Mailing List Archive

[.cc:ed off list - I don't know if you read the list. Please don't cc me on
replies]

On Wednesday 09 April 2003 20:03, Paul Madore wrote:
> Hi Everyone, I'm new to this and the archive is a royal pain in the ass.

There's google.

> So heres what I need to know, what do I use it for?

You can read? Good.
You can operate a web browser? Good.
You can point your web browser to http://www.gnupg.org and read the
documentation.

Why did you download a software where you don't know what you can use it for?
(Rethorical question, no answer needed).

> How do I use it and

there's good documentation. You guessed it, it's again on the gnupg website
thingy.

> what do I do to get it working under XP Pro?

Use the web site. There are, iirc, binaries for windows available.

> Thanks for tolerating me,

-- vbi

--
NOTE: my email addresses in usenet postings change frequently!

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 09 Apr 2003 7:03 pm, Paul Madore wrote:

> Hi Everyone, I'm new to this and the archive is a royal pain in the
> ass.
>
> So heres what I need to know, what do I use it for? How do I use it
> and what do I do to get it working under XP Pro?

You use GPG for encryption and signing of files and emails, just like
PGP. Unlike PGP, GPG is a commandline program (even under Windows) so
unless you are used to console commands in Windows, I suggest you get a
GUI front end as well.

You can use the Windows version of GPG compiled on this site, or go to
http://www.nullify.org to get a different version compiled with a
different compiler which produces slightly more Windows-friendly code I
understand.

The two GUI fron ends available in Windows are WinPT and GPGShell (the
latter is not OpenSource if that matters to you). You can get a link
to WinPT on this site and the nullify.org site has links to both
programs.

Although being here can help you, as a newbie to GPG, I would suggest
you also join the PGP-Basics mailing list (which covers GPG for
Windows) where members can download HOWTO documents which are more
Windows-centric and also ask some basic questions. You can, of course
ask those questions here, as well. PGP-Basics can be found at:

http://groups.yahoo.com/group/PGP-Basics

And don't forget to READ the documentation and look at the gpg.conf file
in particular.

Good luck!

- --

Graham
GPG Keys at encryption.keys@ntlworld.com


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2rc1 (GNU/Linux)
Comment: Please sign and encrypt for internet privacy

iD8DBQE+lHXlIwtBZOk1250RAqV7AKDG4TlMN2lEXnMhiQqrvAy1pgg9SwCgmXfT
h8xabzdQaBg5cbBUQRpdKIA=
=Ev8v
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi Paul,

>Hi Everyone, I'm new to this and the archive is a royal pain in the
ass.

What archive are you using ? THere are two, and the one at
marc.theaimsgroup.com has a search engine:
http://marc.theaimsgroup.com/?l=gnupg-users&w=2

>So heres what I need to know, what do I use it for?
I believe this was answered in another reply.

> How do I use it and
> what do I do to get it working under XP Pro?

If you are looking for just GnuPG binaries (command line, no
graphical interface), you can get them at gnupg.org. Otherwise I'd
invite you to take a look at WinPT (see www.winpt.org or
winpt.sf.net). WinPT uses GnuPG and provides a graphical interface to
it. We have recently re-organized the whole project and lots of
improvements have been done to the documentation and web site - an to
the applicationS :)

Regards,

Fabián Rodríguez - Toxik Technologies, Inc.
www.toxik.com - (514) 528-6945 @221
OpenPGP: 0x5AF2A4D5

-----BEGIN PGP SIGNATURE-----

iD8DBQE+lJvRfUcTXFrypNURAjxEAJ9taUeuYGutTInQ9h9NqMoCRLHAZwCghaby
v0Xb/rvo9xjYmUV5lU4rPc0=
=Cc8i
-----END PGP SIGNATURE-----

Hi,
You need a front-end and I suggest you take a look att GPGrelay: It does
automatic signing and encryption. And automatically verifies signed mail
and decrypts encrypted mail.

http://sites.inka.de/tesla/gpgrelay.html

You have to do the setup correct to get it working: it's a relay i.e. you
have to pass the mail through the program. And you have to create groups of
e-mailaddresses/keys with different signing/encryption policies.

You may do some key management, key generation, signing and encryption etc
with GPGrelay as well. When the setup is done anyone can use it.

And it's quite stable nowdays ... v.0.92 And comes with an installer.

