Re: kmail and encrypted mails

2019-05-18 Thread Andrei POPESCU 
On Ma, 25 dec 18, 11:52:53, Nicolas George wrote:
> Katnip (2018-12-25):
> > you could try using protonmail which has pgp, it's free to start with.
> 
> The problem is not the software, changing it will not help.

In this particular case it would, since ProtonMail is a webmail and app 
with built-in GPG encryption, which will automatically generate a pair 
of keys for you.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: kmail and encrypted mails

2018-12-26 Thread rhkramer 
On Wednesday, December 26, 2018 08:45:52 AM Nicolas George wrote:
> Carl (2018-12-26):
> > OK, I literally own nitpicking.com and I wouldn't be making such
> > a big deal about the meaning of "based on."
> 
> You should: it is a legal matter, where words have a very minute
> meaning.

It would be a sad commentary on our (are you in the US?) or any legal system 
if the meaning of "based on" could not be appropriately clarified by either a 
lawyer or a citizen.

And, I'm not sure where to find the legal definition of based on -- maybe a 
dictionary?

   * [[https://dictionary.cambridge.org/dictionary/english/base-sth-on-sth]]
`
base sth on sth
— phrasal verb with base uk ​ /beɪs/ us ​ /beɪs/ verb [ T usually + adv/prep ]

B1 If you base something on facts or ideas, you use those facts or ideas to 
develop it: 
'

> 
> >Just say "When I wrote 'based
> > 
> > on' I meant 'based on the same code base.'" and move on.
> 
> Sure: then I confirm: no, it is not.
> 
> Regards,

Re: kmail and encrypted mails

2018-12-26 Thread Curt 
On 2018-12-26, Carl  wrote:
> On 12/26/18 12:00 AM, John Hasler wrote:
>> rhkramer writes:
>>> Well, it could have been "based" (or inspired, or similar) based on
>>> PGP even if it was newly written code.  (And my guess / recollection
>>> from that time is that it was so "based" / inspired / whatever -- very
>>> similar functionality.)
>> It was inspired by PGP and designed to be compatible.  It could not have
>> been based on PGP because the latter was not Open Source.  There is no
>> common code.
>
> OK, I literally own nitpicking.com and I wouldn't be making such
> a big deal about the meaning of "based on." Just say "When I wrote 'based
> on' I meant 'based on the same code base.'" and move on.

That's what he did say (you seem to have nitpicked yourself into a support
of the adverse argument).

Re: kmail and encrypted mails

2018-12-26 Thread Nicolas George 
Carl (2018-12-26):
> OK, I literally own nitpicking.com and I wouldn't be making such
> a big deal about the meaning of "based on."

You should: it is a legal matter, where words have a very minute
meaning.

>  Just say "When I wrote 'based
> on' I meant 'based on the same code base.'" and move on.

Sure: then I confirm: no, it is not.

Regards,

-- 
  Nicolas George


signature.asc
Description: Digital signature

Re: kmail and encrypted mails

2018-12-26 Thread rhkramer 
On Wednesday, December 26, 2018 07:05:02 AM Carl wrote:
> On 12/26/18 12:00 AM, John Hasler wrote:
> > rhkramer writes:
> >> Well, it could have been "based" (or inspired, or similar) based on
> >> PGP even if it was newly written code.  (And my guess / recollection
> >> from that time is that it was so "based" / inspired / whatever -- very
> >> similar functionality.)
> > 
> > It was inspired by PGP and designed to be compatible.  It could not have
> > been based on PGP because the latter was not Open Source.  There is no
> > common code.
> 
> OK, I literally own nitpicking.com and I wouldn't be making such
> a big deal about the meaning of "based on." Just say "When I wrote 'based
> on' I meant 'based on the same code base.'" and move on.

Thank you!

Re: kmail and encrypted mails

2018-12-26 Thread Carl 

On 12/26/18 12:00 AM, John Hasler wrote:

rhkramer writes:

Well, it could have been "based" (or inspired, or similar) based on
PGP even if it was newly written code.  (And my guess / recollection
from that time is that it was so "based" / inspired / whatever -- very
similar functionality.)

