Hi,
First of all: The usual procedure when asking for advice is to tell us which
gpg version you are using. And on which operation system.
But it seems likely that in this case the info is not necessary.
> I received this message when using --clear-sign.
> gpg: no default secr
Sirs and ladie!
I received this message when using --clear-sign.
gpg: no default secret key: No secret key
gpg: clear-sign dialed: No secret key
Both my public and private key has been imported.
The key was made with a different user (as sudo)The current user is a non-sudo
user.
Yours truly
I solved my issue so I'm posting this for the benefit of users who might
have the same issue.
I solved my issue my generating a new key pair because there seemed to
be no way to work around the incompatibility that caused the key to not
be able to sign on my NixOS machine. I'm not sure what
On Thu, 15 Feb 2024 11:48, Bernhard Reiter said:
> But it does not get the current version of the pubkey in some circumstances.
Example? I am not zware of it.
> And the long version works in a few more elder GnuPG versions. ;)
Since 2.2.17 from summer 2019 - 5 years passed since then with a
Am Donnerstag 15 Februar 2024 10:45:53 schrieb Werner Koch:
> The following will get his pubkey by WKD on the command line:
> > gpg --locate-keys --auto-key-locate clear,nodefault,wkd w...@gnupg.org
>
> FWIW,
>
> gpg --locate-external-key w...@gnupg.org
>
> is much easier that the abvove
On Wed, 14 Feb 2024 11:24, Bernhard Reiter said:
> The following will get his pubkey by WKD on the command line:
> gpg --locate-keys --auto-key-locate clear,nodefault,wkd w...@gnupg.org
FWIW,
gpg --locate-external-key w...@gnupg.org
is much easier that the abvove long list of options.
Am Dienstag 13 Februar 2024 15:50:55 schrieb mlist_e9e869bc--- via
Gnupg-users:
> Is wk at gnupg.org the private email I can send the public key to you?
Yes, that is one of Werner's pubkeys.
The following will get his pubkey by WKD on the command line:
gpg --locate-keys --auto-key-locate
On 13/02/2024 09:57, Werner Koch 'wk at gnupg.org' wrote:
> Can you please try to import that key (with the v5 key signature) using
> a current 2.2. version (2.2.42)? Or you can send me the public key by
> private mail so that I can check what's going on.
>
>
> Salam-Shalom,
>
> Werner
>
I
On Sun, 11 Feb 2024 20:28, mlist_e9e869bc--- said:
> signature is done in Version 5, instead of Version 4 like other parts of
> the key. With that certify signature removed, I can import the secret
> key to GPG 2.2.27 no problem.
Can you please try to import that key (with the v5 key
y didn't
went out. Apologize for being a noob on mailing list.
The problem is in the certify signature. For some reason a certify
signature is done in Version 5, instead of Version 4 like other parts of
the key. With that certify signature removed, I can import the secret
key to GPG 2.2.27 no probl
On Sonntag, 11. Februar 2024 02:05:52 CET mlist_e9e869bc--- via Gnupg-users
wrote:
> I'm trying to import a key generated from GPG 2.4.4 to 2.2.27 but
> unsuccessful.
>
> Upon importing, it returns `gpg: no valid OpenPGP data found.`
>
> I tried with compliance options but it does nothing.
>
>
Hello all,
I'm trying to import a key generated from GPG 2.4.4 to 2.2.27 but
unsuccessful.
Upon importing, it returns `gpg: no valid OpenPGP data found.`
I tried with compliance options but it does nothing.
Command I used:
- export: `gpg -a --export-secret-subkey | gpg -a -c
--cipher-algo
(after making a backup) to restore the missing secret key.
