Re: gnupg installation and verification
On 6/7/2019 9:13 PM, Samir Zulfiquar wrote: > Hello I just downloaded gnupg and tried to install and verify it. > Unfortunately I hardly know how to do anything with a computer other than > the basics, so maybe I just didn't interpret the instructions correctly. I > downloaded the installer and the open pgp signature to verify it (I have no > clue what a pgp signature even is). after I downloaded both I opened the > pgp signature file which didn't seem to do much other than bring up text of > some sort of code. I then installed gnupg, but I wasn't sure if I verified > it correctly. so I decided to try again. I looked at the website again and > tried right clicking on the gpg4win-3.1.8 file and went to "moreGpgEX > options" and clicked verify. The computer tried to verify it with the pgp > signature file but failed. I then went to the wiki page on integrity > checks. Most of the things there were too technical for me to understand. > the only thing I was able to do is check the file length, which was exactly > what it was supposed to be. It dose not seem like there were any download > problems, but I highly doubt it could be an attacker like the website said > (I downloaded both of the files from gnupg's own website and not some other > place) Anyway could someone explain in Leyman's terms what to do? Sorry if > the question sounds stupid. > > If you don't have access to an other instance of gpg, you don't have any other choise then to first install gpg4win and 'verify' if the downloaded executable has not been tempered with. That is, what you have already done. You should familiorize your self with 'checksum' 'gpg signature verification', the below URL is a start: https://security.stackexchange.com/questions/189000/how-to-verify-the-checksum-of-a-downloaded-file-pgp-sha-etc -- John Doe ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ProtonMail and Anonymity
Stefan Claas wrote: > Hope this helps! And you probably want an up to date allpingers.txt: # A L L P I N G E R S' I N D E X # # Updated: 09 June 2019 # This list was last updated by SEC3 # Please email corrections to: pinger-ad...@sec3.net [apricot] base= https://apricot.fruiti.org/echolot/ rlist = https://apricot.fruiti.org/echolot/rlist.txt mlist = https://apricot.fruiti.org/echolot/mlist.txt rlist2 = https://apricot.fruiti.org/echolot/rlist2.txt mlist2 = https://apricot.fruiti.org/echolot/mlist2.txt rlist_html = https://apricot.fruiti.org/echolot/rlist.html mlist_html = https://apricot.fruiti.org/echolot/mlist.html rlist2_html = https://apricot.fruiti.org/echolot/rlist2.html mlist2_html = https://apricot.fruiti.org/echolot/mlist2.html pgpring = https://apricot.fruiti.org/echolot/pgp-all.asc pgpring_rsa = https://apricot.fruiti.org/echolot/pgp-rsa.asc mixring = https://apricot.fruiti.org/echolot/pubring.mix type2list = https://apricot.fruiti.org/echolot/type2.list [austria] base= https://www.tahina.priv.at/~cm/stats/ rlist = https://www.tahina.priv.at/~cm/stats/rlist.txt mlist = https://www.tahina.priv.at/~cm/stats/mlist.txt rlist2 = https://www.tahina.priv.at/~cm/stats/rlist2.txt mlist2 = https://www.tahina.priv.at/~cm/stats/mlist2.txt rlist_html = https://www.tahina.priv.at/~cm/stats/rlist.html mlist_html = https://www.tahina.priv.at/~cm/stats/mlist.html rlist2_html = https://www.tahina.priv.at/~cm/stats/rlist2.html mlist2_html = https://www.tahina.priv.at/~cm/stats/mlist2.html pgpring = https://www.tahina.priv.at/~cm/stats/pgp-all.asc pgpring_rsa = https://www.tahina.priv.at/~cm/stats/pgp-rsa.asc mixring = https://www.tahina.priv.at/~cm/stats/pubring.mix type2list = https://www.tahina.priv.at/~cm/stats/type2.list [deuxpi] base= https://www.deuxpi.ca/echolot/ rlist = https://www.deuxpi.ca/echolot/rlist.txt