe to change it
though as that probably affects many programs on the hosting computer,
and may cause many other programs to go a bit haywire.

> A quick test shows that a wrong value for APPDATA returns an error and
> thus gnupg will use a value based on the actual modules directory.
>
> What do you think of an environment variable to explicitly force the use
> of the installation directory (i.e the USB stick).  Instead of an envvar
> we could also check the presence of a marker file in the installation
> directory, to disable all use of default locations.  Both things are
> easy to implement.

Speaking for myself, I think I would prefer the latter to the former,
as I would prefer to have a Windows installation that is (as much as
possible) completely divorced from the hosting computer and results in
a GnuPG installation that is as "portable" as possible between trusted
computers. This would mean minimizing or eliminating any reference to
environment variable OR having the launch of the program/GUI setting
them temporarily each time if necessary. Allowing an option to have
the home and other helper directories configured as a subfolder of the
install directory on the install should be helpful as well.  What I
have now with 1.4.x is the ability to plug my stick into any trusted
computer, fire up Truecrypt, mount the encrypted drive, and use a GUI
to sign, encrypt, and decrypt the clipboard or files, manage keys
(including signing, generating revoke certs, etc.) and pretty much
using a GUI to handle most command-line actions of gpg.


> I don't know how the USB stick approach works with the Outlook and
> Explorer plugins - they need to have registry entries.

Agreed. Having a portable installation would preclude integration with
other programs, so the Outlook and Explorer extensions would not be
installed in such a situation. In my current 1.4.12 install, for
example, I do not have shell integration or plugins to other programs,
which is fine, as who is to say that a program on trusted computer A
is installed on trusted computer B.

Once again, thank you.

--Avi


User:Avraham

pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key) 
   Primary key fingerprint: 167C 063F 7981 A1F6 71EC ABAA 0D62 B019 F80E 29F9

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: GPG 1.4.x, 2.x, ECC, and portability

2012-05-15 Thread Werner Koch
On Mon, 14 May 2012 23:53, avi.w...@gmail.com said:

> anything to work, as I am not able to figure out how to us gpgconf to
> switch sysconfdir to my stick's drive, and everything else is failing

The directory is determined by looking at CSIDL_COMMON_APPDATA.  It
seems you can change the value by changing the environment variable
APPDATA.  However, I am not sure whether this is a documented feature.

A quick test shows that a wrong value for APPDATA returns an error and
thus gnupg will use a value based on the actual modules directory.

What do you think of an environment variable to explicitly force the use
of the installation directory (i.e the USB stick).  Instead of an envvar
we could also check the presence of a marker file in the installation
directory, to disable all use of default locations.  Both things are
easy to implement.

I don't know how the USB stick approach works with the Outlook and
Explorer plugins - they need to have registry entries.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: GPG 1.4.x, 2.x, ECC, and portability

2012-05-14 Thread Avi
On Mon, May 14, 2012 at 5:19 PM, Werner Koch  wrote:
> With gpgconf it is even easier to do this with 2.x.  There is no need
> for a registry key for example.  Obviously you need to set GNUPGHOME if
> you don't want to use the default home directory.


Thank you, Werner.

I've tried installing GPG4Win to my USB stick, and I cannot get
anything to work, as I am not able to figure out how to us gpgconf to
switch sysconfdir to my stick's drive, and everything else is failing
due to not finding the corresponding drive on C: (which I do not want
to exist). Am I just missing something simple?

Thank you,

Avi


User:Avraham

pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key) 
   Primary key fingerprint: 167C 063F 7981 A1F6 71EC ABAA 0D62 B019 F80E 29F9

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: GPG 1.4.x, 2.x, ECC, and portability

2012-05-14 Thread Werner Koch
On Mon, 14 May 2012 18:05, avi.w...@gmail.com said:
> In one of the recent, longer, threads, it was my understanding
> that Werner said that the 1.4.x branch of GnuPG will not be
> updated to have ECC capabilities, and may eventually be "put
> into runoff" as it were. Werner, may I request that you confirm
> or refute that?

