Re: 2.1.2: keyserver route failure

[Werner Koch]

On Wed, 18 Feb 2015 06:24, r...@sixdemonbag.org said:

> I don't have IPv6 routing, period.  This raises the question of why
> GnuPG is trying to reach an IPv6 address at all.

Because the resolver tells that there is an  record.  It seems that
we need to figure out at runtime whether v6 is actually working.  Any
hints on how to do that?


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Compiled binaries execute but exit with "Abort"

[Werner Koch]

On Wed, 18 Feb 2015 14:18, er...@askerrol.org said:

> #0  0xfedc28a4 in abort () from /lib/libc.so.1
> #1  0xff15367c in get_lock_object (lockhd=0xff16e3b0) at posix-lock.c:111

That is an assert() checking that the used library matches the one used
for building.  This is all in libgpg-error - please build libgpg-error
and check that "make check" works.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Please remove MacGPG from gnupg.org due to serious security concerns

[Werner Koch]

On Wed, 18 Feb 2015 11:54, js-gnupg-us...@webkeks.org said:

> While this is much better from a security point of view, it still means that 
> building needs an internet connection. It would be nice to be able to build 
> it on an air-gapped machine, which I guess is quite a common use case for 
> GnuPG.
>
> To be fair, though, I never noticed that until you mentioned it :).

The speedo.mk Makefile is optional.  And of course it is possible to run
that offline (make -f speedo.mk native CUSTOM_SWDB=1) - I like to work
while on a train.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Please remove MacGPG from gnupg.org due to serious security concerns

[Werner Koch]

On Wed, 18 Feb 2015 12:05, js-gnupg-us...@webkeks.org said:

> I suppose it might be a good idea to have a Qt GUI. That looks native

Although Kleopatra is a KDE application there is not much of KDE in it
and, iirc, Andre once suggested to turn it into a plain Qt application.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Please remove MacGPG from gnupg.org due to serious security concerns

[Werner Koch]

On Wed, 18 Feb 2015 12:21, js-gnupg-us...@webkeks.org said:

> And even worse: Why did you decide to hide what is going on by
> prefixing it with a @? This really feels like you are trying to deceit

I also do this often to avoid cluttering the screen.  No need to assume
a backdoor.  It is for a Mac and Mac users want a clean tty ;-)


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Please remove MacGPG from gnupg.org due to serious security concerns

[Werner Koch]

On Wed, 18 Feb 2015 11:52, js-gnupg-us...@webkeks.org said:

> I do verify the fingerprint, and they are quite easy to find actually:
>
> https://help.github.com/articles/what-are-github-s-ssh-key-fingerprints/
>
> First Google match for "GitHub SSH fingerprint".

Using a search engine to find important information is not very user
friendly.  The host keys should be linked from the root page.  But in
this regard this is not different than any root CA - most make it really
hard to find the fingerprint and the support lines sometimes don't even
known why one what to check this.

> Makefile / PKGBUILD / however it is called that is then verified. So I
> guess you can't easily map that to "Only x% of users check the
> downloaded tarball". I guess it's a lot more, it's just not all check
> it using the .sig.

Sure I can.  If there are 1000 downloads of the tarball and only 100 of
the corresponding sig it should be pretty clear that 90% of those who
download not even pretend to check the signature.

> git commit -S 
>
> You can just create an alias for that, I for example use git ci.

I know that but I would like to have a different key for tag and commit.
Requiring an option is just too cumbersome.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

[Announce] GnuPG 2.0.27 "stable" released

[Werner Koch]

Hello!

We are pleased to announce the availability of a new stable GnuPG-2
release: Version 2.0.27.  This is a maintenance release which fixes a
couple of bugs.  Update to this version is suggested.

The GNU Privacy Guard (GnuPG) is a complete and free implementation of
the OpenPGP standard as defined by RFC-4880 and better known as PGP.

GnuPG, also known as GPG, allows to encrypt and sign data and
communication, features a versatile key management system as well as
access modules for public key directories.  GnuPG itself is a command
line tool with features for easy integration with other applications.
A wealth of frontend applications and libraries making use of GnuPG
are available.  Since version 2 GnuPG provides support for S/MIME and
Secure Shell in addition to OpenPGP.

GnuPG is Free Software (meaning that it respects your freedom). It can
be freely used, modified and distributed under the terms of the GNU
General Public License.

Three different versions of GnuPG are actively maintained:

- GnuPG "modern" (2.1) is the latest development with a lot of new
  features.  

- GnuPG "stable" (2.0) - which this is about - is the current stable
  version for general use.  This is what most users are currently using.

- GnuPG "classic" (1.4) is the old standalone version which is most
  suitable for older or embedded platforms.

You may not install "modern" (2.1) and "stable" (2.0) at the same
time.  However, it is possible to install "classic" (1.4) along with
any of the other versions.


What's New in 2.0.27


 * gpg: Detect faulty use of --verify on detached signatures.

 * gpg: New import option "keep-ownertrust".

 * gpg: Uses SHA-256 for all signature types also on RSA keys.

 * gpg: Added support for algo names when generating keys using the
   --command-fd method.

 * gpg: Unless --allow-weak-digest-algos is used the insecure MD5
   based fingerprints are shown as all zeroe

 * gpg: Fixed DoS based on bogus and overlong key packets.

 * gpg: Better error reporting for keyserver problems.

 * Fixed several bugs related to bogus keyrings and improved some
   other code.


Getting the Software


Please follow the instructions found at https://gnupg.org/download/
or read on:

GnuPG 2.0.27 may be downloaded from one of the GnuPG mirror sites or
direct from ftp://ftp.gnupg.org/gcrypt/gnupg/ .  The list of mirrors can
be found at https://gnupg.org/mirrors.html .  Note that GnuPG is not
available at ftp.gnu.org.

On ftp.gnupg.org and on its mirrors you should find the following new
files in the gnupg/ directory:

  - The GnuPG source code compressed using BZIP2 and its OpenPGP
signature:

gnupg-2.0.27.tar.bz2 (4321k)
gnupg-2.0.27.tar.bz2.sig

Note, that we don't distribute gzip compressed tarballs for GnuPG-2.
A Windows version will eventually be released at https://gpg4win.org .

If you are new to GnuPG please consider to use the "modern" version
2.1.2.


Checking the Integrity
==

In order to check that the version of GnuPG which you are going to
install is an original and unmodified one, you can do it in one of
the following ways:

 * If you already have a version of GnuPG installed, you can simply
   verify the supplied signature.  For example to verify the signature
   of the file gnupg-2.0.27.tar.bz2 you would use this command:

 gpg --verify gnupg-2.0.27.tar.bz2.sig gnupg-2.0.27.tar.bz2

   This checks whether the signature file matches the source file.
   You should see a message indicating that the signature is good and
   made by one or more of the release signing keys.  Make sure that
   this is a valid key, either by matching the shown fingerprint
   against a trustworthy list of valid release signing keys or by
   checking that the key has been signed by trustworthy other keys.
   See below for information on the signing keys.

 * If you are not able to use an existing version of GnuPG, you have
   to verify the SHA-1 checksum.  On Unix systems the command to do
   this is either "sha1sum" or "shasum".  Assuming you downloaded the
   file gnupg-2.1.1.tar.bz2, you would run the command like this:

 sha1sum gnupg-2.0.27.tar.bz2

   and check that the output matches the next line:

d065be185f5bac8ea07b210ab7756e79b83b63d4  gnupg-2.0.27.tar.bz2


Release Signing Keys


To guarantee that a downloaded GnuPG version has not been tampered by
malicious entities we provide signature files for all tarballs and
binary versions.  The keys are also signed by the long term keys of
their respective owners.  Current releases are signed by one or more
of these four keys:

  2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31]
  Key fingerprint = D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6
  Werner Koch (dist sig)

  rsa2048/E0856959 2014-10-29 [expires: 2019-12-31]
  Key fingerprint = 46CC 7308 65B

Re: [Announce] GnuPG 2.1.2 released

[Werner Koch]

On Mon, 16 Feb 2015 11:03, bernh...@intevation.de said:

> * What the items in section "What's New in GnuPG-2.1" actually meant,

I should have read "What's New in GnuPG 2.1.2", sorry.

> * "This version fixes a lot of bugs found after the release of 2.1.0"
>   which probably should have been "2.1.1". 

Actually I meant 2.1.0 as the first release of the 2.1 branch.  Might be
a bit unclear, indeed.

> Overall I believe the announcement as too much text that stays the same
> for each release. It would benefit from being focussed on the key differences

That is how I expect an announcement.

> ps.: Congrats on the taz article (in German) I've added the link to the wiki.

[I don't understand why the all pretend that I am working in a cellar.  I
 even have to walk another 12 steps down to the garden.]


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: 2.1.2: keyserver route failure

[Werner Koch]

On Wed, 18 Feb 2015 12:59, joh...@vulcan.xs4all.nl said:

> The most easy solution in such cases is to try IPv4 first, if that
> doesn't work or is unavailable, try IPv6 if available.

That server has no v4 address.  For obvious reasons we use the standard
version first and only then fallback to a legacy IP version .-).

> Non-working or misconfigured IPv6 setups are rather common, probably

The problem is more that the all machines now have v6 enabled but no
address configured.  It is a bug in GnuPG's server selection code not to
check whether a real v6 interface is up.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Talking about Cryptodevices... which one?

[Werner Koch]

On Sat, 24 Jan 2015 05:05, gni...@fsij.org said:

>   DINSIG (DIN V 66291-1) card
>   German Geldkarte
>   Telesec NKS card
>   pkcs#15 card
>   SmartCard-HSM card
>
> ... but I think that most are outdated, except the last one.

DINSIG is still German standard (actually a pre-standard) but I doubt
that you can find any card.  Vendors have all moved to their own
standard.  The Geldkarte ("Money-card") is a gadget which only allows
you to check the amount of money left on the card.  The telesec card
still works, although I don't known about the availability.  p15 cards
also work as long as they fully comply to the pkcs#15 standard (only few
do).

> And when you use those devices, you should know that each application
> has tendency to grab smartcard/token access exclusively.  At least,

Which makes the use of the card much faster.  The PC/SC system is broken
so that even Microsoft replaced it by a system similar to scdaemon
(minidrivers).  But don't let me start to rant about it again.

> I don't use X.509 much.  I think that it's easily possible for us to

Neither me.  That has all been done as part of a contract; now with the
secured funding it would be possible to revive the X.509 support - iff
there is a need for it.

> OpenPGPcard (and its compatible) usually doesn't have any public keys
> of higher layer, because of its limited storage.

... and because of the I/O speed - it would take long to read out keys
with many key signatures.  Those who need to use the German eHealth card
know what I mean by slow.

> purpose MCU.  In my theory, using general purpose small MCU would be
> superior to avoid malicious/fake hardware features by semiconductor
> vendor.  If it's very expensive hardware, specific for "crypto", there

I agree.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Please remove MacGPG from gnupg.org due to serious security concerns

[Werner Koch]

On Wed, 18 Feb 2015 20:24, d...@fifthhorseman.net said:

>> as did a few other maintainers. However there was not only not a 
>> consensus to do this more generally, there was active opposition to 
>> doing it at all.
>
> that's a bummer :( 

I guess that is a GPL issue.  They don't want any GPLed stuff for the
core.  However, there are other implementations and in particular a
signature verification tool is pretty simple.  It might even make sense
to write one stripped down for the Ed25519 signature verification.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: 2.1.2: keyserver route failure

[Werner Koch]

On Wed, 18 Feb 2015 20:13, d...@fifthhorseman.net said:

> Reasonable IPv6 stacks should return an ENETUNREACH (Network is
> unreachable) error message when trying to connect() to an address for
> which there is no route, which should already cause dirmngr to failover

The error handler after a connect does this:

  switch (gpg_err_code (err))
{
case GPG_ERR_ECONNREFUSED:
case GPG_ERR_ENETUNREACH:
case GPG_ERR_UNKNOWN_HOST:
case GPG_ERR_NETWORK:
  if (mark_host_dead (request) && *tries_left)
retry = 1;
  break;
 
By setting RETRY the connect will be retried after selecting another
random host.  However tehre is a retry limit of 3.  Thus if we happen to
select 3 v6 hosts the keyserver action will fail but the next time it
should work.

Need to replicate the problem and check that we really receive the right
error code.

> Should gnupg also try to detect whether the IPv4 networking
> configuration is actually correct?  That seems like an operating system

Better error reporting would be useful, though.

> level task.  I certainly don't want all of my client software to always
> try to second-guess my netwoking stack, that sounds like a recipe for

dirmngr is a bit special in that it does its own host selection from the
DNS pool instead of leaving it to the usual round-robin scheme.  We want
that to recover from host failures without waiting for the resolver
cache to expire.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GNUPG 2.* and AIX - questions

[Werner Koch]

On Sun, 15 Feb 2015 12:16, aixto...@gmail.com said:

> I took the hint and tried to package gnu/nth but make fails - immediately -
> with this message.

You might find something about this in bugs.gnupg.org.  I have not tried
gnupg 2.0.x on AIX for many years thus it is quite possible that you run
into problems, possible due to newer AIX versions.

However, GnuPG 2.1 builds and works fine on AIX.  I even test it from
time to time.  Thus instead of settling on 2.0 you may want to jump
directly jump from 1.4 to 2.1.  2.0 will be maintained for some times
but probably not more than two years from now.

> p.s. please forgive the cross post to @devel - not sure which is the best
> list for this question.

Both make sense ;-)


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Help need to use truecryt + openpgp applet.

[Werner Koch]

On Thu, 19 Feb 2015 18:22, o...@mirix.org said:

> Your Java Card does probably not support PKCS #11. An applet on the card
> might implement it. To make it work, you need a PKCS #11 middleware and

PKCS#11 is an API between two applications.  It is not directly related
to smartcards.  However, it is very common that the smart card driver
software (on the host) provides an PKCS#11 interface towards
applications.  (Scute can be considered a smartcard card driver
software.)

PKCS#15 is a standard which some cards implement and what OpenPSC is
mostly about.  PKCS#15 is for cards what FHS (Filesystem Hierarchy
Standard) is for Linux.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Please remove MacGPG from gnupg.org due to serious security concerns

[Werner Koch]

On Thu, 19 Feb 2015 18:15, js-gnupg-us...@webkeks.org said:

> I don't really see how that is cumbersome if you have an alias for tag
> and for commit that each specify the key you want?

Because it is too easy to forget about it.  And I would need to teag
Magit.  I started to use a new key for commits.  Let's hope that I don't
forget to tag the releases with the other key.

