Re: Paperkey 1.3
On Thu, 3 Jan 2013 23:42:07 -0500 David Shaw ds...@jabberwocky.com wrote: Paperkey 1.3 is released. This adds ECC key support (both ECDH and ECDSA) as well as a few more minor tweaks. Source and Win32 binaries are available at: http://www.jabberwocky.com/software/paperkey/ Curious piece of software. Certainly not something that comes to mind right away for making backups. I wonder if you could back-up even more by using 2D bar code for an output? Best regards -- Branko Majic Jabber: bra...@majic.rs Please use only Free formats when sending attachments to me. Бранко Мајић Џабер: bra...@majic.rs Молим вас да додатке шаљете искључиво у слободним форматима. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is a document signed with hellosign legally binding?
Thank you all! So, a bare email is also legally binding, but it can be hard to proove who sent it. Same for hellosign.com, it can be hard to proove who really signed a document there, and it was that fact that confused me, I made legally binding and proove who signed the same thing. /Morten On Fri, Jan 4, 2013 at 10:50 AM, David P Á wrote: The directive refers to two types of signatures on article 2: electronic signatures are those like me writing my name on the foot of this email, advanced electronic signatures are the ones that require certificates and so on. By art 5.1, advanced electronic signatures are equivalent to hand-written ones, by art 5.2, though, unqualified electronic signatures should not be denied legal validity on the mere grounds that they are electronic. So without advising to particulars, especially given the possible issues with transposition of the directive into national law, an electronic signature of that sort is binding, though of course it is possible to question whether it really was issued by the signatory and so on. --David. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gnupg not working with RHEL 4
Hi, This is an important issue for me. I would really appreciate, if any one can help. Server 1: I have a server with Red Hat Enterprise Linux AS release 4 (Nahant Update 5) and having gnupg version 1.2.6. When I am trying to import a key, I am getting below problem and the key is not getting imported. The key is 2048 bits. # gpg --import /key.asc gpg: DSA requires the use of a 160 bit hash algorithm gpg: DSA requires the use of a 160 bit hash algorithm gpg: DSA requires the use of a 160 bit hash algorithm gpg: DSA requires the use of a 160 bit hash algorithm gpg: key ACF6FA22: no valid user IDs gpg: this may be caused by a missing self-signature gpg: Total number processed: 1 gpg: w/o user IDs: 1 # Server 2: I have an another server with Red Hat Enterprise Linux Server release 5.5 (Tikanga) and with gncpg version 1.4.5. On this I am able to import the same key successfully. Unfortunately, I cannot upgrade Linux on Server 1. What I have to do to solve the problem with gpg import on Server 1? Do I have to upgrade the gncpg on Server 1 or is there alternate solution? If I have to upgrade gncpg, to which version of gncpg I have to update? I cannot use up2date because the Server 1 is not subscribed to RHN. So what will be the alternate way to upgrade without up2date. Thank you very much, Anil. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gnupg not working with RHEL 4
On 1/3/2013 2:37 PM, Anilkumar Padmaraju wrote: This is an important issue for me. I would really appreciate, if any one can help. The fix is easy: upgrade GnuPG. Version 1.2.6 is old, really old. The certificate you're trying to import uses an algorithm (DSA2) which is relatively new. GnuPG is trying to treat this as a DSA certificate and is complaining that it uses the wrong parameters. Download and install the GnuPG 1.4.13 source code from: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.13.tar.bz2 ... and this problem will go away. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is a document signed with hellosign legally binding?
