Re: changing the default for --keyid-format [was: Re: getting an encrypted file to show what public key was used]

On May 29, 2012, at 3:34 PM, Daniel Kahn Gillmor wrote: > On 05/29/2012 02:18 PM, David Shaw wrote: >> The reason I bring it up is that using the v3 key attack, 64-bit key IDs >> have no particular benefit over 32-bit IDs for intentional collisions (i.e. >> an attacker gene

Re: no password needed to export secret-keys?

On Jun 4, 2012, at 10:27 AM, Sam Smith wrote: > > Hi. > > When I use the command: gpg --armor --output > --export-secret-keys > > shouldn't I be asked for the secret key's password before Export is allowed > to complete? I've tried this on both Windows 7 and Ubuntu Linux and I'm never > as

Re: Documentation bug

On Jun 8, 2012, at 3:04 PM, Robert J. Hansen wrote: > --no-for-your-eyes-only > Set the `for your eyes only' flag in the message. This causes > GnuPG to refuse to save the file unless the --output option is > given, and PGP to use a "secure viewer" with a claimed Tempest- >

Re: RFE: --update-before-use

On Jun 14, 2012, at 1:48 PM, Robert J. Hansen wrote: > Currently, users have a public keyring containing certificates acquired from > many different sources. These certificates are often out of date, sometimes > in minor ways, sometimes in large ones. Since many users now have always-on > and

Re: RFE: --update-before-use

On Jun 14, 2012, at 4:34 PM, Robert J. Hansen wrote: >> 1) If the keyserver (of whatever type) isn't reachable... > > As you say, easy to solve: agreed. > >> 2) Concern that enough people turning this feature on would add >> significant load to the keyserver network... > > An open question and

Re: RFE: --update-before-use

On Jun 15, 2012, at 12:33 PM, John Clizbe wrote: >> It's a similar problem in type as auto-key-retrieve or auto-key-locate, but >> it's a different problem in degree: both AKR and AKL fire only as needed >> (either when a key is needed for sig verification, or when a key is needed >> to encrypt to

Re: way to see what cipher/algo was used to create your key?

On Jun 17, 2012, at 9:16 AM, Sam Smith wrote: > I see that --edit-key > pref lists out preferences. I'm assuming the first S > is default cipher, first H is default algo, etc? so if a key is generated it > will use the first S, first H, etc. But why are all those other S and H > options listed?

Re: RFE: --update-before-use

On Jun 17, 2012, at 7:36 AM, Michel Messerschmidt wrote: > On Sat, Jun 16, 2012 at 05:32:36PM -0400, David Shaw wrote: >> Yes, I understand that spreading out keyserver requests can help avoid this >> sort of tracking, but remember that the keyserver URL feature allows the

Re: what key-bit length is the TWOFISH cipher in GnuPG?

On Jun 17, 2012, at 4:13 PM, Sam Smith wrote: > Doesn't the IETF openPGP standard call for 256-bit key for TWOFISH? > > Could someone verify that the TWOFISH cipher uses 256-bit key length in GnuPG? Yes. See section 9.2 of RFC-4880 for confirmation. David ___

Re: choice of encryption algorithms

On Jun 20, 2012, at 1:10 PM, John wrote: > Hello. > > When someone uses my public key to encrypt a message to me, what prevents > them from trying to use an encryption algorithm of his choice. In other > words, does the public key itself limit the options available to the person > sending the

Re: choice of encryption algorithms

On Jun 20, 2012, at 1:18 PM, Robert J. Hansen wrote: > On 6/20/12 1:10 PM, John wrote: >> When someone uses my public key to encrypt a message to me, what >> prevents them from trying to use an encryption algorithm of his choice. > > Nothing. They can use --cipher-algo to force whatever symmetri

Re: "SHA1 Protection" from way to see what cipher/algo was used to create your key?

On Jun 21, 2012, at 9:00 AM, Sam Smith wrote: > when running the command: gpg --list-packets > > there is an outputted line that reads: "SHA1 protection" > > I did some looking online and saw that this line stays even when people > change their hash algorithm to something else (like SHA2). >

Re: choice of encryption algorithms

On Jun 21, 2012, at 12:39 PM, Daniel Kahn Gillmor wrote: > On 06/21/2012 12:52 AM, Robert J. Hansen wrote: >> Please don't do this. It's error-prone. Those are machine-readable >> numbers, not human-readable ones. Use the human-readable ones: for >> instance, >> >> default-preference-list TWOF

Re: ideal.dll

On Jun 22, 2012, at 10:21 AM, ved...@nym.hush.com wrote: > Daniel Kahn Gillmor dkg at fifthhorseman.net wrote on > Thu Jun 21 22:38:31 CEST 2012 : > >> v3 keys have a serious > vulnerability in that their fingerprint mechanism is trivially > gamable, > so long keyid collisions are easy. > > The

Re: why is SHA1 used? How do I get SHA256 to be used?

