Re: GPG keys for multiple email accounts
On 07.07.2013, Hauke Laging wrote: Even with the default settings a 19-digits passphrase (upper and lower case ASCII letters and digits) is as hard as AES (without flaws). When you take all printable ASCII-chars as headroom, with B = entropy in bits L = length of the passphrase P = amount of possible chars (headroom) then B = (L*log P / log2) will calculate your passwords entropy in bits. Your 19-chars password accounts for 124 bits of entropy, which is nearly half of AES-256's strength (there are P^L different passwords). One assumes that in most cases, trying 50% of all possible passwords will lead to success). ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG keys for multiple email accounts
On 07/07/2013 03:42 AM, Heinz Diehl wrote: will calculate your passwords entropy in bits. Your 19-chars password accounts for 124 bits of entropy, which is nearly half of AES-256's strength (there are P^L different passwords). Not hardly. Theoretically speaking [*], AES-256 will fall to brute force after 2^255 attempts. A keyspace of 2^124 is nowhere near half of 2^255; it's not even particularly close to the square root of 2^255. Assuming you meant AES-128 instead of AES-256, it's still not very close. A 128-bit keyspace will (again theoretically) fall after 2^127 attempts. A keyspace of 2^124 is a factor of 8 less than this -- not nearly half. [*] All this handwaves, of course, the fact that breaking AES-256 by brute force is impossible given the physical constraints of the universe, and breaking AES-128 by brute force is impossible given the fact we'd like the Earth to remain a habitable planet. People who obsess over the amount of entropy in their passphrases are living in sin. Spend more time worrying about how to keep your passphrase secure, and less time worrying about whether it has 128 bits of entropy or instead only 80. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG keys for multiple email accounts
Thanks for the replies, On 7/6/13, Hauke Laging mailinglis...@hauke-laging.de wrote: That's a strange argument for several reasons. The most important being: Why should just one key be compromised if they are used on the same system? Wouldn't it make more sense to put the saved effort for creating 19 additional keys into securing the system, making it less probable that the key gets compromised? ok, I agree Even with the default settings a 19-digits passphrase (upper and lower case ASCII letters and digits) is as hard as AES (without flaws). If the passphrase is completely random then it is ridiculous to make it longer than 19 chars (unless you store it in two halves (with about 18 chars each) in different places). As Heinz Diehl pointed out, it seems not to be that simple. Additionally, with 20-40 chars I did not mean a pure random char sequence but a more memorable sequence of words (phrase), e.g. by using diceware method and the Oxford Advanced Learner's dictionary, thus, the idea to use a relatively long/up to 40 chars passphrase. My recommendation: Separate keys by email address type: a) private (one group) b) each business separate c) each organization separate Also separate the private addresses by a) security level (some may not need OpenPGP at all; some may be read via webmail others only on systems you control) b) seriousness (hauke.lag...@example.org maybe should not be grouped with superman...@rpgchat.example.net) So, following your suggestions, I (c|sh)ould do: 1.1. create one master key for signing on a save environment e.g. live CD, USB flash disk. 1.2. the expire date is set to several years and 1.3. a backup is placed on an immutable/secure media. 1.4. no user ID is added. 1.5. the passphrase is a word sequence of 40 chars length. 2.1. create sub keys for sign and encryption with an expire date of two years. 2.2. use the same passphrase for all sub keys 2.3. the passphrase has a length of 20 chars (maybe sequence of words, but nobody knows that it's not pure random). otherwise use a pure random sequence with smaller length. 2.4. add a fake UID that identifies the domain of the key (business, private organization,..); other possibility: create a UID without the '@', such as my_name__TheOrg01.org and the people who use the key know that the first '_' has to be replaced by '-' and the __ replaces the '@'. 2.5. sign those keys by the master key. 2.6. publish/hand out the public sub keys to the respective sender/recipient group of people. Does it create problems to attach a fake email address to the key (e.g. @example.com)? Problems like not being taken seriously? Would it be really that grave? If persons know and trust you, they sign your key (and you may explain, why you use a pseudonym). These persons may know other persons in person etc. So, for the NoT I think it doesn't really matter. However, people you meet for the first (and maybe only time, e.g. on a key signing party) could refuse to sign the key, since they don't know whether it's really your key that you want them to sign. -- atair ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG keys for multiple email accounts
