What to do when subkey expires?
Sorry for such a simple question, but I can't find a simple answer. My signing and encryption subkeys have expired, so do I just create new subkeys, and upload to the SKS servers? Do I have to delete the subkeys, or revoke them? Thanks, -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is it possible to decide what is a gpg file?
Sorry, sent to author instead of list again. Message below. On Thu, Nov 19, 2009 at 11:02 AM, Brian Mearns mearn...@gmail.com wrote: On Thu, Nov 19, 2009 at 10:26 AM, ved...@hush.com wrote: There is no way (yet, ;-) ), to do what you want in gnupg, as a gnupg encrypted file will show that it was encrypted either symmetrically or to a key. But, if you don't mind XOR-ing with a large pad, and you have a secure place to keep the pad, (not on the computer with the encrypted files), you can do something like the following: [1] Encrypt whatever file you want using gnupg, and the options of --throw-keyids --armor This will produce a ciphertext output of the encrypted file, with no information about the key it was encrypted to, except for the type (dh, rsa) and the size. [2] Find, or write, a document equal to or greater, than the size of the file in [1], and save it on your computer, and do not save the file in [1]. [3] Construct a pad that XOR's from the file in [2] to the file in [1]. [4] Save the pad securely somewhere else. [5] If the pad is discovered, people will expect to use it to apply to a ciphertext and recover a plaintext, not the other way around, and you have no ciphertexts on your computer, and even if it were used correctly to recover the ciphertext, the plaintext still cannot be recovered without the key and passphrase. BUT, Only you know what your threat model is. This will probably not be a good idea to use if your threat model includes dangerous determined adversaries who know the field. vedaal [snip] I think you're very much over-complicating things. If you're going to go through all the trouble of creating a pad of equal length to your message, then just make it an OTP, XOR it with your message, and you're done. No need for gpg at all in that case, and no need for a cover document. If he wants to hide the fact that he has an encrypted document, that's a completely different matter and calls for steganography. -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Details of signature verification status-fd lines
On Wed, Sep 23, 2009 at 4:20 AM, Werner Koch w...@gnupg.org wrote: On Tue, 22 Sep 2009 17:50, bmea...@ieee.org said: Thanks for the response. So EXPKEYSIG doesn't mean the key was expired when the signature was made, right? If that shows up along with It means that the key has expired by now. VALIDSIG, it's ok to trust the signature, correct? What about That is up to you. Usually you would show a message stating that the key used to create the message meanwhile expired. Whether you take the signature creation date into account and show a different message is up to you. If a signer wants to use an expired key for signing he may as well change the signature creation time. REVKEYSIG? If a key is revoked, is there an easy way to know if the signature was made prior to revocation, or would it be necessary to just compare the stamps on the signature and the revocation? There is no way becuase you don't know why the key was revoked. Sure the revocation signature allows to give a reason of revocation and you can take that in account, but if the key was compromised an attacker may also create a revocation with a different reasons (e.g. key superseded). You can't tell who did the revocation. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. Great, thanks for the help, Werner. By the way, are there any python or PHP bindings for GPGME? -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Details of signature verification status-fd lines
Just a quick question on the --status-fd output from a --verify operation: if EXPSIG, EXPKEYSIG, or REVKEYSIG are given, could VALIDSIG or GOODSIG also show up? In other words, are these just for more information on why a signature failed, or can they qualify the GOOD and VALID outputs? Thanks -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Details of signature verification status-fd lines
On Tue, Sep 22, 2009 at 11:19 AM, Werner Koch w...@gnupg.org wrote: On Tue, 22 Sep 2009 16:26, bmea...@ieee.org said: Just a quick question on the --status-fd output from a --verify operation: if EXPSIG, EXPKEYSIG, or REVKEYSIG are given, could VALIDSIG or GOODSIG also show up? In other words, are these just for It depends. EXPKEYSIG for example may come in addition to VALIDSIG. VALIDSIG is the modern version of GOODSIG. Except for the description in doc/DETAILS we don't have a more specific description (it is on our task list, though). The best way to see what you can expect is to look at the gpgme code. gpgme/src/verify.c computes the validity of signatures. Processing the NEWSIG status line is in general a good idea so that you don't mix the status lines given for different signatures. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. Thanks for the response. So EXPKEYSIG doesn't mean the key was expired when the signature was made, right? If that shows up along with VALIDSIG, it's ok to trust the signature, correct? What about REVKEYSIG? If a key is revoked, is there an easy way to know if the signature was made prior to revocation, or would it be necessary to just compare the stamps on the signature and the revocation? Thanks, -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Entropy sources for rngd
