Re: Encrypting File with passphrase
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 3/12/2014 9:07 AM, Kumar, Vikash X wrote: Hi Team, Could you please help me to understand the following query. We are using gpg encryption method for encryption and decryption in our application. We have generated the keypairs on server A and public key is imported on server B also a passphrase say Strange was provided while generating the key. Now I am trying to encrypt the file on server B using this public key, I am able to do so without any matter I pass the passphrase or not. So my ask is, if a key pair is generated with passphrase it won't restrict the encryption incase incorrect passphrase or no passphrase is passed? Also I was able to encrypt the file on server B by providing any random passphrase, but decryption is possible with correct passphrase only. The passphrase is only used to encrypt the private key so that even if someone gets ahold of your private keyring, they still can't use it. You can skip the password if you want, and that makes as much sense as writing the password down in a script that will be automatically using the private key to decrypt. Encryption only uses the public key, hence there is no password. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTIwsfAAoJEI5FoCIzSKrw5tAH/ih7zw3gm5/YL4Lmf3OePDWN XNpk18RCN2RNdmTSOWV6QZa/b4yt7C8Il95L9F4JwKLhnPrdl2x1mcXBK0+yg/xQ aNmOmsfKUMpu5zyUKuYaQQ/uFxer+zL3Xa456qFLgQF0UjWgYOuhw4LfVKb1Jy7P sxYmkmOWrN+DzciPrNQL2j6a/oGLF1Rz6rsPl7jFFSrVgCXugNIOaDGtzCjT9/dx Ig4L4znz9ZWZ0Z0e6gQEjlVIWjPZVE5FQhp2l9se3sKrXNqtxKIAMBEwtM6XU5In +o03VrQYCU6Iuf3n4wcM511yLufOhc2xrnY6yltMSPVYauSYE4y5KHrS7aFVIl0= =f2Al -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple Subkey Pairs
The NSA e.g. denies to archive content of us-american citizens mails. It is thus perfectly reasonable to assume it does so with all other ones. They also deny being able to violate the Second Law of Thermodynamics: is it thus perfectly reasonable to assume they can violate the other ones? Just because they deny X means it's reasonable to believe Y is logic that will get you in a whole lot of trouble. If you have evidence to support your assertion I'm sure we'd all love to hear it -- but as I don't believe such evidence exists, the most we can reasonably say is we don't know. Besides, you believe their denials - are you kidding? Let me tell you a story about Allan. Allan was a great guy, one of the true heroes of American government. He never got the recognition he deserved. Allan was a veteran FBI agent with a Ph.D. in criminal justice, with a thesis that focused on police corruption. His life goal was to someday get appointed as a federal judge. He authored part of the FISA Act. Later in his life he was appointed by the Attorney General to become the Department of Justice's gatekeeper to the FISA Court. All warrant applications had to go through him. He thus had two compelling reasons to be strict about the warrants he presented to FISA. The first was that he hated corruption in a deep-in-his-bones way. The second was he knew that if he allowed any inadequate warrants to be presented to the FISA Court, those inadequate warrants would come up in Senate confirmation hearings for the federal judgeship he wanted. As a result, he had a reputation for being harder to convince of a warrant than the FISA Court itself was! -- Now, who told me about him first? My father, a federal judge who at one time was tapped for FISA. (He refused for personal reasons: he was approaching retirement and didn't want the additional responsibilities.) Dad had a good laugh about it and thought that if the American people ever knew it was harder to get Allan to bring a warrant application to FISA than it was to actually get FISA to approve a warrant, they'd be reassured. Dad would tell me all about how in all the time Allan had been responsible for bringing warrant applications to FISA, FISA had only ever denied three or four -- and that years later Allan was still sore about those! Nowadays, of course, the meme is FISA has only rejected a handful of warrants in all its time! Clearly, it must be a rubber stamp court! Nothing is further from the truth. For many years the reason why FISA so rarely bounced an warrant application is because Allan refused to bring inadequate ones to the Court. The former General Counsel of the National Security Agency, Stewart Baker, has written a fine book that I think everyone here should read: _Skating on Stilts_. Baker has some harsh words for Allan, claiming that he was such a hardass about warrant applications that he got in the way of many national security investigations. I first read this shortly after Allan's death and I almost bust a gut laughing. If he knew that his major claim to fame was having GC-NSA call him an obstruction to national security, I think he'd consider his place in posterity to be well-established. Allan died of cancer a few years ago -- but before he did, he achieved his life goal of being appointed to the federal bench. I had the honor of talking with him on several occasions from 2008 to 2010. Even dying of cancer, he was still a partisan for integrity in government. His commitment to it even in the face of imminent death impressed me as few things in the world have. Do I believe the NSA when they say that for U.S. persons only metadata is collected? No. But it was Allan's job to watch the NSA, and I trust that Allan didn't lie to me. I know that the common meme on this mailing list is, ooh, government *bad*, government *always* looking for ways to exploit us. But that's an insulting and childish belief. It's about as grown-up and about as mature as believing there are monsters under the bed or a bogeyman in the closet. Government *can be* bad, sure. Absolutely. But government also has people like Allan, and when we forget that we diminish ourselves. Frankly, I think people on this list ought celebrate his birthday -- March 4 -- as some kind of holiday. You know what? To hell with it. I /will/ celebrate his birthday, just ten years late. I'm going to make a donation to GnuPG today, in the memory of a government intelligence official who stood up for civil liberties. They *do* exist. Werner, if the donation I make later today could be credited as In memory of the Honorable Allan N. Kornblum, that would be appreciated. http://en.wikipedia.org/wiki/Allan_Kornblum ___ Gnupg-users mailing list Gnupg-users@gnupg.org
