Can GnuPG import X.509 certificate/pubkey ? Thanks Mike Zhou
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, October 18, 2005 2:55 AM To: gnupg-users@gnupg.org Subject: Gnupg-users Digest, Vol 25, Issue 16 Send Gnupg-users mailing list submissions to gnupg-users@gnupg.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.gnupg.org/mailman/listinfo/gnupg-users or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than "Re: Contents of Gnupg-users digest..." Today's Topics: 1. Re: Bogus Key on Keyservers (Nicholas Cole) 2. Re: Bogus Key on Keyservers (Tad Marko) 3. Re: Bogus Key on Keyservers (John W. Moore III) 4. new (2005-10-16) keyanalyze results (+sigcheck) (Jason Harris) 5. gpg not running in shell script. Need Help (Kanakadandila, Sivaramakrishna (GE Consumer & Industrial)) 6. Make GnuPG create files with .pgp extension (Ismael Valladolid Torres) 7. Modifying an uid, can it be done? (Ismael Valladolid Torres) 8. Re: Modifying an uid, can it be done? (Erwan David) 9. Emacs interface to gpg (Patrik Jonsson) 10. Encrypt from memory to disc? (Steve Leibel) ---------------------------------------------------------------------- Message: 1 Date: Sun, 16 Oct 2005 18:09:27 +0100 (BST) From: Nicholas Cole <[EMAIL PROTECTED]> Subject: Re: Bogus Key on Keyservers To: gnupg-users@gnupg.org Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=iso-8859-1 --- Tad Marko <[EMAIL PROTECTED]> wrote: > > You can't. That's like asking how you can stop > other people from > > printing out badges that say "I am Tad Marko" and > pinning them to their > > shirts. > > I'm not asking for that. I want them to not say that > a given key goes > to [EMAIL PROTECTED] > > > Besides, if you could do that, what would stop > someone else from > > deleting YOUR key off of the keyserver or flagging > THEIR key as the real > > Tad Marko? > > An email verification step? The problem is, that IF the email infrastructure was secure enough to be trusted, there would be no need for pgp/gpg/smime at all. An email verification step is not, and cannot be, 100% secure. Of course, in many cases, email is not re-routed, server admins can be trusted, email systems are not broken in to - to the extent that email without additional security is largely trusted as "good enough". But, in fact, if someone is willing to forge a key with your name on, it is probably one of those times that email may well not be "good enough". Hence the need to rely on key fingerprints, not on the email system. Best, Nicholas ___________________________________________________________ To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com ------------------------------ Message: 2 Date: Sun, 16 Oct 2005 15:25:50 -0500 From: Tad Marko <[EMAIL PROTECTED]> Subject: Re: Bogus Key on Keyservers To: gnupg-users@gnupg.org Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=us-ascii On Sun, Oct 16, 2005 at 06:09:27PM +0100, Nicholas Cole wrote: > > --- Tad Marko <[EMAIL PROTECTED]> wrote: > > An email verification step? > > > The problem is, that IF the email infrastructure was > secure enough to be trusted, there would be no need > for pgp/gpg/smime at all. An email verification step > is not, and cannot be, 100% secure. > > Of course, in many cases, email is not re-routed, > server admins can be trusted, email systems are not > broken in to - to the extent that email without > additional security is largely trusted as "good > enough". > > But, in fact, if someone is willing to forge a key > with your name on, it is probably one of those times > that email may well not be "good enough". Hence the > need to rely on key fingerprints, not on the email > system. > > Best, > > Nicholas Right, which is the reason for the continued need to let people know your key signature via a trusted means. But, if someone was wanting to hassle you by creating scads of bogus keys on keyservers, it still makes it that much more difficult for people to obtain the correct key. If someone were more sophisticated, as you suggest, it seems that it is even more imperative for someone to be able to get the bogus keys out of view. Tad ------------------------------ Message: 3 Date: Sun, 16 Oct 2005 16:37:09 -0400 From: "John W. Moore III" <[EMAIL PROTECTED]> Subject: Re: Bogus Key on Keyservers To: Tad Marko <[EMAIL PROTECTED]> Cc: GnuPG Users List <gnupg-users@gnupg.org> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Tad