I understand that a smartcard is more secure to keep my key from ever
coming off the card itself. I like the idea of getting one with a pin
pad to lower my attack surface sense as long as my pinpad is not
compromised I should be golden right?
All the pin pads I've seen dont have many possible
Just installed GPA/Kleopatra. Whenever I start up GPA I get 3
windows pop-up:
1. "GnuPG is rebuilding the trust database. This might take a
few seconds."
2. "The GPGME library returned an unexpected error at
keytable.c:150. The error was:
Provided
Hello. I use Enigmail, so of course I have GnuPG installed. I use 1.4.9
because [1] I can not find an executable for 2.0.17 for Windows, and [2]
I do not know how to configure the GPG-agent. Can somebody please assist
me with upgrading to 2.0.17 and configuring the agent? For about a week
I have
I apologise in advance if this is a stupid question to ask now or if
people already asked it before I stepped on the scene, but which
algorithm is more secure: DSA and EL GAMAL or RSA? I know the latter has
undergone a ridiculous amount of scrutiny and is immensely popular. I
also know it
I use a screen reader called JAWS For Windows. The GUI is not screen
reader accessible, meaning I can not use the Arrow keys, Tab, Shift+Tab
and any other navigational keys to use the GPA utility like you can with
the mouse. I really hate that; people have no idea how much it annoys
me. I might
I think I made the mistake of using HTML format the first time then
learnt my signature failed to validate. I realised it was because of the
HTML check box being checked; thus, I have disabled that. I have also
disabled the text signature for replies.
On 14/03/2011 02:24 AM, Remco Rijnders wrote:
signature separator: 2 dashes followed by a
space. To preserve this trailing space Thunderbird/enigmail does the
right thing and encodes it.
After Jonathan disabled that signature add-on, his signed messages
verified.
Yeah, well. Even though Jonathan disabled the signature his message
there.
On 20/03/2011 02:38 PM, Ben McGinnes wrote:
On 21/03/11 5:11 AM, Jonathan Ely wrote:
The attached .asc file causes problems? I have disabled that but
still enabled the header. Why would the .asc attachment option be
there if it causes problems?
The .asc file is the GPG signature and does
with Enigmail or GnuPG, correct?
PS. I learnt my lesson about including any signature for a mailing list.
On 20/03/2011 03:35 PM, Ben McGinnes wrote:
On 21/03/11 6:11 AM, Jonathan Ely wrote:
Firstly, what is MUA? I hear that but am not sure what that means.
MUA = Mail User Agent, e.g. Thunderbird
Really? For me, it is much easier to access the newest reply instead of
using the Down Arrow key to find it. Gmail always worked the same way
for me.
On 20/03/2011 04:44 PM, Ingo Klöcker wrote:
On Sunday 20 March 2011, Jonathan Ely wrote:
On 20/03/2011 03:35 PM, Ben McGinnes wrote:
To be sure
05:16 PM, Jonathan Ely wrote:
Really? For me, it is much easier to access the newest reply instead of
using the Down Arrow key to find it. Gmail always worked the same way
for me.
Ingo's talking about the body of the message. Most mailing lists people
reply after the question, so it's
was published just this past 02 February I would.
On 22/03/2011 10:19 AM, lists.gn...@mephisto.fastmail.net wrote:
On Sat, Mar 19, 2011 at 11:36:57PM -0400 Also sprach Robert J. Hansen:
On 3/19/11 10:34 PM, Jonathan Ely wrote:
but be sure to set your preferences and choose a 4096 over 2048.
Why
Would not it be 4096 with RSA, or is DSA in conjunction with a 4096 bit
key still popular? I have never used DSA so does what Robert said
pertaining to my used combination apply here?
On 22/03/2011 12:13 PM, Jerome Baum wrote:
Robert J. Hansen r...@sixdemonbag.org writes:
And this is where I
Enigmail allows only 1024, 2048 and 4096. I have never heard of that,
but even still I would personally choose the largest key for the time
being till RSA becomes obsolete. Is there anything larger than 4096
since you mentioned values unknown to me?
On 22/03/2011 05:17 PM, MFPA wrote:
Hi
On
I really wish 8192 would become available. Not that it would be the end
all/be all of key security but according to your theory it sounds much
more difficult to crack.
On 22/03/2011 05:14 PM, Mike Acker wrote:
with chip makers playing with chips having 64 cores printed in silicon...
someplace
What is ECC? Now I want that haha.
On 22/03/2011 06:53 PM, Grant Olson wrote:
On 03/22/2011 06:06 PM, Jonathan Ely wrote:
I really wish 8192 would become available. Not that it would be the end
all/be all of key security but according to your theory it sounds much
more difficult to crack
since I have been subscribed. Anything else you would like to
point out? I apologise if I come off mean in any way.