Re: Configure Errors
If you're using Lubuntu, you probably just want to install the package via apt-get: apt-get install gnupg (or gnupg2 for gpg2). If its default packages are similar to ubuntu, GPG1 should be installed by default. If you really want to install from source, you'll need a C compiler installed along with all the various dependencies. The build-essential package should get you started, but you might still need more. On Thu, Mar 13, 2014 at 1:05 PM, Sam Tanner samctan...@gmail.com wrote: Hi, I'm hoping you might be able to provide some insight into whats going on... I'm still quite new to th whole using the terminal in Lubuntu, so this might even be a total noob question. when i try the ./configure command, after it runs through, i get the error message: configure: error: no acceptable C compiler found in $PATH I downloaded th package from a uk mirror for gnugp, have tried witha couple of them now and still get the same error. am i possibly missing something on my OS? many thanks sam ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- David Tomaschik OpenPGP: 0x5DEA789B http://systemoverlord.com da...@systemoverlord.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple Subkey Pairs
You know what? To hell with it. I /will/ celebrate his birthday, just ten years late. Days. *Days* late. :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple Subkey Pairs
On 14/03/14 16:06, Robert J. Hansen wrote: The NSA e.g. denies to archive content of us-american citizens mails. It is thus perfectly reasonable to assume it does so with all other ones. They also deny being able to violate the Second Law of Thermodynamics: is it thus perfectly reasonable to assume they can violate the other ones? Just because they deny X means it's reasonable to believe Y is logic that will get you in a whole lot of trouble. If you have evidence to support your assertion I'm sure we'd all love to hear it -- but as I don't believe such evidence exists, the most we can reasonably say is we don't know. Besides, you believe their denials - are you kidding? Let me tell you a story about Allan. Allan was a great guy, one of the true heroes of American government. He never got the recognition he deserved. Allan was a veteran FBI agent with a Ph.D. in criminal justice, with a thesis that focused on police corruption. His life goal was to someday get appointed as a federal judge. He authored part of the FISA Act. Later in his life he was appointed by the Attorney General to become the Department of Justice's gatekeeper to the FISA Court. All warrant applications had to go through him. He thus had two compelling reasons to be strict about the warrants he presented to FISA. The first was that he hated corruption in a deep-in-his-bones way. The second was he knew that if he allowed any inadequate warrants to be presented to the FISA Court, those inadequate warrants would come up in Senate confirmation hearings for the federal judgeship he wanted. As a result, he had a reputation for being harder to convince of a warrant than the FISA Court itself was! -- Now, who told me about him first? My father, a federal judge who at one time was tapped for FISA. (He refused for personal reasons: he was approaching retirement and didn't want the additional responsibilities.) Dad had a good laugh about it and thought that if the American people ever knew it was harder to get Allan to bring a warrant application to FISA than it was to actually get FISA to approve a warrant, they'd be reassured. Dad would tell me all about how in all the time Allan had been responsible for bringing warrant applications to FISA, FISA had only ever denied three or four -- and that years later Allan was still sore about those! Nowadays, of course, the meme is FISA has only rejected a handful of warrants in all its time! Clearly, it must be a rubber stamp court! Nothing is further from the truth. For many years the reason why FISA so rarely bounced an warrant application is because Allan refused to bring inadequate ones to the Court. The former General Counsel of the National Security Agency, Stewart Baker, has written a fine book that I think everyone here should read: _Skating on Stilts_. Baker has some harsh words for Allan, claiming that he was such a hardass about warrant applications that he got in the way of many national security investigations. I first read this shortly after Allan's death and I almost bust a gut laughing. If he knew that his major claim to fame was having GC-NSA call him an obstruction to national security, I think he'd consider his place in posterity to be well-established. Allan died of cancer a few years ago -- but before he did, he achieved his life goal of being appointed to the federal bench. I had the honor of talking with him on several occasions from 2008 to 2010. Even dying of cancer, he was still a partisan for integrity in government. His commitment to it even in the face of imminent death impressed me as few things in the world have. Do I believe the NSA when they say that for U.S. persons only metadata is collected? No. But it was Allan's job to watch the NSA, and I trust that Allan didn't lie to me. I know that the common meme on this mailing list is, ooh, government *bad*, government *always* looking for ways to exploit us. But that's an insulting and childish belief. It's about as grown-up and about as mature as believing there are monsters under the bed or a bogeyman in the closet. Government *can be* bad, sure. Absolutely. But government also has people like Allan, and when we forget that we diminish ourselves. Frankly, I think people on this list ought celebrate his birthday -- March 4 -- as some kind of holiday. You know what? To hell with it. I /will/ celebrate his birthday, just ten years late. I'm going to make a donation to GnuPG today, in the memory of a government intelligence official who stood up for civil liberties. They *do* exist. Werner, if the donation I make later today could be credited as In memory of the Honorable Allan N. Kornblum, that would be appreciated. http://en.wikipedia.org/wiki/Allan_Kornblum ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Totally off-topic. But that your father was a highly positioned judge,
