Re: gpg tells me a signature from my own key is a forgery.
On 8/30/19 12:41 PM, Brian Minton wrote: > I am testing signing with multiple keys. However, gpg tells me that my > own key is a forgery. I know it is not a forgery because I didn't forge > it. Is there a way to tell gpg that my own key is good? I'm using > trust model tofu+pgp, and both of my keys are cross-signed and set to > ultimate trust. oh, I found the problem I had "sender brian@minton.systems" in my gpg config file. When I commented that line out, it worked fine. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpg tells me a signature from my own key is a forgery.
I am testing signing with multiple keys. However, gpg tells me that my own key is a forgery. I know it is not a forgery because I didn't forge it. Is there a way to tell gpg that my own key is good? I'm using trust model tofu+pgp, and both of my keys are cross-signed and set to ultimate trust. Here's an example: $ echo this message is signed|gpg --local-user 37B9507ACFF2016E! --local-user 6B8EB3A065CFBAA9! --local-user 04D3ED26E707AD0643EBA7EC44F35EDB355D526A --clearsign|gpg gpg: WARNING: no command supplied. Trying to guess what you mean ... this message is signed gpg: Signature made Fri 30 Aug 2019 11:36:33 AM CDT gpg:using EDDSA key EED0158013DC2E6D6E001EA437B9507ACFF2016E gpg:issuer "brian@minton.systems" gpg: Good signature from "Brian Minton " [ultimate] gpg: aka "keybase.io/bjmgeek " [ultimate] gpg: aka "Brian Minton " [ultimate] gpg: aka "Brian Minton " [ultimate] gpg: aka "Brian Minton " [ultimate] gpg: aka "Brian Minton " [ultimate] gpg: aka "[jpeg image of size 5202]" [never] gpg: WARNING: We do NOT trust this key! gpg: The signature is probably a FORGERY. gpg: Signature made Fri 30 Aug 2019 11:36:33 AM CDT gpg:using DSA key F9C4BB760E783F0DEC10A68A6B8EB3A065CFBAA9 gpg:issuer "brian@minton.systems" gpg: Good signature from "Brian Minton " [ultimate] gpg: aka "keybase.io/bjmgeek " [ultimate] gpg: aka "Brian Minton " [ultimate] gpg: aka "Brian Minton " [ultimate] gpg: aka "Brian Minton " [ultimate] gpg: aka "Brian Minton " [ultimate] gpg: aka "[jpeg image of size 5202]" [never] gpg: WARNING: We do NOT trust this key! gpg: The signature is probably a FORGERY. gpg: Signature made Fri 30 Aug 2019 11:36:33 AM CDT gpg:using EDDSA key 04D3ED26E707AD0643EBA7EC44F35EDB355D526A gpg:issuer "brian@minton.systems" gpg: Good signature from "Brian Minton " [ultimate] signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What is the practical strength of DSA1024/Elgamal2048 (former GnuPG default)?
On 30.08.2019 01:02, Brian Minton wrote: > On Thu, Apr 25, 2019 at 11:19:15AM +0200, Kristian Fiskerstrand wrote: >> On 4/25/19 9:20 AM, Bernhard Reiter wrote: >>> Wikipedia points out a strong sensitivity of the algorithm to the quality >>> of >>> random number generators and that implementations could deliberately leak >>> information in the signature [3]. This alone probably is a reason to switch >>> keys. >> This isn't really a major point given rfc6979 ( >> https://tools.ietf.org/html/rfc6979 ): Deterministic Usage of the >> Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature >> Algorithm (ECDSA) >> > Does GnuPG use deterministic DSA / ECDSA? > Yes (at least for modern versions, iirc it was introduced in libgcrypt 1.6.0, but it has been used for 6 or so years) -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 Corruptissima re publica plurimæ leges The greater the degeneration of the republic, the more of its laws signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What is the practical strength of DSA1024/Elgamal2048 (former GnuPG default)?
On Thu, Apr 25, 2019 at 11:19:15AM +0200, Kristian Fiskerstrand wrote: > On 4/25/19 9:20 AM, Bernhard Reiter wrote: > > Wikipedia points out a strong sensitivity of the algorithm to the quality > > of > > random number generators and that implementations could deliberately leak > > information in the signature [3]. This alone probably is a reason to switch > > keys. > > This isn't really a major point given rfc6979 ( > https://tools.ietf.org/html/rfc6979 ): Deterministic Usage of the > Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature > Algorithm (ECDSA) > Does GnuPG use deterministic DSA / ECDSA? signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users