Re: Cannot export SSH public key

On Fri, Jan 5, 2024 at 2:43 PM Werner Koch wrote: > That is right. The ssh-agent protocol has no means to tell the > ssh-agent or gpg-agent some important environment cariabales, like the > current tty or DISPLAY. Interesting, thanks for the look behind the scenes! > I am so used to run the

Re: Cannot export SSH public key

On Fri, Nov 24, 2023 at 9:09 AM Felix E. Klee wrote: > In addition, I need: > > gpg-connect-agent updatestartuptty /bye or otherwise, I get no PIN entry dialog / prompt ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.

Re: gpg --card-status

On Sat, Dec 30, 2023 at 11:30 PM Felix E. Klee wrote: > Example output with line numbers: > > 01 Reader ...: Yubico YubiKey CCID 00 00 > 02 Application ID ...: D276000124010304000618698015 > 03 Application type .: OpenPGP > 04 Version ..

Re: Cannot export SSH public key

1736 created : 2023-06-29 03:50:43 Authentication key: 9DFF AD98 566A 604F 7290 7C24 32B1 06F6 877C C64B created : 2023-11-22 15:14:14 General key info..: pub rsa4096/1BE349D11B6ED589 2023-06-29 Felix E. Klee (YubiKey) sec> rsa4096/1BE349D11B6ED

Re: Cannot export SSH public key

1736 created : 2023-06-29 03:50:43 Authentication key: 9DFF AD98 566A 604F 7290 7C24 32B1 06F6 877C C64B created : 2023-11-22 15:14:14 General key info..: pub rsa4096/1BE349D11B6ED589 2023-06-29 Felix E. Klee (YubiKey) sec> rsa4096/1BE349D11B6ED

gpg --card-status

21 created : 2023-06-29 03:50:43 22 Authentication key: 7A0F E73D DB74 4F0F 9734 1DA7 1BE3 49D1 1B6E D589 23 created : 2023-06-29 03:50:43 24 General key info..: pub rsa4096/1BE349D11B6ED589 2023-06-29 Felix E. Klee (YubiKey) 25 sec> rsa4

Re: Cannot export SSH public key

--list-keys --keyid-format LONG yubi...@f76.eu pub rsa4096/1BE349D11B6ED589 2023-06-29 [SC] 7A0FE73DDB744F0F97341DA71BE349D11B6ED589 uid [ultimate] Felix E. Klee (YubiKey) sub rsa4096/7CC02D68D2E31736 2023-06-29 [E] sub rsa4096/32B106F6877CC64B 2023

Re: Cannot export SSH public key

$ gpg --list-keys --keyid-format LONG yubi...@f76.eu pub rsa4096/1BE349D11B6ED589 2023-06-29 [SC] 7A0FE73DDB744F0F97341DA71BE349D11B6ED589 uid [ultimate] Felix E. Klee (YubiKey) sub rsa4096/7CC02D68D2E31736 2023-06-29 [E] sub rsa4096/32B106F6877CC64B 2

Re: Cannot export SSH public key

never $ gpg --list-keys --keyid-format LONG --with-keygrip yubi...@f76.eu pub rsa4096/1BE349D11B6ED589 2023-06-29 [SC] 7A0FE73DDB744F0F97341DA71BE349D11B6ED589 Keygrip = 0E67508AC6866D82ABB95E0B53CF5D18DC48A786 uid [ultimate] Felix E. Klee (YubiKey)

Re: Cannot export SSH public key

On Thu, Nov 23, 2023 at 10:17 AM Felix E. Klee wrote: > Can you explain why the output of `ssh-add -L` did not change? Also > why is it not the same as the output from `gpg --export-ssh-key > yubi...@f76.eu`? OK, I may have found the issue: $ grep -rl Use-for-ssh ~/.gnupg/private-

Re: Cannot export SSH public key

On Thu, Nov 23, 2023 at 2:19 PM Stephan Verbücheln via Gnupg-users wrote: > Host gitlab.com > HostName gitlab.com > User git > IdentityAgent ${XDG_RUNTIME_DIR}/gnupg/S.gpg-agent.ssh Thanks, that works. Even the variable is expanded. In addition, I need: gpg-connect-agent

