Re: An Invitation to Neuroscientists and Physicists: Singapore Citizen Mr. Teo En Ming (Zhang Enming) Reports First Hand Account of Mind Intrusion and Mind Reading
It's Called INCEPTION ! Cheers! --AA On 17 May 2011 19:42, Singapore Citizen Mr. Teo En Ming (Zhang Enming) singapore_citizen_mr_teo_en_m...@yahoo.com.sg wrote: 16 May 2011 Monday 7:28 P.M. Singapore Time For Immediate Release SINGAPORE, SINGAPORE - Singapore Citizen Mr. Teo En Ming (Zhang Enming) would like to report first hand account of mind intrusion and mind reading. I have been hearing voices for quite some time now but I have not been able to identify the persons physically. A number of un-identified persons have intruded into my mind and they are able to read my thoughts. I could not explain the mechanism by which these un-identified persons have been reading my mind at the moment but there is definitely a scientific explanation for it. I know very clearly that I am not suffering from schizophrenia at all. I am fully aware that no common man would believe me except the select few scientific researchers working in top secret government projects and the human guinea pigs who are being experimented on. One of the possibilities is that I have a microchip implanted into my brain, possibly when I was an infant. It may take a few years, a few decades, or even a few centuries before mind reading is finally brought to light before the general public. I would like to invite neuroscientists, engineers and physicists to speak on the scientific explanation behind mind intrusion and mind reading. Please remember what Singapore Citizen Mr. Teo En Ming (Zhang Enming) have said. Mark my words. You will know the truth in future. It is no longer a conspiracy theory. I can affirm that it (mind intrusion and mind reading) is indeed happening to me. Yours truly, Singapore Citizen Mr. Teo En Ming (Zhang Enming) Dip(Mechatronics)(Singapore Polytechnic) BEng(Hons)(Mechanical Engineering)(National University of Singapore) Singapore Identity Card No/NRIC: S78*6*2*H Toa Payoh Lorong 5, Singapore Mobile Phone: +65-8369-2618 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Gnupg key: 02375205 Fingerprint: F7CD D181 943B 0453 8668 AF16 84E9 7565 0237 5205 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Updating signature cert-level
next time sing with a pencil, because Im, the painting now ... btw, Need a SAFE to my art, values ... On 26 April 2011 21:06, Aaron Toponce aaron.topo...@gmail.com wrote: I signed a key, of which defaulted to cert-level 0 (I will not answer), which must be the default. When signing the key, GunPG didn't ask me about any checking. However, I would like to update the cert-level to 2 (I have done casual checking), but I'm unaware of how to do this. Do I need to revoke my signature, and re-sign, seeing as though GnuPG won't let my sign the key if I've already signed it? Thanks, -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Gnupg key: 02375205 Fingerprint: F7CD D181 943B 0453 8668 AF16 84E9 7565 0237 5205 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: A better way to think about passwords
On 17 April 2011 23:58, Robert J. Hansen r...@sixdemonbag.org wrote: Summary: A 3-word password (e.g., quick brown fox) is secure against cracking attempts for 2,537 years. I am giving a great big yuk to his methodology. There's no reference to the entropy of text, for instance. His example of a three common word password, this is fun, amounts to a total of 11 letters I was thinking about that, between words, there is only a BLANK SYMBOL, same value of any other given symbol. Well, from point of view of math, nothing changes, all data, but from knowledge point of view about human behaviour it is possible that it's have some kind of relevance. --Kind Regards AA ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPF Crypto Stick vs OpenPGP Card
Hi, Sorry, I didn't want get too far from the subject of the topic. But the previous post raised a doubt on top of my head. Can anybody explain (if it's not too much technical) why people say that once a key is generated inside the smartcard it is impossible to that key get out of it (except of course the Command generate Make off-card backup of encryption key? (Y/n)?) Thanks AA On 6 December 2010 19:38, Grant Olson k...