gpgsm data structure

2009-04-30 Thread rookie01 
Hi,

I’m not good in C and algorithms, so I have a question.

A recipient cannot decrypt my gpgsm signed and encrypted data. He sent me some 
data he can decrypt. It looks like this:

  121:d=5  hl=2 l=  13 cons: SEQUENCE  
  123:d=6  hl=2 l=   9 prim: OBJECT:rsaEncryption
  134:d=6  hl=2 l=   0 prim: NULL  
  136:d=5  hl=4 l= 256 prim: OCTET STRING  [HEX 
DUMP]:47E37BFB771546DC3A8732EDE391E2F5241F1CA30..
  396:d=3  hl=5 l=412998 cons: SEQUENCE  
  401:d=4  hl=2 l=   9 prim: OBJECT:pkcs7-data
  412:d=4  hl=2 l=  20 cons: SEQUENCE  
  414:d=5  hl=2 l=   8 prim: OBJECT:des-ede3-cbc
  424:d=5  hl=2 l=   8 prim: OCTET STRING  [HEX DUMP]:A5A8A903C2569A48
  434:d=4  hl=5 l=412960 prim: cont [ 0 ]A3 76 AD C6 7C FF 55 2A 51 B0 EF 
3F 66 32 26 F7    

My gpgsm data looks like this:

  114:d=6  hl=2 l=   9 prim: OBJECT:rsaEncryption
  125:d=5  hl=4 l= 256 prim: OCTET STRING  [HEX 
DUMP]:4EF9C8BAF21E4C11CD867D30D68C67DB465 …
  385:d=3  hl=2 l=inf  cons: SEQUENCE  
  387:d=4  hl=2 l=   9 prim: OBJECT:pkcs7-data
  398:d=4  hl=2 l=  20 cons: SEQUENCE  
  400:d=5  hl=2 l=   8 prim: OBJECT:des-ede3-cbc
  410:d=5  hl=2 l=   8 prim: OCTET STRING  [HEX DUMP]:B5169BAC652FBBDC
  420:d=4  hl=2 l=inf  cons: cont [ 0 ]
  422:d=5  hl=4 l=4000 prim: OCTET STRING  [HEX 
DUMP]:622551D24221160CFB04821BE62FD681……..
4426:d=5  hl=4 l=4000 prim: OCTET STRING  [HEX DUMP]:B7C8DCCF89……. 

The differences I see here:
1.  There is an extra NULL Object below “OBJECT:rsaEncryption”
2.  The “encryptedcontent” looks like one big block  “412960” while there 
are 4kB blocks “4000” in the gpgsm-Data. 

He also told me he can decrypt data that has 1kB blocks (haven't seen such 
stuff), so I checked the gnupg and libgcrypt source-packages to find out where 
and why. But as I said I’m not fit in C ….

So here’s my question: Why is the gpgsm data in 4kB blocks and is there a 
“easy” way to change this blocksize.

Thanks -- Siegfried



Arcor.de Gaming Area - kostenfrei daddeln bis der Arzt kommt!
Jetzt checken und aus über 80 Spielen wählen!
http://www.arcor.de/footer-gaming/

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Subkeys...

2009-04-30 Thread felipe alvarez 
Somewhat humourously, my public key is now up on all the public key servers! 
I guess I'll have to live with all that spam .. .. ..


felipe

(can't sign this msg - Outlook express sucks, i use Kmail regularly, and 
don't want to bother customising my windows and "getting used to it." bad 
idea, no TB for me thanks)
- Original Message - 
From: "Faramir" 

To: "Felipe Alvarez" 
Sent: Thursday, April 30, 2009 10:47 AM
Subject: Re: Subkeys...



-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Felipe Alvarez escribió:


Sorry about that. My comment below should contain the URL for the
key. I
still new to this, and weary about uploading my public key on
keyservers.


 I didn't notticed the comment the last time, but now, somehow, your
key was imported magically...



the whole thing up. That's why I just host my pub key at my site.


 You can host it on BigLumber too, it would act the same as your site,
but would allow you to be searched easily.


AND this discussion of reliable and fast key servers has got me
nervous
again.