> As an aside, what's the reason for not signing the commits with the
> key on the card? I sign all my commits with the key stored on my

Because I have to enter the PIN everytime (right, I do this on purpose),
the RSA signatures a long, and I do not keep my signing key card
inserted all the time.  In fact I have to walk out of the office to pick
it up.

Using a on-disk for commits is okay because it only serves the purpose
to assert that the commit was done on one of my machines.  If that
machine has been compromised all kind of things can be manipulated and
thus it does the extra protection a smartcard gives is not useful.


Shalom-Salam,

   Werner


ps. Here is the key I started to use for commits.

pub   ed25519/E3FDFF218E45B72B 2015-02-18 [expires: 2025-02-15]
  Key fingerprint = C1D3 4B69 219E 4AEE C0BA  1C21 E3FD FF21 8E45 B72B
uid   [ unknown] Werner Koch (wheatstone commit signing)


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpAGiQ_oUbEz.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Please remove MacGPG from gnupg.org due to serious security concerns

[Werner Koch]

On Thu, 19 Feb 2015 18:16, js-gnupg-us...@webkeks.org said:

> I also like @ to hide useless output, but is downloading *and
> executing* from a remote location really something you should hide?
> Especially if everything else isn't hidden?

Okay, someone please write a noscript extension for the loader ;-)


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Compiled binaries execute but exit with "Abort"

[Werner Koch]

On Thu, 19 Feb 2015 12:01, er...@askerrol.org said:
> Thanks. Now to figure out why make check fails but make works without
> error. Are there dependencies besides pth for libgpg-error?

Are you using a recent Pth version?  I recall that older Pth versions
had problems when used by programs which also make use of pthreads.
That was actually the reasons for the pcsc-wrapper used by scdaemon.

My tests indicated that there was no more problem - on Linux.  However,
this might be because glibc implements mutex directly and not in
libpthread.  Thus we may have the same conflict as we had with older
glibc versions.

A solution for you might be to go back to libgpg-error 1.12 which has no
mutexes and thus no need for pthreads.

I doubt that we can do a real fix for that.  I dropped Pth support for a
reason ;-).  The only thing I can image is an environment variable
forcing libgpg-error to entire disable the mutex support.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Help need to use truecryt + openpgp applet.

[Werner Koch]

On Fri, 20 Feb 2015 06:32, ranjin...@tyfone.com said:
> Yes i used Scute. No success with it. I better ask OpenSC mailing list with
> the help asking for the support for handle data objects even if the card
> could store them..

You may want to checkout https://gnupg.org/service.html to find help for
fixing/adjusting Scute.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Please remove MacGPG from gnupg.org due to serious security concerns

[Werner Koch]

On Thu, 19 Feb 2015 20:29, js-gnupg-us...@webkeks.org said:

> Btw, does this mean that basically Ed25519 keys are stable enough now and 
> won't change anymore?

I everything goes wrong, gpg will continue to support them if they don't
make it into an RFC.


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Help need to use truecryt + openpgp applet.

[Werner Koch]

On Sat, 21 Feb 2015 08:48, ndk.cla...@gmail.com said:

> since there's no on-card crypto involved. Just store the secret in an
> SMS, with the "sender" set to the ID of the protected storage :)

Or use a plain USB stick.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Please remove MacGPG from gnupg.org due to serious security concerns

[Werner Koch]

On Fri, 20 Feb 2015 10:36, luk...@dressyvagabonds.com said:

> In order to work around the hang, we’re running this call in a separate 
> thread now, and if it doesn’t return within a few seconds (5 at the moment), 
> it sends a timeout to the scdaemon.

Why not using a simple alarm() based watchdog and termintate pcsc-wrapper
in this case?  We do the same in the keyserver helpers.

If would also be possible to do tomeout in the read call of apdu.c but
that adds complexity at the wrong place.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Surprising command line options handling

[Werner Koch]

On Tue, 24 Feb 2015 00:59, dani...@grinta.net said:

> However, the ordering is not really enforced: this

Right.  Options and commands are actuallay interchangeable but that is
an undocumented features.  In fact the only difference between a command
and an option is that tehre may only be one command but many options.
And the error message for a command is slightly different.

> I find it surprising that unrecognized tokens are simply ignored.
> Wouldn't it be preferable to error out, at least on unrecognized options?

GnuPG does not follow the common GNU model of interchangeable options
and args.  It is modeled like a classic Unix tool.  Using the special
option '--' indicates that everything what follows are args and using
this is suggested to avoid args beeing interpreted as options.

No, we can't error out on an arg which looks like an option because that
may actually be a valid argument.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GNU-divert-to-card S2K format

[Werner Koch]

On Tue, 24 Feb 2015 15:55, leonard.dal...@taztag.com said:

> I have tried to find a description of this S2K format, but I haven't
> found one. Does anyone know where I can find a description of this
> "experimental" S2K ?

doc/DETAILS shows this

* GNU extensions to the S2K algorithm

  S2K mode 101 is used to identify these extensions.
  After the hash algorithm the 3 bytes "GNU" are used to make
  clear that these are extensions for GNU, the next bytes gives the
  GNU protection mode - 1000.  Defined modes are:
  - 1001 :: Do not store the secret part at all.
  - 1002 :: A stub to access smartcards (not used in 1.2.x)

for everything else you need to look at the code (parse-packet.c)


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GNU-divert-to-card S2K format

[Werner Koch]

On Wed, 25 Feb 2015 10:49, pe...@digitalbrains.com said:

> something. It should be:
>
> S2K specifier 110

Well, it is 101.  I just updated doc/DETAILS>  It now reads:

* GNU extensions to the S2K algorithm

  1 octet  - S2K Usage: either 254 or 255.
  1 octet  - S2K Cipher Algo: 0
  1 octet  - S2K Specifier: 101
  3 octets - "GNU"
  1 octet  - GNU S2K Extension Number.

  If such a GNU extension is used neither an IV nor any kind of
  checksum is used.  The defined GNU S2K Extension Numbers are:

  - 1 :: Do not store the secret part at all.  No specific data
 follows.

  - 2 :: A stub to access smartcards.  This data follows:
 - One octet with the length of the following serial number.
 - The serial number. Regardless of what the length octet
   indicates no more than 16 octets are stored.

  Note that gpg stores the GNU S2K Extension Number internally as an
  S2K Specifier with an offset of 1000.



Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Thoughts on GnuPG and automation

[Werner Koch]

On Thu, 26 Feb 2015 15:57, b...@pagekite.net said:

> As it's rather long, I won't paste the whole thing in here, but I do

Please give me a few days to comment on this.  I have some urgent tasks
right now.  But as a first hint: automation has never been second class
citizen and has been build into gpg more or less right from the
beginning (0.2.12, spring 1998).

I know of one university in Germany which runs its webmail system using
GnuPG 2 and with pinentry.  This was actually the reasons to add the
PINENTRY_USER_DATA kludge.

Back to release work.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Can't Encrypt in Freebsd 10.1

[Werner Koch]

On Wed, 25 Feb 2015 14:07, michard.anto...@gmail.com said:

> #gpg -r 6349E5E0 -e test.txt
> Abort

You should run it under a gdb to see the reason for the abort.  This
should not happen.

  $ gdb gpg
  gdb> run -r 6349E5E0 -e test.txt
[...]
  gdb> bt



Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Can't Encrypt in Freebsd 10.1

[Werner Koch]

On Fri, 27 Feb 2015 12:34, michard.anto...@gmail.com said:

> #2  0x000801918130 in __stack_chk_fail () from /lib/libc.so.7
> #3  0x000801179e43 in _gcry_cast5_amd64_cfb_dec () from

I would try to build libgcrypt 1.6.3, which I just released, and check
if that problem still exists.  There used to be a problem when using an
older as(1).  If that still does not work, rebuild libgcrypt with the
configure options --disable-asm and test again.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Werner Koch]

On Fri, 27 Feb 2015 13:23, gnupg...@seichter.de said:

> have some valid points; the latest articles are by no means mindless
> rants or PGP-bashing. The thought of letting PGP die as an e-mail

The article has two problems:

 - It compares an offline system (mail) with online systems (chat
   systems).  You can't compare them unless you also change the headline
   to "Let mail die!".

 - It claims that the protocol is responsible for the problem instead of
   pin-pointing that the mail providers do not take up on it.

Back in the good all days where everyone ran their own MTA and had full
control over their DNS zones, fixing the problems would have been very
easy.  Today virtually everyone uses a large mail provider and thus has
no more control over the own mail address including the zone.

Given this, it is important to convince the mail providers to support
their users doing end-to-end encryption.  It would really be simple.  I
am not calling for a high-end security solution; just for a simple way
to get authoritative information on the key associated with the mail
address.  A few scripts and an optional entry field in the user's mail
account management is all what is required.  With that in place we can
easily fine tune the long existing mechanisms in gpg for key retrieval
and then Jürgen Schmidt would not anymore get mails accidentally
encrypted so someone else.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Werner Koch]

On Fri, 27 Feb 2015 19:37, marcozehe...@mailbox.org said:

> And here’s the other problem the main article in c’t mentions: Those
> keys, although faked, were certified. They were certified by equally
> faked keys which resemble keys that are quite well-known. So unless

Nope.  According to the questions the author sent me prior to publishing
this article, he only looked at listing presented by the keyserver and
concluded that if the web pages tells self-signature the user id must be
valid (e.g. that second user id on the c't PGP CA).  Now we all know
that keyservers don't do crypto.  As soon as you import that key the
user ids with the faked self-signature are simply ignored and a listing
by gpg won't show them.

To avoid that in the future, the signature listing from the keyservers
may add a note about this.


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Werner Koch]

On Fri, 27 Feb 2015 17:26, patr...@enigmail.net said:

> that anyone can upload _every_ key to a keyserver is an issue. If
> keyservers would do some sort of verification (e.g. confirmation of
> the email addresses) then this would lead to much more reliable data.

We have such a system. It is called S/MIME.

Ever tried to find an S/MIME (X.509) key (aka certificate) for an
arbitrary mail address?  The only working solution to get such a key is
by sending a mail and asking for the key.  You can do the very same with
PGP of course.  Keyservers along with visting cards are much nicer.

So, why is there no public service to distribute X.509 keys?  Because
nobody want to be legally responsible for such a key unless you push a
stack of money over the table for a qualified signature certificate.

BTW, even the DFN PGP keyserver (blackhole.pca.dfn.de) had to be shut
down for similar legal reasons.  However, it is not a problem, we can
use other keyservers.

> believe that this would make keyservers more trustworthy than today.

There is no trust in keyservers by design.  As soon as you start
changing this you are turning PGP into a centralized system.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

[Announce] GnuPG 1.4.19 released (with SCA fix)

[Werner Koch]

e
   file gnupg-1.4.19.tar.bz2, you would run the command like this:

 sha1sum gnupg-1.4.19.tar.bz2

   and check that the output matches the first line from the
   following list:

5503f7faa0a0e84450838706a67621546241ca50  gnupg-1.4.19.tar.bz2
d0cf40cc42ce057d7d747908ec21a973a423a508  gnupg-1.4.19.tar.gz
dc03ae4e4c3e8fe0583b37dd6c3124f94246d2f8  gnupg-w32cli-1.4.19.exe


Release Signing Keys


To guarantee that a downloaded GnuPG version has not been tampered by
malicious entities we provide signature files for all tarballs and
binary versions.  The keys are also signed by the long term keys of
their respective owners.  Current releases are signed by one or more
of these four keys:

  2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31]
  Key fingerprint = D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6
  Werner Koch (dist sig)

  rsa2048/E0856959 2014-10-29 [expires: 2019-12-31]
  Key fingerprint = 46CC 7308 65BB 5C78 EBAB  ADCF 0437 6F3E E085 6959
  David Shaw (GnuPG Release Signing Key) 

  rsa2048/33BD3F06 2014-10-29 [expires: 2016-10-28]
  Key fingerprint = 031E C253 6E58 0D8E A286  A9F2 2071 B08A 33BD 3F06
  NIIBE Yutaka (GnuPG Release Key) 

  rsa2048/7EFD60D9 2014-10-19 [expires: 2020-12-31]
  Key fingerprint = D238 EA65 D64C 67ED 4C30  73F2 8A86 1B1C 7EFD 60D9
  Werner Koch (Release Signing Key)

You may retrieve these files from the keyservers using this command

  gpg --recv-keys 249B39D24F25E3B6 04376F3EE0856959 \
  2071B08A33BD3F06 8A861B1C7EFD60D9

The keys are also available at https://gnupg.org/signature_key.html .
Note that this mail has been signed using my standard PGP key.


Support


Please consult the archive of the gnupg-users mailing list before
reporting a bug <https://gnupg.org/documentation/mailing-lists.html>.
We suggest to send bug reports for a new release to this list in favor
of filing a bug at <https://bugs.gnupg.org>.  For commercial support
requests we keep a list of known service companies at:

  https://gnupg.org/service.html

If you are a developer and you may need a certain feature for your
project, please do not hesitate to bring it to the gnupg-devel mailing
list for discussion.


Thanks
==

We have to thank all the people who helped with this release, be it
testing, coding, translating, suggesting, auditing, administering the
servers, spreading the word, and answering questions on the mailing
lists.

Since the start of the funding campaign in December several thousand
people have been kind enough to donate a total of 25 Euro to support
this project.  In addition the Linux Foundation gave a grant of $ 6
for 2015, Stripe.com and Facebook.com each pledged $ 5 per year.

I am amazed by this superb and unexpected support for the GnuPG project.
This does not only allow us to continue the project and allowed to hire
second full time developer, but also gives the resources to improve
things which have been delayed for too long.

*Thank you all !*


Salam-Shalom,

   Werner



p.s.
This is a announcement only mailing list.  Please send replies only to
the gnupg-users at gnupg.org mailing list.

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpGXVfIbN2jH.pgp
Description: PGP signature
___
Gnupg-announce mailing list
gnupg-annou...@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

[Announce] Libgcrypt 1.6.3 released (with SCA fix)

[Werner Koch]

Hello!

The GNU project is pleased to announce the availability of Libgcrypt
version 1.6.3.  This is a security fix release to mitigate two new side
channel attacks.

Libgcrypt is a general purpose library of cryptographic building blocks.
It does not provide any implementation of OpenPGP or other protocols.
Thorough understanding of applied cryptography is required for proper
use Libgcrypt.


Noteworthy changes in version 1.6.3 
===

 * Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
   See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.

 * Fixed data-dependent timing variations in modular exponentiation
   [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
   are Practical].

 * Improved asm support for older toolchains.


