GnuPG 2.1
I'm not sure whether I should be asking in here or in the Enigmail group, so I'm trying here first - please refer me to the other group if it is more appropriate. I've just changed over to GnuPG 2.1.x and have been trying out an ECC key too. By and large, it all seems to work well (signatures verify, and encryption/unencryption works fine too) , but whilst sending test messages back and forth to myself using new and old keys for signing and encryption I noticed a couple of odd things, and it would be useful to know if they are related to GnuPG 2.1.x, or Enigmail (or even the ECC key - although that isn't likely). I'm using PGP/MIME for all messages. The first problem is trivial - if I send an HTML message, the signature verifies correctly, but the body of the message vanishes without trace - nothing at all shows up when trying to read the received message. There's an easy answer, I know - don't use HTML. I'm quite happy to do that, but I'm old and I forget :-( The second is a bit of a problem and will look odd if it happens when I send mail to others. Signing a message with either my old key or the new ECC key, and sending it to myself encrypted to both keys results in no problems with the signature or decryption, and the message appears OK. Above, and as part of, the message text, appear two of the message headers:- Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable This would look a bit odd to another recipient - albeit they don't prevent the rest of the message from being read. Why am I asking in here - well it didn't happen with the same versions of Thunderbird/Enigmail and GnuPG 2.0.x . That doesn't mean it isn't an Enigmail thing, of course, and I'm hoping you'll be able to tell me which it is. Please feel free to laugh out loud if I'm missing something stupidly obvious - I did tell you I was old :-) Regards, Bob signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.1
Please feel free to laugh out loud if I'm missing something stupidly obvious - I did tell you I was old :-) Nonsense: good questions deserve good answers. :) I'm not sure whether I should be asking in here or in the Enigmail group, so I'm trying here first - please refer me to the other group if it is more appropriate. It's a little of both, actually. You may want to ask again on Enigmail, although you'll likely get a lot of the same answers from a lot of the same people (myself included). I've just changed over to GnuPG 2.1.x and have been trying out an ECC key too. Right now, I wouldn't recommend ECC for production use. We're still getting the kinks worked out of it, and it isn't beyond the realm of possibility to think we might see significant changes by GnuPG 2.2. That said, if your purpose is edification and education, go for it! :) The first problem is trivial - if I send an HTML message, the signature verifies correctly, but the body of the message vanishes without trace - nothing at all shows up when trying to read the received message. There's an easy answer, I know - don't use HTML. The easy answer is also the wrong one. This appears to be a serious usability bug, and we very much want to fix those! Could you please do the following? 1. Write a short message in HTML. (Just Hello, world! will do.) 2. Send it to me, *off-list*. 3. Write the exact same short message in a new email. 4. Sign it using PGP/MIME and send it to me *off-list*. I'll take a look at it. If I can't see the problem, I'll kick it over to Patrick and Nicolai for some in-depth debugging. Above, and as part of, the message text, appear two of the message headers:- This is a known issue. Enigmail expects GnuPG to behave in a certain way, and since 2.1 GnuPG acts just slightly different than what we expect. Getting this fixed is on our to-do list. :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [openpgp] Unuploadable Keys
On 7/21/2015 at 5:11 PM, Daniel Kahn Gillmor d...@fifthhorseman.net wrote: Concretely, it should be possible to mark a key as not exportable to a keyserver or to provide a list of key servers (perhaps described using regular expressions as per Section 8 of RFC 4880) to which it may be exported. This could be implemented as a new signature subpacket. . However, this arrangement (or your signature subpacket proposal) has a set of problems that make it far from ideal protection, especially in the face of potentially adversarial users: 0) Any existing key (one with a self-sig that does *not* have this feature set) can't add this feature in a reliable way -- a new self-sig can just be stripped out of the certificate and the remaining certificate (with the previous self-sig) will be back to being exportable. 1) The keyservers would need to respect the value and decline to accept or propagate such keys. SKS currently doesn't even respect the non-exportable flag for non-self-sigs (https://bitbucket.org/skskeyserver/sks-keyserver/pull- request/20), let alone verify the cryptographic validity of signatures. = There could be a workaround, where the key is uploaded to the keyservers, but functionally unusable except to individuals whom the key-creator wants to use it: [1] Encrypt part of the public key symmetrically, the same way that the private key is symmetrically encrypted. [2] Send the passphrase to whomever you want to send the public key, encrypted to their public key. [3] Upload the key to keyservers. It will be usable only by those whom you choose to give the passphrase. (* Unless* you misjudged someone to whom you sent the passphrase, and he turns maliciously on you, and uploads the decrypted form ) If such a key-type were implemented, would it need a change in 4880, other than a notice to allow it? vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gen--key not working for non root users
Hi , Gnupg not able to generate keys for non-root user . $ gpg2 --version gpg (GnuPG) 2.0.22 libgcrypt 1.6.3 Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA, RSA, ELG, DSA, ECC, ? Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 You need a Passphrase to protect your secret key. Warning: using insecure memory! Afetr this the passphrase prompt doesnt prompt me for password ?? It acually just keeps on running forever like ; ┐ │ Enter passphrase │ │ │ │ │ │ Passphrase *___ │ │ │ │ OK Cancel For root user its absolsutely fine . Thanks Regards, Tejas Chaudhari Assistant Consultant C-Edge Technologies Ltd 9th Floor,A Wing Lodha i-Think Techno Campus Pokharan Road No.2 Off. Eastern Express Highway Thane (West) - 400 607 Mobile : 9870282371 Mail to :tejas.chaudh...@cedge.in Website: www.cedge.in This communication (including any accompanying documents / attachments) is intended only for the use of the addressee(s) and contains information that is PRIVILEGED AND CONFIDENTIAL. If you are not the intended recipient, you are notified that any dissemination and/or copying of this e-mail is Strictly prohibited and you are requested to delete this e-mail immediately. Communicating through e-mail is not secure and capable of interception delays. Any one communicating with C-Edge Technologies Limited by e-mail accepts the risks involved and their consequences. While this e-mail has been checked for all known viruses, the addressee should also scan for viruses and notify the originator.If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you for your co-operation. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Enigmail] Really weird behavior with fresh install
Robert J. Hansen écrivait (wrote) : [...] | And finally, let's run Enigmail's same command line: | | [rjh@localhost ~]$ /usr/bin/gpg2 --charset utf-8 |--display-charset utf-8 --batch --no-tty |--status-fd 2 --fixed-list-mode --with-colons |--list-keys | tru::1:1437413421:0:3:1:5 [...] echo $? just after /usr/bin/gpg2 may help. -- This E-mail is safe : it isn't using HTML. Use of HTML - within E-mail - is the main contributing factor of the worldwide phishing attacks outburst. daniel AzuelosR.S.S.I. - C.I.S.O. - Institut Pasteur ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
reencrypt emails with another user id
Hi all, maybe a little bit o.t. but I'm looking for the possibility to reencrypt messages inside an imap folder. My situation: I have some emails encrypted with an uid stored on imap and I wan't to reencrypt them with another UID. (The reason: It's encrypted with a uid which resides only on a card - and I wan't to save the mails for secure access in the future if the card get lost). Anybody has an Idea? I looked around and found this tool so far: http://chrislee.dhs.org/projects/imapcrypt.html which is only for encrypting - not for decrypting and reencrypting. Thanks in advance and kind regards Jan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users