Re: Hi
On Thu, Mar 31, 2011 at 07:25:20PM -0400, Jerry wrote: > On Thu, 31 Mar 2011 15:41:57 -0600 > Aaron Toponce articulated: > > http://passwordcard.org will fix that. :) > > Dumping GShit would have been my first choice. Not sure what your problem is. His account got hacked, likely due to a poor password, so I recommended a solution to a better password. In fact, passwordcard.org can be applied to anything that needs passwords, including the passphrase for your GPG key. It's randomly generated using a secure PRNG, and the randomness in the chosen password from the card guarantees enough entropy to secure your account against brute force attacks, provided the length is sufficient. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Hi
I did not understand what that menat anyway. I never click links that seem anonymous so I am safe, but that was unusual. On 31/03/2011 08:41 PM, Robert J. Hansen wrote: > On 3/31/11 7:25 PM, Jerry wrote: >> Dumping [something] would have been my first choice. > > Let's be a little careful about our language. Thanks. :) > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Hi
On 3/31/11 7:25 PM, Jerry wrote: > Dumping [something] would have been my first choice. Let's be a little careful about our language. Thanks. :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Hi
On Thu, 31 Mar 2011 15:41:57 -0600 Aaron Toponce articulated: > On Thu, Mar 31, 2011 at 06:06:27PM +0100, Lee Elcocks wrote: > >Im sorry, this email was not sent by me, ive been "hacked" > > should not happen again (fingers crossed) > > http://passwordcard.org will fix that. :) Dumping GShit would have been my first choice. -- Jerry ✌ gnupg.u...@seibercom.net _ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Group Signing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 El 21-03-2011 18:51, Mike Acker escribió: ... > it is entirely possible that Tom could leave the group yet I would want > to maintain secure communication with him. > > i will stress to the group that the key authenticates the sender but > does not indicate group membership. Well, you can create a key for membership validation. Of course, that won't be the usual usage for a key, but the nice thing about OpenPGP is your group defines the policies for it. So a signature from that key can mean the user is a member, and also he has been validated. The other members of the group could sign the new member's key (or not), and once the signature is revoked, the member is no longer a member, but signatures issued on that key will remain. If somebody didn't want to sign the member's key, probably also won't want to maintain secure communication with him after he left the group. Best Regards -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJNlRF2AAoJEMV4f6PvczxACBUH/1q+DH+NKDvZ1YYdz7WJxY93 T0GvUqMpj61a7E1g2yMsonJvDRVPEprkIMB1106KSs69g4FbZ8i7JXBMtWiTIfxR 2s9NJHTTu1StlPXxKpdEWrikxn79UqBVMNXMakjDWqUDI4PGxmuu70mURyYnUt1L 5K59J5aKc7j3yZbWbjx4bDbw6Gmxw8bO8q6U+32d9WPGmXRV7lWx/NNeF1h4Tdt6 cJXzbH44QVo9/wSrEv8LOJLytOb8evS6FGcX+SawEBL8t7cO3yHtmjSHUOnT4cRs cnMtZMDJ9ADvtVKyymdpRwelLDx/FA1IM41/KT1nRxx5hVoNofqn2d8m/+Nn0i0= =GO5C -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Security of the gpg private keyring?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 El 28-02-2011 11:09, David Shaw escribió: ... > You can do quite a lot with stuff like this. Who signed who can tell you who > this person has met, and often where. If you see a bunch of signatures > around a particular date, look for a keysigning party on that date - now you > have evidence they were there. Email addresses can reveal an enormous amount > of information about a person. Robert and I did an experiment a few months > ago where starting only from his public key, I was easily able to find out > real-world addresses, parents names, siblings, etc. Of course, you can collect some noise too, after all, people don't need your authorization to sign your public key. There was a "funny" case, about key 0xAC88553D getting a signature from key 0xDE4C0E35 Best Regards -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJNlRZlAAoJEMV4f6PvczxAs1oH/3lB5qpPeA34+m3l220JVm06 U1nt+VUtMDSVMHQaicgDkZ9JbCLK+UZhOVYIOS5RWgapiuxZxbTOIgJ8Ezi2k/R0 AZxJsAidBmErwl2F3H09EXf9ksj4wVQX3jmPHb+ug1dXVfXC8gvK5DHmB//PiLwg JPlwTW+NIlIGlkUoqGa8OeTeVFQEJwPPU8xsSJLtA4QZN41rvpOsZwQPlKjPSHtL 6p7tvkCdL0/QZuLLXo5xKScJcngRR4iOUd6yxUNVDh6UwsrhhVOTNgJ2CI7FxqTt drc7m75mlng6L4UkjY+tYYC2zx7u2Otj4toH/Y8iSucPgnENHOrgzgR00QXkHtY= =7lAL -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: KEYSERVER
