Re: GnuPG 2.1 Windows 7, pinentry does not allow paste, no way to bypass?
On 04/06/12 05:50, yyy wrote: So, if one is incapable of remembering strong passwords (passphrses), this forces them to use either useless passphrase (breakable in less than 5 min using dictionary) or use no passphrase at all. Or use a smart card. BTW, with regard to remembering passphrases, the comic that has been mentioned more often here: http://xkcd.com/936/ Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.1 Windows 7, pinentry does not allow paste, no way to bypass?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03.06.2012 19:19, Hauke Laging wrote: Am So 03.06.2012, 07:46:41 schrieb L G: During command line decryption, pinentry opens a popup window for the passphrase. In the pinentry window, paste (Ctl+V) is not supported. Deal breaker. I read through the forums and could not find a way around this. man gpg-agent --no-grab Hauke Has Windows finally got man? :) - -- [Mika Suomalainen](https://mkaysi.github.com/) || [gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728](http://mkaysi.github.com/PGP/key.txt) || [Why do I sign my emails?](http://mkaysi.github.com/PGP/WhyDoISignEmails.html) || [Please don't send HTML.](http://mkaysi.github.com/articles/complaining/HTML.html) || [Please don't toppost](http://mkaysi.github.com/articles/complaining/topposting.html) || [This signature](https://gist.github.com/2643070) || -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Homepage: http://mkaysi.github.com/ Comment: gpg --keyserver pool.sks-keyservers.net 82A46728 Comment: Public key: http://mkaysi.github.com/PGP/key.txt Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPzH5vAAoJEE21PP6CpGcoztUQALCJHhYy32ezQ50rUZIPjocY 6qnQcNtVocT3hU2r4r01tNQ0KAv9/Swj0MqDo10t4imU9v7lBfVKrKPGCtSS8DCX /N51CdGNwi27PMMK+F7sAPXbRhLSetwSOju1uLr4KhoF3iA87FGVfzQ9xJ49I+9n gGs2AJtptysIvkZGy2GMVlz68mvM+MYB3U067sToxjW0kOoV29eNWN+7wFUM1JZn Jz9/on4+38kTx+h/t4ZebeExjxwZV0Fv6WcKMvhW8+uA1x3k4NJYmeKpducBCOYV y/AKt9WlFmTuxoBBF9M+sYNvKaiXeU6MKReFYLp5kSocEjoMDS/nxUzPQrWZgotP oQtAT8TPxtw6SYq8Gy3H3X5Bn0+EyfMj+OpnSqAzkyDafBQlXARfxjAU7UdRYfa0 GSXSWrKr9UzWqD78U4dAU+9cemj0WvM7hkPfQuGs2UIvxMS90FjGcIhphs0vw3KD 5jHZg6u/5ggu6X8BhITABYqdFO14FSzbaAViHuP8Vw00rKQGMZBdF/OKEog7xQnd fQZVY6HOMZ4c7CjSV7lu9DrRcPF7hBcby4UUmOMsTo9FjxpULkKepsp1SzhNDRWb GsEQp3+gWgTw4Q6Xp3kuzjXazq8K4FORFqF3Cl4rK2Xff6Hkt96cUEQ7ckS7ZrSD iEnlrXu2Lfw0OAbevf5c =/4/8 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.1 Windows 7, pinentry does not allow paste, no way to bypass?
On Sun, 03 Jun 2012 16:07:38 -0400 Robert J. Hansen articulated: On 6/3/2012 10:46 AM, L G wrote: During command line decryption, pinentry opens a popup window for the passphrase. In the pinentry window, paste (Ctl+V) is not supported. Deal breaker. Storing your passphrase in the clipboard is generally considered unwise and harmful. Your passphrase is a high-value secret: putting it on the clipboard makes it visible to every other process on your system (including malware!). Pinentry's refusal to support CP is not accidental or an oversight. It's a deliberate design decision meant to help shield you from malware, Trojans, and other skulduggery that people may use to discover your passphrase. It's fairly easy to hack the source to support CP. However, the last it was asked about on this list the answer was CP will not be supported and patches to enable CP will not be accepted. I believe that ClipCache Pro http://www.xrayz.co.uk/ can capture the passwords. It has been a long time since I had PGP on a Window's machine; however, I thought I use to do it with this utility. By the way, ClipCache Pro is the best text capture program I have ever used. I wish I could find something similar for *nix. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PGP interoperability
On 31/05/12 5:32 PM, Werner Koch wrote: On Wed, 30 May 2012 21:42, expires2...@rocketmail.com said: And shared the fact privately with Symantec? I heard that it is just a bug introduced by the marketing suits. The PGP library never dropped support for DSA2. Was there any explanation of why the marketing people dropped or wanted to drop the functionality? Regards, Ben signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
no password needed to export secret-keys?