mlist = https://www.deuxpi.ca/echolot/mlist.txt rlist2 = https://www.deuxpi.ca/echolot/rlist2.txt mlist2 = https://www.deuxpi.ca/echolot/mlist2.txt rlist_html = https://www.deuxpi.ca/echolot/rlist.html mlist_html = https://www.deuxpi.ca/echolot/mlist.html rlist2_html = https://www.deuxpi.ca/echolot/rlist2.html mlist2_html = https://www.deuxpi.ca/echolot/mlist2.html pgpring = https://www.deuxpi.ca/echolot/pgp-all.asc pgpring_rsa = https://www.deuxpi.ca/echolot/pgp-rsa.asc mixring = https://www.deuxpi.ca/echolot/pubring.mix type2list = https://www.deuxpi.ca/echolot/type2.list [eurovibes] base= http://www.eurovibes.org/echolot/ rlist = http://www.eurovibes.org/echolot/rlist.txt mlist = http://www.eurovibes.org/echolot/mlist.txt rlist2 = http://www.eurovibes.org/echolot/rlist2.txt mlist2 = http://www.eurovibes.org/echolot/mlist2.txt rlist_html = http://www.eurovibes.org/echolot/rlist.html mlist_html = http://www.eurovibes.org/echolot/mlist.html rlist2_html = http://www.eurovibes.org/echolot/rlist2.html mlist2_html = http://www.eurovibes.org/echolot/mlist2.html pgpring = http://www.eurovibes.org/echolot/pgp-all.asc pgpring_rsa = http://www.eurovibes.org/echolot/pgp-rsa.asc mixring = http://www.eurovibes.org/echolot/pubring.mix type2list = http://www.eurovibes.org/echolot/type2.list [frell] base= https://echolot.theremailer.net/ rlist = https://echolot.theremailer.net/rlist.txt mlist = https://echolot.theremailer.net/mlist.txt rlist2 = https://echolot.theremailer.net/rlist2.txt mlist2 = https://echolot.theremailer.net/mlist2.txt rlist_html = https://echolot.theremailer.net/rlist.html mlist_html = https://echolot.theremailer.net/mlist.html rlist2_html = https://echolot.theremailer.net/rlist2.html mlist2_html = https://echolot.theremailer.net/mlist2.html pgpring = https://echolot.theremailer.net/pgp-all.asc pgpring_rsa = https://echolot.theremailer.net/pgp-rsa.asc mixring = https://echolot.theremailer.net/pubring.mix type2list = https://echolot.theremailer.net/type2.list [kroken] base= https://rlist.uni-boeblingen.de/ rlist = https://rlist.uni-boeblingen.de/rlist.txt mlist = https://rlist.uni-boeblingen.de/mlist.txt rlist2 = https://rlist.uni-boeblingen.de/rlist2.txt mlist2 = https://rlist.uni-boeblingen.de/mlist2.txt rlist_html = https://rlist.uni-boeblingen.de/rlist.html mlist_html = https://rlist.uni-boeblingen.de/mlist.html rlist2_html = https://rlist.uni-boeblingen.de/rlist2.html mlist2_html = https://rlist.uni-boeblingen.de/mlist2.html pgpring = https://rlist.uni-boeblingen.de/pgp-all.asc pgpring_rsa = https://rlist.uni-boeblingen.de/pgp-rsa.asc mixring = https://rlist.uni-boeblingen.de/pubring.mix type2list = https://rlist.uni-boeblingen.de/type2.list [mixmin] base= https://www.mixmin.net/echolot/ rlist = https://www.mixmin.net/echolot/rlist.txt mlist = https://www.mixmin.net/echolot/mlist.txt rlist2 =
Re: ProtonMail and Anonymity
Mirimir wrote: > Thanks. Any chance of a native Linux port of Quicksilver? I asked, > some years ago, and got that it wasn't feasible. You're welcome! What I would do under Linux, wishing to run Mixmaster (latest Version with 4k keys support) and using a Nym: Check the docs here, they are for Remailers, but should help you to compile Mixmaster under Debian. https://inwtx.net/remailer.html Mixmaster has also a nice ncurses Interface. Then to handroll a Nym account with GnuPG: http://mixnym.net/ And finally to fetch messages from a.a.m.: https://github.com/crooks/aam2mail If you need help with setting up Tor, socat and stunnel let me know. Hope this helps! Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Adding notations with quick commands
