Trying to clone gnupg repository on cygwin which I've done many times in
the past, but this is what I'm getting:
$ git clone git://git.gnupg.org/gnupg.git
Cloning into 'gnupg'...
fatal: index-pack failed
I've even tried:
$ git clone git://git.gnupg.org/gnupg.git --depth=1
Cloning into 'gnupg'...
Not sure who that was but I was not responsible
On Jun 11, 2010 4:26 AM, Werner Koch w...@gnupg.org wrote:
Hi!
One of the subscribers to this list created a mail forward to an
automated ticketing system which responds to the the poster. The
owner of the ticketing system at
Although I understand the compression algorithms within gnupg are
specified by the OpenGPG standard, are there any grumblings regarding
the addition of the lzma compression scheme?
--
Kevin Hilton
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
or simply default back to 3DES, or just sit tight? Although I found
the article interesting (not sure if I understood a lot of the blog
comments), is there any practical advice I should take away from it as
it relates to GnuPG?
--
Kevin Hilton
___
Gnupg
Did you alter your path statement and put your USB drive directories
first in the path?
--
Kevin Hilton
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
.
Hopefully others may find these instructions useful:
http://ubuntuforums.org/showthread.php?t=649466
--
Kevin Hilton
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
A little off topic, however I wanted to wish Happy Thanksgiving to all
those users in America, and actually give Thanks to the regular
contributors to this mailing list.
Thanks
--
Kevin Hilton
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http
this parameter after keys are already stored on the keyring?
Will this confuse things?
And lastly what specifically is the purpose of the -for-your-eyes-only
flag? Is this option currently still in use, or only included for
backwards compatibility purposes.
--
Kevin Hilton
Ok so let me ask things in a different way
Is the s2k-cipher-algo used in any other methods other than for
protection of the keyring? Seems odd to me that CAST5 is the default
-- however I'm sure this is specified according the one of the RFCs.
There is no current security implication for using
As others have mentioned there is another pidgin encryption technique:
http://pidgin-encrypt.sourceforge.net/ .
This project also seems to have stalled if I'm looking at the release
dates as an appropriate indication.
The OTR website specifically addresses this plugin with the following:
How is
I'm going to try to steer this back onto a relevant topic
Robert
I love your off the cuff feelings about things. Its when you are at
your best. Question:
What value do signatures serve then however other than to provide data
authentication but not sender authentication? How can you be sure in
was abandoned.
--
Kevin Hilton
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
used, digests used, etc.
--
Kevin Hilton
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
When the session key is randomly generated (asymmetric encryption),
how large is the session key? Is the length set or does it depend on
other parameter such as the length of the DSA/RSA key or hash?
Thanks for clarification.
--
Kevin Hilton
this is the s2k-digest-algo since this is
for key protection.
--
Kevin Hilton
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
hash be produced again? How would a
256 bit hash ever be produced is the SHA1 hash was always used.
Thanks -- I have a feeling I'm getting off in left field here and
missing some understanding of some basic concepts.
--
Kevin Hilton
___
Gnupg-users
Just to throw it out there -- if you need to compile for Windows why
don't you do it for cygwin? I've just recently been able to compile
both gpg and gpg2 using cygwin on WinXP. This saved me the need to
cross compile. Probably not the most elegant solution, however it
does work.
--
Kevin
line flag?
Thanks
--
Kevin Hilton
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Its often been mentioned on this mailing list, that 3DES is
notoriously slow. On the flipside, what cipher is considered the
fastest -- or the most computationally efficient (if this term even
applies)? Are there similar relative results among the GnuPG hashes?
Thanks
--
Kevin Hilton
On Mon, Oct 6, 2008 at 10:17 AM, David Shaw [EMAIL PROTECTED] wrote:
On Oct 6, 2008, at 10:54 AM, Kevin Hilton wrote:
When using gpg with the --symmetric flag (as when symmetrically
encrypting a file with a passphrase), is the passphrase salted and
hashed?
Yes. Unless you change that safe
Ok, I've finally managed to compile the gpg2 package (the stable
package, not svn) with cygwin. Is there a way to add idea support to
gpg2 or is this feature not supported? Thanks
--
Kevin Hilton
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
, hence the reason why
Serpent was never the AES standard.
I'll stop ranting now.
--
Kevin Hilton
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
of cryptography other than
on the surface, I could be mistaken. However on the surface --
mathematics removed -- these decisions seem to be more political than
based on proven concept.