Re: Cannot export SSH public key

orrect? Does it match what > you see with > > ssh-add -L Output: $ gpg -k --with-keygrip yubi...@f76.eu pub rsa4096 2023-06-29 [SC] 7A0FE73DDB744F0F97341DA71BE349D11B6ED589 Keygrip = 0E67508AC6866D82ABB95E0B53CF5D18DC48A786 uid [ultimate] Felix

Re: Cannot export SSH public key

29 [SC] 7A0FE73DDB744F0F97341DA71BE349D11B6ED589 uid [ultimate] Felix E. Klee (YubiKey) sub rsa4096/D2E31736 2023-06-29 [E] sub rsa4096/877CC64B 2023-11-22 [A] Should I better use the authentication key exported by GPG for SSH? But how to make tha

Re: Cannot export SSH public key

29 [SC] 7A0FE73DDB744F0F97341DA71BE349D11B6ED589 uid [ultimate] Felix E. Klee (YubiKey) sub rsa4096/D2E31736 2023-06-29 [E] sub rsa4096/877CC64B 2023-11-22 [A] Should I better use the authentication key exported by GPG for SSH? But how to make tha

Cannot export SSH public key

iry (never) However, I cannot export it for SSH: $ gpg --list-keys --keyid-format SHORT yubi...@f76.eu pub rsa4096/1B6ED589 2023-06-29 [SC] 7A0FE73DDB744F0F97341DA71BE349D11B6ED589 uid [ultimate] Felix E. Klee (YubiKey) sub rsa4096/D2E31736 2023-06-29

Re: Finding all files encrypted with a certain key

On Wed, Oct 25, 2023 at 9:23 PM Werner Koch wrote: > > gpg: decryption failed: No secret key > > > > I wonder how to get rid of that. > > grep -v on stderr ;-). Thanks, I was thinking about that. But I think simply using find, as suggested by Andrew and raf, is sufficient and simple. > I

Re: Finding all files encrypted with a certain key

On Tue, Oct 24, 2023 at 5:12 PM Andrew Gallagher wrote: > GNU `file` will print the encryption key ID: Interesting. I wonder if there is any disadvantage of using `file` over Werner’s proposal. ___ Gnupg-users mailing list Gnupg-users@gnupg.org

Re: Finding all files encrypted with a certain key

On Wed, Oct 25, 2023 at 10:08 AM raf via Gnupg-users wrote: > > How do I do that for a massive directory tree? > > With my rawhide (rh) program (github.com/raforg/rawhide) you can do it > with something like this: > > rh /path '"*.gpg" && "*PGP*encrypted*BEF6EFD3 8FE8DCA0*".what' Very

Re: Finding all files encrypted with a certain key

On Tue, Oct 24, 2023 at 5:21 PM Werner Koch wrote: > encrypted-to-me-p.sh > --8<---cut here---start->8--- > #/bin/sh > gpg -d --status-fd 1 -o /dev/null 2>/dev/null "$1" | awk ' > $1=="[GNUPG:]" && $2=="ENC_TO" && $3=="BEF6EFD38FE8DCA0" {print $1; exit 0}' >

Finding all files encrypted with a certain key

For the purpose of re-encryption with a new key, I’d like to find all files that are encrypted with my key BEF6EFD38FE8DCA0. All encrypted files, independent of key, have the extension `.gpg`. How do I do that for a massive directory tree? ___

Re: YubiKey/OpenPGP card connection issues for non-root user

The issue persists. Sometimes the readers (just now the YubiKey) are not visible to the user. But they are always to root k. I then disabled the PC/SC daemon: [felix@felix-arch ~]$ sudo systemctl disable pcscd Removed "/etc/systemd/system/sockets.target.wants/pcscd.socket".

