date:20181231

Key storage

2018-12-31 Thread Teemu Likonen

justina colmena via Gnupg-users [2018-12-31 12:06:39-09] wrote:

> And now the *secret* keys are going in "~/.gnupg/pubring.gpg" with the
> false implication by its name that the file contains only public keys
> which need not be so carefully guarded against disclosure.

Secret keys are in directory ~/.gnupg/private-keys-v1.d and each master
key and subkey is in separate file named by key's keygrip (see "gpg -K
--with-keygrip").

-- 
/// Teemu Likonen   - .-..    //
// PGP: 4E10 55DC 84E9 DFF6 13D7 8557 719D 69D3 2453 9450 ///


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg - difference --encrypt-to and --recipient

2018-12-31 Thread justina colmena via Gnupg-users

On December 31, 2018 5:38:10 AM AKST, Dirk Gottschalk via Gnupg-users 
 wrote:
>Hello Damien.
>
>Am Montag, den 31.12.2018, 12:45 + schrieb Damien Goutte-Gattat:
>> On Mon, Dec 31, 2018 at 07:17:21AM +0100, Dirk Gottschalk via Gnupg-
>> users wrote:
>> > Yes, that's correct. Anyways, I prefer using the --hidden-recipient
>
>> > for this purpose. That prevents the disclosure of the communication
>> > paths with pure GPG-Packet analysis.
>
>> You do realize that, in the case of e-mail, the communication paths
>> are already disclosed by the SMTP protocol (command "RCPT TO") and
>> the mail headers ("From", "To", and the like), which both are outside
>> the scope of OpenPGP protection?
>
>Yes, sure I do. But referencing the command line options, I thought he
>was speaking about encryption of files. In this case, it could be of
>(even if small) benefits to avoid the disclosure of the path.
>
>
>> Using --hidden-recipient only protects against an hypothetic attacker
>> who is somehow only able to obtain the email body (the OpenPGP
>> message itself) without the surrounding metadata.
>
>That's correct. As told, I was talking about encrypted files. If you
>upload en encrypted file to a cloud service, for example, it could be a
>good idea to encrypt only to hidden recipients. Security my obscurity
>is not everytime a bad thing. ;)
>
>Regards,
>Dirk

For some reason I'm not getting a "Reply-To:" for the whole list here...
Hidden recipients are normally given in the BCC (Blind Carbon Copy) field in 
the case of email, and the communication paths are not disclosed to other 
recipients.

Shouldn't an email message (for example) be encrypted separately to each BCC 
recipient, or is this an intended all-in-one multiple-recipient encryption 
which cannot conceal from the cryptanalyst the fact that the same message, 
encrypted only once, is being sent to more than one receiving party?

I hate to see the vast number of gpg command-line options get so carried away 
that we lose grip of the basic cryptography that we want to use GnuPG for.

And now the *secret* keys are going in "~/.gnupg/pubring.gpg" with the false 
implication by its name that the file contains only public keys which need not 
be so carefully guarded against disclosure.

-- 
A well regulated Militia, being necessary to the security of a free State, the 
right of the people to keep and bear Arms, shall not be infringed.

https://www.colmena.biz/~justina/

signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg - difference --encrypt-to and --recipient

2018-12-31 Thread Dirk Gottschalk via Gnupg-users

Hello Damien.

Am Montag, den 31.12.2018, 12:45 + schrieb Damien Goutte-Gattat:
> On Mon, Dec 31, 2018 at 07:17:21AM +0100, Dirk Gottschalk via Gnupg-
> users wrote:
> > Yes, that's correct. Anyways, I prefer using the --hidden-recipient 
> > for this purpose. That prevents the disclosure of the communication
> > paths with pure GPG-Packet analysis.

> You do realize that, in the case of e-mail, the communication paths
> are already disclosed by the SMTP protocol (command "RCPT TO") and
> the mail headers ("From", "To", and the like), which both are outside
> the scope of OpenPGP protection?

Yes, sure I do. But referencing the command line options, I thought he
was speaking about encryption of files. In this case, it could be of
(even if small) benefits to avoid the disclosure of the path.


> Using --hidden-recipient only protects against an hypothetic attacker
> who is somehow only able to obtain the email body (the OpenPGP
> message itself) without the surrounding metadata.

