Aw: Re: Re: Re: SmartCard v2.1 : factory reset fails

2017-02-18 Thread Fib Moro 
Dear Yutaka,

> 
> Thanks a lot for your report in detail, in the style which I can replicate.
> 
> I'm afraid you are facing same issue what I encountered in 2011.
> 
> CHANGE REFERENCE DATA (OpenPGP card specification 2.0):
> https://www.gniibe.org/log/bugreport/gnupg/openpgp-card-spec-2.0-chenge-reference-data.html
> 
> IIUC, this protocol is due to smartcard practice and standard.  I had
> asked Achim (the author of OpenPGPcard specification) if this could be
> changed.  No positive answer, but I think that the problem is clear
> enough.
> 

Then I'm very much relieved that my issue was confirmed. :-)

To reflect a little further, locking the smartcard (AdminPIN) is probably a 
rather rare event, it was actually a first time experience for me. 
However, considering the importance of a functioning and secure key, the 
process of restoring the key caused quite some trouble for me:

The first blocking point I encountered was that when reimporting the private 
key (subkeys) into my keyring they would be unusable as they would still refer 
to the keys on the blocked smartcard. To remove these "stubs" I had to manually 
delete the according keygrip files in ".gnupg/private-keys-v1.d". Only then 
would an import of the private keys work correctly.

The next challenge was to find out if and how I could actually reset my version 
of smartcard. Fortunately I could find the instructions by Werner Koch in a 
mailing list post from 2009. It was probably in this situation of stress that I 
entered the wrong Admin PIN of *123456789* which left me entirely confused and 
frustrated.

Maybe I should write a little post of "How to reset your smartcard (version > 
2.1) and things that could go wrong" so the next candidates can benefit from 
the learning?

In any case, I would like to thank you and all the people who patiently helped 
me along the way to resolve this issue.

Last but not least I'd like to thank all the GnuPG developers for creating and 
maintaining this technology. Often I hear or read from people that GnuPG was to 
"hard" and "out of date".  I still consider it one of the most important tools 
for secure communication in our digital age. So thank you very much again for 
your efforts!

Sincerely,

fibmoro

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Hybrid keysigning party, your opinion?

2017-02-18 Thread Philip Jackson 
On 18/02/17 16:15, Peter Lebbing wrote:
> O Come, All Ye Hackful! Adeste Fiddle-es[2]!
Yea !

Philip



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Hybrid keysigning party, your opinion?

2017-02-18 Thread Peter Lebbing 
Hello Lachlan,


On 15/02/17 14:32, Lachlan Gunn wrote:
> Given the discussion on the list before, now that CCC has come and gone
> I'm curious as to how well this worked.

It failed on a trivial point: by the Friday before the congress, I had only
received four signups. A list with five keys is a poor list indeed. I switched
the model to the classic "bring keyslips" model.

> Is it an innovation worth
> perpetuating?

I think it would work. I'd like to try again.

In fact, given that we don't need to place trust in the paper copies, I think it
would actually work if I kept sign-up open until just before the party, and
printed a stack of "scrubbed" lists myself to hand out. However, it was my
feeling that some people would not feel comfortable with this brand-spanking-new
"no need to trust me, really! Have my stuff" type of lists, so I didn't do that.
I intended to cater to the untrusting crowd by giving them enough time to print
their own lists and do it the in the usual Sassaman Efficient way.

Given that this would have, on the flip side, catered to the handful of people
who showed up without keyslips, perhaps it would still be a fair tradeoff for
limiting the untrusting people in their possibilities.

You could receive sign-ups by e-mail until the latest moment, and you would
print the untrusted lists so anybody who didn't bring any keyslips could still
be on that list by signing up.

Note that there is no value judgement in how I use "untrusting" here, it's just
a way to sum up a group of people in a single adjective.

Next opportunity for a keysigning party for me will be SHA 2017, starting the
4th of August in Zeewolde, The Netherlands[1].
O Come, All Ye Hackful! Adeste Fiddle-es[2]!

Cheers,

Peter.

[1] 
[2] Fiddle-es: those who tinker.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users