Right, that is the current plan.  Maintaining two stable branches is
extremely time and thus cost intensive.  Given that it is hard to find
any financial funding for our work, we need to spend our time more
effective.  Consider that GnuPG-2 is more than 10 years old and 1.4 only
4 years older.  I consider 2.0 more matured than 1.4.

> Assuming that is the case, it means those of us using 1.4.x need
> to move to 2.x to use ECC. In and of itself that shouldn't be an

We try to make it as easy as possible.  In 2.1 there is even a way to
provide a passphrase to gpg-agent - without a need for Pinentry.


> issue. What concerns me is that, and perhaps this is due solely
> to ignorance, it appears to me that GnuPG 2.0 for Windows cannot
> be installed in a solely portable fashion the way that 1.4.12
> can. I do not wish to get into the debate about the benefits of

With gpgconf it is even easier to do this with 2.x.  There is no need
for a registry key for example.  Obviously you need to set GNUPGHOME if
you don't want to use the default home directory.

> any possibility that someone other than Werner would consider
> folding the code into 1.4.x? I am not a programmer by a long

The major problem is not about writing the code in the first place, but
to maintain it for the next couple of years if not decades.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


GPG 1.4.x, 2.x, ECC, and portability

2012-05-14 Thread Avi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

In one of the recent, longer, threads, it was my understanding
that Werner said that the 1.4.x branch of GnuPG will not be
updated to have ECC capabilities, and may eventually be "put
into runoff" as it were. Werner, may I request that you confirm
or refute that?

Assuming that is the case, it means those of us using 1.4.x need
to move to 2.x to use ECC. In and of itself that shouldn't be an
issue. What concerns me is that, and perhaps this is due solely
to ignorance, it appears to me that GnuPG 2.0 for Windows cannot
be installed in a solely portable fashion the way that 1.4.12
can. I do not wish to get into the debate about the benefits of
having ones GnuPG installation on a USB stick, keyloggers,
rootkits, and the overall safety of all of the above. If for
whatever reason there are people who wish to have a completely
self-contained Windows installation of GnuPG on a flashdrive
(and not one built-in like crypto drive, which cannot use ECC
now anyway) is there 1) any way that can be done, and if not, 2)
any possibility that someone other than Werner would consider
folding the code into 1.4.x? I am not a programmer by a long
shot, and this would so far out of my league as to be
functionally impossible, so I cannot volunteer to do anything,
unfortunately; merely piggyback off of the expertise of others,
I am afraid.

Thank you,

Avi
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (MingW32) - GPGshell v3.78
Comment: Most recent key: Click show in box @ http://is.gd/4xJrs

iL4EAREKAGYFAk+v/81fGGh0dHA6Ly9rZXlzZXJ2ZXIudWJ1bnR1LmNvbS9wa3Mv
bG9va3VwP29wPWdldCZoYXNoPW9uJmZpbmdlcnByaW50PW9uJnNlYXJjaD0weDBE
NjJCMDE5RjgwRTI5RjkACgkQDWKwGfgOKfmx0QD9FCKt7218fnanMfVRUCpvATFN
SpuUiCcfjpZ8gm9O7+EA/j5jXY6jKbR4YgVNeQNDeEuN4yYV5ls+71PNk1MrF05v
=GM+F
-END PGP SIGNATURE-


User:Avraham

pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key)

   Primary key fingerprint: 167C 063F 7981 A1F6 71EC ABAA 0D62 B019 F80E
29F9

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: Easiest way to migrate from GPG 1.4.11 to 2.x?

2011-09-18 Thread Doug Barton
On 09/18/2011 15:49, Faramir wrote:
> Hello,
>   I've been a very happy user of 1.4.x branch for some years. Now
> I'm thinking about moving to 2.x, which would mean GPG4Win. How do I
> migrate my keyrings to 2.x? Simple copy/paste?

No need to migrate anything at this point. The two are interchangeable.

