Re: Copier le fichier public PGP d'Anydesk dans le répertoire /etc/apt/trusted.gpg.d [RESOLU]
Le file de discussion "apt-key is deprecated" contient les infos qui m'ont permis de régler mon problème. Puisse ce message aider d'autres personnes. Le jeu. 18 avr. 2024 à 12:41, Olivier a écrit : > > Bonjour, > > J'ai suivi la procédure en [1] elle ne fournit pas le résultat escompté. > J'ai : > > # curl -O https://keys.anydesk.com/repos/DEB-GPG-KEY | tee > /usr/share/keyrings/anydesk.gpg > % Total% Received % Xferd Average Speed TimeTime Time > Current > Dload Upload Total SpentLeft Speed > 100 1778 100 17780 0 13268 0 --:--:-- --:--:-- --:--:-- 13268 > # ls -l /usr/share/keyrings/anydesk.gpg > -rw-r--r-- 1 root root 0 18 avril 12:37 /usr/share/keyrings/anydesk.gpg > > Le fichier DEB-GPG-KEY est au format "PGP public key block Public-Key (old)". > Les autres fichiers de /usr/share/keyrings/ sont "au format GPG". > > [1] https://www.debian-fr.org/t/anydesk-sur-bullseye/85147/2 > > Comment corriger ? > > Slts
Copier le fichier public PGP d'Anydesk dans le répertoire /etc/apt/trusted.gpg.d
Bonjour, J'ai suivi la procédure en [1] elle ne fournit pas le résultat escompté. J'ai : # curl -O https://keys.anydesk.com/repos/DEB-GPG-KEY | tee /usr/share/keyrings/anydesk.gpg % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 100 1778 100 17780 0 13268 0 --:--:-- --:--:-- --:--:-- 13268 # ls -l /usr/share/keyrings/anydesk.gpg -rw-r--r-- 1 root root 0 18 avril 12:37 /usr/share/keyrings/anydesk.gpg Le fichier DEB-GPG-KEY est au format "PGP public key block Public-Key (old)". Les autres fichiers de /usr/share/keyrings/ sont "au format GPG". [1] https://www.debian-fr.org/t/anydesk-sur-bullseye/85147/2 Comment corriger ? Slts
Re: Need help with PGP signature verification
On Sun, Oct 8, 2023 at 14:39 Thomas Schmitt wrote: > Hi, Thanks, Thomas. I did get the signers key fingeprints from their personal github pages. I would go the full security route if it were only my use I'm concerned with, but I'm working on a Raku module for others and I don't want them to be held up by having to fumble with key trust before at least downloading the files with a first order check with data I can provide. I'll make sure to document exactly what I'm providing. Best regards, -Tom
Re: Need help with PGP signature verification
"Thomas Schmitt" wrote: > Hi, > > Tom Browder wrote: > > I'm willing to trust published PGP key fingerprints for signers of > > Rakudo downloadable files. > > Do i get it right that you talk about https://rakudo.org/downloads ? > > > Question: How can I get the fingerprint from the downloads? > > The products I download are (1) the file of interest, (2) a PGP > > signed checksums file with various shaX hashes for the file, and > > (3) a separate file containing a PGP signature. > > The "Verify" button at above web page leads to > https://rakudo.org/downloads/verifying > which explains how to use sha256 and gpg2 for verification. > Most importantly it lists the fingerprints of the four "Keys of the > releasers". If gpg2 --verify reports any other fingerprint, then > the .asc file cannot be trusted. > > (It is not overly trustworthy that fingerprints and the signed files > are offered on the same web site. Once the site is compromised, both > can be manipulated by the attacker.) That's why the page suggests that the developers' also list their fingerprints on their github pages, I suspect. Which they do.
Re: Need help with PGP signature verification
Hi, Tom Browder wrote: > I found a usable answer. Run "gpg file.asc" and the output shows the two > fingerprints: the primary key fingerprint and the subkey fingerprint. Wow, that's surprising. But indeed the man page says: COMMANDS ... gpg may be run with no commands, in which case it will perform a rea‐ sonable action depending on the type of file it is given as input (an encrypted message is decrypted, a signature is verified, a file con‐ taining keys is listed). Have a nice day :) Thomas
Re: Need help with PGP signature verification
On Sun, Oct 8, 2023 at 05:13 Tom Browder wrote: > On Sun, Oct 8, 2023 at 3:29 AM DdB > wrote: > > Am 08.10.2023 um 01:16 schrieb Tom Browder: > > > I'm willing to trust published PGP key fingerprints for signers of > > > Rakudo downloadable files. > > > Question: How can I get the fingerprint from the downloads? I found a usable answer. Run "gpg file.asc" and the output shows the two fingerprints: the primary key fingerprint and the subkey fingerprint. I wish there was a PGP cookbook around somewhere. Thanks, all. -Tom
Re: Need help with PGP signature verification
Hi, maybe gpg --keyid-format long --verify signature_file.asc /some/dummy/file this gives me the last 16 characters of the fingerprint. Like: gpg:using key E9CBDFC0ABC0A854 with a matching payload file i get something like: Primary key fingerprint: 44BC 9FD0 D688 EB00 7C4D D029 E9CB DFC0 ABC0 A854 Have a nice day :) Thomas
Re: Need help with PGP signature verification
On Oct 08, 2023, Tom Browder wrote: > On Sun, Oct 8, 2023 at 3:29 AM DdB > wrote: > > Am 08.10.2023 um 01:16 schrieb Tom Browder: > > > I'm willing to trust published PGP key fingerprints for signers of > > > Rakudo downloadable files. > > > Question: How can I get the fingerprint from the downloads? > > There is more than just one way to archieve this, first result from > > I should have been more specific. I have the following: > > -BEGIN PGP SIGNATURE- > > iHUEABYKAB0WIQTdpb2j9c3OmfntVsEsxulzgY84awUCZQ1GBgAKCRAsxulzgY84 > a+jhAQCZ0lLh1EnB1AwrgW0zPBp801OOeJ2QUiDBOGXBbrl/7QD/ZQe738sF2tCR > 43SAvJOfT3b4YpGdfSUj9F7XNDoovQM= > =mNqK > -END PGP SIGNATURE- > > I need the fingerprint from that to compare with the fingerprints I > know from Github to see if it's from the same key. No, you just need the key(s) from the developer(s). Assuming you've not accidentally tampered with the files, you'll be able to verify this signature with a command like "gpg --verify shasum.txt.gpg shasum.txt". You'll get a message to the effect of Signature made [some-date-here] using RSA Key [fingerprint-here] Good signature from "Some Person's GPG Key Name" NOTE -- you MAY also receive some lines to the effect of WARNING: This key is not trusted, the authenticity of the signature cannot be verified. As with checking a Debian ISO (or other Linux distro that uses this style of verification), this is nothing to be worried about, it's just GPG informing you that it doesn't have any information as to whether you actually "trust" the key (either through you explicitly signing / trusting the key, or trust being derived through the GPG Web of Trust). It's roughly the GPG equivalent of a web browser going "WARNING - Self Signed Certificate". Anyway, once you're done with this; then you know the sha256 checksum file is the one the developers intended you to get; and you can use it to check the *iso file. Probably something like "sha256sum --ignore-missing -c sha256sum.txt" HTH :) -- |_|O|_| |_|_|O| Github: https://github.com/dpurgert |O|O|O| PGP: DDAB 23FB 19FA 7D85 1CC1 E067 6D65 70E5 4CE7 2860 signature.asc Description: PGP signature
Re: Need help with PGP signature verification
On Sun, Oct 8, 2023 at 3:29 AM DdB wrote: > Am 08.10.2023 um 01:16 schrieb Tom Browder: > > I'm willing to trust published PGP key fingerprints for signers of > > Rakudo downloadable files. > > Question: How can I get the fingerprint from the downloads? > There is more than just one way to archieve this, first result from I should have been more specific. I have the following: -BEGIN PGP SIGNATURE- iHUEABYKAB0WIQTdpb2j9c3OmfntVsEsxulzgY84awUCZQ1GBgAKCRAsxulzgY84 a+jhAQCZ0lLh1EnB1AwrgW0zPBp801OOeJ2QUiDBOGXBbrl/7QD/ZQe738sF2tCR 43SAvJOfT3b4YpGdfSUj9F7XNDoovQM= =mNqK -END PGP SIGNATURE- I need the fingerprint from that to compare with the fingerprints I know from Github to see if it's from the same key. I think using openssl might be the easiest, but all the tools seem to have a huge number of options and a vocabulary that's very malleable. Thanks. -Tom
Re: Need help with PGP signature verification
Hi, Tom Browder wrote: > I'm willing to trust published PGP key fingerprints for signers of Rakudo > downloadable files. Do i get it right that you talk about https://rakudo.org/downloads ? > Question: How can I get the fingerprint from the downloads? > The products I download are (1) the file of interest, (2) a PGP signed > checksums file with various shaX hashes for the file, and (3) a separate > file containing a PGP signature. The "Verify" button at above web page leads to https://rakudo.org/downloads/verifying which explains how to use sha256 and gpg2 for verification. Most importantly it lists the fingerprints of the four "Keys of the releasers". If gpg2 --verify reports any other fingerprint, then the .asc file cannot be trusted. (It is not overly trustworthy that fingerprints and the signed files are offered on the same web site. Once the site is compromised, both can be manipulated by the attacker.) Have a nice day :) Thomas
Re: Need help with PGP signature verification
Am 08.10.2023 um 01:16 schrieb Tom Browder: > I'm willing to trust published PGP key fingerprints for signers of > Rakudo downloadable files. > > Question: How can I get the fingerprint from the downloads? > > The products I download are (1) the file of interest, (2) a PGP signed > checksums file with various shaX hashes for the file, and (3) a separate > file containing a PGP signature. > > Thanks so much. > > -Tom > > > There is more than just one way to archieve this, first result from G**-search returns: https://superuser.com/questions/1297670/how-do-i-check-gpg-signature-given-only-the-fingerprint-and-key-id which also contains security related warnings and hints. HTH, DdB
Need help with PGP signature verification
I'm willing to trust published PGP key fingerprints for signers of Rakudo downloadable files. Question: How can I get the fingerprint from the downloads? The products I download are (1) the file of interest, (2) a PGP signed checksums file with various shaX hashes for the file, and (3) a separate file containing a PGP signature. Thanks so much. -Tom
Re: PGP-Schluessel auf keys.openpgp.org?
Hi, sorry for this german mail which i sent to debian-user by mistake. (I was asked by the xorriso maintainer of another distro to upload my public PGP key to the keyserver which the distro uses. Hopefully i was able to fulfill that wish and did not publish any secrets of mine.) Have a nice day :) Thomas
Re: PGP-Schluessel auf keys.openpgp.org?
Hi, > siehst Du eine Möglichkeit Deinen PGP-Schlüssel auf keys.openpgp.org zu > verwalten und die E-Mail-Adresse freizugeben? Ich habe die Ausgabe von gpg --export scdbac...@gmx.net hochgeladen. (Ich haette ja gerne inspiziert, was in dem Ausgabefile steht, aber soweit bringt mich "man gpg" nicht.) Nach Aufforderung per Mail habe ich eine Verifications-URL angesteuert. Diese URL fuehrt dann zu einer Seite mit dem Text keys.openpgp.org Your key 44BC9FD0D688EB007C4DD029E9CBDFC0ABC0A854 is now published for the identity scdbac...@gmx.net. Eine Suche mit meiner Mail Adresse auf keys.openpgp.org bringt: We found an entry for scdbac...@gmx.net. Schau mal, ob das jetzt so ist, wie der RPM-Paketbau es braucht. Have a nice day :) Thomas
Re: PGP: difference between Kleopatra and Kgpg, both from KDE
Marco Möller wrote: > So, unfortunately I am still in need to find more information about the > two different (or in the end not different?) GUI tools concerning their > PGP functionality. > Focus on kgpg for now and start with PGP and OpenGPG (gnupg) https://www.openpgp.org/ There are also many other sites that explain use of PGP. Kleopatra can be seen as KDE specific tool for managing certificates and keys (GPGsM) but in different context. My advise: Forget it for now! > Many thanks for all the other explanations which you also gave in your > answer, they have been helpful! > Marco. welcome
Re: PGP: difference between Kleopatra and Kgpg, both from KDE
On 31.05.21 22:57, deloptes wrote: apt-cache show kleopatra apt-cache show kgpg I think the above parts of the package description explains quite well the use cases. With kleopatra you manage certificates in KDE (such like SSL) With Kgpg you manage GPG keys and you can encrypt/decrypt GUI style text Well, these descriptions partly cause my question. Following the package descriptions, Kgpg appears as the GUI frontend to GnuPG and in addition having a feature to input text into a field and to encrypt it right there instead of having to receive the input from a file, while Kleopatra appears to be kind of a GUI database manager for managing PGP keys and also X.509 certificates. But installing them both and comparing there PGP related offers without understanding too much about the topic, Kleopatra seems, like Kgpg, the same being a GUI frontend to GnuPG, also including the feature for generating key pairs, and like Kgpg also having in addition a feature to input text into a field and to encrypt it right there instead of having to receive the input from a file. To this extend it could simply be, that Kleopatra includes all Kgpg functionality and then as an extra adds management of also X.509 functionality to it. But if I compare the PGP settings which are offered in the GUI for creating a PGP key, then in detail this looks different in Kgpg and Kleopatra. Kleopatra seems to offer more options and is using more technical names for them, while Kgpg seems to offer a smaller amount of options and describes them more verbosely instead of using so much technical abbreviations. As a beginner it is very difficult to foresee if they are finally the same, with Kleopatra simply enhancing the amount of offered features in comparison to smaller Kgpg, Kgpg being kind of the tool for beginners and Kleopatra being the tool for experts, or if Kgpg is actually targeting work cases by its options in its GUI which are not addressed by Kleopatra like this. It could even be that under the hood one is known to work more reliable or working closer to the openPGP standard or being more compatible to interface with other PGP tools or Apps wanting to use PGP. I am here specially watching out for the PGP functionality and not considering that Kleopatra as an extra also offers X.509 functionality. So, unfortunately I am still in need to find more information about the two different (or in the end not different?) GUI tools concerning their PGP functionality. Many thanks for all the other explanations which you also gave in your answer, they have been helpful! Marco.