On 07.07.2013, Robert J. Hansen wrote: A keyspace of 2^124 is nowhere near half of 2^255; it's not even particularly close to the square root of 2^255. Thanks for clarifying, you are (of course) right. Didn't think for a second before posting :-( However, I wanted to demonstrate the relationship between the length/keyspace of a password and the cryptography actually used. Or the other way 'round: why use (waste?) a lot of bits on cryptography when it's much easier to bruteforce the password itself? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG keys for multiple email accounts
Am So 07.07.2013, 09:42:59 schrieb Heinz Diehl: will calculate your passwords entropy in bits. Your 19-chars password accounts for 124 bits of entropy, which is nearly half of AES-256's strength (there are P^L different passwords). You're missing several important points: 1) AES is considered a lot stronger than AES-256 meanwhile as the latter is down to 99,5 bit. 2) GnuPG has a default setting of 65535 iterations. Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/bekannte/ OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG keys for multiple email accounts
On 07/07/2013 08:03 AM, Heinz Diehl wrote: Or the other way 'round: why use (waste?) a lot of bits on cryptography when it's much easier to bruteforce the password itself? Nobody with two brain cells to rub together is going to try brute-forcing either the crypto or your passphrase. Nobody. Let me make it really clear: anyone who would try to do this would be such a blistering moron that I don't feel the need to waste any time considering how to defend against him. Further, who cares if the number of bits in different parts of the system aren't balanced? If I want 112 bits of effective protection, and I use a passphrase with 128 bits of entropy to decrypt key material shielded with AES-256, then I haven't wasted anything at all, nor is my system imbalanced. Instead, my system has a minimum of 16 bits of safety at each step. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG keys for multiple email accounts
Am So 07.07.2013, 10:18:46 schrieb atair: So, following your suggestions, I (c|sh)ould do: 1.1. create one master key for signing on a save environment e.g. live CD, USB flash disk. The mainkey is primary for certification (this refers to key components), not really for signing (which refers to (other) data). Signing with a mainkey makes sense in certain situations though. One important example is the document with your key policy. 1.2. the expire date is set to several years I let both my mainkeys and subkeys expire after one year. You don't have to throw them away afterwards. You can simply create a new signature / certification with an expiration date later in the future. 1.4. no user ID is added. You always have one. You probably meant no second. 2.4. add a fake UID that identifies the domain of the key (business, private organization,..) I recommend to have one UID without an email address. Just your name and a comment, something like key for private addresses; secure offline mainkey. 2.5. sign those keys by the master key. That is done automatically when you add UIDs. 2.6. publish/hand out the public sub keys to the respective sender/recipient group of people. You have to publish a complete certificate. You cannot leave out the public mainkey. Without it neither the fingerprint nor the UIDs or subkeys could be verified by the importing application. The fact that you have an offline mainkey does not influence your certificate (public key) in any way (except for maybe mentioning this fact). The sending application automatically selects the subkey for encryption. OK, to tell the truth: GnuPG does that. I am not even sure whether the RfC demands that. If you want to be sure you may create the mainkey without the flag for encryption (--expert --gen-key). But this would prevent you from using the mainkey as a high security key (useful if you don't have a separate one). Does it create problems to attach a fake email address to the key (e.g. @example.com)? Problems like not being taken seriously? Would it be really that grave? If persons know and trust you, they sign your key (and you may explain, why you use a pseudonym). Pseudonyms may make sense. I don't think there is a case in which an illegal email address does. Of course, that somebody believes that you haven't understood OpenPGP does not mean that he knows more about it than you... These are rather social than technical problems. You alone have to handle them, your point of view is the relevant one. Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/bekannte/ OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Do we need / want (or already have) a mascot for OpenPGP?
