Re: [lists] re: Signing vs. encrypting was: Cipher v public key
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Graham wrote: > On Thu, 01 Jun 2006 11:33:14 -0400 <[EMAIL PROTECTED]> wrote: [...] >> the cost is *astronomical* >> >> have played around with it when it was released as a free command >> line pgp 8.5 beta > [snipped] > > AFAIK this is the latest PGP command line version available - except > for server based systems, which is why the cost is *astronomical*. PGP Commandline 9.0 is what I saw reference to. > When Network Associates sold the rights to PGP to PGP Corporation, > they kept the rights to the command line version, and unless things > have changed this is why PGP Corporation don't offer it. I believe it has. See: http://www.pgp.com/products/commandline/index.html And the cost is astronomical, IMO. The quote from their store: PGP Commandline 9.0, Perpetual License W/ SI - 2 Processors, 1 Key, Send and Receive Functionality $3,170.00 QTY: 1 > But why bother when there is GPG? No argument there. :) - -- ToddOpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp == Even moderation ought not to be practiced to excess. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iG0EARECAC0FAkSDGP8mGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt ei5hc2MACgkQuv+09NZUB1pGjgCfU7XZ19ML5OFqGIPhe/3uDymY8R8AoNgYsjcQ e7JkzALcKZo4FE6Fhh3u =B1TU -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [lists] re: Signing vs. encrypting was: Cipher v public key
On Thu, 01 Jun 2006 11:33:14 -0400 <[EMAIL PROTECTED]> wrote: > > While I prefer gnupg to pgp myself, I did just happen to see a > > reference to pgp command line today > > the cost is *astronomical* > > have played around with it when it was released as a free > command line pgp 8.5 beta [snipped] AFAIK this is the latest PGP command line version available - except for server based systems, which is why the cost is *astronomical*. When Network Associates sold the rights to PGP to PGP Corporation, they kept the rights to the command line version, and unless things have changed this is why PGP Corporation don't offer it. But why bother when there is GPG? -- Graham ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Signing vs. encrypting was: Cipher v public key
On Thu, Jun 01, 2006 at 11:33:14AM -0400, [EMAIL PROTECTED] wrote: > Todd Zullinger tmz at pobox.com wrote on > Thu Jun 1 11:46:48 CEST 2006 : > > > While I prefer gnupg to pgp myself, I did just happen to see a > > reference to pgp command line today > > the cost is *astronomical* > > have played around with it when it was released as a free > command line pgp 8.5 beta > > has a few features unique to pgp, > which may or may not be of interest to the customers: > > - ADK's This may be somewhat emulated with GPG (mandated encrypt-to) > - split-key / shared-key capablilty > (this happens to be nice and useful > any chance for a 'feature request' :-) ? ) I once thought of implementing this over gpg -- but it is notrivial to do it right and really it is a specialized application somewhat requiring a dedicated machine trusted by all the untrusting parties, to operate. A;ex ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
re: Signing vs. encrypting was: Cipher v public key
Todd Zullinger tmz at pobox.com wrote on Thu Jun 1 11:46:48 CEST 2006 : > While I prefer gnupg to pgp myself, I did just happen to see a > reference to pgp command line today the cost is *astronomical* have played around with it when it was released as a free command line pgp 8.5 beta has a few features unique to pgp, which may or may not be of interest to the customers: - ADK's - split-key / shared-key capablilty (this happens to be nice and useful any chance for a 'feature request' :-) ? ) - platform-specific self-decrypting archives, (a windows user can make an sda specifically for a mac or linux user, but not an sda that works on both) (this was added in 9.x) other than that, it is a very unforgiving and difficult command line to use, radically different from 6.5.8 or 2.x it is set up for 'no prompting' so unless all the options are anticipated and entered in the original command, it won't work would absolutely *NOT* recommend it, unless someone _must_ use a CLI with ADK capability vedaal Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Signing vs. encrypting was: Cipher v public key.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Janusz A. Urbanowicz wrote: > gpg integrates better with autimation and I really doubt that there is > current, supported PGP for anything else than windows and mac. While I prefer gnupg to pgp myself, I did just happen to see a reference to pgp command line today. Here are the platforms it supports: * Windows 2003 * Windows XP SP1 * Windows 2000 SP4 * HP-UX 11i or above (PA-RISC only) * IBM AIX 5.2 or above * Red Hat Enterprise Linux 3.0 or above (x86 only) * Solaris 8 or above (SPARC only) * Mac OS X 10.3 or above http://download.pgp.com/products/pdfs/PGP_CL902_DS_050825_F.pdf Not a terribly small list, except when compared to what gnupg will run on. :) - -- ToddOpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp == The man who is a pessimist before forty-eight knows too much; the man who is an optimist after forty-eight knows too little. -- Mark Twain -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iG0EARECAC0FAkR+t4gmGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt ei5hc2MACgkQuv+09NZUB1pPxgCg+sDnINDLpwKXpLkqVpXEEDV4CmcAoOlQxtEo YKcINHqaop0I87a/Iy82 =jdsS -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Signing vs. encrypting was: Cipher v public key.
