On Wed, Nov 09, 2005 at 12:53:45AM +0100, Christoph Anton Mitterer wrote:
> Or is there perhaps another software that I could use for chaging the
> key usage flags (without damaging my key or changing the format or so).
> Of course I'd prefer using GnuPG because I trust this the most :-)
>
> Onc
On Tue, Nov 08, 2005 at 11:41:43PM +0100, Christoph Anton Mitterer wrote:
> David Shaw wrote:
>
> >If such a feature existed in GnuPG, yes.
> >
> >David
> >
> >
> Uhm,.. I rethought the whole thing,... and I came to the reason that I
> gave up to
On Thu, Nov 10, 2005 at 09:00:56PM +0100, Christoph Anton Mitterer wrote:
> David Shaw wrote:
>
> >>And what is the "theory" behind them,... e.g. how do they improve
> >>security?
> >>
> >>
> >Current signing subkeys have a weakness in
On Fri, Nov 11, 2005 at 02:22:50PM +1030, Alphax wrote:
> > 0x1F signatures are truly signing a key alone.
> >
> >
>
> So is a backsig of type 0x1F then??
No, they have their own type. They are 0x19.
David
___
Gnupg-users mailing list
Gnupg-users@g
On Fri, Nov 11, 2005 at 12:28:08PM +, partha sarathi wrote:
> Hello All,
>
> I have built the GnuPG -1.4.2 with ldap and curl support.As I am new to
> this product i don't know how to run the binaries like gpgkeys_curl,
> gpgkeys_finger, gpgkeys_hkp,gpgkeys_ldap.Through searching on the net
On Thu, Nov 17, 2005 at 02:34:06PM +0100, Olaf Gellert wrote:
> Hi,
>
> I have read about the following key capabilites:
>
> - sign
> - encrypt
> - authenticate
> - certification
>
> When I generate an RSA key, GPG provides the capabilities
> sign, encrypt and authenticate (in expert mode), but
On Sat, Nov 26, 2005 at 06:01:49PM +0300, lusfert wrote:
> Hi all.
>
> I wrote some text (with non-ASCII characters) in file encoded in UTF-8
> with BOM and save it.
> Then I decided to clearsign it:
>
> gpg --verbose -u 0x500B8987 --clearsign 1.txt
>
> When I open clearsigned 1.txt.asc I can fi
On Sun, Nov 27, 2005 at 12:18:08AM +0300, lusfert wrote:
> David Shaw wrote on 26.11.2005, Сб 18:30:
> > On Sat, Nov 26, 2005 at 06:01:49PM +0300, lusfert wrote:
> >>
> >>When I open clearsigned 1.txt.asc I can find symbol U+FEFF (Zero width
> >>no-break sp
On Sun, Nov 27, 2005 at 01:41:08AM +0300, lusfert wrote:
> David Shaw wrote on 27.11.2005 1:05:
> > On Sun, Nov 27, 2005 at 12:18:08AM +0300, lusfert wrote:
> >
> >>David Shaw wrote on 26.11.2005, Сб 18:30:
> >>
> >>>U+FEFF is the BOM character. It
On Sun, Nov 27, 2005 at 06:04:56PM -0700, Bob Proulx wrote:
> I recently signed a key using gpg-1.4.1 and see that (at least on my
> Debian Sarge system) no-ask-cert-level apears to be the default
> default-cert-level is "0 (no particular claim)".
Yes.
> In the old days I remember it would always
On Tue, Nov 29, 2005 at 01:24:18AM +0100, Christoph Anton Mitterer wrote:
> Hi.
>
> Somewhere (unfortunately I've lost the URL) I've read about forging
> fingerprints and/keyIDs (not sure)
> Meaning that an attacker could create a key (but as far as I remember
> with a different keysize onlz
On Sat, Nov 26, 2005 at 12:56:16AM +0100, Jaap Eldering wrote:
> Hi all,
>
> I was wondering whether the following feature does exist within gpg
> or related programs: the possibility to check a signature via a
> (longer) trust path from my key to the signer's key.
