Re: GPG 1.0.3 and mutt
Brian Salter-Duke wrote: : I may stick with GnuPG as is. However that : raises my original question. gpg.rc uses gpg_2comp (I may have the name ^ gpg.rc don't use gpg_2comp starting at 2000-03-03. All commands what use gpg_2comp is commented out and replaced by "clear" gpg commands. Check for is you use fresh gpg.rc? -- Andrew W. Nosenko([EMAIL PROTECTED])
Re: GPG 1.0.3 and mutt
On Tue, Oct 24, 2000 at 11:08:14AM +0300, Andrew W. Nosenko wrote: Brian Salter-Duke wrote: : I may stick with GnuPG as is. However that : raises my original question. gpg.rc uses gpg_2comp (I may have the name ^ gpg.rc don't use gpg_2comp starting at 2000-03-03. All commands what use gpg_2comp is commented out and replaced by "clear" gpg commands. Hmmm. Mea Culpa. So they are. I just saw something about using this gpg_2comp and got it. I then saw it was to fit with pgp2. OK, but I am still confused. What gave rise to the change ealrlier this year. How compatible is gpg with mutt using this gpg.rc with other versions of pgp? It seems to me that a lot of people sign their mutt messages but that only a small proportion are verified. Only a very few people use encrypting and then only onlya on a one-to-one basis with someone they really know and have arranged to have the same version of PGP. The result is that there does not appear to be a lot of expertise on the mutt list about all the incomatability questions. Or maybe I'm just asking dum questions or not reading the files and manuals carefully enough like in this case. Check for is you use fresh gpg.rc? Yes, it was with the 1.3.10 unstable version. Cheers, Brian. -- Andrew W. Nosenko([EMAIL PROTECTED]) -- Associate Professor Brian Salter-Duke (Brian Duke) [EMAIL PROTECTED] Chemistry, School of BECS, SITE, NT University, Darwin, NT 0909, Australia. Phone 08-89466702. Fax 08-89466847. http://www.smps.ntu.edu.au/ Get PGP2 Key:- http://www.smps.ntu.edu.au/chemistry/duke.key.html
Re: GPG 1.0.3 and mutt
Andrew W. Nosenko wrote: Brian Salter-Duke wrote: : I may stick with GnuPG as is. However that : raises my original question. gpg.rc uses gpg_2comp (I may have the name ^ gpg.rc don't use gpg_2comp starting at 2000-03-03. All commands what use gpg_2comp is commented out and replaced by "clear" gpg commands. Check for is you use fresh gpg.rc? -- Andrew W. Nosenko([EMAIL PROTECTED]) the version of gpg.rc that comes with gnupg-1.0.4 (dated 2000/05/23) doesn't have the gpg_2comp commands commented out. they're not there at all. BUT there's still a comment at the top stating that gpg_2comp is used :) raf
Re: GPG 1.0.3 and mutt
raf wrote: Andrew W. Nosenko wrote: Brian Salter-Duke wrote: : I may stick with GnuPG as is. However that : raises my original question. gpg.rc uses gpg_2comp (I may have the name ^ gpg.rc don't use gpg_2comp starting at 2000-03-03. All commands what use gpg_2comp is commented out and replaced by "clear" gpg commands. Check for is you use fresh gpg.rc? -- Andrew W. Nosenko([EMAIL PROTECTED]) the version of gpg.rc that comes with gnupg-1.0.4 ^^^ (doh) mutt-1.2.5 (dated 2000/05/23) doesn't have the gpg_2comp commands commented out. they're not there at all. BUT there's still a comment at the top stating that gpg_2comp is used :) raf
Re: GPG 1.0.3 and mutt
On 2000-10-20 17:02:57 +0930, Brian Salter-Duke wrote: I recently decided to try GnuPG after using only pgp2 off and on for some years. It was only after I downloaded it and played with it for a while, that I realised that version 1.0.3 was very recent. I had got in right at the beginning of a new version. This new version incorporates RSA which I understand came out of copyright only in September. PGP 2.x also uses the IDEA algorithm which is patented in some countries (and therefore not included in GPG), so you will still need one plugin for GPG to handle 2.x-compatible PGP-messages. hp -- _ | Peter J. Holzer | Any setuid root program that does an |_|_) | Sysadmin WSR / LUGA | exec() somewhere is just a less | | | [EMAIL PROTECTED]| user friendly version of su. __/ | http://www.hjp.at/ |-- Olaf Kirch on bugtraq 2000-08-07 PGP signature