Re: YubiKey/OpenPGP card connection issues for non-root user

On Mon, Aug 7, 2023 at 3:30 PM Werner Koch wrote: > > I also tried killing root’s gpg-agent, to avoid conflicts with that > > of the user, but that didn’t help either. > > Right a second scdaemon might have grabbed the device. If you don't > need it as root put into root's gpg-agent.conf

Re: YubiKey/OpenPGP card connection issues for non-root user

On Mon, Aug 7, 2023 at 9:00 AM NIIBE Yutaka wrote: > Please note that there may be two methods to access the device in > scdaemon: > > * in-stock CCID driver of scdaemon > * the PC/SC service > > Your output shows that you are connecting the smartcard reader through > the PC/SC service.

Re: YubiKey/OpenPGP card connection issues for non-root user

79FE 04FD F78D 1679 DD94 created : 2016-12-17 10:49:18 Authentication key: [none] General key info..: pub rsa4096/BEF6EFD38FE8DCA0 2016-12-17 Felix E. Klee sec> rsa4096/BEF6EFD38FE8DCA0 created: 2016-12-17 expires: 2020-11-1

YubiKey/OpenPGP card connection issues for non-root user

Recently I set up a YubiKey 5C NFC, and when I connect it to my Linux system (running in VMware under Windows), it sometimes takes minutes to be able to use. I.e. it can take forever until I get a successful response from: gpg --card-status OTOH I can immediately get a response when I run

Re: YubiKey 5C NFC not detected

Werner Koch via Gnupg-users writes: > scdaemon does not see any reader. That might simply due to another > process which uses the reader (the yubikey tools). None the wiser: $ cat ~/.gnupg/scdaemon.conf debug cardio verbose log-file /tmp/scd.log pcsc-shared $ gpgconf

Re: YubiKey 5C NFC not detected

Ingo Klöcker writes: > $ echo scd getinfo reader_list | gpg-connect-agent --decode $ ykman config usb -l OTP FIDO U2F FIDO2 OATH PIV OpenPGP YubiHSM Auth $ gpgconf --kill gpg-agent $ echo scd getinfo reader_list | gpg-connect-agent --decode OK :( >

Re: YubiKey 5C NFC not detected

Ingo Klöcker writes: > Are you sure "Yubico Yubi" is the correct value for the reader-port > option? It’s what is suggested in the official [Troubleshooting Issues with GPG][1]. They also suggest: Yubico Yubikey That doesn’t work either. As I realized before, their guides are not up to

YubiKey 5C NFC not detected

I would like to set up a YubiKey 5C NFC for SSH, but it doesn’t get detected by GnuPG: $ ykman config usb -l OTP FIDO U2F FIDO2 OATH PIV OpenPGP YubiHSM Auth $ cat .gnupg/scdaemon.conf reader-port Yubico Yubi $ gpgconf --kill gpg-agent $ ps x | grep

Re: Limit access to unlocked OpenPGP SmartCard?

Well, I think I could extend my SPR332 [mod][1]: * Add a push-button that one has to press to close the C7 circuit for I/O. Without that button pressed, the smart card cannot communicate with the reader. That means, for every operation, one would need to hold that button, kind of

Re: Limit access to unlocked OpenPGP SmartCard?

Jacob Bachmeyer via Gnupg-users writes: >> After I unlock an OpenPGP SmartCard V2.1 in my SPR332 [mod][1], […] > > Does your smartcard reader have its own keypad for entering the PIN? yes ___ Gnupg-users mailing list Gnupg-users@gnupg.org

Re: Limit access to unlocked OpenPGP SmartCard?

On Thu, 27 Jan 2022 at 14:54, Matthias Apitz wrote: > gpgconf --reload scdaemon Gotta try that, maybe execute it with a timer, better than nothing. Best would be if the card itself could be configured to only do a certain number of operations after being unlocked. I think everything else is

Limit access to unlocked OpenPGP SmartCard?

