Re: NXDOMAIN for hkps.pool.sks-keyservers.net

ol due to expiry of the CRL -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 --

Re: libgcrypt license

cceptance information in the package. -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60

Re: Future OpenPGP Support in Thunderbird

On 14.10.2019 22:45, Werner Koch wrote: > On Mon, 14 Oct 2019 20:43, Kristian Fiskerstrand said: > >> was suggested by Kristian and Andre: talking to SCDaemon (scd) with IPC. >> Details need to be discussed, but it would be an optional solution, that > > Given that

Re: Future OpenPGP Support in Thunderbird

ndows) with usual user system protection? Or... extend the RNP library to talk to scd? Needs discussion and contributors, but that should wait until we're certain what library TB will use. """ References: [notes] https://wiki.gnupg.org/OpenPGPEmailSummit201910Notes -- -

Re: What is the practical strength of DSA1024/Elgamal2048 (former GnuPG default)?

On 30.08.2019 01:02, Brian Minton wrote: > On Thu, Apr 25, 2019 at 11:19:15AM +0200, Kristian Fiskerstrand wrote: >> On 4/25/19 9:20 AM, Bernhard Reiter wrote: >>> Wikipedia points out a strong sensitivity of the algorithm to the quality >>> of &

Re: was Re: PGP Key Poisoner // now "Binding one person's subkey to another person's primary key"

ion] https://gnupg.org/faq/subkey-cross-certify.html -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD

Re: New keyserver at keys.openpgp.org - what's your take?

On 7/3/19 3:20 PM, Andrew Gallagher wrote: > On 03/07/2019 13:45, Kristian Fiskerstrand wrote: >> There are various ways this can be used for other >> attack vectors as well, so they are mostly just ignored. > > Any of those attack vectors applicable to keyservers attempt

Re: New keyserver at keys.openpgp.org - what's your take?

specification of TPK URI for refresh is privacy issues related to callbacks and/or DoS. There are various ways this can be used for other attack vectors as well, so they are mostly just ignored. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk

Re: What is the practical strength of DSA1024/Elgamal2048 (former GnuPG default)?

h > keys. This isn't really a major point given rfc6979 ( https://tools.ietf.org/html/rfc6979 ): Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA) -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital

Re: Why Signing key part of Master key

ble anyways by updating the flags on its self-signature) -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE

Re: [openpgp-email] 4th OpenPGP Email Summit - Update

> On 17 Oct 2018, at 14:26, Sandro Knau� wrote: > > Hey, > >> - Friday evening: we will meet at the Winery (Trois Tilleuls Street 1, 1170 >> – Brussels, www.winery.be ). People from Mailfence will be there from >> 19:30, I will arrive a little later. I’ve arrived in brussels and checked into

Re: Issue with pinentry GUI agent

On 9/7/18 9:19 PM, Daniel Kahn Gillmor wrote: > On Fri 2018-09-07 14:31:16 +0200, Kristian Fiskerstrand wrote: >> On 9/5/18 4:20 PM, Daniel Kahn Gillmor wrote: >>> I'm unable to replicate this. here's a transcript of my session, >>> testing pinentry-qt 1.1.0-1+b1 a

Re: Issue with pinentry GUI agent

On 9/7/18 2:31 PM, Kristian Fiskerstrand wrote: > On 9/5/18 4:20 PM, Daniel Kahn Gillmor wrote: >> I'm unable to replicate this. here's a transcript of my session, >> testing pinentry-qt 1.1.0-1+b1 and gnupg 2.2.10-1 on debian >> testing/unstable: > > which desktop

Re: Issue with pinentry GUI agent

n testing with Cinnamon selected during install. -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60

Re: Issue with pinentry GUI agent

On 9/5/18 9:39 AM, Kristian Fiskerstrand wrote: > without DISPLAY env var, qt version automatically falls back to curses > variant despite the argument Wrote too quickly there; This is actually wrong, it never actually falls back to curses, it just

Re: Issue with pinentry GUI agent

n pinentry 1.1.0 on gnupg 2.2.10 -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3

Re: Issue with pinentry GUI agent

On 08/29/2018 12:41 AM, Kristian Fiskerstrand wrote: > On 08/28/2018 08:22 PM, Daniel Kahn Gillmor wrote: >> On Sat 2018-08-25 08:18:48 +0200, sunri...@gmx.com wrote: >>> Hi all, since some days I'm having an issue with pinentry, I've set the >>> default agent as p

Re: Issue with pinentry GUI agent

ISPLAY (as far as I've gotten in my debugging that is the only diff in the env vars between the direct invocation and the bash propmpted one, it might not be ultimately relevant) -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk

Re: keys.gnupg.net is blocked by Palo Alto Wildfire

ut why would it respond to such a host on port 80? it responds to keys.gnupg.net on 11371 (default HKP port) as it should. Fut for HKPS/HTTPS there aren't any expectations for certificates for the SNI etc, hkps.pool.sks-keyservers.net is used for that by default. -- ---- Kristian

Re: Upgrading 2.0.20 to 2.2.24

ely, in case there is sync issue and that has been updated without secring being updated. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3

Re: Web of Trust and validation of keys

m path length is three." >   > > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- Kristian Fiskerstrand Blog: https://bl

Re: pinentry problems

On 04/17/2018 10:48 PM, Paul H. Hentze wrote: > > > On 17.04.2018 17:48, Daniel Kahn Gillmor wrote: >> On Tue 2018-04-17 11:11:22 +0200, Kristian Fiskerstrand wrote: >>> On 04/17/2018 10:52 AM, Paul H. Hentze wrote: >>>> Actually those commands >>>

Re: gpgme_op_verify regression with gnupg 2.2.6?

rsion if needed. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 "Hi

Re: pinentry problems

changed. This is not allowed." and it did that with every file in that > folder. Seems like a mixup of chmod and chown there, although make sure the user is correct as well. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifis

Re: having trouble checking the signature of a downloaded file

On 02/22/2018 11:13 PM, Kristian Fiskerstrand wrote: > On 02/22/2018 11:03 PM, Henry wrote: >> 2018-02-21 20:56 GMT+09:00 Kristian Fiskerstrand >> <kristian.fiskerstr...@sumptuouscapital.com>: >>> On 02/21/2018 11:53 AM, Peter Lebbing wrote: >>> Touché :) I

Re: having trouble checking the signature of a downloaded file

On 02/22/2018 11:03 PM, Henry wrote: > 2018-02-21 20:56 GMT+09:00 Kristian Fiskerstrand > <kristian.fiskerstr...@sumptuouscapital.com>: >> On 02/21/2018 11:53 AM, Peter Lebbing wrote: >> Touché :) Indeed, didn't notice it was an old file/signature , then >> gnupg 1

Re: having trouble checking the signature of a downloaded file

On 02/21/2018 11:53 AM, Peter Lebbing wrote: > On 21/02/18 10:48, Kristian Fiskerstrand wrote: >>>gpg: Signature made Tue May 4 23:03:11 2004 JST >> [...] >> >> The author should sign the package using a more modern and secure keyblock. > Note that not the ke

Re: having trouble checking the signature of a downloaded file

be doing > wrong. Any help or suggestions much appreciated. TIA The author should sign the package using a more modern and secure keyblock. -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPG

Re: Why Operating Systems don't always upgrade GnuPG [was: Re: How can we utilize latest GPG from RPM repository?]

ularly. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 Manus manum lavat On

Re: Can't import public key

On 02/03/2018 04:15 PM, Pijus Kar wrote: > Is it something for the version incompatibility or in the key? As far as I can see the keyblock referenced is DSA2, which is specified in FIPS-186-3 from 2009, and you're using a gnupg version from 2002. -- ---- Krist

[OT] Re: failed to convert unprotected openpgp key: Checksum error

On 01/22/2018 08:33 AM, Werner Koch wrote: > That is an acceptable user-id. I would have used a dot as delimiter but > that is a personal taste. Dot is a permitted part of username in POSIX though, while : is not :) -- ---- Kristian Fiskerstrand Blog:

Re: gnupg-2.2.4: how to deal with failed tests

sed by gpgscm by default. * Parallel tests fail if building without tofu support * sparc architecture has a failure in tests/openpgp/quick-key-manipulation.scm:219 on assert -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk ---

Re: key distribution/verification/update mechanisms other than keyservers [was: Re: a step in the right direction]

On 01/17/2018 01:20 AM, Daniel Kahn Gillmor wrote: > On Tue 2018-01-16 22:56:58 +0100, Kristian Fiskerstrand wrote: >> thanks for this post Daniel, my primary question would be what advantage >> is gained by this verification being done by an arbitrary third party >> rathe

Re: key distribution/verification/update mechanisms other than keyservers [was: Re: a step in the right direction]

erver action doing this would just shift responsibilities to a third party for something better served (and already happens) locally. -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at h

Re: DRM?

