Re: OpenPGP smartcard and P-256 in non expert mode
n 8/11/22 15:30, Ingo Klöcker wrote Only experts will be able to make an educated decision between P-256 and P-384. It's good to give "normal" people less choice by default because more choice will just confuse them even more. Even having to choose between Curve25519 and P-384 will be too much already for people who just have been told that they should generate an ECC key. That makes sense to me. However why offer curves not supported by the hardware? Regards, Sosthène -- Sosthène Guédon Intern Nitrokey GmbH https://www.nitrokey.com Email: sosth...@nitrokey.com Rheinstr. 10 C, 14513 Teltow, Germany CEO / CEO: Jan Suhr Register: AG Potsdam, HRB 32882 P VAT ID / VAT ID: DE300136599 ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OpenPGP smartcard and P-256 in non expert mode
On Donnerstag, 11. August 2022 09:39:24 CEST Sosthène Guédon | Nitrokey via Gnupg-users wrote: > I don't understand why generating a key on a smartcard only offers > Curve25519 and P-384 for ECC cryptography unless the --expert flag is used. You are asking the question the wrong way. Why should P-256 be offered without the --expert flag? It's not as if gpg wouldn't allow you to create a P-256 key. Only experts will be able to make an educated decision between P-256 and P-384. It's good to give "normal" people less choice by default because more choice will just confuse them even more. Even having to choose between Curve25519 and P-384 will be too much already for people who just have been told that they should generate an ECC key. Regards, Ingo signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How did Edward Joseph Snowden use GnuPG to uncover the secrets of the National Security Agency?
Subject: How did Edward Joseph Snowden use GnuPG to uncover the secrets of the National Security Agency? Short answer: he didn't. GnuPG is one of the tools that Snowden used to uncover the secrets of the NSA. This is incorrect. According to Glenn Greenwald, he used GnuPG to communicate privately with a couple of journalists. GnuPG played no role in his exfiltrating data out of Fort Meade. OpenPGP_signature Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OpenPGP smartcard and P-256 in non expert mode
Hi! Please share your GnUPG version and the type of smartcard you are using with us. A 9 year old commit is not very helpful. I'm using gpg 2.2.36 and a OpenPGP smart card implementation we are currently developing. You're right the commit itself isn't very helpful, here are is the code that is relevant in the 2.2 branch: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=g10/keygen.c;h=fee752376d28d7c7704336d681da8be92c4f22bc;hb=491645b50ec97db12520483d347291d660db209c#l2393 See the `expert_only` flag set to 1 for P-256. This was introduced in the commit I mentioned. Regards, Sosthène -- Sosthène Guédon Intern Nitrokey GmbH https://www.nitrokey.com Email: sosth...@nitrokey.com Rheinstr. 10 C, 14513 Teltow, Germany CEO / CEO: Jan Suhr Register: AG Potsdam, HRB 32882 P VAT ID / VAT ID: DE300136599 ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: a bit off topic, how to find encrytped files (ransom attack)
>>> "JC" == Juergen Christoffel writes: > On Fri, Aug 05, 2022 at 05:45:53PM +0200, Uwe Brauer via Gnupg-users wrote: >> 1. just for the first very rough analysis what is a convenient command to >> get a list of files that have high entropy? > The first step might be to install tripwire and only check files, which > tripwire reports as changed. See "man tripwire" after installing it. Thanks very much! > Regarding your attempt to find candidate files: >> find . -iname '*.*' -follow -print -exec ent {} \; > Files don't need to have a dot in their name. But they might have unusual > characters in their names instead. So you might actually want to use > find -type f -print0 | xargs -0 ent Well thanks again, but this does not work as expected. I obtain , | Duplicate file name. | ent -- Calculate entropy of file. Call | with ent [options] [input-file] | | Options: -b Treat input as a stream of bits |-c Print occurrence counts |-f Fold upper to lower case letters |-t Terse output in CSV format |-u Print this message | | By John Walker |http://www.fourmilab.ch/ |January 28th, 2008 ` And adding and of these suggested options does not help > Tip: "man find" and "man xargs" describe what those zeroes mean. I try it. >> So I am not sure what is the best line, but the question boils down to >> this, anybody know enough sed or awk or whatsoever to tell me how ot filter >> the ent output? > Gentle suggestion: you'd need to learn such basic usage yourself, before > you rely on them as a tool. especially when attempting to secure your > systems. > Tips (for example): > https://www.amazon.de/Learning-Perl-Making-Things-Possible/dp/1492094951 or > https://www.amazon.de/Effective-awk-Programming-Universal-Processing/dp/1491904615 Thanks my encounters with perl were well unpleasant. I might, again, try to understand awk better. Uwe Brauer -- I strongly condemn Putin's war of aggression against the Ukraine. I support to deliver weapons to Ukraine's military. I support the ban of Russia from SWIFT. I support the EU membership of the Ukraine. smime.p7s Description: S/MIME cryptographic signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OpenPGP smartcard and P-256 in non expert mode
Hi! Please share your GnUPG version and the type of smartcard you are using with us. A 9 year old commit is not very helpful. Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
OpenPGP smartcard and P-256 in non expert mode
Hi! I don't understand why generating a key on a smartcard only offers Curve25519 and P-384 for ECC cryptography unless the --expert flag is used. P-384 is offered even when the hardware key doesn't support it and other curves which the hardware supports are not offered which is confusing. Why is the P-256 curve disabled by default? It seems deliberate in https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=402aa0f94854bb00475c934be5ca6043a4632126 but I can't find any documentation on why that choice was made. Thanks, Sosthène -- Sosthène Guédon Intern Nitrokey GmbH https://www.nitrokey.com Email: sosth...@nitrokey.com Rheinstr. 10 C, 14513 Teltow, Germany CEO / CEO: Jan Suhr Register: AG Potsdam, HRB 32882 P VAT ID / VAT ID: DE300136599 ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How did Edward Joseph Snowden use GnuPG to uncover the secrets of the National Security Agency?
