Jameson Graef Rollins | 14 Sep 17:11 2014
Picon

command line server validation utility

Hey, folks.  During some recent validation agent debugging I wrote a
command line host validation utility that I imagine others might find
useful.  For a given URL, the utility will retrieve the cert from the
host, and feed it and the correct context data to msva-query-agent for
validation.  It currently works for https and ssh, but it could be
easily extended to include other contexts as well.

I've pasted an example of its usage below, with the script itself
attached.  If others think this would be useful, maybe we could include
it with the msva-perl distribution.

jamie.

servo:~ 0$ msva-check-host https://keys.mayfirst.org
context: https
host: keys.mayfirst.org
port: 443
pkctype: x509pem
cert:
-----BEGIN CERTIFICATE-----
MIIDmjCCAwOgAwIBAgIBTzANBgkqhkiG9w0BAQsFADCBjDEeMBwGA1UEChMVTWF5
IEZpcnN0L1Blb3BsZSBMaW5rMSAwHgYJKoZIhvcNAQkBFhFpbmZvQG1heWZpcnN0
Lm9yZzERMA8GA1UEBxMITmV3IFlvcmsxETAPBgNVBAgTCE5ldyBZb3JrMQswCQYD
VQQGEwJVUzEVMBMGA1UEAxMMTUZQTCBSb290IENBMB4XDTEzMTAzMDE0MDMwMloX
DTE1MTAzMDE0MDMwMlowIjEgMB4GA1UEAxMXemltbWVybWFubi5tYXlmaXJzdC5v
cmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAIMmSqdc3zhd1DkG4
AQ4pRcayI/et1cCrTAizMxRXPSJPtCEQci+sEi15/4jrG2Hg5Z+97IEn/+omddMJ
2ynG+K7RGOnTyzJAYw27gnHYtEgZds1VU12EGQcU9DLlUGmo6d2pDzHigDL/+F5T
KbffxqQBDTjyPt8xQZ2QBIpc1fG3N0KMIobz/XqO72hhM7XFNDdUpy/3GQIkE0J8
NnwXzmOwVwtLCIWqg30U1nixs9GVIIwUpyE4prOzPBnsFZ/mMBdEY3zM10dH4M/w
(Continue reading)

fr33domlover | 30 Apr 00:21 2014
Picon

Usage with mail server

Hello,

This is my first post here. I run an SSH server and a web server and I'm
very interested in using a peer-to-peer decentralized natural way to
handle trust.

Moneysphere already works with HTTPS and SSH as described in your
website, but I didn't find any information about:

- XMPP server (as far as I know, none exists yet but it's WIP)
- mail server

I'm going to run a mail server (first just IMAP, later I'll add SMTP)
and I'd like to not use an SSL certificate from a centralized source
which requires a lot of my private information for spying me and
verifying my identity etc.

Does moneysphere support mail serving?

I can imagine it may work for sending mail to the user, but what happens
if an SMTP server wants to send email to my IMAP server? How does the
SMTP server send me encrypted data if it cannot recognize my OpenPGP
based "certificate"?

If there's any approach waiting to be implemented or used, I don't mind
pioneering. Just tell me please how it works. Also, maybe I can help add
monkeysphere support to dovecot if it's not too difficult.

Thanks in advance!
Sincerely,
(Continue reading)

micah | 21 Apr 01:41 2014
Picon

Re: Archlinux Package

Profpatsch <mail <at> profpatsch.de> writes:

> On 14-04-10 06:21pm, Profpatsch wrote:
>> Since you are linking to a git package which is broken atm:
>> 
>> There is a package using the official releases at
>> https://aur.archlinux.org/packages/monkeysign/
>
> And I just became maintainer, so it’s up-to-date now, too.

If you would like to update the link on the page, the site is running
ikiwiki, a patch or a git remote would make the update real easy!

Gabriel Pérez-Cerezo | 30 Mar 13:23 2014
Picon

Monkeysphere integration in Links2

Hello,

I have changed my plans. I have stopped working on w3m and now I'm working on Links2,
as it has much more features and is more widely used. I will write you when it is
ready.

Best wishes,
Gabriel

--

-- 
Gabriel Pérez-Cerezo Flohr
Website: http://gpcf.eu  E-mail: gabriel <at> gpcf.eu
GPG Key: D353EC69 (get it from http://gpcf.eu/key.asc)

Gabriel Pérez-Cerezo | 23 Mar 17:47 2014
Picon

libmsv licensing

Hello,

as you may know, I'm working on a fork of the w3m browser which includes monkeysphere support. I have now got a
problem with the licensing. Libmsv is licensed under the GPLv3 and w3m under the MIT license, but as it is
linked to OpenSSL, it would need a linking exception, so I have to either link the GPL code from GPL+Linking
exception code or rewrite the entire SSL code using GNUtls.

Do you think that it is better to ask someone for a linking exception or rewrite the SSL code using GNUtls?

--

-- 
Gabriel Pérez-Cerezo Flohr
Website: http://gpcf.eu  E-mail: gabriel <at> gpcf.eu
GPG Key: D353EC69 (get it from http://gpcf.eu/key.asc)

isis agora lovecruft | 3 Jul 16:50 2013
Picon

gnupg-1.1.7, a Python GnuPG wrapper, is released on PyPI


Announcing the release of a more secure Python wrapper for GnuPG on PyPI.

