Moving from RSA to Ed25519
Hi, I was thinking about moving from rsa4096 to ed25519. I really do not want to lose all the signatures on my key. What I could do is add the ed25519 signature and encryption keys to my existing rsa key as subkeys, but I guess this will not improve security because my RSA signature key could still be used. From my understanding it is not possible to expire the primary key and keep subkeys. Did I get something wrong? If not, what is the smoothest thing to do to migrate? Cheers, Nik -- PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17 FD26 B79A 3C16 A0C4 F296 Dominik George · Mobil: +49-1520-1981389 Teckids e.V. · FrOSCon e.V. · OpenRheinRuhr e.V. Fellowship of the FSFE · Piratenpartei Deutschland Opencaching Deutschland e.V. · Debian Contributor LPIC-3 Linux Enterprise Professional (Security) signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Random Seed for Generating PGP Keys
Hi, I know that a CSPRNG is supposed to make this cryptographically secure Also, I may be wrong here -- it seems that CSPRNG sometimes refers to libgcrypt's Continuously Seeded and other times refers to Cryptographically Secure. Peace, community, justice, - George ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Random Seed for Generating PGP Keys
Hello, I'm interested in seeing if rather than relying on the built-in software to generate randomness when creating a PGP key, if it is possible to configure GnuPG to use a manually entered random seed. That way I could generate a seed using coins, dice, my magic cauldron, etc. Is this possible to do? How much entropy in a seed would I need? I also imagine that folks might say the software is very good at generating random numbers. Feel free to share more details why, e.g. how many bits of entropy are provided and how to make sure they're truly random. But it would still be helpful to know if the above customization is possible. Thank you! - George ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
key generation problems
Hi, I have CentOS 5.5 with gnupg 1.4.5. I am using the following command to generate the keys: echo LinuxMasters | /usr/bin/gpg --homedir /home/USER/.gnupg -e -a -r em...@domain.com /somefile The problem I am facing is that until today all the keys generated using this command had the same size of 1261 bytes and were working properly. Now when I do it the keys have the size of 912 bytes and no longer work. Absolutely nothing changed config related on the server. If I need to send you more info regarding my configs please tell me what and I will send. So my question is, why is this happening? Please help Thanks ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Updating a signature
Hi folks, I would like to updatea signature on a key, that is, add a sig-policy-url and change the verification level (turn a normal sig into a sig3, that is). Is this possible? If yes, how? Please CC me when replying as I am not (yet) subscribed to the list :). Thank you! Cheers, Nik -- PGP-Key: 0xEFDFEB57 Fingerprint: AC8D E64A 5552 2BF8 B0A7 5B53 064E 42A6 EFDF EB57 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
latest stable version of GnuPG that decrypts Adobe PDF files
Hello, Can anyone suggest the latest stable version of GnuPG that successfully does decryption for Adobe PDF files? And if so, are there installation instructions for that version? Thanks, George Reich Crown Americas, LLC Electronic Business (215) 856-5446 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Keyserver doesn't honour signature removal
== I think my last post went wild because the subscription process wasn't completed yet ... Hi list, due to dome issues, I have pretty many signatures on my key that I don't want (or need) anymore. I can remove them locally, but when sending the key to the keyserver afterwards, the changes are just ignored. Is it even possible to remove signatures from a key and distribute this change? Or am I doing something wrong? Regards, Nik signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keyserver doesn't honour signature removal
Hi John, that is, I can add anything I want to my key, but never remove it? Not even signatures? I understand that I cannot remove keys, but I think any changes that require my secret key would be ok :( ... -nik John W. Moore III schrieb: Dominik George wrote: Is it even possible to remove signatures from a key and distribute this change? Or am I doing something wrong? What lands on the Keyservers stays on the Keyservers, forever. :( This is due to the sharing/gossip nature of most Keyservers. There are 2 Keyservers I am aware of which do not share/gossip; Big Lumber PGP Global Directory. Of these 2 _only_ BL prevents anyone but the Key/Account Owner from 'changing' the listed Key. Listing Your Key at www.biglumber.com will allow You to display Your Key exactly as You desire it to appear and folks may be directed to retrieve it from there via a Comment line or a signature tagline. I am not aware of the ability to specify the Big Lumber listing in a 'Preferred Keyserver' flag. IMO, the benefits of having One's Key available via auto-retrieval outweighs the hassle of undesired Signatures and the 'baggage' of old/revoked UID's. YMMV JOHN ;) Timestamp: Sunday 12 Apr 2009, 08:00 --400 (Eastern Daylight Time) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Anti-Tempest Fonts, Where?
man gpg the above cmd mentions anti tempest fonts. what does this mean exactly? where are the anti-tempest fonts? i've searched the net for them and cannot find them. the only mention of soft tempest fonts were within a .zip containing image files claimed to be for example only. do tempest resistant fonts exist? Il mittente di questo messaggio|The sender address of this non corrisponde ad un utente |message is not related to a real reale ma all'indirizzo fittizio|person but to a fake address of an di un sistema anonimizzatore |anonymous system Per maggiori informazioni |For more info https://www.mixmaster.it ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Saving a gpg signed message as plain text from Evolution?
