Re: Smart card
On 2017-04-04 10:27, Teemu Likonen wrote: Will Senn [2017-04-04 00:19:11-05] wrote: On 4/3/17 11:48 PM, Doug Barton wrote: What's your threat model? [...] I do not really know what I need vs what I think I need. In my uneducated state, I think I want to be as secure as possible [...] Considering possible threats is useful or even extremely important but here's another point of view. Perhaps it can be just "I'm interested in security technology and want to study smart cards. Thus, I'll buy one and learn how it works. Maybe it will turn out useful or even necessary." There is nothing wrong with that point of view of course. The danger comes in when people promote things like smart cards to newbies as "The right way to do PGP." They are/would be overkill for 99.9% of people who use PGP, and the additional hassle and complexity serves as a barrier to entry. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Smart card
On 04/09/2017 11:01 AM, Mike Gerwitz wrote: If I know a threat exists, I'm going to evaluate my threat model and decide whether or not it is worth my time to mitigate it; whether I can hope to mitigate it; and whether attempting to do so is going to put me at even more risk for some other threat. You and Rainer have gone on at great length about the part of the threat model equation dealing with the attacker. However, you don't seem to take into account the other part of the equation, what you are protecting. The overwhelming number of PGP users simply use it because it's cool. They don't have anything approaching significant secrets to protect, it's just fun to do cryptography. There is nothing wrong with that, in and of itself. (Note, I acknowledge that there are people for whom signatures and encryption actually matter.) There is not even anything wrong with the idea that using smart cards, air-gapped computers, detached signing subkeys, etc. *can* be part of that fun. The concern is that when folks tell the new users that they are *required*, that becomes problematic for a couple of reasons. First, it gives a false impression of how secure the "basic" version of GnuPG is in the first place. Perhaps more importantly, it places a much higher barrier to entry for new users; for no measurable ROI. So if folks want to imagine that you live in a Bond film, and that SPECTRE is out to get you, so be it. I don't begrudge you that fantasy. But when it comes to offering advice to new users, please be realistic about what they are actually going to benefit from. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Fwd: Re: Smart card
Original Message Subject: Re: Smart card Date: 2017-04-08 10:41 From: Doug Barton <do...@dougbarton.us> To: gnupg-users@gnupg.org On 2017-04-04 10:27, Teemu Likonen wrote: Will Senn [2017-04-04 00:19:11-05] wrote: On 4/3/17 11:48 PM, Doug Barton wrote: What's your threat model? [...] I do not really know what I need vs what I think I need. In my uneducated state, I think I want to be as secure as possible [...] Considering possible threats is useful or even extremely important but here's another point of view. Perhaps it can be just "I'm interested in security technology and want to study smart cards. Thus, I'll buy one and learn how it works. Maybe it will turn out useful or even necessary." There is nothing wrong with that point of view of course. The danger comes in when people promote things like smart cards to newbies as "The right way to do PGP." They are/would be overkill for 99.9% of people who use PGP, and the additional hassle and complexity serves as a barrier to entry. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: That which we call a rose
On 04/03/2017 06:57 AM, Peter Lebbing wrote: On 03/04/17 15:30, Doug Barton wrote: We really need to stop referring to this as signing. I agree. But it might be too late. It's never too late. Better is better. If we'd started being more rigorous years ago, TOFU never would have happened. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Smart card
On 04/03/2017 08:33 PM, Will Senn wrote: I didn't ask if I should get one. I asked if there were resources to help a newb make decisions regarding them. While I sense a certain disdain in your response, I'll make some clarifying comments in the hope that its worth the effort... Robert's answer was more than a little snarky, yes. But, you send your question to a free mailing list, you get what you paid for. :) Meanwhile, go back to your first post, and remember the question I asked you, before anything else? What's your threat model? As Robert pointed out, it's really hard for us to give you a map if you can't tell us what you want your destination to be. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: some beginner questions
On 04/03/2017 04:20 AM, Peter Lebbing wrote: On 02/04/17 21:00, Neal H. Walfield wrote: In short, the main key acts as a level of indirection, which separates your identity from your encryption/signing keys. I'd like to extend this short description a bit :-). There is one important somewhat-caveat, which is that you can't delegate the Certify capability to a subkey. This means you always need to use the primary key to sign other OpenPGP *keys*. We really need to stop referring to this as signing. The number of ways that the same term is used to mean different things in PGP is a huge contributor to the confusion on the part of new users. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: some beginner questions
On 04/03/2017 04:16 AM, Peter Lebbing wrote: On 03/04/17 08:25, Doug Barton wrote: That said, as long as you have a suitable passphrase your risk of key compromise is really, really minimal, even if they did get total control over your device. Barring coercion, the chances of someone guessing your passphrase is near zero. And currently that's the only way to gain access to a secret key, even if you have it in your possession. I might misunderstand what you mean. Yes, you did. :) But when somebody has full access to your device, they can simply log your keystrokes when you type the passphrase, and get your passphrase that way. Key compromise is very well possible without you knowningly handing over the passphrase. You are correct, but that's a different threat model than someone simply stealing the device (which is what I wrote about). What you're describing implies a level of sophistication and coordination on the attacker's part that few of us are subject to, and certainly wasn't included in what Will said he was trying to guard against. More generally, it is impossible to use GnuPG in a meaningful way on a compromised device. Well, yeah, but, again, not relevant to my post. :) Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: some beginner questions
Some answers below, and you've already received some good answers, but I have some more fundamental questions. :) First, and an important question for security-related stuff generally, what is your threat model? In other words, what dangers are you guarding against by using PGP? You mention evangelizing your key, and asking how to get more people to use PGP with you. Those are reasonable questions, but the first is the most important. If you simply want a secure way to communicate with people that you know without others being able to snoop on the conversation, there are other, arguably better, and certainly easier, solutions. PGP has its use cases, but unless we know why you want to use it, it's nearly impossible to give you good advice. More below. On 04/01/2017 07:10 AM, Will Senn wrote: 3. I've read https://superuser.com/questions/466396/how-to-manage-gpg-keys-across-multiple-systems and other such pieces proclaiming the value of having the master key in a safe place and having subkeys on your actual devices. What do you think a master key is, and why do you think it's important to protect it? What kind of devices do you want to put signing subkeys on? Why do you think that your use of PGP will be more secure if you have a signing subkey on a device, instead of your "main key?" 4. Is it safe to refer to my public key/fingerprint information as I did in the previous question with output from gpg? In what way(s) do you think it could be unsafe? Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: haaveged + gpg --sign fails with "signing failed: Operation cancelled"
That's not how you use haveged. It is supposed to start when the system boots, and run in the background, collecting entropy to seed the PRNG. That said, if you are using a card for signing that's way more likely to be involved in the problems you're seeing. Try creating a key on the file system, and test using that first. If that works, then you've narrowed down your problems. Doug On 03/22/2017 11:33 PM, Rainer Hoerbe wrote: Just for the record: Adding entropy using haveged does not work in my setup - it will cause the signature to fail without useful error message. My setup is: Linux keymgmt 4.9.14-200.fc25.x86_64 #1 SMP Mon Mar 13 19:26:40 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux gpg (GnuPG) 2.0.22 libgcrypt 1.5.3 The procedure that repeatedly fails when including haveged: sudo /usr/sbin/pcscd sudo /usr/sbin/haveged gpg2 --import my_pub.gpg gpg2 --card-status echo -e "trust\n5\ny" > /tmp/gpg_editkey.cmd gpg2 --command-file /tmp/gpg_editkey.cmd --edit-key gpg2 --sign mydoc.txt Regards, Rainer Hörbe Identinetics GmbH ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ADMIN: Some mail addresses are now rewritten
The appropriate place is the IETF, and/or lists related to the development of mailing list software. Doug On 03/15/2017 08:46 PM, Bill Broadley via Gnupg-users wrote: But finding a place that discusses standards that impact so many different pieces is tricky. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Question about signing keys and trust.
On 03/15/2017 02:14 PM, Jamie H. via Gnupg-users wrote: Hello! It's been a few years since I've messed with gpg, but I have an application that needs something kind of like distributed groups. Lets say I have: "key group" (which is owned by who-cares, it's a public key only that represents a group of people) The fact that more than one person has access to the key seems superfluous to your use case. I have a person, lets say William Smith who has his key signed by who-cares William Smith then signs Betty Boop with his key. So William Smith and Betty Boop are sort of like members of "key group" because Betty Boop has a signature by someone who has their key signed by the key group, and if Betty Boop signs someone, up to n-depth, then those people become members of "key group". No one has authority to add or remove people, except other members of the same group. This very unclear, but perhaps you have a more detailed implementation plan in mind, and this is just a summary. ... fast forward .. In the application, lets say it's a spam fighting tool, a Betty Boop marks a message as spam. I trust members of "key group" to mark spam, but I don't trust them with everything, just marking spam, so the spam message is deleted. Popeye, who is a member of "alien group" marks something as spam too, but since popeye doesn't have a key signed by someone in "key group", I do not trust him to flag messages as spam, so I just ignore it. This bit is clear, but if a spam detection tool is what you're developing, sharing the responsibility for flagging something as spam is a very bad idea. There has been a lot of e-ink spilled on this problem from all of the major mail providers. Essentially, users are incredibly bad at reliably tagging *their own mail* as spam, or not-spam. At best an individual's opinion on whether something is spam or not should be taken as one lightly weighted value in the overall determination. Developing a complex system of trusting users' opinions on this topic would be a waste of your time. Problem is I can't see how! Is there a way I can look at someones public key and (without importing anything into my personal key files) list in a kind of chain fashion how many other signers there were? Sort of. You can use --list-packets, but it would be very painful. It would actually be easier to import these keys onto their own rings using the no-default-keyring option. You probably also want to use no-import-clean option so that you can see all the signatures, including those from keys you have not already imported yet. It's not *too* complicated to do this kind of stuff, but you have to really read the man page and understand how the pieces fit together. I would also recommend that you use GNUPGHOME to create a separate environment from your own personal one. I admit, GPG probably wasn't designed for this, and I don't really get the whole trust level thing.. and if it's impossible or impractical I'll find another way, but it would be convenient. Trust is completely different from what you're describing here. (Unfortunately the term 'trust' is badly abused in PGP circles, and has at least 4 different meanings depending on context.) You don't care about the trust *level* at all. Your only concern is whether or not the key you're examining is included in the web of trust for your tool. If your "group key" that you described above is the apex of the tree, you want to examine the key you have to see if it has a chain of trust back to that apex key. For keys which are close to the top, that would not be too expensive of an operation. But as your pool grows it could become quite expensive, as you'd have to check if signatures/keys have been revoked, expired, etc. Another problem you have is that there is no way for the administrator of the system to decertify a user (kick them out of the group, so to speak). You would require the cooperation of every user in every chain of trust back to the apex key, and every other member of the group not to add them back. As you point out, PGP is not really designed for this sort of thing. :) That said, you may be able to learn some stuff from the software for this site: http://pgp2.cs.uu.nl/wotsap/ hope this helps, Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PM from David Adamson -please ask on-list
On 11/25/2016 02:28 AM, Stephan Beck wrote: Hi David, I kindly invite you to post your PM on-list. It might be of interest for other people as well. Why send this to the list, rather than to him privately? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: making a Debian Live CD for managing GnuPG master key and smartcards
On 04/26/2016 06:37 AM, Robert J. Hansen wrote: I've looked over your egpg code. My bloodless technical evaluation is simple: "it is nowhere near ready for production environments." And I think if you read over the other technical criticisms you've received, you'll see this is pretty much a consensus opinion. +1 on all counts. FWIW, Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Evangelzation discussion :Was [Re: making a Debian Live CD for managing GnuPG master key and smartcards]
On 04/26/2016 02:40 PM, Bob (Robert) Cavanaugh wrote: New thread for this topic... For what it's worth, you didn't actually do that. What you did was to change the subject line of your reply. For those of us who use mail readers that actually thread, your message still appears under the original thread. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Using a passphrase FD from variable and piped data for encryption
On 04/19/2016 12:34 PM, Dashamir Hoxha wrote: On Tue, Apr 19, 2016 at 9:18 PM, Doug Barton <dougb@dougbarton.email <mailto:dougb@dougbarton.email>> wrote: On 04/19/2016 05:12 AM, Dashamir Hoxha wrote: I have written a small password utility, where passwords are stored on an encrypted archive. This is a bad idea. You should instead use one of the well-established solutions created and peer-reviewed by knowledgeable folks. Personally I'm a big fan of KeePass. Would you like to peer-review it? Of course not. I already said that it's a bad idea. I can't be any clearer than that. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Using a passphrase FD from variable and piped data for encryption
On 04/19/2016 05:12 AM, Dashamir Hoxha wrote: I have written a small password utility, where passwords are stored on an encrypted archive. This is a bad idea. You should instead use one of the well-established solutions created and peer-reviewed by knowledgeable folks. Personally I'm a big fan of KeePass. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to interprete the output of --export-ownertrust?
