tag:old.nabble.com,2006:forum-951Nabble - GnuPG2009-11-28T21:13:45ZGnu Privacy Guard GnuPG home is <a href="http://www.gnupg.org/" target="_top" rel="nofollow">here</a>.tag:old.nabble.com,2006:post-26559440which MPI calculations allow the output argument to be identical to the the input arguments?2009-11-28T21:13:45Z2009-11-28T21:13:45ZDaniel Kahn Gillmor-7Hi GCrypt folks--
<br><br>The patch below adjusts a comment about MPI arithmetic to make more
<br>sense (it doesn't mean anything to suggest that an unsigned long might
<br>be the same as an MPI object, right?)
<br><br>Is there a general agreement that gcrypt MPI calculation functions allow
<br>their target value (w) to be the same as any of their other arguments?
<br>are there certain calculation operations where that does not hold?
<br><br>This would be useful information to include in the header of the
<br>Calculations section of gcrypt.texi.
<br><br> --dkg
<br><br><br><br>Index: mpi-add.c
<br>===================================================================
<br>--- mpi-add.c (revision 1406)
<br>+++ mpi-add.c (working copy)
<br>@@ -33,7 +33,7 @@
<br><br> /****************
<br> * Add the unsigned integer V to the mpi-integer U and store the
<br>- * result in W. U and V may be the same.
<br>+ * result in W. U and W may be the same.
<br> */
<br> void
<br> gcry_mpi_add_ui(gcry_mpi_t w, gcry_mpi_t u, unsigned long v )
<br><br><br><br><br><br><br /> <br />_______________________________________________
<br>Gcrypt-devel mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26559440&i=0" target="_top" rel="nofollow">Gcrypt-devel@...</a>
<br><a href="http://lists.gnupg.org/mailman/listinfo/gcrypt-devel" target="_top" rel="nofollow">http://lists.gnupg.org/mailman/listinfo/gcrypt-devel</a><br><div class="small"><br/><img src="http://old.nabble.com/images/icon_attachment.gif" > <strong>signature.asc</strong> (909 bytes) <a href="http://old.nabble.com/attachment/26559440/0/signature.asc" target="_top">Download Attachment</a></div><p>From forum: <a href="http://old.nabble.com/GnuPG---Libgcrypt---Dev-f958.html" embed="fixTarget[958]" target="_top" >GnuPG - Libgcrypt - Dev</a></p>tag:old.nabble.com,2006:post-26559306should HMAC digests require secure memory?2009-11-28T20:33:43Z2009-11-28T20:33:43ZDaniel Kahn Gillmor-7Hi gcrypt folks--
<br><br>it looks to me like cipher/md.c:487 effectively requires secure memory
<br>for HMAC-enabled digest objects, whether or not GCRY_MD_FLAG_SECURE was set.
<br><br>This is a surprising behavior, since (at least in versions before
<br>1.4.3), it can lead to an "Ohhhh jeeee: operation is not possible
<br>without initialized secure memory" error message, followed by the
<br>process being aborted.
<br><br>Since version 1.4.3 (according to NEWS) this appears to be worked around
<br>by auto-allocating 32K secure memory if the library isn't otherwise
<br>initialized.
<br><br>I note that in the older gcrypt versions vulnerable to this failure, an
<br>explicit call to gcry_control(GCRYCTL_DISABLE_SECMEM) before creating
<br>the HMAC-enabled will avoid the failure.
<br><br>I wonder if modern libraries are still subject to this failure if
<br>they're run by users unable to allocate secure memory (and thus the
<br>default allocation of 32K of secmem would fail). i don't have such a
<br>system handy to try.
<br><br>Why are ctx->maxpads allocated securely, even if GCRY_MD_FLAG_SECURE is
<br>not set?
<br><br>It seems to me like this should be normalized in one of the following ways:
<br><br> 0) documentation for gcry_md_open should note that secure memory is
<br>used when GCRY_MD_FLAG_HMAC is used, regardless of GCRY_MD_FLAG_SECURE.
<br><br> 1) allocation of ctx->maxpads in md_open() should allocate secure or
<br>normal memory based on the "secure" argument to that function.
<br><br>Are there other ways this behavior could be made less surprising?
<br><br>Regards,
<br><br> --dkg
<br><br><br /> <br />_______________________________________________
<br>Gcrypt-devel mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26559306&i=0" target="_top" rel="nofollow">Gcrypt-devel@...</a>
<br><a href="http://lists.gnupg.org/mailman/listinfo/gcrypt-devel" target="_top" rel="nofollow">http://lists.gnupg.org/mailman/listinfo/gcrypt-devel</a><br><div class="small"><br/><img src="http://old.nabble.com/images/icon_attachment.gif" > <strong>signature.asc</strong> (909 bytes) <a href="http://old.nabble.com/attachment/26559306/0/signature.asc" target="_top">Download Attachment</a></div><p>From forum: <a href="http://old.nabble.com/GnuPG---Libgcrypt---Dev-f958.html" embed="fixTarget[958]" target="_top" >GnuPG - Libgcrypt - Dev</a></p>tag:old.nabble.com,2006:post-26558698Re: GnuPG private key resilience against off-line brute-force attacks (was: Re: Backup of private key)2009-11-28T17:33:58Z2009-11-28T17:33:58Zmarkus reichelt-2* "Ciprian Dorin, Craciun" <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26558698&i=0" target="_top" rel="nofollow">ciprian.craciun@...</a>> wrote:
<br><br>> Thank you for the quick reply. (This is the kind of answer I was
<br>> hopping to get. :) ) It seems that `s2k-count` escaped me. :)
<br>>
<br>> Maybe there should be an entry in the FAQ about this topic.
<br><br>Well, other projects make good use of that option, f.e. loop-AES,
<br>have a look at section 5 of
<br><br><a href="http://loop-aes.sourceforge.net/loop-AES.README" target="_top" rel="nofollow">http://loop-aes.sourceforge.net/loop-AES.README</a><br><br>--
<br>left blank, right bald
<br><br /> <br />_______________________________________________
<br>Gnupg-users mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26558698&i=1" target="_top" rel="nofollow">Gnupg-users@...</a>
<br><a href="http://lists.gnupg.org/mailman/listinfo/gnupg-users" target="_top" rel="nofollow">http://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br><div class="small"><br/><img src="http://old.nabble.com/images/icon_attachment.gif" > <strong>attachment0</strong> (205 bytes) <a href="http://old.nabble.com/attachment/26558698/0/attachment0" target="_top">Download Attachment</a></div><p>From forum: <a href="http://old.nabble.com/GnuPG---User-f959.html" embed="fixTarget[959]" target="_top" >GnuPG - User</a></p>tag:old.nabble.com,2006:post-26558662gnutls-2.8.5 failure on OpenSolaris2009-11-28T17:32:12Z2009-11-28T17:32:12ZDr. David KirkbyI tried to build gnutls-2.8.5 on a Sun Ultra 27 running OpenSolaris 06/2009,
<br>with gcc 3.4.3 (the only one supplied with OpenSolaris). It fails, unless I add
<br>the 'nsl' library to to LDFLAGS.
<br><br><br><br>bash-3.2$ uname -a
<br>SunOS hawk 5.11 snv_111b i86pc i386 i86pc
<br>bash-3.2$ cat /etc/release
<br> OpenSolaris 2009.06 snv_111b X86
<br> Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
<br> Use is subject to license terms.
<br> Assembled 07 May 2009
<br>bash-3.2$ gcc -v
<br>Reading specs from /usr/sfw/lib/gcc/i386-pc-solaris2.11/3.4.3/specs
<br>Configured with: /builds2/sfwnv-111a/usr/src/cmd/gcc/gcc-3.4.3/configure
<br>--prefix=/usr/sfw --with-as=/usr/sfw/bin/gas --with-gnu-as
<br>--with-ld=/usr/ccs/bin/ld --without-gnu-ld --enable-languages=c,c++,f77,objc
<br>--enable-shared
<br>Thread model: posix
<br>gcc version 3.4.3 (csl-sol210-3_4-20050802)
<br><br><br>./configure --with-libgcrypt-prefix=/usr
<br><br>libtool: link: gcc -std=gnu99 -g -O2 -o ex-crq ex-crq.o ./.libs/libexamples.a
<br>../../lib/.libs/libgnutls.so -L/usr/lib ../../libextra/.libs/libgnutls-extra.so
<br>/export/home/drkirkby/gnutls-2.8.5/lib/.libs/libgnutls.so -ltasn1 -lz -lgcrypt
<br>../../gl/.libs/libgnu.a -lsocket -R/export/home/drkirkby/gnutls-2.8.5/lib/.libs
<br>-R/export/home/drkirkby/gnutls-2.8.5/libextra/.libs -R/usr/local/lib
<br>ld: warning: file /export/home/drkirkby/gnutls-2.8.5/lib/.libs/libgnutls.so:
<br>linked to ../../lib/.libs/libgnutls.so: attempted multiple inclusion of file
<br>gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I../.. -I../../lib/includes
<br>-I../../lib/includes -I../../libextra/includes -I../../gl -I../../gl -g -O2
<br>-MT ex-serv1.o -MD -MP -MF .deps/ex-serv1.Tpo -c -o ex-serv1.o ex-serv1.c
<br>mv -f .deps/ex-serv1.Tpo .deps/ex-serv1.Po
<br>/bin/sh ../../libtool --tag=CC --mode=link gcc -std=gnu99 -g -O2 -no-install
<br> -o ex-serv1 ex-serv1.o libexamples.la ../../lib/libgnutls.la
<br>../../libextra/libgnutls-extra.la ../../gl/libgnu.la -lsocket
<br>libtool: link: gcc -std=gnu99 -g -O2 -o ex-serv1 ex-serv1.o
<br>./.libs/libexamples.a ../../lib/.libs/libgnutls.so -L/usr/lib
<br>../../libextra/.libs/libgnutls-extra.so
<br>/export/home/drkirkby/gnutls-2.8.5/lib/.libs/libgnutls.so -ltasn1 -lz -lgcrypt
<br>../../gl/.libs/libgnu.a -lsocket -R/export/home/drkirkby/gnutls-2.8.5/lib/.libs
<br>-R/export/home/drkirkby/gnutls-2.8.5/libextra/.libs -R/usr/local/lib
<br>ld: warning: file /export/home/drkirkby/gnutls-2.8.5/lib/.libs/libgnutls.so:
<br>linked to ../../lib/.libs/libgnutls.so: attempted multiple inclusion of file
<br>Undefined first referenced
<br> symbol in file
<br>inet_ntop ex-serv1.o (symbol belongs to implicit
<br>dependency /usr/lib/libnsl.so.1)
<br>ld: fatal: symbol referencing errors. No output written to ex-serv1
<br>collect2: ld returned 1 exit status
<br>make[4]: *** [ex-serv1] Error 1
<br>make[4]: Leaving directory `/export/home/drkirkby/gnutls-2.8.5/doc/examples'
<br>make[3]: *** [all-recursive] Error 1
<br>make[3]: Leaving directory `/export/home/drkirkby/gnutls-2.8.5/doc'
<br>make[2]: *** [all] Error 2
<br>make[2]: Leaving directory `/export/home/drkirkby/gnutls-2.8.5/doc'
<br>make[1]: *** [all-recursive] Error 1
<br>make[1]: Leaving directory `/export/home/drkirkby/gnutls-2.8.5'
<br>make: *** [all] Error 2
<br><br>Configuring with:
<br><br>./configure --with-libgcrypt-prefix=/usr 'LDFLAGS=-lnsl'
<br><br>allows it to build ok
<br><br><br>_______________________________________________
<br>Gnutls-devel mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26558662&i=0" target="_top" rel="nofollow">Gnutls-devel@...</a>
<br><a href="http://lists.gnu.org/mailman/listinfo/gnutls-devel" target="_top" rel="nofollow">http://lists.gnu.org/mailman/listinfo/gnutls-devel</a><br><p>From forum: <a href="http://old.nabble.com/GnuPG---Gnutls---Dev-f955.html" embed="fixTarget[955]" target="_top" >GnuPG - Gnutls - Dev</a></p>tag:old.nabble.com,2006:post-26558471Re: gnutls-2.2.1 fails to build on HP-UX2009-11-28T17:19:09Z2009-11-28T17:19:09ZDr. David KirkbySimon Josefsson wrote:
<div class='shrinkable-quote'><br>> "Dr. David Kirkby" <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26558471&i=0" target="_top" rel="nofollow">david.kirkby@...</a>> writes:
<br>>
<br>>> In the Sage project, gnutls is causing a problem on both OpenSolaris
<br>>> and HP-UX. The latter is not a supported OS, but I have tried building
<br>>> parts of Sage on it.
<br>>>
<br>>> This is the HP-UX error.
<br>>>
<br>>> <a href="http://trac.sagemath.org/sage_trac/ticket/7511" target="_top" rel="nofollow">http://trac.sagemath.org/sage_trac/ticket/7511</a><br>>>
<br>>> Any thoughts why this may be happening?
<br>>
<br>> HP-UX doesn't have sockaddr_storage, but I believe gnulib should work
<br>> around that problem -- however that is probably only in much more recent
<br>> GnuTLS releases than the 2.2.1 that you used.
<br>>
<br>>> We tried a later version, and that was causing problems not only on
<br>>> HP-UX and OpenSolaris, but also on Solaris 10 (SPARC).
<br>>
<br>> Details? The recent releases should work relatively fine on Solaris,
</div><br>See the other thread
<br><br>"gnutls failure on Solaris 10 update 7 gcc 4.4.1"
<br><br>(sorry, I should have put the version of gnutls in the title, but it is
<br>documented in the email)
<br><br><br><br>Dave
<br><br><br>_______________________________________________
<br>Gnutls-devel mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26558471&i=1" target="_top" rel="nofollow">Gnutls-devel@...</a>
<br><a href="http://lists.gnu.org/mailman/listinfo/gnutls-devel" target="_top" rel="nofollow">http://lists.gnu.org/mailman/listinfo/gnutls-devel</a><br><p>From forum: <a href="http://old.nabble.com/GnuPG---Gnutls---Dev-f955.html" embed="fixTarget[955]" target="_top" >GnuPG - Gnutls - Dev</a></p>tag:old.nabble.com,2006:post-26558500gnutls failure on Solaris 10 update 7 gcc 4.4.12009-11-28T17:06:50Z2009-11-28T17:06:50ZDr. David KirkbyI reported on the thread:
<br><br>"gnutls-2.2.1 fails to build on HP-UX"
<br><br>that upgrading to a later version of gnutls had not solved the problem on HP-UX,
<br>but had created one on Solaris 10. Simon Josefsson asked for the details, so
<br>here they are. (I thought it appropriate to start a new thread).
<br><br>The setup is
<br><br> * Sun Blade 2000, 2 x 1200 MHz UltraSPARC III+ processors
<br> * 8 GB RAM.
<br> * gcc 4.4.1 configured to use the Sun linker and assembler.
<br> * Solaris 10 update 7 (released 05/2009)
<br> * GNU make
<br> * Nothing from GNU binutils - as, ar, ld, ranlib etc are all Sun.
<br><br>This build took place inside Sage, but all that does is configure gnutls with
<br>some options, which I list below.
<br><br>Sage is a large bit of maths software
<br><br><a href="http://www.sagemath.org/" target="_top" rel="nofollow">http://www.sagemath.org/</a><br><br>which includes gnutls 2.2.1, but I created a new package for Sage, using gnutls
<br>2.8.5. But the build script it simply configures it as below. I've left a note
<br>which is in the build script, which may not be appropriate any more. You may
<br>wish to comment on that.
<br><br># --disable-cxx is needed to compile on OSX.
<br># See
<br><a href="http://www.nabble.com/%22gnutls%22-under-Darwin-%28was%3A-CVS-commit%3A-pkgsrc-security-gnutls%29-tf3062958.html#a8573149" target="_top">http://www.nabble.com/%22gnutls%22-under-Darwin-%28was%3A-CVS-commit%3A-pkgsrc-security-gnutls%29-tf3062958.html#a8573149</a><br><br>./configure --prefix="$SAGE_LOCAL" --enable-shared --disable-static
<br>--disable-cxx --enable-guile=no
<br><br>Whether there are more appropriate options I do not know.
<br><br>Note, gcc is configured to use both the Sun linker and assembler - not GNU ones.
<br> This might be relevant to the final error message.
<br><br><br>gnutls-2.8.5/src/src/tests.h
<br>gnutls-2.8.5/src/src/psk-gaa.c
<br>gnutls-2.8.5/src/src/tls_test-gaa.h
<br>gnutls-2.8.5/src/src/prime.c
<br>gnutls-2.8.5/src/src/serv-gaa.c
<br>gnutls-2.8.5/src/src/serv.gaa
<br>gnutls-2.8.5/src/configure.ac
<br>Finished extraction
<br>****************************************************
<br>Host system
<br>uname -a:
<br>SunOS swan 5.10 Generic_141444-09 sun4u sparc SUNW,Sun-Blade-1000
<br>****************************************************
<br>****************************************************
<br>CC Version
<br>gcc -v
<br>Using built-in specs.
<br>Target: sparc-sun-solaris2.10
<br>Configured with: ../gcc-4.4.1/configure
<br>--prefix=/usr/local/gcc-4.4.1-sun-linker/ --with-as=/usr/ccs/bin/as
<br>--without-gnu-as --with-ld=/usr/ccs/bin/ld --without-gnu-ld
<br>--enable-languages=c,c++,fortran --with-mpfr-include=/usr/local/include
<br>--with-mpfr-lib=/usr/local/lib --with-gmp-include=/usr/local/include
<br>--with-gmp-lib=/usr/local/lib CC=/usr/sfw/bin/gcc CXX=/usr/sfw/bin/g++
<br>LDFLAGS='-R /usr/local/lib -L /usr/local/lib'
<br>Thread model: posix
<br>gcc version 4.4.1 (GCC)
<br>****************************************************
<br>Deleting old gnutls libraries in /export/home/drkirkby/sage-4.2.1/local/lib
<br>checking for a BSD-compatible install... /usr/local/bin/ginstall -c
<br>checking whether build environment is sane... yes
<br>checking for a thread-safe mkdir -p... build-aux/install-sh -c -d
<br>checking for gawk... no
<br>checking for mawk... no
<br>checking for nawk... nawk
<br>checking whether make sets $(MAKE)... yes
<br>***
<br>*** Checking for compilation programs...
<br><br>checking for gcc... gcc
<br>checking for C compiler default output file name... a.out
<br>checking whether the C compiler works... yes
<br>checking whether we are cross compiling... no
<br>checking for suffix of executables...
<br>checking for suffix of object files... o
<br>checking whether we are using the GNU C compiler... yes
<br>checking whether gcc accepts -g... yes
<br>checking for gcc option to accept ISO C89... none needed
<br>checking for style of include used by make... GNU
<br>checking dependency style of gcc... gcc3
<br>checking whether ln -s works... yes
<br>checking for pkg-config... /usr/bin/pkg-config
<br>checking pkg-config is at least version 0.9.0... yes
<br>checking for gtkdoc-check... no
<br>checking for gtkdoc-rebase... no
<br>checking for gtkdoc-mkpdf... no
<br>checking whether to build gtk-doc documentation... no
<br>checking for gaa... no
<br>configure: WARNING: ***
<br>*** GAA was not found. It is only needed if you wish to modify
<br>*** the source code or command-line description files. In this case,
<br>*** you may want to get it from <a href="http://gaa.sourceforge.net/" target="_top" rel="nofollow">http://gaa.sourceforge.net/</a> and
<br>*** read doc/README.gaa.
<br>***
<br>checking for ranlib... ranlib
<br>checking build system type... sparc-sun-solaris2.10
<br>checking host system type... sparc-sun-solaris2.10
<br>checking how to run the C preprocessor... gcc -E
<br>checking for grep that handles long lines and -e... /usr/sfw/bin/ggrep
<br>checking for egrep... /usr/sfw/bin/ggrep -E
<br>checking for ANSI C header files... yes
<br>checking for sys/types.h... yes
<br>checking for sys/stat.h... yes
<br>checking for stdlib.h... yes
<br>checking for string.h... yes
<br>checking for memory.h... yes
<br>checking for strings.h... yes
<br>checking for inttypes.h... yes
<br>checking for stdint.h... yes
<br>checking for unistd.h... yes
<br>checking minix/config.h usability... no
<br>checking minix/config.h presence... no
<br>checking for minix/config.h... no
<br>checking whether it is safe to define __EXTENSIONS__... yes
<br>checking for _LARGEFILE_SOURCE value needed for large files... no
<br>checking for gcc option to accept ISO C99... -std=gnu99
<br>checking for gcc -std=gnu99 option to accept ISO Standard C... (cached) -std=gnu99
<br>configure: autobuild project... GnuTLS
<br>configure: autobuild revision... 2.8.5
<br>configure: autobuild hostname... swan
<br>configure: autobuild timestamp... 20091129T004624Z
<br>checking for inline... inline
<br>checking whether we are using the GNU C++ compiler... yes
<br>checking whether g++ accepts -g... yes
<br>checking dependency style of g++... gcc3
<br>checking for ld used by GCC... ld
<br>checking if the linker (ld) is GNU ld... no
<br>checking for shared library run path origin... done
<br>checking for 64-bit host... no
<br>checking for libgcrypt... yes
<br>checking how to link with libgcrypt...
<br>/export/home/drkirkby/sage-4.2.1/local/lib/libgcrypt.so
<br>-L/export/home/drkirkby/sage-4.2.1/local/lib
<br>/export/home/drkirkby/sage-4.2.1/local/lib/libgpg-error.so -lsocket
<br>-R/export/home/drkirkby/sage-4.2.1/local/lib
<br>checking for libtasn1... no
<br>configure: WARNING:
<br> ***
<br> *** Libtasn1 was not found. Will use the included one.
