Re: Secret key holder identity (was: Local file encryption)
On 2/20/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: pgpdump doesn't list which symmetric algo, only lists that an mdc was or wasn't used The attacker performing large-scale traffic uses his own software that is - so it must be presumed - capable of distilling all (to him) usefull information from the flow of messages. Consequently, the question should not be what pgpdump will or will not produce, the question should be what information is or is not contained in the message previous to its decryption. NikNot ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Secret key holder identity (was: Local file encryption)
NikNot schrieb: Unfortunately, the whole GPG, with WebOfTrust construct, makes the assumption that there is no need whatsoever to protect the identity of the secret key holder You have, however, the possibility of using pseudonyms as UID. Only the signers of your key would have to know about your true identity. Another option against traffic analysis is to drop the Key-IDs of the recipients of encrypted mail (-throw-key-ids IIRC?!). cu, Sven ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Macgpg-users] GnuPG v2.0.2 MAC OS install - TESTING NEEDED!
Benjamin Donnachie wrote: I have a test version of a GnuPG v2.0.2 Mac OS Tiger install available Patch for TEST2 available at http://www.py-soft.co.uk/~benjamin/download/mac-gpg/mac-gnupg-2.0.2-TEST2-PATCH1.zip and sig at http://www.py-soft.co.uk/~benjamin/download/mac-gpg/mac-gnupg-2.0.2-TEST2-PATCH1.zip.sig This implements the more secure method of involving pinentry directly. Just download the archive, extract and then follow the instructions in readme.txt. Feedback still needed; particularly from OpenPGP smartcard users. Ben ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
walkthrough
Hi, I have just installed gpg4win-1.0.8. I'm new to this and not sure what I'm doing exactly and haven't the time to teach myself. I have looked for tutorials etc but can only find using gpg from the command line. All I simply need to do is set up a private key and be able to send encrypted emails to a particular client. I have tried but any email sent is not encrypted. My mail client is Outlook 2003. At some point the emails will automatically be sent from a server, the emails themselves will be generated by php script. Are there any issues with using gpg in this way? Sorry for the brevity of this post but I have my boss breathing down my neck expecting answers. Regards Paul -- View this message in context: http://www.nabble.com/walkthrough-tf3259979.html#a9060231 Sent from the GnuPG - User mailing list archive at Nabble.com. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Use same key for S/MIME and OpenPGP
Hi all, I'm just curious: since a RSA public key is made mainly of just two numbers, is it not possible (theoretically) to create both a valid PGP key and X509 certificate using the same key information, and use it with both protocols? Also, is it not (theoretically) possible to convert X509 key certificates to PGP key signatures or vice-versa, based on the numerical values of the signing certificates/keys ? If not, I would be interested to know what are the technical limitations. Thanks in advance for any insight, -- Raphael PGP.sig Description: Ceci est une signature électronique PGP ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Macgpg-users] GnuPG v2.0.2 MAC OS install - TESTING NEEDED!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, Tested successfully on PPC (Powerbook 15 G4 1.33GHz), and Intel Core 2 Duo (MacBook 2 13 2GHz), both running MacOS X 10.4.8. Thank you Ben. Charly Benjamin Donnachie wrote the following on 2/20/07 4:22 PM: Benjamin Donnachie wrote: I have a test version of a GnuPG v2.0.2 Mac OS Tiger install available Patch for TEST2 available at http://www.py-soft.co.uk/~benjamin/download/mac-gpg/mac-gnupg-2.0.2-TEST2-PATCH1.zip and sig at http://www.py-soft.co.uk/~benjamin/download/mac-gpg/mac-gnupg-2.0.2-TEST2-PATCH1.zip.sig This implements the more secure method of involving pinentry directly. Just download the archive, extract and then follow the instructions in readme.txt. Feedback still needed; particularly from OpenPGP smartcard users. Ben -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.2 (Darwin) Comment: GnuPG for Privacy Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRdtFPs3GMi2FW4PvAQhuOgf+MwBObMdJERCtA5f4/0R30Nwm5AzIaSIr Le1F2ZMEo31dITRpIK5pv8mhWLGeGsZz+qYu5/qbIxwNNj1kW+m8oE+ySKItwneF jpm5UtGihBHPoRp72bIhOqHwoNK+wF/TD7Rme+iCf6sVk5lKX5FoPHii08nQ8GGN X9ZTY3qBJGw6ZOBllKqwoGnEaWcVbRsFV3WQuvEwSVmghEVpNG17I98dKfkUsaHY 906DNuozzmlooGXkuX9LDBHM43ylyTTW7Ktlkm2SheoSGWRtvsNsVSZ6JG27SDt5 4Is4MApI8YzuXbFvk2/Ust4yDAF3OEZ7zwL3aPj+Z0txXNuWDtU1Cg== =iZU5 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