--
Kevin Hilton
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http
signing keys
has been waged many times prior on this mailing list -- Google for it
if you don't believe me -- and to summarize the conclusions of many on
this list -- this is no functional advantage of using one over the
other).
--
Kevin Hilton
not decode. If there
is a null union of the personal-cipher-preferences and the key
preferences, then 3DES is chosen.
--
Kevin Hilton
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
If you never want to see that algorithm used ever, leave it
off the list completely.
Not to beat a dead horse, but this statement isn't exactly true. The
sender can force the use of a particular algorithm that is not on the
list. I take objection to the use of the work never.
--
Kevin
rant was unjustified and
inappropriate. I'm not making any claims or false statements or
presumptions other than those specifically discussed within the
documentation.
--
Kevin Hilton
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http
I think the problem is with the word preferences. The use of this
word in the setpref command and in the
personal-cipher/hash-preferences really doesn't convey what
preferences are preferred over each other. The sender's preferences
always trump the recipient's preferences. The use of
if scenario.
--
Kevin Hilton
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
recognized, I only see this list expanding, not shrinking!
--
Kevin Hilton
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
with 256-bit key [TWOFISH]
100 to 110 - Private/Experimental algorithm
3. Is it possible to decrypt a gnupg encrypted message if I know the
decrypted session key? How could this be accomplished?
--
Kevin Hilton
___
Gnupg-users mailing list
Gnupg
On Wed, Sep 17, 2008 at 9:41 AM, Werner Koch [EMAIL PROTECTED] wrote:
On Wed, 17 Sep 2008 15:52, [EMAIL PROTECTED] said:
1. How is the session key generated? How is its entropy randomness
determined? Is there a specific algorithm used to generate the key?
It is a random number of course:
for ?? historical reasons of compatibility ?? with pgp 5+
the default cipher that will be used for encryption, and also for
protection of the secret key, is CAST-5, not 3DES
Nope, 3DES is the only MUST cipher algorithm and thus used as the
last-resort if the preference system can't decide upon
it. Thanks everyone for the clarification.
--
Kevin Hilton
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
:345DFG session_key_test_original
--override-session-key is for decyrption only.
Shalom-Salam,
Werner
--
I take it there is not encryption equivalent -- making it in one
session using gpg with the symmetric option.
--
Kevin Hilton
___
Gnupg
are controlled by the:
--default-preference-list string
Set the list of default preferences to string. This preference
list is used for new keys and becomes the default for setpref in the
edit menu.
Hopefully that is clear.
--
Kevin Hilton
___
Gnupg-users
been compromised:
http://silverstr.ufies.org/blog/archives/000415.html
As a side note, are there any other possible algorithms that may be
used to generate a signing key other than DSA/RSA/ElGamal.
Thanks.
--
Kevin Hilton
___
Gnupg-users mailing list
people into a discussion of which is better than
that). I'm just curious why these were chosen as defaults.
--
Kevin Hilton
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On Tue, Sep 16, 2008 at 11:50 PM, Robert J. Hansen [EMAIL PROTECTED] wrote:
Kevin Hilton wrote:
I'm sure its probably contained in one of the RFC's, however when was
DSA signing keys and ElGamal Encryption keys, along with the AES-256
cipher and SHA1 digest chosen as the defaults for key
`do_bin2hex':
/home/klal/temp/gnupg/gpg2/common/convert.c:120: undefined reference to
`_gcry_m
alloc'
Is there something I can do to help with the debugging of this error?
Thanks for any suggestions.
--
Kevin Hilton
___
Gnupg-users mailing list
Gnupg-users
(S9), TWOFISH (S10), CAMELLIA128 (S11), CAMELLIA192 (S12),
CAMELLIA256 (S13)
Hash: MD5 (H1), SHA1 (H2), RIPEMD160 (H3), SHA256 (H8), SHA384 (H9),
SHA512 (H10), SHA224 (H11)
Compression: Uncompressed (Z0), ZIP (Z1), ZLIB (Z2), BZIP2 (Z3)
--
Kevin Hilton
$ svn info configure.ac
Path: configure.ac
Name: configure.ac
URL: svn://cvs.gnupg.org/gnupg/branches/STABLE-BRANCH-1-4/configure.a
Repository Root: svn://cvs.gnupg.org/gnupg
Repository UUID: 8a63c251-dffc-0310-8ec6-d64dca2275b1
Revision: 4765
Node Kind: file
Schedule: normal
Last Changed Author:
Did You Manually change the version number within configure.ac?
