Re: key question
On 2/25/10 8:29 PM, Yawar Amin wrote: > I interpret that word, public, differently. To me just because a key > _can_ be made public doesn't mean it automatically _should_. What in life is automatic, besides death and taxes? We are not talking about automatic here. We are talking instead about what is reasonable and in accordance with the general expectations of the community. I've not heard any organized outcry for "DRM on the honor system", and I've not heard any good arguments for it. I've heard a loosely organized outcry for sharing public keys widely, and good arguments for it. Based on this, I'm going to follow the community practice of sharing keys widely, unless there are compelling reasons to do otherwise. I suspect most users are in the same boat. > They may have reason--by looking at signatures on a public keyserver, > anyone can figure out which people you communicate with securely. I invite you to look at my key and figure out with whom I communicate securely. Looking over the key I use now and the keys I've used in the past, I don't see any signatures there from people I've traded more than a handful of secured emails with. You might think the signatures on 0xFEAF8109 are indicative of something -- but really all that it's indicative of is that I attended the keysigning party at OSCON 2006. > How would you like the idea of governments worldwide starting to > keep tabs on you if one of the people who've signed your key turns > out to be a criminal, a terror suspect, or a child porn collector? You *must* be kidding. Listen, if there's some sociopath who likes raping eleven year olds on camera, and my name happens to be in his address book, or he happened to sign my key, or my name is *in any way* connected with his, then yes, I like the idea of my government coming around to ask me, "do you know anything about this?" When it comes to hideous crimes being perpetrated against children, I kind of support the idea of law-enforcement officers doing their jobs. Sure, sure, there are a ton of other more questionable investigations they could be conducting -- but your examples here are *awful*. > Uploading a signed public key to the 'net is a sure way of taking > away people's freedom to keep their associations private. If you want to keep your association with someone private, give it a local (non-exportable) signature. Exportable signatures are meant for the case where the signer *wants* to attest to the world their association. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: key question
On 2/25/10 1:04 PM, John Clizbe said: > MFPA wrote: > >> On Thursday 25 February 2010 at 3:53:23 AM, in >> , John Clizbe wrote: >> >>> MFPA wrote: >>> Hi John On Thursday 25 February 2010 at 12:17:36 AM, you wrote: > It is also a good idea to send your key to the keyservers. > But is, of course, a matter of personal choice. >>> Whatever. Everything in life is a matter of personal choice. >>> >>> Was there some point you wished to make? >>> >> My point was that not everybody wishes/chooses to send their keys to >> the keyservers. >> > > Then you need not send your key to the keyserver network. Pretty simple > personal > choice, huh? Don't want to? Don't do it. > > Whether one chooses to send his key to the keyservers or not, it is still a > good > idea and in the interest of the OpenPGP community to utilize the keyservers. > *Public* key encryption is fostered by the *public* dissemination of keys and > the keyservers are, IMO, the best mechanism for that. I stand by my earlier > I interpret that word, public, differently. To me just because a key _can_ be made public doesn't mean it automatically _should_. > statement. > > >> Some people hate the idea and get *very* upset if their key does end >> up on the servers. >> > > Ohhh... I see. Do they take their ball and go home? Do they jump > up > and down? Stomp their feet? Hold their breath until they turn blue? Do they > forward private email to a public list? > They may have reason--by looking at signatures on a public keyserver, anyone can figure out which people you communicate with securely. How would you like the idea of governments worldwide starting to keep tabs on you if one of the people who've signed your key turns out to be a criminal, a terror suspect, or a child porn collector? Uploading a signed public key to the 'net is a sure way of taking away people's freedom to keep their associations private. They may choose to give that up for themselves, but you shouldn't slam them for keeping their options open. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: key question
