Re: ECC - how does it compare
Hi! Hardeep Singh schrieb: Its a tool for public key encryption using ECC rather than prime number factoring. AFAIK, some of the really efficient algorithms for the required math are patented. cu, Sven ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: script to clean my keyring
Hi John, thank you for the answer how to clean my key ring: How about doing it this way: cp pubring.gpg pubring.tmp gpg --import-options import-clean --import pubring.tmp === 1 === This will make a clean import to the current pubring.gpg but will this help? Will these keys which are imported overwrite the keys in the current pubkey.gpg? Or would I need to start whith a striped which only contains my selfsignature? gpg --keyserver-options import-clean \ --keyserver pool.sks-keyservers.org refresh-keys === 2=== I like to keep my key ring updated, what about this: I run on a frequent basis: # Assumption is that the key is currently clean cp pubring.gpg pubring.bakTIMESTAMP gpg --keyserver-options import-clean \ --keyserver pool.sks-keyservers.org refresh-keys cp pubring.gpg pubring.tmp gpg --import-options import-clean --import pubring.tmp Thanks a lot Michael ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ECC - how does it compare
Sven Radde wrote: Hi! Hardeep Singh schrieb: Its a tool for public key encryption using ECC rather than prime number factoring. AFAIK, some of the really efficient algorithms for the required math are patented. in that case these patents are only valid inside the US, since no EU country accepts patents on software or mathematical algorithms. cu, Sven ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 PGP Key fingerprint = 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end. -- Douglas Adams ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Smartcards and Mac OS/X
Seeing a thread about smart-cards finally got me to ask a couple of questions In a general question, what are the main reasons I would want to buy one? Are there decent Smart-Cards for Apple MacBooks ? thank you ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Smartcards and Mac OS/X
Robert D. wrote: In a general question, what are the main reasons I would want to buy one? Legal or employment reasons. Some people have smart card usage mandated to them. These people tend to be the primary users. Some people believe storing private keys on smart cards leads to better physical security than storing them on easily-stolen laptops or PCs. Others like to be able to carry their private key with them, so they can use it at whichever computer they happen to be at (as long as that computer has a card reader attached). The major drawbacks are that if your card reader breaks, your private key is inaccessible, and most smart cards are limited to RSA-1024 and a ridiculously small amount of supporting data. You will not be able to carry your keyring around with you on the card. Are there decent Smart-Cards for Apple MacBooks ? Smart cards are (mostly) interchangeable; there's a standard for how they're laid out and how they interface with smart card readers. The real question is whether there are good card readers for OS X. I can't help you with this; I don't use card readers, so I can't give any recommendations. However, a quick Google search for 'smart card reader OS X' returned some useful results in the first few links. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: beginner to gnupg
bjr149 wrote: C:\GNU\GnuPGgpg --export key name C:\GNU\GnuPG\public.key By default, GnuPG will export keys in binary format. This is more space-efficient, but is not readable to humans. (I don't think that's a big loss, given that the human-readable version isn't all that readable to humans, either.) Try: gpg --armor --export key name C:\GNU\GnuPG\public.key ... and it should work. Note that it's --armor --export, not --export --armor. The former will work fine. The latter will try to export a key named --armor, which will probably not work fine, unless your keyring has far more interesting people than mine. :) Can you have more than one key with the same name and a different user name? Yes. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: beginner to gnupg
On Tue, 30 Oct 2007 15:40, [EMAIL PROTECTED] said: Note that it's --armor --export, not --export --armor. The former will work fine. The latter will try to export a key named --armor, That is not correct. The ordering of options and commands does not matter. However mixing arguments (key name) and options/commands does not work as soon as the first non-option/command has been detected all following items are considered arguments. There is one caveat: If the first argument start with a dash it will be viewed as an option. To avoid this the sepcial option -- may be used which explicitly declares that all waht follows are arguments. Note that some options have option-arguments, e.g. gpg -r Alice -r Bob --encrypt file.txt Here Alice and Bob are arguments of the -r option. -r (or --recipient) requires an option and thus gpg expects this. As an alternative you may use gpg --recipient=Alice --recipient=Bob --encrypt file.txt And in scripts you would use gpg --recipient=Alice --recipient=Bob --encrypt -- $FILE so that you can even encrypt files with names like '--armor'. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GnuPG in Linux
Hi, In the pursuit of complicating my life with some fun, I have installed Linux Ubuntu 7.04 under Parallels 3.0 Mac build 5160 (in addition to Windows XP Pro). The current release of Ubuntu, 7.10 is not [yet] digested by Parallels, but eventually it will. Ubuntu 7.04 distribution came with GnuPG 1.4.6 already installed. After much searching and installing I finally got: - compiled 1.4.7 from source after installing 'build-essential', because the C compiler that came with that Ubuntu release was not suitable, by itself, to compile gnupg. - installed GPA and KGpg - imported my keyrings from gnupg/MacOS 10.4.10 (Leopard is still wandering in the jungle on its to my home), and reset the trust. My question, please help: where, how can I find and open, actually open and edit as required, gpg.conf? A ls search in .gnupg lists 'options'. I remember that gnupg.options was the ancestor of gpg.conf (probably before gnupg 1.2.*). Sorry if the question seems [is] silly, but I have a block. I have tried to use pico (nano), but I don't seem to strike the right commands. Thanks! Charly ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG in Linux
