Re: How do I make the private key on a OpenPGP smartcard non exportable ?

2013-06-19 Thread Henry Hertz Hobbit 
On 06/19/2013 03:21 PM, Heinz Diehl wrote:
> On 18.06.2013, NdK wrote: 
> 
>> If the key is generated on-card, you have no way to backup it. No need
>> for "unexportable" flag: simply there's no command to export it.
> 
> And if the key is generated off-card and properly moved to the
> smartcard afterwards, there's no way to export it either. It's only
> the stub which points to the smartcard left on disk.

Is the original poster still there?  I was going to write and decided
it was wiser to wait for these responses which I almost knew were
coming.  Try the backup from GPA's menu.  I doubt you will get anything
that can be exported. If you get a backupg.gpg (or similar), then try
importing your secret keys onto a second system with GPGWIN installed.
If all that flies (you were actually able to do a --export of your
private keys despite these two people's responses to the contrary
and then are able to do a --import on the second system) then try
these tests:

1. Make a detached signature of a file on system one (with
   OpenPGP card).  Copy the base file and the signature file to
   system two and see if it verifies.

2. Sign on second, copy to first, and see if it verifies on first.
   IOW, reverse of previous.

3. Enciper a file using public-key of said key you supposedly
   was able to import on either of the system.  By that I mean a
   public-key enciphering, not just a symmetric cipher, e.g.:
   http://www.securemecca.com/public/GnuPG/pcrypt.txt
   Copy the public-key enciphered file to the other system.
   Flash drive, et al.  Decipher it on the other system.

I don't think your tests will work.  In fact I don't believe you
will even get to these three tests.  What is the advantage of using
the OpenPGP key and having a public-key enciphered file over a
symmetric enciphered file?

Symmetric Enciphered:
=
Let's say your machine gets infected.  Let's also suppose that a
key logger has been installed.  I can assure you that most malware
today either has a mini key-logger as part of the initial install
or a key-logger can be downloaded and installed.  Actually, most
malware will almost do it automatically.  I have over 10,000
malware to back that statement up.  Either the key-logger got
the password to encipher the enciphered file or they saw it when
you temporarily deciphered the file.  So now all the hackers need
are either the plain-text file or the enciphered file and to know
what created the enciphered file.  But even if all the hackers
have are the enciphered file and the pass-phrase they are now
only one step away.

PeskySpammer has even installed SMTP agents on tens of thousands
of Microsoft Windows machines, one of which was at RIPE, one
more at ICANN, and one at Yahoo.  The hackers have your
file and its name alone or what is in the file header reveals
what was used to create the enciphered file.  Within a few minutes
they will have a deciphered file. The only thing that can protect
you is to NEVER encipher or decipher the file while the key-logger
is there and to never have the deciphered file available.  But
once they have the enciphered file and know the password to decipher
the file the game is over and you have lost.

OpenPGP Public-Key Enciphered:
==
All the same things hold.  Assume they know the key's pass-phrase.
They can also pull down the enciphered file.  But you cannot just
copy the keys since an OpenPGP card doesn't have a file system.
If you cannot --export the secret-keys then the hackers will never
get them.  FOILED!  The hackers have no choice but to move on
or set some sort of trigger that knows when you decipher the
public-key enciphered file.  The longer you let the unenciphered
file hang around the more likely it is to fly the coop.  So
even if the hackers know the pass-phrase (assume they do) and
have the public-key enciphered file, they can NOT decipher the
file.

Now do you see the difference between a symmetric enciphered
file and a public-key enciphered file where the OpenPGP keys
are on an OpenPGP card?  Just don't let the unenciphered file
hang around any longer than normal.  Do not just delete the
unenciphered file - securely erase it when you don't need
it.  If you need higher security use an OS which has moderately
more security (Linux) or even higher security (OpenBSD) with
an OpenPGP card to hold the keys.  Every layer of defense you
add encourabes the hackers to move on in search of an easier
target.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How do I make the private key on a OpenPGP smartcard non exportable ?