It was inspired by PGP and designed to be compatible.  It could not have
been based on PGP because the latter was not Open Source.  There is no
common code.


OK, I literally own nitpicking.com and I wouldn't be making such
a big deal about the meaning of "based on." Just say "When I wrote 'based
on' I meant 'based on the same code base.'" and move on.
--
Carl Fink
c...@finknetwork.com

Re: kmail and encrypted mails

2018-12-25 Thread John Hasler 
rhkramer writes:
> Well, it could have been "based" (or inspired, or similar) based on
> PGP even if it was newly written code.  (And my guess / recollection
> from that time is that it was so "based" / inspired / whatever -- very
> similar functionality.)

It was inspired by PGP and designed to be compatible.  It could not have
been based on PGP because the latter was not Open Source.  There is no
common code.
-- 
John Hasler 
jhas...@newsguy.com
Elmwood, WI USA

Re: kmail and encrypted mails

2018-12-25 Thread Carl Fink 

On 12/25/18 7:12 PM, Gene Heskett wrote:

After reading thru the *available* info, starting with Wikipedia, one
thing stands out, and perhaps explains your insistence that it never
happened, and thats the 4+ years of total silence on the subject from
its initial release in 1991, to 1996 when the announcement that the
case had been dropped was made. Not a single dot over an i is
recorded and visible during that time frame. This obviously is why
you won't accept the evidence otherwise from the now truly ancient
Amiga mailing lists (if they even exist as an archive today, I don't
know and don't have a quarter to call anyone else who might care)
where many megabytes of information about the case was recorded,
as was his arrest and jailing. Another possible source of
contradicting info was that a couple of the Amiga magazines of the
day covered it quite well from the editors desks, but 25 yo copies of
that, which may be moldering away yet in some enthusiasts basement,
and very few of those are available to me since my Amiga user days
ended forever in 2004 a couple years after I retired. I basicly
switched to linux with Red-Hat-5.0 in 1998. Never, except for buying
a road computer, a lappy with xp on it that got wiped and Mandrake
installed a couple weeks later, have I owned a winderz box. You
forget John, that the old, unwritten law about only the winners get
to write the history books is still a basic truism, same as TANSTAAFL,
it cannot be repealed. And Phil is a winner. What I see since I lived
thru it, is that the unpleasant parts of that time period have now
been scrubbed from the internets more accessable places. So be it.
But at the time, he was incarcerated, and I made a small, $100,
contribution to his defense fund, in 92 IIRC. I was at the time,
fairly newly married, and had just made the final payment to the IRS,
cleaning up the 5.5 digit mess my 2nd left me with when she left in
'85. You, John and Thomas, can believe what you read on Wikipedia,
I can't stop you, but I was also there, and I remember it
differently. Cheers, Gene Heskett


Human memory is notably bad.

Note also that Mr. Zimmerman himself remembers it differently:
https://philzimmermann.com/EN/background/index.html

He refers to a three-year *investigation*, not three years of
incarceration.
--
Carl Fink  c...@finknetwork.com
Thinking and logic and stuff at Reasonably Literate
http://reasonablyliterate.com

Re: kmail and encrypted mails

2018-12-25 Thread rhkramer 
On Tuesday, December 25, 2018 04:58:23 PM Nicolas George wrote:
> Gene Heskett (2018-12-25):
> > As for gpg not being pgp, you are likely correct, but what was gpg based
> > on originally if not pgp?
> 
> Original code.

Well, it could have been "based" (or inspired, or similar) based on PGP even 
if it was newly written code.  (And my guess / recollection from that time is 
that it was so "based" / inspired / whatever -- very similar functionality.)

Re: kmail and encrypted mails

2018-12-25 Thread Gene Heskett 
On Tuesday 25 December 2018 16:25:58 John Hasler wrote:

> Gene writes:
> > [Phil Zimmermann] spent 3 years in the federal pen...
>
> Citation, please (not an old Amiga mailing list).

