Re: Gnupg-users Digest, Vol 184, Issue 22

[justina colmena via Gnupg-users]

On February 1, 2019 10:05:58 AM AKST, Stefan Claas  wrote:
>On Thu, 31 Jan 2019 19:43:35 -0900, justina colmena wrote:
>
>> With regards to PGPfone etc., all you need to do is run Asterisk on a
>server somewhere, enable SIP with encryption.
>> If you or your conversation partner don't have a public key, there is
>a voice verification of endpoints, but do note
>> that encrypted real-time voice conversations are extremely difficult
>to protect from packet-timing and other
>> side-channel attacks which often trivially reveal a muffled but clear
>recording and transcript.
>
>Thanks for the info, but i do not want to install server software, for
>encrypted communications,
>where 3rd parties could have theoretically access to it.
>
>Maybe someone, in the future, can pick-up the idea of PGPfone and
>develop it further
>so that it can be used on Linux too or modern macOS. The old Windows
>version still runs
>fine, under Windows 7, for example.
>
>Regards
>Stefan
>
>P.S. About my domain name, for the interested women or children, please
>take
>a look here: https://en.wikipedia.org/wiki/Baud

I am definitely not asking anyone to install anything for my use. I'm just 
trying to explain AFAIK, what you need to do if you want to experiment with 
voice encryption.

I don't want to be held responsible for it or arrested for it any more than 
anyone else, and I'm also trying to explain how some of these things come 
across to authorities who continually amd repeatedly insist on viewing all such 
matters in the worst possible light.

Didn't Martin Luther say to place the best construction on all things? But no, 
we must submit to "parallel construction" and falsely sworn warrants by 
over-informed and under-educated law enforcement officers. "Thou shalt not bear 
false witness" and all that, and we just had a holiday, Dr. Martin Luther King 
Jr. day - and that's right, now that I think about it - not only a doctorate 
like his German namesake, but his father and grandfather and their wives must 
have been staunch Lutherans as well, in so far as to name one son after another 
after him.

There is so much Catholic insistence on communist totalitarianism under a papal 
dictatorship of the proletariat, and opposition in the name of that religion to 
every precept of human rights and due process of law, that even the Finnish 
Protestants preach "oikeutta" & "lain oikeaa käyttöä" in church, because like 
us they have not attained to such rights and freedoms in this life on Earth, 
and so the struggle continues against Catholicism.

The full name of "baud" is "Baudot," a Frenchman, if I recall correctly, a 
contemporary of Hartley or Shannon, definitely a co-worker on such matters. 
Living relatives? Is it another family feud? France is practically at war 
already with a migrant situation, the recent Europol or Interpol shake-up with 
China or Russia or South Korea, general E.U. upheaval, Brexit sympathies, and 
so on and so forth.
-- 
Una Milicia bien regulada, estando necesaria a la seguridad de un Estado libre, 
el derecho del pueblo de tener y de portar Armas, no será infringido.

https://www.colmena.biz/~justina/contacto.php

signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: OpenPGP on paper

[Stefan Claas]

On Fri, 1 Feb 2019 20:23:26 +0100, Peter Lebbing wrote:
> On 01/02/2019 17:37, Stefan Claas wrote:
> > Tesseract did not do a good job, to many errors.  
> 
> Just an idea: OCR'ing a special OCR font like the two classics I
> mentioned will go a lot better if the OCR engine *knows* it is looking
> at that font. They designed the glyphs to be dissimilar. I don't know if
> there are any free software OCR engines that can restrict themselves to
> a specific font, I'm just reasoning about it without domain knowledge.
> 
> Also, if you choose an encoding that avoids similar glyphs like one and
> ell, zero and oh, etcetera, your miss rate should go down.

Well, i googled a bit and it seems one has to train tesseract to give good
results. As understood Google's engine uses also tesseract, but it must
be trained then pretty good, i assume.

> > Then i googled a bit and ... Google can do it.  
> 
> That doesn't seem useful for secret letters. And I don't think you'll
> get an offline engine which has been trained like theirs from them.

Probably not, but i thought to share my findings.

> PS: Could you removed the (was: ...) bit from the subject in replies? I
> think I'll stop doing that type of formatting from now on. I saw it
> being used quite some time back and when it works it's okay, so I
> followed suit. But it's not working that well anymore.

Sorry, i always overlook this ...

Regards
Stefan

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: OpenPGP on paper (was: Where can I find some papers to read on mail (and envelope) security?)

