From vineet1408 at gmail.com Fri Dec 1 10:16:26 2006 From: vineet1408 at gmail.com (Vineet Madan) Date: Fri, 1 Dec 2006 14:46:26 +0530 Subject: [Winpt-users] What is the format of the passphrase stored. Message-ID: <89c509b50612010116j7c0b5bc3l7ef38dc06c32a75c@mail.gmail.com> Dear timo thanks for just replying with the bulls eye answer regarding calculation of hash .. thx once again to all who replied. If i know correctly as discussed on the mail lisr some time back the passphrase becomes part of the private key Can u pl tell that in what format is the passphrase stored in the keyring 2. what is the format of passphrase while it is stored on the keyserver (iam using pks0.9.6 ... will it be different for different server). 3. if passphrase ( bits making the passphrase ) is not part of the private key where is it stored and in what format.? regards and thx a lot vineet madan On 11/30/06, Timo Schulz wrote: > > Vineet Madan wrote: > > > how do we calculate and thus see the hash of any file in GPG. is there a > > provision of doing it through winpt or there is some command in GPG. or > to > > do that i need to install a md5 or sha1sum.exe and then run the command > > from command prompt to get the values.. > > Just for completeness: > > gpg --print-md {sha1, md5, ripemd160} file1.txt file2.pdf > > > > Timo > > _______________________________________________ > Winpt-users mailing list > Winpt-users at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/winpt-users > -- God is Great VINEET MADAN emailid: vineet1408 at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.wald.intevation.org/pipermail/winpt-users/attachments/20061201/032ec8e7/attachment.htm From twoaday at gmx.net Sat Dec 2 11:25:38 2006 From: twoaday at gmx.net (Timo Schulz) Date: Sat, 02 Dec 2006 11:25:38 +0100 Subject: [Winpt-users] What is the format of the passphrase stored. In-Reply-To: <89c509b50612010116j7c0b5bc3l7ef38dc06c32a75c@mail.gmail.com> References: <89c509b50612010116j7c0b5bc3l7ef38dc06c32a75c@mail.gmail.com> Message-ID: <457154A2.10601@gmx.net> Vineet Madan wrote: > Can u pl tell that in what format is the passphrase stored in the keyring The passphrase is *not* stored in the keyring! The passphrase will be hashed in combined with a salt to produce a "derrived random key" which is used to encrypt the secret key parts. > 2. what is the format of passphrase while it is stored on the keyserver It seems you have a wrong picture of (public key) cryptography. I would suggest to read some basic documents about the concepts if you are interested in technical details. Of course the keyserver just stores the *public* parts of the key. The secret key _should_ never leave your machine/smartcard/disk. > 3. if passphrase ( bits making the passphrase ) is not part of the private > key where is it stored and in what format.? RFC2440 describes the procedure to convert a "string=passphrase" to a key (S2K). Sorry that I can give you a more detailed answer, Timo From vineet1408 at gmail.com Sun Dec 3 09:10:00 2006 From: vineet1408 at gmail.com (Vineet Madan) Date: Sun, 3 Dec 2006 13:40:00 +0530 