Re: Developing JavaCard applet
On Sun, 21 Apr 2013 10:49:19 +0200 NdK ndk.cla...@gmail.com wrote: Hello all. I'm planninng to start work on a OpenGPGCard TNG ( :) ) that allows: - exportable keys only towards user-certified devices - support for 2048 bit keys -- more if HW allows it - storage for many (thought at least 18 to allow 1 key per year till 2030) encryption keys (current + expired ones), plus regular signature and auth keys, plus an extra auth key for RFID auth. What I'd like to achieve is that the user is in control of what to do with his keys: choose if they're exportable or not, choose to allow export only to other cards, choose if exported key can be re-exported, etc. But that policy have to be chosen before generating/importing the signature key: once a signature key is in-place, policy cannot be altered any more. That would allow the use of a single card/token per identity, with keys that can be backed up but remain safe (well, technically the user could choose to export against an insecure SW key container, but it's his coice: why should I forbid it? And even if I'd forbid it, he would simply generate the key in the SW key container then import to the card, and sw RNGs are usually less secure than TRNGs in cards, or even alter the applet to disable the check...). The applet will (obviously) be open-source. The target card is any GP 2.1.1 (no need for extended APDUs -- they will be simulated) -- I'll test on JCOP41 72k and SmartCafé Expert 144k. Comments? Suggestions? Other missing features? BYtE, Diego. Hello Diego, That certainly sounds interesting. I can volunteer to test it out once you have some workable code - I have a couple of Oberthur cards that are collecting the dust :) What I might be even more interested in is if you could describe the development process you use for working on a JavaCard applet - there's very little resources out there to get people up and running with such exotic topic. The added value would be ability for more people to chip in with contributions :) Best regards -- Branko Majic Jabber: bra...@majic.rs Please use only Free formats when sending attachments to me. Бранко Мајић Џабер: bra...@majic.rs Молим вас да додатке шаљете искључиво у слободним форматима. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Developing JavaCard applet
Il 03/05/2013 09:53, Branko Majic ha scritto: I'm planninng to start work on a OpenGPGCard TNG ( :) ) that allows: - exportable keys only towards user-certified devices - support for 2048 bit keys -- more if HW allows it - storage for many (thought at least 18 to allow 1 key per year till 2030) encryption keys (current + expired ones), plus regular signature and auth keys, plus an extra auth key for RFID auth. [...] That certainly sounds interesting. Hope so :) I didn't yet start massive pgp use just 'cause those limitations. I can volunteer to test it out once you have some workable code - I have a couple of Oberthur cards that are collecting the dust :) How much memory do they have? I think that less than 64K won't be enough... But you could start experimenting with old plain JCOpenPGP (currently on Sourceforge) that we'll be using as a basis. What I might be even more interested in is if you could describe the development process you use for working on a JavaCard applet - there's very little resources out there to get people up and running with such exotic topic. The added value would be ability for more people to chip in with contributions :) It's already documented (by Petr Svenda) and there's even a VM: see https://minotaur.fi.muni.cz:8443/~xsvenda/docuwiki/doku.php?id=public:smartcard:javacardcompilation BYtE, Diego. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Developing JavaCard applet
On Fri, 03 May 2013 10:18:12 +0200 NdK ndk.cla...@gmail.com wrote: I can volunteer to test it out once you have some workable code - I have a couple of Oberthur cards that are collecting the dust :) How much memory do they have? I think that less than 64K won't be enough... But you could start experimenting with old plain JCOpenPGP (currently on Sourceforge) that we'll be using as a basis. The ones I got are Oberthur Cosmo V7 64K. I hope that'll be enough - personally I'm ok if I can even store smaller number of keys on it. No idea what your estimates are on how big the applet itself will be. What I might be even more interested in is if you could describe the development process you use for working on a JavaCard applet - there's very little resources out there to get people up and running with such exotic topic. The added value would be ability for more people to chip in with contributions :) It's already documented (by Petr Svenda) and there's even a VM: see https://minotaur.fi.muni.cz:8443/~xsvenda/docuwiki/doku.php?id=public:smartcard:javacardcompilation Cool link, bookmarked for future use :) Best regards -- Branko Majic Jabber: bra...@majic.rs Please use only Free formats when sending attachments to me. Бранко Мајић Џабер: bra...@majic.rs Молим вас да додатке шаљете искључиво у слободним форматима. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: determine encryption key without trying to decrypt
