On Thu, Jul 28, 2005 at 11:33:24PM +0200, Tobias Eichert wrote:
> Hello,
>
> I have multiple self signatures within my key and I haven't
> found a reason yet. I usually don't self-sign my key several
> times (well, at least I'm not aware of it). :)
>
> http://pgpkeys.pca.dfn.de:11371/pks/lookup?o
On Tue, Aug 09, 2005 at 06:22:57PM +0200, Folkert van Heusden wrote:
> Hi,
>
> How can I remove revoked and/or expired signatures from my public key?
> E.g. keys like these:
> sig X CA57AD7C 2005-07-15 PGP Global Directory Verification Key
gpg --edit-key (your key)
clean
David
_
On Tue, Aug 09, 2005 at 07:10:02PM +0200, Folkert van Heusden wrote:
> > > How can I remove revoked and/or expired signatures from my public key?
> > > E.g. keys like these:
> > > sig X CA57AD7C 2005-07-15 PGP Global Directory Verification Key
> > gpg --edit-key (your key)
> > clean
>
> Do
On Tue, Aug 09, 2005 at 07:09:30PM +0200, Mark Kirchner wrote:
> Hi Michael,
>
> On Tuesday, August 9, 2005, 6:41:14 PM, Michael wrote:
> >> How can I remove revoked and/or expired signatures from my public key?
> >> E.g. keys like these:
> >> sig X CA57AD7C 2005-07-15 PGP Global Directory
On Wed, Aug 17, 2005 at 11:49:43AM +0200, Olaf Gellert wrote:
> Hi all,
>
> I tried to verify the detached signature for a file
> using GPG 1.4.0 (on SuSE 9.3). GPG told me that it was
> a bad signature:
>
> > gpg --verify libprelude-0.9.0-rc11.tar.gz.sig
>
> Output:
> gpg: Signature made Mon 01
On Mon, Aug 15, 2005 at 08:53:08PM +0930, Alphax wrote:
> I imported the key with GPG 1.4.2 with:
>
> import-options repair-pks-subkey-bug import-clean-sigs import-clean-uids
>
> set in gpg.conf and it gave the "assuming bad signature" thing, then
> carried on as normal. Re-importing it through G
On Mon, Aug 22, 2005 at 07:20:50PM -0700, Parag Mehta wrote:
> can some one help me understand this. why do i get this on every new
> release of gnupg that i start using when a new release is available. is
> there way to fix this permanently ?
>
> gpg: algorithms on these user IDs:
> gpg:
On Wed, Aug 24, 2005 at 03:52:07PM +0200, Håkan Markör wrote:
>
> Hi
>
> >gpg --version
> gpg (GnuPG) 1.4.1
> Copyright (C) 2005 Free Software Foundation, Inc.
> This program comes with ABSOLUTELY NO WARRANTY.
> This is free software, and you are welcome to redistribute it
> under certain conditi
On Wed, Aug 24, 2005 at 03:07:17PM +0200, Klaus Singvogel wrote:
> I noticed that these messages are coming from
> mpi/mpicoder.c:mpi_read() and had a closer look at it. :-)
>
> The second if check, for "goto overflow;" seems a bit doubtful (maybe
> a copy&paste without to much thinking whats com
On Mon, Sep 05, 2005 at 04:41:40PM +0200, Lionel Elie Mamane wrote:
> Hi,
>
> I tried to generate an RSAv4 certification-only key with GnuPG, but
> failed, even in "expert mode".
>
> What I mean is a primary key that can be used to attach a subkey to
> it, or _maybe_ also to sign UserIDs of other
On Mon, Sep 05, 2005 at 09:35:50PM +0200, Lionel Elie Mamane wrote:
> On Mon, Sep 05, 2005 at 01:46:07PM -0400, David Shaw wrote:
> > On Mon, Sep 05, 2005 at 04:41:40PM +0200, Lionel Elie Mamane wrote:
>
> >> I tried to generate an RSAv4 certification-only key with GnuPG, but
On Tue, Sep 06, 2005 at 01:03:00AM +0200, Lionel Elie Mamane wrote:
> >> I would obviously have at least one data-signing subkey. I presume
> >> these people would take a signature from such as subkey. Or
> >> decryption of a nonce they sent me encrypted to an encryption
> >> subkey.