[Stefan Claas]

On Fri, 1 Feb 2019 20:01:58 +0100, Dirk-Willem van Gulik wrote:
> On 1 Feb 2019, at 19:44, Stefan Claas  wrote:

> > However, i am currently interested in using codegroup armor
> > so that it can be printed too and then read properly (hopefully)
> > with OCR solutions.  
> 
> Yes - if you look at the next  pages in the example - that is what is being 
> done there.
> 
> With specific care taken to minimise what one has to enter.
> 
> So one can either OCR the written text, use the QR code or enter it by hand.
> 
> Over the years we've come to rely on this a lot - and regularly had to resort 
> to manual entry or OCR ing of the
> numbers.

Oh, sorry, than i have to take a closer look again!

Many thanks for pointing this out!

Regards
Stefan

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: OpenPGP on paper

[Peter Lebbing]

On 01/02/2019 17:37, Stefan Claas wrote:
> Tesseract did not do a good job, to many errors.

Just an idea: OCR'ing a special OCR font like the two classics I
mentioned will go a lot better if the OCR engine *knows* it is looking
at that font. They designed the glyphs to be dissimilar. I don't know if
there are any free software OCR engines that can restrict themselves to
a specific font, I'm just reasoning about it without domain knowledge.

Also, if you choose an encoding that avoids similar glyphs like one and
ell, zero and oh, etcetera, your miss rate should go down.

> Then i googled a bit and ... Google can do it.

That doesn't seem useful for secret letters. And I don't think you'll
get an offline engine which has been trained like theirs from them.

HTH,

Peter.

PS: Could you removed the (was: ...) bit from the subject in replies? I
think I'll stop doing that type of formatting from now on. I saw it
being used quite some time back and when it works it's okay, so I
followed suit. But it's not working that well anymore.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

WKD with HTTP redirect possible?

[Sheogorath via Gnupg-users]

Hi,

I have a domain with a catchall setup. So I wonder if I can just setup a
HTTP redirect to my main key so WKD works fine. So far it seems to fail.

The standard basically says that the GET request has to return the
binary key, which is quite unhandy in this case. I mean, not impossible
to build, but feels wrong to me.

Also, and that's not overly important, but given that WKD discovers a
key, downloads it and it's not containing the mail address, is this key
still used for the communication or is it ignored? Does it throw an error?

Even with `-vv` set I couldn't really figure out.

Version used (on Fedora 29):
gpg (GnuPG) 2.2.12
libgcrypt 1.8.4

-- 
Signed
Sheogorath



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: OpenPGP on paper (was: Where can I find some papers to read on mail (and envelope) security?)

[Dirk-Willem van Gulik]

On 1 Feb 2019, at 19:44, Stefan Claas  wrote:
> On Fri, 1 Feb 2019 17:53:09 +0100, Dirk-Willem van Gulik wrote:
> 
>> It is a bit of a hack - and quite setting specific for us - but we’ve been 
>> using
>> 
>>  https://github.com/dirkx/gpg-offline-batch-key- 
>> 
> 
> However, i am currently interested in using codegroup armor
> so that it can be printed too and then read properly (hopefully)
> with OCR solutions.

Yes - if you look at the next  pages in the example - that is what is being 
done there.

With specific care taken to minimise what one has to enter.

So one can either OCR the written text, use the QR code or enter it by hand.

Over the years we've come to rely on this a lot - and regularly had to resort 
to manual entry or OCR ing of the numbers.

Dw.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: OpenPGP on paper (was: Where can I find some papers to read on mail (and envelope) security?)

[Stefan Claas]

On Fri, 1 Feb 2019 17:53:09 +0100, Dirk-Willem van Gulik wrote:

> It is a bit of a hack - and quite setting specific for us - but we’ve been 
> using
> 
>   https://github.com/dirkx/gpg-offline-batch-key- 
> 
> 
> and had to occasionally recover keys (every few years or so).
> 
> Typical output below.

Thanks for the info! I had a quick look at the source code and
as understood it uses QR-Codes, which i have played also in
the past with.

However, i am currently interested in using codegroup armor
so that it can be printed too and then read properly (hopefully)
with OCR solutions.

Maybe a bit old fashioned, but worth a try imho, because
in case OCR fails one could type it in manually, if its are
short encrypted messages.