My error. I didn't CC the following message to the mailing list. On Thu, 2010-02-25 at 02:38 -0800, Paul Richard Ramer wrote: > I won't add to the other good replies, except for this. Concerning > the > revocation certificate that you would be behooved to create, you > should > take care to protect it. If an enemy (and we hope you don't have > any :-)) got a hold of your revocation certificate, he could revoke > your > key by uploading the certificate to public keyservers. > > Even though your copy of your private and public keys wouldn't be > revoked, all of the copies of your public key on the public keyservers > would be revoked. This, of course, would be a major impediment to > people wanting to privately communicate with you. > > Other than that, feel free to ask your questions on this mailing list. > We are here to help. > > Paul > -- > Privacy is good. Use PGP. > > +-+ > | PGP Key ID: 0x3DB6D884 | > | PGP Fingerprint: EBA7 88B3 6D98 2D4A E045 A9F7 C7C6 6ADF 3DB6 D884 | > +-+ -- Privacy is good. Use PGP. +-+ | PGP Key ID: 0x3DB6D884 | | PGP Fingerprint: EBA7 88B3 6D98 2D4A E045 A9F7 C7C6 6ADF 3DB6 D884 | +-+ signature.asc Description: This is a digitally signed message part ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: key question
On Thu, 2010-02-25 at 15:23 -0500, Robert J. Hansen wrote: > On 2/25/10 9:24 AM, MFPA wrote: > > Some people hate the idea and get *very* upset if their key does end > > up on the servers. > > What you're advocating here is "DRM on the honor system." Don't copy > the key, don't distribute the key, don't upload the key, don't do > anything with the key, without the explicit permission of the key owner. > > Me, I consider DRM on the honor system to be the exact same as any other > kind of DRM -- something to be overcome and then ignored. > > If someone asks me nicely, "please do not upload this key," I will > probably say yes. But it is a *huge* leap to go from there to "do not > upload keys without the owners' permission." Friends don't let friends share PGP keys. ;-) -- PGP Key ID: 0x3DB6D884 PGP Fingerprint: EBA7 88B3 6D98 2D4A E045 A9F7 C7C6 6ADF 3DB6 D884 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: Migrating from PGP to GPG question
Hello Smith, ! "Smith, Cathy" wrote: > Another question about this migration. Is it possible to do a mass import > of a single user's keyring or do I have to do it for each individual key. > I've not been able to find anything so far about anything that addresses > this. I would try gpg pubring.pgp as GPG assumes usually the most relevant action. Adding keyring pubring.pgp in gpg.conf adds current file to list of keyrings. And gpg --import pubring.pgp should import the whole keyring too. -- Laurent Jumet KeyID: 0xCFAF704C ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: key question
On Thu, 2010-02-25 at 15:23 -0500, Robert J. Hansen wrote: > On 2/25/10 9:24 AM, MFPA wrote: > > Some people hate the idea and get *very* upset if their key does end > > up on the servers. > > What you're advocating here is "DRM on the honor system." Don't copy > the key, don't distribute the key, don't upload the key, don't do > anything with the key, without the explicit permission of the key owner. > > Me, I consider DRM on the honor system to be the exact same as any other > kind of DRM -- something to be overcome and then ignored. > > If someone asks me nicely, "please do not upload this key," I will > probably say yes. But it is a *huge* leap to go from there to "do not > upload keys without the owners' permission." Friend don't let friends -- PGP Key ID: 0x3DB6D884 PGP Fingerprint: EBA7 88B3 6D98 2D4A E045 A9F7 C7C6 6ADF 3DB6 D884 signature.asc Description: This is a digitally signed message part ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: key question
On Thu, 2010-02-25 at 14:24 +, MFPA wrote: > My point was that not everybody wishes/chooses to send their keys to > the keyservers. > > Some people hate the idea and get *very* upset if their key does end > up on the servers. In my case, the reason that I uploaded my keys to public keyservers was to make it possible for anyone who wanted to privately communicate with me to do so. Even if I didn't know them. If the reason for keeping the public key to yourself is that you don't want anyone, except for a selected few, to know your "secret" e-mail address, then create two e-mail addresses. One will only be shared with people you know intimately, and the other will be for the public. I never understood how anyone would want to use PGP for e-mail privacy, and, subsequently, keep the public key a secret! I don't see any reason why a person would keep his key off the public keyservers, short of preventing spam. And you know what, he would get spammed anyway. signature.asc Description: This is a digitally signed message part ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Migrating from PGP to GPG question
On Feb 25, 2010, at 5:17 PM, Smith, Cathy wrote: > Folks > > Another question about this migration. Is it possible to do a mass import of > a single user's keyring or do I have to do it for each individual key. I've > not been able to find anything so far about anything that addresses this. Yes, you can do a mass import of a keyring. This is not always true, but is true for most keyrings, including those from PGP and PGPi (which you indicated you were using). David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: Migrating from PGP to GPG question