On 04/05/2016 05:57 AM, Daniel Baur wrote: while it is off-topic: The In-Reply-to and References-header are not the same. Depending on the mail client that may or may not be true. :) But more importantly, the existence of either header will tell the person looking at the headers that the message is not new, it's a response of some sort; which was the point I was trying to make. When considering extending the life of an off-topic thread it's worthwhile to consider how much you're benefiting the members of the list, vs: https://xkcd.com/386/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to interprete the output of --export-ownertrust?
On 04/04/2016 01:58 AM, Peter Lebbing wrote: On 03/04/16 13:56, Peter Lebbing wrote: Also, when you start a new topic, could you please post a fresh new message to the mailing list, instead of replying to an unrelated post? Two people mailed me to say they didn't think this had happened (thanks!). They are right; sorry for my mistake. For some unknown reason, /my/ mail reader thought it would be a good idea to mix the threads, it was not Christine who did this. I have no idea why, it's an odd bug. You can see what it looks like for me[1]. I totally did not expect the problem to be on my side, but the mail was clearly posted correctly. Again, my apologies to Christine. As someone who is also hyper-sensitive to that issue, I've been right where you're at. :) I learned to check the headers, and look for References: (sometimes spelled In-Reply-To:) with one or more message Ids after. The problem you're seeing is that sometimes tbird's index gets corrupt. You can either rebuild the folder, or sometimes copying the new thread out of the folder, then copying it back in, does the trick. hth, Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Verification via the web of trust
On 03/24/2016 02:53 AM, Peter Lebbing wrote: On 23/03/16 22:07, Doug Barton wrote: 1. You don't know if the key was in full control of the person/organization it purports to represent before, during, or after the signatures you are trusting were applied. 2. You don't know if the person in control of the key at the time the thing you care about was signed was being coerced, or not. These situations are rather more extreme than "is somebody MITM'ing my connection to the apache.org webserver". If you can decide that somebody authorized by the Apache Foundation to sign off on releases actually did sign the code you got, that's actually of value. But that's precisely my point. You have no idea what individual was actually responsible for signing the package you're downloading. It *could* be the same trusted package uploader that has signed the last few packages you grabbed, or it could be a nefarious individual who managed to get hold of Apache's secret key. My point is that there is no volume of signatures on or leading up to that key which will answer this question for you. The trust starts somewhere, there is always some base step where you say "I can't verify further, this will do". There are no absolutes in this game. In fact, the two points you give are /always/ valid. They do not make signatures useless. I didn't say that they are useless. I said that we have to be realistic about what their value is (and isn't). Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Verification via the web of trust
On 03/23/2016 04:38 PM, Andrew Gallagher wrote: On 23 Mar 2016, at 21:07, Doug Barton <dougb@dougbarton.email> wrote: On 3/22/2016 11:14 AM, Andrew Gallagher wrote: the question most useful to a user is "given this particular signature, how much confidence should I invest in it?". No, the question *most* users that bother to use the signature at all ask about it is, "Did it validate?" You're contradicting something I didn't say. Yes, I am. I'm trying to make a point. One which I think you failed to grasp. The answer to *your* question, "How much confidence should I invest in it?" is, "Very little." "Very little" is still better than "nothing", which is the only alternative on offer. Except in certain specialized situations the only utility for a PGP signature is, "Does it show that the thing signed arrived unchanged?" Unchanged compared to what? ;-) I'm assuming that this is not a serious question. You cannot reasonably place more confidence in it than that, regardless of the number of known signatures the key has. 1. You don't know if the key was in full control of the person/organization it purports to represent before, during, or after the signatures you are trusting were applied. 2. You don't know if the person in control of the key at the time the thing you care about was signed was being coerced, or not. And as Robert pointed out, for organizational keys there is no way that you can associate control of the key with a known, trusted individual. All true. And all beside the point that I was making, which is that a validated signature may not be much, but it's a) all that we have, and b) better than nothing. No, it's *not* beside the point. You keep saying "better than nothing," which is technically correct, but not sufficient. We need to understand and discuss exactly *how much* better than nothing a valid signature is before we can seriously discuss how much weight to put on it, or how much spelunking through the WOT we're willing to perform, or (more importantly) recommend. So trying to validate a key in the manner you described in your e-mail is at best a fool's errand. If you enjoy the work, by all means help yourself. But let's please stop pretending that signatures mean more than they really do. Spending a lot of bandwidth refuting straw man points that I didn't actually make is also a fools' errand. ;-) Ok, so let me be more direct, since I was obviously too subtle the first time. You described downloading keys and validating signatures in an effort to validate a key which signed a random software package that you downloaded from the Internet which is, by and large, a colossal waste of time. Further, you seem dangerously misinformed about what value to place on the work that you performed (that is, any actual increase in trust or validity that you placed on the key after you were done ... hint: It's zero). Because of the three points I listed above, any work spent validating they key that made the signature is simply a waste of time. You cannot, and more importantly should not, impart any additional "trust" in signatures made by that key due to the work you performed. Now it's your time to spend, so if you want to spend it thusly, that's great. More power to you. But before you create any grand plans or recommend that others do the same kind of work you really need to understand the situation better. hope this helps, Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Verification via the web of trust
On 3/22/2016 11:14 AM, Andrew Gallagher wrote: the question most useful to a user is "given this particular signature, how much confidence should I invest in it?". No, the question *most* users that bother to use the signature at all ask about it is, "Did it validate?" The answer to *your* question, "How much confidence should I invest in it?" is, "Very little." Except in certain specialized situations the only utility for a PGP signature is, "Does it show that the thing signed arrived unchanged?" You cannot reasonably place more confidence in it than that, regardless of the number of known signatures the key has. 1. You don't know if the key was in full control of the person/organization it purports to represent before, during, or after the signatures you are trusting were applied. 2. You don't know if the person in control of the key at the time the thing you care about was signed was being coerced, or not. And as Robert pointed out, for organizational keys there is no way that you can associate control of the key with a known, trusted individual. So trying to validate a key in the manner you described in your e-mail is at best a fool's errand. If you enjoy the work, by all means help yourself. But let's please stop pretending that signatures mean more than they really do. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: SHA-1 checksums to be replaced with something better at https://gnupg.org/download/integrity_check.html ?
On 03/17/2016 01:00 PM, Kristian Fiskerstrand wrote: so if the server was to be compromised in some way ... ... the checksum (that you are downloading from the same server) becomes useless. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: (OT) mathematicians-discover-prime-conspiracy
On 03/18/2016 05:18 AM, Peter Lebbing wrote: Can someone point me in the direction of the solution to this counterintuitive probability theory result? You already got good answers as to why this happens from Viktor and Andrew. You can illustrate them by adding TT to your analysis. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: DNS record for finding a key from an e-mail address
On 03/14/2016 03:25 PM, Mire, John wrote: On 3/14/2016 15:38, Doug Barton wrote: I think there is a system in place that works pretty well, keys are not 'siloed' in one place but are distributed to every keyserver for the public to see, its the sks openpgp keyservers. I'm having trouble understanding your response, sorry. Are you saying that the DNS method involving the fingerprint and retrieval from the key server is better, or are you saying that no DNS method is necessary at all? Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: DNS record for finding a key from an e-mail address
On 03/14/2016 05:21 PM, Brian Minton wrote: Sounds like CERT (TYPE37) records? Yes, the first example I gave is similar in nature to those records. For a variety of reasons the various communities involved have shied away from a general purpose record for this purpose, and have gravitated towards unique RRs instead (e.g., the TLSA record). Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
DNS record for finding a key from an e-mail address
Howdy, The IETF is currently working on a specification for a DNS record (secured by DNSSEC) that will allow users to find a PGP key from an e-mail address. I'm interested in feedback on how y'all think that should work. In one version the receiving user would create a truncated version of their key, using only the UID that is related to that e-mail address. The sending user would retrieve that key, and the mail software would rely on it to encrypt the mail to the receiving user. There is also some discussion in regards to how or whether the software doing the DNS lookup would, or would not, also utilize the sending user's key ring, but let's keep it simple for now. In another version the receiving user would place the full fingerprint of their key in the DNS, and the sending user's software would use that fingerprint to retrieve the key and compare that retrieved key to the user's existing WOT, then inform the user of the results. Of these alternatives, which do you see as most useful, and why? Or, do you imagine a different approach? Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gnupg doesn't create new keys
On 03/14/2016 01:02 PM, Fabian Santiago wrote: Technically yes. It's a hosted vps. If you have any thought of using your key(s) for anything security related you need to create them on something you have exclusive control over. Creating them on someone else's virtual server means that they are compromised from the moment you create them. That said, if you are just creating keys for fun, or for some sort of experiment, that's fine, but please don't publish them to the key servers. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: FAQ maintenance
On 02/26/2016 07:29 AM, Robert J. Hansen wrote: Why is it more resource intensive? It's far more intensive of a much more limited resource: user happiness. Normal users tend to find hexadecimal frustrating: "It's a *number*? But it uses A through F." This is something that only experience can fix. "I don't understand. Why do I need the long ID?" This is something the FAQ should explain :) "Wait, now I need to use the *entire* fingerprint?" Ditto. "You can't be serious: I need to give a 40-character serial number whenever I need to identify a key?" I'm not sure users care much how many characters they are copying and pasting. "What do you *mean*, future keys will be expanding to 64 characters?!" ... In all this discussion about what's mathematically optimal, I'm dejected to see how little we're talking about human factors. ... you might note that in my recent response I did mention a very important human factor. Consistent advice (always use the complete fingerprint to identify a key) is MUCH easier for users to remember than trying to teach them when they need it, and when they don't. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: FAQ maintenance
