What could make GnuPG + Enigmail "easier"?
There's been some discussion both on and off this list about the fact that people don't use GnuPG (even with Enigmail) because it's 'too hard'. I have friends that are reasonably intelligent who just can't figure it out and, for the life of me, I just don't see why. Don't get me wrong, GnuPG by itself can be confusing. Who wants to compose in a text file, drop to a terminal, issue some archaic command, open another text file, then copy and paste the results into a new document just to able to send an email? That's pretty rough and there's no reason any user should have to do that in 2017. But they don't! I've used GnuPG and Enigmail for a few years now and I only drop to a terminal when I /want/ to do so at this point. Encryption, decryption, signing, etc, never 'requires' it and, for the most part, the software 'just handles it'. Sure, if I add a smart card to the mix that complicates things but most people aren't going to do that. So I guess I'm asking "what's so hard about GnuPG/Enigmail these days and what's stopping us from making it better"? Anthony ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Still trying to troubleshoot --refresh-keys error
For the last few weeks, I've talked about how, when I try to refresh the keys on my ring, I get an error from GnuPG. Today, I noticed a message that I hadn't noticed before and I strongly suspect this might be the cause of the problem I'm having. When I issued the gpg2 --refresh-keys command, GnuPG connected to the SKS pool and sent a request for all the keys on my ring. At the end of the refresh attempt, I saw the following: gpg: no valid OpenPGP data found. gpg: Total number processed: 0 gpg: keyserver communications error: keyserver helper internal error gpg: keyserver communications error: General error gpg: keyserver refresh failed: General error IIRC, Stephen mentioned something about the helper program the last time I posted. This seems to confirm that. However, since it's not giving me much information, I can't really troubleshoot further. This is GnuPG 2.0.3 (GpG4Win 2.3.3) on Windows 10. This issue DOES NOT happen on Linux. Can anyone offer a bit of insight? Thanks, Anthony -- VoIP/SIP: 1259...@localphone.com Skype:cajuntechie XMPP/Jabber: papill...@dukgo.com PGP Key: 0xCC9D1E072AC97369 Other Info: http://www.cajuntechie.org/p/my-pgp-key.html signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Trying to figure out what's going on with a key update failure...
On 11/25/2016 4:02 AM, Stephan Beck wrote: > Hi Anthony, > > Stephan Beck: >> >> >> Anthony Papillion: >>> Hello Everyone, >>> >>> When I run >>> >>> gpg2 --keyserver --refresh-keys > >>> >>> Can someone tell me what this error means and how can I fix it? >> >> Which gpg2 version are you running? 2.0x or 2.1x? > > sorry for the delay in getting back to you on-list. > [Could you please send me the error output you get when decrypting the > encrypted message I sent you yesterday, telling you that I had problems > in checking keyserver's connection as well, it's just that I'm eager to > know and I want to exclude key compromise]. No problem. When I try to decrypt your message, I get the follow from GPG: gpg: invalid radix64 character 2D skipped gpg: invalid radix64 character 2D skipped gpg: invalid radix64 character 2D skipped gpg: invalid radix64 character 2D skipped You need a passphrase to unlock the secret key for user: "Anthony Papillion " 4096-bit RSA key, ID 0x002919C90AF4A3BC, created 2016-10-12 (subkey on main key ID 0xCC9D1E072AC97369) gpg: no valid OpenPGP data found. > In order to get the details of the communication of keyserver helper > programs with the keyserver you should use the --use-temp-files and > --keep-temp-files --keyserver options. > > For example, I tried (a hundred times, with variations) to refresh your > key attempting to log keyserver<->helpers communication to check it > myself before giving advice After some testing, I found out that the keys were, in some/most cases actually getting refreshed. I'm going to try with the new options and see what information I can coax out of GPG. Anthony -- VoIP/SIP: 1259...@localphone.com Skype:cajuntechie XMPP/Jabber: papill...@dukgo.com PGP Key: 0xCC9D1E072AC97369 Other Info: http://www.cajuntechie.org/p/my-pgp-key.html signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Trying to figure out what's going on with a key update failure...
On 11/23/2016 3:10 PM, Stephan Beck wrote: > > > Anthony Papillion: >> Hello Everyone, >> >> When I run >> >> gpg2 --keyserver --refresh-keys >> >> I get a list of all of the keys in my keyring with the message that they >> have not been changed (this is expected). At the bottom of the output, I >> see the following message: >> >> gpg: Total number processed: 31 >> gpg: unchanged: 31 >> gpg: keyserver communications error: Not found >> gpg: keyserver communications error: Bad public key >> gpg: keyserver refresh failed: Bad public key >> >> I assumed that I was getting this message because a key lookup failed >> because it wasn't on a keyserver but someone on another list said this >> is not the case. When I look at all of the output from the session, >> nothing indicates any problems with any of the 31 keys in my keyring. >> >> Can someone tell me what this error means and how can I fix it? > > Which gpg2 version are you running? 2.0x or 2.1x? If it's the former, > gpg makes use of the "keyserver helper programs" to connect to > keyservers, whereas using the latter implies Dirmngr being in charge of > it. Depending on that, the ways to get the required information needed > to analyze and (possibly) resolve your problem differ. > Or do you already have all that information when you say >> When I look at all of the output from the session I don't have anything besides what's displayed when I try to refresh the keys so I probably will need to tease more information out of the process. I'm running the 2.0 branch (specifically, 2.0.30). Are there commands I can use to extract the information you mentioned? Thanks, Anthony -- VoIP/SIP: 1259...@localphone.com Skype:cajuntechie XMPP/Jabber: papill...@dukgo.com PGP Key: 0xCC9D1E072AC97369 Other Info: http://www.cajuntechie.org/p/my-pgp-key.html signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Trying to figure out what's going on with a key update failure...
Hello Everyone, When I run gpg2 --keyserver --refresh-keys I get a list of all of the keys in my keyring with the message that they have not been changed (this is expected). At the bottom of the output, I see the following message: gpg: Total number processed: 31 gpg: unchanged: 31 gpg: keyserver communications error: Not found gpg: keyserver communications error: Bad public key gpg: keyserver refresh failed: Bad public key I assumed that I was getting this message because a key lookup failed because it wasn't on a keyserver but someone on another list said this is not the case. When I look at all of the output from the session, nothing indicates any problems with any of the 31 keys in my keyring. Can someone tell me what this error means and how can I fix it? Thanks, Anthony -- VoIP/SIP: 1259...@localphone.com Skype:cajuntechie XMPP/Jabber: papill...@dukgo.com PGP Key: 0xCC9D1E072AC97369 Other Info: http://www.cajuntechie.org/p/my-pgp-key.html signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [admin] postings from non-subscribers
On 11/7/2016 2:47 PM, Ralph Seichter wrote: > On 07.11.16 19:06, Werner Koch wrote: > >> Our mailing list admins are moderating posts from non-subscribed >> posters. For many years they are doing this without getting much >> attention - time for a big KUDOS to them. > > That's quite unusual. Thanks to the list admins for their work. Still, > I personally (!) don't think there is any need to accommodate non- > subscribers. The whole notion of "I want information but cannot be > bothered to subscribe" rubs me the wrong way. I tend to feel the same way. I've never understood that mentality. I mean, it literally takes less than a minute to subscribe then less than another to unsubscribe. You really want information but it's not worth two-minutes of your time to get it? Must not be really important to you then. Still, their willingness to moderate non-subscribers shows how much our moderators rock. Most mailing list I belong to would never do this. This sets our mods apart! Great job guys. Anthony ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Question about using GnuPG on Windows 10
I know Windows 10 sends a lot of telemetry data back to Microsoft for analysis. The data sent to Microsoft, in some circumstances, also seems to be keystroke data to help make certain features of Windows 10 better. How does GnuPG play into this? Is there any evidence that GnuPG password entry is not part of the keystroke data sent to Microsoft? Does GnuPG take any steps to avoid this? Can it? Thanks, Anthony signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Why would I want S/MIME?
On 9/12/2016 2:10 PM, Robert J. Hansen wrote: >> I understand what S/MIME is and that it's probably the easiest crypto >> solution for most email users. But why would someone comfortable with >> GnuPG use it? > > There's a subtle point here. The question isn't whether you're comfortable > with GnuPG; the question is whether the people you want to send email to are > comfortable with GnuPG. > > I use S/MIME literally daily at work. My co-workers like S/MIME because it's > close to an "it just works" solution. Few of my co-workers have been willing > to learn GnuPG. Your points are solid. I think that I might not have asked the right question. Let me rephrase: Assuming everyone is willing and comfortable with using GnuPG, is there any compelling reason (aside from easy setup and use) to use S/MIME? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Why would I want S/MIME?
I understand what S/MIME is and that it's probably the easiest crypto solution for most email users. But why would someone comfortable with GnuPG use it? Does it offer any advantages over traditional PGP keys? If I understand correctly, it's a certificate that much like a SSL certificate. If that's the case, doesn't it suffer from the same weaknesses that SSL certs currently suffer from (like double issuance, etc)? Why would I want to use S/MIME? Thanks, Anthony -- OpenPGP Key:4096R/0x028ADF7453B04B15 Keybase:https://keybase.io/cajuntechie Other Key Info: http://www.cajuntechie.org/p/my-pgp-key.html XMPP/Jabber:cajunt...@dukgo.com VoIP/SIP: 1259...@localphone.com signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Confusion about a statement in the FAQ
On 9/10/2016 6:04 PM, Claus Assmann wrote: > On Sat, Sep 10, 2016, Anthony Papillion wrote: > >> I send an email to someone using Gmail, how does Gmail route it if the >> headers are encrypted? Or would the "to" be one of those things not > > You might want to read the RFCs about e-mail: headers are not > used for mail routing, the envelope is (just like "snail-mail"). I've been using email for nearly 20 years and TIL something new. I've never read the RFC before now. Thanks for the pointer. Pretty cool. Anthony signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Confusion about a statement in the FAQ
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 9/10/2016 4:00 PM, Robert J. Hansen wrote: >> I'm confused by this. What does it mean? What does 'armor the >> mail headers" mean? Is this the same as 'encrypting' the mail >> headers or does it mean something else? > > It means there's a way to cryptographically protect most (but not > all) email headers, which foils many kinds of metadata analysis. > > At present I don't think any email client supports this > capability. However, it's planned for Enigmail and other clients, > and it's a good reason to use PGP/MIME instead of inline. Hmm, OK that's kind of what I thought. But I'm still a little confused. Doesn't the email server have to support it? For example, if I send an email to someone using Gmail, how does Gmail route it if the headers are encrypted? Or would the "to" be one of those things not encrypted? Anthony -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJX1HjfAAoJEAKK33RTsEsVHi0P/3pvxxom79zB0C3HjRXsuGiD Lkic5Q6ZTlU8T6OHW82eg30tx6sduss8WSdJqtaLBkY+ob2aIPFW6sP+sekYCjDd Y6k8dmRZmq7M0obt7MCOy+GN54PtUXl49JIUA9969NuayRD6nLmrBmUOTi/2Alup Z+IgjkWo7PIoSo1nJW8r9iEaEQIRix7l0Lv+7+mI0mLfoBfuvfeTYeQYVvS4Xy9X ldwbgf04lu3FQUEPAdu5OHXiNHzNbtq96g+Z9TovUHS3rlpM0vdAnSS0tf+V1l1W Z+KRDx3tQZD2Dh6DZpaPuyuZQt2pbaHT1DqBWx4FdIhY6EIzMu02xwJLL5MZDAlb N2FLO8S/98Ruzk4Oo4rxCFHviIwd9SVIr81ZDIeGUNvz3xvAxKs9M4cABPTc0T94 oM5sa6DWnWw8omKuy3aDNFoozL8qICf1GSLKtcmns97SuhGquJxTDTEkHykBuDIt GWev2+QCha7fQSPInSO71jtH32YANpitEjW6HMrZzcC6QPOMQrNeKxu2BKs77UUm ai/0hPGtmEW4AO/N3h4lyi6jqSZVtNQvtZjvE0S8VTdSDFCTAcfRlxRJOFbCC7ir /mkhX+aAmdIQ7rRbAW3u8+C8kp0cstsLJ+pdjVGr++edsaDCktveEvJa2IBxubgM vI23TVNvR0OZJosgdgmG =JGbA -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Confusion about a statement in the FAQ
Hi Folks, In the FAQ on the gnupg.org site there is a discussion about whether it's acceptable to use PGP/MIME. The FAQ says yes and has the following statement: "Almost certainly. In the past this was a controversial question, but recently there's come to be a consensus: use PGP/MIME whenever possible. The reason for this is that it's possible to armor email headers and metadata with PGP/MIME, but sending messages inline leaves this data exposed." I'm confused by this. What does it mean? What does 'armor the mail headers" mean? Is this the same as 'encrypting' the mail headers or does it mean something else? Can someone explain this statement to me? Thanks, Anthony -- OpenPGP Key:4096R/0x028ADF7453B04B15 C5CE E687 DDC2 D12B 9063 56EA 028A DF74 53B0 4B15 Other Key Info: http://www.cajuntechie.org/p/my-pgp-key.html XMPP/Jabber:cajunt...@dukgo.com VoIP/SIP: 1259...@localphone.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Keybase integration with GnuPG?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Are there any current plans to integrate Keybase.io into GnuPG at some point in the future? In my mind, doing so might present a bit stronger validation that TOFU and a lot easier use to newbies than the WoT, which is pretty much useless if the person is new to PGP. Thanks, Anthony - -- OpenPGP Key:4096R/0x028ADF7453B04B15 C5CE E687 DDC2 D12B 9063 56EA 028A DF74 53B0 4B15 Other Key Info: http://www.cajuntechie.org/p/my-pgp-key.html XMPP/Jabber:cajunt...@dukgo.com VoIP/SIP: 1259...@localphone.com -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJX0va9AAoJEAKK33RTsEsVOAoQAKqXFzs1ABV3pcyLFyk6Ceu4 jT23oL2kaGtu7pJtFLGOQdUooUzwKbBV6q2nLFhd0OEulFeYyR3gdpV2K6RdWLvk NnfNGzIeUPaXNhV2kGm0ibaZOjL+JuZEFfo5kC+qiXINDoP/OXyetmrVCN8G8OwQ 6bXtK5NAlZv6Z/XYoGUdCkk/S7lpYBw/ycmzvfR/xWQAwUKxRlZdbfSpCT4M5fpq Nnt38nNsUv5uR9U/AleimiET/lpNVl0Iz6dqgrISnbbJOUw3AzYt6yRWqEzTmOha GjrQ7j77G/d7q4c+tcfw9BXNkFQWCnbGSsJ/It0zr46TGhsWVf08hh8Fl8+p/3I1 +pe5ZydK3itdgk/u2b9tw6nj1/IrSega7QVDvoDgcVioWKwx8OUbB6YjE/6FeBg3 NxFtI8c74I1qmKThF9mSnBFx6fJOoiz/ydcQlRrFd/6aWkwsh2dViGz+UpmRaDD7 /6HT7UUvszOhn0ewo4kokDb5zWtF6xdrXwnCd2V+pMz2hgk1lXUpd/cG6dX5XZ4g XSQxStBJVjxo5HhBPM6nBCea5X7HzLTtSpdsXthhVnoVhkhiPYOMddaSk3zc4Reo zez8CgMB22QwKtIH+42mKCVfl54EJtPWfjFNXusIRfMM+HL4Ke/gzaxTjblMvhyC 1B/LanuL3pT7QNpjy34t =o7AY -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Is the bug tracker maintained at all anymore?