On 01/16/2018 10:33 PM, Matthias Mansfeld wrote: > On 16 Jan 2018 at 20:08, Kristian Fiskerstrand wrote: > >> On 01/16/2018 07:50 PM, Andrew Gallagher wrote: >>> Agreed. I was thinking more along the lines of having some method of >>> causing signature vandalism t

Re: Remove public key from keyserver

On 01/16/2018 11:40 AM, Stefan Claas wrote: > Am 16.01.2018 um 11:12 schrieb Kristian Fiskerstrand: > >> On 01/15/2018 09:23 PM, Stefan Claas wrote: >>> No? I for one would like to be sure that i am the only person who >>> can upload my public key to a key s

Re: Remove public key from keyserver

ernmental issued ID at some point. But yes, this comes back to security != privacy -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB A

Re: DRM?

nny sks"] https://sks-keyservers.net/pks/lookup?op=vindex=0x94CBAFDD30345109561835AA0B7F8B60E3EDFAE3 -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyserv

Re: DRM?

of any production rollout, although I believe a proof of concept was written based on it for a thesis. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fp

Re: DRM?

is also a questionable matter, as the full data store is downloadable, so anyone can download it containing the data wanting to be hidden. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public Open

Re: DRM?

EmailValidation?action=AttachFile=get=EmailValidation20151207.pdf -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 30

Re: Remove public key from keyserver

fic CA is left to the user performing the trust calculation, incidentally also allowing for signatures from multiple CAs. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://po

Re: Modernizing Web-of-trust for Organizations

On 01/06/2018 12:23 AM, Lou Wynn wrote: > On 01/05/2018 12:54 PM, Kristian Fiskerstrand wrote: >> On 01/05/2018 05:29 PM, Lou Wynn wrote: >>> The auditing key is certified by the root key and stays with the latter >>> in my design. Only the administrator can make policy

Re: Modernizing Web-of-trust for Organizations

On 01/05/2018 05:29 PM, Lou Wynn wrote: > On 01/05/2018 01:10 AM, Kristian Fiskerstrand wrote: >> There are easily scenarios where a customer forgets to add the "auditing >> key", making the data unavailable to the organization, in particular in >> context of loss

Re: How do you find out the Keygrip of a v3 key?

ith libgcrypt's gcry_pk_get_keygrip() -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 -

Re: Modernizing Web-of-trust for Organizations

oyee has private key for primary the individual can create new subkeys, and the primary will always have signing capability (if not always specified as usage flag). In most setups the employee won't need/shouldn't have the private key info for the primary for this (and a few other) reasons. --

Re: Modernizing Web-of-trust for Organizations

On 01/05/2018 09:41 AM, Lou Wynn wrote: > On 01/05/2018 12:18 AM, Kristian Fiskerstrand wrote: >> Businesses have reasonable need to access their data, so they need to >> have access to his private keys, which contradicts "which >> is meant to prevent others from using h

Re: Modernizing Web-of-trust for Organizations

On 01/05/2018 01:46 AM, Lou Wynn wrote: > On 01/04/2018 04:15 PM, Kristian Fiskerstrand wrote: >> On 01/05/2018 01:12 AM, Lou Wynn wrote: >>> I guess that you've missed somewhere I said in my previous posts that >>> the end user chooses his own password to prot

Re: Modernizing Web-of-trust for Organizations

riorities, if the corporation doesn't have access to the data (without the specific encryption key being included) what is the value? -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblo

Re: Modernizing Web-of-trust for Organizations

On 01/05/2018 01:04 AM, Lou Wynn wrote: > On 01/04/2018 02:57 PM, Kristian Fiskerstrand wrote: >> On 01/04/2018 11:24 PM, Lou Wynn wrote: >> but you add the requirement that all end users sending email to you >> require to validate the auditing key as well (auditing is

Re: Modernizing Web-of-trust for Organizations

proposal would require client handling of e.g notation data? -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109

Re: Modernizing Web-of-trust for Organizations

validate the auditing key as well (auditing is likely wrong word, archiving is more likely relevant). for auditing you certainly want gpg-agent monitoring of assuan channel in separate domain. -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter:

Re: Modernizing Web-of-trust for Organizations

l > client, which includes the client plugin. I don't see this as disagreeing, this means you don't have any benefit from storing the email in encrypted form once it hits the corporate network, so you're better off decryption it at gateway anyways. -- --

Re: Modernizing Web-of-trust for Organizations

On 01/04/2018 10:38 PM, Lou Wynn wrote: > On 01/04/2018 03:02 AM, Kristian Fiskerstrand wrote: >> On 01/04/2018 02:34 AM, Lou Wynn wrote: >>> No, there is no business unit level certifying key. An enterprise only >>> has one root key, which is the ultimate certificat

Re: Modernizing Web-of-trust for Organizations

alive) ? That never exposes key material to client, i.e always operates within corporate infrastructure and removes a lot of complexity and allows for easier indexing/searching. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @k

