Re: Help With GPG trust model
Hello Eason, Il 12 giugno 2024 alle 15:30 Eason Lu via Gnupg-users ha scritto: > Hi, I am writing this email to ask for help with how to GPG trust model works. > I have a PGP public key, key A. > In GPG if I do gpg --edit-key A trust then set full trust (4), it is > still shown as unknown, rather than full, is there any way to solve > this rather than marking it as 5. I trust other people’s keys with `gpg --sign-key `. You don’t need to upload the key to a key server or send it to the recipient if you don’t want to. Does this help? —F ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private-key backup
Hello Byunghee, Il 17 febbraio 2024 alle 14:52 Byunghee HWANG ha scritto: > I have a question. Where is the safest place to store the private-key? > Are there any best practices for this? Do you mean backups? If so, having at least two backup copies of your private key is good practice: - A copy on mass storage. - A copy printed on paper (ASCII armoured) [1] Those two copies should be stored in different places to minimise risks. I would also copy/print your revocation certificate. Does this help? —F [1] I actually did this by hand and if you have one of the modern `ed25519` keys it does not even take that long. http://www.ariis.it/static/articles/handwritten-pgp-key/page.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OT: Best way to send e-mails to a recipient that does know encryption
Il 02 gennaio 2024 alle 09:40 john doe via Gnupg-users ha scritto: > In other words, how do you use e-mails with a recipient that should be > able to open and reply to e-mails as usual. If email is not a strict requirement, two Matrix can be set up to have an encrypted conversation, same with XMPP —F ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Signature
Il 29 agosto 2023 alle 10:20 isp_stream via Gnupg-users ha scritto: > May I ask why you bring an attached signature in your e-mails and how you make > one in gnupg? Why: you want to assure the content of the email were not tampered with. How: it is taken care of by the client, you don’t manually sign and attach the signature — at leas I am not, using `mutt`. Start from your mail client documentation and you should be on the right track! —F ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Resurrecting the Monkeysphere 🐒
Hello John, Il 12 agosto 2023 alle 05:56 John Scott via Gnupg-users ha scritto: > I'm bringing back to life the Monkeysphere project which has fizzled > upstream. I love the concept and am willing to rewrite major components and, > more importantly, provide guides and integrations to make the experiment > successful. > > What is the Monkeyspherian way of doing things, you may ask? Monkeysphere is > all about taking an OpenPGP key and using it in other public key > cryptosystems. This has the benefit that the OpenPGP PKI can be leveraged. > GnuPG already supports this concept somewhat, allowing you to use the raw > public key in OpenPGP keys for X.509 certificates and OpenSSH. Thanks for posting here! It seems really an interesting project. I am not technically versed enough to help but I would like to follow development. Is there any repository, or site, or blog we can follow to get news about this? —F ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Public Key
Hello Richard, Il 26 febbraio 2023 alle 14:09 Richard Bostrom via Gnupg-users ha scritto: > May I please ask why some 4096 bit keys are longer then others? > > Richard Stallmans key is much longer then my 4096 bit key. I suspect: signatures. They make keys longer —F ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Public keys stored on different server
Hello Martin, Il 01 febbraio 2023 alle 10:32 Martin ha scritto: > More and more I see messages which are signed - but the author didn't > store his public key on a keyserver (eg. hkps://keys.openpgp.org) - > sometimes a footnote in the massages gives a link where the key could > be downloaded. Sometimes this link has a bad or strange https > certificate... > > What are the reasons for such a procedure and what is the advantage? Keyserver records are public and spammers can scan those (although: a) in 2022 I wonder if there is still much value in email spamming and b) some servers are taking countermeasures). This could be a reason why some people prefer not to upload their public key to keyservers. ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Does the PGP public key at https://www.washingtonpost.com/anonymous-news-tips/
