Re: Fix for smartcards on some newer linux distros
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/11/2013 04:35 AM, Werner Koch wrote: On Sun, 10 Mar 2013 01:10, k...@grant-olson.net said: P.S. Wonder if we can get a better error message since this really has nothing to do with unsupported certificates. Sorry, we can't do much here because gnome-keyring is hijacking the IPC between gpg and gpg-agent. Oh! That actually makes much more sense than what I was thinking. I thought it was taking over the reader device. - -- - - Grant http://www.rubygems-openpgp-ca.org/ Sign your gems. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (GNU/Linux) iQEcBAEBAgAGBQJRPdR1AAoJEP5F5V2hilTWdEoH/0zk20vL/jgoSENX8vgE4bt9 +confsbZ39mH3g/lZPk3BcCCD4bZ+/96kJ8sR7YUfJMY2NAQ3A5WFhJ5QFyiWYnB dzBaAZ7urnAiVMMRsBES8OKc65PwOGjbMUIcQ6HsF7/30jBGzo6IDsDk4vMlkJQE i5sKl0R8/L4D67q6E1FxVpA1gOoNXrwIzCyckvScKQsRO0MuyXHhc9ok4sVF3jgQ aAjmG2DbwHff09h2e2ZuvgRrbhyrwSSoW+FhiLwKUh4oZbkaJ7cRsrT2InNMDdHn 1rrW/0jz8BQzMF58mpFafl3hVyQ/c7Zcn0UIXdFjXkxs1ZUjVQ3xmv514dZ2hwk= =DgP9 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Fix for smartcards on some newer linux distros
I found a few threads going back at least a year where people where having trouble getting smartcards running with gpg2 on newer linux distros. Users would see this error when querying the card-status: gpg: selecting openpgp failed: Unsupported certificate gpg: OpenPGP card not available: Unsupported certificate I just ran into the error and spent a few days banging my head against the wall. But I got things working and thought I'd report here for the sake of the interwebz. ## Hack fix - disable gnome-keyring-daemon Just move gnome-keyring-daemon so it doesn't load: sudo mv /usr/bin/gnome-keyring-daemon /usr/bin/gnome-keyring-daemon.bak ## Better fix - enable-ssh-support After I had things running I setup gpg-agent to act as my ssh agent as well. Then I went to write a blog post and couldn't reproduce the problem to copy-and-past the output. Sure enough, after disabling ssh support in gpg-agent, the problem resurfaced. So that's a better fix that lets gnome-keyring-daemon run. I'm guessing that once you enable ssh support, gpg-agent grabs access to the smart card before the gnome-keyring-daemon. I wrote up a more detailed blog post here: http://www.rubygems-openpgp-ca.org/blog/using-openpgp-smartcard-on-ubuntu-12-10.html Hope this helps some other unfortunate souls. -Grant P.S. Wonder if we can get a better error message since this really has nothing to do with unsupported certificates. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PGP for zLinux
On 3/1/13 10:43 AM, gcal...@br.ibm.com wrote: Hi, I am currently using zLinux version 2.6.16.60. Which PGP version would you recomend for my OS? Many thanks in advance. Most linux distributions include gnupg by default. I don't know if this is the case with zLinux. Try this from the command line to see if it's installed: gpg --version -- Grant http://rubygems-openpgp-ca.org - Sign Your Gems. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is the option for Use this key anyway? (y/N) y
On 02/26/2013 07:02 AM, pradeep kumar wrote: Hi, I was trying to encrypt the file and it asking me this question to use this key anyway and after giving y then it is able to create to .aasdfsdf(ASIIC) file. *gpg -ea -r xxx -u xxx -o file.aasdfsdf file* But I want to pass this y key in the above command can you please help me which option is exactly used to pass this y value in single command rather it asking after running the above original command. If this is a key you use regularly, and you trust its authenticity, you can sign the key locally: gpg --lsign 0xDEADBEEF Then you won't get the prompt. -- Grant http://rubygems-openpgp-ca.org - Sign your gems. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Questions about OpenPGP best practices
On 2/25/13 5:54 PM, Peter Loshin wrote: 1. Don't use pgp.mit.edu. Which keyserver *should* be used? I assume that a pool is better than a particular server; is there one particular pool that is preferred? What about http://pool.sks-keyservers.net/? Yep, that's the one you want. 2. On keeping an encrypted backup of my secret key material, what method is recommended for doing that? (Presumably something like gpg --export-secret-keys | gpg --output secretkeymatter.gpg --symmetric?) If you are using a passphrase, your secret key will already be encrypted. I don't see any advantage to double-encrypting. -- Grant Confidential info? Please encrypt or send via: https://privacybox.de/grant.msg I am gravely disappointed. Again you have made me unleash my dogs of war. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Best way to catch INSECURE unverified sig status when shelling out to gpg?
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 On 02/09/2013 06:09 PM, Grant Olson wrote: What is the best way to check for this? I presume something like stdout.include?(INSECURE) is not localization friendly. Sorry INSECURE was actually from my test key. The actual text is of course WARNING. Just wanted to note that before I was corrected... - -- - -Grant Look around! Can you construct some sort of rudimentary lathe? -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAwAGBQJRFtffAAoJEP5F5V2hilTWwZgIALXvTbhHeZMlbHVYN5kqzrad c5zphOpAcT35u69fk7WOFRvY9+J6gM9gBNxDaLeqal9F8T86kIZbqADep3+lqXRV Iqumvw3EDzgvH18ndGQu+NDE+9vSDuPrKC1TJVDN2eFBQKUJ8irnU1jKtVYeyPDx uxKlyKP7AZLxM7v1J1LRl3bKrvgvdnwnQOU+0pATHqGr08kfE9+4kryCftRTDCNt jWBrw+K+/ToUisbemHTjU5I5BNXuzihbz+yQ+Bse/eyMikXbzEMGh4FOJzgQWqvb 3OMO8a65rU2aQB7PSKTQxdKd0ig2/TvPqU+pyqvAYHivmJcBtkCldcdbuyzPnn0= =0Qxo -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Best way to catch INSECURE unverified sig status when shelling out to gpg?
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 I'm currently writing a plugin that allows you to OpenPGP sign/verify ruby software packages: https://github.com/grant-olson/rubygems-openpgp Right now I'm just shelling out to gpg and checking the status code to determine success or failure. When I have an unverified but good signature I don't get an error code. What is the best way to check for this? I presume something like stdout.include?(INSECURE) is not localization friendly. Thanks, - -- - -Grant Look around! Can you construct some sort of rudimentary lathe? -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAwAGBQJRFtc4AAoJEP5F5V2hilTWCcwIAJoMsbwQ1GikobJD5vnnPwG9 +UmU5ZNKW6gNLDru28/a3VZNKgzdViaCHSfL8XNbm+CzioycImppQvMzliRwminT filk7KYwnBmMJLEq8Nt1tY93L9Bl+6lWdmDvDRzOyEYpv3iWB8uBd37CacodXiV3 tM3lM0m04A4E/+QDsZ+2tHMzrcuz2gcFPKUC6nh2LzT+0tfsVA1SWQb3Z+3jdvEN Dn+mE+NyazxgcTcF+syJiRFXza1nFDkQhdkiS4e6wFzvxqLmxJQfoH2Nj18zt6OM SjZDEmzafnrDl7qxQtCaABH2+cP/CvOLki93YV9nOEQ9nwRAkVy3I73/Iajmw1g= =+EnS -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Moving from openpgp card to cryptostick
On 2/9/12 4:46 AM, Klaus Layer wrote: I proceed exactly as described in the howto with my backup keys. But I always get the message gpg: secretkey already stored on a card Any idea how I can resolve this? I would suggest setting up the new card off of a temp keyring using the homedir option: mkdir newcard gpg --homedir newcard import backup.gpg gpg --homedir newcard --card-edit ... etc If that works, delete your private key from your real keyring and run --card-status to use the new card. -- Grant Confidential info? Please encrypt or send via: https://privacybox.de/grant.msg I am gravely disappointed. Again you have made me unleash my dogs of war. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Migrating to Smartcards
On 8/30/11 2:44 PM, Hauke Laging wrote: Am Dienstag, 30. August 2011, 17:54:32 schrieb Richard: Will that cause any problems in later GnuPG use as the cards' IDs are different? At least no serious ones. You will probably have to make gpg read the card content by --card-status or --card-edit. At worst you would have to delete the secret key before. I actually found this to be really annoying in day-to-day use when I tried to use two cards with the same key. gpg really wants you to have one card tied to one set of keys per computer. If you're only using one on the road, and one at home, I guess that wouldn't come up though. -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: a Question about Key Servers
On 8/24/11 11:47 AM, Mike Acker wrote: given that I have loaded my public key to a key-server ( e.g. keys.gnupg.net ) when i upload information to be merged into my keyblock (e.g. a new user ID, revocate certificate, or new expiration date ) what will cause other GPG users to refresh their copy of my key in their keyring? No. Users need to manually refresh their keys periodically to get changes. But people can be lazy about this. One way to force them to refresh is to have an expiration date that you bump up (for example) every year. Then after your key expires, they'll need to refresh and get any other changes as well. should I send them a notice? It depends. If you revoked the key because it's compromised, then you probably want to notify important contacts. If you add a new UID, for example your new work email, and an existing associate only contacts you on your personal email, things will keep on working even if they don't have the new UID. If the key expires on someone's local keyring, they'll need to re-fetch it to get updates. So you could probably do nothing Some people will refresh automatically when they see the key is expired. Others will tell you your key is expired, in which case you can tell them they need to refresh. -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Smartcard PIN may be shorter than passphrase?
On 8/23/11 12:43 PM, David Tomaschik wrote: So even a 4-digit PIN would ensure a less than 1% chance of guessing the PIN. (Assuming that the user does not select obvious pins like birthdates, anniversaries, etc.) At 8 digits, the probability becomes something like 6*10^-8, if I do the basic math correctly. Seems pretty secure. The minimum normal PIN is 6 characters, and the minimum admin PIN is 8. -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Including public key
On 7/27/2011 10:25 PM, Len Cooley wrote: Well, let me ask you this. Is it useful/useless/ridiculous/orwhat to attach your public key as a sig at the end of an email, such as below? Unless you're trying to keep your key 'off the grid' I'd just send the key to the keyservers. Then people who use OpenPGP will retrieve the key based on your email's signature. People who don't care will just ignore your sig, which will be smaller than your full public key. If you are trying to keep the key 'off the grid' then you don't want to include it as a generic signature either. In general, it's best to get the key from a different source than your signed email. If your signature and key are in the same email, an attacker could have forged both. They could in other circumstances as well, but it's less likely for someone to forge both a public key on the keyservers (or your personal website, or your business card, etc), and a signature on a forged email. They need to compromise two lines of defense. -- Grant signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Smartcards and readers
On 7/24/2011 5:57 PM, Robert J. Hansen wrote: I'm looking into picking up an OpenPGP smartcard and reader for an OS X system. The card itself can be picked up from KernelConcepts, but there seem to be an awful lot of different readers available. If anyone has any *direct experience* (not I heard from my friend's bowling partner that...) with different readers for OS X systems, I'd love to hear about them. Which ones work well, and which are best avoided? I've used both an SCR3310 and an SCR3500 without problems on OSX, as well as Windows and Linux. The SCR3500 has a nice form factor if you have a laptop, but I'm always afraid I'm going to accidentally smack it on something and break it. The SCR3310 is nice, but I wish there was a model with a six inch cord. -- Grant signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Aspects of trust
On 6/14/11 3:35 PM, Kerrick Staley wrote: OK, I think I understand: Validity and trust are separate, but GnuPG lumps validity and trust, for the sole purpose of signing others' keys together into a single value (which is one of unknown, never, marginal, full, and ultimate). One can imagine situations in which a key's owner is never trusted to sign others' keys, but one would still like to keep track of how valid the key itself is (unknown, marginal or full). However, such situations are corner cases, and GnuPG doesn't provide facilities for dealing with them. Is this correct? Thanks, Kerrick Staley No. It's two values. Validity is established by signing a key, or via web-of-trust calculations. Trust is a different value, which can be set through --edit-key, or by running gpg --update-trustdb If you sign a key, establishing validity, but don't give it at least marginal trust, it won't be used in your web-of-trust calculations. -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Temporarily remember passphrase?
On 5/19/2011 7:07 AM, Chris Poole wrote: Hi I often decrypt several files in quick succession (with a simple script). Is it possible to have gpg remember my passphrase, only very temporarily? (Perhaps for 10 seconds or so.) I've looked into gpg-agent, and tried using the --use-agent option with gpg, but I can't find much documentation on the matter, or even whether or not this is the best approach. Yes you want to use gpg-agent. What OS are you on? You might need to install gpg2 if you're on Linux or Mac. -- Grant signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Best practice for periodic key change?
