Configuring dirmngr

[Mario Figueiredo]

I'm having trouble configuring dirmngr to use a default keyserver.

The current configuration file at .gnupg/dirmngr.conf contains this
single line:

keyserver hkp://pgp.mit.edu

However trying to use --recv-keys always fails:

$ gpg --recv-keys 0x194b631ab2da2888
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

I can only make it work by using the deprecated method of explicitly
naming the keyserver:

$ gpg --keyserver hkp://pgp.mit.edu --recv-keys 0x194b631ab2da2888
key 194B631AB2DA2888:
32 signatures not checked due to missing keys
gpg: key 194B631AB2DA2888: "Andreas Rönnquist
" not changed gpg: Total number processed: 1
gpg:  unchanged: 1

What am I doing wrong in the dirmngr configuration file?

-- 
Sinceramente / Best regards,

Mário J.G.P. Figueiredo
Luanda, Angola
(email) mar...@gmx.com (alt) kru...@openmailbox.org
(phone) +244 934 535 121


pgp8ia8KiLWl0.pgp
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: E-mail with deniable authentication

[Mario Castelán Castro]

Good point.

Note: You forgot to reply to list.

On 02/09/17 22:11, Lachlan Gunn wrote:
> Le 2017-09-03 à 11:48, Mario Castelán Castro a écrit :
>> I am well aware of that. Although deniable encryption is not a panacea
>> it is an improvement. It gives less power to the correspondent to blackmail.
> 
> I would also add that lots of servers will put a DKIM signature onto the
> email, thus showing who sent the ciphertext to whom.  Obviously this
> isn't as secure as a personal digital signature, since anyone who can
> get into your email account can send email in your name, but it does
> mean that email nowdays is at least somewhat non-repudiable.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Documentation of trust model

[Peter Lebbing]

On 05/09/17 00:58, Mario Castelán Castro wrote:
> Are the trust models “classical” and “pgp” as implemented in GNU PG
> documented anywhere?

The GNU Privacy Handbook has a good explanation of it:


That is to say, it explains the Web of Trust. It doesn't seem to even
mention trust signatures.

The difference between "classical" and "pgp" is, as the man page does
say, that "pgp" includes trust signatures.[1] But in practice trust
signatures are only used in such limited settings that these situations
probably have their own prescriptive practices and documentation. At
least, that's what I personally expect. So it's not that useful to
document trust signatures in detail. It could perhaps be wise to mention
this rationale for not explaining them.

> In the manual I can only find this for “pgp”: “This
> is the Web of Trust combined with trust signatures as used in PGP 5.x
> and later. This is the default trust model when creating a new trust
> database.”, which is a very unsatisfactory description.

The man and info pages are more reference manuals than user manuals;
they list all options, but don't explain what is all involved in using
GnuPG in a sane manner in practice.

While there are certainly ways to improve the man and info pages to be
more useful, I think a whole description of how to properly use the Web
of Trust would be out of scope.

HTH,

Peter.

[1] Although it is actually phrased ambiguously: it is not clear whether
the relative clause "as used in PGP 5.x and later" is a restrictive or
non-restrictive relative clause. Is it:

1. The Web of Trust combined with trust signatures, in the manner they
are used in PGP 5.x? So this Web of Trust is a different Web of Trust
than the one of PGP 2.x.

2. The Web of Trust combined with trust signatures, which is a model
that was introduced in PGP 5.x?

It actually is 2: the Web of Trust is the same as in PGP 2.x, but
another trust mechanism was added: trust signatures.

So perhaps the sentence should be rephrased as:

This  is  the Web of Trust combined with trust signatures, which is the
model used in PGP 5.x and later.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Documentation of trust model

[Damien Goutte-Gattat]

Hello,

On 09/05/2017 12:58 AM, Mario Castelán Castro wrote:
Are the trust models “classical” and “pgp” as implemented in GNU PG 
documented anywhere?


As far as I know, not really. Certainly not in the OpenPGP RFCs. RFC4880 
and its predecessors never defined any trust model, they only defined 
some “tools” that can be used by a trust model (such as the different 
certification types or the trust signature packet). But the trust models 
themselves are left to the implementors.


I seem to remember that someone on the IETF OpenPGP mailing-list evoked 
the idea of writing a complementary, informational RFC to describe 
routinely used trust models, but I don’t think it has ever been done.


As for the “classic” and “pgp” trust models as used by GnuPG, very  briefly:

In the “classic” trust model, GnuPG determines whether a given 
non-expired, non-revoked OpenPGP public key is valid by looking at the 
signatures (“certifications”) carried by that key. The key is fully 
valid, marginally valid, or of unknown validity depending on the number 
of certifications emitted by trusted keys in the user’s keyring.