Join the GPGrelay-users list:
http://lists.sourceforge.net/lists/listinfo/gpgrelay-talk

Per Tunedal

At 14:03 2003-04-09 -0400, you wrote:
>Hi Everyone, I'm new to this and the archive is a royal pain in the ass.
>
>So heres what I need to know, what do I use it for? How do I use it and
>what do I do to get it working under XP Pro?
>
>Thanks for tolerating me,
>-The Kid That Everyone Thought Was Crazy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Another alternative for an easy-to-use mail frontend is Mozilla with
Enigmail. It's pretty painless to set up, and it does signing, encrypting,
key pair generation, etc. right from the menus in Moz mail.

Site is http://enigmail.mozdev.org/ if you want to take a look.

Peace,
Eddie Roosenmaallen

Per Tunedal wrote:

> Hi,
> You need a front-end and I suggest you take a look att GPGrelay: It does
> automatic signing and encryption. And automatically verifies signed mail
> and decrypts encrypted mail.
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+lXELtGGqbMwazQURAjuPAKDBeaSe5pdJYKFbogv+fS19GncUawCgrqC0
A6sP/CN3s1dXGmBtiHrnKi8=
=8D7Z
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi Paul, all,

An important clarification: GPGRelay and Enigmail are email tools,
but WinPT is for general use with all types of content: email, files,
clipboard, etc.

It may help us suggest the appropriate tools if you tell us what will
be your primary use of GnuPG.

Regards,

Fabián Rodríguez - Toxik Technologies, Inc.
www.toxik.com - (514) 528-6945 @221
OpenPGP: 0x5AF2A4D5

>-----Original Message-----
>From: gnupg-users-admin@gnupg.org
[mailto:gnupg-users-admin@gnupg.org]On
>Behalf Of Per Tunedal
>Sent: Thursday, April 10, 2003 8:56 AM
>To: gnupg-users@gnupg.org
>Cc: Paul Madore
>Subject: Re: GPG
>
>
>Hi,
>You need a front-end and I suggest you take a look att GPGrelay: It
does
>automatic signing and encryption. And automatically verifies signed
mail
>and decrypts encrypted mail.
>
>http://sites.inka.de/tesla/gpgrelay.html
[...]
-----BEGIN PGP SIGNATURE-----
Comment: Using WinPT.org - Windows Privacy Tools

iD8DBQE+lZtufUcTXFrypNURAtAnAKDrVgE0f/BYSNOKil0AopvfhvgItACfdUrx
Fj80JyTS3K2piXEEB9JLRU8=
=Vwrm
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10 Apr 2003 at 12:27, Toxik - Fabian Rodriguez wrote:

> An important clarification: GPGRelay and Enigmail are email tools,
> but WinPT is for general use with all types of content: email, files,
> clipboard, etc.

Just curious, but I've scanned this list for a while now, and haven't
seen much mention of GPGShell. I realize it's not open source, but I
feel that it's more "powerful" and PGP-like.

Am I missing something?

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)

iD8DBQE+lc7VM2E0hebvkdERAvfWAKDU4QTwZk9NgsTQHPdJDgfEsKL/6ACfekiK
yfQdwi/qxBf1FDXrqz7tDwk=
=mGip
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
I haven' tried the new Mozilla yet but my son likes it. Enigmail works OK
he says.

I will probably try it soon because of other nice features in Mozilla like
easy editing of textfields on web sites. Might be useful if several persons
maintain a site - e.g. the GnuPG site?
Per Tunedal

At 09:26 2003-04-10 -0400, you wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Hi,
>
>Another alternative for an easy-to-use mail frontend is Mozilla with
>Enigmail. It's pretty painless to set up, and it does signing, encrypting,
>key pair generation, etc. right from the menus in Moz mail.
>
>Site is http://enigmail.mozdev.org/ if you want to take a look.
>
>Peace,
> Eddie Roosenmaallen
>
>Per Tunedal wrote:
>
>> Hi,
>> You need a front-end and I suggest you take a look att GPGrelay: It does
>> automatic signing and encryption. And automatically verifies signed mail
>> and decrypts encrypted mail.
>>
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.1 (MingW32)
>Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
>iD8DBQE+lXELtGGqbMwazQURAjuPAKDBeaSe5pdJYKFbogv+fS19GncUawCgrqC0
>A6sP/CN3s1dXGmBtiHrnKi8=
>=8D7Z
>-----END PGP SIGNATURE-----
>
>
>_______________________________________________
>Gnupg-users mailing list
>Gnupg-users@gnupg.org
>http://lists.gnupg.org/mailman/listinfo/gnupg-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32) - GPGrelay v0.92

iD8DBQE+loD02Jp9Z++ji2YRAvEJAKCjlpZU4fBYFxn1cD78tseBwafZZQCcDXia
RFmMjaWlBYpsT0uaFPpyoiM=
=kFDX
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
Well OPENSOURCE is extremely important to encryption software. The source
must be available for review, otherwise you don't know if the software is
secure. PGP is not opensorce but the source is available for "peer review"
and is thus judged as secure.