>
> > They m
On Tue, Sep 06, 2005 at 01:36:37PM -0500, John Clizbe wrote:
> Kurt Fitzner wrote:
> > This isn't GnuPG-related really, but recently downloaded my own public
> > key from a keyserver and found on it about a billion of those silly PGP
> > global directory signatures on it. Either someone has been d
On Wed, Sep 07, 2005 at 07:47:12PM +0930, Alphax wrote:
> David Shaw wrote:
> > On Tue, Sep 06, 2005 at 01:36:37PM -0500, John Clizbe wrote:
> >
> >>Kurt Fitzner wrote:
> >>
>
> >>gpg --edit-key clean
> >>
> >>And setting the
On Wed, Sep 07, 2005 at 05:41:27PM +0200, Dirk Traulsen wrote:
> Hi!
>
> I loaded a new key from a keyserver and cleaned it in the '--edit-
> key' shell.
> When I controlled the result with 'gpg --list-sigs 08B0A90B',
> I found a lot of expired signatures. If you look at the output at
> sigs from
On Wed, Sep 07, 2005 at 05:29:18PM -0400, Berend Tober wrote:
> This may be a very silly question, but I want to know what is involved
> with running a key server?
>
> A manager has asked about whether we can somehow use "electronic
> signatures" on internal documents to reduce paper and printer
On Wed, Sep 07, 2005 at 08:21:24PM -0600, Kurt Fitzner wrote:
> David Shaw wrote:
>
> > Would be difficult to do in SKS. You need to be able to verify
> > signatures (so cleaning doesn't remove the wrong signature), and right
> > now SKS doesn't verify
On Thu, Sep 08, 2005 at 10:25:20AM +0200, Dirk Traulsen wrote:
> Am 7 Sep 2005 um 19:23 hat David Shaw geschrieben:
>
> > I can't seem to duplicate your problem here. Are you sure you
> > saved the result when you exited from --edit-key?
>
> As you can see, I did.
On Fri, Sep 09, 2005 at 12:33:47AM +0200, Dirk Traulsen wrote:
> Am 8 Sep 2005 um 16:00 hat David Shaw geschrieben:
>
> > I'm trying, but I still can't duplicate the problem. Can you put
> > together a simple keyring and simple gpg.conf file that still shows
> >
On Thu, Sep 08, 2005 at 10:08:24PM -0400, Jason Harris wrote:
> On Thu, Sep 08, 2005 at 08:00:25PM -0400, David Shaw wrote:
> > On Fri, Sep 09, 2005 at 12:33:47AM +0200, Dirk Traulsen wrote:
>
> > > 3. Because now I was irritated, I did the same again with a diffe
On Thu, Sep 08, 2005 at 11:10:23PM -0400, Jason Harris wrote:
> On Thu, Sep 08, 2005 at 10:28:29PM -0400, David Shaw wrote:
> > On Thu, Sep 08, 2005 at 10:08:24PM -0400, Jason Harris wrote:
>
> > > keyserver.kjsl.com is now stripping all GD sigs. The extra variable
> >
On Fri, Sep 09, 2005 at 12:22:00AM -0400, Jason Harris wrote:
> > If I ran a keyserver, would it be appropriate for me to drop all
> > signatures from your key D39DA0E3 simply because they're available
> > somewhere else?
>
> keyserver.pgp.com doesn't synchronize with other keyservers, by design,
On Fri, Sep 09, 2005 at 11:02:56AM +0200, Johan Wevers wrote:
> David Shaw wrote:
>
> >I'd be all in favor of an option where users could elect to filter out
> >keys: that would put the user in control. Forcing your decision on
> >others by stripping signatu
On Fri, Sep 09, 2005 at 07:38:31PM +0930, Alphax wrote:
> Johan Wevers wrote:
> > David Shaw wrote:
> >
> >
> >>I'd be all in favor of an option where users could elect to filter out
> >>keys: that would put the user in control. Forcing your decisio
On Fri, Sep 09, 2005 at 01:11:30PM +0200, Johan Wevers wrote:
> Alphax wrote:
>
> >Carrying out a full cleaning of keys stored on keyservers would
> >seriously damage the WoT.
