Re: Smart card

[Doug Barton]

On 2017-04-04 10:27, Teemu Likonen wrote:

Will Senn [2017-04-04 00:19:11-05] wrote:


On 4/3/17 11:48 PM, Doug Barton wrote:

What's your threat model?


[...] I do not really know what I need vs what I think I need. In my
uneducated state, I think I want to be as secure as possible [...]


Considering possible threats is useful or even extremely important but
here's another point of view. Perhaps it can be just "I'm interested in
security technology and want to study smart cards. Thus, I'll buy one
and learn how it works. Maybe it will turn out useful or even
necessary."


There is nothing wrong with that point of view of course. The danger 
comes in when people promote things like smart cards to newbies as "The 
right way to do PGP." They are/would be overkill for 99.9% of people who 
use PGP, and the additional hassle and complexity serves as a barrier to 
entry.


Doug

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Smart card

[Doug Barton]

On 04/09/2017 11:01 AM, Mike Gerwitz wrote:

If I know a threat exists, I'm going to evaluate my threat model and
decide whether or not it is worth my time to mitigate it; whether I can
hope to mitigate it; and whether attempting to do so is going to put me
at even more risk for some other threat.


You and Rainer have gone on at great length about the part of the threat 
model equation dealing with the attacker. However, you don't seem to 
take into account the other part of the equation, what you are protecting.


The overwhelming number of PGP users simply use it because it's cool. 
They don't have anything approaching significant secrets to protect, 
it's just fun to do cryptography. There is nothing wrong with that, in 
and of itself. (Note, I acknowledge that there are people for whom 
signatures and encryption actually matter.)


There is not even anything wrong with the idea that using smart cards, 
air-gapped computers, detached signing subkeys, etc. *can* be part of 
that fun. The concern is that when folks tell the new users that they 
are *required*, that becomes problematic for a couple of reasons. First, 
it gives a false impression of how secure the "basic" version of GnuPG 
is in the first place. Perhaps more importantly, it places a much higher 
barrier to entry for new users; for no measurable ROI.


So if folks want to imagine that you live in a Bond film, and that 
SPECTRE is out to get you, so be it. I don't begrudge you that fantasy. 
But when it comes to offering advice to new users, please be realistic 
about what they are actually going to benefit from.


Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Fwd: Re: Smart card

[Doug Barton]

 Original Message 
Subject: Re: Smart card
Date: 2017-04-08 10:41
From: Doug Barton 
To: gnupg-users@gnupg.org

On 2017-04-04 10:27, Teemu Likonen wrote:

Will Senn [2017-04-04 00:19:11-05] wrote:


On 4/3/17 11:48 PM, Doug Barton wrote:

What's your threat model?


[...] I do not really know what I need vs what I think I need. In my
uneducated state, I think I want to be as secure as possible [...]


Considering possible threats is useful or even extremely important but
here's another point of view. Perhaps it can be just "I'm interested in
security technology and want to study smart cards. Thus, I'll buy one
and learn how it works. Maybe it will turn out useful or even
necessary."


There is nothing wrong with that point of view of course. The danger 
comes in when people promote things like smart cards to newbies as "The 
right way to do PGP." They are/would be overkill for 99.9% of people who 
use PGP, and the additional hassle and complexity serves as a barrier to 
entry.


Doug

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: That which we call a rose

[Doug Barton]

On 04/03/2017 06:57 AM, Peter Lebbing wrote:

On 03/04/17 15:30, Doug Barton wrote:

We really need to stop referring to this as signing.


I agree. But it might be too late.


It's never too late. Better is better. If we'd started being more 
rigorous years ago, TOFU never would have happened.


Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Smart card

[Doug Barton]

On 04/03/2017 08:33 PM, Will Senn wrote:

I didn't ask if I should get one. I asked if there were resources to
help a newb make decisions regarding them. While I sense a certain
disdain in your response, I'll make some clarifying comments in the hope
that its worth the effort...


Robert's answer was more than a little snarky, yes. But, you send your 
question to a free mailing list, you get what you paid for. :)


Meanwhile, go back to your first post, and remember the question I asked 
you, before anything else?


What's your threat model?

As Robert pointed out, it's really hard for us to give you a map if you 
can't tell us what you want your destination to be.


Doug

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: some beginner questions

[Doug Barton]

On 04/03/2017 04:20 AM, Peter Lebbing wrote:

On 02/04/17 21:00, Neal H. Walfield wrote:

In short, the main key acts as a level of indirection, which separates
your identity from your encryption/signing keys.


I'd like to extend this short description a bit :-). There is one
important somewhat-caveat, which is that you can't delegate the Certify
capability to a subkey. This means you always need to use the primary
key to sign other OpenPGP *keys*.


We really need to stop referring to this as signing. The number of ways 
that the same term is used to mean different things in PGP is a huge 
contributor to the confusion on the part of new users.


Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: some beginner questions

[Doug Barton]

On 04/03/2017 04:16 AM, Peter Lebbing wrote:

On 03/04/17 08:25, Doug Barton wrote:

That said, as long as you have a suitable passphrase your risk of key
compromise is really, really minimal, even if they did get total control
over your device. Barring coercion, the chances of someone guessing your
passphrase is near zero. And currently that's the only way to gain
access to a secret key, even if you have it in your possession.


I might misunderstand what you mean.


Yes, you did. :)


But when somebody has full access
to your device, they can simply log your keystrokes when you type the
passphrase, and get your passphrase that way. Key compromise is very
well possible without you knowningly handing over the passphrase.


You are correct, but that's a different threat model than someone simply 
stealing the device (which is what I wrote about). What you're 
describing implies a level of sophistication and coordination on the 
attacker's part that few of us are subject to, and certainly wasn't 
included in what Will said he was trying to guard against.



More generally, it is impossible to use GnuPG in a meaningful way on a
compromised device.


Well, yeah, but, again, not relevant to my post. :)

Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: some beginner questions

[Doug Barton]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 2017-04-02 16:18, Will Senn wrote:
> On 4/2/17 1:20 PM, Doug Barton wrote:
>> Some answers below, and you've already received some good answers, but
>> I have some more fundamental questions. :)
>> 
>> First, and an important question for security-related stuff generally,
>> what is your threat model? In other words, what dangers are you
>> guarding against by using PGP? You mention evangelizing your key, and
>> asking how to get more people to use PGP with you. Those are
>> reasonable questions, but the first is the most important.
>> 
> Doug, interesting term "threat model". I've seen it a few times and
> wasn't sure what it meant. Thanks for the simplified explanation. It's a
> piece of technical jargon that is part of the difficulty I saw with
> learning the OpenPGP terrain. While security folks probably dig the
> lingo, for the lay person, it's, well, interesting... I perceive my
> threat model as being 1) a risk that someone other than my intended
> recipient will gain access to information that I am sending to my
> intended recipient

Ok, for that scenario you probably don't want PGP. You probably want an
application like Signal. When PGP was invented there was nothing else
like it available. Nowadays that's not true. If you are interested
strictly in one-to-one communication, or one-to-many, Signal is a better
choice in the sense that it's much easier to use, much harder to get
wrong, and easier to get friends to opt into.

>  2) a risk that someone other than me will gain
> access to information that I want only to be accessible to me.

For that you DO want PGP, and a key can be useful, but is not necessary.
Symmetric encryption will work just as well for this use case, and is
simpler.

> I envision the solution, based on my understanding of available
> (affordable) technologies as being 1) secure method of transmitting
> information asynchronously over public media and 2) a method of
> encrypting information on local storage media.

Yep, that's about right.

> As you can see above, my threat model is neither comprehensive, nor is
> it fully informed. But, it's pretty much the same story for a lot of
> folks. I have learned over the past several weeks, that key management
> is potentially a vulnerable point... I kind of suspected this, but after
> hanging out in irc for a bit and tor, I'm kinda freaked out that it's a
> more widespread problem than most folks realize - trojans are everywhere
> :).

Yes. Key management takes dedication, and knowledge. It's easy to get
wrong, and not easy to get right. Using a purpose-built app like Signal
avoids that problem.

>> On 04/01/2017 07:10 AM, Will Senn wrote:
>> 
>>> 3. I've read
>>> https://superuser.com/questions/466396/how-to-manage-gpg-keys-across-multiple-systems
>>> 
>>> and other such pieces proclaiming the value of having the master key in
>>> a safe place and having subkeys on your actual devices.
>> 
>> What do you think a master key is, and why do you think it's important
>> to protect it? What kind of devices do you want to put signing subkeys
>> on? Why do you think that your use of PGP will be more secure if you
>> have a signing subkey on a device, instead of your "main key?"
>> 
> Neal pretty much spelled out a reasonable answer to these questions,

He didn't, actually. He parroted some text about them, which is more or
less correct. Also, you didn't answer my questions. :)  But I'll play
along for fun ...

> but
> I'm not having much luck signing with subkeys, so I'm not convinced this
> is worth the headache and increased complexity of key management.

It's not really that hard to do, what kind of problems are you having?
The instructions at https://wiki.debian.org/Subkeys are better, as is
the explanation. It would also be helpful to know what version of GnuPG
you're using.

I followed the instructions there and was able to successfully load the
exported key into roundcube (which I'm sending this message from to
verify that it works for others besides me) and K-9 Mail for Android
(through OpenKeychain).  I also tried moving my gnupg directory aside
and importing the exported signing-only subkey with the expected
results.

However, that still doesn't address the "issues" with this approach. It
only works for signing, if you want to be able to decrypt messages sent
to you on your devices then you need to keep a copy of your encryption
subkey on them as well. Personally, I would argue that is a much bigger
risk in terms of compromise, as people being able to send messages
signed by my key would be an annoyance, sure. But

Re: some beginner questions

[Doug Barton]

Some answers below, and you've already received some good answers, but I 
have some more fundamental questions. :)


First, and an important question for security-related stuff generally, 
what is your threat model? In other words, what dangers are you guarding 
against by using PGP? You mention evangelizing your key, and asking how 
to get more people to use PGP with you. Those are reasonable questions, 
but the first is the most important.


If you simply want a secure way to communicate with people that you know 
without others being able to snoop on the conversation, there are other, 
arguably better, and certainly easier, solutions. PGP has its use cases, 
but unless we know why you want to use it, it's nearly impossible to 
give you good advice.


More below.

On 04/01/2017 07:10 AM, Will Senn wrote:


3. I've read
https://superuser.com/questions/466396/how-to-manage-gpg-keys-across-multiple-systems
and other such pieces proclaiming the value of having the master key in
a safe place and having subkeys on your actual devices.


What do you think a master key is, and why do you think it's important 
to protect it? What kind of devices do you want to put signing subkeys 
on? Why do you think that your use of PGP will be more secure if you 
have a signing subkey on a device, instead of your "main key?"



4. Is it safe to refer to my public key/fingerprint information as I did
in the previous question with output from gpg?


In what way(s) do you think it could be unsafe?

Doug

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: haaveged + gpg --sign fails with "signing failed: Operation cancelled"

[Doug Barton]

That's not how you use haveged. It is supposed to start when the system 
boots, and run in the background, collecting entropy to seed the PRNG.


That said, if you are using a card for signing that's way more likely to 
be involved in the problems you're seeing. Try creating a key on the 
file system, and test using that first. If that works, then you've 
narrowed down your problems.


Doug


On 03/22/2017 11:33 PM, Rainer Hoerbe wrote:

Just for the record: Adding entropy using haveged does not work in my setup - 
it will cause the signature to fail without useful error message.

My setup is:
Linux keymgmt 4.9.14-200.fc25.x86_64 #1 SMP Mon Mar 13 19:26:40 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
gpg (GnuPG) 2.0.22
libgcrypt 1.5.3

The procedure that repeatedly fails when including haveged:
sudo /usr/sbin/pcscd
sudo /usr/sbin/haveged
gpg2 --import my_pub.gpg
gpg2 --card-status
echo -e "trust\n5\ny" > /tmp/gpg_editkey.cmd
gpg2 --command-file /tmp/gpg_editkey.cmd --edit-key
gpg2 --sign mydoc.txt

Regards,
Rainer Hörbe
Identinetics GmbH
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: ADMIN: Some mail addresses are now rewritten

[Doug Barton]

The appropriate place is the IETF, and/or lists related to the 
development of mailing list software.


Doug

On 03/15/2017 08:46 PM, Bill Broadley via Gnupg-users wrote:

But
finding a place that discusses standards that impact so many different pieces is
tricky.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Question about signing keys and trust.

[Doug Barton]

On 03/15/2017 02:14 PM, Jamie H. via Gnupg-users wrote:

Hello!

It's been a few years since I've messed with gpg, but I have an
application that needs something kind of like distributed groups.