On Jul 10, 2012, at 10:39 AM, Laurent Jumet wrote: > Hauke Laging wrote: > >> As Rob already mentioned: You need --personal-digest-preferences (which is >> just personal-digest-preferences in the config file). You put your favourite >> first, e.g.: > >> personal-digest-preferences SHA256,RIPEMD1

Re: cert-digest-algo clarification

On Jul 11, 2012, at 1:06 PM, Sam Smith wrote: > To make sure I understand correctly: > > 1) cert-digest-algo SHA256 = will use SHA256 to sign KEYS with regardless of > what preferences the key holder has stipulated > > 2) digest-algo SHA256 = will use SHA256 to sign MESSAGES with regardless of

Re: scope of standard authority (was: Re: How to "activate" gpg.conf entries?)

On Jul 11, 2012, at 11:09 AM, Hauke Laging wrote: > Am Mi 11.07.2012, 16:54:27 schrieb Kristian Fiskerstrand: > >> Note that as per RFC4880 this will still not remove SHA1[0: 13.3.2.] >> or 3DES[0: 13.2.], as these are appended tacitly to be able to ensure >> a matching set between implementation

Re: cert-digest-algo clarification

On Jul 12, 2012, at 8:41 AM, Sam Smith wrote: > regarding #1: you said there are no preferences. Assuming I don't set > cert-digest-algo, what is the HASH that is used to sign keys with? cert-digest-algo has no preferences (no ranked lists, etc). - it defaults to SHA-1, but you can override it

Re: asymmetry of 'adduid' and 'deluid'

On Jul 24, 2012, at 9:58 AM, ved...@nym.hush.com wrote: > Recently added a uid and deleted a uid to one of my keys. > > Found that to add a uid, gnupg asks for the passphrase, but to > delete a uid, it does not. > > (Doesn't really matter much, since the secret key is required for > both, > bu

Re: Possible bug in gpg?

On Jul 28, 2012, at 2:18 PM, Brad Tilley wrote: > Hi, > > I have a symmetrically encrypted pgp file here: > > http://16s.us/word_machine/downloads/pgp-easy.tgz.pgp > > gpg will accept the three characters !=X as the password and exit with a > return status of 0 (although it does not actually de

Re: Possible bug in gpg?

On Jul 29, 2012, at 9:29 AM, Johan Wevers wrote: > On 29-07-2012 6:48, David Shaw wrote: > >> To combat this, OpenPGP has two "quick check" bytes in the encrypted data >> packet. >> Basically, they're a repetition of two random bytes from earlier in >

Re: Oracle behavior in Gnupg? // (was 'possible bug in gpg?')

On Jul 30, 2012, at 10:45 AM, ved...@nym.hush.com wrote: > While playing around with --override-session key , have noticed > that gpg gives many different sets of error messages when trying > out different session keys. [examples] > Borh examples give error messages identical to the first one,

Re: Malformed Revokation Certificate?

On Aug 8, 2012, at 5:24 AM, Jay Litwyn wrote: > On 2012-08-08 2:20 AM, Peter Lebbing wrote: >> On 07/08/12 15:18, Jay Litwyn wrote: >>> I submitted this revokation certificate to a couple of servers and >>> they said it was malformed, >>> and I had trouble guessing how to generate anything differe

Re: Malformed Revokation Certificate?