Download


Source code is hosted at the GnuPG FTP server and its mirrors as listed
at http://www.gnupg.org/download/mirrors.html .  On the primary server
the source tarball and its digital signature are:

 ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.3.tar.bz2 (2436k)
 ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.3.tar.bz2.sig

That file is bzip2 compressed.  A gzip compressed version is here:

 ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.3.tar.gz (2893k)
 ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.3.tar.gz.sig

In order to check that the version of Libgcrypt you are going to build
is an original and unmodified one, you can do it in one of the following
ways:

 * Check the supplied OpenPGP signature.  For example to check the
   signature of the file libgcrypt-1.6.3.tar.bz2 you would use this
   command:

 gpg --verify libgcrypt-1.6.3.tar.bz2.sig libgcrypt-1.6.3.tar.bz2

   This checks whether the signature file matches the source file.  You
   should see a message indicating that the signature is good and made
   by one of the release signing keys. 
   See https://gnupg.org/signature_key.html .

 * If you are not able to use GnuPG, you have to verify the SHA-1
   checksum:

 sha1sum libgcrypt-1.6.3.tar.bz2

   and check that the output matches the first line from the
   following list:

9456e7b64db9df8360a1407a38c8c958da80bbf1  libgcrypt-1.6.3.tar.bz2
4d56b5d754d39acae239f876537672e1dc8298e3  libgcrypt-1.6.3.tar.gz


Copying
===

Libgcrypt is distributed under the terms of the GNU Lesser General
Public License (LGPLv2.1+).  The helper programs as well as the
documentation are distributed under the terms of the GNU General Public
License (GPLv2+).  The file LICENSES has notices about contributions
that require these additional notices are distributed.


Support
===

For help on developing with Libgcrypt you should read the included
manual and optional ask on the gcrypt-devel mailing list [1].  A
listing with commercial support offers for Libgcrypt and related
software is available at the GnuPG web site [2].

If you are a developer and you may need a certain feature for your
project, please do not hesitate to bring it to the gcrypt-devel mailing
list for discussion.


Thanks
==

We have to thank all the people who helped with this release, be it
testing, coding, translating, suggesting, auditing, administering the
servers, spreading the word, and answering questions on the mailing
lists.  Niibe Yutaka did most of the work on fixing the side channel
attacks.  Special thanks to
 a) Daniel Genkin and his team for working with us on the fix for the
"radioexp" attack,
 b) Yuval Yarum and its team for advance information on their new cache
attack and sample code on how to fix it.

Since the start of the GnuPG funding campaign in December several
thousand people have been kind enough to donate a total of 25 Euro
to support this project.  In addition the Linux Foundation gave a grant
of $ 6 for 2015, Stripe.com and Facebook.com each pledged $ 5
per year.

I am amazed by this superb and unexpected support for the GnuPG project.
This will not only allow us to continue the project and hire a second
full time developer but gives us also the resources to improve things
which have been delayed for too long.

*Thank you all !*


Happy hacking,

  Werner


[1] http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
[2] https://www.gnupg.org/service.html

p.s.
This is a announcement only mailing list.  Please send replies only to
the gcrypt-devel at gnupg.org mailing lists.
-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgp2avYiYJmeC.pgp
Description: PGP signature
___
Gnupg-announce mailing list
gnupg-annou...@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Werner Koch]

On Fri, 27 Feb 2015 21:07, kristian.fiskerstr...@sumptuouscapital.com
said:

> Increasing the information on keyservers like this, in particular in
> the descriptive parts can be considered, would it suffice to be part
> of the standard web interface for keyserver intro, or would it have to
> be added on each individual index page?

I would put it on each index page - at least a link.

"this key listing may harm you - we reject all resonsibility for
 improper use of this device" ;-)


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Werner Koch]

On Fri, 27 Feb 2015 21:24, cales...@scientia.net said:

> - Nothing is encrypted (so everyone eavesdropping will know that I just
>   downloaded the key for nsa-whistleblow...@wikileaks.org... and five

Which he will anyway see as soon as you send the mail.  Iff we have an
anonymous network both problems will vanish. 

> Why? Well most people don't audit the code of GnuPG, so when they trust
> them already with respect to that, they can also trust them with respect

Most people run Windows or Android (or use Lenovo stuff) and thus have
anyway no control over their boxes.

> So I think the way to go here would be Tor.

Or a real anonymous overlay network.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: A forgotten patch?

[Werner Koch]

On Sat, 28 Feb 2015 03:02, a...@raxys.net said:

> of GnuPG in 2009. According to him, the patch fixes lots of problems
> that might be usable as in attack vectors on GnuPG. It seems however, as
> if this patch was never included into upstream GnuPG. Because of that,

This comes up every once in a while and I try not to spend time on that
silly thing.  At least by private mail I explained it to him years ago,
but he seem not to understand.  Let's look at two examples:

We have this function:

  /* Return a string which is used as a kind of process ID */
  const byte *
  get_session_marker( size_t *rlen )
  {
  static byte marker[SIZEOF_UNSIGNED_LONG*2];
  static int initialized;

  if ( !initialized ) {
  volatile ulong aa, bb; /* we really want the uninitialized value */
  ulong a, b;

  initialized = 1;
  /* also this marker is guessable it is not easy to use this
   * for a faked control packet because an attacker does not
   * have enough control about the time the verification does
   * take place.  Of course, we can add just more random but
   * than we need the random generator even for verification
   * tasks - which does not make sense. */
  a = aa ^ (ulong)getpid();
  b = bb ^ (ulong)time(NULL);
  memcpy( marker, &a, SIZEOF_UNSIGNED_LONG );
  memcpy( marker+SIZEOF_UNSIGNED_LONG, &b, SIZEOF_UNSIGNED_LONG );
  }
  *rlen = sizeof(marker);
  return marker;
  }

Fefe changes it to use /dev/urandom by inserting this code before the
above initialization test:

  int fd;

  if (!initialized) {
fd=open("/dev/urandom",O_RDONLY);
if (fd!=-1) {
if (read(fd,marker,sizeof(marker))==sizeof(marker))
  initialized=1;
close(fd);
}
  }

Let's ignore the fact that a failed open falls back to the, in his
book broken, existing scheme.   The real trouble here is that he does
not look for the use of this function.  Now, for what is it used: If a
clearsigned messages is received that message has an indication which
hash algorithms are used (the "Hash: " line).  We need to convey
this information from the unarmor layer to the actual parsing code. This
is done by inserting a faked packet with information on the hash
algorithms as well as a plaintext packet.  The final message the parser
then sees resembles this valid OpenPGP message

   One-Pass Signed Message :- One-Pass Signature Packet,
   OpenPGP Message, Corresponding Signature Packet.

Now an attacker might be able to insert a bogus control packet in an
arbitrary non-armored messages and in such a way resembles cleartext
message.  However, the only thing he could do with this is to announce a
different hash algorithm and switch the parsed to a different
interpretation of white spaces at line ends.  The first is entirely
harmless because gpg checks that the used hash algorithms matches those
in the actual Signature Packet which comes after the signed text.  It is
annoying if that happens but it merely leads to a BAD signature.

The slightly changed interpretation of trailing line spaces (clearsigned
versus text mode signatures) might be useful to insert extra trailing
spaces into a text file.  But that is something which happens to mails
anyway and the whole reason for text mode messages.

Why the session marker packet?  That is simply to help gpg to stop
earlier on bogus input data.  No need for cryptographical strong random.


Second example:

  struct private_membuf_s {
size_t len;
size_t size;
char *buf;
int out_of_core;
  };
  typedef struct private_membuf_s membuf_t;

  void
  put_membuf (membuf_t *mb, const void *buf, size_t len)
  {
if (mb->out_of_core)
  return;

assert(mb->len + len > mb->len);
if (mb->len + len >= mb->size)
  {
char *p;

assert(len + 1024 > len);
assert(mb->size + len > mb->size);
mb->size += len + 1024;
p = xrealloc (mb->buf, mb->size);
mb->buf = p;
  }
memcpy (mb->buf + mb->len, buf, len);
mb->len += len;
  }

The assert calls are inserted by Fefe.  Their intention is to detect
integer overflows.  Given that unsigned integers are used these checks
do work.  Are they required?

Looking at the first one: MB->LEN tracks the used length of a malloced
buffer.  Thus it this value is bound at a reasonable value.  LEN give
the length of BUG which is either a static array or another malloced
region.  Thus this is also bound.  To trigger this assertion it needs
two buffers which together allocate more that 2^32 bytes (or 2^64 on
systems with sizeof(size_t)==8). And before the process comes to
put_membuf it has already allocated other buffers.

Thus the answer from the engineering department is: No.

The QA department would give an unfavorable statement about the use of
assert calls for conditions which are supposed to happen (in Fefe's
short sighted anal

Re: Decrypting PGP/MIME on the command line

[Werner Koch]

On Sun,  1 Mar 2015 15:32, rp...@kcore.de said:

> is there a command line utility that takes a PGP/MIME encrypted message
> (a plain RFC 2822 text file) and outputs an unencrypted copy? The

Not really.  MIME is a structured format and as such it may result in a
bunch of encrypted, non-nencrypted, signed, unsigned,
message/alternative sub-documents.  Thus it is not easy to write a
general purpose command line tool.

You may start with gpgparsemail which is not installed bald build as
part of gnupg in the tools directory.  It returns an annotated format
which might be easier for further processing steps than plain MIME.

If you only want to decrypt a standard MIME encrypted mail, it is easy.
Simply pipe the entire mail through gpg and you will get the decrypted
MIME container.  Then use mimencode or similar tools.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: A forgotten patch?

[Werner Koch]

On Sun,  1 Mar 2015 03:29, a...@raxys.net said:

> I think the majority of people work for people they don't necessarily
> like that much. I suppose it's related to the unfair distribution of
> wealth in our world. Being funded by Facebook isn't the most reputable
> thing either.

Yeah right, or Google or Microsoft, or Apple, you name it.

[For some people raised in the 70ies and earlier "Bild" is a paper they
 won't even touch if they are in urgent need for paper. ]

> Is there anything in the patch you would reconsider to accept, if
> there

I have not seen anything - I might have not seen the tree for all the
assert(), though.

> was a bug report for the patch? I would gladly write one if that would

Well written bug reports are always appreciated.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Werner Koch]

On Sun,  1 Mar 2015 23:43, js-gnupg-us...@webkeks.org said:

> I don't really agree with that. The goal is that the proof of work for a
> single message takes 4 minutes. At that rate, sending spam really is not

So you can send 360 mail a day.  Assuming your 24/7 business make 700
Euro a day each mail costs you 2 Euro - snail mail would be much cheaper
(or de-mail ;-).

We had the discussion on proof-of-work as anti-spam measure more than a
decade ago and the outcome was that it won't work.  I can't see that any
parameters changed since then.



Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Circumvention Tech Summit in Valencia

[Werner Koch]

On Tue,  3 Mar 2015 12:51, r...@sixdemonbag.org said:

> Admittedly, "the GnuPG dev people" is really a one-element list
> containing Werner.  But there are certainly people active in the GnuPG

The web page lists more and several more have write access to
git.gnupg.org.  I considered to affend but the number of open bugs keeps
me working here.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Thoughts on GnuPG and automation

[Werner Koch]

On Tue,  3 Mar 2015 14:29, h...@guardianproject.info said:

> It is actually more difficult to wrap GPGME in Java than to have just
> rewritten GPGME in Java.  GPGME is a fine API for C/C++, it is a bad

Sorry, but that is not your problem.  The problem on Android seems to be
that it is not easy to install anything else than plain Java apps.

We have GPGME bindings for all kind of languages from Ada over Java to
Scheme.  Thus I can't see the problem - need another kind of data object
to be handled in GPGME?  No problem, it can easily be done.  Is the
event loop the problem?  That is somewhat harder to get right but that
is always the case if you use a library.

I don't really understand your complaints given that we worked together
to port GnuPG to Android.  GPGME is just a small thing on top of it and
way easier than GnuPG itself.  It has nothing to do with fork+exec -
GnuPG uses that itself a lot.

In 2010 we ported GnuPG and GPGME and Kontact (includes KMail) to
Windows Mobile 6.5.  I can tell you, that was a task but we finally did
it.  And the problems were not due to GnuPG (even that it ate up many of
the scarce process slots) but due to the shear amount of memory KDE
stuff required.  Consider as an example this: On Windows CE (the kernel
of Windows Mobile), you don't have stdout and stdin, nor is there a way
to inherit or pass on file descriptors.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

gpgme and Java (was: Thoughts on GnuPG and automation)

[Werner Koch]

On Wed,  4 Mar 2015 00:57, h...@guardianproject.info said:

> thread at this point.  The bizarre Java wrapper of GPGME was not the
> biggest part of the problem of the GnuPG-for-Android port, but it was
> nonetheless a real problem.  Sure it is possible to use GPGME with

You mean Stefan's decade old Java binding?  Well, there was not much
interest in it for years and if there is now a need for a proper Java
binding, it should be done.

> Java, but it is not good, and ill-fitting APIs make for bad software,
> which in turn often leads to bad security.  It also took a lot of

Please describe the problems you have with the API so that we actually
have something to talk about. 


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Thoughts on GnuPG and automation

[Werner Koch]

On Wed,  4 Mar 2015 01:45, r...@sixdemonbag.org said:

> ever hacked on GnuPG has found situations where GPGME isn't a good
> solution, sometimes for architectural reasons and sometimes for API
> reasons and sometimes for language binding reasons and sometimes for
> licensing reasons and... etc.

It can't be that bad:

  $ apt-cache rdepends libgpgme11 | wc -l
  84

and the majority of problems I hear are by projects which do not use
GPGME.  So I wonder a bit about your statement.

Right, it is not easy to control the advanced features of OpenPGP with
GPGME. It can be done and there is quite some example code available.
Please also consider that GPGME is not an OpenPGP thing but a protocol
independent library for off-line encryption protocols (actually it is
also possible to do add online things with it).  GPGME works on all kind
of platforms, form WindowsCE over Android to any Unix system.  There are
two open bugs out of 69 filed bugs over the last 10 years.  Development
might have been a bit slower in the last 2 years after Marcus had to
leave us. 

If there are real problems and not just a "I do not like the
open-process-close" paradigm, this should be raised and discussed
(gnupg-devel).  In particular problems with language binding should be
solved and if possible I'd like to add the language binding to the gpgme
release to be sure that it is a one-stop-solution.

> No one has ever said GPGME is the all-purpose, all-in-one solution.  No
> one.  So why are we having this discussion?  What was the point in even

Right, key signing and such is not a primary goal of GPGME.  It is about
bread-and-butter encryption services.  we always said, that if there is
a real need for a new interface we will add that.  But before we do that
it is important to see whether such a use pattern actually works.