GPGShell has been more mature than WinPT for a long while and it's
extremely similar to PGP and thus easy to use. But I will never use it as
the source isn't available.

Per Tunedal

At 16:06 2003-04-10 -0400, you wrote:

>
>On 10 Apr 2003 at 12:27, Toxik - Fabian Rodriguez wrote:
>
>> An important clarification: GPGRelay and Enigmail are email tools,
>> but WinPT is for general use with all types of content: email, files,
>> clipboard, etc.
>
>Just curious, but I've scanned this list for a while now, and haven't
>seen much mention of GPGShell. I realize it's not open source, but I
>feel that it's more "powerful" and PGP-like.
>
>Am I missing something?
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32) - GPGrelay v0.92

iD8DBQE+loD12Jp9Z++ji2YRAoaCAJ4pLQXC0BKUVUensp5L4skJEuQN/wCcCbD/
dIAZ9pVfKQuCVl0gYgFm5n0=
=CCIw
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>
> Eddie Roosenmaallen wrote
> Another alternative for an easy-to-use mail frontend is Mozilla with
> Enigmail. It's pretty painless to set up, and it does signing,
encrypting,
> key pair generation, etc. right from the menus in Moz mail.
>
>
Very easy to use but I see a problem with encrypting or signing mails
with Enigmail because this is done on sending, which means private
keys (and passphrase if cached) might be exposed when you go online.
An option to encrypt/sign and queue would solve this problem though.

Cheers

DM





-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1-nr1 (Windows 2000) - GPGshell v2.70
Comment: Key ID: 0x8353641A
Comment: 1374 43A0 8F8D DB46 D752 0202 2514 2492 8353 641A

iQEVAwUBPpcHCCUUJJKDU2QaAQK1IAgAlPsnqJlhhtMoS1VYtkZMwPtJvdDhlqfr
Z11IPaZcYJ8gIU5OwChaE7jyvrxZ8mchVhn8tTdD5SVScgbuooklfCwJdPMZIisF
UpFIQplIIT+Lo68psivCQX7IdE8snKSBALidqAb4Ku/tY2zvO7NXdnb31k5hazFX
S1GS2n4LW5gfft+9qSGRuUDfCq2Uy09V4pPf9wyzpMd1oN+IEApdVkmGOi5qgfTx
3Usx/L4+Z0mpp6LGq+508/SQ66yHV/GBTZfjIPzOUUXqqKeQb8BRblH3mc+RRB0g
iIAN648AtEPSQZNPhediqFIoWPVndfsS9GAMXjlH/KM62qT5POSUfg==
=BB4/
-----END PGP SIGNATURE-----

On Friday 11 April 2003 7:19 pm, Denis McCauley wrote:
> > Eddie Roosenmaallen wrote
> > Another alternative for an easy-to-use mail frontend is Mozilla with
> > Enigmail. It's pretty painless to set up, and it does signing,
> > encrypting,
> > key pair generation, etc. right from the menus in Moz mail.
>
> Very easy to use but I see a problem with encrypting or signing mails
> with Enigmail because this is done on sending, which means private
> keys (and passphrase if cached) might be exposed when you go online.
> An option to encrypt/sign and queue would solve this problem though.

But Mozilla can do that, like most email clients you can send now or send
later. It's a simple configuration option.
# To send messages in your Unsent Messages folder before going offline, check
"Send Unsent Messages".

The act of signing is done when the message is finalised ready for sending
later - queued. This can therefore be done offline, leaving only the signed
email in the outbox waiting for the connection and command to send.

Besides, even without a queue, aren't you going to be using a firewall to
protect your machine? Where is the perceived threat - from the internet or
from the intranet or even from users on the same system?


--

Neil Williams
=============
http://www.codehelp.co.uk
http://www.dclug.org.uk

http://www.wewantbroadband.co.uk/

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Neil Williams wrote:

>On Friday 11 April 2003 7:19 pm, Denis McCauley wrote:
>
>> > Eddie Roosenmaallen wrote
>> > Another alternative for an easy-to-use mail frontend is Mozilla
with
>> > Enigmail. It's pretty painless to set up, and it does signing,
>> > encrypting,
>> > key pair generation, etc. right from the menus in Moz mail.
>>
>>Very easy to use but I see a problem with encrypting or signing
mails
>>with Enigmail because this is done on sending, which means private
>>keys (and passphrase if cached) might be exposed when you go
online.
>>An option to encrypt/sign and queue would solve this problem though.
>
>
>But Mozilla can do that, like most email clients you can send now or
send
>later. It's a simple configuration option.
># To send messages in your Unsent Messages folder before going
offline, check
>"Send Unsent Messages".
>

Sure, but ....


