Hello!
The GNU project is pleased to announce the availability of Libgcrypt
version 1.5.0. This is the new stable version of Libgcrypt and upward
compatible with the 1.4 series.
The 1.4 series will enter end of life state on 2012-12-31.
Libgcrypt is a general purpose library of cryptographic
On Mon, 4 Jul 2011 05:01, ds...@jabberwocky.com said:
figures out how many iterations it can do in 1/10 of a second (which
always results in a value higher than 65536 these days), and uses
that. I believe that the newer GPG (2.x) has some support for this
design, but I don't recall offhand
On Fri, 8 Jul 2011 00:06, li...@meumonus.com said:
I'm trying to use the gpg-preset-passphrase command and it keeps
failing. My thought is I'm not getting the keygrip correct. How do I
discover the keygrip for a public certificate?
With the stable 2.0 version of GnuPG the keygrip is only
On Fri, 8 Jul 2011 22:54, li...@chrispoole.com said:
I don't know if this would be of any real use (perhaps just for those
that are pretty sure of the slowest machine they'll be decrypting
their private key on), but a function to calculate how many rounds it
takes to run for x.y seconds
On Tue, 12 Jul 2011 23:59, do...@dougbarton.us said:
It works, does it seem like the right thing to do?
Yes, this patch is correct. I was not aware that FreeBSD jumped to
Libgcrypt 1.5.0 so fast ;-).
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
On Wed, 13 Jul 2011 14:49, roland.lor...@commerzbank.com said:
make[1]: *** No rule to make target `../cipher/libcipher.a', needed by
`gpgsplit'. Stop.
I could not resolve the problem by using a current gnu make instead of the
Solaris make.
The problem is stated as solved in your
On Wed, 20 Jul 2011 03:25, r...@sixdemonbag.org said:
I'm presenting the script here in case someone else finds it useful, but
really, it's embarrassingly simple.
gpg --gen-random --armor 1 16
Might even be a bit simpler ;-)
Shalom-Salam,
Werner
--
Die Gedanken sind frei.
Hi,
can you please try the attached patch for GnuPG? I checked that it
applies against a vanilla 2.0.17 but I have not done any tests.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
x
Description: Binary data
On Wed, 20 Jul 2011 21:48, pe...@digitalbrains.com said:
AFAIK, you need to get the public key imported in GnuPG before you do
--card-status. So you first download your own public key from a keyserver or a
website or a USB stick, you don't get it from the smartcard. Only when GnuPG
already
On Sat, 23 Jul 2011 16:30, kloec...@kde.org said:
to use the cache for signing but not for decryption), so why not add
another option like --share-signing-and-decryption-cache? (I guess, if I
really wanted this I should provide a patch. :-) )
Actually an option is not even required. When
On Sun, 24 Jul 2011 23:57, r...@sixdemonbag.org said:
If anyone has any *direct experience* (not I heard from my friend's
I use an SCR3310 which I glued to my monitor. In general I would
recommend SCM readers because their chip uses TPDU mode and thus we have
greater flexibility when it comes
On Mon, 25 Jul 2011 12:21, gn...@lists.grepular.com said:
adversary, and the key isn't encrypted on the smart card. Then they can
just read it off, if they get hold of it. In that circumstance, you
That might be true with the v1 card which used a pretty old chip. The
v2 card uses a modern
On Tue, 26 Jul 2011 06:26, andrewinfo...@gmail.com said:
When encrypting with --symmetric, I would expect to get asked for the
password when decrypting but I am never prompted... why?
Run
gpgconf --reload gpg-agent
before decryption to clear the passphrase cache.
Salam-Shalom,
Werner
On Tue, 26 Jul 2011 14:41, h...@qbs.com.pl said:
The key is also useful for decrypting past communication...