Hi. When I use the command: gpg --armor --output document name --export-secret-keys KeyID shouldn't I be asked for the secret key's password before Export is allowed to complete? I've tried this on both Windows 7 and Ubuntu Linux and I'm never asked for a password. This doesn't seem secure to me. I would think that Export should not be allowed to occur until after the key's password is provided. Do I have something mis-configured? Can you explain how this is secure? Thanks for your assistance. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: no password needed to export secret-keys?
Am Mo 04.06.2012, 10:27:00 schrieb Sam Smith: When I use the command: gpg --armor --output document name --export-secret-keys KeyID shouldn't I be asked for the secret key's password before Export is allowed to complete? I've tried this on both Windows 7 and Ubuntu Linux and I'm never asked for a password. This doesn't seem secure to me. I would think that Export should not be allowed to occur until after the key's password is provided. Do I have something mis-configured? Can you explain how this is secure? The exported file is protected by the passphrase. That is similar to copying the secring. If you want the exported file to have a different passphrase then you have to (make a backup of the secring and then) change the passphrase (--edit-key), export the secret key afterwards and then either change the passphrase back or overwrite the secring with the backup. Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: no password needed to export secret-keys?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, On 04.06.2012 17:27, Sam Smith wrote: Hi. When I use the command: gpg --armor --output document name --export-secret-keys KeyID shouldn't I be asked for the secret key's password before Export is allowed to complete? I've tried this on both Windows 7 and Ubuntu Linux and I'm never asked for a password. This doesn't seem secure to me. I would think that Export should not be allowed to occur until after the key's password is provided. Do I have something mis-configured? Can you explain how this is secure? Thanks for your assistance. This would be a nice feature to have. If you don't receive any replies about this, you could report bug to Ubuntu about this and mark it as security problem. ubuntu-bug gnupg - -- [Mika Suomalainen](https://mkaysi.github.com/) || [gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728](http://mkaysi.github.com/PGP/key.txt) || [Why do I sign my emails?](http://mkaysi.github.com/PGP/WhyDoISignEmails.html) || [Please don't send HTML.](http://mkaysi.github.com/articles/complaining/HTML.html) || [This signature](https://gist.github.com/2643070#file_icedove.md) || [Please reply below this line](http://mkaysi.github.com/articles/complaining/topposting.html) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Homepage: http://mkaysi.github.com/ Comment: gpg --keyserver pool.sks-keyservers.net 82A46728 Comment: Public key: http://mkaysi.github.com/PGP/key.txt Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPzNMpAAoJEE21PP6CpGcoWHQQAMUWn89hMeDiiUEavbQaYBSb BuIxFN2a65jAq/TDLyYrqlwbndCTfwjZk3WSR34VhohxmJCnyqhIBZg/J9Ab/5n0 oCrB25GnxgoTZqirk4EqVT9n/vckcMUtzuu2Gb/RdqgzamEuSDoPCuGco0/iPwtg waqSHHUPOOslzvhkr6K70CVWjOOwT5R/5V2Cf1XLdOFd6gGkRQZU1qbuiZWMY7hI /tO22Ra7pu+gH3o1IDItoiuFNm96CfIMUb8hoREMJDXtyg0bvQrFFPCmplofPQsf LdD6Cz4Q1ju0M4jM7oSzi0BmkioZJjEeH+M/nP4pv6hPV/PPBBxLHnyc/EE3Ofk9 Y3I4QaxlTTtFdrmgo3RmN3ZiD798eLOeC6FX6NlEflJHEHLCcs+y4CG2+ss7Wqqe 1yW29DNRW1dHLEkTApFB7OV+6K5qbA7T1Ga6DsqgAk5ZAA5Z9F99HOTKTWk3EWmf nQ9waL+L3eDYhd4eEcRkaQZtwo2XGsNMEpTZMXZVoxk85F9x5ao/LfiT6kijkUb+ J4V5YQYCEinp39z+Fmrwmt5JZuHi0sxTAmvHX0saEScbcMKhXQC1+i+ufQviNBTn kIjy2GGKUUaSAnuWEpGyQfdaKjxdUHqWNS9rrgHHIRiAZv5FGbZgK0RMcqItUwR/ UfXzHifRiVTbLXQv4HgJ =oM3u -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: no password needed to export secret-keys?
On Jun 4, 2012, at 10:27 AM, Sam Smith wrote: Hi. When I use the command: gpg --armor --output document name --export-secret-keys KeyID shouldn't I be asked for the secret key's password before Export is allowed to complete? I've tried this on both Windows 7 and Ubuntu Linux and I'm never asked for a password. This doesn't seem secure to me. I would think that Export should not be allowed to occur until after the key's password is provided. Do I have something mis-configured? Can you explain how this is secure? The secret key is encrypted via your passphrase, so it is safe to export. GPG is just copying some bytes from a file on disk, and you could copy the whole file yourself via 'cp' just as easily. Still, you can do things with SELinux to prevent any process from reading the secret key file except GPG, and in that case, it might be reasonable to request a passphrase before exporting the key. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
no password needed to export secret-keys?
No, the exported file is NOT protected by the passphrase. If I export the key. And then delete my secret key from my keyring. And now Import what I exported, I am not asked for a password before the import is allowed to complete. That is, Anyone who gains access to my machine can export my secret key (no password required), take the product of the export to whatever computer they want and then import it (no password required). I do not see where the security lies. Thanks for the help. From: mailinglis...@hauke-laging.de To: gnupg-users@gnupg.org CC: smick...@hotmail.com Subject: Re: no password needed to export secret-keys? Date: Mon, 4 Jun 2012 17:22:05 +0200 Am Mo 04.06.2012, 10:27:00 schrieb Sam Smith: When I use the command: gpg --armor --output document name --export-secret-keys KeyID shouldn't I be asked for the secret key's password before Export is allowed to complete? I've tried this on both Windows 7 and Ubuntu Linux and I'm never asked for a password. This doesn't seem secure to me. I would think that Export should not be allowed to occur until after the key's password is provided. Do I have something mis-configured? Can you explain how this is secure? The exported file is protected by the passphrase. That is similar to copying the secring. If you want the exported file to have a different passphrase then you have to (make a backup of the secring and then) change the passphrase (--edit-key), export the secret key afterwards and then either change the passphrase back or overwrite the secring with the backup. Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: no password needed to export secret-keys?
Am Mo 04.06.2012, 11:56:22 schrieb Sam Smith: Please take care that you reply to the list. No, the exported file is NOT protected by the passphrase. If I export the key. And then delete my secret key from my keyring. And now Import what I exported, I am not asked for a password before the import is allowed to complete. That is, Anyone who gains access to my machine can export my secret key (no password required), take the product of the export to whatever computer they want and then import it (no password required). You obviously have a completely wrong idea what a passphrase is used for. A passphrase is (if used) needed for crypto operations which need the private key (the numbers). The passphrase just encrypts the key material, not the whole exported file. Importing and exporting are not crypto operations. If you want to prevent others from importing or exporting keys then prevent them from accessing the files (a very common IT task that is not related to GnuPG). Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: no password needed to export secret-keys?
On 6/4/12 11:57 AM, Sam Smith wrote: No, the exported file is NOT protected by the passphrase. Yes, it is. Try using the newly-imported secret key. :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problem: cannot generate / copy keys larger than 1024bit on my OpenPGP-compatible card
On Sun, 3 Jun 2012 20:17, ventur...@gmail.com said: By disabling the insternal driver I was able to able to generate keys up to 3072 bits on my v2 card using a SCM-335 card reader via pcsclite. That is a different problem than that with the Omnikey reader. In your case the permissions of the USB device don't allow you access. pcscd however runs as root and thus has no permission problems. Having a daemon running as root is not a good idea however. If you have an very old SCM-335 you should even use the internal CCID driver, because it has a workaround for the buggy USB stack in those old readers. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PGP interoperability
On Mon, 4 Jun 2012 10:49, b...@adversary.org said: Was there any explanation of why the marketing people dropped or wanted to drop the functionality? Maybe outdated technical specs which made it to the marketing dept. I don't know - you need to ask Symantec. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: no password needed to export secret-keys?
ah-ha. Thanks guys!! I tried to make a detached signature file with the imported key and it asked for password. I finally see what you guys have been telling me. Sorry I'm so dense :0 Yes, someone can export my secret key from my computer and then they can import my secret key into their computer. But to actually sign anything with my secret key they will have to know the password. This is great. So I see now that even if they can export and import my key they cannot use it. thanks again guys for educating me. Date: Mon, 4 Jun 2012 12:14:39 -0400 From: r...@sixdemonbag.org To: gnupg-users@gnupg.org Subject: Re: no password needed to export secret-keys? On 6/4/12 11:57 AM, Sam Smith wrote: No, the exported file is NOT protected by the passphrase. Yes, it is. Try using the newly-imported secret key. :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: no password needed to export secret-keys?
Okay. So being able to export without password is by design then. I don't have anything misconfigured. This makes it a trivial task to steal someone's secret key. All that's needed is access to the machine for a few seconds when no one is looking. I am not technically know-how enough to configure SELinux or app-armor. Does this mean there is no way to safeguard the Secret Key, other than the obvious of not letting anyone use my user-account? or is there any security measures that you guys use to protect secret key from being exported by someone else? From: mailinglis...@hauke-laging.de To: gnupg-users@gnupg.org CC: smick...@hotmail.com Subject: Re: no password needed to export secret-keys? Date: Mon, 4 Jun 2012 18:06:08 +0200 Am Mo 04.06.2012, 11:56:22 schrieb Sam Smith: Please take care that you reply to the list. No, the exported file is NOT protected by the passphrase. If I export the key. And then delete my secret key from my keyring. And now Import what I exported, I am not asked for a password before the import is allowed to complete. That is, Anyone who gains access to my machine can export my secret key (no password required), take the product of the export to whatever computer they want and then import it (no password required). You obviously have a completely wrong idea what a passphrase is used for. A passphrase is (if used) needed for crypto operations which need the private key (the numbers). The passphrase just encrypts the key material, not the whole exported file. Importing and exporting are not crypto operations. If you want to prevent others from importing or exporting keys then prevent them from accessing the files (a very common IT task that is not related to GnuPG). Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PGP interoperability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 5/06/12 2:47 AM, Werner Koch wrote: On Mon, 4 Jun 2012 10:49, b...@adversary.org said: Was there any explanation of why the marketing people dropped or wanted to drop the functionality? Maybe outdated technical specs which made it to the marketing dept. I don't know - you need to ask Symantec. Fair enough. Most people I correspond with use GPG, I'll worry about it if I ever have trouble with someone encrypting to my El-Gamal key. Regards, Ben -BEGIN PGP SIGNATURE- iEYEAREKAAYFAk/M7DgACgkQNxrFv6BK4xMSzQCfU/9j5BT30vntyY+gu4MTnT6a P7AAn1C26VYQVxeeYnDrKLVYNF4N2Kxg =ZucR -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: no password needed to export secret-keys?
On Mon, Jun 04, 2012 at 11:57:02AM -0400 Also sprach Sam Smith: No, the exported file is NOT protected by the passphrase. If I export the key. And then delete my secret key from my keyring. And now Import what I exported, I am not asked for a password before the import is allowed to complete. That is, Anyone who gains access to my machine can export my secret key (no password required), take the product of the export to whatever computer they want and then import it (no password required). I do not see where the security lies. Thanks for the help. The security lies in the fact that the key you are exporting and importing is itself encrypted. It is encrypted where it resides on your keychain, it is encrypted in the file you export, and it is still encrypted when you import it into another keychain. Adding a password requirement to --export-secret-keys would add a very marginal degree of security, because, as has been noted, anyone with access to your user account on the computer which hosts your keychain (i.e. someone who could presumably run gpg --export-secret-keys on your keychain) could just as easily cp the whole darn keychain; they STILL would not be able to use your key to sign or decrypt without knowing the passphrase of the key. The export command really just provides you with a convenient method of copying a specific key or keys from your keychain, instead of the whole thing. It is almost impossible (or at least not practical) to prevent someone with physical access to your computer from exporting or copying key data which is stored on your hard disk, so the key is always stored in encrypted form, so that even if it is copied, it cannot be used sans passphrase. If you are truly concerned about preventing the possibility that even your encrypted private keys may be copied, consider a solution such as the OpenPGP card, from which it is practically infeasible to export the keys at all. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: FAQ, take two
On 6/4/12 12:35 PM, Kevin Kammer wrote: Section 2.6: For Solaris 11, gnupg is also available via the default IPS publisher. The version Oracle provides is 2.0.17 vs 2.0.18 from OpenCSW, but it is worth mentioning as it may satisfy parties who are unwilling (or unable) to install via 3rd-party software sources. I am unfortunately Solaris-impaired: IPS publisher? If you could provide a sentence or two explaining this (preferably in the same general format/wording as the other sections), I'd appreciate it greatly. Section 4.11 Should almost certainly mention GnuPG integration with Evolution, which is still the default Gnome email client on many *nix distros. D'oh, yes. Although I don't know if they support inline signatures yet. I know they support PGP/MIME (rather obsessively) and that inline signatures have been a requested feature, but I'd need someone to confirm the status there -- as well as whether it supports GnuPG 1.4 or 2.0. Also, for Mutt, I believe I can help with some of the FIXMEs: Thank you! General comment: For users completely new to GnuPG (and encryption in general), the use of the related terms certificate and key throughout the FAQ may be confusing. Questions like What's a certificate? What's a key? and What's the difference? may deserve an explanation someplace. A good place might be in the Terminology section, which itself should perhaps appear earlier in the FAQ. A good point. I'll introduce it, but for now I'm going to leave the overall numbering intact -- reorgs should take place once the document is stable, not while there's still churn. :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: crypto games
On 6/4/12 2:37 PM, Johnicholas Hines wrote: 1. Are there any video games which are educational about public key crypto? I mean the best practices around use of modern crypto, not games focusing on break-classical-encryption puzzles. There are some serious problems here, not the least of which is there is no canonical set of best practices! There are at best a set of guidelines, many of which are in violent conflict with each other. If it was just a set of rules that had to be followed the field would be much easier, but as it is it's devilishly hard: the practitioner has to balance lots of tradeoffs in order to come up with a policy that maximizes the client's satisfaction. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: FAQ, take two
On Mon, 4 Jun 2012 18:35, lists.gn...@mephisto.fastmail.net said: require extensive manual configuration for it to work properly (but if you're using Mutt, you already know that). See http://wiki.mutt.org/?MuttGuide/UseGPG for configuration details. That is not true: Put set crypt_use_gpgme into the ~/.muttrc and you don't need any of the other configure options. Mutt must have been compiled with GPGME support. Check using mutt -v | grep +CRYPT_BACKEND_GPGME Debian builds with gpgme support. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PGP interoperability
On Mon, 4 Jun 2012 19:11, b...@adversary.org said: Fair enough. Most people I correspond with use GPG, I'll worry about it if I ever have trouble with someone encrypting to my El-Gamal key. Not for a compliant OpenPGP implemenations. From RFC-4880: Implementations MUST implement DSA for signatures, and Elgamal for encryption. Implementations SHOULD implement RSA keys (1). RSA Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: FAQ, take two
Robert J. Hansen 4fcc11f2.6050...@sixdemonbag.org June 4, 2012 4:22:54 PM wrote: [snip] Also, if there are any questions you feel are missing, throw them out too. Thank you! Section 4.7 How do I validate another person’s certificate? does not deal with what one should do once she/he has signed another person's certificate (after completing the validation process). I believe the etiquette is that the signed key block should be returned to the certificate's owner, for her/him to do what he/she deems convenient, e.g. upload it to a keyserver. The signer himself/herself should not upload the sign key block to a key server, or publish it in any other way, without the certificate's owner explicit authorization or request. That may be hair splitting and not etiquette, but I believe the issue should be clarified. I have had at least two of my certificates signed by someone with whom I had never gone through any kind of validation process, or even discussed the possibility of such a process. The person just signed my certificate and uploaded it to a keyserver. End of rant. Charly. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problem: cannot generate / copy keys larger than 1024bit on my OpenPGP-compatible card
Hi, Am 03.06.2012 17:45, schrieb Robin Kipp: However, as I'd much rather use 2048-bit keys, I guess I'll just have to sort things out with the retailer I got it from... Can you recommend another brand that produces readers which are easier to use? E.g. Gemalto or GD or anything in that direction. Thanks a lot! Robin I'm using a SCR335 USB Smart Card Reader and a Gemalto USB Shell Token V2 with 2048-bit keys. I haven't had any problems to use it with Linux or Windows. Cheers, Marco ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: FAQ, take two
On 6/4/2012 4:39 PM, Charly Avital wrote: I believe the etiquette is that the signed key block should be returned to the certificate's owner, for her/him to do what he/she deems convenient, e.g. upload it to a keyserver. I haven't found widespread belief this is a community norm. There's a vocal segment that believes one or more of this is a community norm, it must be a community norm, it is morally and/or ethically wrong if it is not a community norm -- but it's a segment, and doesn't seem to be shared by the whole of the community. The signer himself/herself should not upload the sign key block to a key server, or publish it in any other way, without the certificate's owner explicit authorization or request. By what right can I -- or anyone on this list -- claim the authority to declare what members of the community should or shouldn't do? I'm writing a FAQ, not establishing community norms. I don't mind writing the FAQ, but I do mind trying to impose norms. It's not something I'm comfortable with. (Besides. If I tried, people would laugh at me, and deservedly so.) It's reasonable to present the controversy, and I'll make mention of it in the next revision. That's as far as I'll go. Of course, ultimately Werner is the one who gets thumbs-up or thumbs-down on this -- if it's to someday become the official FAQ, then he gets final signoff authority. So if you disagree, feel free to pitch it to him, but you've heard my position on it. :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: FAQ, take two
Robert J. Hansen 4fcd629e.8010...@sixdemonbag.org June 4, 2012 10:38:58 PM wrote: [...] It's reasonable to present the controversy, and I'll make mention of it in the next revision. That's as far as I'll go. Fair enough, and thanks. Of course, ultimately Werner is the one who gets thumbs-up or thumbs-down on this -- if it's to someday become the official FAQ, then he gets final signoff authority. So if you disagree, feel free to pitch it to him, but you've heard my position on it. :) I agree to your position. Charly ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Decryption problems using php
Hello, Currenlty I am having problem with the decryption of the file my code is like this echo shell_exec(echo $passphrase | $gpg --passphrase-fd 0 -o $unencrypted_file -d $encrypted_file); when I checked using echo beforer executing it will shown as below passphrase|gpg --output /var/www/directory/directory/directory/Receive/BOEOD840053012142257187.xml --passphrase-fd 0 --decrypt /var/www/directory/directory/directory/Receive/BOEOD840053012142257187.pgp above command is executed correctly using putty but when I tried to use this command using php it is not working. I have set permission to the directory . But it seems it not working $gpg = '/usr/bin/gpg'; $passphrase = 'passphrase'; //$encrypted_file = 'foo.gpg'; //$unencrypted_file = 'foo.txt'; echo shell_exec(echo $passphrase | $gpg --passphrase-fd 0 $unencrypted_file -d $encrypted_file); Please assist me to work it correctly. I am facing such problems last 2 weeks. We are using ubuntu 12.04 LTS (GNU/Linux 3.2.0-24-generic i686). -- *Thanks regards,* ** *Amol Patil * *Custom**Soft* *+ 91 -- 020 - 3251 7794 * am...@custom-soft.com mailto:am...@custom-soft.com | www.custom-soft.com http://www.custom-soft.com/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users