Re: removing revoked or expired signatures
On Wed, 10 Aug 2005 11:48:06 +1000, Raymond said: > Is it possible to remove a revocation certificate? No. Once issued they should not be removed. Shalom-Salam, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg befehle
On Tue, 09 Aug 2005 20:46:29 +0200, Holger Schüttel said: > hallo bin auf diesem sektor noch absolut blank aber irgendwie funzt > das eingeben der befehle nicht habe gnu1.4.2 und ich muß doch eingeben Bitte hier englisch schreiben oder aber die Liste [EMAIL PROTECTED] benutzen. Please write in English here or direct your question to [EMAIL PROTECTED] Salam-Shalom, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: removing revoked or expired signatures
Raymond wrote: >Is it possible to remove a revocation certificate? Technically, yes. But no implementation I know of allows this because it would make someone vulnerable for attack is someone gained access to your machine. However, when a legitimate reason exists (accidentally revoked a key, revocation not yet sent to keyserver and no backup present) it can be done. -- ir. J.C.A. Wevers // Physics and science fiction site: [EMAIL PROTECTED] // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: removing revoked or expired signatures
On Wednesday, August 10, 2005, 9:45:07 AM, Johan wrote: >>Is it possible to remove a revocation certificate? > > Technically, yes. But no implementation I know of allows this Originally, this thread was about signature revocations (not key revocations) and they definitely can be removed with gpg (with "delsig" during "--edit-key"). Regards, Mark Kirchner -- _ Key (0x172C073C): http://www.mark-kirchner.de/keys/key-mk.asc pgpgdAABhrf2g.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Forgot the key passowrd
IIRC 200/s on a 2.8GHz P4 I discussed improving nasty with an unnamed gpg-expert and he thought it should be feasable to do at least a million per second. But as nasty is a proof of concept I can't get myself motivated to improve it. On Wed, Aug 10, 2005 at 10:57:50AM +0930, Roscoe wrote: > Curious, anyone know how many passwords/second that gets? > > On 8/10/05, Folkert van Heusden <[EMAIL PROTECTED]> wrote: > > If it is not too long (too many characters), try 'nasty': > > http://www.vanheusden.com/nasty/ > > > > On Tue, Aug 09, 2005 at 10:10:20PM +0530, Thutika, Srinivas (ODC - Satyam) > > wrote: > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users Folkert van Heusden -- Auto te koop, zie: http://www.vanheusden.com/daihatsu.php Get your PGP/GPG key signed at www.biglumber.com! Phone: +31-6-41278122, PGP-key: 1F28D8AE ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Arguments for inline PGP
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Michael Daigle wrote: > It's unfortunate, but it's prevalent - and that's why inlined PGP is a > good thing. We can still retain message authentication despite the > goof-ball between us and the recipient. Quite often, the goof-ball *is* the recipient. At that point, *Draw circle on desk* *Bang head here* - -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 |X Against HTML email & vCards http://tinyurl.com/cc9up| / \ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC+cMS/RxM5Ph0xhMRAynkAJsH+CY87CSUMITi+rHEF7Q7TfFCegCgqflD Q8SsuFb8wzXh/MePjO5Ns1w= =PL6+ -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Arguments for inline PGP
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Chris De Young wrote: > Maybe there are a few who wonder enough what it is you're sending them > to go figure it out; if so, that's a win, but I doubt it happens very > often. :) > Don't underestimate it. I saw "Using Enigmail with Thunderbird" and went "Ooh! I have Thunderbird! I have a potentially compatible system!" and then read and installed stuff and discovered how OpenPGP works. So yes, it does happen. You are speaking to the converted :) - -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 |X Against HTML email & vCards http://tinyurl.com/cc9up| / \ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC+cKc/RxM5Ph0xhMRA45nAKCogJsDOIY2433CwGs2JBggQ8yf4wCeLAdT kgPnteKxPFWags2VwJowWLE= =uaUB -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Forgot the key passowrd
