RE: Question about history of hash and cipher collections
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 From: David Shaw Yes. gpg -v --version will give you the algorithm numbers along with the algorithm names. However, the algorithm numbers are not really relevant to anything unless you're writing OpenPGP software. For years now, all programs have referred to AES256 as AES256 and not cipher 9. Version will not report it that way, but decryption errors will. If you have an older version of GPG that does not know about the newer cypher or hash, it will report cypher n or hash n. I have encountered this on systems that have not been upgraded for a while. (And, yes, there is an upgrade in process.) The information is useful in that case when you are trying to explain to production people what happened when their file decryption failed. -BEGIN PGP SIGNATURE- Version: 9.5.3 (Build 5003) wsBVAwUBR4uXVGqdmbpu7ejzAQrxzQf6A+V0Y0//VmtM2T5phkihrEPl//7qMr7y oWntZ8qBUlg2DJuChcY2KVUp7Se7y6wmikTrcdJfF9M0FxAWJ7IsVo1dxg9GDq0y qGJmeVlUYWHjeDw22UdwzR3xVeaJdssz2NUwlYCxRTFT0PJVfggltzREqqlrQ11I G9+vUUgXTdH/tHDDII++RloPO+ixWbHW2bl16wSOOIPhXx+Mmu8mqiErGUjz2BAf JRg45D8Oz7w7+qmRmo7wZmjKncrxYgqKYuE2ThNDdQCkS38IgAmXx6I01Fi8IE6d MAd0pwrrm037N19Sk1aQnlsBoSLQISvlHCas09TfV1r/54w3kp50aQ== =tKlq -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: Question about history of hash and cipher collections
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 From David Shaw On Mon, Jan 14, 2008 at 09:09:40AM -0800, Alan Olsen wrote: From: David Shaw Yes. gpg -v --version will give you the algorithm numbers along with the algorithm names. However, the algorithm numbers are not really relevant to anything unless you're writing OpenPGP software. For years now, all programs have referred to AES256 as AES256 and not cipher 9. Version will not report it that way, but decryption errors will. Version does report it that way. Not quite what I meant. (I should really not post on a Monday until I am fully awake. Which means posting on Tuesday.) Actually what I meant to say is that the cypher numbers is actually useful if you are trying to figure out what you are missing from older versions. -BEGIN PGP SIGNATURE- Version: 9.5.3 (Build 5003) wsBVAwUBR4ugjGqdmbpu7ejzAQoIBQgAvGyNRh78yDtBILGiX/RO2XpCuwzVip4M 1RQ4e/G0pNUwOiA578RAjI2d0wNKMlQ3GiDBm/JsxmIioWhcZKBj7UBgQvkvttuY HVvfq0Ua2AM8z8ubedWsTufV3bX3oOZmnYIpgZRHLLpUI1C8AWtFmvi7B1BrU7KQ Fg/+ISnJzIaNL3YpwdhDuCLLfQBeesgeQULdhf6YtKYOEThhxinXSOG8NR1ot84G SrJrekpzo4CmH+glj2Sff4l2oaiBih+8PGurt4d0HjgSn/KCst0HpDtlLV0A+X5d eagjcQYREASiark45PijfmJMnCzWfd+dj0E2oEQS5ac+133Pl1eyhQ== =kWzA -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Question about history of hash and cipher collections
Please remove me from this mailing list. On Jan 14, 2008, at 11:24 AM, David Shaw wrote: On Mon, Jan 14, 2008 at 09:09:40AM -0800, Alan Olsen wrote: From: David Shaw Yes. gpg -v --version will give you the algorithm numbers along with the algorithm names. However, the algorithm numbers are not really relevant to anything unless you're writing OpenPGP software. For years now, all programs have referred to AES256 as AES256 and not cipher 9. Version will not report it that way, but decryption errors will. Version does report it that way. $ gpg -v --version gpg (GnuPG) 1.4.7 Copyright (C) 2006 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: 3DES (S2), CAST5 (S3), BLOWFISH (S4), AES (S7), AES192 (S8), AES256 (S9), TWOFISH (S10) Hash: MD5 (H1), SHA1 (H2), RIPEMD160 (H3), SHA256 (H8), SHA384 (H9), SHA512 (H10), SHA224 (H11) Compression: Uncompressed (Z0), ZIP (Z1), ZLIB (Z2), BZIP2 (Z3) David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Question about history of hash and cipher collections
Please remove me from this mailing list. On Jan 14, 2008, at 12:40 PM, Werner Koch wrote: On Mon, 14 Jan 2008 05:24, [EMAIL PROTECTED] said: There isn't a really dramatic reason for it. Adding algorithms to OpenPGP involves a rough consensus among the OpenPGP working group. With Serpent, that consensus never really happened. FWIW, about 7 years ago we had an informal meeting of OpenPGP implementors and we agreed that we should try to keep the list of supported algorithms short. Meanwhile it had turned out the the preference system works quite well and that for political reasons (e.g. national regulations) we may need to add other algorithms in the future. That is actually not new thing, RIPEMD-160 has been in OpenPGP since the early days because European telcos and governments like that algorithms. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE : Re: Checking expiration date automatically