Re: PGP: difference between Kleopatra and Kgpg, both from KDE
On Lu, 31 mai 21, 22:57:26, deloptes wrote: > > gnupg is the mother of all open source pgp stuff. In fact you must know that > PGP is the commercial implementation of a standard for symetric encryption > (I hope I am not wrong in my wording while citing from memory) PGP supports asymmetric encryption as well (also known as public-key cryptography), otherwise it wouldn't be very usable for e-mail ;) https://en.wikipedia.org/wiki/Public-key_cryptography > Gnupg is the opensource equivalent of PGP and it is great :) command line > utility and set of libraries that makes it possible to use encryption on > numerous of devices. The application is called gpg. > Kgpg is a front end to gnupg. Go to the home page of gpg and read, get > familiar to it. It definitely needs understanding before using. I'll have to disagree with the "great" here. In my (not so humble) opinion GnuPG's (the software) difficulty to use is one the reasons we still don't have encrypted, or at least signed email for everybody[1]. Getting public-key cryptography right is already difficult enough[2], it would be great if the tools wouldn't add another layer of difficulty on top. [1] signing all email by default could potentially make spam and phishing mostly go away [2] https://wiki.debian.org/GnuPG/AirgappedMasterKey Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: PGP: difference between Kleopatra and Kgpg, both from KDE
Marco Möller wrote: > Could someone explain for a raw beginner concerning the usage of PGP the > difference between Kleopatra and Kgpg, what the typical work case is for > the one and the other, what important feature the one and the other is > missing? > apt-cache show kleopatra Description-en: Certificate Manager and Unified Crypto GUI Kleopatra is a certificate manager and a universal crypto GUI. It supports managing X.509 and OpenPGP certificates in the GpgSM keybox and retrieving certificates from LDAP servers. Description-md5: e5d6fc989907b80b691c99f2d8834cf5 Homepage: https://www.kde.org/applications/utilities/kleopatra/ apt-cache show kgpg Description-en: graphical front end for GNU Privacy Guard Kgpg manages cryptographic keys for the GNU Privacy Guard, and can encrypt, decrypt, sign, and verify files. It features a simple editor for applying cryptography to short pieces of text, and can also quickly apply cryptography to the contents of the clipboard. . This package is part of the KDE Utilities module. Description-md5: c2c30394bb363998b52a8fcc2caeb33c Homepage: http://www.kde.org/ > > Sorry for the related but low specific questions in the following. Being > a raw beginner in the topic of PGP signing of email messages, it is > difficult to even know what exactly to ask for. My internet search > engine of choice and the KDE web sites both unfortunately did not guide > me to a nice reading about the differences of Kleopatra and Kgpg, and > adding Thunderbird to this does not make the topic easier to grasp. > Therefore please allow me to add the following complex of questions: > The background to my questions is, that I am aiming to soon use PGP > signatures when working with Thunderbird, but I would not know if > Kleopatra or if Kpgp would be better suited to support this. Besides, as > a raw beginner in the topic of PGP, I am not even sure right now if I > might find good usage of PGP for whatever else in the future (maybe > authentication for a ssh access?), and if for this I should right away > start to get comfortable with the one or the other tool, Kleopatra or > Kpgp, or if anyway both will be needed because they target different > work cases or complement each other? I think the above parts of the package description explains quite well the use cases. With kleopatra you manage certificates in KDE (such like SSL) With Kgpg you manage GPG keys and you can encrypt/decrypt GUI style text > At the moment my impression is that Thunderbird even comes with its own > PGP implementation and is not using any other PGP parts of the rest of > my Debian? Will Kleopatra or Kpgp then be of any help for me at all > right now? Don't know thunderbird or it's ability to use GPG, but it makes sense that it uses it's own implementation. The answer here is probably no. However you could use Kgpg to create and manage your keys and keyring (I would recommend it) > I find package "gnupg" (maybe for the package manager apt to work > fine?), but no package which in its package name would explicitly > contain the word openpgp. Is there a special openpgp package which I > should install in order to get well prepared for a typical PGP future? gnupg is the mother of all open source pgp stuff. In fact you must know that PGP is the commercial implementation of a standard for symetric encryption (I hope I am not wrong in my wording while citing from memory) Gnupg is the opensource equivalent of PGP and it is great :) command line utility and set of libraries that makes it possible to use encryption on numerous of devices. The application is called gpg. Kgpg is a front end to gnupg. Go to the home page of gpg and read, get familiar to it. It definitely needs understanding before using.
PGP: difference between Kleopatra and Kgpg, both from KDE
Hello, Could someone explain for a raw beginner concerning the usage of PGP the difference between Kleopatra and Kgpg, what the typical work case is for the one and the other, what important feature the one and the other is missing? Sorry for the related but low specific questions in the following. Being a raw beginner in the topic of PGP signing of email messages, it is difficult to even know what exactly to ask for. My internet search engine of choice and the KDE web sites both unfortunately did not guide me to a nice reading about the differences of Kleopatra and Kgpg, and adding Thunderbird to this does not make the topic easier to grasp. Therefore please allow me to add the following complex of questions: The background to my questions is, that I am aiming to soon use PGP signatures when working with Thunderbird, but I would not know if Kleopatra or if Kpgp would be better suited to support this. Besides, as a raw beginner in the topic of PGP, I am not even sure right now if I might find good usage of PGP for whatever else in the future (maybe authentication for a ssh access?), and if for this I should right away start to get comfortable with the one or the other tool, Kleopatra or Kpgp, or if anyway both will be needed because they target different work cases or complement each other? At the moment my impression is that Thunderbird even comes with its own PGP implementation and is not using any other PGP parts of the rest of my Debian? Will Kleopatra or Kpgp then be of any help for me at all right now? I find package "gnupg" (maybe for the package manager apt to work fine?), but no package which in its package name would explicitly contain the word openpgp. Is there a special openpgp package which I should install in order to get well prepared for a typical PGP future? Thanks a lot! Marco.
Nieuwe Thunderbird en PGP
Hallo, Vandaag is de nieuwe Thunderbird uitgerold via security met daarin een eigen PGP implementatie. Deze gebruikt geen PGP van het systeem, maar een eigen PGP die minder kan. Met moeite heb ik mijn private keys weten te importeren uit ~/.gnupg/secring.pgp. Hierin stonden verschillende keys, en als je opgaf dat je niet al die keys wou, dan wou hij ze toch. Maar goed, gelukt, maar het lijkt me lastig voor iemand die het paswoord van een oude key kwijt is, want het wil wel de paswoorden. De public keys importeren uit ~/.gnupg/pubring.pgp wil nog niet erg lukken. Thunderbird zegt dat het bestand te groot is. Iemand hier ervaring hoe je pubring.pgp opsplitst? De melding in het Engels is: This file is too big. Please don't import a large set of keys at once. Mijn pubring is overigens 23 MB, dat noem ik niet groot. Groet, Paul -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/
[OT] Fwd: PGP/GnuPG unsecure, should be replaced?
Para la información de quienes tengan interés. Mensaje reenviado Asunto: PGP/GnuPG unsecure, should be replaced? Resent-Date: Fri, 19 Jul 2019 11:42:34 + (UTC) Resent-From: debian-secur...@lists.debian.org Fecha: Fri, 19 Jul 2019 13:34:47 +0200 De: Stephan Seitz Organización: Minas Tirith, Gondor Para: debian-secur...@lists.debian.org Hi! I found the following article about PGP/GnuPG: https://latacora.singles/2019/07/16/the-pgp-problem.html In short you should drop GnuPG because it doesn’t do anything really the right way. It should be replaced with different tools for different situations. Debian is using GnuPG for signing files. From the article: Signing Packages Use Signify/Minisign. Ted Unangst will tell you all about it. It’s what OpenBSD uses to sign packages. It’s extremely simple and uses modern signing. Minisign, from Frank Denis, the libsodium guy, brings the same design to Windows and macOS; it has bindings for Go, Rust, Python, Javascript, and .NET; it’s even compatible with Signify. What do you think? Shade and sweet water! Stephan -- | Public Keys: http://fsing.rootsland.net/~stse/keys.html | -- Errar es de humanos, pero es mas humano culpar a los demás
PGP & Protonmail (Was: Encrypted e-mails?)
On Mon, 10 Sep 2018, pjw wrote: Since July ProtonMail is now fully interoperable with other PGP mail clients. Now that is a nice piece of news. -- Fraught with portent
Re: PGP Email Client
On 2018-07-08 18:18, HP Garcia wrote: Can anyone recommend an email client that can handle PGP? I'm currently using Claws-Mail 3.14.1 Thanks in advance roundcube with enigma plugin dunno if it is working mick -- Key ID4BFEBB31 0x4BFEBB31.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
Re: PGP Email Client
On 18-07-08 14:42:54, Jude DaShiell wrote: If you can live with the configuration mutt or neomutt can fill the bill. I can never truly recommend mutt to people who aren't used to terminal apps. That said, it's a great piece of software and the PGP handling in particular is really nice with a little config. signature.asc Description: PGP signature
Re: PGP Email Client
On Sun, 8 Jul 2018, HP Garcia wrote: > Date: Sun, 8 Jul 2018 13:18:25 > From: HP Garcia > To: debian-user@lists.debian.org > Subject: PGP Email Client > Resent-Date: Sun, 8 Jul 2018 17:18:45 + (UTC) > Resent-From: debian-user@lists.debian.org > > Can anyone recommend an email client that can handle PGP? I'm currently > using Claws-Mail 3.14.1 > > Thanks in advance > If you can live with the configuration mutt or neomutt can fill the bill. > --
Re: PGP Email Client
On Sun, 8 Jul 2018 10:18:25 -0700, HP Garcia wrote: >Can anyone recommend an email client that can handle PGP? I'm currently >using Claws-Mail 3.14.1 > Why not Claws-Mail? With the correct plugins (claws-mail-pgpinline or claws-mail-pgpmime) that should be packaged in Debian it handles pgp just fine. -- Andreas Rönnquist mailingli...@gusnan.se andr...@ronnquist.net pgpuTTeXWuCA8.pgp Description: OpenPGP digital signatur
Re: PGP Email Client
On Sun, 8 Jul 2018 10:18:25 -0700 HP Garcia wrote: Hello HP, >Can anyone recommend an email client that can handle PGP? I'm currently >using Claws-Mail 3.14.1 CM; Install the relevant plugin(s) and you're ready. -- Regards _ / ) "The blindingly obvious is / _)radnever immediately apparent" If we're working class, why ain't we got jobs? Insane Society - Menace pgp_CZDb6YBM0.pgp Description: OpenPGP digital signature
Re: PGP Email Client
On 7/8/2018 7:18 PM, HP Garcia wrote: Can anyone recommend an email client that can handle PGP? I'm currently using Claws-Mail 3.14.1 https://www.claws-mail.org/plugin.php?plugin=gpg Thunderbird with enigmail. https://support.mozilla.org/en-US/kb/digitally-signing-and-encrypting-messages -- John Doe
PGP Email Client
Can anyone recommend an email client that can handle PGP? I'm currently using Claws-Mail 3.14.1 Thanks in advance -- HP Garcia KM6JBI www.HPGPhotography.com
Re: How to get a PGP SIGNED MESSAGE
Hi, GC wrote: > I would like to get a PGP SIGNED MESSAGE. How do I do that? For production, see chapter 1 of GPG documentatio, "Getting Started": https://www.gnupg.org/gph/en/manual/c14.html (note the swapping of "g" and "p" in comparison to PGP.) The manual of gpg is quite rich in detail information: man gpg When posting official announcements to info-...@gnu.org, i use gpg --clearsign my_file to get a new file my_file.asc which looks like -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, ... -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFVWdQp6cvfwKvAqFQRAkWDAJwMwJS89XAq2npLv0iYdmCT6fv8LACgoRVW csBodn7iN9YzXO2sHZgthFc= =FlQN -END PGP SIGNATURE- This can be verified by getting my public key gpg --keyserver keys.gnupg.net --recv-keys ABC0A854 and running gpg --verify on my signed cleartext message gpg --verify my_file.asc An example message can be found at http://lists.gnu.org/archive/html/info-gnu/2015-05/msg9.html Have a nice day :) Thomas
Re: How to get a PGP SIGNED MESSAGE
On Wed, 18 Nov 2015 00:19:24 -0800 GC <g...@maillr.com> wrote: Hello GC, >I would like to get a PGP SIGNED MESSAGE. How do I do that? Wait for somebody to send you one. -- Regards _ / ) "The blindingly obvious is / _)radnever immediately apparent" Well you tried it just the once and found it alright for kicks Orgasm Addict - Buzzcocks pgplRla61QyIa.pgp Description: OpenPGP digital signature
Re: How to get a PGP SIGNED MESSAGE
On 18/11/15 18:19, GC wrote: > I would like to get a PGP SIGNED MESSAGE. How do I do that? Could you be more specific? If it was just your goal in life to have someone send an OpenPGP signed email, you can cross that off your "bucket list". I suspect that was not your aim though. Are you intending to generate signed messages or merely verify them? -- Stuart Longland (aka Redhatter, VK4MSL) I haven't lost my mind... ...it's backed up on a tape somewhere. signature.asc Description: OpenPGP digital signature
How to get a PGP SIGNED MESSAGE
I would like to get a PGP SIGNED MESSAGE. How do I do that?
