Re: Problem with GPG
Hello Werner, Yesterday, Aug 8, Werner Koch wrote to lists.gnupg-us...@duinheks.nl about...: WK You should better use WK gpg --batch --sign --armour --clearsig --passphrase-fd 0 --yes -o $1.asc $1 I will do that in future. WK to avoid the mv. Even better use gpg-agent. That will take some thinking. Will look into it. WK gpg: pkglue.c:41: mpi_from_sexp: Assertion `data' failed. WK Aborted WK Please show us the output of WK /usr/bin/gpg --version Of course: $ gpg --version gpg (GnuPG) 2.0.18 libgcrypt 1.5.0 Copyright (C) 2011 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 Regards, Hans. J.D.H. Beekhuizen e-mail: jdh.beekhui...@duinheks.nl tel:+31(0)714015437 fax:+31(0)714017198 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Problem with GPG
Hello, I call PGP from Pine with a simple script: #!/bin/sh echo | /usr/bin/gpg --batch --sign --armour --clearsig --passphrase-fd 0 $1 mv $1.asc $2 Lately I noticed that it did not work, withour giving me any warning. When I use it 'by hand' I see an error: echo xxx | /usr/bin/gpg --batch --sign --armour --clearsig --passphrase-fd test -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 gpg: pkglue.c:41: mpi_from_sexp: Assertion `data' failed. Aborted What's happening and how can I repair it? The file test contains nothing spectacular: /home/jbeekhui/.gnupg/pubring.gpg - pub 1024D/4F702D4A 2001-10-27 Johannes D.H. Beekhuizen Key fingerprint = C913 300F FEF9 92BE 8320 07B4 2DF2 2641 4F70 2D4A uidJohannes Beekhuizen sub 1024g/1074CC1A 2001-10-27 I'm running GNUpg 2.0.18 under SlackWare 13.0, built with the libraries: libgpg-error 1.9 libgrypt 1.5.0 libksba 1.2.0 libassuan 2.0.2 Maby yhnals for any helpful help, Hans Beekhuizen. J.D.H. Beekhuizen e-mail: jdh.beekhui...@duinheks.nl tel:+31(0)714015437 fax:+31(0)714017198 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what are the sub keys
On Wed, Mar 23, 2011 at 10:58:38PM +0100 Also sprach Ingo Klöcker: I claim that of all 4096 keys that can be found on the public keyservers most have been created by people who just went for the highest number. Because bigger must be better, right? I cannot resist offering the following quote from Neil Stephenson's Cryptonomicon, which makes a similar observation: So the length of the key that you use is, in and of itself, a code of sorts. A knowledgeable government eavesdropper, noting Randy's and Avi's use of a 4096-bit key, will conclude one of the following: --Avi doesn't know what he's talking about. This can be ruled out with a bit of research into his past accomplishments. Or, --Avi is clinically paranoid. This can also be ruled out with some research. Or, --Avi is extremely optimistic about the future development of computer technology, or pessimistic about the political climate, or both. Or, --Avi has a planning horizon that extends over a period of at least a century. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what are the sub keys
On Sat, Mar 19, 2011 at 11:36:57PM -0400 Also sprach Robert J. Hansen: On 3/19/11 10:34 PM, Jonathan Ely wrote: but be sure to set your preferences and choose a 4096 over 2048. Why? This is like saying, I like the bank vault on my front door, but I wish it was thicker: I want the extra security. Key length is only a small part (arguably the smallest part) of communications security. I agree that 4096 may seem like overkill, but I think the recommendation to max out one's RSA key size is defensible. Here's why: 1. Modern computers are fast; it costs us almost nothing in terms of computation time to use a 4096-bit key. 2. Modern computers are fast, and getting faster all the time; remember that your security margin may need to be good not just today, but against all the attacks that are possible in the future, for as long as your data needs to remain secure (decades, for some people). Once upon a time, 1024-bit keys were considered perfectly adequate; most experts urge against generating keys today with that strength. I agree that an awful lot of fuss is made over key length, sometimes to the exclusion of other, much more likely attack vectors. However, until someone describes for me a compelling reason NOT to bump key length up to 4096, my view remains: Why not? Special case, relating to this thread's original question: Some software which is designed to interface with GnuPG, or otherwise implement PGP keys, may not support arbitrary key lengths. E.G. Evolution used to have a 160-bit hash hard-coded into it's gnupg integration (it may still--I haven't used Evolution in a while), which meant that to remain DSS-compliant, you could only sign email with a 1024-bit DSA key. DSA-2 keys could not be supported directly by Evolution. You could circumvent the key-stregth limit by using an RSA key as long as you liked. However, in cases when a particular piece of software may require use of a key which does not meet your general-use criteria, for whatever reason, generating a sub-key which meets the requirements can allow you to use the specific feature you need, while still enabling you to use other sub-keys for less restrictive applications. -- Le hasard favorise l'esprit préparé. --Louis Pasteur pgp8BcUjLpUkr.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what are the sub keys