>
> I am no expert in the use o
On Tue, Nov 29, 2005 at 04:08:06AM +0100, Christoph Anton Mitterer wrote:
> If you look at professional CAs (e.g. DFN-PCA) they clearly state in
> their Policies that e.g. they'll NEVER use their root keys for signing
> data but only for signing keys (DFN does this with its root-PGP-keys for
>
On Tue, Nov 29, 2005 at 01:24:18AM +0100, Christoph Anton Mitterer wrote:
> Hi.
>
> Somewhere (unfortunately I've lost the URL) I've read about forging
> fingerprints and/keyIDs (not sure)
> Meaning that an attacker could create a key (but as far as I remember
> with a different keysize onlz
On Tue, Nov 29, 2005 at 05:36:38AM +0100, Christoph Anton Mitterer wrote:
> Ah,.. tanks :-)
> So it sould be completely enough to verify Name/eMail and the
> Fingerprint when signing another key,... and I don't have to compare
> creation date/keysize/algorithm/etc., right?
Not unless you're sign
On Tue, Nov 29, 2005 at 06:00:32AM -0500, Atom Smasher wrote:
> On Mon, 28 Nov 2005, David Shaw wrote:
>
> >On Tue, Nov 29, 2005 at 05:36:38AM +0100, Christoph Anton Mitterer wrote:
> >>Ah,.. tanks :-)
> >>So it sould be completely enough to verify Name/eMail and th
On Wed, Nov 30, 2005 at 04:29:21PM +0100, Gregor Zattler wrote:
> Hi David,
> * David Shaw <[EMAIL PROTECTED]> [28. Nov. 2005]:
> > On Sat, Nov 26, 2005 at 12:56:16AM +0100, Jaap Eldering wrote:
> > Yes, it is. There are a few servers that do more or less what you
> &
On Wed, Nov 30, 2005 at 08:11:44PM +0100, Gregor Zattler wrote:
> Hi David,
> * David Shaw <[EMAIL PROTECTED]> [30. Nov. 2005]:
> > On Wed, Nov 30, 2005 at 04:29:21PM +0100, Gregor Zattler wrote:
> > > Hi David,
> > > * David Shaw <[EMAIL PROTECTED]> [28
On Fri, Dec 02, 2005 at 01:10:01PM +0100, Gregor Zattler wrote:
> Hi David,
> * David Shaw <[EMAIL PROTECTED]> [30. Nov. 2005]:
> > On Wed, Nov 30, 2005 at 08:11:44PM +0100, Gregor Zattler wrote:
> > > * David Shaw <[EMAIL PROTECTED]> [30. Nov. 2005]:
> >
On Wed, Dec 07, 2005 at 02:41:26PM +0100, Gregor Zattler wrote:
> Hi David,
> * David Shaw <[EMAIL PROTECTED]> [06. Dez. 2005]:
> > On Fri, Dec 02, 2005 at 01:10:01PM +0100, Gregor Zattler wrote:
> > > * David Shaw <[EMAIL PROTECTED]> [30. Nov. 2005]:
> >
On Mon, Dec 12, 2005 at 02:17:52PM -0800, amit bhalerao wrote:
> HI ,
>
> COuld anyone please tell me how to encrypt a file in a non-
> interactive mode or batch mode ?
Sure, just do something like this:
gpg --batch -r (recipient) --output (name-for-encrypted-file) --encrypt
(file-to-encr
On Thu, Dec 08, 2005 at 11:47:42AM +0100, Topas wrote:
> Hi.
>
> I've seen that one can use different hash algorithms for creating
> signatures. The default is SHA-1 I think, but (and correct me if I'm
> wrong) SHA-512 (or even the "smaller" ones) should be more secure.
>
> Ok,.. I've seen that
On Thu, Dec 08, 2005 at 09:59:42AM -0800, Duell, Bob wrote:
> I am considering creating a "public" keyring for our group, one into
> which I can import the keys for "registered" recipients. I can define
> the "public" keyring directory and file as global read/execute; users
> would refer to the p
On Thu, Dec 08, 2005 at 02:11:27PM -0500, Bigda, Faith wrote:
> I've been researching and I can't seem to determine what the problem is with
> the key. It appears to have a bad signature? I imported the key and do an
> edit check:
>
> C:\GnuPG>gpg --import xx.asc
> gpg: key F867286A: public ke
On Wed, Dec 14, 2005 at 07:02:35PM +0100, Topas wrote:
> David Shaw wrote:
>
> >The procedure you give above will put new self signatures on the key.