<br><br>checking whether to use the included minitasn1... yes
<br>checking whether to include LZO compression support... no
<br>checking whether C99 macros are supported... yes
<br>checking whether to enable Opaque PRF input support... no
<br>checking whether to disable SRP authentication support... no
<br>checking whether to disable PSK authentication support... no
<br>checking whether to disable anonymous authentication support... no
<br>checking whether to disable Camellia cipher... no
<br>checking whether to disable extra PKI stuff... no
<br>checking whether to disable OpenPGP Certificate authentication support... no
<br>checking size of void *... 4
<br>checking size of long... 4
<br>checking size of int... 4
<br>checking sys/socket.h usability... yes
<br>checking sys/socket.h presence... yes
<br>checking for sys/socket.h... yes
<br>checking arpa/inet.h usability... yes
<br>checking arpa/inet.h presence... yes
<br>checking for arpa/inet.h... yes
<br>checking errno.h usability... yes
<br>checking errno.h presence... yes
<br>checking for errno.h... yes
<br>checking float.h usability... yes
<br>checking float.h presence... yes
<br>checking for float.h... yes
<br>checking netdb.h usability... yes
<br>checking netdb.h presence... yes
<br>checking for netdb.h... yes
<br>checking netinet/in.h usability... yes
<br>checking netinet/in.h presence... yes
<br>checking for netinet/in.h... yes
<br>checking stdio_ext.h usability... yes
<br>checking stdio_ext.h presence... yes
<br>checking for stdio_ext.h... yes
<br>checking termios.h usability... yes
<br>checking termios.h presence... yes
<br>checking for termios.h... yes
<br>checking sys/select.h usability... yes
<br>checking sys/select.h presence... yes
<br>checking for sys/select.h... yes
<br>checking stdarg.h usability... yes
<br>checking stdarg.h presence... yes
<br>checking for stdarg.h... yes
<br>checking for stdint.h... (cached) yes
<br>checking wchar.h usability... yes
<br>checking wchar.h presence... yes
<br>checking for wchar.h... yes
<br>checking stdio.h usability... yes
<br>checking stdio.h presence... yes
<br>checking for stdio.h... yes
<br>checking for stdlib.h... (cached) yes
<br>checking for string.h... (cached) yes
<br>checking for sys/stat.h... (cached) yes
<br>checking sys/time.h usability... yes
<br>checking sys/time.h presence... yes
<br>checking for sys/time.h... yes
<br>checking for unistd.h... (cached) yes
<br>checking sys/wait.h usability... yes
<br>checking sys/wait.h presence... yes
<br>checking for sys/wait.h... yes
<br>checking sys/ioctl.h usability... yes
<br>checking sys/ioctl.h presence... yes
<br>checking for sys/ioctl.h... yes
<br>checking whether to disable OpenSSL compatibility layer... yes
<br>checking for library containing setsockopt... -lsocket
<br>checking for ANSI C header files... (cached) yes
<br>checking for fork... yes
<br>checking for valgrind... no
<br>checking whether self tests are run under valgrind... no
<br>checking for uint... yes
<br>checking whether building Guile bindings... no
<br>checking for cfg_get_context in -lcfg+... no
<br>configure: WARNING:
<br>***
<br>*** Libcfg+ was not found. Will use the included one.
<br>checking whether to use the included libcfg... yes
<br>checking for a sed that does not truncate output... /usr/bin/sed
<br>checking for fgrep... /usr/sfw/bin/ggrep -F
<br>checking for ld used by gcc -std=gnu99... ld
<br>checking if the linker (ld) is GNU ld... no
<br>checking for BSD- or MS-compatible name lister (nm)... /usr/ccs/bin/nm -p
<br>checking the name lister (/usr/ccs/bin/nm -p) interface... BSD nm
<br>checking the maximum length of command line arguments... 786240
<br>checking whether the shell understands some XSI constructs... yes
<br>checking whether the shell understands "+="... no
<br>checking for ld option to reload object files... -r
<br>checking for objdump... objdump
<br>checking how to recognize dependent libraries... pass_all
<br>checking for ar... ar
<br>checking for strip... strip
<br>checking for ranlib... (cached) ranlib
<br>checking command to parse /usr/ccs/bin/nm -p output from gcc -std=gnu99 object... ok
<br>checking for dlfcn.h... yes
<br>checking whether we are using the GNU C++ compiler... (cached) yes
<br>checking whether g++ accepts -g... (cached) yes
<br>checking dependency style of g++... (cached) gcc3
<br>checking how to run the C++ preprocessor... g++ -E
<br>checking for objdir... .libs
<br>checking if gcc -std=gnu99 supports -fno-rtti -fno-exceptions... no
<br>checking for gcc -std=gnu99 option to produce PIC... -fPIC -DPIC
<br>checking if gcc -std=gnu99 PIC flag -fPIC -DPIC works... yes
<br>checking if gcc -std=gnu99 static flag -static works... no
<br>checking if gcc -std=gnu99 supports -c -o file.o... conftest*: No such file or
<br>directory
<br>yes
<br>checking if gcc -std=gnu99 supports -c -o file.o... (cached) yes
<br>checking whether the gcc -std=gnu99 linker (ld) supports shared libraries... yes
<br>checking whether -lc should be explicitly linked in... conftest*: No such file
<br>or directory
<br>yes
<br>checking dynamic linker characteristics... solaris2.10 ld.so
<br>checking how to hardcode library paths into programs... immediate
<br>checking whether stripping libraries is possible... no
<br>checking if libtool supports shared libraries... yes
<br>checking whether to build shared libraries... yes
<br>checking whether to build static libraries... no
<br>checking for ld used by g++... ld
<br>checking if the linker (ld) is GNU ld... no
<br>checking whether the g++ linker (ld) supports shared libraries... yes
<br>checking for g++ option to produce PIC... -fPIC -DPIC
<br>checking if g++ PIC flag -fPIC -DPIC works... yes
<br>checking if g++ static flag -static works... no
<br>checking if g++ supports -c -o file.o... conftest*: No such file or directory
<br>yes
<br>checking if g++ supports -c -o file.o... (cached) yes
<br>checking whether the g++ linker (ld) supports shared libraries... yes
<br>checking dynamic linker characteristics... solaris2.10 ld.so
<br>checking how to hardcode library paths into programs... immediate
<br>checking whether the preprocessor supports include_next... yes
<br>checking whether <sys/socket.h> is self-contained... yes
<br>checking for shutdown... no
<br>checking for struct sockaddr_storage... yes
<br>checking for sa_family_t... yes
<br>checking for working alloca.h... yes
<br>checking for alloca... yes
<br>checking for complete errno.h... yes
<br>checking whether strerror_r is declared... yes
<br>checking for strerror_r... yes
<br>checking whether strerror_r returns char *... no
<br>checking whether stdin defaults to large file offsets... yes
<br>checking for library containing gethostbyname... -lnsl
<br>checking for library containing getservbyname... -lsocket
<br>checking for C/C++ restrict keyword... __restrict
<br>checking for IPv4 sockets... yes
<br>checking for IPv6 sockets... yes
<br>checking whether getdelim is declared... no
<br>checking whether getline is declared... no
<br>checking whether getpass is declared... yes
<br>checking for __fsetlocking... yes
<br>checking for tcgetattr... yes
<br>checking for tcsetattr... yes
<br>checking for lstat... yes
<br>checking for vasnprintf... no
<br>checking for gettimeofday... yes
<br>checking whether fflush_unlocked is declared... no
<br>checking whether flockfile is declared... yes
<br>checking whether fputs_unlocked is declared... no
<br>checking whether funlockfile is declared... yes
<br>checking whether putc_unlocked is declared... yes
<br>checking whether <limits.h> defines MIN and MAX... no
<br>checking whether <sys/param.h> defines MIN and MAX... no
<br>checking whether malloc, realloc, calloc are POSIX compliant... yes
<br>checking whether <sys/select.h> is self-contained... yes
<br>checking whether snprintf is declared... yes
<br>checking for stdbool.h that conforms to C99... yes
<br>checking for _Bool... yes
<br>checking for long long int... yes
<br>checking for unsigned long long int... yes
<br>checking for working strerror function... yes
<br>checking whether stat file-mode macros are broken... no
<br>checking for struct timeval... yes
<br>checking for wchar_t... yes
<br>checking for wint_t... yes
<br>checking for size_t... yes
<br>checking for inttypes.h... yes
<br>checking for stdint.h... yes
<br>checking for intmax_t... yes
<br>checking for snprintf... yes
<br>checking for strnlen... no
<br>checking for wcslen... yes
<br>checking for wcsnlen... no
<br>checking for mbrtowc... yes
<br>checking for wcrtomb... yes
<br>checking whether _snprintf is declared... no
<br>checking whether ungetc works on arbitrary bytes... yes
<br>checking for alloca as a compiler built-in... yes
<br>checking for error_at_line... no
<br>checking for fseeko... yes
<br>configure: checking how to do getaddrinfo, freeaddrinfo and getnameinfo
<br>checking for library containing getaddrinfo... -lsocket
<br>checking for getaddrinfo... yes
<br>checking for gai_strerror (possibly via ws2tcpip.h)... yes
<br>checking for struct sockaddr.sa_len... no
<br>checking whether getaddrinfo is declared... yes
<br>checking whether freeaddrinfo is declared... yes
<br>checking whether gai_strerror is declared... yes
<br>checking whether getnameinfo is declared... yes
<br>checking for struct addrinfo... yes
<br>checking for getdelim... no
<br>checking for flockfile... yes
<br>checking for funlockfile... yes
<br>checking whether getc_unlocked is declared... yes
<br>checking for getline... no
<br>checking for getdelim... (cached) no
<br>checking for flockfile... (cached) yes
<br>checking for funlockfile... (cached) yes
<br>checking whether getc_unlocked is declared... (cached) yes
<br>checking whether __fsetlocking is declared... yes
<br>checking for library containing gethostbyname... (cached) -lnsl
<br>checking for library containing inet_ntop... -lnsl
<br>checking whether inet_ntop is declared... yes
<br>checking for inet_pton... no
<br>checking whether inet_pton is declared... yes
<br>checking whether lseek detects pipes... yes
<br>checking whether <netinet/in.h> is self-contained... yes
<br>checking for pmccabe... false
<br>checking for readline... -ltermcap
<br>checking how to link with libreadline...
<br>/export/home/drkirkby/sage-4.2.1/local/lib/libreadline.so
<br>-R/export/home/drkirkby/sage-4.2.1/local/lib -ltermcap
<br>checking readline/readline.h usability... yes
<br>checking readline/readline.h presence... yes
<br>checking for readline/readline.h... yes
<br>checking whether select supports a 0 argument... yes
<br>checking for library containing getservbyname... (cached) -lsocket
<br>checking for stdint.h... (cached) yes
<br>checking for SIZE_MAX... yes
<br>checking for snprintf... (cached) yes
<br>checking whether snprintf respects a size of 1... yes
<br>checking for library containing setsockopt... (cached) -lsocket
<br>checking for socklen_t... yes
<br>checking for va_copy... yes
<br>checking whether stdint.h conforms to C99... no
<br>checking sys/inttypes.h usability... yes
<br>checking sys/inttypes.h presence... yes
<br>checking for sys/inttypes.h... yes
<br>checking sys/bitypes.h usability... no
<br>checking sys/bitypes.h presence... no
<br>checking for sys/bitypes.h... no
<br>checking for bit size of ptrdiff_t... 32
<br>checking for bit size of size_t... 32
<br>checking for bit size of sig_atomic_t... 32
<br>checking for bit size of wchar_t... 32
<br>checking for bit size of wint_t... 32
<br>checking whether sig_atomic_t is signed... yes
<br>checking whether wchar_t is signed... yes
<br>checking whether wint_t is signed... yes
<br>checking for ptrdiff_t integer literal suffix...
<br>checking for size_t integer literal suffix... u
<br>checking for sig_atomic_t integer literal suffix...
<br>checking for wchar_t integer literal suffix... l
<br>checking for wint_t integer literal suffix... l
<br>checking for random.h... no
<br>checking for struct random_data... no
<br>checking whether <sys/select.h> is self-contained... (cached) yes
<br>checking whether <sys/socket.h> is self-contained... (cached) yes
<br>checking for shutdown... (cached) no
<br>checking for struct sockaddr_storage... (cached) yes
<br>checking for sa_family_t... (cached) yes
<br>checking for nlink_t... yes
<br>checking for ptrdiff_t... yes
<br>checking whether <wchar.h> is standalone... yes
<br>checking for stdint.h... (cached) yes
<br>checking for gettimeofday with POSIX signature... yes
<br>checking whether gettimeofday clobbers localtime buffer... no
<br>checking for wchar_t... (cached) yes
<br>checking for wint_t... (cached) yes
<br>checking whether <sys/ioctl.h> declares ioctl... no
<br>checking for shutdown... (cached) no
<br>configure: creating ./config.status
<br>config.status: creating guile/pre-inst-guile
<br>config.status: creating Makefile
<br>config.status: creating doc/Makefile
<br>config.status: creating doc/credentials/Makefile
<br>config.status: creating doc/credentials/openpgp/Makefile
<br>config.status: creating doc/credentials/srp/Makefile
<br>config.status: creating doc/credentials/x509/Makefile
<br>config.status: creating doc/cyclo/Makefile
<br>config.status: creating doc/doxygen/Doxyfile
<br>config.status: creating doc/examples/Makefile
<br>config.status: creating doc/manpages/Makefile
<br>config.status: creating doc/reference/Makefile
<br>config.status: creating doc/scripts/Makefile
<br>config.status: creating gl/Makefile
<br>config.status: creating gl/tests/Makefile
<br>config.status: creating guile/Makefile
<br>config.status: creating guile/modules/Makefile
<br>config.status: creating guile/src/Makefile
<br>config.status: creating guile/tests/Makefile
<br>config.status: creating src/Makefile
<br>config.status: creating src/cfg/Makefile
<br>config.status: creating src/cfg/platon/Makefile
<br>config.status: creating src/cfg/platon/str/Makefile
<br>config.status: creating tests/Makefile
<br>config.status: creating tests/key-id/Makefile
<br>config.status: creating tests/openpgp-certs/Makefile
<br>config.status: creating tests/pathlen/Makefile
<br>config.status: creating tests/pkcs1-padding/Makefile
<br>config.status: creating tests/pkcs12-decode/Makefile
<br>config.status: creating tests/pkcs8-decode/Makefile
<br>config.status: creating tests/rsa-md5-collision/Makefile
<br>config.status: creating tests/sha2/Makefile
<br>config.status: creating tests/userid/Makefile
<br>config.status: creating config.h
<br>config.status: executing depfiles commands
<br>config.status: executing libtool commands
<br>libtoolT: No such file or directory
<br>=== configuring in lib
<br>(/export/home/drkirkby/sage-4.2.1/spkg/build/gnutls-2.8.5/src/lib)
<br>configure: running /bin/bash ./configure --disable-option-checking
<br>'--prefix=/export/home/drkirkby/sage-4.2.1/local' '--enable-shared'
<br>'--disable-static' '--disable-cxx' '--enable-guile=no' 'CC=gcc' 'LDFLAGS='
<br>'CXX=g++' --cache-file=/dev/null --srcdir=.
<br>checking for a BSD-compatible install... /usr/local/bin/ginstall -c
<br>checking whether build environment is sane... yes
<br>checking for a thread-safe mkdir -p... build-aux/install-sh -c -d
<br>checking for gawk... no
<br>checking for mawk... no
<br>checking for nawk... nawk
<br>checking whether make sets $(MAKE)... yes
<br>checking for gcc... gcc
<br>checking for C compiler default output file name... a.out
<br>checking whether the C compiler works... yes
<br>checking whether we are cross compiling... no
<br>checking for suffix of executables...
<br>checking for suffix of object files... o
<br>checking whether we are using the GNU C compiler... yes
<br>checking whether gcc accepts -g... yes
<br>checking for gcc option to accept ISO C89... none needed
<br>checking for style of include used by make... GNU
<br>checking dependency style of gcc... gcc3
<br>checking for ranlib... ranlib
<br>checking build system type... sparc-sun-solaris2.10
<br>checking host system type... sparc-sun-solaris2.10
<br>checking how to run the C preprocessor... gcc -E
<br>checking for grep that handles long lines and -e... /usr/sfw/bin/ggrep
<br>checking for egrep... /usr/sfw/bin/ggrep -E
<br>checking for ANSI C header files... yes
<br>checking for sys/types.h... yes
<br>checking for sys/stat.h... yes
<br>checking for stdlib.h... yes
<br>checking for string.h... yes
<br>checking for memory.h... yes
<br>checking for strings.h... yes
<br>checking for inttypes.h... yes
<br>checking for stdint.h... yes
<br>checking for unistd.h... yes
<br>checking minix/config.h usability... no
<br>checking minix/config.h presence... no
<br>checking for minix/config.h... no
<br>checking whether it is safe to define __EXTENSIONS__... yes
<br>checking for _LARGEFILE_SOURCE value needed for large files... no
<br>checking for a sed that does not truncate output... /usr/bin/sed
<br>checking for fgrep... /usr/sfw/bin/ggrep -F
<br>checking for ld used by gcc... ld
<br>checking if the linker (ld) is GNU ld... no
<br>checking for BSD- or MS-compatible name lister (nm)... /usr/ccs/bin/nm -p
<br>checking the name lister (/usr/ccs/bin/nm -p) interface... BSD nm
<br>checking whether ln -s works... yes
<br>checking the maximum length of command line arguments... 786240
<br>checking whether the shell understands some XSI constructs... yes
<br>checking whether the shell understands "+="... no
<br>checking for ld option to reload object files... -r
<br>checking for objdump... objdump
<br>checking how to recognize dependent libraries... pass_all
<br>checking for ar... ar
<br>checking for strip... strip
<br>checking for ranlib... (cached) ranlib
<br>checking command to parse /usr/ccs/bin/nm -p output from gcc object... ok
<br>checking for dlfcn.h... yes
<br>checking for objdir... .libs
<br>checking if gcc supports -fno-rtti -fno-exceptions... no
<br>checking for gcc option to produce PIC... -fPIC -DPIC
<br>checking if gcc PIC flag -fPIC -DPIC works... yes
<br>checking if gcc static flag -static works... no
<br>checking if gcc supports -c -o file.o... conftest*: No such file or directory
<br>yes
<br>checking if gcc supports -c -o file.o... (cached) yes
<br>checking whether the gcc linker (ld) supports shared libraries... yes
<br>checking whether -lc should be explicitly linked in... conftest*: No such file
<br>or directory
<br>yes
<br>checking dynamic linker characteristics... solaris2.10 ld.so
<br>checking how to hardcode library paths into programs... immediate
<br>checking whether stripping libraries is possible... no
<br>checking if libtool supports shared libraries... yes
<br>checking whether to build shared libraries... yes
<br>checking whether to build static libraries... no
<br>checking for ld used by GCC... ld
<br>checking if the linker (ld) is GNU ld... no
<br>checking for shared library run path origin... done
<br>checking for libgcrypt... yes
<br>checking how to link with libgcrypt...
<br>/export/home/drkirkby/sage-4.2.1/local/lib/libgcrypt.so
<br>-L/export/home/drkirkby/sage-4.2.1/local/lib
<br>/export/home/drkirkby/sage-4.2.1/local/lib/libgpg-error.so -lsocket
<br>-R/export/home/drkirkby/sage-4.2.1/local/lib
<br>checking for libtasn1... no
<br>configure: WARNING:
<br> ***
<br> *** Libtasn1 was not found. Will use the included one.
<br><br>checking whether to use the included minitasn1... yes
<br>checking whether to include LZO compression support... no
<br>checking whether C99 macros are supported... yes
<br>checking whether to enable Opaque PRF input support... no
<br>checking whether to disable SRP authentication support... no
<br>checking whether to disable PSK authentication support... no
<br>checking whether to disable anonymous authentication support... no
<br>checking whether to disable Camellia cipher... no
<br>checking whether to disable extra PKI stuff... no
<br>checking whether to disable OpenPGP Certificate authentication support... no
<br>checking size of void *... 4
<br>checking size of long... 4
<br>checking size of int... 4
<br>checking whether NLS is requested... yes
<br>checking for msgfmt... no
<br>checking for gmsgfmt... :
<br>checking for xgettext... no
<br>checking for msgmerge... no
<br>checking for CFPreferencesCopyAppValue... no
<br>checking for CFLocaleCopyCurrent... no
<br>checking for GNU gettext in libc... no
<br>checking for iconv... yes
<br>checking for working iconv... yes
<br>checking for GNU gettext in libintl... no
<br>checking whether to use NLS... no
<br>checking whether byte ordering is bigendian... yes
<br>checking for ssize_t... yes
<br>checking size of unsigned long int... 4
<br>checking size of unsigned int... 4
<br>checking whether to include zlib compression support... yes
<br>checking for libz... yes
<br>checking how to link with libz...
