- Message from Robert J. Hansen r...@sixdemonbag.org on Sat,
07 May 2011 22:21:41 -0400 -
To:
gnupg-users@gnupg.org
Subject:
Re: Best practice for periodic key change?
On 05/07/2011 09:50 PM, David Shaw wrote:
Incidentally, speaking of bitmap signatures - a signature
Am Sonntag, 8. Mai 2011, 14:50:36 schrieb MFPA:
Mainly the key's owner, but could also protect others from relying on
signatures from a compromised key for which they have not received a
revocation certificate.
Right. The problem: Protection you don't know of. So seriously this additional
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Monday 9 May 2011 at 5:09:00 PM, in
mid:201105091809.05423.mailinglis...@hauke-laging.de, Hauke Laging
wrote:
Am Sonntag, 8. Mai 2011, 14:50:36 schrieb MFPA:
Mainly the key's owner, but could also protect others from relying on
Hi,
I tried migrating the public and the private key from the pgp(6.5.8) keyring to
the gpg(1.4.11) by following the below commands:
1) Tried exporting the private and the public key from pgp using the
commands:
pgp -kx pubkey.pgp
pgp -kx sec.pgp
Am Montag, 9. Mai 2011, 19:51:12 schrieb MFPA:
Could that be a form of attack? Bob and Mallory sign a contract of
some kind - it transpires the contract benefits Bob - Mallory tries to
make it look as if Bob had not signed.
That would not work for several reasons which arise not from
On Mon, May 9, 2011 at 18:09, Hauke Laging mailinglis...@hauke-laging.dewrote:
IMHO there are only two possibilities for making (a new version of) OpenPGP
signature law compatible:
a) The CA creates a mainkey and subkeys. The mainkey is destroyed
immediately
afterwards. That might be
On 05/10/2011 12:01 AM, Jerome Baum wrote:
c) Program the smart-card so it doesn't sign sub-keys? I'm not familiar with
the internals of smart-card implementations but the OpenPGP sub-key
signatures are of a different type than the data signatures. The smart-card
can probably recognize if it's
On 05/10/2011 12:32 AM, Jerome Baum wrote:
Is that an implementation problem? i.e. is it possible to write an
implementation that does distinguish, or is it technically impossible w/out
processing the entire data on-card?
As i understand the process, i think it would be necessary to pass all
On 5/10/2011 12:41 AM, Daniel Kahn Gillmor wrote:
On 05/10/2011 12:32 AM, Jerome Baum wrote:
Is that an implementation problem? i.e. is it possible to write an
implementation that does distinguish, or is it technically impossible w/out
processing the entire data on-card?
As i understand the
On Tue, May 10, 2011 at 07:01, Grant Olson k...@grant-olson.net wrote:
On 5/10/2011 12:41 AM, Daniel Kahn Gillmor wrote:
Maybe one of the folks with experience implementing these devices can
give more concrete details?
I can confirm. The cards only get the hash and sign that. The trouble
On 5/10/2011 1:10 AM, Jerome Baum wrote:
On Tue, May 10, 2011 at 07:01, Grant Olson k...@grant-olson.net
mailto:k...@grant-olson.net wrote:
On 5/10/2011 12:41 AM, Daniel Kahn Gillmor wrote:
Maybe one of the folks with experience implementing these devices can
give more
On Tue, May 10, 2011 at 07:30, Grant Olson k...@grant-olson.net wrote:
But there's no way to prove that the keys were originally generated
on-card, and weren't imported from a software private key where there
was never a separate master certification key.
AFAIK, the CAs over here will just
On 5/10/2011 1:35 AM, Jerome Baum wrote:
On Tue, May 10, 2011 at 07:30, Grant Olson k...@grant-olson.net
mailto:k...@grant-olson.net wrote:
But there's no way to prove that the keys were originally generated
on-card, and weren't imported from a software private key where there
13 matches
Mail list logo
