Re: Is there a “ground-up” explanation of PGP/GnuPG?

[Scott Lambdin]

Hi -

I liked The Code Book, by Simon Singh as a good start.  It covers various
(very various) code topics but it describes the PGP basics in plain talk.
And now I know how an enigma machine works.


On Wed, Nov 30, 2016 at 11:33 AM, Chris  wrote:

> I have asked this on HN[1] as well as Reddit[2] too, but I realised you
> people might be a better audience for the question! (...And it gives me
> a good excuse to subscribe to my first mailing list!) Question below:
>
> Understanding how git works internally "from the ground up" has been
> incredibly helpful in my everyday work; things like blobs, commit
> objects, hashes and how they connect to form the git experience as I
> know it. Where I had been cargo-culting along previously, it all became
> clear once I understood the fundamental model of what was going on
> underneath the interface.
>
> I feel like the same thing could apply to PGP/GnuPG. I am cargo culting
> my way along but I feel like I would feel much, much, much more
> comfortable if I knew how it worked from the ground up.
>
> I have loose ideas of asymmetric cryptography and trust circles and
> such, but nothing concrete to hinge my actions upon, so I mostly try
> different permutations of command line arguments until GPG appears to do
> what I want it to do.
>
> Is there a "from the ground up" good guide to PGP that allows me to
> break out of this pattern?
>
> [1]: https://news.ycombinator.com/item?id=13070261
> [2]: https://www.reddit.com/r/GnuPG/comments/5fpfgy/
> crosspost_from_hn_is_there_a_groundup_explanation/
>
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>



-- 

Eat like you give a damn.  Go vegan.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Gnu PG - Trouble with Make

[Scott Lambdin]

Can you tell from the context which library is missing?

--Scott

On Mon, Aug 8, 2016 at 6:19 AM, James King 
wrote:

> ./configure run in the gnupg-2.0.30 directory returns 'required libraries
> not found', i.e, the GNU portable threads library, which I've downloaded
> from ftp://ftp.gnu.org/gnu/pth/ unpacked, and installed
>
> ./configure
> make
> sudo make install
>
> Aside from "make[2]: Nothing to be done for `install-exec-am'."
>
> Everything appears normal, except ./configure for gnu PG will continue to
> return "library missing"
>
>
> On Mon, Aug 8, 2016 at 2:24 AM, Werner Koch  wrote:
>
>> On Sun,  7 Aug 2016 05:48, james.k...@thegeekgroup.org said:
>> > ./configure runs fine
>>
>> The configure run creates the Makefile(s), look at the output:
>>
>>   [...]
>>   configure: creating ./config.status
>>   config.status: creating m4/Makefile
>>   config.status: creating Makefile
>>   [...]
>>
>> Do you see thse lines or did configure terminate with an error message?
>>
>> > directory contains "Makefile.am" if I rename to Makefile, and run make
>>
>> You can't do that; Makefile.am and Makefile.in are templates ffrom which
>> a Makefile is created by configure.
>>
>>
>> Salam-Shalom,
>>
>>Werner
>>
>> --
>> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
>>  /* Join us at OpenPGP.conf   */
>>
>>
>
>
> --
> James King --
>
> This email may contain confidential and privileged material for the sole
> use of the intended recipient. Any review or distribution by others is
> strictly prohibited. If you are not the intended recipient please contact
> the sender and delete all copies.
>
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>


-- 

Eat like you give a damn.  Go vegan.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: about cartoon in FAQ 10.1. 'Correct, horse! Battery staple!'

[Scott Lambdin]

My boss told me to pick an 8 word sentence and use the initials.  I chose
the my favorite line from my fan fiction:  "Put All Star Ships Where Only
Romulans Dwell"  and he fired me.

On Thu, Dec 24, 2015 at 11:02 AM, Matthias Apitz  wrote:

>
> Hello,
>
> I do not fully understand why some 4 random words like
>
> Correct, horse! Battery staple!
>
> is a better passphrase like, for example
>
> Und allein dieser Mangel und nichts anderes führte zum Tod.
>
> i.e. some phrasing which could be memorized better?
>
> matthias
> --
> Matthias Apitz, ✉ g...@unixarea.de,  http://www.unixarea.de/  ☎
> +49-176-38902045
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>



-- 

Eat like you give a damn.  Go vegan.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: plaintext non-ssl distribution - who things this is a good idea?

[Scott Lambdin]

und bier

On Thu, Sep 10, 2015 at 6:05 PM, Robert J. Hansen 
wrote:

> > Who else thinks someone should spring for the $10 it would take to
> > buy and install an SSL certificate for the principal distribution
> > point of gpg and it's signatures on the worlds most popular
> > platform?
>
> There are many better ways for Werner to spend his time and money.
>
> (Getting an Authenticode certificate, for instance.)
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>



-- 

Eat like you give a damn.  Go vegan.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Key in keyring signed but not valid?

[Scott Lambdin]

Good day:

 --list-sig shows that a certain key is signed by the private
key that signed all the other keys, but still --edit-key shows Validity:
unknown
Does anyone know how that can be?   While investigating, the key in one
keyring later turned to Validity:  Full, seemingly without our issuing
any commands that would have caused it to change.  In another keyring, that
key remains Validty:  Unknown.
--Scott

-- 

Eat like you give a damn.  Go vegan.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Understanding the --refresh-keys output

[Scott Lambdin]

How can I get a report like this without refreshing the keys, please?

gpg: depth: 0  valid:  17  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 17u

On Thu, Jun 16, 2011 at 1:44 PM, David Shaw ds...@jabberwocky.com wrote:

 On Jun 16, 2011, at 10:38 AM, Daniel Kahn Gillmor wrote:

  On 06/16/2011 09:31 AM, David Shaw wrote:
  Line 9 is just a key count.  You have 17 valid keys.  All of them (u)
 are ultimately trusted, which suggests that you have 17 keys that you have
 generated as ultimate trust is generally used for people's own keys.  (If
 you can't trust yourself, who can you trust?)
 