<br>/export/home/drkirkby/sage-4.2.1/local/lib/libz.so
<br>-R/export/home/drkirkby/sage-4.2.1/local/lib
<br>checking for working alloca.h... yes
<br>checking for alloca... yes
<br>checking whether the preprocessor supports include_next... yes
<br>checking for errno.h... yes
<br>checking for float.h... yes
<br>checking for netdb.h... yes
<br>checking for sys/socket.h... yes
<br>checking for stdint.h... (cached) yes
<br>checking for wchar.h... yes
<br>checking for stdio.h... yes
<br>checking for stdlib.h... (cached) yes
<br>checking for string.h... (cached) yes
<br>checking for strings.h... (cached) yes
<br>checking for sys/stat.h... (cached) yes
<br>checking for time.h... yes
<br>checking for sys/time.h... yes
<br>checking for unistd.h... (cached) yes
<br>checking for complete errno.h... yes
<br>checking whether stdin defaults to large file offsets... yes
<br>checking whether memmem is declared... no
<br>checking whether <limits.h> defines MIN and MAX... no
<br>checking whether <sys/param.h> defines MIN and MAX... no
<br>checking whether malloc, realloc, calloc are POSIX compliant... yes
<br>checking whether snprintf is declared... yes
<br>checking for inline... inline
<br>checking whether <sys/socket.h> is self-contained... yes
<br>checking for shutdown... no
<br>checking for struct sockaddr_storage... yes
<br>checking for sa_family_t... yes
<br>checking for stdbool.h that conforms to C99... yes
<br>checking for _Bool... yes
<br>checking for long long int... yes
<br>checking for unsigned long long int... yes
<br>checking for C/C++ restrict keyword... __restrict
<br>checking for lstat... yes
<br>checking for vasnprintf... no
<br>checking whether stat file-mode macros are broken... no
<br>checking for struct timespec in <time.h>... yes
<br>checking for wchar_t... yes
<br>checking for wint_t... yes
<br>checking for size_t... yes
<br>checking for inttypes.h... yes
<br>checking for stdint.h... yes
<br>checking for intmax_t... yes
<br>checking for snprintf... yes
<br>checking for strnlen... no
<br>checking for wcslen... yes
<br>checking for wcsnlen... no
<br>checking for mbrtowc... yes
<br>checking for wcrtomb... yes
<br>checking whether _snprintf is declared... no
<br>checking whether vsnprintf is declared... yes
<br>checking whether ungetc works on arbitrary bytes... yes
<br>checking for alloca as a compiler built-in... yes
<br>checking byteswap.h usability... no
<br>checking byteswap.h presence... no
<br>checking for byteswap.h... no
<br>checking for fseeko... yes
<br>checking whether __func__ is available... yes
<br>checking if gcc/ld supports -Wl,--output-def... no
<br>checking if LD -Wl,--version-script works... no
<br>checking whether lseek detects pipes... yes
<br>checking for memmem... no
<br>checking for memmove... yes
<br>checking for stdint.h... (cached) yes
<br>checking for SIZE_MAX... yes
<br>checking for snprintf... (cached) yes
<br>checking whether snprintf respects a size of 1... yes
<br>checking for library containing setsockopt... -lsocket
<br>checking for socklen_t... yes
<br>checking whether stdint.h conforms to C99... no
<br>checking sys/inttypes.h usability... yes
<br>checking sys/inttypes.h presence... yes
<br>checking for sys/inttypes.h... yes
<br>checking sys/bitypes.h usability... no
<br>checking sys/bitypes.h presence... no
<br>checking for sys/bitypes.h... no
<br>checking for bit size of ptrdiff_t... 32
<br>checking for bit size of size_t... 32
<br>checking for bit size of sig_atomic_t... 32
<br>checking for bit size of wchar_t... 32
<br>checking for bit size of wint_t... 32
<br>checking whether sig_atomic_t is signed... yes
<br>checking whether wchar_t is signed... yes
<br>checking whether wint_t is signed... yes
<br>checking for ptrdiff_t integer literal suffix...
<br>checking for size_t integer literal suffix... u
<br>checking for sig_atomic_t integer literal suffix...
<br>checking for wchar_t integer literal suffix... l
<br>checking for wint_t integer literal suffix... l
<br>checking for random.h... no
<br>checking for struct random_data... no
<br>checking for strcasecmp... yes
<br>checking for strncasecmp... yes
<br>checking whether strncasecmp is declared... yes
<br>checking for strverscmp... no
<br>checking whether <sys/socket.h> is self-contained... (cached) yes
<br>checking for shutdown... (cached) no
<br>checking for struct sockaddr_storage... (cached) yes
<br>checking for sa_family_t... (cached) yes
<br>checking for nlink_t... yes
<br>checking whether localtime_r is compatible with its POSIX signature... yes
<br>checking for ptrdiff_t... yes
<br>checking for vasprintf... no
<br>checking for vsnprintf... yes
<br>checking whether snprintf respects a size of 1... (cached) yes
<br>checking whether <wchar.h> is standalone... yes
<br>checking for stdint.h... (cached) yes
<br>checking for wchar_t... (cached) yes
<br>checking for wint_t... (cached) yes
<br>checking for shutdown... (cached) no
<br>checking whether we are using the GNU C++ compiler... yes
<br>checking whether g++ accepts -g... yes
<br>checking dependency style of g++... gcc3
<br>checking whether we are using the GNU C++ compiler... (cached) yes
<br>checking whether g++ accepts -g... (cached) yes
<br>checking dependency style of g++... (cached) gcc3
<br>checking how to run the C++ preprocessor... g++ -E
<br>checking for ld used by g++... ld
<br>checking if the linker (ld) is GNU ld... no
<br>checking whether the g++ linker (ld) supports shared libraries... yes
<br>checking for g++ option to produce PIC... -fPIC -DPIC
<br>checking if g++ PIC flag -fPIC -DPIC works... yes
<br>checking if g++ static flag -static works... no
<br>checking if g++ supports -c -o file.o... conftest*: No such file or directory
<br>yes
<br>checking if g++ supports -c -o file.o... (cached) yes
<br>checking whether the g++ linker (ld) supports shared libraries... yes
<br>checking dynamic linker characteristics... solaris2.10 ld.so
<br>checking how to hardcode library paths into programs... immediate
<br>configure: creating ./config.status
<br>config.status: creating Makefile
<br>config.status: creating gnutls.pc
<br>config.status: creating gl/Makefile
<br>config.status: creating gl/tests/Makefile
<br>config.status: creating includes/Makefile
<br>config.status: creating includes/gnutls/gnutls.h
<br>config.status: creating minitasn1/Makefile
<br>config.status: creating opencdk/Makefile
<br>config.status: creating openpgp/Makefile
<br>config.status: creating po/Makefile.in
<br>config.status: creating x509/Makefile
<br>config.status: creating config.h
<br>config.status: executing depfiles commands
<br>config.status: executing libtool commands
<br>libtoolT: No such file or directory
<br>config.status: executing po-directories commands
<br>config.status: creating po/POTFILES
<br>config.status: creating po/Makefile
<br>=== configuring in libextra
<br>(/export/home/drkirkby/sage-4.2.1/spkg/build/gnutls-2.8.5/src/libextra)
<br>configure: running /bin/bash ./configure --disable-option-checking
<br>'--prefix=/export/home/drkirkby/sage-4.2.1/local' '--enable-shared'
<br>'--disable-static' '--disable-cxx' '--enable-guile=no' 'CC=gcc' 'LDFLAGS='
<br>'CXX=g++' --cache-file=/dev/null --srcdir=.
<br>checking for a BSD-compatible install... /usr/local/bin/ginstall -c
<br>checking whether build environment is sane... yes
<br>checking for a thread-safe mkdir -p... build-aux/install-sh -c -d
<br>checking for gawk... no
<br>checking for mawk... no
<br>checking for nawk... nawk
<br>checking whether make sets $(MAKE)... yes
<br>checking for gcc... gcc
<br>checking for C compiler default output file name... a.out
<br>checking whether the C compiler works... yes
<br>checking whether we are cross compiling... no
<br>checking for suffix of executables...
<br>checking for suffix of object files... o
<br>checking whether we are using the GNU C compiler... yes
<br>checking whether gcc accepts -g... yes
<br>checking for gcc option to accept ISO C89... none needed
<br>checking for style of include used by make... GNU
<br>checking dependency style of gcc... gcc3
<br>checking for ranlib... ranlib
<br>checking build system type... sparc-sun-solaris2.10
<br>checking host system type... sparc-sun-solaris2.10
<br>checking how to run the C preprocessor... gcc -E
<br>checking for grep that handles long lines and -e... /usr/sfw/bin/ggrep
<br>checking for egrep... /usr/sfw/bin/ggrep -E
<br>checking for ANSI C header files... yes
<br>checking for sys/types.h... yes
<br>checking for sys/stat.h... yes
<br>checking for stdlib.h... yes
<br>checking for string.h... yes
<br>checking for memory.h... yes
<br>checking for strings.h... yes
<br>checking for inttypes.h... yes
<br>checking for stdint.h... yes
<br>checking for unistd.h... yes
<br>checking minix/config.h usability... no
<br>checking minix/config.h presence... no
<br>checking for minix/config.h... no
<br>checking whether it is safe to define __EXTENSIONS__... yes
<br>checking for a sed that does not truncate output... /usr/bin/sed
<br>checking for fgrep... /usr/sfw/bin/ggrep -F
<br>checking for ld used by gcc... ld
<br>checking if the linker (ld) is GNU ld... no
<br>checking for BSD- or MS-compatible name lister (nm)... /usr/ccs/bin/nm -p
<br>checking the name lister (/usr/ccs/bin/nm -p) interface... BSD nm
<br>checking whether ln -s works... yes
<br>checking the maximum length of command line arguments... 786240
<br>checking whether the shell understands some XSI constructs... yes
<br>checking whether the shell understands "+="... no
<br>checking for ld option to reload object files... -r
<br>checking for objdump... objdump
<br>checking how to recognize dependent libraries... pass_all
<br>checking for ar... ar
<br>checking for strip... strip
<br>checking for ranlib... (cached) ranlib
<br>checking command to parse /usr/ccs/bin/nm -p output from gcc object... ok
<br>checking for dlfcn.h... yes
<br>checking for objdir... .libs
<br>checking if gcc supports -fno-rtti -fno-exceptions... no
<br>checking for gcc option to produce PIC... -fPIC -DPIC
<br>checking if gcc PIC flag -fPIC -DPIC works... yes
<br>checking if gcc static flag -static works... no
<br>checking if gcc supports -c -o file.o... conftest*: No such file or directory
<br>yes
<br>checking if gcc supports -c -o file.o... (cached) yes
<br>checking whether the gcc linker (ld) supports shared libraries... yes
<br>checking whether -lc should be explicitly linked in... conftest*: No such file
<br>or directory
<br>yes
<br>checking dynamic linker characteristics... solaris2.10 ld.so
<br>checking how to hardcode library paths into programs... immediate
<br>checking whether stripping libraries is possible... no
<br>checking if libtool supports shared libraries... yes
<br>checking whether to build shared libraries... yes
<br>checking whether to build static libraries... no
<br>checking for ld used by GCC... ld
<br>checking if the linker (ld) is GNU ld... no
<br>checking for shared library run path origin... done
<br>checking for 64-bit host... no
<br>checking for libgcrypt... yes
<br>checking how to link with libgcrypt...
<br>/export/home/drkirkby/sage-4.2.1/local/lib/libgcrypt.so
<br>-L/export/home/drkirkby/sage-4.2.1/local/lib
<br>/export/home/drkirkby/sage-4.2.1/local/lib/libgpg-error.so -lsocket
<br>-R/export/home/drkirkby/sage-4.2.1/local/lib
<br>checking for libtasn1... no
<br>configure: WARNING:
<br> ***
<br> *** Libtasn1 was not found. Will use the included one.
<br><br>checking whether to use the included minitasn1... yes
<br>checking whether to include LZO compression support... no
<br>checking whether C99 macros are supported... yes
<br>checking whether to enable Opaque PRF input support... no
<br>checking whether to disable SRP authentication support... no
<br>checking whether to disable PSK authentication support... no
<br>checking whether to disable anonymous authentication support... no
<br>checking whether to disable Camellia cipher... no
<br>checking whether to disable extra PKI stuff... no
<br>checking whether to disable OpenPGP Certificate authentication support... no
<br>checking size of void *... 4
<br>checking size of long... 4
<br>checking size of int... 4
<br>checking for inline... inline
<br>checking for sys/socket.h... yes
<br>checking whether to disable OpenSSL compatibility layer... yes
<br>checking for library containing setsockopt... -lsocket
<br>checking whether byte ordering is bigendian... yes
<br>checking for C/C++ restrict keyword... __restrict
<br>checking if gcc/ld supports -Wl,--output-def... no
<br>checking if LD -Wl,--version-script works... no
<br>configure: creating ./config.status
<br>config.status: creating Makefile
<br>config.status: creating gnutls-extra.pc
<br>config.status: creating gl/Makefile
<br>config.status: creating includes/Makefile
<br>config.status: creating config.h
<br>config.status: executing depfiles commands
<br>config.status: executing libtool commands
<br>libtoolT: No such file or directory
<br>configure: summary of build options:
<br><br> version: 2.8.5 shared 40:12:14
<br> Host type: sparc-sun-solaris2.10
<br> Install prefix: /export/home/drkirkby/sage-4.2.1/local
<br> Compiler: gcc -std=gnu99
<br> Warning flags: errors: warnings:
<br> Library types: Shared=yes, Static=no
<br> Valgrind:
<br> Guile wrappers: no
<br> C++ library: no
<br> OpenSSL library: yes
<br><br>cat: cannot open ./.prev-version
<br>make[2]: Entering directory
<br>`/export/home/drkirkby/sage-4.2.1/spkg/build/gnutls-2.8.5/src'
<br>make all-recursive
<br>cat: cannot open ./.prev-version
<br>make[3]: Entering directory
<br>`/export/home/drkirkby/sage-4.2.1/spkg/build/gnutls-2.8.5/src'
<br>Making all in lib
<br>make[4]: Entering directory
<br>`/export/home/drkirkby/sage-4.2.1/spkg/build/gnutls-2.8.5/src/lib'
<br>make all-recursive
<br>make[5]: Entering directory
<br>`/export/home/drkirkby/sage-4.2.1/spkg/build/gnutls-2.8.5/src/lib'
<br>Making all in gl
<br>make[6]: Entering directory
<br>`/export/home/drkirkby/sage-4.2.1/spkg/build/gnutls-2.8.5/src/lib/gl'
<br>{ echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \
<br> cat ./alloca.in.h; \
<br>} > alloca.h-t
<br>mv -f alloca.h-t alloca.h
<br>{ echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \
<br> cat ./byteswap.in.h; \
<br>} > byteswap.h-t
<br>mv -f byteswap.h-t byteswap.h
<br>rm -f stdint.h-t stdint.h
<br>{ echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \
<br> sed -e 's/@''HAVE_STDINT_H''@/1/g' \
<br> -e 's|@''INCLUDE_NEXT''@|include_next|g' \
<br> -e 's|@''PRAGMA_SYSTEM_HEADER''@|#pragma GCC system_header|g' \
<br> -e 's|@''NEXT_STDINT_H''@|<stdint.h>|g' \
<br> -e 's/@''HAVE_SYS_TYPES_H''@/1/g' \
<br> -e 's/@''HAVE_INTTYPES_H''@/1/g' \
<br> -e 's/@''HAVE_SYS_INTTYPES_H''@/1/g' \
<br> -e 's/@''HAVE_SYS_BITYPES_H''@/0/g' \
<br> -e 's/@''HAVE_LONG_LONG_INT''@/1/g' \
<br> -e 's/@''HAVE_UNSIGNED_LONG_LONG_INT''@/1/g' \
<br> -e 's/@''APPLE_UNIVERSAL_BUILD''@/0/g' \
<br> -e 's/@''BITSIZEOF_PTRDIFF_T''@/32/g' \
<br> -e 's/@''PTRDIFF_T_SUFFIX''@//g' \
<br> -e 's/@''BITSIZEOF_SIG_ATOMIC_T''@/32/g' \
<br> -e 's/@''HAVE_SIGNED_SIG_ATOMIC_T''@/1/g' \
<br> -e 's/@''SIG_ATOMIC_T_SUFFIX''@//g' \
<br> -e 's/@''BITSIZEOF_SIZE_T''@/32/g' \
<br> -e 's/@''SIZE_T_SUFFIX''@/u/g' \
<br> -e 's/@''BITSIZEOF_WCHAR_T''@/32/g' \
<br> -e 's/@''HAVE_SIGNED_WCHAR_T''@/1/g' \
<br> -e 's/@''WCHAR_T_SUFFIX''@/l/g' \
<br> -e 's/@''BITSIZEOF_WINT_T''@/32/g' \
<br> -e 's/@''HAVE_SIGNED_WINT_T''@/1/g' \
<br> -e 's/@''WINT_T_SUFFIX''@/l/g' \
<br> < ./stdint.in.h; \
<br>} > stdint.h-t
<br>mv stdint.h-t stdint.h
<br>rm -f stdio.h-t stdio.h
<br>{ echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */' && \
<br> sed -e 's|@''INCLUDE_NEXT''@|include_next|g' \
<br> -e 's|@''PRAGMA_SYSTEM_HEADER''@|#pragma GCC system_header|g' \
<br> -e 's|@''NEXT_STDIO_H''@|<stdio.h>|g' \
<br> -e 's|@''GNULIB_FPRINTF''@|1|g' \
<br> -e 's|@''GNULIB_FPRINTF_POSIX''@|0|g' \
<br> -e 's|@''GNULIB_PRINTF''@|1|g' \
<br> -e 's|@''GNULIB_PRINTF_POSIX''@|0|g' \
<br> -e 's|@''GNULIB_SNPRINTF''@|1|g' \
<br> -e 's|@''GNULIB_SPRINTF_POSIX''@|0|g' \
<br> -e 's|@''GNULIB_VFPRINTF''@|1|g' \
<br> -e 's|@''GNULIB_VFPRINTF_POSIX''@|0|g' \
<br> -e 's|@''GNULIB_VPRINTF''@|1|g' \
<br> -e 's|@''GNULIB_VPRINTF_POSIX''@|0|g' \
<br> -e 's|@''GNULIB_VSNPRINTF''@|1|g' \
<br> -e 's|@''GNULIB_VSPRINTF_POSIX''@|0|g' \
<br> -e 's|@''GNULIB_DPRINTF''@|0|g' \
<br> -e 's|@''GNULIB_VDPRINTF''@|0|g' \
