Re: Status of original PGP?
On 9/7/22 17:09, Robert J. Hansen via Gnupg-users wrote: On a lark I went looking for the current iteration of PGP. It was bought by Symantec some years ago, and the last I heard they'd renamed it to "Symantec Encryption Desktop". However, Symantec no longer has it available for sale or download, and scouring their site turns up basically nothing. Does anyone know what happened to PGP? Please note: I'm not encouraging anyone to use proprietary, non-free software. My interest in this is purely historical. I'm pretty sure it was discontinued, but I don't have a source for that. -- Shawn K. Quinn http://www.rantroulette.com http://www.skqrecordquest.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Preventing public key upload to key-servers
On 1/28/22 21:43, jonkomer via Gnupg-users wrote: > If an individual that requests his personal information is > removed (i.e., the "right to be forgotten") is EU resident, > GDPR applies regardless of the jurisdiction in which the > information server is located. > > Jon K. If the server is physically in the US, administered by someone residing in the US, is the EU really expecting US courts to enforce EU laws/directives like the GDPR on a US citizen? That's the big issue with a "right to be forgotten" law: every country or almost every country has to be in agreement to enforce it or it's pretty much worthless. -- Shawn K. Quinn http://www.rantroulette.com http://www.skqrecordquest.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Unable to decrypt file copied from USB thumb drive.
On 10/29/21 07:30, Chris Taylor wrote: > Thank you - I will check. > > Almost certainly the hash of my .gpg file will be different after it has > passed through the Thumb Drive. However, no other files on the Thumb > Drive get corrupted. So, my question will probably become how can I > protect my .gpg file when it is moved off my laptop onto other meda? > > Chris. If the hash is changing the file is getting corrupted, even if by only one bit. -- Shawn K. Quinn http://www.rantroulette.com http://www.skqrecordquest.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Random_seed File Locking on NFS File System Across Networks/Domains Hangs
On 4/25/21 08:11, Charlie Salemi via Gnupg-users wrote: > However, this leads to the following questions: what functionality does > the random_seed file provide? Per the documentation I have here: '~/.gnupg/random_seed' A file used to preserve the state of the internal random pool. Now, for me, that begs the question: what does the internal random pool offer that simply using /dev/random (or better yet a quality HWRNG) does not? -- Shawn K. Quinn http://www.rantroulette.com http://www.skqrecordquest.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Revoking a Lost Key
On 2/6/20 09:41, Mark wrote: > These were keys created in the 90s on probably 3 computers ago. I looked > through some old CDs that I had laying around but they didn't have the > saved keys. I don't use these keys anymore and having in over a decade. > In fact the email address and even the entire ISP are long gone now. I > was just thinking if I could revoke them I would but it doesn't look > like that is possible. If the email address is dead, I wouldn't worry about that. I have old keys out there with FidoNet addresses on them, as well as cypherpunk-style remailer keys I forgot to revoke before shutting down the remailer and wiping the system. Stuff happens. -- Shawn K. Quinn http://www.rantroulette.com http://www.skqrecordquest.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Syncing GnuPG data between computers
On 12/31/19 16:46, Steve McKown via Gnupg-users wrote: > I use different computers at different times, either my office computer > or one on-site provided by a customer. > > I want to be able to propagate changes I make to GnuPG on one computer > to other computer I use, without resorting to duplicating the changes > manually. > > I currently only manage one GnuPG identity, and its private key material > is stored on a smart card (Yubikey). So I think I'm only caring about > other's keys, trust relationships, and the like. Move your .gnupg to a thumb drive, symlink .gnupg to its mount point, and move the thumb drive back and forth? You might have to fiddle with permissions/ownership if your numeric uid is different on both of them, or maybe use something like VFAT that doesn't track ownership/permissions for better or worse. This is what I did for my music and my music player's database, I have not tried it with any other software including GnuPG. -- Shawn K. Quinn http://www.rantroulette.com http://www.skqrecordquest.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Washington State Electronic Notary Public endorsements
On 09/17/2018 01:53 PM, C.J. Collier wrote: > In short, GnuPG can now be used to perform notarial acts > <http://app.leg.wa.gov/RCW/default.aspx?cite=42.45.140> in the State of > Washington! Nice work! -- Shawn K. Quinn http://www.rantroulette.com http://www.skqrecordquest.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Upgrading 2.0.20 to 2.2.24
On 06/17/2018 05:20 PM, fe...@crowfix.com wrote: > gpg: encrypted with 2048-bit ELG key, ID 18DCDD20A3362105, created > -mm-dd > "Felix Finch (Scarecrow Repairman) " > gpg: decryption failed: No secret key The format secret keys are stored in changed between 2.0.x and 2.1.x. It is possible that 2.2.x no longer has the code in it to migrate to the new format, in which case you might need to import secring.gpg manually and set the trust to ultimate manually as well. -- Shawn K. Quinn http://www.rantroulette.com http://www.skqrecordquest.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Installing a new version of GnuPG
On 05/29/2018 03:47 AM, franek.wiertara wrote: > Hi, > > A year ago or so, don't remember exactly, I installed GnuPG 2.2.0 from > sources with all required libraries. I donwloaded them from the GnuPG > website and created binaries using standard "./configure && make && make > install". It's turned out I don't have any folder from which I run "make > install", so I cannot run uninstall anything using "make uninstall". Do > you think it is all right if I simply download new version of gnupg and > libraries and simply overwrite on anything that already exists? > > Thanks Back when I ran Slackware and I had to install just about anything of substance this way, this is pretty much what I did. It's far from an optimal way to upgrade software (occasionally, stuff needs to be deleted that's no longer in use) but it got me by until I switched to other GNU/Linux distributions. Most software does not have a "make uninstall" target. That's considered the responsibility of a package manager if you have one. -- Shawn K. Quinn http://www.rantroulette.com http://www.skqrecordquest.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Users GnuPG aims for? (Re: Breaking MIME concatenation)