Sorry, I know this is only somewhat on topic: if someone can suggest an appropriate mailing-list or news group, that'd be great. I want to use rngd to increase my entropy pool for use with GnuPG, but I don't have a hardware random device. I've seen a lot of references to using /dev/urandom as the input source for rngd, which claim that rngd's randomness test is sufficient for ensuring that the entropy pool remains random. But there's something that really doesn't sit well about that for me. Can anyone offer informed insight on this? Thanks, -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
(Off topic) News on quantum computers cracking crypto
In case you missed it, using 15 as a key value is no longer a viable option: http://spectrum.ieee.org/computing/hardware/chip-does-part-of-codecracking-quantum-algorithm Fortunately, people are working on it: http://spectrum.ieee.org/computing/software/cryptographers-take-on-quantum-computers -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: (Off topic) News on quantum computers cracking crypto
2009/9/10 Christoph Anton Mitterer christoph.anton.mitte...@physik.uni-muenchen.de: On Thu, 2009-09-10 at 10:12 -0400, Brian Mearns wrote: In case you missed it, using 15 as a key value is no longer a viable option: http://spectrum.ieee.org/computing/hardware/chip-does-part-of-codecracking-quantum-algorithm Thank God! I've used 17 ;) Cheers, Chris. No you didn't, 17 is prime. =D -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Two convicted in U.K. for refusal to decrypt data
On Wed, Aug 12, 2009 at 10:46 PM, Joseph Oreste Brunijbr...@me.com wrote: [clip] http://www.securityfocus.com/news/11556 Not entirely on topic, but for those using GnuPG (or other encryption software), you should always keep abreast of the encryption laws of your country. [clip] Has everyone seen the Vanish project from University of Washington? http://vanish.cs.washington.edu/ If you haven't you should really give their paper a read, it's pretty interesting. The basic idea is that the key is random, and no-one actually needs to know it: it's broken up using secret sharing and dsitributed through a peer-to-peer network. The recipient can retrieve the shares and reconstruct the key for a one-time decryption, but over time, the shares should naturally leave the network and eventually the key is lost completely. I have my doubts, but I'm open to the possibility that it could work, and I'm very interested to see how law-enforcement will respond if it does. Will they force all p2p nodes to log everything, try to monitor networks themselves, or just plain make the system illegal? -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Two convicted in U.K. for refusal to decrypt data
On Thu, Aug 13, 2009 at 8:40 AM, the dragonce...@hotmail.com wrote: oops, didn't reply all... And if you look at the cases reported, these are not system admins refusing to divulge data, or even regular people trying to protect their privacy - they are child molestors and wanna-be terrorists. encrytion is about maintaining personal and data privacy; it's not about having a tool to break the law. [clip] If you truly believe that, then there's no reason not to hand over your encryption key immediately to your local police department. For that matter, turn over a copy of your house key too: that's about protecting you from the bad guys, not the police, right? Clearly I'm being a little extreme (ad absurdum) , but you need to re-read the article: it said the cases had to do with the crimes you mention, but it specifically didn't say that the people being charged with refusing to turn over their key were actually suspects. For all we know, they could be childhood school mates of the suspect who haven't seen him/her in thirty years. And, as many on this list have already pointed out, even if they were suspects, that in no-way means that they actually are child-molesters or terrorists, it means somebody things they might be. I could very well claim that there's a secret message coded in your lengthy email signature which admits to a vile crime; that doesn't mean you actually did it. Would you want to turn over all your encryption keys and passphrases just because I made some accusation? Clearly this is a tricky issue, because there are two important but conflicting values at stake: public safety and private rights. But I'd like to just keep one thing in your mind when this comes up; a little mantra to chant to yourself: I am innocent until proven guilty. -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Public key crypto by hand