@grant-olson.net wrote: On 12/6/10 2:21 PM, Marcio B. Jr. wrote: Hello, sorry for this insistence. I just want to get it clearly. So, you mean those devices certainly protect information better than a regular computer (even if making proper use of disk encryption software)? Yes. Ultimately a malicious user with 'root' access can compromise any software solution. Maybe that means downloading your keys and mounting an offline attack. Maybe that means downloading your keys and installing a keylogger to get your passphrase. Or finding your unencrypted key that's been cached by gpg-agent in system memory. Full Disk Encryption doesn't provide protection there when your system is up and running, it only helps when someone steals your laptop, or tries to access the system while it's powered down. By moving the keys to a dedicated hardware device, it creates a partition between your (possibly compromised) computer's OS and and the device. The key information never gets loaded into the OS and is opaque to the system. So now a malicious user would need to 'root' your card, or card reader, which would probably involve something like trying to access or change the physical chips on the device, and is much much harder than installing a root-kit, or creating a virus, or developing some other malicious software. That's also why people are talking about readers with pin-pads. That prevents someone from installing a general-purpose keyboard sniffer to get your pin, stealing your physical token, and having the two pieces of info they need to use your keys. -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
ubuntu 10.04 and Reader SCM SPR-532
Hi list, I am thinking about buy a smartcard reader model SCM SPR-532 Pinpad. I got a question: Is it full compatible with Ubuntu 10.04 LTS and Evolution email client ? does it works straight way or require some linux kung fu to setup? I appreciate any advice. Thanks Andre Amorim ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: import key to smart cards
If you dont have off-card key backup. Sorry, better forget it. -- Andre Amorim On 5 October 2010 16:18, Werner Koch w...@gnupg.org wrote: On Tue, 5 Oct 2010 13:18, kolad...@web.de said: My question is: How can I import a (sec-pub-)key which was generated on a crypto stick (containing an integrated smart card) into another crypto stick? A crypto stick like: The whole point of generating keys on a smartcard is that it is impossible to get it back out of the card - you may only use the generated key with certain command provided by the smartcard. And thus you can't import it to another smartcard. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: plausibly deniable
On 23 July 2010 23:08, Ted Smith ted...@gmail.com wrote: On Fri, 2010-07-23 at 02:07 -0400, Faramir wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ted Smith escribió: ... Deniable encryption is a useful tool, but it is not a universally good idea. An interrogator as described in this thread is a movie plot threat. In reality, nobody is going to torture you for your key, because there are much easier ways of obtaining your cleartext or figuring out if you have a hidden volume. Well, I suppose in most countries nobody is going to torture you, but there are other countries where you can't be so sure... Also, an interrogator that doesn't care about hurting an innocent can be very dangerous, if he suspects he is being fooled. Nobody in any country is going to torture you for your key, because keyloggers are much less expensive than torturers + torturing equipment. It's much easier to just place a keylogger somehow and get the key in plaintext with no fuss in a week. There are dozens of other ways to do something like this. Torture is a great movie plot threat; people can easily imagine it happening, so they overestimate its likelihood. In reality, it is exceedingly rare for people to be tortured for their encryption keys. Tell that one to my wife though. LoL --Andre ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
plausibly deniable
Hi folks, Do we have a plausibly deniable option ? Thanks Andre Amorim. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: plausibly deniable
Hi Andre-- Please don't reply off-list. this discussion would be useful for others who follow the list, or who read the archives. By taking the discussion off-list, this is now hidden from everyone but you and me. I haven't replied on-list because i don't want to publish your words without your permission. You have my permission to re-post my text here on the list if you want to take it back public again. On 07/22/2010 04:43 PM, Andre Amorim wrote: Why I felt stupid ? LOL.. I got it, thanks But if ..someone pick me up with my openpgp smartcard, put a gun in my head and say .. decrypt it or die ... i think you might be getting data signatures confused with data encryption. public-key signatures are a way of placing a mark on some content that no one but the holder of your key could make. They're often used to mean something like I wrote this message or I approve of this message. public-key encryption is a way of making it so that only the holder of a given key is able to access the cleartext content of your message. Plausible Deniability as a term is usually used in reference to the idea of signing, not encryption. That is, a system like OTR offers convincing proof to the other party in a conversation that you are who you say you are, but that information is designed to be uninterpretable to other people (because the way that per-session key material is handled after the