After I unlock an OpenPGP SmartCard V2.1 in my SPR332 [mod][1], I can use it to decrypt as many files as I want. While this is convenient, it is not great if the system is compromised and I forget to unplug the card reader. Is there any way to limit how long the OpenPGP SmartCard remains

Re: Decrypting fails unless card status

On Tue, 15 Dec 2020 at 19:45, MFPA <2017-r3sgs86x8e-lists-gro...@riseup.net> wrote: > Is that a consequence of using a card? No. I do have an accessible private key, but it’s more than 9,000 km away, and traveling is not so easy these days. ___

Decrypting fails unless card status

-01 00:00:00 gpg: encrypted with 4096-bit RSA key, ID 04FDF78D1679DD94, created 2016-12-17 "Felix E. Klee " gpg: public key decryption failed: Invalid ID gpg: decryption failed: No secret key Note that I have to run with faked system time since I cannot extend th

Re: 0.332

On Mon, Feb 11, 2019 at 12:17 PM Gerd v. Egidy wrote: > How does it compare size-wise to the cyberJack one from Reiner SCT? * cyberJack RFID standard: 62 x 95 x 13 mm * 0.332 enclosure: 69 × 111 × 13 mm It could be fun to replace the pin pad by a smaller one and create a custom

0.332

FYI: https://github.com/feklee/0.332 This is a mod of the SCM SPR332 v2 smart card reader, making it smaller and lighter. For quite a while I have regularly been using it with my phone: https://gist.github.com/feklee/92f76d2c8a7cabc477360d82b5305c19

Re: Cannot decrypt file encrypted with enQsig

DE5C6E97DA42AE8, created 2018-09-06 "Felix E. Klee " gpg: 3DES encrypted data gpg: Note: sender requested "for-your-eyes-only" So yes, 3DES! Fortunately, as can be seen above, with the custom key I was able to

Re: Communication with card reader encrypted?

Thanks for clarification! On Mon, Aug 27, 2018 at 11:51 AM, Werner Koch wrote: > The connection between the card reader and the host is not encrypted > because that would require a key setup first and that would also be > subject to key logging. The host could provide a public encryption key to

Re: Communication with card reader encrypted?

On Sun, Aug 26, 2018 at 10:41 AM, Peter Lebbing wrote: > The OpenPGP smartcard and generic smartcard protocols do define > "Secure Messaging", but I don't think this is commonly used for cabled > OpenPGP smartcards. Would be interesting to find out. > I think you'll need to trust the cable

Re: Communication with card reader encrypted?

On Sun, Aug 26, 2018 at 12:31 AM, Dirk Gottschalk wrote: > This is a really interesting question. But, does this really matter > got an USB device? If there is a program on your computer, which > interceps the communication, the security of you system is already > broken. I am more thinking

Communication with card reader encrypted?

When I decrypt a file using an OpenPGP card, is the communication between a USB card reader and the GnuPG daemon encrypted? Or: Is the decrypted session key sent unencrypted through the cable? ___ Gnupg-users mailing list Gnupg-users@gnupg.org

Re: Android/Termux: How to build gpg-agent without maintainer mode?

On 8/22/18, Dirk Gottschalk wrote: > This depends on the source of your source version. If it is from a > release tarball, this shouldn't bother you. > > I only get this warning if I have compiled from the GIT repository. Uh oh, I didn’t check out a release! Changed the [build instructions][1]

Re: Android/Termux: How to build gpg-agent without maintainer mode?

On Wed, Aug 22, 2018 at 1:08 PM, Dirk Gottschalk wrote: > There's nothing what should "bug" you. Well if I call `g10/gpg` in the build, I get a big fat warning: gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a

Android/Termux: How to build gpg-agent without maintainer mode?

I managed to get `gpg-agent` run with USB smart card support under Android/Termux: https://gist.github.com/feklee/92f76d2c8a7cabc477360d82b5305c19 What bugs me is that I had to compile in maintainer mode: Now I get warnings that the software should not used be used with production keys.