On 02/25/2016 06:50 AM, Kristian Fiskerstrand wrote: On 02/25/2016 02:38 PM, Peter Lebbing wrote: (If this feels like droning on to you, just stop reading and go do something fun!) On 2016-02-25 14:25, Kristian Fiskerstrand wrote: Now, the real question discussed here though isn't really collission but preimage attack, that is a different story and far more difficult :) Thanks for the link! But my approach to it wasn't really from "is it a problem in practice" but more "should this be the advice we give" and "what's wrong with just using the fingerprint and be done with it forever". We always tell users to use the fingerprint if they need to be sure of authenticity. Or if I'm mistaken about that, I think we should. Well, it depends. Sure, should always use full fingerprint for certificate validation etc, no question asked. But the internal keyid and the packet structure use 64 bit keyid as identifier, so using fingerprint in quite a number of other cases is more resource intensive without necessarily improving too much (in particular in cases where action from yourself is required, default key for signing etc). There is a value in future-proofing advice. It's true *today* that the 64-bit key ID is used internally, but that may not be the case tomorrow. There is also value in giving consistent advice. "Use the full fingerprint everywhere you need to identify a key" is much easier for users to understand than for them to try to remember which places they can/should use which method. Keep in mind that users are not going to be "doing PGP" on a day to day basis with the FAQ open in a neighboring window. If we can provide clear, consistent advice that's easy for users to remember we're way ahead of the game. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: symmetric encryption and gpg-agent
On 02/19/2016 12:59 PM, Janna Martl wrote: So, is there a "good" way to get what I want: my email password stored in a way that I only have to enter a passphrase once, and my master password file stored in a way that I have to enter the passphrase every time I want to look at the file? Rather than using PGP to encrypt a master password file use a tool like KeePass which is specifically designed for the purpose. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: basic identity mgmt
On 1/17/2016 2:17 AM, Peter Lebbing wrote: On 17/01/16 03:19, Doug Barton wrote: Further I don't see signing as all that interesting either. [...] We can infer things about these topics from our knowledge/beliefs about the sender, but I can't think of any rational person would go along with a request to "Pay Joe $10,000" just because the message was PGP signed. Forget the validity of the key, that kind of request would require serious OOB authentication. Just because someone would not agree to an outlandish request based on a valid signature, this doesn't mean there aren't reasonable requests that are horribly bad. [after lots of snipping] Your example is a good one, but again I assert that it would be overwhelmingly foolish to rely on *just the signature* to indicate that the request to meet is a legitimate one. You glossed over the points in my previous messages about the fact that we cannot know for sure if the person sending the message is actually who we think it is (i.e., that the legitimate correspondent has not lost control of the key), and that they are not being coerced, based on the signature alone. At minimum there should be some sort of "steganography" based on how the message is constructed, certain words or phrases, etc. That combined with the signature may be enough to prove the validity of the message. But this thread started trying to refute my assertion that keeping certification keys air-gapped is pointlessly complicated. I haven't seen a refutation of that premise yet. :) Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: basic identity mgmt
On 01/15/2016 01:37 PM, Andrew Gallagher wrote: On 15/01/16 21:02, Doug Barton wrote: On 01/15/2016 12:21 PM, Andrew Gallagher wrote: | I've | worked on several projects for more than one financial institution, | and airgaps like this are considered barely sufficient for some | important keys. (Of course in such projects the idea of a | certification subkey not on the airgapped machine would be | completely unacceptable...) That's interesting, and you have made me curious ... what's the threat model? And what is that key certifying? Most relevant example, a system where users can register their authorisation keys against a semi-automated authority which signs them for trust by a third system. The root key that certifies the automated authority keys is offline. Essentially a private root CA. Now, this example is using x509 rather than pgp, Right, that's what I suspected. I have set up similar systems myself, and I'm very familiar with security requirements there. X.509 is very different from PGP, although I do understand that in some ways the semantics are the same. Most particularly X.509 is used primarily to establish trust relationships between systems, not people. So the ability for a system to identify itself to another system, without human review being involved, is something much more precious that deserves a higher degree of protection. OTOH, PGP is designed primarily to establish trust relationships between people, with human review of the results an integral part of the process. I read your example, and there are numerous flaws with your theoretical threat model. Let's assume your premise, that someone could root a laptop, and by so doing gain access to use all of the PGP keys on that laptop (Note, I disagree with this premise, but let's grant it for argument's sake). There is no need to deal with the certification key at all in order to do the kind of damage you proposed. All you need to do is sign a message that authorizes your nefarious deeds. Said attacker would also have the ability to decrypt all manner of messages and/or data, all of which are likely to be vastly more interesting than what you propose. In fact, I assert with a great deal of confidence that *for PGP*, the certification key is the least interesting key of the bunch, and yet it's the one that people have created this intricate protection mechanism for. Further I don't see signing as all that interesting either. As has been discussed several times on this list the primary area of reliability for signing is to make sure that the message that arrived was the one that was sent. But it provides no guarantee about who was in control of the key when the message was signed, whether the signer was coerced, etc. We can infer things about these topics from our knowledge/beliefs about the sender, but I can't think of any rational person would go along with a request to "Pay Joe $10,000" just because the message was PGP signed. Forget the validity of the key, that kind of request would require serious OOB authentication. Glossing over authentication (because there's no real use case for those keys yet), that leaves us with encryption, and that's where it's at, my friends. But unless you really enjoy making your life harder than it has to be, you can't routinely use encryption with an air-gapped key, so I remain unconvinced that there is a use case for air-gapping PGP keys. But I'm still willing to listen. :) Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: basic identity mgmt
On 01/16/2016 07:06 PM, Andrew Gallagher wrote: On 17 Jan 2016, at 02:19, Doug Barton <dougb@dougbarton.email> wrote:. OTOH, PGP is designed primarily to establish trust relationships between people, with human review of the results an integral part of the process. That may have been the initial motivation. But consider that the most common real world use of PGP today is verification of code signatures - many of which are generated semi-automatically by build infrastructures such as Debian and verified by install tools. The trust relationship here is between your client and a build server, not people. True enough, but what do those signatures actually mean? But more importantly, what security measures are in place to prevent a rogue key from entering that WOT, in addition to a certification signature from a random key? Is the only thing someone would need to do to compromise a single certification key? Glossing over authentication (because there's no real use case for those keys yet), Two factor ssh smart card auth? I use it nearly every day - much more often than encrypted mail. Sorry, all that does is replace something that already existed, works well, and is widely supported; with something more complex, often buggy, and not widely supported. That's not a use case, that's a solution looking for a problem. That's not to say that someday there won't be a use case for authentication keys, but I haven't seen one yet. I don't think anyone has sent me an encrypted mail in over a year, and the last one was about signing a PGP key. ;-) You're corresponding with the wrong people. :) Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: basic identity mgmt
On 01/14/2016 11:35 AM, Wendy Oberg wrote: From: "Doug Barton" [dougb@dougbarton.email] What is your concern about signing the key? Not so much a concern. But I might want to make use of the predicate "key X is valid" without having to sign anything, and without even having a key. You still haven't answered the "Why?" question. I'm not trying to badger you, I'm trying to find out if there is a use case that we're missing here. Sounds like the "--tofu-policy good ..." in recent versions, as suggested by Damien, may do the trick for this. Unless I'm missing something that's not different in any material way from '--trust-model always'. And are you aware that local signatures will not be communicated beyond your keyring? Yes, thanks, W. Ok, so why is that not the right solution for you? Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: basic identity mgmt
On 01/11/2016 08:35 AM, Lachlan Gunn wrote: You've already received good answers on your questions, so some questions for you. :) What is your concern about signing the key? And are you aware that local signatures will not be communicated beyond your keyring? I actually ran into this issue the other day. For me it's problematic because my certification key is on an offline machine, so it's inconvenient to have to power it up and do a round-trip through the airgap when I'm not going to propagate the signature anyway. It's not a dealbreaker but it's still a bit irritating. This is a good example of why that method of working with your keys is pointlessly complicated. :) Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Key selection order
On 01/14/2016 01:41 PM, NdK wrote: Il 14/01/2016 21:06, Andrew Gallagher ha scritto: >Tofu does not guarantee identity persistence. Just because your correspondence hasn't been obviously tampered with (yet) does not mean that someone hasn't been MITMing you all along and biding their time. As usual, it depends on your attack scenario. If I have 10-years-old mails from someone I've never met, and all use the same key, I can assume that either 1) that identity belongs to the same person or 2) that an attacker MITMed*all* my connections (from every device I've had wherever I was and to every service I used). Occam's razor and my "exposure profile" make me think it's 1):) There are several more possible scenarios. The most plausible of which would be 3) Your correspondent is being coerced, and 4) Your correspondent has lost control of the key, and the new correspondent is skilled at mimicking the "real" one. Of course neither of those scenarios is defensible with either key verification strategy. In other words,*time* can be considered an 'out of band' channel. It really can't ... if anything time increases the likelihood that the original key holder has lost control of the key. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: basic identity mgmt
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 01/15/2016 12:21 PM, Andrew Gallagher wrote: | On 15/01/16 19:33, Doug Barton wrote: |> This is a good example of why that method of working with your |> keys is pointlessly complicated. :) | | It's complicated, but not necessarily _pointlessly_ so. Depending | on circumstances it could be considered minimally prudent. I've | worked on several projects for more than one financial institution, | and airgaps like this are considered barely sufficient for some | important keys. (Of course in such projects the idea of a | certification subkey not on the airgapped machine would be | completely unacceptable...) That's interesting, and you have made me curious ... what's the threat model? And what is that key certifying? Doug -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJWmV5bAAoJEFzGhvEaGryE0DUH/ikPiqoloNaGaKLbhffEdbOy Vwu/AmBIzqAgG9PRrOMQs0YVu0m+i5LaQiJ+ofiL/6ohWQWk2T5jny4mL+n2I/BP Mposz7GYQcTHM0+4Dn7CTuEkGow0afOCqFte1FTibGb8amDquExn9EpfvBJeTde3 +Tfkh8HJFgWj/Kc1dxz4QR9bt7M5Z++XdstjOBE4vkJHsnbb8RsPMO6ammS5Vncf EHJpmwNjz67p5dWyi2DsHA5q7epW02tpqqwQCpRbZzf2Qd/t6k9glGuk3kZMkI6T x57YyOCO4J8skDQbffmqk0u7vb5Ogt4CdcyM8NKRZVo+DRV/pojt3tDuwXiX//E= =Y3Xu -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: basic identity mgmt
On 01/10/2016 02:01 PM, Full Name wrote: Do I have to sign it? Is there no way to configure gpg locally to say "the info in this key (fingerprint) is accurate", without having to sign? Is the semantics of signing with lsign or sign "the info in this key is accurate"? You've already received good answers on your questions, so some questions for you. :) What is your concern about signing the key? And are you aware that local signatures will not be communicated beyond your keyring? Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg --encrypt-to says a key by fingerprint is ambigous
