> One problem comes obviously in mind: Someone with priv access to your
> workstation,
You just lost. Everything after this sentence is irrelevant. Once an
attacker has privileged access to your machine it's all over.
> How is this supposed to be managed?
It can't be. GnuPG is only for use i
Matthias Apitz writes:
> What do you use as pinentry exactly? I have:
>
> $ ls -l /usr/local/bin/pinentry
> lrwxr-xr-x 1 root wheel 27 15 may. 14:04 /usr/local/bin/pinentry ->
> /usr/local/bin/pinentry-qt5
>
> and this pops up a Qt5 window for this.
For me, /usr/bin/pinentry is a 86-lines sh
On Thu, 13 Jul 2017 15:08, dam...@cassou.me said:
> strace reveals the following. Does that ring a bell to anyone?
"debug-pinentry" in gpg-agent.conf would give you more info. Adding
also "debug ipc" will show you the communication between gpg and
gpg-agent; that is what you strace shows. Use "l
On Thu, 13 Jul 2017 12:49, g...@unixarea.de said:
> How is this supposed to be managed?
You can't do anything about it. The card protects your key against
compromise - but not the use of the key.
For the signing key we have a signature counter and if you can memorize
the count and the number of
strace reveals the following. Does that ring a bell to anyone?
In Firefox
read(5, "INQUIRE PINENTRY_LAUNCHED 22712\n", 1002) = 32
write(5, "END", 3)= 3
write(5, "\n", 1) = 1
read(5, "ERR 83886179 Operation cancelled \n", 1002) = 44
In the terminal
Am 13.07.2017 um 13:44 schrieb Andrew Gallagher:
> On 2017/07/13 11:49, Matthias Apitz wrote:
>> One problem comes obviously in mind: Someone with priv access to your
>> workstation,
>> for example IT personal, could relatively easy steal your passwords, just
>> setting your
>> environment and wa
On 2017/07/13 11:49, Matthias Apitz wrote:
>
> One problem comes obviously in mind: Someone with priv access to your
> workstation,
> for example IT personal, could relatively easy steal your passwords, just
> setting your
> environment and waiting for the moment that you have unlocked the card
On 13/07/17 09:29, Ryan Lue wrote:
> 1) I keep my dotfiles synced between multiple machines, and so try my
>best to keep them platform-agnostic when I can. There are definitely
>times when I can use conditionals to get different behavior on
>different machines (like `if [ "$(uname)" = D
Hello,
I'm using the GnuPG card for signing, SSH, password-store (Firefox web
passwords)
and locking un-locking the KDE desktop on card-insert or withdraw.
After resolving some technical (FreeBSD) issues, I now have it on daily
usage on my netbook and my workstation in the office.
One problem c
> However, I think many people work around this problem by a) using a
> graphical pinentry and b) using a single graphical session. As long as
> one also refrains from SSH'ing from a remote terminal, with the
> combination, you've circumvented the problem by just using the
> effectively singleton g
Hi Daniel,
Yes, thanks, this absolutely did it! Sorry for not responding earlier —
I had intended to write a follow-up blog post that addressed this
question, along with that of forwarding the gpg-agent socket over SSH
with `ssh -R` (so that you can use your local machine's GPG private keys
in a r
Am 13.07.2017 um 09:27 schrieb Werner Koch:
> On Thu, 6 Jul 2017 14:48, aheinl...@gmx.com said:
>
>> decrypt with cancel'ing the pinentry, one with missing private key and
>> one with a truncated input file. All three gave
>>
>> print str(e): Invocation of gpgme_op_decrypt_verify: GPGME: Decryptio
On Wed, 5 Jul 2017 21:39, gnupg-users@gnupg.org said:
>> libgcrypt v<=?
>
> Probably all versions up to 1.7.7, starting from at least 1.2.0 (which
> is the oldest I could find).
Actaully starting at 1.6.0 which introduced the sliding window method to
catch up performance losses due to other si
On Thu, 6 Jul 2017 14:48, aheinl...@gmx.com said:
> decrypt with cancel'ing the pinentry, one with missing private key and
> one with a truncated input file. All three gave
>
> print str(e): Invocation of gpgme_op_decrypt_verify: GPGME: Decryption
> failed
This has been fixed yesterday in GPGME.
14 matches
Mail list logo