Re: Problem decrypting large file.
Peter C. Chapin wrote: > Hello! I've googled a bit on this problem but I have not so far found > anything helpful. > http://lists.gnupg.org/pipermail/gnupg-users/2005-September/026646.html http://lists.gnupg.org/pipermail/gnupg-users/2005-October/027259.html http://lists.gnupg.org/pipermail/gnupg-users/2006-February/028073.html and their replies. -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 |X Against HTML email & vCards http://tinyurl.com/cc9up| / \ signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problem decrypting large file.
On Tue, 21 Mar 2006, Werner Koch wrote: > It definitely can. The safe why of doing so is by using i/o > redirection; i.e.: > > gpg -e plain.gpg > > This way the size of PLAIN is irrelevant to gpg. The shell (cmd.exe) > is responsible for opening the files the correct way. Hmmm. The post here: http://lists.gnupg.org/pipermail/gnupg-users/2005-October/027259.html Describes a case where I/O redirection was used, and yet problems occured anyway. Of course they might be different problems. I do not understand the error messages posted well enough to evaluate that possibility. Peter ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG does not detect injection of unsigned data
On Fri, 10 Mar 2006 19:40:54 +0100, Jan Luehr said: > well, this takes me to a difficult question: > How much more are to come? (Have you begun a code audit? How long will it > take > then?) Common wisdoms tells that it is pretty ineffective for a developer to audit his own code. Despite that developer prefer writing new code, I would really like to put more time into quality assurance. First of all this means writing regression tests and more tests and still more tests. Then and only then we could start cleaning up the code to get rid of stuff required 8 years ago but which is by now mostly obsolete. Without enough support contracts or other financial resources we can't really do that. David Wheeler's SLOCcount estimates the development effort for gnupg-1.4 at 30 person years. And that does not even take into account that GnuPG can't be estimated using the basic COCOMO; in reality it will be much higher. A code audit would be at least that expensive. > I haven't been following the gnupg development so far, but imho the recent > development of actions rater is rather disturbing - and these kind of bugs > tend to disqualify gnupg from mission critical use. Do you really believe it is different with other applications or even with the Linux, which is the most sensitive part of the OS? I do quick audits from time to time to figure out what application to use for a specific task: there is so much horrible flawed software in production use that I sometimes want to plug out the network cable immediately. That is not to say that proprietary software is in any regard better; just to the contrary: all non free mass market software hampers from the probelm that there is not enough quality checking. And well, who is going to do that? Shalom-Salam, Werner p.s. Sorry for replying so late to some message; I accidently unsubscribed from users and didn't noticed. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Help: /dev/tty error
Hello, I'm trying to use gpg on a remote server (the server has a copy of my public key, a file is encrypted there and my client downloads it by HTTP). I'm getting the following error: gpg: cannot open /dev/tty: No such device or address This is a Linux box (Red Hat I think). Do you know what this error means? What can I do to fix it? Thank you for your help. Cheers, Daniel. -- /\/`) http://opendocumentfellowship.org /\/_/ /\/_/ A life? Sounds great! \/_/Do you know where I could download one? / ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Change PIN on OpenPGP-Card with Cherry SmartTerminal ST-1044
On 14 Mar 2006 20:07:21 +0100, Dennis Heitmann said: > gpg: pcsc_transmit failed: not transacted (0x80100016) > gpg: apdu_send_simple(0) failed: card I/O error That is a catch all error of thye underlying ifd-handler. I have never tried that board with the PCSC driver. It works fine when using the internal GnuPG driver. I sorry, that you burned your card. In general it is always advisable to take some caution when using a new reader device. And you should always start with the regular PIN, this gives you more tries in case something went wrong. Using gpg with the option "--debug 2048" will show details of the card communication. Salam-Shalom, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problem decrypting large file.