So I just went to the public bug tracker and was greeted by a page full of Quickbooks spam! Does the project even maintain the bug tracker anymore? If not, I'd suggest getting rid of it as that looks /really/ bad! Anthony -- OpenPGP Key:4096R/0x028ADF7453B04B15 Other Key Info: http://www.cajuntechie.org/p/my-pgp-key.html XMPP?Jabber:cajunt...@dukgo.com VoIP/SIP: 1259...@localphone.com signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Never mind :-)
So I just looked and saw that all of the spam in the bug tracker is from the last hour to hour and a half. Someone probably just hasn't had the time to clean it up yet. Spoke too soon. My apologies. Anthony -- OpenPGP Key:4096R/0x028ADF7453B04B15 Other Key Info: http://www.cajuntechie.org/p/my-pgp-key.html XMPP?Jabber:cajunt...@dukgo.com VoIP/SIP: 1259...@localphone.com signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
OpenPGP.conf streamed?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I just realized that OpenPGP.conf is coming up in less than a month. Unfortunately, I won't be able to attend. Will anyone be streaming it live? If not, will there be videos posted? Thanks, Anthony - -- OpenPGP Key:4096R/0x028ADF7453B04B15 Other Key Info: http://www.cajuntechie.org/p/my-pgp-key.html XMPP?Jabber:cajunt...@dukgo.com VoIP/SIP: 17772471988...@in.callcentric.com -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXvjY0AAoJEAKK33RTsEsVEhMP/AjV7gpCCRgO6AEfDg+vox4B dnHrdpRVw9SZgpWC033AexNW967h9dC/JrV51Go3ZHXTPs5diR/bBYOMhJUAype/ XFXlvLOxv4hPylVchkHGIjrRiQCtM/K7ux1ECm8mqB8LqFBO6Yl3ERTWeqO8Uu7Y SNqXwUSI0ptEroMs4XJrNXA3eaR2+5TWLANjblbQT5QwX021vbtRw8DMs44Xcd4R isAZ1oIDZJIGXMk5/w1qadvXVQ8hZ82TD1QqRzmdpKzyuTSliuBLkqiICW7qjmoN 1JvIPRD5Ru61GOKxkwPDhY7XeFvhSYqC3hkU3aQV8GpjtVR9NpNTFLqFaFuQnlKU Sth/GUffIIJBD8U0dhH30h7/kPkw6F40tWyS9U2NGcyl5hS9NCHvcuaD3xfRKzOe A+fjsMXcwnS7dTQNZaAJFvR5PjEsfFiPg3r9h0MtFrAH9A1Xv/IKPNK5mZVJEzNN BUzgNbXzNTfW0Vozj8QZFCTpeTq6y6ZNVTFrd7QokAAkxwPTMCl4H7DQ7vAsTNKo Kv8hyNombBFtAOz7H5ayNej8n1GziTzcRsakvsmPkSskIgVnimY5MQ9igrJ3ioNp DDbh3AylLo9GsN0DgcgGcQdZ1joLp1N7EsmwWi7HiPoMg7/P6fpTPrtguejXR3H5 ivK08QxkWDeWJVzf0s4P =VHOS -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: AW: OpenPGP Smartcard recommendations
This looks exactly like what I'm looking for! Thanks for the recommendation. Definitely going to get one. Many thanks again. Anthony On 8/22/2016 10:38 PM, cornelius.koelbel wrote: > > Hi Anthony, > > You may also take a look at the Nitrokey. Kind regards Cornelius > > > Cornelius Kölbel +49 151 2960 1417 > > NetKnights GmbH Http://NetKnights. It +49 561 3166 797 > > > ---- Ursprüngliche Nachricht Von: Anthony Papillion > Datum: 22.08.16 23:22 (GMT+01:00) An: > gnupg-users@gnupg.org Betreff: OpenPGP Smartcard recommendations > > Hello Everyone, > > I'm wanting to solidify my key security and I'm just not > comfortable with having my OpenPGP key on my computer all the time. > So I'd like to move to a smartcard solution. > > I've gone to the kernelconcepts.de page and tried to contact them > but it looks like the domain simply isn't accepting mail and the > site might just be a zombie. So I decided to come here and ask as > well. > > Can anyone recommend a solid OpenPGP smartcard solution that meets > the following criteria: > > 1) Supports up to 4096 bit RSA keys 2) Generates keys completely on > the card 3) Can sign, encrypt, decrypt 4) Preferably has some > tamper resistence 5) Can import an existing RSA key > > Also, since I'm pretty new to smartcard solutions, I'm also in the > market for a reader. If you have any suggestions for one of those, > I'd appreciate it too. If it makes a difference, I'm in the USA. > > Thanks, Anthony > > > ___ Gnupg-users mailing > list Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OpenPGP Smartcard recommendations
Thanks for the reply. I have an older Yubikey Classic and still use it to this day for a lot of things. It's awesome. I'll definitely take a look at the newer keys you mentioned and see if they are something I could use. Thanks for the recommendation. I might also join the FSFE. Does it matter that I am not in Europe (I'm in the USA)? Thanks, Anthony On 8/22/2016 7:54 PM, Karol Babioch wrote: > Hi, > > Am 22.08.2016 um 23:22 schrieb Anthony Papillion: >> I've gone to the kernelconcepts.de page and tried to contact them but >> it looks like the domain simply isn't accepting mail and the site >> might just be a zombie. > > I'm pretty sure you've done something wrong here. I just placed and > received an order last week. > >> Can anyone recommend a solid OpenPGP smartcard solution that meets the >> following criteria: > > Besides the smartcards from kernelconcepts, you can also become an FSFE > member to get such a card [1]. > > Personally I absolutely love the YubiKey (4 Nano) [2]. It meets all of > your criteria and can do a lot more (U2F, PIV, token, HOTP, TOTP, etc.). > It is also a lot smaller than a real smartcard and can be left in the > USB port all of the time. The Gemalto USB token (and/or real smartcards) > are rather unhandy - at least for me. > > Best regards, > Karol Babioch > > P.S.: I should also mention that there is some debate about the open > source nature of the YubiKey 4, since its firmware is not open to review > any longer. Should this be a criterion for you, you have to go with > another solution. You'll find details on the story at [3]. > > [1]: https://fsfe.org/fellowship/card.html > [2]: https://www.yubico.com/products/yubikey-hardware/yubikey4/ > [3]: https://www.yubico.com/2016/05/secure-hardware-vs-open-source/ > > > > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
OpenPGP Smartcard recommendations
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hello Everyone, I'm wanting to solidify my key security and I'm just not comfortable with having my OpenPGP key on my computer all the time. So I'd like to move to a smartcard solution. I've gone to the kernelconcepts.de page and tried to contact them but it looks like the domain simply isn't accepting mail and the site might just be a zombie. So I decided to come here and ask as well. Can anyone recommend a solid OpenPGP smartcard solution that meets the following criteria: 1) Supports up to 4096 bit RSA keys 2) Generates keys completely on the card 3) Can sign, encrypt, decrypt 4) Preferably has some tamper resistence 5) Can import an existing RSA key Also, since I'm pretty new to smartcard solutions, I'm also in the market for a reader. If you have any suggestions for one of those, I'd appreciate it too. If it makes a difference, I'm in the USA. Thanks, Anthony - -- OpenPGP Key:4096R/0x028ADF7453B04B15 Other Key Info: http://www.cajuntechie.org/p/my-pgp-key.html XMPP?Jabber:cajunt...@dukgo.com VoIP/SIP: 17772471988...@in.callcentric.com -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXu20kAAoJEAKK33RTsEsV5FcP/1+O1wvaEe7kRk1g2Am1J4X1 stQj8cf+wfWNuSO1Q1lOhEPbnAQGr1Kyq/BjLzO9nI9ViiIudlw1CTT6GnVBpkma +vXGNe0+SB99YszS/JQ0eMd1jk1IDGi1CdE52SYbtbooqSDDt3WgveiQZnGKz5Qm 2U/AZHP5rtyiEI1pOkc+i1Pwc0CZ99X9+PsPGffM+ijIgcZwm+UCitKlOfK3oERt dorXuvTkutRy8iSa4tBjGCBcDWdyNgbLQ6u8pV28KndLxXRr+D6JWw7euWpDLgp5 JK+5fQGoPnyRRy0sMkrBZ14WempgtRu7Ta6SjluxrTCg+/JfQ3tVIRB/CYe1cImr FfkjBBX6KCbokupFw1q10Dcf4y34vM8gRkxwRQAMNGW+9nq4KHAUhUhEFbPyfZFF kF7MSq1o1nZ1u1CA46+VP6pdVh7aCZJqjAwigfWeDRdFrk7mT0u53v/orvR8uXVj S/BrpYETkcQoyiWI4ToUD6AtfM6U9vl4nmodqYol0LZ36uXxkJBQnuoXc0eWLM61 83mCt8iHW3e7OydiWbH1Y+l9ZzjhEnVQyRhN4UjBtI+iDhjCfPfXRpwSf/bBwISy BF1/dD1Pu/sJQv1se9J+wet3bl3xyrpYv2Mdlj/xM7uczD14C7w+miCUmncvniEd xdH8nuXs2/uSZEaXu2W8 =4KIj -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Documentation on --with-colons output?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I'm writing a tool that needs to parse output from GnuPG. I'll be using the --with-colons option to make output easier to parse. Is there any doc on what the different fields are in the output? Specifically, for things like --list-public-keys? Thanks, Anthony - -- OpenPGP Key:4096R/028ADF7453B04B15 Other Key Info: http://www.cajuntechie.org/p/my-pgp-key.html XMPP?Jabber:cyp...@chat.cpunk.us -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXM8nBAAoJEAKK33RTsEsV2AoQAKdiXW0OZTH5PnP232VfmR7e Gr+uQfs3PFGmwmn33LfUDotZhnqnfxeE+nLyda+rlQtsT3gjr9Zwe8DTdFpwvhE5 +YPiLzQmRm8HsRA+SF+/sbAQX5KLUlFbOGH/NK+917DaKzMTMmkNVYnqKZ1s6Uh5 WezSBiXWauavWGgbC8kbfy75YqRwKFp9RaqnxnyRFzG4SQsNH0rcTMPKNjqNivp4 S/O6EHFoYT8xdOHxrIeDj/94Vc/D00hrm0lnKbWyzkPHb37ktFoDdGEKCBemCo/t 4BWyue26FdoZ2dtWGVm1JaXAkwiIATy3Gst8Km3QDYiRcrRsGrfgAypQMWbJ6Qs6 3re5OxT2PhVy5HnXwhGQHcULvmv6E4lKmKmqNXwdIkTgl+pY7hWpR1/qRCsCroLf y1ljIE+eiQsba2sdoP4EzHT4viXCf4SgGvS2AFNpTHLHGlwOuWtg++eqXrBlhuoF m6pqtxsg78YyomPIpMmWCPMgkoUnfxQJDsMWyAik+X919ldezvaoxz0F3FTYk8vx F6N34iDqdleQk+/ckhkfnIT3fTPNaht0jqtD1sLUBSNX98Kv8eRhvlk9p6zcyvyB V4r6rchikxTRJJcWc0IQdlyfy7cUT/YY8xElarAOVx9GhmK9WrcHSAo2RQbsaG6K M8l4itWcBrBTIX8pfYKp =NtJN -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Remove photos from OpenPGP key in the keyservers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 03/08/2016 10:47 AM, Robert J. Hansen wrote: >> I'm pretty sure that, if you just send your modified key to the >> keyserver again, it will replace the one that's there. > > This is not correct. Apparently not. Thanks for the correction. I made an incorrect assumption due to not thinking things through properly. -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJW4HA2AAoJEAKK33RTsEsV130P/2g8GV/Eh3Qn0tEEEnOrf0u4 PaNwhUmN5XM1mmatTBgLL6dWHGpsrl7DO9bOEedRkZDifFbKqjYTKiNLdOQBBEO2 8Qf4pQacgpjclcJYdmMThztSMZWyn06/V6Q406hXbdFaOD/AiNLoVfuOXXdZ3XS/ 1J53XF8RCERfn6/Cg5WeLmwTaTAxe+nJ8oAkEYRq1LUjBcj+g52Zg8rz4aq6orQ8 t/7FW49pdvu1rQlZNpSTp0evXROjoTIWlJjPjWnlEIW2dmewfF8biXNLbSqQ8gyL R3n4byBJwNobJn7VByzjPpUDfPsHk3Gn8InpNy1YJekt1OG/DlpV+/dl253Nq9vA 8U0q5/fn6qmfS6RIS+GDv4aQ1KrZ88xlnZBrQ9U4bKhKwat87jfZQ0mxq2ilUpSf OO2IuKlHre/b9nRBrUgdkoO3XNi1aBR6OnxMqVM5tDZlO+9LbS8eLYfpAXdDLe1h 8Oj6Fy5mURLmMA+my0WnPYEZBqN+7DepjzugDqo6eCROZLMlUEWyBjSMTT95d7u5 n2CX3DHzdn0QMgNSK44kMVUVDAnTSUiTDdXbuW446Q3Q1ouIRSMBXy8PDYpOMMYA pd3Nzw5Vj+32HWN3gOwXiTa2grY+XnE3SuSksCPvIVkTF0n/yjptcst3fwmMlm/Q r0DseVPj0eFUngMtnhZV =JXTO -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Remove photos from OpenPGP key in the keyservers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 03/08/2016 11:24 AM, Andrew Gallagher wrote: > On 08/03/16 16:08, Anthony Papillion wrote: >> >> I'm pretty sure that, if you just send your modified key to the >> keyserver again, it will replace the one that's there. > > You shouldn't think of a PGP key as a single file that is > overwritten - it's more like a logbook that is progressively > filled. Your primary key is the first entry, and each "fact" that > is associated with the primary key (id, certification, subkey, > photo) gets appended to the bottom. You can upload a new fact to > the keyservers, including a fact that repudiates a previous fact, > but it all just gets appended to the log and it's the client's job > to sort through it and decide what bits are still relevant. Thank you, Andrew, for the clarification. I suppose I've never thought of it that way but, as you explained it, it makes sense. So am I correct in this thinking: if I attach a picture to my key and upload it to a keyserver then remove the picture and upload that 'version' of my key to the server, the key on the server STILL HAS my picture and the clients choose to ignore it at that point? -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJW4G/BAAoJEAKK33RTsEsVlAIP/3UfE2WiynAb4igUXWdPdGK1 GobpOLlFXVX2P7XhGUioQWKytARAgMZNY+rNaqY/sG0o8Nmc0I0v/Na81mkp2bDV y5ykgsiI3h1MkPbacszQTaB9SJTY36GM8QplUR5HfC70rFFZU64rrc6cYGZpms+c O0oHCiUONKpqu8nPtx2jlBcZVneRj2MCYNr6mLGgGi562Cklws5WHmRckQPYubdI Pk3Qx8hdmVqHtbvNhk8lDifxd7QumHds56JYHwyBGT4TjIj8bkSp+YqyKLjmr10g 1FTZzW3FP7Hyhy7qg/m45PTuOG7jximiGLngV4F/SspzsEzQPzxKQBu2mstku3AA V3Rq7bJgw/JyL72G4T6MBtDuN1y1c1agDO7r1MZM6kQz/ndXXLC/NHSYkiy9trjh NcS/0CKzSq70YgIFe/2AxXGsDYtvCIft5sznSOsreKJh79zdMmF7ILBYlTFTM9jP 26/ipBxEKz1J9e7Tm+ijK+WYA/EKrjhiU3RtWM8sQTlMNZyjwoWTSJiCBz17CwzR fa+pyyvdyYNm6TMfTEBgpa3yQV88RMdRRlqj62+06x+lwCNOB6+iG+M5NQNdOJ4C e2sNzXdgcZIYsc5rBIIrEho+z8KUMVcUKO2xDTiWrsHrzORUspomSxi0XyXN8Oy8 ulV2P9Rz8kpTc9KskI2j =TIee -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Remove photos from OpenPGP key in the keyservers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 03/08/2016 05:54 AM, Marco A.G.Pinto wrote: > Hello! > > I have made the mistake of adding the same photo with different > file sizes using Enigmail and export it to the servers. > > I have already deleted two of the three photos using the CLI, but > the key in the server still has three photos and a size of 70 kB. > > Is there anyone I could contact to export this attached public key > which only has one photo? I'm pretty sure that, if you just send your modified key to the keyserver again, it will replace the one that's there. HTH, Anthony -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJW3vjgAAoJEAKK33RTsEsVzFUP/iDugmLIYW4kpFsqnBBvpgBp uAxywtakdaM6Dzw0IlDBc/ETrlzSPcCqp9KmogbPRPI66WfGW8zHMg9mSe3LD3R3 ZK3bwPEGIDUumFLvTH6d6YRHFq9KVORQGfGBvksWCeD7/TudR11eQRP/freSJOfj jhIzN10+3b0YAVX+VcrmrGU9vNonK9of67qzpX+WiTCTxQIS1SYfNzJWMCQiy2xX mVn4IW63AdtGSm1V99Y7RIFmFxr4NfOdXumkHtOEOL5F89XC5kmHfyycSNhiQDZ2 ZFdxRuRLGTXWDOjE+GVI/qCz4CJOvuljBumzYi5RN/PF+gbC0XW9hcp3ia70PBpt VvGZj9juid1L4Ci3IP8Lwil2jVpHn1k+GHl+8St2ghIlaVJhdZbVGU/0WkwJS9j4 aY+2uLoYnL00RI9eNZoJeQf/cHUXGPq5QTworx1pMQzQIXRsfgsRlYjsqwIiQFPq JkEvQkguVDfHGTNqEdoeLZXGfAbh6jHdGEVlwVSt9hlJewdakUURrtZXhHAmKUq3 lbAeiMUnTJUV2Cvs0ymaDh1hfonf1zXz4OzWzfdqd9YnIYTh++JMxxenXLYh11EP PaWuECF2xO0Ryxl/s04koHOYlqUAHitIifHouvdxkl6LBB2HSTx9NcNT4TO1QuBJ c393PzoAb3yQreKiwoC8 =Zw23 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Are ZLIB and ZLIB2 no longer supported in GnuPG?
I recently compiled the latest version of GnuPG 2 from source (.29, I believe) and, when I tried to use it, was told that I had invalid options in my .conf file. Specifically, it told me that ZLIB and ZLIB2 weren't supported as compression algos. Are those two algos no longer supported by GnuPG or was this just a compile flag that I didn't pass it? If they aren't supported, are there any security or usability implications to only using ZIP for compression? Thanks, Anthony ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Problem compiling 2.0.29
I'm trying to compile 2.0.29 and I'm running into a problem. I've compiled all of the dependencies and, when I try to compile gnupg itself, I get the following error: Making all in openpgp make[3]: Entering directory `/home/anthony/Source/gnupg-2.0.29/tests/openpgp' echo '#!/bin/sh' >./gpg_dearmor echo "../../g10/gpg2 --homedir . --no-options --no-greeting \ --no-secmem-warning --batch --dearmor" >>./gpg_dearmor chmod 755 ./gpg_dearmor ./gpg_dearmor > ./pubring.gpg < ./pubring.asc ../../g10/gpg2: error while loading shared libraries: libgcrypt.so.20: cannot open shared object file: No such file or directory make[3]: *** [pubring.gpg] Error 127 make[3]: Leaving directory `/home/anthony/Source/gnupg-2.0.29/tests/openpgp' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/home/anthony/Source/gnupg-2.0.29/tests' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/anthony/Source/gnupg-2.0.29' make: *** [all] Error 2 It eems the problem is in libgcrypt so I recompiled it to make sure it was properly installed and it made no difference. Can anyone give me a clue as to what might be going wrong or how to fix this? Thanks! Anthony -- Anthony Papillion Phone: (918) 533-9699 Skype: CajunTechie PGP: 0x53B04B15 XMPP" cyp...@chat.cpunk.us signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: QC resistant algorithms?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 12/16/2015 2:14 PM, Lachlan Gunn wrote: > Long story short, there exist algorithms that are hypothesised tho > be QC-resistant, though as far as I know nothing is proven in that > respect. Those that do exist, there's still a substantial > possibility that they'll be broken. Key and signature sizes are > generally large, kilobytes to megabytes. > > Certainly nothing is standardised, let alone being ready to go into > OpenPGP. > > This is all outside of my area, so someone please correct me if I'm > way off. This is sort of what I'd gathered from the brief reading I've done about the situation. I'm sure there's a lot of research going on in the area and I certainly hope "we beat them to it". -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJWccf1AAoJEAKK33RTsEsV8dgP/03RIj2PId9g8WXMKlyC8ZtF uC2P+TKaNOJk+p3IkuGE7ot7+eqskyPfAemhpYERqsJksAUg834zrHDMwYVryARy HtZGopBRyBKrW9i9gP/CNU9vDSzXULW01C4x5nzotlwviK3JEXhln5MTr76Ll9w8 gzBaB362Qfu4gs35UY5tFr+c6G5mlNmDkPL94ihjw7aQdgp8bqZH1E56BUGIry9b jdzP5TiZcdlh6+aqL5p6wiQ/fiJJ+5pPd+mmlqFVIvDABHAjOTfdsPi2NRe/NnHl 1IG7Ooa16MmKWkycFqvlCZull/hQjMVrIquwLIMH0+rlt4w7WhweJGMZ22D0ebru Nq8P04v3WqgO+Teyur0/DvCIu/L6OBqOxUWnm+RYCQyDUtCpeYZ/lDdckFnqzQWt l1Ge0gbb9TLkv5waOxw0kaXKvUQyRisyJ+pM3nHu4rs36yFM+fMIiRoZl0zLIV0G ba1ucJziTiU307kkQD+pnQQSCHd8tcFt225EpXXNzjcqX9s+rnSQicoupFv+uy0C VX9AdFoWkX2evUPScYMOZdfBL+OFHVaOHDXrZNpHXXVLBp9hncsP1cg71y3fo3kd ff87wiz5/bbQ3/2UBtdAXqVwxdD2MGATrpKDLucJanR3XEnkVXjv4r7ixwjoxryp oNBWxSS+TynaZDHP+xbU =8Uxp -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
QC resistant algorithms?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 While I know it's not a big concern at the moment, we are well on the way to a future that includes quantum computing. While some in the computer science and crypto fields say we won't see a crypto breaking quantum computer for another 30+ years, others are putting it closer to 10 and even 5-6. Regardless of what the actual timeframe is, I'm wondering what work is being done in GnuPG to implement QC resistant asymmetric algorithms? Perhaps a better question, and I have done very little research into this specifically I admit, /are/ there any QC resistant asymmetric algorithms to implement or will we need to come up with something completely different? Anthony - -- Phone: 1.845.666.1114 Skype: cajuntechie PGP Key:0x028ADF7453B04B15 Fingerprint:C5CE E687 DDC2 D12B 9063 56EA 028A DF74 53B0 4B15 -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJWcb5LAAoJEAKK33RTsEsVplkP/RMkSuX5mPHJoetvkui/1scJ /g2VyHhZz7L2YMwOpXdDxmN40/6aFIopNcBt1DvnRqG9SFeVKIRFW9ndIhr2GhFk DSQPpQrunK5xSERgw+PKIvECsJoaEB2uG3wV/us7wuqd8d2iqnFVNtM8OFqiUp6e rz9T8XAgZg/2pKJDt3XFjRhq8E1rUbm1Sby3I0DwZwRefc+lDA+Iju19G5BYuUn1 oklCwLadpg/6+qngXzUaXSjGLNEl6UEK7NumBuDW68x1M9D4xBHXDuH1NbHTzEjB UuL2kzb5bLZpnQSYL1n259p+PWzQnX/V/HvwWahh/+wkcpPjMo3RMpt/Q2Z9Zm74 vn1Ob54rUaWqcl5b03Hy7mvXZW/ZHADwv2rKnjUEvxeKpF7yakgk9iK7U5J/iGFB O/9BEEkc834sZ/iZRwTUQPKurDZ+We4/kW8jNfCcZmDl7lIiCXGGr91leMRYflLR kc+8rS+7iRA9u4EH/hPWJ1iqERQt/0brfN4YvrEpUQWGtaXboRQJk3pTRV7WB4oH 367nJEEwPp0JnviFVD1PN4MoLYtIFkatEcIvku6s+gxWsVRkkEUqdNKRA5kKY/Sb 3zAKEjpcW03hc/h+0KvYSRGUOYCcB4y3PM+P/cwYRAU9lBcZJ5jEKbAkCJR7I11F ek76H2BMUuVqmxPVtGIN =eH5A -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Can I pass the password from the command line?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 12/15/2015 5:07 PM, Andrew Gallagher wrote: > >> On 15 Dec 2015, at 22:58, Anthony Papillion >> wrote: >> >> I'd like to script encryption and decryption from the command >> line. Is there a way to pass the encryption passphrase to GnuPG >> from the command line. > > I don't think there is a password parameter, and I'd strongly > recommend not doing it even if there was. Many OSes make the > command line parameters of processes available to any local user. > > Have you tried piping the password to stdin? > > Andrew Thank you for the quick answer, Andrew. After thinking about it, I can see the absolute folly of having something set up the way I requested and I appreciate you pointing that out. I had not thought about piping to stdin - never even crossed my mind! Thanks again! -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJWcKCIAAoJEAKK33RTsEsVSPMQALJOsQ3u7RYyERyPoJUtde8W bTTLaAXnfFmmhB/3EzNQBcrs0fPqc4uQ1UrB3iWITqA0rbf+9asrPETDaR3Ev2xq ilmpuZAO678NetEcG1Pc7w0gM9hNd8hDQcolRECYRBXfoPchTxGI3jaYjd3IKuOa W1jyUohW0kSkXg98m8GKkCrNTzLwePNWn9COXn7494Kq9rQLQ5+kCQmpjtSN64QY AXhVo0JF8xK55QPcMlnW6F5N93jLHneY+ymyK36hF3NFQL1X7r0BKtvby9SNhon6 kq+3yd6YLw8mjAEplgKPRHYerKPjrdUNVS4PtbI7hcoO4EaPK2e8Wdrg4kfAokSV q++n3ATsKResldBEZr6NOX425N5AmhIhtkMJt2l18V5mcyhWNwqpi4qkPwMmMlGA uqPe1zjXAaGuouWdjo96HDDZvmZLrYo92fE3Or3oK9HyZMwn9i2+rTlqPuOFgXmR VizXt04AZLKTDaC5X0VGMSsVLinmIDw0t+iky9jHfcttWpyPVHexozWLVosN7rJ2 +pSb5bU7HOZEUOXwaERzx/k5885m8hDkAIXuKscFHETLnTMXc00S3kZOMNdbqyRw 2NuL6FIA0VOGKZrJ/vUtHxyP16qjirlVRtsheX+MlXmUqYHEJDm6Cw4S3FtEZKo9 r6SnsxzigqY6CvbHOyGs =4k1n -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Can I pass the password from the command line?