Well, you should have a backup of the decryption key. It is cheaper to
steal that backup than to crack the card.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen
On Tue, 26 Jul 2011 18:07, j-...@ottosson.nu said:
Even worse though, as I recall from the time when I worked with IBM crypto
processors like 4758 etc, a lot of the people inside the (somewhat introvert)
banking community working with security, had no clue and actually believed
that
Part
On Thu, 28 Jul 2011 08:29, k...@grant-olson.net said:
attacker could have forged both. They could in other circumstances as
well, but it's less likely for someone to forge both a public key on the
keyservers (or your personal website, or your business card, etc), and a
signature on a forged
On Thu, 28 Jul 2011 05:56, r...@sixdemonbag.org said:
Are there any particular problems the durability of a smartcard,
particularly an OpenPGP card? Are there any damage concerns from wallet
It is not different than with any other chip card. If you immerse the
card into water only the
On Fri, 29 Jul 2011 11:58, rich...@r-selected.de said:
100.000 as a one-time investment for breaking into an unlimited number
of OpenPGP smart cards? If I were a government, I would definitely buy
Whatever the number is, it is for each break and you have only a certain
probability so
On Tue, 2 Aug 2011 20:10, tigresetdrag...@yahoo.fr said:
I would like to know an easy way to get numbers used in a key.
For example, in a RSA key, N and e (used like this: message^e modulus N)
Import the key and then:
$ gpg --list-keys --with-key-data KEYID
In the output look for pkd
have a dedicated
service directory at:
http://www.gnupg.org/service.html
Maintaining and improving GnuPG is costly. For more than 10 years
now, g10 Code, a German company owned and headed by GnuPG's principal
author Werner Koch, is bearing the majority of these costs. To help
them carry
On Thu, 4 Aug 2011 19:23, tigresetdrag...@yahoo.fr said:
cipher/rsa.c and I found that d is evaluated to match e*d mod f = 1 ,
with f = phi/gcd((p-1),(q-1)) .
Why is it coded like that ? Is it safe ?
Using the universal exponent of n (lambda, in the code denoted as f) has
the advantages that
On Thu, 4 Aug 2011 23:36, thaj...@gmail.com said:
any version of the 2.x branch. I do not need GPG4WIN and can not
understand why the same thing has not been compiled like the version 1.x
branch.
Gpg4win is the official binary distribution of GnuPG. Use the light
installer and you are done.
On Fri, 5 Aug 2011 01:49, l...@debethencourt.com said:
luisbg@atlas ~ $ gpg --card-status
gpg: selecting openpgp failed: Unsupported certificate
What kind of reader are you using?
luisbg@atlas ~ $ gpg-agent --server gpg-connect-agent
Now that is a strange command. The gpg-connect-agent
On Thu, 4 Aug 2011 23:32, do...@dougbarton.us said:
comments/questions. First, would it be possible to have a run-time
option not to display the fingerprints? I think it's an interesting
idea, but not particularly useful to me as I don't already have them
memorized. :)
No. The fingerprint
On Fri, 5 Aug 2011 10:31, l...@debethencourt.com said:
Missed this question the first time around...
It is a SCM Microsystems SCR 335
Well that one works. It even works fine with the scdaemon internal
driver, thus try after stopping pcscd.
When I do it as you say I get:
gpg-connect-agent
On Sat, 6 Aug 2011 19:46, l...@debethencourt.com said:
gpg-connect-agent 'getinfo version' /bye
ERR 100 not implemented
You are running a *very* old version of gpg-agent ( 2.0.5) - or
something hijacked the connection to gpg-agent (seehorse?
gnome-keyring?)
Shalom-Salam,
Werner
--
Die
On Mon, 8 Aug 2011 14:58, lists.gnupg-us...@duinheks.nl said:
#!/bin/sh
echo | /usr/bin/gpg --batch --sign --armour --clearsig
--passphrase-fd 0 $1
You should better use
gpg --batch --sign --armour --clearsig --passphrase-fd 0 --yes -o $1.asc $1
to avoid the mv. Even
On Mon, 8 Aug 2011 18:05, l...@debethencourt.com said:
this is very strange, that shows it as 2.0.17, but it still says that
'getinfo version' is not implemented.
One if these GNOME tools is intercepting the connection and acts as a
MITM between gpg-connect-agent and gpg-agent.
Check the
On Tue, 9 Aug 2011 02:44, l...@debethencourt.com said:
So it looks like GNOME's ssh-agent is interfering. How can I avoid this?
Tell them that they should not interfere with GnuPG.