> >You can't recreate old ones, but you can delete them. Note that if
> >you have your key on a keyserver, the
On Mon, Dec 19, 2005 at 03:15:21PM -0800, amit bhalerao wrote:
> Hi ,
>
> We have just completed the migration of the application from 1
> AIX box to another and have changed the encryption from PGP to GPG.
> Since there are many external vendors involved the process is bit
> tedious follo
On Thu, Dec 22, 2005 at 04:22:51PM -0800, amit bhalerao wrote:
> Hi ,
>
> We are decrypting a file using GPG mechanism. We have send the
> GPG keys to vendor . However when i decrypt the file i get the
> following Log message :-
>
> COMMAND:-
> ---
> echo AA | /ngs/lpp/gp
On Sat, Dec 31, 2005 at 03:57:41AM -0700, Kurt Fitzner wrote:
> I have solved my own problem. If the gpg.conf has a setting for
> personal-digest-preferences, and if an algo that is supported by a
> smartcard is not first in the list, then GnuPG will fail with any
> signing operation made with a s
On Tue, Jan 03, 2006 at 04:32:27PM -0800, [EMAIL PROTECTED] wrote:
> i have two keys that i use extensively for e-mailing
>
> one is a v4 rsa key (my default key), and the other is a v3 rsa key
> (for those correspondents who insist on or prefer the old key)
>
> both were signed with md5 when th
On Tue, Jan 03, 2006 at 07:59:08PM -0800, [EMAIL PROTECTED] wrote:
>
> >Message: 8
> >Date: Tue, 3 Jan 2006 19:43:01 -0500
> >From: David Shaw <[EMAIL PROTECTED]>
> >Subject: Re: updating a key's self-signature
>
> >Yes, but note that it's s
On Wed, Jan 04, 2006 at 07:01:17PM +0100, Christoph Anton Mitterer wrote:
> David Shaw wrote:
>
> >If an attacker compromises the keyserver or in any way distributes
> >your key himself, he can remove the new self-sig, leaving the old one
> >behind.
> >
> &g
On Wed, Jan 04, 2006 at 04:20:20PM +0100, Christoph Anton Mitterer wrote:
> David Shaw wrote:
>
> >Anyway, do this:
> >
> >gpg --expert --cert-digest-algo (thehash) -u (thekeyid) --sign-key (thekeyid)
> >
> >
> Is this possible with th
On Sat, Jan 07, 2006 at 02:53:21AM +0100, Philipp Gühring wrote:
> Hi,
>
> I am searching for an OpenPGP fileformat analyzer.
>
> gpg -v -v -v -v -v --list-packets openpgp.key
>
> is coming near, but I am still missing a hexdump of the individual fields, or
> even a description down to the bit
On Sat, Jan 07, 2006 at 02:22:22PM +0100, Nicolas Rachinsky wrote:
> Hallo,
>
> [EMAIL PROTECTED] ~> gpg --refresh 887BAE72 A32C2932
> gpg: requesting key A32C2932 from http server www.rachinsky.de
> gpg: key F66AFAF2: "Nicolas Rachinsky (SIGNING KEY - CERTIFICATION ONLY)
> <[EMAIL PROTECTED]>" n
On Mon, Jan 09, 2006 at 08:41:56PM -0700, Kurt Fitzner wrote:
> David Shaw wrote:
> > Anyway, do this:
> >
> > gpg --expert --cert-digest-algo (thehash) -u (thekeyid) --sign-key
> > (thekeyid)
>
> Does this mean that personal-digest-preferences and/or a k
On Fri, Jan 13, 2006 at 03:34:08PM +0100, Axel Liljencrantz wrote:
> Home: ~/.gnupg
> Stödda algoritmer:
> öppen nyckel: RSA, RSA-E, RSA-S, ELG-E, DSA
> Chiffer: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
> Kontrollsumma: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512
> Komprimering: Okompr
On Tue, Jan 17, 2006 at 01:32:54AM -0700, Kurt Fitzner wrote:
> I recently exported my key pair from GnuPG and imported it into PGP in
> order to get the user ids balanced between my public and secret keys.