Subject: [Winpt-users] HOW to view master default signing key from gpg Message-ID: <89c509b50612030010x163cac92veb7c8abcf619c889@mail.gmail.com> Dear Timo , thanks again ...You rock... Can u please tell that when we sign a key either we can sign with a default key, or choose any private key on keyring by --local-user option. However how do i view my default signing key. and how does it get created. is the first key created in gpg keyring becomes the default signing key.. Can u please answer me ..please... regards to all vineet On 12/2/06, Timo Schulz wrote: > > Vineet Madan wrote: > > > Can u pl tell that in what format is the passphrase stored in the > keyring > > The passphrase is *not* stored in the keyring! > > The passphrase will be hashed in combined with a salt to > produce a "derrived random key" which is used to encrypt > the secret key parts. > > > > 2. what is the format of passphrase while it is stored on the keyserver > > It seems you have a wrong picture of (public key) cryptography. I would > suggest to read some basic documents about the concepts if you are > interested in technical details. > > Of course the keyserver just stores the *public* parts of the key. > The secret key _should_ never leave your machine/smartcard/disk. > > > > 3. if passphrase ( bits making the passphrase ) is not part of the > private > > key where is it stored and in what format.? > > RFC2440 describes the procedure to convert a "string=passphrase" to a > key (S2K). > > > Sorry that I can give you a more detailed answer, > > Timo > _______________________________________________ > Winpt-users mailing list > Winpt-users at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/winpt-users > -- God is Great VINEET MADAN emailid: vineet1408 at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.wald.intevation.org/pipermail/winpt-users/attachments/20061203/7af86f55/attachment.html From twoaday at gmx.net Mon Dec 4 08:57:18 2006 From: twoaday at gmx.net (Timo Schulz) Date: Mon, 04 Dec 2006 08:57:18 +0100 Subject: [Winpt-users] HOW to view master default signing key from gpg In-Reply-To: <89c509b50612030010x163cac92veb7c8abcf619c889@mail.gmail.com> References: <89c509b50612030010x163cac92veb7c8abcf619c889@mail.gmail.com> Message-ID: <4573D4DE.4040008@gmx.net> Vineet Madan wrote: > However how do i view my default signing key. and how does it get created. > is the first key created in gpg keyring becomes the default signing key.. If no settings force the use of a special default key, it is IMHO the first useable secret key. But you can change it with "local-user" or "default-key" in the gpg.conf. Timo From vedaal at hush.com Mon Dec 4 18:35:42 2006 From: vedaal at hush.com (vedaal@hush.com) Date: Mon, 04 Dec 2006 12:35:42 -0500 Subject: [Winpt-users] What is the format of the passphrase stored. Message-ID: <20061204173544.3D03922848@mailserver9.hushmail.com> On Sat, 02 Dec 2006 05:25:38 -0500 Timo Schulz wrote: >Vineet Madan wrote: > >> Can u pl tell that in what format is the passphrase stored in >the keyring > >The passphrase is *not* stored in the keyring! > >The