Regards
Stefan 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Gnupg-users Digest, Vol 184, Issue 22

[justina colmena via Gnupg-users]

On January 30, 2019 1:47:41 PM AKST, Stefan Claas  wrote:
>On Wed, 30 Jan 2019 12:46:26 -0800, Allen M. Juinio wrote:
>> > Date: Wed, 30 Jan 2019 20:44:07 +0100
>> > From: Stefan Claas 
>
>> > On the other side i wish PGPfone would have been further developed.
>> > I found it, way back then, pretty cool and super easy to use,
>compared
>> > to PGP or GnuPG.
>
>> Have you tried using Signal from Open Whisper Systems?  They have
>both an Android and Apple version. 
>
>Thanks, i am aware of Signal, but what i mean is to communicate
>directly
>and not via servers and also by not giving away phone numbers.
>
>With PGPfone one needed only the (current) IP address of its
>communication
>partner and then connected directly, without any servers involved.
>
>Regards
>Stefan
>
>___
>Gnupg-users mailing list
>Gnupg-users@gnupg.org
>http://lists.gnupg.org/mailman/listinfo/gnupg-users

I don't mean to sound rude or out of place, but there appear to be too many 
distractions to have a productive discussion on this list, and there are some 
critical issues, because GnuPG has become an essential part of many important 
systems throughout the free and open source software community.

The weekly "digest" option for the mailing list should be no-reply. People who 
wish to participate in a pointed or on-topic discussion really need to receive 
each email message independently.

I realize it's a German domain, but 300baud.de is just really obnoxious in 
English. The phrase "300 baud" itself is, of course, completely unobjectionable 
hacker lore, but baud+de = "bawdy" as in "bawdy house" which is extremely 
vulgar in English. Only for the gentlemen.

That sort of "humor" is not friendly to women and children, and I know 
especially a lot of women and girls would otherwise be very interested in 
cryptography, PGP-encrypted email, etc. Let's lose the vulgarity and focus on 
Alice's secret message to Bob, something Eve or Mallory has no need to know, 
basic elements of what needs to be done right with respect to the core 
functionality of GnuPG.

Not to advertise, but my own domain is the Spanish word "colmena" (hive, colony 
of bees, beehive in English) with the "biz" tld, slang for "business." Bees are 
busy, and they make that buzzing noise. Point being, it's entirely possible to 
avoid a lewd implication or double entendre. I can't let people take me for all 
honey and no sting with my domain.

With regards to PGPfone etc., all you need to do is run Asterisk on a server 
somewhere, enable SIP with encryption. If you or your conversation partner 
don't have a public key, there is a voice verification of endpoints, but do 
note that encrypted real-time voice conversations are extremely difficult to 
protect from packet-timing and other side-channel attacks which often trivially 
reveal a muffled but clear recording and transcript.

The human voice is in a certain sense "too rich" to hide or conceal, and the 
Bible tells of a "line" of every signal or sound that extends to be heard to 
the ends the earth, and of the ungodly that "the sound of his words shall come 
unto the Lord for the manifestation of his wicked deeds."
-- 
Una Milicia bien regulada, estando necesaria a la seguridad de un Estado libre, 
el derecho del pueblo de tener y de portar Armas, no será infringido.

https://www.colmena.biz/~justina/contacto.php

signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: OpenPGP on paper (was: Where can I find some papers to read on mail (and envelope) security?)

[Stefan Claas]

On Wed, 30 Jan 2019 21:50:06 +0100, Stefan Claas wrote:
> On Wed, 30 Jan 2019 21:23:56 +0100, Peter Lebbing wrote:
> 
> > On 30/01/2019 20:44, Stefan Claas wrote:  
> > > But which one ... ;-) I may check this again with a friend.
> > 
> > Well there are the classical options:
> > 
> > 
> > 
> > Debian provides free fonts like that as packages fonts-ocr-a and
> > fonts-ocr-b, which come from:
> > 
> > and
> >   
> 
> Thanks, i will take a look!

O.k. just did some tests again with old .pdf's containing images
of scanned text and then also used a jpeg image (small resolution)
with the free tesseract.

Tesseract did not do a good job, to many errors.

Then i googled a bit and ... Google can do it.

According to a youtube video you need a gmail account, upload to
Google Drive and then from there open the image or pdf with
Google Docs, which does imho the best job i have seen do far.

I will do more tests, once time permits.

Regards
Stefan

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

gpg-agent forwarding to remote with systemd - status?

[Chris Coutinho]

Hi,

I'm trying to forward my local gpg-agent over ssh to a remote that
controls the gnupg sockets via systemd. This fails because sshd
attempts to place the socket in a directory that doesn't exist,
because that is handled on the remote by systemd.

This issue was raised back in 2016:

https://gnupg-users.gnupg.narkive.com/eYVmOa2h/agent-forwarding-failure-when-the-socketdir-was-autodeleted

It was suggested in that thread to place `gpgconf --create-socketdir`
in '.bashrc' to create the proper directory, but this doesn't work in
my case because on the remote the directory is created/deleted by
systemd and shell scripts are sourced after ssh attempts to place the
socket.

