Hi!
sorry, for the wrong order of the messages, I simply forgot to sent
them yesterday.
Salam-Shalom,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
openpgp-digital-signature.asc
Description: PGP signature
On Fri, 23 Feb 2024 22:59, Marcin Wrochna said:
> However, I cannot make `gpg --symmetric` encryption work on the remote,
> as it tells me getting a passphrase is "Forbidden".
Right. It does not sund like a good idea to give the server access to
your local password sto
Hi again!
you may want to try the attached patch. It is against the current 2.4
head but should apply also to somewhat older versions. If this solves
your problem, it can go into 2.4.5 soon.
Shalom-Salam,
Werner
--
The pioneers of a warless world are the youth that
refuse military
Hi!
I'm using gpg remotely over ssh by forwarding my local
agent-extra-socket as my remote's regular agent-socket. I use it with
a (local) nitrokey mostly without problems for signing:
on the remote I can use `gpg --sign`, it asks for the PIN with a GUI
pinentry popping up
on my local desktop
On Mon, 16 Jan 2023 07:56, Troy said:
> The problem is that there's already a gpg-agent running at the remote
> (I think started by systemd or the X server), which I don't want to
> disturb. For my ssh connection, I try to create a new Unix domain
Don't run the gpg-agent for your ac
how to make gpg use a specific Unix socket to
communicate with my forwarded gpg-agent.
The problem is that there's already a gpg-agent running at the remote (I
think started by systemd or the X server), which I don't want to
disturb. For my ssh connection, I try to create a new Unix domain
e dirmngr if it has not yet been
| started and its service is required. This option is mostly use‐
| ful on machines where the connection to gpg-agent has been redi‐
| rected to another machines. If dirmngr is required on the
| remote machine, it may be started
Hello,
I'm using gpg using gpg agent forwarding over ssh on a remote system.
Sometimes my agent socket is not available. If I start any gpg
operation, it starts a new agent. Is there a configuration option that I
can specify so that gpg gives up is there is no socket or no agent
behind a socket
Hi,
I'm trying to forward my local gpg-agent over ssh to a remote that
controls the gnupg sockets via systemd. This fails because sshd
attempts to place the socket in a directory that doesn't exist,
because that is handled on the remote by systemd.
This issue was raised back in 2016:
https
I should add that the remote is OpenSUSE Leap 15.0 running GnuPG
2.2.5, and my current client is OpenSUSE Leap 15.0 running WSL on
Windows 10, also running GnuPG 2.2.5. The WSL client doesn't have
systemd installed on it, so it uses the old ~/.gnupg directory for
holding sockets.
On client
Errata,
3 - Compute SHe = sk^d mod n
of course really meant:
3 - Compute SHe = SH^d mod n
Mike
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Peter,
Thanks for engaging, and walls of words with way too long sentences are all
too easy to create - I'm also bad at occasionally using the wrong word
(public vs private, for instance) which can render the whole wall confused.
So, my main challenge is that I have to "code and release" this
On 11/04/18 14:51, Mike Inman wrote:
> Encrypt the message with a symmetric algorithm, adding salt and a
> hash/checksum to ensure validity.
I'm not sure what you're salting exactly, but anyway, this is not the focal
point of my reply. By the way, there are many ways to do what you describe in
*** Correcting one, somewhat important, word ***
Hi Dirk & Ken,
I'm working on a similar problem... automated decryption "in the field" and
what I have come to is this:
Encrypt the message with a symmetric algorithm, adding salt and a
hash/checksum to ensure validity. Then, taking that result
Hi Dirk & Ken,
I'm working on a similar problem... automated decryption "in the field" and
what I have come to is this:
Encrypt the message with a symmetric algorithm, adding salt and a
hash/checksum to ensure validity. Then, taking that result and signing
with a private key.
In the field -
s
full possession of it.
> Further more, a secret key on a remote machine isn't under enough
> protection. That may have some security issue.
Try to work this thought out in detail for yourself: it depends on your
threat model. Try to think of ways an attacker can access the file with
th
Hi,
On Thursday, April 5, 2018 9:46:25 PM CEST gnupg-users.d...@o.banes.ch wrote:
> Two points:
> A) You could try to automatically ssh into the remote machine to
> trigger decryption and passphrase entry.
For this usecase I'm using AgentForwarding ( https://wiki.gnupg.org/
AgentF
ically ssh into the remote machine to
trigger decryption and passphrase entry.