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 1/6/2016 8:03 AM, Lars Hollenbach wrote: | Hello, When I use gpg --encrypt-to I am getting | this: | | gpg --encrypt-to 06195004D8FBF459786B2CA2D731496480A63D5A gpg: key | specification '06195004D8FBF459786B2CA2D731496480A63D5A' is | ambiguous gpg: (check argument of option '--encrypt-to') gpg: | '06195004D8FBF459786B2CA2D731496480A63D5A' matches at least: gpg: | 06195004D8FBF459786B2CA2D731496480A63D5A gpg: | 06195004D8FBF459786B2CA2D731496480A63D5A The error message seems pretty straightforward ... can you show us the output of --list-keys for that fingerprint? Doug -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBCAAGBQJWjXJNAAoJEFzGhvEaGryErNkH/2e81P2zaHt+EM0gvJp9VgrD BqdiH6p8pzYLvQK1iVgMRymQXCjFhJWDFvWl1enOIeJbiO5OVHiK9vIuRRC7O3mF mN0s84illeJfIHBjYANt7fdpUhHr/rQ+KYuAZ7yrbKVeQbZ47HfKpvhOf1ANb5nR 3xgGek4qD7lVSWmAMEKoDOmUqVlf3vq76pTYtce7R/kWrZVnlm2+PnkZ06PvB0ye 7eDkis1J3FBzCxHpdDCExjyh02QHwxBnqgu2MTusrtFY34JMWB/LBjeAwFf6Dy1M 6HcvzwY2M+8Fp6KK2Ift44jrMy8eEbXGqC2oGsw9S5MPIrn6XCI7fF2jie3/P9w= =xxIx -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: can not decrypt file suddenly
On 4/13/15 8:07 PM, jason zhang wrote: Hi NIIBE Thank you very much for the help. Yes, it asked me the passphrase just after gpg: CAST5 encrypted data line, and I gave the passphrase. The passphrase is definitely right since I used it very 2 or 3 days. You mentioned that you had an unscheduled shutdown recently. Did the problem start shortly thereafter? Do you have an archived version of the file that you can compare this one too? It's not impossible that the encrypted file was corrupted. Doug -- I am conducting an experiment in the efficacy of PGP/MIME signatures. This message should be signed. If it is not, or the signature does not validate, please let me know how you received this message (direct, or to a list) and the mail software you use. Thanks! signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: can not decrypt file suddenly
On 4/13/15 8:56 PM, jason zhang wrote: Hi Doug Yes, the problem started after the unscheduled shutdown. Unfortunately, I don't have an archived version. The problem is that another encrypted, which I have not touched for sometime, cann't be opened either. Well I'm sorry to say, that sounds like the files are corrupted. Run the following commands on both files (substitute file for the actual file names), and report the results: file file gpg --list-packets file (Yes, the first command above is literally the word file) Doug -- I am conducting an experiment in the efficacy of PGP/MIME signatures. This message should be signed. If it is not, or the signature does not validate, please let me know how you received this message (direct, or to a list) and the mail software you use. Thanks! signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg 2.0.27 is updating the trustdb constantly, and taking minutes to do it
On 3/28/15 3:48 AM, Werner Koch wrote: Sorry for this. It has already been fixed in the repo, Just out of curiosity, do you have an ETA on a new release? -- I am conducting an experiment in the efficacy of PGP/MIME signatures. This message should be signed. If it is not, or the signature does not validate, please let me know how you received this message (direct, or to a list) and the mail software you use. Thanks! signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
PGP/MIME (Was: One alternative to SMTP for email: Confidant Mail)
On 3/25/15 11:08 AM, Bob (Robert) Cavanaugh wrote: Doug, Signature shows as an attachment signature.asc. No evidence that PGP actions were envoked. Work forces use of Synaptic PGP, so I cannot tell if it is verified or not. Thanks Bob, that is interesting feedback. FWIW, I have received various other messages privately from people who have said the same thing ... They can see the attachment, but either message verification fails, or there is no indication on their side that it is a PGP-signed message at all. While this is strictly anecdotal evidence I would argue that it's a good indication that we may not be ready for PGP/MIME as the default. Doug -- I am conducting an experiment in the efficacy of PGP/MIME signatures. This message should be signed. If it is not, or the signature does not validate, please let me know how you received this message (direct, or to a list) and the mail software you use. Thanks! signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PGP/MIME (Was: One alternative to SMTP for email: Confidant Mail)
On 3/25/15 1:20 PM, Ville Määttä wrote: On 25.03.15 21:41, Doug Barton wrote: While this is strictly anecdotal evidence I would argue that it's a good indication that we may not be ready for PGP/MIME as the default. I think that fail, a signature.asc attachment, is still a cleaner fail than a non-PGP receiver getting a breakdown from inline PGP. And that is for every single email. How are you using the term breakdown here? If their client isn't doing PGP they see some extraneous text, and a signature block. While I agree that for those not using PGP that is clutter, I am not sure what you mean by breakdown. I have not received a single question from anyone regarding my PGP/MIME signed emails. Not one. And I'm talking about the ones that don't use PGP / have no clue what PGP is. We've already established that PGP/MIME is a cleaner solution for those that don't use PGP. I'm not debating that point, and I don't think anyone else is either. The question at hand is for those that *do* use PGP, which is more effective? TMK there are no mail clients that fail to process a valid in-line signature, but obviously there are still clients that cannot correctly handle PGP/MIME. FWIW, I have received various other messages privately from people who have said the same thing ... They can see the attachment, but either message verification fails, or there is no indication on their side that it is a PGP-signed message at all. In this one I can see your email with the attachment, but also marked with a good signature. Thank you for confirming, but we're both using Enigmail so I would suspect that would be the case. :) Also, I can see the valid signatures on the message that I receive from the list. I'm glad to see that the old Mailman bug has been fixed in that regard. Doug -- I am conducting an experiment in the efficacy of PGP/MIME signatures. This message should be signed. If it is not, or the signature does not validate, please let me know how you received this message (direct, or to a list) and the mail software you use. Thanks! signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: --verify --status-fd separator for multiple signatures?
On 3/19/15 10:39 AM, Patrick Schleizer wrote: Hi, when using --verify combined with --status-fd [or --status-file], how can one notice in scripts, that processing the one signature is done and that further status-fd messages belong to the next message? You are using --with-colons, right? -- I am conducting an experiment in the efficacy of PGP/MIME signatures. This message should be signed. If it is not, or the signature does not validate, please let me know how you received this message (direct, or to a list) and the mail software you use. Thanks! signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is the proper way to load gpg-agent with systemd
That question was for Paulo, not you. :) And FWIW, since you're using GnuPG 1.x the answer is no. Doug On 3/17/15 12:32 PM, Clark Rivard wrote: I am running gpg command so I believe yes is the answer. (I am a novice at this so still learning.) -Original Message- From: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of Doug Barton Sent: Tuesday, March 17, 2015 2:21 PM To: Paulo Lopes Cc: gnupg-users@gnupg.org Subject: Re: what is the proper way to load gpg-agent with systemd Are you using gpg-agent to handle ssh agent responsibilities, yes or no? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Copy Current GPG Installation to Another Server
On 3/17/15 1:54 PM, Peter Lebbing wrote: -Original Message- From: Doug Barton [mailto:dougb@dougbarton.email] Sent: Tuesday, March 17, 2015 3:07 PM To: Clark Rivard Subject: Re: Copy Current GPG Installation to Another Server gpg: Signature made Fri Feb 27 00:55:58 2015 PST using RSA key ID 4F25E3B6 gpg: Good signature from Werner Koch (dist sig) [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. You can safely ignore the warning, it simply means that you have not validated the key yourself, which when it comes to signed packages is not really a necessity. Why is that? Because in this situation you're often dealing with beginners who don't understand the subtleties involved in validating keys. I understand getting a validated key can be tricky in practice, but on the other hand, using *just* a short key ID to do your verification feels like the other end of the spectrum... I think you should at least verify the fingerprint on a web site or something. Assuming you get the package, the signature, and the fingerprint from the same *.gnupg.org resources, what does that buy you? If you've somehow downloaded the wrong key by short Id, the signature won't validate. If you have the right key, it will. That's enough to tell the user that the contents of the package are unaltered. More extensive checking would be great, but would require a lot of documentation to teach the users how to do it ... are you volunteering to write it? :) Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Copy Current GPG Installation to Another Server
On 3/17/15 2:27 PM, Clark Rivard wrote: How do you check the fingerprint? Step 1 is that you have to get a validated version of the fingerprint of the key that you would have been using to verify the package if you could have downloaded that key in the first place. The concept of validating keys is a much more advanced topic, and while I admire Peter's enthusiasm, isn't really a useful exercise for you to engage in at this point, especially since you can't seem to download the key that you would be validating with the fingerprint in the first place. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Copy Current GPG Installation to Another Server
On 3/17/15 2:09 PM, Clark Rivard wrote: I tried all of the options below but still got the HTTP fetch error 7. That would indicate that the system(s) do not have access to the Internet. Is that an expected result? I used the sha1sum option and got the expected result - does this verify the integrity adequately? I can't tell you what is adequate for your situation. You have to make that judgement yourself. Doug -Original Message- From: Doug Barton [mailto:dougb@dougbarton.email] Sent: Tuesday, March 17, 2015 3:46 PM To: Clark Rivard Cc: GnuPG Users Subject: Re: Copy Current GPG Installation to Another Server On 3/17/15 1:42 PM, Clark Rivard wrote: I ran the recv-key command again and got a message about requesting key...from hkp server pool... but then got HTTP fetch error 7 couldn't connect: No error Any ideas? Try it a few more times, you may have gotten a bad server from the pool. If it still doesn't work, try the following: hkp://keys.gnupg.net hkp://subkeys.pgp.net hkp://pgp.mit.edu ... and of course all of this assumes that the systems in question have network connectivity ... Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Copy Current GPG Installation to Another Server
On 3/17/15 2:19 PM, Peter Lebbing wrote: On 17/03/15 22:04, Doug Barton wrote: Assuming you get the package, the signature, and the fingerprint from the same *.gnupg.org resources, what does that buy you? Assuming they're all protected by https, nothing. I think you missed my point. If all three resources related to verification are provided by the same source, then verifying the fingerprint gets you zero added security. It's more or less equivalent to using a hash by itself. What does verification of that signature buy you though? That your download wasn't corrupted? I covered that later in the message, but basically, yes. If you've somehow downloaded the wrong key by short Id, the signature won't validate. If you have the right key, it will. That's enough to tell the user that the contents of the package are unaltered. If I were to place something nefarious inside a GnuPG download, So to start with, that's a pretty big hurdle to jump, and if you have access to do that, then you almost certainly have access to do other things like changing the fingerprint to verify. So in my threat model once Eve has access to the site where the downloads are posted, it's already game over. You can posit a threat model where Eve has access to one thing, but not the other, and that's fine; but there are way too many technical and social engineering tricks that can be performed if you have access to just the downloads. Your idea of verify the fingerprint from a web page provides little to no improved security in a world where the nefarious actor has no access to the downloads in the first place, and zero when they do. I'd sign the result with a key I created with the short key ID 4F25E3B6. Why would you bother? Why not just sign it with a completely new key, and include in the comments something like 2015 Q1 Signing key for official purposes? That's enough social engineering to catch the overwhelming majority of users, even the ones sophisticated enough to actually review the key that they just downloaded. That way, your --recv-key command will retrieve both my key and Werners, and the signature will happily validate. Creating a short key ID collision is peanuts and can be done with off-the-shelf software on a laptop. ... even assuming that this is relevant ... This rakes in not just the people who don't check the signature, when the malicious actor has access to the downloads, those people are already hosed, regardless of what extra security you're suggesting. but also all those who just verify the short key ID. Since it's hardly any effort, I'd do it, even though it probably only gains me a few percent coverage. ... and as above, it's totally unnecessary. More extensive checking would be great, but would require a lot of documentation to teach the users how to do it ... are you volunteering to write it? :) No, but I'm also not telling people they can verify using the short key ID. No guidance is better than wrong guidance, IMHO. In the first place, I disagree with your premise that no guidance is better. If for no other reason than providing the wrong guidance is likely to spur the people with the right answer into responding when they otherwise would not. I also disagree with you that I'm providing the wrong guidance. :) Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Copy Current GPG Installation to Another Server