  17 keys is a lot of keys to have generated yourself (though there are
  some circumstances where i'm sure it makes some sort of sense).

 Just 17?  My current GPG test VM used for development:

 gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
 gpg: depth: 0  valid:  154  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 154u

 ;)

 Seriously, though, Daniel is right.  If those 17 keys aren't just endless
 test keys like mine, you might be doing something you didn't intend to.

 David


 ___
 Gnupg-users mailing list
 Gnupg-users@gnupg.org
 http://lists.gnupg.org/mailman/listinfo/gnupg-users




-- 
“Until we have the courage to recognize cruelty for what it is—whether its
victim is human or animal —we cannot expect things to be much better in this
world. We cannot have peace among men whose hearts delight in killing any
living creature.”—Rachel Carson, Silent Spring
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: problem getting gpg to work

[Scott Lambdin]

It sounds like you already know how to unzip them.  Are you asking how to
decrypt them?

Do you have any reason to believe the files were encrypted for a key that
you have in your possession?

gpg --list-packets file

will tell you the key that was used to encrypt.  If you do not have the
private key for it, you are out of luck.

--Scott

On Thu, Jun 2, 2011 at 9:14 AM, Wanda Sprowl wmspr...@austin.rr.com wrote:

  I have a zipped file that I un zipped and then notice the file types are
 gpg.

 I installed the gpg and un tarred it in a different location where the zip
 folder is, does that matter?



 Also, what command do I use to unzip the gpg file ?

 When I ungpg or gz the file I need to be a txt file for importing into
 access.





 Many thanks

 Mary

 ___
 Gnupg-users mailing list
 Gnupg-users@gnupg.org
 http://lists.gnupg.org/mailman/listinfo/gnupg-users




-- 
“Until we have the courage to recognize cruelty for what it is—whether its
victim is human or animal —we cannot expect things to be much better in this
world. We cannot have peace among men whose hearts delight in killing any
living creature.”—Rachel Carson, Silent Spring
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PGP and Smart Cards

[Scott Lambdin]

On Tue, May 10, 2011 at 1:54 PM, Mark H. Wood mw...@iupui.edu wrote:

  The customer is the only one with a compelling
 incentive to change the system.

Why?  Are not the Pay Card companies on the hook for most of the losses?




 --
 Mark H. Wood, Lead System Programmer   mw...@iupui.edu
 Asking whether markets are efficient is like asking whether people are
 smart.

 ___
 Gnupg-users mailing list
 Gnupg-users@gnupg.org
 http://lists.gnupg.org/mailman/listinfo/gnupg-users




-- 
“Until we have the courage to recognize cruelty for what it is—whether its
victim is human or animal —we cannot expect things to be much better in this
world. We cannot have peace among men whose hearts delight in killing any
living creature.”—Rachel Carson, Silent Spring
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: what are the sub keys

[Scott Lambdin]

On Tue, Mar 22, 2011 at 10:19 AM, lists.gn...@mephisto.fastmail.net wrote:

 2. Modern computers are fast, and getting faster all the time; remember
   that your security margin may need to be good not just today, but
   against all the attacks that are possible in the future, for as long
   as your data needs to remain secure (decades, for some people). Once
   upon a time, 1024-bit keys were considered perfectly adequate; most
   experts urge against generating keys today with that strength.

 OMG - This will get Robert going!

--===

Pat the skin dry to avoid chapping.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Question regarding shared keys

[Scott Lambdin]

On Mon, Feb 28, 2011 at 5:38 PM, Denise Schmid chinati...@gmx.ch wrote:

 Thanks all for your help.

 Now, the story gets even more funny: They claim to have used PGP split-key,
 then encrypted the files with a randomized key, then encrypted the key with
 individual keys.

 So far so bad. But now comes the best: They claim that, because one of the
 managers wasn't able to remember his mantra, they decided to _delete_ all
 encrypted data.

 It sounds as if the whole thing is really nothing else but a bogus... Now
 as Vedaal wrote: Best thing that can happen is that they encrypted something
 later...

 But I see support for my opinion that the thing smells :-)

 Thanks again

 Denise



Is this a movie?

-- 
There's a box?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: how to store the public keys in a db?

[Scott Lambdin]

On Tue, Feb 15, 2011 at 3:33 AM, Werner Koch w...@gnupg.org wrote:

  I won't promise anything, though.


 Salam-Shalom,

   Werner

 Gnupg-users mailing list
 Gnupg-users@gnupg.org
 http://lists.gnupg.org/mailman/listinfo/gnupg-users


Would there be a way to have gpg use a database for keys without it being a
particular database?

-- 
There's a box?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Examine a key file

[Scott Lambdin]

Greetings:

 If I have a base 64 exported PGP key, how can I extract the descriptive
data about the key without importing it?

 I just want to see this stuff:

pub   1024D/B00BFACE 2010-10-11
uid  SOMEPLACE sn...@thyservice.com
sub   1024g/6820 2010-10-11

--Scott

-- 
There's a box?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Offtopic: any German speakers who can help translate jokes to English

[Scott Lambdin]

Sie brauchen einen Computer nicht einzuschalten um festzustellen, ob Windows
installiert ist. Sehen Sie einfach nach, ob die Aufschrift auf der
Reset-Taste noch lesbar ist!
If you want to see if a computer has Windows installed, simply see if the
print on the reset button is worn off.