Marko wrote: > Right, which is the reason for the continued need to let people know > your key signature via a trusted means. But, if someone was wanting to > hassle you by creating scads of bogus keys on keyservers, it still > makes it that much more difficult for people to obtain the correct > key. > > If someone were more sophisticated, as you suggest, it seems that it > is even more imperative for someone to be able to get the bogus keys > out of view. Why not just list your Key on Big Lumber and direct folks there to retrieve your Key? You can place the link to "your" Key in a Comment Line and then they will only be directed to your "official" Key. This way, only You can make alterations to your Key. JOHN :) Timestamp: Sunday 16 Oct 2005, 04:36 PM --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: http://www.gswot.org Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQEcBAEBCAAGBQJDUrnyAAoJEBCGy9eAtCsPHhUH/2OuqveAO+c3mAtyOE/tE6Mt DJVhozjAmX7AvbIAk3WnyLXoRDzoCZM+ixllFkumgtVGYLTLRNt9OlGyXhNNYqZr Nvj8So4qresXlxMsAafyhaz8wFTRWvNNDeH0IBw6sWwVIxqJv5A0q7ZafLMKXBoZ vysRUN2DJqBGGkqFATMuE4v6IbjYTQI+3Nv0IE51awWR8LvimosWBOuhvRZaRJf/ Q4Cmva5AFEcZX0otSGHo3DLwG7Z8l84U21+q74XqgGd7UKgDepunpa3gRVGQYmk0 uZFhSyUQsgxCmH/dpnWickJsYMcgvXoINqvMgbclPVi+6KCp4W1GqI3OQIRksZY= =fbXd -----END PGP SIGNATURE----- ------------------------------ Message: 4 Date: Sun, 16 Oct 2005 18:54:33 -0400 From: Jason Harris <[EMAIL PROTECTED]> Subject: new (2005-10-16) keyanalyze results (+sigcheck) To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], gnupg-users@gnupg.org, [EMAIL PROTECTED] Cc: Jason Harris <[EMAIL PROTECTED]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="us-ascii" New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2005-10-16/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the "permanent" files: 0c24fc1a8f0460a684adead03c4a7d75f6ab05d6 12961044 preprocess.keys a81756c80b2e8e1ca4707cae5ec1cb110e766a6a 7879988 othersets.txt 471a94cc551df864f336f07f7f9302b11bf47480 3209328 msd-sorted.txt a751f9d5477744a4f5e5ce6ebad6a60908e317ee 1372 index.html dd753055135324a3a3e3a044f90cd5086a161855 2291 keyring_stats 04c604743a47b6df1a86993007d73e4bc65aa25c 1261656 msd-sorted.txt.bz2 3af077d39605ed6104ca445d9f4e4dcf8ba68662 26 other.txt e427f66b822bda6ef2ee0e096bbd965a14901726 1703033 othersets.txt.bz2 9f3af8a41d66cd99749fd5791dab4336af6e255e 5242735 preprocess.keys.bz2 e08590542b279056a050a76e2a1db66b14e6f9ee 13357 status.txt 6c554b4ed39106b25fe6e88defff550ed1db7e08 210178 top1000table.html d52e1c405cb167e970f4475a4b9b9a9babd5b0ef 30228 top1000table.html.gz a54f6dd2ea497b7a0b5bad758c1e0a8a1d762e76 10778 top50table.html 40b84290946d44d87126d31075da13027fe72b80 2534 D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 313 bytes Desc: not available Url : /pipermail/attachments/20051016/992cb840/attachment-0001.pgp ------------------------------ Message: 5 Date: Mon, 17 Oct 2005 10:34:13 +0530 From: "Kanakadandila, Sivaramakrishna \(GE Consumer & Industrial\)" <[EMAIL PROTECTED]> Subject: gpg not running in shell script. Need Help To: <gnupg-users@gnupg.org> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" Hi I need help in running gpg command through shell script in Informatica. This is what I tried I have a shell script which will decrypt the file. It is running fine when I ran the same script from $ prompt in Unix. The same is not running when I ran through Informatica as a command. I also initialized the PATH session in the script. But nothing is working. Am I missing any thing? Appreciate any help. Siva Shell Script content #!/bin/ksh . /home/apinf/.profile PATH=$PATH:/pwrctr/siva/ ; export PATH DIR=/pwrctr/siva/ cd $DIR echo "Decrypt Started" echo "Password" | gpg -v --passphrase-fd 0 /pwrctr/siva/GEINDSYS.cyc.pgp echo "Decrypt Successful" ------------------------------ Message: 6 Date: Mon, 17 Oct 2005 15:47:11 +0200 From: Ismael Valladolid Torres <[EMAIL PROTECTED]> Subject: Make GnuPG create files with .pgp extension To: gnupg-users@gnupg.org Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=us-ascii Most often, recipients of my encrypted files are users of legacy PGP versions. So I use to rename my .gpg files to .pgp so they can access them directly with their PGP shell extensions. Is there any way to make GnuPG to create files directly with the .pgp extension without