Hi Markus, On 09.06.2019 14:16, Markus Reichelt wrote: in a similar fashion to what --quick-* commands already do for other actions (e.g. --quick-add-uid). --set-notation maybe? Yes, but as far as I understand --set-notation is only a modifier that needs to be used with another command (e.g. --quick-sign-key). I tried using it with my own fingerprint twice but it didn't succeed: $ gpg -u F470E50DCB1AD5F1E64E08644A63613A4D6E4094 --set-notation t...@example.com= --quick-sign-key F470E50DCB1AD5F1E64E08644A63613A4D6E4094 "Test McTestington " was already signed by key 4A63613A4D6E4094 Nothing to sign with key 4A63613A4D6E4094 gpg: Key not changed so no update needed. Kind regards, Wiktor -- https://metacode.biz/@wiktor ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ProtonMail and Anonymity
On 06/09/2019 01:20 AM, Stefan Claas wrote: > Mirimir wrote: > >> Some years ago, I got Quicksilver Lite working in Debian with Wine. >> But even then, it hadn't been updated for years. And now I find that >> https://www.quicksilvermail.net isn't loading. Are people still using >> nymservers with mixmaster? And do you have working onion URLs for >> nymservers and news servers? > > I visited the Quicksilver site a couple of days ago and it was working. > > I may ping Richard to let him know that it is not working. Thanks. Any chance of a native Linux port of Quicksilver? I asked, some years ago, and got that it wasn't feasible. > Regarding Nymservers, you communicate not directly with them, so > no .onion needed. What you need to do is set up Mixmaster with > Tor, socat and stunnel and then send the config Nym message to > the registration email address. There are hover .onion relays > available for Mixmaster Remailers, but I do not have them because > I use YAMN nowadays. > > With News Servers I used them in the past also with Tor, socat and > stunnel. I may ask a friend if he has .onion addresses for them. > I currently don't need them because I have no more a nym to pull > messages from a.a.m.. And yes, people still using Mixmaster (and now > YAMN) with Usenet or email. :-) > > Regards > Stefan > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Adding notations with quick commands
* Wiktor Kwapisiewicz via Gnupg-users wrote: > in a similar fashion to what --quick-* commands already do for other actions > (e.g. --quick-add-uid). --set-notation maybe? HTH -- left blank, right bald ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ProtonMail and Anonymity
Mirimir wrote: > And do you have working onion URLs for > nymservers and news servers? Here we go, it is from a.p.a-s: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Here are the free Onion SMTP Servers that I am aware of that are working as of April 29, 2019 gbhpq7eihle4btsn.onion:25 sopoccfrkrpuiin5.onion:2525 nyt7rlpjogd24qx7.onion:587(TLS) nyt7rlpjogd24qx7.onion:25 nyt7rlpjogd24qx7.onion:2525 nyt7rlpjogd24qx7.onion:465 bshc44ac76q3kskw.onion:25 oc6bguylwowxvs62.onion:2525 Frell must be the first remailer in your remailer chain when using bshc44ac76q3kskw.onion. Here are the free Onion NNTP Servers that I am aware of that are working as of April 29, 2019 ruxuklsvo4pk74m5.onion:119 neodomea5yrhcabc.onion:119 asq5mo52aghemn2i.onion:119 I will try to update this on a weekly basis going forward and if there are others that are working please update this thread. -BEGIN PGP SIGNATURE- iEYEARECAAYFAlzHSkgACgkQrrtSX34nv6ZyFgCg44BedGUs4jzYz204e6GlKp/9 E/cAoNa6V2YQzz9Tkb6CyyM0BOl/IRK9 =2Cfr -END PGP SIGNATURE- Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ProtonMail and Anonymity