Il 05 agosto 2022 alle 18:13 Michael Richardson ha scritto: > Francesco Ariis wrote: > > Il 05 agosto 2022 alle 17:28 Jay Sulzberger via Gnupg-users ha scritto: > >> Does the PGP public key at > >> https://www.washingtonpost.com/anonymous-news-tips/ work? > > > It gets copied in a weird way (i.e. some characters that should be > > newlines are instead spaces); I am not able to import it. > > Yeah, the marketing department screwed it up, and should have put on it. > It suggests that it has never really been used. That was what I was thinking. It would be interesting to see how long the key has been there in such a state. If the answer is “a long time”, that is quite a field report: it means signal and whatsapp (!) are more popular options (way more popular options) than PGP + email for secure communications. ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Does the PGP public key at https://www.washingtonpost.com/anonymous-news-tips/
Hello Jay, Il 05 agosto 2022 alle 17:28 Jay Sulzberger via Gnupg-users ha scritto: > Does the PGP public key at https://www.washingtonpost.com/anonymous-news-tips/ > work? It gets copied in a weird way (i.e. some characters that should be newlines are instead spaces); I am not able to import it. I cannot say whether that is just on my browser of choice or other browsers too —F ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Backing up your PGP key by hand
Il 25 maggio 2022 alle 21:13 Johan Wevers via Gnupg-users ha scritto: > On 2022-05-23 5:01, Stuart Longland via Gnupg-users wrote: > > > On the other hand, there are paper recordings that have lasted millennia. > > Since paper as we know it today doesn't even exist so long that can't be > true. Maybe you are pointing to the few surviving papyrus texts? Most > have not survived. Paper was first made in the Chinese Empire, around two millennia ago. Sheets made with high quality pulp survived to this day. Process is slightly different today, archivists also know a lot more about what is dangerous to paper preservation. ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Backing up your PGP key by hand
Hello Jonathan, Il 02 maggio 2022 alle 13:26 Jonathan Cross via Gnupg-users ha scritto: > Thank you for sharing this Francesco. > > Yes, having a secure, durable offline backup is important. > > Coming from the Bitcoin space, we've already explored many options in an > effort to allow users easily to back up private keys. > > I have to say the effort involved in your method seems unrealistic for most > users: > > [...] thanks for you feedback message! As you probably expect, I agree with (almost) everything you say. My experiment was to document something which — as far as I know — was not documented until now (although probably done numerous times) and a way to spur a discussion on the topic of “backing up keys when you cannot trust or do not have access to some devices”. The pain points are manifold: some might be mitigated (as Ingo Klöcker suggested, ed25519 keys are shorter, progressively moving to them would do a lot); some would need some reworking (or reimagining) of the tools we use today to sign out documents and encrypt out archives (as much as `paperkey` is convenient, a “native” solution will always be more reliable, user-friendly, future-proof). > But ideally such a system should be standardized and built into gpg so that > users can be sure they will be able to restore keys. This would be amazing and hopefully one day a standardised approach will come to light for PGP too. Happy encrypting everyone —F ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Backing up your PGP key by hand
Hello gnupg-users, I decided to back up my secret gpg key with pencil and paper, documenting the process here http://ariis.it/static/articles/handwritten-pgp-key/page.html It is tangent to gpg but I thought that other gnupg-users might have been interested in the whys and hows of the topic —F ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PGP Anonymous Board Idea
Hello Farhan, On Tue, Mar 05, 2019 at 02:39:37PM -0500, Farhan Khan via Gnupg-users wrote: > I had an idea for an anonymous PGP messaging board system and wanted to get > feedback on it or know if this idea has already been done. > > In short, this would be an anonymous messaging system where you can post > encrypted messages. Anyone can access the encrypted message but obviously only > the one with the private key can decrypt it. Receiving users can filter for > messages by their key ID to see if they have received anything. The system > also > replicates data across multiple servers so you can post a message on server A > and a user can view the message on server B. Your idea sounds similar (but not exactly the same) to alt.anonymous.messages [1]. [1] https://groups.google.com/forum/#!forum/alt.anonymous.messages ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to start gnupg?