On 5/10/2011 12:41 AM, Daniel Kahn Gillmor wrote: On 05/10/2011 12:32 AM, Jerome Baum wrote: Is that an implementation problem? i.e. is it possible to write an implementation that does distinguish, or is it technically impossible w/out processing the entire data on-card? As i understand the process, i think it would be necessary to pass all the data through the card in order to for the card to know which type of signature it was making. I know nothing of the details of how these cards are implemented, though. Maybe they do this already? it seems like performance would be problematic if you were signing something like a multi-MiB document, given the speed of most smartcards. Maybe one of the folks with experience implementing these devices can give more concrete details? --dkg I can confirm. The cards only get the hash and sign that. The trouble is the the smart cards are pretty dumb by modern standards. They don't actually know much about OpenPGP itself, they basically just do RSA signing, encryption, and decryption. gpg passes the minimal operations off to the card in very simple APDU commands. The smartcard spec itself doesn't even acknowledge the difference between a certification sig vs a normal sig. And even with a valid smart-card, you still need to retrieve the public key from the keyservers when setting up your card. The whole public key is just too much info to store on the card. This is pure speculation on my part, but now that the chip-cards aren't that powerful, and the even less powerful contact-less smart-cards are becoming more popular, I don't expect the standard to get much more sophisticated in the near future. Maybe ECC gets added in the new spec, but I can't see the stuff you guys are talking about hitting the 3.0 standard. -- Grant signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Best practice for periodic key change?
On 5/10/2011 1:10 AM, Jerome Baum wrote: On Tue, May 10, 2011 at 07:01, Grant Olson k...@grant-olson.net mailto:k...@grant-olson.net wrote: On 5/10/2011 12:41 AM, Daniel Kahn Gillmor wrote: Maybe one of the folks with experience implementing these devices can give more concrete details? I can confirm. The cards only get the hash and sign that. The trouble is the the smart cards are pretty dumb by modern standards. They don't actually know much about OpenPGP itself, they basically just do RSA signing, encryption, and decryption. gpg passes the minimal operations off to the card in very simple APDU commands. The smartcard spec itself doesn't even acknowledge the difference between a certification sig vs a normal sig. And even with a valid smart-card, you still need to retrieve the public key from the keyservers when setting up your card. The whole public key is just too much info to store on the card. This is pure speculation on my part, but now that the chip-cards aren't that powerful, and the even less powerful contact-less smart-cards are becoming more popular, I don't expect the standard to get much more sophisticated in the near future. Maybe ECC gets added in the new spec, but I can't see the stuff you guys are talking about hitting the 3.0 standard. So given that, I guess we could still distinguish between a master key signature and a sub-key signature, to conform w/ signature laws? e.g. an option for GnuPG: reject-subkey-signatures -- then an installation w/ this option set would validate only master key signatures, practically forbidding signing sub-keys. No need to change OpenPGP for this. The CA would then sign the master key that is generated on-card, and the certification just won't apply to the sub-keys. Does this solve the all signatures _must_ be generated on-card issue? I haven't been totally following this thread, but... The card itself only has one Signature key slot. If you generate this key on-board, that will be both the certification key and the signing key. If you migrate a signing sub-key, you'll still have an offline master key. The card itself doesn't know if you have a signing subkey or not. It just knows, This is the signing key I use. If you generate all keys on-card, you only have a master Certification/Signing key, along with (optionally) one encryption and one authentication key. If you didn't generate the keys on-card, and have an offline master key, the card itself won't know about it, but the certificate will still imply that the on-card signing key isn't the master key, since the card only allows one signing key and don't know the difference. But there's no way to prove that the keys were originally generated on-card, and weren't imported from a software private key where there was never a separate master certification key. I think a 'generated on card' flag is something that you could probably fit into the constraints of a smart-card spec, if this is all you need. But at least in the US, you'd probably need some sort of certification/approval process (like the NIST lab) to demonstrate to the government that you're actually setting this flag correctly. The same way PGP Corp software has some government approvals that gpg will never have. -- Grant signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Best practice for periodic key change?
On 5/10/2011 1:35 AM, Jerome Baum wrote: On Tue, May 10, 2011 at 07:30, Grant Olson k...@grant-olson.net mailto:k...@grant-olson.net wrote: But there's no way to prove that the keys were originally generated on-card, and weren't imported from a software private key where there was never a separate master certification key. AFAIK, the CAs over here will just supply a card. There is no question of whether the key is generated on-card or not -- the CA confirms this implicitly with their certification of this is a valid signing key per applicable signature laws. Okay, yeah, if the CA sets up the card, authenticates it with their signing key, and ships it to you, then there would never be a separate master key, no problem there. I get the feeling the card won't like it if you try to create a software signing key, but I'm not sure how that will work. I do have a spare card here if you want me to test this. -- Grant signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Best practice for periodic key change?
On 5/7/2011 7:54 AM, Hauke Laging wrote: Am Samstag, 7. Mai 2011, 04:33:17 schrieb Grant Olson: 1) I digitally sign a document saying I owe you money. The signing key has an expiration date. 2) Key expires. I do nothing. 3) The original document is invalidated. I no longer owe you money? Whether you owe me money does not depend on signing any documents in general. :-) Documents are usually just a proof. You can still claim that somebody owes you money but the document does not have the same legal value. What courts decide is another question... Yes, of course. But the fiscal authorities don't accept digital bills (probably the most frequent use of legally qualified signatures here) which are signed by expired keys only. You need a chain of signatures which prove that there was a non- expired signature at any point in time. For the same reason it makes sense to have digitally signed documents signed by another key (not just the document but the document together with the signature) at once when you get them. Because you cannot know whether and if a key will be revoked in the future. The moment it is revoked and you cannot prove the signatures being older than the revoke all signatures are dead. Okay, now I understand. It sounds like you're talking something like a digital notarization. That makes sense now. -- Grant signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Best practice for periodic key change?
On 5/7/2011 5:08 PM, Ingo Klöcker wrote: On Sunday 08 May 2011, Grant Olson wrote: === You seem to send messages from the future. ;-) That's funny. I wanted to make sure I wasn't lying before replying. A little later I was deploying code to some servers. After the update the interface said the servers were last updated two days ago. I was freaking out for about five minutes until I realized I changed my system clock. -- Grant signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Best practice for periodic key change?
On 5/6/11 4:48 PM, Jerome Baum wrote: On Fri, May 6, 2011 at 22:37, Doug Barton do...@dougbarton.us mailto:do...@dougbarton.us wrote: I don't understand this response. What I'm saying is that if the key is compromised, expiration dates become irrelevant. Up to a point. If my key expired yesterday, no-one can forge a message with that key and claim it's from today. Just being nit-picky... :) Doug is saying that if the key's been compromised, and not lost, Eve can create a new expiration date and push that to the keyservers. -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Fwd: Re: Best practice for periodic key change?
Meant to sent on-list... Original Message Subject: Re: Best practice for periodic key change? Date: Sun, 08 May 2011 16:39:34 -0400 From: Grant Olson k...@grant-olson.net To: Ingo Klöcker kloec...@kde.org On 5/6/11 3:48 PM, Ingo Klöcker wrote: On Thursday 05 May 2011, Hauke Laging wrote: What is the difference between these two options with respect to the point of confusion? Unless I'm missing something the difference is as follows: - With prolongation of the expiration time releases signed before the prolongation will keep having a valid signature. - If one creates a new subkey then releases signed with the old expired subkey(s) will have an invalid signature. One would have to re-sign the old releases with the new subkey. Nope. The old releases won't have an invalid sig as long as the sig was made before the expiration date. Expiring a key now doesn't invalidate a sig made yesterday. Gpg will print out a note saying the key is expired, but it's not as drastic as the error with a post-dated signature. -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Best practice for periodic key change?
On 5/6/2011 10:05 PM, Hauke Laging wrote: Several people have mentioned that a signature does not become invalid by expiration of the key. That is formally correct an describes the GnuPG behaviour. But with regard to content in such a case there has to be an additional proof that the signature has been made before the key expired. This is a formal rule in e.g. the German signature law. If you want to use legally accepted signatures for proving documents then you have to sign both the document and the old signature by a new key (i.e. one with a later expiration date) before the old key expires. I know nothing about German laws, but that just doesn't sound right to me. 1) I digitally sign a document saying I owe you money. The signing key has an expiration date. 2) Key expires. I do nothing. 3) The original document is invalidated. I no longer owe you money? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Best practice for periodic key change?
On 5/5/11 2:52 AM, Andreas Heinlein wrote: Hello, I hope you can give me some advice on the following problem: We have a OpenPGP key which we use for signing our software releases. That key should be changed yearly and carry an expiration date to enforce this change. However, for the signatures to be useful, the key has to be signed by quite a lot of well-known people and institutions, which means a considerable effort. If we just regenerate the whole key every year, we would have to get all these signatures again. I have a feeling that generating new subkeys might be a solution, but I have never worked with subkeys before, so I thought you could give me some advice what would be the best thing to do. Thanks, Andreas Some organizations create a master signing key, which is (supposedly) kept secure and usually off-line. That's used to sign the release keys. Then users sign the master key and/or see if the master key trusts the key used to sign the release. Like all the solutions proposed here, I have no idea how usable this strategy is for people who try to verify software packages, but only have a limited understanding of OpenPGP's trust model. -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Offline Master Key
On 5/2/11 12:13 PM, John Clizbe wrote: David Shaw wrote: There is/was a HOWTO document for this method of handling keys written at one point. I can't seem to find the link at the moment, but if someone has it handy, please do post it. Adrian von Bidder's How-To, http://fortytwo.ch/gpg/subkeys, comes to mind. It's linked on the GnuPG documentation How-To page, http://www.gnupg.org/documentation/howtos.en.html, but the actual page is 404. He was looking for someone to adopt the How-To back in 2006, but didn't receive a response on the list that I saw. Last crawl of the page at the WayBack Machine: http://replay.web.archive.org/20090609222126/http://fortytwo.ch/gpg/subkeys -John This link provides much more detailed instructions. Maybe this link can replace the fortytwo.ch page on the main site. http://tjl73.altervista.org/secure_keygen/en/index.html -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Passphrase
On 04/26/2011 06:38 PM, Stephen H. Dawson wrote: Hi, Dire need, hoping for help. I have my private and public keys, but you have neither the passphrase nor a revocation certificate. I need to revoke my published key. Can they recommend a bash script to discover the passphrase using brute force on the private key? If you're only worried about the revocation certificate, and not recovering encrypted documents, then not being able to revoke the key isn't the end of the world. There are plenty of dead keys floating around the keyservers. Issuing a revocation would be more critical if you thought the key had been compromised. But if the private key inaccessible to everyone, including you, I don't think there are any exploits you need to worry about. Just create a new key and let your contacts know about it. If someone sends something to your old key, just reply letting them know you don't have the key, and they need to encrypt to your new one in the future. (And of course take a little more care with your backups and revocation certificates this time around.) -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Gnupg-users Digest, Vol 91, Issue 30
On 4/19/11 3:17 PM, Mike Acker wrote: On 04/19/2011 14:35, gnupg-users-requ...@gnupg.org wrote: Maybe because, since this is the support list for GnuPG, we are all thinking more about how to protect an encrypted file than about how to protect a server account. relevance? what difference does it make if I am discussing a server logon or the password for a .zip? 3 strikes, you're out would be good on the server but for the .zip the delay after bad makes more sense if i delay responding to a bad password for 1 second the speed of your processor become irrelevant: you now need 1000 vm's to get to 1m tries/sec. and there's no real reason i wouldn't make it 10 sec after the 2d bad try, and then 30 min after the 3d -- like the Novell server used to do For an OS or some rpc call, a three strikes rule makes sense. An attacker is attacking from an outside system, you still have control of your system, and the login is a barrier between the two. But an encrypted file can be on the attacker's system. We could conceivably add a three-strikes option to gnupg, but since the OpenPGP standard is published and gnupg is open source, a malicious user could just write their own program that doesn't have a delay, or run a modified copy of gpg. It's the same with a zip file. You can't enforce the rule in any reliable way. -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: A better way to think about passwords
On 4/18/11 2:09 PM, Grant Olson wrote: On 4/18/11 1:02 PM, Mark H. Wood wrote: OTOH if there are any useful groupings in c2l4IHdvcmRzIGxvbmcuCg== they are not readily visible to me. My eye tends to slide right past it without taking anything in. This is why I tend to use something like APG to generate strings of nonsense *syllables*. If I can pretend it's a word, it's a lot easier for me to learn, because can I learn a handful of syllables instead of a long patternless jumble of individual characters. It engages auditory memory and can expose verbal handles for association. There are more than a few password managers and generators that do have the option to create pronounceable passwords like you're talking about. Gibberish, but where the consonants and vowels are arranged in a way where you can read it out loud: https://encrypted.google.com/search?hl=enq=pronounceable+password+generator DOH! Need more caffeine. I thought you were saying you wished APG had that feature. -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: A better way to think about passwords
On 4/18/11 1:02 PM, Mark H. Wood wrote: OTOH if there are any useful groupings in c2l4IHdvcmRzIGxvbmcuCg== they are not readily visible to me. My eye tends to slide right past it without taking anything in. This is why I tend to use something like APG to generate strings of nonsense *syllables*. If I can pretend it's a word, it's a lot easier for me to learn, because can I learn a handful of syllables instead of a long patternless jumble of individual characters. It engages auditory memory and can expose verbal handles for association. There are more than a few password managers and generators that do have the option to create pronounceable passwords like you're talking about. Gibberish, but where the consonants and vowels are arranged in a way where you can read it out loud: https://encrypted.google.com/search?hl=enq=pronounceable+password+generator -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: A better way to think about passwords