passphrase will be hashed in combined with a salt to >produce a "derrived random key" which is used to encrypt >the secret key parts. Vineet, this symmetrically 'encrypted' part is stored in the secret key, but as an an encryption of the secret key, not as a passphrase only the 'right' passphrase unlocks the symmetric encryption, and allows the secret key to be used, as an illustration, here is a test key : wpttk at key.test -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.5 (MingW32) Comment: rsa 1024 test key mI0ERXRSMwEEAMAl6BY4x8Pu+ah/DGYSVxZur3OJ1YD5f3qTP8E39mxVlr2PYJa6 LB/atefIgexoAM1JZEHF3Tvo47ocuiZEWcCxf4Z5xn2CWbbZtKqQ61aqbqhnqq2O J/w1TwMXuwSh2B1YCPZ02DAbfFtntid+3bizN6ReLswfO4yJ8UXQyP8zABEBAAG0 FndwdHRrIDx3cHR0a0BrZXkudGVzdD6ItwQTAQgAIQUCRXRSMwIbIQcLCQgHAwIB BBUCCAMEFgIDAQIeAQIXgAAKCRDkxJBcpVkY7TBxBACozkloz2lQ7lwFhwIYhzHj x3Ox0gkMyCEdcm8CRtZ9ntmBnim8ubaWjp3BobhFmGOhLT0cBDUdJXakENph06ft JFyp7n/RGmer+LspcAc5D1H4FRLehP5ZKvlu5G5yn6lAuHGHEUuyGNwYgPQurQvl zaO/GFzKbx/lkgvl6aDetQ== =W3FE -----END PGP PUBLIC KEY BLOCK----- here is the secret key, with a passphrase encrypting it: -----BEGIN PGP PRIVATE KEY BLOCK----- Version: GnuPG v1.4.5 (MingW32) Comment: passphrase: wpttk lQIGBEV0UjMBBADAJegWOMfD7vmofwxmElcWbq9zidWA+X96kz/BN/ZsVZa9j2CW uiwf2rXnyIHsaADNSWRBxd076OO6HLomRFnAsX+GecZ9glm22bSqkOtWqm6oZ6qt jif8NU8DF7sEodgdWAj2dNgwG3xbZ7Ynft24szekXi7MHzuMifFF0Mj/MwARAQAB /goDCDq4t2eTBURkYEoc2giyNp6REwln96/DxlVrxN3QfgW2MzeTo6stTKyt3X2e p7i/59QuNeeScnTnc1WaJIvtgWDCE2gH7K7HFe+u5Ny/pILJRqLUj1wIAGqCCyY1 6qWPMjxKPLN87M1vuHZqjFv8SB5q7TR4mocjolZul9YQeMTs+JhuCbk/M/0i+8r0 0AdroGxwobPHV1JEpBL1p1VOPcoeXbFqY8hBD4tJXpaUjD66E9g21ijtoYv7YasL FXmgCUYQGdl55TNOvl+OeyVgRdbl5IsPlxSDwgyi7DQpnl5mU0jS1cHM9+XGwbe+ X/hUTASK6TEeHN8LnV0BthasuFBvd0q/HAW0lzXr5j7ogYCXepERrHM2cIvZ5mpq JjVPx3AaEjhATUrrIBrlGUmecG1vq5P94Y0EhZhLURaduPV1qI/2VFTfyr4lUcOb YyHJKyWEyjTWVmgE3Y/zR9atmyxb8pazyf8bnZpKCH5uhlE23HbV7Cm0FndwdHRr IDx3cHR0a0BrZXkudGVzdD6ItwQTAQgAIQUCRXRSMwIbIQcLCQgHAwIBBBUCCAME FgIDAQIeAQIXgAAKCRDkxJBcpVkY7TBxBACozkloz2lQ7lwFhwIYhzHjx3Ox0gkM yCEdcm8CRtZ9ntmBnim8ubaWjp3BobhFmGOhLT0cBDUdJXakENph06ftJFyp7n/R Gmer+LspcAc5D1H4FRLehP5ZKvlu5G5yn6lAuHGHEUuyGNwYgPQurQvlzaO/GFzK bx/lkgvl6aDetQ== =UxHn -----END PGP PRIVATE KEY BLOCK----- here is the secret key with _no_ passphrase: -----BEGIN PGP PRIVATE KEY BLOCK----- Version: GnuPG v1.4.5 (MingW32) Comment: no passphrase, secret key un-encrypted lQHYBEV0UjMBBADAJegWOMfD7vmofwxmElcWbq9zidWA+X96kz/BN/ZsVZa9j2CW uiwf2rXnyIHsaADNSWRBxd076OO6HLomRFnAsX+GecZ9glm22bSqkOtWqm6oZ6qt jif8NU8DF7sEodgdWAj2dNgwG3xbZ7Ynft24szekXi7MHzuMifFF0Mj/MwARAQAB AAP9FDVIYeHp3IjrF9X4y1ldcF4GtMuHuU9EIXOQDnWgxIcB2gDUwzVkQ5tgazaS t3a+sthno2U4Xb8iCCZSS4j/uU4qtc8A0l3+2b3QMwDY3Uk3h21RP0yG14b0avXH 2wWD77VHCNTHzAOf4VAdGhAAWz3CZ1d25enZXl0uByKlX3ECANysoch+6Kc+rqpB rArR+WndicyOEPFO6JHGSNYdcIZ3/de+EViEaESe9nfQ3wPsc9Wivywxy44hKA0W Qnt+RWMCAN7oQDO3g15uVRAVyyxs0SZ2igtZDkZp6MQgyhJEPcHKfSo1FrOs6PkF SXPO18nCqmNvc9ylY6Ioxu4pIQ8Jr/EB/RQzA6rRTeOKb1uhbQ2qTkz/W8ArWBAU s9TfaUwDiELlCfCKlKBMaNNjJ00JCGjbgPUhcZNAEtAYtDMRtaHfTK6dkLQWd3B0 dGsgPHdwdHRrQGtleS50ZXN0Poi3BBMBCAAhBQJFdFIzAhshBwsJCAcDAgEEFQII