B) You can secure the private key on the remote machine by using a
Secure Element. OpenPGP Card, Yubikey..
Since the key resides only on the Secure Element and can not be
exported it is save from virtual theft - obvious
Hi,
The situation is that there is a machine on remote. And I want to send an
encrypted file to that remote machine and let the machine decrypt the file
automatically. So I'm facing the problem that:
* To encrypt the file by a public key:
Which means I have to put a secret key
Quoting Ryan Beethe (r...@splintermail.com):
> I also was frustrated with how GPG pinentry worked by default.
> What I did was write a custom pinentry wrapper, which I call rpinentry.
> It just dispaches either the curses-based pinentry or a gui pinentry
> based on the environment variable
place so that gpg
and gpgsm, and other possible crypto protocols share the same code.
Smartcard access is unified - gpg, gpgsm, and ssh can use the same
smartcard.
gpg-agent can be theoretically be run under a different account.
gpg-agent can actually be run on a remote machine, so that you don'
On Wed, 8 Nov 2017 12:28, r...@splintermail.com said:
> Yes, I reset my gpg-agent (killall -1 gpg-agent) each time, and was
> prompted with a pinentry prompt each time.
[ Please use "pkill -HUP gpg-agent" and never ever killall - which has,
aehm, funny effects on other Unices. ]
gpgconf
On Wed, Nov 08, 2017 at 10:50:45AM +0100, Sander Smeenk via Gnupg-users wrote:
> Quoting Ryan Beethe (r...@splintermail.com):
>
> > Well... it happens that when I copy your script to my archlinux
> > machine, everything works fine.
>
> Are you sure your key wasn't already unlocked in the
Quoting Ryan Beethe (r...@splintermail.com):
> Well... it happens that when I copy your script to my archlinux
> machine, everything works fine.
Are you sure your key wasn't already unlocked in the gpg-agent?
> It also happens that when I copy your script into my ubuntu machine, I
> had to
On Tue, Nov 7, 2017 at 5:45 AM, Sander Smeenk via Gnupg-users
wrote:
> Could you elaborate on the 'why' part of this enforced pinentry usage
> with GnuPG? It wasn't mandatory in 1.x, now it's forced on us.
>
> Where did that come from?
> What problem did it solve?
I'm
Well... it happens that when I copy your script to my archlinux machine,
everything works fine.
It also happens that when I copy your script into my ubuntu machine, I
had to change both references of `gpg` to `gpg2`, since in ubuntu gpg is
not the same program as gpg2. I also would find it
ess bodgy version of the
"wrapper" i wrote. I've adapted them to my system and it seems this is
actually working for the remote-ssh-on-a-system-running-X issue.
However; i still can't use 'gpg -qd' in vim like so:
| augroup GPGEncrypted
| au!
| au BufReadPre,FileReadPre *.as
Quoting Werner Koch (w...@gnupg.org):
> > It's rather cumbersome and very dodgy at least. How do others deal with
> > this? Or is everyone using GPG solely in GUI environments nowadays? ;)
> The current develppment version of Pinentry uses this info on Linux to
> to show the process name in the
On Mon, 6 Nov 2017 22:49, gnupg-users@gnupg.org said:
> It's rather cumbersome and very dodgy at least. How do others deal with
> this? Or is everyone using GPG solely in GUI environments nowadays? ;)
If I want to test the curses Pinentry I simply run
DISPLAY= gpg ...
and get the curses
Hi Sander,
I also was frustrated with how GPG pinentry worked by default. In
particular, I *almost* always want to use the ncurses pinentry, unless
through a key shortcut my window manager tries to call gpg (for my
password manager). But if I want to encrypt a file with mutt, I don't
want a
Hi!
Some time ago in March i was asking about the way the pinentry works and
i have not yet been able to get this working properly.
I have this vim macro that automatically decrypts and encrypts files
named .gpg. I use this in a terminal through SSH on my server and it
basically pipes a buffer
my X screen. When I'm connecting
> remotely, it goes wrong.
Now i read this, it makes sense that ssh isn't properly interfacing with
gpg-agent to make this operation seamless.
Has anyone dared submitting an API-patch to Theo yet? ;-))
> Personally before I SSH from a remote session[1], I
pops
up on my X screen. When I'm connecting remotely, it goes wrong. Personally,
before I SSH from a remote session[1], I run:
gpg-connect-agent updatestartuptty /bye
You could put that in a shell script with a shorter name...
