Re: Copier le fichier public PGP d'Anydesk dans le répertoire /etc/apt/trusted.gpg.d [RESOLU]

[Olivier]

Le file de discussion "apt-key is deprecated" contient les infos qui
m'ont permis de régler mon problème.
Puisse ce message aider d'autres personnes.

Le jeu. 18 avr. 2024 à 12:41, Olivier  a écrit :
>
> Bonjour,
>
> J'ai suivi la procédure en [1] elle ne fournit pas le résultat escompté.
> J'ai :
>
> # curl -O https://keys.anydesk.com/repos/DEB-GPG-KEY | tee
> /usr/share/keyrings/anydesk.gpg
>   % Total% Received % Xferd  Average Speed   TimeTime Time  
> Current
>  Dload  Upload   Total   SpentLeft  Speed
> 100  1778  100  17780 0  13268  0 --:--:-- --:--:-- --:--:-- 13268
> # ls -l /usr/share/keyrings/anydesk.gpg
> -rw-r--r-- 1 root root 0 18 avril 12:37 /usr/share/keyrings/anydesk.gpg
>
> Le fichier DEB-GPG-KEY est au format "PGP public key block Public-Key (old)".
> Les autres fichiers de /usr/share/keyrings/ sont "au format GPG".
>
> [1] https://www.debian-fr.org/t/anydesk-sur-bullseye/85147/2
>
> Comment corriger ?
>
> Slts

Copier le fichier public PGP d'Anydesk dans le répertoire /etc/apt/trusted.gpg.d

[Olivier]

Bonjour,

J'ai suivi la procédure en [1] elle ne fournit pas le résultat escompté.
J'ai :

# curl -O https://keys.anydesk.com/repos/DEB-GPG-KEY | tee
/usr/share/keyrings/anydesk.gpg
  % Total% Received % Xferd  Average Speed   TimeTime Time  Current
 Dload  Upload   Total   SpentLeft  Speed
100  1778  100  17780 0  13268  0 --:--:-- --:--:-- --:--:-- 13268
# ls -l /usr/share/keyrings/anydesk.gpg
-rw-r--r-- 1 root root 0 18 avril 12:37 /usr/share/keyrings/anydesk.gpg

Le fichier DEB-GPG-KEY est au format "PGP public key block Public-Key (old)".
Les autres fichiers de /usr/share/keyrings/ sont "au format GPG".

[1] https://www.debian-fr.org/t/anydesk-sur-bullseye/85147/2

Comment corriger ?

Slts

Re: Need help with PGP signature verification

[Tom Browder]

On Sun, Oct 8, 2023 at 14:39 Thomas Schmitt  wrote:

> Hi,


Thanks, Thomas.

I did get the signers key fingeprints from their personal github pages. I
would go the full security route if it were only my use I'm concerned with,
but I'm working on a Raku module for others and I don't want them to be
held up by having to fumble with key trust before at least downloading the
files with a first order check with data I can provide.

I'll make sure to document exactly what I'm providing.

Best regards,

-Tom

Re: Need help with PGP signature verification

[debian-user]

"Thomas Schmitt"  wrote:
> Hi,
> 
> Tom Browder wrote:
> > I'm willing to trust published PGP key fingerprints for signers of
> > Rakudo downloadable files.  
> 
> Do i get it right that you talk about https://rakudo.org/downloads ?
> 
> > Question:  How can I get the fingerprint from the downloads? 
> > The products I download are (1) the file of interest, (2) a PGP
> > signed checksums file with various shaX hashes for the file, and
> > (3) a separate file containing a PGP signature.  
> 
> The "Verify" button at above web page leads to
>   https://rakudo.org/downloads/verifying
> which explains how to use sha256 and gpg2 for verification.
> Most importantly it lists the fingerprints of the four "Keys of the
> releasers". If gpg2 --verify reports any other fingerprint, then
> the .asc file cannot be trusted.
> 
> (It is not overly trustworthy that fingerprints and the signed files
> are offered on the same web site. Once the site is compromised, both
> can be manipulated by the attacker.)

That's why the page suggests that the developers' also list their
fingerprints on their github pages, I suspect. Which they do.

Re: Need help with PGP signature verification

[Thomas Schmitt]

Hi,

Tom Browder wrote:
> I found a usable answer. Run "gpg file.asc" and the output shows the two
> fingerprints: the primary key fingerprint and the subkey fingerprint.

Wow, that's surprising.

But indeed the man page says:

  COMMANDS
   ...
   gpg  may  be run with no commands, in which case it will perform a rea‐
   sonable action depending on the type of file it is given as  input  (an
   encrypted  message  is  decrypted, a signature is verified, a file con‐
   taining keys is listed).


Have a nice day :)

Thomas

Re: Need help with PGP signature verification

[Tom Browder]

On Sun, Oct 8, 2023 at 05:13 Tom Browder  wrote:

> On Sun, Oct 8, 2023 at 3:29 AM DdB
>  wrote:
> > Am 08.10.2023 um 01:16 schrieb Tom Browder:
> > > I'm willing to trust published PGP key fingerprints for signers of
> > > Rakudo downloadable files.
> > > Question:  How can I get the fingerprint from the downloads?


I found a usable answer. Run "gpg file.asc" and the output shows the two
fingerprints: the primary key fingerprint and the subkey fingerprint.

I wish there was a PGP cookbook around somewhere.

Thanks, all.

-Tom

Re: Need help with PGP signature verification

[Thomas Schmitt]

Hi,

maybe

  gpg --keyid-format long --verify signature_file.asc /some/dummy/file

this gives me the last 16 characters of the fingerprint. Like:

  gpg:using  key E9CBDFC0ABC0A854

with a matching payload file i get something like:

  Primary key fingerprint: 44BC 9FD0 D688 EB00 7C4D D029 E9CB DFC0 ABC0 A854


Have a nice day :)

Thomas

Re: Need help with PGP signature verification

[Dan Purgert]

On Oct 08, 2023, Tom Browder wrote:
> On Sun, Oct 8, 2023 at 3:29 AM DdB
>  wrote:
> > Am 08.10.2023 um 01:16 schrieb Tom Browder:
> > > I'm willing to trust published PGP key fingerprints for signers of
> > > Rakudo downloadable files.
> > > Question:  How can I get the fingerprint from the downloads?
> > There is more than just one way to archieve this, first result from
> 
> I should have been more specific. I have the following:
> 
> -BEGIN PGP SIGNATURE-
> 
> iHUEABYKAB0WIQTdpb2j9c3OmfntVsEsxulzgY84awUCZQ1GBgAKCRAsxulzgY84
> a+jhAQCZ0lLh1EnB1AwrgW0zPBp801OOeJ2QUiDBOGXBbrl/7QD/ZQe738sF2tCR
> 43SAvJOfT3b4YpGdfSUj9F7XNDoovQM=
> =mNqK
> -END PGP SIGNATURE-
> 
> I need the fingerprint from that to compare with the fingerprints I
> know from Github to see if it's from the same key.

No, you just need the key(s) from the developer(s).  Assuming you've not
accidentally tampered with the files, you'll be able to verify this
signature with a command like "gpg --verify shasum.txt.gpg shasum.txt".

You'll get a message to the effect of 

  Signature made [some-date-here]
  using RSA Key [fingerprint-here]
  Good signature from "Some Person's GPG Key Name"

NOTE -- you MAY also receive some lines to the effect of 

  WARNING: This key is not trusted, the authenticity of the signature
  cannot be verified.

As with checking a Debian ISO (or other Linux distro that uses this
style of verification), this is nothing to be worried about, it's just
GPG informing you that it doesn't have any information as to whether you
actually "trust" the key (either through you explicitly signing /
trusting the key, or trust being derived through the GPG Web of Trust).
It's roughly the GPG equivalent of a web browser going "WARNING - Self
Signed Certificate".


Anyway, once you're done with this; then you know the sha256 checksum
file is the one the developers intended you to get; and you can use it
to check the *iso file.  Probably something like "sha256sum
--ignore-missing -c sha256sum.txt"

HTH :)

-- 
|_|O|_|
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: DDAB 23FB 19FA 7D85 1CC1  E067 6D65 70E5 4CE7 2860


signature.asc
Description: PGP signature

Re: Need help with PGP signature verification

[Tom Browder]

On Sun, Oct 8, 2023 at 3:29 AM DdB
 wrote:
> Am 08.10.2023 um 01:16 schrieb Tom Browder:
> > I'm willing to trust published PGP key fingerprints for signers of
> > Rakudo downloadable files.
> > Question:  How can I get the fingerprint from the downloads?
> There is more than just one way to archieve this, first result from

I should have been more specific. I have the following:

-BEGIN PGP SIGNATURE-

iHUEABYKAB0WIQTdpb2j9c3OmfntVsEsxulzgY84awUCZQ1GBgAKCRAsxulzgY84
a+jhAQCZ0lLh1EnB1AwrgW0zPBp801OOeJ2QUiDBOGXBbrl/7QD/ZQe738sF2tCR
43SAvJOfT3b4YpGdfSUj9F7XNDoovQM=
=mNqK
-END PGP SIGNATURE-

I need the fingerprint from that to compare with the fingerprints I
know from Github to see if it's from the same key.

I think using openssl might be the easiest, but all the tools seem to
have a huge number of options and a vocabulary that's very malleable.

Thanks.

-Tom

Re: Need help with PGP signature verification

[Thomas Schmitt]

Hi,

Tom Browder wrote:
> I'm willing to trust published PGP key fingerprints for signers of Rakudo
> downloadable files.

Do i get it right that you talk about https://rakudo.org/downloads ?

> Question:  How can I get the fingerprint from the downloads? 
> The products I download are (1) the file of interest, (2) a PGP signed
> checksums file with various shaX hashes for the file, and (3) a separate
> file containing a PGP signature.

The "Verify" button at above web page leads to
  https://rakudo.org/downloads/verifying
which explains how to use sha256 and gpg2 for verification.
Most importantly it lists the fingerprints of the four "Keys of the
releasers". If gpg2 --verify reports any other fingerprint, then the .asc
file cannot be trusted.

(It is not overly trustworthy that fingerprints and the signed files
are offered on the same web site. Once the site is compromised, both can
be manipulated by the attacker.)


Have a nice day :)

Thomas

Re: Need help with PGP signature verification

[DdB]

Am 08.10.2023 um 01:16 schrieb Tom Browder:
> I'm willing to trust published PGP key fingerprints for signers of
> Rakudo downloadable files.
> 
> Question:  How can I get the fingerprint from the downloads? 
> 
> The products I download are (1) the file of interest, (2) a PGP signed
> checksums file with various shaX hashes for the file, and (3) a separate
> file containing a PGP signature.
> 
> Thanks so much.
> 
> -Tom
> 
> 
> 
There is more than just one way to archieve this, first result from
G**-search returns:
https://superuser.com/questions/1297670/how-do-i-check-gpg-signature-given-only-the-fingerprint-and-key-id
which also contains security related warnings and hints.
HTH, DdB

Need help with PGP signature verification

[Tom Browder]

I'm willing to trust published PGP key fingerprints for signers of Rakudo
downloadable files.

Question:  How can I get the fingerprint from the downloads?

The products I download are (1) the file of interest, (2) a PGP signed
checksums file with various shaX hashes for the file, and (3) a separate
file containing a PGP signature.

Thanks so much.

-Tom

Re: PGP-Schluessel auf keys.openpgp.org?

[Thomas Schmitt]

Hi,

sorry for this german mail which i sent to debian-user by mistake.

(I was asked by the xorriso maintainer of another distro to upload my
public PGP key to the keyserver which the distro uses. Hopefully i was
able to fulfill that wish and did not publish any secrets of mine.)


Have a nice day :)

Thomas

Re: PGP-Schluessel auf keys.openpgp.org?

[Thomas Schmitt]

Hi,

> siehst Du eine Möglichkeit Deinen PGP-Schlüssel auf keys.openpgp.org zu
> verwalten und die E-Mail-Adresse freizugeben?

Ich habe die Ausgabe von
  gpg --export scdbac...@gmx.net
hochgeladen. (Ich haette ja gerne inspiziert, was in dem Ausgabefile
steht, aber soweit bringt mich "man gpg" nicht.)

Nach Aufforderung per Mail habe ich eine Verifications-URL angesteuert.
Diese URL fuehrt dann zu einer Seite mit dem Text

  keys.openpgp.org
  Your key 44BC9FD0D688EB007C4DD029E9CBDFC0ABC0A854 is now published for
  the identity scdbac...@gmx.net.

Eine Suche mit meiner Mail Adresse auf keys.openpgp.org bringt:

  We found an entry for scdbac...@gmx.net.

Schau mal, ob das jetzt so ist, wie der RPM-Paketbau es braucht.


Have a nice day :)

Thomas

Re: PGP: difference between Kleopatra and Kgpg, both from KDE

[deloptes]

Marco Möller wrote:

> So, unfortunately I am still in need to find more information about the
> two different (or in the end not different?) GUI tools concerning their
> PGP functionality.
> 

Focus on kgpg for now and start with PGP and OpenGPG (gnupg)
https://www.openpgp.org/

There are also many other sites that explain use of PGP.

Kleopatra can be seen as KDE specific tool for managing certificates and
keys (GPGsM) but in different context. My advise: Forget it for now!

> Many thanks for all the other explanations which you also gave in your
> answer, they have been helpful!
> Marco.

welcome

Re: PGP: difference between Kleopatra and Kgpg, both from KDE

[Marco Möller]

On 31.05.21 22:57, deloptes wrote:


  apt-cache show kleopatra
  apt-cache show kgpg



I think the above parts of the package description explains quite well the
use cases.

With kleopatra you manage certificates in KDE (such like SSL)
With Kgpg you manage GPG keys and you can encrypt/decrypt GUI style text



Well, these descriptions partly cause my question. Following the package 
descriptions, Kgpg appears as the GUI frontend to GnuPG and in addition 
having a feature to input text into a field and to encrypt it right 
there instead of having to receive the input from a file, while 
Kleopatra appears to be kind of a GUI database manager for managing PGP 
keys and also X.509 certificates.


But installing them both and comparing there PGP related offers without 
understanding too much about the topic, Kleopatra seems, like Kgpg, the 
same being a GUI frontend to GnuPG, also including the feature for 
generating key pairs, and like Kgpg also having in addition a feature to 
input text into a field and to encrypt it right there instead of having 
to receive the input from a file.


To this extend it could simply be, that Kleopatra includes all Kgpg 
functionality and then as an extra adds management of also X.509 
functionality to it.
But if I compare the PGP settings which are offered in the GUI for 
creating a PGP key, then in detail this looks different in Kgpg and 
Kleopatra. Kleopatra seems to offer more options and is using more 
technical names for them, while Kgpg seems to offer a smaller amount of 
options and describes them more verbosely instead of using so much 
technical abbreviations. As a beginner it is very difficult to foresee 
if they are finally the same, with Kleopatra simply enhancing the amount 
of offered features in comparison to smaller Kgpg, Kgpg being kind of 
the tool for beginners and Kleopatra being the tool for experts, or if 
Kgpg is actually targeting work cases by its options in its GUI which 
are not addressed by Kleopatra like this.
It could even be that under the hood one is known to work more reliable 
or working closer to the openPGP standard or being more compatible to 
interface with other PGP tools or Apps wanting to use PGP.
I am here specially watching out for the PGP functionality and not 
considering that Kleopatra as an extra also offers X.509 functionality.


So, unfortunately I am still in need to find more information about the 
two different (or in the end not different?) GUI tools concerning their 
PGP functionality.


Many thanks for all the other explanations which you also gave in your 
answer, they have been helpful!

Marco.

Re: PGP: difference between Kleopatra and Kgpg, both from KDE

[Andrei POPESCU]

On Lu, 31 mai 21, 22:57:26, deloptes wrote:
> 
> gnupg is the mother of all open source pgp stuff. In fact you must know that
> PGP is the commercial implementation of a standard for symetric encryption
> (I hope I am not wrong in my wording while citing from memory)

PGP supports asymmetric encryption as well (also known as public-key 
cryptography), otherwise it wouldn't be very usable for e-mail ;)

https://en.wikipedia.org/wiki/Public-key_cryptography

> Gnupg is the opensource equivalent of PGP and it is great :) command line
> utility and set of libraries that makes it possible to use encryption on
> numerous of devices. The application is called gpg.
> Kgpg is a front end to gnupg. Go to the home page of gpg and read, get
> familiar to it. It definitely needs understanding before using.

I'll have to disagree with the "great" here. In my (not so humble) 
opinion GnuPG's (the software) difficulty to use is one the reasons we 
still don't have encrypted, or at least signed email for everybody[1].

Getting public-key cryptography right is already difficult enough[2], it 
would be great if the tools wouldn't add another layer of difficulty on 
top.