>
> Too bad. However, if you just strip the GD signature off the damage won't
> be too large.
Then it needs to be done a
On Fri, Sep 09, 2005 at 09:30:35AM -0400, Jason Harris wrote:
> On Fri, Sep 09, 2005 at 08:31:35AM -0400, David Shaw wrote:
> > On Fri, Sep 09, 2005 at 12:22:00AM -0400, Jason Harris wrote:
>
> [I'll address your other points later.]
>
> > If you insist on present
On Fri, Sep 09, 2005 at 04:18:11PM +0200, Dirk Traulsen wrote:
> Interestingly there is a difference, whether I use '--import' to get
> a key from a 'key.asc' or '--recv-key' to import it from a keyserver.
> It reproducibly asks for two different, not existing keys. On WinXP
> it is always 0022F
On Fri, Sep 09, 2005 at 04:18:11PM +0200, Dirk Traulsen wrote:
> Am 8 Sep 2005 um 20:00 hat David Shaw geschrieben:
>
> > Yes, I see what happened now. It's just a misunderstanding. "clean"
> > can't work unless you have the key that issued the signatur
On Sat, Sep 10, 2005 at 12:28:22AM +0930, Alphax wrote:
> David Shaw wrote:
> > On Fri, Sep 09, 2005 at 11:02:56AM +0200, Johan Wevers wrote:
> >
> >>David Shaw wrote:
> >>
> >>
> >>>I'd be all in favor of an option where users coul
On Fri, Sep 09, 2005 at 02:00:38PM -0600, Kurt Fitzner wrote:
> Ok, that other thread isn't about the GD, but this one is. I think this
> is something that should be discussed and a consensus reached.
>
> Are they a good/bad signer?
> Does something need to be done about them?
> Should they be ap
On Sat, Sep 10, 2005 at 02:21:24PM +0200, Dirk Traulsen wrote:
> I hope, this will help you and that maybe somebody else can reproduce
> it.
Aha! I found the problem. It's actually a bug in the German
translation. I was testing in English, so never saw it. I'll file a
bug for that. Thanks f
On Sat, Sep 10, 2005 at 05:34:53PM +0200, MUS1876 wrote:
> > I have
> > friends who currently don't want to use PGP because they fear that their
> > keys will be uploaded to a keyserver, and then they will be spammed
> > forever more.
>
> Hi,
>
> I totally agree what friends of Alphax say.
>
> W
On Sun, Sep 11, 2005 at 09:27:54PM +0200, Johan Wevers wrote:
> David Shaw wrote:
>
> >I have sympathy for that argument, so wouldn't it be good to trace
> >down where the sigs are entering the keyserver net, and ask whoever is
> >doing it to stop? It seem
On Fri, Sep 09, 2005 at 03:00:31PM +0200, Johan Wevers wrote:
> David Shaw wrote:
>
> >Known by *you*. I rather think the GD is a good signer, for what it
> >is.
>
> I think both of you need to make a difference between a bad signer that
> signs keys without doing
On Fri, Sep 09, 2005 at 07:58:57PM -0600, Kurt Fitzner wrote:
> > It might be useful to tone down the rage here. PGP isn't producing
> > toxic waste. They're producing small packets of binary data. Nobody
> > is actually being poisoned and dying here. Extra signatures on keys
> > do not actual
On Fri, Sep 09, 2005 at 09:59:53AM -0500, John Clizbe wrote:
> David Shaw wrote:
> > There is perhaps an argument to be made for a "super clean" that does
> > clean and also removes any signature where the signing key is not
> > present (in fact, an early version o
On Mon, Sep 12, 2005 at 08:17:57PM +0200, Henk M. de Bruijn wrote:
> I tried to verify a clearsigned (inline signed) message.
