Re: Pass expiration date param to subkey only via unattended key generation

Use gpg --quick-gen-key --batch t...@test.com ed25519 sign,cert and then gpg --quick-add-key --batch FINGERPRINT cv25519 encr sign,cert 2y Thank you very much! I will see how I can apply this, in a single sh script with the unattended key generation as well. The thing is I "feed"

Pass expiration date param to subkey only via unattended key generation

Dear All, Context: https://www.gnupg.org/documentation/manuals/gnupg/Unattended-GPG-key-generation.html A script will create on demand GPG keys unattended that will be further used to automatically sign a document, but the requirement is that they must also include an Encryption subkey to

Problem refreshing keys: Server indicated a failure

Hello, One of my notebooks running apparently fails to refresh keys from key servers for so long time. - it is running the latest gpg4win bundle (3.1.4); - there is no firewall preventing gpg's connection to the key server; - it just says: refreshing keys from hkps:// and hangs for like 10 - 15

Re: Questions about particular use cases (integrity verification w/o private key, add E flag to primary key, import secp256k1 key)

Hello Mario, Robert, Replying to both inline. Mario Castelán Castro wrote: > On 29/08/17 02:09, s7r wrote: >> I understand that the first one is ECDSA and the second is ECDH, but >> can't I use the same secp256k1 key (if I import it) but in different two >> representations

Re: Questions about particular use cases (integrity verification w/o private key, add E flag to primary key, import secp256k1 key)

Hi everyone, thanks for everyone's very helpful feedback. See inline. Shawn K. Quinn wrote: > On 08/29/2017 02:14 AM, s7r wrote: >> Hi Phil, >> Thanks - this is indeed _very_ useful for my use case. I don't think the >> second part is a problem since I can particular

Re: Questions about particular use cases (integrity verification w/o private key, add E flag to primary key, import secp256k1 key)

Robert J. Hansen wrote: >> The thing is, if I create an ECC (ECDSA) secp256k1 primary key with >> Sign, Certify capabilities I can also create a subkey with E >> capability which is also a secp256k1 key. So, they can be used for >> encryption after all, so why can't I just add E capability to

Re: Questions about particular use cases (integrity verification w/o private key, add E flag to primary key, import secp256k1 key)

Phil Pennock wrote: > On 2017-08-28 at 19:05 -0400, Rob J Hansen wrote: >>> 1. Is it possible, when transporting a message from Alice to Bob, >>> without holding any of their private keys, to do the following checks: >>> - verify the integrity of the message and make sure it is sanitized and >>>

Re: Questions about particular use cases (integrity verification w/o private key, add E flag to primary key, import secp256k1 key)

Robert J. Hansen wrote: >> It works with a RSA key, but not with ECC. Try with secp256k1 and you'll >> only get Sign and Certify capabilities. At least this is what happens on >> my side. > > I apologize for sounding like I'm condescending here: it's not my > intent. However, there are very

Re: Questions about particular use cases (integrity verification w/o private key, add E flag to primary key, import secp256k1 key)

Robert J. Hansen wrote: >> Tried both of them, not working. They only produce a single primary key >> (8 RSA or 11 ECC) with S,C capabilities (without E). > > *shrugs* Do better. Seriously, if you literally choose option 8 and > just go through the defaults you'll get a single primary key with

Re: Questions about particular use cases (integrity verification w/o private key, add E flag to primary key, import secp256k1 key)

Robert J. Hansen wrote: 2. Is it possible to have just one key (the primary one, no subkey) with E flag also (S,C,E) -- I know this is not recommended but this is a particular use case and the risks are acknowledged. I guess gnupg will not allow you to do this by default, but

Re: Questions about particular use cases (integrity verification w/o private key, add E flag to primary key, import secp256k1 key)

Robert J. Hansen wrote: >> Well, you can go one step further. Unless the sender is throwing the >> key ids, you can look to see which keyids are given as hints in the >> outermost layer, to see which people are expected to be able to decrypt >> it. > > Sure, but this is a heuristic, not a formal

Re: Questions about particular use cases (integrity verification w/o private key, add E flag to primary key, import secp256k1 key)

Thanks for the reply. See inline, Robert J. Hansen wrote: >> 1. Is it possible, when transporting a message from Alice to Bob, >> without holding any of their private keys, to do the following checks: >> - verify the integrity of the message and make sure it is sanitized and >> Bob can decrypt it

Questions about particular use cases (integrity verification w/o private key, add E flag to primary key, import secp256k1 key)

Hi list, Please help me with some information and hints. 1. Is it possible, when transporting a message from Alice to Bob, without holding any of their private keys, to do the following checks: - verify the integrity of the message and make sure it is sanitized and Bob can decrypt it with his

Re: Popescu and keys

Hello, I tried to read this guy's blog either but it seams like you have to pay to read it (buy credits with bitcoin). I don't know who the hell this guy thinks he is, not even Bruce Schneier asks to pay fees to read his blog/research papers, but I am just going to keep calm. So, since I

Re: different passwords for subkeys of the same masterkey

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Thank you very much for your reply. Please see my comments below in the replied text: On 1/21/2015 4:36 AM, Daniel Kahn Gillmor wrote: On Mon 2015-01-12 10:13:48 -0500, s7r wrote: Is it possible to have one masterkey with two subkeys (sbind