[1] signing all email by default could potentially make spam and 
phishing mostly go away
[2] https://wiki.debian.org/GnuPG/AirgappedMasterKey

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: PGP: difference between Kleopatra and Kgpg, both from KDE

[deloptes]

Marco Möller wrote:

> Could someone explain for a raw beginner concerning the usage of PGP the
> difference between Kleopatra and Kgpg, what the typical work case is for
> the one and the other, what important feature the one and the other is
> missing?
> 

 apt-cache show kleopatra

Description-en: Certificate Manager and Unified Crypto GUI
 Kleopatra is a certificate manager and a universal crypto GUI. It supports
 managing X.509 and OpenPGP certificates in the GpgSM keybox and retrieving
 certificates from LDAP servers.
Description-md5: e5d6fc989907b80b691c99f2d8834cf5
Homepage: https://www.kde.org/applications/utilities/kleopatra/


 apt-cache show kgpg

Description-en: graphical front end for GNU Privacy Guard
 Kgpg manages cryptographic keys for the GNU Privacy Guard, and can encrypt,
 decrypt, sign, and verify files.  It features a simple editor for applying
 cryptography to short pieces of text, and can also quickly apply
cryptography
 to the contents of the clipboard.
 .
 This package is part of the KDE Utilities module.
Description-md5: c2c30394bb363998b52a8fcc2caeb33c
Homepage: http://www.kde.org/


> 
> Sorry for the related but low specific questions in the following. Being
> a raw beginner in the topic of PGP signing of email messages, it is
> difficult to even know what exactly to ask for. My internet search
> engine of choice and the KDE web sites both unfortunately did not guide
> me to a nice reading about the differences of Kleopatra and Kgpg, and
> adding Thunderbird to this does not make the topic easier to grasp.
> Therefore please allow me to add the following complex of questions:
> The background to my questions is, that I am aiming to soon use PGP
> signatures when working with Thunderbird, but I would not know if
> Kleopatra or if Kpgp would be better suited to support this. Besides, as
> a raw beginner in the topic of PGP, I am not even sure right now if I
> might find good usage of PGP for whatever else in the future (maybe
> authentication for a ssh access?), and if for this I should right away
> start to get comfortable with the one or the other tool, Kleopatra or
> Kpgp, or if anyway both will be needed because they target different
> work cases or complement each other?

I think the above parts of the package description explains quite well the
use cases.

With kleopatra you manage certificates in KDE (such like SSL)
With Kgpg you manage GPG keys and you can encrypt/decrypt GUI style text

> At the moment my impression is that Thunderbird even comes with its own
> PGP implementation and is not using any other PGP parts of the rest of
> my Debian? Will Kleopatra or Kpgp then be of any help for me at all
> right now?

Don't know thunderbird or it's ability to use GPG, but it makes sense that
it uses it's own implementation. The answer here is probably no.
However you could use Kgpg to create and manage your keys and keyring (I
would recommend it)

> I find package "gnupg" (maybe for the package manager apt to work
> fine?), but no package which in its package name would explicitly
> contain the word openpgp. Is there a special openpgp package which I
> should install in order to get well prepared for a typical PGP future?

gnupg is the mother of all open source pgp stuff. In fact you must know that
PGP is the commercial implementation of a standard for symetric encryption
(I hope I am not wrong in my wording while citing from memory)
Gnupg is the opensource equivalent of PGP and it is great :) command line
utility and set of libraries that makes it possible to use encryption on
numerous of devices. The application is called gpg.
Kgpg is a front end to gnupg. Go to the home page of gpg and read, get
familiar to it. It definitely needs understanding before using.

PGP: difference between Kleopatra and Kgpg, both from KDE

[Marco Möller]

Hello,
Could someone explain for a raw beginner concerning the usage of PGP the 
difference between Kleopatra and Kgpg, what the typical work case is for 
the one and the other, what important feature the one and the other is 
missing?



Sorry for the related but low specific questions in the following. Being 
a raw beginner in the topic of PGP signing of email messages, it is 
difficult to even know what exactly to ask for. My internet search 
engine of choice and the KDE web sites both unfortunately did not guide 
me to a nice reading about the differences of Kleopatra and Kgpg, and 
adding Thunderbird to this does not make the topic easier to grasp. 
Therefore please allow me to add the following complex of questions:
The background to my questions is, that I am aiming to soon use PGP 
signatures when working with Thunderbird, but I would not know if 
Kleopatra or if Kpgp would be better suited to support this. Besides, as 
a raw beginner in the topic of PGP, I am not even sure right now if I 
might find good usage of PGP for whatever else in the future (maybe 
authentication for a ssh access?), and if for this I should right away 
start to get comfortable with the one or the other tool, Kleopatra or 
Kpgp, or if anyway both will be needed because they target different 
work cases or complement each other?
At the moment my impression is that Thunderbird even comes with its own 
PGP implementation and is not using any other PGP parts of the rest of 
my Debian? Will Kleopatra or Kpgp then be of any help for me at all 
right now?
I find package "gnupg" (maybe for the package manager apt to work 
fine?), but no package which in its package name would explicitly 
contain the word openpgp. Is there a special openpgp package which I 
should install in order to get well prepared for a typical PGP future?


Thanks a lot! Marco.

Nieuwe Thunderbird en PGP

[Paul van der Vlis]

Hallo,

Vandaag is de nieuwe Thunderbird uitgerold via security met daarin een 
eigen PGP implementatie.  Deze gebruikt geen PGP van het systeem, maar 
een eigen PGP die minder kan.


Met moeite heb ik mijn private keys weten te importeren uit 
~/.gnupg/secring.pgp. Hierin stonden verschillende keys, en als je opgaf 
dat je niet al die keys wou, dan wou hij ze toch. Maar goed, gelukt, 
maar het lijkt me lastig voor iemand die het paswoord van een oude key 
kwijt is, want het wil wel de paswoorden.


De public keys importeren uit ~/.gnupg/pubring.pgp wil nog niet erg 
lukken. Thunderbird zegt dat het bestand te groot is. Iemand hier 
ervaring hoe je pubring.pgp opsplitst?


De melding in het Engels is:
This file is too big. Please don't import a large set of keys at once.
Mijn pubring is overigens 23 MB, dat noem ik niet groot.


Groet,
Paul



--
Paul van der Vlis Linux systeembeheer Groningen
https://www.vandervlis.nl/

[OT] Fwd: PGP/GnuPG unsecure, should be replaced?

[Juan Lavieri]

Para la información de quienes tengan interés.

 Mensaje reenviado 
Asunto: PGP/GnuPG unsecure, should be replaced?
Resent-Date: Fri, 19 Jul 2019 11:42:34 + (UTC)
Resent-From: debian-secur...@lists.debian.org
Fecha: Fri, 19 Jul 2019 13:34:47 +0200
De: Stephan Seitz 
Organización: Minas Tirith, Gondor
Para: debian-secur...@lists.debian.org

Hi!

I found the following article about PGP/GnuPG:
https://latacora.singles/2019/07/16/the-pgp-problem.html

In short you should drop GnuPG because it doesn’t do anything really the 
right way. It should be replaced with different tools for different 
situations.


Debian is using GnuPG for signing files. From the article:

Signing Packages

Use Signify/Minisign. Ted Unangst will tell you all about it. It’s what
OpenBSD uses to sign packages. It’s extremely simple and uses modern 
signing. Minisign, from Frank Denis, the libsodium guy, brings the same 
design to Windows and macOS; it has bindings for Go, Rust, Python, 
Javascript, and .NET; it’s even compatible with Signify.


What do you think?

Shade and sweet water!

Stephan

--
| Public Keys: http://fsing.rootsland.net/~stse/keys.html |

--
Errar es de humanos, pero es mas humano culpar a los demás

PGP & Protonmail (Was: Encrypted e-mails?)

[Bob Bernstein]

On Mon, 10 Sep 2018, pjw wrote:

Since July ProtonMail is now fully interoperable with 
other PGP mail clients.


Now that is a nice piece of news.

--
Fraught with portent

Re: PGP Email Client

[mick crane]

On 2018-07-08 18:18, HP Garcia wrote:

Can anyone recommend an email client that can handle PGP? I'm currently
using Claws-Mail 3.14.1

Thanks in advance

roundcube with enigma plugin
dunno if it is working
mick

--
Key ID4BFEBB31

0x4BFEBB31.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature

Re: PGP Email Client

[Ben Oliver]

On 18-07-08 14:42:54, Jude DaShiell wrote:
If you can live with the configuration mutt or neomutt can fill the 
bill.


I can never truly recommend mutt to people who aren't used to terminal 
apps.


That said, it's a great piece of software and the PGP handling in 
particular is really nice with a little config.


signature.asc
Description: PGP signature

Re: PGP Email Client

[Jude DaShiell]

On Sun, 8 Jul 2018, HP Garcia wrote:

> Date: Sun, 8 Jul 2018 13:18:25
> From: HP Garcia 
> To: debian-user@lists.debian.org
> Subject: PGP Email Client
> Resent-Date: Sun,  8 Jul 2018 17:18:45 + (UTC)
> Resent-From: debian-user@lists.debian.org
>
> Can anyone recommend an email client that can handle PGP? I'm currently
> using Claws-Mail 3.14.1
>
> Thanks in advance
>
If you can live with the configuration mutt or neomutt can fill the bill.
>

-- 

Re: PGP Email Client

[Andreas Ronnquist]

On Sun, 8 Jul 2018 10:18:25 -0700,
HP Garcia wrote:

>Can anyone recommend an email client that can handle PGP? I'm currently
>using Claws-Mail 3.14.1
>

Why not Claws-Mail? With the correct plugins (claws-mail-pgpinline or
claws-mail-pgpmime) that should be packaged in Debian it handles pgp
just fine.

-- Andreas Rönnquist
mailingli...@gusnan.se
andr...@ronnquist.net


pgpuTTeXWuCA8.pgp
Description: OpenPGP digital signatur

Re: PGP Email Client

[Brad Rogers]

On Sun, 8 Jul 2018 10:18:25 -0700
HP Garcia  wrote:

Hello HP,

>Can anyone recommend an email client that can handle PGP? I'm currently
>using Claws-Mail 3.14.1

CM;  Install the relevant plugin(s) and you're ready.

-- 
 Regards  _
 / )   "The blindingly obvious is
/ _)radnever immediately apparent"
If we're working class, why ain't we got jobs?
Insane Society - Menace


pgp_CZDb6YBM0.pgp
Description: OpenPGP digital signature

Re: PGP Email Client

[john doe]

On 7/8/2018 7:18 PM, HP Garcia wrote:

Can anyone recommend an email client that can handle PGP? I'm currently
using Claws-Mail 3.14.1



https://www.claws-mail.org/plugin.php?plugin=gpg


Thunderbird with enigmail.

https://support.mozilla.org/en-US/kb/digitally-signing-and-encrypting-messages

--
John Doe

PGP Email Client

[HP Garcia]

Can anyone recommend an email client that can handle PGP? I'm currently
using Claws-Mail 3.14.1

Thanks in advance

-- 
HP Garcia KM6JBI
www.HPGPhotography.com

Re: How to get a PGP SIGNED MESSAGE

[Thomas Schmitt]

Hi,

GC wrote:
> I would like to get a PGP SIGNED MESSAGE. How do I do that?

For production, see chapter 1 of GPG documentatio,
"Getting Started":

  https://www.gnupg.org/gph/en/manual/c14.html

(note the swapping of "g" and "p" in comparison to PGP.)

The manual of gpg is quite rich in detail information:
  man gpg


When posting official announcements to info-...@gnu.org, i use

  gpg --clearsign my_file

to get a new file  my_file.asc  which looks like

  -BEGIN PGP SIGNED MESSAGE-
  Hash: SHA1

  Hi,
  ...

  -BEGIN PGP SIGNATURE-
  Version: GnuPG v1.4.5 (GNU/Linux)

  iD8DBQFVWdQp6cvfwKvAqFQRAkWDAJwMwJS89XAq2npLv0iYdmCT6fv8LACgoRVW
  csBodn7iN9YzXO2sHZgthFc=
  =FlQN
  -END PGP SIGNATURE-

This can be verified by getting my public key

  gpg --keyserver keys.gnupg.net --recv-keys ABC0A854

and running gpg --verify on my signed cleartext message

  gpg --verify my_file.asc

An example message can be found at
  http://lists.gnu.org/archive/html/info-gnu/2015-05/msg9.html


Have a nice day :)

Thomas

Re: How to get a PGP SIGNED MESSAGE

[Brad Rogers]

On Wed, 18 Nov 2015 00:19:24 -0800
GC <g...@maillr.com> wrote:

Hello GC,

>I would like to get a PGP SIGNED MESSAGE. How do I do that?

Wait for somebody to send you one.

-- 
 Regards  _
 / )   "The blindingly obvious is
/ _)radnever immediately apparent"
Well you tried it just the once and found it alright for kicks
Orgasm Addict - Buzzcocks


pgplRla61QyIa.pgp
Description: OpenPGP digital signature

Re: How to get a PGP SIGNED MESSAGE

[Stuart Longland]

On 18/11/15 18:19, GC wrote:
> I would like to get a PGP SIGNED MESSAGE. How do I do that?

Could you be more specific?

If it was just your goal in life to have someone send an OpenPGP signed
email, you can cross that off your "bucket list".

I suspect that was not your aim though.  Are you intending to generate
signed messages or merely verify them?
-- 
Stuart Longland (aka Redhatter, VK4MSL)

I haven't lost my mind...
  ...it's backed up on a tape somewhere.



signature.asc
Description: OpenPGP digital signature

How to get a PGP SIGNED MESSAGE

[GC]

I would like to get a PGP SIGNED MESSAGE. How do I do that?

keysigning, debian packaging met git, hoe word je een debian contributor, mutt (was: Re: Your signed PGP key)

[Joost van Baal-Ilić]

Hi Dmitry,

Cc-ing list since answers to questions about how to get started as a Debian
contributor, or working with PGP, might be interesting to others too.

Debian User Dutch-subscribers: excuses dat deze mail in het Engels is.  Dmitry
woont in Nederland maar schrijft makkelijker Engels dan Nederlands, geloof ik.
Ik ontmoette hem op de Debian Bug Squashing Party, onlangs in Tilburg.  Cc mij
en Dmitry op replies aub; ik ben niet ge-abonneerd op deze lijst.

On Tue, Dec 16, 2014 at 08:51:27PM +0100, Dmitry Katsubo wrote:
 On 16/12/2014 11:12, Joost van Baal-Ilić wrote:
  can i quote you on e.g. debian-events-nl, and answer there / publically?
 
 Sure. Please CC to me, as I might not be subscribed to that particular
 maillist.

  On Tue, Dec 16, 2014 at 09:44:44AM +0100, Dmitry Katsubo wrote:
 
  It was a pleasure for me to meet you at BSP in Tilburg today.

Same!

snip
  Please find your key signed by me.

Thanks!  Will process it later, and sign your key later.  Please remind
me if I fail to do that within about 1 week.

  I tried to follow the document Debian packaging using git
  (http://mdcc.cx/dpg.txt) you have suggested, but I find it a bit
  difficult to understand completely what is going on in the examples you
  provide. I have found another manual
  (http://honk.sigxcpu.org/projects/git-buildpackage/manual-html/gbp.html)
  which is more easy for me to start with right now. I will practise once
  I have some project on Git.

OK, nice.

  I have checked the debian-newmain maillist and I see that DM
  applications already refer the existing packages. That means I have to
  find a sponsor first to initiate a package, and then request for DM?

Yes, finding a DM is easier once you can show some work you've done for Debian.
BTW, you don't need a sponsor to do Debian-work: you can e.g. create a .deb and
publish that work on e.g. your own website.  You can also apply for an account
on alioth.debian.org, and start contributing to work there, using e.g. git.

  I have found Debian chemistry community
  (http://blends.debian.org/science/tasks/chemistry) -- I think this is
  right place to find further help and sponsor.

Yup, that's a good way to enter.

  P.S. Sorry, I might have send the previous email to you encrypted by my
  key... Strange how Thunderbird came to such an idea. What software do
  you use to sign/encrypt email messages?

mutt with GnuPG.  If you 'apt install mutt' on a Debian system, the
gnupg-integration works out of the box, iirc.

Take care, Bye,

Joost



signature.asc
Description: Digital signature

[OT] Firmas PGP rotas

[Francisco Del Roio]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hola,

Veo que cuando un mensaje es respondido se rompen las firmas PGP.
Sería normal eso? ¿Es posible conseguir que, o bien se reconozcan las
firmas en los mensajes citados, o bien se quite la firma antes de
responder?

No es demasiado importante, pero bueno...

Un saludo,
- -- 
Franci
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSd3omAAoJELcQqmDiUAB0LZcH/0zxtUrDmy/ny6MUxt2gtdAB
WY0PynQHp4e8UKhLw/YGOOIF4oI3F/znw7LjbfTiAaAhXhcDddxrNT58wXiwNuJL
pSfIzDBbZJx3+IWovC/SY1QgSIeLZShx+qAvswMT30RFqDkPxwJvZIEmphLte+p+
D7YlKhhnLQcbhhrxC43lP7Xef1YRDgLU6xvCSNKP178Li7gGl+V2rhEUIy5rdBLv
3sVB1zRjqCoUlwiNZHsfg8wUl27Rk647YyGyV7FP2PiaYl5ZQcesI+QOTvITu12S
zRDc1DouNv2bsKNscqGm1PgY3tlSdyBVJuD3tfqIfuq89sSOw9Fd0PEK7KpnEVs=
=3Pc9
-END PGP SIGNATURE-


--
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52777a26.6090...@openmailbox.org

Re: [OT] Firmas PGP rotas

[Camaleón]

El Mon, 04 Nov 2013 07:42:46 -0300, Francisco Del Roio escribió:

 Veo que cuando un mensaje es respondido se rompen las firmas PGP. 

¿Puedes poner un ejemplo? 

Si te refieres a los correos de esta lista, puedes usar el archivo para 
indicar algún mensaje.

 Sería normal eso? ¿Es posible conseguir que, o bien se reconozcan las
 firmas en los mensajes citados, o bien se quite la firma antes de
 responder?

Es que no sé a qué te refieres :-?