Sorry, this is a bit of topic. But I wonder if anyone knows of a public key system that can realistically be done by pencil and paper. I realize anything a computer can calculate could conceivably be done by hand, but I'm looking for something realistic. I don't consider raising very large numbers to very large powers realistic. Thanks, -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Public key crypto by hand
On Thu, Jul 30, 2009 at 8:44 AM, Harry Rickardshricka...@l33tmyst.com wrote: [clipped 7/30/2009 9:26:46 AM] Brian Mearns wrote: Sorry, this is a bit of topic. But I wonder if anyone knows of a public key system that can realistically be done by pencil and paper. I realize anything a computer can calculate could conceivably be done by hand, but I'm looking for something realistic. I don't consider raising very large numbers to very large powers realistic. Thanks, -Brian I asked the same thing (I think it was this list) a couple of months ago. The best thing I found was http://sergematovic.tripod.com/rsa1.html. - -- Thanks Harry Rickards hricka...@l33tmyst.com GPG Key Info: pub 1024R/58449F6F 2009-06-12 uid Harry Rickards (OpenPGP Card) hricka...@l33tmyst.com sub 1024R/D775CCEE 2009-06-12 sub 1024R/9394048C 2009-06-12 [clipped 7/30/2009 9:26:58 AM] -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thanks, Harry. Interesting page, but I don't think primes on the order of 3 and 11 really qualify as secure, which was pretty much what I figured would be the case: anything that can reasonably be done by hand wouldn't be secure. Oh well. Pad locks it is. =) - -Brian - -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) iQEcBAEBAgAGBQJKcaBhAAoJEHOUulIkSI7cauYH/0aKd4ytkq7Fq5jxemSREbsg laK1AmG28cNi+JDUxdshMsVfz7QjBw9WmENq9VvcaxkHRynN05hT3f7z4upnbSfq EbLyqDZJsn2B5iTFJt008+09GMiZBUCnwDrh5MQpxeWWKxdM0NXuJZRmCIpMCzZ6 wZUxpZ1ce7Yx1PsdpVtq5XwFBvFweF9qAwoXl7tWpdUwD03SmrO/ntv/WMLc3cNE 2ZQzkPhmufG8XhYxSeQ+72ftD1dSKKWlYjqCic8va9J6mWsw6wEGJjZ5bLXdP9c+ kzrCiKJPjlaJzScrC5NdzfDoGXVCvIQDxG7W9ZbWFgtxPpTCI6PHwFiK79Im1kw= =otX/ -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Public key crypto by hand
On Thu, Jul 30, 2009 at 2:06 PM, Brian Mearnsmearn...@gmail.com wrote: On Thu, Jul 30, 2009 at 2:02 PM, gerry_lowry (alliston ontario canada (705) 250-0112)gerry.lo...@abilitybusinesscomputerservices.com wrote: Robert wrote in part that We've known since '99 that Solitaire is weak, thanks to the work of Paul Crowley. It was, however, sufficient as a plot device in Cryptonomicon. Even simple systems like pig-latin are sufficient as long as they are more sophisticated than those from whom one wishes to safeguard information. Thanks, Gerry. I'm familiar with the system and the book (which was excellent). But Bruce Schneier still claims on this site that the cipher is reasonable strong, and now that I've heard otherwise I'm seeking more information. -Brian Replying to myself, I found Crowley's site detailing the bias in solitaire: http://www.ciphergoth.org/crypto/solitaire/ I only really have a basic understanding of crypto, nothing deeply mathematical enough to understand how this actually effects the strength of the cipher. Would anyone care to explain this at all? Thanks, -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Opinions on RIPEMD vs SHA?
I'm considering making my default hash RIPEMD160: does anyone have any opinions on how this compares to SHA-2 algorithms in terms of both security and availability? I like the idea that RIPEMD was developed in an academic community instead of the NSA, but if there are genuine benefits to using SHA, I have no problem looking past this bit of romanticism. I'm especially curious if RIPEMD160 is commonly available in popular PGP clients. Thanks, -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Any UNIX API for GPG available?
On Wed, Jun 24, 2009 at 9:59 AM, Peter Pentchevr...@ringlet.net wrote: On Wed, Jun 24, 2009 at 02:21:29AM -0700, littleBrain wrote: Does anyone have the UNIX API documentation for GPG? Please reply to this thread. That would be very much helpful.. What exactly are you looking for? If you want to encrypt, decrypt, sign, or verify OpenPGP messages from a program you are writing, and you want to use GnuPG for this, you may take a look at the GnuPG Made Easy library - http://www.gnupg.org/related_software/gpgme/ Once you download and install it, there will be a gpgme.info file which you may examine through any texinfo browser, such as the info or pinfo command-line tools. If that's not what you mean by UNIX API documentation for GPG, you'll have to explain a bit better what you are looking for :) Hope that helps. G'luck, Peter -- Peter Pentchev r...@ringlet.net r...@space.bg r...@freebsd.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If there were no counterfactuals, this sentence would not have been paradoxical. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users GPGME just invokes gnupg in a subshell, right? And parses the response? Not that this won't work, it just seems so inelegant. Does anyone know of efforts to right an actual free-software library that implements OpenPGP? -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Any UNIX API for GPG available?
