Re: Changing PINs of German bank card
Just as a point of interest > I am not sure if this is an intentional limitation of the cards (to > prevent users from choosing idiotic pins like 1234 or their birthday). I know of somebody who had 1234 issued as their PIN for a UK bank account (it IS as random a selection as any other 4-digit number). -- Andy Ruddock andy.rudd...@rainydayz.org (OpenPGP Key ID 0xB0324245) signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Looking for simple wrapper for symmetric key file encryption
I use ecryptfs, as packages are available for my distro (Debian) which
make it easy to install and use.
I wouldn't like to make any claims about best practice, for the most
part I rely on defaults provided by more knowledgeable folks than myself.
Mr. Clif wrote:
So no one got back to me.
Does anyone use symmetric file encryption? What is the best practice
here? I heard of another solution which was to mount an encrypted
directory with fuser to drop files into. I think I would wounder how
safe the passphrase was for mounted filesystems, though I know of some
techniques for protecting them.
Any pointers regarding best practices for symmetric file encryption
would be much appreciated.
Thanks,
Clif
On 01/17/2014 01:15 PM, Mr. Clif wrote:
Greetings!
I've been happily using pgp and gpg off and on for decades. One thing
I never quite figured out was what the best way to use it for
encrypting sensitive files on disk. After doing that one has to
remember to cleanup after themselves and delete all the leftover
plaintext versions of the file, or it kind of defeats the whole
purpose, and its pretty easy to make a mistake when doing it manually.
I always felt that GPG should help you a bit more in that regard. Now
I know that full disk encryption might be a way around this, but it
seems like overkill if you just have a couple of files to protect.
I have searched high and low and checked out GnuPG Shell, GPA,
Seahorse, XAP, and some other misc wrappers but nothing seemed to fit
my use case. So I wrote a simple wrapper in perl. Basically it just
lets you toggle a file between plaintext and encrypted forms without
letting the plaintext version touch/remain on the disk, unless that is
what you want.
#! /usr/bin/perl -U
# This Perl script is a wrapper around GPG to decrypt or encrypt
a file.
#It's goal is to try to prevent plaintext from touching, or remaining
#on the disk, something GPG fails to do. If there is a new file
created
#It will be in the same directory as the original unless you
specify a new
#path in a second arg.
#
#By Clif 12/05/13
#
# External utilities
$GPG = /usr/bin/gpg; # GnuPG 1.4.15
$SHRED = /usr/bin/shred; # secure file deleter
(GNU coreutils) 8.13
# Arguments
($arg, $dest) = @ARGV;
# Break down the pathname
$path = $1 if $arg =~ /^(.*?)(\/[^\/]*)$/;
$file = $1 if $arg =~ /([^\/]+)\/?$/;
$base = $1 if $file =~ /^(.+?)(\.[^.]*)?$/;
$ext = $1 if $file =~ /\.([^. ]*)\s*$/;
# Get destination
if ($dest) {
$destp = 1;
$dest .= /$base if (-d $dest);
$dest =~ s/\.asc\s*$//;
} else { $dest = $path ? $path/$base : $base }
# Is this a planetext or an encrypted file?
if (-r $arg) {
if ($ext eq asc) {# Encrypted
if ($destp) { system($GPG -o $dest $arg) }
else{ system($GPG -o - $arg) }
} else {# Plaintext
unlink ${dest}.asc;
$err = system($GPG -o ${dest}.asc -ca --cipher-algo AES256
$arg);
if ($err) { print ERROR = $err\n }
else { system($SHRED -un9 $arg) }
}
} else { warn No such file: $arg\n }
# All done
Obviously it could be much more thorough but I just wanted to get the
idea across. I was also thinking about adding a RAM based editing
feature but I didn't want to reinvent the wheel if someone knows of a
similar project.