A los mensajes a los que respondo que llevan firma GnuPG/PGP integrada 
les quito manualmente la firma, claro.

Saludos,

-- 
Camaleón


-- 
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/pan.2013.11.04.14.57...@gmail.com

Re: [OT] Firmas PGP rotas

[Francisco Del Roio]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

hola,

El 04/11/2013 11:57 a.m., Camaleón escribió:
(...)
 A los mensajes a los que respondo que llevan firma GnuPG/PGP
 integrada les quito manualmente la firma, claro.
 
 Saludos,
 
MMM...dijo la vaca...

Bueno, entonces no me quedan mas dudas.

Un saludo,
- -- 
Franci
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSd+KOAAoJELcQqmDiUAB0DMYH+wZv99Wh6gI6mTZ46U0jU0d0
dvE8bB5aNEibcCnyaj3camYMhEiJAnp7RSLKOu4NNUHM8Ei8Mbi4vwJBSE/qBiH7
9YUxtmi2TJz5TK8vINxgs0s9xc6o7AWrA7Tu+ST4aWZLXWO33sfuH2kKJmSLC1ZY
1NjqL7usDZsfbwH99qBOC7h4yZJWNkJ7sDDEuqPQJeRbb7PLH10T+VBVokGbGi/v
3N+mS8pyHDB+nT58LTatHgtntkHf3C09ONErbPi1/VWlh0xwBSR3sz2Lp9U+cuzc
22x0JZ4BYE5IPU/hwxZwf1R4HGS4QQ9geiXb9vTSLQZC68anau8ZNq2JQOrh2PE=
=MBJ0
-END PGP SIGNATURE-


--
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/5277e28f.8020...@openmailbox.org

Re: [OT] Firmas PGP rotas

[Camaleón]

El Mon, 04 Nov 2013 15:08:15 -0300, Francisco Del Roio escribió:

 El 04/11/2013 11:57 a.m., Camaleón escribió:
 (...)
 A los mensajes a los que respondo que llevan firma GnuPG/PGP integrada
 les quito manualmente la firma, claro.
 
 Saludos,
 
 MMM...dijo la vaca...
 
 Bueno, entonces no me quedan mas dudas.

:-)

Claro, es que realmente el mensaje lo mando yo, no tú.

Tu mensaje original está debidamente firmado y dejar la firma intacta al 
responder no hace más aumentar el tamaño del mensaje y no aporta nada.

Saludos,

-- 
Camaleón


-- 
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/pan.2013.11.04.18.34...@gmail.com

Re: Strange PGP signature

[Dmitrii Kashin]

Aort Conda aort...@gmx.com writes:

 What is this? The file on official cd mirror is different.

Did not get what you are talking about.
Everything is normal, see:


% gpg --verify SHA512SUMS.sign SHA512SUMS 
gpg: Signature made Mon Oct 14 01:19:32 2013 MSK using RSA key ID 6294BE9B
gpg: Good signature from Debian CD signing key debian...@lists.debian.org



pgpmUa8nf05o5.pgp
Description: PGP signature

Re: Strange PGP signature

[Marko Randjelovic]

On Tue, 15 Oct 2013 13:08:43 +0400
Dmitrii Kashin free...@freehck.ru wrote:

 Aort Conda aort...@gmx.com writes:
 
  What is this? The file on official cd mirror is different.
 
 Did not get what you are talking about.
 Everything is normal, see:
 
 
 % gpg --verify SHA512SUMS.sign SHA512SUMS 
 gpg: Signature made Mon Oct 14 01:19:32 2013 MSK using RSA key ID 6294BE9B
 gpg: Good signature from Debian CD signing key debian...@lists.debian.org
 

Probably he meant about .sign file. It is really different from that on 
cdimage.debian.org

http://cdimage.debian.org/debian-cd/7.2.0/amd64/iso-dvd/SHA512SUMS.sign:
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAABCAAGBQJSWw5jAAoJENqH6A1ilL6bQ80QAOBDh5Sot0bcIPLXE0L7T8kU
KJUSdQRcjTvwpW76BB7ekC6/gAfyHO7hd857vO6SI+78seLlbh3MBJ6swmn3WAcS
YmxhDPDToPgerxwgKOXAby7hqenodrFyy/V79whFf1MA9TUbPS1veByERbgH/Rkt
/qPD5oVNYqhD1NPOaF67+lDNZuyJlb82uNrBc7STApwfVIVNiqbcPhaQY6Z02L0r
M5S9pqI8ReX56AWVYqnOjAVOxDyUmyKw4hXIIIk5Sj9NWZeUOu3vTv0CA7vdHLc2
a2vIc6WMxWMUqHaDwWOpJYIg+g7ti11UQUhn3qyJPwvH/P1LOCA35TcUsS7EllKs
6hfLdkwlaDlTK335aJliSo1T4fVtaQqOIHngencZcmUkhg061UIc+wZKH6a6CepW
1MkLzTbWK6u0EpHYUVlx/973kzkDIDGhFVbohEX82oSFg+3QTYGiL5UNQDYmMShx
dS566ZTxwvSFwMitAmv9s3he/GIRj2c/MwchBHcFoMdixs0+snfH7aUGYJ8VjNEd
QTZdSjuv/NtJImbHukhUjm0I+8wqJQRnahhDzqfWAHnursX1EsjCcxB/+n/SHqXQ
gp46AePXbPEosFRXpjIBnInzYQyA9WbWSt26RH/f3mTV6XikMYEHQP80/chYJuxw
oVQyLOsM5J6omBx44rbX
=3eMw
-END PGP SIGNATURE-

attached file:
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAABCAAGBQJSWw5kAAoJENqH6A1ilL6bcioP/RQN87G5mx68QX8eWR+Gec2u
ueRlXL4O63cQQI0G849KW5bag+4HUaUIvxEO1K0j0A3mnGKxYNfjiMtJ0uqx9dA6
ADWPubdMMtvuT8Yn+OvUyyK7Z5N3lh6ut7twSMF4EgMRz+IYnL43mIkjGTSb2r1F
Ug9Ppr4J9tbZXViv5EtEx3swnXCvndus2ABhP8TjXwqUV1P4wc2tgj4c7OcyaCBW
BVDQrFFbSDqOmD+ckyXZC1sv/Zsfb0WCVYfGeTBiTl0RjUQehJLLQcs7+yAQWiQ7
S3rDI+mdUB3oeIi5vatpjZwc5XqLTbNgTUy3nWGxBULbWFNoSSygbx98RuAXXCA/
QzNwBO8SHPcpO0VabEpqSrrhDw8fP9WosG9OzkqbYiTckis+QU9qE9Z2tKKw1DJe
RWwtBngX8ELsr08AgSStNhXg+j0yR8nxHzPx2coQujx28O8OWrJkdYhiihQeV+C7
FYyXtZeC6l1/tC1EqAKGUNsZPclgk4VmJ0G9vakeRSSQ2PLeyTfMlExh5Q+RDixV
CWClhIH5V73+tmIFOUPyI7LsdaIrfBUsY1yyoIyijxQrr3oz04ckhkpU5cQG4+Uw
mveFFoxM/D2gFgyrd5h63bbs6JnUKhDIb0mDbJtrt2I9BV0JjOuz0iMsZfRodyRB
J8WzUm/mZBewt+PPOA6v
=hPTE
-END PGP SIGNATURE-

$ gpg --verify SHA512SUMS.sign SHA512SUMS # attached file
gpg: Signature made Sun 13 Oct 2013 11:19:32 PM CEST using RSA key ID 6294BE9B
gpg: Good signature from Debian CD signing key debian...@lists.debian.org

$ gpg --verify SHA512SUMS.sign2 SHA512SUMS # 
http://cdimage.debian.org/debian-cd/7.2.0/amd64/iso-dvd/SHA512SUMS.sign
gpg: Signature made Sun 13 Oct 2013 11:19:31 PM CEST using RSA key ID 6294BE9B
gpg: Good signature from Debian CD signing key debian...@lists.debian.org

But both signatures are 'Good', but time differs in 1 second.

-- 
http://mr.flossdaily.org


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20131015120349.71aad...@eunet.rs

Re: Strange PGP signature

[Dmitrii Kashin]

Marko Randjelovic marko...@eunet.rs writes:

 $ gpg --verify SHA512SUMS.sign SHA512SUMS # attached file
 gpg: Signature made Sun 13 Oct 2013 11:19:32 PM CEST using RSA key ID 6294BE9B
 gpg: Good signature from Debian CD signing key debian...@lists.debian.org

 $ gpg --verify SHA512SUMS.sign2 SHA512SUMS # 
 http://cdimage.debian.org/debian-cd/7.2.0/amd64/iso-dvd/SHA512SUMS.sign
 gpg: Signature made Sun 13 Oct 2013 11:19:31 PM CEST using RSA key ID 6294BE9B
 gpg: Good signature from Debian CD signing key debian...@lists.debian.org

 But both signatures are 'Good', but time differs in 1 second.

Wow. How did it happen? Where did he take previous signature?


pgpDyPp3ooIlV.pgp
Description: PGP signature

Strange PGP signature

[Aort Conda]

What is this? The file on official cd mirror is different.


SHA512SUMS
Description: Attachment: SHA512SUMS


SHA512SUMS.sign
Description: Attachment: SHA512SUMS.sign

Vérifiez vos clés PGP

[Jacques Lav!gnotte.]

Bonjour,

Debian vient de mettre à jour le paquet gnupg2.

A ce propos, je n'ai pas vu passer ici l'info concernant tous ceux qui
ont une vieille clé PGP/GPG (genre de plus de 5-10 ans), voici une série
de test à faire sur la votre afin de savoir si vous avez besoin de la
refaire.

https://we.riseup.net/riseuplabs+paow/openpgp-best-practices#openpgp-key-checks

Moi je l'ai fait.

Jacques


-- 
Lisez la FAQ de la liste avant de poser une question :
http://wiki.debian.org/fr/FrenchLists

Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe
vers debian-user-french-requ...@lists.debian.org
En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org
Archive: http://lists.debian.org/5256ec3d.2090...@lavignotte.org

Re: gpg/pgp noise

[Mika Suomalainen]

13.05.2012 10:26, Andrei POPESCU kirjoitti:
 @Mika:
 At least in my experience Mailman is NOT breaking GPG/MIME. I know of at 
 least 4 different Mailman installations (including 
 lists.alioth.debian.org) that work fine.

At least it doesn't work on gnupg-user nor enigmail nor lists.ubuntu.com
mailing lists.

 Assuming the issues with Mailman + GPG/MIME are not at your end[1], did 
 you consider signing inline only to those specific lists? I'd be amazed 
 if Thunderbird/Icedove can't do this (for mutt it's trivial with a send- 
 or a folder-hook).

This is little hard to remember to do with 4 computers and 7 different OSes.

 [1] You could BCC yourself and compare the message with the one received 
 from the mailing list. Also consider any mail server on the way, I've 
 read rumors of Microsoft Exchange messing with messages (especially 
 encodings).

When I have time. I have been busy lately.

 Kind regards,
 Andrei

-- 
[Mika Suomalainen](https://mkaysi.github.com/) ||
[gpg --keyserver pool.sks-keyservers.net --recv-keys
4DB53CFE82A46728](http://mkaysi.github.com/PGP/key.txt) ||
[Why do I sign my
emails?](http://mkaysi.github.com/PGP/WhyDoISignEmails.html) ||
[Please don't send
HTML.](http://mkaysi.github.com/articles/complaining/HTML.html) ||
[Please don't
toppost](http://mkaysi.github.com/articles/complaining/topposting.html) ||
[This signature](https://gist.github.com/2643070) ||



signature.asc
Description: OpenPGP digital signature

Re: gpg/pgp noise

[Andrei POPESCU]

Hopefully not reigniting this...

On Ma, 08 mai 12, 05:43:17, Indulekha wrote:
 Hi,
 
 I'm getting this with most gog/pgp-signed mails received 
 from this list (using mutt):

This part has been solved, but since it is highly unlikely for you to 
have a trust path to my key you'll still get a block of 5 or so lines 
telling you that the message is properly signed, but there is no 
indication that the key belongs to the user (i.e. no trust path).

Sorry, I'm trying to get my key in the Debian web-of-trust soonish, but 
I understand you already have filters for that.
 
 
I have a few other technical remarks that I'm adding here instead of 
digging a specific message to reply:

@Indulekha and other squeeze+mutt users:
beware of a bug where mutt incorrectly sends GPG/MIME signatures with 
disposition=inline.

This is not a problem for mutt itself, but for example Gmail will 
(correctly) quote the entire GPG signature on reply to such messages. 
Fixed in 1.5.21 (available from squeeze-backports).

@Mika:
At least in my experience Mailman is NOT breaking GPG/MIME. I know of at 
least 4 different Mailman installations (including 
lists.alioth.debian.org) that work fine.

Assuming the issues with Mailman + GPG/MIME are not at your end[1], did 
you consider signing inline only to those specific lists? I'd be amazed 
if Thunderbird/Icedove can't do this (for mutt it's trivial with a send- 
or a folder-hook).

[1] You could BCC yourself and compare the message with the one received 
from the mailing list. Also consider any mail server on the way, I've 
read rumors of Microsoft Exchange messing with messages (especially 
encodings).

Kind regards,
Andrei
-- 
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic


signature.asc
Description: Digital signature

Re: Things we should know about PGP

[Jon Dowland]

On Thu, May 10, 2012 at 07:36:14PM +0200, Ralf Mardorf wrote:
 And why do we need this? We could notarized emails + use or computer
 readable ID cards, anyway, this in addition won't make mailing list
 mails more true or less true. There's more untruth for notarized papers
 than for non-notarized papers. Why should things become better with
 openPGP signing?

I can't recall anyone arguing that it would improve the quality of discourse.
All it does is help to prove who wrote what.  Some see value in that, others do
not.

 Again, I don't care, even if I would see cryptic lines at the bottom of
 my mails, but IMO we should avoid photos as thumbnails, PGP, HTML.

You are entitled to that opinion ☺


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120511132931.GC1319@debian

Re: Things we should know about PGP

[Terence]

This is an interesting thread for me. I can see (I think!) the various
points that have been made, but as it is, I feel, it's mostly trivial.

If I write to this list, or others, or friends, or colleagues, why do
I need to identify myself? Or require someone to find my public key to
read or confirm what I've written?

If I need such cryptographic security only the people I wish to know
my public key will have it. For my personal secure connections et al,
I use Tails on a 16Gb usb stick.

Those who attach their public key to this list are the equivalent in
my book to those who append humourous signatures to their posts:
it's there, it's naff. it's ignored.

At end of the day, you believe what you want. My bank and other
important communications arrive through the post, and on line. If I
doubt it, I check it. I do the same with my public phone lines. and my
on-line use.

If you don't need to publicise your public key ( because, after all.
very few if any, are going to use it) don't add it to every e-mail,
along with an irrelevant sig block which does nothing except confirm
your self-esteem (Look at me, Ma, top of the world) and the opinion of
your readers which is probably the reverse of that which you hope and
believe.

Keep it simple, keep it sane, keep away from paranoia,  they're not
out get you (why should they be bothered?), keep a sense of
perspective ( vide The Hitchhiker's Guide To The Galaxy as to why
this may be a good idea).

Hi, again, Camaleon, long time!

Saki


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/cafg91engyepb8yrc3av0x3lyhq9pn6gvqqlm0+k9utycdxm...@mail.gmail.com

Re: [OT] Re: Things we should know about PGP

[Ralf Mardorf]

On Thu, 2012-05-10 at 14:56 +, Camaleón wrote:
 On Wed, 09 May 2012 23:22:09 +0200, Ralf Mardorf wrote:
 
  On Wed, 2012-05-09 at 20:22 +, Camaleón wrote:
 
  What is what you understand by dirty?
  
  I can send the same spam, virus-inside or crap message with a signature
  or without it. That changes nothing.
  
  
  dirty {adj} [fig.] e.g. remove words, add words.
 
 So you meant that the content of the messages can't become faked/
 manipulated when they are signed. If that's what you wanted to say, then 
 yes, signatures are also aimed for that.
 
 But the problem still remains: in the event you can check the validity of 
 the signature you still can't be sure about its real author.
 
  You can still get false-positives that make the signature cannot be
  properly verified so you think the message is not legitimate while it
  is.
  
  I did wrote something similar off-list to whomever, but it wasn't only
  about computers and signing mails:
 
 (...)
 
  As I already pointed out. Somebody e.g. could hack the view of a
  mailing list archive, seemingly signed mails with edited
  contend. Than this wrong information is in the Internet,
  pretending to be the signed original. The mob will believe this
  is absolute truth. They are hungry for absolute truth. This is a
  loss of civilization.
 
 It's even simpler than that, is that any piece of the software involved 
 in the message distribution chain can fail, i.e., they can have bugs that 
 render the signature verification proccess invalid.

  OTOH there are valid situations to sign messages.
 
 Of course. Moreover, it should be a must. 
 
 As I see it, the concept of verifying the author of a message is 
 completely valid and right, it's the implementation that fails because of 
 the way you have to trust the user you want to validate (human beings 
 have not developed a system to differ between a fake and a true thing, 
 our brains are very limited in that field and also very influenceable by 
 external sources).
 
 Greetings,

I guess we agree.

 - ralf


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1336663538.2307.58.camel@precise

Re: Things we should know about PGP

[Jon Dowland]

On Wed, May 09, 2012 at 09:17:17PM +0200, Ralf Mardorf wrote:
 Regarding to security. Assumed somebody always sign the mails to a
 mailing list. Isn't it possible that somebody hacks the view of a
 mailing list archive? Make it look like if a nice guy said odd things
 for signed mails. He never did, the mails were not hacked, just the view
 of the web page is hacked.

