Re: Anonymous payment for hardware tokens

[NIIBE Yutaka]

Hello, George,

This message is a reply to the your post in February.

On 02/04/2015 03:50 PM, georgeorwellhardwi...@riseup.net wrote:
> Is there anyone that knows where you can buy yubikeys or smartcards
> anonymously?

On 02/04/2015 05:56 PM, NIIBE Yutaka wrote:
> I'm afraid it's not practical for you...
> 
> You can buy Gnuk Token in Maebashi, Gunma, Japan by cash from me.
> 
>   Buy FST-01 with Gnuk 1.1.4 (in Japanese):
>   http://www.gniibe.org/shop/gnuk_1_1_x-on-fst-01.html
[...]
> In either cases, it is recommended to compile and install Gnuk to your
> board by yourself, as there is some risk where some malicious
> (possibly middle) person has installed fake firmware already.

Just in case if you can visit Boston, FST-01 with NeuG 1.0.1c is now
available as GNU Gear: http://shop.fsf.org/product/usb/

It comes with micro SD card which contains the copy of repositories at
git.gniibe.org, so that you can access to the source code with no
connection of the Internet.

Since the firmware installed is NeuG (instead of Gnuk), you need to
compile and install Gnuk by yourself, if you want.  But, I'm sure that
you will also want one with NeuG.

I don't know if it is possible to join FSF as an associate member
anonymously, but I'm sure you can get it anonymously by cash when you
visit the FSF office in Boston.

This arrangement is exactly intended for those who care, like you.
Although I don't know if it works for you, I hope so.
-- 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: Permissions Issue Executing .bat file to Encrypt File

[Dee Walton]

Hello All,

 

I was able to get the scheduled process to work but only as Administrator.
This needs to be run as a different user.  I know it must be a permissions
issue.

 

Thanks in advance.

 

Dee Walton

 

From: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of Dee
Walton
Sent: Thursday, April 02, 2015 12:19 PM
To: gnupg-users@gnupg.org
Subject: Permissions Issue Executing .bat file to Encrypt File

 

I have created a VB script to encrypt a file using a recipient key.  The
file encrypts when I can execute the VB script manually as Administrator but
when scheduling the execution of the VB script (via .bat file) as
Administrator, using Scheduled Tasks, the encryption does not occur. 

 

Any insight would be appreciated!

 

Dee Walton

Stillwater Resource Group

 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Permissions Issue Executing .bat file to Encrypt File

[Dee Walton]

I have created a VB script to encrypt a file using a recipient key.  The
file encrypts, when I can execute the VB script manually as Administrator
but when scheduling the execution of the VB script (via .bat file) as
Administrator, using Scheduled Tasks, the encryption does not occur. 

 

Any insight would be appreciated!

 

Dee Walton

Stillwater Resource Group

 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

"g13" tool in GnuPG 2.1 (was: decrypt luks with gnupg Card: determine if cardreader has pinpad)

[Peter Lebbing]

On 31/03/15 13:25, Jan Kowalsky wrote:
> I wrote a howto (in german) in addition to the one from Peter Lebbing
> (thanks a lot!):
> https://wiki.datenkollektiv.net/public/gnupg/luks_gnupg_card

... in which the following message by Werner from 2009 is linked: [1]

>From which I will quote:
> Another option would be to wait a while and use the new g13 tool which
> is part of the new development branch of GnuPG.  It is fully integrated
> into GnuPG and provides a platform independent replacement for LUKS.
> For now only Encfs is supported but the system is designed to support
> all kinds of backends (Even one on top of LUKS is possible).  The
> advantage of G13 is that you use real public key cryptography and thus
> your actual private key never leaves the card - it is only used to
> encrypt the bulk encryption key(s). 

So is G13 ready for use?

(note that the LUKS script written by me and modified by Jan also uses
real public key cryptography; that remark in the quote refers to a
different method of unlocking an encrypted drive using an OpenPGP card).

Cheers,

Peter.

[1] http://lists.gnupg.org/pipermail/gnupg-users/2009-November/037599.html

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: What is 'CA fingerprint 1' on Smartcard

[Daniel Krebs]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Am 02.04.2015 um 04:40 schrieb NIIBE Yutaka:

> It seems that it's intended to be hold a fingerprint of OpenPGP,
> but it is not clear what/how this fingerprint is used for.
> 
> From a view point of scdaemon developer, I don't have any
> experience using these data objects.  Even, I couldn't imagine
> valid usage of these data objects.
> 
> Besides, I don't understand the reason why this data object was
> filled by a specific value when shipped.
> 
> Sorry for not useful information, but, those are all I could say.
> 
> Still, it would make sense to share this info.
> 

OK, I will ask on the FSFE mailing list, ask them and post the answer
here as soon as i have it.