-- 

Nothin' ever doesn't change, but nothin' changes much.
-- OK Go

Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price.  :)  http://SupersetSolutions.com/


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Easiest way to migrate from GPG 1.4.11 to 2.x?

2011-09-18 Thread Faramir
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hello,
  I've been a very happy user of 1.4.x branch for some years. Now
I'm thinking about moving to 2.x, which would mean GPG4Win. How do I
migrate my keyrings to 2.x? Simple copy/paste?

  Best Regards
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJOdnVhAAoJEMV4f6PvczxAe5EIAKmZYSwgI+I4YpZIj5nl5pPM
kJGK4fw+HWtdO+/UtdAr5UQryJP73outnE4kX62973Nbykdnqo/aXDX7slFUwWH4
imBIHBL/QYz+hTgkmF2oCO7QTNbZNmlz7QUdarTklE6blTnzSb4yHu/jlOawle/+
+B7msyJ5L4OgJHUSYSV7ZBIyqDwec/hpuQYzurxee7pzzYrqrGLjaJRkVZ6kKThr
fpsjf6MH6uvGTHjoj5p8LEIUXvEytf7duUVaTOvXFQuDAyr2+LqyWN1K8R0kAJdA
DGn6v1N0DjCYmWrfGQkAWTbhDXEC/L2svd303DpMXdhAfNRwX3KoxGno7/Ua8wI=
=XmEm
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: gpgshell and gnupg 2.x? (trusted: w...@gnupg.org)

2009-06-08 Thread Werner Koch
On Sat,  6 Jun 2009 10:27, mani...@gmail.com said:

> Do we increase risk (risk of attacks, risk of errors etc ) by using front
> ends ?

That is hard to tell.  Every extra line of code adds the risk of a new
error; thus frontends are risky.  However, most errors are due to user
errors and thus a good frontend will actually reduce the risk of errors.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: gpgshell and gnupg 2.x? (trusted: w...@gnupg.org)

2009-06-06 Thread Subu
Hi Werner

Do we increase risk (risk of attacks, risk of errors etc ) by using front
ends ?


Regards
maniams

On Fri, Jun 5, 2009 at 10:46 AM, Werner Koch - w...@gnupg.org
<+gpg2+maniams+381edcc67a.wk#gnupg@spamgourmet.com> wrote:

> On Thu,  4 Jun 2009 23:50, allen.schu...@gmail.com said:
> > Couple of questions. Is there a mailing list for gpgshell? If
> > not, Does GPGShell support gnupg 2.x?
>
> I don't know and I am not interested to look thi up.  GPGShell is
> proprietary software!
>
> Note that there is another frontend called "GnuPG Shell" which is
> sometimes confused with "GPGShell".  Only "GnuPG Shell" is Free Software
> and cross-platform.
>
>
> Shalom-Salam,
>
>   Werner
>
> --
> Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.
>
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: gpgshell and gnupg 2.x?

2009-06-04 Thread Werner Koch
On Thu,  4 Jun 2009 23:50, allen.schu...@gmail.com said:
> Couple of questions. Is there a mailing list for gpgshell? If
> not, Does GPGShell support gnupg 2.x?

I don't know and I am not interested to look thi up.  GPGShell is
proprietary software!

Note that there is another frontend called "GnuPG Shell" which is
sometimes confused with "GPGShell".  Only "GnuPG Shell" is Free Software
and cross-platform.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: gpgshell and gnupg 2.x?

2009-06-04 Thread John W. Moore III
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Peter Pentchev wrote:

> Errr, unless I'm badly mistaken, gpg-agent doesn't come with GnuPG 1.4.x
> and to build and use it, you need some of those component libraries.
> And, at least for me, gpg-agent is a very, very comfortable and
> convenient tool.

You are correct that GPG Agent doesn't 'come with' GnuPG 1.4.x but IMO,
GPGshell is far more flexible and simple to use on a M$ machine than GPG
Agent.  In fact, having used GPG Agent I wish GPGshell were available
for Linux.

