From dshaw@jabberwocky.com  Fri Mar  1 00:59:01 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Fri Mar  1 00:59:01 2002
Subject: implications of subkeys?
In-Reply-To: <fab1e42a2e6b4c0ebdfe5d4646f6f6993c7eb595@fchn.com>
References: <fab1e42a2e6b4c0ebdfe5d4646f6f6993c7eb595@fchn.com>
Message-ID: <20020228235727.GF691@akamai.com>

On Thu, Feb 28, 2002 at 02:55:26PM -0800, Steve Butler wrote:
> After thinking this over and using gpg to generate some keys today I have a
> slightly better understanding:
>   * generated a 1024 bit sign only DSA master key pair
>   * added a 2048 bit encrypt only ELG sub key pair
>   * added a 1024 bit encrypt only ELG sub key pair
>   * added 2 1024 bit sign only DSA sub key pair
> 
> I suppose I could have used two ELG keys with sign/encrypt capability
> instead of the four sub keys.

Yes, but then you would have had two "keys" in the keyservers and on
people's keyrings.

> Now, I take it that the 3rd party must know the exact key ID I wish them to
> use.  If somebody sends files both to me at home (pleasure) and at work
> (business) then they must know enough to specify different key ID.  If I
> remember the discussion from earlier in the week the email/user ID is not
> attached to a specific sub key.

Correct.  If they do not specify a particular key to encrypt to, GnuPG
will make a reasonable guess for which subkey to use (it uses the one
with the most recent signature, which generally means the most
recently created key).

Generally this is not an issue since people usually don't have very
many active encrypting subkeys at the same time.  Usually there is
only one, and a new one is added some time before the first expires.
Once the new one is widely distributed the old one is revoked or
allowed to expire.

If you are intend to use different keys for home and work, that
particular case sounds like it would be more convenient to use two
different full keys.

> And I take it that for signing I have to specify the particular key ID on
> the --local-user option rather than just allowing it to sign with the
> default (which would probably be the master key).

Mostly correct.  GnuPG is biased internally towards subkeys.  If you
don't specify otherwise, it will use a subkey over the master key if
possible.  To specify a particular key, you can use --local-user and
append an exclamation mark to the key id.  This means "Don't try and
figure out which subkey to use.  Give me this exact key id."

> However, to verify my signature the recipient need only to have my public
> key with all of the sub-keys.  The software will know which key ID was used
> to sign and will automatically use the correct public sub-key.  Likewise,
> when I receive an encrypted file the software will know which public sub-key
> they used to encrypt the data and will use the corresponding private
> sub-key.  All private keys (master and sub-keys) are protected with the same
> pass phrase.

All correct.  It would be sort of interesting to be able to have
different passphrases for different subkeys, and there is nothing in
the standard that prevents it, but GnuPG doesn't do it now.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From dshaw@jabberwocky.com  Fri Mar  1 01:05:02 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Fri Mar  1 01:05:02 2002
Subject: Multiple subkey warning
Message-ID: <20020301000236.GG691@akamai.com>

Hi folks,

What with all the discussions of multiple subkeys, I wanted to add a
warning:

** Most of the current keyservers in use on the net today do not
handle multiple subkeys properly.  The subkeys get mangled together
and corrupted. **

Worse, most of the keyservers synchronize with other keyservers, so
even if you send your key to one of the good ones, it can end up on
the bad ones as well and get corrupted.

Obviously this doesn't affect your local copy or anyone you send your
key to directly, but anyone who gets it off one of the bad keyservers
will get a corrupted key.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From douglist@anize.org  Fri Mar  1 01:29:01 2002
From: douglist@anize.org (Douglas F. Calvert)
Date: Fri Mar  1 01:29:01 2002
Subject: Scientific American Global Privacy Summit in NYC?
Message-ID: <1014942876.14977.34.camel@allevil>

--=-HhogfN7Dtay4ezC4wMZK
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Hello,
 Is anyone going to the global privacy summit in nyc?

--=20
+-----------------+---------------------------------------------------+
| Douglas Calvert |         <dfc@anize.org>  http://anize.org         |
+-----------------+---------------------------------------------------+
| Encrypted email | They that can give up liberty to obtain a little  |
|  is encouraged  |temporary safety deserve neither liberty nor safety|
+-----------------+---------------------------------------------------+
|   http://pgp.dtype.org:11371/pks/lookup?op=3Dget&search=3D0xC9541FB2    |
+-------| 0817 30D4 82B6 BB8D 5E66  06F6 B796 073D C954 1FB2 |--------+

--=-HhogfN7Dtay4ezC4wMZK
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQA8fsyct5YHPclUH7IRAhzjAJ9Lt6rOW/ZM1owrSC+s67a8+UQOugCfT1Nq
HZxRzfQ9MLMAMH/CYXC6mls=
=2OA5
-----END PGP SIGNATURE-----

--=-HhogfN7Dtay4ezC4wMZK--


From crisbill@lightlink.com  Fri Mar  1 05:09:02 2002
From: crisbill@lightlink.com (Bill Carini)
Date: Fri Mar  1 05:09:02 2002
Subject: Message body is empty in email
Message-ID: <3C7EF84D.4BD08E05@pop.lightlink.com>

Go to the archive and see my response to "executing from the web" that
I posted on February 12.
(I assume that the form you are referring to is a web form).
You need to give write permission to the username that the web server is
using , not to gpg. This is often the user
"nobody", but this varies from system to system.
Another tip is to add "2>errorfile" to your gpg command. The errorfile
will probably give you some valuable
information.

Good luck,
Bill Carini



From disastry@saiknes.lv  Fri Mar  1 08:05:01 2002
From: disastry@saiknes.lv (disastry@saiknes.lv)
Date: Fri Mar  1 08:05:01 2002
Subject: implications of subkeys?
Message-ID: <3C7F27A5.671ABCEF@saiknes.lv>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Steve Butler sbutler@fchn.com wrote:
> After thinking this over and using gpg to generate some keys today I have a
> slightly better understanding:
>   * generated a 1024 bit sign only DSA master key pair
>   * added a 2048 bit encrypt only ELG sub key pair
>   * added a 1024 bit encrypt only ELG sub key pair
>   * added 2 1024 bit sign only DSA sub key pair
> 
> I suppose I could have used two ELG keys with sign/encrypt capability
> instead of the four sub keys.

ELG sign/encrypt keys is not supported by PGP (except 658ckt06)

> Now, I take it that the 3rd party must know the exact key ID I wish them to
> use.  If somebody sends files both to me at home (pleasure) and at work
> (business) then they must know enough to specify different key ID.  If I
> remember the discussion from earlier in the week the email/user ID is not
> attached to a specific sub key.

unlike GPG, PGP does not allow to select to which subkey to encrypt,
PGP always encrypts to newest one.

> And I take it that for signing I have to specify the particular key ID on
> the --local-user option rather than just allowing it to sign with the
> default (which would probably be the master key).

I'm not sure, but I think GPG will sign with subkey by default if there is one.

> However, to verify my signature the recipient need only to have my public
> key with all of the sub-keys.

it's enough with signing subkeys.
but again PGP cannot verify signatures made with subkeys
(except 658ckt07 and maybe 7.x(but I'm not sure about it))

>  The software will know which key ID was used
> to sign and will automatically use the correct public sub-key.

yes

>  Likewise,
> when I receive an encrypted file the software will know which public sub-key
> they used to encrypt the data and will use the corresponding private
> sub-key.

yes

>  All private keys (master and sub-keys) are protected with the same
> pass phrase.

yes. normally.

different passprase can also be set (at least with 658ckt06),
I think it's wery cool furture :)

GPG also can use different passprase for key and subke(s),
but it's difficult to set different passprases with GPG,
for example, if you have 2 subkeys, you have to:

export to file0
delete subkey 2
set passphrase 1
export to file1
delete key
import from file0
delete subkey 1
set passphrase 2
export to file2
delete subkey 2
set passphrase 0
import from file1
import from file2
wipe file0, file1, file2

now the key will be protected with passprase 0, subkeys with passprases 1 and 2 :)

__
Disastry  http://disastry.dhs.org/
http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon
 ^----PGP 2.6.3ia-multi05 (supports IDEA, CAST5, BLOWFISH, TWOFISH,
      AES, 3DES ciphers and MD5, SHA1, RIPEMD160, SHA2 hashes)
-----BEGIN PGP SIGNATURE-----
Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1

iQA/AwUBPH8LOTBaTVEuJQxkEQOGiQCfYPr+ga9nOipYt264ZX8IPa98q5MAn1KV
0myAIPVZcPn5aoIxCV7KiUzS
=3pkT
-----END PGP SIGNATURE-----


From Marco van Lienen <marcovl@worldonline.nl>  Fri Mar  1 13:25:01 2002
From: Marco van Lienen <marcovl@worldonline.nl> (Marco van Lienen)
Date: Fri Mar  1 13:25:01 2002
Subject: porting keypair to another OS
Message-ID: <20020301132252.O8706@tiscali.nl>

--dp9QYJgVRVEW2bsm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

I'm switching from RH Linux (GnuPG 1.06) to FreeBSD 4.5-STABLE.=20
Is it possible to port my keypair without difficulties to FreeBSD?

--=20
Marco van Lienen -- Unix SysAdmin --  <marcovl@tiscali.nl>
Tiscali Benelux, Office: +31-30-248-3655 Cell: +31-6-22473707
URL: http://www.tiscali.nl/
=20
S@H:3282WU/6.250yr --> setiathome.ssl.berkeley.edu Will you find aliens?
=20
Why did it happen ? BOFH Excuse:
                       Fatal error: you're dead.

--dp9QYJgVRVEW2bsm
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8f3KcOwsMGR/3vQ8RAnqiAKC7luKQ1wMPsPu3d7u1JXKKSeeS4gCgwwu9
GbAhAI7gepbTu/o7EHxFfLw=
=1Xr4
-----END PGP SIGNATURE-----

--dp9QYJgVRVEW2bsm--


From agreene@pobox.com  Fri Mar  1 13:51:01 2002
From: agreene@pobox.com (Anthony E. Greene)
Date: Fri Mar  1 13:51:01 2002
Subject: porting keypair to another OS
In-Reply-To: <20020301132252.O8706@tiscali.nl>
Message-ID: <Pine.LNX.4.33.0203010744470.7193-100000@cp5340.localdomain>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 1 Mar 2002, Marco van Lienen wrote:
>I'm switching from RH Linux (GnuPG 1.06) to FreeBSD 4.5-STABLE. 
>Is it possible to port my keypair without difficulties to FreeBSD?

Just copy everything in ~/.gnupg to the new machine.

Tony
- -- 
Anthony E. Greene <agreene@pobox.com> <http://www.pobox.com/~agreene/>
PGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D
Chat: AOL/Yahoo: TonyG05
Linux. The choice of a GNU generation <http://www.linux.org/>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Anthony E. Greene <agreene@pobox.com> 0x6C94239D

iD8DBQE8f3fupCpg3WyUI50RApuPAKC8aopRZSKPSkjnNpkpfog7mwR7bgCfd7La
l8ZaQ55Z0cUFzoRZfE1bvYE=
=dxLZ
-----END PGP SIGNATURE-----



From incanus@codesorcery.net  Fri Mar  1 16:24:01 2002
From: incanus@codesorcery.net (Justin R. Miller)
Date: Fri Mar  1 16:24:01 2002
Subject: Scientific American Global Privacy Summit in NYC?
In-Reply-To: <1014942876.14977.34.camel@allevil>
References: <1014942876.14977.34.camel@allevil>
Message-ID: <20020301152127.GD7166@mithrandir.codesorcery.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Said Douglas F. Calvert on Thu, Feb 28, 2002 at 07:34:36PM -0500:

> Is anyone going to the global privacy summit in nyc?

Where can I find more info on this?  I'd be interested...

- -- 
[!] Justin R. Miller <incanus@codesorcery.net>
    PGP 0xC9C40C31 -=- http://codesorcery.net

    http://www.newsbytes.com/news/02/174673.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8f5x394d6K8nEDDERAkjpAJ4rDBApY5CT7a6UK4Le1gmhAPcCJACgg3Ia
WqYxic5MmDa0CNowxdtXIfo=
=QNaG
-----END PGP SIGNATURE-----


From sbutler@fchn.com  Fri Mar  1 16:36:01 2002
From: sbutler@fchn.com (Steve Butler)
Date: Fri Mar  1 16:36:01 2002
Subject: implications of subkeys?
Message-ID: <0f56447cc6afe71da0d77b387651040f3c7f9f70@fchn.com>

I was really thinking of 2 ELG sign/encrypt sub-keys instead of the 2 ELG
encrypt sub-keys and the 2 DSA sign sub keys.  However, there was some note
about the ELG sign/encrypt being depreciated.  I'm not sure what that really
means in this case but the dictionary definition implied this was a bad
thing!

The more comments I read, the closer I come to believing the best bet is a
key set for work and a totally separate key set for home.  Or more
precisely, a personal set and a business set.

Now, it does appear to me that the default mechanism GPG uses to build the
keys (a DSA sign pair and an ELG encrypt pair as a sub-key) really does lend
itself to keeping the DSA around as long as possible while putting a life on
the ELG sub-keys.  

However, if the authorities came and asked for my decrypting key, I'm not
sure I'd know how to pull only the ELG sub key (private piece) out to give
to them without also letting them have the DSA private key.

--Steve

PS  Thanks for everybody who has chipped in on this discussion as it sure
has increased my understanding of the black box.



-----Original Message-----
From: David Shaw [mailto:dshaw@jabberwocky.com]
Sent: Thursday, February 28, 2002 3:57 PM
To: GnuPG Users
Subject: Re: implications of subkeys?


On Thu, Feb 28, 2002 at 02:55:26PM -0800, Steve Butler wrote:
> After thinking this over and using gpg to generate some keys today I have
a
> slightly better understanding:
>   * generated a 1024 bit sign only DSA master key pair
>   * added a 2048 bit encrypt only ELG sub key pair
>   * added a 1024 bit encrypt only ELG sub key pair
>   * added 2 1024 bit sign only DSA sub key pair
> 
> I suppose I could have used two ELG keys with sign/encrypt capability
> instead of the four sub keys.

Yes, but then you would have had two "keys" in the keyservers and on
people's keyrings.


CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.



From dshaw@jabberwocky.com  Fri Mar  1 17:04:02 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Fri Mar  1 17:04:02 2002
Subject: implications of subkeys?
In-Reply-To: <0f56447cc6afe71da0d77b387651040f3c7f9f70@fchn.com>
References: <0f56447cc6afe71da0d77b387651040f3c7f9f70@fchn.com>
Message-ID: <20020301160141.GC680@akamai.com>

On Fri, Mar 01, 2002 at 07:32:29AM -0800, Steve Butler wrote:
> I was really thinking of 2 ELG sign/encrypt sub-keys instead of the 2 ELG
> encrypt sub-keys and the 2 DSA sign sub keys.  However, there was some note
> about the ELG sign/encrypt being depreciated.  I'm not sure what that really
> means in this case but the dictionary definition implied this was a bad
> thing!

In this particular case, it means "Don't use these." :) ElGamal
signatures are somewhat controversial.

> Now, it does appear to me that the default mechanism GPG uses to build the
> keys (a DSA sign pair and an ELG encrypt pair as a sub-key) really does lend
> itself to keeping the DSA around as long as possible while putting a life on
> the ELG sub-keys.  

Yes.  That's a good thing, as the DSA primary (plus your user ID) is
what ties you into the web of trust.  You'd want that key to stay
around for a long time, if not forever.

> However, if the authorities came and asked for my decrypting key, I'm not
> sure I'd know how to pull only the ELG sub key (private piece) out to give
> to them without also letting them have the DSA private key.

You can do it with "gpg --export-secret-subkeys".

However, that allows the authorities to decrypt everything sent to
that key (which is a reason right there to change your encryption key
every now and then).  You can reveal the session key for a single
message with --show-session-key.

Seriously, though - if that happens, call a lawyer before you do
anything, and then call the EFF.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From JanuszA.Urbanowicz  Fri Mar  1 17:21:01 2002
From: JanuszA.Urbanowicz (JanuszA.Urbanowicz)
Date: Fri Mar  1 17:21:01 2002
Subject: implications of subkeys?
In-Reply-To: <0f56447cc6afe71da0d77b387651040f3c7f9f70@fchn.com> from Steve Butler
 at "Mar 1, 2002 07:32:29 am"
Message-ID: <E16gpdw-0005ce-00@syjon.fantastyka.net>

Steve Butler wrote/napisa=B3[a]/schrieb:

> The more comments I read, the closer I come to believing the best bet is a
> key set for work and a totally separate key set for home.  Or more
> precisely, a personal set and a business set.

Don't do this. I did this once and still regret (my experiences with 'legacy
v3 key' are a dim echo of this past). It complicates your web of trust
position, you have two set of user-ids to gather signatures, you never know
if your correspondent has the right key on and generally the hassle is
significant. And significantly bigger than for single key.

Alex
--=20
C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling |         | =
  *  =09
 ; (_O : +-------------------------------------------------------------+ --=
+~|=09
 ! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem ka=
=BFde z=B3o | l_|/=09
A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF po d=
no;     |   |  =20


From sbutler@fchn.com  Fri Mar  1 18:10:01 2002
From: sbutler@fchn.com (Steve Butler)
Date: Fri Mar  1 18:10:01 2002
Subject: implications of subkeys?
Message-ID: <d16223f7a928717a3835d5538883736a3c7fb556@fchn.com>

Hmm.  This whole thread started because of somebody's desire to secure =
their
home communication versus their work site communication.  It really has=
 been
a learning experience.  Your and David's helpful comments throughout th=
is
process have shed a lot of light.  So, if I have read everything correc=
tly,
it sounds like the general consensus is:
*  Have one signing only key pair -- the master set (most likely DSA of=

appropriate strength for long term usage).
*  Have one encryption sub-key (until most keyservers understand and
correctly handle multiple sub-keys) that is changed every so often.
*  Expose only the session-level key if possible when given a court ord=
er
(with appropriate legal counsel).
*  If must expose the encryption sub-key, then generate a new pair for
future use (and change it more often) and revoke the prior sub-key pair=
,

I guess this still doesn't answer the one individual's concern about wa=
nting
to have business and personal encryption different in case a court orde=
r
forced exposure of one or the other key.  Sounds like we need to wait f=
or
updates to the keyservers.




-----Original Message-----
From: Janusz A. Urbanowicz [mailto:alex@bofh.torun.pl]
Sent: Friday, March 01, 2002 8:12 AM
To: Steve Butler
Cc: 'David Shaw'; GnuPG Users
Subject: Re: implications of subkeys?


Steve Butler wrote/napisa=B3[a]/schrieb:

> The more comments I read, the closer I come to believing the best bet=
 is a
> key set for work and a totally separate key set for home.  Or more
> precisely, a personal set and a business set.

Don't do this. I did this once and still regret (my experiences with 'l=
egacy
v3 key' are a dim echo of this past). It complicates your web of trust
position, you have two set of user-ids to gather signatures, you never =
know
if your correspondent has the right key on and generally the hassle is
significant. And significantly bigger than for single key.

Alex
-- 
C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling |       =
  |   *

 ; (_O : +-------------------------------------------------------------=
+
--+~|	
 ! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem =
ka=BFde z=B3o |
l_|/	
A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF =
po dno;     |   |


CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments=
, is for the sole use of the intended recipient(s) and may contain conf=
idential and privileged information.  Any unauthorized review, use, dis=
closure or distribution is prohibited.  If you are not the intended rec=
ipient, please contact the sender by reply e-mail and destroy all copie=
s of the original message.



From wk@gnupg.org  Fri Mar  1 18:31:03 2002
From: wk@gnupg.org (Werner Koch)
Date: Fri Mar  1 18:31:03 2002
Subject: Multiple subkey warning
In-Reply-To: <20020301000236.GG691@akamai.com> (David Shaw's message of
 "Thu, 28 Feb 2002 19:02:36 -0500")
References: <20020301000236.GG691@akamai.com>
Message-ID: <87g03kpng4.fsf@alberti.gnupg.de>

On Thu, 28 Feb 2002 19:02:36 -0500, David Shaw said:

> ** Most of the current keyservers in use on the net today do not
> handle multiple subkeys properly.  The subkeys get mangled together
> and corrupted. **

This is a good idea.  We might want so setup a webpage to further
explain this and to tell people of forthcoming keyserver networks
without this problem.


-- 
Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus



From ftobin@neverending.org  Fri Mar  1 19:47:01 2002
From: ftobin@neverending.org (Frank Tobin)
Date: Fri Mar  1 19:47:01 2002
Subject: [Announce] Ann.: keystory 0.1.0 (initial) release
Message-ID: <20020228234703.T93061-100000@palanthas.neverending.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Announcing the 0.1.0 (initial) release of keystory:

keystory, by analyzing email history, gathers data on the usage of OpenPGP
signatures, and provides information to imperfectly, but practically
complement the web of trust, answering questions such as "What keys has
foo@bar.baz.com used, where and when?"

The homepage for keystory is at:
http://keystory.sourceforge.net/

tar.gz's and RPM's can be found at:
http://sourceforge.net/project/showfiles.php?group_id=42442

I have put up a demo of keystory having a CGI interface at
http://palanthas.neverending.org/keystory/

The demo site contains information gathered from the gnupg-users and
gnupg-devel archives.

keystory requires Python 2.2 or later, GnuPG, and other Python modules
that are described in the README.


>From the NEWS file:

Noteworthy changes in 0.1.0
- -----------------------------------------------------------------

    *   Initial release of keystory.

    *   Current issues are that there is no  recognition of
        duplicately imported data and compile time is slow.


- -- 
Frank Tobin		http://www.neverending.org/~ftobin/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/

iEYEARECAAYFAjx/E/gACgkQVv/RCiYMT6NwfQCgigfN1v7620XSGa+qoEfGZwMb
jwkAniEOgAXGuOLO0aG+FO1CLqsmyRaX
=fpYe
-----END PGP SIGNATURE-----





_______________________________________________
Gnupg-announce mailing list
Gnupg-announce@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce



From JanuszA.Urbanowicz  Fri Mar  1 20:27:01 2002
From: JanuszA.Urbanowicz (JanuszA.Urbanowicz)
Date: Fri Mar  1 20:27:01 2002
Subject: implications of subkeys?
In-Reply-To: <Pine.LNX.4.30.QNWS.0202271554190.3314-100000@thetis.deor.org> from
 Len Sassaman at "Feb 27, 2002 03:59:15 pm"
Message-ID: <E16gsXD-0006Qk-00@syjon.fantastyka.net>

Len Sassaman wrote/napisa=B3[a]/schrieb:
> This isn't actually needed, however, due to a trick in the PGP trust
> model that isn't too widely known:
>=20
> If a key A bearing a given user-id signs a key B with an identicial
> user-id (and the signature is made on that identical user id) then trust
> for key B is calculated as though all the signatures for this shared
> user-id on key A were made on key B. This was introduced around the time
> of PGP 3.0, to prevent an RSA/DSA divide in the web of trust.

I do not want to seem to attack PGP developers et al, but why the hell this
(very important IMO) feature wasn't publicized then?

Alex
--=20
C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling |         | =
  *  =09
 ; (_O : +-------------------------------------------------------------+ --=
+~|=09
 ! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem ka=
=BFde z=B3o | l_|/=09
A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF po d=
no;     |   |  =20


From dshaw@jabberwocky.com  Fri Mar  1 20:38:02 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Fri Mar  1 20:38:02 2002
Subject: implications of subkeys?
In-Reply-To: <E16gpdw-0005ce-00@syjon.fantastyka.net>
References: <0f56447cc6afe71da0d77b387651040f3c7f9f70@fchn.com> <E16gpdw-0005ce-00@syjon.fantastyka.net>
Message-ID: <20020301193236.GD1518@akamai.com>

On Fri, Mar 01, 2002 at 05:12:24PM +0100, Janusz A. Urbanowicz wrote:
> Steve Butler wrote/napisa?[a]/schrieb:
> 
> > The more comments I read, the closer I come to believing the best bet is a
> > key set for work and a totally separate key set for home.  Or more
> > precisely, a personal set and a business set.
> 
> Don't do this. I did this once and still regret (my experiences with 'legacy
> v3 key' are a dim echo of this past). It complicates your web of trust
> position, you have two set of user-ids to gather signatures, you never know
> if your correspondent has the right key on and generally the hassle is
> significant. And significantly bigger than for single key.

Hmm.  Personal preference, I think.

For me, I always felt it was better to seperate my work life from my
personal life - that means two email addresses, two different keys,
etc.  There is inevitable overlap, of course, but it works well for me
that way.  It also works better if the company requires things like a
company revocation key, or worse, a company ADK.  I wouldn't want that
on my personal key.

In the USA, at least, I have read about possible legal issues with
regards to the boundaries between private and company communications.
If I send a private email from a company email address, the company
can under some circumstances ask for a copy of it.  (I am not a
lawyer, laws are different everywhere, etc.)

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From dshaw@jabberwocky.com  Fri Mar  1 20:43:02 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Fri Mar  1 20:43:02 2002
Subject: implications of subkeys?
In-Reply-To: <d16223f7a928717a3835d5538883736a3c7fb556@fchn.com>
References: <d16223f7a928717a3835d5538883736a3c7fb556@fchn.com>
Message-ID: <20020301193950.GE1518@akamai.com>

On Fri, Mar 01, 2002 at 09:05:57AM -0800, Steve Butler wrote:
> Hmm.  This whole thread started because of somebody's desire to secure their
> home communication versus their work site communication.  It really has been
> a learning experience.  Your and David's helpful comments throughout this
> process have shed a lot of light.  So, if I have read everything correctly,
> it sounds like the general consensus is:
> *  Have one signing only key pair -- the master set (most likely DSA of
> appropriate strength for long term usage).

Yes.  The algorithm is up to you and what you trust more.  GnuPG 1.0.7
gives you the choice between DSA and RSA.  They each have advantages
and disadvantages.

> *  Have one encryption sub-key (until most keyservers understand and
> correctly handle multiple sub-keys) that is changed every so often.

Problem here.  If your key is already on the bad keyservers, adding a
new subkey will trigger the bug.  Even if you remove the old subkey
first, it doesn't leave the keyservers.

> *  Expose only the session-level key if possible when given a court order
> (with appropriate legal counsel).
> *  If must expose the encryption sub-key, then generate a new pair for
> future use (and change it more often) and revoke the prior sub-key pair,

Yes.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From dshaw@jabberwocky.com  Fri Mar  1 20:48:01 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Fri Mar  1 20:48:01 2002
Subject: implications of subkeys?
In-Reply-To: <Pine.LNX.4.30.QNWS.0202271554190.3314-100000@thetis.deor.org>
References: <20020227070231.0000.ANDRIASH@telus.net> <Pine.LNX.4.30.QNWS.0202271554190.3314-100000@thetis.deor.org>
Message-ID: <20020301194443.GF1518@akamai.com>

On Wed, Feb 27, 2002 at 03:59:15PM -0800, Len Sassaman wrote:
> If a key A bearing a given user-id signs a key B with an identicial
> user-id (and the signature is made on that identical user id) then trust
> for key B is calculated as though all the signatures for this shared
> user-id on key A were made on key B. This was introduced around the time
> of PGP 3.0, to prevent an RSA/DSA divide in the web of trust.

I heard about this a few months ago (I think you were the one who told
me, actually), but I don't really see a large benefit here.  All it
means is that your new key is one certification depth "hop" closer
than it would be otherwise.  Is that really such a big benefit?

GnuPG does not do this, incidentally.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From douglist@anize.org  Fri Mar  1 23:17:02 2002
From: douglist@anize.org (Douglas F. Calvert)
Date: Fri Mar  1 23:17:02 2002
Subject: subkeys hate me
Message-ID: <1015021360.19161.9.camel@allevil>

--=-TGyZ7iYVxB4YtN13hqo2
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Hello,
 I am having some serious troubles with subkeys. I have created two
subkeys for my key 13300731. I have also revoked two. I can not get them
to be imported into another keyring (the one on my laptop). I have tried
everything i think. Here is the output on my main machine:

Secret key is available.

pub  1024D/13300731  created: 2001-07-07 expires: never      trust: f/u
sub  2048g/E8417DBF  created: 2001-07-07 expires: never    =20
rev! subkey has been revoked: 2002-02-27
rev! subkey has been revoked: 2002-02-27
sub  4096g/69F66200  created: 2002-02-27 expires: never    =20
rev! subkey has been revoked: 2002-02-27
sub  1024D/ECF0CF22  created: 2002-03-01 expires: never    =20
sub  4096g/711013C1  created: 2002-03-01 expires: never    =20
(1)  Douglas F. Elznic <dfe@anize.org>

gpg --export-secret-keys -a >secret.asc
gpg --export-secret-subkeys -a > secret-sub.asc

Then one my laptop:

dfc@lrrp:~$ gpg --allow-secret-key-import --import secret.asc=20
gpg: key 13300731: already in secret keyring
gpg: key C9541FB2: already in secret keyring
gpg: key 0B1770DB: already in secret keyring
gpg: Total number processed: 3
gpg:       secret keys read: 3
gpg:  secret keys unchanged: 3
dfc@lrrp:~$ gpg --allow-secret-key-import --import secret-sub.asc=20
gpg: key 13300731: already in secret keyring
gpg: key C9541FB2: already in secret keyring
gpg: key 0B1770DB: already in secret keyring
gpg: Total number processed: 3
gpg:       secret keys read: 3
gpg:  secret keys unchanged: 3

Now when I do gpg --edit-key 13300731 on my laptop

gpg: no secret subkey for public subkey 69F66200 - ignoring
gpg: no secret subkey for public subkey ECF0CF22 - ignoring
gpg: no secret subkey for public subkey 711013C1 - ignoring
Secret key is available.

pub  1024D/13300731  created: 2001-07-07 expires: never      trust: f/u
sub  2048g/E8417DBF  created: 2001-07-07 expires: never    =20
rev! subkey has been revoked: 2002-02-27
sub  4096g/69F66200  created: 2002-02-27 expires: never    =20
rev! subkey has been revoked: 2002-02-27
sub  1024D/ECF0CF22  created: 2002-03-01 expires: never    =20
sub  4096g/711013C1  created: 2002-03-01 expires: never    =20
(1)  Douglas F. Elznic <dfe@anize.org>

I have even gone as far as importing secring and pubring from my main
.gnupg dir and still no luck. Any clues? Dave Shaw and Frank Tobin i
know you guys know;) Werner you probably know too, but these guys hold
my hand during everything...



--=20
+-----------------+---------------------------------------------------+
| Douglas Calvert |         <dfc@anize.org>  http://anize.org         |
+-----------------+---------------------------------------------------+
| Encrypted email | They that can give up liberty to obtain a little  |
|  is encouraged  |temporary safety deserve neither liberty nor safety|
+-----------------+---------------------------------------------------+
|   http://pgp.dtype.org:11371/pks/lookup?op=3Dget&search=3D0xC9541FB2    |
+-------| 0817 30D4 82B6 BB8D 5E66  06F6 B796 073D C954 1FB2 |--------+

--=-TGyZ7iYVxB4YtN13hqo2
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQA8f/8wt5YHPclUH7IRAr61AJ9faUClQaIDMVsR30gXWfEwS9GdkgCfRMI7
Us0sh0Rz9mzloc1VprK2BK0=
=owzE
-----END PGP SIGNATURE-----

--=-TGyZ7iYVxB4YtN13hqo2--


From ingo.kloecker@epost.de  Sat Mar  2 13:54:02 2002
From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=)
Date: Sat Mar  2 13:54:02 2002
Subject: advantages/disadvantages of DSA/RSA keys (was: Re: implications of subkeys?)
Message-ID: <200203021351.06645@erwin.ingo-kloecker.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday 01 March 2002 20:39, David Shaw wrote:
> Yes.  The algorithm is up to you and what you trust more.  GnuPG
> 1.0.7 gives you the choice between DSA and RSA.  They each have
> advantages and disadvantages.

Is there somewhere a short but complete list of the advantages and=20
disadvantages?

Regards,
Ingo

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8gMq5GnR+RTDgudgRAlx+AKCdvCAU6q3Dsf982yUwggue5GNncACfZ+VK
C/PnLv/wBtti8CruOI5CKIA=3D
=3DrazX
-----END PGP SIGNATURE-----


From nyg102@psu.edu  Sat Mar  2 15:08:02 2002
From: nyg102@psu.edu (Naresh Reddy)
Date: Sat Mar  2 15:08:02 2002
Subject: Creating a Key problem
Message-ID: <Pine.LNX.4.43.0203020904090.7890-100000@debian>

When I create a key? By gpg --gen-key.
But I don't know where the key is being creating. Do I need to set up a
.gnupg file or something?


Naresh



-----------------------------------
Naresh Reddy
nyg102@psu.edu
http://www.personal.psu.edu/nyg102
-----------------------------------



From dshaw@jabberwocky.com  Sat Mar  2 15:24:01 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Sat Mar  2 15:24:01 2002
Subject: advantages/disadvantages of DSA/RSA keys (was: Re: implications of subkeys?)
In-Reply-To: <200203021351.06645@erwin.ingo-kloecker.de>
References: <200203021351.06645@erwin.ingo-kloecker.de>
Message-ID: <20020302142133.GC679@akamai.com>

On Sat, Mar 02, 2002 at 01:51:01PM +0100, Ingo Kl=F6cker wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>=20
> On Friday 01 March 2002 20:39, David Shaw wrote:
> > Yes.  The algorithm is up to you and what you trust more.  GnuPG
> > 1.0.7 gives you the choice between DSA and RSA.  They each have
> > advantages and disadvantages.
>=20
> Is there somewhere a short but complete list of the advantages and=20
> disadvantages?

This is pretty good:
     http://www.samsimpson.com/pgpfaq.html

David

--=20
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.co=
m/
+------------------------------------------------------------------------=
---+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From ingo.kloecker@epost.de  Sat Mar  2 19:10:02 2002
From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=)
Date: Sat Mar  2 19:10:02 2002
Subject: advantages/disadvantages of DSA/RSA keys (was: Re: implications of subkeys?)
In-Reply-To: <20020302142133.GC679@akamai.com>
References: <200203021351.06645@erwin.ingo-kloecker.de> <20020302142133.GC679@akamai.com>
Message-ID: <200203021901.03086@erwin.ingo-kloecker.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Saturday 02 March 2002 15:21, David Shaw wrote:
> On Sat, Mar 02, 2002 at 01:51:01PM +0100, Ingo Kl=F6cker wrote:
> > On Friday 01 March 2002 20:39, David Shaw wrote:
> > > Yes.  The algorithm is up to you and what you trust more.  GnuPG
> > > 1.0.7 gives you the choice between DSA and RSA.  They each have
> > > advantages and disadvantages.
> >
> > Is there somewhere a short but complete list of the advantages and
> > disadvantages?
>
> This is pretty good:
>      http://www.samsimpson.com/pgpfaq.html

Thanks. At least from section 8.1 it doesn't seem that RSA keys have any=20
advantages (except the backwards compatibility with plain PGP 2.x).

Regards,
Ingo

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8gRNcGnR+RTDgudgRAr0ZAJ9AhXnxnRLL9MxbHYnNNACzC8C6xQCgprmA
u/M2T4l4JFXVIHSthP84qQM=3D
=3DyuEh
-----END PGP SIGNATURE-----


From dvgevers@wxs.nl  Sat Mar  2 21:45:01 2002
From: dvgevers@wxs.nl (Dick Gevers)
Date: Sat Mar  2 21:45:01 2002
Subject: Bug of sorts in documentation GPG 1.0.6
Message-ID: <3C8138B1.13699.782FC1@localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi, 

For several years I have been using PGP but as NAI has stopped 
further development I decided to look into GnuPG. I am completely 
new to GnuPG and it took me several hours to get it working because 
there is a small inaccuracy in the file readme.w32: 

It says quote 4. If you did not use the default directory 
"c:\gnupg", you     should enter a string with the directory into 
the Registry     under the key: 	 
\\HKEY_CURRENT_USER\Software\GNU\GnuPG\HomeDir     Please use 
forward slashes and not the backslashes when     setting filenames 
for GnuPG into the Registry. unquote 

Since my C:\ drive is FAT32 I find it unreliable for storing files 
such as those of GPG and do so on an NTFS drive. 

Today I downloaded GnuPG 1.0.6 and GPGShell for Windows v. 2.25 and 
the QDGPG plugin for Pegasus Mail. I couldn't get any of these to 
work okay until I found the page 
http://www.jumaros.de/rsoft/gpg/guide.html 

The problem is there shouldn't be a Regkey 
\\HKEY_CURRENT_USER\Software\GNU\GnuPG\HomeDir 
but rather 
\\HKEY_CURRENT_USER\Software\GNU\GnuPG 
with a string value called "HomeDir" containing as data the path to 
the GPG.exe directory. 

Moreover the mention that forward slashes must be used is 
unnecessary and un-windows like: backward slashes work fine. 

HTH

Regards 
=Dick Gevers= 


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (MingW32)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjyBOLEACgkQwC/zk+cxEdMO8ACgm2FpLryaipzevxpE47yoq92C
pLcAoJljS+VJxYsxuKnMpmz/FHlJ/ahO
=XUv1
-----END PGP SIGNATURE-----


From xconsole@it.yorku.ca  Sun Mar  3 10:13:01 2002
From: xconsole@it.yorku.ca (Harold Rodriguez)
Date: Sun Mar  3 10:13:01 2002
Subject: Creating a Key problem
Message-ID: <Pine.LNX.4.44.0203030405330.7621-100000@moonfrog.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

+ When I create a key? By gpg --gen-key.
+ But I don't know where the key is being creating. Do I need to set up a
+ .gnupg file or something?

I assume you're using a *nix type system. If so, the first time you type
gpg --gen-key a ~/.gnupg directory will be created (if it does not already
exist). All your keys will be stored in there.

- -- 
Harold Rodriguez  .:.  X_console
World Wide Web    .:.  http://it.yorku.ca/moonfrog
GnuPG Key ID      .:.  0x9ECCF021

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8gehi8mTSoJ7M8CERAtgyAKDHhgIAbiqDvMPYFMEHnGRZRyx3rACguXxw
kbgYjXNBaeRk2zKg6SCESDY=
=Vg+P
-----END PGP SIGNATURE-----




From wk@gnupg.org  Sun Mar  3 13:54:01 2002
From: wk@gnupg.org (Werner Koch)
Date: Sun Mar  3 13:54:01 2002
Subject: Bug of sorts in documentation GPG 1.0.6
In-Reply-To: <3C8138B1.13699.782FC1@localhost> ("Dick Gevers"'s message of
 "Sat, 2 Mar 2002 20:40:17 -0000")
References: <3C8138B1.13699.782FC1@localhost>
Message-ID: <87n0xpu86t.fsf@alberti.gnupg.de>

On Sat, 2 Mar 2002 20:40:17 -0000, Dick Gevers said:

> with a string value called "HomeDir" containing as data the path to 
> the GPG.exe directory. 

This has been fixed in the README.

> Moreover the mention that forward slashes must be used is 
> unnecessary and un-windows like: backward slashes work fine. 

When I write forward slash, I mean forward slash.  Backslashes may
work, though.

  Werner

-- 
Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus



From jkane89@softhome.net  Sun Mar  3 17:50:01 2002
From: jkane89@softhome.net (John Kane)
Date: Sun Mar  3 17:50:01 2002
Subject: subkeys hate me
Message-ID: <3C819101.5660267@softhome.net>

To the best of my knowledge, on your original system you'd do:
   gpg  --armor -o mysecret.asc --export-secret-keys  myemail@myemail.net
   gpg  --armor -o mypubkey.asc --export  myemail@myemail.net

and on the second system (if you have gpg) do:
   gpg  --allow-secret-key-import  --import  mysecret.asc
   gpg  --import  mypubkey.asc

Note that the 'mysecret.asc' text file contains only the secret part
of your key, and you need to transfer both the public and private
parts to make the key behave properly on the new system.





From mutz@kde.org  Sun Mar  3 21:08:01 2002
From: mutz@kde.org (Marc Mutz)
Date: Sun Mar  3 21:08:01 2002
Subject: Creating a Key problem
In-Reply-To: <Pine.LNX.4.44.0203030405330.7621-100000@moonfrog.org>
References: <Pine.LNX.4.44.0203030405330.7621-100000@moonfrog.org>
Message-ID: <200203032104.39730@sendmail.mutz.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sunday 03 March 2002 10:09, Harold Rodriguez wrote:
> + When I create a key? By gpg --gen-key.
> + But I don't know where the key is being creating. Do I need to set
> up a + .gnupg file or something?
>
> I assume you're using a *nix type system. If so, the first time you
> type gpg --gen-key a ~/.gnupg directory will be created (if it does
> not already exist). All your keys will be stored in there.

But the very first time (when gnupg creates the .gnupg directory), it=20
will simply exit afterwards. Just enter the same command again ;-)

Marc

- --=20
Marc Mutz <mutz@kde.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8goHW3oWD+L2/6DgRAr7dAJ4j0kKlL7e/URn3X/y/coDtElg9UgCfWo4Y
VWXKzcglmRyX4KVB8QntFqs=3D
=3D4b/i
-----END PGP SIGNATURE-----



From jharris@widomaker.com  Sun Mar  3 22:22:01 2002
From: jharris@widomaker.com (Jason Harris)
Date: Sun Mar  3 22:22:01 2002
Subject: duplicate keyid survey results
Message-ID: <20020303212007.GA1170@p5.widomaker.com>

--+QahgC5+KEYLbs62
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable


A current list of duplicate PGP keyids can be found on my website:

http://jharris.cjb.net/  (which _usually_ redirects to:)
http://galileo.spaceports.com/~jharris/

--=20
Jason Harris
jharris@widomaker.com

--+QahgC5+KEYLbs62
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8gpOGSypIl9OdoOMRAqfdAJwKzfOoFuZ5fm6i5v3//PEqEDEnRQCgr+dy
Ez6c3NTf8EXwFjPo2JV6Lj4=
=rtyb
-----END PGP SIGNATURE-----

--+QahgC5+KEYLbs62--


From promos@uniwebs.com  Mon Mar  4 02:13:02 2002
From: promos@uniwebs.com (Promotions at Uniwebs)
Date: Mon Mar  4 02:13:02 2002
Subject: A status report  http://www.marylandyachtclub.com
 http://hallmans.org/bodkin.htm
Message-ID: <NDBBKHIPOLOKNPENCCDAAEIKDAAA.promos@uniwebs.com>

A status report  http://www.marylandyachtclub.com
http://hallmans.org/bodkin.htm

I am trying this new mail list and want to report a status...

A status report  http://www.marylandyachtclub.com
http://hallmans.org/bodkin.htm



From hironobu@h2np.net  Mon Mar  4 03:04:01 2002
From: hironobu@h2np.net (Hironobu SUZUKI)
Date: Mon Mar  4 03:04:01 2002
Subject: duplicate keyid survey results
In-Reply-To: Your message of "Sun, 03 Mar 2002 16:20:08 EST."
 <20020303212007.GA1170@p5.widomaker.com>
Message-ID: <200203040201.LAA16029@blue.h2np.net>

Good job!!

> A current list of duplicate PGP keyids can be found on my website:

I found same problem when I did some test of "search" function of my
key server, (See http://openpksd.org).  My program never return
duplicate keyid because I'm afraid of the fraud key. I know that this
specificity has a potential of Denial of Service attack.

Please give me some idea what keyserver should behave about it.

-- 
Hironobu SUZUKI        Independent Software Consultant
E-Mail: hironobu@h2np.net
URL: http://h2np.net




From rabbi@quickie.net  Mon Mar  4 03:12:01 2002
From: rabbi@quickie.net (Len Sassaman)
Date: Mon Mar  4 03:12:01 2002
Subject: duplicate keyid survey results
In-Reply-To: <200203040201.LAA16029@blue.h2np.net>
Message-ID: <Pine.LNX.4.30.QNWS.0203031805370.27801-100000@thetis.deor.org>

The thing that comes to mind immediately for me is that you should allow
for a 64-bit key-ID search.

When 32-bit key ID collisions occur, you may want your key server to
display a warning in the user-interface.

Remember that 32-bit collisions could be accidental, so not reporting them
would prevent the distribution of legitimate keys. (And you mention the
possibility of an intential DOS.)

I personally think that public key servers should do little more than
accept, store, and report data that it contains. Preventing the display of
keys with duplicate IDs steps over that line a bit too much for me.

--Len.

On Mon, 4 Mar 2002, Hironobu SUZUKI wrote:

>
> Good job!!
>
> > A current list of duplicate PGP keyids can be found on my website:
>
> I found same problem when I did some test of "search" function of my
> key server, (See http://openpksd.org).  My program never return
> duplicate keyid because I'm afraid of the fraud key. I know that this
> specificity has a potential of Denial of Service attack.
>
> Please give me some idea what keyserver should behave about it.
>
> --
> Hironobu SUZUKI        Independent Software Consultant
> E-Mail: hironobu@h2np.net
> URL: http://h2np.net
>
>

--Len.











From miket@bluemug.com  Mon Mar  4 03:33:02 2002
From: miket@bluemug.com (Mike Touloumtzis)
Date: Mon Mar  4 03:33:02 2002
Subject: duplicate keyid survey results
In-Reply-To: <Pine.LNX.4.30.QNWS.0203031805370.27801-100000@thetis.deor.org>
References: <200203040201.LAA16029@blue.h2np.net> <Pine.LNX.4.30.QNWS.0203031805370.27801-100000@thetis.deor.org>
Message-ID: <20020304023047.GA9936@bluemug.com>

On Sun, Mar 03, 2002 at 06:09:40PM -0800, Len Sassaman wrote:
>
> The thing that comes to mind immediately for me is that you should allow
> for a 64-bit key-ID search.

Jason's list includes 5 duplicate 64-bit Key IDs too :-).

miket


From dshaw@jabberwocky.com  Mon Mar  4 05:12:01 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Mon Mar  4 05:12:01 2002
Subject: duplicate keyid survey results
In-Reply-To: <Pine.LNX.4.30.QNWS.0203031805370.27801-100000@thetis.deor.org>
References: <200203040201.LAA16029@blue.h2np.net> <Pine.LNX.4.30.QNWS.0203031805370.27801-100000@thetis.deor.org>
Message-ID: <20020304040801.GB681@akamai.com>

On Sun, Mar 03, 2002 at 06:09:40PM -0800, Len Sassaman wrote:
> The thing that comes to mind immediately for me is that you should allow
> for a 64-bit key-ID search.
> 
> When 32-bit key ID collisions occur, you may want your key server to
> display a warning in the user-interface.
> 
> Remember that 32-bit collisions could be accidental, so not reporting them
> would prevent the distribution of legitimate keys. (And you mention the
> possibility of an intential DOS.)
> 
> I personally think that public key servers should do little more than
> accept, store, and report data that it contains. Preventing the display of
> keys with duplicate IDs steps over that line a bit too much for me.

I strongly agree with Len on this.  Since the user's program must
validate the keys via signatures anyway, a keyserver does not need to,
and should not try to work out valid or invalid keys.

A quick look at the list of duplicate key ids seems to show that they
are all old-style v3 RSA keys which are known to have a problem with
having easy to create arbitrary 32 *or* 64-bit key ids.  Did I miss
any v4 keys on the list?

Creating a matching key id with the newer v4 key format requires
either brute force creating keys until the key id matches, or breaking
SHA-1, a problem that may not be impossible someday, but is difficult
to the point of effectively impossible today.

All that said, the 64-bit OpenPGP keyid space is very large but not
infinite.  There are going to be naturally occuring collisions
eventually (plus, one can certainly generate a v3 RSA key with the
same key id (but not fingerprint) as a v4 key).  This should be
harmless since the keys are validated based on the signatures and not
on anything the keyserver does or does not do.

If a duplicated keyid is requested from the current HKP and NAI LDAP
keyservers, *all* matching keys are returned.  This is the correct
behavior, as it lets the receiving program and the user decide which
(if any) of the returned keys is the right one.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From u_p@lycos.de  Mon Mar  4 08:03:02 2002
From: u_p@lycos.de (uwe puchta)
Date: Mon Mar  4 08:03:02 2002
Subject: binary of 1.0.6 for IRIX?
Message-ID: <1015225266021487@lycos.de>

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

--=_NextPart_Caramail_0214871015225266_ID
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I'm in search of a compiled Version of gnupg 1.0.6 for SGI 
IRIX 6.5 (MIPS3).

My rented Webspace is only on a shared Host and there is no 
compiler available for me. - So maybe someone could help me 
out and make a compiled version of gpg 1.0.6. available for 
me.

... and yes, I know:
* there is a precompiled 1.0.2 version available at 
http://gnupg.unixsecurity.com.br - but it has a insecure 
random key generator .. and I'm looking for 1.0.6.
* it's not such a good idea to have an encryption software 
compiled and provided by someone I don't know personally - 
but it's for my own personal privacy and not for comerical use

best wishes
 Uwe

______________________________________________________
Beginnen Sie das neue Jahr gut informiert: Zeitschriften-Abos zum Sparpreis!
http://www.lycos.de/webguides/entertainment/weihnachten/abo.html
250 Farb-Visitenkarten GRATIS*.  In einem Wert von EUR 99,00!
http://www.vistaprint.de/vp/splash/lycosde.asp
Jetzt eigene Domains f=FCr 1,23 Euro/Monat
http://lycos.de.domainnames.com/default.asp?caller=3Dlycos_d_footer



--=_NextPart_Caramail_0214871015225266_ID--



From disastry@saiknes.lv.NO.SPaM.NET  Mon Mar  4 09:13:02 2002
From: disastry@saiknes.lv.NO.SPaM.NET (disastry@saiknes.lv.NO.SPaM.NET)
Date: Mon Mar  4 09:13:02 2002
Subject: duplicate keyid survey results
Message-ID: <3C832AD9.A67BC9D7@saiknes.lv.NO.SPaM.NET>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Len Sassaman rabbi@quickie.net wrote:
> The thing that comes to mind immediately for me is that you should allow
> for a 64-bit key-ID search.

I think all (most?) keyservers allows this.
some even allows search by fingerprint.

> When 32-bit key ID collisions occur, you may want your key server to
> display a warning in the user-interface.
> 
> Remember that 32-bit collisions could be accidental,

exactly. there are about 1600000 keys on server ( http://www.dtype.org/keyanalyze/ )
it's more than enough for birthday paradox.
81 keys with duplicate keyid are normal, some of them are DEADBEAFed of course.

> so not reporting them
> would prevent the distribution of legitimate keys. (And you mention the
> possibility of an intential DOS.)
> 
> I personally think that public key servers should do little more than
> accept, store, and report data that it contains.

IMO, keyserver SHOULD NOT accept keys/userid that are not selfsigned.

> Preventing the display of
> keys with duplicate IDs steps over that line a bit too much for me.
> --Len.
> 
> On Mon, 4 Mar 2002, Hironobu SUZUKI wrote:
> > > A current list of duplicate PGP keyids can be found on my website:

__
Disastry  http://disastry.dhs.org/
http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon
 ^----PGP 2.6.3ia-multi05 (supports IDEA, CAST5, BLOWFISH, TWOFISH,
      AES, 3DES ciphers and MD5, SHA1, RIPEMD160, SHA2 hashes)
-----BEGIN PGP SIGNATURE-----
Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1

iQA/AwUBPIMOtDBaTVEuJQxkEQNylgCg5AKPRlZf34gtxo+qlMHBWC5XjrEAoMhB
G53a/SmRE102mnuqgAE5OrKr
=baXx
-----END PGP SIGNATURE-----


From douglist@anize.org  Mon Mar  4 10:07:01 2002
From: douglist@anize.org (Douglas F. Calvert)
Date: Mon Mar  4 10:07:01 2002
Subject: binary of 1.0.6 for IRIX?
In-Reply-To: <1015225266021487@lycos.de>
References: <1015225266021487@lycos.de>
Message-ID: <1015233166.19161.950.camel@allevil>

--=-D/ZVi5JzcrhBRdM/W4io
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Mon, 2002-03-04 at 02:08, uwe puchta wrote:
> ... and yes, I know:
> * there is a precompiled 1.0.2 version available at=20
> http://gnupg.unixsecurity.com.br - but it has a insecure=20
> random key generator .. and I'm looking for 1.0.6.
> * it's not such a good idea to have an encryption software=20
> compiled and provided by someone I don't know personally -=20
> but it's for my own personal privacy and not for comerical use
--=20
+-----------------+---------------------------------------------------+
| Douglas Calvert |         <dfc@anize.org>  http://anize.org         |
+-----------------+---------------------------------------------------+
| Encrypted email | They that can give up liberty to obtain a little  |
|  is encouraged  |temporary safety deserve neither liberty nor safety|
+-----------------+---------------------------------------------------+
|                    http://anize.org/dfc-keys.asc                    |
+--------| 0817 30D4 82B6 BB8D 5E66 06F6 B796 073D C954 1FB2 |--------+

--=-D/ZVi5JzcrhBRdM/W4io
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQA8gzqNt5YHPclUH7IRAgs7AKCTL6dAZKWanFM4kfA2LuYdqCJfhgCggKr/
CCdiTBqffEioQreuWXGSQso=
=gNz8
-----END PGP SIGNATURE-----

--=-D/ZVi5JzcrhBRdM/W4io--


From disastry@saiknes.lv  Mon Mar  4 10:54:02 2002
From: disastry@saiknes.lv (disastry@saiknes.lv)
Date: Mon Mar  4 10:54:02 2002
Subject: advantages/disadvantages of DSA/RSA keys (was: Re: implications of
 subkeys?)
Message-ID: <3C8343BA.9F876885@saiknes.lv>

seems I sent to wrong list...
now to correct one :)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Ingo Klcker ingo.kloecker@epost.de wrote:
> On Saturday 02 March 2002 15:21, David Shaw wrote:
> > On Sat, Mar 02, 2002 at 01:51:01PM +0100, Ingo Klcker wrote:
> > > On Friday 01 March 2002 20:39, David Shaw wrote:
> > > > Yes.  The algorithm is up to you and what you trust more.  GnuPG
> > > > 1.0.7 gives you the choice between DSA and RSA.  They each have
> > > > advantages and disadvantages.
> > >
> > > Is there somewhere a short but complete list of the advantages and
> > > disadvantages?
> >
> > This is pretty good:
> >      http://www.samsimpson.com/pgpfaq.html
> 
> Thanks. At least from section 8.1 it doesn't seem that RSA keys have any 
> advantages (except the backwards compatibility with plain PGP 2.x).
> Ingo

note that this FAQ was written when there was only v3 RSA keys.

RSA keys have some advantages, at least two:
 they are not limited to 1024 bits like DSA
 they can use hash longer than 160 bits.

__
Disastry  http://disastry.dhs.org/
http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon
 ^----PGP 2.6.3ia-multi05 (supports IDEA, CAST5, BLOWFISH, TWOFISH,
      AES, 3DES ciphers and MD5, SHA1, RIPEMD160, SHA2 hashes)
-----BEGIN PGP SIGNATURE-----
Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1

iQA/AwUBPIMQvDBaTVEuJQxkEQOrpwCgs0UDyUhjSsVolXG3YI63SfB3h/YAnj3J
S33waNVWzt90tC/JZsrXIfVf
=6dWO
-----END PGP SIGNATURE-----


From NoFwd@cmsmail06.cms.usa.net  Mon Mar  4 12:16:02 2002
From: NoFwd@cmsmail06.cms.usa.net (NoFwd@cmsmail06.cms.usa.net)
Date: Mon Mar  4 12:16:02 2002
Subject: Gnupg-users digest, Vol 1 #538 - 15 msgs
Message-ID: <20020304111413.13395.qmail@cmsmail06.cms.usa.net>

Hej - Hi, english version below

Tack f=F6r ditt mail, jag har tyv=E4rr ingen mail m=F6jlighet under
perioden 020303 - 020308 men jag kommer att l=E4sa ditt mail s=E5
fort som m=F6jligt n=E4r jag =E4r tillbaka!

Mvh /Stefan



Tanks for your mail, I'm out of email access from march 3 until
march 8 but I'll read your mail ASAP when I'm back!

Regards /Stefan




From case@impressive.de  Mon Mar  4 14:19:01 2002
From: case@impressive.de (nobody)
Date: Mon Mar  4 14:19:01 2002
Subject: short question
Message-ID: <20020304141620.5FAF.CASE@impressive.de>

hi all,

how can i export both key's (sec/pub)? the intention is to provide one key pair for some people to crypt files for that workgroup.

tnx,
// case

-- 
<case@impressive.de>




From case@impressive.de  Mon Mar  4 14:35:01 2002
From: case@impressive.de (nobody)
Date: Mon Mar  4 14:35:01 2002
Subject: ...
Message-ID: <20020304143502.5FB3.CASE@impressive.de>

hi,

you can delete my question. i have found the answer.

// case

-- 
<case@impressive.de>




From schoech@iap-kborn.de  Mon Mar  4 14:41:02 2002
From: schoech@iap-kborn.de (=?iso-8859-1?Q?Armin_Sch=F6ch?=)
Date: Mon Mar  4 14:41:02 2002
Subject: short question
In-Reply-To: <20020304141620.5FAF.CASE@impressive.de>
Message-ID: <Pine.LNX.4.33.0203041336390.25666-100000@pcramnan.iap-kborn.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi !

> how can i export both key's (sec/pub)? the intention is to provide
> one key pair for some people to crypt files for that workgroup.

Please read the man page before posting questions:

To export public keys:
gpg -a -o pubkey.asc --export <KEYID>

To export secret keys:
gpg -a -o seckey.asc --export-secret-keys <KEYID>


HTH,
Armin

- --=20
Am Hasenberg 26         office: Institut f=FCr Atmosph=E4renphysik
D-18209 Bad Doberan             Schloss-Stra=DFe 6
Tel. 0160/4046859 (mobil)       D-18225 K=FChlungsborn / GERMANY
Email: schoech@iap-kborn.de     Tel. +49-(0)38293-68-102
WWW: http://armins.cjb.net/     Fax. +49-(0)38293-68-50
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: Weitere Infos: siehe http://www.gnupg.org

iD8DBQE8g3i9G8Xv4GxznLoRAkJzAJ4th4DCsoQg63EDjsXIVylPhNegXQCeIWnZ
j4BPPVcVs5HGIElXA6KCehY=3D
=3Dypta
-----END PGP SIGNATURE-----




From dshaw@jabberwocky.com  Mon Mar  4 14:43:01 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Mon Mar  4 14:43:01 2002
Subject: advantages/disadvantages of DSA/RSA keys (was: Re: implications of subkeys?)
In-Reply-To: <3C8343BA.9F876885@saiknes.lv>
References: <3C8343BA.9F876885@saiknes.lv>
Message-ID: <20020304134033.GC681@akamai.com>

On Mon, Mar 04, 2002 at 11:51:54AM +0200, disastry@saiknes.lv wrote:
> seems I sent to wrong list...
> now to correct one :)
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
>=20
> Ingo Kl=F6cker ingo.kloecker@epost.de wrote:
> > On Saturday 02 March 2002 15:21, David Shaw wrote:
> > > On Sat, Mar 02, 2002 at 01:51:01PM +0100, Ingo Kl=F6cker wrote:
> > > > On Friday 01 March 2002 20:39, David Shaw wrote:
> > > > > Yes.  The algorithm is up to you and what you trust more.  GnuP=
G
> > > > > 1.0.7 gives you the choice between DSA and RSA.  They each have
> > > > > advantages and disadvantages.
> > > >
> > > > Is there somewhere a short but complete list of the advantages an=
d
> > > > disadvantages?
> > >
> > > This is pretty good:
> > >      http://www.samsimpson.com/pgpfaq.html
> >=20
> > Thanks. At least from section 8.1 it doesn't seem that RSA keys have =
any=20
> > advantages (except the backwards compatibility with plain PGP 2.x).
> > Ingo
>=20
> note that this FAQ was written when there was only v3 RSA keys.

This is true, and important - v4 RSA keys do not have most of the
disadvantages of v3 RSA keys.  Specifically in section 8.1, statements
#2, #3, #4, #5 (mostly), and #6 do not apply to v4 RSA keys.

Also, v4 RSA is not directly backwards compatible with v3 RSA without
doing significant packet munging magic.

> RSA keys have some advantages, at least two:
>  they are not limited to 1024 bits like DSA
>  they can use hash longer than 160 bits.

RSA signing keys, that is.

For me, the worst thing about RSA signing keys is that they make much
larger signatures than a DSA key.  All in all, that's not such a big
problem these days. :)

David

--=20
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.co=
m/
+------------------------------------------------------------------------=
---+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From andriash@telus.net  Mon Mar  4 18:43:01 2002
From: andriash@telus.net (Nick Andriash)
Date: Mon Mar  4 18:43:01 2002
Subject: short question
In-Reply-To: <Pine.LNX.4.33.0203041336390.25666-100000@pcramnan.iap-kborn.de>
References: <20020304141620.5FAF.CASE@impressive.de> <Pine.LNX.4.33.0203041336390.25666-100000@pcramnan.iap-kborn.de>
Message-ID: <20020304093643.B209.ANDRIASH@telus.net>

Hello Armin Sch=F6ch,

On Monday, March 04 2002 at 05:38 AM PDT, you wrote:

> Please read the man page before posting questions:
>=20
> To export public keys:
> gpg -a -o pubkey.asc --export <KEYID>
>=20
> To export secret keys:
> gpg -a -o seckey.asc --export-secret-keys <KEYID>

With all due respect Armin, the instructions exactly as you have listed
do not exist in the "man page". What you have typed is a reflection of
your expertise in using GPG... not something you get by reading the
Manual once. ;o)

BTW, why does GnuPG use terms like "foo" and "man page"? The terms are
non-sensical... I've never even heard the term man page before... and
"foo" doesn't even exist?=20


--=20
Nick Andriash
Courtenay, B.C.  Canada



From disastry@saiknes.lv  Mon Mar  4 19:01:01 2002
From: disastry@saiknes.lv (disastry@saiknes.lv)
Date: Mon Mar  4 19:01:01 2002
Subject: 106d (was: Re: timestamp (0x40) signatures?)
Message-ID: <3C83B59F.314B537E@saiknes.lv>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Werner Koch wk@gnupg.org wrote:
> BTW, I have released 1.0.6d but not written an announcement yet.
>   Werner

doc/gpg.info (and other doc/* files)

- --pgp2
[...]
     This option implies `--rfc1991 -no-openpgp -no-force-v4-certs
     --no-comment -escape-from -no-force-v3-sigs -cipher-algo IDEA
     --digest-algo MD5 -compress-algo 1'

shuld be double dashes here

__
Disastry  http://disastry.dhs.org/
http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon
 ^----PGP 2.6.3ia-multi05 (supports IDEA, CAST5, BLOWFISH, TWOFISH,
      AES, 3DES ciphers and MD5, SHA1, RIPEMD160, SHA2 hashes)
-----BEGIN PGP SIGNATURE-----
Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1

iQA/AwUBPIOZdTBaTVEuJQxkEQOCHQCg6eIrRi23bB3VkEXlH3JIeR2s6F8AoIQJ
g1xb+w8oRZ6CBy4rlpS2g4R2
=Dc/4
-----END PGP SIGNATURE-----


From dshaw@jabberwocky.com  Mon Mar  4 19:12:02 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Mon Mar  4 19:12:02 2002
Subject: 106d (was: Re: timestamp (0x40) signatures?)
In-Reply-To: <3C83B59F.314B537E@saiknes.lv>
References: <3C83B59F.314B537E@saiknes.lv>
Message-ID: <20020304181006.GB1082@akamai.com>

On Mon, Mar 04, 2002 at 07:57:51PM +0200, disastry@saiknes.lv wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
> 
> Werner Koch wk@gnupg.org wrote:
> > BTW, I have released 1.0.6d but not written an announcement yet.
> >   Werner
> 
> doc/gpg.info (and other doc/* files)
> 
> - --pgp2
> [...]
>      This option implies `--rfc1991 -no-openpgp -no-force-v4-certs
>      --no-comment -escape-from -no-force-v3-sigs -cipher-algo IDEA
>      --digest-algo MD5 -compress-algo 1'
> 
> shuld be double dashes here

That's interesting.  The gpg.info file is actually missing
double-dashes in quite a few places.

The master gpg.sgml has it right, and the gpg.1 man page file
(generated from gpg.sgml) also has it right.  The gpg.info file is
generated from gpg.texi which is generated from gpg.sgml, but it has
it wrong.  Maybe something in the docbook-to-texinfo stuff?

David
-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From sbutler@fchn.com  Mon Mar  4 19:14:01 2002
From: sbutler@fchn.com (Steve Butler)
Date: Mon Mar  4 19:14:01 2002
Subject: short question
Message-ID: <8c810c44e26849e202e35708dddb799b3c83b8ea@fchn.com>

Even then I think he wanted it all in a single file.

As for 'foo' and 'fubar', etc.  It's all based on well mis-understood
mathematical functions.  It's like f(x) or f'(x) or f"(x).  Or, just th=
ink
to yourself "It's a math thing".

And man page is a Unix thing.  Very, very technical.  Even I haven't ma=
naged
the art of writing one of those yet <<grin>>.

I guess you could say that the authors of the gpg web page were
unconsciously (I hope it was that anyway) showing their background.  Ju=
st as
I suspect your background is based in Microsoft products.  Not that one=
 is
better than the other (you would have to ask "At what?" before venturin=
g an
answer).

I think the equivalent in the M/S word is Help File.

Anyway, I still think Unix shows its gender bias since they were not na=
me
woman pages.  <<ducking and running for the side curtains>>

--Steve




-----Original Message-----
From: Nick Andriash [mailto:andriash@telus.net]
Sent: Monday, March 04, 2002 9:41 AM
To: gnupg-users@gnupg.org
Subject: Re: short question


Hello Armin Sch=F6ch,

On Monday, March 04 2002 at 05:38 AM PDT, you wrote:

> Please read the man page before posting questions:
> 
> To export public keys:
> gpg -a -o pubkey.asc --export <KEYID>
> 
> To export secret keys:
> gpg -a -o seckey.asc --export-secret-keys <KEYID>

With all due respect Armin, the instructions exactly as you have listed=

do not exist in the "man page". What you have typed is a reflection of
your expertise in using GPG... not something you get by reading the
Manual once. ;o)

BTW, why does GnuPG use terms like "foo" and "man page"? The terms are
non-sensical... I've never even heard the term man page before... and
"foo" doesn't even exist? 


-- 
Nick Andriash
Courtenay, B.C.  Canada


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments=
, is for the sole use of the intended recipient(s) and may contain conf=
idential and privileged information.  Any unauthorized review, use, dis=
closure or distribution is prohibited.  If you are not the intended rec=
ipient, please contact the sender by reply e-mail and destroy all copie=
s of the original message.



From dshaw@jabberwocky.com  Mon Mar  4 19:24:01 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Mon Mar  4 19:24:01 2002
Subject: short question
In-Reply-To: <20020304093643.B209.ANDRIASH@telus.net>
References: <20020304141620.5FAF.CASE@impressive.de> <Pine.LNX.4.33.0203041336390.25666-100000@pcramnan.iap-kborn.de> <20020304093643.B209.ANDRIASH@telus.net>
Message-ID: <20020304182137.GC1082@akamai.com>

On Mon, Mar 04, 2002 at 09:40:47AM -0800, Nick Andriash wrote:
> Hello Armin Sch=F6ch,
>=20
> On Monday, March 04 2002 at 05:38 AM PDT, you wrote:
>=20
> > Please read the man page before posting questions:
> >=20
> > To export public keys:
> > gpg -a -o pubkey.asc --export <KEYID>
> >=20
> > To export secret keys:
> > gpg -a -o seckey.asc --export-secret-keys <KEYID>
>=20
> With all due respect Armin, the instructions exactly as you have listed
> do not exist in the "man page". What you have typed is a reflection of
> your expertise in using GPG... not something you get by reading the
> Manual once. ;o)
>=20
> BTW, why does GnuPG use terms like "foo" and "man page"? The terms are
> non-sensical... I've never even heard the term man page before... and
> "foo" doesn't even exist?=20

"man page" refers to a page in the online Unix manual.  For example,
"man gpg" gives you the manual for gpg.

As for 'foo':  http://www.tf.hut.fi/cgi-bin/jargon?search=3Dfoo

David

--=20
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.co=
m/
+------------------------------------------------------------------------=
---+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From wk@gnupg.org  Mon Mar  4 19:32:03 2002
From: wk@gnupg.org (Werner Koch)
Date: Mon Mar  4 19:32:03 2002
Subject: 106d
In-Reply-To: <20020304181006.GB1082@akamai.com> (David Shaw's message of
 "Mon, 4 Mar 2002 13:10:06 -0500")
References: <3C83B59F.314B537E@saiknes.lv> <20020304181006.GB1082@akamai.com>
Message-ID: <877kosp4qb.fsf_-_@alberti.gnupg.de>

On Mon, 4 Mar 2002 13:10:06 -0500, David Shaw said:

> That's interesting.  The gpg.info file is actually missing
> double-dashes in quite a few places.

There is a bug in docbook2texi which I fixed using sed, seems that a
g is missing at the end of the repalcement pattern.  The proper way
would be to fix this in docbook2texi, though.

%.texi : %.xml
if HAVE_DOCBOOK_TO_TEXI
	docbook2texi $< | sed 's,--,---,' >$@
else
	: Warning: missing docbook to texinfo tools, cannot make $@
	touch $@
endif

-- 
Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus



From lionel@mamane.lu  Mon Mar  4 20:15:01 2002
From: lionel@mamane.lu (Lionel Elie Mamane)
Date: Mon Mar  4 20:15:01 2002
Subject: short question
In-Reply-To: <20020304093643.B209.ANDRIASH@telus.net>
References: <20020304141620.5FAF.CASE@impressive.de> <Pine.LNX.4.33.0203041336390.25666-100000@pcramnan.iap-kborn.de> <20020304093643.B209.ANDRIASH@telus.net>
Message-ID: <20020304191632.GA4946@home.mamane.lu>

--nFreZHaLTZJo0R7j
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Mar 04, 2002 at 09:40:47AM -0800, Nick Andriash wrote:

> BTW, why does GnuPG use terms like "foo" and "man page"?

> The terms are non-sensical...

Not that much, at least for man page.

> I've never even heard the term man page before...

You have never used an Unix-like system, that's why. Man pages are the
main source of documentation on an Unix-like system. They are then
accessed with "man name_of_command". For example, the man page of gpg
is summoned up with the command "man gpg". There are graphical
interfaces for man pages, too, but I never used one.

> "foo" doesn't even exist?=20

foo, bar, fubar, baz are usual terms in the hacker community for
metavariable. When you need some name for the sake of the example, you
take foo. If you need two names, you take foo and bar. Three, foo, bar
and baz.

Look at the jargon file =F7)
http://www.tuxedo.org/~esr/jargon/html/entry/foo.html

--=20
Lionel
--nFreZHaLTZJo0R7j
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjyDyBAACgkQscRzFz57S3NOrACg9S4bSGrmVosx+E4AVwNNbqGc
WaYAn3RpTTdqY4r6gTp7HsnjslYoUUPq
=30tf
-----END PGP SIGNATURE-----

--nFreZHaLTZJo0R7j--


From huber@alum.wpi.edu  Mon Mar  4 22:55:01 2002
From: huber@alum.wpi.edu (Josh Huber)
Date: Mon Mar  4 22:55:01 2002
Subject: short question
In-Reply-To: <8c810c44e26849e202e35708dddb799b3c83b8ea@fchn.com> (Steve
 Butler's message of "Mon, 4 Mar 2002 10:10:46 -0800")
References: <8c810c44e26849e202e35708dddb799b3c83b8ea@fchn.com>
Message-ID: <87ofi480fi.fsf@paradoxical.net>

Steve Butler <sbutler@fchn.com> writes:

> As for 'foo' and 'fubar', etc.  It's all based on well
> mis-understood mathematical functions.  It's like f(x) or f'(x) or
> f"(x).  Or, just think to yourself "It's a math thing".

Huh?

  foo
  
     <jargon> /foo/ A sample name for absolutely anything,
     especially programs and files (especially {scratch files}).
     First on the standard list of {metasyntactic variables} used
     in {syntax} examples.  See also {bar}, {baz}, {qux}, {quux},
     {corge}, {grault}, {garply}, {waldo}, {fred}, {plugh},
     {xyzzy}, {thud}.
  
     The etymology of "foo" is obscure.  When used in connection
     with "bar" it is generally traced to the WWII-era Army slang
     acronym {FUBAR}, later bowdlerised to {foobar}.


  FUBAR
          Fouled / Fucked Up Beyond All Recognition / Repair (slang, Usenet, IRC)

  FUBAR
  
     1. (WWII military slang) Fucked up beyond all
     recognition (or repair).


I'm not sure how you came up with mathematical functions out of
that... :)

ttyl,

-- 
Josh Huber


From zadnik@atlas.cz  Tue Mar  5 02:51:01 2002
From: zadnik@atlas.cz (M. =?ISO-8859-2?B?ruFkbu1r?=)
Date: Tue Mar  5 02:51:01 2002
Subject: changing order of uids
Message-ID: <20020305024735.59d8242d.zadnik@atlas.cz>

Hi,
please, how to change order of uids
(Please CC me, I'm not on the list. Thanks)

I mean I have a key eg.:
(1) test-01 test-01@foo.com
(2) test-02 test-02@foo.com
(3) test-03 test-03@bar.com

ut I need this order:
(1) test-03 test-03@bar.com
(2) test-01 test-01@foo.com
(3) test-02 test-02@foo.com

I know that it is possible with some hack
(and is planned for next release of gpg as regular option)
(I even did it in past),
but I fool lost the page describing it :-(
Just an URL describing it will be fine.

Thanks for help 
M. Zadnik

-- 
Please CC me, I'm not on the list. Thanks


From schoech@iap-kborn.de  Tue Mar  5 08:49:01 2002
From: schoech@iap-kborn.de (=?iso-8859-1?Q?Armin_Sch=F6ch?=)
Date: Tue Mar  5 08:49:01 2002
Subject: short question
In-Reply-To: <20020304093643.B209.ANDRIASH@telus.net>
Message-ID: <Pine.LNX.4.33.0203050739240.5013-100000@pcramnan.iap-kborn.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Nick !

> With all due respect Armin, the instructions exactly as you have listed
> do not exist in the "man page". What you have typed is a reflection of
> your expertise in using GPG... not something you get by reading the
> Manual once. ;o)

They do :-) But you are right that there is nothing like a man page on
a windows system. You can find an online version of the GPG man(ual)
page at: http://www.gnupg.org/gpgman.html
Somewhere down the list of options you find "--export-secret-keys"
Others have already pointed out that it is enough to type "man gpg" on
a *nix box to get this information.

I didn't mean to offend, just to point him to where he can find
further information about all command-line options of gpg. That's why
I gave him the answer in addition to the hint to have a look at the
gpg docs.

Hope we can end this thread and have all learned something :-)
Armin

 --
Am Hasenberg 26         office: Institut f=FCr Atmosph=E4renphysik
D-18209 Bad Doberan             Schloss-Stra=DFe 6
Tel. 0160/4046859 (mobil)       D-18225 K=FChlungsborn / GERMANY
Email: schoech@iap-kborn.de     Tel. +49-(0)38293-68-102
WWW: http://armins.cjb.net/     Fax. +49-(0)38293-68-50
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: Weitere Infos: siehe http://www.gnupg.org

iD8DBQE8hHfZG8Xv4GxznLoRAmPEAKDN3O2gz/IRiqr+dZMbpf0xshv26wCgxRpX
FHBQ7IpPb3CK3LYPyikUlBs=3D
=3DNGzm
-----END PGP SIGNATURE-----




From NoFwd@cpdvg012.netaddress.usa.net  Tue Mar  5 09:07:02 2002
From: NoFwd@cpdvg012.netaddress.usa.net (NoFwd@cpdvg012.netaddress.usa.net)
Date: Tue Mar  5 09:07:02 2002
Subject: Gnupg-users digest, Vol 1 #539 - 15 msgs
Message-ID: <20020305080516.10357.qmail@cpdvg012.netaddress.usa.net>

Hej - Hi, english version below

Tack f=F6r ditt mail, jag har tyv=E4rr ingen mail m=F6jlighet under
perioden 020303 - 020308 men jag kommer att l=E4sa ditt mail s=E5
fort som m=F6jligt n=E4r jag =E4r tillbaka!

Mvh /Stefan



Tanks for your mail, I'm out of email access from march 3 until
march 8 but I'll read your mail ASAP when I'm back!

Regards /Stefan




From rbeck@tqtx.com  Tue Mar  5 17:38:01 2002
From: rbeck@tqtx.com (Ron Beck)
Date: Tue Mar  5 17:38:01 2002
Subject: short question
References: <8c810c44e26849e202e35708dddb799b3c83b8ea@fchn.com>
Message-ID: <3C84F62B.3C2B4D3E@tqtx.com>

Sorry, but there's no gender bias here.  "man" is simply short for
manual and is in character for all the other short and (seemingly)
meaningless commands within the unix environment.

Of course these days with everything GUI or web based, who needs command
line commands? :-)

Ron


Steve Butler wrote:
> Anyway, I still think Unix shows its gender bias since they were not name
> woman pages.  <<ducking and running for the side curtains>>
> 
> --Steve


From zadnik@atlas.cz  Tue Mar  5 18:13:01 2002
From: zadnik@atlas.cz (M. =?ISO-8859-2?B?ruFkbu1r?=)
Date: Tue Mar  5 18:13:01 2002
Subject: changing order of uids
In-Reply-To: <Pine.LNX.4.44.0203042110220.334-100000@moonfrog.org>
References: <20020305024735.59d8242d.zadnik@atlas.cz>
 <Pine.LNX.4.44.0203042110220.334-100000@moonfrog.org>
Message-ID: <20020305052756.07bab574.zadnik@atlas.cz>

Dne Mon, 4 Mar 2002 21:11:54 -0500 (EST)
Harold Rodriguez <xconsole@it.yorku.ca> napsal/a:

>=20
> Hi,
>=20
> Haven't done that before, but if I remember correctly, gpg automaticall=
y
> puts the newest uid right at the top. So if you want uid #3 to be #1, t=
ry
> deleting #3 and then adding it again, so it should be #1 now.

Thanks,
I've found the URL describing how to do it without deleting the key:

http://lists.gnupg.org/pipermail/gnupg-users/2001-October/010194.html

Regards
M.Zadnik

>=20
> - --=20
> Harold Rodriguez  .:.  X_console
> World Wide Web    .:.  http://it.yorku.ca/moonfrog
> GnuPG Key ID      .:.  0x9ECCF021
>=20
>=20
> On Tue, 5 Mar 2002, M. [ISO-8859-2] =AE=E1dn=EDk wrote:
>=20
> + Hi,
> + please, how to change order of uids
> + (Please CC me, I'm not on the list. Thanks)
> +
> + I mean I have a key eg.:
> + (1) test-01 test-01@foo.com
> + (2) test-02 test-02@foo.com
> + (3) test-03 test-03@bar.com
> +
> + ut I need this order:
> + (1) test-03 test-03@bar.com
> + (2) test-01 test-01@foo.com
> + (3) test-02 test-02@foo.com
> +
> + I know that it is possible with some hack
> + (and is planned for next release of gpg as regular option)
> + (I even did it in past),
> + but I fool lost the page describing it :-(
> + Just an URL describing it will be fine.
> +
> + Thanks for help
> + M. Zadnik
> +
> +


From jimdrubin@yahoo.com  Tue Mar  5 19:41:01 2002
From: jimdrubin@yahoo.com (Jim Rubin)
Date: Tue Mar  5 19:41:01 2002
Subject: installing/configuring GPG on Windows 2000
Message-ID: <20020305183842.23197.qmail@web13503.mail.yahoo.com>

I need to install GPG on a windows 2000 system.  Does
anyone have intructions for the special setup that the
GPG page mentions is needed for windows. 


>Supported Systems
>Windows 95/98/NT/2000/ME with x86 CPU works fine (you
>need a special setup to build it).

 

__________________________________________________
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/


From twoaday@freakmail.de  Tue Mar  5 19:54:01 2002
From: twoaday@freakmail.de (Timo Schulz)
Date: Tue Mar  5 19:54:01 2002
Subject: installing/configuring GPG on Windows 2000
In-Reply-To: <20020305183842.23197.qmail@web13503.mail.yahoo.com>
References: <20020305183842.23197.qmail@web13503.mail.yahoo.com>
Message-ID: <20020305185926.GA2846@daredevil.joesixpack.net>

On Tue Mar 05 2002; 10:38, Jim Rubin wrote:

> I need to install GPG on a windows 2000 system.  Does
> anyone have intructions for the special setup that the
> GPG page mentions is needed for windows. 

If you don't need to build the binary from the source,
this was meant by "special setup", you can install it
without any additional steps.


        Timo



From dvgevers@wxs.nl  Tue Mar  5 20:34:01 2002
From: dvgevers@wxs.nl (Dick Gevers)
Date: Tue Mar  5 20:34:01 2002
Subject: short question
In-Reply-To: <Pine.LNX.4.33.0203050739240.5013-100000@pcramnan.iap-kborn.de>
References: <20020304093643.B209.ANDRIASH@telus.net>
Message-ID: <3C851BEE.14102.473053E@localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On Tuesday, 05 March 2002 at 7=
:46 h, Armin Sch=F6ch wrote about "Re: short question":

>They do :-) But yo=
u are right that there is nothing like a man page
>on a windows system. 

Sor=
ry, I must disagree. The file gpg.man does contain the command
       --exp=
ort-secret-keys [names]

I installed GPG this weekend and if you open gpg.ma=
n with any text 
editor the whole man page is visible.

HTH
=3DDick Gevers=3D

-=
----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (MingW32)
Comment: Encryp=
tion is an envelope: the contents are private

iEUEARECAAYFAjyFG+4ACgkQwC/zk=
+cxEdNuqwCWNFwfyuvrvXetyrCUcOq+WjMq
gwCfdfVXCJB73gjwTOE3SA5HPMA8IqM=3D
=3DpC=
0l
-----END PGP SIGNATURE-----


From xconsole@it.yorku.ca  Tue Mar  5 21:46:01 2002
From: xconsole@it.yorku.ca (Harold Rodriguez)
Date: Tue Mar  5 21:46:01 2002
Subject: short question
In-Reply-To: <3C851BEE.14102.473053E@localhost>
Message-ID: <Pine.LNX.4.44.0203051540040.9035-100000@moonfrog.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Since man is really more of a UNIX thing, perhaps it would be better to
rename gpg.man in Windows to something with a .txt extension. It would
make it obvious to Windows users that this is a readable text file then.

- --=20
Harold Rodriguez  .:.  X_console
World Wide Web    .:.  http://it.yorku.ca/moonfrog
GnuPG Key ID      .:.  0x9ECCF021


On Tue, 5 Mar 2002, Dick Gevers wrote:

+
+
+ On Tuesday, 05 March 2002 at 7:46 h, Armin Sch=F6ch wrote about "Re: shor=
t question":
+
+ >They do :-) But you are right that there is nothing like a man page
+ >on a windows system.
+
+ Sorry, I must disagree. The file gpg.man does contain the command
+        --export-secret-keys [names]
+
+ I installed GPG this weekend and if you open gpg.man with any text
+ editor the whole man page is visible.
+
+ HTH
+ =3DDick Gevers=3D
+
+
+ _______________________________________________
+ Gnupg-users mailing list
+ Gnupg-users@gnupg.org
+ http://lists.gnupg.org/mailman/listinfo/gnupg-users
+ ------------ Output from gpg ------------
+ gpg: Signature made Tue Mar  5 14:26:38 2002 EST using DSA key ID E73111D=
3
+ gpg: Good signature from "Dick Gevers (GPG-DSA & ElG) <dvgevers@wxs.nl>"
+ gpg: WARNING: This key is not certified with a trusted signature!
+ gpg:          There is no indication that the signature belongs to the ow=
ner.
+ gpg: Fingerprint: 3FEF 27E5 39D1 CDC0 132D  904F C02F F393 E731 11D3
+
+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8hS248mTSoJ7M8CERAjgOAJ9pCaK6HPCbFrjH52BzOqLWf1xEPACgmLxe
46+HTM8coU55Q4XLTXapfPY=3D
=3DSVQy
-----END PGP SIGNATURE-----




From rjwills@speakeasy.net  Wed Mar  6 05:18:01 2002
From: rjwills@speakeasy.net (Bob Wills)
Date: Wed Mar  6 05:18:01 2002
Subject: vs. 1.0.6 on AIX
Message-ID: <000801c1c4c6$03f2d860$543de7d8@net.speakeasy.net>

This is a multi-part message in MIME format.

------=_NextPart_000_0005_01C1C493.B8C15880
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

We are in the process of installing the 1.0.6 version of GnuPG on AIX =
vs. 4.3.3 and are finding errors in the source code.  Should we have =
much trouble in the install onto an AIX environment?  Am also confused =
about the compiler we need to use.

------=_NextPart_000_0005_01C1C493.B8C15880
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2713.1100" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><STRONG><EM><FONT face=3DArial color=3D#000080>We are in the =
process of=20
installing the 1.0.6 version of GnuPG on AIX vs. 4.3.3 and are finding =
errors in=20
the source code.&nbsp; Should we have much trouble in the install onto =
an AIX=20
environment?&nbsp; Am also confused about the compiler we need to=20
use.</FONT></EM></STRONG></DIV></BODY></HTML>

------=_NextPart_000_0005_01C1C493.B8C15880--



From Ralf.Huels@schufa.de  Wed Mar  6 08:24:01 2002
From: Ralf.Huels@schufa.de (Huels, Ralf SCORE)
Date: Wed Mar  6 08:24:01 2002
Subject: AW: short question
Message-ID: <51896D38E5E4D111BE560001FA68BA369FB651@SBO1002>

> Sorry, I must disagree. The file gpg.man does contain the command
>        --export-secret-keys [names]
>=20
> I installed GPG this weekend and if you open gpg.man with any text=20
> editor the whole man page is visible.

Also, if you use Cygwin, you can install the man page to be displayed
properly with a "man gpg" command...

Tsch=FC=DF,
Ralf
 


From J.Krom@fz-juelich.de  Wed Mar  6 15:04:01 2002
From: J.Krom@fz-juelich.de (Jon Krom)
Date: Wed Mar  6 15:04:01 2002
Subject: Order of namestrings changed when importing keys
Message-ID: <3C862324.AF73AF10@fz-juelich.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Hello GPG world,

I'm experimenting with GPG, after using several versions of PGP 
over the years.  I installed GPG 1.0.6 on a linux box and imported 
my keyring into GPG.

Several of the keys I imported had more than one user name string 
(typically different email addresses, but also other info).  For 
some reason GPG displays for most of these keys another string as
the primary key name than PGP used to do.

Is there a reason for this?
Did I do something wrong?
Can I change this?

Is it a FAQ?  (I couldn't find it in the FAQ files and other docs, 
but perhaps I overlooked it, searched for the wrong keyword, or so)

Thanks in advance.

P.S. Please answer (also) by CC'ing me; I'm not a member of 
this mail list.

Met Vriendelijke Groeten,
Jon Krom

- -- 

....................................................................
.  Address: J.G. Krom             phone:   +49 2461 61 5451        .
.           IPP FZ-Juelich        fax:     +49 2461 61 5452        .
.           Postfach 1913         email:   J.Krom@fz-juelich.de    .
.           D-52425 Juelich       private: Jon.Krom@ukuug.org      .
.           Germany               WWW:     www.fz-juelich.de/ipp/  .
.                                 PGP:     DH/DSS 0xA9A357C4       .
....................................................................

           "Boundaries? I've never seen one, but I've been told
            they exist in some people's minds."  Thor Heyerdahl

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPIYU7LzzJGmpo1fEEQKFWQCeOXsIJRN99lEhiymK6IGfybqPcRcAnAxm
/XZi6xbwkWY/l99RkRKd/qli
=ZMc8
-----END PGP SIGNATURE-----


From andriash@telus.net  Wed Mar  6 15:22:01 2002
From: andriash@telus.net (Nick Andriash)
Date: Wed Mar  6 15:22:01 2002
Subject: short question
In-Reply-To: <3C851BEE.14102.473053E@localhost>
References: <Pine.LNX.4.33.0203050739240.5013-100000@pcramnan.iap-kborn.de> <3C851BEE.14102.473053E@localhost>
Message-ID: <20020306061639.825B.ANDRIASH@telus.net>

Hello Dick Gevers,

On Tuesday, March 05 2002 at 11:26 AM PDT, you wrote:

> Sorry, I must disagree. The file gpg.man does contain the command
>        --export-secret-keys [names]

Yes, I realise that... but not exactly as was initially indicated:

> To export public keys:
> gpg -a -o pubkey.asc --export <KEYID>
> 
> To export secret keys:
> gpg -a -o seckey.asc --export-secret-keys <KEYID>

and that was the point I was trying to make... the "-a" and "-o"
specifically.


-- 
Nick Andriash
Courtenay, B.C. Canada




From dshaw@jabberwocky.com  Wed Mar  6 16:08:01 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Wed Mar  6 16:08:01 2002
Subject: Order of namestrings changed when importing keys
In-Reply-To: <3C862324.AF73AF10@fz-juelich.de>
References: <3C862324.AF73AF10@fz-juelich.de>
Message-ID: <20020306150527.GA7117@akamai.com>

On Wed, Mar 06, 2002 at 03:09:40PM +0100, Jon Krom wrote:

> Several of the keys I imported had more than one user name string 
> (typically different email addresses, but also other info).  For 
> some reason GPG displays for most of these keys another string as
> the primary key name than PGP used to do.
> 
> Is there a reason for this?

Yes.  GnuPG makes the (reasonable) assumption that the most recently
added (actually the most recently self-signed, but that usually means
most recently added) user ID is the primary one.

> Did I do something wrong?

Nope.

> Can I change this?

Yes.  In a few weeks, GnuPG 1.0.7 will come out with a command
("primary") to mark whichever user ID you like as primary.

A few months ago, I posted a different way to do the same thing.  You
can read that here:
  http://lists.gnupg.org/pipermail/gnupg-users/2001-October/010194.html

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From schoech@iap-kborn.de  Wed Mar  6 16:22:02 2002
From: schoech@iap-kborn.de (=?iso-8859-1?Q?Armin_Sch=F6ch?=)
Date: Wed Mar  6 16:22:02 2002
Subject: short question
In-Reply-To: <20020306061639.825B.ANDRIASH@telus.net>
Message-ID: <Pine.LNX.4.33.0203061517390.22202-100000@pcramnan.iap-kborn.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Nick !

> Yes, I realise that... but not exactly as was initially indicated:
>
> > To export public keys:
> > gpg -a -o pubkey.asc --export <KEYID>
> >
> > To export secret keys:
> > gpg -a -o seckey.asc --export-secret-keys <KEYID>
>
> and that was the point I was trying to make... the "-a" and "-o"
> specifically.

But it will work without the "-a" and "-o" as well. Just you get a
binary data format (there might be problems transmitting it) and the
output will go to standard output.

Bye,
Armin

- --=20
Am Hasenberg 26         office: Institut f=FCr Atmosph=E4renphysik
D-18209 Bad Doberan             Schloss-Stra=DFe 6
Tel. ++49-(0)38203/42137        D-18225 K=FChlungsborn / GERMANY
Email: schoech@iap-kborn.de     Tel. +49-(0)38293-68-102
WWW: http://armins.cjb.net/     Fax. +49-(0)38293-68-50
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: Weitere Infos: siehe http://www.gnupg.org

iD8DBQE8hjNjG8Xv4GxznLoRArDzAJ0aTkYH2y1mKYlCAPN728eVunwEqwCggKEg
SGOb+0UhzYqcLQgwH/hdaEM=3D
=3DB0Wh
-----END PGP SIGNATURE-----




From mark.hofstetter@univie.ac.at  Wed Mar  6 16:56:01 2002
From: mark.hofstetter@univie.ac.at (Mark Hofstetter)
Date: Wed Mar  6 16:56:01 2002
Subject: Compiling gpg on AIX
Message-ID: <5.1.0.14.2.20020306165019.032acea8@mailbox.univie.ac.at>

We're also having AIX 4.3.3

with the following configure options/CFLAGS

CFLAGS="-g -O2 -mcpu=powerpc"
./configure --disable-asm --enable-static-rnd=unix --disable-nls 
--with-included-zlib --with-included-gettext --disable-dynload

it compiles and runs flawlessly

Mark



--
Mag. Mark Hofstetter
Vienna University Computer Center



From nazir@itautec-philco.com.br  Wed Mar  6 21:41:02 2002
From: nazir@itautec-philco.com.br (Nazir Najjar)
Date: Wed Mar  6 21:41:02 2002
Subject: Decript without password...
Message-ID: <000201c1c54e$ff1742c0$6801190a@NAZIR>

Hi,

Is there a way to decript files without having to type my private
password???