Re: GPG 1.0.3 and mutt
On Mon, Oct 23, 2000 at 04:21:19PM +0200, Peter J . Holzer wrote: On 2000-10-20 17:02:57 +0930, Brian Salter-Duke wrote: I recently decided to try GnuPG after using only pgp2 off and on for some years. It was only after I downloaded it and played with it for a while, that I realised that version 1.0.3 was very recent. I had got in right at the beginning of a new version. This new version incorporates RSA which I understand came out of copyright only in September. PGP 2.x also uses the IDEA algorithm which is patented in some countries (and therefore not included in GPG), so you will still need one plugin for GPG to handle 2.x-compatible PGP-messages. Thanks, Peter and all the others who have replied to my original message. However I remain confused. I realise that IDEA is missing from 1.0.4 and I would need it for pgp2 compatability. However, I am not sure I want pgp2 compatability. I may stick with GnuPG as is. However that raises my original question. gpg.rc uses gpg_2comp (I may have the name wrong) and this SEEMS to presume you are using the IDEA pluggin etc. So, does gpg.rc work for GnuPG out of the box or do you need another rc file? Or indeed does mutt only work with GnuPG if it is made compatable with pgp2. PGP and its mates still confuses me. There seems to be so much incompatability these days. Cheers, Brian. -- Associate Professor Brian Salter-Duke (Brian Duke) [EMAIL PROTECTED] Chemistry, School of BECS, SITE, NT University, Darwin, NT 0909, Australia. Phone 08-89466702. Fax 08-89466847. http://www.smps.ntu.edu.au/ Get PGP2 Key:- http://www.smps.ntu.edu.au/chemistry/duke.key.html
GPG 1.0.3 and mutt
I recently decided to try GnuPG after using only pgp2 off and on for some years. It was only after I downloaded it and played with it for a while, that I realised that version 1.0.3 was very recent. I had got in right at the beginning of a new version. This new version incorporates RSA which I understand came out of copyright only in September. This allows one I gather to encrypt in a manner compatible with pgp2. The gpg.rc script assumes the use of gpg-2comp and this assumes that RSA patches to gpg have been installed. Version 1.0.3 appears to alter the whole game. So my question is this - what do we have to use in place of gpg.rc. Has anybody given this any thought or has anyone who used an earlier version of gpg got any war stories about upgrading to 1.0.3? Now an extra question. I always get "gpg: Please note that you don't have secure memory on this system". I added "no-secmem-warning" to ~/.gnupg/options as suggested and I then made gpg suid root. I still get the error message. Any ideas? Cheers, Brian. -- Associate Professor Brian Salter-Duke (Brian Duke) [EMAIL PROTECTED] Chemistry, School of BECS, SITE, NT University, Darwin, NT 0909, Australia. Phone 08-89466702. Fax 08-89466847. http://www.smps.ntu.edu.au/ Get PGP2 Key:- http://www.smps.ntu.edu.au/chemistry/duke.key.html
Re: GPG 1.0.3 and mutt
Brian Salter-Duke wrote: I recently decided to try GnuPG after using only pgp2 off and on for some years. It was only after I downloaded it and played with it for a while, that I realised that version 1.0.3 was very recent. I had got in right at the beginning of a new version. This new version incorporates RSA which I understand came out of copyright only in September. i don't know but note: 1.0.3 has a nasty bug that can cause signatures to be verified that shouldn't (if there are multiple signatures). use 1.0.4 instead. Now an extra question. I always get "gpg: Please note that you don't have secure memory on this system". I added "no-secmem-warning" to ~/.gnupg/options as suggested and I then made gpg suid root. I still get the error message. Any ideas? it means that's your machine doesn't have the mlock() system call or that the gpg compile was configured to believe that you don't have it. i.e. HAVE_MLOCK wasn't defined. you can't turn this message off without recompiling gpg to use mlock() (if you do have it). raf