session is over makes it possible for anyone to craft the same assertions). You should read up on otr if you're interested: http://www.cypherpunks.ca/otr/ This feature is legally dubious, since courts seem prepared to convict without cryptographic proof anyway. The closest idea to Plausible Deniability for encryption (not signatures) is something like hidden volumes within encrypted volumes, which truecrypt offers: http://www.truecrypt.org/ This feature is also dubious, because there will be suspiciously high-entropy on the disk, and you are known to be using tools with this feature, you will simply be coerced until you've accounted for all the data. And of course, when a gun is held to your head, it's hard to argue that you are in full control of your key. --dkg On 22 July 2010 23:18, Andre Amorim an...@amorim.me wrote: No worrys Daniel.. living and learning.. --Andre -- Forwarded message -- From: Daniel Kahn Gillmor d...@fifthhorseman.net Date: 22 July 2010 22:48 Subject: Re: plausibly deniable To: Andre Amorim an...@amorim.me Hi Andre-- Please don't reply off-list. this discussion would be useful for others who follow the list, or who read the archives. By taking the discussion off-list, this is now hidden from everyone but you and me. I haven't replied on-list because i don't want to publish your words without your permission. You have my permission to re-post my text here on the list if you want to take it back public again. On 07/22/2010 04:43 PM, Andre Amorim wrote: Why I felt stupid ? LOL.. I got it, thanks But if ..someone pick me up with my openpgp smartcard, put a gun in my head and say .. decrypt it or die ... i think you might be getting data signatures confused with data encryption. public-key signatures are a way of placing a mark on some content that no one but the holder of your key could make. They're often used to mean something like I wrote this message or I approve of this message. public-key encryption is a way of making it so that only the holder of a given key is able to access the cleartext content of your message. Plausible Deniability as a term is usually used in reference to the idea of signing, not encryption. That is, a system like OTR offers convincing proof to the other party in a conversation that you are who you say you are, but that information is designed to be uninterpretable to other people (because the way that per-session key material is handled after the session is over makes it possible for anyone to craft the same assertions). You should read up on otr if you're interested: http://www.cypherpunks.ca/otr/ This feature is legally dubious, since courts seem prepared to convict without cryptographic proof anyway. The closest idea to Plausible Deniability for encryption (not signatures) is something like hidden volumes within encrypted volumes, which truecrypt offers: http://www.truecrypt.org/ This feature is also dubious, because there will be suspiciously high-entropy on the disk, and you are known to be using tools with this feature, you will simply be coerced until you've accounted for all the data. And of course, when a gun is held to your head, it's hard to argue that you are in full control of your key. --dkg ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Fwd: plausibly deniable
No worrys Daniel.. living and learning.. --Andre -- Forwarded message -- From: Daniel Kahn Gillmor d...@fifthhorseman.net Date: 22 July 2010 22:48 Subject: Re: plausibly deniable To: Andre Amorim an...@amorim.me Hi Andre-- Please don't reply off-list. this discussion would be useful for others who follow the list, or who read the archives. By taking the discussion off-list, this is now hidden from everyone but you and me. I haven't replied on-list because i don't want to publish your words without your permission. You have my permission to re-post my text here on the list if you want to take it back public again. On 07/22/2010 04:43 PM, Andre Amorim wrote: Why I felt stupid ? LOL.. I got it, thanks But if ..someone pick me up with my openpgp smartcard, put a gun in my head and say .. decrypt it or die ... i think you might be getting data signatures confused with data encryption. public-key signatures are a way of placing a mark on some content that no one but the holder of your key could make. They're often used to mean something like I wrote this message or I approve of this message. public-key encryption is a way of making it so that only the holder of a given key is able to access the cleartext content of your message. Plausible Deniability as a term is usually used in reference to the idea of signing, not encryption. That is, a system like OTR offers convincing proof to the other party in a conversation that you are who you say you are, but that information is designed to be uninterpretable to other people (because the way that per-session key material is handled after the session is over makes it possible for anyone to craft