Re: GPG on Android
Hello All! Thank you very much for your answers. I'll try to sort things out and test the suggested android apps. If there are any questions left, I'll come back to you guys. best Masha ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG on Android
Hello Masha, as you are new to this whole topic, I guess the easiest way to use encrypted mail (either GPG and/or S/MIME) on a Android device would be the app "MailDroid". It comes in a free version[1] (with advertisings) and in a "pro" version[2] (without advertisings) and supports both GPG and S/MIME. MailDroid also supports POP and IMAP, and works fine with Googlemail. You need to install the additional Flipdog CryptoPlugin[3] on your device, where you import and manage the keys. You have to create the keys for example on a desktop computer and import it to your android device and into the CryptoPlugin. I use MailDroid since several years without any problems, and can fully recommend it for beginners. There is also a app named "K-9 Mail"[4], which supports GPG (but not S/MIME). As far I know you also need several additional software for K-9 Mail. In my eyes its not really recommendable for beginners. I tried it years ago and found it a bit complicated to use for myself. But thats a personal opinion. The best would be to try both, MailDroid and K-9 Mail and then make your personal choice. If you need help with MailDroid you can contact me. For K-9 Mail I am sure that here are also some people who can help you with it. best regards Juergen [1] https://play.google.com/store/apps/details?id=com.maildroid [2] https://play.google.com/store/apps/details?id=com.maildroid.pro [3] https://play.google.com/store/apps/details?id=com.flipdog.crypto.plugin [4] https://play.google.com/store/apps/details?id=com.fsck.k9 Am 03.11.18 um 17:04 schrieb Yagthara Aghhay-Boor: > Hello Group, > > I'm very new to GPG and email encryption and looking for a app to use gpg > and signed email on my android devices. > Can you recommend me a email app to use with pgp on Android? > > best > Masha > > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- Juergen M. Bruckner juer...@bruckner.tk smime.p7s Description: S/MIME Cryptographic Signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG on Android
OpenKeychain plus K9, both free and fully featured. On November 3, 2018 12:04:45 PM EDT, Yagthara Aghhay-Boor wrote: >Hello Group, > >I'm very new to GPG and email encryption and looking for a app to use >gpg >and signed email on my android devices. >Can you recommend me a email app to use with pgp on Android? > >best >Masha -- Sent from my Android device with K-9 Mail. Please excuse my brevity.___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG on Android
On 03.11.2018 17:04, Yagthara Aghhay-Boor wrote: > Hello Group, > > I'm very new to GPG and email encryption and looking for a app to use > gpg and signed email on my android devices. > Can you recommend me a email app to use with pgp on Android? Hi, I recommend using OpenKeychain [0] with K9-Mail. I'm using this combo for a long time and never had any real problems. OpenKeychain also supports hardware OpenPGP tokens [1], this makes the key setup *very* easy on a new phone (not to mention that Termbot can be added to the mix to login to remote server via SSH keys derived from OpenPGP Authentication keys). Kind regards, Wiktor [0]: https://www.openkeychain.org/ [1]: https://github.com/open-keychain/open-keychain/wiki/Security-Tokens -- https://metacode.biz/@wiktor ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GPG on Android
Hello Group, I'm very new to GPG and email encryption and looking for a app to use gpg and signed email on my android devices. Can you recommend me a email app to use with pgp on Android? best Masha ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GPG on Android
Hello Group, I'm very new to GPG and email encryption and looking for a app to use gpg and signed email on my android devices. Can you recommend me a email app to use with pgp on Android? best Masha ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Slightly OT - i need the proper wording for a signed document
