Verification of Imad Faiad's PGP 6.5.8ckt - PGP

This is a discussion on Verification of Imad Faiad's PGP 6.5.8ckt - PGP ; >From ZEDZ NET I downloaded pgp6.5.8ckt08.zip. Inside that ZIP packet I found three files. They are: pgp658ckt08.exe pgp658ckt08.txt pgp658ckt08.zip.sig I unzipped that packet then double clicked pgp658ckt08.zip.sig and used my friend's PGP 8.1 in an attempt to to verify the ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Verification of Imad Faiad's PGP 6.5.8ckt

  1. Verification of Imad Faiad's PGP 6.5.8ckt

    >From ZEDZ NET I downloaded pgp6.5.8ckt08.zip. Inside that ZIP packet I
    found three files. They are:

    pgp658ckt08.exe
    pgp658ckt08.txt
    pgp658ckt08.zip.sig

    I unzipped that packet then double clicked pgp658ckt08.zip.sig and
    used my friend's PGP 8.1 in an attempt to to verify the integrity of
    the file called pgp6.5.8ckt08.zip. I received notification that Imad
    Faiad's signature for the ZIP file is BAD. Thinking I may have done
    something wrong, I repeated the process. In fact I repeated it several
    times and was always told that his signature is bad.

    Did I do something wrong or is the signature for that ZIP file
    really bad? And if it is bad, where can I find a reliable version of
    pgp658ckt08.exe?

    Can anyone tell me where I can find a .SIG file that will use
    Imad's public key (0x833F1BAD) to verify either pgp6.5.8ckt08.zip or
    pgp658ckt08.exe?

    Thanks,

    Bonito


  2. Re: Verification of Imad Faiad's PGP 6.5.8ckt

    bonito@gawab.com wrote:

    > Can anyone tell me where I can find a .SIG file that will use
    > Imad's public key (0x833F1BAD) to verify either pgp6.5.8ckt08.zip or
    > pgp658ckt08.exe?


    Sorry, I get the same results. I'm betting that Imad screwed up and
    signed a zip file, then added the detatched signature to the zip file
    he'd just signed, thus wrecking the hash. The signature is
    pgp658ckt08.ZIP.sig, where it should be pgp658ckt08.EXE.sig. If you
    download build 7, the file is named properly and the signature matches.

    You could always download and install 8, then put the build 9 beta patch
    over top of that. The build 9 beta signatures all match.

    It's too bad the ckt builds are no longer being maintained. I still
    mourn that loss. Sometimes it seems he was the only developer who was
    serious about security AND free (well, as in beer at least) software. I
    get the extreme itch every now and again to make a 'ckt' version of
    GnuPG. In the end I can't seem bring myself to do it, as I feel like it
    would be putting on extreme airs to use 'ckt' myself.

    C'est la vie.

    Kurt.

  3. Re: Verification of Imad Faiad's PGP 6.5.8ckt

    bonito@gawab.com wrote:
    > Can anyone tell me where I can find a .SIG file that will use
    > Imad's public key (0x833F1BAD) to verify either pgp6.5.8ckt08.zip or
    > pgp658ckt08.exe?


    The corrected file was posted on Imad's site back in the day. It was
    located at http://www.ipgpp.com/pgp658ckt08.exe.sig.txt. I don't know
    where you could find it now.

    CDA

  4. Re: Verification of Imad Faiad's PGP 6.5.8ckt

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    Kurt Fitzner (kfitzner at excelcia period org) wrote:
    > bonito@gawab.com wrote:
    >
    > > Can anyone tell me where I can find a .SIG file that

    will use
    > > Imad's public key (0x833F1BAD) to verify either

    pgp6.5.8ckt08.zip
    > > or pgp658ckt08.exe?


    >You could always download and install 8, then put the build 9

    beta >patch over top of that. The build 9 beta signatures all
    match.

    you can download and install 9 beta 3 directly from here:
    ftp://ftp.zedz.net/pub/crypto/pgp/pgp60/pgp658_ckt/
    (click on the bottom line, pgp658ckt09b3.zip)

    the sig file for pgp658ckt09b3.exe is in the zip file
    and verifies for Imad's key

    the 09 beta's were _beta's_ only in the sense that they were
    made to deal with the gnupg secret key protection that was
    instituted at the time,
    but was not yet instituted by the official pgp builds,

    secret keys that would be generated in 9 beta 3 would not be
    able to be used in the earliest pgp 8 versions without a
    workaround of removing the passphrase, ... , etc.

