Re: [Feature Request] Multiple level subkey

2017-09-17 Thread lesto fante 
ok, just to clarify;

my original question boils down to be able to generate Sign key using a
subkey.

I guess there should be an arbitrary hard limit on the number of sub-subkey,

Aside from this, the validation algorithm should be made recursive, up to
the hard limit.

Would be possible to use the GnuPG code to create a fork, and add this kind
of behaviur?

2017-09-09 0:50 GMT+02:00 lesto fante :
> Hello,
>
> Maybe this is not the right place to discuss about this, please be
> kind with a noob.
>
> My user case is simple; maintain my identity even if my master key is
> compromised. Tho achieve that, I think about a multilevel subkey
> system.
> Please i would love to hear any alternative.
> For the discussion purpose, we don't talk about HOW revoke and public
> key are exchanged between peers; it could be with existing key server,
> or other way.
>
> I would like to set up a system relatively secure, but with no hassle
> for everyday use.
>
> The idea is the following:
> A level 1 key, kept very safe (hw or paper wallet wallet). This key
> represent the identity is hopefully used only once to generate one
> subkey "level 2".
>
> The subkey level 2 is saved on one (or more, but trusted) main device.
> This key will be used to generate its own subkey (level 3), those
> subkey are used for various application and distributed between device
> using relatively unsafe method; losing, revoking or issuing a new key
> for a new application should be easy and transparent for the user.
>
> the idea is that the level 2 key is used for most of the normal
> operation, even in case one or more level 3 key are compromised;
> please remember that all they key just represent the identity of the
> level 1 key.
>
> This is very similar to the chain of trust with certificate.
>
> Now the nice thing: i guess most of the people will use their phone to
> keep the level 2 key, but we know those are not the most secure stuff,
> especially when get old or wit some producer allergic to patch.
>
> In the unlucky case the level 2 key get compromised, the user can use
> the level 1 key to:
> 1. revoke the level 2 key. This of course will automatically revoke
> the level 3 key that are direct subkey of that level 2 key.
>
> 2. issue a new level 2 key. At this point the main device will issue
> new level 3 key to replace all the key revoked in the step above.
>
> please note a user could have multiple level 2 key active; this could
> be for different reason, like updating to different algorithm still
> not fully supported.
>
> Lesto
>
> ps. is anyone aware of some kind P2P system to share keys?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Help: Copied gnupg folder not recognised

2017-09-17 Thread Daniel Villarreal 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 09/17/17 02:32, David Seaward wrote:
> Hi,
> 
> I copied ~/.gnupg from my old machine, because I want to copy all
> keys, trust data etc. [1]
> 
> However, on my new machine, nothing seems to be recognising the
> GnuPG files:
> 
> * "gnupg --list-keys" is empty ("gnupg --help" confirms that
> ~/.gnupg is the folder being used)
> 
> * The "GnuPG keys" pane of "GNOME Password and Keys" is empty
> 
> * Email client is not able to encrypt/decrypt messages
> 
> How can I diagnose what the problem is? Failing that, how can I 
> export/import an entire .gnupg folder (including trust data)?
> 
> Regards, David
> 
> [1] https://www.phildev.net/pgp/gpg_moving_keys.html

I'm just pointing out some messages that helped me...

Robert J. Hansen, Jan 15, 2017; 5:40pm
http://gnupg.10057.n7.nabble.com/Sherpa-0-3-0-td50700.html

Peter Lebbing, Jul 14, 2017; 2:56pm
http://gnupg.10057.n7.nabble.com/A-Quick-Question-td52732.html#a52736

Werner Koch, Dec 09, 2016; 2:10pm
http://gnupg.10057.n7.nabble.com/How-restore-backuped-gnupg-private-keys
- -v1-d-td50286.html#a50290

Robert J. Hansen, Nov 17, 2016; 3:03pm
http://gnupg.10057.n7.nabble.com/Fresh-OS-installation-td49869.html#a498
70

Werner Koch, Sep 19, 2016; 1:49am
http://gnupg.10057.n7.nabble.com/What-is-a-reliable-way-to-backup-restor
e-my-keys-and-test-td48847.html#a48906

Daniel Kahn Gillmor, Sep 14, 2016; 4:05pm
http://gnupg.10057.n7.nabble.com/What-is-a-reliable-way-to-backup-restor
e-my-keys-and-test-tp48847p48854.html

hope this helps,
Daniel

- -- 
Daniel Villarreal
http://www.youcanlinux.org
youcanlinux at gmail.com
PGP key 2F6E 0DC3 85E2 5EC0 DA03  3F5B F251 8938 A83E 7B49
https://pgp.mit.edu/pks/lookup?op=get&search=0xF2518938A83E7B49
-BEGIN PGP SIGNATURE-

iQEcBAEBCAAGBQJZvlcaAAoJEPJRiTioPntJ+NkH/05xRLuG79plxQNiAuZAjbcu
EEdXWJa+Ow4lnVJLTtidOr49/x2QepkpqCdk3CucM2Awit9ZVneNdURdJAlUsAYT
PMqYBdtJamIBTyNftLLzeiFdXzbkQRFCA57CLUBG8UHZd2lfX9WNmqBc3jZ8Nb93
dMf93HYrzYbCPP2+Ilmyel4THB7E9580rhLcBweI20Okg9XT6hwszwmqsa6fadT1
fVUJaiRrQkuloM7De2vVJN5QnhUTiQMvmVLTW3++acSodisSjM8mD0u2FbHv1IBc
qWUUiiDD9w1p7ol7t3NtcakTZchqV1sA7XOxG+CJe9KUOl78U6ufg/o/28nz7sw=
=noVu
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Help: Copied gnupg folder not recognised

2017-09-17 Thread David Seaward 
Hi,

I copied ~/.gnupg from my old machine, because I want to copy all keys,
trust data etc. [1]

However, on my new machine, nothing seems to be recognising the GnuPG
files:

* "gnupg --list-keys" is empty ("gnupg --help" confirms that ~/.gnupg
is the folder being used)

* The "GnuPG keys" pane of "GNOME Password and Keys" is empty

* Email client is not able to encrypt/decrypt messages

How can I diagnose what the problem is? Failing that, how can I
export/import an entire .gnupg folder (including trust data)?

Regards,
David

[1] https://www.phildev.net/pgp/gpg_moving_keys.html


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users