> When I pulled the key pair back into GnuPG, I noticed that my secret key
> is now much sma
On Fri, Jan 20, 2006 at 10:05:26PM +0530, Nicky wrote:
> The current version of GnuPG I have supports only three compression
> algorithms viz: ZIP, ZLIB and BZIP2
> Is there a way to direct GnuPG to use some other algorithm besides
> these? for example RAR (http://rarlabs.com/)...
No. GPG support
On Fri, Jan 20, 2006 at 04:49:11PM -0600, Ryan Malayter wrote:
> On 1/20/06, David Shaw <[EMAIL PROTECTED]> wrote:
> > It's always possible for someone to add a nonstandard algorithm, but
> > if you really want a particular algorithm, it's healthier to get the
>
On Sat, Jan 21, 2006 at 11:30:15PM +1030, Alphax wrote:
> > LZMA seems to be notably[1] faster/better than BZIP2, which has made
> > it into the standard so I wouldn't immediately rule out its
> > suitability for OpenPGP.
> >
>
> How well was LZMA known when BZIP2 made it in? Why was BZIP2 includ
On Sat, Jan 21, 2006 at 09:22:36AM -0700, Kurt Fitzner wrote:
> David Shaw wrote:
>
> > In fact, BZIP2 was added pretty much for archival purposes:
> > http://www.imc.org/ietf-openpgp/mail-archive/msg04624.html
> >
> > I wouldn't be against LZMA if it was signi
On Thu, Jan 26, 2006 at 11:42:06PM +0100, Daniel Löfquist wrote:
> Hello everybody,
> This is my first post on this mailinglist so please bear with me ;-)
> I've had a gnupg-keypair for about 4 years and the public key is published on
> several keyservers. Recently however my key has been compromis
On Fri, Jan 27, 2006 at 05:27:40PM -0600, [EMAIL PROTECTED] wrote:
> $ gpg -d -vvv IFO.SECURE.PGP
> gpg: using character set `iso-8859-1'
> gpg: armor: BEGIN PGP MESSAGE
> gpg: armor header: Version: PsypherOPS 4.30.00 - www.primefactors.com
> :pubkey enc packet: version 3, algo 16, keyid 9E1BA04
On Sun, Jan 29, 2006 at 09:43:13PM +0100, Alain Bench wrote:
> Hello,
>
> I have on my key 0xC1C46015 as fetched on subkeys.pgp.net several
> temporary signatures from PGP Global Directory Verification Key. Those
> signatures seem all verified, but are expired. With GnuPG 1.4.2 I do
> --edit a
We are pleased to announce the availability of the first release
candidate for the forthcoming 1.4.3 version of GnuPG:
ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.3rc1.tar.bz2 (2.9M)
ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.3rc1.tar.bz2.sig
SHA-1 checksums for the above files are:
On Thu, Feb 16, 2006 at 02:27:00PM -0600, Elliot Nathanson wrote:
> All:
>
> I'm having a really frustrating problem, whereby I'm encrypting
> files for a client and they are *occasionally* unable to decrypt
> a file. The failure rate could be about 1/100; one e-mail said
> they processed 400 tran
On Fri, Feb 17, 2006 at 04:18:17PM +0100, Malte Gell wrote:
> On Friday 17 February 2006 04:44, David Shaw wrote:
>
> > * Added support for signing subkey "back signatures". Requiring
> > back signatures to be present is currently off by default, but
> &
On Sun, Feb 19, 2006 at 04:09:32PM +1030, Alphax wrote:
> Under GPG 1.4.3rc1 I'm completely unable to get the cURL-type keyserver
> handlers to function correctly. For example, using the following command:
>
> gpg --no-options --keyserver sks.keyserver.penguin.de --search Alphax
>
> I get the err
On Sun, Feb 19, 2006 at 04:42:19PM +1030, Alphax wrote:
> David Shaw wrote:
> > On Sun, Feb 19, 2006 at 04:09:32PM +1030, Alphax wrote:
> >
> >>Under GPG 1.4.3rc1 I'm completely unable to get the cURL-type keyserver
> >>handlers to function correctly. Fo
On Sun, Feb 19, 2006 at 11:24:40PM +1030, Alphax wrote:
> Host: sks.keyserver.penguin.de
> Command:SEARCH
> gpgkeys: HTTP URL is
> `http://sks.keyserver.penguin.de:11371/pks/lookup?op=index&options=mr
> &search=Alphax'
> ?: localhost: Unable to connect: ec=0
> gpgkeys: HTTP searc
On Mon, Feb 20, 2006 at 01:52:40AM +1030, Alphax wrote:
> David Shaw wrote:
> > On Sun, Feb 19, 2006 at 11:24:40PM +1030, Alphax wrote:
> >
> >
> >>Host: sks.keyserver.penguin.de
> >>Command:SEARCH
> >>gpgkeys: HTTP URL is
>
On Sun, Feb 19, 2006 at 06:07:56AM +0100, Matthias Urlichs wrote:
> Hello,
>
> I need to sign files remotely. They're moderately large, so transmitting
> them back to my firewalled-off laptop (I'm usually behind a slow line),
> where the secret key lives, isn't a good idea.
