Re: GnuPG asks for confirmation...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 engage wrote: > On Thursday 01 June 2006 08:59 pm, Todd Zullinger wrote: >>engage wrote: >>> Why is someone sending an encrypted message to this list? >> >>It's not encrypted. It's just signed and armored. >> >>Doesn't your mail client automatically display this for you? > > No. I keep getting prompted for my passphrase for this message. > Kmail. Just hit enter. There isn't any encryption, but the message is armored and as others have pointed out, email software often just assumes any pgp chunk that begins with "BEGIN PGP MESSAGE" is encrypted and asks for a passphrase to pass on to gpg. I've used mutt with gpg-agent for years now and have grown accustomed to not having that prompt unless a passphrase was truly required. :) - -- ToddOpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp == Be who you are and say what you feel because those who mind don't matter and those who matter don't mind. -- Dr Seuss, "Oh the Places You'll Go" -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iG0EARECAC0FAkSBIvkmGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt ei5hc2MACgkQuv+09NZUB1q4mwCgmNVQcxB4nbERt8ovWRTA8ZmBmMgAoJPpYPT5 H8TSvRoU+Nks86qDnpSS =5G/L -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG asks for confirmation...
On Thursday 01 June 2006 08:59 pm, Todd Zullinger wrote: >engage wrote: >> Why is someone sending an encrypted message to this list? > >It's not encrypted. It's just signed and armored. > >Doesn't your mail client automatically display this for you? No. I keep getting prompted for my passphrase for this message. Kmail. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Error generating new keys on Windows with gnupg 1.4.3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 6/2/2006 6:24 PM, Jee Kay wrote: > Whenever I try to generate a new secret key on Windows with gnupg > 1.4.3, I get the following output immediately following the second > request for my passphrase: > > gpg: NOTE: you should run 'diskperf -y' to enable the disk statistics > > A few seconds after that, a Windows error box pops up with this > message: > Microsoft Visual C++ Runtime Library > Runtime Error! > Program: z:\gnupg\gpg.exe > This application has requested the Runtime to terminate it in an > unusual way. Please contact the application's support team for more > information. > > > Has anyone seen anything like this or know where to start debugging > it? I don't know if it makes any difference, but I have > HKLU\Software\GNU\gpgProgram set to z:\gnupg\gnupg.exe and HomeDir is > set to z:\gnupg. > > Please keep me in CC on any replies as I am not subscribed. > > Thanks in advance, > Ras > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > Did you try using an environmental variable instead of using the registry? Assuming you're using WinXP, open up the system properties (right-click "My Computer">Properties). In the "Advanced" tab, click the "Environmental Variables" button on the bottom. You should now see a popup with 2 panes, one on top and one on the bottom. If you have admin access, open the "Path" variable. You going to want to add the path to the GnuPG EXECUTABLE (not the keyrings, unless they're in the same folder) at the end (make sure that you separate your addition from the string before it with a semicolon [;]. look at the rest of the "Path" variable to see an example of how they are separated). For example this is my "Path" variable before the addition: %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem Notice the semicolons between them and the lack of spaces. This is what mine looks like with the addition (just replace my GnuPG path with whatever yours is): %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\program file\gnu\gnupg Make sure that you do NOT put it in quotes (as we are used to doing in the command prompt when a filename had spaces). What the "Path" addition does is it tells the Windows Shell where to look for executable files (like when you say "cmd" at the "run" dialog, it looks in \windows\system32 for "cmd.exe"). So now when you type "gpg" (no quotes) at the "run" dialog or from a cmd prompt, it will run "gpg.exe." If you don't have administrator access to the computer, you can just add a new variable named "PATH" in the top pane (user variables). Just add the GnuPG exec path to that. The second thing to do is add one last variable. This one doesn't normally exist in Windows so you must create a new system (or user) variable named "GNUPGHOME" (case-sensitive). The value for that variable is going to be the directory of you GnuPG keyrings (i.e. my GNUPGHOME variable's value is "d:\gnupg" (no quotes), as that is the folder where my keyrings are). Once those variables are changed/added, just "OK" out of the remaining dialogs until System Properties is closed. You don't have to restart or anything. P.S. the environmental variables override the registry settings, so you don't have to worry about cleaning them up. - -- Zach Himsel <[EMAIL PROTECTED]> |_|o|_| |_|_|o| |o|o|o| PGP Public Key: http://zach-himsel.is.dreaming.org/ PGP Public Key ID: 0xFD04A326 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRIDE1CZJc7D9BKMmAQJpDgf/XFCkeN8Rx9Bx5PBX44AhjgQeYnbuV60o 1q8pMUQIw3NxzsZh9oCytP75AaqW2AOfEP92dylwzDwpT7LGGl0dq3E0MgQnzTMB feTsZE744Zio93JaG1RPs563FypJ60hrB3zXNtxGEcOfOp/R6FaoMsc5eBVDFapf ZIVSt+64QgLmAT2M2Q5B55vp0MW8BPLg1bXMCYtTIn6VRrZNrtOKmMAzu27SCj6y U3zI0YF60Yd2oY1M2FH1y387C711DpCbi85MDwRkpdSonCY/kTOqpwScOCSIkd07 lWKYTqwytrPxUkGJeGEJHBMme6TVXAb++oCMiKflBFc/9rClTCOCYw== =AHCQ -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Error generating new keys on Windows with gnupg 1.4.3