Does there exist an option which would give the expiration date of a key, if such date exists ? See the file DETAILS in the doc/ directory. Something like: gpg --with-colons --fixed-list-mode --list-keys [EMAIL PROTECTED] | cut -d: -f7 should do what you want. The number is the expiration date (if any) expressed as the number of seconds since 1/1/1970. Thanks, it is a command I can rely on ! And it gives an epoch time which can be easily processed. For those interested, I just added a -- grep -E ^pub: -- to get only one date. Eric LANDES - Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Question about history of hash and cipher collections
Please remove me from this mailing list. On Jan 14, 2008, at 11:09 AM, Alan Olsen wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 From: David Shaw Yes. gpg -v --version will give you the algorithm numbers along with the algorithm names. However, the algorithm numbers are not really relevant to anything unless you're writing OpenPGP software. For years now, all programs have referred to AES256 as AES256 and not cipher 9. Version will not report it that way, but decryption errors will. If you have an older version of GPG that does not know about the newer cypher or hash, it will report cypher n or hash n. I have encountered this on systems that have not been upgraded for a while. (And, yes, there is an upgrade in process.) The information is useful in that case when you are trying to explain to production people what happened when their file decryption failed. -BEGIN PGP SIGNATURE- Version: 9.5.3 (Build 5003) wsBVAwUBR4uXVGqdmbpu7ejzAQrxzQf6A+V0Y0//VmtM2T5phkihrEPl//7qMr7y oWntZ8qBUlg2DJuChcY2KVUp7Se7y6wmikTrcdJfF9M0FxAWJ7IsVo1dxg9GDq0y qGJmeVlUYWHjeDw22UdwzR3xVeaJdssz2NUwlYCxRTFT0PJVfggltzREqqlrQ11I G9+vUUgXTdH/tHDDII++RloPO+ixWbHW2bl16wSOOIPhXx+Mmu8mqiErGUjz2BAf JRg45D8Oz7w7+qmRmo7wZmjKncrxYgqKYuE2ThNDdQCkS38IgAmXx6I01Fi8IE6d MAd0pwrrm037N19Sk1aQnlsBoSLQISvlHCas09TfV1r/54w3kp50aQ== =tKlq -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Question about history of hash and cipher collections
On Mon, 14 Jan 2008 05:24, [EMAIL PROTECTED] said: There isn't a really dramatic reason for it. Adding algorithms to OpenPGP involves a rough consensus among the OpenPGP working group. With Serpent, that consensus never really happened. FWIW, about 7 years ago we had an informal meeting of OpenPGP implementors and we agreed that we should try to keep the list of supported algorithms short. Meanwhile it had turned out the the preference system works quite well and that for political reasons (e.g. national regulations) we may need to add other algorithms in the future. That is actually not new thing, RIPEMD-160 has been in OpenPGP since the early days because European telcos and governments like that algorithms. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Fwd: Question about history of hash and cipher collections
please remove me from this mailing list. Begin forwarded message: From: Alan Olsen [EMAIL PROTECTED] Date: January 14, 2008 11:49:00 AM CST To: David Shaw [EMAIL PROTECTED], gnupg-users@gnupg.org Subject: RE: Question about history of hash and cipher collections -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 From David Shaw On Mon, Jan 14, 2008 at 09:09:40AM -0800, Alan Olsen wrote: From: David Shaw Yes. gpg -v --version will give you the algorithm numbers along with the algorithm names. However, the algorithm numbers are not really relevant to anything unless you're writing OpenPGP software. For years now, all programs have referred to AES256 as AES256 and not cipher 9. Version will not report it that way, but decryption errors will. Version does report it that way. Not quite what I meant. (I should really not post on a Monday until I am fully awake. Which means posting on Tuesday.) Actually what I meant to say is that the cypher numbers is actually useful if you are trying to figure out what you are missing from older versions. -BEGIN PGP SIGNATURE- Version: 9.5.3 (Build 5003) wsBVAwUBR4ugjGqdmbpu7ejzAQoIBQgAvGyNRh78yDtBILGiX/RO2XpCuwzVip4M 1RQ4e/G0pNUwOiA578RAjI2d0wNKMlQ3GiDBm/JsxmIioWhcZKBj7UBgQvkvttuY HVvfq0Ua2AM8z8ubedWsTufV3bX3oOZmnYIpgZRHLLpUI1C8AWtFmvi7B1BrU7KQ Fg/+ISnJzIaNL3YpwdhDuCLLfQBeesgeQULdhf6YtKYOEThhxinXSOG8NR1ot84G SrJrekpzo4CmH+glj2Sff4l2oaiBih+8PGurt4d0HjgSn/KCst0HpDtlLV0A+X5d eagjcQYREASiark45PijfmJMnCzWfd+dj0E2oEQS5ac+133Pl1eyhQ== =kWzA -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Question about history of hash and cipher collections
Pehr Jansson wrote: Please remove me from this mailing list. Visit the URL that is written at the bottom of each message sent to the list and remove yourself. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Question about history of hash and cipher collections
