Re: FYI: Arch linux provides GnuPG (2.1.0) package without ability to use HKPS

2014-12-13 Thread mark hellewell 
On 14 December 2014 at 08:18, Samir Nassar  wrote:
> On Wednesday, 2014-12-10 21:08:05 Samir Nassar wrote:
>> The Arch linux GnuPG package 2.1.0-6 is unable to connect to HKPS.
>
> As of the latest update to GnuPG 2.1.0-7, thanks to  Gaetan Bisson, gpg should
> work with HKPS

What was the underlying problem here?  GnuPG needs to be built with
GnuTLS support enabled or something?

Mark

>
> --
> Samir Nassar
> sa...@samirnassar.com
> https://samirnassar.com
> PGP Fingerprint: EE76 B39E 0778 8F95 F796 B044 FE67 9A90 8E99 7AB2

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FYI: Arch linux provides GnuPG (2.1.0) package without ability to use HKPS

2014-12-13 Thread Samir Nassar 
On Wednesday, 2014-12-10 21:08:05 Samir Nassar wrote:
> The Arch linux GnuPG package 2.1.0-6 is unable to connect to HKPS.

As of the latest update to GnuPG 2.1.0-7, thanks to  Gaetan Bisson, gpg should 
work with HKPS

-- 
Samir Nassar
sa...@samirnassar.com
https://samirnassar.com
PGP Fingerprint: EE76 B39E 0778 8F95 F796 B044 FE67 9A90 8E99 7AB2

signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Mainkey with many subkeys??

2014-12-13 Thread MFPA 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



On Saturday 13 December 2014 at 2:22:17 PM, in
, Kristian Fiskerstrand
wrote:


> But you could always generate a new self-signature
> giving it signing capability.

As you said in an earlier posting, that requires the use of a hacked
GnuPG version. Which would tend to limit how many people are capable
or willing.



> But anyhow, that is a
> digression, the point remains that a spare S capability
> does no harm to the security of the key.

I think that's true.


- --
Best regards

MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net

People who throw kisses are hopelessly lazy.
-BEGIN PGP SIGNATURE-

iQF8BAEBCgBmBQJUjIhDXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
MDAwMDAwMDAwMDAwMDAwAAoJEGt8dM6zHyXwW9UH/33ceza5Etz54mYgMFD5eXl+
6lpnU2ilG5hfaATk2KSn692a56jBVykeAqZc8molZH2qNFzGxCFVjZoldtxg+p4h
sAKBKdIxdFLU+sXttNJ7R0LeQ8iEldqMl9h5MlYur+4KaPXLgkPt7+t1UyBtQgVS
AX259ZwL9ch7ugXvgNNWwl4ciG8Sv8tk7260XPiVJbeesj8p0FNsU+7pJSLBfuYk
jY3rej6V6tFHjJjqLxH4iKPGQHdAbCcwadVaZC6pJqloAjKL4EdUoSl1qMRdVs6p
xCWjiRT6YL/Edaqz7LkCJw72p6QMxC6+wjQiEaEfJWGRKIQ0GtJynscerdH2We2I
vgQBFgoAZgUCVIyISl8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
MDAwMDAwMDAwMDAwMAAKCRAXErxGGvd45LFhAQAwSDPKnjEp4kv4nMpTqEf6X+Yl
A4AFLI0EMYZhULw3CAEAz17AHAuZJpGKUrfU0f1GOeJE2YlLRaa+V2WKkzcbLg0=
=zzh7
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Linux and windows mix?

2014-12-13 Thread Dave Pawson 
I asked a few weeks ago about sharing an encrypted
file between windows and Linux boxes.

Lots of hassle uninstalling an old version of gpg4win (I had to stop
the service prior to deleting / uninstalling), but now
working well.

Thanks for the suggestion.

Bash/shell scripts available if wanted.

regards

-- 
Dave Pawson
XSLT XSL-FO FAQ.
Docbook FAQ.
http://www.dpawson.co.uk

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Mainkey with many subkeys??

2014-12-13 Thread Kristian Fiskerstrand 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 12/13/2014 02:41 PM, Peter Lebbing wrote:
> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
> 
> On 08/12/14 16:37, Kristian Fiskerstrand wrote:
>> This key will always be capable of signing by definition
> 
> In what sense is that? It seems GnuPG is not letting me sign data
> with a certify-only key:

But you could always generate a new self-signature giving it signing
capability. But anyhow, that is a digression, the point remains that a
spare S capability does no harm to the security of the key.