keysigning, debian packaging met git, hoe word je een debian contributor, mutt (was: Re: Your signed PGP key)
Hi Dmitry, Cc-ing list since answers to questions about how to get started as a Debian contributor, or working with PGP, might be interesting to others too. Debian User Dutch-subscribers: excuses dat deze mail in het Engels is. Dmitry woont in Nederland maar schrijft makkelijker Engels dan Nederlands, geloof ik. Ik ontmoette hem op de Debian Bug Squashing Party, onlangs in Tilburg. Cc mij en Dmitry op replies aub; ik ben niet ge-abonneerd op deze lijst. On Tue, Dec 16, 2014 at 08:51:27PM +0100, Dmitry Katsubo wrote: On 16/12/2014 11:12, Joost van Baal-Ilić wrote: can i quote you on e.g. debian-events-nl, and answer there / publically? Sure. Please CC to me, as I might not be subscribed to that particular maillist. On Tue, Dec 16, 2014 at 09:44:44AM +0100, Dmitry Katsubo wrote: It was a pleasure for me to meet you at BSP in Tilburg today. Same! snip Please find your key signed by me. Thanks! Will process it later, and sign your key later. Please remind me if I fail to do that within about 1 week. I tried to follow the document Debian packaging using git (http://mdcc.cx/dpg.txt) you have suggested, but I find it a bit difficult to understand completely what is going on in the examples you provide. I have found another manual (http://honk.sigxcpu.org/projects/git-buildpackage/manual-html/gbp.html) which is more easy for me to start with right now. I will practise once I have some project on Git. OK, nice. I have checked the debian-newmain maillist and I see that DM applications already refer the existing packages. That means I have to find a sponsor first to initiate a package, and then request for DM? Yes, finding a DM is easier once you can show some work you've done for Debian. BTW, you don't need a sponsor to do Debian-work: you can e.g. create a .deb and publish that work on e.g. your own website. You can also apply for an account on alioth.debian.org, and start contributing to work there, using e.g. git. I have found Debian chemistry community (http://blends.debian.org/science/tasks/chemistry) -- I think this is right place to find further help and sponsor. Yup, that's a good way to enter. P.S. Sorry, I might have send the previous email to you encrypted by my key... Strange how Thunderbird came to such an idea. What software do you use to sign/encrypt email messages? mutt with GnuPG. If you 'apt install mutt' on a Debian system, the gnupg-integration works out of the box, iirc. Take care, Bye, Joost signature.asc Description: Digital signature
[OT] Firmas PGP rotas
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hola, Veo que cuando un mensaje es respondido se rompen las firmas PGP. Sería normal eso? ¿Es posible conseguir que, o bien se reconozcan las firmas en los mensajes citados, o bien se quite la firma antes de responder? No es demasiado importante, pero bueno... Un saludo, - -- Franci -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSd3omAAoJELcQqmDiUAB0LZcH/0zxtUrDmy/ny6MUxt2gtdAB WY0PynQHp4e8UKhLw/YGOOIF4oI3F/znw7LjbfTiAaAhXhcDddxrNT58wXiwNuJL pSfIzDBbZJx3+IWovC/SY1QgSIeLZShx+qAvswMT30RFqDkPxwJvZIEmphLte+p+ D7YlKhhnLQcbhhrxC43lP7Xef1YRDgLU6xvCSNKP178Li7gGl+V2rhEUIy5rdBLv 3sVB1zRjqCoUlwiNZHsfg8wUl27Rk647YyGyV7FP2PiaYl5ZQcesI+QOTvITu12S zRDc1DouNv2bsKNscqGm1PgY3tlSdyBVJuD3tfqIfuq89sSOw9Fd0PEK7KpnEVs= =3Pc9 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/52777a26.6090...@openmailbox.org
Re: [OT] Firmas PGP rotas
El Mon, 04 Nov 2013 07:42:46 -0300, Francisco Del Roio escribió: Veo que cuando un mensaje es respondido se rompen las firmas PGP. ¿Puedes poner un ejemplo? Si te refieres a los correos de esta lista, puedes usar el archivo para indicar algún mensaje. Sería normal eso? ¿Es posible conseguir que, o bien se reconozcan las firmas en los mensajes citados, o bien se quite la firma antes de responder? Es que no sé a qué te refieres :-? A los mensajes a los que respondo que llevan firma GnuPG/PGP integrada les quito manualmente la firma, claro. Saludos, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/pan.2013.11.04.14.57...@gmail.com
Re: [OT] Firmas PGP rotas
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 hola, El 04/11/2013 11:57 a.m., Camaleón escribió: (...) A los mensajes a los que respondo que llevan firma GnuPG/PGP integrada les quito manualmente la firma, claro. Saludos, MMM...dijo la vaca... Bueno, entonces no me quedan mas dudas. Un saludo, - -- Franci -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSd+KOAAoJELcQqmDiUAB0DMYH+wZv99Wh6gI6mTZ46U0jU0d0 dvE8bB5aNEibcCnyaj3camYMhEiJAnp7RSLKOu4NNUHM8Ei8Mbi4vwJBSE/qBiH7 9YUxtmi2TJz5TK8vINxgs0s9xc6o7AWrA7Tu+ST4aWZLXWO33sfuH2kKJmSLC1ZY 1NjqL7usDZsfbwH99qBOC7h4yZJWNkJ7sDDEuqPQJeRbb7PLH10T+VBVokGbGi/v 3N+mS8pyHDB+nT58LTatHgtntkHf3C09ONErbPi1/VWlh0xwBSR3sz2Lp9U+cuzc 22x0JZ4BYE5IPU/hwxZwf1R4HGS4QQ9geiXb9vTSLQZC68anau8ZNq2JQOrh2PE= =MBJ0 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5277e28f.8020...@openmailbox.org
Re: [OT] Firmas PGP rotas
El Mon, 04 Nov 2013 15:08:15 -0300, Francisco Del Roio escribió: El 04/11/2013 11:57 a.m., Camaleón escribió: (...) A los mensajes a los que respondo que llevan firma GnuPG/PGP integrada les quito manualmente la firma, claro. Saludos, MMM...dijo la vaca... Bueno, entonces no me quedan mas dudas. :-) Claro, es que realmente el mensaje lo mando yo, no tú. Tu mensaje original está debidamente firmado y dejar la firma intacta al responder no hace más aumentar el tamaño del mensaje y no aporta nada. Saludos, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/pan.2013.11.04.18.34...@gmail.com
Re: Strange PGP signature
Aort Conda aort...@gmx.com writes: What is this? The file on official cd mirror is different. Did not get what you are talking about. Everything is normal, see: % gpg --verify SHA512SUMS.sign SHA512SUMS gpg: Signature made Mon Oct 14 01:19:32 2013 MSK using RSA key ID 6294BE9B gpg: Good signature from Debian CD signing key debian...@lists.debian.org pgpmUa8nf05o5.pgp Description: PGP signature
Re: Strange PGP signature
On Tue, 15 Oct 2013 13:08:43 +0400 Dmitrii Kashin free...@freehck.ru wrote: Aort Conda aort...@gmx.com writes: What is this? The file on official cd mirror is different. Did not get what you are talking about. Everything is normal, see: % gpg --verify SHA512SUMS.sign SHA512SUMS gpg: Signature made Mon Oct 14 01:19:32 2013 MSK using RSA key ID 6294BE9B gpg: Good signature from Debian CD signing key debian...@lists.debian.org Probably he meant about .sign file. It is really different from that on cdimage.debian.org http://cdimage.debian.org/debian-cd/7.2.0/amd64/iso-dvd/SHA512SUMS.sign: -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAABCAAGBQJSWw5jAAoJENqH6A1ilL6bQ80QAOBDh5Sot0bcIPLXE0L7T8kU KJUSdQRcjTvwpW76BB7ekC6/gAfyHO7hd857vO6SI+78seLlbh3MBJ6swmn3WAcS YmxhDPDToPgerxwgKOXAby7hqenodrFyy/V79whFf1MA9TUbPS1veByERbgH/Rkt /qPD5oVNYqhD1NPOaF67+lDNZuyJlb82uNrBc7STApwfVIVNiqbcPhaQY6Z02L0r M5S9pqI8ReX56AWVYqnOjAVOxDyUmyKw4hXIIIk5Sj9NWZeUOu3vTv0CA7vdHLc2 a2vIc6WMxWMUqHaDwWOpJYIg+g7ti11UQUhn3qyJPwvH/P1LOCA35TcUsS7EllKs 6hfLdkwlaDlTK335aJliSo1T4fVtaQqOIHngencZcmUkhg061UIc+wZKH6a6CepW 1MkLzTbWK6u0EpHYUVlx/973kzkDIDGhFVbohEX82oSFg+3QTYGiL5UNQDYmMShx dS566ZTxwvSFwMitAmv9s3he/GIRj2c/MwchBHcFoMdixs0+snfH7aUGYJ8VjNEd QTZdSjuv/NtJImbHukhUjm0I+8wqJQRnahhDzqfWAHnursX1EsjCcxB/+n/SHqXQ gp46AePXbPEosFRXpjIBnInzYQyA9WbWSt26RH/f3mTV6XikMYEHQP80/chYJuxw oVQyLOsM5J6omBx44rbX =3eMw -END PGP SIGNATURE- attached file: -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAABCAAGBQJSWw5kAAoJENqH6A1ilL6bcioP/RQN87G5mx68QX8eWR+Gec2u ueRlXL4O63cQQI0G849KW5bag+4HUaUIvxEO1K0j0A3mnGKxYNfjiMtJ0uqx9dA6 ADWPubdMMtvuT8Yn+OvUyyK7Z5N3lh6ut7twSMF4EgMRz+IYnL43mIkjGTSb2r1F Ug9Ppr4J9tbZXViv5EtEx3swnXCvndus2ABhP8TjXwqUV1P4wc2tgj4c7OcyaCBW BVDQrFFbSDqOmD+ckyXZC1sv/Zsfb0WCVYfGeTBiTl0RjUQehJLLQcs7+yAQWiQ7 S3rDI+mdUB3oeIi5vatpjZwc5XqLTbNgTUy3nWGxBULbWFNoSSygbx98RuAXXCA/ QzNwBO8SHPcpO0VabEpqSrrhDw8fP9WosG9OzkqbYiTckis+QU9qE9Z2tKKw1DJe RWwtBngX8ELsr08AgSStNhXg+j0yR8nxHzPx2coQujx28O8OWrJkdYhiihQeV+C7 FYyXtZeC6l1/tC1EqAKGUNsZPclgk4VmJ0G9vakeRSSQ2PLeyTfMlExh5Q+RDixV CWClhIH5V73+tmIFOUPyI7LsdaIrfBUsY1yyoIyijxQrr3oz04ckhkpU5cQG4+Uw mveFFoxM/D2gFgyrd5h63bbs6JnUKhDIb0mDbJtrt2I9BV0JjOuz0iMsZfRodyRB J8WzUm/mZBewt+PPOA6v =hPTE -END PGP SIGNATURE- $ gpg --verify SHA512SUMS.sign SHA512SUMS # attached file gpg: Signature made Sun 13 Oct 2013 11:19:32 PM CEST using RSA key ID 6294BE9B gpg: Good signature from Debian CD signing key debian...@lists.debian.org $ gpg --verify SHA512SUMS.sign2 SHA512SUMS # http://cdimage.debian.org/debian-cd/7.2.0/amd64/iso-dvd/SHA512SUMS.sign gpg: Signature made Sun 13 Oct 2013 11:19:31 PM CEST using RSA key ID 6294BE9B gpg: Good signature from Debian CD signing key debian...@lists.debian.org But both signatures are 'Good', but time differs in 1 second. -- http://mr.flossdaily.org -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131015120349.71aad...@eunet.rs
Re: Strange PGP signature
Marko Randjelovic marko...@eunet.rs writes: $ gpg --verify SHA512SUMS.sign SHA512SUMS # attached file gpg: Signature made Sun 13 Oct 2013 11:19:32 PM CEST using RSA key ID 6294BE9B gpg: Good signature from Debian CD signing key debian...@lists.debian.org $ gpg --verify SHA512SUMS.sign2 SHA512SUMS # http://cdimage.debian.org/debian-cd/7.2.0/amd64/iso-dvd/SHA512SUMS.sign gpg: Signature made Sun 13 Oct 2013 11:19:31 PM CEST using RSA key ID 6294BE9B gpg: Good signature from Debian CD signing key debian...@lists.debian.org But both signatures are 'Good', but time differs in 1 second. Wow. How did it happen? Where did he take previous signature? pgpDyPp3ooIlV.pgp Description: PGP signature
Strange PGP signature
What is this? The file on official cd mirror is different. SHA512SUMS Description: Attachment: SHA512SUMS SHA512SUMS.sign Description: Attachment: SHA512SUMS.sign
Vérifiez vos clés PGP
Bonjour, Debian vient de mettre à jour le paquet gnupg2. A ce propos, je n'ai pas vu passer ici l'info concernant tous ceux qui ont une vieille clé PGP/GPG (genre de plus de 5-10 ans), voici une série de test à faire sur la votre afin de savoir si vous avez besoin de la refaire. https://we.riseup.net/riseuplabs+paow/openpgp-best-practices#openpgp-key-checks Moi je l'ai fait. Jacques -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: http://lists.debian.org/5256ec3d.2090...@lavignotte.org
Re: gpg/pgp noise
13.05.2012 10:26, Andrei POPESCU kirjoitti: @Mika: At least in my experience Mailman is NOT breaking GPG/MIME. I know of at least 4 different Mailman installations (including lists.alioth.debian.org) that work fine. At least it doesn't work on gnupg-user nor enigmail nor lists.ubuntu.com mailing lists. Assuming the issues with Mailman + GPG/MIME are not at your end[1], did you consider signing inline only to those specific lists? I'd be amazed if Thunderbird/Icedove can't do this (for mutt it's trivial with a send- or a folder-hook). This is little hard to remember to do with 4 computers and 7 different OSes. [1] You could BCC yourself and compare the message with the one received from the mailing list. Also consider any mail server on the way, I've read rumors of Microsoft Exchange messing with messages (especially encodings). When I have time. I have been busy lately. Kind regards, Andrei -- [Mika Suomalainen](https://mkaysi.github.com/) || [gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728](http://mkaysi.github.com/PGP/key.txt) || [Why do I sign my emails?](http://mkaysi.github.com/PGP/WhyDoISignEmails.html) || [Please don't send HTML.](http://mkaysi.github.com/articles/complaining/HTML.html) || [Please don't toppost](http://mkaysi.github.com/articles/complaining/topposting.html) || [This signature](https://gist.github.com/2643070) || signature.asc Description: OpenPGP digital signature
Re: gpg/pgp noise
Hopefully not reigniting this... On Ma, 08 mai 12, 05:43:17, Indulekha wrote: Hi, I'm getting this with most gog/pgp-signed mails received from this list (using mutt): This part has been solved, but since it is highly unlikely for you to have a trust path to my key you'll still get a block of 5 or so lines telling you that the message is properly signed, but there is no indication that the key belongs to the user (i.e. no trust path). Sorry, I'm trying to get my key in the Debian web-of-trust soonish, but I understand you already have filters for that. I have a few other technical remarks that I'm adding here instead of digging a specific message to reply: @Indulekha and other squeeze+mutt users: beware of a bug where mutt incorrectly sends GPG/MIME signatures with disposition=inline. This is not a problem for mutt itself, but for example Gmail will (correctly) quote the entire GPG signature on reply to such messages. Fixed in 1.5.21 (available from squeeze-backports). @Mika: At least in my experience Mailman is NOT breaking GPG/MIME. I know of at least 4 different Mailman installations (including lists.alioth.debian.org) that work fine. Assuming the issues with Mailman + GPG/MIME are not at your end[1], did you consider signing inline only to those specific lists? I'd be amazed if Thunderbird/Icedove can't do this (for mutt it's trivial with a send- or a folder-hook). [1] You could BCC yourself and compare the message with the one received from the mailing list. Also consider any mail server on the way, I've read rumors of Microsoft Exchange messing with messages (especially encodings). Kind regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic signature.asc Description: Digital signature
Re: Things we should know about PGP
On Thu, May 10, 2012 at 07:36:14PM +0200, Ralf Mardorf wrote: And why do we need this? We could notarized emails + use or computer readable ID cards, anyway, this in addition won't make mailing list mails more true or less true. There's more untruth for notarized papers than for non-notarized papers. Why should things become better with openPGP signing? I can't recall anyone arguing that it would improve the quality of discourse. All it does is help to prove who wrote what. Some see value in that, others do not. Again, I don't care, even if I would see cryptic lines at the bottom of my mails, but IMO we should avoid photos as thumbnails, PGP, HTML. You are entitled to that opinion ☺ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120511132931.GC1319@debian
Re: Things we should know about PGP