I'd like to put this password as default to decript the massages cause i
want to make a script to do it by itself...

Is there a way to do it???

Thanks in advance,
Nazir.



From bart.martens@advalvas.be  Wed Mar  6 22:07:02 2002
From: bart.martens@advalvas.be (Bart Martens)
Date: Wed Mar  6 22:07:02 2002
Subject: Decript without password...
In-Reply-To: <000201c1c54e$ff1742c0$6801190a@NAZIR>; from nazir@itautec-philco.com.br on Wed, Mar 06, 2002 at 05:39:21PM -0300
References: <000201c1c54e$ff1742c0$6801190a@NAZIR>
Message-ID: <20020306221838.A12813@cable-195-162-215-141.upc.chello.be>

On Wed, Mar 06, 2002 at 05:39:21PM -0300, Nazir Najjar wrote:
> Hi,
> 
> Is there a way to decript files without having to type my private
> password???
> 
> I'd like to put this password as default to decript the massages cause i
> want to make a script to do it by itself...
> 
> Is there a way to do it???
> 
> Thanks in advance,
> Nazir.

I think that http://www.gnupg.org/faq.html#q4.14 answers your question.
Bart




From sbutler@fchn.com  Wed Mar  6 22:17:02 2002
From: sbutler@fchn.com (Steve Butler)
Date: Wed Mar  6 22:17:02 2002
Subject: Decrypt without password...
Message-ID: <d9e20acf75d88084ba3d620fd7e63dbc3c8686e4@fchn.com>

Create your own script file called gpg_decrypt and accept the file name you
want to decrypt (without the .pgp extension)

#!/bin/ksh
#gpg_decrypt

echo "my pass phrase here" | gpg --homedir /etc/gnupg/homdir --passphrase-fd
0 --no-tty --output "$1" --decrypt "$1.pgp"

NOTE:  The quotes around $1 allow the file name to contain embedded spaces.
Embedded spaces in file names seems to be natural to Windows boxes.  It
causes havoc to Unix type scripts unless you are very careful to allow for
the spaces.

Or, just change your key to not have a pass phrase at all.


-----Original Message-----
From: Nazir Najjar [mailto:nazir@itautec-philco.com.br]
Sent: Wednesday, March 06, 2002 12:39 PM
To: gnupg-users@gnupg.org
Subject: Decript without password...


Hi,

Is there a way to decript files without having to type my private
password???

I'd like to put this password as default to decript the massages cause i
want to make a script to do it by itself...

Is there a way to do it???

Thanks in advance,
Nazir.


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.



From rtilley@vt.edu  Wed Mar  6 22:55:01 2002
From: rtilley@vt.edu (Brad Tilley)
Date: Wed Mar  6 22:55:01 2002
Subject: Decrypt without password...
In-Reply-To: <d9e20acf75d88084ba3d620fd7e63dbc3c8686e4@fchn.com>
References: <d9e20acf75d88084ba3d620fd7e63dbc3c8686e4@fchn.com>
Message-ID: <200203062138.AVC07958@dagger.cc.vt.edu>

On Wednesday 06 March 2002 16:13, Steve Butler wrote:

Is it just me, or is this insecure? I would _never_ place my pass phrase in a 
file. Security and convenience seem to always be at odds. As for me, I'll 
take security along with inconvenience any day.

> Create your own script file called gpg_decrypt and accept the file name you
> want to decrypt (without the .pgp extension)
>
> #!/bin/ksh
> #gpg_decrypt
>
> echo "my pass phrase here" | gpg --homedir /etc/gnupg/homdir
> --passphrase-fd 0 --no-tty --output "$1" --decrypt "$1.pgp"
>
> NOTE:  The quotes around $1 allow the file name to contain embedded spaces.
> Embedded spaces in file names seems to be natural to Windows boxes.  It
> causes havoc to Unix type scripts unless you are very careful to allow for
> the spaces.
>
> Or, just change your key to not have a pass phrase at all.
>
>
> -----Original Message-----
> From: Nazir Najjar [mailto:nazir@itautec-philco.com.br]
> Sent: Wednesday, March 06, 2002 12:39 PM
> To: gnupg-users@gnupg.org
> Subject: Decript without password...
>
>
> Hi,
>
> Is there a way to decript files without having to type my private
> password???
>
> I'd like to put this password as default to decript the massages cause i
> want to make a script to do it by itself...
>
> Is there a way to do it???
>
> Thanks in advance,
> Nazir.
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
> CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is
> for the sole use of the intended recipient(s) and may contain confidential
> and privileged information.  Any unauthorized review, use, disclosure or
> distribution is prohibited.  If you are not the intended recipient, please
> contact the sender by reply e-mail and destroy all copies of the original
> message.
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users



From andrew@mcdonald.org.uk  Wed Mar  6 23:16:02 2002
From: andrew@mcdonald.org.uk (Andrew McDonald)
Date: Wed Mar  6 23:16:02 2002
Subject: Decrypt without password...
In-Reply-To: <200203062138.AVC07958@dagger.cc.vt.edu>
References: <d9e20acf75d88084ba3d620fd7e63dbc3c8686e4@fchn.com> <200203062138.AVC07958@dagger.cc.vt.edu>
Message-ID: <20020306221332.GB1884@mcdonald.org.uk>

On Wed, Mar 06, 2002 at 04:48:44PM -0500, Brad Tilley wrote:
> 
> Is it just me, or is this insecure? I would _never_ place my pass
> phrase in a file. Security and convenience seem to always be at odds.
> As for me, I'll take security along with inconvenience any day.

This is exactly the reason for recommending the use of "no password"
over "password in script" for automated systems. The latter doesn't
really give anything more than a false sense of security (and a more
complicated script) in this context.

-- 
Andrew McDonald
E-mail: andrew@mcdonald.org.uk
http://www.mcdonald.org.uk/andrew/


From sbutler@fchn.com  Wed Mar  6 23:46:02 2002
From: sbutler@fchn.com (Steve Butler)
Date: Wed Mar  6 23:46:02 2002
Subject: Decrypt without password...
Message-ID: <4a841a43d094a4d430a30d3b448c41633c869bcc@fchn.com>

I'd never do this for my personal key.  But for the corporate one running on
the internal corporate GnuPG server where everybody who has access to the
machine can read the plain text anyway....

Now, I don't leave the pass phrase as plain text but the methods I use to
"hide" it are easily broken (otherwise I'd have to actually encrypt it with
another passphrase).  It at least keeps the causual observer somewhat at
bay.  

-----Original Message-----
From: Brad Tilley [mailto:rtilley@vt.edu]
Sent: Wednesday, March 06, 2002 1:49 PM
To: gnupg-users@gnupg.org
Subject: Re: Decrypt without password...


On Wednesday 06 March 2002 16:13, Steve Butler wrote:

Is it just me, or is this insecure? I would _never_ place my pass phrase in
a 
file. Security and convenience seem to always be at odds. As for me, I'll 
take security along with inconvenience any day.


CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.



From huber@alum.wpi.edu  Thu Mar  7 00:09:02 2002
From: huber@alum.wpi.edu (Josh Huber)
Date: Thu Mar  7 00:09:02 2002
Subject: Decrypt without password...
In-Reply-To: <200203062138.AVC07958@dagger.cc.vt.edu> (Brad Tilley's message
 of "Wed, 6 Mar 2002 16:48:44 -0500")
References: <d9e20acf75d88084ba3d620fd7e63dbc3c8686e4@fchn.com>
 <200203062138.AVC07958@dagger.cc.vt.edu>
Message-ID: <87k7spnvm7.fsf@paradoxical.net>

Brad Tilley <rtilley@vt.edu> writes:

> On Wednesday 06 March 2002 16:13, Steve Butler wrote:
>
> Is it just me, or is this insecure? I would _never_ place my pass
> phrase in a file. Security and convenience seem to always be at
> odds. As for me, I'll take security along with inconvenience any
> day.

Well, yeah.  Of course it's insecure! :)

Which is why if you're doing this, you might as well use a key with no
password...

ttyl,

-- 
Josh Huber


From legoxx@yahoo.com  Thu Mar  7 08:55:02 2002
From: legoxx@yahoo.com (lego lego)
Date: Thu Mar  7 08:55:02 2002
Subject: gpg --no-default-keyring --secret-keyring foo.sec problem
Message-ID: <20020307075252.93709.qmail@web14504.mail.yahoo.com>

hello

i'm trying this from the doc/DETAILS

$ cat >foo <<EOF
     %echo Generating a standard key
     Key-Type: DSA
     Key-Length: 1024
     Subkey-Type: ELG-E
     Subkey-Length: 1024
     Name-Real: Joe Tester
     Name-Comment: with stupid passphrase
     Name-Email: joe@foo.bar
     Expire-Date: 0
     Passphrase: abc
     %pubring foo.pub
     %secring foo.sec
     # Do a commit here, so that we can later print
"done" :-)
     %commit
     %echo done
EOF
$ gpg --batch --gen-key -a foo
 [...]
$ gpg --no-default-keyring --secret-keyring foo.sec \
                                  --keyring foo.pub
--list-secret-keys

but instead of this output:
sec  1024D/915A878D 2000-03-09 Joe Tester (with stupid
passphrase) <joe@foo.bar>
ssb  1024g/8F70E2C0 2000-03-09

i just got this:
gpg: Warning: using insecure memory!
gpg: /home/peter/.gnupg/foo.sec: keyring created
gpg: /home/peter/.gnupg/foo.pub: keyring created

i tried to sign files using foo.sec but it won't work
it seems that the keyrings are not even open...

can anyone help me please?

__________________________________________________
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/


From schoech@iap-kborn.de  Thu Mar  7 09:31:01 2002
From: schoech@iap-kborn.de (=?iso-8859-1?Q?Armin_Sch=F6ch?=)
Date: Thu Mar  7 09:31:01 2002
Subject: gpg --no-default-keyring --secret-keyring foo.sec problem
In-Reply-To: <20020307075252.93709.qmail@web14504.mail.yahoo.com>
Message-ID: <Pine.LNX.4.33.0203070827340.32459-100000@pcramnan.iap-kborn.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi !

> but instead of this output:
> sec  1024D/915A878D 2000-03-09 Joe Tester (with stupid
> passphrase) <joe@foo.bar>
> ssb  1024g/8F70E2C0 2000-03-09
>
> i just got this:
> gpg: Warning: using insecure memory!
> gpg: /home/peter/.gnupg/foo.sec: keyring created
> gpg: /home/peter/.gnupg/foo.pub: keyring created
>
> i tried to sign files using foo.sec but it won't work
> it seems that the keyrings are not even open...

Usually this happens when you invoke gpg for the first time for user
"peter". Run the command again to create the key.

HTH,
Armin

- --=20
Am Hasenberg 26         office: Institut f=FCr Atmosph=E4renphysik
D-18209 Bad Doberan             Schloss-Stra=DFe 6
Tel. ++49-(0)38203/42137        D-18225 K=FChlungsborn / GERMANY
Email: schoech@iap-kborn.de     Tel. +49-(0)38293-68-102
WWW: http://armins.cjb.net/     Fax. +49-(0)38293-68-50
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: Weitere Infos: siehe http://www.gnupg.org

iD8DBQE8hyS3G8Xv4GxznLoRAt9BAKCD5QVVUnyeAWKhZ373eDKt1qre3ACeLD8c
B4kmYClzfT/o4YRvxZCoBpE=3D
=3Dw0xc
-----END PGP SIGNATURE-----




From legoxx@yahoo.com  Thu Mar  7 10:20:02 2002
From: legoxx@yahoo.com (lego lego)
Date: Thu Mar  7 10:20:02 2002
Subject: gpg --no-default-keyring --secret-keyring foo.sec problem
In-Reply-To: <Pine.LNX.4.33.0203070827340.32459-100000@pcramnan.iap-kborn.de>
Message-ID: <20020307091744.75304.qmail@web14507.mail.yahoo.com>

well when i run 

gpg --no-default-keyring --secret-keyring foo.sec
--keyring foo.pub --list-secret-keys

for second time i got not output at all just

gpg: Warning: using insecure memory!
[peter@love1 foo]$
 

__________________________________________________
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/


From schoech@iap-kborn.de  Thu Mar  7 10:22:01 2002
From: schoech@iap-kborn.de (=?iso-8859-1?Q?Armin_Sch=F6ch?=)
Date: Thu Mar  7 10:22:01 2002
Subject: gpg --no-default-keyring --secret-keyring foo.sec problem
In-Reply-To: <20020307091744.75304.qmail@web14507.mail.yahoo.com>
Message-ID: <Pine.LNX.4.33.0203070918340.32589-100000@pcramnan.iap-kborn.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> well when i run
>
> gpg --no-default-keyring --secret-keyring foo.sec
> --keyring foo.pub --list-secret-keys
>
> for second time i got not output at all just
>
> gpg: Warning: using insecure memory!
> [peter@love1 foo]$

What happened to the keyrings in ~/.gnupg ? Have they changed ?

Armin

- --
Am Hasenberg 26         office: Institut f=FCr Atmosph=E4renphysik
D-18209 Bad Doberan             Schloss-Stra=DFe 6
Tel. ++49-(0)38203/42137        D-18225 K=FChlungsborn / GERMANY
Email: schoech@iap-kborn.de     Tel. +49-(0)38293-68-102
WWW: http://armins.cjb.net/     Fax. +49-(0)38293-68-50
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: Weitere Infos: siehe http://www.gnupg.org

iD8DBQE8hzCnG8Xv4GxznLoRAuP+AKDP15LQakAPmgsTvIka1wysYU4nFgCeJObh
2ddFDF6SyzRQJvlfBPafYdI=3D
=3Di/5M
-----END PGP SIGNATURE-----




From legoxx@yahoo.com  Thu Mar  7 10:28:02 2002
From: legoxx@yahoo.com (lego lego)
Date: Thu Mar  7 10:28:02 2002
Subject: gpg --no-default-keyring --secret-keyring foo.sec problem
In-Reply-To: <Pine.LNX.4.33.0203070918340.32589-100000@pcramnan.iap-kborn.de>
Message-ID: <20020307092539.80260.qmail@web14503.mail.yahoo.com>

i dont want to use keyrings in ~/.gnupg but ./foo.pub
and ./foo.sec (i have created them using gpg --batch
--gen-key -a foo and they seems to be ok) 

so i modified my script:gpg --no-default-keyring
--secret-keyring ./foo.sec --keyring ./foo.pub
--list-secret-keys

but i got this...

gpg: Warning: using insecure memory!
gpg: [don't know]: invalid packet (ctb=2d)
gpg: read_keyblock: read error: invalid packet
gpg: enum_keyblocks(read) failed: invalid keyring


__________________________________________________
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/


From legoxx@yahoo.com  Thu Mar  7 11:00:01 2002
From: legoxx@yahoo.com (lego lego)
Date: Thu Mar  7 11:00:01 2002
Subject: gpg --no-default-keyring --secret-keyring foo.sec problem
In-Reply-To: <Pine.LNX.4.33.0203070918340.32589-100000@pcramnan.iap-kborn.de>
Message-ID: <20020307095821.87433.qmail@web14508.mail.yahoo.com>

well i want to use foo.pub and foo.sec in the current
direcotory not /home/user/.gnupg

i want to sign a file without importing key to my
keyring, and i need my customer to verify signature
without installing public key to his keyring. Just
simple command line interface. Ideally in batch file


__________________________________________________
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/


From schoech@iap-kborn.de  Thu Mar  7 11:22:01 2002
From: schoech@iap-kborn.de (=?iso-8859-1?Q?Armin_Sch=F6ch?=)
Date: Thu Mar  7 11:22:01 2002
Subject: gpg --no-default-keyring --secret-keyring foo.sec problem
In-Reply-To: <20020307095821.87433.qmail@web14508.mail.yahoo.com>
Message-ID: <Pine.LNX.4.33.0203071014380.1967-100000@pcramnan.iap-kborn.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi !

> well i want to use foo.pub and foo.sec in the current
> direcotory not /home/user/.gnupg
>
> i want to sign a file without importing key to my
> keyring, and i need my customer to verify signature
> without installing public key to his keyring. Just
> simple command line interface. Ideally in batch file

I understand what you want to achieve. And I just reproduced your
problem on 1.0.3 and 1.0.6. The error message is the same as you get.
It's even the same if I create the keyring by manually choosing the
different options (no batch mode)

Sorry that I can't help you!

Bye,
Armin

- --=20
Am Hasenberg 26         office: Institut f=FCr Atmosph=E4renphysik
D-18209 Bad Doberan             Schloss-Stra=DFe 6
Tel. ++49-(0)38203/42137        D-18225 K=FChlungsborn / GERMANY
Email: schoech@iap-kborn.de     Tel. +49-(0)38293-68-102
WWW: http://armins.cjb.net/     Fax. +49-(0)38293-68-50
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: Weitere Infos: siehe http://www.gnupg.org

iD8DBQE8hz7GG8Xv4GxznLoRAhkaAJ9uRjq7f3fapFb6fG3edyKFBF1KHwCgmU1y
XdoeCmodLnas8bky+qpe92o=3D
=3D55gb
-----END PGP SIGNATURE-----




From bart.martens@advalvas.be  Thu Mar  7 11:54:01 2002
From: bart.martens@advalvas.be (Bart Martens)
Date: Thu Mar  7 11:54:01 2002
Subject: gpg --no-default-keyring --secret-keyring foo.sec problem
In-Reply-To: <20020307075252.93709.qmail@web14504.mail.yahoo.com>; from legoxx@yahoo.com on Wed, Mar 06, 2002 at 11:52:52PM -0800
References: <20020307075252.93709.qmail@web14504.mail.yahoo.com>
Message-ID: <20020307120525.A3015@cable-195-162-215-141.upc.chello.be>

Maybe this solves your problem...

$ mkdir someweirddir
$ gpg --homedir someweirddir --no-default-keyring --secret-keyring foo.sec --keyring foo.pub --list-keys
gpg: someweirddir/foo.sec: keyring created
gpg: someweirddir/foo.pub: keyring created
$ gpg --homedir someweirddir --no-default-keyring --secret-keyring foo.sec --keyring foo.pub --list-keys
$ 


On Wed, Mar 06, 2002 at 11:52:52PM -0800, lego lego wrote:
> hello
> 
> i'm trying this from the doc/DETAILS
> 
> $ cat >foo <<EOF
>      %echo Generating a standard key
>      Key-Type: DSA
>      Key-Length: 1024
>      Subkey-Type: ELG-E
>      Subkey-Length: 1024
>      Name-Real: Joe Tester
>      Name-Comment: with stupid passphrase
>      Name-Email: joe@foo.bar
>      Expire-Date: 0
>      Passphrase: abc
>      %pubring foo.pub
>      %secring foo.sec
>      # Do a commit here, so that we can later print
> "done" :-)
>      %commit
>      %echo done
> EOF
> $ gpg --batch --gen-key -a foo
>  [...]
> $ gpg --no-default-keyring --secret-keyring foo.sec \
>                                   --keyring foo.pub
> --list-secret-keys
> 
> but instead of this output:
> sec  1024D/915A878D 2000-03-09 Joe Tester (with stupid
> passphrase) <joe@foo.bar>
> ssb  1024g/8F70E2C0 2000-03-09
> 
> i just got this:
> gpg: Warning: using insecure memory!
> gpg: /home/peter/.gnupg/foo.sec: keyring created
> gpg: /home/peter/.gnupg/foo.pub: keyring created
> 
> i tried to sign files using foo.sec but it won't work
> it seems that the keyrings are not even open...
> 
> can anyone help me please?
> 
> __________________________________________________
> Do You Yahoo!?
> Try FREE Yahoo! Mail - the world's greatest free email!
> http://mail.yahoo.com/
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users



From sbutler@fchn.com  Thu Mar  7 20:23:02 2002
From: sbutler@fchn.com (Steve Butler)
Date: Thu Mar  7 20:23:02 2002
Subject: Revoke certificate -- format errors
Message-ID: <84785f42b4d36418a504db0fc3a83a923c87bdb1@fchn.com>

I attempted to revoke an old key for which I found the revoke certificate.

However, wwwkeys.us.pgp.net returned this message:

Key block in add request contained no new
keys, userid's, or signatures.
Your key block contained 1 format errors,
which were treated as if the erroneous elements
hadn't been part of your submission.
The last error was on key 0xf87cc708:
Key block corrupt: signature without key

I had submitted this in the submit key screen.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (MingW32)
Comment: For info see http://www.gnupg.org
Comment: A revocation certificate should follow

iIAEIBECAEAFAjxq1io5HQJSZXZva2UgY2VydGlmaWNhdGUgdG8gYmUgaGVsZCBz
aG91bGQgc2VjcmV0IGtleSBiZSBsb3N0AAoJEIg3oxwcmCDAhLQAoMtj8AjmYOyI
9DLKQxYjid8Qrr0DAJ9LZ1tALaLtFJDWxcuJ8DJocXbYfA==
=V9f7
-----END PGP PUBLIC KEY BLOCK-----

CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.



From sbutler@fchn.com  Thu Mar  7 20:39:01 2002
From: sbutler@fchn.com (Steve Butler)
Date: Thu Mar  7 20:39:01 2002
Subject: Import Public key + Import Revoke Cert ==> export key to keyserve
 r
Message-ID: <0cb4704abf58071f6a5a6795ed0976993c87c152@fchn.com>

Found a solution.  I had to import the public key from the keyserver, then
import my revoke certificate and export the updated key back to the
keyserver.  At least the keyserver now shows my key as being revoked.

Thanks.

CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.



From nazir@itautec-philco.com.br  Thu Mar  7 21:55:01 2002
From: nazir@itautec-philco.com.br (Nazir Najjar)
Date: Thu Mar  7 21:55:01 2002
Subject: Auto Descrypt
Message-ID: <000101c1c61a$27a5c830$6801190a@NAZIR>

Hi,

Is there a way to decript files without having to type my private
password???

gpg -o file.txt --decrypt file.txt.gpg

Gpg needs the private password to decrypt. Is there a way to put this
password inside a file and do the command above without the need to put the
password?? Or is there another command that i can do it???


Thank you.





From andriash@telus.net  Thu Mar  7 22:21:01 2002
From: andriash@telus.net (Nick Andriash)
Date: Thu Mar  7 22:21:01 2002
Subject: Auto Descrypt
In-Reply-To: <000101c1c61a$27a5c830$6801190a@NAZIR>
References: <000101c1c61a$27a5c830$6801190a@NAZIR>
Message-ID: <20020307131551.505F.ANDRIASH@telus.net>

Hello Nazir Najjar,

On Thursday, March 07 2002 at 12:53 PM PDT, you wrote:

> Is there a way to decript files without having to type my private
> password???

I see you are using Outlook, so you can use one of the Win32 front-ends
for GnuPG such as WinPT or GPGShell in which you can cache the
passphrase for a certain period of time.


-- 
Nick Andriash
Courtenay, B.C. Canada




From sbutler@fchn.com  Thu Mar  7 22:41:01 2002
From: sbutler@fchn.com (Steve Butler)
Date: Thu Mar  7 22:41:01 2002
Subject: Auto Descrypt
Message-ID: <f23669bf56f018afb66cf047ff87546e3c87ddde@fchn.com>

This is asked about once a day.  I thought it was twice today -- but noticed
that the other one was actually yesterday!

1.  Don't use a pass phrase at all!  When it asks for a pass phrase just hit
the enter key.  See the man page (gpg text file for windows folks) regarding
the --edit option.  This is just as secure as the 2nd option and requires
less scripting changes.

2.  Feed the passphrase in your script via the echo command as in:
     echo "my pass phrase here" \
       | gpg --homedir /etc/gnupg/homdir --passphrase-fd 0 --no-tty --output
myoutfile --decrypt myinfile.pgp

This is korn shell syntax and subject to slight changes for Windows batch
files.


-----Original Message-----
From: Nazir Najjar [mailto:nazir@itautec-philco.com.br]
Sent: Thursday, March 07, 2002 12:54 PM
To: gnupg-users@gnupg.org
Subject: Auto Descrypt


Hi,

Is there a way to decript files without having to type my private
password???

gpg -o file.txt --decrypt file.txt.gpg

Gpg needs the private password to decrypt. Is there a way to put this
password inside a file and do the command above without the need to put the
password?? Or is there another command that i can do it???


Thank you.




_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.



From JanuszA.Urbanowicz  Thu Mar  7 23:48:02 2002
From: JanuszA.Urbanowicz (JanuszA.Urbanowicz)
Date: Thu Mar  7 23:48:02 2002
Subject: what to do if keyring gets corrupted?
Message-ID: <m16j67c-000158C@bofh.torun.pl>

I try to add new UiD to my key and after 'save' gpg reports:

Command> save
gpg: /home/alex/.gnupg/pubring.gpg: copy to
/home/alex/.gnupg/pubring.gpg.tmp' failed: file read error
gpg: update failed: file read error

What to do in such a situation? I think of exporting all the keys then
rebuilding the pubring from scratch, but this way local signatures will get
lost.

Alex
-- 
Janusz A. Urbanowicz | ALEX3-RIPE | SF-Framling | Thawte Web Of Trust Notary

Gdy daj biednym chleb, nazywaj mnie witym. Gdy pytam, 
dlaczego biedni nie maj chleba, nazywaj mnie komunist. - abp. Helder Camara


From Graham.K.Jenkins@team.telstra.com  Fri Mar  8 02:50:01 2002
From: Graham.K.Jenkins@team.telstra.com (Jenkins, Graham K [IBM GSA])
Date: Fri Mar  8 02:50:01 2002
Subject: Problem with Perl Call
Message-ID: <61411576E951D211AF330008C7245DD90818E81B@ntmsg0005.corpmail.telstra.com.au>

Guys, I have been trying to feed a passphrase into
gpg 1.0.6 (on NetBSD, Solaris and Win32) platforms)
using a variation of a script suggested in some of the
pgp documentation.  Here's what I tried.  If somebody
can tell me why it doesn't work, I'd be Real Pleased ..
--
#!/usr/local/bin/perl
pipe(READER,WRITER);
if (!fork) {
	close(WRITER);
	$^F=fileno(READER);
	$FilDes=fileno(READER);
	exec "gpg -as --passphrase-fd $FilDes </etc/passwd >/tmp/outZ" or
	die "can't exec gpg\n";
}
close(READER);
syswrite(WRITER, "secret1\n", 8);
close(WRITER);
wait
--





From legoxx@yahoo.com  Fri Mar  8 04:16:02 2002
From: legoxx@yahoo.com (lego lego)
Date: Fri Mar  8 04:16:02 2002
Subject: gpg --no-default-keyring --secret-keyring foo.sec problem
In-Reply-To: <20020307120525.A3015@cable-195-162-215-141.upc.chello.be>
Message-ID: <20020308031353.1380.qmail@web14510.mail.yahoo.com>

i found the problem:

keys cannot be created using --armor option otherwise
they are not usable as extern keys...



__________________________________________________
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/


From cwsiv_home1@juno.com  Fri Mar  8 06:14:01 2002
From: cwsiv_home1@juno.com (carl w spitzer)
Date: Fri Mar  8 06:14:01 2002
Subject: gnupg won't work
Message-ID: <20020307.210530.14455.4.cwsiv_home1@juno.com>

Actually I am looking for 16 bit version or a way to make one.
I am not too fond of winblows as it is too fond of viruses.
I use LILO and want to access my mail and encrypted messages in all three
OS if I can.
CWSIV

>From Graham <graham.todd@ntlworld.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 14 February 2002 11:27 pm, you wrote:
> What about cross compiling GNUPG for DOS?  to work in conjunction
> with PGP262 & 263i
>

Youre too late. GPG is available for the Windows commandline, and using 
the IDEA module it is PGP 2.6x compatible.

There are a couple of Windows front ends available (IMHO better than 
anything in Linux, particularly GPGShell) and a number of MUAs (Becky, 
The Bat, Pegasus, Outlook Express, Eudora, etc) have a plugin to use 
GPG in Windows.

What more do you want?

- -- 
Graham

Please use my GPG Key ID: E935DB9D

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Please encrypt or sign for internet security

iD8DBQE8bGkWIwtBZOk1250RAj6aAKDnq+onS92YoUFVI7n+igd9Zw8uXgCgtFPx
zJPGG7ukWQx5iVWLDufTtuo=
=uYd/
-----END PGP SIGNATURE-----
HO better than 
anything in Linux, particularly GPGShell) and a number of MUAs (Becky, 
The Bat, Pegasus, Outlook Express, Eudora, etc) have a plugin to use 
GPG in Windows.

What more do you want?

- -- 
Graham

Please use my GPG Key ID: E935DB9D

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Please encrypt or sign for internet security

iD8DBQE8bGkWIwtBZOk1250RAj6aAKDnq+onS92YoUFVI7n+igd9Zw8uXgCgtFPx
zJPGG7ukWQx5iVWLDufTtuo=
=uYd/


________________________________________________________________
GET INTERNET ACCESS FROM JUNO!
Juno offers FREE or PREMIUM Internet access for less!
Join Juno today!  For your FREE software, visit:
http://dl.www.juno.com/get/web/.


From ftobin@neverending.org  Fri Mar  8 07:11:02 2002
From: ftobin@neverending.org (Frank Tobin)
Date: Fri Mar  8 07:11:02 2002
Subject: Problem with Perl Call
In-Reply-To: <61411576E951D211AF330008C7245DD90818E81B@ntmsg0005.corpmail.telstra.com.au>
Message-ID: <20020308010449.H438-100000@palanthas.neverending.org>

Jenkins, Graham K [IBM GSA], on 2002-03-08, wrote:

> Guys, I have been trying to feed a passphrase into gpg 1.0.6 (on NetBSD,
> Solaris and Win32) platforms) using a variation of a script suggested in
> some of the pgp documentation.  Here's what I tried.  If somebody can
> tell me why it doesn't work, I'd be Real Pleased ..

What was wrong with your code didn't pop out at me immediately, but I'd
recommend trying out GnuPG::Interface to help relieve some of the
headaches: http://gnupg-interface.sourceforge.net/

-- 
Frank Tobin		http://www.neverending.org/~ftobin/




From bart.martens@advalvas.be  Fri Mar  8 13:23:02 2002
From: bart.martens@advalvas.be (Bart Martens)
Date: Fri Mar  8 13:23:02 2002
Subject: Problem with Perl Call
In-Reply-To: <61411576E951D211AF330008C7245DD90818E81B@ntmsg0005.corpmail.telstra.com.au>; from Graham.K.Jenkins@team.telstra.com on Fri, Mar 08, 2002 at 12:47:26PM +1100
References: <61411576E951D211AF330008C7245DD90818E81B@ntmsg0005.corpmail.telstra.com.au>
Message-ID: <20020308133434.A1590@cable-195-162-215-141.upc.chello.be>

On Fri, Mar 08, 2002 at 12:47:26PM +1100, Jenkins, Graham K [IBM GSA] wrote:
> Guys, I have been trying to feed a passphrase into
> gpg 1.0.6 (on NetBSD, Solaris and Win32) platforms)
> using a variation of a script suggested in some of the
> pgp documentation.  Here's what I tried.  If somebody
> can tell me why it doesn't work, I'd be Real Pleased ..
> --
> #!/usr/local/bin/perl
> pipe(READER,WRITER);
> if (!fork) {
> 	close(WRITER);
> 	$^F=fileno(READER);
> 	$FilDes=fileno(READER);
> 	exec "gpg -as --passphrase-fd $FilDes </etc/passwd >/tmp/outZ" or
> 	die "can't exec gpg\n";
> }
> close(READER);
> syswrite(WRITER, "secret1\n", 8);
> close(WRITER);
> wait
> --

You may want to try something like this:

 open FILE, "|gpg --batch --no-tty --passphrase-fd 0 --armor --symmetric 2>> $stderr > $stdout" or die "Cannot gpg";
 print FILE "passphrase\n";
 print FILE "text to be encrypted\n";
 close FILE;




From Matthew561@aol.com  Fri Mar  8 15:13:01 2002
From: Matthew561@aol.com (Matthew561@aol.com)
Date: Fri Mar  8 15:13:01 2002
Subject: Question regards session key error
Message-ID: <86.17920886.29ba2059@aol.com>

Hello,

Looking for help.  

Running PGP 6.02 PGP, 2.6.3ia-multi05 and GNUPG 1.06.  Messages generated 
with any version of PGP, no problem; however encrypted messages created with 
GNUPG crash with a "bad session key" error if opened in PGP.  I have RTFM, or 
FAQ, but I can see nothing about such an error or how to address/fix.

Does this have any relationship to the fact that I am sending test messages 
to other useids that are also on my secret keyring (from me to me as it were)?

Any ideas as how to fix or explain

Please respond or CC off list.

Thanks.

Matthew


From andriash@telus.net  Fri Mar  8 16:50:02 2002
From: andriash@telus.net (Nick Andriash)
Date: Fri Mar  8 16:50:02 2002
Subject: Question regards session key error
In-Reply-To: <86.17920886.29ba2059@aol.com>
References: <86.17920886.29ba2059@aol.com>
Message-ID: <20020308073943.7F71.ANDRIASH@telus.net>

Hello Matthew561,

On Friday, March 08 2002 at 06:10 AM PDT, you wrote:

> Running PGP 6.02 PGP, 2.6.3ia-multi05 and GNUPG 1.06.  Messages
> generated with any version of PGP, no problem; however encrypted
> messages created with GNUPG crash with a "bad session key" error if
> opened in PGP.  I have RTFM, or FAQ, but I can see nothing about such
> an error or how to address/fix.

Are you using a front-end at all with GnuPG? The reason I ask is that in
my experience... limited as it may be... an error message like that
related to the Session Key usually indicate that the message was
encrypted with an Algo that is not supported on the receiving machine's
copy of PGP.

I think GnuPG defaults to 3DES if a common Algo cannot be found (while
PGP will default to either CAST5 or 3DES depending on version), but
sometimes when using a front-end you can 'force' GnuPG to use an
Algorithm regardless of the preferences found on the Public Key to which
you are encrypting. That may even be possible without using a front-end
by the option --cipher-algo <name>.


-- 
Nick Andriash
Courtenay, B.C. Canada




From Matthew561@aol.com  Fri Mar  8 17:39:02 2002
From: Matthew561@aol.com (Matthew561@aol.com)
Date: Fri Mar  8 17:39:02 2002
Subject: Question regards session key error
Message-ID: <122.d695cce.29ba4276@aol.com>

In a message dated 03/08/02 10:27:50 AM Central Standard Time, 
andriash@telus.net writes:

>  an error message like that
>  related to the Session Key usually indicate that the message was
>  encrypted with an Algo that is not supported on the receiving machine's
>  copy of PGP.

Not the problem since PGP uses Cast5 and 3Des.  I have "corrected" the 
problem using the 6.02 generated keys by adding "emulate-md-encode-bug" to 
the Options file but still no luck with my old RSA keys.

Thanks

Matthew


From andriash@telus.net  Fri Mar  8 18:11:01 2002
From: andriash@telus.net (Nick Andriash)
Date: Fri Mar  8 18:11:01 2002
Subject: Question regards session key error
In-Reply-To: <122.d695cce.29ba4276@aol.com>
References: <122.d695cce.29ba4276@aol.com>
Message-ID: <20020308090715.342C.ANDRIASH@telus.net>

Hello Matthew561,

On Friday, March 08 2002 at 08:36 AM PDT, you wrote:

> Not the problem since PGP uses Cast5 and 3Des. 

Yes I know, but doesn't --cipher-algo <name> in essence over ride the
default, and literally 'forces' GnuPG to use the Algorithm specified,
regardless what the Recipients preferences are?


-- 
Nick Andriash
Courtenay, B.C. Canada




From dominik@nextbyte.de  Fri Mar  8 20:21:02 2002
From: dominik@nextbyte.de (Dominik Schwald)
Date: Fri Mar  8 20:21:02 2002
Subject: change the passphrase...
Message-ID: <E16jQ1v-0005lG-00@porta.u64.de>

Hi, 
how does the changing of the passphrase work? 
As it is possible to change the passphrase that means (to me) that the 
secretKey "knows" the passphrase.

In detail:

If i create a new key and set the password to e.g. "supersecret_1" and 
put a copy of that secretKey somewhere, than i change the passphrase to 
"supersecret_2".
Am i right that it's now possible to use the first secretKey with the 
first passphrase  for signing/encryption  AS  WELL  AS  the second 
secretKey with its passphrase..?

Regards, dominik


From jason.kruse@teldta.com  Fri Mar  8 20:57:01 2002
From: jason.kruse@teldta.com (Kruse, Jason K.)
Date: Fri Mar  8 20:57:01 2002
Subject: Decrypt files with embedded filenames
Message-ID: <200203081954.NAA21094@phylum.teldta.com>

I was running into the use-embedded-filename option not working also on
Solaris using 1.0.6 and here's what I came up with:

The decrypt_message() call in decrypt.c causes opt.outfile to be set to '-'
since we assume --outfile isn't needed.  In plaintext.c the check for
opt.outfile is before the !opt.use_embedded_filename in handle_plaintext()
and use_embedded_filename is never used.

Fix:

Change decrypt.c line 70 from 

if ( !opt.outfile )

to

if ( !opt.outfile && !opt.use_embedded_filename )

Hope this helps.

Jason


From sbutler@fchn.com  Fri Mar  8 21:01:01 2002
From: sbutler@fchn.com (Steve Butler)
Date: Fri Mar  8 21:01:01 2002
Subject: change the passphrase...
Message-ID: <08c3882c1d46a49c5aa0ae7bd4cee0e63c891806@fchn.com>

The secret key is encrypted by the passphrase.  Therefore, to use the secret
key you must supply the pasphrase that is used to decrypt it.  That's why
the passphrase needs to be longer than a single word.  

And yes, if you have two different secret keyrings each having your secret
key but secured by two different passphrases, then each will work as you
described.



-----Original Message-----
From: Dominik Schwald [mailto:dominik@nextbyte.de]
Sent: Friday, March 08, 2002 10:59 AM
To: gnupg-users@gnupg.org
Subject: change the passphrase...


As it is possible to change the passphrase that means (to me) that the 
secretKey "knows" the passphrase.


CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.



From u_p@lycos.de  Fri Mar  8 21:57:01 2002
From: u_p@lycos.de (uwe puchta)
Date: Fri Mar  8 21:57:01 2002
Subject: AW: Problem with Perl Call - use "open3"
Message-ID: <1015620877001212@lycos.de>

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

--=_NextPart_Caramail_0012121015620877_ID
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

the follwoing code works perfect for me - both on Unix and 
Win32:

 1. package gpgX;

 2. use strict;
 3. use IPC::Open3;
 4. use FileHandle;

 5. #=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0
=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0
 6. sub gpg {
 7. #=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0
=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0
 8. my $f =3D shift || die;
 9. -r $f || die 'cannot open file: "' . $f . '"';
10. my $cmd;
11. my $o =3D $f;
12. #$o =3D~ s/\..*?\s*$//i;	# removes all extensions
13. $o =3D~ s/\.[^\.]+?$//;	# removes only last extension
14. $o .=3D '.gpg';
15. print STDERR "processing file \"$f\" - this might take some 
time ... \n";
16. $cmd =3D "gpg.exe -cv --passphrase-fd 0 --s2k-cipher-algo 
RIJNDAEL256 -o $o $f";
17. process($cmd);
18. }

19. #=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0
=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0
20. sub ungpg {
21. #=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0
=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0
22. my $f =3D shift || die;
23. my $o =3D shift || die 'no output file';
24. $f =3D~ /\.gpg\s*$/i or die "$f doesn't have the 
extension .pgp";
25. -r $f || die 'cannot open file: "' . $f . '"';
26. print STDERR "processing file \"$f\" - this might take some 
time ... \n";
27. print STDERR "output file =3D \"$o\"\n";
28. my $cmd =3D "gpg.exe -v --passphrase-fd 0 -o $o -d $f";
29. process($cmd);
30. }

31. #=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0
=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0
32. sub process {
33. #=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0
=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0=B0
34. my $cmd =3D shift || die 'missing $cmd';
35. # f=FCr Tests:
36. # $cmd =3D 'perl -e "print <STDIN>;print \"\nstdout - 
@ARGV\n\"; print STDERR \"stderr\n\"; "';
37. chomp $gpgX::P; # the passphrase
38. chomp $gpgX::P;
39. warn 'maybe wrong passphrase!'
40. if $gpgX::P =3D~ /^xxx/;
41. my ($writeFH, $readFH, $errFH) =3D (new FileHandle, new 
FileHandle, new FileHandle);
42. $readFH->autoflush();	# uncomment this if you 
have troubles reading the result
43. # ATTENTION - W A R N I N G: Bechause we use "$cmd" 
and not e.g. "@cmd",
44. # =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D the command 
in $cmd ist processed via THE SHELL.
45. # But: "@cmd" hangs when trying to 
read the passphrase
46. # from fd 0. See POD for open2 (not 
open3!).
47. my $pid =3D open3($writeFH, $readFH, $readFH, $cmd) || 
die;
48. print $writeFH $gpgX::P;
49. $writeFH->close();
50. while (<$readFH>) { print; }
51. $readFH->close();
52. waitpid $pid, 0;
53. }


54. 1;

in line 16 an 28 use "pgp" (or however your binary is called) - 
this is the Win32 Version.

line 37ff: $gpgX::P is where I store my passphrase

Request: 
=3D=3D=3D=3D=3D=3D=3D
Please, does anybody have a binary version of PGP 1.0.6 for 
SGI IRIX for me?

Regards
 Uwe
--------------
mailto:mail@NO-SP-AM-puchta.com -- remove "NO-SP-AM-"


> -------Urspr=FCngliche Nachricht-------
> Guys, I have been trying to feed a passphrase into
> gpg 1.0.6 (on NetBSD, Solaris and Win32) platforms)
> using a variation of a script suggested in some of the
> pgp documentation. Here's what I tried. If somebody
> can tell me why it doesn't work, I'd be Real Pleased ..
> --
> #!/usr/local/bin/perl
> pipe(READER,WRITER);
> if (!fork) {
> 	close(WRITER);
> 	$^F=3Dfileno(READER);
> 	$FilDes=3Dfileno(READER);
> 	exec "gpg -as --passphrase-fd $FilDes /tmp/outZ" or
> 	die "can't exec gpg\n";
> }
> close(READER);
> syswrite(WRITER, "secret1\n", 8);
> close(WRITER);
> wait
> --

______________________________________________________
Beginnen Sie das neue Jahr gut informiert: Zeitschriften-Abos zum Sparpreis!
http://www.lycos.de/webguides/entertainment/weihnachten/abo.html
250 Farb-Visitenkarten GRATIS*.  In einem Wert von EUR 99,00!
http://www.vistaprint.de/vp/splash/lycosde.asp
Jetzt eigene Domains f=FCr 1,23 Euro/Monat
http://lycos.de.domainnames.com/default.asp?caller=3Dlycos_d_footer



--=_NextPart_Caramail_0012121015620877_ID--



From mail@volker-gaibler.de  Sat Mar  9 00:55:01 2002
From: mail@volker-gaibler.de (Volker Gaibler)
Date: Sat Mar  9 00:55:01 2002
Subject: PGP 7.0.3 refuses to encrypt with my key
Message-ID: <3C895CDB.29494.1A1E86@localhost>

Hi,

I tried to encrypt some message with PGPfreeware 7.0.3 with my GnuPG 1.0.6-
created key, but PGP could not encrypt the message with my key: "An error has 
occured: key can't be used for encryption".

I read in the FAQ about problems with older versions that refused to encrypt 
with ElGamal type-20 keys. But mine is a type-16 key, so this should be a 
different problem. Signing with PGP works and is also no problem with GPG.
What can I do?  Thanks.

Volker


-----------------------------------------------------------------------
 Volker Gaibler                                 contact: 
 http://www.volker-gaibler.de                   mail@volker-gaibler.de
-----------------------------------------------------------------------


From Graham.K.Jenkins@team.telstra.com  Sat Mar  9 01:59:02 2002
From: Graham.K.Jenkins@team.telstra.com (Jenkins, Graham K [IBM GSA])
Date: Sat Mar  9 01:59:02 2002
Subject: Problem with Perl Call
Message-ID: <61411576E951D211AF330008C7245DD90818E822@ntmsg0005.corpmail.telstra.com.au>

My example oversimplified things a bit. My program
is actually meant to feed printer files via email
to a remote printer (in parts if necessary). So it
really needs a separate program like you suggest to
prepend the passphrase.

I am actually doing it this way now - building and
invoking a separate perl program on the fly - and
it is working very well.  But it seems a bit kludgey.
So I thought "There has to be a better way .." 

Perhaps there isn't!

Thanks for your help.

G.

-----Original Message-----
From: Bart Martens
To: Jenkins, Graham K [IBM GSA]
Cc: 'gnupg-users@gnupg.org'
Sent: 3/8/02 11:34 PM
Subject: Re: Problem with Perl Call

On Fri, Mar 08, 2002 at 12:47:26PM +1100, Jenkins, Graham K [IBM GSA]
wrote:
> Guys, I have been trying to feed a passphrase into
> gpg 1.0.6 (on NetBSD, Solaris and Win32) platforms)
> using a variation of a script suggested in some of the
> pgp documentation.  Here's what I tried.  If somebody
> can tell me why it doesn't work, I'd be Real Pleased ..
> --
> #!/usr/local/bin/perl
> pipe(READER,WRITER);
> if (!fork) {
> 	close(WRITER);
> 	$^F=fileno(READER);
> 	$FilDes=fileno(READER);
> 	exec "gpg -as --passphrase-fd $FilDes </etc/passwd >/tmp/outZ"
or
> 	die "can't exec gpg\n";
> }
> close(READER);
> syswrite(WRITER, "secret1\n", 8);
> close(WRITER);
> wait
> --

You may want to try something like this:

 open FILE, "|gpg --batch --no-tty --passphrase-fd 0 --armor --symmetric
2>> $stderr > $stdout" or die "Cannot gpg";
 print FILE "passphrase\n";
 print FILE "text to be encrypted\n";
 close FILE;



From hironobu@h2np.net  Sat Mar  9 02:01:01 2002
From: hironobu@h2np.net (Hironobu SUZUKI)
Date: Sat Mar  9 02:01:01 2002
Subject: duplicate keyid survey results
In-Reply-To: Your message of "Mon, 04 Mar 2002 11:01:44 +0900."
 <200203040201.LAA16029@blue.h2np.net>
Message-ID: <200203090059.JAA29473@blue.h2np.net>

Len Sassamann:

1) The thing that comes to mind immediately for me is that you should
allow for a 64-bit key-ID search.

2) The public key servers should do little more than accept, store,
and report data that it contains. Preventing the display of keys with
duplicate IDs steps over that line a bit too much for me.


David Shaw:

3) If a duplicated keyid is requested from the current HKP and NAI
LDAP keyservers, *all* matching keys are returned.  This is the
correct behavior, as it lets the receiving program and the user decide
which (if any) of the returned keys is the right one.

---

1) 64-bit KeyID will be supported. It's easy and no problem in server. 
But I'm wondering how PGP/GPG user know their own 64-bit KeyID.

2) HKP protocol based HTTP/1.0 is not define the waring status for the
found duplicate key. We should define some specifications for
duplicate keys.  This specification is not only problem of public key
server(s) but also problem of OpenPGP client(s) a.k.a PGP and GPG.

3) I think "all matching keys are returned" solution is not a perfect
idea. But I can support it easly for my public key server.  I'd like
to know how about this solution for PGP or GPG.

-- 
Hironobu SUZUKI
E-Mail: hironobu@h2np.net
URL: http://h2np.net


From dshaw@jabberwocky.com  Sat Mar  9 04:24:01 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Sat Mar  9 04:24:01 2002
Subject: duplicate keyid survey results
In-Reply-To: <200203090059.JAA29473@blue.h2np.net>
References: <200203040201.LAA16029@blue.h2np.net> <200203090059.JAA29473@blue.h2np.net>
Message-ID: <20020309032144.GB1023@akamai.com>

On Sat, Mar 09, 2002 at 09:59:12AM +0900, Hironobu SUZUKI wrote:
> 
> Len Sassamann:
> 
> 1) The thing that comes to mind immediately for me is that you should
> allow for a 64-bit key-ID search.
> 
> 2) The public key servers should do little more than accept, store,
> and report data that it contains. Preventing the display of keys with
> duplicate IDs steps over that line a bit too much for me.
> 
> 
> David Shaw:
> 
> 3) If a duplicated keyid is requested from the current HKP and NAI
> LDAP keyservers, *all* matching keys are returned.  This is the
> correct behavior, as it lets the receiving program and the user decide
> which (if any) of the returned keys is the right one.
> 
> ---
> 
> 1) 64-bit KeyID will be supported. It's easy and no problem in server. 
> But I'm wondering how PGP/GPG user know their own 64-bit KeyID.

GPG uses 64-bit keyids internally, so even though most people don't
know their own 64-bit keyid, when someone does a --refresh-keys
command or a key is retrieved automatically because of the
--auto-key-retrieve option the 64-bit keyid can be used.

Even so, the user can see their 64-bit keyid by adding the
"--with-colons" option to the usual --list-keys or --list-sigs

I'd even like to be able to search by fingerprint.  The way I see it,
since the 32-bit keyid is just the lowest 32 bits of the fingerprint,
and the 64-bit keyid is just the lowest 64 bits of the fingerprint,
the keyserver must calculate the fingerprint no matter what.  Since
it's already calculated, it would be nice to use it.

> 2) HKP protocol based HTTP/1.0 is not define the waring status for the
> found duplicate key. We should define some specifications for
> duplicate keys.  This specification is not only problem of public key
> server(s) but also problem of OpenPGP client(s) a.k.a PGP and GPG.
> 
> 3) I think "all matching keys are returned" solution is not a perfect
> idea. But I can support it easly for my public key server.  I'd like
> to know how about this solution for PGP or GPG.

If you don't think this is the right way to go, what do you suggest as
an alternative?  I think a warning is fine, but not returning one of
the keys leaves the keyserver open for a denial of service attack.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From rabbi@quickie.net  Sat Mar  9 04:28:02 2002
From: rabbi@quickie.net (Len Sassaman)
Date: Sat Mar  9 04:28:02 2002
Subject: duplicate keyid survey results
In-Reply-To: <20020309032144.GB1023@akamai.com>
Message-ID: <Pine.LNX.4.30.QNWS.0203081923560.24616-100000@thetis.deor.org>

On Fri, 8 Mar 2002, David Shaw wrote:


> I'd even like to be able to search by fingerprint.  The way I see it,
> since the 32-bit keyid is just the lowest 32 bits of the fingerprint,
> and the 64-bit keyid is just the lowest 64 bits of the fingerprint,
> the keyserver must calculate the fingerprint no matter what.  Since
> it's already calculated, it would be nice to use it.

Yes, this is a good idea.

> > 3) I think "all matching keys are returned" solution is not a perfect
> > idea. But I can support it easly for my public key server.  I'd like
> > to know how about this solution for PGP or GPG.
>
> If you don't think this is the right way to go, what do you suggest as
> an alternative?  I think a warning is fine, but not returning one of
> the keys leaves the keyserver open for a denial of service attack.

Agreed -- a warning is warranted, but the key server software shouldn't be
deciding not to report keys simply because they share key-ids with other
keys.


--Len.











From hironobu@h2np.net  Sat Mar  9 05:05:01 2002
From: hironobu@h2np.net (Hironobu SUZUKI)
Date: Sat Mar  9 05:05:01 2002
Subject: duplicate keyid survey results
In-Reply-To: Your message of "Fri, 08 Mar 2002 22:21:44 EST."
 <20020309032144.GB1023@akamai.com>
Message-ID: <200203090403.NAA29653@blue.h2np.net>

> Even so, the user can see their 64-bit keyid by adding the
> "--with-colons" option to the usual --list-keys or --list-sigs

Thanks!

> If you don't think this is the right way to go, what do you suggest
> as an alternative?  I think a warning is fine, but not returning one
> of the keys leaves the keyserver open for a denial of service
> attack.

I'd like to return only "Found duplicate keys" status to client. If
keyserver returns all of duplicate key contents to client, it can be
used another DoS attack.

Then, user can select two thing which are retrieve by 64-bit keyid or
via Web interface.

User may access an exact key via Web interface with database OID
number (this numbers are not appeared to user) to check key contents
and get it by their own risk.

Fyi: http://openpksd.org prepare Kaz's "pgpdump" interface to see
internal of key contents. 

Regards


-- 
Hironobu SUZUKI
E-Mail: hironobu@h2np.net
URL: http://h2np.net


From dshaw@jabberwocky.com  Sat Mar  9 05:19:02 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Sat Mar  9 05:19:02 2002
Subject: duplicate keyid survey results
In-Reply-To: <200203090403.NAA29653@blue.h2np.net>
References: <20020309032144.GB1023@akamai.com> <200203090403.NAA29653@blue.h2np.net>
Message-ID: <20020309041522.GD1023@akamai.com>

On Sat, Mar 09, 2002 at 01:03:03PM +0900, Hironobu SUZUKI wrote:
> 
> > Even so, the user can see their 64-bit keyid by adding the
> > "--with-colons" option to the usual --list-keys or --list-sigs
> 
> Thanks!
> 
> > If you don't think this is the right way to go, what do you suggest
> > as an alternative?  I think a warning is fine, but not returning one
> > of the keys leaves the keyserver open for a denial of service
> > attack.
> 
> I'd like to return only "Found duplicate keys" status to client. If
> keyserver returns all of duplicate key contents to client, it can be
> used another DoS attack.

How?

The user does not know if any key from a keyserver is valid or not.
Even if an attacker creates hundreds of duplicate keys, it does not
matter since the signatures are what is used to check if the key is
valid.

> Then, user can select two thing which are retrieve by 64-bit keyid or
> via Web interface.
> 
> User may access an exact key via Web interface with database OID
> number (this numbers are not appeared to user) to check key contents
> and get it by their own risk.

It is easy to make even a duplicate 64-bit keyid.  If the keyserver
makes the user go through many extra steps to get a key if there is a
duplicate keyid, then that is a (mild) denial of service as well.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From rabbi@quickie.net  Sat Mar  9 06:26:02 2002
From: rabbi@quickie.net (Len Sassaman)
Date: Sat Mar  9 06:26:02 2002
Subject: duplicate keyid survey results
In-Reply-To: <20020309041522.GD1023@akamai.com>
Message-ID: <Pine.LNX.4.30.QNWS.0203082120570.28532-100000@thetis.deor.org>

On Fri, 8 Mar 2002, David Shaw wrote:

> > I'd like to return only "Found duplicate keys" status to client. If
> > keyserver returns all of duplicate key contents to client, it can be
> > used another DoS attack.
>
> How?
>
> The user does not know if any key from a keyserver is valid or not.
> Even if an attacker creates hundreds of duplicate keys, it does not
> matter since the signatures are what is used to check if the key is
> valid.

Exactly. (I hate to keep harping on this, but...) Key servers should be
storage devices. Let the user figure out if the key should be trusted or
not.

> It is easy to make even a duplicate 64-bit keyid.  If the keyserver
> makes the user go through many extra steps to get a key if there is a
> duplicate keyid, then that is a (mild) denial of service as well.

Agreed. We shouldn't make this harder than it has to be for the user.

I do like the idea of warning the user that multiple keys were returned,
though -- but the more I think about it, the more I think that that
warning should occur client-side.


--Len.




From hironobu@h2np.net  Sat Mar  9 07:42:01 2002
From: hironobu@h2np.net (Hironobu SUZUKI)
Date: Sat Mar  9 07:42:01 2002
Subject: duplicate keyid survey results
In-Reply-To: Your message of "Fri, 08 Mar 2002 23:15:22 EST."
 <20020309041522.GD1023@akamai.com>
Message-ID: <200203090639.PAA29914@blue.h2np.net>

> It is easy to make even a duplicate 64-bit keyid. 

 Step 0: If you use 32bit keyid, move Step 1. If 64bit keyid, move 
	 Step 2.

 Step 1: If you try to get a key by 32bit keyid but found duplicate keys,
	 move Step 2 or Step 3 which you wish.

 Step 2: If you try to get a key by 64bit keyid but found duplicate
         keys, move Step 3 or Step 4 which you wish.

         If 32bit duplicate keyid was generated by accidentally, 
	 64bit keyid searching will help most of them. 

 Step 3: Use Web interface and check a list of keyids combined
         fingerprints. Select one key and database will return actual
         key (using database OID). Users must be patients. So, some
         people like me move to Step 4.

 Step 4: Ask an actual public key for the key owner or get an public
         key from owner's web page.

> then that is a (mild) denial of service as well.

Yes, I know it. Please remember that the concept of "Web of Trust"
doesn't need any keyserver nor certificate authority. "No keyserver"
is default.

-- 
Hironobu SUZUKI
E-Mail: hironobu@h2np.net
URL: http://h2np.net



From dhlee@flynara.co.kr  Sat Mar  9 08:58:02 2002
From: dhlee@flynara.co.kr ()
Date: Sat Mar  9 08:58:02 2002
Subject:   ִϸ̼ Ʈ(.)
Message-ID: <E16jbqC-0008Hc-00@porta.u64.de>

<HTML>
<HEAD>
<META content="text/html; charset=ks_c_5601-1987" http-equiv=Content-Type>
<STYLE> p, font, span { line-height:120%; margin-top:0; margin-bottom:0; }</STYLE>
</HEAD><BODY>
<DIV><BR>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<TABLE border=0 cellPadding=0 cellSpacing=0 width=615>
  
  <TR>
    <TD>
      <TABLE align=center border=0 cellPadding=0 cellSpacing=0 width=595 
      >
        
        <TR>
          <TD><IMG height=140 
            src="http://www.zinenara.com/email/images/ani1.jpg" width=595 
            ></TD></TR>
        <TR>
          <TD>&nbsp;</TD></TR>
        <TR>
          <TD><IMG align=right border=0 height=44 
            src="http://www.zinenara.com/email/images/gongu_10.gif" useMap=#Map 
            width=495> <MAP name=Map 
              ><AREA coords=241,7,355,28 
              href="http://www.zinenara.com/shopmall/index.asp" shape=RECT 
              ><AREA coords=364,7,480,28 
              href="http://shop.zinenara.com/joint_buy/sub_product.jsp?p_no=2108&amp;rquantity=50" 
              shape=RECT></MAP></TD></TR></TABLE></TD></TR>
  <TR>
    <TD>&nbsp;</TD></TR>
  <TR>
    <TD>
      <TABLE align=center border=0 cellPadding=0 cellSpacing=0 width=595 
      >
        
        <TR>
          <TD>
            <P> ִϸ̼ SETԴϴ.<BR> 
             ȭ Ͽ  ִϸ̼ Ͽϴ.<BR> ݺ 
             нȿ پϴ.<BR>ϱ ư  ϼ.</P>
            <P> ǰ:  ִϸ̼ Ʈ<BR> 
            : 10 CASE / CD 10 + Audio Tape 5<BR><BR 
            ><FONT color=#008080><B 
            > CD ɼ</B></FONT></P>
            <TABLE border=0 cellPadding=0 cellSpacing=0 width=595 
            >
              
              <TR>
                <TD>
                  <DIV align=center><EMBED height=330 
                  src=http://211.193.30.169/pds/CCFE.wmv type=video/x-ms-wmv 
                  width=360> 
            </EMBED></DIV></TD></TR></TABLE>
            <DIV align=center><FONT color=#ff0000 
            ><B><BR 
            >Ư ʽ~!</B></FONT><BR><B>
Audio Tape 5
</B> 帳ϴ
<BR>
<BR >  </DIV><TABLE bgColor=#33cc00 border=0 cellPadding=0 cellSpacing=0 
            height=19 width=595>
              
              <TR>
                <TD bgColor=#0099ff>
                  <DIV align=center><B 
                  ></B></DIV></TD></TR>
</TABLE>
            <P>
            <TABLE align=center border=1 borderColor=#000000 cellPadding=0 
            cellSpacing=0 width=550>
              
              <TR>
                <TD width=138>
                  <DIV align=center><FONT size=2 
                  ><IMG border=0 height=180 
                  src="http://www.zinenara.com/email/images/queen.jpg" width=125 
                  ></FONT></DIV></TD>
                <TD width=17>
                  <DIV align=center><FONT size=2 
                  ><BR><BR 
                  ><BR 
                ></FONT></DIV></TD>
                <TD width=193>
                  <TABLE align=center border=0 cellPadding=0 cellSpacing=0 
                  width=175>
                    
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/queen1.jpg" 
                        width=175></TD></TR>
                    <TR>
                      <TD>&nbsp;</TD></TR>
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/queen2.jpg" 
                        width=175></TD></TR></TABLE></TD>
                <TD width=192>
                  <TABLE align=center border=0 cellPadding=0 cellSpacing=0 
                  width=177>
                    
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/queen3.jpg" 
                        width=175></TD></TR>
                    <TR>
                      <TD>&nbsp;</TD></TR>
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/queen4.jpg" 
                        width=175></TD></TR></TABLE></TD></TR>
              <TR>
                <TD colSpan=4>
                  <DIV align=center><FONT size=2 
                  >ξִ ڸ   Ҹ ٸ ٲ۴.<BR 
                  > ξ  ̷ ? <BR 
                  ></FONT></DIV></TD>
              <TR>
                <TD width=138>
                  <DIV align=center><FONT size=2 
                  ><IMG border=0 height=180 
                  src="http://www.zinenara.com/email/images/henjel.jpg" 
                  width=125></FONT></DIV></TD>
                <TD width=17>
                  <DIV align=center><FONT size=2 
                  ><BR><BR 
                  ><BR><BR 
                  ><BR><BR 
                  ></FONT></DIV></TD>
                <TD width=193>
                  <TABLE align=center border=0 cellPadding=0 cellSpacing=0 
                  width=175>
                    
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/henjel1.jpg" 
                        width=175></TD></TR>
                    <TR>
                      <TD>&nbsp;</TD></TR>
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/henjel2.jpg" 
                        width=175></TD></TR></TABLE></TD>
                <TD width=192>
                  <TABLE align=center border=0 cellPadding=0 cellSpacing=0 
                  width=175>
                    
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/henjel3.jpg" 
                        width=175></TD></TR>
                    <TR>
                      <TD>&nbsp;</TD></TR>
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/henjel4.jpg" 
                        width=175></TD></TR></TABLE></TD></TR>
              <TR>
                <TD colSpan=4>
                  <DIV align=center><FONT size=2 
                  > ׷,  տ  ƹ  ӿ ..<BR 
                  >׵ ãư   ִ ڷ  ź ̾µ,,, 
                  <BR></FONT></DIV></TD></TR>
              <TR>
                <TD width=138>
                  <DIV align=center><FONT size=2 
                  ><IMG border=0 height=180 
                  src="http://www.zinenara.com/email/images/ysop.jpg" width=125 
                  ></FONT></DIV></TD>
                <TD width=17>
                  <DIV align=center><FONT size=2 
                  ><BR><BR 
                  ><BR><BR 
                  ><BR 
                ></FONT></DIV></TD>
                <TD width=193>
                  <TABLE align=center border=0 cellPadding=0 cellSpacing=0 
                  width=175>
                    
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/ysop1.jpg" 
                        width=175></TD></TR>
                    <TR>
                      <TD>&nbsp;</TD></TR>
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/ysop2.jpg" 
                        width=175></TD></TR></TABLE></TD>
                <TD width=192>
                  <TABLE align=center border=0 cellPadding=0 cellSpacing=0 
                  width=175>
                    
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/ysop3.jpg" 
                        width=175></TD></TR>
                    <TR>
                      <TD>&nbsp;</TD></TR>
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/ysop4.jpg" 
                        width=175></TD></TR></TABLE></TD></TR>
              <TR>
                <TD colSpan=4>
                  <DIV align=center><FONT size=2 
                  >  ִ ̼̾߱.<BR 
                  >̹   ? <BR 
                  ></FONT></DIV></TD></TR>
              <TR>
                <TD width=138>
                  <DIV align=center><FONT size=2 
                  ><IMG border=0 height=180 
                  src="http://www.zinenara.com/email/images/pig.jpg" width=125 
                  ></FONT></DIV></TD>
                <TD width=17>
                  <DIV align=center><FONT size=2 
                  ><BR><BR 
                  ><BR><BR 
                  ><BR><BR 
                  ><BR 
                ></FONT></DIV></TD>
                <TD width=193>
                  <TABLE align=center border=0 cellPadding=0 cellSpacing=0 
                  width=175>
                    
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/pig1.jpg" 
                        width=175></TD></TR>
                    <TR>
                      <TD>&nbsp;</TD></TR>
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/pig2.jpg" 
                        width=175></TD></TR></TABLE></TD>
                <TD width=192>
                  <TABLE align=center border=0 cellPadding=0 cellSpacing=0 
                  width=175>
                    
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/pig3.jpg" 
                        width=175></TD></TR>
                    <TR>
                      <TD>&nbsp;</TD></TR>
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/pig4.jpg" 
                        width=175></TD></TR></TABLE></TD></TR>
              <TR>
                <TD colSpan=4>
                  <DIV align=center><FONT size=2 
                  > Ʊ    پ   µ..<BR 
                  >!  밡  ãƿԳ? <BR 
                  ></FONT></DIV></TD></TR>
              <TR>
                <TD width=138>
                  <DIV align=center><FONT size=2 
                  ><IMG border=0 height=180 
                  src="http://www.zinenara.com/email/images/duck.jpg" width=125 
                  ></FONT></DIV></TD>
                <TD width=17>
                  <DIV align=center><FONT size=2 
                  ><BR><BR 
                  ><BR><BR 
                  ><BR><BR 
                  ></FONT></DIV></TD>
                <TD width=193>
                  <TABLE align=center border=0 cellPadding=0 cellSpacing=0 
                  width=175>
                    
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/duck1.jpg" 
                        width=175></TD></TR>
                    <TR>
                      <TD>&nbsp;</TD></TR>
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/duck2.jpg" 
                        width=175></TD></TR></TABLE></TD>
                <TD width=192>
                  <TABLE align=center border=0 cellPadding=0 cellSpacing=0 
                  width=175>
                    
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/duck3.jpg" 
                        width=175></TD></TR>
                    <TR>
                      <TD>&nbsp;</TD></TR>
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/duck4.jpg" 
                        width=175></TD></TR></TABLE></TD></TR>
              <TR>
                <TD colSpan=4>
                  <DIV align=center><FONT size=2 
                  >    ϴ ̿.<BR 
                  > ̿ ¥ ,,, <BR 
                  ></FONT></DIV></TD></TR>
              <TR>
                <TD width=138>
                  <DIV align=center><FONT size=2 
                  ><IMG border=0 height=180 
                  src="http://www.zinenara.com/email/images/travle.jpg" 
                  width=125></FONT></DIV></TD>
                <TD width=17>
                  <DIV align=center><FONT size=2 
                  ><BR><BR 
                  ><BR><BR 
                  ><BR><BR 
                  ></FONT></DIV></TD>
                <TD width=193>
                  <TABLE align=center border=0 cellPadding=0 cellSpacing=0 
                  width=175>
                    
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/travle1.jpg" 
                        width=175></TD></TR>
                    <TR>
                      <TD>&nbsp;</TD></TR>
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/travle2.jpg" 
                        width=175></TD></TR></TABLE></TD>
                <TD width=192>
                  <TABLE align=center border=0 cellPadding=0 cellSpacing=0 
                  width=175>
                    
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/travle3.jpg" 
                        width=175></TD></TR>
                    <TR>
                      <TD>&nbsp;</TD></TR>
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/travle4.jpg" 
                        width=175></TD></TR></TABLE></TD></TR>
              <TR>
                <TD colSpan=4>
                  <DIV align=center><FONT size=2 
                  >ɸ       α.<BR 
                  > ? <BR 
                  ></FONT></DIV></TD></TR>
              <TR>
                <TD width=138>
                  <DIV align=center><FONT size=2 
                  ><IMG border=0 height=180 
                  src="http://www.zinenara.com/email/images/lamp.jpg" width=125 
                  ></FONT></DIV></TD>
                <TD width=17>
                  <DIV align=center><FONT size=2 
                  ><BR><BR 
                  ><BR><BR 
                  ><BR><BR 
                  ><BR><BR 
                  ></FONT></DIV></TD>
                <TD width=193>
                  <TABLE align=center border=0 cellPadding=0 cellSpacing=0 
                  width=175>
                    
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/lamp1.jpg" 
                        width=175></TD></TR>
                    <TR>
                      <TD>&nbsp;</TD></TR>
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/lamp2.jpg" 
                        width=175></TD></TR></TABLE></TD>
                <TD width=192>
                  <TABLE align=center border=0 cellPadding=0 cellSpacing=0 
                  width=175>
                    
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/lamp3.jpg" 
                        width=175></TD></TR>
                    <TR>
                      <TD>&nbsp;</TD></TR>
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/lamp4.jpg" 
                        width=175></TD></TR></TABLE></TD></TR>
              <TR>
                <TD colSpan=4>
                  <DIV align=center><FONT size=2 
                  > ҳ ˶ 쿬 ȸ<BR 
                  >ź   Ǵµ,,, <BR 
                  ></FONT></DIV></TD></TR>
              <TR>
                <TD width=138>
                  <DIV align=center><FONT size=2 
                  ><IMG border=0 height=180 
                  src="http://www.zinenara.com/email/images/cap.jpg" width=125 
                  ></FONT></DIV></TD>
                <TD width=17>
                  <DIV align=center><FONT size=2 
                  ><BR><BR 
                  ><BR 
                ></FONT></DIV></TD>
                <TD width=193>
                  <TABLE align=center border=0 cellPadding=0 cellSpacing=0 
                  width=175>
                    
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/cap1.jpg" 
                        width=175></TD></TR>
                    <TR>
                      <TD>&nbsp;</TD></TR>
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/cap2.jpg" 
                        width=175></TD></TR></TABLE></TD>
                <TD width=192>
                  <TABLE align=center border=0 cellPadding=0 cellSpacing=0 
                  width=175>
                    
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/cap3.jpg" 
                        width=175></TD></TR>
                    <TR>
                      <TD>&nbsp;</TD></TR>
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/cap4.jpg" 
                        width=175></TD></TR></TABLE></TD></TR>
              <TR>
                <TD colSpan=4>
                  <DIV align=center><FONT size=2 
                  >ҸӴϸ ãư Ϳ  Ʊ.<BR 
                  > ù 밡,,,<BR 
                  ></FONT></DIV></TD></TR>
              <TR>
                <TD width=138>
                  <DIV align=center><FONT size=2 
                  ><IMG border=0 height=180 
                  src="http://www.zinenara.com/email/images/jack.jpg" width=125 
                  ></FONT></DIV></TD>
                <TD width=17>
                  <DIV align=center><FONT size=2 
                  ><BR><BR 
                  ><BR><BR 
                  ><BR 
                ></FONT></DIV></TD>
                <TD width=193>
                  <TABLE align=center border=0 cellPadding=0 cellSpacing=0 
                  width=175>
                    
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/jack1.jpg" 
                        width=175></TD></TR>
                    <TR>
                      <TD>&nbsp;</TD></TR>
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/jack2.jpg" 
                        width=175></TD></TR></TABLE></TD>
                <TD width=192>
                  <TABLE align=center border=0 cellPadding=0 cellSpacing=0 
                  width=175>
                    
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/jack3.jpg" 
                        width=175></TD></TR>
                    <TR>
                      <TD>&nbsp;</TD></TR>
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/jack4.jpg" 
                        width=175></TD></TR></TABLE></TD></TR>
              <TR>
                <TD colSpan=4>
                  <DIV align=center><FONT size=2 
                  >ϴñ ڶ ٱ⸦ Ÿ ö<BR 
                  >밨 ҳ  !<BR 
                  ></FONT></DIV></TD></TR>
              <TR>
                <TD width=138>
                  <DIV align=center><FONT size=2 
                  ><IMG border=0 height=180 
                  src="http://www.zinenara.com/email/images/snow.jpg" width=125 
                  ></FONT></DIV></TD>
                <TD width=17>
                  <DIV align=center><FONT size=2 
                  ><BR><BR 
                  ><BR><BR 
                  ></FONT></DIV></TD>
                <TD width=193>
                  <TABLE align=center border=0 cellPadding=0 cellSpacing=0 
                  width=175>
                    
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/snow1.jpg" 
                        width=175></TD></TR>
                    <TR>
                      <TD>&nbsp;</TD></TR>
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/snow2.jpg" 
                        width=175></TD></TR></TABLE></TD>
                <TD width=192>
                  <TABLE align=center border=0 cellPadding=0 cellSpacing=0 
                  width=175>
                    
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/snow3.jpg" 
                        width=175></TD></TR>
                    <TR>
                      <TD>&nbsp;</TD></TR>
                    <TR>
                      <TD><IMG border=1 height=90 
                        src="http://www.zinenara.com/email/images/snow4.jpg" 
                        width=175></TD></TR></TABLE></TD></TR>
              <TR>
                <TD colSpan=4>
                  <DIV align=center><FONT size=2 
                  >𿡰 Ѱܳ 鼳ִ ϰ̿ Բ<BR 
                  >ԵǴµ,, </FONT></DIV></TD></TR></TABLE>
            <P><FONT color=#008080><B 
            >  ִϸ̼ 5ܰ н</B></FONT></P>
            <P><FONT size=2>[ 1 ܰ ] 
            <BR>켱 ȭ ó  Ͻʽÿ. <BR 
            > н  Hearing ݺϴ Դϴ.<BR 
            >ѱ/ / ѿ/ ڸ  н Ƿ¿ °  մϴ. 
            <BR><BR>[ 2 ܰ ] <BR 
            >1ܰ迡 ̹ ڽŵ 𸣰 ֿܾ,  Ǿ ֽϴ.<BR 
            >300 ܾ ϵ ũ ڻ ̿Ͽ,  ȿ Ǽ ֽϴ. 
            <BR><BR>[ 3 ܰ ] <BR 
            >2ܰ迡  ܾ ȰϿ  Ͻʽÿ.<BR 
            >ϱ  ̿Ͽ پ ȸȭ ϽǼ ֽϴ. <BR 
            ><BR>[ 4 ܰ ] <BR 
            >⿡ ͼ   ̾ ܶ մϴ.<BR 
            > ݺ  ̿Ͽ ݺ ν ȸȭ ڽŰ  ˴ϴ. <BR 
            ><BR>[ 5 ܰ ] <BR 
            > ܰ ġ   Ƿ ޾ƾ  Ͽ   <BR 
            >ϴ. ʱ, ߱, , 3ܰ ̵ Ͽ ܰ躰 Ƿ ׽Ʈ 
            մϴ. </FONT></P>
            <P>&nbsp;</P>
            <P><FONT color=#008080><B 
            > ִϸ̼ ȿ н</B></FONT></P>
            <P>&lt;ȿ  ι &gt; </P>
            <P><FONT size=2>[ 1ܰ : 
            ν ܰ ] <BR><BR>  
            鼭 ͷ ⸸ ϰ մϴ.<BR>ϳ ϳ  ٿ ǵ  
             ݴϴ.<BR> ĥ ׸̳   ؾ ϸ 
            ̴ ׸() <BR>νϴµ ξȿԴϴ. <BR 
            ><BR>[2ܰ : ̹  ܰ ] <BR 
            > ׸å̳ ȭ  ̹  ϰ մϴ.<BR 
            >̴ܰ迡    ϰ Ǵ ̹  ߴϰ Ǵµ <BR 
            >ϰ  ܾ ̹ Բ  ˴ϴ. <BR 
            ><BR>[3ܰ :  ܰ ] <BR 
            > ϰ մϴ.<BR> ܰ 
              ù ܰ ־ ܾ ̿ ª  <BR> ۾ 
            ϰ ˴ϴ. ⼭   ݺ  ˴ϴ. <BR><BR 
            >[4ܰ : ν ܰ ] <BR> 
              ϰ ˴ϴ.<BR>  ϰ ȭ ϰԵǸ  
            ϴ ȸ  ˴ϴ.<BR>ݺ   ٸ ϰ , 
            ϴ   Ȯϰ  <BR>ϰ ˴ϴ. </FONT><BR 
            ></P></TD></TR></TABLE></TD></TR>
  <TR>
    <TD><IMG align=right border=0 height=44 
      src="http://www.zinenara.com/email/images/gongu_10.gif" useMap=#Map 
      width=495> <MAP name=Map><AREA 
        coords=241,7,355,28 href="http://www.zinenara.com/shopmall/index.asp" 
        shape=RECT><AREA coords=364,7,480,28 
        href="http://shop.zinenara.com/joint_buy/sub_product.jsp?p_no=2108&amp;rquantity=50" 
        shape=RECT></MAP></TD></TR>
  <TR>
    <TD>&nbsp;</TD></TR>
  <TR>
    <TD>
      <TABLE align=center border=0 cellPadding=0 cellSpacing=0 width=595 
      >
        
        <TR>
          <TD bgColor=#3c7ebf>
            <DIV align=center><FONT color=#ffffff size=2 
            ><BR>̻ ǰ  ޾ƺ  
            ø <A href="mailto:dhlee@flynara.co.kr" ><FONT color=#ffff00 
            >[Űź]</FONT></A> ֽʽÿ.<BR 
            >ǰ䳪 Ʈ ̿뿡 ־ ̳ Ҹ,  ø <BR 
            ><A href="mailto:koyotai@flynara.co.kr" ><FONT color=#ffff00 
            >koyotai@flynara.co.kr</FONT></A><FONT 
            color=#ffff00> </FONT> ּ.  ǰ  
            ϰڽϴ.</FONT></DIV><BR 
  ></TD></TR></TABLE></TD></TR></TABLE>
</BODY>
</HTML>


From sunny@sunbase.org  Sat Mar  9 10:25:01 2002
From: sunny@sunbase.org (Oyvind A. Holm)
Date: Sat Mar  9 10:25:01 2002
Subject: duplicate keyid survey results
In-Reply-To: <200203090403.NAA29653@blue.h2np.net>
Message-ID: <Pine.LNX.4.40.0203091000230.13566-100000@sunba>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2002-03-09 13:03 Hironobu SUZUKI wrote:
> David Shaw <dshaw@jabberwocky.com> wrote:
> > If you don't think this is the right way to go, what do you suggest
> > as an alternative? I think a warning is fine, but not returning one
> > of the keys leaves the keyserver open for a denial of service
> > attack.
>
> I'd like to return only "Found duplicate keys" status to client. If
> keyserver returns all of duplicate key contents to client, it can be
> used another DoS attack.

Not if the server displays a terse list of all the keys from which the
user can choose the desired key. Additionally there could be some cron
jobs running on the server once a week or something that searches for
duplicated fake keys and reports to the maintainer. But then we have
the "problem" of getting the same key back again when some of the other
key servers reinstall the key. If we were to get rid of obvious faked
keys, they should be disabled on the server, but I doubt this a big
enough problem to make any special arrangements for it.

IMHO the danger of DoS attacks due to duplicate 32-bits keyIDs is not
very big. If there were lots of keys showing up as duplicates, there
would not be a significant amount of resources needed from the server.
Waste of bandwith, yes, but I don't think it would result in a DoS
situation. But then, I have no clue of the inner workings of the server
software, so please correct me if I'm wrong. :-)

I think the option of specifying the fingerprint is a good idea. Not
necessarily the whole bunch of bits, just enough to make it unique.

Regards,
=D8yvind

+=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+
| OpenPGP: 0x629022EB 2002-02-24 =D8yvind A. Holm <sunny@sunbase.org> |
| Fingerprint: DBE9 8D44 67F7 42AC 2CA1  7651 724E 9D53 6290 22EB   |
+=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Why, Micro=
soft=AE, WHY??? =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D+

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)

iD8DBQE8idQzck6dU2KQIusRAuH2AJ9Z4DVp4nV+42qLV2N1HUWHUuvGBQCfRmnW
qlKLx5woi3RiG6rc9TYiefo=3D
=3DrZ3E
-----END PGP SIGNATURE-----



From sunny@sunbase.org  Sat Mar  9 11:15:01 2002
From: sunny@sunbase.org (Oyvind A. Holm)
Date: Sat Mar  9 11:15:01 2002
Subject: duplicate keyid survey results
In-Reply-To: <20020309041522.GD1023@akamai.com>
Message-ID: <Pine.LNX.4.40.0203091023400.13566-100000@sunba>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2002-03-08 23:15 David Shaw wrote:
> On Sat, Mar 09, 2002 at 01:03:03PM +0900, Hironobu SUZUKI wrote:
> > I'd like to return only "Found duplicate keys" status to client. If
> > keyserver returns all of duplicate key contents to client, it can
> > be used another DoS attack.
>
> How?
>
> The user does not know if any key from a keyserver is valid or not.
> Even if an attacker creates hundreds of duplicate keys, it does not
> matter since the signatures are what is used to check if the key is
> valid.

This is where the fingerprint comes to use. To ensure you have the key
belonging to the actual user, there has to be some additional
communication to verify that it's not someone who has generated a key
with a false name on it. Even if a false key is used, the only problem
is that the receiver can't read the encrypted message. (I take it for
granted that the sender knows the receivers actual email address.) This
could lead to a mess and could be a problem. I don't know of any
methods to avoid this problem, except spreading your fingerprint
actively to make it easier for other people to verify the authenticity
of the key. The keys from a keyserver is genuine 99% of the time, but
there is always a chance someone has made his own key with the same
name on it.

> > Then, user can select two thing which are retrieve by 64-bit keyid
> > or via Web interface.
> >
> > User may access an exact key via Web interface with database OID
> > number (this numbers are not appeared to user) to check key
> > contents and get it by their own risk.
>
> It is easy to make even a duplicate 64-bit keyid.

Shouldn't the internal CRC routines help avoiding this? I doubt it
would be an easy task to duplicate the 64-bit key _and_ satisfy the
SHA1 checksum.

> If the keyserver makes the user go through many extra steps to get a
> key if there is a duplicate keyid, then that is a (mild) denial of
> service as well.

Not much of extra steps needed here, just a list of all the keys to
choose from. One extra step.

Another thing is when GPG itself gets the key from a server, for
example when verifying a signed text and you don't have the actual key
from before. Will GPG then use the 32-bit keyID to get the key from the
server?

Greetings from Norway,
=D8yvind

#####################################################################
# OpenPGP: 0x629022EB 2002-02-24 =D8yvind A. Holm <sunny@sunbase.org> #
# Fingerprint: DBE9 8D44 67F7 42AC 2CA1  7651 724E 9D53 6290 22EB   #
################### &#x262E;, &#x2665; and Linux. ###################

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)

iD8DBQE8id/Gck6dU2KQIusRAlNrAJoDaVq06NRUinm56VpDqOMiqF4swwCfS8qw
73Bf5om1z0JckwQJ5Nv1b1E=3D
=3Dh5HH
-----END PGP SIGNATURE-----



From u_p@lycos.de  Sat Mar  9 12:48:02 2002
From: u_p@lycos.de (uwe puchta)
Date: Sat Mar  9 12:48:02 2002
Subject: blowfish in gnuPG 1.0.6 =? 256 bit
Message-ID: <1015674371022788@lycos.de>

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

--=_NextPart_Caramail_0227881015674371_ID
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

just a question out of curiosity:
what's the key size for Blowfish encryption?
is it 256 bit?
... for both cipher-algo and s2k-cipher-algo
(if defined so in the options file or at the
command line)
______________________________________________________
Beginnen Sie das neue Jahr gut informiert: Zeitschriften-Abos zum Sparpreis!
http://www.lycos.de/webguides/entertainment/weihnachten/abo.html
250 Farb-Visitenkarten GRATIS*.  In einem Wert von EUR 99,00!
http://www.vistaprint.de/vp/splash/lycosde.asp
Jetzt eigene Domains f=FCr 1,23 Euro/Monat
http://lycos.de.domainnames.com/default.asp?caller=3Dlycos_d_footer



--=_NextPart_Caramail_0227881015674371_ID--



From wk@gnupg.org  Sat Mar  9 13:56:01 2002
From: wk@gnupg.org (Werner Koch)
Date: Sat Mar  9 13:56:01 2002
Subject: duplicate keyid survey results
In-Reply-To: <Pine.LNX.4.40.0203091023400.13566-100000@sunba> ("Oyvind A.
 Holm"'s message of "Sat, 9 Mar 2002 11:13:12 +0100 (CET)")
References: <Pine.LNX.4.40.0203091023400.13566-100000@sunba>
Message-ID: <87n0xhdhrq.fsf@alberti.gnupg.de>

On Sat, 9 Mar 2002 11:13:12 +0100 (CET), Oyvind A Holm said:

> Another thing is when GPG itself gets the key from a server, for
> example when verifying a signed text and you don't have the actual key
> from before. Will GPG then use the 32-bit keyID to get the key from the
> server?

Yes, because the current HKP servers can't cope with the full 64 bit
keyID.  I'd even like to have a keyserver which accepts the
fingerprint.  The problem here is that the signature packet does only
carry the 64 bit key ID.

Ciao,

  Werner



From dshaw@jabberwocky.com  Sat Mar  9 14:46:01 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Sat Mar  9 14:46:01 2002
Subject: duplicate keyid survey results
In-Reply-To: <200203090639.PAA29914@blue.h2np.net>
References: <20020309041522.GD1023@akamai.com> <200203090639.PAA29914@blue.h2np.net>
Message-ID: <20020309134317.GF1023@akamai.com>

On Sat, Mar 09, 2002 at 03:39:44PM +0900, Hironobu SUZUKI wrote:
> 
> > It is easy to make even a duplicate 64-bit keyid. 
> 
>  Step 0: If you use 32bit keyid, move Step 1. If 64bit keyid, move 
> 	 Step 2.
> 
>  Step 1: If you try to get a key by 32bit keyid but found duplicate keys,
> 	 move Step 2 or Step 3 which you wish.
> 
>  Step 2: If you try to get a key by 64bit keyid but found duplicate
>          keys, move Step 3 or Step 4 which you wish.
> 
>          If 32bit duplicate keyid was generated by accidentally, 
> 	 64bit keyid searching will help most of them. 
> 
>  Step 3: Use Web interface and check a list of keyids combined
>          fingerprints. Select one key and database will return actual
>          key (using database OID). Users must be patients. So, some
>          people like me move to Step 4.
> 
>  Step 4: Ask an actual public key for the key owner or get an public
>          key from owner's web page.

This is an algorithm that a human being can follow.  What is a program
supposed to do?  Most people do not use a web interface to get their
keys - they use the keyserver interface in their application, which
can only say "give me 0xXXXXXXXX".  It should not have to parse and
understand lots of HTML to try and resolve conflicts.  Also, PGP is
not being updated anymore.  Even if code is added to GnuPG to talk to
your keyserver, PGP will not be able to.

Let me try and approach this from another direction: do you see any
security problem with returning more than one key with the same keyid?
If yes, can you tell me why?

Remember that the keyserver does nothing to validate the keys - that
is the job of the signatures on the key.  The decision on whether to
use a particular key belongs to the *user* who verifies the signatures
and decides where this key fits into the web of trust.  One of the
main reasons for key signatures in the first place is to deal with
this exact problem.  There can never be a denial of service by
generating a fake key with the same keyid because of the signatures.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From dshaw@jabberwocky.com  Sat Mar  9 15:01:01 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Sat Mar  9 15:01:01 2002
Subject: duplicate keyid survey results
In-Reply-To: <87n0xhdhrq.fsf@alberti.gnupg.de>
References: <Pine.LNX.4.40.0203091023400.13566-100000@sunba> <87n0xhdhrq.fsf@alberti.gnupg.de>
Message-ID: <20020309135800.GG1023@akamai.com>

On Sat, Mar 09, 2002 at 01:53:29PM +0100, Werner Koch wrote:
> On Sat, 9 Mar 2002 11:13:12 +0100 (CET), Oyvind A Holm said:
> 
> > Another thing is when GPG itself gets the key from a server, for
> > example when verifying a signed text and you don't have the actual key
> > from before. Will GPG then use the 32-bit keyID to get the key from the
> > server?
> 
> Yes, because the current HKP servers can't cope with the full 64 bit
> keyID.  I'd even like to have a keyserver which accepts the
> fingerprint.  The problem here is that the signature packet does only
> carry the 64 bit key ID.

Only if the keyserver can only handle 32-bit keyids.  If GPG is
talking to a server that can handle more (like the LDAP server), it
will use the full 64-bits.  (Werner, this is one of the things I added
in the generic keyserver code :) )

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From agreene@pobox.com  Sat Mar  9 16:12:01 2002
From: agreene@pobox.com (Anthony E. Greene)
Date: Sat Mar  9 16:12:01 2002
Subject: change the passphrase...
In-Reply-To: <E16jQ1v-0005lG-00@porta.u64.de>
Message-ID: <Pine.LNX.4.33.0203081458270.1550-100000@cp5340.localdomain>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 8 Mar 2002, Dominik Schwald wrote:
>If i create a new key and set the password to e.g. "supersecret_1" and 
>put a copy of that secretKey somewhere, than i change the passphrase to 
>"supersecret_2".
>Am i right that it's now possible to use the first secretKey with the 
>first passphrase  for signing/encryption  AS  WELL  AS  the second 
>secretKey with its passphrase..?

Yes.