On Wed, May 31, 2006 at 01:59:37PM +0100, David Gray wrote: > Will suggest to the customer that we use signed & encrypted > transmissions. The only Issue we then have is that they wish to be > custodians of the private key, There is no need for them, from the cryptography point of view. Using public-key crypto they can send you encrypted stuff and you can send them encrypted stuff and the second party can decrypt what they are sent without knowing the sender's secret key - thats what pubkey crypto is for. If they want to be sure that they can decrypt everything, the encrypted data should be encrypted to both recipients' pubkeys (thats perfectly possible using GPG/PGP). > they are Looking into commerical methods for secure key > distribution. direct them to commercial solutions for quantum cryptography :-> > The other issue is the IT manager at the customer site is wary of Gnu > software and is > Going to look at commerical offering, PGP I assume. Apart from the lack > Of cost are there any other good reason I can give for using GPG? gpg integrates better with autimation and I really doubt that there is current, supported PGP for anything else than windows and mac. Alex ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: Signing vs. encrypting was: Cipher v public key.
Hi, Thanks to all who have responded to these questions. Getting my head around it Now. Will suggest to the customer that we use signed & encrypted transmissions. The only Issue we then have is that they wish to be custodians of the private key, they are Looking into commerical methods for secure key distribution. The other issue is the IT manager at the customer site is wary of Gnu software and is Going to look at commerical offering, PGP I assume. Apart from the lack Of cost are there any other good reason I can give for using GPG? Thanks Dave -Original Message- From: Andreas Martin [mailto:[EMAIL PROTECTED] Sent: 31 May 2006 10:31 To: gnupg-users@gnupg.org Subject: Signing vs. encrypting was: Cipher v public key. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Laurent Jumet schrieb: > When sending a message like this one, signed, compressed but not crypted, > is there anything that goes bad, in security terms? > This is to avoid problems with line lenghth and charsets through > internet > In security terms, lots of things can go bad when sending anything through the internet ;-) Encrypting protects against unauthorised reading of the plaintext, but not from manipulating the encrypted data. Signing protects against manipulation of the data, but not against unauthorised reading of the plaintext. (In fact it does not avoid the manipulation itself, but you are able to detect, that the data has been manipulated). Signing and encrypting are two totally different things (not to mention compressing). So if you want "save" transmissions you have to do both, signing and encrypting! Problems with line length and charset shouldn't occur during the transmission of your mails, because Mail Transport Agents don't take care of the mailbody (and the headers are not signed or encrypted). What exactly do you want? Regards Andreas -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iQCVAwUBRH1iX+f8mJnBT5ROAQJkTQP/YxiOftW6mNv2DntzOQp0KxACJmzW00Xu cqLQcaW9AKhGpovrwMIWfz0GoIa8wtPP4EEn6nKWpJ6qZo3ossmcVCuJo76nvIpO BH2Cx/p0w66rrB0tc9Qqx8nLIz9rNQJgRcN9z+PRaHihB75ulkHCQIACWnyeeQB2 9bWwUcB9Xmc= =0cYA -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users <>___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users