On Aug 9, 2012, at 4:46 AM, Werner Koch wrote: > On Wed, 8 Aug 2012 22:53, ds...@jabberwocky.com said: > >> If you want the keyservers to accept them, you need to talk to the >> keyserver folks. As this is an extension, they aren't required to >> support it. > > Actually it is good thing that

Re: RNG: is it possible to spoil /dev/random by seeding it from (evil) TRNGs (was: howto secure older keys after the recent attacks)

hether a malicious (or just bad) > entropy source could spoil the kernel's RNG. > > Ted Ts'o, who currently maintains that part said (see the thread) he > wouldn't know any way how that could be done, but... > > > On Thu, 2009-09-10 at 22:35 -0400, David Shaw w

Re: Is the signature encrypted

On Nov 5, 2012, at 4:57 AM, HardKor wrote: > Hello, > > I would like to know if when I send an encrypted and signed message the > signature is also encrypted or not ? It is. You can manually construct other arrangements if you so desire, but the built in "--sign --encrypt" in GPG is: enc

Re: Is the signature encrypted

On Nov 5, 2012, at 9:47 AM, Hauke Laging wrote: > Am Mo 05.11.2012, 09:39:52 schrieb David Shaw: > >>> I would like to know if when I send an encrypted and signed message the >>> signature is also encrypted or not ? >> It is. You can manually construct other

Re: Is the signature encrypted

On Nov 5, 2012, at 10:29 AM, Hauke Laging wrote: > Am Mo 05.11.2012, 10:01:02 schrieb David Shaw: > >> Virtually always you *want* your signature to be encrypted. > > Why? What critical information is exposed by the signature, assuming I do not > forge the from address?

Re: Is the signature encrypted

On Nov 5, 2012, at 11:44 AM, ved...@nym.hush.com wrote: > On Monday, November 05, 2012 at 9:44 AM, "David Shaw" > wrote: > >> the built in "--sign --encrypt" in GPG is: >> >> encrypt ( compress ( sign ( data ) ) ) > > = > > The

Re: setting primary UID of other's keys and allowing direct UID subaddressing

On Nov 16, 2012, at 12:02 AM, Hauke Laging wrote: > Thus I would like to suggest two changes to gpg: > > 1) Allow a configuration (external to the key like the ownertrust) to set the > UID to be used as primary UID in the local system. In order to get the > current > behaviour a new option w

Paperkey with ECC support

Hi folks, I've updated paperkey to work with elliptic curve OpenPGP keys. I would really appreciate it if anyone out there could give this devel version a try (either with ECC or regular keys, or ideally both). Source: http://www.jabberwocky.com/software/paperkey/paperkey-1.3-devel.tar.gz Sour

Re: [Sks-devel] SRV records and HKPS requests

On Oct 6, 2012, at 10:20 PM, Phil Pennock wrote: > GnuPG folks (since this is cross-posted, if my mail makes it through): > > there is a bug in GnuPG's SRV handling, I've identified where I think > it is, it's in the second block of text from me; the first part of this > mail relates to SKS and

Re: [Sks-devel] SRV records and HKPS requests

On Dec 2, 2012, at 7:59 PM, Phil Pennock wrote: > On 2012-12-02 at 10:23 -0500, David Shaw wrote: >> On Oct 6, 2012, at 10:20 PM, Phil Pennock >> wrote: >>> GnuPG folks (since this is cross-posted, if my mail makes it through): >>> >>> there is a bu

Re: [Sks-devel] SRV records and HKPS requests

On Dec 3, 2012, at 2:00 AM, Phil Pennock wrote: > On 2012-12-02 at 23:46 -0500, David Shaw wrote: >> Hmm. Were you intending to test with the internal HTTP support or >> with libcurl? You're currently built with internal support: > > Ah. I couldn't tell

Re: [Sks-devel] SRV records and HKPS requests

On Dec 7, 2012, at 2:40 AM, Phil Pennock wrote: > On 2012-12-05 at 23:32 -0500, David Shaw wrote: >> It's working, it's just misleading since the SRV replacement happens >> after the debug logging so the actual URL that is hit is not the one >> that is being logge

Paperkey 1.3

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi folks, Paperkey 1.3 is released. This adds ECC key support (both ECDH and ECDSA) as well as a few more minor tweaks. Source and Win32 binaries are available at: http://www.jabberwocky.com/software/paperkey/ Enjoy! David -BEGIN PGP SIGNATU

Re: "New" packet headers and gpg

On Jan 3, 2013, at 9:53 PM, Stephen Paul Weber wrote: > Is there a set of switches to tell gpg or gpg2 to produce "new" packet length > headers for output? Specifically > . No. GPG automatically uses the old packet headers for those packets

Re: gnupg not working with RHEL 4

On Jan 3, 2013, at 2:37 PM, Anilkumar Padmaraju wrote: > Hi, > > This is an important issue for me. I would really appreciate, if any one can > help. > > Server 1: > I have a server with Red Hat Enterprise Linux AS release 4 (Nahant Update 5) > and having gnupg version 1.2.6. > > > When I