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Folkert van Heusden wrote: > IIRC 200/s on a 2.8GHz P4 > I discussed improving nasty with an unnamed gpg-expert and he thought it > should be feasable to do at least a million per second. But as nasty is > a proof of concept I can't get myself motivated to improve it. > The password hashing is supposed to make it *difficult* to crack passphrases, because of the computational cost! Don't find a fast way to break them and force us all to use 200 character passphrases! - -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 |X Against HTML email & vCards http://tinyurl.com/cc9up| / \ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC+cjW/RxM5Ph0xhMRA/kBAJ44GZ2ItWPGJTry1in5Aa5mWUZNYACghLbt DokaN4ak6NkRgp9wNbYeddw= =Bbk6 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Forgot the key passowrd
> > IIRC 200/s on a 2.8GHz P4 > > I discussed improving nasty with an unnamed gpg-expert and he thought it > > should be feasable to do at least a million per second. But as nasty is > > a proof of concept I can't get myself motivated to improve it. > The password hashing is supposed to make it *difficult* to crack > passphrases, because of the computational cost! > Don't find a fast way to break them and force us all to use 200 > character passphrases! Apart from the fact that this is (more or less) security by obscurity even if my program would be a million times faster, 7 characters still would take a day. Folkert van Heusden -- Auto te koop, zie: http://www.vanheusden.com/daihatsu.php Get your PGP/GPG key signed at www.biglumber.com! Phone: +31-6-41278122, PGP-key: 1F28D8AE ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Forgot the key passowrd
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Folkert van Heusden wrote: >>>IIRC 200/s on a 2.8GHz P4 >>>I discussed improving nasty with an unnamed gpg-expert and he thought it >>>should be feasable to do at least a million per second. But as nasty is >>>a proof of concept I can't get myself motivated to improve it. >> >>The password hashing is supposed to make it *difficult* to crack >>passphrases, because of the computational cost! >>Don't find a fast way to break them and force us all to use 200 >>character passphrases! > > > Apart from the fact that this is (more or less) security by obscurity > even if my program would be a million times faster, 7 characters still > would take a day. > How long will 8 characters (standard unix password length) take to break at present? - -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 |X Against HTML email & vCards http://tinyurl.com/cc9up| / \ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC+dSe/RxM5Ph0xhMRA8UbAJ9Mc/S+V9FSn+aVfdbU2TRaGB9OYQCeM8WU dMACe2kEZ484i00ziCHoAvI= =gxGm -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
[outlgpg] Outlook 2003 problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Before I installed the June 16th version I was running an older version of the GPGExch.dll (Oct. 19, 2004) (labeled as 1.1.0.0) that had a GDGPG.dll (1.3.0.0) file as well. Outlook's Add-in Manager doesn't seem to know how to UNINSTALL an add-in. You can disable it, but that doesn't get rid of the entry. :-( I waded through the registry with regedt32 getting rid of things with GPG or g10 in them. I then copied the libgpgmedlgs.dll to the system directory and ran the regsvr32 command as per the README. Any attempt to sign a message crashes Outlook. [Outlook 2003, SP1] [This is on Windows XP Pro, SP2. GPG 1.4.1] The error report that wants to go to Microsoft says: Error signature AppName: outlook.exe AppVer: 11.0.6353.0 AppStamp: 408f2937 ModName: libgpgmedlgs.dll ModVer: 0.5.3.0 ModStamp: 42b1e2da fDebug: 0 )ffset: 4367 It also appears that the preferences set on the GnuPG tab are not saved. I set the 'Sign new messages by default', unset the 'Also encrypt message with the default key' and change the logfile and if I stop Outlook and restart these are gone. Can anyone help? Richard. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFC+hYE8u8rlAV8K24RAhOQAKCL0edN8tHeejf6GkkMVRWog9VGngCgq9n7 bhFgpxrLwuwAZJWghRwufv0= =k9FB -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg befehle