If you put a line
use-standard-socket
into ~/.gnupg/gpg-agent.conf and stop starting gpg-agent in the
On Fri, 10 Jun 2011 20:43, do...@dougbarton.us said:
But fixes a lot of problems. The keyring is a database and if we
distribute this database to several files without a way to sync them;
this leads to problems. You may have not been affected by such problems
but only due to the way you use
On Tue, 9 Aug 2011 12:04, oleksandr.shney...@obviously-nice.de said:
I have issues using OpenPGP smart cards from kernel concepts with
omnikey card reader integrated in Cherry keyboard (Cherry XX44 USB keyboard)
Omnikey based readers don't work with that card because the readers
don't support
On Tue, 9 Aug 2011 16:28, oleksandr.shney...@obviously-nice.de said:
Actually, I only need, that ssh authentication works with that cards and
omnikey card readers. How do you think, is there are a chances, that
it'll be work soon? Should I try to use pc/sc driver?
The pc/sc driver won't
On Tue, 9 Aug 2011 13:34, lists.gnupg-us...@duinheks.nl said:
gpg (GnuPG) 2.0.18
libgcrypt 1.5.0
Okay, I only asked to make sure that we are really using the right
version.
It would be helpful if you could change this function in
gnupg/g10/pkglue.c:
static gcry_mpi_t
mpi_from_sexp
On Tue, 9 Aug 2011 22:31, gn...@lists.grepular.com said:
gpg: verify CHV1 failed: general error
gpg: signing failed: general error
gpg: [stdin]: clearsign failed: general error
I suggest that you use gpg2 and not gpg. You should also update GnuPG
to at least 2.0.17. 2.0.14 is quite
On Wed, 10 Aug 2011 11:23, gn...@lists.grepular.com said:
2011-08-10 10:16:02 scdaemon[5153] DBG: response: sw=6581 datalen=0
Ooops,
SW_EEPROM_FAILURE = 0x6581,
it may be that you had no luck and got a faulty chip. Contact the
supplier for a replacement.
Or did you run a series of
On Thu, 11 Aug 2011 15:47, amarjeet.ya...@gs.com said:
We have requirement where we would like to check for encrypted file
its valid or not before decrypting it.
You mean whether it has been tampered with? You can't do that without
decrypting it. GPG checks that the decrypted file is valid -
On Fri, 12 Aug 2011 08:41, zxq_yx_...@163.com said:
I want to write all the answers in a file and then let gpg read the
answer from the file in batch mode.
What the format of the file should be? Any help?
See the chapter Unattended GPG key generation in the manual, for
example online at
On Thu, 11 Aug 2011 23:00, jer...@jeromebaum.com said:
Can I get the secure PIN entry (using built-in pin-pad) working for
this reader? For my homebanking software (i.e. HBCI card), it works
with CTAPI but now PC/SC. What settings can I fiddle with, and what
log/debug output is relevant?
No,
On Fri, 12 Aug 2011 17:30, jer...@jeromebaum.com said:
How much work is it to implement this -- either by using the internal
With all testing I estimated 2 days.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
On Fri, 12 Aug 2011 12:40, li...@binarywings.net said:
You can simply write the answers down like you would in an interactive
session with gpg. Then feed this file with `gpg --gen-key ... file`
*Don't do this* !
The interface presented there is for humans only and
On Thu, 18 Aug 2011 10:41, sat...@pgpru.com said:
Same here. Maybe i'm missing something, but it seems without the ability
to have multiple keyrings in GPG configuration one will lose an ability
to use detached subkeys (or actually any private keys) stored on a
I am using offline key parts
On Mon, 22 Aug 2011 04:54, markr-gn...@signal100.com said:
If anyone from GnuPG is reading this, please don't stop building (and
providing links to) Windows binaries for GnuPG 1.x. I'm sure I can't be
I deliberately removed the link. For those who really really need 1.4
for Windows, they
On Mon, 22 Aug 2011 11:07, y...@yyy.id.lv said:
How to verify if a certificate (in keyring) is valid?
gpgsm -k --with-validation USERID
without USERID all certifciates are validated. In case you want to skip
CRL checks, add the option --disable-crl-checks.