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 El 20-03-2011 18:29, Mike Acker escribió: ... > what a Certificate Authority is supposed to do but to this date I remain > concerned that most of the CA certificates in our browsers are just > loaded there by someone-- i have no clue why i would think they are valid. I have another question (but you don't have to provide an answer): if the CA certificates don't come pre-loaded in the browser, how do you know you are downloading the right CA certificate? Best Regards -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJNlQ8RAAoJEMV4f6PvczxA8mUIAKYCdV/GteffRy3PuhSe+qYW hGXukGGzz+F973VuaLG1aiZJwW0pyMVVR0oJ+Y2idghUd3Yqqh4g3baTYuJwWifV wl6k4p6kqHt1qA+ZinRMyJHgzaAoTybr7l/A50TN8a48Da65ibiGp1CEA8T1Xt2+ N/EHkV6yOm0s727SQqTADRD7C+qW02aaJxAyxhHVQ9DMRXV2OWBqzk4wEUBuckB8 ZjHOEvcJqGemwWwAm+iIKgFr6fwx6VPY2TkmAAP7R7lhHPwwhexdvQitjbE/7lvC 4BgJjR6cIegPlFapOlGLDr8bUvC0QfsRplq+tK/XYTZ+/BHZ8KmqXXkHoN1Y6MU= =Jozd -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Hi
On Thu, Mar 31, 2011 at 06:06:27PM +0100, Lee Elcocks wrote: >Im sorry, this email was not sent by me, ive been "hacked" should not >happen again (fingers crossed) http://passwordcard.org will fix that. :) -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [PGPNET] Jerome
On Mar 31, 2011, at 1:25 PM, gnupg-users-requ...@gnupg.org wrote: ... > > Pretty simple: > > Receiving messages with GPG 2.0.14 (Ubuntu Maverick, via Mint Linux): > When messages to multiple recipients have the key ID's thrown, gpg-agent > (?) sequentially requests passwords for all secret key many, many, many > times, but fails to decrypt with any key---even the correct one. > > -- > > Thanks! > Lance W. Haverkamp All, I can confirm the exact same problem when running under Mac 10.6.7. -- Scott Blystone Rochester, New York Gossamer Spider WoT Introducer (see http://www.gswot.org) Start SSL Notary (see http://www.startssl.com) CA Cert Assurer (see http://www.cacert.org) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Public keys on smartcard
On Mar 31, 2011, at 10:52 AM, Werner Koch wrote: > On Thu, 31 Mar 2011 15:51, gpgika...@armax.se said: > >> my pubring.gpg/secring.gpg) I must also have a card containing the >> trustdb-file and perhaps even a gpg.conf file? > > No, you don't need the internal stuff like trustdb and pubring. Take > the public key from a keyserver or another resource and import it. The > card has a convenient field to store an URL to retrieve the public key > (actually the keyblock with user ids and signatures). Use the "fetch" > sub command of the --card-edit command. > > Cards are way too small to store a non-simple OpenPGP keyblock; many of > them are over 100k in size. I've sometimes thought it would be nice to be able to keep the pubring with the smartcard, and since it can't be on the card, it could be on the reader. There is at least one reader out there (SCM MAXX lite) that combines a SIM-sized reader with 2GB of flash storage in a single USB stick. I haven't tried it, but it would seem to be a reasonable solution to have everything together in one place. 2GB could store a lot more than just your public keyring, too. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Public keys on smartcard
On Mar 31, 2011, at 3:06 PM, Astrakan wrote: > Thank you for your quick response. > > A couple of follow-up questions: > Im noticing that in an "empty" gpg-installation, when I run the > --card-edit command, gpg creates the > keyring files (0 bytes in size) in the homedir. When I then run the > generate command to create keys on the > card the keyring-files grow to a couple of bytes in size (secring > containing stubs that point to the card, right?) and > pubring.gpg containing the public key (since I can encrypt only when the > card is not inserted). > > So even if I generate the keys directly on the smartcard, using > --card-edit and generate commands, do > the actual public key key mass populate the smart card? The card stores the parameters from the RSA algorithm (i.e. a series of numbers). Some of these numbers are considered public (and can be retrieved from the card), but this is not the same as what people generally call a "public key" in the OpenPGP/GnuPG sense. The OpenPGP public key contains those numbers in a particular format, plus the user ID(s), plus a signature for each user ID, etc. Basically, the answer to your question is strictly speaking yes, but for practical purposes no. > Follow-up question 2: > If I "fetch" the public key from a keyserver, on a computer with an > empty gpg installation, and import it, > does that store the public key on the card or is pubring.gpg created and > populated? That just stores the fetched key in your pubring. The card is not modified. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Public keys on smartcard