JOHN ;)
Timestamp: Thursday 04 Jun 2009, 18:55  --400 (Eastern Daylight Time)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10-svn5031: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJKKFEBAAoJEBCGy9eAtCsPxlAH/2MGwu/V1x6Ol2RD19YoRO82
N8h2aPPtxk+Oin/AWJz9nnhmYD5QKSxyvN4/jgNy/ZrqlMrX1pM5Bs4eYUS1yKKc
aFmZEpMnfsVH+QfLwhNOWWzW519NcIp+wHfucqrPSi1/lYoPYf+Rjv0OV+ujIMMn
95sG/5ryo4r2GQmiYrlezKU/efRCu+KaGx2QN5jS3eU1IKpOM7K2F+cXoZBWFsBO
Ioy8FeMNBdMo/TilmpB2AYh1j+ORa0ACoGmVp8c0j8L9UX4q2wXgICaVl2OslyXS
EpngnyfmBFqwkuRJde49a/xE4nuPzQlsyN0wJFkS/c5+PU81z5OJ1SoUd3m3ODg=
=XWRS
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: gpgshell and gnupg 2.x?

2009-06-04 Thread Peter Pentchev
On Thu, Jun 04, 2009 at 05:21:04PM -0500, John Clizbe wrote:
> Allen Schultz wrote:
> > Couple of questions. Is there a mailing list for gpgshell? 
> 
> Not that I know of.
> 
> > If not, Does GPGShell support gnupg 2.x?
> 
> Maybe? But why should it?
> 
> Everything OpenPGP related is provided by GnuPG 1.4. GnuPG's added X.509
> functions aren't needed by GPGshell.
> 
> There still seems to be this mistaken impression that GnuPG2 is somehow
> "better" that GnuPG 1.4. It's a reimplementation with component
> libraries instead of a single image.

Errr, unless I'm badly mistaken, gpg-agent doesn't come with GnuPG 1.4.x
and to build and use it, you need some of those component libraries.
And, at least for me, gpg-agent is a very, very comfortable and
convenient tool.

G'luck,
Peter

-- 
Peter Pentchev  r...@ringlet.netr...@space.bgr...@freebsd.org
PGP key:http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
This sentence contradicts itself - or rather - well, no, actually it doesn't!


pgptbhl7p69s3.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: gpgshell and gnupg 2.x?

2009-06-04 Thread John Clizbe
Allen Schultz wrote:
> Couple of questions. Is there a mailing list for gpgshell? 

Not that I know of.

> If not, Does GPGShell support gnupg 2.x?

Maybe? But why should it?

Everything OpenPGP related is provided by GnuPG 1.4. GnuPG's added X.509
functions aren't needed by GPGshell.

There still seems to be this mistaken impression that GnuPG2 is somehow
"better" that GnuPG 1.4. It's a reimplementation with component
libraries instead of a single image.

-- 
John P. Clizbe  Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
 mailto:pgp-public-k...@gingerbear.net?subject=help

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


gpgshell and gnupg 2.x?

2009-06-04 Thread Allen Schultz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Couple of questions. Is there a mailing list for gpgshell? If
not, Does GPGShell support gnupg 2.x?

Allen

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32) - GPGshell v3.72

iQEcBAEBCgAGBQJKKEGQAAoJEMNyjCz1VlHgJc4IAILQZ1fYMXKtiV7W+y1+AAT6
UZ/+sqEwJRecwtWDvjiLof0+r207+BWlZPDiGxSPMUg54BmRDrrvuOJSV+kk7Crt
oWaRHF70j21Y5xbHnOzACuH9cUL3mzDfuUKGiNPtTeWlLIcJODzy3WSjbCykXKig
KvIXx8aTlHWc9nkk3iRnI9GY4Mu3HORUCfAei9jwgxkmEwaY/C5OZCMhsCo1Fthj
QZEpCzZ70Zb1qG3zOvdkX0fIp81afUHvmvXwZ+UVvbVziZUJ5juRtFit4K1YOi7f
h2abHAdrR7zohoae96J5eboncAAxmZgxn9whoMe2BnZlLUg5BLkygXiwgq9dbBY=
=3jgY
-END PGP SIGNATURE-