Regards,
Ingo
> On 1/24/24 12:37, Werner Koch wrote:
> > On Tue, 23 Jan 2024 12:38, Leo Coogan said:
> >> sec# ed25519 2023-03-03 [SC] [expires: 2025-03-02]
> >>
> >>C0156FFBE02B4E03F7
Here's the command run on my fedora machine:
```
> gpg -K --list-options show-unusable-subkeys
/home/lcoogan/.gnupg/pubring.kbx
sec ed25519 2023-03-03 [SC] [expires: 2025-03-02]
C0156FFBE02B4E03F7792EB53D7F617CDE5C9A9B
uid [ultimate] Leo
On Tue, 23 Jan 2024 12:38, Leo Coogan said:
> sec# ed25519 2023-03-03 [SC] [expires: 2025-03-02]
> C0156FFBE02B4E03F7792EB53D7F617CDE5C9A9B
> Keygrip = 38953FFD2BD558606473A90A6EDD5B26F03FA3CB
You don't have a signing key. Ther primary key has been taken offline
('#') and can thus
Keygrip = 02EE4AA6089E9DEF7792F548C01FFD8C05F1EC21
```
On 1/22/24 02:48, Werner Koch wrote:
Hi!
[GNUPG:] KEY_CONSIDERED C0156FFBE02B4E03F7792EB53D7F617CDE5C9A9B 2
gpg: writing to stdout
[GNUPG:] BEGIN_SIGNING H10
gpg: signing failed: Bad secret key
Plase run
gpg -K --with-subkey-fingerprint --with-keygrip \
Oops, I meant to 'reply-all'.
Forwarded Message
Subject:Re: gpg: signing failed: Bad secret key
Date: Sun, 21 Jan 2024 13:02:40 -0500
From: Leo Coogan
To: Werner Koch
with `verbose` added to ~/.gnupg/gpg.conf:
```
git commit -m test
error: gpg failed
On Fri, 19 Jan 2024 14:19, Leo Coogan said:
> When I run `git commit -m` on nixos, I receive this error:
For debugging add "verbose" to ~/.gnupg/gpg.conf . This should give you
more information what's up.
Shalom-Salam,
Werner
--
The pioneers of a warless world are the youth that
refuse
When I run `git commit -m` on nixos, I receive this error:
```
error: gpg failed to sign the data:
[GNUPG:] KEY_CONSIDERED C0156FFBE02B4E03F7792EB53D7F617CDE5C9A9B 2
[GNUPG:] BEGIN_SIGNING H10
gpg: signing failed: Bad secret key
[GNUPG:] FAILURE sign 67108871
gpg: signing failed: Bad secret key
Am 2023-09-13 12:34, schrieb Werner Koch:
Hi,
so everthing looks okay. What I would now do is to strace pinentry;
Here is a wpinentry wrapper I have used in the past.
--8<---cut here---start->8---
#!/bin/sh
MYPINENTRY="/usr/local/bin/pinentry-qt"
locale
Hi,
so everthing looks okay. What I would now do is to strace pinentry;
Here is a wpinentry wrapper I have used in the past.
--8<---cut here---start->8---
#!/bin/sh
MYPINENTRY="/usr/local/bin/pinentry-qt"
locale >/tmp/pinentry.err
set >>/tmp/pinentry.err
Am Freitag 08 September 2023 15:40:43 schrieb Alexander Leidinger via
Gnupg-users:
> > You clicked on CANCEL or closed the window.
>
> No prompt at all in the console / ssh connection (and no graphics, so
> nothing to click on). So no manual cancelling from me.
There used to be pinentries issues
Am 2023-09-08 15:26, schrieb Werner Koch:
On Fri, 8 Sep 2023 13:49, Alexander Leidinger said:
2023-09-08 13:37:54 gpg-agent[94491] DBG: error calling pinentry:
Operation cancelled
You clicked on CANCEL or closed the window.
No prompt at all in the console / ssh connection (and no
On Fri, 8 Sep 2023 13:49, Alexander Leidinger said:
> default-yes=_Yes
> 2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- ERR 83886254
> Unknown option
Don't care about this error. It is shown but ignored. Future
Pinentries might want to implement a yes button and gpg provides the
:37:48 gpg-agent[94491] DBG: chan_8 -> OK2023-09-08
13:37:48 gpg-agent[94491] DBG: chan_8 <- SETKEYDESC
Please+enter+the+passphrase+to+export+the+OpenPGP+secret+key:%0A%22Alexander+Leidinger+%22%0A4096-bit+RSA+key,+ID+8F31830F9F2772BF,%0Acreated+2016-08-16.%0A
2023-09-08 13:37:48 gpg-agent[9
Please don't send HTML to this list.
gpg: key "6O0PDA84A36B6C98B261AC2020546703CDADFA53" not found
That's not a valid key ID. Key IDs are strings of hexadecimal digits.