Thanks for any comments you might have,
Clif
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
--
Andy Ruddock
andy.rudd...@rainydayz.org (OpenPGP Key ID 0xB0324245)
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: certificat for a key pair
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Henry Hertz Hobbit wrote: On 05/29/2013 06:12 AM, edgard devaux wrote: hello using Gnupg with linux debian 7.0 and gnome; i created a key pair. my e-mail client asks me a certificat for personal to sign , and an other certificat for the key. How can i get this certificat for keyring , i don't find where . excuse my english (i'm franchman). thanks edgard Thunderbird: http://wiki.debian.org/EmailClients If you are using Thunderbird, do NOT install enigmail with an apt-get with a sudo! Also do not set up one common folder but have separate email sections for each POP or IMAP email account. Another way to add enigmail to Thunderbird: https://addons.mozilla.org/fr/thunderbird/addon/enigmail/ Add it as yourself, not as root. The apt-get way of doing things here may not work. You end up installing it in the system thunderbird (/usr/lib/thunderbird) folder. You want enigmail installed in your ~/.thunderbird folder. Once enigmail is installed, you can specify specifically what key you want used with each email account by clicking on the email account and then view settings then OpenPGP. I've installed enigmail using apt-get, as recommended by Debian - otherwise not much point in a .deb package, and it works perfectly. The advantage of installing this way is that it is installed for all users and both IceApe and IceDove take advantage of the same installation. Cheers, - -- Andy Ruddock - andy.rudd...@rainydayz.org (OpenPGP Key ID 0xB0324245) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJRpneSAAoJECqtbbewMkJFWkwP/1KnOHDLWRcjZcf9sfov9nDM GsNjZwknIBYyDc+1qHM5954tKlvBTCD4IlL9LXuE5Oklmzn4wqSPMYEj33PRK1Im DxLJxMvEpc09NpLAy0x5A+n0p2c3THBNhEQROQ6ePML4bNPXWFhDIWWHetQB53c4 Id7Wjx9pTZToJA2Jn/jyWPRWIkHiVbCkeoL4m3sQ5ZUBN0ZzkOnDBZLGfcwlysSH sYZf1QSPbPGlt1mxr4k4r9ZcTLqbZFSuP8Om5W8+UIFYFV4YC1X+u7Ro1dF8tE+9 QENY9qdzJlAok6wTsUhAUBcZTKUJOQnPFXAcLPQN+bYCGbaxtaBy0BjcpCEIURrK JEDOdWXdujDTtMNMIm2r8lqxOJN51pIzu9HRJ5CAYKBgDnnBA4tBLJz90n7t4nbF fdYBpav6OgfZH/3tXUsfOZw+g1cjVUEr4ua3JcYBRIRa+gxpGba7cRzkqtrS35gZ SW89SpTGQq2gnhTqppjsoWtLkgsCBOhGvxlhcUyFtUzc5yVJQDWLl7c63IJyolPq /vD79TjBDYviw43XgytqK6vNqylPUu+YwK9j6gREkZLE8MyonBFW6mvnpjuFqiDq 1IjuE5TZY/RtSPgEzZdCLiHII4m1C3PeH/U8kwe9g+DPwPDP/sQyZpfinAdPTjF4 k6+Sg4a7g4FRiqNDXeNh =d1Im -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: US banks that can send PGP/MIME e-mail