<br> -e 's|@''GNULIB_VASPRINTF''@|1|g' \
<br> -e 's|@''GNULIB_OBSTACK_PRINTF''@|0|g' \
<br> -e 's|@''GNULIB_OBSTACK_PRINTF_POSIX''@|0|g' \
<br> -e 's|@''GNULIB_FOPEN''@|0|g' \
<br> -e 's|@''GNULIB_FREOPEN''@|0|g' \
<br> -e 's|@''GNULIB_FSEEK''@|0|g' \
<br> -e 's|@''GNULIB_FSEEKO''@|1|g' \
<br> -e 's|@''GNULIB_FTELL''@|0|g' \
<br> -e 's|@''GNULIB_FTELLO''@|0|g' \
<br> -e 's|@''GNULIB_FFLUSH''@|0|g' \
<br> -e 's|@''GNULIB_FCLOSE''@|0|g' \
<br> -e 's|@''GNULIB_FPUTC''@|1|g' \
<br> -e 's|@''GNULIB_PUTC''@|1|g' \
<br> -e 's|@''GNULIB_PUTCHAR''@|1|g' \
<br> -e 's|@''GNULIB_FPUTS''@|1|g' \
<br> -e 's|@''GNULIB_PUTS''@|1|g' \
<br> -e 's|@''GNULIB_FWRITE''@|1|g' \
<br> -e 's|@''GNULIB_GETDELIM''@|0|g' \
<br> -e 's|@''GNULIB_GETLINE''@|0|g' \
<br> -e 's|@''GNULIB_PERROR''@|0|g' \
<br> -e 's|@''GNULIB_STDIO_H_SIGPIPE''@|0|g' \
<br> -e 's|@''REPLACE_STDIO_WRITE_FUNCS''@|0|g' \
<br> -e 's|@''REPLACE_FPRINTF''@|0|g' \
<br> -e 's|@''REPLACE_VFPRINTF''@|0|g' \
<br> -e 's|@''REPLACE_PRINTF''@|0|g' \
<br> -e 's|@''REPLACE_VPRINTF''@|0|g' \
<br> -e 's|@''REPLACE_SNPRINTF''@|0|g' \
<br> -e 's|@''HAVE_DECL_SNPRINTF''@|1|g' \
<br> -e 's|@''REPLACE_VSNPRINTF''@|0|g' \
<br> -e 's|@''HAVE_DECL_VSNPRINTF''@|1|g' \
<br> -e 's|@''REPLACE_SPRINTF''@|0|g' \
<br> -e 's|@''REPLACE_VSPRINTF''@|0|g' \
<br> -e 's|@''HAVE_DPRINTF''@|1|g' \
<br> -e 's|@''REPLACE_DPRINTF''@|0|g' \
<br> -e 's|@''HAVE_VDPRINTF''@|1|g' \
<br> -e 's|@''REPLACE_VDPRINTF''@|0|g' \
<br> -e 's|@''HAVE_VASPRINTF''@|0|g' \
<br> -e 's|@''REPLACE_VASPRINTF''@|0|g' \
<br> -e 's|@''HAVE_DECL_OBSTACK_PRINTF''@|1|g' \
<br> -e 's|@''REPLACE_OBSTACK_PRINTF''@|0|g' \
<br> -e 's|@''REPLACE_FOPEN''@|0|g' \
<br> -e 's|@''REPLACE_FREOPEN''@|0|g' \
<br> -e 's|@''REPLACE_FSEEKO''@|0|g' \
<br> -e 's|@''REPLACE_FSEEK''@|0|g' \
<br> -e 's|@''REPLACE_FTELLO''@|0|g' \
<br> -e 's|@''REPLACE_FTELL''@|0|g' \
<br> -e 's|@''REPLACE_FFLUSH''@|0|g' \
<br> -e 's|@''REPLACE_FCLOSE''@|0|g' \
<br> -e 's|@''HAVE_DECL_GETDELIM''@|1|g' \
<br> -e 's|@''HAVE_DECL_GETLINE''@|1|g' \
<br> -e 's|@''REPLACE_GETLINE''@|0|g' \
<br> -e 's|@''REPLACE_PERROR''@|0|g' \
<br> -e '/definition of GL_LINK_WARNING/r ../build-aux/link-warning.h' \
<br> < ./stdio.in.h; \
<br>} > stdio.h-t
<br>mv stdio.h-t stdio.h
<br>rm -f stdlib.h-t stdlib.h
<br>{ echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */' && \
<br> sed -e 's|@''INCLUDE_NEXT''@|include_next|g' \
<br> -e 's|@''PRAGMA_SYSTEM_HEADER''@|#pragma GCC system_header|g' \
<br> -e 's|@''NEXT_STDLIB_H''@|<stdlib.h>|g' \
<br> -e 's|@''HAVE_RANDOM_H''@|0|g' \
<br> -e 's|@''GNULIB_MALLOC_POSIX''@|0|g' \
<br> -e 's|@''GNULIB_REALLOC_POSIX''@|1|g' \
<br> -e 's|@''GNULIB_CALLOC_POSIX''@|0|g' \
<br> -e 's|@''GNULIB_ATOLL''@|0|g' \
<br> -e 's|@''GNULIB_GETLOADAVG''@|0|g' \
<br> -e 's|@''GNULIB_GETSUBOPT''@|0|g' \
<br> -e 's|@''GNULIB_MKDTEMP''@|0|g' \
<br> -e 's|@''GNULIB_MKSTEMP''@|0|g' \
<br> -e 's|@''GNULIB_PUTENV''@|0|g' \
<br> -e 's|@''GNULIB_RANDOM_R''@|0|g' \
<br> -e 's|@''GNULIB_RPMATCH''@|0|g' \
<br> -e 's|@''GNULIB_SETENV''@|0|g' \
<br> -e 's|@''GNULIB_STRTOD''@|0|g' \
<br> -e 's|@''GNULIB_STRTOLL''@|0|g' \
<br> -e 's|@''GNULIB_STRTOULL''@|0|g' \
<br> -e 's|@''GNULIB_UNSETENV''@|0|g' \
<br> -e 's|@''HAVE_ATOLL''@|1|g' \
<br> -e 's|@''HAVE_CALLOC_POSIX''@|1|g' \
<br> -e 's|@''HAVE_GETSUBOPT''@|1|g' \
<br> -e 's|@''HAVE_MALLOC_POSIX''@|1|g' \
<br> -e 's|@''HAVE_MKDTEMP''@|1|g' \
<br> -e 's|@''HAVE_REALLOC_POSIX''@|1|g' \
<br> -e 's|@''HAVE_RANDOM_R''@|1|g' \
<br> -e 's|@''HAVE_RPMATCH''@|1|g' \
<br> -e 's|@''HAVE_SETENV''@|1|g' \
<br> -e 's|@''HAVE_STRTOD''@|1|g' \
<br> -e 's|@''HAVE_STRTOLL''@|1|g' \
<br> -e 's|@''HAVE_STRTOULL''@|1|g' \
<br> -e 's|@''HAVE_STRUCT_RANDOM_DATA''@|0|g' \
<br> -e 's|@''HAVE_SYS_LOADAVG_H''@|0|g' \
<br> -e 's|@''HAVE_UNSETENV''@|1|g' \
<br> -e 's|@''HAVE_DECL_GETLOADAVG''@|1|g' \
<br> -e 's|@''REPLACE_MKSTEMP''@|0|g' \
<br> -e 's|@''REPLACE_PUTENV''@|0|g' \
<br> -e 's|@''REPLACE_STRTOD''@|0|g' \
<br> -e 's|@''VOID_UNSETENV''@|0|g' \
<br> -e '/definition of GL_LINK_WARNING/r ../build-aux/link-warning.h' \
<br> < ./stdlib.in.h; \
<br>} > stdlib.h-t
<br>mv stdlib.h-t stdlib.h
<br>rm -f string.h-t string.h
<br>{ echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */' && \
<br> sed -e 's|@''INCLUDE_NEXT''@|include_next|g' \
<br> -e 's|@''PRAGMA_SYSTEM_HEADER''@|#pragma GCC system_header|g' \
<br> -e 's|@''NEXT_STRING_H''@|<string.h>|g' \
<br> -e 's|@''GNULIB_MBSLEN''@|0|g' \
<br> -e 's|@''GNULIB_MBSNLEN''@|0|g' \
<br> -e 's|@''GNULIB_MBSCHR''@|0|g' \
<br> -e 's|@''GNULIB_MBSRCHR''@|0|g' \
<br> -e 's|@''GNULIB_MBSSTR''@|0|g' \
<br> -e 's|@''GNULIB_MBSCASECMP''@|0|g' \
<br> -e 's|@''GNULIB_MBSNCASECMP''@|0|g' \
<br> -e 's|@''GNULIB_MBSPCASECMP''@|0|g' \
<br> -e 's|@''GNULIB_MBSCASESTR''@|0|g' \
<br> -e 's|@''GNULIB_MBSCSPN''@|0|g' \
<br> -e 's|@''GNULIB_MBSPBRK''@|0|g' \
<br> -e 's|@''GNULIB_MBSSPN''@|0|g' \
<br> -e 's|@''GNULIB_MBSSEP''@|0|g' \
<br> -e 's|@''GNULIB_MBSTOK_R''@|0|g' \
<br> -e 's|@''GNULIB_MEMMEM''@|1|g' \
<br> -e 's|@''GNULIB_MEMPCPY''@|0|g' \
<br> -e 's|@''GNULIB_MEMRCHR''@|0|g' \
<br> -e 's|@''GNULIB_RAWMEMCHR''@|0|g' \
<br> -e 's|@''GNULIB_STPCPY''@|0|g' \
<br> -e 's|@''GNULIB_STPNCPY''@|0|g' \
<br> -e 's|@''GNULIB_STRCHRNUL''@|0|g' \
<br> -e 's|@''GNULIB_STRDUP''@|0|g' \
<br> -e 's|@''GNULIB_STRNDUP''@|0|g' \
<br> -e 's|@''GNULIB_STRNLEN''@|0|g' \
<br> -e 's|@''GNULIB_STRPBRK''@|0|g' \
<br> -e 's|@''GNULIB_STRSEP''@|0|g' \
<br> -e 's|@''GNULIB_STRSTR''@|0|g' \
<br> -e 's|@''GNULIB_STRCASESTR''@|0|g' \
<br> -e 's|@''GNULIB_STRTOK_R''@|0|g' \
<br> -e 's|@''GNULIB_STRERROR''@|0|g' \
<br> -e 's|@''GNULIB_STRSIGNAL''@|0|g' \
<br> -e 's|@''GNULIB_STRVERSCMP''@|1|g' \
<br> -e 's|@''HAVE_DECL_MEMMEM''@|0|g' \
<br> -e 's|@''HAVE_MEMPCPY''@|1|g' \
<br> -e 's|@''HAVE_DECL_MEMRCHR''@|1|g' \
<br> -e 's|@''HAVE_RAWMEMCHR''@|1|g' \
<br> -e 's|@''HAVE_STPCPY''@|1|g' \
<br> -e 's|@''HAVE_STPNCPY''@|1|g' \
<br> -e 's|@''HAVE_STRCHRNUL''@|1|g' \
<br> -e 's|@''HAVE_DECL_STRDUP''@|1|g' \
<br> -e 's|@''HAVE_STRNDUP''@|1|g' \
<br> -e 's|@''HAVE_DECL_STRNDUP''@|1|g' \
<br> -e 's|@''HAVE_DECL_STRNLEN''@|1|g' \
<br> -e 's|@''HAVE_STRPBRK''@|1|g' \
<br> -e 's|@''HAVE_STRSEP''@|1|g' \
<br> -e 's|@''HAVE_STRCASESTR''@|1|g' \
<br> -e 's|@''HAVE_DECL_STRTOK_R''@|1|g' \
<br> -e 's|@''HAVE_DECL_STRERROR''@|1|g' \
<br> -e 's|@''HAVE_DECL_STRSIGNAL''@|1|g' \
<br> -e 's|@''HAVE_STRVERSCMP''@|0|g' \
<br> -e 's|@''REPLACE_MEMMEM''@|0|g' \
<br> -e 's|@''REPLACE_STRCASESTR''@|0|g' \
<br> -e 's|@''REPLACE_STRDUP''@|0|g' \
<br> -e 's|@''REPLACE_STRSTR''@|0|g' \
<br> -e 's|@''REPLACE_STRERROR''@|0|g' \
<br> -e 's|@''REPLACE_STRSIGNAL''@|0|g' \
<br> -e '/definition of GL_LINK_WARNING/r ../build-aux/link-warning.h' \
<br> < ./string.in.h; \
<br>} > string.h-t
<br>mv string.h-t string.h
<br>rm -f strings.h-t strings.h
<br>{ echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */' && \
<br> sed -e 's|@''INCLUDE_NEXT''@|include_next|g' \
<br> -e 's|@''PRAGMA_SYSTEM_HEADER''@|#pragma GCC system_header|g' \
<br> -e 's|@''NEXT_STRINGS_H''@|<strings.h>|g' \
<br> -e 's|@''HAVE_STRCASECMP''@|1|g' \
<br> -e 's|@''HAVE_DECL_STRNCASECMP''@|1|g' \
<br> -e '/definition of GL_LINK_WARNING/r ../build-aux/link-warning.h' \
<br> < ./strings.in.h; \
<br>} > strings.h-t
<br>mv strings.h-t strings.h
<br>../build-aux/install-sh -c -d sys
<br>rm -f sys/stat.h-t sys/stat.h
<br>{ echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \
<br> sed -e 's|@''INCLUDE_NEXT''@|include_next|g' \
<br> -e 's|@''PRAGMA_SYSTEM_HEADER''@|#pragma GCC system_header|g' \
<br> -e 's|@''NEXT_SYS_STAT_H''@|<sys/stat.h>|g' \
<br> -e 's|@''GNULIB_LCHMOD''@|0|g' \
<br> -e 's|@''GNULIB_LSTAT''@|0|g' \
<br> -e 's|@''HAVE_LCHMOD''@|1|g' \
<br> -e 's|@''HAVE_LSTAT''@|1|g' \
<br> -e 's|@''REPLACE_LSTAT''@|0|g' \
<br> -e 's|@''REPLACE_MKDIR''@|0|g' \
<br> -e '/definition of GL_LINK_WARNING/r ../build-aux/link-warning.h' \
<br> < ./sys_stat.in.h; \
<br>} > sys/stat.h-t
<br>mv sys/stat.h-t sys/stat.h
<br>rm -f time.h-t time.h
<br>{ echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */' && \
<br> sed -e 's|@''INCLUDE_NEXT''@|include_next|g' \
<br> -e 's|@''PRAGMA_SYSTEM_HEADER''@|#pragma GCC system_header|g' \
<br> -e 's|@NEXT_TIME_H''@|<time.h>|g' \
<br> -e 's|@REPLACE_LOCALTIME_R''@|0|g' \
<br> -e 's|@REPLACE_NANOSLEEP''@|GNULIB_PORTCHECK|g' \
<br> -e 's|@REPLACE_STRPTIME''@|GNULIB_PORTCHECK|g' \
<br> -e 's|@REPLACE_TIMEGM''@|GNULIB_PORTCHECK|g' \
<br> -e 's|@SYS_TIME_H_DEFINES_STRUCT_TIMESPEC''@|0|g' \
<br> -e 's|@TIME_H_DEFINES_STRUCT_TIMESPEC''@|1|g' \
<br> < ./time.in.h; \
<br>} > time.h-t
<br>mv time.h-t time.h
<br>rm -f unistd.h-t unistd.h
<br>{ echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \
<br> sed -e 's|@''HAVE_UNISTD_H''@|1|g' \
<br> -e 's|@''INCLUDE_NEXT''@|include_next|g' \
<br> -e 's|@''PRAGMA_SYSTEM_HEADER''@|#pragma GCC system_header|g' \
<br> -e 's|@''NEXT_UNISTD_H''@|<unistd.h>|g' \
<br> -e 's|@''GNULIB_CHOWN''@|0|g' \
<br> -e 's|@''GNULIB_CLOSE''@|0|g' \
<br> -e 's|@''GNULIB_DUP2''@|0|g' \
<br> -e 's|@''GNULIB_ENVIRON''@|0|g' \
<br> -e 's|@''GNULIB_EUIDACCESS''@|0|g' \
<br> -e 's|@''GNULIB_FCHDIR''@|0|g' \
<br> -e 's|@''GNULIB_FSYNC''@|0|g' \
<br> -e 's|@''GNULIB_FTRUNCATE''@|0|g' \
<br> -e 's|@''GNULIB_GETCWD''@|0|g' \
<br> -e 's|@''GNULIB_GETDOMAINNAME''@|0|g' \
<br> -e 's|@''GNULIB_GETDTABLESIZE''@|0|g' \
<br> -e 's|@''GNULIB_GETHOSTNAME''@|0|g' \
<br> -e 's|@''GNULIB_GETLOGIN_R''@|0|g' \
<br> -e 's|@''GNULIB_GETPAGESIZE''@|0|g' \
<br> -e 's|@''GNULIB_GETUSERSHELL''@|0|g' \
<br> -e 's|@''GNULIB_LCHOWN''@|0|g' \
<br> -e 's|@''GNULIB_LINK''@|0|g' \
<br> -e 's|@''GNULIB_LSEEK''@|1|g' \
<br> -e 's|@''GNULIB_READLINK''@|0|g' \
<br> -e 's|@''GNULIB_SLEEP''@|0|g' \
<br> -e 's|@''GNULIB_UNISTD_H_SIGPIPE''@|0|g' \
<br> -e 's|@''GNULIB_WRITE''@|0|g' \
<br> -e 's|@''HAVE_DUP2''@|1|g' \
<br> -e 's|@''HAVE_EUIDACCESS''@|1|g' \
<br> -e 's|@''HAVE_FSYNC''@|1|g' \
<br> -e 's|@''HAVE_FTRUNCATE''@|1|g' \
<br> -e 's|@''HAVE_GETDOMAINNAME''@|1|g' \
<br> -e 's|@''HAVE_GETDTABLESIZE''@|1|g' \
<br> -e 's|@''HAVE_GETHOSTNAME''@|1|g' \
<br> -e 's|@''HAVE_GETPAGESIZE''@|1|g' \
<br> -e 's|@''HAVE_GETUSERSHELL''@|1|g' \
<br> -e 's|@''HAVE_LINK''@|1|g' \
<br> -e 's|@''HAVE_READLINK''@|1|g' \
<br> -e 's|@''HAVE_SLEEP''@|1|g' \
<br> -e 's|@''HAVE_DECL_ENVIRON''@|1|g' \
<br> -e 's|@''HAVE_DECL_GETLOGIN_R''@|1|g' \
<br> -e 's|@''HAVE_OS_H''@|0|g' \
<br> -e 's|@''HAVE_SYS_PARAM_H''@|0|g' \
<br> -e 's|@''REPLACE_CHOWN''@|0|g' \
<br> -e 's|@''REPLACE_CLOSE''@|0|g' \
<br> -e 's|@''REPLACE_FCHDIR''@|0|g' \
<br> -e 's|@''REPLACE_GETCWD''@|0|g' \
<br> -e 's|@''REPLACE_GETPAGESIZE''@|0|g' \
<br> -e 's|@''REPLACE_LCHOWN''@|0|g' \
<br> -e 's|@''REPLACE_LSEEK''@|0|g' \
<br> -e 's|@''REPLACE_WRITE''@|0|g' \
<br> -e 's|@''UNISTD_H_HAVE_WINSOCK2_H''@|0|g' \
<br> -e '/definition of GL_LINK_WARNING/r ../build-aux/link-warning.h' \
<br> < ./unistd.in.h; \
<br>} > unistd.h-t
<br>mv unistd.h-t unistd.h
<br>make all-recursive
<br>make[7]: Entering directory
<br>`/export/home/drkirkby/sage-4.2.1/spkg/build/gnutls-2.8.5/src/lib/gl'
<br>Making all in tests
<br>make[8]: Entering directory
<br>`/export/home/drkirkby/sage-4.2.1/spkg/build/gnutls-2.8.5/src/lib/gl/tests'
<br>make all-recursive
<br>make[9]: Entering directory
<br>`/export/home/drkirkby/sage-4.2.1/spkg/build/gnutls-2.8.5/src/lib/gl/tests'
<br>make[10]: Entering directory
<br>`/export/home/drkirkby/sage-4.2.1/spkg/build/gnutls-2.8.5/src/lib/gl/tests'
<br>make[10]: Nothing to be done for `all-am'.
<br>make[10]: Leaving directory
<br>`/export/home/drkirkby/sage-4.2.1/spkg/build/gnutls-2.8.5/src/lib/gl/tests'
<br>make[9]: Leaving directory
<br>`/export/home/drkirkby/sage-4.2.1/spkg/build/gnutls-2.8.5/src/lib/gl/tests'
<br>make[8]: Leaving directory
<br>`/export/home/drkirkby/sage-4.2.1/spkg/build/gnutls-2.8.5/src/lib/gl/tests'
<br>make[8]: Entering directory
<br>`/export/home/drkirkby/sage-4.2.1/spkg/build/gnutls-2.8.5/src/lib/gl'
<br>/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I..
<br>-I../intl -I/export/home/drkirkby/sage-4.2.1/local/include -g -O2 -MT
<br>c-ctype.lo -MD -MP -MF .deps/c-ctype.Tpo -c -o c-ctype.lo c-ctype.c
<br>.libs/c-ctype.o: No such file or directory
<br>c-ctype.lo: No such file or directory
<br>c-ctype.loT: No such file or directory
<br>libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../intl
<br>-I/export/home/drkirkby/sage-4.2.1/local/include -g -O2 -MT c-ctype.lo -MD -MP
<br>-MF .deps/c-ctype.Tpo -c c-ctype.c -fPIC -DPIC -o .libs/c-ctype.o
<br>mv -f .deps/c-ctype.Tpo .deps/c-ctype.Plo
<br>/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I..
<br>-I../intl -I/export/home/drkirkby/sage-4.2.1/local/include -g -O2 -MT
<br>close-hook.lo -MD -MP -MF .deps/close-hook.Tpo -c -o close-hook.lo close-hook.c
<br>.libs/close-hook.o: No such file or directory
<br>close-hook.lo: No such file or directory
<br>close-hook.loT: No such file or directory
<br>libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../intl
<br>-I/export/home/drkirkby/sage-4.2.1/local/include -g -O2 -MT close-hook.lo -MD
<br>-MP -MF .deps/close-hook.Tpo -c close-hook.c -fPIC -DPIC -o .libs/close-hook.o
<br>mv -f .deps/close-hook.Tpo .deps/close-hook.Plo
<br>/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I..
<br>-I../intl -I/export/home/drkirkby/sage-4.2.1/local/include -g -O2 -MT
<br>sockets.lo -MD -MP -MF .deps/sockets.Tpo -c -o sockets.lo sockets.c
<br>.libs/sockets.o: No such file or directory
<br>sockets.lo: No such file or directory
<br>sockets.loT: No such file or directory
<br>libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../intl
<br>-I/export/home/drkirkby/sage-4.2.1/local/include -g -O2 -MT sockets.lo -MD -MP
<br>-MF .deps/sockets.Tpo -c sockets.c -fPIC -DPIC -o .libs/sockets.o
<br>mv -f .deps/sockets.Tpo .deps/sockets.Plo
<br>/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I..
<br>-I../intl -I/export/home/drkirkby/sage-4.2.1/local/include -g -O2 -MT
<br>asnprintf.lo -MD -MP -MF .deps/asnprintf.Tpo -c -o asnprintf.lo asnprintf.c
<br>.libs/asnprintf.o: No such file or directory
<br>asnprintf.lo: No such file or directory
<br>asnprintf.loT: No such file or directory
<br>libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../intl
<br>-I/export/home/drkirkby/sage-4.2.1/local/include -g -O2 -MT asnprintf.lo -MD -MP
<br>-MF .deps/asnprintf.Tpo -c asnprintf.c -fPIC -DPIC -o .libs/asnprintf.o
<br>mv -f .deps/asnprintf.Tpo .deps/asnprintf.Plo
<br>/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I..
<br>-I../intl -I/export/home/drkirkby/sage-4.2.1/local/include -g -O2 -MT
<br>asprintf.lo -MD -MP -MF .deps/asprintf.Tpo -c -o asprintf.lo asprintf.c
<br>.libs/asprintf.o: No such file or directory
<br>asprintf.lo: No such file or directory
<br>asprintf.loT: No such file or directory
<br>libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../intl
<br>-I/export/home/drkirkby/sage-4.2.1/local/include -g -O2 -MT asprintf.lo -MD -MP
<br>-MF .deps/asprintf.Tpo -c asprintf.c -fPIC -DPIC -o .libs/asprintf.o
<br>mv -f .deps/asprintf.Tpo .deps/asprintf.Plo
<br>/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I..
<br>-I../intl -I/export/home/drkirkby/sage-4.2.1/local/include -g -O2 -MT memmem.lo
<br>-MD -MP -MF .deps/memmem.Tpo -c -o memmem.lo memmem.c
<br>.libs/memmem.o: No such file or directory
<br>memmem.lo: No such file or directory
<br>memmem.loT: No such file or directory
<br>libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../intl
<br>-I/export/home/drkirkby/sage-4.2.1/local/include -g -O2 -MT memmem.lo -MD -MP
<br>-MF .deps/memmem.Tpo -c memmem.c -fPIC -DPIC -o .libs/memmem.o
<br>mv -f .deps/memmem.Tpo .deps/memmem.Plo
<br>/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I..
<br>-I../intl -I/export/home/drkirkby/sage-4.2.1/local/include -g -O2 -MT
<br>printf-args.lo -MD -MP -MF .deps/printf-args.Tpo -c -o printf-args.lo printf-args.c
<br>.libs/printf-args.o: No such file or directory
<br>printf-args.lo: No such file or directory
<br>printf-args.loT: No such file or directory
<br>libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../intl
<br>-I/export/home/drkirkby/sage-4.2.1/local/include -g -O2 -MT printf-args.lo -MD
<br>-MP -MF .deps/printf-args.Tpo -c printf-args.c -fPIC -DPIC -o .libs/printf-args.o
<br>mv -f .deps/printf-args.Tpo .deps/printf-args.Plo
<br>/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I..