>The act of signing is done when the message is finalised ready for
sending
>later - queued. This can therefore be done offline, leaving only the
signed
>email in the outbox waiting for the connection and command to send.
>

Maybe I'm a bit thick, but I can't find an option to queue encrypted
or signed messages on my version (Enigmail 0.71 on Mozilla 1.2.1 on
w2k), though it can be done for unencrypted/unsigned messages. I have
to encrypt or sign with gpg outside the mailer, copy to the composer
and then queue the message.


>Besides, even without a queue, aren't you going to be using a
firewall to
>protect your machine? Where is the perceived threat - from the
internet or
>from the intranet or even from users on the same system?
>
>
I keep in mind a comment by Bruce Schneier: "Some firewalls are
reasonably effective", and I've seen examples of sites reading my file
structure through IE (not with Mozilla, but I'm careful all the same).
Once the firewall is opened for the browser there's a potential
problem.

Cheers,

DM



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1-nr1 (Windows 2000) - GPGshell v2.70
Comment: Key ID: 0x8353641A
Comment: 1374 43A0 8F8D DB46 D752 0202 2514 2492 8353 641A

iQEVAwUBPpdi3SUUJJKDU2QaAQIJaAgAlNBqIAY8EcFcL/l6frOZVBKE6G+R1ZzO
UNDQ8xHFlRpoEvvLaF9BrTiHZfDHDf9ZudQYDFa1rbQ/Aw2rJ1Z37NHHmWBl9m7I
Dfo3EtbqqamRU3fx2Mo4AigwQ7g3c9Jd58UbP6EgRoQxcE7uGu+3XDsQuc213zBB
kuM/06pOKA2vgwn4oC8AdpvRkDJzFWdsAYBDPCLGdWzc7Usws567xRWUVBU28QsG
h8VuvHyIqknakKYxPLWxc9yq+sBq11KYMHOhvnTKtTbwd4RuJ41XIjNgg2zhd9MZ
9GEgCw/OIK9qO/sv1Lyh6bPa0eL5ArgwVre4RGplVhherNno3ArF0g==
=CLX+
-----END PGP SIGNATURE-----

On Saturday 12 April 2003 1:53 am, Denis McCauley wrote:
> Neil Williams wrote:
>
> Maybe I'm a bit thick, but I can't find an option to queue encrypted
> or signed messages on my version (Enigmail 0.71 on Mozilla 1.2.1 on
> w2k), though it can be done for unencrypted/unsigned messages. I have
> to encrypt or sign with gpg outside the mailer, copy to the composer
> and then queue the message.

Doesn't Ctrl+Shift+Return work? Have you not got Enigmail set to sign by
default? It might be worth setting up an identity where this can be used. If
not, it just goes to show that Windows simply isn't up to the job.

> I keep in mind a comment by Bruce Schneier: "Some firewalls are
> reasonably effective", and I've seen examples of sites reading my file
> structure through IE (not with Mozilla, but I'm careful all the same).

That's IE's fault, not the firewall!!! Those exploits can be patched but new
ones keep appearing. I switched to Linux instead. Mozilla doesn't provide
holes like IE as it is not part of the operating system like explorer. On
Linux, Mozilla behind a iptables deny-all firewall simply has no permission
to even read the filesystem structure as it runs as a user. Unlike Windows,
the user on Linux is NOT given permission to access the filesystem structure
outside the home directory, that is reserved for the sys admin user. All
attempts are simply refused.

Your basic problem is that Windows runs as the system admin even when the user
doesn't have a clue. Worse, it runs a scripted environment that can be
modified by the not-a-clue user but which still runs as the super-user. On
Linux/Unix, the system runs as super-user and no other user has any
permission to access the system. Users have access to their own home
directories (and not to each others) and have no permission to modify the
system environment. That's how my machines keep running even when a user
trashes their own environment. As the firewall is part of the system, there
is no way for a user (or user program) to interfere with the port
configuration directly.

> Once the firewall is opened for the browser there's a potential
> problem.

Depends on the browser and the operating system. If a request is received on a
port opened by the browser, the request doesn't have to completed - it's down
to the security of the browser and the operating system behind it.