On Tue, 21 Mar 2006, Alphax wrote: > http://lists.gnupg.org/pipermail/gnupg-users/2005-September/026646.html > > http://lists.gnupg.org/pipermail/gnupg-users/2005-October/027259.html > > http://lists.gnupg.org/pipermail/gnupg-users/2006-February/028073.html > > and their replies. Thanks for the links; I found them interesting. Alas, none of those messages contain any suggestions for how one might recover data from the (corrupted?) encrypted file. That's my primary concern at the moment. Also the workaround described in the September posts was shown to possibly not work in the October posts and no resolution was discussed. Am I to conclude that gpg simply can't reliably encrypt multi-gigabyte files on Win32? Peter ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
/dev/tty error
Hello, I'm trying to use gpg on a remote server (the server has a copy of my public key, a file is encrypted there and my client downloads it by HTTP). I'm getting the following error: gpg: cannot open /dev/tty: No such device or address This is a Linux box (Red Hat I think). Do you know what this error means? What can I do to fix it? Thank you for your help. Cheers, Daniel. -- /\/`) http://opendocumentfellowship.org /\/_/ /\/_/ A life? Sounds great! \/_/Do you know where I could download one? / ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: batch mode lack of randomness FreeBSD
Stef Caunter <[EMAIL PROTECTED]> wrote: >I'm sure I have just missed this in the archives, but I cannot see >mention of a way to get sufficient randomness when running gpg >remotely in a shell account to batch generate key pairs, i.e. > >gpg --gen-key --batch tmp > >where tmp is populated according to doc/DETAILS example. Here is >what I've done to help randomness. I'm just a user on this system >so my options for IRQ mapping to acquire randomness are limited: > >I've started a child process that continually writes to a disk file >during the --gen-key --batch job... > >I have populated ~/.gnupg/random_seed with 600 bytes from >/dev/urandom > >I have asked the admin to add IRQs to rndcontrol. > >Is this just the way it is on FreeBSD (4.11-RELEASE)? There is >plenty of randomness in /dev/urandom, and none in /dev/random... > >Stef >http://caunter.ca/contact.html Can you ask your admin to add the Entropy Gathering Daemon that is written in PERL? http://www.gnupg.org/download/ (search for Entropy) I can't speak as to the effectiveness or lack thereof of your method. I am tempted to say that it will probably work, but I may be wrong. The main point I worry about is when you generate your keys, not when encrypting stuff. Lucas, who is writing a book on encryption using both GnuPG and new style PGP uses FreeBSD and I believe he uses the EGD: http://www.blackhelicopters.org/~mwlucas/reviewers.html I have no idea how you can get to him because he has finally given up on email and your message may be considered to be trash. If I remember correctly, he did say in an email message that he was using the EGD (Entropy Gathering Daemon). It sounds like you are on a multi-user system which is NOT a very good state of affairs. If you have your own system, you can install any of the many good versions of Linux (make partitions with Partition Magic with an ext3 partitions for / & /home, another partition for SWAP yet another for a FAT32 partition to transfer files back and forth from Linux to MS Windows. Only the "/" partition needs to be a Primary partition. All the rest can be logicals. Feel free to convert the PERL script to C if you don't think it runs fast enough. It is Gnu protected so that is permissible. HHH __ Switch to Netscape Internet Service. As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register Netscape. Just the Net You Need. New! Netscape Toolbar for Internet Explorer Search from anywhere on the Web and block those annoying pop-ups. Download now at http://channels.netscape.com/ns/search/install.jsp ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: batch mode lack of randomness FreeBSD
Hi, Stef Caunter wrote: I have populated ~/.gnupg/random_seed with 600 bytes from /dev/urandom This is generally a very *bad* idea in terms of cryptography: /dev/urandom uses a pseudo-random generator with predictable results, (relatively) low random quality that is not suitable at all for generating secure key pairs. That is covered in the GnuPG documentation. I have asked the admin to add IRQs to rndcontrol. This on the other hand is a pretty good idea. Is this just the way it is on FreeBSD (4.11-RELEASE)? There is plenty of randomness in /dev/urandom, and none in /dev/random... It is always "the way it is" when you attempt to use the entropy pool on a remote system that you control through the network : there are simply not enough unpredictable physical events around the server to gather quickly more entropy. Also happen with linux, or other flavours of . Mind that Henry Herts Hobbits has a point here: you should not be generating keys that you intend to be secure using a remote shell access. Rationale for this is covered in the GnuPG documentation as well. Regards, -- Raphaël signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: /dev/tty error
Werner Koch wrote:
This is a Linux box (Red Hat I think). Do you know what this error
means? What can I do to fix it?