Hello, for the first time in history(?) cryptography has become a subject for mainstream media. Over the last weeks my web page got a visitors increate of 600+% for the key word openpgp. That's nice but crypto still has a rather low fun factor. I don't claim that the fun factor is the decisive part of a possible success of mainstream crypto but it may make the work of some promoting people easier. And maybe we can get this without much work. Linux has its cuddly penguin, BSD its devil, openSUSE the chameleon... Whether the GNU gnu increases the fun factor is a difficult question... ;-) I guess it would be good to have something like that for OpenPGP. Something that people both like and recognize. Something that both instructors (OpenPGP courses) and private people, companies and other organizations which use it can put on their web pages in order to create awareness. I would prefer something with a strong appearance, a smiling rhino or gorilla maybe. :-) I am a total artistic black-out so I can hardly do more about that than say I would like to have it. But if it turns out that there is a broad agreement (above all among those who publicly promote crypto) that it would be nice to have something like that then we might search for talented volunteers in the community. Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/bekannte/ OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG keys for multiple email accounts
On 07.07.2013, Robert J. Hansen wrote: Nobody with two brain cells to rub together is going to try brute-forcing either the crypto or your passphrase. This very much depends on how important the encrypted information is considered to be. However, I agree that most probably no one is especially interested in *my* passphrase :-) Further, who cares if the number of bits in different parts of the system aren't balanced? For some ciphers (incl. AES), a smaller key size means faster. While this doesn't matter for a reasonably fast desktop system, it can play a role for a lot of small computers and laptops running an Atom or AMD E processor. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Win 7 64bit - 0 chance GnuPG / (Thunderbird-plugin)enigmail zu installieren ??
Hallo, Win 7 64bit - keine Chance GnuPG / (Thunderbird-plugin)enigmail zu installieren ?? I have installed Win7-64bit and Thunderbird. Have I no chance to install GnuPG / enigmail-plugin in Thunderbird? Sorry, I#m a newbie. kindly regards -- Gruß von W.Rogalinski, Berlin ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: not recognizing my passphrase after moving from XP to Win7
On 07/07/2013 03:10 AM, eMyListsDDg wrote: now i'm finding out after moving from XP to Win7 that i can't edit my keys or decrypt email test messages. the passphrases to decrypt i have aren't working from command line or my email app. during migration i copied all the files from user\apps\gnupg dir on XP to my new machine. Where do you put them on Windows 7? It is hard to see where they are at for me but I just did a dummy key create on Windows 7 and then copied all of my keys sans the random_seed file over the newly created files I cannot see it right now on Linux due to all of the shortcuts not showing up the same way with NTFS mounted RO on Linux. You didn't say what email program you are using so I assume Outlook which may or may not make a difference. is there command line opt for gpg2 to run to sync my key ring or am out of luck after moving to new machine and have to create new key pairs? I don't have extensive testing but I copied my keys from 32 bit Ubuntu to 32 bit OpenSuSE and Windows XP. I just changed the XP to Windows 7 but I am using 32 bit Windows 7. I did the same there but I do modify the random_seed file with hexedit for each key-ring which some people object to. From my point of view that is far better than just having each key-ring having the same random_seed file. But for Windows 7 I just left the newly created random_seed file in place but copied over all the other files. I have two systems with Windows 7 32 bit on both of them (should have gone with 64 bit - no such thing as PAE on Windows). I don't think you can just copy for Windows XP 32 bit to Windows 7 64 bit. Is that what you have? If it is what you have you may need to do a export / import. I can say I have had no problems with my Windows 7 32 bit but I only ran one test which was to verify a file with a detached signature file. I can do the following but I don't read email AT ALL on Windows (I get lots of malware in my email - the wannabee hackers think they can catch me off guard): 1. Encipher a file with my public key on Linux and decipher it on Windows. 2. Symmetrically encipher a file with the TWORISH cipher on Linux and decipher it on Windows. 3. Do the same as the previous two but do the ciphering on Windows and deciphering on Linux. Let me know if it would help to do that (a personal message would be fine). After that I could stand by for some tests using email by enciphering, signing and both. HHH ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: not recognizing my passphrase after moving from XP to Win7
On 7-7-2013 5:10, eMyListsDDg wrote: now i'm finding out after moving from XP to Win7 that i can't edit my keys or decrypt email test messages. Perhaps you accidentily changed the keyboard layout? Non-US versions of windows activate those pesky dead keys by default. Even Ubuntu seems to do that now :-( If your password contains chars like ' ~ ets. you may have this problem. -- Met vriendelijke groet / With kind regards, Johan Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Do we need / want (or already have) a mascot for OpenPGP?