- -- 
- 
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- 
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- 
"If you choose to sail upon the seas of banking, build your bank as
you would your boat, with the strength to sail safely through any storm."
(Jacob Safra (1891–1963))
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJUjEuXAAoJEPw7F94F4TagmWMP/3HPvVFVT4z6eSHrD3lv6/04
AimNwBp4a5E7po1yHL1+UFJDcow44K/ZmdL4isVP918NcfO+DNaTwN98QA7BCxRb
Pj+F/vt4j2Tg+qUCM4RX/nirZQxMVxeRITLRjeG1ptKOKBiLFd+/8N+SVynM1k2u
5iv8taLCBXCRBJQjvGrW7bzWZoL8B1grJvGWOFFnX91zpAvmQJrnQ9/5f/M6otlY
tjq8gGf12WAVS+YotcBtkLs3MQxTzCGWH5EFam/pbnKpfqzGPelKd2BFyFAA45kF
GmVaOjv3DUnGpYIRqbciDnOdeEIxVJNiaKNgqB0pC0psavpqm94+juqlAy/xsiKr
/TIcxWw+BHnq3azRnfcHX6QaXPqI3EtLGftEUSr5wYVOfr3lEJ+XhLiYQBT5lmlk
ZNb3ncV2Sg1i5MvqgTgH9k11tq/uv0OmsCyVPuD7set5LGAbknfiLaODFd1NwRYh
BrNj2FIyCQ4Knj/Qk0fSrQnk9fqYYi0F3XlrLbL5nARRVx1dxPSo/ZlCi+wnF5cF
UoOOso1Fho4fER9o6S3xYb8s/QcOlpDiaJhvbHc+Xi0wcpIIPU/QQNbpzps9mGkh
dwWNHjrSxChonur75zTlSUGadzJsVYy5WKV38jXSVL31dkLP5NgcNxroRyrPPina
qgBcio7etspFtTqXnNtE
=kLI/
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Signature-notation %-expandos expanding to strings of zeros

2014-12-13 Thread MFPA 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi


On Saturday 6 December 2014 at 3:25:02 PM, in
, MFPA wrote:


> I have the following line in my gpg.conf to generate a
> signature notation:-

>   sig-notation
>   issuer-...@notations.openpgp.fifthhorseman.net=%g

> I noticed when verifying signatures in the last few
> days that the %g in my recent signatures is expanding
> to a string of zeros instead of the fingerprint of the
> signing key.


Can anybody confirm they also get this?
The signature notation generated is:-

issuer-...@notations.openpgp.fifthhorseman.net=

whereas it should be (for example):-

issuer-...@notations.openpgp.fifthhorseman.net=B3AE7ECA9A8C8B3026A5A0F56B7C74CEB31F25F0



- --
Best regards

MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net

Don't cry because it is over - smile because it happened
-BEGIN PGP SIGNATURE-

iQF8BAEBCgBmBQJUjFK4XxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
MDAwMDAwMDAwMDAwMDAwAAoJEGt8dM6zHyXw/eYH/jN5+zarcsUukIDHcL+nu8xf
+vLbgzF52grADdWE+IGiwylmulFnyOfGap7DNivqh45FK3lgskuYKNhJCJ80IavP
1yCe569DMPBPJCr3OfAP/NnZbSTRLs4kupeC3/LqHkn/aBGKcMbn/b+sFTkQwJYb
v3UWiv4Qpq1qUzqMVPKNlz5ZDUVN8Vvp8k/7fFmv+kLK4an507xo2S3rcWVGhJ+W
To7MVc+6ot/Z+cW3A62ZRaXCVeXd2zRH+6Qc6GVse5sM6jQwJPy/Py8g8fqK2IJf
X6cGDHGKdqIbii7RmAl0rPrvb3YKOKHP5dpBbNTMLbZ9s7Peu55QwqjKN8urqUeI
vgQBFgoAZgUCVIxSwF8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
MDAwMDAwMDAwMDAwMAAKCRAXErxGGvd45LpNAQB1/AQBEltEDGIwj6JyfOAsDvn9
2/jbTHyKq+XDkji2LgEA0YYMIjAY90guVnBt5BJWX6TjEuWA2qDeiGuF7OO1cQ8=
=yzSp
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Mainkey with many subkeys??

2014-12-13 Thread Peter Lebbing 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 08/12/14 16:37, Kristian Fiskerstrand wrote:
> This key will always be capable of signing by definition

In what sense is that? It seems GnuPG is not letting me sign data with a
certify-only key:

$ gpg2 --edit-key de500b3e
[...]
pub  2048R/DE500B3E  created: 2009-11-12  expires: 2015-10-27  usage: C
 trust: ultimate  validity: ultimate
sub  2048R/DE6CDCA1  created: 2009-11-12  expires: 2015-10-27  usage: S
sub  2048R/73A33BEE  created: 2009-11-12  expires: 2015-10-27  usage: E
sub  2048R/B65D8246  created: 2009-12-05  expires: 2015-10-27  usage: A
[...]

$ echo hoi | gpg2 -u 0xDE500B3E\! -o test_cert_sig.gpg -s
gpg: skipped "0xDE500B3E!": Unusable secret key
gpg: signing failed: Unusable secret key

Peter.

- -- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Randomized hashing

2014-12-13 Thread Peter Lebbing 
On 28/11/14 11:41, NdK wrote:
>> Oh, I agree, I already thought that might close any 'r'-swapping security
>> issues, if there would be any; just like you can include the hash
>> algorithm in the signature to prevent swapping it out for a weaker one. But 
>> when
>> swapping 'r''s does not actually create any security issues, it just makes
>> things needlessly complicated.
> I don't understand you.