This is an interesting thread for me. I can see (I think!) the various points that have been made, but as it is, I feel, it's mostly trivial. If I write to this list, or others, or friends, or colleagues, why do I need to identify myself? Or require someone to find my public key to read or confirm what I've written? If I need such cryptographic security only the people I wish to know my public key will have it. For my personal secure connections et al, I use Tails on a 16Gb usb stick. Those who attach their public key to this list are the equivalent in my book to those who append humourous signatures to their posts: it's there, it's naff. it's ignored. At end of the day, you believe what you want. My bank and other important communications arrive through the post, and on line. If I doubt it, I check it. I do the same with my public phone lines. and my on-line use. If you don't need to publicise your public key ( because, after all. very few if any, are going to use it) don't add it to every e-mail, along with an irrelevant sig block which does nothing except confirm your self-esteem (Look at me, Ma, top of the world) and the opinion of your readers which is probably the reverse of that which you hope and believe. Keep it simple, keep it sane, keep away from paranoia, they're not out get you (why should they be bothered?), keep a sense of perspective ( vide The Hitchhiker's Guide To The Galaxy as to why this may be a good idea). Hi, again, Camaleon, long time! Saki -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cafg91engyepb8yrc3av0x3lyhq9pn6gvqqlm0+k9utycdxm...@mail.gmail.com
Re: [OT] Re: Things we should know about PGP
On Thu, 2012-05-10 at 14:56 +, Camaleón wrote: On Wed, 09 May 2012 23:22:09 +0200, Ralf Mardorf wrote: On Wed, 2012-05-09 at 20:22 +, Camaleón wrote: What is what you understand by dirty? I can send the same spam, virus-inside or crap message with a signature or without it. That changes nothing. dirty {adj} [fig.] e.g. remove words, add words. So you meant that the content of the messages can't become faked/ manipulated when they are signed. If that's what you wanted to say, then yes, signatures are also aimed for that. But the problem still remains: in the event you can check the validity of the signature you still can't be sure about its real author. You can still get false-positives that make the signature cannot be properly verified so you think the message is not legitimate while it is. I did wrote something similar off-list to whomever, but it wasn't only about computers and signing mails: (...) As I already pointed out. Somebody e.g. could hack the view of a mailing list archive, seemingly signed mails with edited contend. Than this wrong information is in the Internet, pretending to be the signed original. The mob will believe this is absolute truth. They are hungry for absolute truth. This is a loss of civilization. It's even simpler than that, is that any piece of the software involved in the message distribution chain can fail, i.e., they can have bugs that render the signature verification proccess invalid. OTOH there are valid situations to sign messages. Of course. Moreover, it should be a must. As I see it, the concept of verifying the author of a message is completely valid and right, it's the implementation that fails because of the way you have to trust the user you want to validate (human beings have not developed a system to differ between a fake and a true thing, our brains are very limited in that field and also very influenceable by external sources). Greetings, I guess we agree. - ralf -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1336663538.2307.58.camel@precise
Re: Things we should know about PGP
On Wed, May 09, 2012 at 09:17:17PM +0200, Ralf Mardorf wrote: Regarding to security. Assumed somebody always sign the mails to a mailing list. Isn't it possible that somebody hacks the view of a mailing list archive? Make it look like if a nice guy said odd things for signed mails. He never did, the mails were not hacked, just the view of the web page is hacked. They could, if you were relying on the mailing list archives to verify the signatures, but they don't. You can fetch the signature and the original message (awkward from a web mailing list archive, but Camaleón has shown a way of doing it with gmane in the past) and perform the verification yourself. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120510161127.GB14319@debian
Re: Things we should know about PGP
On Thu, 2012-05-10 at 17:11 +0100, Jon Dowland wrote: On Wed, May 09, 2012 at 09:17:17PM +0200, Ralf Mardorf wrote: Regarding to security. Assumed somebody always sign the mails to a mailing list. Isn't it possible that somebody hacks the view of a mailing list archive? Make it look like if a nice guy said odd things for signed mails. He never did, the mails were not hacked, just the view of the web page is hacked. They could, if you were relying on the mailing list archives to verify the signatures, but they don't. You can fetch the signature and the original message (awkward from a web mailing list archive, but Camaleón has shown a way of doing it with gmane in the past) and perform the verification yourself. And why do we need this? We could notarized emails + use or computer readable ID cards, anyway, this in addition won't make mailing list mails more true or less true. There's more untruth for notarized papers than for non-notarized papers. Why should things become better with openPGP signing? Again, I don't care, even if I would see cryptic lines at the bottom of my mails, but IMO we should avoid photos as thumbnails, PGP, HTML. - Ralf -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1336671374.5199.14.camel@precise
Re: Things we should know about PGP
The Signature from someone else: Confidence is what you have before you understand a problem - Woody Allen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1336671506.5199.15.camel@precise
Re: gpg/pgp noise
Am 08.05.2012 13:11, schrieb Indulekha: -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPqPsiAAoJECPmYW6gk8JjitcH/RGtSdn39OPewwyXYgebGiUy Ws29uZkfae4LlD9LRQeGQujHVW7bzMVCW2EXdRsCGIbpU0+KUjYGJebXKtwzNmLU C1Uc7tVGUtACQ/S9DgFX1oBD4C7Siirdgokk+8HggVcqvGYs2jnxg5tetU+G18pE UQ9jxxaf48EANwHDgildQ85xHJk3DnWvfsvUASlobQIDq/vRmbLNPjdfBe1rp7R/ Y8m7+3vxIsnSYrT8oeAGoDGJe3PrdJ6EP96VFJBjXARportrx+8YowUyEKeRyqf6 EUNcXZILLpPJOqcyUsyxRALmGoTYqhHne6TQwZ6ZcGxihNl3+i/WFYQmHNBdTSU= =M9O6 -END PGP SIGNATURE- This is an inline PGP-signature-block. You only can get rid of in case of your mail client is understanding inline signatures. This block includes a checksum crypted with the private key of the sender so you can check, whether someone has e.g. modified the text or the text is really sent by, in this case it seems to be Phil, by the author. Cheers, Frank -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4faa0d4a.5040...@frank.uvena.de
Re: gpg/pgp noise
On Wed, May 09, 2012 at 12:29:31PM +1000, Scott Ferguson wrote: Bob's PGP signature is valid - yours is not You waste our time and bandwidth. In what way? I can verify Mika's signatures just fine. The signatures are valid. Bob's key validates his identity - yours does not. I can verify that Bob is Bob through a chain of trust. Why does Mikka's not? It's not impossible for someone to have a trust path to Mikka. Albeit one step removed, since the signing key he uses has one signature, from another of his keys - but that one has at least one. (I haven't managed to construct a trust path to Mikka myself, since most of the public pathfinder servers don't have his key) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120509085636.GA8326@debian
Re: gpg/pgp noise
On Tue, May 08, 2012 at 04:15:28PM -0400, Celejar wrote: I'm no expert in all this, but can you explain and document what you mean by the claim that headers ... must be verified? All emails have their headers modified en route (e.g., Received: and Delivered-To are added, as are all kinds of X-stuff ones). Does PGP/MIME really protect all headers (beyond the MIME ones)? It really breaks if *any* headers are modified? Please provide documentation. Writing off the top of my head, you may wish to verify everything I say ☺ PGP/MIME does not verify the headers, but your mail is a multipart/mime mail, and it does verify the specific MIME headers that define the encoding for the signed part. If the message is decoded, or re-encoded, then these headers can change (either semantically, if the re-encoding is via a different scheme, or simply syntactically, afaik whitespace changes etc.) There's a related problem where you can't get at the original mail (so: web archives of mailing lists only give you the decoded bits; I think RT is similar, which is why when someone needs to submit a ticket to the Debian RT queue, they are told to use inline PGP: http://keyring.debian.org/) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120509085922.GB8326@debian
Re: gpg/pgp noise
On Wed, May 09, 2012 at 08:23:06AM +0200, Frank Lanitz wrote: Am 08.05.2012 13:11, schrieb Indulekha: -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPqPsiAAoJECPmYW6gk8JjitcH/RGtSdn39OPewwyXYgebGiUy Ws29uZkfae4LlD9LRQeGQujHVW7bzMVCW2EXdRsCGIbpU0+KUjYGJebXKtwzNmLU C1Uc7tVGUtACQ/S9DgFX1oBD4C7Siirdgokk+8HggVcqvGYs2jnxg5tetU+G18pE UQ9jxxaf48EANwHDgildQ85xHJk3DnWvfsvUASlobQIDq/vRmbLNPjdfBe1rp7R/ Y8m7+3vxIsnSYrT8oeAGoDGJe3PrdJ6EP96VFJBjXARportrx+8YowUyEKeRyqf6 EUNcXZILLpPJOqcyUsyxRALmGoTYqhHne6TQwZ6ZcGxihNl3+i/WFYQmHNBdTSU= =M9O6 -END PGP SIGNATURE- This is an inline PGP-signature-block. You only can get rid of in case of your mail client is understanding inline signatures. There are other ways to get rid of it, such as the display_filter techniques for mutt (which yes, can understand/decode PGP, but you may not configure it to do so - you may not wish it to!) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120509090050.GC8326@debian
Re: gpg/pgp noise
On 09/05/12 18:56, Jon Dowland wrote: On Wed, May 09, 2012 at 12:29:31PM +1000, Scott Ferguson wrote: Bob's PGP signature is valid - yours is not You waste our time and bandwidth. In what way? I can verify Mika's signatures just fine. The signatures are valid. All his posts? Is cutting and pasting a hobby? Do you between some and all? Why does Mikka's not? Is that a serious question? Because there's no chain of trust. It's not impossible for someone to have a trust path to Mikka. Either there is a chain of trust, or there isn't. Care to commit an opinion? Regards -- Iceweasel/Firefox/Chrome/Chromium/Iceape/IE extensions for finding answers to questions about Debian:- https://addons.mozilla.org/en-US/firefox/collections/Scott_Ferguson/debian/ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4faa36cf.7060...@gmail.com
Re: gpg/pgp noise
09.05.2012 11:56, Jon Dowland kirjoitti: On Wed, May 09, 2012 at 12:29:31PM +1000, Scott Ferguson wrote: Bob's PGP signature is valid - yours is not You waste our time and bandwidth. In what way? I can verify Mika's signatures just fine. The signatures are valid. Bob's key validates his identity - yours does not. I can verify that Bob is Bob through a chain of trust. Why does Mikka's not? It's not impossible for someone to have a trust path to Mikka. Albeit one step removed, since the signing key he uses has one signature, from another of his keys - but that one has at least one. (I haven't managed to construct a trust path to Mikka myself, since most of the public pathfinder servers don't have his key) Because nobody else near Kotka, Finland uses PGP and the nearest CAcert assurers are after 110KMs from me. PS. I am back to weird long signatures. I won't comment to this thread anymore nor to anything else which I haven't written in my signature or elsewhere. -- [Mika Suomalainen](https://mkaysi.github.com/) || [gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728](http://mkaysi.github.com/PGP/key.txt) || [Why do I sign my emails?](http://mkaysi.github.com/PGP/WhyDoISignEmails.html) || [Please don't send HTML.](http://mkaysi.github.com/articles/complaining/HTML.html) || [Please don't toppost](http://mkaysi.github.com/articles/complaining/topposting.html) || [This signature](https://gist.github.com/2643070) || signature.asc Description: OpenPGP digital signature
Re: gpg/pgp noise
On Wed, May 09, 2012 at 07:20:15PM +1000, Scott Ferguson wrote: On 09/05/12 18:56, Jon Dowland wrote: In what way? I can verify Mika's signatures just fine. The signatures are valid. All his posts? Is cutting and pasting a hobby? Do you between some and all? The ones I've bothered to verify, via '|gpg --verify' in mutt. So not all of them. I haven't done any copy-and-pasting. Or do you mean something else? Because there's no chain of trust. Confirmed? (you've trimmed my initial investigation which indicates he has at least one signatory.) It's not impossible for someone to have a trust path to Mikka. Either there is a chain of trust, or there isn't. Indeed, but Care to commit an opinion? As I think my message made quite clear, I haven't ruled it out as possible nor seen anyone else do so. Please correct me if I'm wrong. It's also worth pointing out that, if Mikka manages to strengthen his web of trust in the future, we can then verify his signed messages in the past. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120509093944.GC8272@debian
Re: gpg/pgp noise
On Wed, 2012-05-09 at 09:56 +0100, Jon Dowland wrote: On Wed, May 09, 2012 at 12:29:31PM +1000, Scott Ferguson wrote: Bob's PGP signature is valid - yours is not You waste our time and bandwidth. In what way? I can verify Mika's signatures just fine. The signatures are valid. Bob's key validates his identity - yours does not. I can verify that Bob is Bob through a chain of trust. Why does Mikka's not? It's not impossible for someone to have a trust path to Mikka. Albeit one step removed, since the signing key he uses has one signature, from another of his keys - but that one has at least one. (I haven't managed to construct a trust path to Mikka myself, since most of the public pathfinder servers don't have his key) The signature of Tiberius was trusted by Pilatus and Herodes. The signature of Philippus wasn't trusted by Lysanias or anybody els. I couldn't find a key on public servers for Hannas and Kaiphas, but fortunately the key of Johannes is available and the signature is trusted by Zacharias. I've got some nice examples for signatures similar to this one: On Wed, 2012-05-09 at 08:23 +0200, Frank Lanitz wrote: Am 08.05.2012 13:11, schrieb Indulekha: -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPqPsiAAoJECPmYW6gk8JjitcH/RGtSdn39OPewwyXYgebGiUy Ws29uZkfae4LlD9LRQeGQujHVW7bzMVCW2EXdRsCGIbpU0+KUjYGJebXKtwzNmLU C1Uc7tVGUtACQ/S9DgFX1oBD4C7Siirdgokk+8HggVcqvGYs2jnxg5tetU+G18pE UQ9jxxaf48EANwHDgildQ85xHJk3DnWvfsvUASlobQIDq/vRmbLNPjdfBe1rp7R/ Y8m7+3vxIsnSYrT8oeAGoDGJe3PrdJ6EP96VFJBjXARportrx+8YowUyEKeRyqf6 EUNcXZILLpPJOqcyUsyxRALmGoTYqhHne6TQwZ6ZcGxihNl3+i/WFYQmHNBdTSU= =M9O6 -END PGP SIGNATURE- I'll post my top 100 tomorrow on this list. Would this be ok for you? If not, would it be ok if I just post my top 50? Or would it be a good idea t close this thread? Regards, Ralf -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1336556243.2171.373.camel@precise