On Tue, Aug 31, 2010 at 10:47 AM, Ted Rolle Jr. ster...@gmail.com wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 It doesn't have to be perfect!  I visit www.spitzenwitze.de and find
 good jokes there.  I don't get some of them because I'm not that
 familiar with colloquial German.  And some don't translate well, if at all.

 Ted
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.10 (GNU/Linux)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

 iQIcBAEBAgAGBQJMfRX6AAoJENEtY9EvFm6JyrQQAKEnKCyoDNG2a+xUgB5K0avZ
 VNzOYm+Qup8q2GPD930Dg3FzcG2zSDKPeyu2gMqQYU90deU2Jy6WUfaCSALQNBHl
 iLNWAgnMZQJO7K09OGlJ+6d7AgyyF4XLMRug4LGbz7r6ltMGhOEfQQSUaUZK0uqR
 3pIDIqJQyITDjx4pW3PzaDPhsCYo/Ch6e+M+rnVU08m/OY7k1ScUzm+0nLpxjtaO
 uBeHMc4kk2txyxOGMfYZfTLLsOdnUXRff5KznR0L8QsoJEGXGe/zY+0vYQkMsjLm
 H30heiuqd45JqQOuvgt4iwgvzpNduzVCy9PdbL6YVY8Dbr2A2u8V1CF/GShEDChA
 iUGgO4VaMUHlsB3vB/I2y0qSqZ+/rDLmErxFnyusfVOtBfXbvQpFllbZZ0JbKFLm
 CGzDf/keuVP2owydSr3usnKfJULtTcReounHfXNouvPu5X1Bp2CZ0S0bBfDuzQVY
 Rguf61Pkp1uYUIqaIeMBSyekdgaBzdC8P7tcnf1bn4iJuYMUUtRxV0xeUGBKXmla
 l+G6Ksl/SlDf1wfOV1Rl2P6/gB0wQ6bZfGYzfNGC47K56WbcKZmVoyv48GWH8voc
 8xAlwz6TdoHHjOWScYKbNP2JDtR0pYOhY6JmZA0CiMy7QdwKP3UfkGiaSPg94k0f
 sBXHczkvKKT4+E/pSjV3
 =OMED
 -END PGP SIGNATURE-

 ___
 Gnupg-users mailing list
 Gnupg-users@gnupg.org
 http://lists.gnupg.org/mailman/listinfo/gnupg-users




-- 
There's a box?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: encryption bloats file

[Scott Lambdin]

The vender told our trading partner their PGP software bloats the file and
that is just the way it is.  I do not understand how the encrypted file (or
the file that contains the encrypted file) can be over twice the size of the
original, when the senders believe they have used compression.

I also wonder why gpg doesn't report whatever extra junk exists in the file.

--Scott

$ gpg --list-packets archive/somefile.061610.081519.pgp
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
:pubkey enc packet: version 3, algo 1, keyid BOOBFACEB00BFACE
data: [2048 bits]
You need a passphrase to unlock the secret key for
user: Bob Lawblaw nac...@woof.gov
2048-bit RSA key, ID B00BFACE, created 1846-17-15
:encrypted data packet:
length: 50160977
gpg: encrypted with 2048-bit RSA key, ID B00BFACE, created 1846-17-15
  Bob Lawblaw nac...@woof.gov
:compressed packet: algo=1
:literal data packet:
mode t (74), created 1509949440, name=BLAH.BLAHBLAH.BLA.BLAHBL,
raw data: 271163905 bytes
gpg: WARNING: message was not integrity protected
$



On Fri, Jan 9, 2009 at 11:49 PM, David Shaw ds...@jabberwocky.com wrote:

  On Fri, Jan 09, 2009 at 10:33:52PM -0500, Scott Lambdin wrote:
  I found a file in rejects, but it may be partial.  It gives us some
  information, though.
 
  The pgp file was 406184088 bytes and unencrypted is 175246253 bytes.
 
  gpg -v -v -o a_file.out -d a_file.pgp
 
  gpg: armor: BEGIN PGP MESSAGE
  gpg: armor header: Version: McAfee E-Business Server v7.5 - Full License
  :pubkey enc packet: version 3, algo 1, keyid 123456789012345
  data: [2047 bits]
  gpg: public key is ABCD1234
  You need a passphrase to unlock the secret key for
  user: Janeane Garofalo j...@thyservice.com
  2048-bit RSA key, ID ABCD4321
 
  gpg: public key encrypted data: good DEK
  :encrypted data packet:
  length: 42097820
  gpg: encrypted with 2048-bit RSA key, ID ABCD4321
  gpg: IDEA encrypted data
  :compressed packet: algo=1
  :literal data packet:
  mode t (74), created 1509949440, name=file-100-1,
  raw data: 227869810 bytes
  gpg: original file name=file100
  gpg: no valid OpenPGP data found.
  gpg: fatal: zlib inflate problem: invalid block type
  secmem usage: 2208/4704 bytes in 5/15 blocks of pool 4960/32768

 That's helpful, as it indicates that the file was corrupt.  This could
 explain why an encrypted file is so much larger than the decrypted
 file - the decrypted file is truncated because the decryption failed
 partway through.  Of course, that could just be this rejected file.

 Can you check if your real file has some non-OpenPGP cruft glued to
 the end of it?

 David

 ___
 Gnupg-users mailing list
 Gnupg-users@gnupg.org
 http://lists.gnupg.org/mailman/listinfo/gnupg-users




-- 
There's a box?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: encryption bloats file

[Scott Lambdin]

No Sir.  The files compress well. They compress to the same size as the
packet reported by --list-packets.   Ascii armor did what a previous poster
predicted, growing the file by about 1/3.

here is what should happen:

270Mbyte text file = compressed to 50 Mbyte = X 1.38 yielding 69Mbytes to
go over the network.

