Re: Aw: Re: SmartCard v2.1 : factory reset fails

Hello, Fib Moro wrote: > I start gpg in "--edit-key" mode. > Then I select a subkey I want to move to the card by issuing command "key 1". > After the "keytocard" command it asks me where to store the key for which I > choose option 1 signature key. > It then prompts me for the

Re: Should we trust "MyMail-crypt for Gmail" Chrome extension?

Hi, I know nothing about the extension but would like to react to this: On , ankostis wrote: > This extension is the only alternative to use GPG with gmail in > corporate environments where SMTP ports are blocked (unless we > consider as an "alternative" to manually clear-signing each message >

Aw: Re: Re: SmartCard v2.1 : factory reset fails

Hello, > > Let us fix a thing one by one. First, the Reset Code handling. > ok, let's do that. > For my OpenPGP card 2.1, the Admin PIN is "12345678" (no 9). > I can successfuly set the Reset Code. > > I confirmed that with wrong Admin PIN, I got the message "Error setting > the Reset Code:

Re: Should we trust "MyMail-crypt for Gmail" Chrome extension?

On Wed 2017-02-15 07:48:57 -0500, ankostis wrote (about "MyMail-crypt for Gmail"): > I'm wondering whether this open-source Chrome-extension for GPG on GMail[1] > is to be trusted; I mean, not to call home with my secret-key and passphrase. I've never heard of it. Mailvelope is what i've heard

Re: Problems with GPGME1.8 and Python 3.5 bindings

Hi, Thanks for your advice, I could fix that and use the lib from Python. Do you know if there is any plan to better document the python bindings in the GPGME doc? I may be able to help with that if needed. Cheers Jean-François Schaff 2017-02-13 11:46 GMT+01:00 Justus Winter

Re: Expanding web-of-trust with subkey

On Wed 2017-02-15 11:54:51 -0500, Teemu Likonen wrote: > That makes things very simple, in a way. I use "trust-model direct" and > do some checking in web pages or check consistent use of signatures. If > the key seems ok I'll "--edit-key", type "trust" and assign marginal or > full trust for that

Re: GPG homedir path length limit

On Wed 2017-02-15 12:12:23 -0500, Daniel Kahn Gillmor wrote: > Why does this need to be created manually? Why not try to create it if > possible the first time there's a chance to use it, no matter what? […] > What does GnuPG gain from having a known failure mode that requires a > manual fix?

Re: GPG homedir path length limit

Hi all-- sorry for the late followup on this thread: On Mon 2017-01-16 14:16:28 -0500, Werner Koch wrote: > On Sun, 15 Jan 2017 00:39, gn...@jelmail.com said: >> Just experimenting in a sandbox homedir, I noticed that the homedir path >> needs to be below a certain size. > > That is because on

Re: Expanding web-of-trust with subkey

On 2017-02-15 10:33 AM, Kristian Fiskerstrand wrote: >> How do you do that? Is there a type of sub-key you use? >> > No, just a completely separated primary key with C capability, no > subkeys and is never published anywhere, rotated regularly to issue > lsigns for short term use Ah, that makes

Re: Expanding web-of-trust with subkey

Didrik Nordström [2017-02-14 19:02:08-08] wrote: > How do you handle key management? Let's say you just want to send a > signed and encrypted email once to someone who announced their pubkey > over https? What type of trust would you assign? I don't personally know anybody who uses gpg. Even if

Re: Expanding web-of-trust with subkey

On 02/15/2017 03:27 PM, Adam Sherman wrote: > On 2017-02-15 06:51 AM, Kristian Fiskerstrand wrote: >>> Do I need access to my master key in order to expand my web of >>> trust? This seems like quite a restriction. >> Yes, although you can generate a local CA key to use for this purpose >> for

Re: Expanding web-of-trust with subkey

On 2017-02-15 06:51 AM, Kristian Fiskerstrand wrote: >> Do I need access to my master key in order to expand my web of >> trust? This seems like quite a restriction. > Yes, although you can generate a local CA key to use for this purpose > for short term validity considerations used for local

Should we trust "MyMail-crypt for Gmail" Chrome extension?

Hi, I'm wondering whether this open-source Chrome-extension for GPG on GMail[1] is to be trusted; I mean, not to call home with my secret-key and passphrase. I searched through the mailing-list archives and found only one reference from 2014:

Re: Hybrid keysigning party, your opinion?

Hello, Le 2016-12-05 à 00:03, Peter Lebbing a écrit : > I am asking for your thoughts on a variant of the organization of the > keysigning party. I'll explain my reasoning and intentions, and I would > like to know if you think I forgot to think of something important. Is > there a way a

Re: Expanding web-of-trust with subkey

On 15/02/17 13:34, Peter Lebbing wrote: > I've written a bit about ownertrust for the keysigning party we held > last December: Additionally, this topic is also briefly covered in the FAQ[1], which is an up-to-date and maintained piece of documentation. The The GNU Privacy Handbook[2] also

Re: Expanding web-of-trust with subkey

On 15/02/17 04:02, Didrik Nordström wrote: > I wanted to send an email to a new contact (a bug report to a software > project) so I added the public key and assigned it "Fully trusted" (4). In addition to Kristian's answer, let me clarify: "Ownertrust" is your assessment of how much you want to

Re: Expanding web-of-trust with subkey

On 02/15/2017 04:02 AM, Didrik Nordström wrote: > > So.. Do I need access to my master key in order to expand my web of > trust? This seems like quite a restriction. Yes, although you can generate a local CA key to use for this purpose for short term validity considerations used for local

Expanding web-of-trust with subkey

Hi, I am new to using PGP in general, but fairly confident in the cryptographic primitives and the overall concepts. I have issued a master key on cold storage, and subkeys on my primary machine (one with encryption and one with signing privileges). I wanted to send an email to a new contact (a

Re: send-keys does not update my key

> On 14 Feb 2017, at 19:53, Kristian Fiskerstrand > wrote: > > Trust level is not a property of the public key, it is stored out of > band (in the local trustdb) Ah ok. Thanks. Marko --- Marko Bauhardt https://keybase.io/mbauhardt GPG Key ID:

Re: Aw: Re: SmartCard v2.1 : factory reset fails

Hello, again, I found a bug in GnuPG 2.1.18 for factory-reset command handling (it's not in 2.1.17 or older), I fixed it today. Then, I tested my OpenPGP card 2.1. Let us fix a thing one by one. First, the Reset Code handling. Fib Moro wrote: > It doesn't even get to the

Re: Questions about --throw-keyids

On Wed, 15 Feb 2017 00:31, d...@fifthhorseman.net said: > afaict, GnuPG only supports (1) at the moment (this is probably OK). There is a plan to add a rewrite feature to gpg so that for example you can easily add an archiving key to a message. But that is something we need to shift to 2.3. >