Re: gpg/pgp noise
On Wed, 2012-05-09 at 10:39 +0100, Jon Dowland wrote: we can then verify his signed messages in the past Why should anybody be interested in verifying any mailing list mail? Somebody might change the content of mails without signature? So we should ensure that somebody really finished the mail with Cheers and not with Ciao? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1336557090.2171.384.camel@precise
OT: +5, was: gpg/pgp noise
On Wed, 09 May 2012 11:37:23 +0200, Ralf wrote in message 1336556243.2171.373.camel@precise: Or would it be a good idea t close this thread? Regards, Ralf ..+5. ;o) -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120509121523.3747a...@celsius.lan
Re: gpg/pgp noise
On 09/05/12 19:39, Jon Dowland wrote: On Wed, May 09, 2012 at 07:20:15PM +1000, Scott Ferguson wrote: On 09/05/12 18:56, Jon Dowland wrote: In what way? I can verify Mika's signatures just fine. The signatures are valid. All his posts? Is cutting and pasting a hobby? Do you between some and all? The ones I've bothered to verify Most of his original ones did not verify. , via '|gpg --verify' in mutt. So you didn't cut and paste - you just hand processed each post. I can't match your dedication to validating his posts - nor can I muster your enthusiasm for defending them. I'll side with the others that find them an unnecessary annoyance. snipped Because there's no chain of trust. Confirmed? (you've trimmed my initial investigation which indicates he has at least one signatory.) investigation? Huh? How hard was it to see the key is signed by... the key holder (or another person called Mika?), using a key that was signed... by (Mika). That's *not* a chain of trust. It's not even the issue. More noise, no signal. snipped Regards -- Iceweasel/Firefox/Chrome/Chromium/Iceape/IE extensions for finding answers to questions about Debian:- https://addons.mozilla.org/en-US/firefox/collections/Scott_Ferguson/debian/ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4faa4490.4070...@gmail.com
Re: gpg/pgp noise
On Wed, May 09, 2012 at 08:18:56PM +1000, Scott Ferguson wrote: (you've trimmed my initial investigation which indicates he has at least one signatory.) investigation? Huh? How hard was it to see the key is signed by... the key holder (or another person called Mika?), using a key that was signed... by (Mika). That's *not* a chain of trust. I clearly explained that his key was signed by another he owned, which in turn was signed by *someone else entirely*. You are committing a more serious mailing list sin than inline-PGP: failing to properly read the thread before replying to it. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120509105612.GD8272@debian
Re: gpg/pgp noise
On Wed, May 09, 2012 at 11:37:23AM +0200, Ralf Mardorf wrote: The signature of Tiberius was trusted by Pilatus and Herodes. The signature of Philippus wasn't trusted by Lysanias or anybody els. I couldn't find a key on public servers for Hannas and Kaiphas, but fortunately the key of Johannes is available and the signature is trusted by Zacharias. I've got some nice examples for signatures similar to this one: I don't know what you are trying to demonstrate. Can you please elaborate? Or would it be a good idea t close this thread? You can't close a thread. You are always entirely free to ignore it. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120509105718.GE8272@debian
Things we should know about PGP
If this discussion can't be stopped, than perhaps we can make it a useful thread, by not talking about how to behave or not to behave on a mailing list, by not talking about if we won't signed emails or not. When the subject was gpg/pgp noise Jon Dowland wrote: I clearly explained that his key was signed by another he owned, which in turn was signed by *someone else entirely*. A chain of unsigned keys for one and the same person, with one key at the end of this chain, that is signed by one person only or even enough persons signing it, is useless. This isn't the correct way to sign a key, since it's not secure and not handy. You will handle the key directly by a web of trust, not by a chain of own keys and not only signed by one person. You can do this by visiting parties, where this is done. OTOH, when do you really need signing? More likely is that you will encrypt mails, e.g. to ensure that if you write to a family with young children, using the same computer, only the parents can read mails with contents that aren't good for children. In such a case it's not needed to ensure that the key is trusted. It's only important that the parents know how to decrypt and the children don't know it. This anyway prevents against manipulating the mails content, without signing. If you really need security, than you need to take care about many things using PGP. I only use openPGP from time to time, to ensure that just a special person can read this mail, but not to be completely secure. I don't need knowledge about how to handle PGP correct and I don't have got this knowledge. Seemingly some people have completely wrong perceptions about e.g. signing a key. Instead of having something similar to a flame-war, some useful information belongs to this list. - Ralf -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1336563132.7752.25.camel@precise
Re: gpg/pgp noise
On Wed, May 9, 2012 at 5:20 AM, Mika Suomalainen mika.henrik.mai...@hotmail.com wrote: 09.05.2012 11:56, Jon Dowland kirjoitti: On Wed, May 09, 2012 at 12:29:31PM +1000, Scott Ferguson wrote: Bob's PGP signature is valid - yours is not You waste our time and bandwidth. In what way? I can verify Mika's signatures just fine. The signatures are valid. Bob's key validates his identity - yours does not. I can verify that Bob is Bob through a chain of trust. Why does Mikka's not? It's not impossible for someone to have a trust path to Mikka. Albeit one step removed, since the signing key he uses has one signature, from another of his keys - but that one has at least one. (I haven't managed to construct a trust path to Mikka myself, since most of the public pathfinder servers don't have his key) Because nobody else near Kotka, Finland uses PGP and the nearest CAcert assurers are after 110KMs from me. PS. I am back to weird long signatures. I won't comment to this thread anymore nor to anything else which I haven't written in my signature or elsewhere. So your reaction to being told that your signature's too long is to lengthen it. Thanks. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAOdo=szlrrs-d_z+m+8ry3cnmyvu0e6h_d6jjskmh2wtzvv...@mail.gmail.com
Re: gpg/pgp noise
On Tue, May 08, 2012 at 02:45:59PM +0100, Jon Dowland wrote: On Tue, May 08, 2012 at 08:28:35AM -0500, Indulekha wrote: You must be from up north, LOL! Now *that's* rude. Only if you're from up north, and from where I'm sitting that includes just about everyone. :(=) -- Religion is excellent stuff for keeping common people quiet. -- Napoleon Bonaparte -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120509124852.GB27325@tal
Re: gpg/pgp noise
On Wed, May 09, 2012 at 12:20:08PM +0300, Mika Suomalainen wrote: 09.05.2012 11:56, Jon Dowland kirjoitti: On Wed, May 09, 2012 at 12:29:31PM +1000, Scott Ferguson wrote: Bob's PGP signature is valid - yours is not You waste our time and bandwidth. In what way? I can verify Mika's signatures just fine. The signatures are valid. Bob's key validates his identity - yours does not. I can verify that Bob is Bob through a chain of trust. Why does Mikka's not? It's not impossible for someone to have a trust path to Mikka. Albeit one step removed, since the signing key he uses has one signature, from another of his keys - but that one has at least one. (I haven't managed to construct a trust path to Mikka myself, since most of the public pathfinder servers don't have his key) Because nobody else near Kotka, Finland uses PGP and the nearest CAcert assurers are after 110KMs from me. PS. I am back to weird long signatures. I won't comment to this thread anymore nor to anything else which I haven't written in my signature or elsewhere. Bye. -- ❤ ♫ ❤ ♫ ❤ ♫ ❤ Indulekha -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120509125701.GB11415@radhesyama
[OT] Re: Things we should know about PGP
On Wed, 09 May 2012 13:32:12 +0200, Ralf Mardorf wrote: If this discussion can't be stopped, than perhaps we can make it a useful thread, by not talking about how to behave or not to behave on a mailing list, by not talking about if we won't signed emails or not. (...) If you really need security, than you need to take care about many things using PGP. I only use openPGP from time to time, to ensure that just a special person can read this mail, but not to be completely secure. I don't need knowledge about how to handle PGP correct and I don't have got this knowledge. But security has nothing to do with a signed message. You use GPG/PGP signatures when you want other people can verify that you are the author of that message. And you encrypt your message when you want to prevent others can access its content, no more and no less. Seemingly some people have completely wrong perceptions about e.g. signing a key. Exactly. For instance, those who think that PGP signed messages will improve security when reading/posting e-mails ;-) Instead of having something similar to a flame-war, some useful information belongs to this list. I only see one big flaw in GPG/PGP signatures current methodology: their keyring system of trust relies on people and people -by definition- is nothing but unreliable. That's why I don't sign my own messages and I don't care about others signatures. To my understanding is a waste of time and resources with little-to-nothing gain. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/joe9cc$bci$1...@dough.gmane.org
Re: [OT] Re: Things we should know about PGP
On Wed, 2012-05-09 at 17:26 +, Camaleón wrote: Exactly. For instance, those who think that PGP signed messages will improve security when reading/posting e-mails ;-) AFAIK a signed message can't become dirty. So it's secure that nobody add a word, removed a word or completely edited the message. This might be a kind of security some people wish to have. - Ralf -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1336584832.2994.64.camel@precise
Re: Things we should know about PGP
On Wed, May 09, 2012 at 01:32:12PM +0200, Ralf Mardorf wrote: When the subject was gpg/pgp noise Jon Dowland wrote: I clearly explained that his key was signed by another he owned, which in turn was signed by *someone else entirely*. A chain of unsigned keys for one and the same person, with one key at the end of this chain, that is signed by one person only or even enough persons signing it, is useless. This isn't the correct way to sign a key, since it's not secure and not handy. I didn't check beyond the other person: if they have sigs on their key, then it's feasible Mika is joined to a/the web of trust. Rather than try to manually construct such a path, I fed Mikka's key into pathfinder web sites, but his key is not widespread enough, and the ones I tried didn't know about him. I did not rule him out of the web of trust, nor prove him in. OTOH, when do you really need signing? More likely is that you will encrypt mails, e.g. to ensure that if you write to a family with young children, using the same computer, only the parents can read mails with contents that aren't good for children. In such a case it's not needed to ensure that the key is trusted. It's only important that the parents know how to decrypt and the children don't know it. This anyway prevents against manipulating the mails content, without signing. IME I've signed many mails and verified many signed mails and very rarely encrypted messages. In fact the only times I have encrypted or decrypted mail was when sending signatures of someone's key to themselves. I suppose different people have different use-cases. -- Jon Dowland -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120509180958.GF8272@debian
Re: Things we should know about PGP
09.05.2012 21:09, Jon Dowland kirjoitti: I didn't check beyond the other person: if they have sigs on their key, then it's feasible Mika is joined to a/the web of trust. Rather than try to manually construct such a path, I fed Mikka's key into pathfinder web sites, but his key is not widespread enough, and the ones I tried didn't know about him. I did not rule him out of the web of trust, nor prove him in. Please feel free to put my key on those path finder services (gpg --keyserver keyserver of pathfinder --send-keys 4DB53CFE82A46728. I'm sorry, but you won't probably find any relation to my key, because of https://github.com/Mkaysi/mkaysi.github.com/blob/master/PGP/WhyDoISignEmails.html.md#your-signature-doesnt-mean-anything-anyway-because-you-arent-part-of-any-trust-web . I will now continue this policy, https://github.com/Mkaysi/mkaysi.github.com/blob/master/PGP/WhyDoISignEmails.html.md#why-did-you-write-this-page . PS. My name is written with one k letter, Mika, not Mikka. PS of PS. If anyone happens to visit near this city and want to meet me to sign my key, that might be possible too, but I don't see any reason why anyone would be interested about this city. -- [Mika Suomalainen](https://mkaysi.github.com/) || [gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728](http://mkaysi.github.com/PGP/key.txt) || [Why do I sign my emails?](http://mkaysi.github.com/PGP/WhyDoISignEmails.html) || [Please don't send HTML.](http://mkaysi.github.com/articles/complaining/HTML.html) || [Please don't toppost](http://mkaysi.github.com/articles/complaining/topposting.html) || [This signature](https://gist.github.com/2643070) || signature.asc Description: OpenPGP digital signature
Re: Things we should know about PGP