After reading thru the *available* info, starting with Wikipedia, one 
thing stands out, and perhaps explains your insistence that it never 
happened, and thats the 4+ years of total silence on the subject from 
its initial release in 1991, to 1996 when the announcement that the case 
had been dropped was made. Not a single dot over an i is recorded and 
visible during that time frame. This obviously is why you won't accept 
the evidence otherwise from the now truly ancient Amiga mailing lists 
(if they even exist as an archive today, I don't know and don't have a 
quarter to call anyone else who might care) where many megabytes of 
information about the case was recorded, as was his arrest and jailing. 
Another possible source of contradicting info was that a couple of the 
Amiga magazines of the day covered it quite well from the editors desks, 
but 25 yo copies of that, which may be moldering away yet in some 
enthusiasts basement, and very few of those are available to me since my 
Amiga user days ended forever in 2004 a couple years after I retired. I 
basicly switched to linux with Red-Hat-5.0 in 1998. Never, except for 
buying a road computer, a lappy with xp on it that got wiped and 
Mandrake installed a couple weeks later, have I owned a winderz box.

You forget John, that the old, unwritten law about only the winners get 
to write the history books is still a basic truism, same as TANSTAAFL, 
it cannot be repealed. And Phil is a winner. What I see since I lived 
thru it, is that the unpleasant parts of that time period have now been 
scrubbed from the internets more accessable places. So be it. But at the 
time, he was incarcerated, and I made a small, $100, contribution to his 
defense fund, in 92 IIRC. I was at the time, fairly newly married, and 
had just made the final payment to the IRS, cleaning up the 5.5 digit 
mess my 2nd left me with when she left in '85.

You, John and Thomas, can believe what you read on Wikipedia, I can't 
stop you, but I was also there, and I remember it differently.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page

Re: kmail and encrypted mails

2018-12-25 Thread Nicolas George 
Gene Heskett (2018-12-25):
> As for gpg not being pgp, you are likely correct, but what was gpg based 
> on originally if not pgp?

Original code.

Regards,

-- 
  Nicolas George


signature.asc
Description: Digital signature

Re: kmail and encrypted mails

2018-12-25 Thread John Hasler 
Gene writes:
> [Phil Zimmermann] spent 3 years in the federal pen...

Citation, please (not an old Amiga mailing list).
-- 
John Hasler 
jhas...@newsguy.com
Elmwood, WI USA

Re: kmail and encrypted mails

2018-12-25 Thread Gene Heskett 
On Tuesday 25 December 2018 12:48:16 John Hasler wrote:

> Gene writes:
> > I haven't played with pgp since they jailed P.Z., and I've always
> > looked at anything newer than 2.62 as possibly equipt with a back
> > door of some sort, one of the unstated conditions for allowing his
> > release.
>
> I'd like to see some evidence that Zimmermann was jailed.  I was
> paying attention to such things at the time and I recall no mention of
> an arrest.  There was a criminal investigation but no charges were
> ever filed and eventually both the 6th and the 9th courts ruled that
> cryptographic software source code is protected speech.
>
> In any case gpg is not pgp.

Go read the history of that again, John, if you can find it, old Amiga 
mailing list archives from the early '90's might be a good place to 
start.

PGP was considered to be munitions, subject to ITAR which Phil was well 
aware of when he published it, the disks crossed our border to get to a 
locale where publishing it was legal. That intentional border crossing 
with the disks in his luggage was what he was prosecuted for, not the 
code itself. He spent 3 years in the federal pen before they decided the 
cat was well and truly out of the bag and his further incarceration 
served no further usefull punitive service. Not to mention that lots of 
Senators heard from lots of constituents about the asininity of the 
whole thing. My own then Senator Jay Rock., a good man I had the 
pleasure of meeting in person several times, (tv chief engineers get 
more than the average bears opportunities because we are the media that 
helps get the pols re-elected) all but the first time very cordial 
because the first time they were exploring ways to get the feds out of a 
ponzi scheme called social security, he got told in plain language that 
I had been forced to contribute to it against my will since the late 
1940's, and if it wasn't there when I retired, well, I was a hunter, a 
good shot, and might just go hunting for whoever screwed me out of it. 
He also got msgs from me about Phil's incarceration.