GPGME is under the LGPGv2.1+ - this is the most liberal copyleft license
I know.  On purpose this has not been changed to GPLv3 or LGPGv3 so that
it can even be used by evil DRM riddled proprietary software.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Thoughts on GnuPG and automation

[Werner Koch]

On Wed,  4 Mar 2015 00:50, h...@guardianproject.info said:

> If you are interested, you should read the details.  Because you are
> missing some key details here.  I believe they log all PGP encrypted
> communication.  That would be easy for them to do.  I don't know about
> HTTPS.

I don't known for sure about encrypted mail but it is known that https
connection information is recorded and stored for future attacks:

For its part, Britain's GCHQ collects information about encryption
using the TLS and SSL protocols -- the protocols https connections
are encrypted with -- in a database called "FLYING PIG." The British
spies produce weekly "trends reports" to catalog which services use
the most SSL connections and save details about those
connections. Sites like Facebook, Twitter, Hotmail, Yahoo and
Apple's iCloud service top the charts, and the number of catalogued
SSL connections for one week is in the many billions -- for the top
40 sites alone.




Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Thoughts on GnuPG and automation

[Werner Koch]

On Wed,  4 Mar 2015 01:43, robe...@broadcom.com said:

> I think Peter and the group already adequately answered this: If GPGME
> is not providing an interface that meets Android requirements, then
> look into how GPGME interfaces to GPG and emulate that interface.

FWIW, EasyPG, the GnuPG interface used by Emacs, is more or less exactly
modelled after GPGME - in Elisp of course.  This is due to an Emacs
policy to keep the C-written core small with not to much dependencies.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Thoughts on GnuPG and automation

[Werner Koch]

On Tue,  3 Mar 2015 21:29, h...@guardianproject.info said:

> * Android will kill apps when it needs to, app lifecycle is automatically 
> managed,
>  the app has no control over it, and often zero warning is given

That is the same as with Linux.  Ever heard of the OOM killer?

> * Android was not meant to support launching processes from a shell/terminal,
>  it was there for core debugging, then opened up on demand from devs, but it
>  is very much a second class citizen to a Java Android app.

Why do you want to launch a process from a shell or terminal (actually a
shell is just an interpreter which has options to be used on a tty (job
control etc.))

> * all apps are child processes of 'zygote'

All processes excuted from GPGME are children of init. What is the
problem?

> * there is no way to install shared libraries to be shared by apps

I can't comment on this.

> There are other differences as well.  And iOS actually works a lot

Given that we worked together on adding features to GnuPG and GPGME for
use on Android I can't see your point.  Given that Android uses a Unix
kernel it is much more Unix than Windows or VMS.

You are thinking in the context of an application which runs on that
Android Unix kernel.  That might be indeed limited.  However we are
hackers and we can find ways to make almost everything work.

Shall we sit down and talk about the Android problems?  If we can do that
close to my place I will be available most of the time.  If it is better
for you to do it somewhere else, like Berlin, we need a bit more
planning.  Travel expenses should not be a concern.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Thoughts on GnuPG and automation

[Werner Koch]

On Wed,  4 Mar 2015 10:50, r...@sixdemonbag.org said:
>> I don't known for sure about encrypted mail but it is known that 
>> https connection information is recorded and stored for future 
>> attacks:
>
> Perhaps.  Plausible, even, given storage requirements for connection
> information.  But storing traffic, when 99.99% of it is good --
> that's ridiculous.

That has not been said.  From my understanding the FLYING PIG thing is
about extracting information from all gathered TLS handshakes.  This
shall either be used as a tool to decrypt suspicious connections or to
research weaknesses in TLS.  The authors of the article should be able
to explain that more in terms we understand - shall I ask them?

> That's no way to live.  When people feel like they're under siege they
> act like they're under siege.  Personal relationships fray.  People stop
> trusting each other.  Happiness plummets.  Suffering increases.

I fully agree with you on that.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Thoughts on GnuPG and automation

[Werner Koch]

On Wed,  4 Mar 2015 10:57, r...@sixdemonbag.org said:

> You're looking at FOSS projects that have successfully used GPGME, but

Sure.

> that doesn't tell you about proprietary projects that have chosen not to
> use GPGME.  I've had clients refuse to use GPGME because of the
> licensing, even under the LGPLv2.1.  (Foolish, I know.)  Other times

And I have had several hints that it was used anyway and violating the
license.  But that is another story.

If there is a compelling reason to change the license, like to increase
the adaption of mail encryption, I am willing to consider that.  I am
able do that for most of the code but there are some practical
drawbacks, like the ability to share code between the other libraries.

> I've discovered GPGME doesn't support a particular feature I need, like
> discovering the default preference lists that are currently in use.  Etc.

The bug tracker allows to file feature requests ...


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Thoughts on GnuPG and automation

[Werner Koch]

On Wed,  4 Mar 2015 11:10, pe...@digitalbrains.com said:

> 
> [JSON]
> 
> [GPGME]

That  already exists: gpgme-tool.  It creates
output in XML but adding an option for JSON output should be
straightforward.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Thoughts on GnuPG and automation

[Werner Koch]

On Tue,  3 Mar 2015 16:23, br...@minton.name said:
> It breaks mailpile because gpg-agent is not session aware.  A user could
> be logged in locally, using mailpile, and a remote attacker could access
> the web interface of that locally running mailpile instance, which since
> it is talking to the same gpg-agent, would think the remote user is

How do you distinguish between a remote user and a remote hacker?  I use
my Gnus MUA most of the time locally, but if need arise I can also login
from remote and use the very same process and gpg-agent.

It is also questionable what remote means: Client-server is a core
principle of Unix and in particular X11.

> I think that one solution would be to have mailpile use a per-session
> gpg home dir.

That is an architectural decision.

BTW, gpg-agent has this --extra-socket feature which distinguishes
between remote and local use (modulo some discussed changes).  It would
be easy to extend it in a way that gpg can tell gpg-agent to act as if
it was used via --extra-socket.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: where can one find an official gnupg project statement on the state of sub project?

[Werner Koch]

On Wed,  4 Mar 2015 20:14, pa...@mlopes.net said:

> It turns out that gnupg and gnupg2 are live and kicking, however the other 2
> projects seem to be dorment for long time without any updates.

Right I have not looked at scrute and poldi for a long time.  There
seems to be not enough interest.  However, I think that gniibe is
maintaining them for Debian.

> Maybe the reason for dropping poldi was due to build issues that have already
> been fixed on git master? master was updated 9 months ago but the latest 
> release
> 0.4.1 is 6 years old. Same for scute however i did stop using it.

Do you think we should do a new release for poldi?

> Now that there seems to be some extra momentum in the project with the amazing
> funding campaign, what are the plans for the sub projects?

Working on GnuPG 2.1 has top prioroty right now.  If there is enough
interest in Poldi, the development shoudl be taken up again.  Is there?

Regarding Scute, I expect that we will start to work on it again in
ralation to Thunderbird.  I know of at least one project which plans to
start working on Thunderbird.

I'll put a note into the Wiki.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg in a cybercafé

[Werner Koch]

On Fri,  6 Mar 2015 09:12, htd...@fritha.org said:

> In case you're allowed to boot from an external medium, this still won't be
> secure. Because you have no control over the hardware built into the computer,

Does not even need to be hardware: A (remotely) modified firmware might
first boot you into a virtual machine and only then boot the OS from
disk or USB.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Heise: De-Mail integrates End-2-End Encryption with PGP

[Werner Koch]

On Mon,  9 Mar 2015 12:37, m.mansf...@mansfeld-elektronik.de said:

> Anybody here from the GnuPG developers involved in that stuff?

Not that I know.

Keep in mind that De-mail system has a serious problem: As soon as you
register an account you are legally forced to check that account timely.
All de-mails send to your account are considered delivered after (iirc)
3 days as an affidavit of service.  Thus deadlines commence at that time
even if you are on vacation and are not able to check your account.

Better don't even not apply for a gratis account.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GPG4Win 2.2.3 Smart card support

[Werner Koch]

On Tue, 10 Mar 2015 08:14, deepak.sax...@safenet-inc.com said:

> I am trying to test file encryption with SafeNet smart cards. (CardOs/ Java 
> and other tokens).
> I am getting error message: The card application is not yet supported.

You need to write an application which GnuPG knows about.  The source
files scd/app-*.c implement the hist part of the card applictions.  If
you card has a pkcs#15 structure it would be used, if not you need to
provide the specifications for the card and write such an application
driver or find someone who is interested in doing that.

You may however use the card directly sending the respecive APDUs to the
card.  You can test this with gpg-connect-agent; use 

  scd serialno undefined

to convince scdaemon to use the card without any known application and
then run

 scd help apdu

to learn about the APDU command.

> I can see the list of supported tokens as:
> https://wiki.debian.org/GnuPG/CCID_Driver

This is a lower layer.  On Windows pkcs@11 is used and AFAICS it works
for you.


Salam-Shalom,

   Werner


p.s.
> The information contained in this electronic mail transmission 
> may be privileged and confidential, and therefore, protected 
> from disclosure. If you have received this communication in 
> error, please notify us immediately by replying to this 

Did the GCHQ complied with that request when they grabbed all those SIM
card keys? ;-)

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: AES-NI, symmetric key generation

[Werner Koch]

On Tue, 10 Mar 2015 10:05, aheine...@intevation.de said:

>> Also is there any
>> option to turn hardware acceleration on or off at runtime? 

You can globally disable certain hardware features: Create a file

--8<---cut here---start->8---
# We do not want to use AES-NI
intel-aesni
--8<---cut here---end--->8---

and store it as /etc/gcrypt/hwf.deny . This should work also on Windows
if you copy that file to every drive.  The list of hardware
features in the current development version is:

{ HWF_PADLOCK_RNG, "padlock-rng" },
{ HWF_PADLOCK_AES, "padlock-aes" },
{ HWF_PADLOCK_SHA, "padlock-sha" },
{ HWF_PADLOCK_MMUL,"padlock-mmul"},
{ HWF_INTEL_CPU,   "intel-cpu" },
{ HWF_INTEL_BMI2,  "intel-bmi2" },
{ HWF_INTEL_SSSE3, "intel-ssse3" },
{ HWF_INTEL_PCLMUL,"intel-pclmul" },
{ HWF_INTEL_AESNI, "intel-aesni" },
{ HWF_INTEL_RDRAND,"intel-rdrand" },
{ HWF_INTEL_AVX,   "intel-avx" },
{ HWF_INTEL_AVX2,  "intel-avx2" },
{ HWF_ARM_NEON,"arm-neon" }

Libgcrypt 1.6 has less features.

BTW, I just pushed a change for 2.1 to show the used Libgcrypt
configuration:

--8<---cut here---start->8---
$ gpg --list-gcrypt-config
version:1.6.3-beta12:
ciphers:arcfour:blowfish:cast5:des:aes:twofish:serpent:rfc2268:seed:camellia:idea:salsa20:gost28147:
pubkeys:dsa:elgamal:rsa:ecc:
digests:crc:gostr3411-94:md4:md5:rmd160:sha1:sha256:sha512:tiger:whirlpool:stribog:
rnd-mod:linux:
cpu-arch:x86:
mpi-asm:amd64/mpih-add1.S:amd64/mpih-sub1.S:amd64/mpih-mul1.S:amd64/mpih-mul2.S:amd64/mpih-mul3.S:amd64/mpih-lshift.S:amd64/mpih-rshift.S:
threads:none:
hwflist:intel-cpu:intel-ssse3:intel-pclmul:intel-aesni:intel-avx:
fips-mode:n:n:
rng-type:standard:1:
--8<---cut here---end--->8---


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

GnuPG News for February 2015

[Werner Koch]

Hi!

Find below the plain text version of 
https://gnupg.org/blog/20150310-gnupg-in-february.html


Shalom-Salam,

   Werner



1 GnuPG News for February 2015
══

  Indeed, very exiting news this month: The financial crisis of The
  GnuPG Project is over.  Due to an unexpected amount of donations
  received in the first days of February we can keep on working for at
  least the next 2 or 3 years.

  How did this happen?  At the [31C3] Nico Josattis arranged an
  Interview with [Julia Angwin] who writes for [ProPublica].  Eventually
  on the 5th her [article] was published and immediately received a lot
  of attention.  Not only at the ProPublica site but at many other news
  site as well.  While checking my mail on that evening, I noticed more
  than thousand notification mails for donations and even better: that
  continuous stream of donations did not stop for the next days.  Alone
  on the first day we received more than 120,000 € and thus more than
  our initial goal.  I even had to fix the script building the donation
  progress bar to not overflow the right margin the same night.  I also
  received a call from one of the Stripe founders who offered yearly
  donations from Stripe and Facebook each at 50, $.  Amazing.

  I like to *thank everyone* for supporting the project, be it small or
  large individual donations, helping users, providing corporate
  sponsorship, working on the software, and for all the encouraging
  words by mail, blogs, and even postcards.

  Due to that new publicity for GnuPG, I received many requests for
  interviews and for several days journalists and photographers visited
  me in my office.  They wrote several articles for German papers and
  radio stations, for example in the [taz], the [Süddeutsche Zeitung],
  and the [Deutsche Welle]. I hope these articles help to keep up the
  awareness for the importance of privacy issues.

  GnuPG does not stand alone: there are many other projects, often
  unknown to most people, which are essential to keep the free Internet
  running.  Many of them are run by volunteers who spend a lot of unpaid
  time on them.  They need our support as well!

  Now what to do with all that money?  Before a final plan can be
  drafted, tax issues need to be resolved.  Given that g10^code (the
  legal entity behind the project) is not a charity, we need to find a
  way to stretch the use of the money beyond this year.  My tax advisor
  is currently looking into this and I will report on the outcome in
  another blog entry.

  Regardless of this I started to look out for a second developer and
  fortunately [Neal Walfield] was searching for a job and accepted my
  offer to work on GnuPG.  Neal is well known for his work on modern
  operating systems and I consider him an excellent hacker.  I am glad
  to have him on board.