That's correct. As told, I was talking about encrypted files. If you
upload en encrypted file to a cloud service, for example, it could be a
good idea to encrypt only to hidden recipients. Security my obscurity
is not everytime a bad thing. ;)

Regards,
Dirk

-- 
Dirk Gottschalk
Paulusstrasse 6-8
52064 Aachen, Germany

GPG: DDCB AF8E 0132 AA54 20AB  B864 4081 0B18 1ED8 E838
Keybase.io: https://keybase.io/dgottschalk
GitHub: https://github.com/Dirk1980ac



signature.asc
Description: This is a digitally signed message part
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg - difference --encrypt-to and --recipient

2018-12-31 Thread Stefan Claas

On Mon, 31 Dec 2018 12:45:44 +, Damien Goutte-Gattat wrote:
> On Mon, Dec 31, 2018 at 07:17:21AM +0100, Dirk Gottschalk via Gnupg-users 
> wrote:
> > Yes, that's correct. Anyways, I prefer using the --hidden-recipient for
> > this purpose. That prevents the disclosure of the communication paths
> > with pure GPG-Packet analysis.  
> 
> You do realize that, in the case of e-mail, the communication paths are
> already disclosed by the SMTP protocol (command "RCPT TO") and the mail
> headers ("From", "To", and the like), which both are outside the scope
> of OpenPGP protection?
> 
> Using --hidden-recipient only protects against an hypothetic attacker
> who is somehow only able to obtain the email body (the OpenPGP message
> itself) without the surrounding metadata.

But it is imho good if you use anonymous remailers, either for email
or Usenet postings. In the case of email Mallory would only see that
Bob received a message, but does not know from whom it originated
and in case of proper Usenet usage nobody would know who send
the message and who is the recipient.

Regards
Stefan


pgprvYXGaYaqg.pgp
Description: Digitale Signatur von OpenPGP
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg - difference --encrypt-to and --recipient

2018-12-31 Thread Damien Goutte-Gattat via Gnupg-users

On Mon, Dec 31, 2018 at 07:17:21AM +0100, Dirk Gottschalk via Gnupg-users wrote:
> Yes, that's correct. Anyways, I prefer using the --hidden-recipient for
> this purpose. That prevents the disclosure of the communication paths
> with pure GPG-Packet analysis.

You do realize that, in the case of e-mail, the communication paths are
already disclosed by the SMTP protocol (command "RCPT TO") and the mail
headers ("From", "To", and the like), which both are outside the scope
of OpenPGP protection?

Using --hidden-recipient only protects against an hypothetic attacker
who is somehow only able to obtain the email body (the OpenPGP message
itself) without the surrounding metadata.

- Damien

signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg - difference --encrypt-to and --recipient

2018-12-31 Thread Gernot Pokorny

But isn't the documentation wrong for the edge-case when you specify
--encryp-to within gpg.conf and do not specify a recipient? According to
that documentation when you only specify --encrypt-to, but no --recipient,
then the value of --encrypt-to should also not be used and that means we
would have no valid command and that there should be an error, which is not
the case in the gpg implementation. The gpg that I have running simply
takes the name from encrypt-to as a recipient, which makes sense, but is
not in sync with the documentation.

On Mon, Dec 31, 2018 at 7:57 AM Dirk Gottschalk via Gnupg-users <
gnupg-users@gnupg.org> wrote:

> Hello.
>
> Am Sonntag, den 30.12.2018, 22:40 +0100 schrieb Stefan Claas:
> > On Sun, 30 Dec 2018 18:05:37 +0100, Gernot Pokorny wrote:
> > Hi,
> >
> > > What is the difference between --encrypt-to and --recipient and
> > > what are the advantages and disadvantages of using one over the
> > > other, which one should you use for encrypting your own files and
> > > what does the following mean?
>
> > > --encrypt-to ... The key specified by name is used only when there
> > > are other recipients given by the user or by use of the option
> > > recipient. ...
>
> > Simply said you put encrypt-to, with your key-id, in your gpg.conf
> > and when you do a gpg --recipient yourfriend it encrypts to your
> > friend and also to you.
>
> Yes, that's correct. Anyways, I prefer using the --hidden-recipient for
> this purpose. That prevents the disclosure of the communication paths
> with pure GPG-Packet analysis.
>
> Regards,
> Dirk
>
> --
> Dirk Gottschalk
> Paulusstrasse 6-8
> 52064 Aachen, Germany
>
> GPG: DDCB AF8E 0132 AA54 20AB  B864 4081 0B18 1ED8 E838
> Keybase.io: https://keybase.io/dgottschalk
> GitHub: https://github.com/Dirk1980ac
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Key storage

Re: gpg - difference --encrypt-to and --recipient

Re: gpg - difference --encrypt-to and --recipient

Re: gpg - difference --encrypt-to and --recipient

Re: gpg - difference --encrypt-to and --recipient

Re: gpg - difference --encrypt-to and --recipient

6 matches

Site Navigation

Mail list logo

Footer information