Re: How to sign my own public key?
Am Donnerstag, 29. Dezember 2011, 19:47:36 schrieb Stayvoid: > I'm using GPGTools (Mac OS version). > > I've tried to verify the public key with Services - Verify (GUI method). > (I assume it's used for verifying a signed message.) > > Just to clarify, here is an output of the gpg --list-sigs: > pub *** > uid *** > sig 3 *** > > sub *** > sig *** > > Do I have any unsigned keys? No. > "sub" stands for the secret key, right? For subkey. The signature given above refers to the public subkey. It would be useless to sign private keys. > Are there any differences between sig 3 and sig? (Those keys have the > same output.) See --ask-cert-level I think that GnuPG always uses 3 for UID self signatures and never gives such a statement for subkeys (maybe that's not even possible), wouldn't make sense anyway. > Can I accidentally encrypt my mail using my own secret key? Mail cannot be encrypted by secret keys at all. Public keys are for encryption and signature verification, private keys are for decryption and signature creation. It probably makes sense that you have a look at some beginners tutorial. > For example: gpg -se > What kind of key will be used in this case? > I know that the program will ask for the User ID. Will it > automatically use User ID's public key? It will automatically use the right one. Great, isn't it? I.e. in this case first your private key for the signature and then the recipient's public key for the encryption. Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to sign my own public key?
I'm using GPGTools (Mac OS version). I've tried to verify the public key with Services - Verify (GUI method). (I assume it's used for verifying a signed message.) Just to clarify, here is an output of the gpg --list-sigs: pub *** uid *** sig 3 *** > sub *** sig *** Do I have any unsigned keys? "sub" stands for the secret key, right? Are there any differences between sig 3 and sig? (Those keys have the same output.) Can I accidentally encrypt my mail using my own secret key? (I assume it will become unsafe after that, right?) For example: gpg -se What kind of key will be used in this case? I know that the program will ask for the User ID. Will it automatically use User ID's public key? Thanks for your help. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: Gnupg-users Digest, Vol 99, Issue 15
> Message: 6 > Date: Thu, 29 Dec 2011 04:04:15 +0100 > From: Jerome Baum > To: gnupg-users@gnupg.org > Subject: Re: --trusted-key > Message-ID: <4efbd8af.9080...@jeromebaum.com> > Content-Type: text/plain; charset="utf-8" > > > > Finally, (and this part may very well > > relate to my lack of fully understanding the trust procedures) would > I be > > specifying and ID in "--trusted-key long key ID" for a key that is > one of > > mine? If so, why would I need one of "my" keys, as the definition > states, in > > order "...to check the validity of a given recipient's or signator's > key"? > > I know I must be missing some critical point > woosh! Thanks. > > Yes, just like in my example, you would usually specify the ID of one > of > your own keys. > > So say I've certified your key with my 215236DA. That key is not on > this > machine, but I'd like my gnupg to consider your email signatures valid. > What I'm telling gnupg is that 215236DA is my own key, so any other key > that is certified by 215236DA must be valid (presumably because I > personally checked this before certifying). > > trusted-key is really there for the above scenario -- it is my key, but > it isn't on this computer, so gnupg can't know unless I tell it. > There's > basically not much more to it.* That is now clear for me. Thanks. I believe the part that threw me off was that I apparently misunderstood where the trust components resided. I thought that, because the trust was maintained in your database independently of the keys themselves, the presence of the database on your machine would have sufficed to carry the weight of the trusted key that was not present. I suppose now that this component of trust, using the command "--trusted-key", has been manually inserted into the present database as it was not relocated in some way on to the present machine without the trusted key from which it was derived. The trust components and interplay is something I obviously need to continue studying. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to sign my own public key?
On Dec 29, 2011, at 10:19 AM, Robert J. Hansen wrote: > On 12/29/11 10:08 AM, Stayvoid wrote: >> A key is already signed after creation, right? > > Per spec, it must be. GnuPG enforces this. However, it's possible to > find some (likely deliberately mangled) certificates that are missing > self-signatures. The OpenPGP spec actually doesn't require it, for compatibility with the original spec which also didn't require it. The implementations do tend to require it (which makes sense, as it is important for many reasons). These days, if you see a non-self-signed key, something is wrong. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to sign my own public key?
On Dec 29, 2011, at 6:57 AM, Stayvoid wrote: > Hi there! > > How to sign my own public key? > I've read that this is important. > Here is the link: http://www.heureka.clara.net/sunrise/pgpsign.htm It is important, and so GnuPG does it automatically for you. That page dates from a long while ago back when PGP version 2 didn't automatically do it. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to sign my own public key?
On 12/29/11 10:08 AM, Stayvoid wrote: > A key is already signed after creation, right? Per spec, it must be. GnuPG enforces this. However, it's possible to find some (likely deliberately mangled) certificates that are missing self-signatures. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to sign my own public key?
Am Donnerstag, 29. Dezember 2011, 16:08:08 schrieb Stayvoid: > A key is already signed after creation, right? That's right for keys which have been created by GnuPG. you can check that by gpg --list-sigs See --allow-non-selfsigned-uid (in the block "Doing things one usually doesn't want to do."...) Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to sign my own public key?