>From my limited understanding of the issue, it seems that it wasn't
clear in what project the solution should be (openssh, systemd,
gnupg).

Is there an update regarding this issue, or any proposed workarounds
for systemd-based remotes?

Regards,
Chris

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg-agent forwarding to remote with systemd - status?

[Chris Coutinho]

I should add that the remote is OpenSUSE Leap 15.0 running GnuPG
2.2.5, and my current client is OpenSUSE Leap 15.0 running WSL on
Windows 10, also running GnuPG 2.2.5. The WSL client doesn't have
systemd installed on it, so it uses the old ~/.gnupg directory for
holding sockets.

On client:
$ gpgconf --list-dir socketdir
/home/chris/.gnupg

On remote:
$ gpgconf --list-dir socketdir
/run/user/1001/gnupg

Regards,
Chris

On Fri, 1 Feb 2019 at 11:42, Chris Coutinho  wrote:
>
> Hi,
>
> I'm trying to forward my local gpg-agent over ssh to a remote that
> controls the gnupg sockets via systemd. This fails because sshd
> attempts to place the socket in a directory that doesn't exist,
> because that is handled on the remote by systemd.
>
> This issue was raised back in 2016:
>
> https://gnupg-users.gnupg.narkive.com/eYVmOa2h/agent-forwarding-failure-when-the-socketdir-was-autodeleted
>
> It was suggested in that thread to place `gpgconf --create-socketdir`
> in '.bashrc' to create the proper directory, but this doesn't work in
> my case because on the remote the directory is created/deleted by
> systemd and shell scripts are sourced after ssh attempts to place the
> socket.
>
> From my limited understanding of the issue, it seems that it wasn't
> clear in what project the solution should be (openssh, systemd,
> gnupg).
>
> Is there an update regarding this issue, or any proposed workarounds
> for systemd-based remotes?
>
> Regards,
> Chris

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Fwd: GPA errors when creating key pair

[Roland Siemons (P)]

  
  
Further to same issue:

GPA returns the same error on my own system. Otherwise, my Gnupg
systems works perfect here (win7). I can create a new key under
Kleopatra. Not under GPA. Something seems to be wrong with GPA.

  
   Forwarded Message 
  

  
Subject:

GPA errors when creating key pair
  
  
Date: 
Fri, 1 Feb 2019 09:03:54 +0100
  
  
From: 
Roland Siemons (P) 
  
  
To: 
gnupg-users@gnupg.org
  

  
  
  
  Dear List,
  
  I am trying to help somebody to set up GPG4Win. He uses Win10.
  Trying to
  create a new key pair using GPA, GPA returns: "The GPGME library
  returned an unexpected
  error at gpagenkeyadvop.c:163. The error was: Invalid argument"
  
  How can this be resolved?
  
  Greetz,
  -- 

Roland Siemons
Haaksbergerstraat 205
ENSCHEDE

t: O645616734



  


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

GPA errors when creating key pair

[Roland Siemons (P)]

Dear List,

I am trying to help somebody to set up GPG4Win. He uses Win10. Trying to
create a new key pair using GPA, GPA returns: "The GPGME library
returned an unexpected
error at gpagenkeyadvop.c:163. The error was: Invalid argument"

How can this be resolved?

Greetz,
-- 

Roland Siemons
Haaksbergerstraat 205
ENSCHEDE

t: O645616734


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [OT] Where can I find some papers to read on mail (and envelope) security?

[Stefan Claas]

On Wed, 30 Jan 2019 21:36:15 +0100, Michael Kesper wrote:

Hi Michael,

> On 30.01.19 16:33, Stefan Claas wrote:
> > Interesting topic, which i am interested in as well. I started, as German
> > citizen, to use also epost Brief and De-Mail a while ago, when
> > communicating sometimes with friends, because i like those paid
> > services much more than the classical email PGP combo.  
> 
> You know that you use snake oil then?
> These services decrypt your e-mails to "protect you against viruses" [0].

It does not matter to much for me. My threat model is not so high and if i
like to do so i can encrypt my mail and run it through codegroup.

And with De-Mail people can put an OpenPGP pub key in their directory,
so that people can get the pub key from there, regardless of which
De-Mail service provider they use.

P.S. We should get back on topic from the OP, on how to send securely
OpenPGP letters / postcards via regular mail.

If one googles for the string "encrypted postcards" there are many
links shown, from people who did that in the early 20th century. :-)

Best regards
Stefan


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users