I've searched the archives and have found messages somewhat related to this, but nothing that actually helps. I'm using Evolution 1.4.5; it's old and I'd love to upgrade everything but that is not an option at this time. In the past I've saved what I gather are called in line signatures to a file and verified them with no problem. It never occurred to me that saving the multi part messages that Evolution creates when you sign one of your own messages would be a problem. The multi part messages are convenient, but if the only place that you can verify a specific message from is the email client that it was sent from (and the original recipient), it defeats a major purpose of digital signatures: proof of who sent it and that the message is unchanged. In a legal dispute the sender would look like a fool if he claimed it verified in the email program on his PC, but could not get it to verify anywhere else. The only other person who could verify the message, would be the person least likely to have any desire to assist. I've spent hours trying to get a signed message out of the sent folder of Evolution. Using a message with an in line signature as an example and gpg error messages, I've gotten to the point that gpg will try to verify it but it always verifies bad. That is not surprising since Evolution breaks very long URLs into 2 or three lines, converts copyright symbols to =C2=A9, adds =20 here and there (I think blanks at the end of a line), adds returns (^M) at the end of every line in the message area. Something I saw suggested this was part of the standard? I've fixed everything I could find and tried it with and without the returns and with and without spaces for =20 and all verify bad. Is there anything that I can do to get a signed email out of Evolution 1.4.5 as verifiable plain text. It's pretty important and any assistance would be much appreciated. I'm willing to do just about anything, include resend it to someone who has a client that will save it in a way that it can be verified. Privacy is not a concern, as I plan to post this email to my web site. But the second sentence says Please note that this is a digitally signed document, and legal notice . . . and it will look pretty dumb if I have to explain why it won't verify. In the future, I will prepare and sign important documents outside of Evolution, and paste them in when they're ready, if I can't find something better. George Shaffer -- For my GnuPG key ID and fingerprint see http://geodsoft.com/about/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
wildcard use in GnuPG
All, I am trying to use a wildcard, but the option doesn't seem to be allowed. I want to decrypt a whole folder of files daily, but the file names will change daily. I want to just do something like: gpg -d -o c:\ftpdropfolder\*.pgp c:\savefolder\ I have tried with and without Quotation marks, but it seems GnuPG doesn't support wildcards. Thoughts on solutions? I am trying to automate, so unattended decryption is what I am after. I saw batch decrypt, but it requires individual file names. I am using GnuPG v1.4.6 George ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
wildcard use in GnuPG
All, I am trying to use a wildcard, but the option doesn't seem to be allowed. I want to decrypt a whole folder of files daily, but the file names will change daily. I want to just do something like: gpg -d -o c:\ftpdropfolder\*.pgp c:\savefolder\ I have tried with and without Quotation marks, but it seems GnuPG doesn't support wildcards. Thoughts on solutions? I am trying to automate, so unattended decryption is what I am after. I saw batch decrypt, but it requires individual file names. I am using GnuPG v1.4.6 George ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to verify the file was successfully encrypted...
How about if you append a hash of the file to the file, and encrypt that too? Then have the remote machine do the trial decrypt-and-check-hash. If all is OK the remote machine can then tell the local one to delete the original; and if it's not OK, it can scream at you. Better than that, if you get GPG to sign the file when it encrypts it (using a passwordless key/subkey) and/or use the MDC option, you'll be able to do this more reliably... Wasn't the original poster looking for something which didn't require trusting one particular piece of software? If they're happy to go with gpg, or to use two different PGP implementations at the two ends, then sign+encrypt would indeed appear to cover it. (Of course, it's not quite true signing, in the sense that it's only there as a check against corruption, and the signing key will be visible on the source machine.) -- Dr George D M Ross, School of Informatics, University of Edinburgh Kings Buildings, Mayfield Road, Edinburgh, Scotland, EH9 3JZ Mail: [EMAIL PROTECTED] Voice: +44 131 650 5147 Fax: +44 131 667 7209 PGP: 1024D/AD758CC5 B91E D430 1E0D 5883 EF6A 426C B676 5C2B AD75 8CC5 pgpvmdXJWngTW.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to verify the file was successfully encrypted...
