Re: TB weirdness
When I want to sign or encrypt a message, I am still a fan of writing it out and performing these actions from within gpa, and then cutting and pasting the encrypted text into my messages. Any other method leaves you to trust third parties to handle your keys responsibly which has been proven time and again unreliable, as is being pointed out here. No, it doesn't encrypt MIME data or attachments, and I feel like that is desirable. I don't personally want my MIME data or signature to be encrypted. They are predictable anyway and that is a major liability. You can encrypt your attachments independently. Unfortunately, Thunderbird has for a while now flagged "inline encryption" as of questionable integrity, partly since the MIME data isn't verifiable. -- __ _ _ _ _ _ __ _ | \| |--| | |___ |--| |\/| | | \| |=== ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Suggestions to Thunderbird users
I haven't tested this myself but from a quick check with someone who uses Thunderbird they couldn't verify this claim. Maybe this just happens on some versions? Either way I wouldn't assume it's intended behavior. Other than an annoying inability to turn off "by default" attachment of public key and signing each encrypted message, I did not notice this behaviour. Thunderbird is by far the best openPGP cross-platform mail-client application around. However, my suggestion to Thunderbird mail encryption users is to avoid any "gnupg integration". In particular: - If you really need to import some gnupg generated keys into Thunderbird, clean them of any WOT crud first and treat that as a one-way, one-time copy/transfer. Much better approach is to consider the public/private key pair as an e-mail address/application specific item, generated directly in, and used only by Thunderbird. - Devise you own method of getting public keys into the hands of your correspondents and of their authentication and termination. - Even if you use a mail attachment to initially send public key to a correspondent, remember to turn off default "attach key" for all subsequent messages. Likewise, do not sign messages by default, but only when there is a good reason to do so. - If at all possible, do not depend on Thunderbird to protect your private key; instead, place your complete mail profile directory hierarchy in an encrypted container. With the above, and due to its popularity, Thunderbird has a reasonable chance to increase that minuscule fraction of encrypted e-mails. ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: TB weirdness
Am 24.02.2022 17:59, schrieb Robert J. Hansen via Gnupg-users: Sounds like a defect to me, do you have a problem report ticket with Thunderbird or a forum entry which described the problem in more detail (like which version is affected). It turns out the actual behavior is a little different than I originally described. If you have a valid certificate with a given email address, and a revoked certificate (or certificates) with that same email address, it will silently add the revoked certificates, as well as the valid one, to your email. This is still a bad idea. On the other hand, Thunderbird now says it's a deliberate choice on their part, so... In one word: broken by design. :-( ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: TB weirdness
On 24/02/2022 16:59, Robert J. Hansen via Gnupg-users wrote: Sounds like a defect to me, do you have a problem report ticket with Thunderbird or a forum entry which described the problem in more detail (like which version is affected). It turns out the actual behavior is a little different than I originally described. If you have a valid certificate with a given email address, and a revoked certificate (or certificates) with that same email address, it will silently add the revoked certificates, as well as the valid one, to your email. This is still a bad idea. I can confirm this happened to me when I specifically ticked "Attach my public key" in TB's composer - it also attached the revocation cert for an ancient key that I still have in my keyring but never used for anything. -- Andrew Gallagher OpenPGP_signature Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: TB weirdness
Sounds like a defect to me, do you have a problem report ticket with Thunderbird or a forum entry which described the problem in more detail (like which version is affected). It turns out the actual behavior is a little different than I originally described. If you have a valid certificate with a given email address, and a revoked certificate (or certificates) with that same email address, it will silently add the revoked certificates, as well as the valid one, to your email. This is still a bad idea. On the other hand, Thunderbird now says it's a deliberate choice on their part, so... ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: TB weirdness