Tony
- -- 
Anthony E. Greene <mailto:Anthony%20E.%20Greene%20%3Cagreene@pobox.com%3E>
OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D
AOL/Yahoo Chat: TonyG05         HomePage: <http://www.pobox.com/~agreene/>
Linux. The choice of a GNU generation <http://www.linux.org/>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Anthony E. Greene <agreene@pobox.com> 0x6C94239D

iD8DBQE8iRgDpCpg3WyUI50RAtdzAJ9g3qSzrznz4+bNVe97fnGRPWy6EwCg3Ljv
gEm2RDJJc81gbs1Mt1Pnvlk=
=kSFE
-----END PGP SIGNATURE-----



From RGB.Art.Gallery@10.0.1.9  Sat Mar  9 16:35:02 2002
From: RGB.Art.Gallery@10.0.1.9 (RGB Art Gallery)
Date: Sat Mar  9 16:35:02 2002
Subject: Hand-painted Replica of Van Gogh's Sunflower for $69
Message-ID: <SAK.2002.03.09.tfjimtrn@shark>

<html><head><title>RGB Art Gallery</title>
</head>
<body bgcolor="#FFFFDD" text="#000000" link="#000000" vlink="#000000" alink="#000000">

<table border=0 width=100% cellpadding=0 cellspacing=0 bgcolor=#FFFFDD>
<tr><td>

<div bgColor=#ffffff leftMargin=0 topMargin=0 marginheight="0" marginwidth="0">
<h1> 
<CENTER><a href="http://www.rgbartgallery.com">RGB Art Gallery</CENTER></a></h1>
<CENTER> 
<TABLE cellSpacing=0 cellPadding=0 width=600 border=0>
  <TBODY>
  <TR>
    <TD vAlign=top><!-- Begin Title Table -->
      <TABLE cellSpacing=0 cellPadding=0 width="100%" border=0>
        <TBODY>
        <TR>
          <TD bgColor=#000000>
            <p align="center">&nbsp;&nbsp;<font face="Verdana,Geneva,Arial,Helvetica,sans-serif" color="#ffffff" size="5">Special
            to Cincinnati Downtown Event Attendees!<br>
            2</font><font face="Verdana,Geneva,Arial,Helvetica,sans-serif" color="#ffffff" size="5">0&quot;x24&quot;
            Hand-painted Oil Canvas Starts $49<br>
            This weekend only!</font></p>
          </TD></TR></TBODY></TABLE>
<!-- End Title Table -->
      <TABLE cellSpacing=0 cellPadding=0 width="100%" border=0 0>
        <TBODY>
        <TR>
          <TD width=5 bgColor=#000000>&nbsp;</TD>
          <TD width="100%">
          
            <TABLE cellSpacing=0 cellPadding=5 width="100%" border=0>
              <TBODY>
              <TR>
                <TD align=left width="100%" bgcolor="#BCBBC4"><FONT 
                  face=Verdana,Geneva,Arial,Helvetica,sans-serif color=#000000 
                  size=2>
                  <P>Greetings! 
                  <P>If you are going to attend downtown Cincinnati events, stop by RGB
                  Art Gallery on the 2nd floor of Carew Tower. We are located on
                  the top of the skywalk escalators near the Omini Hotel.&nbsp;<P>As
                  a limited time offer to downtown event attendees this weekend of
                  March 9-10, you can buy the following high quality
                  hand-painted replica or original art with unbelievable prices.
                  Quick, each of these is unique.</FONT>
                  <TABLE cellSpacing=0 cellPadding=2 width="100%" border=0>
                    <TBODY>
                    <TR>
                      <TD align=middle width="33%"><font face="Verdana,Geneva,Arial,Helvetica,sans-serif" color="#000000" size="3"><b>Sunflowers
                        20&quot;x24&quot;</b></font></TD>
                      <TD align=middle width="34%"><font face="Verdana,Geneva,Arial,Helvetica,sans-serif" color="#000000" size="3"><b>Hunting
                        24&quot;x36&quot;</b></font></TD>
                      <TD align=middle width="33%">
                        <p align="center"><font face="Verdana,Geneva,Arial,Helvetica,sans-serif" color="#000000" size="3"><b>&nbsp;Flower
                        and Chair<br>
                        20&quot;x24&quot;</b></font></p>
                      </TD></TR>
                    <TR>
                      <TD align=middle><a href="http://www.rgbartgallery.com/web/alb_021502.htm"><img border="0" src="http://www.rgbartgallery.com/web/alb_new_0227/images/thumbs/DSC00212_20x24_0227.jpg" width="134" height="134"></a></TD>
                      <TD align=middle><a href="http://www.rgbartgallery.com/web/alb_new_0227.htm"><img border="0" src="http://www.rgbartgallery.com/web/alb_new_0227/images/thumbs/DSC00220_24x36_0227.jpg" width="134" height="134"></a></TD>
                      <TD align=middle><a href="http://www.rgbartgallery.com/web/alb_0218/pages/Dsc00191_0218_20x24.htm" ><img border="0" src="http://www.rgbartgallery.com/web/alb_0218/images/thumbs/Dsc00191_0218_20x24.jpg" width="134" height="134"></a></TD></TR>
                    <TR>
                      <TD align=middle>
                        <p align="center"><B><FONT 
                        face=Verdana,Geneva,Arial,Helvetica,sans-serif 
                        color=#cc0000 size=2><br>
                        Special price this week: $69.00</FONT></B></p>
                      </TD>
                      <TD align=middle><B><FONT 
                        face=Verdana,Geneva,Arial,Helvetica,sans-serif 
                        color=#cc0000 size=2>Special price this week</FONT></B><FONT 
                        face=Verdana,Geneva,Arial,Helvetica,sans-serif 
                        color=#cc0000 size=2><B>: $199.00</B></FONT></TD>
                      <TD align=middle><B><FONT 
                        face=Verdana,Geneva,Arial,Helvetica,sans-serif 
                        color=#cc0000 size=2>Special price this week</FONT></B><FONT 
                        face=Verdana,Geneva,Arial,Helvetica,sans-serif 
                        color=#cc0000 size=2><B>: 
                    $89.00</B></FONT></TD></TR>
                    <TR>
                      <TD align=middle>
                        <p align="center"><font face="Verdana,Geneva,Arial,Helvetica,sans-serif" color="#000000" size="2">&nbsp;The
                        retail market price is $220. You save more than 70%.</font></p>
                      </TD>
                      <TD align=middle>
                        <p align="center"><font face="Verdana,Geneva,Arial,Helvetica,sans-serif" color="#000000" size="2">The
                        retail market price is $699.00. You save more than 71%</font></p>
                      </TD>
                      <TD align=middle><font face="Verdana,Geneva,Arial,Helvetica,sans-serif" color="#000000" size="2">The
                        retail market price is $299.00. You save more than 70%</font></TD></TR></TBODY></TABLE>
                  <P>
                  <CENTER>
                  <TABLE cellSpacing=0 cellPadding=2 width="100%" border=0>
                    <TBODY>
                    <TR>
                      <TD align=middle width="33%">
                        <p align="center"><font face="Verdana,Geneva,Arial,Helvetica,sans-serif" color="#000000" size="3"><b>The
                        Autumn Gate 20"x24"</b></font></TD>
                      <TD align=middle width="34%">
                        <p align="center"><font face="Verdana,Geneva,Arial,Helvetica,sans-serif" color="#000000" size="3"><b>Roybal<br>
                        12&quot;x16&quot;</b></font></p>
                      </TD>
                      <TD align=middle width="33%">
                        <p align="center"><font face="Verdana,Geneva,Arial,Helvetica,sans-serif" color="#000000" size="3"><b>Wall
                        Street 1890s<br>
                        20&quot;x24&quot;</b></font></p>
                      </TD></TR>
                    <TR>
                      <TD align=middle>
                        <p align="center"><a href="http://www.rgbartgallery.com/web/alb_gardens.htm"><img border="0" src="http://www.rgbartgallery.com/web/alb_gardens/images/thumbs/Dsc00036_2024.jpg" width="134" height="134"></a></p>
                      </TD>
                      <TD align=middle>
                        <p align="center"><a href="http://www.rgbartgallery.com/web/alb_0215b.htm"><img border="0" src="http://www.rgbartgallery.com/web/alb_0215b/images/thumbs/Dsc00035_0215_12x16.jpg" width="134" height="134"></a></p>
                      </TD>
                      <TD align=middle><a href="http://www.rgbartgallery.com/web/alb_0215b.htm"> <img border="0" src="http://www.rgbartgallery.com/web/alb_0215b/images/thumbs/Dsc00121_0215_20x24.jpg" width="134" height="134"></a></TD></TR>
                    <TR>
                      <TD align=middle><B><FONT 
                        face=Verdana,Geneva,Arial,Helvetica,sans-serif 
                        color=#cc0000 size=2>Special price this week</FONT></B><FONT 
                        face=Verdana,Geneva,Arial,Helvetica,sans-serif 
                        color=#cc0000 size=2><B>: $89.00<br>
                        *Frame not included</B></FONT></TD>
                      <TD align=middle><B><FONT 
                        face=Verdana,Geneva,Arial,Helvetica,sans-serif 
                        color=#cc0000 size=2>Special price this week</FONT></B><FONT 
                        face=Verdana,Geneva,Arial,Helvetica,sans-serif 
                        color=#cc0000 size=2><B>: $35.00</B></FONT></TD>
                      <TD align=middle><B><FONT 
                        face=Verdana,Geneva,Arial,Helvetica,sans-serif 
                        color=#cc0000 size=2>Special price this week</FONT></B><FONT 
                        face=Verdana,Geneva,Arial,Helvetica,sans-serif 
                        color=#cc0000 size=2><B>: 
                    $89.00*&nbsp;<br>
                        *Frame not included</B></FONT></TD></TR>
                    <TR>
                      <TD align=middle><font face="Verdana,Geneva,Arial,Helvetica,sans-serif" color="#000000" size="2">The
                        retail market price is $299.00. You save more than 70%.</font></TD>
                      <TD align=middle><font face="Verdana,Geneva,Arial,Helvetica,sans-serif" color="#000000" size="2">The
                        retail market price is $99.00. You save more than 64%.</font></TD>
                      <TD align=middle><FONT 
                        face=Verdana,Geneva,Arial,Helvetica,sans-serif 
                        color=#000000 size=2>You 
                        save 70% off the retail market price of $299.00</FONT></TD></TR></TBODY></TABLE></CENTER><FONT 
                  face=Verdana,Geneva,Arial,Helvetica,sans-serif color=#000000 
                  size=2><!-- Closing Paragraph  -->
                  <P>We have many more oil paintings on sale. Please visit our
                  web site <a href="http://www.rgbartgallery.com">http://www.rgbartgallery.com</a>
                  to preview more canvas images and check the gallery schedule. Visit
                  our gallery when you come to downtown for an
                  event like this week's &quot;Home and Garden Show&quot; and
                  others. Carew Tower is just two blocks away near Fountain
                  Square. You
                  will find many high quality hand-painted oil paintings with
                  &quot;unbelievable prices&quot; (this was what many of our customers
                  said!).<P>Sincerely,&nbsp; 
                  <P>Kay<br>
                  RGB Art Gallery 
                  <HR align=left width=300 color=#000066 SIZE=1>
                  email: <a href="mailto:info@rgbartgallery.com">info@rgbartgallery.com</a>&nbsp;<BR>voice:
              (513) 369-0300<BR>web: <a href="http://www.rgbartgallery.com">www.rgbartgallery.com</a>
              </FONT><!-- End Signature --></TD></TR></TBODY></TABLE>
              </TD>
          <TD width=5 bgColor=#000000>&nbsp;</TD></TR>
        <TR>
          <TD width="100%" bgColor=#000000 colSpan=3>
          <font face="Verdana,Geneva,Arial,Helvetica,sans-serif" size="2" color="#FFFFFF">&nbsp;This
          message was sent to you by RGB Art Gallery. To remove your email
          address from the mailing list, please send an email to
          info@rgbartgallery.com with subject &quot;REMOVE&quot;.</font>
          </TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE>
            
</CENTER>
</div>
</table>
</body></html>



From teenieberry@worldnet.att.net  Sat Mar  9 16:51:02 2002
From: teenieberry@worldnet.att.net (FRANK HUBENY)
Date: Sat Mar  9 16:51:02 2002
Subject: Hand-painted Replica of Van Gogh's Sunflower for $69
References: <SAK.2002.03.09.tfjimtrn@shark>
Message-ID: <000801c1c782$fa1dd6e0$51d06620@teeniebe9euk8d>

Hello Users;

I do keep getting alot on none "gpg" items from this user group.
Is there any way from stopping this.

The subject line is from the original e-mail I recieved.

<><
Frank D. Hubeny 



From blais@iro.umontreal.ca  Sat Mar  9 21:06:02 2002
From: blais@iro.umontreal.ca (Martin Blais)
Date: Sat Mar  9 21:06:02 2002
Subject: missing documentation / rant
Message-ID: <20020309200349.ITMX1234.tomts24-srv.bellnexxia.net@there>

hi

here's a bug report / rant? for GPG 1.0.6

documentation is missing for 

     --check-trustdb [NAMES]      check the trust database
     --fix-trustdb                fix a corrupted trust database

these options don't know show up in the man page. someone really ought to do 
the grunt work of cross-checking the man page documentation with the actual 
options that gpg can accept.

these are not in the handbook nor in the FAQ either. the only thing i could 
find was stuff in the mailing-lists. in particular, i cannot help but wonder, 
why would my trustdb become corrupted, and how is it possible that it can be 
fixed (and if so, why doesn't it do that by itself?).  besides, i cannot 
figure out how to use check-trustdb, all i get is output like this:

tadora:~$ gpg --check-trustdb blais
gpg: given user IDs ignored in check_trustdb
gpg: 15 keys processed
gpg:    15 keys skipped
tadora:~$ 


also of interest:
    --allow-secret-key-import

is not mentioned on the output of "gpg --help". i'm sure there are many 
others.

i know it is not fun to do, but documentation improvement for this otherwise 
excellent piece of software is sorely needed. encryption attracts people who 
will have attention for detail and will read up on how it works, will 
experiment with it before using it, and it would be nice if the documentation 
was very, very, very consistent (it is off to a very good start, but the 
mising stuff is frustrating).

another big one (for me and other friends): the default behaviour for "gpg 
file.gpg" is to decrypt to a file "file", and apart from asking for the 
passphrase it doesn't say it has output the PLAINTEXT to a FILE. the user 
that is not careful might forget or not know that is unencrypted document 
lies in the filesystem!  that is a big problem!  IMHO that should not be the 
default behaviour, the default, just as for input, should be that it outputs 
to stdout, just like --decrypt does, and that using --decrypt should output 
to a file (plus we should get a message that says so, every functionality 
that write unencrypted data to the filesystem should warn the user).


thanks for making gpg, i really enjoy using it otherwise.
cheers,


--
M.

p.s. please Cc i'm not on this list.


From wk@gnupg.org  Sat Mar  9 22:06:01 2002
From: wk@gnupg.org (Werner Koch)
Date: Sat Mar  9 22:06:01 2002
Subject: missing documentation / rant
In-Reply-To: <20020309200349.ITMX1234.tomts24-srv.bellnexxia.net@there> (Martin
 Blais's message of "Sat, 9 Mar 2002 15:02:23 -0500")
References: <20020309200349.ITMX1234.tomts24-srv.bellnexxia.net@there>
Message-ID: <87sn79bgi5.fsf@alberti.gnupg.de>

On Sat, 9 Mar 2002 15:02:23 -0500, Martin Blais said:

> these options don't know show up in the man page. someone really ought to do 
> the grunt work of cross-checking the man page documentation with the actual 

There are reasons for this.  --dump-options is for example also not
listed in the man page.  But hey, you have the source, so where is the
problem.

> fixed (and if so, why doesn't it do that by itself?).  besides, i cannot 
> figure out how to use check-trustdb, all i get is output like this:

So don't use it.  As said, there is a reason that it is not listed.
BTW, the next version has it mentioned because this command has a real
use then.

> also of interest:
>     --allow-secret-key-import

> is not mentioned on the output of "gpg --help". i'm sure there are many 

If you try to import a secret key, a messge is printed, telling you to
use this option.  Anyway, this option is just a temporary hack and not
anymore needed in 1.0.6d.  Printing all 202 commands and options with
--help make no sense, it is just too much and can't probably not be
understood without a more verbose description.  Anyway, recent
versions do print:

      --photo-viewer               Set command line to view Photo IDs
   -N, --notation-data NAME=VALUE   use this notation data

  (See the man page for a complete listing of all commands and options)


There is nothing important missing, some things are maintainer only.
If you or the people attracted by encryption real want to get into it,
use the source.

> another big one (for me and other friends): the default behaviour for "gpg 
> file.gpg" is to decrypt to a file "file", and apart from asking for the 
> passphrase it doesn't say it has output the PLAINTEXT to a FILE. the

Which is the correct behaviour of a Unix tool.  Use --verbose to get
what you want.

> lies in the filesystem!  that is a big problem!  IMHO that should not be the 
> default behaviour, the default, just as for input, should be that it outputs 
> to stdout, just like --decrypt does, and that using --decrypt should output 

A lot of tools do have this behaviour and it makes a lot of sense. IF
you want to have the output on stdout, send the input to stdin.

Ciao,

  Werner





From sunny@sunbase.org  Sat Mar  9 22:07:03 2002
From: sunny@sunbase.org (Oyvind A. Holm)
Date: Sat Mar  9 22:07:03 2002
Subject: missing documentation / rant
In-Reply-To: <20020309200349.ITMX1234.tomts24-srv.bellnexxia.net@there>
Message-ID: <Pine.LNX.4.40.0203092125410.31743-100000@sunba>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2002-03-09 15:02 Martin Blais wrote:
> another big one (for me and other friends): the default behaviour for
> "gpg file.gpg" is to decrypt to a file "file", and apart from asking
> for the passphrase it doesn't say it has output the PLAINTEXT to a
> FILE. the user that is not careful might forget or not know that is
> unencrypted document lies in the filesystem! that is a big problem!
> IMHO that should not be the default behaviour, the default, just as
> for input, should be that it outputs to stdout, just like --decrypt
> does, and that using --decrypt should output to a file (plus we
> should get a message that says so, every functionality that write
> unencrypted data to the filesystem should warn the user).

This can easily be avoided by using

    gpg <file.gpg

The output will then be sent to stdout. IMHO the current behaviour of
GnuPG is correct. When specifying a file directly, GPG behaves the
similar way -- creating a file. This is the de facto way of doing
things in UNIX and I don't think that should be changed. Another
question is whether it should be changed on DOSish systems, as the
stdin/stdout thing is pretty unfamiliar in the DOS (aka windows) world.
But then it's a Bad Thing to make a program work differently in
different environments. That would lead to more trouble than it's
worth.

Talking about stdin/stdout... I have to mention the horrible behaviour
by PGP 6.x. When I get encrypted mail, most of the time as armoured
text, I mark the text in my editor (joe) and filter it through GnuPG.
Works fine. One day I tried doing the same using PGP. It read from
stdin, but it did not send the output to stdout, instead it created a
file called "stdin" or something like that in the current directory
where i started my mail program. I must say I was shocked by this. I'd
_never_ think such a widespread program could have serious flaws like
this. If i remember correctly, one have to specify an option (-f or
something) to make PGP use stdin/stdout, but I still call it a flaw. If
it doesn't print to stdout, it should neither read from stdin. Indeed
PGP acts like a strange bird in an UNIX environment.

Regards,
=D8yvind

+-------------------------------------------------------------------+
| OpenPGP: 0x629022EB 2002-02-24 =D8yvind A. Holm <sunny@sunbase.org> |
| Fingerprint: DBE9 8D44 67F7 42AC 2CA1  7651 724E 9D53 6290 22EB   |
+------------- Nostalgien er ikke hva den engang var. --------------+

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)

iD8DBQE8injqck6dU2KQIusRAtKpAJ9gfO/XcS9dXtKsImQyHN+TBwqNPACgpU7q
BPIxa3uH1MeC0TOxlY77ii8=3D
=3Ds1Ae
-----END PGP SIGNATURE-----



From Marc.Mutz@uni-bielefeld.de  Sat Mar  9 22:31:01 2002
From: Marc.Mutz@uni-bielefeld.de (Marc Mutz)
Date: Sat Mar  9 22:31:01 2002
Subject: blowfish in gnuPG 1.0.6 =? 256 bit
In-Reply-To: <1015674371022788@lycos.de>
References: <1015674371022788@lycos.de>
Message-ID: <200203092228.11603@sendmail.mutz.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Saturday 09 March 2002 12:55, uwe puchta wrote:
> just a question out of curiosity:
> what's the key size for Blowfish encryption?
> is it 256 bit?
> ... for both cipher-algo and s2k-cipher-algo
> (if defined so in the options file or at the
> command line)
<snip>

http://www.counterpane.com/blowfish.html

- --=20
Marc Mutz <mutz@kde.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8in5o3oWD+L2/6DgRAkvZAJwKaB7fZVJef25joMMlFlzFrvdyUACgjxzI
YSMEWqB7kWW1Zc4idqMXsNw=3D
=3DnndK
-----END PGP SIGNATURE-----



From blais@iro.umontreal.ca  Sat Mar  9 22:43:01 2002
From: blais@iro.umontreal.ca (Martin Blais)
Date: Sat Mar  9 22:43:01 2002
Subject: missing documentation / rant
In-Reply-To: <87sn79bgi5.fsf@alberti.gnupg.de>
References: <20020309200349.ITMX1234.tomts24-srv.bellnexxia.net@there> <87sn79bgi5.fsf@alberti.gnupg.de>
Message-ID: <20020309214111.MHMP21673.tomts23-srv.bellnexxia.net@there>

On Saturday 09 March 2002 16:03, Werner Koch wrote:
> On Sat, 9 Mar 2002 15:02:23 -0500, Martin Blais said:
> > these options don't know show up in the man page. someone really ought to
> > do the grunt work of cross-checking the man page documentation with the
> > actual
>
> There are reasons for this.  --dump-options is for example also not
> listed in the man page.  But hey, you have the source, so where is the
> problem.

there is no real problem, one of the users (me) is confused, and is making 
comments to the developers in order to allow them to improve the 
documentation of their software.

i'd like to know what they are? it would be nice if there was a clear 
separation between options that are shown by --help and those that aren't and 
that are explained in the man page and manual (perhaps dub them "extended" or 
"private" options?).  in any case, either the manual or documentation should 
reflect all options, right?

i understand that documentation is difficult to keep up-to-date by a 
distributed team (and the handbook is actually quite impressive), but this is 
indeed a 1.0 release and for such an important release documentation should 
be polished... i wouldn't have bothered making comments for a development 
release, because i understand that. my own system is that i make it a 
requirement to releasing, i.e. i don't allow myself to release until i've 
updated the docs. if i want to release something i have to bite the bullet 
and slave at the docs.

(and besides, sorry, but looking at the source doesn't qualify as 
documentation, which is what my comments are about. the beauty of oss is that 
i can if i want to (especially to make modifications), but that doesn't mean 
that all users of gpg SHOULD have to become acquainted with the source to 
find out what an option listed in --help is meant to do. i'm sure you'll 
agree with this.)


> > fixed (and if so, why doesn't it do that by itself?).  besides, i cannot
> > figure out how to use check-trustdb, all i get is output like this:
>
> So don't use it.  As said, there is a reason that it is not listed.

well, it IS indeed listed in "gpg --help".  i didn't mean to use it, i meant 
to understand what it does because it was listed, and is not documented, and 
that is why i was trying it. if i'm not meant to use it, then the problem is 
that it was listed.


> BTW, the next version has it mentioned because this command has a real
> use then.
>
> > also of interest:
> >     --allow-secret-key-import
> >
> > is not mentioned on the output of "gpg --help". i'm sure there are many
>
> If you try to import a secret key, a messge is printed, telling you to
> use this option.  Anyway, this option is just a temporary hack and not
> anymore needed in 1.0.6d.  Printing all 202 commands and options with

cool.


> --help make no sense, it is just too much and can't probably not be
> understood without a more verbose description.  Anyway, recent
> versions do print:
>
>       --photo-viewer               Set command line to view Photo IDs
>    -N, --notation-data NAME=VALUE   use this notation data
>

>   (See the man page for a complete listing of all commands and options)

that's exactly my point!  is at least the man page complete? options that are 
listed in --help should at least also be in the man page. the opposite is not 
necessarily true, and some kind of grouping to acknowledge that is a nice way 
to let the user understand this (something like "basic options" and "extended 
options").



> There is nothing important missing, some things are maintainer only.
> If you or the people attracted by encryption real want to get into it,
> use the source.

those maintainer-only options should then not be visible to the user if he's 
not to use them. all i'm arguing for, is that the maintainer/for-debug 
options be somehow marked as such or not visible.


> > another big one (for me and other friends): the default behaviour for
> > "gpg file.gpg" is to decrypt to a file "file", and apart from asking for
> > the passphrase it doesn't say it has output the PLAINTEXT to a FILE. the
>
> Which is the correct behaviour of a Unix tool.  Use --verbose to get
> what you want.

agreed, read on...


> > lies in the filesystem!  that is a big problem!  IMHO that should not be
> > the default behaviour, the default, just as for input, should be that it
> > outputs to stdout, just like --decrypt does, and that using --decrypt
> > should output
>
> A lot of tools do have this behaviour and it makes a lot of sense. IF
> you want to have the output on stdout, send the input to stdin.

i know i can use --decrypt and i do now (actually, you make me think, i'll 
try putting it in my options file).

well, please consider that a default behaviour of writing plaintext files out 
to the filesystem is behaviour that does not foster trust in a program that 
is meant to provide data security for its user. i mean, there is a reason for 
that file to be encrypted in the first place. if i considered my filesystem 
permissions to be secure i probably wouldn't use encryption to store files on 
it.

i have often forgotten to delete unencrypted files because of that (and even 
sometimes on my cd backups, which were recently robbed with the rest of the 
computing equipment. not a cool feeling. i agree that it is my fault because 
i misused gpg, but food for thought anyway. IMHO plaintext should only be 
written to files on request. consider it a security feature, and not a minor 
one---the user is less likely to make the mistake of decrypting to disk.)

thanks for your quick answer.
cheers,


From blais@iro.umontreal.ca  Sat Mar  9 22:57:01 2002
From: blais@iro.umontreal.ca (Martin Blais)
Date: Sat Mar  9 22:57:01 2002
Subject: missing documentation / rant
In-Reply-To: <Pine.LNX.4.40.0203092125410.31743-100000@sunba>
References: <Pine.LNX.4.40.0203092125410.31743-100000@sunba>
Message-ID: <20020309215503.JNTL4161.tomts17-srv.bellnexxia.net@there>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Saturday 09 March 2002 16:05, Oyvind A. Holm wrote:
> On 2002-03-09 15:02 Martin Blais wrote:
> question is whether it should be changed on DOSish systems, as the
> stdin/stdout thing is pretty unfamiliar in the DOS (aka windows) world.
> But then it's a Bad Thing to make a program work differently in
> different environments. That would lead to more trouble than it's
> worth.

good point, so i guess it cannot be changed.

perhaps an option to alter that behaviour would be cool. that option could be 
put in the user's options file to get that behaviour.

just my 2cents.
thx again,
-----BEGIN PGP SIGNATURE-----
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjyKhFwACgkQq2PmC9F3Xx3UBACfYWoQti6Qhn/RoAxZ2jSCLMAo
axoAn35J/lP6Wt+P++ZDAcc48NK8STx8
=qCY2
-----END PGP SIGNATURE-----


From sunny@sunbase.org  Sat Mar  9 23:33:01 2002
From: sunny@sunbase.org (Oyvind A. Holm)
Date: Sat Mar  9 23:33:01 2002
Subject: missing documentation / rant
In-Reply-To: <20020309215503.JNTL4161.tomts17-srv.bellnexxia.net@there>
Message-ID: <Pine.LNX.4.40.0203092307140.2427-100000@sunba>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2002-03-09 16:53-0500 Martin Blais wrote:
> On 2002-03-09 22:05:06+0100, Oyvind A. Holm wrote:
> > Another question is whether it should be changed on DOSish systems,
> > as the stdin/stdout thing is pretty unfamiliar in the DOS (aka
> > windows) world. But then it's a Bad Thing to make a program work
> > differently in different environments. That would lead to more
> > trouble than it's worth.
>
> good point, so i guess it cannot be changed.
>
> perhaps an option to alter that behaviour would be cool. that option
> could be put in the user's options file to get that behaviour.

That seems like a good idea. Having an "always-stdout" option would be
a good thing to have, especially when thinking of how hard it is to
completely erase data from hard disks once it's written. After all,
it's easy to redirect the output to a file. I still think the current
behaviour should be the default, but I see no drawback in having an
configuration option to achieve this behaviour.

Regards,
=D8yvind

+-------------------------------------------------------------------+
| OpenPGP: 0x629022EB 2002-02-24 =D8yvind A. Holm <sunny@sunbase.org> |
| Fingerprint: DBE9 8D44 67F7 42AC 2CA1  7651 724E 9D53 6290 22EB   |
+----------- 2 + 2 =3D 5 for extremely large values of 2. ------------+

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)

iD8DBQE8iozTck6dU2KQIusRArY+AJ96aTJgFkdinstjIGrHTVr8xVpEygCfW5vi
IRrTZmSXdnJ2DKSDp/sXVI8=3D
=3DCiW9
-----END PGP SIGNATURE-----



From bobmathews@mindspring.com  Sat Mar  9 23:39:01 2002
From: bobmathews@mindspring.com (Bob Mathews)
Date: Sat Mar  9 23:39:01 2002
Subject: blowfish in gnuPG 1.0.6 =? 256 bit
In-Reply-To: <200203092228.11603@sendmail.mutz.com>
References: <1015674371022788@lycos.de> <200203092228.11603@sendmail.mutz.com>
Message-ID: <20020309223711.E10F39D19@cabbit.cat>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Saturday 09 March 2002 01:28 pm, Marc Mutz wrote:
> On Saturday 09 March 2002 12:55, uwe puchta wrote:
> > just a question out of curiosity:
> > what's the key size for Blowfish encryption?
> > is it 256 bit?
> > ... for both cipher-algo and s2k-cipher-algo
> > (if defined so in the options file or at the
> > command line)
>
> <snip>
>
> http://www.counterpane.com/blowfish.html

That page says that blowfish has a variable length key. However, according to 
RFC2440, OpenPGP uses blowfish with a 128-bit key. That applies to both the 
- --cipher-algo and --s2k-cipher-algo options.

 -bob mathews

-----BEGIN PGP SIGNATURE-----
Comment: What's this? http://bobmathews.home.mindspring.com/bob/

iD8DBQE8io5/PgDecCrBEpcRAvZyAJ9mepDoScVoV1vvpUvKvcFAhf8JVwCeIfCh
4qakEveOZBnTDcGg3j+pSOc=
=RvAN
-----END PGP SIGNATURE-----


From twoaday@freakmail.de  Sun Mar 10 00:41:01 2002
From: twoaday@freakmail.de (Timo Schulz)
Date: Sun Mar 10 00:41:01 2002
Subject: Announcement for OpenCDK
Message-ID: <20020309232224.GA31086@daredevil.joesixpack.net>

Hi,

I decided to create a library which implements basic parts
of the RFC2440 (OpenPGP) message format. This library will
be no replacement for any real OpenPGP application like PGP
or GPG. The goals of the library are to provide an API for
parsing packets and to work with OpenPGP keys.

There is also some code for signing, verification, encrypt
and decrypt, but this is only partly done.

Some of the code based on GPG and for all crypto functions
we referring to the libgcrypt library. This library is responsible
for secure memory, random generation and other sentensive parts.

Currently the library is work on progress, but for the people
who want to take a look at it can find the source on this webpage:
http://www.winpt.org/opencdk.html

Of course the whole project is available under the terms of the 
GNU General Public License.


        Timo





From hironobu@h2np.net  Sun Mar 10 02:26:01 2002
From: hironobu@h2np.net (Hironobu SUZUKI)
Date: Sun Mar 10 02:26:01 2002
Subject: duplicate keyid survey results
In-Reply-To: Your message of "Sat, 09 Mar 2002 08:43:17 EST."
 <20020309134317.GF1023@akamai.com>
Message-ID: <200203100123.KAA32274@blue.h2np.net>

I tried to send my e-mail to dshaw@jabberwocky.com from my two mail
addresses, hironobu@h2np.net and hironobu@pgp.nic.ad.jp, but all of my
e-mails were rejected.

Please let me know another your e-mail address which I can send one.

And I'm sorry for ML readers.

Best Regards,


-- 
Hironobu SUZUKI
E-Mail: hironobu@h2np.net
URL: http://h2np.net



From wk@gnupg.org  Sun Mar 10 16:14:01 2002
From: wk@gnupg.org (Werner Koch)
Date: Sun Mar 10 16:14:01 2002
Subject: missing documentation / rant
In-Reply-To: <Pine.LNX.4.40.0203092307140.2427-100000@sunba> ("Oyvind A.
 Holm"'s message of "Sat, 9 Mar 2002 23:30:32 +0100 (CET)")
References: <Pine.LNX.4.40.0203092307140.2427-100000@sunba>
Message-ID: <87g038a24l.fsf@alberti.gnupg.de>

On Sat, 9 Mar 2002 23:30:32 +0100 (CET), Oyvind A Holm said:

> That seems like a good idea. Having an "always-stdout" option would be

What about:

 gpg --output - 

has been there for years.




From dshaw@jabberwocky.com  Sun Mar 10 16:45:02 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Sun Mar 10 16:45:02 2002
Subject: duplicate keyid survey results
In-Reply-To: <200203100123.KAA32274@blue.h2np.net>
References: <20020309134317.GF1023@akamai.com> <200203100123.KAA32274@blue.h2np.net>
Message-ID: <20020310154206.GC9163@akamai.com>

On Sun, Mar 10, 2002 at 10:23:55AM +0900, Hironobu SUZUKI wrote:
> 
> I tried to send my e-mail to dshaw@jabberwocky.com from my two mail
> addresses, hironobu@h2np.net and hironobu@pgp.nic.ad.jp, but all of my
> e-mails were rejected.
> 
> Please let me know another your e-mail address which I can send one.

Sorry - spam blocking system on your netblock.  Your addresses are
right in the middle of a pile of open relays in Korea.

I've overridden the blacklist for your servers.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From teenieberry@worldnet.att.net  Sun Mar 10 16:55:01 2002
From: teenieberry@worldnet.att.net (FRANK HUBENY)
Date: Sun Mar 10 16:55:01 2002
Subject: Output
Message-ID: <000501c1c84c$a9680200$efee6620@teeniebe9euk8d>

Hello users;

I had a problem getting an output from exporting the trustdb.  It
seems that one was the only one I had problems with.  Someone replyed
with a alternative command to output to a file.  I believe it was
called a pipe, or consol redirect.

Could that person send it to me again.  I am useing "gpg-106" for
windows.  On a window 200 pro machine with service packs one and two
installed.

I will keep a backup copy this time.

<><
Frank D. Hubeny



From vab@cryptnet.net  Sun Mar 10 18:40:01 2002
From: vab@cryptnet.net (V Alex Brennen)
Date: Sun Mar 10 18:40:01 2002
Subject: duplicate keyid survey results
In-Reply-To: <87n0xhdhrq.fsf@alberti.gnupg.de>
Message-ID: <Pine.LNX.4.33.0203101201010.12151-100000@unagi.e-techservices.com>

On Sat, 9 Mar 2002, Werner Koch wrote:

> On Sat, 9 Mar 2002 11:13:12 +0100 (CET), Oyvind A Holm said:
> 
> > Another thing is when GPG itself gets the key from a server, for
> > example when verifying a signed text and you don't have the actual key
> > from before. Will GPG then use the 32-bit keyID to get the key from the
> > server?
> 
> Yes, because the current HKP servers can't cope with the full 64 bit
> keyID.  I'd even like to have a keyserver which accepts the
> fingerprint.  The problem here is that the signature packet does only
> carry the 64 bit key ID.

I checked code into CVS that will allow CKS to support HKP style 
queries by the 64 bit key ID, the full 128 bit v3 fp, or the full
160 bit V4 fp.  This feature will be available in the next release.

Here are adapted HKP protocol examples:

32 bit key ID:
GET /pks/lookup?op=get&search=0x992A4B3F HTTP/1.0

64 bit key ID:
GET /pks/lookup?op=get&search=0xFA920973992A4B3F HTTP/1.0

128 bit key ID (v3) (one line wrapped by MTA):
GET /pks/lookup?op=get&search=0x0A75834DE6AB89F6BE869EB81DF4E517 HTTP/1.0

160 bit key ID (v4) (one line wrapped by MTA):
GET /pks/lookup?op=get&search=0x0EC8B0E3052DFC4C208F76EBFA920973992A4B3F 
HTTP/1.0

I included fp support, because I would like to soon write PGP 
software that uses fp's to transmit key information in other
protocols. It would be nice to use CKS to auto fetch by fp as
part of that code.


	- VAB
---
V. Alex Brennen
Senior Systems Engineer
IBM Certified Specialist
e-TechServices.com
IBM Business Partner
Bus: 352.246.8553
Fax: 770.216.1877
vab@e-techservices.com
http://www.e-techservices.com/people/vab/



From vab@cryptnet.net  Sun Mar 10 18:54:01 2002
From: vab@cryptnet.net (V Alex Brennen)
Date: Sun Mar 10 18:54:01 2002
Subject: duplicate keyid survey results
In-Reply-To: <200203090403.NAA29653@blue.h2np.net>
Message-ID: <Pine.LNX.4.33.0203101239050.12151-100000@unagi.e-techservices.com>

On Sat, 9 Mar 2002, Hironobu SUZUKI wrote:

> 
> > If you don't think this is the right way to go, what do you suggest
> > as an alternative?  I think a warning is fine, but not returning one
> > of the keys leaves the keyserver open for a denial of service
> > attack.
> 
> I'd like to return only "Found duplicate keys" status to client. If
> keyserver returns all of duplicate key contents to client, it can be
> used another DoS attack.

I don't believe this is true.  While the potential to create 32 bit 
key id collisions easily exists in v3, it is a hard problem in v4
because the v4 keyid (both 32 and 64 bit) are part of the fingerprint
which in v4 is the SHA160 hash of the key material. So, the problem 
of generating fake keys with a given keyid in v4 is the problem of 
looking for SHA1 partial collisions.

While partial collisions will occur as the number of keys grows, it 
will not be growing fast enough to result in an inability to retrieve
all keys with a given 32bit ID from a server for many decades (even
if you dedicate a machine to generating PGP keys and sending them to
my key server). 


	- VAB
---
V. Alex Brennen
Senior Systems Engineer
IBM Certified Specialist
e-TechServices.com
IBM Business Partner
Bus: 352.246.8553
Fax: 770.216.1877
vab@e-techservices.com
http://www.e-techservices.com/people/vab/



From wk@gnupg.org  Sun Mar 10 19:50:02 2002
From: wk@gnupg.org (Werner Koch)
Date: Sun Mar 10 19:50:02 2002
Subject: duplicate keyid survey results
In-Reply-To: <Pine.LNX.4.33.0203101201010.12151-100000@unagi.e-techservices.com> (V
 Alex Brennen's message of "Sun, 10 Mar 2002 12:34:14 -0500 (EST)")
References: <Pine.LNX.4.33.0203101201010.12151-100000@unagi.e-techservices.com>
Message-ID: <877kok9s72.fsf@alberti.gnupg.de>

On Sun, 10 Mar 2002 12:34:14 -0500 (EST), V Alex Brennen said:

> I included fp support, because I would like to soon write PGP 
> software that uses fp's to transmit key information in other

GNUTLS has experimental OpenPGP support and it uses the fingerprint on
my suggestion.

  Werner



From dshaw@jabberwocky.com  Sun Mar 10 20:30:02 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Sun Mar 10 20:30:02 2002
Subject: duplicate keyid survey results
In-Reply-To: <Pine.LNX.4.33.0203101201010.12151-100000@unagi.e-techservices.com>
References: <87n0xhdhrq.fsf@alberti.gnupg.de> <Pine.LNX.4.33.0203101201010.12151-100000@unagi.e-techservices.com>
Message-ID: <20020310192800.GA951@akamai.com>

On Sun, Mar 10, 2002 at 12:34:14PM -0500, V Alex Brennen wrote:
> I checked code into CVS that will allow CKS to support HKP style 
> queries by the 64 bit key ID, the full 128 bit v3 fp, or the full
> 160 bit V4 fp.  This feature will be available in the next release.
> 
> Here are adapted HKP protocol examples:
> 
> 32 bit key ID:
> GET /pks/lookup?op=get&search=0x992A4B3F HTTP/1.0
> 
> 64 bit key ID:
> GET /pks/lookup?op=get&search=0xFA920973992A4B3F HTTP/1.0
> 
> 128 bit key ID (v3) (one line wrapped by MTA):
> GET /pks/lookup?op=get&search=0x0A75834DE6AB89F6BE869EB81DF4E517 HTTP/1.0
> 
> 160 bit key ID (v4) (one line wrapped by MTA):
> GET /pks/lookup?op=get&search=0x0EC8B0E3052DFC4C208F76EBFA920973992A4B3F 
> HTTP/1.0

I think this is a good thing except for one problem.  From the
perspective of a program that is making a call to a keyserver via HKP,
it has no way to know if the keyserver is pksd, CKS, or something
else.  Since only CKS supports this syntax, there is a problem.  I
guess it could try twice and fall back to the 32 bit key id if the
keyserver returns an error with a fingerprint lookup.

Something to be discussed in the RFC, I think. :)

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From jharris@widomaker.com  Sun Mar 10 22:46:02 2002
From: jharris@widomaker.com (Jason Harris)
Date: Sun Mar 10 22:46:02 2002
Subject: lookups by fingerprint and long keyid (was Re: duplicate keyid survey results)
In-Reply-To: <20020310192800.GA951@akamai.com>
References: <87n0xhdhrq.fsf@alberti.gnupg.de> <Pine.LNX.4.33.0203101201010.12151-100000@unagi.e-techservices.com> <20020310192800.GA951@akamai.com>
Message-ID: <20020310214403.GA826@pm1-24.lft.widomaker.com>

--UugvWAfsgieZRqgk
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Mar 10, 2002 at 02:28:00PM -0500, David Shaw wrote:
> On Sun, Mar 10, 2002 at 12:34:14PM -0500, V Alex Brennen wrote:

> > I checked code into CVS that will allow CKS to support HKP style=20
> > queries by the 64 bit key ID, the full 128 bit v3 fp, or the full
> > 160 bit V4 fp.  This feature will be available in the next release.

> I think this is a good thing except for one problem.  From the
> perspective of a program that is making a call to a keyserver via HKP,
> it has no way to know if the keyserver is pksd, CKS, or something
> else.  Since only CKS supports this syntax, there is a problem.  I
> guess it could try twice and fall back to the 32 bit key id if the
> keyserver returns an error with a fingerprint lookup.

Those are all valid concerns.  Encryption programs will have to be
modified accordingly, of course.  However, even without support for
the extensions in encryption programs, we can still benefit by having
the features available for browser-based lookups.

FWIW, it should be _very easy_ to add long keyid lookups to pks, iff we're
all willing to get back a list of keys matching the corresponding _short_
keyid.  Having pks return only matches by long keyid would require more
work, but should also be possible.  (Remember, there are 81 and 5 keys by
duplicate long and short keyids, respectively, and a maximum of 3 keys with
the same short keyid (0xDEADBEEF).)

Having pks support lookups by fingerprint would require the addition of
a new Berkeley DB Btree or Hash database file.  This should be a
straightforward (but non-trivial) programming task.

(Also, only on the pgp-keyserver-folk list, I previously announced a
proof of concept Perl program that allows lookups by fingerprints.  The
interface isn't HKP and some scripting would be required to keep the
fingerprint and keyid data current, but all sorts of improvements are
possible.  (At any rate, I'm glad to have finally gotten some positive
(though indirect) answers about the _perceived_ need for new types of
key lookups.))

> Something to be discussed in the RFC, I think. :)

As features which are optional to implement, I feel that they can go
in immediately.  I have already needed and performed lookups (mostly
non-keyserver greps on pgpring(1) output) by fingerprint and long keyid.

--=20
Jason Harris
jharris@widomaker.com

--UugvWAfsgieZRqgk
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8i9OdSypIl9OdoOMRAiC1AJ9B/BHevtQR953ghkmoemiIjuqhfQCeJmq4
B+WpbY6x5/eslLlhURKVIHk=
=qEq/
-----END PGP SIGNATURE-----

--UugvWAfsgieZRqgk--


From dshaw@jabberwocky.com  Sun Mar 10 23:37:02 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Sun Mar 10 23:37:02 2002
Subject: lookups by fingerprint and long keyid (was Re: duplicate keyid survey results)
In-Reply-To: <20020310214403.GA826@pm1-24.lft.widomaker.com>
References: <87n0xhdhrq.fsf@alberti.gnupg.de> <Pine.LNX.4.33.0203101201010.12151-100000@unagi.e-techservices.com> <20020310192800.GA951@akamai.com> <20020310214403.GA826@pm1-24.lft.widomaker.com>
Message-ID: <20020310223513.GB2316@akamai.com>

On Sun, Mar 10, 2002 at 04:44:03PM -0500, Jason Harris wrote:
> On Sun, Mar 10, 2002 at 02:28:00PM -0500, David Shaw wrote:
> > Something to be discussed in the RFC, I think. :)
> 
> As features which are optional to implement, I feel that they can go
> in immediately.  I have already needed and performed lookups (mostly
> non-keyserver greps on pgpring(1) output) by fingerprint and long keyid.

For browser-based lookups by human beings, fine.

For any program-driven interface, it must be discussed first.
Creating a feature that breaks compatibility with an existing server
base needs at least a minute or two of thought before doing it.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From hironobu@h2np.net  Mon Mar 11 00:43:01 2002
From: hironobu@h2np.net (Hironobu SUZUKI)
Date: Mon Mar 11 00:43:01 2002
Subject: duplicate keyid survey results
In-Reply-To: Your message of "Sun, 10 Mar 2002 12:47:17 EST."
 <Pine.LNX.4.33.0203101239050.12151-100000@unagi.e-techservices.com>
Message-ID: <200203102341.IAA01283@blue.h2np.net>

> I don't believe this is true.  While the potential to create 32 bit
> key id collisions easily exists in v3, it is a hard problem in v4

Yes. But v3 must be supported.

-- 
Hironobu SUZUKI
E-Mail: hironobu@h2np.net
URL: http://h2np.net



From vab@cryptnet.net  Mon Mar 11 00:57:02 2002
From: vab@cryptnet.net (V Alex Brennen)
Date: Mon Mar 11 00:57:02 2002
Subject: duplicate keyid survey results
In-Reply-To: <200203102341.IAA01283@blue.h2np.net>
Message-ID: <Pine.LNX.4.33.0203101837590.12151-100000@unagi.e-techservices.com>

On Mon, 11 Mar 2002, Hironobu SUZUKI wrote:

> On Sun, 10 Mar 2002, V. Alex Brennen wrote:
>
> > I don't believe this is true.  While the potential to create 32 bit
> > key id collisions easily exists in v3, it is a hard problem in v4
> 
> Yes. But v3 must be supported.

In functionality, yes.  But in security... well...  IMHO, it's ok to
just throw v3 people to the wolves - they know what they're using 
is not secure, that it is attackable, in many different ways.  The
fixes for the insecurities in v3 are what became part of v4.

People really need to upgrade and stop using anything earlier than
v4.  Trying to secure v3 is like trying to secure Windows 98 as an
internet server.

LDAP has a max results modifier on queries, I encourage people 
to code something similar into keyservers to protect against 
server side DOS's rather than return a warning or partial
results.


	- VAB
---
V. Alex Brennen
Senior Systems Engineer
IBM Certified Specialist
e-TechServices.com
IBM Business Partner
Bus: 352.246.8553
Fax: 770.216.1877
vab@e-techservices.com
http://www.e-techservices.com/people/vab/



From hironobu@h2np.net  Mon Mar 11 01:00:02 2002
From: hironobu@h2np.net (Hironobu SUZUKI)
Date: Mon Mar 11 01:00:02 2002
Subject: duplicate keyid survey results
In-Reply-To: Your message of "Sun, 10 Mar 2002 12:34:14 EST."
 <Pine.LNX.4.33.0203101201010.12151-100000@unagi.e-techservices.com>
Message-ID: <200203102357.IAA01304@blue.h2np.net>


> 32 bit key ID:
> 64 bit key ID:
> 128 bit key ID (v3) (one line wrapped by MTA):
> 160 bit key ID (v4) (one line wrapped by MTA):

Retrieving by 64bit key ID was done. It is available via Web interface
from  http://www.openpksd.org/findkey/index.html

openpksd's database has 32bit<->64bit key mapping table.

It is easy to support 128 bit and 160 bit keyID. Long key reduces the
possibility of collision but I'm wondering that handing cost of
128/160 bit key ID is suitable cost for keyserver.

-- 
Hironobu SUZUKI
E-Mail: hironobu@h2np.net
URL: http://h2np.net


From hironobu@h2np.net  Mon Mar 11 01:08:01 2002
From: hironobu@h2np.net (Hironobu SUZUKI)
Date: Mon Mar 11 01:08:01 2002
Subject: duplicate keyid survey results
In-Reply-To: Your message of "Sun, 10 Mar 2002 18:50:38 EST."
 <Pine.LNX.4.33.0203101837590.12151-100000@unagi.e-techservices.com>
Message-ID: <200203110005.JAA01319@blue.h2np.net>

> they know what they're using is not secure, that it is attackable,
> in many different ways.  The fixes for the insecurities in v3 are
> what became part of v4.

Some attacks are effective not only user client but also keyserver.
If keyserver found duplicate key then return "Found duplicate
key". It's OK. It's little cost.  If keyserver found duplicate key
then return all of key contents.  It is a possibility of DoS not only
user client but also keyserver. v3 is problem but we have to support.

-- 
Hironobu SUZUKI
E-Mail: hironobu@h2np.net
URL: http://h2np.net



From Jakob Breivik Grimstveit <jakob@grimstveit.net>  Mon Mar 11 08:44:02 2002
From: Jakob Breivik Grimstveit <jakob@grimstveit.net> (Jakob Breivik Grimstveit)
Date: Mon Mar 11 08:44:02 2002
Subject: Keyservers problem (win32)
Message-ID: <603327296.20020311084152@grimstveit.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Whenever  trying  to  access  the  keyservers  using gpg, i only get the
following   answer  (both  at  home  using  dialup  and  on  work  using
broadband):

> Sending key(s) 0x545E2819 to server search.keyserver.net:11371 ...
>
> gpg: write failed: ec=87
> gpg: can't connect to `search.keyserver.net:11371': No error
>
> Press any key to continue . . .

Why is that?


- --
Vyrdsamt...
- - Jakob Breivik Grimstveit, jakob@grimstveit.net, www.grimstveit.net
- - Morvikbotn 341, 5122 Morvik. Tlf: 55195667, 48298152, 55239715
- - System Integrator, Star Shipping, jakob.grimstveit@starshipping.com

Veni, vedi, VCR: I came, I saw, I dubbed.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (MingW32)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjyMX8QACgkQTJM+uVReKBmF2QCfViwx/11DYh+fKh0eFZ3CWeke
rPYAniG4T6+J5LF7GqBOvRgl60YiJPLZ
=mVtZ
-----END PGP SIGNATURE-----



From schoech@iap-kborn.de  Mon Mar 11 08:53:01 2002
From: schoech@iap-kborn.de (=?iso-8859-1?Q?Armin_Sch=F6ch?=)
Date: Mon Mar 11 08:53:01 2002
Subject: Output
In-Reply-To: <000501c1c84c$a9680200$efee6620@teeniebe9euk8d>
Message-ID: <Pine.LNX.4.33.0203110747001.867-100000@pcramnan.iap-kborn.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Frank !

> I had a problem getting an output from exporting the trustdb.  It
> seems that one was the only one I had problems with.  Someone replyed
> with a alternative command to output to a file.  I believe it was
> called a pipe, or consol redirect.

Try
gpg --export-ownertrust > trustdb.asc

This is called console redirection and will work with most programmes.
It tells Windows (or *nix) to print all normal output not to the
screen but to a certain file. Error messages are still printed on the
screen.

&> file
will redirect normal output and error messages to "file". This works
with Linux, don't know whether it works with DOS/Windows.

gpg --import-ownertrust < trustdb.asc
should import the trust values from "trustdb.asc". This tells
Windows/*nix to read all input from the file instead of reading from
the keyboard.

HTH,
Armin

- --
Am Hasenberg 26         office: Institut f=FCr Atmosph=E4renphysik
D-18209 Bad Doberan             Schloss-Stra=DFe 6
Tel. ++49-(0)38203/42137        D-18225 K=FChlungsborn / GERMANY
Email: schoech@iap-kborn.de     Tel. +49-(0)38293-68-102
WWW: http://armins.cjb.net/     Fax. +49-(0)38293-68-50
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: Weitere Infos: siehe http://www.gnupg.org

iD8DBQE8jGHRG8Xv4GxznLoRAsP+AJ4184+nUOmK8RRE6ua0VZBzJ4Qq5ACgpaWC
xUCzMvLXrfZcvJmh1PtaVhg=3D
=3D0Nr+
-----END PGP SIGNATURE-----




From schoech@iap-kborn.de  Mon Mar 11 09:50:01 2002
From: schoech@iap-kborn.de (=?iso-8859-1?Q?Armin_Sch=F6ch?=)
Date: Mon Mar 11 09:50:01 2002
Subject: Keyservers problem (win32)
In-Reply-To: <603327296.20020311084152@grimstveit.net>
Message-ID: <Pine.LNX.4.33.0203110846440.1523-100000@pcramnan.iap-kborn.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Jakob !

> Whenever  trying  to  access  the  keyservers  using gpg, i only get the
> following   answer  (both  at  home  using  dialup  and  on  work  using
> broadband):
>
> > Sending key(s) 0x545E2819 to server search.keyserver.net:11371 ...
> >
> > gpg: write failed: ec=3D87
> > gpg: can't connect to `search.keyserver.net:11371': No error
> >
> > Press any key to continue . . .
>
> Why is that?

Have you tried other keyservers ? There are problems with some of
them. I use horowitz.surfnet.nl (as suggested by Werner Koch some time
ago) and it works fine for me.

HTH,
Armin

- --=20
Am Hasenberg 26         office: Institut f=FCr Atmosph=E4renphysik
D-18209 Bad Doberan             Schloss-Stra=DFe 6
Tel. ++49-(0)38203/42137        D-18225 K=FChlungsborn / GERMANY
Email: schoech@iap-kborn.de     Tel. +49-(0)38293-68-102
WWW: http://armins.cjb.net/     Fax. +49-(0)38293-68-50
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: Weitere Infos: siehe http://www.gnupg.org

iD8DBQE8jG88G8Xv4GxznLoRAkqmAKCRgC8h+8m8baD9s8fr2FomVoKHdQCdGGhG
o+OpOWxsEMyt2+jqHdOhmm0=3D
=3DMtLD
-----END PGP SIGNATURE-----




From schoech@iap-kborn.de  Mon Mar 11 10:20:01 2002
From: schoech@iap-kborn.de (=?iso-8859-1?Q?Armin_Sch=F6ch?=)
Date: Mon Mar 11 10:20:01 2002
Subject: Keyservers problem (win32)
In-Reply-To: <Pine.LNX.4.33.0203110846440.1523-100000@pcramnan.iap-kborn.de>
Message-ID: <Pine.LNX.4.33.0203110915210.1523-100000@pcramnan.iap-kborn.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi !

> > > Sending key(s) 0x545E2819 to server search.keyserver.net:11371 ...
> > >
> > > gpg: write failed: ec=3D87
> > > gpg: can't connect to `search.keyserver.net:11371': No error
> > >
> > > Press any key to continue . . .
> >
> > Why is that?

I look for the error message in the source code. It's produced in a
routine called "write_server" in "util/http.c" and is
Windows-specific. The error code 87 stands for
"ERROR_INVALID_PARAMETER" as reported by the Windows-API function
"GetLastError".

I'm not running Windows so I can't reproduce it. Sorry that I have no
better news for you. Maybe some of the developers can make more sense
out of it.

Bye,
Armin

- --=20
Am Hasenberg 26         office: Institut f=FCr Atmosph=E4renphysik
D-18209 Bad Doberan             Schloss-Stra=DFe 6
Tel. ++49-(0)38203/42137        D-18225 K=FChlungsborn / GERMANY
Email: schoech@iap-kborn.de     Tel. +49-(0)38293-68-102
WWW: http://armins.cjb.net/     Fax. +49-(0)38293-68-50
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: Weitere Infos: siehe http://www.gnupg.org

iD8DBQE8jHYzG8Xv4GxznLoRAjSQAJ0a9nR+DAVsRwE1MJaXO6yeAegZjwCgupLf
WMZjbfc149BXGpR/BwkVeTQ=3D
=3DVPfY
-----END PGP SIGNATURE-----




From Priscilla.McKerracher@jhuapl.edu  Mon Mar 11 14:30:02 2002
From: Priscilla.McKerracher@jhuapl.edu (McKerracher, Priscilla)
Date: Mon Mar 11 14:30:02 2002
Subject: unsubscribe me
Message-ID: <6B3C0EEAB4FED3119F5F009027DC5E9E02F82458@spacemsg3.jhuapl.edu>

Please unsubscribe me.

SIG Section Supervisor
priscilla_mckerracher@jhuapl.edu
Johns Hopkins University
Applied Physics Laboratory
Johns Hopkins Road
Laurel, MD 20723
443-778-4474

-----Original Message-----
From: gnupg-users-request@gnupg.org
[mailto:gnupg-users-request@gnupg.org]
Sent: Sunday, March 10, 2002 6:06 AM
To: gnupg-users@gnupg.org
Subject: Gnupg-users digest, Vol 1 #549 - 8 msgs


Send Gnupg-users mailing list submissions to
	gnupg-users@gnupg.org

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.gnupg.org/mailman/listinfo/gnupg-users
or, via email, send a message with subject or body 'help' to
	gnupg-users-request@gnupg.org

You can reach the person managing the list at
	gnupg-users-admin@gnupg.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Gnupg-users digest..."


Today's Topics:

   1. Re: missing documentation / rant (Oyvind A. Holm)
   2. Re: blowfish in gnuPG 1.0.6 =? 256 bit (Marc Mutz)
   3. Re: missing documentation / rant (Martin Blais)
   4. Re: missing documentation / rant (Martin Blais)
   5. Re: missing documentation / rant (Oyvind A. Holm)
   6. Re: blowfish in gnuPG 1.0.6 =? 256 bit (Bob Mathews)
   7. Announcement for OpenCDK (Timo Schulz)
   8. Re: duplicate keyid survey results (Hironobu SUZUKI)

--__--__--

Message: 1
Date: Sat, 9 Mar 2002 22:05:06 +0100 (CET)
From: "Oyvind A. Holm" <sunny@sunbase.org>
To: Martin Blais <blais@iro.umontreal.ca>
cc: gnupg-users@gnupg.org
Subject: Re: missing documentation / rant

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2002-03-09 15:02 Martin Blais wrote:
> another big one (for me and other friends): the default behaviour for
> "gpg file.gpg" is to decrypt to a file "file", and apart from asking
> for the passphrase it doesn't say it has output the PLAINTEXT to a
> FILE. the user that is not careful might forget or not know that is
> unencrypted document lies in the filesystem! that is a big problem!
> IMHO that should not be the default behaviour, the default, just as
> for input, should be that it outputs to stdout, just like --decrypt
> does, and that using --decrypt should output to a file (plus we
> should get a message that says so, every functionality that write
> unencrypted data to the filesystem should warn the user).

This can easily be avoided by using

    gpg <file.gpg

The output will then be sent to stdout. IMHO the current behaviour of
GnuPG is correct. When specifying a file directly, GPG behaves the
similar way -- creating a file. This is the de facto way of doing
things in UNIX and I don't think that should be changed. Another
question is whether it should be changed on DOSish systems, as the
stdin/stdout thing is pretty unfamiliar in the DOS (aka windows) world.
But then it's a Bad Thing to make a program work differently in
different environments. That would lead to more trouble than it's
worth.

Talking about stdin/stdout... I have to mention the horrible behaviour
by PGP 6.x. When I get encrypted mail, most of the time as armoured
text, I mark the text in my editor (joe) and filter it through GnuPG.
Works fine. One day I tried doing the same using PGP. It read from
stdin, but it did not send the output to stdout, instead it created a
file called "stdin" or something like that in the current directory
where i started my mail program. I must say I was shocked by this. I'd
_never_ think such a widespread program could have serious flaws like
this. If i remember correctly, one have to specify an option (-f or
something) to make PGP use stdin/stdout, but I still call it a flaw. If
it doesn't print to stdout, it should neither read from stdin. Indeed
PGP acts like a strange bird in an UNIX environment.

Regards,
=D8yvind

+-------------------------------------------------------------------+
| OpenPGP: 0x629022EB 2002-02-24 =D8yvind A. Holm <sunny@sunbase.org> |
| Fingerprint: DBE9 8D44 67F7 42AC 2CA1  7651 724E 9D53 6290 22EB   |
+------------- Nostalgien er ikke hva den engang var. --------------+

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)

iD8DBQE8injqck6dU2KQIusRAtKpAJ9gfO/XcS9dXtKsImQyHN+TBwqNPACgpU7q
BPIxa3uH1MeC0TOxlY77ii8=3D
=3Ds1Ae
-----END PGP SIGNATURE-----



--__--__--

Message: 2
From: Marc Mutz <Marc.Mutz@uni-bielefeld.de>
To: uwe puchta <u_p@lycos.de>,
 gnupg-users@gnupg.org
Subject: Re: blowfish in gnuPG 1.0.6 =? 256 bit
Date: Sat, 9 Mar 2002 22:28:08 +0100
Organization: Bielefeld University - Department of Physics

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Saturday 09 March 2002 12:55, uwe puchta wrote:
> just a question out of curiosity:
> what's the key size for Blowfish encryption?
> is it 256 bit?
> ... for both cipher-algo and s2k-cipher-algo
> (if defined so in the options file or at the
> command line)
<snip>

http://www.counterpane.com/blowfish.html

- --=20
Marc Mutz <mutz@kde.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8in5o3oWD+L2/6DgRAkvZAJwKaB7fZVJef25joMMlFlzFrvdyUACgjxzI
YSMEWqB7kWW1Zc4idqMXsNw=3D
=3DnndK
-----END PGP SIGNATURE-----



--__--__--

Message: 3
From: Martin Blais <blais@iro.umontreal.ca>
To: Werner Koch <wk@gnupg.org>
Subject: Re: missing documentation / rant
Date: Sat, 9 Mar 2002 16:39:46 -0500
Cc: gnupg-users@gnupg.org

On Saturday 09 March 2002 16:03, Werner Koch wrote:
> On Sat, 9 Mar 2002 15:02:23 -0500, Martin Blais said:
> > these options don't know show up in the man page. someone really ought
to
> > do the grunt work of cross-checking the man page documentation with the
> > actual
>
> There are reasons for this.  --dump-options is for example also not
> listed in the man page.  But hey, you have the source, so where is the
> problem.

there is no real problem, one of the users (me) is confused, and is making 
comments to the developers in order to allow them to improve the 
documentation of their software.

i'd like to know what they are? it would be nice if there was a clear 
separation between options that are shown by --help and those that aren't
and 
that are explained in the man page and manual (perhaps dub them "extended"
or 
"private" options?).  in any case, either the manual or documentation should

reflect all options, right?

i understand that documentation is difficult to keep up-to-date by a 
distributed team (and the handbook is actually quite impressive), but this
is 
indeed a 1.0 release and for such an important release documentation should 
be polished... i wouldn't have bothered making comments for a development 
release, because i understand that. my own system is that i make it a 
requirement to releasing, i.e. i don't allow myself to release until i've 
updated the docs. if i want to release something i have to bite the bullet 
and slave at the docs.

(and besides, sorry, but looking at the source doesn't qualify as 
documentation, which is what my comments are about. the beauty of oss is
that 
i can if i want to (especially to make modifications), but that doesn't mean

that all users of gpg SHOULD have to become acquainted with the source to 
find out what an option listed in --help is meant to do. i'm sure you'll 
agree with this.)


> > fixed (and if so, why doesn't it do that by itself?).  besides, i cannot
> > figure out how to use check-trustdb, all i get is output like this:
>
> So don't use it.  As said, there is a reason that it is not listed.

well, it IS indeed listed in "gpg --help".  i didn't mean to use it, i meant

to understand what it does because it was listed, and is not documented, and

that is why i was trying it. if i'm not meant to use it, then the problem is

that it was listed.


> BTW, the next version has it mentioned because this command has a real
> use then.
>
> > also of interest:
> >     --allow-secret-key-import
> >
> > is not mentioned on the output of "gpg --help". i'm sure there are many
>
> If you try to import a secret key, a messge is printed, telling you to
> use this option.  Anyway, this option is just a temporary hack and not
> anymore needed in 1.0.6d.  Printing all 202 commands and options with

cool.


> --help make no sense, it is just too much and can't probably not be
> understood without a more verbose description.  Anyway, recent
> versions do print:
>
>       --photo-viewer               Set command line to view Photo IDs
>    -N, --notation-data NAME=VALUE   use this notation data
>

>   (See the man page for a complete listing of all commands and options)

that's exactly my point!  is at least the man page complete? options that
are 
listed in --help should at least also be in the man page. the opposite is
not 
necessarily true, and some kind of grouping to acknowledge that is a nice
way 
to let the user understand this (something like "basic options" and
"extended 
options").



> There is nothing important missing, some things are maintainer only.
> If you or the people attracted by encryption real want to get into it,
> use the source.

those maintainer-only options should then not be visible to the user if he's

not to use them. all i'm arguing for, is that the maintainer/for-debug 
options be somehow marked as such or not visible.


> > another big one (for me and other friends): the default behaviour for
> > "gpg file.gpg" is to decrypt to a file "file", and apart from asking for
> > the passphrase it doesn't say it has output the PLAINTEXT to a FILE. the
>
> Which is the correct behaviour of a Unix tool.  Use --verbose to get
> what you want.

agreed, read on...


> > lies in the filesystem!  that is a big problem!  IMHO that should not be
> > the default behaviour, the default, just as for input, should be that it
> > outputs to stdout, just like --decrypt does, and that using --decrypt
> > should output
>
> A lot of tools do have this behaviour and it makes a lot of sense. IF
> you want to have the output on stdout, send the input to stdin.

i know i can use --decrypt and i do now (actually, you make me think, i'll 
try putting it in my options file).

well, please consider that a default behaviour of writing plaintext files
out 
to the filesystem is behaviour that does not foster trust in a program that 
is meant to provide data security for its user. i mean, there is a reason
for 
that file to be encrypted in the first place. if i considered my filesystem 
permissions to be secure i probably wouldn't use encryption to store files
on 
it.

i have often forgotten to delete unencrypted files because of that (and even

sometimes on my cd backups, which were recently robbed with the rest of the 
computing equipment. not a cool feeling. i agree that it is my fault because

i misused gpg, but food for thought anyway. IMHO plaintext should only be 
written to files on request. consider it a security feature, and not a minor

one---the user is less likely to make the mistake of decrypting to disk.)

thanks for your quick answer.
cheers,


--__--__--

Message: 4
From: Martin Blais <blais@iro.umontreal.ca>
To: "Oyvind A. Holm" <sunny@sunbase.org>
Subject: Re: missing documentation / rant
Date: Sat, 9 Mar 2002 16:53:28 -0500
Cc: gnupg-users@gnupg.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Saturday 09 March 2002 16:05, Oyvind A. Holm wrote:
> On 2002-03-09 15:02 Martin Blais wrote:
> question is whether it should be changed on DOSish systems, as the
> stdin/stdout thing is pretty unfamiliar in the DOS (aka windows) world.
> But then it's a Bad Thing to make a program work differently in
> different environments. That would lead to more trouble than it's
> worth.

good point, so i guess it cannot be changed.

perhaps an option to alter that behaviour would be cool. that option could
be 
put in the user's options file to get that behaviour.

just my 2cents.
thx again,
-----BEGIN PGP SIGNATURE-----
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjyKhFwACgkQq2PmC9F3Xx3UBACfYWoQti6Qhn/RoAxZ2jSCLMAo
axoAn35J/lP6Wt+P++ZDAcc48NK8STx8
=qCY2
-----END PGP SIGNATURE-----


--__--__--

Message: 5
Date: Sat, 9 Mar 2002 23:30:32 +0100 (CET)
From: "Oyvind A. Holm" <sunny@sunbase.org>
To: Martin Blais <blais@iro.umontreal.ca>
cc: gnupg-users@gnupg.org
Subject: Re: missing documentation / rant

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2002-03-09 16:53-0500 Martin Blais wrote:
> On 2002-03-09 22:05:06+0100, Oyvind A. Holm wrote:
> > Another question is whether it should be changed on DOSish systems,
> > as the stdin/stdout thing is pretty unfamiliar in the DOS (aka
> > windows) world. But then it's a Bad Thing to make a program work
> > differently in different environments. That would lead to more
> > trouble than it's worth.
>
> good point, so i guess it cannot be changed.
>
> perhaps an option to alter that behaviour would be cool. that option
> could be put in the user's options file to get that behaviour.

That seems like a good idea. Having an "always-stdout" option would be
a good thing to have, especially when thinking of how hard it is to
completely erase data from hard disks once it's written. After all,
it's easy to redirect the output to a file. I still think the current
behaviour should be the default, but I see no drawback in having an
configuration option to achieve this behaviour.

Regards,
=D8yvind

+-------------------------------------------------------------------+
| OpenPGP: 0x629022EB 2002-02-24 =D8yvind A. Holm <sunny@sunbase.org> |
| Fingerprint: DBE9 8D44 67F7 42AC 2CA1  7651 724E 9D53 6290 22EB   |
+----------- 2 + 2 =3D 5 for extremely large values of 2. ------------+

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)

iD8DBQE8iozTck6dU2KQIusRArY+AJ96aTJgFkdinstjIGrHTVr8xVpEygCfW5vi
IRrTZmSXdnJ2DKSDp/sXVI8=3D
=3DCiW9
-----END PGP SIGNATURE-----



--__--__--

Message: 6
From: Bob Mathews <bobmathews@mindspring.com>
To: Marc Mutz <Marc.Mutz@uni-bielefeld.de>,
	uwe puchta <u_p@lycos.de>, gnupg-users@gnupg.org
Subject: Re: blowfish in gnuPG 1.0.6 =? 256 bit
Date: Sat, 9 Mar 2002 14:36:45 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Saturday 09 March 2002 01:28 pm, Marc Mutz wrote:
> On Saturday 09 March 2002 12:55, uwe puchta wrote:
> > just a question out of curiosity:
> > what's the key size for Blowfish encryption?
> > is it 256 bit?
> > ... for both cipher-algo and s2k-cipher-algo
> > (if defined so in the options file or at the
> > command line)
>
> <snip>
>
> http://www.counterpane.com/blowfish.html

That page says that blowfish has a variable length key. However, according
to 
RFC2440, OpenPGP uses blowfish with a 128-bit key. That applies to both the 
- --cipher-algo and --s2k-cipher-algo options.

 -bob mathews

-----BEGIN PGP SIGNATURE-----
Comment: What's this? http://bobmathews.home.mindspring.com/bob/

iD8DBQE8io5/PgDecCrBEpcRAvZyAJ9mepDoScVoV1vvpUvKvcFAhf8JVwCeIfCh
4qakEveOZBnTDcGg3j+pSOc=
=RvAN
-----END PGP SIGNATURE-----


--__--__--

Message: 7
Date: Sun, 10 Mar 2002 00:22:24 +0100
From: Timo Schulz <twoaday@freakmail.de>
To: GnuPG Users <gnupg-users@gnupg.org>
Subject: Announcement for OpenCDK 
Reply-To: twoaday@freakmail.de


Hi,

I decided to create a library which implements basic parts
of the RFC2440 (OpenPGP) message format. This library will
be no replacement for any real OpenPGP application like PGP
or GPG. The goals of the library are to provide an API for
parsing packets and to work with OpenPGP keys.

There is also some code for signing, verification, encrypt
and decrypt, but this is only partly done.

Some of the code based on GPG and for all crypto functions
we referring to the libgcrypt library. This library is responsible
for secure memory, random generation and other sentensive parts.

Currently the library is work on progress, but for the people
who want to take a look at it can find the source on this webpage:
http://www.winpt.org/opencdk.html

Of course the whole project is available under the terms of the 
GNU General Public License.


        Timo





--__--__--

Message: 8
From: Hironobu SUZUKI <hironobu@h2np.net>
To: David Shaw <dshaw@jabberwocky.com>
cc: pgp-keyserver-folk@flame.org, gnupg-users@gnupg.org
Subject: Re: duplicate keyid survey results 
Date: Sun, 10 Mar 2002 10:23:55 +0900


I tried to send my e-mail to dshaw@jabberwocky.com from my two mail
addresses, hironobu@h2np.net and hironobu@pgp.nic.ad.jp, but all of my
e-mails were rejected.

Please let me know another your e-mail address which I can send one.

And I'm sorry for ML readers.

Best Regards,


-- 
Hironobu SUZUKI
E-Mail: hironobu@h2np.net
URL: http://h2np.net




--__--__--

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


End of Gnupg-users Digest


From e.sanchez@maximiles.com  Mon Mar 11 15:18:02 2002
From: e.sanchez@maximiles.com (=?iso-8859-1?Q?Eduardo_S=E1nchez?=)
Date: Mon Mar 11 15:18:02 2002
Subject: unsubscribe me
In-Reply-To: <6B3C0EEAB4FED3119F5F009027DC5E9E02F82458@spacemsg3.jhuapl.edu>
Message-ID: <GOENKAMIGAHJOIPJFDHFAEIJCOAA.e.sanchez@maximiles.com>

Please unsuscribe me too.

> -----Mensaje original-----
> De: gnupg-users-admin@gnupg.org [mailto:gnupg-users-admin@gnupg.org]En
> nombre de McKerracher, Priscilla
> Enviado el: lunes, 11 de marzo de 2002 14:27
> Para: 'gnupg-users@gnupg.org'
> Asunto: unsubscribe me
>
>
> Please unsubscribe me.
>
> SIG Section Supervisor
> priscilla_mckerracher@jhuapl.edu
> Johns Hopkins University
> Applied Physics Laboratory
> Johns Hopkins Road
> Laurel, MD 20723
> 443-778-4474
>
> -----Original Message-----
> From: gnupg-users-request@gnupg.org
> [mailto:gnupg-users-request@gnupg.org]
> Sent: Sunday, March 10, 2002 6:06 AM
> To: gnupg-users@gnupg.org
> Subject: Gnupg-users digest, Vol 1 #549 - 8 msgs
>
>
> Send Gnupg-users mailing list submissions to
> 	gnupg-users@gnupg.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	http://lists.gnupg.org/mailman/listinfo/gnupg-users
> or, via email, send a message with subject or body 'help' to
> 	gnupg-users-request@gnupg.org
>
> You can reach the person managing the list at
> 	gnupg-users-admin@gnupg.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Gnupg-users digest..."
>
>
> Today's Topics:
>
>    1. Re: missing documentation / rant (Oyvind A. Holm)
>    2. Re: blowfish in gnuPG 1.0.6 =? 256 bit (Marc Mutz)
>    3. Re: missing documentation / rant (Martin Blais)
>    4. Re: missing documentation / rant (Martin Blais)
>    5. Re: missing documentation / rant (Oyvind A. Holm)
>    6. Re: blowfish in gnuPG 1.0.6 =? 256 bit (Bob Mathews)
>    7. Announcement for OpenCDK (Timo Schulz)
>    8. Re: duplicate keyid survey results (Hironobu SUZUKI)
>
> --__--__--
>
> Message: 1
> Date: Sat, 9 Mar 2002 22:05:06 +0100 (CET)
> From: "Oyvind A. Holm" <sunny@sunbase.org>
> To: Martin Blais <blais@iro.umontreal.ca>
> cc: gnupg-users@gnupg.org
> Subject: Re: missing documentation / rant
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 2002-03-09 15:02 Martin Blais wrote:
> > another big one (for me and other friends): the default behaviour for
> > "gpg file.gpg" is to decrypt to a file "file", and apart from asking
> > for the passphrase it doesn't say it has output the PLAINTEXT to a
> > FILE. the user that is not careful might forget or not know that is
> > unencrypted document lies in the filesystem! that is a big problem!
> > IMHO that should not be the default behaviour, the default, just as
> > for input, should be that it outputs to stdout, just like --decrypt
> > does, and that using --decrypt should output to a file (plus we
> > should get a message that says so, every functionality that write
> > unencrypted data to the filesystem should warn the user).
>
> This can easily be avoided by using
>
>     gpg <file.gpg
>
> The output will then be sent to stdout. IMHO the current behaviour of
> GnuPG is correct. When specifying a file directly, GPG behaves the
> similar way -- creating a file. This is the de facto way of doing
> things in UNIX and I don't think that should be changed. Another
> question is whether it should be changed on DOSish systems, as the
> stdin/stdout thing is pretty unfamiliar in the DOS (aka windows) world.
> But then it's a Bad Thing to make a program work differently in
> different environments. That would lead to more trouble than it's
> worth.
>
> Talking about stdin/stdout... I have to mention the horrible behaviour
> by PGP 6.x. When I get encrypted mail, most of the time as armoured
> text, I mark the text in my editor (joe) and filter it through GnuPG.
> Works fine. One day I tried doing the same using PGP. It read from
> stdin, but it did not send the output to stdout, instead it created a
> file called "stdin" or something like that in the current directory
> where i started my mail program. I must say I was shocked by this. I'd
> _never_ think such a widespread program could have serious flaws like
> this. If i remember correctly, one have to specify an option (-f or
> something) to make PGP use stdin/stdout, but I still call it a flaw. If
> it doesn't print to stdout, it should neither read from stdin. Indeed
> PGP acts like a strange bird in an UNIX environment.
>
> Regards,
> =D8yvind
>
> +-------------------------------------------------------------------+
> | OpenPGP: 0x629022EB 2002-02-24 =D8yvind A. Holm <sunny@sunbase.org> |
> | Fingerprint: DBE9 8D44 67F7 42AC 2CA1  7651 724E 9D53 6290 22EB   |
> +------------- Nostalgien er ikke hva den engang var. --------------+
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
>
> iD8DBQE8injqck6dU2KQIusRAtKpAJ9gfO/XcS9dXtKsImQyHN+TBwqNPACgpU7q
> BPIxa3uH1MeC0TOxlY77ii8=3D
> =3Ds1Ae
> -----END PGP SIGNATURE-----
>
>
>
> --__--__--
>
> Message: 2
> From: Marc Mutz <Marc.Mutz@uni-bielefeld.de>
> To: uwe puchta <u_p@lycos.de>,
>  gnupg-users@gnupg.org
> Subject: Re: blowfish in gnuPG 1.0.6 =? 256 bit
> Date: Sat, 9 Mar 2002 22:28:08 +0100
> Organization: Bielefeld University - Department of Physics
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Saturday 09 March 2002 12:55, uwe puchta wrote:
> > just a question out of curiosity:
> > what's the key size for Blowfish encryption?
> > is it 256 bit?
> > ... for both cipher-algo and s2k-cipher-algo
> > (if defined so in the options file or at the
> > command line)
> <snip>
>
> http://www.counterpane.com/blowfish.html
>
> - --=20
> Marc Mutz <mutz@kde.org>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE8in5o3oWD+L2/6DgRAkvZAJwKaB7fZVJef25joMMlFlzFrvdyUACgjxzI
> YSMEWqB7kWW1Zc4idqMXsNw=3D
> =3DnndK
> -----END PGP SIGNATURE-----
>
>
>
> --__--__--
>
> Message: 3
> From: Martin Blais <blais@iro.umontreal.ca>
> To: Werner Koch <wk@gnupg.org>
> Subject: Re: missing documentation / rant
> Date: Sat, 9 Mar 2002 16:39:46 -0500
> Cc: gnupg-users@gnupg.org
>
> On Saturday 09 March 2002 16:03, Werner Koch wrote:
> > On Sat, 9 Mar 2002 15:02:23 -0500, Martin Blais said:
> > > these options don't know show up in the man page. someone really ought
> to
> > > do the grunt work of cross-checking the man page
> documentation with the
> > > actual
> >
> > There are reasons for this.  --dump-options is for example also not
> > listed in the man page.  But hey, you have the source, so where is the
> > problem.
>
> there is no real problem, one of the users (me) is confused, and
> is making
> comments to the developers in order to allow them to improve the
> documentation of their software.
>
> i'd like to know what they are? it would be nice if there was a clear
> separation between options that are shown by --help and those that aren't
> and
> that are explained in the man page and manual (perhaps dub them "extended"
> or
> "private" options?).  in any case, either the manual or
> documentation should
>
> reflect all options, right?
>
> i understand that documentation is difficult to keep up-to-date by a
> distributed team (and the handbook is actually quite impressive), but this
> is
> indeed a 1.0 release and for such an important release
> documentation should
> be polished... i wouldn't have bothered making comments for a development
> release, because i understand that. my own system is that i make it a
> requirement to releasing, i.e. i don't allow myself to release until i've
> updated the docs. if i want to release something i have to bite
> the bullet
> and slave at the docs.
>
> (and besides, sorry, but looking at the source doesn't qualify as
> documentation, which is what my comments are about. the beauty of oss is
> that
> i can if i want to (especially to make modifications), but that
> doesn't mean
>
> that all users of gpg SHOULD have to become acquainted with the source to
> find out what an option listed in --help is meant to do. i'm sure you'll
> agree with this.)
>
>
> > > fixed (and if so, why doesn't it do that by itself?).
> besides, i cannot
> > > figure out how to use check-trustdb, all i get is output like this:
> >
> > So don't use it.  As said, there is a reason that it is not listed.
>
> well, it IS indeed listed in "gpg --help".  i didn't mean to use
> it, i meant
>
> to understand what it does because it was listed, and is not
> documented, and
>
> that is why i was trying it. if i'm not meant to use it, then the
> problem is
>
> that it was listed.
>
>
> > BTW, the next version has it mentioned because this command has a real
> > use then.
> >
> > > also of interest:
> > >     --allow-secret-key-import
> > >
> > > is not mentioned on the output of "gpg --help". i'm sure
> there are many
> >
> > If you try to import a secret key, a messge is printed, telling you to
> > use this option.  Anyway, this option is just a temporary hack and not
> > anymore needed in 1.0.6d.  Printing all 202 commands and options with
>
> cool.
>
>
> > --help make no sense, it is just too much and can't probably not be
> > understood without a more verbose description.  Anyway, recent
> > versions do print:
> >
> >       --photo-viewer               Set command line to view Photo IDs
> >    -N, --notation-data NAME=VALUE   use this notation data
> >
>
> >   (See the man page for a complete listing of all commands and options)
>
> that's exactly my point!  is at least the man page complete? options that
> are
> listed in --help should at least also be in the man page. the opposite is
> not
> necessarily true, and some kind of grouping to acknowledge that is a nice
> way
> to let the user understand this (something like "basic options" and
> "extended
> options").
>
>
>
> > There is nothing important missing, some things are maintainer only.
> > If you or the people attracted by encryption real want to get into it,
> > use the source.
>
> those maintainer-only options should then not be visible to the
> user if he's
>
> not to use them. all i'm arguing for, is that the maintainer/for-debug
> options be somehow marked as such or not visible.
>
>
> > > another big one (for me and other friends): the default behaviour for
> > > "gpg file.gpg" is to decrypt to a file "file", and apart from
> asking for
> > > the passphrase it doesn't say it has output the PLAINTEXT to
> a FILE. the
> >
> > Which is the correct behaviour of a Unix tool.  Use --verbose to get
> > what you want.
>
> agreed, read on...
>
>
> > > lies in the filesystem!  that is a big problem!  IMHO that
> should not be
> > > the default behaviour, the default, just as for input, should
> be that it
> > > outputs to stdout, just like --decrypt does, and that using --decrypt
> > > should output
> >
> > A lot of tools do have this behaviour and it makes a lot of sense. IF
> > you want to have the output on stdout, send the input to stdin.
>
> i know i can use --decrypt and i do now (actually, you make me
> think, i'll
> try putting it in my options file).
>
> well, please consider that a default behaviour of writing plaintext files
> out
> to the filesystem is behaviour that does not foster trust in a
> program that
> is meant to provide data security for its user. i mean, there is a reason
> for
> that file to be encrypted in the first place. if i considered my
> filesystem
> permissions to be secure i probably wouldn't use encryption to store files
> on
> it.
>
> i have often forgotten to delete unencrypted files because of
> that (and even
>
> sometimes on my cd backups, which were recently robbed with the
> rest of the
> computing equipment. not a cool feeling. i agree that it is my
> fault because
>
> i misused gpg, but food for thought anyway. IMHO plaintext should only be
> written to files on request. consider it a security feature, and
> not a minor
>
> one---the user is less likely to make the mistake of decrypting to disk.)
>
> thanks for your quick answer.
> cheers,
>
>
> --__--__--
>
> Message: 4
> From: Martin Blais <blais@iro.umontreal.ca>
> To: "Oyvind A. Holm" <sunny@sunbase.org>
> Subject: Re: missing documentation / rant
> Date: Sat, 9 Mar 2002 16:53:28 -0500
> Cc: gnupg-users@gnupg.org
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Saturday 09 March 2002 16:05, Oyvind A. Holm wrote:
> > On 2002-03-09 15:02 Martin Blais wrote:
> > question is whether it should be changed on DOSish systems, as the
> > stdin/stdout thing is pretty unfamiliar in the DOS (aka windows) world.
> > But then it's a Bad Thing to make a program work differently in
> > different environments. That would lead to more trouble than it's
> > worth.
>
> good point, so i guess it cannot be changed.
>
> perhaps an option to alter that behaviour would be cool. that option could
> be
> put in the user's options file to get that behaviour.
>
> just my 2cents.
> thx again,
> -----BEGIN PGP SIGNATURE-----
> Comment: For info see http://www.gnupg.org
>
> iEYEARECAAYFAjyKhFwACgkQq2PmC9F3Xx3UBACfYWoQti6Qhn/RoAxZ2jSCLMAo
> axoAn35J/lP6Wt+P++ZDAcc48NK8STx8
> =qCY2
> -----END PGP SIGNATURE-----
>
>
> --__--__--
>
> Message: 5
> Date: Sat, 9 Mar 2002 23:30:32 +0100 (CET)
> From: "Oyvind A. Holm" <sunny@sunbase.org>
> To: Martin Blais <blais@iro.umontreal.ca>
> cc: gnupg-users@gnupg.org
> Subject: Re: missing documentation / rant
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 2002-03-09 16:53-0500 Martin Blais wrote:
> > On 2002-03-09 22:05:06+0100, Oyvind A. Holm wrote:
> > > Another question is whether it should be changed on DOSish systems,
> > > as the stdin/stdout thing is pretty unfamiliar in the DOS (aka
> > > windows) world. But then it's a Bad Thing to make a program work
> > > differently in different environments. That would lead to more
> > > trouble than it's worth.
> >
> > good point, so i guess it cannot be changed.
> >
> > perhaps an option to alter that behaviour would be cool. that option
> > could be put in the user's options file to get that behaviour.
>
> That seems like a good idea. Having an "always-stdout" option would be
> a good thing to have, especially when thinking of how hard it is to
> completely erase data from hard disks once it's written. After all,
> it's easy to redirect the output to a file. I still think the current
> behaviour should be the default, but I see no drawback in having an
> configuration option to achieve this behaviour.
>
> Regards,
> =D8yvind
>
> +-------------------------------------------------------------------+
> | OpenPGP: 0x629022EB 2002-02-24 =D8yvind A. Holm <sunny@sunbase.org> |
> | Fingerprint: DBE9 8D44 67F7 42AC 2CA1  7651 724E 9D53 6290 22EB   |
> +----------- 2 + 2 =3D 5 for extremely large values of 2. ------------+
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
>
> iD8DBQE8iozTck6dU2KQIusRArY+AJ96aTJgFkdinstjIGrHTVr8xVpEygCfW5vi
> IRrTZmSXdnJ2DKSDp/sXVI8=3D
> =3DCiW9
> -----END PGP SIGNATURE-----
>
>
>
> --__--__--
>
> Message: 6
> From: Bob Mathews <bobmathews@mindspring.com>
> To: Marc Mutz <Marc.Mutz@uni-bielefeld.de>,
> 	uwe puchta <u_p@lycos.de>, gnupg-users@gnupg.org
> Subject: Re: blowfish in gnuPG 1.0.6 =? 256 bit
> Date: Sat, 9 Mar 2002 14:36:45 -0800
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Saturday 09 March 2002 01:28 pm, Marc Mutz wrote:
> > On Saturday 09 March 2002 12:55, uwe puchta wrote:
> > > just a question out of curiosity:
> > > what's the key size for Blowfish encryption?
> > > is it 256 bit?
> > > ... for both cipher-algo and s2k-cipher-algo
> > > (if defined so in the options file or at the
> > > command line)
> >
> > <snip>
> >
> > http://www.counterpane.com/blowfish.html
>
> That page says that blowfish has a variable length key. However, according
> to
> RFC2440, OpenPGP uses blowfish with a 128-bit key. That applies
> to both the
> - --cipher-algo and --s2k-cipher-algo options.
>
>  -bob mathews
>
> -----BEGIN PGP SIGNATURE-----
> Comment: What's this? http://bobmathews.home.mindspring.com/bob/
>
> iD8DBQE8io5/PgDecCrBEpcRAvZyAJ9mepDoScVoV1vvpUvKvcFAhf8JVwCeIfCh
> 4qakEveOZBnTDcGg3j+pSOc=
> =RvAN
> -----END PGP SIGNATURE-----
>
>
> --__--__--
>
> Message: 7
> Date: Sun, 10 Mar 2002 00:22:24 +0100
> From: Timo Schulz <twoaday@freakmail.de>
> To: GnuPG Users <gnupg-users@gnupg.org>
> Subject: Announcement for OpenCDK
> Reply-To: twoaday@freakmail.de
>
>
> Hi,
>
> I decided to create a library which implements basic parts
> of the RFC2440 (OpenPGP) message format. This library will
> be no replacement for any real OpenPGP application like PGP
> or GPG. The goals of the library are to provide an API for
> parsing packets and to work with OpenPGP keys.
>
> There is also some code for signing, verification, encrypt
> and decrypt, but this is only partly done.
>
> Some of the code based on GPG and for all crypto functions
> we referring to the libgcrypt library. This library is responsible
> for secure memory, random generation and other sentensive parts.
>
> Currently the library is work on progress, but for the people
> who want to take a look at it can find the source on this webpage:
> http://www.winpt.org/opencdk.html
>
> Of course the whole project is available under the terms of the
> GNU General Public License.
>
>
>         Timo
>
>
>
>
>
> --__--__--
>
> Message: 8
> From: Hironobu SUZUKI <hironobu@h2np.net>
> To: David Shaw <dshaw@jabberwocky.com>
> cc: pgp-keyserver-folk@flame.org, gnupg-users@gnupg.org
> Subject: Re: duplicate keyid survey results
> Date: Sun, 10 Mar 2002 10:23:55 +0900
>
>
> I tried to send my e-mail to dshaw@jabberwocky.com from my two mail
> addresses, hironobu@h2np.net and hironobu@pgp.nic.ad.jp, but all of my
> e-mails were rejected.
>
> Please let me know another your e-mail address which I can send one.
>
> And I'm sorry for ML readers.
>
> Best Regards,
>
>
> --
> Hironobu SUZUKI
> E-Mail: hironobu@h2np.net
> URL: http://h2np.net
>
>
>
>
> --__--__--
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>
> End of Gnupg-users Digest
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users



From info@nakawe.se  Mon Mar 11 15:28:02 2002
From: info@nakawe.se (Veronica Loell)
Date: Mon Mar 11 15:28:02 2002
Subject: unsubscribe me
Message-ID: <200203111426.PAA07866@d1o907.telia.com>

Subscribing and unsubscribing can be done at the following adress, as noted 
in the introductory mail that I got when I subscribed... 
>http://lists.gnupg.org/mailman/listinfo/gnupg-users

The mail also says:
You can also make such adjustments via email by sending a message to:

  Gnupg-users-request@gnupg.org

with the word `help' in the subject or body (don't include the
quotes), and you will get back a message with instructions


I suggest that you try one of these things if you want to unsubscribe.


- Veronica Loell


From factotum@gvdnet.dk  Mon Mar 11 16:17:01 2002
From: factotum@gvdnet.dk (Martin Christensen)
Date: Mon Mar 11 16:17:01 2002
Subject: IDs, signatures and all that stuff
Message-ID: <87ofhvp2fo.fsf@gvdnet.dk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Howdy!

I've been trying to make sense of signatures and multiple IDs. If
someone signs my public key and I subsequently create a new ID for
that key, then it is not the case that the new ID by transitivity is
signed by the signer. This makes perfect sense: if the signer can
verify my identity as Dr. Jekyll and signs that ID, that does not mean
that he will vouch for any Mr. Hyde IDs used for eating small children
afterwards.

But then people say that creating new IDs for an old key is better
than creating an entirely new key, since creating a new key means that
I have to start collecting signatures all over again. But by doing so,
will I be that much better helped? Sure, people can see that my
_other_ IDs have been signed, but that will require more than a quick
glance, which is more than many people will give to most keys.

Am I missing something here?

Martin

- -- 
Homepage:       http://www.cs.auc.dk/~factotum/
GPG public key: http://www.cs.auc.dk/~factotum/gpgkey.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using Mailcrypt+GnuPG <http://www.gnupg.org>

iEYEARECAAYFAjyMyGsACgkQYu1fMmOQldXLWQCdEPEqTOcgIDCAsIYN13n/+DrU
twsAn3DaIYRApoW8VLjD603JSaVnUolv
=I/A5
-----END PGP SIGNATURE-----


From JanuszA.Urbanowicz  Mon Mar 11 16:24:01 2002
From: JanuszA.Urbanowicz (JanuszA.Urbanowicz)
Date: Mon Mar 11 16:24:01 2002
Subject: IDs, signatures and all that stuff
In-Reply-To: <87ofhvp2fo.fsf@gvdnet.dk> from Martin Christensen at "Mar 11, 2002
 04:08:27 pm"
Message-ID: <E16kRU1-0000Q0-00@syjon.fantastyka.net>

Martin Christensen wrote/napisa=B3[a]/schrieb:
> But then people say that creating new IDs for an old key is better
> than creating an entirely new key, since creating a new key means that
> I have to start collecting signatures all over again. But by doing so,
> will I be that much better helped? Sure, people can see that my
> _other_ IDs have been signed, but that will require more than a quick
> glance, which is more than many people will give to most keys.
>=20
> Am I missing something here?