Werner Koch wrote: Please write in English here... It is unnecessarily rude to demand that a particular language is used on any 'net list. One writing in a language not understood by the majority of those present will simply get fewer useful responses: a perfectly adequate self-regulating mechanism! cdr ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Arguments for inline PGP
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 In reply to Chris De Young's message sent 2005-08-09 17:24: >> I primarily use inlined PGP because I'm tired of having my S/MIME >> signed mail bounced back to me as undeliverable because "pkcs7 >> signature is listed as a dangerous attachment on this server". >> What's so dangerous about a S/MIME signature?! Apparently, it's the >> same danger that's present in a PGP/MIME message - mail server >> admin stupidity. >> >> It's unfortunate, but it's prevalent - and that's why inlined PGP >> is a good thing. We can still retain message authentication despite >> the goof-ball between us and the recipient. > > > Why not just encrypt the mail, thus hiding the signature part from > the goofball? > > As far as the problem with Outlook, don't use it, and if you have to > send mail to Outlook users who complain, there's probably no point in > signing it in the first place -- they don't care and won't ever > check it. > > Maybe there are a few who wonder enough what it is you're sending > them to go figure it out; if so, that's a win, but I doubt it happens > very often. :) I don't think your reply was to be directed to me. I don't use Outlook (I use Thunderbird). Why not just encrypt the mail? Of course that's the obvious solution, and the preferred way to send mail (encrypted!!!). The problem is that you don't possess the company's (or the particular staff members') public key. And well, if your S/MIME signed message is being rejected, it's a strong indication they don't use any form of secure MIME messaging at the company, so encryption is not an option. If you send a PGP clear-signed message, you can at least provide yourself with message authentication (ie, if they can't quote a verifiable message, they can't prove that's what you said). - -- Mike Daigle http://www.mikedaigle.ca My PGP Key mailto:[EMAIL PROTECTED] Gossamer Spider Web of Trust http://www.gswot.org Get Your Own Subdomain! http://www.gswot.org/yourname -BEGIN PGP SIGNATURE- Comment: GSWoT - Gossamer Spider Web of Trust - www.gswot.org iD8DBQFC+ho2NuccKlqTLlMRA1jPAKCQFxcULcIOcf20mEEsBjWEjqcH6QCgjtBw ufEhrNdV4f+deJTPk8xfyS8= =VbFp -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg befehle
Not when there are specific mailing lists to answer questions asked in these: http://www.gnupg.org/(en)/documentation/mailing-lists.html I really woudn't want a lof of Portuguese, Spanish, Russian or German worded questions to be asked in this mailing list. --- cdr <[EMAIL PROTECTED]> wrote: > Werner Koch wrote: > > > Please write in English here... > > It is unnecessarily rude to demand that a particular > language is > used on any 'net list. One writing in a language not > understood > by the majority of those present will simply get > fewer useful > responses: a perfectly adequate self-regulating > mechanism! > > cdr > > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [outlgpg] Outlook 2003 problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Some more information. If I send a signed message to outlook and try to verify it, I get an error dialog: GPG Verify Invalid crypto engine My WinPT installation verifies the signature without a problem (from the clipboard). Richard. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFC+iJP8u8rlAV8K24RAmanAKCxjft0i8AOV8RxcdhTxUOntvfnFACfUh2/ eIkeMCOLGhu9EW/GpO/rqPQ= =Vp0Z -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg befehle