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I'd like to script encryption and decryption from the command line. Is there a way to pass the encryption passphrase to GnuPG from the command line. For example: gpg2 --encrypt --recipient --passphrase anth...@cajuntechie.org SomePassphrase FileIWantToEncrypt Is this possible at all? If so, how? Also, the same question for decryption. Thanks! Anthony - -- Phone: 1.845.666.1114 Skype: cajuntechie PGP Key:0x028ADF7453B04B15 Fingerprint:C5CE E687 DDC2 D12B 9063 56EA 028A DF74 53B0 4B15 -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJWcJsNAAoJEAKK33RTsEsVOWYP/0gJszoRDGauIsmMMqR+UWDF Q4KkzzbqSNwJAc+xn+Rt1XnAYqK04cDfQjzAhTfJLnwGV47jfrS9GG/qfIPWgyv3 xilGvyrKXS2/YrNj+JGvcoN3S9jp2hrgXVoeqsx5Qiv7liG/NrajiStHnGXknqX5 lwXbuQ/o5BnHGS70s5mASGzgCWMUUxE5pB4EWJR247Dd0SevDBrE1XmEMxNFHoRj yG4PXj1YVjaWQhNT/lF/fSZi49b0ufwovsciusQPxZmzPsd503KqS+qkwB6mAhur mDu2BwqFu79qE4BJ3C4ccatbbxtfb6zmF703ChqnJLYef57Ox0mKnV8kxbHUSd+W vViovg/ptSj60IH3ppS/pO3juma0KFQuFU8eztnzhvvTXnfWEik7d+Q6y9LRRLtM x/Scujgjmk1SL3K15x8ZDnVOaQdit7q3Ylh6BKRnPnZiUWbd2UIDtrGXV9Av6Zrz j4M0cuEdUVzMzwNie9SUstKcEoQ3mCBzVeIGVRv48MaNw40A1Q1e9g3P62/0zJJg iqytI051E13bM/fF/uMt/j6OtpJHTXsfYHb3oYObmQGhMglReuPz4FbR3VcOSuc/ ge6zjcdkWrK5wGIRjCfjzQlEbEJZMzzchIQ7rnb7SJQw3VleBjHdzfQ+bi/6haxO E6QOdTeRg9VbgsGFZaLx =txgJ -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Insecure memory message on PC-BSD
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hey Everyone, I'm using PC-BSD 10.2 and I get the message "using insecure memory!" when I type gpg2 at the terminal. Is this a major issue or is it something I can (usually) ignore? Is there a way to use "secure" memory? Thanks, Anthony - -- Phone: 1.845.666.1114 Skype: cajuntechie PGP Key:0x028ADF7453B04B15 Fingerprint:C5CE E687 DDC2 D12B 9063 56EA 028A DF74 53B0 4B15 -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJWV5QvAAoJEAKK33RTsEsVaDgQALyDmhgelWU/5d/nhqmhoxYO 5LHO5OujnnE5+acbpv03idgPBCIzcUjmpNom1ejjXs+KWdVJ6bPTYZp42G7ROA3V OcYGpKTQvFHbCEPvMhp9rpeLGE30wk5hONirhg/lBCsoghG23Ky+ovK0f/B5lKOm Wmkx4sTivf8hgSmeKjYz2KCxGPxf5GzOTSDo0bOSaaaLDhKPAtJ0giNloJ61u8+D hxpjkL03I7bnoS1wZXhJ3S0am4bOG0NGSUdEA9F3FN8gyFOL7KuL+H0Xzg08dk5m kLhgHf8s1VPLD4y+9U2tAHphaS//ycEKq2QuvPybROv6lrGHOrak0UDj0kPMZFln Y8KuZtZMfQBT8qlv/wCX70iMruBx9OFr7UIDyq1tRC4qmKCW/ksxnnAHEm4/qr5M zgrNjyuIOF2Cpw286hpuj6H+E+PGpPJG4P8X4KS45830s1HIMPFecD+VxgmuXgh4 8QmEE8+CZv6MlCzYD9L/EHhxPmggEaWmdV4eLMUOCJXdURSJ7CbllXD0Xiti8IXM nt4sfatBt8LyloFN5OpZlayuGq48TCANUXjWon0vpNhGXmuGoyhH0LU1Ly7nBdHa S3yxor/1vDx2c43+ox58XLVdnXwZ5gLHuZrMOjib1rnenK73qdXr6hW3ptTF3xxH ZEqukaaFBnCsr2T4t5Mw =NdzN -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Portable version of modern GnuOG
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I'm working on a project that requires a portable version of GnuPG and I'd like to use a modern version of it. As far as I can tell from searching, GnuPG stopped being portable somewhere in the 1.4.x branch. I'm wondering a few things: 1. If all I'll be using are the RSA and AES246 algorithms, is using a 1.4.x implementation that dangerous? 2. Does anyone know of a modern variant of GnuPG that is or could be made portable? Thanks, Anthony - -- Anthony Papillion Phone: +1.845.666.3312 Skype: CajunTechie SIP/VoIP: 17772471...@in.callcentric.com PGP Key: 0x028ADF7453B04B15 Fingerprint: C5CE E687 DDC2 D12B 9063 56EA 028A DF74 53B0 4B15 -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJWEs31AAoJEAKK33RTsEsVQQYP/jJnH/5C1wagZeo6Wm/fueUp 4/zKkhg3aTKzy0y97xdH4QPU6rSE9VTn7irNDOVrqT0XSCaHwOEqMfKaCIvAOtP0 DozFIcsXdd6MqBXqogFQL+INTxvb6gzdk/I4wAigEIKbvlljNcpQYGcLhl5W9Ism xaS8St6R/7t2FcW+F+7YgrNxGF1Q8lRwCcXOPCvW5RA0CavX8nXhxZWC9qgbhbWD +IzsnADC1PW3bFcZIu9LOWaPy2WzP083sJrzHF+Eq4CRFwKKgDEK+M5rWy0UQFzy hyi4E8q3Daq8vROumQYfJpr/5rWMW0Od3d1hHS6XXcIO674sYpTDhn47YszXd4TI ABobIdoJbfjuofeng4pRMw9dPFHFZwN8peZyy1O78BXQSpNzvoj2Y8TXhoeoHxgO 9jfpwTwC8AyFfM1u6Ls6dXxak9AakTAvWuNcaldAW8qiY0quHkjX4bBD0YqUrt5r XU3qfNPl7tpORQ0K/hOffdz7WwpzH6V7Fmu1mZaHBUS29pvXhJtWVtZW1ImtMao4 0dUg0iC4LIdUcH8jYjwaysZJzY/+zcKxQVSHrrdxg0GvnW6WeTeFDE3erqfxD0Mp pbOJAkxblA/igj0GNf/FSs0273NqbMxfMB18PjdMd1qM14U51bc2ZC5FWrpZNrCm KU3HF1stLYyESdW5i2TO =dhiA -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Is there a better way to change out of sync expiration dates?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hello Everyone, I'm not sure how but I somehow set the expiration date of my encryption key and my signing key to different dates (different by a few months time). While I know this isn't "really" a problem, I just like to have both keys expire on the same date. To fix this problem, I edited my key, set the expiration date to 'never' then edited it again and set the date a number of years in the future from today (which gave my two keys the same expiration date). But I'm wondering if there's a more 'standard' way to do this. Anybody know? Thanks! Anthony - -- Anthony Papillion Phone: +1.845.666.3312 Skype: CajunTechie SIP/VoIP: 17772471...@in.callcentric.com PGP Key: 0x028ADF7453B04B15 Fingerprint: C5CE E687 DDC2 D12B 9063 56EA 028A DF74 53B0 4B15 -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJWEardAAoJEAKK33RTsEsVeR8P/AnCPtttxapcHZX50LSupcKk TXdRqG4I1QEqth1OrP+Za7qVfLR0dvD/poU0OlxJxVfso3qY3zkPsZf5UWzZDXRG 5tFBSBXsR8R7olsbH+QEYQJCGVKAr7MMUf4D1VyBT9h9LwAIMPGnk/GBqvTM6WDx HKxXOpbKjSoH+sda1oFngGD1JBiqjGizYcO2QYCeGeIx8DqE0INC+3ELDaYWGdFi pYcCj5pfwY83n0Xfmx/GFBE3zgVSvtFP+TmMNBXmI+DMzVHyzBaNfnSDUE4nrV9N q8B95y76TujwbckLwAwo+phDJkq1zxcmceuRI0hyyFC1BlGpqRjP6yqbv5FzSCeZ rr7zJxufmasUXu0lTWiyZLqmnT8CDTzmAfIsUsxlnIjL6cQaIBWqUQq8rbGXU4Wo jINK9duKPvdqeC055DIUWjVi5UMWcu5jNOIixHEPS6OOhinGNnylbqeGbSZJksHu WRuBSAY87RZMbJwBU1mW4+6kyvpCflEYxm6F0YlxrKx1ZDzxXc61uuYANCKj3dhS GoYJTYJUP/No8sWYyNCvvLIpWcRSn2xpt5VKe6e8NzALAj+2kEvigsERx3qQGxPQ VQdUukWe1wdqRjBqtGrowECsaJnohfrQN/PXrpv0wUGUzPWIjaknGEyh4qg/Nnbx nicprT8wuzHF5hQlGXNI =oTE1 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to get your first key signed
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/1/2015 11:51 PM, Guan Xin wrote: > On Thu, Oct 1, 2015 at 7:05 PM, Robert J. Hansen wrote: >> So sure, yes, without identity verification it's hard to have confidence >> in someone's legal identity, absolutely. But even with identity >> verification, most people don't even bother to check to see that >> the signing certificate's email address matches the one on the >> email. > > It's sad to hear that anyone takes it seriously to check that a > certificate's email address matches the originating mail address. > This really messes things up in the sense that it causes additional > inconvenience with little benefit. Sorry to just jump in here but I've been following the conversation and this caught my eye. While checking the email address associated with a key might not /always/ be useful (like in the case of IM, fax, etc), it /can/ help provide 'evidence' that a key might have been compromised. If I receive an email from an email address that is different from that on the key, the very first thing I would do is email the key holder at their known address and ask what's up. It could very well be a case where the key has been compromised but the email address hasn't and the key holder doesn't know. Anthony - -- Phone: +1.845.666.1114 Skype: CajunTechie SIP/VoIP: 17772471...@in.callcentric.com PGP Key: 0x53B04B15 Fingerprint: C5CE E687 DDC2 D12B 9063 56EA 028A DF74 53B0 4B15 -BEGIN PGP SIGNATURE- iQIcBAEBCAAGBQJWDg+lAAoJEAKK33RTsEsVyd8QALMR+iKmKl9bKK1oib+pi9qa s5H+q9wohsj51bPU89VakTvc7vQQFssO1HdnATk3vSDpfUX0NQCyDhZd8Qw6Wijd LCjRoyuY3SKvoWUww4iklHofVzGrATUU4EHyz9u6m6X1V9bsNPLiwbnZPr+vp/08 Xte8YmZs0z9yRJl2aclySutQa7oLbiHD8iuU++4Kj2q5g8fy/Hi6Kz1A3/j1zXLd S5TxIWzYqlbt/4IpIdJmcgP0WwKkINwzBW0yAx9+JWflJ57B81oWdXYXN2QRMraZ JKQgD0KVjHt1HuD2k3gTZKAdqPU22LI3rAk9yQu1AgAYmAFdGx1MpjLxvhkBnQBk +uEhmCNh0x/g7RM9GKjPYTKkEI2VLlsw3MfTE44RJJyH5NexJZkqV0/7JAF5EWI+ QX7PsPOKQZb0CpK2zWvvFFKmLS46Val54O+2iBw5pmh64733/htEhXoHILHhE18+ CSfa+mWMZkxcZvehZkZAf1jKveKPy1sl2nfu9C804tufCN8QRt2/YgxTJJhVUwSk rsIXPy80PS/DilPt4exp9cZ6loytzPd43BVPalSmP8UvyP5CFH8zgw/wKoqwiVyu 4oeZwH1lFdsM/b2R0TBZ2a/jkVDpgEFBthCCA2s6EniCmcjr2og1tdT8E91uU84d 2cSDFlQ3W2Y6KtnOVNEm =oVTg -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Seperate Session Key and Encrypted Data
I On October 1, 2015 9:38:13 AM CDT, Christian Loehle wrote: >I want to use gpg to encrypt a potentially large file to some >(cloud-like) storage provider, the recipients are not known at the time >of uploading. >What I want to do is to send the encrypted session key of the file to a >recipient, when I 'add' them, without re-uploading or even touching the >original (encrypted) file. >This should be possible, does anyone know how to? I'm also open to >other >suggestions. Is there any reason why you can't just symmetrically encrypt it then send an encrypted message to them with the passphrase using their PGP key? -- Phone: +1.845.666.3312 Skype: CajunTechie SIP/VoIP: 17772471...@in.callcentric.com PGP Key: 0x53B04B15 Fingerprint: C5CE E687 DDC2 D12B 9063 56EA 028A DF74 53B0 4B15 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Question about group line use in GnuPG