Lets say I have: "key group" (which is owned by who-cares, it's a
public key only that represents a group of people)


The fact that more than one person has access to the key seems 
superfluous to your use case.



I have a person, lets say William Smith who has his key signed by
who-cares

William Smith then signs Betty Boop with his key.


So William Smith and Betty Boop are sort of like members of "key
group" because Betty Boop has a signature by someone who has their
key signed by the key group, and if Betty Boop signs someone, up to
n-depth, then those people become members of "key group". No one has
authority to add or remove people, except other members of the same
group.


This very unclear, but perhaps you have a more detailed implementation 
plan in mind, and this is just a summary.



... fast forward ..

In the application, lets say it's a spam fighting tool, a Betty Boop
marks a message as spam.

I trust members of "key group" to mark spam, but I don't trust them
with everything, just marking spam, so the spam message is deleted.

Popeye, who is a member of "alien group" marks something as spam too,
but since popeye doesn't have a key signed by someone in "key group",
I do not trust him to flag messages as spam, so I just ignore it.


This bit is clear, but if a spam detection tool is what you're 
developing, sharing the responsibility for flagging something as spam is 
a very bad idea. There has been a lot of e-ink spilled on this problem 
from all of the major mail providers. Essentially, users are incredibly 
bad at reliably tagging *their own mail* as spam, or not-spam. At best 
an individual's opinion on whether something is spam or not should be 
taken as one lightly weighted value in the overall determination. 
Developing a complex system of trusting users' opinions on this topic 
would be a waste of your time.



Problem is I can't see how! Is there a way I can look at someones
public key and (without importing anything into my personal key
files) list in a kind of chain fashion how many other signers there
were?


Sort of. You can use --list-packets, but it would be very painful.

It would actually be easier to import these keys onto their own rings 
using the no-default-keyring option. You probably also want to use 
no-import-clean option so that you can see all the signatures, including 
those from keys you have not already imported yet.


It's not *too* complicated to do this kind of stuff, but you have to 
really read the man page and understand how the pieces fit together.


I would also recommend that you use GNUPGHOME to create a separate 
environment from your own personal one.



I admit, GPG probably wasn't designed for this, and I don't really
get the whole trust level thing.. and if it's impossible or
impractical I'll find another way, but it would be convenient.


Trust is completely different from what you're describing here. 
(Unfortunately the term 'trust' is badly abused in PGP circles, and has 
at least 4 different meanings depending on context.)


You don't care about the trust *level* at all. Your only concern is 
whether or not the key you're examining is included in the web of trust 
for your tool. If your "group key" that you described above is the apex 
of the tree, you want to examine the key you have to see if it has a 
chain of trust back to that apex key. For keys which are close to the 
top, that would not be too expensive of an operation. But as your pool 
grows it could become quite expensive, as you'd have to check if 
signatures/keys have been revoked, expired, etc.


Another problem you have is that there is no way for the administrator 
of the system to decertify a user (kick them out of the group, so to 
speak). You would require the cooperation of every user in every chain 
of trust back to the apex key, and every other member of the group not 
to add them back.


As you point out, PGP is not really designed for this sort of thing. :)

That said, you may be able to learn some stuff from the software for 
this site:  http://pgp2.cs.uu.nl/wotsap/


hope this helps,

Doug

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PM from David Adamson -please ask on-list

[Doug Barton]

On 11/25/2016 02:28 AM, Stephan Beck wrote:

Hi David,

I kindly invite you to post your PM on-list. It might be of interest for
other people as well.


Why send this to the list, rather than to him privately?




___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: making a Debian Live CD for managing GnuPG master key and smartcards

[Doug Barton]

On 04/26/2016 06:37 AM, Robert J. Hansen wrote:

I've looked over your egpg code.  My bloodless technical evaluation is
simple: "it is nowhere near ready for production environments."  And I
think if you read over the other technical criticisms you've received,
you'll see this is pretty much a consensus opinion.


+1 on all counts.

FWIW,

Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Evangelzation discussion :Was [Re: making a Debian Live CD for managing GnuPG master key and smartcards]

[Doug Barton]

On 04/26/2016 02:40 PM, Bob (Robert) Cavanaugh wrote:

New thread for this topic...


For what it's worth, you didn't actually do that. What you did 
was to change the subject line of your reply. For those of us who use 
mail readers that actually thread, your message still appears under the 
original thread.



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Using a passphrase FD from variable and piped data for encryption

[Doug Barton]

On 04/19/2016 12:34 PM, Dashamir Hoxha wrote:

On Tue, Apr 19, 2016 at 9:18 PM, Doug Barton mailto:dougb@dougbarton.email>> wrote:

On 04/19/2016 05:12 AM, Dashamir Hoxha wrote:

I have written a small password utility, where passwords are
stored on
an encrypted archive.


This is a bad idea. You should instead use one of the
well-established solutions created and peer-reviewed by
knowledgeable folks. Personally I'm a big fan of KeePass.


Would you like to peer-review it?


Of course not. I already said that it's a bad idea. I can't be any 
clearer than that.


Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Using a passphrase FD from variable and piped data for encryption

[Doug Barton]

On 04/19/2016 05:12 AM, Dashamir Hoxha wrote:

I have written a small password utility, where passwords are stored on
an encrypted archive.


This is a bad idea. You should instead use one of the well-established 
solutions created and peer-reviewed by knowledgeable folks. Personally 
I'm a big fan of KeePass.


Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to interprete the output of --export-ownertrust?

[Doug Barton]

On 04/05/2016 05:57 AM, Daniel Baur wrote:

while it is off-topic: The In-Reply-to and References-header are not the
same.


Depending on the mail client that may or may not be true. :)

But more importantly, the existence of either header will tell the 
person looking at the headers that the message is not new, it's a 
response of some sort; which was the point I was trying to make.


When considering extending the life of an off-topic thread it's 
worthwhile to consider how much you're benefiting the members of the 
list, vs:


https://xkcd.com/386/

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to interprete the output of --export-ownertrust?

[Doug Barton]

On 04/04/2016 01:58 AM, Peter Lebbing wrote:

On 03/04/16 13:56, Peter Lebbing wrote:

Also, when you start a new topic, could you please post a fresh new
message to the mailing list, instead of replying to an unrelated post?


Two people mailed me to say they didn't think this had happened
(thanks!). They are right; sorry for my mistake.

For some unknown reason, /my/ mail reader thought it would be a good
idea to mix the threads, it was not Christine who did this. I have no
idea why, it's an odd bug. You can see what it looks like for me[1]. I
totally did not expect the problem to be on my side, but the mail was
clearly posted correctly. Again, my apologies to Christine.


As someone who is also hyper-sensitive to that issue, I've been right 
where you're at. :)  I learned to check the headers, and look for 
References: (sometimes spelled In-Reply-To:) with one or more message 
Ids after.


The problem you're seeing is that sometimes tbird's index gets corrupt. 
You can either rebuild the folder, or sometimes copying the new thread 
out of the folder, then copying it back in, does the trick.


hth,

Doug



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Verification via the web of trust

[Doug Barton]

On 03/24/2016 02:53 AM, Peter Lebbing wrote:

On 23/03/16 22:07, Doug Barton wrote:

1. You don't know if the key was in full control of the
person/organization it purports to represent before, during, or after
the signatures you are trusting were applied.

2. You don't know if the person in control of the key at the time the
thing you care about was signed was being coerced, or not.


These situations are rather more extreme than "is somebody MITM'ing my
connection to the apache.org webserver". If you can decide that somebody
authorized by the Apache Foundation to sign off on releases actually did
sign the code you got, that's actually of value.


But that's precisely my point. You have no idea what individual was 
actually responsible for signing the package you're downloading. It 
*could* be the same trusted package uploader that has signed the last 
few packages you grabbed, or it could be a nefarious individual who 
managed to get hold of Apache's secret key. My point is that there is no 
volume of signatures on or leading up to that key which will answer this 
question for you.



The trust starts somewhere, there is always some base step where you say
"I can't verify further, this will do". There are no absolutes in this
game. In fact, the two points you give are /always/ valid. They do not
make signatures useless.


I didn't say that they are useless. I said that we have to be realistic 
about what their value is (and isn't).


Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Verification via the web of trust

[Doug Barton]

On 03/23/2016 04:38 PM, Andrew Gallagher wrote:

On 23 Mar 2016, at 21:07, Doug Barton  wrote:



On 3/22/2016 11:14 AM, Andrew Gallagher wrote:
the question most useful to a user is "given this particular
signature, how much confidence should I invest in it?".


No, the question *most* users that bother to use the signature at all ask about it is, 
"Did it validate?"


You're contradicting something I didn't say.


Yes, I am. I'm trying to make a point. One which I think you failed to 
grasp.



The answer to *your* question, "How much confidence should I invest in it?" is, 
"Very little."


"Very little" is still better than "nothing", which is the only alternative on 
offer.


Except in certain specialized situations the only utility for a PGP signature is, 
"Does it show that the thing signed arrived unchanged?"


Unchanged compared to what? ;-)


I'm assuming that this is not a serious question.


You cannot reasonably place more confidence in it than that, regardless of the 
number of known signatures the key has.

1. You don't know if the key was in full control of the person/organization it 
purports to represent before, during, or after the signatures you are trusting 
were applied.

2. You don't know if the person in control of the key at the time the thing you 
care about was signed was being coerced, or not.

And as Robert pointed out, for organizational keys there is no way that you can 
associate control of the key with a known, trusted individual.


All true. And all beside the point that I was making, which is that a validated 
signature may not be much, but it's a) all that we have, and b) better than 
nothing.


No, it's *not* beside the point. You keep saying "better than nothing," 
which is technically correct, but not sufficient. We need to understand 
and discuss exactly *how much* better than nothing a valid signature is 
before we can seriously discuss how much weight to put on it, or how 
much spelunking through the WOT we're willing to perform, or (more 
importantly) recommend.



So trying to validate a key in the manner you described in your e-mail is at 
best a fool's errand. If you enjoy the work, by all means help yourself. But 
let's please stop pretending that signatures mean more than they really do.


Spending a lot of bandwidth refuting straw man points that I didn't actually 
make is also a fools' errand. ;-)


Ok, so let me be more direct, since I was obviously too subtle the first 
time. You described downloading keys and validating signatures in an 
effort to validate a key which signed a random software package that you 
downloaded from the Internet which is, by and large, a colossal waste of 
time. Further, you seem dangerously misinformed about what value to 
place on the work that you performed (that is, any actual increase in 
trust or validity that you placed on the key after you were done ... 
hint: It's zero).


Because of the three points I listed above, any work spent validating 
they key that made the signature is simply a waste of time. You cannot, 
and more importantly should not, impart any additional "trust" in 
signatures made by that key due to the work you performed.


Now it's your time to spend, so if you want to spend it thusly, that's 
great. More power to you. But before you create any grand plans or 
recommend that others do the same kind of work you really need to 
understand the situation better.


hope this helps,

Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Verification via the web of trust

[Doug Barton]

On 3/22/2016 11:14 AM, Andrew Gallagher wrote:

the question most useful to a user is "given this particular
signature, how much confidence should I invest in it?".


No, the question *most* users that bother to use the signature at all 
ask about it is, "Did it validate?"


The answer to *your* question, "How much confidence should I invest in 
it?" is, "Very little."


Except in certain specialized situations the only utility for a PGP 
signature is, "Does it show that the thing signed arrived unchanged?" 
You cannot reasonably place more confidence in it than that, regardless 
of the number of known signatures the key has.


1. You don't know if the key was in full control of the 
person/organization it purports to represent before, during, or after 
the signatures you are trusting were applied.


2. You don't know if the person in control of the key at the time the 
thing you care about was signed was being coerced, or not.


And as Robert pointed out, for organizational keys there is no way that 
you can associate control of the key with a known, trusted individual.


So trying to validate a key in the manner you described in your e-mail 
is at best a fool's errand. If you enjoy the work, by all means help 
yourself. But let's please stop pretending that signatures mean more 
than they really do.


Doug

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: SHA-1 checksums to be replaced with something better at https://gnupg.org/download/integrity_check.html ?

[Doug Barton]

On 03/17/2016 01:00 PM, Kristian Fiskerstrand wrote:

so if the server was to be compromised in some way ...


... the checksum (that you are downloading from the same server) becomes 
useless.


Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: (OT) mathematicians-discover-prime-conspiracy

[Doug Barton]

On 03/18/2016 05:18 AM, Peter Lebbing wrote:

Can someone point me in the direction of the solution to this
counterintuitive probability theory result?


You already got good answers as to why this happens from Viktor and 
Andrew. You can illustrate them by adding TT to your analysis.


Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: DNS record for finding a key from an e-mail address

[Doug Barton]

On 03/14/2016 03:25 PM, Mire, John wrote:

On 3/14/2016 15:38, Doug Barton wrote:

I think there is a system in place that works pretty well, keys are
not 'siloed' in one place but are distributed to every keyserver for
the public to see, its the sks openpgp keyservers.


I'm having trouble understanding your response, sorry. Are you saying 
that the DNS method involving the fingerprint and retrieval from the key 
server is better, or are you saying that no DNS method is necessary at all?


Doug

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: DNS record for finding a key from an e-mail address

[Doug Barton]

On 03/14/2016 05:21 PM, Brian Minton wrote:

Sounds like CERT (TYPE37) records?


Yes, the first example I gave is similar in nature to those records. For 
a variety of reasons the various communities involved have shied away 
from a general purpose record for this purpose, and have gravitated 
towards unique RRs instead (e.g., the TLSA record).


Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

DNS record for finding a key from an e-mail address

[Doug Barton]

Howdy,

The IETF is currently working on a specification for a DNS record 
(secured by DNSSEC) that will allow users to find a PGP key from an 
e-mail address. I'm interested in feedback on how y'all think that 
should work.


In one version the receiving user would create a truncated version of 
their key, using only the UID that is related to that e-mail address. 
The sending user would retrieve that key, and the mail software would 
rely on it to encrypt the mail to the receiving user. There is also some 
discussion in regards to how or whether the software doing the DNS 
lookup would, or would not, also utilize the sending user's key ring, 
but let's keep it simple for now.


In another version the receiving user would place the full fingerprint 
of their key in the DNS, and the sending user's software would use that 
fingerprint to retrieve the key and compare that retrieved key to the 
user's existing WOT, then inform the user of the results.


Of these alternatives, which do you see as most useful, and why? Or, do 
you imagine a different approach?


Doug

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gnupg doesn't create new keys

[Doug Barton]

On 03/14/2016 01:02 PM, Fabian Santiago wrote:

Technically yes. It's a hosted vps.


If you have any thought of using your key(s) for anything security 
related you need to create them on something you have exclusive control 
over. Creating them on someone else's virtual server means that they are 
compromised from the moment you create them.


That said, if you are just creating keys for fun, or for some sort of 
experiment, that's fine, but please don't publish them to the key servers.


Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ maintenance

[Doug Barton]

On 02/26/2016 07:29 AM, Robert J. Hansen wrote:

Why is it more resource intensive?


It's far more intensive of a much more limited resource: user happiness.
  Normal users tend to find hexadecimal frustrating:

"It's a *number*?  But it uses A through F."


This is something that only experience can fix.


"I don't understand.  Why do I need the long ID?"


This is something the FAQ should explain :)


"Wait, now I need to use the *entire* fingerprint?"


Ditto.


"You can't be serious: I need to give a 40-character serial number
whenever I need to identify a key?"


I'm not sure users care much how many characters they are copying and 
pasting.



"What do you *mean*, future keys will be expanding to 64 characters?!"


... In all this discussion about what's mathematically optimal, I'm
dejected to see how little we're talking about human factors.


... you might note that in my recent response I did mention a very 
important human factor. Consistent advice (always use the complete 
fingerprint to identify a key) is MUCH easier for users to remember than 
trying to teach them when they need it, and when they don't.


Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: FAQ maintenance

[Doug Barton]

On 02/25/2016 06:50 AM, Kristian Fiskerstrand wrote:

On 02/25/2016 02:38 PM, Peter Lebbing wrote:

(If this feels like droning on to you, just stop reading and go do
something fun!)



On 2016-02-25 14:25, Kristian Fiskerstrand wrote:

Now, the real question discussed here though isn't really
collission but preimage attack, that is a different story and far
more difficult :)



Thanks for the link! But my approach to it wasn't really from "is
it a problem in practice" but more "should this be the advice we
give" and "what's wrong with just using the fingerprint and be done
with it forever". We always tell users to use the fingerprint if
they need to be sure of authenticity. Or if I'm mistaken about
that, I think we should.



Well, it depends. Sure, should always use full fingerprint for
certificate validation etc, no question asked. But the internal keyid
and the packet structure use 64 bit keyid as identifier, so using
fingerprint in quite a number of other cases is more resource
intensive without necessarily improving too much (in particular in
cases where action from yourself is required, default key for signing
etc).


There is a value in future-proofing advice. It's true *today* that the 
64-bit key ID is used internally, but that may not be the case tomorrow.


There is also value in giving consistent advice. "Use the full 
fingerprint everywhere you need to identify a key" is much easier for 
users to understand than for them to try to remember which places they 
can/should use which method. Keep in mind that users are not going to be 
"doing PGP" on a day to day basis with the FAQ open in a neighboring 
window. If we can provide clear, consistent advice that's easy for users 
to remember we're way ahead of the game.


Doug

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: symmetric encryption and gpg-agent

[Doug Barton]

On 02/19/2016 12:59 PM, Janna Martl wrote:


So, is there a "good" way to get what I want: my email password stored
in a way that I only have to enter a passphrase once, and my master
password file stored in a way that I have to enter the passphrase every
time I want to look at the file?


Rather than using PGP to encrypt a master password file use a tool like 
KeePass which is specifically designed for the purpose.


Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: basic identity mgmt

[Doug Barton]

On 1/17/2016 2:17 AM, Peter Lebbing wrote:

On 17/01/16 03:19, Doug Barton wrote:

Further I don't see signing as all that interesting either.
[...]
We can infer things about these topics from our knowledge/beliefs
about the sender, but I can't think of any rational person would go
along with a request to "Pay Joe $10,000" just because the message
was PGP signed. Forget the validity of the key, that kind of request
would require serious OOB authentication.


Just because someone would
not agree to an outlandish request based on a valid signature, this
doesn't mean there aren't reasonable requests that are horribly bad.


[after lots of snipping]

Your example is a good one, but again I assert that it would be 
overwhelmingly foolish to rely on *just the signature* to indicate that 
the request to meet is a legitimate one.


You glossed over the points in my previous messages about the fact that 
we cannot know for sure if the person sending the message is actually 
who we think it is (i.e., that the legitimate correspondent has not lost 
control of the key), and that they are not being coerced, based on the 
signature alone. At minimum there should be some sort of "steganography" 
based on how the message is constructed, certain words or phrases, etc. 
That combined with the signature may be enough to prove the validity of 
the message.


But this thread started trying to refute my assertion that keeping 
certification keys air-gapped is pointlessly complicated. I haven't seen 
a refutation of that premise yet. :)


Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: basic identity mgmt

[Doug Barton]

On 01/16/2016 07:06 PM, Andrew Gallagher wrote:



On 17 Jan 2016, at 02:19, Doug Barton  wrote:.

OTOH, PGP is designed primarily to establish trust relationships between 
people, with human review of the results an integral part of the process.


That may have been the initial motivation. But consider that the most common 
real world use of PGP today is verification of code signatures - many of which 
are generated semi-automatically by build infrastructures such as Debian and 
verified by install tools. The trust relationship here is between your client 
and a build server, not people.


True enough, but what do those signatures actually mean?

But more importantly, what security measures are in place to prevent a 
rogue key from entering that WOT, in addition to a certification 
signature from a random key? Is the only thing someone would need to do 
to compromise a single certification key?



Glossing over authentication (because there's no real use case for those keys 
yet),


Two factor ssh smart card auth? I use it nearly every day - much more often 
than encrypted mail.


Sorry, all that does is replace something that already existed, works 
well, and is widely supported; with something more complex, often buggy, 
and not widely supported. That's not a use case, that's a solution 
looking for a problem.


That's not to say that someday there won't be a use case for 
authentication keys, but I haven't seen one yet.



I don't think anyone has sent me an encrypted mail in over a year, and the last 
one was about signing a PGP key. ;-)


You're corresponding with the wrong people. :)

Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: basic identity mgmt

[Doug Barton]

On 01/15/2016 01:37 PM, Andrew Gallagher wrote:

On 15/01/16 21:02, Doug Barton wrote:


On 01/15/2016 12:21 PM, Andrew Gallagher wrote:
|  I've
| worked on several projects for more than one financial institution,
| and airgaps like this are considered barely sufficient for some
| important keys. (Of course in such projects the idea of a
| certification subkey not on the airgapped machine would be
| completely unacceptable...)

That's interesting, and you have made me curious ... what's the threat
model? And what is that key certifying?


Most relevant example, a system where users can register their
authorisation keys against a semi-automated authority which signs them
for trust by a third system. The root key that certifies the automated
authority keys is offline. Essentially a private root CA.

Now, this example is using x509 rather than pgp,


Right, that's what I suspected. I have set up similar systems myself, 
and I'm very familiar with security requirements there.


X.509 is very different from PGP, although I do understand that in some 
ways the semantics are the same. Most particularly X.509 is used 
primarily to establish trust relationships between systems, not people. 
So the ability for a system to identify itself to another system, 
without human review being involved, is something much more precious 
that deserves a higher degree of protection.


OTOH, PGP is designed primarily to establish trust relationships between 
people, with human review of the results an integral part of the process.


I read your example, and there are numerous flaws with your theoretical 
threat model. Let's assume your premise, that someone could root a 
laptop, and by so doing gain access to use all of the PGP keys on that 
laptop (Note, I disagree with this premise, but let's grant it for 
argument's sake). There is no need to deal with the certification key at 
all in order to do the kind of damage you proposed. All you need to do 
is sign a message that authorizes your nefarious deeds. Said attacker 
would also have the ability to decrypt all manner of messages and/or 
data, all of which are likely to be vastly more interesting than what 
you propose.


In fact, I assert with a great deal of confidence that *for PGP*, the 
certification key is the least interesting key of the bunch, and yet 
it's the one that people have created this intricate protection 
mechanism for.


Further I don't see signing as all that interesting either. As has been 
discussed several times on this list the primary area of reliability for 
signing is to make sure that the message that arrived was the one that 
was sent. But it provides no guarantee about who was in control of the 
key when the message was signed, whether the signer was coerced, etc. We 
can infer things about these topics from our knowledge/beliefs about the 
sender, but I can't think of any rational person would go along with a 
request to "Pay Joe $10,000" just because the message was PGP signed. 
Forget the validity of the key, that kind of request would require 
serious OOB authentication.


Glossing over authentication (because there's no real use case for those 
keys yet), that leaves us with encryption, and that's where it's at, my 
friends. But unless you really enjoy making your life harder than it has 
to be, you can't routinely use encryption with an air-gapped key, so I 
remain unconvinced that there is a use case for air-gapping PGP keys. 
But I'm still willing to listen. :)


Doug

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: basic identity mgmt

[Doug Barton]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 01/15/2016 12:21 PM, Andrew Gallagher wrote:
| On 15/01/16 19:33, Doug Barton wrote:

|> This is a good example of why that method of working with your
|> keys is pointlessly complicated. :)
|
| It's complicated, but not necessarily _pointlessly_ so. Depending
| on circumstances it could be considered minimally prudent. I've
| worked on several projects for more than one financial institution,
| and airgaps like this are considered barely sufficient for some
| important keys. (Of course in such projects the idea of a
| certification subkey not on the airgapped machine would be
| completely unacceptable...)

That's interesting, and you have made me curious ... what's the threat
model? And what is that key certifying?

Doug

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJWmV5bAAoJEFzGhvEaGryE0DUH/ikPiqoloNaGaKLbhffEdbOy
Vwu/AmBIzqAgG9PRrOMQs0YVu0m+i5LaQiJ+ofiL/6ohWQWk2T5jny4mL+n2I/BP
Mposz7GYQcTHM0+4Dn7CTuEkGow0afOCqFte1FTibGb8amDquExn9EpfvBJeTde3
+Tfkh8HJFgWj/Kc1dxz4QR9bt7M5Z++XdstjOBE4vkJHsnbb8RsPMO6ammS5Vncf
EHJpmwNjz67p5dWyi2DsHA5q7epW02tpqqwQCpRbZzf2Qd/t6k9glGuk3kZMkI6T
x57YyOCO4J8skDQbffmqk0u7vb5Ogt4CdcyM8NKRZVo+DRV/pojt3tDuwXiX//E=
=Y3Xu
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: basic identity mgmt

[Doug Barton]

On 01/11/2016 08:35 AM, Lachlan Gunn wrote:


You've already received good answers on your questions, so some
questions for you. :)  What is your concern about signing the key?
And are you aware that local signatures will not be communicated
beyond your keyring?


