security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-04 20:38:50 +01:00
Code Activity

Update for MUAs, LFS, and several small bug infos included

Browse Source
This commit is contained in:
Nils Ellmenreich 2000-11-16 20:29:54 +00:00
parent 85cec300b7
commit 1bce2334b8
2 changed files with 95 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
doc/FAQ
View File

@ -2,8 +2,8 @@
GNUPG FREQUENTLY ASKED QUESTIONS GNUPG FREQUENTLY ASKED QUESTIONS
Version: 0.32 Version: 0.33
Last-Modified: Oct 24, 2000 Last-Modified: Nov 16, 2000
Maintained-by: Nils Ellmenreich <nils 'at' gnupg.org> Maintained-by: Nils Ellmenreich <nils 'at' gnupg.org>
@ -18,7 +18,7 @@ Please send additions and corrections to the maintainer. Please, don't
send message like "This should be a FAQ - what's the answer?". If it send message like "This should be a FAQ - what's the answer?". If it
hasn't been asked before, it isn't a FAQ. Maybe you should have a look hasn't been asked before, it isn't a FAQ. Maybe you should have a look
at the mailing list archive. Otherwise, please provide the answer to be at the mailing list archive. Otherwise, please provide the answer to be
included here. included here. Your help is very much appreciated.
@ -67,15 +67,18 @@ included here.
6. PROBLEMS and ERROR MESSAGES 6. PROBLEMS and ERROR MESSAGES
6.1) Why do I get "gpg: Warning: using insecure memory!" 6.1) Why do I get "gpg: Warning: using insecure memory!"
6.2) In the edit menu the trust values is not displayed correctly after 6.2) Large File Support doesn't work ..
6.3) In the edit menu the trust values is not displayed correctly after
signing uids - why? signing uids - why?
6.3) An ElGamal signature does not verify anymore since version 1.0.2 ... 6.4) What does "skipping pubkey 1: already loaded" mean?
6.4) Old versions of GnuPG can't verify ElGamal signatures 6.5) GnuPG 1.0.4 doesn't create ~/.gnupg ...
6.5) When I use --clearsign, the plain text has sometimes extra dashes 6.6) An ElGamal signature does not verify anymore since version 1.0.2 ...
6.7) Old versions of GnuPG can't verify ElGamal signatures
6.8) When I use --clearsign, the plain text has sometimes extra dashes
in it - why? in it - why?
6.6) What is the thing with "can't handle multiple signatures"? 6.9) What is the thing with "can't handle multiple signatures"?
6.7) If I submit a key to a keyserver, nothing happens ... 6.10) If I submit a key to a keyserver, nothing happens ...
6.8) I still have a problem. How do I report a bug? 6.11) I still have a problem. How do I report a bug?
7. ADVANCED TOPICS 7. ADVANCED TOPICS
7.1) How does this whole thing work? 7.1) How does this whole thing work?
@ -200,9 +203,20 @@ included here.
signatures this is sufficient as the size of the hash signatures this is sufficient as the size of the hash
is probably the weakest link if the key size is larger is probably the weakest link if the key size is larger
than 1024 bits. Encryption keys may have greater sizes, than 1024 bits. Encryption keys may have greater sizes,
but you should than check the fingerprint of this key: but you should then check the fingerprint of this key:
"gpg --fingerprint --fingerprint <user ID>". "gpg --fingerprint --fingerprint <user ID>".
As for the key algorithms, you should stick with the default (i.e.,
DSA signature and ElGamal encryption). A ElGamal signing key has the
following disadvantages: the signature is larger, it is hard to
create such a key useful for signatures which can withstand some
real world attacks, you don't get any extra security compared to
DSA, there might be compatability problems with certain PGP
versions. It has only been introduced because at the time it was
not clear whether there is was patent on DSA.
4.2) Why does it sometimes take so long to create keys? 4.2) Why does it sometimes take so long to create keys?
The problem here is that we need a lot of random bytes and for that The problem here is that we need a lot of random bytes and for that
@ -398,12 +412,16 @@ messages?
The following list is probably not exhaustive: The following list is probably not exhaustive:
OpenPGP: Mutt (Unix), Emacs/Mew, Becky2 (Windows, with plugin), OpenPGP: Mutt (Unix), Emacs/Mew, Becky2 (Windows, with plugin),
TkRat (Unix). There is effort for a Mozilla plugin and a TkRat (Unix). There is effort for a Mozilla plugin and