On 02/21/2015 06:19 PM, Daniel Kahn Gillmor wrote: > On Sat 2015-02-21 18:33:46 -0500, Anthony Papillion wrote: >> >> gpg -ear mygr...@domain.com filename >> >> But when I do that, gpg tells it has no key for that address. Why can't >> gpg understand and properly process my group line from the terminal? Is >> this anything that's planned for the future? > > I believe it is supposed to do this already. It works for me. > > What version of GnuPG are you using? On what platform? can you share > the exact configuration and commands you're running? It's hard to help > debug from just the example info you provide here. Thanks for your quick response. It looks like I may have fixed the problem. Basically, when I use Enigmail for the group line, it needs it in the form of group =key1,key2,key3 But when I do it from the terminal, it needs to be in the form of group pgp...@yahoogroups.com=key1,key2,key3 Copying the group line in my gpg.conf file and removing the brackets made if work as expected. Thanks! Anthony ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Question about group line use in GnuPG
I belong to a mailing list (PGPNET, a Yahoo Group) that provides me with a "group line" for encrypting to a group of keys. In my gpg.conf file, I put something like: group mygr...@domain.com=key1,key2,key Then, using Enigmail, I can encrypt to the entire group of keys by selecting it in the UI. However... The fact that gpg doesn't complain about the group line in the conf file means it must accept as a valid option. So why can I not use that group address when I am encrypting and signing from the terminal. I should be able to do something like: gpg -ear mygr...@domain.com filename But when I do that, gpg tells it has no key for that address. Why can't gpg understand and properly process my group line from the terminal? Is this anything that's planned for the future? Thanks, Anthony -- Anthony Papillion Phone: 1.918.631.7331 VoIP (SIP): 80...@iptel.org XMPP Chat: cyp...@chat.cpunk.us Fingerprint: 65EF73EC 8B57F6B1 8C475BD4 426088AC FE21B251 PGP Key: http://www.cajuntechie.org/p/my-pgp-key.html To any NSA and FBI agents reading my email: please consider whether defending the US Constitution against all enemies, foreign or domestic, requires you to follow Edward Snowden's example. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problems when encrypting to a group on MacGPG
On 01/14/2015 10:53 PM, Doug Barton wrote: > On 1/14/15 7:09 PM, Anthony Papillion wrote: >> "gpg: O g: can't encode a 256 bit key in a 0 bit frame" >> >> This happens after I tell the program to accept the final key in the >> group as valid. But it doesn't seem to be related to a key since I've >> deleted the final key and it still give me the error. > > You're on the right track delete some more keys, test again, repeat > till you find the key causing problems. Depending on the number of keys > it may be easier to add/delete a few at a time, do a binary search, etc. Thanks Doug! It looks like the problem is likely related to two of the keys in the users keyring containing ECC subkeys which, apparently, that version of MacGPG can't handle well. I'm going to connect with them again today and delete those keys and see what happens. Thanks again! Anthony ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Problems when encrypting to a group on MacGPG
Hello Everyone, I'm trying to help someone configure MacGPG 2.0.22. I've defined a group with multiple keys in it. But when I try to encrypt to the group to test things, I get the following error: "gpg: O g: can't encode a 256 bit key in a 0 bit frame" This happens after I tell the program to accept the final key in the group as valid. But it doesn't seem to be related to a key since I've deleted the final key and it still give me the error. Any idea what might be causing this? Thanks! Thanks, Anthony -- Anthony Papillion Phone: 1.918.631.7331 XMPP Chat: cyp...@chat.cpunk.us Fingerprint: 65EF73EC 8B57F6B1 8C475BD4 426088AC FE21B251 PGP Key: http://www.cajuntechie.org/p/my-pgp-key.html To any NSA and FBI agents reading my email: please consider whether defending the US Constitution against all enemies, foreign or domestic, requires you to follow Edward Snowden's example. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New GUI frontend for windows
On 12/25/2013 06:49 AM, Alice Bob wrote: > I wanted to create an easy to use gui for GnuPG. Without installing, > choosing options, and just working from the get-go. > > I appreciate any feedback (and bugs), you can check it at: > https://www.encreep.com > > The main use case is for encrypting/decrypting, and not identity > verification. That is why the trust model is discarded. > I feel unless your adversary is a government, getting the public key > from a website / email / forum post should be fine (situational trust). > > I wanted something to quickly load the key, encrypt the message, and > send it away. > > It is closed source, unlimited trialware. Looks interesting. There's definitely room for improvement in the encryption tools market and Encreep is a move in the right direction. That said, there is no way in hell I would ever use it. Why? It's closed source. With everything going on with the NSA and other agencies these days, someone would have to be insane to use a black box encryption solution. Consider making it open source and I think you might have a winner. Anthony ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
ECC curves used in gnupg?
I know that gnupg is experimenting with ECC and I'm wondering which curves the team has decided to use. I know there are some curves that are now suspected of being tainted by the NSA through NIST. Has the gnupg team ruled using those curves out? Anthony -- Anthony Papillion XMPP/Jabber: cajuntec...@jit.si SIP: 17772471...@callcentric.com iNum: +883-5100-01190960 PGP Key: 0xDC89FF2E ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to add authentication capabilities to an existing key?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 09/10/2013 05:35 AM, Paul R. Ramer wrote: > Anthony Papillion wrote: >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 >> >> Is there a good way to add authentication capabilities to an >> existing RSA key? I see how to toggle it if I create a new subkey >> but not how to add it to an existing key. > [snip] > > Hello Anthony, > > As far as I know, there is no such capability to do that with gpg. > You have to set that capability when you create the key. HTH. Thanks, Paul! I don't really need the "feature" anyway, I just read about it and figured 'why not?" Plus I wanted to investigate what it was for. After the responses from both you and Werner, I'm not that concerned about it. Thanks! Anthony - -- Anthony Papillion XMPP/Jabber: cypherp...@patts.us OTR Fingerprint: 4F5CE6C07F5DCE4A2569B72606E5C00A21DA24FA SIP: 17772471...@callcentric.com PGP Key: 0x53B04B15 -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJSLwtFAAoJEAKK33RTsEsVKgwQAIgMjM8PHI6cunj4YE7afS9e H07YkZ+Jp3JPo9GL/O9Tubs20yjQX/iQ1HdPexAIJdI2uww1S2EN3//JNen97Ypf VVDGfC4SZopy0QkP/UUVJd4sdcqBNoChA8kFhNHcMJg+e698uersLtjLH9CDKH1C x3LAZMdTkdLGYGG3QbQAufF323Cw5Z6WqmABnJVbhZPuFdLyg9cxH8+bHqennBY4 QDV8fI847ct4rLLLlMieY9haMzBc+8ObarLFLG9d5y4Zhke7UvhbQuzzN8HyufT9 use3Xvp2wWqJ5/DBEiehuJsvQ/ZbOCxiRkNaydivBxyS8pMvbKlkXM7Z/iCEcPlM kC/Po5Ft/xQMrkgh87s/+Fmg5JKFvYHFPurOMUY3+ly7k3b97dwcyCFhf9Yw9Mhf ESNQ2VLLAnw2j0PvRJgKhTXUjPFFqrBv6yfEZwSpd0aKq1dG4F3fSK8qlgYVYOa2 HsV+xKJzTWcpfKrvx4Sw4e80+Qv5Pr5cXRhtNPP4FNOw5dy5kvyMt2u6pLmejkNk em53OMWwnvoFWCjFEMaZfVmY1JMtD9KDK5cVxSTbucwte5OmsGZbLb06KKgudrxu z/qMjcT0idb56Fg6yx9/vLfWEoBUMgr2fgpGXerZHZHoxIQjCIQwNiY+HrzupQbJ 5Z4Uexa7L/WQl1yqVvcT =vQti -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
How to add authentication capabilities to an existing key?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Is there a good way to add authentication capabilities to an existing RSA key? I see how to toggle it if I create a new subkey but not how to add it to an existing key. Thanks, Anthony - -- Anthony Papillion XMPP/Jabber: cypherp...@patts.us OTR Fingerprint: 4F5CE6C07F5DCE4A2569B72606E5C00A21DA24FA SIP: 17772471...@callcentric.com PGP Key: 0x53B04B15 -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJSLtjIAAoJEAKK33RTsEsVjJEP/0XmQOb07JC07DrorJDlX892 FRGJDvHD/OfKQNAzEhIZFlGBvn844HxvY+CXoOV4cDX6MPNNv/KUvrByoa8C23Hp 2MCWNu4Po+CbV1nLS1FjzATgwGbQb4BdcaH5RxB8mr9BRg2OIQIktFCDi4jWhdPu We1Cq/FN69YduQi1WeGhgbFsMIXBFIBpPYmwaiu1CXJ/31yeqAkcggNkX4zV9jQ/ X2ru3RpZCJRd74tc71GGgIz1O1Y5kKVePyt5YfACe+WHo6f9K+N6oNTB/UQQGIWb 709PY9mKHywRPpQN/Rq1ZXYYWJFR4+Ef2m6ZHgxdUBwkTsXExxvKBBDilluWcokw wHW4ymrZCReeZ2OYeUtMNAYRa3QlmXIMXG07YQ9+EL1jW2aJi7Q+RKbgP8xQ6VMS RIAPuKfgw52z6MRzg1jyiAX4MOb0gxuqdFj+pvwzgGS/x7ePBMaEzVWTpSZRvu72 baGQzKLWMVgFr6QiLJryWBaWV01gXcs3XTK7dpFgZd3YDfuICRr6agX/zSKPxzx1 TFR3K9dEA5f2+8L1P+oFSatV6QnmimvjpM9CVSC6x5bDRmDUh0LelhMLutwVOCrc dglRUD43VTMApPrYeoyH+xchZwpFO9kL7zawxQ6LH9tI5ClbjZm/ed9PnfBBFuyC BETWJAKRTvI/sqvqBn0B =Q7fI -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Recommended key size for life long key
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 08/31/2013 04:46 AM, Ole Tange wrote: > The FAQ > http://www.gnupg.org/faq/GnuPG-FAQ.html#what-is-the-recommended-key-size > > recommends a key size of 1024 bits. > > Reading http://www.keylength.com/en/4/ I am puzzled why GnuPG > recommends that. > > Why not recommend a key size that will not be broken for the rest > of your natural life? (Assuming the acceleration of advances in > key breaking remains the same as it has done historically, thus no > attack is found that completely destroys the algorithm used). > > I just generated a 10kbit RSA key. It took 10 minutes which is long > to sit actively waiting, but not very long if you are made aware it > will take this long and just leave it in the background while doing > other work; and to me 10 minutes (or even 10 hours) is a tiny > investment if that means that I do not loose the signatures on my > key by changing key every 5 years. Hi Ole, There are other problems that need to be considered when creating a 'lifelong' extra large key. First, you need to consider people on older hardware or mobile devices. That 10k key might take 10 minutes to do anything with on modern hardware. But do you think a mobile device will have the kind of horsepower needed to use that key in any way? Probably not. That may lock out a significant portion of your contacts from being able to communicate with you. Secondly, a long key length won't protect you if 1) an incredibly efficient factoring algorithm is designed and used, 2) quantum computers are used against your key, or 3) side channel attacks. In all of those sceneries, large keys won't protect you at all. Especially in side channel attacks or qc attacks. Personally, I trust my 4096 bit key for now until ECC is integrated into GnuPG. Then, I'll recreate my keys. Looking for a key that will never be broken is like looking for the fountain of youth: it's a nice idea but not realistic to plan your life around. Security is always moving. You have to be prepared to move with it. Regards, Anthony - -- Anthony Papillion XMPP/Jabber: cypherp...@patts.us SIP: 17772471...@callcentric.com PGP Key: 0x53B04B15 -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJSIlHEAAoJEAKK33RTsEsVCBEP/2iX/lCeUzr4XOfl9M2dKOYX Jmspl0/xUEuJ/pN8A+XXfH6Roe1HtO/sIDRxMB/yM6speLnvrfpin3lxLNh68IPW A5wkgIit61ERSpFFMw7oaaWViqZ9dz4qkm9FVA5b2WQBYJzC5jWu6t0vfJJgQIE3 PJHarT+Ok3tMPPZvDpOiC0dE0tTVmvod1O3mk5fOnbnCdXq1mIdy+cqM182t9pl2 lJWgJ4H6fsJsIYqUvC7MWJtNGXJ++8i3WySttoMbvOeVT+YyJk3/R/BetqRYxbuD qE4Clniu5l/NB/LtO7nmD4cziszU6WFZVKXft1pR8qnyFbItb/2vpA4g8PbM3m2W 4dbTGn5SA2ouF8glCukRjydeCeca1/jf/DQQ5w5DSnQegLwbH7FzORVQ79k7CyXV 4l6ulmLwrb5Jn7aw/GOukEqAjBQcaJjg1C5TjIAyfy+7yQye9nuoVRz3rf5JcOwx luu5KARLGcIyxCatrQPqydvr7FuNCH1oyLzvYTZ1qpRt5KI85bGqesTAh2ltiv/n BWEs2auasD62PxaneH8PurlPpdw5D+b6bxTs6QnKG90IhvIBfQqr/62DnkpK9D5f ImYbo6Z/pgzAqggtbXDlOEfmn9gr8g1egkNfrFei8EYSNLaNqTrQkumV9gX+RrHq zqszn5xP94iqkj1JFd9V =4t2X -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Why trust gpg4win?