You need to give more information.
Yes, but I didn't know what else I should say.
Very likely you are running gpg without a TTY associated;
I'm running it from a PHP script:
exec("gpg ...")
I guess that means I don't have a TTY. In any event, --batch helped. Thanks!
Cheers,
Daniel.
--
/\/`) http://opendocumentfellowship.org
/\/_/
/\/_/ A life? Sounds great!
\/_/Do you know where I could download one?
/
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: /dev/tty error
On Tue, 21 Mar 2006 11:13:20 +, Daniel Carrera said: > This is a Linux box (Red Hat I think). Do you know what this error > means? What can I do to fix it? You need to give more information. Very likely you are running gpg without a TTY associated; there are enough mails with the same question as well as followups. Hint: Use --batch and possible --no-tty. Shalom-Salam, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problem decrypting large file.
On Tue, 21 Mar 2006 06:32:44 -0500, Peter C Chapin said: > the workaround described in the September posts was shown to possibly not > work in the October posts and no resolution was discussed. Am I to > conclude that gpg simply can't reliably encrypt multi-gigabyte files on It definitely can. The safe why of doing so is by using i/o redirection; i.e.: gpg -e plain.gpg This way the size of PLAIN is irrelevant to gpg. The shell (cmd.exe) is responsible for opening the files the correct way. Salam-Shalom, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: batch mode lack of randomness FreeBSD
On Thu, 16 Mar 2006 01:10:25 -0500 (EST), Stef Caunter said: > I've started a child process that continually writes to a disk file during > the --gen-key --batch job... That won't help much. A better thing is find /usr -type f | xargs cat >dev/null > Is this just the way it is on FreeBSD (4.11-RELEASE)? There is plenty of > randomness in /dev/urandom, and none in /dev/random... There is no randomness (well, entropy) in /dev/urandom at all if you read too much of it. Instead of blocking on low entropy as /dev/random does, /dev/uranmdom simply falls back into a pseudo random mode. Further, reading from /dev/urandom depletes the inetranl random pool and thus a read on /dev/random will block untilo you stop using /dev/urandom. Salam-Shalom, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Error: "unusable public key"
Hello, I'm having another problem, again not in the FAQ: sql.gz: encryption failed: unusable public key This happens when I try to encrypt a file with my public key. This is what I'm trying to do: I want to backup a remote database regularly but I'd like to transmit it encrypted. So I want to run this command: sqldump ... | gzip -c | gpg ... -o backup.gpg And then send the file backup.gpg to the client. This should be more than enogh for my needs. So, I have gpg installed in the server. I imported my public key and I didn't see any errors. I went to the .gnupg directory and pubring.gpg is there and has a non-zero size. When I do a --list-keys on the server I see my public key there: /path/to/.gnupg/pubring.gpg pub 1024D/42713DE9 2006-03-21 Daniel Carrera <[EMAIL PROTECTED]> sub 2048g/F2EB9C97 2006-03-21 I am trying to encrypt with the following command: $ gpg -a --homedir /path/to/.gnupg -r [EMAIL PROTECTED] --batch -o sql.asc -e sql.gz Note: The '-e sql.gz' is for testing. I'll replace this by a pipe later. When I run this command from a PHP script I get this error: gpg: F2EB9C97: There is no indication that this key really belongs to the owner gpg: sql.gz: encryption failed: unusable public key I don't care about the first line. I don't plan to have a secret key on the server. But that first line does show that it located the correct public key. I don't understand how the public key can be unusable if it can identify the key ID