They could, if you were relying on the mailing list archives to verify
the signatures, but they don't. You can fetch the signature and the
original message (awkward from a web mailing list archive, but Camaleón
has shown a way of doing it with gmane in the past) and perform the 
verification yourself.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120510161127.GB14319@debian

Re: Things we should know about PGP

[Ralf Mardorf]

On Thu, 2012-05-10 at 17:11 +0100, Jon Dowland wrote:
 On Wed, May 09, 2012 at 09:17:17PM +0200, Ralf Mardorf wrote:
  Regarding to security. Assumed somebody always sign the mails to a
  mailing list. Isn't it possible that somebody hacks the view of a
  mailing list archive? Make it look like if a nice guy said odd things
  for signed mails. He never did, the mails were not hacked, just the view
  of the web page is hacked.
 
 They could, if you were relying on the mailing list archives to verify
 the signatures, but they don't. You can fetch the signature and the
 original message (awkward from a web mailing list archive, but Camaleón
 has shown a way of doing it with gmane in the past) and perform the 
 verification yourself.

And why do we need this? We could notarized emails + use or computer
readable ID cards, anyway, this in addition won't make mailing list
mails more true or less true. There's more untruth for notarized papers
than for non-notarized papers. Why should things become better with
openPGP signing?

Again, I don't care, even if I would see cryptic lines at the bottom of
my mails, but IMO we should avoid photos as thumbnails, PGP, HTML.

- Ralf


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1336671374.5199.14.camel@precise

Re: Things we should know about PGP

[Ralf Mardorf]

The Signature from someone else:

Confidence is what you have before you understand a problem
- Woody Allen


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1336671506.5199.15.camel@precise

Re: gpg/pgp noise

[Frank Lanitz]

Am 08.05.2012 13:11, schrieb Indulekha:
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.11 (GNU/Linux)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
 
 iQEcBAEBAgAGBQJPqPsiAAoJECPmYW6gk8JjitcH/RGtSdn39OPewwyXYgebGiUy
 Ws29uZkfae4LlD9LRQeGQujHVW7bzMVCW2EXdRsCGIbpU0+KUjYGJebXKtwzNmLU
 C1Uc7tVGUtACQ/S9DgFX1oBD4C7Siirdgokk+8HggVcqvGYs2jnxg5tetU+G18pE
 UQ9jxxaf48EANwHDgildQ85xHJk3DnWvfsvUASlobQIDq/vRmbLNPjdfBe1rp7R/
 Y8m7+3vxIsnSYrT8oeAGoDGJe3PrdJ6EP96VFJBjXARportrx+8YowUyEKeRyqf6
 EUNcXZILLpPJOqcyUsyxRALmGoTYqhHne6TQwZ6ZcGxihNl3+i/WFYQmHNBdTSU=
 =M9O6
 -END PGP SIGNATURE-

This is an inline PGP-signature-block. You only can get rid of in case
of your mail client is understanding inline signatures.
This block includes a checksum crypted with the private key of the
sender so you can check, whether someone has e.g. modified the text or
the text is really sent by, in this case it seems to be Phil, by the
author.

Cheers,
Frank


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4faa0d4a.5040...@frank.uvena.de

Re: gpg/pgp noise

[Jon Dowland]

On Wed, May 09, 2012 at 12:29:31PM +1000, Scott Ferguson wrote:
 Bob's PGP signature is valid - yours is not
 You waste our time and bandwidth.

In what way? I can verify Mika's signatures just fine.  The signatures
are valid.

 Bob's key validates his identity - yours does not.
 I can verify that Bob is Bob through a chain of trust.

Why does Mikka's not? It's not impossible for someone to have a trust
path to Mikka. Albeit one step removed, since the signing key he uses
has one signature, from another of his keys - but that one has at
least one. (I haven't managed to construct a trust path to Mikka
myself, since most of the public pathfinder servers don't have his
key)


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120509085636.GA8326@debian

Re: gpg/pgp noise

[Jon Dowland]

On Tue, May 08, 2012 at 04:15:28PM -0400, Celejar wrote:
 I'm no expert in all this, but can you explain and document what you
 mean by the claim that headers ... must be verified? All emails have
 their headers modified en route (e.g., Received: and Delivered-To
 are added, as are all kinds of X-stuff ones). Does PGP/MIME really
 protect all headers (beyond the MIME ones)? It really breaks if *any*
 headers are modified? Please provide documentation.

Writing off the top of my head, you may wish to verify everything I say ☺
PGP/MIME does not verify the headers, but your mail is a multipart/mime mail,
and it does verify the specific MIME headers that define the encoding for the
signed part.  If the message is decoded, or re-encoded, then these headers can
change (either semantically, if the re-encoding is via a different scheme, or
simply syntactically, afaik whitespace changes etc.)  There's a related problem
where you can't get at the original mail (so: web archives of mailing lists
only give you the decoded bits; I think RT is similar, which is why when
someone needs to submit a ticket to the Debian RT queue, they are told to use
inline PGP: http://keyring.debian.org/)


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120509085922.GB8326@debian

Re: gpg/pgp noise

[Jon Dowland]

On Wed, May 09, 2012 at 08:23:06AM +0200, Frank Lanitz wrote:
 Am 08.05.2012 13:11, schrieb Indulekha:
  -BEGIN PGP SIGNATURE-
  Version: GnuPG v1.4.11 (GNU/Linux)
  Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
  
  iQEcBAEBAgAGBQJPqPsiAAoJECPmYW6gk8JjitcH/RGtSdn39OPewwyXYgebGiUy
  Ws29uZkfae4LlD9LRQeGQujHVW7bzMVCW2EXdRsCGIbpU0+KUjYGJebXKtwzNmLU
  C1Uc7tVGUtACQ/S9DgFX1oBD4C7Siirdgokk+8HggVcqvGYs2jnxg5tetU+G18pE
  UQ9jxxaf48EANwHDgildQ85xHJk3DnWvfsvUASlobQIDq/vRmbLNPjdfBe1rp7R/
  Y8m7+3vxIsnSYrT8oeAGoDGJe3PrdJ6EP96VFJBjXARportrx+8YowUyEKeRyqf6
  EUNcXZILLpPJOqcyUsyxRALmGoTYqhHne6TQwZ6ZcGxihNl3+i/WFYQmHNBdTSU=
  =M9O6
  -END PGP SIGNATURE-
 
 This is an inline PGP-signature-block. You only can get rid of in case
 of your mail client is understanding inline signatures.

There are other ways to get rid of it, such as the display_filter techniques
for mutt (which yes, can understand/decode PGP, but you may not configure it to
do so - you may not wish it to!)


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120509090050.GC8326@debian

Re: gpg/pgp noise

[Scott Ferguson]

On 09/05/12 18:56, Jon Dowland wrote:
 On Wed, May 09, 2012 at 12:29:31PM +1000, Scott Ferguson wrote:
 Bob's PGP signature is valid - yours is not
 You waste our time and bandwidth.
 
 In what way? I can verify Mika's signatures just fine.  The signatures
 are valid.

All his posts?
Is cutting and pasting a hobby?
Do you between some and all?


 Why does Mikka's not? 

Is that a serious question?

Because there's no chain of trust.

 It's not impossible for someone to have a trust
 path to Mikka. 

Either there is a chain of trust, or there isn't.
Care to commit an opinion?



Regards

-- 
Iceweasel/Firefox/Chrome/Chromium/Iceape/IE extensions for finding
answers to questions about Debian:-
https://addons.mozilla.org/en-US/firefox/collections/Scott_Ferguson/debian/


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4faa36cf.7060...@gmail.com

Re: gpg/pgp noise

[Mika Suomalainen]

09.05.2012 11:56, Jon Dowland kirjoitti:
 On Wed, May 09, 2012 at 12:29:31PM +1000, Scott Ferguson wrote:
 Bob's PGP signature is valid - yours is not
 You waste our time and bandwidth.
 
 In what way? I can verify Mika's signatures just fine.  The signatures
 are valid.
 
 Bob's key validates his identity - yours does not.
 I can verify that Bob is Bob through a chain of trust.
 
 Why does Mikka's not? It's not impossible for someone to have a trust
 path to Mikka. Albeit one step removed, since the signing key he uses
 has one signature, from another of his keys - but that one has at
 least one. (I haven't managed to construct a trust path to Mikka
 myself, since most of the public pathfinder servers don't have his
 key)
 
 

Because nobody else near Kotka, Finland uses PGP and the nearest CAcert
assurers are after 110KMs from me.

PS. I am back to weird long signatures. I won't comment to this thread
anymore nor to anything else which I haven't written in my signature or
elsewhere.

-- 
[Mika Suomalainen](https://mkaysi.github.com/) ||
[gpg --keyserver pool.sks-keyservers.net --recv-keys
4DB53CFE82A46728](http://mkaysi.github.com/PGP/key.txt) ||
[Why do I sign my
emails?](http://mkaysi.github.com/PGP/WhyDoISignEmails.html) ||
[Please don't send
HTML.](http://mkaysi.github.com/articles/complaining/HTML.html) ||
[Please don't
toppost](http://mkaysi.github.com/articles/complaining/topposting.html) ||
[This signature](https://gist.github.com/2643070) ||



signature.asc
Description: OpenPGP digital signature

Re: gpg/pgp noise

[Jon Dowland]

On Wed, May 09, 2012 at 07:20:15PM +1000, Scott Ferguson wrote:
 On 09/05/12 18:56, Jon Dowland wrote:
  In what way? I can verify Mika's signatures just fine.  The signatures
  are valid.
 
 All his posts?
 Is cutting and pasting a hobby?
 Do you between some and all?

The ones I've bothered to verify, via '|gpg --verify' in mutt. So not all
of them. I haven't done any copy-and-pasting. Or do you mean something else?

 Because there's no chain of trust.

Confirmed? (you've trimmed my initial investigation which indicates he
has at least one signatory.)

  It's not impossible for someone to have a trust
  path to Mikka. 
 
 Either there is a chain of trust, or there isn't.

Indeed, but

 Care to commit an opinion?

As I think my message made quite clear, I haven't ruled it out as possible
nor seen anyone else do so. Please correct me if I'm wrong.

It's also worth pointing out that, if Mikka manages to strengthen his web
of trust in the future, we can then verify his signed messages in the past.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120509093944.GC8272@debian

Re: gpg/pgp noise

[Ralf Mardorf]

On Wed, 2012-05-09 at 09:56 +0100, Jon Dowland wrote:
 On Wed, May 09, 2012 at 12:29:31PM +1000, Scott Ferguson wrote:
  Bob's PGP signature is valid - yours is not
  You waste our time and bandwidth.
 
 In what way? I can verify Mika's signatures just fine.  The signatures
 are valid.
 
  Bob's key validates his identity - yours does not.
  I can verify that Bob is Bob through a chain of trust.
 
 Why does Mikka's not? It's not impossible for someone to have a trust
 path to Mikka. Albeit one step removed, since the signing key he uses
 has one signature, from another of his keys - but that one has at
 least one. (I haven't managed to construct a trust path to Mikka
 myself, since most of the public pathfinder servers don't have his
 key)

The signature of Tiberius was trusted by Pilatus and Herodes. The
signature of Philippus wasn't trusted by Lysanias or anybody els.

I couldn't find a key on public servers for Hannas and Kaiphas, but
fortunately the key of Johannes is available and the signature is
trusted by Zacharias.

I've got some nice examples for signatures similar to this one:

On Wed, 2012-05-09 at 08:23 +0200, Frank Lanitz wrote:
Am 08.05.2012 13:11, schrieb Indulekha:
  -BEGIN PGP SIGNATURE-
  Version: GnuPG v1.4.11 (GNU/Linux)
  Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
  
  iQEcBAEBAgAGBQJPqPsiAAoJECPmYW6gk8JjitcH/RGtSdn39OPewwyXYgebGiUy
  Ws29uZkfae4LlD9LRQeGQujHVW7bzMVCW2EXdRsCGIbpU0+KUjYGJebXKtwzNmLU
  C1Uc7tVGUtACQ/S9DgFX1oBD4C7Siirdgokk+8HggVcqvGYs2jnxg5tetU+G18pE
  UQ9jxxaf48EANwHDgildQ85xHJk3DnWvfsvUASlobQIDq/vRmbLNPjdfBe1rp7R/
  Y8m7+3vxIsnSYrT8oeAGoDGJe3PrdJ6EP96VFJBjXARportrx+8YowUyEKeRyqf6
  EUNcXZILLpPJOqcyUsyxRALmGoTYqhHne6TQwZ6ZcGxihNl3+i/WFYQmHNBdTSU=
  =M9O6
  -END PGP SIGNATURE-

I'll post my top 100 tomorrow on this list.

Would this be ok for you? If not, would it be ok if I just post my top
50?

Or would it be a good idea t close this thread?

Regards,
Ralf


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1336556243.2171.373.camel@precise

Re: gpg/pgp noise

[Ralf Mardorf]

On Wed, 2012-05-09 at 10:39 +0100, Jon Dowland wrote:
 we can then verify his signed messages in the past

Why should anybody be interested in verifying any mailing list mail?
Somebody might change the content of mails without signature?
So we should ensure that somebody really finished the mail with Cheers
and not with Ciao?


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1336557090.2171.384.camel@precise

OT: +5, was: gpg/pgp noise

[Arnt Karlsen]

On Wed, 09 May 2012 11:37:23 +0200, Ralf wrote in message 
1336556243.2171.373.camel@precise:

 Or would it be a good idea t close this thread?
 
 Regards,
 Ralf

..+5.  ;o)

-- 
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120509121523.3747a...@celsius.lan

Re: gpg/pgp noise

[Scott Ferguson]

On 09/05/12 19:39, Jon Dowland wrote:
 On Wed, May 09, 2012 at 07:20:15PM +1000, Scott Ferguson wrote:
 On 09/05/12 18:56, Jon Dowland wrote:
 In what way? I can verify Mika's signatures just fine.  The signatures
 are valid.

 All his posts?
 Is cutting and pasting a hobby?
 Do you between some and all?
 
 The ones I've bothered to verify


Most of his original ones did not verify.


, via '|gpg --verify' in mutt. 


So you didn't cut and paste - you just hand processed each post.

I can't match your dedication to validating his posts - nor can I muster
your enthusiasm for defending them. I'll side with the others that find
them an unnecessary annoyance.

snipped

 
 Because there's no chain of trust.
 
 Confirmed? 


(you've trimmed my initial investigation which indicates he
 has at least one signatory.)

investigation?

Huh?

How hard was it to see the key is signed by... the key holder (or
another person called Mika?), using a key that was signed... by (Mika).

That's *not* a chain of trust.


It's not even the issue.
More noise, no signal.
snipped




Regards


-- 
Iceweasel/Firefox/Chrome/Chromium/Iceape/IE extensions for finding
answers to questions about Debian:-
https://addons.mozilla.org/en-US/firefox/collections/Scott_Ferguson/debian/


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4faa4490.4070...@gmail.com

Re: gpg/pgp noise

[Jon Dowland]

On Wed, May 09, 2012 at 08:18:56PM +1000, Scott Ferguson wrote:
 (you've trimmed my initial investigation which indicates he
  has at least one signatory.)
 
 investigation?
 
 Huh?
 
 How hard was it to see the key is signed by... the key holder (or
 another person called Mika?), using a key that was signed... by (Mika).
 
 That's *not* a chain of trust.

I clearly explained that his key was signed by another he owned, which in turn
was signed by *someone else entirely*.  You are committing a more serious
mailing list sin than inline-PGP: failing to properly read the thread before
replying to it.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120509105612.GD8272@debian

Re: gpg/pgp noise

[Jon Dowland]

On Wed, May 09, 2012 at 11:37:23AM +0200, Ralf Mardorf wrote:
 The signature of Tiberius was trusted by Pilatus and Herodes. The
 signature of Philippus wasn't trusted by Lysanias or anybody els.
 
 I couldn't find a key on public servers for Hannas and Kaiphas, but
 fortunately the key of Johannes is available and the signature is
 trusted by Zacharias.
 
 I've got some nice examples for signatures similar to this one:

I don't know what you are trying to demonstrate. Can you please elaborate?

 Or would it be a good idea t close this thread?

You can't close a thread. You are always entirely free to ignore it.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120509105718.GE8272@debian

Things we should know about PGP

[Ralf Mardorf]

If this discussion can't be stopped, than perhaps we can make it a
useful thread, by not talking about how to behave or not to behave on a
mailing list, by not talking about if we won't signed emails or not.

When the subject was gpg/pgp noise Jon Dowland wrote: I clearly
explained that his key was signed by another he owned, which in turn was
signed by *someone else entirely*.

A chain of unsigned keys for one and the same person, with one key at
the end of this chain, that is signed by one person only or even enough
persons signing it, is useless. This isn't the correct way to sign a
key, since it's not secure and not handy.

You will handle the key directly by a web of trust, not by a chain of
own keys and not only signed by one person. You can do this by visiting
parties, where this is done.

OTOH, when do you really need signing? More likely is that you will
encrypt mails, e.g. to ensure that if you write to a family with young
children, using the same computer, only the parents can read mails with
contents that aren't good for children. In such a case it's not needed
to ensure that the key is trusted. It's only important that the parents
know how to decrypt and the children don't know it. This anyway prevents
against manipulating the mails content, without signing.