group works on support for Emacs/GNUS. Emacs/GNUS has support in the current CVS.
ASCII: Emacs/{VM,GNUS}/MailCrypt, Mutt(Unix), Pine(Unix), and ASCII: Emacs/{VM,GNUS}/MailCrypt, Mutt(Unix), Pine(Unix), and
probably many more. probably many more.
A good overview of PGP-support is present at
http://cryptorights.org/pgp-users/pgp-mail-clients.html.
Direct GnuPG support is not mentioned, however, it certain cases it
may be possible to use a wrapper.
5. COMPATIBILITY ISSUES 5. COMPATIBILITY ISSUES
@ -508,8 +526,15 @@ it?
was thought to be a too serious issue. However, it confused users was thought to be a too serious issue. However, it confused users
too much so the warning was eventually removed. too much so the warning was eventually removed.
6.2) Large File Support doesn't work ..
6.2) In the edit menu the trust values is not displayed correctly after LFS is correctly working in post-1.0.4 CVS. If configure doesn't
detect it correctly, try a different (i.e., better) compiler. egcs
1.1.2 works fine, other gccs sometimes don't. BTW, several
compilation problems of GnuPG 1.0.3 and 1.0.4 on HP-UX and Solaris
were due to broken LFS support.
6.3) In the edit menu the trust values is not displayed correctly after
signing uids - why? signing uids - why?
This happens because the some informations are stored immediately in This happens because the some informations are stored immediately in
@ -517,16 +542,27 @@ signing uids - why?
save command. This is a not easy to fix design bug which will be save command. This is a not easy to fix design bug which will be
addressed in some future release. addressed in some future release.
6.3) An ElGamal signature does not verify anymore since version 1.0.2 ... 6.4) What does "skipping pubkey 1: already loaded" mean?
As of GnuPG 1.0.3, the RSA algorithm is included. If you still have
a "load-extension rsa" in your .options files, the above message
occurs. Just remove the load command from the .options file.
6.5) GnuPG 1.0.4 doesn't create ~/.gnupg ...
That's a known bug, already fixed in the CVS (and will be in the
next release, of course).
6.6) An ElGamal signature does not verify anymore since version 1.0.2 ...
Use the option --emulate-md-encode-bug. Use the option --emulate-md-encode-bug.
6.4) Old versions of GnuPG can't verify ElGamal signatures 6.7) Old versions of GnuPG can't verify ElGamal signatures
Update to GnuPG 1.0.2 or newer. Update to GnuPG 1.0.2 or newer.
6.5) When I use --clearsign, the plain text has sometimes extra dashes 6.8) When I use --clearsign, the plain text has sometimes extra dashes
in it - why? in it - why?
This is called dash-escaped text and required by OpenPGP. This is called dash-escaped text and required by OpenPGP.
@ -539,7 +575,7 @@ in it - why?
Good mail clients remove those extra dashes when displaying such a Good mail clients remove those extra dashes when displaying such a
message. message.
6.6) What is the thing with "can't handle multiple signatures"? 6.9) What is the thing with "can't handle multiple signatures"?
Due to different message formats GnuPG is not always able to split a Due to different message formats GnuPG is not always able to split a
file with multiple signatures unambiguously into it's parts. This file with multiple signatures unambiguously into it's parts. This
@ -549,13 +585,13 @@ in it - why?
OpenPGP format with one-pass-signature packets (which is GnuPG's OpenPGP format with one-pass-signature packets (which is GnuPG's
default) or the cleartext signed format. default) or the cleartext signed format.
6.7) If I submit a key to a keyserver, nothing happens ... 6.10) If I submit a key to a keyserver, nothing happens ...
You are most likely using GnuPG on Windows 1.0.2 or older. That's You are most likely using GnuPG on Windows 1.0.2 or older. That's
feature isn't yet implemented, but it's a bug not to say it. Newer feature isn't yet implemented, but it's a bug not to say it. Newer
versions issue a warning. Upgrade to 1.0.4 or newer. versions issue a warning. Upgrade to 1.0.4 or newer.
6.8) I still have a problem. How do I report a bug? 6.11) I still have a problem. How do I report a bug?
Are you sure that it's not been mentioned somewhere on the mailing Are you sure that it's not been mentioned somewhere on the mailing
lists? Did you have a look at the bug list (You'll find a link to lists? Did you have a look at the bug list (You'll find a link to