On 3/17/15 7:23 AM, Clark Rivard wrote: I currently have GPG 1.4.8 installed on a Windows server. Can the c:\Programs Files (x86)\GNU\ directory simply be copied to another server and used or do I need to go through the “download and installation” process on the new server? Thanks. 1.4.8 is dangerously old. You should download the new version and install in both locations. ftp://ftp.gnupg.org/gcrypt/binary/ hope this helps, Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Copy Current GPG Installation to Another Server
On 3/17/15 4:17 PM, Peter Lebbing wrote: On 2015-03-17 23:18, Doug Barton wrote: I think you are asking way too much, and giving near-zero value in return. I'm not asking for anything. Originally you suggested that they verify the fingerprint, and use that to retrieve the key. Glad to see now that you realize that was not the right course of action. :) I suggested they check the plain SHA1 checksum or even not check at all! I would argue that verifying the signature when available is slightly better, but I won't quibble on this point. For most users it is true that the checksum is likely to be just as good as a signature verification. I'm merely opposed to making people think the short key ID is any good for verification purposes, or that when it comes to signed packages [it] is not really a necessity to check the validity of the signing key. We will have to agree to disagree on this point. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is the proper way to load gpg-agent with systemd
Are you using gpg-agent to handle ssh agent responsibilities, yes or no? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Copy Current GPG Installation to Another Server
On 3/17/15 1:42 PM, Clark Rivard wrote: I ran the recv-key command again and got a message about requesting key...from hkp server pool... but then got HTTP fetch error 7 couldn't connect: No error Any ideas? Try it a few more times, you may have gotten a bad server from the pool. If it still doesn't work, try the following: hkp://keys.gnupg.net hkp://subkeys.pgp.net hkp://pgp.mit.edu ... and of course all of this assumes that the systems in question have network connectivity ... Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is the proper way to load gpg-agent with systemd
On 3/17/15 7:48 AM, Paulo Lopes wrote: Hello, I've been using my gpg card with success in Ubuntu for a while but as everyone knows the init system is switching from upstart to systemd as it is happening on Debian and the vast majority of other distributions. In the past one could start gpg-agent from the script that boots Xorg Are you using the ssh-agent capabilities? If not, you don't need to do anything special to start the agent, it will use the socket method by default. Also, do you have any evidence that the method you are currently using won't work with systemd? X starts well after the low-level system stuff is up and running, I'm having a hard time imagining why you couldn't continue doing what you're doing. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is the proper way to load gpg-agent with systemd
Ok, then you need to start the agent prior to or during the X startup, so that the variables are available to your environment (as you were doing previously). So, why are you trying to start the agent with systemd? What method were you using previously, and did you try it in the new OS version? Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Copy Current GPG Installation to Another Server
Please keep things on the list so that the most users can be helped. You need to run the --recv-key command first, or the --verify command will continue to fail. Try this: gpg --keyserver hkp://pool.sks-keyservers.net --recv-key 4F25E3B6 Doug On 3/17/15 1:23 PM, Clark Rivard wrote: Doug I ran the verify command and then tried the recv-key command but it came back with these messages no keyserver known use option --keyserver keyserver receive failed: bad URI I looked up the keyserver option but don’t know what keyserver name to use? Thanks. -Original Message- From: Doug Barton [mailto:dougb@dougbarton.email] Sent: Tuesday, March 17, 2015 3:07 PM To: Clark Rivard Subject: Re: Copy Current GPG Installation to Another Server You need to download the key referenced in the first message: gpg --recv-key 4F25E3B6 then do your verify command again: gpg --verify gnupg-w32cli-1.4.19.exe.sig gnupg-w32cli-1.4.19.exe and you should get a result like this: gpg: Signature made Fri Feb 27 00:55:58 2015 PST using RSA key ID 4F25E3B6 gpg: Good signature from Werner Koch (dist sig) [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. You can safely ignore the warning, it simply means that you have not validated the key yourself, which when it comes to signed packages is not really a necessity. hope this helps, Doug On 3/17/15 12:17 PM, Clark Rivard wrote: Thanks for your fast response, Doug. I am new to this so am struggling through for the first time. I downloaded Version 1.4.19 and am Checking the Integrity. I have a version of gpg installed (by someone else a long time ago). I ran the gpg command to check whether the signature file matches the source file. I get two messages back Signature made 02/27/15 03:55:58 using RSA key ID... Can't check signature: public key not found The ID shown with the first message is a valid ID for Werner Koch per the documentation I have. The second line confuses me - makes me wonder if the integrity has been checked. Has the integrity been properly checked or do I need to do more? Any help you can provide is much appreciated. Clark -Original Message- From: Doug Barton [mailto:dougb@dougbarton.email] Sent: Tuesday, March 17, 2015 1:16 PM To: Clark Rivard; gnupg-users@gnupg.org Subject: Re: Copy Current GPG Installation to Another Server On 3/17/15 7:23 AM, Clark Rivard wrote: I currently have GPG 1.4.8 installed on a Windows server. Can the c:\Programs Files (x86)\GNU\ directory simply be copied to another server and used or do I need to go through the “download and installation” process on the new server? Thanks. 1.4.8 is dangerously old. You should download the new version and install in both locations. ftp://ftp.gnupg.org/gcrypt/binary/ hope this helps, Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Enigmail speed geeking
On 3/13/15 11:23 AM, Robert J. Hansen wrote: Seriously? Wasn't it obvious from the context of what Robert and I wrote that we were talking about keys that existed only on a card? Let's calm things down, folks. :) FWIW, I'm perfectly calm, as in the sense of not angry. But it is a major source of frustration when folks take comments out of context to use the tiniest bit of leverage with which to forward an agenda. It's not only intellectually dishonest, but it's a massive waste of everyone's time when the conversation devolves into the degree that some argument is correct in some context, no matter how far removed it is from the actual point under discussion. Calling BS on that rhetorical technique may get me a shiny new Curmudgeon badge to add to my collection, but I still think it's a worthwhile exercise. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Enigmail speed geeking
On 3/13/15 7:22 AM, Peter Lebbing wrote: I interpreted Dougs message as saying that a disadvantage of smartcards, as opposed to on-disk keys, is that you lose the key when the smartcard stops functioning. I was replying to this statement by Doug: Further, the inconvenience of having to deal with generating and socializing a new key if your smart card gets lost, becomes inoperable, etc. is way too high a cost for near-zero benefit. So I say: you should use backups, duh. The fact that you /can/ use a smartcard without a backup, which as you say can be advantageous, by no means implies that you /cannot/ keep a backup. This is what I was saying. Seriously? Wasn't it obvious from the context of what Robert and I wrote that we were talking about keys that existed only on a card? And even if that bit of subtlety escaped you, isn't it even more obvious that if you have a backup copy of the key already then the point I was making doesn't apply? If neither of those things were obvious to you from the thread then maybe you should reconsider whether you should be posting on the topic at all. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Enigmail speed geeking
On 3/13/15 2:17 PM, Peter Lebbing wrote: On 2015-03-13 19:54, Doug Barton wrote: But it is a major source of frustration when folks take comments out of context to use the tiniest bit of leverage with which to forward an agenda. WHAT?!?! It is true, text is a truly god awful medium to communicate in. We are apparently completely unaware of each other's intentions. I honestly thought you thought a disadvantage of using a smartcard is that you lose the key once it breaks. It quite surprised me, but I've seen smart people have odd misconceptions of things[1], so I simply sought to rectify it. Let's put this whole thing to rest. Nobody thinks you can't have a backup of a smartcard key, nobody thinks that a smartcard without a backup is a useless thing, and we should all go and read a nice book. Perhaps even for the third time, in my case. It's a nice book! Peter. [1] Sometimes in the mirror ;P Thank you for clarifying. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: bugs.gnupg.org TLS certificate
It's quite disingenuous to say you don't have an opinion, when obviously you do. This topic was debated at length on this list when Heartbleed happened. There are two camps: 1. Those who think that if you offer any kind of free service, you have to offer all related services for free as well. I want it, so you must give it to me. 2. Those who think that companies like StartSSL who are offering tremendous value to the community for free have the right to recoup some of their operational expenses for requests that go outside the norm, and/or cannot be handled with an automated system. If you are in the first camp, you have every right to your belief, but that belief does not match up with the real world. If you are in the second camp, pull up a chair, I've got a cooler full of $BEVERAGE that I'll be happy to share. :) Doug On 3/12/15 7:27 PM, Avi wrote: I have no opinion one way or the other re: StartSSL, but there are those who do: https://danconnor.com/post/50f65364a0fd5fd1f701/avoid_startcom_startssl_like_the_plague_ https://bugzilla.mozilla.org/show_bug.cgi?id=994033 https://www.techdirt.com/articles/20140409/11442426859/shameful-security-startcom-charges-people-to-revoke-ssl-certs-vulnerable-to-heartbleed.shtml etc. Avi User:Avraham pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key) avi.w...@gmail.com mailto:avi.w...@gmail.com Primary key fingerprint: 167C 063F 7981 A1F6 71EC ABAA 0D62 B019 F80E 29F9 On Thu, Mar 12, 2015 at 7:47 PM, Mick Crane mick.cr...@gmail.com mailto:mick.cr...@gmail.com wrote: On 12 Mar 2015, at 23:21, Hugo Osvaldo Barrera h...@barrera.io mailto:h...@barrera.io wrote: On 2015-03-11 17:38, Werner Koch wrote: On Wed, 11 Mar 2015 15:12, br...@minton.name mailto:br...@minton.name said: git.gnupg.org http://git.gnupg.org/) don't use that certificate. Have you considered a wildcard certificate? I know this has been discussed before, e.g. at Too expensive ;-). To stop all these complaints I will add a so called real certificate but first I need to move the tracker to another machine. Shalom-Salam, Werner No need for a wildcard one. Just get one free certificate for each subdomain from StartSSL. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Enigmail speed geeking
On 3/12/15 8:51 AM, Robert J. Hansen wrote: For many users, smart cards are a good idea. (I've got one myself.) But for just as many users, smart cards are inconvenient and overkill. I would go so far as to say for the vast majority of users they are totally unnecessary. It's cool to play with smart cards, and I'm all in favor of that sort of thing ... but for the overwhelming number of PGP users the threat model just isn't there. Further, the inconvenience of having to deal with generating and socializing a new key if your smart card gets lost, becomes inoperable, etc. is way too high a cost for near-zero benefit. FWIW, Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [cygwin] gpg-agent with ssh support ?
On 3/12/15 2:59 AM, Werner Koch wrote: On Wed, 11 Mar 2015 18:23, dougb@dougbarton.email said: PuTTY also has its own agent support, which works quite well. I'm not sure why it's necessary to reinvent the wheel here. :) Because that integrates seemless with GnuPG. For example you can use your OpenPGP card (or other supoorted smartcards) for ssh. No need for the ssh-add kludge. And that would be a good reason, sure. But I don't get the impression that the OP has one of those. :) Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [cygwin] gpg-agent with ssh support ?