the same assertions). You should read up on otr if you're interested: http://www.cypherpunks.ca/otr/ This feature is legally dubious, since courts seem prepared to convict without cryptographic proof anyway. The closest idea to Plausible Deniability for encryption (not signatures) is something like hidden volumes within encrypted volumes, which truecrypt offers: http://www.truecrypt.org/ This feature is also dubious, because there will be suspiciously high-entropy on the disk, and you are known to be using tools with this feature, you will simply be coerced until you've accounted for all the data. And of course, when a gun is held to your head, it's hard to argue that you are in full control of your key. --dkg signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: plausibly deniable
Please don't reply off-list . Daniel, sure no problems; --Andre -- Forwarded message -- From: Daniel Kahn Gillmor d...@fifthhorseman.net Date: 22 July 2010 22:48 Subject: Re: plausibly deniable To: Andre Amorim an...@amorim.me Hi Andre-- Please don't reply off-list. this discussion would be useful for others who follow the list, or who read the archives. By taking the discussion off-list, this is now hidden from everyone but you and me. I haven't replied on-list because i don't want to publish your words without your permission. You have my permission to re-post my text here on the list if you want to take it back public again. On 07/22/2010 04:43 PM, Andre Amorim wrote: Why I felt stupid ? LOL.. I got it, thanks But if ..someone pick me up with my openpgp smartcard, put a gun in my head and say .. decrypt it or die ... i think you might be getting data signatures confused with data encryption. public-key signatures are a way of placing a mark on some content that no one but the holder of your key could make. They're often used to mean something like I wrote this message or I approve of this message. public-key encryption is a way of making it so that only the holder of a given key is able to access the cleartext content of your message. Plausible Deniability as a term is usually used in reference to the idea of signing, not encryption. That is, a system like OTR offers convincing proof to the other party in a conversation that you are who you say you are, but that information is designed to be uninterpretable to other people (because the way that per-session key material is handled after the session is over makes it possible for anyone to craft the same assertions). You should read up on otr if you're interested: http://www.cypherpunks.ca/otr/ This feature is legally dubious, since courts seem prepared to convict without cryptographic proof anyway. The closest idea to Plausible Deniability for encryption (not signatures) is something like hidden volumes within encrypted volumes, which truecrypt offers: http://www.truecrypt.org/ This feature is also dubious, because there will be suspiciously high-entropy on the disk, and you are known to be using tools with this feature, you will simply be coerced until you've accounted for all the data. And of course, when a gun is held to your head, it's hard to argue that you are in full control of your key. --dkg signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Crypto Stick released!
Any news about V2 ? Thanks AA On 11 June 2010 10:33, Werner Koch w...@gnupg.org wrote: On Thu, 3 Jun 2010 16:58, jroll...@finestructure.net said: regards to the Crypto Stick? Is that something that can be patched, or is it a limitation of the communication protocol? Right that is a limitation of an internal communication protocol. Not hard to change but there are more important things to be done. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Printed OpenPGP Smart Card
Hello list, I planning to start a small business and I would like to give to my costumers a openpgp smartcard but with my company logo printed in it. What kind of options do I have ? Thanks for any help, Andre Amorim. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Crypto Stick released!
Thats what I'm looking for... but the shop is all in german, so does anyone knows if privacyfoundation.de a trustable company? (I mean, there are so many scams these days) But if it's ok I will be happy to buy one and give a try. Thanks AA. On 30 April 2010 16:02, Crypto Stick cryptost...