2013-06-19 Thread Heinz Diehl 
On 18.06.2013, NdK wrote: 

> If the key is generated on-card, you have no way to backup it. No need
> for "unexportable" flag: simply there's no command to export it.

And if the key is generated off-card and properly moved to the
smartcard afterwards, there's no way to export it either. It's only
the stub which points to the smartcard left on disk.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: cleartext signature: digest determination

2013-06-19 Thread David Shaw 
On Jun 19, 2013, at 8:19 AM, Hauke Laging  wrote:

> Hello,
> 
> in RfC4880 I read this:
> 
> https://tools.ietf.org/html/rfc4880#section-7
> 
> «If the "Hash" Armor Header is given, the specified message digest
> algorithm(s) are used for the signature.  If there are no such headers, MD5 
> is 
> used.»
> 
> That doesn't make sense to me. I checked a cleartext signature with 
> gpg --list-packets and got this:
> 
> :signature packet: algo 1, keyid 4CB66C1B33FB59FC
>version 4, created 1364174035, md5len 0, sigclass 0x01
>digest algo 2, begin of digest a1 0d
>hashed subpkt 2 len 4 (sig created 2013-03-25)
>subpkt 16 len 8 (issuer key ID 4CB66C1B33FB59FC)
>data: [4093 bits]
> 
> This looks like a normal signature packet to me, and it does contain the used 
> digest algo. So why should it be necessary to write the used digest into the 
> cleartext part? Is that a compatibility issue with older OpenPGP versions? 
> Usually that is mentioned but not in the text I quoted.

It's an ordering issue.  Cleartext signatures are designed to be able to be 
read in a single pass - thus the need for the Hash header at the beginning of 
the document, so the receiving program doesn't have to read to the end, find 
out what hash is in use, then jump back to the beginning to actually hash the 
document.

David


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

cleartext signature: digest determination

2013-06-19 Thread Hauke Laging 
Hello,

in RfC4880 I read this:

https://tools.ietf.org/html/rfc4880#section-7

«If the "Hash" Armor Header is given, the specified message digest
algorithm(s) are used for the signature.  If there are no such headers, MD5 is 
used.»

That doesn't make sense to me. I checked a cleartext signature with 
gpg --list-packets and got this:

:signature packet: algo 1, keyid 4CB66C1B33FB59FC
version 4, created 1364174035, md5len 0, sigclass 0x01
digest algo 2, begin of digest a1 0d
hashed subpkt 2 len 4 (sig created 2013-03-25)
subpkt 16 len 8 (issuer key ID 4CB66C1B33FB59FC)
data: [4093 bits]

This looks like a normal signature packet to me, and it does contain the used 
digest algo. So why should it be necessary to write the used digest into the 
cleartext part? Is that a compatibility issue with older OpenPGP versions? 
Usually that is mentioned but not in the text I quoted.


Hauke
-- 
☺
PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04)
http://www.openpgp-courses.org/


signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg --fingerprint show only fingerprints and nothing else?

2013-06-19 Thread adrelanos 
Peter Lebbing:
> On 19/06/13 00:10, Hauke Laging wrote:
>> gpg --with-colons --fingerprint | awk -F: '$1 == "fpr" {print $10;}'
> 
>>> when the output ever changes
>>
>> It won't (it's designed not to change).
> 
> At the risk of sounding pedantic, let me point out that the output you get 
> with
> --with-colons is designed not to change. --with-colons is an option added
> precisely because the output without that option might change and break 
> scripts.

Thats awesome! Thank you both!

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg --fingerprint show only fingerprints and nothing else?

2013-06-19 Thread Peter Lebbing 
On 19/06/13 00:10, Hauke Laging wrote:
> gpg --with-colons --fingerprint | awk -F: '$1 == "fpr" {print $10;}'

>> when the output ever changes
> 
> It won't (it's designed not to change).

At the risk of sounding pedantic, let me point out that the output you get with
--with-colons is designed not to change. --with-colons is an option added
precisely because the output without that option might change and break scripts.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users