specifying the complete expected file name using the -o option? Cordially, Ismael -- http://lamediahostia.blogspot.com/ ------------------------------ Message: 7 Date: Mon, 17 Oct 2005 16:27:42 +0200 From: Ismael Valladolid Torres <[EMAIL PROTECTED]> Subject: Modifying an uid, can it be done? To: gnupg-users@gnupg.org Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=us-ascii I edit my own public key: $ gpg --edit-key ismael gpg (GnuPG) 1.4.1; Copyright (C) 2005 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Secret key is available. pub 1024D/DE721AF4 created: 2005-06-20 expires: never usage: CS trust: ultimate validity: ultimate sub 2048g/689908B7 created: 2005-06-20 expires: never usage: E [ultimate] (1). Ismael Valladolid <[EMAIL PROTECTED]> I'd like to edit my uid, adding my second surname and setting the company I work for as a comment. However I don't know how to modify an existing uid. Can it be done? If so, how? If not posible, why not? Of course I can add new uids using the adduid command: [ultimate] (1) Ismael Valladolid <[EMAIL PROTECTED]> [ unknown] (2) Ismael Valladolid Torres (Oberthur Card Systems) <[EMAIL PROTECTED]> [ unknown] (3). Ismael Valladolid Torres <[EMAIL PROTECTED]> Looks like it would be enough deleting uid 1 and setting uid 2 and primary, then it would "look like" I had edited the first uid. However in that case I lose the "ultimate" tag to the left of the primary key. What does this tag mean here? Which way to have this tag for the new uids created? Cordially, Ismael -- http://lamediahostia.blogspot.com/ ------------------------------ Message: 8 Date: Mon, 17 Oct 2005 20:09:25 +0200 From: Erwan David <[EMAIL PROTECTED]> Subject: Re: Modifying an uid, can it be done? To: gnupg-users@gnupg.org Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=us-ascii Le Mon 17/10/2005, Ismael Valladolid Torres disait > Looks like it would be enough deleting uid 1 and setting uid 2 and > primary, then it would "look like" I had edited the first uid. However > in that case I lose the "ultimate" tag to the left of the primary key. > What does this tag mean here? Which way to have this tag for the new > uids created? You cannot modify uids (they are signed, if you change them, you break them). However you can add the new uid, revoke the old one and change the "default" uid with gpg --edit-key -- Erwan ------------------------------ Message: 9 Date: Mon, 17 Oct 2005 14:11:36 -0700 From: Patrik Jonsson <[EMAIL PROTECTED]> Subject: Emacs interface to gpg To: gnupg-users@gnupg.org Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, I just started using gpg and was looking around for an emacs mode to encrypt/decrypt files during load and save. There are a few vague references to crypt++, but they are all stale web sites and messages from years ago. I finally managed to locate something that looked like the crypt++ web site, which had a notice that development on crypt++ had ceased and that instead crypt.el from xemacs should be used. However, I downloaded the current version of xemacs and found no crypt.el. Can anyone tell me what's going on with this? It seems like such an OBVIOUS thing that I'm really surprised, given that people have written emacs modes for every conceivable and inconceivable need, it's so hard to find information. Thanks, /Patrik Jonsson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDVBOIT+KvsdUW5p8RAgE6AJ0QaJlAjpwP1tw354zVPiCUaz+zhgCgg8f0 n7b+7xz9edesbIK6z/90KU4= =0fQV -----END PGP SIGNATURE----- ------------------------------ Message: 10 Date: Mon, 17 Oct 2005 21:55:57 -0700 From: Steve Leibel <[EMAIL PROTECTED]> Subject: Encrypt from memory to disc? To: gnupg-users@gnupg.org Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="us-ascii" ; format="flowed" I have an application where I have data in memory that needs to be encrypted without ever being written to disc, even temporarily. Using PGP I can run "pgp -feat" and then pipe the data to the pgp process. That works very well. I have to do the same thing for GPG, but I can't figure out how to send data to GPG directly from memory. Any suggestions greatly appreciated. ------------------------------ _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users End of Gnupg-users Digest, Vol 25, Issue 16 ******************************************* _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users