 I just use pool.sks-keyservers.net and forget problems... I have never
been contacted to a keyserver being "down".

 Best Regards
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJJ+PUkAAoJEMV4f6PvczxAf08IAJcYbwvaxdPmuI7C7YluwbAp
H4teETVaZE5VtWfli0LpTjmGScAtDHJjlNcFxP5J20AjYXQIcOsc12PXgSuo12lg
0LYXa+GaYEVd5NWJcddX8JWpZU2YIVgz2nzg8uvKxe8BKlvu3as+rAKq4U3n1ztz
mKShALjX9WiXRoQ8nB7tQkoSVtvL9EABwWs5zoM5U2gzGkGcjBwGE/3J/fzxMjN8
IdNHtlR+5/OBv24y+2a4akp9/ntrFyPBzFy5ml58WLJ1WKDzZaqqRjygZx1JHRgq
p5/Lu4xZw4OBr1B04WlJ9OJ4sh8CSVCR1H4iet1aItLelTnxFu1xvI4uy40+c5E=
=a1TN
-END PGP SIGNATURE-




___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: compatible? GnuPG & PGP 6.5.8

2009-04-30 Thread vedaal 
>Rasta Surfer wrote:

>> Is it possible to export a key from GNUPG 1.4.[7,9] and import 
>it into  PGP 6.5.8?

>>> i know pgp 6.5.8 is older than the hills, i still imagine there 

>is a work around for some type of incompatibility.

it's possible,
but 'tedious' ;-)
[1] use the gnupg option of  --pgp6
(and, if you must continue using 6.5.8 until you can upgrade to 
something newer,
please ask gnupg users you correspond with, to also use the option 
of --pgp6 )

[2] now the 'tedious' part,
if you want to export both the secret and public keys,
then you have to remove the passphrase from the gnupg secret keys,
as the gnupg default secret key protection is newer than 6.5.8 and 
6.5.8
can't recognize it

you can then set the passphrase in 6.5.8 for that keyring,
and then set them back in gnupg for the gnupg keys

btw,
even though pgp6.5.8 is quite ancient,
it can still do some very surprising things ;-)

if you want to play around with your gnupg keys in 6.5.8
and see how 'compatible' they are or aren't

you don't have to import them at all

you can just set your pgp options (temporarily)
to point to your gnupg keyrings, and 6.5.8 will recognize them

[in the PGP tray, right click on 'Options', then on 'Files', then 
on 'browse' to find the locations of your pubring.gpg for the 
Public Keyring File, and secring.gpg for your Private Keyring File, 
then click OK]

you can now sign, encrypt, verify, etc. with almost any gnupg key
(just don't try to 'edit' a key, or generate a new one ;-) ) 

and you can compare the error messages you get when trying to 
decrypt with a gnupg key that you haven't removed the passphrase 
from, 
and a key where you have removed the passphrase


>Most people in the OpenPGP community will strongly advise you 
>against using PGP 6.5.8, for very good reasons.


there are 'too many' little incompatibility 'workarounds'
that you might need to do, if you continue using 6.5.8  ;-((


vedaal

any ads or links below this message are added by hushmail without 
my endorsement or awareness of the nature of the link

--
Become a medical transcriptionist at home, at your own pace.
 
http://tagline.hushmail.com/fc/BLSrjkqfMmdaLt9OaJBCVUpgAZOH5pwNO5xWXWvSFhVLmXj1phfCEJNnOV6/


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Subkeys...

2009-04-30 Thread Faramir 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

felipe alvarez escribió:
> Somewhat humourously, my public key is now up on all the public key
> servers! I guess I'll have to live with all that spam .. .. ..

  Well, it was predictable soon or later somebody was going to upload it
without your consent, maybe by mistake. But don't worry too much, the
amount of spam received due to keys in keyservers seems a lot smaller
than the normal amount of spam... at least I don't notice the difference
between account with keys, and accounts without keys...