On 05/17/2018 03:24 AM, Andrew Gallagher wrote: > On 17/05/18 09:11, Bernhard Reiter wrote: >> I agree that technically HTML (with it extensions) is a bad format to serve >> this need. Similiar to PDF. One RTF was an approach Nextstep's mail took >> and that got some adoption, but not enough. Today it would be some very >> simple >> wiki markup language. > > Content-type: text/markdown ;-) Wouldn't Markdown potentially suffer from the same types of problems? Or am I missing something? -- Shawn K. Quinn http://www.rantroulette.com http://www.skqrecordquest.com signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Stupid Symantec
On 03/15/2018 07:58 PM, gn...@raf.org wrote: > yes, luks full disk encryption would be best of course but if > boss says no, ecryptfs file system encryption might be > acceptable. every file in an ecryptfs-mounted file system is > individually encrypted. encrypting their names as well is > optional. and it's easy enough to setup. and i haven't detected > any performance penalty (except when running du, just don't). > and i'm fairly sure ubuntu has this built-in for home directory > encryption but i don't know which versions. It goes back to at least 14.04, probably much farther. I haven't done many fresh installs of the older versions. I did two fresh installs of 12.04, with everything since being upgrades (I only use LTS versions now). -- Shawn K. Quinn http://www.rantroulette.com http://www.skqrecordquest.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Verify that the file is from who I expect it to be from
On 10/26/2017 11:01 PM, Dan Horne wrote: > Yes - that's what my OP meant - Verifying the key. But I'm hoping to > avoid greping the output. What I'd love to do is provide the key I want > verified and for GnuPG to confirm e.g. something like the following > would be fab: > > gpg2 --verify-sign Maybe use gpgv2 instead and put only that one key in the trustedkeys.gpg or trustedkeys.kbx file? -- Shawn K. Quinn http://www.rantroulette.com http://www.skqrecordquest.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: FAQ and GNU
On 10/10/2017 01:46 AM, Robert J. Hansen wrote: >> However, if the GnuPG FAQ is talking about an operating system built >> from the Linux kernel and the GNU userland (coreutils, libc, etc), then >> "GNU/Linux" is not only the respectful term to use, it's the more >> accurate and precise term. > > I disagree. It's a more political term. There is nothing political about giving proper credit to the GNU Project for the operating system (the software which Linux, the kernel, boots into in order to provide a useful system). > With respect to specific distros, we ought use the name the distro > prefers. The Fedora Project releases Fedora, not Fedora GNU/Linux. The > Debian guys release Debian GNU/Linux, not Debian Linux. The people who > set up these distros have given their distros names, and it seems > appropriate to use the names properly. It is as inappropriate to refer > to Debian Linux as it is to refer to Fedora GNU/Linux: in both cases > that's rejecting the community's right to name their distro what they wish. I will happily refer to, for example, Ubuntu GNU/Linux since there is clearly a GNU userland surrounding Linux, the kernel. I feel wrong doing otherwise. > When speaking generically about operating systems using the Linux > kernel, there it seems GNU is also inappropriate. GNU is not an > inseparable part of Linux; we should not promulgate the myth they are. I agree that it is possible to use other userlands (BSD derivatives, or whatever Android is) with Linux, the kernel. However, the vast majority of so-called "Linux distributions" in fact rely on GNU software (most notably GNU coreutils and GNU libc) to function. > In the FAQ, wherever "Linux" is used as a generic descriptor it is in a > context where the presence of GNU utilities is irrelevant. Example: > "there is no single, consistent way to install GnuPG on Linux systems." s/on Linux systems/on systems which boot using Linux, the kernel/ -- Shawn K. Quinn http://www.rantroulette.com http://www.skqrecordquest.com signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Questions about particular use cases (integrity verification w/o private key, add E flag to primary key, import secp256k1 key)
On 08/29/2017 02:14 AM, s7r wrote: > Hi Phil, > Thanks - this is indeed _very_ useful for my use case. I don't think the > second part is a problem since I can particularly request to not set the > `throw-keyids` option, but let's say metadata becomes a problem at a > given point and we decide to use this option, can I tell which recipient > 'should' be able to decrypt a message based only on the encrypted > message format if the `throw-keyids` option was used? No, that's the whole point of throw-keyids. All you're supposed to be able to tell when using that option, is that none of your keys will decrypt the message, so it's not for you. -- Shawn K. Quinn http://www.rantroulette.com http://www.skqrecordquest.com signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg-agent/pinentry: How to verify calling application
On 07/15/2017 09:02 AM, Hartmut Knaack wrote: > Hi, > on my machine running Linux and a recent KDE/Plasma, pinentry-qt > occasionally starts right after logging in and asks for my passphrase. > Is there any way to track down, which process asks gpg-agent for my private > key? Preferably, I would like pinentry to inform, which process actually is > the source of the key request. > Thanks This is a bit of a "duct tape" but you could try: # chmod 000 `which pinentry-qt` then reboot and see what program throws an error (besides GnuPG). Don't forget to change it back when done testing. -- Shawn K. Quinn http://www.rantroulette.com http://www.skqrecordquest.com signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: which program use: gpg or gpgv?