45
doc/faq.raw
View File

@ -13,8 +13,8 @@ The most recent version of the FAQ is available from
[H H1]GNUPG FREQUENTLY ASKED QUESTIONS[H /H1] [H H1]GNUPG FREQUENTLY ASKED QUESTIONS[H /H1]
Version: 0.32[H p] Version: 0.33[H p]
Last-Modified: Oct 24, 2000[H p] Last-Modified: Nov 16, 2000[H p]
Maintained-by: [$maintainer] Maintained-by: [$maintainer]
@ -29,7 +29,7 @@ Please send additions and corrections to the maintainer. Please, don't
send message like "This should be a FAQ - what's the answer?". If it send message like "This should be a FAQ - what's the answer?". If it
hasn't been asked before, it isn't a FAQ. Maybe you should have a look hasn't been asked before, it isn't a FAQ. Maybe you should have a look
at the mailing list archive. Otherwise, please provide the answer to be at the mailing list archive. Otherwise, please provide the answer to be
included here. included here. Your help is very much appreciated.
[H HR] [H HR]
@ -152,9 +152,20 @@ included here.
signatures this is sufficient as the size of the hash signatures this is sufficient as the size of the hash
is probably the weakest link if the key size is larger is probably the weakest link if the key size is larger
than 1024 bits. Encryption keys may have greater sizes, than 1024 bits. Encryption keys may have greater sizes,
but you should than check the fingerprint of this key: but you should then check the fingerprint of this key:
"gpg --fingerprint --fingerprint <user ID>". "gpg --fingerprint --fingerprint <user ID>".
As for the key algorithms, you should stick with the default (i.e.,
DSA signature and ElGamal encryption). A ElGamal signing key has the
following disadvantages: the signature is larger, it is hard to
create such a key useful for signatures which can withstand some
real world attacks, you don't get any extra security compared to
DSA, there might be compatability problems with certain PGP
versions. It has only been introduced because at the time it was
not clear whether there is was patent on DSA.
<Q> Why does it sometimes take so long to create keys? <Q> Why does it sometimes take so long to create keys?
The problem here is that we need a lot of random bytes and for that The problem here is that we need a lot of random bytes and for that
@ -362,12 +373,16 @@ messages?
The following list is probably not exhaustive: The following list is probably not exhaustive:
OpenPGP: Mutt (Unix), Emacs/Mew, Becky2 (Windows, with plugin), OpenPGP: Mutt (Unix), Emacs/Mew, Becky2 (Windows, with plugin),
TkRat (Unix). There is effort for a Mozilla plugin and a TkRat (Unix). There is effort for a Mozilla plugin and
group works on support for Emacs/GNUS. Emacs/GNUS has support in the current CVS.
ASCII: Emacs/{VM,GNUS}/MailCrypt, Mutt(Unix), Pine(Unix), and ASCII: Emacs/{VM,GNUS}/MailCrypt, Mutt(Unix), Pine(Unix), and
probably many more. probably many more.
A good overview of PGP-support is present at
[H a href=http://cryptorights.org/pgp-users/pgp-mail-clients.html]http://cryptorights.org/pgp-users/pgp-mail-clients.html[H /a].
Direct GnuPG support is not mentioned, however, it certain cases it
may be possible to use a wrapper.
<S> COMPATIBILITY ISSUES <S> COMPATIBILITY ISSUES
@ -481,6 +496,13 @@ it?
was thought to be a too serious issue. However, it confused users was thought to be a too serious issue. However, it confused users
too much so the warning was eventually removed. too much so the warning was eventually removed.
<Q> Large File Support doesn't work ..
LFS is correctly working in post-1.0.4 CVS. If configure doesn't
detect it correctly, try a different (i.e., better) compiler. egcs
1.1.2 works fine, other gccs sometimes don't. BTW, several
compilation problems of GnuPG 1.0.3 and 1.0.4 on HP-UX and Solaris
were due to broken LFS support.
<Q> In the edit menu the trust values is not displayed correctly after <Q> In the edit menu the trust values is not displayed correctly after
signing uids - why? signing uids - why?
@ -490,6 +512,17 @@ signing uids - why?
save command. This is a not easy to fix design bug which will be save command. This is a not easy to fix design bug which will be
addressed in some future release. addressed in some future release.
<Q> What does "skipping pubkey 1: already loaded" mean?
As of GnuPG 1.0.3, the RSA algorithm is included. If you still have
a "load-extension rsa" in your .options files, the above message
occurs. Just remove the load command from the .options file.
<Q> GnuPG 1.0.4 doesn't create ~/.gnupg ...
That's a known bug, already fixed in the CVS (and will be in the
next release, of course).
<Q> An ElGamal signature does not verify anymore since version 1.0.2 ... <Q> An ElGamal signature does not verify anymore since version 1.0.2 ...
Use the option --emulate-md-encode-bug. Use the option --emulate-md-encode-bug.