I actually ran into this issue the other day.  For me it's problematic
because my certification key is on an offline machine, so it's
inconvenient to have to power it up and do a round-trip through the
airgap when I'm not going to propagate the signature anyway.  It's not a
dealbreaker but it's still a bit irritating.


This is a good example of why that method of working with your keys is 
pointlessly complicated. :)


Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: basic identity mgmt

[Doug Barton]

On 01/14/2016 11:35 AM, Wendy Oberg wrote:

From: "Doug Barton" [dougb@dougbarton.email]

What is your concern about signing the key?


Not so much a concern.  But I might want to make use of the predicate
"key X is valid" without having to sign anything, and without even having a
key.


You still haven't answered the "Why?" question. I'm not trying to badger 
you, I'm trying to find out if there is a use case that we're missing here.



Sounds like the "--tofu-policy good ..." in recent versions, as suggested
by Damien, may do the trick for this.


Unless I'm missing something that's not different in any material way 
from '--trust-model always'.



And  are you aware that local signatures will not be communicated beyond your
keyring?


Yes, thanks, W.


Ok, so why is that not the right solution for you?

Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Key selection order

[Doug Barton]

On 01/14/2016 01:41 PM, NdK wrote:

Il 14/01/2016 21:06, Andrew Gallagher ha scritto:


>Tofu does not guarantee identity persistence. Just because your correspondence 
hasn't been obviously tampered with (yet) does not mean that someone hasn't been 
MITMing you all along and biding their time.

As usual, it depends on your attack scenario.
If I have 10-years-old mails from someone I've never met, and all use
the same key, I can assume that either 1) that identity belongs to the
same person or 2) that an attacker MITMed*all*  my connections (from
every device I've had wherever I was and to every service I used).
Occam's razor and my "exposure profile" make me think it's 1):)


There are several more possible scenarios. The most plausible of which 
would be 3) Your correspondent is being coerced, and 4) Your 
correspondent has lost control of the key, and the new correspondent is 
skilled at mimicking the "real" one. Of course neither of those 
scenarios is defensible with either key verification strategy.



In other words,*time*  can be considered an 'out of band' channel.


It really can't ... if anything time increases the likelihood that the 
original key holder has lost control of the key.


Doug

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: basic identity mgmt

[Doug Barton]

On 01/10/2016 02:01 PM, Full Name wrote:

Do I have to sign it?  Is there no way to configure gpg locally to
say "the info in this key (fingerprint) is accurate", without having
to sign?

Is the semantics of signing with lsign or sign "the info in this key
is accurate"?


You've already received good answers on your questions, so some 
questions for you. :)  What is your concern about signing the key? And 
are you aware that local signatures will not be communicated beyond your 
keyring?


Doug



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg --encrypt-to says a key by fingerprint is ambigous

[Doug Barton]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 1/6/2016 8:03 AM, Lars Hollenbach wrote:
| Hello, When I use gpg --encrypt-to  I am getting
| this:
|
| gpg --encrypt-to 06195004D8FBF459786B2CA2D731496480A63D5A gpg: key
| specification '06195004D8FBF459786B2CA2D731496480A63D5A' is
| ambiguous gpg: (check argument of option '--encrypt-to') gpg:
| '06195004D8FBF459786B2CA2D731496480A63D5A' matches at least: gpg:
| 06195004D8FBF459786B2CA2D731496480A63D5A gpg:
| 06195004D8FBF459786B2CA2D731496480A63D5A

The error message seems pretty straightforward ... can you show us the
output of --list-keys for that fingerprint?

Doug
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBCAAGBQJWjXJNAAoJEFzGhvEaGryErNkH/2e81P2zaHt+EM0gvJp9VgrD
BqdiH6p8pzYLvQK1iVgMRymQXCjFhJWDFvWl1enOIeJbiO5OVHiK9vIuRRC7O3mF
mN0s84illeJfIHBjYANt7fdpUhHr/rQ+KYuAZ7yrbKVeQbZ47HfKpvhOf1ANb5nR
3xgGek4qD7lVSWmAMEKoDOmUqVlf3vq76pTYtce7R/kWrZVnlm2+PnkZ06PvB0ye
7eDkis1J3FBzCxHpdDCExjyh02QHwxBnqgu2MTusrtFY34JMWB/LBjeAwFf6Dy1M
6HcvzwY2M+8Fp6KK2Ift44jrMy8eEbXGqC2oGsw9S5MPIrn6XCI7fF2jie3/P9w=
=xxIx
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: can not decrypt file suddenly

[Doug Barton]

On 4/13/15 8:56 PM, jason zhang wrote:

Hi Doug
Yes, the problem started after the unscheduled shutdown. Unfortunately,
I don't have an archived version. The problem is that another
encrypted,  which I have not touched for sometime, cann't be opened either.


Well I'm sorry to say, that sounds like the files are corrupted. Run the 
following commands on both files (substitute  for the actual file 
names), and report the results:


file 
gpg --list-packets 

(Yes, the first command above is literally the word "file")

Doug

--
I am conducting an experiment in the efficacy of PGP/MIME signatures. 
This message should be signed. If it is not, or the signature does not 
validate, please let me know how you received this message (direct, or 
to a list) and the mail software you use. Thanks!




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: can not decrypt file suddenly

[Doug Barton]

On 4/13/15 8:07 PM, jason zhang wrote:

Hi NIIBE

Thank you very much for the help.

Yes, it asked me the passphrase just after "gpg: CAST5 encrypted data"
line, and I gave the passphrase. The passphrase is definitely right
since I used it very 2 or 3 days.


You mentioned that you had an unscheduled shutdown recently. Did the 
problem start shortly thereafter? Do you have an archived version of the 
file that you can compare this one too? It's not impossible that the 
encrypted file was corrupted.


Doug

--
I am conducting an experiment in the efficacy of PGP/MIME signatures. 
This message should be signed. If it is not, or the signature does not 
validate, please let me know how you received this message (direct, or 
to a list) and the mail software you use. Thanks!




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg 2.0.27 is updating the trustdb constantly, and taking minutes to do it

[Doug Barton]

On 3/28/15 3:48 AM, Werner Koch wrote:

Sorry for this.  It has already been fixed in the repo,


Just out of curiosity, do you have an ETA on a new release?

--
I am conducting an experiment in the efficacy of PGP/MIME signatures. 
This message should be signed. If it is not, or the signature does not 
validate, please let me know how you received this message (direct, or 
to a list) and the mail software you use. Thanks!




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PGP/MIME (Was: One alternative to SMTP for email: Confidant Mail)

[Doug Barton]

On 3/25/15 1:20 PM, Ville Määttä wrote:

On 25.03.15 21:41, Doug Barton wrote:

While this is strictly anecdotal evidence I would argue that it's a good
indication that we may not be ready for PGP/MIME as the default.


I think that fail, a signature.asc attachment, is still a "cleaner fail"
than a non-PGP receiver getting a breakdown from inline PGP. And that is
for every single email.


How are you using the term "breakdown" here? If their client isn't doing 
PGP they see some extraneous text, and a signature block. While I agree 
that for those not using PGP that is clutter, I am not sure what you 
mean by "breakdown."



I have not received a single question from anyone regarding my PGP/MIME
signed emails. Not one. And I'm talking about the ones that don't use
PGP / have no clue what PGP is.


We've already established that PGP/MIME is a "cleaner" solution for 
those that don't use PGP. I'm not debating that point, and I don't think 
anyone else is either.


The question at hand is for those that *do* use PGP, which is more 
effective? TMK there are no mail clients that fail to process a valid 
in-line signature, but obviously there are still clients that cannot 
correctly handle PGP/MIME.



FWIW, I have received various other messages privately from people who have 
said the same thing ... They can see the attachment, but either message 
verification fails, or there is no indication on their side that it is a 
PGP-signed message at all.


In this one I can see your email with the attachment, but also marked
with a "good signature".


Thank you for confirming, but we're both using Enigmail so I would 
suspect that would be the case. :)  Also, I can see the valid signatures 
on the message that I receive from the list. I'm glad to see that the 
old Mailman bug has been fixed in that regard.


Doug

--
I am conducting an experiment in the efficacy of PGP/MIME signatures. 
This message should be signed. If it is not, or the signature does not 
validate, please let me know how you received this message (direct, or 
to a list) and the mail software you use. Thanks!




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Weird error during key refresh

[Doug Barton]

On 3/25/15 11:12 AM, Kristian Fiskerstrand wrote:

On 03/25/2015 08:28 AM, Doug Barton wrote:

gpg --refresh-keys dougbarton.us


...


gpg: DBG: armor-keys-failed (KEY
0x9DD1E44C8660ADA6580F83B6C886A42BD5B2F0FB BEGIN ) ->0 gpg: DBG:
armor-keys-failed (KEY 0x9DD1E44C8660ADA6580F83B6C886A42BD5B2F0FB
END ) ->0 gpg: DBG: armor-keys-failed (KEY
0xE3520E149D053533C33A67DB5CC686F11A1ABC84 BEGIN

...



I'm using the latest on Mac from homebrew:



gpg --version gpg (GnuPG) 2.0.27


See http://lists.gnupg.org/pipermail/gnupg-devel/2015-February/029546.html


Thanks Kristian.

Doug

--
I am conducting an experiment in the efficacy of PGP/MIME signatures.
This message should be signed. If it is not, or the signature does not
validate, please let me know how you received this message (direct, or
to a list) and the mail software you use. Thanks!



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

PGP/MIME (Was: One alternative to SMTP for email: Confidant Mail)

[Doug Barton]

On 3/25/15 11:08 AM, Bob (Robert) Cavanaugh wrote:

Doug,
Signature shows as an attachment "signature.asc". No evidence that PGP actions 
were envoked. Work forces use of Synaptic PGP, so I cannot tell if it is verified or not.


Thanks Bob, that is interesting feedback.

FWIW, I have received various other messages privately from people who 
have said the same thing ... They can see the attachment, but either 
message verification fails, or there is no indication on their side that 
it is a PGP-signed message at all.


While this is strictly anecdotal evidence I would argue that it's a good 
indication that we may not be ready for PGP/MIME as the default.


Doug

--
I am conducting an experiment in the efficacy of PGP/MIME signatures. 
This message should be signed. If it is not, or the signature does not 
validate, please let me know how you received this message (direct, or 
to a list) and the mail software you use. Thanks!




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Weird error during key refresh

[Doug Barton]

gpg --refresh-keys dougbarton.us
gpg: refreshing 2 keys from hkp://na.pool.sks-keyservers.net
gpg: requesting key D5B2F0FB from hkp server na.pool.sks-keyservers.net
gpg: requesting key 1A1ABC84 from hkp server na.pool.sks-keyservers.net
gpg: DBG: armor-keys-failed (KEY 
0x9DD1E44C8660ADA6580F83B6C886A42BD5B2F0FB BEGIN

) ->0
gpg: DBG: armor-keys-failed (KEY 
0x9DD1E44C8660ADA6580F83B6C886A42BD5B2F0FB END

) ->0
gpg: DBG: armor-keys-failed (KEY 
0xE3520E149D053533C33A67DB5CC686F11A1ABC84 BEGIN

) ->0
gpg: Note: signatures using the MD5 algorithm are rejected
gpg: key D5B2F0FB: "Doug Barton " not changed
gpg: DBG: armor-keys-failed (KEY 
0xE3520E149D053533C33A67DB5CC686F11A1ABC84 END

) ->0
gpg: key 1A1ABC84: "Douglas Barton " not changed
gpg: Total number processed: 2
gpg:  unchanged: 2

I'm using the latest on Mac from homebrew:

gpg --version
gpg (GnuPG) 2.0.27
libgcrypt 1.6.3

Any ideas?

Doug

--
I am conducting an experiment in the efficacy of PGP/MIME signatures. 
This message should be signed. If it is not, or the signature does not 
validate, please let me know how you received this message (direct, or 
to a list) and the mail software you use. Thanks!




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: One alternative to SMTP for email: Confidant Mail

[Doug Barton]

On 3/23/15 8:27 PM, Mike Ingle wrote:

There has been some discussion on gnupg-users about replacing SMTP for
secure email, and how BitMessage does not scale.


You can use Jabber for secure messaging. Haven't tested it with OTR, but 
I imagine if the client could do it, it would work.


Doug

--
I am conducting an experiment in the efficacy of PGP/MIME signatures. 
This message should be signed. If it is not, or the signature does not 
validate, please let me know how you received this message (direct, or 
to a list) and the mail software you use. Thanks!




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PGP Encryption - Random Seed File and Keyring Questions

[Doug Barton]

On 3/23/15 12:07 PM, Clark Rivard wrote:

_Random Seed File and Keyring Questions _

It is my understanding that GnuPG stores a random seed file in its
working directory. This file is changed each time you use GnuPG.


