Re: How to use a the same generated keypair on enigmail/thunderbird and iOS Mail

[mark M]

But these are all paid apps are there any open source or free apps to do PGP on 
iOS


From: Gnupg-users  on behalf of Lukas Pitschl | 
GPGTools 
Sent: Tuesday, July 25, 2017 12:42:47 PM
To: E.Keen
Cc: gnupg-users@gnupg.org
Subject: Re: How to use a the same generated keypair on enigmail/thunderbird 
and iOS Mail

Since its release, Canary Mail is probably your best option, since it support 
OpenPGP out-of-the-box.
If you rather prefer to keep using iOS Mail, you’ll have to resort to the much 
less than user friendly options oPenGP and iPGMail (as others have mentioned). 
They work, but the user experience is really not pleasant if you receive a lot 
of encrypted messages. Also I don’t think they support verification of PGP/MIME 
messages (due to restrictions imposed by iOS).

Best,

Lukas
GPGTools

> Am 14.07.2017 um 20:48 schrieb E.Keen :
>
>
>
> Dear community,
>
> I am very passionate about cyber security and working against mass
> surveillance. I therefore try to stay informed about security
> measurements and encryption.
>
> Nevertheless, I do have a problem which I cannot solve by myself.
>
> I generated a keypair using enigmail on thunderbird for this email address.
> Now, I'd like to use the same address with the same encryption keys on
> an iOS device.
> However, I don't know how to transfer the private key securely without
> anyone else being able to obtain it.
> Someone informed me that there might be a possibility to type in the
> private key manually.
>
> I 'd appreciate any help or further information you might give me.
>
> Thank you very much.
>
> Kind Regards,
>
> E.Keen
>
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

gpg-agent cache keygrip

[Mario Figueiredo]

Hello everyone,

I've been trying to understand gpg-agent cache behavior in the presence
of two distinct keys with the same passphrase. Namely, why is that it
only asks for the passphrase once, regardless of the key being used?

So I've read the Assuan protocol documentation at (1), in particular
the text in the linked page and the descriptions for PRESET_PASSPHRASE
and GET_PASSPHRASE. But it isn't getting me any closer to understand
this behavior, because from my own interpretation, it enters into
contradiction with what I am experiencing.

I would normally expect the gpg-agent cache to operate on a per-key
basis, regardless of passphrase. And this is precisely what the
description for the keygrip on the Assuan protocol seems to indicate.
However, that is not what happens and gpg-agent seems to ignore the key
being used and instead reuse the previously used passphrase from
another key, which just happens to be the same passphrase for the new
key.

Is this a bug, or expected behavior? And if the latter, what is the
rationale for it? Since it seems to only worsen an already weak
decision security-wise, which is to choose the same passphrase for two
distinct keys. 

 (1)
https://www.gnupg.org/documentation/manuals/gnupg/Agent-Protocol.html#Agent-Protocol

-- 
Sinceramente / Best regards,

Mário J.G.P. Figueiredo
Luanda, Angola
(email) mar...@gmx.com (alt) kru...@openmailbox.org
(phone) +244 934 535 121


pgpr4BJE5tsws.pgp
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to use a the same generated keypair on enigmail/thunderbird and iOS Mail

[Lukas Pitschl | GPGTools]

Since its release, Canary Mail is probably your best option, since it support 
OpenPGP out-of-the-box.
If you rather prefer to keep using iOS Mail, you’ll have to resort to the much 
less than user friendly options oPenGP and iPGMail (as others have mentioned). 
They work, but the user experience is really not pleasant if you receive a lot 
of encrypted messages. Also I don’t think they support verification of PGP/MIME 
messages (due to restrictions imposed by iOS). 

Best,

Lukas
GPGTools

> Am 14.07.2017 um 20:48 schrieb E.Keen :
> 
> 
> 
> Dear community,
> 
> I am very passionate about cyber security and working against mass
> surveillance. I therefore try to stay informed about security
> measurements and encryption.
> 
> Nevertheless, I do have a problem which I cannot solve by myself.
> 
> I generated a keypair using enigmail on thunderbird for this email address.
> Now, I'd like to use the same address with the same encryption keys on
> an iOS device.
> However, I don't know how to transfer the private key securely without
> anyone else being able to obtain it.
> Someone informed me that there might be a possibility to type in the
> private key manually.
> 
> I 'd appreciate any help or further information you might give me.
> 
> Thank you very much.
> 
> Kind Regards,
> 
> E.Keen
> 
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to use a the same generated keypair on enigmail/thunderbird and iOS Mail

[Andreas Heinlein]

Am 25.07.2017 um 20:34 schrieb Robert J. Hansen:
>> I would think you could transfer the private key file to the moblle
>> device by bluetooth, or by using a USB cable, or by email. So long as
>> the private key is protected by a decent passphrase, anybody else
>> getting a copy of the file should be of no consequence.
> This is correct.
>
> I've often volunteered to publish my private key in the _New York
> Times_, if someone will just pay for the listing.  With a strong
> passphrase, private keys are pretty darn safe against casual snooping.

I still would not recommend that to non-technical people. While the
users on this list probably know what a 'decent' passphrase is, most
normal users don't. They tend to choose passwords which are too short,
contain dictionary words - or they are written down right under the
keyboard... Having a second line of defense, i.e. keeping the private
key secure, is usually a good idea. That's the whole point of the
OpenPGP smartcard, after all.

Andreas



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to use a the same generated keypair on enigmail/thunderbird and iOS Mail

[Robert J. Hansen]

> I would think you could transfer the private key file to the moblle
> device by bluetooth, or by using a USB cable, or by email. So long as
> the private key is protected by a decent passphrase, anybody else
> getting a copy of the file should be of no consequence.