On 07.07.2013, Hauke Laging wrote: . . . Linux has its cuddly penguin, BSD its devil, openSUSE the chameleon... Whether the GNU gnu increases the fun factor is a difficult question... ;-) I guess it would be good to have something like that for OpenPGP. Something that people both like and recognize. Something that both instructors (OpenPGP courses) and private people, companies and other organizations which use it can put on their web pages in order to create awareness. I would prefer something with a strong appearance, a smiling rhino or gorilla maybe. :-) I am a total artistic black-out so I can hardly do more about that than say I would like to have it. . . . A current movie and old TV show in the USA makes me think of, why not a masked western hero? (Not a superhero.) Like the well-known Lone Ranger, who was on the side of good against evil, on the side of law without being himself of the law, etc. He just liked his privacy and anonymity. The image might even be of the masked cowboy on an archtypal rearing horse, fun and active, exciting. I would be surprised if the Lone Ranger media franchise had a copyright on that image, they just used it like lots of western movies have probably since commercial movies were invented, including Zorro, etc. The cowboy could be gender neutral, ie not displaying any gender characteristics. :-) On the negative side, I wonder if such an image might be accused of being too activist? Also, I suppose the image would have to be carefully done so it did not look like just some bad guy. Maybe wear a big white western hat rather than a black hat? |8^) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG keys for multiple email accounts
On 07/07/2013 01:02 PM, Heinz Diehl wrote: This very much depends on how important the encrypted information is considered to be. Find me some verifiable instance of OpenPGP passphrases being brute-forced and I'll take this seriously. Until then, I will continue to treat brute-forcing as the myth I'm almost certain it is. I like to assume an attacker is at least as smart as I am. If I'm smart enough to see that brute-forcing has really bad odds of success, why would I waste time when there are so many better avenues of attack available? I need your secret key and passphrase I'd start by hiring a thousand-dollar-a-night hooker for a week and point her in your direction, with a $5,000 bonus if she's able to get your key and passphrase without you noticing. Simple, cheap and effective. I might have her plant a keylogger while she's in your bedroom. Or I might try and nab you via a carefully-prepared spearphish, or get you on a drive-by as you surf the web, or... etc., etc. It makes absolutely no sense to brute-force a passphrase when it's so easy to compromise the communication endpoint. That's where the real work lies -- not in talk about making something resistant to brute-forcing. Further, who cares if the number of bits in different parts of the system aren't balanced? For some ciphers (incl. AES), a smaller key size means faster. This is irrelevant to the discussion. If a cipher isn't fast enough for your purposes then don't choose it. It has nothing to do with whether the entropy in a system is balanced. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG keys for multiple email accounts
On Sun, 07 Jul 2013 17:19:02 -0400 Robert J. Hansen articulated: On 07/07/2013 01:02 PM, Heinz Diehl wrote: This very much depends on how important the encrypted information is considered to be. Find me some verifiable instance of OpenPGP passphrases being brute-forced and I'll take this seriously. Until then, I will continue to treat brute-forcing as the myth I'm almost certain it is. I like to assume an attacker is at least as smart as I am. If I'm smart enough to see that brute-forcing has really bad odds of success, why would I waste time when there are so many better avenues of attack available? I need your secret key and passphrase I'd start by hiring a thousand-dollar-a-night hooker for a week and point her in your direction, with a $5,000 bonus if she's able to get your key and passphrase without you noticing. Simple, cheap and effective. I might have her plant a keylogger while she's in your bedroom. Or I might try and nab you via a carefully-prepared spearphish, or get you on a drive-by as you surf the web, or... etc., etc. It makes absolutely no sense to brute-force a passphrase when it's so easy to compromise the communication endpoint. That's where the real work lies -- not in talk about making something resistant to brute-forcing. Further, who cares if the number of bits in different parts of the system aren't balanced? For some ciphers (incl. AES), a smaller key size means faster. This is irrelevant to the discussion. If a cipher isn't fast enough for your purposes then don't choose it. It has nothing to do with whether the entropy in a system is balanced. I worked for several years for a group that's specific job was to find security holes in organizations. Social Engineering is responsible for over 90% of all leaked data. All other method combined resulted in the other 10%. However, other methods such as brute force or hacking threats were easily detected as compared to the more subtle methods used in a well planned social scheme. Many users were not even aware that they had been taken and usually were to ashamed to admit they were even when it was revealed to them. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Do we need / want (or already have) a mascot for OpenPGP?