Re: Cannot decrypt file encrypted with enQsig

On Wed, Aug 15, 2018 at 12:13 PM, Peter Lebbing wrote: > Here's the catch: unless you have an on-disk copy of your private > encryption key, you can't. [if enQsig uses 3DES] I do have a backup of the private key, but it’s 1. out of reach at the moment and 2. it’s a pain to restore. So far, I’m

Re: Cannot decrypt file encrypted with enQsig

pg: encrypted with 4096-bit RSA key, ID 04FDF78D1679DD94, created 2 016-12-17 "Felix E. Klee " gpg: public key decryption failed: Missing item in object gpg: decryption failed: No secret key gpg: secmem usage: 0/32768 bytes in 0 blocks $ gpg --versio

Re: Cannot decrypt file encrypted with enQsig

On Thu, Aug 2, 2018 at 2:14 PM, Peter Lebbing wrote: > So I think it's a safe bet they also screwed up the PKESK packet for > your subkey, and the error is indeed related to it not representing a > valid session key. As I would like to understand things a bit better, do you think it is possible

Re: Cannot decrypt file encrypted with enQsig

4096-bit RSA key, ID 04FDF78D1679DD94, created 2016-12-17 "Felix E. Klee " gpg: public key decryption failed: Missing item in object gpg: decryption failed: No secret key $ gpg --list-packets new.gpg gpg: encrypted with RSA key, ID 9D8C454A43A6D2DE

Re: Cannot decrypt file encrypted with enQsig

On Mon, Jul 30, 2018 at 12:40 PM, Felix E. Klee wrote: > “Invalid value” Same on Linux BTW (with the Cherry ST-2000). ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Cannot decrypt file encrypted with enQsig

its] gpg: encrypted with RSA key, ID 9D8C454A43A6D2DE gpg: encrypted with RSA key, ID 92663E7CA68E4EC6 gpg: encrypted with 4096-bit RSA key, ID 04FDF78D1679DD94, created 2 016-12-17 "Felix E. Klee " gpg: public key decryption failed: Invalid value g

Re: Cannot decrypt file encrypted with enQsig

Zum Vergleich eine Datei, die ich selbst für mich verschlüsselt habe, und die ich erfolgreich entschlüsseln kann: >gpg --list-packets foo.gpg gpg: encrypted with 4096-bit RSA key, ID 04FDF78D1679DD94, created 2 016-12-17 "Felix E. Klee " # off=0 ctb=85 tag=

Re: Cannot decrypt file encrypted with enQsig

ying to guess what you mean .. . pub rsa4096/BEF6EFD38FE8DCA0 2016-12-17 [SC] [expires: 2018-12-17] 5EF8B6017F668171259945D6BEF6EFD38FE8DCA0 uid Felix E. Klee sub rsa4096/04FDF78D1679DD94 2016-12-17 [E] [expires: 2018-12-17] > Could you provide a

Cannot decrypt file encrypted with enQsig

validity: ultimate ssb rsa4096/04FDF78D1679DD94 created: 2016-12-17 expires: 2018-12-17 usage: E card-no: 0005 4980 [ultimate] (1). Felix E. Klee The sender then prepared the encrypted file using a software called enQsig: “wir verwenden eine zentrale Gateway

Re: gpg: [don't know]: 1st length byte missing

Thanks, Werner! No backup, and I think there is no way to recover the password, which - in this case - is very unfortunate. :( I wonder how this happened. The drive is a Samsung EVO SSD with NTFS. ___ Gnupg-users mailing list Gnupg-users@gnupg.org

Re: gpg: [don't know]: 1st length byte missing

On Sun, Oct 22, 2017 at 12:06 PM, wrote: > please list the encrypted text as part of the inline message. Thanks for pointing that out. Here you go: -BEGIN PGP ARMORED FILE- Comment: Use "gpg --dearmor" for unpacking

gpg: [don't know]: 1st length byte missing

See the attached file. When I try to decrypt it using `gpg -d`, I get: gpg: [don't know]: 1st length byte missing `gpg --version` (on Windows): gpg (GnuPG) 2.2.1 libgcrypt 1.8.1 Copyright (C) 2017 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later