You have two good opti
On Mon, Feb 20, 2006 at 11:40:24AM +0100, Holger Schuettel wrote:
> David Shaw schrieb:
> > We are pleased to announce the availability of the first release
> > candidate for the forthcoming 1.4.3 version of GnuPG:
> >
> > ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/g
On Mon, Feb 20, 2006 at 05:46:29PM +0100, Francesco Turco wrote:
> hello,
>
> i am very new with gnupg and cryptography in general.
>
> i'd like to know if gnupg is a good choice for encrypting files with a
> password and if it is possible to check if an encrypted file is
> corrupted or not (in
On Sat, Feb 18, 2006 at 10:11:32PM +0100, Peter Palfrader wrote:
> Walter Haidinger schrieb am Samstag, dem 18. Feber 2006:
>
> > Now, I'd like to setup an OpenLDAP server to store the OpenPGP keys (for
> > use with GnuPG). Please note that I already have a working OpenLDAP
> > server, so I'd only
On Mon, Feb 20, 2006 at 11:14:33PM +0100, Walter Haidinger wrote:
> On Mon, 20 Feb 2006, David Shaw wrote:
>
> > Here's a rough guide for OpenLDAP:
> [--cut--]
>
> Thanks, no problem following the guide.
>
> > The configuration above obviously allows anyone
On Tue, Feb 21, 2006 at 12:21:42AM +0100, Walter Haidinger wrote:
> On Mon, 20 Feb 2006, David Shaw wrote:
>
> > > TLS too? How to tell GnuPG to use TLS over port 389 (ldap://)?
> >
> > Try for TLS, and do nothing if TLS can't start:
> > keyserver-opt
On Tue, Feb 21, 2006 at 05:21:25PM +0100, Walter Haidinger wrote:
> David Shaw wrote:
> > 5) Make this file:
> >
> > cat > pgp.ldif
> > dn: ou=PGP Keys,dc=DOMAIN,dc=COM
> > objectclass: organizationalUnit
> > ou: PGP Keys
> >
> > dn: cn=PGPSe
On Tue, Feb 21, 2006 at 10:10:40AM +0100, Matthias Urlichs wrote:
> Hi, David Shaw wrote:
>
> > Anyway, that is (more or less) how I was expecting LDAP to be used. I
> > never added LDAP auth because I wasn't sure exactly what was needed,
> > and didn't want
On Tue, Feb 21, 2006 at 01:15:08AM +0100, Walter Haidinger wrote:
> On Mon, 20 Feb 2006, David Shaw wrote:
>
> > LDAP had TLS support back in 1.3.5. HTTP and FTP just got TLS support
> > in 1.4.3. At one point, I started documenting the new options and
> > stopped becau
On Tue, Feb 21, 2006 at 07:58:36PM +0100, Wolfgang Klein wrote:
> Is there any chance that there will be an implementation of GnuPG
> for Palm handhelds in the near future?
Not in the near future, no. There are vague possibilities if and when
the new Palm OS (aka "Linux on a Palm") comes out, bu
On Tue, Feb 21, 2006 at 11:12:32PM +0100, Walter Haidinger wrote:
> On Tue, 21 Feb 2006, David Shaw wrote:
>
> > > beause GnuPG looks for PGPServerInfo unter the base DN,
> > > not under dn="ou=PGP Keys,dc=DOMAIN,dc=COM".