Shalom-Salam,
Werner
--
On Mon, 22 Aug 2011 15:27, dpmc...@gmail.com said:
extremely shortsighted. Any password management program like Keepass
makes transfer via the clipboard easy and relatively safe (clearing it
after 10 seconds), so that doesn't sound like the safety of no
passphrase at all.
You may not
On Mon, 22 Aug 2011 15:27, y...@yyy.id.lv said:
This certificate does not have BasicConstraints, maybe this is a cause
of error?
Quite likely. That is required for CA certifciates.
Is it possible to override check for BasicConstraints? Is it a bug?
Try adding the relax keyword to the
On Mon, 22 Aug 2011 00:10, marshallabr...@comcast.net said:
encrypted file using gpg2.exe. There didn't seem to be a GUI. Reading thru
the manual, I see that there is supposed to be an extension/plug-in on the
Windows Explorer menu for GpgEX, but I don't see it. What should I do?
If you are
On Tue, 23 Aug 2011 03:47, papill...@gmail.com said:
stored in a Keepass database that resides in a TrueCrypt container. It's
protected well. My actual key is protected by a 62 character passphrase
... as long as the box is pwoered down. Hard disk encryption does not
help if the box is up and
On Mon, 22 Aug 2011 18:05, y...@yyy.id.lv said:
So, order of certificate hashes, relative of certificate order in
keyring, is critically important?
No. You need to make sure to not use lines of more than ~255
characters. Check that your editor didn't reflow a comment block or
similar.
On Mon, 22 Aug 2011 18:44, mike_ac...@charter.net said:
result of a search... it would need to first search for the key by
whatever search text was provided, and then search for hits on the
fingerprint... if there is a revoke cert then you want to return that.
Keyservers store one copy of a
On Tue, 23 Aug 2011 09:39, y...@yyy.id.lv said:
For some certificates gpgsm asks during import, whether to trust them
(and if confirmed, add entry to trustlist.txt automatically). Is it
possible to make gpgsm to ask whether to trust it, for any certificate?
It does that for all proper
On Mon, 22 Aug 2011 09:06, do...@dougbarton.us said:
Any suggestions on how I can debug why gpgme is not recognizing that
there is a signature in the message?
That is not enough information to help you.
To look at what gpgme is doing you may set an envvar before starting
claws like here:
On Tue, 23 Aug 2011 11:09, do...@dougbarton.us said:
Awesome, thanks! The problem turned out to be the fingerprint option in
Right, fingerprint is a command and may thus not be combined with other
commands.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein
On Tue, 23 Aug 2011 15:12, da...@systemoverlord.com said:
Would it be reasonable to say that you may use a significantly smaller
PIN for your smartcard than would be required of a passphrase, since
the smartcard locks itself after 3 tries?
Yes. It is up to 6 tries because an attacker may also
On Tue, 23 Aug 2011 15:51, michaelquig...@theway.org said:
gpg --batch --armor -keyring /Publib/.../ARP_pubring.gpg
This is the same as -k -e -y -r -i -n -g - thus you are asking for a key
lising and encryption ... - Use two dashes.
Back to the fingerprint
On Thu, 25 Aug 2011 17:22, la...@thehaverkamps.net said:
I compiled both the stock 1.4.11 the Ubuntu 1.4.10. Both ways I get
gpg: invalid item `BZIP2' in preference string
You build gpg without bzip2 support. Install the libbz2-dev before
configuring.
changing from 4096 to 8192 bit)
On Fri, 26 Aug 2011 11:00, b...@adversary.org said:
I understand the reasons for this, but is there any reason for not
using an 8kb (or larger) master/certification key with more normal
subkeys (e.g. a 2048-bit signing subkey and a 4096-bit encryption
Actually the primary keys are the most
On Fri, 26 Aug 2011 15:56, joh...@vulcan.xs4all.nl said:
Does that mean we can expect GnuPG versions for mobile systems? I can't
wait to install a Symbian or Android port.