Kirill Peskov wrote: > First of all... > > On 05.05.19 12:12, Stefan Claas wrote: > > Hi all, > > > > appologies for posting this, but I think it could > > be of interest for GnuPG users, because ProtoMail > > uses the OpenPGP protocol too. > > It uses OpenPGP protocol, but quite a twisted way. And they're not > OpenPGP-compliant, because they're not able to encrypt mails leaving > their domain. Any webmail by itself cannot be secure, because provider > can always send you 'modified' browser applet and steal your private > key and some day — the passphrase. > > Real anonymous email services are out there in .onion domain, but > they're neither stable nor trusted by non-onion recipients... Correct and also .onion domains come and go. The only IMHO reliable anonymous email services are if you use Anonymous Remailers (with a Nym account) or Bitmessage (with an additional Mailchuck email gateway address). Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ProtonMail and Anonymity
Hi Kirill, On 09.06.2019 08:57, Kirill Peskov wrote: It uses OpenPGP protocol, but quite a twisted way. And they're not OpenPGP-compliant, because they're not able to encrypt mails leaving their domain. What do you mean by that? There is an option to add OpenPGP key of a "foreign" contact and send to other e-mail providers just like any oter OpenPGP mail. From what I've seen on OpenPGP mailing list they're also planning to have Web Key Directory key discovery so that I'll be easier to encrypt to people outside ProtonMail Any webmail by itself cannot be secure, because provider can always send you 'modified' browser applet and steal your private key and some day — the passphrase. Yes, that's a problem. Still, who would discover a compromised Enigmail plugin (that autoupdates too), or even GnuPG? As the code is quite complex and in some cases there are many intermediaries (distro maintainers) it's not quite obvious what code are you running exactly. As for webpages there is also this interesting plugin: https://stosb.com/blog/signed-web-pages/ Kind regards, Wiktor -- https://metacode.biz/@wiktor ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ProtonMail and Anonymity
First of all... On 05.05.19 12:12, Stefan Claas wrote: > Hi all, > > appologies for posting this, but I think it could > be of interest for GnuPG users, because ProtoMail > uses the OpenPGP protocol too. It uses OpenPGP protocol, but quite a twisted way. And they're not OpenPGP-compliant, because they're not able to encrypt mails leaving their domain. Any webmail by itself cannot be secure, because provider can always send you 'modified' browser applet and steal your private key and some day — the passphrase. Real anonymous email services are out there in .onion domain, but they're neither stable nor trusted by non-onion recipients... Cheers, Kirill ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ProtonMail and Anonymity
Mirimir wrote: > Some years ago, I got Quicksilver Lite working in Debian with Wine. > But even then, it hadn't been updated for years. And now I find that > https://www.quicksilvermail.net isn't loading. Are people still using > nymservers with mixmaster? And do you have working onion URLs for > nymservers and news servers? I visited the Quicksilver site a couple of days ago and it was working. I may ping Richard to let him know that it is not working. Regarding Nymservers, you communicate not directly with them, so no .onion needed. What you need to do is set up Mixmaster with Tor, socat and stunnel and then send the config Nym message to the registration email address. There are hover .onion relays available for Mixmaster Remailers, but I do not have them because I use YAMN nowadays. With News Servers I used them in the past also with Tor, socat and stunnel. I may ask a friend if he has .onion addresses for them. I currently don't need them because I have no more a nym to pull messages from a.a.m.. And yes, people still using Mixmaster (and now YAMN) with Usenet or email. :-) Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users