correctly. What are the chances of that? Could it be that I don't have a secret key? Why would a secret key be required if I just want to encrypt? Could it be because I'm running this from a PHP script? Why would that make the key unusable? I'm sure I'm not the first person who has thought of putting gpg on a server and using only a public key for encryption. Help? Any suggestions would be most appreciated. Cheers, Daniel. -- /\/`) http://opendocumentfellowship.org /\/_/ /\/_/ A life? Sounds great! \/_/Do you know where I could download one? / ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: batch mode lack of randomness FreeBSD
On Tue, Mar 21, 2006 at 08:45:47AM -0500, Henry Hertz Hobbit wrote: > Stef Caunter <[EMAIL PROTECTED]> wrote: > >Is this just the way it is on FreeBSD (4.11-RELEASE)? There is > >plenty of randomness in /dev/urandom, and none in /dev/random... Definitely ask on [EMAIL PROTECTED] > Can you ask your admin to add the Entropy Gathering Daemon that is > written in PERL? I believe you can install this and run it as a regular user, as well, but I might be wrong. > I can't speak as to the effectiveness or lack thereof of your method. > I am tempted to say that it will probably work, but I may be wrong. > The main point I worry about is when you generate your keys, not when > encrypting stuff. Lucas, who is writing a book on encryption using both > GnuPG and new style PGP uses FreeBSD and I believe he uses the EGD: > > http://www.blackhelicopters.org/~mwlucas/reviewers.html > Not on FreeBSD, but I've never had to generate large numbers of keys. > I have no idea how you can get to him because he has finally given > up on email and your message may be considered to be trash. I pay more attention to mailing lists than messages sent to me. Email is no longer a useful personal communications medium for me. :-( Good luck! ==ml -- Michael W. Lucas[EMAIL PROTECTED], [EMAIL PROTECTED] http://www.BlackHelicopters.org/~mwlucas/ "The cloak of anonymity protects me from the nuisance of caring." -Non Sequitur ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
How to sign with non-subkey?
I recently created a signing sub-key (on a smartcard, if it matters) and gpg now use it by default. How do I sign messages using my non-subkey? I thought -u would do it, but it doesn't seem to work: [EMAIL PROTECTED]:~$ echo foo |gpg -a -s -v -u b565716f gpg: using subkey AABB1F7B instead of primary key B565716F gpg: writing to stdout gpg: using subkey AABB1F7B instead of primary key B565716F gpg: RSA/SHA1 signature from: "AABB1F7B Simon Josefsson <[EMAIL PROTECTED]>" -BEGIN PGP MESSAGE- Version: GnuPG v1.4.2.2 (GNU/Linux) owGbwMvMwMS4XF34xKrd8tWMp7mSGFwURP6l5edzdZxiYWBkYjBhZQKJ6Io0MACB KAN/QXaibmJKSlFqcbFDel5pQbpeflF6VmKxQ2pFSWleSr5ecn4uAxenAMzQy+bM /4v/zBGfa+XAOvOGXqTUwQde0rPmL9P6KDS/8HLSjbKjN5fM+bfO0StszgfhZK0N R3X5lKuSzsUa1B5fWvKed/HOTZ9rbrUw8ZdwuT9d33bV/8xzcbFLe+y//76ttcg8 v3G1sbjG1kSh62GcnIEmgay1uU4C06ezaT7wbJ1222IN60yGD7w3DwAA =HgpN -END PGP MESSAGE- [EMAIL PROTECTED]:~$ The key details are: [EMAIL PROTECTED]:~$ gpg --edit-key b565716f gpg (GnuPG) 1.4.2.2; Copyright (C) 2005 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Secret key is available. pub 1280R/B565716F created: 2002-05-05 expires: 2006-08-14 usage: CS trust: ultimate validity: ultimate sub 1280R/4D5D40AE created: 2002-05-05 expires: 2006-08-14 usage: E sub 1024R/09CC4670 created: 2006-03-18 expires: 2007-04-22 usage: A sub 1024R/AABB1F7B created: 2006-03-18 expires: 2007-04-22 usage: S sub 1024R/A14C401A created: 2006-03-18 expires: 2007-04-22 usage: E [ultimate] (1). Simon Josefsson <[EMAIL PROTECTED]> [ultimate] (2) Simon Josefsson <[EMAIL PROTECTED]> Command> [EMAIL PROTECTED]:~$ Thanks, Simon ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to sign with non-subkey?