On Wed, Jun 24, 2009 at 2:33 PM, Morten Gulbrandsenclassp...@arcor.de wrote: [clipped 6/24/2009 3:11:09 PM by Brian Mearns] Dear Brian This is the core math of OpenPGP bash-3.00$ gpg --version Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 === If used apart from manually invoked messages and files, and without the use of a proper passphrase, manually keyed. I don't think it would be much useful. It would be much the same as saving your passphrase or even typing it in the source code. But this is known to me. http://www.gnu.org/software/gnutls/ http://gmplib.org/ # I'm involved here http://www.opentls.org/ OpenTLS is a project to replace OpenSSL, and is divided in three smaller packages, NetCrypto, NetPKI and NetTLS. It's been worked on since the autumn 2003, and at the time of writing, the last major part of NetCrypto is being worked on. The other two components are still entirely vaporware, hardly even at the planning stage. It was known from the beginning that this project would evolve slowly. === for live applications which runs distributed like OpenVPN or skype or sip-communicator, this paper tells some interesting stuff: http://www.davidpashley.com/articles/cert-authority.html this is for running applications distributed over then net, eg client server computing and what needs a passphrase when loggin on the network. Human authentication like in OpenPGP is essential. if a piece of software is to do the authentication, you may even save to hard disk the files. But I cannot figure any understandable benefit for that. Why do you want the software to encrypt unlike PGP, which encrypts with a human token called the passphraze? Example bash-3.00$ touch somethingIdliketohide.txt bash-3.00$ gpg -c somethingIdliketohide.txt # I am prompted twice for my passphraze, # which would be silly to put in any sourcecode. gpg: WARNING: `somethingIdliketohide.txt' is an empty file bash-3.00$ ls -l somethingIdliketohide.txt* - -rw-r--r-- 1 morten other 0 Jun 24 20:27 somethingIdliketohide.txt - -rw-r--r-- 1 morten other 64 Jun 24 20:27 somethingIdliketohide.txt.gpg bash-3.00$ you may even use gpg -c --cipher-algo AES256 If you prefer. Morten [clipped 6/24/2009 3:11:26 PM by Brian Mearns] -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greetings, Morten- Hope you're not offended if I ask: are you a dada engine? [http://dev.null.org/dadaengine/] Cheers, as always- Brian P.S.: No, I do not remember Trafalgar. - -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) iQEcBAEBAgAGBQJKQnvpAAoJEHOUulIkSI7c6HEIAIseG4+2wLesoxVtc+MS6OR+ lvV0FEZuFL4irM9jvHeLyx5VoxEAj2Fr9T2Xyj4kzIQGFZHf6ufnHZ2RvdAczSgj oPeXrbarVm4HcTMPhcUkYoqIdcdY0Op7vEL7r3LShuHoGbJv4OPlBu+MVAoYX59u xejdTz/9C9VOflLrkxuCeHeesnd+dos2qriBFA/xraR1uU4dqIK6uc4mTpDsCnDw LnaX4V/3rQC2jB4JBAANsGjhAQOeEMJZWc1JAsBYFjPFX+L1uTOtUFbePa1F4aX7 mOU9uMUhkHGmJn6/xDLqHFAwwa/b0vEo+ywKtcJb8skD5PrDfUM1rtpkC3iKLvk= =PxB2 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Plaintext attack vulnerabilities?