As for gpg not being pgp, you are likely correct, but what was gpg based 
on originally if not pgp?

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page

Re: kmail and encrypted mails

2018-12-25 Thread John Hasler 
tomas writes:
> That corresponds to my memories of that time (including the workaround
> for the export ban which involved sending books around and scanning
> them at the other side of the pond).

And the t-shirts with the source code printed on them to be worn while
leaving the USA.  
-- 
John Hasler 
jhas...@newsguy.com
Elmwood, WI USA

Re: kmail and encrypted mails

2018-12-25 Thread tomas 
On Tue, Dec 25, 2018 at 11:48:16AM -0600, John Hasler wrote:
> Gene writes:
> > I haven't played with pgp since they jailed P.Z., and I've always
> > looked at anything newer than 2.62 as possibly equipt with a back door
> > of some sort, one of the unstated conditions for allowing his release.
> 
> I'd like to see some evidence that Zimmermann was jailed.  I was paying
> attention to such things at the time and I recall no mention of an
> arrest.  There was a criminal investigation but no charges were ever
> filed and eventually both the 6th and the 9th courts ruled that
> cryptographic software source code is protected speech.

That corresponds to my memories of that time (including the workaround
for the export ban which involved sending books around and scanning
them at the other side of the pond).

> In any case gpg is not pgp.

Most definitely not. It is explicitly designed to be interoperable with
PGP (and since PGP was first, it set the standards), so it could be seen
as being a close relative, but it is an independent implementation.

Cheers
-- tomás


signature.asc
Description: Digital signature

Re: kmail and encrypted mails

2018-12-25 Thread John Hasler 
Gene writes:
> I haven't played with pgp since they jailed P.Z., and I've always
> looked at anything newer than 2.62 as possibly equipt with a back door
> of some sort, one of the unstated conditions for allowing his release.

I'd like to see some evidence that Zimmermann was jailed.  I was paying
attention to such things at the time and I recall no mention of an
arrest.  There was a criminal investigation but no charges were ever
filed and eventually both the 6th and the 9th courts ruled that
cryptographic software source code is protected speech.

In any case gpg is not pgp.
-- 
John Hasler 
jhas...@newsguy.com
Elmwood, WI USA

Re: kmail and encrypted mails

2018-12-25 Thread Gene Heskett 
On Tuesday 25 December 2018 05:24:13 Hans wrote:

> Hi folks,
>
> merry christmas!
>
> Yesterday I stumbled over a small understanding problem.  I wanted to
> send an encrypted mail to a friend. Of course I got his public key.
>
> But when I want to create the mail, I got stuck. Problem: I have
> activated, that all encrypted mails shall also be encrypted by my own
> key, but the system says, I have no own key.
>
> Ok, I could create one, but in fact, I already have a key (this mail
> is signed with it), Here is my problem:
>
> When there is already a gpg-key crerated, why do I need another key
> for self encrypted mails? And do I need really 2 keys ( = 2 key
> pairs)?
>
> IMHO kmail could use the already existent key from me, but kmail does
> it only accept as a "signing key". That looks strange and is not
> logically in my mind.
>
> Maybe someone can tell me, what I am thinking wrong.
>
> Thanks in andvance and have a happy xmas!
>
Thank you, I would point out that kmail says theres not enough info to 
validate your key. OTOH, I've never attempted to set this stuff up, 
since I switched from Amigados to Linux in 1998, so I have no clue if 
its my setup error, or yours. I'd assume you've put your public key on a 
keyserver someplace, but even my understanding of exactly how that works 
is likely faulty. I haven't played with pgp since they jailed P.Z., and 
I've always looked at anything newer than 2.62 as possibly equipt with a 
back door of some sort, one of the unstated conditions for allowing his 
release. Conspiracy theory? Probably. Shrug. I supposedly have a public 
key out there, but don't have enough historical data left after 25 years 
to even issue a cancellation. So I'll do an Andy Capp and shaddup.
> Best
>
> Hans


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page

Re: kmail and encrypted mails

2018-12-25 Thread Teemu Likonen 
Hans [2018-12-25 13:11:34+01] wrote:

> The old key can only be changed either for enryption or for signing,
> but not both.

