Re: Is the OpenPGP model still useful?
Sounds very much like Off-the-Record messaging for every kind of communication. Or is there a difference I have missed? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Re: Keylogers
On 14:59, michaelquig...@theway.org wrote: In a properly secured O/S an application program can't do any damage No damage, yes. *But additional alterations can happen*. Software installations alter the base O/S--especially the Windows registry. Keep in mind things such as Anti-virus software need to put in hooks to intercept normal/original processing to test files/programs. I've wondered how this same subject works with application whitelisting. Also, I believe device drivers still run in RING0 on Windows. Although I haven't heard/checked whether that's still true in Windows 7. yep. when i was working OS/MVT I used to hate people who wanted to install an SVC. and so it is with Win7: if your app needs to modify the O/S then your app has to be vetted just as though it was the O/S. because when it hooks in -- it has to be treated that way. obviously you would not want to allow any and every app program to do that... if you did you'd have a mess on your hands. Don't we? I have always felt the registry should be for the O/S use only. App Programs should use their own .ini files. one of the things we have failed to recognize is that the computers for hobbyists, experimenters et al are different from the computers for commercial/network/business applications. -- /MIKE signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is the OpenPGP model still useful?
On 4/28/11 11:05 AM, Michel Messerschmidt wrote: Sounds very much like Off-the-Record messaging for every kind of communication. Or is there a difference I have missed? The barrier to usage is still high with OTR: users still have to authenticate, and you can get horrible sync issues. Plus, let's not forget the wacky hijinks that occur if you're logged into IM from two places at once -- although this is explicitly supported by some IM protocols (Jabber), with OTR it causes no end of troubles. The thought experiment here -- it's not a real proposal -- is, what would happen if we discarded authentication entirely, and went purely for a require-brute-force approach to discover the random session key? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
signing non default key
Forgive the newbie question: I want to sign a key , I use /opt/freeware/gnupg1.4.10/bin/gpg --edit-key Yard2004_UCLA I enter Commnad sign Yard2004_UCLA Are you sure that you want to sign this key with your key John Yard (aix admin) jy...@ais.ucla.edu (78B3C4BA) Really sign? (y/N) This issue is , I need to sign this key with another key , How can this be done / what is the syntax for this ? JYard UCLA ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: signing non default key
Please don't try to start a new thread by replying to an old message and changing the subject line. This causes your message to appear under the old thread for those of us who use threaded mail clients. The better solution is to save the list e-mail address to your address book, then start a whole new message. hope this helps, Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: signing non default key
Am Freitag, 29. April 2011, 20:04:40 schrieb Yard, John: This issue is , I need to sign this key with another key , How can this be done / what is the syntax for this ? --local-user 0x12345678 Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Centralizing Private and Public Keys From Multiple Boxes with -user Switch
Is it possible to have multiple private keys in use on the same keyring? We have a GPG installation on two different boxes (with one private key in use on each) and both boxes have reached end of life and need to be decomissioned. We use GPG to encrypt files that we put to the seperate customer FTP sites. They decrypt the files and process them. We created a different private\public key combination for each box. Each box also has a customer specific public key that we've imported into the keyring. We are centralizing our FTP transmissions to one new box. It looks to me that it's possible to have two private keys in use on the same keyring and that you can specify which key to use when you are encrypting by using the -user switch in your encryption command. Is that the way it works or am I barking up the wrong tree here? Maybe I'm missing something fundamental? Any advice is appreciated. -- View this message in context: http://old.nabble.com/Centralizing-Private-and-Public-Keys-From-Multiple-Boxes-with-%22-user%22-Switch-tp31491793p31491793.html Sent from the GnuPG - User mailing list archive at Nabble.com. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Centralizing Private and Public Keys From Multiple Boxes with -user Switch