<br>-I../intl -I/export/home/drkirkby/sage-4.2.1/local/include -g -O2 -MT
<br>printf-parse.lo -MD -MP -MF .deps/printf-parse.Tpo -c -o printf-parse.lo
<br>printf-parse.c
<br>.libs/printf-parse.o: No such file or directory
<br>printf-parse.lo: No such file or directory
<br>printf-parse.loT: No such file or directory
<br>libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../intl
<br>-I/export/home/drkirkby/sage-4.2.1/local/include -g -O2 -MT printf-parse.lo -MD
<br>-MP -MF .deps/printf-parse.Tpo -c printf-parse.c -fPIC -DPIC -o
<br>.libs/printf-parse.o
<br>mv -f .deps/printf-parse.Tpo .deps/printf-parse.Plo
<br>/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I..
<br>-I../intl -I/export/home/drkirkby/sage-4.2.1/local/include -g -O2 -MT
<br>read-file.lo -MD -MP -MF .deps/read-file.Tpo -c -o read-file.lo read-file.c
<br>.libs/read-file.o: No such file or directory
<br>read-file.lo: No such file or directory
<br>read-file.loT: No such file or directory
<br>libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../intl
<br>-I/export/home/drkirkby/sage-4.2.1/local/include -g -O2 -MT read-file.lo -MD -MP
<br>-MF .deps/read-file.Tpo -c read-file.c -fPIC -DPIC -o .libs/read-file.o
<br>mv -f .deps/read-file.Tpo .deps/read-file.Plo
<br>/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I..
<br>-I../intl -I/export/home/drkirkby/sage-4.2.1/local/include -g -O2 -MT
<br>strverscmp.lo -MD -MP -MF .deps/strverscmp.Tpo -c -o strverscmp.lo strverscmp.c
<br>.libs/strverscmp.o: No such file or directory
<br>strverscmp.lo: No such file or directory
<br>strverscmp.loT: No such file or directory
<br>libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../intl
<br>-I/export/home/drkirkby/sage-4.2.1/local/include -g -O2 -MT strverscmp.lo -MD
<br>-MP -MF .deps/strverscmp.Tpo -c strverscmp.c -fPIC -DPIC -o .libs/strverscmp.o
<br>mv -f .deps/strverscmp.Tpo .deps/strverscmp.Plo
<br>/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I..
<br>-I../intl -I/export/home/drkirkby/sage-4.2.1/local/include -g -O2 -MT
<br>vasnprintf.lo -MD -MP -MF .deps/vasnprintf.Tpo -c -o vasnprintf.lo vasnprintf.c
<br>.libs/vasnprintf.o: No such file or directory
<br>vasnprintf.lo: No such file or directory
<br>vasnprintf.loT: No such file or directory
<br>libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../intl
<br>-I/export/home/drkirkby/sage-4.2.1/local/include -g -O2 -MT vasnprintf.lo -MD
<br>-MP -MF .deps/vasnprintf.Tpo -c vasnprintf.c -fPIC -DPIC -o .libs/vasnprintf.o
<br>mv -f .deps/vasnprintf.Tpo .deps/vasnprintf.Plo
<br>/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I..
<br>-I../intl -I/export/home/drkirkby/sage-4.2.1/local/include -g -O2 -MT
<br>vasprintf.lo -MD -MP -MF .deps/vasprintf.Tpo -c -o vasprintf.lo vasprintf.c
<br>.libs/vasprintf.o: No such file or directory
<br>vasprintf.lo: No such file or directory
<br>vasprintf.loT: No such file or directory
<br>libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../intl
<br>-I/export/home/drkirkby/sage-4.2.1/local/include -g -O2 -MT vasprintf.lo -MD -MP
<br>-MF .deps/vasprintf.Tpo -c vasprintf.c -fPIC -DPIC -o .libs/vasprintf.o
<br>mv -f .deps/vasprintf.Tpo .deps/vasprintf.Plo
<br>/bin/bash ../libtool --tag=CC --mode=link gcc -g -O2 -o liblgnu.la
<br>c-ctype.lo close-hook.lo sockets.lo asnprintf.lo asprintf.lo memmem.lo
<br>printf-args.lo printf-parse.lo read-file.lo strverscmp.lo vasnprintf.lo
<br>vasprintf.lo
<br>libtool: link: ar cru .libs/liblgnu.a .libs/c-ctype.o .libs/close-hook.o
<br>.libs/sockets.o .libs/asnprintf.o .libs/asprintf.o .libs/memmem.o
<br>.libs/printf-args.o .libs/printf-parse.o .libs/read-file.o .libs/strverscmp.o
<br>.libs/vasnprintf.o .libs/vasprintf.o
<br>libtool: link: ranlib .libs/liblgnu.a
<br>liblgnu.la: No such file or directory
<br>libtool: link: ( cd ".libs" && rm "liblgnu.la" && ln -s "../liblgnu.la"
<br>"liblgnu.la" )
<br>liblgnu.la: No such file or directory
<br>make[8]: *** [liblgnu.la] Error 2
<br>make[8]: Leaving directory
<br>`/export/home/drkirkby/sage-4.2.1/spkg/build/gnutls-2.8.5/src/lib/gl'
<br>make[7]: *** [all-recursive] Error 1
<br>make[7]: Leaving directory
<br>`/export/home/drkirkby/sage-4.2.1/spkg/build/gnutls-2.8.5/src/lib/gl'
<br>make[6]: *** [all] Error 2
<br>make[6]: Leaving directory
<br>`/export/home/drkirkby/sage-4.2.1/spkg/build/gnutls-2.8.5/src/lib/gl'
<br>make[5]: *** [all-recursive] Error 1
<br>make[5]: Leaving directory
<br>`/export/home/drkirkby/sage-4.2.1/spkg/build/gnutls-2.8.5/src/lib'
<br>make[4]: *** [all] Error 2
<br>make[4]: Leaving directory
<br>`/export/home/drkirkby/sage-4.2.1/spkg/build/gnutls-2.8.5/src/lib'
<br>make[3]: *** [all-recursive] Error 1
<br>make[3]: Leaving directory
<br>`/export/home/drkirkby/sage-4.2.1/spkg/build/gnutls-2.8.5/src'
<br>make[2]: *** [all] Error 2
<br>make[2]: Leaving directory
<br>`/export/home/drkirkby/sage-4.2.1/spkg/build/gnutls-2.8.5/src'
<br>failed to build GNUTLS
<br><br>real 2m0.076s
<br>user 0m51.307s
<br>sys 1m5.651s
<br>sage: An error occurred while installing gnutls-2.8.5
<br><br><br>_______________________________________________
<br>Gnutls-devel mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26558500&i=0" target="_top" rel="nofollow">Gnutls-devel@...</a>
<br><a href="http://lists.gnu.org/mailman/listinfo/gnutls-devel" target="_top" rel="nofollow">http://lists.gnu.org/mailman/listinfo/gnutls-devel</a><br><p>From forum: <a href="http://old.nabble.com/GnuPG---Gnutls---Dev-f955.html" embed="fixTarget[955]" target="_top" >GnuPG - Gnutls - Dev</a></p>tag:old.nabble.com,2006:post-26558336Re: GnuPG private key resilience against off-line brute-force attacks (was: Re: Backup of private key)2009-11-28T16:30:53Z2009-11-28T16:30:53ZMario Xerxes Castelán Castro-----BEGIN PGP SIGNED MESSAGE-----
<br>Hash: SHA256
<br><br>November 28th 2009 for <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26558336&i=0" target="_top" rel="nofollow">gnupg-users@...</a> thread "GnuPG private key
<br>resilience against off-line brute-force attacks"
<br><br>Ciprian: Wath you say is possible but useless.
<br><br>One could build a machine who computes anything in only 1 clock cycle
<br>or than not even need clock cycles: there are circuits than change it
<br>output as it input is changed without need of a pulse (Usually from a
<br>clock, it is: constant frecuency pulse generator) but the change is
<br>not inmmediate. As the compexity (Circuit complexity, not
<br>computational complexity) increases the delay betwen input change (Or
<br>clock signal) and output change becomes greater and greater thus they
<br>operating frecuence is low.
<br><br>So, yes, it can be built a machine than compues the S2K in one clock
<br>cycle, but it clock cycle shold be of very very low frecuency thus
<br>having the same performance as a machine than computes a S2K in say,
<br>20,000 cycles but with much faster cicles.
<br><br>This is the contrary version of the megahert myth: "More cycles, more
<br>speed" than assumes than a 2.4 GHz CPU have the same eficiency per
<br>cycle than a 3.2 one. You instead think than more eficience per cycle
<br>gives more performance, your mistrake is than the cycles will be
<br>larger and frecuency much lower.
<br><br>Performance = Frecuency * Performance of each cycle. Sometimes one can
<br>make cycles 2 times more efficient but frecuency only 20% lower as
<br>intel do with P4 to Core 2 but this tradeoff can't be repeated infite
<br>times. There are some point where slighty more efficient cycles
<br>provokes a much more loss in frecuency and therefore the overall
<br>performance will be low.
<br>-----BEGIN PGP SIGNATURE-----
<br>Version: GnuPG v1.4.9 (GNU/Linux)
<br><br>iEYEAREIAAYFAksRwJ4ACgkQZ4DA0TLic4il2QCeKXlMID7S0K8/ay3JuWCqvxrP
<br>Kq8An1GDC/bGlgbwjGr8ebrdRAPgJ+H4
<br>=o+UI
<br>-----END PGP SIGNATURE-----
<br><br><br>2009/11/28 Ciprian Dorin, Craciun <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26558336&i=1" target="_top" rel="nofollow">ciprian.craciun@...</a>>:
<div class='shrinkable-quote'><br>> On Sun, Nov 29, 2009 at 12:29 AM, Mario Castelán Castro
<br>> <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26558336&i=2" target="_top" rel="nofollow">mariocastelancastro@...</a>> wrote:
<br>>> -----BEGIN PGP SIGNED MESSAGE-----
<br>>> Hash: SHA256
<br>>>
<br>>> November 28th 2009 for <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26558336&i=3" target="_top" rel="nofollow">gnupg-users@...</a> thread "GnuPG private key
<br>>> resilience against off-line brute-force attacks"
<br>>>
<br>>> Loop unrolling only gives more performance in very small loops, for
<br>>> not so small ones there can be in fact a performance penality since as
<br>>> the unrolled code is great it leaves less cache for data.
<br>>>
<br>>> The complexity of a S2K algoritm is constant for variable input and
<br>>> constant iterations, in other words, it is O(1) but this O(1) assumes
<br>>> constant number of iterations, if we consider that factor the
<br>>> complexity would be O(iterations).
<br>>>
<br>>> So that O(1) than you say is correct but meaningless in this context.
<br>>> -----BEGIN PGP SIGNATURE-----
<br>>> Version: GnuPG v1.4.9 (GNU/Linux)
<br>>>
<br>>> iEYEAREIAAYFAksRpCIACgkQZ4DA0TLic4iEUACgjxnvVcF0JXiBI3MuMv8HHwdY
<br>>> +P4AniUvv+j5Ysg99Qc+xDZ9e1LnCzxS
<br>>> =h116
<br>>> -----END PGP SIGNATURE-----
<br>>
<br>>
<br>> Again, as I've replied to Mario (off-the-list, below the excerpt
<br>> for the rest of the list), by pipe-lining I assumed something like a
<br>> hardware SIMD architecture.
<br>>
<br>> But I do agree that for a software-based implementation the
<br>> iteration count does imply O(iteration_count) time complexity (which
<br>> is constant). But not for a hardware implementation, where I can trade
<br>> O(1) (and by `1` I don't mean constant, I actually mean `one
<br>> heart-beat or a small number of hardware cycles`) in time with a O(n)
<br>> in hardware complexity.
<br>>
<br>> In short:
<br>>> Now imagine that we construct `iteration_count` many hardware
<br>>> based `hash` blocks.
<br>>>
<br>>> password -> (hash) -> ... iteration_count ... -> (hash) -> output
<br>>
<br>> Could someone prove me wrong? (I'm not a hardware expert, but I
<br>> believe it's technical possible.)
<br>>
<br>> Ciprian.
<br>>
<br>>
<br>> On Sat, Nov 28, 2009 at 7:20 PM, Ciprian Dorin, Craciun
<br>> <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26558336&i=4" target="_top" rel="nofollow">ciprian.craciun@...</a>> wrote:
<br>>> On Sat, Nov 28, 2009 at 7:08 PM, Mario Castelán Castro
<br>>> <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26558336&i=5" target="_top" rel="nofollow">mariocastelancastro@...</a>> wrote:
<br>>>> -----BEGIN PGP SIGNED MESSAGE-----
<br>>>> Hash: SHA256
<br>>>>
<br>>>> November 28th for <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26558336&i=6" target="_top" rel="nofollow">gnupg-users@...</a> thread "GnuPG private key
<br>>>> resilience against off-line brute-force attacks"
<br>>>>
<br>>>>>P.S.: I'm also aware of the fact that iterations do not help at all,
<br>>>>>if a big-budget agency (NSA and the like), is going to build a
<br>>>>>hardware based brute-force key breaking, as they can build a pipeline
<br>>>>>of iteration functions that would try one key in O(1) time. :) (Or
<br>>>>>I'm wrong here?)
<br>>>>
<br>>>> Pipelining do not make iterated functions go to O(1)!. They are faster
<br>>>> but still of the same complexity. So: more iterations, more time that
<br>>>> it took to calculate, be the CPU where ejecuted pipelined or not.
<br>>>> -----BEGIN PGP SIGNATURE-----
<br>>>> Version: GnuPG v1.4.9 (GNU/Linux)
<br>>>>
<br>>>> iEYEAREIAAYFAksRWPcACgkQZ4DA0TLic4hC/QCfe9k3PybJ7X4W0oApBuob1OWh
<br>>>> yjAAn2tYiBK3yUZkAQh8dcWwwlrgxUU5
<br>>>> =Om9a
<br>>>> -----END PGP SIGNATURE-----
<br>>>
<br>>>
<br>>> By pipeline-ing, I don't mean what we have in CPU's.
<br>>>
<br>>> I assume that the general working principle of the iterations work
<br>>> like this:
<br>>> ~~~~
<br>>> password = ...
<br>>> iteration_count = ...
<br>>> hashed_password = password
<br>>> for i in range (0, iterattion_count):
<br>>> hashed_password = hash (hashed_password)
<br>>> ~~~~
<br>>>
<br>>> Now this code can be unroll-ed (if the iteration count is known at
<br>>> build-time):
<br>>> ~~~~
<br>>> password = ...
<br>>> hashed_password = password
<br>>> hashed_password = hash (hashed_password)
<br>>> ... in total iteration_count times
<br>>> hashed_password = hash (hashed_password)
<br>>> ~~~~
<br>>>
<br>>> Now imagine that we construct `iteration_count` many hardware
<br>>> based `hash` blocks.
<br>>>
<br>>> password -> (hash) -> ... iteration_count ... -> (hash) -> output
<br>>>
<br>>> And at each time-tick (heartbeat) we fed 'password + 1' and push
<br>>> the output from one hash box to another (at the same time). Thus at
<br>>> each step we obtain as output one hashed password per heart-beat.
<br>>>
<br>>> This is why I'm saying it is only O(1), but O(n) in
<br>>> hardware-blocks. Thus we trade hardware complexity with time
<br>>> complexity.
<br>>>
<br>>> This architecture is called SIMD (Single Instruction Multiple
<br>>> Data) <a href="http://en.wikipedia.org/wiki/SIMD" target="_top" rel="nofollow">http://en.wikipedia.org/wiki/SIMD</a><br>>>
<br>>> So, does it seem possible now? :) (I've not actually have seen any
<br>>> mention of such method, but my opinion is that it's possible.)
<br>>>
<br>>> Ciprian.
<br>>
</div><br>_______________________________________________
<br>Gnupg-users mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26558336&i=7" target="_top" rel="nofollow">Gnupg-users@...</a>
<br><a href="http://lists.gnupg.org/mailman/listinfo/gnupg-users" target="_top" rel="nofollow">http://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br><p>From forum: <a href="http://old.nabble.com/GnuPG---User-f959.html" embed="fixTarget[959]" target="_top" >GnuPG - User</a></p>tag:old.nabble.com,2006:post-26558202Re: GnuPG private key resilience against off-line brute-force attacks (was: Re: Backup of private key)2009-11-28T15:49:03Z2009-11-28T15:49:03ZCiprian Dorin, CraciunOn Sun, Nov 29, 2009 at 12:29 AM, Mario Castelán Castro
<br><<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26558202&i=0" target="_top" rel="nofollow">mariocastelancastro@...</a>> wrote:
<div class='shrinkable-quote'><br>> -----BEGIN PGP SIGNED MESSAGE-----
<br>> Hash: SHA256
<br>>
<br>> November 28th 2009 for <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26558202&i=1" target="_top" rel="nofollow">gnupg-users@...</a> thread "GnuPG private key
<br>> resilience against off-line brute-force attacks"
<br>>
<br>> Loop unrolling only gives more performance in very small loops, for
<br>> not so small ones there can be in fact a performance penality since as
<br>> the unrolled code is great it leaves less cache for data.
<br>>
<br>> The complexity of a S2K algoritm is constant for variable input and
<br>> constant iterations, in other words, it is O(1) but this O(1) assumes
<br>> constant number of iterations, if we consider that factor the
<br>> complexity would be O(iterations).
<br>>
<br>> So that O(1) than you say is correct but meaningless in this context.
<br>> -----BEGIN PGP SIGNATURE-----
<br>> Version: GnuPG v1.4.9 (GNU/Linux)
<br>>
<br>> iEYEAREIAAYFAksRpCIACgkQZ4DA0TLic4iEUACgjxnvVcF0JXiBI3MuMv8HHwdY
<br>> +P4AniUvv+j5Ysg99Qc+xDZ9e1LnCzxS
<br>> =h116
<br>> -----END PGP SIGNATURE-----
</div><br><br> Again, as I've replied to Mario (off-the-list, below the excerpt
<br>for the rest of the list), by pipe-lining I assumed something like a
<br>hardware SIMD architecture.
<br><br> But I do agree that for a software-based implementation the
<br>iteration count does imply O(iteration_count) time complexity (which
<br>is constant). But not for a hardware implementation, where I can trade
<br>O(1) (and by `1` I don't mean constant, I actually mean `one
<br>heart-beat or a small number of hardware cycles`) in time with a O(n)
<br>in hardware complexity.
<br><br> In short:
<br>> Now imagine that we construct `iteration_count` many hardware
<br>> based `hash` blocks.
<br>>
<br>> password -> (hash) -> ... iteration_count ... -> (hash) -> output
<br><br> Could someone prove me wrong? (I'm not a hardware expert, but I
<br>believe it's technical possible.)
<br><br> Ciprian.
<br><br><br>On Sat, Nov 28, 2009 at 7:20 PM, Ciprian Dorin, Craciun
<br><<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26558202&i=2" target="_top" rel="nofollow">ciprian.craciun@...</a>> wrote:
<div class='shrinkable-quote'><br>> On Sat, Nov 28, 2009 at 7:08 PM, Mario Castelán Castro
<br>> <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26558202&i=3" target="_top" rel="nofollow">mariocastelancastro@...</a>> wrote:
<br>>> -----BEGIN PGP SIGNED MESSAGE-----
<br>>> Hash: SHA256
<br>>>
<br>>> November 28th for <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26558202&i=4" target="_top" rel="nofollow">gnupg-users@...</a> thread "GnuPG private key
<br>>> resilience against off-line brute-force attacks"
<br>>>
<br>>>>P.S.: I'm also aware of the fact that iterations do not help at all,
<br>>>>if a big-budget agency (NSA and the like), is going to build a
<br>>>>hardware based brute-force key breaking, as they can build a pipeline
<br>>>>of iteration functions that would try one key in O(1) time. :) (Or
<br>>>>I'm wrong here?)
<br>>>
<br>>> Pipelining do not make iterated functions go to O(1)!. They are faster
<br>>> but still of the same complexity. So: more iterations, more time that
<br>>> it took to calculate, be the CPU where ejecuted pipelined or not.
<br>>> -----BEGIN PGP SIGNATURE-----
<br>>> Version: GnuPG v1.4.9 (GNU/Linux)
<br>>>
<br>>> iEYEAREIAAYFAksRWPcACgkQZ4DA0TLic4hC/QCfe9k3PybJ7X4W0oApBuob1OWh
<br>>> yjAAn2tYiBK3yUZkAQh8dcWwwlrgxUU5
<br>>> =Om9a
<br>>> -----END PGP SIGNATURE-----
<br>>
<br>>
<br>> By pipeline-ing, I don't mean what we have in CPU's.
<br>>
<br>> I assume that the general working principle of the iterations work
<br>> like this:
<br>> ~~~~
<br>> password = ...
<br>> iteration_count = ...
<br>> hashed_password = password
<br>> for i in range (0, iterattion_count):
<br>> hashed_password = hash (hashed_password)
<br>> ~~~~
<br>>
<br>> Now this code can be unroll-ed (if the iteration count is known at
<br>> build-time):
<br>> ~~~~
<br>> password = ...
<br>> hashed_password = password
<br>> hashed_password = hash (hashed_password)
<br>> ... in total iteration_count times
<br>> hashed_password = hash (hashed_password)
<br>> ~~~~
<br>>
<br>> Now imagine that we construct `iteration_count` many hardware
<br>> based `hash` blocks.
<br>>
<br>> password -> (hash) -> ... iteration_count ... -> (hash) -> output
<br>>
<br>> And at each time-tick (heartbeat) we fed 'password + 1' and push
<br>> the output from one hash box to another (at the same time). Thus at
<br>> each step we obtain as output one hashed password per heart-beat.