On 04/17/2011 06:58 PM, Robert J. Hansen wrote: Summary: A 3-word password (e.g., quick brown fox) is secure against cracking attempts for 2,537 years. I am giving a great big yuk to his methodology. There's no reference to the entropy of text, for instance. His example of a three common word password, this is fun, amounts to a total of 11 letters: this will be around 22 bits of entropy, or 4 million combinations. @ 100 attempts per second, that requires 40,000 seconds, or about 11 hours. He claims it'll take 2,357 years. Let's just say I'm skeptical. Also, look at his claims for a six-character common word. Okay, so this has at most 10 bits of entropy or so: any more and it wouldn't be common. 10 bits of entropy equals 1000 possibilities, @ 100 per second equals ten seconds to break it -- not the 3 minutes he claims. His math doesn't work. I call shenanigans on the entire thing. I think it's worth noting that the low entropy of english (you quoted 2.5 bits per char in another thread) isn't just an academic issue. Real password crackers actually do employ multiple strategies and passes in order of complexity. For example, starting with dictionary, then dictionary w/leetspeak, eventually brute force, etc. My other big gripe with this article is that it completely ignores the possibility of an offline attack against the hashes. It's assuming that the limiting factor is the number of times you can access a webpage. I've been goofing around with BitCoin this weekend, and my MacBook Pro is generating about 2 Million SHA256 hashes a second. -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: A better way to think about passwords
On 04/17/2011 07:39 PM, Grant Olson wrote: (you quoted 2.5 bits per char in another thread) Apologies, actually you didn't say this. You said, English text has in the neighborhood of 1.5 to 2.5 bits of entropy per glyph. Just correcting myself because I know how annoying it is to be misquoted. -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: A better way to think about passwords
On 04/17/2011 09:31 PM, Doug Barton wrote: I agree that the description of baekdal's use case is pretty limited, and his math may be optimistic. OTOH this page seems to cast doubt on the idea that even comparatively simple passwords can be cracked in very short time periods, and more importantly that length is more important than complexity in any case: http://blogs.mcafee.com/mcafee-labs/password-policy-length-vs-complexity On the other other hand, if passwords are so easy to crack, why use them at all? :) That's back-of-the-envelope math, based on having to resort to a brute force attack. If you're using English words, then ask yourself how many letters can follow the letter q. There's obviously only one, and that's u. Now those two characters that should have 26^2 possibilities according to the back-of-the-envelope math really only be 26^1 possibilities. Allow me to digress for a little bit. I've been reading a book on Game Theory. It explained the best possible strategy for winning rock-paper-scissors. If you don't already know the answer, take a second and try come up with an ideal strategy for the game. It turns out the perfect strategy is to make real random selections. If you do this, over time you'll end up with a 50% win rate against any opposing strategy. If you attempt to use any strategy other than that, your opponent can develop a counter-strategy that beats you. And then you can develop a counter-counter-strategy to beat them. And they can... Well it's like that scene in the Princess Bride where the villain analyzes the hero's strategy to determine which cup is poisoned. You can't win. Back to passwords. If you develop a completely random string consisting of nothing but a-z and a minimum length of 15, then yes it will take on average half the total time listed in that article to crack the password. And yes, that is better than the eight digit p@ssw0rd. But if you don't, and you use a dictionary word, or a dictionary word with l33t-sp34k, or two dictionary words, your opponent can develop a strategy that beats the average case brute force time. And your opponent actually does this now. The McAfee article conveniently ignores that the Cane Abel can do dictionary attacks, and it can do rainbow table lookups. Given how much I've seen the original article you posted in the last few weeks, I'm sure the people who write password crackers are coming up with multiple-dictionary-word strategies, assuming they haven't already. And the kicker is, even if they run through all of these strategies and must eventually fall back on a brute-force attack, it's not much more computationally expensive to do so. All these strategies might account for something like 1% of the total search space. They'll still ultimately get the totally random password in about the same average time, but they'll get many not-so-random passwords out of the way much much more quickly. The seventeen character imtoosexyformycar may be much much easier to hack than the seventeen character qkgfnroefdsoeyhzz depending on your opponent's strategy, and it may not, but it'll never be significantly slower. -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Signing a key (meaning)
On 4/11/11 4:18 AM, Jan Janka wrote: One reason we use GnuPG for is we think it is significant likeky there's a man in the middle attack or someone has access to email accounts he should not have. Given that, what benefit does one take from knowing my communication partner has access to a certain email account? The biggest benefit is that you can actually email the person. ;-) That's through, but WHY should anybody (even an attacker) place an email address in the ID over wich they have no control? The obvious example is the standard MITM attack. They don't have access to a person's inbox, but they intercept messages before it gets to their ISP's mail server, and re-encrypts it to the 'real' key. They still don't have control over the endpoint, they can't read, modify, or delete existing messages, but they can modify things in transit. Again, I think you can probably start with a different set of base assumptions when signing an associate's key and a stranger's key. And some people have reasons I can't even fathom: johnmudhead:~ grant$ gpg --keyserver pool.sks-keyservers.net --search-keys presid...@whitehouse.gov gpg: searching for presid...@whitehouse.gov from hkp server pool.sks-keyservers.net (1) Barak Obama (I'm the president) ob...@whitehouse.gov 2048 bit RSA key B110EE8F, created: 2010-12-09 (2) Barack Hussein Obama (DOD) presid...@whitehouse.gov 1024 bit DSA key 0B72EB0F, created: 2009-04-27 (3) BUsh the past coming... presid...@whitehouse.gov 1024 bit DSA key 6909AF98, created: 2008-10-27 (4) clinton_lewinsky presid...@whitehouse.gov 1024 bit DSA key AD3EE118, created: 2008-10-27 (5) ElPresi! (the president of the white house...) president@whitehouse.g 2048 bit RSA key 0BCC736D, created: 2008-10-26 (6) bushbushbushbushbush presid...@whitehouse.gov 1024 bit DSA key E3F0063A, created: 2008-02-10 (7) George Bush (I am a fag. I support the NWO.) presid...@whitehouse.gov 512 bit DSA key DE415F3C, created: 2008-01-26 (revoked) (8) abc presid...@whitehouse.gov 1024 bit DSA key CEBBC2C4, created: 2007-10-27 (9) BushBush presid...@whitehouse.gov 1024 bit DSA key 22A6F4D2, created: 2007-10-20 (10)John Kerry presid...@whitehouse.gov 1024 bit DSA key A5978876, created: 2004-09-21 (11)George Walker Bush (DOD) presid...@whitehouse.gov 1024 bit DSA key 0CB5C0BC, created: 2004-09-21 Keys 1-11 of 24 for presid...@whitehouse.gov. Enter number(s), N)ext, or Q)uit If you don't believe or know (to a reasonable degree) that a person has control of his email, then you can't communicate with them securely by email. At best, they never get the message and it's pointless. At worst, some hypothetical exploit by some hypothetical attacker compromises your communications. (Developing this hypothetical attack is left as an exercise to the reader...) Unfortunately I'm not able to develope such an attack, and think there is none of importance. Could you please help me? I personally don't think there is one. -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Signing a key (meaning)
On 4/11/11 6:34 PM, MFPA wrote: Unfortunately I'm not able to develope such an attack, and think there is none of importance. Could you please help me? I personally don't think there is one. You already mentioned the standard MITM attack. Isn't that one? I don't think it counts as the middle if you have access to the email account. If I've got your logon info, and I'm accessing your account that way, it's no longer invisible when I try to quickly delete the original message and throw up a fake replacement. You might see a message hit the inbox, get deleted, and see a similar one pop up from your mail client. And if you reply to the forged message, I can't stop that from going out into the world to trick the other party. -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Signing a key (meaning)
On 04/11/2011 07:09 PM, MFPA wrote: Hi On Monday 11 April 2011 at 11:49:10 PM, in mid:4da38566.4030...@grant-olson.net, Grant Olson wrote: I don't think it counts as the middle if you have access to the email account. If I've got your logon info, and I'm accessing your account that way, it's no longer invisible when I try to quickly delete the original message and throw up a fake replacement. You might see a message hit the inbox, get deleted, and see a similar one pop up from your mail client. And if you reply to the forged message, I can't stop that from going out into the world to trick the other party. That's all fair enough, but I still think the standard MITM attack is an example of some hypothetical exploit by some hypothetical attacker compromises your communications. Yes, of course. I was referring to the scenario somewhere in this thread where a malicious user has illegal access to your email account. For that case, I have a hard time conjuring up a reliable exploit where people are sending you stuff that gets to your inbox with the attacker's key, and you don't notice anything suspicious. -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Signing a key (meaning)
On 04/10/2011 02:48 PM, Jan Janka wrote: But my ponit is as follows: One reason we use GnuPG for is we think it is significant likeky there's a man in the middle attack or someone has access to email accounts he should not have. Given that, what benefit does one take from knowing my communication partner has access to a certain email account? I'm grateful for answers, Jan The biggest benefit is that you can actually email the person. ;-) If you don't believe or know (to a reasonable degree) that a person has control of his email, then you can't communicate with them securely by email. At best, they never get the message and it's pointless. At worst, some hypothetical exploit by some hypothetical attacker compromises your communications. (Developing this hypothetical attack is left as an exercise to the reader...) You could use something like pgpboard or a usenet group. You could fedex them a usb stick. You could use a carrier pigeon. In which case, yes, their email address is irrelevant for your purposes. But an overwhelming majority of people are going to prefer email to the alternatives. In the case of your friend, who you've already been communicating with, I don't think sending the signature to his email address performs any additional verification. But that's because you've already established a few conditions of key validity, not because you don't care if he controls an email account or not. You already have good reason to believe that: (1) you know his real world identity, because you know him in the real world. (2) He has control of the communication endpoint (the email address) because you've been emailing him back and forth. When those two conditions are already established, you only need to verify the fingerprint directly to establish there's not a MITM attack. I think the email check is more useful and perhaps even required for something like a key-signing party, where you've never engaged in email communications with this person before. You start off with everything about this person as an unknown. You need to (1) examine a government issued id to verify this persons real-world identity. (2) Get the fingerprint directly to demonstrate that he actually controls the key in question; he's not a MITM. (3) Send the info to the email tests that he actually controls the endpoint he claims to control. -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Is anyone using a SPR-332 smart card reader?
I've been having some trouble. Basically, gpg2 (from git's STABLE-BRANCH-2.0) will prompt for a pin, but even if I enter the right one the unit buzzes. Looking at the logs, they report that pin entry was canceled. Any time I try to search around, I end up at the same thread from 2006: http://www.gossamer-threads.com/lists/gnupg/users/39179?do=post_view_threaded#39179 Which implies there was a similar minor problem that would be fixed shortly. If I use gpg without gpg-agent, I get a prompt for the pin via the shell. not the pinpad, and then operations actually work. I thought this model was basically the same as the SPR-532 that Kernel Concepts sells, minus a serial port connector, so I'm really surprised that it isn't working. Just wondering if anyone has this reader, and if it's working for them, before I try some more in-depth diagnostics and debugging. -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Do not conflate key+userID certification with vouching [was: Re: How to verify the e-mail address when certifying OpenPGP User IDs]
On 4/8/11 2:00 PM, Daniel Kahn Gillmor wrote:
On 04/07/2011 09:37 PM, Grant Olson wrote:
Keep in mind that the web-of-trust isn't the mafia. If you 'vouch' for
someone and they turn out to be a rat, nobody's going to two bullets in
your chest, and one in your head.
Vouching for someone usually means that you think you can rely on the
person, and that you think they're somehow good, on our side,
trustworthy, etc.
Making an OpenPGP certification (keysigning) is *not* the same as
vouching for them. An OpenPGP certification is a simple assertion of
two things: {identity (which may include an address), and ownership of a
key}.
An OpenPGP certification says nothing about whether you think the
keyholder is a good person, whether you would trust them with your
children, whether they are a good software engineer, whether you would
vote them into public office if you happen to live in a democracy, or
even whether you are willing to rely on the OpenPGP certifications they
produce. [0]
We're on the same page here, although I probably made my point sloppily.
Two definitions of vouch:
1. Assert or confirm as a result of one's own experience that something
is true or accurately so described.
2. Confirm that someone is who they say they are or that they are of
good character: someone could vouch for him.
A sig is the first definition. Organized crime is the second.
Jan seems to be worried that if he signs a key, and Eve is somehow
illegally using an email or whatever, that his signature would add some
sort of credibility or trust measurement to Eve when she initiates her
Nigerian 411 scam. I was (sloppily) saying that the signature implies
no such thing.
You are free to assert these other qualities in many other ways, of
course. For example, I could write, sign, and publish a document that
says Alice al...@example.net has strong moral fiber. This sort of
vouching would be distinct from my certification of Alice's OpenPGP
key. Note that I am *not* saying that Alice's key has strong moral
fiber. My statement is vouching for *Alice*, not her key.
Like I said, if you want to do this, using certification levels and a
signing policy might be a less ad-hoc way of accomplishing this. (Not
that any clients currently do anything with that info.) And yes,
there's still a distinction between the acutal person and their key.
Like you say below, attaching various certification levels may actually
be undesirable and leak more personal info than some people want out there.
Keeping the semantics of keysigning restricted to a simple assertion of
identity and key ownership makes it possible to do reasoned inference
over a set of certifications, to establish (via intermediate parties,
such as mutual acquaintances) a level of reliable identity and
key-ownership between people (and other entities!) who have never
physically met. It also makes OpenPGP certification less fraught with
doubt or confusion, and it reduces the amount deep social relationships
published on the public keyservers. This is good.