I had no idea that you had to change the version number within the
configure.ac file. I was hoping to avoid any manual changes but see
that it may be needed.
Did you make clean or make distclean first?
Yes a make distclean -- it
ahead and install version 0.17 from
source as gettext 0.16 or later is required with the gpg2 source
installation. I'm still getting errors however. Does anyone have any
suggestions how to get around these errors? It always involves the
gettext package.
--
Kevin Hilton
]: Leaving directory `/home/klal/temp/gnupg/svn_gnupg_trunk'
make: *** [all] Error 2
--
Kevin Hilton
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Just updated to svn version gpg2 4739
Still have same problems trying to compile gpg2 under cygwin with the
gettext error:
gcc -I/usr/local/include -I/usr/local/include -g -O2 -Wall -Wcast-align -Wshado
w -Wstrict-prototypes -Wformat -Wno-format-y2k -Wformat-security -Wpointer-arith
-o
But will it compile using in Vista using cygwin?
--
Kevin Hilton
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
to __imp__rl_readline_name (auto-im
port)
--
Kevin Hilton
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Hmm, thanks for the suggestion. I believe gnupg2 requires gettext
0.17 or greater -- cygwin ships with 0.16, with no higher version
available in its mirrors. I downloaded the 0.17 sources from here:
ftp://mirrors.kernel.org/gnu/gettext/, compiled and installed. I'm
kind of stuck at this point.
Maybe this isnt for me. I did manage to get gettext compiled from
cvs. Its now 0.18-pre1. However I think Im getting stuck at the same
point:
gcc -I/usr/local/include -I/usr/local/include -I/usr/local/include -g -O2 -Wall
-Wcast-align -Wshadow -Wstrict-prototypes -Wformat -Wno-format-y2k
Clarification,
my libraries are in /usr/local/lib
Also this link statement seems strange to me. Possibly this is correct?:
-lreadline /usr/local/lib/libintl.dll.a
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
Has anyone written a patch that would allow whirlpool as an available
hash algorithm for use with gnupg?
--
Kevin Hilton
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Let us know when you are done with the patch. I'd be interested in
trying it out -- that would make one person who could verify your
signature!
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Just to clarify
I wasn't compiling version 1.48 against rev 4702. The flag in the
configure.ac was not updated to reflect the newer version, so it
appeared it was version 1.48 when in fact it was 1.49 as has been
graciously pointed out to me.
Thanks for your help.
Whats wrong with my version -- I'm getting 1.48
$ gpg --version
gpg (GnuPG) 1.4.8-svn4702
Copyright (C) 2007 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO
Oops, David I see what you meant about updating the flag after the
last release -- just updated to the newest svn release and all is
well. Thanks
$ gpg --version
gpg (GnuPG) 1.4.9rc1-svn4705
NOTE: THIS IS A DEVELOPMENT VERSION!
___
Gnupg-users mailing
Was wondering if it would be possible to show the actual gpg version
with the gpg --version flag when using gpg svn version. It would be
nice to show the revision number. thanks
--
Kevin Hilton
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http
No. Preferences, including the digest preferences, are not relevant
here at all. This is a signature *you* are making. The digest
preferences are consulted when someone *else* is making a signature,
and wants to know if you can handle it. It has nothing to do with
what your key needs because
On Feb 10, 2008 10:53 PM, Kevin Hilton [EMAIL PROTECTED] wrote:
You could use SHA-512 with
it if you liked, but the hash would be truncated to 256 bits.
Interesting. Are the higher or lower bits truncated?
We follow the advice in FIPS 180-3:
L = 1024, N = 160
L = 2048, N
Are DSA2 signing keys (or simply DSA keys that are larger than 1024
bits) backwards compatible with older GnuPG versions prior to 1.48?
--
Kevin Hilton
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg
Just to clarify for some other users,
What version of GnuPG were the DSA2 keys (or longer DSA signing keys)
and the additional SHA hashes introduced?
A little of topic, but I'm predicting a future foreseeable bump in the
road when the Secure Hash Standard is named in 2011 (or whenever the
recent
explanation!
--
Kevin Hilton
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
It doesn't work that way. SHA-1 doesn't even work with DSA2 keys.