Re: "New" packet headers and gpg

On Jan 4, 2013, at 9:39 AM, Stephen Paul Weber wrote: > Somebody claiming to be David Shaw wrote: >> On Jan 3, 2013, at 9:53 PM, Stephen Paul Weber >> wrote: >>> tell gpg or gpg2 to produce "new" packet length headers for output? >> >> No. GPG

Re: Paperkey 1.3

On Jan 4, 2013, at 4:01 AM, Branko Majic wrote: > On Thu, 3 Jan 2013 23:42:07 -0500 > David Shaw wrote: > >> Paperkey 1.3 is released. This adds ECC key support (both ECDH and >> ECDSA) as well as a few more minor tweaks. >> >> Source and Win32 bi

Re: Paperkey 1.3

On Jan 4, 2013, at 9:27 AM, Johan Wevers wrote: > On 04-01-2013 5:42, David Shaw wrote: > >> Paperkey 1.3 is released. > > You might want to update the website, it reads a bit outdated. > CD/DVD-ROMs are going the way of the floppy disc; flash memory is much > more reli

Re: Paperkey 1.3

On Jan 4, 2013, at 12:16 PM, "I.V. Frost" wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Am I the only having trouble both the key for this message and the one with > the binaries? My installation tells me it is not Key ID: 0x99242560 but key > 0xA1BC4FA4 which is not fou

Re: gnupg not working with RHEL 4

On Jan 4, 2013, at 12:34 PM, Anilkumar Padmaraju wrote: > Thank you very much, David. > > Our other server is having 1.4.5 and to be consistent want to go from 1.2.6 > to 1.4.5. > > Can I go ahead and update gnupg from 1.2.6 to 1.4.5 on "Red Hat Enterprise > Linux AS release 4 (Nahant Update

Re: simple-sk-checksum

On Jan 4, 2013, at 4:37 PM, Stephen Paul Weber wrote: > The manpage for gpg sez: > >> Secret keys are integrity protected by using a SHA-1 checksum. This >> method is part of the upcoming enhanced OpenPGP specification but GnuPG >> already uses it as a countermeasure against certain attac

Re: paperkey // recommended OCR font ?

On Jan 4, 2013, at 1:06 PM, ved...@nym.hush.com wrote: > My scanner is broken (lamp problem) and the multifunction printer hasn't > arrived yet ;-( so I can't test this myself. > > > Has anyone tested Paperkey by scanning it in, having the OCR recognize it > without error, and then successful

Re: Paperkey 1.3

On Jan 7, 2013, at 11:05 AM, David Smith wrote: > On 01/04/13 17:31, David Shaw wrote: >> Sure, paperkey supports piping the output into whatever code generator you >> like: >> >> gpg --export-secret-key mykey | paperkey --output-format raw | >> your-bar-code

Re: gpg: WARNING: message was not integrity protected - MDC

On Jan 31, 2013, at 8:29 AM, perhop wrote: > Hi > > This has been discussed before and I have an question referring to this. > Short summary: > > A customer encrypts data with our public key, we receive the file and we > attempt to decrypt it. The decrypt step seems to work but we get a warning

Re: influence of signature type on trustdb

On Feb 7, 2013, at 5:12 AM, Niels Laukens wrote: > Hi, > > I'm trying to figure out what the influence is of the different > signature types (0x10-0x13). As far as I can tell, they only _indicate_ > the signers trust in his own sig, but isn't used in any way by GPG. Is > this correct? Basically

Re: influence of signature type on trustdb

On Feb 7, 2013, at 9:56 AM, Niels Laukens wrote: > On 2013-02-07 15:09, David Shaw wrote: >> On Feb 7, 2013, at 5:12 AM, Niels Laukens wrote: >> >>> Hi, >>> >>> I'm trying to figure out what the influence is of the different >>> sign

Re: Best way to catch INSECURE unverified sig status when shelling out to gpg?

On Feb 9, 2013, at 6:09 PM, Grant Olson wrote: > I'm currently writing a plugin that allows you to OpenPGP sign/verify > ruby software packages: > > https://github.com/grant-olson/rubygems-openpgp > > Right now I'm just shelling out to gpg and checking the status code to > determine success or

Re: how to use invald e-mail?