On 3/11/15 11:30 PM, Xavier Maillard wrote: Doug Barton dougb@dougbarton.email writes: Otherwise, there is an easy way to solve your problem on the Windows platform, you should strongly consider it. I fear I do not understand. Did I miss something ? Off course I'd rather go the easy way ! :D Try reading my previous post, and the web page that I included the URL for. It will explain it for you. :) Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [cygwin] gpg-agent with ssh support ?
On 3/11/15 10:27 PM, Xavier Maillard wrote: Doug Barton dougb@dougbarton.email writes: On 3/11/15 3:15 AM, Werner Koch wrote: The standard ssh client on Windows seems to be Putty; you may use it with the native GnuPG for Windows (i.e. Gpg4win) by using the option --enable-putty-support instead of --enable-ssh-support. PuTTY also has its own agent support, which works quite well. I'm not sure why it's necessary to reinvent the wheel here. :) Still, one has to install a new piece of software but, in my case, it can be ok. So, just to be sure I understand: 1. install putty 2. Use PuTTY's agent, called Pageant. http://the.earth.li/~sgtatham/putty/0.64/htmldoc/Chapter9.html#pageant It comes in the PuTTY package, so nothing new to install. Starting and running gpg-agent so that you can use it with ssh is very different from the easy socket method that is used for simple password entry. If you have an actual reason to try and fit the square peg into the round hole, or if you're the kind of person who likes to do things the hard way for whatever reason, then I wish you the best of luck. Otherwise, there is an easy way to solve your problem on the Windows platform, you should strongly consider it. Good luck, Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [cygwin] gpg-agent with ssh support ?
On 3/11/15 3:15 AM, Werner Koch wrote: The standard ssh client on Windows seems to be Putty; you may use it with the native GnuPG for Windows (i.e. Gpg4win) by using the option --enable-putty-support instead of --enable-ssh-support. PuTTY also has its own agent support, which works quite well. I'm not sure why it's necessary to reinvent the wheel here. :) Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Thoughts on GnuPG and automation
On 3/9/15 2:10 PM, Bob (Robert) Cavanaugh wrote: you will not get your desired results by starting the conversation impuning the work that went before and claiming that what you are asking for is far superior OTOH, it's often useful when talking about a possible direction for new projects to have a frank and honest discussion about what did and did not work in old ones. Just as you pointed out that the slights you perceived Hans-Christoph offering on GnuPG are unfair because it's not responsible for what other project teams have started and failed to complete; it's equally unreasonable for you to infer that he was offering that slight, and for the same reason. The way I read Hans-Christoph's message was that there is a lack of coordination amongst various teams who have started API, wrapper, or other projects based on GnuPG tools, and that this fragmentation has harmed those efforts in various ways (including diverting precious resources to projects with little or no chance of success). And that it would be nice if we could take a hard look at what the real world requirements are for APIs and/or wrappers for various platforms, and have some coordinated effort put into work in this area. Both of those sound like perfectly reasonable observations to me, and I did not perceive any suggested slight by Hans-Christoph at any point in the conversation. FWIW, Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Decrypting PGP/MIME on the command line
On 3/1/15 3:34 PM, Daniel Kahn Gillmor wrote: On Sun 2015-03-01 20:01:05 +0100, Werner Koch wrote: On Sun, 1 Mar 2015 15:32, rp...@kcore.de said: is there a command line utility that takes a PGP/MIME encrypted message (a plain RFC 2822 text file) and outputs an unencrypted copy? The Not really. MIME is a structured format and as such it may result in a bunch of encrypted, non-nencrypted, signed, unsigned, message/alternative sub-documents. Thus it is not easy to write a general purpose command line tool. python's email module is quite good for programmatically handling mime parts if you want to manipulate an e-mail (though it may not be so good for reconstructing it in some sort of bytewise exact fashion). You may start with gpgparsemail which is not installed bald build as part of gnupg in the tools directory. It returns an annotated format which might be easier for further processing steps than plain MIME. If you only want to decrypt a standard MIME encrypted mail, it is easy. Simply pipe the entire mail through gpg and you will get the decrypted MIME container. You should also note that any decryption like this is likely to remove any OpenPGP signature as well, for those MUAs that do the encryption+signing step all in one OpenPGP piece (i believe that the gpgtools mail.app plugin places the OpenPGP signature inside a multipart/signed MIME message, which is then itself encrypted, rather than placing encryption and signatures all in the OpenPGP part directly). A tool that transforms an OpenPGP encrypted+signed MIME message into an OpenPGP-signed MIME message while retaining the original signature would be a really nice tool to have. The signature is an attachment on a PGP/MIME message of course, so you'd have to preserve the two files separately. My (Al)pine PGP filters are shell scripts that (amongst other things) will verify and decrypt PGP/MIME messages. You could easily adapt that code to output the canonical version of the message to a file, along with the corresponding signature. hope this helps, Doug https://dougbarton.us/PGP/ppf/index.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Best practice to make one's key known, was Re: German ct magazine postulates death of pgp encryption
On 2/27/15 10:10 PM, Marco Zehe wrote: Hi Werner et al, Am 27.02.2015 um 20:56 schrieb Werner Koch w...@gnupg.org: There is no trust in keyservers by design. As soon as you start changing this you are turning PGP into a centralized system. OK, then I have a very practical question: Even though this is my fourth or fifth attempt at establishing OpenPGP in my daily routine since the mid 1990s, I am still confused by what the best way is to make my public key known. So if, as you say, key servers are not trusted by design, if I want to spread word around my available public key, which source should I put in a signature? While reading this list, I have seen quite a number of different approaches. Some put their key ID along with the finger print and the URL of a key server. Others put a link to the key file on a web server, others just quote their key ID and finger print, or only either of those. I have my key uploaded (and kept current) on key servers as well as on my web site(s), and my Impressum links to the copy on my web site rather than the key server URL. So: What’s the best practice advice? (and yes, I looked in the FAQ, but that didn’t prove conclusive to me.) It's overwhelmingly likely that you are overthinking this. :) If someone wants to correspond with you using PGP, they will ask. If you sign a message, they will know that you are using PGP, and what your key Id is. And you've posted it enough places that even a moderately motivated person will be able to find it. Relax, and enjoy the ride. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: German ct magazine postulates death of pgp encryption
On 2/27/15 3:15 AM, Peter Lebbing wrote: So what did this key attract, being on the keyserver for four years now? 22 Nigerian 419 scams. That's it. Twenty-two! They came in batches; I haven't seen anything since March last year. I've had a similar key out there for longer than four years, and my experience is the same. This is simply not an issue. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Surprising command line options handling
On 2/23/15 2:51 PM, Daniele Nicolodi wrote: Hello, I've been struggling quite a long while today trying to understand why the following command does not do what I expected: gpg --export-secret-subkeys 41E999D7! \ --export-options export-reset-subkey-passwd It does not reset the password on the exported subkey. After some head scratching I recognized that gpg stop parsing arguments when it encounters the key id and ignores what follows. That's not 100% accurate, but I won't quibble. :) The man page makes it very clear that the format is as follows: gpg2 [--homedir dir] [--options file] [options] command [args] options come before commands, and anything after the command is interpreted as an argument to the command. hope this helps, Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help need to use truecryt + openpgp applet.
On 2/19/15 12:16 AM, Pete Stephenson wrote: Considering the way it was abandoned by its developers, TrueCrypt is probably not the best choice going forward. We don't know the whole story about what happened there, so I would be hesitant to attribute malice. For some of us who need to have the same data accessible on multiple platforms there is not a better option. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: 2.1.2: keyserver route failure
It was not my intention to start an IPv6 advocacy thread, but in case anyone is interested in facts about the current state of things, this is a good summary: http://www.slideshare.net/AkamaiTechnologies/edge-2014-ipv6-is-here-what-you-need-to-know ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: 2.1.2: keyserver route failure
On 2/18/15 3:59 AM, Johan Wevers wrote: On 18-02-2015 12:40, Werner Koch wrote: Because the resolver tells that there is an record. It seems that we need to figure out at runtime whether v6 is actually working. Any hints on how to do that? The most easy solution in such cases is to try IPv4 first, if that doesn't work or is unavailable, try IPv6 if available. Yeah, please DO NOT do that. The more traffic we can push to IPv6 the better for everyone, both now and in the future. I'll get some refs on testing IPv6 capability, give me a couple hours. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Please remove MacGPG from gnupg.org due to serious security concerns
On 2/18/15 2:52 AM, Jonathan Schleifer wrote: Well, I guess you have to take into account that a lot of downloads are from packaging software like pkgsrc, FreeBSD ports, Gentoo portage, ArchLinux's makepkg, etc. Usually, these do download the signature and tarball once, verify it and then write a checksum to the Makefile / PKGBUILD / however it is called that is then verified. So I guess you can't easily map that to Only x% of users check the downloaded tarball. I guess it's a lot more, it's just not all check it using the .sig. Back when I was involved with the FreeBSD project I included code in the Makefile to verify the PGP signature for all of my ports that had one, as did a few other maintainers. However there was not only not a consensus to do this more generally, there was active opposition to doing it at all. If you are a FreeBSD user and believe that this would be something beneficial to the ports system, please send them e-mail at freebsd-po...@freebsd.org and let them know. :) Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Compiled binaries execute but exit with Abort
On 2/17/15 12:12 PM, Errol Casey wrote: gpg: WARNING: unsafe ownership on homedir `.' What are the permissions on your home directory, and your ~/.gnupg directory? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MIME or inline signature ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 2/15/15 12:26 PM, Daniel Kahn Gillmor wrote: | On Sat 2015-02-14 16:36:08 -0500, Doug Barton wrote: | FWIW, I hate this debate, and try hard to stay out of it. But it really | bothers me when people spread factually incorrect information, | especially when they try to use that as the basis of their arguments | for/against one method or the other. | | I feel the same way. ... and yet, you not only responded to this thread (fair enough, so did I), but you took the time to write up an entire web page full of FUD on the topic. :) Methinks you do protest too much. | * AFAIK, inline gpg has issues with non-ascii characters. Correct me if I'm | wrong. | | This hasn't been true for almost a decade, assuming that the person | using the non-ASCII characters has correctly set up their environment. | And FWIW, it's also not true that PGP/MIME will be 100% successful when | one of the communicants has not correctly set up their environment. | | if we're talking about signed messages with the possibility of an | adversary who can modify the messages, then the the fact is that inline | PGP messages have no way of securely indicating the character encoding | in use. This means that an attacker can actually modify how the | cleartext message is interpreted by fiddling with data *outside* the | message body. | | If we're talking about encrypted messages, the same problem holds. If you are referring to the display of the message after it's decrypted (which is influenced by the content-encoding header) then see below. | I demonstrate this in the Message tampering through header | substitution section here: | | https://dkg.fifthhorseman.net/notes/inline-pgp-harmful/ You demonstrate what you claim to be a collision where signatures verify in both cases (I am willing to give you the benefit of the doubt, I haven't tested it). However the collision isn't meaningful. I don't think anyone would receive a message that says, pay character for pounds sterlingHebrew character13 and think that it was what the recipient intended to send. Not to mention, if you were actually sending a message that meant to indicate an amount in monetary units you would spell out the amount in addition to displaying it numerically. Show me a *meaningful* collision that your attack surface is vulnerable to, and I'll pay more attention to it. | the lesson here is: if you care about getting the intended textual | message through to your peer, you need to embed some information about | the formatting *within* the signature. PGP/MIME provides a clear, | well-defined way to provide that information. I don't deny the fact that PGP/MIME encodes the charset info in the body that is signed. I simply deny that this fact is meaningful to the overwhelming majority of users. | It's also not true that PGP/MIME protects you from metadata analysis. | The messages are not one big blob, they are actually separated into | parts, including the attachments. It's trivial to see how many | attachments are in a message just by analyzing the MIME headers, whether | the message/attachments are encrypted or not. | | If we're talking about PGP/MIME encrypted messages, this is not correct. The OP was talking specifically about signed messages with attachments. I made the leap to encrypted, and you're correct, I'm at least partially wrong about that. (I vaguely recall that there is a way to do an encrypted MIME message with attachments that does not end up in one big blob, but I may be mistaken about that. It's been a while since I poked that stuff.) However in the context of signed but not encrypted, my point still stands. Some more errors from your web page: 1. Enigmail is very clear about what parts of the message are signed when decoding an in-line signature. My implementation for Alpine is as well. Do you have any concrete examples of implementations that are not? 2. IME (that is, actually writing code to decrypt and verify e-mail messages of both types) it's actually MIME that is way, way worse to handle when it comes to wrapping, EOL canonicalization, etc. The various implementations play very fast and loose with the standards here, Apple being by far the worst culprit. Of course, that means little to nothing to the average users, since their MUA should be able to handle these messages. Just to give you an example, my script to verify in-line signatures is 84 lines, and most of that is the setup (secure temporary directory, error handling, etc.) and the text of the messages that the script prints to indicate to the user what it's doing. The MIME equivalent has basically the same setup cost, but it's 159 lines long. Almost all of the difference is exception handling for MUAs that don't properly follow the standards. 3. Your point that non-MIME messages can't do MIME is accurate, but meaningless. However, you're wrong that you cannot do signatures for attachments, even with multiple attachments
Re: SSH generic socket forwarding for gpg-agent
On 2/15/15 11:41 PM, Daniel Kahn Gillmor wrote: On Sun 2015-02-15 16:06:05 -0500, NdK wrote: Il 13/02/2015 23:23, Daniel Kahn Gillmor ha scritto: The traditional argument against this sort of feature is that someone with control over your local socket would most likely have control over your graphical environment, and therefore could dismiss or hide any prompt that comes up (so the prompting is a false sense of security). Who told, not so long ago, that if the attacker have control of the machine you're using you've already lost? The machine from where one is originating the ssh connection have to be quite trusted. Else you need a smartcard with out-of-band authorization for every operation. Yes, of course. But the remote machine you're connecting *to* (and forwarding your agent to) is outside of that trust boundary. In situations where you want to make sure that you know (and approve of) the use of the agent by the remote machine, you'd like a prompt to appear within your (local, trusted) environment. agent forwarding is off by default, and has to be enabled either on the command line, or in a config file. Why is further user interaction on this point necessary/desirable? Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MIME or inline signature ?