A key is already signed after creation, right? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to sign my own public key?
On Thu, Dec 29, 2011 at 02:57:01PM +0300, Stayvoid wrote: > How to sign my own public key? > I've read that this is important. > Here is the link: http://www.heureka.clara.net/sunrise/pgpsign.htm Whenever you make changes to your key, it's automatically signed by you. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: German Privacy Foundation Crypto-stick
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, thank you very much. I found the file, but at the same time I found the following: $ gpg --card-status gpg: selecting openpgp failed: unknown command gpg: OpenPGP Karte ist nicht vorhanden: Allgemeiner Fehler $ mv /tmp/keyring-ooi9FI/gpg /tmp/keyring-ooi9FI/gpgOLD @latitude:~$ gpg --card-status can't connect to `/tmp/keyring-ooi9FI/gpg': Datei oder Verzeichnis nicht gefunden Application ID ...: *** Version ..: 2.0 Manufacturer .: ZeitControl Serial number : *** Name of cardholder: [nicht gesetzt] Language prefs ...: de Sex ..: unbestimmt URL of public key : [nicht gesetzt] Login data ...: [nicht gesetzt] Private DO 1 .: [nicht gesetzt] Private DO 2 .: [nicht gesetzt] Signature PIN : zwingend Key attributes ...: 2048R 2048R 2048R Max. PIN lengths .: 32 32 32 PIN retry counter : 3 0 3 Signature counter : 0 Signature key : [none] Encryption key: [none] Authentication key: [none] General key info..: [none] So somehow /tmp/keyring-ooi9FI/gpg blocks the connection to the crypto-stick. Why? Is this a new security feature? :-) How can I fix it? mcmurphy On 28.12.2011 01:05, Crypto Stick wrote: > After installing the package the UDEV rule should be located at > /lib/udev/rules.d/40-cryptostick.rules > > Please check. > > Am 27.12.2011 09:00, schrieb mcmurphy: >> Hi, >> >> thank you for the answer. There is no difference. I'm not sure, >> whether the installation works. There is no new rule in >> /etc/udev/rules.d. Is it gnupg-ccid.rules in /etc/udev/? However: >> Nothing changed for not-sudoer-user. Maybe there is something >> wrong with udev or gpg? >> >> mcmurphy >> >> On 27.12.2011 00:50, Crypto Stick wrote: >>> Hi! Please install this package (UDEV rule) and it should >>> work. >>> >>> https://www.assembla.com/spaces/cryptostick/documents/ds_EMCisGr4k7QeJe5cbCb/download/ds_EMCisGr4k7QeJe5cbCb >> >> >> >>> >>> >>> Am 27.12.2011 00:46, schrieb mcmurphy: Hi, i'm trying to work with the Crypto-stick of the German Privacy Foundation (https://www.privacyfoundation.de/crypto_stick/crypto_stick_english/) >> under ubuntu 11 64-bit. Unfortunately it works only for root or sudoers. An UNPRVILEGED user gets the following message: $ gpg --card-status gpg: selecting openpgp failed: unknown command gpg: OpenPGP Karte ist nicht vorhanden: Allgemeiner Fehler I searched a lot, tried some udev-rules, i.e. http://dokuwiki.nausch.org/doku.php/centos:cryptos or http://lists.gnupg.org/pipermail/gnupg-users/2011-February/040781.html. It makes no difference. Maybe you have some hints for solving this problem. Thanx mcmurphy ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users >> >> >> > -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJO/HBaAAoJENYLD3BkimK7G9cH/iUJ+/xqB29ri3pJZx8qwoit r7y8vUdJ8JXIW+pYwr7xcbl8N9GRd3jpLkc5BUxEjFSNRZ3HmiCKIkbwz7ZwzG7G l0+qh7TbF/h6YucxiiuGm4Rs4yZjOJqSFsR5nmKdgAUlZENE5o6tVZO4ipGDUt3t lVkOuleUhL/9UXo2S0OYDTsMgKP3Ludm4kj2R0ZI8IrBMK9i3CBSp4naKmTtjXWF wt6YLhl8RrducF6MMr6HiF6fLFe/NSK2Pz7SdOAteikNJuDLlkF7pd8cgf7OyXSv LKO/KRcVPm+NWdWx4t/SyiCDjQI+p/2+P4sFCqylFyyuVx2GpCgeUJExARYgnCM= =odqw -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
How to sign my own public key?
Hi there! How to sign my own public key? I've read that this is important. Here is the link: http://www.heureka.clara.net/sunrise/pgpsign.htm Cheers. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Short ID Collision
Jerry wrote: > > It would seem, and this is strictly my own opinion, that if the "old > pksd" servers are dead then there is no logical reason to continue to > support them. Just my 2ยข. If only all software support decisions were that cut and dried. Oh well... David Shaw committed patches to the 1.4, 2.0, & 2.1 branches of GnuPG yesterday afternoon (28-Dec). The change will be in the next release of each branch. -- John P. Clizbe Inet: John ( a ) Enigmail DAWT org FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or mailto:pgp-public-k...@gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