If you really need security, than you need to take care about many
things using PGP. I only use openPGP from time to time, to ensure that
just a special person can read this mail, but not to be completely
secure. I don't need knowledge about how to handle PGP correct and I
don't have got this knowledge.

Seemingly some people have completely wrong perceptions about e.g.
signing a key.

Instead of having something similar to a flame-war, some useful
information belongs to this list.

- Ralf


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1336563132.7752.25.camel@precise

Re: gpg/pgp noise

[Tom H]

On Wed, May 9, 2012 at 5:20 AM, Mika Suomalainen
mika.henrik.mai...@hotmail.com wrote:
 09.05.2012 11:56, Jon Dowland kirjoitti:
 On Wed, May 09, 2012 at 12:29:31PM +1000, Scott Ferguson wrote:
 Bob's PGP signature is valid - yours is not
 You waste our time and bandwidth.

 In what way? I can verify Mika's signatures just fine.  The signatures
 are valid.

 Bob's key validates his identity - yours does not.
 I can verify that Bob is Bob through a chain of trust.

 Why does Mikka's not? It's not impossible for someone to have a trust
 path to Mikka. Albeit one step removed, since the signing key he uses
 has one signature, from another of his keys - but that one has at
 least one. (I haven't managed to construct a trust path to Mikka
 myself, since most of the public pathfinder servers don't have his
 key)

 Because nobody else near Kotka, Finland uses PGP and the nearest CAcert
 assurers are after 110KMs from me.

 PS. I am back to weird long signatures. I won't comment to this thread
 anymore nor to anything else which I haven't written in my signature or
 elsewhere.

So your reaction to being told that your signature's too long is to
lengthen it. Thanks.


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAOdo=szlrrs-d_z+m+8ry3cnmyvu0e6h_d6jjskmh2wtzvv...@mail.gmail.com

Re: gpg/pgp noise

[Chris Bannister]

On Tue, May 08, 2012 at 02:45:59PM +0100, Jon Dowland wrote:
 On Tue, May 08, 2012 at 08:28:35AM -0500, Indulekha wrote:
  You must be from up north, LOL!
 
 Now *that's* rude.

Only if you're from up north, and from where I'm sitting that includes
just about everyone. :(=)

-- 
Religion is excellent stuff for keeping common people quiet.
   -- Napoleon Bonaparte


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120509124852.GB27325@tal

Re: gpg/pgp noise

[Indulekha]

On Wed, May 09, 2012 at 12:20:08PM +0300, Mika Suomalainen wrote:
 09.05.2012 11:56, Jon Dowland kirjoitti:
  On Wed, May 09, 2012 at 12:29:31PM +1000, Scott Ferguson wrote:
  Bob's PGP signature is valid - yours is not
  You waste our time and bandwidth.
  
  In what way? I can verify Mika's signatures just fine.  The signatures
  are valid.
  
  Bob's key validates his identity - yours does not.
  I can verify that Bob is Bob through a chain of trust.
  
  Why does Mikka's not? It's not impossible for someone to have a trust
  path to Mikka. Albeit one step removed, since the signing key he uses
  has one signature, from another of his keys - but that one has at
  least one. (I haven't managed to construct a trust path to Mikka
  myself, since most of the public pathfinder servers don't have his
  key)
  
  
 
 Because nobody else near Kotka, Finland uses PGP and the nearest CAcert
 assurers are after 110KMs from me.
 
 PS. I am back to weird long signatures. I won't comment to this thread
 anymore nor to anything else which I haven't written in my signature or
 elsewhere.
 

Bye.

-- 
❤ ♫ ❤ ♫ ❤ ♫ ❤   
 Indulekha 


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120509125701.GB11415@radhesyama

[OT] Re: Things we should know about PGP

[Camaleón]

On Wed, 09 May 2012 13:32:12 +0200, Ralf Mardorf wrote:

 If this discussion can't be stopped, than perhaps we can make it a
 useful thread, by not talking about how to behave or not to behave on a
 mailing list, by not talking about if we won't signed emails or not.

(...)

 If you really need security, than you need to take care about many
 things using PGP. I only use openPGP from time to time, to ensure that
 just a special person can read this mail, but not to be completely
 secure. I don't need knowledge about how to handle PGP correct and I
 don't have got this knowledge.

But security has nothing to do with a signed message. 

You use GPG/PGP signatures when you want other people can verify that you 
are the author of that message. And you encrypt your message when you 
want to prevent others can access its content, no more and no less.

 Seemingly some people have completely wrong perceptions about e.g.
 signing a key.

Exactly. For instance, those who think that PGP signed messages will 
improve security when reading/posting e-mails ;-)

 Instead of having something similar to a flame-war, some useful
 information belongs to this list.

I only see one big flaw in GPG/PGP signatures current methodology: their 
keyring system of trust relies on people and people -by definition- is 
nothing but unreliable. That's why I don't sign my own messages and I 
don't care about others signatures. To my understanding is a waste of 
time and resources with little-to-nothing gain.

Greetings,

-- 
Camaleón


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/joe9cc$bci$1...@dough.gmane.org

Re: [OT] Re: Things we should know about PGP

[Ralf Mardorf]

On Wed, 2012-05-09 at 17:26 +, Camaleón wrote:
 Exactly. For instance, those who think that PGP signed messages will 
 improve security when reading/posting e-mails ;-)

AFAIK a signed message can't become dirty. So it's secure that nobody
add a word, removed a word or completely edited the message. This might
be a kind of security some people wish to have.

 - Ralf


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1336584832.2994.64.camel@precise

Re: Things we should know about PGP

[Jon Dowland]

On Wed, May 09, 2012 at 01:32:12PM +0200, Ralf Mardorf wrote:
 When the subject was gpg/pgp noise Jon Dowland wrote: I clearly
 explained that his key was signed by another he owned, which in turn was
 signed by *someone else entirely*.
 
 A chain of unsigned keys for one and the same person, with one key at
 the end of this chain, that is signed by one person only or even enough
 persons signing it, is useless. This isn't the correct way to sign a
 key, since it's not secure and not handy.

I didn't check beyond the other person: if they have sigs on their key,
then it's feasible Mika is joined to a/the web of trust.  Rather than
try to manually construct such a path,  I fed Mikka's key into pathfinder
web sites, but his key is not widespread enough, and the ones I tried
didn't know about him.  I did not rule him out of the web of trust, nor
prove him in.

 OTOH, when do you really need signing? More likely is that you will
 encrypt mails, e.g. to ensure that if you write to a family with young
 children, using the same computer, only the parents can read mails with
 contents that aren't good for children. In such a case it's not needed
 to ensure that the key is trusted. It's only important that the parents
 know how to decrypt and the children don't know it. This anyway prevents
 against manipulating the mails content, without signing.

IME I've signed many mails and verified many signed mails and very rarely
encrypted messages. In fact the only times I have encrypted or decrypted
mail was when sending signatures of someone's key to themselves.
I suppose different people have different use-cases.

-- 
Jon Dowland


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120509180958.GF8272@debian

Re: Things we should know about PGP

[Mika Suomalainen]

09.05.2012 21:09, Jon Dowland kirjoitti:
 I didn't check beyond the other person: if they have sigs on their key,
 then it's feasible Mika is joined to a/the web of trust.  Rather than
 try to manually construct such a path,  I fed Mikka's key into pathfinder
 web sites, but his key is not widespread enough, and the ones I tried
 didn't know about him.  I did not rule him out of the web of trust, nor
 prove him in.

Please feel free to put my key on those path finder services (gpg
--keyserver keyserver of pathfinder --send-keys 4DB53CFE82A46728.

I'm sorry, but you won't probably find any relation to my key, because
of
https://github.com/Mkaysi/mkaysi.github.com/blob/master/PGP/WhyDoISignEmails.html.md#your-signature-doesnt-mean-anything-anyway-because-you-arent-part-of-any-trust-web
.

I will now continue this policy,
https://github.com/Mkaysi/mkaysi.github.com/blob/master/PGP/WhyDoISignEmails.html.md#why-did-you-write-this-page
.

PS. My name is written with one k letter, Mika, not Mikka.

PS of PS. If anyone happens to visit near this city and want to meet me
to sign my key, that might be possible too, but I don't see any reason
why anyone would be interested about this city.

-- 
[Mika Suomalainen](https://mkaysi.github.com/) ||
[gpg --keyserver pool.sks-keyservers.net --recv-keys
4DB53CFE82A46728](http://mkaysi.github.com/PGP/key.txt) ||
[Why do I sign my
emails?](http://mkaysi.github.com/PGP/WhyDoISignEmails.html) ||
[Please don't send
HTML.](http://mkaysi.github.com/articles/complaining/HTML.html) ||
[Please don't
toppost](http://mkaysi.github.com/articles/complaining/topposting.html) ||
[This signature](https://gist.github.com/2643070) ||



signature.asc
Description: OpenPGP digital signature

Re: Things we should know about PGP

[Ralf Mardorf]

The signature is evidence that message comes from me. If I sign all my
messages, I can say that I sign all my messages and possibly unsigned
offensive content, which is spoofed to come from my address, isn't
sent by me.

You also could lie and anyway send unsigned mails.

And why is it needed? If you call a friend do you have some code words,
questions to ensure that you don't speak with a voice imitator. And do
you record the phone calls and rewind to prove what your friend or you
said in case of a disagreement?

This is a loss of civilization!

We don't need this.

An employer might google my name and find posts of a doppelgänger of
mine. Less likely, I only found my own posts, but I also found somebody
with the same name, living in another German city, IIRC I found just the
snake mail address of the doppelgänger, no posts.

FWIW you mails are ok here.

This is only visible if I explicitly view the source:

--enigD875626BE35FED68C9AA150D
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename=signature.asc

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPqrT/AAoJEE21PP6CpGcoW74P/if7HwzhmNUGYp2YSCC9S+sT
Rl+DwyLHVnDWdeF/dTFaqfB7Vt4I/4T+lstj5z9/l89fUpDcafEuv3CDGzk7BAGZ
0QdG2/DOGBqR3AAuL0L83+KYv9tgVRPcQ8JBLQOqDBpp23OC4mlJEcKGJRWthEKR
M7pmbQnb861ieYu7fzN0oAokuRiz7CZ2nA9FOiKIKHBc+b2b05/U8L40MfNa4PI8
vRdobT67rX0+8z4o4Bi+RghA3P5EyLrW6y8GQyzb6TKckb1/iT0r8iPIqwFppNzu
mQnWUKsnKAlrma8zmDM+DpflLIiSNLrapoJzGuYmEWKCTpd65AoaDu0SJcMprMeR
z2RgWr1o3FhaRnSlCR5sGtNSEqbr+5gl+xe/Qyn40eP/ZPCjxI2vpcV6beCkVfKX
0wc/xYnfWz5Yi31rkLpBKTtB0BHOPPqh31DE2tPzyKaHEkbI4yusXSWL2B7zwnv+
rSdJm/13rVDks+Utev8fEM8/2TcmFHNT+JhsT+E58F9pp+6UC0gAkxbQ9t++fo6J
xIee1CyVTWnRQABuSfnVYk7sysKBiOpId6XVCupb4eOw3y95hDMGgV+Mb/4O6sIN
gVNRhCR5kfF4fSBOoPpL6sjcBenspLjwX66Nb/nBqetWzrg1HdlrBlMB23lQ4P/f
4wdJFGYtYwp+b23oUTjQ
=QhSC
-END PGP SIGNATURE-

--enigD875626BE35FED68C9AA150D--

This is what I see as the email:

09.05.2012 21:09, Jon Dowland kirjoitti:
 I didn't check beyond the other person: if they have sigs on
their key,
 then it's feasible Mika is joined to a/the web of trust.
Rather than
 try to manually construct such a path,  I fed Mikka's key into
pathfinder
 web sites, but his key is not widespread enough, and the ones
I tried
 didn't know about him.  I did not rule him out of the web of
trust, nor
 prove him in.

Please feel free to put my key on those path finder services
(gpg
--keyserver keyserver of pathfinder --send-keys
4DB53CFE82A46728.

I'm sorry, but you won't probably find any relation to my key,
because
of

https://github.com/Mkaysi/mkaysi.github.com/blob/master/PGP/WhyDoISignEmails.html.md#your-signature-doesnt-mean-anything-anyway-because-you-arent-part-of-any-trust-web
.

I will now continue this policy,

https://github.com/Mkaysi/mkaysi.github.com/blob/master/PGP/WhyDoISignEmails.html.md#why-did-you-write-this-page
.

PS. My name is written with one k letter, Mika, not Mikka.

PS of PS. If anyone happens to visit near this city and want to
meet me
to sign my key, that might be possible too, but I don't see any
reason
why anyone would be interested about this city.

-- 
[Mika Suomalainen](https://mkaysi.github.com/) ||
[gpg --keyserver pool.sks-keyservers.net --recv-keys
4DB53CFE82A46728](http://mkaysi.github.com/PGP/key.txt) ||
[Why do I sign my
emails?](http://mkaysi.github.com/PGP/WhyDoISignEmails.html) ||
[Please don't send
HTML.](http://mkaysi.github.com/articles/complaining/HTML.html)
||
[Please don't
toppost](http://mkaysi.github.com/articles/complaining/topposting.html) 
||
[This signature](https://gist.github.com/2643070) ||


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1336589505.2994.86.camel@precise

Re: Things we should know about PGP

[Ralf Mardorf]

Regarding to security. Assumed somebody always sign the mails to a
mailing list. Isn't it possible that somebody hacks the view of a
mailing list archive? Make it look like if a nice guy said odd things
for signed mails. He never did, the mails were not hacked, just the view
of the web page is hacked.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1336591037.2994.90.camel@precise

Re: [OT] Re: Things we should know about PGP

[Camaleón]

On Wed, 09 May 2012 19:33:52 +0200, Ralf Mardorf wrote:

 On Wed, 2012-05-09 at 17:26 +, Camaleón wrote:
 Exactly. For instance, those who think that PGP signed messages will
 improve security when reading/posting e-mails ;-)
 
 AFAIK a signed message can't become dirty. 

What is what you understand by dirty?

I can send the same spam, virus-inside or crap message with a signature 
or without it. That changes nothing.

 So it's secure that nobody add a word, removed a word or completely
 edited the message. This might be a kind of security some people wish
 to have.

You can still get false-positives that make the signature cannot be 
properly verified so you think the message is not legitimate while it is.

Greetings,

-- 
Camaleón


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/joejm2$bci$1...@dough.gmane.org

Re: [OT] Re: Things we should know about PGP

[Ralf Mardorf]

On Wed, 2012-05-09 at 20:22 +, Camaleón wrote:
 On Wed, 09 May 2012 19:33:52 +0200, Ralf Mardorf wrote:
 
  On Wed, 2012-05-09 at 17:26 +, Camaleón wrote:
  Exactly. For instance, those who think that PGP signed messages will
  improve security when reading/posting e-mails ;-)
  
  AFAIK a signed message can't become dirty. 
 
 What is what you understand by dirty?
 
 I can send the same spam, virus-inside or crap message with a signature 
 or without it. That changes nothing.
 

dirty {adj} [fig.] e.g. remove words, add words.

  So it's secure that nobody add a word, removed a word or completely
  edited the message. This might be a kind of security some people wish
  to have.
 
 You can still get false-positives that make the signature cannot be 
 properly verified so you think the message is not legitimate while it is.

I did wrote something similar off-list to whomever, but it wasn't only
about computers and signing mails:
A lot of stuff that seems to make things more clear, don't
make
things more clear.

Signing emails tend to give the impression, that this would
ensure
security, but it doesn't. Nobody can hack a signed message in a
valid time, without much luck. The needed prime factorization or
what ever should be needed can't be done, anyway.

As I already pointed out. Somebody e.g. could hack the view of a
mailing list archive, seemingly signed mails with edited
contend. Than this wrong information is in the Internet,
pretending to be the signed original. The mob will believe this
is absolute truth. They are hungry for absolute truth. This is a
loss of civilization.

Instead of thinking their selfs or at least reading stuff like
Plato's allegory of the cave, they declare absolute illusion
to absolute truth, but it's the absolute untruth.

OTOH there are valid situations to sign messages.


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1336598529.2994.141.camel@precise

gpg/pgp noise

[Indulekha]

Hi,

I'm getting this with most gog/pgp-signed mails received 
from this list (using mutt):

[-- PGP output follows (current time: Tue 08 May 2012 05:35:27 AM CDT) --]
gpgkeys: key 7356B378DEA22DE9 not found on keyserver
gpg: Signature made Tue 08 May 2012 02:04:44 AM CDT using RSA key ID DEA22DE9
gpg: requesting key DEA22DE9 from ldap server keyserver.pgp.com
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: Can't check signature: public key not found
[-- End of PGP output --]

[-- The following data is signed --]

PGP signature could NOT be verified.
---

My public key has been published, and I followed the exact procedure I used 
last time in muttrc to make this crap work. Am I powerless over other peoples' 
misconfigured gpg here, or does this indicate some error on my part?
Anyone know a way to simply filter out all that annoying gpg/pgp noise? 
I don't actually care if it really works, just don't want to see the garbage 
huge 
blocks of text and error messages.
Have read way to many howtos and am contemplating just filtering all gpg/pgp 
users. I don't want to, but neither do I want to spend hoours working to 
accomodate the people who insist on signing mail to a mailing list -- Thanks!