This is true. You can completely ignore this file, it is used internally 
by GnuPG.



Can you have multiple folders containing a "set" of keyrings, trustdb,
and random seed file (each folder being used for a given recipient) and then
execute gpg using the folder specific to the recipient?


You could do that, but it is unnecessary. You can put multiple keys on 
their respective keyrings (public and private).


Doug

--
I am conducting an experiment in the efficacy of PGP/MIME signatures. 
This message should be signed. If it is not, or the signature does not 
validate, please let me know how you received this message (direct, or 
to a list) and the mail software you use. Thanks!




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG 1.4.19 - Encryption Questions

[Doug Barton]

On 3/23/15 11:59 AM, Clark Rivard wrote:

However, FC is telling me the files have differences.  Is this a valid
way to verify the encryption results are the same - or will they not be
the same?


It is expected that the encrypted files will be different, for several 
"mechanical" reasons which are not terribly interesting.


The only way to confirm that the contents of the file are the same is to 
decrypt them. However it is overwhelmingly unlikely that there will be 
anything different about the contents.


hope this helps,

Doug

--
I am conducting an experiment in the efficacy of PGP/MIME signatures. 
This message should be signed. If it is not, or the signature does not 
validate, please let me know how you received this message (direct, or 
to a list) and the mail software you use. Thanks!




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: --verify --status-fd separator for multiple signatures?

[Doug Barton]

On 3/19/15 10:39 AM, Patrick Schleizer wrote:

Hi,

when using --verify combined with --status-fd [or --status-file], how
can one notice in scripts, that processing the one signature is done and
that further status-fd messages belong to the next message?


You are using --with-colons, right?


--
I am conducting an experiment in the efficacy of PGP/MIME signatures. 
This message should be signed. If it is not, or the signature does not 
validate, please let me know how you received this message (direct, or 
to a list) and the mail software you use. Thanks!




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Copy Current GPG Installation to Another Server

[Doug Barton]

On 3/17/15 4:34 PM, Kristian Fiskerstrand wrote:

On 03/17/2015 10:04 PM, Doug Barton wrote:

On 3/17/15 1:54 PM, Peter Lebbing wrote:

-Original Message-






Assuming you get the package, the signature, and the fingerprint
from the same *.gnupg.org resources, what does that buy you?


Strictly speaking there could be multiple servers hosting the various
resources and only one of which is compromised.


I conceded from the start that there are scenarios where Peter's threat 
model is valid. However they are overwhelmingly unlikely.


You also seem to be ignoring the bootstrapping problem of educating the 
new users on doing proper validity checking for fingerprints, keys, etc.



It is also quite
common to download the source from mirror rather than *.gnupg.org directly


Yes, and mirrors, by definition, are copies of the original. So either 
they are all compromised (because the master is), or the subset of 
systems that get compromised will auto-correct at whatever interval they 
are set up to mirror the master.


So the scenario where "download the package and signature from one site 
and verify the fingerprint from another site provided by the same 
operator" is useful still falls into the "incredibly unlikely" category.



More extensive checking would be great, but would require a lot of
documentation to teach the users how to do it ... are you
volunteering to write it? :)



Its included in every announcement[0]. Just a verification by
cross-checking this information in various archives [1] mirroring the
announcement reduce the likelihood of an active compromise, and is a
far better to try to bootstrap a key validity in the absence of a
direct key path.

References:
[0] http://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html
[1] http://permalink.gmane.org/gmane.org.fsf.announce/2278


The announcements are of no use to the user going to the FTP site to 
download a new package unless they happen to be on the mailing list. And 
in any case, the archives and gmane.org mirror fall into the "same 
operator" trap described above.


The thing I'm trying to avoid here is adding complexity that does 
nothing but satisfy the OCD of experienced users who know the 
good/right/best way of doing things and add no real value to new users 
who are just trying to get started with the software.


If there were a comprehensive new-user guide that could explain all of 
this stuff that would be a valuable addition. But there isn't, and I'm 
not going to write one. So personally I'll settle for offering practical 
advice to folks at the level I think they're ready to deal with it. If 
you want to do more, then $DEITY bless you, I look forward to seeing 
your efforts.


Doug

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Copy Current GPG Installation to Another Server

[Doug Barton]

On 3/17/15 4:17 PM, Peter Lebbing wrote:

On 2015-03-17 23:18, Doug Barton wrote:

I think you are asking way too much, and
giving near-zero value in return.


I'm not asking for anything.


Originally you suggested that they verify the fingerprint, and use that 
to retrieve the key. Glad to see now that you realize that was not the 
right course of action. :)



I suggested they check the plain SHA1
checksum or even not check at all!


I would argue that verifying the signature when available is slightly 
better, but I won't quibble on this point. For most users it is true 
that the checksum is likely to be "just as good" as a signature 
verification.



I'm merely opposed to making people
think the short key ID is any good for verification purposes, or that
"when it comes to signed packages [it] is not really a necessity" to
check the validity of the signing key.


We will have to agree to disagree on this point.

Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Copy Current GPG Installation to Another Server

[Doug Barton]

On 3/17/15 2:56 PM, Peter Lebbing wrote:

On 17/03/15 22:34, Doug Barton wrote:

Assuming they're all protected by https, nothing.


I think you missed my point. If all three resources related to verification are
provided by the same source, then verifying the fingerprint gets you zero added
security. It's more or less equivalent to using a hash by itself.


No, I think that's what I mean as well. If they all come from the same source,
it gets you nothing to check the signature. So I don't see why you would verify
the signature at all.


Because it tells you that the package was not tampered with. I've 
covered this several times now.



So to start with, that's a pretty big hurdle to jump, and if you have access to
do that, then you almost certainly have access to do other things like changing
the fingerprint to verify.


By creating a short key ID collision, I'm also getting those people that read
your e-mail or a similar thing somewhere on the web, and just download the short
key ID. I'm also getting those people that get a "BAD signature" and then do a
new --recv-key with the short key ID in an unfortunate attempt to get it to
verify ("hmmm, maybe it has expired?").


Again, I think you're missing the bigger picture here. If you have write 
access to the FTP site, why would you even bother creating the signature 
for your malicious package with a key that has the same short key Id?


You're trying to defend against an incredibly unlikely threat model. If 
I download 'malicious package' + 'signature for malicious package 
created by key controlled by malicious actor,' one of two things is 
overwhelmingly likely to happen:


1. I blindly import the key, verify the signature, and move on; or
2. I import the key, perform a cursory review, verify the signature, and 
move on.


Either way, your short key Id collision is out of spec. The user in this 
situation has no way to know that there should be a short key Id other 
than the one that is related to the signature that they have in hand. 
Since both the package and the signature are under Eve's control, the 
threat model you are suggesting is a complete red herring.



But back to my primary objection:

I consider it bad advice to tell someone to rely on the short key ID. Sounds
like a bad habit potentially getting bootstrapped to me.

That's really all this is about.


Thank you for confirming your real motives. :) I understand in theory 
that relying solely on the short key Id is not a good practice in a 
situation where you want things to be "very secure." But we do indeed 
have a bootstrapping issue here, which is, "Where do you start when it 
comes to rank beginners?" I think you are asking way too much, and 
giving near-zero value in return.



You could also say they should check the sha1sum, like Clark ended up doing. Or
typing

gpg --fingerprint -k 4F25E3B6

and checking it says

pub   2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31]
   Key fingerprint = D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6
uid   [  full  ] Werner Koch (dist sig)
sub   2048R/AC87C71A 2011-01-12 [expires: 2019-12-31]

with a little caveat that you should actually get the fingerprint from somewhere
trusted, not from a stranger.


Sure, but now you've entered a very sticky briar patch, with a lot of 
bootstrapping knowledge that is not easy for a rank beginner to grasp. 
You and I "get" what you're talking about, but that knowledge came from 
experience. (and again, the extra security that you get is of very 
limited value at this stage of the game)


Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Copy Current GPG Installation to Another Server

[Doug Barton]

On 3/17/15 1:54 PM, Peter Lebbing wrote:

-Original Message-
From: Doug Barton [mailto:dougb@dougbarton.email]
Sent: Tuesday, March 17, 2015 3:07 PM
To: Clark Rivard
Subject: Re: Copy Current GPG Installation to Another Server
gpg: Signature made Fri Feb 27 00:55:58 2015 PST using RSA key ID
4F25E3B6
gpg: Good signature from "Werner Koch (dist sig)" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:  There is no indication that the signature belongs to the
owner.

You can safely ignore the warning, it simply means that you have not
validated the key yourself, which when it comes to signed packages is
not really a necessity.


Why is that?


Because in this situation you're often dealing with beginners who don't 
understand the subtleties involved in validating keys.



I understand getting a validated key can be tricky in
practice, but on the other hand, using *just* a short key ID to do your
verification feels like the other end of the spectrum... I think you
should at least verify the fingerprint on a web site or something.


Assuming you get the package, the signature, and the fingerprint from 
the same *.gnupg.org resources, what does that buy you?


If you've somehow downloaded the wrong key by short Id, the signature 
won't validate. If you have the right key, it will. That's enough to 
tell the user that the contents of the package are unaltered.


More extensive checking would be great, but would require a lot of 
documentation to teach the users how to do it ... are you volunteering 
to write it? :)


Doug



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Copy Current GPG Installation to Another Server

[Doug Barton]

On 3/17/15 2:19 PM, Peter Lebbing wrote:

On 17/03/15 22:04, Doug Barton wrote:

Assuming you get the package, the signature, and the fingerprint from the same
*.gnupg.org resources, what does that buy you?


Assuming they're all protected by https, nothing.


I think you missed my point. If all three resources related to 
verification are provided by the same source, then verifying the 
fingerprint gets you zero added security. It's more or less equivalent 
to using a hash by itself.



What does verification of that signature buy you though? That your download
wasn't corrupted?


I covered that later in the message, but basically, yes.


If you've somehow downloaded the wrong key by short Id, the signature won't
validate. If you have the right key, it will. That's enough to tell the user
that the contents of the package are unaltered.


If I were to place something nefarious inside a GnuPG download,


So to start with, that's a pretty big hurdle to jump, and if you have 
access to do that, then you almost certainly have access to do other 
things like changing the fingerprint to verify.


So in my threat model once Eve has access to the site where the 
downloads are posted, it's already game over. You can posit a threat 
model where Eve has access to one thing, but not the other, and that's 
fine; but there are way too many technical and social engineering tricks 
that can be performed if you have access to just the downloads. Your 
idea of "verify the fingerprint from a web page" provides little to no 
improved security in a world where the nefarious actor has no access to 
the downloads in the first place, and zero when they do.



I'd sign the
result with a key I created with the short key ID 4F25E3B6.


Why would you bother? Why not just sign it with a completely new key, 
and include in the comments something like "2015 Q1 Signing key for 
official purposes?" That's enough social engineering to "catch" the 
overwhelming majority of users, even the ones sophisticated enough to 
actually review the key that they just downloaded.



That way, your
--recv-key command will retrieve both my key and Werners, and the signature will
happily validate. Creating a short key ID collision is peanuts and can be done
with off-the-shelf software on a laptop.


... even assuming that this is relevant ...


This rakes in not just the people who don't check the signature,


when the malicious actor has access to the downloads, those people are 
already hosed, regardless of what extra security you're suggesting.



but also all
those who just verify the short key ID. Since it's hardly any effort, I'd do it,
even though it probably only gains me a few percent coverage.


... and as above, it's totally unnecessary.


More extensive checking would be great, but would require a lot of documentation
to teach the users how to do it ... are you volunteering to write it? :)


No, but I'm also not telling people they can verify using the short key ID. No
guidance is better than wrong guidance, IMHO.


In the first place, I disagree with your premise that no guidance is 
better. If for no other reason than providing the "wrong" guidance is 
likely to spur the people with the "right" answer into responding when 
they otherwise would not.


I also disagree with you that I'm providing the wrong guidance. :)

Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Copy Current GPG Installation to Another Server

[Doug Barton]

On 3/17/15 2:27 PM, Clark Rivard wrote:

How do you check the fingerprint?


Step 1 is that you have to get a validated version of the fingerprint of 
the key that you would have been using to verify the package if you 
could have downloaded that key in the first place.


The concept of validating keys is a much more advanced topic, and while 
I admire Peter's enthusiasm, isn't really a useful exercise for you to 
engage in at this point, especially since you can't seem to download the 
key that you would be validating with the fingerprint in the first place.


Doug



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Copy Current GPG Installation to Another Server

[Doug Barton]

On 3/17/15 2:09 PM, Clark Rivard wrote:

I tried all of the options below but still got the "HTTP fetch error 7".