I don't know, but I must say that I'm wary of dealing with unknown people who are collecting signature samples from all over Europe, offering a service which seems to accomplish very little and making disputed claims about its legal effect. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu There's an app for that: your browser pgpsy88REgYEZ.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gnupg not working with RHEL 4
On Jan 3, 2013, at 2:37 PM, Anilkumar Padmaraju apadmar...@prounlimited.com wrote: Hi, This is an important issue for me. I would really appreciate, if any one can help. Server 1: I have a server with Red Hat Enterprise Linux AS release 4 (Nahant Update 5) and having gnupg version 1.2.6. When I am trying to import a key, I am getting below problem and the key is not getting imported. The key is 2048 bits. # gpg --import /key.asc gpg: DSA requires the use of a 160 bit hash algorithm This means that you are trying to import a key with a version of GnuPG that is too old to understand it. That key uses a feature (called DSA2) that didn't exist in version 1.2.6 of GnuPG. Unfortunately, I cannot upgrade Linux on Server 1. What I have to do to solve the problem with gpg import on Server 1? While you don't have to upgrade Linux on server 1, you do need to at least upgrade GnuPG. Go to http://www.gnupg.org/download/ and grab the latest 1.4 version of GnuPG (at the moment, it's 1.4.13). That is the easiest replacement for 1.2.6, and will handle that DSA2 key just fine. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Paperkey 1.3
On 04-01-2013 5:42, David Shaw wrote: Paperkey 1.3 is released. You might want to update the website, it reads a bit outdated. CD/DVD-ROMs are going the way of the floppy disc; flash memory is much more reliable than either. Future support of USB ports or memory card readers seems the biggest concern for me. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New packet headers and gpg
Somebody claiming to be David Shaw wrote: On Jan 3, 2013, at 9:53 PM, Stephen Paul Weber singpol...@singpolyma.net wrote: tell gpg or gpg2 to produce new packet length headers for output? No. GPG automatically uses the old packet headers for those packets that can be described that way Hmm, ok. I was hoping that with all the advanced mode, you probably don't care about this features, there would be one for this. -- Stephen Paul Weber, @singpolyma See http://singpolyma.net for how I prefer to be contacted edition right joseph signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
poldi
Hi, I'm playing a bit with a fsfe card and trying to find a way to use smartcard for xscreensaver I've stumbled on poldi references, but the sources seems untouched since long time. before starting to work on a updated ebuild (I'm on gentoo installation), is poldi still alive or do we have better way to reach the same goal (basically, having xscreensaver and other pam enabled things using the card)? sorry if the question is silly, but I found no helpful references so far... -- Fabio ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Paperkey 1.3
On Fri, 4 Jan 2013 15:27, joh...@vulcan.xs4all.nl said: CD/DVD-ROMs are going the way of the floppy disc; flash memory is much more reliable than either. Future support of USB ports or memory card FWIW: Some time ago I copied a bunch of ~25 years old 5.25 floppies to a disk. I had only problems with some of the very cheap or the dusted, wet and oiled ones stored for too many years in my non-heated garage. Nobody has experience with flash for more than a decade. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New packet headers and gpg
On Jan 4, 2013, at 9:39 AM, Stephen Paul Weber singpol...@singpolyma.net wrote: Somebody claiming to be David Shaw wrote: On Jan 3, 2013, at 9:53 PM, Stephen Paul Weber singpol...@singpolyma.net wrote: tell gpg or gpg2 to produce new packet length headers for output? No. GPG automatically uses the old packet headers for those packets that can be described that way Hmm, ok. I was hoping that with all the advanced mode, you probably don't care about this features, there would be one for this. You could patch the code (look in build-packet.c) fairly easily if you need this. Out of curiosity, why do you want to use only new packet headers? David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Paperkey 1.3