-- 
❤ ♫ ❤ ♫ ❤ ♫ ❤   
 Indulekha 


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120508104317.GA8764@radhesyama

Re: gpg/pgp noise

[Mika Suomalainen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

08.05.2012 13:43, Indulekha kirjoitti:
 Hi,
 
 I'm getting this with most gog/pgp-signed mails received from this
 list (using mutt):
 
 [-- PGP output follows (current time: Tue 08 May 2012 05:35:27 AM
 CDT) --] gpgkeys: key 7356B378DEA22DE9 not found on keyserver gpg:
 Signature made Tue 08 May 2012 02:04:44 AM CDT using RSA key ID
 DEA22DE9 gpg: requesting key DEA22DE9 from ldap server
 keyserver.pgp.com gpg: no valid OpenPGP data found. gpg: Total
 number processed: 0 gpg: Can't check signature: public key not
 found [-- End of PGP output --]
 
 [-- The following data is signed --]
 
 PGP signature could NOT be verified. 
 ---
 
 My public key has been published, and I followed the exact
 procedure I used last time in muttrc to make this crap work. Am I
 powerless over other peoples' misconfigured gpg here, or does this
 indicate some error on my part? Anyone know a way to simply filter
 out all that annoying gpg/pgp noise? I don't actually care if it
 really works, just don't want to see the garbage huge blocks of
 text and error messages. Have read way to many howtos and am
 contemplating just filtering all gpg/pgp users. I don't want to,
 but neither do I want to spend hoours working to accomodate the
 people who insist on signing mail to a mailing list -- Thanks!
 

That keyserver which you are using seems to be offline and I don't
know how used it is. The recommended keyserver is
pool.sks-keyservers.net according to gnupg-user mailing list.

You probably have line like this in your ~/.gnupg/gpg.conf:
 keyserver keyserver.pgp.com

Try replacing it with
 keyserver hkp://pool.sks-keyservers.net

If you don't have keyserver specified in ~/.gnupg/gpg.conf, try
putting that previous line there anyway, there might be global
gpg.conf file somewhere.

- -- 
Mika Suomalainen
gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728
Key fingerprint = 24BC 1573 B8EE D666 D10A  AA65 4DB5 3CFE 82A4 6728
http://mkaysi.github.com/
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPqPrCAAoJEE21PP6CpGcoldgP/j57l3rrC5QB0sRIPapsMU2Y
kNvKhpeho/ZrBQhLOKG/lqmD8+1bcypGCyngruMcwI281dfj7kEPx9p+cNcU/nnN
mTlFDlSmBnoBO+uM5b2anHwqsQxf7Uxw+NbkbmexxO4B3J48pfIZS7/nWl9/vdTz
5QLHYYpROc9j7ScIhNJCxX+jBzYj7NQdsG8IQDRukTdfoUqXIfhDita6lRRzwZvf
I5AXy/AKASxhbBc4HL2CAYoZdSn6072YjXIQS5swuDKcB0sRBNJLMTH71P2mXPhr
nRTWuNTLXsz+DEHUSCmBYv/zbwIcipBqHCaEVvfpJo7IZXe3D/mfCM/KL9nMj8Ga
k+ddnVBo7Z2ExhrkD7VAYGpr+VW/tai1FKNTyYqws1BwSoix68ikCnjd9ykPCnAY
9h4N85T/oJoCTtXJ1ErJojNivR2gG0PJMpCzBX0xnKViRNX+le8acUsL8JazQZ4h
ODos6vJpSavqs0DmPItjm95t1m0DAo+5VKuMmlndnhRTDRvotSAGswcQknJCSG5o
6c67q0hqBvgEGkN78vBe4uAU6g6YXm49pel7OKE7apA3Y4bIYVqSEDNyMXbm6Hhb
E7LpNLK3OKtv8/HXPrqLPgidLgcKRP9F/fpjI6Rh28PTXiskIdwu95Oy484IkhdP
0kyY3RcbcadKb/Jlged5
=q4Hv
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4fa8fac4.9010...@hotmail.com

Re: gpg/pgp noise

[Phil Dobbin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 08/05/12 11:43, Indulekha wrote:


 I'm getting this with most gog/pgp-signed mails received from this
 list (using mutt):
 
 [-- PGP output follows (current time: Tue 08 May 2012 05:35:27 AM
 CDT) --] gpgkeys: key 7356B378DEA22DE9 not found on keyserver gpg:
 Signature made Tue 08 May 2012 02:04:44 AM CDT using RSA key ID
 DEA22DE9 gpg: requesting key DEA22DE9 from ldap server
 keyserver.pgp.com gpg: no valid OpenPGP data found. gpg: Total
 number processed: 0 gpg: Can't check signature: public key not
 found [-- End of PGP output --]
 
 [-- The following data is signed --]
 
 PGP signature could NOT be verified. 
 ---
 
 My public key has been published, and I followed the exact
 procedure I used last time in muttrc to make this crap work. Am I
 powerless over other peoples' misconfigured gpg here, or does this
 indicate some error on my part? Anyone know a way to simply filter
 out all that annoying gpg/pgp noise? I don't actually care if it
 really works, just don't want to see the garbage huge blocks of
 text and error messages. Have read way to many howtos and am
 contemplating just filtering all gpg/pgp users. I don't want to,
 but neither do I want to spend hoours working to accomodate the
 people who insist on signing mail to a mailing list -- Thanks!


Increasing the pool of servers that gpg checks may alleviate your
problem but it's more than likely to be people haven't exported their key.

Mine has been exported. See how you view that one.

Cheers,

  Phil...

- -- 
currently (ab)using
Debian Squeeze, Fedora Verne, OS X Snow Leopard, Ubuntu Oneiric


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPqPsiAAoJECPmYW6gk8JjitcH/RGtSdn39OPewwyXYgebGiUy
Ws29uZkfae4LlD9LRQeGQujHVW7bzMVCW2EXdRsCGIbpU0+KUjYGJebXKtwzNmLU
C1Uc7tVGUtACQ/S9DgFX1oBD4C7Siirdgokk+8HggVcqvGYs2jnxg5tetU+G18pE
UQ9jxxaf48EANwHDgildQ85xHJk3DnWvfsvUASlobQIDq/vRmbLNPjdfBe1rp7R/
Y8m7+3vxIsnSYrT8oeAGoDGJe3PrdJ6EP96VFJBjXARportrx+8YowUyEKeRyqf6
EUNcXZILLpPJOqcyUsyxRALmGoTYqhHne6TQwZ6ZcGxihNl3+i/WFYQmHNBdTSU=
=M9O6
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4fa8fb23.7080...@gmail.com

Re: gpg/pgp noise

[Scott Ferguson]

On 08/05/12 20:43, Indulekha wrote:
 Hi,
 
 I'm getting this with most gog/pgp-signed mails received 
 from this list (using mutt):
 
 [-- PGP output follows (current time: Tue 08 May 2012 05:35:27 AM CDT) --]
 gpgkeys: key 7356B378DEA22DE9 not found on keyserver
 gpg: Signature made Tue 08 May 2012 02:04:44 AM CDT using RSA key ID DEA22DE9
 gpg: requesting key DEA22DE9 from ldap server keyserver.pgp.com
 gpg: no valid OpenPGP data found.
 gpg: Total number processed: 0
 gpg: Can't check signature: public key not found
 [-- End of PGP output --]
 
 [-- The following data is signed --]
 
 PGP signature could NOT be verified.

Try a different key server.


 ---
 
 My public key has been published, 



This is nothing to do with *your* key.
:-)



gpg: requesting key DEA22DE9 from hkp server pool.sks-keyservers.net
gpg: key DEA22DE9: public key Andrei Popescu
andreimpope...@gmail.com imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   6  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 6u
gpg: next trustdb check due at 2012-06-14
gpg: Total number processed: 1
gpg:   imported: 1  (RSA: 1)

snipped




Kind regards

-- 
Iceweasel/Firefox/Chrome/Chromium/Iceape/IE extensions for finding
answers to questions about Debian:-
https://addons.mozilla.org/en-US/firefox/collections/Scott_Ferguson/debian/


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4fa8fc5b@gmail.com

Re: gpg/pgp noise

[Indulekha]

On Tue, May 08, 2012 at 01:51:48PM +0300, Mika Suomalainen wrote:
 
 That keyserver which you are using seems to be offline and I don't
 know how used it is. The recommended keyserver is
 pool.sks-keyservers.net according to gnupg-user mailing list.
 
 You probably have line like this in your ~/.gnupg/gpg.conf:
  keyserver keyserver.pgp.com
 
 Try replacing it with
  keyserver hkp://pool.sks-keyservers.net


Thanks!
That fixed the upfront error messages, but I still have to see 
this at the end:
 
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v2.0.19 (GNU/Linux)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
 
 iQIcBAEBAgAGBQJPqPrCAAoJEE21PP6CpGcoldgP/j57l3rrC5QB0sRIPapsMU2Y
 kNvKhpeho/ZrBQhLOKG/lqmD8+1bcypGCyngruMcwI281dfj7kEPx9p+cNcU/nnN
 mTlFDlSmBnoBO+uM5b2anHwqsQxf7Uxw+NbkbmexxO4B3J48pfIZS7/nWl9/vdTz
 5QLHYYpROc9j7ScIhNJCxX+jBzYj7NQdsG8IQDRukTdfoUqXIfhDita6lRRzwZvf
 I5AXy/AKASxhbBc4HL2CAYoZdSn6072YjXIQS5swuDKcB0sRBNJLMTH71P2mXPhr
 nRTWuNTLXsz+DEHUSCmBYv/zbwIcipBqHCaEVvfpJo7IZXe3D/mfCM/KL9nMj8Ga
 k+ddnVBo7Z2ExhrkD7VAYGpr+VW/tai1FKNTyYqws1BwSoix68ikCnjd9ykPCnAY
 9h4N85T/oJoCTtXJ1ErJojNivR2gG0PJMpCzBX0xnKViRNX+le8acUsL8JazQZ4h
 ODos6vJpSavqs0DmPItjm95t1m0DAo+5VKuMmlndnhRTDRvotSAGswcQknJCSG5o
 6c67q0hqBvgEGkN78vBe4uAU6g6YXm49pel7OKE7apA3Y4bIYVqSEDNyMXbm6Hhb
 E7LpNLK3OKtv8/HXPrqLPgidLgcKRP9F/fpjI6Rh28PTXiskIdwu95Oy484IkhdP
 0kyY3RcbcadKb/Jlged5
 =q4Hv
 -END PGP SIGNATURE-
 
 
 -- 
 To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
 with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
 Archive: http://lists.debian.org/4fa8fac4.9010...@hotmail.com
 

-- 
❤ ♫ ❤ ♫ ❤ ♫ ❤   
 Indulekha 


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120508110725.GA9283@radhesyama

Re: gpg/pgp noise

[Indulekha]

On Tue, May 08, 2012 at 11:53:23AM +0100, Phil Dobbin wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 Increasing the pool of servers that gpg checks may alleviate your
 problem but it's more than likely to be people haven't exported their key.
 
 Mine has been exported. See how you view that one.
 
 Cheers,
 

Thanks, Phil. After adding the keyserver Mika suggested, I no longer 
see the error messages but do still have to see this messy block of text 
at the end:

 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.11 (GNU/Linux)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
 
 iQEcBAEBAgAGBQJPqPsiAAoJECPmYW6gk8JjitcH/RGtSdn39OPewwyXYgebGiUy
 Ws29uZkfae4LlD9LRQeGQujHVW7bzMVCW2EXdRsCGIbpU0+KUjYGJebXKtwzNmLU
 C1Uc7tVGUtACQ/S9DgFX1oBD4C7Siirdgokk+8HggVcqvGYs2jnxg5tetU+G18pE
 UQ9jxxaf48EANwHDgildQ85xHJk3DnWvfsvUASlobQIDq/vRmbLNPjdfBe1rp7R/
 Y8m7+3vxIsnSYrT8oeAGoDGJe3PrdJ6EP96VFJBjXARportrx+8YowUyEKeRyqf6
 EUNcXZILLpPJOqcyUsyxRALmGoTYqhHne6TQwZ6ZcGxihNl3+i/WFYQmHNBdTSU=
 =M9O6
 -END PGP SIGNATURE-
 

-- 
❤ ♫ ❤ ♫ ❤ ♫ ❤   
 Indulekha 


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/2012050856.GB9283@radhesyama

Re: gpg/pgp noise

[Phil Dobbin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 08/05/12 12:11, Indulekha wrote:

 On Tue, May 08, 2012 at 11:53:23AM +0100, Phil Dobbin wrote:
 Increasing the pool of servers that gpg checks may alleviate your
 problem but it's more than likely to be people haven't exported their key.
 
 Mine has been exported. See how you view that one.
 
 Cheers,
 
 
 Thanks, Phil. After adding the keyserver Mika suggested, I no longer 
 see the error messages but do still have to see this messy block of text 
 at the end:

If you sign my key, you won't :-)

Cheers,

  Phil...

- -- 
currently (ab)using
Debian Squeeze, Fedora Verne, OS X Snow Leopard, Ubuntu Oneiric


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPqQBdAAoJECPmYW6gk8JjD+8H/iZD2KuR+kXads1Mf+deLUI3
9WpQSZY7dzRTFOyTJXsnDMzZMOX3VC2SVsfNWJbBbhmelNGYA/RvLDf4M3O8gps9
rywEI5ATLK7u14UzFKxtRbUza3aE4sThT4HAR0a+uDl8ZwG283KX57jAtxjasv5b
esYzqpOvv0+XBYQmBNVQPUA9+dRjzA6dPEg4b/irBJy2B/ZcmsBLhhsFtOEcm09T
XpIHX73o7DQRHP78sgXJzTPbHW/tQ7ygvPFkvoixq2JefYL9JOorKCqsk+95K2LW
OIUA9MX3UHHkOZwP7NFsEa2sJ4ID2B4lNus7rSXbyVlK1BXhIma0w0P5fRXnAMY=
=e8Qy
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4fa9005d.5060...@gmail.com

Re: gpg/pgp noise

[Lisi]

On Tuesday 08 May 2012 12:11:56 Indulekha wrote:
 On Tue, May 08, 2012 at 11:53:23AM +0100, Phil Dobbin wrote:
  -BEGIN PGP SIGNED MESSAGE-
  Hash: SHA1
 
  Increasing the pool of servers that gpg checks may alleviate your
  problem but it's more than likely to be people haven't exported their
  key.
 
  Mine has been exported. See how you view that one.
 
  Cheers,

 Thanks, Phil. After adding the keyserver Mika suggested, I no longer
 see the error messages but do still have to see this messy block of text

 at the end:
  -BEGIN PGP SIGNATURE-
  Version: GnuPG v1.4.11 (GNU/Linux)
  Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
 
  iQEcBAEBAgAGBQJPqPsiAAoJECPmYW6gk8JjitcH/RGtSdn39OPewwyXYgebGiUy
  Ws29uZkfae4LlD9LRQeGQujHVW7bzMVCW2EXdRsCGIbpU0+KUjYGJebXKtwzNmLU
  C1Uc7tVGUtACQ/S9DgFX1oBD4C7Siirdgokk+8HggVcqvGYs2jnxg5tetU+G18pE
  UQ9jxxaf48EANwHDgildQ85xHJk3DnWvfsvUASlobQIDq/vRmbLNPjdfBe1rp7R/
  Y8m7+3vxIsnSYrT8oeAGoDGJe3PrdJ6EP96VFJBjXARportrx+8YowUyEKeRyqf6
  EUNcXZILLpPJOqcyUsyxRALmGoTYqhHne6TQwZ6ZcGxihNl3+i/WFYQmHNBdTSU=
  =M9O6
  -END PGP SIGNATURE-

But did you after Phil's?

Lisi


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/201205081220.56212.lisi.re...@gmail.com

Re: gpg/pgp noise

[Jochen Spieker]

Indulekha:
 
 Anyone know a way to simply filter out all that annoying gpg/pgp noise? 

muttrc:

set display_filter='sed -f ~/.mutt/display-filter'

~/.mutt/display-filter:

/^gpg:/d

J.
-- 
I no longer believe in father christmas but have no trouble
comprehending a nuclear apocalypse.
[Agree]   [Disagree]
 http://www.slowlydownward.com/NODATA/data_enter2.html


signature.asc
Description: Digital signature

Re: gpg/pgp noise

[Indulekha]

On Tue, May 08, 2012 at 12:20:56PM +0100, Lisi wrote:
 On Tuesday 08 May 2012 12:11:56 Indulekha wrote:
  On Tue, May 08, 2012 at 11:53:23AM +0100, Phil Dobbin wrote:
   -BEGIN PGP SIGNED MESSAGE-
   Hash: SHA1
  
   Increasing the pool of servers that gpg checks may alleviate your
   problem but it's more than likely to be people haven't exported their
   key.
  
   Mine has been exported. See how you view that one.
  
   Cheers,
 
  Thanks, Phil. After adding the keyserver Mika suggested, I no longer
  see the error messages but do still have to see this messy block of text
 
  at the end:
   -BEGIN PGP SIGNATURE-
   Version: GnuPG v1.4.11 (GNU/Linux)
   Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
  
   iQEcBAEBAgAGBQJPqPsiAAoJECPmYW6gk8JjitcH/RGtSdn39OPewwyXYgebGiUy
   Ws29uZkfae4LlD9LRQeGQujHVW7bzMVCW2EXdRsCGIbpU0+KUjYGJebXKtwzNmLU
   C1Uc7tVGUtACQ/S9DgFX1oBD4C7Siirdgokk+8HggVcqvGYs2jnxg5tetU+G18pE
   UQ9jxxaf48EANwHDgildQ85xHJk3DnWvfsvUASlobQIDq/vRmbLNPjdfBe1rp7R/
   Y8m7+3vxIsnSYrT8oeAGoDGJe3PrdJ6EP96VFJBjXARportrx+8YowUyEKeRyqf6
   EUNcXZILLpPJOqcyUsyxRALmGoTYqhHne6TQwZ6ZcGxihNl3+i/WFYQmHNBdTSU=
   =M9O6
   -END PGP SIGNATURE-
 
 But did you after Phil's?
 