Your old key can do both if you want to. Your master key already can
sign [S]. You just need create a new subkey for encryption [E] OR modify
the expiration date of your existing encryptien subkey.

Obviously it is up to you what you actually want to do. I am just
talking about techical options.

-- 
/// Teemu Likonen   - .-..    //
// PGP: 4E10 55DC 84E9 DFF6 13D7 8557 719D 69D3 2453 9450 ///


signature.asc
Description: PGP signature

Re: kmail and encrypted mails

2018-12-25 Thread Hans 
Hi Teemu,

thank you for the fast and good informations. I learned, that my
key is not capable to encrypt, but to sign mails.

This was a long time good enough for me, as no one wanted encrypted mails from 
me. 

I also learned, that I made a mistake in 2007, when I created the keys, that I 
created the wrong form (DSA and ElGamal). At that time, I did not know better.

So, today I created a new keypair (with RSA4096 and a loong Mantra), which 
I will use in the future, too. The old key will be used as a signing key for a 
while. 

The old key can only be changed either for enryption or for signing, but not 
both. So, the easiest solution was to create a new one.

In the last hours I learned a lot and read a lot and I believe, I now better 
understand how it works.

Here I can now only say: Thank you (and all the other guys) for your great 
help and your hints.

Best regards

Hans
> Let's look at your key:
> 
> 
> $ gpg --list-options show-unusable-subkeys,no-show-uid-validity \
> --list-keys Ullrich
> 
> pub   dsa1024 2007-12-05 [SC]
>   984893FB397A9E4E4834898FE27C63AA5F093FF8
> uid  Hans-J. Ullrich [...]
> uid  Ullrich-IT-Consult [...]
> sub   elg2048 2007-12-05 [E] [expired: 2008-12-04]
> 
> 
> It tells us that your master key (dsa1024) has [SC] capabilities, which
> means that it can create message signatures [S] and certificates [C].
> The key also has a subkey (elg2048) with encryption [E] capabilities but
> the subkey has expired in 2008-12-04 so it is not used anymore.
> 
> You can create a new encryption subkey if you want to add an encryption
> capability: --edit-key + addkey. You can also modify the expiration date
> of your existing subkey: --edit-key + key 1 + expire.

Re: kmail and encrypted mails

2018-12-25 Thread Teemu Likonen 
Hans [2018-12-25 11:24:13+01] wrote:

> But when I want to create the mail, I got stuck. Problem: I have
> activated, that all encrypted mails shall also be encrypted by my own
> key, but the system says, I have no own key.
>
> Ok, I could create one, but in fact, I already have a key (this mail
> is signed with it), Here is my problem:


Let's look at your key:


$ gpg --list-options show-unusable-subkeys,no-show-uid-validity \
--list-keys Ullrich

pub   dsa1024 2007-12-05 [SC]
  984893FB397A9E4E4834898FE27C63AA5F093FF8
uid  Hans-J. Ullrich [...]
uid  Ullrich-IT-Consult [...]
sub   elg2048 2007-12-05 [E] [expired: 2008-12-04]


It tells us that your master key (dsa1024) has [SC] capabilities, which
means that it can create message signatures [S] and certificates [C].
The key also has a subkey (elg2048) with encryption [E] capabilities but
the subkey has expired in 2008-12-04 so it is not used anymore.

You can create a new encryption subkey if you want to add an encryption
capability: --edit-key + addkey. You can also modify the expiration date
of your existing subkey: --edit-key + key 1 + expire.