But for some reason, McA... er I mean the vender PGP does:

270Mbyte text file = 671MB to choke the network

That should be unheard of.

--Scott

On Thu, Jun 17, 2010 at 7:21 PM, Robert J. Hansen r...@sixdemonbag.orgwrote:

 On 6/17/2010 2:16 PM, Scott Lambdin wrote:
  The vender told our trading partner their PGP software bloats the file
  and that is just the way it is.  I do not understand how the encrypted
  file (or the file that contains the encrypted file) can be over twice
  the size of the original, when the senders believe they have used
  compression.

 This is not unheard of.

 First, compression only works when the data hasn't already been
 compressed.  Many data formats (.jpgs, .pdfs, etc.) incorporate
 compression, and so cannot be further reduced.

 Second, if the sender is using ASCII armoring for their message, that
 will result in an enormous increase in file size.  (On the plus side, it
 means the message is a text message, which is more convenient for some
 purposes.)


 ___
 Gnupg-users mailing list
 Gnupg-users@gnupg.org
 http://lists.gnupg.org/mailman/listinfo/gnupg-users




-- 
There's a box?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Help with decrypting gpg file

[Scott Lambdin]

Is input.pgp a test file that you created?  There is an attack that involves
inserting a small section of unencrypted garbage in the file.

 Sometimes

gpg --list-packets input.pgp

can give clues.

On Mon, Aug 24, 2009 at 6:28 PM, John Betz jb...@infimark.com wrote:

  I was hoping to get some help with decrypting an archived file. I am
 using the following command:





 echo “passphrase”| gpg --passphrase-fd 0 -o output.txt -d input.pgp





 The output file is created with no problem, however, there is garbage in
 the first record. If I rename the file (or create it) with a .zip extension
 and try to open it with WinZip it does not recognize the file as an archive
 file. When I do the same operation with PGP there is no problem.



 I have scoured the documentation looking for the correct command or option
 for indicating to gpg that the file is an archive file, but no to no avail.
 Any help I can get with this would be appreciated.



 Thanks,



 John Betz

 (office) 703-490-3227

 (cell) 703-304-2536



 ___
 Gnupg-users mailing list
 Gnupg-users@gnupg.org
 http://lists.gnupg.org/mailman/listinfo/gnupg-users




-- 
There's a box?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Paperkey question

[Scott Lambdin]

The black helicopters can read the paper copies in your house with
microwaves.


On 2/9/09, David Shaw ds...@jabberwocky.com wrote:

 You can't take a public key and just attach the blob to the end.  A
 secret key is made up of secret key packets.  You need to convert your
 individual public key packets to secret key packets.  Split the public
 key into packets, convert the individual packets, then reassemble the
 key.

 Run paperkey --file-format and it will print out some pointers on
 how to do this.


 On Feb 9, 2009, at 9:44 AM, i...@ushills.co.uk wrote:

 One you have split your key with gpgsplit do you just then add the relevant
 secret key packets to each key part and then cat them back together.


 Please stop top-posting.

 Next, you switch the type of each packet from public to secret (i.e. change
 tag 6 to 5, or 14 to 7 for subkeys).  Then cat them all back together again.


 David


 ___
 Gnupg-users mailing list
 Gnupg-users@gnupg.org
 http://lists.gnupg.org/mailman/listinfo/gnupg-users




-- 
There's a box?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg: failed to create temporary file

[Scott Lambdin]

Does your BPEL call a shell that understands ~?

2009/2/3 lee_an...@bellsouth.net

  GNUPGHOME = /opt/oracle/.gnupg

 -- Original message from David Shaw ds...@jabberwocky.com:
 --


  On Tue, Feb 03, 2009 at 08:28:49PM +, lee_an...@bellsouth.net wrote:

   Good Afternoon,
I am currently trying to decrypt a file through an automated process
 that is called by a webservice called BPEL. Now in my development
 environment it works
  great but in my test enviroment I receive the following errors:
Error string = gpg: failed to create temporary file
  `~/.gnupg/.#lk0x552ac57230.tst-dataexch.19415': No such file or directory

  
   or
Error string = gpg: failed to create temporary file
 `~/.gnupg/.#lk0x552ac57230.tst-dataexch.19127': No such file or directory
 gpg: fatal: ~/.gnupg: can't create directory: No such file or directory
 secmem usage:
  0/0 bytes in 0/0 blocks of pool 0/32768
  
   My system admin and I did the following troublshooting steps:  The
 application runs as the user oracle and in the oracle profile there
  /.gnupg does exist in its home directory  We open up permissions on the
 /.gnupg directory to 777 but received the same
  issues.
   We then found that my dev and test environment were different, Dev is
 running
  red hat 5.0 and test red hat 4.7, so the gpg versions were different. On
 the
  dev GPG version is 1.4.5 and the test is 1.2.6.
   We've upgraded the version in the test environment to 1.4.5 the same as
 Dev.
  But I produce the same results.
   I am able to decrypt the file manually by typing in the command but not

  throught the application.
   We also added GNUPGHOME in the oracle user bash profile but still no
 luck.
 
  What is GNUPGHOME set to? Is it fully qualified or is there a ~ in
  there?
 
  David
 
  ___
  Gnupg-users mailing list
  Gnupg-users@gnupg.org
  http://lists.gnupg.org/mailman/listinfo/gnupg-users


 ___
 Gnupg-users mailing list
 Gnupg-users@gnupg.org
 http://lists.gnupg.org/mailman/listinfo/gnupg-users




-- 
There's a box?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

encryption bloats file

[Scott Lambdin]

Hello -

Someone sends us a big ~700MB pgp encrypted file and when we decrypt it the
resulting file is about half that size.  Anyone have an idea what they might
be doing to swell it up like that?