Re: Multiple Subkey Pairs
So far theres no credible reporting that any government is doing mass surveillance of email content. Instead, mass surveillance focuses on metadata: whos talking to whom, when, with what for a subject line, routed through which mail servers, and so on. The NSA e.g. denies to archive content of us-american citizens mails. It is thus perfectly reasonable to assume it does so with all other ones. They can easily do it, thus they do it. I am german, so I am free game for them anyways. Besides, you believe their denials - are you kidding? GnuPG does not and cannot protect against that. This is as regrettable as it is true. Worse still, it is much more cumbersome to protect your metadata than to protect content with e.g. GnuPG. You could achieve it easiest with temporary anonymous e-mail accounts. A public key infrastructure is difficult to reconcile with anonymity. If your concern is mass surveillance -- which is to say, metadata -- sorry again, if we are speaking about the US, only metadata if recipient and sender are us citizens and if we believe what the agency says. Regarding the the security of the content, I share the view that lighting a firework of a dynamic subkey structure is not going to help. IMHO one properly kept key is enough and its security should last for decades. After all the all or nothing principle is at the core of cryptography in many contexts. There is no such thing as attrition of security by heavy usage of a public RSA or ECC key. When it comes to system compromise leading to broken security. This is not kind of an aging process smoothly proceeding with time and eventually leading to death. They target you or they dont. cheers Michael Anders (http://www.fh-wedel.de/~an/crypto/Academic_signature_eng.html) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple Subkey Pairs
Totally off-topic. But that your father was a highly positioned judge, would make you rather biased. Sure, just like someone being German would make them pretty biased against Jews. What I just said was insensitive, offensive, and completely inappropriate. So, too, was what you just said. Grow up. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple Subkey Pairs
On 14/03/14 17:28, Robert J. Hansen wrote: Totally off-topic. But that your father was a highly positioned judge, would make you rather biased. Sure, just like someone being German would make them pretty biased against Jews. What I just said was insensitive, offensive, and completely inappropriate. So, too, was what you just said. Grow up. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Haha. Unfortunately for you, I am not German, so i am not insulted. But I do know loads of German's, which of course, with you making such statements, not only shows that you have a serious problem, if you have to offend people, just because you feel offended, but also shows how ignorant you are. Excusing your behaviour after is hardly a sign of maturity. Unlike you, I based my statement on what you said in your email, namely, that you got information from your father, which makes it hear-say. Further, getting facts from a second party about a third party about information, that would fall under a piece of legislation, which permits nobody to even discuss it, makes such statements meaningless. Further adding your comments about intelligence matters, that you clearly can not have any knowledge of, does not qualify you to make any such statements. Hence, my statement about you being biased. Further, all this discussion is quite meaningless anyway. Needless to say all this is totally off-topic, I just wanted to be sure that you got somebody else's opinion, as you were quite so dismissive about another person and their opinions on this list. I tend to side with people being bullied. Now maybe we can get back to the perfectly legitimate issues regarding the use of sub-keys and the use of multiples of these. Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 tristan.sant...@internexusconnect.net Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: tsant...@fedoraproject.org ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple Subkey Pairs
But I do know loads of German's, which of course, with you making such statements, not only shows that you have a serious problem, if you have to offend people, just because you feel offended, but also shows how ignorant you are. You are missing the point. It is contemptible to believe that just because someone is descended from X, they must therefore possess trait Y. This is not how civilized people behave. We judge people on their own choices -- not their parentage. To do otherwise is the act of a barbarian. Unlike you, I based my statement on what you said in your email, namely, that you got information from your father Quoting you: That your father was a highly positioned judge, would make you rather biased, to be specific. You didn't say that my information would be biased: you said that *I* am biased based on my father's job. And that's simply beyond the pale. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users