As long as I don't forget to run the gpg-connect-agent com
Quoting Peter Lebbing (pe...@digitalbrains.com):
> > I'm trying to make the big step from GnuPG v1 to v2 but i'm experiencing
> > agonizing pains caused by the forced use of "pinentry" by gpg-agent and
> > friends, or rather the way the GPG_TTY stuff works?
> The first thing we really need to know
Hi Sndr,
On 22/03/17 15:46, Sander Smeenk via Gnupg-users wrote:
> I'm trying to make the big step from GnuPG v1 to v2 but i'm experiencing
> agonizing pains caused by the forced use of "pinentry" by gpg-agent and
> friends, or rather the way the GPG_TTY stuff works?
The first thing we really
Hi,
I'm trying to make the big step from GnuPG v1 to v2 but i'm experiencing
agonizing pains caused by the forced use of "pinentry" by gpg-agent and
friends, or rather the way the GPG_TTY stuff works?
I'm on Linux and i am not using Unity/Gnome/whatever, so i start X by
calling 'startx' and it
Hello everybody,
following Neals talk "An Advanced Introduction to GnuPG" at 32C3, I
tried to configure myself a remote gpg-agent.
I wasn't quiet able to figure out how this is supposed to work (or if it
even can) with pinentry and only found an ugly sometimes-working workaround.
A
Hi,
Sorry for the late reply, gpg4win-users-en would probably have been a better
place for this question.
On Tuesday, June 30, 2015 09:57:55 PM Charles Spitzer wrote:
Whenever I attempt to operate upon a remote file using a UNC, it doesn't
seem to find the file.
C:\Users\cspitzergpg
Greetings
Whenever I attempt to operate upon a remote file using a UNC, it doesn't seem
to find the file.
C:\Users\cspitzergpg --decrypt \\remote.machine.com\data\Vendor File
Transfers\Archive\Input.2015-06-15.045720.csv.pgp
gpg: can't open `remote.machine.com\\data \\Vendor File Transfers
On 08/02/13 03:12, Josef Schneider wrote:
With GnuPG on the other hand someone who has access to my PC can sign
whatever he likes and sign as much as he likes, as long as my card
reader is attached
Just so you know, the OpenPGP card has a forcesig, force signature PIN, flag
which you can set
On 2013-02-08 10:48, Peter Lebbing wrote:
On 08/02/13 03:12, Josef Schneider wrote:
With GnuPG on the other hand someone who has access to my PC can sign
whatever he likes and sign as much as he likes, as long as my card
reader is attached
Just so you know, the OpenPGP card has a forcesig,
On 08/02/13 10:55, Niels Laukens wrote:
I'm no expert, but isn't that only useful if you have a card-reader with
pin-entry? If you use your compromised PC to enter your PIN, the malware
can just replay that PIN to the card.
Yes, I agree. Not that I am an expert.
Peter.
--
I use the GNU
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
El 08-02-2013 6:48, Peter Lebbing escribió:
On 08/02/13 03:12, Josef Schneider wrote:
With GnuPG on the other hand someone who has access to my PC can
sign whatever he likes and sign as much as he likes, as long as
my card reader is attached
*Even if your dongle works exactly as intended*, I can -- by simulating a
hardware failure -- drive you into a fallback where you use a compromised
machine.
It's a good attack. Thank you for sharing it. But to say it makes the device
bogus is a way too easy dismissal.
So if an attacker
On Thursday 07 of February 2013 14:14:44 Peter Lebbing wrote:
*Even if your dongle works exactly as intended*, I can -- by simulating a
hardware failure -- drive you into a fallback where you use a compromised
machine.
It's a good attack. Thank you for sharing it. But to say it makes the
On 02/07/2013 08:14 AM, Peter Lebbing wrote:
So if an attacker compromises the system and makes the user unable to
use the device on that system, they will react by stopping using the
device, but not by stopping using the PC? But at the same time you
said earlier...
Yes, I did. A good
On 02/07/2013 09:26 AM, Hubert Kario wrote:
Honestly, I'd probably fall victim to such an attack, and IMNSHO I'm
a bit more knowledgable about crypto and security that regular users of GPG.