On 23/03/2011 04:55 PM, Ingo Klöcker wrote:
On Tuesday 22 March 2011, Jonathan Ely wrote:
Enigmail allows only 1024, 2048 and 4096. I have never heard of that,
but even still I would
The first spammer I have seen thus far. Did not know they existed here.
On 31/03/2011 10:27 AM, Lee Elcocks wrote:
hi it's in your best interests to start this right away http://bit.ly/gntBne
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
I did not understand what that menat anyway. I never click links that
seem anonymous so I am safe, but that was unusual.
On 31/03/2011 08:41 PM, Robert J. Hansen wrote:
On 3/31/11 7:25 PM, Jerry wrote:
Dumping [something] would have been my first choice.
Let's be a little careful about our
Have you ever thought about GPG4WIN? It is not accessible for me since I
use a screen reader and because of that I think the graphical user
interface needs some serious work, but I hear it works well for others.
On 17/04/2011 08:45 PM, Felipe Alvarez wrote:
I've currently begun getting everyone
The only thing I use is the Enigmail extension for Mozilla Thunderbird
which works well enough for me, but of course I must use the version 1
branch of GnuPG.
On 17/04/2011 08:57 PM, Felipe Alvarez wrote:
Have you ever thought about GPG4WIN?
Looks a bit 'heavy' (fancy GUI and a bunch of
So their is an installer for Windows for version 2.x? I never found one
accept for that of GPG4WIN.
On 17/04/2011 09:08 PM, Doug Barton wrote:
On 04/17/2011 18:00, Jonathan Ely wrote:
The only thing I use is the Enigmail extension for Mozilla Thunderbird
which works well enough for me
Version 1.4.11 is still the latest of that branch, right? That is what
the download page says but some times there are later versions than what
is reported. Media Player Classic is a good example of this.
On 17/04/2011 09:32 PM, Faramir wrote:
El 17-04-2011 22:18, Jonathan Ely escribió:
So
wrote:
On 7/19/11 5:24 PM, Jonathan Ely wrote:
Can somebody please link to or refer me to the site that
contains the latest version 1 of GnuPG? Thanks.
ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.11.exe
Enjoy!
___
Gnupg-users mailing
I strongly suggest Ultimate ZIP Cracker at vdgsoftware.com/uzc.html if I
recall correctly. It is undoubtedly the most complete and promising
software I have ever used and trust me when I say I have used many of
the kind. Beware that it is resource intensive if you configure it as such.
On
You must have missed my enquiry from some time in July. I was looking
for it as well only to copy the link location of one of the FTP links
and do some self-searching. It would be useful if they announce 1.x.x
upgrades so people will not have to randomly decide when to check the
directory for an
I was wondering something similar. I have a few keys which I have
invalidated and disabled but there is no way to delete them. I am using
this new key which I have not uploaded because if something happens and
I must re-create the key that will too become just clutter on the server.
On 22/08/2011
It is no longer shown but it is available at
ftp.gnupg.org/gnupg/binaries or something of the sort. Copy one of the
link locations that link to the source code and modify that path in the
location bar. It is inconvenient no doubt but it works.
I hope there will be updates to the 1.x branch
On 28/09/2011 07:46 AM, Bolin qu wrote:
Hello,my friend:
How are you recently? i hope everything is very well with you now.
This is your friend_bolin worked in 3G T-smart communications factory as a
sales man and tooling manager, Our company has many years experience in
providing the
[I'm guessing the original mail was on gnupg-users; I'm not on that list
though I do read pgp-keyserver-folk.]
On Thu, Mar 24, 2005 at 04:44:49PM -0500, Jason Harris wrote:
On Thu, Mar 24, 2005 at 04:20:02PM -0500, David Shaw wrote:
I'm all for it. It would be nice to point people to a
of encrypted mail to multiple recipients is that
* a session key is generated
* the message is encrypted symmetrically with the session key
* the session key is encrypted asymmetrically with each recipient's
public key.
It seems that a message is only compressed once.
Thanks,
Jonathan
that hash or not.
Interestingly, my OpenPGP smartcard (1024-bit RSA key) refuses to sign
anything that's not 160 bits (i.e. SHA1 and RIPEMD-160 only). Is there
any reason for this, or is this a bug?
Regards,
Jonathan Rockway
signature.asc
Description: OpenPGP digital signature
,
Jonathan Rockway
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
/search?query=gpgmode=all
In other words, other people have already worked out the details, so why
not try one of those modules before fighting with something that's not
really worth your time?