@privacyfoundation.de wrote: Recently the German Privacy Foundation released the open source Crypto Stick! The GPF Crypto Stick is a USB stick in a small form factor containing an integrated OpenPGP smart card to allow easy and high-secure encryption e.g. of e-mail or for authentication in network environments. As opposed to ordinary software solutions, private keys are always inside the Crypto Stick so that their exposure is impossible. All cryptographic operations (precisely: decryption and signature because of public key cryptography) are executed on the PIN-protected Crypto Stick. In case the Crypto Stick was stolen, got lost, or is used on a virus-contaminated computer (e.g. Trojan horse) no attacker is able to access the private keys so that all encrypted data stays secure. The Crypto Stick is developed as a non-profit open source project and ensures a very high level of security due to verifiability and an attractive price. The open interface of the used OpenPGP smart card allows optimal compatibility with various software applications (e.g. GnuPG, Mozilla Thunderbird + Enigmail, OpenSSH, Linux PAM, OpenVPN, Mozilla Firefox). You can find more information at: http://www.privacyfoundation.de/crypto_stick/crypto_stick_english/ The Online Shop is currently in German only. Please mail me if you want to purchase a Crypto Stick and have trouble placing the order. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Andre Amorim GnuPG KEY ID: 0x587B1970 FingerPrint: 42AE C929 4D91 4591 4E75 430F 78D9 53B4 587B 1970 Download: http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x587B1970 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
WikiLeaks Crackers
What type of encryption the WikiLeaks said to have broken? AES ? Source: http://www.nytimes.com/2010/04/07/world/07wikileaks.html ps. I thought it was april fool. -- Andre Amorim GnuPG KEY ID: 0x587B1970 FingerPrint: 42AE C929 4D91 4591 4E75 430F 78D9 53B4 587B 1970 Download: http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x587B1970 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Portable GnuPG? (Ideally with portable TB+Enigmail)
Maybe winPT portable as a GUI. But last time I got some alerts made by my antivirus while runing winpt portable Now what I'm doing is have my pendrive (better with CD read only system if you're got a truly paranoia) with Ubuntu Privacy Remix installed https://www.privacy-cd.org/ .. + Truecrypt GUI ready to run. All the best Andre Amorim. On 15 March 2010 21:24, Aaron Berthold lis...@story-games.at wrote: On 15.03.2010 21:14, Grant Olson wrote: I think you just found the wrong page. Install the latest thunderbirdPortable from here: http://portableapps.com/support/thunderbird_portable And install gpg from here: http://portableapps.com/support/thunderbird_portable#encryption This one isn't listed as a development test or beta status like the page you had. Then install Enigmail. It worked fine for me. Thanks, I'll try that one. (Weird that I didn't find it. Huh...) Also keep in mind it's not a good idea to insert a USB Drive with your private key into an untrusted computer. You might want to make a dummy key for demo purposes. Yeah, getting copies of your private keys on untrusted pcs (and entering the passphrase there) is a Bad Idea. I'll probably make a zipped blank package, with TB/Enigmail/Gnupg installed but without keys or anything, to show keygen, importing etc. So I could extract the prepared package, show my stuff and then just delete the whole thing and start from from the fresh package on the next computer. (Although, ideally, people would say Wow, that's awesome! and just keep using the programs. ^_^ ) Aaron ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Andre Amorim GnuPG KEY ID: 0x587B1970 FingerPrint: 42AE C929 4D91 4591 4E75 430F 78D9 53B4 587B 1970 Download: http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x587B1970 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: BoF at the LinuxTag 2009?
2009/6/15 Werner Koch w...@gnupg.org I received another sample of the new smartcard today and it looks pretty good now. Shalom-Salam, Werner Is it based on BasicCard ? -- Andre Amorim GnuPG KEY ID: 0x587B1970 FingerPrint: 42AE C929 4D91 4591 4E75 430F 78D9 53B4 587B 1970 Download: http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x587B1970 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GPG manuscript
For historical reasons Is there a Manuscript with first version of GPG commands ? -- Andre Amorim GnuPG KEY ID: 0x587B1970 FingerPrint: 42AE C929 4D91 4591 4E75 430F 78D9 53B4 587B 1970 Download: http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x587B1970 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Graphing Web of Trust
Hello List, I've been playing with sig2dot to draw graph from the keys stored in my own keyring but, How can I do a graph from diferents key sign parties? Example: Party 1 (A to Z members) A1,B1,C1 ... Z1 Party 2 (AZ) A2,B2,C2 ... Z2 Party 3 (AZ) A3,B3,C3 ... Z3 Now some members of Party1, Party2 and Party3 had sign each other keys. How can I draw a graph global of it (including Party1, Party2 and Party3) ? and If all members of all parties had send they keys to same server is possible draw a graph from the server files as a source..??? Thanks, -- Andre Amorim GnuPG KEY ID: 0x587B1970 FingerPrint: 42AE C929 4D91 4591 4E75 430F 78D9 53B4 587B 1970 Download: http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x587B1970 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GNUPG and PKI compatibility (?)