FWIW, I hate this debate, and try hard to stay out of it. But it really bothers me when people spread factually incorrect information, especially when they try to use that as the basis of their arguments for/against one method or the other. On 2/14/15 7:49 AM, Hugo Osvaldo Barrera wrote: Pros of GPG/Mime: * It's a lot less ugly for users with no gpg support. The large signature block at the end and the gpg marks are hard to ignore. Why are you signing mail that is being sent to people without PGP support in the first place? * AFAIK, inline gpg has issues with non-ascii characters. Correct me if I'm wrong. This hasn't been true for almost a decade, assuming that the person using the non-ASCII characters has correctly set up their environment. And FWIW, it's also not true that PGP/MIME will be 100% successful when one of the communicants has not correctly set up their environment. * Inline-gpg includes a signature for each attachment. This allows third parties to count how many files are attached (and their filenames, I believe). gpg/mime include one huge blob, so third parties can't tell this sort of metadata. Nothing you wrote in this section is 100% correct. You *can* send one signature per attachment, but you don't have to. You can also bundle the attachment and signature in an archive, or you can bundle a lot of attachments in the same archive, and sign that, or you can bundle all of the attachments and signatures in one archive etc. It's also not true that PGP/MIME protects you from metadata analysis. The messages are not one big blob, they are actually separated into parts, including the attachments. It's trivial to see how many attachments are in a message just by analyzing the MIME headers, whether the message/attachments are encrypted or not. In the end, I'd suggest you go with what you prefer on a whim, more than techinical reasons. ... or, you could use what your correspondents are able to handle, since theoretically that's the point of communication in the first place? :) hope this helps, Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MIME or inline signature ?
On 2/13/15 4:01 AM, MFPA wrote: In an OpenPGP-aware mail client, that is the decision of the developer. For example, is there any huge reason why it would be a bad idea to treat dashspacedashdashnewline the same as they treat dashdashspacenewline? And Enigmail, for example, can do exactly that. :) Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problems when encrypting to a group on MacGPG
On 1/14/15 7:09 PM, Anthony Papillion wrote: gpg: O g: can't encode a 256 bit key in a 0 bit frame This happens after I tell the program to accept the final key in the group as valid. But it doesn't seem to be related to a key since I've deleted the final key and it still give me the error. You're on the right track delete some more keys, test again, repeat till you find the key causing problems. Depending on the number of keys it may be easier to add/delete a few at a time, do a binary search, etc. Good luck, Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to sign the name of the name as well, not just the file?
On 1/12/15 10:44 AM, Patrick Schleizer wrote: When using gpg --armor --detach-sign some-file-version-c a file: some-file-version-c.asc will be created. But an adversary position to arbitrarily change file names on a mirror or so could rename it to some-file-version-d and some-file-version-d.asc. Robert already gave you a method to deal with non-text items. If your example is a simple text file, put the name of the file in the file as part of your text: This is version some-file-version-c hope this helps, Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: preventing gpg-agent from storing a symmetric encryption key
FYI, what you want to do doesn't make sense. :) You should read the man page, and learn about inactivity timeouts for gpg-agent. Also, you can wipe the agent altogether quite easily. Your concern about people gaining access to the console is well founded, but there are better solutions already available to you. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: The praise of GnuPG @31C3
On 12/31/2014 06:40 PM, Robert J. Hansen wrote: The protocol was secure: you just had to configure it correctly. Yes, thank you for your tidy summary of Security 101. :) What I'm looking for is some sort of concrete information about When ssh is configured this way the NSA can break it. I've seen quite a few sites make the claim that zomg, ssh is broken! but haven't yet seen any specifics. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: The praise of GnuPG @31C3
On 12/31/2014 3:25 PM, mark hellewell wrote: And the “ssh is broken” remark strikes me as a little dramatic, too. Well I've seen vague references to some of the less secure settings being vulnerable, but I've yet to see, everything below this line is vulnerable, everything above this line is thought to be safe. If anyone has a reference ... Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Key selection
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 12/27/14 9:36 AM, Sandeep Murthy wrote: | I have four keypairs associated with my main email, two of which | are revoked and one expired. But if I try to edit the main key | associated with email by | | $ gpg --edit-key email | | then it invokes gpg and points to one of the revoked keys rather | than the active key. I have to explicitly give the short ID of the | active key to edit that key and get its fingerprint. | | Is there a way to change this, or I am doing something wrong? No, and no. :) If you have multiple keys that match a pattern (such as your e-mail address) then gpg is going to take its best guess as to which one you mean. In this case, the guess isn't what you wanted, so you have to specify the key Id. hope this helps, Doug -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJUnwt1AAoJEFzGhvEaGryEejcIALKK/abYjxcacUN1ZaFf/IvT I9tlcId1CdCma1NP/X2xFmKeIBrRr0ANPb3FUFSMvwNNcZNcbpFsQRijq9+eyMgu OoGPRpBs76DJuSy1QTMcwOyBGdjCqQMC0tJhIMj3qNd9QjsJxbzgqNBc41YIuwG7 4+FT8rRoJaEzxcBnzaz3ObVpBG/tA7LtYX6VOcADmskV6PFZsJDyUlGZcyFniWk1 c9PvJkz1J4P5Meg2i8Ktz6AZCCMuBkLcgiCWgIYTqWQIlcIHR90gP1coesETIrW1 zFNSk6UBeJ8xiOspuiLrd7jELJgXZ2mjWXNhwtrv47ACkpTMEGU4zNmz8WKsMc4= =Cbyi -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Mainkey with many subkeys??
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 12/08/2014 10:48 AM, Tomo Ruby wrote: | I know I could just set a new expiration date but most times it's | recommended to use a key for two years at the longest. Why do you think that's true? What threat do you think that using a key for at most 2 years will protect you against? Note, I'm not trying to attack you here ... you seem to have absorbed some bad advice, or at best, advice that is intended for a different use case. So maybe you could fill us in a bit on how you intend to use your keys ... Doug -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBCAAGBQJUhjOlAAoJEFzGhvEaGryERpYIALJdR30hoCq/xKMmGhf7++XP ZYDc6ywzPc8CQru0mFygGXK3eG+WHEtB4gVgWC5VBcLE/eQ8wlgPwMdr5oZdClb9 +gb2AX+cWInh70XPSBVNkkZGqeZNFftgUcDCOaLDNZwQJ8XJJhRXC9h/bIRnxbzH /T5VU9eUCsd2qoM4GJY1PJ0vOELmqg7K4WygKi6rMm0VtQgfFl2x3/bPAUH7fgCH Sr+yOCK2d7IIntyAVoSFDo9fFF+8jVtatrIfNrl/HA90D4nfhG2lYJ9sAXMjrpIZ AXMqQIaHEpgSN2cgazrlsnll4aLo0tSMMIhJMzGG0g3oEb3Jmctm+IA9uZ1V+jw= =efi6 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Mainkey with many subkeys??