Charly Avital wrote: My question, please help: where, how can I find and open, actually open and edit as required, gpg.conf? A ls search in .gnupg lists 'options'. Dunno what that's doing there. You're right, it should be gpg.conf. The good news is most of your OS X Terminal.app skills will apply here. OS X 10.4 and 10.5 both use a program called 'bash' to provide a command line. So does Ubuntu. Prior to 10.4, OS X used tcsh instead of bash; if you're more comfortable with 10.0-10.3 behavior, talk to me off-list and we can get Ubuntu set up with tcsh. I'd suggest doing 'gedit ~/.gnupg/gpg.conf ' and just editing it that way. Gedit is the standard GNOME editor and should be much friendlier than using nano. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GnuPG in Linux
Hi, In the pursuit of complicating my life with some fun, I have installed Linux Ubuntu 7.04 under Parallels 3.0 Mac build 5160 (in addition to Windows XP Pro). The current release of Ubuntu, 7.10 is not [yet] digested by Parallels, but eventually it will. Ubuntu 7.04 distribution came with GnuPG 1.4.6 already installed. After much searching and installing I finally got: - compiled 1.4.7 from source after installing 'build-essential', because the C compiler that came with that Ubuntu release was not suitable, by itself, to compile gnupg. - installed GPA and KGpg - imported my keyrings from gnupg/MacOS 10.4.10 (Leopard is still wandering in the jungle on its to my home), and reset the trust. My question, please help: where, how can I find and open, actually open and edit as required, gpg.conf? A ls search in .gnupg lists 'options'. I remember that gnupg.options was the ancestor of gpg.conf (probably before gnupg 1.2.*). Sorry if the question seems [is] silly, but I have a block. I have tried to use pico (nano), but I don't seem to strike the right commands. Thanks! Charly signature.asc Description: This is a digitally signed message part ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG in Linux
Charly Avital wrote: My question, please help: where, how can I find and open, actually open and edit as required, gpg.conf? You have to create the file yourself and place it in ~/.gnupg. Robert suggested gedit, but if you have KDE (you mentioned that you installed kgpg), you can use Kate or KWrite (personally, I like Kate because KDE is pretty and GNOME is ugly IMO), but any of these (or a terminal-based editor if you want, or really, pretty much any text editor at all) will work. -- Windows NT 5.1.2600.2180 | Thunderbird 2.0.0.6 | Enigmail 0.95.5 | GPG 1.4.7 Key ID: 0xF88E034060A78FCB - available on major keyservers and upon request Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG in Linux
Charly Avital wrote: My question, please help: where, how can I find and open, actually open and edit as required, gpg.conf? A ls search in .gnupg lists 'options'. I remember that gnupg.options was the ancestor of gpg.conf (probably before gnupg 1.2.*). Just rename (mv) options to gpg.conf. Even that isn't strictly necessary AFAIK, as gpg will read the options file if no gpg.conf is found. Sorry if the question seems [is] silly, but I have a block. I have tried to use pico (nano), but I don't seem to strike the right commands. Does running nano ~/.gnupg/options fail in some way? -- ToddOpenPGP - KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~ Now, now my good man, this is no time for making enemies. -- Voltaire, on his deathbed in response to a priest asking that he renounce Satan. pgpj4y5wBps8a.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: script to clean my keyring
What causes your key-ring to become dirty or fragmented? Michael wrote: I like to clean my key ring automatically. I have put the attached lines together to do this. But something is wrong, the script shows the data which need to be changed but the update is not saved. Experts, what is wrong here?? for i in `gpg --list-keys --fixed-list-mode --with-colons | grep ^pub | cut -f5 -d:` ; do gpg --batch --yes --edit-key $i clean done How about doing it this way: cp pubring.gpg pubring.tmp gpg --import-options import-clean --import pubring.tmp And a general Question: I like to frequently run gpg --refresh-key and after this the above script, in case it works, to get rid of the overhead. Do you think this is a good idea to do so? gpg --keyserver-options import-clean \ --keyserver pool.sks-keyservers.org refresh-keys __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
A note to Atom Smasher [WAS: Subkey DSA signature changes...]
Atom, Going through the list archives, I came across a few of your postings that seem to indicate that you have more insight into the way subkey self-signatures are generated than what I can gather from the RFC. Arguably, it's one of the most confusing sections... http://lists.gnupg.org/pipermail/gnupg-users/2004-May/022511.html However, i didn't find any more posts from you explaining how did you manage to generate the missing self-signatures on your subkeys. I'd appreciate if you could share that knowledge with us... Since the signatures are computed from the hash of the key material (which differs in the secret and the public key packets), I'd suppose the secret subkey signature to be different from the public subkey signature. However, that doesn't seem to be the case. I found out that they actually have the same hash value. For some weird reason though, the signature itself is different in case of newly generated keys. But when importing from an exported private key or the secret keyring, the secret subkey signature is just copied over to the private keyring. Appreciate if you could offer some insight into this. Thanks! --- YYZ [EMAIL PROTECTED] wrote: Hi everyone! Can anyone exlain this strange gpg behavior, observed when I follow these steps? I use gpg to generate a key-pair using default options (1024D/2048g). Afterwards, I import the secret keyring into another account, and issue the following commands gpg --export and gpg --export-secret-key in both the accounts. I noticed that while the second command yeilds identical results, the output of the first command is slightly different in the two cases (actually, just the last 44 bytes). A little analysis reveals that the bytes that differ are really the two MPIs representing the r and s components of the DSA signature for the ELG subkey. Further, if I export my secret keyring to several different accounts/ computers, all of them end up with identical DSA signature for the exported subkey (but it's different from the original signature). Can someone please explain why is it like this? Thanks! __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users