> >
> > Not exactly. It
On Tue, Feb 21, 2006 at 11:42:56PM +0100, Walter Haidinger wrote:
> On Tue, 21 Feb 2006, David Shaw wrote:
>
> > On Tue, Feb 21, 2006 at 11:12:32PM +0100, Walter Haidinger wrote:
> > > On Tue, 21 Feb 2006, David Shaw wrote:
> > >
> > > > > beause Gn
On Tue, Feb 21, 2006 at 11:35:02PM +0100, Walter Haidinger wrote:
> > > > A LDAP keyserver would be useful as a company keyserver where people
> > > > inside the company IP range or an administrator can add keys, and the
> > > > rest of the world can just read.
> > >
> > > That eliminates tcp-wr
On Wed, Feb 22, 2006 at 01:07:48AM +0100, Walter Haidinger wrote:
> > Potentially dangerous. How sensitive is this password?
> > Is a mode 600 file secure for your usage?
>
> Yes, I'd think so. After all, we're talking about protecting
> a keystore of _public_ keys...
>
> If GnuPG could als
On Wed, Feb 22, 2006 at 05:49:40PM +1030, Alphax wrote:
> Francesco Turco wrote:
>
> > i have disabled compression becouse files i have to encrypt are already
> > compressed, and compression takes much more time then encryption.
> >
> > do you think it is a good choice?
> >
>
> IIRC GnuPG will
On Wed, Feb 22, 2006 at 11:02:10AM +0100, Walter Haidinger wrote:
> On Tue, 21 Feb 2006, David Shaw wrote:
>
> > > If GnuPG could also store secret keys (btw, can it? have never checked)
> >
> > It's theoretically possible, but no keyserver works that way.
>
On Thu, Feb 23, 2006 at 01:04:10AM +0100, Walter Haidinger wrote:
> On Wed, 22 Feb 2006, David Shaw wrote:
> > Are you looking for a remote keyring?
> > That's slightly different than a keyserver, or at least the thing
> > that GnuPG calls a keyserver.
>
> N
On Thu, Feb 23, 2006 at 01:01:48PM +0100, Walter Haidinger wrote:
> On Thu, February 23, 2006 00:28, David Shaw wrote:
> >> Next release of 1.4.x or 1.9.x?
> >
> > 1.4.3. I've added the new feature, so you could probably grab the
> > gpgkeys_ldap.c from svn a
On Thu, Feb 23, 2006 at 04:13:51PM +0100, Walter Haidinger wrote:
> On Thu, February 23, 2006 14:03, David Shaw wrote:
> > --keyserver-option "binddn=\"uid=user1,ou=PGP Users,dc=EXAMPLE,dc=COM\""
>
> I've got yet another problem when I put keyserve
On Thu, Feb 23, 2006 at 03:52:37PM +, Walter Haidinger wrote:
> I was unaware that _all_ keyserver options apply to any type, i.e.
> http/hkp/ldap.
> The manpage talks about 'a' preferred keyserver, though, so I thought
> that there can be only one, which means all options are global anyways.
On Thu, Feb 23, 2006 at 05:01:08PM +0100, Walter Haidinger wrote:
Thanks for writing this up! I will certainly be pointing people to
this when they ask inthe future.
One comment:
> Further notes:
> * GnuPG looks for PGPServerInfo under the base DN.
> If you decide to put it somewhere else, us
Another thing worth adding to your HOWTO is that if the LDAP server is
going to be publically available, a good name to use is
"keys.(yourdomain)". The reason for this is that both PGP and GnuPG
(as of 1.4.3) can automatically locate keys using that name. For
example, let's say I want to encrypt
On Mon, Feb 27, 2006 at 10:34:10AM +0100, Phil Pennock wrote:
> Is this a known issue, fixed in 1.4.3?
> There's nothing obviously dealing with it in
>
> http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/cipher/ChangeLog?rev=4003&view=markup>
>
> % gpg --version
> gpg (GnuPG) 1.4.2.1-ecc0.1.6
This
On Mon, Feb 27, 2006 at 02:06:57PM +0100, Raphaël Poss wrote:
> Q1. how do you think other software (PGP, old GPG, ...) behave when they
> see multiple encryption public subkeys?
Unless it's really old PGP (say, PGP 5.0 era) it'll work fine.