You may want to check out my blog post about key backup[1]. In it I mention two bar-code style backup solutions: * PaperBack [2] * Twibright Optar [3] I also investigated QR codes and other 2D bar codes.. however they did not seem to scale well to large amounts of data... I found that PaperBack, while being a Win32 app (runs fine in Wine) works beautifully for storing quite a bit of data with redundancy and handling for user-level printers. Quoting the page If you have a good laser printer with the 600 dpi resolution, you can save up to 500,000 bytes of uncompressed data on the single A4/Letter sheet. ... quite a bit to store your entire secret keyring ... though you could use paperkey + this to permit bumping up redundancy / dot-size quite a bit. Twibright Optar has quite a bit of promise, but requires quite a bit of pre-processing and noise removal (not to mention source-code edit to change dot-size to work nicely with non-super printers). 1: http://blog.eharning.us/2011/04/key-backup-for-paranoid.html 2: http://ollydbg.de/Paperbak/ 3: http://ronja.twibright.com/optar/ On Fri, Jan 4, 2013 at 4:01 AM, Branko Majic bra...@majic.rs wrote: On Thu, 3 Jan 2013 23:42:07 -0500 David Shaw ds...@jabberwocky.com wrote: Paperkey 1.3 is released. This adds ECC key support (both ECDH and ECDSA) as well as a few more minor tweaks. Source and Win32 binaries are available at: http://www.jabberwocky.com/software/paperkey/ Curious piece of software. Certainly not something that comes to mind right away for making backups. I wonder if you could back-up even more by using 2D bar code for an output? Best regards -- Branko Majic Jabber: bra...@majic.rs Please use only Free formats when sending attachments to me. Бранко Мајић Џабер: bra...@majic.rs Молим вас да додатке шаљете искључиво у слободним форматима. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Thomas Harning Jr. (http://about.me/harningt) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New packet headers and gpg
Somebody claiming to be David Shaw wrote: On Jan 4, 2013, at 9:39 AM, Stephen Paul Weber singpol...@singpolyma.net wrote: Somebody claiming to be David Shaw wrote: On Jan 3, 2013, at 9:53 PM, Stephen Paul Weber singpol...@singpolyma.net wrote: tell gpg or gpg2 to produce new packet length headers for output? No. I was hoping that with all the advanced mode, you probably don't care about this features, there would be one for this. You could patch the code (look in build-packet.c) fairly easily if you need this. Out of curiosity, why do you want to use only new packet headers? I might do that if I get further along. I want to be able to have partial OpenPGP implementations that only bother with new-style headers. Such implementations' ouput can be read by gpg, but there's currently no way to convince gpg to talk to them :) My own implementations currently do support both kinds of headers, so it's not a pressing need. -- Stephen Paul Weber, @singpolyma See http://singpolyma.net for how I prefer to be contacted edition right joseph signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Paperkey 1.3
On Jan 4, 2013, at 4:01 AM, Branko Majic bra...@majic.rs wrote: On Thu, 3 Jan 2013 23:42:07 -0500 David Shaw ds...@jabberwocky.com wrote: Paperkey 1.3 is released. This adds ECC key support (both ECDH and ECDSA) as well as a few more minor tweaks. Source and Win32 binaries are available at: http://www.jabberwocky.com/software/paperkey/ Curious piece of software. Certainly not something that comes to mind right away for making backups. I wonder if you could back-up even more by using 2D bar code for an output? Sure, paperkey supports piping the output into whatever code generator you like: gpg --export-secret-key mykey | paperkey --output-format raw | your-bar-code-generator However, 2D bar codes have some of the problems that paperkey is intended to address. You need a 'thing' (a process, a device, etc) to read them, and part of the point of paperkey is that it's supposed to be the backup of last resort, and thus readable by a human without any special hardware involved. You could also back up your whole key via a 2D bar code (without using paperkey at all) but then you're backing up a lot of redundant data, giving you a larger image. Of course, this may not be a big deal if the intent is to scan it back in again rather than type it back in again. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
paperkey // recommended OCR font ?