--
Grant
I am gravely disappointed. Again you have made me unleash my dogs of war.
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: keys not available for signed messages in this maillist
On 4/8/11 2:50 PM, Bernhard Kleine wrote: I am quite sure that Grant Olson's key is on the keyserver, thus there is no matter of hiding it, as robert j.hansen suggested. however, i wonder why i can't retrieve it. gpg --search-keys A18A54D gpg: Suche nach A18A54D von hkp Server pool.sks-keyservers.net gpg: Schlüssel A18A54D am Schlüsselserver nicht gefunden i.d. search for A18A54D on hkp server .. key A18A54D not found at the keyserver. on the command line! on the interaction page of sks-keyservers.net the key cannot found either. Any help appreciated. Bernhard You missed the last digit of the key id: A18A54D6 You also need start that with 0x so it knows it's a hexadecimal key id. And you probably want to use my primary key. but either: gpg --search-keys 0xA18A54D6 or gpg --search-keys 0xE3B5806F Should work. -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to verify the e-mail address when certifying OpenPGP User IDs [was: Re: Signing a key (meaning)]
On 4/7/11 8:05 PM, Jan Janka wrote: Hi Daniel, thanks for the answer, but it seems to me with this procedure you only checkwhetherthe person has access to the email address, you don't check whether this access is illegal, don't you? Tace care, Jan Well, yes, but then you have to ask how OpenPGP protects against someone using a forged passport. Or more outlandishly, getting plastic surgery and using another person's real ID. At some point, technology can't solve the problem of authentication. In the case you proposed, you need to evaluate how much you trust Peter Hanssen in real life. If you've known him for years, it's unlikely he's just been waiting all this time to trick you into signing a key as part of some elaborate scam. Then again, if you've known him for years because you've been buying his counterfeit jeans, or he offered you $5000 dollars to buy your newborn baby, maybe you don't trust him and you don't sign the key. In the case of something like a key-signing party, (as Daniel described) you're really only confirming that (1) you've validated that they have something that you believe to be a valid government id, (2) You've validated their key's fingerprint in person, and (3) you've validated that they somehow control the attached email address. It is possible to assign different levels to your signature, so that you can distinguish between people you met at a software conference, and that guy who was your cellmate in that Turkish prison for 12 years. It's also possible to provide a link to an URL with your keysigning policy, where you can explicitly spell out the meaning of each level of certification to you. Keep in mind that the web-of-trust isn't the mafia. If you 'vouch' for someone and they turn out to be a rat, nobody's going to two bullets in your chest, and one in your head. Mistakes happen. You can always revoke your signature if you start to doubt the key's validity. You haven't made a mistake that will haunt you for the rest of your life. And if you're still worried about elaborate and obscure attack scenarios, then maybe the web-of-trust just isn't for you. This is perfectly fine. Just sign your real-life contact's keys with a local sig, which won't get exported to the keyservers. -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: No SmartCard Daemon
On 04/03/2011 07:24 AM, Paul R. wrote: gpg: OpenPGP card not available: No SmartCard daemon I searched my system for scdaemon, but it is not installed. Also, I checked my PATH environment variable to make sure that the PATH was properly configured. I guessed that, perhaps, scdaemon had been put into a package of its own. With this in mind, I searched my package manager for the words _scd_ and _scdaemon_. But the only thing that I found was a package called gnupg-pkcs11-scd. For some reason debian-based software includes scdaemon in the gpgsm package. Part of me feels like this is a bug in the packaging, but I don't know enough about debian packaging to file a bug report. That, or I'm too lazy... -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: No SmartCard Daemon
On 04/03/2011 03:05 PM, Grant Olson wrote: For some reason debian-based software includes scdaemon in the gpgsm package. Part of me feels like this is a bug in the packaging, but I don't know enough about debian packaging to file a bug report. That, or I'm too lazy... I decided to stop being lazy, but it looks like there's a 4 year old bug report that requests the exact thing I had in mind: Either move scdaemon somewhere else, or at least include its name in the description so people can find scdaemon via searches. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416129 -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Public keys on smartcard
On 4/1/11 3:51 AM, Astrakan wrote: Does anyone know the max storage capability of the v2.0 OpenPGP-cards? A few K? The v2 spec says they should support at least 2048k keys. The actual cards say they can handle up to 3072k. -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [PGPNET] Jerome
On 03/26/2011 02:16 PM, Lance W. Haverkamp wrote: On 03/26/2011 11:23 AM, Jerome Baum wrote: Werner Koch w...@gnupg.org writes: On Sat, 26 Mar 2011 16:50, jer...@jeromebaum.com said: summarize: gpg-agent seems to have problems handling thrown keyids. You mean the current development version? Quite possible; that is for what development versions are for. I don't know which version -- some guys in PGPNET are reporting this. For 2.0.x there can't be a problem because gpg-agent does not know anything about keyids because it is only used as a passphrase caching agent. Again, I don't know anything about this. As you can see in my original email (the part where I quoted myself), I use gpg1. Pretty simple: Receiving messages with GPG 2.0.14 (Ubuntu Maverick, via Mint Linux): When messages to multiple recipients have the key ID's thrown, gpg-agent (?) sequentially requests passwords for all secret key many, many, many times, but fails to decrypt with any key---even the correct one. Can you create an easy reproducible? Does something like this exhibit the same broken behavior on your system? grant@johnyaya:~$ echo foo | gpg2 --throw-keyids -r k...@grant-olson.net -r la...@thehaverkamps.net --encrypt --armor | gpg2 --decrypt - gpg: using character set `utf-8' gpg: armor: BEGIN PGP MESSAGE Version: GnuPG v2.0.18-git1226772 (GNU/Linux) :pubkey enc packet: version 3, algo 16, keyid data: [4095 bits] data: [4096 bits] gpg: armor header: gpg: public key is :pubkey enc packet: version 3, algo 1, keyid data: [2048 bits] gpg: public key is gpg: anonymous recipient; trying secret key 6A8F7CF6 ... gpg: okay, we are the anonymous recipient. gpg: public key encrypted data: good DEK :encrypted data packet: length: 63 mdc_method: 2 gpg: encrypted with ELG key, ID gpg: encrypted with RSA key, ID gpg: AES256 encrypted data :compressed packet: algo=2 :literal data packet: mode b (62), created 1301168561, name=, raw data: 4 bytes gpg: original file name='' foo gpg: decryption okay -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what are the sub keys
On 03/22/2011 05:22 PM, Jerome Baum wrote: Are you talking about the option of moving a key to a smart card? Because if I generate it on-card, I won't have the option of RSA-4096. And will average Joe really move his key to a smart card if he generated it off card? And does that actually make any sense considering it wasn't originally generated on-card? Plenty of people move existing keys to smart cards. Generating a key on-board is more secure, but then you're left dealing with two keys. The old software one, and the new smart card one. And if you've still got an old software key to deal with, then what's the benefit of a smart card anyway? And the new key doesn't have any of your existing signatures. -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what are the sub keys
On 03/22/2011 06:37 PM, Jerome Baum wrote: So, I move my key to a smart card to gain the illusion that it's more secure, while it practically isn't (at least not much more). Why wouldn't it be more secure? Before my key was encrypted but available on disk, and available unencrypted in system memory. Now it's on a specialized smart-card, completely inaccessible to the OS. History of my key. 1) Normal key for a few months. 2) Moved the primary key offline, only used subkeys on networked computers, and did that for a few more months. 3) Moved the subkeys to a dedicated smart card. Sure, I can't guarantee that the NSA or a Chinese Hacker didn't compromise my keys a year ago, but I'm still much more secure now than I was then. -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: 4096 bit keys
On 03/22/2011 06:06 PM, Jonathan Ely wrote: I really wish 8192 would become available. Not that it would be the end all/be all of key security but according to your theory it sounds much more difficult to crack. The actual cutting edge solution is to move from RSA to ECC. Even a 8192 bit or 16k bit RSA key isn't approved by the NSA or NIST for TOP SECRET materials, but ECC-521 is. ECC actually is up-and-running in the beta for gpg 2.1, but realistically it'll be (at least) a few years before it gets mainstream adoption. -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: 4096 bit keys
On 03/22/2011 07:29 PM, Robert J. Hansen wrote: On 3/22/2011 6:53 PM, Grant Olson wrote: The actual cutting edge solution is to move from RSA to ECC. Even a 8192 bit or 16k bit RSA key isn't approved by the NSA or NIST for TOP SECRET materials, but ECC-521 is. Do you have a cite for that? I know ECC is approved, but I've never been able to find confirmation one way or another that ECC is the *only* publicly-acknowledged asymmetric algorithm approved for TS. Any heads-up you could give would be appreciated. I suppose in the sense I can't prove a negative, I don't have a cite. There could be another recommendation out there, but I was going off of NSA Suite B. (Link and text follow.) It says that RSA 2048 bit keys can be used while transitioning to ECC, but for SECRET level only. It also says ECC-384 is good enough for TOP SECRET. I just mis-remembered that as ECC-521. http://www.nsa.gov/ia/programs/suiteb_cryptography/ AES with 128-bit keys provides adequate protection for classified information up to the SECRET level. Similarly, ECDH and ECDSA using the 256-bit prime modulus elliptic curve as specified in FIPS PUB 186-3 and SHA-256 provide adequate protection for classified information up to the SECRET level. During the transition to the use of elliptic curve cryptography in ECDH and ECDSA, DH, DSA and RSA can be used with a 2048-bit modulus to protect classified information up to the SECRET level. AES with 256-bit keys, Elliptic Curve Public Key Cryptography using the 384-bit prime modulus elliptic curve as specified in FIPS PUB 186-3 and SHA-384 are required to protect classified information at the TOP SECRET level. Since some products approved to protect classified information up to the TOP SECRET level will only contain algorithms with these parameters, algorithm interoperability between various products can only be guaranteed by having these parameters as options. -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: 4096 bit keys
On 03/22/2011 07:32 PM, Jonathan Ely wrote: What is ECC? Now I want that haha. Elliptic Curve Cryptography https://secure.wikimedia.org/wikipedia/en/wiki/Elliptic_curve_cryptography Since it isn't based on prime numbers, it 'scales' better than RSA or DSA, and keys of similar security levels are much smaller. -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: 4096 bit keys
On 03/22/2011 07:44 PM, Jerome Baum wrote: Grant Olson k...@grant-olson.net writes: ECC actually is up-and-running in the beta for gpg 2.1, but realistically it'll be (at least) a few years before it gets mainstream adoption. You loose any interoperability as it's not OpenPGP, right? It certainly isn't in the commercial PGP. That's why I said but realistically it'll be (at least) a few years before it gets mainstream adoption. ;-) Even if the draft standard got approved today, and both gpg and pgp corp had working production implementations, it'll be years before it gets to the point where you can assume random users will be able to support ECC. But if you just wanted to use it with your inner circle, be it an eco-terrorist cell or a fantasy football league, you actually could start using it today. -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: libgcrypt git repository
On 3/21/11 8:21 AM, Chris Ruff wrote: Is this an error on my part. I went to git pull on the latest trunk for gnupg and during configure discovered a newer libgcrypt (=1.5.0) libksba (=1.2.0) was needed. However a git pull resulted in the following error: $ git clone git://git.gnupg.org/libgcrypt/trunk libgcrypt Initialized empty Git repository in /path/to/libgcrypt/.git/ fatal: The remote end hung up unexpectedly $ git clone git://git.gnupg.org/libksba/trunk libksba Initialized empty Git repository in /path/to/libksba/.git/ fatal: The remote end hung up unexpectedly TIA Run the commands without '/trunk'. I'm guessing that's an artifact from the subversion command. git clone git://git.gnupg.org/libgcrypt libgcrypt git clone git://git.gnupg.org/libksba libksba -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Revoke signature from key
On 03/21/2011 04:18 PM, Daniel Kahn Gillmor wrote: On 03/21/2011 04:05 PM, David Shaw wrote: While the common usage for regular users is to sign based on checking identity, signatures can be just as well used as a token to indicate membership. For example, the PGP product has the concept of a Corporate Signing Key, which is used to sign employee keys to indicate they are genuine (and their keyserver can actually enforce this). They are not signing to say that Alice is Alice, they are signing to say that Alice is Alice, and works for Company X (i.e. they would not sign Alice's personal key). If I was going to do this with a group, like above, I'd probably make a special Group Signing Key to issue the membership signatures to avoid confusing my personal signatures with the group membership ones, though. If i was going to try to indicate more than a simple identity binding with an OpenPGP signature, i'd define an OpenPGP notation [0] and include the relevant subpacket in my signature. This way, the same signing key is capable of making identity certifications *and* identity+metadata certifications. But that doesn't provide any easy way for me to only trust your identity+metadata certifications, if, for example, I trust you to sign in your role for a company, but don't trust or care about your personally-issued sigs. Instead of signing your key, I need to manually inspect any and all keys that may have your signature. -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: deniability
On 03/21/2011 12:24 PM, Jerome Baum wrote: ved...@nym.hush.com ved...@nym.hush.com writes: [4] Post the encrypted file to a newsgroup like comp.pgp.test or other group that allows test postings. Yes, per above. But good idea to not use an anonymous group -- this way I can say I was testing stuff. If you want to get really paranoid, post to http://www.pgpboard.com/ via a TOR connection. That makes it difficult to show the message even originated from you. -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Revoke signature from key