Kmail (Kontact Touch) runs on the N900 (Linux based) and the HTC Touch
pro 2 (WindowsMobile 6.5). With full GnuPG crypto
On Sat, 27 Aug 2011 00:46, sand...@crustytoothpaste.net said:
dpkg-source would lose the ability to verify packages before unpacking
them. apt's archive verification would break. That doesn't include
Wrong. It uses gpgv which is a verification only tool; is uses a list
of trusted keys (i.e.
On Wed, 24 Aug 2011 19:58, bj...@cam.ac.uk said:
signatures on Git tags. Git runs gpg internally, and I can
manipulate its environment to point GNUPGHOME at somewhere with an
options file containing a status-fd option so I can get
machine-readable output. This is good, but I'm having some
On Mon, 29 Aug 2011 12:24, expires2...@ymail.com said:
Does it make any difference to the --status-fd output if you include
verbose up to three times in the options file?
It should not make any difference.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein
On Tue, 30 Aug 2011 17:54, rich...@r-selected.de said:
a) I've bought two OpenPGP smartcards (v2). Their overprint says they
support RSA with up to 3072 bit. In the GnuPG 2.0.18 release notes
one change was to Allow generation of card keys up to 4096 bit. Does
that apply to the OpenPGP v2
On Tue, 30 Aug 2011 20:58, k...@grant-olson.net said:
tried to use two cards with the same key. gpg really wants you to have
one card tied to one set of keys per computer.
2.1 will make this much simpler by separating the key material (or the
key stub) from the actual keyblock/certificate.
On Tue, 30 Aug 2011 20:49, da...@systemoverlord.com said:
No, the OpenPGP v2 card can only handle up to RSA-3072. Presumably
OpenPGP v2 card is just a spec; you need to look at the specific
implementation which most likely will be the Zeitcontrol card. That
card support up to 4096 bits.
On Tue, 30 Aug 2011 20:40, go...@fsfe.org said:
AFAIR, 3072 bit keys have to be generated on the card. If you use
off-card generation, you are limited to 2048 bits.
Really? That would be a bug.
In case it really does not work the workaround is to first create a key
with 3072 bits on the card
On Sat, 3 Sep 2011 09:22, m.aflakpar...@ut.ac.ir said:
Now, for decrypting 70195_B11_WTCCCT444825.CEL.gz.gpg, I opended
Kleopatra window and clicked on File option then clicked on
Decrypte/Verify files and then I entered my file's path then
Decrypt/Verify window is opened and I checked on
On Fri, 9 Sep 2011 00:14, djpeterrobert...@gmail.com said:
david@david-desktop-debian:/$ gpg-agent --use-standard-socket
To start the agent you need to add the --daemon argument. For testing
you may use this:
gpg-agent --use-standard --daemon sh
which opens a new shell and sets up
On Tue, 13 Sep 2011 16:41, ved...@nym.hush.com said:
Is there going to be a a windows binary for future builds of the
gnupg 1.x branch?
I am not sure whether it is worth my time to build future 1.4 binaries;
there are only a very few use cases very it does make sense - if there
is one at all
On Tue, 13 Sep 2011 23:41, melvincarva...@gmail.com said:
Is this kind of tagging extra data onto a public key allowed, or is it
possible to break things?
You may put any kind of data after the -END line. It is not
part of OpenPGP specs.
Salam-Shalom,
Werner
--
Die Gedanken
On Fri, 16 Sep 2011 21:42, joh...@vulcan.xs4all.nl said:
OK, then what about a direct link to the version of the installer still
present on ftp.gnupg.org?
It was removed on purpose. We - and this includes Enigmail developers -
want users to use the modern version. Those how have a valid
On Sat, 17 Sep 2011 16:29, matthew...@aol.com said:
Any idea when 2.0.18 will available via GPG4Win?
No concrete plans. 2.0.18 has no useful changes for Windows anyway.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
Hi,
there is a thing for Windows called System Services for Unix (SFU). It
is a modern POSIX implementation on top of the NT kernel but very
different to the old we-need-to-be-compliant-to-gov-ITBs Posix
subsystem. Did anyone ever tried to build a GnuPG on it?
AFAICS this would use MSC but on
On Mon, 19 Sep 2011 23:28, jpcli...@tx.rr.com said:
Many tools such as autoconf have to be installed from the Interix community
site.