>
> Used digest algorhythm Hash: SHA512
>
> This is what I get when I try to verify the message:
>
> "gpg: invalid armor header: www.pgp.com"
>
> When I made a remark ab
On Wed, Sep 14, 2005 at 07:51:37PM +0930, Alphax wrote:
> Werner Koch wrote:
> > On Wed, 14 Sep 2005 10:42:10 +0100, Bob Henson said:
> >
> >
> >>I can't find anything in the man page about key import file formats. Other
> >>than ascii files, can GnuPG import any other file formats and if so what
On Wed, Sep 14, 2005 at 10:39:56AM -0400, Gary Graham wrote:
> I have a couple questions I have not been able to figure out on my own.
> First, and probably easiest: Is it possible to put a photo into a
> key? I see some keys have it, but have not figured how to do it.
gpg --edit-key (thekey)
add
On Thu, Sep 15, 2005 at 11:38:22AM +1200, Bernard wrote:
> Hi,
>
> I have added a secret key in batch mode.
>
> Now I want to delete it in batch mode.
>
> gpg prints an error:
>
> gpg: can't do that in batchmode
> gpg: (unless you specify the key by fingerprint)
>
> The command I use is:
>
>
On Thu, Sep 15, 2005 at 03:20:24PM +1200, Bernard wrote:
> Hi David
>
> Thanks for your help.
>
> Where can I find the syntax for deleting a secret key by fingerprint?
>
> I get an eof error when I use what I guess is the fingerprint:
>
>
> C:\gnupg\gpg.exe --homedir "\tmp" --fingerprint 1CBB4
On Thu, Sep 15, 2005 at 01:45:09PM +0600, Denis Kostousov wrote:
> I use gnupg 1.4.2, Thunderbird 1.0.6, enigmail 0.92.1
> When I try to open "Open PGP Key Managment" I receive error message:
>
> gpg: buffer shorter than subpacket
> gpg: buffer shorter than subpacket
> gpg: signature packet withou
On Thu, Sep 15, 2005 at 01:46:37AM -0700, Richard Sperry wrote:
> Most of this will be directed to Werner but I need any input I can get.
>
> I am designing a high visability network and this may get some attention to
> GnuPG.
> What I want to do is make GPG more feasable for AD domains, thus
On Wed, Sep 21, 2005 at 11:52:08AM -0400, Derek Price wrote:
> Say `gpg --detach-sign' were used to create several detached signatures
> and they were concatenated into the same file. Is there a simple way to
> separate those signatures again? Is there documentation of the gpg
> signature file fo
On Wed, Sep 21, 2005 at 03:46:12PM +0200, privacy.at Anonymous Remailer wrote:
>
> Is there any difference between the effects of following commands?
>
> gpg -e -R alice -R bob file
>
> gpg -e -r alice -r bob --throw-keyid file
Since you are using -R (which does a per-recipient --throw-keyid) f
On Tue, Sep 27, 2005 at 06:21:57PM -0400, Jason Barrett wrote:
> Good afternoon,
>
> I am using GPG for encryption of sensitive information in a database. Some
> members of the development team are concerned about the space taken up by
> strings encrypted with 1024-bit keys and would like to sacr
On Wed, Sep 28, 2005 at 10:29:40AM -0400, Jason Barrett wrote:
> Yes, but it's almost impossible to answer this because it's not clear
> what you're doing. Are you storing the keys or the results? 1024 bit
> keys with what algorithm? The only key type that is locked to 1024
> bits is DS
On Fri, Sep 30, 2005 at 05:24:22PM +0400, lusfert wrote:
> Hello.
>
> Recently I submitted my key to PGP Global Directory and received a
> verification request. I can't check it't signature, I see the following:
>
> OpenPGP Security Info
>
> Unverified signature
>
> gpg command line and output:
On Fri, Sep 30, 2005 at 10:44:34PM +0400, lusfert wrote:
> David Shaw wrote:
> > On Fri, Sep 30, 2005 at 05:24:22PM +0400, lusfert wrote:
> >
> >>Hello.
> >>
> >>Recently I submitted my key to PGP Global Directory and received a
> >>verificati
On Thu, Oct 13, 2005 at 01:26:15PM -0500, Tad Marko wrote:
> If someone creates a key that LOOKS like I created it (my name and
> email address) and uploads it to the keyservers, how can I either get
> rid of it or somehow flag my own key in such a way that it is clear
> which is the real one?