Your second 'digit' there is the letter O, which is not a valid hexit.
gpg --delete-secret-keys CDSXFA53
That's not a
I get these endearing messages.
I cannot sign my message with the key.
I cannot delete the secret key.
I can decrypt with the secret key
gpg: signing failed: No secret key
gpg: message: clear-sign failed: No secret key
gpg: key "6O0PDA84A36B6C98B261AC2020546703CDADFA53" not
On Mon, 4 Sep 2023 19:45, Alexander Leidinger said:
> If I specify --pinentry-mode loopback it works. Shouldn't this also
> work without this option? If yes, what's wrong or how to debug this
Sure, this shall work. You may want to add
--8<---cut
Hi,
gpg 2.4.3 complains about not being able to export my key. The issue is
it can not query the secring password from my ssh session. How to debug
this further?
This is what I have:
---snip---
% LANG=C gpg --export-secret-key -a -o netchild_sec.pgp 8F31830F9F2772BF
gpg: Warning: using
Hello!
Some time ago I have made a backup of my secret key and all the
subkeys, and then deleted by-hand the master secret key by
rm ~/.gnupg/private-keys-v1.d/[keygrip].key
The subkeys were moved to a yubikey. Everything was great. Now I wanted
to import my master key for a moment
Hello!
Some time ago I have made a backup of my secret key and all the
subkeys, and then deleted by-hand the master secret key by
rm ~/.gnupg/private-keys-v1.d/[keygrip].key
The subkeys were moved to a yubikey. Everything was great. Now I wanted
to import my master key for a moment
Thanks for pointing that out
As far as I could see in the source code, this is always printed when you
decrypt something that was encrypted for this key.[...]
Some times is is so simple, just own stupidity.
___
Gnupg-users mailing list
on?
You can delete your old key from the keyring. However, you would also
lose the ability to decrypt old messages. Thus in general not a good
idea.
>> gpg: Note: secret key [KeyID] expired at [Some day in September]
>> gpg: Note: key has been revoked
We can't suppress the l
suppress this this¹
> notification?
>
> > gpg: Note: secret key [KeyID] expired at [Some day in September]
> > gpg: Note: key has been revoked
As far as I could see in the source code, this is always printed when you
decrypt something that was encrypted for this key. There is no option to
Hi list members,
I have a revoked private key in my key ring, which I replaced with new one. I
really do not want to discard this old key, for what I think good reasons. Is
there a way to let gpg ignore this key or suppress this this¹ notification?
1)
gpg: Note: secret key [KeyID] expired
Hi Robert,
I am trying to write in plain text mode so hopefully you won't be
seeing it in HTML.
I really appreciate the help you have provided me so far.
I am really not into networking and encryption stuff, so please expect
few dumb questions from me.
Can you please suggest to me the steps
I am trying to write in plain text mode so hopefully you won't be
seeing it in HTML.
Success! Thank you.
Can you please suggest to me the steps that I should follow to
redesign my solution, considering the password security?
I already have, twice.
For the third time: remove the passphrase
I am writing this email to you in plain text... I am surprised how is it
coming to as HTML.
Any idea?
Any special things I need to check before sending the email?
-Regards
Abhisht Sharma
+61 420410228
On Thu, 10 Jun 2021, 02:58 Robert J. Hansen, wrote:
> I'm not going to respond to this
Please note that the resolution of this problem is really critical so any
quick help will be highly appreciated!
-Regards
Abhisht Sharma
+61 420410228
On Thu, 10 Jun 2021, 09:18 Abhisht Sharma, wrote:
> I am writing this email to you in plain text... I am surprised how is it
> coming to as
I am writing this email to you in plain text... I am surprised how is it
coming to as HTML.
As I don't use GMail, I can't help you. You'll need to ask Google.
Your message comes through as having both plaintext and HTML parts.
This, for instance, is part of the source of your email:
But, this command had a risk of exposing *$PASSPHRASE* to the UNIX
console if any user executes *ps -ef* command while the code is running.