I believe that you miss teh fact that key trust is calculated on per-key and
not on per-user ID basis.

Alex
--=20
C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling |         | =
  *  =09
 ; (_O : +-------------------------------------------------------------+ --=
+~|=09
 ! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem ka=
=BFde z=B3o | l_|/=09
A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF po d=
no;     |   |  =20


From factotum@gvdnet.dk  Mon Mar 11 17:14:01 2002
From: factotum@gvdnet.dk (Martin Christensen)
Date: Mon Mar 11 17:14:01 2002
Subject: IDs, signatures and all that stuff
In-Reply-To: <E16kRU1-0000Q0-00@syjon.fantastyka.net> ("Janusz A.
 Urbanowicz"'s message of "Mon, 11 Mar 2002 16:13:04 +0100 (CET)")
References: <E16kRU1-0000Q0-00@syjon.fantastyka.net>
Message-ID: <87k7sjozu9.fsf@gvdnet.dk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>>>> "Janusz" == Janusz A Urbanowicz <alex@bofh.torun.pl> writes:
Janusz> I believe that you miss teh fact that key trust is calculated
Janusz> on per-key and not on per-user ID basis.

Wouldn't that mean that I could create ad hoc bogus IDs for causing
general mayhem?

Martin

- -- 
Homepage:       http://www.cs.auc.dk/~factotum/
GPG public key: http://www.cs.auc.dk/~factotum/gpgkey.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using Mailcrypt+GnuPG <http://www.gnupg.org>

iEYEARECAAYFAjyM1Y4ACgkQYu1fMmOQldW5rgCePYJP0P1yFrlM7sIGigvuNzbB
akMAn0Q2aW64/lNUiJCDFv1LawkGm1/X
=nUBt
-----END PGP SIGNATURE-----


From bob@cps92.com  Mon Mar 11 17:30:01 2002
From: bob@cps92.com (Bob Metelsky)
Date: Mon Mar 11 17:30:01 2002
Subject: File limit size?? >4G
Message-ID: <3C8CDAFE.84009AD6@cps92.com>

Hello All

    Do we know if there is a limit on file sizes? I have a 4 + Gig file
that Im encrypting , the file allegedly encrypts without error but when
I decrypt
I get the following error(s)

invalid packet ctb=72
invalid packet ctb=69

Warning encrypted message has been manipulated!
dont know invalid packet ctb=70

Any suggestions???
many thanks in advance
bob






From rmalayter@bai.org  Mon Mar 11 17:58:01 2002
From: rmalayter@bai.org (Ryan Malayter)
Date: Mon Mar 11 17:58:01 2002
Subject: Cipher/hash for passphrase in PGP 7.0
Message-ID: <22FD1855C2B16C40A1F6DE406420021E0187F840@mail.bai.org>

Does anybody know what hash algorithm and symmetric cipher PGP v7.x uses on
private key material? I've tried many combinations of different cipher/hash
algorithms, but I can only seem to export a secret key and use it
successfully in PGP 7.x when it has *no* passphrase.

I've tried Blowfish/RIPEMD-160 (the GnuPG default), and all the combinations
of 3des, CAST, RIJNDAEL and SHA1, with no success.

Regards,
	-ryan-


From broonie@sirena.org.uk  Mon Mar 11 18:30:01 2002
From: broonie@sirena.org.uk (Mark Brown)
Date: Mon Mar 11 18:30:01 2002
Subject: IDs, signatures and all that stuff
In-Reply-To: <87k7sjozu9.fsf@gvdnet.dk>
References: <E16kRU1-0000Q0-00@syjon.fantastyka.net> <87k7sjozu9.fsf@gvdnet.dk>
Message-ID: <20020311172807.GD685@sirena.org.uk>

--xaMk4Io5JJdpkLEb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Mar 11, 2002 at 05:04:30PM +0100, Martin Christensen wrote:

> >>>>> "Janusz" =3D=3D Janusz A Urbanowicz <alex@bofh.torun.pl> writes:

> Janusz> I believe that you miss teh fact that key trust is calculated
> Janusz> on per-key and not on per-user ID basis.

> Wouldn't that mean that I could create ad hoc bogus IDs for causing
> general mayhem?

Not really.  The trust he's talking about is not for your IDs, it's for
trusting your signatures on other people's keys.  If you've got two IDs
on your key, one very widely signed and one not signed except by
yourself your signature on other people's keys will still come into play
on the web of trust even though your second ID might not be verifiable.

--=20
"You grabbed my hand and we fell into it, like a daydream - or a fever."

--xaMk4Io5JJdpkLEb
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8jOknJ2Vo11xhU60RArtVAJ90eDDUb17Ftce/Cu2nUO3WE9bdJgCg8F/4
hyh/v5jhNOVFKBy8IopxFTI=
=AxVz
-----END PGP SIGNATURE-----

--xaMk4Io5JJdpkLEb--


From Lgom347@cs.com  Mon Mar 11 19:42:02 2002
From: Lgom347@cs.com (Lgom347@cs.com)
Date: Mon Mar 11 19:42:02 2002
Subject: (no subject)
Message-ID: <36.24604222.29be53e7@cs.com>

My Windows 98 claims to be missing file: C:\PROGRA~1\CARBON~1\ccw32.vxd. Can 
someone help me fix this problem.


From mutz@kde.org  Mon Mar 11 20:07:01 2002
From: mutz@kde.org (Marc Mutz)
Date: Mon Mar 11 20:07:01 2002
Subject: Cipher/hash for passphrase in PGP 7.0
In-Reply-To: <22FD1855C2B16C40A1F6DE406420021E0187F840@mail.bai.org>
References: <22FD1855C2B16C40A1F6DE406420021E0187F840@mail.bai.org>
Message-ID: <200203111957.42180@sendmail.mutz.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Monday 11 March 2002 17:55, Ryan Malayter wrote:
> Does anybody know what hash algorithm and symmetric cipher PGP v7.x
> uses on private key material?

The problem is the cipher. It's IDEA.

> I've tried many combinations of
> different cipher/hash algorithms, but I can only seem to export a
> secret key and use it successfully in PGP 7.x when it has *no*
> passphrase.

You hit the nail on the head, as we say in Germany.

Marc

- -- 
Marc Mutz <mutz@kde.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8jP4k3oWD+L2/6DgRAgWXAJ9HHQ6/5L2mSerlMsdA1a6rSYxtSwCfYUVS
dtbiWcgwZccP40IqHmvFQzw=
=KFs5
-----END PGP SIGNATURE-----



From bart.martens@advalvas.be  Mon Mar 11 20:13:02 2002
From: bart.martens@advalvas.be (Bart Martens)
Date: Mon Mar 11 20:13:02 2002
Subject: Keyservers problem (win32)
In-Reply-To: <603327296.20020311084152@grimstveit.net>; from jakob@grimstveit.net on Mon, Mar 11, 2002 at 08:41:52AM +0100
References: <603327296.20020311084152@grimstveit.net>
Message-ID: <20020311202452.D1858@cable-195-162-215-141.upc.chello.be>

On Mon, Mar 11, 2002 at 08:41:52AM +0100, Jakob Breivik Grimstveit wrote:
> Whenever  trying  to  access  the  keyservers  using gpg, i only get the
> following   answer  (both  at  home  using  dialup  and  on  work  using
> broadband):
> 
> > Sending key(s) 0x545E2819 to server search.keyserver.net:11371 ...
> >
> > gpg: write failed: ec=87
> > gpg: can't connect to `search.keyserver.net:11371': No error
> >
> > Press any key to continue . . .
> 
> Why is that?

Other keyservers work fine, like wwwkeys.pgp.net .
I have a similar problem here, also with search.keyserver.net, but not allways.
See:

bart@cable-195-162-215-141:~$ gpg --keyserver search.keyserver.net --recv-key FBA6ECF1
gpg: requesting key FBA6ECF1 from search.keyserver.net ...
gpg: [fd 5]: read error: Connection reset by peer
gpg: no valid OpenPGP data found.
gpg: read_block: read error: invalid keyring
gpg: Total number processed: 0
bart@cable-195-162-215-141:~$ gpg --keyserver search.keyserver.net --recv-key FBA6ECF1
gpg: requesting key FBA6ECF1 from search.keyserver.net ...
gpg: key FBA6ECF1: not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
bart@cable-195-162-215-141:~$ 

As you can see, the first time it failed, the second time it succeeds. I'm
going to trace this, when I have some spare time. For now I use wwwkeys.pgp.net
as the default keyserver (in ~/.gnupg/options).

Bart Martens




From factotum@gvdnet.dk  Mon Mar 11 20:43:01 2002
From: factotum@gvdnet.dk (Martin Christensen)
Date: Mon Mar 11 20:43:01 2002
Subject: IDs, signatures and all that stuff
In-Reply-To: <20020311172807.GD685@sirena.org.uk> (Mark Brown's message of
 "Mon, 11 Mar 2002 17:28:07 +0000")
References: <E16kRU1-0000Q0-00@syjon.fantastyka.net>
 <87k7sjozu9.fsf@gvdnet.dk> <20020311172807.GD685@sirena.org.uk>
Message-ID: <87y9gyoq4o.fsf@gvdnet.dk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>>>> "Mark" == Mark Brown <broonie@sirena.org.uk> writes:
>> Wouldn't that mean that I could create ad hoc bogus IDs for causing
>> general mayhem?
Mark> Not really.  The trust he's talking about is not for your IDs,
Mark> it's for trusting your signatures on other people's keys.  If
Mark> you've got two IDs on your key, one very widely signed and one
Mark> not signed except by yourself your signature on other people's
Mark> keys will still come into play on the web of trust even though
Mark> your second ID might not be verifiable.

I'm starting to feel rather stupid now, like a fairly intelligent
bloke such as myself _should_ grok this model without even blinking. I
wonder, then, how Joe Luser then is expected to understand a word of
it, especially given an assumed very low interest in technical matters
by default.

Anyway, I digress.

I am failing to see a couple of things here. Signatures are the glue
of the web of trust model, and trust is calculated on a per-key basis,
not on a per-ID basis. Then what is the point in signing IDs? But on
the other hand, if there's no signing on a per-ID basis, then, after
getting a number of signatures, someone might create bogus IDs.

I don't think that I'm mixing up trust and signatures here... but who
knows? Signatures should be all about verifying people's identities,
but in creating a new ID, how do I avoid having to have that
particular signed all over again[1]? Needless to say, pulling keys out
of the web of trust is a Bad Thing(tm), but that doesn't seem to be
the argument that most people make when they tell you to make a new ID
rather than a new key. The current system makes relatively good sense,
but to me it doesn't seem to make _perfect_ sense. ARGH!

Martin


[1] I guess that once someone has signed your key once, and therefore
should trust that you are who you say you are, then, because they
trust your key, they'll not be reluctant to sign a reasonable new ID.

- -- 
Homepage:       http://www.cs.auc.dk/~factotum/
GPG public key: http://www.cs.auc.dk/~factotum/gpgkey.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using Mailcrypt+GnuPG <http://www.gnupg.org>

iEYEARECAAYFAjyNBrcACgkQYu1fMmOQldXENgCfdwG4ylntuPqhEc1glOaqRHvw
v3wAoLuAQ6TAsITeTQO1xsZdrvP5PoVE
=hdPS
-----END PGP SIGNATURE-----


From Jakob Breivik Grimstveit <jakob@grimstveit.net>  Mon Mar 11 20:47:02 2002
From: Jakob Breivik Grimstveit <jakob@grimstveit.net> (Jakob Breivik Grimstveit)
Date: Mon Mar 11 20:47:02 2002
Subject: Re[2]: Keyservers problem (win32)
In-Reply-To: <20020311202452.D1858@cable-195-162-215-141.upc.chello.be>
References: <603327296.20020311084152@grimstveit.net>
 <20020311202452.D1858@cable-195-162-215-141.upc.chello.be>
Message-ID: <19456286375.20020311204444@grimstveit.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 11.03.2002 20:24, Bart Martens wrote the following:

> On Mon, Mar 11, 2002 at 08:41:52AM +0100, Jakob Breivik Grimstveit wrote:

>> Whenever  trying  to  access the keyservers using gpg, i only get the
>> following  answer  (both  at  home  using  dialup  and  on work using
>> broadband):
>>
>> > Sending key(s) 0x545E2819 to server search.keyserver.net:11371 ...
>> >
>> > gpg: write failed: ec=87
>> > gpg: can't connect to `search.keyserver.net:11371': No error
>> >
>> > Press any key to continue . . .
>>
>> Why is that?

> Other  keyservers  work  fine, like wwwkeys.pgp.net . I have a similar
> problem here, also with search.keyserver.net, but not allways. See:

Well,  it always happens for me, on to seperate computers (WinXP & W2k),
on different internet connections (dialup & broadband).

> As you can see, the first time it failed, the second time it succeeds.
> I'm  going  to  trace this, when I have some spare time. For now I use
> wwwkeys.pgp.net as the default keyserver (in ~/.gnupg/options).

I  tried.  15  times.  Every  time  I  get the same response "No error".
Satisfying message :).


- --
Vyrdsamt...
- - Jakob Breivik Grimstveit, jakob@grimstveit.net, www.grimstveit.net
- - Morvikbotn 341, 5122 Morvik. Tlf: 55195667, 48298152, PGP:0xB68BA32F
- - System Integrator, Star Shipping, jakob.grimstveit@starshipping.com

I never get lost, just momentarily disoriented.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (MingW32)
Comment: For info see http://www.gnupg.org

iD8DBQE8jQktTJM+uVReKBkRAtEUAJ0fbTJvU1On3d5SfqxCv/S76QR2FQCcDgdv
wIyW54EEaWL88PEVkXcYaC8=
=gRV8
-----END PGP SIGNATURE-----



From dan@40hex.org  Tue Mar 12 03:09:02 2002
From: dan@40hex.org (Dan Stahlke)
Date: Tue Mar 12 03:09:02 2002
Subject: scripts and include directories missing in 1.0.6
Message-ID: <20020311170315.A17855@acidtrip>

The scripts/ and include/ are missing in gnupg-1.0.6.tar.gz, preventing 
compilation.  Gpg compiles just fine if I use gnupg-1.0.5 and the 1.0.6 
patch file.


From schoech@iap-kborn.de  Tue Mar 12 08:54:02 2002
From: schoech@iap-kborn.de (=?iso-8859-1?Q?Armin_Sch=F6ch?=)
Date: Tue Mar 12 08:54:02 2002
Subject: scripts and include directories missing in 1.0.6
In-Reply-To: <20020311170315.A17855@acidtrip>
Message-ID: <Pine.LNX.4.33.0203120749170.10841-100000@pcramnan.iap-kborn.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Dan !

> The scripts/ and include/ are missing in gnupg-1.0.6.tar.gz, preventing
> compilation.

Where did you get the archieve from ? I downloaded it from
www.gnupg.org a couple of days ago and it worked just fine. I can
email it to you privately if you want me to (it's about 1.9MB); just
tell me on my private mail.

Thanks,
Armin

- --=20
Am Hasenberg 26         office: Institut f=FCr Atmosph=E4renphysik
D-18209 Bad Doberan             Schloss-Stra=DFe 6
Tel. ++49-(0)38203/42137        D-18225 K=FChlungsborn / GERMANY
Email: schoech@iap-kborn.de     Tel. +49-(0)38293-68-102
WWW: http://armins.cjb.net/     Fax. +49-(0)38293-68-50
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: Weitere Infos: siehe http://www.gnupg.org

iD8DBQE8jbNPG8Xv4GxznLoRArw5AKCFOGWPE1yRlc7a/KBAXhorQzCa4ACgyPnp
trGUdquNvHBx2X6puCcfdOM=3D
=3D3rDy
-----END PGP SIGNATURE-----




From wk@gnupg.org  Tue Mar 12 11:30:02 2002
From: wk@gnupg.org (Werner Koch)
Date: Tue Mar 12 11:30:02 2002
Subject: scripts and include directories missing in 1.0.6
In-Reply-To: <20020311170315.A17855@acidtrip> (Dan Stahlke's message of
 "Mon, 11 Mar 2002 17:03:15 -0900")
References: <20020311170315.A17855@acidtrip>
Message-ID: <87sn762iaf.fsf@alberti.gnupg.de>

On Mon, 11 Mar 2002 17:03:15 -0900, Dan Stahlke said:

> The scripts/ and include/ are missing in gnupg-1.0.6.tar.gz,

No:

$ tar tzvf gnupg-1.0.6.tar.gz | grep include
-rw-r--r-- 1000/1000     25742 2001-04-27 16:42:25 gnupg-1.0.6/acinclude.m4
drwxrwxr-x 1000/1000         0 2001-05-29 08:59:18 gnupg-1.0.6/include/
-rw-rw-r-- 1000/1000       100 1999-02-20 21:45:39 gnupg-1.0.6/include/distfiles

Done on the FTP server.  From where did you get your copy or are you
just short on local disk space?

  Werner



From Priscilla.McKerracher@jhuapl.edu  Tue Mar 12 13:28:01 2002
From: Priscilla.McKerracher@jhuapl.edu (McKerracher, Priscilla)
Date: Tue Mar 12 13:28:01 2002
Subject: help unsubscribe
Message-ID: <6B3C0EEAB4FED3119F5F009027DC5E9E02F82477@spacemsg3.jhuapl.edu>

Please unsubscribe me.
SIG Section Supervisor
priscilla_mckerracher@jhuapl.edu
Johns Hopkins University
Applied Physics Laboratory
Johns Hopkins Road
Laurel, MD 20723
443-778-4474


-----Original Message-----
From: gnupg-users-request@gnupg.org
[mailto:gnupg-users-request@gnupg.org]
Sent: Tuesday, March 12, 2002 6:06 AM
To: gnupg-users@gnupg.org
Subject: Gnupg-users digest, Vol 1 #553 - 15 msgs


Send Gnupg-users mailing list submissions to
	gnupg-users@gnupg.org

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.gnupg.org/mailman/listinfo/gnupg-users
or, via email, send a message with subject or body 'help' to
	gnupg-users-request@gnupg.org

You can reach the person managing the list at
	gnupg-users-admin@gnupg.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Gnupg-users digest..."


Today's Topics:

   1. RE: unsubscribe me (Veronica Loell)
   2. IDs, signatures and all that stuff (Martin Christensen)
   3. Re: IDs, signatures and all that stuff (JanuszA.Urbanowicz)
   4. Re: IDs, signatures and all that stuff (Martin Christensen)
   5. File limit size?? >4G (Bob Metelsky)
   6. Cipher/hash for passphrase in PGP 7.0 (Ryan Malayter)
   7. Re: IDs, signatures and all that stuff (Mark Brown)
   8. (no subject) (Lgom347@cs.com)
   9. Re: Cipher/hash for passphrase in PGP 7.0 (Marc Mutz)
  10. Re: Keyservers problem (win32) (Bart Martens)
  11. Re: IDs, signatures and all that stuff (Martin Christensen)
  12. Re[2]: Keyservers problem (win32) (Jakob Breivik Grimstveit)
  13. scripts and include directories missing in 1.0.6 (Dan Stahlke)
  14. Re: scripts and include directories missing in 1.0.6
(=?iso-8859-1?Q?Armin_Sch=F6ch?=)
  15. Re: scripts and include directories missing in 1.0.6 (Werner Koch)

--__--__--

Message: 1
Date: Mon, 11 Mar 2002 15:27:04 +0100 (W. Europe Standard Time)
From: Veronica Loell <info@nakawe.se>
To: gnupg-users@gnupg.org
Subject: RE: unsubscribe me
Reply-To: info@nakawe.se
Organization: Nakawe data

Subscribing and unsubscribing can be done at the following adress, as noted 
in the introductory mail that I got when I subscribed... 
>http://lists.gnupg.org/mailman/listinfo/gnupg-users

The mail also says:
You can also make such adjustments via email by sending a message to:

  Gnupg-users-request@gnupg.org

with the word `help' in the subject or body (don't include the
quotes), and you will get back a message with instructions


I suggest that you try one of these things if you want to unsubscribe.


- Veronica Loell


--__--__--

Message: 2
To: gnupg-users@gnupg.org
Subject: IDs, signatures and all that stuff
From: Martin Christensen <factotum@gvdnet.dk>
Date: Mon, 11 Mar 2002 16:08:27 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Howdy!

I've been trying to make sense of signatures and multiple IDs. If
someone signs my public key and I subsequently create a new ID for
that key, then it is not the case that the new ID by transitivity is
signed by the signer. This makes perfect sense: if the signer can
verify my identity as Dr. Jekyll and signs that ID, that does not mean
that he will vouch for any Mr. Hyde IDs used for eating small children
afterwards.

But then people say that creating new IDs for an old key is better
than creating an entirely new key, since creating a new key means that
I have to start collecting signatures all over again. But by doing so,
will I be that much better helped? Sure, people can see that my
_other_ IDs have been signed, but that will require more than a quick
glance, which is more than many people will give to most keys.

Am I missing something here?

Martin

- -- 
Homepage:       http://www.cs.auc.dk/~factotum/
GPG public key: http://www.cs.auc.dk/~factotum/gpgkey.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using Mailcrypt+GnuPG <http://www.gnupg.org>

iEYEARECAAYFAjyMyGsACgkQYu1fMmOQldXLWQCdEPEqTOcgIDCAsIYN13n/+DrU
twsAn3DaIYRApoW8VLjD603JSaVnUolv
=I/A5
-----END PGP SIGNATURE-----


--__--__--

Message: 3
Subject: Re: IDs, signatures and all that stuff
To: Martin Christensen <factotum@gvdnet.dk>
Date: Mon, 11 Mar 2002 16:13:04 +0100 (CET)
CC: gnupg-users@gnupg.org
From: Janusz A. Urbanowicz <alex@bofh.torun.pl>

Martin Christensen wrote/napisa=B3[a]/schrieb:
> But then people say that creating new IDs for an old key is better
> than creating an entirely new key, since creating a new key means that
> I have to start collecting signatures all over again. But by doing so,
> will I be that much better helped? Sure, people can see that my
> _other_ IDs have been signed, but that will require more than a quick
> glance, which is more than many people will give to most keys.
>=20
> Am I missing something here?

I believe that you miss teh fact that key trust is calculated on per-key and
not on per-user ID basis.

Alex
--=20
C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling |         | =
  *  =09
 ; (_O : +-------------------------------------------------------------+ --=
+~|=09
 ! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem ka=
=BFde z=B3o | l_|/=09
A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF po d=
no;     |   |  =20


--__--__--

Message: 4
To: gnupg-users@gnupg.org
Subject: Re: IDs, signatures and all that stuff
From: Martin Christensen <factotum@gvdnet.dk>
Date: Mon, 11 Mar 2002 17:04:30 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>>>> "Janusz" == Janusz A Urbanowicz <alex@bofh.torun.pl> writes:
Janusz> I believe that you miss teh fact that key trust is calculated
Janusz> on per-key and not on per-user ID basis.

Wouldn't that mean that I could create ad hoc bogus IDs for causing
general mayhem?

Martin

- -- 
Homepage:       http://www.cs.auc.dk/~factotum/
GPG public key: http://www.cs.auc.dk/~factotum/gpgkey.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using Mailcrypt+GnuPG <http://www.gnupg.org>

iEYEARECAAYFAjyM1Y4ACgkQYu1fMmOQldW5rgCePYJP0P1yFrlM7sIGigvuNzbB
akMAn0Q2aW64/lNUiJCDFv1LawkGm1/X
=nUBt
-----END PGP SIGNATURE-----


--__--__--

Message: 5
Date: Mon, 11 Mar 2002 11:27:42 -0500
From: Bob Metelsky <bob@cps92.com>
Organization: Continuum Performance Systems
To: gnupg-users@gnupg.org
Subject: File limit size?? >4G

Hello All

    Do we know if there is a limit on file sizes? I have a 4 + Gig file
that Im encrypting , the file allegedly encrypts without error but when
I decrypt
I get the following error(s)

invalid packet ctb=72
invalid packet ctb=69

Warning encrypted message has been manipulated!
dont know invalid packet ctb=70

Any suggestions???
many thanks in advance
bob






--__--__--

Message: 6
From: Ryan Malayter <rmalayter@bai.org>
To: "'gnupg-users@gnupg.org'" <gnupg-users@gnupg.org>
Subject: Cipher/hash for passphrase in PGP 7.0
Date: Mon, 11 Mar 2002 10:55:24 -0600

Does anybody know what hash algorithm and symmetric cipher PGP v7.x uses on
private key material? I've tried many combinations of different cipher/hash
algorithms, but I can only seem to export a secret key and use it
successfully in PGP 7.x when it has *no* passphrase.

I've tried Blowfish/RIPEMD-160 (the GnuPG default), and all the combinations
of 3des, CAST, RIJNDAEL and SHA1, with no success.

Regards,
	-ryan-


--__--__--

Message: 7
Date: Mon, 11 Mar 2002 17:28:07 +0000
From: Mark Brown <broonie@sirena.org.uk>
To: gnupg-users@gnupg.org
Subject: Re: IDs, signatures and all that stuff


--xaMk4Io5JJdpkLEb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Mar 11, 2002 at 05:04:30PM +0100, Martin Christensen wrote:

> >>>>> "Janusz" =3D=3D Janusz A Urbanowicz <alex@bofh.torun.pl> writes:

> Janusz> I believe that you miss teh fact that key trust is calculated
> Janusz> on per-key and not on per-user ID basis.

> Wouldn't that mean that I could create ad hoc bogus IDs for causing
> general mayhem?

Not really.  The trust he's talking about is not for your IDs, it's for
trusting your signatures on other people's keys.  If you've got two IDs
on your key, one very widely signed and one not signed except by
yourself your signature on other people's keys will still come into play
on the web of trust even though your second ID might not be verifiable.

--=20
"You grabbed my hand and we fell into it, like a daydream - or a fever."

--xaMk4Io5JJdpkLEb
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8jOknJ2Vo11xhU60RArtVAJ90eDDUb17Ftce/Cu2nUO3WE9bdJgCg8F/4
hyh/v5jhNOVFKBy8IopxFTI=
=AxVz
-----END PGP SIGNATURE-----

--xaMk4Io5JJdpkLEb--


--__--__--

Message: 8
From: Lgom347@cs.com
Date: Mon, 11 Mar 2002 13:39:35 EST
Subject: (no subject)
To: gnupg-users@gnupg.org

My Windows 98 claims to be missing file: C:\PROGRA~1\CARBON~1\ccw32.vxd. Can

someone help me fix this problem.


--__--__--

Message: 9
Date: Mon, 11 Mar 2002 19:57:40 +0100
From: Marc Mutz <mutz@kde.org>
Subject: Re: Cipher/hash for passphrase in PGP 7.0
To: Ryan Malayter <rmalayter@bai.org>,
 "'gnupg-users@gnupg.org'" <gnupg-users@gnupg.org>
Organization: KDE

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Monday 11 March 2002 17:55, Ryan Malayter wrote:
> Does anybody know what hash algorithm and symmetric cipher PGP v7.x
> uses on private key material?

The problem is the cipher. It's IDEA.

> I've tried many combinations of
> different cipher/hash algorithms, but I can only seem to export a
> secret key and use it successfully in PGP 7.x when it has *no*
> passphrase.

You hit the nail on the head, as we say in Germany.

Marc

- -- 
Marc Mutz <mutz@kde.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8jP4k3oWD+L2/6DgRAgWXAJ9HHQ6/5L2mSerlMsdA1a6rSYxtSwCfYUVS
dtbiWcgwZccP40IqHmvFQzw=
=KFs5
-----END PGP SIGNATURE-----



--__--__--

Message: 10
Date: Mon, 11 Mar 2002 20:24:52 +0100
From: Bart Martens <bart.martens@chello.be>
To: Jakob Breivik Grimstveit <jakob@grimstveit.net>
Cc: gnupg-users@gnupg.org
Subject: Re: Keyservers problem (win32)
Reply-To: bart.martens@advalvas.be

On Mon, Mar 11, 2002 at 08:41:52AM +0100, Jakob Breivik Grimstveit wrote:
> Whenever  trying  to  access  the  keyservers  using gpg, i only get the
> following   answer  (both  at  home  using  dialup  and  on  work  using
> broadband):
> 
> > Sending key(s) 0x545E2819 to server search.keyserver.net:11371 ...
> >
> > gpg: write failed: ec=87
> > gpg: can't connect to `search.keyserver.net:11371': No error
> >
> > Press any key to continue . . .
> 
> Why is that?

Other keyservers work fine, like wwwkeys.pgp.net .
I have a similar problem here, also with search.keyserver.net, but not
allways.
See:

bart@cable-195-162-215-141:~$ gpg --keyserver search.keyserver.net
--recv-key FBA6ECF1
gpg: requesting key FBA6ECF1 from search.keyserver.net ...
gpg: [fd 5]: read error: Connection reset by peer
gpg: no valid OpenPGP data found.
gpg: read_block: read error: invalid keyring
gpg: Total number processed: 0
bart@cable-195-162-215-141:~$ gpg --keyserver search.keyserver.net
--recv-key FBA6ECF1
gpg: requesting key FBA6ECF1 from search.keyserver.net ...
gpg: key FBA6ECF1: not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
bart@cable-195-162-215-141:~$ 

As you can see, the first time it failed, the second time it succeeds. I'm
going to trace this, when I have some spare time. For now I use
wwwkeys.pgp.net
as the default keyserver (in ~/.gnupg/options).

Bart Martens




--__--__--

Message: 11
To: gnupg-users@gnupg.org
Subject: Re: IDs, signatures and all that stuff
From: Martin Christensen <factotum@gvdnet.dk>
Date: Mon, 11 Mar 2002 20:34:15 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>>>> "Mark" == Mark Brown <broonie@sirena.org.uk> writes:
>> Wouldn't that mean that I could create ad hoc bogus IDs for causing
>> general mayhem?
Mark> Not really.  The trust he's talking about is not for your IDs,
Mark> it's for trusting your signatures on other people's keys.  If
Mark> you've got two IDs on your key, one very widely signed and one
Mark> not signed except by yourself your signature on other people's
Mark> keys will still come into play on the web of trust even though
Mark> your second ID might not be verifiable.

I'm starting to feel rather stupid now, like a fairly intelligent
bloke such as myself _should_ grok this model without even blinking. I
wonder, then, how Joe Luser then is expected to understand a word of
it, especially given an assumed very low interest in technical matters
by default.

Anyway, I digress.

I am failing to see a couple of things here. Signatures are the glue
of the web of trust model, and trust is calculated on a per-key basis,
not on a per-ID basis. Then what is the point in signing IDs? But on
the other hand, if there's no signing on a per-ID basis, then, after
getting a number of signatures, someone might create bogus IDs.

I don't think that I'm mixing up trust and signatures here... but who
knows? Signatures should be all about verifying people's identities,
but in creating a new ID, how do I avoid having to have that
particular signed all over again[1]? Needless to say, pulling keys out
of the web of trust is a Bad Thing(tm), but that doesn't seem to be
the argument that most people make when they tell you to make a new ID
rather than a new key. The current system makes relatively good sense,
but to me it doesn't seem to make _perfect_ sense. ARGH!

Martin


[1] I guess that once someone has signed your key once, and therefore
should trust that you are who you say you are, then, because they
trust your key, they'll not be reluctant to sign a reasonable new ID.

- -- 
Homepage:       http://www.cs.auc.dk/~factotum/
GPG public key: http://www.cs.auc.dk/~factotum/gpgkey.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using Mailcrypt+GnuPG <http://www.gnupg.org>

iEYEARECAAYFAjyNBrcACgkQYu1fMmOQldXENgCfdwG4ylntuPqhEc1glOaqRHvw
v3wAoLuAQ6TAsITeTQO1xsZdrvP5PoVE
=hdPS
-----END PGP SIGNATURE-----


--__--__--

Message: 12
Date: Mon, 11 Mar 2002 20:44:44 +0100
From: Jakob Breivik Grimstveit <jakob@grimstveit.net>
Reply-To: Jakob Breivik Grimstveit <jakob@grimstveit.net>
To: bart.martens@advalvas.be
CC: gnupg-users@gnupg.org
Subject: Re[2]: Keyservers problem (win32)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 11.03.2002 20:24, Bart Martens wrote the following:

> On Mon, Mar 11, 2002 at 08:41:52AM +0100, Jakob Breivik Grimstveit wrote:

>> Whenever  trying  to  access the keyservers using gpg, i only get the
>> following  answer  (both  at  home  using  dialup  and  on work using
>> broadband):
>>
>> > Sending key(s) 0x545E2819 to server search.keyserver.net:11371 ...
>> >
>> > gpg: write failed: ec=87
>> > gpg: can't connect to `search.keyserver.net:11371': No error
>> >
>> > Press any key to continue . . .
>>
>> Why is that?

> Other  keyservers  work  fine, like wwwkeys.pgp.net . I have a similar
> problem here, also with search.keyserver.net, but not allways. See:

Well,  it always happens for me, on to seperate computers (WinXP & W2k),
on different internet connections (dialup & broadband).

> As you can see, the first time it failed, the second time it succeeds.
> I'm  going  to  trace this, when I have some spare time. For now I use
> wwwkeys.pgp.net as the default keyserver (in ~/.gnupg/options).

I  tried.  15  times.  Every  time  I  get the same response "No error".
Satisfying message :).


- --
Vyrdsamt...
- - Jakob Breivik Grimstveit, jakob@grimstveit.net, www.grimstveit.net
- - Morvikbotn 341, 5122 Morvik. Tlf: 55195667, 48298152, PGP:0xB68BA32F
- - System Integrator, Star Shipping, jakob.grimstveit@starshipping.com

I never get lost, just momentarily disoriented.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (MingW32)
Comment: For info see http://www.gnupg.org

iD8DBQE8jQktTJM+uVReKBkRAtEUAJ0fbTJvU1On3d5SfqxCv/S76QR2FQCcDgdv
wIyW54EEaWL88PEVkXcYaC8=
=gRV8
-----END PGP SIGNATURE-----



--__--__--

Message: 13
Date: Mon, 11 Mar 2002 17:03:15 -0900
From: Dan Stahlke <dan@40hex.org>
To: gnupg-users@gnupg.org
Subject: scripts and include directories missing in 1.0.6
Reply-To: dan@40hex.org

The scripts/ and include/ are missing in gnupg-1.0.6.tar.gz, preventing 
compilation.  Gpg compiles just fine if I use gnupg-1.0.5 and the 1.0.6 
patch file.


--__--__--

Message: 14
Date: Tue, 12 Mar 2002 07:50:39 +0000 (GMT)
From: =?iso-8859-1?Q?Armin_Sch=F6ch?= <schoech@iap-kborn.de>
Reply-To: <schoech@iap-kborn.de>
To: Dan Stahlke <dan@40hex.org>
cc: <gnupg-users@gnupg.org>
Subject: Re: scripts and include directories missing in 1.0.6

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Dan !

> The scripts/ and include/ are missing in gnupg-1.0.6.tar.gz, preventing
> compilation.

Where did you get the archieve from ? I downloaded it from
www.gnupg.org a couple of days ago and it worked just fine. I can
email it to you privately if you want me to (it's about 1.9MB); just
tell me on my private mail.

Thanks,
Armin

- --=20
Am Hasenberg 26         office: Institut f=FCr Atmosph=E4renphysik
D-18209 Bad Doberan             Schloss-Stra=DFe 6
Tel. ++49-(0)38203/42137        D-18225 K=FChlungsborn / GERMANY
Email: schoech@iap-kborn.de     Tel. +49-(0)38293-68-102
WWW: http://armins.cjb.net/     Fax. +49-(0)38293-68-50
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: Weitere Infos: siehe http://www.gnupg.org

iD8DBQE8jbNPG8Xv4GxznLoRArw5AKCFOGWPE1yRlc7a/KBAXhorQzCa4ACgyPnp
trGUdquNvHBx2X6puCcfdOM=3D
=3D3rDy
-----END PGP SIGNATURE-----




--__--__--

Message: 15
To: dan@40hex.org
Cc: gnupg-users@gnupg.org
Subject: Re: scripts and include directories missing in 1.0.6
From: Werner Koch <wk@gnupg.org>
Date: Tue, 12 Mar 2002 11:26:48 +0100

On Mon, 11 Mar 2002 17:03:15 -0900, Dan Stahlke said:

> The scripts/ and include/ are missing in gnupg-1.0.6.tar.gz,

No:

$ tar tzvf gnupg-1.0.6.tar.gz | grep include
-rw-r--r-- 1000/1000     25742 2001-04-27 16:42:25 gnupg-1.0.6/acinclude.m4
drwxrwxr-x 1000/1000         0 2001-05-29 08:59:18 gnupg-1.0.6/include/
-rw-rw-r-- 1000/1000       100 1999-02-20 21:45:39
gnupg-1.0.6/include/distfiles

Done on the FTP server.  From where did you get your copy or are you
just short on local disk space?

  Werner




--__--__--

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


End of Gnupg-users Digest


From mail@volker-gaibler.de  Tue Mar 12 17:32:02 2002
From: mail@volker-gaibler.de (Volker Gaibler)
Date: Tue Mar 12 17:32:02 2002
Subject: Compatibility problem ??
Message-ID: <3C8E3AEB.17131.1872FA@localhost>

Hi,

is there a known compatibility problem of GPG with PGP 6 and 7?
Other people can't use my gpg key because "key can't be used for encryption".
I used the default values for key generation with gpg 1.0.6
There's nothing about that in the FAQ.

Thanks in advance
Volker



-----------------------------------------------------------------------
 Volker Gaibler                                 contact: 
 http://www.volker-gaibler.de                   mail@volker-gaibler.de
-----------------------------------------------------------------------


From johanw@vulcan.xs4all.nl  Tue Mar 12 18:16:01 2002
From: johanw@vulcan.xs4all.nl (Johan Wevers)
Date: Tue Mar 12 18:16:01 2002
Subject: Output
In-Reply-To: <Pine.LNX.4.33.0203110747001.867-100000@pcramnan.iap-kborn.de> from "[Armin Sch_ch]" at "Mar 11, 2002 07:50:40 am"
Message-ID: <200203111716.SAA03509@vulcan.xs4all.nl>

Armin Sch?ch, wrote:

>&> file
>will redirect normal output and error messages to "file". This works
>with Linux, don't know whether it works with DOS/Windows.

It will in NT/2000, not on win9x since they don't have a stderr.

-- 
ir. J.C.A. Wevers         //  Physics and science fiction site:
johanw@vulcan.xs4all.nl   //  http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html


From sbutler@fchn.com  Tue Mar 12 19:05:02 2002
From: sbutler@fchn.com (Steve Butler)
Date: Tue Mar 12 19:05:02 2002
Subject: Compatibility problem ??
Message-ID: <b7340c263f2ce1af16d04f9468db21393c8e42f0@fchn.com>

The message you are showing is not the same our clients had, but there does
appear to be a cipher preference problem for DSH/ELG key pairs generated by
1.0.6.  Once our clients went to the latest version of pgp 7, they were able
to use the keys.

You're message almost sounds like you sent them a public key that can only
sign but not encrypt.  However, that might be an artifact of the above issue
dealing with the cipher preferences.  I forget which one was causing
problems on the PGP side.

Stephen M Butler
Oracle Administrator
First Choice Health Network

sbutler@fchn.com
206-268-2309



-----Original Message-----
From: Volker Gaibler [mailto:volker.gaibler@urz.uni-heidelberg.de]
Sent: Tuesday, March 12, 2002 8:29 AM
To: gnupg-users@gnupg.org
Subject: Compatibility problem ??


Hi,

is there a known compatibility problem of GPG with PGP 6 and 7?
Other people can't use my gpg key because "key can't be used for
encryption".
I used the default values for key generation with gpg 1.0.6
There's nothing about that in the FAQ.

Thanks in advance
Volker



-----------------------------------------------------------------------
 Volker Gaibler                                 contact: 
 http://www.volker-gaibler.de                   mail@volker-gaibler.de
-----------------------------------------------------------------------

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.



From sean@tcob1.net  Tue Mar 12 20:08:02 2002
From: sean@tcob1.net (Sean Rima)
Date: Tue Mar 12 20:08:02 2002
Subject: gnupg in DOS
Message-ID: <zds.p90.m3r8mp3977.fsf@tcob1.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have been asked if anyone knows of a port of gnupg for DOS. Any help
would be apprectiated.

Sean
- -- 
                            ,,,
                           (o o)
- -=-=-=-=-=-=-=-=-=-=-=-oOOo-(_)-oOOo-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
    Offering feeds for Fidonet, Adventurenet, and many other nets
              See http://www.tcob1.net for more details
 ICQ: 679813  Linux User: 231986  TCOB1 BBS: 095 43852 Yahoo: tcob_1
                     Jabber: tcobone@jabber.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Use GPG for Secure Mail

iEYEARECAAYFAjyOT6wACgkQeR/L2ZZp3E/SmACfbCOwOXzMF8eGiGVclNlR6kgJ
lzkAn0NowQJSpH4R97PO/39sceGzsllk
=SOgA
-----END PGP SIGNATURE-----


From dan@40hex.org  Tue Mar 12 21:06:01 2002
From: dan@40hex.org (Dan Stahlke)
Date: Tue Mar 12 21:06:01 2002
Subject: scripts and include directories missing in 1.0.6
In-Reply-To: <87sn762iaf.fsf@alberti.gnupg.de>; from wk@gnupg.org on Tue, Mar 12, 2002 at 01:26:48 -0900
References: <20020311170315.A17855@acidtrip> <87sn762iaf.fsf@alberti.gnupg.de>
Message-ID: <20020312110016.A19191@acidtrip>

Well, this is odd.. I originally downloaded the file from 
www.gnupg.org, but now that I download it again today, all the files 
are indeed included.  Sorry for the false alarm.

On 2002.03.12 01:26 Werner Koch wrote:
> On Mon, 11 Mar 2002 17:03:15 -0900, Dan Stahlke said:
> 
> > The scripts/ and include/ are missing in gnupg-1.0.6.tar.gz,
> 
> No:
> 
> $ tar tzvf gnupg-1.0.6.tar.gz | grep include
> -rw-r--r-- 1000/1000     25742 2001-04-27 16:42:25
> gnupg-1.0.6/acinclude.m4
> drwxrwxr-x 1000/1000         0 2001-05-29 08:59:18
> gnupg-1.0.6/include/
> -rw-rw-r-- 1000/1000       100 1999-02-20 21:45:39
> gnupg-1.0.6/include/distfiles
> 
> Done on the FTP server.  From where did you get your copy or are you
> just short on local disk space?
> 
>   Werner
> 
> 


From wk@gnupg.org  Tue Mar 12 22:16:01 2002
From: wk@gnupg.org (Werner Koch)
Date: Tue Mar 12 22:16:01 2002
Subject: Compatibility problem ??
In-Reply-To: <b7340c263f2ce1af16d04f9468db21393c8e42f0@fchn.com> (Steve
 Butler's message of "Tue, 12 Mar 2002 10:01:50 -0800")
References: <b7340c263f2ce1af16d04f9468db21393c8e42f0@fchn.com>
Message-ID: <87pu291obq.fsf@alberti.gnupg.de>

On Tue, 12 Mar 2002 10:01:50 -0800, Steve Butler said:

> You're message almost sounds like you sent them a public key that can only
> sign but not encrypt.  However, that might be an artifact of the above issue

Another reason for this might be that the key has been retrieved from
a keyserver and the keyserver removed the (encryption) subkeys due to
a bug.  I get quite often mails that it is not possible to send me an
encrypted mail due to a missing encryption subkey.  When the sender
retrieves the key by other means (e.g. X-Request-PGP: mail header) it
does work.

  Werner



From Peter.Hegt@phidias.nl  Wed Mar 13 11:13:01 2002
From: Peter.Hegt@phidias.nl (Hegt, Peter)
Date: Wed Mar 13 11:13:01 2002
Subject: GPG Windows tip
Message-ID: <E11AC8AB6A04D2119EB60060084FFD22B91396@NTSERVER>

Hi,

I've got this tip for making GPG easier to use in Windows.
To add encrypt/decrypt commands to the context menu (right click on a file):

Assuming gpg.exe is installed in c:\app\gnupg
and
the id of the key you'd like to use is ID
then with
regedit.exe
in the key HKEY_CLASSES_ROOT\*\shell
(create the shell key if it is not there yet):

For encrypting create a key:

HKEY_CLASSES_ROOT\*\shell\GPG encrypt and sign with <your email address
here>\command
	(Default) = "c:\App\gnupg\gpg -u ID --armor --sign --encrypt "%1""

put double qoutes around the %1 in case the file name has spaces.
If you have more keys, then add more entries

For decrypting create a key:

HKEY_CLASSES_ROOT\*\shell\GPG decrypt and verify (to file.out)\command
	(Default) = "c:\App\gnupg\gpg -o "%1%.out" "%1""


Regards,
Peter
peter.hegt at phidias dot nl
PGP/GPG public key at http://pgpkeys.mit.edu or http://keyserver.pgp.com
(search for above email address)


From Jakob Breivik Grimstveit <jakob@grimstveit.net>  Wed Mar 13 11:28:01 2002
From: Jakob Breivik Grimstveit <jakob@grimstveit.net> (Jakob Breivik Grimstveit)
Date: Wed Mar 13 11:28:01 2002
Subject: GPG Windows tip
In-Reply-To: <E11AC8AB6A04D2119EB60060084FFD22B91396@NTSERVER>
References: <E11AC8AB6A04D2119EB60060084FFD22B91396@NTSERVER>
Message-ID: <7561410656.20020313112600@grimstveit.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 13.03.2002 11:13, Hegt, Peter wrote the following:

[snip snip]

> HKEY_CLASSES_ROOT\*\shell\GPG encrypt and sign with some@com.com

[snip snip]

> HKEY_CLASSES_ROOT\*\shell\GPG decrypt and verify (to file.out)

Incredibly  powerful  and  sexy integration with the Windows GUI! Big up
for Peter (as Ali would have said it).

Simple  and  trivial perhaps, but insert an additional '&' preceding the
character  in  the  selection  title  you want to become hotkey for that
context menu selection. As follows:

HKEY_CLASSES_ROOT\*\shell\GPG &encrypt and sign with some@com.com

HKEY_CLASSES_ROOT\*\shell\GPG &decrypt and verify (to file.out)

Even faster!


- --
Vyrdsamt...
- - Jakob Breivik Grimstveit, jakob@grimstveit.net, www.grimstveit.net
- - Morvikbotn 341, 5122 Morvik. Tlf: 55195667, 48298152, PGP:0x545E2819
- - System Integrator, Star Shipping, jakob.grimstveit@starshipping.com

If it jams, force it. If it breaks, it needed replacing
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (MingW32)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjyPKT4ACgkQTJM+uVReKBmNLACePUVbck2C5nyQE3NWHALT8b/L
pv8An0KiKA0IL9hjm79XUUGLPoqaFCGm
=G8I7
-----END PGP SIGNATURE-----



From mail@volker-gaibler.de  Wed Mar 13 12:00:01 2002
From: mail@volker-gaibler.de (Volker Gaibler)
Date: Wed Mar 13 12:00:01 2002
Subject: Compatibility problem ??
In-Reply-To: <b7340c263f2ce1af16d04f9468db21393c8e42f0@fchn.com>
Message-ID: <3C8F3EC5.745.16DFD5@localhost>

On 12 Mar 2002, at 22:14, Werner Koch wrote:
> Another reason for this might be that the key has been retrieved from
> a keyserver and the keyserver removed the (encryption) subkeys due to
> a bug. 
On 12 Mar 2002, at 10:01, Steve Butler wrote:
> You're message almost sounds like you sent them a public key that can only
> sign but not encrypt. 

Thanks for your hints. A keyserver problem is not possible because I did not 
use a keyserver (I first wanted to try this with a test key without spreading 
it). 

I think I have an answer despite I don't really know whether I did something 
wrong. The ElGamal subkey is present (for encryption only) but there is also a 
DSA subkey. GPG has no problems with that subkey but I think PGP 6/7 (which 
I've tried) can't handle it because everything worked after I removed it. 

As I read in the OpenPGP-RFC it should be compliant to have such DSA subkey but 
it's no problem that I can't use it because I didn't want to do this later 
anyway. Only the top level key provides signature services so this should not 
be of any practical use to me - or is it?

Volker



-----------------------------------------------------------------------
 Volker Gaibler                                 contact: 
 http://www.volker-gaibler.de                   mail@volker-gaibler.de
-----------------------------------------------------------------------


From Juergen.Polster@icn.siemens.de  Wed Mar 13 15:38:01 2002
From: Juergen.Polster@icn.siemens.de (Polster Juergen)
Date: Wed Mar 13 15:38:01 2002
Subject: Modifying location of secret keyring under Windows
Message-ID: <1D82815C322BD41196EA00508B951F7B021B3A09@MCHH265E>

Hi,
I want to have my secret keyring on my floppy drive. So I modified the 
OPTIONS file by adding the following line:

secret-keyring A:\secring.gpg

and moved my secring.gpg to A:\  .Now GPG does not find my secring
anymore. Instead it shows the following error message:

D:\PROGRA~2\WinPT>gpg --list-secret-keys

gpg: keyblock resource `D:/Program Files/WinPT//A:\secring.gpg': file open error

So it keeps the old location and appends the new one. How can I specify another drive?

Best regards
Juergen Polster

Mailto:juergen.polster@icn.siemens.de



From gnupg-users@gnupg.org  Wed Mar 13 16:13:01 2002
From: gnupg-users@gnupg.org (Erik)
Date: Wed Mar 13 16:13:01 2002
Subject: Modifying location of secret keyring under Windows
In-Reply-To: <1D82815C322BD41196EA00508B951F7B021B3A09@MCHH265E>
References: <1D82815C322BD41196EA00508B951F7B021B3A09@MCHH265E>
Message-ID: <1117107354.20020313101049@mochamail.com>

Hello Polster,


On Wed, 13 Mar 2002, at 15:36:32 [GMT +0100] you wrote in the message:

> I want to have my secret keyring on my floppy drive. So I modified the
> OPTIONS file by adding the following line:

> secret-keyring A:\secring.gpg

> and moved my secring.gpg to A:\  .Now GPG does not find my secring
> anymore. Instead it shows the following error message:

Use a forward slash.

secret-keyring a:/secring.gpg

--
Best regards,
 Erik



From dshaw@jabberwocky.com  Wed Mar 13 16:43:02 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Wed Mar 13 16:43:02 2002
Subject: Compatibility problem ??
In-Reply-To: <3C8F3EC5.745.16DFD5@localhost>
References: <b7340c263f2ce1af16d04f9468db21393c8e42f0@fchn.com> <3C8F3EC5.745.16DFD5@localhost>
Message-ID: <20020313154018.GF681@akamai.com>

On Wed, Mar 13, 2002 at 11:57:57AM +0100, Volker Gaibler wrote:
> On 12 Mar 2002, at 22:14, Werner Koch wrote:
> > Another reason for this might be that the key has been retrieved from
> > a keyserver and the keyserver removed the (encryption) subkeys due to
> > a bug. 
> On 12 Mar 2002, at 10:01, Steve Butler wrote:
> > You're message almost sounds like you sent them a public key that can only
> > sign but not encrypt. 
> 
> Thanks for your hints. A keyserver problem is not possible because I did not 
> use a keyserver (I first wanted to try this with a test key without spreading 
> it). 
> 
> I think I have an answer despite I don't really know whether I did
> something wrong. The ElGamal subkey is present (for encryption only)
> but there is also a DSA subkey. GPG has no problems with that subkey
> but I think PGP 6/7 (which I've tried) can't handle it because
> everything worked after I removed it.

Yes.  PGP does not support signing subkeys.

> As I read in the OpenPGP-RFC it should be compliant to have such DSA
> subkey but it's no problem that I can't use it because I didn't want
> to do this later anyway. Only the top level key provides signature
> services so this should not be of any practical use to me - or is
> it?

There is a practical use - many people like to set expiration dates on
their subkeys and/or rotate them every now and then.  Using a signing
subkey this way means you don't have to generate a new key and get it
signed each time.

Using a signing subkey also means you can keep your primary key
offline and just use the subkeys for signing and encryption.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From jayachristina@hotmail.com  Wed Mar 13 17:24:01 2002
From: jayachristina@hotmail.com (Jaya Christina)
Date: Wed Mar 13 17:24:01 2002
Subject: no valid OPENPGP data found!!!!!!!! HELP!!!
Message-ID: <OE35oomniUxVUII0IvI00009be0@hotmail.com>

This is a multi-part message in MIME format.

------=_NextPart_000_0199_01C1CAB3.54140740
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi *,

I have been using the gpg .. am a novice in this.

I have encrypted a string and when i try t decrypt this i get the error =
message saying
gpg: no valid OPENPGP data found
gpg: decryption failed: bad key

and so i tried gpg --verify file.gpg
C:\proj\files>gpg --verify file.gpg
gpg: Signature made 03/13/02 15:31:22  using DSA key ID 727B7019
gpg: Good signature from "jayachristina (programmer) =
<jayachristina@hotmail.com>"



Is there anything i have been missing.
I did the following:
gpg --gen-key
gpg -s file
gpg -sa file
gpg --verify file.gpg
gpg --verify file.asc



Somebody pleease help.
Thanx.
Ciao
Jaya

------=_NextPart_000_0199_01C1CAB3.54140740
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hi *,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>I have been using the gpg .. am a =
novice in=20
this.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>I have encrypted a string and when i =
try t decrypt=20
this i get the error message saying</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>gpg: no valid OPENPGP data =
found</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>gpg: decryption failed: bad =
key</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>and so i tried gpg --verify =
file.gpg</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>C:\proj\files&gt;gpg --verify =
file.gpg<BR>gpg:=20
Signature made 03/13/02 15:31:22&nbsp; using DSA key ID 727B7019<BR>gpg: =
Good=20
signature from "jayachristina (programmer) &lt;<A=20
href=3D"mailto:jayachristina@hotmail.com">jayachristina@hotmail.com</A>&g=
t;"</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Is there anything i have been =
missing.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>I did the following:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>gpg --gen-key</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>gpg -s file</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT><FONT face=3DArial size=3D2>
<DIV><FONT face=3DArial size=3D2>gpg -sa file</FONT></DIV>
<DIV>gpg --verify file.gpg</DIV>
<DIV>gpg --verify file.asc</DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV>Somebody pleease help.</DIV>
<DIV>Thanx.</DIV>
<DIV>Ciao</DIV>
<DIV>Jaya</DIV></FONT></DIV></BODY></HTML>

------=_NextPart_000_0199_01C1CAB3.54140740--


From Juergen.Polster@icn.siemens.de  Wed Mar 13 17:26:01 2002
From: Juergen.Polster@icn.siemens.de (Polster Juergen)
Date: Wed Mar 13 17:26:01 2002
Subject: Modifying location of secret keyring under Windows
Message-ID: <1D82815C322BD41196EA00508B951F7B021B3A0A@MCHH265E>

Thanks!
Juergen Polster


> Use a forward slash.
>secret-keyring a:/secring.gpg



From schoech@iap-kborn.de  Wed Mar 13 17:44:01 2002
From: schoech@iap-kborn.de (=?iso-8859-1?Q?Armin_Sch=F6ch?=)
Date: Wed Mar 13 17:44:01 2002
Subject: no valid OPENPGP data found!!!!!!!! HELP!!!
In-Reply-To: <OE35oomniUxVUII0IvI00009be0@hotmail.com>
Message-ID: <Pine.LNX.4.33.0203131639160.21561-100000@pcramnan.iap-kborn.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi !

> gpg -s file
This will sign "file" with your key.

> gpg -sa file
This will sign "file" and produce ASCII-armoured output

You should use
gpg -e file
gpg -ea file
to actually encrypt "file".

You can also do both:
gpg -es file
gpg -esa file

Then you can decrypt with:
gpg -d .....

HTH,
Armin

- --=20
Am Hasenberg 26         office: Institut f=FCr Atmosph=E4renphysik
D-18209 Bad Doberan             Schloss-Stra=DFe 6
Tel. ++49-(0)38203/42137        D-18225 K=FChlungsborn / GERMANY
Email: schoech@iap-kborn.de     Tel. +49-(0)38293-68-102
WWW: http://armins.cjb.net/     Fax. +49-(0)38293-68-50
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Weitere Infos: siehe http://www.gnupg.org

iD8DBQE8j4EbG8Xv4GxznLoRAhCrAKC67jgtcZYbI8i9sMpa20JI5OsI2gCfVda/
Tsl0N1TcStD74RcpuC03+CQ=3D
=3DH5ZO
-----END PGP SIGNATURE-----




From schoech@iap-kborn.de  Wed Mar 13 18:20:02 2002
From: schoech@iap-kborn.de (=?iso-8859-1?Q?Armin_Sch=F6ch?=)
Date: Wed Mar 13 18:20:02 2002
Subject: no valid OPENPGP data found!!!!!!!! HELP!!!
In-Reply-To: <OE71DjSU1XB9hHSeyWC00007098@hotmail.com>
Message-ID: <Pine.LNX.4.33.0203131715430.21561-100000@pcramnan.iap-kborn.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi !

> C:\proj\files>gpg -e text.txt
> You did not specify a user ID.
>
> Enter the user ID: jayachristina

If you do a "dir" on the commandline, you will see that gpg has
created a file called "text.txt.gpg" which is the encrypted one. The
original data (unencrypted) is still in "text.txt".

> C:\proj\files>gpg -d text.txt
> gpg: no valid OpenPGP data found.
> gpg: decrypt_message failed: eof

You have to decrypt the encrypted file, obviously.
gpg -d text.txt.gpg
will work :-)

Bye,
Armin

- --=20
Am Hasenberg 26         office: Institut f=FCr Atmosph=E4renphysik
D-18209 Bad Doberan             Schloss-Stra=DFe 6
Tel. ++49-(0)38203/42137        D-18225 K=FChlungsborn / GERMANY
Email: schoech@iap-kborn.de     Tel. +49-(0)38293-68-102
WWW: http://armins.cjb.net/     Fax. +49-(0)38293-68-50
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Weitere Infos: siehe http://www.gnupg.org

iD8DBQE8j4msG8Xv4GxznLoRAicWAJ4piYMDxSaBGsyOey5g/Fr6ZKT5dQCfaO5Q
UMMQzuikabg8dMLFHsKaIX4=3D
=3Dk/DD
-----END PGP SIGNATURE-----




From ChingChe_Chen@asus.com.tw  Thu Mar 14 08:38:01 2002
From: ChingChe_Chen@asus.com.tw (ChingChe_Chen@asus.com.tw)
Date: Thu Mar 14 08:38:01 2002
Subject: GPG Windows tip
Message-ID: <AD94BC150FEED411847000E018B00C5002A55B08@asustpe8>

Hi,

I've tried this tip on my NT system and it's work for me. I have another
question. Is it possible to support long file name?

By the way, how to specify more than one recipient name?

Thanks!

Regards,

Ching-che Chen 

-----Original Message-----
From: Hegt, Peter [mailto:Peter.Hegt@phidias.nl]
Sent: Wednesday, March 13, 2002 6:13 PM
To: 'gnupg-users@gnupg.org'
Subject: GPG Windows tip


Hi,

I've got this tip for making GPG easier to use in Windows.
To add encrypt/decrypt commands to the context menu (right click on a file):

Assuming gpg.exe is installed in c:\app\gnupg
and
the id of the key you'd like to use is ID
then with
regedit.exe
in the key HKEY_CLASSES_ROOT\*\shell
(create the shell key if it is not there yet):

For encrypting create a key:

HKEY_CLASSES_ROOT\*\shell\GPG encrypt and sign with <your email address
here>\command
	(Default) = "c:\App\gnupg\gpg -u ID --armor --sign --encrypt "%1""

put double qoutes around the %1 in case the file name has spaces.
If you have more keys, then add more entries

For decrypting create a key:

HKEY_CLASSES_ROOT\*\shell\GPG decrypt and verify (to file.out)\command
	(Default) = "c:\App\gnupg\gpg -o "%1%.out" "%1""


Regards,
Peter
peter.hegt at phidias dot nl
PGP/GPG public key at http://pgpkeys.mit.edu or http://keyserver.pgp.com
(search for above email address)

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


From Peter.Hegt@phidias.nl  Thu Mar 14 11:25:01 2002
From: Peter.Hegt@phidias.nl (Hegt, Peter)
Date: Thu Mar 14 11:25:01 2002
Subject: GPG Windows tip
Message-ID: <E11AC8AB6A04D2119EB60060084FFD22B9139C@NTSERVER>

Hi,

ChingChe_Chen wrote:

>> I have another question. Is it possible to support long file name?
Well, the file name %1 is enclosed in double quotes, so if GPG supports
long file names (with spaces), then it should work fine. You can try it out
yourself.

>> By the way, how to specify more than one recipient name?
use
gpg.exe
and memorise all the options...
My tip has its limitations.

Regards,
Peter
peter.hegt at phidias dot nl
PGP/GPG public key at http://pgpkeys.mit.edu or http://keyserver.pgp.com
(search for above email address)


From pplf01@yahoo.com  Thu Mar 14 12:09:01 2002
From: pplf01@yahoo.com (pplf)
Date: Thu Mar 14 12:09:01 2002
Subject: OpenPGP without GnuPG?
Message-ID: <3C90843C.1030202@yahoo.com>

Hello,

For info, it appears that Will Price, the Former Director of PGP
Engineering, doesn't want to see the future of OpenPGP with GnuPG,
saying : "GnuPG is polluted by the GPL". Too bad...
http://www.geocities.com/openpgp/wprice20020314.txt

More infos here (in french, sorry) :
http://www.geocities.com/openpgp/index.html#news

Ciao,

-- 
French OpenPGP page "OpenPGP en francais" http://www.openpgp.fr.st
pplf01@yahoo.com




From ChingChe_Chen@asus.com.tw  Thu Mar 14 13:23:02 2002
From: ChingChe_Chen@asus.com.tw (ChingChe_Chen@asus.com.tw)
Date: Thu Mar 14 13:23:02 2002
Subject: GPG Windows tip
Message-ID: <AD94BC150FEED411847000E018B00C5002A55B0B@asustpe8>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Peter,

I think I didn't describe my question about long file name clearly.

I tried to decrypt a file "filenameover8.txt.asc", the out put file
is "filena~1.asc.out". I just wondered is there some way to ensure
that GPG can get a long file name form correctly.

If this is a limitation, it's OK. Those tips already help me much and
convenience enough. Thanks!

Ching-che Chen

- -----Original Message-----
From: Hegt, Peter [mailto:Peter.Hegt@phidias.nl]
Sent: Thursday, March 14, 2002 6:24 PM
To: ChingChe Chen({q)
Subject: RE: GPG Windows tip


Hi,

ChingChe_Chen wrote:

>> I have another question. Is it possible to support long file
name?
Well, the file name %1 is enclosed in double quotes, so if GPG
supports
long file names (with spaces), then it should work fine. You can try
it out
yourself.

>> By the way, how to specify more than one recipient name?
use
gpg.exe
and memorise all the options...
My tip has its limitations.

Regards,
Peter
peter.hegt at phidias dot nl
PGP/GPG public key at http://pgpkeys.mit.edu or
http://keyserver.pgp.com
(search for above email address)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (MingW32) - WinPT 0.5.5
Comment: Get my public key from (http://home.doramail.com/chingche/)

iEYEARECAAYFAjyQlZsACgkQNjF8n81pvOBcAQCg5rqoYHFjmXkAOchtwQhDZPvB
qvEAn2IgGC7BqM2nKEK7X2McqJu7klWi
=xOYs
-----END PGP SIGNATURE-----


From wk@gnupg.org  Thu Mar 14 14:42:01 2002
From: wk@gnupg.org (Werner Koch)
Date: Thu Mar 14 14:42:01 2002
Subject: GPG Windows tip
In-Reply-To: <AD94BC150FEED411847000E018B00C5002A55B0B@asustpe8> (ChingChe_Chen@asus.com.tw's
 message of "Thu, 14 Mar 2002 20:22:35 +0800")
References: <AD94BC150FEED411847000E018B00C5002A55B0B@asustpe8>
Message-ID: <877kofe0c3.fsf@alberti.gnupg.de>

On Thu, 14 Mar 2002 20:22:35 +0800, ChingChe Chen said:

> I tried to decrypt a file "filenameover8.txt.asc", the out put file
> is "filena~1.asc.out". I just wondered is there some way to ensure
> that GPG can get a long file name form correctly.

As usual with a GNU software there are no limitations on filename
lengths. 

I recall that once you had to set a LONGNAMES flag in the created
executable to tell Windows (or was it just OS/2) not to autoconvert
the names.  However I am not sure on this, any windows hacker here?

  Werner



From rmartini@cipsga.org.br  Thu Mar 14 22:09:01 2002
From: rmartini@cipsga.org.br (Renato Martini)
Date: Thu Mar 14 22:09:01 2002
Subject: zlib bug
Message-ID: <Pine.LNX.4.44.0203151759570.1182-100000@denken.szsz.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160


I read just now the"CERT Advisory CA-2002-07 Double Free Bug in zlib Compression
Library" - CA-2002-07, http://www.cert.org/advisories/CA-2002-07.html.

The GnuPG uses the zlib library (release 1.1.3), and the
systems affected are "any  software  that  is  linked  to
zlib  1.1.3 or earlier", or "data  compression libraries derived from zlib 1.1.3 or
earlier may contain a similar bug".


The gpg is affected by this bug in zlib?
The zlib library inside the GnuPG package or in the CVS will be changed?


best regards

- ---------
  __|_ _| _ \  __|  __|   \    | Renato Martini ::: Diretor Administrativo
 (     |  __/\__ \ (_ |  _ \   | http://www.cipsga.org.br
\___|___|_|  ____/\___|_/  _\  | http://gnupg.unixsecurity.com.br
- -----------------------------------------------------------------------
"O Fantasia, che dei tempi e delle distanze fai il tuo giuoco audace!"
                         (Gabriele d'Annunzio)



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8kmNrYogE2yD8bPYRA1OkAKDG8mzbEWp3lWcCIk3Nd624KWd/JwCg0Mrn
uSBkeJ5sp1KzBylHmlGPyck=
=VBAO
-----END PGP SIGNATURE-----




From andrew@mcdonald.org.uk  Thu Mar 14 23:12:01 2002
From: andrew@mcdonald.org.uk (Andrew McDonald)
Date: Thu Mar 14 23:12:01 2002
Subject: zlib bug
In-Reply-To: <Pine.LNX.4.44.0203151759570.1182-100000@denken.szsz.org>
References: <Pine.LNX.4.44.0203151759570.1182-100000@denken.szsz.org>
Message-ID: <20020314220945.GA2799@mcdonald.org.uk>

On Fri, Mar 15, 2002 at 06:10:59PM -0300, Renato Martini wrote:
> 
> The GnuPG uses the zlib library (release 1.1.3), and the
> systems affected are "any  software  that  is  linked  to
> zlib  1.1.3 or earlier", or "data  compression libraries derived from zlib 1.1.3 or
> earlier may contain a similar bug".
> 
> 
> The gpg is affected by this bug in zlib?
> The zlib library inside the GnuPG package or in the CVS will be changed?

Note that, as you are running Linux, it is quite likely that your gpg is
dynamically linked against the zlib libraries you probably have
installed on your system. You can check this with, e.g.:
admcd@bifrons:~$ ldd $(which gpg)
        libz.so.1 => /usr/lib/libz.so.1 (0x40022000)
        libdl.so.2 => /lib/libdl.so.2 (0x40031000)
        libnsl.so.1 => /lib/libnsl.so.1 (0x40035000)
        libgdbm.so.1 => /usr/lib/libgdbm.so.1 (0x4004a000)
        libc.so.6 => /lib/libc.so.6 (0x40050000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

The libz is zlib. In this case you will want to upgrade the libz you
have installed and gpg will not need recompiling or relinking against
the updated version. Most of the main distributions have already
released updated zlib packages. Consult their security updates pages
for information.

-- 
Andrew McDonald
E-mail: andrew@mcdonald.org.uk
http://www.mcdonald.org.uk/andrew/


From tyketto@wizard.com  Thu Mar 14 23:47:01 2002
From: tyketto@wizard.com (A Guy Called Tyketto)
Date: Thu Mar 14 23:47:01 2002
Subject: zlib bug
In-Reply-To: <Pine.LNX.4.44.0203151759570.1182-100000@denken.szsz.org>
References: <Pine.LNX.4.44.0203151759570.1182-100000@denken.szsz.org>
Message-ID: <20020314224259.GA14391@wizard.com>

--7AUc2qLy4jB3hD7Z
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Mar 15, 2002 at 06:10:59PM -0300, Renato Martini wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
>=20
>=20
> I read just now the"CERT Advisory CA-2002-07 Double Free Bug in zlib Comp=
ression
> Library" - CA-2002-07, http://www.cert.org/advisories/CA-2002-07.html.
>=20
> The GnuPG uses the zlib library (release 1.1.3), and the
> systems affected are "any  software  that  is  linked  to
> zlib  1.1.3 or earlier", or "data  compression libraries derived from zli=
b 1.1.3 or
> earlier may contain a similar bug".
>=20
>=20
> The gpg is affected by this bug in zlib?
> The zlib library inside the GnuPG package or in the CVS will be changed?

        I'm pretty sure Werner is including zlib 1.1.4 into the next releas=
e=20
(it would be safe to assume so, unless he says otherwise), but it would be =
in=20
one's best interest, to uninstall GnuPG, update your zlib, and recompile Gn=
uPG=20
against it. I played it safe and recompiled against zlib 1.1.4, so I know m=
y=20
binaries aren't affected by the bug.

        Error on the side of caution, and be paranoid. ;)

                                                        BL.
--=20
Brad Littlejohn                         | Email:        tyketto@wizard.com
Unix Systems Administrator,             |           tyketto@ozemail.com.au
Web + NewsMaster, BOFH.. Smeghead! :)   |   http://www.wizard.com/~tyketto
  PGP: 1024D/E319F0BF 6980 AAD6 7329 E9E6 D569  F620 C819 199A E319 F0BF


--7AUc2qLy4jB3hD7Z
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8kSdyyBkZmuMZ8L8RAtgxAKC5vHehrpW20GVwfKP1gko+HATgOwCglAl9
YWJS3ft1pzZZFos4vdAhzPI=
=kULK
-----END PGP SIGNATURE-----

--7AUc2qLy4jB3hD7Z--


From rj@rmarq.pair.com  Fri Mar 15 05:03:01 2002
From: rj@rmarq.pair.com (RJ Marquette)
Date: Fri Mar 15 05:03:01 2002
Subject: OpenPGP without GnuPG?
In-Reply-To: <3C90843C.1030202@yahoo.com>
Message-ID: <Pine.LNX.4.33.0203142252390.18190-100000@jackie.cox.rr.com>

On Thu, 14 Mar 2002, pplf wrote:

> For info, it appears that Will Price, the Former Director of PGP
> Engineering, doesn't want to see the future of OpenPGP with GnuPG,
> saying : "GnuPG is polluted by the GPL". Too bad...
> http://www.geocities.com/openpgp/wprice20020314.txt

My main point:  He also asked to be shown if he's wrong.

Side note:  To (mis)quote the Romulan ambassador:  "Frankly, Chancellor, I
don't know *what* to believe."  My understanding is that the GPL isn't
intend to be "viral" in the sense he meant it, but since many people are
confused by that, and companies like Microsoft can twist the wording into
showing it's "wrong" and "un-american", maybe the wording in the GPL
should be revised somehow to make the true intention clear.  Obviously
this won't stop determined FUD spreading, but it should make it simpler
for anyone who takes a moment to actually read it.

RJ  <G>  :)

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
RJ Marquette rj(at)rmarq.pair.com RSA:448B035F DSS:CB45C555
Roller skaters:  Visit http://roller-skate.org



From Fabien Pochon" <d_well@isuisse.com  Fri Mar 15 11:22:02 2002
From: Fabien Pochon" <d_well@isuisse.com (Fabien Pochon)
Date: Fri Mar 15 11:22:02 2002
Subject: "GpgmeError Invalid Recipients"
Message-ID: <001601c1cc0a$f482b2f0$a8cde6c2@dmaxy>

This is a multi-part message in MIME format.

------=_NextPart_000_0013_01C1CC13.54CC3AC0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I have a question about gpgme. Why when I execute only the "t-encrypt" =
file in directory tests, the error message "GpgmeError Invalid =
Recipients" appears? If I do "make check", all 11 tests passed.

------=_NextPart_000_0013_01C1CC13.54CC3AC0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2713.1100" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>I have a question about gpgme. Why when =
I execute=20
only the "t-encrypt" file in directory tests, the error message =
"GpgmeError=20
Invalid Recipients" appears? If I do "make check", all 11 tests=20
passed.</FONT></DIV></BODY></HTML>

------=_NextPart_000_0013_01C1CC13.54CC3AC0--

 
______________________________________________________________________________
ifrance.com, l'email gratuit le plus complet de l'Internet !
vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP...
http://www.ifrance.com/_reloc/email.emailif




From wk@gnupg.org  Fri Mar 15 12:16:02 2002
From: wk@gnupg.org (Werner Koch)
Date: Fri Mar 15 12:16:02 2002
Subject: "GpgmeError Invalid Recipients"
In-Reply-To: <001601c1cc0a$f482b2f0$a8cde6c2@dmaxy> ("Fabien Pochon"'s
 message of "Fri, 15 Mar 2002 11:19:54 +0100")
References: <001601c1cc0a$f482b2f0$a8cde6c2@dmaxy>
Message-ID: <87elimaxv5.fsf@alberti.gnupg.de>

On Fri, 15 Mar 2002 11:19:54 +0100, Fabien Pochon said:

> I have a question about gpgme. Why when I execute only the "t-encrypt" file in directory tests, the error message "GpgmeError Invalid Recipients" appears? If I do "make check", all 11 tests passed.

Run it this way:

$ GNUPGHOME=. ./t-encrypt

  Werner



From Lobach Pavel <pahan@vib.ru>  Fri Mar 15 14:04:02 2002
From: Lobach Pavel <pahan@vib.ru> (Lobach Pavel)
Date: Fri Mar 15 14:04:02 2002
Subject: Passphrase in the command line
Message-ID: <118172494594.20020315160143@vib.ru>

Dear friends!

I have a question about the GPG's command line:

How can I specify the passhprase in the command line?

in the PGP 6.5.8 command-line there is option
-z PASSPHRASE


it is very usefull option in the scripts that automatic process
encrypted mail


------------
Best regards,
Lobach Pavel   mailto:pahan@vib.ru  ICQ#112708657








From Lobach Pavel <pahan@vib.ru>  Fri Mar 15 14:13:01 2002
From: Lobach Pavel <pahan@vib.ru> (Lobach Pavel)
Date: Fri Mar 15 14:13:01 2002
Subject: Passphrase in the command line
Message-ID: <62173040749.20020315161049@vib.ru>

Dear friends!

I have a question about the GPG's command line:

How can I specify the passhprase in the command line?

in the PGP 6.5.8 command-line there is option
-z PASSPHRASE


it is very usefull option in the scripts that automatic process
encrypted mail


------------
Best regards,
Lobach Pavel   mailto:pahan@vib.ru  ICQ#112708657








From schoech@iap-kborn.de  Fri Mar 15 14:58:02 2002
From: schoech@iap-kborn.de (=?iso-8859-1?Q?Armin_Sch=F6ch?=)
Date: Fri Mar 15 14:58:02 2002
Subject: Passphrase in the command line
In-Reply-To: <118172494594.20020315160143@vib.ru>
Message-ID: <Pine.LNX.4.33.0203151353300.5659-100000@pcramnan.iap-kborn.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> I have a question about the GPG's command line:
>
> How can I specify the passhprase in the command line?
>
> in the PGP 6.5.8 command-line there is option
> -z PASSPHRASE
> it is very usefull option in the scripts that automatic process
> encrypted mail

And it's an FAQ:

echo PASSPHRASE | gpg --passphrase-fd=3D0 ......

Check the manual: Unix/Linux "man gpg", Windows "gpg.man" or something
similar.

HTH,
Armin

- --=20
Am Hasenberg 26         office: Institut f=FCr Atmosph=E4renphysik
D-18209 Bad Doberan             Schloss-Stra=DFe 6
Tel. ++49-(0)38203/42137        D-18225 K=FChlungsborn / GERMANY
Email: schoech@iap-kborn.de     Tel. +49-(0)38293-68-102
WWW: http://armins.cjb.net/     Fax. +49-(0)38293-68-50
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Weitere Infos: siehe http://www.gnupg.org

iD8DBQE8kf00G8Xv4GxznLoRAhLCAJ9x9FavddmsBW1yEuSJIaU8eeezJwCdHvwW
yr7Qs0+d8h+Jr+EJdpPn4dA=3D
=3DSDn8
-----END PGP SIGNATURE-----




From Peter.Hegt@phidias.nl  Fri Mar 15 15:01:02 2002
From: Peter.Hegt@phidias.nl (Hegt, Peter)
Date: Fri Mar 15 15:01:02 2002
Subject: GPG Windows tip
Message-ID: <E11AC8AB6A04D2119EB60060084FFD22B9139E@NTSERVER>

ChingChe_Chen wrote:

>> I tried to decrypt a file "filenameover8.txt.asc", the out put file
is "filena~1.asc.out". I just wondered is there some way to ensure
that GPG can get a long file name form correctly.

Yep, same problem here (W2K).
I tried "%~f1" (see Start | Help, index %), but then gpg.exe fails.

Anyone?


Regards,
Peter
peter.hegt at phidias dot nl
PGP/GPG public key at http://pgpkeys.mit.edu or
http://keyserver.pgp.com
(search for above email address)


From Lobach Pavel <pahan@vib.ru>  Fri Mar 15 15:02:01 2002
From: Lobach Pavel <pahan@vib.ru> (Lobach Pavel)
Date: Fri Mar 15 15:02:01 2002
Subject: Re[2]: Passphrase in the command line
In-Reply-To: <50130237387.20020315084211@mochamail.com>
References: <118172494594.20020315160143@vib.ru>
 <50130237387.20020315084211@mochamail.com>
Message-ID: <99175969701.20020315165938@vib.ru>

Hello, Erik

Friday, March 15, 2002, 4:42:11 PM, you wrote:

E> Hello Lobach,


E> On Fri, 15 Mar 2002, at 16:01:43 [GMT +0300] you wrote in the message:


>> I have a question about the GPG's command line:

>> How can I specify the passhprase in the command line?

>> in the PGP 6.5.8 command-line there is option
>> -z PASSPHRASE

E> see gpg.man

E>        --passphrase-fd n
E>                  Read  the  passphrase from file descriptor n. If
E>                  you use 0 for n, the  passphrase  will  be  read
E>                  from  stdin.     This  can  only be used if only
E>                  one passphrase  is  supplied.   Don't  use  this
E>                  option if you can avoid it.

E>        --yes     Assume "yes" on most questions.

E>        --no      Assume "no" on most questions.

E> There may be more useful options, just check gpg.man.

I know about --passphrase-fd n,
but it is not usable under Win9x :(

Also I know about a secret key without the password (--edit passwd)
I read  man and forum :)



!!!!!!!!!!!!! I need ability to specify password in the command line !!!!!!!!!!!!!!

------------
Best regards,
Lobach Pavel   mailto:pahan@vib.ru  ICQ#112708657








From wk@gnupg.org  Fri Mar 15 15:56:01 2002
From: wk@gnupg.org (Werner Koch)
Date: Fri Mar 15 15:56:01 2002
Subject: [Announce] GnuPG fix for included zlib
Message-ID: <871yemar0b.fsf@alberti.gnupg.de>

--=-=-=

Hi!

As you probably all know, a security problem with the compress library
zlib has been found which affects a lot of software.  For details see:

  http://www.zlib.org/advisory-2002-03-11.txt

and the security announcements for your OS.

GnuPG does also use zlib; however in most environments the system
provided zlib is used.  So an update to this system library is
sufficient to fix the problem in GnuPG.

On systems without a installed zlib, the GnuPG build process
automatically includes the zlib copy which come with it.  This may
also be forced by using the --with-included-zlib configure option.
On those systems, GnuPG needs to be updated!  A patch with
instructions is attached to this mail.

Note, that the MS-Windows version is also affected by this bug; an
updated binary package will be available soon.

  Werner


--=-=-=
Content-Type: text/x-patch
Content-Disposition: attachment; filename=gnupg-zlib.patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message

This is a patch against gnupg 1.0.6 to fix the security bug in the
zlib code.  Please note that on most systems the zlib code which comes
with GnuPG is not used because usually the zlib provided by the system
is used.  This is in almost all cases a shared library, so it is
sufficient to upgrade this one.  If the system does only provide a
static library, you have to build GnuPG again.

Apply this patch if your system does not provide a usable zlib or you
configured GnuPG using the option --with-included-zlib.

The patch file is GnuPG signed; you might want to check the signature
after visual inspection that the patch file itself is not a
compressed one (which might trigger the bug).

 gpg --verify gnupg-zlib.patch

Change to the source directory (cd gnupg-1.0.6) and enter:

 patch -p2 <gnupg-zlib.patch

Then do a make and make install as usual.



2002-03-12  Werner Koch  <wk@gnupg.org>

	Merged changes from zlib 1.1.4. 


diff -u orig/gnupg-1.0.6/zlib/deflate.c gnupg-stable/zlib/deflate.c
--- orig/gnupg-1.0.6/zlib/deflate.c	Wed Jan 13 14:12:48 1999
+++ gnupg-stable/zlib/deflate.c	Tue Mar 12 10:34:29 2002
@@ -1,5 +1,5 @@
 /* deflate.c -- compress data using the deflation algorithm
- * Copyright (C) 1995-1998 Jean-loup Gailly.
+ * Copyright (C) 1995-2002 Jean-loup Gailly.
  * For conditions of distribution and use, see copyright notice in zlib.h 
  */
 
@@ -47,12 +47,12 @@
  *
  */
 
-/* @(#) $Id: deflate.c,v 1.2 1999/01/13 13:12:48 koch Exp $ */
+/* @(#) $Id: deflate.c,v 1.2.2.1 2002/03/12 09:34:29 werner Exp $ */
 
 #include "deflate.h"
 
 const char deflate_copyright[] =
-   " deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly ";
+   " deflate 1.1.4 Copyright 1995-2002 Jean-loup Gailly ";
 /*
   If you use the zlib library in a product, an acknowledgment is welcome
   in the documentation of your product. If for some reason you cannot
@@ -242,7 +242,7 @@
         windowBits = -windowBits;
     }
     if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method != Z_DEFLATED ||
-        windowBits < 8 || windowBits > 15 || level < 0 || level > 9 ||
+        windowBits < 9 || windowBits > 15 || level < 0 || level > 9 ||
 	strategy < 0 || strategy > Z_HUFFMAN_ONLY) {
         return Z_STREAM_ERROR;
     }

diff -u orig/gnupg-1.0.6/zlib/infblock.c gnupg-stable/zlib/infblock.c
--- orig/gnupg-1.0.6/zlib/infblock.c	Wed Jan 13 14:12:48 1999
+++ gnupg-stable/zlib/infblock.c	Tue Mar 12 10:19:38 2002
@@ -1,5 +1,5 @@
 /* infblock.c -- interpret and process block types to last block
- * Copyright (C) 1995-1998 Mark Adler
+ * Copyright (C) 1995-2002 Mark Adler
  * For conditions of distribution and use, see copyright notice in zlib.h 
  */
 
@@ -249,10 +249,12 @@
                              &s->sub.trees.tb, s->hufts, z);
       if (t != Z_OK)
       {
-        ZFREE(z, s->sub.trees.blens);
         r = t;
         if (r == Z_DATA_ERROR)
+        {
+          ZFREE(z, s->sub.trees.blens);
           s->mode = BAD;
+        }
         LEAVE
       }
       s->sub.trees.index = 0;
@@ -313,11 +315,13 @@
         t = inflate_trees_dynamic(257 + (t & 0x1f), 1 + ((t >> 5) & 0x1f),
                                   s->sub.trees.blens, &bl, &bd, &tl, &td,
                                   s->hufts, z);
-        ZFREE(z, s->sub.trees.blens);
         if (t != Z_OK)
         {
           if (t == (uInt)Z_DATA_ERROR)
+          {
+            ZFREE(z, s->sub.trees.blens);
             s->mode = BAD;
+          }
           r = t;
           LEAVE
         }
@@ -329,6 +333,7 @@
         }
         s->sub.decode.codes = c;
       }
+      ZFREE(z, s->sub.trees.blens);
       s->mode = CODES;
     case CODES:
       UPDATE
diff -u orig/gnupg-1.0.6/zlib/infcodes.c gnupg-stable/zlib/infcodes.c
--- orig/gnupg-1.0.6/zlib/infcodes.c	Wed Jan 13 14:12:48 1999
+++ gnupg-stable/zlib/infcodes.c	Tue Mar 12 10:19:38 2002
@@ -1,5 +1,5 @@
 /* infcodes.c -- process literals and length/distance pairs
- * Copyright (C) 1995-1998 Mark Adler
+ * Copyright (C) 1995-2002 Mark Adler
  * For conditions of distribution and use, see copyright notice in zlib.h 
  */
 
@@ -196,15 +196,9 @@
       Tracevv((stderr, "inflate:         distance %u\n", c->sub.copy.dist));
       c->mode = COPY;
     case COPY:          /* o: copying bytes in window, waiting for space */
-#ifndef __TURBOC__ /* Turbo C bug for following expression */
-      f = (uInt)(q - s->window) < c->sub.copy.dist ?
-          s->end - (c->sub.copy.dist - (q - s->window)) :
-          q - c->sub.copy.dist;
-#else
       f = q - c->sub.copy.dist;
-      if ((uInt)(q - s->window) < c->sub.copy.dist)
-        f = s->end - (c->sub.copy.dist - (uInt)(q - s->window));
-#endif
+      while (f < s->window)             /* modulo window size-"while" instead */
+        f += s->end - s->window;        /* of "if" handles invalid distances */
       while (c->len)
       {
         NEEDOUT
diff -u orig/gnupg-1.0.6/zlib/inffast.c gnupg-stable/zlib/inffast.c
--- orig/gnupg-1.0.6/zlib/inffast.c	Wed Jan 13 14:12:48 1999
+++ gnupg-stable/zlib/inffast.c	Tue Mar 12 10:19:38 2002
@@ -1,5 +1,5 @@
 /* inffast.c -- process literals and length/distance pairs fast
- * Copyright (C) 1995-1998 Mark Adler
+ * Copyright (C) 1995-2002 Mark Adler
  * For conditions of distribution and use, see copyright notice in zlib.h 
  */
 
@@ -93,28 +93,41 @@
 
             /* do the copy */
             m -= c;
-            if ((uInt)(q - s->window) >= d)     /* offset before dest */
-            {                                   /*  just copy */
-              r = q - d;
-              *q++ = *r++;  c--;        /* minimum count is three, */
-              *q++ = *r++;  c--;        /*  so unroll loop a little */
-            }
-            else                        /* else offset after destination */
+            r = q - d;
+            if (r < s->window)                  /* wrap if needed */
             {
-              e = d - (uInt)(q - s->window); /* bytes from offset to end */
-              r = s->end - e;           /* pointer to offset */
-              if (c > e)                /* if source crosses, */
+              do {
+                r += s->end - s->window;        /* force pointer in window */
+              } while (r < s->window);          /* covers invalid distances */
+              e = s->end - r;
+              if (c > e)
               {
-                c -= e;                 /* copy to end of window */
+                c -= e;                         /* wrapped copy */
                 do {
-                  *q++ = *r++;
+                    *q++ = *r++;
                 } while (--e);
-                r = s->window;          /* copy rest from start of window */
+                r = s->window;
+                do {
+                    *q++ = *r++;
+                } while (--c);
               }
+              else                              /* normal copy */
+              {
+                *q++ = *r++;  c--;
+                *q++ = *r++;  c--;
+                do {
+                    *q++ = *r++;
+                } while (--c);
+              }
+            }
+            else                                /* normal copy */
+            {
+              *q++ = *r++;  c--;
+              *q++ = *r++;  c--;
+              do {
+                *q++ = *r++;
+              } while (--c);
             }
-            do {                        /* copy all or what's left */
-              *q++ = *r++;
-            } while (--c);
             break;
           }
           else if ((e & 64) == 0)
diff -u orig/gnupg-1.0.6/zlib/inftrees.c gnupg-stable/zlib/inftrees.c
--- orig/gnupg-1.0.6/zlib/inftrees.c	Wed Jan 13 14:12:49 1999
+++ gnupg-stable/zlib/inftrees.c	Tue Mar 12 10:19:38 2002
@@ -1,5 +1,5 @@
 /* inftrees.c -- generate Huffman trees for efficient decoding
- * Copyright (C) 1995-1998 Mark Adler
+ * Copyright (C) 1995-2002 Mark Adler
  * For conditions of distribution and use, see copyright notice in zlib.h 
  */
 
@@ -11,7 +11,7 @@
 #endif
 
 const char inflate_copyright[] =
-   " inflate 1.1.3 Copyright 1995-1998 Mark Adler ";
+   " inflate 1.1.4 Copyright 1995-2002 Mark Adler ";
 /*
   If you use the zlib library in a product, an acknowledgment is welcome
   in the documentation of your product. If for some reason you cannot
@@ -104,8 +104,7 @@
 /* Given a list of code lengths and a maximum table size, make a set of
    tables to decode that set of codes.  Return Z_OK on success, Z_BUF_ERROR
    if the given code set is incomplete (the tables are still built in this
-   case), Z_DATA_ERROR if the input is invalid (an over-subscribed set of
-   lengths), or Z_MEM_ERROR if not enough memory. */
+   case), or Z_DATA_ERROR if the input is invalid. */
 {
 
   uInt a;                       /* counter for codes of length k */
@@ -231,7 +230,7 @@
 
         /* allocate new table */
         if (*hn + z > MANY)     /* (note: doesn't matter for fixed) */
-          return Z_MEM_ERROR;   /* not enough memory */
+          return Z_DATA_ERROR;  /* overflow of MANY */
         u[h] = q = hp + *hn;
         *hn += z;
 
diff -u orig/gnupg-1.0.6/zlib/zlib.h gnupg-stable/zlib/zlib.h
--- orig/gnupg-1.0.6/zlib/zlib.h	Wed Jan 13 14:12:49 1999
+++ gnupg-stable/zlib/zlib.h	Tue Mar 12 10:19:41 2002
@@ -1,7 +1,7 @@
 /* zlib.h -- interface of the 'zlib' general purpose compression library
-  version 1.1.3, July 9th, 1998
+  version 1.1.4, March 11th, 2002
 
-  Copyright (C) 1995-1998 Jean-loup Gailly and Mark Adler
+  Copyright (C) 1995-2002 Jean-loup Gailly and Mark Adler
 
   This software is provided 'as-is', without any express or implied
   warranty.  In no event will the authors be held liable for any damages
@@ -37,7 +37,7 @@
 extern "C" {
 #endif
 
-#define ZLIB_VERSION "1.1.3"
+#define ZLIB_VERSION "1.1.4"
 
 /* 
      The 'zlib' compression library provides in-memory compression and

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6d-cvs (GNU/Linux)

iD8DBQE8keynaLeriVdUjc0RAnZaAJ0Q5AX4oAWCkkE5Yqxb4mOcY8rhDQCfTd7D
TR5ke8FWP2dRrl/EP5AU6i4=
=uKF5
-----END PGP SIGNATURE-----

--=-=-=--


_______________________________________________
Gnupg-announce mailing list
Gnupg-announce@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce



From dvgevers@wxs.nl  Fri Mar 15 17:13:01 2002
From: dvgevers@wxs.nl (Dick Gevers)
Date: Fri Mar 15 17:13:01 2002
Subject: Local signatures v. exportable signatures
Message-ID: <3C9217BB.20811.9C27DB3@localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Recently I started using GnuPG 1.0.6 under W2K, together with 
GPGShell for Win v. 2.25.