  [31C3] https://events.ccc.de/congress/2014/wiki/Main_Page

  [Julia Angwin] http://juliaangwin.com

  [ProPublica] http://www.propublica.org

  [article]
  
http://www.propublica.org/article/the-worlds-email-encryption-software-relies-on-one-guy-who-is-going-broke

  [taz] http://www.taz.de/Verschluesselung-mit-GnuPG/!154635/

  [Süddeutsche Zeitung]
  
http://www.sueddeutsche.de/digital/verschluesselungssoftware-gnu-pg-wie-ein-mann-das-e-mail-geheimnis-verteidigt-1.2355155

  [Deutsche Welle] http://dw.de/p/1Eebj

  [Neal Walfield] http://walfield.org


1.1 Release status
──

  GnuPG [2.1.2] was released on the 11th, [2.0.27] on the 18th, and
  [1.4.19] on the 27th.

  The 1.4.19 release features a fix for a new side channel attack on the
  Elgamal encryption (which used to be the default public key encryption
  algorithm until 2009).  Go ahead and read how Genkin’s group describes
  the [details] of this attack.  The release also includes a mitigation
  for another SCA to be described in the forthcoming paper /Last-Level
  Cache Side-Channel Attacks are Practical/ by Yarom et al.

  Libgcrypt [1.6.3] was released on the 27th to fix the described SCAs
  for GnuPG 2.0 and 2.1.


  [2.1.2]
  https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html

  [2.0.27]
  http://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html

  [1.4.19]
  http://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html

  [details] http://www.cs.tau.ac.il/~tromer/radioexp/

  [1.6.3]
  http://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html


1.2 Released and not yet released changes
─

  Several segfaults due to NULL-derefs and invalid memory reads when
  using garbled keyrings were fixed.  These unlikely exploitable bugs
  were detected by fuzzing instrumented versions of GnuPG; [Hanno Böck's
  report] has some details.  A long standing implementation flaw copying
  memory stored values to integers variables was also found and fixed.
  These bug fixes have been backported to 2.0 and 1.4; Daniel Kahn
  Gillmor was kind enough to hel

Re: AES-NI, symmetric key generation

[Werner Koch]

On Tue, 10 Mar 2015 20:39, maricelgregorasc...@yahoo.com said:
> Thanks Werner.On Windows, you mean on each drive letter, in the root
> directory? (e.g. c:\hwf.deny, d:\hwf.deny, etc.?).Also would there be

Yes, that was the idea.  The file names should however be

  c:\etc\gcrypt\hwf.deny
  d:\etc\gcrypt\hwf.deny

I have not tested this.

> a way to make gpg display which hardware features are being used when
> encrypting/decrypting (to confirm that the deny file was correctly
> placed and actually had an effect)? Thank you.  From: Werner Koch

Not yet. 2.1.3 will have a command to list it.  You may simply encrypt a
large file and compare the times.  It is way faster with AES-NI enabled.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: AES-NI, symmetric key generation

[Werner Koch]

On Tue, 10 Mar 2015 20:33, maricelgregorasc...@yahoo.com said:

> I admit I haven't looked at the AES-NI instruction set, but I've read
> that it could be easy for the CPU to reconstruct the key from a

Possible.  It is also easy to detect the instructions used for software
based AES keyscheduling and leak the key from that knowledge.  I'd pick
AES-NI for its better performace and SCA resistance.

RDRAND for random numbers is a different story.  No sane crypto tool
should soley rely on this instruction.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [cygwin] gpg-agent with ssh support ?

[Werner Koch]

On Wed, 11 Mar 2015 07:18, xav...@maillard.im said:

> I enabled ssh support in the gpg-agent.conf file as usual and I
> clearly see the socket files for both GNUpg and SSH.

The Unix Domain Socket emulation used by Cygwin is different from the
emulation used by GnuPG on Windows.  Recall that Cygwin is its own OS on
top of Windows.  You may try to build GnuPG for Cygwin and install this.
However, I would not suggest this.

The standard ssh client on Windows seems to be Putty; you may use it
with the native GnuPG for Windows (i.e. Gpg4win) by using the option
--enable-putty-support instead of --enable-ssh-support.

> Do you know a way to fix that and only use gpg-agent as my sole agent
> entry point for both gpg and ssh ?

IIRC, gniibe once posted a description on how Cygwin's socket emulation
works on Windows.  It might be possible to add this to gpg-agent.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: bugs.gnupg.org TLS certificate

[Werner Koch]

On Wed, 11 Mar 2015 15:12, br...@minton.name said:

> git.gnupg.org) don't use that certificate.  Have you considered a wildcard
> certificate?  I know this has been discussed before, e.g. at

Too expensive ;-).  To stop all these complaints I will add a so called
real certificate but first I need to move the tracker to another
machine.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: AES-NI, symmetric key generation

[Werner Koch]

On Wed, 11 Mar 2015 20:39, p...@heypete.com said:

>> One more question: Is there any standardization in output formats
>> between encryption programs and libraries, for example say you encrypt
>> with AES128 in CBC, with the same key (directly or via passphrase), and
>> since the output will have to have, in addition to the actual
>> ciphertext, algorithm indentification on it, possible pasphrase-to-key,
>> plus mode-specific data such as the iv/nonce, is there a specification
>> of the format of how these come in?
>
> You'd have to ask Werner, the head developer, about that.

Sorry, I do not understand the question.  The format is defined by the
OpenPGP standard or the CMS standard (aka S/MIME).  There are also some
other less common formats.

Or is the question how applications present this to the user or whether
a standard API is defined?  That is not defined by one of these
protocols.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [cygwin] gpg-agent with ssh support ?

[Werner Koch]

On Wed, 11 Mar 2015 18:23, dougb@dougbarton.email said:

> PuTTY also has its own agent support, which works quite well. I'm not
> sure why it's necessary to reinvent the wheel here. :)

Because that integrates seemless with GnuPG.  For example you can use
your OpenPGP card (or other supoorted smartcards) for ssh.  No need for
the ssh-add kludge.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: AES-NI, symmetric key generation

[Werner Koch]

On Thu, 12 Mar 2015 11:08, p...@heypete.com said:

> I (perhaps incorrectly) interpreted the question as "If GnuPG makes
> backwards-incompatible changes in the future, would it be possible for
> one who knows the encryption algorithm used, key, etc. of a message to
> decrypt that message with other, non-GnuPG tools?"

Sure.  As long as the tool understand the OpenPGP protocol.

> For example, if one knows that CAST5-CFB, ZIP, and salted-and-iterated
> S2K was used (as well as the value of the salt and number of
> iterations), might one be able to decrypt the message using OpenSSL
> and other common utilities? I suspect yes, as the encryption and

Yes.  Many years ago there used to be a toolset with reference
implementation based on OpenSSL.  IIRC, it was also available as a
printed book.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: bugs.gnupg.org TLS certificate

[Werner Koch]

On Fri, 13 Mar 2015 00:21, h...@barrera.io said:

> No need for a wildcard one. Just get one free certificate for each subdomain
> from StartSSL.

Definitely not.  It far easier to pay 10 Euro a year for one from
Gandi.  But that is all not an issue, migrating Roundup to a newer
version is more work.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: bugs.gnupg.org TLS certificate

[Werner Koch]

On Fri, 13 Mar 2015 14:04, mw...@iupui.edu said:

> A CA that charges nothing cannot afford to do much (any?) checking of
> the assertions in my CSR.  The resulting signature thus cannot have
> some of the meaning that a more thoroughly investigated CSR can

Given the implicit cross certification of all CA in the browsers this
does not matter.  Except for those who tightly control their Root CA but
that is a rare case and not really practical.

The more expensive CAs are only selling you a fashionable background
color for your the client's address bar.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Enigmail speed geeking

[Werner Koch]

On Sun, 15 Mar 2015 16:32, st...@mailbox.org said:

> Now, I'll look for information on how RNG in GnuPG exactly works. It *seems*
> that haveged should impact on the gathering of entropy (available) at the 
> moment
> of keypair generation on any GNU/Linux PC/laptop equipped with it (specific

You can find this in the Libgcrypt manual:

  Libgcrypt provides 3 levels or random quality: The level
  'GCRY_VERY_STRONG_RANDOM' usually used for key generation, the level
  'GCRY_STRONG_RANDOM' for all other strong random requirements and the
  function 'gcry_create_nonce' which is used for weaker usages like
  nonces.  There is also a level 'GCRY_WEAK_RANDOM' which in general maps
  to 'GCRY_STRONG_RANDOM' except when used with the function
  'gcry_mpi_randomize', where it randomizes an multi-precision-integer
  using the 'gcry_create_nonce' function.
  
  There are two distinct random generators available:
  
 * The Continuously Seeded Pseudo Random Number Generator (CSPRNG),
   which is based on the classic GnuPG derived big pool
   implementation.  Implemented in 'random/random-csprng.c' and used
   by default.
 * A FIPS approved ANSI X9.31 PRNG using AES with a 128 bit key.
   Implemented in 'random/random-fips.c' and used if Libgcrypt is in
   FIPS mode.
  
  Both generators make use of so-called entropy gathering modules:
  
  rndlinux
   Uses the operating system provided '/dev/random' and '/dev/urandom'
   devices.
  
  rndunix
   Runs several operating system commands to collect entropy from
   sources like virtual machine and process statistics.  It is a kind
   of poor-man's '/dev/random' implementation.  It is not available in
   FIPS mode.
  
  rndegd
   Uses the operating system provided Entropy Gathering Daemon (EGD).
   The EGD basically uses the same algorithms as rndunix does.
   However as a system daemon it keeps on running and thus can serve
   several processes requiring entropy input and does not waste
   collected entropy if the application does not need all the
   collected entropy.  It is not available in FIPS mode.
  
  rndw32
   Targeted for the Microsoft Windows OS. It uses certain properties
   of that system and is the only gathering module available for that
   OS.
  
  rndhw
   Extra module to collect additional entropy by utilizing a hardware
   random number generator.  As of now the only supported hardware RNG
   is the Padlock engine of VIA (Centaur) CPUs.  It is not available
   in FIPS mode.
  

  16.6.1 Description of the CSPRNG
  
  
  This random number generator is loosely modelled after the one described
  in Peter Gutmann's paper: "Software Generation of Practically Strong
  Random Numbers".(1)
  
 A pool of 600 bytes is used and mixed using the core RIPE-MD160 hash
  transform function.  Several extra features are used to make the robust
  against a wide variety of attacks and to protect against failures of
  subsystems.  The state of the generator may be saved to a file and
  initially seed form a file.
  
 Depending on how Libgcrypt was build the generator is able to select
  the best working entropy gathering module.  It makes use of the slow and
  fast collection methods and requires the pool to initially seeded form
  the slow gatherer or a seed file.  An entropy estimation is used to mix
  in enough data from the gather modules before returning the actual
  random output.  Process fork detection and protection is implemented.
  
 The implementation of the nonce generator (for 'gcry_create_nonce')
  is a straightforward repeated hash design: A 28 byte buffer is initially
  seeded with the PID and the time in seconds in the first 20 bytes and
  with 8 bytes of random taken from the 'GCRY_STRONG_RANDOM' generator.
  Random numbers are then created by hashing all the 28 bytes with SHA-1
  and saving that again in the first 20 bytes.  The hash is also returned
  as result.
  
 -- Footnotes --
  
 (1) Also described in chapter 6 of his book "Cryptographic Security
  Architecture", New York, 2004, ISBN 0-387-95387-6.
  


Shalom-Salam,

   Werner
  

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Enigmail speed geeking

[Werner Koch]

On Sun, 15 Mar 2015 23:38, st...@mailbox.org said:

> Thanks, Werner. I read that, but I was particularly interested in how to get
> GnuPG work with haveged.

You should feed it into /dev/random or get into the kernel proper.  This
way all applications can benefit from it.

> So, I guess it would not be possible for an interested user to have GnuPG work
> with haveged by using configuration files or load instructions

This requires to add a new entropy gathering module or add it to
rndlinux.c.  However, I assume that proper output of haveged is pretty
system and compiler dependent.  Thus it belongs into the OS kernel.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Defaults

[Werner Koch]

On Tue, 17 Mar 2015 20:44, r...@sixdemonbag.org said:
> Given that 2.1 introduces a lot of new capabilities (mostly with respect
> to ECC), I think now, early on in the 2.1 series, would be a good time
> to discuss changing the defaults for newly-generated certificates.

Let's do a quick check of the status quo (I removed some of the extra
diagnostics from the examples):

Create a new key:

  $ gpg --no-options --quick-gen-key 'test key '
  About to create a key for:
  "test key "
  
  Continue? (Y/n) y
  public and secret key created and signed.
  
  pub   rsa2048/50C4476F 2015-03-18
Key fingerprint = 11E9 91C2 36E0 21A6 1E35  A682 68CC E4C2 50C4 476F
  uid   [ultimate] test key 
  sub   rsa2048/807D0FF4 2015-03-18
  
What are the preferences:  
  
  $ gpg --no-options --edit-key 50C4476F
  gpg (GnuPG) 2.1.3-beta26; Copyright (C) 2015 Free Software Foundation, Inc.
  Secret key is available.
  
  pub  rsa2048/50C4476F
   created: 2015-03-18  expires: never   usage: SC  
   trust: ultimate  validity: ultimate
  sub  rsa2048/807D0FF4
   created: 2015-03-18  expires: never   usage: E   
  [ultimate] (1). test key 
  
  gpg> showpref
  [ultimate] (1). test key 
   Cipher: AES256, AES192, AES, 3DES
   Digest: SHA256, SHA384, SHA512, SHA224, SHA1
   Compression: ZLIB, BZIP2, ZIP, Uncompressed
   Features: MDC, Keyserver no-modify

Sign something (there is only the above new key in the keyring):

  $ fortune | gpg --no-options --clearsign -v 
  -BEGIN PGP SIGNED MESSAGE-
  Hash: SHA256
  
  Whenever people agree with me I always feel I must be wrong.
  -- Oscar Wilde
  gpg: RSA/SHA256 signature from: "50C4476F test key "
  -BEGIN PGP SIGNATURE-
  Version: GnuPG v2
  
  iQEcBAEBCAAGBQJVCSpjAAoJEGjM5MJQxEdvQOUH/1G0xVxUppAHjqy6E5h8Pds+
  R9IhpACMwx+b01KudyTQ1rw1Y6Gy47vRhtaZaY9H7g9Ua8N7CtDWDUlbN/A+vovr
  7NX7yh8VXNqTYg9iCbwtL3KrN5b+gImWC7XxKgmJ5MqtRdOnjrGRG+R/1Yz/K6+3
  dKtD+o7WSToWiZRaqraIEFaHuHHPhhTbZd9rPkkoVhR8IfuwVP9WiWgL1En1khiC
  jNN4XBTO6JYm9wxYnbKTr5pIkNIdkXJEXSSO0VDu+jcx0eXiQlHVM2Za+8F0e59o
  rhaD61+7MFRp7W85eq9DphK8ZQkYSiVFmxP05KtBn0ym+CWyOZQTknJTZq2rpGI=
  =TRJn
  -END PGP SIGNATURE-
   
Do an symmetric encryption:
 
  $ fortune | gpg --no-options -ca -v 
  gpg: using cipher AES
  gpg: writing to stdout
  -BEGIN PGP MESSAGE-
  Version: GnuPG v2
  
  jA0EBwMCEKZ9P8JsqIXk0n0BXv33OI6+DtCIKj4eizkTHI4uFnlwYxa8mGDmNPZX
  7f8Q0f5L621bNvyIgCrV+gmfMXbXd2jtUXOAu0Q/g9gpkNEQhEJKcFBk1VDaAM0j
  dg8LeF/iT8HUjSmsWXbOCvYRh3MtIbYSEC299yBZJ+gG44Akgypl80dubLXhcA==
  =doWz
  -END PGP MESSAGE-


Now:

>   * Offer Brainpool-512 and RSA-3072 as options for
> newly-generated certificates

The default is RSA-2048 but there is an option to create RSA-3072.  GUIs
may choose there own defaults.