Re: gpg: KEYTOCARD failed: Unusable secret key

On Tue, Jul 26, 2016 at 1:22 PM, Andrew Gallagher wrote: > If you want to keep a backup copy on local disk, you need to quit > *without saving* immediately after running 'keytocard'. Hitting to quit did the trick. Now I could copy the key – a new one – to two cards. Thanks

Re: gpg: KEYTOCARD failed: Unusable secret key

On Tue, Jul 26, 2016 at 1:22 PM, Andrew Gallagher wrote: > What does it say when you run "gpg --list-secret-keys" on your local > machine now? *Without* the smart card reader connected, it says: # gpg –list-secret-keys /ramdisk/pubring.kbx

gpg: KEYTOCARD failed: Unusable secret key

Successfully moved a key to an [OpenPGP-Card][1]. Now, as backup, I want to install the key to a second card, but that failed: # gpg --edit-key $KEY [...] gpg> toggle [...] ggp> keytocard Really move the primary key? (y/N) y [...] Please select where to store the

Re: How to export ASCII armored secret key without passphrase?

On Wed, Jan 20, 2016 at 6:13 PM, Peter Lebbing wrote: > $ gpg2 --export-secret-keys | gpg --import Thanks! On my system, Arch, that’s: $ gpg --export-secret-keys | gpg1 --import ___ Gnupg-users mailing list

How to export ASCII armored secret key without passphrase?

There’s a known issue: Is there any workaround? For example, could I export an ASCII armored key with a passphrase, then decrypt the exported key? Command that failed without passphrase (the key doesn't have one): $ gpg --armor --export-secret-keys

Re: Generating 4096 bit key fails – why?

On Wed, Nov 4, 2015 at 3:09 AM, NIIBE Yutaka wrote: > Here is a fix. It will be in the next release. > > http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=c5a9fedba66361ddd9f596528882750068543298 Thanks! Any idea when the next release is scheduled to be available?

Re: Generating 4096 bit key fails – why?

On Mon, Nov 2, 2015 at 3:04 AM, NIIBE Yutaka wrote: > It failed when gpg frontend tried to change the key attribute for > RSA-4096. > >> […] > > Do you happened to have (and run) old scdaemon of 2.0? Unfortunately that doesn’t seem to be the explanation. After starting `gpg

Re: Generating 4096 bit key fails – why?

On Tue, Oct 27, 2015 at 9:09 PM, Werner Koch wrote: > Please add > > --8<---cut here---start->8--- > debug 1024 > debug 2048 > log-file /this/is/my/scdaemon.log > --8<---cut here---end--->8--- > > to

Generating 4096 bit key fails – why?

As already mentioned in the October 2015 thread “Bad secret key” on , I cannot generate a 4096 bit on my [OpenPGP card][1]. What could be the issue? Details: $ uname -a Linux felix-arch 4.2.3-1-ARCH #1 SMP PREEMPT Sat Oct 3 18:52:50 CEST 2015

Trezor - Could this be the model for a PGP crypto device?

Yesterday in Las Palmas de Gran Canaria, I attended a [talk][1] by Marek Palatinus, one of the relatively early Bitcoin miners and cofounder of [SatoshiLabs][2]. He gave an introduction to his path into Bitcoin, and things that went wrong, and then he presented the [Trezor][3] crypto device. The

Re: Talking about Cryptodevices... which one?

On Wed, Jan 28, 2015 at 1:46 AM, NIIBE Yutaka gni...@fsij.org wrote: From the viewpoint of getting unencrypted private key, it's like: On flash ROM: Private key encrypted --\ \ On flash ROM: DEK encrypted --\ [AES]--

Re: Talking about Cryptodevices... which one?

On Tue, Jan 27, 2015 at 6:14 PM, Andreas Schwier andreas.schwier...@cardcontact.de wrote: The encryption on the card is unrelated to the PIN. So the private key is encrypted with an AES key that is also stored on the card? Then why encrypt the private key at all? Against what attack does

Re: Talking about Cryptodevices... which one?