Neither on the command line nor in GPGShell can I see any 
difference between a locally signed key and a key bearing an 
exportable signature. I know which are which but I don't want to 
remember it, I would like to be able to see which is what. 

Now the only difference I can find is when the key is exported, but
I would like to see it while the keys are on my pubring, either in 
GPG and/or in GPGShell. 

I would appreciate any advice.

Best regards,
=Dick Gevers=


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (MingW32)
Comment: GPGShell v. 2.25; QDGPG Pegasus Mail Plugin v. 1.0.3.0 beta 4

iEYEARECAAYFAjySF7sACgkQwC/zk+cxEdOwVgCglumbbN1JZv93W3J8IlTHnxBV
zzsAoI5xABiC5VkZjvk0xPY+6S+oDwo0
=YS0/
-----END PGP SIGNATURE-----


From dvgevers@wxs.nl  Fri Mar 15 17:13:05 2002
From: dvgevers@wxs.nl (Dick Gevers)
Date: Fri Mar 15 17:13:05 2002
Subject: Problem generating RSA keys
Message-ID: <3C921CAA.30298.9D5C596@localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Recently I started using GnuPG 1.0.6 under W2K, together with 
GPGShell for Win v. 2.25.

Neither on the command line, nor in GPGShell can I generate RSA 
keys or use other non-default algorithms, ciphers or hashes. I 
looked through all the FAQ's, help files, man pages and Handbooks 
that I could find and tried every possible combination of the 
options
- --load-extension
- --rfc1991 
- --cipher-algo
- --compress-algo
(either direct or via the options files of GPG and GPGShell),
but in all cases the options presented are the same as those with 
"gpg --gen-key" without options.

I have idea.dll, sha2.dll and tiger.dll sitting in the same folder 
as GPG.exe (being G:/GPG), but it makes no difference. 

I have been able to work through the basic learning curve, I 
believe, of using GPG on the command line and via GPGShell, but I 
don't understand why these options won't work. Any help would be 
appreciated.

Thanks and regards,
=Dick Gevers=


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (MingW32)
Comment: GPGShell v. 2.25; QDGPG Pegasus Mail Plugin v. 1.0.3.0 beta 4

iEYEARECAAYFAjySHKwACgkQwC/zk+cxEdMrQwCggGE8vQ3UXkd0lsw/UQ65KzgR
EDQAoIja4XBPf2h+RcOSLbhcdXbeHQAp
=jypI
-----END PGP SIGNATURE-----


From Trevor Smith" <trevor@haligonian.com  Fri Mar 15 17:34:01 2002
From: Trevor Smith" <trevor@haligonian.com (Trevor Smith)
Date: Fri Mar 15 17:34:01 2002
Subject: fatal corruption with PGPKeys and GPG keyrings
Message-ID: <200203151632.g2FGWF1S004371@jupiter.accesscable.net>

I have PGP 7.0.3 for Win2k and have PGPKeys.

I also have PGP command line 6.5.8 for Win2k.

I have GnuPG 1.0.6 for Win2k and generally use it to generate new
keys, etc. but I have some legacy keys from PGP.

I have been trying to use the same keyrings for all three programs.

Everything interoperates pretty well, EXCEPT, if I use PGPKeys to
remove signatures from a key in my keyring, GnuPG immediately reports
this the next time I try to use the keyring:

C:\GnuPG>gpg --list-keys
gpg: read_keyblock: read error: invalid packet
gpg: enum_keyblocks(read) failed: invalid keyring

PGP (command line and PGPKeys) both continue to read and work with
the keyrings perfectly. The only way I have found to do *anything*
with the keyrings at this point is to copy my GnuPG backups over the
PGP-"corrupted" versions.

I have not tested whether similar operations with PGP command line
would cause the corruption.

Does GnuPG not support what I'm trying to do (remove signatures)? Is
this a bug with PGPKeys or PGP for Windows? Is this a bug with GnuPG?
Has anyone ever seen this (sorry, no search function for this mail
list that I can find)? Can anyone reproduce this?


-- 
 Trevor Smith
 trevor@haligonian.com




From astiglic@okiok.com  Fri Mar 15 17:51:01 2002
From: astiglic@okiok.com (Anton Stiglic)
Date: Fri Mar 15 17:51:01 2002
Subject: ZLIB vulnerability
Message-ID: <003101c1cc59$e67f69b0$6900a8c0@p1038mobile>

Hi all,

this has maybe already been discussed here, but I haven't seen any mention
of it on www.gnupg.org.

A colleague of mine pointed out to me that there is a security vulnerability
with zlib version < 1.1.4.
GnuPG 1.0.6 uses zlib version 1.1.3, so there is a security risk.

See
http://www.gzip.org/zlib/advisory-2002-03-11.txt


They suggested replacing older versions of zlib with zlib version 1.1.4,
I would suggest a new version of GnuPG that comes with zlib v 1.1.4.

--Anton



From dshaw@jabberwocky.com  Fri Mar 15 17:59:02 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Fri Mar 15 17:59:02 2002
Subject: Local signatures v. exportable signatures
In-Reply-To: <3C9217BB.20811.9C27DB3@localhost>
References: <3C9217BB.20811.9C27DB3@localhost>
Message-ID: <20020315165646.GA681@akamai.com>

On Fri, Mar 15, 2002 at 03:48:11PM -0000, Dick Gevers wrote:

> Recently I started using GnuPG 1.0.6 under W2K, together with 
> GPGShell for Win v. 2.25.
> 
> Neither on the command line nor in GPGShell can I see any 
> difference between a locally signed key and a key bearing an 
> exportable signature. I know which are which but I don't want to 
> remember it, I would like to be able to see which is what. 
> 
> Now the only difference I can find is when the key is exported, but
> I would like to see it while the keys are on my pubring, either in 
> GPG and/or in GPGShell. 

GnuPG 1.0.7 shows a "L" between the "sig" and the keyid for local
signatures.  I don't know about GPGShell.

GnuPG 1.0.7 is getting closer to release.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From dshaw@jabberwocky.com  Fri Mar 15 18:00:01 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Fri Mar 15 18:00:01 2002
Subject: Problem generating RSA keys
In-Reply-To: <3C921CAA.30298.9D5C596@localhost>
References: <3C921CAA.30298.9D5C596@localhost>
Message-ID: <20020315165800.GC681@akamai.com>

On Fri, Mar 15, 2002 at 04:09:14PM -0000, Dick Gevers wrote:

> Recently I started using GnuPG 1.0.6 under W2K, together with 
> GPGShell for Win v. 2.25.
> 
> Neither on the command line, nor in GPGShell can I generate RSA 
> keys or use other non-default algorithms, ciphers or hashes. I 
> looked through all the FAQ's, help files, man pages and Handbooks 

GnuPG 1.0.6 cannot generate RSA keys.  That is a new feature in 1.0.7.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From wk@gnupg.org  Fri Mar 15 18:08:02 2002
From: wk@gnupg.org (Werner Koch)
Date: Fri Mar 15 18:08:02 2002
Subject: fatal corruption with PGPKeys and GPG keyrings
In-Reply-To: <200203151632.g2FGWF1S004371@jupiter.accesscable.net> ("Trevor
 Smith"'s message of "Fri, 15 Mar 2002 12:30:52 -0400")
References: <200203151632.g2FGWF1S004371@jupiter.accesscable.net>
Message-ID: <87elilahjv.fsf@alberti.gnupg.de>

On Fri, 15 Mar 2002 12:30:52 -0400, Trevor Smith said:

> C:\GnuPG>gpg --list-keys
> gpg: read_keyblock: read error: invalid packet
> gpg: enum_keyblocks(read) failed: invalid keyring

Please run 
 
  gpg --list-packets yourkeyring.pkr

It should bail out at the same packet but you get a listing of all
packets and by comparing it to a listing of an uncorrupted keyring you
should be able to figure out.  It might also be worth to use the
option "--debug 1"

> Does GnuPG not support what I'm trying to do (remove signatures)? Is

It does.  However sharing the keyring won't anymore work with
forthcoming GnuPH versions.

  Werner



From bart.martens@advalvas.be  Fri Mar 15 19:13:02 2002
From: bart.martens@advalvas.be (Bart Martens)
Date: Fri Mar 15 19:13:02 2002
Subject: Passphrase in the command line
In-Reply-To: <Pine.LNX.4.33.0203151353300.5659-100000@pcramnan.iap-kborn.de>; from schoech@iap-kborn.de on Fri, Mar 15, 2002 at 01:55:00PM +0000
References: <118172494594.20020315160143@vib.ru> <Pine.LNX.4.33.0203151353300.5659-100000@pcramnan.iap-kborn.de>
Message-ID: <20020315192520.A1644@cable-195-162-214-95.upc.chello.be>

On Fri, Mar 15, 2002 at 01:55:00PM +0000, Armin Schch wrote:
> > I have a question about the GPG's command line:
> > How can I specify the passhprase in the command line?
> > in the PGP 6.5.8 command-line there is option
> > -z PASSPHRASE
> > it is very usefull option in the scripts that automatic process
> > encrypted mail
> 
> And it's an FAQ:
> echo PASSPHRASE | gpg --passphrase-fd=0 ......
> Check the manual: Unix/Linux "man gpg", Windows "gpg.man" or something
> similar.
> HTH,
> Armin
> 

Here it is --passphrase-fd 0 without the '='.




From athlonrobnf@cs.com  Fri Mar 15 21:55:01 2002
From: athlonrobnf@cs.com (AthlonRob)
Date: Fri Mar 15 21:55:01 2002
Subject: ZLIB vulnerability
References: <003101c1cc59$e67f69b0$6900a8c0@p1038mobile>
Message-ID: <000a01c1cc63$58eb2a80$0101a8c0@robxp>

Does GnuPG actually include zlib itself, or does it just require you have
zlib on your system, and then utilize that?

I just downloaded and compiled zlib 1.1.4 along with GnuPG yesterday,
assuming GnuPG would use the updated zlib... was I mistaken?


----- Original Message -----
From: "Anton Stiglic" <astiglic@okiok.com>
To: <gnupg-users@gnupg.org>
Sent: Friday, March 15, 2002 11:45 AM
Subject: ZLIB vulnerability


>
> Hi all,
>
> this has maybe already been discussed here, but I haven't seen any mention
> of it on www.gnupg.org.
>
> A colleague of mine pointed out to me that there is a security
vulnerability
> with zlib version < 1.1.4.
> GnuPG 1.0.6 uses zlib version 1.1.3, so there is a security risk.
>
> See
> http://www.gzip.org/zlib/advisory-2002-03-11.txt
>
>
> They suggested replacing older versions of zlib with zlib version 1.1.4,
> I would suggest a new version of GnuPG that comes with zlib v 1.1.4.
>
> --Anton
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>



From Weimer@CERT.Uni-Stuttgart.DE  Fri Mar 15 22:17:01 2002
From: Weimer@CERT.Uni-Stuttgart.DE (Florian Weimer)
Date: Fri Mar 15 22:17:01 2002
Subject: ZLIB vulnerability
In-Reply-To: <000a01c1cc63$58eb2a80$0101a8c0@robxp> ("AthlonRob"'s message
 of "Fri, 15 Mar 2002 12:52:36 -0800")
References: <003101c1cc59$e67f69b0$6900a8c0@p1038mobile>
 <000a01c1cc63$58eb2a80$0101a8c0@robxp>
Message-ID: <878z8th6ur.fsf@CERT.Uni-Stuttgart.DE>

"AthlonRob" <athlonrobnf@cs.com> writes:

> Does GnuPG actually include zlib itself, or does it just require you have
> zlib on your system, and then utilize that?

The source code includes a copy of zlib, but the build process uses
the system zlib if available.

-- 
Florian Weimer 	                  Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898


From astiglic@okiok.com  Fri Mar 15 22:59:01 2002
From: astiglic@okiok.com (Anton Stiglic)
Date: Fri Mar 15 22:59:01 2002
Subject: ZLIB vulnerability
References: <003101c1cc59$e67f69b0$6900a8c0@p1038mobile><000a01c1cc63$58eb2a80$0101a8c0@robxp> <878z8th6ur.fsf@CERT.Uni-Stuttgart.DE>
Message-ID: <001001c1cc85$7a085e50$6900a8c0@p1038mobile>

----- Original Message -----
From: "Florian Weimer" <Weimer@CERT.Uni-Stuttgart.DE>
To: <gnupg-users@gnupg.org>
Sent: Friday, March 15, 2002 1:13 PM
Subject: Re: ZLIB vulnerability


> "AthlonRob" <athlonrobnf@cs.com> writes:
>
> > Does GnuPG actually include zlib itself, or does it just require you
have
> > zlib on your system, and then utilize that?
>
> The source code includes a copy of zlib, but the build process uses
> the system zlib if available.

I happen to compile GnuPG under Windows (using Cygwin) where
I don't have a system zlib, so it uses the one that comes with gnupg.
The latest version of gnupg, 1.0.6, comes with zlib version 1.1.3
(which has the vulnerability).  So I replaced the zlib library with
zlib version 1.1.4 and recompiled my gnupg.

--Anton



From jmos@gmx.net  Sat Mar 16 01:03:01 2002
From: jmos@gmx.net (jmos@gmx.net)
Date: Sat Mar 16 01:03:01 2002
Subject: Question about mangling of passphrases
Message-ID: <16775.1016236823@www42.gmx.net>

Hello GnuPG Users!

I wonder if it is safe to use GnuPG for symmetric encryption with 256 Bit
cyphers.
The problem I see is as follows: 

    When someone uses symmetric only encryption GnuPG prompts for a
passphrase.
    This passphrase is then hashed with an algorithm like RIPE-MD160 (whis
is the default)
    into a 160 Bit hash value.
    This 160 Bit hash value (or part of it) is then used as a key for a
symmetric cypher
    like BLOWFISH (whis has a key length of 128 Bit, so I assume the least
significant
    128 Bits of the hash value are being used).
    But what happens if someone uses a cypher with a key length of more than
160 Bit
    (e.g. 256 Bit) ?
    The hash value is too small to be used as the key for those cyphers.
    So how does GnuPG mangle the passphrase to yield a key with e.g. 256 Bit
?

Does anyone have an answer to that ?

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net



From athlonrobnf@cs.com  Sat Mar 16 01:15:01 2002
From: athlonrobnf@cs.com (AthlonRob)
Date: Sat Mar 16 01:15:01 2002
Subject: GnuPG in Linux... a little help for a Windoze user?
Message-ID: <003b01c1cc7f$5d4d3b60$0101a8c0@robxp>

------=_NextPart_000_0038_01C1CC3C.4CC864B0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hey everybody-

I joined this group hoping there would be information on running GnuPG under=
 Linux, with some reasonable front end.  I'm having a hard time compiling an=
ything at the moment (the front end I chose seems to really like Qt 1.4, whi=
ch really doesn't like me).  I've been using PGP under Win2K and WinXP (yeah=
, I realize there are issues with XP, I do everything manually, so the only=20=
problem is it might be using insecure memory and swapping, which I don't car=
e about) for quite a while now and am happy with it.

After reading for a day now, I'm seeing almost everybody uses Windows.  Does=
 anybody have any advice for places to look for a PGP-like solution for Linu=
x and information on how exactly to use it?

I'd really appreciate some direction  :-)

Rob

------=_NextPart_000_0038_01C1CC3C.4CC864B0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2713.1100" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hey everybody-</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>I joined this group hoping there would be=20
information on running GnuPG under Linux, with some reasonable front end.&nb=
sp;=20
I'm having a hard time compiling anything at the moment (the front end I cho=
se=20
seems to really like Qt 1.4, which really doesn't like me).&nbsp; I've been=20
using PGP under Win2K and WinXP (yeah, I realize there are issues with XP, I=
 do=20
everything manually, so the only problem is it might be using insecure memor=
y=20
and swapping, which I don't care about) for quite a while now and am happy w=
ith=20
it.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>After reading for a day now, I'm seeing alm=
ost=20
everybody uses Windows.&nbsp; Does anybody have any advice for places to loo=
k=20
for a PGP-like solution for Linux and information on how exactly to use=20
it?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>I'd really appreciate some direction&nbsp;=20
:-)</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Rob</FONT></DIV></BODY></HTML>

------=_NextPart_000_0038_01C1CC3C.4CC864B0--


From agreene@pobox.com  Sat Mar 16 01:37:02 2002
From: agreene@pobox.com (Anthony E. Greene)
Date: Sat Mar 16 01:37:02 2002
Subject: GnuPG in Linux... a little help for a Windoze user?
In-Reply-To: <003b01c1cc7f$5d4d3b60$0101a8c0@robxp>
Message-ID: <Pine.LNX.4.33.0203151920540.21434-100000@asmoweb.hqda.pentagon.mil>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 15 Mar 2002, AthlonRob wrote:
>I joined this group hoping there would be information on running GnuPG
>under Linux, with some reasonable front end. I'm having a hard time
>compiling anything at the moment (the front end I chose seems to really
>like Qt 1.4, which really doesn't like me).

I'm assuming you're taling about a GUI front end for GPG.

I used tkpgp for a while, but it was not worth the trouble. I generally use 
GPG for email. I run pine and used it display/send filter functions to pipe 
the text through GPG. It sounds harder than it is. The bottom line is that 
after setting it up, Pine calls GPG automatically to handle in incoming 
signed and/or encrypted messages and I get an offer to sign or sign/encrypt 
each outgoing message. It just doesn't get much easier.

If you use KMail or Evolution, GPG support is included.

If you need to process files, the command line is simple:

  gpg --encrypt filename --recipient [userid substring OR keyid]
  gpg --sign filename
  gpg --clearsign textfile
  gpg --decrypt filename (automatically checks signature too)
  gpg --verify filename (automatically retrieves key if necessary)

I spent some time looking for GUI front ends, but the commands are simple 
enough that I eventually concluded that it was a waste of time to spend 
hours fooling around with GUIs.


Tony
- -- 
Anthony E. Greene <mailto:agreene@pobox.com>
OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26  C484 A42A 60DD 6C94 239D
AOL/Yahoo Chat: TonyG05      HomePage: <http://www.pobox.com/~agreene/>
Linux: the choice of a GNU Generation. <http://www.linux.org/>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Anthony E. Greene 0x6C94239D <agreene@pobox.com>

iD8DBQE8kpMSpCpg3WyUI50RAvQ4AKCwo7z/l452uElzcAv+6zS14DFeMwCg3z6+
OuuhsUkdBfNEUM5dpTf/i7g=
=ZNZU
-----END PGP SIGNATURE-----



From dshaw@jabberwocky.com  Sat Mar 16 02:01:02 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Sat Mar 16 02:01:02 2002
Subject: Question about mangling of passphrases
In-Reply-To: <16775.1016236823@www42.gmx.net>
References: <16775.1016236823@www42.gmx.net>
Message-ID: <20020316005825.GA681@akamai.com>

On Sat, Mar 16, 2002 at 01:00:23AM +0100, jmos@gmx.net wrote:
> Hello GnuPG Users!
> 
> I wonder if it is safe to use GnuPG for symmetric encryption with 256 Bit
> cyphers.
> The problem I see is as follows: 
> 
>     When someone uses symmetric only encryption GnuPG prompts for a
> passphrase.  This passphrase is then hashed with an algorithm like
> RIPE-MD160 (whis is the default) into a 160 Bit hash value.  This
> 160 Bit hash value (or part of it) is then used as a key for a
> symmetric cypher like BLOWFISH (whis has a key length of 128 Bit, so
> I assume the least significant 128 Bits of the hash value are being
> used).  But what happens if someone uses a cypher with a key length
> of more than 160 Bit (e.g. 256 Bit) ?  The hash value is too small
> to be used as the key for those cyphers.  So how does GnuPG mangle
> the passphrase to yield a key with e.g. 256 Bit ?

What happens is there are multiple hashes done so there will always be
enough bits of hash to fill in the key bits.  Each additional hash
beyond the first is preloaded with an increasing number of zeroes to
force the resulting hash to be different.

This is documented in RFC-2440, if you want to read more about it.
Look for the "String-to-key (S2K) specifiers" section.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From graham.todd@ntlworld.com  Sat Mar 16 03:51:01 2002
From: graham.todd@ntlworld.com (Graham Todd)
Date: Sat Mar 16 03:51:01 2002
Subject: GnuPG in Linux... a little help for a Windoze user?
In-Reply-To: <003b01c1cc7f$5d4d3b60$0101a8c0@robxp>
References: <003b01c1cc7f$5d4d3b60$0101a8c0@robxp>
Message-ID: <20020316024843.LWQD7000.mta06-svc.ntlworld.com@there>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Saturday 16 March 2002 12:13 am, you uttered these words of widom 
regarding GnuPG in Linux... a little help for a Windoze user?:

> Hey everybody-
>
[snipped]
>
> After reading for a day now, I'm seeing almost everybody uses
> Windows.  Does anybody have any advice for places to look for a
> PGP-like solution for Linux and information on how exactly to use it?
>
> I'd really appreciate some direction  :-)
>
> Rob

The latest version of PGP that has been released for Linux is PGP 
6.5.8, and then only for the commandline.  GPG is also a commandline 
program.  In fact, there is nothing in Linux approaching the 
flexibility and functions of PGP with the GUI (nor may I add, I've not 
come across anything even approaching GPGShell [a Windows front end for 
GPG] in Linux).

The reason for this is mainly the key management functions, which are 
(sadly) missing from most front ends in Linux, and the ability to 
encrypt/sign/decrypt/verify text in a window having the focus.

The nearest thing that there is to it is to use an emailer like Kmail, 
Evolution, or Xfmail with built in support for PGP and GPG, but of 
course these will only deal with encryption/ signing/ decryption/ 
verification, not with key management.  There are some front ends that 
will enable you to keep your keyrings up to date, Seahorse and 
Geheimnis amongst them and they are useful to have about, but not 
all-embracing.....
- -- 

Graham

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Please sign and encrypt for internet privacy

iD8DBQE8krM6IwtBZOk1250RAjdnAKCo640SdTBVs3XzhRbqDQxnjx9JGQCgmRjR
1v6O9JKFK6fJmvRYX4rsttU=
=529p
-----END PGP SIGNATURE-----


From ddm@pizzashack.org  Sat Mar 16 05:28:01 2002
From: ddm@pizzashack.org (Derek D. Martin)
Date: Sat Mar 16 05:28:01 2002
Subject: Strange PGP server problem
Message-ID: <20020315232450.J6168@pizzashack.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've come across a problem I'm not really sure how to fix.  It may not
be a gpg problem per se, but a problem with the PGP servers.

To make a long story short, I have two different versions of my pgp
key -- each with a different valid encryption subkey.  The old key is
no good, and no one can get the new key, because the pgp servers seem
to have problems with the key.  Now, the longer version:

Today, I updated my key by creating a new 4K Elgamal encryption key,
and revoking my old encryption subkey.  I also had a number of UIDs
that are no longer valid, so I revoked the signature on those.

Note that I'm pretty sure the 4K size of the key is not the problem,
as I created another key of 4K today, which I had no trouble with.

I uploaded the new version of my key to the keyserver at pgp.mit.edu,
and checked that the new key was reflected in querries.  Well, it had
completely disappeared!  Ok, not completely.  If I searched on my
name, the key doesn't show up.  If I search by key ID, it does show
up.

On my system, the key seems fine:

  $ gpg --list-key ddm
  pub  1024D/81CFE75D 2000-10-29 Derek Martin <ddm@pizzashack.org>
  uid                            [revoked] Derek Martin <ddm@cerberus.ne.mediaone.net>
  uid                            [revoked] Derek Martin <ddm@mclinux.com>
  sub  4096g/F73655D5 2002-03-16 [expires: 2003-03-16]
  sub  1024g/22E368D9 2000-10-29

Except when I try to edit the key:

  $ gpg --edit ddm
  gpg (GnuPG) 1.0.6; Copyright (C) 2001 Free Software Foundation, Inc.
  This program comes with ABSOLUTELY NO WARRANTY.
  This is free software, and you are welcome to redistribute it
  under certain conditions. See the file COPYING for details.
  
  gpg: no secret subkey for public subkey 22E368D9 - ignoring
  Secret key is available.
  
  pub  1024D/81CFE75D  created: 2000-10-29 expires: never      trust: f/u
  sub  4096g/F73655D5  created: 2002-03-16 expires: 2003-03-16
  sub  1024g/22E368D9  created: 2000-10-29 expires: never     
  (1). Derek Martin <ddm@pizzashack.org>
  (2)  [revoked] Derek Martin <ddm@cerberus.ne.mediaone.net>
  (3)  [revoked] Derek Martin <ddm@mclinux.com>

[note the "no secret key" message for my old subkey]

If I then, from another account that does not have my gpg keyring in
it run 

  $ gpg --keyserver pgp.mit.edu --recv-key 0x81CFE75D

I get the following messages from gpg:

  $ gpg --keyserver pgp.mit.edu --recv-keys 81CFE75D
  gpg: requesting key 81CFE75D from pgp.mit.edu ...
  gpg: key 81CFE75D: invalid subkey binding
  gpg: key 81CFE75D: public key imported
  gpg: Total number processed: 1
  gpg:               imported: 1

I'm suspecting this may be caused by the missing secret subkey for key
id 0x22E368D9.  I have a back up copy of the old key, which looks like
this:

  $ gpg --edit-key ddm
  Secret key is available.
  
  pub  1024D/81CFE75D  created: 2000-10-29 expires: never      trust: -/u
  sub  1024g/22E368D9  created: 2000-10-29 expires: never     
  (1)  Derek Martin <ddm@pizzashack.org>
  (2)  Derek Martin <ddm@cerberus.ne.mediaone.net>
  (3). Derek Martin <ddm@mclinux.com>

I've tried numerous combinations of exporting and importing the secret
keys and public keys, and while I can import the public side of the
old encryption key, I can not import the corresponding secret key:

  $ ssh otherhost gpg --export-secret-keys -a |gpg --import --allow-secret
  ddm@otherhost's password: 
  gpg: key 81CFE75D: already in secret keyring
  gpg: Total number processed: 1
  gpg:       secret keys read: 1
  gpg:  secret keys unchanged: 1

I think this may be a bug; gpg seems to be failing to detect that
there's a new secret subkey in the exported key, and isn't importing
it.  During one of my iterations, I removed the old encryption key and
the revoked UIDs, and I was then able to --recv-key the key after
uploading it to the server.  However, at that point, the key stopped
showing up in searches on my name (it does still show up in searches
on the key id).  I did some more goofing around, and the key is
showing up in searches again, but now it can't be imported (the public
encryption subkey won't import).

So, basically, it seems like I have two different useless keys.
Obviously I don't want to create a whole new key, as a) it's a pain to
generate long keys, b) I'll have to get people to sign my key all over
again, c) I already have a couple of old keys I can't access out
there.  So I'd really, really, really like to recover this key to make
it usable.

AAAAGGGGGGHHHH!

While I'm waiting for the gurus to soothsay me an answer, I'm going to
hit the Bailey's.  Happy St. Patricks Day!  =8^)

- -- 
Derek Martin               ddm@pizzashack.org    
- ---------------------------------------------
I prefer mail encrypted with PGP/GPG!
GnuPG Key ID: 0x81CFE75D
Retrieve my public key at http://pgp.mit.edu
Learn more about it at http://www.gnupg.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8kskOdjdlQoHP510RAk/WAJ0U7AwQzcq14fA4ew2F9NVHyuBxYACZAcCl
4d5U39wlLoCUuUutxMyRAk4=
=pbbW
-----END PGP SIGNATURE-----


From ddm@pizzashack.org  Sat Mar 16 05:42:01 2002
From: ddm@pizzashack.org (Derek D. Martin)
Date: Sat Mar 16 05:42:01 2002
Subject: gpg subkeys, revisited
Message-ID: <20020315233857.A6820@pizzashack.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I missed it the first time, but it sounds like I'm having the same
exact problem as Douglas Calvert had a couple of weeks ago:

  http://lists.gnupg.org/pipermail/gnupg-users/2002-March/012088.html

Except mine's slightly worse, because the key server evidently has a
bogus version of my key, so no one can get my new encryption subkey.

Hey Douglas, ever get your situation straightened out?

Thanks

- -- 
Derek Martin               ddm@pizzashack.org    
- ---------------------------------------------
I prefer mail encrypted with PGP/GPG!
GnuPG Key ID: 0x81CFE75D
Retrieve my public key at http://pgp.mit.edu
Learn more about it at http://www.gnupg.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8ksxgdjdlQoHP510RAg5hAKCon58DzxfVVlrF6q3IVaCPaHDeBACfZlJI
S0L2VTFrTI83he8ZFv5ckFE=
=mc5Z
-----END PGP SIGNATURE-----


From athlonrobnf@cs.com  Sat Mar 16 05:50:01 2002
From: athlonrobnf@cs.com (AthlonRob)
Date: Sat Mar 16 05:50:01 2002
Subject: GnuPG in Linux... a little help for a Windoze user?
References: <003b01c1cc7f$5d4d3b60$0101a8c0@robxp> <20020316024843.LWQD7000.mta06-svc.ntlworld.com@there>
Message-ID: <00ae01c1cca5$b30628c0$0101a8c0@robxp>

> verification, not with key management.  There are some front ends that
> will enable you to keep your keyrings up to date, Seahorse and
> Geheimnis amongst them and they are useful to have about, but not
> all-embracing.....

Geheimnis refuses to compile here!  IT IS DRIVING ME INSANE!  ./configure
refuses to use whatever default C++ compiler Slackware comes with.  I think
it comes with g++... but could be mistaken.  Either way, it refuses to use
it.

I'm currently *trying* to work with GPA.  Not having much luck.  I really
really really want to import my entire keyring from PGP to GPG, but am
thinking that isn't possible.  If I can't do that, I would at least like to
be able to import my private keys... but heck, I can't even do that.

Nevermind, just got that working (manually, from the command line, importing
private keys)... things are looking up a bit.

I love this stuff!  :-)

Rob
----- Original Message -----
From: "Graham Todd" <graham.todd@ntlworld.com>
To: <gnupg-users@gnupg.org>
Sent: Friday, March 15, 2002 6:51 PM
Subject: Re: GnuPG in Linux... a little help for a Windoze user?


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Saturday 16 March 2002 12:13 am, you uttered these words of widom
> regarding GnuPG in Linux... a little help for a Windoze user?:
>
> > Hey everybody-
> >
> [snipped]
> >
> > After reading for a day now, I'm seeing almost everybody uses
> > Windows.  Does anybody have any advice for places to look for a
> > PGP-like solution for Linux and information on how exactly to use it?
> >
> > I'd really appreciate some direction  :-)
> >
> > Rob
>
> The latest version of PGP that has been released for Linux is PGP
> 6.5.8, and then only for the commandline.  GPG is also a commandline
> program.  In fact, there is nothing in Linux approaching the
> flexibility and functions of PGP with the GUI (nor may I add, I've not
> come across anything even approaching GPGShell [a Windows front end for
> GPG] in Linux).
>
> The reason for this is mainly the key management functions, which are
> (sadly) missing from most front ends in Linux, and the ability to
> encrypt/sign/decrypt/verify text in a window having the focus.
>
> The nearest thing that there is to it is to use an emailer like Kmail,
> Evolution, or Xfmail with built in support for PGP and GPG, but of
> course these will only deal with encryption/ signing/ decryption/
> verification, not with key management.  There are some front ends that
> will enable you to keep your keyrings up to date, Seahorse and
> Geheimnis amongst them and they are useful to have about, but not
> all-embracing.....
> - --
>
> Graham
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: Please sign and encrypt for internet privacy
>
> iD8DBQE8krM6IwtBZOk1250RAjdnAKCo640SdTBVs3XzhRbqDQxnjx9JGQCgmRjR
> 1v6O9JKFK6fJmvRYX4rsttU=
> =529p
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>



From dhlee@flynara.co.kr  Sat Mar 16 06:18:02 2002
From: dhlee@flynara.co.kr (ö)
Date: Sat Mar 16 06:18:02 2002
Subject:   PDF ȯ 帳ϴ(..)
Message-ID: <E16m6iO-0000Pi-00@porta.u64.de>

<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=euc-kr">
<style>
	body, td {
		font-size:9pt;
		line-height:150%;
		color:#5e5e5f;
	}
	A:LINK			{ text-decoration:none; color:#5e5e5f; }
	A:VISITED	{ text-decoration:none; color:#5e5e5f; }
	A:HOVER		{ text-decoration:underline; color:#5B75BF; }
</style>
</head>
<body bgcolor="#ffffff" text="#000000" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
<table width="620" border="0" cellspacing="0" cellpadding="0" align="center">
  <tr> 
    <td><img src="http://www.zinenara.com/email/img/title.gif" width="620" height="30"></td>
  </tr>
  <tr> 
    <td><img src="http://www.zinenara.com/email/img/img_01.gif" width="620" height="207"></td>
  </tr>
  <tr> 
    <td><img src="http://www.zinenara.com/email/img/text.gif" width="620" height="320" usemap="#Map" border="0"></td>
  </tr>
  <tr> 
    <td><img src="http://www.zinenara.com/email/img/contact.gif" width="620" height="117"></td>
  </tr>
  <tr> 
    <td>
      <table width="100%" border="0" cellspacing="0" cellpadding="0" background="http://www.zinenara.com/email/img/bottom_03.gif">
        <tr> 
          <td width="5%"><img src="http://www.zinenara.com/email/img/bottom_01.gif" width="27" height="26"></td>
          <td width="92%">
            <div align="center">   ߽ ̹Ƿ   ø <A href="mailto:dhlee@flynara.co.kr"><font color="#cc0000"></font></a> 
                ּ.</div>
          </td>
          <td width="3%"><img src="http://www.zinenara.com/email/img/bottom_02.gif" width="27" height="26"></td>
        </tr>
      </table>
    </td>
  </tr>
</table>
<map name="Map">
  <area shape="RECT" coords="431,285,608,307" href="http://www.zinenara.com" target="_blank">
</map>
</body>
</html>


From douglist@anize.org  Sat Mar 16 09:42:01 2002
From: douglist@anize.org (Douglas F. Calvert)
Date: Sat Mar 16 09:42:01 2002
Subject: schneier on bernstiens work
Message-ID: <1016268495.16321.5.camel@allevil>

--=-HzW9Sfsy+NUP87Y3mwgy
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Hello.
 I recently posted a question about bernsteins facorting work. Schneier
talks about the paper in the latest cryptogram. It is a little off topic
for the list but still interesting...

go to counterpane.com for latest cryptogram (i am too lazy to link)

--BEGIN CRYPTO-GRAM
Bernstein's Factoring Breakthrough?



Last fall, mathematician Dan Bernstein circulated a paper discussing
improvements in integer factorization, using specialized parallel
hardware.  The paper didn't get much attention until recently, when
discussions sprang up on SlashDot and other Internet forums about the
results.  A naive read of the paper implies that factoring is now
significantly easier using the machine described in the paper, and that
keys as long as 2048 bits can now be broken.

This is not the case.  The improvements described in Bernstein's paper
are unlikely to produce the claimed speed improvements for practically
useful numbers.

Currently the fastest factoring algorithm is the Number Field Sieve
(NFS), which supplanted the Quadratic Sieve several years ago.=20
Basically, the NFS has two phases.  The first is a search for equations
that satisfy certain mathematical properties.  This step is highly
parallelizable, and today is routinely done with thousands of
computers.  The second step is a large matrix calculation, which
eventually produces the prime factors of the target number.

Bernstein attempts to improve the efficiency of both steps.  There are
some good observations here that will result in some minor speedups in
factoring, but the enormous improvements claimed are more a result of
redefining efficiency than anything else.  Bernstein positions his
results as an effect of massive parallization.  To me, this is
misleading.  You can always simulate a parallel machine on a single
computer by using a time-sliced architecture.  In his model, the "cost"
of factoring is a product of time and space, and he claims that he can
reduce the cost of parallel sorting from a factor of m^4 to m^3.=20
Bernstein justifies his assumptions by claiming that a single processor
needs m^2 memory, whereas an array of m^2 processors only needs constant
memory.  This may be true, but neglects to factor in the cost associated
with connecting those processors: tying a million simple processors
together is much more expensive than using a single processor of the
same design with a mi
llion bits of memory.  Again, it is not clear that this technique will
buy you anything for practical sized numbers.

To be sure, Bernstein does not say anything different.  (In fact, I
commend him for not being part of the hyperbole.)  His result is
asymptotic.  This means that it is eventually true, as the size of the
number factored approaches infinity.  This says nothing about how much
more efficient Bernstein's algorithm is, or even whether or not it is
more efficient than current techniques.  Bernstein himself says this in
one of his posts:  "Protecting against [these techniques] means
switching from n-bit keys to f(n)-bit keys.  I'd like to emphasize that,
at this point, very little is known about the function f.  It's clear
that f(n) is approximately (3.009...)n for *very* large sizes n, but I
don't know whether f(n) is larger than n for *useful* sizes n."  What he
means is: at some bit length these techniques will be useful, but we
have no idea what that bit length is.

I don't believe in the factor of n - 3n length improvement.  Any
practical implementation of these techniques depends heavily on
complicated technological assumptions and tradeoffs.  Parallel computing
is much easier to say than it is to do, and there are always hidden
complexities.  I think when all the math is said and done, these other
complexities will even out his enhancements.

This is not to belittle Bernstein's work.  This is good research.  I
like his novel way of using sorting techniques to carry out the linear
algebra part.  This might be useful in a variety of other contexts, and
is likely to open up new research directions in the design of more
efficient sorting networks and sparse matrix algorithms.  There are
other speed improvements to the NFS in this paper, and they will most
definitely be researched further.

Over the past several decades factoring has steadily gotten easier, and
it's gotten easier faster than anyone would have believed.  Speed
improvements have come from four sources.  One, processors have gotten
faster.  Two, processors have gotten cheaper and easier to network in
parallel computations.  Three, there have been steady flows of minor
improvements to the factoring algorithms.  And four, there have been
fundamental advances in the mathematics of factoring.

I believe that Bernstein's work falls under the third category, and
takes advantage of ancillary improvements in the second category.  And
if history is any guide, it will be years before anyone knows exactly
whether, and how, this work will affect the actual factoring of
practical numbers.


Bernstein Paper:
<http://cr.yp.to/papers/nfscircuit.ps>

--=20
+---------------+-----------------------------------+
|Douglas Calvert|       http://anize.org/dfc        |
| dfc@anize.org |       http://imissjerry.org       |
+---------------+-----------------------------------+
|   If you use envelopes, why not use encryption?   |
|         http://anize.org/dfc/dfc-keys.asc         |
| 0817 30D4 82B6 BB8D 5E66 06F6 B796 073D C954 1FB2 |
+-------------| http://www.gnupg.org |--------------+


--=-HzW9Sfsy+NUP87Y3mwgy
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQA8kwbPt5YHPclUH7IRAnQVAJ9vKoxYOuOMUg3gex9XK3ckNZC6FgCghtZ8
KVqEteqo6JC03EE6Vu9oM6Q=
=7tLI
-----END PGP SIGNATURE-----

--=-HzW9Sfsy+NUP87Y3mwgy--


From ddm@pizzashack.org  Sat Mar 16 18:45:03 2002
From: ddm@pizzashack.org (Derek D. Martin)
Date: Sat Mar 16 18:45:03 2002
Subject: gpg subkeys, revisited
In-Reply-To: <1016257151.16327.1.camel@allevil>
References: <20020315233857.A6820@pizzashack.org> <1016257151.16327.1.camel@allevil>
Message-ID: <20020316124152.A7155@pizzashack.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At some point hitherto, Douglas Calvert hath spake thusly:
> On Fri, 2002-03-15 at 23:38, Derek D. Martin wrote:
> > I missed it the first time, but it sounds like I'm having the same
> > exact problem as Douglas Calvert had a couple of weeks ago:
[SNIP]
> No dice. There is a problem with the keyservers. They cannot handle
> multiple subkeys.
[SNIP]

Ok thanks, but well, my problem is a bit more involved than just
that.  Basically the problem is that on the machine that I read mail,
I accidentally deleted my old encryption subkey.  I still have other
subkeys on that keyring associated with my signing key (0x81CFE75D)
that I need to keep.  But obviously, I want to keep my old encryption
key around, so I can decrypt messages that are sent to me by people
who haven't yet gotten the new subkey from me, or forgot to import it,
or for messages I already have hanging around...

I have a copy of the old subkey on another machine.  That old keyring
does not have the other subkeys that I wish to keep.  What I need to
do is merge the two keyrings.

I can do this with the PUBLIC subkeys no problem.  However, GPG will
not let me incorporate the SECRET subkey, no matter what I try.  I've
tried using both --export-secret-key and --export-secret-subkey on the
export side of things, and I always use --allow-secret on the import
side, but I only get error messages from gpg as such:

  $ ssh otherhost gpg -a --export-secret-subkey ddm |gpg --allow-secret --import
  ddm@otherhost's password: 
  gpg: key 81CFE75D: already in secret keyring
  gpg: Total number processed: 1
  gpg:       secret keys read: 1
  gpg:  secret keys unchanged: 1

So, gpg seems to fail to realize that there are subkeys in the
exported block that are not in the local copy, and refuses to import
them.  Whether or not this is intended behavior, I think this is a
bug.  Otherwise, there's no way to recover accidentally deleted
subkeys, and if you DO accidentally delete a subkey, your options
would be to maintain two different keyrings (one with the deleted one
and the other with all the other keys), or throw up your hands in
frustration and generate a whole new key.  And if you have old
messages that you still need to decrypt with the old key, the latter
isn't even really an option. Neither of those options is ideal.  IMO,
the best solution is for gpg to allow the import of secret subkeys.

Please note: I'm not on gnupg-devel, so please CC me ONLY if your
reply is going to be ONLY on that list (I'm on gnupg-users).  

Thanks.

- -- 
Derek Martin               ddm@pizzashack.org    
- ---------------------------------------------
I prefer mail encrypted with PGP/GPG!
GnuPG Key ID: 0x81CFE75D
Retrieve my public key at http://pgp.mit.edu
Learn more about it at http://www.gnupg.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8k4PedjdlQoHP510RAoVjAKCbgELUN80DO5xj+/Stl6luJpsM7QCeK+7L
7fTlskD+WiOs0fQjNcXkezM=
=IgBT
-----END PGP SIGNATURE-----


From sandy@montana-riverboats.com  Sat Mar 16 21:04:01 2002
From: sandy@montana-riverboats.com (Sandy Pittendrigh)
Date: Sat Mar 16 21:04:01 2002
Subject: difficulty at the beginning
Message-ID: <3C9251B6.5020907@montana-riverboats.com>

This is a multi-part message in MIME format.
--------------010506040505040900070203
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit



--------------010506040505040900070203
Content-Type: text/plain;
 name="gnupg"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="gnupg"

I need to send encrypted mail from a webserver/domain host
down to my desck top. My domain provider doesn't have pgp or
gpg installed. So I obtained the following tar.gz sources:

gnupg-1.0.6.tar.gz  
pgpgpg-0.13.tar.gz

I untarred them, configured and compiled both sources,
on both my desk top machine and at the virtual domain where
my website exists.

I used configure --prefix=/home/me --exec-prefix=/home/me

make
make install ....on both boxes.

Then, at desktop :
pgp -kg 
  ....several steps omitted.
pgp -kx me@mydomain.com
  ....which produced me.pgp
The I used scp to to send me.pgp  up to the webserver

Then, at virtual domain:
pgp -kg
  ....several steps omitted, using email address that
      reflects the name web processes run as on my site

pgp -ka me.pgp
  .....which produced
gpg: Warning: using insecure memory!
gpg: key 60F87D7B: unsupported public key algorithm
gpg: key 60F87D7B: no valid user IDs
gpg: this may be caused by a missing self-signature
gpg: key ACC7F0DF: unsupported public key algorithm
gpg: key ACC7F0DF: no valid user IDs
gpg: this may be caused by a missing self-signature
gpg: Total number processed: 2
gpg:           w/o user IDs: 2


Where do I go from here?


--------------010506040505040900070203--



From mutz@kde.org  Sat Mar 16 21:29:01 2002
From: mutz@kde.org (Marc Mutz)
Date: Sat Mar 16 21:29:01 2002
Subject: zlib bug
In-Reply-To: <20020314224259.GA14391@wizard.com>
References: <Pine.LNX.4.44.0203151759570.1182-100000@denken.szsz.org> <20020314224259.GA14391@wizard.com>
Message-ID: <200203151930.28619@sendmail.mutz.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 14 March 2002 23:42, A Guy Called Tyketto wrote:
<snip>
> but it would be in one's best interest, to uninstall GnuPG, update
> your zlib, and recompile GnuPG against it. I played it safe and
> recompiled against zlib 1.1.4, so I know my binaries aren't affected
> by the bug.
<snip>

Beeeep. Uninstall? What for? Just update your zlib with the dirtibutor's=20
rpm/deb's and be done.

Marc

- --=20
Marc Mutz <mutz@kde.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8kj3D3oWD+L2/6DgRAiqYAJ0cGZKsmlU9VyeIpUezxnT88F3vUACdEsof
JifUnkn1UM59QHu4bmIC5NQ=3D
=3D6SkJ
-----END PGP SIGNATURE-----




From rmartini@cipsga.org.br  Sat Mar 16 22:53:01 2002
From: rmartini@cipsga.org.br (Renato Martini)
Date: Sat Mar 16 22:53:01 2002
Subject: zlib bug
In-Reply-To: <20020314220945.GA2799@mcdonald.org.uk>
Message-ID: <Pine.LNX.4.44.0203171849090.1682-100000@denken.szsz.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

On Thu, 14 Mar 2002, Andrew McDonald wrote:

> Date: Thu, 14 Mar 2002 22:09:45 +0000
> From: Andrew McDonald <andrew@mcdonald.org.uk>
> To: mailing List gnupg-users <gnupg-users@gnupg.org>
> Subject: Re: zlib bug
>
> On Fri, Mar 15, 2002 at 06:10:59PM -0300, Renato Martini wrote:
> >
> > The GnuPG uses the zlib library (release 1.1.3), and the
> > systems affected are "any  software  that  is  linked  to
> > zlib  1.1.3 or earlier", or "data  compression libraries derived from zlib 1.1.3 or
> > earlier may contain a similar bug".
> >
> >
> > The gpg is affected by this bug in zlib?
> > The zlib library inside the GnuPG package or in the CVS will be changed?
>
> Note that, as you are running Linux, it is quite likely that your gpg is
> dynamically linked against the zlib libraries you probably have
> installed on your system. You can check this with, e.g.:

No Linux...

I compile GnuPG Unices releases (SCO OpenServer, UnixWare, Solaris x86 etc etc),
and I compile these packages statically linked with the zlib available
inside the gpg sources.

This is the problem for me.

best regards

- ---------
  __|_ _| _ \  __|  __|   \    | Renato Martini ::: Diretor Administrativo
 (     |  __/\__ \ (_ |  _ \   | http://www.cipsga.org.br
\___|___|_|  ____/\___|_/  _\  | http://gnupg.unixsecurity.com.br
- -----------------------------------------------------------------------
"O Fantasia, che dei tempi e delle distanze fai il tuo giuoco audace!"
                         (Gabriele d'Annunzio)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8lRB/YogE2yD8bPYRA+rdAKCg4UkPLvB9aiB+1VHA9spZtTVscQCgiGR8
WjGm0s+A4HjcMzIy0r5iCM0=
=i5Vb
-----END PGP SIGNATURE-----




From andrew@mcdonald.org.uk  Sat Mar 16 23:16:02 2002
From: andrew@mcdonald.org.uk (Andrew McDonald)
Date: Sat Mar 16 23:16:02 2002
Subject: zlib bug
In-Reply-To: <Pine.LNX.4.44.0203171849090.1682-100000@denken.szsz.org>
References: <20020314220945.GA2799@mcdonald.org.uk> <Pine.LNX.4.44.0203171849090.1682-100000@denken.szsz.org>
Message-ID: <20020316221424.GE361@mcdonald.org.uk>

--AhhlLboLdkugWU4S
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Mar 17, 2002 at 06:53:57PM -0300, Renato Martini wrote:
> On Thu, 14 Mar 2002, Andrew McDonald wrote:
> >
> > Note that, as you are running Linux, it is quite likely that your gpg is
> > dynamically linked against the zlib libraries you probably have
> > installed on your system. You can check this with, e.g.:
>=20
> No Linux...

The guess you were writing that e-mail on Linux was from the pine
message ID which was of the form: <Pine.LNX.etc@etc>

> I compile GnuPG Unices releases (SCO OpenServer, UnixWare, Solaris x86 et=
c etc),
> and I compile these packages statically linked with the zlib available
> inside the gpg sources.

Werner sent an e-mail to gnupg-announce (Bcc'ed I think to gnupg-devel)
on 2002-03-15 supplying a patch. I can find it in the gnupg-devel
archives, but not gnupg-announce as yet. See:
<http://lists.gnupg.org/pipermail/gnupg-devel/2002-March/006878.html>

--=20
Andrew McDonald
E-mail: andrew@mcdonald.org.uk
http://www.mcdonald.org.uk/andrew/

--AhhlLboLdkugWU4S
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8k8PA/LupyPLe7TYRArqDAJ0eaU13uo7aRPHFs2624ntTpXNyVwCghnzf
j7gdEbY5Sw4NxJELukK7C9g=
=0KqV
-----END PGP SIGNATURE-----

--AhhlLboLdkugWU4S--


From teenieberry@worldnet.att.net  Sun Mar 17 00:01:01 2002
From: teenieberry@worldnet.att.net (FRANK HUBENY)
Date: Sun Mar 17 00:01:01 2002
Subject: zlib bug
References: <Pine.LNX.4.44.0203151759570.1182-100000@denken.szsz.org> <20020314224259.GA14391@wizard.com> <200203151930.28619@sendmail.mutz.com>
Message-ID: <000901c1cd3f$3dc1f680$a3e96620@teeniebe9euk8d>

Hello Users;

Has the Windows download at the "gnupg" web - site been recompiled with
the new library.  If not is there a expected release date.  Also will
this be reflected in a different version number.

<><
Frank D. Hubeny



From ftobin@neverending.org  Sun Mar 17 00:21:02 2002
From: ftobin@neverending.org (Frank Tobin)
Date: Sun Mar 17 00:21:02 2002
Subject: nofgpg
Message-ID: <20020316181552.M4261-100000@palanthas.neverending.org>

I just noticed this project:

NOFGPG (No One Fears GPG) is a small python-gnome gpg's key manager.
http://www.cgabriel.org/sw/nofgpg/

It might be of interest to some users here.

-- 
Frank Tobin		http://www.neverending.org/~ftobin/



From jmos@gmx.net  Sun Mar 17 01:40:01 2002
From: jmos@gmx.net (jmos@gmx.net)
Date: Sun Mar 17 01:40:01 2002
Subject: Problem with --not-dash-escaped
Message-ID: <17261.1016325475@www52.gmx.net>

Hello All!

Is there a problem with 'gpg --not-dash-escaped --clearsign ...' under
Windows ?

When I sign a message with the above command I don't get any error
messages. But when I check the signature afterwards with
'gpg --verify ...' I always get the message : Invalid signature.

I use GnuPG 1.0.6 under Windows 98. (The binary distribution from
http://www.gnupg.org/download.html).

Can anyone help ?

P.S: I didn't send the signed message via email and it didn't contain
       5 dashes at the beginning of a line, so that is not the problem

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net



From jmos@gmx.net  Sun Mar 17 02:03:01 2002
From: jmos@gmx.net (jmos@gmx.net)
Date: Sun Mar 17 02:03:01 2002
Subject: Question about mangling of passphrases
Message-ID: <27517.1016326847@www52.gmx.net>

On Sat, Mar 16, 2002 at 01:00:23AM +0100, jmos@gmx.net wrote:
>>Hello GnuPG Users!
>> 
>> I wonder if it is safe to use GnuPG for symmetric encryption with 256 Bit
>> cyphers.
>> The problem I see is as follows: 
>> 
>> When someone uses symmetric only encryption GnuPG prompts for a
>> passphrase.  This passphrase is then hashed with an algorithm like
>> RIPE-MD160 (whis is the default) into a 160 Bit hash value.  This
>> 160 Bit hash value (or part of it) is then used as a key for a
>> symmetric cypher like BLOWFISH (whis has a key length of 128 Bit, so
>> I assume the least significant 128 Bits of the hash value are being
>> used).  But what happens if someone uses a cypher with a key length
>> of more than 160 Bit (e.g. 256 Bit) ?  The hash value is too small
>> to be used as the key for those cyphers.  So how does GnuPG mangle
>> the passphrase to yield a key with e.g. 256 Bit ?

>What happens is there are multiple hashes done so there will always be
>enough bits of hash to fill in the key bits.  Each additional hash
>beyond the first is preloaded with an increasing number of zeroes to
>force the resulting hash to be different.

>This is documented in RFC-2440, if you want to read more about it.
>Look for the "String-to-key (S2K) specifiers" section.

>David

O.K. Thanks David!

Could this process be used to "emulate" a stronger Hash algorithm
(one with a hash value with more than 160 bit) ?

Let me explain this:

In the GnuPG FAQ section 4.1 one can read the following:

"1024 bit for DSA signatures; even for plain ElGamal signatures this is
sufficient as the size of the hash is probably the weakest link if the key size
is larger than 1024 bits."

So If this process could be used to "emulate" a hash with a greater size it
would not
be anymore the weakest link and it would make sense to use DSA keys with
more than
1024 bit.

I guess this is nonsense but could you please tell why the above process of
taking
multiple hashes to fill in a symmetric key is safe and why it is not safe to
use the
same process to generate a hash with a greater size so that it would make
sense
to use greater key sizes for DSA ?

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net



From disastry@saiknes.lv.NO.SPaM.NET  Sun Mar 17 12:37:01 2002
From: disastry@saiknes.lv.NO.SPaM.NET (disastry@saiknes.lv.NO.SPaM.NET)
Date: Sun Mar 17 12:37:01 2002
Subject: ZLIB and Cygwin (was: Re: ZLIB vulnerability)
Message-ID: <3C947E41.90CB9646@saiknes.lv.NO.SPaM.NET>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Anton Stiglic astiglic@okiok.com wrote:
> 
> > "AthlonRob" <athlonrobnf@cs.com> writes:
> >
> > > Does GnuPG actually include zlib itself, or does it just require you have
> > > zlib on your system, and then utilize that?
> >
> > The source code includes a copy of zlib, but the build process uses
> > the system zlib if available.
> 
> I happen to compile GnuPG under Windows (using Cygwin) where
> I don't have a system zlib, so it uses the one that comes with gnupg.
> The latest version of gnupg, 1.0.6, comes with zlib version 1.1.3
> (which has the vulnerability).  So I replaced the zlib library with
> zlib version 1.1.4 and recompiled my gnupg.
> --Anton

actually you may be wrong:
Cygwin have zlib - cygz.dll
and GPG compiled with Cygwin uses it (I just checked with depends.exe)

so you need newer cygz.dll.
(unless you compile GPG with --with-included-zlib switch)

__
Disastry  http://disastry.dhs.org/
http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon
 ^----PGP 2.6.3ia-multi05 (supports IDEA, CAST5, BLOWFISH, TWOFISH,
      AES, 3DES ciphers and MD5, SHA1, RIPEMD160, SHA2 hashes)
-----BEGIN PGP SIGNATURE-----
Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1

iQA/AwUBPJRiHjBaTVEuJQxkEQPDrACgsqr20xSOr6dZJqt+iFM+3NrVFisAoOS+
8W2rnwlFmc1sI3GWYvgSeMdQ
=JRd7
-----END PGP SIGNATURE-----


From disastry@saiknes.lv.NO.SPaM.NET  Sun Mar 17 12:41:02 2002
From: disastry@saiknes.lv.NO.SPaM.NET (disastry@saiknes.lv.NO.SPaM.NET)
Date: Sun Mar 17 12:41:02 2002
Subject: Problem with --not-dash-escaped
Message-ID: <3C94806C.5D3A39DF@saiknes.lv.NO.SPaM.NET>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message

jmos@gmx.net wrote:
> Is there a problem with 'gpg --not-dash-escaped --clearsign ...' under
> Windows ?
>
> When I sign a message with the above command I don't get any error
> messages. But when I check the signature afterwards with
> 'gpg --verify ...' I always get the message : Invalid signature.

I get good sig. for my this msg too.
gpg1.0.6, win2k.

> I use GnuPG 1.0.6 under Windows 98. (The binary distribution from
> http://www.gnupg.org/download.html).

__
Disastry  http://disastry.dhs.org/
http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon
 ^----PGP 2.6.3ia-multi05 (supports IDEA, CAST5, BLOWFISH, TWOFISH,
      AES, 3DES ciphers and MD5, SHA1, RIPEMD160, SHA2 hashes)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (MingW32)

iD8DBQE8lIBKMFpNUS4lDGQRAuSbAJwJi1Q4kiWn/0Cctde62Y65Yox0wgCbB3eC
VGen36OF5S/afw9Pct7iZZs=
=W1en
-----END PGP SIGNATURE-----


From andrew@mcdonald.org.uk  Sun Mar 17 16:12:01 2002
From: andrew@mcdonald.org.uk (Andrew McDonald)
Date: Sun Mar 17 16:12:01 2002
Subject: zlib bug
In-Reply-To: <000901c1cd3f$3dc1f680$a3e96620@teeniebe9euk8d>
References: <Pine.LNX.4.44.0203151759570.1182-100000@denken.szsz.org> <20020314224259.GA14391@wizard.com> <200203151930.28619@sendmail.mutz.com> <000901c1cd3f$3dc1f680$a3e96620@teeniebe9euk8d>
Message-ID: <20020317150940.GA13589@mcdonald.org.uk>

On Sat, Mar 16, 2002 at 06:06:31PM -0500, FRANK HUBENY wrote:
> 
> Has the Windows download at the "gnupg" web - site been recompiled with
> the new library.  If not is there a expected release date.  Also will
> this be reflected in a different version number.

I believe that the gnupg-w32-1.0.6-2.zip on ftp.gnupg.org is the
updated version.

-- 
Andrew McDonald
E-mail: andrew@mcdonald.org.uk
http://www.mcdonald.org.uk/andrew/


From teenieberry@worldnet.att.net  Sun Mar 17 17:41:01 2002
From: teenieberry@worldnet.att.net (FRANK HUBENY)
Date: Sun Mar 17 17:41:01 2002
Subject: zlib bug
References: <Pine.LNX.4.44.0203151759570.1182-100000@denken.szsz.org> <20020314224259.GA14391@wizard.com> <200203151930.28619@sendmail.mutz.com> <000901c1cd3f$3dc1f680$a3e96620@teeniebe9euk8d> <20020317150940.GA13589@mcdonald.org.uk>
Message-ID: <000b01c1cdd3$5240b350$bae96620@teeniebe9euk8d>

Hello users;

Thank you for the responses " :) "  Just checked, old file in my archive
is
" version 1.0.6  ", new one has -2 on end and new "gpg.exe dated
03-15-02.

<><
Frank D. Hubeny



From teenieberry@worldnet.att.net  Sun Mar 17 17:52:01 2002
From: teenieberry@worldnet.att.net (FRANK HUBENY)
Date: Sun Mar 17 17:52:01 2002
Subject: gpg 106-2
Message-ID: <000b01c1cdd4$ea106b70$bae96620@teeniebe9euk8d>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Users;

The new release for windows seems to have cleared up a problem I had
with automatically retreiving keys when I derypt / verify e-mail.  I
was usein "106", with "WinPT" and W2k.

I have just retreveived two keys with out any errors from "WinPT".
I suppose a longer period of time wil tell for sure.  But before it
never happened.

<><
-----BEGIN PGP SIGNATURE-----

iD8DBQE8lMsSg8sEqRPmPjoRArPoAJ9To12UHBfueX1j6XOPdOi7LXY6swCgsIFr
S4esYkUuzP5YVe4emvzs0Go=
=53ZY
-----END PGP SIGNATURE-----




From rmartini@cipsga.org.br  Sun Mar 17 19:29:01 2002
From: rmartini@cipsga.org.br (Renato Martini)
Date: Sun Mar 17 19:29:01 2002
Subject: zlib bug
In-Reply-To: <20020316221424.GE361@mcdonald.org.uk>
Message-ID: <Pine.LNX.4.44.0203181525470.1386-100000@denken.szsz.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

On Sat, 16 Mar 2002, Andrew McDonald wrote:

> Date: Sat, 16 Mar 2002 22:14:24 +0000
> From: Andrew McDonald <andrew@mcdonald.org.uk>
> To: mailing List gnupg-users <gnupg-users@gnupg.org>
> Cc: Renato Martini <rmartini@cipsga.org.br>
> Subject: Re: zlib bug
>
> > No Linux...
>
> The guess you were writing that e-mail on Linux was from the pine
> message ID which was of the form: <Pine.LNX.etc@etc>


Yes! I work at a Gnu/Linux box. But, I maintain a web site called "GnuPG
for Unix" (http://gnupg.unixsecurity.com.br). This site make
available many gpg Unices packages...


> > I compile GnuPG Unices releases (SCO OpenServer, UnixWare, Solaris x86 etc etc),
> > and I compile these packages statically linked with the zlib available
> > inside the gpg sources.
>
> Werner sent an e-mail to gnupg-announce (Bcc'ed I think to gnupg-devel)
> on 2002-03-15 supplying a patch. I can find it in the gnupg-devel
> archives, but not gnupg-announce as yet. See:
> <http://lists.gnupg.org/pipermail/gnupg-devel/2002-March/006878.html>
>

Okay! Thanks Andrew, I read this...

best regards

- ---------
  __|_ _| _ \  __|  __|   \    | Renato Martini ::: Diretor Administrativo
 (     |  __/\__ \ (_ |  _ \   | http://www.cipsga.org.br
\___|___|_|  ____/\___|_/  _\  | http://gnupg.unixsecurity.com.br
- -----------------------------------------------------------------------
"O Fantasia, che dei tempi e delle distanze fai il tuo giuoco audace!"
                         (Gabriele d'Annunzio)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8ljJgYogE2yD8bPYRAy36AJ4ri9N8pUbqnfFuXE3gQOTshM2r5ACguDqJ
g/HQyBEmROnP5Oj6nzqFKbs=
=Qbe6
-----END PGP SIGNATURE-----




From dshaw@jabberwocky.com  Sun Mar 17 23:57:01 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Sun Mar 17 23:57:01 2002
Subject: Problem with --not-dash-escaped
In-Reply-To: <17261.1016325475@www52.gmx.net>
References: <17261.1016325475@www52.gmx.net>
Message-ID: <20020317225430.GA24342@akamai.com>

On Sun, Mar 17, 2002 at 01:37:55AM +0100, jmos@gmx.net wrote:
> Hello All!
> 
> Is there a problem with 'gpg --not-dash-escaped --clearsign ...' under
> Windows ?
> 
> When I sign a message with the above command I don't get any error
> messages. But when I check the signature afterwards with
> 'gpg --verify ...' I always get the message : Invalid signature.
> 
> I use GnuPG 1.0.6 under Windows 98. (The binary distribution from
> http://www.gnupg.org/download.html).
> 
> Can anyone help ?
> 
> P.S: I didn't send the signed message via email and it didn't contain
>        5 dashes at the beginning of a line, so that is not the problem

Can you post a short sample signature that did not work?  Also, sort
of key are you signing with?

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From blais@iro.umontreal.ca  Mon Mar 18 04:12:02 2002
From: blais@iro.umontreal.ca (Martin Blais)
Date: Mon Mar 18 04:12:02 2002
Subject: problem with unix user id and default key
In-Reply-To: <Pine.LNX.4.40.0203092307140.2427-100000@sunba>
References: <Pine.LNX.4.40.0203092307140.2427-100000@sunba>
Message-ID: <20020318030925.DFUQ21605.tomts6-srv.bellnexxia.net@there>

hi all

i have a funny problem: when my unix username matches one of the keys
in the public keyring, which is not the key for which i have a private
key, i seem to have problems with the trust path. it's as if gpg
always thinks that that key is the owner's key and barks everytime i
need to encrypt, e.g.

my username is "blais".
when i create a db with a secret key for user your_name, e.g.

,----
| tadora:~$ gpg --list-keys
| /home/blais/.gnupg/pubring.gpg
| ------------------------------
| pub  1024D/5C3DC372 2002-03-17 Your Name <your_name@my.other.email.address.org>
| uid                            Your Name <your_name@your.email.address.com>
| sub  1024g/8D5850AB 2002-03-17
| 
| tadora:~$ 
`----

then i import and sign the public key for user blais:

,----
| tadora:~$ gpg --import blais-public-key.asc 
| gpg: key D1775F1D: public key imported
| gpg: Total number processed: 1
| gpg:               imported: 1
| tadora:~$ gpg --sign-key blais
| 
| pub  1024D/D1775F1D  created: 2001-12-02 expires: never      trust: m/q
| sub  1024g/4E26EFDC  created: 2001-12-02 expires: never     
| (1)  Martin Blais <blais@iro.umontreal.ca>
| (2). Martin Blais <blais@discreet.com>
| 
| Really sign all user IDs? y
|                            
| pub  1024D/D1775F1D  created: 2001-12-02 expires: never      trust: m/q
|              Fingerprint: D33B E835 9B43 6D52 FE10  F47D AB63 E60B D177 5F1D
| 
|      Martin Blais <blais@iro.umontreal.ca>
|      Martin Blais <blais@discreet.com>
| 
| Are you really sure that you want to sign this key
| with your key: "Your Name <your_name@my.other.email.address.org>"
| 
| Really sign? y
|               
| You need a passphrase to unlock the secret key for
| user: "Your Name <your_name@my.other.email.address.org>"
| 1024-bit DSA key, ID 5C3DC372, created 2002-03-17
| 
| tadora:~$ gpg --list-sigs
| /home/blais/.gnupg/pubring.gpg
| ------------------------------
| pub  1024D/5C3DC372 2002-03-17 Your Name <your_name@my.other.email.address.org>
| sig        5C3DC372 2002-03-18  Your Name <your_name@my.other.email.address.org>
| uid                            Your Name <your_name@your.email.address.com>
| sig        5C3DC372 2002-03-17  Your Name <your_name@my.other.email.address.org>
| sub  1024g/8D5850AB 2002-03-17
| sig        5C3DC372 2002-03-17  Your Name <your_name@my.other.email.address.org>
| 
| pub  1024D/D1775F1D 2001-12-02 Martin Blais <blais@discreet.com>
| sig        D1775F1D 2001-12-16  Martin Blais <blais@discreet.com>
| sig        20D44B70 2001-12-06  [User id not found]
| sig        01F8CF57 2002-03-08  [User id not found]
| sig        5C3DC372 2002-03-18  Your Name <your_name@my.other.email.address.org>
| uid                            Martin Blais <blais@iro.umontreal.ca>
| sig        D1775F1D 2001-12-16  Martin Blais <blais@discreet.com>
| sig        20D44B70 2001-12-06  [User id not found]
| sig        01F8CF57 2002-03-08  [User id not found]
| sig        5C3DC372 2002-03-18  Your Name <your_name@my.other.email.address.org>
| sub  1024g/4E26EFDC 2001-12-02
| sig        D1775F1D 2001-12-16  Martin Blais <blais@discreet.com>
| 
| tadora:~$ 
`----


when i try to encrypt, i get this warning:

,----
| tadora:~$ gpg -aer blais secret
| Could not find a valid trust path to the key.  Let's see whether we
| can assign some missing owner trust values.
| 
| No path leading to one of our keys found.
| 
| 1024g/4E26EFDC 2001-12-02 "Martin Blais <blais@discreet.com>"
|              Fingerprint: 5407 1AE2 2EEE 02F5 5C82  5256 20A5 00CF 4E26 EFDC
| 
| It is NOT certain that the key belongs to its owner.
| If you *really* know what you are doing, you may answer
| the next question with yes
| 
| Use this key anyway? 
`----


i tried fiddling with more signing, and setting the trust, to no
avail. then i discovered that if i did the same under user "root", i
did not have the warning.

so i tried setting the --local-user, the --default-key and fiddling
with all the other options and the options file, and i cannot seem to
get rid of that warning.

any idea?
please Cc, i'm not on this list.
thx,



From Wolfgang.Schramm@maschinenbau-kitz.de  Mon Mar 18 08:36:01 2002
From: Wolfgang.Schramm@maschinenbau-kitz.de (Schramm Wolfgang)
Date: Mon Mar 18 08:36:01 2002
Subject: Please unsuscribe me too
Message-ID: <4AD170797DA3FC4B828D9F7203CEB70521801F@mkdaten2>


Mit freundlichen Gr=FC=DFen


Wolfgang Schramm


Maschinenbau Kitz GmbH





From bar_ann@yahoo.com  Mon Mar 18 10:49:01 2002
From: bar_ann@yahoo.com (B C)
Date: Mon Mar 18 10:49:01 2002
Subject: missing   ccw32.vxd
Message-ID: <20020318094653.11362.qmail@web14503.mail.yahoo.com>

I'm missing ccw32.vxd and my computer is going
crazy... where can I download a copy of this file
on net?  Thanks for any help on this. ~~barb

__________________________________________________
Do You Yahoo!?
Yahoo! Sports - live college hoops coverage
http://sports.yahoo.com/


From jochen@unc.edu  Mon Mar 18 20:26:02 2002
From: jochen@unc.edu (Jochen =?iso-8859-1?q?K=FCpper?=)
Date: Mon Mar 18 20:26:02 2002
Subject: GPA-0.5 ???
Message-ID: <ly8z8pptll.fsf@bock.chem.unc.edu>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All,

how can it be that there is a gpa-0.5 archive donwloadable from the
gnupp pages but nothing available from the gpa homepage or gpa CVS
repository ???

Is 0.5 just the same as 0.4.3?  Or are there any 'political' reasons
to keep development closed nowadays?  Anything else?  I don't know
what's going on, but it would be nice if someone could shed light on
this.  (Yes, I looked at the ml archives, nothing relevant found.)

Please cc me as I am not on these lists.

Greetings,
Jochen
- --=20
Einigkeit und Recht und Freiheit                http://www.Jochen-Kuepper=
.de
    Libert=E9, =C9galit=E9, Fraternit=E9                GnuPG key: 44BCCD=
8E
        Sex, drugs and rock-n-roll
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6-cygwin-fcn-1 (Cygwin)
Comment: Processed by Mailcrypt and GnuPG <http://www.gnupg.org/>

iD8DBQE8lj7miJ/aUUS8zY4RAlW7AKCIb7i/v9aePCSQwdH0m4MQJzdR2QCeIyVX
2c7TRe9tmFZOh+IhDY+aR88=3D
=3DjFjl
-----END PGP SIGNATURE-----



From peter@gerwinski.de  Mon Mar 18 22:22:06 2002
From: peter@gerwinski.de (Peter Gerwinski)
Date: Mon Mar 18 22:22:06 2002
Subject: GPA-0.5 ???
In-Reply-To: <ly8z8pptll.fsf@bock.chem.unc.edu>; from jochen@unc.edu on Mon, Mar 18, 2002 at 02:24:22PM -0500
References: <ly8z8pptll.fsf@bock.chem.unc.edu>
Message-ID: <20020318221857.A374@miez.drewitz.de>

Jochen Kpper wrote:
> Is 0.5 just the same as 0.4.3?

Not really:

    birdie/home/peter/src> diff -Nurp gpa-0.4.3 gpa-0.5.0 | wc
      31654  113267  954484

> Or are there any 'political' reasons
> to keep development closed nowadays?

The source code is under the GNU GPL and publicly available for
free. That's not exactly what I'd call "closed development".

> Anything else?

There was a deadline to meet. Keeping the CVS in sync and
discussing everything on this list would have meant to miss it.
So I just went on my way and produced gpa-0.5.0.tar.gz in time.

If you are willing to spend two months or so improving GPA, be
welcome to do it your way.

Currently I do not have the time to sync the new source with the
CVS - sorry for that. (For example, I would have to write a *long*
ChangeLog, and to hack my changes to the Makefiles into the various
autofoo input files - and I am not familiar with those autofoo
utilities.)

If you are willing to help merging back both versions of GPA, be
welcome!

    Peter Gerwinski
-- 
(_G-N-U_)   Dr. rer. nat. Peter Gerwinski <peter.gerwinski@g-n-u.de>
   o o      G-N-U GmbH, EDV-Dienstleistungen, http://www.g-n-u.de


From jochen@unc.edu  Mon Mar 18 23:21:02 2002
From: jochen@unc.edu (Jochen =?iso-8859-1?q?K=FCpper?=)
Date: Mon Mar 18 23:21:02 2002
Subject: GPA-0.5 ???
In-Reply-To: <20020318221857.A374@miez.drewitz.de>
References: <ly8z8pptll.fsf@bock.chem.unc.edu>
 <20020318221857.A374@miez.drewitz.de>
Message-ID: <lyzo15o715.fsf@bock.chem.unc.edu>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 18 Mar 2002 22:18:57 +0100 Peter Gerwinski wrote:

Peter> Jochen K=FCpper wrote:
>>
Peter> The source code is under the GNU GPL and publicly available for
Peter> free. That's not exactly what I'd call "closed development".

Well, there wasn't much to interfere with from the outside during that
process.  But anyway, you did the work, you decide.

I am not claiming that I would have spent time, 'cause I haven't
looked at gpa for a while (since nothing was going on and moreover I
just didn't use it so far.  Last time I checked it was still kind of
unuseable.  And then I work mostly on the commandline or in emacs
anyway.)

>> Anything else?

Peter> There was a deadline to meet. Keeping the CVS in sync and
Peter> discussing everything on this list would have meant to miss it.
Peter> So I just went on my way and produced gpa-0.5.0.tar.gz in time.

Peter> Currently I do not have the time to sync the new source with the
Peter> CVS - sorry for that. (For example, I would have to write a *long*
Peter> ChangeLog, and to hack my changes to the Makefiles into the variou=
s
Peter> autofoo input files - and I am not familiar with those autofoo
Peter> utilities.)

The question here is whether it was necessary to let get cvs out of
sync from the start.  At least there would have been the possibility
to create a new branch for your stuff -- without getting into too many
discussions -- that could be merged back.  And ChangeLog?  Are you
suggesting there is no documentation about what you did at all?  If it
isn't needed, why bother writing it now:(  Otherwise, just put it in
there, it might be terse, but that's better than nothing.

One possible strength of OpenSource software is the peer-review
process that you effectively circumvented before coming up with the
0.5.0 version of gpa that now is widely spread into userland, towards
people that are not supposed to be beta-testers.
Maybe you did everything right and the program is just flawless
without any external testing, but that is not what you normally can
count on.

It just looks very strange that nothing is going on with the sources
of a open project and all the sudden there is a new version.  Kind of
the first major version (considering it's announcements).  Somehow
like they told you one year ago we need it on Mar 10, 2002, and Mar 1
you actually realize that's only nine more days...

I am grateful to all you guys building gnupg and it's environment,
because that stuff is really important, but I am seriously puzzled
about what happened here?

Greetings,
Jochen
- --=20
University of North Carolina                       phone: +1-919-962-4403
Department of Chemistry                            phone: +1-919-962-1579
Venable Hall CB#3290 (Kenan C148)                    fax: +1-919-843-6041
Chapel Hill, NC 27599, USA                            GnuPG key: 44BCCD8E
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6-cygwin-fcn-1 (Cygwin)
Comment: Processed by Mailcrypt and GnuPG <http://www.gnupg.org/>

iEYEARECAAYFAjyWZ2YACgkQiJ/aUUS8zY7HnQCeK57OsJzNeSRJzb6KZU1RvYME
uvUAoJdePoWoCw8+nkPBeka9hisMjNZq
=3D1BiD
-----END PGP SIGNATURE-----



From peter@gerwinski.de  Tue Mar 19 01:43:03 2002
From: peter@gerwinski.de (Peter Gerwinski)
Date: Tue Mar 19 01:43:03 2002
Subject: GPA-0.5 ???
In-Reply-To: <lyzo15o715.fsf@bock.chem.unc.edu>; from jochen@unc.edu on Mon, Mar 18, 2002 at 05:17:10PM -0500
References: <ly8z8pptll.fsf@bock.chem.unc.edu> <20020318221857.A374@miez.drewitz.de> <lyzo15o715.fsf@bock.chem.unc.edu>
Message-ID: <20020319013923.F973@miez.drewitz.de>

Jochen Kpper wrote:
> I am not claiming that I would have spent time, 'cause I haven't
> looked at gpa for a while (since nothing was going on and moreover I
> just didn't use it so far.  Last time I checked it was still kind of
> unuseable.

It is usable now.

> And then I work mostly on the commandline or in emacs anyway.)

Perfect. Then you will have no problem with GPA 0.5.0:
If you don't like it, don't use it.

> The question here is whether it was necessary to let get cvs out of
> sync from the start.  At least there would have been the possibility
> to create a new branch for your stuff -- without getting into too many
> discussions -- that could be merged back.  And ChangeLog?  Are you
> suggesting there is no documentation about what you did at all?  If it
> isn't needed, why bother writing it now:(  Otherwise, just put it in
> there, it might be terse, but that's better than nothing.

You seem to know exactly what has to be done. Please do it then.

If you don't like the way how GPA 0.5.0 was created, be welcome to
do it better. You have the full source code of both GPA 0.5.0 and
0.4.3, and the GNU GPL grants you full permission to use it.

This is not a drink-or-die situation as with proprietary software.
You have the freedom.

BTW, as far as GPA is concerned, *we* gave this freedom to you.

    Peter
-- 
(_G-N-U_)   Dr. rer. nat. Peter Gerwinski <peter.gerwinski@g-n-u.de>
   o o      G-N-U GmbH, EDV-Dienstleistungen, http://www.g-n-u.de


From jaya.christina@manned.com  Tue Mar 19 11:12:01 2002
From: jaya.christina@manned.com (Jaya Christina)
Date: Tue Mar 19 11:12:01 2002
Subject: GnuPG for SunOS 5.7 ?
Message-ID: <004f01c1cf2d$efee3bd0$9b6410ac@jc>

This is a multi-part message in MIME format.

------=_NextPart_000_004C_01C1CF36.3EB2E6A0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi *,
 Can any body please send me a working link for downloading GnuPG for =
SunOS 5.7 and please put a CC for me also.. thanx in advance,
Ciao,
Jaya

------=_NextPart_000_004C_01C1CF36.3EB2E6A0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hi *,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;Can any body please send me a =
working link=20
for downloading GnuPG for SunOS 5.7 and please put a CC for me also.. =
thanx in=20
advance,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Ciao,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Jaya</FONT></DIV></BODY></HTML>

------=_NextPart_000_004C_01C1CF36.3EB2E6A0--




From jaya.christina@manned.com  Tue Mar 19 12:04:01 2002
From: jaya.christina@manned.com (Jaya Christina)
Date: Tue Mar 19 12:04:01 2002
Subject: Precompiled for SunOS 5.7 pleez.. help!!
Message-ID: <006601c1cf35$348f7e00$9b6410ac@jc>

This is a multi-part message in MIME format.

------=_NextPart_000_0063_01C1CF3D.8B043CF0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi all,
any precompied GnuPG1.0.g for SunOS 5.7 pleez..=20
Desperately need to compile.. getting lotsa error when make.
Thanx and pleez CC me also.
Ciao
Christina.

------=_NextPart_000_0063_01C1CF3D.8B043CF0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hi all,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>any precompied GnuPG1.0.g for SunOS 5.7 =
pleez..=20
</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Desperately need to compile.. getting =
lotsa error=20
when make.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Thanx and pleez CC me =
also.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Ciao</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Christina.</FONT></DIV></BODY></HTML>

------=_NextPart_000_0063_01C1CF3D.8B043CF0--




From schoech@iap-kborn.de  Tue Mar 19 12:20:02 2002
From: schoech@iap-kborn.de (=?iso-8859-1?Q?Armin_Sch=F6ch?=)
Date: Tue Mar 19 12:20:02 2002
Subject: Precompiled for SunOS 5.7 pleez.. help!!
In-Reply-To: <006601c1cf35$348f7e00$9b6410ac@jc>
Message-ID: <Pine.LNX.4.33.0203191114580.25522-100000@pcramnan.iap-kborn.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Christina !

> any precompied GnuPG1.0.g for SunOS 5.7 pleez..
> Desperately need to compile.. getting lotsa error when make.
> Thanx and pleez CC me also.
> Ciao
> Christina.

Have you run the "configure" script before calling "make" ? Does
"configure" report any errors ?

On my linux machine, I would type:
configure
make
make-install (as root) to install it on the system

If you have run "configure" before "make", what kind of errors do you
get ?

HTH,
Armin

- --=20
Am Hasenberg 26         office: Institut f=FCr Atmosph=E4renphysik
D-18209 Bad Doberan             Schloss-Stra=DFe 6
Tel. ++49-(0)38203/42137        D-18225 K=FChlungsborn / GERMANY
Email: schoech@iap-kborn.de     Tel. +49-(0)38293-68-102
WWW: http://armins.cjb.net/     Fax. +49-(0)38293-68-50
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Weitere Infos: siehe http://www.gnupg.org

iD8DBQE8lx4nG8Xv4GxznLoRApsoAJ4t4eOEX3yYtDhSOc/IKpgUgmG5lwCfbdpM
8NA+5RmpCC+PAuBw+elLTvE=3D
=3DzdAc
-----END PGP SIGNATURE-----




From Stefan.Hauschild@nuernberger.de  Tue Mar 19 16:00:01 2002
From: Stefan.Hauschild@nuernberger.de (Hauschild, Stefan)
Date: Tue Mar 19 16:00:01 2002
Subject: gnupg for OS/390 or z/OS
Message-ID: <B3166495FACCD311909F0010E3B97A6A059171B9@N999EXK0>

Hallo,

i'm looking for a source for OS/390 or z/OS.
Did any exist ?


Mit freundlichen Gr=FCssen

Stefan Hauschild

VERSICHERUNGSGRUPPE
Abteilung AE-RW / Inkasso / Zentrale Systeme
Ostendstra=DFe 100,  90334 N=FCrnberg
Telefon (0911) 531-4324 Fax (0911) 531-814324
e-mail:  Stefan.Hauschild@nuernberger.de
<mailto:Stefan.Hauschild@nuernberger.de>=20


Hinweis
Der Inhalt dieser Mail ist vertraulich und nur f=FCr den Adressaten bzw.
dessen Vertreter/in bestimmt. Anderen Personen ist es nicht gestattet den
Inhalt dieser Mail zu publizieren, zu verwerten, zu kopieren oder
weiterzugeben. Falls Sie nicht der angegebene Adressat oder dessen
Vertreter/in sind, dann senden Sie bitte die E-Mail mit einem Vermerk an den
Absender zur=FCck (Antwort-Funktion bzw. reply email). Entfernen Sie bitte
danach die Nachricht aus Ihrem System.
Informationen oder sonstige Aussagen an den Adressaten unterliegen dem Recht
des Gesch=E4ftes, zu dem sie gegeben worden sind, insbesondere den Allgemei=
nen
Gesch=E4fts- bzw. Versicherungsbedingungen und gegebenenfalls einer
individuellen Vereinbarung. Der Inhalt der E-Mail ist nur rechtsverbindlich,
wenn wir ihn dem betreffenden Adressaten schriftlich best=E4tigen.



From jagadeesh@jagadeesh.org  Tue Mar 19 19:43:01 2002
From: jagadeesh@jagadeesh.org (Jagadeesh Venugopal)
Date: Tue Mar 19 19:43:01 2002
Subject: Announcing GPG-DIALOG.PL
Message-ID: <20020319184101.95609.qmail@web10006.mail.yahoo.com>

Fellow GPG Enthusiasts,

I have written a simple menu driven interface to GPG
that I find easier to use than memorizing the command
line. You may find it useful too. It is at
ftp://ftp.gnupg.org/GnuPG/gpg-dialog.pl. 

This script is written in generic Perl and should run
on both the Unix and Win32 platforms. The script is
essentially self documenting.

Do use it and give me your feedback at this email
address.

Sincerely
jagadeesh venugopal


=====
Jagadeesh K. Venugopal, PMP

__________________________________________________
Do You Yahoo!?
Yahoo! Sports - live college hoops coverage
http://sports.yahoo.com/


From rmartini@cipsga.org.br  Tue Mar 19 19:59:01 2002
From: rmartini@cipsga.org.br (Renato Martini)
Date: Tue Mar 19 19:59:01 2002
Subject: Precompiled for SunOS 5.7 pleez.. help!!
In-Reply-To: <006601c1cf35$348f7e00$9b6410ac@jc>
Message-ID: <Pine.LNX.4.44.0203201556050.1038-100000@denken.szsz.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

On Tue, 19 Mar 2002, Jaya Christina wrote:

> Date: Tue, 19 Mar 2002 11:59:37 +0100
> From: Jaya Christina <jaya.christina@manned.com>
> To: gnupg-users@gnupg.org
> Subject: Precompiled for SunOS 5.7 pleez.. help!!
>
> Hi all,
> any precompied GnuPG1.0.g for SunOS 5.7 pleez..
> Desperately need to compile.. getting lotsa error when make.
> Thanx and pleez CC me also.
> Ciao
> Christina.

Hi Christina!

You can download a precompiled GnuPG package (1.0.6) for Sun machines
(ix86 or Sparc) at this site:

http://gnupg.unixsecurity.com.br

Okay?


best regards


- ---------
  __|_ _| _ \  __|  __|   \    | Renato Martini ::: Diretor Administrativo
 (     |  __/\__ \ (_ |  _ \   | http://www.cipsga.org.br
\___|___|_|  ____/\___|_/  _\  | http://gnupg.unixsecurity.com.br
- -----------------------------------------------------------------------
"O Fantasia, che dei tempi e delle distanze fai il tuo giuoco audace!"
                         (Gabriele d'Annunzio)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8mNvFYogE2yD8bPYRA87/AJ9bAebQMFAR+FXHvfjMKKDqEmukFQCfcYvn
euJgT9LOlRaQFodkLmQytRI=
=cPcd
-----END PGP SIGNATURE-----




From dshaw@jabberwocky.com  Tue Mar 19 22:42:03 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Tue Mar 19 22:42:03 2002
Subject: gpg subkeys, revisited
In-Reply-To: <20020316124152.A7155@pizzashack.org>
References: <20020315233857.A6820@pizzashack.org> <1016257151.16327.1.camel@allevil> <20020316124152.A7155@pizzashack.org>
Message-ID: <20020319213951.GC683@akamai.com>

On Sat, Mar 16, 2002 at 12:41:53PM -0500, Derek D. Martin wrote:
> So, gpg seems to fail to realize that there are subkeys in the
> exported block that are not in the local copy, and refuses to import
> them.  Whether or not this is intended behavior, I think this is a
> bug.  Otherwise, there's no way to recover accidentally deleted
> subkeys, and if you DO accidentally delete a subkey, your options
> would be to maintain two different keyrings (one with the deleted one
> and the other with all the other keys), or throw up your hands in
> frustration and generate a whole new key.  And if you have old
> messages that you still need to decrypt with the old key, the latter
> isn't even really an option. Neither of those options is ideal.  IMO,
> the best solution is for gpg to allow the import of secret subkeys.

GnuPG does not currently allow importing secret subkeys.  In your
particular example where you have two different copies of the secret
key, each with a different subkey, you are going to have a
difficulties.  It's not exactly a common problem. :)

The solution is to generate one key from your two, and import that.
To do this, you need the "gpgsplit" tool, which is part of GnuPG 1.0.7
(grab the test version from
ftp://ftp.gnupg.org/gcrypt/devel/gnupg-1.0.6d.tar.gz if you need it).
Run one of the keys through gpgsplit and delete all the files that
come before the first "XXXXXXX-007.secret_subkey" file.

Then cat the key you didn't split along with the files that are left
after you deleted everything before the secret subkey.

For example:

$ gpgsplit mykey2
$ rm 000001-005.secret_key 000002-013.user_id 000003-002.sig
$ cat mykey1 000004-007.secret_subkey 000005-002.sig > mywholekey
$ gpg --allow-secret-key-import --import mywholekey

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From dfc@anize.org  Tue Mar 19 23:56:02 2002
From: dfc@anize.org (Douglas Calvert)
Date: Tue Mar 19 23:56:02 2002
Subject: 1.0.6d, 1.1.x and big keyrings
Message-ID: <1016578907.18470.348.camel@allevil>

--=-k5iqbhLp7fyb9J4LRfQO
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Hello,
 Are there any reasons why I would not want to run 1.0.6d? My pubring
file has gotten quite large but I like having a lot of keys on disk. It
seems that gpg slows down quite a bit doing trust calculations with this
large keyring. If I remember correctly 1.0.7 is scheduled to be quicker
on trust calculations. Does 6d have the same speedups? And what do
others do with large keyrings to make things go quicker? And finalyy
what are the 1.1.x versions in the devel directory? Are there any great
new features being worked on in 1.1?


=20
--=20
+---------------+-----------------------------------+
|Douglas Calvert|       http://anize.org/dfc        |
| dfc@anize.org |       http://imissjerry.org       |
+---------------+-----------------------------------+
|   If you use envelopes, why not use encryption?   |
|         http://anize.org/dfc/dfc-keys.asc         |
| 0817 30D4 82B6 BB8D 5E66 06F6 B796 073D C954 1FB2 |
+-------------| http://www.gnupg.org |--------------+


--=-k5iqbhLp7fyb9J4LRfQO
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQA8l8Nbt5YHPclUH7IRAiA+AJ9xbr62zCxvZvRSBLbgK+RWp0/L+wCgrtCr
di6PqWhdH+0dMBCrr9PAXtQ=
=T9XV
-----END PGP SIGNATURE-----

--=-k5iqbhLp7fyb9J4LRfQO--


From dshaw@jabberwocky.com  Wed Mar 20 00:14:01 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Wed Mar 20 00:14:01 2002
Subject: 1.0.6d, 1.1.x and big keyrings
In-Reply-To: <1016578907.18470.348.camel@allevil>
References: <1016578907.18470.348.camel@allevil>
Message-ID: <20020319231222.GF683@akamai.com>

On Tue, Mar 19, 2002 at 06:01:47PM -0500, Douglas Calvert wrote:
> Hello,
>  Are there any reasons why I would not want to run 1.0.6d? My pubring
> file has gotten quite large but I like having a lot of keys on disk. It
> seems that gpg slows down quite a bit doing trust calculations with this
> large keyring. If I remember correctly 1.0.7 is scheduled to be quicker
> on trust calculations. Does 6d have the same speedups?

GnuPG 1.0.6d is (or rather, will be) 1.0.7, it just needs some more
work and testing.

Several people (including me) are running 1.0.6d quite happily.
Still, it is a development version.  There is a reason it prints a
warning on startup: "NOTE: THIS IS A DEVELOPMENT VERSION!  It is only
intended for test purposes and should NOT be used in a production
environment or with production keys!"

If you do choose to give 1.0.6d a try, be sure to report any problems
back to gnupg-devel so they can be fixed.

> And finalyy what are the 1.1.x versions in the devel directory? Are
> there any great new features being worked on in 1.1?

The 1.1.x versions in the devel directory are actually older in terms
of code than 1.0.7. :)

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From jmos@gmx.net  Wed Mar 20 00:53:02 2002
From: jmos@gmx.net (jmos@gmx.net)
Date: Wed Mar 20 00:53:02 2002
Subject: Problem with --not-dash-escaped
Message-ID: <24287.1016581822@www32.gmx.net>

On Sun, Mar 17, 2002 at 01:37:55AM +0100, jmos@gmx.net wrote:
> Hello All!
> 
> Is there a problem with 'gpg --not-dash-escaped --clearsign ...' under
> Windows ?
> 
> When I sign a message with the above command I don't get any error
> messages. But when I check the signature afterwards with
> 'gpg --verify ...' I always get the message : Invalid signature.
> 
> I use GnuPG 1.0.6 under Windows 98. (The binary distribution from
> http://www.gnupg.org/download.html).
> 
> Can anyone help ?
> 
> P.S: I didn't send the signed message via email and it didn't contain
>        5 dashes at the beginning of a line, so that is not the problem

>> Can you post a short sample signature that did not work?  Also, sort
>> of key are you signing with?