The signature is evidence that message comes from me. If I sign all my messages, I can say that I sign all my messages and possibly unsigned offensive content, which is spoofed to come from my address, isn't sent by me. You also could lie and anyway send unsigned mails. And why is it needed? If you call a friend do you have some code words, questions to ensure that you don't speak with a voice imitator. And do you record the phone calls and rewind to prove what your friend or you said in case of a disagreement? This is a loss of civilization! We don't need this. An employer might google my name and find posts of a doppelgänger of mine. Less likely, I only found my own posts, but I also found somebody with the same name, living in another German city, IIRC I found just the snake mail address of the doppelgänger, no posts. FWIW you mails are ok here. This is only visible if I explicitly view the source: --enigD875626BE35FED68C9AA150D Content-Type: application/pgp-signature; name=signature.asc Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename=signature.asc -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPqrT/AAoJEE21PP6CpGcoW74P/if7HwzhmNUGYp2YSCC9S+sT Rl+DwyLHVnDWdeF/dTFaqfB7Vt4I/4T+lstj5z9/l89fUpDcafEuv3CDGzk7BAGZ 0QdG2/DOGBqR3AAuL0L83+KYv9tgVRPcQ8JBLQOqDBpp23OC4mlJEcKGJRWthEKR M7pmbQnb861ieYu7fzN0oAokuRiz7CZ2nA9FOiKIKHBc+b2b05/U8L40MfNa4PI8 vRdobT67rX0+8z4o4Bi+RghA3P5EyLrW6y8GQyzb6TKckb1/iT0r8iPIqwFppNzu mQnWUKsnKAlrma8zmDM+DpflLIiSNLrapoJzGuYmEWKCTpd65AoaDu0SJcMprMeR z2RgWr1o3FhaRnSlCR5sGtNSEqbr+5gl+xe/Qyn40eP/ZPCjxI2vpcV6beCkVfKX 0wc/xYnfWz5Yi31rkLpBKTtB0BHOPPqh31DE2tPzyKaHEkbI4yusXSWL2B7zwnv+ rSdJm/13rVDks+Utev8fEM8/2TcmFHNT+JhsT+E58F9pp+6UC0gAkxbQ9t++fo6J xIee1CyVTWnRQABuSfnVYk7sysKBiOpId6XVCupb4eOw3y95hDMGgV+Mb/4O6sIN gVNRhCR5kfF4fSBOoPpL6sjcBenspLjwX66Nb/nBqetWzrg1HdlrBlMB23lQ4P/f 4wdJFGYtYwp+b23oUTjQ =QhSC -END PGP SIGNATURE- --enigD875626BE35FED68C9AA150D-- This is what I see as the email: 09.05.2012 21:09, Jon Dowland kirjoitti: I didn't check beyond the other person: if they have sigs on their key, then it's feasible Mika is joined to a/the web of trust. Rather than try to manually construct such a path, I fed Mikka's key into pathfinder web sites, but his key is not widespread enough, and the ones I tried didn't know about him. I did not rule him out of the web of trust, nor prove him in. Please feel free to put my key on those path finder services (gpg --keyserver keyserver of pathfinder --send-keys 4DB53CFE82A46728. I'm sorry, but you won't probably find any relation to my key, because of https://github.com/Mkaysi/mkaysi.github.com/blob/master/PGP/WhyDoISignEmails.html.md#your-signature-doesnt-mean-anything-anyway-because-you-arent-part-of-any-trust-web . I will now continue this policy, https://github.com/Mkaysi/mkaysi.github.com/blob/master/PGP/WhyDoISignEmails.html.md#why-did-you-write-this-page . PS. My name is written with one k letter, Mika, not Mikka. PS of PS. If anyone happens to visit near this city and want to meet me to sign my key, that might be possible too, but I don't see any reason why anyone would be interested about this city. -- [Mika Suomalainen](https://mkaysi.github.com/) || [gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728](http://mkaysi.github.com/PGP/key.txt) || [Why do I sign my emails?](http://mkaysi.github.com/PGP/WhyDoISignEmails.html) || [Please don't send HTML.](http://mkaysi.github.com/articles/complaining/HTML.html) || [Please don't toppost](http://mkaysi.github.com/articles/complaining/topposting.html) || [This signature](https://gist.github.com/2643070) || -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1336589505.2994.86.camel@precise
Re: Things we should know about PGP
Regarding to security. Assumed somebody always sign the mails to a mailing list. Isn't it possible that somebody hacks the view of a mailing list archive? Make it look like if a nice guy said odd things for signed mails. He never did, the mails were not hacked, just the view of the web page is hacked. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1336591037.2994.90.camel@precise
Re: [OT] Re: Things we should know about PGP
On Wed, 09 May 2012 19:33:52 +0200, Ralf Mardorf wrote: On Wed, 2012-05-09 at 17:26 +, Camaleón wrote: Exactly. For instance, those who think that PGP signed messages will improve security when reading/posting e-mails ;-) AFAIK a signed message can't become dirty. What is what you understand by dirty? I can send the same spam, virus-inside or crap message with a signature or without it. That changes nothing. So it's secure that nobody add a word, removed a word or completely edited the message. This might be a kind of security some people wish to have. You can still get false-positives that make the signature cannot be properly verified so you think the message is not legitimate while it is. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/joejm2$bci$1...@dough.gmane.org
Re: [OT] Re: Things we should know about PGP
On Wed, 2012-05-09 at 20:22 +, Camaleón wrote: On Wed, 09 May 2012 19:33:52 +0200, Ralf Mardorf wrote: On Wed, 2012-05-09 at 17:26 +, Camaleón wrote: Exactly. For instance, those who think that PGP signed messages will improve security when reading/posting e-mails ;-) AFAIK a signed message can't become dirty. What is what you understand by dirty? I can send the same spam, virus-inside or crap message with a signature or without it. That changes nothing. dirty {adj} [fig.] e.g. remove words, add words. So it's secure that nobody add a word, removed a word or completely edited the message. This might be a kind of security some people wish to have. You can still get false-positives that make the signature cannot be properly verified so you think the message is not legitimate while it is. I did wrote something similar off-list to whomever, but it wasn't only about computers and signing mails: A lot of stuff that seems to make things more clear, don't make things more clear. Signing emails tend to give the impression, that this would ensure security, but it doesn't. Nobody can hack a signed message in a valid time, without much luck. The needed prime factorization or what ever should be needed can't be done, anyway. As I already pointed out. Somebody e.g. could hack the view of a mailing list archive, seemingly signed mails with edited contend. Than this wrong information is in the Internet, pretending to be the signed original. The mob will believe this is absolute truth. They are hungry for absolute truth. This is a loss of civilization. Instead of thinking their selfs or at least reading stuff like Plato's allegory of the cave, they declare absolute illusion to absolute truth, but it's the absolute untruth. OTOH there are valid situations to sign messages. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1336598529.2994.141.camel@precise
gpg/pgp noise
Hi, I'm getting this with most gog/pgp-signed mails received from this list (using mutt): [-- PGP output follows (current time: Tue 08 May 2012 05:35:27 AM CDT) --] gpgkeys: key 7356B378DEA22DE9 not found on keyserver gpg: Signature made Tue 08 May 2012 02:04:44 AM CDT using RSA key ID DEA22DE9 gpg: requesting key DEA22DE9 from ldap server keyserver.pgp.com gpg: no valid OpenPGP data found. gpg: Total number processed: 0 gpg: Can't check signature: public key not found [-- End of PGP output --] [-- The following data is signed --] PGP signature could NOT be verified. --- My public key has been published, and I followed the exact procedure I used last time in muttrc to make this crap work. Am I powerless over other peoples' misconfigured gpg here, or does this indicate some error on my part? Anyone know a way to simply filter out all that annoying gpg/pgp noise? I don't actually care if it really works, just don't want to see the garbage huge blocks of text and error messages. Have read way to many howtos and am contemplating just filtering all gpg/pgp users. I don't want to, but neither do I want to spend hoours working to accomodate the people who insist on signing mail to a mailing list -- Thanks! -- ❤ ♫ ❤ ♫ ❤ ♫ ❤ Indulekha -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120508104317.GA8764@radhesyama
Re: gpg/pgp noise
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, 08.05.2012 13:43, Indulekha kirjoitti: Hi, I'm getting this with most gog/pgp-signed mails received from this list (using mutt): [-- PGP output follows (current time: Tue 08 May 2012 05:35:27 AM CDT) --] gpgkeys: key 7356B378DEA22DE9 not found on keyserver gpg: Signature made Tue 08 May 2012 02:04:44 AM CDT using RSA key ID DEA22DE9 gpg: requesting key DEA22DE9 from ldap server keyserver.pgp.com gpg: no valid OpenPGP data found. gpg: Total number processed: 0 gpg: Can't check signature: public key not found [-- End of PGP output --] [-- The following data is signed --] PGP signature could NOT be verified. --- My public key has been published, and I followed the exact procedure I used last time in muttrc to make this crap work. Am I powerless over other peoples' misconfigured gpg here, or does this indicate some error on my part? Anyone know a way to simply filter out all that annoying gpg/pgp noise? I don't actually care if it really works, just don't want to see the garbage huge blocks of text and error messages. Have read way to many howtos and am contemplating just filtering all gpg/pgp users. I don't want to, but neither do I want to spend hoours working to accomodate the people who insist on signing mail to a mailing list -- Thanks! That keyserver which you are using seems to be offline and I don't know how used it is. The recommended keyserver is pool.sks-keyservers.net according to gnupg-user mailing list. You probably have line like this in your ~/.gnupg/gpg.conf: keyserver keyserver.pgp.com Try replacing it with keyserver hkp://pool.sks-keyservers.net If you don't have keyserver specified in ~/.gnupg/gpg.conf, try putting that previous line there anyway, there might be global gpg.conf file somewhere. - -- Mika Suomalainen gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728 Key fingerprint = 24BC 1573 B8EE D666 D10A AA65 4DB5 3CFE 82A4 6728 http://mkaysi.github.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPqPrCAAoJEE21PP6CpGcoldgP/j57l3rrC5QB0sRIPapsMU2Y kNvKhpeho/ZrBQhLOKG/lqmD8+1bcypGCyngruMcwI281dfj7kEPx9p+cNcU/nnN mTlFDlSmBnoBO+uM5b2anHwqsQxf7Uxw+NbkbmexxO4B3J48pfIZS7/nWl9/vdTz 5QLHYYpROc9j7ScIhNJCxX+jBzYj7NQdsG8IQDRukTdfoUqXIfhDita6lRRzwZvf I5AXy/AKASxhbBc4HL2CAYoZdSn6072YjXIQS5swuDKcB0sRBNJLMTH71P2mXPhr nRTWuNTLXsz+DEHUSCmBYv/zbwIcipBqHCaEVvfpJo7IZXe3D/mfCM/KL9nMj8Ga k+ddnVBo7Z2ExhrkD7VAYGpr+VW/tai1FKNTyYqws1BwSoix68ikCnjd9ykPCnAY 9h4N85T/oJoCTtXJ1ErJojNivR2gG0PJMpCzBX0xnKViRNX+le8acUsL8JazQZ4h ODos6vJpSavqs0DmPItjm95t1m0DAo+5VKuMmlndnhRTDRvotSAGswcQknJCSG5o 6c67q0hqBvgEGkN78vBe4uAU6g6YXm49pel7OKE7apA3Y4bIYVqSEDNyMXbm6Hhb E7LpNLK3OKtv8/HXPrqLPgidLgcKRP9F/fpjI6Rh28PTXiskIdwu95Oy484IkhdP 0kyY3RcbcadKb/Jlged5 =q4Hv -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fa8fac4.9010...@hotmail.com
Re: gpg/pgp noise
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/05/12 11:43, Indulekha wrote: I'm getting this with most gog/pgp-signed mails received from this list (using mutt): [-- PGP output follows (current time: Tue 08 May 2012 05:35:27 AM CDT) --] gpgkeys: key 7356B378DEA22DE9 not found on keyserver gpg: Signature made Tue 08 May 2012 02:04:44 AM CDT using RSA key ID DEA22DE9 gpg: requesting key DEA22DE9 from ldap server keyserver.pgp.com gpg: no valid OpenPGP data found. gpg: Total number processed: 0 gpg: Can't check signature: public key not found [-- End of PGP output --] [-- The following data is signed --] PGP signature could NOT be verified. --- My public key has been published, and I followed the exact procedure I used last time in muttrc to make this crap work. Am I powerless over other peoples' misconfigured gpg here, or does this indicate some error on my part? Anyone know a way to simply filter out all that annoying gpg/pgp noise? I don't actually care if it really works, just don't want to see the garbage huge blocks of text and error messages. Have read way to many howtos and am contemplating just filtering all gpg/pgp users. I don't want to, but neither do I want to spend hoours working to accomodate the people who insist on signing mail to a mailing list -- Thanks! Increasing the pool of servers that gpg checks may alleviate your problem but it's more than likely to be people haven't exported their key. Mine has been exported. See how you view that one. Cheers, Phil... - -- currently (ab)using Debian Squeeze, Fedora Verne, OS X Snow Leopard, Ubuntu Oneiric -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPqPsiAAoJECPmYW6gk8JjitcH/RGtSdn39OPewwyXYgebGiUy Ws29uZkfae4LlD9LRQeGQujHVW7bzMVCW2EXdRsCGIbpU0+KUjYGJebXKtwzNmLU C1Uc7tVGUtACQ/S9DgFX1oBD4C7Siirdgokk+8HggVcqvGYs2jnxg5tetU+G18pE UQ9jxxaf48EANwHDgildQ85xHJk3DnWvfsvUASlobQIDq/vRmbLNPjdfBe1rp7R/ Y8m7+3vxIsnSYrT8oeAGoDGJe3PrdJ6EP96VFJBjXARportrx+8YowUyEKeRyqf6 EUNcXZILLpPJOqcyUsyxRALmGoTYqhHne6TQwZ6ZcGxihNl3+i/WFYQmHNBdTSU= =M9O6 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fa8fb23.7080...@gmail.com
Re: gpg/pgp noise
On 08/05/12 20:43, Indulekha wrote: Hi, I'm getting this with most gog/pgp-signed mails received from this list (using mutt): [-- PGP output follows (current time: Tue 08 May 2012 05:35:27 AM CDT) --] gpgkeys: key 7356B378DEA22DE9 not found on keyserver gpg: Signature made Tue 08 May 2012 02:04:44 AM CDT using RSA key ID DEA22DE9 gpg: requesting key DEA22DE9 from ldap server keyserver.pgp.com gpg: no valid OpenPGP data found. gpg: Total number processed: 0 gpg: Can't check signature: public key not found [-- End of PGP output --] [-- The following data is signed --] PGP signature could NOT be verified. Try a different key server. --- My public key has been published, This is nothing to do with *your* key. :-) gpg: requesting key DEA22DE9 from hkp server pool.sks-keyservers.net gpg: key DEA22DE9: public key Andrei Popescu andreimpope...@gmail.com imported gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 6 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 6u gpg: next trustdb check due at 2012-06-14 gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) snipped Kind regards -- Iceweasel/Firefox/Chrome/Chromium/Iceape/IE extensions for finding answers to questions about Debian:- https://addons.mozilla.org/en-US/firefox/collections/Scott_Ferguson/debian/ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fa8fc5b@gmail.com
Re: gpg/pgp noise