On Tue, Jun 16, 2009 at 9:11 AM, Daniel Kahn Gillmord...@fifthhorseman.net wrote: On 06/16/2009 06:44 AM, Brian Mearns wrote: Are there any known vulnerabilities associated with an attacker who can provide plaintext and receive a signature for it? I'm planning a simple computer-auth system where a client sends a random token to the server, and then the server signs and returns it to prove that the server has the private key. I'm wondering if a malicious client could provide a certain plain text such it could learn something about the private key based on the returned signature. The client may or may not be able to learn anything about the private key directly, but there are other serious attacks that such a scheme could be vulnerable to. For example, a relay or man-in-the-middle attack is possible: Alice wants to bob.example.org, a server run by Bob. Mallory happens to have a machine (mallory.example.net) on the network path between Alice and bob.example.org. mallory.example.net intercepts the traffic, and answers to Alice as though it were bob.example.org. Alice asks mallory.example.net to prove that it is bob.example.org by supplying it a random token to sign. mallory.example.net in turn opens a connection to the real bob.example.org, pretending to be Alice, and hands it the same token, which bob.example.org signs and returns to mallory.example.net mallory.example.net replays bob.e.o's signature to Alice to establish its fake identity. If the bob.example.org uses the same key for other purposes (e.g. identity certification, or more generally as a primary key), there are still other attacks that are possible. Why design your own protocol? There are several public-key-based network authentication protocols (using OpenPGP or not) which already exist and have been vetted, many of which have free implementations you can use! For example, you could use RFC 5081 (TLS with OpenPGP certificates). This is not widely adopted at the moment, but it is implemented in recent versions of GnuTLS. As a rule of thumb, any asymmetric key which is set up to automatically sign arbitrary plaintext provided by possible attackers is opening the door to potential compromise. --dkg Thanks for the response, Daniel. The man-in-the-middle attack isn't a concern for me because the server is behind a firewall. The setup here is that the client is a laptop and I'm looking for a simple, automatic way to determine whether or not it's on a particular network by sending a string to a certain LAN IP address (192.168.*.*), and confirming that it comes back signed with the correct key. This isn't actually for secure communications, so a man in the middle who's also behind the firewall is no big deal: the attack will only work if we're all on the same LAN, so it will still confirm what I want it to. The attack I'm worried about (which I've learned is called a chosen plain-text attack) is that a malicious client on the LAN will send particular strings to the server and be able to learn about the server's key based on the response. To avoid this, I thought I could have the server concat it's own random string to the one sent by the client, then send back a digest of the combined string along with a signature. That way, the client can guarantee (more or less) that it's a unique string (so someone couldn't spoof the response from the server), but cannot reasonably choose the plain text. I think this is pretty much how the TLS handshake works, anyway. The reason I'm rolling my own is, well for one I have a bad habit of doing exactly that (reinventing wheels), plus I want something simpler than a full TLS session, specifically, I want to use UDP instead of TCP to reduce network traffic, and I want it to just be a two-transmission operation, also to reduce network traffic. -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Verify signature by specific key
I'm looking for an automated way to verify that a signature was made by a specific key. It's not sufficient to just verify that the signature is valid and known to my keyring, I want to confirm who it belongs to. I was hoping the -u option would work, but it doesn't seem to. The only work-arounds I've come up with are parsing the message sent to stderr (Signature made ... using ... key ...), or creating a separate key ring containing only desired key. But both of these options kind of suck. Any other ideas? -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Plaintext attack vulnerabilities?
Are there any known vulnerabilities associated with an attacker who can provide plaintext and receive a signature for it? I'm planning a simple computer-auth system where a client sends a random token to the server, and then the server signs and returns it to prove that the server has the private key. I'm wondering if a malicious client could provide a certain plain text such it could learn something about the private key based on the returned signature. Similar attacks have happened on the APOP authentication scheme which uses md5: a fake server presents a token to the client which gets hashed with the client's password and sent back: by using certain tokens, the server is able to drastically narrow down the range of a brute force attack on the password, and after several such attacks, people have actually been able to recover the first few characters of the password. So now I'm wondering if any similar vulnerability is known for OpenPGP signatures. Thanks, -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Question regarding signature
On Tue, May 12, 2009 at 9:38 AM, David Shaw ds...@jabberwocky.com wrote: On May 11, 2009, at 12:44 PM, Sanjeev Gupta wrote: All, I have 2 different vendors an dI would like to sign their keys using 2 different private keys. I don't want to share my public key between them. When ever I try to sign the key the software doesn't give me the option to select my won key, it always use my default key. how can I achieve this. Please help me as I need to finish this project ASAP. gpg -u (the-key-i-want-to-sign-with) --sign-key (the-key-i-want-to-sign) David I have to wonder why you don't want to share your public key between them? You understand that's the whole point of public-key-cryptography schemes like those used by gpg, right? A public key is public, it's meant to be shared and doing so does not cause any [feasible] security risks. -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Looking for a good port80 static-DNS keyserver