BTW, why are you encrypting these files anyway? If someone broke into your computer they could just steal the crypto key too. Excellent question! Truth be told, as soon as they are encrypted, they're being moved to another server in another location, and then are being burned to CD and moved to a safety deposit box. How about if you append a hash of the file to the file, and encrypt that too? Then have the remote machine do the trial decrypt-and-check-hash. If all is OK the remote machine can then tell the local one to delete the original; and if it's not OK, it can scream at you. -- Dr George D M Ross, School of Informatics, University of Edinburgh Kings Buildings, Mayfield Road, Edinburgh, Scotland, EH9 3JZ Mail: [EMAIL PROTECTED] Voice: +44 131 650 5147 Fax: +44 131 667 7209 PGP: 1024D/AD758CC5 B91E D430 1E0D 5883 EF6A 426C B676 5C2B AD75 8CC5 pgp9ydtfBXjOc.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
PET 2006: Call for Participation
Call for Participation 6th Workshop on Privacy Enhancing Technologies (PET 2006) Robinson College, Cambridge, United Kingdom June 28 - June 30, 2006 http://petworkshop.org/2006/ Special Events: * Keynote speaker: Susan Landau, Sun Microsystems Laboratories on The Missing Link, (Abstract at the end of the email.) * PET Award 2006 ceremony and reception at Microsoft Research, http://petworkshop.org/2006/award.html Co-located with: * The Fifth Workshop on the Economics of Information Security (WEIS 2006), 26-28 June, http://weis2006.econinfosec.org/ * IAVoSS Workshop On Trustworthy Elections (WOTE 2006) 29-30 June, http://www.win.tue.nl/~berry/wote2006/ Privacy and anonymity are increasingly important in the online world. Corporations, governments, and other organizations are realizing and exploiting their power to track users and their behavior, and restricting the ability to publish or retrieve documents. Approaches to not only protecting individuals and groups, but also companies and governments, from such profiling and censorship include decentralization, encryption, distributed trust, and automated policy disclosure. This 6th workshop addresses the design and realization of such privacy and anti-censorship services for the Internet and other communication networks by bringing together anonymity and privacy experts from around the world to discuss recent advances and new perspectives. Early registration by May 12 at: http://petworkshop.org/2006/petRegister.html Further local information on accommodation and travel is available on the PET workshop website (book accommodation early!): http://petworkshop.org/2006/petTravel.html Program Chairs: * Philippe Golle, PARC (Philippe.Golle at parc com) * George Danezis, K.U.Leuven (George.Danezis at esat kuleuven be) General Chair: * Richard Clayton, University of Cambridge (Richard.Clayton at cl cam ac uk) Research Program: (also at http://petworkshop.org/2006/program.html) Privacy and the real world * One Big File Is Not Enough: A Critical Evaluation of the Dominant Free-Space Sanitization Technique Simson Garfinkel and David Malan * Protecting Privacy with the MPEG-21 IPMP Framework Nicholas Paul Sheppard and Reihaneh Safavi-Naini * Privacy for Public Transportation Thomas S. Heydt-Benjamin, Hee-Jin Chae, Benessa Defend, and Kevin Fu * Privacy Rights Management - Taming Cellphone Cameras Mina Deng, Lothar Fritsch and Klaus Kursawe * Ignoring the Great Firewall of China Richard Clayton, Steven J. Murdoch and Robert N. M. Watson * I Know What You Did Last Summer: Self-Awareness, Imagined Communities,and Information Sharing in an Online Social Network Alessandro Acquisti and Ralph Gross Privacy policies * Enhancing Consumer Privacy in the Liberty Alliance Identity Federation and Web Services Frameworks Mansour Alsaleh and Carlisle Adams * Traceable and Automatic Compliance of Privacy Policies in Federated Digital Identity Management Anna C. Squicciarini, Abhilasha Bhargav-Spantzel, Alexei Czeskis and Elisa Bertino * Privacy Injector - Automated Privacy Enforcement through Aspects Chris Vanden Berghe and Matthias Schunter * A Systemic Approach to Automate Privacy Policy Enforcement in Enterprises Marco Casassa Mont and Robert Thyne Anonymous communications * Improving Sender Anonymity in a Structured Overlay with Imprecise Routing Giuseppe Ciaccio * Selectively Traceable Anonymity Luis von Ahn, Andrew Bortz, Nicholas Hopper and Kevin O'Neill * Valet Services: Improving Hidden Servers with a Personal Touch Lasse Øverlier and Paul Syverson * Blending different latency traffic with alpha-mixing Roger Dingledine, Andrei Serjantov and Paul Syverson Attacks: Traffic and Location analysis * Breaking the Collusion Detection Mechanism of MorphMix Parisa Tabriz and Nikita Borisov * Linking Anonymous Transactions: The Consistent View Attack Andreas Pashalidis and Bernd Meyer * Preserving User Location Privacy in Mobile Data Management Infrastructures Reynold Cheng, Yu Zhang, Elisa Bertino and Sunil Prabhakar * Location Access Effects on Trail Re-identification Bradley Malin and Edoardo Airoldi Private muti-party computation, authentication, and cryptography * Private Resource Pairing Joseph A. Calandrino and Alfred C. Weaver * On the Security of the Tor Authentication Protocol Ian Goldberg * Honest-Verifier Private Disjointness Testing without Random Oracles Susan Hohenberger and Stephen A. Weis * A Flexible Framework for Secret Handshakes Gene Tsudik and Shouhuai Xu * Optimal Key-Trees for Tree-Based Private Authentication Levente Buttyan, Tamas Holczer and Istvan Vajda * Simple