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 m...@jama.is wrote: On Friday 22 February 2013 19:24:44 Anonymous Remailer wrote: Have any consumer banks in the US figured out how to use PGP, so monthly statements can be trully *delivered*? The only bank I know that is able to receive pgp encrypted emails is the German netbank. But they don't sent out pgp encrypted emails to their customers. There is a nordic bank that generates s/mime certificates for its customers. Because everybody has to have a registered address (at least in Norway) they send a password to that address. You have to present the certificate to login on the web. - -- Andy Ruddock - andy.rudd...@rainydayz.org (GPG Key ID 0xB0324245) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJRKLfEAAoJECqtbbewMkJFy7MQAKF5ShSJmWu6rsuNWDBP9m+E qh+Xq5HFtkha8b7UK4+9mvNqNu2QGzXMufoxmRpiWDiWiKdPaZDVi22qh2BFcSam zLu+tlnDb8qdQeEeXDa58/0idxw/Et/VBINLLHubOERAezz9BIlrBM3XU6kRPRtF kQ0kqoFmzXYhq4gTL2RMf570M4GSS2CfTbWqup1+ArbiSeOdTb9GIbDebwMW6IrV nebwDWc8NiV3I2SkiWGhBROvMAtA2YcIuSEBcsdUNPZFftTzcvxC/wym6+SCQgRc AIibz5SLVaLZsnIbC/H62XGufz/bDINim03pnvTinEbgtqkUQLyxGs7RUZp/FVVC cs12/hmCkT350RSgk44yooFQ7Kx843d11KSofBIvMwLWSRue0qw+h0aGiOBV7WHa XaIEvJz83jVoH378WDcf8BffFdO+DtFoAob9VdJJoHarXPTw8kPHRqR2HL6Bcsfd MZ4VA7IoJz3xpW6XhrFL9z05Lnqno6bB9mDjcQtXMR1su0rDgGD1nCf4HSaVY9Lw u/RNcCzT7qHR1/dhKBzCUIaPyBquD7ml6SPLh791SJ1ZTs3yVf3AmTX/d6NEbAuo L/tpg/7EHdbUWz9Tu7IVQJ6XqdVi56Z9455C7MHQoIGpxMnUp7ftTFAII11vgyEh gu1OsmAvHsWkpGdHi1xQ =7KPs -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: US banks that can send PGP/MIME e-mail
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jerry wrote: On Fri, 22 Feb 2013 20:55:57 -0500 Robert J. Hansen articulated: On 02/22/2013 01:24 PM, Anonymous Remailer (austria) wrote: Have any consumer banks in the US figured out how to use PGP, so monthly statements can be truly *delivered*? [snip] My bank and credit card company, sends me a monthly link to a secure URL that affords me the opportunity to view my statements. I also have the option of downloading in PDF, CSV or MS Excel format my statement. I have never received a plain email statement detailing my banking records. Unless I am seriously misreading this thread, I am not sure what advantage either PGP or S/MIME would afford. The point being that you get a link. If the banks used PGP or S/MIME then they could actually send you your statements. - -- Andy Ruddock - andy.rudd...@rainydayz.org (GPG Key ID 0xB0324245) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJRKNK+AAoJECqtbbewMkJFFhgQAJg0hLk8qlULy1Q6PklWVLjh f/ZAdoYnt3ywDdbY3muX7KduSfhjVEUJJnm4oM0v6ivMqul7HT+6cB4/6ML/rtR1 Hf073dVMi8VhEWcMxxm6KS/9vORVpE2zUHhfR/FCkkJLy4cVIwTou0pljwPhsOud dVj5gaynQpjMSUSNF9WfxL3LEB2l29j5iLWWS5LChnJzpstkKAkW/tlnuEf/K5Ns aKmP4TsJJDeh/nCbbry68j3eY2gVT2V4JVLdfpwf0NnHa4uD6hikh+a6Hn09MTe8 lpBi/jXv0fs8ApXq9VAqmzs5tJ0bwNV9b5TBdUaEupx4fRAhhnIxjL5S4cw4payo FwyKDoepzMj5a+q+6szDKn5D/FP5Wi+lat7TwfNxxMw4HqOHn2Jau2y8846WFNlL e8xiPneRTkI5OlannjFVEV7BFlHTFw2XhrpjZMU0ceBpvoHyEx1nm3hHdOPjFkpd h/WY7cUZJudGAgTwuY68M6ACRKWYNZ0THk1S4hvB4IoRIW1mGtnGW9Zh3SLZ03OS TIfCvXLkD4XrQ9OfdFMVVWMj1mpQ9M/GFDKJ4Kg6OzX6tJVxu7liVD09lRD1nQRO MXXuME8eZr0sqFWxNpE79PyEoUfN3qujfGMtcEAXuAh6T6YF9AWR/hteVkfIHswX tqYz9lqObnl9GFdc5Kms =3Lqg -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: why is SHA1 used? How do I get SHA256 to be used?