On Wed, 2005-08-10 at 15:10 +, cdr wrote: > Werner Koch wrote: > > > Please write in English here... > > It is unnecessarily rude to demand that a particular language is > used on any 'net list. One writing in a language not understood > by the majority of those present will simply get fewer useful > responses: a perfectly adequate self-regulating mechanism! Which is why Werner responded in german (see * which you cut out), which is apparently a language you did not understand, and then in english and nicely pointed this person to the german version of the list in case the person didn't command or didn't want to use the english language... It would be rude if he indeed wrote only the above, but he did not do that. Greets/Gruetzi/Groetjes/Au Revoir/, Jeroen * = http://lists.gnupg.org/pipermail/gnupg-users/2005-August/026466.html signature.asc Description: This is a digitally signed message part ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GnuPg says BAD sig
Hi. i verify a PGP 8.1 signed message using gpg (GnuPG) 1.4.0. It says that the message has a bad signature! PGP Desktop 9 says that it is valid signed! See attachment. Regards, Sascha -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: Microsoft Security Bulletin Summary for August 2005 Issued: August 09, 2005 Version Number: 1.0 Bulletin: http://go.microsoft.com/fwlink/?LinkId=51160 Summary: This advisory contains information about all security updates released this month. It is broken down by security bulletin severity. Critical Security Bulletins === MS05-038 - Cumulative Security Update for Internet Explorer (896727) - Affected Software: - Windows 2000 Service Pack 4 - Windows XP Service Pack 1 - Windows XP Service Pack 2 - Windows XP Professional x64 Edition - Windows Server 2003 - Windows Server 2003 Service Pack 1 - Windows Server 2003 for Itanium-based Systems - Windows Server 2003 with SP1 for Itanium-based Systems - Windows Server 2003 x64 Edition - Review the FAQ section of bulletin MS05-O38 for information about these operating systems: - Windows 98 - Windows 98 Second Edition (SE) - Windows Millennium Edition (ME) - Impact: Remote Code Execution - Version Number: 1.0 MS05-039 - Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588) - Affected Software: - Windows 2000 Service Pack 4 - Windows XP Service Pack 1 - Windows XP Service Pack 2 - Windows XP Professional x64 Edition - Windows Server 2003 - Windows Server 2003 Service Pack 1 - Windows Server 2003 for Itanium-based Systems - Windows Server 2003 with SP1 for Itanium-based Systems - Windows Server 2003 x64 Edition - Impact: Remote Code Execution - Version Number: 1.0 MS05-043 - Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423) - Affected Software: - Windows 2000 Service Pack 4 - Windows XP Service Pack 1 - Windows XP Service Pack 2 - Windows Server 2003 - Windows Server 2003 for Itanium-based Systems - Impact: Remote Code Execution - Version Number: 1.0 Important Security Bulletins MS05-040 - Vulnerability in Telephony Service Could Allow Remote Code Execution (893756) - Affected Software: - Windows 2000 Service Pack 4 - Windows XP Service Pack 1 - Windows XP Service Pack 2 - Windows XP Professional x64 Edition - Windows Server 2003 - Windows Server 2003 Service Pack 1 - Windows Server 2003 for Itanium-based Systems - Windows Server 2003 with SP1 for Itanium-based Systems - Windows Server 2003 x64 Edition - Review the FAQ section of bulletin MS05-O38 for information about these operating systems: - Windows 98 - Windows 98 Second Edition (SE) - Windows Millennium Edition (ME) - Impact: Remote Code Execution - Version Number: 1.0 - Impact: Remote Code Execution - Version Number: 1.0 Moderate Security Bulletins === MS05-041 - Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (899591) - Affected Software: - Windows XP Service Pack 1 - Windows XP Service Pack 2 - Windows XP Professional x64 Edition - Windows Server 2003 - Windows Server 2003 Service Pack 1 - Windows Server 2003 for Itanium-based Systems - Windows Server 2003 with SP1 for Itanium-based Systems - Windows Server 2003 x64 Edition - Impact: Denial of Service - Version Number: 1.0 MS05-042 - Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing (899587) - Affected Software: - Windows 2000 Service Pack 4 - Windows XP Service Pack 1 - Windows XP Service Pack 2 - Windows XP Professional x64 Edition - Windows Server 2003 - Windows Server 2003 Service Pack 1 - Windows Server 2003 for Itanium-based Systems - Windows