Hi, Quoting Hauke Laging mailinglis...@hauke-laging.de: how can I determine the key(s) for which a file has been encrypted without gpg trying to decrypt the file? I don't understand why --list-packets tries to decrypt it anyway. --batch and --no-tty do not solve the problem. Because of the --hidden-recipient (or --hidden-encrypt-to name) functionality, you're sort-of obliged to simply throw whatever secret keys you have at it and hopefully be able to decrypt it. Why don't you use the option from the faq [1], is there something wrong with: gpg --batch --decrypt --list-only --status-fd 1 2/dev/null | \ awk '/^\[GNUPG:\] ENC_TO / { print $3 }' Ciao, kwadronaut [1] http://www.gnupg.org/faq/GnuPG-FAQ.html#how-can-i-get-list-of-key-ids-used-to-encrypt-a-message ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Suggest please
hi guys i am just beginning using gpg/pgp, so my apologies in advance for my confusions. i've read and tried several times to encrypt csv files with a private-key, and to decrypt them back with public key. actually, these different csv files should be encrypted by several different users, and sent to only one mail-adress. there are also several other users on a virtual machine, who should be able to decrypt them. we have to do these with private-public-key case. What i now did is, i created a key-pair, have sent public-key to those, who will encrypt files. i am able to decrypt these files with my private-key. the problem is, i only can decrypt the files. is it possible to do it in any other way, but using also priv-pub-key? i am like stuck.. I appreciate any of your help and suggestion, lena ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Suggest please
Hi Werner let's say, user_1 created public-private-key_1. then senders should encrypt it with public-key_1 but for all user_1, user_2, etc. with which private key will user_2, user_3,.. decrypt this file.csv, which is encrypted with public-key_1? thanks in advance On Fri, May 3, 2013 at 12:38 PM, Werner Koch w...@gnupg.org wrote: On Fri, 3 May 2013 10:45, kibl...@gmail.com said: confusions. i've read and tried several times to encrypt csv files with a private-key, and to decrypt them back with public key. That is the wrong. You encrypt with the public key and you decrypt with the private key. What i now did is, i created a key-pair, have sent public-key to those, who will encrypt files. i am able to decrypt these files with my private-key. the problem is, i only can decrypt the files. You want that other are also able to decrypt the file? Then you need to encrypt the file to all of them: gpg -e -r userid_1 -r userid_2 -r userid_3 file.csv Then send file.csv.gpg to a all mentioned users and they will all be able to decrypt the file. The size of the encrypted file won't change noticeable. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Suggest please
On 05/03/2013 08:45 AM, Lema KB wrote: SNIP Werner is of course correct but since you need to do a send to userid_1, userid_2, and userid_3 you will need the public key for all three of the recipients. You need the public key for each person you want to send a public key enciphered (encrypted) file or message to. Public / Private Key Enciphering - encrypted with the other person's (or people's) public key(s). No pass-phrase is required. - can only be decrypted by the person (or people) that has the private key(s) that is associtated with public key(s) that the file or message was encrypted with. They also need to know the pass-phrase unless the pinentry program decides to supply their pass-phrase forever. Don't laugh too loud. It happened to me. I must provide my pass-phrase again now. Thank goodness! Private / Public Key signatures (used for verification) - the file or message is signed with your private key. You must use your pass-phrase when signing. This was most critical for the pinetry supplying the pass-phrase for me. You should be required to supply the pass-phrase for all signings with the only laxity being a one-time supply of pass-phrase for a batch of files. - verified with your public key with them importing it and then giving it the proper (hopefully) level of trust when they edit and lsign / sign your public key. They have known you all your life? Then your key deserves the highest level of trust no matter what you do in life. The verification is that the person is really who they claim to be. My primer reference book is PGP GPG, Email For The PRACTICAL Paranoid by Michael W. Lucas. I hope he gives another edition some time since GPG4Win has improved and simpliied a lot of things for Windows users. Disclaimer: I do NOT get a cut of the profits from the sale of the book. HHH ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Suggest please