On 07/04/2017 03:40 PM, fuflono--- via Gnupg-users wrote: > -Original Message- > From: fuflono > To: gnupg-users > Sent: Mon, Jul 3, 2017 4:01 pm > Subject: which program use: gpg or gpgv? > > Hi, > my Debian8.8 has the programs about gpg: > > -rwxr-xr-x 1 root root1128700 Sep 3 2016 gpg > -rwxr-xr-x 1 root root 913236 Sep 3 2016 gpg2 > -rwxr-xr-x 1 root root 334260 Sep 3 2016 gpg-agent > -rwxr-xr-x 1 root root 148108 Sep 3 2016 gpgconf > -rwxr-xr-x 1 root root 165508 Sep 3 2016 gpg-connect-agent > -rwxr-xr-x 1 root root 38144 Sep 3 2016 gpgkey2ssh > -rwxr-xr-x 1 root root 25908 Sep 3 2016 gpgparsemail > -rwxr-xr-x 1 root root 59104 Sep 3 2016 gpgsplit > -rwxr-xr-x 1 root root 407820 Sep 3 2016 gpgv > -rwxr-xr-x 1 root root 3303 Sep 3 2016 gpg-zip > > Are they enough or no, for verifying integrity of packages? > > Also is ~/.gnupg > drwx-- 2 user user 4096 Aug 13 2016 private-keys-v1.d #it's empty# > -rw--- 1 user user0 Jun 24 15:34 pubring.gpg > -rw--- 1 user user0 Jun 28 12:45 secring.gpg > -rw--- 1 user user 40 Jun 30 07:19 trustdb.gpg > user@debian:~/.gnupg$ > > And I don;t know which program use: gpg or gpgv? > -- > ~/Downloads/screen-4.5.1$ gpg -vv --verify screen-4.5.1.tar.gz.sig > screen-4.5.1.tar.gz > gpg: armor: BEGIN PGP SIGNATURE > :signature packet: algo 1, keyid 21F968DEF747ABD7 > version 4, created 1488037815, md5len 0, sigclass 0x00 > digest algo 8, begin of digest 2e ec > hashed subpkt 33 len 21 (?) > hashed subpkt 2 len 4 (sig created 2017-02-25) > subpkt 16 len 8 (issuer key ID 21F968DEF747ABD7) > data: [4095 bits] > gpg: Signature made Sat 25 Feb 2017 10:50:15 AM EST using RSA key ID > F747ABD7 > gpg: Can't check signature: public key not found > user@debian:~/Downloads/screen-4.5.1$ > ~/Downloads/screen-4.5.1$ This means you do not have the correct key in pubring.gpg where the main gpg executable is expecting it. As pubring.gpg is a zero byte file, this is entirely to be expected. To fix this, add the appropriate keys. > -- > :~/Downloads/screen-4.5.1$ gpgv -vv screen-4.5.1.tar.gz.sig > gpgv: keyblock resource `/home/user/.gnupg/trustedkeys.gpg': file open error > gpgv: armor: BEGIN PGP SIGNATURE > :signature packet: algo 1, keyid 21F968DEF747ABD7 > version 4, created 1488037815, md5len 0, sigclass 0x00 > digest algo 8, begin of digest 2e ec > hashed subpkt 33 len 21 (?) > hashed subpkt 2 len 4 (sig created 2017-02-25) > subpkt 16 len 8 (issuer key ID 21F968DEF747ABD7) > data: [4095 bits] > gpgv: no signed data > gpgv: can't hash datafile: file open error > user@debian:~/Downloads/screen-4.5.1$ > --- The first line means there is no trustedkeys.gpg keyring. This is the keyring that gpgv uses. Unlike the main gpg program, it assumes everything on that keyring is a valid and fully trustable key. Which one you decide to use to verify packages is ultimately a matter of personal choice. If you wish to keep a separate keyring for the purpose of verifying signatures on certain files such as software releases, then perhaps gpgv is the better choice. If you think that's overkill and you are content with one keyring for both correspondence and signature verification, then the main gpg program will do. Debian itself uses gpgv to verify updates but there is a specific reason for this, that being that the apt and dpkg tools used by most users never need to sign or encrypt anything, only verify signatures. -- Shawn K. Quinn http://www.rantroulette.com http://www.skqrecordquest.com signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users