Re: Two questions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gary Graham wrote: > I have a couple questions I have not been able to figure out on my own. > First, and probably easiest: Is it possible to put a photo into a > key? I see some keys have it, but have not figured how to do it. gpg --edit-key addphoto > Second: I have a Thawte Freemail certificate. I have Enigmail set to > use it. How do I import it, or whatever, it into my GNUpg keyring? I > see several have done it. How do I say "It's more trouble than it's worth"? You have to use PGP as an intermediate step. The CA cert on X.509 certificate is not recognized by GnuPG 1.4.x and shows up as a signature from keyid 0x. PGP will consider the X.509 as a valid key if you import the CAs keys and sign them as a trusted introducer. For GnuPG to consider the X.509 RSA key material valid you need to either sign the key with your default key or self-sign the key. Unless your identity has been verified by Thawte's Assurance program, the key will have your name as "Thawte Freemail Member" - not exactly a stand out on the keyservers. Key prefs are another pain. Am imported Thawte cert shows: Cipher: 3DES Digest: SHA1 Compression: ZIP, Uncompressed A GnuPG created key shows: Cipher: AES256, AES192, AES, CAST5, 3DES, IDEA Digest: SHA1, SHA256, RIPEMD160 Compression: ZLIB, BZIP2, ZIP, Uncompressed Features: MDC, Keyserver no-modify My last post to this list gave a brief overview. If you still want to do it, it's best to ask for more help over on the PGP-Basics Yahoo! group. http://groups.yahoo.com/group/PGP-Basics/ Also, Enigmail WILL NOT use X.509 keys. You have most likely configured S/MIME to use your Thawte certificate. That's the 'Security' tab in TB's account settings. Enigmail is configured on the 'OpenPGP Security' tab. - -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A "what's the key to success?"/ "two words: good decisions." "what's the key to good decisions?" / "one word: experience." "how do i get experience?" / "two words: bad decisions." "Just how do the residents of Haiku, Hawai'i hold conversations?" -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3-cvs-3891-2005-09-13 (Windows 2000 SP4) Comment: When cryptography is outlawed, b25seSBvdXRsYXdzIHdpbGwgdXNlIG Comment: Be part of the £33t ECHELON -- Use Strong Encryption. Comment: It's YOUR right - for the time being. Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFDKR7FHQSsSmCNKhARAuMrAJ4nrbsFJN23d06f00C1XRM5GhW6swCgrCGm vrOXWyIrGLewNbDkFqOnSbw= =zCI9 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Two questions
John Clizbe wrote: > Gary Graham wrote: >> Second: I have a Thawte Freemail certificate. I have Enigmail set >> to use it. How do I import it, or whatever, it into my GNUpg >> keyring? I see several have done it. > > > How do I say "It's more trouble than it's worth"? You have to use PGP > as an intermediate step. >From my understanding of PKI, there's another way to do it, which is *even more* trouble than it's worth... Extract the raw key (as in, the really big number) form the X.509 cert and convert it into an OpenPGP key by taking a large bottle of your favourite alcoholic beverage, read the relevant RFCs while consuming about half of it, attempt to perform the conversion, and drink the rest of the alcoholic beverage when you realise how futile this is :) Or should I just go ahead and drink the whole bottle right away because I've gotten the procedure wrong in the first place? ;) -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 |X Against HTML email & vCards http://tinyurl.com/cc9up| / \ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Bug?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I use gnupg 1.4.2, Thunderbird 1.0.6, enigmail 0.92.1 When I try to open "Open PGP Key Managment" I receive error message: gpg: buffer shorter than subpacket gpg: buffer shorter than subpacket gpg: signature packet without keyid gpg: buffer shorter than subpacket I receved the error with Gnupg 1.4.1, enigmal 0.92.0 Enigmail debug: $ cat enigcmd.txt /usr/bin/gpg --charset utf8 --batch --no-tty --status-fd 2 --with-fingerprint --fixed-list-mode --with-colons --list-keys $ cat enigenv.txt DISPLAY=:1.0,HOME=/home/sandello,LANG=ru_RU.UTF-8,LOGNAME=sandello,LD_LIBRARY_PATH=/home/sandello/Programs/Thunderbird:/home/sandello/Programs/Thunderbird/plugins:/usr/local/lib/mre/mre-1.0.6,MOZILLA_FIVE_HOME=/home/sandello/Programs/Thunderbird,PATH=/usr/local/jdk/bin:/usr/local/java/ant/bin:/usr/kerberos/bin:/usr/lib/courier/bin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/home/sandello/bin:/home/sandello/sbin,PWD=/home/sandello,SHELL=/bin/bash,TMPDIR=/tmp,USER=sandello $ cat enigerr.txt [GNUPG:] KEYEXPIRED 1071310391 [GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead [GNUPG:] KEYEXPIRED 923147 [GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead gpg: buffer shorter than subpacket gpg: buffer shorter than subpacket gpg: signature packet without keyid gpg: buffer shorter than subpacket NOTE: this is the tail of enigerr.txt $ tail enigout.txt fpr:3F0A12FC0B55A917D79182D372FDC205F6A32A8E: uid:-969131660::02957B6D476581DF9970B1959C2C226CD654C882::Santiago Garcia Mantinan (manty) <[EMAIL PROTECTED]>: uid:r::F5B02927C9137D6B86C0443F9D6F30D4E3E2C55A::Santiago Garcia Mantinan (manty) <[EMAIL PROTECTED]>: uid:-969131512::0EE6D8286E42846516EA24914C5C7FC7B6703366::Santiago Garcia Mantinan (manty) <[EMAIL PROTECTED]>: uid:-973705934::A7ECCF51C99F469795F191BACDC2DD965E768191::Santiago Garcia Mantinan (manty) <[EMAIL PROTECTED]>: sub:-:1024:16:8F802C268D0EB704:969129228::e: pub:-:1024:17:E9311E2A656CB5B5:1031330729:::-:::scaESCA: fpr:A0627E3D8CF2BAA6254DAAC6E9311E2A656CB5B5: uid:-1031330729::E1DF469C11F55309FAE5870F9AC480A3CE9DE4D0::Caroline Tremblay <[EMAIL PROTECTED]>: sub:-:2048:16:9A375D018C6C1AF5:1031330729::e: - -- Denis Kostousov email: sandelloTHEDOGpermonline.ru jabber: sandelloATjabber.org fingerprint: FE3D 60AF E08D 2D2A 6A8B C891 70BB 0665 F047 ADAE -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDKSaFcLsGZfBHra4RAkruAKDtTxzAYIzYeilaanQDu/xqEvwO5gCgtiwQ NZ5OgZWbho8YPMMK/Bpowx4= =o9i4 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
