Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: GnuPG: users

List-packets help

 

 

GnuPG users RSS feed   Index | Next | Previous | View Threaded


john.gill at computer

Apr 5, 2012, 12:09 PM

Post #1 of 15 (1277 views)
Permalink
List-packets help

Please point me to a detailed explanation for the output of list-packets.
I have googled and read manuals, etc. but just can't seem to locate the
knowledge.

John


John at enigmail

Apr 5, 2012, 2:29 PM

Post #2 of 15 (1253 views)
Permalink
Re: List-packets help [In reply to]

John Gill wrote:
> Please point me to a detailed explanation for the output of
> list-packets. I have googled and read manuals, etc. but just can't seem
> to locate the knowledge.

RFC 4880 - OpenPGP Message Format
https://tools.ietf.org/html/rfc4880

You may run into values from

RFC 5581 - The Camellia Cipher in OpenPGP
https://tools.ietf.org/html/rfc5581

In a few months, there should, hopefully, be an additional RFC for Elliptic
Curve Cryptography in OpenPGP based on
http://www.ietf.org/internet-drafts/draft-jivsov-openpgp-ecc-11.txt

Kazu Yamamoto's excellent pgpdump tool and web interface may also be of value.
http://www.mew.org/~kazu/proj/pgpdump/en/
http://www.pgpdump.net/


HTH,
-John
--
John P. Clizbe Inet: John (a) Gingerbear DAWT net
SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or
mailto:pgp-public-keys [at] gingerbear?subject=HELP

Cowboy Haiku -- Reflections on Rodeo
So many Cowboys. / Round Wrangler butts drive me nuts. / Never enough rope.


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


dkg at fifthhorseman

Apr 5, 2012, 2:56 PM

Post #3 of 15 (1248 views)
Permalink
Re: List-packets help [In reply to]

On 04/05/2012 03:09 PM, John Gill wrote:
> Please point me to a detailed explanation for the output of list-packets.
> I have googled and read manuals, etc. but just can't seem to locate the
> knowledge.

the output of "gpg --list-packets" tends to make a lot of implicit
references to the tables and packet type information found in RFC 4880
and other standards.

https://tools.ietf.org/html/rfc4880

Are you looking for answers to a specific question? If so, you might
have better luck getting those answers by asking the question
explicitly; people on this list might be able to point you to the
relevant section of the standards, and to help you figure out how to
answer your own questions from reading the standards in the future.

hth,

--dkg
Attachments: signature.asc (1.01 KB)


wk at gnupg

Apr 6, 2012, 1:45 AM

Post #4 of 15 (1253 views)
Permalink
Re: List-packets help [In reply to]

On Thu, 5 Apr 2012 21:09, john.gill [at] computer said:
> Please point me to a detailed explanation for the output of list-packets.
> I have googled and read manuals, etc. but just can't seem to locate the
> knowledge.

There is no definitive reference because it does not make up a defined
interface. We may change the format at any time. To understand it, you
need to read RFC-4880 (OpenPGP) and probably also the GPG source. As
Daniel already pointed out, you may also ask here if you have a specific
question.



Shalom-Salam,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


john.gill at computer

Apr 6, 2012, 7:32 AM

Post #5 of 15 (1248 views)
Permalink
Re: List-packets help [In reply to]

Thank you all for your answers. I've been reading 2440, 4880, and trying
to read the source to several old and current versions of gnupg 1.x series
for some time. My question was an attempt to verify my understanding of
how the specific output was structured. There was sample pgpdump output
posted online that confirmed my assumptions and understanding about the
output from list-packets.

I am feeding the output of a list-packets for my keying into an awk script
to build a report on the keys and the preferences for each key.
With-colons doesn't provide enough detail for this report. I vaguely
remember reading several years back that the output from list packets was
subject to change between revisions. I'll have to include that risk in any
future maintenance of the report.

Of course, if there is a better way to extract all the preferences data,
using just the gpg program, please let me know.

Thank you,
John Gill


peter at digitalbrains

Apr 6, 2012, 9:31 AM

Post #6 of 15 (1252 views)
Permalink
Re: List-packets help [In reply to]

On 06/04/12 16:32, John Gill wrote:
> Of course, if there is a better way to extract all the preferences data,
> using just the gpg program, please let me know.