On 11/08/2022, Turritopsis Dohrnii Teo En Ming via Gnupg-users wrote: > Subject: How did Edward Joseph Snowden use GnuPG to uncover the > secrets of the National Security Agency? > > Good day from Singapore, > > [QUOTE] > > Arguing that you don't care about the right to privacy because you > have nothing to hide is no different from saying you don't care about > free speech because you have nothing to say. – Edward Snowden > > Using encryption helps to protect your privacy and the privacy of the > people you communicate with. Encryption makes life difficult for bulk > surveillance systems. GnuPG is one of the tools that Snowden used to > uncover the secrets of the NSA. > > [/QUOTE] > > How did Edward Joseph Snowden use GnuPG to uncover the secrets of the > National Security Agency? > > I am very interested to know. Are there any detailed write-ups? Probably this https://theintercept.com/2014/10/28/smuggling-snowden-secrets/ Also Snowden is probably a Russian asset by now, but whatver. https://observer.com/2016/09/the-real-ed-snowden-is-a-patsy-a-fraud-and-a-kremlin-controlled-pawn/ FC ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How did Edward Joseph Snowden use GnuPG to uncover the secrets of the National Security Agency?
On Thu, 11 Aug 2022 at 15:56, Fernando Cassia wrote: > > On 11/08/2022, Turritopsis Dohrnii Teo En Ming via Gnupg-users > wrote: > > Subject: How did Edward Joseph Snowden use GnuPG to uncover the > > secrets of the National Security Agency? > > > > Good day from Singapore, > > > > [QUOTE] > > > > Arguing that you don't care about the right to privacy because you > > have nothing to hide is no different from saying you don't care about > > free speech because you have nothing to say. – Edward Snowden > > > > Using encryption helps to protect your privacy and the privacy of the > > people you communicate with. Encryption makes life difficult for bulk > > surveillance systems. GnuPG is one of the tools that Snowden used to > > uncover the secrets of the NSA. > > > > [/QUOTE] > > > > How did Edward Joseph Snowden use GnuPG to uncover the secrets of the > > National Security Agency? > > > > I am very interested to know. Are there any detailed write-ups? > > Probably this > https://theintercept.com/2014/10/28/smuggling-snowden-secrets/ > > Also Snowden is probably a Russian asset by now, but whatver. > https://observer.com/2016/09/the-real-ed-snowden-is-a-patsy-a-fraud-and-a-kremlin-controlled-pawn/ LOL. > > FC Regards, Mr. Turritopsis Dohrnii Teo En Ming Targeted Individual in Singapore ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
How did Edward Joseph Snowden use GnuPG to uncover the secrets of the National Security Agency?
Subject: How did Edward Joseph Snowden use GnuPG to uncover the secrets of the National Security Agency? Good day from Singapore, [QUOTE] Arguing that you don't care about the right to privacy because you have nothing to hide is no different from saying you don't care about free speech because you have nothing to say. – Edward Snowden Using encryption helps to protect your privacy and the privacy of the people you communicate with. Encryption makes life difficult for bulk surveillance systems. GnuPG is one of the tools that Snowden used to uncover the secrets of the NSA. [/QUOTE] How did Edward Joseph Snowden use GnuPG to uncover the secrets of the National Security Agency? I am very interested to know. Are there any detailed write-ups? Thank you. Regards, Mr. Turritopsis Dohrnii Teo En Ming Targeted Individual in Singapore 11 Aug 2022 Thursday Blogs: https://tdtemcerts.blogspot.com https://tdtemcerts.wordpress.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users