Server 2003 with SP1 for Itanium-based Systems - Windows Server 2003 x64 Edition - Impact: Remote Code Execution - Version Number: 1.0 Update Availability: === Updates are available to address these issues. For additional information, including Technical Details, Workarounds, answers to Frequently Asked Questions, and Update Deployment Information please read the Microsoft Security Bulletin Summary for this month at: http://go.microsoft.com/fwlink/?LinkId=51160 Support: Technical support is available from Microsoft Product Support Services at 1-866-PC SAFETY (1-866-727-2338). There is no charge for support calls associated with security updates. International cus
Re: Forgot the key passowrd
On 8/10/05, Alphax <[EMAIL PROTECTED]> wrote: > How long will 8 characters (standard unix password length) take to break > at present? Using the supplied figure of 200 keys per second, and using only the 95 "printable" ASCII characters: (95^8)/200 seconds. Or about 1.1 million years! Obviously, if you know something about the structure of the password (inlcudes words, is mostly lower case, etc.), you can trim that way down. But 200 trials per second just isn't going to be verry effective for a brute force attack. -- RPM ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [outlgpg] Outlook 2003 problems
On Wed Aug 10 2005; 09:58, R. Jensen wrote: > Outlook's Add-in Manager doesn't seem to know how to UNINSTALL an > add-in. You can disable it, but that doesn't get rid of the entry. :-( In the case of the GPG Outlook plugin, it's no problem. Just register the new version of gpgexch.dll and the procedure is done. Or if you just overwrite the old gpgexch.dll, you even don't need to do this. (make sure you also overwrite libgpgmedlgs.dll!) > I then copied the libgpgmedlgs.dll to the system directory and > ran the regsvr32 command as per the README. > > Any attempt to sign a message crashes Outlook. > [Outlook 2003, SP1] Do you use the version 0.99.4? It is known that earlier version of the plugin can crash O2003/SP1. > not saved. I set the 'Sign new messages by default', unset the > 'Also encrypt message with the default key' and change the > logfile and if I stop Outlook and restart these are gone. I can't confirm this right now, but I suggest to update to 0.99.4 and then try again. We will provide a new version of the plugin in the next week. For users who uses the plugin and it crashes Outlook, it would be useful to have the debug output of Dr. Watson. Please compress it before you send it because it's very large. You can either send these reports to [EMAIL PROTECTED] or to me ([EMAIL PROTECTED]) directly. Timo ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [outlgpg] Outlook 2003 problems
On Wed Aug 10 2005; 10:50, R. Jensen wrote: > to verify it, I get an error dialog: > >GPG Verify > Invalid crypto engine > > My WinPT installation verifies the signature without a problem I see you still use GPG 1.2.x. The plugin requires 1.4 and we will provide an more informative error message with the next version of the plugin. BTW, the newest WinPT version also requires GPG 1.4.x. Timo ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [outlgpg] Outlook 2003 problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Timo Schulz wrote: > I see you still use GPG 1.2.x. The plugin requires 1.4 and we will > provide an more informative error message with the next version of > the plugin. > > > BTW, the newest WinPT version also requires GPG 1.4.x. The 1.2.6 is on the Linux box where I'm running Thunderbird (1.0.6) and Enigmail (0.92.0.0). I signed the email there, but sent it to the Windows XP Pro box where I'm running Outlook 2003. On the Windows box I'm running GPG 1.41. Richard. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFC+ke68u8rlAV8K24RAu74AJ9X1yR0uWmJlaSjEPnmoaMhfe3ulgCfQ5Y0 xVPJSJSrcND9HnTrU3OqqJk= =Ehoh -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [outlgpg] Outlook 2003 problems