Yes -- I'm a fair bit more knowledgeable about these things than most,
and as my story of the smartcard
On 07/02/13 15:26, Hubert Kario wrote:
The usual response in this kind of situation is let me do my damn work
already not hmm, interesting, let's diagnose the issue, other projects be
damned. Honestly, I'd probably fall victim to such an attack
Every decision is a weighing of how important
This is silly. Yes, you can do social engineering. That's always possible. And
yes, the attacker will win against me if he wants badly enough. I know that as
well. These are all just generalities.
You seem to be implying that unless something is perfect, something is bogus,
and people should not
On 06/02/13 11:37, Hauke Laging wrote:
That seems easy to me: Except for small amounts (secure device's display
capacity) of very simple data (plain text) [...]
Seems to me to be enough to do what OP requested: signing e-mails he/she
wrote.
Yes.
It indeed seems easy to me that this won't
Am Mi 06.02.2013, 10:28:13 schrieb Peter Lebbing:
Can you explain (broadly) how one would compromise the signature/the
device
that you sign with?
That seems easy to me: Except for small amounts (secure device's display
capacity) of very simple data (plain text) you have the problem that
On 02/05/2013 01:04 PM, Peter Lebbing wrote:
While I agree with the broad sentiment, I'm not so sure a certain
amount of damage control is impossible with what he/she proposes. If
you have a device with small attack surface[1] that shows you the
plaintext you're about to sign before signing
On 06/02/13 11:37, Hauke Laging wrote:
The
device proposed by OP/by me seeks security in being restricted and simple.
And
also takes a whole lot less of effort to use ;).
Yes.
But let's stick to the e-mail signing in this thread, or the discussion
will get
very unfocused and hard to
On 05/02/13 04:15, Robert J. Hansen wrote:
No. There are none, nor will there be. You absolutely must retain
control of the processing hardware GnuPG runs upon. If you don't have
that control, there is literally no device -- hardware or software --
that can help you.
While I agree with
On 06/02/13 02:49, Robert J. Hansen wrote:
It makes no sense to me to believe that it's somehow possible to have a
dongle that you can plug into a compromised PC to make it safe (or
safer) to sign with.
Can you explain (broadly) how one would compromise the signature/the
device that
you
On Thu, Feb 07, 2013 at 10:03:30AM -, refresh...@tormail.org wrote:
I have no reason to believe my system is compromised. Taking security very
serious. Otherwise I wouldn't bother posting here. :)
That sounds like a oxymoron. How can I be REALLY sure my system isn't
compromised? Mail
On 02/07/2013 02:31 PM, Peter Lebbing wrote:
You seem to be implying that unless something is perfect, something is bogus,
and people should not bother.
No. I am arguing that if you do not/cannot trust the machine you're
running GnuPG on, *there is no dongle you can add to your system to
On Fri, Feb 8, 2013 at 1:17 AM, Robert J. Hansen r...@sixdemonbag.org wrote:
Sure. That's theoretically possible. I don't believe it to be true,
though. My machine is trusted not because I'm certain that it's immune
to being pwn3d, but because I acknowledge that it can break my local
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
El 06-02-2013 19:51, Robert J. Hansen escribió:
On 2/6/13 4:28 AM, Peter Lebbing wrote:
Can you explain (broadly) how one would compromise the
signature/the device that you sign with?
Happily!
I have an OpenPGP smartcard and an SCM card
On 02/07/2013 06:42 PM, Faramir wrote:
Ah, but there are situations in which that would not work...
Sure. There are always situations where a particular attack won't work.
For instance, if there's an ironclad no-exceptions policy that you may
never, ever, fall back to using GnuPG on the PC,
Am Mi 06.02.2013, 10:28:13 schrieb Peter Lebbing:
Can you explain (broadly) how one would compromise the signature/the device
that you sign with?
That seems easy to me: Except for small amounts (secure device's display
capacity) of very simple data (plain text) you have the problem that the PC
On 06/02/13 11:37, Hauke Laging wrote:
That seems easy to me: Except for small amounts (secure device's display
capacity) of very simple data (plain text) [...]
Seems to me to be enough to do what OP requested: signing e-mails he/she wrote.
It indeed seems easy to me that this won't work for
On 06/02/13 11:37, Hauke Laging wrote:
Then you can (safely...) copy the data to several PCs and have them show you
both the file hash and the document (in that order). Hoping that at least one
of the PCs is not compromised.