So I've been advertising keys.gnupg.net as the place to get my key for a while now, but the round-robin DNS is kind of bugging me. I understand the purpose of it, but it's kind of a crap shoot: not infrequently, the address maps to a server that's down or buggy. I'd rather have one dedicated address for an sks I can use and refer others to, preferably one that's available on port 80. Any suggestions? Thanks, -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Looking for a good port80 static-DNS keyserver
On Wed, Apr 29, 2009 at 11:21 AM, John Clizbe j...@mozilla-enigmail.org wrote: Brian Mearns wrote: So I've been advertising keys.gnupg.net as the place to get my key for a while now, but the round-robin DNS is kind of bugging me. I understand the purpose of it, but it's kind of a crap shoot: not infrequently, the address maps to a server that's down or buggy. I'd rather have one dedicated address for an sks I can use and refer others to, preferably one that's available on port 80. Any suggestions? Curious which ones are showing up as buggy? There's a flaw in one specific search case with SKS 1.0.10. 1.1.x is safe as is 1.0.9 See http://www.pramberger.at/peter/services/keyserver/network/ EKP is an email protocol also http://sks-keyservers.net/status/ from where hkp://pool.sks-keyservers.net is constructed I use (operate) the one in the sig block below -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-k...@gingerbear.net?subject=help Q:Just how do the residents of Haiku, Hawai'i hold conversations? A:An odd melody / island voices on the winds / surplus of vowels Thanks, John. I was unaware of the status page, I think that will be helpful. I'm not sure offhand which servers have been buggy, but I believe I've connected to http://keys.gnupg.net/ in the past and been presented with a blank page, for instance. Is it considered impolite to advertise one specific keyserver (like gingerbear, for instance) in my sig? -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Further thoughts on Windows Install
On Thu, Apr 23, 2009 at 5:47 AM, Werner Koch w...@gnupg.org wrote: A platform independent set of data files means no matter what o/s you They are already platform independent. However they are bound to a specific gpg version. In practise there was only on minor format change with version 1.0.7, but other changes will eventually come. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. Anyone know if there's a specific reason the OpenPGP standard doesn't cover key ring file formats? -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Further thoughts on Windows Install
On Thu, Apr 23, 2009 at 10:28 AM, Werner Koch w...@gnupg.org wrote: Anyone know if there's a specific reason the OpenPGP standard doesn't cover key ring file formats? The standard defines cares only about the format on the wire and not about specific implementations. You may want to use an SQL DB in one implementation or get the key material from a punch card. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. Fair enough, I hadn't considered the prospect of keys coming from other sources. -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Bad signatures on Gmail messages
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I just wanted to let people know that I finally woke up and realized that messages I was signing and sending with Gmail are bad because the mail client is inserting linebreaks in order to wrap lines. This is standard behavior for a lot of MUAs so that certain mail readers don't have problems displaying them. From now on, any messages I sign will be written offline with short lines, signed, and then pasted into my mail client, so that the signed message already contains the correct line breaks. - -Brian - -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) iQEcBAEBAgAGBQJJ8JM+AAoJEHOUulIkSI7cr34H/3xHq3aFC+elUPKSfh5jkASS ZyKSUbcWt9sF9FMJllIQoPKjxQgdhTBzZCGPUm9qTWuF5b73Ds/hvHqCiXZXMQPI t2SkAY4w7rPH11tPdfwZf4AGlZuDSB4KR8v08R1O9X1+k8ycoxvuife3t/l2pNLt er4MqJ9jEffwwHL+SF3xb6CLArmRWfS+6Bd0zACMfKH2FnEUZ+e6Zg/Zb3A72oAQ qburrJC3vf4qsVhCb2rq2Bx0RPwVGdbkWC+hCmx4J9yKaku/UNKWPxIOsGJuyYZ6 mV0FxWi750wnJt1rfC2mb8ZiNEFjEkEtdjH/1n+7NcLi0xgcN+LHspH53Hrewyc= =xIIG -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Bad signatures on Gmail messages
On Thu, Apr 23, 2009 at 4:24 PM, Werner Koch w...@gnupg.org wrote: On Thu, 23 Apr 2009 18:12, bmea...@ieee.org said: I just wanted to let people know that I finally woke up and realized that messages I was signing and sending with Gmail are bad because the mail client That is why PGP/MIME is the only robust format and higly recommended over of the simple clearsigning mode. Shalom-Salam, Werner Could you elaborate on this Werner? I'm not familiar with this...does gpg support this? Thanks, -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: syntax for encrypting only the string passed in an argument
On Thu, Apr 16, 2009 at 3:38 AM, Incomex inco...@hotmail.com wrote: I want to be able to call a shell from within a development environment and pass a string of data to it to be de/en/crypted. The idea would look like this: read from file data.txt line z and put it into variableY variablex = call shell(gpg -e -r Joe variableY) print variablex rem: variableY is the plaintext, variablex is the returned cyphertext you can email me directly at inco...@hotmail.com thanks -- View this message in context: http://www.nabble.com/syntax-for-encrypting-only-the-string-passed-in-an-argument-tp23072963p23072963.html Sent from the GnuPG - User mailing list archive at Nabble.com. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Does you development environment allow you to feed things to stdin? Because that's how gpg would normally expect to receive the text, if an input file is not specified. I don't know whether or not there's a way to specify the text directly in an argument (seems very unlikely, most plaintext would be difficult to escape for use on a command line). Depending on how the shell function commands, you might be able to do it directly from there, e.g., `cat myfile | gpg -e -r joe`. -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG executable for Unix/Apache ?