This is correct.

I've often volunteered to publish my private key in the _New York
Times_, if someone will just pay for the listing.  With a strong
passphrase, private keys are pretty darn safe against casual snooping.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to use a the same generated keypair on enigmail/thunderbird and iOS Mail

[MFPA]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



On Friday 14 July 2017 at 7:48:59 PM, in
, E.Keen wrote:-


> However, I don't know how to transfer the private key
> securely without
> anyone else being able to obtain it.

I would think you could transfer the private key file to the moblle
device by bluetooth, or by using a USB cable, or by email. So long as
the private key is protected by a decent passphrase, anybody else
getting a copy of the file should be of no consequence.

- --
Best regards

MFPA  

Amateurs built the ark. Professionals built the Titanic.
-BEGIN PGP SIGNATURE-

iNUEARYKAH0WIQQzrO1O6RNO695qhQYXErxGGvd45AUCWXeK2V8UgAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNB
Q0VENEVFOTEzNEVFQkRFNkE4NTA2MTcxMkJDNDYxQUY3NzhFNAAKCRAXErxGGvd4
5BPrAQCGoFfJn5IQnG5aaj0EFLPTNDF8jF4ADdVhbl5A7hIijAEA48UASqwS2rDC
MlYkdmU0O0nRASVVsTdkHFmTVDObqQiJAZMEAQEKAH0WIQSzrn7KmoyLMCaloPVr
fHTOsx8l8AUCWXeK2V8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0QjNBRTdFQ0E5QThDOEIzMDI2QTVBMEY1NkI3
Qzc0Q0VCMzFGMjVGMAAKCRBrfHTOsx8l8PbJCACypL9BLEGvqxMEqv1FxxnM0JWU
xbZ4iDrn9Rt88siRvgq3QwNwdeAEYdFHMEHa4uaXdg0RrhVVKZMbUx3y938kNwfZ
ZbFwUsYHKYF60cnhxZ/m5qQzMRsUMIzRvc2CDeWd2OtXIs2lbNh01SZk6bu0zoXO
oSTdJ0LN1Thy2fCjyBrP/nrC73F7z68JG757jjmu4EFsf3d4xeoJjNpiWk1ei6QQ
nir2wp7TeCUeJKxPKCk6CyPNpqznZ+pB2da71uZzh/q2gE0jSsBmEfDaE2AnegeA
39osnm4fYjefT4aXqiefKhfIp9Y0Vhm6eFyvhfgp8IAUei0npeyWw7FibtLE
=dfyc
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Operation not supported by device

[Stefan Claas]

On Tue, 25 Jul 2017 08:04:40 +0200, Werner Koch wrote:
> On Mon, 24 Jul 2017 16:27, stefan.cl...@posteo.de said:
> 
> > macOS, i get the following message:  
> 
> Please do
> 
>   gpg --version
> 
>   gpg -v --clearsign loremipsum.txt
> 
> and show us the full output.
> 
> 
> Salam-Shalom,
> 
>Werner
> 

O.k. here we go:

$ gpg --version
gpg (GnuPG) 2.1.21
libgcrypt 1.7.8
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /Users/XXX/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

$ gpg -v --clearsign loremipsum.txt
gpg: no running gpg-agent - starting '/usr/local/gnupg-2.1/bin/gpg-agent'
gpg: waiting for the agent to come up ... (5s)
gpg: connection to agent established
gpg: selecting openpgp failed: Operation not supported by device
gpg: using "2BAF85F9281ABD543823C7C5981EB7C382EC52B4" as default secret key for 
signing
gpg: writing to 'loremipsum.txt.asc'
gpg: pinentry launched (787 unknown 0.9.4 ? ? ?)
gpg: RSA/SHA256 signature from: "981EB7C382EC52B4 Stefan Claas 
"

GnuPG downloaded from here:

https://sourceforge.net/p/gpgosx/docu/Download/

Regards
Stefan


pgpDfwGvYzmEj.pgp
Description: Digitale Signatur von OpenPGP
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Key corruption: duplicate signatures and usage flags

[Werner Koch]

On Fri, 23 Jun 2017 10:02, madd...@madduck.net said:

> Are you saying that gnupg 2.1.18 added the self-signature in the
> wrong place?

There is no right or wrong place.  gpg uses the latest valid
self-signature according to the timestamp in the self-signature.  Use
--with-colons to see the full timestamps (cf. doc/DETAILS).

Probably unrelated: --list-keys does not check the key signatures; you
need to use --check-sigs.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpmMHrTNX9Bv.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

gpg2 decryption issues

[Jerry Flowers]

Presently on below version.
gpg (GnuPG) 2.0.22
libgcrypt 1.5.3

I've sent vendor public key and received files back encrypted with our key.
I can decrypt file when using the pinentry and manually enter passphrase.
I've tried several variation of command in batch mode but all give error
gpg: public key decryption failed: Bad passphrase
gpg: decryption failed: No secret key


gpg2 -v --batch --yes --no-tty --passphrase-file <(echo testpp) -o tempain24 -d 
PAIN.024.pgp

cat /export/home/applmgr/testpp | gpg2 --batch --passphrase-fd 0 --armor 
--decrypt /export/home/applmgr/PAIN.024.pgp

echo  | gpg2 --batch --passphrase-fd 0 --armor --decrypt 
/export/home/applmgr/PAIN.024.pgp

Thanks
jerry
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Operation not supported by device

[Werner Koch]

On Mon, 24 Jul 2017 16:27, stefan.cl...@posteo.de said:

> macOS, i get the following message:

Please do

  gpg --version

  gpg -v --clearsign loremipsum.txt

and show us the full output.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgp0S8FuVjLGY.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users