That's what you see above, Phil's signature.

-- 
❤ ♫ ❤ ♫ ❤ ♫ ❤   
 Indulekha 


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120508112719.GA9557@radhesyama

Re: gpg/pgp noise

[Mika Suomalainen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

08.05.2012 14:15, Phil Dobbin kirjoitti:
 On 08/05/12 12:11, Indulekha wrote:
 
 On Tue, May 08, 2012 at 11:53:23AM +0100, Phil Dobbin wrote: 
 Increasing the pool of servers that gpg checks may alleviate
 your problem but it's more than likely to be people haven't
 exported their key.
 
 Mine has been exported. See how you view that one.
 
 Cheers,
 
 
 Thanks, Phil. After adding the keyserver Mika suggested, I no
 longer see the error messages but do still have to see this
 messy block of text at the end:
 
 If you sign my key, you won't :-)
 
 Cheers,
 
 Phil...
 
 
 

Signing key doesn't remove signature blocks in the end of messages.

- -- 
Mika Suomalainen
gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728
Key fingerprint = 24BC 1573 B8EE D666 D10A  AA65 4DB5 3CFE 82A4 6728
http://mkaysi.github.com/
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPqQLyAAoJEE21PP6CpGcoRwgP/jfmpJmgsttmfeCz7klw+Kzi
kZU9patq1PqVJaytiu6mRRJcCRLjI1DGOcjwFdqTUS8xITIlFmV9Azv0CrNWQMaV
pm+C70S6EsgZV7NIeVslQPsuOSNNi5BfiMyIK2SuOGgUNUlSIX7CPqFEUc0UzZBe
VlLDP5YWFWZoovS1Za5Se8mZGrumlRV19AmmqQJzdMGfVWV+fwK2Dr10natQIF/M
EbgdBGTpfDHOG31ZrvIBV27ndKxldU/bLGPjY+ON1y7Z6+W9GSbvGQ5WnKkFzFbc
q9bmQBQPm9z0DDxf74YCGCpntk0YHEgulRrwdIOP9QCKJmMYCLJxxREYS7qx0C5d
mWfL3Nt591A1RKzyvx0K2vUMKAOx0bkW68Sf7oNjAgJ9Ft7juQc/u6smG1NyVbuK
tyF2i/1rJLOmN9Bp6onNFoa4dXqL8F4oXHi0gQHnDolKDRapgkdxh+KIBpToPuhd
QiAq+OfTxBd6U1NM2l53F8Oudz22hDo61Vxf0PUFhYIcNHta2Xl+q45p/kAvlrnw
jEx/79w+CrhlFs+hE7qVAkLKOukzXhLYlTCkW8qUp+TjPxo6DPu+uGKL8BK79s8G
TAzmId3rXrCegCNOuGL63V7W///87BoJwb/YmAs0Yt7pU1OvxUpoizPrYPtWbwqy
VuHbVSQ6NI3PaRTKqko4
=2abP
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4fa902f5.1000...@hotmail.com

Re: gpg/pgp noise

[Mika Suomalainen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

08.05.2012 14:20, Lisi kirjoitti:
 On Tuesday 08 May 2012 12:11:56 Indulekha wrote:
 On Tue, May 08, 2012 at 11:53:23AM +0100, Phil Dobbin wrote:
 Increasing the pool of servers that gpg checks may alleviate your 
 problem but it's more than likely to be people haven't exported
 their key.
 
 Mine has been exported. See how you view that one.
 
 Cheers,
 
 Thanks, Phil. After adding the keyserver Mika suggested, I no
 longer see the error messages but do still have to see this
 messy block of text
 
 at the end:
 
 But did you after Phil's?
 
 Lisi
 
 

That signature block informs to be bad signature from Phil.

 Viestin sisennettyä osaa (vastausta) on luultavasti muokattu
(In English: The indented part of message (reply) has been possibly
changed)
 gpg -komento ja -tuloste:
In English: gpg -command and -output:
 /usr/bin/gpg2 gpg: Signature made ti  8. toukokuuta 2012 13.53.22
 EEST using RSA
key ID A093C263
 gpg: BAD signature from Phil Dobbin bukowskis...@gmail.com

- -- 
Mika Suomalainen
gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728
Key fingerprint = 24BC 1573 B8EE D666 D10A  AA65 4DB5 3CFE 82A4 6728
http://mkaysi.github.com/
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPqQOhAAoJEE21PP6CpGcoIlAP/jo6enkTnXc0Ko9pvtJ8Xx5T
3lipNMEO0IEf1CN0Yz7392rr/8hvzSTCrBZPXQOyWs7D5EDTlTFsyq9c25MTv1vg
mGyu0MECbhDuBBG+1XbZpSGIJpHW2GWCcepr55IR7efA3kDhRfYUbbFoey9Uq85g
Co78ZzfebVvDchcDs/gFnIrq093YTfKgc9sJTJFFmejNjOZMty8XYVjvkDaYA+Kv
FhFqKO/EsAtUxotHMR2ZhFQrBBXJELIgoDOhgMK/zoSfsXsY2gTgCGxhSf8fRC3g
1bpX7qAJ3c0+VcQzWm1GnWKIgPZJgLHmmhPBryszB+fZQuJ4E6arSfvOY/Kiryrr
30rrbqmGFBfEiDziZ4aDEvE3ArajsmW10HZv5VfdBV7dWVgxZgm0+JP6Q3NsvZpp
AfMeV/fUl8dzyXzlZ0ddFkdBl09VCWw2/oCAwLzutfEoUSA0sXLh2njd17gTrOBc
7Z23l78fuTOR1BxXp9/8lJwzOydv9QRd66/jUAZ74lSrIKDslsWsgvkQx0PK0u78
lp2xFJVtMQpcrllmxbo3DbB/QAGkYPppl+706sAeOl9FtWXpbdwoc6fx5hB2DRQ+
Sos35nWjSSkuIJdRd1KkWAr0miNXUxUQ8n5avgKmbmaypIENGMcVRVKH30dNMrBN
7eqBx4ci5qNUlUBRGpQl
=QAdu
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4fa903a3.6040...@hotmail.com

Re: gpg/pgp noise

[Phil Dobbin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 08/05/12 12:26, Mika Suomalainen wrote:

 08.05.2012 14:15, Phil Dobbin kirjoitti:
 On 08/05/12 12:11, Indulekha wrote:
 
 On Tue, May 08, 2012 at 11:53:23AM +0100, Phil Dobbin wrote: 
 Increasing the pool of servers that gpg checks may alleviate
 your problem but it's more than likely to be people haven't
 exported their key.
 
 Mine has been exported. See how you view that one.
 
 Cheers,
 
 
 Thanks, Phil. After adding the keyserver Mika suggested, I no
 longer see the error messages but do still have to see this
 messy block of text at the end:
 
 If you sign my key, you won't :-)
 
 Cheers,
 
 Phil...

 Signing key doesn't remove signature blocks in the end of messages.

Sorry, my mistake. I was under the impression it did. I can always
follow the example you have in your key/signature to decrease the noise
ratio (after, of course, I've finished writing this particular email :-)

Cheers,

  Phil...

- -- 
currently (ab)using
Debian Squeeze, Fedora Verne, OS X Snow Leopard, Ubuntu Oneiric


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPqQPjAAoJECPmYW6gk8JjvDMH/inQbjzyMR4hUIRCeSsTmo4s
1PbZsrpEOJbnp8L7aOqma6NOntlfxiyItJA7c4ZgadDfsiNSoGmLmnupBZJeWF0d
sJ7bnYzKALo7Nm+eroBsV0Dm7j4O+KwcLe3jaU4pcbqFqlhmj0/Gw/niiqH8EEs4
LiJDusT+nWkILYPn0uzSxJ1dqbG4noKI9zYT44PrGvtNGYunm3rpDpxV1L5VFwdj
9/NWja9roOMM074JdMkrziuweRFsjaDaUTIQuzLCih76OW4pm9yzKk68Qcu5ceG7
DLSSlXthDcGCFAJMJRZ7vTWa6qPpK9FU0c1SYXhx8Lg7TgPkHWZDfA1Yi+QSzaQ=
=Xhdn
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4fa903e4.9070...@gmail.com

Re: gpg/pgp noise

[Phil Dobbin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 08/05/12 12:29, Mika Suomalainen wrote:
 08.05.2012 14:20, Lisi kirjoitti:
 On Tuesday 08 May 2012 12:11:56 Indulekha wrote:
 On Tue, May 08, 2012 at 11:53:23AM +0100, Phil Dobbin wrote:
 Increasing the pool of servers that gpg checks may alleviate your
  problem but it's more than likely to be people haven't exported 
 their key.
 
 Mine has been exported. See how you view that one.
 
 Cheers,
 
 Thanks, Phil. After adding the keyserver Mika suggested, I
 no longer see the error messages but do still have to see
 this messy block of text
 
 at the end:
 
 But did you after Phil's?
 
 Lisi
 
 
 
 That signature block informs to be bad signature from Phil.
 
 Viestin sisennettyä osaa (vastausta) on luultavasti muokattu
 (In English: The indented part of message (reply) has been
 possibly changed)
 gpg -komento ja -tuloste:
 In English: gpg -command and -output:
 /usr/bin/gpg2 gpg: Signature made ti  8. toukokuuta 2012
 13.53.22 EEST using RSA
 key ID A093C263
 gpg: BAD signature from Phil Dobbin bukowskis...@gmail.com

That's because the email client didn't snip the quoted previous
message correctly therefore part of the original signature was still
included.

Cheers,

  Phil...

- -- 
currently (ab)using
Debian Squeeze, Fedora Verne, OS X Snow Leopard, Ubuntu Oneiric


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPqQSqAAoJECPmYW6gk8JjgoAIAJrz/H6d02x4pe6YaeHZ7Eh9
66bxQhuOvvGzvYZ4hTmgeK5KNLEjO0ldlArVbtbEX5VQflPZXGMg394X5jAU6Lgr
yOShLd1VSJH7bwPKq2AudOEO9CutGgu1JOWNAsUo96q1aRnqhYH8cuerpsMSWTaa
DZX+GEpHgVbCd69jS3f++lZ+95oop7SmbS9qhDyfKd8E/DTWEIP+Va7OFRAVAeKu
TFHAuNM2Vn9WheZ4XYkHLDLVXhVnFgk8FBCpxmeta4Gm8FUkWiGnFxHcYpP7onCk
lCJRv9I5DRZY/3e9RsEiAzJD+CDbIgOgP5NsPxPONYHgf/Ei5+WD4yCN9wr6Z8E=
=6CrI
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4fa904aa.4050...@gmail.com

Re: gpg/pgp noise

[Indulekha]

On Tue, May 08, 2012 at 01:20:21PM +0200, Jochen Spieker wrote:
 Indulekha:
  
  Anyone know a way to simply filter out all that annoying gpg/pgp noise? 
 
 muttrc:
 
 set display_filter='sed -f ~/.mutt/display-filter'
 
 ~/.mutt/display-filter:
 
 /^gpg:/d
 
 J.
 -- 
 I no longer believe in father christmas but have no trouble
 comprehending a nuclear apocalypse.
 [Agree]   [Disagree]
  http://www.slowlydownward.com/NODATA/data_enter2.html


Thanks so much, that did the trick. :)

-- 
❤ ♫ ❤ ♫ ❤ ♫ ❤   
 Indulekha 



signature.asc
Description: Digital signature

Re: gpg/pgp noise

[Indulekha]

On Tue, May 08, 2012 at 12:34:02PM +0100, Phil Dobbin wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 On 08/05/12 12:29, Mika Suomalainen wrote:
  08.05.2012 14:20, Lisi kirjoitti:
  On Tuesday 08 May 2012 12:11:56 Indulekha wrote:
  On Tue, May 08, 2012 at 11:53:23AM +0100, Phil Dobbin wrote:
  Increasing the pool of servers that gpg checks may alleviate your
   problem but it's more than likely to be people haven't exported 
  their key.
  
  Mine has been exported. See how you view that one.
  
  Cheers,
  
  Thanks, Phil. After adding the keyserver Mika suggested, I
  no longer see the error messages but do still have to see
  this messy block of text
  
  at the end:
  
  But did you after Phil's?
  
  Lisi
  
  
  
  That signature block informs to be bad signature from Phil.
  
  Viestin sisennettyä osaa (vastausta) on luultavasti muokattu
  (In English: The indented part of message (reply) has been
  possibly changed)
  gpg -komento ja -tuloste:
  In English: gpg -command and -output:
  /usr/bin/gpg2 gpg: Signature made ti  8. toukokuuta 2012
  13.53.22 EEST using RSA
  key ID A093C263
  gpg: BAD signature from Phil Dobbin bukowskis...@gmail.com
 
 That's because the email client didn't snip the quoted previous
 message correctly therefore part of the original signature was still
 included.
 
 Cheers,
 
   Phil...
 
 - -- 
 currently (ab)using
 Debian Squeeze, Fedora Verne, OS X Snow Leopard, Ubuntu Oneiric
 
 
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.11 (GNU/Linux)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
 
 iQEcBAEBAgAGBQJPqQSqAAoJECPmYW6gk8JjgoAIAJrz/H6d02x4pe6YaeHZ7Eh9
 66bxQhuOvvGzvYZ4hTmgeK5KNLEjO0ldlArVbtbEX5VQflPZXGMg394X5jAU6Lgr
 yOShLd1VSJH7bwPKq2AudOEO9CutGgu1JOWNAsUo96q1aRnqhYH8cuerpsMSWTaa
 DZX+GEpHgVbCd69jS3f++lZ+95oop7SmbS9qhDyfKd8E/DTWEIP+Va7OFRAVAeKu
 TFHAuNM2Vn9WheZ4XYkHLDLVXhVnFgk8FBCpxmeta4Gm8FUkWiGnFxHcYpP7onCk
 lCJRv9I5DRZY/3e9RsEiAzJD+CDbIgOgP5NsPxPONYHgf/Ei5+WD4yCN9wr6Z8E=
 =6CrI
 -END PGP SIGNATURE-
 
 

No, I think you may have an incorrect or incomplete configuration

-- 
❤ ♫ ❤ ♫ ❤ ♫ ❤   
 Indulekha 


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120508114030.GC9951@radhesyama

Re: gpg/pgp noise

[Phil Dobbin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 08/05/12 12:40, Indulekha wrote:

[snip]

 
 No, I think you may have an incorrect or incomplete configuration
 

In what way?

Cheers,

  Phil...

- -- 
currently (ab)using
Debian Squeeze, Fedora Verne, OS X Snow Leopard, Ubuntu Oneiric


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPqQa5AAoJECPmYW6gk8JjdQ4H/RPKevlfPIoulkHlfDEChhKV
mIUuOr7/cKd3MRxtm9si8gFzenOm6/nPyWpT725vsjyw9/0DBdTxWXKM9mfh+wsC
aJ72kgZG/QKIorH1Paoapp1K7ZIYzzPI/jV3ju7gCchjl8TOaKBwnIeppBQ6nl+T
d8RQHrU9OBR6uqUuLhZXTDQhDvsFPoabrkZ8d1UNRWUQC19zfhFpoE49ArO2t+gI
WAXlaukHteErhor0x+PyjjSu3rWp+jHcYkYvk5IfALC6AZFRltuqNPZIbGFTp1Pv
bi1gNihJ3WgRClRXCYmO0o+fxbIKFpgaQSe8xh8eN8zovbahFufeEZH/AiTzbT8=
=/xy/
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4fa906ba.1030...@gmail.com

Re: gpg/pgp noise

[Mika Suomalainen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

08.05.2012 14:40, Indulekha kirjoitti:
 On Tue, May 08, 2012 at 12:34:02PM +0100, Phil Dobbin wrote: On
 08/05/12 12:29, Mika Suomalainen wrote:
 08.05.2012 14:20, Lisi kirjoitti:
 On Tuesday 08 May 2012 12:11:56 Indulekha wrote:
 On Tue, May 08, 2012 at 11:53:23AM +0100, Phil Dobbin
 wrote:
 Increasing the pool of servers that gpg checks may
 alleviate your problem but it's more than likely to be
 people haven't exported their key.
 
 Mine has been exported. See how you view that one.
 
 Cheers,
 
 Thanks, Phil. After adding the keyserver Mika
 suggested, I no longer see the error messages but do
 still have to see this messy block of text
 
 at the end:
 
 But did you after Phil's?
 
 Lisi
 
 
 
 That signature block informs to be bad signature from Phil.
 
 Viestin sisennettyä osaa (vastausta) on luultavasti
 muokattu
 (In English: The indented part of message (reply) has been 
 possibly changed)
 gpg -komento ja -tuloste:
 In English: gpg -command and -output:
 /usr/bin/gpg2 gpg: Signature made ti  8. toukokuuta 2012 
 13.53.22 EEST using RSA
 key ID A093C263
 gpg: BAD signature from Phil Dobbin
 bukowskis...@gmail.com
 
 That's because the email client didn't snip the quoted previous 
 message correctly therefore part of the original signature was
 still included.
 
 Cheers,
 
 Phil...
 
 
 
 
 No, I think you may have an incorrect or incomplete
 configuration
 

Phil is right, that security error came, because you wrote your
message between content, which he had signed.