The key aspect of the “classic” trust model is that it only determines 
the *validity* of a key. *Ownertrust* (the value associated with a key 
and which indicates if certifications emitted by that key are taken into 
account) is always manually set by the user. (This is something that is 
frequently misunderstood.) A “classic” signature only means something 
like “I certify that this key belongs to its stated owner”.


By contrast, in the “pgp” trust model, users can emit “trust 
signatures”, which carry both validity and ownertrust information. A 
trust signature means “I certify that this key belongs to its stated 
owner *and* I regard its owner as trustworthy.”


To illustrate the difference, let’s consider the following (from the 
point of view of Alice):


a) Alice signs Bob’s key and fully trusts Bob;
b) Bob signs Carol’s key and fully trusts Carol;
c) Carol signs David’s key.

In the “classic” trust model, only Bob’s and Carol’s key are valid 
(Bob’s key because it is signed by Alice’s own key, and Carol’s key 
because it is signed by Bob’s key, which Alice fully trusts). But 
David’s key is of unknown validity because Alice never assigned an 
ownertrust value to Carol’s key. The fact that Bob fully trusts Carol is 
irrelevant; actually, Alice does not even know that Bob fully trusts Carol.


In the “pgp” trust model, and assuming that Alice and Bob emitted trust 
signatures instead of simple signatures (I ignore, for simplicity’s 
sake, the notion of trust depth and the possibility to assign marginal 
ownertrust), Carol’s key has full ownertrust in the eyes of Alice even 
though Alice never explicity assigned an ownertrust value to it. 
Consequently, David’s key is valid.


Obviously there would be much more to describe, but I hope the above 
helps a little bit.


For what it’s worth, I wrote a document attempting to describe more 
thoroughly the various trust models used by GnuPG (including the new 
TOFU models) [1]. Unfortunately, it’s in French. :( I wanted to write an 
English version but never found the time nor the motivation…


Damien

[1] https://incenp.org/dvlpt/docs/confiance-openpgp.html



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: "Insecure memory" (yes setuid set) and "get_passphrase failed"

[Werner Koch]

On Tue,  5 Sep 2017 02:45, marioxcc...@yandex.com said:

> Are you sure that this is required in Solaris? At least in Debian
> GNU/Linux there is no need to setuid the gpg binary to root. Root setuid
> programs are a security problem. If an attacker can get control of this
> program, he can operate with root privileges.

Actually gpg drops suid right after initializing memory and has several
checks to make sure that it has been dropped.  Any, I would ignore that
problem for now.  If the diagnostics is annoying

  no-secmem-warning

in gpg.conf can be used.

For the other problem I noticed that the gpg binary is pretty small and
thus I assume gpg is some kind of wrapper script.  Mote information on
the installation is needed, in particular the gnupg versions and how it
was build.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgp7AzZQ5SulM.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: "Insecure memory" (yes setuid set) and "get_passphrase failed"

[gnupg]

Mario Castelán Castro wrote:

> On 03/09/17 17:42, Dan Horne wrote:
> > Warning: using insecure memory!
> > gpg-agent[10073]: command get_passphrase failed: End of file
> > gpg: problem with the agent: End of file
> > gpg: Key generation canceled.
> 
> There seems to be 2 different problems here:
> 
> * That gpg (or gpg-agent) fail when calling pinentry. (the
> “get_passphrase” fail.
> 
> * That memory pages can not be locked (“using insecure memory!”).
> 
> However, I do not know how to solve either.
> 
> My understanding is that “insecury memory” means simply that gpg can not
> lock memory pages so as to reduce the probability that they are written
> to swap. This is only a security concern if an attacker can read the raw
> disk device.
> 
> > Regarding the warning, the recommended response I found via Internet search
> > was:
> > 
> > # chmod u+s /path/to/gpg
> > 
> > This was done, but didn't affect the warning:
> 
> Are you sure that this is required in Solaris? At least in Debian
> GNU/Linux there is no need to setuid the gpg binary to root. Root setuid
> programs are a security problem. If an attacker can get control of this
> program, he can operate with root privileges.

Root privileges are necessary on old operating systems like
Solaris 10 (not sure about 11) and Linux-2.6.8 and earlier
in order to lock pages in memory. It's not needed in modern
OSs (at least not in modern Linux).

Was gpg successfully changed to setuid root? That should have
made the warning go away (if it was gpg rather than pinentry
or gpg-agent producing the warning). But's it's only a warning
anyway. The pinentry problem is the important one to fix.

> Look for what the requirement for locking pages are in the Solaris
> documentation.
> 
> > After a bit more Googling, I tried adding the following to my gpg.conf
> > file, but it caused a syntax error:
> > 
> > pinentry-program /opt/csw/bin/pinentry-curses
> 
> “pinentry-program” is an option of gpg-agent, not gpg. If you want to
> specify this option, you must put it in “$HOME/.gnupg/gpg-agent.conf”.
> 
> -- 
> Do not eat animals; respect them as you respect people.
> https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan
> 




> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users