DSA2 doesn't mean a bigger DSA key. It means a bigger hash with a
bigger DSA key. DSA2 allows for any hash size that is equal to or
greater than the hash size that was used when generating the key.
Thus, for example, it is legal
Sign = sign some data
Certify = sign a key
Authenticate = prove you are you
Authenticate is used for things like using an OpenPGP key for ssh.
I forgot about the certifying of keys, sorry about that.
I knew openssh utilized rsa or dsa keys, but didn't know that the same
gpg keys could be used
You could use SHA-512 with
it if you liked, but the hash would be truncated to 256 bits.
Interesting. Are the higher or lower bits truncated?
We follow the advice in FIPS 180-3:
L = 1024, N = 160
L = 2048, N = 224
L = 3072, N = 256
Ok. So back to the ever asking defaults
Twofish is almost entirely abandoned nowadays, but it still exists in
PGP and GnuPG. Once a bad decision is made in engineering, the
engineers are stuck supporting it forever.
Is this statement really true or just opinion? Bruce Schneier is one
of my favorite cryptoanalysts.
Just wonder if GnuPG, similar to PGP, would implement decrypting files
to RAM rather than swap, or to allow user to pick location.
--
Kevin Hilton
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
apologize to the community.
--
Kevin Hilton
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Im aware of the personal cipher preferences and personal hash
preferences, but when talking about the defaults I specifically asking
if gpg were installed from source -- no modifications made -- and gpg
keys were created - what default cipher and hash would be listed first
in the list with the
As of 1.4.8 and 2.0.8, and subject to change in future versions:
Cipher: AES256, AES192, AES, CAST5, 3DES
Hash: SHA1, SHA256, RIPEMD160
Compression: ZLIB, BZIP2, ZIP, None
You are absolutely correct about these settings. Perhaps this should
be included in documentation (and changed
Is the data compression algorithm applied to the text prior to being
converted to ciphertext, or is the ciphertext compressed, or is it the
combination of the ciphertext and encrypted session key that is compressed?
I can't seem to find any documentation discussing this.
--
Kevin Hilton
On Feb 4, 2008 1:17 AM, Kevin Hilton [EMAIL PROTECTED] wrote:
Although not supported on all systems (and not included on ubuntu by
default if you can believe it), does bzip2 offers the highest compression?
I know that --personal-compress-preferences may be included in the
gpg.conf file
Hope I don't get in trouble for posting this, however the idea module
can be found here:
wget ftp://ftp.gnupg.dk/pub/contrib-dk/idea.c.gz
--
Kevin Hilton
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg
I dont have any feelings or objections about any of the ciphers or
hashes included or excluded (ok maybe serpent should be included),
however I can imagine that deleting old ciphers and hashes would cause
a problem with backwards compatibility. Why md5 and cast5 are still
included is beyond me,
From what you are saying about cipher/hashes, it sounds as an end user
of gnupg, it would be best to regularly rotate my personal cipher/hash
preferences.
And lastly, not to be a conspiracy theorist, but how certain can I be
that the NSA (who probably employs the single largest collection of
Unless you know exactly what you're doing and why, use the defaults.
That is all the advice you will get from me.
Hmm, not the answer I was quite expecting.
Thanks again for all your time. You have greatly enlightened me and
reinforced my love for gnupg.
Just a few follow-up points
Quote:
My advice has been the same for years: unless you know precisely what
you're doing and why, stick with the defaults. GnuPG's defaults are
excellent. They make good sense. They interoperate well. Don't mess
with them unless you know precisely what you're
I can see NIST is calling for entries for a competition to discover a
new hash function:
http://csrc.nist.gov/groups/ST/hash/sha-3/index.html
I was hoping they would name the winner of this contest the ASS
(American Signing Standard), but see the winner will be referred to as
the SHA-3 (Secure
believe
the TIGER has was equal to s5. What happened to that hash choice?
Thanks for your help
--
Kevin Hilton
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Sorry about my post
Whatever happened to the tiger hash??
Lastly, do you know the reason that the serpent cipher algorithm never
made it into gpg. From the NSA competition, I thought the serpent
algorithm came in second --- again Im not sure of the criteria that
was used to judge strength --
Sorry the last post was cut off
Sorry about my post
I can see you seem to know a lot about gpg -- thanks.
Whatever happened to the tiger hash??
Lastly, do you know the reason that the serpent cipher algorithm never
made it into gpg. From the NSA competition, I thought the serpent
algorithm
81 matches
Mail list logo