About this release
------------------

This is the first stable release of a module (named 'gnupg' on PyPI)[0], which
originated as a fork of python-gnupg.[1] Several problems were found with the
upstream version, including a security vulnerability triggered by unvalidated
user input, and when used within networked code, can lead to remote arbitrary
code execution. Full notes of the audit can be found in the docs/ directory of
the git repo [2] and as orgmode→html [3] in the online documentation.

The new version [4] is incompatible with the old version, though the changes
required to upgrade for software depending on the old version should be
slight. Not to mention, the module is now extensively documented,[5] and
developed openly. It was downloaded nearly 1000 times on the first day it was
uploaded to PyPI.

To install:
$ [sudo] pip install gnupg

References:
[0]: https://pypi.python.org/gnupg/
[1]: https://code.google.com/p/python-gnupg/
[2]: https://github.com/isislovecruft/python-gnupg/raw/master/docs/NOTES-python-gnupg-3.1-audit.org
[3]: http://pythonhosted.org/gnupg/NOTES-python-gnupg-3.1-audit.html
[4]: https://github.com/isislovecruft/python-gnupg/
[5]: https://pythonhosted.org/gnupg/

(Continue reading)

intrigeri | 8 Feb 10:14 2013
Picon

Bug#677565: [monkeysphere] Bug#682518: Bug#677565: RC bugs in msva-perl

Hi,

Daniel Kahn Gillmor wrote (08 Feb 2013 05:48:55 GMT) :
> I've just pushed a proposed upstream msva-perl/0.8.1 targetted bugfix
> tag to git://lair.fifthhorseman.net/~dkg/msva-perl, and a "wheezy"
> branch that uses that and targets testing-proposed-updates.

Excellent! Thanks a lot.

> I've tested 0.8.1-1 on a wheezy system and it works for me.

I'm going to test it during a few days.

> I plan to upload it to t-p-u sometime tomorrow or the next day
> unless i hear from anyone that it didn't work for them.

Looks like a good plan, but I suggest waiting a bit longer for:

  1. You and someone else (I volunteer) to try the proposed package
     for a few days: given t-p-u uploads have no time to be tested in
     sid, we should be extra careful about them.
  2. A pre-approval from the release team, which is required by the
     current freeze policy before uploading to t-p-u.

Cheers,
--

-- 
  intrigeri
  | GnuPG key  <at>  https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint  <at>  https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc

(Continue reading)

Jameson Graef Rollins | 23 Jan 03:15 2012
Picon

update of xul-ext-monkeysphere package

Hey, folks.  I have just tagged/pushed version 0.6.1 of
xul-ext-monkeysphere, and 0.6.1-1 to Debian unstable.  This fixes the RC
bug related to iceweasel incompatibility [0].  The package should be
usable in testing/unstable again as soon as it falls through.

There are some other issues that we're going to need to sort out, so
hopefully we can push 0.7 soon.

Sorry for the delay getting to this.  Please report any issues to the
Debian BTS, or our upstream issue tracker [1].

jamie.

[0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=638585
[1] https://labs.riseup.net/code/projects/monkeysphere/issues
Jonas Smedegaard | 21 Jan 15:22 2012
Picon

Bug#656750: monkeysphere: does not honour TMPDIR

Package: monkeysphere
Version: 0.35-2
Severity: normal

On a system where I use libpam-tmpdir, monkeysphere fails:

root <at> jawa:~# LC_ALL=C monkeysphere-host p
Really publish key 'DD25548490229486D19B70741B036A6FCD886CCF' to pool.sks-keyservers.net? (Y/n) 
gpg: keyblock resource `/tmp/user/0/monkeysphere.qjIXSNyObe/secring.gpg': file open error
gpg: keyblock resource `/tmp/user/0/monkeysphere.qjIXSNyObe/pubring.gpg': file open error
gpg: no writable keyring found: eof
gpg: error reading `[stdin]': general error
gpg: import from `[stdin]' failed: general error

Overriding libpam-tmpdir makes monkeysphere succeed:

root <at> jawa:~# LC_ALL=C TMPDIR=/tmp monkeysphere-host p
Really publish key 'DD25548490229486D19B70741B036A6FCD886CCF' to pool.sks-keyservers.net? (Y/n) 
gpg: sending key CD886CCF to hkp server pool.sks-keyservers.net

I suspect this to be an indication that monkeysphere do not respect
$TMPDIR but always use /tmp.

 - Jonas

Hans-Christoph Steiner | 17 Dec 03:10 2011
Picon

parsing DSA keys from GPG


Anyone have any pointers on where to start to parse a GPG DSA public key block into its constituent bits?  I'm
looking at the keytrans perl code now, but my perl is weak.  pycrypto's RSA object has this nice
.importKey() method which the DSA object does not have.

.hc

----------------------------------------------------------------------------

Computer science is no more related to the computer than astronomy is related to the telescope.      -Edsger Dykstra

Jeffrey Burdges | 12 Dec 08:27 2011
Picon

user confusion


You guys maintain openpgp2ssh, right?

If so, you might consider elaborating on the "We cannot handle encrypted secret keys" error message
slightly, probably mentioning the commands  "gpg --edit-key …"  and  "ssh-keygen -f ~/.ssh/id_rsa -p". 
It came up here :

http://security.stackexchange.com/questions/9633/how-can-i-convert-my-encypted-pgp-secret-key-for-use-performing-ssh-authenticati/9634

I donno if you'd wish to recommend a trick for keeping the key form being written to disk unencrypted.

Enjoy!
Jeff Burdges

Gmane