Am 03.11.18 um 17:30 schrieb Juergen BRUCKNER: Hello Stefan, Hello all, of course it is possible, that several people sign (and/or timestamp) a document. Just a example out of my business: There is a contract to be signd by mor than 2 persons or parties. So i make a document of it - for example a pdf file (which is recommended) - and send it to the next person who has to sign it, this person signs and send it to another person for signing ... and so on. As long the document is not edited all signatures stay intact and valid. This is necessary, as otherwise there never could be signed a contract between 2 parties. Hi Jürgen, thanks for confirming and your explanation. I must admit that this is all new to me. I think this may be also a good thing if it would be accepted by the PGP community, say if someone lost his/her GnuPG revocation certificate and passphrase for his/her secret key that one could sign a document too containing the key data etc., like i proposed with my intial posting. Regards Stefan smime.p7s Description: S/MIME Cryptographic Signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encrypting 27 TB RMAN Backup with GPG
On 22.10.2018, Satendra Tiwari wrote: > In this case, we want to use GPG to encrypt Oracle backup. We have two > databases of 17 TB and 7 TB they compress to 2.6 TB and 1.3 TB > respectively. > What would be the best way to encrypt our backup and how long would it take? I would create a LUKS/cryptsetup container or partition. Using rotational storage, you will have the same copy speed as the underlying unencrypted device. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Slightly OT - i need the proper wording for a signed document
Hello Stefan, Hello all, of course it is possible, that several people sign (and/or timestamp) a document. Just a example out of my business: There is a contract to be signd by mor than 2 persons or parties. So i make a document of it - for example a pdf file (which is recommended) - and send it to the next person who has to sign it, this person signs and send it to another person for signing ... and so on. As long the document is not edited all signatures stay intact and valid. This is necessary, as otherwise there never could be signed a contract between 2 parties. regards Juergen Am 03.11.18 um 17:21 schrieb Stefan Claas: > On Sat, 3 Nov 2018 10:43:49 +0100, Stefan Claas wrote: >> On Fri, 2 Nov 2018 15:42:40 +0100, Stefan Claas wrote: > >>> I strongly assume that it is also possible that someone >>> else can sign my .pdf too with a qualified signature and >>> this will also not invalidate my qualified signature, unless >>> of course someone would *edit* my document. >> >> Just did a test with an older .pdf, which was signed with my >> non-qualified D-Trust certificate and time stamped with >> freetsa. Now i signed it again with my qualified D-Trust certificate >> and time stamped again. >> >> Works perfect! :-) > > Small update: A Usenet friend just signed my .pdf too, with his > qualified D-Trust certificate and it works like expected. :-) > > Regards > Stefan > > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- Juergen M. Bruckner juer...@bruckner.tk smime.p7s Description: S/MIME Cryptographic Signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Slightly OT - i need the proper wording for a signed document
On Sat, 3 Nov 2018 10:43:49 +0100, Stefan Claas wrote: > On Fri, 2 Nov 2018 15:42:40 +0100, Stefan Claas wrote: > > I strongly assume that it is also possible that someone > > else can sign my .pdf too with a qualified signature and > > this will also not invalidate my qualified signature, unless > > of course someone would *edit* my document. > > Just did a test with an older .pdf, which was signed with my > non-qualified D-Trust certificate and time stamped with > freetsa. Now i signed it again with my qualified D-Trust certificate > and time stamped again. > > Works perfect! :-) Small update: A Usenet friend just signed my .pdf too, with his qualified D-Trust certificate and it works like expected. :-) Regards Stefan -- https://www.behance.net/futagoza https://keybase.io/stefan_claas pgp4TLF9VtqkL.pgp Description: Digitale Signatur von OpenPGP ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Slightly OT - i need the proper wording for a signed document
Hello Wiktor. Am Freitag, den 02.11.2018, 17:17 +0100 schrieb Wiktor Kwapisiewicz: > On 02.11.2018 15:35, Dirk Gottschalk wrote: > > I prefer GPG. And no, GPG does not lack timestamping, a timestamp > > is > > included in every signature. > Signature creation date is not the same as timestamping. As for why > you may consider the problem of validating signatures made by revoked > keys. Without timestamping this kind of signature is inherently > insecure (as the compromised key could be used by the attacker to > created a backdated signature). Yeah, I see what you mean. Right, that was out oif my sight. > For example Authenticode uses timestamping [0] so that old signatures > can still be considered valid even when the key expires or is revoked > later. > Adding something comparable to OpenPGP was discussed [1] on OpenPGP > ML recently and previously [2]. Thanks for the information. Regards, Dirk -- Dirk Gottschalk Paulusstrasse 6-8 52064 Aachen, Germany GPG: DDCB AF8E 0132 AA54 20AB B864 4081 0B18 1ED8 E838 Keybase.io: https://keybase.io/dgottschalk GitHub: https://github.com/Dirk1980ac signature.asc Description: This is a digitally signed message part ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Slightly OT - i need the proper wording for a signed document
