Re: File Encryption
> I'm a home user of Linux. I'm looking for an encryption utility for > my personal password file, preferably one with a graphical user > interface. Have you considered either encrypting your /home directory (with dm-crypt, LUKS, pick your poison) and/or using an encrypted folder (TrueCrypt, etc.)? Either of those would possibly be a much more user-friendly experience. smime.p7s Description: S/MIME Cryptographic Signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Different subkeys and the use of a SmartCard
On Sunday 21 December 2014 00:46:40 Christopher Beck wrote: > Hi, > > On Sunday 21 December 2014 00:20:47 Hauke Laging wrote: > > Am Sa 20.12.2014, 19:20:23 schrieb Christopher Beck: > > > Third and last, thought it makes sense for gpg to use the newest sub > > > key only (especially for the signing sub key), is there a possibility > > > to force gpg to use a specific sub key? This question could manually > > > solve question number two and could be useful for me on educational > > > purposes (for example to show, what happens, if an older, perhaps > > > revoked or expired, sub key is being used). > > > > That is possible but AFAIK only via gpg command line parameters. I am > > not aware of any configuration file magic which would enforce this if gpg > > is called by another program (mail client) or gpgme is used. > > > > If 0x is the old subkey and 0x the new one and > > 0x the main key then you would usually call gpg this way: > > > > gpg --local-user 0x --sign file > > > > Instead you can do this: > > > > gpg --local-user 0x! --sign file > > > > Please note the "!". > > > > > > Hauke > > I tried that. And thank you! > > First, I tried to make an alias. This worked well for every application > which uses gpg als a command line tool: $ alias gpg='gpg --local-user > 0x!' > > Second (and working for everything) was adding the line "local-user > 0x!' to the gpg.conf file! This should also work on any Windows > host, since the method mentioned above only works on unix lie OSs. > > Thank you again for mentioning that option! > > Beckus Sorry for this second mail, but it does not work well. It signs on the commandline and everywhere, but using this configuration for mail clients, they just stop sending the whole signated message... Well, I hope there is a solution without the need of some wrapper around gpg... Beckus -- Christopher Beck Gerhart-Hauptmann-Str. 1 91058 Erlangen Tel.: 09131 / 9245437 Fax.: 09131 / 8148708 Jabber: bec...@jabber.org EPVPN: (+49 221 59619) - 5232 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Different subkeys and the use of a SmartCard
Am So 21.12.2014, 00:46:40 schrieb Christopher Beck: I noticed that too late: You shall always reply to the list. Usually I demand a list reply first before I answer. > First, I tried to make an alias. This worked well for every > application which uses gpg als a command line tool: $ alias gpg='gpg > --local-user 0x!' That is hard to believe for the simple reason that applications (even shell scripts) don't see shell aliases. You would have to either replace the gpg binary with a wrapper script (which would be overwritten by every update) or put the wrapper script earlier in the PATH (for the relevant applications). The wrapper script would have to detect and replace --local-user 0x in all variants (-u, long ID, fingerprint) and pass the changed parameter together with the unchanged rest to gpg. I have suggested some time ago to make the config file conditional. There was little enthusiasm about that. For these rather simple case a new option would be sufficient: --key-replace sign 0x 0x But my suggestions are seldom turned info effect. Make a big donation. ;-) > Second (and working for everything) was adding the line "local-user > 0x!' to the gpg.conf file! Interesting idea. But I assume that leads to each (i.e. not only those requested from 0x) signature being not replaced but being extended by one from 0x. Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Different subkeys and the use of a SmartCard
Am Sa 20.12.2014, 19:20:23 schrieb Christopher Beck: > Third and last, thought it makes sense for gpg to use the newest sub > key only (especially for the signing sub key), is there a possibility > to force gpg to use a specific sub key? This question could manually > solve question number two and could be useful for me on educational > purposes (for example to show, what happens, if an older, perhaps > revoked or expired, sub key is being used). That is possible but AFAIK only via gpg command line parameters. I am not aware of any configuration file magic which would enforce this if gpg is called by another program (mail client) or gpgme is used. If 0x is the old subkey and 0x the new one and 0x the main key then you would usually call gpg this way: gpg --local-user 0x --sign file Instead you can do this: gpg --local-user 0x! --sign file Please note the "!". Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG 2.1.1 released
On 12/19/14 11:28 AM, Ludwig Hügelschäfer wrote: | On 19.12.14 18:09, Doug Barton wrote: | |> Thank you for the time you've spent on this, but a minor quibble if |> you don't mind. Could you please provide signatures for the dmg |> files, | | Open the .dmg and you'll notice the signature of the Installer | (Install.pkg). If you look at (what in my mind are) the parallels in Windows (exes/installers) and Unix (tarballs) I don't have to perform any actions on them at all prior to verifying the signatures. I'd like to have the same luxury for the dmg file. In addition to the above, the 1 signature only covers that 1 item, there are other items in the dmg file. Now that said, perhaps it is my relative unfamiliarity with the dmg format that is causing my concern. It seems to me (on experience and some reading, both limited) that there are "things" that happen when I open one, similar to the autoplay feature for optical discs in Windows. That's part of the reason I'd like to be able to verify the dmg before opening it. If that last concern is misplaced, then I am less hesitant, however it would still seem to be a good operational practice to sign the whole blob. Admittedly that is less tidy, as now you have two files to keep track of instead of one, but since I use all 3 OS', it's not particularly burdensome from my perspective. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: File Encryption
