The successful attacks were on reduced-round versions of the algorithm, not on
the current implementations. The article was mostly informative for crypto
geeks as a state-of-the-art. The practical advice for end-users would be to
stick with the defaults for now.
Joe
On Wednesday, August
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Would it be considered a best practice to rotate encryption subkeys on
an annual basis, or would that be considered overkill for most uses?
I realize that messages are encrypted using ephemeral session keys
which in turn are encrypted with
On Sep 1, 2009, at 10:51 AM, Seidl, Scott wrote:
We use gnupg in an automated mode within the organization to encrypt/
decrypt documents exchanged between companies. The Key Pair we have
is expiring soon and I am replacing it with a new key pair. This
new key would be provided to the
I tried compiling 1.4.10rc1 on Mac OS X 10.6 without success.
During make the compile bombed here:
...
mv -f .deps/mpih-mul.Tpo .deps/mpih-mul.Po
gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I../include-g -O2 -Wall -Wno-
pointer-sign -MT mpiutil.o -MD -MP -MF .deps/mpiutil.Tpo -c -o
mpiutil.o
On Sep 1, 2009, at 9:47 PM, Joseph Oreste Bruni wrote:
I tried compiling 1.4.10rc1 on Mac OS X 10.6 without success.
During make the compile bombed here:
...
mv -f .deps/mpih-mul.Tpo .deps/mpih-mul.Po
gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I../include-g -O2 -Wall -Wno-
pointer-sign -MT
On Wednesday, September 02, 2009, at 08:18AM, David Shaw
ds...@jabberwocky.com wrote:
No mass sign ability, but you can do some shell magic like:
for i in (the keyids here)
do
gpg -u XX --lsign $i
done
This assumes you don't have a passphrase on the key (otherwise you'd
have to type
Here is a UI enhancement request: In the edit-key menu, typing uid *
selects all UID's. Currently, I have to type uid # for every UID
individually. Typing uid by itself currently deselects all UID's.
___
Gnupg-users mailing list
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Joseph Oreste Bruni wrote:
Here is a UI enhancement request: In the edit-key menu, typing uid *
selects all UID's. Currently, I have to type uid # for every UID
individually. Typing uid by itself currently deselects all UID's.
I just re
:26:31 [GMT -0700] (which was 7:26 where I
live) Joseph Oreste Bruni wrote:
I just re-read my post and realized how badly worded it was (verb
tense). Correction: I want to be able to type uid * and have it
select
all UID's.
This would be in preparation for some global function like changing
On Friday, September 04, 2009, at 01:48PM, Johan Wevers
joh...@vulcan.xs4all.nl wrote:
Compiles and runs fine on Slackware 10.
However, 2 small points: the signature check claims the key has expired, and
gpg --version says it's from 2008.
Werner's current key includes subkeys that don't
On Wednesday, September 16, 2009, at 12:46PM, Robert J. Hansen
r...@sixdemonbag.org wrote:
M.B.Jr. wrote:
I've recently had access to this document, written by the United
States Patent and Trademark Office (USPTO) which basically tries to
ban software patents.
The memorandum in question is
Last time I checked, the President doesn't appoint judges in
Minnesota, the Governor does.
On May 25, 2005, at 3:40 PM, Robert Zagarello wrote:
What? You expect the age of enlightenment? You
forget who's President. Usually when the head stinks
the fish is not far behind.
On Nov 6, 2006, at 1:14 PM, David Shaw wrote:
If you are not planning to sync with the outside world, then may I
suggest using LDAP?
I considered the use of LDAP since I just recently built an OpenLDAP
server for us to use for centralized user authentication and it would
fit right in.
Do you get the same result when using the current version of GnuPG
(i.e. 1.4.5)? Is the file sent ASCII armored? When you say sends
what is the method (FTP, email, etc.)? If using FTP, is the transfer
method text or binary? Is one of the computers in question using
Windows? What is your
On Nov 7, 2006, at 7:01 AM, David Shaw wrote:
Personally, I think that LDAP is better for key populations that have
a distinct boundary: a company, for example. In a company, key
merging isn't really that useful or desirable, as generally there
isn't much back-and-forth key signing. Rather,
You need to import the key in order for gpg to use it. Use the gpg --
import command. You will then need to sign the key so that gpg
considers it valid using the --sign-key command or using the
sign sub-command from inside the --edit-key menu.
On Nov 8, 2006, at 6:05 PM, Yahya Alameddine
Typing help at the --edit-key prompt will display a list and
explanation of the various commands available.
In this case, the adduid command would be used.