Hello Juegen. Am Freitag, den 02.11.2018, 18:27 +0100 schrieb Juergen BRUCKNER: > Hello Dirk, > Am 02.11.18 um 15:20 schrieb Dirk Gottschalk via Gnupg-users: > > You mean, you "tampered" with the file and the signature is still > > valid? Are you sure? Then Adome does sometging really bad, IMHO. > > > > Such a signature should ensure that the file is unmodified > > completely. > > otherwise somebody can modify it in a way that could be used as a > > backdoor to the signature, at least in theory. > That is correct, that a signature is valid if there is added a > timestamp > AFTER sign the document. Very simplified it uses the same method for > timestamping as for signing, and it is a kind of 2nd signature on the > same document. the document is NOT altered or manipulated. Okay, you're right. When I sign AND timestamp a Document with LibreOffice, then I'am asked 2 times for my Card-Pin. Seems like the document is signed first an then the Timestamp. I never gave attention to this, but your explaination seems to clear up with this phenomenom. Regards. Dirk -- Dirk Gottschalk Paulusstrasse 6-8 52064 Aachen, Germany GPG: DDCB AF8E 0132 AA54 20AB B864 4081 0B18 1ED8 E838 Keybase.io: https://keybase.io/dgottschalk GitHub: https://github.com/Dirk1980ac signature.asc Description: This is a digitally signed message part ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Slightly OT - i need the proper wording for a signed document
On Fri, 2 Nov 2018 15:42:40 +0100, Stefan Claas wrote: > Am 02.11.18 um 15:20 schrieb Dirk Gottschalk: > > Hello Stefan. > > > > Am Freitag, den 02.11.2018, 12:53 +0100 schrieb Stefan Claas: > >> Hi Wiktor, > >> > >> thanks a lot! Now this is awesome... i just timestamped my already > >> signed .pdf with Adobe Reader DC and this does not invalidate my > >> qualified signature, when saving the document again! :-) I must > >> admit i did not know this. > > You mean, you "tampered" with the file and the signature is still > > valid? Are you sure? Then Adome does sometging really bad, IMHO. > > > > Such a signature should ensure that the file is unmodified > > completely. otherwise somebody can modify it in a way that could be > > used as a backdoor to the signature, at least in theory. > Hi Dirk, > > i did not tampered with the file, i simply used the function > in Adobe Reader DC to let it *add* a time stamp to my > document and then saved it again. > > I strongly assume that it is also possible that someone > else can sign my .pdf too with a qualified signature and > this will also not invalidate my qualified signature, unless > of course someone would *edit* my document. Just did a test with an older .pdf, which was signed with my non-qualified D-Trust certificate and time stamped with freetsa. Now i signed it again with my qualified D-Trust certificate and time stamped again. Works perfect! :-) Regards Stefan -- https://www.behance.net/futagoza https://keybase.io/stefan_claas pgpC5EYpjeX6_.pgp Description: Digitale Signatur von OpenPGP ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [openssl-users] OpenSSL vs GPG for encrypting files? Security best practices?
Try openssl cms ( as newer alternative to s/mime) пт, 2 нояб. 2018 г. в 23:30, Nicholas Papadonis : > > Security Experts, > > I'm considering encrypting a tar archive and optionally a block file system > (via FUSE) using either utility. Does anyone have comments on the best > practices and tools for either? > > I read that the OpenSSL AES-CBC CLI mode is prone to a malleable attack > vector and it's CLI interface should not be use directly for production. I > have also read that GPG is the suggested alternative to OpenSSL CLI due to > this. I have followed through with the OpenSSL CLI AES tests and am curious > where the malleable attack is (in the pipe?). I am also curious to why GPG, > which is an asymmetric key manager, is used for file based encryption when > only a single key is required. How does GPG solve this malleable attack > vector. > > A security expert's guidance here is much appreciated. > > Thank you, > Nicholas > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- Segmentation fault ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users