Trust of GPG4Win - Part 1

2013-07-26 Thread Henry Hertz Hobbit
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All Disclamimer: I have no connections with the GnuPG effort other than as a thankful end user. I have a much longer Part 2 of this. After my tongue in cheek statment about the article at Technology Review I came up with what they were citing, no

Re: Why trust gpg4win?

2013-07-26 Thread Anthony Papillion
On Jul 26, 2013, at 4:02 PM, "Jan" wrote: Still I wonder whether there are many sources for SHA1 sums of gpg4win, that could be used by a windows user to test the integrity of his download (C't ?). Are the SHA1 sums of gpg4win presented on the download site checked regularly by their aut

Re: Why trust gpg4win?

2013-07-26 Thread Johan Wevers
On 25-07-2013 23:17, atair wrote: > This basically means, that everyone(!) can access, modify and > redistribute the source code of the program (see [2] if you're > interested). There are lots of people (usually volunteers from all > over the wold) who do peer reviews on the sources (and if you st

Re: Why trust gpg4win?

2013-07-26 Thread Jan
Thanks to everyone for their answers. Thanks for pointing out to me, that MS colaborates with secret services. I searched the web and learned that Outlook.com, Skype and Skydrive are not secure: http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data Further, I lear

Re: Answer: Are SHA1 sums on gnupg.org checked regularly?

2013-07-26 Thread Peter Lebbing
On 26/07/13 17:31, Jan wrote: > I'm thinking of someone how uses windows and wants to install gnupg for the > first time. How can he/she rely on OpenPGP? By running a Linux Live CD to do the verification. How does he know the CD is genuine? The thing is, somewhere the trust has to start. It's a bo

Re: Using GPG for reading email in VPS

2013-07-26 Thread Mike Cardwell
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 * on the Fri, Jul 26, 2013 at 11:33:54AM +0200, SK wrote: > I am considering uploading my keyring to a VPS I own to read emails in it > using mutt. So far I used to do this in my local desktop/laptop but "cloud" > VPS provides some flexibility that

Answer: Are SHA1 sums on gnupg.org checked regularly?

2013-07-26 Thread Jan
Thanks for the answers. If an attacker would modify the archive on the gnupg.org server, he would also need to change the independent archives like gmane etc. I pretty sure this will be spotted relatively soon. I did a google search for the subject of your email, in which you announced the n

Re: Why trust gpg4win?

2013-07-26 Thread Julian H. Stacey
"Mark H. Wood" wrote: > On Fri, Jul 26, 2013 at 12:14:08AM +0200, Julian H. Stacey wrote: > > Hi, Reference: > > > From: atair =20 > > > Date: Thu, 25 Jul 2013 21:17:43 +=20 > >=20 > > atair wrote: > > ... > > Therefore, changes that look like > > back doors are VERY unl

Re: Why trust gpg4win?

2013-07-26 Thread Mark H. Wood
On Fri, Jul 26, 2013 at 12:14:08AM +0200, Julian H. Stacey wrote: > Hi, Reference: > > From: atair > > Date: Thu, 25 Jul 2013 21:17:43 + > > atair wrote: > ... > Therefore, changes that look like > back doors are VERY unlikely to find their way in a release, beca

Re: Multiple email addresses - any alternative to ask everyone to sign all my keys?

2013-07-26 Thread Philipp Klaus Krause
Am 25.07.2013 07:49, schrieb Christopher J. Walters: > On 7/24/2013 6:06 PM, Robert J. Hansen wrote: >> (My original reply went just to Philipp. My apologies.) > > No apology necessary. > > I also must apologize, as my original reply got sent to Robert J. > Hansen, when it was intended for the l

Re: --batch --gen-key error with "Key-Type: default"

2013-07-26 Thread Werner Koch
On Fri, 26 Jul 2013 12:12, m...@hethane.se said: > Nevertheless, is there any interest in making gnupg 1.x support the > 'default' algorithm feature? No. In the long run I want to get rid of GnuPG-1. With the loopback pinentry support in GnuPG 2.1 we will be pretty close for a complete replacem

Using GPG for reading email in VPS

2013-07-26 Thread SK
Hi, I am considering uploading my keyring to a VPS I own to read emails in it using mutt. So far I used to do this in my local desktop/laptop but "cloud" VPS provides some flexibility that I like. In such a context does anybody have any opinion on the security of the setup? My worry is that by up

Re: --batch --gen-key error with "Key-Type: default"

2013-07-26 Thread Mikael "MMN-o" Nordfeldth
On 2013-07-25 23:15, Mikael "MMN-o" Nordfeldth wrote: > gpg --homedir="batchtest" --batch --gen-key

Re: GnuPG and Thunderbird

2013-07-26 Thread Heinz Diehl
On 26.07.2013, dyola wrote: > I am confused. I have also downloaded gnupg-2.0.20.tar.bz2, but I cannot > open it. You downloaded the Linux version of gnupg. As far as I know, the "right" site to download gnupg for Windows from is gpg4win.org . ___ Gn

Re: [Announce] [security fix] Libgcrypt 1.5.3 released

2013-07-26 Thread Richard Outerbridge
Werner: No problems. MacBookPro9,1; Mountain Lion OS X 10.8.4 (12E55) Xcode 4.6.3 __outer On 2013-07-25 (206), at 05:53:33, Werner Koch wrote: > Hello! > > I am pleased to announce the availability of Libgcrypt version 1.5.3. > This is a *security fix* release for the stable branch. ___

GnuPG and Thunderbird

2013-07-26 Thread dyola
Hi, I am attempting to install Enigmail and am trying to follow the directions. I downloaded the full linstaller for Windows but then saw in the NotePad READ ME.txt that it was the 2.0 beta version which should not be used. I am confused. I have also downloaded gnupg-2.0.20.tar.bz2, but I cannot o

Re: [Announce] [security fix] GnuPG 1.4.14 released

2013-07-26 Thread Richard Outerbridge
Werner: No problems. MacBookPro9,1; Mountain Lion OS X 10.8.4 (12E55) Xcode 4.6.3 __outer On 2013-07-25 (206), at 06:26:55, Werner Koch wrote: > Hello! > > We are pleased to announce the availability of a new stable GnuPG-1 > release: Version 1.4.14. This is a *security fix* release and all

Re: [Announce] [security fix] GnuPG 1.4.14 released

2013-07-26 Thread Charly Avital
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Werner Koch wrote on 7/25/13 6:26 AM: > Hello! > > We are pleased to announce the availability of a new stable GnuPG-1 > release: Version 1.4.14. This is a *security fix* release and all users > of GnuPG < 2.0 are advised to updated to this ver

Re: Clearsign text document with multiple keys?

2013-07-26 Thread Werner Koch
On Fri, 26 Jul 2013 02:42, adrela...@riseup.net said: > can a plain text document be clear signed by multiple keys at the same > time? (Hold by different people.) Yes. > One can create a plain text file a, clear sign it and get a.asc. Another > one can clear sign a.asc and get a.asc.asc. I thin