Hi Gus. Using symmetrical encryption I do just that on Linux, without the GUI? With a small bash script, you could filter out just the entry you want too. I currently do it with Python and their encryption, but want it for my windows box and Linux, hence gpg. e.g. unlock is source lockp.sh # parameters #usage="Usage $0 # creates $plnfile.txt" if [[ ! -f ${target}/${encfile} ]] then echo Unable to find $1 exit 2 fi # File $1 exists, has .gpg extension, create .txt echo "Decrypt CAST5 encrypted file $1" echo gpg --output ${target}/${plnfile} --decrypt ${target}/${encfile} gpg --output ${target}/${plnfile} --decrypt ${target}/${encfile} ckexit gpg echo "Created ${target}/${plnfile}" more ${target}/${plnfile} with params shared (encrypt / decrypt) as # params for lock.sh and unlock.sh source ~/bin/dpFunctions.sh target=/apps/Dropbox/fp plnfile=test.txt encfile=test.gpg nb dpfunctions are pure bash. Let me know if you want more. HTH On 19 December 2014 at 22:20, Gus Zernial wrote: > I'm a home user of Linux. I'm looking for an encryption utility for my > personal password file, preferably one with a graphical user interface. > > After initial encryption of the file with a master password, I'd like to be > able to decrypt and display the cleartext file, using my master password, > without destroying the underlying encrypted file. Accordingly, when I close > the cleartext version it ceases to exist, leaving only the pre-existing > encrypted file. > > With what program and/or how can I do this? > > Thx, Gus > > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- Dave Pawson XSLT XSL-FO FAQ. Docbook FAQ. http://www.dpawson.co.uk ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG 2.1.1 released
Hi, On Saturday 20 December 2014 12:21:08 Werner Koch wrote: > Thus I do not think that Authenticate would harm even given that it is > possible to buy the private key for an existing Authenticode certificate. I actually love authenticode. It means that you can do some steps to get to the "Operating System" level of trust. Sure you can buy your way into this but that is the Operating System level of trust that is asserted through HTTPS connections / Windows Update and so on. It is weak, i grant you that, but it is at least _some_ automatic authentication of binaries. I'm playing a game on a Windows Machine currently (Archeage) that requires administrative access for each launch!,.. and they did not even care to sign their binary. This is just security sadism. (I keep my GNU/Linux partitions on which i do any work or store secrets encrypted) In a different project at intevation we signed all binaries in our installer keeping packaging and building on different systems. As we won't expose our private keys to propietary systems that meant running wine to create the nsis uninstaller, Maybe this is also something for the future of gpg4win. (Btw. We use osslsigncode which is a really great tool that allows you to create authenticode PKCS#7 signatures under GNU/Linux.) With regards to the original question. I'd be happy to sign your experimental gnupg only installers with our code signing certificate (and be quick about it) after verifying your signature. Intevation trusts g10code (we heavilly use gnupg internally where the source is verified by Werner) Regards, Andre signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
File Encryption
I'm a home user of Linux. I'm looking for an encryption utility for my personal password file, preferably one with a graphical user interface. After initial encryption of the file with a master password, I'd like to be able to decrypt and display the cleartext file, using my master password, without destroying the underlying encrypted file. Accordingly, when I close the cleartext version it ceases to exist, leaving only the pre-existing encrypted file. With what program and/or how can I do this? Thx, Gus ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Different subkeys and the use of a SmartCard
Hi, My question concerns the use of different signing sub keys and a smart card. The current setup are two valid signing sub keys. One of them resides on the smart card, the other on one of my computers. The key on the smart card is older than the other one. As described, gpg wants to use the newest sub key only. In my case it means, i cannot sign anything and the message "gpg: signing failed: No secret key" appears. I can also see all of the sub keys assigned to the key by typing "gpg -K" and "gpg --card-status". However, I tried the following on two different hosts: First, I used a Windows PC and gnupg version 2.0.26, imported my public key and then deleted all of the sub keys except the ones on my smart card. I run "gpg --card-status", and then updated the keys by using "gpg --refresh-keys". "gpg -K" still shows every sub key and if they are available, but "gpg --card- status" only shows the main key and the sub keys on the card. Finally, signing works well as expected. Second, on a Linux PC using gnupg version 2.1.1 I did the very same