DK
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBCgAGBQJVHVWTAAoJEA7irlPqaBCOf30P/R7OXr6jyTniFeiiv0LYBC9T
TyYwvqRyRnvng4VRKdT0Nq3kF/Omj2HIi7KCVZTOgDmmR83IMYyWm4oBFNXrDKzd
QO0J8OwUf+/B122vL1yvE3n1/V5rHxTpTl3bvBQG/VgZO9Fiwt1BYwCfF+79VlvR
OCnoLdepAHn4ZFT74neq5ZCxbG3UxSOr+9RBlf9gFzs+qNOI8TsqIzF4xueQHe6f
Jv7YD6aTqh7z3/d67v5j4ChzRxrghe2+I97QJkB98qvxqNxAVwg9hD64VcvtBNjB
O+AR+wbqnztfAa3pnQ4RGHIH1NGfy+v0Tps2tuCn/SucIirwbaIk+jhMHaWZB3Tx
0K7ivxRK4tbpAJyFY8r85XSTAEw4c711rkPbIcpolfw/5upXD/UD2YFCFxlnTaxt
xc38nKunoXT2B3LB5mRKnDGL69KZPHv5J+gSvZcP1/k8ItV/OryzSCyiJsGG+WIK
ipHvTjmyWs3R3Qnm1B0q3qklaoQGVsw1k6W8Ezafu4Vm84PxdmaE5LBfyH2KJN3h
CFQQKeo4Tfb8wRAvZj1VrLo3AqLWdOLioAKXy+xzuPbK87fnMx0tfwn2147PGsNr
008q8Wbj5n4cqTmP1Db4woASvHuTFdwmLm3Kr0yqJnTkZUrme7OyxJ0SAA0qNXdv
LPNlpdG/WJPn0IJhI1bM
=iGUm
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

gpg-bash-lib - gpg file verification bash library - first public release announcement - 0.5-1

[Patrick Schleizer]

gpg-bash-lib is a gpg file verification bash library, addresses
comprehensive threat model, that covers file name tampering, indefinite
freeze, rollback, endless data attacks, etc.

https://github.com/Whonix/gpg-bash-lib

Why?

Writing bash scripts that do file verification using gpg that really is
secure and passes a comprehensive threat model, that covers indefinite
freeze, rollback, endless data attacks, etc. is hard.

gpg-bash-lib's goal is to provide a bash library that we can
collaboratively develop, audit and abstract the hard work into reuseable
functions.

Checking gpg exit codes only is insufficient. Quote Werner Koch [1]
(gnupg lead developer):

"there is no clear distinction between the codes and for proper
error reporting you are advised to use the --status-fd messages."

(For a definition of these attacks, see TUF [2] (The Update Framework)'s
[3] threat model [4] [5].)

Mini Demo:
After installation, if you would run the following command.

/usr/share/gpg-bash-lib/examples/one

You would see the following output.

your_script_begin: ...
verification: BEGIN
verification: END
your_script_output: BEGIN
gpg_bash_lib_output_failure_status: false
gpg_bash_lib_output_gpg_verify_exit_code: 0
gpg_bash_lib_output_goodsig_status: true
gpg_bash_lib_output_validsig_status: true
gpg_bash_lib_output_fingerprint_in_hex:
5E08605EBEA0FE88695DCB88FD0A8B4171DFE4E4
gpg_bash_lib_output_signed_on_unixtime: 1422049448
gpg_bash_lib_output_signed_on_date: March 01 13:56:27 UTC 2015
gpg_bash_lib_output_notation[$file@name]: test-file
gpg_bash_lib_output_file_name_tampering: false
gpg_bash_lib_output_freshness_status: true
gpg_bash_lib_output_freshness_detail: current
gpg_bash_lib_output_freshness_msg:
- Freshness: Signature is current.
- valid-max: Signatures are valid up to 30 days.
- Signature Creation Date: March 01 13:56:27 UTC 2015
- Current System Date: March 02 16:0:55 UTC 2015
- Local System Clock: Your clock seems okay.
- Relative Signature Creation Time: According to your system clock,
signature was created 2 days 26 minutes 3 seconds ago.
gpg_bash_lib_output_alright_status: true
your_script_output: END

All information (Signature Creation Date, etc.) are easily accessible
through separate variables, which are all documented.

Documentation:
https://github.com/Whonix/gpg-bash-lib/blob/master/README.mediawiki

Usage examples:
https://github.com/Whonix/gpg-bash-lib/tree/master/usr/share/gpg-bash-lib/examples

Main code file:
https://github.com/Whonix/gpg-bash-lib/blob/master/usr/lib/gpg-bash-lib/modules.d/50_common

Specifically, does the status-fd parsing code look sane?
https://github.com/Whonix/gpg-bash-lib/blob/d6cff902f40135c3e100a5bb13a6fe8275a41828/usr/lib/gpg-bash-lib/modules.d/50_common#L350

Could you leave some feedback please?

Anyone else interested to contribute?

Cheers,
Patrick

[1] http://lists.gnupg.org/pipermail/gnupg-devel/2005-December/022559.html
[2] https://www.updateframework.com/
[3] https://github.com/theupdateframework/tuf
[4] https://github.com/theupdateframework/tuf/blob/develop/SECURITY.md
[5] http://www.webcitation.org/6F7Io2ncN

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users