On Apr 29, 2011, at 2:56 PM, Ted Zatopek wrote: Is it possible to have multiple private keys in use on the same keyring? We have a GPG installation on two different boxes (with one private key in use on each) and both boxes have reached end of life and need to be decomissioned. We use GPG to encrypt files that we put to the seperate customer FTP sites. They decrypt the files and process them. We created a different private\public key combination for each box. Each box also has a customer specific public key that we've imported into the keyring. We are centralizing our FTP transmissions to one new box. It looks to me that it's possible to have two private keys in use on the same keyring and that you can specify which key to use when you are encrypting by using the -user switch in your encryption command. Is that the way it works or am I barking up the wrong tree here? Maybe I'm missing something fundamental? Nope, that's exactly how it works. Note that the option is --local-user (or -u), and not --user though. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: signing non default key
On Fri, Apr 29, 2011 at 11:04:40AM -0700, Yard, John wrote: Forgive the newbie question: I want to sign a key , I use /opt/freeware/gnupg1.4.10/bin/gpg --edit-key Yard2004_UCLA … This issue is , I need to sign this key with another key , How can this be done / what is the syntax for this ? Use the -u option to specify a key other than the default. This is in the gpg(1) man page[1]: --edit-key name Present a menu which enables you to do all key related tasks: sign Make a signature on key of user name If the key is not yet signed by the default user (or the users given with -u), the program displays the information of the key again, together with its fingerprint and asks whether it should be signed. This question is repeated for all users specified with -u. … -u, --local-user name Use name as the user ID to sign. This option is silently ignored for the list commands, so that it can be used in an options file. [1]: http://www.gnupg.org/documentation/manpage.en.html -- A complex system that works is invariably found to have evolved from a simple system that works.—John Gall signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Centralizing Private and Public Keys From Multiple Boxes with -user Switch
Am Freitag, 29. April 2011, 20:56:49 schrieb Ted Zatopek: It looks to me that it's possible to have two private keys in use on the same keyring and that you can specify which key to use when you are encrypting by using the -user switch in your encryption command. That is correct except for the detail that the option is --local-user or -u. In order to prevent writing nonsense I checked what -user produces. I used this command: gpg --detach-sign -user eccb5814 index.html I was surprised by the result. gpg created a signature using a key with no obvious relation to the command. Additionally I got an error message that eccb5814 was not found (meaning: as a file). I finally understood by myself that -user is interpreted as --local-user ser. Many keys have ser in their UIDs. Does it make sense to accept a parameter for --local-user which is not unambiguous? Of course, it says what it is going to do but aborting with a clear error message would be user protection IMHO. Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is the OpenPGP model still useful?
Am 28.04.2011 17:05, schrieb Michel Messerschmidt: Sounds very much like Off-the-Record messaging for every kind of communication. Or is there a difference I have missed? Hej list members, whatever you ar talking about with this topic: I like using OpenPGP VERY MUCH and find it VERY useful and useable with enigmail in Thunderbird (Icedove) on Debian Squeeze. Thanks for every hand and mind developing this fine peace of software! By the way: Using OpenPGP with enigmail in Thunderbird, I miss a feature: Usually the recipient rules work but if they fail (perhaps due to background update of Thunderbird and not working plugin), I would like to have a chance to see that the written message is going to be send unencrypted BEFORE sending. Or vice vera: I want to see that a instantly written message is going to be encrypted Thanks in advance, Boris ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is the OpenPGP model still useful?
On Fri, Apr 29, 2011 at 09:05:35PM +0200, B wrote: By the way: Using OpenPGP with enigmail in Thunderbird, I miss a feature: Usually the recipient rules work but if they fail (perhaps due to background update of Thunderbird and not working plugin), I would like to have a chance to see that the written message is going to be send unencrypted BEFORE sending. Or vice vera: I want to see that a instantly written message is going to be encrypted There is an option in Enigmail’s expert settings to always confirm. Simon -- A complex system that works is invariably found to have evolved from a simple system that works.—John Gall signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users