AwQWAgMBAh4BAheAAAoJEOTEkFylWRjtMHEEAKjOSWjPaVDuXAWHAhiHMePHc7HS CQzIIR1ybwJG1n2e2YGeKby5tpaOncGhuEWYY6EtPRwENR0ldqQQ2mHTp+0kXKnu f9EaZ6v4uylwBzkPUfgVEt6E/lkq+W7kbnKfqUC4cYcRS7IY3BiA9C6tC+XNo78Y XMpvH+WSC+XpoN61 =l4z5 -----END PGP PRIVATE KEY BLOCK----- now, save both of these private key blocks, and run gpg --list-packets and compare the results: i save the one with the secret key, as v:\wpttkSK.asc and the one without the passphrase as v:\wpttkSKNP.asc here is a comparison of the gpg --list-packet outputs: c:\gnupg>gpg --list-packets v:\wpttkSK.asc gpg: armor: BEGIN PGP PUBLIC KEY BLOCK gpg: armor header: Version: GnuPG v1.4.5 :public key packet: version 4, algo 1, created 1165251123, expires 0 pkey[0]: [1024 bits] pkey[1]: [17 bits] :user ID packet: "wpttk " :signature packet: algo 1, keyid E4C4905CA55918ED version 4, created 1165251123, md5len 0, sigclass 13 digest algo 8, begin of digest 30 71 hashed subpkt 2 len 4 (sig created 2006-12-04) hashed subpkt 27 len 1 (key flags: 21) hashed subpkt 11 len 6 (pref-sym-algos: 9 8 7 3 2 1) hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3) hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1) hashed subpkt 30 len 1 (features: 01) hashed subpkt 23 len 1 (key server preferences: 80) subpkt 16 len 8 (issuer key ID E4C4905CA55918ED) data: [1024 bits] gpg: armor: BEGIN PGP PRIVATE KEY BLOCK gpg: armor header: Version: GnuPG v1.4.5 (MingW32) :secret key packet: version 4, algo 1, created 1165251123, expires 0 skey[0]: [1024 bits] skey[1]: [17 bits] iter+salt S2K, algo: 10, SHA1 protection, hash: 8, salt: 3ab8b7679305446 4 protect count: 96 protect IV: 4a 1c da 08 b2 36 9e 91 13 09 67 f7 af c3 c6 55 encrypted stuff follows :user ID packet: "wpttk " :signature packet: algo 1, keyid E4C4905CA55918ED version 4, created 1165251123, md5len 0, sigclass 13 digest algo 8, begin of digest 30 71 hashed subpkt 2 len 4 (sig created 2006-12-04) hashed subpkt 27 len 1 (key flags: 21) hashed subpkt 11 len 6 (pref-sym-algos: 9 8 7 3 2 1) hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3) hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1) hashed subpkt 30 len 1 (features: 01) hashed subpkt 23 len 1 (key server preferences: 80) subpkt 16 len 8 (issuer key ID E4C4905CA55918ED) data: [1024 bits] c:\gnupg>gpg --list-packets v:\wpttkSKNP.asc (snipped public key part) gpg: armor: BEGIN PGP PRIVATE KEY BLOCK gpg: armor header: Version: GnuPG v1.4.5 (MingW32) :secret key packet: version 4, algo 1, created 1165251123, expires 0 skey[0]: [1024 bits] skey[1]: [17 bits] skey[2]: [1021 bits] skey[3]: [512 bits] skey[4]: [512 bits] skey[5]: [509 bits] checksum: 9d90 :user ID packet: "wpttk " :signature packet: algo 1, keyid E4C4905CA55918ED version 4, created 1165251123, md5len 0, sigclass 13 digest algo 8, begin of digest 30 71 hashed subpkt 2 len 4 (sig created 2006-12-04) hashed subpkt 27 len 1 (key flags: 21) hashed subpkt 11 len 6 (pref-sym-algos: 9 8 7 3 2 1) hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3) hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1) hashed subpkt 30 len 1 (features: 01) hashed subpkt 23 