I am signing with a 1024 Bit DSA key, but I can reproduce the error with
all keys.
The error only happens under Windows and only if the last line of the
message I am signing is not empty (i.e. the message does not end with
CR - LF).
When I sign a message that does not end with CR - LF GnuPG adds a
CR - LF pair.
That triggers the bug. When I delete the CR (and not the LF) which was
added by GnuPG the signature becomes valid !
So that seems to be the problem.

Jens

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net



From tstrzem@sesame.com  Wed Mar 20 01:09:02 2002
From: tstrzem@sesame.com (Tom Strzemieczny)
Date: Wed Mar 20 01:09:02 2002
Subject: gnupg to encrypt files in a batch processes
Message-ID: <3C97D352.85193C07@sesame.com>

I am new to encryption & gnupg, so please bear with me.  This is my
first posting.

Has anyone used gnupg to encrypt files in a batch processes??
I have a java program which reads files from a mailbox directory, parses

the file for sender, recipient, subject & message, and then sends the
email.   I am modifying this program to optionally sign and/or encrypt
the message portion of the email.  Currently it runs a gpg command on
the command line and reads the resulting stream from standard out.  (I
got this working on Windows 2000 without being prompted for a
passphrase, but when I began testing in Linux this was not the case.)

My problem was that I was being prompted for a passphrase for each email
receipt.
Is the solution to use the --passphrase-fd option??  Where can I find
documentation on this?

gpg -s -e -o - --batch --yes --passphrase-fd n -r myemail@mycompany.com
/usr/local/BatchMail/mailbox/TestFileMsg

where TestFileMsg is the message portion of the email to be sent to
myemail@mycompany.com,  and n is the file descriptor.  What is n
exactly?  What is the format of this file?

Is this the right approach?

Also, I would prefer to use gpgme for this since it is unrestricted by
its back-end.   What are the gpgme commands for this??

Thanks,
Tom



From schoech@iap-kborn.de  Wed Mar 20 08:30:01 2002
From: schoech@iap-kborn.de (=?iso-8859-1?Q?Armin_Sch=F6ch?=)
Date: Wed Mar 20 08:30:01 2002
Subject: gnupg to encrypt files in a batch processes
In-Reply-To: <3C97D352.85193C07@sesame.com>
Message-ID: <Pine.LNX.4.33.0203200725460.1574-100000@pcramnan.iap-kborn.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Tom !

> Is the solution to use the --passphrase-fd option??  Where can I find
> documentation on this?
>
> gpg -s -e -o - --batch --yes --passphrase-fd n -r myemail@mycompany.com
> /usr/local/BatchMail/mailbox/TestFileMsg

This would be your command

echo PASSPHRASE | gpg -s -e -o - --batch --yes --passphrase-fd 0 -r
myemail@mycompany.com /usr/local/BatchMail/mailbox/TestFileMsg

"0" means stdin stream.

HTH,
Armin

- --
Am Hasenberg 26         office: Institut f=FCr Atmosph=E4renphysik
D-18209 Bad Doberan             Schloss-Stra=DFe 6
Tel. ++49-(0)38203/42137        D-18225 K=FChlungsborn / GERMANY
Email: schoech@iap-kborn.de     Tel. +49-(0)38293-68-102
WWW: http://armins.cjb.net/     Fax. +49-(0)38293-68-50
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Weitere Infos: siehe http://www.gnupg.org

iD8DBQE8mDnMG8Xv4GxznLoRAhiJAKCTIB0BgEizOk4mlEWk3pkOwIRVZACgoYy4
txdEPlT4ZneOYUlZid54fo0=3D
=3D0X4R
-----END PGP SIGNATURE-----




From webmaster@sajucampus.com  Wed Mar 20 08:57:01 2002
From: webmaster@sajucampus.com (ķ۽)
Date: Wed Mar 20 08:57:01 2002
Subject:   ʴϱ?  غʽÿ!!()
Message-ID: <E16nb7v-0004XW-00@porta.u64.de>

<!-- saved from url=(0022)http://internet.e-mail -->
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=euc-kr">
<link rel="stylesheet" href="http://www.sajucampus.com/ad_mail/css.css" type="text/css">
</head>
<body bgcolor="#ffffff" text="#000000" 100%>
<table width="465" border="1" cellspacing="1" cellpadding="1" bordercolor="#666666" align="center">
  <tr>
    <td style="PADDING-TOP: 4px">
	  
	  
	  <table width="455" border="0" cellspacing="1" cellpadding="1" align="center" class="css">
        <tr>
          <td bgcolor="#dbd9d9"><IMG height=15 src="img/icon.gif" width=13> 
            ķ۽ </td>
  </tr>
</table>
	  
	  
	  
	  <table width="450" border="0" cellspacing="1" cellpadding="1" align="center" >
        <tr>
          <td><img src="http://www.sajucampus.com/ad_mail/img/email_title.gif" width="450" height="100" usemap="#Map" border="0"></td>
  </tr>
</table>
      <table width="450" border="0" cellspacing="0" cellpadding="0" class="css" align="center">
        <tr> 
          <td colspan="2" >
            <div align="center"><font color="#006600" size="2"><b><font color="#999999" size="3" face="޸տü"><br>
              <font color="#009900">  ʴϱ? <br>
              ķ۽ Ե鲲  غʽÿ!!!</font></font><font color="#009900" size="3" face="Ѿؼ"><font face="޸տü"><br>
              </font></font><font color="#999999" size="3"><br>
              </font></b></font></div>
          </td>
        </tr>
        <tr> 
          <td width="167"><img src="http://www.sajucampus.com/ad_mail/img/menu1.gif"></td>
          <td width="283"><font color="#666666"> <img src="http://www.sajucampus.com/ad_mail/img/icon.gif" width="13" height="15"> 
            ְ ȭ  : <br>
            ȭ,ȣ,,û,ź,, ΰ,ûȣ</font></td>
        </tr>
        <tr> 
          <td width="167"><img src="http://www.sajucampus.com/ad_mail/img/menu2.gif"></td>
          <td width="283"><font color="#666666"><img src="http://www.sajucampus.com/ad_mail/img/icon.gif" width="13" height="15"> 
            <font color="#003366">Ὺα׷</font> : 캰, ܹ, ӳ<br>
            <img src="http://www.sajucampus.com/ad_mail/img/icon.gif" width="13" height="15"> <font color="#003366">Ὺα׷</font> 
            : ȿ, ֿ, ǳ,  (ڵ  :1,000) </font></td>
        </tr>
        <tr> 
          <td width="167"><img src="http://www.sajucampus.com/ad_mail/img/menu3.gif"></td>
          <td width="283"><font color="#666666"><img src="http://www.sajucampus.com/ad_mail/img/icon.gif" width="13" height="15"> 
            پ   α׷ <br>
            (www.sajucampus.com) </font></td>
        </tr>
        <tr> 
          <td colspan="2">&nbsp; </td>
        </tr>
        <tr bgcolor="#cccccc"> 
          <td colspan="2" height="1"></td>
        </tr>
      </table>
      <table width="450" border="0" cellspacing="0" cellpadding="0" align="center" class="css">
        <tr>
          <td width="312" style="PADDING-LEFT: 5px">     . <A href="mailto:webmaster@sajucampus.com">(Űź)</a></td>
          <td width="138">
            <div align="right"><a href="http://www.sajucampus.com" target="_parent"><img src="http://www.sajucampus.com/ad_mail/img/go.gif" width="90" height="37" border="0"></a></div>
          </td>
  </tr>
</table>
	
	
	
	</td>
  </tr>
</table>
<map name="Map">
  <area shape="RECT" coords="106,17,376,92" href="http://www.sajucampus.com" target="_parent">
</map>
</body>
</html>


From Helmut.Waitzmann@web.de  Wed Mar 20 14:51:01 2002
From: Helmut.Waitzmann@web.de (Helmut Waitzmann)
Date: Wed Mar 20 14:51:01 2002
Subject: gnupg to encrypt files in a batch processes
In-Reply-To: <Pine.LNX.4.33.0203200725460.1574-100000@pcramnan.iap-kborn.de>
References: <Pine.LNX.4.33.0203200725460.1574-100000@pcramnan.iap-kborn.de>
Message-ID: <lflpu1zs62b.fsf@marvin.informatik.uni-stuttgart.de>

Armin Sch=F6ch <schoech@iap-kborn.de> writes:

>> Is the solution to use the --passphrase-fd option??  Where can I find
>> documentation on this?
>>
>> gpg -s -e -o - --batch --yes --passphrase-fd n -r myemail@mycompany.com
>> /usr/local/BatchMail/mailbox/TestFileMsg
>
>This would be your command
>
>echo PASSPHRASE | gpg -s -e -o - --batch --yes --passphrase-fd 0 -r
>myemail@mycompany.com /usr/local/BatchMail/mailbox/TestFileMsg

That's unsecure:  If "echo" is an external program, then
everybody having shell access to the machine can spy out the
PASSPHRASE using the "ps" program.

I recommend to do it like this:

put the PASSPHRASE into a file, for example
/usr/local/BatchMail/passphrase, and then use the command

gpg -s -e -o - --batch --yes --passphrase-fd 0 -r myemail@mycompany.com /us=
r/local/BatchMail/mailbox/TestFileMsg < /usr/local/BatchMail/passphrase


From sbutler@fchn.com  Wed Mar 20 17:00:02 2002
From: sbutler@fchn.com (Steve Butler)
Date: Wed Mar 20 17:00:02 2002
Subject: [WINPT USERS] Questions about installing latest WinPT over an
 old version
Message-ID: <0343d80914b39cc1e1ccdff51dbbbda13c98b170@fchn.com>

NOTE to GnuPG-user list.  I've cc'd this from the winpt user list as the
issues are really about gnupg rather than winpt.

This person lost their passphrase to their old secret key.  So we are
suggesting that a work around to telling the world that it's lost is for him
to sign it with his new key, then revoke the signature and upload the old
key to the keyserver again.

Guess it's time for the experts to step in and set us onto the right path.
--Steve



From: JW [mailto:jw@centraltexasit.com]
Sent: Tuesday, March 19, 2002 4:00 PM

>>1.  Sign old key with your new key.  Just like you would sign your friends
>Ok... I have managed to do this on Linux. And "update" the "old" key by
sending it again
>according to hex ID (looks right at any rate)

     Probably didn't need to do this but at least your old key is now signed
by your new key.

>>2.  Now revoke (not delete; but revoke) the signature on your old key.

>But then I think the next steps failed:

>Command> quit
>Save changes? y
>gpg: sig E60F7299.72: duplicated certificate - deleted

I've never revoked just the signature before.  But, the process should be
similar to revoking the entire key.  It should write out a certificate that
you can import back in to the keyring.

Guess we need the experts from the gnupg-users email list.  I'll cc that
list on this reply and suggest that you look there for further assistance.

>When I look at the key server now there's nothing there that tells me that
anything has changed.. 

Somehow you need to get that signature revoke certificate generated and
imported back in to the keyring.  Then upload the results to the keyserver.

>Maybe I'm doing this all wrong by trying to use Linux and a pulling hte key
down from the 
>keyserver as opposed to moving my public key over to Linux as a file.
Should I copy my old public >key to Linux, sign/revsign it, then move the
signed/revoked public key back over to WinPT, and
>send the signed/revoked public key up with WinPT?

In theory you should be able to pull a key down from the keyserver, sign it,
upload it back.  All you need to do is add in the revoke signature piece
before uploading it again.


>If I sign/revoke my public key with GPG on Linux, how do I import the
signed/revoked key back
> into WinPT for revocation... ...import from clipboard? Or maybe just
overwrite C:\GNUPG

Just import the revoke certificate.

CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.



From twoaday@freakmail.de  Wed Mar 20 17:35:01 2002
From: twoaday@freakmail.de (Timo Schulz)
Date: Wed Mar 20 17:35:01 2002
Subject: gpgext - a tool to extract selected keys from a file
Message-ID: <20020320164033.GB16034@daredevil.joesixpack.net>

Hi!

The subject should give all information which are useful. I had
some problems to extract some keys of a very large key file but
I didn't find any tool for this. So I decided to start a little
project for this. The result is gpgext which should run on Linux
(*nix) and Win32 systems.

I don't know if other people have the same problem, but if the
answer if yes, gpgext might be useful. The code is released under
the GNU General Public License and can be downloaded from:
http://www.winpt.org/devel/gpgext-0.1.0.tar.gz{.asc}


        Timo


From david.livingstone@unn.ac.uk  Wed Mar 20 18:01:02 2002
From: david.livingstone@unn.ac.uk (David Livingstone)
Date: Wed Mar 20 18:01:02 2002
Subject: Sub Keys versus Session Keys
Message-ID: <49C55B27AA8FD411A30300508BCF7B7001912053@catalina.unn.ac.uk>

The textbooks (e.g. William Stalling's Cryptography & Network Security, 2nded, page 359) refer to PGP using one-time session keys to encrypt messages.

GnuPG seems to use subkeys to encrypt messages instead (see GNU Privacy
Handbook, page 23).

Is this a difference between PGP and GnuPG, or due to using ElGamal instead
of RSA, or what ?

David Livingstone


From david.livingstone@unn.ac.uk  Wed Mar 20 18:09:02 2002
From: david.livingstone@unn.ac.uk (David Livingstone)
Date: Wed Mar 20 18:09:02 2002
Subject: Which keyring for Public Keys ?
Message-ID: <49C55B27AA8FD411A30300508BCF7B7001912054@catalina.unn.ac.uk>

In various documents I have come across the 2 following conflictingstatements :

The private keyring stores corresponding private & public keys; the public
keyring stores (other peoples') public keys.
The private keyring stores only private keys; the public keyring stores ones
own and other peoples' public keys.

Which is correct in GnuPG ?

David Livingstone


From jw@centraltexasit.com  Wed Mar 20 18:09:06 2002
From: jw@centraltexasit.com (JW)
Date: Wed Mar 20 18:09:06 2002
Subject: How can I revoke a signing?    WAS: RE: [WINPT USERS]
 Questions about installing latest WinPT over an old version
In-Reply-To: <0343d80914b39cc1e1ccdff51dbbbda13c98b152@fchn.com>
Message-ID: <5.1.0.14.0.20020320105353.05358d20@mail.servicemail123.com>

At 07:56 AM 3/20/2002 -0800, you wrote:
>NOTE to GnuPG-user list.  I've cc'd this from the winpt user list as the
>issues are really about gnupg rather than winpt.

I hope cross posting is ok...

>This person lost their passphrase to their old secret key.  So we are
>suggesting that a work around to telling the world that it's lost is for him
>to sign it with his new key, then revoke the signature and upload the old
>key to the keyserver again.


>From: JW [mailto:jw@centraltexasit.com]
>Sent: Tuesday, March 19, 2002 4:00 PM
>
>>>1.  Sign old key with your new key.  Just like you would sign your friends
>>Ok... I have managed to do this on Linux. And "update" the "old" key by
>sending it again
>>according to hex ID (looks right at any rate)
>
>     Probably didn't need to do this but at least your old key is now signed
>by your new key.

First I downloaded the key from the keyserver with:

        gpg --keyserver pgp.mit.edu --recv-keys 0xE60F7299



I did this with the following:

        gpg --edit-key 0xE60F7299

and the "sign" command.


>>>2.  Now revoke (not delete; but revoke) the signature on your old key.
>
>>But then I think the next steps failed:

I use the revsig command

>>Command> quit
>>Save changes? y
>>gpg: sig E60F7299.72: duplicated certificate - deleted
>
>I've never revoked just the signature before.  But, the process should be
>similar to revoking the entire key.  It should write out a certificate that
>you can import back in to the keyring.

If you mean write out a new _file_, no, it did not write out a new file. Perhaps this is where I went wrong.
Should I try this on a file containing the old public key instead of on a key downloaded from the keyserver?

This is gpg (GnuPG) 1.0.6 BTW

>>When I look at the key server now there's nothing there that tells me that
>anything has changed.. 
>
>Somehow you need to get that signature revoke certificate generated and
>imported back in to the keyring.  Then upload the results to the keyserver.

Ok, well this is what I obviously don't know how to do corectly. GnuPG users: how do I do this?

>>Maybe I'm doing this all wrong by trying to use Linux and a pulling hte key
>down from the 
>>keyserver as opposed to moving my public key over to Linux as a file.
>Should I copy my old public >key to Linux, sign/revsign it, then move the
>signed/revoked public key back over to WinPT, and
>>send the signed/revoked public key up with WinPT?
>
>In theory you should be able to pull a key down from the keyserver, sign it,
>upload it back.  All you need to do is add in the revoke signature piece
>before uploading it again.

How to do that is currently beyond me :-/

>>If I sign/revoke my public key with GPG on Linux, how do I import the
>signed/revoked key back
>> into WinPT for revocation... ...import from clipboard? Or maybe just
>overwrite C:\GNUPG
>
>Just import the revoke certificate.

But I don't have one :-) that's the whole problem. There is no separate revoke cert that I can see.

GnuPG users _ is there a way I can make a revoke certificate as a file, that I can import back into WinPT?

Thanks.

----------------------------------------------------
Jonathan Wilson
System Administrator
Clickpatrol.com
Cedar Creek Software     http://www.cedarcreeksoftware.com



From JanuszA.Urbanowicz  Wed Mar 20 18:16:02 2002
From: JanuszA.Urbanowicz (JanuszA.Urbanowicz)
Date: Wed Mar 20 18:16:02 2002
Subject: Sub Keys versus Session Keys
In-Reply-To: <49C55B27AA8FD411A30300508BCF7B7001912053@catalina.unn.ac.uk> from
 David Livingstone at "Mar 20, 2002 04:58:42 pm"
Message-ID: <E16njXy-0006VA-00@syjon.fantastyka.net>

David Livingstone wrote/napisa=B3[a]/schrieb:
>=20

> The textbooks (e.g. William Stalling's Cryptography & Network Security,
> 2nded, page 359) refer to PGP using one-time session keys to encrypt
> messages.

That is true.
=20
> GnuPG seems to use subkeys to encrypt messages instead (see GNU Privacy
> Handbook, page 23).
> Is this a difference between PGP and GnuPG, or due to using ElGamal
> instead of RSA, or what ?

It is no difference at all. All OpenPGP apps use one-time session keys.

It is that rfc2440-compliant ones use other public keys (public subkeys)
to encrypt them. It is difference in PK management, not in session protocol.

Alex
--=20
C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling |         | =
  *  =09
 ; (_O : +-------------------------------------------------------------+ --=
+~|=09
 ! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem ka=
=BFde z=B3o | l_|/=09
A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF po d=
no;     |   |  =20


From dshaw@jabberwocky.com  Wed Mar 20 18:48:01 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Wed Mar 20 18:48:01 2002
Subject: Which keyring for Public Keys ?
In-Reply-To: <49C55B27AA8FD411A30300508BCF7B7001912054@catalina.unn.ac.uk>
References: <49C55B27AA8FD411A30300508BCF7B7001912054@catalina.unn.ac.uk>
Message-ID: <20020320174550.GA683@akamai.com>

On Wed, Mar 20, 2002 at 05:05:55PM -0000, David Livingstone wrote:
> 
> In various documents I have come across the 2 following conflictingstatements :
> 
> The private keyring stores corresponding private & public keys; the public
> keyring stores (other peoples') public keys.
> The private keyring stores only private keys; the public keyring stores ones
> own and other peoples' public keys.
> 
> Which is correct in GnuPG ?

Both :)

The private keyring stores private keys (presumably your own).  The
public keyring stores your own and other peoples' public keys.

However - each private key also contains a copy of its corresponding
public key.  If you ever lose all copies of your public key
(unlikely), you could regenerate it (minus signatures from other
people) from the private key.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From JanuszA.Urbanowicz  Wed Mar 20 18:57:01 2002
From: JanuszA.Urbanowicz (JanuszA.Urbanowicz)
Date: Wed Mar 20 18:57:01 2002
Subject: Which keyring for Public Keys ?
In-Reply-To: <49C55B27AA8FD411A30300508BCF7B7001912054@catalina.unn.ac.uk> from
 David Livingstone at "Mar 20, 2002 05:05:55 pm"
Message-ID: <E16nkBz-0006eL-00@syjon.fantastyka.net>

David Livingstone wrote/napisa=B3[a]/schrieb:
>=20
> In various documents I have come across the 2 following conflictingstatem=
ents :
>=20
> The private keyring stores corresponding private & public keys; the public
> keyring stores (other peoples') public keys.
> The private keyring stores only private keys; the public keyring stores o=
nes
> own and other peoples' public keys.
>=20
> Which is correct in GnuPG ?

the second one.

Alex
--=20
C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling |         | =
  *  =09
 ; (_O : +-------------------------------------------------------------+ --=
+~|=09
 ! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem ka=
=BFde z=B3o | l_|/=09
A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF po d=
no;     |   |  =20


From ddm@pizzashack.org  Wed Mar 20 18:59:01 2002
From: ddm@pizzashack.org (Derek D. Martin)
Date: Wed Mar 20 18:59:01 2002
Subject: gpg subkeys, revisited
In-Reply-To: <20020319213951.GC683@akamai.com>
References: <20020315233857.A6820@pizzashack.org> <1016257151.16327.1.camel@allevil> <20020316124152.A7155@pizzashack.org> <20020319213951.GC683@akamai.com>
Message-ID: <20020320125610.G3257@pizzashack.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At some point hitherto, David Shaw hath spake thusly:
> The solution is to generate one key from your two, and import that.
> To do this, you need the "gpgsplit" tool, which is part of GnuPG 1.0.7

Thanks, that does solve the problem.  Unfortunately the key servers
still won't take my key.  Grrrr.

- -- 
Derek D. Martin
ddm@pizzashack.org
PGP/GPG Key ID: 0x81CFE75D
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8mM06djdlQoHP510RAtC0AJ9DrCIxUH0elnd0pnuVedzO7wh2dACeNfYu
rtX88mOwpS2xyU0oVykCPew=
=ddmv
-----END PGP SIGNATURE-----


From ftobin@neverending.org  Wed Mar 20 19:05:01 2002
From: ftobin@neverending.org (Frank Tobin)
Date: Wed Mar 20 19:05:01 2002
Subject: Which keyring for Public Keys ?
In-Reply-To: <49C55B27AA8FD411A30300508BCF7B7001912054@catalina.unn.ac.uk>
Message-ID: <20020320125925.O1870-100000@palanthas.neverending.org>

David Livingstone, on 2002-03-20, wrote:

> In various documents I have come across the 2 following conflictingstatements :
>
> The private keyring stores corresponding private & public keys; the
> public keyring stores (other peoples') public keys.

> The private keyring stores only private keys; the public keyring stores
> ones own and other peoples' public keys.

GnuPG follows your second description.  The 'keyrings' are inseparate
files, secring.gpg and pubring.gpg.

The concept of 'keyrings' is really an implementation issue, separate from
any specification.  An implementation could put all the keys in one
'keyring' (file/table/etc).

In common lingo a "my X keyring" is often used to mean "all the X keys I
have available to me".

-- 
Frank Tobin		http://www.neverending.org/~ftobin/



From Gerd Ewald <gerd.ewald@pro-privacy.de>  Wed Mar 20 20:22:01 2002
From: Gerd Ewald <gerd.ewald@pro-privacy.de> (Gerd Ewald)
Date: Wed Mar 20 20:22:01 2002
Subject: Sub Keys versus Session Keys
In-Reply-To: <49C55B27AA8FD411A30300508BCF7B7001912053@catalina.unn.ac.uk>
References: <49C55B27AA8FD411A30300508BCF7B7001912053@catalina.unn.ac.uk>
Message-ID: <361281172.20020320201730@pro-privacy.de>

Hello David,

  
On Wed, 20 Mar 2002 16:58:42 -0000 GMT your local time,
which was 20.03.2002, 17:58 (GMT+0100) where I live, you wrote:

[...]

> Is this a difference between PGP and GnuPG, or due to using ElGamal instead
> of RSA, or what ?

[...]

Not at all. The session key is needed for encrypting the message using
one of the symmetric algorithms (CAST, 3DES, Rijndael or whatever...).
This key should _not_ be used again (this is what good cryptographers
teach).

RSA or any other asymmetric algorithm is used to encrypt the session
key with the public key of the recipient.

-- 
Best regards,
 Gerd 
=======================================================
Tutorial for using PGP with TheBat! www.pro-privacy.de
-------------------------------------------------------
The day microsoft makes something that doesn't suck is the day they start
making vacuum cleaners.
-------------------------------------------------------
now playing: WDR2 :-)



From saravn@mozdev.org  Wed Mar 20 20:48:02 2002
From: saravn@mozdev.org (R. Saravanan)
Date: Wed Mar 20 20:48:02 2002
Subject: Announcing a GnuPG "plugin" for Mozilla (Enigmail)
Message-ID: <3C98E81B.30709@mozdev.org>

Enigmail, a GnuPG "plugin" for Mozilla which has been under development 
for some time, has now reached a state of practical usability with the 
Mozilla 0.9.9 release. It allows you to send or receive encrypted mail 
using the Mozilla mailer and GPG. Enigmail is open source and dually 
licensed under GPL/MPL. You can download and install the software from 
the website http://enigmail.mozdev.org

Enigmail is cross-platform like Mozilla, although binaries are supplied 
only for the Win32 and Linux-x86 platforms on the website.At the moment 
there is no version of Enigmail available for Netscape 6.2 or earlier, 
which are based on much older versions of Mozilla.There will be a 
version available for the next Netscape release, which is expected to be 
based on Mozilla 1.0.

You may post enigmail-specific comments to the Enigmail 
newsgroup/mailing list at mozdev.org




From agreene@pobox.com  Wed Mar 20 21:59:02 2002
From: agreene@pobox.com (Anthony E. Greene)
Date: Wed Mar 20 21:59:02 2002
Subject: Which keyring for Public Keys ?
In-Reply-To: <49C55B27AA8FD411A30300508BCF7B7001912054@catalina.unn.ac.uk>
Message-ID: <Pine.LNX.4.33.0203201549480.3626-100000@asmoweb.hqda.pentagon.mil>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 20 Mar 2002, David Livingstone wrote:
>In various documents I have come across the 2 following
>conflictingstatements :
[snip]

The private keyring only stores private keys. The public keyring stores all 
public keys no matter who owns them.

Applications that treat the owner's public key differently simply have to 
look at both keyrings to find matching (complementary) keys.


Tony
- -- 
Anthony E. Greene <mailto:agreene@pobox.com>
OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26  C484 A42A 60DD 6C94 239D
AOL/Yahoo Chat: TonyG05      HomePage: <http://www.pobox.com/~agreene/>
Linux: the choice of a GNU Generation. <http://www.linux.org/>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Anthony E. Greene 0x6C94239D <agreene@pobox.com>

iD8DBQE8mPdKpCpg3WyUI50RApvAAJwJmGlLIKu6LSWvMsS0PRDrnFxyDACcD67f
d53vSBTnv7zZowB19WesOLc=
=Nghz
-----END PGP SIGNATURE-----



From brenno@dewinter.com  Wed Mar 20 23:05:01 2002
From: brenno@dewinter.com (Brenno J.S.A.A.F. de Winter)
Date: Wed Mar 20 23:05:01 2002
Subject: Announcing a GnuPG "plugin" for Mozilla (Enigmail)
References: <3C98E81B.30709@mozdev.org>
Message-ID: <3C990654.7070107@dewinter.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I think that I speak for a lot and I mean A LOT of users to say that
this is a very good and big step forward! Thank you! I have announced it
already in several mailinglists! Thanks.
R. Saravanan wrote:

|
| Enigmail, a GnuPG "plugin" for Mozilla which has been under
| development for some time, has now reached a state of practical
| usability with the Mozilla 0.9.9 release. It allows you to send or
| receive encrypted mail using the Mozilla mailer and GPG. Enigmail is
| open source and dually licensed under GPL/MPL. You can download and
| install the software from the website http://enigmail.mozdev.org
|
| Enigmail is cross-platform like Mozilla, although binaries are
| supplied only for the Win32 and Linux-x86 platforms on the website.At
| the moment there is no version of Enigmail available for Netscape 6.2
| or earlier, which are based on much older versions of Mozilla.There
| will be a version available for the next Netscape release, which is
| expected to be based on Mozilla 1.0.
|
| You may post enigmail-specific comments to the Enigmail
| newsgroup/mailing list at mozdev.org
|
|
|
| _______________________________________________
| Gnupg-users mailing list
| Gnupg-users@gnupg.org
| http://lists.gnupg.org/mailman/listinfo/gnupg-users


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE8mQZT3GS+v2n8CeMRAjtrAJ9x3lDGpJJ3fsZGtuf0N6cq0XU/CACfQMB7
zXa4jgKVmi6CFxzrDID/89k=
=8qxW
-----END PGP SIGNATURE-----




From wk@gnupg.org  Thu Mar 21 12:12:02 2002
From: wk@gnupg.org (Werner Koch)
Date: Thu Mar 21 12:12:02 2002
Subject: [Announce] Announcing a GnuPG "plugin" for Mozilla (Enigmail)
Message-ID: <87pu1yxlq6.fsf@alberti.gnupg.de>

 From: "R. Saravanan" <saravn@mozdev.org>
 To: gnupg-users@gnupg.org
 Date: Wed, 20 Mar 2002 12:50:51 -0700

Enigmail, a GnuPG "plugin" for Mozilla which has been under development 
for some time, has now reached a state of practical usability with the 
Mozilla 0.9.9 release. It allows you to send or receive encrypted mail 
using the Mozilla mailer and GPG. Enigmail is open source and dually 
licensed under GPL/MPL. You can download and install the software from 
the website http://enigmail.mozdev.org

Enigmail is cross-platform like Mozilla, although binaries are supplied 
only for the Win32 and Linux-x86 platforms on the website.At the moment 
there is no version of Enigmail available for Netscape 6.2 or earlier, 
which are based on much older versions of Mozilla.There will be a 
version available for the next Netscape release, which is expected to be 
based on Mozilla 1.0.

You may post enigmail-specific comments to the Enigmail 
newsgroup/mailing list at mozdev.org


_______________________________________________
Gnupg-announce mailing list
Gnupg-announce@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce



From jaya.christina@manned.com  Thu Mar 21 12:57:02 2002
From: jaya.christina@manned.com (Jaya Christina)
Date: Thu Mar 21 12:57:02 2002
Subject: make[1]: ar: Command not found  when make install binutils-2.10.1
Message-ID: <009501c1d0ce$f14277b0$9b6410ac@jc>

This is a multi-part message in MIME format.

------=_NextPart_000_0092_01C1D0D7.45803260
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi all..

I am trying to install <binutils-2.10.1> to get <ar>
And it complains...=20
    make[1]: ar: Command not found

any ideas please??

And please post a CC to me...=20

Thanx a zillion in advance..
Ciao,
Jaya Christina

------=_NextPart_000_0092_01C1D0D7.45803260
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hi all..</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>I am trying to install =
&lt;binutils-2.10.1&gt; to=20
get &lt;ar&gt;</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>And it complains... </FONT></DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; make[1]: ar: Command =
not=20
found</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>any ideas please??</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>And please post a CC to me... =
</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Thanx a zillion in =
advance..</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Ciao,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Jaya =
Christina</FONT></DIV></BODY></HTML>

------=_NextPart_000_0092_01C1D0D7.45803260--




From chrisbrandl@gmx.de  Thu Mar 21 15:37:01 2002
From: chrisbrandl@gmx.de (Christian Brandl)
Date: Thu Mar 21 15:37:01 2002
Subject: terms and conditions in using encryption with gnupg
Message-ID: <21750.1016721249@www50.gmx.net>

Hello Sirs and Madams,

presently, we are using pgp encryption software form Network Associates. 
Regarding to a possible migration to another encryption-software, I have
some questions. I hope, you can help me with that.

The most important one:
What are the terms and conditions to use gnupg in business matters? Which is
the best way to get support for our customers?

Thank you in advance for your help.

Best Regards,

Christian Brandl

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net



From jaya.christina@manned.com  Thu Mar 21 15:44:02 2002
From: jaya.christina@manned.com (Jaya Christina)
Date: Thu Mar 21 15:44:02 2002
Subject: I am going thrugh circles.. in installing GnuPG
Message-ID: <00b901c1d0e6$4449fe80$9b6410ac@jc>

This is a multi-part message in MIME format.

------=_NextPart_000_00AE_01C1D0EE.967701A0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi all..

Well...=20

All i need is to install GnuPG in Solaris.
And i say ./configure and I get
autoconf missing
automake missing
makeinfo missing

When i try to install all this autoconf
the error is missing m4

When i try installing m4
the error is missing ar

When i try installing ar by installing binutils
flex not found

When i try instaliing flex
make >> ar not found

I am well and truly stuck...

HELP.. pleeeez...
Jaya

------=_NextPart_000_00AE_01C1D0EE.967701A0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hi all..</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Well... </FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>All i need is to install GnuPG in=20
Solaris.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>And i say ./configure and I =
get</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>autoconf missing</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>automake missing</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>makeinfo missing</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>When i try to install all this=20
autoconf</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>the error is missing m4</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>When i try installing m4</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>the error is missing ar</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>When i try installing ar by installing=20
binutils</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>flex not found</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>When i try instaliing flex</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>make &gt;&gt; ar not found</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>I am well and truly =
stuck...</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>HELP.. pleeeez...</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Jaya</FONT></DIV></BODY></HTML>

------=_NextPart_000_00AE_01C1D0EE.967701A0--




From JanuszA.Urbanowicz  Thu Mar 21 15:52:02 2002
From: JanuszA.Urbanowicz (JanuszA.Urbanowicz)
Date: Thu Mar 21 15:52:02 2002
Subject: terms and conditions in using encryption with gnupg
In-Reply-To: <21750.1016721249@www50.gmx.net> from Christian Brandl at "Mar 21,
 2002 03:34:09 pm"
Message-ID: <E16o3l6-0003le-00@syjon.fantastyka.net>

Christian Brandl wrote/napisa=B3[a]/schrieb:
> The most important one:
> What are the terms and conditions to use gnupg in business matters?=20

You may sue the program as you like. The source code is avaliable, and the
only limitation is that in case of providing _modified_ gnupg to anyone
outside the organization, like, customers, the changes and modifications
must be distributed on the same license as the orginal program, that is, The
GNU General Public License version 2 or later.=20

> Which is the best way to get support for our customers?

I think a good way would be to contract Werner's compant G10Code Gmbh.
=20
I suggest those entries be added to the FAQ.

Alex
--=20
C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling |         | =
  *  =09
 ; (_O : +-------------------------------------------------------------+ --=
+~|=09
 ! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem ka=
=BFde z=B3o | l_|/=09
A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF po d=
no;     |   |  =20


From lionel@mamane.lu  Thu Mar 21 16:02:02 2002
From: lionel@mamane.lu (Lionel Elie Mamane)
Date: Thu Mar 21 16:02:02 2002
Subject: terms and conditions in using encryption with gnupg
In-Reply-To: <21750.1016721249@www50.gmx.net>
References: <21750.1016721249@www50.gmx.net>
Message-ID: <20020321150324.GA9129@home.mamane.lu>

On Thu, Mar 21, 2002 at 03:34:09PM +0100, Christian Brandl wrote:

> What are the terms and conditions to use gnupg in business matters?

The full terms and conditions are on:

http://www.fsf.org/licenses/gpl.html

> Which is the best way to get support for our customers?

Hire me :)

More seriously, you might want to take a look at g10code:
http://www.g10code.com/

-- 
Lionel


From jaya.christina@manned.com  Thu Mar 21 16:08:01 2002
From: jaya.christina@manned.com (Jaya Christina)
Date: Thu Mar 21 16:08:01 2002
Subject: DONE. ; )
Message-ID: <00c601c1d0e9$a28ab040$9b6410ac@jc>

This is a multi-part message in MIME format.

------=_NextPart_000_00C3_01C1D0F1.F9C46CE0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Well... guess u guys must have am  been frustrated reading all my SOS .. =
but now..  I HAVE DONE IT-----

I got my gpg working and doing good..
thanx everybody for all the help and for putting up=20

:)
Regards,
Jaya Christina

------=_NextPart_000_00C3_01C1D0F1.F9C46CE0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Well... guess u guys must have am =
&nbsp;been=20
frustrated reading all my SOS .. but now..&nbsp; I HAVE DONE=20
IT-----</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>I got my gpg working and doing =
good..</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>thanx everybody for all the help and =
for putting up=20
</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>:)</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Regards,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Jaya =
Christina</FONT></DIV></BODY></HTML>

------=_NextPart_000_00C3_01C1D0F1.F9C46CE0--




From lionel@mamane.lu  Thu Mar 21 16:18:01 2002
From: lionel@mamane.lu (Lionel Elie Mamane)
Date: Thu Mar 21 16:18:01 2002
Subject: terms and conditions in using encryption with gnupg
In-Reply-To: <E16o3l6-0003le-00@syjon.fantastyka.net>
References: <21750.1016721249@www50.gmx.net> <E16o3l6-0003le-00@syjon.fantastyka.net>
Message-ID: <20020321151915.GA9363@home.mamane.lu>

On Thu, Mar 21, 2002 at 03:41:40PM +0100, Janusz A. Urbanowicz wrote:
> Christian Brandl wrote/napisa?[a]/schrieb:

>> What are the terms and conditions to use gnupg in business matters? 

> You may sue the program as you like.

Christian, he meant use.

> The source code is avaliable, and the only limitation is that in
> case of providing _modified_ gnupg to anyone

Hmm... I thing modified or unmodified!

-- 
Lionel


From JanuszA.Urbanowicz  Thu Mar 21 16:22:01 2002
From: JanuszA.Urbanowicz (JanuszA.Urbanowicz)
Date: Thu Mar 21 16:22:01 2002
Subject: terms and conditions in using encryption with gnupg
In-Reply-To: <20020321151915.GA9363@home.mamane.lu> from Lionel Elie Mamane at
 "Mar 21, 2002 04:19:15 pm"
Message-ID: <E16o4Ez-0003rq-00@syjon.fantastyka.net>

Lionel Elie Mamane wrote/napisa=B3[a]/schrieb:
> On Thu, Mar 21, 2002 at 03:41:40PM +0100, Janusz A. Urbanowicz wrote:
> > Christian Brandl wrote/napisa?[a]/schrieb:
>=20
> >> What are the terms and conditions to use gnupg in business matters?=20
>=20
> > You may sue the program as you like.
>=20
> Christian, he meant use.

Yes, a typo, sorry.
=20
> > The source code is avaliable, and the only limitation is that in
> > case of providing _modified_ gnupg to anyone
>=20
> Hmm... I thing modified or unmodified!

yes, but since vanilla GPG code is avaliable, the more important aspect is
the modified code. Notabene AFAIK (IANAL) you can charge for both modified
program and its source.

Alex
--=20
C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling |         | =
  *  =09
 ; (_O : +-------------------------------------------------------------+ --=
+~|=09
 ! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem ka=
=BFde z=B3o | l_|/=09
A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF po d=
no;     |   |  =20


From sbutler@fchn.com  Thu Mar 21 16:45:01 2002
From: sbutler@fchn.com (Steve Butler)
Date: Thu Mar 21 16:45:01 2002
Subject: terms and conditions in using encryption with gnupg
Message-ID: <b1edbcb34f9c42effe82f1d06613388d3c99ff8b@fchn.com>

Perhaps one would rather use the program than to sue it.  Here in the U=
SA,
it might be possible to sue the program <<sigh>> but I think the previo=
us
author really intended to type use instead.  And to think that the hamm=
ing
distance between those two words is only 2.

-----Original Message-----
From: Janusz A. Urbanowicz [mailto:alex@bofh.torun.pl]
Sent: Thursday, March 21, 2002 6:42 AM
To: Christian Brandl
Cc: gnupg-users@gnupg.org
Subject: Re: terms and conditions in using encryption with gnupg


Christian Brandl wrote/napisa=B3[a]/schrieb:
> The most important one:
> What are the terms and conditions to use gnupg in business matters? 

You may sue the program as you like. The source code is avaliable, and =
the
[snip]


CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments=
, is for the sole use of the intended recipient(s) and may contain conf=
idential and privileged information.  Any unauthorized review, use, dis=
closure or distribution is prohibited.  If you are not the intended rec=
ipient, please contact the sender by reply e-mail and destroy all copie=
s of the original message.



From mutz@kde.org  Thu Mar 21 18:14:02 2002
From: mutz@kde.org (Marc Mutz)
Date: Thu Mar 21 18:14:02 2002
Subject: terms and conditions in using encryption with gnupg
In-Reply-To: <b1edbcb34f9c42effe82f1d06613388d3c99ff8b@fchn.com>
References: <b1edbcb34f9c42effe82f1d06613388d3c99ff8b@fchn.com>
Message-ID: <200203211811.08408@sendmail.mutz.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 21 March 2002 16:41, Steve Butler wrote:
> Perhaps one would rather use the program than to sue it.  Here in the
> USA, it might be possible to sue the program <<sigh>> but I think the
> previous author really intended to type use instead.  And to think
> that the hamming distance between those two words is only 2.
<snip>

<ot>
=2E..which is quite much for a three-tupel ;-)

Actually, for words you'd use the Levenshtein distance and that is only=20
1 in this case...
</ot>

Marc

- --=20
Marc Mutz <mutz@kde.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8mhQq3oWD+L2/6DgRAmJXAKDAKJG+DgkGgqAB4afBMc5clEOcSACfRVvv
z7rfPu63bH62UVcYyF+8ofc=3D
=3Di0kx
-----END PGP SIGNATURE-----



From d_well" <d_well@isuisse.com  Thu Mar 21 19:32:02 2002
From: d_well" <d_well@isuisse.com (d_well)
Date: Thu Mar 21 19:32:02 2002
Subject: how write in file "cipher_1.asc" ?
Message-ID: <001b01c1d106$5ff930e0$5d0be6c2@dmaxy>

When I execute the t-decrypt in the directory test it read in the file
"cipher_1.asc" but the file t-encrypt doesn't change the file
"cipher_1.asc". How can I write the result of t-encrypt in "cipher_1.asc"
and it is necessary to use a file like "cipher_1.asc" to encrypt and decrypt
a text, if not how can I encrypt and decryt a text?

 
______________________________________________________________________________
ifrance.com, l'email gratuit le plus complet de l'Internet !
vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP...
http://www.ifrance.com/_reloc/email.emailif




From wk@gnupg.org  Thu Mar 21 21:16:01 2002
From: wk@gnupg.org (Werner Koch)
Date: Thu Mar 21 21:16:01 2002
Subject: how write in file "cipher_1.asc" ?
In-Reply-To: <001b01c1d106$5ff930e0$5d0be6c2@dmaxy> ("d_well"'s message of
 "Thu, 21 Mar 2002 19:29:18 +0100")
References: <001b01c1d106$5ff930e0$5d0be6c2@dmaxy>
Message-ID: <87y9glsms6.fsf@alberti.gnupg.de>

On Thu, 21 Mar 2002 19:29:18 +0100, d well said:

> When I execute the t-decrypt in the directory test it read in the file

This is a regression test and it does not make any sense to use it for
your own things.  run  "make check" to see if your build does work.

  Werner



From jharris@widomaker.com  Fri Mar 22 00:45:01 2002
From: jharris@widomaker.com (Jason Harris)
Date: Fri Mar 22 00:45:01 2002
Subject: keys.pgp.com - any reliable info. on its status?
Message-ID: <20020321234230.GA1344@pm9-07.lft.widomaker.com>

--opJtzjQTFsWo+cga
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable


Is there any reliable information on the status of keys.pgp.com
(aka keyserver.pgp.com, keys.nai.com, pgpkeys.mit.edu, and
certserver.pgp.com)?

Does anyone expect to get a final keydump from it?

(NB:  I'm not subscribed to gnupg-users@gnupg.org.)

--=20
Jason Harris
jharris@widomaker.com

--opJtzjQTFsWo+cga
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8mm/kSypIl9OdoOMRAoJzAJ42MkY9NmtJy+J9C2Vq0V9kTL20lQCeM39N
nVIQOwc5PB03jYlf4Crt7YY=
=b0Be
-----END PGP SIGNATURE-----

--opJtzjQTFsWo+cga--


From chrisbrandl@gmx.de  Fri Mar 22 09:59:01 2002
From: chrisbrandl@gmx.de (Christian Brandl)
Date: Fri Mar 22 09:59:01 2002
Subject: WG: terms and conditions in using encryption with gnupg
Message-ID: <31379.1016787393@www39.gmx.net>

Thanks a lot for your comments!

I will contact info@g10code.de for further information.

Best Regards!

Christian Brandl 

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net



From rmartini@cipsga.org.br  Fri Mar 22 22:13:02 2002
From: rmartini@cipsga.org.br (Renato Martini)
Date: Fri Mar 22 22:13:02 2002
Subject: GpgSM
Message-ID: <Pine.LNX.4.44.0203231804520.8090-100000@denken.szsz.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160


Hi ALL:

I downloaded the gpgme release 0.3.4. In the configure options, we
can compile it with the GpgSM module 0.3.1 support. The point is: where
can I found this =C4gypten module? The "ftp.gnupg.org/gcrypt/alpha/aegypten=
"
directory there are many packages, but what's the GpgSM module package?

thanks

best regards

- ---------
  __|_ _| _ \  __|  __|   \    | Renato Martini ::: Diretor Administrativo
 (     |  __/\__ \ (_ |  _ \   | http://www.cipsga.org.br
\___|___|_|  ____/\___|_/  _\  | http://gnupg.unixsecurity.com.br
- -----------------------------------------------------------------------
"O Fantasia, che dei tempi e delle distanze fai il tuo giuoco audace!"
                         (Gabriele d'Annunzio)


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8nPBbYogE2yD8bPYRA9xRAJwI6MUAH26mS3T08yJPWG3KO1fpywCfQ/KG
WNPI5/75pQW/2DVlllx2ZYg=3D
=3DrWzP
-----END PGP SIGNATURE-----




From rasoul@rhythm.com  Sat Mar 23 00:32:02 2002
From: rasoul@rhythm.com (Rasoul Hajikhani)
Date: Sat Mar 23 00:32:02 2002
Subject: gpg New Bee
Message-ID: <3C9BBE8A.A5612B63@rhythm.com>

Hello folks,
My apologies if this question has been asked before. I have created a
encrypted file encrypted with two different recipients. How do I decrypt
this file using the other user? The -u option does not seem to work. I
am running 1.0.6 gpg. 
%gpg -u <UID> --decrypt myTest1.gpg
It keeps asking for my pass phrase and not that of the "test" user pass
phrase.
Can some one tell me what option I should be using?
Thanks in advance.
-r


From rmalayter@bai.org  Sat Mar 23 01:15:02 2002
From: rmalayter@bai.org (Ryan Malayter)
Date: Sat Mar 23 01:15:02 2002
Subject: Secret splitting w/ threshold
Message-ID: <22FD1855C2B16C40A1F6DE406420021E0187F8C7@mail.bai.org>

I was about to implement a custom secret-splitting threshold scheme for our
corporate officers, using Shamir's polynomial method and a simple
spreadsheet to do the math.

Then I considered doing a simple geometirc scheme, giving each officer the
equation of a line and letting the secret be the intersection of two or more
of these in cartesian space. This scheme would be simpler for the execs to
reconstruct in an emergency without technical help. In fact, the whole
reconstruction process could be described on the back of the laminated
"secret card" I'm going to give them.

As I understand it, both of these schemes are equally secure, presuming
large enough numbers are used as coefficients. Can anybody offer a reason
why I shouldn't choose the easier geometic scheme?

Also, it occurs to me that there is probably a good open-source program that
implement this sort of thing, although my Googleing bore no such fruit. Does
anyone have a good link to a simple, secure secret-sharing program?

Finally, the secret-sharing built into the commercial PGP, while pretty
neat, was only useful for PGP key material. I wish to share 10-20 bytes of
passphrase material. What secret sharing capabilites are coming in GnuPG?
Will it be able to share any secret?

Regards,

:::Ryan Malayter
:::Bank Administration Institute
:::Chicago, Illinois, USA
:::PGP Key: http://www.malayter.com/pgp-public.txt


From dshaw@jabberwocky.com  Sat Mar 23 01:23:01 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Sat Mar 23 01:23:01 2002
Subject: gpg New Bee
In-Reply-To: <3C9BBE8A.A5612B63@rhythm.com>
References: <3C9BBE8A.A5612B63@rhythm.com>
Message-ID: <20020323002041.GE4680@akamai.com>

On Fri, Mar 22, 2002 at 03:30:18PM -0800, Rasoul Hajikhani wrote:
> Hello folks,
> My apologies if this question has been asked before. I have created a
> encrypted file encrypted with two different recipients. How do I decrypt
> this file using the other user? The -u option does not seem to work. I
> am running 1.0.6 gpg. 
> %gpg -u <UID> --decrypt myTest1.gpg
> It keeps asking for my pass phrase and not that of the "test" user pass
> phrase.
> Can some one tell me what option I should be using?

There is no command line option to handle this case, as generally
people don't encrypt to themselves multiple times.

That said, you can still do it - just hit "enter" three times when
prompted for the passphrase for the key you don't want to use.  This
will make GnuPG roll over and try the next available key.

Good job on "Rhapsody in Blue", by the way ;)

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From n.ratoandromanana@bni.mg  Sat Mar 23 06:28:02 2002
From: n.ratoandromanana@bni.mg (NirinaMichel Ratoandromanana/DS-INFO)
Date: Sat Mar 23 06:28:02 2002
Subject: gpg New Bee
In-Reply-To: <3C9BBE8A.A5612B63@rhythm.com>
References: <3C9BBE8A.A5612B63@rhythm.com>
Message-ID: <fc.000f77f300200d783b9aca0069612a7d.200e96@bni.mg>

>%gpg -u <UID> --decrypt myTest1.gpg
>It keeps asking for my pass phrase and not that of the "test" user pass
>phrase.

If I understand your problem, this is a suggested solution when you have a
file encrypted for multiple recipient. I don't know if this is a bug or
not but when decrypting, gpg ALWAYS use the first user in the secring.gpg
file even if you specify the user with -u option.

%gpg --export-secret-keys <UID> > gpgtemp.asc
%gpg --no-default-keyring --secret-keyring gpgtemp.asc --decrypt
myTest1.gpg

I hope this helps you.



From wk@gnupg.org  Sat Mar 23 11:48:02 2002
From: wk@gnupg.org (Werner Koch)
Date: Sat Mar 23 11:48:02 2002
Subject: Secret splitting w/ threshold
In-Reply-To: <22FD1855C2B16C40A1F6DE406420021E0187F8C7@mail.bai.org> (Ryan
 Malayter's message of "Fri, 22 Mar 2002 18:11:56 -0600")
References: <22FD1855C2B16C40A1F6DE406420021E0187F8C7@mail.bai.org>
Message-ID: <873cyrimtz.fsf@alberti.gnupg.de>

On Fri, 22 Mar 2002 18:11:56 -0600, Ryan Malayter said:

> Finally, the secret-sharing built into the commercial PGP, while pretty

s/commercial/proprietary/

> passphrase material. What secret sharing capabilites are coming in GnuPG?
> Will it be able to share any secret?

OpenPGP does not define any key splitting algorithm.  I have some
doubts whether this can be accomplised at all using the OpenPGP
protocol.  The hard thing with key splitting is to get the usability
right.  What PGP provides is not sufficient because (afaik) all parts
most be combined on the same machine this does not increase the
security unless that machine is physical secure and provides a clean
protocol to combine the keys.

If your goal is that 2 persons have to sign a document to get a valid
signature, you should setup an organisation policy to enforce this and
use 2 simple signatures.  It is definitely possible to add some policy
enforcement rules to GnuPG.

  Werner



From wk@gnupg.org  Sat Mar 23 11:52:01 2002
From: wk@gnupg.org (Werner Koch)
Date: Sat Mar 23 11:52:01 2002
Subject: GpgSM
In-Reply-To: <Pine.LNX.4.44.0203231804520.8090-100000@denken.szsz.org> (Renato
 Martini's message of "Sat, 23 Mar 2002 18:14:43 -0300 (BRT)")
References: <Pine.LNX.4.44.0203231804520.8090-100000@denken.szsz.org>
Message-ID: <87y9gjh853.fsf@alberti.gnupg.de>

On Sat, 23 Mar 2002 18:14:43 -0300 (BRT), Renato Martini said:

> can I found this gypten module? The "ftp.gnupg.org/gcrypt/alpha/aegypten"
> directory there are many packages, but what's the GpgSM module package?

It is the newpg-x.y.z.tar.gz.  The rationale behind this name is that
eventually it will be merged back into GnuPG.  If you look at the
source you will see "This file is part of GnuPG".

Ah yes, you need libksba and libgcrypt as well. See
http://www.gnupg.org/aegypten/development.en.html 

gpgme works fine without gpgsm.

  Werner



From remailer@aarg.net  Sat Mar 23 15:22:01 2002
From: remailer@aarg.net (AARG! Anonymous)
Date: Sat Mar 23 15:22:01 2002
Subject: Secret splitting w/ threshold
Message-ID: <623b12949dc1bdf2e25a09387323d4e4@aarg.net>

Take a look at 

http://www.mindrot.org/files/secret-share-0.0.1.tar.gz



From remailer@aarg.net  Sat Mar 23 17:38:01 2002
From: remailer@aarg.net (AARG! Anonymous)
Date: Sat Mar 23 17:38:01 2002
Subject: Secret splitting w/ threshold
Message-ID: <50da27911a6db0520002f98904e071aa@aarg.net>

>Take a look at
>
>http://www.mindrot.org/files/secret-share-0.0.1.tar.gz

The following program might be what you are after:
	http://www.mindrot.org/files/secsplit-1.2.tar.gz



From jonas@gazonk.org  Sat Mar 23 18:32:01 2002
From: jonas@gazonk.org (Jonas Bofjall)
Date: Sat Mar 23 18:32:01 2002
Subject: gnupg to encrypt files in a batch processes
In-Reply-To: <lflpu1zs62b.fsf@marvin.informatik.uni-stuttgart.de>
Message-ID: <Pine.LNX.4.44.0203231827060.28283-100000@gazonk.org>

On 20 Mar 2002, Helmut Waitzmann wrote:
 > put the PASSPHRASE into a file, for example
 > /usr/local/BatchMail/passphrase, and then use the command
 > gpg -s -e -o - --batch --yes --passphrase-fd 0 -r

If you wish to avoid the file, I would suggest something along:

$ cat << EOF | gpg --passphrase-fd-0 [...]
ThisIsTheSecretPassphrase
EOF

this way, the pipe would probably(?) never make it to disk.



From Weimer@CERT.Uni-Stuttgart.DE  Sat Mar 23 21:15:01 2002
From: Weimer@CERT.Uni-Stuttgart.DE (Florian Weimer)
Date: Sat Mar 23 21:15:01 2002
Subject: Secret splitting w/ threshold
In-Reply-To: <22FD1855C2B16C40A1F6DE406420021E0187F8C7@mail.bai.org> (Ryan
 Malayter's message of "Fri, 22 Mar 2002 18:11:56 -0600")
References: <22FD1855C2B16C40A1F6DE406420021E0187F8C7@mail.bai.org>
Message-ID: <87elibxcyh.fsf@CERT.Uni-Stuttgart.DE>

Ryan Malayter <rmalayter@bai.org> writes:

> As I understand it, both of these schemes are equally secure, presuming
> large enough numbers are used as coefficients. Can anybody offer a reason
> why I shouldn't choose the easier geometic scheme?

If you really want to create your own scheme, you should use
successive encryption using one time pads (giving each officer (except
one) an OTP, and one officer gets the encrypted private key).

Your approach based on simple linear algebra might interact badly with
the actual cryptography.

-- 
Florian Weimer 	                  Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898


From rasoul@rhythm.com  Sun Mar 24 00:38:02 2002
From: rasoul@rhythm.com (Rasoul Hajikhani)
Date: Sun Mar 24 00:38:02 2002
Subject: gpg New Bee
References: <3C9BBE8A.A5612B63@rhythm.com> <fc.000f77f300200d783b9aca0069612a7d.200e96@bni.mg>
Message-ID: <3C9D1117.7BFBE454@rhythm.com>

NirinaMichel Ratoandromanana/DS-INFO wrote:
> 
> >%gpg -u <UID> --decrypt myTest1.gpg
> >It keeps asking for my pass phrase and not that of the "test" user pass
> >phrase.
> 
> If I understand your problem, this is a suggested solution when you have a
> file encrypted for multiple recipient. I don't know if this is a bug or
> not but when decrypting, gpg ALWAYS use the first user in the secring.gpg
> file even if you specify the user with -u option.
> 
> %gpg --export-secret-keys <UID> > gpgtemp.asc
> %gpg --no-default-keyring --secret-keyring gpgtemp.asc --decrypt
> myTest1.gpg
> 
> I hope this helps you.

Thanks for responding. I tried your solution but I am afraid I get an
error:

gpg: Warning: using insecure memory!
gpg: encrypted with 1024-bit ELG-E key, ID 0C18F568, created 2002-03-22
      "test this <test@rhythm.com>"
gpg: encrypted with 1024-bit ELG-E key, ID 23DCC2F8, created 2002-03-22
      "rasoul <rasoul@rhythm.com>"

gpg: decryption failed: secret key not available
[
gpg: [don't know]: invalid packet (ctb=36)
or
gpg: decrypt_message failed: unexpected data
]

The command that I used was:

%gpg --output myTest.gpg --encrypt -r rasoul -r test1 myTest.txt
%gpg --export-secret-keys [test1 || uid] > gpgtemp.asc
%gpg --no-default-keyring --secret-keyring gpgtemp.asc --decrypt
myTest.gpg

Can you tell me what is going on?

thanks in advance
-r


From Weimer@CERT.Uni-Stuttgart.DE  Sun Mar 24 10:35:01 2002
From: Weimer@CERT.Uni-Stuttgart.DE (Florian Weimer)
Date: Sun Mar 24 10:35:01 2002
Subject: gnupg to encrypt files in a batch processes
In-Reply-To: <Pine.LNX.4.44.0203231827060.28283-100000@gazonk.org> (Jonas
 Bofjall's message of "Sat, 23 Mar 2002 18:30:02 +0100 (CET)")
References: <Pine.LNX.4.44.0203231827060.28283-100000@gazonk.org>
Message-ID: <873cyqwbxf.fsf@CERT.Uni-Stuttgart.DE>

Jonas Bofjall <jonas@gazonk.org> writes:

> On 20 Mar 2002, Helmut Waitzmann wrote:
>  > put the PASSPHRASE into a file, for example
>  > /usr/local/BatchMail/passphrase, and then use the command
>  > gpg -s -e -o - --batch --yes --passphrase-fd 0 -r
>
> If you wish to avoid the file, I would suggest something along:
>
> $ cat << EOF | gpg --passphrase-fd-0 [...]
> ThisIsTheSecretPassphrase
> EOF
>
> this way, the pipe would probably(?) never make it to disk.

I'm sorry, but bash use temporary files to implement here documents
(like any other shell, I think).

-- 
Florian Weimer 	                  Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898


From teenieberry@worldnet.att.net  Sun Mar 24 16:46:01 2002
From: teenieberry@worldnet.att.net (FRANK HUBENY)
Date: Sun Mar 24 16:46:01 2002
Subject: gpg-dialog
Message-ID: <000501c1d34b$e8bc0a50$56ed6620@teeniebe9euk8d>

Hello Group,

I had two questions about gpg-dialog.

First,  Can it be compiled into a W32 exe file.  If so can someone tell
me how off-list is fine.  Or has this been done and can I get a copy.

Second,  Have the gpg developers considered adding something like this
to gpg.  Even if as a download from their site as a gpg utilty.  If in
gpg asa command like ( gpg --menue ), or ( gpg --dialog ).

I do like it and it is a reall good feature for people like my self who
like the menue system it provides to  command line program program.

<><
Frank D. Hubeny



From n.ratoandromanana@bni.mg  Mon Mar 25 06:44:01 2002
From: n.ratoandromanana@bni.mg (NirinaMichel Ratoandromanana/DS-INFO)
Date: Mon Mar 25 06:44:01 2002
Subject: Re(2): gpg New Bee
In-Reply-To: <3C9D1117.7BFBE454@rhythm.com>
References: <3C9BBE8A.A5612B63@rhythm.com>
 <fc.000f77f300200d783b9aca0069612a7d.200e96@bni.mg>
 <3C9D1117.7BFBE454@rhythm.com>
Message-ID: <fc.000f77f300201b083b9aca0069612a7d.201c56@bni.mg>

>gpg: Warning: using insecure memory!
>gpg: encrypted with 1024-bit ELG-E key, ID 0C18F568, created 2002-03-22
>      "test this <test@rhythm.com>"
>gpg: encrypted with 1024-bit ELG-E key, ID 23DCC2F8, created 2002-03-22
>      "rasoul <rasoul@rhythm.com>"
>
>gpg: decryption failed: secret key not available
>[
>gpg: [don't know]: invalid packet (ctb=36)
>or
>gpg: decrypt_message failed: unexpected data
>]
>
>The command that I used was:
>
>%gpg --output myTest.gpg --encrypt -r rasoul -r test1 myTest.txt
>%gpg --export-secret-keys [test1 || uid] > gpgtemp.asc

My apologies; this line should be:
%gpg --export-secret-keys test1 > $GPGDIR/gpgtemp.asc
where $GPGDIR is the absolute | relative path where you put you gpg
executable and your secret keyring. All the remaining is ok.
>
>%gpg --no-default-keyring --secret-keyring gpgtemp.asc --decrypt
>myTest.gpg
>




From ederveen@web.de  Mon Mar 25 13:36:01 2002
From: ederveen@web.de (Daniel Ederveen)
Date: Mon Mar 25 13:36:01 2002
Subject: Java and passphrase-fd
Message-ID: <3C9F195A.592F2DC1@web.de>

Hi *.*!

I am developing a Java application which signs documents. I want to have
detached signatures so I am using the b (--detach-sign) option.
Can anybody help me with the corrected use of the --passphrase-fd
option. I tried for some time, but it didnt work.
A example would be useful.

Thanks

Daniel Ederveen


From stefan@epy.co.at  Mon Mar 25 13:53:01 2002
From: stefan@epy.co.at (Stefan H. Holek)
Date: Mon Mar 25 13:53:01 2002
Subject: [ANNOUNCE] New Home For The PGPdump Interface
Message-ID: <5.1.0.14.2.20020325123337.04284c38@mail.uptime.at>

-----------------
PGPdump Interface
-----------------

I am pleased to announce the availability of the PGPdump Interface at its 
new home on the web: http://www.pgpdump.net/

The PGPdump Interface is a web-interface for pgpdump, the (Open)PGP packet 
visualizer by Kazu Yamamoto. It can be used to determine the exact contents 
of PGP public key blocks (or any PGP encoded data for that matter) and is 
intended for those who are inconvenienced by running command line tools.

Please update your bookmarks and, should you have linked to my site (thank 
you!), update your pages as well. The previous URL will continue to work 
for the time being.

Regards,
Stefan

--
BLOWFISH n. - Preference for beef



From schoech@iap-kborn.de  Mon Mar 25 14:06:01 2002
From: schoech@iap-kborn.de (=?iso-8859-1?Q?Armin_Sch=F6ch?=)
Date: Mon Mar 25 14:06:01 2002
Subject: Java and passphrase-fd
In-Reply-To: <3C9F195A.592F2DC1@web.de>
Message-ID: <Pine.LNX.4.33.0203251302220.23340-100000@pcramnan.iap-kborn.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Daniel !

> I am developing a Java application which signs documents. I want to have
> detached signatures so I am using the =93=96b=94 (--detach-sign) option.
> Can anybody help me with the corrected use of the =93--passphrase-fd=94
> option. I tried for some time, but it didn=92t work.
> A example would be useful.

Have you had a look at the archive of this mailinglist ? The question
of how to avoid typing in the password has been asked and answered
many times before for a number of programming languages.

You find the archives at: http://lists.gnupg.org/

HTH,
Armin

- --=20
Am Hasenberg 26         office: Institut f=FCr Atmosph=E4renphysik
D-18209 Bad Doberan             Schloss-Stra=DFe 6
Tel. ++49-(0)38203/42137        D-18225 K=FChlungsborn / GERMANY
Email: schoech@iap-kborn.de     Tel. +49-(0)38293-68-102
WWW: http://armins.cjb.net/     Fax. +49-(0)38293-68-50
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Weitere Infos: siehe http://www.gnupg.org

iD8DBQE8nyAuG8Xv4GxznLoRAuIVAJwOQIiiQXkOQFfKYBcvOeayEDbxHQCfTK39
HStW+Z6uCtw1r2Jw55pMv9A=3D
=3D1Ncz
-----END PGP SIGNATURE-----




From ederveen@web.de  Mon Mar 25 14:31:02 2002
From: ederveen@web.de (Daniel Ederveen)
Date: Mon Mar 25 14:31:02 2002
Subject: Java and passphrase-fd
References: <Pine.LNX.4.33.0203251302220.23340-100000@pcramnan.iap-kborn.de>
Message-ID: <3C9F2631.C24386AC@web.de>

Hi Armin!

I only have e-mail access, so if someone could
mail me the answer or an example it would make things
easier for me.
By the way: I am developing in a Windows NT environment.

Regards

Daniel

Armin Schch wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Daniel !
>
> > I am developing a Java application which signs documents. I want to have
> > detached signatures so I am using the b (--detach-sign) option.
> > Can anybody help me with the corrected use of the --passphrase-fd
> > option. I tried for some time, but it didnt work.
> > A example would be useful.
>
> Have you had a look at the archive of this mailinglist ? The question
> of how to avoid typing in the password has been asked and answered
> many times before for a number of programming languages.
>
> You find the archives at: http://lists.gnupg.org/
>
> HTH,
> Armin
>
> - --
> Am Hasenberg 26         office: Institut fr Atmosphrenphysik
> D-18209 Bad Doberan             Schloss-Strae 6
> Tel. ++49-(0)38203/42137        D-18225 Khlungsborn / GERMANY
> Email: schoech@iap-kborn.de     Tel. +49-(0)38293-68-102
> WWW: http://armins.cjb.net/     Fax. +49-(0)38293-68-50
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: Weitere Infos: siehe http://www.gnupg.org
>
> iD8DBQE8nyAuG8Xv4GxznLoRAuIVAJwOQIiiQXkOQFfKYBcvOeayEDbxHQCfTK39
> HStW+Z6uCtw1r2Jw55pMv9A=
> =1Ncz
> -----END PGP SIGNATURE-----


From jaya.christina@manned.com  Mon Mar 25 15:24:02 2002
From: jaya.christina@manned.com (Jaya Christina)
Date: Mon Mar 25 15:24:02 2002
Subject: Java and passphrase-fd
Message-ID: <011b01c1d408$120e52c0$9b6410ac@jc>

This is a multi-part message in MIME format.

------=_NextPart_000_0116_01C1D410.691A48A0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi Daniel,=20
This works fine in Windows.

gpg --armor -o <output-file> --batch --yes --passphrase-fd 0 < =
<passphrase-file> -r <recepient> -s -e  <input-file>

Do u need a Java file which does this all?? One GnuPG-er has put it on =
the web


Best Regards,
Jaya

------=_NextPart_000_0116_01C1D410.691A48A0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hi Daniel, </FONT></DIV>
<DIV><FONT face=3DArial size=3D2>This works fine in =
Windows.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>gpg --armor -o&nbsp;&lt;output-file&gt; =
--batch=20
--yes --passphrase-fd 0 &lt; &lt;passphrase-file&gt; =
-r&nbsp;&lt;recepient&gt;=20
-s -e&nbsp; &lt;input-file&gt;</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Do u need a Java file which does this =
all?? One=20
GnuPG-er has put it on the web</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Best Regards,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Jaya</FONT></DIV></BODY></HTML>

------=_NextPart_000_0116_01C1D410.691A48A0--




From jayachristina@hotmail.com  Mon Mar 25 15:31:02 2002
From: jayachristina@hotmail.com (Jaya Christina)
Date: Mon Mar 25 15:31:02 2002
Subject: ...passphrase....
Message-ID: <OE24tFPyVyLBmHyDdQY0000d977@hotmail.com>

This is a multi-part message in MIME format.

------=_NextPart_000_0163_01C1D411.615AFCD0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi Daniel,=20
This works fine in Windows.

gpg --armor -o <output-file> --batch --yes --passphrase-fd 0 < =
<passphrase-file> -r <recepient> -s -e  <input-file>

Do u need a Java file which does this all?? One GnuPG-er has put it on =
the web


Best Regards,
Jaya


------=_NextPart_000_0163_01C1D411.615AFCD0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hi Daniel, </FONT></DIV>
<DIV><FONT face=3DArial size=3D2>This works fine in =
Windows.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>gpg --armor -o&nbsp;&lt;output-file&gt; =
--batch=20
--yes --passphrase-fd 0 &lt; &lt;passphrase-file&gt; =
-r&nbsp;&lt;recepient&gt;=20
-s -e&nbsp; &lt;input-file&gt;</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Do u need a Java file which does this =
all?? One=20
GnuPG-er has put it on the web</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Best Regards,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Jaya</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV></BODY></HTML>

------=_NextPart_000_0163_01C1D411.615AFCD0--


From holzmann@mhnet.de  Mon Mar 25 16:09:02 2002
From: holzmann@mhnet.de (Micha Holzmann)
Date: Mon Mar 25 16:09:02 2002
Subject: how to revoke a key?
Message-ID: <20020325150612.GA23783@idm-06.pf.kramski.de>

Hello,

a friend has lost his passphrase. He created a revocation ceritificate,
but do not know how to revoke it at the key servers.

I told him first he should import the revocation certifikate into his
keyring and afterwards he should export his key and send this export
to the key-server.

First he sent me his exported key. I was able to import it and saw that
it is revoked. But the transfer to the keyserver fails.

I tried to find information with google, but nowhere was an exact example.
So i am not really sure if my insctrucions where ok.

gpg was started as following:

gpg --send-keys --keyserver wwwkeys.nl.pgp.net revoked-key.asc


kind regards,
Micha Holzmann

-- 
Es gibt nichts gutes ausser man tut es...


From JanuszA.Urbanowicz  Mon Mar 25 16:30:01 2002
From: JanuszA.Urbanowicz (JanuszA.Urbanowicz)
Date: Mon Mar 25 16:30:01 2002
Subject: how to revoke a key?
In-Reply-To: <20020325150612.GA23783@idm-06.pf.kramski.de> from Micha Holzmann
 at "Mar 25, 2002 04:06:12 pm"
Message-ID: <E16pWGy-0006Jp-00@syjon.fantastyka.net>

Micha Holzmann wrote/napisa=B3[a]/schrieb:
> Hello,
>=20
> a friend has lost his passphrase. He created a revocation ceritificate,
> but do not know how to revoke it at the key servers.
>=20
> I told him first he should import the revocation certifikate into his
> keyring and afterwards he should export his key and send this export
> to the key-server.
>=20
> First he sent me his exported key. I was able to import it and saw that
> it is revoked. But the transfer to the keyserver fails.
>=20
> I tried to find information with google, but nowhere was an exact example.
> So i am not really sure if my insctrucions where ok.
>=20
> gpg was started as following:
>=20
> gpg --send-keys --keyserver wwwkeys.nl.pgp.net revoked-key.asc

after you import the key, you send it to keyservers via=20

 gpg --send-keys --keyserver wwwkeys.nl.pgp.net <keyID>

Alex
--=20
C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling |         | =
  *  =09
 ; (_O : +-------------------------------------------------------------+ --=
+~|=09
 ! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem ka=
=BFde z=B3o | l_|/=09
A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF po d=
no;     |   |  =20


From sbutler@fchn.com  Mon Mar 25 17:10:01 2002
From: sbutler@fchn.com (Steve Butler)
Date: Mon Mar 25 17:10:01 2002
Subject: how to revoke a key?
Message-ID: <e2d56995594980cbda5b9846da43cb593c9f4b7c@fchn.com>

He may have to export it to a file with --armour.  Then take the file to a
clipboard.  Run up to the keyserver on the web and manually paste it as a
new key.  That's what I ended up doing when I had to use a revoke
certificate.  Thanks to David for sharing that hint with me a few weeks
back.

-----Original Message-----
From: Micha Holzmann [mailto:holzmann@mhnet.de]
Sent: Monday, March 25, 2002 7:06 AM
To: gnupg-users@gnupg.org
Subject: how to revoke a key?


Hello,

a friend has lost his passphrase. He created a revocation ceritificate,
but do not know how to revoke it at the key servers.

I told him first he should import the revocation certifikate into his
keyring and afterwards he should export his key and send this export
to the key-server.

First he sent me his exported key. I was able to import it and saw that
it is revoked. But the transfer to the keyserver fails.

I tried to find information with google, but nowhere was an exact example.
So i am not really sure if my insctrucions where ok.

gpg was started as following:

gpg --send-keys --keyserver wwwkeys.nl.pgp.net revoked-key.asc


kind regards,
Micha Holzmann

-- 
Es gibt nichts gutes ausser man tut es...

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.



From andriash@telus.net  Mon Mar 25 19:07:01 2002
From: andriash@telus.net (Nick Andriash)
Date: Mon Mar 25 19:07:01 2002
Subject: how to revoke a key?
In-Reply-To: <e2d56995594980cbda5b9846da43cb593c9f4b7c@fchn.com>
References: <e2d56995594980cbda5b9846da43cb593c9f4b7c@fchn.com>
Message-ID: <20020325100038.CA4F.ANDRIASH@telus.net>

Hello Steve Butler,

On Monday, March 25 2002 at 08:07 AM PDT, you wrote:

> He may have to export it to a file with --armour.  Then take the file
> to a clipboard.  Run up to the keyserver on the web and manually paste
> it as a new key.  That's what I ended up doing when I had to use a
> revoke certificate.

I am just curious, but why did you have to go through so much trouble to
revoke a Key? We are currently in the process of updating our PGP-Basics
Lists' GnuPG/Windows Help File, and in it we mention that once the file
that was first created in the revocation process is imported back into
your KeyRing, all that remains is to upload the Public Key to the
KeyServer. Is that not true?


-- 
Nick Andriash
Courtenay, B.C. Canada



From rasoul@rhythm.com  Mon Mar 25 19:44:01 2002
From: rasoul@rhythm.com (Rasoul Hajikhani)
Date: Mon Mar 25 19:44:01 2002
Subject: gpg New Bee
References: <3C9BBE8A.A5612B63@rhythm.com>
 <fc.000f77f300200d783b9aca0069612a7d.200e96@bni.mg>
 <3C9D1117.7BFBE454@rhythm.com> <fc.000f77f300201b083b9aca0069612a7d.201c56@bni.mg>
Message-ID: <3C9F6F2A.D4681273@rhythm.com>

Thanks a whole bunch for replying so fast. It now works... :)
-r
NirinaMichel Ratoandromanana/DS-INFO wrote:
> 
> >gpg: Warning: using insecure memory!
> >gpg: encrypted with 1024-bit ELG-E key, ID 0C18F568, created 2002-03-22
> >      "test this <test@rhythm.com>"
> >gpg: encrypted with 1024-bit ELG-E key, ID 23DCC2F8, created 2002-03-22
> >      "rasoul <rasoul@rhythm.com>"
> >
> >gpg: decryption failed: secret key not available
> >[
> >gpg: [don't know]: invalid packet (ctb=36)
> >or
> >gpg: decrypt_message failed: unexpected data
> >]
> >
> >The command that I used was:
> >
> >%gpg --output myTest.gpg --encrypt -r rasoul -r test1 myTest.txt
> >%gpg --export-secret-keys [test1 || uid] > gpgtemp.asc
> 
> My apologies; this line should be:
> %gpg --export-secret-keys test1 > $GPGDIR/gpgtemp.asc
> where $GPGDIR is the absolute | relative path where you put you gpg
> executable and your secret keyring. All the remaining is ok.
> >
> >%gpg --no-default-keyring --secret-keyring gpgtemp.asc --decrypt
> >myTest.gpg
> >


From rasoul@rhythm.com  Mon Mar 25 19:48:02 2002
From: rasoul@rhythm.com (Rasoul Hajikhani)
Date: Mon Mar 25 19:48:02 2002
Subject: Key IDS
Message-ID: <3C9F7070.7F90983D@rhythm.com>

Hello folks,
In the FAQs there is section for getting the key ids used to encrypt a
message. However, I get an error when I run this code:

gpg --batch --decrypt --list-only --status-fd 1 2>/dev/null | awk
'/^\[GNUPG:\] ENC_TO / { print $3 }'

And here is the error:
Ambiguous output redirect.

Can anyone shed some light on this...
Thanks in advance
-r


From manckaert@belgacom.net  Mon Mar 25 19:51:02 2002
From: manckaert@belgacom.net (Michael Anckaert)
Date: Mon Mar 25 19:51:02 2002
Subject: cannot receive certain keys
Message-ID: <02032521051900.00712@carpathia>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi, I'm having troubles dowloading certain keys from the keyservers
I use certserver.gpg.com en sometimes I just get: Cannot find OpenPGP data
or something like that. 
Is it because the users just have not uploaded their key or something

	greetings xantor
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjyfgwkACgkQ+99tlzYKxKZGNgCfVe2Le+n/RVI4ZY45jSjrbICh
ifsAni8f8uNRp61OSdlO6b2/UVeKnEeG
=0ziG
-----END PGP SIGNATURE-----


From dshaw@jabberwocky.com  Mon Mar 25 20:16:02 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Mon Mar 25 20:16:02 2002
Subject: Key IDS
In-Reply-To: <3C9F7070.7F90983D@rhythm.com>
References: <3C9F7070.7F90983D@rhythm.com>
Message-ID: <20020325191340.GA1638@akamai.com>

On Mon, Mar 25, 2002 at 10:46:08AM -0800, Rasoul Hajikhani wrote:
> Hello folks,
> In the FAQs there is section for getting the key ids used to encrypt a
> message. However, I get an error when I run this code:
> 
> gpg --batch --decrypt --list-only --status-fd 1 2>/dev/null | awk
> '/^\[GNUPG:\] ENC_TO / { print $3 }'
> 
> And here is the error:
> Ambiguous output redirect.

What shell are you using?  That's a SH-ish shell line, but the error
message is from csh or a near relative.

Try the command using sh or bash.  If you must do it with csh, try
this:

gpg --batch --decrypt --list-only --status-fd 1 | awk '/^\[GNUPG:\] ENC_TO / { print $3 }'

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From rmalayter@bai.org  Mon Mar 25 20:25:02 2002
From: rmalayter@bai.org (Ryan Malayter)
Date: Mon Mar 25 20:25:02 2002
Subject: Secret splitting w/ threshold
Message-ID: <22FD1855C2B16C40A1F6DE406420021E0187F8CE@mail.bai.org>

From: Werner Koch, 23 Mar 2002 4:46 AM
To: gnupg-users@gnupg.org

>OpenPGP does not define any key splitting algorithm. 
>I have some doubts whether this can be accomplised at 
>all using the OpenPGP protocol.  The hard thing with 
>key splitting is to get the usability right.  What PGP 
>provides is not sufficient because (afaik) all parts 
>most be combined on the same machine this does not 
>increase the security unless that machine is physical 
>secure and provides a clean protocol to combine the keys.

The Shamir and geometric threshold schemes are fairly straightforward and
secure protocols, so the usability design isn't really an issue. Simply feed
your sharing program it N shares (as files or whatever), in any order, and
it reconstructs and displays the secret. What's really needed, I suppose,
would be a standard message format that would encapsulate the sharing
algorithm used, the degree of the (m,n) threshold scheme, and the actual
data associated with the share. I would think OpenPGP packet formats could
handle this easily, with appropriate additions to the list of algorithms.

Of course, the question is, is a secret splitting feature useful enough for
it to be added to the OpenPGP standard? I think so. Heck, every organization
should probably share it's administrative pass phrases and keys in such a
secure manner.

Or perhaps a separate, simple "Open Threshold Scheme" standard, based on the
OpenPGP packet format, would be a better idea. Some form of standard is
desirable so that shares can be recovered universally. If I make a custom
program to split disaster recovery passwords for my executives, but both
myself and my custom share combining program are inaccessible when a
disaster recovery needs to be occur, the whole exercise was pointless.

>If your goal is that 2 persons have to sign a document 
>to get a valid signature, you should setup an 
>organisation policy to enforce this and use 2 simple 
>signatures.  It is definitely possible to add some 
>policy enforcement rules to GnuPG.

Signing isn't really the issue. My intent is to share an administrative pass
phrase such that any two executives can get together and reconstruct it, but
one executive losing or compromising his "secret card" doesn't compromise
the pass phrase.

Regards,
	-ryan-


From dshaw@jabberwocky.com  Mon Mar 25 20:25:08 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Mon Mar 25 20:25:08 2002
Subject: cannot receive certain keys
In-Reply-To: <02032521051900.00712@carpathia>
References: <02032521051900.00712@carpathia>
Message-ID: <20020325192316.GB1638@akamai.com>

On Mon, Mar 25, 2002 at 09:05:19PM +0100, Michael Anckaert wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi, I'm having troubles dowloading certain keys from the keyservers
> I use certserver.gpg.com en sometimes I just get: Cannot find OpenPGP data
> or something like that. 
> Is it because the users just have not uploaded their key or something

Generally, "no valid OpenPGP data found" means just that - the key is
not found on the server.

However, the certserver.pgp.com keyserver is having problems right
now, so you shouldn't take that error message too seriously.  Try
another keyserver.

It's unclear what, if anything, will happen with the
certserver.pgp.com keyserver with the recent changes at pgp.com.
People have been asking on the keyserver operators list, but no
answers yet.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From mutz@kde.org  Mon Mar 25 20:35:02 2002
From: mutz@kde.org (Marc Mutz)
Date: Mon Mar 25 20:35:02 2002
Subject: cannot receive certain keys
In-Reply-To: <02032521051900.00712@carpathia>
References: <02032521051900.00712@carpathia>
Message-ID: <200203252032.00093@sendmail.mutz.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Monday 25 March 2002 21:05, Michael Anckaert wrote:
> Hi, I'm having troubles dowloading certain keys from the keyservers
> I use certserver.gpg.com en sometimes I just get: Cannot find OpenPGP d=
ata
> or something like that.
> Is it because the users just have not uploaded their key or something
<snip>

No they're not very reliable currently. perhaps that has to do with NAI=20
shutting down their OpenPGP business?

Marc

- --=20
Marc Mutz <mutz@kde.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8n3sv3oWD+L2/6DgRApIcAJ4/icvkeAr0XwfNtfiCheFExuxp0gCfU++S
RkP/4QR5t8ClmFk2AFIoNU8=3D
=3DGO7q
-----END PGP SIGNATURE-----



From holzmann@mhnet.de  Mon Mar 25 21:03:02 2002
From: holzmann@mhnet.de (Micha Holzmann)
Date: Mon Mar 25 21:03:02 2002
Subject: how to revoke a key?
In-Reply-To: <E16pWGy-0006Jp-00@syjon.fantastyka.net>
References: <20020325150612.GA23783@idm-06.pf.kramski.de> <E16pWGy-0006Jp-00@syjon.fantastyka.net>
Message-ID: <20020325200047.GA1268@kaliba.yoda.de>

-----  originally message  -----
>From    : "Janusz A. Urbanowicz" <alex@bofh.torun.pl>
Sent    : Mon, Mr 25, 2002 at 04:20:36 +0100
Subject : Re: how to revoke a key?

> > gpg --send-keys --keyserver wwwkeys.nl.pgp.net revoked-key.asc
> 
> after you import the key, you send it to keyservers via 
> 
>  gpg --send-keys --keyserver wwwkeys.nl.pgp.net <keyID>

Sorry, i must correct what i wrote. We start gpg as you
mentioned.

My friend got this error:

gpg: Warnung: Sensible Daten knnten auf Platte ausgelagert werden.
gpg: Senden an wwwkeys.nl.pgp.net:11371' erfolglos (status=400)
 

Kind Regards,
Micha Holzmann

-- 
Who the hell is General Failure, and why he is reading my disk?


From JanuszA.Urbanowicz  Mon Mar 25 21:11:02 2002
From: JanuszA.Urbanowicz (JanuszA.Urbanowicz)
Date: Mon Mar 25 21:11:02 2002
Subject: how to revoke a key?
In-Reply-To: <20020325200047.GA1268@kaliba.yoda.de> from Micha Holzmann at "Mar
 25, 2002 09:00:47 pm"
Message-ID: <E16pafS-0007ob-00@syjon.fantastyka.net>

Micha Holzmann wrote/napisa=B3[a]/schrieb:
[Charset iso-8859-1 unsupported, filtering to ASCII...]
> -----  originally message  -----
> >From    : "Janusz A. Urbanowicz" <alex@bofh.torun.pl>
> Sent    : Mon, M_r 25, 2002 at 04:20:36 +0100
> Subject : Re: how to revoke a key?
>=20
> > > gpg --send-keys --keyserver wwwkeys.nl.pgp.net revoked-key.asc
> >=20
> > after you import the key, you send it to keyservers via=20
> >=20
> >  gpg --send-keys --keyserver wwwkeys.nl.pgp.net <keyID>
>=20
> Sorry, i must correct what i wrote. We start gpg as you
> mentioned.
>=20
> My friend got this error:
>=20
> gpg: Warnung: Sensible Daten k_nnten auf Platte ausgelagert werden.
> gpg: Senden an wwwkeys.nl.pgp.net:11371' erfolglos (status=3D400)

try another keyserver, try sending via http proxy (it helps in communication
with OpenKeyserver software).

Alex
--=20
C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling |         | =
  *  =09
 ; (_O : +-------------------------------------------------------------+ --=
+~|=09
 ! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem ka=
=BFde z=B3o | l_|/=09
A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF po d=
no;     |   |  =20


From tstrzem@sesame.com  Tue Mar 26 00:14:01 2002
From: tstrzem@sesame.com (Tom Strzemieczny)
Date: Tue Mar 26 00:14:01 2002
Subject: how do i get gnupg to read the passphrase from standard in
Message-ID: <3C9FAE3E.6F9C51EF@sesame.com>

I need to have gnupgp read the passphrase as standard in.

I want to pipe a passphrase stored in a java BatchMail program into
gnupgp for encrypting files.
I want to do this directly by piping the passphrase into gpg standard
in.

I cannot pass parameters into an echo because this is visible to ps.  I
cannot store the passphrase in a file for security reasons.

Here's what I'm playing with right now:

 encrypt.sh "me@me.com" "recipient@recipient.com" "filename"

where encrypt.sh is:

#! /bin/sh
gpg -s -e -o - --batch --passphrase-fd 0 --default-user $1 --yes
--no-tty -r $2 $3  < -

But i don't want gpg to hook into the standard out of my BatchMail
program, but rather the standard out of the ScriptProcess that executed
the command.   I think I am on the right track but don't have any
difinitive answers yet.  Can someone please help?





From rasoul@rhythm.com  Tue Mar 26 00:16:02 2002
From: rasoul@rhythm.com (Rasoul Hajikhani)
Date: Tue Mar 26 00:16:02 2002
Subject: Changing from long UID to UID
Message-ID: <3C9FAF26.26C12B3F@rhythm.com>

Folks,
this question may sound trivial for some of you, but I am a new bee to
gpg, so forgive me if I offend some people. How do I get a UID from a
long UID?
Thanks in advance
-r


From dshaw@jabberwocky.com  Tue Mar 26 00:55:02 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Tue Mar 26 00:55:02 2002
Subject: Changing from long UID to UID
In-Reply-To: <3C9FAF26.26C12B3F@rhythm.com>
References: <3C9FAF26.26C12B3F@rhythm.com>
Message-ID: <20020325235256.GC745@akamai.com>

On Mon, Mar 25, 2002 at 03:13:42PM -0800, Rasoul Hajikhani wrote:
> Folks,
> this question may sound trivial for some of you, but I am a new bee to
> gpg, so forgive me if I offend some people. How do I get a UID from a
> long UID?

I assume you mean key ID?  The regular or short key ID is just the
lower half of the long key ID.

For example:

Long keyID:  DB698D7199242560
Short keyID:         99242560

Incidentally, for OpenPGP keys (DH/DSS or v4 RSA) you can do the same
trick with "how do I get a key id from a fingerprint".

Fingerprint: 7D92FD313AB6F3734CC59CA1DB698D7199242560
Long keyID:                          DB698D7199242560
Short keyID:                                 99242560

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From n0sq@arrl.net  Tue Mar 26 05:58:02 2002
From: n0sq@arrl.net (Lee Roberts)
Date: Tue Mar 26 05:58:02 2002
Subject: bad signatures
Message-ID: <20020326035909.0C69E4F4BD@mail.actcom.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Why does everyone say my GPG signature is bad while their PGP signature shows 
good? I did a decrypt/verify of one of my GPG messages with PGP and it gives 
a bad signature also. So far, I don't see anything wrong with my GPG 
configuration.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Encryption isn't just for secrets......

iEYEARECAAYFAjyf8rMACgkQUdYCmRtxtWQd7QCfQ71jTXeIsNCZkIf+Na73rKPL
pZsAnA2ScTQxocdOqxBp2vH1ytgemPqb
=Szmz
-----END PGP SIGNATURE-----


From agreene@pobox.com  Tue Mar 26 06:31:01 2002
From: agreene@pobox.com (Anthony E. Greene)
Date: Tue Mar 26 06:31:01 2002
Subject: bad signatures
In-Reply-To: <20020326035909.0C69E4F4BD@mail.actcom.net>
Message-ID: <Pine.LNX.4.33.0203260029140.19078-100000@cp5340.localdomain>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 25 Mar 2002, Lee Roberts wrote:
>Why does everyone say my GPG signature is bad while their PGP signature shows
>good? I did a decrypt/verify of one of my GPG messages with PGP and it gives
>a bad signature also. So far, I don't see anything wrong with my GPG
>configuration.

Where is your key posted? I tried unsuccessfully to find your key to check
the sig on your message.


Tony
- -- 
Anthony E. Greene <mailto:Anthony%20E.%20Greene%20%3Cagreene@pobox.com%3E>
OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D
AOL/Yahoo Chat: TonyG05         HomePage: <http://www.pobox.com/~agreene/>
Linux. The choice of a GNU generation <http://www.linux.org/>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Anthony E. Greene <agreene@pobox.com> 0x6C94239D

iD8DBQE8oAecpCpg3WyUI50RAi29AKDfFPUm6zEzBnBSo6lLPZD5AN0NHQCdFGId
urwkzj6hGeg8qlZb15ZO2rs=
=tvEs
-----END PGP SIGNATURE-----



From andriash@telus.net  Tue Mar 26 06:38:02 2002
From: andriash@telus.net (Nick Andriash)
Date: Tue Mar 26 06:38:02 2002
Subject: bad signatures
In-Reply-To: <20020326035909.0C69E4F4BD@mail.actcom.net>
References: <20020326035909.0C69E4F4BD@mail.actcom.net>
Message-ID: <20020325213028.D486.ANDRIASH@telus.net>

Hello Lee Roberts,

On Monday, March 25 2002 at 08:01 PM PDT, you wrote:

> Why does everyone say my GPG signature is bad while their PGP signature
> shows good? I did a decrypt/verify of one of my GPG messages with PGP
> and it gives a bad signature also. So far, I don't see anything wrong
> with my GPG configuration.

Poor wrapping by the Mail Client, i.e. wrapping of text after the message
has been signed is one of the most probable causes, unless you use a
WYSIWYG Editor. Also, I see this in your headers:

Content-Transfer-Encoding: 8bit

I'm not sure if I'm using the correct vernacular, but some Servers will be
cause for concern if they convert the text to 7 bit. I could not check
your signature because I could not find your Key on any of the Servers.