-- 
Allen Schultz 
pub   3072R/DAD4736B 2009-05-20
  Key fingerprint = 16AD EFE1 D68F C8A8 B086  68CD 1A35 85C7 DAD4 736B
uid  Allen Schultz (aldaek) 
uid  [jpeg image of size 6128]
sub   2048R/F55651E0 2009-05-20 [expires: 2010-05-20]
sub   2048R/5687B83E 2009-05-20 [expires: 2010-05-20]

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: upgrading from 1.x to 2.x

2008-04-23 Thread Torsten Curdt
I've just reverted back to 1.x. Version 2.x does not seem to be worth  
the hassle. 1.x works like charm.


But couldn't import the msg.asc here either ...so it really seems to  
be broken.

Anyway. Not a particular good error message though.

cheers
--
Torsten

On Apr 22, 2008, at 09:41, Torsten Curdt wrote:


Hey Werner,

Thanks for the response!


refreshing the keys fails.

$ gpg2 --refresh-keys
an mpi of size 0 is not allowed
gpg: keyring_get_keyblock: read error: Invalid packet


Incidently this problem was reported to me yesterday and figured out
that the http key helper tool did not worked at all.  Teh windows  
socket
layer was not initialized and at another point we did a dup for a  
socket

which is not going to work.


uh! but then using hkp should work for the update, right?


I don't know why this bug lurked around for
so long.  It might be that gpg2 accidently used the gpg1 key helper
tools (which works) or that we only tested direct hkp server and  
finger

support.


But actually I don't think this is download related.

$ gpg2 --list-keys
/Users/tcurdt/.gnupg/pubring.gpg

pub   1024D/7C200941 2004-04-24
uid  Torsten Curdt <[EMAIL PROTECTED]>
uid  Torsten Curdt <[EMAIL PROTECTED]>
sub   1024g/87C5307C 2004-04-24

...
list some more keys - but not all
...

an mpi of size 0 is not allowed
gpg: keyring_get_keyblock: read error: Invalid packet
gpg: keydb_get_keyblock failed: Invalid keyring


Seems like also other people run into it

http://lists.opensuse.org/opensuse-bugs/2007-09/msg05835.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463270
http://www.gossamer-threads.com/lists/gnupg/devel/43532?page=last

Fankly speaking - it awfully reminds me on a problem I run into with  
1.x before ...that was fixed in later releases of 1.x


http://marc.info/?l=gnupg-devel&m=114694741924376&w=2
http://lists.gnupg.org/pipermail/gnupg-users/2006-May.txt


And even importing a file that (at least) looks perfectly OK gives  
me


$ gpg2 --import msg.asc
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

This is GnuPG 2.0.8 on OSX 10.5.2 installed via MacPorts


Well, this is anotehr problem.  I bet the msg.asc is not okay or  
there

is a problem with the MacPorts version of gpg2.


-BEGIN PGP MESSAGE-
Version: GnuPG v1.4.6 (GNU/Linux)

hQEOAz5rX/KHxTB8EAP/QqFwC0/p/6l7mRLvojOA+WjBq74URkaX6W6L4YPrpDvq
L42waXpfAhMmjLe3zw35+7ViLd/nICP8JB8Qjtbdt3iMIST62IMHbA1L9PxO7BHS
jRs+MwbEzddPnh3Gn/sDdiz3kmq810BcXKpFNuGCIyBqTu8zwxjVhs2nvI1tbBoD
/1wjSpCoJkeG76ZD5sbewiRE2H0Ft2P/S7GqTF6BtWmg1bpCHIN4O0uzkfex0jvk

ftWzVVsGPI8qjtfruCzRiRjjNF/a1ErnVWFR/V6fe7bTUNAgouuUJzKWDLdKc56E
IpcZ1wUPl/zKFVdIwhNP9RUf3gfZKBzySs/xWRs=
=yoCf
-END PGP MESSAGE-

...looks quite OK to me :-/

cheers
--
Torsten

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: upgrading from 1.x to 2.x

2008-04-22 Thread Torsten Curdt

Hey Werner,

Thanks for the response!


refreshing the keys fails.

