key generation fails with Crypto Stick and MacOS X
Hi! Generating keys on a Crypto Stick with GnuPG 2.0.20 and latest MacOS X fails with an error. Attached are the logs of running scdaemon with option debug 2048. Any idea what's wrong? Regars, Jan gpg.log Description: Binary data ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: key length for smart card key generation
Am 01.03.2013 20:10, schrieb Branko Majic: ... Now to see if there's any way of using the OpenPGP card through PKCS#11 :) Try the PKCS#11 framework OpenSC. It supports the OpenPGP Card (and Crypto Stick) since version 0.13. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Gnupg and cardreader
Hi Gabriel! Before you can use any smart card, you need to store your keys on the smart card. Which card are you using? Am 04.02.2012 20:16, schrieb gabriel @ telenet: I have installed Gnupg 1.4.9 and Enigmail 1.3.5 on a Mozilla Thunderbird 10.0 mail client. My OS is Windows 7. Everyting works just great (can send and receive encrypted mails). When I try to use my cardreader (ACR38U), which by the way works fine with websites that require ID cards, I get an error: Your SmartCard reader could not be accessed Please attach your SmartCard reader, insert your card, and repeat the operation Is there a way to make that work? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: German Privacy Foundation Crypto-stick
After installing the package the UDEV rule should be located at /lib/udev/rules.d/40-cryptostick.rules Please check. Am 27.12.2011 09:00, schrieb mcmurphy: Hi, thank you for the answer. There is no difference. I'm not sure, whether the installation works. There is no new rule in /etc/udev/rules.d. Is it gnupg-ccid.rules in /etc/udev/? However: Nothing changed for not-sudoer-user. Maybe there is something wrong with udev or gpg? mcmurphy On 27.12.2011 00:50, Crypto Stick wrote: Hi! Please install this package (UDEV rule) and it should work. https://www.assembla.com/spaces/cryptostick/documents/ds_EMCisGr4k7QeJe5cbCb/download/ds_EMCisGr4k7QeJe5cbCb Am 27.12.2011 00:46, schrieb mcmurphy: Hi, i'm trying to work with the Crypto-stick of the German Privacy Foundation (https://www.privacyfoundation.de/crypto_stick/crypto_stick_english/) under ubuntu 11 64-bit. Unfortunately it works only for root or sudoers. An UNPRVILEGED user gets the following message: $ gpg --card-status gpg: selecting openpgp failed: unknown command gpg: OpenPGP Karte ist nicht vorhanden: Allgemeiner Fehler I searched a lot, tried some udev-rules, i.e. http://dokuwiki.nausch.org/doku.php/centos:cryptos or http://lists.gnupg.org/pipermail/gnupg-users/2011-February/040781.html. It makes no difference. Maybe you have some hints for solving this problem. Thanx mcmurphy ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: German Privacy Foundation Crypto-stick
Hi! Please install this package (UDEV rule) and it should work. https://www.assembla.com/spaces/cryptostick/documents/ds_EMCisGr4k7QeJe5cbCb/download/ds_EMCisGr4k7QeJe5cbCb Am 27.12.2011 00:46, schrieb mcmurphy: Hi, i'm trying to work with the Crypto-stick of the German Privacy Foundation (https://www.privacyfoundation.de/crypto_stick/crypto_stick_english/) under ubuntu 11 64-bit. Unfortunately it works only for root or sudoers. An UNPRVILEGED user gets the following message: $ gpg --card-status gpg: selecting openpgp failed: unknown command gpg: OpenPGP Karte ist nicht vorhanden: Allgemeiner Fehler I searched a lot, tried some udev-rules, i.e. http://dokuwiki.nausch.org/doku.php/centos:cryptos or http://lists.gnupg.org/pipermail/gnupg-users/2011-February/040781.html. It makes no difference. Maybe you have some hints for solving this problem. Thanx mcmurphy ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Card only available to root user
Hi Olav! Am 30.11.2011 05:06, schrieb Olav Seyfarth: Hi anonymous Crypto Stick and OpenPGP card users on Linux, You need an appropriate UDEV rule. On Debian you can install... Thanks for that link! Will the package find its way to the official debian repositories? I hope so. I submitted a bug report and am waiting for the packet maintainer to integrate it. See: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648332 Regards, Jan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Card only available to root user
Hi Luis, sorry for the late reply. You need an appropriate UDEV rule. On Debian you can install the following package: https://www.assembla.com/spaces/cryptostick/documents/ds_EMCisGr4k7QeJe5cbCb/download/ds_EMCisGr4k7QeJe5cbCb Alternatively and on other systems you might copy the following UDEV rule to the directory /etc/udev/rules.d https://www.privacyfoundation.de/wiki/CryptoStickSoftware?action=AttachFiledo=viewtarget=40-cryptostick.rules Am 05.08.2011 05:49, schrieb Luis de Bethencourt: On Thu, Aug 04, 2011 at 11:25:36PM +0200, Luis de Bethencourt wrote: Hi everybody and thanks for the help. I recently upgraded my GnuPG setup with a Smart Card (GnuPG Card v2). I can get/set the information of the card through the root user, but this is not good for everyday use. I