On Feb 12, 2013, at 11:20 AM, refresh...@tormail.org wrote: > When key is created gpg asks for e-mail address and it must be in proper > format email@domain. > > I saw keys without valid email already. > > How to do it? gpg --allow-freeform-uid --gen-key --allow-freeform-uid

Re: default keyring file formats

On Feb 19, 2013, at 9:27 PM, John A. Wallace wrote: > A lot of the documentation I see online includes references to files with > names like “foo.pub” or “foo.sec” as if these were public key rings and > secret key rings. However, I am accustomed to seeing keyrings like > “pubring.gpg” and “se

Re: IDEA License

On Mar 25, 2013, at 8:46 AM, Jan Chaloupecky wrote: > Hi, > is the IDEA algorithm licensed? Under which conditions am I allowed to use > the idea extension in a commercial product? It was a patented algorithm which required a license. The patent has since expired (and in fact it was difficult

Re: Privacy concerns

or me, if I made a work key, I'd probably cross sign (or at least sign my work key using my personal key) as it would give a better path to the work key in the web of trust. At the same time, though, if I made a key for a particular community where I wasn't directly known as "Davi

Re: Confusion with signature digest type.

On Apr 26, 2013, at 12:18 PM, Mason Loring Bliss wrote: > On Thu, Apr 25, 2013 at 11:47:49PM -0400, Robert J. Hansen wrote: > >> A preimage attack on SHA-1 is my house being on fire: avoiding SHA-1 for >> self-signatures is making sure to turn off the coffeepot. > > While I agree with what you'

Re: cleartext signature: digest determination

On Jun 19, 2013, at 8:19 AM, Hauke Laging wrote: > Hello, > > in RfC4880 I read this: > > https://tools.ietf.org/html/rfc4880#section-7 > > «If the "Hash" Armor Header is given, the specified message digest > algorithm(s) are used for the signature. If there are no such headers, MD5 > is

Re: How to detect fingerprint and type of the key from pubring.gpg(public keyring file)?

On Aug 1, 2013, at 6:58 PM, Martin T wrote: > Hi, > > RIPE(RIR in European region) database allows one to upload ASCII armored PGP > public keys: http://www.ripe.net/data-tools/support/security/pgp Server-side > software is able to generate some "key-cert" object attributes automatically. > F

Re: How to detect fingerprint and type of the key from pubring.gpg(public keyring file)?

On Aug 2, 2013, at 3:56 AM, Martin T wrote: > Hi, > > thanks for the reply! > >>> I think "method" in the example above is just indicating that this is a PGP >>> key. > > Exactly. However, how does RIPE server-side software detect that it's > a PGP key? Is this information(besides other infor

Re: Is it possible to sign a key again after revoking a signature?

On Aug 2, 2013, at 1:17 AM, Philip Jägenstedt wrote: > Hi all, > > I'm new to GnuPG and have probably been a little too ambitious for my > own good. I originally signed key AB4DFBA4 at level 3 after a meetup, > but was later paranoid that I was too lax and wanted to resign it at > level 2, but d

Re: Identifying your private key by the public KeyID

On Aug 6, 2013, at 6:38 AM, Kenneth Jones wrote: > > Good day, and hello to the autoresponder (%]##{}#%^!!!) (just my opinion, > mind you). > I've been toying with PGP GPG GnuPG and whatever on and off since mid 1995, > but recently have become interested again as the political situation in th

Re: Identifying your private key by the public KeyID

On Aug 6, 2013, at 9:22 AM, Kenneth Jones wrote: > I'm referring to the information you see for example in the prompt to > enter your private key when you have received an encrypted message in > Thunderbird/Enigmail. The window "pinetry" prompts "Please enter the > pass...2048-bit RSA key, ID DEA

Re: Question about notations and domains

On Aug 8, 2013, at 5:17 PM, Khelben Blackstaff wrote: > Greetings. > > I am sorry if this is already answered but i could not find anything > relevant in the archive. > > Quick introduction: I got a new smart card and reader so i thought to > create a temporary test key and document on my blog

Re: Question about notations and domains

On Aug 9, 2013, at 2:43 AM, Khelben Blackstaff wrote: > I only replied to Mr. Shaw and not to the list so i send this again. > > On Fri, 9 Aug 2013 00:09:29 -0400 > David Shaw wrote: > >> There are two namespaces here. If a tag is defined by the IETF >> process,

Re: understanding GnuPG "--clearsign" option

On Aug 12, 2013, at 4:40 AM, Martin T wrote: > Hi, > > one can sign the message with "--clearsign" option which adds ASCII > armored(Radix-64 encoding) "PGP signature" at the end of the text. > This "PGP signature" contains the UID of the signer, timestamp and key > ID. However, two questions: >

Re: suspicious key found

On May 16, 2017, at 9:47 AM, Janne Inkilä wrote: > > I made a key search with my name and found something suspicious. > > The search: > > https://pgp.mit.edu/pks/lookup?search=janne+inkila&op=index&fingerprint=on > > I have used my old key since 2007. Fingerprint F4DB 40F8 BF22 8B9D 9B8F F679

Re: GnuPG public key vulnerability?