    since pgp 8+, soon afterward, moved to the same newer secret
    key protection,
    then everything (gnupg and pgp 8+ ) was compatible with 9 beta
    3

    there was/is nothing else 'beta' about it,
    and it is better than 8, if you want to be compatible with the
    other implementations (gnupg and pgp 8+)

    you can even choose sha-256 and all the algorithms including
    blowfish

    the 'only' thing that is a 'problem' in 9 beta 3
    (and all the other 658ckt builds),
    is that it will 'crash' if trying to verify clearsigned files
    done with multple simultaneous signatures,
    multiple simultaneous signatures in armored signed files, or
    sign and encrypt files, are still ok)

    caveat:
    if you make a 'really large' key in (any) ckt version,
    and then import it into official pgp 9 beta,
    it will 'corrupt' the keyring, and disable signing
    in official pgp 9 beta
    (everything will go back to normal once you delete the key from
    the keyring)


    hth,
    vedaal

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.0 (MingW32) - WinPT 0.9.90
    Comment: Acts of Kindness better the World, and protect the Soul

    iQIVAwUBQjjHjFqiDIZqWJqXAQjZcBAAmk65p9eFBmZFDPT7nn Sa1tR56eHoYbAB
    pmBXJfLEK54IDOascu+ecYbpfSOe/G5DL0Dt3yHppa0n16s2W7jYarPelmo+XgLf
    7LmS09R27contITKCbANAHnfhiVuFPQ31WeC1zVThJzmn9FjJW MyUDpp5mxrT/pc
    wMEOmYEbrxZ548S3m9vOdRZjTftxrv6K6nOOfU5e9fZGrrkFTQ Rkh0EZouhyOHnF
    AyL97AZA6HsRXkHUxSYROZJKm4FDJZFvTIrTlXCnbCBp49K24L M/seTVu6VuGutP
    g+gSPhvIDdDmbOGfBX3y4XE1ExHr8KQgLqGDJbaZ/edKYQv5c3zov30i3rIyhjXX
    IPbgrcnda79nIcGbaWk2lDkXdrc0l+5UyjEjN+6x5QymmGXV39 v3R9wEY4cshvPz
    rMe9mWWgjP0q6cnFhYIIuWm70QeSM9PaUqdlPf7fA5Ss/m35VMU8bEk8UQ3GdBr+
    rRLAYkuuMTkMNNwUtPQbWRyqRYtLTV7xnLQ2O/j4YYDpkdGCRXSqS/8SbBBYHLGM
    Zt+CbFMF61lTrZxahw3hQSkAMicrRjUhKmIIyWsmPqx/HC9XLaHD68h45gnmaXSJ
    pvo8Q60q9HsvYwttnN9Ys5zg3bnVV75lf8db544LygT0ZwJI44 1eRWUhCYDYW3ip
    0ZpiyHJzimw=
    =45W2
    -----END PGP SIGNATURE-----


  5. Re: Verification of Imad Faiad's PGP 6.5.8ckt

    On 16 Mar 2005, bonito wrote:

    > Can anyone tell me where I can find a .SIG file that will use
    >Imad's public key (0x833F1BAD) to verify either pgp6.5.8ckt08.zip or
    >pgp658ckt08.exe?
    >
    >


    >pgp658ckt08.exe


    MD5 10A8D5BF746EBAF51FF0DFE69884A98C

    SHA1 20EA1D0F 3855EC12 E59FD1EB 6B7ABAA8 634F5A5E

    -----BEGIN PGP SIGNATURE-----
    Version: 6.5.8ckt http://www.ipgpp.com/

    iQEVAwUAPNIetLzDFxiDPxutAQHipwf+N2dc3NMHYI9VzY8pY5 jrDzy7T1ncN50r
    JfQ8OMfZJtiyh7mU3O7lgXVTA5Zu3xxs1BfdXbybGOK5VjzDbj isWzcuMuKeUkle
    F86oKGfPRhya6gONeft9xyFkHJsrXIZg2wTllhqn3iMd4g6ZfW uMKMBaRCaiHoPT
    bWaWa4NcYDXv5w4pnO6iPt2ywGS4fJr3GxUF2f/cBtMeoj5bZXfOCS7wahfJ/P9C
    BFz/QnZN8t4HZ9T06OjYeuiKrgMidolxaeguR8gLBJWO1K8JNgo7oB egiiw+SkYZ
    U5MaiE2RIe3EkeKOoVdA/d7iTFWfgrD68YMxYg0DsJotEpeXXlFD5g==
    =2pdY
    -----END PGP SIGNATURE-----



+ Reply to Thread