bonito@gawab.com wrote:

> Can anyone tell me where I can find a .SIG file that will use
> Imad's public key (0x833F1BAD) to verify either pgp6.5.8ckt08.zip or
> pgp658ckt08.exe?

Sorry, I get the same results. I'm betting that Imad screwed up and
signed a zip file, then added the detatched signature to the zip file
he'd just signed, thus wrecking the hash. The signature is
pgp658ckt08.ZIP.sig, where it should be pgp658ckt08.EXE.sig. If you
download build 7, the file is named properly and the signature matches.

You could always download and install 8, then put the build 9 beta patch
over top of that. The build 9 beta signatures all match.

It's too bad the ckt builds are no longer being maintained. I still
mourn that loss. Sometimes it seems he was the only developer who was
serious about security AND free (well, as in beer at least) software. I
get the extreme itch every now and again to make a 'ckt' version of
GnuPG. In the end I can't seem bring myself to do it, as I feel like it
would be putting on extreme airs to use 'ckt' myself.

C'est la vie.

Kurt.

bonito@gawab.com wrote:
> Can anyone tell me where I can find a .SIG file that will use
> Imad's public key (0x833F1BAD) to verify either pgp6.5.8ckt08.zip or
> pgp658ckt08.exe?

The corrected file was posted on Imad's site back in the day. It was
located at http://www.ipgpp.com/pgp658ckt08.exe.sig.txt. I don't know
where you could find it now.

CDA

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Kurt Fitzner (kfitzner at excelcia period org) wrote:
> bonito@gawab.com wrote:
>
> > Can anyone tell me where I can find a .SIG file that
will use
> > Imad's public key (0x833F1BAD) to verify either
pgp6.5.8ckt08.zip
> > or pgp658ckt08.exe?

>You could always download and install 8, then put the build 9
beta >patch over top of that. The build 9 beta signatures all
match.

you can download and install 9 beta 3 directly from here:
ftp://ftp.zedz.net/pub/crypto/pgp/pgp60/pgp658_ckt/
(click on the bottom line, pgp658ckt09b3.zip)

the sig file for pgp658ckt09b3.exe is in the zip file
and verifies for Imad's key

the 09 beta's were _beta's_ only in the sense that they were
made to deal with the gnupg secret key protection that was
instituted at the time,
but was not yet instituted by the official pgp builds,

secret keys that would be generated in 9 beta 3 would not be
able to be used in the earliest pgp 8 versions without a
workaround of removing the passphrase, ... , etc.

since pgp 8+, soon afterward, moved to the same newer secret
key protection,
then everything (gnupg and pgp 8+ ) was compatible with 9 beta
3

there was/is nothing else 'beta' about it,
and it is better than 8, if you want to be compatible with the
other implementations (gnupg and pgp 8+)

you can even choose sha-256 and all the algorithms including
blowfish

the 'only' thing that is a 'problem' in 9 beta 3
(and all the other 658ckt builds),
is that it will 'crash' if trying to verify clearsigned files
done with multple simultaneous signatures,
multiple simultaneous signatures in armored signed files, or
sign and encrypt files, are still ok)

caveat:
if you make a 'really large' key in (any) ckt version,
and then import it into official pgp 9 beta,
it will 'corrupt' the keyring, and disable signing
in official pgp 9 beta
(everything will go back to normal once you delete the key from
the keyring)


hth,
vedaal

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32) - WinPT 0.9.90
Comment: Acts of Kindness better the World, and protect the Soul

iQIVAwUBQjjHjFqiDIZqWJqXAQjZcBAAmk65p9eFBmZFDPT7nn Sa1tR56eHoYbAB
pmBXJfLEK54IDOascu+ecYbpfSOe/G5DL0Dt3yHppa0n16s2W7jYarPelmo+XgLf
7LmS09R27contITKCbANAHnfhiVuFPQ31WeC1zVThJzmn9FjJW MyUDpp5mxrT/pc
wMEOmYEbrxZ548S3m9vOdRZjTftxrv6K6nOOfU5e9fZGrrkFTQ Rkh0EZouhyOHnF
AyL97AZA6HsRXkHUxSYROZJKm4FDJZFvTIrTlXCnbCBp49K24L M/seTVu6VuGutP
g+gSPhvIDdDmbOGfBX3y4XE1ExHr8KQgLqGDJbaZ/edKYQv5c3zov30i3rIyhjXX
IPbgrcnda79nIcGbaWk2lDkXdrc0l+5UyjEjN+6x5QymmGXV39 v3R9wEY4cshvPz
rMe9mWWgjP0q6cnFhYIIuWm70QeSM9PaUqdlPf7fA5Ss/m35VMU8bEk8UQ3GdBr+
rRLAYkuuMTkMNNwUtPQbWRyqRYtLTV7xnLQ2O/j4YYDpkdGCRXSqS/8SbBBYHLGM
Zt+CbFMF61lTrZxahw3hQSkAMicrRjUhKmIIyWsmPqx/HC9XLaHD68h45gnmaXSJ
pvo8Q60q9HsvYwttnN9Ys5zg3bnVV75lf8db544LygT0ZwJI44 1eRWUhCYDYW3ip
0ZpiyHJzimw=
=45W2
-----END PGP SIGNATURE-----

On 16 Mar 2005, bonito wrote:

> Can anyone tell me where I can find a .SIG file that will use
>Imad's public key (0x833F1BAD) to verify either pgp6.5.8ckt08.zip or
>pgp658ckt08.exe?
>
>

>pgp658ckt08.exe

MD5 10A8D5BF746EBAF51FF0DFE69884A98C

SHA1 20EA1D0F 3855EC12 E59FD1EB 6B7ABAA8 634F5A5E

-----BEGIN PGP SIGNATURE-----
Version: 6.5.8ckt http://www.ipgpp.com/

iQEVAwUAPNIetLzDFxiDPxutAQHipwf+N2dc3NMHYI9VzY8pY5 jrDzy7T1ncN50r
JfQ8OMfZJtiyh7mU3O7lgXVTA5Zu3xxs1BfdXbybGOK5VjzDbj isWzcuMuKeUkle
F86oKGfPRhya6gONeft9xyFkHJsrXIZg2wTllhqn3iMd4g6ZfW uMKMBaRCaiHoPT
bWaWa4NcYDXv5w4pnO6iPt2ywGS4fJr3GxUF2f/cBtMeoj5bZXfOCS7wahfJ/P9C
BFz/QnZN8t4HZ9T06OjYeuiKrgMidolxaeguR8gLBJWO1K8JNgo7oB egiiw+SkYZ
U5MaiE2RIe3EkeKOoVdA/d7iTFWfgrD68YMxYg0DsJotEpeXXlFD5g==
=2pdY
-----END PGP SIGNATURE-----