Re: GPG on Ledger Nano S
anybody there? On 04/01/2019 22:49, bereska wrote: > Dear GnuPG Experts, > > Can I please have your opinion on using Ledger Nano S as a PGP smart card? > > In search for an optimal PGP smart card for my Android phone I came > across this article: > https://kaansk.github.io/2018/Hello-World!-and-Using-Ledger-Nano-S-for-PGP/ > > I would like to set it up the following way on my Android phone: > K-9 Mail + OpenKeychain + Ledger Nano S > > > thank you for your help > Dmitry > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: NIST 800-57 compatible unattended encryption?
Wiktor Kwapisiewicz wrote: > Hello, > > > On Wed, Jan 02, 2019 at 04:02:03PM +1100, gn...@raf.org wrote: > >> For some dumb reason I think I was hoping that the RSA > >> algorithm wasn't really used to encrypt all the data. I > >> thought it was probably used to encrypt a per-file > >> randomly-generated symmetric key which was then used to > >> encrypt the file (and was encrypted along with the > >> file) because it could be faster. But I think I'm > >> confusing it with network protocols like TLS. > >> > >> Is that what happens with RSA in gpg? [Probably not] > > > > Actually yes, that’s exactly what happens. The data (in your > > case, the contents of your file) is symmetrically encrypted using > > a randomly generated “session key”, and *that* key is > > asymmetrically encrypted using the RSA public key. > > Yep, to see this behind-the-scenes thing in action check out > "--show-session-key" and "--override-session-key" options. Described here: > > https://www.gnupg.org/documentation/manuals/gnupg/GPG-Esoteric-Options.html > > Kind regards, > Wiktor Thanks for that. Unfortunately, it's still not NIST 800-57 compliant because the session key is encrypted using an asymmetric key. But I guess I'll just have to choose not to worry about that. Another question: I was googling the default symmetric algorithm and https://security.stackexchange.com/questions/86305/what-is-the-default-cipher-algorithm-for-gnupg says: For GnuPG 1.0 and 2.0, default is Cast5, for GnuPG 2.1 it is AES-128 But when I use gpg --list-packets --show-session-key -v on files encrypted via RSA keys with gpg-1.4.23 (macOS/macports) and gpg-2.1.18 (debian9), they both say: gpg: AES256 encrypted data Which is great but why is that? I haven't done anything in gpg.conf to override any defaults. Is the symmetric algorithm used with RSA keys unrelated to the default symmetric algorithm used by gpg when the --symmetric option is used? Hmm, when I encrypt a file with gpg -c and then --list-packets -v, the one encrypted with gpg-1.4.23 says: gpg: AES encrypted data and the one encrypted with gpg-2.1.18 says: gpg: AES256 encrypted data I guess that stackexchange page is wrong or out of date. The manpage for gpg on both systems says that the default symmetric algorithm is AES128 which seems correct for gpg-1.4.23 but incorrect for gpg-2.1.18. cheers, raf ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG: Bad Passphrase (try 2 of 3)
Hello. Am Montag, den 07.01.2019, 13:53 +0100 schrieb Matthias Apitz: > Hello, > > I've GnuPG 2.1.12 on my mobile device (without any OpenPGP card) and > generated there a new secret key to encrypt credentials I'm using on > this device. I was a bit surprised reading (after entering a bas > passphrase for testing): > > Note: This is not with the PIN of an OpenPGP-card. What would happen > exactly after the 3rd bad value? Destroy of the key or my device? :-) Nothing happens, the running process will just be aborted after the third try. Regards, Dirk -- Dirk Gottschalk Paulusstrasse 6-8 52064 Aachen, Germany GPG: DDCB AF8E 0132 AA54 20AB B864 4081 0B18 1ED8 E838 Keybase.io: https://keybase.io/dgottschalk GitHub: https://github.com/Dirk1980ac signature.asc Description: This is a digitally signed message part ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GnuPG: Bad Passphrase (try 2 of 3)
Hello, I've GnuPG 2.1.12 on my mobile device (without any OpenPGP card) and generated there a new secret key to encrypt credentials I'm using on this device. I was a bit surprised reading (after entering a bas passphrase for testing): ┌┐ │ Please enter the passphrase to unlock the OpenPGP secret key: │ │ "Matthias Apitz (BQ E4.5 key) " │ │ 4096-bit RSA key, ID FA46903FD2B8E5E9, │ │ created 2019-01-07 (main key ID 8F3E3E3C247AB779). │ │ │ │ │ **> │ Bad Passphrase (try 2 of 3) │ │ │ │ Passphrase: __ │ │ │ │ │ └┘ Note: This is not with the PIN of an OpenPGP-card. What would happen exactly after the 3rd bad value? Destroy of the key or my device? :-) Thanks matthias -- Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub October, 7 -- The GDR was different: Peace instead of Bundeswehr and wars, Druschba instead of Nazis, to live instead of to survive. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