<br>>
<br>> This is why I'm saying it is only O(1), but O(n) in
<br>> hardware-blocks. Thus we trade hardware complexity with time
<br>> complexity.
<br>>
<br>> This architecture is called SIMD (Single Instruction Multiple
<br>> Data) <a href="http://en.wikipedia.org/wiki/SIMD" target="_top" rel="nofollow">http://en.wikipedia.org/wiki/SIMD</a><br>>
<br>> So, does it seem possible now? :) (I've not actually have seen any
<br>> mention of such method, but my opinion is that it's possible.)
<br>>
<br>> Ciprian.
</div><br>_______________________________________________
<br>Gnupg-users mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26558202&i=5" target="_top" rel="nofollow">Gnupg-users@...</a>
<br><a href="http://lists.gnupg.org/mailman/listinfo/gnupg-users" target="_top" rel="nofollow">http://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br><p>From forum: <a href="http://old.nabble.com/GnuPG---User-f959.html" embed="fixTarget[959]" target="_top" >GnuPG - User</a></p>tag:old.nabble.com,2006:post-26557592Re: GnuPG private key resilience against off-line brute-force attacks (was: Re: Backup of private key)2009-11-28T14:29:27Z2009-11-28T14:29:27ZMario Xerxes Castelán Castro-----BEGIN PGP SIGNED MESSAGE-----
<br>Hash: SHA256
<br><br>November 28th 2009 for <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26557592&i=0" target="_top" rel="nofollow">gnupg-users@...</a> thread "GnuPG private key
<br>resilience against off-line brute-force attacks"
<br><br>Loop unrolling only gives more performance in very small loops, for
<br>not so small ones there can be in fact a performance penality since as
<br>the unrolled code is great it leaves less cache for data.
<br><br>The complexity of a S2K algoritm is constant for variable input and
<br>constant iterations, in other words, it is O(1) but this O(1) assumes
<br>constant number of iterations, if we consider that factor the
<br>complexity would be O(iterations).
<br><br>So that O(1) than you say is correct but meaningless in this context.
<br>-----BEGIN PGP SIGNATURE-----
<br>Version: GnuPG v1.4.9 (GNU/Linux)
<br><br>iEYEAREIAAYFAksRpCIACgkQZ4DA0TLic4iEUACgjxnvVcF0JXiBI3MuMv8HHwdY
<br>+P4AniUvv+j5Ysg99Qc+xDZ9e1LnCzxS
<br>=h116
<br>-----END PGP SIGNATURE-----
<br><br>_______________________________________________
<br>Gnupg-users mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26557592&i=1" target="_top" rel="nofollow">Gnupg-users@...</a>
<br><a href="http://lists.gnupg.org/mailman/listinfo/gnupg-users" target="_top" rel="nofollow">http://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br><p>From forum: <a href="http://old.nabble.com/GnuPG---User-f959.html" embed="fixTarget[959]" target="_top" >GnuPG - User</a></p>tag:old.nabble.com,2006:post-26557752Re: GnuPG private key resilience against off-line brute-force attacks (was: Re: Backup of private key)2009-11-28T14:08:38Z2009-11-28T14:08:38ZDavid ShawOn Nov 28, 2009, at 11:55 AM, Ciprian Dorin, Craciun wrote:
<br><div class='shrinkable-quote'><br>> Thank you for the quick reply. (This is the kind of answer I was
<br>> hopping to get. :) ) It seems that `s2k-count` escaped me. :)
<br>>
<br>> Maybe there should be an entry in the FAQ about this topic.
<br>>
<br>> Related with my question about the password bit strength there
<br>> still is a vale on my eyes. So I guess (sorry for not being properly
<br>> documented here):
<br>> * the private / public key pair is generated by using whatever
<br>> means (RSA / DSA);
<br>> * my password is taken and fed into "Iterated and Salted S2K" to
<br>> obtain the secret key encryption.
<br>> * the private key data is taken and fed into '????' algorithm that
<br>> uses as password what has been obtained at the previous step.
</div><br>The "????" is CAST5, by default. You can change it with --s2k-cipher-
<br>algo. The usual s2k rules apply - if you change the s2k-cipher-algo,
<br>it won't take effect until you change the passphrase. Also, be
<br>careful you don't shoot yourself in the foot with setting the
<br>algorithm to something you can't handle. This is less of a danger
<br>than with most algorithm changing tweaks: you only have to guarantee
<br>that *you* (and not all of your correspondents) have the ability to
<br>handle the key.
<br><br>So if you want your passphrase to be as strong as CAST5, you'd need a
<br>really massive passphrase. The passphrase is almost always the
<br>weakest part of this sort of system, by far.
<br><br>> P.S.: I'm also aware of the fact that iterations do not help at
<br>> all, if a big-budget agency (NSA and the like), is going to build a
<br>> hardware based brute-force key breaking, as they can build a pipeline
<br>> of iteration functions that would try one key in O(1) time. :) (Or I'm
<br>> wrong here?)
<br><br>They're more likely to hit you with a wrench, a la <a href="http://xkcd.com/" target="_top" rel="nofollow">http://xkcd.com/</a>
<br>538/ :)
<br><br>David
<br><br><br>_______________________________________________
<br>Gnupg-users mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26557752&i=0" target="_top" rel="nofollow">Gnupg-users@...</a>
<br><a href="http://lists.gnupg.org/mailman/listinfo/gnupg-users" target="_top" rel="nofollow">http://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br><p>From forum: <a href="http://old.nabble.com/GnuPG---User-f959.html" embed="fixTarget[959]" target="_top" >GnuPG - User</a></p>tag:old.nabble.com,2006:post-26557155Re: GnuPG private key resilience against off-line brute-force attacks (was: Re: Backup of private key)2009-11-28T13:28:34Z2009-11-28T13:28:34ZDavid ShawOn Nov 28, 2009, at 3:07 PM, M.B.Jr. wrote:
<br><div class='shrinkable-quote'><br>> Hi,
<br>>
<br>>
<br>> On Sat, Nov 28, 2009 at 1:47 PM, David Shaw <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26557155&i=0" target="_top" rel="nofollow">dshaw@...</a>>
<br>> wrote:
<br>>>> The question is: what does GnuPG or OpenSSH do to slow down
<br>>>> password brute-force? I mean does the password derivation function
<br>>>> use
<br>>>> some iterations? If so how many? Can I configure them? I guess so
<br>>>> but
<br>>>> I couldn't find any data on the net on a quick search. (Any
<br>>>> references
<br>>>> are appreciated.)
<br>>>
<br>>> GnuPG (really OpenPGP) does iterated password hashing. See section
<br>>> 3.7.13
<br>>> "Iterated and Salted S2K" of RFC-4880 for the fine details, but the
<br>>> gist is
<br>>> as you surmised - the passphrase is run through many hash
<br>>> iterations. This
<br>>> slows down passphrase guessers as they must also repeat the hashing
<br>>> part the
<br>>> same number of times. By default, GnuPG uses 65536 iterations of the
<br>>> pasphrase hash, but can be configured via the --s2k-count option to
<br>>> be as
<br>>> high as 65011712 iterations.
<br>>
<br>>
<br>> Considering a password/passphrase, which has -- by default, its
<br>> 65536th hash iteration result, locally stored for comparison.
<br>>
<br>> If I adjust (via --s2k-count) my GnuPG's iterations number, will it
<br>> generate and store a new sum value for my actual passphase? Or for
<br>> this passphrase specifically, it will continue working with the number
<br>> of iterations used by the time the passphrase was created?
</div><br>The s2k-count is only used when creating the passphrase for the first
<br>time (and that applies to both creating a new secret key as well as
<br>encrypting something with a passphrase via --symmetric). If you want
<br>to change the s2k-count of an existing secret key, you need to set the
<br>new s2k-count and then change the passphrase. You can "change" it to
<br>the same passphrase if you like - it's the creation of a new
<br>passphrase-to-key that picks up the new s2k-count.
<br><br>David
<br><br><br>_______________________________________________
<br>Gnupg-users mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26557155&i=1" target="_top" rel="nofollow">Gnupg-users@...</a>
<br><a href="http://lists.gnupg.org/mailman/listinfo/gnupg-users" target="_top" rel="nofollow">http://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br><p>From forum: <a href="http://old.nabble.com/GnuPG---User-f959.html" embed="fixTarget[959]" target="_top" >GnuPG - User</a></p>tag:old.nabble.com,2006:post-26557132Re: GnuPG private key resilience against off-line brute-force attacks (was: Re: Backup of private key)2009-11-28T13:25:40Z2009-11-28T13:25:40ZDavid ShawOn Nov 28, 2009, at 12:37 PM, Robert J. Hansen wrote:
<br><div class='shrinkable-quote'><br>> David Shaw wrote:
<br>>> Difficult question to answer, since everyone is going to wave around
<br>>> their opinion. :)
<br>>
<br>> There are some empirical facts which may be useful, though -- like
<br>> observing the RC5-64 project was able to break a 64-bit key via a
<br>> massive distributed project that took 18 months of runtime.
<br>>
<br>> That's not a recommendation, just a data point which may be useful to
<br>> people in making their own estimations.
</div><br>That's sort of the problem, though. There are countless facts that
<br>can be brought to bear on this question, and each one, by itself is
<br>just an additional point which does not add very much to the perennial
<br>question of key length. The nice thing about the keylength.com site
<br>is that they (or rather the several research papers and guides that
<br>comprise the site) gather together hundreds or more of individual
<br>facts and - carefully showing their methodology so that others can
<br>learn - do derive recommendations.
<br><br>David
<br><br><br>_______________________________________________
<br>Gnupg-users mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26557132&i=0" target="_top" rel="nofollow">Gnupg-users@...</a>
<br><a href="http://lists.gnupg.org/mailman/listinfo/gnupg-users" target="_top" rel="nofollow">http://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br><p>From forum: <a href="http://old.nabble.com/GnuPG---User-f959.html" embed="fixTarget[959]" target="_top" >GnuPG - User</a></p>tag:old.nabble.com,2006:post-26557017Re: GnuPG private key resilience against off-line brute-force attacks (was: Re: Backup of private key)2009-11-28T12:07:36Z2009-11-28T12:07:36ZBarbadoHi,
<br><br><br>On Sat, Nov 28, 2009 at 1:47 PM, David Shaw <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26557017&i=0" target="_top" rel="nofollow">dshaw@...</a>> wrote:
<div class='shrinkable-quote'><br>>> The question is: what does GnuPG or OpenSSH do to slow down
<br>>> password brute-force? I mean does the password derivation function use
<br>>> some iterations? If so how many? Can I configure them? I guess so but
<br>>> I couldn't find any data on the net on a quick search. (Any references
<br>>> are appreciated.)
<br>>
<br>> GnuPG (really OpenPGP) does iterated password hashing. See section 3.7.13
<br>> "Iterated and Salted S2K" of RFC-4880 for the fine details, but the gist is
<br>> as you surmised - the passphrase is run through many hash iterations. This
<br>> slows down passphrase guessers as they must also repeat the hashing part the
<br>> same number of times. By default, GnuPG uses 65536 iterations of the
<br>> pasphrase hash, but can be configured via the --s2k-count option to be as
<br>> high as 65011712 iterations.
</div><br><br>Considering a password/passphrase, which has -- by default, its
<br>65536th hash iteration result, locally stored for comparison.
<br><br>If I adjust (via --s2k-count) my GnuPG's iterations number, will it
<br>generate and store a new sum value for my actual passphase? Or for
<br>this passphrase specifically, it will continue working with the number
<br>of iterations used by the time the passphrase was created?
<br><br><br>Regards,
<br><br><br><br>Marcio Barbado, Jr.
<br><br>_______________________________________________
<br>Gnupg-users mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26557017&i=1" target="_top" rel="nofollow">Gnupg-users@...</a>
<br><a href="http://lists.gnupg.org/mailman/listinfo/gnupg-users" target="_top" rel="nofollow">http://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br><p>From forum: <a href="http://old.nabble.com/GnuPG---User-f959.html" embed="fixTarget[959]" target="_top" >GnuPG - User</a></p>tag:old.nabble.com,2006:post-26555504Re: GnuPG private key resilience against off-line brute-force attacks (was: Re: Backup of private key)2009-11-28T10:03:27Z2009-11-28T10:03:27ZJohn Clizbe-2Robert J. Hansen wrote:
<br>> David Shaw wrote:
<br>>> Difficult question to answer, since everyone is going to wave around
<br>>> their opinion. :)
<br>>
<br>> There are some empirical facts which may be useful, though -- like
<br>> observing the RC5-64 project was able to break a 64-bit key via a
<br>> massive distributed project that took 18 months of runtime.
<br>>
<br><br>And estimates for RC5-72 including Moore's Law effects were hovering at 18 years.
<br><br>--
<br>John P. Clizbe Inet:John (a) Mozilla-Enigmail.org
<br>You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or
<br> mailto:<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26555504&i=0" target="_top" rel="nofollow">pgp-public-keys@...</a>?subject=HELP
<br><br>Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
<br>A:"An odd melody / island voices on the winds / surplus of vowels"
<br><br><br /> <br />_______________________________________________
<br>Gnupg-users mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26555504&i=1" target="_top" rel="nofollow">Gnupg-users@...</a>
<br><a href="http://lists.gnupg.org/mailman/listinfo/gnupg-users" target="_top" rel="nofollow">http://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br><div class="small"><br/><img src="http://old.nabble.com/images/icon_attachment.gif" > <strong>signature.asc</strong> (693 bytes) <a href="http://old.nabble.com/attachment/26555504/0/signature.asc" target="_top">Download Attachment</a></div><p>From forum: <a href="http://old.nabble.com/GnuPG---User-f959.html" embed="fixTarget[959]" target="_top" >GnuPG - User</a></p>tag:old.nabble.com,2006:post-26556079Re: GnuPG private key resilience against off-line brute-force attacks (was: Re: Backup of private key)2009-11-28T09:54:12Z2009-11-28T09:54:12ZNicholas ColeOn Sat, Nov 28, 2009 at 3:47 PM, David Shaw <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26556079&i=0" target="_top" rel="nofollow">dshaw@...</a>> wrote:
<br><br>[snip]
<br><br>> I'd suggest starting with the various calculators on
<br>> <a href="http://www.keylength.com/" target="_top" rel="nofollow">http://www.keylength.com/</a><br><br>A very interesting website. I followed the links, and found this document:
<br><br><a href="http://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml" target="_top" rel="nofollow">http://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml</a><br><br>It seems that the NSA is moving away from RSA/DH etc. cryptography,
<br>and now "only" approves their use for secret level material. They are
<br>instead pushing elliptic curve cryptography. I hadn't realised that
<br>there was such pressure to move away from traditional key exchange.
<br>Is this about the fear of quantum computing, or something else?
<br><br>EC in gpg is still some way off, it seems.
<br><br>N
<br><br>_______________________________________________
<br>Gnupg-users mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26556079&i=1" target="_top" rel="nofollow">Gnupg-users@...</a>
<br><a href="http://lists.gnupg.org/mailman/listinfo/gnupg-users" target="_top" rel="nofollow">http://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br><p>From forum: <a href="http://old.nabble.com/GnuPG---User-f959.html" embed="fixTarget[959]" target="_top" >GnuPG - User</a></p>tag:old.nabble.com,2006:post-26555211Re: GnuPG private key resilience against off-line brute-force attacks (was: Re: Backup of private key)2009-11-28T09:37:16Z2009-11-28T09:37:16ZRobert J. Hansen-3David Shaw wrote:
<br>> Difficult question to answer, since everyone is going to wave around
<br>> their opinion. :)
<br><br>There are some empirical facts which may be useful, though -- like
<br>observing the RC5-64 project was able to break a 64-bit key via a
<br>massive distributed project that took 18 months of runtime.
<br><br>That's not a recommendation, just a data point which may be useful to
<br>people in making their own estimations.
<br><br><br>_______________________________________________
<br>Gnupg-users mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26555211&i=0" target="_top" rel="nofollow">Gnupg-users@...</a>
<br><a href="http://lists.gnupg.org/mailman/listinfo/gnupg-users" target="_top" rel="nofollow">http://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br><p>From forum: <a href="http://old.nabble.com/GnuPG---User-f959.html" embed="fixTarget[959]" target="_top" >GnuPG - User</a></p>tag:old.nabble.com,2006:post-26554859Re: GnuPG private key resilience against off-line brute-force attacks (was: Re: Backup of private key)2009-11-28T08:55:25Z2009-11-28T08:55:25ZCiprian Dorin, CraciunOn Sat, Nov 28, 2009 at 5:47 PM, David Shaw <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26554859&i=0" target="_top" rel="nofollow">dshaw@...</a>> wrote:
<div class='shrinkable-quote'><br>> On Nov 28, 2009, at 9:42 AM, Ciprian Dorin, Craciun wrote:
<br>>
<br>>> Maybe someone could clear this out (at least from GnuPG part). (My
<br>>> original post was related with both GnuPG an OpenSSH).
<br>>>
<br>>> ~~~~~~~~~~ Original post:
<br>>>
<br>>> (I have a very basic question that to most of the persons reading
<br>>> this news-group might seem trivial. But anyway...)
<br>>>
<br>>> My concern (as stated in the subject) is related to the security
<br>>> strength of GnuPG and OpenSSH secret / private keys in the following
<br>>> context:
<br>>> * the secret / private keys are encrypted by using a password that
<br>>> only me (the owner) knows;
<br>>> * an attacker is in possession of my secret / private key files;
<br>>> * the attacker wants to gain access to the secret / private key
<br>>> (thus being able to impersonate me);
<br>>> * the attacker chooses as attack method to brute-force the files
<br>>> off-line, by trying to guess my password;
<br>>> * (by guessing the password I mean trying all possible passwords
<br>>> that fit a given pattern; the password is not a dictionary word, but
<br>>> instead is (truly) randomly created (i.e. DiceWare);)
<br>>>
<br>>> The question is: what does GnuPG or OpenSSH do to slow down
<br>>> password brute-force? I mean does the password derivation function use
<br>>> some iterations? If so how many? Can I configure them? I guess so but
<br>>> I couldn't find any data on the net on a quick search. (Any references
<br>>> are appreciated.)
<br>>
<br>> GnuPG (really OpenPGP) does iterated password hashing. See section 3.7.13
<br>> "Iterated and Salted S2K" of RFC-4880 for the fine details, but the gist is
<br>> as you surmised - the passphrase is run through many hash iterations. This
<br>> slows down passphrase guessers as they must also repeat the hashing part the
<br>> same number of times. By default, GnuPG uses 65536 iterations of the
<br>> pasphrase hash, but can be configured via the --s2k-count option to be as
<br>> high as 65011712 iterations.
<br>>
<br>> Be careful though - in some cases, a too-large value can hurt you here. If
<br>> you create a passphrase-encrypted message on a fast machine, and pick a huge
<br>> s2k-count, and then try to decrypt on a slow machine (say, a cell phone),
<br>> the message may become effectively unusable since the repeated hashes can
<br>> take an unusable amount of time on the slow processor.
<br>>
<br>> I'd have to look up the details if anyone is interested, but there was a
<br>> case a few months back of a huge s2k-count actually causing an embedded
<br>> device to trigger its deadman timer - someone had generated the message on a
<br>> fast machine (so never noticed the large iteration count), but sent it to
<br>> the slow one which clobbered it.
<br>>
<br>>> Also, how many bits of security should my password have in order
<br>>> to withstand an attack from a small / medium enterprise? (Government
<br>>> is out of the question as they could get access to my infrastructure
<br>>> by force...)
<br>>
<br>> Difficult question to answer, since everyone is going to wave around their
<br>> opinion. :)
<br>>
<br>> I'd suggest starting with the various calculators on
<br>> <a href="http://www.keylength.com/" target="_top" rel="nofollow">http://www.keylength.com/</a><br>>
<br>> David
</div><br><br> Thank you for the quick reply. (This is the kind of answer I was
<br>hopping to get. :) ) It seems that `s2k-count` escaped me. :)
<br><br> Maybe there should be an entry in the FAQ about this topic.
<br><br> Related with my question about the password bit strength there
<br>still is a vale on my eyes. So I guess (sorry for not being properly
<br>documented here):
<br> * the private / public key pair is generated by using whatever
<br>means (RSA / DSA);
<br> * my password is taken and fed into "Iterated and Salted S2K" to
<br>obtain the secret key encryption.
<br> * the private key data is taken and fed into '????' algorithm that
<br>uses as password what has been obtained at the previous step.
<br><br> So my question about key strength is: what symmetric key algorithm
<br>is used to safeguard the key. (Again I'm not properly documented
<br>here.) And based on the identity of this algorithm, I can use the site
<br>cited (<a href="http://www.keylength.com/" target="_top" rel="nofollow">http://www.keylength.com/</a>) to determine a "best practices" key
<br>length. (Other wise I'll have to go with the generic term "symmetric
<br>key encryption"... :) )
<br><br><br>> Now the interesting question would be, how to calculate the real bit
<br>> length of a passphrasse? I googled, and found this message, from this list:
<br>> <a href="http://lists.gnupg.org/pipermail/gnupg-users/2008-October/034842.html" target="_top" rel="nofollow">http://lists.gnupg.org/pipermail/gnupg-users/2008-October/034842.html</a><br><br> By key strength I mean the bits of entropy given by the password
<br>generation pattern. For example a 4-digit PIN number has only 13.3
<br>bits of entropy, even though we need at least 16 bits to store it.
<br>(This was also pointed out by Farami in his reply.)
<br><br> Thanks again,
<br> Ciprian.
<br><br><br> P.S.: I'm also aware of the fact that iterations do not help at
<br>all, if a big-budget agency (NSA and the like), is going to build a
<br>hardware based brute-force key breaking, as they can build a pipeline
<br>of iteration functions that would try one key in O(1) time. :) (Or I'm
<br>wrong here?)