think I have pinpointed the problem, scdaemon iny my machine doesn't like anybody but root. Here is a paste of a few commands to show the problem: luisbg@atlas ~ $ gpg --card-status gpg: selecting openpgp failed: Unsupported certificate gpg: OpenPGP card not available: Unsupported certificate luisbg@atlas ~ $ sudo gpg --card-status scdaemon[31077]: reading public key failed: Missing item in object scdaemon[31077]: reading public key failed: Missing item in object Application ID ...: D2760001240102050CC9 Version ..: 2.0 Manufacturer .: ZeitControl Serial number : 0CC9 Name of cardholder: Luis de Bethencourt Language prefs ...: en Sex ..: male URL of public key : http://people.collabora.com/~luisbg/gpg_pub_key_873B518D Login data ...: luisbg Signature PIN : not forced Key attributes ...: 2048R 2048R 2048R Max. PIN lengths .: 32 32 32 PIN retry counter : 3 0 3 Signature counter : 2 Signature key : 3F4A 28A6 568A CD30 480A F9EB 6BBF 9F19 873B 518D created : 2011-07-26 12:22:00 Encryption key: [none] Authentication key: [none] General key info..: [none] scdaemon[31077]: updating slot 0 status: 0x-0x0007 (0-1) luisbg@atlas ~ $ gpg-agent --server gpg-connect-agent OK Pleased to meet you SCD LEARN S SERIALNO D2760001240102050CC9 0 INQUIRE KNOWNCARDP D2760001240102050CC9 0 scdaemon[31088]: updating slot 0 status: 0x-0x0007 (0-1) Notice how I can check the status as root, and do SCD Learn as my user. But not check the status as my user (or sign my mails, which is the main problem). Also pcsc_scan works with my user, it shows the Serial number of the card. If it helps, I'm running gentoo with: gpg (GnuPG) 2.0.17 scdaemon (GnuPG) 2.0.17 pcsc-lite version 1.7.2 gpg-agent (GnuPG) 2.0.17 luisbg@atlas ~ $ gpgconf gpg:GPG for OpenPGP:/usr/bin/gpg2 gpg-agent:GPG Agent:/usr/bin/gpg-agent scdaemon:Smartcard Daemon:/usr/bin/scdaemon gpgsm:GPG for S/MIME:/usr/bin/gpgsm dirmngr:Directory Manager:/usr/bin/dirmngr Thanks a million for the help, Luis By the way, I should mention I have replicated this issue in my two gentoo-based machines. But then got the card and reader working very easily in an other machine which runs debian. So the hardware is OK. Unforunately for this case, my laptop is one of the gentoo machines, and that is the machine I will make more use of the card. Thanks, Luis ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [gpgtools-devel] Joint OpenPGP (JS) implementation
Hi! I'm just wondering if unhosted.org could be an interesting and easy to implement storage backend for OpenPGP.js. It's advantage is that the keys could be stored at a different server resp. service provider than the web application is hosted. Regards, Jan Am 22.11.2011 01:59, schrieb Alex (via GPGTools): Hi there, just updated the attached overview picture, added two more participants to this list (Jan (Crypto Stick) and David (DOMCrypt)) and also the GnuPG mailing list (might be of interest for someone there). Please have a look at the message thread below for details. If we can agree on the name OpenPGP.JS/openpgpjs (analog to videojs, pdfjs, ...) we should move the documentation, tickets and sources from https://github.com/GPGTools/openpgpjs/wiki https://github.com/GPGTools/openpgpjs/issues to https://github.com/openpgpjs/openpgpjs/wiki https://github.com/openpgpjs/openpgpjs/issues Best regards, Alex On 19.11.2011, at 23:04, Alex (via GPGTools) wrote: Hi there, also attached the scope of our project from my point of view. Best regards, Alex On 19.11.2011, at 11:55, Alex (via GPGTools) wrote: Hi there, just found GPG4Browsers[2], added the URL to our (temporary) wiki[2] and the contact to our (again temporary) mailing list. It seems to be clear that there is a big demand of a single core JavaScript OpenPGP implementation and we find more and more projects and developers. Still, the next issue seems to be to agree on a name before we can setup a infrastructure. Does anyone have a strong opinion on that (we can Doodle for a name)? I would like to continue with https://github.com/openpgpjs and add everyone interested in this project as admins. Best regards, Alex [1] http://gpg4browsers.recurity.com/ [2] https://github.com/GPGTools/openpgpjs/wiki On 19.11.2011, at 07:27, Ryan Sears wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Guys, So I realize that we're still in the very early stages of getting everything started, but I raised an issue here: https://github.com/GPGTools/openpgpjs/issues/9 about potentially moving to a different repo, as I feel like this is more under the GPGTools wing, and less of an independent project, with equal shares from all the developers (which is what I would like to see). I also wonder if we wish to stick with openpgpjs? Maybe we could come up with a cooler name? What are everyone else's thoughts on this? Also like I said last night, I'm all finished with the signature stuffs, so now it's mostly just getting everything more polished then it already is: http://fitblip.github.com/JSPGP-Stuffs/pubkey.html Ryan On 11/18/2011 11:30 AM, Alex (via GPGTools) wrote: Thanks. Added it to the page: https://github.com/GPGTools/openpgpjs/wiki On 18.11.2011, at 16:45, Lukas Pitschl | Dressy Vagabonds wrote: Hi, the most complete OpenPGP implementation besides GPG I could find was an implementation in Perl. http://search.cpan.org/dist/Crypt-OpenPGP/ Maybe it's possible to learn a little from it and help by porting portions to Javascript. Best, Lukas Am 18.11.2011 um 12:06 schrieb Alex (via GPGTools): Hi there, I think it would be good to outreach to the GPG mailing list. I agree, this is issue 5 ( https://github.com/GPGTools/openpgpjs/issues/5 ). If someone from our small list here could sum up our current status and plan on the wiki ( https://github.com/GPGTools/openpgpjs/wiki ), I will post to other mailing lists/google/twitter/..., ask for others to participate and link to the according wiki page for more information. Best regards, Alex On 18.11.2011, at 03:46, Sean Colyer wrote: I think it would be good to outreach to the GPG mailing list. Since Tino and Bill were added to this list, do either of you have any interest in working on this development? I still have not heard back from mete0r, unfortunately. I've continued to work on this from my end. I'm currently working on key generation, and seem to have most of the basics outlined... I'm having some trouble generating Key ID's that agree with the ID's generated by gpg. I believe I'm following 12.2 of RFC 4880 pretty closely, but I would love some insight if anyone has worked with this bit directly... On Sun, Nov 13, 2011 at 5:52 AM, Alex (via GPGTools) a...@gpgtools.org wrote: Hi there, * How to proceed (e.g. which infrastructure to use)? ... I can offer to extend our existing GPGTools infrastructure to host everything related to this project. just to take the next step: * Sources: https://github.com/GPGTools/openpgpjs/ * Tickets: https://github.com/GPGTools/openpgpjs/issues * Documentation: https://github.com/GPGTools/openpgpjs/wiki Best regards, Alex On 08.11.2011, at 23:59, Alex (via GPGTools) wrote: Hi there, Thank you for all your answers! I think there's a big chance for us to develop a core OpenPGP JavaScript core
Re: How secure are smartcards?
At the moment, my secret key is stored on my hard drive and is encrypted by a long passphrase. When I transfer my subkeys to the smartcard, will they actually be encrypted whilst they're on there? The very purpose of smartcards is to keep secret keys confidential and secure. This is achieved by physical protection, different layers, puzzling structure etc. This makes it very, very difficult to extract the keys. For a state-of-the-art smart card like the OpenPGP Card 2, I guess the price tag would be around 100.000 Euros. The beauty is that this protection can be provided without the burden for the user to remember a long passphrase, since this is not required to encrypt the keys. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Crypto Stick released!
Each of the three keys can be up to 3072 bit. In fact they can even be 4096 bit long; but GnuPG does currently not support such key length in cooperation with the Crypto Stick (but GnuPG can handle 4096 bit soft-keys without the Crypto Stick). On 03.06.2010 16:23, Perry, James J. wrote: From what I see on the advertisement, they say it has Three independent RSA keys (signature, encryption, authentication) with a length up to 3072 bit. While I don't speak Marketing, it sure sounds like each key is 1024 with the three of them taking up 3072 total. -Original Message- From: gnupg-users-boun...@gnupg.org [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of Joke de Buhr Sent: Thursday, June 03, 2010 10:12 AM To: j...@jameshoward.us Cc: gnupg-users@gnupg.org Subject: Re: Crypto Stick released! My stick works fine with 3072bit rsa keys. On Tuesday 25 May 2010 15:21:05 James P. Howard, II wrote: On 5/10/10 5:04 PM, Olav Seyfarth wrote: english version: http://www.privacyfoundation.de/crypto_stick/crypto_stick_english/ My Crypto Stick arrived in the mail yesterday (Maryland, United States--ordered on May 14). One thing I am confused about, it suggests it accepts RSA keys up to 3072 bits. However, when I tried to copy my existing 2048-bit RSA keys, GPG reponds with: Command keytocard Signature key : [none] Encryption key: [none] Authentication key: [none] You may only store a 1024 bit RSA key on the card I take it I am missing something obvious in this? James Proud partner. Susan G. Komen for the Cure. Please consider our environment before printing this e-mail or attachments. -- CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Crypto Stick released!
Looks very interesting. I'm curious how this differs from the SIM-sized card in a SIM-sized USB reader? For example, the regular 2.0 OpenPGP card in a SCR3320 USB stick reader (http://www.scmmicro.com/security/view_product_en.php?PID=6). Currently we are developing the next version which will contain more features: - hardware encrypted storage - simple HTML- and text-file-interfaces providing OpenPGP functionality without any software requirement - many more... ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users