Whenever I try to generate a new secret key on Windows with gnupg 1.4.3, I get the following output immediately following the second request for my passphrase: gpg: NOTE: you should run 'diskperf -y' to enable the disk statistics A few seconds after that, a Windows error box pops up with this message: Microsoft Visual C++ Runtime Library Runtime Error! Program: z:\gnupg\gpg.exe This application has requested the Runtime to terminate it in an unusual way. Please contact the application's support team for more information. Has anyone seen anything like this or know where to start debugging it? I don't know if it makes any difference, but I have HKLU\Software\GNU\gpgProgram set to z:\gnupg\gnupg.exe and HomeDir is set to z:\gnupg. Please keep me in CC on any replies as I am not subscribed. Thanks in advance, Ras ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG Smartcard and Authentication Key
* On Sun, 28 May 2006 23:12:34 +0200, * Volker Dormeyer <[EMAIL PROTECTED]> wrote: * On Sun, 28 May 2006 16:30:55 -0400, * David Shaw <[EMAIL PROTECTED]> wrote: > On Sun, May 28, 2006 at 08:24:14PM +0200, Volker Dormeyer wrote: >> Hello all, >> >> recently I received a message which is encrypted with my public >> authentication key instead of my encryption key. >> >> I wonder how this can happen, because I thought GnuPG does not use the >> authentication key as encryption key. Am I wrong? >> >> Further, I am not able to decrypt the message. I tried it manually with >> "--try-all-secrets", but it doesn't seem to work. Basically it should >> work. I mean, I have the authentication private key. > This is unfortunately turning into a FAQ. Basically, you've run into > an old PGP bug. It was recently fixed (I don't recall exactly in what > version), but there are countless installations of PGP that predate > the fix. > This is what I read in the gnupg-users archive before I send the > question. I have to admit, I do not understand exactly, because I know > that the user who sent me the message is using GnuPG. It shows > -BEGIN PGP MESSAGE- > Version: GnuPG v1.2.5 (GNU/Linux) Just thought a bit about it... Is it possible, that GnuPG prior to version 1.4 was not able to interpret those "key flags"? I didn't use an authentication with versions prior to 1.4 for myself. > in the ASCII armored cipher text. > OpenPGP keys have "key flags" that indicate what a key is to be used > for (encryption, signing, or authentication). GnuPG honors these > flags and will not encrypt to any key that isn't marked for > encryption. The bug is that PGP is not properly looking at the key > and will happily encrypt to a signing or authentication key. > I am aware of the different "key flags". This was the reason why I > wondered how this could be happen. > As to what you can do about it, your best bet is to contact the sender > and ask for a retransmission encrypted to the proper key. It might be > possible to write a program that can essentially trick the smartcard > into decrypting the message by pretending it is a signature that needs > to be verified but it depends on how exactly the card handles > signatures. In any event, no such program exists today. Thanks, Volker -- Volker Dormeyer <[EMAIL PROTECTED]> Join the Fellowship and protect your Freedom!(http://www.fsfe.org) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG asks for confirmation...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark Brown wrote: > On Thu, Jun 01, 2006 at 10:59:54PM -0400, Todd Zullinger wrote: >> engage wrote: >>> Why is someone sending an encrypted message to this list? > >> It's not encrypted. It's just signed and armored. > >> Doesn't your mail client automatically display this for you? > > Many mail clients will assume that any GPG message is encrypted and > prompt for a passphrase prior to invoking GPG. I guess I just take it for granted because using mutt along with gpg-agent, I don't get such a password request. I'd be curious if kmail would do the same if configured to use the gpg-agent. Without the agent, mutt prompts as well. It's just been a long long time since I wasn't using gpg-agent. :) - -- ToddOpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp == Nothing says, "Obey me!" like a bloody head on a fence post. -- Stewie Griffin -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iG0EARECAC0FAkSAg2kmGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt ei5hc2MACgkQuv+09NZUB1qhxQCggs0wv8cejnK4Q4Wjdt632zMzX2UAoJz7rb3m KbVGtmAeLGjkE//lkFuf =gim2 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG asks for confirmation...