<br><br>_______________________________________________
<br>Gnupg-users mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26554859&i=1" target="_top" rel="nofollow">Gnupg-users@...</a>
<br><a href="http://lists.gnupg.org/mailman/listinfo/gnupg-users" target="_top" rel="nofollow">http://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br><p>From forum: <a href="http://old.nabble.com/GnuPG---User-f959.html" embed="fixTarget[959]" target="_top" >GnuPG - User</a></p>tag:old.nabble.com,2006:post-26554913Re: GnuPG private key resilience against off-line brute-force attacks (was: Re: Backup of private key)2009-11-28T08:54:58Z2009-11-28T08:54:58ZMario Xerxes Castelán Castro-----BEGIN PGP SIGNED MESSAGE-----
<br>Hash: SHA256
<br><br>November 28th for <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26554913&i=0" target="_top" rel="nofollow">gnupg-users@...</a> thread "GnuPG private key
<br>resilience against off-line brute-force attacks"
<br><br>Entropy is a relative thing AFAIR:
<br><br>For one who knows than a password was generated by using diceware the
<br>entropy will be 7776^n + 7776^n-1 ... 7776^1 where n is the number of
<br>words.
<br><br>For one who knows the lenght of password the entropy will be 256^n
<br>where n is the length. If it is know than it is english text entropy
<br>would be (26+26+10)^n.
<br><br>In contrast for one who do not know how password has been generated
<br>the entropy will be as if it were a random one.
<br><br>In short the apparent entropy of passowrds depends of how many the
<br>atacker know of it.
<br>-----BEGIN PGP SIGNATURE-----
<br>Version: GnuPG v1.4.9 (GNU/Linux)
<br><br>iEYEAREIAAYFAksRVbsACgkQZ4DA0TLic4iwsgCfSpBGgu2zIYTL98CTde7QgTBu
<br>u9sAn3fgOtJhGoj4QTXgm6A1IjE+n4HU
<br>=t1Dq
<br>-----END PGP SIGNATURE-----
<br><br>_______________________________________________
<br>Gnupg-users mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26554913&i=1" target="_top" rel="nofollow">Gnupg-users@...</a>
<br><a href="http://lists.gnupg.org/mailman/listinfo/gnupg-users" target="_top" rel="nofollow">http://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br><p>From forum: <a href="http://old.nabble.com/GnuPG---User-f959.html" embed="fixTarget[959]" target="_top" >GnuPG - User</a></p>tag:old.nabble.com,2006:post-26554801Re: Backup of private key2009-11-28T08:33:13Z2009-11-28T08:33:13ZBugzilla from chaz@chaz6.com-----BEGIN PGP SIGNED MESSAGE-----
<br>Hash: SHA1
<br><br>There is thread in the archives with the subject "TPK Archival" that may
<br>be useful.
<br><br><a href="http://lists.gnupg.org/pipermail/gnupg-users/2009-March/035996.html" target="_top" rel="nofollow">http://lists.gnupg.org/pipermail/gnupg-users/2009-March/035996.html</a><br><br>Regards,
<br><br>Chris
<br>-----BEGIN PGP SIGNATURE-----
<br>Version: GnuPG v2.0.9 (GNU/Linux)
<br>Comment: Using GnuPG with Mozilla - <a href="http://enigmail.mozdev.org/" target="_top" rel="nofollow">http://enigmail.mozdev.org/</a><br><br>iQIcBAEBAgAGBQJLEVDIAAoJEKba9nIFysTLIBgP/jbW5IfIWApDJq5EAHGXg9cY
<br>y5/ce671duK9uimSBl1hXJWme+C1b/OFpbVAbCR7/Uu3UxVwQeCVD8F+T6mgaPsb
<br>mUPsX5GwrOZf5YMihq0h8aRsZYb1rAccHihGnEtJi9nQd9oLyxGUGc2DGh1sMOip
<br>Oz3KJnVjpp4rP7mbNoBiIWVcJFuSwHrvhwizaAEX3M7e/82SF1ty4ycIX1MqhWuZ
<br>YM2pRbisP8Qd1RlnER0El+Cec3R4DNpxLFAS5R7rQPAVlE8LzZLg3jZtBW+yLgiJ
<br>Ec3sAtWvgxnQBWUqX6svZug3e8rbwIZiZVtkGl1b+St+SwvlpOy55aFFhMFv2LDh
<br>QaQIzWo5GFS1NxnXFzOWh+fIS1aF9xRPsuj9dNW7S1k02A3DlwwRSuS26R+TZ/D2
<br>NHYvzct9DRG2cssv1hdGi14WJW742j0EzZ8io9bUujHJ+qwNaHbfjdrkNPc8jDbH
<br>VOCUF36jdccZP1QmmoXYRTowl2cTqs9e+osbbICqVtiIEl+Z7LDyFCYNwCcJyppd
<br>BUOOWyr8rkPoDkc0uh4Pw34uszLRYU+fGUa0+z3Vs/t8EbzhxDmCf/WZafhjcz+r
<br>B/8AUJOMxvudxOgJhZ6fQuT1vj5pNem/lMd/VWP7/XbcI3tPI2V7NeYxOmOba8E2
<br>w2ps4NbLQbHZo95KIW7A
<br>=8Q46
<br>-----END PGP SIGNATURE-----
<br><br><br>_______________________________________________
<br>Gnupg-users mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26554801&i=0" target="_top" rel="nofollow">Gnupg-users@...</a>
<br><a href="http://lists.gnupg.org/mailman/listinfo/gnupg-users" target="_top" rel="nofollow">http://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br><p>From forum: <a href="http://old.nabble.com/GnuPG---User-f959.html" embed="fixTarget[959]" target="_top" >GnuPG - User</a></p>tag:old.nabble.com,2006:post-26554729Re: GnuPG private key resilience against off-line brute-force attacks (was: Re: Backup of private key)2009-11-28T08:32:09Z2009-11-28T08:32:09ZFaramir-2-----BEGIN PGP SIGNED MESSAGE-----
<br>Hash: SHA256
<br><br>David Shaw escribió:
<br>> On Nov 28, 2009, at 9:42 AM, Ciprian Dorin, Craciun wrote:
<br>...
<div class='shrinkable-quote'><br>>> Also, how many bits of security should my password have in order
<br>>> to withstand an attack from a small / medium enterprise? (Government
<br>>> is out of the question as they could get access to my infrastructure
<br>>> by force...)
<br>>
<br>> Difficult question to answer, since everyone is going to wave around
<br>> their opinion. :)
<br>>
<br>> I'd suggest starting with the various calculators on
<br>> <a href="http://www.keylength.com/" target="_top" rel="nofollow">http://www.keylength.com/</a></div><br> Now the interesting question would be, how to calculate the real bit
<br>length of a passphrasse? I googled, and found this message, from this list:
<br><a href="http://lists.gnupg.org/pipermail/gnupg-users/2008-October/034842.html" target="_top" rel="nofollow">http://lists.gnupg.org/pipermail/gnupg-users/2008-October/034842.html</a><br><br> Best Regards
<br>-----BEGIN PGP SIGNATURE-----
<br>Version: GnuPG v1.4.10 (MingW32)
<br>Comment: Using GnuPG with Mozilla - <a href="http://enigmail.mozdev.org/" target="_top" rel="nofollow">http://enigmail.mozdev.org/</a><br><br>iQEcBAEBCAAGBQJLEVCJAAoJEMV4f6PvczxAYLIH/2kwGMDiBa7UNs83MyyzdeFs
<br>0DnKyEpoK4HSsvvVZhpEqBUOLuxep6qtn2uhnFlXCw7tC3e+iGTfyudPK9dhLi0J
<br>9aIkvYMSjzTCiiywiRAMHha6Z0dei5ffIsVupjeUnuzwiEXCDliUR5MODiQc4fP6
<br>uGJcU0Z/e/IkFlFfFKAACySvLHJcoNzllBMEnfXudqfJpeOsUoGq/T6P2zZfjGrZ
<br>ly0gwKVfEowB7fi5QXYwYL6Dfi+FmctNRbzxL0ED2Pq1q1N+fzg4VnxGX6dqtLgX
<br>EtBsg2z3jvLZE6nSD65kxkSmxu9fWSS8UIlWu21YzgFtSYWQTl1w/5gJaNTwt7o=
<br>=CL86
<br>-----END PGP SIGNATURE-----
<br><br>_______________________________________________
<br>Gnupg-users mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26554729&i=0" target="_top" rel="nofollow">Gnupg-users@...</a>
<br><a href="http://lists.gnupg.org/mailman/listinfo/gnupg-users" target="_top" rel="nofollow">http://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br><p>From forum: <a href="http://old.nabble.com/GnuPG---User-f959.html" embed="fixTarget[959]" target="_top" >GnuPG - User</a></p>tag:old.nabble.com,2006:post-26554300Re: GnuPG private key resilience against off-line brute-force attacks (was: Re: Backup of private key)2009-11-28T07:47:20Z2009-11-28T07:47:20ZDavid ShawOn Nov 28, 2009, at 9:42 AM, Ciprian Dorin, Craciun wrote:
<br><div class='shrinkable-quote'><br>> Maybe someone could clear this out (at least from GnuPG part). (My
<br>> original post was related with both GnuPG an OpenSSH).
<br>>
<br>> ~~~~~~~~~~ Original post:
<br>>
<br>> (I have a very basic question that to most of the persons reading
<br>> this news-group might seem trivial. But anyway...)
<br>>
<br>> My concern (as stated in the subject) is related to the security
<br>> strength of GnuPG and OpenSSH secret / private keys in the following
<br>> context:
<br>> * the secret / private keys are encrypted by using a password that
<br>> only me (the owner) knows;
<br>> * an attacker is in possession of my secret / private key files;
<br>> * the attacker wants to gain access to the secret / private key
<br>> (thus being able to impersonate me);
<br>> * the attacker chooses as attack method to brute-force the files
<br>> off-line, by trying to guess my password;
<br>> * (by guessing the password I mean trying all possible passwords
<br>> that fit a given pattern; the password is not a dictionary word, but
<br>> instead is (truly) randomly created (i.e. DiceWare);)
<br>>
<br>> The question is: what does GnuPG or OpenSSH do to slow down
<br>> password brute-force? I mean does the password derivation function use
<br>> some iterations? If so how many? Can I configure them? I guess so but
<br>> I couldn't find any data on the net on a quick search. (Any references
<br>> are appreciated.)
</div><br>GnuPG (really OpenPGP) does iterated password hashing. See section
<br>3.7.13 "Iterated and Salted S2K" of RFC-4880 for the fine details, but
<br>the gist is as you surmised - the passphrase is run through many hash
<br>iterations. This slows down passphrase guessers as they must also
<br>repeat the hashing part the same number of times. By default, GnuPG
<br>uses 65536 iterations of the pasphrase hash, but can be configured via
<br>the --s2k-count option to be as high as 65011712 iterations.
<br><br>Be careful though - in some cases, a too-large value can hurt you
<br>here. If you create a passphrase-encrypted message on a fast machine,
<br>and pick a huge s2k-count, and then try to decrypt on a slow machine
<br>(say, a cell phone), the message may become effectively unusable since
<br>the repeated hashes can take an unusable amount of time on the slow
<br>processor.
<br><br>I'd have to look up the details if anyone is interested, but there was
<br>a case a few months back of a huge s2k-count actually causing an
<br>embedded device to trigger its deadman timer - someone had generated
<br>the message on a fast machine (so never noticed the large iteration
<br>count), but sent it to the slow one which clobbered it.
<br><br>> Also, how many bits of security should my password have in order
<br>> to withstand an attack from a small / medium enterprise? (Government
<br>> is out of the question as they could get access to my infrastructure
<br>> by force...)
<br><br>Difficult question to answer, since everyone is going to wave around
<br>their opinion. :)
<br><br>I'd suggest starting with the various calculators on <a href="http://www.keylength.com/" target="_top" rel="nofollow">http://www.keylength.com/</a><br><br>David
<br><br><br>_______________________________________________
<br>Gnupg-users mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26554300&i=0" target="_top" rel="nofollow">Gnupg-users@...</a>
<br><a href="http://lists.gnupg.org/mailman/listinfo/gnupg-users" target="_top" rel="nofollow">http://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br><p>From forum: <a href="http://old.nabble.com/GnuPG---User-f959.html" embed="fixTarget[959]" target="_top" >GnuPG - User</a></p>tag:old.nabble.com,2006:post-26553763GnuPG private key resilience against off-line brute-force attacks (was: Re: Backup of private key)2009-11-28T06:42:06Z2009-11-28T06:42:06ZCiprian Dorin, Craciun (I'll try to start a new thread from the following quotes.)
<br><br><br>On Sat, Nov 28, 2009 at 8:50 AM, Robert J. Hansen <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26553763&i=0" target="_top" rel="nofollow">rjh@...</a>> wrote:
<br>> Matt wrote:
<br>>> If I had a sufficiently good passphrase, would Google returning my
<br>>> secret key as the first hit result for every search for a day still be
<br>>> secure?
<br>>
<br>> "Secure" is not a very good word to use. It means so many different
<br>> things to so many different people. "Secure" really means "in
<br>> accordance with my security policies" -- the use of the word is
<br>> inherently subjective.
<br><br><br> Related to the same problem (strength of the secret key data
<br>encryption measures), I've posted some months ago an email on the
<br>scy.crypt Usenet group, but I didn't got a satisfactory (that is
<br>factual) answer. (See below.)
<br><br> Maybe someone could clear this out (at least from GnuPG part). (My
<br>original post was related with both GnuPG an OpenSSH).
<br><br>~~~~~~~~~~ Original post:
<br><br> (I have a very basic question that to most of the persons reading
<br>this news-group might seem trivial. But anyway...)
<br><br> My concern (as stated in the subject) is related to the security
<br>strength of GnuPG and OpenSSH secret / private keys in the following
<br>context:
<br> * the secret / private keys are encrypted by using a password that
<br>only me (the owner) knows;
<br> * an attacker is in possession of my secret / private key files;
<br> * the attacker wants to gain access to the secret / private key
<br>(thus being able to impersonate me);
<br> * the attacker chooses as attack method to brute-force the files
<br>off-line, by trying to guess my password;
<br> * (by guessing the password I mean trying all possible passwords
<br>that fit a given pattern; the password is not a dictionary word, but
<br>instead is (truly) randomly created (i.e. DiceWare);)
<br><br> The question is: what does GnuPG or OpenSSH do to slow down
<br>password brute-force? I mean does the password derivation function use
<br>some iterations? If so how many? Can I configure them? I guess so but
<br>I couldn't find any data on the net on a quick search. (Any references
<br>are appreciated.)
<br><br> Also, how many bits of security should my password have in order
<br>to withstand an attack from a small / medium enterprise? (Government
<br>is out of the question as they could get access to my infrastructure
<br>by force...)
<br><br> Thank you for your patience and your wisdom,
<br> Ciprian Craciun.
<br><br>_______________________________________________
<br>Gnupg-users mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26553763&i=1" target="_top" rel="nofollow">Gnupg-users@...</a>
<br><a href="http://lists.gnupg.org/mailman/listinfo/gnupg-users" target="_top" rel="nofollow">http://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br><p>From forum: <a href="http://old.nabble.com/GnuPG---User-f959.html" embed="fixTarget[959]" target="_top" >GnuPG - User</a></p>tag:old.nabble.com,2006:post-26550907Re: Backup of private key2009-11-27T22:50:53Z2009-11-27T22:50:53ZRobert J. Hansen-3Matt wrote:
<br>> If I had a sufficiently good passphrase, would Google returning my
<br>> secret key as the first hit result for every search for a day still be
<br>> secure?
<br><br>"Secure" is not a very good word to use. It means so many different
<br>things to so many different people. "Secure" really means "in
<br>accordance with my security policies" -- the use of the word is
<br>inherently subjective.
<br><br>Let me try giving you an answer that doesn't involve the word "secure,"
<br>but will still hopefully answer your question.
<br><br><br><br><br>"For any symmetric cipher used in GnuPG, for any purpose supported by
<br>GnuPG, there is *no* effective way for someone who has the ciphertext
<br>and *only* the ciphertext to recover the plaintext without knowing the
<br>passphrase."
<br><br><br><br>The qualifiers are very important. For clarity's sake, I'll restate
<br>them here, very directly:
<br><br>* I am only talking about GnuPG
<br>* I am excluding gratuitously stupid things you can do by abusing
<br> the "--expert" flag
<br>* We are assuming the adversary has *only* the ciphertext
<br>* The adversary has *no* ability to execute side-channel attacks
<br> against you
<br><br><br>_______________________________________________
<br>Gnupg-users mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26550907&i=0" target="_top" rel="nofollow">Gnupg-users@...</a>
<br><a href="http://lists.gnupg.org/mailman/listinfo/gnupg-users" target="_top" rel="nofollow">http://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br><p>From forum: <a href="http://old.nabble.com/GnuPG---User-f959.html" embed="fixTarget[959]" target="_top" >GnuPG - User</a></p>tag:old.nabble.com,2006:post-26550734Re: Backup of private key2009-11-27T20:59:36Z2009-11-27T20:59:36ZMatt-135Robert J. Hansen wrote:
<br>> If you are sure that no one will ever guess your passphrase, then you
<br>> could safely publish your private key in the _New York Times_. That
<br>> would be a really extreme case, but you could do it.
<br><br>But what if you publish it in a paper people actually _read_? :)
<br><br>While I understand the intent of the statement, and been wanting to
<br>question it for some time (about 3 months). I do believe it to the
<br>limits of my understanding of modern cryptography. But I want to make
<br>sure I'm not missing something by the example using such a weak means of
<br>distribution. I can't say that I've _never_ seen a NYT, but I know I
<br>didn't read the copy that appeared in my elementary school in the 80s.
<br>They've had a good 20 years with which to have folded, or to have
<br>dropped down to a "oh, they still publish?" distribution.
<br><br>I'll try this modern bent to the question:
<br><br>If I had a sufficiently good passphrase, would Google returning my
<br>secret key as the first hit result for every search for a day still be
<br>secure?
<br><br>With my understanding, the answer is _still_ yes.
<br><br>I am under no delusions that my passphrase is that good. Not that I
<br>have the friends or enemies at Google with which to test it.
<br><br><br>_______________________________________________
<br>Gnupg-users mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26550734&i=0" target="_top" rel="nofollow">Gnupg-users@...</a>
<br><a href="http://lists.gnupg.org/mailman/listinfo/gnupg-users" target="_top" rel="nofollow">http://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br><p>From forum: <a href="http://old.nabble.com/GnuPG---User-f959.html" embed="fixTarget[959]" target="_top" >GnuPG - User</a></p>tag:old.nabble.com,2006:post-26548811Re: Help required for CSR validation2009-11-27T14:50:41Z2009-11-27T14:50:41ZNikos MavrogiannopoulosBoyan Kasarov wrote:
<br><br>> Soory for the short answer. Without the patch both RSA and DSA fail.
<br>> With the patch RSA works, but DSA still doesn't.
<br><br>It should be now fixed with this patch. This patch removed some optional
<br>parameters that were added for DSA. It seems that verisign didn't like
<br>them to be there.
<br><br>best regards,
<br>Nikos
<br><br />diff --git a/lib/x509/mpi.c b/lib/x509/mpi.c
<br>index dc18eaa..aad7312 100644
<br>--- a/lib/x509/mpi.c
<br>+++ b/lib/x509/mpi.c
<br>@@ -380,14 +380,14 @@ _gnutls_x509_write_rsa_params (bigint_t * params, int params_size,
<br> return _gnutls_asn2err (result);
<br> }
<br>
<br>- result = _gnutls_x509_write_int (spk, "modulus", params[0], 0);
<br>+ result = _gnutls_x509_write_int (spk, "modulus", params[0], 1);
<br> if (result < 0)
<br> {
<br> gnutls_assert ();
<br> goto cleanup;
<br> }
<br>
<br>- result = _gnutls_x509_write_int (spk, "publicExponent", params[1], 0);
<br>+ result = _gnutls_x509_write_int (spk, "publicExponent", params[1], 1);
<br> if (result < 0)
<br> {
<br> gnutls_assert ();
<br>@@ -448,36 +448,15 @@ _gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name,
<br> _gnutls_str_cpy (name, sizeof (name), dst_name);
<br> _gnutls_str_cat (name, sizeof (name), ".parameters");
<br>
<br>- if (pk_algorithm == GNUTLS_PK_DSA)
<br>- {
<br>- result = _gnutls_x509_write_dsa_params (params, params_size, &der);
<br>- if (result < 0)
<br>- {
<br>- gnutls_assert ();
<br>- return result;
<br>- }
<br>+ result = asn1_write_value (dst, name, NULL, 0);
<br>
<br>- result = asn1_write_value (dst, name, der.data, der.size);
<br>- _gnutls_free_datum (&der);
<br>-
<br>- if (result != ASN1_SUCCESS)
<br>- {
<br>- gnutls_assert ();
<br>- return _gnutls_asn2err (result);
<br>- }
<br>- }
<br>- else
<br>- { /* RSA */
<br>- result = asn1_write_value (dst, name, NULL, 0);
<br>-
<br>- if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND)
<br>- {
<br>- /* Here we ignore the element not found error, since this
<br>- * may have been disabled before.
<br>- */
<br>- gnutls_assert ();
<br>- return _gnutls_asn2err (result);
<br>- }
<br>+ if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND)
<br>+ {
<br>+ /* Here we ignore the element not found error, since this
<br>+ * may have been disabled before.