On 03/21/2011 05:17 PM, Daniel Kahn Gillmor wrote: On 03/21/2011 04:51 PM, Grant Olson wrote: But that doesn't provide any easy way for me to only trust your identity+metadata certifications, if, for example, I trust you to sign in your role for a company, but don't trust or care about your personally-issued sigs. You are free to disregard any of my certifications you like. It would not be unreasonable of you to say i will disregard all certifications by dkg that lack a departm...@example.com notation. if that's what you're trying to do. Instead of signing your key, I need to manually inspect any and all keys that may have your signature. Why is this a manual process? You would not be inspecting the keys -- you'd be inspecting my signatures, which you have to do anyway (at least in order to cryptographically verify them). It's manual because now I can't just sign your key, let the WoT and gpg do it's job, and get on with my life. I need to manually run --list-sigs on any new keys. Regarding your other points, I don't have any semantic problems with what you're proposing, I just don't think it's a workable solution today. It seems like we're in agreement on that. -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keyservers
On 03/20/2011 04:31 PM, Ben McGinnes wrote: On 21/03/11 6:48 AM, Jonathan Ely wrote: I do not use the Gmail interface any more; I only use the Thunderbird client and typed the signature in the edit field found in the Tools | Account options | General dialogue. It always appears in the body, right under the point where I type. If this is the case it should not interfere with Enigmail or GnuPG, correct? That's right, for the sake of testing I'm including mine this time to be sure. Is your signature included as a separate text file or in the box provided? For reference, mine is a separate file which is read in every time I start a message or reply to one (but not when I forward a message). Thunderbird sigs work just fine in any configuration. If they don't, I'd consider that a bug in enigmail, and let them know on the enigmail list. -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keyservers
On 03/20/2011 05:16 PM, Jonathan Ely wrote: Really? For me, it is much easier to access the newest reply instead of using the Down Arrow key to find it. Gmail always worked the same way for me. Ingo's talking about the body of the message. Most mailing lists people reply after the question, so it's in context when you find a thread later, instead of before, at the top of the message. Arguably, when reading a message out of context, it's easier when most people see: QUESTION: What is the secret to life, the universe and everything? ANSWER: 42 Rather than: ANSWER: 42 QUESTION: What is the secret to life, the universe and everything? Which is what happens when you 'top-post' your answer at the top of the message. If it's hard to do compose an interleaved reply with your screen-reader, that's fine, but you will get people complaining about it every now and then. If it's easy, you probably want do to reply after people's comments, in context, instead of before, when you're on mailing lists. -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: KEYSERVER
On 03/20/2011 05:29 PM, Mike Acker wrote: On 03/20/2011 17:19, Jonathan Ely wrote: It can be complicated; it is for me since I am still new to this. I only ‘trust fully’ those keys who come from people who I think would not fake identity, or have no reason not to be trusted fully. Is it unwise to trust anybody's key fully even if you are confident they would never ‘spoof’ another's key? I never even thought of doing what you did; I just leave everything as ‘untrusted good signature’ unless if it is somebody with whom I am familiar. thanks for the note!! have you tried to download my signature from the server? it should work it ought to work... i agree with you on the trust matter. it's fun to experiment though-- and-- it's how we learn!! all i did was to simply delete your key from my keyring -- using the excellent pgp/key manager that is built into THUNDERBIRD. following that you go back to your original no key found condition and i can try another test but you are completely right: you have NO REASON to trust MY key -- unless somone YOU trust to VERIFY keys signs my key for you. this is what a Certificate Authority is supposed to do but to this date I remain concerned that most of the CA certificates in our browsers are just loaded there by someone-- i have no clue why i would think they are valid. thoughts? Hate to complain, but I'm only seeing one side of this conversation on the mailing list. I originally thought Mike posted the first message accidentally. Please keep it all on-list or all off-list, or it makes no sense to the rest of us. Thanks, -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: keyservers
On 03/19/2011 02:07 PM, MFPA wrote: Hi On Friday 18 March 2011 at 5:48:47 PM, in mid:4d839aff.6070...@grant-olson.net, Grant Olson wrote: Until then, I'll just use my favorite member of the sks pool: gingerbear.net. Is it your favourite because of the name? It's just the only name I actually remember. Not sure if it's because of the distinctiveness, or the repeated exposure via John's sig... -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: keyservers
On 3/17/11 10:57 PM, John Clizbe wrote: yeah, and keys.kfwebs.net, Kristian's keyserver which hosts the pool code, is also down. Still no word from him on sks-devel. Of course, he might not be able to get the mail if the server is offline. -John Some news is starting to pop up on sks-devel. I know you've seen all this, but for the sake of people who don't subscribe: + Kristian was out of town when things went down. + He's aware of the issue. Said it was a hardware problem, and he's expecting to have working hardware on Sunday. + He will be looking into more redundancy with slave dns servers in alternate locations. Until then, I'll just use my favorite member of the sks pool: gingerbear.net. -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: keyservers
On 3/17/11 4:43 PM, Andrew Long wrote: Anyone else having problems accessing pool.sks-keyservers.net? I've tried pointing nslookup at a couple of the root DNS name servers and get DOMAIN (not known) There were a few emails on sks-devel this morning. Apparently it is indeed down. http://lists.nongnu.org/archive/html/sks-devel/2011-03/msg00017.html -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: For Windows
On 03/13/2011 10:57 AM, Jerry wrote: On Sun, 13 Mar 2011 08:19:58 -0600 Aaron Toponce aaron.topo...@gmail.com articulated: On 03/13/2011 06:56 AM, Brad Rogers wrote: On Sun, 13 Mar 2011 06:05:12 -0600 Aaron Toponce aaron.topo...@gmail.com wrote: Hello Aaron, On 03/13/2011 05:42 AM, Jerry wrote: Actually, it is a fine example of users/MUAs not correctly formatting e-mail messages thereby forcing the use of a deprecated method. [citation required] See the way Outlook Express treats PGP sigs, and the messages to which they're attached. Are you implying that Outlook Express determines the support life cycle of OpenPGP standards? Outlook Express has been replaced by Windows Mail, an improved e‑mail program with enhancements such as junk e‑mail filtering and protection against phishing messages. I really don't want to get involved in this debate. The same one two weeks ago didn't change anyone's mind and this one won't either. But... Last time I tested, maybe a year ago, Windows Live Mail had the same weird behavior. It leads me to believe that it's just a re-branded version of outlook express. If we actually want to add some new content the MIME vs Inline debate this time, consider that the OP is blind and uses a screen reader. I've got a strong suspicion that PGP/Mime would play much more nicely with a screen reader or braille display than PGP/Inline. -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: For Windows
On 3/11/11 3:50 PM, Jonathan Ely wrote: Hello. I use Enigmail, so of course I have GnuPG installed. I use 1.4.9 because [1] I can not find an executable for 2.0.17 for Windows, and [2] I do not know how to configure the GPG-agent. Can somebody please assist me with upgrading to 2.0.17 and configuring the agent? For about a week I have been searching everywhere but found nothing. I did install GPG4WIN then uninstalled it because I could not figure out how to use the agent and the GPA utility is not screen reader accessible. Thanks in advance for your help. PS. I am blind and use a screen reader. Everything must be 100% keyboard accessible. Sorry, I don't have any windows boxes around right now, but did want to provide two notes. - GPG4WIN is the right package to install gpg2 on windows, so you've got the right installer. It's a shame GPA doesn't work with a screen reader. - The 1.4 branch is still supported and maintained in parallel with the 2.0 branch. If 1.4.9 is working for you, just stick with 1.4.9, or perhaps upgrade to 1.4.11. -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: This key may be unsafe
On 3/7/11 5:32 PM, Robert J. Hansen wrote: On 3/7/11 4:03 PM, Charly Avital wrote: Are keys whose length is equal or inferior to 1024 bits *unsafe*? A 1024-bit key is believed to be roughly comparable to an 80-bit symmetric key. I am comfortable saying this is a reasonable level of security for the next few years for people who are not worried about being targeted by people who can afford to drop a few million dollars on cryptanalysis. It is not a wise choice for long-term security, but I am not comfortable calling it unsafe for most users. Here's a case where the difference between and = is HUGE. gnupg 1.4 only switched the defaults from 1024 DSA/ElGamal to 2048 RSA/RSA in 1.4.10, which isn't even two years old. I still see plenty of boxes in the wild that only have 1.4.9, and not just those ones that are old and creaky and people are afraid to reboot for fear of an actual hardware failure. Like you said, I would avoid creating one that size now, but even just a year-and-a-half ago, your mantra of use the defaults unless you know what you're doing would have resulted in 1024 bit keys for most users. Meanwhile, warning about keys 1024 bit would be a little more practical, at least until ECC hits the standard. -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Question regarding shared keys
On 2/28/11 2:07 AM, Denise Schmid wrote: It depends on what you mean by a shared key. There is just giving a copy of the key to multiple people (in which case any one of them can use it), or there are various key splitting algorithms where a key is broken into a number of pieces, and a specified subset of those pieces can come together, reconstruct the key, and do whatever they need to do. It is the second. The OpenPGP standard (which specifies how different implementations can interoperate) does not really specify shared keys, beyond acknowledging that they exist. The PGP *implementation* of the standard, has a shared key feature in the break-the-key-into-multiple-pieces sense. This is what I meant. Does this mean that, if you want to encrypt a file, everybody has to use his/her key? The background of my question is that a company claims that one of their managers has forgotten the key and therefore, they can't decrypt some files. These files contain, of course, some evidence they should produce in a court case. Beside the fact that there seem to exist some ways to reconstruct keys, I ask myself if they didn't need the key to encrypt the files... Best David's talking about an advanced scenario. And maybe the company did do this, but I've got a feeling you might be over-thinking things. Normally, if you encrypt a file to four users, each user has their own key that's completely independent of the other users. If you're trying to see if the file was encrypted to another manager, who hopefully hasn't conveniently 'lost' his key, you can examine the encrypted file and get a list of the keys it's encrypted to. So for example, here you can see that even if I claim to have lost my key, David is another person who could decrypt the contents... johnmudhead:~ grant$ gpg -r k...@grant-olson.net -r ds...@jabberwocky.com --encrypt bar.txt File `bar.txt.gpg' exists. Overwrite? (y/N) y johnmudhead:~ grant$ gpg --list-packets bar.txt.gpg :pubkey enc packet: version 3, algo 1, keyid 1458BCCB6A8F7CF6 data: [2045 bits] :pubkey enc packet: version 3, algo 16, keyid AE2827D11643B926 data: [2047 bits] data: [2048 bits] :encrypted data packet: length: 70 mdc_method: 2 gpg: encrypted with 2048-bit ELG key, ID 1643B926, created 2002-01-28 David M. Shaw ds...@jabberwocky.com gpg: encrypted with 2048-bit RSA key, ID 6A8F7CF6, created 2010-01-11 Grant T. Olson (Personal email) k...@grant-olson.net :compressed packet: algo=2 :literal data packet: mode b (62), created 1298914148, name=bar.txt, raw data: 4 bytes -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: plateform supported ?
On 2/28/11 12:42 PM, Benjamin Donnachie wrote: On 28 Feb 2011, at 17:29, florent ainardi fainard...@gmail.com mailto:fainard...@gmail.com wrote: i have a simple question May I suggest that you consolidate all your queries into a single email? And perhaps invest 15-20 minutes giving the software a basic trial run. This document provides a good overview of the software: http://www.gnupg.org/gph/en/manual.html -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Security of the gpg private keyring?
On 2/28/11 7:09 PM, David Tomaschik wrote: On 02/28/2011 05:40 PM, MFPA wrote: I think key UIDs generally reveal more information than I am comfortable with. For example, why does your UID need to contain your email address in plain text rather than as a hash? Searching for that email address would need to return any keys that matched on the hashed version in addition to any keys that matched on the plaintext version. Somebody knowing the email address (or name or hostname) could find the key but mere inspection of the key UIDs would not reveal all its owner's names, email addresses, etc. I'm usually told such an option does not exist because it would serve no purpose and/or there would be no demand for it. While I understand your concerns, I think it would just be nice if the owner of a key could set a flag on it indicating that they did not want their key published to keyservers. Then privacy could be preserved with MUCH smaller changes to infrastructure. (Though, admittedly, it might require a change in the OpenPGP spec, which would actually be much larger.) David There actually is a 'keyserver no-modify' setting in the spec, and by default just about every key has it turned on. But to honor it the keyservers would have to do crypto. And after that it creates an issue with syncing. If I upload a key to pool1.sks-keyservers.net, and it tries to sync with pool2.sks-keyservers.net, how do you maintain the custody chain? Both problems are, as they say in engineering-speak, non-trivial. -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Security of the gpg private keyring?