To build gnupg you don't need autoconf. A bare bones development system
is always sufficient. autoconf is only used to create the configure
script which is
On Tue, 20 Sep 2011 19:28, avi.w...@gmail.com said:
What about us windows users who do not have GPG installed on our
desktops, but our secure USB sticks. 1.4.11 works very nicely as
a stand-alone (or in my case, with GPGShell). I'm afraid that
2.+ would not work properly when installed to an
On Tue, 20 Sep 2011 22:48, r...@sixdemonbag.org said:
If I determine that my work PC and my home PC are both trusted systems,
and I have a single USB stick containing my GnuPG installation and
keyrings that I want to use on both, then I don't see the risk so long
as that USB stick is never
On Wed, 21 Sep 2011 10:40, l...@pca.it said:
the log above. The problem is that there is no sign of my email above,
not even the in-moderation notification. I will try to re-send it...
Sending such notification back to the spammers is not a good idea. You
either have to wait - or better -
On Mon, 26 Sep 2011 14:33, l...@pca.it said:
1) I would be interested to know how many spam emails passes
greylisting.
Way too many.
2) given the fact that there is no SMTP error message and no
notification, there is no way for the sender to know what happened
with her/his email,
On Tue, 27 Sep 2011 09:39, l...@pca.it said:
Please Cc: me, I am not subscribed to the list.
Set your MFT header properly and MUAs will CC you.
And this happens way too late: it is more than a week now since my first
attempt to post to gnupg-devel@ and still I do not have any news of
If you
On Mon, 26 Sep 2011 23:11, achim.cl...@cloer.de said:
we are planing to deploy PGP in our team with Smartcards.
I assume you mean GnuPG, which has - like PGP - an implementaion of the
OpenPGP standard.
During generating the keys, the pgp card is also generating a off-card
copy. But we fail
On Wed, 28 Sep 2011 12:09, achim.cl...@cloer.com said:
Is there any possibility to import the off-card-backup into a normal
keyring in GPG without using a SmartCard?
There is no feature for it. You may use gpgsplit to manually construct
a key from such a backup. You need to take the
On Wed, 28 Sep 2011 21:08, thaj...@gmail.com said:
Nothing but a spammer. Get off the list or whomever controls the list
should ban this fool for good.
Not subscribed, thus probably accidently approved.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
On Wed, 28 Sep 2011 22:35, hipaaw...@yahoo.com said:
ftp://ftp.gnu.org/gnu/make/
There should be no need for GNU make, a standard make is sufficient.
You need to build in the right order:
1. Build and install pth
2. Build and install libgpg-error
3. Build and install libgcrypt
4. Build and
On Tue, 4 Oct 2011 00:01, ved...@nym.hush.com said:
BEGIN PGP MESSAGE, PART X/Y
GnuPG does not support this PART stuff. Neither does it support the
Charset armor header.
The rationale for not supporting this misfeatures is that it tries to
mimic a part of MIME which is more suitable for
On Thu, 6 Oct 2011 20:20, r...@sixdemonbag.org said:
The good news is that I've put together a small Python script that will
(hopefully) make things a little easier on you. Give me a day or two to
I suggest that you use gpgconf to change configuration options. We
designed this tool to allow
On Thu, 6 Oct 2011 16:18, splu...@gmail.com said:
2011-10-05 17:15:25 gpg-agent[2694] gpg-agent (GnuPG) 2.0.18 started
2011-10-05 17:21:36 gpg-agent[2694] error getting default authentication
keyID of card: Card error
Gpg-agent checks whether a smartcard which features an authentication
key
On Fri, 7 Oct 2011 11:51, aaron.topo...@gmail.com said:
gpg --list-sigs --keyring ~/.gnupg/pubring.gpg | sig2dot
~/.gnupg/pubring.dot 2 ~/.gnupg/pubring.error.txt
Why at all does this tool use the human readable format? I don't get
it. We have a machine readable format which is
On Mon, 10 Oct 2011 23:18, jw72...@verizon.net said:
keys in turn. Is there a way to tell gpg to use just one of the keys if
any? I have tried specifying this as one of the options -u userID, but it
No there is no way to do this.