This was a huge security breach so I chose the *--passphrase-file*
option to read the decryption password from a file.
Now, all I need is to place the
I'm not going to respond to this until you re-send it as plain text
without HTML. The very first thing I wrote in my last email was that
this mailing list strongly prefers plain text without HTML.
We're willing to help you, but you need to follow the rules.
NCRYPTED_SOURCE_FILE *
The problem I mentioned in my original post starts from here.
The above command doesn't run and fails for "No secret Key found" issue and
runs fine if it is executed immediately after the sec
scripting GnuPG tasks is to remove the passphrase from the certificate.
Step 3. To my wonder, when I execute Step 1 first and then Step 2
(within a short span), it works, but if I directly run Step 2 ( which
actually will be happening as a part of solution), then it doesn't and
fails for &quo
--quiet
--always-trust -o /home/output_file.dat -d
/etl/inbound/encrypted_file.dat.pgp
<https://gpgtools.tenderapp.com/discussions/nightly/2094-gpg-command-failing-for-no-secret-key?anon_token=c5d07b882#now-the-problem-comes-when-i-execute-above-command-and-it-fails-for-below-error->Now
the p
Thank you anon85786376!!
--
sergio.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
‐‐‐ Original Message ‐‐‐
On Sunday, June 6, 2021 2:24 PM, sergio via Gnupg-users
wrote:
> I found the sequence to reproduce my problem:
>
> $ rm -rf .gnupg
> $ gpg --gen-key --batch < %echo Generating a 25519 key
> Key-Type: eddsa
> Key-Curve: Ed25519
> Key-Usage: cert
> Subkey-Type:
home/test/.gnupg' created
gpg: keybox '/home/test/.gnupg/pubring.kbx' created
gpg: key 6C6DB60F0545821C: public key "test " imported
gpg: key 6C6DB60F0545821C: secret key imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: secret keys read: 1
gpg: secret key
I tried the same sequence on the same host A but for new test user with
clean ~/.gnupg without success. Could you help me to debug this, please.
--
sergio.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
> --export-secret-keys
Sorry, this is a typo, or course. And to be absolutely sure, I re-checked:
B $ gpg --import secret.key
gpg: key : public key "name (comment) " imported
gpg: key : secret key imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: sec
B:
B % echo test | gpg --encrypt --recipient | gpg --decrypt
gpg: encrypted with 256-bit ECDH key, ID , created
"name (comment) "
gpg: decryption failed: No secret key
gpg version is the same on both hosts: 2.2.27-2 from debian sid
$ gpg --list-secret-keys --with-subkey-fingerprin
gpg --import private.key
But it doesn't work on B:
B % echo test | gpg --encrypt --recipient | gpg --decrypt
gpg: encrypted with 256-bit ECDH key, ID , created
"name (comment) "
gpg: decryption failed: No secret key
gpg version is the same on both hosts: 2.2.27-2 from debian si
On Tue, 8 Dec 2020 10:03, Patrick Ben Koetter said:
> $ gpg: Entschlüsselung fehlgeschlagen: Kein geheimer Schlüssel
(gpg: decryption failed: No secret key)
> $ gpg --version
> gpg (GnuPG) 2.2.24
Please update to 2.2.25 because of
* scd: Fix regression in 2.2.24 requiring gpg --ca
Greetings,
my PGP secret key is stored on a Yubikey security token and until recently I
would simply plug it into my computer and use it to encrypt/decrypt data. This
stopped working and now all I get is this unless I command gpg first to list
the card status using "gpg --card-status&quo
On Tue, 17 Nov 2020 02:28, Gao Xiaohui said:
> conf.conf". At present, the "--s2k-count" option can be used in both
> gpg.exe and gpg-agent.exe.Thank you.
In gpg.conf this is used for deriving a passphrase for symmetric
encryption.
In gpg-agent.conf it is used to override the calibrated
Thank you for your reply to my question.