On 2/28/11 7:09 PM, Daniel Kahn Gillmor wrote: On 02/28/2011 06:38 PM, David Shaw wrote: I think the problem here is the large size of the deployed infrastructure that expects user IDs to have email addresses in them combined with the relatively few people who are asking for this feature. To make this change, you'd have to have a keyserver that could search in that manner, plus client support to make the hashes when talking to the keyserver, etc. You'd have to handle the very-small-but-non-zero chance of a hash collision in the user ID, too. the folks in the monkeysphere project have put some thought and work into trying specify how this sort of thing should be approached. however, i'm not convinced that hashed user IDs saves much against even a moderately dedicated attacker, for the same reason that dan bernstein rightly points out the failure of NSEC3 to avoid zone enumeration: http://dnscurve.org/nsec3walker.html --dkg I was actually just thinking about monkeysphere with regards to this topic. You guys basically came up with a loose pretty-obvious standard for key names and wrote the tools from there. Ultimately, the keyservers don't care or need to know what a UID is at all. I think something similar could be done with hashed emails. Just some (non)standard like: hashed_uid://$SHA1_OF_EMAIL/$RIPEMD_OF_EMAIL But using something better than my obviously naive hash-collision prevention algorithm. If that could be agreed on, you could probably get a few mailing list regulars to add that ID in addition to their normal UIDs. From there start with a shell script that writes out a correct 'gpg --search-keys' request. Then on to more advanced things, like adding hashed_uid search to the default sks-keyserver pages, enigmail integration, etc. Really the only problem is that MFPA is stuck doing all the work until (if ever) the (non)standard starts to take off. And it's a lot of work. -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Security of the gpg private keyring?
On 02/28/2011 08:15 PM, Hauke Laging wrote: Am Dienstag 01 März 2011 01:32:05 schrieb Grant Olson: If I upload a key to pool1.sks-keyservers.net, and it tries to sync with pool2.sks-keyservers.net, how do you maintain the custody chain? Can you explain what custody chain means in this context? My simple thought about that is that one of the keys has a newer time stamp and that this one in synchronized and overwrites the older ones. So if I'm only going to accept keys authorized by the owner, I need to validate the owner. Instead just receiving the key: KEY = KEYSERVER-1 I now need to receive a signed copy of they key SIGNED(KEY) = KERSERVER-1 The keyserver would then to something like: 1. Temporarily import the KEY as a TEMPKEY. 2. Verify that TEMPKEY and SIGNATURE are the same user. 3. Verify TEMPKEY with SIGNATURE. 4. Upload verified TEMPKEY into the real database. So far not too bad, even if the current keyservers don't do any of this. But when it tries to sync with KEYSERVER-2, I no longer have SIGNED(KEY). So KEYSERVER-2 won't be able to perform the above algorithm. It cannot verify that KEYSERVER-1 obtained the key from the owner in the first place. You could store SIGNED(KEY) in your database, but then you end up performing the above algorithm millions of times when syncing, which will eat up a bunch of time. 10 seconds per key adds up quickly. You could say that you know KEYSERVER-1 did an initial verification, so you don't need to, but then a malicious or misconfigured peer could get bad data into your database. If you decide to stop peering with KEYSERVER-1, then how do you know which entries in your db are possibly compromised or invalid? Arguably a key owner could say they only wanted their key on gingerbear.net, not the whole sks-keyserver pool. Or more reasonably, that sks-keyservers shouldn't sync with PGP Corp, or gnupg.org, or hushmail, or whoever, since they didn't explicitly authorize it. The correct behavior here hasn't been specified anywhere. There are probably many more issues like that tucked away once you start to think seriously about implementing the feature properly. -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: hashed user IDs [was: Re: Security of the gpg private keyring?]
On 02/28/2011 08:54 PM, Daniel Kahn Gillmor wrote: On 02/28/2011 07:44 PM, Grant Olson wrote: You can pull a copy of a stalled/never-submitted Internet-Draft from here: git://lair.fifthhorseman.net/~dkg/openpgp-hashed-userids If anyone wants to push this further, please let me know. I'll take a look when I get some more time. To be honest though, I'm not particularly interested in the feature either. I was just trying to illustrate that MFPA could get something going without needing a new OpenPGP RFC, or without spending years of effort until he got tangible results. And if the (non)standard got got popular enough, tools, whether they be keyservers or mail clients or gnupg, would start to handle hashed userid lookups. Even just two simple script that wrap around gnupg, 'generate-hashed-userid' and 'retrieve-hashed-userid', would be a huge start. If that could be agreed on, you could probably get a few mailing list regulars to add that ID in addition to their normal UIDs. Having a hashed User ID alongside your non-hashed User ID provides no benefit at all (unless you consider confusing people trying to understand and/or certify your OpenPGP certificate a benefit). Yes, of course. I was just thinking of the initial implementation and testing phase. It'd be nice if MFPA could see that the tools work correctly, by seeing the 'before' and 'after' versions of UIDs, and without people having to maintain a separate secret key. I wouldn't mind testing to help out, but I'm not throwing away my current key anytime soon. -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Security of the gpg private keyring?
On 02/28/2011 09:08 PM, Robert J. Hansen wrote: There are probably many more issues like that tucked away once you start to think seriously about implementing the feature properly. There's a lot of stuff in the literature on this subject. This sort of behavior is usually called ORCON, for ORiginator CONtrolled -- referring usually to intelligence so sensitive the source controls who sees the intel and how it is used. The first paper I can find on this subject belongs to Graubert, On the Need for a Third Form of Access Control, _Proceedings of the 12th National Computer Security Conference_. It's worth reading. Thanks for the heads up. Looks interesting. -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG Card with ssh authentication problems
On 02/27/2011 11:40 AM, Werner Koch wrote: On Sun, 27 Feb 2011 06:43, br...@frogandbear.net said: I do find it a little odd that GnuPG's very own (and from the looks of it, old) documentation (1) lists the 3121 as a supported reader, along with several other outdated models. Sorry for that, the howto is a bit outdated. Omnikey based readers work well with keys 2048 bit. But the don't work with the others. Shalom-Salam, Werner If you want someone to cleanup and update the howto, I volunteer. I just need to know the name of the cvs project. 'card-howto' didn't seem to work. -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PGP/MIME considered harmful for mobile
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 02/27/2011 02:37 PM, Martin Gollowitzer wrote: * Robert J. Hansen r...@sixdemonbag.org [110227 20:28]: How about inline confuses users who don't know anything about OpenPGP? 1. Why are you sending them signed emails anyway? I sign *all* my e-mail except for messages sent from my mobile (in that case, my signature tells the receiver why the message is not signed and offers the receiver to request a signed proof of authenticity later) or messages to people who can't receive signed messages (I had a case where e-mails arrived empty because of the MS Exchange/Antivirus/whatever combination at the receivers working place). 2. And seeing strange MIME attachments doesn't confuse people? Less than strange text fragments at the head and the bottom of a message (Some people even think they are being spammed when they see inline PGP data), because an attachment without useful data will rather be ignored. Martin Hey guys, Both camps can argue all day and they're not going to change anyone's mind. Both standards are valid, one doesn't supersede the other, and if you're interested in OpenPGP, you're probably want to run a mail client that can handle both Inline and PGP/Mime messages. If your contacts aren't interested, they should at least be able to read your emails. Which takes us back to the start of this conversation. Apparently Robert's mail client on Android doesn't like PGP/MIME messages, and won't display the body of a PGP/MIME message. Several other people have said that the default mail client shows the message body just fine, and that alternate mail clients like K-9 do the same. Can we narrow down exactly when PGP/MIME is broken on droid phones? Maybe start a new thread where people report their results since this one is getting pretty big and has many side arguments? Subject Android PGP/Mime Test List whether or not your phone displays PGP/Mime messages, the model and manufacturer, droid version, email client and version? I do have a droid, but I don't use email on it. I'll fire up a test account and report back. I suppose if anyone wants to test on an iPhone, Blackberry, or other smartphone, that info would be handy as well. - -- - -Grant Look around! Can you construct some sort of rudimentary lathe? -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.18-gitcb2f55e (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCgAGBQJNaq07AAoJEP5F5V2hilTWgxUH/Az030ku4pq+w2pla3LYzElC 6xQNKvNnPplI1IWNXq9Sfi0yf910ti/Y/d+vJUPT5PehZ76gzFyAsHuN5+DX7hux /7gKzxIw+vaMaaZ4KTyieW5rkRgfEYlhDOfGjFo/GIzmXwyI4+wMqZGArdqfaZO/ Mxh7jpbVVrhgbUXZRle6EX7Mzh09M9iVP70sqTFY4ZJxkktvkCNAhBsfFuGvBgW/ dSRgC3QazJpsJrsY6y5ZkWtlBF4QopnMMbO2naG7MmlrfWb9SMvRKOBNAZ6B+MJX Kqnh+RlabokVAsy3DxHa308p1VhSamgGtPy8VBnNhbQOYDW1ASWtPHLspU+TkWg= =VPUx -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Android PGP/MIME test results
Provider: Boost Manufacturer: Motorola Model: I1 Droid version: 1.5 This phone has two mail applications by default, one called 'email' and another called 'gmail'. Both displayed PGP/MIME messages without any trouble. Neither verified sigs of course. I see no easy way to determine the version number of either of these apps. If anyone has tips on how I can get this info, let me know. -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PGP/MIME considered harmful for mobile
On 02/27/2011 10:22 PM, Ben McGinnes wrote: On 28/02/11 2:02 PM, David Shaw wrote: I'm not at all surprised that you had those results. A limited subset of people have support for OpenPGP signatures. A limited subset of those people actually verify signatures. A limited subset of those people actually pay attention to what those signatures say. And a limited subset of those will actually speak up. ;) Especially on a list where many people self-identify as newbies. I've been toying with the idea of expiring my key and seeing how long it takes for anyone to notice. In fact, I've just decided I will do this sometime in the next year. It'll be interesting to see how long it takes people to notice even after I've announced my intentions. If anyone remembers this conversation when I do this, please let me know my key is expired off-list, so we can collect more data than the first responder. -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Android PGP/MIME test results
On 02/27/2011 11:29 PM, David Shaw wrote: Not exactly Android, but FWIW, an iPod touch (which has the same mail program as an iPhone) displays PGP/MIME just fine (as in shows the mail - but doesn't verify the signature). David It's worth a lot. Since the rational behind this thread is buried in a long convoluted thread about PGP/MIME vs PGP/Inline, allow me to re-explain. I imagine some people got sick of that thread and are ignoring it. It seems Robert experienced the Outlook Express problem on his Droid, where a PGP/MIME message didn't get displayed properly on his phone, and instead showed a blank message. I just wanted to gague how severe the problem was, by getting feedback from various people's smartphones. So if you've got a smartphone, and you check your email on it, please do reply to this thread, letting me know: - The service provider - The make and model of the phone. - The droid version. - The email application(s) installed. - If said application(s) displayed the text of a PGP/MIME message so that you could read the message. - If said application(s) could verify a message. (The answer here is probably no, but it seems like at least one person said K-9 mail could verify PGP/MIME.) - Any other pertinent information. That'll help everyone gauge the severity of the problem and adjust their preferences accordingly. Thanks, -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PGP/MIME considered harmful for mobile
On 02/27/2011 11:48 PM, Ben McGinnes wrote: On 28/02/11 2:59 PM, Grant Olson wrote: I've been toying with the idea of expiring my key and seeing how long it takes for anyone to notice. In fact, I've just decided I will do this sometime in the next year. It'll be interesting to see how long it takes people to notice even after I've announced my intentions. Heh. Are you aiming for some kind of simultaneously expired and accepted key? Schrödinger's Key, if you will. Yep, basically I will set my key to expire one day later and push it to the keyservers. I will intentionally not retrieve the updated expiration on my machines and continue to sign as usual. And see how long it takes people to catch on. I've always wondered how many people would actually realize a key has been revoked after publishing a revcert to the keyservers. If could undo a revocation, I'd do that instead. But I think a expiration is a good enough simulation. It should cause people to raise some eyebrows if they're refreshing their keyrings regularly. I've already got a date picked out. You've been warned... ;-) -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: SCR3310 reader working for root, but not scard group
On 02/26/2011 07:45 PM, Todd A. Jacobs wrote: I have an SCR3310 card reader on an Ubuntu 10.10 system, and installed the drivers through the libccid package. This works out of the box for root, but mortal users can't access the card at all. I tried a lightly modified version of the scripts from http://www.gnupg.org/howtos/card-howto/en/smartcard-howto-single.html but without success. That doc is pretty out of date, at least regarding hardware configuration. You shouldn't need to do anything config-wise to get a CCID-enabled reader working these days. I've used my SCR3310 on Ubuntu 10.10 as well as 10.4 without any problems and without having to do any manual configuration. I do seem to remember that I had to install the gpgsm package. For some reason the smart card daemon program was bundled there. You might want to give that a try. (But I guess that'd only matter if you have 'use-agent' configured or are running gpg2 instead of gpg.) You also might want to make sure that root or another user didn't grab on to the reader and refuse to release the resources while you were testing, either by looking at your processes, or doing a good old-fashioned reboot. -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Smart Card Physical Best Practices?
