Re: GnuPG 1.4.13 released
On Mon, 24 Dec 2012 12:47, expires2...@rocketmail.com said: Will you be including IDEA in the 2.x branch as well? Yes, if you use the development version of Libgcrypt. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ASCII armor plus? - a main reason I find I and some others do not use encryption is that the messages get garbled
On Tue, 25 Dec 2012 01:30, phonetree...@gmail.com said: The insertion of hard returns, blank lines, hyphens and so on is an issue I and others I have been trying to get to use encryption multiple times. It is one of the main reasons I don't use encryption Actually the OpenPGP armor format is pretty robust to the extend it can be. However, you are likely talking about mail. Here I can only suggest to use PGP/MIME - it is part of the MIME standard and should be supported by all sane mail clients. It is a *16 year* old standard and has been implemented even earlier. Thus instead of trying to come up with some changed ascii armor, it will be way better to use an established standard. If your mail software messes things up, you know what to fix. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ASCII armor plus?
On 12/26/2012 6:01 AM, Werner Koch wrote: Actually the OpenPGP armor format is pretty robust to the extend it can be. However, you are likely talking about mail. Here I can only suggest to use PGP/MIME - it is part of the MIME standard and should be supported by all sane mail clients. It is a *16 year* old standard and has been implemented even earlier. A word of caution may be in order: PGP/MIME is a fragile format and does not play nice with mailers (remailers, mailing list software, MTAs, anything in the chain) that plays with attachments. There are a surprising lot of these out there: for instance, the PGP-Basics mailing list at Yahoo! Groups is configured to strip all attachments, which means that PGP/MIME signatures on that mailing list are simply impossible. GnuPG-Users and Enigmail-Users have each within recent memory had mailing list software (GNU Mailman) which broke PGP/MIME signatures. When the community's flagship mailing lists cannot reliably use PGP/MIME, I'm a little cautious about recommending PGP/MIME as a general-purpose, ready-for-the-end-user solution. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
OpenPGP card decryption with 4096bit keys bugfix??
Hello, first thing: I am not subscribed to this list, so please CC me in replies. I recently bought a OpenPGP smart card and want to use 4096bit keys and Windows. This doesn't work for decrypting with any released gpg version! There seems to be a patch to make it work at http://lists.gnupg.org/pipermail/gnupg-users/2012-June/044868.html Is this one line change the only thing that has to be changed to make it work? Compiling gpg2 for Windows is really hard it seems. I haven't got the Gpg4win compilation to work because it needs some packages not available on my debian sid based machine. I am using the Gpg4win 2.1.1 Beta installer and want to change as little as possible. I compiled libgpg-error and libassuan and switched out the libassuan-0.dll If this one line is the only change, this should be enough?! (except if libassuan is also statically linked somewhere) But the problem is still the same after the switch. The only commands getting sent to the card when starting gpg --decrypt are: scdaemon[208]: chan_01BC - SERIALNO openpgp scdaemon[208]: chan_01BC - S SERIALNO D276000124010205 0 scdaemon[208]: chan_01BC - OK scdaemon[208]: chan_01BC - RESTART scdaemon[208]: chan_01BC - OK Even if I have to compile gpg2 as a whole I don't want to use the git working copy, but the 2.0.19 source with only the patch to make decryption with 4096bit Keys work. So can someone tell me if this is the only change (then I probably am doing something wrong) or if something else, and what, has to be changed. Thanks, Josef ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OpenPGP card decryption with 4096bit keys bugfix??
On 12/26/2012 2:42 AM, Josef Schneider wrote: first thing: I am not subscribed to this list, so please CC me in replies. You will have better luck if you join the list. I can almost guarantee you that somewhere in this thread someone will have useful thoughts to contribute and they will not remember to cc you. I recently bought a OpenPGP smart card and want to use 4096bit keys and Windows. This doesn't work for decrypting with any released gpg version! The easiest way to fix your problem is to consider whether 3072-bit crypto is sufficient for your purposes. It almost certainly is. 4096-bit crypto does not give you very much of an edge over 3072-bit crypto. Per NIST: Asymmetric size Equivalent symmetric size 1024 bits 80 bits 2048 bits 112 bits 3072 bits 128 bits 4096 bits NIST doesn't even give an estimate for 4096-bit keys. My suspicion is they would come in around 134 bits or so, but that's just a hunch. This makes 4kbit keys the odd man out. If 128-bit crypto is sufficient for your purposes (and it's sufficient for virtually all purposes!), then a 3072-bit key is also sufficient. If you're in one of the rare niches where 256-bit crypto is necessary then you've got two choices: use a 15,000-bit RSA key or else switch to elliptical-curve cryptography. Either way, there are very few cases where RSA-4096 is necessary. (I've personally never seen or heard of one, but I'm not going to claim they don't exist at all.) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ASCII armor plus?
On Wed, 26 Dec 2012 13:42, r...@sixdemonbag.org said: When the community's flagship mailing lists cannot reliably use PGP/MIME, I'm a little cautious about recommending PGP/MIME as a general-purpose, ready-for-the-end-user solution. It is a sad time for standards, I know. Let's get rid of them all and use FB or GM and we don't need to care about that all anymore. BTW, we have patches for Mailman to fix the problem in most cases but they never made it to upstream. The funny thing is that Outlook has become better in this regard over time. But Mailman: no useful archive, no proper MIME support, arghh. I am not sure whether this reflects badly on standard Python modules or at the diminishing use of mailing lists. Salam-Shalom, Werner p.s. I guess I better configure Gnus to include your PGP/MIME disclaimer automagically if RFC-3156 is mentioned :-) -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ASCII armor plus?
On 12/26/2012 1:23 PM, Werner Koch wrote: It is a sad time for standards, I know. Let's get rid of them all and use FB or GM and we don't need to care about that all anymore. In my defense, I never said I thought PGP/MIME had no place in the OpenPGP ecosystem. I just said I was reluctant to recommend it as a general-purpose solution, given how dodgy the support for it is in a great number of different venues. I readily concur that we have a pretty sorry state of standards nowadays. A standard that's not widely conformed to is not much of a standard. BTW, we have patches for Mailman to fix the problem in most cases but they never made it to upstream. The funny thing is that Outlook has become better in this regard over time. But Mailman: no useful archive, no proper MIME support, arghh. I am not sure whether this reflects badly on standard Python modules or at the diminishing use of mailing lists. The alternative would be to roll our own, and maybe the time has come for a Mailman replacement. I've long wanted some piece of software that allows for threads to be handled either via email or via web forums: after all, viewing is orthogonal to the content itself. Content can be stored in a back-end, and the front-end can/should be a replaceable component. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users