> Q2. will signatures on other keys made with the lap
On Thu, Mar 02, 2006 at 03:38:45PM +0100, Hanno 'Rince' Wagner wrote:
> Hi,
>
> I try to establish a way to sign my NewsPostings and - more
> interesting - also to verify the messages posted by other people.
> Since I am using new keys, the digest algorithm is SHA1 - which I
> also use. But gpg se
On Fri, Mar 03, 2006 at 04:04:52PM +0100, Olaf Gellert wrote:
> Hi,
>
> I do have some old PGP-2 keys (that are pretty well
> connected in the WebOfTrust). I understand that PGP2
> keys use MD5 as default hash algorithm and they do
> not contain any fields to store adapted preferences.
> But I sti
On Fri, Mar 03, 2006 at 07:29:30PM +0100, Christoph Anton Mitterer wrote:
>
> >>Does this makes any sense anyways because the own
> >>selfsignatures use MD5 which is weak. I could do
> >>new self-sigs with another algorithm, correct?
> >>
> >>
> >Yes, but then you can't use the key in PGP 2 an
On Sat, Mar 04, 2006 at 03:27:54PM +0100, Christoph Anton Mitterer wrote:
> David Shaw wrote:
>
> >He can if he wants to. It doesn't actually make a difference either
> >way since the new signature overrides the older one.
> >
> >
> Is this only gpg beh
On Mon, Mar 06, 2006 at 02:32:53PM +0100, Olaf Gellert wrote:
> David Shaw wrote:
> >> I do have some old PGP-2 keys (that are pretty well
> >> connected in the WebOfTrust). I understand that PGP2
> >> keys use MD5 as default hash algorithm and they do
> >>
On Tue, Mar 07, 2006 at 11:12:12PM +0100, Peter Palfrader wrote:
> Hey,
>
> I wanted to add a notation to my self sig on my key by giving
> --cert-notation on the command line and then updating the cipher
> preferences (as a nice way to generate a new self sig):
>
> | gpg --cert-notation [EMAIL P
On Wed, Mar 08, 2006 at 08:32:53PM +0100, Peter Palfrader wrote:
> On Wed, 08 Mar 2006, David Shaw wrote:
>
> > On Tue, Mar 07, 2006 at 11:12:12PM +0100, Peter Palfrader wrote:
> > > Hey,
> > >
> > > I wanted to add a notation to my self sig on my key
On Thu, Mar 09, 2006 at 02:40:33PM +0100, Peter Palfrader wrote:
> | [EMAIL PROTECTED]:~/tmp/gpg$ gpg --edit test1
> [..]
> | Command> notation [EMAIL PROTECTED]
> | No notations on user ID "test1"
> | Adding notation: [EMAIL PROTECTED]
> [..]
> [just doing 'notation [EMAIL PROTECTED]' is not allo
On Thu, Mar 09, 2006 at 10:52:53PM +0100, Peter Palfrader wrote:
> On Thu, 09 Mar 2006, David Shaw wrote:
>
> > Let's make it simpler: I just added the ability to delete notations
> > directly by using a minus sign prefix like "[EMAIL PROTECTED]".
> >
On Thu, Mar 09, 2006 at 05:55:43PM -0500, [EMAIL PROTECTED] wrote:
> in the announcement of the fix for this condition
> on the gnupg announce list, it says the following:
>
> =[ begin quoted text ]=
>
> The only correct solution to this problem is to get rid of the
> feature
> to check
We are pleased to announce the availability of the second release
candidate for the forthcoming 1.4.3 version of GnuPG:
ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.3rc2.tar.bz2 (3.0M)
ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.3rc2.tar.bz2.sig
SHA-1 checksums for the above files are:
On Mon, Mar 13, 2006 at 07:58:20AM -0500, Atom Smasher wrote:
> On Mon, 13 Mar 2006, Neil Williams wrote:
>
> >Werner et al. :
> >Maybe it's time that --send-key checks if the key to be sent has a
> >secret key in the secret keyring and if it does, prompts the user about
> >a revocation certific
On Fri, Mar 17, 2006 at 11:16:25AM -0800, John Schofield wrote:
> I'm setting up an experimental private keyserver network and trying
> to write scripts to interact with it from the command-line. (OS:
> Ubuntu Linux 5.10)
>
> Let's say that my script is asked to encrypt to a unique user ID.