  Best Regards
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJJ+eCiAAoJEMV4f6PvczxAp2IH/jIAPGsfIuqnYU3IhRMQgZvU
motHuRCN9l6a9TRkU9JYIoNWmWFZvZuRCq/oTIlEAgMfVQZwniyAlqiPRMwhfhUx
1szTl6gyic1ZXUuU4/pswtQiuRLc0aTVogZsqHwx1hUXgYyggzw07l+Kz601lR3m
HqVT8NiYIFUrVTBo7CpcIG6Bgoc/mnO7R/BqO73LLfcyqoOpOj+PaLig9qhIooQ1
AE4C9gHbpmwurl0Sx822tXN8CVGJV3GgFB5EBv7JQUtS1Z9rOtviIXJF32Qen3d2
aeZQrcgBui5vhTNqGvFMM9MemAQbB49x1eQYN9TeBX9r02/OcRoCvjSqCpl3tuA=
=/8z4
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Selecting cipher to generate a key pair

2009-04-30 Thread Smith, Cathy 
Is it possible to select a specific cipher, such as Triple-DES or
Blowfish, to use to generate a key pair?

I've read email posted in the archives, and FAQ that indicates this is
possible.  I don't see an option to do that just running
pgp --gen-key

Thanks.


Cathy

---
Cathy L. Smith
Engineer

Pacific Northwest National Laboratory
Operated by Battelle for the
U.S. Department of Energy

Phone:  509.375.2687
Fax:  509.375.2330
Email:  cathy.sm...@pnl.gov


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

re: Selecting cipher to generate a key pair

2009-04-30 Thread vedaal 
>Is it possible to select a specific cipher, such as >Triple-DES or 
Blowfish, to use to generate a key pair?

if, by selection, you mean to choose that cipher as the one 
protecting your secret key, then yes

use the following options:

--expert
--s2k-cipher-algo name
(either Blowfish or 3DES, or any other one you wish)

n.b.

[1] a key generated this way will still be able to use any cipher 
while decrypting or encrypting a pgp message

[2] do not add '--s2k-cipher-algo name' to your gpg.conf,
unless you want all symmetric messages (not encrypted to a Public 
Key) to be the same as the cipher of your secret key


vedaal

any ads or links below this message are added by hushmail without 
my endorsement or awareness of the nature of the link

--
Save big on Stock Trading Fees. Click Now!
 
http://tagline.hushmail.com/fc/BLSrjkqa2gbQZjvQvfwfqPj2p6No8bU1TUERhp1RsUquoWLdpYh4lrVcPGA/


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

New results against SHA-1

2009-04-30 Thread David Shaw 

http://eurocrypt2009rump.cr.yp.to/837a0a8086fa6ca714249409ddfae43d.pdf

There is not much hard information yet, but the two big quotes are  
"SHA-1 collisions now 2^52" and "Practical collisions are within  
resources of a well funded organisation."


David


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Selecting cipher to generate a key pair

2009-04-30 Thread Allen Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

ved...@hush.com wrote:
> (either Blowfish or 3DES, or any other one you wish)

What's the default to encrypting/hashing the secret key? And how good is it?

Allen
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkn6Z7kACgkQV5r3Eu55xjanrACfVimubOHp5KgXJGEg1elOoTml
jisAn1OYTpLp8Dz9V6Ld/ppp9gL4OpXS
=o0AU
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Selecting cipher to generate a key pair

2009-04-30 Thread Robert J. Hansen 
Allen Schultz wrote:
> What's the default to encrypting/hashing the secret key? And how good is it?

CAST5-128.

It's hard to talk about how good it is.  Cryptography is an intensively
mathematical discipline, and most people are not very well-equipped to
discuss those details.

Ultimately, it would be like arguing whether King Kong or Godzilla is
better at urban destruction.  Biologists can argue until the cows come
home which one would be better and why, but from the perspective of your
average inhabitant of Tokyo or New York City the answer is, "Who cares?
 Get out of town _right now_!"

>From the perspective of the overwhelming majority of OpenPGP users,
CAST5-128 does the job just fine.  The only instances I'm aware of in
which CAST5-128 doesn't do the job well are ones where bureaucratic
rules require specific algorithms, and CAST5-128 isn't on that
checklist.  That's a bureaucratic failing, though, not a failing of
CAST5-128.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users