Using Brainpool as default for ECC (by the time we can get ECC out of
the export mode) is obvious something the German secret services would
like to see.  Given recent revelations about the BSI and its support for
"remote forensic toolkits" (aka Federal Trojan Tool) won't convince
people that Brainpool curves are safer than NIST curves.  Anyway the
plan is to make Curve25519 the default for ECC.  There are also options
for stronger ECC curves not related to US or European standard bodies.

>   * Use AES256 for a symmetric cipher

As shown above AES128 (AES) is the default for symmetric encryption.
Symmetric encryption is for whatever reasons commonly used for bulk data
encryption and performace si a matter here:

 AES|  nanosecs/byte   mebibytes/sec   cycles/byte
CFB enc |  1.77 ns/B 537.9 MiB/s  4.08 c/B
CFB dec | 0.365 ns/B2612.1 MiB/s 0.840 c/B
 AES256 
CFB enc |  2.47 ns/B 386.5 MiB/s  5.67 c/B
CFB dec | 0.530 ns/B1799.4 MiB/s  1.22 c/B

Thus on my X220 you get a 40% speedup by using 128 bit AES.  Well, the
number are from Libgcrypt and don't include the overhead due to the
protocol but it is faster.

For public key encryption AES-256 will anyway be used by default.

>   * Raise a warning if the user attempts to encrypt more
> than 4 GiB with an old (64-bit block) cipher

Except for 3DES there is no 64 bit block cipher in the preferences:

   Cipher: AES256, AES192, AES, 3DES

A key capable of only 3DES will be rare and must have been created on
purpose or by very old software.  They want 3DES and thus they get it.

>   * Only use CAST5 if the user explicitly requests it via
> default-cipher-preferences: prefer 3DES over CAST5

Already done.  See above.

>   * Only use IDEA if the user explicitly requests it via
> default-cipher-preferences: prefer 3DES over IDEA

IDEA is not included in the preferences.

>   * Use SHA256 for RSA-3072/-4096 signatures and SHA512
> for Brainpool-512

Already used even for RSA-2048.  See example above.

>   * CAST5 is not in goo

Re: SKS Keyserver, HKPS and GnuPG 2.1

[Werner Koch]

On Wed, 18 Mar 2015 22:52, david.j.woo...@gmail.com said:

> I debugged this issue a few days ago. I've posted a patch for testing and
> hopefully incorporation into a future GnuPG 2.1 build at

It is on my shortlist.

Thanks,

  Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: --verify --status-fd separator for multiple signatures?

[Werner Koch]

On Thu, 19 Mar 2015 18:39, patrick-mailingli...@whonix.org said:

> when using --verify combined with --status-fd [or --status-file], how
> can one notice in scripts, that processing the one signature is done and
> that further status-fd messages belong to the next message?

That is unfortunately a bit complicated due to different behaviour in
gpgsm and gpg.  I suggest to do what we do in gpgme/src/verify.c .  Of
course if would be useful to make sure that NEWSIG is also emitted by
gpg but you also need to take care of older gpg versions.

I assume adding NEWSIG to gpg has simply be forgotten.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Defaults

[Werner Koch]

On Thu, 19 Mar 2015 11:19, mue...@cryptobitch.de said:

> Is there anything in this listing that would allow me to quickly copy and 
> paste
> (e.g. double click and middle click) in order to further work with the key,
> e.g. edit or encrypt to?

Sorry, I do not understand you.  This is a command line interface and
not a point an click thingie

> The fingerprint would probably be better to identify the key, but, similarly,
> the spaces prevent me from selecting it easily.

Use a GUI tool.

> I thought short keyids are dangerous and should not be used,

They are not more dangerous than long fingerprints.  It depends on what
you want to do.  In my test setting using the short key id is perfectly
okay.  For checking the validity of the key you need to use the
fingerprint and not some keyid or mail address.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: --verify --status-fd separator for multiple signatures?

[Werner Koch]

On Fri, 20 Mar 2015 19:41, patrick-mailingli...@whonix.org said:

> Well, I don't speak C, so I can't make head or tail of "what we do in
> gpgme/src/verify.c".

You should still be able to follow the control flow.  That is not
different from any pseudo code.

> Is there a complete list of all possible start/end keyword combinations?

As, I said, checkout gpgme: 

  switch (code)
{
case GPGME_STATUS_NEWSIG:
  if (sig)
calc_sig_summary (sig);

NEWSIG has been seen: Finalize the output for the current signature if any.

  err = prepare_new_sig (opd);

  opd->only_newsig_seen = 1;

Get ready for a new signature.  That is the helpful feature of NEWSIG.
Note that there is no guarantee that a signature will follow: I maybe
garbled or remove and gpg won't get to the actual verification.

case GPGME_STATUS_GOODSIG:
case GPGME_STATUS_EXPSIG:
case GPGME_STATUS_EXPKEYSIG:
case GPGME_STATUS_BADSIG:
case GPGME_STATUS_ERRSIG:
case GPGME_STATUS_REVKEYSIG:
  if (sig && !opd->did_prepare_new_sig)
calc_sig_summary (sig);

If we have a signature and we are not yet preparing for a new signature
(i.e. have not called prepare_new-sig): Finalize the output for the
current signature

  opd->only_newsig_seen = 0;

Clear flag for NEWSIG seen.

  return parse_new_sig (opd, code, args, ctx->protocol);

Do something with the signature.  This fucntion calls prepare_new_sig if
not yet done.

case GPGME_STATUS_VALIDSIG:
  opd->only_newsig_seen = 0;
  return sig ? parse_valid_sig (sig, args, ctx->protocol)
: trace_gpg_error (GPG_ERR_INV_ENGINE);

VALIDSIG is the modern version of GOODSIG.  Take care of it.


case GPGME_STATUS_NODATA:
  opd->only_newsig_seen = 0;

Forget about NEWSIG.  The code in GPGME requires this here and for
several other status messages.

case GPGME_STATUS_EOF:
  if (sig && !opd->did_prepare_new_sig)
calc_sig_summary (sig);
  if (opd->only_newsig_seen && sig)
{
  gpgme_signature_t sig2;
  /* The last signature has no valid information - remove it
 from the list. */

On EOF finalize the last signature.  If a NEWSIG has neen seen remove
the prepared information.

Proper verification is a bit complicate if you need to do this in the
most general way.  You can get away much easier in many cases.  For
example VALIDSIG gives you all the information about correctly verified
signatures.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Clarification on advisories

[Werner Koch]

On Mon, 23 Mar 2015 06:31, ventur...@gmail.com said:

> In the 1.4.19 announcement, the entry: "Fixed bugs related to bogus
> keyrings." is the fix for CVE-2015-1606?

The Debian announcement describes this as

The keyring parsing code did not properly reject certain packet types
not belonging in a keyring, which caused an access to memory already
freed. This could allow remote attackers to cause a denial of service
(crash) via crafted keyring files.

This seems to be about this fix:

  commit 81d3e541326e94d26a953aa70afc3cb149d11ebe

gpg: Prevent an invalid memory read using a garbled keyring.

* g10/keyring.c (keyring_get_keyblock): Whitelist allowed packet
types.
--

The keyring DB code did not reject packets which don't belong into a
keyring.  If for example the keyblock contains a literal data packet
it is expected that the processing code stops at the data packet and
reads from the input stream which is referenced from the data packets.
Obviously the keyring processing code does not and cannot do that.
However, when exporting this messes up the IOBUF and leads to an
invalid read of sizeof (int).

We now skip all packets which are not allowed in a keyring.

Reported-by: Hanno Böck 

(back ported from commit f0f71a721ccd7ab9e40b8b6b028b59632c0cc648)

[dkg: rebased to STABLE-BRANCH-1-4]
Signed-off-by: Daniel Kahn Gillmor 


(I don't think that "access to memory already freed" is the right
description.)

> Am I right in thinking the issues found through fuzzing which led to
> the release of 2.1.2 still have not be back ported to previous
> releases? certainly most of the changes in the commits highlighted are
> applicable accounting for the change of line numbers.

I may not understand what your qyestion here.  The commit you are
referring to is against 2.1 (current master) and not against 1.4.  The
parts relevant to 1.4 and 2.0 have been ported back (see above for 1.4).


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Clarification on advisories

[Werner Koch]

On Mon, 23 Mar 2015 11:05, ventur...@gmail.com said:

> Are the applicable parts of the issues highlighted here:
> http://www.openwall.com/lists/oss-security/2015/02/13/14
> Backported to 2.0.27?

Yes, all four:

1. 39978487863066e59bb657f5fe4e8baab510da7e

  commit 7e12ec4c7d6df29a7d7935399fccd2594ebb4a7e
  Author: Werner Koch 
  Date:   Thu Feb 12 18:52:07 2015 +0100

gpg: Fix a NULL-deref due to empty ring trust packets.

* g10/parse-packet.c (parse_trust): Always allocate a packet.
--

Reported-by: Hanno Böck 
Signed-off-by: Werner Koch 

(back ported from commit 39978487863066e59bb657f5fe4e8baab510da7e)


2. 0835d2f44ef62eab51fce6a927908f544e01cf8f

  commit 8da836e76f1349f4587d1bb74864b11dde7b8a39
  Author: Werner Koch 
  Date:   Thu Feb 12 18:54:17 2015 +0100

gpg: Fix a NULL-deref in export due to invalid packet lengths.

* g10/build-packet.c (write_fake_data): Take care of a NULL stored as
opaque MPI.
--

Reported-by: Hanno Böck 

(back ported from commit 0835d2f44ef62eab51fce6a927908f544e01cf8f)


3. 0f71a721ccd7ab9e40b8b6b028b59632c0cc648

  commit 824d88ac51b4d680f06e68f0879a7c1ec03cb2ba
  Author: Werner Koch 
  Date:   Thu Feb 12 18:58:36 2015 +0100

gpg: Prevent an invalid memory read using a garbled keyring.

* g10/keyring.c (keyring_get_keyblock): Whitelist allowed packet
types.
--

The keyring DB code did not reject packets which don't belong into a
keyring.  If for example the keyblock contains a literal data packet
it is expected that the processing code stops at the data packet and
reads from the input stream which is referenced from the data packets.
Obviously the keyring processing code does not and cannot do that.
However, when exporting this messes up the IOBUF and leads to an
invalid read of sizeof (int).

We now skip all packets which are not allowed in a keyring.

Reported-by: Hanno Böck 

(back ported from commit f0f71a721ccd7ab9e40b8b6b028b59632c0cc648)


4. 2183683bd633818dd031b090b5530951de76f392

  commit 3627123dc8fdc551caca1c7944713fbf01feccf6
  Author: Werner Koch 
  Date:   Thu Feb 12 20:34:44 2015 +0100

Use inline functions to convert buffer data to scalars.

* include/host2net.h (buf16_to_ulong, buf16_to_uint): New.
(buf16_to_ushort, buf16_to_u16): New.
(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.
--

This fixes sign extension on shift problems.  Hanno Böck found a case
with an invalid read due to this problem.  To fix that almost all uses
of "<< 24" and "<< 8" are changed by this patch to use an inline
function from host2net.h.

(back ported from commit 2183683bd633818dd031b090b5530951de76f392)


and releases with 2.0.27

  commit 8d47e6e5235b6ecb41baf52865c5837c1de962b5
  Author: Werner Koch 
  Date:   Wed Feb 18 14:10:57 2015 +0100

Release 2.0.27


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG 1.4.19 - Encryption Questions

[Werner Koch]

On Mon, 23 Mar 2015 15:34, criv...@merkleinc.com said:

> I am now trying to encrypt a file using the "homedir" option to point
> to the copied keyrings but am getting this error message:

You better run

  gpg --version 

to see which directory is the default homedir of GnuPG.  You your files
to that directory.  If you need a gpg.conf put it into the same directory.

> gpg: keyblock resource '\secring.pgp' : file open error

Transcript error?  It should be ".gpg" and not ".pgp"

Please consider to use the installer from Gpg4win.org instead.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG 1.4.19 - Encryption Questions

[Werner Koch]

On Mon, 23 Mar 2015 17:29, criv...@merkleinc.com said:

> Question though - the gpg.conf file is optional?   If I want one I must 
> create it?  

Yes, it is optional.  If you have more than one key it is advisable to
create one and add 

--8<---cut here---start->8---
default-key 1234567812345678
encrypt-to  1234567812345678
keyid-format long
keyserver hkp://keys.gnupg.net
--8<---cut here---end--->8---

So that gpg knows which is your default key (in this example the one
with key id 1234567812345678), to which key all messages shall be
encrypted in addition to the recipients (so that you can decrypt your
own mails), that a keyserver shall be used, and finally to use the long
keyid format.

Depending on the mail program, you need to add an encrypt-to in any
case.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Enabling and using ECC keys (any reason not to?)

[Werner Koch]

On Thu, 26 Mar 2015 09:59, m...@confidantmail.org said:

> Is there any reason not to start using them? I have been reluctant to
> bundle version 2.1, because once people start using ECC keys, using

There is no deployed base of ECC capable OpenPGP implementation yet.
Thus ECC is not enabled by default becuase it does not make much sense
to ask people to create ECC keys if there is virtually nobody else who
is able to use it.

A second reason is that the plan is to use Ed25519/Curve25519 as the
default ECC curves instead of the NIST curves.  ECDH for Curve25519 is
not yet implemented  

> compatibility thing, or is the security of ECC keys not fully trusted
> yet?

Our ECC implementation might still be subject to side channel attacks
thus if that is part of your threat model you may want to wait a bit
longer.  However mitigating SCA is a never ending cops and gendarme game.