On Tue, Mar 21, 2006 at 04:02:51PM +0100, Simon Josefsson wrote:
> I recently created a signing sub-key (on a smartcard, if it matters)
> and gpg now use it by default. How do I sign messages using my
> non-subkey? I thought -u would do it, but it doesn't seem to work:
>
> [EMAIL PROTECTED]:~$ e
On Wed, Mar 22, 2006 at 02:29:07PM +0100, Peter Palfrader wrote:
> On Tue, 21 Mar 2006, Simon Josefsson wrote:
>
> > [EMAIL PROTECTED]:~$ echo foo |gpg -a -s -v -u b565716f
> > gpg: using subkey AABB1F7B instead of primary key B565716F
> > gpg: writing to stdout
> > gpg: using subkey AABB1F7B inst
On Wed, Mar 22, 2006 at 09:49:34AM +, Daniel Carrera wrote:
> Hi all,
>
> Last question :)
> By default, gpg will refuse to write to a file (myfile.gpg) that already
> exists. Is there a way to change this behaviour?
>
> I am running gpg on batch mode on a server to encrypt a database before
On Tue, Mar 28, 2006 at 10:01:25PM +0200, Henrik O A Barkman wrote:
>
> Is there a way to run refresh-keys WITHOUT honoring preferred keyserver
> records?
>
> Every now and then I need to update an entire keyring from one specific
> keyserver, and since some of the keys involved has preferred key
On Wed, Mar 29, 2006 at 01:03:35PM -0800, phil wrote:
> Hi,
>
> A quick question regarding the recently discovered
> vulnerability to the injection of unsigned data :
>
> >From the description, it wasn't completely clear to me
> whether this vulnerability also applied to
> verification of clea
On Sat, Apr 01, 2006 at 02:12:42PM -0500, feitao wrote:
> Hi,
>
> As I understand, by default, GunPG uses ElGamal to encrypt/decrypt files,
> and the recommended key length is 1024 bit. Is there any information on how
> encryption/decryption time changes with the key length? Thanks a lot,
Not sig
On Sun, Apr 02, 2006 at 06:05:00PM -0500, Robert J. Hansen wrote:
> When looking over the output of --fixed-list-mode --with-colons
> --list-sig, I discovered that one key which has a designated revoker
> listed did not have a "rvk:" row in the key output.
What key?
David
___
On Mon, Apr 03, 2006 at 06:40:04PM +0200, Tobias Mummert wrote:
> Hi,
>
> Debian vanilla, GCC 3.3.5, Kernel 2.6.16.1:
>
> memory.c: In function `xrealloc':
> memory.c:512: warning: implicit declaration of function `m_alloc_secure_clear'
> memory.c:512: warning: assignment makes pointer from integ
On Mon, Apr 03, 2006 at 09:26:31AM -0700, OpenMacNews wrote:
> hi all.
>
> 1.4.2 was built/running OK on my OSX 10.4.5.
>
> attempting the 1.4.3 build ...
>
> ./configure w/:
>
> ./configure \
> --prefix=/usr/local \
> --with-readline=/usr/local \
> --with-zlib=/usr/loca
On Mon, Apr 03, 2006 at 04:07:49PM -0700, OpenMacNews wrote:
> >>gcc -g -O2 -Wall -Wno-pointer-sign -L/usr/local/lib -lreadline -lpcre
> >> -L/usr/local/lib -L/usr/local/lib -o gpgsplit gpgsplit.o
> >> ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a -liconv -lintl
> >> -liconv -lc
On Wed, Mar 29, 2006 at 11:58:19PM +0200, Philipp Gühring wrote:
> Hi,
>
> GnuPG has problems renewing expired signatures on keys, when the old
> signature
> (that already expired) is still on the key. The old expired signature is
> still on the key, and a new signature isn´t done when trying t
On Tue, Apr 04, 2006 at 08:25:01PM +0200, Peter Palfrader wrote:
> On Mon, 03 Apr 2006, Werner Koch wrote:
>
> > * New auto-key-locate option that takes an ordered list of methods
> > to locate a key if it is not available at encryption time (-r or
> > --recipient). Possible metho
901 - 1000 of 1718 matches
Mail list logo
