Re: Error importing fetching key from wkd
Hello again, I wrote: > Dirk Gottschalk via Gnupg-users wrote: >> A workaround for this is to download the SRPM, remove the >> line '--disable-brainpool' and rebuild the package. > > Ahh, excellent. That's a relatively recent change. It's > available in the Fedora (and RHEL) libgcrypt-1.10 packages > which I believe are only in the freshly released Fedora 36 > and RHEL 9. For the future, you can now rebuild the libgcrypt rpm from Fedora 36 with brainpool support without having to edit the spec file manually¹. You can pass `--with brainpool` to the rpmbuild command, e.g.: rpmbuild -rb --with brainbpool /path/to/libcgrypt.src.rpm Hopefully that makes life just a little easier for folks using Fedora who want or need brainpool support. ¹ https://src.fedoraproject.org/rpms/libgcrypt/c/6571417ff -- Todd signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Backing up your PGP key by hand
On Mon, 30 May 2022 19:52, Matt Borja said: > - Related to this approach: Is the passphrase on a private key not > sufficient encryption strength to store the private key in a secure > cloud > vault for archival purposes; or could it not be paired with a The currently used protection of private keys as specified by OpenPGP allows to attack the key iff the attacker has a way to modify the protected key on the transport. This is not the old Klima/Rosa attack but a new attack which takes advantage of the fact that the public key parts are not bound to the encrypted private parts of the key. Thus the suggestion is to not rely on the OpenPGP private key protection but to convey those private keys with an additional OpenPGP encryption layer. Note that the internal format used by GnuPG to store the private keys is not affected buy this attack. This is because the public key parts in the files below private-keys-v1.d are included in the authenticated encryption of the private parts as additional data (openpgp-s2k3-sha1-aes-cbc and openpgp-s2k3-ocb-aes schemes) Always take care when conveying private keys. Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