<br>+ */
<br>+ gnutls_assert ();
<br>+ return _gnutls_asn2err (result);
<br> }
<br>
<br> return 0;
<br>@@ -514,21 +493,21 @@ _gnutls_x509_write_dsa_params (bigint_t * params, int params_size,
<br> return _gnutls_asn2err (result);
<br> }
<br>
<br>- result = _gnutls_x509_write_int (spk, "p", params[0], 0);
<br>+ result = _gnutls_x509_write_int (spk, "p", params[0], 1);
<br> if (result < 0)
<br> {
<br> gnutls_assert ();
<br> goto cleanup;
<br> }
<br>
<br>- result = _gnutls_x509_write_int (spk, "q", params[1], 0);
<br>+ result = _gnutls_x509_write_int (spk, "q", params[1], 1);
<br> if (result < 0)
<br> {
<br> gnutls_assert ();
<br> goto cleanup;
<br> }
<br>
<br>- result = _gnutls_x509_write_int (spk, "g", params[2], 0);
<br>+ result = _gnutls_x509_write_int (spk, "g", params[2], 1);
<br> if (result < 0)
<br> {
<br> gnutls_assert ();
<br>@@ -580,7 +559,7 @@ _gnutls_x509_write_dsa_public_key (bigint_t * params, int params_size,
<br> return _gnutls_asn2err (result);
<br> }
<br>
<br>- result = _gnutls_x509_write_int (spk, "", params[3], 0);
<br>+ result = _gnutls_x509_write_int (spk, "", params[3], 1);
<br> if (result < 0)
<br> {
<br> gnutls_assert ();
<br><br />_______________________________________________
<br>Gnutls-devel mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26548811&i=0" target="_top" rel="nofollow">Gnutls-devel@...</a>
<br><a href="http://lists.gnu.org/mailman/listinfo/gnutls-devel" target="_top" rel="nofollow">http://lists.gnu.org/mailman/listinfo/gnutls-devel</a><br><p>From forum: <a href="http://old.nabble.com/GnuPG---Gnutls---Dev-f955.html" embed="fixTarget[955]" target="_top" >GnuPG - Gnutls - Dev</a></p>tag:old.nabble.com,2006:post-26541251Re: claws mail will not verify signatures2009-11-27T03:31:46Z2009-11-27T03:31:46ZBrad Rogers-----BEGIN PGP SIGNED MESSAGE-----
<br>Hash: SHA256
<br><br>On Wed, 25 Nov 2009 10:11:02 -0600
<br>Charles Blair <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26541251&i=0" target="_top" rel="nofollow">c-blair@...</a>> wrote:
<br><br>Hello Charles,
<br><br>> key. However, when I try to verify the signature on the test
<br>> message below, I get a message saying "timeout".
<br><br>Probably better asked on the CM ML, but as a starter, do you have the
<br>relevant plugins installed?
<br><br>- --
<br> Regards _
<br> / ) "The blindingly obvious is
<br> / _)rad never immediately apparent"
<br><br>Every single one of us
<br>Devil Inside - INXS
<br>-----BEGIN PGP SIGNATURE-----
<br>Version: GnuPG v1.4.10 (GNU/Linux)
<br><br>iQEcBAEBCAAGBQJLD7iiAAoJEEvDbGwXTTHBoWUH/R+HA+L2UneZ6vNhggdn4G1F
<br>iF2epSPcbToPjlNVSrsd3Xb/YjvY0IzSZ8imLdBMsz+ZZ3Oza1lt14WFRF8Fcuhp
<br>WdbGA5mK/n137WHLHvTamtrmY5FOAWqMACQzQKzfm2fUTLH4S/5i7/PPIoQymzVB
<br>bDNZKtL6zDM8rKwPwkiG+uGv3STsmMsbIW4SvQZHevJxPC0lSO4xxtr+7o+tuLdb
<br>ysZsWaNfPakJgyMZneysnaus9gLKGm215low04dEyj1engwvq3Ply2QSC6Nh/irh
<br>GyKbHjRF3RjtaN2ULrPf8b25Z+rvV9jdAwxKIKVe2mXqbMSeVk3DvhOkHZYyBo8=
<br>=UpVC
<br>-----END PGP SIGNATURE-----
<br>_______________________________________________
<br>Gnupg-users mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26541251&i=1" target="_top" rel="nofollow">Gnupg-users@...</a>
<br><a href="http://lists.gnupg.org/mailman/listinfo/gnupg-users" target="_top" rel="nofollow">http://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br><p>From forum: <a href="http://old.nabble.com/GnuPG---User-f959.html" embed="fixTarget[959]" target="_top" >GnuPG - User</a></p>tag:old.nabble.com,2006:post-26535703Re: Help required for CSR validation2009-11-26T14:27:11Z2009-11-26T14:27:11ZNikos MavrogiannopoulosBoyan Kasarov wrote:
<br>> Hello,
<br>>
<br>> Soory for the short answer. Without the patch both RSA and DSA fail.
<br>> With the patch RSA works, but DSA still doesn't.
<br>>
<br>> I am attaching 3 CSR.
<br><br>Thank you. From a quick glimpse it seems there might be a problem with
<br>the certtool's dsa structure. I'll check it as soon as I can.
<br><br>regards,
<br>Nikos
<br><br><br>_______________________________________________
<br>Gnutls-devel mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26535703&i=0" target="_top" rel="nofollow">Gnutls-devel@...</a>
<br><a href="http://lists.gnu.org/mailman/listinfo/gnutls-devel" target="_top" rel="nofollow">http://lists.gnu.org/mailman/listinfo/gnutls-devel</a><br><p>From forum: <a href="http://old.nabble.com/GnuPG---Gnutls---Dev-f955.html" embed="fixTarget[955]" target="_top" >GnuPG - Gnutls - Dev</a></p>tag:old.nabble.com,2006:post-26533598Re: SCM dicussion (Re: Where is >libassuan-1.1.0)2009-11-26T10:51:09Z2009-11-26T10:51:09ZIngo KrabbeOn Thu, Nov 26, 2009 at 12:05:47PM +0100, Bernhard Reiter wrote:
<div class='shrinkable-quote'><br>> Am Montag, 23. November 2009 22:51:44 schrieb Ingo Krabbe:
<br>> > > What is wrong with <a href="http://cvs.gnupg.org" target="_top" rel="nofollow">http://cvs.gnupg.org</a> as stated on
<br>> > > <a href="http://www.gnupg.org" target="_top" rel="nofollow">http://www.gnupg.org</a> (download->cvs access).
<br>> >
<br>> > Some links are missing there: libassuan and libgpg-error as far as I can
<br>> > see now.
<br>>
<br>> The links on cvs.gnupg.org are just shortcusts and not complete, check the
<br>> selection box on top right of <a href="http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/" target="_top" rel="nofollow">http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/</a><br>> (An improvement could be to mention that the list of shortcuts is not complete
<br>> and to point the reader towards the selection box of the fulll version.)
</div><br>Yes, thats the one I searched for. Thanks.
<br><br>>
<br>> --
<br>> Managing Director - Owner: www.intevation.net (Free Software Company)
<br>> Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com.
<br>> Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
<br>> Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
<br><br><br><br>> _______________________________________________
<br>> Gnupg-devel mailing list
<br>> <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26533598&i=0" target="_top" rel="nofollow">Gnupg-devel@...</a>
<br>> <a href="http://lists.gnupg.org/mailman/listinfo/gnupg-devel" target="_top" rel="nofollow">http://lists.gnupg.org/mailman/listinfo/gnupg-devel</a><br><br><br>--
<br>i don't do signatures
<br><br>_______________________________________________
<br>Gnupg-devel mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26533598&i=1" target="_top" rel="nofollow">Gnupg-devel@...</a>
<br><a href="http://lists.gnupg.org/mailman/listinfo/gnupg-devel" target="_top" rel="nofollow">http://lists.gnupg.org/mailman/listinfo/gnupg-devel</a><br><p>From forum: <a href="http://old.nabble.com/GnuPG---Dev-f953.html" embed="fixTarget[953]" target="_top" >GnuPG - Dev</a></p>tag:old.nabble.com,2006:post-26530402Re: Piotr Bratkowski <pioterbrat@o2.pl>2009-11-26T06:35:49Z2009-11-26T06:35:49ZWerner KochOn Thu, 26 Nov 2009 12:27:04 +0100, Piotr Bratkowski <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26530402&i=0" target="_top" rel="nofollow">pioterbrat@...</a>> wrote:
<br><br>> I need to invoke trust command but from linux shell. I was thinking that
<br>> this will do:
<br>> gpg --edit host_name trust 3
<br><br>You do not want to set the trust for a host_name; this is not a unique
<br>identifier for a key. Figure out the fingerprint and specify this
<br>one. Canned command as above usually don't work becuase there are so
<br>manhy things to care about.
<br><br>> It's in C so making it to write to stdin of gpg would be a lot of fuss,
<br>> as a command line I can simply use system function.
<br><br>In general you should not use system(3) in a program; even if it
<br>sounds to be simple. Getting the quoting right is not easy. Passing
<br>suff via stin to another process is pretty easy: popen(3) does this.
<br>However, popen has the same problems as system has.
<br><br>> So my question is is it possible?? If yes how??
<br><br>Use gpgme and the edit callback. An example on how to do is is
<br>gpgme/tests/gpg/t-edit.c .
<br><br><br>Shalom-Salam,
<br><br> Werner
<br><br><br>_______________________________________________
<br>Gnupg-users mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26530402&i=1" target="_top" rel="nofollow">Gnupg-users@...</a>
<br><a href="http://lists.gnupg.org/mailman/listinfo/gnupg-users" target="_top" rel="nofollow">http://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br><p>From forum: <a href="http://old.nabble.com/GnuPG---User-f959.html" embed="fixTarget[959]" target="_top" >GnuPG - User</a></p>tag:old.nabble.com,2006:post-26529433Re: gpg trust from command line2009-11-26T05:23:51Z2009-11-26T05:23:51Zkuttuani:-) :-) I am really happy to hear that it worked great for you also.... :-)<br><br><div class="gmail_quote">On Thu, Nov 26, 2009 at 6:46 PM, Piotr Bratkowski <span dir="ltr"><<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26529433&i=0" target="_top" rel="nofollow">pioterbrat@...</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hello,<br>
<br>
Thanks, you have just rescued me :). It is working really great.<br>
<br>
Regards,<br>
Piotr Bratkowski<br>
<br>
<br>
<br>
Rahul R pisze:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="im">
Hi,<br>
<br>
I have done the trusting part automated on my linux box like the following. Give a try anyways and let me know whether it was helpful or not. I did many google search and could not find any method described for this. The following method worked gr8 for me and is the one which I created myself ;-).<br>
<br>
For trusting it as 3, use 4 and for 5, use 6 and so on...<br>
<br></div>
1. gpg --import <a href="http://key.pk" target="_blank" rel="nofollow">key.pk</a> <<a href="http://key.pk" target="_blank" rel="nofollow">http://key.pk</a>> - Import your key<br>
2. echo $(gpg --list-keys --with-fingerprint --with-colons | tail<div class="im"><br>
-2 | head -1 | tr -s ":" ":"| cut -d ":" -f2):4: ><br>
/tmp/somefile1 - take the finger print and copy to a temp file.<br></div>
3. gpg --import-ownertrust < /tmp/somefile1 - import the finger<div class="im"><br>
print to the trust data base. Done!!!!<br>
<br>
You can check the trusting part by typing the below command<br>
<br></div>
1. gpg --export-ownertrust<div class="im"><br>
<br>
<br>
On Thu, Nov 26, 2009 at 4:57 PM, Piotr Bratkowski <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26529433&i=1" target="_top" rel="nofollow">pioterbrat@...</a> <mailto:<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26529433&i=2" target="_top" rel="nofollow">pioterbrat@...</a>>> wrote:<br>
<br>
Hello,<br>
<br>
I need to invoke trust command but from linux shell. I was<br>
thinking that this will do:<br>
gpg --edit host_name trust 3<br>
<br>
to set my trust marginal for host_name, but it didn't, it took me<br>
to the gpg command line.<br>
<br>
I need this becouse I'm currently writing program that is using<br>
gpg. It's in C so making it to write to stdin of gpg would be a<br>
lot of fuss, as a command line I can simply use system function.<br>
<br>
So my question is is it possible?? If yes how??<br>
<br>
Regards,<br>
Piotr Bratkowski<br>
<br>
_______________________________________________<br>
Gnupg-users mailing list<br></div>
<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26529433&i=3" target="_top" rel="nofollow">Gnupg-users@...</a> <mailto:<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26529433&i=4" target="_top" rel="nofollow">Gnupg-users@...</a>><div class="im"><br>
<a href="http://lists.gnupg.org/mailman/listinfo/gnupg-users" target="_blank" rel="nofollow">http://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br>
<br>
<br>
<br>
<br>
-- <br>
Thanks,<br>
Regards,<br>
Rahul R<br>
Mob: 09008030921<br>
</div></blockquote>
<br>
</blockquote></div><br><br clear="all"><br>-- <br>Thanks,<br>Regards,<br>Rahul R<br>Mob: 09008030921<br>
<br />_______________________________________________
<br>Gnupg-users mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26529433&i=5" target="_top" rel="nofollow">Gnupg-users@...</a>
<br><a href="http://lists.gnupg.org/mailman/listinfo/gnupg-users" target="_top" rel="nofollow">http://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br><p>From forum: <a href="http://old.nabble.com/GnuPG---User-f959.html" embed="fixTarget[959]" target="_top" >GnuPG - User</a></p>tag:old.nabble.com,2006:post-26529207Re: gpg trust from command line2009-11-26T05:02:53Z2009-11-26T05:02:53ZkuttuaniHi,<br><br>I have done the trusting part automated on my linux box like the following. Give a try anyways and let me know whether it was helpful or not. I did many google search and could not find any method described for this. The following method worked gr8 for me and is the one which I created myself ;-).<br>
<br>For trusting it as 3, use 4 and for 5, use 6 and so on...<br><br><ol><li>gpg --import <a href="http://key.pk" target="_top" rel="nofollow">key.pk</a> - Import your key<br></li><li>echo $(gpg --list-keys --with-fingerprint --with-colons | tail -2 | head -1 | tr -s ":" ":"| cut -d ":" -f2):4: > /tmp/somefile1 - take the finger print and copy to a temp file.<br>
</li><li> gpg --import-ownertrust < /tmp/somefile1 - import the finger print to the trust data base. Done!!!!<br></li></ol>You can check the trusting part by typing the below command<br><ol><li> gpg --export-ownertrust</li>
</ol><br><div class="gmail_quote">On Thu, Nov 26, 2009 at 4:57 PM, Piotr Bratkowski <span dir="ltr"><<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26529207&i=0" target="_top" rel="nofollow">pioterbrat@...</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hello,<br>
<br>
I need to invoke trust command but from linux shell. I was thinking that this will do:<br>
gpg --edit host_name trust 3<br>
<br>
to set my trust marginal for host_name, but it didn't, it took me to the gpg command line.<br>
<br>
I need this becouse I'm currently writing program that is using gpg. It's in C so making it to write to stdin of gpg would be a lot of fuss, as a command line I can simply use system function.<br>
<br>
So my question is is it possible?? If yes how??<br>
<br>
Regards,<br>
Piotr Bratkowski<br>
<br>
_______________________________________________<br>
Gnupg-users mailing list<br>
<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26529207&i=1" target="_top" rel="nofollow">Gnupg-users@...</a><br>
<a href="http://lists.gnupg.org/mailman/listinfo/gnupg-users" target="_blank" rel="nofollow">http://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br>
</blockquote></div><br><br clear="all"><br>-- <br>Thanks,<br>Regards,<br>Rahul R<br>Mob: 09008030921<br>
<br />_______________________________________________
<br>Gnupg-users mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26529207&i=2" target="_top" rel="nofollow">Gnupg-users@...</a>
<br><a href="http://lists.gnupg.org/mailman/listinfo/gnupg-users" target="_top" rel="nofollow">http://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br><p>From forum: <a href="http://old.nabble.com/GnuPG---User-f959.html" embed="fixTarget[959]" target="_top" >GnuPG - User</a></p>tag:old.nabble.com,2006:post-26528861gpg trust from command line2009-11-26T03:27:04Z2009-11-26T03:27:04ZPiotr-23Hello,
<br><br>I need to invoke trust command but from linux shell. I was thinking that
<br>this will do:
<br>gpg --edit host_name trust 3
<br><br>to set my trust marginal for host_name, but it didn't, it took me to the
<br>gpg command line.
<br><br>I need this becouse I'm currently writing program that is using gpg.
<br>It's in C so making it to write to stdin of gpg would be a lot of fuss,
<br>as a command line I can simply use system function.
<br><br>So my question is is it possible?? If yes how??
<br><br>Regards,
<br>Piotr Bratkowski
<br><br>_______________________________________________
<br>Gnupg-users mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26528861&i=0" target="_top" rel="nofollow">Gnupg-users@...</a>
<br><a href="http://lists.gnupg.org/mailman/listinfo/gnupg-users" target="_top" rel="nofollow">http://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br><p>From forum: <a href="http://old.nabble.com/GnuPG---User-f959.html" embed="fixTarget[959]" target="_top" >GnuPG - User</a></p>tag:old.nabble.com,2006:post-26527806SCM dicussion (Re: Where is >libassuan-1.1.0)2009-11-26T03:05:47Z2009-11-26T03:05:47ZBugzilla from bernhard@intevation.deAm Montag, 23. November 2009 22:51:44 schrieb Ingo Krabbe:
<br>> > What is wrong with <a href="http://cvs.gnupg.org" target="_top" rel="nofollow">http://cvs.gnupg.org</a> as stated on
<br>> > <a href="http://www.gnupg.org" target="_top" rel="nofollow">http://www.gnupg.org</a> (download->cvs access).
<br>>
<br>> Some links are missing there: libassuan and libgpg-error as far as I can
<br>> see now.
<br><br>The links on cvs.gnupg.org are just shortcusts and not complete, check the
<br>selection box on top right of <a href="http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/" target="_top" rel="nofollow">http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/</a><br>(An improvement could be to mention that the list of shortcuts is not complete
<br>and to point the reader towards the selection box of the fulll version.)
<br><br>--
<br>Managing Director - Owner: www.intevation.net (Free Software Company)
<br>Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com.
<br>Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
<br>Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
<br><br /> <br />_______________________________________________
<br>Gnupg-devel mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527806&i=0" target="_top" rel="nofollow">Gnupg-devel@...</a>
<br><a href="http://lists.gnupg.org/mailman/listinfo/gnupg-devel" target="_top" rel="nofollow">http://lists.gnupg.org/mailman/listinfo/gnupg-devel</a><br><div class="small"><br/><img src="http://old.nabble.com/images/icon_attachment.gif" > <strong>smime.p7s</strong> (3K) <a href="http://old.nabble.com/attachment/26527806/0/smime.p7s" target="_top">Download Attachment</a></div><p>From forum: <a href="http://old.nabble.com/GnuPG---Dev-f953.html" embed="fixTarget[953]" target="_top" >GnuPG - Dev</a></p>tag:old.nabble.com,2006:post-26527201Re: gnutls-2.2.1 fails to build on HP-UX2009-11-26T02:18:19Z2009-11-26T02:18:19ZSimon Josefsson-2"Dr. David Kirkby" <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527201&i=0" target="_top" rel="nofollow">david.kirkby@...</a>> writes:
<br><br>> In the Sage project, gnutls is causing a problem on both OpenSolaris
<br>> and HP-UX. The latter is not a supported OS, but I have tried building
<br>> parts of Sage on it.
<br>>
<br>> This is the HP-UX error.
<br>>
<br>> <a href="http://trac.sagemath.org/sage_trac/ticket/7511" target="_top" rel="nofollow">http://trac.sagemath.org/sage_trac/ticket/7511</a><br>>
<br>> Any thoughts why this may be happening?
<br><br>HP-UX doesn't have sockaddr_storage, but I believe gnulib should work
<br>around that problem -- however that is probably only in much more recent
<br>GnuTLS releases than the 2.2.1 that you used.
<br><br>> We tried a later version, and that was causing problems not only on
<br>> HP-UX and OpenSolaris, but also on Solaris 10 (SPARC).
<br><br>Details? The recent releases should work relatively fine on Solaris,
<br>we've merged several patches for it lately. Unless you back-port
<br>security fixes to 2.2.x, you want to use the 2.8.x release to get proper
<br>security fixes.
<br><br>> If any developer needs access to a Solaris 10 (SPARC) or HP-UX 11.11
<br>> (PA-RISC) processor, I can provide it. The SPARC is a newish 16-core
<br>> machine. The latter is an old machine I personally own, but do allow
<br>> others access to it.
<br><br>You sent me login info on this earlier (thanks!), but I haven't had time
<br>to test it yet -- will try to do it soon.
<br><br>/Simon
<br><br><br>_______________________________________________
<br>Gnutls-devel mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527201&i=1" target="_top" rel="nofollow">Gnutls-devel@...</a>
<br><a href="http://lists.gnu.org/mailman/listinfo/gnutls-devel" target="_top" rel="nofollow">http://lists.gnu.org/mailman/listinfo/gnutls-devel</a><br><p>From forum: <a href="http://old.nabble.com/GnuPG---Gnutls---Dev-f955.html" embed="fixTarget[955]" target="_top" >GnuPG - Gnutls - Dev</a></p>tag:old.nabble.com,2006:post-26523686Re: Fwd: Backup of private key2009-11-25T18:46:07Z2009-11-25T18:46:07ZRobert J. Hansen-3FederalHill wrote:
<br>> Would you define ascii-armored
<br><br>binary -> base64 conversion.
<br><br><a href="http://en.wikipedia.org/wiki/Base64" target="_top" rel="nofollow">http://en.wikipedia.org/wiki/Base64</a><br><br>_______________________________________________
<br>Gnupg-users mailing list
<br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26523686&i=0" target="_top" rel="nofollow">Gnupg-users@...</a>
<br><a href="http://lists.gnupg.org/mailman/listinfo/gnupg-users" target="_top" rel="nofollow">http://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br><p>From forum: <a href="http://old.nabble.com/GnuPG---User-f959.html" embed="fixTarget[959]" target="_top" >GnuPG - User</a></p>