.
Cheers
Chris Poole
[PGP BAD246F9]
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
, DSA or Elgamal.
Are you able to recommend any particular resources or books that cover ECC in a
more complete and up to date fashion?
Cheers
Chris Poole
[PGP BAD246F9]
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org
On 1 Feb 2012, at 15:00, Robert J. Hansen r...@sixdemonbag.org wrote:
Googling for nsa suite b qould be a pretty good starting place,
probably. The National Security Agency has approved the use of ECC for
classified material as part of their Suite B cryptography package. As
is the case with
On 1 Feb 2012, at 15:41, Werner Koch w...@gnupg.org wrote:
@book{Hankerson:2003:GEC:940321
Thank you, that's useful.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On Sun, Jan 22, 2012 at 4:02 AM, Robert J. Hansen r...@sixdemonbag.org wrote:
A 1024-bit key has about an 80-bit keyspace, which is a factor of 16 million
larger. Given the advances in supercomputing in the last decade it is
reasonable to believe 1024-bit keys are either breakable now or
On Mon, Jan 23, 2012 at 6:16 PM, Robert J. Hansen r...@sixdemonbag.org wrote:
You may say the only purpose of the primary key is to sign the subkeys,
but if it's technically possible for the primary key to sign documents
then the purpose of the primary key is to sign documents.
This is why I
On Mon, Jan 23, 2012 at 4:52 PM, brian m. carlson
sand...@crustytoothpaste.net wrote:
Because it's also used to sign other people's keys. Using a very large
key (for 256-bit equivalence, ~15kbits) makes verification so slow as to
be unusable. You have to not only verify signatures on other
is still being done by the subkeys, so is
it simply that they're signed by the parent 1024-bit key, and this key
is easier to fake?
Thanks,
Chris Poole
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Hi,
I start gpg-agent with the -q option to make it quiet.
I then run a script that executes gpg -qse ... on several files,
encrypting and signing them (quietly).
I still find output like this in my terminal window:
You need a passphrase to unlock the secret key for
user: Chris Poole ch
On Mon, Nov 14, 2011 at 2:42 PM, Peter Lebbing pe...@digitalbrains.com wrote:
The trick obviously is that find can do multiple executions. I didn't know
this
either, I just tried it out :). There are different variations. This one
outputs
the hashes on stdout, and I don't know a way to
://grepular.com/Automatically_Encrypting_all_Incoming_Email
Thanks, that's interesting reading. I use `getmail` to grab the messages, and
just pass them through gpg when this runs, so it works well for what I want.
Cheers
Chris Poole
[PGP BAD246F9]
___
Gnupg
already been tampered
with, is it OK to simply run
gpg -o somefile.gpg -s somefile.gpg
or is it better to decrypt them all, and then sign and encrypt in one go?
Thanks,
Chris Poole
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http
On Fri, Nov 11, 2011 at 10:27 PM, David Tomaschik
da...@systemoverlord.com wrote:
I would just produce a list of SHA1s of the files and then sign that.
OK thanks, I hadn't thought of that. I'd still have to decrypt and re-encrypt
them to keep hashes of all plaintext versions of the files though.
about, but presumably it is the same
as on unix-like machines.
In this case, the things you type are being passed to the program correctly,
it's just that nothing is shown on screen (no ***'s, etc) to inform you of this.
Cheers
Chris Poole
[PGP BAD246F9
confirm that gpg works correctly for you, such that your bad
passphrase warning you're getting is the result of you having and/or entering
an incorrect passphrase.
Best of luck.
Chris Poole
[PGP BAD246F9]
___
Gnupg-users mailing list
Gnupg-users
-and-decryption-cache? (I guess, if I really wanted this I
should provide a patch. :-) )
That was precisely my point; if anything, entering the passphrase twice is more
of a security risk than storing it for 2 subkeys at the same time (risk of being
overlooked, etc.).
Cheers
Chris Poole
[PGP BAD246F9
your passphrase has been cached for each of those *actions*, it
will remain in gpg-agent's memory for the duration of the cache set in
your home directory ~/.gnupg/gpg-agent.conf
That's a shame, but thanks.
Cheers
Chris Poole
[PGP BAD246F9]
___
Gnupg
) once for the
encryption key, and then again, for the signing key.
Can I instruct the agent to give the passphrase for any subkey? Given
that they're both subkeys, the passphrases are the same.
Thanks
Chris Poole
[PGP BAD246F9]
___
Gnupg-users mailing
keys, so I'm being prompted twice, but they
are both belonging to the same primary key: can that passphrase apply to all
subkeys when entered for any one?
I hope that clarifies what I want to do...
Cheers
Chris Poole
[PGP BAD246F9]
___
Gnupg-users
, to make
sure corruption didn't occur during network transfer (i.e., nothing
cryptographic).
Thanks for the help. I'm just going to get used to entering my
passphrase a little more!
Cheers
Chris Poole
[PGP BAD246F9]
___
Gnupg-users mailing list
Gnupg
change the encrypted data in
such a way that I won't notice it when I decrypt the file, but somehow
the file will still decrypt?
Thanks
Chris Poole
PGP key: BAD246F9
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo
, where did you read this?)
I can't remember, but possibly some Duplicity documentation. It's a backup
program that uses gpg for encryption, and allows for both encryption and
signing.