Re: GPG 1.0.3 and mutt
On Fri, Oct 20, 2000 at 05:02:57PM +0930, Brian Salter-Duke wrote: I recently decided to try GnuPG after using only pgp2 off and on for some years. It was only after I downloaded it and played with it for a while, that I realised that version 1.0.3 was very recent. I had got in right at the beginning of a new version. This new version incorporates RSA which I understand came out of copyright only in September. This allows one I gather to encrypt in a manner compatible with pgp2. I don't know abou that, as I have not generated a new key pair. The man page does not indicate any commands specific to "RSA". I do know that I can now verify email signed with an RSA key, which was my main interest in 1.0.3. The gpg.rc script assumes the use of gpg-2comp and this assumes that RSA patches to gpg have been installed. Version 1.0.3 appears to alter the whole game. So my question is this - what do we have to use in place of gpg.rc. Has anybody given this any thought or has anyone who used an earlier version of gpg got any war stories about upgrading to 1.0.3? I have not changed it in the least. However, I have had no reason to do so. Perhaps someone who uses an RSA-only version of PGP would ask me to do so, then I would have to dink with it. Or tell them to upgrade to GPG. :-) Now an extra question. I always get "gpg: Please note that you don't have secure memory on this system". I added "no-secmem-warning" to ~/.gnupg/options as suggested and I then made gpg suid root. I still get the error message. Any ideas? Sorry, no ideas here. -- -- C^2 No windows were crashed in the making of this email. Looking for fine software and/or web pages? http://w3.trib.com/~ccurley PGP signature
Re: GPG 1.0.3 and mutt
On Fri, Oct 20, 2000 at 05:02:57PM +0930, Brian Salter-Duke wrote: I recently decided to try GnuPG after using only pgp2 off and on for some years. It was only after I downloaded it and played with it for a while, that I realised that version 1.0.3 was very recent. I had got in right at the beginning of a new version. This new version incorporates RSA which I understand came out of copyright only in September. This allows one I gather to encrypt in a manner compatible with pgp2. I believe the gpg only deciphers with RSA, and doesn't encrypt using it. Sorry, but I wouldn't know anything about pgp2 though... -- Dan Boger System Administrator [EMAIL PROTECTED] PGP signature
Re: GPG 1.0.3 and mutt
Dan Boger writes: On Fri, Oct 20, 2000 at 05:02:57PM +0930, Brian Salter-Duke wrote: I recently decided to try GnuPG after using only pgp2 off and on for some years. It was only after I downloaded it and played with it for a while, that I realised that version 1.0.3 was very recent. I had got in I strongly suggest to use 1.0.4 instead. All versions up to and including 1.0.3 have a serious bug: Noteworthy changes in version 1.0.4 (2000-10-17) * Fixed a serious bug which could lead to false signature verification results when more than one signature is fed to gpg. This is the primary reason for releasing this version. [...] right at the beginning of a new version. This new version incorporates RSA which I understand came out of copyright only in September. This allows one I gather to encrypt in a manner compatible with pgp2. I believe the gpg only deciphers with RSA, and doesn't encrypt using it. Sorry, but I wouldn't know anything about pgp2 though... This is correct. Noteworthy changes in version 1.0.3 (2000-09-18) [...] * RSA is supported. Key generation does not yet work but will come soon.
