From bernhard at intevation.de Mon Feb 1 15:56:17 2010 From: bernhard at intevation.de (Bernhard Reiter) Date: Mon, 1 Feb 2010 15:56:17 +0100 Subject: [Gpg4win-users-en] outlook 2007 In-Reply-To: References: <201001211050.00929.bernhard@intevation.de> Message-ID: <201002011556.26371.bernhard@intevation.de> Am Donnerstag, 21. Januar 2010 16:22:22 schrieb Tang, Jayne M: > We de-installed GpgOL and are using GPG4win to encrypt files on our > hard-drives and then we drag (or insert) the encrypted file into our > outlook email as an attachment. > > Does this method also pose a problem? ? No. It is a little less convenient compared to directly being able to use the email with attachments. > You mentioned below that there is > still a problem with sending emails via exchange. > Can you please describe the problems that are happening with Outlook and > what we should be watching for? It is a problem with GpgOL, Outlook and Exchange. The email will just not be send - so it is easy to spot, you'll get an error message as far as I know. For details see https://bugs.g10code.com/gnupg/issue1102 (Sending enc/signed mails does not work with Exchange) -- Managing Director - Owner: www.intevation.net (Free Software Company) Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com. Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. Url : http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20100201/e6a6f84d/attachment.pgp From bernhard at intevation.de Mon Feb 1 15:58:38 2010 From: bernhard at intevation.de (Bernhard Reiter) Date: Mon, 1 Feb 2010 15:58:38 +0100 Subject: [Gpg4win-users-en] Intranet LDAP to store OpenPGP and S/MIME certificates In-Reply-To: <768efa0f1001250412r5f400846v7eab234b8c8785b7@mail.gmail.com> References: <768efa0f1001250412r5f400846v7eab234b8c8785b7@mail.gmail.com> Message-ID: <201002011558.39351.bernhard@intevation.de> Am Montag, 25. Januar 2010 13:12:45 schrieb Artur Hieb: > I'm looking for an free LDAP to store all the OpenPGP Keys and S/MIME > certificates our Business partners. > I know there are a lot of Key-Servers in the internet. But we need an > internal LDAP in our intranet. Is there a known solution? Note that LDAP is a protocol, you can use any directory server that uses it. In order to find the certificates you probably will have to put them in there and use the right attribute that the searching application is looking for. > We are a small society, and we use similar software like GpgOL, called > "SECUDE secure mail". This tool need a LDAP to search for the keys and > certificates for the receivers. However, we are on a closed network > (intranet) and can't youse the Key-Server from the internet. The Free Software application called "OpenLDAP" can serve as an LDAP server. www.openldap.org -- Managing Director - Owner: www.intevation.net (Free Software Company) Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com. Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. Url : http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20100201/ca405a57/attachment.pgp From chd at chud.net Mon Feb 1 21:47:25 2010 From: chd at chud.net (Chris De Young) Date: Mon, 01 Feb 2010 13:47:25 -0700 Subject: [Gpg4win-users-en] Problem caching passphrase? Message-ID: <4B673DDD.7020006@chud.net> Hello, I just upgraded a machine to Windows 7, and in the process installed the latest versions of Thunderbird (3.0.1), Enigmail (1.0.1), and GPG4Win (2.0.1). My problem is that gpg-agent (I assume) appears to want to cache my passphrase for the default 10 minutes or so regardless of what I configure it for. I've tried raising the cache time through the Kleopatra interface, which appeared to work (and the GPA interface recognized the new values, and once I was able to locate gpg-agent.conf I saw that it also reflected the new values), but I still get prompted for my passphrase more often than I should. Am I configuring the wrong thing, or is something not working as it's supposed to? Here's my current gpg-agent.conf, for reference: ###+++--- GPGConf ---+++### default-cache-ttl 28800 default-cache-ttl-ssh 28800 ###+++--- GPGConf ---+++### 02/01/10 10:34:33 US Mountain Standard Time # GPGConf edited this configuration file. # It will disable options before this marked block, but it will # never change anything below these lines. Thanks! -Chris -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 260 bytes Desc: OpenPGP digital signature Url : http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20100201/c5077230/signature.pgp From wk at gnupg.org Thu Feb 4 08:45:23 2010 From: wk at gnupg.org (Werner Koch) Date: Thu, 04 Feb 2010 08:45:23 +0100 Subject: [Gpg4win-users-en] Problem caching passphrase? In-Reply-To: <4B673DDD.7020006@chud.net> (Chris De Young's message of "Mon, 01 Feb 2010 13:47:25 -0700") References: <4B673DDD.7020006@chud.net> Message-ID: <87ljf9la0c.fsf@vigenere.g10code.de> On Mon, 1 Feb 2010 21:47, chd at chud.net said: > My problem is that gpg-agent (I assume) appears to want to cache my Right, that is one of gpg-agent's tasks. > once I was able to locate gpg-agent.conf I saw that it also reflected > the new values), but I still get prompted for my passphrase more often > than I should. There is a second limit built into the cache. From the man page: --default-cache-ttl n Set the time a cache entry is valid to n seconds. The default are 600 seconds. --max-cache-ttl n Set the maximum time a cache entry is valid to n seconds. After this time a cache entry will get expired even if it has been accessed recently. The default are 2 hours (7200 seconds). Thus you will get a prompt after 2 hours unless you change that limit. To change that limit using a GUI you need to use GPA: Use the backend preferences menu option and switch to expert mode using the selection box in the upper right. This shows the max-cache-ttl entry. Another reason why you might see more prompts that expected is due to the cache working on a per-key base. Now an OpenPGP certificate usually has two keys: One for signing and one for encryption. Although pretty rare, they might have different passphrases and thus gpg-agent needs to cache them individually. If you change certain options the gpg-agent's cache is flushed. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From bernhard at intevation.de Fri Feb 12 12:52:29 2010 From: bernhard at intevation.de (Bernhard Reiter) Date: Fri, 12 Feb 2010 12:52:29 +0100 Subject: [Gpg4win-users-en] [Gpg4win-users-de] Expired signer's key of the latest distribution of gpg4win In-Reply-To: <4B6A61C3.9080705@gmail.com> References: <4B6A61C3.9080705@gmail.com> Message-ID: <201002121252.33093.bernhard@intevation.de> [I am answering this on users-_en_ where I believe it should go.] Am Donnerstag, 4. Februar 2010 06:57:23 schrieb M?rdklo: > This happened in Monday 100201: > Normally using Linux (Ubuntu) I also work with a Windows XP machine > (sp3), where I want to install gpg4win (latest working version). I > found this gpg4win-2.0.1.exe at http://gpg4win.org/. However the > corresponding sig-file seems to be out of date and I don't want to > install this kind of software without beeing quite sure of validity and > trust. > When I try to verify the distribution (from linux where I do have gpgv > installed, and some of the signer's unexpired keys) I got this: > lars at myubuntuno1:~$ gpg --verify /home/lars/Desktop/gpg4win-2.0.1.exe.sig > gpg: Signature made Mon 28 Sep 2009 06:47:45 PM CEST using RSA key ID > 1CE0C630 > gpg: Good signature from "Werner Koch (dist sig) " This means the signature is good. > gpg: Note: This key has expired! > Primary key fingerprint: 7B96 D396 E647 1601 754B E4DB 53B6 20D0 1CE0 C630 > lars at myubuntuno1:~$ > > When I checked the actual key of the signer, I found that it had expired > the day before, 2010-01-31 (!). > May be something had to be corrected? > Can you give me some advices? I think the situation comes from the fact that it is not clear enough what an expired key means. This expiration usually means that people should not use the key for new crypto operations. I can be safe to check old signatures with it. In this case you are fine unless the key is revoked or cryptographically irrelevant. (Both does not seem to be the case today.) Also I believe that the key usage time was extended, so you can just get reload the key. E.g. gpg2 --recv-key 1CE0C630 (on a modern GNU system). Best, Bernhard -- Managing Director - Owner: www.intevation.net (Free Software Company) Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com. Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. Url : http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20100212/10f62aaa/attachment.pgp From shavital at mac.com Mon Feb 15 15:37:46 2010 From: shavital at mac.com (Charly Avital) Date: Mon, 15 Feb 2010 09:37:46 -0500 Subject: [Gpg4win-users-en] Keyring in public location In-Reply-To: <20091213163606.GA7121@piper.oerlikon.madduck.net> References: <20091213163606.GA7121@piper.oerlikon.madduck.net> Message-ID: <1D6E2AB1-7A66-49E8-800C-A4201A7BFE21@mac.com> On Dec 13, 2009, at 11:36 AM, martin f krafft wrote: > Hello, > > I just installed GPG4Win 2.0.1 and was shocked to find it compiled > with C:\Programs\GNU\GnuPG\pub as its HOME directory. This means > that the private key of the first user using GPG on a system will be > accessible by all other users. > > Is this a known issue (I could not find anything in the issue > tracker), or a feature? > > Thanks, Hi, "C:\Programs\GNU\GnuPG\pub" seems to point at the public keyring where the public key of the user would be stored, and not the user's private key. But since I'm not