Werner Koch wrote: Meanwhile it had turned out the the preference system works quite well ...) Which leads me to a question. Since I don't like that gpg falls back to 3DES, if a cipher cannot be agreed opon. Would it be possible to change it to AES256 or something, in a relative easy way? Maybe a small change to source, and building myself? (BTW, thanks for gpg4win making it easy) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Question about history of hash and cipher collections
Jorgen Christiansen Lysdal wrote: Which leads me to a question. Since I don't like that gpg falls back to 3DES, if a cipher cannot be agreed opon. Would it be possible to change it to AES256 or something, in a relative easy way? Maybe a small change to source, and building myself? (BTW, thanks for gpg4win making it easy) What's wrong with 3DES? It's ridiculously slow, of course, but even after all these years it's still sturdy as a Soviet workers' housing bloc. Anyway, to answer your question... not in a way which will interoperate well. According to 2440, 3DES is the only MUST symmetric algorithm, which means it will be supported by all clients. If you're willing to take the interoperability hit, I would suggest looking into g10/pkclist.c line 1263, select_algo_from_prefs. That appears to be the best place to hack in what you have in mind. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Question about history of hash and cipher collections
On Mon, Jan 14, 2008 at 10:17:24PM +0100, Jorgen Christiansen Lysdal wrote: Werner Koch wrote: Meanwhile it had turned out the the preference system works quite well ...) Which leads me to a question. Since I don't like that gpg falls back to 3DES, if a cipher cannot be agreed opon. Would it be possible to change it to AES256 or something, in a relative easy way? Maybe a small change to source, and building myself? (BTW, thanks for gpg4win making it easy) You could, but the end result would not interoperate with the rest of the world. For example, if you tried to send an encrypted message to someone who hadn't hacked their GPG and had preferences of (for example) TWOFISH, CAST5, IDEA, your copy would pick AES256... and your message would not be readable. It doesn't matter all that much what the cipher of last resort actually *is*, but it's absolutely vital that everyone has the *same* one. RFC-2440 and 4880 require 3DES for this reason. Besides, 3DES has been around for longer than any other cipher in OpenPGP, been studied and attacked far more, and still hasn't fallen. The only thing wrong with it is that it's slow. And I doubt you'd notice the speed issue unless you're running on a very slow machine, or sending very large messages. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Question about history of hash and cipher collections
I can see NIST is calling for entries for a competition to discover a new hash function: http://csrc.nist.gov/groups/ST/hash/sha-3/index.html I was hoping they would name the winner of this contest the ASS (American Signing Standard), but see the winner will be referred to as the SHA-3 (Secure Hash Algorithm version 3). No doubt the winner of this consult will eventually be added to the gpg standard. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Question about history of hash and cipher collections
Kevin Hilton wrote: I can see NIST is calling for entries for a competition to discover a new hash function: Yeah, it's been underway for a while now. It's been known for years that the SHA-3 competition was going to happen; now it's actually started. No doubt the winner of this consult will eventually be added to the gpg standard. My take on the IETF OpenPGP working group is that a lot of people have some serious concerns that RFC2440 and RFC4880 include /way/ too many algorithms. While I imagine there is a broad desire among WG participants to see SHA-3 added, I think some hash algorithms may have to be dropped. The way I read the tea leaves, we should expect to see some tumult in the list of algorithms. Pretty much everyone agrees that we have too many algorithms. Hardly anyone can agree on which algorithms should be dropped. Even TIGER192 (a remarkably useless addition which was mercifully axed from the RFC shortly after introduction) has partisans who think its exclusion is unfair and that it should be reinstated. If you have strong feelings on this issue, the right place to bring them up is on the IETF OpenPGP working group mailing list. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
