Re: symmetric passphrase with remote (extra, restricted) gpg-agent

Hi! sorry, for the wrong order of the messages, I simply forgot to sent them yesterday. Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein openpgp-digital-signature.asc Description: PGP signature

Re: symmetric passphrase with remote (extra, restricted) gpg-agent

On Fri, 23 Feb 2024 22:59, Marcin Wrochna said: > However, I cannot make `gpg --symmetric` encryption work on the remote, > as it tells me getting a passphrase is "Forbidden". Right. It does not sund like a good idea to give the server access to your local password sto

Re: symmetric passphrase with remote (extra, restricted) gpg-agent

Hi again! you may want to try the attached patch. It is against the current 2.4 head but should apply also to somewhat older versions. If this solves your problem, it can go into 2.4.5 soon. Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military

symmetric passphrase with remote (extra, restricted) gpg-agent

Hi! I'm using gpg remotely over ssh by forwarding my local agent-extra-socket as my remote's regular agent-socket. I use it with a (local) nitrokey mostly without problems for signing: on the remote I can use `gpg --sign`, it asks for the PIN with a GUI pinentry popping up on my local desktop

Re: How to make remote gpg talk to specific Unix socket (for forwarded local gpg-agent)

On Mon, 16 Jan 2023 07:56, Troy said: > The problem is that there's already a gpg-agent running at the remote > (I think started by systemd or the X server), which I don't want to > disturb.  For my ssh connection, I try to create a new Unix domain Don't run the gpg-agent for your ac

How to make remote gpg talk to specific Unix socket (for forwarded local gpg-agent)

how to make gpg use a specific Unix socket to communicate with my forwarded gpg-agent. The problem is that there's already a gpg-agent running at the remote (I think started by systemd or the X server), which I don't want to disturb.  For my ssh connection, I try to create a new Unix domain

Re: How to tell gpg not to start gpg-agent on a remote machines when using gpg agent forwarding

e dirmngr if it has not yet been | started and its service is required. This option is mostly use‐ | ful on machines where the connection to gpg-agent has been redi‐ | rected to another machines. If dirmngr is required on the | remote machine, it may be started

How to tell gpg not to start gpg-agent on a remote machines when using gpg agent forwarding

Hello, I'm using gpg using gpg agent forwarding over ssh on a remote system. Sometimes my agent socket is not available. If I start any gpg operation, it starts a new agent. Is there a configuration option that I can specify so that gpg gives up is there is no socket or no agent behind a socket

gpg-agent forwarding to remote with systemd - status?

Hi, I'm trying to forward my local gpg-agent over ssh to a remote that controls the gnupg sockets via systemd. This fails because sshd attempts to place the socket in a directory that doesn't exist, because that is handled on the remote by systemd. This issue was raised back in 2016: https

Re: gpg-agent forwarding to remote with systemd - status?

I should add that the remote is OpenSUSE Leap 15.0 running GnuPG 2.2.5, and my current client is OpenSUSE Leap 15.0 running WSL on Windows 10, also running GnuPG 2.2.5. The WSL client doesn't have systemd installed on it, so it uses the old ~/.gnupg directory for holding sockets. On client

Re: GnuPG usage for automatic remote decryption

Errata, 3 - Compute SHe = sk^d mod n of course really meant: 3 - Compute SHe = SH^d mod n Mike ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG usage for automatic remote decryption

Peter, Thanks for engaging, and walls of words with way too long sentences are all too easy to create - I'm also bad at occasionally using the wrong word (public vs private, for instance) which can render the whole wall confused. So, my main challenge is that I have to "code and release" this

Re: GnuPG usage for automatic remote decryption

On 11/04/18 14:51, Mike Inman wrote: > Encrypt the message with a symmetric algorithm, adding salt and a > hash/checksum to ensure validity. I'm not sure what you're salting exactly, but anyway, this is not the focal point of my reply. By the way, there are many ways to do what you describe in

Re: GnuPG usage for automatic remote decryption

*** Correcting one, somewhat important, word *** Hi Dirk & Ken, I'm working on a similar problem... automated decryption "in the field" and what I have come to is this: Encrypt the message with a symmetric algorithm, adding salt and a hash/checksum to ensure validity. Then, taking that result

Re: GnuPG usage for automatic remote decryption

Hi Dirk & Ken, I'm working on a similar problem... automated decryption "in the field" and what I have come to is this: Encrypt the message with a symmetric algorithm, adding salt and a hash/checksum to ensure validity. Then, taking that result and signing with a private key. In the field -