-- 
/// Teemu Likonen   - .-..    //
// PGP: 4E10 55DC 84E9 DFF6 13D7 8557 719D 69D3 2453 9450 ///


signature.asc
Description: PGP signature

Re: kmail and encrypted mails

2018-12-25 Thread Nicolas George 
Katnip (2018-12-25):
> you could try using protonmail which has pgp, it's free to start with.

The problem is not the software, changing it will not help.

Regards,

-- 
  Nicolas George


signature.asc
Description: Digital signature

Re: kmail and encrypted mails

2018-12-25 Thread Nicolas George 
Hans (2018-12-25):
> IMHO kmail could use the already existent key from me, but kmail does it only 
> accept as a "signing key". That looks strange and is not logically in my mind.

I get this from your mail:

# gpg: Signature made Tue Dec 25 11:24:13 2018 CET using DSA key ID 5F093FF8
# gpg: Can't check signature: public key not found

I did not manage to find your key on key servers, but there is enough
information here: DSA.

https://en.wikipedia.org/wiki/Digital_Signature_Algorithm

It cannot be used for encrypting, only for signing, that is because of
its mathematical design. On the contrary, for example, a RSA key can be
used for both signing and encrypting.

Regards,

-- 
  Nicolas George


signature.asc
Description: Digital signature

Re: kmail and encrypted mails

2018-12-25 Thread Hans 
Hi Nicolas,

ok, thank you for the response. Important to know, that the behaviour of kmail 
is correct. I will inform me now, what to do. 

Thank you very much for the help. Your response was a great help, now I am no 
more stuck.

Happy days and a good 2019!

Best

Hans

Re: kmail and encrypted mails

2018-12-25 Thread Nicolas George 
Hans (2018-12-25):
> this is weired. You should be able to verify my key on www.cacert.org.

Are you sure about what you are doing? cacert.org does not look to be
related to PGP at all.

> However, what can I do? What should I do?

Start by not top-posting, it is not accepted on this list; if you do not
know what it means, look it up.

I cannot tell you what you should do about the key, because it depends
on your ultimate purpose. All I can tell you is: you cannot use the
5F093FF8 for encryption.

Regards,

-- 
  Nicolas George


signature.asc
Description: Digital signature

Re: kmail and encrypted mails

2018-12-25 Thread Hans 
Hi, 

this is weired. You should be able to verify my key on www.cacert.org.

However, what can I do? What should I do?

Best 

Hans
> I get this from your mail:
> 
> # gpg: Signature made Tue Dec 25 11:24:13 2018 CET using DSA key ID 5F093FF8
> # gpg: Can't check signature: public key not found
> 
> I did not manage to find your key on key servers, but there is enough
> information here: DSA.
> 
> https://en.wikipedia.org/wiki/Digital_Signature_Algorithm
> 
> It cannot be used for encrypting, only for signing, that is because of
> its mathematical design. On the contrary, for example, a RSA key can be
> used for both signing and encrypting.
> 
> Regards,



signature.asc
Description: This is a digitally signed message part.

kmail and encrypted mails

2018-12-25 Thread Hans 
Hi folks, 

merry christmas! 

Yesterday I stumbled over a small understanding problem.  I wanted to send an 
encrypted mail to a friend. Of course I got his public key. 

But when I want to create the mail, I got stuck. Problem: I have activated, 
that all encrypted mails shall also be encrypted by my own key, but the system 
says, I have no own key.

Ok, I could create one, but in fact, I already have a key (this mail is signed 
with it), Here is my problem:

When there is already a gpg-key crerated, why do I need another key for self 
encrypted mails? And do I need really 2 keys ( = 2 key pairs)?

IMHO kmail could use the already existent key from me, but kmail does it only 
accept as a "signing key". That looks strange and is not logically in my mind.

Maybe someone can tell me, what I am thinking wrong.

Thanks in andvance and have a happy xmas!

Best 

Hans
 

signature.asc
Description: This is a digitally signed message part.