Cheers
Chris Poole
[PGP BAD246F9]
___
Gnupg-users mailing list
Gnupg
be in a certain container isn't, or something extra is
there in its place.
Have you considered a separate key for the signature?
I use a separate signing key anyway, for all my signatures. How would using a
separate key help here?... I'd still need to give my passphrase somehow.
Cheers
Chris Poole
[PGP
to realise this, somehow. A separate manifest file (also encrypted)
keeps track of which encrypted containers hold which files, so the attack is
definitely harder (or at least more noticeable). I think it's still best to sign
though, just to remove more possible attack vectors.
Cheers
Chris Poole
count (in the secret key packet section). Does this map
to the number I gave on the command line when changing my passphrase?
Thanks
Chris Poole
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On 8 Jul 2011, at 17:31, David Shaw ds...@jabberwocky.com wrote:
Yes. Note that the list-packets output shows the internal packed value:
6553600 should come out to 201. The default of 65536 would encode to 96.
I do indeed get 201. Out of interest, how is that calculated?
I also changed the
Thank you.
On 8 Jul 2011, at 20:06, Hauke Laging mailinglis...@hauke-laging.de wrote:
Am Freitag, 8. Juli 2011, 20:35:57 schrieb Chris Poole:
On 8 Jul 2011, at 17:31, David Shaw ds...@jabberwocky.com wrote:
Yes. Note that the list-packets output shows the internal packed value:
6553600
it takes to run for x.y seconds
would be useful. KeePass, for example, automatically calculates how many rounds
can be calculated in 1 second, and will set the count accordingly.
On 8 Jul 2011, at 20:08, David Shaw ds...@jabberwocky.com wrote:
On Jul 8, 2011, at 2:35 PM, Chris Poole wrote
...@jabberwocky.com wrote:
On Jul 3, 2011, at 12:15 PM, Chris Poole wrote:
On Sun, Jul 3, 2011 at 4:45 PM, David Shaw ds...@jabberwocky.com wrote:
There are some obscure edge cases where you must have a 3DES or AES
encrypted
private key, but for the overwhelming majority of people
, David Shaw ds...@jabberwocky.com wrote:
On Jul 2, 2011, at 3:37 PM, Chris Poole wrote:
Hi,
I changed the order of preferred ciphers and hash functions using setpref.
My public key has changed, but not the fingerprint.
That is correct. Changing the various preferences does not change
Hi,
I changed the order of preferred ciphers and hash functions using setpref. My
public key has changed, but not the fingerprint.
Is the done thing now to ask anyone with the key to pull the latest version?
(I've already updated the keyserver version.)
Thanks
the passphrase cache time?
I was decrypting a large number of files ( 12,000), and about half
way through I was asked for my passphrase again. I assume the cache
had expired.
On Fri, May 20, 2011 at 1:27 AM, Grant Olson k...@grant-olson.net wrote:
On 5/19/2011 7:07 AM, Chris Poole wrote:
Hi
I often
on the matter, or even
whether or not this is the best approach.
Thanks
Chris Poole
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
I have been using gpg for a while now, with just one subkey for signing and
encryption.
I decided I wanted a separate key for signing, so if I have to give away my
private key for decrypting documents, they can't use it to impersonate me too.
Listing my keys was like this:
pub
If you were forced to disclose your encryption key, you could give them just
that particular subkey and not give them the signing subkey at all.
But isn't the likelihood that they'll get your passphrase too, so the
security lies in the hope that they don't have access to the signing
subkey?
I want to check I'm not doing something stupid.
I have backed up my .gnupg directory, including my revoke certificate,
to a symmetrically-encrypted tar file.
The password for this is a 50 character randomly-generated, stored in
my KeePass database (protected via a strong passphrase that I know).
Why not just store the GPG encrypted file directly with the strong
passphrase that I know ?
I'm happy to do that, I'm just trying to keep the very long,
complicated passphrases I have to remember to as few as possible.
I really just want to make sure that storing my revoke certificate
this
I don't use GPG all that much, but am a little concerned with the recent
SHA1 collision news.
From what I've read on this list, it doesn't seem to be too much of an
issue.
I wonder if someone could clarify some things for me, please:
1) Is this just an issue with signatures, or does it impact
Thanks for the reply.
I now feel a little safer doing what I'm doing :)
PS: IMHO there are more usable ways of managing one's passwords than
storing them in a GnuPG file (although much can be accomplished by
wrapping access to that file through a number of shell scripts, I
assume).
Yes, I
Consider keepassx
Yes I have used this before; I may give it another go.
Thanks.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Hi,
I am using GnuPG to encrypt a plain text file of my passwords.
How secure is it to use my own public key as the encryption method
(rather than symmetric), given that the password file is stored on the
same drive as my public and private keys?
Thanks.
Yes, this is correct, and what I thought would be the answer.
I was just concerned that an attacker (say, a thief that steals my
laptop), would have both my secret key and something encrypted with
that secret key.
I wasn't sure if this would somehow reduce the effectiveness of the
Hi,
I am using GnuPG to encrypt a plain text file of my passwords.
How secure is it to use my own public key as the encryption method
(rather than symmetric), given that the password file is stored on the
same drive as my public and private keys?
Thanks.
43 matches
Mail list logo