Joe
On Nov 9, 2006, at 11:06 AM, axel muller wrote:
what is the command in the edit-key section to add a
missing uid to a key
for
Does not build on OS X (10.4.8). While trying to build libgpg-error I
received the following link error:
ld: common symbols not allowed with MH_DYLIB output format with the -
multi_module option
../intl/libintl.a(loadmsgcat.o) definition of common
__nl_msg_cat_cntr (size 4)
gpg --symmetric --encrypt
The default is CAST5, but you can specify the algorithm using --
cipher-algo
-Joe
On Nov 14, 2006, at 12:52 PM, Wei Wu [H] wrote:
Hi there,
I want to create a symmetric cipher such as AES to encrypt some
data, and
think gpg (GnuPG Version 1.4.2.1) may do this.
Your question is ambiguous. What are you trying to do? Use one key
pair on two systems, or use two key pairs on two systems?
If the former, simply copy the .gnupg directory to the second system.
If the former, simply create a second key pair on the second system.
On Nov 27, 2006, at 9:18
Hi Werner,
Do the build-problem fixes in 2.0.1 include OS X/Darwin? Or, should I
wait for a future release?
Joe
On Nov 29, 2006, at 6:55 AM, Werner Koch wrote:
Hello!
We are pleased to announce the availability of a new stable GnuPG-2
release: Version 2.0.1
This is maintenance release
On Nov 29, 2006, at 7:26 AM, Adam Cripps wrote:
On 11/23/06, Werner Koch [EMAIL PROTECTED] wrote:
Hi,
As of now only 151 out of 1230 casted their vote.
Hurry, the deadline is next Thursday.
Salam-Shalom,
Werner
I don't seem to have received the URL either - please can you
forward
On Nov 29, 2006, at 10:08 AM, Benjamin Donnachie wrote:
Joseph Oreste Bruni wrote:
Do the build-problem fixes in 2.0.1 include OS X/Darwin? Or, should I
wait for a future release?
What problems are you having?
Ben
Two, actually. libgpg-error will not build unless I disable NLS.
After
On Nov 30, 2006, at 6:23 AM, Michael Erskine wrote:
My limited understanding was that symetric keys were just a pair
of fancy numbers! :)
Sorry, I meant asymmetric keys of course :)
Regards,
Michael Erskine.
The keys themselves are similar at a basic level. But the packaging
and
On Dec 8, 2006, at 10:17 AM, Todd Zullinger wrote:
Werner Koch wrote:
Basically I am the list owner :-(.
Good grief man, your head must hurt from all those hats. :)
His other name is Zaphod.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
This is probably an HP packaging problem. I've built GPG on HP-UX
11.11 and it works fine with the setuid-root bit enabled.
The only problems I've encountered with older versions of GPG were
with regards to libiconv and gettext not being present.
Joe
On Jan 24, 2007, at 7:55 AM, Schwant,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello all,
Back in June of 2005, someone asked if it were possible to import a
secret subkey. The reply was that that feature would not be ready
with 1.4.2.
With 1.4.6, has this feature been made available yet? I've tried and
it doesn't seem
It appears that an entry already exists for this issue as issue 318. It was
closed as resolved with the message:
Won't be changed, GnuPG 2 will eventually use an entirely
different scheme to manage secret keys.
Should I create a new issue or can you just re-open the existing issue?
Joe
On
You might want to check out Domain Keys which is used to
authenticate email sessions between MTA's.
Also, peer-to-peer authentication can be accomplished via X.509
certificates and SSL.
Joe
On Feb 8, 2007, at 5:03 AM, Bèr Kessels wrote:
Hello,
With the current growth of online
If you happen to be using Mac OS X, you can store encrypted bits of
information in the Keychain. And if you have a .mac account, your
keychain data can be automatically synchronized across systems.
-Joe
On Feb 13, 2007, at 11:20 AM, Jim Hendrick wrote:
What you are doing works. But take a
On Thursday, February 15, 2007, at 10:01AM, Nomen Nescio [EMAIL PROTECTED]
wrote:
Nomen Nescio wrote:
I use thunderbird on my laptop and desktop with an IMAP server, and
I've been mailing myself encrypted mails with website passwords so I
have access to them on both computers.
This is just
On Feb 19, 2007, at 11:54 AM, NikNot wrote:
On 2/19/07, Adam Funk [EMAIL PROTECTED] wrote:
Is there any reason to physically secure your *public* keyring in
... (Well, I suppose you might want to hide your secret identity!)
Unfortunately, the whole GPG, with WebOfTrust construct, makes
Do you have the developer tools installed?