Re: GnuPG usage for automatic remote decryption

s full possession of it. > Further more, a secret key on a remote machine isn't under enough > protection. That may have some security issue. Try to work this thought out in detail for yourself: it depends on your threat model. Try to think of ways an attacker can access the file with th

Re: GnuPG usage for automatic remote decryption

Hi, On Thursday, April 5, 2018 9:46:25 PM CEST gnupg-users.d...@o.banes.ch wrote: > Two points: > A) You could try to automatically ssh into the remote machine to > trigger decryption and passphrase entry. For this usecase I'm using AgentForwarding ( https://wiki.gnupg.org/ AgentF

Re: GnuPG usage for automatic remote decryption

ically ssh into the remote machine to trigger decryption and passphrase entry.     B) You can secure the private key on the remote machine by using a Secure Element. OpenPGP Card, Yubikey..     Since the key resides only on the Secure Element and can not be exported it is save from virtual theft - obvious

GnuPG usage for automatic remote decryption

Hi, The situation is that there is a machine on remote. And I want to send an encrypted file to that remote machine and let the machine decrypt the file automatically. So I'm facing the problem that: * To encrypt the file by a public key: Which means I have to put a secret key

Re: GnuPGv2 & 'pinentry' on Linux w/ remote access

Quoting Ryan Beethe (r...@splintermail.com): > I also was frustrated with how GPG pinentry worked by default. > What I did was write a custom pinentry wrapper, which I call rpinentry. > It just dispaches either the curses-based pinentry or a gui pinentry > based on the environment variable

Re: GnuPGv2 & 'pinentry' on Linux w/ remote access

place so that gpg and gpgsm, and other possible crypto protocols share the same code. Smartcard access is unified - gpg, gpgsm, and ssh can use the same smartcard. gpg-agent can be theoretically be run under a different account. gpg-agent can actually be run on a remote machine, so that you don'

Re: GnuPGv2 & 'pinentry' on Linux w/ remote access

On Wed, 8 Nov 2017 12:28, r...@splintermail.com said: > Yes, I reset my gpg-agent (killall -1 gpg-agent) each time, and was > prompted with a pinentry prompt each time. [ Please use "pkill -HUP gpg-agent" and never ever killall - which has, aehm, funny effects on other Unices. ] gpgconf

Re: GnuPGv2 & 'pinentry' on Linux w/ remote access

On Wed, Nov 08, 2017 at 10:50:45AM +0100, Sander Smeenk via Gnupg-users wrote: > Quoting Ryan Beethe (r...@splintermail.com): > > > Well... it happens that when I copy your script to my archlinux > > machine, everything works fine. > > Are you sure your key wasn't already unlocked in the

Re: GnuPGv2 & 'pinentry' on Linux w/ remote access

Quoting Ryan Beethe (r...@splintermail.com): > Well... it happens that when I copy your script to my archlinux > machine, everything works fine. Are you sure your key wasn't already unlocked in the gpg-agent? > It also happens that when I copy your script into my ubuntu machine, I > had to

Re: GnuPGv2 & 'pinentry' on Linux w/ remote access

On Tue, Nov 7, 2017 at 5:45 AM, Sander Smeenk via Gnupg-users wrote: > Could you elaborate on the 'why' part of this enforced pinentry usage > with GnuPG? It wasn't mandatory in 1.x, now it's forced on us. > > Where did that come from? > What problem did it solve? I'm

Re: GnuPGv2 & 'pinentry' on Linux w/ remote access

Well... it happens that when I copy your script to my archlinux machine, everything works fine. It also happens that when I copy your script into my ubuntu machine, I had to change both references of `gpg` to `gpg2`, since in ubuntu gpg is not the same program as gpg2. I also would find it

Re: GnuPGv2 & 'pinentry' on Linux w/ remote access

ess bodgy version of the "wrapper" i wrote. I've adapted them to my system and it seems this is actually working for the remote-ssh-on-a-system-running-X issue. However; i still can't use 'gpg -qd' in vim like so: | augroup GPGEncrypted | au! | au BufReadPre,FileReadPre *.as