By the way. Where I can find a PKS (public key server) and tools to build a PKI web of trust model. Because I want do make a chats, etc. any tool that you guys know to do things Like this: http://www.phillylinux.org/keys/historical.html [s] Andre Amorim GnuPG KEY ID: 0x587B1970 FingerPrint: 42AE C929 4D91 4591 4E75 430F 78D9 53B4 587B 1970 Download: http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x587B1970 2009/2/5 Christoph Anton Mitterer christoph.anton.mitte...@physik.uni-muenchen.de: On Thu, 2009-02-05 at 18:35 +0100, Csabi wrote: Is it possible that GNUPG compatible with PKI (Public Key Infrastructure)? gpg is a PKI, or better said, it's a client to be used with an PKI (the OpenPGP PKI, Web of Trust, or however you call it) I would like to use PKI with GNUPG but i failed :((( You probably mean the X.509 PKI. OpenPGP and X.509 are incompatible, but I'd suggest you to use OpenPGP, as it's more secure. If GNUPG is not compatible with it, do you know a great PKI freeware program? Depending on whether you mean X.509 you could use gpgsm, which is also part of GnuPG. gpg/gpg2 - OpenPGP gpgsm - X.509 Regards, -- Christoph Anton Mitterer Ludwig-Maximilians-Universität München christoph.anton.mitte...@physik.uni-muenchen.de m...@christoph.anton.mitterer.name ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Andre Amorim GnuPG KEY ID: 0x587B1970 FingerPrint: 42AE C929 4D91 4591 4E75 430F 78D9 53B4 587B 1970 Download: http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x587B1970 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Dan Brown - Digital Fortress book
Guys, I'm in the midle of this book rigth now, so let me try to finish it LOL... by the way... is there any other book, for a guy like me that find pleasant read about neuromancer, crypto, computers and fiction ... ??? 2009/1/14 David Shaw ds...@jabberwocky.com: On Wed, Jan 14, 2009 at 02:49:36PM +, Andre Amorim wrote: Hi all, Anyone knows what's is fact (real) and what is fiction in Dan Brown novel, Digital Fortress ? In Digital Fortress there are things called computers and things called human beings. Quite near everything else - including what these computers and human beings do - is fiction. Well, maybe not that bad, but it certainly isn't good. http://kasmana.people.cofc.edu/MATHFICT/mfview.php?callnumber=mf340 David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Andre Amorim GnuPG KEY ID: 0x587B1970 FingerPrint: 42AE C929 4D91 4591 4E75 430F 78D9 53B4 587B 1970 Download: http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x587B1970 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: using gpg with private keys from openssl certificates?
X.509 (the standard used by freemail certs) and OpenPGP use the same underlying algorithms, but the protocols are dramatically different. Making them interoperate is hard, and is usually not worth it. Robert did you already check this: FREEICP.ORG: FREE TRUSTED CERTIFICATES BY COMBINING THE X.509 HIERARCHY AND THE PGP WEB OF TRUST THROUGH A COLLABORATIVE TRUST SCORING SYSTEM http://middleware.internet2.edu/pki03/presentations/02.pdf [s] Andre Amorim 2008/12/17 arghman jmsa...@gmail.com: * if I sign a message with that key pair, and someone challenges my identity, what's the best/easiest way for me to prove my identity? You can't. Identity cannot be proven. Evidence can be presented, but someone can s/prove/assert (at least I think assert is the right word... I couldn't think of the right word when I wrote that) I don't need them to interoperate, I would just like to use the same key pair. WoT is fine but it would be nice to have a way to assert that [X = the person in possession of private key K_pr = me + anyone I'm stupid enough to share my private key with] is both trustable via Wot, *or* by trusting a certificate authority. trustable probably not the right word but I'm a bit shaky on the protocol vocabulary. -- View this message in context: http://www.nabble.com/using-gpg-with-private-keys-from-openssl-certificates--tp21057804p21063072.html Sent from the GnuPG - User mailing list archive at Nabble.com. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Andre Amorim GnuPG KEY: 2048R/3E10FF47 Download: http://pgp.zdv.uni-mainz.de:11371/pks/lookup?op=getsearch=0x7C3B77763E10FF47 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: using gpg with private keys from openssl certificates?