On Jul 26, 2013, at 4:02 PM, "Jan" wrote: Still I wonder whether there are many sources for SHA1 sums of gpg4win, that could be used by a windows user to test the integrity of his download (C't ?). Are the SHA1 sums of gpg4win presented on the download site checked regularly by their authors? If we believe Edward Snowden, the Security Services likely aren't working to slip secret code into GPG anymore. Or at least it's not a huge effort. With the endpoints (operating systems, software, etc) they don't have to. There are a million different ways that a security service could get at your data even if your encryption software is absolutely perfect an unvompromised. Honestly, I'd worry much more about the surround environment than the gpg code itself. That's not to say ignore the code and it's integrity, but don't fall into the trap of believing that, just because the badges check out, you're completely safe. Best Regards, Anthony Papillion ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GPG detection on Windows?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hello Everyone, I'm designing an application that will run on Windows and utilize GNUPG. Right now, I'm detecting if GPG is installed by calling it then parsing the output of the command to see if it succeeded or failed. This is VERY messy and not my preferred way. Does GPG4Win install anything to the registry that I could check for to see if it's installed? Thanks, Anthony - -- Anthony Papillion Phone: 1.918.533.9699 SIP: sip:cajuntec...@iptel.org XMPP:cypherp...@patts.us Website: www.cajuntechie.org PGP Key: 0x53B04B15 -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJR6CLAAAoJEAKK33RTsEsV+IQP+gKv6yIZuh1fx2zTA9/7+6RE G6+8+35szeQ3zCkGsGgFkzeDlSlgffeUekmMnaEZk2K7i0L0SDh1ddAfkuXufJez iw12drHrKqx4svwSKMPRFZJAlr7nL/a7Fl91cKCplOn90fodekB7O8caZGM4mskB eRRZPBOs+f4Kx/zFZONEbjcxnIksuqD3W+hspPQaF+99xYMMS2B2WitPSMj3dzXg DVo1eKwAbYvln5gmgLw0CAoSI6iVWC2hQeX+6mlVUPWrOZrA/yfGBhlKWz8JEIsS h05UXXeDOa/bSUL8iuoqX0JqOs/MJrHyKabf9EDTSugIazfqCodC9ZKYYdFFTjZG IhFH0kArOjhCU2FstkfqK9jYzASYa6/v29hhh17piu88rTlqAnGHYxQLMXHp0qLD P7IhsUXp2FGoSeXJ5Igo/MpQ5E9J3O2fPniREK2PzZRUpRkItlnqjZP6W96xuHS8 E7AbrOZK4mzYupnWZhbW4zLIH/c2nHSFMRBK00e4EmIEovAUcTPJaWUlDFUeF7Dj v44Ac6ipfmK4adSugkwqpz5royPal4QkgouueMabWlJbwSK2CzInswwmiMww7Lad 5yHerAIEDN7XSGNxW8KzDuR1lxoZwqs6pC1n4MRzVaJ0edMwe2BHh8Ydo0JyPRFZ zSsS3Fv3fN6U0sJE3qRP =6yl1 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
How insecure is using /dev/random for entropy generation?
Hello Everyone, I meed to generate a new key and want to make sure I create enough entropy to make the key secure. My normal method is to type on the keyboard, start large programs, etc. But a friend suggested that I use /dev/random. Is this suitable for creating a PGP key? I've got concerns. Thoughts? Anthony ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Stumped and need some help with agent
On 6/17/2012 7:10 AM, Werner Koch wrote: > On Sat, 16 Jun 2012 22:42, papill...@gmail.com said: > >> For some reason, every time I do anything to an encrypted message, I >> have to re-enter my passphrase. If I open a message, I enter my >> passphrase, then, when I reply to it, I have to enter it again. And to >> send that reply? Yep, enter it again! > > Your gpg-agent is not installed properly. man gpg-agent to see how it > is to be started. If there is no gpg-agent it will only be started as > needed and then can't act as a passphrase cache. Ubuntu should have > handled this for you. Wait...you expect me to read the man page? What kind of barbarian are you, anyway?!? lol Just kidding. For some reason, with all my troubleshooting, I never even considered reading the man page. I'll do that and see what I can find. Thank you for the help! > We will change gpg-agent in the next version to automagically start > itself as a daemon on the first access - this allow to use gpg-agent > without any additional system setup. Sounds good. I assume the way it's started now is on an 'as needed' basis? >> system, renamed the gpa.conf file (just in case) and added the >> "no-use-agent" entry to my gpg.conf file with no result. > > gpg2 ignores this option because gpg-agent is a required part of the > GnuPG-2 system. I figured that out while going through some of the posts relating to gpg-agent. Is this a permanent change? I know pinentry is supposed to be a safer way to enter passphrases so I'm assuming that the mandatory use of gpg-agent will continue on into future versions? Let me ask this: are there any major security implications (aside from sacrificing the security of pinentry) to hacking gpg2 to not use agent? I'm not considering doing this as I don't see a real need but I'm curious. Thanks! Anthony ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Stumped and need some help with agent
On 06/16/2012 05:37 PM, da...@gbenet.com wrote: > On 16/06/12 21:42, Anthony Papillion wrote: >> Hello Everyone, >> >> Can anyone lend me a hand and help me figure this out? I've even >> gone as far as to rename the gpg2 binary so it couldn't be found >> by the system, renamed the gpa.conf file (just in case) and >> added the "no-use-agent" entry to my gpg.conf file with no >> result. > > Hello Anthony, > > In your .gnupg directory you want to edit the file (or create one) > gpg-agent.conf and add the lines default-cache-ttl 9000 > default-cache-ttl-ssh 1800 > > You can install the programme GPA and it will under preferences > edit it for you. If I recall Ubuntu does not have it so go to > ftp://ftp.gnupg.org/gcrypt/gpa// download gpa - you have to > ./configure - make - make install. Also make sure gpg-agent's > running. Hi David, Thank you for the help! So I went ahead and I downloaded gpa (thankfully, I didn't need to compile it. It was in my distro's repository) and installed it. I made the changes to the .conf file as suggested. When I typed 'which gpg-agent' to make sure I had agent installed it told me it was in /usr/bin/gpg-agent. When I executed it, I get the message 'gpg-agent is installed and running'. Everything looks fine. Then... When I look in my process list, I don't see gpg-agent. And when I go to Thunderbird and try to access encrypted messages, I still get Enigmail's passphrase manager instead of pinentry. Note that I've told Enigmail to use gpg-agent instead of its own manager but that makes no difference. The problem of having to enter my passphrase at every step continues. Does this look more like a problem with Enigmail than GnuPG? Understand, I am not using GPG2 but rather 1.4.11. However, it looks like I have gpg2 installed (/usr/bin/gpg2). Any other suggestions? Thanks, Anthony ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Stumped and need some help with agent
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hello Everyone, I'm having a devil of a time with Ubuntu 11.04 with GnuPG and need a bit of help. This MIGHT be a problem with the Enigmail plugin but I think it's probably something to do with my GnuPG configuration so I'm asking here first. Basically, I have GPG 1.4.11 installed. For some reason, I also have the binary for gpg2 at /usr/bin/gpg2. However, my Enigmail is picking up /usr/bin/gpg so all should be fine (I think). For some reason, every time I do anything to an encrypted message, I have to re-enter my passphrase. If I open a message, I enter my passphrase, then, when I reply to it, I have to enter it again. And to send that reply? Yep, enter it again! Obviously, something is amiss. Can anyone lend me a hand and help me figure this out? I've even gone as far as to rename the gpg2 binary so it couldn't be found by the system, renamed the gpa.conf file (just in case) and added the "no-use-agent" entry to my gpg.conf file with no result. Help?!? Please! Anthony -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCgAGBQJP3O+yAAoJEE8yDBL3zdVpbT4QAKEC7YGvBbv1s5flFc4qMlXx 4a9RG6cmHNf6P03xBRTwJxo98+RgxIxRSF+62NPRf2X8SPlzKKMgyW++lUX3Qijf aC+zsUANLioAxHlEkcixtepCjFQQGGW9PJwHEEu0AVjY819gvywBVz37CKIQ+VWj PbfjM/0LkVvwLTGRQnJ3v11LIjNBGpiR0Df+47pxp9nvpfl0xKimfqfSe7TwHddx kKWGyUPMCkpHuLXIRycbH637LLe+CV/GwsRxGd2xZUvhSouDPXN30wKsBOyAffeO VxJjoy5EE8JcUflWbJOLhTVZYUCY+gzCmosYugYi0tDgqmLRSVNqUCrL29ltJWnb oZGsffYLincRlY0jwWc4DLCj4Tg8zAmZmtiC1JYqDUAPxVuKaoWX1OV5u3ySmPNo 8Of/UKr4jT9SluHaEVlZP2QaItzxQX4t0/9w8vxmQqaxtaR+D9UqhuVIJd5eaCee t10YLE2Tlus6MYh1IScLpgorKT2TZOa+hmugJ3KlsTLSY/vjDuwdXRxXlqo/RP49 /FXKyMwcx1aHR0xowiKHu1VJpNG+NmyUkK1Gwux185QMyUgmfr0dajfGjZWhin1g MBLZXZB7SPu5zfG4InIJAUE92hb/vsKe9g58bKBc7Tx2N9/+W6aNiNf0uXrq4nsz 7IRG8xa+3NiunLwwox6a =7/5c -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Is the git repo down?