Joe
On Feb 23, 2007, at 10:36 PM, boksbox wrote:
I tried to install the 1.4.6 update to my 1.4.5 GnuPG. As I
followed the
compile instruction I encounter an error. When I do ./configure
an error
comes up at the end of the display and
Two things:
1) You can't decrypt a file with a public key. Obviously the company
who sent you the file doesn't understand public-key encryption either
because they would need YOUR public key in order to encrypt files to
you. The first step for them would have been to request a key from
On Feb 27, 2007, at 12:13 PM, [EMAIL PROTECTED] wrote:
Joseph Oreste Bruni [EMAIL PROTECTED] writes:
Some OS's allow non-root users to allocate a limited
amount of wired memory (BSD, OS X) whereas HP-UX does not.
HP-UX can ! It just doesn't, by default.
root can use setprivgrp(1M
It wouldn't make sense to try to package GPG using a .app bundle
since GPG itself will most often be used from the command line. As
such, you would need to update your PATH environment variable to
include a deep reference to something like /Applications/GnuPG/
Content/MacOS/gpg instead of
In this case a detached signature would be your best bet. You would
check the detached sig in with the source code. When the source is
checked out, you could then validate that the source has not changed
since it was signed. Be careful, though, if you use any embedded
keywords with your
You have a few choices:
1) remove the passphrase from the private key
2) pass the passphrase to gpg using the --passphase-fd option
3) supply the passphrase using the --pasephrase-file option
4) supply the passphrase using the --passphrase option
On Mar 14, 2007, at 1:04 AM, aloha wrote:
On Apr 12, 2007, at 8:50 PM, Robert J. Hansen wrote:
to export private keys, without need to enter passphrase. This is
very
dangerous to a multi-user computer.
Clearly, you don't trust the computer you share with other users. So
why, exactly, are you running GnuPG on it?
Running GnuPG
The 0 in --passphrase-fd 0 is the number of the file descriptor
from which gpg will read the passphrase. In this case, 0, is stdin.
Since you didn't attach stdin to a pipe or a file through
redirection, stdin is still attached to your terminal. You aren't
being prompted for your
If the passphrase is passed in as a parameter to the script, the
passphrase will be clearly visible in the process list (on Unix/
Linux) (via the ps command).
To be honest, there is really no way to properly secure a passphrase
for an automated system if the passphrase exists anywhere on
Now we just need to remove your toe. :)
On Apr 17, 2007, at 3:04 PM, Thomas Sowa wrote:
Hi,
i just created a new key, the revocation and tatood the passphrase
on my left
toe :-=
Thanks for help, i figured that the situation looks bad, but hoped
thare could
be done something. If it
check out the --list-packets option.
On Apr 27, 2007, at 7:03 PM, James Moe wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
Is is possible to view the contents of a public key file without
importing first?
- --
jimoe (at) sohnen-moe (dot) com
-BEGIN PGP SIGNATURE-
Check out cygwin. http://www.cygwin.com
On Apr 29, 2007, at 7:01 PM, acudetox wrote:
Thanks man, pardon the very bad pun...lol :)
Anyhow I'm using a pc, and all the searching on the net for man bc
seemed to
point to Mac's, the most amazing computers on the market by the way...
On May 6, 2007, at 6:11 AM, Janusz A. Urbanowicz wrote:
On Sat, May 05, 2007 at 09:03:02PM +0200, Piotr Firlej wrote:
On 5/5/07, Philipp Gühring [EMAIL PROTECTED] wrote:
Hi,
Hi, thanks for reply,
Here you have a list of random number generators that are
available on the
market:
How about bar code? I don't know long it would be to hold a key though.
That might exceed the capabilities of some bar-code scanners.
--
PGP Fingerprint:
C54A C9DD 84AD C6FC D343 67C4 5195 D63A CD55 18C7
On Tuesday, May 15, 2007, at 12:23AM, Roscoe [EMAIL PROTECTED] wrote:
Hey folks,
I'm
Fingerprint:
C54A C9DD 84AD C6FC D343 67C4 5195 D63A CD55 18C7
On Wednesday, May 16, 2007, at 12:44PM, David Shaw [EMAIL PROTECTED] wrote:
On Tue, May 15, 2007 at 09:07:35AM -0500, Ryan Malayter wrote:
I would suggest using plain old base64 ASCII and a large version of a
font like OCR-A or
On May 16, 2007, at 5:08 AM, Jim Berland wrote:
P.S.: I never came into contact with certificates like the ones from
Thawte or CACert.org before and I don't know anybody who uses them.
Considering the problems I see with GPG for this task, though, I
wonder if certificates would do the job
David Shaw wrote:
Most of the storage media in use today do not have particularly
good long-term (measured in years to decades) retention of data.