That would indicate that the system(s) do not have access to the 
Internet. Is that an expected result?



I used the "sha1sum" option and got the expected result - does this verify the 
integrity adequately?


I can't tell you what is adequate for your situation. You have to make 
that judgement yourself.


Doug



-Original Message-
From: Doug Barton [mailto:dougb@dougbarton.email]
Sent: Tuesday, March 17, 2015 3:46 PM
To: Clark Rivard
Cc: GnuPG Users
Subject: Re: Copy Current GPG Installation to Another Server

On 3/17/15 1:42 PM, Clark Rivard wrote:

I ran the recv-key command again and got a message about "requesting key...from hkp server 
pool..." but then got "HTTP fetch error 7 couldn't connect: No error"

Any ideas?


Try it a few more times, you may have gotten a bad server from the pool.
If it still doesn't work, try the following:

hkp://keys.gnupg.net
hkp://subkeys.pgp.net
hkp://pgp.mit.edu

... and of course all of this assumes that the systems in question have network 
connectivity ...

Doug




___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Copy Current GPG Installation to Another Server

[Doug Barton]

On 3/17/15 1:42 PM, Clark Rivard wrote:

I ran the recv-key command again and got a message about "requesting key...from hkp server 
pool..." but then got "HTTP fetch error 7 couldn't connect: No error"

Any ideas?


Try it a few more times, you may have gotten a bad server from the pool. 
If it still doesn't work, try the following:


hkp://keys.gnupg.net
hkp://subkeys.pgp.net
hkp://pgp.mit.edu

... and of course all of this assumes that the systems in question have 
network connectivity ...


Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Copy Current GPG Installation to Another Server

[Doug Barton]

Please keep things on the list so that the most users can be helped.

You need to run the --recv-key command first, or the --verify command 
will continue to fail.


Try this:

gpg --keyserver hkp://pool.sks-keyservers.net --recv-key 4F25E3B6

Doug


On 3/17/15 1:23 PM, Clark Rivard wrote:

Doug

I ran the verify command and then tried the recv-key command but it came back 
with these messages

"no keyserver known "
"keyserver receive failed: bad URI"

I looked up the keyserver option but don’t know what keyserver name to use?

Thanks.


-Original Message-----
From: Doug Barton [mailto:dougb@dougbarton.email]
Sent: Tuesday, March 17, 2015 3:07 PM
To: Clark Rivard
Subject: Re: Copy Current GPG Installation to Another Server

You need to download the key referenced in the first message:

gpg --recv-key 4F25E3B6

then do your verify command again:

gpg --verify gnupg-w32cli-1.4.19.exe.sig gnupg-w32cli-1.4.19.exe

and you should get a result like this:

gpg: Signature made Fri Feb 27 00:55:58 2015 PST using RSA key ID 4F25E3B6
gpg: Good signature from "Werner Koch (dist sig)" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:  There is no indication that the signature belongs to the
owner.

You can safely ignore the warning, it simply means that you have not validated 
the key yourself, which when it comes to signed packages is not really a 
necessity.

hope this helps,

Doug


On 3/17/15 12:17 PM, Clark Rivard wrote:

Thanks for your fast response, Doug.

I am new to this so am struggling through for the first time.

I downloaded Version 1.4.19 and am "Checking the Integrity".  I have a version 
of gpg installed (by someone else a long time ago).
I ran the "gpg" command to check whether the signature file matches
the source file.  I get two messages back

"Signature made 02/27/15 03:55:58 using RSA key ID...  
"Can't check signature: public key not found"

The ID shown with the first message is a valid ID for Werner Koch per the 
documentation I have.
The second line confuses me - makes me wonder if the integrity has been checked.

Has the integrity been properly checked or do I need to do more?   Any help you 
can provide is much appreciated.

Clark


-Original Message-
From: Doug Barton [mailto:dougb@dougbarton.email]
Sent: Tuesday, March 17, 2015 1:16 PM
To: Clark Rivard; gnupg-users@gnupg.org
Subject: Re: Copy Current GPG Installation to Another Server

On 3/17/15 7:23 AM, Clark Rivard wrote:

I currently have GPG 1.4.8 installed on a Windows server.  Can the
c:\Programs Files (x86)\GNU\ directory simply be copied to another
server and used or do I need to go through the “download and
installation” process on the new server? Thanks.


1.4.8 is dangerously old. You should download the new version and install in 
both locations.

ftp://ftp.gnupg.org/gcrypt/binary/

hope this helps,

Doug






___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: what is the proper way to load gpg-agent with systemd

[Doug Barton]

That question was for Paulo, not you. :)  And FWIW, since you're using 
GnuPG 1.x the answer is no.


Doug


On 3/17/15 12:32 PM, Clark Rivard wrote:

I am running gpg command so I believe yes is the answer.  (I am a novice at 
this so still learning.)

-Original Message-
From: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of Doug 
Barton
Sent: Tuesday, March 17, 2015 2:21 PM
To: Paulo Lopes
Cc: gnupg-users@gnupg.org
Subject: Re: what is the proper way to load gpg-agent with systemd

Are you using gpg-agent to handle ssh agent responsibilities, yes or no?



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: what is the proper way to load gpg-agent with systemd

[Doug Barton]

Ok, then you need to start the agent prior to or during the X startup, 
so that the variables are available to your environment (as you were 
doing previously).


So, why are you trying to start the agent with systemd? What method were 
you using previously, and did you try it in the new OS version?


Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: what is the proper way to load gpg-agent with systemd

[Doug Barton]

Are you using gpg-agent to handle ssh agent responsibilities, yes or no?


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: what is the proper way to load gpg-agent with systemd

[Doug Barton]

On 3/17/15 7:48 AM, Paulo Lopes wrote:

Hello,

I've been using my gpg card with success in Ubuntu for a while but as
everyone knows the init system is switching from upstart to systemd as
it is happening on Debian and the vast majority of other distributions.

In the "past" one could start gpg-agent from the script that boots Xorg


Are you using the ssh-agent capabilities? If not, you don't need to do 
anything special to start the agent, it will use the socket method by 
default.


Also, do you have any evidence that the method you are currently using 
won't work with systemd? X starts well after the low-level system stuff 
is up and running, I'm having a hard time imagining why you couldn't 
continue doing what you're doing.


Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Copy Current GPG Installation to Another Server

[Doug Barton]

On 3/17/15 7:23 AM, Clark Rivard wrote:

I currently have GPG 1.4.8 installed on a Windows server.  Can the
c:\Programs Files (x86)\GNU\ directory simply be copied to another
server and used or do I need to go through the “download and
installation” process on the new server? Thanks.


1.4.8 is dangerously old. You should download the new version and 
install in both locations.


ftp://ftp.gnupg.org/gcrypt/binary/

hope this helps,

Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Enigmail speed geeking

[Doug Barton]

On 3/13/15 2:17 PM, Peter Lebbing wrote:

On 2015-03-13 19:54, Doug Barton wrote:

But it is a
major source of frustration when folks take comments out of context to
use the tiniest bit of leverage with which to forward an agenda.


WHAT?!?!

It is true, text is a truly god awful medium to communicate in.

We are apparently completely unaware of each other's intentions. I
honestly thought you thought a disadvantage of using a smartcard is that
you lose the key once it breaks. It quite surprised me, but I've seen
smart people have odd misconceptions of things[1], so I simply sought to
rectify it.

Let's put this whole thing to rest. Nobody thinks you can't have a
backup of a smartcard key, nobody thinks that a smartcard without a
backup is a useless thing, and we should all go and read a nice book.
Perhaps even for the third time, in my case. It's a nice book!

Peter.

[1] Sometimes in the mirror ;P


Thank you for clarifying.

Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Enigmail speed geeking

[Doug Barton]

On 3/13/15 7:22 AM, Peter Lebbing wrote:

I interpreted Dougs message as saying that a disadvantage of smartcards,
as opposed to on-disk keys, is that you lose the key when the smartcard
stops functioning. I was replying to this statement by Doug:


Further, the inconvenience of having to deal with generating and
socializing a new key if your smart card gets lost, becomes
inoperable, etc. is way too high a cost for near-zero benefit.


So I say: you should use backups, duh.

The fact that you /can/ use a smartcard without a backup, which as you
say can be advantageous, by no means implies that you /cannot/ keep a
backup. This is what I was saying.


Seriously? Wasn't it obvious from the context of what Robert and I wrote 
that we were talking about keys that existed only on a card? And even if 
that bit of subtlety escaped you, isn't it even more obvious that if you 
have a backup copy of the key already then the point I was making 
doesn't apply?


If neither of those things were obvious to you from the thread then 
maybe you should reconsider whether you should be posting on the topic 
at all.


Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Enigmail speed geeking

[Doug Barton]

On 3/13/15 11:23 AM, Robert J. Hansen wrote:

Seriously? Wasn't it obvious from the context of what Robert and
I wrote that we were talking about keys that existed only on a
card?


Let's calm things down, folks.  :)


FWIW, I'm perfectly calm, as in the sense of not angry. But it is a
major source of frustration when folks take comments out of context to
use the tiniest bit of leverage with which to forward an agenda. It's
not only intellectually dishonest, but it's a massive waste of
everyone's time when the conversation devolves into the degree that
some argument is correct in some context, no matter how far removed it
is from the actual point under discussion.

Calling "BS" on that rhetorical technique may get me a shiny new
"Curmudgeon" badge to add to my collection, but I still think it's a
worthwhile exercise.

Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: bugs.gnupg.org TLS certificate

[Doug Barton]

It's quite disingenuous to say you don't have an opinion, when obviously 
you do.


This topic was debated at length on this list when Heartbleed happened. 
There are two camps:


1. Those who think that if you offer any kind of free service, you have 
to offer all related services for free as well. "I want it, so you must 
give it to me."


2. Those who think that companies like StartSSL who are offering 
tremendous value to the community for free have the right to recoup some 
of their operational expenses for requests that go outside the norm, 
and/or cannot be handled with an automated system.


If you are in the first camp, you have every right to your belief, but 
that belief does not match up with the real world.


If you are in the second camp, pull up a chair, I've got a cooler full 
of $BEVERAGE that I'll be happy to share. :)


Doug


On 3/12/15 7:27 PM, Avi wrote:

I have no opinion one way or the other re: StartSSL, but there are those
who do:





etc.

Avi



User:Avraham

pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key)
mailto:avi.w...@gmail.com>>
Primary key fingerprint: 167C 063F 7981 A1F6 71EC ABAA 0D62 B019
F80E 29F9

On Thu, Mar 12, 2015 at 7:47 PM, Mick Crane mailto:mick.cr...@gmail.com>> wrote:




On 12 Mar 2015, at 23:21, Hugo Osvaldo Barrera mailto:h...@barrera.io>> wrote:

On 2015-03-11 17:38, Werner Koch wrote:
On Wed, 11 Mar 2015 15:12, br...@minton.name
 said:


git.gnupg.org ) don't use that
certificate.  Have you considered a wildcard
certificate?  I know this has been discussed before, e.g. at


Too expensive ;-).  To stop all these complaints I will add a so
called
real certificate but first I need to move the tracker to another
machine.


Shalom-Salam,

 Werner


No need for a wildcard one. Just get one free certificate for each
subdomain
from StartSSL.




___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Enigmail speed geeking

[Doug Barton]

On 3/12/15 8:51 AM, Robert J. Hansen wrote:

For many users, smart cards are a good idea.  (I've got one myself.)
But for just as many users, smart cards are inconvenient and overkill.


I would go so far as to say for the vast majority of users they are 
totally unnecessary. It's cool to play with smart cards, and I'm all in 
favor of that sort of thing ... but for the overwhelming number of PGP 
users the threat model just isn't there.


Further, the inconvenience of having to deal with generating and 
socializing a new key if your smart card gets lost, becomes inoperable, 
etc. is way too high a cost for near-zero benefit.


FWIW,

Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [cygwin] gpg-agent with ssh support ?

[Doug Barton]

On 3/12/15 2:59 AM, Werner Koch wrote:

On Wed, 11 Mar 2015 18:23, dougb@dougbarton.email said:


PuTTY also has its own agent support, which works quite well. I'm not
sure why it's necessary to reinvent the wheel here. :)


Because that integrates seemless with GnuPG.  For example you can use
your OpenPGP card (or other supoorted smartcards) for ssh.  No need for
the ssh-add kludge.


And that would be a good reason, sure. But I don't get the impression 
that the OP has one of those. :)


Doug



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [cygwin] gpg-agent with ssh support ?

[Doug Barton]

On 3/11/15 11:30 PM, Xavier Maillard wrote:


Doug Barton  writes:


Otherwise, there is an easy way to solve your problem on the Windows
platform, you should strongly consider it.