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 12/7/14 7:04 AM, Tomo Ruby wrote: | I wanted to create new keys and came across the following | problem: If I create a main key to certify and subkeys for | everything else, won't there be dozens of subkeys on my main key | after years of creating and revoking subkeys?? Why do you believe that you will be creating and revoking so many subkeys? Doug -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJUhMJvAAoJEFzGhvEaGryEFfAH/Rqbbs4A5oZQ3+AWXZz0aY33 vTSJ96/jq6PO1O7xCDPm4n0XycWidZLglKuc25Q0glMfDtju4TbtJ+QeVvOxcEyG 0PgRkI988dLgxlggKSKb1p/ewuYSGWnhgpOTbLYBPLqhzK+BCrvnF4sp2qsit7ST BfxdVHysILKPy+Mj3bpp+9iN6hWhiHzzH4vZ8I5iPgNb0cR4BUyFQBfuxunaW6Lq CKMyG04KOmg4EpAx+N64OIaOvC1A4bRExQhp+Jt/dYaDPM5yL9LRaK7bsPgFM1K+ /ynAe0onMjTfC+R5ss9ks/e9OvBVsZJTE/zghC2e45q/4LJzr/N6drNDsPjopXw= =kHOV -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Symmetrical encryption or ...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 11/20/14 10:40 AM, Dave Pawson wrote: | Requirement. Two machines (one Linux, one Windows). | | I want a secure file 'shared' between them, as a pwd-safe. | | Only I use the two machines, but need the file encrypted. | | Any alternatives to symmetrical encryption of a file? Either symmetric or PK encryption would suit your needs, but as someone pointed out already, a better solution is to use a password safe. KeePass is an excellent solution, and I use the same password db between Windows, Linux, and OS X (not in that order). :) You want to use the lowest common denominator format between those systems, which at this point is the 1.28 version for Windows, and the keepassx version that comes with most Linux distributions (I use Ubuntu primarily). For OS X it gets a little trickier, since the version that includes auto-type is community sourced, but the person who produces it is well trusted, and a lot of people use it. Schneier had an interesting blog post recently about password safes, with a link to papers that did extensive research on them. KeePass came out looking pretty good, as one of the key problems with most password safes is that if the auto-type is truly automatic, it can be triggered by malicious software and grab your passwords off the clipboard in windows. While KeePass does have an auto-type feature, you have to trigger the key sequence to use it, and that sequence is user-configurable. And obviously you don't want to use solutions like LastPass, where your stuff is stored in their cloud. The question of What if they get hacked? is no longer academic, since it happened recently. For synchronization between systems I use SpiderOak, which also has clients for all 3 platforms. KeePass already encrypts the db file, and SpiderOak, unlike most cloud storage platforms, encrypts the files it backs up locally (on your system) with a special key that the company does not know. The upload channel is encrypted to their servers as well, so your data is never available in the clear. Because they don't know the encryption key your data is never de-duplicated with other people's stuff, although if you set up folder synchronization between systems the same files will be de-duplicated within your own account. ... and speaking of folder synchronization, one of the things I like about SpiderOak is that you can set up arbitrary folders to synchronize between systems, you don't have to put all of your stuff in one folder. You can also configure it to exclude certain files from syncing, which is handy to avoid synching the .lock file for KeePass. :) http://keepass.info/index.html https://www.schneier.com/blog/archives/2014/09/security_of_pas.html If you use this link to sign up for SpiderOak, I get free space. :) https://spideroak.com/signup/referral/25c4971714a13f13c24fa98a43317dc2/ Or, here is the regular link, if you prefer: https://spideroak.com/ hope this helps, Doug -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJUb/bPAAoJEFzGhvEaGryEq9EH/0pwRxi7PpJMlJs9yGOvdcBO +oqL6uJ99U72kdmUeznLzSewN5pHJoKB26gHAqs2WvNnoNGDOfRKz89ijKxCOWbE 8uJfz+AEqDJLe6CdLXSVTTa8SdLDydYUqrQZuV3aPxVPCCA91I4vi0HVB3MAlqLV ndOEaX6wP6/GCqVDkHUDQ9V37jmFHa7jl2RKFXj5BRL31ztQuqVQ4VlCiVbZFvje aipBL8p1l9EBdEUdQIM7tnykeP9EY+0F5zQmSqAuxxk+CFKQZBJ2FqZN1bnvi5OC QQFaUy4sGQKdI/uoOQOVM5YHXzQxJ6tZY1zFUudQwcs/Sdi2EQkRZQVOpMHeeqQ= =dI3t -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Detached signature ambiguity
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 11/13/14 9:22 AM, Daniel Kahn Gillmor wrote: | On 11/13/2014 07:01 AM, Werner Koch wrote: | gpg: Make the use of --verify FILE for detached sigs harder. | | thanks for doing this, Werner. | | Now waiting which tools or scripts will break. I checked a few | (including dpkg) and they do the Right Thing. | | i'm glad to hear this. | | Shall this be ported to 2.0 and 1.4 and fixes released? I guess | yes. | | yes, please. This is an important security hardening, and it | shouldn't depend on which branch people are using. | | If people have tools that break because of this change, those tools | were probably vulnerable to even worse breakage (silent breakage | where things they thought were validated weren't actually | validated), so this is a valuable fix, even if there's short-term | difficulty. +1 to all of dkg's points. -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJUZQOdAAoJEFzGhvEaGryE8csIAILZzFlDXwELtfN7OHUXLqTZ 5H6Zzebx5c+DcxsF/7Yks/jzPUQ+AnMCWE52DEuRSQTPTRAhTei+sWueNlF2b/1h Yh6WwfLONtoX+Axk7crgjGkHANJaLN/tb7EllNxUsTOtHK84T7k2X5wf8acmgW0a L0C9pXQ/piK7XZCMB0wuqcjaShdorD0GRUne+5h5+p3KHP4eb8qSYfORdL10l/lk fu3/4ARGqIf1rIIEFQc2OP5KX+ElD3K84SX1ff915S07bdPlTnYTKZUWxmqROgOw UP96HjHdSwVXmo50hizozzfHj4S59tq1ttmes0YUe3E+eDhieg7/wqTqEm5Xwi4= =dT7B -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help needed
On 11/13/14 2:33 PM, da...@gbenet.com wrote: Hi All, Background: I exported my keys to a USB stick. Then I copied my .gnupg to a new Linux laptop. Then I imported my keys. I thought that I would be fine. Why did you perform the second step? Just copy ~/.gnupg to the new system, delete random_seed, and you're done. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
2.1 vs. multiple keyrings?
At one point in the past there was discussion about 2.1 only allowing one public keyring, but I don't see anything about that in the What's new doc. Can I safely assume that 2.1 has support for multiple keyrings in the same gpg.conf and/or command line? Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help needed to setup Passphrase with GNUPG 2.0.26
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/31/14 2:28 PM, Robert J. Hansen wrote: | Anyway, gpg might want to use pinentry to gather the passphrase | from the user, and it's not clear that you have the right | environment set up for pinentry. | | One option would be to install GnuPG 1.4 on the host machine -- | headless servers are some of the few uses I can still see for it. That's true, although pinentry-curses actually does a pretty good job remotely unless the thing that you're calling GnuPG from is taking extreme control of the terminal. For instance, if you're ssh'ing into a remote system and running a simple shell script, or even doing gpg on the command line, pinentry-curses is fine. However if you're doing something more exotic (a mail client like Alpine for example) then all bets are off. Doug -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJUVBV3AAoJEFzGhvEaGryE2zIIAJ1d573nr3crecng9hSwNstW usx9GMhx06Gh6ecqs8MnAtcs6F3ISl+GuYhL6kq8aDbo/Kmwn5TXdUii6J969Kgw +0647iAvZfsE0XkUSGIWisFUL5DGtaIWfLL1CNmAZbJxjeZy3nK/RBc7E3zshcAb EFoekXAew3JQ/fPmSjctry570P/cUM2KZCZKz5b+pOpcIp+osG/mL5bz0i/UbboL QcVy9zpOngYuXLwMKZBy9DRp+fmPE1SW/7Gs9MO33MW1LpUzuEW988FS1sf33DK+ Eg9UXEfUp+PqqMlsgtQ+Vmz+G/ETc6hP5qEX9FqSfegySgmoVviLt654S9KlHtk= =0ks6 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: new helper program for configuration import / export
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/18/14 3:56 PM, Hauke Laging wrote: | Hello, | | I am often asked whether (and how) it is possible to use OpenPGP | on several systems with the same keys. You are probably aware that | this is also asked here, not often but regularly. And then the | copy everything except random_seed fun begins again. ... and since that answer is correct, and works, why is it not sufficient? Doug -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJUQ1mSAAoJEFzGhvEaGryEoVQIALDeprvv2af5A8MMZaTefbbF ebCpZia1PlM4pAfiLKQPFvQig0W/0Izfa5FAzYJP+kLfZwI9/vq7XvOg3wEokrHI st2vZKdey4gHmWI9ZYpC/SCTZFKG8jsMkN2jnDSpBVPRmM2VJVNRSR6XX/CPuBKk LTip2HxVnrps48q23hVOVo8Z/DlIyUGBCAc5NTU2rvUZ+cZsqEpaH9hvsULMsNYP cqbXtP8rKF00EuO90Q5oWbPGKvvy/0t7yIQC3vMC4KdIg01Orh8Aa3r21BC45iAz BjUr7Kv7GZmR6HUmpvcgbAS0eVkSDmE3mO9D1A13wN0jXNo38GPZ+YY5SLbOmgM= =8Cu+ -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How do I see what algorithm is used for a signature
On 10/10/14 2:43 AM, Werner Koch wrote: On Fri, 10 Oct 2014 05:27, dougb@dougbarton.email said: That was my first thought, but adding -v to either --check-sigs or --list-sigs provides no additional information. Is what you're looking at a 2.1 feature? No space in the listing for all the deails. The question was about a signed message. It wasn't, actually. :) It was about signatures on my keys. For key listings you need to use a decent gpg version (any branch), --with-colons, and awk. Makes sense. I use --with-colons for other things, I really should not have been so lazy and looked up the answer in Details. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How do I see what algorithm is used for a signature
On 10/9/14 5:29 AM, Werner Koch wrote: Add --verbose (or -v) to the gpg command line and it will show you that. That was my first thought, but adding -v to either --check-sigs or --list-sigs provides no additional information. Is what you're looking at a 2.1 feature? Thanks to everyone for the tips in any case. :) Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
How do I see what algorithm is used for a signature
I refreshed my key tonight in preparation for a key signing party and came across this message: gpg: Note: signatures using the MD5 algorithm are rejected I'm sure there is a way to determine what algorithm a signature was created with, but the mechanism wasn't obvious to me on an (admittedly cursory) exam of the docs. Not urgent, but if someone has the answer handy ... :) Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: producing GnuPG keys as proof of work
When starting a new topic please don't reply to a message on the list and change the subject line. Doing so causes your new topic to show under the previous one for those using mail readers that thread properly, and may cause your message to be missed altogether if someone has blocked that thread. Instead, please save the list address and then start a completely new message. hope this helps, Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: encrypting to expired certificates
On 9/16/14 6:58 AM, Daniel Kahn Gillmor wrote: I've been in a situation where i'm sitting with a friend, talking about a project we're hoping to work on together, and i wanted to send them confidential information about the project to read later. I know they have an OpenPGP cert, so i fire up an e-mail, only to discover that their cert is expired (they don't use it often, and hadn't noticed). I point it out to them, they blush and say yeah, that's on my laptop, which is fine, but it's at home. I'll update the expiration date when i get home. I agree with Robert that symmetric encryption is your best bet, given that you're sitting right there. Meanwhile, all of the real world cases listed so far involve people who have mismanaged their keys by not updating their expiration date. I'm not sure that adding features to make that situation less painful is the right direction to move. I do like Werner's idea of moving the expiration date to the expert menu. That would give us less instances of users twisting a knob just because it's there. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: encrypting to expired certificates
On 9/16/14 9:26 AM, Werner Koch wrote: On Tue, 16 Sep 2014 16:26, d...@fifthhorseman.net said: i've definitely seen people update their primary key's expiration date and fail to update the expiration date of their subkey, so they have a valid cert, but it still can't be used for encryption. So they have to There needs to be warning in this case. Can you please file a bug? FWIW, I recently experienced that myself. The combination of knobs needed to select both the primary and the encryption sub key for updating the expiration was not intuitive, and I was quite surprised to see that when I updated the expiration date the first time that the subkey was not also updated. In fact I would not have known that at all if I hadn't done 'list-keys' after I edited the key just to be sure. Doug (It's only paranoia if they're not actually out to get you) :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users