In my other mail I got kinda hung up on manual verification but
On Wednesday, February 06, 2013 at 5:42 AM, Hauke Laging
mailinglis...@hauke-laging.de wrote:
The problem is not to forge a signature but the difficulty to
force that only data with checked integrity gets signed. How are you going to
do
that with a PDF?
There is a bigger problem with a pdf,
On Wednesday 06 of February 2013 11:57:40 ved...@nym.hush.com wrote:
On Wednesday, February 06, 2013 at 5:42 AM, Hauke Laging
mailinglis...@hauke-laging.de wrote:
The problem is not to forge a signature but the difficulty to
force that only data with checked integrity gets signed. How are you
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Hi anonymous writer,
Smartcard or cryptostick will not help in my situation.
might a SmartCard with reader that has its own pinpad help?
http://www.gnupg.org/howtos/card-howto/en/ch02s02.html#id2519120
Olav
- --
The Enigmail Project -
Hi anonymous writer,
Hello!
Smartcard or cryptostick will not help in my situation.
might a SmartCard with reader that has its own pinpad help?
http://www.gnupg.org/howtos/card-howto/en/ch02s02.html#id2519120
No. It does not give certainty what am I actually signing. The virus could
On 02/04/2013 02:26 AM, refresh...@tormail.org wrote:
Are there any external gpg signing devices to make gpg more resistant
against remote control viruses?
No. There are none, nor will there be. You absolutely must retain
control of the processing hardware GnuPG runs upon. If you don't have
Here is some kind of suggestion which might be helpful in your case.
If I need to do signing or encrypting on remote hosts I use ssh to execute the
signing command on a other remote machine in this case my local machine. It
doesn't work in any case but in some cases like git tag signing, email
option). Of course one could either copy around the secret
keyring and start the agent remotely or type the passphrase many times, but
straight from the FAQ this is not a good idea(TM).
Now the notorious question: Does anyone know how to forward the agent's socket
to the remote machine? I've briefly
either copy around the secret
keyring and start the agent remotely or type the passphrase many times, but
straight from the FAQ this is not a good idea(TM).
Now the notorious question: Does anyone know how to forward the agent's socket
to the remote machine? I've briefly tried socat (remote unix
Carsten Aulbert carsten.aulb...@aei.mpg.de writes:
Now the notorious question: Does anyone know how to forward the agent's
socket
to the remote machine? I've briefly tried socat (remote unix socket to tcp
It does not help you. gpg currently uses the agent only for passphrase
caching
-signed files (the relevant ones, namely the
contents of dist/ and pool/) via rsync to the remote host that provides
public downloads.
Does this workflow work for you? if not, why not?
--dkg
signature.asc
Description: OpenPGP digital signature
- albeit the repos are not really that heavily used.
Thus maybe I should consider doing a 2-way sync:
let other people do their work and include their packages, rsync to my local
machine, sign/export, rsync again to remote site - downside could be that I'm
from time to time on very slow networks
On Wed, Jun 30, 2010 at 2:33 PM, Carsten Aulbert
carsten.aulb...@aei.mpg.de wrote:
Hi Daniel
On Wednesday 30 June 2010 19:06:58 Daniel Kahn Gillmor wrote:
Does this workflow work for you? if not, why not?
I've thought about that, but these repos are a shared effort where the secret
key is
Hi, is there a decision to use gpg on the same server and access it from remote
servers, such as a LAN or via the Internet? Thanks.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Hi,
I have been trying to find an input that will utilize the Make_Printable_String
so as to look into the vulnerability.But I am rather unsuccessful at finding
such an input. Can advise me on any such input? Thanks.
Saravanan ___
Gnupg-users
Hi all and thank you for GnuPG!
I was wondering whether one attacker who'd be in possess of my private and
public keys, my entire archive of encrypted data, and a common file which for
sure is just plain the same as an encrypted one of my backup, could in some
way and time recover my
When in doubt, use brute force. So, the answer is, it depends on the
strenght of your passphrase.
--David.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
=~~=~=~=~=~=~=~=~=~=~=~=~=~~=
19:41 (sabato), David Picón Álvarez:
When in doubt, use brute force. So, the answer is, it depends on the
strenght of your passphrase.
--David.
So if the strenght of passphrase is something like 25 chars (a-Z,0-9,non
alphanumeric) I can rest assured nobody
On Sat, Jan 19, 2008 at 08:54:26PM +0100, [EMAIL PROTECTED] wrote:
=~~=~=~=~=~=~=~=~=~=~=~=~=~~=
19:41 (sabato), David Pic?n ?lvarez:
When in doubt, use brute force. So, the answer is, it depends on the
strenght of your passphrase.