I fear I do not understand. Did I miss something ? Off course I'd
rather go the easy way ! :D


Try reading my previous post, and the web page that I included the URL 
for. It will explain it for you. :)


Doug



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [cygwin] gpg-agent with ssh support ?

[Doug Barton]

On 3/11/15 10:27 PM, Xavier Maillard wrote:


Doug Barton  writes:


On 3/11/15 3:15 AM, Werner Koch wrote:

The standard ssh client on Windows seems to be Putty; you may use it
with the native GnuPG for Windows (i.e. Gpg4win) by using the option
--enable-putty-support instead of --enable-ssh-support.


PuTTY also has its own agent support, which works quite well. I'm not
sure why it's necessary to reinvent the wheel here. :)


Still, one has to install a new piece of software but, in my case, it
can be ok.

So, just to be sure I understand:

1. install putty


2. Use PuTTY's agent, called Pageant.
http://the.earth.li/~sgtatham/putty/0.64/htmldoc/Chapter9.html#pageant

It comes in the PuTTY package, so nothing new to install.

Starting and running gpg-agent so that you can use it with ssh is very 
different from the "easy" socket method that is used for simple password 
entry.


If you have an actual reason to try and fit the square peg into the 
round hole, or if you're the kind of person who likes to do things the 
hard way for whatever reason, then I wish you the best of luck.


Otherwise, there is an easy way to solve your problem on the Windows 
platform, you should strongly consider it.


Good luck,

Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [cygwin] gpg-agent with ssh support ?

[Doug Barton]

On 3/11/15 3:15 AM, Werner Koch wrote:

The standard ssh client on Windows seems to be Putty; you may use it
with the native GnuPG for Windows (i.e. Gpg4win) by using the option
--enable-putty-support instead of --enable-ssh-support.


PuTTY also has its own agent support, which works quite well. I'm not 
sure why it's necessary to reinvent the wheel here. :)


Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Thoughts on GnuPG and automation

[Doug Barton]

On 3/9/15 2:10 PM, Bob (Robert) Cavanaugh wrote:

you will not get your desired results by starting the conversation impuning the 
work that went before and claiming that what you are asking for is far superior


OTOH, it's often useful when talking about a possible direction for new 
projects to have a frank and honest discussion about what did and did 
not work in old ones.


Just as you pointed out that the slights you perceived Hans-Christoph 
offering on GnuPG are unfair because it's not responsible for what other 
project teams have started and failed to complete; it's equally 
unreasonable for you to infer that he was offering that slight, and for 
the same reason.


The way I read Hans-Christoph's message was that there is a lack of 
coordination amongst various teams who have started API, wrapper, or 
other projects based on GnuPG tools, and that this fragmentation has 
harmed those efforts in various ways (including diverting precious 
resources to projects with little or no chance of success). And that it 
would be nice if we could take a hard look at what the real world 
requirements are for APIs and/or wrappers for various platforms, and 
have some coordinated effort put into work in this area.


Both of those sound like perfectly reasonable observations to me, and I 
did not perceive any suggested slight by Hans-Christoph at any point in 
the conversation.


FWIW,

Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Decrypting PGP/MIME on the command line

[Doug Barton]

On 3/1/15 3:34 PM, Daniel Kahn Gillmor wrote:

On Sun 2015-03-01 20:01:05 +0100, Werner Koch wrote:

On Sun,  1 Mar 2015 15:32, rp...@kcore.de said:


is there a command line utility that takes a PGP/MIME encrypted message
(a plain RFC 2822 text file) and outputs an unencrypted copy? The


Not really.  MIME is a structured format and as such it may result in a
bunch of encrypted, non-nencrypted, signed, unsigned,
message/alternative sub-documents.  Thus it is not easy to write a
general purpose command line tool.


python's email module is quite good for programmatically handling mime
parts if you want to manipulate an e-mail (though it may not be so good
for reconstructing it in some sort of bytewise exact fashion).


You may start with gpgparsemail which is not installed bald build as
part of gnupg in the tools directory.  It returns an annotated format
which might be easier for further processing steps than plain MIME.

If you only want to decrypt a standard MIME encrypted mail, it is easy.
Simply pipe the entire mail through gpg and you will get the decrypted
MIME container.


You should also note that any decryption like this is likely to remove
any OpenPGP signature as well, for those MUAs that do the
encryption+signing step all in one OpenPGP piece (i believe that the
gpgtools mail.app plugin places the OpenPGP signature inside a
multipart/signed MIME message, which is then itself encrypted, rather
than placing encryption and signatures all in the OpenPGP part
directly).

A tool that transforms an OpenPGP encrypted+signed MIME message into an
OpenPGP-signed MIME message while retaining the original signature would
be a really nice tool to have.


The signature is an attachment on a PGP/MIME message of course, so you'd 
have to preserve the two files separately.


My (Al)pine PGP filters are shell scripts that (amongst other things) 
will verify and decrypt PGP/MIME messages. You could easily adapt that 
code to output the canonical version of the message to a file, along 
with the corresponding signature.


hope this helps,

Doug

https://dougbarton.us/PGP/ppf/index.html


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Best practice to make one's key known, was Re: German ct magazine postulates death of pgp encryption

[Doug Barton]

On 2/27/15 10:10 PM, Marco Zehe wrote:

Hi Werner et al,


Am 27.02.2015 um 20:56 schrieb Werner Koch :

There is no trust in keyservers by design.  As soon as you start
changing this you are turning PGP into a centralized system.


OK, then I have a very practical question: Even though this is my
fourth or fifth attempt at establishing OpenPGP in my daily routine
since the mid 1990s, I am still confused by what the best way is to
make my public key known. So if, as you say, key servers are not
trusted by design, if I want to spread word around my available
public key, which source should I put in a signature? While reading
this list, I have seen quite a number of different approaches. Some
put their key ID along with the finger print and the URL of a key
server. Others put a link to the key file on a web server, others
just quote their key ID and finger print, or only either of those.

I have my key uploaded (and kept current) on key servers as well as
on my web site(s), and my Impressum links to the copy on my web
site rather than the key server URL.

So: What’s the best practice advice? (and yes, I looked in the FAQ,
but that didn’t prove conclusive to me.)


It's overwhelmingly likely that you are overthinking this. :)

If someone wants to correspond with you using PGP, they will ask. If
you sign a message, they will know that you are using PGP, and what
your key Id is. And you've posted it enough places that even a
moderately motivated person will be able to find it.

Relax, and enjoy the ride.

Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Doug Barton]

On 2/27/15 3:15 AM, Peter Lebbing wrote:

So what did this key attract, being on the keyserver for four years now?

22 Nigerian 419 scams. That's it. Twenty-two! They came in batches; I haven't
seen anything since March last year.


I've had a similar key out there for longer than four years, and my 
experience is the same. This is simply not an issue.


Doug

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Surprising command line options handling

[Doug Barton]

On 2/23/15 2:51 PM, Daniele Nicolodi wrote:

Hello,

I've been struggling quite a long while today trying to understand why
the following command does not do what I expected:

gpg --export-secret-subkeys 41E999D7! \
 --export-options export-reset-subkey-passwd

It does not reset the password on the exported subkey.

After some head scratching I recognized that gpg stop parsing arguments
when it encounters the key id and ignores what follows.


That's not 100% accurate, but I won't quibble. :)

The man page makes it very clear that the format is as follows:

gpg2 [--homedir dir] [--options file] [options] command [args]

options come before commands, and anything after the command is 
interpreted as an argument to the command.


hope this helps,

Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Help need to use truecryt + openpgp applet.

[Doug Barton]

On 2/19/15 12:16 AM, Pete Stephenson wrote:


Considering the way it was abandoned by its developers, TrueCrypt is
probably not the best choice going forward.


We don't know the whole story about what happened there, so I would be 
hesitant to attribute malice. For some of us who need to have the same 
data accessible on multiple platforms there is not a better option.


Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: 2.1.2: keyserver route failure

[Doug Barton]

It was not my intention to start an IPv6 advocacy thread, but in case 
anyone is interested in facts about the current state of things, this is 
a good summary:


http://www.slideshare.net/AkamaiTechnologies/edge-2014-ipv6-is-here-what-you-need-to-know

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Please remove MacGPG from gnupg.org due to serious security concerns

[Doug Barton]

On 2/18/15 2:52 AM, Jonathan Schleifer wrote:

Well, I guess you have to take into account that a lot of downloads are from packaging 
software like pkgsrc, FreeBSD ports, Gentoo portage, ArchLinux's makepkg, etc. Usually, 
these do download the signature and tarball once, verify it and then write a checksum to 
the Makefile / PKGBUILD / however it is called that is then verified. So I guess you 
can't easily map that to "Only x% of users check the downloaded tarball". I 
guess it's a lot more, it's just not all check it using the .sig.


Back when I was involved with the FreeBSD project I included code in the 
Makefile to verify the PGP signature for all of my ports that had one, 
as did a few other maintainers. However there was not only not a 
consensus to do this more generally, there was active opposition to 
doing it at all.


If you are a FreeBSD user and believe that this would be something 
beneficial to the ports system, please send them e-mail at 
freebsd-po...@freebsd.org and let them know. :)


Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: 2.1.2: keyserver route failure

[Doug Barton]

On 2/18/15 3:59 AM, Johan Wevers wrote:

On 18-02-2015 12:40, Werner Koch wrote:


Because the resolver tells that there is an  record.  It seems that
we need to figure out at runtime whether v6 is actually working.  Any
hints on how to do that?


The most easy solution in such cases is to try IPv4 first, if that
doesn't work or is unavailable, try IPv6 if available.


Yeah, please DO NOT do that. The more traffic we can push to IPv6 the 
better for everyone, both now and in the future.


I'll get some refs on testing IPv6 capability, give me a couple hours.

Doug



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Compiled binaries execute but exit with "Abort"

[Doug Barton]

On 2/17/15 12:12 PM, Errol Casey wrote:

gpg: WARNING: unsafe ownership on homedir `.'


What are the permissions on your home directory, and your ~/.gnupg 
directory?




___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: SSH generic socket forwarding for gpg-agent

[Doug Barton]

On 2/15/15 11:41 PM, Daniel Kahn Gillmor wrote:

On Sun 2015-02-15 16:06:05 -0500, NdK wrote:

Il 13/02/2015 23:23, Daniel Kahn Gillmor ha scritto:


The traditional argument against this sort of feature is that someone
with control over your local socket would most likely have control over
your graphical environment, and therefore could dismiss or hide any
prompt that comes up (so the prompting is a false sense of security).

Who told, not so long ago, that if the attacker have control of the
machine you're using you've already lost?
The machine from where one is originating the ssh connection have to be
quite trusted. Else you need a smartcard with out-of-band authorization
for every operation.


Yes, of course.  But the remote machine you're connecting *to* (and
forwarding your agent to) is outside of that trust boundary.

In situations where you want to make sure that you know (and approve of)
the use of the agent by the remote machine, you'd like a prompt to
appear within your (local, trusted) environment.


agent forwarding is off by default, and has to be enabled either on the 
command line, or in a config file. Why is further user interaction on 
this point necessary/desirable?


Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: MIME or inline signature ?

[Doug Barton]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 2/15/15 12:26 PM, Daniel Kahn Gillmor wrote:
| On Sat 2015-02-14 16:36:08 -0500, Doug Barton wrote:
|> FWIW, I hate this debate, and try hard to stay out of it. But it really
|> bothers me when people spread factually incorrect information,
|> especially when they try to use that as the basis of their arguments
|> for/against one method or the other.
|
| I feel the same way.

... and yet, you not only responded to this thread (fair enough, so did
I), but you took the time to write up an entire web page full of FUD on
the topic. :)  Methinks you do protest too much.

|>> * AFAIK, inline gpg has issues with non-ascii characters. 😞 Correct
me if I'm
|>> wrong.
|>
|> This hasn't been true for almost a decade, assuming that the person
|> using the non-ASCII characters has correctly set up their environment.
|> And FWIW, it's also not true that PGP/MIME will be 100% successful when
|> one of the communicants has not correctly set up their environment.
|
| if we're talking about signed messages with the possibility of an
| adversary who can modify the messages, then the the fact is that inline
| PGP messages have no way of securely indicating the character encoding
| in use.  This means that an attacker can actually modify how the
| cleartext message is interpreted by fiddling with data *outside* the
| message body.
|
| If we're talking about encrypted messages, the same problem holds.

If you are referring to the display of the message after it's decrypted
(which is influenced by the content-encoding header) then see below.

| I demonstrate this in the "Message tampering through header
| substitution" section here:
|
|   https://dkg.fifthhorseman.net/notes/inline-pgp-harmful/

You demonstrate what you claim to be a collision where signatures verify
in both cases (I am willing to give you the benefit of the doubt, I
haven't tested it). However the collision isn't meaningful. I don't
think anyone would receive a message that says, "pay 13" and think that it was what the
recipient intended to send. Not to mention, if you were actually sending
a message that meant to indicate an amount in monetary units you would
spell out the amount in addition to displaying it numerically.

Show me a *meaningful* collision that your attack surface is vulnerable
to, and I'll pay more attention to it.

| the lesson here is: if you care about getting the intended textual
| message through to your peer, you need to embed some information about
| the formatting *within* the signature.  PGP/MIME provides a clear,
| well-defined way to provide that information.

I don't deny the fact that PGP/MIME encodes the charset info in the body
that is signed. I simply deny that this fact is meaningful to the
overwhelming majority of users.

|> It's also not true that PGP/MIME protects you from metadata analysis.
|> The messages are not "one big blob," they are actually separated into
|> parts, including the attachments. It's trivial to see how many
|> attachments are in a message just by analyzing the MIME headers, whether
|> the message/attachments are encrypted or not.
|
| If we're talking about PGP/MIME encrypted messages, this is not correct.

The OP was talking specifically about signed messages with attachments.
I made the leap to encrypted, and you're correct, I'm at least partially
wrong about that. (I vaguely recall that there is a way to do an
encrypted MIME message with attachments that does not end up in one big
blob, but I may be mistaken about that. It's been a while since I poked
that stuff.)

However in the context of signed but not encrypted, my point still stands.

Some more errors from your web page:

1. Enigmail is very clear about what parts of the message are signed
when decoding an in-line signature. My implementation for Alpine is as
well. Do you have any concrete examples of implementations that are not?

2. IME (that is, actually writing code to decrypt and verify e-mail
messages of both types) it's actually MIME that is way, way worse to
handle when it comes to wrapping, EOL canonicalization, etc. The various
implementations play very fast and loose with the "standards" here,
Apple being by far the worst culprit. Of course, that means little to
nothing to the average users, since their MUA should be able to handle
these messages.

Just to give you an example, my script to verify in-line signatures is
84 lines, and most of that is the setup (secure temporary directory,
error handling, etc.) and the text of the messages that the script
prints to indicate to the user what it's doing. The MIME equivalent has
basically the same setup cost, but it's 159 lines long. Almost all of
the difference is exception handling for MUAs that don't properly follow
the standards.

3. 

Re: MIME or inline signature ?

[Doug Barton]

FWIW, I hate this debate, and try hard to stay out of it. But it really 
bothers me when people spread factually incorrect information, 
especially when they try to use that as the basis of their arguments 
for/against one method or the other.


On 2/14/15 7:49 AM, Hugo Osvaldo Barrera wrote:


Pros of GPG/Mime:
* It's a lot less ugly for users with no gpg support. The large signature block
   at the end and the gpg marks are hard to ignore.


Why are you signing mail that is being sent to people without PGP 
support in the first place?



* AFAIK, inline gpg has issues with non-ascii characters. 😞 Correct me if I'm
   wrong.


This hasn't been true for almost a decade, assuming that the person 
using the non-ASCII characters has correctly set up their environment. 
And FWIW, it's also not true that PGP/MIME will be 100% successful when 
one of the communicants has not correctly set up their environment.



* Inline-gpg includes a signature for each attachment. This allows third
   parties to count how many files are attached (and their filenames, I
   believe). gpg/mime include one huge blob, so third parties can't tell this
   sort of metadata.


Nothing you wrote in this section is 100% correct. You *can* send one 
signature per attachment, but you don't have to. You can also bundle the 
attachment and signature in an archive, or you can bundle a lot of 
attachments in the same archive, and sign that, or you can bundle all of 
the attachments and signatures in one archive  etc.


It's also not true that PGP/MIME protects you from metadata analysis. 
The messages are not "one big blob," they are actually separated into 
parts, including the attachments. It's trivial to see how many 
attachments are in a message just by analyzing the MIME headers, whether 
the message/attachments are encrypted or not.



In the end, I'd suggest you go with what you prefer on a whim, more than
techinical reasons.


... or, you could use what your correspondents are able to handle, since 
theoretically that's the point of communication in the first place? :)


hope this helps,

Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: MIME or inline signature ?

[Doug Barton]

On 2/13/15 4:01 AM, MFPA wrote:

In an OpenPGP-aware mail client, that is the decision of the
developer. For example, is there any huge reason why it would be a bad
idea to treat  the same as they
treat ?


And Enigmail, for example, can do exactly that. :)

Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Problems when encrypting to a group on MacGPG

[Doug Barton]

On 1/14/15 7:09 PM, Anthony Papillion wrote:

"gpg: O g: can't encode a 256 bit key in a 0 bit frame"

This happens after I tell the program to accept the final key in the
group as valid. But it doesn't seem to be related to a key since I've
deleted the final key and it still give me the error.


You're on the right track  delete some more keys, test again, repeat 
till you find the key causing problems. Depending on the number of keys 
it may be easier to add/delete a few at a time, do a binary search, etc.


Good luck,

Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: How to sign the name of the name as well, not just the file?

[Doug Barton]

On 1/12/15 10:44 AM, Patrick Schleizer wrote:

When using "gpg --armor --detach-sign some-file-version-c" a file:
some-file-version-c.asc will be created.

But an adversary position to arbitrarily change file names on a mirror
or so could rename it to some-file-version-d and some-file-version-d.asc.


Robert already gave you a method to deal with non-text items. If your 
example is a simple text file, put the name of the file in the file as 
part of your text: "This is version some-file-version-c"


hope this helps,

Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: preventing gpg-agent from storing a symmetric encryption key

[Doug Barton]

FYI, what you want to do doesn't make sense. :)

You should read the man page, and learn about inactivity timeouts for 
gpg-agent. Also, you can wipe the agent altogether quite easily.


Your concern about people gaining access to the console is well founded, 
but there are better solutions already available to you.


Doug

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: The praise of GnuPG @31C3

[Doug Barton]

On 12/31/2014 06:40 PM, Robert J. Hansen wrote:

The protocol was secure: you just had to configure it correctly.


Yes, thank you for your tidy summary of "Security 101." :)

What I'm looking for is some sort of concrete information about "When 
ssh is configured  the NSA can break it." I've seen quite a 
few sites make the claim that "zomg, ssh is broken!" but haven't yet 
seen any specifics.


Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GPG (v. 1.4.12) is not user-friendly

[Doug Barton]

On 12/31/2014 08:59 PM, Kelly Dean wrote:

I thought my original message made clear that I was trying to get the 
fingerprint. The point of my message was that GPG apparently requires pointless 
circumlocution for this simple function.


No, your original message contained nothing but the output of various 
commands. I'm sure it was clear to you, and it may even have been clear 
to some on the list. But assuming that people can infer meaning from 
such a post is not really a strategy for success. :)


Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: The praise of GnuPG @31C3

[Doug Barton]

On 12/31/2014 3:25 PM, mark hellewell wrote:

And the “ssh is broken” remark strikes me as a little dramatic, too.


Well I've seen vague references to some of the "less secure" settings 
being vulnerable, but I've yet to see, "everything below this line is 
vulnerable, everything above this line is thought to be safe."


If anyone has a reference ...

Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: The praise of GnuPG @31C3

[Doug Barton]

The death of IPsec has been greatly exaggerated:

https://nohats.ca/wordpress/blog/2014/12/29/dont-stop-using-ipsec-just-yet/

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Key selection

[Doug Barton]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 12/27/14 9:36 AM, Sandeep Murthy wrote:
| I have four keypairs associated with my main email, two of which
| are revoked and one expired. But if I try to edit the main key
| associated with email by
|
| $ gpg --edit-key 
|
| then it invokes gpg and points to one of the revoked keys rather
| than the active key. I have to explicitly give the short ID of the
| active key to edit that key and get its fingerprint.
|
| Is there a way to change this, or I am doing something wrong?

No, and no. :)

If you have multiple keys that match a pattern (such as your e-mail
address) then gpg is going to take its best guess as to which one you
mean. In this case, the guess isn't what you wanted, so you have to
specify the key Id.

hope this helps,

Doug

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJUnwt1AAoJEFzGhvEaGryEejcIALKK/abYjxcacUN1ZaFf/IvT
I9tlcId1CdCma1NP/X2xFmKeIBrRr0ANPb3FUFSMvwNNcZNcbpFsQRijq9+eyMgu
OoGPRpBs76DJuSy1QTMcwOyBGdjCqQMC0tJhIMj3qNd9QjsJxbzgqNBc41YIuwG7
4+FT8rRoJaEzxcBnzaz3ObVpBG/tA7LtYX6VOcADmskV6PFZsJDyUlGZcyFniWk1
c9PvJkz1J4P5Meg2i8Ktz6AZCCMuBkLcgiCWgIYTqWQIlcIHR90gP1coesETIrW1
zFNSk6UBeJ8xiOspuiLrd7jELJgXZ2mjWXNhwtrv47ACkpTMEGU4zNmz8WKsMc4=
=Cbyi
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] GnuPG 2.1.1 released

[Doug Barton]

On 12/19/14 11:28 AM, Ludwig Hügelschäfer wrote:
| On 19.12.14 18:09, Doug Barton wrote:
|
|> Thank you for the time you've spent on this, but a minor quibble if
|> you don't mind. Could you please provide signatures for the dmg
|> files,
|
| Open the .dmg and you'll notice the signature of the Installer
| (Install.pkg).

If you look at (what in my mind are) the parallels in Windows
(exes/installers) and Unix (tarballs) I don't have to perform any
actions on them at all prior to verifying the signatures. I'd like to
have the same luxury for the dmg file.

In addition to the above, the 1 signature only covers that 1 item, there
are other items in the dmg file.

Now that said, perhaps it is my relative unfamiliarity with the dmg
format that is causing my concern. It seems to me (on experience and
some reading, both limited) that there are "things" that happen when I
open one, similar to the autoplay feature for optical discs in Windows.
That's part of the reason I'd like to be able to verify the dmg before
opening it.

If that last concern is misplaced, then I am less hesitant, however it
would still seem to be a good operational practice to sign the whole
blob. Admittedly that is less tidy, as now you have two files to keep
track of instead of one, but since I use all 3 OS', it's not
particularly burdensome from my perspective.

Doug

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] GnuPG 2.1.1 released

[Doug Barton]

On 12/17/14 9:02 AM, Patrick Brunschwig wrote:


I created an installer for GnuPG 2.1.1 on Mac OS X, available from here:

http://sourceforge.net/projects/gpgosx/files/


Patrick,

Thank you for the time you've spent on this, but a minor quibble if you 
don't mind. Could you please provide signatures for the dmg files, and 
ideally sign the messages you send to the list about them?


Doug



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

OT, but related ... Google’s End-To-End Email Encryption Tool Gets Closer To Launch

[Doug Barton]

The relevant bit is that the code is now public at github, so anyone 
interested can review it, and provide comments.


http://techcrunch.com/2014/12/17/googles-end-to-end-email-encryption-tool-gets-closer-to-launch/

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Mainkey with many subkeys??

[Doug Barton]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 12/08/2014 10:48 AM, Tomo Ruby wrote:
| I know I could just set a new expiration date but most times it's
| recommended to use a key for two years at the longest.

Why do you think that's true? What threat do you think that using a
key for at most 2 years will protect you against?

Note, I'm not trying to attack you here ... you seem to have absorbed
some bad advice, or at best, advice that is intended for a different
use case. So maybe you could fill us in a bit on how you intend to use
your keys ...

Doug

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBCAAGBQJUhjOlAAoJEFzGhvEaGryERpYIALJdR30hoCq/xKMmGhf7++XP
ZYDc6ywzPc8CQru0mFygGXK3eG+WHEtB4gVgWC5VBcLE/eQ8wlgPwMdr5oZdClb9
+gb2AX+cWInh70XPSBVNkkZGqeZNFftgUcDCOaLDNZwQJ8XJJhRXC9h/bIRnxbzH
/T5VU9eUCsd2qoM4GJY1PJ0vOELmqg7K4WygKi6rMm0VtQgfFl2x3/bPAUH7fgCH
Sr+yOCK2d7IIntyAVoSFDo9fFF+8jVtatrIfNrl/HA90D4nfhG2lYJ9sAXMjrpIZ
AXMqQIaHEpgSN2cgazrlsnll4aLo0tSMMIhJMzGG0g3oEb3Jmctm+IA9uZ1V+jw=
=efi6
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users