Hi Vincent, Am Donnerstag 24 Februar 2022 13:27:08 schrieb Vincent Breitmoser via Gnupg-users: > > Overall I believe that attaching pubkeys (like autocrypt proposes) is not > > a good idea (the arguments put forward elsewhere). > > For the record, Autocrypt does not attach public keys, it includes them in > headers. Thanks for the correction. > I concur that attaching public keys is a bad idea. I've meant that conveying the pubkey with each email is suboptimal, may it be in the header, as attachment or elsewhere. This is what autocrypt does if I remember correctly. > I haven't tested this myself but from a quick check with someone who uses > Thunderbird they couldn't verify this claim. Maybe this just happens on > some versions? Either way I wouldn't assume it's intended behavior. This is helpful information, I agree that we should have more specific information because we can "warn" about the behaviour. Do you know which version was tested by chance? Best Regards, Bernhard -- www.intevation.de/~bernhard +49 541 33 508 3-3 Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998 Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: TB weirdness
> Overall I believe that attaching pubkeys (like autocrypt proposes) is not a > good idea (the arguments put forward elsewhere). For the record, Autocrypt does not attach public keys, it includes them in headers. I concur that attaching public keys is a bad idea. > apparently, Thunderbird is a big fan of attaching public certificates > (and/or revocation certificates, for revoked keys) to outgoing emails > for *every private certificate on your keyring*, regardless of whether > that private key is actually associated with the account in question. I haven't tested this myself but from a quick check with someone who uses Thunderbird they couldn't verify this claim. Maybe this just happens on some versions? Either way I wouldn't assume it's intended behavior. - V ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Who protects the private key (was: Changing the encryption algorithm used for PGP/GPG private key)
Am Sonntag 20 Februar 2022 09:30:36 schrieb Daniel Colquitt via Gnupg-users: > I agree with you, and Robert Hansen above, insofar as there is no practical > weakness in using SHA-1 as part of a key derivation algorithm. (for protecting exported private keys) > Nevertheless it does seem imprudent to use a formally broken hash function > by default, whilst silently ignoring options that users would reasonably > expect to change the algorithms used. The point, as I understand it, is compatibility. Exporting and importing a private OpenPGP key is expected to work for many implementations and over several software revisions and years. So adhereing to a standard (OpenPGP in this case) seems a good choice. You can use additional protection layers, as Werner suggested. This seems also reasonable from a usability point of view as exporting, transfering and importing of private OpenPGP keys is a rare process. Best Regards, Bernhard -- www.intevation.de/~bernhard +49 541 33 508 3-3 Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998 Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
PGP is a proprietary Broadcom product (Was: Can't synchronize keys using Seahorse)
Am Donnerstag 17 Februar 2022 17:18:58 schrieb Robert J. Hansen via Gnupg-users: > or whichever corporate entity owned the PGP intellectual property at the > time. Network Associates gave way to PGP Security gave way to Symantec > gave way to... As far as I know, it is Broadcom since a few years https://techdocs.broadcom.com/us/en/symantec-security-software/information-security/pgp-solutions/1-0.html A reminder again to use "OpenPGP" when refering to the open crypto standard. Regards, Bernhard -- www.intevation.de/~bernhard +49 541 33 508 3-3 Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998 Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: TB weirdness
Am Donnerstag 17 Februar 2022 17:35:53 schrieb Robert J. Hansen via Gnupg-users: > Thunderbird doesn't use GnuPG. For some operations it still can (be configured to do so). Anyway, we do have a wiki page for hints https://wiki.gnupg.org/EMailClients/Thunderbird > However, for those who do: > apparently, Thunderbird is a big fan of attaching public certificates > (and/or revocation certificates, for revoked keys) to outgoing emails > for *every private certificate on your keyring*, regardless of whether > that private key is actually associated with the account in question. > > This has the potential to leak personal information, especially if > you're in a use case where you have two or more keys presenting > different pseudonymous identities. Without knowing it, you might > accidentally reveal you're the common actor behind both. Sounds like a defect to me, do you have a problem report ticket with Thunderbird or a forum entry which described the problem in more detail (like which version is affected). Overall I believe that attaching pubkeys (like autocrypt proposes) is not a good idea (the arguments put forward elsewhere). Thanks for your warning, what about if we put it on our wiki page? Regards, Bernhard -- www.intevation.de/~bernhard +49 541 33 508 3-3 Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998 Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users