>
> Cheers,
>
> DM
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

--

Neil Williams
=============
http://www.codehelp.co.uk
http://www.dclug.org.uk

http://www.wewantbroadband.co.uk/

On Tue, 21 Nov 2006 18:09, jalmeida@math.ist.utl.pt said:

> Assuming that the gpg-agent daemon is running and some client
> application needs to encrypt or decrypt something, what happens? As I
> understood it, the client connects to the socket and gpg-agent tells
> pinentry to ask for a passphrase, if it doesn't have it yet. Now, the

That is correct for gpg. It is different with gpgsm (and will be for
future versions of gpg2): The client (i.e. gpgsm) connects to the
agent and ask the agent to decrypt a session key or to sign a hash.
Whether the agent then requires a passphrase is solely a decision
taken internally by gpg-agent.

> first question is whether the passphrase is kept in locked memory
> (assuming the OS supports it), i.e, the passphrase is never send to disk
> or swap. Is this correct?

Right. The passphrase (in all cases: when asking for the passphrase,
or when gpg-agent requires it internally) is never stored on disk but
kept in a special memory area of gpg-agent ("secure memory"). That
memory area is protected from swapping out to disk.

However we rely on the OS's kernel not to reveal the content of a
pipe. Pipes are used to convey the passphrase from the pinnetry to
the agent and to gpg.

> The other question (not independent from the former) is what is (and
> where is) gpg-agent cache: a directory? containing what? the passphrases
> for several keys? and are they protected only by the filesystem
> permissions, or is there a more elaborate setup?

The cache is only in RAM. It is not encrypted there because you would
anyway need to store the decryption key somehere else in RAM.

Gpgsm's private keys (X.509 and SSH) are stored on disk. One file per
key, all under the directory ~/.gnupg/private-keys-v1.d/. The keys
store there are usually encrypted using a passphrase. gpg-agent
decrypts the keys on the fly and only keeps them in RAM. To see the
structure of these key files, you may use the command

/usr/local/libexec/gpg-protect-tool \
~/.gnupg/private-keys-v1.d/xx[...]xxxx.key

The structure is documented in gnupg/agent/keyformat.txt.



Shalom-Salam,

Werner


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Wed, 22 Nov 2006, Werner Koch wrote:

>> first question is whether the passphrase is kept in locked memory
>> (assuming the OS supports it), i.e, the passphrase is never send to disk
>> or swap. Is this correct?
>
> Right. The passphrase (in all cases: when asking for the passphrase,
> or when gpg-agent requires it internally) is never stored on disk but
> kept in a special memory area of gpg-agent ("secure memory"). That
> memory area is protected from swapping out to disk.
>
Great.

> However we rely on the OS's kernel not to reveal the content of a
> pipe. Pipes are used to convey the passphrase from the pinnetry to

I suppose Linux does the right thing wrt this issue. Correct?

>
> The cache is only in RAM. It is not encrypted there because you would
> anyway need to store the decryption key somehere else in RAM.
>
And the cache is also is secure memory, just like the passphrases.
Right?

Thanks a lot.

Jorge

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Wed, 22 Nov 2006 10:05, jalmeida@math.ist.utl.pt said:

>> However we rely on the OS's kernel not to reveal the content of a
>> pipe. Pipes are used to convey the passphrase from the pinnetry to
>
> I suppose Linux does the right thing wrt this issue. Correct?

Yes, unless there is a bug.

> And the cache is also is secure memory, just like the passphrases.

Yes.


Salam-Shalom,

Werner


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

:On Wed, 22 Nov 2006, Werner Koch wrote:

> On Wed, 22 Nov 2006 10:05, jalmeida@math.ist.utl.pt said:
>> I suppose Linux does the right thing wrt this issue. Correct?
>
> Yes, unless there is a bug.
>
>> And the cache is also is secure memory, just like the passphrases.
>
> Yes.
>
Thanks again.
--
Jorge

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Donnerstag, 8. Dezember 2022 05:48:34 CET Vishal Rana via Gnupg-users
wrote:
> I want to use Gnupg for Digital Signature and other cryptographic functions
> for our project.
>
> On the server side its working fine. Where I am doing digital signatures by
> enabling FIP140-2.
>
> But on the target side, we are using an embedded processor (imx6 + linux)
> on which
> I want to include the minimum feature for D.Signature verification with
> FIP140-2.
> But I am not sure what all things need to include in rootfs to achieve the
> same.

If all you need is signature verification, then you can probably use gpgv which
exists exactly for this use case.

Regards,
Ingo