In "https://dev.gnupg.org/T1800;, Werner responded: "It is an open question
whether gpg should be allowed to change the s2k options because the keys are a
property of the agent and not of gpg. For export it might hwoever make sense to
be able to change
medium and in
this case you can also a transport the secret key with a "weaker"
passphrase. Whether you use SHA256 or SHA512 does not matter. The
iteration count matters more but in any case you can't create better
security from a weak passphrase - the iteration count is a failstop
thing
nupg-users
wrote:
>
> Hello,
> Excuse me,When using "gpg --list-packets [private secret key file]",it print
> "iter+salt S2K, algo: 7, SHA1 protection, hash: 2, salt: ",
> how to change "algo:7" and "hash:2"?
> I searched
nupg-users@gnupg.org> wrote:
> Hello,
> Excuse me,When using "gpg --list-packets [private secret key file]",it
> print "iter+salt S2K, algo: 7, SHA1 protection, hash: 2, salt:
> ", how to change "algo:7" and "hash:2"?
> I se
> Am 8. August 2020 02:05:44 MESZ schrieb "Ángel":
> You had some "full" keys (public+private part). Then "moved" them to
> the
> Yubikey, so the private part was now in the yubikey, and locally you
> left just a stub saying "go look at yubikey #1234 for this key".
>
I have a backup of any key.
Am 8. August 2020 02:05:44 MESZ schrieb "Ángel" :
>On 2020-08-07 at 08:33 +0200, Thomas Schneider wrote:
>> All subkeys are marked as Stub which is correct because the keys have
>> been exported before.
>> However now the keys don't exist anymore on the keycard.
>>
>>
On 2020-08-07 at 08:33 +0200, Thomas Schneider wrote:
> All subkeys are marked as Stub which is correct because the keys have
> been exported before.
> However now the keys don't exist anymore on the keycard.
>
> Can you please advise how to fix this issue?
>
> THX
You had some "full" keys
Hi,
I had to reset my blocked Yubikey.
Then I started with setting up the key again; all worked fine including
"key attributes".
After this I tried to export the PGP keys to the token, however this
fails with error message:
gpg: KEYTOCARD failed: Unusable secret key
I don't understand
On 27/07/2020 22:53, Ayoub Misherghi wrote:
> With API I mean something like GPGME.
It seems to me that including options in gpg.conf that GPGME does not
expect people to put there might throw it out of whack.
> 1) It is preferable to have "--batch" on command line even in
> unattended
With API I mean something like GPGME.
This is what came across to me:
1) It is preferable to have "--batch" on command line even in unattended
operation; and not in the gpg.conf file?
2) --pinentry-mode when needed goes in gpg.conf
3) --allow-loopback-pinentry when needed goes in
The same thing happens when I give the option --no-batch on the command
line.
The problem seems to have gone away when I moved the config option
inentry-mode loopback
to the $HOME/.gnupg/gpg.conf from the $HOME/.ngupg/gpg-agent.conf
In the final version when development ends, I am
On 27/07/2020 20:56, Ayoub Misherghi wrote:
> The same thing happens when I give the option --no-batch on the
> command line.
But that only passes --no-batch to gpg, not to gpg-agent. Werner said
you shouldn't put these options in your .conf-files. Please just include
--batch on the command line
On 27/07/2020 11:17, Werner Koch wrote:
> of the "batch" option. This option should in general not be used for
> gpg-agent.
Which, by the way, is documented well in the man page gpg-agent(1):
--batch
Don't invoke a pinentry or do any other thing requiring human
On Sun, 26 Jul 2020 13:25, Ayoub Misherghi said:
> I am not asked for pass phrase.
Right; that is because:
> # Lines uncommented in $HOME/.gnupg/gpg-agent.conf
> log-file $HOME/gpg-log.txt
> # The same thing happens when I comment this line out
> allow-loopback-pinentry
>
> batch
of the "batch"
On 20/07/2020 20:25, Ayoub Misherghi via Gnupg-users wrote:
gpg: decryption failed: No secret key
Are your gpg.conf and gpg-agent.conf (or let's just say any .conf-file
in your GnuPG home, ~/.gnupg) empty? Do you get a pinentry popup asking
for a passphra
On 20/07/2020 20:25, Ayoub Misherghi via Gnupg-users wrote:
> gpg: decryption failed: No secret key
Are your gpg.conf and gpg-agent.conf (or let's just say any .conf-file
in your GnuPG home, ~/.gnupg) empty? Do you get a pinentry popup asking
for a passphrase?