Re: GnuPGv2 & 'pinentry' on Linux w/ remote access

Quoting Werner Koch (w...@gnupg.org): > > It's rather cumbersome and very dodgy at least. How do others deal with > > this? Or is everyone using GPG solely in GUI environments nowadays? ;) > The current develppment version of Pinentry uses this info on Linux to > to show the process name in the

Re: GnuPGv2 & 'pinentry' on Linux w/ remote access

On Mon, 6 Nov 2017 22:49, gnupg-users@gnupg.org said: > It's rather cumbersome and very dodgy at least. How do others deal with > this? Or is everyone using GPG solely in GUI environments nowadays? ;) If I want to test the curses Pinentry I simply run DISPLAY= gpg ... and get the curses

Re: GnuPGv2 & 'pinentry' on Linux w/ remote access

Hi Sander, I also was frustrated with how GPG pinentry worked by default. In particular, I *almost* always want to use the ncurses pinentry, unless through a key shortcut my window manager tries to call gpg (for my password manager). But if I want to encrypt a file with mutt, I don't want a

GnuPGv2 & 'pinentry' on Linux w/ remote access

Hi! Some time ago in March i was asking about the way the pinentry works and i have not yet been able to get this working properly. I have this vim macro that automatically decrypts and encrypts files named .gpg. I use this in a terminal through SSH on my server and it basically pipes a buffer

Re: GnuPGv2 & 'pinentry' on Linux w/ remote access

my X screen. When I'm connecting > remotely, it goes wrong. Now i read this, it makes sense that ssh isn't properly interfacing with gpg-agent to make this operation seamless. Has anyone dared submitting an API-patch to Theo yet? ;-)) > Personally before I SSH from a remote session[1], I

Re: GnuPGv2 & 'pinentry' on Linux w/ remote access

pops up on my X screen. When I'm connecting remotely, it goes wrong. Personally, before I SSH from a remote session[1], I run: gpg-connect-agent updatestartuptty /bye You could put that in a shell script with a shorter name... As long as I don't forget to run the gpg-connect-agent com

Re: GnuPGv2 & 'pinentry' on Linux w/ remote access

Quoting Peter Lebbing (pe...@digitalbrains.com): > > I'm trying to make the big step from GnuPG v1 to v2 but i'm experiencing > > agonizing pains caused by the forced use of "pinentry" by gpg-agent and > > friends, or rather the way the GPG_TTY stuff works? > The first thing we really need to know

Re: GnuPGv2 & 'pinentry' on Linux w/ remote access

Hi Sndr, On 22/03/17 15:46, Sander Smeenk via Gnupg-users wrote: > I'm trying to make the big step from GnuPG v1 to v2 but i'm experiencing > agonizing pains caused by the forced use of "pinentry" by gpg-agent and > friends, or rather the way the GPG_TTY stuff works? The first thing we really

GnuPGv2 & 'pinentry' on Linux w/ remote access

Hi, I'm trying to make the big step from GnuPG v1 to v2 but i'm experiencing agonizing pains caused by the forced use of "pinentry" by gpg-agent and friends, or rather the way the GPG_TTY stuff works? I'm on Linux and i am not using Unity/Gnome/whatever, so i start X by calling 'startx' and it

Remote gpg-agent and pinentry

Hello everybody, following Neals talk "An Advanced Introduction to GnuPG" at 32C3, I tried to configure myself a remote gpg-agent. I wasn't quiet able to figure out how this is supposed to work (or if it even can) with pinentry and only found an ugly sometimes-working workaround. A

Re: operating on remote files (Windows) using a UNC

Hi, Sorry for the late reply, gpg4win-users-en would probably have been a better place for this question. On Tuesday, June 30, 2015 09:57:55 PM Charles Spitzer wrote: Whenever I attempt to operate upon a remote file using a UNC, it doesn't seem to find the file. C:\Users\cspitzergpg

operating on remote files (Windows) using a UNC

Greetings Whenever I attempt to operate upon a remote file using a UNC, it doesn't seem to find the file. C:\Users\cspitzergpg --decrypt \\remote.machine.com\data\Vendor File Transfers\Archive\Input.2015-06-15.045720.csv.pgp gpg: can't open `remote.machine.com\\data \\Vendor File Transfers

Re: More secure than smartcard or cryptostick against remote attacks?

On 08/02/13 03:12, Josef Schneider wrote: With GnuPG on the other hand someone who has access to my PC can sign whatever he likes and sign as much as he likes, as long as my card reader is attached Just so you know, the OpenPGP card has a forcesig, force signature PIN, flag which you can set

Re: More secure than smartcard or cryptostick against remote attacks?