Richard Sperry wrote: > The issue you have is caused from the newer version of > GnuPG. Timo is doing a great job of writing a newer > version, but with all new releases it takes time to > find the bugs. > > for a working beta of my Ol03 installer goto > http://www.sperryservices.com/gnutools.htm > > The installer takes care of some of the OL issues and > uses the .94 plug-in for stability. > > It also has Winpt for keymanager, GnuPG 1.4.2 and > GpgEE . I have tried to write it stupid friendly so > everything is set in theroy. For security reasons I > set the keys and conf into the userdocs. I recomend > using EFS if you are on XP Pro. > > I would like any feedback you have. > > --Richard Sperry > I looked at the page you mentioned and was curious about: Please note that if you are connected to a Corperate Network or Exchange server, you MUST contact your IT or ADMIN before installing! Is this a licensing issue? My Outlook 2003 is connected to my employer's Exchange server. That's the only reason I even use Outlook. :-) Richard. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [outlgpg] Outlook 2003 problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > Do you use the version 0.99.4? It is known that earlier version of > the plugin can crash O2003/SP1. > Where can I get the 0.99.4 version? I downloaded from http://www.g10code.de/p-outlgpg.html last week and that is the 0.99.2 version I'm having problems with. The link on that page still seems to be for 0.99.2. > > > For users who uses the plugin and it crashes Outlook, it would be > useful to have the debug output of Dr. Watson. Please compress it > before you send it because it's very large. You can either send these > reports to [EMAIL PROTECTED] or to me ([EMAIL PROTECTED]) directly. > How do I enable this? Richard. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFC+ksW8u8rlAV8K24RAn1aAJ99GwxF4hAofjSVuciye7ENyWhEjgCfV48B VuKjESdOcB2erZ/ymqmRf3c= =gYum -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
deluid // why no passphrase required ?
when adding a new userid, gnupg understandably requires a passphrase, why doesn't gnupg require a passphrase when deleting a uid ? (granted, if someone found my secring.gpg, this would be my least worry ;-) but, in principle, shouldn't all key editing functions require a passphrase ? tia, vedaal Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: deluid // why no passphrase required ?
[EMAIL PROTECTED] wrote: when adding a new userid, gnupg understandably requires a passphrase, why doesn't gnupg require a passphrase when deleting a uid ? (granted, if someone found my secring.gpg, this would be my least worry ;-) but, in principle, shouldn't all key editing functions require a passphrase ? tia, vedaal I can not agree more. I accidentally deleted my secret, that would not happen if it asked me to confirm it by passphrase. David signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: deluid // why no passphrase required ?
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 In reply to [EMAIL PROTECTED]'s message sent 2005-08-10 17:18: > when adding a new userid, gnupg understandably requires a passphrase, > > why doesn't gnupg require a passphrase when deleting a uid ? You're not issuing a signature when deleting a uid. > (granted, if someone found my secring.gpg, this would be my least > worry ;-) > > but, in principle, shouldn't all key editing functions require a > passphrase ? What does it hurt to delete a uid, or even a key? You seem to be asking for keyring permissions. That's beyond GnuPG's purpose. You should store your keyrings in an appropriately secured volume if you're worried about accidental or intentional removal of public keys or uid's. - -- Mike Daigle http://www.mikedaigle.ca My PGP Key mailto:[EMAIL PROTECTED] Gossamer Spider Web of Trust http://www.gswot.org -BEGIN PGP SIGNATURE- Comment: GSWoT - Gossamer Spider Web of Trust - www.gswot.org iD8DBQFC+nL8NuccKlqTLlMRA2ZoAJ46SY8nKK8jIHAzs7vQszEvKIObqACfWrnX D9NsHb1WkgmyN8oy7tz05mQ= =j7Bi -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
deluid // follow-up