On Tue, May 08, 2012 at 01:51:48PM +0300, Mika Suomalainen wrote: That keyserver which you are using seems to be offline and I don't know how used it is. The recommended keyserver is pool.sks-keyservers.net according to gnupg-user mailing list. You probably have line like this in your ~/.gnupg/gpg.conf: keyserver keyserver.pgp.com Try replacing it with keyserver hkp://pool.sks-keyservers.net Thanks! That fixed the upfront error messages, but I still have to see this at the end: -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPqPrCAAoJEE21PP6CpGcoldgP/j57l3rrC5QB0sRIPapsMU2Y kNvKhpeho/ZrBQhLOKG/lqmD8+1bcypGCyngruMcwI281dfj7kEPx9p+cNcU/nnN mTlFDlSmBnoBO+uM5b2anHwqsQxf7Uxw+NbkbmexxO4B3J48pfIZS7/nWl9/vdTz 5QLHYYpROc9j7ScIhNJCxX+jBzYj7NQdsG8IQDRukTdfoUqXIfhDita6lRRzwZvf I5AXy/AKASxhbBc4HL2CAYoZdSn6072YjXIQS5swuDKcB0sRBNJLMTH71P2mXPhr nRTWuNTLXsz+DEHUSCmBYv/zbwIcipBqHCaEVvfpJo7IZXe3D/mfCM/KL9nMj8Ga k+ddnVBo7Z2ExhrkD7VAYGpr+VW/tai1FKNTyYqws1BwSoix68ikCnjd9ykPCnAY 9h4N85T/oJoCTtXJ1ErJojNivR2gG0PJMpCzBX0xnKViRNX+le8acUsL8JazQZ4h ODos6vJpSavqs0DmPItjm95t1m0DAo+5VKuMmlndnhRTDRvotSAGswcQknJCSG5o 6c67q0hqBvgEGkN78vBe4uAU6g6YXm49pel7OKE7apA3Y4bIYVqSEDNyMXbm6Hhb E7LpNLK3OKtv8/HXPrqLPgidLgcKRP9F/fpjI6Rh28PTXiskIdwu95Oy484IkhdP 0kyY3RcbcadKb/Jlged5 =q4Hv -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fa8fac4.9010...@hotmail.com -- ❤ ♫ ❤ ♫ ❤ ♫ ❤ Indulekha -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120508110725.GA9283@radhesyama
Re: gpg/pgp noise
On Tue, May 08, 2012 at 11:53:23AM +0100, Phil Dobbin wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Increasing the pool of servers that gpg checks may alleviate your problem but it's more than likely to be people haven't exported their key. Mine has been exported. See how you view that one. Cheers, Thanks, Phil. After adding the keyserver Mika suggested, I no longer see the error messages but do still have to see this messy block of text at the end: -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPqPsiAAoJECPmYW6gk8JjitcH/RGtSdn39OPewwyXYgebGiUy Ws29uZkfae4LlD9LRQeGQujHVW7bzMVCW2EXdRsCGIbpU0+KUjYGJebXKtwzNmLU C1Uc7tVGUtACQ/S9DgFX1oBD4C7Siirdgokk+8HggVcqvGYs2jnxg5tetU+G18pE UQ9jxxaf48EANwHDgildQ85xHJk3DnWvfsvUASlobQIDq/vRmbLNPjdfBe1rp7R/ Y8m7+3vxIsnSYrT8oeAGoDGJe3PrdJ6EP96VFJBjXARportrx+8YowUyEKeRyqf6 EUNcXZILLpPJOqcyUsyxRALmGoTYqhHne6TQwZ6ZcGxihNl3+i/WFYQmHNBdTSU= =M9O6 -END PGP SIGNATURE- -- ❤ ♫ ❤ ♫ ❤ ♫ ❤ Indulekha -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/2012050856.GB9283@radhesyama
Re: gpg/pgp noise
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/05/12 12:11, Indulekha wrote: On Tue, May 08, 2012 at 11:53:23AM +0100, Phil Dobbin wrote: Increasing the pool of servers that gpg checks may alleviate your problem but it's more than likely to be people haven't exported their key. Mine has been exported. See how you view that one. Cheers, Thanks, Phil. After adding the keyserver Mika suggested, I no longer see the error messages but do still have to see this messy block of text at the end: If you sign my key, you won't :-) Cheers, Phil... - -- currently (ab)using Debian Squeeze, Fedora Verne, OS X Snow Leopard, Ubuntu Oneiric -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPqQBdAAoJECPmYW6gk8JjD+8H/iZD2KuR+kXads1Mf+deLUI3 9WpQSZY7dzRTFOyTJXsnDMzZMOX3VC2SVsfNWJbBbhmelNGYA/RvLDf4M3O8gps9 rywEI5ATLK7u14UzFKxtRbUza3aE4sThT4HAR0a+uDl8ZwG283KX57jAtxjasv5b esYzqpOvv0+XBYQmBNVQPUA9+dRjzA6dPEg4b/irBJy2B/ZcmsBLhhsFtOEcm09T XpIHX73o7DQRHP78sgXJzTPbHW/tQ7ygvPFkvoixq2JefYL9JOorKCqsk+95K2LW OIUA9MX3UHHkOZwP7NFsEa2sJ4ID2B4lNus7rSXbyVlK1BXhIma0w0P5fRXnAMY= =e8Qy -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fa9005d.5060...@gmail.com
Re: gpg/pgp noise
On Tuesday 08 May 2012 12:11:56 Indulekha wrote: On Tue, May 08, 2012 at 11:53:23AM +0100, Phil Dobbin wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Increasing the pool of servers that gpg checks may alleviate your problem but it's more than likely to be people haven't exported their key. Mine has been exported. See how you view that one. Cheers, Thanks, Phil. After adding the keyserver Mika suggested, I no longer see the error messages but do still have to see this messy block of text at the end: -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPqPsiAAoJECPmYW6gk8JjitcH/RGtSdn39OPewwyXYgebGiUy Ws29uZkfae4LlD9LRQeGQujHVW7bzMVCW2EXdRsCGIbpU0+KUjYGJebXKtwzNmLU C1Uc7tVGUtACQ/S9DgFX1oBD4C7Siirdgokk+8HggVcqvGYs2jnxg5tetU+G18pE UQ9jxxaf48EANwHDgildQ85xHJk3DnWvfsvUASlobQIDq/vRmbLNPjdfBe1rp7R/ Y8m7+3vxIsnSYrT8oeAGoDGJe3PrdJ6EP96VFJBjXARportrx+8YowUyEKeRyqf6 EUNcXZILLpPJOqcyUsyxRALmGoTYqhHne6TQwZ6ZcGxihNl3+i/WFYQmHNBdTSU= =M9O6 -END PGP SIGNATURE- But did you after Phil's? Lisi -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201205081220.56212.lisi.re...@gmail.com
Re: gpg/pgp noise
Indulekha: Anyone know a way to simply filter out all that annoying gpg/pgp noise? muttrc: set display_filter='sed -f ~/.mutt/display-filter' ~/.mutt/display-filter: /^gpg:/d J. -- I no longer believe in father christmas but have no trouble comprehending a nuclear apocalypse. [Agree] [Disagree] http://www.slowlydownward.com/NODATA/data_enter2.html signature.asc Description: Digital signature
Re: gpg/pgp noise
On Tue, May 08, 2012 at 12:20:56PM +0100, Lisi wrote: On Tuesday 08 May 2012 12:11:56 Indulekha wrote: On Tue, May 08, 2012 at 11:53:23AM +0100, Phil Dobbin wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Increasing the pool of servers that gpg checks may alleviate your problem but it's more than likely to be people haven't exported their key. Mine has been exported. See how you view that one. Cheers, Thanks, Phil. After adding the keyserver Mika suggested, I no longer see the error messages but do still have to see this messy block of text at the end: -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPqPsiAAoJECPmYW6gk8JjitcH/RGtSdn39OPewwyXYgebGiUy Ws29uZkfae4LlD9LRQeGQujHVW7bzMVCW2EXdRsCGIbpU0+KUjYGJebXKtwzNmLU C1Uc7tVGUtACQ/S9DgFX1oBD4C7Siirdgokk+8HggVcqvGYs2jnxg5tetU+G18pE UQ9jxxaf48EANwHDgildQ85xHJk3DnWvfsvUASlobQIDq/vRmbLNPjdfBe1rp7R/ Y8m7+3vxIsnSYrT8oeAGoDGJe3PrdJ6EP96VFJBjXARportrx+8YowUyEKeRyqf6 EUNcXZILLpPJOqcyUsyxRALmGoTYqhHne6TQwZ6ZcGxihNl3+i/WFYQmHNBdTSU= =M9O6 -END PGP SIGNATURE- But did you after Phil's? That's what you see above, Phil's signature. -- ❤ ♫ ❤ ♫ ❤ ♫ ❤ Indulekha -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120508112719.GA9557@radhesyama
Re: gpg/pgp noise
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 08.05.2012 14:15, Phil Dobbin kirjoitti: On 08/05/12 12:11, Indulekha wrote: On Tue, May 08, 2012 at 11:53:23AM +0100, Phil Dobbin wrote: Increasing the pool of servers that gpg checks may alleviate your problem but it's more than likely to be people haven't exported their key. Mine has been exported. See how you view that one. Cheers, Thanks, Phil. After adding the keyserver Mika suggested, I no longer see the error messages but do still have to see this messy block of text at the end: If you sign my key, you won't :-) Cheers, Phil... Signing key doesn't remove signature blocks in the end of messages. - -- Mika Suomalainen gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728 Key fingerprint = 24BC 1573 B8EE D666 D10A AA65 4DB5 3CFE 82A4 6728 http://mkaysi.github.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPqQLyAAoJEE21PP6CpGcoRwgP/jfmpJmgsttmfeCz7klw+Kzi kZU9patq1PqVJaytiu6mRRJcCRLjI1DGOcjwFdqTUS8xITIlFmV9Azv0CrNWQMaV pm+C70S6EsgZV7NIeVslQPsuOSNNi5BfiMyIK2SuOGgUNUlSIX7CPqFEUc0UzZBe VlLDP5YWFWZoovS1Za5Se8mZGrumlRV19AmmqQJzdMGfVWV+fwK2Dr10natQIF/M EbgdBGTpfDHOG31ZrvIBV27ndKxldU/bLGPjY+ON1y7Z6+W9GSbvGQ5WnKkFzFbc q9bmQBQPm9z0DDxf74YCGCpntk0YHEgulRrwdIOP9QCKJmMYCLJxxREYS7qx0C5d mWfL3Nt591A1RKzyvx0K2vUMKAOx0bkW68Sf7oNjAgJ9Ft7juQc/u6smG1NyVbuK tyF2i/1rJLOmN9Bp6onNFoa4dXqL8F4oXHi0gQHnDolKDRapgkdxh+KIBpToPuhd QiAq+OfTxBd6U1NM2l53F8Oudz22hDo61Vxf0PUFhYIcNHta2Xl+q45p/kAvlrnw jEx/79w+CrhlFs+hE7qVAkLKOukzXhLYlTCkW8qUp+TjPxo6DPu+uGKL8BK79s8G TAzmId3rXrCegCNOuGL63V7W///87BoJwb/YmAs0Yt7pU1OvxUpoizPrYPtWbwqy VuHbVSQ6NI3PaRTKqko4 =2abP -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fa902f5.1000...@hotmail.com
Re: gpg/pgp noise
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 08.05.2012 14:20, Lisi kirjoitti: On Tuesday 08 May 2012 12:11:56 Indulekha wrote: On Tue, May 08, 2012 at 11:53:23AM +0100, Phil Dobbin wrote: Increasing the pool of servers that gpg checks may alleviate your problem but it's more than likely to be people haven't exported their key. Mine has been exported. See how you view that one. Cheers, Thanks, Phil. After adding the keyserver Mika suggested, I no longer see the error messages but do still have to see this messy block of text at the end: But did you after Phil's? Lisi That signature block informs to be bad signature from Phil. Viestin sisennettyä osaa (vastausta) on luultavasti muokattu (In English: The indented part of message (reply) has been possibly changed) gpg -komento ja -tuloste: In English: gpg -command and -output: /usr/bin/gpg2 gpg: Signature made ti 8. toukokuuta 2012 13.53.22 EEST using RSA key ID A093C263 gpg: BAD signature from Phil Dobbin bukowskis...@gmail.com - -- Mika Suomalainen gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728 Key fingerprint = 24BC 1573 B8EE D666 D10A AA65 4DB5 3CFE 82A4 6728 http://mkaysi.github.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPqQOhAAoJEE21PP6CpGcoIlAP/jo6enkTnXc0Ko9pvtJ8Xx5T 3lipNMEO0IEf1CN0Yz7392rr/8hvzSTCrBZPXQOyWs7D5EDTlTFsyq9c25MTv1vg mGyu0MECbhDuBBG+1XbZpSGIJpHW2GWCcepr55IR7efA3kDhRfYUbbFoey9Uq85g Co78ZzfebVvDchcDs/gFnIrq093YTfKgc9sJTJFFmejNjOZMty8XYVjvkDaYA+Kv FhFqKO/EsAtUxotHMR2ZhFQrBBXJELIgoDOhgMK/zoSfsXsY2gTgCGxhSf8fRC3g 1bpX7qAJ3c0+VcQzWm1GnWKIgPZJgLHmmhPBryszB+fZQuJ4E6arSfvOY/Kiryrr 30rrbqmGFBfEiDziZ4aDEvE3ArajsmW10HZv5VfdBV7dWVgxZgm0+JP6Q3NsvZpp AfMeV/fUl8dzyXzlZ0ddFkdBl09VCWw2/oCAwLzutfEoUSA0sXLh2njd17gTrOBc 7Z23l78fuTOR1BxXp9/8lJwzOydv9QRd66/jUAZ74lSrIKDslsWsgvkQx0PK0u78 lp2xFJVtMQpcrllmxbo3DbB/QAGkYPppl+706sAeOl9FtWXpbdwoc6fx5hB2DRQ+ Sos35nWjSSkuIJdRd1KkWAr0miNXUxUQ8n5avgKmbmaypIENGMcVRVKH30dNMrBN 7eqBx4ci5qNUlUBRGpQl =QAdu -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fa903a3.6040...@hotmail.com
Re: gpg/pgp noise
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/05/12 12:26, Mika Suomalainen wrote: 08.05.2012 14:15, Phil Dobbin kirjoitti: On 08/05/12 12:11, Indulekha wrote: On Tue, May 08, 2012 at 11:53:23AM +0100, Phil Dobbin wrote: Increasing the pool of servers that gpg checks may alleviate your problem but it's more than likely to be people haven't exported their key. Mine has been exported. See how you view that one. Cheers, Thanks, Phil. After adding the keyserver Mika suggested, I no longer see the error messages but do still have to see this messy block of text at the end: If you sign my key, you won't :-) Cheers, Phil... Signing key doesn't remove signature blocks in the end of messages. Sorry, my mistake. I was under the impression it did. I can always follow the example you have in your key/signature to decrease the noise ratio (after, of course, I've finished writing this particular email :-) Cheers, Phil... - -- currently (ab)using Debian Squeeze, Fedora Verne, OS X Snow Leopard, Ubuntu Oneiric -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPqQPjAAoJECPmYW6gk8JjvDMH/inQbjzyMR4hUIRCeSsTmo4s 1PbZsrpEOJbnp8L7aOqma6NOntlfxiyItJA7c4ZgadDfsiNSoGmLmnupBZJeWF0d sJ7bnYzKALo7Nm+eroBsV0Dm7j4O+KwcLe3jaU4pcbqFqlhmj0/Gw/niiqH8EEs4 LiJDusT+nWkILYPn0uzSxJ1dqbG4noKI9zYT44PrGvtNGYunm3rpDpxV1L5VFwdj 9/NWja9roOMM074JdMkrziuweRFsjaDaUTIQuzLCih76OW4pm9yzKk68Qcu5ceG7 DLSSlXthDcGCFAJMJRZ7vTWa6qPpK9FU0c1SYXhx8Lg7TgPkHWZDfA1Yi+QSzaQ= =Xhdn -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fa903e4.9070...@gmail.com
Re: gpg/pgp noise
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/05/12 12:29, Mika Suomalainen wrote: 08.05.2012 14:20, Lisi kirjoitti: On Tuesday 08 May 2012 12:11:56 Indulekha wrote: On Tue, May 08, 2012 at 11:53:23AM +0100, Phil Dobbin wrote: Increasing the pool of servers that gpg checks may alleviate your problem but it's more than likely to be people haven't exported their key. Mine has been exported. See how you view that one. Cheers, Thanks, Phil. After adding the keyserver Mika suggested, I no longer see the error messages but do still have to see this messy block of text at the end: But did you after Phil's? Lisi That signature block informs to be bad signature from Phil. Viestin sisennettyä osaa (vastausta) on luultavasti muokattu (In English: The indented part of message (reply) has been possibly changed) gpg -komento ja -tuloste: In English: gpg -command and -output: /usr/bin/gpg2 gpg: Signature made ti 8. toukokuuta 2012 13.53.22 EEST using RSA key ID A093C263 gpg: BAD signature from Phil Dobbin bukowskis...@gmail.com That's because the email client didn't snip the quoted previous message correctly therefore part of the original signature was still included. Cheers, Phil... - -- currently (ab)using Debian Squeeze, Fedora Verne, OS X Snow Leopard, Ubuntu Oneiric -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPqQSqAAoJECPmYW6gk8JjgoAIAJrz/H6d02x4pe6YaeHZ7Eh9 66bxQhuOvvGzvYZ4hTmgeK5KNLEjO0ldlArVbtbEX5VQflPZXGMg394X5jAU6Lgr yOShLd1VSJH7bwPKq2AudOEO9CutGgu1JOWNAsUo96q1aRnqhYH8cuerpsMSWTaa DZX+GEpHgVbCd69jS3f++lZ+95oop7SmbS9qhDyfKd8E/DTWEIP+Va7OFRAVAeKu TFHAuNM2Vn9WheZ4XYkHLDLVXhVnFgk8FBCpxmeta4Gm8FUkWiGnFxHcYpP7onCk lCJRv9I5DRZY/3e9RsEiAzJD+CDbIgOgP5NsPxPONYHgf/Ei5+WD4yCN9wr6Z8E= =6CrI -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fa904aa.4050...@gmail.com
Re: gpg/pgp noise
On Tue, May 08, 2012 at 01:20:21PM +0200, Jochen Spieker wrote: Indulekha: Anyone know a way to simply filter out all that annoying gpg/pgp noise? muttrc: set display_filter='sed -f ~/.mutt/display-filter' ~/.mutt/display-filter: /^gpg:/d J. -- I no longer believe in father christmas but have no trouble comprehending a nuclear apocalypse. [Agree] [Disagree] http://www.slowlydownward.com/NODATA/data_enter2.html Thanks so much, that did the trick. :) -- ❤ ♫ ❤ ♫ ❤ ♫ ❤ Indulekha signature.asc Description: Digital signature
Re: gpg/pgp noise
On Tue, May 08, 2012 at 12:34:02PM +0100, Phil Dobbin wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/05/12 12:29, Mika Suomalainen wrote: 08.05.2012 14:20, Lisi kirjoitti: On Tuesday 08 May 2012 12:11:56 Indulekha wrote: On Tue, May 08, 2012 at 11:53:23AM +0100, Phil Dobbin wrote: Increasing the pool of servers that gpg checks may alleviate your problem but it's more than likely to be people haven't exported their key. Mine has been exported. See how you view that one. Cheers, Thanks, Phil. After adding the keyserver Mika suggested, I no longer see the error messages but do still have to see this messy block of text at the end: But did you after Phil's? Lisi That signature block informs to be bad signature from Phil. Viestin sisennettyä osaa (vastausta) on luultavasti muokattu (In English: The indented part of message (reply) has been possibly changed) gpg -komento ja -tuloste: In English: gpg -command and -output: /usr/bin/gpg2 gpg: Signature made ti 8. toukokuuta 2012 13.53.22 EEST using RSA key ID A093C263 gpg: BAD signature from Phil Dobbin bukowskis...@gmail.com That's because the email client didn't snip the quoted previous message correctly therefore part of the original signature was still included. Cheers, Phil... - -- currently (ab)using Debian Squeeze, Fedora Verne, OS X Snow Leopard, Ubuntu Oneiric -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPqQSqAAoJECPmYW6gk8JjgoAIAJrz/H6d02x4pe6YaeHZ7Eh9 66bxQhuOvvGzvYZ4hTmgeK5KNLEjO0ldlArVbtbEX5VQflPZXGMg394X5jAU6Lgr yOShLd1VSJH7bwPKq2AudOEO9CutGgu1JOWNAsUo96q1aRnqhYH8cuerpsMSWTaa DZX+GEpHgVbCd69jS3f++lZ+95oop7SmbS9qhDyfKd8E/DTWEIP+Va7OFRAVAeKu TFHAuNM2Vn9WheZ4XYkHLDLVXhVnFgk8FBCpxmeta4Gm8FUkWiGnFxHcYpP7onCk lCJRv9I5DRZY/3e9RsEiAzJD+CDbIgOgP5NsPxPONYHgf/Ei5+WD4yCN9wr6Z8E= =6CrI -END PGP SIGNATURE- No, I think you may have an incorrect or incomplete configuration -- ❤ ♫ ❤ ♫ ❤ ♫ ❤ Indulekha -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120508114030.GC9951@radhesyama