$ gpg2 --refresh-keys
an mpi of size 0 is not allowed
gpg: keyring_get_keyblock: read error: Invalid packet


Incidently this problem was reported to me yesterday and figured out
that the http key helper tool did not worked at all.  Teh windows  
socket
layer was not initialized and at another point we did a dup for a  
socket

which is not going to work.


uh! but then using hkp should work for the update, right?


 I don't know why this bug lurked around for
so long.  It might be that gpg2 accidently used the gpg1 key helper
tools (which works) or that we only tested direct hkp server and  
finger

support.


But actually I don't think this is download related.

$ gpg2 --list-keys
/Users/tcurdt/.gnupg/pubring.gpg

pub   1024D/7C200941 2004-04-24
uid  Torsten Curdt <[EMAIL PROTECTED]>
uid  Torsten Curdt <[EMAIL PROTECTED]>
sub   1024g/87C5307C 2004-04-24

...
list some more keys - but not all
...

an mpi of size 0 is not allowed
gpg: keyring_get_keyblock: read error: Invalid packet
gpg: keydb_get_keyblock failed: Invalid keyring


Seems like also other people run into it

http://lists.opensuse.org/opensuse-bugs/2007-09/msg05835.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463270
http://www.gossamer-threads.com/lists/gnupg/devel/43532?page=last

Fankly speaking - it awfully reminds me on a problem I run into with  
1.x before ...that was fixed in later releases of 1.x


http://marc.info/?l=gnupg-devel&m=114694741924376&w=2
http://lists.gnupg.org/pipermail/gnupg-users/2006-May.txt



And even importing a file that (at least) looks perfectly OK gives me

$ gpg2 --import msg.asc
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

This is GnuPG 2.0.8 on OSX 10.5.2 installed via MacPorts


Well, this is anotehr problem.  I bet the msg.asc is not okay or there
is a problem with the MacPorts version of gpg2.


-BEGIN PGP MESSAGE-
Version: GnuPG v1.4.6 (GNU/Linux)

hQEOAz5rX/KHxTB8EAP/QqFwC0/p/6l7mRLvojOA+WjBq74URkaX6W6L4YPrpDvq
L42waXpfAhMmjLe3zw35+7ViLd/nICP8JB8Qjtbdt3iMIST62IMHbA1L9PxO7BHS
jRs+MwbEzddPnh3Gn/sDdiz3kmq810BcXKpFNuGCIyBqTu8zwxjVhs2nvI1tbBoD
/1wjSpCoJkeG76ZD5sbewiRE2H0Ft2P/S7GqTF6BtWmg1bpCHIN4O0uzkfex0jvk

ftWzVVsGPI8qjtfruCzRiRjjNF/a1ErnVWFR/V6fe7bTUNAgouuUJzKWDLdKc56E
IpcZ1wUPl/zKFVdIwhNP9RUf3gfZKBzySs/xWRs=
=yoCf
-END PGP MESSAGE-

...looks quite OK to me :-/

cheers
--
Torsten

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: upgrading from 1.x to 2.x

2008-04-21 Thread Werner Koch
On Mon, 21 Apr 2008 23:55, [EMAIL PROTECTED] said:

> refreshing the keys fails.
>
> $ gpg2 --refresh-keys
> an mpi of size 0 is not allowed
> gpg: keyring_get_keyblock: read error: Invalid packet

Incidently this problem was reported to me yesterday and figured out
that the http key helper tool did not worked at all.  Teh windows socket
layer was not initialized and at another point we did a dup for a socket
which is not going to work.  I don't know why this bug lurked around for
so long.  It might be that gpg2 accidently used the gpg1 key helper
tools (which works) or that we only tested direct hkp server and finger
support.