re: Secret key holder identity (was: Local file encryption)
vedaal at hush.com vedaal at hush.com Tue Feb 20 18:16:52 CET 2007 wrote: running gpg-list-packets or pgpdump on the encrypted message, lists the key-type (dh or rsa), key size, and symmetric algorithm used sorry, my mistake ;-(( pgpdump doesn't list which symmetric algo, only lists that an mdc was or wasn't used the actual symmetric algo type used is encrypted with the session key to the public key is there a way to tell though, (without decrypting) which symmetric algo was used? tia, vedaal -- Click to consolidate your debt and lower your monthly expenses http://tagline.hushmail.com/fc/CAaCXv1QPxbwBGTnei9j0EserPyHAirc/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Secret key holder identity (was: Local file encryption)
Janusz A. Urbanowicz alex at bofh.net.pl wrote on Tue Feb 20 15:24:40 CET 2007 : * it is possible to hide recipient's completely ID by using -- throw-keyid well, not 'completely' running gpg-list-packets or pgpdump on the encrypted message, lists the key-type (dh or rsa), key size, and symmetric algorithm used so, for people who prefer 8092 rsa keys and use blowfish [ you know who you are ;-)) ] using throw keyid won't help much ... vedaal -- Click to get 125% of your home's value, super fast, no lender fees http://tagline.hushmail.com/fc/CAaCXv1QaK0r1IT1ABMgmz21Tf3y9WCZ/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2007-02-18) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2007-02-18/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: 6223f3b4be449e8973f25c64ab5643256139678614501664preprocess.keys bd467da8b2eb9370bdbfcebedeba81f8e290f9268500470 othersets.txt c8068451d690c8514377c7e721831554d06696d13493296 msd-sorted.txt ee7513d6673185c48dd654a1e8e683b1f7c8788f1450index.html 65f95783f1cecccbda9f03aa130fbbb3192efc002278keyring_stats 3bb6777995a0896c97138dcb82c70d8bbd77b96e1374285 msd-sorted.txt.bz2 46f0b7e3b8429e96adaac2c451af6d8e18c202c126 other.txt a6beb7767223d04e7e6c7c55ab110876b28c2fd21844558 othersets.txt.bz2 0a4b4f0cd325836ee7fc6498d8e013e176013dde5901206 preprocess.keys.bz2 a4654bbc1b95c89b4bed19a6b9ec18233aba12b014728 status.txt 86d7adf2acfc22a5de070bb7df2b24d314ecd9fd194548 top1000table.html 36e0127b31c75a1051ba0fc32ff6d973ed468faf29703 top1000table.html.gz be7a6d26967cc3f5021bba2bfa0633fd3b25d3059791top50table.html 16c570a7443f24cb544c8eab20efec045e9fbc2d2529D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgp5VPz5OpKz2.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Secret key holder identity (was: Local file encryption)
On 2/20/07, Janusz A. Urbanowicz [EMAIL PROTECTED] wrote: * without having recipient pubkey it is impossible to determine the recipient of the message (assuming the subkey ID is not widely known) ... If the system was designed for the real world, the encrypted message would, by default, consist of a binary data set, indistingushable from a random stream, until and unless decrypted using the recipient's private key. NikNot ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: walkthrough
PaulH wrote: Hi, I have just installed gpg4win-1.0.8. I'm new to this and not sure what I'm doing exactly and haven't the time to teach myself. I have looked for tutorials etc but can only find using gpg from the command line. All I simply need to do is set up a private key and be able to send encrypted emails to a particular client. I have tried but any email sent is not encrypted. My mail client is Outlook 2003. At some point the emails will automatically be sent from a server, the emails themselves will be generated by php script. Are there any issues with using gpg in this way? Sorry for the brevity of this post but I have my boss breathing down my neck expecting answers. Have you installed the GnuPG Outlook plug-in? http://www.g10code.de/p-gpgol.html Since you're encrypting all mails from a server, you may also wish to take a look at GPGrelay: http://sites.inka.de/tesla/gpgrelay.html -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A what's the key to success?/ two words: good decisions. what's the key to good decisions? / one word: experience. how do i get experience? / two words: bad decisions. Just how do the residents of Haiku, Hawai'i hold conversations? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users