Folks Another question about this migration. Is it possible to do a mass import of a single user's keyring or do I have to do it for each individual key. I've not been able to find anything so far about anything that addresses this. Thanks. Cathy --- Cathy L. Smith IT Engineer Pacific Northwest National Laboratory Phone: 509.375.2687 Fax: 509.375.2330 Email: cathy.sm...@pnl.gov -Original Message- From: gnupg-users-boun...@gnupg.org [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of Smith, Cathy Sent: Wednesday, February 24, 2010 6:47 PM To: gnupg-users@gnupg.org Subject: Migrating from PGP to GPG question Folks We are starting to migrate from OpenPGP to GnuPG. One of the batch jobs I have to convert uses: pgp +force This is supposed to assume a "yes" to any interactive questions. I wasn't clear after reading the man pages about the gpg --batch option. Can someone tell me if the --batch and the --yes options are mutually exclusive? Thanks. Cathy --- Cathy L. Smith IT Engineer Pacific Northwest National Laboratory Phone: 509.375.2687 Fax: 509.375.2330 Email: cathy.sm...@pnl.gov ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: key question
On 2/25/10 9:24 AM, MFPA wrote: > Some people hate the idea and get *very* upset if their key does end > up on the servers. What you're advocating here is "DRM on the honor system." Don't copy the key, don't distribute the key, don't upload the key, don't do anything with the key, without the explicit permission of the key owner. Me, I consider DRM on the honor system to be the exact same as any other kind of DRM -- something to be overcome and then ignored. If someone asks me nicely, "please do not upload this key," I will probably say yes. But it is a *huge* leap to go from there to "do not upload keys without the owners' permission." ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Shamir's Secret Sharing Scheme integration?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Florian Weimer escribió: > * Stefan Xenon: > >> I don't know any integration in GnuPG but instead the following open >> source implementatio may worth a try: http://point-at-infinity.org// > > IIRC, this particular software does not implement Shamir's scheme. Are you sure? The title of the page is "Shamir's Secret Sharing Scheme" Best Regards -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJLhtpnAAoJEMV4f6PvczxAxCcIAJppkdHb5yKaghVmkXn/kJ/L uu053jF7GRWag5idf+KESJbPomZxN5fQo+8vkEsN4gJN4l9uvPlJREALGGZdZham F6ZSadcknhEhvrlqsZbkQah19A3RoBlOtz40iypyFCZKpcSDLXcbNZ0C0XPbNfzD DJq6Jcg/snkNK3EYXkgzubRLk0+ntQmKYG7mOYKjPL/rahP6bvtXi9TbrhQeXMOW 6QdCQ7nWR91/Pt9f04n1/E6IThaCp/3iGEpwN1NM6wa6FrMjppP7+6v7nUnBwFCW FM/FJeI86p56QRLB8PwnYhw1ZkGIXETJndMkxZttSQRNJHtRHpfz2JJYUKvP8yc= =jFla -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: Migrating from PGP to GPG question
Here is the information for the freeware version of PGP. http://www.pgpi.org/ Cathy --- Cathy L. Smith IT Engineer Pacific Northwest National Laboratory Phone: 509.375.2687 Fax: 509.375.2330 Email: cathy.sm...@pnl.gov -Original Message- From: Jameson Rollins [mailto:jroll...@finestructure.net] Sent: Wednesday, February 24, 2010 8:11 PM To: Smith, Cathy; gnupg-users@gnupg.org Subject: Re: Migrating from PGP to GPG question On Wed, 24 Feb 2010 18:46:33 -0800, "Smith, Cathy" wrote: > We are starting to migrate from OpenPGP to GnuPG. Just for clarification, GnuPG is software tool that is actually an implementation of the OpenPGP specification [0]. O ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to sign an email in PHP?
On 02/25/2010 11:59 AM, Carlos Chavez wrote: > I have to write the whole email manually in PHP because the PEAR libraries for > Mime do not quite get the headers right Please file bugs against the PEAR libraries in question so that they can be fixed. Thanks! Regards, --dkg signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to sign an email in PHP?
On Wed, Feb 24, 2010 at 2:26 PM, Robert J. Hansen wrote: > On 2/24/10 11:18 AM, Jerry wrote: > > Outlook Express is depreciated. > > Outlook Express is deprecated, and many people here throw deprecations > against it -- but Outlook Express is still one of the most common MUAs > in existence, and for that reason alone the PGP/MIME interoperability > problem should be taken seriously. > > I finally got it to work! Thanks to Grant for pointing me to the RFC. I can now sign the message and successfully verify the signature when it arrives. So far Evolution, Thunderbird and Outlook work without a hitch. I have to write the whole email manually in PHP because the PEAR libraries for Mime do not quite get the headers right but I do not see that as a problem. My next test is to sign a message that includes an attachment which is going to be a bit more difficult. -- -- Carlos Chavez ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to decrypt signatures with gpgme?