On 2013-02-08 10:48, Peter Lebbing wrote: On 08/02/13 03:12, Josef Schneider wrote: With GnuPG on the other hand someone who has access to my PC can sign whatever he likes and sign as much as he likes, as long as my card reader is attached Just so you know, the OpenPGP card has a forcesig,

Re: More secure than smartcard or cryptostick against remote attacks?

On 08/02/13 10:55, Niels Laukens wrote: I'm no expert, but isn't that only useful if you have a card-reader with pin-entry? If you use your compromised PC to enter your PIN, the malware can just replay that PIN to the card. Yes, I agree. Not that I am an expert. Peter. -- I use the GNU

Re: More secure than smartcard or cryptostick against remote attacks?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 El 08-02-2013 6:48, Peter Lebbing escribió: On 08/02/13 03:12, Josef Schneider wrote: With GnuPG on the other hand someone who has access to my PC can sign whatever he likes and sign as much as he likes, as long as my card reader is attached

Re: More secure than smartcard or cryptostick against remote attacks?

*Even if your dongle works exactly as intended*, I can -- by simulating a hardware failure -- drive you into a fallback where you use a compromised machine. It's a good attack. Thank you for sharing it. But to say it makes the device bogus is a way too easy dismissal. So if an attacker

Re: More secure than smartcard or cryptostick against remote attacks?

On Thursday 07 of February 2013 14:14:44 Peter Lebbing wrote: *Even if your dongle works exactly as intended*, I can -- by simulating a hardware failure -- drive you into a fallback where you use a compromised machine. It's a good attack. Thank you for sharing it. But to say it makes the

Re: More secure than smartcard or cryptostick against remote attacks?

On 02/07/2013 08:14 AM, Peter Lebbing wrote: So if an attacker compromises the system and makes the user unable to use the device on that system, they will react by stopping using the device, but not by stopping using the PC? But at the same time you said earlier... Yes, I did. A good

Re: More secure than smartcard or cryptostick against remote attacks?

On 02/07/2013 09:26 AM, Hubert Kario wrote: Honestly, I'd probably fall victim to such an attack, and IMNSHO I'm a bit more knowledgable about crypto and security that regular users of GPG. Yes -- I'm a fair bit more knowledgeable about these things than most, and as my story of the smartcard

Re: More secure than smartcard or cryptostick against remote attacks?

On 07/02/13 15:26, Hubert Kario wrote: The usual response in this kind of situation is let me do my damn work already not hmm, interesting, let's diagnose the issue, other projects be damned. Honestly, I'd probably fall victim to such an attack Every decision is a weighing of how important

Re: More secure than smartcard or cryptostick against remote attacks?

This is silly. Yes, you can do social engineering. That's always possible. And yes, the attacker will win against me if he wants badly enough. I know that as well. These are all just generalities. You seem to be implying that unless something is perfect, something is bogus, and people should not

Re: More secure than smartcard or cryptostick against remote attacks?

On 06/02/13 11:37, Hauke Laging wrote: That seems easy to me: Except for small amounts (secure device's display capacity) of very simple data (plain text) [...] Seems to me to be enough to do what OP requested: signing e-mails he/she wrote. Yes. It indeed seems easy to me that this won't

Re: More secure than smartcard or cryptostick against remote attacks?

Am Mi 06.02.2013, 10:28:13 schrieb Peter Lebbing: Can you explain (broadly) how one would compromise the signature/the device that you sign with? That seems easy to me: Except for small amounts (secure device's display capacity) of very simple data (plain text) you have the problem that

Re: More secure than smartcard or cryptostick against remote attacks?

On 02/05/2013 01:04 PM, Peter Lebbing wrote: While I agree with the broad sentiment, I'm not so sure a certain amount of damage control is impossible with what he/she proposes. If you have a device with small attack surface[1] that shows you the plaintext you're about to sign before signing

Re: More secure than smartcard or cryptostick against remote attacks?

On 06/02/13 11:37, Hauke Laging wrote: The device proposed by OP/by me seeks security in being restricted and simple. And also takes a whole lot less of effort to use ;). Yes. But let's stick to the e-mail signing in this thread, or the discussion will get very unfocused and hard to

Re: More secure than smartcard or cryptostick against remote attacks?