Hello John, On Sat, Dec 01, 2018 at 10:33:35PM +, John Broyles wrote: > I have a large file that was encrypted with PGP and I want to decrypt it. Was encrypted by whom? Usually gpg tutorials start from creating your own key (which you and your friends can use to encrypt files to you), but apparently you have already created it. Or is it (if you know) a file encrypted with a simple passphrase (symmetric encryption)? -F ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: encrypt linux backup folder using gpg
On Wed, Nov 07, 2018 at 08:56:53AM +0530, Kaushal Shriyan wrote: > Thanks Francesco for the email. I have encrypted the file using my gpg key. > How > do i share the encrypted helloworld.gpg file to the recipients. For example > j...@example.com. Do I need to encrypt the file to the recipients id using > gpg pub key? Any examples to understand it better. Please comment. -r is for recipient! You should have the id/mail of your friend there! ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: encrypt linux backup folder using gpg
On Wed, Nov 07, 2018 at 08:10:48AM +0530, Kaushal Shriyan wrote: > Hi Francesco, > > Whom do i need to contact to correct the examples provided in manual page? I opened a bug in Debian yesterday (after replying to you), albeit with no patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913060 Let's hope it gets fixed soon! signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: encrypt linux backup folder using gpg
On Tue, Nov 06, 2018 at 05:32:40PM +0530, Kaushal Shriyan wrote: > [centos]# ls helloworld/ > check_cpu_perf.sh check_mem.pl jdk-8u162-linux-x64.rpm > [centos]# gpg-zip --encrypt --output hellogpg --gpg-args -r kaushal Ah, the example in the manual is wrong. This should work gpg-zip --encrypt --output hellogpg -r kaushal somefile.xyz ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: encrypt linux backup folder using gpg
Hello Kaushal, On Tue, Nov 06, 2018 at 11:25:47AM +0530, Kaushal Shriyan wrote: > I am using CentOS 7.5 Linux OS in my setup. I have compressed a folder > using tar utility tar czvf backupfolder.tar.gz backupfolder. Is there a way > to encrypt backupfolder.tar.gz using gpg? Are there any best practices to > use gpg application to encrypt the data. Any help will be highly > appreciated and i look forward to hearing from you. in Debian is there a small utility (`gpg-zip`, found in the `devscripts` package) which does just that. Maybe it's packaged in CentOS too! -F ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: a bunch of questions
On Fri, Nov 10, 2017 at 12:27:22AM -0500, charlie derr wrote: > I believe that the key I'm signing this message with is 2048 bits and > will expire next year. If I've got either of those details wrong, please > correct my error(s). [...] Hello Charlie, I see no expiration date on your key (4096, not 2048). Maybe *did* input an expiration date and then forgot to upload the key again to a key-server? A general word on expiry dates: you can always modify them as you go (that's what I do), they are not set in stone? So why are they useful? Because this way you can encourage your friends/workmates to refresh your keys every now and then, getting all the new subkeys/revocations/etc. Any reasonable client (I use mutt) should allow you to switch keys, but since the one you are using is 4096 (very strong!), if it is not compromised you could use this for the rest of your life. Does this address your questions? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: FAQ and GNU
Hello Robert, On Mon, Oct 09, 2017 at 10:06:17PM -0400, Robert J. Hansen wrote: > A request has been made that each instance of "Linux" in the FAQ be > replaced with "GNU/Linux". A request has been made by whom? > I'm not inclined to make this change. However, in order to make sure > that the FAQ reflects the community's wishes, I'm submitting the > proposal here for community feedback. > > If anyone has strong feelings on it one way or another, chime in. I would say it is a fair change. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Error verifying signature: Cannot verify message signature: Incorrect message format
On Mon, May 08, 2017 at 08:58:59AM -0500, Chris wrote: > I've noticed the above recently when I see a post from certain users > including myself in a couple of the Ubuntu mailing lists. I don't see > issues in other lists I'm on nor does it happen if I ask the sender of > the post to send me a signed private message. I also see this: > > Error verifying signature: parse error Hello Chris, more often than not mailing lists mangle messages in a subtle way, thus breaking the signature. At least that's what happened the last time I tried to verify a ML message. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: some beginner questions
Hello Will, I'll answer 1. 2. and 4. (3. is beyond my knowledge): On Sat, Apr 01, 2017 at 09:10:55AM -0500, Will Senn wrote: > 1. It seems that the keyservers never forget. In creating keypairs while > trying to figure this out every few years and then forgetting the > passwords or losing the private keys and revocation certificates (which > at the time, I didn't understand the ramifications of and was definitely > not careful enough), it seems like I've left a bit of litter out there. > Do I just move on and try not to do that in the future, or is there any > hope for cleaning up? You got it correctly, they indeed "never forget". Littering is something which many folks do from time to time (I think Phil Zimmermann himself, the creator of PGP, has an unrevoked/unrecoverable key in the servers). Just carry on and you will be fine! > 2. In everyday use, what is the norm for folks to publish their keys to > get other folks to use them? Do y'all put the fingerprint in your > emails, attach your signatures (I see some of you on this list do), put > the key on your social media, or what? There are a handful of options: fingerprint in the sig, mail headers (like `X-PGP-Key:`), advertising on social media or on your personal site. I chose the latter, but fingerprints/key IDs are so short they fit in a Twitter bio, so I'd say all are valid choices. If you advertise it to the "general public", maybe you want to link to a tutorial too, so people who have never used PGP can quickly learn how to send messages to you (that's what I did [1]). > 4. Is it safe to refer to my public key/fingerprint information as I did > in the previous question with output from gpg? Yep. [1] http://ariis.it/static/articles/1-2-3-PGP/page.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Renewing expired keys