Enigmail automatically removes signatures of other people when
replying to signed message.

- -- 
Mika Suomalainen
gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728
Key fingerprint = 24BC 1573 B8EE D666 D10A  AA65 4DB5 3CFE 82A4 6728
http://mkaysi.github.com/
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPqQbNAAoJEE21PP6CpGcovIEP/jcm0+kccXOLhjC1sv7bvECr
f/c1j6w8EFv2XmYdW1VPSQ2U8bGD3XgguuuRh12eG3M7udz0iaaSs0UBENHmLZpc
VrvYwXJ42VVRm1Wrm56Ta/v4SftBO0kbwrgkzqPrsptlboqUbQRE9XCGrgV4kKVM
zFgle9YWKP1bDHdJs9VyCUYDjg4BPei3NthBltGjIxmHXbj0OCqzlhh552eVLbi3
JRRjDtZ9ettTW9BgULNNdBhbI3PqZWVKpEjjc9J9DB+6XXjwS5Mf1JhT6WHlSYJl
5fEbjRw6Og7pzU21gVC2Zhsi5LqzM8dIZyvndExtHsD3cC6/JDd4TDQEaJE8JilJ
wMrUfZ0DXTYhhrpv/zEaAogPkJi8uBlx6jtDsMCvn4NiIX34OtVTRLLZ75Tu0lz4
bpLto68jzhIEKuhAAnTn0teQVTtjCl5bnwVYdAyWTwCSgnkVEy27WgwyMDtklx/Z
lOhrlZIQG/IBiNA47N6QUBZHm0KDNsfB3TICiY7tczkSFRFbBeguPWXe2mJhGRfD
vxuZ8cXLnsZ0fPWprSZ7oY0GdPfloWJ4Ckvs8b0RtavB62F7XNNtF4/V36JLI54b
TBbbzASLy92PPPGXYZ1vG/WKFWd0CqWb1G59yu5CG9QWw/efRkDSoQp416/cNOGA
S33PPm5VnVuLsJXWf8J/
=qHVs
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4fa906cf.5090...@hotmail.com

Re: gpg/pgp noise

[Indulekha]

On Tue, May 08, 2012 at 02:29:39PM +0300, Mika Suomalainen wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 08.05.2012 14:20, Lisi kirjoitti:
  On Tuesday 08 May 2012 12:11:56 Indulekha wrote:
  On Tue, May 08, 2012 at 11:53:23AM +0100, Phil Dobbin wrote:
  Increasing the pool of servers that gpg checks may alleviate your 
  problem but it's more than likely to be people haven't exported
  their key.
  
  Mine has been exported. See how you view that one.
  
  Cheers,
  
  Thanks, Phil. After adding the keyserver Mika suggested, I no
  longer see the error messages but do still have to see this
  messy block of text
  
  at the end:
  
  But did you after Phil's?
  
  Lisi
  
  
 
 That signature block informs to be bad signature from Phil.
 
  Viestin sisennettyä osaa (vastausta) on luultavasti muokattu
 (In English: The indented part of message (reply) has been possibly
 changed)
  gpg -komento ja -tuloste:
 In English: gpg -command and -output:
  /usr/bin/gpg2 gpg: Signature made ti  8. toukokuuta 2012 13.53.22
  EEST using RSA
 key ID A093C263
  gpg: BAD signature from Phil Dobbin bukowskis...@gmail.com
 
 - -- 
 Mika Suomalainen
 gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728
 Key fingerprint = 24BC 1573 B8EE D666 D10A  AA65 4DB5 3CFE 82A4 6728
 http://mkaysi.github.com/
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v2.0.19 (GNU/Linux)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
 
 iQIcBAEBAgAGBQJPqQOhAAoJEE21PP6CpGcoIlAP/jo6enkTnXc0Ko9pvtJ8Xx5T
 3lipNMEO0IEf1CN0Yz7392rr/8hvzSTCrBZPXQOyWs7D5EDTlTFsyq9c25MTv1vg
 mGyu0MECbhDuBBG+1XbZpSGIJpHW2GWCcepr55IR7efA3kDhRfYUbbFoey9Uq85g
 Co78ZzfebVvDchcDs/gFnIrq093YTfKgc9sJTJFFmejNjOZMty8XYVjvkDaYA+Kv
 FhFqKO/EsAtUxotHMR2ZhFQrBBXJELIgoDOhgMK/zoSfsXsY2gTgCGxhSf8fRC3g
 1bpX7qAJ3c0+VcQzWm1GnWKIgPZJgLHmmhPBryszB+fZQuJ4E6arSfvOY/Kiryrr
 30rrbqmGFBfEiDziZ4aDEvE3ArajsmW10HZv5VfdBV7dWVgxZgm0+JP6Q3NsvZpp
 AfMeV/fUl8dzyXzlZ0ddFkdBl09VCWw2/oCAwLzutfEoUSA0sXLh2njd17gTrOBc
 7Z23l78fuTOR1BxXp9/8lJwzOydv9QRd66/jUAZ74lSrIKDslsWsgvkQx0PK0u78
 lp2xFJVtMQpcrllmxbo3DbB/QAGkYPppl+706sAeOl9FtWXpbdwoc6fx5hB2DRQ+
 Sos35nWjSSkuIJdRd1KkWAr0miNXUxUQ8n5avgKmbmaypIENGMcVRVKH30dNMrBN
 7eqBx4ci5qNUlUBRGpQl
 =QAdu
 -END PGP SIGNATURE-
 
 

Yes, yours also still shows the (useless) text block at the end.
Jochem Spieker setup is correct, and the block is gone using the 
recipe he provided.

A few years ago I went through all this for the exact same reasons, 
and ISTR at least half of all pgp/gpg signed mail I received was 
done incorrectly I just hate that.

-- 
❤ ♫ ❤ ♫ ❤ ♫ ❤   
 Indulekha 


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120508114651.GD9951@radhesyama

Re: gpg/pgp noise

[Jochen Spieker]

Indulekha:
 
 No, I think you may have an incorrect or incomplete configuration

This is inline vs. MIME:

http://www.phildev.net/pgp/pgp_clear_vs_mime.html

J.
-- 
I can tell a Whopper[tm] from a BigMac[tm] and Coke[tm] from Pepsi[tm].
[Agree]   [Disagree]
 http://www.slowlydownward.com/NODATA/data_enter2.html


signature.asc
Description: Digital signature

Re: gpg/pgp noise

[Indulekha]

On Tue, May 08, 2012 at 02:43:11PM +0300, Mika Suomalainen wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 08.05.2012 14:40, Indulekha kirjoitti:
  On Tue, May 08, 2012 at 12:34:02PM +0100, Phil Dobbin wrote: On
  08/05/12 12:29, Mika Suomalainen wrote:
  08.05.2012 14:20, Lisi kirjoitti:
  On Tuesday 08 May 2012 12:11:56 Indulekha wrote:
  On Tue, May 08, 2012 at 11:53:23AM +0100, Phil Dobbin
  wrote:
  Increasing the pool of servers that gpg checks may
  alleviate your problem but it's more than likely to be
  people haven't exported their key.
  
  Mine has been exported. See how you view that one.
  
  Cheers,
  
  Thanks, Phil. After adding the keyserver Mika
  suggested, I no longer see the error messages but do
  still have to see this messy block of text
  
  at the end:
  
  But did you after Phil's?
  
  Lisi
  
  
  
  That signature block informs to be bad signature from Phil.
  
  Viestin sisennettyä osaa (vastausta) on luultavasti
  muokattu
  (In English: The indented part of message (reply) has been 
  possibly changed)
  gpg -komento ja -tuloste:
  In English: gpg -command and -output:
  /usr/bin/gpg2 gpg: Signature made ti  8. toukokuuta 2012 
  13.53.22 EEST using RSA
  key ID A093C263
  gpg: BAD signature from Phil Dobbin
  bukowskis...@gmail.com
  
  That's because the email client didn't snip the quoted previous 
  message correctly therefore part of the original signature was
  still included.
  
  Cheers,
  
  Phil...
  
  
  
  
  No, I think you may have an incorrect or incomplete
  configuration
  
 
 Phil is right, that security error came, because you wrote your
 message between content, which he had signed.
 
 Enigmail automatically removes signatures of other people when
 replying to signed message.
 
 - -- 
 Mika Suomalainen
 gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728
 Key fingerprint = 24BC 1573 B8EE D666 D10A  AA65 4DB5 3CFE 82A4 6728
 http://mkaysi.github.com/
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v2.0.19 (GNU/Linux)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
 
 iQIcBAEBAgAGBQJPqQbNAAoJEE21PP6CpGcovIEP/jcm0+kccXOLhjC1sv7bvECr
 f/c1j6w8EFv2XmYdW1VPSQ2U8bGD3XgguuuRh12eG3M7udz0iaaSs0UBENHmLZpc
 VrvYwXJ42VVRm1Wrm56Ta/v4SftBO0kbwrgkzqPrsptlboqUbQRE9XCGrgV4kKVM
 zFgle9YWKP1bDHdJs9VyCUYDjg4BPei3NthBltGjIxmHXbj0OCqzlhh552eVLbi3
 JRRjDtZ9ettTW9BgULNNdBhbI3PqZWVKpEjjc9J9DB+6XXjwS5Mf1JhT6WHlSYJl
 5fEbjRw6Og7pzU21gVC2Zhsi5LqzM8dIZyvndExtHsD3cC6/JDd4TDQEaJE8JilJ
 wMrUfZ0DXTYhhrpv/zEaAogPkJi8uBlx6jtDsMCvn4NiIX34OtVTRLLZ75Tu0lz4
 bpLto68jzhIEKuhAAnTn0teQVTtjCl5bnwVYdAyWTwCSgnkVEy27WgwyMDtklx/Z
 lOhrlZIQG/IBiNA47N6QUBZHm0KDNsfB3TICiY7tczkSFRFbBeguPWXe2mJhGRfD
 vxuZ8cXLnsZ0fPWprSZ7oY0GdPfloWJ4Ckvs8b0RtavB62F7XNNtF4/V36JLI54b
 TBbbzASLy92PPPGXYZ1vG/WKFWd0CqWb1G59yu5CG9QWw/efRkDSoQp416/cNOGA
 S33PPm5VnVuLsJXWf8J/
 =qHVs
 -END PGP SIGNATURE-
 

I despise thunderchicken, and will not be using enigmail.
It seems to me hardly anyone who uses gpg does so correctly...

-- 
❤ ♫ ❤ ♫ ❤ ♫ ❤   
 Indulekha 


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120508115023.GE9951@radhesyama

Re: gpg/pgp noise

[Mika Suomalainen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

08.05.2012 14:46, Indulekha kirjoitti:
 On Tue, May 08, 2012 at 02:29:39PM +0300, Mika Suomalainen wrote: 
 08.05.2012 14:20, Lisi kirjoitti:
 On Tuesday 08 May 2012 12:11:56 Indulekha wrote:
 On Tue, May 08, 2012 at 11:53:23AM +0100, Phil Dobbin
 wrote:
 Increasing the pool of servers that gpg checks may alleviate
 your problem but it's more than likely to be people haven't
 exported their key.
 
 Mine has been exported. See how you view that one.
 
 Cheers,
 
 Thanks, Phil. After adding the keyserver Mika suggested,
 I no longer see the error messages but do still have to
 see this messy block of text
 
 at the end:
 
 But did you after Phil's?
 
 Lisi
 
 
 
 That signature block informs to be bad signature from Phil.
 
 Viestin sisennettyä osaa (vastausta) on luultavasti muokattu
 (In English: The indented part of message (reply) has been
 possibly changed)
 gpg -komento ja -tuloste:
 In English: gpg -command and -output:
 /usr/bin/gpg2 gpg: Signature made ti  8. toukokuuta 2012
 13.53.22 EEST using RSA
 key ID A093C263
 gpg: BAD signature from Phil Dobbin
 bukowskis...@gmail.com
 
 
 
 
 Yes, yours also still shows the (useless) text block at the end. 
 Jochem Spieker setup is correct, and the block is gone using the 
 recipe he provided.
 
 A few years ago I went through all this for the exact same reasons,
  and ISTR at least half of all pgp/gpg signed mail I received was 
 done incorrectly I just hate that.
 

I have reasons to clearsign,
http://mkaysi.github.com/PGP/Clearsigning.html .

PS. Debian-user is one of those mailing lists, which aren't affected
by that issue.

- -- 
Mika Suomalainen
gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728
Key fingerprint = 24BC 1573 B8EE D666 D10A  AA65 4DB5 3CFE 82A4 6728
http://mkaysi.github.com/
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPqQhPAAoJEE21PP6CpGcok3UP/0Wz4cdZu+g09i4MNi+yYila
y1zGqnfzjiOoj/1T6BQ2xu28qlDbcUCRO+evqLDv4SwlEDdU+CxORfy+54ihW9jb
0PM/42i8h+BvNoCWB4Sp2ILo3/z+8xlQx35MFdESW8VjdUbNV41Ev8nFMLpO99gV
VEtSGzMPHJ+b7VJH0r52O2DMKoChfY871huK/TemlOt/jTm2ndk8Ngbv+Mogzj0a
STL3eD+0Ay2JSV+Hp2Tnfm5hyQPxRiK0awjOFMwSSeAK7NqUa4SgatWG8T6HhVrR
RwCK5Nyl3VZEFfPWa0rxiUzzsVCIu1Br5ij0dPJnI2M3WJufjirxFxXmGqd968NK
yFm2mRjv8gNehIXmqgXDynHSGQrAYPRXbv8mdMhSTz1i9v8Xdz3JzCSWKpIHNO8h
fRcb9m8g1FJEo63YeBPiZXnt+ymOR1+yx2wX1Ao7KAfGu3DlB6Na6eDsbWsoUJy9
cJ/xW6QyAo3g+oCFl3RAOFnBqBYVgZRi3SN110s9zOkAa9XEdLLnvOi/wYz9R0mu
xoW49YQ4qXuLKIMgam/jJ0KG4+xRik4oA5UolAWgRYFw3lICpt8WGJ+TVTlFFfmQ
IaEjGfKYEuyP7SL8HOL//YPj1p76T2tj4K/SnPcyyYBTADU7PVKxrqmpz9d0Bhvl
sIL+Yj9m1eaP3Q2FPxyk
=zqiF
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4fa90851.4070...@hotmail.com

Re: gpg/pgp noise

[Indulekha]

On Tue, May 08, 2012 at 01:45:59PM +0200, Jochen Spieker wrote:
 Indulekha:
  
  No, I think you may have an incorrect or incomplete configuration
 
 This is inline vs. MIME:
 
 http://www.phildev.net/pgp/pgp_clear_vs_mime.html
 

Aha, so yours is inline or MIME?
And is there a recipe for muttrc to hide the other kind?

-- 
❤ ♫ ❤ ♫ ❤ ♫ ❤   
 Indulekha 



signature.asc
Description: Digital signature

Re: gpg/pgp noise

[Mika Suomalainen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

08.05.2012 14:45, Jochen Spieker kirjoitti:
 Indulekha:
 
 No, I think you may have an incorrect or incomplete
 configuration
 
 This is inline vs. MIME:
 
 http://www.phildev.net/pgp/pgp_clear_vs_mime.html
 
 J.

And that page forgets the problems in MIME.

PGP/MIME requires headers, message and the signature.asc to be
verified. Some mailing list programs mess up with the headers and this
way make PGP/MIME signatures unverifiable.

In INLINE, the signature is in message and it doesn't require headers
to be verified so it's harder to be messed up by mailing list software.

- -- 
Mika Suomalainen
gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728
Key fingerprint = 24BC 1573 B8EE D666 D10A  AA65 4DB5 3CFE 82A4 6728
http://mkaysi.github.com/
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPqQk4AAoJEE21PP6CpGcofI4QAJCvZvkMdD3j+u50lychq1uI
z/6y09J2yksnlTePk+E1XMGTdAuMdYqpykJtpVFugUDTIUHXpH6uFThwC6yoIsN+
CYLOW7WLcD2P+D026Q4ZH4uYoBVMW3z7bVYBxbm+3E4jAZfFjOXVF2ngpbUY3sAH
OrnSFz+cwey4OYmwevvpUFhDyzZauOGsw+A1B8s97SsnwYn0jJlNx8Fq0sBIZHso
Q4XoVY+3KNeyjnDfLrpG/SIoHZsRKqrrTLN/nKO9PYaoQVyCDmhcH9YSQLRrK2Wi
+ZpC8bePguGWw/jAQz7k6aqwaRR9pRWXXEGPb9cdLp+cjOCNgJF2kmrH9QPGrZ2A
/QZv+TdTU8E0YpBUeR6YF1WnpzqjHCGcP5ab7SfR912GOfBdH43Xk7FPlciljQoZ
sbPuwsFmo8Ixx2NKkfczsvkwtR7iIJLK//G+Tv5PUp4Ce5JPPflOC198CN1N7DF4
S3L6SgXT2CxtCGbnI1fkJRGh2DSJ0V+GvIIk4otHdIitvE6yzDZiWk6il7CCdDab
/rnNaYN/699szwVHYScZuNS1XkjrPfPIcVNtxTPFYWPPIao4fndkYtumLYxoXX5o
xK3OoQe4Hc7igkcBN2xlejP+SBC2dBBlP4cO/gYWLV/ZkKthwef7EFXW2uMGquLZ
rgPVFfkhtLf9j2KSvxv6
=OXcs
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4fa9093a.6080...@hotmail.com