My scanner is broken (lamp problem) and the multifunction printer hasn't arrived yet ;-( so I can't test this myself. Has anyone tested Paperkey by scanning it in, having the OCR recognize it without error, and then successfully import it into a keyring ? If so, what is the recommended font and size to be used for accurate OCR ? OCR-A, OCR-B, Ordinary Courier 10, other ? (I know that the purpose of Paperkey is to be able to type it in by hand, if all else fails ;-) but if OCR works, it would make things much easier ... ) TIA vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Paperkey 1.3
On 01/04/2013 06:27 AM, Johan Wevers wrote: On 04-01-2013 5:42, David Shaw wrote: Paperkey 1.3 is released. You might want to update the website, it reads a bit outdated. CD/DVD-ROMs are going the way of the floppy disc; flash memory is much more reliable than either. Future support of USB ports or memory card readers seems the biggest concern for me. Support for USB ports or card readers will not disappear over night. Whenever the next better medium becomes common, you simply transfer your back-ups. No reason to be concerned, IMHO. -- Best regards, Klaus -- PGP/GPG public keys at http://pgp.mit.edu _ “Political language… is designed to make lies sound truthful and murder respectable.” George Orwell ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Paperkey 1.3
On Jan 4, 2013, at 9:27 AM, Johan Wevers joh...@vulcan.xs4all.nl wrote: On 04-01-2013 5:42, David Shaw wrote: Paperkey 1.3 is released. You might want to update the website, it reads a bit outdated. CD/DVD-ROMs are going the way of the floppy disc; flash memory is much more reliable than either. Future support of USB ports or memory card readers seems the biggest concern for me. That's a very good point. Do you know of any studies on the projected life of flash when used as backup? I've read anecdotal numbers as low as 5 years, and marketing claims are always huge (100 years!), but most of what I see is about the lifespan is when the flash is actively used (so running out of read/write cycles), rather than the on-the-shelf lifespan of already written data. The few numbers I've seen at manufacturers websites about retention specifically, suggest it's around 10 years (depending on how well the flash is stored - heat makes it die quicker, etc). David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gnupg not working with RHEL 4
Thank you very much, David. Our other server is having 1.4.5 and to be consistent want to go from 1.2.6 to 1.4.5. Can I go ahead and update gnupg from 1.2.6 to 1.4.5 on Red Hat Enterprise Linux AS release 4 (Nahant Update 5)? Is 1.4.5 compatible with this Linux version? I did not find any information regarding this compatibility. Thank you, Anil. On Fri, Jan 4, 2013 at 5:54 AM, David Shaw ds...@jabberwocky.com wrote: On Jan 3, 2013, at 2:37 PM, Anilkumar Padmaraju apadmar...@prounlimited.com wrote: Hi, This is an important issue for me. I would really appreciate, if any one can help. Server 1: I have a server with Red Hat Enterprise Linux AS release 4 (Nahant Update 5) and having gnupg version 1.2.6. When I am trying to import a key, I am getting below problem and the key is not getting imported. The key is 2048 bits. # gpg --import /key.asc gpg: DSA requires the use of a 160 bit hash algorithm This means that you are trying to import a key with a version of GnuPG that is too old to understand it. That key uses a feature (called DSA2) that didn't exist in version 1.2.6 of GnuPG. Unfortunately, I cannot upgrade Linux on Server 1. What I have to do to solve the problem with gpg import on Server 1? While you don't have to upgrade Linux on server 1, you do need to at least upgrade GnuPG. Go to http://www.gnupg.org/download/ and grab the latest 1.4 version of GnuPG (at the moment, it's 1.4.13). That is the easiest replacement for 1.2.6, and will handle that DSA2 key just fine. David -- Anilkumar Padmaraju | Sr. Linux System Administrator *PRO Unlimited, Inc.* 1350 Old Bayshore Highway, Suite 350, Burlingame, CA 94010 (o) 650-373-2484 | (m) 408-835-7599 | (e) apadmar...@prounlimited.com www.prounlimited.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Paperkey 1.3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Am I the only having trouble both the key for this message and the one with the binaries? My installation tells me it is not Key ID: 0x99242560 but key 0xA1BC4FA4 which is not found on any server that I use. David Shaw made the following observation on 1/3/2013 10:42 PM: Hi folks, Paperkey 1.3 is released. This adds ECC key support (both ECDH and ECDSA) as well as a few more minor tweaks. Source and Win32 binaries are available at: http://www.jabberwocky.com/software/paperkey/ -BEGIN PGP SIGNATURE- Comment: what is essential is invisible to the eye Comment: - Antoine de Saint Exupery iEYEAREIAAYFAlDm96wACgkQsMrrDTRrXem+cQCgpf9rv9Zj7KHr9CMezbN0YjV6 f/gAn174BhbDynOMYspBeKFztlK//xd/ =ZjMc -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Paperkey 1.3