On 05/02/13 04:15, Robert J. Hansen wrote: No. There are none, nor will there be. You absolutely must retain control of the processing hardware GnuPG runs upon. If you don't have that control, there is literally no device -- hardware or software -- that can help you. While I agree with

Re: More secure than smartcard or cryptostick against remote attacks?

On 06/02/13 02:49, Robert J. Hansen wrote: It makes no sense to me to believe that it's somehow possible to have a dongle that you can plug into a compromised PC to make it safe (or safer) to sign with. Can you explain (broadly) how one would compromise the signature/the device that you

Re: More secure than smartcard or cryptostick against remote attacks?

On Thu, Feb 07, 2013 at 10:03:30AM -, refresh...@tormail.org wrote: I have no reason to believe my system is compromised. Taking security very serious. Otherwise I wouldn't bother posting here. :) That sounds like a oxymoron. How can I be REALLY sure my system isn't compromised? Mail

Re: More secure than smartcard or cryptostick against remote attacks?

On 02/07/2013 02:31 PM, Peter Lebbing wrote: You seem to be implying that unless something is perfect, something is bogus, and people should not bother. No. I am arguing that if you do not/cannot trust the machine you're running GnuPG on, *there is no dongle you can add to your system to

Re: More secure than smartcard or cryptostick against remote attacks?

On Fri, Feb 8, 2013 at 1:17 AM, Robert J. Hansen r...@sixdemonbag.org wrote: Sure. That's theoretically possible. I don't believe it to be true, though. My machine is trusted not because I'm certain that it's immune to being pwn3d, but because I acknowledge that it can break my local

Re: More secure than smartcard or cryptostick against remote attacks?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 El 06-02-2013 19:51, Robert J. Hansen escribió: On 2/6/13 4:28 AM, Peter Lebbing wrote: Can you explain (broadly) how one would compromise the signature/the device that you sign with? Happily! I have an OpenPGP smartcard and an SCM card

Re: More secure than smartcard or cryptostick against remote attacks?

On 02/07/2013 06:42 PM, Faramir wrote: Ah, but there are situations in which that would not work... Sure. There are always situations where a particular attack won't work. For instance, if there's an ironclad no-exceptions policy that you may never, ever, fall back to using GnuPG on the PC,

Re: More secure than smartcard or cryptostick against remote attacks?

Am Mi 06.02.2013, 10:28:13 schrieb Peter Lebbing: Can you explain (broadly) how one would compromise the signature/the device that you sign with? That seems easy to me: Except for small amounts (secure device's display capacity) of very simple data (plain text) you have the problem that the PC

Re: More secure than smartcard or cryptostick against remote attacks?

On 06/02/13 11:37, Hauke Laging wrote: That seems easy to me: Except for small amounts (secure device's display capacity) of very simple data (plain text) [...] Seems to me to be enough to do what OP requested: signing e-mails he/she wrote. It indeed seems easy to me that this won't work for

Re: More secure than smartcard or cryptostick against remote attacks?

On 06/02/13 11:37, Hauke Laging wrote: Then you can (safely...) copy the data to several PCs and have them show you both the file hash and the document (in that order). Hoping that at least one of the PCs is not compromised. In my other mail I got kinda hung up on manual verification but

Re: More secure than smartcard or cryptostick against remote attacks?

On Wednesday, February 06, 2013 at 5:42 AM, Hauke Laging mailinglis...@hauke-laging.de wrote: The problem is not to forge a signature but the difficulty to force that only data with checked integrity gets signed. How are you going to do that with a PDF? There is a bigger problem with a pdf,

Re: More secure than smartcard or cryptostick against remote attacks?

On Wednesday 06 of February 2013 11:57:40 ved...@nym.hush.com wrote: On Wednesday, February 06, 2013 at 5:42 AM, Hauke Laging mailinglis...@hauke-laging.de wrote: The problem is not to forge a signature but the difficulty to force that only data with checked integrity gets signed. How are you

Re: More secure than smartcard or cryptostick against remote attacks?

-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Hi anonymous writer, Smartcard or cryptostick will not help in my situation. might a SmartCard with reader that has its own pinpad help? http://www.gnupg.org/howtos/card-howto/en/ch02s02.html#id2519120 Olav - -- The Enigmail Project -

Re: More secure than smartcard or cryptostick against remote attacks?

