Re: Feature request for future OpenPGP card: force PIN
On Fri, 8 Feb 2013 15:18, pe...@digitalbrains.com said: I have an SCM SPR 532 reader with pinpad; I thought the host could not get at the PIN when entered on the pinpad? The way I understood it, the host sends a That is right. However, if for other reasons the PIN is known to the host (used without pinpad, spyware utilizing the microphone or another side channel, bugged reader firmware), the host will be able to use the smartcard without you noticing it. See the various attacks on point of sale terminals for such attacks. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Best way to catch INSECURE unverified sig status when shelling out to gpg?
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 On 02/09/2013 06:09 PM, Grant Olson wrote: What is the best way to check for this? I presume something like stdout.include?(INSECURE) is not localization friendly. Sorry INSECURE was actually from my test key. The actual text is of course WARNING. Just wanted to note that before I was corrected... - -- - -Grant Look around! Can you construct some sort of rudimentary lathe? -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAwAGBQJRFtffAAoJEP5F5V2hilTWwZgIALXvTbhHeZMlbHVYN5kqzrad c5zphOpAcT35u69fk7WOFRvY9+J6gM9gBNxDaLeqal9F8T86kIZbqADep3+lqXRV Iqumvw3EDzgvH18ndGQu+NDE+9vSDuPrKC1TJVDN2eFBQKUJ8irnU1jKtVYeyPDx uxKlyKP7AZLxM7v1J1LRl3bKrvgvdnwnQOU+0pATHqGr08kfE9+4kryCftRTDCNt jWBrw+K+/ToUisbemHTjU5I5BNXuzihbz+yQ+Bse/eyMikXbzEMGh4FOJzgQWqvb 3OMO8a65rU2aQB7PSKTQxdKd0ig2/TvPqU+pyqvAYHivmJcBtkCldcdbuyzPnn0= =0Qxo -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Best way to catch INSECURE unverified sig status when shelling out to gpg?
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 I'm currently writing a plugin that allows you to OpenPGP sign/verify ruby software packages: https://github.com/grant-olson/rubygems-openpgp Right now I'm just shelling out to gpg and checking the status code to determine success or failure. When I have an unverified but good signature I don't get an error code. What is the best way to check for this? I presume something like stdout.include?(INSECURE) is not localization friendly. Thanks, - -- - -Grant Look around! Can you construct some sort of rudimentary lathe? -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAwAGBQJRFtc4AAoJEP5F5V2hilTWCcwIAJoMsbwQ1GikobJD5vnnPwG9 +UmU5ZNKW6gNLDru28/a3VZNKgzdViaCHSfL8XNbm+CzioycImppQvMzliRwminT filk7KYwnBmMJLEq8Nt1tY93L9Bl+6lWdmDvDRzOyEYpv3iWB8uBd37CacodXiV3 tM3lM0m04A4E/+QDsZ+2tHMzrcuz2gcFPKUC6nh2LzT+0tfsVA1SWQb3Z+3jdvEN Dn+mE+NyazxgcTcF+syJiRFXza1nFDkQhdkiS4e6wFzvxqLmxJQfoH2Nj18zt6OM SjZDEmzafnrDl7qxQtCaABH2+cP/CvOLki93YV9nOEQ9nwRAkVy3I73/Iajmw1g= =+EnS -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Best way to catch INSECURE unverified sig status when shelling out to gpg?
On Feb 9, 2013, at 6:09 PM, Grant Olson k...@grant-olson.net wrote: I'm currently writing a plugin that allows you to OpenPGP sign/verify ruby software packages: https://github.com/grant-olson/rubygems-openpgp Right now I'm just shelling out to gpg and checking the status code to determine success or failure. When I have an unverified but good signature I don't get an error code. What is the best way to check for this? I presume something like stdout.include?(INSECURE) is not localization friendly. The option you're looking for is --status-fd. Using that, you can get a stream of localization-safe string tags that can tell you the exact status of a signature. See the DETAILS file from the GnuPG distribution for the specific tags. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
