Re: Side-channel attacks
On 17-01-2022 0:09, Robert J. Hansen via Gnupg-users wrote: > I was asked for help with something in the 1.2 series (!!). Without > exception, our first response is usually "for the love of God, upgrade!" > > They rarely do. It's worked fine for them for a decade or more, and > they're not going to change... Well, a bit more respect for backwards compatibility would help a lot by that. Now I'm forced to keep an 1.4 and pgp 2.6 version installed just to be able to read all my old data. Some people just refuse to update to versions that routinely break backwards compatibility. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Side-channel attacks
Well, a bit more respect for backwards compatibility would help a lot by that. Now I'm forced to keep an 1.4 and pgp 2.6 version installed just to be able to read all my old data. Some people just refuse to update to versions that routinely break backwards compatibility. You've had literally 27 years to migrate your data. I have zero sympathy. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpg --verify in batch mode / how to require a trust level?
Hi, for a backup integrity protection, I want to add a signature check to the restore script to reject the backup files that are not properly signed. So far, so good. #$ gpg --verify backup.tar.sig #$ if [ $? -ne 0 ]; then echo "backup is not properly signed!"; exit 1; fi #$ tar xzvf backup.tar Now, I find that `gpg --verify` produces a return code rc=0 when there is a public key in my keyring that I once added, even though I never declared that I trust this key. How can I require `gpg --verify` to only accept keys from my keyring with a certain trust level and fail otherwise (rc!=0) Alternatively, how can I check that a signature was done with a specific key? Many thanks Bernd ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpg --verify in batch mode / how to require a trust level?
Hi, for a backup integrity protection, I want to add a signature check to the restore script to reject the backup files that are not properly signed. So far, so good. #$ gpg --verify backup.tar.sig #$ if [ $? -ne 0 ]; then echo "backup is not properly signed!"; exit 1; fi #$ tar xzvf backup.tar Now, I find that `gpg --verify` produces a return code rc=0 when there is a public key in my keyring that I once added, even though I never declared that I trust this key. How can I require `gpg --verify` to only accept keys from my keyring with a certain trust level and fail otherwise (rc!=0) Alternatively, how can I check that a signature was done with a specific key? Many thanks Bern ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Side-channel attacks
1.4 should be able to decrypt all 2.6 generated data. Not from the Disastry builds, which extended 2.6 to support newer algorithms. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Side-channel attacks
On Tue, 18 Jan 2022 09:50, Johan Wevers said: > Well, a bit more respect for backwards compatibility would help a lot by > that. Now I'm forced to keep an 1.4 and pgp 2.6 version installed just 1.4 should be able to decrypt all 2.6 generated data. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg --verify in batch mode / how to require a trust level?
On Dienstag, 18. Januar 2022 15:59:11 CET Bernd Graf via Gnupg-users wrote: > How can I require `gpg --verify` to only accept keys from my keyring > with a certain trust level and fail otherwise (rc!=0) > > Alternatively, how can I check that a signature was done with a specific > key? Use gpgv instead of gpg. It's much more lightweight and specifically meant for signature verification. In particular, you can pass it a keyring that only contains the keys you want: $ gpgv --keyring FILE backup.tar.sig backup.tar For details $ man gpgv Regards, Ingo signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg --verify in batch mode / how to require a trust level?
On Tue, 18 Jan 2022 15:59, Bernd Graf said: > How can I require `gpg --verify` to only accept keys from my keyring > with a certain trust level and fail otherwise (rc!=0) Use gpgv instead of gpg. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Side-channel attacks
Johan Wevers wrote: On 17-01-2022 0:09, Robert J. Hansen via Gnupg-users wrote: I was asked for help with something in the 1.2 series (!!). Without exception, our first response is usually "for the love of God, upgrade!" They rarely do. It's worked fine for them for a decade or more, and they're not going to change... Well, a bit more respect for backwards compatibility would help a lot by that. Now I'm forced to keep an 1.4 and pgp 2.6 version installed just to be able to read all my old data. Some people just refuse to update to versions that routinely break backwards compatibility. I know from people that they use GnuPG 1.4 (Windows) for portability on a USB stick and therefore it could be run in a native Windows 10 sandbox, while also running a Tor hidden service in the sandbox, to communicate encrypted, without relying on third party client/server models via VPS or major email providers. Is it possible to do that with the latest gpg4win? Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Side-channel attacks
On 1/18/2022 at 11:26 AM, "Robert J. Hansen via Gnupg-users" wrote:> 1.4 should be able to decrypt all 2.6 generated data. Not from the Disastry builds, which extended 2.6 to support newer algorithms. = 1.4 still can decrypt and verify anything in Disastry's last build. He died before he could implement Camellia. I have been using it since it came out, and 1.4 can easily decrypt and verify, but there is a simple procedural issue.: 1.4 decides that when it sees a v3 key, it tries to decrypt Idea and verify md5. Which works perfectly for 2.6.x. In order for 1.4 to decrypt and verify messages done with other encryption algorithms and signing algorithms, the name of the signing algorithm and the name of the encryption algorithm need to be included in the command line. If this is cumbersome, so just continue to use Disastry 2.6 to decrypt and verify. It's not gnupg's problem. Vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