a frequent Windows user, I might be wrong. Charly From madduck at madduck.net Mon Feb 15 19:41:54 2010 From: madduck at madduck.net (martin f krafft) Date: Tue, 16 Feb 2010 07:41:54 +1300 Subject: [Gpg4win-users-en] Keyring in public location In-Reply-To: <1D6E2AB1-7A66-49E8-800C-A4201A7BFE21@mac.com> References: <20091213163606.GA7121@piper.oerlikon.madduck.net> <1D6E2AB1-7A66-49E8-800C-A4201A7BFE21@mac.com> Message-ID: <20100215184154.GC31325@lapse.rw.madduck.net> also sprach Charly Avital [2010.02.16.0337 +1300]: > "C:\Programs\GNU\GnuPG\pub" seems to point at the public keyring > where the public key of the user would be stored, and not the > user's private key. The private key is there too. And apart, it's not public information who I have in my keyring. See Google's Buzz fiasco. -- martin | http://madduck.net/ | http://two.sentenc.es/ the only real advantage to punk music is that nobody can whistle it. spamtraps: madduck.bogus at madduck.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: Digital signature (see http://martin-krafft.net/gpg/) Url : http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20100216/621ab7a7/attachment.pgp From wk at gnupg.org Thu Feb 18 11:09:35 2010 From: wk at gnupg.org (Werner Koch) Date: Thu, 18 Feb 2010 11:09:35 +0100 Subject: [Gpg4win-users-en] Keyring in public location In-Reply-To: <20091213163606.GA7121@piper.oerlikon.madduck.net> (martin f. krafft's message of "Sun, 13 Dec 2009 17:36:06 +0100") References: <20091213163606.GA7121@piper.oerlikon.madduck.net> Message-ID: <87tyteam8w.fsf@vigenere.g10code.de> On Sun, 13 Dec 2009 17:36, madduck at madduck.net said: > I just installed GPG4Win 2.0.1 and was shocked to find it compiled > with C:\Programs\GNU\GnuPG\pub as its HOME directory. This means You probably set the GNUPGHOME variable to that directory. To see the actually used directories use gpgconf --list-dirs This is percent escaped and thus the c:/ looks a bit uncommon. Keys go the the user specific directory. The pub directory has symlinks (well kind of; they are wrapper binaries) to the actual programs in the directory above. This is to avoid cluttering the PATH search space with too many helper programs and DLLs. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Fri Feb 19 10:18:07 2010 From: wk at gnupg.org (Werner Koch) Date: Fri, 19 Feb 2010 10:18:07 +0100 Subject: [Gpg4win-users-en] Keyring in public location In-Reply-To: <20100218225846.GM9756@lapse.rw.madduck.net> (martin f. krafft's message of "Fri, 19 Feb 2010 11:58:46 +1300") References: <20091213163606.GA7121@piper.oerlikon.madduck.net> <87tyteam8w.fsf@vigenere.g10code.de> <20100218225846.GM9756@lapse.rw.madduck.net> Message-ID: <878wapa8j4.fsf@vigenere.g10code.de> On Thu, 18 Feb 2010 23:58, madduck at madduck.net said: > C:\Programs\GNU\GnuPG\pub seems like it's set at compile time. No, it isn't. Actually GnuPG does now know about "pub" - this is only used by the wrappers (see the first line of "gpg --version --version"). > My point is that the default is in a public location. No it is not the default. You or another tool changed the default by using one of these methods: 1. GNUPGHOME envvar 2. The registry key HKCU\Software\GNU\GnuPG:HomeDir. Note that, as usual, if that key is not found it is also searched under HKLM. 3. The shell variable CSIDL_APPDATA. I noticed that the manual is not fully correct: @item --homedir @var{dir} @opindex homedir Set the name of the home directory to @var{dir}. If this option is not used, the home directory defaults to @file{~/.gnupg}. It is only recognized when given on the command line. It also overrides any home directory stated through the environment variable @env{GNUPGHOME} or (on W32 systems) by means of the Registry entry @var{HKCU\Software\GNU\GnuPG:HomeDir}. It should better differentiate between POSIX and W32. IF you want to check the code, look at gnupg/common/homedir.c. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From bernhard at intevation.de Fri Feb 26 08:59:41 2010 From: bernhard at intevation.de (Bernhard Reiter) Date: Fri, 26 Feb 2010 08:59:41 +0100 Subject: [Gpg4win-users-en] pgp4win doesn't work with exchange In-Reply-To: <102062.19626.qm@web65406.mail.ac4.yahoo.com> References: <102062.19626.qm@web65406.mail.ac4.yahoo.com> Message-ID: <201002260859.45174.bernhard@intevation.de> Am Samstag, 2. Januar 2010 02:18:29 schrieb John Mountcastle: > I was surprised to find that gpg4win2.0.1 does not work with Outlook / > Exchange, The reason is a new verison of GpgOL which now can do the OpenPGP/MIME and S/MIME formats. Both are mandated for MIME aware mailers, which Outlook claims to be. Technically, for both GpgOL has to steer the mime part construction and Outlook/Exchange is giving our developers a hard time here. We cannot even say for sure that it is possible to implement this, but we will continue to try. But this is the reason that there is no timeline. > especially since I'd already installed it after whacking v 1.03, > which worked pretty well. Is there any time line around getting the Outlook > Plug-In to work, or should I remove it and reinstall 1.03? If 1.1.4 worked for you, there is not reason to not try it. ;) Bernhard -- Managing Director - Owner: www.intevation.net (Free Software Company) Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com. Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. Url : http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20100226/f6865229/attachment.pgp From bernhard at intevation.de Fri Feb 26 09:01:16 2010 From: bernhard at intevation.de (Bernhard Reiter) Date: Fri, 26 Feb 2010 09:01:16 +0100 Subject: [Gpg4win-users-en] gpgol, windows 7, outlook 2007 In-Reply-To: <000401ca83d9$9f613410$de239c30$@net> References: <000401ca83d9$9f613410$de239c30$@net> Message-ID: <201002260901.16770.bernhard@intevation.de> Am Mittwoch, 23. Dezember 2009 15:10:01 schrieb Michele Jordan: > On this install I see no option to decrypt messages on the add-in ribbon, > but I can see gpgol as a trusted add-in. ?Has the process to decrypt and > verify messages in Outlook 2007 changed with version 2.0.1 (gpgol 1.0.1)? GpgOL was complete rewritten can can do a lot more now. (See my other posts to the list a few minutes ago.) There should be buttons, though. > What else can I check? See if you did enable GpgOL in the options. Check the readme and the manual for hints. Bernhard -- Managing Director - Owner: www.intevation.net (Free Software Company) Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com. Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. Url : http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20100226/2823494d/attachment.pgp From madduck at madduck.net Thu Feb 18 23:58:58 2010 From: madduck at madduck.net (martin f krafft) Date: Thu, 18 Feb 2010 22:58:58 -0000 Subject: [Gpg4win-users-en] Keyring in public location In-Reply-To: <87tyteam8w.fsf@vigenere.g10code.de> References: <20091213163606.GA7121@piper.oerlikon.madduck.net> <87tyteam8w.fsf@vigenere.g10code.de> Message-ID: <20100218225846.GM9756@lapse.rw.madduck.net> also sprach Werner Koch [2010.02.18.2309 +1300]: > > I just installed GPG4Win 2.0.1 and was shocked to find it compiled > > with C:\Programs\GNU\GnuPG\pub as its HOME directory. This means > > You probably set the GNUPGHOME variable to that directory. To see the > actually used directories use > > gpgconf --list-dirs C:\Programs\GNU\GnuPG\pub seems like it's set at compile time. > Keys go the the user specific directory. My point is that the default is in a public location. -- martin | http://madduck.net/ | http://two.sentenc.es/ "writing a book is like washing an elephant: there no good place to begin or end, and it's hard to keep track of what you've already covered." -- anonymous spamtraps: madduck.bogus at madduck.net From michele at michelejordan.net Fri Feb 26 14:50:45 2010 From: michele at michelejordan.net (Michele Jordan) Date: Fri, 26 Feb 2010 13:50:45 -0000 Subject: [Gpg4win-users-en] gpgol, windows 7, outlook 2007 In-Reply-To: <201002260901.16770.bernhard@intevation.de> References: <000401ca83d9$9f613410$de239c30$@net> <201002260901.16770.bernhard@intevation.de> Message-ID: <002601cab6ea$c4b020c0$4e106240$@net> Thanks for taking an interest in helping me. I know gpgOL is working, because if a message is signed, I get the popup for the key. But the messages I receive are not signed, just encrypted. Again, if it is signed I see the gpgOL stuff in the add-in ribbon, but not if it is only encrypted. Sadly, this worked before gpgol was reworked. Any help you can provide would be greatly appreciated! This still doesn't work for me. -Michele -----Original Message----- From: Bernhard Reiter [mailto:bernhard at intevation.de] Sent: Friday, February 26, 2010 3:01 AM To: gpg4win-users-en at wald.intevation.org Cc: Michele Jordan Subject: Re: [Gpg4win-users-en] gpgol, windows 7, outlook 2007 Am Mittwoch, 23. Dezember 2009 15:10:01 schrieb Michele Jordan: > On this install I see no option to decrypt messages on the add-in ribbon, > but I can see gpgol as a trusted add-in. Has the process to decrypt and > verify messages in Outlook 2007 changed with version 2.0.1 (gpgol 1.0.1)? GpgOL was complete rewritten can can do a lot more now. (See my other posts to the list a few minutes ago.) There should be buttons, though. > What else can I check? See if you did enable GpgOL in the options. Check the readme and the manual for hints. Bernhard -- Managing Director - Owner: www.intevation.net (Free Software Company) Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com. Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner