Re: Testing GPG EMail encryption
Hey Robin, I'll send you a testmail in a minute. I'm the guy from the GPGTools support discussion we had today. Talk to you off-list. If any of the GnuPG wizards like to chime in on the technical side on the bug tracker we're happy about any input. Cheers, steve Am 22.05.2012 um 20:06 schrieb Robin Kipp: Hello all, well, as of today, I finally decided to start signing my EMail messages using GPG to prove the integrety of my messages. As I am primarily using Mac OS, I downloaded MacGPG (http://gpgtools.org), installed it and set it all up. As I'm completely blind, I first had some issues with MacGPG, as it uses a special window (called, I think, the PINEntry window) to ask for the passphrase. Unfortunately, this window isn't accessible using VoiceOver, the screenreader built into Mac OS. However, I was now able to come up with a workaround and now it seems as if I can sign and encrypt messages without much trouble. I've informed the MacGPG developers about the accessibility issues in their software, and they seem very committed to solving it in an upcoming version. If anyone is interested, the related ticket can be found at http://gpgtools.lighthouseapp.com/projects/66001-macgpg2/tickets/94-pinentry-window-not-recognized-by-voiceover Now, I'd really like to test out EMail encryption so that I can verify this works properly, but for that, of course, I need one other party also using GPG. So, I was wondering, would it be possible for any of the GPG users on here to contact me offlist so that we could try this out once? If anyone on here would be willing to do that, I'd greatly appreciate that! Thanks for any help :-) Best regards, Robin. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users signature.asc Description: Message signed with OpenPGP using GPGMail ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Testing GPG EMail encryption
I don't know how much the demand is (or could be) but perhaps it would help make more people use OpenPGP to have a round-robin email contact system. Whoever is willing to help new users (like in this case) registers his email address with the languages he's capable of communicating in. A new user could send a mail to d...@newusers.gnupg.org e...@newusers.gnupg.org ... and the mail would be forwarded to one or two people. OpenPGP-Addons for email software (like Enigmail) could hint the user at this service. Hi all, I absolutely agree. At GPGTools we thought about an automatic testing system. Checking if the mail was encrypted and / or signed and then sending out the according reply. As with so many things and I assume Werner and the Enigmail people know the problem, we never managed to get it done. I'm not sure if one system to rule them all is ideal. Since if a user of GPGTools sendss an unencrypted but signed mail we'd direct him at the according knowledge base article. If we'd use one mail address for GPTools / Enigmail / terminal users, it might be hard to provide the correct information to help users. So it might not be automatable thus create more work. Currently we encourage the user to send a test mail and do all this manually. All the best, steve signature.asc Description: Message signed with OpenPGP using GPGMail ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Testing GPG EMail encryption
On Tue, 22 May 2012 21:28, steveb...@gulli.com said: If any of the GnuPG wizards like to chime in on the technical side on the bug tracker we're happy about any input. AFAIK a Mac specific PINentry is used and not the GTK+ or QT version. Thus I can't help. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 22/05/12 19:40, Robert J. Hansen wrote: On 5/22/12 2:26 PM, Hauke Laging wrote: Given the frequency of this discussion and the amount of effort takes by the participants: Wouldn't it make sense to make this a FAQ entry? I think so, yes. The question is who's going to write it? I suspect Werner doesn't have the time. If he wants, I would be happy to take a stab at writing it. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users A good idea Robert! David - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPvKNjAAoJEOJpqm7flRExCLwH/RkpUwsTVZhXog8abFgosJqe th4H1d3yejkbO1fxytyxwufQEZmzruz4SPpoWT2TcZ71SmznoSWXqWm5rQ53K1sD WoRvGdutOiVRTghR1wS3bvsR+BcH2lUXQqvWqqiu0WYkEvKierEpR+rw+p5vrEsS P2CQ8GqKDwNeipZn+7zcx5ZE2jykSk/Yzc47ptEv9PrKuIA4R7Gs8FqZ3Hbr4gCM wWPz+YmjIlvl3YSncMOOWnMbFD2HqJhVB6kQN/9rGVUy3H09aqhbQSYFUwwns/tE 1AnrZ8VytiMJGUGt8il0KWZtTtHkqs1Rzn6nOrtHo2agxb0ELpECXDqFTnI1fLs= =yP71 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Testing GPG EMail encryption
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, On 22.05.2012 21:06, Robin Kipp wrote: Hello all, well, as of today, I finally decided to start signing my EMail messages using GPG to prove the integrety of my messages. As I am primarily using Mac OS, I downloaded MacGPG (http://gpgtools.org), installed it and set it all up. As I'm completely blind, I first had some issues with MacGPG, as it uses a special window (called, I think, the PINEntry window) to ask for the passphrase. Unfortunately, this window isn't accessible using VoiceOver, the screenreader built into Mac OS. However, I was now able to come up with a workaround and now it seems as if I can sign and encrypt messages without much trouble. I've informed the MacGPG developers about the accessibility issues in their software, and they seem very committed to solving it in an upcoming version. If anyone is interested, the related ticket can be found at http://gpgtools.lighthouseapp.com/projects/66001-macgpg2/tickets/94-pinentry-window-not-recognized-by-voiceover Now, I'd really like to test out EMail encryption so that I can verify this works properly, but for that, of course, I need one other party also using GPG. So, I was wondering, would it be possible for any of the GPG users on here to contact me offlist so that we could try this out once? If anyone on here would be willing to do that, I'd greatly appreciate that! Thanks for any help :-) Best regards, Robin. I cannot verify your signature, because you use PGP/MIME and this mailing list uses mailing list software which somehow messes up with headers and makes PGP/MIME signatures unverifiable. You can test email encryption by emailing Adele. pub 1024D/92AB3FF7 2002-03-06 uid Adele (The friendly OpenPGP email robot) adele...@gnupp.de uid Adele (Der freundliche E-Mail-Roboter) ad...@gnupp.de sub 1024g/62BDBFD4 2002-03-06 - -- [Mika Suomalainen](https://mkaysi.github.com/) || [gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728](http://mkaysi.github.com/PGP/key.txt) || [Why do I sign my emails?](http://mkaysi.github.com/PGP/WhyDoISignEmails.html) || [Please don't send HTML.](http://mkaysi.github.com/articles/complaining/HTML.html) || [Please don't toppost](http://mkaysi.github.com/articles/complaining/topposting.html) || [This signature](https://gist.github.com/2643070) || -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPvK5LAAoJEE21PP6CpGconqIQAKwRD5G/NPh9Yqr9atTjVXEH 7X11ttimt2cmON8MExymAu+fPpEqejriSKqppazwaBTvtxhonBoJ528/3VkZzn98 ZYz7dujDBKp6ws203DD21sbO/3XMWOJqghqXvdiQSML8h5k6RLCOgfE7G1NIhra3 NhtJouaJ9zTyEObFseF3H/vpQPFFtm+drSbRMXSbD9OPeK+OLvWRvcTTWxmTc4tJ adGhcvuj7C0tAXQ6yf6BquWv1S8AnepZnpQ4+hHmxalip2wLBKcBgM/vJFwEzR2Z 9nUO7d4XLpFCkIsalOFmylBPqunndF6amqHqkWOFj8meZ3j8xqFMbaLXsA2N7hrv 0apdHvt3UKoyEamHQb9QxOUe3qZ6Q2sAFcY3lLG15zXBuXcyfhW+/VtIKvAH7eAX 3fKycZXEQT7/MFH9xWgDxpa6tymdYtZqMcQBbtsokiSXtuK0rVb0XLJdhQYtBDsi btPeI6CCLUTArYFDXUDnCEQlljIOwJq8/QKsIyGlim4N9tL/axJLzu04+GQbqRY5 YDZbg6T9zgGLfPN2T5A21NnqWufzdDYtwFg4iwyFLgyCiA/9sUt80ysUqUS5UCax cx2JhMCC0X2lef/nyd4tDKrj2dCim2bdm5LLPaznEdyK39L0mq+GMbqgzOn6COVv 0jsRZ2b2c7Uuf2fD8xab =5ilr -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Testing GPG EMail encryption
On 23/05/12 11:19, Branko Majic wrote: As a curiosity, any ideas on what you would do to avoid use of this system for spam purposes? (although encrypted spam won't be of much use :) A simple challenge-response system should suffice, I'd say. When a new user mails to such an address, he receives a reply with a code that should again be mailed back to indicate the user is a human and can respond to the challenge. Bots could be adapted to defeat a lot of variations of this, but when it's a special-purpose design, I don't think it would be worth their time. Otherwise, use a captcha. I've never seen captcha's used in e-mail traffic, but it's easily done. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Testing GPG EMail encryption AKA PGP/MIME
I think we had the PGP/MIME vs inline discussion already. @Robert: Would that qualify for a second entry in your FAQ with the pro/cons listed? I really would love to see some distilled output. The discussions on this list are very valuable and having the pro / con arguments in some sort of wiki / faq (maybe editable by the users) would imo bring benefit to users, trying to understand backgrounds. @David let us know once you get the basic setup done. Would GitHub maybe be sufficient as a wiki? I am sure there are other nice solutions around, too. Cheers, steve I cannot verify your signature, because you use PGP/MIME and this mailing list uses mailing list software which somehow messes up with headers and makes PGP/MIME signatures unverifiable. You can test email encryption by emailing Adele. pub 1024D/92AB3FF7 2002-03-06 uid Adele (The friendly OpenPGP email robot) adele...@gnupp.de uid Adele (Der freundliche E-Mail-Roboter) ad...@gnupp.de sub 1024g/62BDBFD4 2002-03-06 signature.asc Description: Message signed with OpenPGP using GPGMail ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpgsm: (pinentry:24664): GLib-GObject-CRITICAL **: Object class GtkSecureEntry doesn't implement property 'editing-canceled' from interface 'GtkCellEditable'
Werner Koch w...@gnupg.org writes: gpgsm: (pinentry:24664): GLib-GObject-CRITICAL **: Object class GtkSecureEntry doesn't implement property 'editing-canceled' from interface 'GtkCellEditable' This warning is due to a newer version of Gtk+ (2.20). Pinentry uses a replacement of GTK+'s standard text entry widget which was written many years ago. It should will be simple to add this property and explicitly return FALSE - this should silence the warning. And it seems you already fixed it in the git repo some time ago: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=pinentry.git;a=commit;h=671a1a70 Is there any chance of new release? :-) Regards, -- Daiki Ueno ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
There may be more to security than password length, or even its complexity.
http://2.bp.blogspot.com/-v15Nbl_zG7s/T6BFiQoGDEI/AHs/U5eU7O6MG3o/s1600/security-fail.jpg -- .~. Jean-David Beyer Registered Linux User 85642. /V\ PGP-Key: 9A2FC99A Registered Machine 241939. /( )\ Shrewsbury, New Jerseyhttp://counter.li.org ^^-^^ 07:40:01 up 33 days, 1:17, 3 users, load average: 4.45, 4.52, 4.64 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Testing GPG EMail encryption
On 5/23/12 2:50 AM, Steve wrote: I absolutely agree. At GPGTools we thought about an automatic testing system. Checking if the mail was encrypted and / or signed and then sending out the according reply. You may want to move this discussion over to the Enigmail list. We have a system set up that does much of this already, called Adele. We'd be happy to share. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: There may be more to security than password length, or even its complexity.
On Wednesday 23 of May 2012 07:41:56 Jean-David Beyer wrote: http://2.bp.blogspot.com/-v15Nbl_zG7s/T6BFiQoGDEI/AHs/U5eU7O6MG3o/s1 600/security-fail.jpg How putting passwords to public WiFi on a wall undermines security? If you depend on PSK WiFi for security then you've already failed... Regards, -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawerów 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Testing GPG EMail encryption
On Wed, 23 May 2012 11:30, mika.henrik.mai...@hotmail.com said: I cannot verify your signature, because you use PGP/MIME and this mailing list uses mailing list software which somehow messes up with headers and makes PGP/MIME signatures unverifiable. It is this old Mailman/Python illness. I really wonder what the state of the fixes is. For years I ran a patched Mailman version but this patch never made it into Mailman proper. Along with the hard to use standard archiver (pipermail), this is a major drawback of Mailman. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Testing GPG EMail encryption
On Wed, 23 May 2012 15:24, r...@sixdemonbag.org said: You may want to move this discussion over to the Enigmail list. We have a system set up that does much of this already, called Adele. We'd be Is that a different one than the Adele from Gnu_PP_, which is a closed source web service? Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Testing GPG EMail encryption AKA PGP/MIME
On 23.05.2012 12:56, Steve wrote: I think we had the PGP/MIME vs inline discussion already. I am using PGP/MIME in this email. Can you verify my signature on this email? You can find link to my public key in my signature. Now I stop answering to these PGP/MIME vs INLINE. I think that I have said enough in http://mkaysi.github.com/PGP/WhyDoISignEmails.html . -- [Mika Suomalainen](https://mkaysi.github.com/) || [gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728](http://mkaysi.github.com/PGP/key.txt) || [Why do I sign my emails?](http://mkaysi.github.com/PGP/WhyDoISignEmails.html) || [Please don't send HTML.](http://mkaysi.github.com/articles/complaining/HTML.html) || [Please don't toppost](http://mkaysi.github.com/articles/complaining/topposting.html) || [This signature](https://gist.github.com/2643070) || signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Testing GPG EMail encryption
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 23.05.2012 16:24, Robert J. Hansen wrote: On 5/23/12 2:50 AM, Steve wrote: I absolutely agree. At GPGTools we thought about an automatic testing system. Checking if the mail was encrypted and / or signed and then sending out the according reply. You may want to move this discussion over to the Enigmail list. We have a system set up that does much of this already, called Adele. We'd be happy to share. Why to move it to Enigmail list? That email which you quoted doesn't have mention Enigmail. As far as I know, GPGTools doesn't even include Enigmail. - -- [Mika Suomalainen](https://mkaysi.github.com/) || [gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728](http://mkaysi.github.com/PGP/key.txt) || [Why do I sign my emails?](http://mkaysi.github.com/PGP/WhyDoISignEmails.html) || [Please don't send HTML.](http://mkaysi.github.com/articles/complaining/HTML.html) || [Please don't toppost](http://mkaysi.github.com/articles/complaining/topposting.html) || [This signature](https://gist.github.com/2643070) || -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPvQRgAAoJEE21PP6CpGcoabAQAMeDSGQLo3UbTOEwpi+efOHN zIVq7iMofD/VdY/tFpAvHDOc/BvYk2+f8WLXIlapc7U9Xto17BcBFsohpN65TKe2 z1yd8yh8HNtS2QQT2SWhkuGrrfP9QjlH46VquOX3z03rovsqLp5rqmOyuH08RRxx Gn29L9hYSAbDKdKKlO/k6HjRiJIg5xcH7jkkcqKvi7MNDocjfxzrbVVG2gA0vguG AoRALiVyXtoc/wFuAFBE47PUhtUU1H3eH0pZx4T5J6x6Ec7bGiqz99NYgbiIzLjM 6kdeH4FDegHuRyRkSeupyJJJFVafKZSsJyHg/zX9BJ00dOVtYrez2gutp49Gl8Lg MXf80BgfnC6bhp5zxfJUQt1sde9+2it2ed0+rSUqkOggsR3eY4xEPAZIgsHQ+99Y 3o/kMkeJXQDuCu8uyPDIH2jDziGFzAXWgEx9kkf4QlHwmMJeuJd87Y9IrFtR83VP cusXrt2bEVK4VRQzIqb38Xk2NiUdsg6hJZOToXiuOTdZ9M0TXpstnxI9diiR8dyq wQBWZTR4gaPa37jJiOHS6sg/MemxyLKhkhQaxbPkk6m5hmY1ki0YEbKN7Xj4fjhT z4lRq5T3lZQStFEaebi+pCjojryCxFtmZF/wzIVYo4Ea1/xps6gZwCPxFihv42+m 8pAForfS47nU7asHT74/ =qf7k -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Fwd: The UK's cruelest cut
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Original Message Subject: The UK's cruelest cut Date: Wed, 23 May 2012 07:51:49 -0400 From: Emma Ruby-Sachs - Avaaz.org av...@avaaz.org To: da...@gbenet.com da...@gbenet.com Dear friends across the UK, Each year, tens of thousands of girls in the UK are forced to have their genitals cut, often with no anesthesia. But there has been never been a conviction for female genital mutilation here -- even though in London alone, police have received 166 complaints in the last four years! Now we have a chance to help. Undercover reporters for the Sunday Times recently caught three medics on film offering to mutilate young girls, massively scaling up the pressure on law enforcement to act. We can use this moment to call on Home Secretary Theresa May for real accountability. She is in charge of every police chief in England and Wales -- if she takes the issue up personally, the entire police system could be shaken into action. Avaaz member Ruth Burnett has created a petition calling on the Home Secretary to start prosecuting people involved with these assaults and already more than 2000 people have signed! If we reach 20,000 signatures, Avaaz will deliver it directly to Home Secretary May and the head of Metropolitan Police Force -- click below to sign and forward to everyone: http://www.avaaz.org/en/petition/Stop_female_genital_mutilation_in_the_UK/?cl=1821616703amp;v=14523 Female Genital Mutilation is a custom widespread in nearly 30 Middle Eastern and African countries. But FGM has been illegal in the UK since 1985 and in 2003 the law was tightened to stop girls being taken abroad for the operation -- on so-called “FGM holidays”. Still, the practice is widespread here in the UK! When the undercover Sunday Times reporter explained to Mohammed Sahib, an alternative medicine practitioner in East London that he represented a Ghanaian couple who wanted to have their two daughters -- aged 10 and 13 -- circumcised, he said “I can do it here,” confirming that he would both remove the clitoris and sew up the vagina. “This is my work. I know what I’m doing. I’m going to do it. I will tell you how [much] to pay [for one]: £750.” Home Secretary Theresa May -- who oversees women’s issues for David Cameron, and who has the power to hold police chiefs all across England and Wales accountable -- recently admitted people would be “shocked” by the number of young girls in Britain subjected to FGM. Now we can push her to take concrete action to end FGM in the UK -- click below to sign the petition now and share with everyone: http://www.avaaz.org/en/petition/Stop_female_genital_mutilation_in_the_UK/?cl=1821616703amp;v=14523 From Iran to Morocco to South Africa, our community has fought back attacks on women’s fundamental rights. In the world we all want, a woman would never be forced to suffer the horror, pain and trauma involved with FGM. Today, here in Britain, we have a chance to take a giant step closer to making that world a reality. Let’s stand with these women and eliminate this practice from our country. With hope and determination, Emma, Maria Paz, Ricken, Alex, Rewan, Emily and the whole Avaaz team MORE INFORMATION: Female genital mutilation 'offered by UK medics' (The Guardian) http://www.guardian.co.uk/uk/2012/apr/22/female-genital-mutilation-uk-medics Birmingham arrests over female genital mutilation (BBC) http://www.bbc.co.uk/news/uk-england-birmingham-17955330 Cruel Cuts (Avaaz.org Daily Briefing) https://en.avaaz.org/418/female-circumcision-scandal-uk Genital mutilation in the UK, an investigation (Sunday Times, paywall): http://www.thesundaytimes.co.uk/sto/comment/leaders/article1021882.ece The Prevalence of Female Genital Mutilation in England and Wales (DoH study, 2007): http://www.forwarduk.org.uk/key-issues/fgm/research This message was sent to da...@gbenet.com. To change your email address, language, or other information, contact us here: http://www.avaaz.org/en/contact/?footer Want to leave this list? Send a message to unsubscr...@avaaz.org, or click here: https://secure.avaaz.org/act/?r=unsubamp;cl=1821616703amp;email=da...@gbenet.comamp;b=1831amp;v=14523amp;lang=enTo contact Avaaz, please do not reply to this email. Instead, write to us via the form at http://www.avaaz.org/en/contact. You can also call us at +1-888-922-8229 (US). __ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPvQRkAAoJEOJpqm7flRExb6gH/1XHIpojd63SuPpQ9lKQFniZ XdOwhVpfZhN93jr1rGrAoWWfKaUEEmqOLUD9NC0+msXQyJ6SAud56/rtZy9f1zd5 nv8TtS7wsuCii+XQJ3wtO5e6p9nC4QSmWStlbXbsqL9+3PM75ZfIGl0sftqeGa7q dv2/ZzMCaxiWL63dcN+m7OfddhL2qtvcNJ3pQ0K4rZ9JRqN8SYg1jMfNLJcsQ457 labiBK1GU6u6DcnVQCoJ+1LM0VPeRBbUtEbOcaB8rvODKRgQ5rTNpBh5YwJReh/N ZhzjCqF/Xn5zKbYWQK/cwIBcmxb/C0Q5LM5Gcb+jxtXaL+8j8WpFWPan//7Acqg= =31C1 -END PGP
Re: Testing GPG EMail encryption
On 5/23/12 11:29 AM, Werner Koch wrote: Is that a different one than the Adele from Gnu_PP_, which is a closed source web service? I don't know. We have the source and permission to use it -- my impression is that it's Free Software, but it's been years since I've taken a look at our Adele code and read the copyright notice. John Clizbe would probably have a better handle on its licensing situation than I do. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Testing GPG EMail encryption AKA PGP/MIME
On Wed, 23 May 2012 17:35, mika.henrik.mai...@hotmail.com said: On 23.05.2012 12:56, Steve wrote: I think we had the PGP/MIME vs inline discussion already. I am using PGP/MIME in this email. Can you verify my signature on this email? You can find link to my public key in my signature. Sure: [[PGP Signed Part:Good signature from 4DB53CFE82A46728 Mika Suomalainen (trust undefined) created at 2012-05-23T17:35:40+0200 using RSA]] Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Testing GPG EMail encryption AKA PGP/MIME
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 23.05.2012 18:54, Werner Koch wrote: Weird. All PGP/MIME signed emails here cannot be verified if they are from mailing lists. PS. I am on this list so you don't need to CC me unless your email client forces it. - -- [Mika Suomalainen](https://mkaysi.github.com/) || [gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728](http://mkaysi.github.com/PGP/key.txt) || [Why do I sign my emails?](http://mkaysi.github.com/PGP/WhyDoISignEmails.html) || [Please don't send HTML.](http://mkaysi.github.com/articles/complaining/HTML.html) || [Please don't toppost](http://mkaysi.github.com/articles/complaining/topposting.html) || [This signature](https://gist.github.com/2643070) || -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPvQlZAAoJEE21PP6CpGcoz3sQALS5P9i3pRNmeWFzCebl7s19 RpXIjyk3/OFTkmn6I+O07T9zFx102ENxJZSt/A6JLRXYyuSKp/b02KPUA/Ce3mxC wt/kVO8SwtTq1YjWBG0uDV5+zJ6ewzY7BEf8qMz7wwqg0QhI+Yfn8aq1U2twKyJ7 xIl0p+jA41ebGkMeF27dnKRsPhOqco1kgxD4/7j8uzdvAr9fhxCfARwzMyg6DW6r smPAmheRPjBLa9kcWN4m4sydXLuMUBZBsSETUWh5o84pOZ9viDJE9apvEm8R7TnX kR52UKWGOj2mbLzTjNx4G5m2K80cRh36UJovCvTY3EHzEeBWDYOqSVGXXcOiQngN Lu9wZ6VjytuTVvjEWa9uh7E+9CVhSA5Vu48upGhLrm1rwrcBUF7wrWeYPWEwqH+9 Dya3d0uxZv0Vzuwxi0xWEIDo904r9sHOuv2/HcOPo1qZP4b9gSqJb18PCyHHJyEk +/ina+4mIBD+JBiBU8pzhmgG+ViGBQqdbbtzjC1xp6L5RGSRzrIYAjdOrGwWso0J 56yRBQa0/LhcYRZ9mba+Ir+BJdl5dxx3ZMwMTgD8SrAmpNAiL6jnDvMcZ3TMcgY/ TbRbEXnS2FPXAXLLz2wdLAty6Sw3Ge2bU98IpdpWXsoeTb+hElmgycvXD/4BYviS Hp4+9HHhKdoWJHyPcCV+ =hD3Y -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Testing GPG EMail encryption
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 23/05/12 16:38, Mika Suomalainen wrote: On 23.05.2012 16:24, Robert J. Hansen wrote: On 5/23/12 2:50 AM, Steve wrote: I absolutely agree. At GPGTools we thought about an automatic testing system. Checking if the mail was encrypted and / or signed and then sending out the according reply. You may want to move this discussion over to the Enigmail list. We have a system set up that does much of this already, called Adele. We'd be happy to share. Why to move it to Enigmail list? That email which you quoted doesn't have mention Enigmail. As far as I know, GPGTools doesn't even include Enigmail. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Yup and I was on there list too - and effectively told to shove off when I pointed out errors in enigmail - they don't like testing and error reporting - so kfuc em David - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPvQlPAAoJEOJpqm7flREx71MH/AhKdugWlY764s7OaHv8EDbq 1NFHolY8ToJVBt7jTqaJCGykvmloaRwEgKjRLG4hZTvbLGQkaL3Jh7usCL9GG4FA wNEVwF69YxPjWYPjChu59nPMEFISMa0zfhiktK74tOatQQCwVHKBh6VqWoKxvvtO Dxd17EYf4LylqC8A1WLURShehh9JxC7axkMrwBlTK0h8QktFu4WnttLo43/O1A39 DMqmyaIcFnLorKVT7roEAcUIMfy1ie3Tir5L2Ct4fu/yFZ39yNXgxRh12IUCZky0 1AVlTqYw2DV3zKlMCcZ4lDXGnXMAaso8elwatv/z4zgLm0NkHyyf7q85hVx+sKg= =bglt -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Testing GPG EMail encryption AKA PGP/MIME
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 23.05.2012 18:54, Werner Koch wrote: On Wed, 23 May 2012 17:35, mika.henrik.mai...@hotmail.com said: On 23.05.2012 12:56, Steve wrote: I think we had the PGP/MIME vs inline discussion already. I am using PGP/MIME in this email. Can you verify my signature on this email? You can find link to my public key in my signature. Sure: [[PGP Signed Part:Good signature from 4DB53CFE82A46728 Mika Suomalainen (trust undefined) created at 2012-05-23T17:35:40+0200 using RSA]] Salam-Shalom, Werner Weird. All PGP/MIME signed emails here cannot be verified if they are from mailing lists. PS. I am on this list so you don't need to CC me unless your email client forces it. - -- [Mika Suomalainen](https://mkaysi.github.com/) || [gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728](http://mkaysi.github.com/PGP/key.txt) || [Why do I sign my emails?](http://mkaysi.github.com/PGP/WhyDoISignEmails.html) || [Please don't send HTML.](http://mkaysi.github.com/articles/complaining/HTML.html) || [Please don't toppost](http://mkaysi.github.com/articles/complaining/topposting.html) || [This signature](https://gist.github.com/2643070) || -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPvQlZAAoJEE21PP6CpGcoNvwP/jA1dwWm1pv2gghrl6t+IiGz 1t+WXjHzr732/cnvXsWIKeyHzAYQ1NrcArrET4LMzJXDeaaqDQLRVIezTm0hgo0Y kE1En7Cti+Q1AVxM6Zj606q1ATKMvzPPTOnHk3ZF3b9e4Ipt2h4FKgkIt6jW4yeg 0hl0yDR2CudpPR81JjjzMvSaGqRQnoJKFRmrEdxH2wWXY/GP1HsPFPuSnFwb0mY4 VDAHqWLY+a7LrKJDI53hQTsQAGZtbRIslPKNBvnAICX3Zsao3V9SnRReqngIiSu5 YX3HJhKWTEzU2roZ4PPqeyPJW9j4a350HsFz7m8FT76S7L77e3Rd4nWcnP/qIYgQ kEQTH/LZjkaVYPkbh2Sa94NXuDDUH/GryDFJLy3x4Gas5p7K9ZB1TJARm9plveeV qJeHYRNsUexoktPY6idVyAV0mltoCgkwTYRwToz6HIxCMFSfhSSPFcbcVd0ovWDG RtS7BVrRgDQrNb/yvTz4/7KFjeSD1KdCXSpe6qQqh7umtoxy+U/lUEEQzEFa6Jru +b5tvL7syxlTOy/+Qk9y/0NXBCo3CiYQe5KJqkmtZn0CmOzcv6BeJeqW5E1ax7ju 8LOso5mQycghBwaQ1WcnGcioPJLuygiHWgCE93bHbPPj55NBAkudnLWSrx3gveJL s+ZgGCp8YfZvQvtwdXEc =eBwo -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Testing GPG EMail encryption AKA PGP/MIME
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 23/05/12 16:54, Werner Koch wrote: On Wed, 23 May 2012 17:35, mika.henrik.mai...@hotmail.com said: On 23.05.2012 12:56, Steve wrote: I think we had the PGP/MIME vs inline discussion already. I am using PGP/MIME in this email. Can you verify my signature on this email? You can find link to my public key in my signature. Sure: [[PGP Signed Part:Good signature from 4DB53CFE82A46728 Mika Suomalainen (trust undefined) created at 2012-05-23T17:35:40+0200 using RSA]] Salam-Shalom, Werner Hi Verner, I've had your key for ages - so why not attach it? David - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPvQ20AAoJEOJpqm7flRExbMkH/jOiHf9n76WrKXBmyWmp6cx4 ICXNF2ijkNrFmKE08v7E9zW9DpropD94mtIrtnuiLRMKKnwcMBxz7YnJNYNllOwr Ef278lwE6cfWJ/KXSRvFrrigZbkywyw2pfXDME7mElFqIJg8uvvT5Akl581Y7TXj 4vzbcQ2B8EELQUsK9QyBiaVmL4+VLPSEvp4Pq9N0D9I+C0BDjlMX8k+4//TdBj+j p8qfSBM1oIGTwXLOhCz9p/E0q8C6SH3//e6LYqu/mY0MxNNzxgKo7v8X3ECDnL0d f40WO36cP1XSzZInkhnmjHS1sWkXv1iq4zXVxrini7jtwX1DuOWcVYLod4BDK/4= =JXUz -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Draft of nine new FAQ questions
I have a draft version of nine frequently asked questions ready for community review: http://keyservers.org/gnupgfaq.xhtml Note that this draft is in nicely-typeset XHTML5. This is to make it easier to proofread. The final version that I'm going to submit to Werner will be in plain text, so please, no suggestions about fonts, visual design, layout, or anything else like that. Any and all feedback (save for visual design, layout, etc.) will be gratefully accepted. Thank you! ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Testing GPG EMail encryption
On 5/23/12 11:38 AM, Mika Suomalainen wrote: Why to move it to Enigmail list? According to American legend, a journalist once asked the infamous bank robber John Dillinger why he robbed banks for a living. Because that's where the money is, he said. Why should a discussion about Adele move over to the Enigmail list? Because Enigmail runs Adele, has the source code for it, and the people who are responsible for it are all over there. I'm not sure that all the involved people are on this list. A discussion about Adele that involves all the Adele people should probably go over to Enigmail, because that's where Adele and the Adele maintainers are. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Draft of nine new FAQ questions
On Wed, May 23, 2012 5:18 pm, Robert J. Hansen wrote: I have a draft version of nine frequently asked questions ready for community review: http://keyservers.org/gnupgfaq.xhtml for me the first should always be what is gnupg ? regards mick -- keyID: 0x4BFEBB31 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Testing GPG EMail encryption
Hey David et all, first: GPGTools Installer does indeed contain Enigmail and allows installation. Not sure if it has the latest version since Mozilla's crazy versioning means lots of maintenance and we couldn't find a way to automate including new Enigmail versions. Also not sure if it is smart to include it in the future. We'd have to find some smart mechanism to deal with updates. David, which list are you referring to? GPGTools mailing list? If so, I'm not so sure what you write is correct. Can't recall anybody ever was told to shove off. We had the Inline vs. GPG/MIME discussion in the GPGTools Project and have made a decision for PGP/MIME since we believe that it is the future and is a documented standard. If mailing-list software has issues it is at the devs of that software to step up and continue development of their software. The fact that Werner even wrote a patch which seems to have been ignored is even more frustrating. If Enigmail encounters problems with mails encrypted with GPGTools, we'll be happy to work things out with Patrick from the Enigmail team. And I know that the GPGTools project was in direct contact with him. So I don't really see the drama. Let's try to be constructive and solve problems. Not cause some where there aren't any. And as always: feel free to write a patch. :) 3 steve Signierter PGP Teil Why to move it to Enigmail list? That email which you quoted doesn't have mention Enigmail. As far as I know, GPGTools doesn't even include Enigmail. Yup and I was on there list too - and effectively told to shove off when I pointed out errors in enigmail - they don't like testing and error reporting - so kfuc em signature.asc Description: Message signed with OpenPGP using GPGMail ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Testing GPG EMail encryption
On Wed, 23 May 2012 12:30:54 +0300 Mika Suomalainen mika.henrik.mai...@hotmail.com wrote: Hello Mika, I cannot verify your signature, because you use PGP/MIME and this mailing list uses mailing list software which somehow messes up with headers and makes PGP/MIME signatures unverifiable. Robin's sig verifies okay here. As do most(1) of the sigs I come across in any mailing list. Most of the lists I subscribe to are run on mailman. BTW. Or have I missed your meaning? (1) Occasionally one doesn't verify, but that's always been because of an error introduced elsewhere, not by mailman. -- Regards _ / ) The blindingly obvious is / _)radnever immediately apparent Life's short, don't make a mess of it No Time To Be 21 - The Adverts signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Testing GPG EMail encryption AKA PGP/MIME
Mika Suomalainen 4fbd03cb.1070...@hotmail.com May 23, 2012 12:38:40 PM wrote: I am using PGP/MIME in this email. Can you verify my signature on this email? You can find link to my public key in my signature. Good signature from Mika Suomalainen mika.henrik.mai...@hotmail.com Key ID: 0x82A46728 / Signed on: 5/23/12 11:35 AM Key fingerprint: 24BC 1573 B8EE D666 D10A AA65 4DB5 3CFE 82A4 6728 Charly Mac OS X 10.7.4 (11E52) MacBook Intel C2Duo 2GHz MacGPG2-2.0.17-9 - Thunderbird 12.0.1 Enigmail 1.5a1pre (20120521-2224) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Draft of nine new FAQ questions
On Wed, May 23, 2012 at 05:34:16PM +0100 Also sprach michael crane: for me the first should always be what is gnupg ? I believe these nine new FAQ entries are to be added to the existing entries to provide additional information regarding keysizes specifically. They are not comprehensive, and general discussion of GnuPG and its purpose is covered in the existing FAQ. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Draft of nine new FAQ questions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 23/05/12 17:34, michael crane wrote: On Wed, May 23, 2012 5:18 pm, Robert J. Hansen wrote: I have a draft version of nine frequently asked questions ready for community review: http://keyservers.org/gnupgfaq.xhtml for me the first should always be what is gnupg ? regards mick I too felt that there was something missing. This whole topic got kicked off by some one questioning the strength - the security of keys. No other contribution from the original poster has been made - may be he disappeared. Anyway I felt that there was something missing - and that's a write of gpg 1.4.11 version 2's an add-on and only needs a few words. Needs to be more informative - authoritative and a bit more on the maths :) David - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPvS+4AAoJEOJpqm7flRExmeEH/jndZrwunmnYQqvfxkdS16YH GNJvRh7MmcAMSjBuB543aveRFjf+yl1tOcLrXVA3uO1/ktW6grHWrLJZ06W+U9Sv h9CEHie+wGmNqs0qgBRYMp8cJvoPpJSO6P2EV4ZdmTORRs4ETI5B7CVKq7bnK3qL MR4+QvlsomwokWJjSSFmPOcWA2+TxsyCj/I41Hz0bI8iNnmyDqkHFmPleiIiRUef uKgJtezNg/SHHIYEUuu0QeBMlNwtFv1J4kuWteVxbCO70EN3lnSyWNIIQxuUQAJS SsEzCaDo/M6dsHs44MdZiXWv4Wa8oIPUwD01zyO8o6IvQXI1X/IoQC1ySdzvVOc= =GAGl -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Testing GPG EMail encryption
On 5/23/12 3:07 PM, da...@gbenet.com wrote: Now I have 3 Linux Laptops. I started testing Linux distros with gpg2 - enigmail with Thunderbird - all 100 per cent Openpgp failed to initialise with pgp2 and in fact Openpgp always signed to my private key not my public key when using percipient rules. Here is a list of main Linux distros which all fail to initialise pgp2: As you were told on the Enigmail list, thousands of people have found that GnuPG 2 works well with Enigmail on Linux. I demonstrated this to you by sending to the list a correctly-signed email written on an Ubuntu 12.04LTS system using GnuPG 2. If you're having troubles getting Enigmail to work there are many people who are willing to help you. However, talking about how GnuPG 2 is completely broken on Linux, and how Enigmail is clearly too buggy to use, and everything else, is not exactly constructive. GnuPG 2 works just fine for the overwhelming majority of Linux users. I don't know what your particular problem is, but it can likely be resolved. Be warned - any encryption done will be to your private key and not to your public key. Enigmail may fail to initialise (gpg2). If it were encrypting to the private key, this would be a digital signature. That's what a digital signature is -- an encryption operation using the private key. I don't understand your complaint. If you're saying Enigmail will sign emails, well, yes, it's designed to do that -- but I don't think that's what you're trying to say here. There is no compatibility in above Linux distros with Enimail/Openpgp and gpg2 - you are best advised to stick with gpg (GnuPG) 1..4.11. I have been using Enigmail with GnuPG 2.x for literally years, and over that time I have had no trouble interoperating with people using other Linux distros or even entirely different operating systems. This is the first time in all my years of using Enigmail that I have heard anyone tell me that Enigmail's output is not interoperable with other systems. This is not to say that you're not having trouble with Enigmail -- far from it! -- but claiming there is no compatibility is a fairly extreme claim, and I'm going to need to see some supporting evidence. Now testing with a fellow Linux user revealed that if you have both gpg 1.4.11 and gpg2 installed you don't get any problems. So I can only conclude that gpg2 is an add-on widget to gpg 1.4.11 - gpg2 only recognises gpg 1.4.11 commands. GnuPG 2 is not an add-on widget to GnuPG 1.4. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Draft of nine new FAQ questions
On May 23, 2012, at 12:18 PM, Robert J. Hansen wrote: I have a draft version of nine frequently asked questions ready for community review: http://keyservers.org/gnupgfaq.xhtml Note that this draft is in nicely-typeset XHTML5. This is to make it easier to proofread. The final version that I'm going to submit to Werner will be in plain text, so please, no suggestions about fonts, visual design, layout, or anything else like that. Any and all feedback (save for visual design, layout, etc.) will be gratefully accepted. Thank you! Very nice work. I have just three minor notes: #1 explains why we default to 2048-bit keys, but not why RSA. What NIST stated about key strength is true for any 2048-bit OpenPGP key (DSA or RSA). The reason why we switched to RSA in 2009 was mainly for reasons of being able to use a larger primary key. DSA was inherently capped at 1024 bits (and a 160-bit hash), and while DSA2 existed (so we could theoretically have used a 2048-bit DSA key instead of RSA), it was not nearly as widely implemented across the OpenPGP user base as RSA was. The answer you have for #4 is not exactly wrong, but it is not complete. GnuPG doesn't support 4096-bit keys just because PGP (the product) does. It also supports a range of key sizes because OpenPGP (the standard) does. And it also supports a range of key sizes because people want/need them (local policy for key length, for example, as you note in the answer to #3). GnuPG is a powerful and flexible tool, and that includes the power and flexibility to do things that are not necessarily recommended by the GnuPG developers. For #10, it might be worth mentioning something about the use of different hash lengths (q) for the different DSA sizes. The two sort of go hand in hand. Or for that matter, perhaps a question #11 How come my signatures from my 2048-bit DSA key use a different hash than those from my 1024-bit DSA key? would be interesting. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: There may be more to security than password length, or even its complexity.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Http://xkcd.com/538 :-) -BEGIN PGP SIGNATURE- Version: APG v1.0.8 iQI7BAEBCgAlBQJPvPDuHhxNdXN0cnVtIDxNdXN0cnVtQE11c3RydW0ubmV0PgAK CRBMuv2GX9WDnv71EADJYr8hgWu/5yGnKgrYHhE/w+uxieCAAtIlZDvXxHKKVFGC MC1xVgeYeksvM8fNL4RPMCs5ttsi1uA0OUax6jGxUg7WrGYBjcPhie5tiMfcIUjS nixGxsLu05PWlC/kH4vYF1dlRM2hVucokLck4MoCP/JqXsCMMmV0saw55sXl6bqq X2prtZegMXNGZ3ZlsOalvV2kPhKorbtvMqKW4p/M+de59eQC7bvV/boyL8HxzHR0 rCYf6e1vDqtoVaE0l0nDipbi7erKHNbcc62/g+WsvXleY0OEY4Uf9QBMgdyt+h/y d8LuYO7Hai4z5TA+FRrouP+ENiFyw2u8ddUl1IfiF3+OIh/z41tEQoWTM9fU0LC6 tjYIbodcLS/Vj4dTCKk8ppsj41EIW1AFEqnKXTpJppBroUeqs12WTCUQEv3V5PRu Js4xUyL4T2Qt5m/F06cgPLu2zcOSZ/60D0UvdqF5/dhZHxkK9/c9XnE5m7Xu/X3r 9JXmrrIMBP4p+dfRbrwrpiqLmdtDjPKzzO86Bta8UIBjxFD47nWEjstKwELk0R1w hnVSCUYQwdjTSdtL4eSXW+m+LlAOTVzsTevICODpomXuthLJ2/fQVwbbQCrEMSbb LaGFc67sNDk7CgIav8AZksBSJm8RToxchbF9MF8SBq19iBTft5ehPuiYJMkWkg== =fvwJ -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Draft of nine new FAQ questions
On 5/23/12 4:12 PM, David Shaw wrote: #1 explains why we default to 2048-bit keys, but not why RSA. Fixed, thank you. The answer you have for #4 is not exactly wrong, but it is not complete. GnuPG doesn't support 4096-bit keys just because PGP (the product) does. It also supports a range of key sizes because OpenPGP (the standard) does. I don't want to seem argumentative (especially because I haven't looked at the RFC lately), but I was under the impression the RFC was mostly silent on the subject of algorithms and key sizes -- DSA being a MUST algorithm, but little guidance beyond that. Am I in error? (That said, the text has been fixed: thank you.) For #10, it might be worth mentioning something about the use of different hash lengths (q) for the different DSA sizes. The two sort of go hand in hand. Or for that matter, perhaps a question #11 How come my signatures from my 2048-bit DSA key use a different hash than those from my 1024-bit DSA key? would be interesting. Added. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Draft of nine new FAQ questions
On May 23, 2012, at 4:45 PM, Robert J. Hansen wrote: I don't want to seem argumentative (especially because I haven't looked at the RFC lately), but I was under the impression the RFC was mostly silent on the subject of algorithms and key sizes -- DSA being a MUST algorithm, but little guidance beyond that. Am I in error? The fact that RSA can have different key sizes is clearly stated, since you need that information to interoperate, and that's what I was referring to. I don't mean to say that one of the several reasons GnuPG supports 4096-bit keys is because the OpenPGP spec says they are better. I mean to say that one of the several reasons GnuPG supports 4096-bit keys is because the OpenPGP spec says they *exist* (there is some implementation art here - we don't support 8192-bit keys even though they obviously exist as well). The way you stated it in the revised FAQ covers this very well. The standard is indeed mostly silent on the topic on why you would *want* to pick a particular key size over a different key size. That is appropriate for a message format document - it's not really taking sides. Pretty much all it says is to be careful and notes that 4096 was the common limit at publication time: * OpenPGP does not put limits on the size of public keys. However, larger keys are not necessarily better keys. Larger keys take more computation time to use, and this can quickly become impractical. Different OpenPGP implementations may also use different upper bounds for public key sizes, and so care should be taken when choosing sizes to maintain interoperability. As of 2007 most implementations have an upper bound of 4096 bits. For #10, it might be worth mentioning something about the use of different hash lengths (q) for the different DSA sizes. The two sort of go hand in hand. Or for that matter, perhaps a question #11 How come my signatures from my 2048-bit DSA key use a different hash than those from my 1024-bit DSA key? would be interesting. Added. Excellent. One note on the new text - it states that 2048-bit DSA keys use a 224-bit hash. In fact, a 2048-bit DSA key can use either 224 or 256-bit hashes. GnuPG uses 256 here (but will of course accept a 224 generated elsewhere), so we're either using 160 or 256 unless someone forces 224 by picking an odd DSA key size like 1536. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Draft of nine new FAQ questions
Am Mi 23.05.2012, 12:18:49 schrieb Robert J. Hansen: I have a draft version of nine frequently asked questions ready for community review: http://keyservers.org/gnupgfaq.xhtml The reason I suggested a FAQ addition is not covered :-) At least not by the headlines. There should be a paragraph Why does GnuPG not support more than 4096 bits?. @ Why does GnuPG use 2048-bit RSA by default?: Does the g10 smartcard not count as a reason for RSA default? @ Has GnuPG ever been successfully attacked? That sounds like there has never been a security problem. El-Gamal signatures, anyone? Furthermore: http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Draft of nine new FAQ questions