thing as is did on the Windows PC before. But here, "gpg --card-status" still tells me about my other sub keys and therefore singing is not possible after running "gpg --refresh-keys". Now I have a few questions. First, why do these two versions of gnupg differ in their behavior this way? Why does one update the sub key information on "gpg --card-status" and the other one doesn't? Second, is there a simple solution for my problem? I cannot rule out the possibility of having newer signing sub keys than the one on the smart card and I want gpg to use that key, which is available even if there exists a newer one. Third and last, thought it makes sense for gpg to use the newest sub key only (especially for the signing sub key), is there a possibility to force gpg to use a specific sub key? This question could manually solve question number two and could be useful for me on educational purposes (for example to show, what happens, if an older, perhaps revoked or expired, sub key is being used). Thank you in advance and sorry for the long e mail. Kind regards Christopher Beck -- Christopher Beck Gerhart-Hauptmann-Str. 1 91058 Erlangen Tel.: 09131 / 9245437 Fax.: 09131 / 8148708 Jabber: bec...@jabber.org EPVPN: (+49 221 59619) - 5232 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG on iOS 8 with extensions
You could use oPenGP under IOS. Due to the constraints of IOS, the integration is rather limited, but it works. Another candidate would be iPGMail. Regards J ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG 2.1.1 released
On Fri, 19 Dec 2014 18:22, r...@sixdemonbag.org said: > While we're on the subject -- it might be nice for GnuPG to be able to > issue proper Authenticode-signed Windows binaries. Code signing > certificates are fairly affordable although the paperwork is a headache. Actually we (Intevation in his case) do this for Gpg4win. People seem to like this although I do not see a real security benefit in it. If you look at the download stats for December | Version| tar/exe | sig | % | |+-+--+| | 2.1.0/tar | 837 | 419 | 50 | | 2.0.26/tar |4770 | 1635 | 34 | | 1.4.18/tar |1451 | 429 | 30 | | 1.4.18/exe | 635 | 110 | 17 | (which also include automated downloads from mirrors not using rsync) It shows that less than 20% of the Windows users check the signatures. It might of course be their first gpg download and thus can't make use of the signature anyway. However, given the number of the tarball downloads it is obvious verification of signatures is not a standard procedure. Thus I do not think that Authenticate would harm even given that it is possible to buy the private key for an existing Authenticode certificate. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG on iOS 8 with extensions
Hey Jürgen, Thanks for sharing those apps to me. I will probably have a deeper look at those, but still I don’t think they integrate what I am talking about. I don’t want to spend 5$ for an ugly app that is not probably working as I want, but it is better than nothing! If anybody is working on what I was talking about, please let me know. Thanks. Lorenzo Setale http://who.is.lorenzo.setale.me/? > Il giorno 20/dic/2014, alle ore 11:44, Jürgen Polster > ha scritto: > > You could use oPenGP under IOS. Due to the constraints of IOS, the > integration is rather limited, but it works. Another candidate would > be iPGMail. > > Regards J signature.asc Description: Message signed with OpenPGP using GPGMail ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Securing the future of GnuPG with BitCoin
On Fri, 19 Dec 2014 20:02, kristian.fiskerstr...@sumptuouscapital.com said: > This might have been added after your original post, but "If you like > to donate Bitcoins you may use the Wau Holland Stiftung account too. ": > https://www.wauland.de/en/donation.html#61 offers bitcoin Right, I added it later to www.gnupg.org. It was already mentioned in the FSFE's press release but not everyone may have seen that. As of yesterday WHS received about 1000 mBTC for the GnuPG project. There are two reasons why there is no direct bitcoin support: I do not want to keep volatile Bitcoin assets in the g10 code books. It is too much work for a small company to maintain more than one currency. Stripe.com has a closed beta for Bitcoin and I am waiting to make use of that. The alternative would be to a use another Bitcoin service provider but I try to avoid that. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GPG on iOS 8 with extensions
Hello, I am using GPG every day on my Mac, and I am really glad to see that is working super fine: I can send encrypted messages with sensible information with my friends and colleagues, without thinking about gmail reading its content to provide ads to me. Sadly I noticed that on iOS (as on the majority of the other OS available) there is no support for GPG/PGP, and the apps available are ugly. Since the last release of iOS8 it is possible to execute “extensions” to provide some tools and extra feature of your app inside the entire OS. This means that developers are able to create an “extension” that could verify the signature or decrypt/encrypt an email, or a web page. Read more here: https://developer.apple.com/app-extensions/ I would like to know if there is anybody around the world that is working on this, so I can help instead of creating my own app. I believe that gpgtools.org code and developers could contribute to this idea. I am open to any feedback. I hope somebody is already working on this. Thanks for your time. Lorenzo Setale CTO at MinBilDinBil.dk http://who.is.lorenzo.setale.me/? signature.asc Description: Message signed with OpenPGP using GPGMail ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users