gpgsm --verify
Hi all, i was wondering when receiving an S/MIME message created with Thunderbird, how do i properly verify the message with gpgsm? As an example i sign now this message and would appreciate any tips! P.S. when i do a verify on a Thunderbird S/MIME message i always get: gpgsm: enabled debug flags: ipc gpgsm: ksba_cms_parse failed: Dateiende secmem usage: 0/16384 bytes in 0 blocks Best regards Stefan smime.p7s Description: S/MIME Cryptographic Signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpgsm --verify
Am 22.04.18 um 20:26 schrieb Stefan Claas: Hi all, i was wondering when receiving an S/MIME message created with Thunderbird, how do i properly verify the message with gpgsm? As an example i sign now this message and would appreciate any tips! P.S. when i do a verify on a Thunderbird S/MIME message i always get: gpgsm: enabled debug flags: ipc gpgsm: ksba_cms_parse failed: Dateiende secmem usage: 0/16384 bytes in 0 blocks Mmmhh. My send folder in Thunderbird shows that the message is signed and the posting in the Mailing List does not show the little envelope with the red dot in Thunderbird*. :-( *Yeah, it's a GnuPG Mailing List... :-P Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Backup .gnupg using git
On 04/21/2018 05:32 PM, Wink Saville wrote: Comments on the security of what I'm doing? Can't really tell anything without knowing your adversary (is it Mossad or not-Mossad? [1]), but here are a few remarks. You do not say which version of GnuPG you are using. Assuming you are using the latest available version on your system (which you should), most of the options you put in your gpg.conf and dirmngr.conf are useless, as they are already in the default settings (something many authors of those "create a perfect keypair" howtos seem to ignore). Also, your gpg.conf contains the following: # Avoid information leaked [...] export-options export-minimal If the goal here is to avoid revealing who signed your key (this option tells GnuPG to remove all third-party signatures on your key), then this is completely defeated by the fact that you upload your entire public keyring to a world-readable Github repository! Combined with the trust database that you *also* upload, this is a pretty serious information leak IMO, as anyone can learn not only who signed your key, but also which keys you collected over time, which keys you signed (even if you only signed them locally), and how much you trust the owners of all those keys. Are you fine with that, or didn't you realize the implications of uploading those files? Finally and as a general rule, if you are not sure of what you are doing, I am strongly of favour of following only those two advices: * Use the latest GnuPG version available on your system. In particular, if you invoke `gpg`, make sure this is GnuPG >= 2.1 and *not* GnuPG 1.x. * Use the default settings. Damien [1] https://lists.gnupg.org/pipermail/gnupg-users/2017-April/058046.html signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpgsm --verify
On Sun, 22 Apr 2018 20:26, stefan.cl...@posteo.de said: > i was wondering when receiving an S/MIME > message created with Thunderbird, how do > i properly verify the message with gpgsm? You need to de-compose the S/MIME message to get the CMS objects. Despit ethe name, gpgsm does not known about S/MIME (or MIME at all) and thus can't parse it. That is actually the same as with PGP/MIME which can't be handled directly by gpg [1]. In gnupg/tools/ you can find a basic MIME parser but it is not well documented and only used for manual testing. Salam-Shalom, Werner [1] Actually encrypted PGP/MIME messages can be directly decrypted gpg due to a pecularity of the PGP/MIME format. -- # Please read: Daniel Ellsberg - The Doomsday Machine # Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpkpgi45X8Z4.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpgsm --verify
Am 23.04.18 um 08:36 schrieb Werner Koch: On Sun, 22 Apr 2018 20:26, stefan.cl...@posteo.de said: i was wondering when receiving an S/MIME message created with Thunderbird, how do i properly verify the message with gpgsm? You need to de-compose the S/MIME message to get the CMS objects. Despit ethe name, gpgsm does not known about S/MIME (or MIME at all) and thus can't parse it. That is actually the same as with PGP/MIME which can't be handled directly by gpg [1]. In gnupg/tools/ you can find a basic MIME parser but it is not well documented and only used for manual testing. Thank you very much for the information! I will check out the MIME parser. Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
