On Mon, 2 Dec 2013 19:25, ctsonet...@yahoo.com said:
When I import a PGP public key that has NO expiry date, into GPG
1.4.2, it s
1.4.2 is quite old (8 years) and you should definitely not use it
anymore.
It seems that you did not invoked gpg correctly. Please show us the
actual command
On Mon, Dec 02, 2013 at 07:33:22PM +0100, Peter Lebbing wrote:
[snip]
Since smartcards are primarily used for security purposes, I wouldn't be
surprised if it responded specially to a message signed by the NSA (or
encrypted
with a symmetric cipher with a specific key known to the NSA).
I
Thanks Werner
This is for a client who is using gpg 142 and I am trying to simulate that
here. we are providing them the pgp keys.
attched the conf file.
here is the list of commands run
C:\gpgset GNUPGHOME=home
C:\GPGgpg --list-keys
home\pubring.gpg
pub 1024D/551A09BA
Il 03/12/2013 15:30, Mark H. Wood ha scritto:
I wonder how feasible that really is. The system surrounding the card
is not under control of the card's manufacturer or anyone who might
have corrupted him. All it takes is one knowledgable person watching
the data stream for interesting
Hi all. I found and modified a batch file that encrypts files prior to
sending them out. Now we need to decrypt incoming files from another
company (encrypted with our key). The GPG4Win GUI allows me to do this
manually but I would like to automate on a server. The echo line below
seems to be
Am Di 03.12.2013, 12:21:26 schrieb bj:
Where is password defined?
passwort is (implicitly) defined in the keyring. The secret key is stored
encrypted. You need the passphrase in order to use the key. You must know the
passphrase, you cannot get it from the GnuPG installation.
*FOR /F
Hello all
This is my first experience with renewing GPG keys - I did some research but
wanted to confirm an observation.
This is the key before issuing the 'expire' command:
pub 2048R/4A4DBDC7 created: 2012-01-13 expires: 2014-01-12 usage: SC
trust: ultimate
PRIMARY QUESTIONS - I am uncertain about the sub-key. When I
attempt to 'expire' it the date does not seem to change.
The first question I have is, How did you attempt to 'expire' it?
SECONDARY QUESTION - is there documentation regarding 'best
practices' on managing expiring keys and
Quoting bj blueappleja...@gmail.com:
Hi all. I found and modified a batch file that encrypts files prior to
sending them out. Now we need to decrypt incoming files from another
company (encrypted with our key).
What operating system are you using? This is the sort of thing that's
more
Am Di 03.12.2013, 08:22:28 schrieb Eric Poellinger:
PRIMARY QUESTIONS - I am uncertain about the sub-key. When I attempt to
'expire' it the date does not seem to change.
What exactly did you do? Did you mark the subkey before and did you save the
changes to the keyring after the expire
Am Mi 04.12.2013, 00:00:21 schrieb Johannes Zarl:
Sorry for asking a possibly stupid question, but how exactly does a shorter
validity period get you more security?
This is the security against the possibility that
a) the key has been compromised and revoked and you don't know that (because
On Wednesday 04 December 2013 00:20:10 Hauke Laging wrote:
Am Mi 04.12.2013, 00:00:21 schrieb Johannes Zarl:
Sorry for asking a possibly stupid question, but how exactly does a
shorter
validity period get you more security?
This is the security against the possibility that
a) the key
On 12/3/2013 6:59 PM, Hauke Laging wrote:
He could but he would need the secret mainkey for that operation
and...
Could you please share a realistic scenario by which an attacker could
compromise a subkey without also having the ability to compromise the
primary signing key? I've been trying
On 12/3/2013 6:20 PM, Hauke Laging wrote:
Imagine a certificate which is always prolonged for just one day. If this
gets
compromised then it will not be prolonged any more (at least not by its owner
but we all love our highly secure offline mainkeys, don't we?) so everyone
will notice
Am Di 03.12.2013, 19:26:09 schrieb Robert J. Hansen:
Could you please share a realistic scenario by which an attacker could
compromise a subkey without also having the ability to compromise the
primary signing key?
That's really easy: In order to get access to the subkey which will sign this
Am Di 03.12.2013, 19:03:13 schrieb Robert J. Hansen:
1. The attacker can just extend the validity himself. He's
successfully compromised the key, after all.
Sure but it makes little sense to play best practice in one part of key
management (expiration) and simultaneously worst practice
On 12/3/2013 7:53 PM, Hauke Laging wrote:
Sure but it makes little sense to play best practice in one part of key
management (expiration) and simultaneously worst practice (online mainkey) in
a much more important part of key management.
By introducing offline primary key storage on an
Am Di 03.12.2013, 20:10:32 schrieb Robert J. Hansen:
UEFI is a surprisingly capable operating environment. If I can
compromise your machine, then I put down my own code in the UEFI loader
and wait for you to reboot your machine.
That's why crypto best practices should be extended to what
Am Di 03.12.2013, 20:20:07 schrieb Robert J. Hansen:
By introducing offline primary key storage on an air-gapped system, your
policy has become so complicated that no one, yourself included, is
capable of always following it to the letter.
Oh, recently I involuntarily proved that I do: I
Am Di 03.12.2013, 18:32:53 schrieb Eric Poellinger:
Regarding the steps I took to expire the keys (4A4DBDC7 is the primary
key, 0C0305EC is the sub) 1. gpg --edit-key 4A4DBDC7
1a. expire...2y
1b. enter passphrase
1c. quit and save
It would have been more helpful to see the exact steps for
Hi. Good catch. I previously did not need to supply a password to
encrypt. I know the password, just not sure where to define it with
GPG4Win or other method. Even though the server is internal, I want it to
be secure. I could lock down file permissions if that helps.
When I try #2, it gives
21 matches
Mail list logo