I finally found the time to write this up. In part, it is a more elaborate
version of what Ingo Klöcker said in [1].

When you want to protect 'r' from modification, there are basically two ways to
do it. You can include 'r' in the hashed data, or in the signature.

I'll outline what an OpenPGP message might look like[2] with randomized hashing,
with a symbol prepended to each line that indicates whether that line is
unprotected, part of the hashed data or part of the RSA signature. A U means
Unprotected, an H means Hashed, an S means its part of the signature itself.

U One-pass Sig packet:
U keyID 969E018FDE6CDCA1, sigclass "binary document",
U digest randomized-SHA-1, pubkey RSA
U Randomized hashing specifier packet:
U r = b299c230c293191bd900217ab0dc7aad
H Literal data packet:
H This is the actual signed message.
H It can go on for quite a while.
H But I choose to end it here.
H Signature packet:
H sigclass "binary document", pubkey RSA, digest randomized-SHA-1
H Signature Creation Time subpacket:
H Sig created 2014-12-13
U Issuer subpacket:
U Issuer key ID 969E018FDE6CDCA1
U Begin of digest 49 1f
S OpenPGP-RSA-randomized-SHA1-sign(r, )

Where OpenPGP-RSA-randomized-SHA1-sign is defined as (|| is concatenation):

OpenPGP-RSA-randomized-SHA1-sign(r, d):
H = SHA1(RMX(r, d || 0x04FF || len(d)))
m = 0x00 || 0x01 || 0xFF || ..   || 0xFF || 0x00 || 0x30 || 0x21 || 0x30 ||
0x09 || 0x06 || 0x05 || 0x2B || 0x0E || 0x03 || 0x02 || 0x1A || 0x05 ||
0x00 || 0x04 || 0x14 || H
return m**d (mod n)

** is exponentiation. So the signature is computed over the hash, and a constant
(which is padded with 0xFF's to make m the right size for an RSA signature).

The hash is computed over the RMX function.

The RMX function is rougly:

RMX(r, d0 || d1 || .. || dn) = r || d0 ^ r || d1 ^ r || .. || dn ^ r

^ is the xor operation here, not exponentiation. RMX is not exactly that, but
good enough for what I am trying to say. The point is, r is *included in the
hash*. That's what protects it from modification. The paper at [3] contains a
proof that it is intractable to modify r and get a message that hashes to the
same hash. This is not immediately apparent, but they prove it for hash
functions with the structure SHA-1 has.

'r' still needs to be passed to the recipient, but it needn't be protected
explicitly, since it is included in the hash anyway. In fact, it is pretty much
as if the "Randomized hashing specifier packet" I invented above wasn't of the
U(nprotected) type but of the H(ashed) type. It's just that it's solved at the
RMX level rather than the OpenPGP level.


The other way is also mentioned in the paper. I can't find the footnote you
mention; which paper were you looking at? The trade-off is that for that method,
the actual signing operation needs to be changed, which is the problem. The
advantage is that the rest of the message stays the same.

For OpenPGP One-pass-signature packets, this gets a bit silly. The purpose of
that is to start computing the hash while reading through the file the first
time. This becomes impossible with this method, so let's drop that packet,
pretend that it was never there in the first place, and we always needed two
passes. Pretend that we keep everything as it was, and only change the signing
operation.

H Literal data packet:
H This is the actual signed message.
H It can go on for quite a while.
H But I choose to end it here.
H Signature packet:
H sigclass "binary document", pubkey RSA, digest randomized-SHA-1
H Signature Creation Time subpacket:
H Sig created 2014-12-13
U Issuer subpacket:
U Issuer key ID 969E018FDE6CDCA1
U Begin of digest 66 1a
S OpenPGP-RSA-randomized-SHA1-sign(r, )

Now we define OpenPGP-RSA-randomized-SHA1-sign quite differently:

OpenPGP-RSA-randomized-SHA1-sign(r, d):
H = SHA1(H_r(r, d || 0x04FF || len(d)))
m = 0x00 || 0x01 || 0xFF || .. || 0xFF || 0x00 || some-new-ASN.1-specifier ||
r|| H
return m**d (mod n)

H_r(r, d0 || d1 || .. || dn) = d0 ^ r || d1 ^ r || .. || dn ^ r

Now, r is included in the RSA signature itself. To get at it, the receiver
decodes the RSA message (raises it to the e-th power) and extracts r from it.
Then the receiver can start to compute the hash. The some-new-ASN.1-specifier is
a constant string specifying this new randomized-SHA1 scheme, because we changed
the message and can't give it the same identifier as we use for regular
RSA-with-SHA1.

In fact, they propose the latter variant, but with RMX instead of H_r, for t

Re: Mainkey with many subkeys??

2014-12-13 Thread Peter Lebbing 
On 13/12/14 12:12, Tomo Ruby wrote:
> But what does "meaningful way" mean?

That there may be theoretic methods to use signatures to learn information
about the private key, but that they are all so impractical that they can be
ignored.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users