Re: Forward gpg-agent to container
On Tue, Jun 05, 2018 at 05:17:10PM -0400, Phil Pennock wrote: > > Shell 1: > $ docker-machine ssh default -R > /var/run/pdp.gnupg:$HOME/.gnupg/S.gpg-agent.extra > [ leave this window open, this is your login on the VM; when this > closes, you stop forwarding GnuPG's socket ] A suggestion: for those parts of this which need to be kept open, like this one, I recommend using autossh in place of ssh. That way even if the link is flakey and drops out, it'll reconnect for you. Regards, Ben signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
EFAIL countermeasure recommendations on your site
Hello GNUPG mailing list, Would it be possible for you to make recommendations about how to respond to the EFAIL vulnerability on your site? I see that you link to emailselfdefense.org, which encourages users to use the latest version of enigmail. However I see that there are mentions of enigmail here: https://www.gnupg.org/software/swlist.html https://www.gnupg.org/howtos/en/GPGMiniHowto-6.html https://www.gnupg.org/faq/gnupg-faq.html https://www.gnupg.org/faq/gnupg-faq.txt https://wiki.gnupg.org/EMailClients https://wiki.gnupg.org/E-Mail%20Format%20Preferences Would you please consider adding comments about using the latest version on these pages, for the sake of user security? Thanks, :) Andrew signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How in Windows batch script generate Unattended key? option --batch
Hi, On Thursday 7 June 2018 15:49:40 CEST Piotr Przeklasa wrote: > How in Windows batch script generate Unattended key? option --batch The new "quick-gen-key" command is more conveniant then the old batch gen key mechanism. E.g. to create a key without passphrase for "f...@bar.baz" you can run: gpg --yes --pinentry-mode loopback --passphrase '' --quick-gen-key f...@bar.baz Best Regards, Andre -- Andre Heinecke | ++49-541-335083-262 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Backchannels via OCSP and CRL in S/MIME (Was: efail is imho only a html rendering bug)
Am 06.06.2018 um 20:19 schrieb Werner Koch: > Thanks for responding. However, my question was related to the claims > in the paper about using CRL and OCSP as back channels. This created the > impression that, for example, the certificates included in an encrypted > CMS object could be modified in a way that, say, the DP could be change > in the same was a a HTML img tag or to confuse the MIME parser. Table 5 shows that CRL and OCSP work as a backchannel in some clients, see I_1, I_2, I_3 in the PKI column. It is unclear if they can be used to exfiltrate plaintext in reality because changing them should break the signature. The caIssuer field (intermediate certificates) seems more appropriate for plaintext exfiltration. See the discussion in section 6.2. Note that we didn't analyze X.509v3 extensions for further backchannels. Again, whether CRL/OCSP/caIssuer can or cannot be used for plaintext exfiltration doesn't affect the overall security of S/MIME much. The central flaw remains malleable encryption. Best, Sebastian ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
How in Windows batch script generate Unattended key? option --batch
How in Windows batch script generate Unattended key? option --batch Please help me ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
better passphrase hashing with gnupg?