On Oct 31, 2017, at 8:10 PM, murphy wrote: > > I got a signed notification from facebook (good signature, enigmail) > that claims my GnuPG generated public key has a "recently disclosed > vulnerability". This is the full text: > > We have detected that the OpenPGP key on your Facebook profile m

Re: [paperkey] Always output "interrupt"

On Jun 20, 2018, at 5:14 AM, Damien Cassou wrote: > > Hi, > > The output of paperkey is just "interrupt" instead of being a printable > output. I've tried to use paperkey on 2 different main private keys and > failed twice. I tried with both the Fedora package and from paperkey's > source. Same

Re: [paperkey] Always output "interrupt"

On Jun 20, 2018, at 11:28 AM, Damien Cassou wrote: > > David Shaw writes: >> Which version of paperkey is this? > > both the version from source and from Fedora package are 1.5. > >> If that doesn't resolve your problem, can you send me a sample secret >

Re: disgest-algo question

On Tue, Mar 15, 2005 at 09:29:03AM -0400, Terry Soucy wrote: > Hi All, > > I have added an RSA subkey to my key so that I can sign messages with the > SHA256 Algo. I have made sure that my version of gpg supports SHA256. My > problem comes when I add digest-algo sha256 to my gpg.conf file, my

Re: [Announce] GnuPG 1.4.1 released

On Tue, Mar 15, 2005 at 07:43:38PM -0500, Jason Harris wrote: > On Tue, Mar 15, 2005 at 03:31:03PM -0800, Doug Barton wrote: > > Werner Koch wrote: > > > | We are pleased to announce the availability of a new stable GnuPG > > | release: Version 1.4.1 > > > > Passes all tests on FreeBSD 4.11-Stabl

Re: [Announce] GnuPG 1.4.1 released

On Tue, Mar 15, 2005 at 05:33:11PM -0700, Kurt Fitzner wrote: > Werner Koch wrote: > > We are pleased to announce the availability of a new stable GnuPG > > release: Version 1.4.1 > > Does this release correct the bug when using > --delete-secret-and-public-keys in expert mode where only the publi

Re: gpg: WARNING: Using untrusted key!

On Wed, Mar 16, 2005 at 08:15:15PM -0800, Melissa Reese wrote: > Hi, > > I'm getting a peculiar warning message when I verify signed messages; > even messages signed using my own keys (GnuPG v1.4.1). Here's a sample > verification of one of my own messages: > > gpg: armor header: Hash: RIPEMD160

Re: gpg: WARNING: Using untrusted key!

On Wed, Mar 16, 2005 at 08:59:34PM -0800, Melissa Reese wrote: > Hi David, > > On Wednesday, March 16, 2005, at 8:49:01 PM PST, you wrote: > > > It means that you have "--trust-model always" set. GnuPG is warning > > you that it isn't checking trust. > > Thanks! I'll remove that option from my c

Re: [Announce] GnuPG 1.4.1 News

On Thu, Mar 17, 2005 at 03:55:23PM -0500, Jason Harris wrote: > On Tue, Mar 15, 2005 at 06:22:11PM +0100, Werner Koch wrote: > > > I forgot to insert the NEWS for 1.4.1; there are actually not that > > many as those for the last release. Here we go: > > > * New "import-unusable-sigs" and "expo

Re: How to create self-decrypting executable?

On Thu, Mar 17, 2005 at 04:09:41PM -0500, Rusty Shackleford wrote: > My office uses PGP to create self-extracting executable files. > > I found the -c option for GPG which encrypts with a symmetric key, but > this doesn't seem to do the next step of making the encrypted data an > executable progra

Retaining expired sigs

On Thu, Mar 17, 2005 at 05:10:31PM -0500, Jason Harris wrote: > On Thu, Mar 17, 2005 at 04:15:29PM -0500, David Shaw wrote: > > On Thu, Mar 17, 2005 at 03:55:23PM -0500, Jason Harris wrote: > > > On Tue, Mar 15, 2005 at 06:22:11PM +0100, Werner Koch wrote: > > > >