On Thu, 25 Feb 2010 12:35, f.schw...@chili-radiology.com said: > when I create a signature with "gpg --sign", I'm able to use "gpg > --decrypt" to get the plaintext from the signature. You might want to use: gpg --verify --output PAINTEXT.TXT SIGNED.GPG > So is there a way to get the plaintext from the signature using gpgme? What about this: - Function: gpgme_error_t gpgme_op_verify (gpgme_ctx_t CTX, gpgme_data_t SIG, gpgme_data_t SIGNED_TEXT, gpgme_data_t PLAIN) The function `gpgme_op_verify' verifies that the signature in the data object SIG is a valid signature. If SIG is a detached signature, then the signed text should be provided in SIGNED_TEXT and PLAIN should be a null pointer. Otherwise, if SIG is a normal (or cleartext) signature, SIGNED_TEXT should be a null pointer and PLAIN should be a writable data object that will contain the plaintext after successful verification. [...] Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: key question
MFPA wrote: > On Thursday 25 February 2010 at 3:53:23 AM, in > , John Clizbe wrote: >> MFPA wrote: >>> Hi John > >>> On Thursday 25 February 2010 at 12:17:36 AM, you wrote: > It is also a good idea to send your key to the keyservers. > >>> But is, of course, a matter of personal choice. > >> Whatever. Everything in life is a matter of personal choice. > >> Was there some point you wished to make? > > My point was that not everybody wishes/chooses to send their keys to > the keyservers. Then you need not send your key to the keyserver network. Pretty simple personal choice, huh? Don't want to? Don't do it. Whether one chooses to send his key to the keyservers or not, it is still a good idea and in the interest of the OpenPGP community to utilize the keyservers. *Public* key encryption is fostered by the *public* dissemination of keys and the keyservers are, IMO, the best mechanism for that. I stand by my earlier statement. > Some people hate the idea and get *very* upset if their key does end > up on the servers. Ohhh... I see. Do they take their ball and go home? Do they jump up and down? Stomp their feet? Hold their breath until they turn blue? Do they forward private email to a public list? Such key sequestration is a minority viewpoint and I doubt even a good number of folks on a fully encrypted forum such as PGPNet would agree with you and would instead support keyserver use. -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-k...@gingerbear.net?subject=help Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: Migrating from PGP to GPG question
On Wed, 24 Feb 2010 20:33:14 -0800, "Smith, Cathy" wrote: > We are migrating from OpenPGP which is a freeware version of PGP. Sorry for > the confusion. I'm not familiar with OpenPGP, the software. I'm familiar with the PGP Corporation's implementation (which I think is just called "PGP"), but not an implementation called "OpenPGP". Having trouble finding any references to anything other than OpenPGP the spec as well. Would you mind passing on a link? Thanks. jamie. pgpTfz0XfXl9y.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
[no subject]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi - -- Best regards MFPAmailto:expires2...@ymail.com Ultimate consistency lies in being consistently inconsistent -BEGIN PGP SIGNATURE- iQCVAwUBS4aK6aipC46tDG5pAQoWfgP+Kaflz5+32QsDfOJBV+tm33kXb8oDQzMo 5NJUH40YjCcrxbPU3rDiIb9Fznix3BSMyPysoX/+mHwwk10IdpsTdCv1bMAj31dZ Udpy9FZ0MI0HtoefXu6Q1JnQ2mplEY7slfVRjW/7A80NNqCHXjzblyx1CiRbctoH H4lA5mMEbvQ= =95Dh -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: key question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Thursday 25 February 2010 at 3:53:23 AM, in , John Clizbe wrote: > MFPA wrote: >> Hi John >> On Thursday 25 February 2010 at 12:17:36 AM, you >> wrote: >>> It is also a good idea to send your key to the >>> keyservers. >> But is, of course, a matter of personal choice. > Whatever. Everything in life is a matter of personal > choice. > Was there some point you wished to make? My point was that not everybody wishes/chooses to send their keys to the keyservers. Some people hate the idea and get *very* upset if their key does end up on the servers. - -- Best regards MFPAmailto:expires2...@ymail.com The truth is rarely pure and never simple -BEGIN PGP SIGNATURE- iQCVAwUBS4aIWqipC46tDG5pAQotagQAnjEJcfJttj58GG7oEFrrPhto82gkfcMu ewlVHvcak6tkRVz35WCyVOXQK3cwvF0Zp03tNUM8Xo3vJ2G0IktNy4roCQqCHTwA GuPOb0ioZqh3Wi615xZ4PVAV2iBElRTJtETuYD1CyhlN2VhWsUHsNZ1Zo5JOcwmO cRhbZw+Sm8s= =naYo -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
How to decrypt signatures with gpgme?
Hello List, when I create a signature with "gpg --sign", I'm able to use "gpg --decrypt" to get the plaintext from the signature. When I'm try to to this using gpgme resp. gpgme_op_decrypt (gpgme_ctx_t ctx, gpgme_data_t cipher, gpgme_data_t plain) I'm getting a GPG_ERR_NO_DATA error if cipher does not contain any data to decrypt. So is there a way to get the plaintext from the signature using gpgme? Thanks Florian ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