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Robert J. Hansen wrote: On 7/9/2012 10:04 PM, vedaal wrote: which open-pgp implementation can't read/verify SHA-256 PGP 8.0 or before. SHA-256 was introduced in 8.1, if I recall correctly. There are still a *lot* of people using 6.5.8. I used the information in this article : http://www.debian-administration.org/users/dkg/weblog/48 If there are errors or omissions I'd be interested to learn, as the article is now over 3 years old. - -- Andy Ruddock - andy.rudd...@rainydayz.org (GPG Key ID 0xB0324245) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCgAGBQJP++7MAAoJECqtbbewMkJFUikQAIqZvd1GpSwLxzhkFiaVyt5J igyqJeC/ad2ZVdrAhL+39LHnpeh4hrmpHriDH9bamHzEGS46Z3YH2OyN4eRdszOc 0WHrWTRL+ZmswR9zz5RdCpBb9OgHJ7IXhP5xvrLFu13yqCc1HdF3RgLijH8E4JMv 7FttDIFrllf0dOW6X3ZFXbVazsvvc1QzILc4Io76pAZq/KuS7Snr/nTVMts3MpvL YUy7UeqzSTAkqIFAvgRmP6rfd+gVXeJiUc2hio/2cD+/0mzAwrnfsbipRsjvkYNi 3Irzd4qaIoqi5LOlQ6f0wFGoiuqQPKSlr74TApvv4PEBDoziVzqywI8tlNx1keeS gUsD1BV2Q1I+gm/skOoIIqYvXVV8aMouey6OZ6Dtzw1QH4UJOe2F7kx60pvyDpQe tllRdxsxrHmoHXLrNOYoY7Ncpia8soEUkvIX8ZVG40PNhIPxRlFTD8tWJSt+YNe1 X9OaVWUiIA3QveDPszeyfXlQwTK0dlUfJB0zZI16kTaSpPn1wIYaX2q8sKYgFtfA 0UAGCpkGCfMa2eDE5RILyNEYj6d1eKJ8kCGwyQKLu6O3ck8rfEAx29W1sMa6n/D4 JdEqOl8CoVF5LhRFtzfO85gKLaotv1vsfCAsZfC8R+w8dhQZN9pdrHp3KmykrQM9 LunQ9W3QGT1CnVDcawnX =kBZf -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ideal.dll // fixing thread breaking
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 ved...@nym.hush.com wrote: ok changed to individual digest mode, and replying directly (hushmail default of 'reply' is to individual user and cc to list) hope it works, if not, any other suggestions to try in hushmail? TIA vedaal I just set up a free hushmail account, using the web interface you don't get an In-Reply-To field in the header. I couldn't find any settings which would enable this. So, if you're using a free hushmail account then I guess you're going to continue breaking threads. If you're a premium user then you can use pop and/or imap and a different mail client. - -- Andy Ruddock - andy.rudd...@rainydayz.org (GPG Key ID 0xB0324245) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCgAGBQJP6zq4AAoJECqtbbewMkJFTBYP/j1PuZPmanl4a3JwYFqsfoMz glaFefOykEaeIGafaEd8ZiYbDJvULST3HkqLG/Odxl9yhFiBwC+wruAu8bmPs2qp 6wooXyfmeTzns3CENyl07+3jwmBobTGfeG+Ast4FxOXjEWfrCliBtIDTJsnH/17Z Hu95hQxQjLDEh14YxqapezW5Ve3q37B8vL/mSgoPr9B3sf16YLGcpz5jcebwFtvv Uyxw4HVILtfABd0tLWpCG6DKeyXZHcaL3Qg4PqhR6sObR8ycxVxy6eNFDVd5GeI1 aOJu81tMKSNXMehrh4xodG/WIZgMSUGw/Ho+mTTm5psw5aG2PM3j0qoPgbJVqsf9 xH4OE1Z2RJjMGXNRrVHhH2f8B2eXObPfHYYB4BmDhXSg+y22lSgjJfKT3q7Hpjaz loiNMUorN+OXXxomNFbGbkR0WJT5/apePKkPwSGRI9OxCFKE23xi4X34pWfjB8fY cFKksUcdtbYorXS33/M1o5+fEP0Zxo1e8Ugi1uTu6kRNKkFTZtqP/rzJR1z1RdPe pkYxG4Jl/ehe+5L7qCsnprIEaWOhWg2gGF3ujK30XVAEEbBe0EbWcvP2Zr+5bG2c vFdx4tDyV7iQpfCrmhvjbomQKF5JsCmyc4cALnBoDRyyWkypZrdhsN2J7tgQmv2N VeEmO6NVMk11+cUWBJeT =c2Cy -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