I just found this in the manual:

$ gpg --list-options show-sig-subpackets --with-colons --list-sigs KEYID

And I see for my own self signature:

sig:::1:AC46EFE6DE500B3E:2011-11-01::::Peter Lebbing
<peter [at] digitalbrains>:13x:
spk:30:1:1:%01
spk:27:1:1:%01
spk:23:1:1:%80
spk:22:1:3:%02%03%01
spk:21:1:3:%08%03%02
spk:16:0:8:%ACF%EF%E6%DEP%0B>
spk:11:1:5:%07%09%08%03%02
spk:9:1:4:%05%95%0A%03
spk:2:1:4:N%AF%D7%1D

Referring to RFC 4880, subpacket 11 is preferred symmetric algorithms,
for example. But you need to parse the quoted octets that follow it. For
subpacket 11, this is rather trivial, since %07%09%08%03%02 just means
"S7 S9 S8 S3 S2" as preference string (each octet a symmetric algorithm
number).

If you look at other strings, I see %ACF%EF... at subpacket 16, which is
a nice tricky example where the second octet appears to be 46 hex, ASCII
F. Since 16 is the issuer, it's no surprise the string expands to
AC46EFE6DE500B3E in hex, my long key id.

HTH,

Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


wk at gnupg

Apr 6, 2012, 10:14 AM

Post #7 of 15 (1250 views)
Permalink
Re: List-packets help [In reply to]

On Fri, 6 Apr 2012 16:32, john.gill [at] computer said:

> I am feeding the output of a list-packets for my keying into an awk script
> to build a report on the keys and the preferences for each key.

You wrongly assume that signatures are valid. --list-packets does not
tell you this.

> With-colons doesn't provide enough detail for this report. I vaguely

That's right. For what to you need this information?


Shalom-Salam,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


john.gill at computer

Apr 9, 2012, 7:52 AM

Post #8 of 15 (1233 views)
Permalink
Re: List-packets help [In reply to]

I'm assuming the the signatures indicate, roughly the set of options that
my recipients will not receive an error about ignored preferences. For
instance, symmetric algo 9 has been around for the last 10 years at least.
but if I force it on someone who doesn't have it as a preference, the
recipient will get a message about my ignoring preferences. For systems
that are automated, this message may have repercussions, depending on how
they were coded.

I'm identifying any recipients in my keyring that have preferences that
conflict with my disabling of specific algorithms and functions.

Thank you.
John
On Apr 6, 2012 12:15 PM, "Werner Koch" <wk [at] gnupg> wrote:
>
> On Fri, 6 Apr 2012 16:32, john.gill [at] computer said:
>
> > I am feeding the output of a list-packets for my keying into an awk
script
> > to build a report on the keys and the preferences for each key.
>
> You wrongly assume that signatures are valid. --list-packets does not
> tell you this.
>
> > With-colons doesn't provide enough detail for this report. I vaguely
>
> That's right. For what to you need this information?
>
>
> Shalom-Salam,
>
> Werner
>
> --
> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
>


dshaw at jabberwocky

Apr 9, 2012, 10:56 AM

Post #9 of 15 (1234 views)
Permalink
Re: List-packets help [In reply to]

On Apr 9, 2012, at 10:52 AM, John Gill wrote:

> I'm assuming the the signatures indicate, roughly the set of options that my recipients will not receive an error about ignored preferences. For instance, symmetric algo 9 has been around for the last 10 years at least. but if I force it on someone who doesn't have it as a preference, the recipient will get a message about my ignoring preferences. For systems that are automated, this message may have repercussions, depending on how they were coded.
>
> I'm identifying any recipients in my keyring that have preferences that conflict with my disabling of specific algorithms and functions.

You don't need to do that. GnuPG does it for you automatically. When encrypting to a particular set of user IDs, GPG ensures that the algorithms and features that are chosen are acceptable to all recipients.

In your example, if algo 9 (AES256) isn't available for a particular recipient, GPG will use something else.

David


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


john.gill at computer

Apr 9, 2012, 2:01 PM

Post #10 of 15 (1229 views)
Permalink
Re: List-packets help [In reply to]

I know that gpg chooses common algos between the sender and recipient.
(I've not tested what will happen with recipients who have no preferences
in common with my enabled algos, but that's a problem for a new day.) I'm
not trying to out-think the intelligence codified in the application. I am
analyzing my keyring contents to identify how using "disable-cipher-algo"
and similar options, may impact exchanges with my recipients.

My original question was to clarify my understanding of the output from
"list-packets", so I could finish writing out the report.