-- 
Nick Andriash
Courtenay, B.C. Canada



From mutz@kde.org  Tue Mar 26 09:15:01 2002
From: mutz@kde.org (Marc Mutz)
Date: Tue Mar 26 09:15:01 2002
Subject: how do i get gnupg to read the passphrase from standard in
In-Reply-To: <3C9FAE3E.6F9C51EF@sesame.com>
References: <3C9FAE3E.6F9C51EF@sesame.com>
Message-ID: <200203260905.41434@sendmail.mutz.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 26 March 2002 00:09, Tom Strzemieczny wrote:
<snip>
> Here's what I'm playing with right now:
>
>  encrypt.sh "me@me.com" "recipient@recipient.com" "filename"
>
> where encrypt.sh is:
>
> #! /bin/sh
> gpg -s -e -o - --batch --passphrase-fd 0 --default-user $1 --yes
> --no-tty -r $2 $3  < -
>
> But i don't want gpg to hook into the standard out of my BatchMail
> program, but rather the standard out of the ScriptProcess that executed
> the command.   I think I am on the right track but don't have any
> difinitive answers yet.  Can someone please help?
<snip>

I don't understand this last paragraph in the light of what you wrote ear=
ier=20
(it seems to contradict the sentence "I want to do this directly by pipin=
g=20
the passphrase into gpg standard in [from BachMail]."), but you might wan=
t to=20
try and make the script "exec" gpg:

#!/bin/sh
exec gpg -seo ...

Marc

- --=20
Marc Mutz <mutz@kde.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8oCvU3oWD+L2/6DgRAhh+AKDTrq0hkqnZCrGSttyT6braHQdU2ACg8v00
M2fRaw4IE220Xx0osL52hAg=3D
=3DnhZg
-----END PGP SIGNATURE-----



From mutz@kde.org  Tue Mar 26 09:17:01 2002
From: mutz@kde.org (Marc Mutz)
Date: Tue Mar 26 09:17:01 2002
Subject: bad signatures
In-Reply-To: <20020325213028.D486.ANDRIASH@telus.net>
References: <20020326035909.0C69E4F4BD@mail.actcom.net> <20020325213028.D486.ANDRIASH@telus.net>
Message-ID: <200203260914.15030@sendmail.mutz.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 26 March 2002 06:35, Nick Andriash wrote:
> On Monday, March 25 2002 at 08:01 PM PDT, you wrote:
> > Why does everyone say my GPG signature is bad while their PGP signatu=
re
> > shows good? I did a decrypt/verify of one of my GPG messages with PGP
> > and it gives a bad signature also. So far, I don't see anything wrong
> > with my GPG configuration.

Upload your key to a keyserver (e.g. pgp.dtype.org), so we can check what=
's=20
going on.

> Poor wrapping by the Mail Client, i.e. wrapping of text after the messa=
ge
> has been signed is one of the most probable causes,

No. KMail doesn't do that ;-)

> unless you use a
> WYSIWYG Editor. Also, I see this in your headers:
>
> Content-Transfer-Encoding: 8bit
>
> I'm not sure if I'm using the correct vernacular, but some Servers will=
 be
> cause for concern if they convert the text to 7 bit. I could not check
> your signature because I could not find your Key on any of the Servers.

If the server converts 8but labelled content to 7bit, he will only do so =
if=20
the content is 7bit text only. Since 8bit and 7bit are both incarnations =
of=20
the identiy transformation, the conversion would not invalidate the sig.

Most likely Lee is missing something obvious, like confusing invalid=20
signatures with untrusted keys. Am I right here?

Marc

- --=20
Marc Mutz <mutz@kde.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8oC3V3oWD+L2/6DgRArx5AKCiWCpW3OacwHtkIpyiOErhsCOZPACgmPP4
c0KSIf05xiFb0E4ae9oqkvM=3D
=3D0e64
-----END PGP SIGNATURE-----



From Fabien Pochon" <d_well@isuisse.com  Tue Mar 26 11:15:01 2002
From: Fabien Pochon" <d_well@isuisse.com (Fabien Pochon)
Date: Tue Mar 26 11:15:01 2002
Subject: how can I convert a GpgmeData to a char ?
Message-ID: <003701c1d4ae$c6278000$807ae6c2@dmaxy>

how can I convert a GpgmeData to a char ?

 
______________________________________________________________________________
ifrance.com, l'email gratuit le plus complet de l'Internet !
vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP...
http://www.ifrance.com/_reloc/email.emailif




From wk@gnupg.org  Tue Mar 26 14:58:02 2002
From: wk@gnupg.org (Werner Koch)
Date: Tue Mar 26 14:58:02 2002
Subject: how can I convert a GpgmeData to a char ?
In-Reply-To: <003701c1d4ae$c6278000$807ae6c2@dmaxy> ("Fabien Pochon"'s
 message of "Tue, 26 Mar 2002 11:12:44 +0100")
References: <003701c1d4ae$c6278000$807ae6c2@dmaxy>
Message-ID: <87pu1r8mdv.fsf@alberti.gnupg.de>

On Tue, 26 Mar 2002 11:12:44 +0100, Fabien Pochon said:

> how can I convert a GpgmeData to a char ?

I don't understand this.  GpgmeData is an object to store large
amounts of data, you probably can't squeeze it into 8 bits.

Maybe you want this.  
char gpgme_data_release_and_get_mem (GpgmeData dh, size_t *r_len)

 Release the data object DH and return its content and the length
 of that content.  The caller has to free this data.  DH maybe NULL
 in which case NULL is returned.  If there is not enough memory for
 allocating the return value, NULL is returned but the object is
 still released.

If you want's to keep the object you have to use the rewind and read
functions.

  Werner



From rtilley@vt.edu  Tue Mar 26 16:08:01 2002
From: rtilley@vt.edu (Brad Tilley)
Date: Tue Mar 26 16:08:01 2002
Subject: Signing Keys before emailing
Message-ID: <1017155148.6795.4.camel@ohio>

Do you always have to sign a friend's key before using it to send them
email? My gpg doesn't work unless I do this.

Thanks,
Brad




From JanuszA.Urbanowicz  Tue Mar 26 16:27:02 2002
From: JanuszA.Urbanowicz (JanuszA.Urbanowicz)
Date: Tue Mar 26 16:27:02 2002
Subject: Signing Keys before emailing
In-Reply-To: <1017155148.6795.4.camel@ohio> from Brad Tilley at "Mar 26, 2002
 10:05:48 am"
Message-ID: <E16pshc-0003i3-00@syjon.fantastyka.net>

Brad Tilley wrote/napisa=B3[a]/schrieb:
> Do you always have to sign a friend's key before using it to send them
> email? My gpg doesn't work unless I do this.

You dont really have to (it is possible to make gpg use untrusted keys) but
you should verify the keys with your friend and then sign it.

Alex
--=20
C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling |         | =
  *  =09
 ; (_O : +-------------------------------------------------------------+ --=
+~|=09
 ! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem ka=
=BFde z=B3o | l_|/=09
A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF po d=
no;     |   |  =20


From Michael.E.Grimes@pbsg.com  Tue Mar 26 16:33:01 2002
From: Michael.E.Grimes@pbsg.com (Grimes, Michael E {PBSG})
Date: Tue Mar 26 16:33:01 2002
Subject: Licensing
Message-ID: <372350BCD370F447A35090FB5D97CEBBE44507@PLANEX04>

Howdy,

I would like to use GPG in a corporate (for profit) setting. Can someone
give me a definitive answer to the question:

Will this be legal??

Thanks,
Mike



From agreene@pobox.com  Tue Mar 26 16:57:02 2002
From: agreene@pobox.com (Anthony E. Greene)
Date: Tue Mar 26 16:57:02 2002
Subject: Signing Keys before emailing
In-Reply-To: <1017155148.6795.4.camel@ohio>
Message-ID: <Pine.LNX.4.33.0203261049150.18679-100000@asmoweb.hqda.pentagon.mil>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 26 Mar 2002, Brad Tilley wrote:
>Do you always have to sign a friend's key before using it to send them
>email? My gpg doesn't work unless I do this.

No, but GPG will tell you that the key is not guarunteed to belong to the 
purported owner and ask if you still want to use it.

I use "gpg --lsign KeyID" to sign keys that I am confident belong to the
online identity that I am familiar with. That command creates a
non-exportable signature that basically means you trust the key enough to
tell GPG not to keep asking you about it, but not enough to publicly
endorse the key.


Tony
- -- 
Anthony E. Greene <mailto:agreene@pobox.com>
OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26  C484 A42A 60DD 6C94 239D
AOL/Yahoo Chat: TonyG05      HomePage: <http://www.pobox.com/~agreene/>
Linux: the choice of a GNU Generation. <http://www.linux.org/>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Anthony E. Greene 0x6C94239D <agreene@pobox.com>

iD8DBQE8oJnMpCpg3WyUI50RAhBdAJ46wOriNOkxn93RO7aFFjTMTNAkDgCgl2rl
s/BxKOqQFI88+BUAnogHWnQ=
=DbUC
-----END PGP SIGNATURE-----



From JanuszA.Urbanowicz  Tue Mar 26 16:59:02 2002
From: JanuszA.Urbanowicz (JanuszA.Urbanowicz)
Date: Tue Mar 26 16:59:02 2002
Subject: Licensing
In-Reply-To: <372350BCD370F447A35090FB5D97CEBBE44507@PLANEX04> from "Grimes,
 Michael E {PBSG}" at "Mar 26, 2002 09:28:43 am"
Message-ID: <E16ptCG-0003ov-00@syjon.fantastyka.net>

Grimes, Michael E {PBSG} wrote/napisa=B3[a]/schrieb:
[Charset ISO-8859-1 unsupported, filtering to ASCII...]
> Howdy,
>=20
> I would like to use GPG in a corporate (for profit) setting. Can someone
> give me a definitive answer to the question:
>=20
> Will this be legal??

yes. You may use GPG as you like. If you intend to modify the source, see
the GNU General Public License v2 terms.

Alex
--=20
C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling |         | =
  *  =09
 ; (_O : +-------------------------------------------------------------+ --=
+~|=09
 ! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem ka=
=BFde z=B3o | l_|/=09
A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF po d=
no;     |   |  =20


From sunny@sunbase.org  Tue Mar 26 16:59:06 2002
From: sunny@sunbase.org (Oyvind A. Holm)
Date: Tue Mar 26 16:59:06 2002
Subject: Licensing
In-Reply-To: <372350BCD370F447A35090FB5D97CEBBE44507@PLANEX04>
Message-ID: <Pine.LNX.4.40.0203261637160.15844-100000@sunba>

On 2002-03-26 09:28-0600 Grimes, Michael E {PBSG} wrote:

> Howdy,
>
> I would like to use GPG in a corporate (for profit) setting. Can
> someone give me a definitive answer to the question:
>
> Will this be legal??

Yes, indeed. The GNU General Public License allows you to use the
program commercially without paying any royalties. If you use parts of
the source in other programs or link any part of it into another
program, you have to share the source code of this program with the
public. That's what the GPL is about -- no money business, the source
code is the real treasure.

=D8yvind

+-------------------------------------------------------------------+
| OpenPGP: 0x629022EB 2002-02-24 =D8yvind A. Holm <sunny@sunbase.org> |
| Fingerprint: DBE9 8D44 67F7 42AC 2CA1  7651 724E 9D53 6290 22EB   |
+-------- Don't support organized crime, boycott Microsoft. --------+




From Cory_Case@troweprice.com  Tue Mar 26 17:27:01 2002
From: Cory_Case@troweprice.com (Case, Cory)
Date: Tue Mar 26 17:27:01 2002
Subject: AIM Encryption?
Message-ID: <7CE1EE1A3A42D411893200A0C98A39C00B2D0467@tc360.troweprice.com>

All,

Is it possible to use gpg to encrypt AOL Instant Messenger communications?
We're interested in using AIM in our corporate environment, but are very
concerned about the lack of encryption of these messages as they travel over
the internet to AOL & back.

Alternatively, is there another product available that would offer the buddy
list & chat features of AIM, in a secure message transport?  We're less
interested in the ftp, chat room, and other AIM features.  It's the IM
portion that is of most interest to us.

Thanks,

Cory


From sbutler@fchn.com  Tue Mar 26 17:31:02 2002
From: sbutler@fchn.com (Steve Butler)
Date: Tue Mar 26 17:31:02 2002
Subject: Licensing
Message-ID: <5642a04ad6c4e6cbbacf2d14412baafa3ca0a1bc@fchn.com>

I picked the following up from http://www.gnu.org/philosophy/free-sw.html 

Free software is a matter of the users' freedom to run, copy, distribute,
study, change and improve the software. More precisely, it refers to four
kinds of freedom, for the users of the software: 

* The freedom to run the program, for any purpose (freedom 0). 
* The freedom to study how the program works, and adapt it to your needs
(freedom 1). Access to the source code is a precondition for this. 
* The freedom to redistribute copies so you can help your neighbor (freedom
2). 
* The freedom to improve the program, and release your improvements to the
public, so that the whole community benefits. (freedom 3). Access to the
source code is a precondition for this. 

[snip]

``Free software'' does not mean ``non-commercial''. A free program must be
available for commercial use, commercial development, and commercial
distribution. Commercial development of free software is no longer unusual;
such free commercial software is very important. 


-----Original Message-----
From: Grimes, Michael E {PBSG} [mailto:Michael.E.Grimes@pbsg.com]
Sent: Tuesday, March 26, 2002 7:29 AM
To: 'gnupg-users@gnupg.org'
Subject: Licensing


Howdy,

I would like to use GPG in a corporate (for profit) setting. Can someone
give me a definitive answer to the question:

Will this be legal??

Thanks,
Mike


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.



From JanuszA.Urbanowicz  Tue Mar 26 17:33:02 2002
From: JanuszA.Urbanowicz (JanuszA.Urbanowicz)
Date: Tue Mar 26 17:33:02 2002
Subject: AIM Encryption?
In-Reply-To: <7CE1EE1A3A42D411893200A0C98A39C00B2D0467@tc360.troweprice.com>
 from "Case, Cory" at "Mar 26, 2002 11:23:54 am"
Message-ID: <E16ptjH-0003xN-00@syjon.fantastyka.net>

Case, Cory wrote/napisa=B3[a]/schrieb:
[Charset iso-8859-1 unsupported, filtering to ASCII...]
> All,
>=20
> Is it possible to use gpg to encrypt AOL Instant Messenger communications?
> We're interested in using AIM in our corporate environment, but are very
> concerned about the lack of encryption of these messages as they travel o=
ver
> the internet to AOL & back.
>=20
> Alternatively, is there another product available that would offer the bu=
ddy
> list & chat features of AIM, in a secure message transport?  We're less
> interested in the ftp, chat room, and other AIM features.  It's the IM
> portion that is of most interest to us.

Jabber with Gabber client. Jabber is an open IM (see http://jabber.com and
http://jabber.org) and some clients, partucularly Gabber (for GNOME) and
at least one windows client support PGP encryption (Gabber uses GnuPG).

Alex
--=20
C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling |         | =
  *  =09
 ; (_O : +-------------------------------------------------------------+ --=
+~|=09
 ! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem ka=
=BFde z=B3o | l_|/=09
A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF po d=
no;     |   |  =20


From ftobin@neverending.org  Tue Mar 26 17:35:02 2002
From: ftobin@neverending.org (Frank Tobin)
Date: Tue Mar 26 17:35:02 2002
Subject: AIM Encryption?
In-Reply-To: <7CE1EE1A3A42D411893200A0C98A39C00B2D0467@tc360.troweprice.com>
Message-ID: <20020326113124.G5566-100000@palanthas.neverending.org>

Case, Cory, on 2002-03-26, wrote:

> Alternatively, is there another product available that would offer the
> buddy list & chat features of AIM, in a secure message transport?
> We're less interested in the ftp, chat room, and other AIM features.
> It's the IM portion that is of most interest to us.

The Jabber system supports your desires, and several clients support PGP
or GnuPG.

-- 
Frank Tobin		http://www.neverending.org/~ftobin/



From debug <debug@centras.lt>  Tue Mar 26 18:01:02 2002
From: debug <debug@centras.lt> (DeBug)
Date: Tue Mar 26 18:01:02 2002
Subject: Re[2]: Licensing
In-Reply-To: <5642a04ad6c4e6cbbacf2d14412baafa3ca0a1bc@fchn.com>
References: <5642a04ad6c4e6cbbacf2d14412baafa3ca0a1bc@fchn.com>
Message-ID: <9734861373.20020326185934@centras.lt>

SB> I picked the following up from http://www.gnu.org/philosophy/free-sw.html

SB> Free software is a matter of the users' freedom ...
Thank you Steve for this comment. It is ridiculous how many
people still dont make the difference between
<freeware> and <free software>
especially the commercial part of it is not understood properly
SB> ``Free software'' does not mean ``non-commercial''.
SB> A free program MUST be available for commercial use,
SB> commercial development, and commercial distribution.

I keep explaining it all the time to the people i meet :)

What i don't understand quite well is why OSI,GPL and alike
licenses are not compatible with free competition rule.
The rule i find to be more important than 4 freedoms you mentioned
Here is an example:
GPL'ed software is offered (for extra money) to those who are not satisfied with GPL
conditions, that means in fact that those who use the software under
GPL are discriminated compared to those who use the same software
under modified and less restrictive conditions.

>From this point of view I find LGPL to be much better.

--
Best regards,
 DeBug                            mailto:debug@centras.lt
--




From agreene@pobox.com  Tue Mar 26 18:05:01 2002
From: agreene@pobox.com (Anthony E. Greene)
Date: Tue Mar 26 18:05:01 2002
Subject: Licensing
In-Reply-To: <Pine.LNX.4.40.0203261637160.15844-100000@sunba>
Message-ID: <Pine.LNX.4.33.0203261156580.18892-100000@asmoweb.hqda.pentagon.mil>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 26 Mar 2002, Oyvind A. Holm wrote:
>Yes, indeed. The GNU General Public License allows you to use the
>program commercially without paying any royalties. If you use parts of
>the source in other programs or link any part of it into another
>program, you have to share the source code of this program with the
>public.

Not quite.

If you distribute binaries built from modified source, then you must make 
the modified source available to the recipients of the modified binaries.

You don't have to make the source available to "the public" unless you
distribute binaries to "the public", and you don't have to distribute the
code at all if you don't distribute the binaries.

The binaries and code remain under the GPL, so if they are distributed, the 
recipients can modify and/or redistribute them if they wish, according to 
the GPL.


Tony
- -- 
Anthony E. Greene <mailto:agreene@pobox.com>
OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26  C484 A42A 60DD 6C94 239D
AOL/Yahoo Chat: TonyG05      HomePage: <http://www.pobox.com/~agreene/>
Linux: the choice of a GNU Generation. <http://www.linux.org/>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Anthony E. Greene 0x6C94239D <agreene@pobox.com>

iD8DBQE8oKmxpCpg3WyUI50RAimGAJ9jWaEf7lUj/U0p/XQUXZy/1Vqq5gCcDwxt
ypoCgmnMEz9d0TyAtjdxoSM=
=yJG+
-----END PGP SIGNATURE-----



From ftobin@neverending.org  Tue Mar 26 18:35:01 2002
From: ftobin@neverending.org (Frank Tobin)
Date: Tue Mar 26 18:35:01 2002
Subject: Re[2]: Licensing
In-Reply-To: <9734861373.20020326185934@centras.lt>
Message-ID: <20020326122612.G5677-100000@palanthas.neverending.org>

DeBug, on 2002-03-26, wrote:

> What i don't understand quite well is why OSI,GPL and alike licenses are
> not compatible with free competition rule. The rule i find to be more
> important than 4 freedoms you mentioned Here is an example: GPL'ed
> software is offered (for extra money) to those who are not satisfied
> with GPL conditions, that means in fact that those who use the software
> under GPL are discriminated compared to those who use the same software
> under modified and less restrictive conditions.

You don't epxect people to believe this trollish talk, do you?

First, there is no "free competition rule".

Second, if an author of GPL'd software sold copies to another party under
a non-GPL license, that party would likely have many more restrictions
placed upon them than the GPL does.  For instance, they likely wouldn't be
allowed to distribute any changes and would only be able to use it for the
purpose X and not Y.  The GPL grants both these freedoms.  The third party
would get a tradeoff of being able to resell/link to the product, but with
other restrictions put in place.

And you certainly don't seem to have a grasp of what the OSI is, and how
it differs from the FSF.

-- 
Frank Tobin		http://www.neverending.org/~ftobin/



From debug <debug@centras.lt>  Tue Mar 26 18:56:01 2002
From: debug <debug@centras.lt> (DeBug)
Date: Tue Mar 26 18:56:01 2002
Subject: Re[3]: Licensing
In-Reply-To: <20020326122612.G5677-100000@palanthas.neverending.org>
References: <20020326122612.G5677-100000@palanthas.neverending.org>
Message-ID: <11838107607.20020326195339@centras.lt>

>> What i don't understand quite well is why OSI,GPL and alike licenses are
>> not compatible with free competition rule.

FT> You don't epxect people to believe this trollish talk, do you?
FT> First, there is no "free competition rule".
FT> Second, if an author of GPL'd software sold copies to another party under
FT> a non-GPL license, that party would likely have many more restrictions
FT> placed upon them than the GPL does.
It's great that Steve tried to explain what <free software> is all about
now i see that my understanding of it is quite different from yours, Frank
For me <free software> means first of all freedom to compete on it,
and what i see in GPL - it does not really garantee such a freedom

But ok , this discussion should be taken elsewhere...
If you like you can enlighten me on OSI privately or redirect me
to some appropriate forum (thank you in advance)...

--
Best regards,
 DeBug                            mailto:debug@centras.lt
--




From avbidder@fortytwo.ch  Tue Mar 26 19:10:01 2002
From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder)
Date: Tue Mar 26 19:10:01 2002
Subject: Re[2]: Licensing
In-Reply-To: <9734861373.20020326185934@centras.lt>
References: <5642a04ad6c4e6cbbacf2d14412baafa3ca0a1bc@fchn.com>
 <9734861373.20020326185934@centras.lt>
Message-ID: <1017166072.592.5.camel@zaphod>

--=-tt77Me5vuYIFFji1GFyD
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Tue, 2002-03-26 at 18:59, DeBug wrote:

[...]
> GPL'ed software is offered (for extra money) to those who are not satisfi=
ed with GPL
> conditions, that means in fact that those who use the software under
[...]

I think double licensing (if that's what you mean here) is a very bad
thing - but I don't think it'll play an important role in the future: if
I understand copyright law correctly, only the copyright holder can give
out licenses. For most open source projects, the copyright holder is
either somebody like GNU (who never will play such games, I guess), or
the contributing deveolpers have kept the copyright of their respective
portions (I believe this is how the Linux kernel is distributed), so
double licensing would involve getting permissions from all copyright
holders.

Just my $.02

-- vbi


--=-tt77Me5vuYIFFji1GFyD
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEABECAAYFAjyguPcACgkQFDhRaJIIJIGGbQCfWxOm1PLHOlM28W7fV/rcb0M+
vFUAmQG2Man4QLQ8ElA3uwg1kcESSmwa
=ca+T
-----END PGP SIGNATURE-----

--=-tt77Me5vuYIFFji1GFyD--


From dshaw@jabberwocky.com  Tue Mar 26 19:28:02 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Tue Mar 26 19:28:02 2002
Subject: FAQ item?: Using GnuPG in a business
Message-ID: <20020326182530.GA681@akamai.com>

With the recent changes at NAI/pgp.com, there has been a definite
upswing with the "can I legally use GnuPG in my business?" questions.

While the GPL discussions are interesting, I suspect that the majority
of the people asking this question are companies that just want to use
GnuPG now that they can't use PGP.  Most questions of code
modification or distribution don't apply to them - they just want a
PGP-alike to use.  Naturally, the GPL lets them do this.

Could someone write this up and stick it on a web page somewhere?  If
nobody jumps at it, perhaps I'll have a crack at it in a couple of
days.  The idea here is to make it very clear that if they're just
talking about using it (rather than making their own version and
distributing the changes, or whatever else), then they don't need to
bother to read beyond the first paragraph.

Maybe this should be a FAQ - I saw Douglas Calvert volunteered to be
the new FAQ maintainer.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From agreene@pobox.com  Tue Mar 26 21:30:01 2002
From: agreene@pobox.com (Anthony E. Greene)
Date: Tue Mar 26 21:30:01 2002
Subject: Re[3]: Licensing
In-Reply-To: <11838107607.20020326195339@centras.lt>
Message-ID: <Pine.LNX.4.33.0203261525471.19159-100000@asmoweb.hqda.pentagon.mil>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 26 Mar 2002, DeBug wrote:
>It's great that Steve tried to explain what <free software> is all about
>now i see that my understanding of it is quite different from yours,
>Frank For me <free software> means first of all freedom to compete on it,
>and what i see in GPL - it does not really garantee such a freedom

The term "Free Software" when used to describe software licensed under the 
GPL, has a very specific meaning published by the Free Software Foundation 
<http://www.fsf.org/>.

Tony
- -- 
Anthony E. Greene <mailto:agreene@pobox.com>
OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26  C484 A42A 60DD 6C94 239D
AOL/Yahoo Chat: TonyG05      HomePage: <http://www.pobox.com/~agreene/>
Linux: the choice of a GNU Generation. <http://www.linux.org/>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Anthony E. Greene 0x6C94239D <agreene@pobox.com>

iD8DBQE8oNm9pCpg3WyUI50RAi3lAJ9CVkhSnhyLpc2w1kzatYmYbN3P4gCfc1QK
ci9htasVunNffHVIRm2Ka/k=
=BpHD
-----END PGP SIGNATURE-----



From sbutler@fchn.com  Tue Mar 26 21:41:02 2002
From: sbutler@fchn.com (Steve Butler)
Date: Tue Mar 26 21:41:02 2002
Subject: FAQ item?: Using GnuPG in a business
Message-ID: <b2762baf3712fceb594b77faad3b704c3ca0dc5b@fchn.com>

On the first page of http://www.gnupg.org/ is a link saying 'Free Software'
that takes a person to http://www.gnu.org/philosophy/free-sw.html.  Now, I
agree that a person has to read pretty far down that page to find

"Thus, you may have paid money to get copies of GNU software, or you may
have obtained copies at no charge. But regardless of how you got your
copies, you always have the freedom to copy and change the software, even to
sell copies. 

``Free software'' does not mean ``non-commercial''. A free program must be
available for commercial use, commercial development, and commercial
distribution. Commercial development of free software is no longer unusual;
such free commercial software is very important."

Perhaps a disclaimer at the top or even back on www.gnupg.org where the
'Free Software' link is at, the wording could be changed from:

"It can be freely used, modified and distributed under the terms of the GNU
General Public Licence" (where Gnu General Public Licence is a link)

To say:

"This software may be freely used, modified and distributed in any
commercial or non-commercial environment without payment of royalties under
the terms of the Gnu General Public License"   (where Gnu General Public
License would still be a link)

An addition to the FAQ up toward the top (it's been awhile since I read it)
might also be appropriate.  I know it took me a couple of days of digging
through the web site before I could convince myself and my boss that this
was for real.


Stephen M Butler
Oracle Administrator
First Choice Health Network
206-268-2309

sbutler@fchn.com GnuPG: 8B17 7384 AB86 D67F 7612 3587 5715 C880 1B32 D54B 
kg7je@attbi.com  GnuPG: 8A25 9726 D439 758D D846 E5D4 282A 5477 0385 81D8 


-----Original Message-----
From: David Shaw [mailto:dshaw@jabberwocky.com]
Sent: Tuesday, March 26, 2002 10:26 AM
To: gnupg-users@gnupg.org
Subject: FAQ item?: Using GnuPG in a business


With the recent changes at NAI/pgp.com, there has been a definite
upswing with the "can I legally use GnuPG in my business?" questions.

While the GPL discussions are interesting, I suspect that the majority
of the people asking this question are companies that just want to use
GnuPG now that they can't use PGP.  Most questions of code
modification or distribution don't apply to them - they just want a
PGP-alike to use.  Naturally, the GPL lets them do this.

Could someone write this up and stick it on a web page somewhere?  If
nobody jumps at it, perhaps I'll have a crack at it in a couple of
days.  The idea here is to make it very clear that if they're just
talking about using it (rather than making their own version and
distributing the changes, or whatever else), then they don't need to
bother to read beyond the first paragraph.

Maybe this should be a FAQ - I saw Douglas Calvert volunteered to be
the new FAQ maintainer.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------
+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.



From dfc@anize.org  Tue Mar 26 22:31:02 2002
From: dfc@anize.org (Douglas Calvert)
Date: Tue Mar 26 22:31:02 2002
Subject: FAQ item?: Using GnuPG in a business
In-Reply-To: <20020326182530.GA681@akamai.com>
References: <20020326182530.GA681@akamai.com>
Message-ID: <1017178166.19444.7.camel@allevil>

--=-7eUCmxCOaYmrEtIzZ1ds
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Tue, 2002-03-26 at 13:25, David Shaw wrote:
 > Maybe this should be a FAQ - I saw Douglas Calvert volunteered to be
> the new FAQ maintainer.
Yep that is me. i am waiting on werner to get some things ready. But he
is busy right now. If someone wants to write this up let me know. If not
please let me know what you would like included. And while we are on the
subject if there are any more faq things let me know...



--=20
+---------------+-----------------------------------+
|Douglas Calvert|       http://anize.org/dfc        |
| dfc@anize.org |       http://imissjerry.org       |
+---------------+-----------------------------------+
|   If you use envelopes, why not use encryption?   |
|         http://anize.org/dfc/dfc-keys.asc         |
| 0817 30D4 82B6 BB8D 5E66 06F6 B796 073D C954 1FB2 |
+-------------| http://www.gnupg.org |--------------+


--=-7eUCmxCOaYmrEtIzZ1ds
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQA8oOg2t5YHPclUH7IRAkxKAKCFHOwTzFpMbpmeh0HFw5xTUTZ5WACgvAm9
vCN6KOsC7tyDh+lr57R8vOQ=
=gxAY
-----END PGP SIGNATURE-----

--=-7eUCmxCOaYmrEtIzZ1ds--


From dshaw@jabberwocky.com  Tue Mar 26 22:40:01 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Tue Mar 26 22:40:01 2002
Subject: FAQ item?: Using GnuPG in a business
In-Reply-To: <b2762baf3712fceb594b77faad3b704c3ca0dc5b@fchn.com>
References: <b2762baf3712fceb594b77faad3b704c3ca0dc5b@fchn.com>
Message-ID: <20020326213826.GA725@akamai.com>

On Tue, Mar 26, 2002 at 12:38:12PM -0800, Steve Butler wrote:
> An addition to the FAQ up toward the top (it's been awhile since I read it)
> might also be appropriate.  I know it took me a couple of days of digging
> through the web site before I could convince myself and my boss that this
> was for real.

Yes, that's exactly what worries me about the current documentation
and web pages.  The fact that it took you that long to be sure the GPL
allowed you to use GnuPG freely means that it just isn't clear enough.

The GPL gives users many wonderful things, but a good-sized piece of
the "target market" for GnuPG simply don't care about modifying the
code or redistributing it.  What is needed for those people or
businesses is a simple statement that says "Yes, it's free.  No, there
are no licencing fees.  No, there are no patent issues.  Take it and
enjoy using it.  If you want more help than is available for free on
the Internet, then these three companies will even sell you support
for it."

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From u_p@lycos.de  Tue Mar 26 22:58:01 2002
From: u_p@lycos.de (uwe puchta)
Date: Tue Mar 26 22:58:01 2002
Subject: Announcing a tool to restore original filename automatically
Message-ID: <1017179726030581@lycos.de>

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

--=_NextPart_Caramail_0305811017179726_ID
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by outmail-1.st1.spray.net id WAA21028

One of the things I've allways missed in gnuPG was the ability to restore=
 the original=20
filename automatically when decrypting. gnuPG just cuts off the '.gpg' ex=
tension. If I=20
want to stealth the original file name or even only the file extension of=
 the original file=20
name, I'm more or less lost. e.g. if I want to hide the file "secrets-abo=
ut-the-
government.doc" in a file "xy.gpg", I (or the receipient) just gets "xy" =
after decryption.

So I've written a small program in Perl which should be operable both on =
Unix and=20
Windows.=20
http://www.puchta.com/gpgdecrypt/

Comments, feed back and criticism are welcome

greetings
 u_p
<P>______________________________________________________<BR><SPAN ID=3DC=
ONT>250 Farb-Visitenkarten <A HREF=3D"http://www.vistaprint.de/vp/splash/=
lycosde.asp">GRATIS*</a>.  In einem Wert von EUR 99,00!<BR>Jetzt eigene <=
A HREF=3D"http://lycos.de.domainnames.com/default.asp?caller=3Dlycos_d_fo=
oter">Domains</a> f=FCr 1,23 Euro/Monat
<BR></SPAN><P>

--=_NextPart_Caramail_0305811017179726_ID--



From dshaw@jabberwocky.com  Tue Mar 26 23:14:02 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Tue Mar 26 23:14:02 2002
Subject: Announcing a tool to restore original filename automatically
In-Reply-To: <1017179726030581@lycos.de>
References: <1017179726030581@lycos.de>
Message-ID: <20020326221228.GB1419@akamai.com>

On Tue, Mar 26, 2002 at 11:10:16PM +0100, uwe puchta wrote:
> 
>    One of the things I've allways missed in gnuPG was the ability to
>    restore the original filename automatically when decrypting. gnuPG
>    just cuts off the '.gpg' extension. If I want to stealth the original
>    file name or even only the file extension of the original file name,
>    I'm more or less lost. e.g. if I want to hide the file
>    "secrets-about-the- government.doc" in a file "xy.gpg", I (or the
>    receipient) just gets "xy" after decryption. So I've written a small
>    program in Perl which should be operable both on Unix and Windows.
>    http://www.puchta.com/gpgdecrypt/ Comments, feed back and criticism
>    are welcome greetings u_p

I'm not sure I fully understand this.  Why not just use the
--use-embedded-filename flag?

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From karlsson@hal-pc.org  Wed Mar 27 00:24:01 2002
From: karlsson@hal-pc.org (Brian M. Carlson)
Date: Wed Mar 27 00:24:01 2002
Subject: bad signatures
In-Reply-To: <200203260914.15030@sendmail.mutz.com>
References: <20020326035909.0C69E4F4BD@mail.actcom.net> <20020325213028.D486.ANDRIASH@telus.net> <200203260914.15030@sendmail.mutz.com>
Message-ID: <20020326232158.GA2168@stonewall>

--UlVJffcvxoiEqYs2
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Mar 26, 2002 at 09:14:13AM +0100, Marc Mutz wrote:
> On Tuesday 26 March 2002 06:35, Nick Andriash wrote:
> > On Monday, March 25 2002 at 08:01 PM PDT, you wrote:
> > > Why does everyone say my GPG signature is bad while their PGP signatu=
re
> > > shows good? I did a decrypt/verify of one of my GPG messages with PGP
> > > and it gives a bad signature also. So far, I don't see anything wrong
> > > with my GPG configuration.
>=20
> Upload your key to a keyserver (e.g. pgp.dtype.org), so we can check what=
's=20
> going on.

x-hkp://gnv.us.ks.cryptnet.net:11371 is good. cryptnet servers won't mangle
your key.

>=20
> > Poor wrapping by the Mail Client, i.e. wrapping of text after the messa=
ge
> > has been signed is one of the most probable causes,
>=20
> No. KMail doesn't do that ;-)
>=20
> > unless you use a
> > WYSIWYG Editor. Also, I see this in your headers:
> >
> > Content-Transfer-Encoding: 8bit
> >
> > I'm not sure if I'm using the correct vernacular, but some Servers will=
 be
> > cause for concern if they convert the text to 7 bit. I could not check
> > your signature because I could not find your Key on any of the Servers.
>=20
> If the server converts 8but labelled content to 7bit, he will only do so =
if=20
> the content is 7bit text only. Since 8bit and 7bit are both incarnations =
of=20
> the identiy transformation, the conversion would not invalidate the sig.

If you do not want this converted, use "Content-Conversion: prohibited".
Servers are prohibited from converting if you state this.


--=20
Brian M. Carlson
<karlsson@hal-pc.org>
OpenPGP: 0x351336B2DCA1913A

--UlVJffcvxoiEqYs2
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6d (GNU/Linux)
Comment: Ubi libertas, ibi patria.

iQEVAwUBPKECleWR/8lWBVPnAQNC2Af/YX0Y5mDik176HpIoSRmzDkoaZy16gGHR
0fgUCEsxtZyUVYQAhrX75yLR8Tfe6kIIMcCNyXdWpTr99ojLAuvxPv73SDz0OTSc
5sMm714QbIbCBo7wcrVJSi74+QrssMPxmK2LANsNBspjOtnJVvFzFA/uFzg/BYVO
3VI4YrhTFFsdYgAqtRu49JkmP+gguz0ihZXYA5a1BheMDx8rr/kmzJ9RODYpOWRw
qmp+mFOr2Wmca57LmvxFuJ0jVP2RZkduIO8/K8/Fvi9TAAtm66cfBtFnn/LSZ8TG
FTP0fUubhahagH6xHSVMhqeq+S8yxXcs+PEWdTv2JlhNV4I/1sORrg==
=Msgr
-----END PGP SIGNATURE-----

--UlVJffcvxoiEqYs2--


From samael-gnupg@lists.manxome.org  Wed Mar 27 00:27:01 2002
From: samael-gnupg@lists.manxome.org (Ricardo SIGNES)
Date: Wed Mar 27 00:27:01 2002
Subject: Announcing a tool to restore original filename automatically
In-Reply-To: <1017179726030581@lycos.de>
References: <1017179726030581@lycos.de>
Message-ID: <20020326232447.GA14421@manxome.org>

--EVF5PPMfhYS0aIcm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Mar 26, 2002 at 11:10:16PM +0100, uwe puchta wrote:
> [unreadable]

Could you include text versions of your messages from now on?

--=20
rjbs

--EVF5PPMfhYS0aIcm
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjyhAz8ACgkQDIxbLaZ099OWCwCfcd8Z770f+nNYLl3gN47VWJ9U
jQAAoIcWnK65FH2+bCnpAOohBQJwd6K7
=rpnu
-----END PGP SIGNATURE-----

--EVF5PPMfhYS0aIcm--


From uwe puchta <u_p@lycos.de>  Wed Mar 27 01:46:01 2002
From: uwe puchta <u_p@lycos.de> (uwe puchta)
Date: Wed Mar 27 01:46:01 2002
Subject: Announcing a tool to restore original filename automatically
Message-ID: 1017189850.baM@lycos.de>

> David Shaw <dshaw@jabberwocky.com> wrote:
> I'm not sure I fully understand this.  Why not just use the
> --use-embedded-filename flag?


       --use-embedded-filename
         Try  to create a file with a name as embedded in
         the data.  This can be a dangerous option as  it
         allows to overwrite files.

You're right .. completely right. I must have overread this.
(I have to admit, that I usually refer to the help given=20
with gpg --help).

So, o.k., it was a finger exercise. Sorry for bothering the
group.

And to Ricardo SIGNES <samael-gnupg@lists.manxome.org>:
sorry for sending HTML encoded mail (which I usually don't).


From n0sq@arrl.net  Wed Mar 27 06:07:02 2002
From: n0sq@arrl.net (Lee Roberts)
Date: Wed Mar 27 06:07:02 2002
Subject: bad signatures
In-Reply-To: <20020325213028.D486.ANDRIASH@telus.net>
References: <20020326035909.0C69E4F4BD@mail.actcom.net> <20020325213028.D486.ANDRIASH@telus.net>
Message-ID: <20020327050210.805534EBD8@mail.actcom.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I could've sworn that I uploaded the keys to the server. Anyway, the keys=
 were submitted to pgp.mit.edu. Key ID 0x54C7CC50 is revoked, though.

On Monday 25 March 2002 10:35 pm, Nick Andriash wrote:
> Hello Lee Roberts,
>
> On Monday, March 25 2002 at 08:01 PM PDT, you wrote:
> > Why does everyone say my GPG signature is bad while their PGP signatu=
re
> > shows good? I did a decrypt/verify of one of my GPG messages with PGP
> > and it gives a bad signature also. So far, I don't see anything wrong
> > with my GPG configuration.
>
> Poor wrapping by the Mail Client, i.e. wrapping of text after the messa=
ge
> has been signed is one of the most probable causes, unless you use a
> WYSIWYG Editor. Also, I see this in your headers:
>
> Content-Transfer-Encoding: 8bit
>
> I'm not sure if I'm using the correct vernacular, but some Servers will=
 be
> cause for concern if they convert the text to 7 bit. I could not check
> your signature because I could not find your Key on any of the Servers.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Encryption isn't just for secrets......

iEYEARECAAYFAjyhUv0ACgkQUdYCmRtxtWSlXACgiMelDvNwMX5Xbf2bvFcJgWCu
/5YAoKslJ6C+7zHb8VCs0q1oew239yq/
=3Do9pX
-----END PGP SIGNATURE-----


From dshaw@jabberwocky.com  Wed Mar 27 06:39:02 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Wed Mar 27 06:39:02 2002
Subject: Announcing a tool to restore original filename automatically
Message-ID: <20020327053637.GA2836@akamai.com>

On Wed, Mar 27, 2002 at 12:44:10AM +0000, uwe puchta wrote:
> > David Shaw <dshaw@jabberwocky.com> wrote:
> > I'm not sure I fully understand this.  Why not just use the
> > --use-embedded-filename flag?
> 
> 
>        --use-embedded-filename
>          Try  to create a file with a name as embedded in
>          the data.  This can be a dangerous option as  it
>          allows to overwrite files.
> 
> You're right .. completely right. I must have overread this.
> (I have to admit, that I usually refer to the help given 
> with gpg --help).
> 
> So, o.k., it was a finger exercise. Sorry for bothering the
> group.

Hey, no worries.  It's a pretty big manual - easy to miss stuff in
there.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From andriash@telus.net  Wed Mar 27 08:24:01 2002
From: andriash@telus.net (Nick Andriash)
Date: Wed Mar 27 08:24:01 2002
Subject: bad signatures
In-Reply-To: <20020326035909.0C69E4F4BD@mail.actcom.net>
References: <20020326035909.0C69E4F4BD@mail.actcom.net>
Message-ID: <20020326231935.2CA4.ANDRIASH@telus.net>

Hello Lee Roberts,

On Monday, March 25 2002 at 08:01 PM PDT, you wrote:

> Why does everyone say my GPG signature is bad while their PGP signature
> shows good?

Now that I have your Public Key I can check your signature:

gpg: Signature made 03/25/02 20:01:55  using DSA key ID 1B71B564
gpg: Good signature from "Lee A. Roberts <n0sq@arrl.net>"
gpg:                 aka "Lee A. Roberts <n0sq@actcom.net>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
gpg: Fingerprint: AA9A 72DC C8BD 199A D333  CDB7 51D6 0299 1B71 B564

No problems here using Becky 2.0.0.10 on Win 98SE with GnuPG 1.0.6.


-- 
Nick Andriash
Courtenay, B.C. Canada



From andriash@telus.net  Wed Mar 27 08:27:02 2002
From: andriash@telus.net (Nick Andriash)
Date: Wed Mar 27 08:27:02 2002
Subject: bad signatures
In-Reply-To: <20020327050210.805534EBD8@mail.actcom.net>
References: <20020325213028.D486.ANDRIASH@telus.net> <20020327050210.805534EBD8@mail.actcom.net>
Message-ID: <20020326232114.2CA7.ANDRIASH@telus.net>

Hello Lee Roberts,

On Tuesday, March 26 2002 at 09:04 PM PDT, you wrote:

> I could've sworn that I uploaded the keys to the server. Anyway, the
> keys were submitted to pgp.mit.edu.

Have it now thanks. The signature on this message of yours is 'Good' as
well, only this time I used PGP 7.1.1:

*** PGP Signature Status: good
*** Signer: Lee A. Roberts <n0sq@arrl.net> (Invalid)
*** Signed: 26/03/02 9:05:01 PM
*** Verified: 26/03/02 11:22:56 PM
*** BEGIN PGP VERIFIED MESSAGE ***


-- 
Nick Andriash
Courtenay, B.C. Canada



From sunny@sunbase.org  Wed Mar 27 09:00:01 2002
From: sunny@sunbase.org (Oyvind A. Holm)
Date: Wed Mar 27 09:00:01 2002
Subject: bad signatures
In-Reply-To: <20020327050210.805534EBD8@mail.actcom.net>
Message-ID: <Pine.LNX.4.40.0203270851500.22857-100000@sunba>

On 2002-03-26 22:04-0700 Lee Roberts wrote:
> I could've sworn that I uploaded the keys to the server. Anyway, the
> keys were submitted to pgp.mit.edu. Key ID 0x54C7CC50 is revoked,
> though.
>
> On Monday 25 March 2002 22:35, Nick Andriash wrote:
> > On Monday, March 25 2002 at 20:01 PDT, you wrote:
> > > Why does everyone say my GPG signature is bad while their PGP signatu=
re
> > > shows good? I did a decrypt/verify of one of my GPG messages with PGP
> > > and it gives a bad signature also. So far, I don't see anything wrong
> > > with my GPG configuration.
> >
> > Poor wrapping by the Mail Client, i.e. wrapping of text after the messa=
ge
> > has been signed is one of the most probable causes, unless you use a
> > WYSIWYG Editor. Also, I see this in your headers:
> >
> > Content-Transfer-Encoding: 8bit
> >
> > I'm not sure if I'm using the correct vernacular, but some Servers will=
 be
> > cause for concern if they convert the text to 7 bit. I could not check
> > your signature because I could not find your Key on any of the Servers.

I got a good signature from this message when using GnuPG 1.0.6.
Fetched your key from wwwkeys.net.uk.pgp.net , works like a dream here
at least.

Mvh
=D8yvind

+-------------------------------------------------------------------+
| OpenPGP: 0x629022EB 2002-02-24 =D8yvind A. Holm <sunny@sunbase.org> |
| Fingerprint: DBE9 8D44 67F7 42AC 2CA1  7651 724E 9D53 6290 22EB   |
+----------------| http://www.sunbase.org[/sunny] |-----------------+



From lhecking@nmrc.ie  Wed Mar 27 11:19:01 2002
From: lhecking@nmrc.ie (Lars Hecking)
Date: Wed Mar 27 11:19:01 2002
Subject: Announcing a tool to restore original filename automatically
In-Reply-To: <20020326232447.GA14421@manxome.org>
References: <1017179726030581@lycos.de> <20020326232447.GA14421@manxome.org>
Message-ID: <20020327101627.GA4069@nmrc.ie>

Ricardo SIGNES writes:
> On Tue, Mar 26, 2002 at 11:10:16PM +0100, uwe puchta wrote:
> > [unreadable]
> 
> Could you include text versions of your messages from now on?

 And fix his mailer which creates broken Message-Id: headers.



From agreene@pobox.com  Wed Mar 27 13:21:01 2002
From: agreene@pobox.com (Anthony E. Greene)
Date: Wed Mar 27 13:21:01 2002
Subject: bad signatures
In-Reply-To: <20020327050210.805534EBD8@mail.actcom.net>
Message-ID: <Pine.LNX.4.33.0203270718310.2984-100000@cp5340.localdomain>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 26 Mar 2002, Lee Roberts wrote:
>I could've sworn that I uploaded the keys to the server. Anyway, the keys
>were submitted to pgp.mit.edu. Key ID 0x54C7CC50 is revoked, though.

This message verified properly. See my GPG output below.

  --Tony

>***** Processed by mydecrypt on Wed Mar 27 07:18:31 EST 2002 *****
>gpg: Signature made Wed 27 Mar 2002 12:05:01 AM EST using DSA key ID 1B71B564
>gpg: Good signature from "Lee A. Roberts <n0sq@arrl.net>"
>gpg:                 aka "Lee A. Roberts <n0sq@actcom.net>"
>gpg: WARNING: This key is not certified with a trusted signature!
>gpg:          There is no indication that the signature belongs to the owner.
>gpg: Fingerprint: AA9A 72DC C8BD 199A D333  CDB7 51D6 0299 1B71 B564

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Anthony E. Greene <agreene@pobox.com> 0x6C94239D

iD8DBQE8obkhpCpg3WyUI50RAn+nAKDJzPZCncpLh5vMa7ABmfYmpKGzvgCg9z02
JRKvlKUHkI+ZRGyPWbi22sE=
=cXMa
-----END PGP SIGNATURE-----



From agreene@pobox.com  Wed Mar 27 13:26:01 2002
From: agreene@pobox.com (Anthony E. Greene)
Date: Wed Mar 27 13:26:01 2002
Subject: bad signatures
In-Reply-To: <20020327050210.805534EBD8@mail.actcom.net>
Message-ID: <Pine.LNX.4.33.0203270724490.2984-100000@cp5340.localdomain>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 26 Mar 2002, Lee Roberts wrote:
>I could've sworn that I uploaded the keys to the server. Anyway, the keys
>were submitted to pgp.mit.edu. Key ID 0x54C7CC50 is revoked, though.

I got a good sig with GPG and a bad sig with PGP. Ensure that textmode
is set and that your mail client wraps lines correctly. Your message was
sent with the lines not wrapped.

Tony
- -- 
Anthony E. Greene <mailto:Anthony%20E.%20Greene%20%3Cagreene@pobox.com%3E>
OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D
AOL/Yahoo Chat: TonyG05         HomePage: <http://www.pobox.com/~agreene/>
Linux. The choice of a GNU generation <http://www.linux.org/>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Anthony E. Greene <agreene@pobox.com> 0x6C94239D

iD8DBQE8obqFpCpg3WyUI50RAhIVAKCP4Y5ShoczLczw/mvsj1OB4423xQCffFvQ
AJLXBC4sVmWvjolKjFsK9gI=
=AAnk
-----END PGP SIGNATURE-----



From agreene@pobox.com  Wed Mar 27 13:31:02 2002
From: agreene@pobox.com (Anthony E. Greene)
Date: Wed Mar 27 13:31:02 2002
Subject: bad signatures
In-Reply-To: <20020326232114.2CA7.ANDRIASH@telus.net>
Message-ID: <Pine.LNX.4.33.0203270729470.2984-100000@cp5340.localdomain>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 26 Mar 2002, Nick Andriash wrote:
>Have it now thanks. The signature on this message of yours is 'Good' as
>well, only this time I used PGP 7.1.1:
>
>*** PGP Signature Status: good
>*** Signer: Lee A. Roberts <n0sq@arrl.net> (Invalid)
>*** Signed: 26/03/02 9:05:01 PM
>*** Verified: 26/03/02 11:22:56 PM
>*** BEGIN PGP VERIFIED MESSAGE ***

I used PGP 6.58 on Linux and the sig failed. with GnuPG 1.06 on Linux the
sig verified. I've seen this before, but I don;t remember what the fix is.


Tony
- -- 
Anthony E. Greene <mailto:Anthony%20E.%20Greene%20%3Cagreene@pobox.com%3E>
OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D
AOL/Yahoo Chat: TonyG05         HomePage: <http://www.pobox.com/~agreene/>
Linux. The choice of a GNU generation <http://www.linux.org/>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Anthony E. Greene <agreene@pobox.com> 0x6C94239D

iD8DBQE8obuGpCpg3WyUI50RAmqiAKDjlg2Ur9/G3i8YzEe+tjVremSQHQCg/E2S
+NzO9KJwaeWedQ+lJJpi28w=
=s2jK
-----END PGP SIGNATURE-----



From samir_nk@yahoo.com  Wed Mar 27 14:24:01 2002
From: samir_nk@yahoo.com (samir kulkarni)
Date: Wed Mar 27 14:24:01 2002
Subject: Help!!
Message-ID: <20020327132154.24784.qmail@web12803.mail.yahoo.com>

Hi,

Today while decrypting a file, I got following errors:
gpg : fatal :zlib inflate problem : invalid stored
block lengths
secmem usage : 2048/3552 bytes in 4/8 blocks of pool
4192/16384

I have gpg (GnuPG) 1.0.4 version.

It's difficult for me to understand this error.
Please help me out in solving this problem.

Thanks,
Samir.


__________________________________________________
Do You Yahoo!?
Yahoo! Movies - coverage of the 74th Academy Awards
http://movies.yahoo.com/


From sbutler@fchn.com  Wed Mar 27 16:31:02 2002
From: sbutler@fchn.com (Steve Butler)
Date: Wed Mar 27 16:31:02 2002
Subject: Help!!
Message-ID: <292294c4b71376520a22f56b9df20aa73ca1e541@fchn.com>

I've seen this under two conditions (which are twins of each other):

1.  The file was FTP'ed using ASCII rather than Binary mode from a =
Windows
box to a *NIX box.  This causes all <CR> bytes to be dropped from the =
file.

2.  The file was sent in Binary mode from a WSFTP client to a Linux =
host.
One or more (but not all) <CR> characters where dropped.  The file is at
least one byte short.  Wish I could find the culprit cause it only =
happens
with one client!


Stephen M Butler
Oracle Administrator
First Choice Health Network
206-268-2309

sbutler@fchn.com GnuPG: 8B17 7384 AB86 D67F 7612 3587 5715 C880 1B32 =
D54B=20
kg7je@attbi.com  GnuPG: 8A25 9726 D439 758D D846 E5D4 282A 5477 0385 =
81D8=20


-----Original Message-----
From: samir kulkarni [mailto:samir_nk@yahoo.com]
Sent: Wednesday, March 27, 2002 5:22 AM
To: gnupg-users@gnupg.org
Subject: Help!!


Hi,

Today while decrypting a file, I got following errors:
gpg : fatal :zlib inflate problem : invalid stored
block lengths
secmem usage : 2048/3552 bytes in 4/8 blocks of pool
4192/16384

I have gpg (GnuPG) 1.0.4 version.

It's difficult for me to understand this error.
Please help me out in solving this problem.

Thanks,
Samir.


__________________________________________________
Do You Yahoo!?
Yahoo! Movies - coverage of the 74th Academy Awards=AE
http://movies.yahoo.com/

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, =
is for the sole use of the intended recipient(s) and may contain =
confidential and privileged information.  Any unauthorized review, use, =
disclosure or distribution is prohibited.  If you are not the intended =
recipient, please contact the sender by reply e-mail and destroy all =
copies of the original message.



From holmen@bridge-line.com  Wed Mar 27 17:14:01 2002
From: holmen@bridge-line.com (Matt Holmen)
Date: Wed Mar 27 17:14:01 2002
Subject: options directory
Message-ID: <OCECJJCHKLIGFKCOOPGPCEINCEAA.holmen@bridge-line.com>

This is a multi-part message in MIME format.

------=_NextPart_000_0078_01C1D580.27143350
Content-Type: multipart/alternative;
	boundary="----=_NextPart_001_0079_01C1D580.27143350"


------=_NextPart_001_0079_01C1D580.27143350
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

On first run of 'gpg' it creates a directory at /.gnupg on a unix system.
Is there a way in the config or at the command line to create this directory
at say /local/.gnupg?


Thanks
Matt Holmen


____________________________________

Matthew Holmen
Program Manager
BRIDGELINE Software, Inc.
130 New Boston Street
Woburn, MA  01801

phone: 781.376.5555 x231
fax: 781.376.5033

email: holmen@bridge-line.com
web: www.bridge-line.com




------=_NextPart_001_0079_01C1D580.27143350
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.3315.2870" name=3DGENERATOR></HEAD>
<BODY>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D640510916-27032002>On =
first run of=20
'gpg' it creates a directory at /.gnupg on a unix system.&nbsp; Is there =
a way=20
in the config or at the command line to create this directory at say=20
/local/.gnupg?</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D640510916-27032002></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D640510916-27032002></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D640510916-27032002>Thanks</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D640510916-27032002>Matt=20
Holmen</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D640510916-27032002></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D640510916-27032002></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>
<DIV><FONT face=3DArial =
size=3D2>____________________________________</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2><STRONG>Matthew =
Holmen</STRONG></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Program Manager</FONT></DIV>
<DIV><FONT face=3DArial size=3D2><STRONG>BRIDGELINE Software,=20
Inc.</STRONG></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>130 New Boston Street</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Woburn, MA&nbsp; 01801</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>phone: 781.376.5555 x231</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>fax: 781.376.5033</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT color=3D#000000 face=3DArial size=3D2>email: <A=20
href=3D"mailto:holmen@bridge-line.com">holmen@bridge-line.com</A></FONT><=
/DIV>
<DIV><FONT color=3D#000000 face=3DArial size=3D2>web: <A=20
href=3D"http://www.bridge-line.com/">www.bridge-line.com</A></FONT></DIV>=

<DIV>&nbsp;</DIV>
<DIV><IMG src=3D"cid:640510916@27032002-2899"></DIV></FONT></DIV>
<DIV>&nbsp;</DIV></BODY></HTML>

------=_NextPart_001_0079_01C1D580.27143350--

------=_NextPart_000_0078_01C1D580.27143350
Content-Type: image/gif;
	name="BLine_logo.gif"
Content-Transfer-Encoding: base64
Content-ID: <640510916@27032002-2899>

R0lGODlh+gAtAPcAAP////7+/v39/fz8/Pv7+/r6+vn5+fj4+Pf39/b29vX19fT09PPz8/Ly8vHx
8fDw8O/v7+7u7u3t7ezs7Ovr6+rq6unp6ejo6Ofn5+bm5uXl5eTk5OPj4+Li4uHh4eDg4N/f397e
3t3d3dzc3Nvb29ra2tnZ2djY2NfX19bW1tXV1dTU1NPT09HR0dDQ0M/Pz87Ozs3NzczMzMvLy8rK
ysnJycjIyMfHx8bGxsXFxcTExMPDw8LCwsHBwcDAwL+/v76+vr29vby8vLu7u7q6urm5ubi4uLe3
t7a2trW1tbS0tLOzs7KysrGxsbCwsK+vr66urq2traysrKurq6qqqqmpqaioqKenp6ampqWlpaSk
pKOjo6KioqGhoaCgoJ+fn56enp2dnZycnJubm5qampmZmZiYmJeXl5aWlpWVlZSUlJOTk5KSkpGR
kZCQkI+Pj46Ojo2NjYyMjIuLi4qKiomJiYiIiIeHh4aGhoSEhIODg4KCgoGBgYCAgH9/f35+fn19
fXx8fHt7e3p6enl5eXh4eHd3d3Z2dnV1dXR0dHNzc3JycnFxcXBwcG9vb25ubm1tbWxsbGtra2pq
amlpaWhoaGdnZ2ZmZmVlZWRkZGNjY2JiYmFhYWBgYF9fX15eXl1dXVxcXFtbW1paWllZWVhYWFdX
V1ZWVlVVVVRUVFNTU1JSUlFRUVBQUE9PT05OTk1NTUxMTEtLS0pKSklJSUhISEdHR0ZGRkVFRURE
RENDQ0JCQkFBQUBAQD8/Pz4+Pj09PTw8PDs7Ozo6Ojk5OTg4ODc3NzY2NjU1NTQ0NDMzMzIyMjEx
MTAwMC8vLy4uLi0tLSwsLCsrKyoqKikpKSgoKCcnJyYmJiUlJSQkJCMjIyIiIiEhISAgIB8fHx4e
Hh0dHRwcHBsbGxoaGhkZGRgYGBcXFxYWFhUVFRQUFBMTExISEhERERAQEA8PDw4ODg0NDQwMDAsL
CwoKCgkJCQgICAcHBwYGBgUFBQQEBAMDAwICAgEBAQAAAAAAAAAAACwAAAAA+gAtAAAI/wD7CRxI
sKDBgwgTKlzIsKHDhxAjSpxIsaLFixgzatzIsaPHjyBDihxJsqTJkyhTqlzJsqXLlzBjypxJs6bN
j/pskULFs2dPU7TEKWSH6pRPn6dO6XI3FNUoWPcS0ntV6igqU61+YePnUFkrU1Z5mnIlbSE3UUbD
FhVVFqGzUaKUSVQmSpQzhdg+wcKXMBvcawqRiVLL85Spcx/poQDAuLFjxhuaJVT2uDLjGewSImNs
QV3CcQ8sN2agYxVDQQZEO1bgSGEm1Y7rJHTDmIxEMYzfKGTE+Ajig5EYH1LIBXZjWx/rtWDMIkeN
5zVu1DjAmE/CZgEYV8hwofuFDBIaf/9KuEwAgA7rEpK7wLiBBAjwIzRw7IYrwnkj2r+Hz1+CA8Ye
zJOQJ4whgIIJJSSoYAkeSJIQHYylIREajNGh0CONweDNQZUwxohCuAEggQoLKkiCCMYk9wIAByxz
kCKMrXHdAABgMI066OSIjjrgACEceQQA8EF6CJGTAQAG2BKON0x+s00uWTQ2HELeTADAArksyeSW
4QTD2AfmJPQJY0LUQ888aKY5Tzx8IVQHY2pIlAZjsiUEiWMc9GKQJYw1otAYjOWRj5pqyrOPikhG
c9AscM4IQAaeGVQGY4sAKSSRBxmJ5DQI3cEZOgh1UwEADAB2ED6czGKNfQeNCQASFL3/CUCcEc0J
QJ0I3UkAB4wtYEhBfALgZ0KAAlCISvWsaAAt5ITjbDjihDMHY4g4qoE8B4WoiKVDqnekAS4eFM5/
APBC5agLPGORqzcso0wyyRzzTD4NyUorRLbietCdAnRCRWNxsBrssAgVWwYz8CZTjDYkJavfAxA/
AEFoDnSRjqMQSEIKKByDQookHTC2LULLBNltkd+Ga1A+MjAWyrlXqivQMDDQYMPNOMiQRKStiobB
xQzZKyedCt0JACf4SNHYFO0INPCfoi3R8IoABCBAAFhjzZgEkLBqUDM0GgfAMNxiapCm4CK0zw2M
cQJzugOxYlkD44jJ2AALKKB3AieY/52Q0LUSbSdjkPTDDx/mAdCCXE8Ty1gBDeitQAJXTA1AAahU
E83m0UgDzRmMXeJoAS3MAENjC/gQgxEvl+0tkioXxM4GjM3ytsz9fDOJJZd0YggCj5ZjNwA8fPNN
N91wE86hQTca+K1FMxbJQLVAwNgEwtDSJ9QAvEEO8t1s85tIDhuAO0HAMPaFoxl8c489lBRYSUMl
X/q6AcwgdMrj1rwNDULusF4GhIcQVxkhVs7Dl+ByJT2C+IJ2AHhAGFJDsIMU6w/IUpapCmILxniB
faASyCOyEwA8eO0g9TtZpo50gGwYBB6qsACZmGeQblCAVN1ACDushwFyDO8ICASAHP+GBr3BAWB6
BNmGDxqTnQoapFiDyCAABjAGP+zhinvgwx5aBgAwOKqHBHFFBBizA065DmUAEIATyPCFL4BhC0M4
QWNCgI2EmAMDACDAE9jYxj6SgQoFAMAGMlNAxmggDGHooyKt0LqDyCoFZlBkH61QqYPkK3pHNEg9
2OAYJxakWC84gyT7mAVkJEcFYgPAeEjGmAjUDX3kygAwEpIMxmCAZwYZR3iMY4O2IIQfP0glAICY
EE6ksgsJiYPYboAQMjAmDgppBGNacxBANCYRCvFCKkGRHB9QoDsWCKc4K8ABGzDihASBhgUosAIC
EoQWIqAABDQgC7dgYAIuIORBzJH/ggp4B5wXEEEMmrCJqCyEGDrogAX++U8LeCAJ1FAIKSTA0IpK
wA4J4cMEKvpPCVgBIXOYgAT6oBBMSGACokOIKELwAEoopA0U5Sg4KeCKj/ADHeIgh053utMQKiQf
5BCHOWhIkHaIoxzb+AY6+4GPoA41Ifs4xzh4ulN20Asi6aAqVYGmEHqAQ6tUDcc7EgKPcIB1p+Hw
20Dc4ayxJkQe4AgHthLCjm/MFYBmPatOxVGPm/j1r4ANrGAHS9jCGvawiE2sYhfLWIjAoxw6iqxk
J0vZylr2spjNrGY3y9nOevazoA2taDtrjqb1ow3k5IBqV8va1rr2tbCNrWxnS9va/9r2trjNrW53
y9ve0tYCVDiUFoRJ3OIa97jITa5yl8vc5jpXbD041BeeS93qWve62M2udmEjBOka9wdHeG4FxuiY
ASTuuQkQQQgYsN32OmYBRlgOcStgJeWa172V6W4/pivMAliCGsvoRGqY+worOEYAmejCYxTAq+R2
4BjeYAFxRQA8/N6NBGGDTQiOkQxvECKQqdREiFKpAQU8ZhBrsLBj9MvfVG6BHBM4wDaKJUwLgNgx
wbjCY1gAwcacgQ+POe95VXOIXYiGXI5BwSwG7BjyimbIjGEAlBljvcfQABapxEQvFAcL9jwGAlNW
hRmEqQBQsNcxJvhAZRIwH8sQIP8BltlAdoTJYuJiIhVtw3NjCICJGAAAEitwTAVSEQxk0OAxvDCw
Y/wQ3sZYYBfCAMGidTyGQIiNELV4zAMG0QVcMGLOUwTEOZbwmDMcIxWhaQwEHKECRBypMYSQAyhO
UeFWogIZFGqMABAxDiOIDQ/wyIFo1sAMXJDgMaaYlGMe0bJFlMAxXADHF4a8BiY8pgfOeMZwHfMF
QugBGYFuDAYwQQs4ELfOwiRFhwDAiPQ1pgDOGAIAECroH1hgFJdAtKIbkwtb2TIWuJB0Y9KgCQD8
ItewKUQHHYMBcIxBB9HYZR7v0A1fN+YGyBiBJSaBJ2iIYhRwbsw0NuGBatRg2ZX/MMEzcKDrP2Qj
mMZJQCjmAYoqN0YG3ngBIlqBbGU35hfy5oWfG0OFamBhyJuQg2MMoIsrACEa9WXMI6zRgVjowTF3
cEUAXp1KdKdyFAUHwCN04RgCDCOYuGCbY4owh13wxjGJfswrnOkYPPjhMRcQhQ6ScUPjKPwxHMCF
AFA0qsbM4BegBgAcpsEGTrwC1BjABhYeEwBihDcZak8jMUDRhmPQGABBuAVxdfALafQYAG1wBQBo
sIwzMybZj6lFMGHhgia/gjqOkUSKG0OChdNCB8teBAA8AeTGpCAYplAznb0rTEbc4gBMSMVr9kwM
Yeci8wDQQilCEIjgwH3fjJn7/4kFUZlGIAMTqQwEo/BkCwMZo++MAcIwEt+HVXynzYzhgDFOXzVh
KAEAymAD78YMVKABE2BijdEEZCc2LoBHAKAO/gYAbPAKq7cMC+AYsOcYtSBssVB7jcEBtYCAjaF7
jjECvsdyjfEIvBEKV1dei2ALImgcXic2OLAOVBAM7MBFjEEAygAFSeAOM+AYqGAHEZALofAYx7AF
j5ELavAYgtAJFOYYH1UEYkMAmaAMtQYAHiAMCaAC0VB4jMED0hADEmcE0FACO3B6HkANJkB5zQAF
AGANwNcYoFAJIPADiacEzWACXqYaqlANJQAE8SBvjRED3gADisBzjvEKu/dzUf8ABeeQAgwXDDag
AY7BCUq3Z7uABURQDfAHAJjAJ6tAfo3RAy0QAbvQhzLIfMJkBswADd/QA4m3BrAQBoMQAo5xA7bQ
B2VACbhHLUu0aI12c7rQCLiXHTcwDfinGh2gCrcgYY1RAYVgAB0ACanWK6kiR41xB8GwCzoIABUQ
CZboGAGwCAIoCZL4gawwDI9wYwBAAakgCx6oGhlQCsigDOb2GGhQDK6Ai3WXBI8RB7DQBX/QYIwh
AIHQC0HgGGzgBI/BA79ADFHiGGlAIXewbYzRBKkwCuC3ivtlXAeAAHFgDK7HGL/4GAQAYolHXAKQ
YQJABsuQj8YxZ1MGG+5YIM+AlYWOcZKw4QA62RhMJjZB+Rg8KRoBkGGpNAAlKTYzWFxSpmKP4QZ5
AJVUWZVWyZSseJVauZVc2ZVdl5VeGZZiOZZQqV9VQJZomZZqWV02cCiVAAVZEJdyOZd0WZd2eZd4
mZd6uZd82Zd++ZeAGZiCOZiEyZdREAhL1ViKuZgbERAAOw==

------=_NextPart_000_0078_01C1D580.27143350--



From sunny@sunbase.org  Wed Mar 27 17:18:02 2002
From: sunny@sunbase.org (Oyvind A. Holm)
Date: Wed Mar 27 17:18:02 2002
Subject: 1024 bit encryption compromised?
Message-ID: <Pine.LNX.4.40.0203271643080.25775-100000@sunba>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Found a disquieting article at <http://www.vnunet.com/News/1130451>:

    1024-bit encryption is 'compromised'

    Upgrade to 2048-bit, says crypto expert

    According to a security debate sparked off by cryptography expert
    Lucky Green on Bugtraq yesterday, 1,024-bit RSA encryption should
    be "considered compromised".

    The Financial Cryptography conference earlier this month, which
    largely focused on a paper published by cryptographer Dan Bernstein
    last October detailing integer factoring methodologies, revealed
    "significant practical security implications impacting the
    overwhelming majority of deployed systems utilising RSA as the
    public key algorithm".

    Based on Bernstein's proposed architecture, a panel of experts
    estimated that a 1,024-bit RSA factoring device can be built using
    only commercially available technology for a price range of several
    hundred million to $1bn.

I guess this is the same thing that was discussed last week on this
list. I'm not into this level of cryptoanalytics, but what do you folks
say about this? I guess there is no need to get upset of this, if Big
Brother wants my bytes, I suppose he has other ugly ways to compromise
the key -- bugging my flat or setting up some kind of scanners to
analyze the keyboard radiation or maybe plain old violence. I doubt the
govs wants to use millions of euro to read my mail. But I admit it's
damn irritating to read this now that I changed my key only one month
ago. *grmpf*

The question is floating around among us -- would it be wise to upgrade
to 2048 bits, or is this just speculations? Now that they're talking
about this, I guess one should be a step ahead of the snoopers --
especially when it comes to the future robustness of the signatures.

Mvh
=D8yvind

+-------------------------------------------------------------------+
| OpenPGP: 0x629022EB 2002-02-24 =D8yvind A. Holm <sunny@sunbase.org> |
| Fingerprint: DBE9 8D44 67F7 42AC 2CA1  7651 724E 9D53 6290 22EB   |
+-------- Don't support organized crime, boycott Microsoft. --------+

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)

iD8DBQE8ofApck6dU2KQIusRAvgrAKCZKsw3w+VSzUyNOSlbsOWaT+CZyQCeOu9w
au88KVPs3/rNsFvPkiASBlU=3D
=3D+B5H
-----END PGP SIGNATURE-----



From sunny@sunbase.org  Wed Mar 27 17:25:01 2002
From: sunny@sunbase.org (Oyvind A. Holm)
Date: Wed Mar 27 17:25:01 2002
Subject: Help!!
In-Reply-To: <292294c4b71376520a22f56b9df20aa73ca1e541@fchn.com>
Message-ID: <Pine.LNX.4.40.0203271717210.25775-100000@sunba>

On 2002-03-27 07:27-0800 Steve Butler wrote:

> 2.  The file was sent in Binary mode from a WSFTP client to a Linux
> host. One or more (but not all) <CR> characters where dropped. The
> file is at least one byte short.

In _binary_ mode??? Sheesh, that's an ugly one! Is this a common flaw
with the WSFTP clients, or a specific version? Bugs like that cannot be
accepted, it has to be corrected ASAFP.

=D8yvind

+-------------------------------------------------------------------+
| OpenPGP: 0x629022EB 2002-02-24 =D8yvind A. Holm <sunny@sunbase.org> |
| Fingerprint: DBE9 8D44 67F7 42AC 2CA1  7651 724E 9D53 6290 22EB   |
+----------| En dag uten Cola er som en hund uten svane. |----------+



From sunny@sunbase.org  Wed Mar 27 17:39:01 2002
From: sunny@sunbase.org (Oyvind A. Holm)
Date: Wed Mar 27 17:39:01 2002
Subject: options directory
In-Reply-To: <OCECJJCHKLIGFKCOOPGPCEINCEAA.holmen@bridge-line.com>
Message-ID: <Pine.LNX.4.40.0203271734490.25775-100000@sunba>

On 2002-03-27 11:11-0500 Matt Holmen wrote:

> On first run of 'gpg' it creates a directory at /.gnupg on a unix
> system. Is there a way in the config or at the command line to create
> this directory at say /local/.gnupg?

You decide where GnuPG shall put its home directory with the $GNUPGHOME
environment variable.

export GNUPGHOME=3D/usr/local/.gnupg

=D8yvind

+-------------------------------------------------------------------+
| OpenPGP: 0x629022EB 2002-02-24 =D8yvind A. Holm <sunny@sunbase.org> |
| Fingerprint: DBE9 8D44 67F7 42AC 2CA1  7651 724E 9D53 6290 22EB   |
+--------------------| Why, Microsoft=AE, WHY??? |--------------------+



From sbutler@fchn.com  Wed Mar 27 17:52:01 2002
From: sbutler@fchn.com (Steve Butler)
Date: Wed Mar 27 17:52:01 2002
Subject: Help!!
Message-ID: <c5f2b598735d941fc256ef267b3aa2563ca1f840@fchn.com>

I wish I knew!  So far it is happening only with one client.  But it =
appears
to happen every time they need to send the file.  So far they can resend =
it
up to four times before all the bytes show up.=20

I'm pointing the finger at the client's software.  So far they are =
unwilling
to take my suggestion and attempt to a UNIX to Linux FTP so see if that =
is
more reliable.  Every so often they don't spot the size discrepancy and =
my
automated script emails me that gpg returned a status of '2'.  Hand =
attempts
to decrypt usually so that problem that started this thread (zlib =
inflate)
but have shown various other errors. =20

So, if in doubt, have the client verify the length of the file!

Stephen M Butler
Oracle Administrator
First Choice Health Network
206-268-2309

sbutler@fchn.com GnuPG: 8B17 7384 AB86 D67F 7612 3587 5715 C880 1B32 =
D54B=20
kg7je@attbi.com  GnuPG: 8A25 9726 D439 758D D846 E5D4 282A 5477 0385 =
81D8=20


-----Original Message-----
From: Oyvind A. Holm [mailto:sunny@sunbase.org]
Sent: Wednesday, March 27, 2002 8:23 AM
To: gnupg-users@gnupg.org
Subject: RE: Help!!


On 2002-03-27 07:27-0800 Steve Butler wrote:

> 2.  The file was sent in Binary mode from a WSFTP client to a Linux
> host. One or more (but not all) <CR> characters where dropped. The
> file is at least one byte short.

In _binary_ mode??? Sheesh, that's an ugly one! Is this a common flaw
with the WSFTP clients, or a specific version? Bugs like that cannot be
accepted, it has to be corrected ASAFP.

=D8yvind

+-------------------------------------------------------------------+
| OpenPGP: 0x629022EB 2002-02-24 =D8yvind A. Holm <sunny@sunbase.org> |
| Fingerprint: DBE9 8D44 67F7 42AC 2CA1  7651 724E 9D53 6290 22EB   |
+----------| En dag uten Cola er som en hund uten svane. |----------+


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, =
is for the sole use of the intended recipient(s) and may contain =
confidential and privileged information.  Any unauthorized review, use, =
disclosure or distribution is prohibited.  If you are not the intended =
recipient, please contact the sender by reply e-mail and destroy all =
copies of the original message.



From sbutler@fchn.com  Wed Mar 27 18:06:02 2002
From: sbutler@fchn.com (Steve Butler)
Date: Wed Mar 27 18:06:02 2002
Subject: 1024 bit encryption compromised?
Message-ID: <5069b671ffdf890f712b8541b0784b923ca1fb7d@fchn.com>

We have one client using RSA.  Last fall they moved to 4096 bits due to
rumors about vulnerability at 1024.  We moved to 2048 bit DSA/ELG-E at the
same time.  Perhaps we're just paranoid.

Stephen M Butler
Oracle Administrator
First Choice Health Network
206-268-2309

sbutler@fchn.com GnuPG: 8B17 7384 AB86 D67F 7612 3587 5715 C880 1B32 D54B 
kg7je@attbi.com  GnuPG: 8A25 9726 D439 758D D846 E5D4 282A 5477 0385 81D8 
or kg7je@arrl.net


-----Original Message-----
From: Oyvind A. Holm [mailto:sunny@sunbase.org]
Sent: Wednesday, March 27, 2002 8:16 AM
To: gnupg-users@gnupg.org
Subject: 1024 bit encryption compromised?

[snip]

    According to a security debate sparked off by cryptography expert
    Lucky Green on Bugtraq yesterday, 1,024-bit RSA encryption should
    be "considered compromised".
[snip]

The question is floating around among us -- would it be wise to upgrade
to 2048 bits, or is this just speculations? Now that they're talking
about this, I guess one should be a step ahead of the snoopers --
especially when it comes to the future robustness of the signatures.
[snip]


CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.



From mutz@kde.org  Wed Mar 27 19:47:02 2002
From: mutz@kde.org (Marc Mutz)
Date: Wed Mar 27 19:47:02 2002
Subject: [OT] Re: bad signatures
In-Reply-To: <20020326232158.GA2168@stonewall>
References: <20020326035909.0C69E4F4BD@mail.actcom.net>
 <200203260914.15030@sendmail.mutz.com> <20020326232158.GA2168@stonewall>
Message-ID: <200203271821.01283@sendmail.mutz.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 27 March 2002 00:21, Brian M. Carlson wrote:
<snip>
> If you do not want this converted, use "Content-Conversion: prohibited".
> Servers are prohibited from converting if you state this.

Care to tell me the RFC number where this is specified?
Since when do broken mail relays adhere to anything other than their creators' 
confused minds? ;-)

Marc

- -- 
Marc Mutz <mutz@kde.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8of983oWD+L2/6DgRAvuUAKDlJ/rGdi2qjieudnFswGxKc0GOcgCg60r2
35+bwlGtevp5H3DLBhI3nDA=
=OSHq
-----END PGP SIGNATURE-----



From hideki@allcity.net  Wed Mar 27 21:04:01 2002
From: hideki@allcity.net (Hideki Saito)
Date: Wed Mar 27 21:04:01 2002
Subject: Help!!
In-Reply-To: <20020327132154.24784.qmail@web12803.mail.yahoo.com>
References: <20020327132154.24784.qmail@web12803.mail.yahoo.com>
Message-ID: <200203272001.g2RK1oA15153@server-1.visp.net>

I used to get that error on 1.0.4, a lot, and never on 1.0.6. Maybe 
you can upgrade to 1.0.6 and see if it helps.

>Hi,
>
>Today while decrypting a file, I got following errors:
>gpg : fatal :zlib inflate problem : invalid stored
>block lengths
>secmem usage : 2048/3552 bytes in 4/8 blocks of pool
>4192/16384
>
>I have gpg (GnuPG) 1.0.4 version.
>
>It's difficult for me to understand this error.
>Please help me out in solving this problem.
>
>Thanks,
>Samir.
>
>
>__________________________________________________
>Do You Yahoo!?
>Yahoo! Movies - coverage of the 74th Academy Awards=AE
>http://movies.yahoo.com/
>
>_______________________________________________
>Gnupg-users mailing list
>Gnupg-users@gnupg.org
>http://lists.gnupg.org/mailman/listinfo/gnupg-users

--=20
Hideki Saito mailto:hideki@allcity.net


From agreene@pobox.com  Wed Mar 27 23:30:01 2002
From: agreene@pobox.com (Anthony E. Greene)
Date: Wed Mar 27 23:30:01 2002
Subject: [OT] Re: bad signatures
In-Reply-To: <200203271821.01283@sendmail.mutz.com>
Message-ID: <Pine.LNX.4.33.0203271725550.21155-100000@asmoweb.hqda.pentagon.mil>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 27 Mar 2002, Marc Mutz wrote:
>On Wednesday 27 March 2002 00:21, Brian M. Carlson wrote:
><snip>
>> If you do not want this converted, use "Content-Conversion: prohibited".
>> Servers are prohibited from converting if you state this.
>
>Care to tell me the RFC number where this is specified?

RFC1344, but is an informational RFC that makes recommendations. It is not 
a standard.

>Since when do broken mail relays adhere to anything other than their creators'
>confused minds? ;-)

Touche'


Tony
- -- 
Anthony E. Greene <mailto:agreene@pobox.com>
OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26  C484 A42A 60DD 6C94 239D
AOL/Yahoo Chat: TonyG05      HomePage: <http://www.pobox.com/~agreene/>
Linux: the choice of a GNU Generation. <http://www.linux.org/>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Anthony E. Greene 0x6C94239D <agreene@pobox.com>

iD8DBQE8okdUpCpg3WyUI50RAhH3AJ0ewBQ9BoH7+qy0hb3jLsY08Xa3nACfUPav
Qx+OImH0rBzWUeOSTPR5Y4g=
=0hJ3
-----END PGP SIGNATURE-----



From Ralf.Huels@schufa.de  Thu Mar 28 08:49:02 2002
From: Ralf.Huels@schufa.de (Huels, Ralf SCORE)
Date: Thu Mar 28 08:49:02 2002
Subject: AW: 1024 bit encryption compromised?
Message-ID: <51896D38E5E4D111BE560001FA68BA369FB70E@SBO1002>

Hi.

>     Based on Bernstein's proposed architecture, a panel of experts
>     estimated that a 1,024-bit RSA factoring device can be built using
>     only commercially available technology for a price range of several
>     hundred million to $1bn.

Hm. Up to now I had only read opinions that stated that Bernstein's 
result was still rather theoretical.
 
> I guess this is the same thing that was discussed last week on this
> list. I'm not into this level of cryptoanalytics,

Neither am I.

> but what do you folks
> say about this? I guess there is no need to get upset of this, if Big
> Brother wants my bytes, I suppose he has other ugly ways to compromise
> the key -- bugging my flat or setting up some kind of scanners to

I guess it all depends on who you want to hide your stuff from. If you need
to keep stuff from Governments or billion Dollar corporations, you better be

paranoid. If you just want to keep stuff from your small provider's admin
I'd guess that 1024 bit RSA still goes a long way.

Personally I use GnuPG for "political" reasons rather than for a true need
for cryptography. I assume that by using and promoting GnuPG, building a
web of trust and so forth (besides the fact that it's fun ;-), I might 
weaken the position of crypto opponents, who might argue that only
criminals use crypto anyway.

> The question is floating around among us -- would it be wise to upgrade
> to 2048 bits, or is this just speculations? Now that they're talking
> about this, I guess one should be a step ahead of the snoopers --
> especially when it comes to the future robustness of the signatures.

If I were to create a new key now, I would make it 2048 bits. Since I
have two fairly well signed 1024 bit keys (Ranking 1722 and 2003 in the
dtype.org statistic ;-), I'll stick with those as long as there are no
further advances in cryptanalysis.

Tschuess,
Ralf
 


From robw33@mac.com  Thu Mar 28 10:52:01 2002
From: robw33@mac.com (Robert Wear)
Date: Thu Mar 28 10:52:01 2002
Subject: GnuPG - Mailing List Archives
Message-ID: <0BA983D1-4231-11D6-BA39-003065714510@mac.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

To whom it may concern,

Please subscribe me to the mailing list.

Cheerio from Sydney, Australia

Rob Wear
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (Darwin)
Comment: For info see http://www.gnupg.org

iD8DBQE8oucaKwK9QZbsXF8RAj5+AJ9220xkJO2+qqf12x+JPgTCFFKLUwCbB0ca
DjvKXomp3J9MczQG14Zl0Tk=
=BmBF
-----END PGP SIGNATURE-----



From rtilley@vt.edu  Thu Mar 28 13:47:02 2002
From: rtilley@vt.edu (Brad Tilley)
Date: Thu Mar 28 13:47:02 2002
Subject: GPG Article on Slashdot
Message-ID: <1017319486.10961.207.camel@ohio>

http://slashdot.org/articles/02/03/27/1847212.shtml?tid=93





From Thomas.Rueppel@icn.siemens.de  Thu Mar 28 21:17:01 2002
From: Thomas.Rueppel@icn.siemens.de (Thomas Rueppel)
Date: Thu Mar 28 21:17:01 2002
Subject: commercial usage of gnupg allowed
Message-ID: <3CA379BE.4CE133DD@icn.siemens.de>

Hi,

is a commercial usage of gnupg allowed? If yes, what has to be
considered or payed? Are there any restrictions to send encrypted files
to or use gpnupg  in a foreign country, e.g. somewhere in the world?

Please send your answer to: Thomas.Rueppel@t-online.de

Your soonest reply is highly apriciated!

Best regards,
Thomas Rueppel



From peter.kuhm@plus.at  Thu Mar 28 22:38:01 2002
From: peter.kuhm@plus.at (Peter Kuhm)
Date: Thu Mar 28 22:38:01 2002
Subject: commercial usage of gnupg allowed
In-Reply-To: <3CA379BE.4CE133DD@icn.siemens.de>
Message-ID: <3.0.6.32.20020328223639.0172f100@mail.plus.at>

At 21:14 28.03.02 +0100, Thomas Rueppel wrote:

>is a commercial usage of gnupg allowed? If yes, what has to be
>considered or payed?

<http://lists.gnupg.org/pipermail/gnupg-users/2002-March/thread.html#12414>=
 ff.

>Are there any restrictions to send encrypted files
>to or use gpnupg  in a foreign country, e.g. somewhere in the world?

<http://www2.epic.org/reports/crypto2000/>

bye,
Peter


--=20
VIBE!AT - Verein f=FCr Internet-Benutzer =D6sterreichs (.AT) http://www.vibe=
.at/


From sbutler@fchn.com  Thu Mar 28 22:47:02 2002
From: sbutler@fchn.com (Steve Butler)
Date: Thu Mar 28 22:47:02 2002
Subject: commercial usage of gnupg allowed
Message-ID: <9A86613AB85FF346BB1321840DB42B4B67D5AC@jupiter.fchn.com>

No commercial restrictions.  No royalties.  You can give the source away.
Usage in certain countries may be restricted by their local law.

Stephen M Butler
Oracle Administrator
First Choice Health Network
206-268-2309

sbutler@fchn.com GnuPG: 8B17 7384 AB86 D67F 7612 3587 5715 C880 1B32 D54B 
kg7je@attbi.com  GnuPG: 8A25 9726 D439 758D D846 E5D4 282A 5477 0385 81D8 


-----Original Message-----
From: Thomas Rueppel [mailto:Thomas.Rueppel@icn.siemens.de]
Sent: Thursday, March 28, 2002 12:15 PM
To: gnupg-users@gnupg.org
Subject: commercial usage of gnupg allowed


Hi,

is a commercial usage of gnupg allowed? If yes, what has to be
considered or payed? Are there any restrictions to send encrypted files
to or use gpnupg  in a foreign country, e.g. somewhere in the world?

Please send your answer to: Thomas.Rueppel@t-online.de

Your soonest reply is highly apriciated!

Best regards,
Thomas Rueppel


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.



From wk@gnupg.org  Fri Mar 29 12:22:01 2002
From: wk@gnupg.org (Werner Koch)
Date: Fri Mar 29 12:22:01 2002
Subject: commercial usage of gnupg allowed
In-Reply-To: <9A86613AB85FF346BB1321840DB42B4B67D5AC@jupiter.fchn.com> ("Steve
 Butler"'s message of "Thu, 28 Mar 2002 13:43:57 -0800")
References: <9A86613AB85FF346BB1321840DB42B4B67D5AC@jupiter.fchn.com>
Message-ID: <877knvpqnr.fsf@alberti.gnupg.de>

On Thu, 28 Mar 2002 13:43:57 -0800, Steve Butler said:

> No commercial restrictions.  No royalties.  You can give the source away.

Basically the only restriction is that if you give a binary away you
must accompany it with the source (or a written statement that you
promise to deliver the source on request without any extra fee).

  Werner



From sunny@sunbase.org  Fri Mar 29 13:28:01 2002
From: sunny@sunbase.org (Oyvind A. Holm)
Date: Fri Mar 29 13:28:01 2002
Subject: commercial usage of gnupg allowed
In-Reply-To: <877knvpqnr.fsf@alberti.gnupg.de>
Message-ID: <Pine.LNX.4.40.0203291322340.8164-100000@sunba>

On 2002-03-29 12:19+0100 Werner Koch wrote:
>
> On Thu, 28 Mar 2002 13:43:57 -0800, Steve Butler said:
> >
> > No commercial restrictions.  No royalties.  You can give the source awa=
y.
>
> Basically the only restriction is that if you give a binary away you
> must accompany it with the source (or a written statement that you
> promise to deliver the source on request without any extra fee).