-- 
There's a box?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: encryption bloats file

[Scott Lambdin]

Thanks for the offer but I would be put in Guantanamo bay if I did that.
^_^

On Fri, Jan 9, 2009 at 5:45 PM, David Shaw ds...@jabberwocky.com wrote:

  On Fri, Jan 09, 2009 at 03:33:05PM -0500, Scott Lambdin wrote:
  Hello -
 
  Someone sends us a big ~700MB pgp encrypted file and when we decrypt it
 the
  resulting file is about half that size.  Anyone have an idea what they
 might
  be doing to swell it up like that?

 Most OpenPGP programs compress files before they are encrypted.  Some
 files (for example, already compressed files) are poison to
 compression and actually get bigger.  Doubling in size, however, is
 not likely.  In any event, you don't say that program generated this
 file, but at least GPG detects common forms of already-compressed data
 and will not attempt to compress it further.

 If you can send me such an encrypted file (my key is 99242560) I will
 look at it and see what is going on.

 David

 ___
 Gnupg-users mailing list
 Gnupg-users@gnupg.org
 http://lists.gnupg.org/mailman/listinfo/gnupg-users




-- 
There's a box?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: encryption bloats file

[Scott Lambdin]

Yes, even with compression disabled, my test files were about the same size
encrypted or not.

Oh!  armored?   will test.

On Fri, Jan 9, 2009 at 5:15 PM, Faramir faramir...@gmail.com wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Hello!

 Scott Lambdin escribió:
 ...
  Someone sends us a big ~700MB pgp encrypted file and when we decrypt it
  the resulting file is about half that size.  Anyone have an idea what
  they might be doing to swell it up like that?

  That sounds weird... GPG is supposed to compress the files before
 encrypting them, IIRC...

  Best Regards
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.9 (MingW32)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

 iQEcBAEBCAAGBQJJZ8yFAAoJEMV4f6PvczxAA30H/3d26oUhHP0ecGOcEaZI/7I9
 Urq373GhpHlxvlf9Tj+Akc/qex8l7uMJ6bGap2dX6rXah5oFV681ceJZIf9LYt3Y
 +Ej/uEGuipq+25cWc4484SfQu6J6k29dhnwVv4E3Zr2+9Wm4d9eVYnpH70lKmbNc
 xOZ+fEKT8vlu9oM6e9viZEbpmkxgzNKJDC+/mLdxeDC7AAl9PM8x8Md+G07WGutO
 BO4CAg9Wx3xCPIRXwL9tftpl5wqtZmpJvsCxAKeG7QCjrd8yU2LoRr9IxJGV45gb
 0vZo/QXHfIrRb3HedZKVW+6Xp+MJxr6TIfVr+UVbyLwQmUurKF4Rw2HuNRZuZbg=
 =oKi3
 -END PGP SIGNATURE-

 ___
 Gnupg-users mailing list
 Gnupg-users@gnupg.org
 http://lists.gnupg.org/mailman/listinfo/gnupg-users




-- 
There's a box?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: encryption bloats file

[Scott Lambdin]

--armor option swells it up some but doesn't double it.

gpg -r B00BFACE --armor -e -z 0 vshell2.txt

43261322 Mar  6  2008 vshell2.txt
58583901 Jan  9 14:40 vshell2.txt.asc


On Fri, Jan 9, 2009 at 5:36 PM, Scott Lambdin lop...@gmail.com wrote:

 Yes, even with compression disabled, my test files were about the same size
 encrypted or not.

 Oh!  armored?   will test.

   On Fri, Jan 9, 2009 at 5:15 PM, Faramir faramir...@gmail.com wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Hello!

 Scott Lambdin escribió:
 ...
  Someone sends us a big ~700MB pgp encrypted file and when we decrypt it
  the resulting file is about half that size.  Anyone have an idea what
  they might be doing to swell it up like that?

  That sounds weird... GPG is supposed to compress the files before
 encrypting them, IIRC...

  Best Regards
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.9 (MingW32)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

 iQEcBAEBCAAGBQJJZ8yFAAoJEMV4f6PvczxAA30H/3d26oUhHP0ecGOcEaZI/7I9
 Urq373GhpHlxvlf9Tj+Akc/qex8l7uMJ6bGap2dX6rXah5oFV681ceJZIf9LYt3Y
 +Ej/uEGuipq+25cWc4484SfQu6J6k29dhnwVv4E3Zr2+9Wm4d9eVYnpH70lKmbNc
 xOZ+fEKT8vlu9oM6e9viZEbpmkxgzNKJDC+/mLdxeDC7AAl9PM8x8Md+G07WGutO
 BO4CAg9Wx3xCPIRXwL9tftpl5wqtZmpJvsCxAKeG7QCjrd8yU2LoRr9IxJGV45gb
 0vZo/QXHfIrRb3HedZKVW+6Xp+MJxr6TIfVr+UVbyLwQmUurKF4Rw2HuNRZuZbg=
 =oKi3
 -END PGP SIGNATURE-

 ___
 Gnupg-users mailing list
 Gnupg-users@gnupg.org
 http://lists.gnupg.org/mailman/listinfo/gnupg-users




 --
 There's a box?




-- 
There's a box?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: encryption bloats file

[Scott Lambdin]

It looks like all digits and capital letters.  And some kind of spaces or
tabs.   It's not a bomb.  These file come in routinely.  All the ones I have
looked at (ftp'd size vs the unencrypted file sitting in archive) are right
about 2-to-1.