* Laurent Jumet <[EMAIL PROTECTED]> wrote: > > Many mail clients will assume that any GPG message is encrypted and > > prompt for a passphrase prior to invoking GPG. > > Are you sure? > Security wouldn't be compromised if passphrase is given to anything else > then gpg? F.e. mutt itself asks for a passphrase and passes it on to gpg. It's a normal thing for email clients to do, as with frontends for gpg as well. In case an attacker replaces the gpg binary with a wrapper... well, security is compromised the moment when an attacker gains system access anyway. Btw, good to see GoldEd still floating around. How's fidonet? -- 2:2433/480 Sorry to the people I drove nuts back then, hehe pgpuLcMMaWO04.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG asks for confirmation...
On Thu, Jun 01, 2006 at 10:59:54PM -0400, Todd Zullinger wrote: > engage wrote: > > Why is someone sending an encrypted message to this list? > It's not encrypted. It's just signed and armored. > Doesn't your mail client automatically display this for you? Many mail clients will assume that any GPG message is encrypted and prompt for a passphrase prior to invoking GPG. -- "You grabbed my hand and we fell into it, like a daydream - or a fever." ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG asks for confirmation...
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Hello ! Mark Brown <[EMAIL PROTECTED]> wrote: >> > Why is someone sending an encrypted message to this list? >> It's not encrypted. It's just signed and armored. >> Doesn't your mail client automatically display this for you? > Many mail clients will assume that any GPG message is encrypted and > prompt for a passphrase prior to invoking GPG. Are you sure? Security wouldn't be compromised if passphrase is given to anything else then gpg? - -- Laurent Jumet KeyID: 0xCFAF704C -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (MingW32) iD8DBQFEgDeB9R1toM+vcEwRA/IJAJ94cYSGch26vubs+lDki6sDIDAA+gCgvMKk /8wC6zZZ6LWc5em3Ibl54EA= =iqz9 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Signing vs. encrypting was: Cipher v public key
On Thu, Jun 01, 2006 at 11:33:14AM -0400, [EMAIL PROTECTED] wrote: > Todd Zullinger tmz at pobox.com wrote on > Thu Jun 1 11:46:48 CEST 2006 : > > > While I prefer gnupg to pgp myself, I did just happen to see a > > reference to pgp command line today > > the cost is *astronomical* > > have played around with it when it was released as a free > command line pgp 8.5 beta > > has a few features unique to pgp, > which may or may not be of interest to the customers: > > - ADK's This may be somewhat emulated with GPG (mandated encrypt-to) > - split-key / shared-key capablilty > (this happens to be nice and useful > any chance for a 'feature request' :-) ? ) I once thought of implementing this over gpg -- but it is notrivial to do it right and really it is a specialized application somewhat requiring a dedicated machine trusted by all the untrusting parties, to operate. A;ex ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Cannot decrypt this file for the life of me
webdevlv schreef: I am a complete newbie to GPG so bare with. I have a gpg encrypted file and two .asc files... file_sec.asc and file.asc (pubilc and secret key? I have no clue what the terminology is). I also have a passphrase that needs to be used. Ok, I understand your issue. The bits you have are: - the encrypted file (I assume it's file.gpg) - the secret key (file_sec.asc) - the public key (file.asc) - the password to use the secret key. What you must do: 1. import the keys into your key ring ("gpg --import file_sec.asc" on the command line) 2. decrypt the file using the passphrase ("gpg file.gpg" on the command line) -- Raphael signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Headers on this echo...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Laurent, Laurent Jumet wrote: > Why the Headers on this echo are not correct? You'll have to provide some proof that they are incorrect. What defines "correct" headers? :) > Messages come with this > > Sender: [EMAIL PROTECTED] > > and it should be of course "gnupg-users@gnupg.org" This is the way Mailman sends mail. Sender is set to use [EMAIL PROTECTED] because there are broken MTA's that will send bounces back to Sender, rather than to the address in the Errors-To or Return-Path headers. This may be changed in a future version of mailman, as the number of broken MTA's is diminishing and the number of MUA's that display things like "on behalf of" when the Sender header differs from the - From header is increasing. See this recent thread on the mailman-users list for more discussion and links to relevant RFC's: http://www.mail-archive.com/mailman-users@python.org/msg38403.html > And there is no "Reply-To: gnupg-users@gnupg.org" Header. See Mailman FAQ 3.48. 'What about setting a "Reply-To:" header for the list?' for discussion of why many lists do not add a reply-to header and why the Mailman default is to not set this to the list address. http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq03.048.htp Your MUA should be able to handle this. Mutt does quite well without the reply-to header pointing to the list. Submit a feature request to the developers of your MUA if it's missing a list reply function. - -- ToddOpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp == It was probably drugs more than anything else that made me a Libertarian. -- John Gilmore -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iG0EARECAC0FAkR/6nAmGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt ei5hc2MACgkQuv+09NZUB1pfnwCfU0nD1m//OvPGGpHsHyqpHkTs0zAAn3eAPj9h CUdFAqF5vKLlwCQc6Bze =98UM -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users