Re: Modernizing Web-of-trust for Organizations

material (but it would require some setup to ensure they don't have it, so smartcard is generally easier) -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net

Re: How to batch generate ECC key

gt; > - Why do the algorithm ids (22 for „Ed25519“ and 18 for „Curve25519“) > not work? Algorithm IDs are not directly tied to curves, so that would be more related to Key-Type than Key-Curve (and corresponding subkey), not the OIDs. -- ---- Kristian Fis

Re: How to batch generate ECC key

ame Name-Email: m...@example.com Creation-Date: 20170801T18 Expire-Date: 0 %commit -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3

Re: Houston, we have a problem

ice. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 "Expect the best.

Re: Houston, we have a problem

rks quite well with K9Mail from OpenKeychain.. Not that it should be used too much, a smartphone is one of the least secure devices around. -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP

Re: Houston, we have a problem

y any chance of a proper security for others. Which incidentally is similar to a lot of other over-simplification and interconnections throughout the world, but that is a separate discussion. Finding the least common denominator and simplify everything to the absurd, no matter the consequences. --

Re: Houston, we have a problem

has to be a binary obfuscated mess instead of trying to re-use well-established protocols in text form, just in case the user walks into the maze for some reason. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk

Re: Signing failed -- "No secret key", even though I have the key

itionally, they are stubs, as indicated by the "#"-sign, so not available on the computer you're executing the signature operation on. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keybloc

Re: Houston, we have a problem

On 09/22/2017 10:48 PM, Stefan Claas wrote: > On Fri, 22 Sep 2017 22:32:37 +0200, Kristian Fiskerstrand wrote: >>> And in place of the fake sigs it says erroneous MPI value. :-) >> >> And what happens if you do gpg --import-options import-clean >> --recv-key ? is

Re: Houston, we have a problem

On 09/22/2017 10:29 PM, Stefan Claas wrote: > On Fri, 22 Sep 2017 22:17:17 +0200, Kristian Fiskerstrand wrote: >> On 09/22/2017 10:08 PM, Stefan Claas wrote: >>> Thanks for the information! Can you tell me please how to import >>> a pub key with a local client, so that

Re: Houston, we have a problem

--check-sigs report? -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 ---

Re: Houston, we have a problem

On 09/22/2017 09:40 PM, Kristian Fiskerstrand wrote: > So all is as it is supposed to be Just to add, the alternative if not considering WoT is a direct validation structure, a user in this case should only (locally) sign keyblock information of communication peers after a direct fingerpr

Re: Houston, we have a problem

alid data, including invalid signatures, results in discarding of the data, which would filter out the signature in this case. So all is as it is supposed to be -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk ---

Re: Prince Jones v US

COURT OF APPEALS No. 15-CF-322 09/21/2017 P RINCE J ONES , A PPELLANT , V . U NITED S TATES , A PPELLEE . Appeal from the Superior Court of the District of Columbia (CF1-18140-13) -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com T

Re: Automating and integrating GPG

o I'd likely use a custom pinentry, that'd be the same recommendation for a password manager etc, as for security info is passed in the socket that is protected using regular unix user permissions / ACLs and anyways same as regular pinentry uses. -- ---- Kristian Fiskerstrand

Re: Operation not supported by device

On 07/27/2017 05:29 PM, Stefan Claas wrote: > On Wed, 26 Jul 2017 23:41:23 +0200, Kristian Fiskerstrand wrote: >> On 07/24/2017 04:27 PM, Stefan Claas wrote: >>> The file is signed and can be verified. Just wondering (after >>> googling) what this means, becaus

Re: Operation not supported by device

5c80f2 -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 Amantes sunt a

Re: gpg-agent cache keygrip

g the particular keys (as well as protecting against several other threat vectors)? -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-ke

Re: Access denied when using gpg4win via command prompt

em directory? -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 "Histo

Re: Technical contact for mailing list?

sers/2017-March/057877.html -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 "Better to keep your

Re: Cannot choose specific signing key with option --default-key

On 06/14/2017 07:38 AM, Yanzhe Lee wrote: > Maybe there was a priority when sign files with RSA and ECC keys? How > can I override it? Try adding a "!" suffix to the fingerprint specification of the subkey -- ---- Kristian Fiskerst

Re: Question for app developers, like Enigmail etc. - Identicons

tion, you'd want the tofu model in gpg 2.1? -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED

Re: Question for app developers, like Enigmail etc. - Identicons

d by a local CAkey anyways? Doing a manual graphical verification doesn't seem to provide anythin in terms of security here. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock

Re: Reviving a userid with revoked key

, those got lost at the revocation point, but your new contacts can sign the new UID without issue. Deleting the old UID will have no practical effect if it has been distributed to a keyserver historically. -- ---- Kristian Fiskerstrand Blog: https://blog.sump

Re: Newbie can't get --passphrase option to work

r versions of 2.1 this requires allow-pinentry-loopback for the gpg-agent but in recent versions that is defaulted to on. Can you provide the information when this argument is used and the scenario that fails including explicit error messages? -- ---- Kristian Fiskerstrand Bl

Re: Newbie can't get --passphrase option to work

e. I'm using a default installation of GnuPG 2.1.19 on Windows 7 (it > may go on a Win Server 2012 box for production). look into --pinentry-mode loopback -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk

Re: GPG Signature Verification

On 04/21/2017 09:16 AM, Kristian Fiskerstrand wrote: > On 04/20/2017 09:17 PM, Paul Taukatch wrote: >> I've attached my public key and debug log but please let me know if there >> is any other information that might be helpful. > > The first reference that springs to mind

Re: GPG Signature Verification

https://tools.ietf.org/rfc/rfc4880.txt -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3E

Re: Security doubts on 3DES default

focus on algorithms in general likely so, the likelihood of operational security being the issue is far greater -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.n

Re: Verify with missing public key: unexpected returncode

more details -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 Qui audet vincit W

Re: GPG, subkeys smartcard and computer

On 02/21/2017 03:15 PM, Peter Lebbing wrote: > If Kristian Fiskerstrand says it's okay for SSH servers to refresh their > keyring every 20 or 30 minutes from the public keyserver netowrk, then I > guess it really is :-). I had estimated it as inappropriate. Keep in mind, the keyring in

Re: GPG, subkeys smartcard and computer

> painful step in the process. ... it depends... -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED F

Re: GPG, subkeys smartcard and computer

ompromised devices. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 Qui audet vin

Re: GPG, subkeys smartcard and computer

avoid having to revoke all if one is compromised. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3E

Re: Download of public keys

On 02/17/2017 09:46 PM, si...@web.de wrote: > Am 17.02.2017 um 20:43 schrieb Kristian Fiskerstrand: >> On 02/17/2017 07:17 PM, Kristian Fiskerstrand wrote: >> >> That change would also be consistent with >> https://git.gnupg.org/cgi-bin/gitweb

Re: Download of public keys

On 02/17/2017 07:17 PM, Kristian Fiskerstrand wrote: > On 02/17/2017 07:00 PM, si...@web.de wrote: >> keyserver hkps://jirk5u4osbsr34t5.onion >> keyserver hkps://keys.gnupg.net >> >> would solve this I guess. > > No, that'd result in certificate errors and non

Re: Download of public keys

On 02/17/2017 07:00 PM, si...@web.de wrote: > keyserver hkps://jirk5u4osbsr34t5.onion > keyserver hkps://keys.gnupg.net > > would solve this I guess. No, that'd result in certificate errors and non-responsive servers -- ---- Kristian Fiskerstrand

Re: Download of public keys

ges this behavior. Whether that is intended or not is a question for your distribution's package maintainer. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.

Re: Expanding web-of-trust with subkey

On 02/15/2017 03:27 PM, Adam Sherman wrote: > On 2017-02-15 06:51 AM, Kristian Fiskerstrand wrote: >>> Do I need access to my master key in order to expand my web of >>> trust? This seems like quite a restriction. >> Yes, although you can generate a local CA

Re: Expanding web-of-trust with subkey

exportable) signature -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 Qui a

Re: send-keys does not update my key

On 02/14/2017 07:51 PM, Marko Bauhardt wrote: > The trust level of my two IDs was `unknown` in the one public key and > `ultimate` in the other key. Trust level is not a property of the public key, it is stored out of band (in the local trustdb) -- ---- Kr

Re: gpg-agent has to be restarted after GnuPG SmartCard pulled from reader

h for removal event? -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 -

Re: Meaning of "text user ID's"?

On 01/04/2017 03:00 PM, Peter Lebbing wrote: > On 04/01/17 14:56, Kristian Fiskerstrand wrote: >> What gives you the indication that the UAT is about to be signed? > > First and foremost, that it was actually signed when I agreed. I deleted the > signature afterwards. > >

Re: Meaning of "text user ID's"?

that the UAT is about to be signed? (can try it and not save/delete public key without publishing to see actual result) -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://p

Re: [Announce] GnuPG 2.1.17 released

ion) -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 Nulla regula sine excepti

  1   2   3   >