Re: Retaining expired sigs

On Thu, Mar 17, 2005 at 11:18:26PM -0500, Jason Harris wrote: > On Thu, Mar 17, 2005 at 05:31:41PM -0500, David Shaw wrote: > > On Thu, Mar 17, 2005 at 05:10:31PM -0500, Jason Harris wrote: > > > > It was my impression that expired sigs would be retained by default. > >

Re: [Announce] GnuPG 1.4.1 released

On Fri, Mar 18, 2005 at 01:48:46PM +0100, Carlo Luciano Bianco wrote: > Il /15 mar 2005/, *Werner Koch* ha scritto: > > > We are pleased to announce the availability of a new stable GnuPG > > release: Version 1.4.1 > > Thanks, Werner. It builds fine with MinGW/MSYS, even using the new libcurl >

Libcurl (was Re: [Announce] GnuPG 1.4.1 released)

On Fri, Mar 18, 2005 at 06:09:11PM +0100, Carlo Luciano Bianco wrote: > > With libcurl as well? Excellent. > > Yes, David, with libcurl as well. I used the ready-to-run libcurl mingw > library described on my page. The resulting gpgkeys_curl.exe depends on > libcurl.dll, so I think it is actua

Re: Retaining expired sigs

On Fri, Mar 18, 2005 at 12:30:32PM -0500, Jason Harris wrote: > > It is not good design to hamper the majority of users to please the > > minority of users who like to calculate key signing statistics. In > > Everyone who feels expiring signatures hamper their keys should > raise the issue with

Re: Retaining expired sigs

On Fri, Mar 18, 2005 at 02:06:46PM -0500, Jason Harris wrote: > On Fri, Mar 18, 2005 at 01:23:39PM -0500, David Shaw wrote: > > On Fri, Mar 18, 2005 at 12:30:32PM -0500, Jason Harris wrote: > > > > Everyone who feels expiring signatures hamper their keys should > > &

Re: Searching Mail Archives

On Fri, Mar 18, 2005 at 03:27:11PM -0600, Grimes, Dean wrote: > Is there a mail archive search function/screen that allows searching the > mail archive for specific key words? I'm new to GnuPG and would like get > more familiar with the application without asking 500 questions right off > the bat.

Re: Retaining expired sigs

On Sat, Mar 19, 2005 at 12:22:54AM -0500, Jason Harris wrote: > > Removing superceded signatures, however, re-raises the semantic > > questions I asked in my last mail. What algorithm runs first: the > > "remove superceded" or "remove expired"? Depending on which runs > > first, you can get a di

Re: Retaining expired sigs

On Sat, Mar 19, 2005 at 12:02:45PM -0500, Jason Harris wrote: > On Sat, Mar 19, 2005 at 01:24:13AM -0500, David Shaw wrote: > > On Sat, Mar 19, 2005 at 12:22:54AM -0500, Jason Harris wrote: > > > > c) Always keep the latest (valid) signature from a given issuer, even

Re: Retaining expired sigs

On Sat, Mar 19, 2005 at 03:25:32PM -0500, Jason Harris wrote: > > about the same thing. Given this case: > > > >non-revocable sig1-Jan-2000 > >revocable sig2-Jan-2000 > >revocation 3-Jan-2000 > > > > One way of looking at this is the end result is n

Re: Revoking a key using the designated revoker

On Sun, Mar 20, 2005 at 12:03:37PM +0100, David Lorch wrote: > Hi all, > > GPG provides an option to add a designated revoker to a key. > Having designated my primary key as revoker for a smart card key, I > would like to know how I can actually revoke the latter should I lose > its secret key (th

Re: Retaining expired sigs

On Sun, Mar 20, 2005 at 12:18:42PM -0500, Jason Harris wrote: > On Sat, Mar 19, 2005 at 10:35:47PM -0500, David Shaw wrote: > > On Sat, Mar 19, 2005 at 03:25:32PM -0500, Jason Harris wrote: > > > > The sig. of 1-Jan-2000 is valid and usable. It can only be ignored

Re: Retaining expired sigs

On Sun, Mar 20, 2005 at 03:10:44PM -0500, Jason Harris wrote: > > Seriously, think about it: > > > >non-revocable sig 1-Jan-2000 > >expiring sig2-Jan-2000 (expires 10-Jan-2000). > > > > Now, say it's January 3rd. According to what you want, the signature > > that gets