http://www.pierros.de/images/Masken_Larven_Larve_Domina_schwarz.jpg 2013/7/7 reynt0 rey...@cs.albany.edu: On 07.07.2013, Hauke Laging wrote: . . . Linux has its cuddly penguin, BSD its devil, openSUSE the chameleon... Whether the GNU gnu increases the fun factor is a difficult question... ;-) I guess it would be good to have something like that for OpenPGP. Something that people both like and recognize. Something that both instructors (OpenPGP courses) and private people, companies and other organizations which use it can put on their web pages in order to create awareness. I would prefer something with a strong appearance, a smiling rhino or gorilla maybe. :-) I am a total artistic black-out so I can hardly do more about that than say I would like to have it. . . . A current movie and old TV show in the USA makes me think of, why not a masked western hero? (Not a superhero.) Like the well-known Lone Ranger, who was on the side of good against evil, on the side of law without being himself of the law, etc. He just liked his privacy and anonymity. The image might even be of the masked cowboy on an archtypal rearing horse, fun and active, exciting. I would be surprised if the Lone Ranger media franchise had a copyright on that image, they just used it like lots of western movies have probably since commercial movies were invented, including Zorro, etc. The cowboy could be gender neutral, ie not displaying any gender characteristics. :-) On the negative side, I wonder if such an image might be accused of being too activist? Also, I suppose the image would have to be carefully done so it did not look like just some bad guy. Maybe wear a big white western hat rather than a black hat? |8^) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Do we need / want (or already have) a mascot for OpenPGP?
How about an armadillo? On Sun, Jul 07, 2013 at 11:09:20PM +0200, Randolph D. wrote: http://www.pierros.de/images/Masken_Larven_Larve_Domina_schwarz.jpg 2013/7/7 reynt0 rey...@cs.albany.edu: On 07.07.2013, Hauke Laging wrote: . . . Linux has its cuddly penguin, BSD its devil, openSUSE the chameleon... Whether the GNU gnu increases the fun factor is a difficult question... ;-) I guess it would be good to have something like that for OpenPGP. Something that people both like and recognize. Something that both instructors (OpenPGP courses) and private people, companies and other organizations which use it can put on their web pages in order to create awareness. I would prefer something with a strong appearance, a smiling rhino or gorilla maybe. :-) I am a total artistic black-out so I can hardly do more about that than say I would like to have it. . . . A current movie and old TV show in the USA makes me think of, why not a masked western hero? (Not a superhero.) Like the well-known Lone Ranger, who was on the side of good against evil, on the side of law without being himself of the law, etc. He just liked his privacy and anonymity. The image might even be of the masked cowboy on an archtypal rearing horse, fun and active, exciting. I would be surprised if the Lone Ranger media franchise had a copyright on that image, they just used it like lots of western movies have probably since commercial movies were invented, including Zorro, etc. The cowboy could be gender neutral, ie not displaying any gender characteristics. :-) On the negative side, I wonder if such an image might be accused of being too activist? Also, I suppose the image would have to be carefully done so it did not look like just some bad guy. Maybe wear a big white western hat rather than a black hat? |8^) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Do we need / want (or already have) a mascot for OpenPGP?