after looking at the deluid some more, found that any user's uid can be deleted from the public key, and that this appears to be open-pgp behavior this can be useful when someone has many outdated uid's, and the user wants only the one with the current 'real' e-mail address, and wants to delete all the other ones still, this could lead to some abuse, since a user could intentionally delete the 'real' uid from someone's public key, leave an outdated one, and either publicly post the key , or upload that key to a new keyserver that did not have it before, and an unsuspecting user, verifying that key with its signatures and fingerprint, receives misleading information about the key wouldn't it be better where the deluid could be 'local only/non-exportable' for user convenience, but would require a key-owner to make deletions (obviously cannot be implemented retro-actively, but maybe whenever the keyserver system is modified, it might be another issue to consider) tia, vedaal Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [outlgpg] Outlook 2003 problems
R. Jensen wrote: > > Where can I get the 0.99.4 version? I downloaded from > http://www.g10code.de/p-outlgpg.html last week and that is > the 0.99.2 version I'm having problems with. The link on that > page still seems to be for 0.99.2. > Patrick Dickey helped me with this a bit. I downloaded: ftp://ftp.g10code.com/g10code/outlgpg/gpgexch-dll-0.99.4.zip and installed it. Now, in the explorer windows the dll does show up a 0.99.4, but the tab in Outlook says 0.99.3. It still doesn't work. Both the crash on signing and the Invalid Crypto Engine on verification occur. And the preferences are not saved. But now I'm getting a dialog about "Save options in the registry". When I start Outlook, I get one that initially says "Access is denied" and then five more that I have to click on that say: "Operation completed successfully". Similarly, if I go to the tab and change options, I have to click on five dialog boxes when I close the tab. >>> >>> >>>For users who uses the plugin and it crashes Outlook, it would be >>>useful to have the debug output of Dr. Watson. Please compress it >>>before you send it because it's very large. You can either send these >>>reports to [EMAIL PROTECTED] or to me ([EMAIL PROTECTED]) directly. >>> > > > How do I enable this? > Patrick also tried to help me with this. I enabled Dr. Watson, but it does not come up and no log is created when Outlook crashes. When I try to sign a message, I get a dialog "Microsoft Office Outlook has encountered a problem and needs to close." I have the option to send an error report to Microsoft or not. If I go into regedt32, and go to: HKLM\Software\Microsoft\WindowsNT\CurrentVersion\AeDebug I see the following values: Auto 1 Debugger drstsn32 -p %ld -e %ld -g (and a PreVisualStudio7Debugger with the same value) So, it looks like Dr. Watson is enabled, but isn't getting invoked? Richard. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: deluid // why no passphrase required ?
On Wed, 2005-08-10 at 14:18 -0700, [EMAIL PROTECTED] wrote: > when adding a new userid, gnupg understandably requires a > passphrase, > > why doesn't gnupg require a passphrase when deleting a uid ? > > (granted, if someone found my secring.gpg, this would be my least > worry ;-) > > but, in principle, > shouldn't all key editing functions require a passphrase ? The point of a passphrase is not to ensure data integrity. If someone has sufficient access to your system, that person could delete your entire secret keyring (and all of your uids) no matter how gpg implemented passphrases. secring.gpg is just a file and it can be rm'd. Adding a uid requires a passphrase because the new uid needs to be signed, and that requires your secret key. Deleting a uid just means, more or less, chopping a block of bytes out of secring.gpg. The passphrase protects your secret key from being used by other people. hth, Eric ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: imported smart-card keys