Hey. I have the following scenario: I'd like to archive private data to e.g. some cloud storage for backup reasons. Basically I'd see two ways to move on from here: 1) Put the data in on or more disk images which are encrypted with dm- crypt/LUKS (e.g. using aes-xts-plain64) 2) Put the data in one or more tar or dar archive files, which I think is a bit more flexible. With (2) I'd guess gnupg would be the tool of choice (or is there anything else well-maintained?) and using e.g. AES256 should provide adequate security. In both cases, I'd want to put the actual key alongside the archive (i.e. also backing it up the the remote storage, as I'd be screwed it I loose the key when I just store it locally). For both (LUKS/OpenPGP), the actual symmetric key is anyway alongside the image/archive encrypted by some passphrase (respectively the pubkey, in case of asymmetric encryption with gpg). Now here's the question/problem: - LUKS/cryptsetup, at least in it's more recent version already support Argon2 and even for the older version there was a noticeable effect when increasing the hashing iterations (like taking several minutes for cryptsetup to actually "open" the device). For gpg there is --s2k-* especially --s2k-count, but even when setting this to the max value of 65011712... passphrase hashing seems super fast. I'd be totally happy if a single passphrase try (for an attacker) takes like 10 minutes (just to be on the safe side)... but that doesn't seem possible with OpenPGP/gpg right now? What would you guys suggest in my scenario? Is there a way to chain Argon2 with current gpg versions (not having to wait until this gets integrated in a new RFC in some future)? Thanks, Chris. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [NIIBE Yutaka] STM32F103 flash ROM read-out service
Il 07/06/2018 02:01, Leo Gaspard via Gnupg-users ha scritto: >> The only secure (even against decapping attacks) device I know of is a >> very old parallel-port "key" a friend described me ~25y ago. >> It was made of 3 silicon layers: the outer ones only contained interface >> circuits and 'randomness' while the keys and the logic were in the >> central layer. Trying to remove the outer layers destroyed the random >> patterns that were used as 'internal master key', rendering the rest >> completely useless. > Some people do reverse-engineering based on photons emitted by > transistors switching. These would get through this shielding. > Unfortunately, I can't find again the link to the conference talk where > I heard people explaining they did that… sorry. I think I've seen it. But IIRC it does not work with such a big slice (whole depth of the silicon slice, ~200micron IIRC). But now that you made me think about it, I remember I've seen another article where the attack was carried out from "behind" the chip. > Another kind of attack would be EM pulses / lasers for error-ing a > crypto computation, that would get through this shielding too. Fault-injection. But for cheap chips it's probably way easier to "just" use FIB (or a laser) to change the state of the protection fluses (usually just normal flash cells) then read the whole contents. > There are defenses against these attacks (well, for the > transistors-emitting-photons attack I'm not really sure), that are > deployed in secure elements. Attacks like this are tested by CC/EAL > evaluation laboratories. Hope so :) But I stay cautious when trusting certification. See the ROCA vulnerability in Infineon "secure" (smartcard) chips. > All that to say: hardware security, to me, is a way to increase the cost > of the attacker to perform an attack. All devices are eventually > vulnerable, given the right price, the point is to make attack more > costly than the benefit from breaking the card and/or than finding a way > around the card. (I'm not going to extend this point to software > security, but I'd think it most likely holds there too) Then, instead of "this chip is secure" they should just say "this chip can be cracked spending X in equipement (una tantum) and Y for every chip"... Marketing would never allow that :) > Oh, and also to say: choosing between a non-secure-element open-source > token and a secure-element NDA-ed-and-thus-non-open-source token is not > an obvious choice. As always it depends on the attack scenario. GnuK IIUC targets all those users who think a targeted attack is quite improbable or that rubber-hose cryptanalysis is end of game. If I know that extracting my key from the token costs $500, then I can choose what to do. But with a non-secure and open chip it's easier to estimate that cost (being easier and cheaper, it's more probable it gets used in universities by security students for their first attacks, usually the most fantasious ones). Quite surely it will be lower than the cost of attacking a secure chip, but probably by not that much. BYtE, Diego ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
[no subject]
http://score.sacredpath4vitality.com Mark Drew ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpgsm 2 valid certificates
You can set a default certificate in gpgsm.conf,which will be used, when no cert is specified by the calling Software. Thunderbird should ask you, at least once, which Cert should be used, I think. Am 7. Juni 2018 10:48:14 MESZ schrieb Uwe Brauer : >Hi > >I now posses 2 valid X509 certifcates for the same email address. In >thunderbird I can import them both and select which I want to use. > >I hesitate to import the second one to gpgsm since it is not clear to >me >which will then be chosen by gnus/emacs/epa. > >I will also ask in the emacs mailing list > >Thanks > >Uwe Brauer > >___ >Gnupg-users mailing list >Gnupg-users@gnupg.org >http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpgsm 2 valid certificates
Hi I now posses 2 valid X509 certifcates for the same email address. In thunderbird I can import them both and select which I want to use. I hesitate to import the second one to gpgsm since it is not clear to me which will then be chosen by gnus/emacs/epa. I will also ask in the emacs mailing list Thanks Uwe Brauer ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users