Re: gpg/pgp noise
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/05/12 12:40, Indulekha wrote: [snip] No, I think you may have an incorrect or incomplete configuration In what way? Cheers, Phil... - -- currently (ab)using Debian Squeeze, Fedora Verne, OS X Snow Leopard, Ubuntu Oneiric -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPqQa5AAoJECPmYW6gk8JjdQ4H/RPKevlfPIoulkHlfDEChhKV mIUuOr7/cKd3MRxtm9si8gFzenOm6/nPyWpT725vsjyw9/0DBdTxWXKM9mfh+wsC aJ72kgZG/QKIorH1Paoapp1K7ZIYzzPI/jV3ju7gCchjl8TOaKBwnIeppBQ6nl+T d8RQHrU9OBR6uqUuLhZXTDQhDvsFPoabrkZ8d1UNRWUQC19zfhFpoE49ArO2t+gI WAXlaukHteErhor0x+PyjjSu3rWp+jHcYkYvk5IfALC6AZFRltuqNPZIbGFTp1Pv bi1gNihJ3WgRClRXCYmO0o+fxbIKFpgaQSe8xh8eN8zovbahFufeEZH/AiTzbT8= =/xy/ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fa906ba.1030...@gmail.com
Re: gpg/pgp noise
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 08.05.2012 14:40, Indulekha kirjoitti: On Tue, May 08, 2012 at 12:34:02PM +0100, Phil Dobbin wrote: On 08/05/12 12:29, Mika Suomalainen wrote: 08.05.2012 14:20, Lisi kirjoitti: On Tuesday 08 May 2012 12:11:56 Indulekha wrote: On Tue, May 08, 2012 at 11:53:23AM +0100, Phil Dobbin wrote: Increasing the pool of servers that gpg checks may alleviate your problem but it's more than likely to be people haven't exported their key. Mine has been exported. See how you view that one. Cheers, Thanks, Phil. After adding the keyserver Mika suggested, I no longer see the error messages but do still have to see this messy block of text at the end: But did you after Phil's? Lisi That signature block informs to be bad signature from Phil. Viestin sisennettyä osaa (vastausta) on luultavasti muokattu (In English: The indented part of message (reply) has been possibly changed) gpg -komento ja -tuloste: In English: gpg -command and -output: /usr/bin/gpg2 gpg: Signature made ti 8. toukokuuta 2012 13.53.22 EEST using RSA key ID A093C263 gpg: BAD signature from Phil Dobbin bukowskis...@gmail.com That's because the email client didn't snip the quoted previous message correctly therefore part of the original signature was still included. Cheers, Phil... No, I think you may have an incorrect or incomplete configuration Phil is right, that security error came, because you wrote your message between content, which he had signed. Enigmail automatically removes signatures of other people when replying to signed message. - -- Mika Suomalainen gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728 Key fingerprint = 24BC 1573 B8EE D666 D10A AA65 4DB5 3CFE 82A4 6728 http://mkaysi.github.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPqQbNAAoJEE21PP6CpGcovIEP/jcm0+kccXOLhjC1sv7bvECr f/c1j6w8EFv2XmYdW1VPSQ2U8bGD3XgguuuRh12eG3M7udz0iaaSs0UBENHmLZpc VrvYwXJ42VVRm1Wrm56Ta/v4SftBO0kbwrgkzqPrsptlboqUbQRE9XCGrgV4kKVM zFgle9YWKP1bDHdJs9VyCUYDjg4BPei3NthBltGjIxmHXbj0OCqzlhh552eVLbi3 JRRjDtZ9ettTW9BgULNNdBhbI3PqZWVKpEjjc9J9DB+6XXjwS5Mf1JhT6WHlSYJl 5fEbjRw6Og7pzU21gVC2Zhsi5LqzM8dIZyvndExtHsD3cC6/JDd4TDQEaJE8JilJ wMrUfZ0DXTYhhrpv/zEaAogPkJi8uBlx6jtDsMCvn4NiIX34OtVTRLLZ75Tu0lz4 bpLto68jzhIEKuhAAnTn0teQVTtjCl5bnwVYdAyWTwCSgnkVEy27WgwyMDtklx/Z lOhrlZIQG/IBiNA47N6QUBZHm0KDNsfB3TICiY7tczkSFRFbBeguPWXe2mJhGRfD vxuZ8cXLnsZ0fPWprSZ7oY0GdPfloWJ4Ckvs8b0RtavB62F7XNNtF4/V36JLI54b TBbbzASLy92PPPGXYZ1vG/WKFWd0CqWb1G59yu5CG9QWw/efRkDSoQp416/cNOGA S33PPm5VnVuLsJXWf8J/ =qHVs -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fa906cf.5090...@hotmail.com
Re: gpg/pgp noise
On Tue, May 08, 2012 at 02:29:39PM +0300, Mika Suomalainen wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 08.05.2012 14:20, Lisi kirjoitti: On Tuesday 08 May 2012 12:11:56 Indulekha wrote: On Tue, May 08, 2012 at 11:53:23AM +0100, Phil Dobbin wrote: Increasing the pool of servers that gpg checks may alleviate your problem but it's more than likely to be people haven't exported their key. Mine has been exported. See how you view that one. Cheers, Thanks, Phil. After adding the keyserver Mika suggested, I no longer see the error messages but do still have to see this messy block of text at the end: But did you after Phil's? Lisi That signature block informs to be bad signature from Phil. Viestin sisennettyä osaa (vastausta) on luultavasti muokattu (In English: The indented part of message (reply) has been possibly changed) gpg -komento ja -tuloste: In English: gpg -command and -output: /usr/bin/gpg2 gpg: Signature made ti 8. toukokuuta 2012 13.53.22 EEST using RSA key ID A093C263 gpg: BAD signature from Phil Dobbin bukowskis...@gmail.com - -- Mika Suomalainen gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728 Key fingerprint = 24BC 1573 B8EE D666 D10A AA65 4DB5 3CFE 82A4 6728 http://mkaysi.github.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPqQOhAAoJEE21PP6CpGcoIlAP/jo6enkTnXc0Ko9pvtJ8Xx5T 3lipNMEO0IEf1CN0Yz7392rr/8hvzSTCrBZPXQOyWs7D5EDTlTFsyq9c25MTv1vg mGyu0MECbhDuBBG+1XbZpSGIJpHW2GWCcepr55IR7efA3kDhRfYUbbFoey9Uq85g Co78ZzfebVvDchcDs/gFnIrq093YTfKgc9sJTJFFmejNjOZMty8XYVjvkDaYA+Kv FhFqKO/EsAtUxotHMR2ZhFQrBBXJELIgoDOhgMK/zoSfsXsY2gTgCGxhSf8fRC3g 1bpX7qAJ3c0+VcQzWm1GnWKIgPZJgLHmmhPBryszB+fZQuJ4E6arSfvOY/Kiryrr 30rrbqmGFBfEiDziZ4aDEvE3ArajsmW10HZv5VfdBV7dWVgxZgm0+JP6Q3NsvZpp AfMeV/fUl8dzyXzlZ0ddFkdBl09VCWw2/oCAwLzutfEoUSA0sXLh2njd17gTrOBc 7Z23l78fuTOR1BxXp9/8lJwzOydv9QRd66/jUAZ74lSrIKDslsWsgvkQx0PK0u78 lp2xFJVtMQpcrllmxbo3DbB/QAGkYPppl+706sAeOl9FtWXpbdwoc6fx5hB2DRQ+ Sos35nWjSSkuIJdRd1KkWAr0miNXUxUQ8n5avgKmbmaypIENGMcVRVKH30dNMrBN 7eqBx4ci5qNUlUBRGpQl =QAdu -END PGP SIGNATURE- Yes, yours also still shows the (useless) text block at the end. Jochem Spieker setup is correct, and the block is gone using the recipe he provided. A few years ago I went through all this for the exact same reasons, and ISTR at least half of all pgp/gpg signed mail I received was done incorrectly I just hate that. -- ❤ ♫ ❤ ♫ ❤ ♫ ❤ Indulekha -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120508114651.GD9951@radhesyama
Re: gpg/pgp noise
Indulekha: No, I think you may have an incorrect or incomplete configuration This is inline vs. MIME: http://www.phildev.net/pgp/pgp_clear_vs_mime.html J. -- I can tell a Whopper[tm] from a BigMac[tm] and Coke[tm] from Pepsi[tm]. [Agree] [Disagree] http://www.slowlydownward.com/NODATA/data_enter2.html signature.asc Description: Digital signature
Re: gpg/pgp noise
On Tue, May 08, 2012 at 02:43:11PM +0300, Mika Suomalainen wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 08.05.2012 14:40, Indulekha kirjoitti: On Tue, May 08, 2012 at 12:34:02PM +0100, Phil Dobbin wrote: On 08/05/12 12:29, Mika Suomalainen wrote: 08.05.2012 14:20, Lisi kirjoitti: On Tuesday 08 May 2012 12:11:56 Indulekha wrote: On Tue, May 08, 2012 at 11:53:23AM +0100, Phil Dobbin wrote: Increasing the pool of servers that gpg checks may alleviate your problem but it's more than likely to be people haven't exported their key. Mine has been exported. See how you view that one. Cheers, Thanks, Phil. After adding the keyserver Mika suggested, I no longer see the error messages but do still have to see this messy block of text at the end: But did you after Phil's? Lisi That signature block informs to be bad signature from Phil. Viestin sisennettyä osaa (vastausta) on luultavasti muokattu (In English: The indented part of message (reply) has been possibly changed) gpg -komento ja -tuloste: In English: gpg -command and -output: /usr/bin/gpg2 gpg: Signature made ti 8. toukokuuta 2012 13.53.22 EEST using RSA key ID A093C263 gpg: BAD signature from Phil Dobbin bukowskis...@gmail.com That's because the email client didn't snip the quoted previous message correctly therefore part of the original signature was still included. Cheers, Phil... No, I think you may have an incorrect or incomplete configuration Phil is right, that security error came, because you wrote your message between content, which he had signed. Enigmail automatically removes signatures of other people when replying to signed message. - -- Mika Suomalainen gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728 Key fingerprint = 24BC 1573 B8EE D666 D10A AA65 4DB5 3CFE 82A4 6728 http://mkaysi.github.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPqQbNAAoJEE21PP6CpGcovIEP/jcm0+kccXOLhjC1sv7bvECr f/c1j6w8EFv2XmYdW1VPSQ2U8bGD3XgguuuRh12eG3M7udz0iaaSs0UBENHmLZpc VrvYwXJ42VVRm1Wrm56Ta/v4SftBO0kbwrgkzqPrsptlboqUbQRE9XCGrgV4kKVM zFgle9YWKP1bDHdJs9VyCUYDjg4BPei3NthBltGjIxmHXbj0OCqzlhh552eVLbi3 JRRjDtZ9ettTW9BgULNNdBhbI3PqZWVKpEjjc9J9DB+6XXjwS5Mf1JhT6WHlSYJl 5fEbjRw6Og7pzU21gVC2Zhsi5LqzM8dIZyvndExtHsD3cC6/JDd4TDQEaJE8JilJ wMrUfZ0DXTYhhrpv/zEaAogPkJi8uBlx6jtDsMCvn4NiIX34OtVTRLLZ75Tu0lz4 bpLto68jzhIEKuhAAnTn0teQVTtjCl5bnwVYdAyWTwCSgnkVEy27WgwyMDtklx/Z lOhrlZIQG/IBiNA47N6QUBZHm0KDNsfB3TICiY7tczkSFRFbBeguPWXe2mJhGRfD vxuZ8cXLnsZ0fPWprSZ7oY0GdPfloWJ4Ckvs8b0RtavB62F7XNNtF4/V36JLI54b TBbbzASLy92PPPGXYZ1vG/WKFWd0CqWb1G59yu5CG9QWw/efRkDSoQp416/cNOGA S33PPm5VnVuLsJXWf8J/ =qHVs -END PGP SIGNATURE- I despise thunderchicken, and will not be using enigmail. It seems to me hardly anyone who uses gpg does so correctly... -- ❤ ♫ ❤ ♫ ❤ ♫ ❤ Indulekha -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120508115023.GE9951@radhesyama
Re: gpg/pgp noise
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 08.05.2012 14:46, Indulekha kirjoitti: On Tue, May 08, 2012 at 02:29:39PM +0300, Mika Suomalainen wrote: 08.05.2012 14:20, Lisi kirjoitti: On Tuesday 08 May 2012 12:11:56 Indulekha wrote: On Tue, May 08, 2012 at 11:53:23AM +0100, Phil Dobbin wrote: Increasing the pool of servers that gpg checks may alleviate your problem but it's more than likely to be people haven't exported their key. Mine has been exported. See how you view that one. Cheers, Thanks, Phil. After adding the keyserver Mika suggested, I no longer see the error messages but do still have to see this messy block of text at the end: But did you after Phil's? Lisi That signature block informs to be bad signature from Phil. Viestin sisennettyä osaa (vastausta) on luultavasti muokattu (In English: The indented part of message (reply) has been possibly changed) gpg -komento ja -tuloste: In English: gpg -command and -output: /usr/bin/gpg2 gpg: Signature made ti 8. toukokuuta 2012 13.53.22 EEST using RSA key ID A093C263 gpg: BAD signature from Phil Dobbin bukowskis...@gmail.com Yes, yours also still shows the (useless) text block at the end. Jochem Spieker setup is correct, and the block is gone using the recipe he provided. A few years ago I went through all this for the exact same reasons, and ISTR at least half of all pgp/gpg signed mail I received was done incorrectly I just hate that. I have reasons to clearsign, http://mkaysi.github.com/PGP/Clearsigning.html . PS. Debian-user is one of those mailing lists, which aren't affected by that issue. - -- Mika Suomalainen gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728 Key fingerprint = 24BC 1573 B8EE D666 D10A AA65 4DB5 3CFE 82A4 6728 http://mkaysi.github.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPqQhPAAoJEE21PP6CpGcok3UP/0Wz4cdZu+g09i4MNi+yYila y1zGqnfzjiOoj/1T6BQ2xu28qlDbcUCRO+evqLDv4SwlEDdU+CxORfy+54ihW9jb 0PM/42i8h+BvNoCWB4Sp2ILo3/z+8xlQx35MFdESW8VjdUbNV41Ev8nFMLpO99gV VEtSGzMPHJ+b7VJH0r52O2DMKoChfY871huK/TemlOt/jTm2ndk8Ngbv+Mogzj0a STL3eD+0Ay2JSV+Hp2Tnfm5hyQPxRiK0awjOFMwSSeAK7NqUa4SgatWG8T6HhVrR RwCK5Nyl3VZEFfPWa0rxiUzzsVCIu1Br5ij0dPJnI2M3WJufjirxFxXmGqd968NK yFm2mRjv8gNehIXmqgXDynHSGQrAYPRXbv8mdMhSTz1i9v8Xdz3JzCSWKpIHNO8h fRcb9m8g1FJEo63YeBPiZXnt+ymOR1+yx2wX1Ao7KAfGu3DlB6Na6eDsbWsoUJy9 cJ/xW6QyAo3g+oCFl3RAOFnBqBYVgZRi3SN110s9zOkAa9XEdLLnvOi/wYz9R0mu xoW49YQ4qXuLKIMgam/jJ0KG4+xRik4oA5UolAWgRYFw3lICpt8WGJ+TVTlFFfmQ IaEjGfKYEuyP7SL8HOL//YPj1p76T2tj4K/SnPcyyYBTADU7PVKxrqmpz9d0Bhvl sIL+Yj9m1eaP3Q2FPxyk =zqiF -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fa90851.4070...@hotmail.com
Re: gpg/pgp noise
On Tue, May 08, 2012 at 01:45:59PM +0200, Jochen Spieker wrote: Indulekha: No, I think you may have an incorrect or incomplete configuration This is inline vs. MIME: http://www.phildev.net/pgp/pgp_clear_vs_mime.html Aha, so yours is inline or MIME? And is there a recipe for muttrc to hide the other kind? -- ❤ ♫ ❤ ♫ ❤ ♫ ❤ Indulekha signature.asc Description: Digital signature
Re: gpg/pgp noise
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 08.05.2012 14:45, Jochen Spieker kirjoitti: Indulekha: No, I think you may have an incorrect or incomplete configuration This is inline vs. MIME: http://www.phildev.net/pgp/pgp_clear_vs_mime.html J. And that page forgets the problems in MIME. PGP/MIME requires headers, message and the signature.asc to be verified. Some mailing list programs mess up with the headers and this way make PGP/MIME signatures unverifiable. In INLINE, the signature is in message and it doesn't require headers to be verified so it's harder to be messed up by mailing list software. - -- Mika Suomalainen gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728 Key fingerprint = 24BC 1573 B8EE D666 D10A AA65 4DB5 3CFE 82A4 6728 http://mkaysi.github.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPqQk4AAoJEE21PP6CpGcofI4QAJCvZvkMdD3j+u50lychq1uI z/6y09J2yksnlTePk+E1XMGTdAuMdYqpykJtpVFugUDTIUHXpH6uFThwC6yoIsN+ CYLOW7WLcD2P+D026Q4ZH4uYoBVMW3z7bVYBxbm+3E4jAZfFjOXVF2ngpbUY3sAH OrnSFz+cwey4OYmwevvpUFhDyzZauOGsw+A1B8s97SsnwYn0jJlNx8Fq0sBIZHso Q4XoVY+3KNeyjnDfLrpG/SIoHZsRKqrrTLN/nKO9PYaoQVyCDmhcH9YSQLRrK2Wi +ZpC8bePguGWw/jAQz7k6aqwaRR9pRWXXEGPb9cdLp+cjOCNgJF2kmrH9QPGrZ2A /QZv+TdTU8E0YpBUeR6YF1WnpzqjHCGcP5ab7SfR912GOfBdH43Xk7FPlciljQoZ sbPuwsFmo8Ixx2NKkfczsvkwtR7iIJLK//G+Tv5PUp4Ce5JPPflOC198CN1N7DF4 S3L6SgXT2CxtCGbnI1fkJRGh2DSJ0V+GvIIk4otHdIitvE6yzDZiWk6il7CCdDab /rnNaYN/699szwVHYScZuNS1XkjrPfPIcVNtxTPFYWPPIao4fndkYtumLYxoXX5o xK3OoQe4Hc7igkcBN2xlejP+SBC2dBBlP4cO/gYWLV/ZkKthwef7EFXW2uMGquLZ rgPVFfkhtLf9j2KSvxv6 =OXcs -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fa9093a.6080...@hotmail.com