On 05/03/13 12:58, Lema KB wrote: Hi Werner let's say, user_1 created public-private-key_1. then senders should encrypt it with public-key_1 but for all user_1, user_2, etc. with which private key will user_2, user_3,.. decrypt this file.csv, which is encrypted with public-key_1? No. user_1, user_2 and user_3 each generate their own public-private keypair. So: Receiver_1 has public_key_1 and private_key_1 Receiver_2 has public_key_2 and private_key_2 Receiver_3 has public_key_3 and private_key_3 They then all send their public keys to a fourth user, Sender (who may actually be one of the receivers, if you wish). Sender then encrypts the file using the public keys of all the Receivers. For example: gpg --recipient Receiver_1 \ --recipient Reciever_2 \ --recipient Receiver_3 \ --encrypt-file file_to_be_encrypted Each of the three recipients will then be able to decrypt the file using their own private key. HTH... ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Suggest please
or can it be solved through binding PGP with Active Directory? How do i do that, can you pls give any link? thanks in advance On Fri, May 3, 2013 at 1:58 PM, Lema KB kibl...@gmail.com wrote: Hi Werner let's say, user_1 created public-private-key_1. then senders should encrypt it with public-key_1 but for all user_1, user_2, etc. with which private key will user_2, user_3,.. decrypt this file.csv, which is encrypted with public-key_1? thanks in advance On Fri, May 3, 2013 at 12:38 PM, Werner Koch w...@gnupg.org wrote: On Fri, 3 May 2013 10:45, kibl...@gmail.com said: confusions. i've read and tried several times to encrypt csv files with a private-key, and to decrypt them back with public key. That is the wrong. You encrypt with the public key and you decrypt with the private key. What i now did is, i created a key-pair, have sent public-key to those, who will encrypt files. i am able to decrypt these files with my private-key. the problem is, i only can decrypt the files. You want that other are also able to decrypt the file? Then you need to encrypt the file to all of them: gpg -e -r userid_1 -r userid_2 -r userid_3 file.csv Then send file.csv.gpg to a all mentioned users and they will all be able to decrypt the file. The size of the encrypted file won't change noticeable. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Suggest please
It is not appropriate for us to have several public-private-keys. Can GnuPG be downloaded on a virtual machine so, that, if one user on VM generates a pair-key, this pair-key will be also the keys of other user of this VM? So they all will be able to decrypt files using one private-key..? How to set it like that, if this is possible. On Fri, May 3, 2013 at 2:09 PM, David Smith dave.sm...@st.com wrote: On 05/03/13 12:58, Lema KB wrote: Hi Werner let's say, user_1 created public-private-key_1. then senders should encrypt it with public-key_1 but for all user_1, user_2, etc. with which private key will user_2, user_3,.. decrypt this file.csv, which is encrypted with public-key_1? No. user_1, user_2 and user_3 each generate their own public-private keypair. So: Receiver_1 has public_key_1 and private_key_1 Receiver_2 has public_key_2 and private_key_2 Receiver_3 has public_key_3 and private_key_3 They then all send their public keys to a fourth user, Sender (who may actually be one of the receivers, if you wish). Sender then encrypts the file using the public keys of all the Receivers. For example: gpg --recipient Receiver_1 \ --recipient Reciever_2 \ --recipient Receiver_3 \ --encrypt-file file_to_be_encrypted Each of the three recipients will then be able to decrypt the file using their own private key. HTH... ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Suggest please
Il 03/05/2013 14:29, Lema KB ha scritto: It is not appropriate for us to have several public-private-keys. Then probably you don't need encryption at all. Or you only need symmetric encryption (same key used both for enc and dec). Can GnuPG be downloaded on a virtual machine so, that, if one user on VM generates a pair-key, this pair-key will be also the keys of other user of this VM? So they all will be able to decrypt files using one private-key..? Possible, but stupid (IMVHO). If you think VM access control is enough, then just use it and don't encrypt the file. Submission can be handled with a correct ACL (in *nix it could be rwxrwx-wx on a folder: only members of the group will be able to read the files in it, but every user can put his file there -- we used this method for lab projects). Another way can be a web form that stores an uploaded file in a private folder. PGP is not a magic bullet: he does what it's designed to do (and I think it does it quite well), but won't prevent you from using it in really insecure ways. *SECRET* keys are called that way for a reason. BYtE, Diego. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Suggest please