The best suggestion for all automated systems is not to use a
On Tue, 11 Oct 2011 09:37, urs.hunke...@epfl.ch said:
gpg to use the card to encrypt my messages. How can I add such stubs
to my keyring on a different computer to point to existing keys on my
card without having to regenerate the keys (which would render the
You insert the card on that other
On Tue, 11 Oct 2011 13:55, pje...@gmail.com said:
Other problem I've noticed when I signed file in non-batch mode is that
I’ve specified to use SHA512 for second signature.
You didn't. What you did is to specify an S2K hash algorithm which is
used to turn passphrases into keys. Further it is
On Tue, 11 Oct 2011 17:35, michael.b.ba...@citi.com said:
Another developer and I have downloaded and compiled and built the
versions of gpg listed. I have generated the keys successfully and
when I try running gpg as a test to encrypt a file I am getting bus
errors. I have started the
On Sun, 16 Oct 2011 02:51, mwink...@compass-analytics.com said:
* GPG 1.1.4
Do you mean GnuPG 1.4.11 or GPGME 1.1.4? The latter is quite old and
the NEWS file shows that 1.1.5 and 1.1.6 both had fixes for Windows.
The current version is 1.3.0; a binary for Windows of that versions (or
On Tue, 18 Oct 2011 15:05, r...@sixdemonbag.org said:
No, it's still a single file (pubring.gpg, for instance, is the public
keyring). I just can't promise that it's still a raw stream of RFC4880
octets.
It still is for the public keys.
2.1 changes the format of the secring (well, dropped
On Tue, 18 Oct 2011 15:30, jer...@jeromebaum.com said:
In fact to my knowledge outside of webmail and inside private email
(so drop companies, universities, schools) it's usual to configure your
own MUA, with the help of instructions from your ISP.
Well, so we need to convince them to change
On Tue, 18 Oct 2011 15:19, r...@sixdemonbag.org said:
Arguably we should be using 'certificate' to describe keys, but
We tried that in the Gpg4win manuals. However it turned out that this
term as other problems when used with OpenPGP keys (ah well, keyblocks).
honestly, that's a losing
On Tue, 18 Oct 2011 16:30, pe...@digitalbrains.com said:
Because it is the e-mail address of the recipient you look up; that's all the
data you have in this scenario. Thus, for me you would look up a key
corresponding to user peter at the domain digitalbrains.com. The only logical
Right.
On Tue, 18 Oct 2011 15:42, mw...@iupui.edu said:
To be secure without being involved in the process is an unreasonable
expectation which can never be met. We need to teach our kids to
expect to protect themselves online the same way we teach them to look
We did this for about 15 years -
On Tue, 18 Oct 2011 16:35, jer...@jeromebaum.com said:
operations will be the most important part to making that work, and the
ISPs don't have to help out there (modulo webmail which isn't even
end-point).
Even webmail. It is easy to write a browser extension to do the crypto
stuff.
On Thu, 20 Oct 2011 05:30, lists-gnupg...@lina.inka.de said:
the lowest efford are discovery via personal web pages like doing XDR or
maybe webfinger. Most users wont be able to have special RRs - not even
Most users don't have personal web pages. So what now? Well many users
have a facebook
On Wed, 19 Oct 2011 22:10, kloec...@kde.org said:
What NEW standard are you talking about? Werner wants to use OpenPGP.
and S/MIME! We actually don't care. For certain MUAs it is much
simpler to implement something on top of S/MIME than to trying to get
OpenPGP support. The actual protocol
On Thu, 20 Oct 2011 07:39, makro...@gmail.com said:
Interesting. However, the problem of widening email encryption
practice is not technical, it is motivational.
Right and that is why it encryption must be the default.
On the other hand, I keep wondering: why are we (and we obviously
are,
On Fri, 21 Oct 2011 01:46, marcus.brinkm...@ruhr-uni-bochum.de said:
not ask for data that is not available for whatever reason. I think your
interpretation of the regulations in that area is overly pessimistic, but I
could be wrong. Maybe you can verify this?
Actually the German Federal
301 - 400 of 3671 matches
Mail list logo