If
On Mon, Oct 10, 2005 at 09:09:59PM +0930, Alphax wrote:
> Some old versions of GPG (1.0.x?) had support for the TIGER192 hash, but
> this was later removed when it was dropped/rejected from the OpenPGP
> standard.
>
> However, these versions of GPG (and possibly some versions of PGP as
> well) are
On Fri, Oct 14, 2005 at 09:51:22AM -0500, Tad Marko wrote:
> > GPG and PGP don't care about names -- they only care about public keys.
> > If you want someone to be able to send a message to the right person,
> > you need to make sure they're encrypting it with the right public key.
> >
> > You d
On Mon, Oct 17, 2005 at 04:39:04PM -0500, Joe Lynch wrote:
> I'm using GNUPG to decrypt files that were created as PGP Zip archives
> using PGP Desktop. If there are multiple files in the archive then GNUPG
> extracts a TAR file, and I have no problem processing it from there. The
> problem is
On Tue, Oct 18, 2005 at 09:08:07AM +0200, Realos wrote:
> I am a bit confused about the gnupg behaviour in case of revoking a
> subkey or uid. Since uids are actually signed by others in combination
> my public key.
>
> Does it mean revoking a subkey or uid rsults in loss of signatures I
> have c
On Tue, Oct 18, 2005 at 07:21:30PM +0200, Erwan David wrote:
> Le Tue 18/10/2005, David Shaw disait
> > On Tue, Oct 18, 2005 at 09:08:07AM +0200, Realos wrote:
> > > I am a bit confused about the gnupg behaviour in case of revoking a
> > > subkey or uid. Since uids are a
On Wed, Oct 19, 2005 at 02:30:31PM +0200, Realos wrote:
> hi,
>
> >
> >yes adding a new one and revoking the old one. The original question was
> >about modifyuing the uid.
>
> I think I got the point. Deleting a UID results in loss of signatures
> while revkong a UID doesn't if it signs the ne
On Thu, Oct 20, 2005 at 11:19:21AM +0200, Realos wrote:
> >>but it does not resolve the "this key is untrusted - use it
> >>anyway?" question unless people select the key using the empty UID.
> Did not get your point.
> My idea was: Having a signed free-form uid puts more trust in
> my key that re
On Fri, Oct 21, 2005 at 11:47:06PM +0200, B. Kuestner wrote:
> I'm still in the process of learning how to use GPG for signing and
> encrypting messages. I use MacGPG on, you guessed it, OS X.
>
> The interface of the GPG Keychain app makes it really easy to do some
> powerful stuff. And you k
On Sat, Oct 22, 2005 at 06:26:51PM +0200, B. Kuestner wrote:
> all: Joe Smith has no way of fixing the situation, even if he is
> legitimate owner of the [EMAIL PROTECTED] e-mail address.
>
> It strikes me, that GNU-supporters would bash MS (or for that reason
> any vendor of proprietary soft
On Sun, Oct 23, 2005 at 05:16:43PM +0100, Bob Henson wrote:
> > Some people do not like this server as it does email address
> > verification (via sending a mail to the email address on the key, if
> > any), and then signs the key. These signatures are reissued every 2
> > weeks or so if people k
On Sun, Oct 23, 2005 at 12:41:45PM -0700, Doug Barton wrote:
> David Shaw wrote:
> > On Sun, Oct 23, 2005 at 05:16:43PM +0100, Bob Henson wrote:
>
> >>That's not the only reason though. The PGP Global Keyserver is dangerous, as
> >>well as a nuisance, for a numb
On Mon, Oct 24, 2005 at 04:21:32PM -0500, Alex Mauer wrote:
> The UID format is also problematic IMO. GPG (OpenPGP?) strongly
> "wants" to have a Name and an email address for each UID. I think
> that this puts emphasis in a bad place, leading people to be signing
> the fact that e.g. "Alex Maue
On Tue, Oct 25, 2005 at 11:53:51PM +0930, Alphax wrote:
> Recently, when checking my trustb I get the following appearing:
>
> gpg: buffer shorter than subpacket
> gpg: signature packet without keyid
> gpg: buffer shorter than subpacket
> gpg: buffer shorter than subpacket
> gpg: signature packet
On Wed, Oct 26, 2005 at 12:08:55AM +0930, Alphax wrote:
> David Shaw wrote:
> > On Tue, Oct 25, 2005 at 11:53:51PM +0930, Alphax wrote:
> >
> >>Recently, when checking my trustb I get the following appearing:
> >>
> >>gpg: buffer shorter than subpack
On Tue, Oct 25, 2005 at 11:49:12AM -0700, Doug Barton wrote:
> > I got this when I retrieved the PGP GD key via hkp.
