GnuPG 2.0.12 - Linux-Ubuntu

2009-06-19 Thread Charly Avital 
Compiled from src under Ubuntu 9.04.

$ gpg2 --version
gpg (GnuPG) 2.0.12
libgcrypt 1.4.4
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later

This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128,
CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB

Charly
Ubuntu 9.04_64bits (VMware+MacOSX 10.5.7 - GnuPG 1.4.9 - 2.0.12) 0xA57A8EFA


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Documentations bugs?

2009-06-19 Thread Victor Stinner 
Hi,
Le mercredi 17 juin 2009 13:26:46, Victor Stinner a écrit :
> Extract (1):
> 
> http://www.gnupg.org/documentation/manuals/gcrypt/Controlling-the-library.h
>tml GCRYCTL_USE_SECURE_RNDPOOL; Arguments: none
> This command tells the PRNG to store random numbers in secure memory. This
> command should be run right after gcry_check_version and not later than the
> command GCRYCTL_INIT_SECMEM. Note that in FIPS mode the secure memory is
> always used.
> 
>
> Does it mean that GCRYCTL_USE_SECURE_RNDPOOL can be used before
> GCRYCTL_INIT_SECMEM? Because if I use both, I get this:
>
>Oops, secure memory pool already initialized

I found my error. It was not the usage of GCRYCTL_USE_SECURE_RNDPOOL + 
GCRYCTL_INIT_SECMEM, but that I load gcrypt twice using dlopen(), and that I 
do initialize it twice. But at the second dlopen() call, i just get the same 
reference to the first dlopen() and so the library is already open. I was my 
fault :-p

-- 
Victor Stinner
http://www.haypocalc.com/

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

GnuPG 2 under Windows

2009-06-19 Thread Joel C. Salomon 
Is a build of GnuPG more recent that 1.4.9 available for Windows?

—Joel Salomon



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG 2 under Windows

2009-06-19 Thread John Clizbe 
Joel C. Salomon wrote:
> Is a build of GnuPG more recent that 1.4.9 available for Windows?

Not sure why there would be. 1.4.9 is the latest release of the
1.4-STABLE branch. What is it you're looking for?

Current development snapshots of what will be 1.4.10 may be built for
use on Windows, but it should be noted that this is an advanced activity
for most Windows users.

The officially supported environment is a POSIX-based cross-compile,
though Windows-based Cygwin is possible as well MSYS/MinGW which targets
a native win32 api. This is the same approach as the cross-compile.
Cygwin uses a compatibility layer.

If you intend to build GnuPG for the Win32 platform using MinGW, we
suggest reading the instructions titled " Building GnuPG for Win32 using
MinGW " written by Carlo Luciano Bianco. The binary we distribute has
been built using Debian's mingw32 cross compiler package .
( http://clbianco.altervista.org/gnupg/eng/gnupg.html )
-- 
John P. Clizbe  Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
 mailto:pgp-public-k...@gingerbear.net?subject=help

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG 2 under Windows

2009-06-19 Thread Robert J. Hansen 
Joel C. Salomon wrote:
> Is a build of GnuPG more recent that 1.4.9 available for Windows?

If you look at http://www.gnupg.org, you will discover 1.4.9 is the
latest release in the 1.4 series.  There is no 1.4.10, at least not yet.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Why do people send email with an attached public key?

2009-06-19 Thread Steven W. Orr 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I see that there are some people who send their messages (especially to this
list) with their messages signed via an attached signature. I can't imagine
that this question hasn't been asked before, but is there an advantage to
doing this vs having an inline signature?

BTW, I run a mailinglist which strips all attachments. If I use a signature
attachment, am I further limiting an already limited audience?

TIA

- --
Time flies like the wind. Fruit flies like a banana. Stranger things have  .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAko8FQUACgkQRIVy4fC+NyRPNwCfTw4RIcwpGCU3BKhLbM98sZv/
fTYAniJqtkhQXyOshzwbFU3dO4xQO8qu
=NI2H
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Why do people send email with an attached public key?

2009-06-19 Thread Thomas Bohn 

On Jun 20, 2009, at 12:45 AM, Steven W. Orr wrote:

I see that there are some people who send their messages (especially  
to this

list) with their messages signed via an attached signature.


It is called PGP/MINE. I think the advantage is, that is more clear  
how to recongize a signed or encrypted message without parsing the  
body of the email.


Thomas


PGP.sig
Description: This is a digitally signed message part
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Why do people send email with an attached public key?

2009-06-19 Thread Charly Avital 
Steven W. Orr wrote the following on 6/19/09 6:45 PM:
> I see that there are some people who send their messages (especially to this
> list) with their messages signed via an attached signature. I can't imagine
> that this question hasn't been asked before, but is there an advantage to
> doing this vs having an inline signature?
> 
> BTW, I run a mailinglist which strips all attachments. If I use a signature
> attachment, am I further limiting an already limited audience?
> 
> TIA

The question about detached signatures (PGP/MIME) has been asked before
in this forum, and in many others that deal with crypto.

First, to answer the question in the subject of your message (BTW, it's
better to avoid inserting questions in an e-mail's subject, just state
the subject):

Attaching the sender's public key to an e-mail is not the same as
signing the e-mail with a detached signature (PGP/MIME). Attaching the
sender's key can be a courtesy to spare recipients the task of searching
for the sender's public key.

Some MUAs will offer you the possibility of either signing both the
e-mail and the attached public key in one single "encapsulated" message,
 and that will force PGP/MIME, or to sign the e-mail only, and not the
attached public key.

Other MUAs will automatically force PGP/MIME when the e-mail has an
attachment.



As to the pro and cons, I'll refer you to David Shaw's post to this list:
.

There are surely many other posts on the same topic.

Not all MUAs are PGP/MIME compliant.

If your mailing list strips all attachments, that's an additional problem.

Have a fine week end.
Charly



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users