--David.
So if the strenght of passphrase is something
[EMAIL PROTECTED] wrote:
gpg, but let my keys available to the attacker, would he theorically be able
to crack my passphrase and recover all of my archive?
Yes.
Please note how you qualified that: /theoretically./ In practice, given
a good passphrase, this is highly nontrivial.
[EMAIL PROTECTED] wrote:
So if the strenght of passphrase is something like 25 chars (a-Z,0-9,non
alphanumeric) I can rest assured nobody today or in a year could possibly
decrypt even someone with a distributed super calculus hardware power, is it?
Depends. English text has about 1.5 bits
Hi Jimmy,
Jimmy Kaplowitz wrote:
I currently access my email via mutt over SSH, and therefore my private
key is currently stored on that remote server. I am fully aware how bad
of an idea this is, and so if what I ask above is possible, I plan to
move my private key to a secure offline
, as well
as ssh authentication. If I understand this right, the crypto happens
on the smartcard in any case.
1. connect to your remote ssh host using remote port forwarding, with
-R4242:localhost:4242
[...]
while true; do nc -l 4242 | gpg ; done
[...]
3. configure your remote mutt to send
Hi,
I know that gnupg-agent can allow remote use of OpenPGP keys on a
locally-connected smartcard machine to authenticate an ssh connection
from one remote machine to another. Access to the OpenPGP keys is
forwarded over the first ssh connection to the GPG agent as necessary,
without actually
On Wed, Mar 22, 2006 at 05:43:03PM -0800, D_C wrote:
hello group -
apologies for the newbie questions.
i am wondering if there are any webmail services that can decrypt
email, if i somehow inform of my PGP key?
also, i am travelling without knowing my pgp key. is this somehow
centrally
hello group -
apologies for the newbie questions.
i am wondering if there are any webmail services that can decrypt
email, if i somehow inform of my PGP key?
also, i am travelling without knowing my pgp key. is this somehow
centrally registered, in a way that i can download the key, and use a
I noticed this plugin for squirrelmail if you wanted to do it on your
own server:
http://www.squirrelmail.org/plugin_view.php?id=153
Aside from that there are a few services around, like hushmail.com
that'll do what you want.
On 3/23/06, D_C [EMAIL PROTECTED] wrote:
hello group -
apologies
The attachment contains the preliminary final BETA version for remote
signatures.
Patch and recompile gpg-1.4-* to get 2 new commands:
1) gpg --print-seed SHA1 ./dir/to_be_signed_file
Creates a signature seed. Can be combined with --text.
2) gpg --sign-seed THE_SEED
Use the signature seed
Hello,
I wrote:
I need to sign files remotely. They're moderately large, so transmitting
them back to my firewalled-off laptop (I'm usually behind a slow line),
where the secret key lives, isn't a good idea.
Ideas?
What happens if you have a smartcard, anyway -- doesn't the gpg agent
Matthias Urlichs wrote:
Hello,
I need to sign files remotely. They're moderately large, so
transmitting them back to my firewalled-off laptop (I'm usually
behind a slow line), where the secret key lives, isn't a good idea.
Ideas?
see attachment for an ALPHA version (working but unsafe
Hello,
I need to sign files remotely. They're moderately large, so transmitting
them back to my firewalled-off laptop (I'm usually behind a slow line),
where the secret key lives, isn't a good idea.
Ideas?
--
Matthias Urlichs
___
Gnupg-users
On Sun, Feb 19, 2006 at 06:07:56AM +0100, Matthias Urlichs wrote:
Hello,
I need to sign files remotely. They're moderately large, so transmitting
them back to my firewalled-off laptop (I'm usually behind a slow line),
where the secret key lives, isn't a good idea.
create (and rotate
the remote
machine and your local machine is secure so that someone replacing the
hash between the remote and local machine is not a risk.
The other option is to make a new key (or new subkey) that can live on
the remote machine. This key would be signed with your main key so
there is a chain of trust
Matthias Urlichs wrote:
I need to sign files remotely. They're moderately large
Ideas?
Use md5sum|sha1sum|[...] and sign the resulting file.
Ciao, Bjørn
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
96 matches
Mail list logo