If you do not need to migrate an old inbstallation I would always
suggest to go with 2.1.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg 2.0.27 is updating the trustdb constantly, and taking minutes to do it

[Werner Koch]

On Fri, 27 Mar 2015 17:07, j...@jcea.es said:

> My problem is that any change to the pubring, like downloading a new
> key, refreshing, adding a new local signature with "--lsign", etc., will
> force a trustdb update (in the next execution. For instance, decrypting

A new key signature may chnage rthe entire WoT thus it needs to be
re-computed.  I have

  no-auto-check-trustdb

in my gpg.conf and 

  30   1 * * *   /usr/local/bin/gpg --batch --check-trustdb 2>/dev/null

in my crontab.  Thus tehre will be only one re-computation a day.

> As I said, my pubring.gpg is 34MB long. With gnupg 1.4.x it would take a
> few seconds only.

Which 1.4 version is this?


> PS: Bonus: how to get rid of
>
> """
> gpg: DBG: armor-keys-failed (KEY 0x010D6F3A BEGIN

Sorry for this.  It has already been fixed in the repo, see below.


Shalom-Salam,

   Werner


--8<---cut here---start->8---
commit 936416690e6c889505d84fe96983a66983beae5e
Author: Werner Koch 
Date:   Thu Feb 26 09:38:58 2015 +0100

gpg: Remove left-over debug message.

* g10/armor.c (check_input): Remove log_debug.

Modified   g10/armor.c
diff --git a/g10/armor.c b/g10/armor.c
index 6c0013d..de1726d 100644
--- a/g10/armor.c
+++ b/g10/armor.c
@@ -534,9 +534,6 @@ check_input( armor_filter_context_t *afx, IOBUF a )
 /* This is probably input from a keyserver helper and we
have not yet seen an error line.  */
 afx->key_failed_code = parse_key_failed_line (line+4, len-4);
-log_debug ("armor-keys-failed (%.*s) ->%d\n",
-   (int)len, line,
-   afx->key_failed_code);
   }
if( i >= 0 && !(afx->only_keyblocks && i != 1 && i != 5 && i != 6 )) {
hdr_line = i;
--8<---cut here---end--->8---


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg 2.0.27 is updating the trustdb constantly, and taking minutes to do it

[Werner Koch]

On Sat, 28 Mar 2015 19:58, dougb@dougbarton.email said:

> Just out of curiosity, do you have an ETA on a new release?

Nothing really important has changed since mid February except for a fix
in gpgtar - does anyone really use it on non-Windows?  (it has been
fixed in gpg4win).


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: What is 'CA fingerprint 1' on Smartcard

[Werner Koch]

On Tue, 31 Mar 2015 18:50, mailingl...@krebs.uno said:

> What is the CA fingerprint on FSFE-Smartcard?

  $ gpg -k 'C485 A6CD 7EC6 6E9E EC33  65F2 70F2 75E4 C32F 6CA5'
  pub   dsa1024/70F275E4C32F6CA5 2005-04-10 [expired: 2009-12-31]
  uid   [ expired] FSFE Fellowship (certification key) 

Back in 2005 the idea was to setup our own OpenPGP "CA" and the FSFE
prepared the cards for this (this is also one of the the reasons for the
PIN letter).  However, the folks responsible for the fellowship card
never came around to setup a process to actually run such a "CA" and
thus the whole thing got dusty.  I still have the CDROM with the private
key but I do not think that this expired key is of any use.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Instructions for converting keyring for 2.1

[Werner Koch]

On Sun, 29 Mar 2015 19:36, pe...@digitalbrains.com said:

> new keybox format. I discovered I needed --import-options import-local-sigs on
> the import command to also import my local signatures, which obviously is very

Thanks.  I just updated the web page.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Global changing of expiration date of mainkey and subkeys possible?

[Werner Koch]

On Tue,  7 Apr 2015 11:27, gnupgpac...@on.yourweb.de said:

> is there any way to change the expiration date of mainkey AND ALL attached
> subkeys by one action only (and not key-by-key)?

No.  Please file a feature requests at bugs.gnupg.org. if you think this
is important.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Email-only UIDs

[Werner Koch]

On Wed,  8 Apr 2015 17:50, jose.casti...@gmail.com said:

> share something that led me to this confusion initially. When I was
> considering an email-only UID, I ran up against the issue that in
> gnupg's default mode of operation, a name is required for a UID,

  $ gpg --dump-options | grep free
  --allow-freeform-uid

This options will help you.  With the next 2.1 release and if using the
keybox format (pubring.kbx) searching for mail addresses without angle
brackets will also work as expected.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

[Announce] GnuPG 2.1.3 released

[Werner Koch]

===

To guarantee that a downloaded GnuPG version has not been tampered by
malicious entities we provide signature files for all tarballs and
binary versions.  The keys are also signed by the long term keys of
their respective owners.  Current releases are signed by one or more
of these four keys:

  2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31]
  Key fingerprint = D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6
  Werner Koch (dist sig)

  rsa2048/E0856959 2014-10-29 [expires: 2019-12-31]
  Key fingerprint = 46CC 7308 65BB 5C78 EBAB  ADCF 0437 6F3E E085 6959
  David Shaw (GnuPG Release Signing Key) 

  rsa2048/33BD3F06 2014-10-29 [expires: 2016-10-28]
  Key fingerprint = 031E C253 6E58 0D8E A286  A9F2 2071 B08A 33BD 3F06
  NIIBE Yutaka (GnuPG Release Key) 

  rsa2048/7EFD60D9 2014-10-19 [expires: 2020-12-31]
  Key fingerprint = D238 EA65 D64C 67ED 4C30  73F2 8A86 1B1C 7EFD 60D9
  Werner Koch (Release Signing Key)

You may retrieve these files from a keyserver using this command

  gpg --keyserver hkp://keys.gnupg.net --recv-keys  \
  249B39D24F25E3B6 04376F3EE0856959 \
  2071B08A33BD3F06 8A861B1C7EFD60D9

The keys are also available at https://gnupg.org/signature_key.html and
in any recently released GnuPG tarball in the file g10/distsigkey.gpg .
Note that this mail has been signed using by a different key.


Internationalization


This version of GnuPG has support for 26 languages with Chinese,
Czech, French, German, Japanese, Russian, and Ukrainian being almost
completely translated (2062 different strings).


Documentation
=

If you used GnuPG in the past you should read the description of
changes and new features at doc/whats-new-in-2.1.txt or online at

  https://gnupg.org/faq/whats-new-in-2.1.html

The file gnupg.info has the complete user manual of the system.
Separate man pages are included as well but they have not all the
details available as are the manual.  It is also possible to read the
complete manual online in HTML format at

  https://gnupg.org/documentation/manuals/gnupg/

or in Portable Document Format at

  https://gnupg.org/documentation/manuals/gnupg.pdf .

The chapters on gpg-agent, gpg and gpgsm include information on how
to set up the whole thing.  You may also want search the GnuPG mailing
list archives or ask on the gnupg-users mailing lists for advise on
how to solve problems.  Many of the new features are around for
several years and thus enough public knowledge is already available.

You may also want to follow postings at https://gnupg.org/blob/.


Support


Please consult the archive of the gnupg-users mailing list before
reporting a bug <https://gnupg.org/documentation/mailing-lists.html>.
We suggest to send bug reports for a new release to this list in favor
of filing a bug at <https://bugs.gnupg.org>.  For commercial support
requests we keep a list of known service companies at:

  https://gnupg.org/service.html

If you are a developer and you may need a certain feature for your
project, please do not hesitate to bring it to the gnupg-devel mailing
list for discussion.


Thanks
==

We have to thank all the people who helped with this release, be it
testing, coding, translating, suggesting, auditing, administering the
servers, spreading the word, and answering questions on the mailing
lists.

Since the start of the funding campaign in December several thousand
people have been kind enough to donate a total of 25 Euro to support
this project.  In addition the Linux Foundation gave a grant of $ 6
for 2015, Stripe.com and Facebook.com each pledged $ 5 per year.

I am amazed by this superb and unexpected support for the GnuPG project.
This allowed us to continue the project, employ a second full time
developer, and gives us the resources to improve things which have been
delayed for too long.

Thank you all!


Salam-Shalom,

   Werner


p.s.
This is a announcement only mailing list.  Please send replies only to
the gnupg-users at gnupg.org mailing lists.

--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpygVF7d_xCJ.pgp
Description: PGP signature
___
Gnupg-announce mailing list
gnupg-annou...@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Build script problem with gnupg 2.1.3

[Werner Koch]

On Sun, 12 Apr 2015 00:24, m...@confidantmail.org said:

> However, the libgpg-error-prefix doesn't actually work. You have to use:
> --with-gpg-error-prefix=

Actually both should work.  But you are right, this is one of the most
durable bugs in GnuPG and Company.

The gpg-error.m4 macro is the reason for this and it was indeed not the
latest version.  I just updated it wich should fix the problem.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG 2.1.3 Fails to Compile OS X

[Werner Koch]

On Sun, 12 Apr 2015 00:29, dominyktil...@gmail.com said:

> =
> t-stringhelp.c:488:3: error: function definition is not allowed here
>   {
>   ^

Oh sorry, I didn't spotted the use of a nested function here.
Fix pushed and attsched.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
>From 454f60399c7318fffd3de2afadd58c7a490178bd Mon Sep 17 00:00:00 2001
From: Werner Koch 
Date: Mon, 13 Apr 2015 09:57:33 +0200
Subject: [PATCH] common: Do without nested fucntions to support non-gcc.

* common/t-stringhelp.c (test_strsplit): Remove nested function.

Signed-off-by: Werner Koch 
---
 common/t-stringhelp.c | 106 +-
 1 file changed, 54 insertions(+), 52 deletions(-)

diff --git a/common/t-stringhelp.c b/common/t-stringhelp.c
index f5b6cd9..9d1d20c 100644
--- a/common/t-stringhelp.c
+++ b/common/t-stringhelp.c
@@ -482,58 +482,60 @@ test_make_absfilename_try (void)
 static void
 test_strsplit (void)
 {
-  int test_count = 0;
-  void test (const char *s, char delim, char replacement,
-	 const char *fields_expected[])
-  {
-char *s2;
-int field_count;
-char **fields;
-int field_count_expected;
-int i;
-
-/* Count the fields.  */
-for (field_count_expected = 0;
-	 fields_expected[field_count_expected];
-	 field_count_expected ++)
-  ;
-
-test_count ++;
-
-/* We need to copy s since strsplit modifies it in place.  */
-s2 = xstrdup (s);
-fields = strsplit (s2, delim, replacement, &field_count);
-
-if (field_count != field_count_expected)
-  fail (test_count * 1000);
-
-for (i = 0; i < field_count_expected; i ++)
-  if (strcmp (fields_expected[i], fields[i]) != 0)
-	{
-	  printf ("For field %d, expected '%s', but got '%s'\n",
-		  i, fields_expected[i], fields[i]);
-	  fail (test_count * 1000 + i + 1);
-	}
-
-xfree (s2);
-  }
-
-  {
-const char *expected_result[] =
-  { "a", "bc", "cde", "fghi", "jklmn", "", "foo", "", NULL };
-test ("a:bc:cde:fghi:jklmn::foo:", ':', '\0', expected_result);
-  }
-
-  {
-const char *expected_result[] =
-  { "!a!bc!!def!", "a!bc!!def!", "bc!!def!", "!def!", "def!", "", NULL };
-test (",a,bc,,def,", ',', '!', expected_result);
-  }
-
-  {
-const char *expected_result[] = { "", NULL };
-test ("", ':', ',', expected_result);
-  }
+  struct {
+const char *s;
+char delim;
+char replacement;
+const char *fields_expected[10];
+  } tv[] = {
+{
+  "a:bc:cde:fghi:jklmn::foo:", ':', '\0',
+  { "a", "bc", "cde", "fghi", "jklmn", "", "foo", "", NULL }
+},
+{
+  ",a,bc,,def,", ',', '!',
+  { "!a!bc!!def!", "a!bc!!def!", "bc!!def!", "!def!", "def!", "", NULL }
+},
+{
+  "", ':', ',',
+  { "", NULL }
+}
+  };
+
+  int tidx;
+
+  for (tidx = 0; tidx < DIM(tv); tidx++)
+{
+  char *s2;
+  int field_count;
+  char **fields;
+  int field_count_expected;
+  int i;
+
+  /* Count the fields.  */
+  for (field_count_expected = 0;
+   tv[tidx].fields_expected[field_count_expected];
+   field_count_expected ++)
+;
+
+  /* We need to copy s since strsplit modifies it in place.  */
+  s2 = xstrdup (tv[tidx].s);
+  fields = strsplit (s2, tv[tidx].delim, tv[tidx].replacement,
+ &field_count);
+
+  if (field_count != field_count_expected)
+fail (tidx * 1000);
+
+  for (i = 0; i < field_count_expected; i ++)
+if (strcmp (tv[tidx].fields_expected[i], fields[i]) != 0)
+  {
+printf ("For field %d, expected '%s', but got '%s'\n",
+i, tv[tidx].fields_expected[i], fields[i]);
+fail (tidx * 1000 + i + 1);
+  }
+
+  xfree (s2);
+}
 }
 
 int
-- 
2.1.4

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Unusable secret key (adduid)

[Werner Koch]

On Sat, 11 Apr 2015 23:01, ivansun...@gmail.com said:
> Hello!
>
> I'm using OpenPGP card to store my secret keys on it. Now I'm adding a
> new UID to my key by running gpg2 --edit-key. What I've got is this

You need to insert your card to create a new UID.

> gpg: secret key parts are not available
> gpg: signing failed: Unusable secret key
>
> How to solve this?

Insert the card.   Check out that the card works by running 

  gpg --card-status



Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Windows installer for 2.1.3 (was: GnuPG 2.1.3 released)

[Werner Koch]

Hi,

I just uploaded an _experimental_ Windows installer with GnuPG 2.1.3:

 ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32-2.1.3_20150413.exe  (2539k)
 ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32-2.1.3_20150413.exe.sig

The exe has a SHA-1 checksum of

d5630904b3d68eddc2730a00bfc67d52658cbe7e  gnupg-w32-2.1.3_20150413.exe

I did only some quick tests and some basic stuff worked for me.

WARNING: This is a command line only version which does not even provide
a Pinentry.  Thus it is pretty useless unless you have installed your
own Pinentry.  A libgpgme is however included so that it can be used for
development.