On Mon, Jul 08, 2013 at 10:24:27AM +1000, Fraser Tweedale wrote: How about an armadillo? Or a Masked armadillo? Wolf signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: not recognizing my passphrase after moving from XP to Win7
Hello Johan, i checked that. chars are typing correctly. i keep all passwords in a password database. i copied/pasted typed what i thought should be the correct passphrase. gpg2 returns invalid. keyboard is a new microsoft sidewinder x4 but chars/keys are mapping fine with it. appreciate your help and insight On 7-7-2013 5:10, eMyListsDDg wrote: now i'm finding out after moving from XP to Win7 that i can't edit my keys or decrypt email test messages. Perhaps you accidentily changed the keyboard layout? Non-US versions of windows activate those pesky dead keys by default. Even Ubuntu seems to do that now :-( If your password contains chars like ' ~ ets. you may have this problem. -- Bill Key fingerprint = DB4D 251B FE8A BDCD 2BE4 E889 13F1 78D0 A386 B32B ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: not recognizing my passphrase after moving from XP to Win7
Hello Henry, On 07/07/2013 03:10 AM, eMyListsDDg wrote: now i'm finding out after moving from XP to Win7 that i can't edit my keys or decrypt email test messages. the passphrases to decrypt i have aren't working from command line or my email app. during migration i copied all the files from user\apps\gnupg dir on XP to my new machine. Where do you put them on Windows 7? It is hard to see where they are at for me but I just did a dummy key create on Windows 7 and then copied all of my keys sans the random_seed file over the newly created files I cannot see it right now on Linux due to all of the shortcuts not showing up the same way with NTFS mounted RO on Linux. You didn't say what email program you are using so I assume Outlook which may or may not make a difference. i copied the 32-bit XP gnupg dir contents to this dir on Win 7-64bit from:C:\Documents and Settings\user name\Application Data\gnupg to: C:\Users\user name\AppData\Roaming\gnupg\ there is a sub-dir C:\Documents and Settings\user name\Application Data\gnupg\private-keys-v1.d that is empty. did i miss getting my priv keys copied over? nope, do not use Outlook. i use TheBat! v5.1.6.2 on my windows machine, have for years. i thought too, as you did, maybe the mailer program was the issue. but i went to commandline, encrypted a small test text file with my email key. that succeeded. but couldn't decrypt it. returns invalid key. no matter i typed in key or pasted from my main password database app. is there command line opt for gpg2 to run to sync my key ring or am out of luck after moving to new machine and have to create new key pairs? I don't have extensive testing but I copied my keys from 32 bit Ubuntu to 32 bit OpenSuSE and Windows XP. I just changed the XP to Windows 7 but I am using 32 bit Windows 7. I did the same there but I do modify the random_seed file with hexedit for each key-ring which some people object to. From my point of view that is far better than just having each key-ring having the same random_seed file. But for Windows 7 I just left the newly created random_seed file in place but copied over all the other files. I have two systems with Windows 7 32 bit on both of them (should have gone with 64 bit - no such thing as PAE on Windows). I don't think you can just copy for Windows XP 32 bit to Windows 7 64 bit. Is that what you have? If it is what you have you may need to do a export / import. I can say I have had no problems with my Windows 7 32 bit but I only ran one test which was to verify a file with a detached signature file. I can do the following but I don't read email AT ALL on Windows (I get lots of malware in my email - the wannabee hackers think they can catch me off guard): either i changed the password and forgot to update my password database or, as you mentioned, copying from 32-bit XP to 64-bit win is likely the issues. i'm scanning my backup synology host to see if i have the saved old xp dir's and (maybe?) i can do an import of them. otherwise i'll just consider this a bust and recreate new key/pairs. now that you mentioned it, as i have a few linux vm's running i could start using for email. a few of those vm's have gpg mail client support already. **edit update: after copying and importing keys to one of my linux vm's and trying numerous times to decrypt a simple text file. i found my error. it was user error as one char that i thought was a certain char wasn't. an alpha char looked like a char i was typing and it was a numerical char. gee, toss these older eyes of mine away!! if you hadn't helped with your suggestions i doubt i would have found this error. the other reply was about my keyboard. turns out, user error typo. text really small in my password database .. i'll change that! appreciate your help! 1. Encipher a file with my public key on Linux and decipher it on Windows. 2. Symmetrically encipher a file with the TWORISH cipher on Linux and decipher it on Windows. 3. Do the same as the previous two but do the ciphering on Windows and deciphering on Linux. Let me know if it would help to do that (a personal message would be fine). After that I could stand by for some tests using email by enciphering, signing and both. that may help and appreciate the offer. let me see if i can find the old backed up dir and see if gnupg will import that HHH ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Bill Key fingerprint = DB4D 251B FE8A BDCD 2BE4 E889 13F1 78D0 A386 B32B ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Do we need / want (or already have) a mascot for OpenPGP?