Re: Retaining expired sigs

On Sun, Mar 20, 2005 at 11:32:06PM +0100, Nicolas Rachinsky wrote: > * David Shaw <[EMAIL PROTECTED]> [2005-03-20 13:37 -0500]: > > Seriously, think about it: > > > >non-revocable sig 1-Jan-2000 > >expiring sig2-Jan-2000 (expires 10-

Re: Retaining expired sigs

On Sun, Mar 20, 2005 at 11:07:50PM -0500, Jason Harris wrote: > I really don't think it is worth trying to protect against these > scenarios. A user can simply remove any non-revocable sigs they > don't want in their local keyring. As soon as you posit a user who is going to edit their local key

Re: Question about ultimate trust

On Sun, Mar 20, 2005 at 01:12:33PM +0800, Zuxy wrote: > Hi List, > > Not until recently did I notice that I can trust any key ultimately, > even those without secret part. Isn't ultimate trust expected to be > assigned exclusively to my own keys? Not necessarily. You can set ultimate trust to an

Re: Retaining expired sigs

On Mon, Mar 21, 2005 at 01:41:46PM -0500, Jason Harris wrote: > As you seem to have concluded, that fact takes precedence in my > logic, and as I have concluded, it seems to take no precedence in > yours. I can only conclude that we are talking completely past one another. You do seem to be very

Re: Libcurl (was Re: [Announce] GnuPG 1.4.1 released)

On Sun, Mar 20, 2005 at 04:18:35PM +0100, Carlo Luciano Bianco wrote: > 1) It seems that, when running a subprocess like a gpgkeys_*.exe, gpg.exe > does not pass it the environment variables. Most notably, it does not pass > the system %PATH%. Both gpg.exe and gpgkeys_*.exe depends on many dlls >

Re: Multiple Subkeys/UIDs

On Mon, Mar 21, 2005 at 01:28:30PM -0600, Grimes, Dean wrote: > Is this possible to do with GnuPG? It wise to do something like this? Is > there anyone else besides me who has this situation or one similar? If so, > how did you/they solve the problem? Any help would be greatly appreciated. There

Re: 1.4.0a won't retrieve key from keyserver?

On Wed, Mar 16, 2005 at 10:32:51AM -0500, Jason Markley wrote: > David, > >Sorry to bring this back up when it's supposed to be fixed, but with > 1.4.1 I'm still having the same issue as before. Do you know what bug # > it was specifically that was 'fixed'? Thanks. I'm not sure if it ever

Re: Multiple Subkeys/UIDs

On Mon, Mar 21, 2005 at 04:25:07PM -0600, Grimes, Dean wrote: > >You mention that all data enters the central location encrypted, but is > then decrypted ("for processing") and then re-encrypted. > > The processing script would most likely decrypt the file piping the output > into the processing p

Re: signature level

On Mon, Mar 21, 2005 at 10:52:07PM +0100, Janusz A. Urbanowicz wrote: > How is signature level specification done in 1.4+? By default, GnuPG does not prompt you for a signature level. If you want to be prompted, use '--ask-cert-level'. If you want to specify, but not be prompted each time, use '

Re: Libcurl (was Re: [Announce] GnuPG 1.4.1 released)

On Tue, Mar 22, 2005 at 12:18:03AM +0100, Carlo Luciano Bianco wrote: > Il /21 mar 2005/, *David Shaw* ha scritto: > > > On Sun, Mar 20, 2005 at 04:18:35PM +0100, Carlo Luciano Bianco wrote: > > > >> 1) It seems that, when running a subprocess like a gpgkeys_*.exe, gp

Re: signature level

On Tue, Mar 22, 2005 at 12:06:30PM +0100, Johan Wevers wrote: > David Shaw wrote: > > >By default, GnuPG does not prompt you for a signature level. If you > >want to be prompted, use '--ask-cert-level'. > > And the default, without specifying and without the o

Re: Libcurl (was Re: [Announce] GnuPG 1.4.1 released)

On Tue, Mar 22, 2005 at 01:15:15PM +0100, Carlo Luciano Bianco wrote: > [...] > (gdb) bt > #0 0x77c16137 in strdup () from C:\WINDOWS\system32\msvcrt.dll > #1 0x003d52e0 in ?? () > #2 0x0022f088 in ?? () > #3 0x69f51e6d in libcurl!curl_slist_free_all () from > c:\programmi\mingw\bin\libcurl.d

<    2   3   4   5   6   7   8   9   10   11   >