Re: [suse-security] Privacy software on SuSE ??
On Tue, 07 Sep 1999, a kind suse-security reader replied off the list:
Many folks still prefer pgp263 because it is considered less bloated ... and more secure ...
mutt ... I think that it speaks gpg well ... I use pgp2 and pgp5 and mutt on my SuSE 6.0 / 2.2.10 box ...
surf on over to www.mutt.org ... there are some PGP notes which you might find helpful.
Obligingly mutt and pgp263 gave me this output on his mail: [-- PGP output follows (current time: Tue Sep 7 10:32:55 1999) --] Warning: Unrecognized ASCII armor header label "MessageID:" ignored. ^GUnsupported packet format - you need a newer version of PGP for this file. For a usage summary, type: pgp -h For more detailed help, consult the PGP User's Guide. [-- End of PGP output --] [-- The following data is PGP/MIME signed --] ... presumably he was using one of the new formats in pgp5 :-) I found in my tarball from www.mutt.org "mutt-0.95.6/doc/PGP-Notes.txt" dated Oct 8. There are some very useful hints for getting pgp5 and pgp2 working to satisfaction (I would also recommend Roland Rosenfeld's 'ultimate' .muttrc as a companion to get started on such things.) There is also some explanation of how to cope with the difference between 'old' PGP sigs and PGP/MIME (suse-security-announce and cert-announce both use the old in line sigs - I just saved and successfully pgp'd at the command line - but I guess with the procmail recipe given, such sigs can be verified automatically) What I need to know now is what docs to read to minimize and resolve issues like 'Unsupported packet format' for me and my correspondents. I guess with security work paying so much more than technical writing, it will be a while before someone publishes a thorough article or book explaining the 1999 state of the art for end users. Maybe I am wrong. Anyone guess what privacy software will be standard in SuSE Linux 6.3 ? Thank goodness https isn't so much trouble ! dproc
dproc@dol.net wrote:
On Tue, 07 Sep 1999, a kind suse-security reader replied off the list:
Many folks still prefer pgp263 because it is considered less bloated ... and more secure ...
mutt ... I think that it speaks gpg well ... I use pgp2 and pgp5 and mutt on my SuSE 6.0 / 2.2.10 box ...
surf on over to www.mutt.org ... there are some PGP notes which you might find helpful.
Obligingly mutt and pgp263 gave me this output on his mail:
[-- PGP output follows (current time: Tue Sep 7 10:32:55 1999) --] Warning: Unrecognized ASCII armor header label "MessageID:" ignored.
^GUnsupported packet format - you need a newer version of PGP for this file.
For a usage summary, type: pgp -h For more detailed help, consult the PGP User's Guide. [-- End of PGP output --]
[-- The following data is PGP/MIME signed --]
... presumably he was using one of the new formats in pgp5 :-)
I found in my tarball from www.mutt.org "mutt-0.95.6/doc/PGP-Notes.txt" dated Oct 8. There are some very useful hints for getting pgp5 and pgp2 working to satisfaction (I would also recommend Roland Rosenfeld's 'ultimate' .muttrc as a companion to get started on such things.) There is also some explanation of how to cope with the difference between 'old' PGP sigs and PGP/MIME (suse-security-announce and cert-announce both use the old in line sigs - I just saved and successfully pgp'd at the command line - but I guess with the procmail recipe given, such sigs can be verified automatically)
What I need to know now is what docs to read to minimize and resolve issues like 'Unsupported packet format' for me and my correspondents. I guess with security work paying so much more than technical writing, it will be a while before someone publishes a thorough article or book explaining the 1999 state of the art for end users. Maybe I am wrong.
Anyone guess what privacy software will be standard in SuSE Linux 6.3 ?
Thank goodness https isn't so much trouble !
dproc
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
FWIW, I just saw that 1.0 of Gnu PG is out and is GPL and compatible with PGP. Article is on slashdot.org today -- John H. Nickerson Sometimes a little inaccuracy saves a ton of explanation
On Tue, 07 Sep 1999, John Nickerson wrote:
FWIW, I just saw that 1.0 of Gnu PG is out and is GPL and compatible with PGP.
Article is on slashdot.org today
How much things change in a day! Now GPG 1.0.0 is out we have more choices. GPG is only compatible with the new (DH) keys of PGP 5 and up - a GPG message cannot be read or verified with the SuSE PGP 2.6.3i in SuSE Linux. I did more surfing and found a great site for PGP compatibility details from RJ Marquette <http://www.linuxfan.com/~rjm/pgp/index.html> Up-to-date binaries and sources (with sigs and trusted keys) are still hard to track down, but the international freeware versions are now on a central site at <http://www.pgpi.org/> The main points I learned are * PGP version 2.x uses RSA keys (under troublesome but quite generous patent licensing arrangements in the USA and Europe) * Versions before 2.6.2 are not recommended * PGP after version five has a preferred new and (I think) unpatented key type using so-called Diffie-Hellman and NIST Digital Signature Standard algorithms (DH) * Ciphertexts and signatures made with the new techniques are not compatible with PGP before 5 * Most PGP versions after five can still read and send messages with the old RSA keys suitable for 2.x * Version 1 is obsolete, Versions 3 and 4 are rare. * GPG uses only the DH keys, but is otherwise compatible with PGP. * Unlike freeware PGP, free GPG can probably be used commercially free of encumbrance (except North American export, use of crypto in France ...) * The PGP that Linux users love is now branded 'PGP Command Line' In conclusion, for my needs, I will select a version of PGP 5 or 6 legally suitable for my country and (lack of) commercial intentions (and for my preference for source code availability) and make and publish both DH and RSA keys. This will obviously be confusing for some of my contacts but its the best I can do. I still have a couple of outstanding issues which I will mention for completeness rather than as a plea for help - where is RSAREF source code now? I tried four 'well-known' privacy ftp sites and turned up nothing. - even if I had Windows MacOs Linux and Solaris it would be impossible to assemble all the PGP versions in one room and test for interoperability, without ignoring the legal guidance. Maybe I will hang out on the PGP-Users mailing list for a bit and then write the how-to article myself. -- 'Take safety home' dproc p.s.. Thank you for your patience. I hope my learning hasn't pushed too many of those less ignorant than me to switch from suse-security to suse-security announce. Note there are some deliberate simplifications above for brevity.
participants (2)
-
dproc@dol.net -
John Nickerson