On Sat, Jan 24, 2015 at 4:05 AM, NIIBE Yutaka gni...@fsij.org wrote: gnuk (running on the FST-01) How does that store the private key? Password encrypted? A smart card stores the key unencrypted, right? ___ Gnupg-users mailing list

Re: Talking about Cryptodevices... which one?

On Tue, Jan 27, 2015 at 5:19 PM, Andreas Schwier andreas.schwier...@cardcontact.de wrote: The platform we use for the SmartCard-HSM generates a random AES key during platform initialization and encrypts all key material in EEPROM under this key. The only time the key is handled in plain (plain

Re: Talking about Cryptodevices... which one?

On Fri, Jan 23, 2015 at 3:25 AM, Faramir faramir...@gmail.com wrote: Any advice? I bought an OpenPGP smart card at [cryptoshop][1]. Whether they ship to Chile, I don’t know. The cards are actually distributed by [kernel concepts][2]. I called them, and they told me: * Currently they don’t

Re: Crypto device where I need to confirm every operation?

On Thu, Jan 22, 2015 at 6:34 PM, Johannes Zarl johan...@zarl.at wrote: On my setup, the smartcard seems to only allow one sign operation per pin-entry. Right, for signing I am always asked for the PIN. I didn't check that before posting. ___

Crypto device where I need to confirm every operation?

I currently use GnuPG with an OpenPGP Card V2.0 in a smart card reader with PIN pad. Surely, that adds a certain layer of security, as all encryption and signing operations happen on the card. However, there is one attack which I think could be easily prevented: With the card in the reader, the

Info on sub keys?

that there was/is some problem with key servers and sub keys. If there is any good documentation on sub keys, aside from technical specifications (such as RFC 2440), then please let me know. -- Felix E. Klee ___ Gnupg-users mailing list Gnupg-users

Re: Info on sub keys?

/PGPpage2.htm -- Felix E. Klee ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

OpenPGP card: What RSA problems? Why not for key signing?

a subkey with limited lifetime for everyday use, and I'll store this key on a third card. -- Felix E. Klee ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg: OpenPGP card not available: Assuan server fault

places. But I don't want to do OpenPGP: I want to do SSH with the OpenPGP card. I roughly followed the howto behind the following URL: http://cyphertext.de/ssh-openpgpcard-howto.txt This howto mentions the use of gpg2. -- Felix E. Klee ___ Gnupg

gpg: OpenPGP card not available: Assuan server fault

1.2.2 libassuan 0.6.10 libksba 0.9.13 pth 2.0.6 -- Felix E. Klee ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Pinpad on SPR532 isn't used

of pinpad support apply to *any* driver or only to the internal CCID one? -- Felix E. Klee ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Pinpad on SPR532 isn't used

info..: [none] Command passwd gpg: OpenPGP card no. D276000124010101000105B6 detected PIN Enter PIN: [Here I have to enter my PIN via my computer's keyboard] The version of the reader's firmware is 5.05 IIRC. What may be the reason for the problem? -- Felix E. Klee

Re: Changing the email address on an existing key...how? Should I?

already, chances are that it's private part may have been stolen at some point during its life time, unless you have handled it very carefully. If you're worried about this, you may want to create a new key. -- Felix E. Klee ___ Gnupg-users mailing list

Re: PGP and Smartcards?

At Fri, 22 Jul 2005 22:42:20 +0200, Zeljko Vrba wrote: Felix, if you wish to finish the applet yourself, I can help you a bit with the existing code, if you need help. Right at the moment, I also have time problems ;-). But I may be interested to do that in the near future. -- Felix E. Klee

PGP and Smartcards?

) and whose license (LGPL) is compliant with the license of the GnuPG. * If not GnuPG, what free software alternatives are there for doing PGP signing and decryption with a smart card? -- Felix E. Klee ___ Gnupg-users mailing list Gnupg-users

PGP and Smartcards?

) and whose license (LGPL) is compliant with the license of the GnuPG. * If not GnuPG, what free software alternatives are there for doing PGP signing and decryption with a smart card? -- Felix E. Klee ___ Gnupg-users mailing list Gnupg-users