To get a still encrypted file, I would have to file a request to modify a
script and at least 3 groups would have to approve the request.  And I would
have to wait at least 1 week before I actually made the change.  I remember
freedom. . . . .

Thanks.

On Fri, Jan 9, 2009 at 7:50 PM, David Shaw ds...@jabberwocky.com wrote:

 On Jan 9, 2009, at 7:07 PM, Robert J. Hansen wrote:

 Scott Lambdin wrote:

 Someone sends us a big ~700MB pgp encrypted file and when we decrypt it
 the resulting file is about half that size.  Anyone have an idea what
 they might be doing to swell it up like that?


 Option 1: they're not using compression and they're ASCII-armoring the
 file.  You can expect to see a large size swell.


 Not double.  By definition ASCII armor is around 1/3 larger (actually 137%)
 than the original document (not counting headers and such, but they only
 amount to a few hundred bytes, not megs).

 Option 2: they're sending a file that's carefully crafted to blow up.
 I've seen a ridiculously tiny zip archive (a couple of K) that expands
 into hundreds of terabytes.  There are sixteen zip archives in that zip
 archive, each zip archive expands into another sixteen zip archives,
 each of those zip archives expands into several gigs of zeros, etc., etc.


 Other way around - the original file was ~700MB.  The decrypted file was
 ~350MB.

 Incidentally, GPG has code to deal with the potential denial of service
 from a bzip bomb like you mention.  See the --max-output option.

 Scott, do you know what OpenPGP program created the file that was sent to
 you?  Can you tell us what sort of data it it?  (text?  binary?  image file?
 (if so, jpeg?  mpeg? other?)   Also please try decrypting the file again and
 add -v -v to the command line.  Please send us anything you can that isn't
 sensitive (specifically the compressed packet algo number, and the raw data
 size and mode from the literal data packet).

 David




-- 
There's a box?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: encryption bloats file

[Scott Lambdin]

I found a file in rejects, but it may be partial.  It gives us some
information, though.

The pgp file was 406184088 bytes and unencrypted is 175246253 bytes.

gpg -v -v -o a_file.out -d a_file.pgp

gpg: armor: BEGIN PGP MESSAGE
gpg: armor header: Version: McAfee E-Business Server v7.5 - Full License
:pubkey enc packet: version 3, algo 1, keyid 123456789012345
data: [2047 bits]
gpg: public key is ABCD1234
You need a passphrase to unlock the secret key for
user: Janeane Garofalo j...@thyservice.com
2048-bit RSA key, ID ABCD4321

gpg: public key encrypted data: good DEK
:encrypted data packet:
length: 42097820
gpg: encrypted with 2048-bit RSA key, ID ABCD4321
gpg: IDEA encrypted data
:compressed packet: algo=1
:literal data packet:
mode t (74), created 1509949440, name=file-100-1,
raw data: 227869810 bytes
gpg: original file name=file100
gpg: no valid OpenPGP data found.
gpg: fatal: zlib inflate problem: invalid block type
secmem usage: 2208/4704 bytes in 5/15 blocks of pool 4960/32768

On Fri, Jan 9, 2009 at 10:02 PM, Roscoe eoc...@gmail.com wrote:

 Dunno how likely it is, but maybe someone made an attempt at hiding
 the size of the file in transit via appending arbitrary data.

 2009/1/10 Scott Lambdin lop...@gmail.com:
   Hello -
 
  Someone sends us a big ~700MB pgp encrypted file and when we decrypt it
 the
  resulting file is about half that size.  Anyone have an idea what they
 might
  be doing to swell it up like that?
 
  --
  There's a box?
 
   ___
  Gnupg-users mailing list
  Gnupg-users@gnupg.org
  http://lists.gnupg.org/mailman/listinfo/gnupg-users
 
 




-- 
There's a box?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: encryption bloats file

[Scott Lambdin]

Looks like Roscoe got it.   literal data block that makes up the
difference.  Thanks everyone.

Now to see if there is some reason for it.

--Scott

On Fri, Jan 9, 2009 at 10:33 PM, Scott Lambdin lop...@gmail.com wrote:

 I found a file in rejects, but it may be partial.  It gives us some
 information, though.

 The pgp file was 406184088 bytes and unencrypted is 175246253 bytes.

 gpg -v -v -o a_file.out -d a_file.pgp

 gpg: armor: BEGIN PGP MESSAGE
 gpg: armor header: Version: McAfee E-Business Server v7.5 - Full License
 :pubkey enc packet: version 3, algo 1, keyid 123456789012345
 data: [2047 bits]
 gpg: public key is ABCD1234
 You need a passphrase to unlock the secret key for
 user: Janeane Garofalo j...@thyservice.com
 2048-bit RSA key, ID ABCD4321

 gpg: public key encrypted data: good DEK
 :encrypted data packet:
 length: 42097820
 gpg: encrypted with 2048-bit RSA key, ID ABCD4321
 gpg: IDEA encrypted data
 :compressed packet: algo=1
 :literal data packet:
 mode t (74), created 1509949440, name=file-100-1,
 raw data: 227869810 bytes
 gpg: original file name=file100
 gpg: no valid OpenPGP data found.
 gpg: fatal: zlib inflate problem: invalid block type
 secmem usage: 2208/4704 bytes in 5/15 blocks of pool 4960/32768

   On Fri, Jan 9, 2009 at 10:02 PM, Roscoe eoc...@gmail.com wrote:

 Dunno how likely it is, but maybe someone made an attempt at hiding
 the size of the file in transit via appending arbitrary data.