Thank you very much. Now things are perfectly clear. Regards, /Astrakan On 2011-03-31 21:23, David Tomaschik wrote: > On Thu, Mar 31, 2011 at 3:06 PM, Astrakan wrote: >> Thank you for your quick response. >> >> A couple of follow-up questions: >> Im noticing that in an "empty" gpg-installation, when I run the >> --card-edit command, gpg creates the >> keyring files (0 bytes in size) in the homedir. When I then run the >> generate command to create keys on the >> card the keyring-files grow to a couple of bytes in size (secring >> containing stubs that point to the card, right?) and >> pubring.gpg containing the public key (since I can encrypt only when the >> card is not inserted). >> >> So even if I generate the keys directly on the smartcard, using >> --card-edit and generate commands, do >> the actual public key key mass populate the smart card? > When you --card-edit and generate, the card generates the key > internally and stores the (private) key on the card. secring contains > the stubs and pubring contains your public key data, trust data, etc. > >> Follow-up question 2: >> If I "fetch" the public key from a keyserver, on a computer with an >> empty gpg installation, and import it, >> does that store the public key on the card or is pubring.gpg created and >> populated? >> >> /Astrakan > Even doing gpg --card-status generates keyrings, as that imports the > private key stubs. Fetching downloads the key to the pubring file. > > The public key is NEVER stored on the card -- as Werner points out, > the storage space on a smart card is orders of magnitude smaller than > many user's public keys. > > > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Public keys on smartcard
Thank you for your quick response. A couple of follow-up questions: Im noticing that in an "empty" gpg-installation, when I run the --card-edit command, gpg creates the keyring files (0 bytes in size) in the homedir. When I then run the generate command to create keys on the card the keyring-files grow to a couple of bytes in size (secring containing stubs that point to the card, right?) and pubring.gpg containing the public key (since I can encrypt only when the card is not inserted). So even if I generate the keys directly on the smartcard, using --card-edit and generate commands, do the actual public key key mass populate the smart card? Follow-up question 2: If I "fetch" the public key from a keyserver, on a computer with an empty gpg installation, and import it, does that store the public key on the card or is pubring.gpg created and populated? /Astrakan On 2011-03-31 16:52, Werner Koch wrote: > On Thu, 31 Mar 2011 15:51, gpgika...@armax.se said: > >> my pubring.gpg/secring.gpg) I must also have a card containing the >> trustdb-file and perhaps even a gpg.conf file? > No, you don't need the internal stuff like trustdb and pubring. Take > the public key from a keyserver or another resource and import it. The > card has a convenient field to store an URL to retrieve the public key > (actually the keyblock with user ids and signatures). Use the "fetch" > sub command of the --card-edit command. > > Cards are way too small to store a non-simple OpenPGP keyblock; many of > them are over 100k in size. > > > Salam-Shalom, > >Werner > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: Hi
Im sorry, this email was not sent by me, ive been "hacked" should not happen again (fingers crossed) apologies to all Lee > Date: Thu, 31 Mar 2011 07:25:00 -0400 > From: thaj...@gmail.com > To: l_elco...@hotmail.co.uk > CC: gnupg-users@gnupg.org > Subject: Re: Hi > > > The first spammer I have seen thus far. Did not know they existed here. > On 31/03/2011 10:27 AM, Lee Elcocks wrote: > > hi it's in your best interests to start this right away http://bit.ly/gntBne > > > > ___ > > Gnupg-users mailing list > > Gnupg-users@gnupg.org > > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Public keys on smartcard
On Thu, 31 Mar 2011 15:51, gpgika...@armax.se said: > my pubring.gpg/secring.gpg) I must also have a card containing the > trustdb-file and perhaps even a gpg.conf file? No, you don't need the internal stuff like trustdb and pubring. Take the public key from a keyserver or another resource and import it. The card has a convenient field to store an URL to retrieve the public key (actually the keyblock with user ids and signatures). Use the "fetch" sub command of the --card-edit command. Cards are way too small to store a non-simple OpenPGP keyblock; many of them are over 100k in size. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Public keys on smartcard
Hello! Just a quick question to clarify things. I've been playing with gpg/gpg2 and g10 openPGP smart cards v2.0 now a bit. As I understand there is no way to keep the private _and_ the public keys solely on the card? Gpg always uses the public key/pubring.gpg on the harddrive. So suppose if I wanted to have public and private keys on the card (to be able to use it on computers which doesn't have my pubring.gpg/secring.gpg) I must also have a card containing the trustdb-file and perhaps even a gpg.conf file? Thanx in advance, /Astrakan /gpgika...@armax.se ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Hi
The first spammer I have seen thus far. Did not know they existed here. On 31/03/2011 10:27 AM, Lee Elcocks wrote: > hi it's in your best interests to start this right away http://bit.ly/gntBne > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Hi
hi it's in your best interests to start this right away http://bit.ly/gntBne ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