On Jan 4, 2013, at 12:16 PM, I.V. Frost ivfrost2-m...@yahoo.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Am I the only having trouble both the key for this message and the one with the binaries? My installation tells me it is not Key ID: 0x99242560 but key 0xA1BC4FA4 which is not found on any server that I use. 0xA1BC4FA4 is a subkey on 0x99242560. It should be available on the keyserver network. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New packet headers and gpg
On Fri, 4 Jan 2013 17:34, singpol...@singpolyma.net said: headers. Such implementations' ouput can be read by gpg, but there's currently no way to convince gpg to talk to them :) I just checked the RFC and it says: If interoperability [with PGP 2] is not an issue, the new packet format is RECOMMENDED. Thus there is nothing in the standard which would speak against using the new headers. This can either be done using a new option or by using for example the existing compliance option --rfc4880. I don't assume that PGP 2 is still in use. With the recent addition of IDEA even decryption of old data can now be done with vanilla GPG. Shall we give this a test by using one of the compliance options and make the new headers the default in one or two years? Less code is always better. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gnupg not working with RHEL 4
On Fri, 4 Jan 2013 18:34, apadmar...@prounlimited.com said: Can I go ahead and update gnupg from 1.2.6 to 1.4.5 on Red Hat Enterprise Linux AS release 4 (Nahant Update 5)? Is 1.4.5 compatible with this Linux version? I did not find any information regarding this compatibility. GnuPG is compatible with all Unix style operating systems inclduing Linux and RHEL [1]. You just need to build it yourself. And please use the latest versions (1.4.13). Shalom-Salam, Werner [1] And with VMS and Windows. However, you better get a prebuild version for these OSes. -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gnupg not working with RHEL 4
Thank you, David and Werner. This is first time I am upgrading gnupg. Are there any steps or document to download source, compile, and upgrade? I did some search in google, but could not find detailed one. After upgrading do I have to do gpg --gen-key or it is only needed when we install for the first time? Thank you, Anil. On Fri, Jan 4, 2013 at 12:45 PM, Werner Koch w...@gnupg.org wrote: On Fri, 4 Jan 2013 18:34, apadmar...@prounlimited.com said: Can I go ahead and update gnupg from 1.2.6 to 1.4.5 on Red Hat Enterprise Linux AS release 4 (Nahant Update 5)? Is 1.4.5 compatible with this Linux version? I did not find any information regarding this compatibility. GnuPG is compatible with all Unix style operating systems inclduing Linux and RHEL [1]. You just need to build it yourself. And please use the latest versions (1.4.13). Shalom-Salam, Werner [1] And with VMS and Windows. However, you better get a prebuild version for these OSes. -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -- Anilkumar Padmaraju | Sr. Linux System Administrator *PRO Unlimited, Inc.* 1350 Old Bayshore Highway, Suite 350, Burlingame, CA 94010 (o) 650-373-2484 | (m) 408-835-7599 | (e) apadmar...@prounlimited.com www.prounlimited.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gnupg not working with RHEL 4
On Jan 4, 2013, at 12:34 PM, Anilkumar Padmaraju apadmar...@prounlimited.com wrote: Thank you very much, David. Our other server is having 1.4.5 and to be consistent want to go from 1.2.6 to 1.4.5. Can I go ahead and update gnupg from 1.2.6 to 1.4.5 on Red Hat Enterprise Linux AS release 4 (Nahant Update 5)? Is 1.4.5 compatible with this Linux version? I did not find any information regarding this compatibility. You could upgrade to 1.4.5, but this is not recommended. There have been a number of bug fixes between 1.4.5 and 1.4.13, and using the most recent version is usually the best course of action. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
simple-sk-checksum