OK, I'm getting frustrated with the interaction with the smart card. I have generated a new ElGamal encryption key, 0x16AF3873. $ gpg --edit-key 51192ff2 gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! Secret key is available. pub 1024D/51192FF2 created: 2002-03-22 expires: never usage: CS trust: ultimate validity: ultimate sub 2048g/1DA6A1C7 created: 2003-06-27 expired: 2004-06-26 usage: E sub 2048g/9150664F created: 2004-07-01 expired: 2005-07-01 usage: E sub 2048g/96FAE64B created: 2002-03-22 expired: 2003-04-16 usage: E sub 2048g/0193A5EB created: 2003-04-15 expired: 2004-04-14 usage: E sub 2048g/16AF3873 created: 2005-08-10 expires: 2006-08-10 usage: E sub 1024R/4A1C1224 created: 2005-06-27 expires: never usage: S sub 1024R/F40CACBA created: 2005-06-27 expires: never usage: E sub 1024R/694C9CA5 created: 2005-06-27 expires: never usage: A OK, so I have exactly one valid signing key available on this machine (RSA 4A1c1224, which is on a smart card), as evidence: $ gpg --list-secret-keys gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! /home/amauer/.gnupg/secring.gpg --- sec# 1024D/51192FF2 2002-03-22 ssb 2048g/1DA6A1C7 2003-06-27 ssb 2048g/9150664F 2004-07-01 ssb 2048g/16AF3873 2005-08-10 sec# 1024D/51192FF2 2002-03-22 ssb# 2048g/1DA6A1C7 2003-06-27 ssb# 2048g/9150664F 2004-07-01 ssb# 2048g/96FAE64B 2002-03-22 ssb# 2048g/0193A5EB 2003-04-15 ssb# 2048g/17804FC1 2005-08-10 ssb# 2048g/16AF3873 2005-08-10 ssb> 1024R/4A1C1224 2005-06-27 ssb> 1024R/F40CACBA 2005-06-27 ssb> 1024R/694C9CA5 2005-06-27 ssb# 1024D/3F52F59F 2004-12-13 But, when I go to sign a file (or email, or anything) I get: $ gpg --sign test.txt gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! gpg: secret key parts are not available gpg: no default secret key: general error gpg: signing failed: general error What could be causing this? Thanks -Alex Mauer "hawke" -- Bad - You get pulled over for doing 90 in a school zone and you're drunk off your ass again at three in the afternoon. Worse - The cop is drunk too, and he's a mean drunk. FUCK! - A mean drunk that's actually a swarm of semi-sentient flesh-eating beetles. OpenPGP key id: 0x51192FF2 @ subkeys.pgp.net ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Setting Digest-Algo in 1.4.2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 While polishing my settings on this new PC, I realize I've forgotten how to set RIPEMD160 as the Hash Algo to use. Running M$ XP with 1.4.2/Enigmail & GPGshell 3.45. Help Appreciated! JOHN :) Timestamp: Wed 10 August 2005, 06:58 PM --400 (Eastern Daylight Time) - -- My Website: http://home.joimail.com/~johnmoore3rd/ Gossamer Spider Web of Trust: http://www.gswot.org Open PGP Key: http://tinyurl.com/5ztc6 Encrypted Email is a Courtesy & Appreciated!! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Public Key at: http://tinyurl.com/5ztc6 Comment: Gossamer Spider Web of Trust: http://www.gswot.org Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iEYEARECAAYFAkL6hsUACgkQnCmZhrerneUcpgCgrapev0lT0AB91YkMZ5V0PFI1 GgYAoOXARzmVaEbRiXokEWPf2YbOxZjW =BUwH -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Setting Digest-Algo in 1.4.2
John W. Moore III schrieb: > While polishing my settings on this new PC, I realize I've forgotten how > to set RIPEMD160 as the Hash Algo to use. Running M$ XP with > 1.4.2/Enigmail & GPGshell 3.45. Help Appreciated! digest-algo RIPEMD160 cert-digest-algo RIPEMD160 Thomas ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: deluid // follow-up
[EMAIL PROTECTED] wrote: >someone's public key, leave an outdated one, >and either publicly post the key , or upload that key to a new >keyserver that did not have it before, That's one of the reasons why most keyservers synchronise. >wouldn't it be better where the deluid could be 'local only/non-exportable' >for user convenience, For keyservers, it already is. If you want to make clear that a certain uid is not in use any more, you'll have to revoke that uid, not delete it from your local copy. -- ir. J.C.A. Wevers // Physics and science fiction site: [EMAIL PROTECTED] // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: deluid // why no passphrase required ?
Eric wrote: >Deleting a uid just means, >more or less, chopping a block of bytes out of secring.gpg. Are uid's also stored in the secret key? I thought they only existed in the public key, since that's the only place where they are needed. Storing in the secring is double: one can assume that if you have a secret key, you'll also have the corresponding public key. -- ir. J.C.A. Wevers // Physics and science fiction site: [EMAIL PROTECTED] // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