On Sun, Jan 15, 2017 at 02:36:08PM -0500, Rick Nakroshis wrote: > Been a while since I used my GPG installation, and my keys have expired. > Looking at the docs, I see how to set up an initial set of keys, but how > about a follow-on set? Do I generate a new set with same email address, > and sign them with my expired key to show they come from the same person? > Not quite sure Suggestions/advice, please? Hello Rick, gpg --edit-key and then type `help`. You probably are looking for: expire change the expiration date for the key or selected subkeys signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPL license responsibility
On Wed, Aug 31, 2016 at 09:49:26AM +, Dimitrova Elena wrote: > I will not alter any part of the source code. In this case what are > my obligations under the GPL license? Hello, GPL obligations happen when you *distribute* software. In this case you are not (re)distributing GPG or any derivative from it, so no restriction/obligation applies to you! -F ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Attacks on encrypted communicxatiopn rising in Europe
On Wed, Aug 24, 2016 at 09:17:19AM -0400, Robert J. Hansen wrote: > > You can try - someone might have used a weak password, wrote it down > > somewhere or made another mistake. Or can be pressured into telling it > > (the famous $5 wrench comes to mind here). > > Wait, wait, wait. > > You're opposed to *any* kind of privacy circumvention... but you're okay > with torture? You're seriously advocating "swing a wrench at this guy's > knees and make him talk" as an alternative to any kind of circumvention > of a privacy technology? > > Johan, your position is morally incoherent. He is of course not advocating torture, he's merely listing possible exploits, referencing to xkcd #538. It's very difficult for me not to consider you a troll if you keep using these cheap rhetorical tricks. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Attacks on encrypted communicxatiopn rising in Europe
On Wed, Aug 24, 2016 at 04:42:34AM -0400, Robert J. Hansen wrote: > I'd shrug and point to my many public statements where I've supported > strong, non-backdoored privacy tools. If someone wants to accuse me of > being a government absolutist, that's on them. Then let me ask you how "I have supported strong, non-backdoored privacy tools" doesn't clash with: >3. If no, then how should we permit privacy tools to be >circumvented? @Johan Wevers: you might or might not be aware, but what you describe is the "Four Horseman of the Infocalypse" [1]. [1] https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalypse ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Attacks on encrypted communicxatiopn rising in Europe
On Tue, Aug 23, 2016 at 10:26:17PM -0400, Robert J. Hansen wrote:
> Some serious questions --
>
> 1. Are you a privacy absolutist?
> 2. If yes, why should we listen to you?
Privacy and its boundaries are a well debated (and well worth to be
debated) topic; keep in mind that any discussion that starts with
framing ("privacy absolutist" is political framing 101 -- would you
feel fairly treated if I described your views on the matter as, say,
"government absolutist"?) is bound to get pretty flamish pretty soon.
signature.asc
Description: Digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: 2 Q's
On Mon, Aug 15, 2016 at 06:33:47AM -0700, Daniel H. Werner wrote: > 2) What is the best way to automatically send my Public Key to message > recipients? Why not upload it to your site (if you have it) or to a keyserver? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Remove photos from OpenPGP key in the keyservers
On Tue, Mar 08, 2016 at 06:00:30PM +0100, Viktor Dick wrote: > I always wondered what would happen if someone uploaded something to the > keyservers where he has no permission to do so. An interesting presentation on the subjest is "Trolling the Web of Trust" [1] by Micah Lee. [1] https://github.com/micahflee/trollwot/blob/master/trollwot.pdf ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to prevent emacs from unencrypting my files
On Tue, Feb 23, 2016 at 06:27:51PM -1000, John Helly wrote: > Hi. > > I've just discovered that emacs can unencrypt my *.gpg files without > prompting for a password. IMHO this largely negates the purpose of > encrypting files in case I lose my laptop. > > What's the logic behind this? I know it's for convenience but can I > encrypt my files such they cannot be opened without a passphrase? > > Thanks. > J. Hello John, I suppose Emacs caches the passphrase somehow. Maybe/Probably this is done through gpg-agent: scan your gpg-agent config file for `default-cache-ttl`, set it appropriately and report back! -F signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What's the contextual definition of the term?... signature
On Wed, Jan 27, 2016 at 09:08:43PM -0500, Don Saklad wrote: > What's the contextual definition of the term?... signature > as this term is used for GNUpg Since you have only received (not so) funny answers: a signature, in PGP, serves more or less the same purpose of a handwritten one. Most of the time it will mean "I am the author of this (email|document| article)" but not always -- as with handwritten one it could be used within a contract, etc. If you have the public key of person A, you can verify with PGP his signature, so you will be sure the document you received has not been tampered with. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
