Mailing List Archive

GnuPG and g10 code
Hi,

last week I basically finished the new infrastructure for www.gnupg.org
<http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg-doc.git> and posted a
new blog entry which you find below in plain text. If anyone has an
interesting thing to say about GnuPG and related topics, drop me a note
and we can publish it there. The blog part of the site has no comment
functions because I find it easier to have discussions by mail.


Salam-Shalom,

Werner

====
<https://gnupg.org/blog/20141214-gnupg-and-g10.html>


After the release of GnuPG 1.0 in 1999 it turned out that this was not
a write once and forget project. The unrestricted availability of the
software and public concerns about the acquirement of /PGP Inc./ by
/NAI Inc./ (coincidentally at the time of the initial GnuPG release in
December 1997) raised a lot of interest by those who always cared
about privacy issues.

Fortunately the funding of the Windows port by the German Ministry of
Economics helped to finance the maintenance and further developments
in 1999 and 2000. After that I decided to keep on working on GnuPG
full time and founded [g10^code GmbH] in 2001 as a legal framework for
it. The company is owned entirely by my brother [Walter] and myself
and I like to thank him for his long time support and waive of profit
distribution. If you ever wondered about the name: /g10/ is a
reference on the German constitution article on freedom of
communication (Grundgesetz [Artikel 10]) and a pun on the [G-10] law
which allows the secret services to bypass these constitutional
guaranteed freedoms.

The best known project of g10^code is probably version 2 of GnuPG,
which started under the name /NewPG/ as part of the broader /Aegypten/
project. The main goal of Aegypten was to provide support for S/MIME
under GNU/Linux and integrate that cleanly with other mail clients,
most notably KMail. This project was due to a public tender of the
[BSI] (German federal office for information security) and awarded to
a consortium of g10^code, [Intevation], and [KDAB]. Another large
project is [Gpg4win] which has its roots in a port of GnuPG-2 to
Windows done by g10^code as part of a health research project.
Another tender awarded to the same consortium extended this port to
the now mostly used GnuPG distribution for Windows.

Now, how viable is it to run a company for the development of free
security software? Not very good I had to realize: the original plan
of selling support contracts did not worked out too well due to the
lack of resources for marketing. Larger development projects raised
most of the revenues but they are not easy to acquire. In the last
years we had problems to get new GnuPG related development contracts
which turned the company into a one-person show by fall 2012. I
actually planned to shut it down in 2013 and to take a straight coder
job somewhere. However, as a side effect of Edward Snowden‘s brave
actions, there was more public demand for privacy tools and thus I
concluded that it is worth to keep on working on GnuPG.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
year profit wages n balance
─────────────────────────────────
2001 -12000 11000 2 31000
2002 3000 40000 3 32000
2003 -16000 26000 3 35000
2004 3000 45000 4 52000
2005 0 44000 4 56000
2006 2000 48000 3 49000
2007 50000 57000 2 99000
2008 11000 75000 3 94000
2009 -23000 72000 3 68000
2010 28000 74000 2 78000
2011 -41000 63000 2 81000
2012 -16000 54000 2 45000
2013 -10000 32000 1 44000
2014 12000 32000 1 47000
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

The table above is a summary of g10^{code}’s balance sheets (in Euro,
2014 are estimations). /profit/ gives the annual net profit or loss,
/wages/ are the gross salary costs for the /n/ employed developers,
and /balance/ is the balance sheet total. Despite of our low wages we
accumulated an estimated loss of 9000 Euro over the last 3 years. The
crowdfunding campaign last year proved that there are many people who
like to see GnuPG alive and maintained. Despite the huge [costs] of
the campaign it allowed me to keep working on GnuPG and I am confident
that there will be ways to continue work in 2015.


[g10^code GmbH] https://g10code.com

[Walter] http://www.u32.de

[Artikel 10]
http://de.wikipedia.org/wiki/Artikel_10_des_Grundgesetzes_f%C3%BCr_die_Bundesrepublik_Deutschland

[G-10]
http://en.wikipedia.org/wiki/Gesetz_zur_Beschr%C3%A4nkung_des_Brief-,_Post-_und_Fernmeldegeheimnisses

[BSI] http://www.bsi.de/EN/

[Intevation] https://intevation.de/index.en.html

[KDAB] https://kdab.com

[Gpg4win] http://www.gpg4win.org

[costs] file:20140512-rewards-sent.org


--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG and g10 code [ In reply to ]
Thanks for the good work! Do you get any income from kernel concepts with
sale of the OpenPGP smart cards? I prefer to buy products from for-profit
companies, and donate only to charities / nonprofit organizations.
On Dec 15, 2014 2:54 AM, "Werner Koch" <wk@gnupg.org> wrote:

> Hi,
>
> last week I basically finished the new infrastructure for www.gnupg.org
> <http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg-doc.git> and posted a
> new blog entry which you find below in plain text. If anyone has an
> interesting thing to say about GnuPG and related topics, drop me a note
> and we can publish it there. The blog part of the site has no comment
> functions because I find it easier to have discussions by mail.
>
>
> Salam-Shalom,
>
> Werner
>
> ====
> <https://gnupg.org/blog/20141214-gnupg-and-g10.html>
>
>
> After the release of GnuPG 1.0 in 1999 it turned out that this was not
> a write once and forget project. The unrestricted availability of the
> software and public concerns about the acquirement of /PGP Inc./ by
> /NAI Inc./ (coincidentally at the time of the initial GnuPG release in
> December 1997) raised a lot of interest by those who always cared
> about privacy issues.
>
> Fortunately the funding of the Windows port by the German Ministry of
> Economics helped to finance the maintenance and further developments
> in 1999 and 2000. After that I decided to keep on working on GnuPG
> full time and founded [g10^code GmbH] in 2001 as a legal framework for
> it. The company is owned entirely by my brother [Walter] and myself
> and I like to thank him for his long time support and waive of profit
> distribution. If you ever wondered about the name: /g10/ is a
> reference on the German constitution article on freedom of
> communication (Grundgesetz [Artikel 10]) and a pun on the [G-10] law
> which allows the secret services to bypass these constitutional
> guaranteed freedoms.
>
> The best known project of g10^code is probably version 2 of GnuPG,
> which started under the name /NewPG/ as part of the broader /Aegypten/
> project. The main goal of Aegypten was to provide support for S/MIME
> under GNU/Linux and integrate that cleanly with other mail clients,
> most notably KMail. This project was due to a public tender of the
> [BSI] (German federal office for information security) and awarded to
> a consortium of g10^code, [Intevation], and [KDAB]. Another large
> project is [Gpg4win] which has its roots in a port of GnuPG-2 to
> Windows done by g10^code as part of a health research project.
> Another tender awarded to the same consortium extended this port to
> the now mostly used GnuPG distribution for Windows.
>
> Now, how viable is it to run a company for the development of free
> security software? Not very good I had to realize: the original plan
> of selling support contracts did not worked out too well due to the
> lack of resources for marketing. Larger development projects raised
> most of the revenues but they are not easy to acquire. In the last
> years we had problems to get new GnuPG related development contracts
> which turned the company into a one-person show by fall 2012. I
> actually planned to shut it down in 2013 and to take a straight coder
> job somewhere. However, as a side effect of Edward Snowden‘s brave
> actions, there was more public demand for privacy tools and thus I
> concluded that it is worth to keep on working on GnuPG.
>
> ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
> year profit wages n balance
> ─────────────────────────────────
> 2001 -12000 11000 2 31000
> 2002 3000 40000 3 32000
> 2003 -16000 26000 3 35000
> 2004 3000 45000 4 52000
> 2005 0 44000 4 56000
> 2006 2000 48000 3 49000
> 2007 50000 57000 2 99000
> 2008 11000 75000 3 94000
> 2009 -23000 72000 3 68000
> 2010 28000 74000 2 78000
> 2011 -41000 63000 2 81000
> 2012 -16000 54000 2 45000
> 2013 -10000 32000 1 44000
> 2014 12000 32000 1 47000
> ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
>
> The table above is a summary of g10^{code}’s balance sheets (in Euro,
> 2014 are estimations). /profit/ gives the annual net profit or loss,
> /wages/ are the gross salary costs for the /n/ employed developers,
> and /balance/ is the balance sheet total. Despite of our low wages we
> accumulated an estimated loss of 9000 Euro over the last 3 years. The
> crowdfunding campaign last year proved that there are many people who
> like to see GnuPG alive and maintained. Despite the huge [costs] of
> the campaign it allowed me to keep working on GnuPG and I am confident
> that there will be ways to continue work in 2015.
>
>
> [g10^code GmbH] https://g10code.com
>
> [Walter] http://www.u32.de
>
> [Artikel 10]
>
> http://de.wikipedia.org/wiki/Artikel_10_des_Grundgesetzes_f%C3%BCr_die_Bundesrepublik_Deutschland
>
> [G-10]
>
> http://en.wikipedia.org/wiki/Gesetz_zur_Beschr%C3%A4nkung_des_Brief-,_Post-_und_Fernmeldegeheimnisses
>
> [BSI] http://www.bsi.de/EN/
>
> [Intevation] https://intevation.de/index.en.html
>
> [KDAB] https://kdab.com
>
> [Gpg4win] http://www.gpg4win.org
>
> [costs] file:20140512-rewards-sent.org
>
>
> --
> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
Re: GnuPG and g10 code [ In reply to ]
On Mon, 15 Dec 2014 13:02, brian@minton.name said:
> Thanks for the good work! Do you get any income from kernel concepts with
> sale of the OpenPGP smart cards? I prefer to buy products from for-profit
> companies, and donate only to charities / nonprofit organizations.

Initially I distributed few hundreds cards myself; however this is a lot
of work given that my business is not setup for distributing small
physical goods. Thus I asked Petra of kernelconcepts whether they want
to do take care of it. They do not make a lot of profit from the cards
and thus I do not ask for a share of it.

g10 Code is not a charity but there have been talks on how to set up a
charitable entity to support crypto projects. I hope that we can
establish this by next spring. In the meantime you may donate to the
Wau Holland Stiftung <https://www.wauland.de/en/donation.html#61> which
is a charity and will use these donation to pay for development work on
GnuPG.


Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG and g10 code [ In reply to ]
Hi Werner.
1. I knew nothing about this smart card.
2 Searched on Google. Found http://shop.kernelconcepts.de/product_info.php

from there I see For more information, please visit this products webpage.

Sadly that page is 404
http://www.hidglobal.de/products/readers/omnikeyindex.php?id=20

Where can I read a user view of this product and software please?

regards


On 16 December 2014 at 09:06, Werner Koch <wk@gnupg.org> wrote:
> On Mon, 15 Dec 2014 13:02, brian@minton.name said:
>> Thanks for the good work! Do you get any income from kernel concepts with
>> sale of the OpenPGP smart cards? I prefer to buy products from for-profit
>> companies, and donate only to charities / nonprofit organizations.
>
> Initially I distributed few hundreds cards myself; however this is a lot
> of work given that my business is not setup for distributing small
> physical goods. Thus I asked Petra of kernelconcepts whether they want
> to do take care of it. They do not make a lot of profit from the cards
> and thus I do not ask for a share of it.
>
> g10 Code is not a charity but there have been talks on how to set up a
> charitable entity to support crypto projects. I hope that we can
> establish this by next spring. In the meantime you may donate to the
> Wau Holland Stiftung <https://www.wauland.de/en/donation.html#61> which
> is a charity and will use these donation to pay for development work on
> GnuPG.
>
>
> Salam-Shalom,
>
> Werner
>
> --
> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users



--
Dave Pawson
XSLT XSL-FO FAQ.
Docbook FAQ.
http://www.dpawson.co.uk

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG and g10 code [ In reply to ]
On Tue, 16 Dec 2014 11:11, dave.pawson@gmail.com said:

> 1. I knew nothing about this smart card.
> 2 Searched on Google. Found http://shop.kernelconcepts.de/product_info.php

What about:

https://en.wikipedia.org/wiki/OpenPGP_card

and the second section of

https://gnupg.org/documentation/howtos.html



Shalom-Salam,

Werner


--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG and g10 code [ In reply to ]
On 16 December 2014 at 12:16, Werner Koch <wk@gnupg.org> wrote:
> On Tue, 16 Dec 2014 11:11, dave.pawson@gmail.com said:
>
>> 1. I knew nothing about this smart card.
>> 2 Searched on Google. Found http://shop.kernelconcepts.de/product_info.php
>
> What about:
>
> https://en.wikipedia.org/wiki/OpenPGP_card

(IMHO) pure geekery copied from one of the other pages?


>
> and the second section of
>
> https://gnupg.org/documentation/howtos.html

https://gnupg.org/howtos/card-howto/en/smartcard-howto-single.html#id2456468

Note how quickly it gets into using GPG? Then into software installation?
Missing, the layer above this, the marketing 'spiel'.

OK, it could be me (I don't think it is).

Simple question, WTF is thing all about? I have lots of credit cards
(are they smart? No idea).
I know what to do with them. I think this thing is different, so my
first question is what is it for?
Why should I be interested, what can it do (especially as it
costs....?80 Euro with reader?)

As if you are talking to your little sister (big sister, anyone one
non-geek :-) tell me (us)
what it offers?

I'll shut up now <sorry/>

regards




>
>
>
> Shalom-Salam,
>
> Werner
>
>
> --
> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
>



--
Dave Pawson
XSLT XSL-FO FAQ.
Docbook FAQ.
http://www.dpawson.co.uk

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG and g10 code [ In reply to ]
On 16/12/14 13:26, Dave Pawson wrote:
>> What about:
>>
>> https://en.wikipedia.org/wiki/OpenPGP_card
>
> (IMHO) pure geekery copied from one of the other pages?

Hmmm, that article seems lacking. If you would have asked nicely, I might have
bothered to improve it. Now, I don't feel inclined to do it. I'll get around to
it one day.

Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG and g10 code [ In reply to ]
Not meant as a critique of the content, just pointing out that
it does not explain 'why' and 'what' the card and software (as a system) do
for the reader new to the idea. It may be accurate technically.

Dave



On 17 December 2014 at 00:35, Peter Lebbing <peter@digitalbrains.com> wrote:
> On 16/12/14 13:26, Dave Pawson wrote:
>>> What about:
>>>
>>> https://en.wikipedia.org/wiki/OpenPGP_card
>>
>> (IMHO) pure geekery copied from one of the other pages?
>
> Hmmm, that article seems lacking. If you would have asked nicely, I might have
> bothered to improve it. Now, I don't feel inclined to do it. I'll get around to
> it one day.
>
> Peter.
>
> --
> I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
> You can send me encrypted mail if you want some privacy.
> My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users



--
Dave Pawson
XSLT XSL-FO FAQ.
Docbook FAQ.
http://www.dpawson.co.uk

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users