len 1 (key server preferences: 80) subpkt 16 len 8 (issuer key ID E4C4905CA55918ED) data: [1024 bits] without the passphrase: these parts of the secret key are ready for use: skey[2]: [1021 bits] skey[3]: [512 bits] skey[4]: [512 bits] skey[5]: [509 bits] in the first example, they are encrypted, and unavailable in a sense, the passphrase is 'stored' only functionally, that the symmetrically encrypted packet uses specifically that passphrase as the key to decrypt it vedaal Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 From twoaday at gmx.net Fri Dec 8 22:05:52 2006 From: twoaday at gmx.net (Timo Schulz) Date: Fri, 08 Dec 2006 22:05:52 +0100 Subject: [Winpt-users] Announcement for WinPT 1.2.0 Message-ID: <4579D3B0.4000201@gmx.net> Hi, I'm pleased to announce a new WinPT version (1.2.0). It mainly introduces some interface changes and a lot of minor bug fixes. For now it's only available at wald.intevation.org but of course I will update the official website later. Background: I got a lot of mails in the past from users who were confused about some (advanced) features WinPT offers and its way to configure them. And I've to admit that the purpose of WinPT is a graphical front-end for GPG and _not_ a universal crypto program. That's why I use the next release to separate or remove interface which need a lot of cryptographic knowledge. * For example the different wipe modes(*) * Related to the wipe mode is free space wiping, it is disabled in 1.2.0. (*) * Some might remember my first steps with CryptDisk. The code is still alive but it will be separated from WinPT. And due to missing free time, it is frozen for undefinte time. Timo p.s. As noted before, secure wiping is a very difficult task especially on journaling file systems like NTFS. Dedicated tools should be used for this purpose (or alternatively, I might provide such a feature in an extra program). From ppilat at isdim.cz Mon Dec 4 15:38:41 2006 From: ppilat at isdim.cz (=?iso-8859-2?Q?Pil=E1t_Pavel?=) Date: Mon, 4 Dec 2006 15:38:41 +0100 Subject: [Winpt-users] how to choose a subkey to encrypt with Message-ID: <8F7876BFE712CC4F97583599A8D4B7B10A562E@srvis01.ISDIM.local> Hello, I have two encryption (ElGamal) keys in my public key: one expires in less than a year and the other one doesn't have an expiration date. I'm playing around and I'd like to encrypt a message with any of them - how to do that? Pavel Pilat From twoaday at gmx.net Sun Dec 17 18:15:49 2006 From: twoaday at gmx.net (Timo Schulz) Date: Sun, 17 Dec 2006 18:15:49 +0100 Subject: [Winpt-users] how to choose a subkey to encrypt with In-Reply-To: <8F7876BFE712CC4F97583599A8D4B7B10A562E@srvis01.ISDIM.local> References: <8F7876BFE712CC4F97583599A8D4B7B10A562E@srvis01.ISDIM.local> Message-ID: <45857B45.1080805@gmx.net> Pil?t Pavel wrote: > one expires in less than a year and the other one doesn't have an > expiration date. I'm playing around and I'd like to encrypt > a message with any of them - how to do that? On the console you have to add an "!" after the keyid to force the use of a special subkey. gpg -r DEADBEEF! -e your_file Timo