 2009/1/10 Scott Lambdin lop...@gmail.com:
   Hello -
 
  Someone sends us a big ~700MB pgp encrypted file and when we decrypt it
 the
  resulting file is about half that size.  Anyone have an idea what they
 might
  be doing to swell it up like that?
 
  --
  There's a box?
 
   ___
  Gnupg-users mailing list
  Gnupg-users@gnupg.org
  http://lists.gnupg.org/mailman/listinfo/gnupg-users
 
 




 --
 There's a box?




-- 
There's a box?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: appending to gpg file?

[Scott Lambdin]

Yes:  Sponge Bob Squarepants  is guaranteed to not occur in encrypted
file.

2008/11/17 David Kennedy [EMAIL PROTECTED]

 Is there a safe ascii delimiter i could use between messages in one file,
 then? Maybe insert a delimited 'line break' of sorts, parse out individual
 gpg messsages, and decrypt each piece?

 Thanks for the brainstorm..

 On Mon, Nov 17, 2008 at 1:07 PM, David Shaw [EMAIL PROTECTED] wrote:


 Not really.  You can do this as a running append (i.e. keep a file
 descriptor open to your gpg process and keep pushing data at it),
 which would create one large file.  You can't do it with '' as that
 creates multiple OpenPGP messages in a single file, which is not
 required to be supported by an OpenPGP client.

 David

 ___
 Gnupg-users mailing list
 Gnupg-users@gnupg.org
 http://lists.gnupg.org/mailman/listinfo/gnupg-users



 ___
 Gnupg-users mailing list
 Gnupg-users@gnupg.org
 http://lists.gnupg.org/mailman/listinfo/gnupg-users




-- 
There's a box?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Compile without libiconv or libintl on Solaris

[Scott Lambdin]

Hello -

Has anyone been able to compile 1.4.8 or 1.4.9 on Solaris without iconv or
intl?  The only way I have been able to do it is with --enable-minimal and
that disables too much.  Or am I going to have to really learn Makefiles?

Thanks,

--Scott

-- 
CILCIL
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Compile without libiconv or libintl on Solaris

[Scott Lambdin]

If I do a config like this, and ldd the resulting gpg binary, it still needs
libiconv and libintl.


./configure --prefix=/place/gnupg-1.4.8 --without-readline
--disable-gnupg-iconv --without-intl --without-iconv

I've tried a few variations on this.



I would like to compile statically but that fails to compile.  OMG I just
ran a static compile to get the error and it worked.  Someone sacrificed a
cat somewhere or something.  Well, my question mave have become a lot less
urgent.






On 5/6/08, David Shaw [EMAIL PROTECTED] wrote:

 On Tue, May 06, 2008 at 01:26:44PM -0400, Scott Lambdin wrote:
  Hello -
 
  Has anyone been able to compile 1.4.8 or 1.4.9 on Solaris without iconv
 or
  intl?  The only way I have been able to do it is with --enable-minimal
 and
  that disables too much.  Or am I going to have to really learn Makefiles?

 Can you post what happens when you try?  Where does it fail?

 David

 ___
 Gnupg-users mailing list
 Gnupg-users@gnupg.org
 http://lists.gnupg.org/mailman/listinfo/gnupg-users




-- 
CILCIL
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Compile without libiconv or libintl on Solaris

[Scott Lambdin]

No, I had that pesky --enable-minimal in the configure command.  It can
compile statically with that.  here is the error I get otherwise:

/usr/local/bin/gcc  -g -O2 -Wall  --static -o gpg gpg.o build-packet.o
compress.o compress-bz2.o free-packet.o getkey.o keydb.o keyring.o seskey.o
kbnode.o mainproc.o armor.o mdfilter.o textfilter.o progress.o misc.o
openfile.o keyid.o parse-packet.o status.o plaintext.o sig-check.o keylist.o
signal.opkclist.o skclist.o pubkey-enc.o passphrase.o seckey-cert.o
encr-data.o cipher.o encode.o sign.o verify.o revoke.o decrypt.o keyedit.o
dearmor.o import.o export.o trustdb.o tdbdump.o tdbio.o delkey.o keygen.o
pipemode.o helptext.o keyserver.o photoid.o exec.o ../cipher/libcipher.a
../mpi/libmpi.a ../util/libutil.a   ../intl/libintl.a../zlib/libzlib.a
-lbz2-lsocket
Undefined   first referenced
 symbol in file
endnetconfig/usr/lib/libsocket.a(_soutil.o)
setnetconfig/usr/lib/libsocket.a(_soutil.o)
getnetconfig/usr/lib/libsocket.a(_soutil.o)
ld: fatal: Symbol referencing errors. No output written to gpg
collect2: ld returned 1 exit status
make[2]: *** [gpg] Error 1
make[2]: Leaving directory `/usr/local/src/gnupg-1.4.8/g10'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/usr/local/src/gnupg-1.4.8'
make: *** [all] Error 2

I see other folks having this problem but no fix worked for me.


On 5/6/08, Scott Lambdin [EMAIL PROTECTED] wrote:

 If I do a config like this, and ldd the resulting gpg binary, it still
 needs libiconv and libintl.


 ./configure --prefix=/place/gnupg-1.4.8 --without-readline
 --disable-gnupg-iconv --without-intl --without-iconv

 I've tried a few variations on this.



 I would like to compile statically but that fails to compile.  OMG I just
 ran a static compile to get the error and it worked.  Someone sacrificed a
 cat somewhere or something.  Well, my question mave have become a lot less
 urgent.






  On 5/6/08, David Shaw [EMAIL PROTECTED] wrote:

 On Tue, May 06, 2008 at 01:26:44PM -0400, Scott Lambdin wrote:
  Hello -
 
  Has anyone been able to compile 1.4.8 or 1.4.9 on Solaris without iconv
 or
  intl?  The only way I have been able to do it is with --enable-minimal
 and
  that disables too much.  Or am I going to have to really learn
 Makefiles?

 Can you post what happens when you try?  Where does it fail?

 David

 ___
 Gnupg-users mailing list
 Gnupg-users@gnupg.org
 http://lists.gnupg.org/mailman/listinfo/gnupg-users




 --
 CILCIL




-- 
CILCIL
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Compile without libiconv or libintl on Solaris

[Scott Lambdin]

Okay, I disabled a slew of stuff and was able to build statically.

--disable-card-support --disable-agent-support --disable-gnupg-iconv
--disable-photo-viewers
--disable-keyserver-helpers --disable-ldap --disable-hkp --disable-finger
--disable-generic  --disable-keyserver-path --disable-dns-srv
--disable-dns-pka --disable-dns-cert --enable-threads=solaris

Of course, now I have to test the heck out of it.



On 5/6/08, Scott Lambdin [EMAIL PROTECTED] wrote:


 Thanks but same error.   Yes, I showed that same link to our sysadmin and
 he said do it anyway.

 You know, we just run gpg in batch mode on files.  We don't need no stinkin
 sockets.  Let's make the sockets go away!


 On 5/6/08, David Shaw [EMAIL PROTECTED] wrote:

 On Tue, May 06, 2008 at 03:50:29PM -0400, Scott Lambdin wrote:
  No, I had that pesky --enable-minimal in the configure command.  It can
  compile statically with that.  here is the error I get otherwise:
 
  /usr/local/bin/gcc  -g -O2 -Wall  --static -o gpg gpg.o build-packet.o
  compress.o compress-bz2.o free-packet.o getkey.o keydb.o keyring.o
 seskey.o
  kbnode.o mainproc.o armor.o mdfilter.o textfilter.o progress.o misc.o
  openfile.o keyid.o parse-packet.o status.o plaintext.o sig-check.o
 keylist.o
  signal.opkclist.o skclist.o pubkey-enc.o passphrase.o seckey-cert.o
  encr-data.o cipher.o encode.o sign.o verify.o revoke.o decrypt.o
 keyedit.o
  dearmor.o import.o export.o trustdb.o tdbdump.o tdbio.o delkey.o
 keygen.o
  pipemode.o helptext.o keyserver.o photoid.o exec.o ../cipher/libcipher.a
  ../mpi/libmpi.a ../util/libutil.a
 ../intl/libintl.a../zlib/libzlib.a
  -lbz2-lsocket
  Undefined   first referenced
   symbol in file
  endnetconfig/usr/lib/libsocket.a(_soutil.o)
  setnetconfig/usr/lib/libsocket.a(_soutil.o)
  getnetconfig/usr/lib/libsocket.a(_soutil.o)
  ld: fatal: Symbol referencing errors. No output written to gpg
  collect2: ld returned 1 exit status

 Sun doesn't really approve of static linking on Solaris:

 http://www.sun.com/bigadmin/content/misc/solaris2faq.html#q6.24

 That said, what happens if you do this:

 NETLIBS=-lnsl ./configure

 David

 ___
 Gnupg-users mailing list
 Gnupg-users@gnupg.org
 http://lists.gnupg.org/mailman/listinfo/gnupg-users




 --
 CILCIL




-- 
CILCIL
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Compile without libiconv or libintl on Solaris

[Scott Lambdin]

Thanks but same error.   Yes, I showed that same link to our sysadmin and he
said do it anyway.

You know, we just run gpg in batch mode on files.  We don't need no stinkin
sockets.  Let's make the sockets go away!


On 5/6/08, David Shaw [EMAIL PROTECTED] wrote:

 On Tue, May 06, 2008 at 03:50:29PM -0400, Scott Lambdin wrote:
  No, I had that pesky --enable-minimal in the configure command.  It can
  compile statically with that.  here is the error I get otherwise:
 
  /usr/local/bin/gcc  -g -O2 -Wall  --static -o gpg gpg.o build-packet.o
  compress.o compress-bz2.o free-packet.o getkey.o keydb.o keyring.o
 seskey.o
  kbnode.o mainproc.o armor.o mdfilter.o textfilter.o progress.o misc.o
  openfile.o keyid.o parse-packet.o status.o plaintext.o sig-check.o
 keylist.o
  signal.opkclist.o skclist.o pubkey-enc.o passphrase.o seckey-cert.o
  encr-data.o cipher.o encode.o sign.o verify.o revoke.o decrypt.o
 keyedit.o
  dearmor.o import.o export.o trustdb.o tdbdump.o tdbio.o delkey.o keygen.o
  pipemode.o helptext.o keyserver.o photoid.o exec.o ../cipher/libcipher.a
  ../mpi/libmpi.a ../util/libutil.a
 ../intl/libintl.a../zlib/libzlib.a
  -lbz2-lsocket
  Undefined   first referenced
   symbol in file
  endnetconfig/usr/lib/libsocket.a(_soutil.o)
  setnetconfig/usr/lib/libsocket.a(_soutil.o)
  getnetconfig/usr/lib/libsocket.a(_soutil.o)
  ld: fatal: Symbol referencing errors. No output written to gpg
  collect2: ld returned 1 exit status

 Sun doesn't really approve of static linking on Solaris:

 http://www.sun.com/bigadmin/content/misc/solaris2faq.html#q6.24

 That said, what happens if you do this:

 NETLIBS=-lnsl ./configure

 David

 ___
 Gnupg-users mailing list
 Gnupg-users@gnupg.org
 http://lists.gnupg.org/mailman/listinfo/gnupg-users




-- 
CILCIL
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users