If and when the CD-R and/or tape cassette and/or hard drive the
secret key is stored on becomes unusable, the paper copy can be
used to restore
Securing normal email can be done using either an OpenPGP-compliant
email client and/or one that support S/MIME using X.509 certificates.
Trying to secure webmail is a lot more tedious since you'd need to
prepare the email in a local text-editor, sign it using GnuPG, and
paste the resulting
When creating a new subkey, I'm given the option of setting an
expiration. The prompt allows me to specify a duration for the new
subkey.
Please specify how long the key should be valid.
0 = key does not expire
n = key expires in n days
nw = key expires in n weeks
On Jun 1, 2007, at 11:31 AM, David Shaw wrote:
On Fri, Jun 01, 2007 at 11:01:02AM -0700, Joseph Oreste Bruni wrote:
When creating a new subkey, I'm given the option of setting an
expiration.
The prompt allows me to specify a duration for the new subkey.
Please specify how long the key
On Jun 1, 2007, at 11:31 AM, David Shaw wrote:
On Fri, Jun 01, 2007 at 11:01:02AM -0700, Joseph Oreste Bruni wrote:
When creating a new subkey, I'm given the option of setting an
expiration.
The prompt allows me to specify a duration for the new subkey.
Please specify how long the key
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Jun 4, 2007, at 1:42 AM, Werner Koch wrote:
On Fri, 1 Jun 2007 22:01, [EMAIL PROTECTED] said:
Awesome. Would you consider updating the prompt reflecting that
capability?
Enter a question mark at the prompt to see a help text.
This is
On Jun 12, 2007, at 8:27 AM, Hardeep Singh wrote:
Even if the PGP license key was somehow compromised (which I highly
doubt), it does not follow that probably our keys can also be
cracked.
Why not?
Breaking PGP's license key doesn't not in any way imply that my
private key has been
On Jun 19, 2007, at 7:36 AM, Andrew Berg wrote:
I wonder how many more people are going to tell me this, even after
I've demonstrated that I understand the concept (I'm pretty sure I
even signed that message!).
Just think of it as review.
:)
By definition of symmetric encryption, you must use the same key to
decrypt that was used to encrypt. I'm not sure what you're really
asking.
When you say public key is used to generate symmetric key you lost
me. Symmetric keys are typically just random numbers pulled from /dev/
random or
Gotcha. The public key does not generate the key. I'm going to walk
through the process again, so please bear with me.
I'm going to send you a message.
GPG creates a random key from a source of entropy such as /dev/
random. This key is used in a symmetric cipher such as AES128 to
encrypt
1. In your gpg.conf, you can specify a digest-algo SHA256 which will set your
default signature algorithm. The preferences in your key are used by others to
determine which algorithms to use when sending messages to you. Not the other
way around.
2. Your key ID will be a number (e.g. CD55
--
PGP Fingerprint:
C54A C9DD 84AD C6FC D343 67C4 5195 D63A CD55 18C7
On Friday, June 22, 2007, at 12:36PM, David Shaw [EMAIL PROTECTED] wrote:
On Fri, Jun 22, 2007 at 10:54:23AM -0700, Joseph Oreste Bruni wrote:
1. In your gpg.conf, you can specify a digest-algo SHA256 which
will set
In the man page for gpg2, in the --import section:
--import
--fast-import
Import/merge keys. This adds the given keys to the
keyring. The fast version is cur-
rently just a synonym.
There are a few other options which control how
On Feb 3, 2009, at 1:28 PM, lee_an...@bellsouth.net wrote:
Good Afternoon,
I am currently trying to decrypt a file through an automated process
that is called by a webservice called BPEL. Now in my development
environment it works great but in my test enviroment I receive the
following
Hi Lee,
I'm not that familiar with BPEL, so perhaps you can elaborate on it.
When it starts a shell to execute commands as a user (oracle in this
case), does it always launch the shell specified in the user's /etc/
passwd (/bin/bash) or does it simply start a POSIX shell (/bin/sh). If
On Friday, February 13, 2009, at 12:44PM, David Shaw ds...@jabberwocky.com
wrote:
Interesting.
http://googlesystem.blogspot.com/2009/02/gmail-tests-pgp-signature-verification.html
David
I like the idea of signature validation, but I'm not so sure I would like the
idea of uploading my
On Feb 23, 2009, at 8:49 AM, gerry_lowry (alliston ontario canada)
wrote:
http://support.apple.com/kb/HT1620
How to use the Apple Product Security PGP Key
http://www.apple.com/support/security/pgp/
Protecting Security Information
F.Y.I.: I've not noticed anything similar from Microsoft
Okay, I've resisted getting into this discussion long enough, and I can't
stands no more!