On 02/26/2011 09:40 PM, David Tomaschik wrote: I've recently received my smart card, but was wondering what the best practices are, mainly from a physical standpoint. When I use it in my laptop reader, it sticks about 2 out of the side, and I have some concern about this (i.e., getting damaged by being pushed into something, etc.). I am using the Authentication key on it for SSH, and the normal signing encryption operations, so I suppose I need it when sending signed email and signing into a system. Do most people leave it in the computer most of the time, or just insert it as needed? This brings to mind: how many insertion cycles can these cards handle? Looking online, various smart cards are rated anywhere from 10,000 to 250,000 insertions. (At 10,000, as few as 10 insertions per day would net a 3 year lifetime.) I hope this all makes sense... I usually just leave it in until I leave the computer for lunch or a meeting or whatever. One thing I didn't realize at first, is that once you've unlocked either your encryption or authentication key, it will remain unlocked as long as the card is powered up, regardless of any password cache settings you've set in your gpg configuration. If that bothers you, but you don't want to keep yanking and inserting the smartcard, you can kill the scdaemon process and it'll effectively 'unplug' your card. I'm pretty sure there's an easier command to do this too, but I can't remember it off-hand. But I personally just assume I'll notice the blinking activity light on my reader if some malware script or something weird tries to run gpg commands while the card is activated. -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: SCR3310 reader working for root, but not scard group
On 02/26/2011 08:52 PM, David Tomaschik wrote: I have a 3310 and with pcscd, I haven't even found the need to use the scard group. I have found that occasionally I have to restart scdaemon in order to get new readers/cards recognized. I haven't narrowed it down specifically yet. (I just got my readers cards Thursday/Friday.) If you issue a smartcard related command before the reader is plugged in, or unplug the reader and replug after scdaemon is running, the process will lock up and you need to kill it. There is a fix for this in the git repository, but won't be available otherwise until the 2.0.19 release, whenever that happens. -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG Card with ssh authentication problems
On 02/26/2011 11:51 PM, Brady Young wrote: Thought I would update and say I finally got this working correctly. Apparently with the Omnikey Cardman 3121, the vendor drivers *must* be used. Once those were installed, and daemons restarted, ssh-add -l had no problem grabbing the key off the card. Regardless, I hope my documentation is helpful to someone in the future who may struggle to get this feature. The exact same issue came up a month ago: http://www.gossamer-threads.com/lists/gnupg/users/53031#53031 Maybe this is worth a FAQ entry on the website. -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help with OpenPGP plugin in Mozilla Thunderbird and Claws Mail
On 2/15/11 8:38 AM, AgoristTeen1994 wrote: Okay thanks for the help though I'm still somewhat confused...I understand that they key id is the entire keypair, but then how do I found out what is just my public key, and just my secret key, the reason Im asking is that if I want to give my public key to someone, then I apparently give the entire keyid since that has my secret key too..or am I wrong on that and I can give them the entire keyid? Thanks again and have a nice day. In my opinion, the easiest way is to: 1) Send your key to a keyserver like pool.sks-keyservers.net. Rest assured this only sends the public part of your key. (In Thunderbird/Enigmail you do this by going to OpenPGP - Key Management - Right clicking on your key - Upload public keys to keyservers) 2) Send a signed email to the person you want to correspond with. That person can then import the key and verify the signature. And once they have your key they can encrypt to you. If you don't want to send your keys to the keyserver, you can email them a copy of the key. (In Enigmail you do this by going to OpenPGP - Key Management - Right clicking on your key - Send public keys by email.) If you want to test everything out, there is a robot email address at adele...@gnupp.de . If you try to send that your public key, it well tell you if you did everything right or not, and suggest some next steps to continue testing. -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
How do I import an X.509 Certificate onto an OpenPGP smartcard?
In both the product description for the OpenPGP V2.0 card and the spec itself there is some discussion of a Cardholder Certificate Data Object in the V2.0 cards. I've got one of those free X.509 email certificate from Comodo, and was attempting to upload it to the card. I can import the .p12 file into gpgsm, but then it resides in a file under .gnupg. Firstly, can I actually import a certificate like this onto the card? Or do I simply misunderstand the specs? Secondly, is there a command somewhere in gpg/gpgsm/gpg* to do this, or is it specified and implemented on the OpenPGP card only at this point in time? Thirdly, the SCUTE docs start by generating a certificate request from your OpenPGP authentication key. In this scenario, are you just using the Same RSA key for both your OpenPGP and X509 certificates? Does the certificate imported into gpgsm just contain the public key and the CA's signature and somehow defer operations to the card? -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg --check-sigs should indicate if a signature is made by a revoked/compromised key
On 2/9/11 3:00 PM, Daniel Kahn Gillmor wrote: gpg --check-sigs produces information about whether a certification was revoked, but not whether the certification was made by a key which itself was revoked. The man page does say that this is intentionally not done for performance reasons: --check-sigs Same as --list-sigs, but the signatures are verified. Note that for performance reasons the revocation status of a signing key is not shown. This command has the same effect as using --list- keys with --with-sig-check. Consider this scenario: Alice has key A, and Bob has key B. Alice's key gets compromised by Mallory. Alice notices the compromise, and revokes her key, indicating that it was compromised. Mallory makes a new key, M, attaches Bob's user ID to it, and makes a certification over (Bob,M) with key A. Charles knows Alice, and wants to communicate with Bob. He fetches key M, and runs gpg --check-sigs Bob, which shows Alice's signature. The output of --check-sigs shows no warning that A has been revoked (marked compromised). Maybe gpg should emit the same X that it currently emits for revoked certifications as it does for certifications made from revoked (or at least revoked-due-to-compromise) keys? But shouldn't a user let the trust calculations do their magic and break the WoT to Bob's key once Alice's key has been revoked? Before the key was valid because Alice had full trust, now it's unvalidated because Alice's key is revoked. It seems like this attack only works if you ignore the WoT and explicitly start signing keys X-degrees-of-separation away without proper verification. (Not that I'm saying I can't conceive of real people doing this.) -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problems to migrate keys between two windows pcs
On 2/7/11 2:59 AM, Kraus, Daniel wrote: I try to give a résumé: I exported my whole keyring (all public and private keys) from the old version and imported it into my new version apperently succesfull. I'm able to encrypt a file with the public key of one of our partners and they are able to decrypt them. But if I'm try to decrypt a encrypted file from our partner, I get the error message above. Same behavior when I enxrypt a file and try to decrypt this one directly. Is there any mistake I oversee? My guess is that you didn't actually import the secret keys. That would affect your ability to decrypt, but of course the secret key isn't required to encrypt. If you run 'gpg --list-secret-keys' on the new machine, does it show the keys you need? If that is the problem, you could either run something like gpg --export-secret-keys secret.keys on the original machine and import the generated file on the new machine, or copy over secring.gpg. If you have the secret key, maybe double-check the trust level for the secret key. That should be set to ultimate. -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: IPC call failed
On 02/04/2011 05:49 PM, Justin Teaw wrote: Does anyone have a solution for this problem? Do you know what socket the gpg-agent is using? What OS? What version of gnupg? What commands are you trying to run? How are you trying to run them: batch file, command line, program like enigmail, somethign else? Have you verified that gpg-agent is actually running? Etc. -- -Grant Look around! Can you construct some sort of rudimentary lathe? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Did I just fry my smartcard?
On 01/30/2011 06:03 AM, Werner Koch wrote: On Sat, 29 Jan 2011 19:54, k...@grant-olson.net said: gpg: detected reader `SCM SCR 3310 [CCID Interface] 00 00' gpg: pcsc_connect failed: sharing violation (0x801b) Another process has locked the reader. Most likely this is either a gpg 1 or an scdaemon. DOH! I think it was gpg-agent. If I use gpg2 I get these results: grant@johnyaya:~$ gpg2 --card-status gpg: OpenPGP card not available: Not supported grant@johnyaya:~$ gpg2 --card-edit gpg: OpenPGP card not available: Not supported gpg/card gpg: OpenPGP card not available: Not supported grant@johnsmallberries:~$ gpg-connect-agent scd apdu 00 44 00 00 ERR 100663351 Invalid value SCD Same reason as above; just different error messages. Figure out which process has locked the reader and kill it. Then try again. You should also add the options debug-ccid-driver debug 2048 log-file /foo/bar/scdaemon.log to ~/.gnupg/scdaemon.log . With those options enabled, I tried issuing the reset codes. First time it complained because no card was inserted. Second time it complained because it couldn't find a supported application on the card. I'm not sure if that message is normal when the card is in admin-lockout mode, or if it indicates there are more serious prolems with the card. grant@johnyaya:~$ gpg-connect-agent scd apdu 00 e6 00 00 ERR 100663406 Card removed SCD scd apdu 00 44 00 00 ERR 100663406 Card removed SCD scd serialno ERR 100663351 Invalid value SCD scd apdu 00 e6 00 00 ERR 100663351 Invalid value SCD scd apdu 00 44 00 00 ERR 100663351 Invalid value SCD 5 - 2011-01-30 11:12:40 scdaemon[3871]: updating slot 0 status: 0x0007-0x0004 (7-8) 5 - 2011-01-30 11:12:40 scdaemon[3871]: sending signal 12 to client 3871 5 - 2011-01-30 11:12:42 scdaemon[3871]: updating slot 0 status: 0x0004-0x0007 (8-9) 5 - 2011-01-30 11:12:42 scdaemon[3871]: sending signal 12 to client 3871 4 - 2011-01-30 11:12:50 gpg-agent[3716]: chan_7 - scd apdu 00 e6 00 00 4 - 2011-01-30 11:12:50 gpg-agent[3716]: new connection to SCdaemon established (reusing) 4 - 2011-01-30 11:12:50 gpg-agent[3716]: chan_9 - apdu 00 e6 00 00 5 - 2011-01-30 11:12:50 scdaemon[3871]: chan_7 - apdu 00 e6 00 00 5 - 2011-01-30 11:12:50 scdaemon[3871]: chan_7 - ERR 100663406 Card removed SCD 4 - 2011-01-30 11:12:50 gpg-agent[3716]: chan_9 - ERR 100663406 Card removed SCD 4 - 2011-01-30 11:12:50 gpg-agent[3716]: chan_7 - ERR 100663406 Card removed SCD 4 - 2011-01-30 11:12:56 gpg-agent[3716]: chan_7 - scd apdu 00 44 00 00 4 - 2011-01-30 11:12:56 gpg-agent[3716]: chan_9 - apdu 00 44 00 00 5 - 2011-01-30 11:12:56 scdaemon[3871]: chan_7 - apdu 00 44 00 00 5 - 2011-01-30 11:12:56 scdaemon[3871]: chan_7 - ERR 100663406 Card removed SCD 4 - 2011-01-30 11:12:56 gpg-agent[3716]: chan_9 - ERR 100663406 Card removed SCD 4 - 2011-01-30 11:12:56 gpg-agent[3716]: chan_7 - ERR 100663406 Card removed SCD 4 - 2011-01-30 11:13:01 gpg-agent[3716]: chan_7 - scd serialno 4 - 2011-01-30 11:13:01 gpg-agent[3716]: chan_9 - serialno 5 - 2011-01-30 11:13:01 scdaemon[3871]: chan_7 - serialno 5 - 2011-01-30 11:13:01 scdaemon[3871]: no supported card application found: Invalid value 5 - 2011-01-30 11:13:01 scdaemon[3871]: chan_7 - ERR 100663351 Invalid value SCD 4 - 2011-01-30 11:13:01 gpg-agent[3716]: chan_9 - ERR 100663351 Invalid value SCD 4 - 2011-01-30 11:13:01 gpg-agent[3716]: chan_7 - ERR 100663351 Invalid value SCD 4 - 2011-01-30 11:13:09 gpg-agent[3716]: chan_7 - scd apdu 00 e6 00 00 4 - 2011-01-30 11:13:09 gpg-agent[3716]: chan_9 - apdu 00 e6 00 00 5 - 2011-01-30 11:13:09 scdaemon[3871]: chan_7 - apdu 00 e6 00 00 5 - 2011-01-30 11:13:09 scdaemon[3871]: no supported card application found: Invalid value 5 - 2011-01-30 11:13:09 scdaemon[3871]: chan_7 - ERR 100663351 Invalid value SCD 4 - 2011-01-30 11:13:09 gpg-agent[3716]: chan_9 - ERR 100663351 Invalid value SCD 4 - 2011-01-30 11:13:09 gpg-agent[3716]: chan_7 - ERR 100663351 Invalid value SCD 4 - 2011-01-30 11:13:13 gpg-agent[3716]: chan_7 - scd apdu 00 44 00 00 4 - 2011-01-30 11:13:13 gpg-agent[3716]: chan_9 - apdu 00 44 00 00 5 - 2011-01-30 11:13:13 scdaemon[3871]: chan_7 - apdu 00 44 00 00 5 - 2011-01-30 11:13:13 scdaemon[3871]: no supported card application found: Invalid value 5 - 2011-01-30 11:13:13 scdaemon[3871]: chan_7 - ERR 100663351 Invalid value SCD 4 - 2011-01-30 11:13:13 gpg-agent[3716]: chan_9 - ERR 100663351 Invalid value SCD 4 - 2011-01-30 11:13:13 gpg-agent[3716]: chan_7 - ERR 100663351 Invalid value SCD 4 - 2011-01-30 11:13:15 gpg-agent[3716]: chan_7 - [eof] 4 - 2011-01-30 11:13:15 gpg-agent[3716]: chan_9 - RESTART 5 - 2011-01-30 11:13:15 scdaemon[3871]: chan_7 - RESTART 5 - 2011-01-30 11:13:15 scdaemon[3871]: chan_7 - OK 4 - 2011-01-30 11:13:15 gpg-agent[3716]: chan_9 - OK 4 - 2011-01-30 11:13:15 gpg-agent[3716]: handler 0x9c50a38 for fd 7 terminated signature.asc Description:
Re: Did I just fry my smartcard?