> > REmoving this key from my keyring was enough to suppress those
> > messages.
>
> I had a similar problem with the version of the key that I received from
> hkp. I downloaded th
On Tue, Oct 25, 2005 at 06:22:10PM -0500, Alex Mauer wrote:
> David Shaw wrote:
> > On Mon, Oct 24, 2005 at 04:21:32PM -0500, Alex Mauer wrote:
> >
> >
> > I don't agree with this. The user ID system in all OpenPGP products
> > gives a regular UTF-8 strin
On Tue, Oct 25, 2005 at 08:50:11PM -0500, Alex Mauer wrote:
> David Shaw wrote:
> >Some people (myself included) check both before signing. The name via
> >some sort of formal ID, and the email via a mail challenge.
>
> As do I, at least for a level 3 signature.
>
> &
On Wed, Oct 26, 2005 at 02:50:30PM -0500, Wes wrote:
> I hope this isn't something already discussed that I overlooked in the
> list..
>
> PGP 9 stores the file name in the encrypted data. You can take a file
> xyz.pgp, decrypt it, and return it to the original "My Word Doc.DOC". There
> is noth
On Wed, Oct 26, 2005 at 06:33:37PM +0200, Topas wrote:
> Hi.
>
> When are we going to have ECC support in GnuPG?
There is an experimental patch at
http://alumnes.eps.udl.es/~d4372211/index.en.html
However, there will not be official support in GnuPG until the OpenPGP
standard gets ECC support.
On Wed, Oct 26, 2005 at 12:26:31PM -0500, Alex Mauer wrote:
> David Shaw wrote:
>
> >>>Some people
> >>>will not sign such a user ID though,
> >
> > It's not an issue of improving the trust, it's an issue of
> > disambiguation
On Thu, Oct 27, 2005 at 12:13:27PM +0200, Realos wrote:
>
> >> If I like to remove my signature from a certain key and/or uid, what is
> >> the best approach to that? Does it make sense to revoke the signature or
> >> just delete it? I find both of these commands in "gpg" software but am
> >> uncl
On Thu, Oct 27, 2005 at 11:45:09AM -0500, Alex Mauer wrote:
> > You don't. But it's not up to you as the signer - it's up to the key
> > holder to say how he wants to be known.
>
> Not really. It's up to me as the signer to affirm how I know the key
> holder. Or not sign at all if I can't veri
On Fri, Oct 28, 2005 at 12:13:27PM +0200, Realos wrote:
>
> >It would disallow freeform UIDs.
>
> I think free-form UIDs carry no importance in the current implementations of
> gpg/pgp. Signatures on them do not contribute to WoT so this would not
> be a big loss, I suppose.
No, free-form UIDs a
On Sun, Oct 30, 2005 at 03:51:08PM +0100, Christoph Anton Mitterer wrote:
> John Clizbe wrote:
>
> >Well, first it has to make it into the OpenPGP Standard. And usually to do
> >that, it would likely need to be part of some governmental or business
> >standard so that large numbers of end-users wo
On Mon, Oct 31, 2005 at 12:57:58AM +0100, Christoph Anton Mitterer wrote:
> Hi...
>
> This is just a short question,... (I'll ask a lot of other things
> regarding signatures as part of "my" "Lots of questions" thread :-) )..
>
> What is the "best type of signautre someone can give to my UIDs?