It's instead proposing something much different, which is unrelated to the original poster's request sorry bob, rigth, I misunderstood what he had said. It is whiskey fault. :-) I'll read it again tom. kind regards, A.A. 2008/12/18 Robert J. Hansen r...@sixdemonbag.org: Andre Amorim wrote: X.509 (the standard used by freemail certs) and OpenPGP use the same underlying algorithms, but the protocols are dramatically different. Making them interoperate is hard, and is usually not worth it. Robert did you already check this: The paper does not propose a way to allow X.509 and OpenPGP to interoperate. It's instead proposing something much different, which is unrelated to the original poster's request. -- Andre Amorim GnuPG KEY: 2048R/3E10FF47 Download: http://pgp.zdv.uni-mainz.de:11371/pks/lookup?op=getsearch=0x7C3B77763E10FF47 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
etoken aladdin howto
Hi all, http://www.etokenonlinux.org/et/HowTos/eToken_and_GPG [s] -- Andre Amorim GnuPG KEY: 2048R/3E10FF47 Download: http://pgp.zdv.uni-mainz.de:11371/pks/lookup?op=getsearch=0x7C3B77763E10FF47 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: I need a portable GUI for GnuPG
Have you checked: http://portableapps.com/support/thunderbird_portable#encryption Also I trying to get gpg safer while using it as portable app. This is a nice freeware tool to avoid keyloggers. http://www.aplin.com.au/?page_id=246 But It was discussed here before. If you have no control on your hardware, you cannot have your keys safer. [s] Andre Amorim. 2008/7/5 Faramir [EMAIL PROTECTED]: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Andrew Berg escribió: Faramir wrote: | Hello! | I have been carrying portable thunderbird with portable gnupg in | my flash memory stick, plus GPGShell, and it works fine. But GPGShell | licence forbids to redistribute it. The idea is to make that combo | available for download... it is not making any modification, just saving | the end user the problem of having to install these apps by themselves | (also, to put GPGShell in the flash drive, the user needs to have it | already in his computer). You're not allowed to distribute Enigmail (or any other extension) preinstalled with Thunderbird, so even if you get some other frontend for GPG, you still have that problem. Good point... however, installing an extension in Thunderbird is a lot easier than installing something in the computer... the main problem is to make gpg +gui available without the need to install (I mean, without the need to use an installer) it... something like a zipped combo... Best Regards -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJIbxWTAAoJEMV4f6PvczxA/SgH/2Sk/uHApxX4A2ucV9WDAFb1 hDgq4CeYrnBQYJPCKe/h/Rw/cXlpcbSJqL9xls3EL7CTH41aykb/OFg1yDeKa1+9 8RRrBOVJis2KVokM+/VRDNS93r18CPIwGjlTgC2BuXGuoFH/J0RpiajwvKwdAF/+ /YIfgouQ2u2a7Z5kpRqIW3cAZ0yg/+Apb/jPf8SXy0XaxBja32DevyDjRa66RY2F cQtSRVmzvz6dcaRcv0nKLP2K9iOkEgIud5XbZSh3MhceY7veCMVp8tcvPWKtPSOj rN5M4bAqGWHkVbij3C6ihHux9yGGGlEq9hVQWncowN7eEnZ+SfbKmW2RQn9KrKw= =05SD -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Andre Amorim GnuPG KEY: 2048R/3E10FF47 Download: http://pgp.zdv.uni-mainz.de:11371/pks/lookup?op=getsearch=0x7C3B77763E10FF47 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
One Time Password and GnuPG
Hello fellow, I was thinking how to make gnupg more safe when it's ruining into hostile environments. The main idea is run my Gnupg in my pen drive as a portable application. I did a quick research and I found GNUPG portable here http://portableapps.com/node/11402 And thunderbird portable and enigmail http://portableapps.com/apps/internet/thunderbird_portable Then I started thinking IF the insecure computer have a Kellogg's ? well I fund Neo's SafeKeys; http://www.aplin.com.au/?page_id=246 That is a virtual keyboard that can send to engmail the private key password without type or using the keyboard. But it still vulnerable to screenlogger's . So I was think if is possible to use some kind of One Time Password System .. Something like Perfect Paper Password ... http://www.grc.com/ppp/urlaccess.htm What do you think guys ? All the best, Andre Amorim --Gpg: 2048R/3E10FF47http://pgp.zdv.uni-mainz.de:11371/pks/lookup?op=getsearch=0x7C3B77763E10FF47 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users