On Wed, 23 May 2012, Robert J. Hansen wrote: . . . I have a draft version of nine frequently asked questions ready for community review: http://keyservers.org/gnupgfaq.xhtml Any and all feedback (save for visual design, layout, etc.) will be gratefully accepted. Thank you! Here FWIW are some kindof stylistic suggestions, following some standard types of phrasings I have found useful to minimize confusion when communicating with people from varied or unknown linguistic backgrounds. Changes are identified by *** foo ***. Interestingly, good rather than loose grammar often seems to be more understandable by people who learned English in non-USA schools, since they often learned by a book which taught by grammar. (Cf eg my ***ever to be*** below.) Also, just to mention, best to avoid smart apostrophes/quotes in the final version, naturally, right? And maybe most contractions. ---re #1: Why does GnuPG use 2048-bit RSA by default? ***This question can be separated into two questions: Why ... by default?; and Why ... by default?*** This is actually two separate questions in one: why does GnuPG use 2048-bit keys by default, and why does GnuPG use the RSA algorithm by default? ***The answer to the first question is that GnuPG NIST's current position (as of May 2012) is that software providing 112*** With respect to the first question, GnuPG uses 2048-bit keys in order to comply with the current (as of Spring 2012) recommendations of the United . . . ***The answer to the second question is that GPS uses RSA rather than DSA mostly*** With respect to the second question, GnuPG uses RSA over DSA mostly . . . ---re #3: Why doesn't GnuPG default to 4096-bit RSA? . . . ***If a 2048-bit key were ever to be ... to advocate that RSA be Against what we assume would take a breakthrough of great significance, [magnitude is a size word, might confuse someone roughing out a translation about key size]*** If a 2048-bit key were to ever be successfully attacked, that would be enough to advocate RSA be abandoned completely. Against a breakthrough of that magnitude another few thousand bits of key would likely make no difference. . . . the shift to 3072-bit keys gives little additional resistance, and 4096-bit keys ***give*** an even smaller addition ***GnuPG is not for only desktop or laptop computers.*** GnuPG is not just for desktops. It has been successfully ported . . . 2048-bit RSA is believed safe until 2030, which exceeds the needs of most GnuPG users. If for some reason a longer duration is needed***,*** a 4096-bit key may certainly be generated and used, ***. But***but the defaults are meant to be appropriate for the majority of users ***and*** not for specialized or niche security needs. ---re #5: Is RSA-2048 really enough? ***start 2nd sentence : And other organizations to whom encryption is important (such as RSA...*** [The world changes, and maybe an explicit endorsement might not be so appropriate tomorrow, but embarassing or similar to change then. Just mentioning them is an implicit endorsement, IMHO of course] According to NIST, yes. Further, other well-respected organizations (such as RSA Security) have publicly supported NIST's recommendations. . . . key recommendations have been superseded by those in Practical Cryptography, which, to repeat, says ***replace says with estimates*** RSA-2048 will be sufficient until the mid-2020s. ---re #6: Can any of the ciphers in GnuPG be brute-forced? . . . ***In terms of current scientific understandings, the symmetric ciphers used in GnuPG are utterly*** The symmetric ciphers used in GnuPG are utterly immune to brute forcing. The Second Law of Thermodynamics places strict . . . --re #7: Has GnuPG ever been successfully attacked? We are unaware of any successful cryptanalytic attacks against GnuPG. However, it is still susceptible to non-cryptanalytic attacks such as malware, unauthorized physical access, ***social engineering attacks,*** and other such things. ---re #8: Should I use PGP/MIME or inline OpenPGP for my emails? Unfortunately, there is no clear answer. ***move for instance from the end to the start of the 2nd sentence*** PGP/MIME has some distinct advantages over inline email. It handles attachments automatically, for instance. It also separates the signature from the document, which many people prefer over . . . ***Mail servers further confound things. As a general tactic against malware, any mail servers will strip off, alter, ... {and delete as an anti-malware measure from end of sentence]*** Mail servers further confound things. Many mail servers will strip off, alter, or quarantine attachments as an anti-malware measure. This has the effect of breaking PGP/MIME. For many years GNU Mailman mailing-list software mangled PGP/MIME attachments in ways that broke signatures. These ***replace these with Some*** old Mailman installations ***like that*** still exist today.
Re: Draft of nine new FAQ questions
On 5/23/12 6:50 PM, reynt0 wrote: Also, just to mention, best to avoid smart apostrophes/quotes in the final version, naturally, right? Not a whelk’s chance in a supernova. Those aren’t smart quotes, they’re perfectly valid UTF-8 typographic marks. Straight quotes and 'straight apostrophes' are artifacts of the typewriter era, where there was simply not enough space on the keyboard to provide proper typographic marks. If you read a book, you’ll discover they pay attention to things like ligatures, kerning, proper typographic marks, and all manner of other things. Centuries of use have shown that these marks make text easier to read. The final version that gets submitted to Werner will by necessity be plain text, and that will probably get downshifted into dumb typewriter markings. But so long as I’m going blind on it, reading those rows of text again and again and again, I’m going to pay attention to the typography. I encourage anyone who’s writing web pages to abjure dumb typewriter markings. In the UTF-8 era, there’s absolutely no reason why any of us should have to put up with them. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: There may be more to security than password length, or even its complexity.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mustrum wrote: Http://xkcd.com/538 :-) I like that. It may be my passphrase is too long. I want it easier for the black hats to crack my stuff than for them to torture my passphrase out of me. I recently tested a (retired) password to my computer out on a couple of web sites that told my how hard it would be to crack it. One of them said more than 10 million years. I guess that one is good enough, though my current ones have two more characters. Maybe I should shorten them. - -- .~. Jean-David Beyer Registered Linux User 85642. /V\ PGP-Key: 9A2FC99A Registered Machine 241939. /( )\ Shrewsbury, New Jerseyhttp://counter.li.org ^^-^^ 20:45:01 up 33 days, 14:22, 3 users, load average: 4.61, 4.57, 4.54 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org/ iD8DBQFPvYVKPtu2XpovyZoRAhhLAKDBF0JRi2IErOHUIeIWiRh/f1e6/wCfSehd 4VK5VllC9uXNHKz33TSlowc= =82DQ -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users