>
On Mon, Oct 31, 2005 at 10:16:55AM +0100, Christoph Anton Mitterer wrote:
> David Shaw wrote:
>
> >It is not suggested. NR signatures are useful in very specific
> >circumstances, and regular people signing other people's keys are not
> >one of those circumstances.
On Mon, Oct 31, 2005 at 10:25:26AM +0100, Christoph Anton Mitterer wrote:
> Ah,.. an I forgot the following:
>
> I know you can change the has-alorithm that is used for making
> signatures. Does this applay for UID-signatures, too?
>
> If so,... should I (for security/cryptography reasons) ask u
On Tue, Nov 01, 2005 at 03:52:19PM +0100, Christoph Anton Mitterer wrote:
> Example:
>
> me->(tsign_1)->root_CA
> root_ca->(sign)->president
> root_ca->(tsign-x)->sub_CA
>
> =>root_ca and president is valid to me
> =>sub_CA is vaild too but nothing that sub_CA signs/tsigns is vaild for me
>
> Ex
On Tue, Nov 01, 2005 at 02:39:14PM +0100, Christoph Anton Mitterer wrote:
> David Shaw wrote:
>
> >>If so,... should I (for security/cryptography reasons) ask users to sign
> >>my key only with SHA512 (or whatever is considered as the currently
> >>strongest h
On Fri, Oct 28, 2005 at 10:50:56AM +, bingumalla satyanarayana wrote:
> Hello,
>
> I am new to GnuPG. If I run any command from gpg, I am getting the
> following message:
>
> gpg: conversion from `utf-8' to `roman8' not available
>
> I am using HP Unix 11.0. Is there any way to avoid the ab
On Wed, Nov 02, 2005 at 10:20:28PM +0100, Christoph Anton Mitterer wrote:
> As you can see the same UID is listed twice (!!) and also parts of the
> signatures are listed twice.
>
> Why is this the case and how can I avoid this? Or is this at all a
> key-server-software-only related issue?
Wel
On Thu, Nov 03, 2005 at 05:38:37PM -0600, [EMAIL PROTECTED] wrote:
>
> Can someone tell me the difference between to two commands below?
> gpg -r ### --armor --sign --encrypt OUTFILE
> gpg -r ### --armor --sign --encrypt --textmode < INFILE > OUTFILE
>
> We are using the first command fo
On Fri, Nov 04, 2005 at 10:15:16PM +0300, Pawel Shajdo wrote:
> Salve!
> Can somebody explain me what is "back signatures"?
> Manual not very clear about this.
It's a countermeasure against an attack against signing subkeys.
Basically, the primary key signs all subkeys. With backsigs, the
signing
On Fri, Nov 04, 2005 at 02:24:09PM -0500, David Shaw wrote:
> On Fri, Nov 04, 2005 at 10:15:16PM +0300, Pawel Shajdo wrote:
> > Salve!
> > Can somebody explain me what is "back signatures"?
> > Manual not very clear about this.
>
> It's a countermeasure
On Fri, Nov 04, 2005 at 04:59:01PM +, Nicholas Cole wrote:
> Am I right that there is no easy way to create an
> expiring UID (as opposed to an expiring key).
>
> --ask-cert-expire seems to be ignored when using
> adduid in the edit menu.
>
> Is there a good reason for this?
Honestly, no
On Sat, Nov 05, 2005 at 01:47:08PM +1030, Alphax wrote:
> David Shaw wrote:
> > On Fri, Nov 04, 2005 at 02:24:09PM -0500, David Shaw wrote:
> >
> >>On Fri, Nov 04, 2005 at 10:15:16PM +0300, Pawel Shajdo wrote:
> >>
> >>>Salve!
> >>>Can s
On Sat, Nov 05, 2005 at 04:39:40PM +1030, Alphax wrote:
> David Shaw wrote:
> > On Fri, Nov 04, 2005 at 10:15:16PM +0300, Pawel Shajdo wrote:
> >
> >>Salve!
> >>Can somebody explain me what is "back signatures"?