Hi anonymous writer, Hello! Smartcard or cryptostick will not help in my situation. might a SmartCard with reader that has its own pinpad help? http://www.gnupg.org/howtos/card-howto/en/ch02s02.html#id2519120 No. It does not give certainty what am I actually signing. The virus could

Re: More secure than smartcard or cryptostick against remote attacks?

On 02/04/2013 02:26 AM, refresh...@tormail.org wrote: Are there any external gpg signing devices to make gpg more resistant against remote control viruses? No. There are none, nor will there be. You absolutely must retain control of the processing hardware GnuPG runs upon. If you don't have

Re: How to sign a remote repository, i.e. forward agent

Here is some kind of suggestion which might be helpful in your case. If I need to do signing or encrypting on remote hosts I use ssh to execute the signing command on a other remote machine in this case my local machine. It doesn't work in any case but in some cases like git tag signing, email

How to sign a remote repository, i.e. forward agent

option). Of course one could either copy around the secret keyring and start the agent remotely or type the passphrase many times, but straight from the FAQ this is not a good idea(TM). Now the notorious question: Does anyone know how to forward the agent's socket to the remote machine? I've briefly

How to sign a remote repository, i.e. forward agent

either copy around the secret keyring and start the agent remotely or type the passphrase many times, but straight from the FAQ this is not a good idea(TM). Now the notorious question: Does anyone know how to forward the agent's socket to the remote machine? I've briefly tried socat (remote unix

Re: How to sign a remote repository, i.e. forward agent

Carsten Aulbert carsten.aulb...@aei.mpg.de writes: Now the notorious question: Does anyone know how to forward the agent's socket to the remote machine? I've briefly tried socat (remote unix socket to tcp It does not help you. gpg currently uses the agent only for passphrase caching

Re: How to sign a remote repository, i.e. forward agent

-signed files (the relevant ones, namely the contents of dist/ and pool/) via rsync to the remote host that provides public downloads. Does this workflow work for you? if not, why not? --dkg signature.asc Description: OpenPGP digital signature

Re: How to sign a remote repository, i.e. forward agent

- albeit the repos are not really that heavily used. Thus maybe I should consider doing a 2-way sync: let other people do their work and include their packages, rsync to my local machine, sign/export, rsync again to remote site - downside could be that I'm from time to time on very slow networks

Re: How to sign a remote repository, i.e. forward agent

On Wed, Jun 30, 2010 at 2:33 PM, Carsten Aulbert carsten.aulb...@aei.mpg.de wrote: Hi Daniel On Wednesday 30 June 2010 19:06:58 Daniel Kahn Gillmor wrote: Does this workflow work for you?  if not, why not? I've thought about that, but these repos are a shared effort where the secret key is

remote

Hi, is there a decision to use gpg on the same server and access it from remote servers, such as a LAN or via the Internet? Thanks. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

GnuPG Make_Printable_String Remote Buffer Overflow Vulnerability

Hi, I have been trying to find an input that will utilize the Make_Printable_String so as to look into the vulnerability.But I am rather unsuccessful at finding such an input. Can advise me on any such input? Thanks. Saravanan ___ Gnupg-users

Fwd: is there any remote possibility to recover passphrase?

Hi all and thank you for GnuPG! I was wondering whether one attacker who'd be in possess of my private and public keys, my entire archive of encrypted data, and a common file which for sure is just plain the same as an encrypted one of my backup, could in some way and time recover my

Re: is there any remote possibility to recover passphrase?

When in doubt, use brute force. So, the answer is, it depends on the strenght of your passphrase. --David. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: is there any remote possibility to recover passphrase?

=~~=~=~=~=~=~=~=~=~=~=~=~=~~= 19:41 (sabato), David Picón Álvarez: When in doubt, use brute force. So, the answer is, it depends on the strenght of your passphrase. --David. So if the strenght of passphrase is something like 25 chars (a-Z,0-9,non alphanumeric) I can rest assured nobody

Re: is there any remote possibility to recover passphrase?

On Sat, Jan 19, 2008 at 08:54:26PM +0100, [EMAIL PROTECTED] wrote: =~~=~=~=~=~=~=~=~=~=~=~=~=~~= 19:41 (sabato), David Pic?n ?lvarez: When in doubt, use brute force. So, the answer is, it depends on the strenght of your passphrase. --David. So if the strenght of passphrase is something

Re: Fwd: is there any remote possibility to recover passphrase?