hi Diego We need encryption, because the files are sent via Email from other organisations. These files are then decrypted internally, that's why all/several Win-Users of us. On Fri, May 3, 2013 at 2:51 PM, NdK ndk.cla...@gmail.com wrote: Il 03/05/2013 14:29, Lema KB ha scritto: It is not appropriate for us to have several public-private-keys. Then probably you don't need encryption at all. Or you only need symmetric encryption (same key used both for enc and dec). Can GnuPG be downloaded on a virtual machine so, that, if one user on VM generates a pair-key, this pair-key will be also the keys of other user of this VM? So they all will be able to decrypt files using one private-key..? Possible, but stupid (IMVHO). If you think VM access control is enough, then just use it and don't encrypt the file. Submission can be handled with a correct ACL (in *nix it could be rwxrwx-wx on a folder: only members of the group will be able to read the files in it, but every user can put his file there -- we used this method for lab projects). Another way can be a web form that stores an uploaded file in a private folder. PGP is not a magic bullet: he does what it's designed to do (and I think it does it quite well), but won't prevent you from using it in really insecure ways. *SECRET* keys are called that way for a reason. BYtE, Diego. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Suggest please
Il 03/05/2013 14:58, Lema KB ha scritto: We need encryption, because the files are sent via Email from other organisations. These files are then decrypted internally, that's why all/several Win-Users of us. Then you could setup a (different!) machine with a mail robot that receives those mails, decrypts 'em (with its own private key, *much* better if stored on a token/smartcard) and then stores the plaintext files in the drop-box folder where users can access 'em. No user is involved with crypto, and what's sent to the mailbox magically appears in the shared folder (they don't even need to know that the decoding machine exists! It probably could be a Raspberry Pi hidden in your server room :) ). BYtE, Diego. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Suggest please
i've made this robot: it receives mail, decrypts files with my private-key, and saves them in a folder. But, someone should click on run.. This is me only. i need, that some others will be able to run it also. But it doesn't decrypt files, as the priv-key for decryption is mine. On Fri, May 3, 2013 at 3:09 PM, NdK ndk.cla...@gmail.com wrote: Il 03/05/2013 14:58, Lema KB ha scritto: We need encryption, because the files are sent via Email from other organisations. These files are then decrypted internally, that's why all/several Win-Users of us. Then you could setup a (different!) machine with a mail robot that receives those mails, decrypts 'em (with its own private key, *much* better if stored on a token/smartcard) and then stores the plaintext files in the drop-box folder where users can access 'em. No user is involved with crypto, and what's sent to the mailbox magically appears in the shared folder (they don't even need to know that the decoding machine exists! It probably could be a Raspberry Pi hidden in your server room :) ). BYtE, Diego. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Suggest please
hi Henry can a symmetric cipher be/use also public-private-keys? On Fri, May 3, 2013 at 3:44 PM, Henry Hertz Hobbit hhhob...@securemecca.net wrote: On 05/03/2013 08:45 AM, Lema KB wrote: is it possible to do it in any other way, but using also priv-pub-key? i am like stuck.. Yes, I imagine they told you to use a symmetric cipher. Here are some scripts that may help (be sure to replace my KEY NUMBER with yours and change the .txt extension to .sh and make it executable: http://www.securemecca.com/public/GnuPG/ To encrypt use the crypt.sh script (be sure to replace TWOFISH with the cipher that you prefer in the script. The decrypt script will decrypt the file but make sure you do NOT give it the .gpg extension or modify the script. Also, if all you want to do is encrypt and you are on Windows, you can use 7-Zip which has a built in AES-128 symmetric cipher: http://www.7-zip.org The source code compiles and installs easily for 'nix systems Don't feel bad about not understanding public / private key encryption at first. Even engineers with Phd degrees have problems. Only Mathematicians and Computer Scientists can handle it and even then sometimes they have problems. HHH ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Suggest please
On 05/03/13 15:02, Lema KB wrote: can a symmetric cipher be/use also public-private-keys? No. The whole point of public/private cryptography is to use asymmetric ciphers. (caveat: actually, this is an over-simplification. In reality, gpg DOES use symmetric ciphers, but in a way that makes it look like it is using asymmetric ones). ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Suggest please