The manpage for gpg sez: Secret keys are integrity protected by using a SHA-1 checksum. This method is part of the upcoming enhanced OpenPGP specification but GnuPG already uses it as a countermeasure against certain attacks. Old applications don't under‐ stand this new format, so this option may be used to switch back to the old behaviour. Using this option bears a security risk. Does anyone know what the actual security risk is? Using a weaker checksum obviously makes it easier to forge data, but in this case the data being forged is just the secret parts of a secret key. What are the attack vectors there? -- Stephen Paul Weber, @singpolyma See http://singpolyma.net for how I prefer to be contacted edition right joseph signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: simple-sk-checksum
On Jan 4, 2013, at 4:37 PM, Stephen Paul Weber singpol...@singpolyma.net wrote: The manpage for gpg sez: Secret keys are integrity protected by using a SHA-1 checksum. This method is part of the upcoming enhanced OpenPGP specification but GnuPG already uses it as a countermeasure against certain attacks. Old applications don't under‐ stand this new format, so this option may be used to switch back to the old behaviour. Using this option bears a security risk. Does anyone know what the actual security risk is? Using a weaker checksum obviously makes it easier to forge data, but in this case the data being forged is just the secret parts of a secret key. What are the attack vectors there? http://eprint.iacr.org/2002/076.pdf David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: simple-sk-checksum
Somebody claiming to be David Shaw wrote: On Jan 4, 2013, at 4:37 PM, Stephen Paul Weber singpol...@singpolyma.net wrote: Does anyone know what the actual security risk is? Using a weaker checksum obviously makes it easier to forge data, but in this case the data being forged is just the secret parts of a secret key. What are the attack vectors there? http://eprint.iacr.org/2002/076.pdf Thanks! That paper implies that both the public *and* private elements must be integrity protected to defeat the attack (depending on algorithm), however it seems that only the private elements are protected by the SHA1 under RFC4880. Was the need to protect the public elements discovered to be unnecessary? -- Stephen Paul Weber, @singpolyma See http://singpolyma.net for how I prefer to be contacted edition right joseph signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gnupg not working with RHEL 4
I am using http://www.faqs.org/docs/securing/chap19sec152.html to do the upgrade. Please let me know, if I have to do any additional steps. Since I am already using gpg on this server, do I have to do gpg --gen-key after the upgrade? Thank you, Anil. On Fri, Jan 4, 2013 at 1:09 PM, Anilkumar Padmaraju apadmar...@prounlimited.com wrote: Thank you, David and Werner. This is first time I am upgrading gnupg. Are there any steps or document to download source, compile, and upgrade? I did some search in google, but could not find detailed one. After upgrading do I have to do gpg --gen-key or it is only needed when we install for the first time? Thank you, Anil. On Fri, Jan 4, 2013 at 12:45 PM, Werner Koch w...@gnupg.org wrote: On Fri, 4 Jan 2013 18:34, apadmar...@prounlimited.com said: Can I go ahead and update gnupg from 1.2.6 to 1.4.5 on Red Hat Enterprise Linux AS release 4 (Nahant Update 5)? Is 1.4.5 compatible with this Linux version? I did not find any information regarding this compatibility. GnuPG is compatible with all Unix style operating systems inclduing Linux and RHEL [1]. You just need to build it yourself. And please use the latest versions (1.4.13). Shalom-Salam, Werner [1] And with VMS and Windows. However, you better get a prebuild version for these OSes. -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: paperkey // recommended OCR font ?
On Jan 4, 2013, at 1:06 PM, ved...@nym.hush.com wrote: My scanner is broken (lamp problem) and the multifunction printer hasn't arrived yet ;-( so I can't test this myself. Has anyone tested Paperkey by scanning it in, having the OCR recognize it without error, and then successfully import it into a keyring ? If so, what is the recommended font and size to be used for accurate OCR ? OCR-A, OCR-B, Ordinary Courier 10, other ? I've done this, with regular old Courier. It basically worked, with a few glitches that I had to correct by hand. Paperkey has a checksum on each line so you can easily tell which line got the glitch. I suspect a OCR font would have done better. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: paperkey // recommended OCR font ?
On 1/4/2013 7:17 PM, David Shaw wrote: I've done this, with regular old Courier. My experiences are similar. One additional thing: the larger the font the easier it is for OCR to recognize it (up to a point: I doubt there's much difference between 48- and 72-point recognition). So try using 12- or 14-point if possible. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users