Hey Everyone, Just tried to fetch the source using git clone git://git.gnupg.org/gnupg.git and my connection was refused. Is the server down? Thanks! Anthony ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Question about how RSA keys are generated in GnuPG
Hi Everyone, This is a stupid question I'm sure but I can't seem to find an answer to it in the source code so I thought I'd ask here. When GnuPG is selecting primes for RSA key generation, what parameters are set for the primes? Is there a floor and a ceiling set for the numbers generated? Please feel free to point me to the right place in code if need be. Thanks! Anthony -- Anthony Papillion Software Developer and IT Consultant Phone: (918) 533-9699 My Twitter: twitter.com/cajuntechie My Facebook: facebook.com/cajuntechie My Identica: identi.ca/cajuntechie ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: Question about key fingerprint uses
> Original Message > Subject: Re: Question about key fingerprint uses > From: Peter Lebbing > Date: Fri, April 27, 2012 5:40 am > To: Anthony Papillion > > You're turning it around :). Rather than verify you are speaking to John using > his fingerprint, you are verifying the fingerprint by speaking to John. > > You should already be sure the person on the line is John Smith. John Smith > then > tells you his fingerprint such that you can be sure the key you're looking at > actually belongs to John Smith, and hasn't been exchanged by a man in the > middle. Aha! That makes it crystal clear! Indeed, I had turned it around. So then that's why key signing parties rely on verifiable ID. The user verifies his ID so you can be sure the fingerprint he's providing is his actual fingerprint. Makes perfect sense now. Anthony ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Question about key fingerprint uses
So I was browsing the documentation this morning when I came across this documentation for the --fingerprint flag: "You want to see "Fingerprints" to ensure that somebody is really the person they claim (like in a telephone call). This command will result in a list of relatively small numbers." I'm not really sure how this would work in real life. For example, if I have John Smiths key I can type gpg --fingerprint "John Smith" and that will print out his key fingerprint. This would work for anyone else with John Smith's key as well. So let's say I'm on the phone with someone I think is John Smith but wanted to verify using his key fingerprint. How would asking him to tell it to me mean anything since ANYONE can get his fingerprint as long as they have his key? Thanks! Anthony ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GnuPG on Mac OS
So I've installed GnuPG on a friends Mac and, for the most part, it's working fine. She can encrypt/decrypt/sign with no problems at all. But, for some reason, every time she does one of those functions, she has to re-enter her passphrase. She's using the Enigmail plugin for Thunderbird and we set the 'remember passphrase for' option to 500 minutes but it's ignoring it. Am I missing something crucial here? How can I get it to remember her password for a longer period. I know this sounds like an Enigmail question but I'm asking here because I think it has to do with GPG-Agent or some other component of the tools. Can anyone help? Thanks1 Anthony ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Clearsigning on Windows
On Mon, Jan 30, 2012 at 3:12 PM, Belleraphone wrote: > > I realize that, but how do I make it so that my files are fit to be > clearsigned? I was given a bunch of information from a website that said > what needed to be clearsigned. How do I put this information into a file > that gpu.exe can read and clearsign? GPG can read and clearsign any file. Just put the information into a file and then execute the given command against that file. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
On Mon, Oct 17, 2011 at 4:18 PM, wrote: > > what is the best way to protect > your private key from getting stolen? Your private key being stolen isn't really that big of a deal. If you have a very strong passphrase, possessing your private key gives an attacker almost no leverage. With a strong passphrase, the average attacker isn't going to be able to break your key on modern hardware and anyone who could break it probably doesn't need your private key to decrypt your messages anyway. Anthony ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
On Mon, Oct 17, 2011 at 4:44 PM, Jerome Baum wrote: >> Your private key being stolen isn't really that big of a deal. If you >> have a very strong passphrase, possessing your private key gives an >> attacker almost no leverage. With a strong passphrase, the average >> attacker isn't going to be able to break your key on modern hardware >> and anyone who could break it probably doesn't need your private key >> to decrypt your messages anyway. > > I'm going to lean very far out the window and assume he meant the actual > private key, not the private key-ring/-file/... Rereading the post, you're probably right. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
On Mon, Oct 17, 2011 at 4:44 PM, Jerome Baum wrote: >> Your private key being stolen isn't really that big of a deal. If you >> have a very strong passphrase, possessing your private key gives an >> attacker almost no leverage. With a strong passphrase, the average >> attacker isn't going to be able to break your key on modern hardware >> and anyone who could break it probably doesn't need your private key >> to decrypt your messages anyway. > > I'm going to lean very far out the window and assume he meant the actual > private key, not the private key-ring/-file/... Correct assumption. :-) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Passphrase length and security. Am I reading this right?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 So in the course of another discussion on this group, I was told that I might not actually need my 160+ random character passphrase for good security. A few URL's were included, including this one (https://secure.wikimedia.org/wikipedia/en/wiki/Password_strength) on password strength. If I'm reading the article correctly, I would really only need a 13 to 16 random character password to achieve the 100+ year protection against brute force attacks. Is that right? Am I really wasting THAT much effort or am I reading this wrong? Thanks, Anthony -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (MingW32) iQIcBAEBCAAGBQJOWArRAAoJEFMVikTZRCu/9QsP/iNq0ZJpciM5mn961S+5Phcl W5n9fZy09Fqk0pu6cLnaAGBoYTJ6zct2mddOS4mP6JGz+yzjNEBE/quIoEmfsbRC bEK4FvBYIJIM9enii9DSndom5szt8WhbAIiWAZf9hxgnjKBkcoI5vaNYzKmZvN+u +lwHeYFAGdS46ZRGp1COOSyvY9y2XrtCrJEK7tpIn7VrxYAiwgFOkCExN5dc3fex l54vfi/4uYdTHrgB5nJwSSZdxm7W3YXWfZ8zDVLCgoAnVt/HbJXjQgfShaCH4s4M 3rbjl1KaR1d5VGzOtDmpTqMbrzil1Drz6zh4TNOh8kt8bo+vRVUh/1F6HfawAZc7 nn6FrrY4yjTI6ycOxlzWP+qan/7OGDOEhp/hdpNI9jL/OunBPNBFwZnYWC5jgb8s O6FA/wjzSThgadrldZiBXPMmPKjxicuhf/j4TXl6aIktVo0OVwGyadv+dfAGNeN/ zSfoYjd2DguRqSg4Th5Oo6OSKqBE6Vl072fuFBS+4GuU+b8gCivLBnnJfnzCKVpk npey4jXIyTFo3SY1actdOVouab5P764vSqxvXlQtN7nhmuV+2ieGHhWtxJwdrU6f 2c4GeSXugkTr6tK/RuEhDcA2adkYootng90KcPiS8LLG3BhsJ/N7EdwxH9H/fsuS s/ax3UuoSp5wdyXmAmPQ =yXng -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Which release should we be using?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 8/26/2011 10:25 AM, Aaron Toponce wrote: > > Oh, you can own an encrypted filesystem, even if the box is down. The > Evil Maid attack makes this trivial. And it doesn't matter the > encryption software used either. I read about this attack a few years ago on Bruce Scheiner's blog. It scared the crap out of me then and it still worries me quite a bit. Of course, it's just a variant of what we've been telling people forever now: if the system is compromised, encryption is useless. Still, it's pretty scary stuff. Anthony -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (MingW32) iQIcBAEBCAAGBQJOV/zvAAoJEFMVikTZRCu/qs8P/RCYVasGXeZrmBXUk+hy0WRd qn8iZfFLBcnnbbp+X/aroV/jK/UbH2scEbohmTosMnd4Rmr/YpS0rvTvI7Z0vZx0 bgn5xKQmLanqTvvGsPysJC7mk8kdAntpo9hMw+HufCAyzUUyKHrv7Ha+K08GueDj GXcyf97ZoYyVUFGDiB2lHGI31ZkQChejg7zjOVUQZFx5ok5YQSLBKCsa8q+e+eMB STt8P6jM24MV6d1kWvS1j4PYvykmG4FA+r2pHvl8XguogiULuzu8h6AXCEVVXPiD DgaHOuyKlEoAvoqSIHZ7d9oWDwdzKpJhZd0U4WECHgqCD+54OAKcMvsoIjugWV62 r678xJjV8w3TmJLW5mfpR1Mc7eVICvxbZjz7EfXoIKxGYt6V3KwWq6vz3Kaa2kFr RsOZN9ql328C4pHCZZ5B7B5D4qDGtKeX2rPe3YN1F8C75YEtfgDmrzmRkRRFYPGb 9i4NSo7Fjami1KIPSq2l+heK95trgXVNSh0s79BQsCu3e33AYO3j5l4u3IVxcwmy JBcEN/JVlNO2qn9iEJh+iUXVKIUZrUjUhX4H0bOoXQo4F5+c6CG52YfPON8LYu9F yBOqivAqI0nT1ulXX7pK6JC3WxlyWIea3rl9k4odso5YnlyApSUW3CKuuSd0ICb0 d4fVvqSB+YEZ9/iukQEo =BLsv -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Which release should we be using?