Regards,
Jonathan Rockway
Marcel Chastain - Security Administration wrote:
I have a perl wrapper around gpg
.
Regards,
Jonathan Rockway
I want to create as AEs key of size 256 bits.is there any function in
libgcrypt to generate AES key ?
Now i am using libgcrypt random number generation to create an AES key
.is this correct ?
___
Gnupg-users mailing list
Gnupg
a copy of it, and you'd never know.
With the OpenPGP card, if it's not in your hand, you can consider it stolen.
For $20, you can't go wrong. Get an OpenPGP card and be happy :)
http://www.kernelconcepts.de/products/security-en.shtml
Regards,
Jonathan Rockway
Ismael Valladolid Torres wrote
not a
smartcard programmer, so I bought one instead. If you'd like to make
OpenPGP smartcards and sell them, that would be great!
Regards,
Jonathan Rockway
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Is the crypto stick which is fully open source and open hardware more
secure than a Gemalto smart card reader with pin pad built in? Which of
these would make you more of a hard target and increase security.
___
Gnupg-users mailing list
the GnuPG umbrella, but ideally not taking away time from core developers and
thus be done by others. It also is not that security critical if it's just a
GUI using the command line tool.
--
Jonathan
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
that until you mentioned it :).
--
Jonathan
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
a smartcard based key for tagging but won't use that for
regular commits.
git commit -S keyID
You can just create an alias for that, I for example use git ci.
--
Jonathan
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman
to try
Twitter.
--
Jonathan
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
warning, saying to not use
if it you really depend on security.
The question is, can we use GnuPG on the Mac and rely on it?
I'd say yes. I'm using GnuPG 2.1.2 vanilla with a Gnuk token and don't see why
it should be any less reliable than on Linux.
--
Jonathan
, I'm all for you charging a fee. That will create enough pressure for
a fork that will then hopefully have better security practices.
--
Jonathan
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
this is because gnupg.org recommends it and therefore
people think it's safe. I think gnupg.org should do the contrary instead and
strongly discourage using it.
--
Jonathan
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman
for it.
It's sometimes better to not use something than to use something untrustworthy.
For security products, this is especially true.
--
Jonathan
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
pointing out that you can get the key with --keyserver keyserver.mattrude.com.
Btw, does this mean that basically Ed25519 keys are stable enough now and won't
change anymore?
--
Jonathan
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http
checkout, on which make is also run later on). They even actively
hide the fact, which makes it even worse. Should gnupg.org really endorse that?
--
Jonathan
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg
users forum kind of thing, nothing where you
would want to report a bug.
--
Jonathan
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
subdirectory cocoa and do it like the
other pinentries. That would allow to review it more easily (only the new
directory needs to be reviewed) and would allow upstreaming it. I think that
would be a lot more helpful than having a pinentry-mac fork.
--
Jonathan
on the Gnuk and I guess you could even
do that without changing the spec.
--
Jonathan
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
they solve it ignores the proposal to use git submodules
entirely, not even stating why they don't want to use git submodules. But that
at least is not a security problem, so I don't have strong feeling about this
:).
--
Jonathan
___
Gnupg-users
= true, as it will then even sign
git stash etc. and ask you to enter the PIN all the time. Which is why I have
an alias git ci for git commit -S, as I only want to sign commits, not
temporary state.
--
Jonathan
___
Gnupg-users mailing list
Gnupg-users
really something you should hide? Especially if everything else
isn't hidden?
--
Jonathan
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
to be part of the specification? For example, the Gnuk
could just delay signing / decryption / authentication until the button has
been pressed and return an error if it doesn't get pressed within a certain
amount of time.
--
Jonathan
pgpoQTbUc54_Z.pgp
Description: PGP signature
.
--
Jonathan
pgpMrNu2rjlQA.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
be a legal mine field and most
likely completely useless in court.
--
Jonathan
pgpaN4ya35EI6.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
the catch: It comes with GnuPG - but GnuPG 2.0.x AFAIK. Are you
positive you absolutely need 2.1? The main reason to require 2.1 is to use ECC,
I guess.
--
Jonathan
pgpnFKaFM6_7Q.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users
BitMessage killing spam. But it will surely kill mailing lists.
It would just need to be extended to groups. The protocol is not set in stone.
In any case, I'm not suggesting we all switch to BitMessage. I'm just saying
this is going in the right direction.
--
Jonathan
pgpBKEMKJpQhY.pgp
a dialup
connection from which no provider will accept mail). That's only 2500
mails a minute. If global spam were just 2500 spam messages a minute,
spam would hardly be a problem.