On 07/08/2013 01:07 AM, Werewolf wrote: On Mon, Jul 08, 2013 at 10:24:27AM +1000, Fraser Tweedale wrote: How about an armadillo? Or a Masked armadillo? There is no such critter. There are naked-tailed, long-nosed, and hairy Armadillos but no Masked Armadillo. There is even a Pink Fairy Armadillo (one of the rarer species of Armadillo). What most people think of when you say Armadillo is the nine- banded Armadillo which is Texas' small state animal which has the widest range. GnuPG already has an icon / emblem which you can see on the GnuPG page which is a padlock with a wing on it. I was one of those privileged to be able to vote on the cempeting designs. I am sorry you missed out. But I think the standard GNU mascot applies not only to GnuPG but to all of the GNU projects such as gcc, g++, EMACS, et al: http://en.wikipedia.org/wiki/GNU Until Werner, Richard Stallman and the other GNU people announce a competition for a GnuPG mascot or say otherwise, the GNU is the official GnuPG mascot. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Do we need / want (or already have) a mascot for OpenPGP?
Am Mo 08.07.2013, 04:30:32 schrieb Henry Hertz Hobbit: Until Werner, Richard Stallman and the other GNU people announce a competition for a GnuPG mascot or say otherwise, the GNU is the official GnuPG mascot. I didn't write mascot for GnuPG. I don't want people, companies and other organizations to say We use GnuPG (though it may be appreciated if they do) but I want them to say We support OpenPGP. So that's not really the same. Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/bekannte/ OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: Do we need / want (or already have) a mascot for OpenPGP?
How about a lemur? They have masked varieties (and they are cute). Raccoon also comes to mind... Thanks, Bob Cavanaugh Broadcom Corporation 16340 West Bernardo Drive San Diego CA 92127 Work:858-521-5562 Fax: 858-385-8810 Cell:858-361-2068 -Original Message- From: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of Henry Hertz Hobbit Sent: Sunday, July 07, 2013 9:31 PM To: gnupg-users@gnupg.org Subject: Re: Do we need / want (or already have) a mascot for OpenPGP? On 07/08/2013 01:07 AM, Werewolf wrote: On Mon, Jul 08, 2013 at 10:24:27AM +1000, Fraser Tweedale wrote: How about an armadillo? Or a Masked armadillo? There is no such critter. There are naked-tailed, long-nosed, and hairy Armadillos but no Masked Armadillo. There is even a Pink Fairy Armadillo (one of the rarer species of Armadillo). What most people think of when you say Armadillo is the nine- banded Armadillo which is Texas' small state animal which has the widest range. GnuPG already has an icon / emblem which you can see on the GnuPG page which is a padlock with a wing on it. I was one of those privileged to be able to vote on the cempeting designs. I am sorry you missed out. But I think the standard GNU mascot applies not only to GnuPG but to all of the GNU projects such as gcc, g++, EMACS, et al: http://en.wikipedia.org/wiki/GNU Until Werner, Richard Stallman and the other GNU people announce a competition for a GnuPG mascot or say otherwise, the GNU is the official GnuPG mascot. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users