> >>Manual not very clear about
On Sat, Nov 05, 2005 at 04:32:07PM +1030, Alphax wrote:
> David Shaw wrote:
> > On Sat, Nov 05, 2005 at 01:47:08PM +1030, Alphax wrote:
> >
> >>David Shaw wrote:
> >>
> >>>On Fri, Nov 04, 2005 at 02:24:09PM -0500, David Shaw wrote:
> >>>
&g
On Sun, Nov 06, 2005 at 12:04:27AM +1030, Alphax wrote:
> > It's as official as any release that hasn't happened yet: that is to
> > say, we're happy and thrilled if you test it out and report bugs (to
> > gnupg-devel), but you'll have to compile it from the SVN repository,
> > and it's not consid
On Sat, Nov 05, 2005 at 12:30:46PM +0100, Thomas Kuehne wrote:
> 4) The owners are bad signers and didn't take part in the ID
> verification step of the signature process.
>
>
> 1) and 3) are defiantly not the reasons in the analyzed cases.
>
> I really hope 2) is the cause, but in at least one
On Sun, Nov 06, 2005 at 01:09:36AM +1030, Alphax wrote:
> David Shaw wrote:
> > On Sat, Nov 05, 2005 at 12:30:46PM +0100, Thomas Kuehne wrote:
> >
>
> >
> >>How should 4) be dealt with?
> >>
> >>As far as I am aware the is no negative signatu
On Sun, Nov 06, 2005 at 09:54:01PM +0100, Christoph Anton Mitterer wrote:
> David Shaw wrote:
>
> >>It's a countermeasure against an attack against signing subkeys.
> >>Basically, the primary key signs all subkeys. With backsigs, the
> >>sig
On Mon, Nov 07, 2005 at 11:55:02PM +1030, Alphax wrote:
> >>>It's a countermeasure against an attack against signing subkeys.
> >>>Basically, the primary key signs all subkeys. With backsigs, the
> >>>signing subkey also signs the primary key.
> >>>
> >>>Without this, an attacker can "steal" a si
On Tue, Nov 08, 2005 at 01:39:17AM +1030, Alphax wrote:
> 1. I have a cvs version of 1.4.3, how do I issue backsigs?
Backsigs are part of a signing subkey. You don't generally need to
issue them, since they are generated automatically when you make a
signing subkey. If you have an older key wit
On Mon, Nov 07, 2005 at 04:17:20PM +0100, Christoph Anton Mitterer wrote:
> David Shaw wrote:
>
> >I'm afraid I don't understand what you're asking here. How backsigs
> >work?
> >
> >
> And what is the "theory" behind them,... e.g. how
On Mon, Nov 07, 2005 at 07:10:26PM +0100, Christoph Anton Mitterer wrote:
> Hi.
>
> As you probably know, one can set his prefered algorithms for a OpenPGP
> key using setpref.
>
> How is the priority specified? Is it from left to right, meaning that an
> algorithm a left from another (b) is pr
On Tue, Nov 08, 2005 at 12:27:13PM +0100, Christoph Anton Mitterer wrote:
> Hi folks!
>
> Ok,.. I know that you can set at least the following flags to specify
> the purpose of a key:
> A - authorsation
> C - certification
> E - encryption
> S - signation
>
> Ok,.. as far as I understood, if a k
On Tue, Nov 08, 2005 at 03:29:39PM +0100, Christoph Anton Mitterer wrote:
> >Yes. Many people do it this way, including myself. It's not actually
> >an RSA-S key (that's deprecated), but a regular RSA key with the S
> >flag set. However, you don't actually want to change the primary from
> >CS t
On Mon, Nov 07, 2005 at 11:32:29PM +0100, Christoph Anton Mitterer wrote:
> David Shaw wrote:
>
> >>How is the priority specified? Is it from left to right, meaning that an
> >>algorithm a left from another (b) is preferd in favour of b?
> >>setpref --->---
On Tue, Nov 08, 2005 at 07:17:01PM +0300, lusfert wrote:
> Christoph Anton Mitterer wrote:
>
> > Ok,.. I know that you can set at least the following flags to specify
> > the purpose of a key:
> > A - authorsation
> > C - certification
> > E - encryption
> > S - signation
> >
> What does type "A"
801 - 900 of 1718 matches
Mail list logo