On 08/23/2011 02:04 AM, Werner Koch wrote: > On Tue, 23 Aug 2011 03:47, papill...@gmail.com said: > > Spying on X windows is pretty easy and thus Pinentry tries to make it > harder. Werner, Since I've never used Pinentry, I'm obviously missing something here. While I'm aware that spying on X-Window is not too complicated, how does manually entering a passphrase into Pinentry make snooping harder. Admittedly, I've never looked at the code so I probably don't know the whole story. Is entry into Pinentry vulnerable to traditional keylogging? Anthony ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Which release should we be using?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/22/2011 07:01 AM, Werner Koch wrote: > On Mon, 22 Aug 2011 10:29, papill...@gmail.com said: > >> because I don't like having to use pinentry since it doesn't support cut >> and paste. My questions are these: > > That is on purpose. If you have your passphrase on file for c+p you may > as well use no passphrase at all. gpg-agent caches your passphrase; set > the caching time to whatever you l; this is far safer than to use c+p. Hi Werner, I'm not sure I can see how being able to cut and paste a passphrase is in any way like not having a passphrase at all. My passphrases are stored in a Keepass database that resides in a TrueCrypt container. It's protected well. My actual key is protected by a 62 character passphrase that I'd like to cut and paste into GPG. Considering all of that, I think it's a bit extreme to say cutting and pasting a passphrase from two heavily encrypted containers is such that you may as well not have a passphrase at all. Still, thanks for your input. I suppose I could always implement c+p in my version of pinentry or I'll just stick with 1.4.x for a while. Thanks! Anthony -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJOUwaUAAoJEFMVikTZRCu/MEYP/36u1JOBc0OjeO7Ti+NDszII ho2RPGzqnLhP0QiBsjvDNXdxCr4y8u7LWFhkHtcpKvdrmUwqminSvm2Fgv3Jxw6o TX5q3hwmUT1oPiYwVXr4toGwnxgG1kS78WpFcMYfQiPf4L3igRslM5Ai/0PaE6K3 Zrpnmh4FtFq8i5CVnPR0S8RUEBKHibdWJY4yTPPj9YrXThlDtNK5m05bWjbylwGT NOZReM4xLoOzKsnsBnC71lqyDoyGN67dYiuIZXNiVmW+8CTTtxWtyNAndzRI48hb NMBEL4C1Bmpm6hWXepj+3g7iXRSxCe07TRBHxJRbxRYXPeWc4Yr5BloVtj/pJfIE IMgohU/bY7XMc31/Q5RPWrSa/JGCz/itv6XW93fkkhE3hdp2gzaZJM6UufCz2Vrx E9EG4OJZTiYQDomEagoEywsjI9vKwDLr7qpiekYsf2vKctE+0cj8xYDUQZ4f1vK0 WuSf5KGSU5EgjAfFblZoq/ck3nagw+B/VcNzYlaJyyroOTy/t7p+bvmR85oiqg5J UZr7shMIIy8D+9A66/rNT0lUzYLv7lpv6lyikQoY65eO6gu3nqFA8pqO09CD8lHE hcHD0/EcecCcZmAQ/Sic71jVzAxq7JKbA38RntWvQoK4BVPY3LDhBBMW97WHAT3k XQve2O8L1vegnGfxatE1 =nsTK -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Which release should we be using?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 So I'm currently running 1.4.10 for GNU/Linux even though I know that 2.0 has been out for a while. I chose to stick with 1.4.10 and 1.4.11 because I don't like having to use pinentry since it doesn't support cut and paste. My questions are these: 1) Is there any real reason why I *shouldn't* be using the 1.4.x branch of GPG? and 2) If I should be using 2.0, is there a way to disable pinentry so gpg can work the way the 1.4.x releases do? Thanks! Anthony -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJOUhNRAAoJEFMVikTZRCu/wJ4P/06+2DhvBLDlHrtdGWUypbpC GjwiYLWWT22Bfim3+9a+qUghn1v3HZiuxnqiYysBsrlxgS4M/5GjtOK1SoqfDKhz DB2o8/pO74H57b3b96Ex67J/Ct15TkViQa/782G4kbjo42LhHMMkiQ5Qu0BXBZ+t 0f6qswU1BBO7rn8pA9o2rpktsvZHdx0omtIQd7WdTRzs9gqb6gBipH2vyxObP/9n wXiagPgdF+/U85eLyZxeK5tBTi+FSjdNZH1b5dIsjKBJWPWEBBPsoY37oqrcc+8y krNt/ZNqoKSSJ3VmT6NLhto+FE///WiWeYFuWm1uTrp+VkFGvjZjOiQEWu5KdxF3 kFjcodLDs27fscNWzD+jT+FAytdzmzMHCEa6FarDY0zaguG1WRlJm6P1t5HwG12L ZIM7CantCNFgW1x2HmQOZcZw7oiQoPkMCZTde/8q8F1YR3bj7rPvxJw5fQ/3u7B4 Fjh8RlFs8F80I8fZeqhaaLAwYHQ8Z+HfwrKx0+QuoRETO6zMvG1onXTQP287Nr+P jhEAVqS44scBSdtWuUqPGKocGhkRPGL04mwv1O3WAHwxHYQQ2EYTP+RIvQ2bmxB5 vStdK4FJNz/ISz503TbqzJbFDy8knIdpcMa7XKaEJ+gV5f4QxaSIfwxDMWVAmyVu gdVBZfDLCw6VNZOVqZkF =6ELm -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Storing secrets on other people's computers
Does having possession of your secret key really make you less secure? I mean the whole purpose of a passphrase is because you assume your secret key is *not* safe simply being unprotected in your possession. Law enforcement, hackers, even friends could *easily* get physical access to your key so it's the passphrase that's of value. I've actually thought about posting my key to Bittorrent in case I ever lost it. It's economical and just as secure as sitting on my pc. As long as you have a good passphrase, having physical possession of your key gives an attacker no real advantage. Anthony On 5/5/11, Jerome Baum wrote: > On Thu, May 5, 2011 at 15:15, Daniel Kahn Gillmor > wrote: > >> PS If Robert follows through on this, he certainly wouldn't be the only >> person to publish his secret key. Search for "BEGIN PGP PRIVATE KEY >> BLOCK" in your favorite search engine. >> > > I do wonder how many of those are to make past signatures deniable, and how > many can be accounted to "I feel that my pass-phrase is safe". > > For the latter, I don't get it -- it's not like keeping the key secret takes > a lot of effort -- but it does decrease your security ever so slightly. > Besides proving a point, why would you publish? > > -- > Jerome Baum > > tel +49-1578-8434336 > email jer...@jeromebaum.com > -- > PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A > PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA > -- Sent from my mobile device Anthony Papillion Lead Developer / Owner Get real about your software/web development and IT Services (918) 919-4624 Facebook: http://www.facebook.com/cajuntechie My Blog: http://www.cajuntechie.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Storing secrets on other people's computers
The typical user most likely *does* believe files are locally encrypted then sent to Dropbox. But isn't that still pretty meaningless? If Dropbox is encrypting your file then you have to trust that Dropbox either can't decrypt the file or that, if they can, they would never under any circumstance compromise your security. One name: HushMail. If you don't encrypt it yourself using a tool that is *known* to be secure then it really can't be trusted. Someone hacking a server is really the least of your security worries. Anthony On 5/4/11, Jeffrey Walton wrote: > On Wed, May 4, 2011 at 10:24 PM, M.R. wrote: >> On 03/05/11 15:50, Daniel Kahn Gillmor wrote: >> >>> Dropbox exposes your secret >>> keys to dropbox employees (and anyone who can convince them to snoop): >>> >>> >>> http://paranoia.dubfire.net/2011/04/how-dropbox-sacrifices-user-privacy-for.html >> >> That article makes no sense at all. >> > I was somewhat surprised at the article. > > I think a typical user expects that a file is encrypted locally and > then securely transmitted to DropBox for storage. (I don't use > DropBox, but its what I expected). I don't believe anyone would expect > that DropBox transmits a plain text file and then encrypts the file at > its leisure and pleasure. > > OT: I was just getting ready to audit DropBox via their public API for > another project. The article saved me a lot of time. > > Jeff > > ___________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- Anthony Papillion Lead Developer / Owner Get real about your software/web development and IT Services (918) 919-4624 Facebook: http://www.facebook.com/cajuntechie My Blog: http://www.cajuntechie.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Allowing paste into pinentry-gtk-2?
I don't have an answer to your question, Todd, but I have to second your frustration with not being able to paste to the pinentry. I've never really seen a good justification as to why paste has been disallowed either so I'd love to see it implemented. Anthony On 4/16/11, Todd A. Jacobs wrote: > Currently, it looks like pinentry-gtk-2 (I'm using 0.8.0) doesn't allow > pasting from the clipboard. This is annoying, because a truly long, > randomized password is not practical to type into a hidden dialog box. It > really seems like pinentry forces one to use short, insecure passwords. One > supposes there is a trade-off in security here, but I'm more concerned about > brute-force attacks on the passphrase than I am about someone sniffing the > clipboard--it seems that if they have access to my clipboard, they can > probably log my keystrokes, anyway, right? So offline attacks against the > key's passphrase seem more likely. > > So, I really have two questions. First, is it possible to force pinentry > dialogs to allow pasting from the clipboard? Secondly, is it possible to > force the CLI to use an alternate pinentry (say, pinentry-curses) or some > other method to populate an existing gpg-agent with a cached passphrase? > -- Sent from my mobile device Anthony Papillion Lead Developer / Owner Get real about your software/web development and IT Services (918) 919-4624 Facebook: http://www.facebook.com/cajuntechie My Blog: http://www.cajuntechie.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Syncing secring for mobile users
On 10/28/2010 09:14 AM, Thomas Lecavelier wrote: > Hi, > > I tried many times to use GPG on a day-to-day basis. It often starts very > well: I sign every mail I sent, evangelis people asking about my strange > signatures, etc. But there's a fact: I'm a computer scientist worker, so I > work on many computers, but not at the same rate. > Currently, I'm at work, setting up my iMac. So I download an exported secring > from one of my personnal server. But I compare it to my keyring on my laptop, > and even on my phone: they *all* diverge. I'm owned. > > Here my true question: what's your workflow to sync your keyring between > multiple computers? I thought about having a ring for personnal usage, and a > ring for pro usage, but I'm consulting both my personnal and private email on > every computers. I can't think about a simple solution, so I'd be glad to > have your thoughts about it :) Hi Thomas, What about storing your entire secring on a removable drive and simply pointing gpg to that drive when you need to. If you're using more than one computer I would assume there might be some times when others have access to that machine so maybe storing your private key on a machine might not be the best practice. A removable drive might be the answer for you. To answer your question, I've not gotten my workflow quite down yet either. It's been about 10 years since I last had to use encryption technology and even then it was on a single, secure, machine that I had near total control over and there were protocols in place for accessing it. So I'm coming at this, essentially, as a new user. Right now, once a day, I export my entire secring to a thumb drive and then import it to my other computers. This seems to have worked for the most part, though there have been a few glitches. I'm still in the market for something better but that is what works for me at the moment. Anthony ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Question about keyservers on Windows
I'm running Windows XP Professional with SP3. On 10/20/10, Faramir wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > El 20-10-2010 14:36, Anthony Papillion escribió: >> Hello Everyone, >> >> I'm a new member of the list but I've been using GPG for a bit now on >> Linux. I recently installed it on my Windows machine and needed to >> revoke a compromised key. When I tried to send the information to the >> keyserver, I got the following error: >> >> Sending of keys failed >> gpg: sending key 0078B6E4 to hkp server pool.sks-keyservers.net >> gpg: system error while calling external program: No such file or >> directory >> gpg: WARNING: unable to remove tempfile (out) >> `C:\DOCUME~1\Anthony\LOCALS~1\Temp >> \gpg-A57D4D\tempout.txt': No such file or directory >> gpg: no handler for keyserver scheme `hkp' >> gpg: keyserver send failed: keyserver error >> >> I am using the latest version of GPG (downloaded from the site) and I >> KNOW this works on Linux. > > What version of Windows are you using? > > Best Regards > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.11 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQEcBAEBCAAGBQJMv0tuAAoJEMV4f6PvczxAswsH/Ap7L4LnKBf9VnPXprtH6iBN > eZvjIhl1CYfPTpyrTeWE5RW5qaLbPPCPkHYb/WzwGa4tTIPGBWb2JlIXjZrIvoE0 > DFiwvHjd2DKx25PMMJaUyV2dN3e4pGow2jbeGwmz7fShaSEjOeqUwaqLXa/+SR3V > xcrtw61whfvLH5hSkuc9qOmCxQvwGQ9Mbwnrq9fgQ0NYMxF1BJBN9wanmTTaoHeB > i5BgO5pRy2RN8pcNSiQE/F0HHTzVyCHuuVbWOIJNljUexqviozYY4skl6ts931kC > vk6fu8JpLQot38HN8PNdAISj24ol77aAXN5m2y2KXGnRS4BkXYCvWJibV/aeTpM= > =Ugrz > -END PGP SIGNATURE- > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- Sent from my mobile device Anthony Papillion Lead Developer / Owner Advanced Data Concepts - "Enabling work anywhere" (918) 919-4624 Facebook: http://www.facebook.com/cajuntechie My Blog: http://www.cajuntechie.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Question about keyservers on Windows
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Everyone, I'm a new member of the list but I've been using GPG for a bit now on Linux. I recently installed it on my Windows machine and needed to revoke a compromised key. When I tried to send the information to the keyserver, I got the following error: Sending of keys failed gpg: sending key 0078B6E4 to hkp server pool.sks-keyservers.net gpg: system error while calling external program: No such file or directory gpg: WARNING: unable to remove tempfile (out) `C:\DOCUME~1\Anthony\LOCALS~1\Temp \gpg-A57D4D\tempout.txt': No such file or directory gpg: no handler for keyserver scheme `hkp' gpg: keyserver send failed: keyserver error I am using the latest version of GPG (downloaded from the site) and I KNOW this works on Linux. Can anyone help? Thanks! Anthony Papillion -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) iQIVAwUBTL8otoeUq9QAeLbkAQKPng/7BuQBLsZtTjsOqVjMC06u+J+Ya0arIfKP 9V+V5CtaPeUdxic7tDd84lqq1iZbG5VvHQp0RPcOgymXehqQfui6ox6656i2cD+f eFyTCNwisWw71nNjuDVALmlF037SiJHgVyKcRUot3E5VFE2IXjnuAp7F3q66F3Rd RJSHiW8i9eZTf/WRxVDffVdVsKLiSmOCnlainIx4iWva0jazgK+JmL3iP6MHtIfg iOaZvtnkwbjkI5utye7Eymz3mraMpVTqn+giTWbD0OCNgN54obOYmR0yW2GZpPU2 aahIqHKJRo4tmpEyOIyvfhMwEFlc9x99sxllq1GZ0X96HuY9nTBJWTVhGxC3JGRm I4INmqWTXRRkU1G2T7gWzlhnVJYGjsjvP7TAfmZrnsm3ZV8sPwyxapDwBddm+1TT +8hrP0SpPtGJJ/Wa5Y8QxsFHJbleV0Z6JniH9ynIMLTRa6KUQbSIfdhsawiCxN3i 4t9faE6o6ohf9B+m7xp69R2ZDKWdrvFmTpadDxhSDNp9FtGB+uKEXr6tBDU7bb+0 GsUlWeNyzUV2XJ0Nfg8DhUq652nLn8D5QBYm1fn4IGIInyIZznN1lYetNYJGK9Go XsHYZKBWX6nPZfWqN9qgdMOhSDKFuZTNww3BV+fZ4yL5bkeiqFBnthk7I3ahZEF3 gMFVQxp9DNE= =+kKD -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users