On Fri, Apr 17, 2009 at 8:23 AM, Jan Banan viceversasp...@gmail.com wrote: Hi, and thanks for answering! Well, just to avoid misunderstandings, I have a form on a secure HTTP page on a third-party server. The form data is sent secured from the browser to the server. When it reaches the server it is to get encrypted before it is sent to me via email. Once arrived at my local email-inbox it is decrypted. (And anyway, I am not dealing with credit card numbers or any really sensitive information, I just want to be able to offer a more or less secure processing of the form data). I am actually on a Windows machine myself so when it comes to my end I guess I should install one of the win-versions to be able to decrypt the incoming emails. But it is getting the GPG executable onto the Unix/Apache server that is confusing to me at this point. I have already uploaded and configured a perl script that will encrypt the form data and send it to me, but for the encryption bit it needs to work together with a GPG executable. And that's the piece of the puzzle I am currently missing. Are you saying that I could download the source code for e.g. gnupg-1.4.9.tar.gz and then extract it to my Windows harddrive and get a compiler to compile the code to a single file, which I then upload to my hosting server? If so, what kind of compiler should I look for? Do I need it to support special features or a special programming language? /peter No you can't build it on Windows...well, you might be able to build it on windows if you have the proper tools (most likely GNU make, gcc and possibly others), but that will only build a Windows executable, which cannot be executed natively on a Unix-like system. What I meant by source is to download and extract the tar.gz on your web server, and build it there. The usual sequence is './configure; make; make install', but you will likely need super-user (root) permission to install it. You could try configuring it to install to a directory you have permissions to write to, and then you shouldn't need special permissions to install it: if you decide to go this route, I can try to help you configure it. But this is all assuming that you have some sort of shell access to the server, so that you can issue the commands. The same is true for the alternative of installing a binary using a package manager. Basically, it comes down to that fact that gnupg is software that needs to be installed on your server, and you need to have permission and the ability to do this, or you're pretty much out of luck, unless you talk your host into installing it for you. You are correct about decrypting; you will need to install a Windows version in order to decrypt the message, and you will need to have your secret key on your windows machine. There are easy to use installers for Windows available on that same link I sent you before, should be straightforward. Let us know if you can get shell access to the server and, if possible, what distribution of Linux (if it is Linux) the server is running, and we can go from there. -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Etiquette for other people's signatures in responses
Hey, I'm relatively new to PGP and I just wanted to get some feedback on the proper etiquette for quoting signed messages in responses. Clearly, it's inappropriate to edit a person's response if they're signed it, but is it considered rude to remove their signature from the message in the response? For instance, if I did just want to include part of their message in the response, could I clip that part out and delete the signature? Thanks, -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://pgp.mit.edu/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Singing a key with a subkey
I've exported a crippled version of my private keyset for use at work...I did not include the primary/master key in the export, only a signing subkey and an encryption subkey. Now I've imported them on a different system and want to sign a co-workers key with the subkey, but gpg complains that: gpg: secret key parts are not available gpg: signing failed: general error I'm able to sign files using the subkey (on the same system), so I'm not clear why I wouldn't be able to sign a key with it as well. Is there something I'm missing, is there a way around this, or is there something fundamental about this limitation? I'm using gpg 1.4.9 on Windows XP. Thanks for any help -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://pgp.mit.edu/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users