Peter.
--
I use the GNU Priv
-07-09
"develop1"
gpg: public key decryption failed: End of file
gpg: decryption failed: No secret key
ayoub@vboxpwfl:~/testdir$ gpg --list-secret-keys
/home/ayoub/.gnupg/pubring.kbx
--
sec ed25519 2020-07-09 [SC] [expired:
.
But also see the following
I use Windows 10 and Android (Samsung A40) and would like to know,
in case the is possible with my smartphone and under Windows 10 to
use a smard card where I can enter a PIN, thus only putting a secret
key without a passphrase on it, for ease of use, because my bank card
u and Andrew are using smard cards or tokens I would like to
> ask the following, prior considering purchasing one myself in the
> near
> future.
>
> I use Windows 10 and Android (Samsung A40) and would like to know,
> in case the is possible with my smartphone and under Window
u and Andrew are using smard cards or tokens I would like to
> ask the following, prior considering purchasing one myself in the
> near
> future.
>
> I use Windows 10 and Android (Samsung A40) and would like to know,
> in case the is possible with my smartphone and under Window
e Windows 10 and Android (Samsung A40) and would like to know,
> > in case the is possible with my smartphone and under Windows 10 to
> > use a smard card where I can enter a PIN, thus only putting a secret
> > key without a passphrase on it, for ease of use, because my bank card
Andrew Gallagher wrote:
> On 09/07/2020 13:58, Stefan Claas wrote:
> > Is there software for such PIN entering for Win
> > and Android availalble
>
> The standard GPG4win package handles smartcards and PINs. I'm not an
> Android user though, so can't help you there.
>
Ah, good to know that
On 09/07/2020 13:58, Stefan Claas wrote:
> Is there software for such PIN entering for Win
> and Android availalble
The standard GPG4win package handles smartcards and PINs. I'm not an
Android user though, so can't help you there.
--
Andrew Gallagher
signature.asc
Description: OpenPGP
I use Windows 10 and Android (Samsung A40) and would like to know,
in case the is possible with my smartphone and under Windows 10 to
use a smard card where I can enter a PIN, thus only putting a secret
key without a passphrase on it, for ease of use, because my bank card
also has only a PIN. Is there sof
Ángel wrote:
> On 2020-07-08 at 23:24 +0200, Stefan Claas wrote:
> > Ryan McGinnis via Gnupg-users wrote:
> >
> > > The thing is, if you can't remember a string of random words, are you
> > > likely to remember a string 20 random letters,
> > > numbers, and characters? Generally, if your
On 2020-07-08 at 23:24 +0200, Stefan Claas wrote:
> Ryan McGinnis via Gnupg-users wrote:
>
> > The thing is, if you can't remember a string of random words, are you
> > likely to remember a string 20 random letters, numbers,
> > and characters? Generally, if your non-randomly-generated
Ryan McGinnis via Gnupg-users wrote:
> The thing is, if you can't remember a string of random words, are you likely
> to remember a string 20 random letters, numbers,
> and characters? Generally, if your non-randomly-generated password is easy
> for you to remember, it's also easy for a
>
ptions).
Laptop can be used for everything not requiring a secret key.
In event that a secret key needs to be used, (decrypt, sign, authenticate,
etc), the laptop can be booted from the usb drive.
Also, have a backup of the keyring in a Veracrypt container that easily fits on
an microSD card on an
The thing is, if you can't remember a string of random words, are you likely to
remember a string 20 random letters, numbers, and characters? Generally, if
your non-randomly-generated password is easy for you to remember, it's also
easy for a computer to guess. Diceware is the attempt to make
Hello Stefan,
despite my cooperation with the p≡p foundation, the lack of support for
smart cards and tokens is THE knockout criterion why I do not use
sequoia pgp.
It's a good question what to do if you lose your SC or token.