Since we're talking about photos, what would be wrong with PRINTING them? I
think a printed photo would last a lot longer than any computer-based
technology. And, you could store them in shoeboxes.
Is there a way to have GnuPG automatically retrieve a key for encryption
similar to the way the auto-key-locate feature works, but when specifying a
keyid instead of an email address? For example, if someone has a key id, but
not a key, I would like gpg to automatically pull the key from my
http://www.theregister.co.uk/2009/03/03/encryption_password_ruling/
Hi List,
This article caught my eye. One of the things that I gleaned from the
article is that it's obvious that law enforcement (at this level) does
not have the ability to brute-force crack PGP encrypted data. Instead,
On Thursday, March 05, 2009, at 10:14AM, gerry_lowry (alliston ontario
canada) gerry.lo...@abilitybusinesscomputerservices.com wrote:
David Shaw wrote, in part:
You can have one subkey for encryption, one subkey for signing, and
leave your primary key for certification.
This lets
On Mar 4, 2009, at 9:35 AM, Pulipaka, Satyanarayana {PEP} wrote:
Hi,
I want to deploy GPG on HP-UX Itanium platform. Am little
confused where can I found the installable version of this.
Could any one of you please let me know?
Best regards,
Satya
I've checked the various HP-UX
On Mar 16, 2009, at 6:49 PM, Stefan Caunter wrote:
Apologies for this not being specific to the gnupg list, but could I
possibly ask if anyone knows if it was ever possible to export
multiple certs in DER format?
In http://www.intevation.de/roundup/aegypten/msg433 Werner states that
there is
On Mar 28, 2009, at 10:09 PM, Hardeep Singh wrote:
I have tested it on Opera, IE, Firefox (on Windows and Linux)
but do not have a way to test on Safari.
Why not just download the Windows version of Safari and test it
yourself?
___
On Friday, April 24, 2009, at 01:07AM, Werner Koch w...@gnupg.org wrote:
On Fri, 24 Apr 2009 05:15, jmoore...@bellsouth.net said:
GPG supports PGP/MIME without any trouble; but not all MUA's can handle
PGP/MIME. Most notably, all of the MUA's distributed by M$. :-\
Well with GpgOL Outlook
On Apr 26, 2009, at 9:13 PM, Allen Schultz wrote:
On Sun, Apr 26, 2009 at 9:11 PM, Faramir faramir...@gmail.com wrote:
Hash: SHA256
How do I set my default hash again?
First, you'll need a signing key that will support the larger hash
size. I dropped my old DSA key in favor of RSA in
Your automated process is not running with the same home directory as
your login shell.
-Joe
On Apr 29, 2009, at 8:24 AM, Schrago, Gerard wrote:
Hi all,
Sorry to insist but I really need someone that can answer my question.
Why a running process cannot decrypt a file while the very same
On Jun 12, 2009, at 11:24 PM, Steven W. Orr wrote:
There's a pgp concept that I'm not comfortable with. It has to do
with the
difference between owner trust and key validity. And I say
comfortable, not
because I don't like it or that I don't think it doesn't work; I
just don't
feel like
On Jun 23, 2009, at 8:01 PM, David Shaw wrote:
On Jun 23, 2009, at 3:35 PM, Joseph Oreste Bruni wrote:
ftp(1):
ascii Set the file transfer type to network ASCII. This
is the default type.
Binary is not the default in the command line ftp program.
Oddly, it is when I
On Jun 28, 2009, at 8:34 PM, Jesse Cheung wrote:
Since I still feel totally green in this area I am still listening to
opinions on the list and haven't pushed my key yet :P
Hi Jesse,
There is no rule that says you must upload your key to a keyserver. If
you are concerned that others
On Jul 1, 2009, at 12:26 PM, Kārlis Repsons wrote:
Hello,
its more a curiosity for me now, but I remember one university
lecturer
saying, that successful quantum computer would make public key
cryptography
useless. Some experiment here:
http://www.physorg.com/news165418586.html
Opinions on
You probably just need to set ultimate trust on your own key. Once you do that,
all the keys you've signed should be considered valid.
-Joe
On Friday, July 31, 2009, at 12:40PM, Ritesh Patel patelrit...@gmail.com
wrote:
___
Gnupg-users mailing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
http://www.securityfocus.com/news/11556
Not entirely on topic, but for those using GnuPG (or other encryption
software), you should always keep abreast of the encryption laws of
your country.
-BEGIN PGP SIGNATURE-
Version: GnuPG
81 matches
Mail list logo