Fixed in svn.

> And even importing a file that (at least) looks perfectly OK gives me
>
> $ gpg2 --import msg.asc
> gpg: no valid OpenPGP data found.
> gpg: Total number processed: 0
>
> This is GnuPG 2.0.8 on OSX 10.5.2 installed via MacPorts

Well, this is anotehr problem.  I bet the msg.asc is not okay or there
is a problem with the MacPorts version of gpg2.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


upgrading from 1.x to 2.x

2008-04-21 Thread Torsten Curdt
I have just "migrated" from 1.x to 2. (just installed 2.x instead of  
1.x) and while I can still sign files with


$ gpg2 --armor --output test.asc --detach-sig test

refreshing the keys fails.

$ gpg2 --refresh-keys
an mpi of size 0 is not allowed
gpg: keyring_get_keyblock: read error: Invalid packet
gpg: error reading keyblock: Invalid keyring
gpg: keyserver refresh failed: Invalid keyring

And even importing a file that (at least) looks perfectly OK gives me

$ gpg2 --import msg.asc
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

This is GnuPG 2.0.8 on OSX 10.5.2 installed via MacPorts

Any hints?

cheers
--
Torsten

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: GPG 1.4.x v.s 2.x

2007-12-20 Thread Robert J. Hansen
Alan Olsen wrote:
> The place I work needs to upgrade gpg badly.  They know this.  The
> question is do they go with the 1.4.x tree or should they go to the
> 2.x codebase?

Depends on what you want to do with it.  If you're only worried about
OpenPGP (RFC2440 or RFC4880) traffic, then the 1.4 tree is the one to
use; it has the longest history, more eyes have looked at it, and the
user community is larger.



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: GPG 1.4.x v.s 2.x

2007-12-20 Thread Werner Koch
On Tue, 18 Dec 2007 19:51, [EMAIL PROTECTED] said:

> We get files from clients all over the world.  Are there features used in the 
> 2.x versions that 1.4.x cannot handle?

Yes, S/MIME (i.e. CMS/X.509).  However if you are using OpenPGP that
does not effect you.  The OpenPGP code of GnuPG-2 is identically to the
code of GnuPG-1.  The major difference is that gpg2 requires a running
gpg-agent to ask for the passphrase.

If you don't want to change your work environment your best choice is to
go with gnupg 1.4.8


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


GPG 1.4.x v.s 2.x

2007-12-20 Thread Alan Olsen
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

The place I work needs to upgrade gpg badly.  They know this.  The question is 
do they go with the 1.4.x tree or should they go to the 2.x codebase?

Suggestions? Recommendations? 

We get files from clients all over the world.  Are there features used in the 
2.x versions that 1.4.x cannot handle?

Thanks.
-BEGIN PGP SIGNATURE-
Version: 9.5.3 (Build 5003)

wsBVAwUBR2gWw2qdmbpu7ejzAQpaDwf7B8HQHiC+JY4yzfU6nB9RDuGT9LwqQ8FU
0iFCdYTHscqyUyUg92A2kf5CUT1Cv+QRthQELa9AXSJvBoCa43cn19h4bbQfGNC2
SXBJFH9vvSQ1KHcnndimlvaRtoyyUqcjij5VRZvrWPoLi4dlP5qXCE9JM3TO3X3W
F+J2CzTu5BTXEZ3bhkjjIcgevrJNoRdRY9cnpzWHOJcBkpn352OdiO77GEZYXF5d
+kZ1k6JdIkNtOBZPGxYvpnVHLDXa3wxDRV5rg52qUAAKVLH6VmaZt+l4R/3P5t0L
hBwJ95mh92Dv7zQ/ysDsTdpFhVl1yROSBVSCPA4HR8XL5UPzyEEa6g==
=Lbp4
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users