On 01/30/2011 11:18 AM, Grant Olson wrote: With those options enabled, I tried issuing the reset codes. First time it complained because no card was inserted. Second time it complained because it couldn't find a supported application on the card. I'm not sure if that message is normal when the card is in admin-lockout mode, or if it indicates there are more serious prolems with the card. grant@johnyaya:~$ gpg-connect-agent scd apdu 00 e6 00 00 ERR 100663406 Card removed SCD scd apdu 00 44 00 00 ERR 100663406 Card removed SCD scd serialno ERR 100663351 Invalid value SCD scd apdu 00 e6 00 00 ERR 100663351 Invalid value SCD scd apdu 00 44 00 00 ERR 100663351 Invalid value SCD ... Okay, I solved the problem. I'm just describing what I did for the sake of the archives and future generations... Numerous attempts to get the serial number of the card or issue reset commands via gpg-connect-agent failed, on different computers, different OS'es, etc. I downloaded the debian package pcsc-tools. Surprisingly, the command 'pcsc_scan' picked up on the fact that I had an OpenPGP card right away, despite gpg-agent and gpg2 --card-status failures to recognize the card. From there I tried the APDU reset commands via the tool 'gscriptor', also included with 'pcsc-tools': 00 e6 00 00 00 44 00 00 Still nothing. From the OpenPGP Card 2.0 spec, it seemed there were two commands I could issue after TERMINATE DF (00 e6 00 00). One was ACTIVATE FILE (00 44 00 00) which I've been trying repeatedly. The other was SELECT FILE (00 A4 04 00 06 D2 76 00 01 24 01 00). So I tried that. BAM! It worked. At some point yesterday I also tried to send SELECT FILE via gpg-connect-agent, and I know that didn't work. Not sure why gscriptor seemed to work better than gpg-connect-agent and 'scd apdu', but all's well that ends well. The only obvious difference is that I could just tell gscriptor to turn on the card, without having to issue something like a serialno command to spin it up. -Grant signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Did I just fry my smartcard?
This is actually a spare card I was just messing around with, not my main one. It's a standard OpenPGP v2.0 card from g10. I wanted to reset the card to the factory defaults and mess around with the onboard key generation. I issued the series of commands listed here, among other places: http://www.gossamer-threads.com/lists/gnupg/users/49737 After that, the card wasn't reset, was locked out, and it won't do anything useful. If I run a command like gpg --card-status, I'm prompted with: gpg: detected reader `SCM SCR 3310 [CCID Interface] 00 00' gpg: pcsc_connect failed: sharing violation (0x801b) gpg: apdu_send_simple(0) failed: locking failed Please insert the card and hit return or enter 'c' to cancel: gpg: pcsc_connect failed: sharing violation (0x801b) gpg: pcsc_connect failed: sharing violation (0x801b) gpg: apdu_send_simple(0) failed: locking failed And if I try to issue the apdu sequence manually, nothing responds. grant@johnsmallberries:~$ gpg-connect-agent scd apdu 00 44 00 00 ERR 100663351 Invalid value SCD scd apdu 00 e6 00 00 ERR 100663351 Invalid value SCD scd serialno ERR 100663351 Invalid value SCD Does anyone have any tips for resetting the card, or am I out of luck? On the plus side, I can confirm that the Admin Password Lockout does indeed work as advertised. I've always wanted to give that a try. ;-) -Grant signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ID-000 SmartCard Form Factor
On 01/28/2011 09:42 PM, David Tomaschik wrote: While I realize that the ID-1 (full size) cards can be used with card readers that support PIN entry, are there any other advantages/disadvantages to one size over the other? At present, I feel like the ID-000 form factor has more advantages because of the portability and the lower cost of the readers. As far as the cards themselves, you can used the ID-000 cards in a full-sized reader or pop the chip out. So if you have any doubt there, you can get the ID-000 card and keep your options open. I don't think the readers make that much of a difference either. In theory, it's nice that the ID-000 readers will fit on your keychain, and you can use them anywhere. But in practice, personally I'm either working at home or have my laptop bag with me. I'm not using a smart card at a computer lab or a library or something like that. In theory, a full-sized card and reader would be nice if you used multiple cards, like a separate ID to sign software or something, or different users on the same computer, but most people probably don't have to worry about that. A full-sized reader also has a cord, which can be convenient if it's hard to get to your USB ports, instead of climbing behind some desk every day. If you're already leaning towards a thumb-drive sized reader, that should work just fine. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Future plans for implementation of other algorithms
On 1/26/11 3:37 PM, Avi wrote: As someone who uses GnuPG on a USB stick under Windows, I sincerely hope that elliptical curves get added to the 1.4 trunk. --Avi That was completely uninformed speculation on my part. But I still think that like any new standard and technology, even after ECC makes it into an official gnupg release, it'll probably be years before you'll be able to use it on a general purpose key, due to any number of systems or users that won't instantly support ECC in OpenPGP. That was really my main point. -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: SmartCard Import/Export
On 1/26/11 4:03 PM, David Tomaschik wrote: Anyone in the US ever order the OpenPGP smartcards from Kernel Concepts? I'm wondering if there are any customs issues I should be aware of. I'm thinking of trying to get a few people together around here to do a bulk order to cut shipping costs, etc., but wanted to know if I was going to end up with any import taxes/customs trouble. I just got a card and reader from them. They did everything by the book. There was a customs declaration on the outside of the box. They even had an FCC clearance for the reader inside the box just in case customs decided to open it up. (They didn't.) Meanwhile, when I ordered a crypto-stick from the GPF I'm pretty sure it just showed up in a yellow envelope with a hand-written address. I don't think it had any customs declaration or anything. And that showed up just fine as well. I don't think you have anything to worry about. -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: SSH authentication using OpenPGP 2.0 smartcard
On 1/25/11 10:07 AM, Patryk Cisek wrote: Hi, I've been successfully using OpenPGP smartcard for signing my Debian uploads for a while now. Today I wanted to set it up also for SSH public key authentication. Did you create an authentication key? You might only have signing and encryption keys. You need a third key for authentication. (A quick look at pool.keyservers.net doesn't show an auth subkey.) I just setup Debian 6.0RC1 last week. I have a key I've already been using to ssh. I had no problems. Just needed to add some stuff to .bashrc as documented in the manpage for gpg-agent. -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: SSH authentication using OpenPGP 2.0 smartcard
On 1/25/11 12:16 PM, Grant Olson wrote: I just setup Debian 6.0RC1 last week. I have a key I've already been using to ssh. I had no problems. Just needed to add some stuff to .bashrc as documented in the manpage for gpg-agent. Actually, I also needed to run 'gpgkey2ssh 0xDEADBEEF ~/.ssh/authorized_keys so I could ssh into the box as well. -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Future plans for implementation of other algorithms
On 01/25/2011 07:59 PM, Joseph Ziff wrote: Just out of curiosity (this might be the wrong mailing list for this so I apologize in advance if that is the case), are there any plans for implementing any other encryption/signing algorithms in GPG and if so what are they? I think it's really the OpenPGP specs that drive the algorithms included in gnupg. There's no point in adding something if other OpenPGP implementations don't understand it. Right now there's a draft RFC to include Elliptic Curve Cryptography in OpenPGP, but it hasn't been finalized yet. That's probably the next big algo. Just this week on gnupg-devel, Werner announced a git branch containing an implementation of Elliptic Curve Cryptography for 2.1. Even after that code hits the gnupg mainline and the RFC gets approved, it might be a while before you can reliably assume people can handle ECC, given the number of people and distros that still default to 1.4. (Not that I'm saying there's anything wrong with using 1.4; I just doubt ECC will be back-ported.) signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Do smartcards stay unlocked forever by design?
Hey all, I've been using a smartcard for several months now. It's a cryptostick if the model is important. Every time I sign something, it asks me for my pin. But once the card is unlocked, ssh authentication and decryption seem to happen forever, regardless of any ttl-cache settings in gpg-agent.conf. I just want to make sure I understand the semantics correctly. It seems: 1) Once I enter my pin, the card is unlocked as long as it's connected. 2) I get prompted when making a signature because the sig counter gets incremented, and that's a write operation to the card. Decrypting and authenticating don't prompt because the operations don't write to the card. 3) The proper way to 'lock' the card is to remove it from the reader. Is this correct? -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Official gnupg signing key (0x1CE0C630) expired
I'm assuming this just needs the year end bump. Looks like it expired 12-31-2010. -Grant signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fingerprint useless if not self-signed key?
On 1/2/2011 11:04 AM, takethe...@gmx.de wrote: And thankfully David Shaw answerd: By default, yes. You can override this, but it is not a good idea. Thus the answer to the question, whether one needs to check whether the key is self-signed is conneced with the word override. What did he mean with that? Changing the source code of my version of gnuPG on my hard disk and recompiling or changing some sort of configuration file on my hard disk? gpg provides many options for backward compatibility and interoperability with other OpenPGP implementations. I'm presuming David is talking about this: snip from 'man gpg' -allow-non-selfsigned-uid Allow the import of keys with user IDs which are not self-signed. This is only allows the import - key validation will fail and you have to check the validity of the key my other means. This hack is needed for some German keys generated with pgp 2.6.3in. You should really avoid using it, because OpenPGP has better mechanics to do separate signing and encryption keys. /snip If that's the case, then I don't need to advise people to check whether a key is self-signed, because an attacker needes access to my hard disk to override the self-sign-check. But if he already has access to my hard disk, he can as well to worse things like installing a keylogger or something. Thus in this case I'm beaten already, isn't that so? As you've said, I'm not sure how plausible it is to worry about that attack scenario. If someone is in a position gto modify your gpg.conf, there are much easier ways to attack you than modifying that setting and tricking you into loading an non-self-signed key years later. EXPLANATION The fingerprint is a hash value of the public master signing key only, NOT of the public subordinate encryption key. Only if that public subordinate encryption key is self-signed, I can be sure the owner of the private key wanted it to belong to his public key. Otherwise it might have been placed there by an attacker. That's technically correct-- the best kind of correct. If I were writing an introduction to OpenPGP, I'd focus on the purpose of the fingerprint, and not the implementation details of keys and subkeys and signing, and all that. A fingerprint: 1) Allows you to verify that the key you have is the one you think you have, and it hasn't been forged or modified. 2) Is only useful if obtained via an out-of-band channel, such as meeting in person or over the phone. If someone can forge one email, they can forge another. Same with webpages or keyservers. 3) Only authenticates the key itself. It doesn't do anything to authenticate the user. It doesn't prove that jack_ba...@ctu.gov is who he says he is. That's up to you. -- Grant Can you construct some sort of rudimentary lathe? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Signing
On 1/2/2011 7:19 PM, Robert J. Hansen wrote: On 1/2/2011 7:11 PM, takethe...@gmx.de wrote: When signing a public key's user ID, the statement I'm making is: I believe that this key belongs to the person described by the name and the comment in the user ID. There is no fixed semantic meaning for a signature. Each signer is responsible for deciding what their signature means. Some people sign keys and mean nothing more than, I have successfully exchanged emails with this address. Some people are quite a bit more paranoid. :) And of course there are also no fixed semantics for the UID. It's just a random string. gpg arguably obscures this by asking you three questions when generating the ID, but the ID string can be anything. So ultimately, a signature is saying I believe this arbitrary ID, whatever it is, is valid, by whatever method I used to validate it. OpenPGP lets you describe your own security model, which is its blessing and its curse. ;-) That's where the trust rating comes into play. It's how much you trust another person to sign keys in a way you consider appropriate. Validity is how much you 'trust' that the key itself is valid. That can be a bit confusing at first. I for one trust the PGP Global Directory just fine, at least for casual communication. That performs the opposite certification that we're talking about. It validates that the email address is controlled by the key owner (baring a man-in-the-middle attack), and does nothing to validate the person himself. But anyway, I'd be reluctant to sign a key that said something like Grant Olson (Nightwatch Division) t...@fbi.gov if I knew this person had no affiliation with the FBI, or didn't know that he did, whether or not I thought the owner of the key could exploit the bogus email address. -- Grant Can you construct some sort of rudimentary lathe? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: 'Tis the Season -- again.
It's also a good time to take care of all those administrative tasks that you've been lazy about. I created an authentication subkey this year and never properly backed it up. Sure I could revoke it and create a new one, but getting the new key onto a bunch of servers will be a pain. Also put FDE on my laptop, but I was running Time Machine on an unencrypted external drive. So now I'm encrypting this 2 TB whopper. Looks like I've got about 1 day, 3 hours, and 28 minutes to go. So ask yourself if you have backups of your critical info. If the backups are up-to-date. If the media is still good. If it's appropriately secured. If you printed out a rev cert. If you're still using the same lame password on every website, even though you know deep down you shouldn't be. Etc... -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: multiple subkeys and key transition
On 12/11/10 2:55 PM, Ben McGinnes wrote: Cool. On a tangential note, could this be used as a basis for applying a PKI/WoT model to certification of SSL keys, rather than relying on CAs? I don't really want to hijack my own thread, but I've always been deeply suspicious of the obvious money grab of the CA system of (mainly website) SSL certificates and I think alternatives a worth exploring. There's the MonkeySphere project, but I don't think it's widely used... http://web.monkeysphere.info/ -- Grant I am gravely disappointed. Again you have made me unleash my dogs of war. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