Basically, it has to be said that you should definitely have a backup
Ryan McGinnis via Gnupg-users wrote:
> Went to a security seminar where I asked a random FBI agent after a
> presentation about passwords; he said just to get into
> their personal terminals it was something like 17 characters minimum and that
> the passwords were randomly generated letters
>
> On 8 Jul 2020, at 20:17, Stefan Claas wrote:
>
> And regarding smard cards, what do people do when they are traveling
> and the smard card gets by accident broken or lost?
Multiple smart cards. If you quit rather than save after transferring your
subkeys to smart card, they remain on disk
Juergen Bruckner via Gnupg-users wrote:
> Well i think that's one more reason why you need a smart card or token
> like GnuPG-Card or Nitrokey (or a Yubikey for my sake).
Hi Juergen,
well the thing is I no longer use GnuPG and instead sequoia pgp, which
currently has no smard-card support
Went to a security seminar where I asked a random FBI agent after a
presentation about passwords; he said just to get into their personal terminals
it was something like 17 characters minimum and that the passwords were
randomly generated letters and numbers and symbols and that they were
Well i think that's one more reason why you need a smart card or token
like GnuPG-Card or Nitrokey (or a Yubikey for my sake).
Regards
Juergen
Am 08.07.20 um 18:36 schrieb Stefan Claas:
> Ryan McGinnis via Gnupg-users wrote:
>
>> Six years ago Snowden said to assume the NSA can try roughly 1
Ryan McGinnis via Gnupg-users wrote:
> Six years ago Snowden said to assume the NSA can try roughly 1 Trillion
> passwords per second. I imagine it's significantly
> more by now.
Holy cow! That raises then probably one more question, i.e. the required
minimum length for a strong password
Six years ago Snowden said to assume the NSA can try roughly 1 Trillion
passwords per second. I imagine it's significantly more by now.
-Ryan McGinnis
http://www.bigstormpicture.com
Sent via ProtonMail
‐‐‐ Original Message ‐‐‐
On Wednesday, July 8, 2020 6:33 AM, Stefan Claas
Andrew Gallagher wrote:
> Entropy checkers only provide an *estimate* of randomness, at best an upper
> bound. Once you know that someone has used a
> particular key expansion algorithm, the entropy estimate can go down
> dramatically. This is because randomness is a measure of
> ignorance,
the
calculation (cf the Monty Hall problem).
Andrew Gallagher
> On 8 Jul 2020, at 11:53, Stefan Claas wrote:
>
> Ingo Klöcker wrote:
>
>>> On Dienstag, 7. Juli 2020 22:42:07 CEST Stefan Claas wrote:
>>> Let's say you travel a lot and do not want to risk that your secre
Ingo Klöcker wrote:
> On Dienstag, 7. Juli 2020 22:42:07 CEST Stefan Claas wrote:
> > Let's say you travel a lot and do not want to risk that your secret key
> > gets compromised due to border control etc.
> >
> > One simply uses the program passphrase2pgp, from
On Dienstag, 7. Juli 2020 22:42:07 CEST Stefan Claas wrote:
> Let's say you travel a lot and do not want to risk that your secret key
> gets compromised due to border control etc.
>
> One simply uses the program passphrase2pgp, from GitHub[1] and when creating
> the key and
Regenerating your secret key like this is perhaps dangerous and easy to do
wrong, for example you will probably leak it in your shell's history. If an
attacker finds out this is your scheme, they can then start to brute force your
secret key without need any access to your data, which happened
/her easy to remember password into
the Bitcoin software and then it
gets converted to a secret key, which then can be brute forced easily, like the
article states.
With my humble approach one would input the strong password, derived from the
easy to remember one.
Regards
Stefan
--
my 'hidden
Philihp Busby wrote:
> Regenerating your secret key like this is perhaps dangerous and easy to do
> wrong, for example you will probably leak it in
> your shell's history. If an attacker finds out this is your scheme, they can
> then start to brute force your secret key
> w
Stefan Claas wrote:
> Stefan Claas wrote:
[...]
> Here's a little Go program, wich does this without the above commands,
> so that it can be used on Windows without OpenSSL:
>
> package main
>
> import (
> "crypto/sha256"
> "bufio"
> "os"
> "fmt"
>
1 - 100 of 492 matches
Mail list logo