Re: how vulnerable is "hidden-encrypt-to"
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hauke Laging wrote: > Am Fr 17.08.2012, 21:05:32 schrieb auto15963931: > >> In the example >> of yours it appears as though the message was encrypted to two different >> keys, one of which was hidden and the other not. Is that right? > > That is right. --hidden-encrypt-to needs other recipients. But you may use > ‑‑throw-keyids or --hidden-recipient instead. > > >> Incidentally, when I looked at your reply and noticed it was signed, I >> tried verifying the signature. > >> Why is the signature failing? Thanks. > > That's a bug in my MUA which is triggered by the email being encoded as ascii: > > https://bugs.kde.org/show_bug.cgi?id=305171 > > This bug (or rather: problem) has been discovered here on the list – it > occurs > almost only in English emails. I have added a non-ASCII char to my text > signature thus forcing a charset different from ascii. Thus the signature of > this email should be OK. Hey! OpenPGP Security Info UNTRUSTED Good signature from Hauke Laging Key ID: 0x3A403251 / Signed on: 08/17/2012 10:24 PM Key fingerprint: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 - -- .~. Jean-David Beyer Registered Linux User 85642. /V\ PGP-Key:3EDBB65E 9A2FC99A Registered Machine 241939. /( )\ Shrewsbury, New Jerseyhttp://counter.li.org ^^-^^ 23:10:01 up 30 days, 3:11, 3 users, load average: 4.42, 4.42, 4.43 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org/ iD8DBQFQLwgZPtu2XpovyZoRAiU2AKDVSMsLyT5eg5DfPYLsyFAnpgQP6gCfaHlK dYa2u4OhhM8+1yLfPtM7z48= =ylCp -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: how vulnerable is "hidden-encrypt-to"
Am Fr 17.08.2012, 21:05:32 schrieb auto15963931: > In the example > of yours it appears as though the message was encrypted to two different > keys, one of which was hidden and the other not. Is that right? That is right. --hidden-encrypt-to needs other recipients. But you may use ‑‑throw-keyids or --hidden-recipient instead. > Incidentally, when I looked at your reply and noticed it was signed, I > tried verifying the signature. > Why is the signature failing? Thanks. That's a bug in my MUA which is triggered by the email being encoded as ascii: https://bugs.kde.org/show_bug.cgi?id05171 This bug (or rather: problem) has been discovered here on the list – it occurs almost only in English emails. I have added a non-ASCII char to my text signature thus forcing a charset different from ascii. Thus the signature of this email should be OK. Hauke -- ☺ PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: how vulnerable is "hidden-encrypt-to"
Hauke Laging: > Am Fr 17.08.2012, 09:56:56 schrieb auto15963931: >> Is there any way on heaven or earth for someone to discover from a >> message, one sent to them or to another person, whether the encrypted >> message had been made with an option "hidden-encrypt-to" > > Sure. > > start cmd:> LC_ALL=C gpg --list-packets test.gpg > :pubkey enc packet: version 3, algo 1, keyid 8E75E2184AD27C5B > data: [4095 bits] > :pubkey enc packet: version 3, algo 1, keyid > data: [2046 bits] > gpg: anonymous recipient; trying secret key 0x25D4FD8B ... > > >> or what key ID >> had been used in conjunction with that option? Thanks. > > You need the private recipient key in order to find out that key ID. It's the > use of this option that you cannot get this information in another way. > > Hello, Hauke Apparently, that it was used could be seen, but to whom it had been encrypted could not unless one happened to have that key. In the example of yours it appears as though the message was encrypted to two different keys, one of which was hidden and the other not. Is that right? Incidentally, when I looked at your reply and noticed it was signed, I tried verifying the signature. However, the signature appeared to be invalid according to the message I got: OpenPGP Security Info Error - signature verification failed gpg command line and output: gpg2.exe gpg: Signature made 08/17/12 10:16:27 Central Daylight Time gpg:using RSA key 5BA0F8B53A403251 gpg: BAD signature from "Hauke Laging " [unknown] Why is the signature failing? Thanks. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
[no subject]
http://ryanestradaphotosblog.com/wp-content/themes/twentyten/test.php?riding227.php___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: how vulnerable is "hidden-encrypt-to"
Am Fr 17.08.2012, 09:56:56 schrieb auto15963931: > Is there any way on heaven or earth for someone to discover from a > message, one sent to them or to another person, whether the encrypted > message had been made with an option "hidden-encrypt-to" Sure. start cmd:> LC_ALL=C gpg --list-packets test.gpg :pubkey enc packet: version 3, algo 1, keyid 8E75E2184AD27C5B data: [4095 bits] :pubkey enc packet: version 3, algo 1, keyid data: [2046 bits] gpg: anonymous recipient; trying secret key 0x25D4FD8B ... > or what key ID > had been used in conjunction with that option? Thanks. You need the private recipient key in order to find out that key ID. It's the use of this option that you cannot get this information in another way. Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
how vulnerable is "hidden-encrypt-to"
Is there any way on heaven or earth for someone to discover from a message, one sent to them or to another person, whether the encrypted message had been made with an option "hidden-encrypt-to" or what key ID had been used in conjunction with that option? Thanks. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users