That's not a restriction, that's a feature. :)

=D8yvind

+-------------------------------------------------------------------+
| OpenPGP: 0x629022EB 2002-02-24 =D8yvind A. Holm <sunny@sunbase.org> |
| Fingerprint: DBE9 8D44 67F7 42AC 2CA1  7651 724E 9D53 6290 22EB   |
+--------------------| Why, Microsoft=AE, WHY??? |--------------------+



From webmaster@gnupg.org" <crisha@trafficbbs.net  Fri Mar 29 18:10:01 2002
From: webmaster@gnupg.org" <crisha@trafficbbs.net (webmaster@gnupg.org)
Date: Fri Mar 29 18:10:01 2002
Subject: Fw: http://gnupg.archive.sunet.se/de/
Message-ID: <E16r062-0004Hl-00@porta.u64.de>

This is a multi-part message in MIME format

--=_NextPart_2rfkindysadvnqw3nerasdf
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

----- Original Message -----
From: crisha=40trafficbbs.net
To: webmaster=40gnupg.org
Sent: 2002-3-30 2:10:57
Subject: http://gnupg.archive.sunet.se/de/

Hello,

You may have spent much on lots of ways to achieve=20these - search engine registrations, website=20promotions, press release, email sending?- Here=20Traffic BBS presents you a unique method economically=20and professionally converting a PC into personal=20message distribution center=21 Traffic BBS assists you=20to post your message or ad to over 1,200,000+ message=20boards on the web worldwide. Along with a hyperlink=20to your website or email address, a message of your=20business, product, service or offer will be promptly=20submitted to targeted bulletin boards. You can expect=20instant response=21=20
Get your business, service, product or offer seen=21=20
Best Regards,
Crisha Wenston
Sales & Marketing=20www.trafficbbs.net
=20=20
--=_NextPart_2rfkindysadvnqw3nerasdf
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<HTML><HEAD><TITLE></TITLE>
<STYLE type=3Dtext/css>TD =7B
=09FONT-SIZE: 12px
=7D
P =7B
=09FONT-SIZE: 12px
=7D
LI =7B
=09FONT-SIZE: 12px
=7D
INPUT =7B
=09FONT-SIZE: 12px
=7D
SELECT =7B
=09FONT-SIZE: 12px
=7D
</STYLE>

<META http-equiv=3D=22Content-Type=22 content=3D=22text/html; charset=3Diso-8859-1=22>
<META content=3D=22MSHTML 5.00.2920.0=22 name=3DGENERATOR></HEAD>
<BODY bgColor=3D=23cccccc leftMargin=3D0 text=3D=23000000 topMargin=3D0 marginheight=3D=220=22=20marginwidth=3D=220=22>

  <DIV><FONT size=3D2>&nbsp;</FONT></DIV>
  <BLOCKQUOTE=20  style=3D=22BORDER-LEFT: =23000000 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px; PADDING-LEFT: 5px; PADDING-RIGHT: 0px=22>
  <DIV><FONT size=3D2>----- Original Message ----- </FONT></DIV>
  <DIV style=3D=22BACKGROUND: =23e4e4e4; font-color: black=22><FONT size=3D2><B>From:</B> <A href=3D=22mailto:crisha=40trafficbbs.net=22 title=3Dcrisha=40trafficbbs.net>crisha=40trafficbbs.net</FONT></A> </DIV>
  <DIV><FONT size=3D2><B>To:</B> <A href=3D=22mailto:webmaster=40gnupg.org=22=20  title=3Dwebmaster=40gnupg.org>webmaster=40gnupg.org</FONT></A> </DIV>
  <DIV><FONT size=3D2><B>Sent:</B> 2002-3-30 2:10:57</FONT></DIV>
  <DIV><FONT size=3D2><B>Subject:</B> http://gnupg.archive.sunet.se/de/</FONT></DIV>
  <DIV><BR></DIV>

<TABLE bgColor=3D=23ffffff border=3D0 cellPadding=3D0 cellSpacing=3D0 width=3D600>
  <TBODY>
  <TR>
    <TD height=3D55 width=3D113><IMG height=3D140=20      src=3D=22http://image.trafficbbs.net/meiyuan.gif=22 width=3D100></TD>
    <TD height=3D55>
      <TABLE border=3D0 cellPadding=3D0 cellSpacing=3D0 width=3D=22100%=22>
        <TBODY>
        <TR>
          <TD><B><FONT face=3D=22Arial, Helvetica, sans-serif=22 size=3D2>Do you=20            want to get maximum exposure for your website? </FONT></B></TD></TR>
        <TR>
          <TD><B><FONT face=3D=22Arial, Helvetica, sans-serif=22 size=3D2>Are you=20            trying to introduce or sell your new product? </FONT></B></TD></TR>
        <TR>
          <TD><B><FONT face=3D=22Arial, Helvetica, sans-serif=22 size=3D2>Are you=20            planning to present your new service or technology?</FONT></B></TD></TR>
        <TR>
          <TD><B><FONT face=3D=22Arial, Helvetica, sans-serif=22 size=3D2>Do you=20            want to learn instant info about new service?</FONT></B></TD></TR>
        <TR>
          <TD><B><FONT face=3D=22Arial, Helvetica, sans-serif=22 size=3D2>Have you=20            got enough time, energy and cost to spread your idea?=20        </FONT></B></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE>
<TABLE bgColor=3D=23514fa3 border=3D0 cellPadding=3D0 cellSpacing=3D0 width=3D600>
  <TBODY>
  <TR>
    <TD vAlign=3Dtop width=3D21>&nbsp;
    </TD>
    <TD height=3D227 width=3D303>
      <TABLE border=3D0 cellPadding=3D0 cellSpacing=3D0 width=3D=22100%=22>
        <TBODY>
        <TR>
          <TD><FONT color=3D=23ffffff face=3D=22Verdana, Arial, Helvetica, sans-serif=22=20            size=3D2>
            <BR>Hello,
            <BR><BR> =20            You may have spent much on lots of ways to achieve these - search=20            engine registrations, website promotions, press release, and email=20            distribution=A1=AD Here TrafficBBS presents you a unique method=21 TrafficBBS economically and professionally converts=20            your PC into personal information distribution center by submitting=20            your website, business info, or products details to <B>50,000+</B> search=20            engines & <B>120,000+</B> boards on the web worldwide. Along with a hyperlink=20            to your email address or logo, your website will be promptly submitted=20            to categorized search engines and a message of your business & product=20            will be instantly presented on targeted bulletin boards. You can expect=20            immediate response=21=20            </FONT></P></FONT></TD></TR></TBODY>
      </TABLE>
    </TD>
    <TD vAlign=3Dtop align=3Dright colspan=3D2>
      <TABLE border=3D0 cellPadding=3D0 cellSpacing=3D0>
        <TBODY>
        <TR>
          <TD align=3Dright background=3D=22http://image2.trafficbbs.net/bbs1602/2/68/bbs378.jpg=22 height=3D220 vAlign=3Dtop width=3D275>
          <A href=3D'http://gnupg.archive.sunet.se/de/gnupg.html' target=3D_blank><IMG height=3D227 border=3D0 src=3D=22http://image.trafficbbs.net/image_kuang.gif=22 width=3D275></A></TD>
        </TR>
        <TR height=3D=22100%=22 width=3D=22100%=22>
          <TD align=3Dmiddle vAlign=3Dcenter><BR><BR><BR><BR>
            <FORM action=3Dhttp://www.trafficbbs.net method=3Dpost target=3D_blank><INPUT type=3Dsubmit value=3D=22More Information ...=22></FORM>
          </TD>
        </TR>
      </TBODY>
      </TABLE>
    </TD>
  </TR>
</table>
       =20<TABLE bgColor=3D=23514fa3 border=3D0 cellPadding=3D0 cellSpacing=3D0 width=3D600>
            <TR><TD vAlign=3Dtop width=3D21>&nbsp;</TD>
            <TD colspan=3D5><table border=3D0 width=3D100%>
            <FONT color=3D=23ffffff face=3D=22Verdana, Arial, Helvetica, sans-serif=22=20            size=3D2>
            Visit the Following Links for More Details about TrafficBBS
            <BR><BR>
            <A href=3D=22http://www.trafficbbs.net=22 target=3D_blank><font color=3D=23ffffff>http://www.trafficbbs.net</font></a> -- An overview about TrafficBBS. You can visit different pages for detailed explanation.
            <BR><BR>
            <A href=3D=22http://www.trafficbbs.net/list.php=22 target=3D_blank><font color=3D=23ffffff>http://www.trafficbbs.net/list.php</font></a> -- This page contains two lists.=20            One is the sample list of our search engines & directories, and the=20            other is of message boards. Both of them show to which search engines &=20            BBS we will post your registered information. Currently there are data of=20            over <B>50,000</B> & <B>120,000</B> high traffic message boards in our database, which=20            is set up for international contacts. TrafficBBS technical development=20            team updates the data periodically to meet increasing requirements.
            <BR><BR>
            <A href=3D=22http://www.trafficbbs.net/faq.php=22 target=3D_blank><font color=3D=23ffffff>http://www.trafficbbs.net/faq.php</font></a> -- Frequently Asked Questions from our=20            new and existing customers. You can read it first for possible help. It=20            gives details of our current service packages, explanation of various=20            function areas such as Bulk Order and Multiple Products, and introduction=20            about our other promotional tools, etc.
            <BR><BR>
            <P><FONT color=3D=23ffffff face=3D=22Verdana, Arial, Helvetica, sans-serif=22=20            size=3D2>Get your business, service, product or offer seen=21=20            </FONT></P>
            <P><FONT color=3D=23ffffff face=3D=22Verdana, Arial, Helvetica, sans-serif=22=20            size=3D2>Best Regards,<BR>Crisha Wenston<BR>Sales &amp; Marketing=20            <BR><A href=3D=22http://www.trafficbbs.net/=22 target=3D_blank><FONT=20            color=3D=23ffffff>www.trafficbbs.net</A>=20            </TABLE>
            </TD>
            <TD vAlign=3Dtop width=3D21>&nbsp;</TD>
            </TR>
</table>
<TABLE bgColor=3D=23ffffff border=3D0 cellPadding=3D0 cellSpacing=3D0 width=3D600>
  <TBODY>
  <TR>
    <TD height=3D54 vAlign=3Dtop width=3D21>&nbsp;</TD>
    <TD height=3D54 vAlign=3Dbottom width=3D222><FONT color=3D=23ffffff size=3D2><IMG=20      height=3D41 src=3D=22http://image.trafficbbs.net/logo.gif=22 width=3D225> </FONT></TD>
    <TD height=3D54 vAlign=3Dbottom width=3D357>&nbsp;</TD></TR>
  <TR>
    <TD height=3D40 vAlign=3Dtop width=3D21>&nbsp;</TD>
    <TD align=3Dright height=3D40>&nbsp;</TD>
    <TD height=3D40><FONT color=3D=23000000=20      face=3D=22Verdana, Arial, Helvetica, sans-serif=22 size=3D1>Copy right&copy;2001 ,=20      TrafficBBS&=238482;All Rights Reserved.<BR>TrafficBBS&=238482;is a trademark of=20      TrafficBBS.Net inc.</FONT></TD></TR>
  </TBODY>
</TABLE>
</BODY>
</HTML>

--=_NextPart_2rfkindysadvnqw3nerasdf--


From info@loadedmedia.com  Fri Mar 29 19:56:01 2002
From: info@loadedmedia.com (Loaded Media)
Date: Fri Mar 29 19:56:01 2002
Subject: GPG Encrytion process
Message-ID: <OFEGLILPFLKIIJAKACEAGENMCEAA.info@loadedmedia.com>

This is a multi-part message in MIME format.

------=_NextPart_000_0013_01C1D728.E8A33BC0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit

I need to encrypt emails sent through an Agora Shopping Cart system I have
setup on an account I have setup HostingMatters.com

How do I go about doing that? I went to your web site (www.gnupg.org), but
don't really see anything as to where to start. All I see is how to set it
up on the server, but I don't have access to the server and let's say it was
already setup on the server, then what? Is there something I need to
download? How do I set it up in the shopping cart? How do I set it up on my
client's PC for email retrieval?

I sent this same email to HM, but they said it was beyond them and couldn't
help. Can you? (I also sent this directly to gnu@gnu.org and they told me
to send this email to this user-group).

Any advice would be much appreciated.

Thanks,
Sean

-----------------------------
Loaded Media - Creative Solutions Provider
Visit us at http://www.loadedmedia.com/
856.825.2400
888.355.3200 toll free
856.794.8862 fax
info@loadedmedia.com <mailto:info@loadedmedia.com>


------=_NextPart_000_0013_01C1D728.E8A33BC0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns=3D"http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<meta name=3DProgId content=3DWord.Document>
<meta name=3DGenerator content=3D"Microsoft Word 9">
<meta name=3DOriginator content=3D"Microsoft Word 9">
<link rel=3DFile-List href=3D"cid:filelist.xml@01C1D728.E816B330">
<!--[if gte mso 9]><xml>
 <o:OfficeDocumentSettings>
  <o:DoNotRelyOnCSS/>
 </o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:View>Normal</w:View>
  <w:Zoom>0</w:Zoom>
  <w:DocumentKind>DocumentEmail</w:DocumentKind>
  <w:EnvelopeVis/>
 </w:WordDocument>
</xml><![endif]-->
<style>
<!--
 /* Font Definitions */
@font-face
	{font-family:Verdana;
	panose-1:2 11 6 4 3 5 4 4 2 4;
	mso-font-charset:0;
	mso-generic-font-family:swiss;
	mso-font-pitch:variable;
	mso-font-signature:536871559 0 0 0 415 0;}
 /* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{mso-style-parent:"";
	margin:0in;
	margin-bottom:.0001pt;
	mso-pagination:widow-orphan;
	font-size:12.0pt;
	font-family:"Times New Roman";
	mso-fareast-font-family:"Times New Roman";}
a:link, span.MsoHyperlink
	{color:blue;
	text-decoration:underline;
	text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
	{color:purple;
	text-decoration:underline;
	text-underline:single;}
p.MsoAutoSig, li.MsoAutoSig, div.MsoAutoSig
	{margin:0in;
	margin-bottom:.0001pt;
	mso-pagination:widow-orphan;
	font-size:12.0pt;
	font-family:"Times New Roman";
	mso-fareast-font-family:"Times New Roman";}
span.EmailStyle15
	{mso-style-type:personal-compose;
	mso-ansi-font-size:10.0pt;
	mso-ascii-font-family:Arial;
	mso-hansi-font-family:Arial;
	mso-bidi-font-family:Arial;
	color:black;}
@page Section1
	{size:8.5in 11.0in;
	margin:1.0in 1.25in 1.0in 1.25in;
	mso-header-margin:.5in;
	mso-footer-margin:.5in;
	mso-paper-source:0;}
div.Section1
	{page:Section1;}
-->
</style>
</head>

<body lang=3DEN-US link=3Dblue vlink=3Dpurple =
style=3D'tab-interval:.5in'>

<div class=3DSection1>

<p class=3DMsoNormal><span class=3DEmailStyle15><font size=3D2 =
color=3Dblack
face=3DArial><span =
style=3D'font-size:10.0pt;mso-bidi-font-size:12.0pt;font-family:
Arial'>I need to encrypt emails sent through an Agora Shopping Cart =
system I have
setup on an account I have setup HostingMatters.com<br>
<br>
How do I go about doing that? I went to your web site (www.gnupg.org), =
but
don't really see anything as to where to start. All I see is how to set =
it up
on the server, but I don't have access to the server and let's say it =
was
already setup on the server, then what? Is there something I need to =
download?
How do I set it up in the shopping cart? How do I set it up on my =
client's PC
for email retrieval? <br>
<br>
I sent this same email to HM, but they said it was beyond them and =
couldn't
help. Can you? (I also sent this directly to &#8216;gnu@gnu.org&#8217; =
and they told me to
send this email to this user-group).<br>
<br>
Any advice would be much appreciated. <br>
<br>
Thanks, <br>
Sean<o:p></o:p></span></font></span></p>

<p class=3DMsoNormal><span class=3DEmailStyle15><font size=3D2 =
color=3Dblack
face=3DArial><span =
style=3D'font-size:10.0pt;mso-bidi-font-size:12.0pt;font-family:
Arial'><![if =
!supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></span></font></span></p>

<p class=3DMsoAutoSig><!--[if supportFields]><font color=3Dblack><span=20
style=3D'color:black'><span =
style=3D'mso-element:field-begin'></span><span=20
style=3D"mso-spacerun: yes">&nbsp;</span>AUTOTEXTLIST \s &quot;E-mail=20
Signature&quot; <span =
style=3D'mso-element:field-separator'></span></span></font><![endif]--><f=
ont
size=3D2 color=3Dblack face=3DVerdana><span =
style=3D'font-size:10.0pt;mso-bidi-font-size:
12.0pt;font-family:Verdana;color:black'>-----------------------------</sp=
an></font><font
size=3D2 color=3Dblack face=3DVerdana><span =
style=3D'font-size:10.0pt;mso-bidi-font-size:
12.0pt;font-family:Verdana;color:black;mso-color-alt:windowtext'><o:p></o=
:p></span></font></p>

<p class=3DMsoAutoSig><font size=3D2 color=3Dblack face=3DVerdana><span
style=3D'font-size:10.0pt;mso-bidi-font-size:12.0pt;font-family:Verdana;
color:black'>Loaded Media - Creative Solutions =
Provider</span></font><font
size=3D2 color=3Dblack face=3DVerdana><span =
style=3D'font-size:10.0pt;mso-bidi-font-size:
12.0pt;font-family:Verdana;color:black;mso-color-alt:windowtext'><o:p></o=
:p></span></font></p>

<p class=3DMsoAutoSig><font size=3D2 color=3Dblack face=3DVerdana><span
style=3D'font-size:10.0pt;mso-bidi-font-size:12.0pt;font-family:Verdana;
color:black'>Visit us at <a =
href=3D"http://www.loadedmedia.com/">http://www.loadedmedia.com/</a></spa=
n></font><font
size=3D2 color=3Dblack face=3DVerdana><span =
style=3D'font-size:10.0pt;mso-bidi-font-size:
12.0pt;font-family:Verdana;color:black;mso-color-alt:windowtext'><o:p></o=
:p></span></font></p>

<p class=3DMsoAutoSig><font size=3D2 color=3Dblack face=3DVerdana><span
style=3D'font-size:10.0pt;mso-bidi-font-size:12.0pt;font-family:Verdana;
color:black'>856.825.2400</span></font><font size=3D2 color=3Dblack =
face=3DVerdana><span
style=3D'font-size:10.0pt;mso-bidi-font-size:12.0pt;font-family:Verdana;
color:black;mso-color-alt:windowtext'><o:p></o:p></span></font></p>

<p class=3DMsoAutoSig><font size=3D2 color=3Dblack face=3DVerdana><span
style=3D'font-size:10.0pt;mso-bidi-font-size:12.0pt;font-family:Verdana;
color:black'>888.355.3200 toll free</span></font><font size=3D2 =
color=3Dblack
face=3DVerdana><span =
style=3D'font-size:10.0pt;mso-bidi-font-size:12.0pt;
font-family:Verdana;color:black;mso-color-alt:windowtext'><o:p></o:p></sp=
an></font></p>

<p class=3DMsoAutoSig><font size=3D2 color=3Dblack face=3DVerdana><span
style=3D'font-size:10.0pt;mso-bidi-font-size:12.0pt;font-family:Verdana;
color:black'>856.794.8862 fax</span></font><font size=3D2 color=3Dblack
face=3DVerdana><span =
style=3D'font-size:10.0pt;mso-bidi-font-size:12.0pt;
font-family:Verdana;color:black;mso-color-alt:windowtext'><o:p></o:p></sp=
an></font></p>

<p class=3DMsoAutoSig><font size=3D2 color=3Dblack face=3DVerdana><span
style=3D'font-size:10.0pt;mso-bidi-font-size:12.0pt;font-family:Verdana;
color:black'><a =
href=3D"mailto:info@loadedmedia.com">info@loadedmedia.com</a></span></fon=
t><font
size=3D2 color=3Dblack face=3DVerdana><span =
style=3D'font-size:10.0pt;mso-bidi-font-size:
12.0pt;font-family:Verdana;color:black;mso-color-alt:windowtext'><o:p></o=
:p></span></font></p>

<p class=3DMsoNormal><!--[if supportFields]><font color=3Dblack><span=20
style=3D'color:black'><span =
style=3D'mso-element:field-end'></span></span></font><![endif]--><font
color=3Dblack><span style=3D'color:black'><![if =
!supportEmptyParas]>&nbsp;<![endif]></span></font><font
color=3Dblack><span =
style=3D'color:black;mso-color-alt:windowtext'><o:p></o:p></span></font><=
/p>

</div>

</body>

</html>

------=_NextPart_000_0013_01C1D728.E8A33BC0--



From ingo.kloecker@epost.de  Fri Mar 29 20:29:01 2002
From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=)
Date: Fri Mar 29 20:29:01 2002
Subject: bad signatures
In-Reply-To: <20020326035909.0C69E4F4BD@mail.actcom.net>
References: <20020326035909.0C69E4F4BD@mail.actcom.net>
Message-ID: <200203292025.05395@erwin.ingo-kloecker.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 26 March 2002 05:01, Lee Roberts wrote:
> Why does everyone say my GPG signature is bad while their PGP
> signature shows good? I did a decrypt/verify of one of my GPG
> messages with PGP and it gives a bad signature also. So far, I don't
> see anything wrong with my GPG configuration.

I found the problem. In full compliance with the OpenPGP specs GPG uses=20
v4 signatures by default. GPG has an option to force it to use v3=20
signatures. man gpg says:
       --force-v3-sigs
                 OpenPGP states  that  an  implementation  should
                 generate v4 signatures but PGP 5.x recognizes v4
                 signatures only on key  material.   This  option
                 forces v3 signatures for signatures on data.

Obviously PGP 6.5.8 also can't handle v4 signatures.

Solution:
Add 'force-v3-sigs' to your ~/.gnupg/options file.

Regards,
Ingo

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8pL+QGnR+RTDgudgRAmEQAJ9srQpHdvR1/GvXkbioc/PcPowdfgCfdSeH
iiSAmwy3Simr+ZeRvIOt+94=3D
=3DZLtP
-----END PGP SIGNATURE-----


From teiva1@caramail.com  Sat Mar 30 13:19:01 2002
From: teiva1@caramail.com (Teiva martin)
Date: Sat Mar 30 13:19:01 2002
Subject: Problem importing a secret key
Message-ID: <1017490591012061@caramail.com>

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

--=_NextPart_Caramail_0120611017490591_ID
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I have a problem importing a secret key from another
computer. I've made a "gpg --export-secret-key --armor
teiva", scp the key to the other computer, but there, all I
have is a :
teiva@zephyr:~/.gnupg$ gpg --import
--allow-secret-key-import teiva_pvkey.asc
gpg: key B7E9F209: no user ID
gpg: Total number processed: 1
gpg: secret keys read: 1

What did I made wrong ?

Thanks for your help
______________________________________________________
Bo=EEte aux lettres - Caramail - http://www.caramail.com


--=_NextPart_Caramail_0120611017490591_ID--



From sunny@sunbase.org  Sat Mar 30 13:41:01 2002
From: sunny@sunbase.org (Oyvind A. Holm)
Date: Sat Mar 30 13:41:01 2002
Subject: Problem importing a secret key
In-Reply-To: <1017490591012061@caramail.com>
Message-ID: <Pine.LNX.4.40.0203301335370.16097-100000@sunba>

On 2002-03-30 13:16-0000 Teiva martin wrote:

> I have a problem importing a secret key from another
> computer. I've made a "gpg --export-secret-key --armor
> teiva", scp the key to the other computer, but there, all I
> have is a :
> teiva@zephyr:~/.gnupg$ gpg --import
> --allow-secret-key-import teiva_pvkey.asc
> gpg: key B7E9F209: no user ID
> gpg: Total number processed: 1
> gpg: secret keys read: 1
>
> What did I made wrong ?

Judging from the error message it seems as GPG also wants the public
key. The secret key contains no personal information, so GnuPG has no
user ID that refer to this secret key. Try to import the public key
first, then import the secret key the way you did.

Mvh
=D8yvind

+-------------------------------------------------------------------+
| OpenPGP: 0x629022EB 2002-02-24 =D8yvind A. Holm <sunny@sunbase.org> |
| Fingerprint: DBE9 8D44 67F7 42AC 2CA1  7651 724E 9D53 6290 22EB   |
+-------- Don't support organized crime, boycott Microsoft. --------+



From teiva1@caramail.com  Sat Mar 30 14:00:01 2002
From: teiva1@caramail.com (Teiva martin)
Date: Sat Mar 30 14:00:01 2002
Subject: Problem importing a secret key
Message-ID: <1017493103006398@caramail.com>

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

--=_NextPart_Caramail_0063981017493103_ID
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Actually, the public key is already imported. That's why I
really don't understand why I can't import the private
key... Anyway, if that is the problem, is there any away to
force gnupg to import the key, without caring about personal
informations ?
Teiva
______________________________________________________
Bo=EEte aux lettres - Caramail - http://www.caramail.com


--=_NextPart_Caramail_0063981017493103_ID--



From dshaw@jabberwocky.com  Sat Mar 30 17:32:01 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Sat Mar 30 17:32:01 2002
Subject: Problem importing a secret key
In-Reply-To: <Pine.LNX.4.40.0203301335370.16097-100000@sunba>
References: <1017490591012061@caramail.com> <Pine.LNX.4.40.0203301335370.16097-100000@sunba>
Message-ID: <20020330152944.GA633@akamai.com>

On Sat, Mar 30, 2002 at 01:38:45PM +0100, Oyvind A. Holm wrote:
> On 2002-03-30 13:16-0000 Teiva martin wrote:
> 
> > I have a problem importing a secret key from another
> > computer. I've made a "gpg --export-secret-key --armor
> > teiva", scp the key to the other computer, but there, all I
> > have is a :
> > teiva@zephyr:~/.gnupg$ gpg --import
> > --allow-secret-key-import teiva_pvkey.asc
> > gpg: key B7E9F209: no user ID
> > gpg: Total number processed: 1
> > gpg: secret keys read: 1
> >
> > What did I made wrong ?
> 
> Judging from the error message it seems as GPG also wants the public
> key. The secret key contains no personal information, so GnuPG has no
> user ID that refer to this secret key. Try to import the public key
> first, then import the secret key the way you did.

This is not correct - the secret key should contain everything in the
public key except for key signatures (other than the self-signature).

It's possible you don't have a user ID packet in your secret key for
some reason.  Can you tell me what GnuPG displays when you add
--verbose to your command line?

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From dshaw@jabberwocky.com  Sat Mar 30 17:32:06 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Sat Mar 30 17:32:06 2002
Subject: FAQ item?: Using GnuPG in a business
In-Reply-To: <1017178166.19444.7.camel@allevil>
References: <20020326182530.GA681@akamai.com> <1017178166.19444.7.camel@allevil>
Message-ID: <20020330162931.GA1103@akamai.com>

On Tue, Mar 26, 2002 at 04:29:26PM -0500, Douglas Calvert wrote:
> On Tue, 2002-03-26 at 13:25, David Shaw wrote:
>  > Maybe this should be a FAQ - I saw Douglas Calvert volunteered to be
> > the new FAQ maintainer.
> Yep that is me. i am waiting on werner to get some things ready. But he
> is busy right now. If someone wants to write this up let me know. If not
> please let me know what you would like included. And while we are on the
> subject if there are any more faq things let me know...

There are several pieces of information that need to be mentioned in
the answer for this question.  The thing that I think is most
important, though, is that it is very clear very early in the answer
that it is just fine to use it in a business and there are no licence
fees or contracts to be signed.  A lot of the free software documents
on the net are very good and very complete but don't really get to the
heart of the question for a business that just wants to use it (as
opposed to distribute, modify, and so on).

Many business folks don't really understand free software, and we
should make their first experience with it be as painless and happy as
possible :)

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From n0sq@arrl.net  Sat Mar 30 18:13:01 2002
From: n0sq@arrl.net (Lee Roberts)
Date: Sat Mar 30 18:13:01 2002
Subject: bad signatures
In-Reply-To: <200203292025.05395@erwin.ingo-kloecker.de>
References: <20020326035909.0C69E4F4BD@mail.actcom.net> <200203292025.05395@erwin.ingo-kloecker.de>
Message-ID: <20020330170742.876AE4EB60@mail.actcom.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday 29 March 2002 12:25 pm, Ingo Kl=F6cker wrote:
> On Tuesday 26 March 2002 05:01, Lee Roberts wrote:
> > Why does everyone say my GPG signature is bad while their PGP
> > signature shows good? I did a decrypt/verify of one of my GPG
> > messages with PGP and it gives a bad signature also. So far, I don't
> > see anything wrong with my GPG configuration.
>
> I found the problem. In full compliance with the OpenPGP specs GPG uses
> v4 signatures by default. GPG has an option to force it to use v3
> signatures. man gpg says:
>        --force-v3-sigs
>                  OpenPGP states  that  an  implementation  should
>                  generate v4 signatures but PGP 5.x recognizes v4
>                  signatures only on key  material.   This  option
>                  forces v3 signatures for signatures on data.
>
> Obviously PGP 6.5.8 also can't handle v4 signatures.
>
> Solution:
> Add 'force-v3-sigs' to your ~/.gnupg/options file.
>
> Regards,
> Ingo

Looks like that was the problem. The signature looks good on my PGP 6.5.8=
 now=20
but I haven't heard back from my friends yet to be sure that their versio=
n of=20
PGP shows the signature as good.



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Encryption isn't just for secrets......

iD8DBQE8pfGHUdYCmRtxtWQRAq0/AJ9futRCf5SCAfCd3Sg1uA/jCbRHaACfZHED
pPzNw+aOhOK4rf/koet4hZ8=3D
=3Dkhzx
-----END PGP SIGNATURE-----


From oliver@schonrocks.com  Sat Mar 30 20:07:01 2002
From: oliver@schonrocks.com (=?ISO-8859-1?Q?Oliver_Sch=F6nrock?=)
Date: Sat Mar 30 20:07:01 2002
Subject: Creating user id's with International Characters
Message-ID: <344099759.1017515101@[192.168.0.1]>

--==========344102599==========
Content-Type: text/plain; charset=iso-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

As you can see from my "Real Name" I have a continuous issue with the=20
German "Umlaut".

RFC 2047 now allows the use non-ASCII characters in the message Header, and =

most clients these days support it.

http://www.ietf.org/rfc/rfc2047.txt?number=3D2047

When I recently downloaded GnuPG and created my Key-Pair, I created the=20
UserID real name with the "Umlaut". No problem so far on my machine (which=20
BTW is W2K).

Problem came when I submitted my key to a keyserver which failed to read=20
the non-ASCII character correctly.

I suspect that this is caused by my W32 environment using ISO-8859-1 and=20
the specification for OpenPCP speficifying UTF-8.

http://www.ietf.org/rfc/rfc2440.txt

However after half a day on this problem I can't seem to find a solution to =

creating a key that represents the Umlaut correctly so that it will appear=20
properly in the message header/cmail client under RFC 2047, and in the=20
Keyserver Listing accroding to RFC 2440.

I am sure this is a very common problem in German speaking regions and=20
there is an obvious solution.

Help would be very much appreciated.

Regards

Oliver Sch=F6nrock
--==========344102599==========
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6-2 (MingW32)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjymDF0ACgkQCrzs63tEJe+3LwCgmtvGFwBo2A72wtiMBB3irqbl
j9wAn2DQZeMVXOSVz/54iKS0ThV4qgfn
=T5Bk
-----END PGP SIGNATURE-----

--==========344102599==========--



From karlsson@hal-pc.org  Sat Mar 30 22:04:02 2002
From: karlsson@hal-pc.org (Brian M. Carlson)
Date: Sat Mar 30 22:04:02 2002
Subject: --compress-algo
Message-ID: <20020330210229.GA25220@stonewall>

--rwEMma7ioTxnRzrJ
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Using the command line "gpg --compress-algo 0 --export > pgpmsg.asc"
with gpg 1.0.6d yields the same results as --compress-algo [1,2]. The md5su=
ms
for each pgpmsg.asc are the same.  Shouldn't this command create uncompress=
ed
output (so that I can later compress it more efficiently with bzip2)?

--=20
Brian M. Carlson
<karlsson@hal-pc.org>
OpenPGP: 0x351336B2DCA1913A

--rwEMma7ioTxnRzrJ
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6d (GNU/Linux)
Comment: Ubi libertas, ibi patria.

iQEVAwUBPKYn5OWR/8lWBVPnAQMVnQf+IiB1VKpy18ZxsoovV19aGbIhh7SMUWBg
4xorevWCspnHKxOR/RxGBNmxj0+8WaxuvmvmOivNZLol6HGI4UBp/VeoToDh3yGi
qldZDttl0XfC0jTiVGQxIIG+m1D/ZSMGFjHjdK38l8YwKWtSFXUHIFRcMFvSd5iZ
JEkR2sdeLV2BHqx5jJtJJD02chDlQ3F4HSTa85UrUN0HMBa02FyQKAKH4m/Rmt6M
Os0o5OtVOE6rG0HDaawl8pQ0xRO8TtRx1QTTwwhMqyZuAMnzAr0R+q14x/jeOJHM
6PXKjfWUuu3eqGxcds6xeltkcOhvi614nnaEdZuuo4tnAlKeFWmklQ==
=NX4+
-----END PGP SIGNATURE-----

--rwEMma7ioTxnRzrJ--


From bart.martens@advalvas.be  Sat Mar 30 23:31:01 2002
From: bart.martens@advalvas.be (Bart Martens)
Date: Sat Mar 30 23:31:01 2002
Subject: --compress-algo
In-Reply-To: <20020330210229.GA25220@stonewall>; from karlsson@hal-pc.org on Sat, Mar 30, 2002 at 09:02:29PM +0000
References: <20020330210229.GA25220@stonewall>
Message-ID: <20020330225755.A6908@cable-195-162-214-247.upc.chello.be>

On Sat, Mar 30, 2002 at 09:02:29PM +0000, Brian M. Carlson wrote:
> Using the command line "gpg --compress-algo 0 --export > pgpmsg.asc"
> with gpg 1.0.6d yields the same results as --compress-algo [1,2]. The md5sums
> for each pgpmsg.asc are the same.  Shouldn't this command create uncompressed
> output (so that I can later compress it more efficiently with bzip2)?
> 
> -- 
> Brian M. Carlson
> <karlsson@hal-pc.org>
> OpenPGP: 0x351336B2DCA1913A

Have you tried -z 0 ?



From user1312@mail-group.net  Sat Mar 30 23:45:01 2002
From: user1312@mail-group.net (George Summerton)
Date: Sat Mar 30 23:45:01 2002
Subject: GnuPG on Pocket PC/Windows CE?
Message-ID: <000d01c1d83c$2e481d80$6501a8c0@LocalHost17>

Is there a GnuPG binary that will run on an IPAQ (206mhz ARM
processor) under Pocket PC 2002/Windows CE?

Thanks for any information.

George



From ingo.kloecker@epost.de  Sun Mar 31 00:45:01 2002
From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=)
Date: Sun Mar 31 00:45:01 2002
Subject: Creating user id's with International Characters
In-Reply-To: <344099759.1017515101@[192.168.0.1]>
References: <344099759.1017515101@[192.168.0.1]>
Message-ID: <200203310002.15027@erwin.ingo-kloecker.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Saturday 30 March 2002 20:05, Oliver Sch=F6nrock wrote:
> As you can see from my "Real Name" I have a continuous issue with the
> German "Umlaut".

As you can see, /me too. ;-)

> RFC 2047 now allows the use non-ASCII characters in the message
> Header, and most clients these days support it.
>
> http://www.ietf.org/rfc/rfc2047.txt?number=3D2047
>
> When I recently downloaded GnuPG and created my Key-Pair, I created
> the UserID real name with the "Umlaut". No problem so far on my
> machine (which BTW is W2K).

Same here.

> Problem came when I submitted my key to a keyserver which failed to
> read the non-ASCII character correctly.

Well, obviously this is the keyserver's fault. My user id is also not=20
displayed correctly on the WWW interface of the keyserver and PGP 6.5.8=20
also doesn't do it right (I heard that PGP 7 finally does it correctly,=20
but who cares anyway). GnuPG OTOH is RFC 2440 compliant and encodes the=20
user id correctly in utf-8.

> However after half a day on this problem I can't seem to find a
> solution to creating a key that represents the Umlaut correctly so
> that it will appear properly in the message header/cmail client under
> RFC 2047, and in the Keyserver Listing accroding to RFC 2440.

Why should the user id appear in a message header?

> I am sure this is a very common problem in German speaking regions
> and there is an obvious solution.

The obvious solution I can propose is not to use a broken mail client=20
which can't handle utf-8 encoded user ids correctly.

But maybe there is really a problem with your user id. Please send your=20
public key to the list so that we can have a look.

Regards,
Ingo

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8pkPzGnR+RTDgudgRAnbeAKCLSvnF7s4xJo7hKhhjqg4ZbQElfgCfV9xs
Mv9VMWxwn6f/T2qlmO85TDg=3D
=3D3QpD
-----END PGP SIGNATURE-----


From jkane89@softhome.net  Sun Mar 31 00:47:02 2002
From: jkane89@softhome.net (John Kane)
Date: Sun Mar 31 00:47:02 2002
Subject: --compress-algo
Message-ID: <3CA64CF4.D1679B26@softhome.net>

Brian Carlson writes:
  > "gpg --compress-algo 0 --export > pgpmsg.asc"

Sorry, but the output of --export was never compressed
in the first place.  It does a binary export of all public keys
in your keyring.  (compress-algo and -z have no effect in
this situation.)   You can do --armor --export  if you
want the output to be a non-binary ascii file (which you
can then compress), but --export already produces an
uncompressed binary file.  You would do:

   gpg  --export >mykeys.gpg
   gpg  -a --export >mykeys.asc
   gpg  -a -o mykeys.asc --export






From karlsson@hal-pc.org  Sun Mar 31 01:15:02 2002
From: karlsson@hal-pc.org (Brian M. Carlson)
Date: Sun Mar 31 01:15:02 2002
Subject: --compress-algo
In-Reply-To: <20020330225755.A6908@cable-195-162-214-247.upc.chello.be>
References: <20020330210229.GA25220@stonewall> <20020330225755.A6908@cable-195-162-214-247.upc.chello.be>
Message-ID: <20020331001310.GA29188@stonewall>

--AqsLC8rIMeq19msA
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Mar 30, 2002 at 10:57:56PM +0100, Bart Martens wrote:
> On Sat, Mar 30, 2002 at 09:02:29PM +0000, Brian M. Carlson wrote:
> > Using the command line "gpg --compress-algo 0 --export > pgpmsg.asc"
> > with gpg 1.0.6d yields the same results as --compress-algo [1,2]. The m=
d5sums
> > for each pgpmsg.asc are the same.  Shouldn't this command create uncomp=
ressed
> > output (so that I can later compress it more efficiently with bzip2)?
> >=20
> > --=20
> > Brian M. Carlson
> > <karlsson@hal-pc.org>
> > OpenPGP: 0x351336B2DCA1913A
>=20
> Have you tried -z 0 ?

Yes, it didn't work.
It would be rather useful if when exporting the compression options took
effect.

--=20
Brian M. Carlson
<karlsson@hal-pc.org>
OpenPGP: 0x351336B2DCA1913A

--AqsLC8rIMeq19msA
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6d (GNU/Linux)
Comment: Ubi libertas, ibi patria.

iQEVAwUBPKZUlOWR/8lWBVPnAQO+fQf/ec4J2PI3R8MKTNZ+mVKzqBIfDgzXgt95
SQPF9FeNWbtm4nr01n2dvYRsC+nf82FShibStZ0q4awu+vtnuC1hxRjviKakNGRG
234+SdJiiC1S58zGZTl7IzSkLpQcoaDgN93spRE8rIOb7kC9txq7MtIzZZ+PBFP7
85+DnGMqbvfkSOaKjbHeaalHswhqitteaajMvoRE3JmwJzEvApuP3xqKRlOpQMs1
gqXhV/PCYVBMQQlSwsZ9O/W1WayQaxKMcD0k8wyz0jynwWKukW+Sgf1aLKopQWuW
v2R4SOydvNr4BpuEuoT9pNaDiTTIShfVjsmepe5MWt512PxfUiRa0A==
=dYhB
-----END PGP SIGNATURE-----

--AqsLC8rIMeq19msA--


From oliver@schonrocks.com  Sun Mar 31 01:32:02 2002
From: oliver@schonrocks.com (=?ISO-8859-1?Q?Oliver_Sch=F6nrock?=)
Date: Sun Mar 31 01:32:02 2002
Subject: Creating user id's with International Characters
In-Reply-To: <200203310002.15027@erwin.ingo-kloecker.de>
References: <200203310002.15027@erwin.ingo-kloecker.de>
Message-ID: <363636211.1017534637@[192.168.0.1]>

--==========363654115==========
Content-Type: text/plain; charset=iso-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline



--On 31 March 2002 00:01 +0100 Ingo Kl=F6cker <ingo.kloecker@epost.de> =
wrote:

> Why should the user id appear in a message header?

I didn't mean that it should. Actually I have no problem at all on the mail =

client side. It works fine. Displays the "real name" in the header ok, and=20
uses the key just fine too. I am using Mulberry V2.2b4 BTW.

My only problem is that the Keyserver is not displaying the name correctly=20
on its html interface and thought that that meant there is a problem with=20
my key. Here is my public key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6-2 (MingW32)
Comment: For info see http://www.gnupg.org

mQGiBDyl9CMRBACeNR92RAEykNknOZB+BRTsNZOoRxqFznKTpOZlMi4TNXzf9URf
PFzKFtbQCBACWx0NPRRVehF55nfW2Onwm6x8LH+Sxpjyuc5oIZGedd9ZwNQ3GdDM
Xq6D7xbccpt8MCFQVOrRkPuANA0WRHBFhaJZL+10JMOvmGrFrXCYD93bMwCgm6/E
H8x3E0DZU2Y64kp1iVHX97MD/3uzsVY8MLkX7KFXUeBL4jbEAvzbgFXfRDwxU8Pc
sxhC8Otio0Uzh537iInItVhBuQkBg9ya4KEn5mRUUjbipAtTLv3Ofs8o6QhFqBFw
CXrKnxDEDlSkrxGimHlEsr3iS+ay8I6YresMVWjzbyXWYhcmg6MIRZLncDZtrlY/
QSpCA/90/Gfwj2yyTmne81zEhPBXKoRfAVtxkOEY401gRuL3qSHjpy/nLS22JRAs
3opuAXOK1Q5JQikXHwaEf/tmf50KrlHU4d4BZtp/vAO47fZ1bi+Py5Zb+fZQ65s+
XkY3cnvinHgrZe1bORJiIiW0MA2uWpAHYeA2o0uvErt/C36P7bQpT2xpdmVyIFNj
aMKUbnJvY2sgPG9saXZlckBzY2hvbnJvY2tzLmNvbT6IXQQTEQIAHQUCPKX0IwUJ
AeEzgAULBwoDBAMVAwIDFgIBAheAAAoJEAq87Ot7RCXvz5AAoICBGCyGp4em5U1F
8/51UvKBe9PVAJsEakMEu6hz4xgIE6Nta4aziwBD8rkBDQQ8pfQpEAQA/7A8KTv/
5Wm6yLkSaBdlamCVeUz2jk8j54W6UmYusj0q93aPUqxSTmRP4GlxkV+lVw7zYgro
fPi3KqHo5h1T+b1+WXOYiRM6JIVKNrnztO0WtzviNWovJifVN08/G9nvKQ8UkjMh
TL9Gg0nKJe0K/KfbOw5udppW+RJSUPw25NcABAsD/3kFrzEWcpjg6FFCUjyNoxv1
V3Vg+zkPaouj/p0FMc6FKYD49+5/pjBoNEdEnnp5dOaohUNAqxQrQserCPEbnKsb
if7a/le0M8fRgLbZToIlI6ZYUsPBvKAfRo5zf0EoQ+gH1hNGxXl51oUfyJkepOVm
aYcFmQez4j0Jal+VVxi0iEwEGBECAAwFAjyl9CkFCQHhM4AACgkQCrzs63tEJe9y
kgCeOZdhAUA9cuucj4hyew/eH0QhFdoAoJgjko8UmtKoRllUDoqRssvwwmTZ
=3DufLp
-----END PGP PUBLIC KEY BLOCK-----

and look how it displays on the keyserver=20
(http://math-www.uni-paderborn.de/pgp/):

Type bits/keyID    Date       User ID
pub  1024/7B4425EF 2002/03/30 Oliver Sch=C2=3Fnrock <oliver@schonrocks.com>
          Key fingerprint =3D  47 A7 A0 2C 37 BB 09 00  62 2D AC 41 0A BC =
EC=20
EB  7B 44 25 EF

nice Umlaut huh?

BTW Ingo, your key looks similar:

Type bits/keyID    Date       User ID
pub  1024/30E0B9D8 2000/10/16 Ingo Kl=C3=B6cker <ingo.kloecker@epost.de>
          Key fingerprint =3D  71 2A 09 10 32 1A C7 62  D4 80 54 08 1A 74 =
7E=20
45  30 E0 B9 D8
                              Ingo H. Kl=C3=B6cker <ingo.kloecker@web.de>
                              Ingo H. Kl=C3=B6cker =
<ingo.kloecker@arcormail.de>
                              Ingo H. Kl=C3=B6cker=20
<ingo.kloecker@matha.rwth-aachen.de>

Only question I have is why is your O-Umlaut different to mine?

So is this just a Keyserver/HTML/Char set during diapay issue? Is my key=20
actually properly encoded?

Thanks for you help

Oliver


--==========363654115==========
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6-2 (MingW32)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjymWK0ACgkQCrzs63tEJe87/ACfY4nYQp2MxolU3Q764j82WYdz
JqkAnjzyxR8mW4qOebw5+eZG1Jq1x1CQ
=Pezc
-----END PGP SIGNATURE-----

--==========363654115==========--



From grfz@uni.de  Sun Mar 31 04:00:01 2002
From: grfz@uni.de (Gregor Zattler)
Date: Sun Mar 31 03:00:01 2002
Subject: gpg --list-key shows keys twice
Message-ID: <20020331015328.A5513@localhost>

Hi gnupg-users,

gpg --list-key shows pubkeys in pubring.gpg twice, 
whereas pubkeys from "included" pubring.pgp are single in the
listing (see below).                    ^^^

This is especially annoying, when using gpg in mutt: every time i
mail (and encrypt) to a person from which i have only one key
mutt asks me which one from the listing of two identical keys i
want to use for encrytion.

I am using gpg 1.06 as packed in debian sid. I reimported the
whole pubring.gpg but that did not help. Any ideas?


This is a listing which shows keys from gpg-pubring.gpg mixed
with keys from pgp-pubring.pgp:

0 pit:~$ gpg --list-key thomas
pub  1024D/393D2469 1999-09-23 Thomas Quinot <thomas@debian.org>
uid                            Thomas Quinot <thomas@cuivre.fr.eu.org>
sub  1024g/8DE13BB2 1999-09-23

pub  1024D/393D2469 1999-09-23 Thomas Quinot <thomas@debian.org>
uid                            Thomas Quinot <thomas@cuivre.fr.eu.org>
sub  1024g/8DE13BB2 1999-09-23

pub  1954R/983D1641 1997-12-09 Thomas Roessler <thomas@dana.de>

pub   512R/030EF661 1996-04-24 Thomas Roessler <roessler@iam.uni-bonn.de> [INSECURE]

pub  1024R/9AA3C6F1 1995-01-03 Thomas Roessler <roessler@sobolev.rhein.de>
uid                            Thomas Roessler <roessler@sobolev.cologne.de>
uid                            Thomas Roessler <roessler@indi5.iam.uni-bonn.de> %3

pub  1024R/A3EDCD85 1994-08-01 Thomas Roessler <roessler@indi5.iam.uni-bonn.de>
uid                            Thomas Roessler <roessler@rhein.iam.uni-bonn.de>

pub   512R/EBD70345 1994-05-30 Thomas L. Roessler <roessler@indi5.iam.uni-bonn.de>

pub  2048R/CE6AC6C1 1997-12-23 Thomas Roessler <roessler@guug.de>

pub  1280R/593238E1 1996-01-19 Thomas Roessler <roessler@guug.de>
uid                            Thomas Roessler <Thomas.Roessler@Sobolev.Rhein.DE>

pub  1024R/134012DD 1994-12-23 Thomas Quinot <thomas@debian.org>
uid                            Thomas Quinot <Thomas.Quinot@Cuivre.FR.EU.ORG>
uid                            Thomas Quinot <thomas@melchior.frmug.fr.net>
uid                            Thomas.Quinot@Email.ENST.FR
uid                            Thawte Freemail Member <thomas@Cuivre.FR.EU.ORG>
uid                            Thomas Quinot <Thomas.Quinot@cuivre.fdn.fr>

pub  1024R/92E1B71D 1998-12-09 Chuck Thomas <cjthoma@comp.uark.edu>

pub  1024R/56E1B8DD 1995-07-16 Ted Whalen <tew@debian.org>
uid                            Ted Whalen <tew@nwu.edu>
uid                            Thomas E. Whalen <tew@nwu.edu>



Ciao, Gregor
-- 
Kommunikation benoetigt gemeinsame     /"\    ASCII Ribbon Campaign   
Standards --> unformatierter Text      \ /    Respect for open standards
in E-Mails, als Anhaenge nur offene     X     No HTML/RTF in email     
Standards, keine Micro$oft-Dateien     / \    No M$ Word docs in email


From dshaw@jabberwocky.com  Sun Mar 31 04:05:01 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Sun Mar 31 03:05:01 2002
Subject: --compress-algo
In-Reply-To: <20020330210229.GA25220@stonewall>
References: <20020330210229.GA25220@stonewall>
Message-ID: <20020331010232.GA682@akamai.com>

On Sat, Mar 30, 2002 at 09:02:29PM +0000, Brian M. Carlson wrote:
> Using the command line "gpg --compress-algo 0 --export > pgpmsg.asc"
> with gpg 1.0.6d yields the same results as --compress-algo [1,2]. The md5sums
> for each pgpmsg.asc are the same.  Shouldn't this command create uncompressed
> output (so that I can later compress it more efficiently with bzip2)?

The default for --export is already uncompressed.  If you want to
compress keys, use --compress-keys along with the usual
--compress-algo.

Note that GnuPG can import compressed keys just fine, but if you
compress outside of GnuPG (with gzip or bzip2 or whatever), then
you'll need to uncompress it yourself before --importing it back into
GnuPG.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From haphazard@kc.rr.com  Sun Mar 31 07:57:02 2002
From: haphazard@kc.rr.com (Greg Norris)
Date: Sun Mar 31 06:57:02 2002
Subject: gpg --list-key shows keys twice
In-Reply-To: <20020331015328.A5513@localhost>
References: <20020331015328.A5513@localhost>
Message-ID: <20020331045821.GA11580@glitch.localdomain>

--T4sUOijqQbZv57TR
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Your public keyring is being checked twice.  Edit ~/.gnupg/options, and
remove the "keyring" entry for ~/.gnupg/pubring.gpg.  Current versions
of gpg use the default keyring file automagically, while older ones
required that it be specified explicitely... that's been my experience
on Debian, anyway.

On Sun, Mar 31, 2002 at 01:53:28AM +0100, Gregor Zattler wrote:
> Hi gnupg-users,
>=20
> gpg --list-key shows pubkeys in pubring.gpg twice,=20
> whereas pubkeys from "included" pubring.pgp are single in the
> listing (see below).                    ^^^
>=20
> This is especially annoying, when using gpg in mutt: every time i
> mail (and encrypt) to a person from which i have only one key
> mutt asks me which one from the listing of two identical keys i
> want to use for encrytion.
>=20
> I am using gpg 1.06 as packed in debian sid. I reimported the
> whole pubring.gpg but that did not help. Any ideas?
>=20
>=20
> This is a listing which shows keys from gpg-pubring.gpg mixed
> with keys from pgp-pubring.pgp:
>=20
> 0 pit:~$ gpg --list-key thomas
> pub  1024D/393D2469 1999-09-23 Thomas Quinot <thomas@debian.org>
> uid                            Thomas Quinot <thomas@cuivre.fr.eu.org>
> sub  1024g/8DE13BB2 1999-09-23
>=20
> pub  1024D/393D2469 1999-09-23 Thomas Quinot <thomas@debian.org>
> uid                            Thomas Quinot <thomas@cuivre.fr.eu.org>
> sub  1024g/8DE13BB2 1999-09-23
>=20
> pub  1954R/983D1641 1997-12-09 Thomas Roessler <thomas@dana.de>
>=20
> pub   512R/030EF661 1996-04-24 Thomas Roessler <roessler@iam.uni-bonn.de>=
 [INSECURE]
>=20
> pub  1024R/9AA3C6F1 1995-01-03 Thomas Roessler <roessler@sobolev.rhein.de>
> uid                            Thomas Roessler <roessler@sobolev.cologne.=
de>
> uid                            Thomas Roessler <roessler@indi5.iam.uni-bo=
nn.de> %3
>=20
> pub  1024R/A3EDCD85 1994-08-01 Thomas Roessler <roessler@indi5.iam.uni-bo=
nn.de>
> uid                            Thomas Roessler <roessler@rhein.iam.uni-bo=
nn.de>
>=20
> pub   512R/EBD70345 1994-05-30 Thomas L. Roessler <roessler@indi5.iam.uni=
-bonn.de>
>=20
> pub  2048R/CE6AC6C1 1997-12-23 Thomas Roessler <roessler@guug.de>
>=20
> pub  1280R/593238E1 1996-01-19 Thomas Roessler <roessler@guug.de>
> uid                            Thomas Roessler <Thomas.Roessler@Sobolev.R=
hein.DE>
>=20
> pub  1024R/134012DD 1994-12-23 Thomas Quinot <thomas@debian.org>
> uid                            Thomas Quinot <Thomas.Quinot@Cuivre.FR.EU.=
ORG>
> uid                            Thomas Quinot <thomas@melchior.frmug.fr.ne=
t>
> uid                            Thomas.Quinot@Email.ENST.FR
> uid                            Thawte Freemail Member <thomas@Cuivre.FR.E=
U.ORG>
> uid                            Thomas Quinot <Thomas.Quinot@cuivre.fdn.fr>
>=20
> pub  1024R/92E1B71D 1998-12-09 Chuck Thomas <cjthoma@comp.uark.edu>
>=20
> pub  1024R/56E1B8DD 1995-07-16 Ted Whalen <tew@debian.org>
> uid                            Ted Whalen <tew@nwu.edu>
> uid                            Thomas E. Whalen <tew@nwu.edu>
>=20
>=20
>=20
> Ciao, Gregor
> --=20
> Kommunikation benoetigt gemeinsame     /"\    ASCII Ribbon Campaign  =20
> Standards --> unformatierter Text      \ /    Respect for open standards
> in E-Mails, als Anhaenge nur offene     X     No HTML/RTF in email    =20
> Standards, keine Micro$oft-Dateien     / \    No M$ Word docs in email
>=20
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

--T4sUOijqQbZv57TR
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8ppdtgrEMyr8Cx2YRAm3MAKDGcyTpFm+vUTuOFf1BOGPJx53MzACfWDql
7oOBJDcRiJ3620EubDOHPwc=
=yXTL
-----END PGP SIGNATURE-----

--T4sUOijqQbZv57TR--


From jim@deadlock.com  Sun Mar 31 11:23:01 2002
From: jim@deadlock.com (Jim Rhodes)
Date: Sun Mar 31 10:23:01 2002
Subject: Removing comment via options file
Message-ID: <CurSIsCxbsp8EwjF@deadlock.com>

I know that it's possible to remove the comment line from
ciphertext via the command line:

--comment ''

... but is it possible to remove the comment line via the
options file?




From gw_goldwing@gwstrong.com  Sun Mar 31 11:57:02 2002
From: gw_goldwing@gwstrong.com (Greg Strong)
Date: Sun Mar 31 10:57:02 2002
Subject: Install GnuPG on Win98?  Use GPA?
Message-ID: <VA.00000013.005e94d5@gwstrong.com>

I've downloaded GnuPG 1.0.6 and GPA.  I'm assuming GPA is the standard 
Win32 GUI to use with GnuPG after reading a few messages.  The files 
are gnupg-w32-1.0.6-2.zip and gpa-0.4.3.tar.gz, respectively.  

It looks like most of the documentation on the web site pertains to the 
"standard" installation onto Linux and running GnuPG from the prompt.  
The site does state GnuPG can be used on Win32 OS's.  I would rather 
use GnuPG with a more user friendly frontend, but have experience 
working from the prompt on DOS before Windows took over.  

I would like to use GnuPG with my email client either encrypting email 
or using with signatures for authentication.  Presently I'm using 
Virtual Access 5.51 for an email client, but this may change to Agent 
in the future.

My questions are as follows:
1) Any special installation instructions for Win98?

2) If GPA is the standard GUI, can I use this with any email program?  

3) If #2 is yes, is there any threads in the archives which would 
provide some help.  

I'm never used PGP.  I've read the Howtos and parts of the manual, so I 
have some background.  Actually using the application would be the best 
experience, and would like to get a good start.  TIA!


Greg Strong
Email: gw_goldwing@gwstrong.com

Sun, 31 Mar 2002 02:30 CST




From sunny@sunbase.org  Sun Mar 31 12:14:02 2002
From: sunny@sunbase.org (Oyvind A. Holm)
Date: Sun Mar 31 11:14:02 2002
Subject: Removing comment via options file
In-Reply-To: <CurSIsCxbsp8EwjF@deadlock.com>
Message-ID: <Pine.LNX.4.40.0203311107560.1218-100000@sunba>

On 2002-03-31 09:21+0100 Jim Rhodes wrote:

> I know that it's possible to remove the comment line from
> ciphertext via the command line:
>
> --comment ''
>
> ... but is it possible to remove the comment line via the
> options file?

Yepp.

comment ""

=D8yvind

+-------------------------------------------------------------------+
| OpenPGP: 0x629022EB 2002-02-24 =D8yvind A. Holm <sunny@sunbase.org> |
| Fingerprint: DBE9 8D44 67F7 42AC 2CA1  7651 724E 9D53 6290 22EB   |
+-------- Don't support organized crime, boycott Microsoft. --------+




From justinrt@bellsouth.net  Sun Mar 31 13:10:02 2002
From: justinrt@bellsouth.net (Justin Troutman)
Date: Sun Mar 31 12:10:02 2002
Subject: Install GnuPG on Win98?  Use GPA?
References: <VA.00000013.005e94d5@gwstrong.com>
Message-ID: <005801c1d89b$bbea27a0$3c709d42@sardine>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160


On Sun, 31 Mar 2002 02:30 CST Greg Strong wrote:

> I've downloaded GnuPG 1.0.6 and GPA.  I'm assuming GPA is the
standard
> Win32 GUI to use with GnuPG after reading a few messages.  The
files
> are gnupg-w32-1.0.6-2.zip and gpa-0.4.3.tar.gz, respectively.
>
GPA is probably the best GUI for it, of which I use, along with WinPT
(http://www.winpt.org) due to its tasktray availability and clipboard
features.

> It looks like most of the documentation on the web site pertains to
the
> "standard" installation onto Linux and running GnuPG from the
prompt.
> The site does state GnuPG can be used on Win32 OS's.  I would
rather
> use GnuPG with a more user friendly frontend, but have experience
> working from the prompt on DOS before Windows took over.

Working with GnuPG via command line is fairly simple, provided you
read over the man file and some documentation, however the GUI
automation is great, but, with GnuPP, of which is explained a bit
below, you can use the GUI utilities or still choose to run it at the
command line. Your call.

>
> I would like to use GnuPG with my email client either encrypting
email
> or using with signatures for authentication.  Presently I'm using
> Virtual Access 5.51 for an email client, but this may change to
Agent
> in the future.
>
> My questions are as follows:
> 1) Any special installation instructions for Win98?
>
> 2) If GPA is the standard GUI, can I use this with any email
program?
>
> 3) If #2 is yes, is there any threads in the archives which would
> provide some help.
>
> I'm never used PGP.  I've read the Howtos and parts of the manual,
so I
> have some background.  Actually using the application would be the
best
> experience, and would like to get a good start.  TIA!
>

I would recommend downloading the GnuPP package, which bundles GnuPG,
GPA, and WinPT together for easy installation.
The GnuPP site it in German, but with a little help from Google
translation, you should be able to comprehend everything at:

http://translate.google.com/translate?hl=en&sl=de&u=http://www.gnupp.de/&pre
v=/search%3Fq%3DGnuPP%26hl%3Den


As for integration with mail clients, on my Windows 98 box, I use
GPGOE (for Outlook Express), which utilizes the S/MIME encrypt/sign
buttons (although not using S/MIME) to do the GnuPG encrypt/sign
routines. I am well pleased with it, especially after migrating from
all the GUI eye-candy of PGP and its mail plugins.

Also, check http://www.gnupg.org/frontends.html for plugins and such
which might be of use to you and whichever mail client you decide on
using.

Hope this helps you get started with using the application. If you
have any questions, feel free to send 'em on.

Later on,
Justin 'just another hardcore crypto junkie' Troutman
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (MingW32) - GPGOE Plug-in 0.2.2
Comment: GnuPG - Simple. Robust. Open source. Enough said.
http://www.gnupg.org | http://www.gnupp.org

iD8DBQE8pt+inMjKhGLOEDYRAy3hAKC7lJR0X0aWbZsozPgukub0F4gYnACfaPUA
TncYVVYMHwU9iAJfn211fhM=
=ewus
-----END PGP SIGNATURE-----




From mutz@kde.org  Sun Mar 31 14:36:02 2002
From: mutz@kde.org (Marc Mutz)
Date: Sun Mar 31 13:36:02 2002
Subject: Creating user id's with International Characters
In-Reply-To: <363636211.1017534637@[192.168.0.1]>
References: <200203310002.15027@erwin.ingo-kloecker.de> <363636211.1017534637@[192.168.0.1]>
Message-ID: <200203311333.31856@sendmail.mutz.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sunday 31 March 2002 01:30, Oliver Sch=F6nrock wrote:
<snip>
> and look how it displays on the keyserver
> (http://math-www.uni-paderborn.de/pgp/):
>
> Type bits/keyID    Date       User ID
> pub  1024/7B4425EF 2002/03/30 Oliver Sch=C2?nrock <oliver@schonrocks.co=
m>
>           Key fingerprint =3D  47 A7 A0 2C 37 BB 09 00  62 2D AC 41 0A =
BC EC
> EB  7B 44 25 EF
>
> nice Umlaut huh?
>
> BTW Ingo, your key looks similar:
>
> Type bits/keyID    Date       User ID
> pub  1024/30E0B9D8 2000/10/16 Ingo Kl=C3=B6cker <ingo.kloecker@epost.de=
>
>           Key fingerprint =3D  71 2A 09 10 32 1A C7 62  D4 80 54 08 1A =
74 7E
> 45  30 E0 B9 D8
>                               Ingo H. Kl=C3=B6cker <ingo.kloecker@web.d=
e>
>                               Ingo H. Kl=C3=B6cker <ingo.kloecker@arcor=
mail.de>
>                               Ingo H. Kl=C3=B6cker
> <ingo.kloecker@matha.rwth-aachen.de>
>
> Only question I have is why is your O-Umlaut different to mine?

Because Ingo's umlaut is valid UTF-8 and your's is not ;-(
Did you possibly use gpa-0.5 to create the key?

> So is this just a Keyserver/HTML/Char set during diapay issue? Is my ke=
y
> actually properly encoded?
<snip>

If you force your browser to UTF-8, it should display the umlaut correctl=
y.=20
But your key's id isn't properly encoded, sorry.

Marc

- --=20
Marc Mutz <mutz@kde.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8pvQK3oWD+L2/6DgRAtgUAJ4tGq8DStJmKrVedvWTZhen/TVkewCg7z24
vPp6s8xN3hdTsQcgbSa1T3o=3D
=3D/gUf
-----END PGP SIGNATURE-----



From mutz@kde.org  Sun Mar 31 14:40:02 2002
From: mutz@kde.org (Marc Mutz)
Date: Sun Mar 31 13:40:02 2002
Subject: Removing comment via options file
In-Reply-To: <CurSIsCxbsp8EwjF@deadlock.com>
References: <CurSIsCxbsp8EwjF@deadlock.com>
Message-ID: <200203311337.15133@sendmail.mutz.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sunday 31 March 2002 10:21, Jim Rhodes wrote:
> I know that it's possible to remove the comment line from
> ciphertext via the command line:
>
> --comment ''

resp. --no-comment

> ... but is it possible to remove the comment line via the
> options file?
<snip>

Like any other options, you can strip the two leading dashes to obtain a =
line=20
that you can put in your .gnupg/options file.

Marc

- --=20
Marc Mutz <mutz@kde.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8pvTq3oWD+L2/6DgRAvQeAKCQ0WtKcRdhMjJnm0D2Fs31LAg04ACguQS6
0HxD9Nrewr3L40va8gMJFjg=3D
=3Dom70
-----END PGP SIGNATURE-----



From oliver@schonrocks.com  Sun Mar 31 14:55:01 2002
From: oliver@schonrocks.com (=?ISO-8859-1?Q?Oliver_Sch=F6nrock?=)
Date: Sun Mar 31 13:55:01 2002
Subject: Creating user id's with International Characters
In-Reply-To: <200203311333.31856@sendmail.mutz.com>
References: <200203311333.31856@sendmail.mutz.com>
Message-ID: <38627653.1017579167@[192.168.0.1]>

--==========38652894==========
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Marc

Thanks for confirming that I do in fact have a problem.

> If you force your browser to UTF-8, it should display the umlaut
> correctly.  But your key's id isn't properly encoded, sorry.

Yes this works for me. Now I get Ingo Umlaut properly and mine as a box. So =

I can clearly see the problem.

> Because Ingo's umlaut is valid UTF-8 and your's is not ;-(
> Did you possibly use gpa-0.5 to create the key?
>

No, I didn't. At this stage I have to confess that I use that "temporary=20
workaround until you get a GNU OS" called MS-W2K ;-)

So I used the W2K version of gpg (GnuPG) 1.0.6-2 to create my key.=20
Obviously this is via command line and I think this is where the problem=20
stems from.

How do I enter the O-Umlaut in a W2K command prompt window which is running =

gpg (GnuPG) 1.0.6-2? Currently I am holding down the Alt-key and typing=20
0246 on the numeric keypad. This is obviously not working, ie not giving=20
gpg the correct character. Is there an escape sequence I should using. If=20
so what?

Thanks

Oliver



--==========38652894==========
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6-2 (MingW32)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjym+JgACgkQCrzs63tEJe9BuACcCP4aJXKkjVLm7P8qiK2rq5z5
Rx4An3cxF7ikCo2sIGjMC2CDxOF7fzuV
=l0gn
-----END PGP SIGNATURE-----

--==========38652894==========--



From jim@deadlock.com  Sun Mar 31 14:59:02 2002
From: jim@deadlock.com (Jim Rhodes)
Date: Sun Mar 31 13:59:02 2002
Subject: Removing comment via options file
In-Reply-To: <200203311337.15133@sendmail.mutz.com>
References: <CurSIsCxbsp8EwjF@deadlock.com>
 <200203311337.15133@sendmail.mutz.com>
Message-ID: <ccC1UuEWlvp8EwSJ@deadlock.com>

>> I know that it's possible to remove the comment line from
>> ciphertext via the command line:
>>
>> --comment ''
>
>resp. --no-comment
>
>> ... but is it possible to remove the comment line via the
>> options file?
><snip>
>
>Like any other options, you can strip the two leading dashes to obtain a line
>that you can put in your .gnupg/options file.

I originally tried no-comment in the options file but it
doesn't actually work, that's why I was asking about it.

After some trial and error I came up with the solution:

comment ""

... single quotes don't work - go figure.



From twoaday@freakmail.de  Sun Mar 31 15:37:02 2002
From: twoaday@freakmail.de (Timo Schulz)
Date: Sun Mar 31 14:37:02 2002
Subject: Removing comment via options file
In-Reply-To: <ccC1UuEWlvp8EwSJ@deadlock.com>
References: <CurSIsCxbsp8EwjF@deadlock.com> <200203311337.15133@sendmail.mutz.com> <ccC1UuEWlvp8EwSJ@deadlock.com>
Message-ID: <20020331114330.GA2849@daredevil.joesixpack.net>

On Sun Mar 31 2002; 12:56, Jim Rhodes wrote:

> I originally tried no-comment in the options file but it
> doesn't actually work, that's why I was asking about it.

FYI (from the manpage):

--no-comment
        Do  not  write  comment  packets.   This  option
        affects   only   the   generation   of    secret
        keys.  Please  note, that this has nothing to do
        with the comments in clear text signatures.


        Timo


From mutz@kde.org  Sun Mar 31 15:39:01 2002
From: mutz@kde.org (Marc Mutz)
Date: Sun Mar 31 14:39:01 2002
Subject: Install GnuPG on Win98?  Use GPA?
In-Reply-To: <005801c1d89b$bbea27a0$3c709d42@sardine>
References: <VA.00000013.005e94d5@gwstrong.com> <005801c1d89b$bbea27a0$3c709d42@sardine>
Message-ID: <200203311436.18506@sendmail.mutz.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sunday 31 March 2002 12:06, Justin Troutman wrote:
<snip>
> > use GnuPG with a more user friendly frontend, but have experience
> > working from the prompt on DOS before Windows took over.
>
> Working with GnuPG via command line is fairly simple, provided you
> read over the man file and some documentation, however the GUI
> automation is great, but, with GnuPP, of which is explained a bit
> below, you can use the GUI utilities or still choose to run it at the
> command line. Your call.
<snip>

STOP: If you use GPA-0.5 (aka GnuPP, AFAIK), make sure to generate your=20
keypair (if any) _on the command line_. GPA-0.5 has a nasty bug that will=
=20
result in all non-us-ascii characters encoded invalidly. Don't know if th=
is=20
slipped into the GnuPP release, but I guess so.

Not that it would matter for Greg, but one should be careful when recomme=
nding=20
GPA-0.5.

Marc

- --=20
Marc Mutz <mutz@kde.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8pwLB3oWD+L2/6DgRAg/XAKCIYx35SWLK6m854La+f6pF+Rez2QCgjkyu
5ZsEdyWvLz5Dv3fIIY/Gcco=3D
=3DWcIe
-----END PGP SIGNATURE-----



From justinrt@bellsouth.net  Sun Mar 31 16:06:01 2002
From: justinrt@bellsouth.net (Justin Troutman)
Date: Sun Mar 31 15:06:01 2002
Subject: Install GnuPG on Win98?  Use GPA?
References: <VA.00000013.005e94d5@gwstrong.com> <005801c1d89b$bbea27a0$3c709d42@sardine> <200203311436.18506@sendmail.mutz.com>
Message-ID: <010101c1d8b4$6c798260$bc709d42@sardine>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160





On Sunday 31 March 2002 12:06, Justin Troutman wrote:
<snip>
> > use GnuPG with a more user friendly frontend, but have
experience
> > working from the prompt on DOS before Windows took over.
>
> Working with GnuPG via command line is fairly simple, provided you
> read over the man file and some documentation, however the GUI
> automation is great, but, with GnuPP, of which is explained a bit
> below, you can use the GUI utilities or still choose to run it at
the
> command line. Your call.
<snip>

>STOP: If you use GPA-0.5 (aka GnuPP, AFAIK), make sure to generate
your
>keypair (if any) _on the command line_. GPA-0.5 has a nasty bug that
will
>result in all non-us-ascii characters encoded invalidly. Don't know
if this
>slipped into the GnuPP release, but I guess so.

>Not that it would matter for Greg, but one should be careful when
recommending
>GPA-0.5.

Right, my apologies. I used WinPT for key generation, however, so
I've had no problems. GPA 0.5.0 is packaged with GnuPP, so it would
be best to either
use WinPT or generate from the command line.

Thanks for pointing that out, Marc.

Justin T.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (MingW32) - GPGOE Plug-in 0.2.2
Comment: GnuPG - Simple. Robust. Open source. Enough said.
http://www.gnupg.org | http://www.gnupp.org

iD8DBQE8pwkRnMjKhGLOEDYRA6PDAJ9fWgPl15khJWoyC/1fmmYBTU/L6gCg2dNG
KbimtYFMnqCeFaLOJdVG4s0=
=Dn1z
-----END PGP SIGNATURE-----




From twoaday@freakmail.de  Sun Mar 31 16:42:01 2002
From: twoaday@freakmail.de (Timo Schulz)
Date: Sun Mar 31 15:42:01 2002
Subject: Install GnuPG on Win98?  Use GPA?
In-Reply-To: <010101c1d8b4$6c798260$bc709d42@sardine>
References: <VA.00000013.005e94d5@gwstrong.com> <005801c1d89b$bbea27a0$3c709d42@sardine> <200203311436.18506@sendmail.mutz.com> <010101c1d8b4$6c798260$bc709d42@sardine>
Message-ID: <20020331124547.GA3783@daredevil.joesixpack.net>

On Sun Mar 31 2002; 08:03, Justin Troutman wrote:

> Right, my apologies. I used WinPT for key generation, however, so
> I've had no problems. GPA 0.5.0 is packaged with GnuPP, so it would
> be best to either use WinPT or generate from the command line.

I realized the problems with German special characters short before
the GnuPP package was released so I decided to add UTF8 support for
key generation and key listing into WinPT.

I guess it's on the TODO list of the GPA to do the same, but I'm
not sure when this will happen.


        Timo


From oliver@schonrocks.com  Sun Mar 31 18:10:02 2002
From: oliver@schonrocks.com (=?ISO-8859-1?Q?Oliver_Sch=F6nrock?=)
Date: Sun Mar 31 17:10:02 2002
Subject: Install GnuPG on Win98?  Use GPA?
In-Reply-To: <20020331124547.GA3783@daredevil.joesixpack.net>
References: <20020331124547.GA3783@daredevil.joesixpack.net>
Message-ID: <50352703.1017590893@[192.168.0.1]>

--==========50358862==========
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline


> I realized the problems with German special characters short before
> the GnuPP package was released so I decided to add UTF8 support for
> key generation and key listing into WinPT.

With reference to my earlier mails, Subject "Creating user id's with=20
International Characters"

I have now also downloaded and installed the GnuPP package. Using WinPT to=20
generate a new key I get exactly the same problem. The Umlaut is not=20
encoded properly into the key.

I now suspect that is has to do with the Windows locale setting. My machine =

is bought in the UK and I run it with System Locale=3DUK, english keyboard=20
etc... Could this be affecting how GnuPG and/or WinPT read the command=20
line/input box on which I type in the real name. In other words, could it=20
be that not having a German locale and using Alt-0246 to type in the &ouml=20
character is confusing the applications?

This is getting frustrating, please help.

Oliver

again the new key I have generated, this time using WinPT from the GnuPP:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (MingW32) - WinPT 0.5.7

mQGiBDynIxARBACi49q/oPi6y5AZ1kjO7n+K2bC0q6AVTJ89ydgDMlWD9QrBLctU
3CtvOEoekO3u3lhLRMKo1kcYB+2dT1ADZzcHBXLXEQt5BDAqOG4kL9oLZPloJ1dY
6fa4npzXMxItyjqS8kRHn30l0TzVxI8T8MV+fpaQy1naEgibyeDUcUJZBwCgjCfr
MBGL8JapE6BGbKjn79bkyC8D/2c72VdANML1yY2+yPZamj0YRYI6g46L5nwPsxGs
+T5GjfFzODvy1GjYiIXqhUQMmzFdvSiTgGZ6FisGihr/4B2qg/aO5daYtEEdCdVE
8TCt678jZ3ukprI4wYVbYLDtHT88ftocNJMnsqydvw12kfzgw+9D+H3yWgIpryE4
HdkuBACeKLirkOrzkXY6E76M2ZofCxmjufq/rfH95S3I+HWa5xxRikKkQutUBzWp
w1V2XlPEcfC/TLHAmo3gjGzz9NQMJlLsDnV0k9K6BQregPusXdUtPqsIVTiGMJlb
THosxpV1gbao9zPPHlGgUll2sfGv6g/YtDUIlS0TOB4c8YjJ9LQpT2xpdmVyIFNj
aMKUbnJvY2sgPG9saXZlckBzY2hvbnJvY2tzLmNvbT6IXQQTEQIAHQUCPKcjEAUJ
AeKFAAULBwoDBAMVAwIDFgIBAheAAAoJEMKL64XX1UATXr4An3BYX+KVajp8gipE
Xtz6OcvUw8plAJ9Mp2dcllb4hxTjYOk3N4tH4h0er7QyT2xpdmVyIFNjaMO2bnJv
Y2sgKGphc3BlcikgPG9saXZlckBzY2hvbnJvY2tzLmNvbT6IXQQTEQIAHQUCPKck
EgUJAeKFAAULBwoDBAMVAwIDFgIBAheAAAoJEMKL64XX1UATkg4An0vF817Xfwn8
i86uhU5PQZEPxFa+AJ9CGbQgnI8vre7gUJH4jxEninZhqLkBjQQ8pyMcEAYA4Xa7
wX/xkVmeIUokHp/qnsyZkzGB/7m6SgHAnkNS/PNQnAYWLuCKihPEcDS1+YaSA5l5
JatruEVk6TVkOUYB3K9UHoAiynH48iFLAgTxcmtX6TaKaKSgxyosWBYSKfDi6rjT
UQaP6FQUot30NDh/ovcNuYdrKWHGy3t2+MW9uRVzLQz2vDnSkwN6pMLS0eBqg6GC
4h6Am4e7V+X4SJjY1Aoa7pB2iiOFu6hCoSwgb7A7OyOIDVN/BM+ERFCQ5jqrAAMG
BgClNyr3ZVxcelK/btjk8PyyoqhT2I3/oOJ0ALK09mUrYV0RroXUa1QMvz/fk3rf
DMBFLV8CKGno01TPqKrgionYxz3iX7JAsSBasUiyhswO3eKF1w2kaN53nNfSg5zS
tb9MC2ahPnMifNZ7DDyW3Nk0vSiGY3G8N4kSdhqPbR3zaXP/Zi8GUU03ljAIT5tA
i+RGmpgimxeZIGvbPIg53ZtUgWPBNzC2i/HxUo0KhEdWsZO07m3TVRvpbXXw9AHf
fAaITAQYEQIADAUCPKcjHAUJAeKFAAAKCRDCi+uF19VAE9tOAJ9JCDqBRBb2+4rh
0L1QKQyTEMop4ACfaxeZBGJZ8xsHq9xqu3Y2+G7nfdI=3D
=3D+5Vg
-----END PGP PUBLIC KEY BLOCK-----

--==========50358862==========
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (MingW32)

iD8DBQE8pyZdliSvuT+ZB4QRAq9jAKCJvWRQitK6Og6w1cWN0QS6jiUHAQCeIicu
YlL2Zrv1yy79kLS3srlTvQQ=
=7Ol0
-----END PGP SIGNATURE-----

--==========50358862==========--



From twoaday@freakmail.de  Sun Mar 31 18:18:01 2002
From: twoaday@freakmail.de (Timo Schulz)
Date: Sun Mar 31 17:18:01 2002
Subject: Install GnuPG on Win98?  Use GPA?
In-Reply-To: <50352703.1017590893@[192.168.0.1]>
References: <20020331124547.GA3783@daredevil.joesixpack.net> <50352703.1017590893@[192.168.0.1]>
Message-ID: <20020331142439.GA17579@daredevil.joesixpack.net>

On Sun Mar 31 2002; 16:08, Oliver Schnrock wrote:

> I have now also downloaded and installed the GnuPP package. Using WinPT 
> to generate a new key I get exactly the same problem. The Umlaut is not 
> encoded properly into the key.

Hmmm, this is strange. I generated some test keys with international
characters in the userID and they were correctly encoded into ISO-8859-1.
So the "gpg -k" output was okay.

 
> is bought in the UK and I run it with System Locale=UK, english keyboard 
> etc... Could this be affecting how GnuPG and/or WinPT read the command 
> line/input box on which I type in the real name. In other words, could it 

I'm not sure about this but maybe it caused the problem.


> again the new key I have generated, this time using WinPT from the GnuPP:

The second userID you created doesn't have charset problems so I guess
you created it later with GPG on the command line?


        Timo





From oliver@schonrocks.com  Sun Mar 31 18:45:01 2002
From: oliver@schonrocks.com (=?ISO-8859-1?Q?Oliver_Sch=F6nrock?=)
Date: Sun Mar 31 17:45:01 2002
Subject: Install GnuPG on Win98?  Use GPA?
In-Reply-To: <20020331142439.GA17579@daredevil.joesixpack.net>
References: <20020331142439.GA17579@daredevil.joesixpack.net>
Message-ID: <52448046.1017592988@[192.168.0.1]>

--==========52458620==========
Content-Type: text/plain; charset=iso-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

>
> The second userID you created doesn't have charset problems so I guess
> you created it later with GPG on the command line?


YES!!!

You are right. The second key does not have the problem. I didn't notice=20
because WinPT hadn't updated its keycache and I wasn't familiar with the=20
app yet.

BUT...The good key was created with WinPT!!

so you are also right about it correctly handling the umlaut..


The command line doesn't work no matter what I do. I am sure it is some=20
hidden **%$=A3 option in windows (because I have a UK machine) that is =
making=20
the command line box use the wrong character set. If I set the Locale=20
Location under Control Panel/Regional Options/general to Germany and then=20
create a new uid with gpg command line, the following happens:

Command> adduid
Real name: Oliver Sch=F6nrock
Email address: oliver@schonrocks.com
Comment:
You are using the `iso-8859-1' character set.
You selected this USER-ID:
    "Oliver Sch=F6nrock <oliver@schonrocks.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?

I only got the ISO-8859-1 message once while in English Locale, when I very =

first did this 2 days ago. Now the message is back becaus of the German=20
Locale. It still produces the wrong character for the Umlaut!!

anyway my personal problem is solved, since I can generate a key with=20
WinPT!!! but surely there is some really fishy stuff going on with that=20
command line box and Locale setting (or whatever else Windows is hiding).

Hope this will help someone in the future. My lesson although I don't fully =

understand what happened there is:

"if you have a windows system locale other than the language you are trying =

to use, don't use command line gpg to make your uid. Use WinPT instead!".

Oliver

--==========52458620==========
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (MingW32)

iD8DBQE8py6MliSvuT+ZB4QRAh8eAKCWahkR3kDrwU0DENEPP3nYRYDGZQCdEZ5R
wx8EVJgonYgjSiic6WBQ5Ug=
=GzaL
-----END PGP SIGNATURE-----

--==========52458620==========--



From ingo.kloecker@epost.de  Sun Mar 31 19:00:02 2002
From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=)
Date: Sun Mar 31 18:00:02 2002
Subject: Creating user id's with International Characters
In-Reply-To: <38627653.1017579167@[192.168.0.1]>
References: <200203311333.31856@sendmail.mutz.com> <38627653.1017579167@[192.168.0.1]>
Message-ID: <200203311746.19196@erwin.ingo-kloecker.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sunday 31 March 2002 13:52, Oliver Sch=F6nrock wrote:
> How do I enter the O-Umlaut in a W2K command prompt window which is
> running gpg (GnuPG) 1.0.6-2? Currently I am holding down the Alt-key
> and typing 0246 on the numeric keypad. This is obviously not working,
> ie not giving gpg the correct character. Is there an escape sequence
> I should using. If so what?

Maybe using the option "--charset iso-8859-1" helps. This will force gpg=20
too assume that you use latin1. Now try again to enter the =F6 as above=20
(246 is the correct code for the =F6 in latin1).

Alternatively try the option "--charset utf-8" and enter Alt+0195=20
Alt+0182 (this is the utf-8 code for =F6).

Regards,
Ingo

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8py9KGnR+RTDgudgRAuGbAKDCeWtwiBdy/92xTgRyzhlsFHK3JwCbBpb+
kHte4iPXhU6t6BNIi4oJk0c=3D
=3DolyQ
-----END PGP SIGNATURE-----


From Nick Andriash <andriash@telus.net>  Sun Mar 31 20:15:02 2002
From: Nick Andriash <andriash@telus.net> (Nick Andriash)
Date: Sun Mar 31 19:15:02 2002
Subject: Install GnuPG on Win98?  Use GPA?
In-Reply-To: <VA.00000013.005e94d5@gwstrong.com>
References: <VA.00000013.005e94d5@gwstrong.com>
Message-ID: <19440282497.20020331091146@telus.net>

On March 31, 2002 at 09:05:21 AM, Greg wrote:

> I've downloaded GnuPG 1.0.6 and GPA.  I'm assuming GPA is the standard 
> Win32 GUI to use with GnuPG 

I have never tried GPA but from reports I've read you are better advised
to run one of the two other Win32 GUI's available:

GPGShell v2.27
http://www.jumaros.de/rsoft/gpgshell.html

WinPT
http://www.winpt.org/

Of the two GUI's mentioned, my favourite is GPGShell but that is just a
personal observation. Try them both and compare the two side by side.


Nick
--
PGP Public Keys:
Mailto:andriash@gmx.net?subject=PGPKeys



From gw_goldwing@gwstrong.com  Sun Mar 31 21:58:01 2002
From: gw_goldwing@gwstrong.com (Greg Strong)
Date: Sun Mar 31 20:58:01 2002
Subject: Install GnuPG on Win98?  Use GPA?
In-Reply-To: <19440282497.20020331091146@telus.net>
References: <VA.00000013.005e94d5@gwstrong.com> <19440282497.20020331091146@telus.net>
Message-ID: <VA.00000017.008d2cbe@gwstrong.com>

In article <19440282497.20020331091146@telus.net>, Nick Andriash wrote:
> I have never tried GPA but from reports I've read you are better advised
> to run one of the two other Win32 GUI's available:
> 
> GPGShell v2.27
> http://www.jumaros.de/rsoft/gpgshell.html
> 
> WinPT
> http://www.winpt.org/
> 
> Of the two GUI's mentioned, my favourite is GPGShell but that is just a
> personal observation. Try them both and compare the two side by side.


I've already downloaded WinPT.  I'm should have it installed and working 
hopefully before the end of the day.  From what I've read, I like the fact 
it is not email client dependent.


Greg Strong
Email: gw_goldwing@gwstrong.com

Sun, 31 Mar 2002 12:54 CST




From Nick Andriash <andriash@telus.net>  Sun Mar 31 22:13:01 2002
From: Nick Andriash <andriash@telus.net> (Nick Andriash)
Date: Sun Mar 31 21:13:01 2002
Subject: Install GnuPG on Win98?  Use GPA?
In-Reply-To: <VA.00000017.008d2cbe@gwstrong.com>
References: <VA.00000013.005e94d5@gwstrong.com>
 <19440282497.20020331091146@telus.net> <VA.00000017.008d2cbe@gwstrong.com>
Message-ID: <4347395012.20020331111017@telus.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On March 31, 2002 at 11:09:07 AM, Greg wrote:

> I've already downloaded WinPT.  I'm should have it installed and working 
> hopefully before the end of the day.  From what I've read, I like the fact 
> it is not email client dependent.

None of the Win32 GUI's for GnuPG are Client dependant... that is the
beauty of using them. ;o)


Nick
- --
PGP Public Keys:
Mailto:andriash@gmx.net?subject=PGPKeys


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6-2 (MingW32) - GPGshell v2.27

iD8DBQE8p18F2usvuTvKfdIRAo2hAJsE/l37P9p6BsphjqENN8VtcVQg3QCgtvxo
S/kTzomavjyQLG1mHNr8kHk=
=TPOU
-----END PGP SIGNATURE-----



From gw_goldwing@gwstrong.com  Sun Mar 31 22:26:02 2002
From: gw_goldwing@gwstrong.com (Greg Strong)
Date: Sun Mar 31 21:26:02 2002
Subject: Install GnuPG on Win98?  Use GPA?
In-Reply-To: <005801c1d89b$bbea27a0$3c709d42@sardine>
References: <VA.00000013.005e94d5@gwstrong.com> <005801c1d89b$bbea27a0$3c709d42@sardine>
Message-ID: <VA.00000018.00a68c0b@gwstrong.com>

In article <005801c1d89b$bbea27a0$3c709d42@sardine>, Justin Troutman wrote:
> I would recommend downloading the GnuPP package, which bundles GnuPG,
> GPA, and WinPT together for easy installation.
> The GnuPP site it in German, but with a little help from Google
> translation, you should be able to comprehend everything at:
> 
> http://translate.google.com/translate?hl=en&sl=de&u=http://www.gnupp.de/&pre
> v=/search%3Fq%3DGnuPP%26hl%3Den

If the package you are referring to is at http://www.winpt.org/download.html, 
then I don't believe GPA is bundled.  From reading the documentation only 
WinPT & GnuPG.  The site now has documentation in English, so no translation 
required.

> As for integration with mail clients, on my Windows 98 box, I use
> GPGOE (for Outlook Express), which utilizes the S/MIME encrypt/sign
> buttons (although not using S/MIME) to do the GnuPG encrypt/sign
> routines. I am well pleased with it, especially after migrating from
> all the GUI eye-candy of PGP and its mail plugins.
> 
> Also, check http://www.gnupg.org/frontends.html for plugins and such
> which might be of use to you and whichever mail client you decide on
> using.
> 
> Hope this helps you get started with using the application. If you
> have any questions, feel free to send 'em on.

Since I have NOT used GnuPG, the integration into email is a little vague to 
me at this time.  I will have to install and use.  I would imagine the 
frontend plugins basically make the integration into the email client 
seamless.

One of the reasons I want to try WinPT is the fact that it is not email client 
dependent.  I haven't yet decided what email program I will using long term, 
so this is a big plus.  From the GnuPG reading I've done so far, you can use 
it to encrypt a message or sign a message.  As I understand it the signing of 
the message authenticates the message being sent by you.  Since most of the 
people I communicate online with do not use PGP, this would be my primary 
purpose.  However, if needed the encryption option is always a big plus.

After receiving the WinPT recommendation from you and other sources, I have 
decided to give it a try.  Thanks for the information.

Regards,



Greg Strong
Email: gw_goldwing@gwstrong.com

Sun, 31 Mar 2002 13:10 CST




From gw_goldwing@gwstrong.com  Sun Mar 31 23:04:02 2002
From: gw_goldwing@gwstrong.com (Greg Strong)
Date: Sun Mar 31 22:04:02 2002
Subject: Restrictions / Commercial Use?
Message-ID: <VA.00000019.00c98b24@gwstrong.com>

Are there any restrictions on using GnuPG for commercial use?  

GnuPG says at http://www.gnupg.org/ that "GnuPG is a complete and free 
replacement for PGP. Because it does not use the patented IDEA 
algorithm, it can be used without any restrictions."  

While the installation instructions for GPGshell at 
http://www.jfrisch.de/GPG-Install/Seiten-englisch/index.html states 
that If you want to use GPG in a non-commercial environment I recommend 
to use the following GPG-version. Please keep in mind that this file 
contains a version with implemented IDEA-algorithm which is free only 
for non-commercial use!"

On http://www.jumaros.de/rsoft/gpgshell.html the author states that 
"GPGshell is a graphical interface for GnuPG (GNU Privacy Guard). GnuPG 
is a free RFC2440 (OpenPGP) compliant replacement for PGP. Because it 
does not use the patented IDEA algorithm, it can be used without any 
restrictions."

I've scanned the GNU General Public License (GPL) in plain text format 
at http://www.gnu.org/licenses/gpl.txt.  I believe this license governs 
the distribution of GnuPG.  I don't recall seeing any restrictions on 
use meaning commercial versus non-commercial.

The only thing I can see different is the fact that GPGshell 
installation instructions reference a different file, 
gnupg-w32-1.0.6.zip, than GnuPG, gnupg-w32-1.0.6-2.zip.

I have not installed GnuPG or any frontend.  These statements seem to 
conflict each other, or am I missing something here.  Please explain.  
TIA!



Greg Strong
Email: gw_goldwing@gwstrong.com

Sun, 31 Mar 2002 13:33 CST




From gw_goldwing@gwstrong.com  Sun Mar 31 23:11:02 2002
From: gw_goldwing@gwstrong.com (Greg Strong)
Date: Sun Mar 31 22:11:02 2002
Subject: Install GnuPG on Win98?  Use GPA?
In-Reply-To: <VA.00000017.008d2cbe@gwstrong.com>
References: <VA.00000013.005e94d5@gwstrong.com> <19440282497.20020331091146@telus.net> <VA.00000017.008d2cbe@gwstrong.com>
Message-ID: <VA.0000001a.00cfd9f2@gwstrong.com>

In article <VA.00000017.008d2cbe@gwstrong.com>, Greg Strong wrote:
> I've already downloaded WinPT.  I'm should have it installed and working 
> hopefully before the end of the day.  From what I've read, I like the fact 
> it is not email client dependent.

After further investigation and before installation could someone please 
explain my other post here with the subject "Restrictions / Commercial Use."

TIA!



Greg Strong
Email: gw_goldwing@gwstrong.com

Sun, 31 Mar 2002 14:04 CST




From dshaw@jabberwocky.com  Sun Mar 31 23:25:01 2002
From: dshaw@jabberwocky.com (David Shaw)
Date: Sun Mar 31 22:25:01 2002
Subject: Restrictions / Commercial Use?
In-Reply-To: <VA.00000019.00c98b24@gwstrong.com>
References: <VA.00000019.00c98b24@gwstrong.com>
Message-ID: <20020331202153.GH12169@akamai.com>

On Sun, Mar 31, 2002 at 02:02:58PM -0600, Greg Strong wrote:
> Are there any restrictions on using GnuPG for commercial use?  
> 
> GnuPG says at http://www.gnupg.org/ that "GnuPG is a complete and free 
> replacement for PGP. Because it does not use the patented IDEA 
> algorithm, it can be used without any restrictions."  

This is correct.  Use it commercially, use it non-commercially, use it
for whatever you like.  Have fun.

However, if you want to use the IDEA cipher then the situation changes
a little.  The IDEA cipher is patented by a Swiss company called Ascom
Systec Ltd.  They require a licence for commercial use.

GnuPG does not come with IDEA, despite what people may have added to
their own copies of the distribution.  You don't even need IDEA unless
you are trying to communicate with a user who uses certain versions of
PGP 2.  Since the current version of PGP is 7, it's been a few years
since PGP 2...

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


From ingo.kloecker@epost.de  Sun Mar 31 23:28:01 2002
From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=)
Date: Sun Mar 31 22:28:01 2002
Subject: Restrictions / Commercial Use?
In-Reply-To: <VA.00000019.00c98b24@gwstrong.com>
References: <VA.00000019.00c98b24@gwstrong.com>
Message-ID: <200203312225.32188@erwin.ingo-kloecker.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sunday 31 March 2002 22:02, Greg Strong wrote:
> Are there any restrictions on using GnuPG for commercial use?

Short answer: No.

But... Some binary GnuPG packages for Windows include the non-free IDEA=20
plugin. These packages must not be used in a commercial environment.

So, if you want to use GnuPG for commercial use you must install a=20
binary GnuPG package which does not include the IDEA plugin.

Hope this helps.

Regards,
Ingo

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8p3C7GnR+RTDgudgRAvf7AJ4xsz2ef5gzIPmSWanLA17eANRZ9wCgyJzj
x4Wg9RABZqKpvX1VDsqbvSU=3D
=3DNpIZ
-----END PGP SIGNATURE-----