On Fri, 3 May 2013 14:29, kibl...@gmail.com said: It is not appropriate for us to have several public-private-keys. Although I don't consider this a good idea: You may give a copy of the private key to all persons who need to decrypt the files. In general such a group owned private key is not a good idea but it is commonly done nevertheless. gpg --export-secret-key FINGERPRINT privatekey.gpg and gpg --import that privatekey.gpg on the machines which need to decrypt. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Suggest please
Il 03/05/2013 15:44, Lema KB ha scritto: i've made this robot: it receives mail, decrypts files with my private-key, and saves them in a folder. But, someone should click on run.. This is me only. i need, that some others will be able to run it also. But it doesn't decrypt files, as the priv-key for decryption is mine. Then just create his keypair and run it with a scheduler (like once a minute). But how to do this, is really OT here. BYtE, Diego. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Suggest please
Il 03/05/2013 14:51, NdK ha scritto: Submission can be handled with a correct ACL (in *nix it could be rwxrwx-wx on a folder: only members of the group will be able to read the files in it, but every user can put his file there -- we used this method for lab projects). Just to be more precise, the setting as described have a behaviour that could not be what one expects: 1) knowing the file name everyone can read it 2) knowing the file name, everyone can delete it You can fix 1 by setting umask (on the filesystem, if dropbox is in its own partition) so that actual file permissions are 0640 or 0660. To fix 2 you should set the sticky bit on the folder. See http://stackoverflow.com/questions/869536/linux-directory-permissions-read-write-but-not-delete Tks to DKG for pointing this out. I'll try to be more precise next time. BYtE, Diego. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Suggest please
First, a restriction on who can access folder restricted to just a group on 'nix should probably be: drwxrwx--- (chmod 770 dir - all group members can write) drwxr-x--- (chmod 750 dir - only owner can write) http://www.securemecca.com/public/ChmodTable.txt On OpenVMS you can and the military does just turn off the world permiesions leaving only SOG (System, Owner, Groupm originally it was SOGW). But OpenVMS has theirs done via a DACL. Windows has DACLs but really not for files / folders in the same way that OpenVMS / Unix / Linux do it. Unix / Linux file permission flags for the files is hard-wired (done deep within the bowels of the OS). Symmetric ciphers via GnuPG: You can use either a symmetric or public key cipher with GnuPG, but you really sort of need keys to even do symmetric ciphers via GnuPG or PGP from Symantec. This script is what I use if I want to make a file encrypted with a ymmetric cipher via GnuPG: http://www.securemecca.com/public/GnuPG (folder - I used decrypt for decrypting encrypted files) http://www.securemecca.com/public/GnuPG/ Pros: Can't think of any other than it saves all that typing. It MAY help you understand it. Maybe it will confuse you. Cons: Anybody who knows the password can decrypt it. Some times that is a positive. For top security it is a negative if the public key used to encipher a file is not yours (belongs to somebody else and you don't have the private keys). Symmetric cipher with AES-128 using 7-Zip: == You don't need keys. Just supply the password and let the other people know what the password is. on Unix / Linux you just use: this for a file: $ 7za a -p filename.7z filename and this for a directory (folder) $ 7za a -[ dirname.7z ./dirname Pros: provides symmetric encryption without keys! Blissfully dumps the UID:GID so it comes out right when root unzips it (owned by root in group root) no matter who it belonged to on the other system.. for 'nix. That is why I like it. Would love to have ClamAV source code in 7z format. It is great for sending lists of bad URLs / hosts to others since email scanner doesn't know what to do with it. Cons: Same as for GPG symmetric but no choice of CIPHER (uses AES-128) which may be unsatisfactory for some uses. Must build it yourself for 'nix. Do NOT use 7-zip for backups of system stuff or you wull have a chicken versus egg problem, encrypted or not. (APOLOGIES TO GNUPG ADVOCATES) Public / Private key implementation: In reality there is a symmetric cipher hidden down in there. GnuPG pseudo-randomly (hopefully closer to randomly than to pseudo) creates a password for the symmetrically enciphered file and encrypts the password for the symmetric cipher using the other person's (people's) public key(s) with the ElGamal or similar public-key cipher. Each recipient gets their own copy (in the past the whole thing with Thunderbird plus Enitmail). But you do NOT encrypt the whole file with the public key. You use the public