A Pinentry is not provided so to avoid dependency problems with the Gtk+
or Qt+ libraries.  It would have been possible to include a simple
Windows pinentry and thus avoid dependencies on external libraries but
the one we have is too horrible for actual use.  A statically linked
version of a Pinentry is also too large.


Salam-Shalom,

   Werner


p.s.

The installer has been build using this complete source tarball:

 ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32-2.1.3_20150413.tar.xz  (9013k)
 ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32-2.1.3_20150413.tar.xz.sig

and the command 

  make -f ./build-aux/speedo.mk this-w32-installer

You need a complete and working mingw tool chain to do this.  You may
also prefer not to use the above source tarball but build it directly in
the same way I generated the source tarball, namely using

  make -f ./build-aux/speedo.mk w32-installer
  make -f ./build-aux/speedo.mk w32-source

which downloads all required packages, verifies their checksums, builds
the installer, and finally a complete source tarball.

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpnoi1CEe6xw.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: wiki.gnupg.org theme?

[Werner Koch]

On Tue, 21 Apr 2015 10:26, bernh...@intevation.de said:

> on the OpenPGP Summit last weekend, people suggested to me
> that we could make the wiki look better.

I'd appreciate if it looks similar to gnupg.org.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG 2.1.3 Fails to Compile OS X

[Werner Koch]

On Sat, 18 Apr 2015 21:35, b...@adversary.org said:

> e...@quot.po:54: 'msgid' and 'msgstr' entries do not both end with '\n'
> e...@quot.po:58: 'msgid' and 'msgstr' entries do not both end with '\n'

> but no need to paste them all in); obviously the cause is somewhere
> in those sed or make rules.  I'm just not certain of the right place

That script (po/quot.po) did not changed for more than a decade.  I
guess your sed is broken (did you recently update it)?


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG Summit news?

[Werner Koch]

On Wed, 22 Apr 2015 16:50, h...@guardianproject.info said:

> I was sorry to miss the GnuPG Summit.  Now I'm eager to hear any news from it 
> :)

Yeah, I should write a few lines about it.  However, some interesting
other bugs/features were mentioned and was districted by fixing/adding
them.  In the meantime you may want to read Bjarni's notes:

 https://www.mailpile.is/blog/2015-04-20_OpenPGP_Email_Summit.html


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Yubikey NEO OpenPGP advisory

[Werner Koch]

On Wed, 22 Apr 2015 18:06, andreas.schwier...@cardcontact.de said:

> And contrary to the Yubico position that this is a minor issue, I would
> call the circumvention of the PIN mechanism a major issue. If you loose
> the device, then you loose the key.

You mean anyone can use the key, right.  However, any simple malware can
be used to sniff on a user entering the PIN.  I doubt that most pinpad
readers can protect against this: It is easy to trick most users into
entering the PIN using the regular keyboard instead of the pinpad.  In
fact old version of GnuPG required this in certain cases.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Yubikey NEO OpenPGP advisory

[Werner Koch]

On Wed, 22 Apr 2015 20:27, andreas.schwier...@cardcontact.de said:

> Not sure about that. If I loose my card on the street or someone picks
> it from my pocket or my PC, than that is different from a malware attack

Given the rare use of smartcards for non-banking I bet malware is more a
problems.  But well, I agree that this is a severe bug.  They probably
downplay this bug because of the costs to replace all affected Yubikeys.

> Imagine a bank, SIM or electronic signature card with a malfunctioning
> PIN. Would you consider that a minor bug ? I don't see that this is

Reminds me of the problem with (German) banking cards which had an
easily guessable PIN due to broken BCD conversion code for a decade or
so.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG 2.1.3 Fails to Compile OS X

[Werner Koch]

On Thu, 23 Apr 2015 03:39, gni...@fsij.org said:

> In the git repo, we have an entry of po/e...@quot.po in the .gitignore,
> so, I think that it is not maintained in the repo.  When a developer

Right.  It was removed in 2004!

I expect that bug reports for a certain version a done using freshly
untarred and build tarball.  Thus no old stuff will be around.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG 2.1.3 Fails to Compile OS X

[Werner Koch]

On Thu, 23 Apr 2015 09:34, gni...@fsij.org said:

> If this is correct, I think that following patch fixes the problem.

I agree that this is could be the cause for the problem.

> diff --git a/po/Makefile.in.in b/po/Makefile.in.in

Changing that Makefile is not a good idea because it is a standard file
from gettext.  gnupg is at gettext 0.17 so let me try to update it to
0.19 and see whether the problem still persists.  IF so me should take
the problem to the gettext developers.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Notes from the first OpenPGP Summit

[Werner Koch]

Hi!

find below a text version of
https://gnupg.org/blog/20150426-openpgp-summit.html 


1 Notes from the first OpenPGP Summit
═

  On April 18/19 a bunch of OpenPGP folks met in Dreieich near Frankfurt
  to get to know themselves better and exchange experience in
  implementing and deploying OpenPGP based applications.

  During one of the meetings of our local group of regulars at the
  [Chaosdorf], I talked with Nico from Enigmail about the idea to get
  the few GnuPG frontend authors together for an informal meeting.  We
  agreed that this is would be useful and we decided to go for it in
  spring.  Due to the attention GnuPG received during the following
  [31C3] it turned out that the planned GPG meeting would grow to an
  OpenPGP summit with about 30 attendees.  We even had to reject several
  requests to join the meeting due to limited space and time constraints
  to prepare a larger meeting.  [Nico] took care of the organization and
  I am really glad that he kept me clear of this task.  Thanks.

  Our host was [Giegerich & Partner], an IT security company which does
  a proprietary Outlook plugin based on GnuPG.  Their local organization
  was excellent including snacks, beverages, a great self-made dinner,
  and shuttle service to the hotel and the airport.  Network access also
  worked flawlessly after having signed that usual German
  [Störerhaftung] disclaimer.  Thanks guys.

  After a welcome on Saturday morning from Nico and our host, I quickly
  explained the planned release schedule for GnuPG and explained a less
  known feature of GPA and Kleoptra, the [UI-Server].  We then started
  the presentations of the projects present: [Gpg4win], [Enigmail],
  Gpg4o, r2mail2, [OpenKeychain,] [GPG Tools], [Pixelated], [Whiteout],
  [Mailvelope,] [Mailpile], [End-to-end], [CaliOpen], and [Debian].

  It was really interesting to learn first hand about the rich
  environment around the OpenPGP protocol.  Although most developers
  knew about each other it was the first time they all came together to
  present their projects to their peers.  About half of the projects are
  using GnuPG as their backend engine with the others using one of the
  Javascript implementations for their OpenPGP core.

  The presentations answered a lot of questions but raised others which
  were discussed during the breaks and the wine and beer track in the
  evening.  Important topics were identified and put on the agenda for
  Sunday.

  One of these topics was the question whether to use PGP/MIME or to
  create a new format; with about the half of the group in favor of
  PGP/MIME.  It seems that some often used MUAs (mailers) have somewhat
  limited support even for regular MIME despite that this is a 22 years
  old and matured standard.  In particular webmail applications are
  quite limited in their MIME handling.  They have the easiest way to
  roll out fixed versions, though.  As usual I got into long debates
  with Bjarni from Mailpile on this.  This discussion was continued on
  Sunday in working groups on meta data encryption and encrypted search.

  Another topic was key distribution.  I decided not to join the
  respective working group on Sunday because this will be a too large
  topic for short working group.  During the Saturday presentations it
  became clear that the more centralized projects, like Whiteout and
  Google’s end-to-end, can more or less sidestep that problem due to the
  better control they have on the mail accounts.  The presentation from
  the End-to-end project was nevertheless interesting and probably
  sparked a few idea.

  Mobile clients are a primary, or even the only, target for most
  projects and thus discussions revolved around issues like reducing the
  amount of data to download from IMAP servers but still be able to show
  summaries of the mail content after decryption; or on how to
  efficiently and securely search through encrypted mails stored on a
  remote site.

  It would be quite useful to publish the results from the Sunday
  working groups as well as the group picture.  However they have not
  yet been collected; see below for updates.

  I appreciated the opportunity to meet the GPG Tools developers, who
  are very dedicated to make GnuPG working well on OS X.  I stressed the
  importance to actively participate on the GnuPG mailing list to keep
  information in sync.  One example may illustrate this: For years the
  adaption of GnuPG-2 on GNOME based systems has been hampered by the
  fact that the gnome-keyring-manager (GKR) tries to emulate gpg-agent
  and thus inhibits proper working of any advanced function of GnuPG
  (e.g. smartcards and gpgsm).  With Debian’s release of Jessie that
  problem will even be worse due to other desktop environments now also
  using GKR.  Given that the GKR developers are not willing to change
  their defaults, Neal, dkg, and me came up with a pragmatic solution
  for this problem on Saturday morning

Re: Notes from the first OpenPGP Summit

[Werner Koch]

On Mon, 27 Apr 2015 01:31, b...@pagekite.net said:
> Thanks for the write-up, Werner! :-)

Actually you have been much faster with your report
https://www.mailpile.is/blog/2015-04-20_OpenPGP_Email_Summit.html

>>   disappointed that many of the participants favored this closed
>>   invitation-only style summit and want the next meeting to happen the

> On the one hand, I suspect it would be very hard to maintain the
> excellent signal/noise ratio we had, in a completely open summit. On

Maybe.  We are used to work on mailing list and I would bet that in most
cases it is easier to ask too noisy participants to behave well during a
physical meeting than on mailing lists.  The IETF has quite some
experience with that and requires physical meetings for important tasks.

> Was the idea of having a mixed summit discussed? I think there was
> general consensus that we could probably skip the introductions next

Not that I know.  I left the session at some point, though.

> time, so perhaps one of the two days could be open and the other day
> closed for people who want to work together on specific issues?

As long has all participants may introduce a new attendee I would be
fine with such a scheme.  No need for strict registration rules.

> Or the group could fork, with the first day shared for talks and getting
> to know each other, and the second day forked into non-dev-friendly
> activities (crypto-parties, keysigning, introductory talks) scheduled

The problem is that at least for talks, those speakers would likely also
want to participate in the smaller working groups.

> out-reach, it's might not be a great idea.  But we do have a while until
> the next meetup is planned, so there is time to reconsider and think
> about whether we can find a way to preserve the focus of the group
> while still welcoming new people to the community.

Organizing a conference takes some time and thus we would need to start
with it soon.  In case people would agree to come again to Germany I
have an idea whom to ask to run such a conference.

> Although my politics and yours align, I think it might be a strategic
> mistake to exclude the closed-source folks from these discussions...

The GNU towers expect me to talk like this - but I am not always wearing
my GNUhat ;-)


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Generating GnuPG S/MINE key pair

[Werner Koch]

On Mon, 27 Apr 2015 22:07, dkbry...@gmail.com said:

> gpgsm: no issuer found in certificate
> gpgsm: basic certificate checks failed - not imported

Your root certificate is not valid.  An Issuer is required and that
issuer must match the Subject.  Also certain other fields are required
for a root certificate. I suggest to use a tool like tinyca2 to create
your own CA or use one of the scripts which come with OpenSSL to setup a
CA (you need a Unix shell on Windows, though).

gpgsm 2.1 has a much improve certifciate generation.  You may create a
self-signed certificate directly:

--8<---cut here---start->8---
$ gpgsm --gen-key
Please select what kind of key you want:
   (1) RSA
   (2) Existing key
   (3) Existing key from card
Your selection? 1
What keysize do you want? (2048) 
Requested keysize is 2048 bits
Possible actions for a RSA key:
   (1) sign, encrypt
   (2) sign
   (3) encrypt
Your selection? 1
Enter the X.509 subject name: CN=test cert
Enter email addresses (end with an empty line):
> 
Enter DNS names (optional; end with an empty line):
> 
Enter URIs (optional; end with an empty line):
> 
Create self-signed certificate? (y/N) y
These parameters are used:
Key-Type: RSA
Key-Length: 2048
Key-Usage: sign, encrypt
Serial: random
Name-DN: CN=test cert

Proceed with creation? (y/N) 
--8<---cut here---end--->8---

This works well on Windows - however the installer for 2.1.3 is a bit
experimental.

  gpgsm --export-secret-key-p8 -a KEYID

may then be used to export the private key in PKCS#8 format (what Apache
etc requires.



Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Notes from the first OpenPGP Summit

[Werner Koch]

On Tue, 28 Apr 2015 17:02, n...@walfield.org said:

> I've added a checkbox to pinentry that asks: "Cache password with GKR"
> and it is only shown if GKR is present.  So it's opt-in.

Good.  While you are at it: Please also add a checkbox to not hide the
passphrase in the entry field.  Being able to see what one types is very
convenient for long passphrases if you are anyway below a sheet while
typing

> I don't understand this "if".  GKR is implementing (a subset of) gpg
> agent's protocol.

[ Actually it implements what Robert Bihlmeyer's Quintuple-Agent did in
  1999.  It completely bypasses the design of gpg-agent where the
  passphrase caching is just an add-on. ]

> Also, the GPG Tools people (Mac OS) do something similar to GKR (but
> less invasive) so the modifications to the gpg core will help them as

Right, the OS X keychain seems to do the same what GKR does or vice
versa.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Building libgpg-error for powerpc64-e5500-linux-gnu

[Werner Koch]

On Tue, 28 Apr 2015 14:32, gborow...@advaoptical.com said:

> Can I somehow convince it to recognise powerpc64-e5500-linux-gnu as
> powerpc64-unknown-linux-gnu?

If both systems use the same ABI config.sub should have returned a
canonicalized versions.  If not we can use a new mechanism available in
1.19.  You need to change the code, though: In src/mkheader.c find the
function

--8<---cut here---start->8---
static char *
canon_host_triplet (const char *triplet)
{
  struct {
const char *name;
const char *alias;
  } tbl[] = {
{"i486-pc-linux-gnu", "i686-pc-linux-gnu" },
{"i586-pc-linux-gnu" },

{ NULL }
  };
--8<---cut here---end--->8---

and add a line

{"powerpc64-e5500-linux-gnu", "powerpc64-unknown-linux-gnu" },

before the {NULL} marker.  But do that only if you are sure both use the
same ABI.

Let me know if this works and I'll add it for 1.20.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Building libgpg-error for powerpc64-e5500-linux-gnu

[Werner Koch]

On Tue, 28 Apr 2015 17:55, gborow...@advaoptical.com said:

> And is there an architecture-independent and ABI-independent way of building 
> libgpg-error?

No.  I know that this change in libgpg-error is annoying but I decided
for it so to decouple libgpg-error's API from pthreads.  By not using
pthread mutexes directly using libgpg-error will be much easier.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users