- --
Jonathan
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iF4EARYKAAYFAlTzle0ACgkQM+YcY+tK57UH
problem and also gets rid of spam by
requiring a proof of work to send something.
--
Jonathan
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
affected.
--
Jonathan
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
of people, lots of energy.
That wasted energy is a lot less than the energy we currently waste on spam,
especially if you take into consideration the amount of human time wasted. The
majority of the e-mail traffic is used up by spam.
--
Jonathan
no
replacing takes place?
5. Using PINENTRY_USER_DATA we also allow to set a custom icon to be shown,
like the standard
Mac OS X security dialog. Opinions?
I can't think of any problem with that and this sounds indeed like a good
addition.
--
Jonathan
) and left a few comments.
--
Jonathan
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
this binary does or from which sources
it has been built. This is at least as bad as executing remove code. Can you
please explain why you do this, or why you thought this would be a good idea
after that long discussion on how important security is for a security product?
--
Jonathan
Hi Murphy,
This email refers to the ROCA vulnerability (https://crocs.fi.muni.cz/
public/papers/rsa_ccs17), which affects a number of hardware devices
including some versions of the Yubikey 4-nano (https://www.yubico.com/
keycheck/). I believe Yubico are offering to replace affected Yubikeys.
indicate that you
need to check out the subversion (CVS) tree. It's experimental in
nature, so it hasn't trickled down to stable versions yet.
I need to try a newer version today anyway, so I'll try this out and
let you know what version works.
Regards,
Jonathan Rockway
-BEGIN PGP SIGNATURE
, not securing it).
Another good way to learn about symmetric encryption is to write your
own simple encryption program. http://ciphersaber.gurus.com/ will guide
you through this.
Feel free to ask us any questions, though :)
Regards,
Jonathan Rockway
signature.asc
Description: OpenPGP digital
I am using GPG on windows.
Is there a way to pass the user PIN of a smartcard in a gpg-agent batch file or
script?
I am using a nitrokey as a private key store for an unattended SFTP system.
It simply runs a WinSCP script to pickup and send files via SFTP.
Before the script runs I launch I run
Message-
From: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of NIIBE
Yutaka
Sent: 02 December 2015 03:07
To: gnupg-users@gnupg.org
Subject: Re: Provide user PIN to gpg-agent?
On 12/01/2015 10:50 PM, Harbord Jonathan-EURITEC wrote:
> Is it possible to pass the user
Is it possible to pass the user PIN of a smartcard to gpg-agent in a command?
I'd like to stop the pinentry program appearing for an automated system.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
Hello,
I see this option being added here:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=8e83493dae426fe36a0e0081198b10db1e103ff1
However it doesn't seem to have been released as of 2.2.19.
Is there a reason this still hasn't been released?
Thanks, Jonathan
Hello,
I would like to batch generate keys, but *not* have a revocation cert
generated.
I do not see an option for this, how can it be done?
Thanks, Jonathan
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo
>
> On 2020-01-23 at 17:32 +0100, Jonathan Cross via Gnupg-users wrote:
>
> Hello,
> I would like to batch generate keys, but *not* have a revocation cert
> generated.
> I do not see an option for this, how can it be done?
> Thanks, Jonathan
>
> From: ?ngel
> To
ee https://www.xkcd.com/538/
Agreed :-)
In this situation, I just want to avoid creating a new key-pair as long as
possible and ed448 is likely to survive just a bit longer from what I
understand.
Performance is irrelevant.
Jonathan
signature.asc
Description:
> On Mar 11, 2020, at 3:58 PM, Andrew Gallagher wrote:
>
> Signed PGP part
> On 11/03/2020 12:30, Jonathan Cross via Gnupg-users wrote:
>> ed448 is likely to survive just a bit longer from what I understand.
>
> It depends on how soon you think general-p
Hello,
I am looking into making a new key that is as "future-proof" as possible.
Offline master key that is ed448 would be ideal if possible with Curve25519
subkeys for daily use on a smartcard.
Is ed448 available / in development?
Or a similar 256bit "safe-curves" option?
C076132FFA7695
Meeting people in person and verifying key fingerprints is of course best,
but not always a realistic option for every piece of software :-)
Good luck!
Jonathan
signature.asc
Description: Message signed with OpenPGP
___
Gnupg-users mail
which uses the BouncyCastle java library.
Would someone be able to help me with this?
Thank you,
Jonathan Kaczynski
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
words:
https://support.ledger.com/hc/en-us/articles/115005200649-OpenPGP?docs=true
The fact that It has a screen and you can input the words directly into the
signing device means that you don't need an air gap computer as well.
That might be a good option for some peop
81 matches
Mail list logo