Thank you,
John
On Apr 9, 2012 1:16 PM, "David Shaw" <dshaw [at] jabberwocky> wrote:

> On Apr 9, 2012, at 10:52 AM, John Gill wrote:
>
> > I'm assuming the the signatures indicate, roughly the set of options
> that my recipients will not receive an error about ignored preferences.
> For instance, symmetric algo 9 has been around for the last 10 years at
> least. but if I force it on someone who doesn't have it as a preference,
> the recipient will get a message about my ignoring preferences. For systems
> that are automated, this message may have repercussions, depending on how
> they were coded.
> >
> > I'm identifying any recipients in my keyring that have preferences that
> conflict with my disabling of specific algorithms and functions.
>
> You don't need to do that. GnuPG does it for you automatically. When
> encrypting to a particular set of user IDs, GPG ensures that the algorithms
> and features that are chosen are acceptable to all recipients.
>
> In your example, if algo 9 (AES256) isn't available for a particular
> recipient, GPG will use something else.
>
> David
>
>


John at enigmail

Apr 9, 2012, 6:55 PM

Post #11 of 15 (1237 views)
Permalink
Re: List-packets help [In reply to]

John Gill wrote:
> I know that gpg chooses common algos between the sender and recipient.
> (I've not tested what will happen with recipients who have no
> preferences in common with my enabled algos, but that's a problem for a
> new day.)

3DES will be used. That's why it is an implementation MUST in the RFCs

--
John P. Clizbe Inet: John (a) Gingerbear DAWT net
SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or
mailto:pgp-public-keys [at] gingerbear?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


john.gill at computer

Apr 10, 2012, 7:05 AM

Post #12 of 15 (1229 views)
Permalink
Re: List-packets help [In reply to]

On Apr 9, 2012 8:57 PM, "John Clizbe" <John [at] enigmail> wrote:
>
> John Gill wrote:
> > I know that gpg chooses common algos between the sender and recipient.
> > (I've not tested what will happen with recipients who have no
> > preferences in common with my enabled algos, but that's a problem for a
> > new day.)
>
> 3DES will be used. That's why it is an implementation MUST in the RFCs
>

Thank you for that knowledge. Saves time.

John

> --
> John P. Clizbe Inet: John (a) Gingerbear DAWT net
> SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net
> FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or
> mailto:pgp-public-keys [at] gingerbear?subject=HELP
>
> Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
> A:"An odd melody / island voices on the winds / surplus of vowels"
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users [at] gnupg
> http://lists.gnupg.org/mailman/listinfo/gnupg-users


john.gill at computer

Apr 10, 2012, 7:09 AM

Post #13 of 15 (1225 views)
Permalink
Re: List-packets help [In reply to]

On Apr 6, 2012 12:15 PM, "Werner Koch" <wk [at] gnupg> wrote:
>
> On Fri, 6 Apr 2012 16:32, john.gill [at] computer said:
>
> > I am feeding the output of a list-packets for my keying into an awk
script
> > to build a report on the keys and the preferences for each key.
>
> You wrongly assume that signatures are valid. --list-packets does not
> tell you this.
>

Could you help me understand what you are referring to?

Thank you.
John

> > With-colons doesn't provide enough detail for this report. I vaguely
>
> That's right. For what to you need this information?
>
>
> Shalom-Salam,
>
> Werner
>
> --
> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
>


rjh at sixdemonbag

Apr 10, 2012, 7:36 AM

Post #14 of 15 (1231 views)
Permalink
Re: List-packets help [In reply to]

On 4/10/12 10:09 AM, John Gill wrote:
>> You wrongly assume that signatures are valid. --list-packets does not
>> tell you this.
>
> Could you help me understand what you are referring to?

I am, of course, not Werner, but let's see if I can't take a stab at it.

All --list-packets does is take the input, in a human-unreadable format,
and transform it into a human-readable format. It performs none of the
computationally expensive mathematics that are required to validate the
message.


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


john.gill at computer

Apr 10, 2012, 10:44 AM

Post #15 of 15 (1224 views)
Permalink
Re: List-packets help [In reply to]

> I am, of course, not Werner, but let's see if I can't take a stab at it.
>
> All --list-packets does is take the input, in a human-unreadable format,
> and transform it into a human-readable format. It performs none of the
> computationally expensive mathematics that are required to validate the
> message.
>

The keyring in question is closely held. All keys have been directly
verified, out-of-channel, with the key owner prior to inclusion in the
keyring. Using the data obtained by listing the keyring packets seems
reasonable.

Thank you.
John

GnuPG users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.