On Tue, Mar 21, 2006 at 04:02:51PM +0100, Simon Josefsson wrote: > I recently created a signing sub-key (on a smartcard, if it matters) > and gpg now use it by default. How do I sign messages using my > non-subkey? I thought -u would do it, but it doesn't seem to work: > > [EMAIL PROTECTED]:~$ echo foo |gpg -a -s -v -u b565716f > gpg: using subkey AABB1F7B instead of primary key B565716F > gpg: writing to stdout Put a ! after the key ID to tell GPG that you want that exact key. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
[Announce] GPA 0.7.3 released
Hello, We are pleased to announce the release of GPA 0.7.3. GPA is a graphical frontend for the GNU Privacy Guard (GnuPG, http://www.gnupg.org). GPA can be used to encrypt, decrypt, and sign files, to verify signatures and to manage the private and public keys. This is a development release. Please be careful when using it on production keys. You can find the release here: http://wald.intevation.org/frs/download.php/151/gpa-0.7.3.tar.bz2 (530k) http://wald.intevation.org/frs/download.php/152/gpa-0.7.3.tar.bz2.sig Or as patch file against the previous release: http://wald.intevation.org/frs/download.php/153/gpa-0.7.2-0.7.3.diff.bz2 (21k) The files are also available on ftp.gnupg.org and its mirrors in the directory gcrypt/alpha/gpa/. The SHA1 checksums for this release are: 829871ad5c4c41e12cc4097af0e02e86c66efcab gpa-0.7.3.tar.bz2 a0bdb9ed9dff4765d23636232b48764e7f67e027 gpa-0.7.2-0.7.3.diff.bz2 Noteworthy changes in version 0.7.3 (2006-03-21) * Minor fixes. No console Windows under W32 anymore. No more garbage in names of new keys. Shalom-Salam, Werner -- Werner Koch <[EMAIL PROTECTED]> The GnuPG Expertshttp://g10code.com Free Software Foundation Europe http://fsfeurope.org Join the Fellowship and protect your Freedom!http://www.fsfe.org pgpCNh6FQOaZd.pgp Description: PGP signature ___ Gnupg-announce mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-announce ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Error: "unusable public key"
Daniel Carrera wrote: > Hello, > > I'm having another problem, again not in the FAQ: > > sql.gz: encryption failed: unusable public key > > This happens when I try to encrypt a file with my public key. > > /path/to/.gnupg/pubring.gpg > > pub 1024D/42713DE9 2006-03-21 Daniel Carrera <[EMAIL PROTECTED]> > sub 2048g/F2EB9C97 2006-03-21 > > > I am trying to encrypt with the following command: > > $ gpg -a --homedir /path/to/.gnupg -r [EMAIL PROTECTED] --batch -o > sql.asc -e sql.gz > > Note: The '-e sql.gz' is for testing. I'll replace this by a pipe later. > > When I run this command from a PHP script I get this error: > > gpg: F2EB9C97: There is no indication that this key really belongs to > the owner > gpg: sql.gz: encryption failed: unusable public key > You haven't specified that the key is trusted in the local trustdb. You'll need to either remote login and: $ gpg --edit 0x42713DE9 Command> trust Please decide how far you trust this user to correctly verify other users' keys (by looking at passports, checking fingerprints from different sources, etc.) 1 = I don't know or won't say 2 = I do NOT trust 3 = I trust marginally 4 = I trust fully 5 = I trust ultimately m = back to the main menu Your decision? 4 or add the option --trust-model always to your gpg exectution command, ie. $ gpg -a --homedir /path/to/.gnupg --trust-model always -r [EMAIL PROTECTED] --batch -o sql.asc -e sql.gz or add trust-model always to your .gnupg/gpg.conf file. HTH, -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 |X Against HTML email & vCards http://tinyurl.com/cc9up| / \ signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