[EMAIL PROTECTED] wrote: gpg, but let my keys available to the attacker, would he theorically be able to crack my passphrase and recover all of my archive? Yes. Please note how you qualified that: /theoretically./ In practice, given a good passphrase, this is highly nontrivial.

Re: is there any remote possibility to recover passphrase?

[EMAIL PROTECTED] wrote: So if the strenght of passphrase is something like 25 chars (a-Z,0-9,non alphanumeric) I can rest assured nobody today or in a year could possibly decrypt even someone with a distributed super calculus hardware power, is it? Depends. English text has about 1.5 bits

Re: Remote use of keys on smartcard via gnupg-agent?

Hi Jimmy, Jimmy Kaplowitz wrote: I currently access my email via mutt over SSH, and therefore my private key is currently stored on that remote server. I am fully aware how bad of an idea this is, and so if what I ask above is possible, I plan to move my private key to a secure offline

Re: Remote use of keys on smartcard via gnupg-agent?

, as well as ssh authentication. If I understand this right, the crypto happens on the smartcard in any case. 1. connect to your remote ssh host using remote port forwarding, with -R4242:localhost:4242 [...] while true; do nc -l 4242 | gpg ; done [...] 3. configure your remote mutt to send

Remote use of keys on smartcard via gnupg-agent?

Hi, I know that gnupg-agent can allow remote use of OpenPGP keys on a locally-connected smartcard machine to authenticate an ssh connection from one remote machine to another. Access to the OpenPGP keys is forwarded over the first ssh connection to the GPG agent as necessary, without actually

Re: encrypted mail and gmail / remote

On Wed, Mar 22, 2006 at 05:43:03PM -0800, D_C wrote: hello group - apologies for the newbie questions. i am wondering if there are any webmail services that can decrypt email, if i somehow inform of my PGP key? also, i am travelling without knowing my pgp key. is this somehow centrally

encrypted mail and gmail / remote

hello group - apologies for the newbie questions. i am wondering if there are any webmail services that can decrypt email, if i somehow inform of my PGP key? also, i am travelling without knowing my pgp key. is this somehow centrally registered, in a way that i can download the key, and use a

Re: encrypted mail and gmail / remote

I noticed this plugin for squirrelmail if you wanted to do it on your own server: http://www.squirrelmail.org/plugin_view.php?id=153 Aside from that there are a few services around, like hushmail.com that'll do what you want. On 3/23/06, D_C [EMAIL PROTECTED] wrote: hello group - apologies

Re: Remote signing?

The attachment contains the preliminary final BETA version for remote signatures. Patch and recompile gpg-1.4-* to get 2 new commands: 1) gpg --print-seed SHA1 ./dir/to_be_signed_file Creates a signature seed. Can be combined with --text. 2) gpg --sign-seed THE_SEED Use the signature seed

Re: Remote signing?

Hello, I wrote: I need to sign files remotely. They're moderately large, so transmitting them back to my firewalled-off laptop (I'm usually behind a slow line), where the secret key lives, isn't a good idea. Ideas? What happens if you have a smartcard, anyway -- doesn't the gpg agent

Re: Remote signing?

Matthias Urlichs wrote: Hello, I need to sign files remotely. They're moderately large, so transmitting them back to my firewalled-off laptop (I'm usually behind a slow line), where the secret key lives, isn't a good idea. Ideas? see attachment for an ALPHA version (working but unsafe

Remote signing?

Hello, I need to sign files remotely. They're moderately large, so transmitting them back to my firewalled-off laptop (I'm usually behind a slow line), where the secret key lives, isn't a good idea. Ideas? -- Matthias Urlichs ___ Gnupg-users

Re: Remote signing?

On Sun, Feb 19, 2006 at 06:07:56AM +0100, Matthias Urlichs wrote: Hello, I need to sign files remotely. They're moderately large, so transmitting them back to my firewalled-off laptop (I'm usually behind a slow line), where the secret key lives, isn't a good idea. create (and rotate

Re: Remote signing?

the remote machine and your local machine is secure so that someone replacing the hash between the remote and local machine is not a risk. The other option is to make a new key (or new subkey) that can live on the remote machine. This key would be signed with your main key so there is a chain of trust

Re: Remote signing?

Matthias Urlichs wrote: I need to sign files remotely. They're moderately large Ideas? Use md5sum|sha1sum|[...] and sign the resulting file. Ciao, Bjørn ___ Gnupg-users mailing list Gnupg-users@gnupg.org