key to encipher only the password used to create the symmetric cipher. The way public / private key is normally used: == On Windows, GPG4WIN supplies an Outlook look-alike called Claws Mail that just looks at the recipients when you select encrypt and magically encrypts a message that the entire list of users can decrypt as long as you have the public key for each of the recipients on your key-ring. The enigmail plugin for the mail client program called Thunderbird does much the same thing. SEE! Public key encryption doesn't have to be all that complicated! Pros: When encrypted for JoeGoodGuy in Denver with the encryption being done in Syria (war-torn) nobody but JoeGoodGuy can decipher it. Be sure to wipe the original unenciphered file(s). Wikileaks Julian Assange knew this and encrypted all of those files with a symmetriic cipher anyway so everybody could decrypt the zip of all those files some time in the future no matter how long the password was. But if the journalist had their own public / private key pair it could have been encrypted with the journalist's public key and then only the journalist could have decrypted it. Pubic key encryption is used successfully for this purpose by civil rights activists world-wide. Cons: Initial confusion on how it works. Don't feel bad because even PhD engineers may need some time to finally understand how it works (which is why I recommended that book). Don't be afraid of using OpenPGP public key encryption. It really is superior when you have two people that semi-trust each other. Spies take time to warm up to each other said one of
Re: 2.0.20 beta available
Pete Stephenson: On 5/2/2013 8:06 PM, Abel Luck wrote: Is it planned to support --delete-secret-keys? Do existing versions not support --delete-secret-keys? Oh, it must be not implemented in just 2.1 (git master). I just assumed it wasn't implemented in 2.0 either. I wonder why it was removed from 2.1. ~abel I've been using 2.0.17 and 2.0.19 on both Linux and Windows and have had no issues with --delete-secret-keys. It seems to have worked for me: I moved several secret keys over to smartcards (after making offline, secure backups, of course), deleted the secret keys from the keyring, and gnupg created the appropriate stubs pointing to the smartcard without any issues. Cheers! -Pete ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Libgcrypt (hopefully not OT)
Hi All, I am using Libgcrypt 1.5.2 with gcc v 4.5.3 on Cygwin to use the MPI functions. Can you please provide some guidance on how to handle signed and negative MPIs? I cannot seem to get a negative MPI, which is causing problems with other computations (specifically gcry_mpi_invm never returns and hangs). As an alternative, Is it possible to use the ecc functions with a custom random number generator algorithm? Thanks, Bob Cavanaugh Broadcom Corporation 16340 West Bernardo Drive San Diego CA 92127 Work:858-521-5562 Fax: 858-385-8810 Cell:858-361-2068 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Suggest please
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 05/03/2013 08:43 PM, Henry Hertz Hobbit wrote: SNIP First, I think public key encryption is apropos for what you are doing if privacy is a concern. The way you approached it without telling us you are on Windows until later on indicates privacy IS a consideration for you. Now that I know you are on Windows I am curious what you are using to automate - Visual Basic, BAT, Power Shell, or something else. I run into too many problems with their darn spaces no matter which of these three I use. It is best to just add where gpg2 and everything else lives to your PATH. Here is where it is for the latest version of GPG4Win (at least on Windows 7) %ProgramFiles%\GNU\GnuPG From my point of view object oriented scripting is strange. Scripts should be more verbal than noun oriented. If you need help in getting it going I will help but do NOT use what you would be sending to your cohorts. My public key is on the key-servers. For the long way Just go here: http://pgp.mit.edu/ Then enter my email address hhhobbit[gnat]securemecca.net Click on the top key, copy and paste it into a file and then import. Fast way is to just use PGP4Win's GUI to import the key directly from the key-servers. The first test is to send a publicly encrypted file. Then you do it for two users per Werner's statement and as you go along you will see what is appropriate for you. HHH -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQEcBAEBCAAGBQJRhGHcAAoJEMhFIk/IOUbwq/UIAKA/lpBKKbaCJVTIAq3ttgPi +dzgkGRFl3TOwlUyQutZ6AZiuIxw1uCUrCuWy+UacTRBe/qCcsJRLwlFNk6htiVt bB0YKXqUSt9lGfrLys4mMSP4EV1n5AF1aYodDPIsae7znQyKyjanx0oTP718Bniw QHPphFNuGs9XtQ9lo4wx5G7rKiOQzpWXjq6M8NBbmbMmUp+5hXRNjK/LHlHBX7Rk hTnq6vmKWLSUZDImCylEZAV7XG14XnqMDQ9URGt8uKbO+d3PH17rGgcDdltF53Hu lAMdOJQmjrMIg4TmJYZgM2KzDxcb/kcRH8tQjWUTRrVt4tY6cl+AT0BMJohJLQQ= =54Gp -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users