On Tue, Mar 22, 2011 at 08:28:57AM -0700 Also sprach Robert J. Hansen: IME, engineering starting from a base maxim of, why not?, ultimately leads to curious things that leave you scratching your head (like the aforementioned, why are you using SHA512 with DSA-1K?). This is why I would much rather start from a base maxim of, why? I'd much rather be accused of favoring minimalism than maximalism. I agree that Why Not? by itself is not an argument in favor of doing something, unless it is balanced by a Why? So, one can compare the pros and cons of using a longer key, with some items ending up in the Why do it column, and some ending up in Why not. My point is that in the Why use 4096-bit RSA? column, we have a few items, including a much longer lifetime for the key and encrypted data, as factoring attacks get better in the future (they never get worse), whereas in the why not column, we have--so far as I can see--nothing (apart from special usage scenarios, as I exeplified above). There is a greater margin of security in a 4096-bit key over a 2048-bit key (all other factors being equal), even if it is only theoretical. Sure, there are other, more important security considerations; perhaps not in spite of them, but because of them, one can say Use the maximum key length supported, and move on to more important considerations. -- Le hasard favorise l'esprit préparé. --Louis Pasteur ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Smart Card Physical Best Practices?
On Sat, Feb 26, 2011 at 09:40:07PM -0500 Also sprach David Tomaschik: I've recently received my smart card, but was wondering what the best practices are, mainly from a physical standpoint. When I use it in my laptop reader, it sticks about 2 out of the side, and I have some concern about this (i.e., getting damaged by being pushed into something, etc.). I am using the Authentication key on it for SSH, and the normal signing encryption operations, so I suppose I need it when sending signed email and signing into a system. Do most people leave it in the computer most of the time, or just insert it as needed? This brings to mind: how many insertion cycles can these cards handle? Looking online, various smart cards are rated anywhere from 10,000 to 250,000 insertions. (At 10,000, as few as 10 insertions per day would net a 3 year lifetime.) If you are concerned with the insertion-limited lifetime, and with other possible kinds of damage to the smart card itself, perhaps you should consider getting one of the versions with the SIM removal option. Pop the chip out of the card and put it inside one of those USB tokens that take them. Then the SIM itself is always (at least partially) protected inside a casing, and the insertion problem is offloaded onto the USB mechanism (which is more expendable). If the USB token fails eventually, take the SIM out and put it in a new one; you may have been using it for years by then, but your effective insertion count is 2. As an added bonus, you may use your OpenPGP card on any computer with a USB port, without needing a separate card reader available. -- Le hasard favorise l'esprit préparé. --Louis Pasteur pgpOJgEYqnxrY.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Why do we use a different key to sign than to encrypt
On Tue, Mar 01, 2011 at 01:13:16PM + Also sprach Guy Halford-Thompson: Not GPG specific, but I was wondering if someone could point me in the direction of some resources that explain why we use different keys to sign and encrypt (for cases where the same key _could_ do both e.g. RSA). This may not be the whole story, but I did manage to find this: http://www.di-mgt.com.au/rsa_alg.html#weaknesses -- Le hasard favorise l'esprit préparé. --Louis Pasteur pgpbqg3nFtKvE.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some SHA-2 news
On Sun, Feb 20, 2011 at 07:19:15AM -0500 Also sprach Jerry: On Sat, 19 Feb 2011 14:55:14 -0500 Robert J. Hansen r...@sixdemonbag.org articulated: On 2/19/11 9:53 AM, lists.gn...@mephisto.fastmail.net wrote: Think we'll see this included one day in OpenPGP, or will we just skip to SHA-3 when it's ready? Usually, algorithms are added due to existing users with a strong need -- e.g., CAMELLIA came about because users in the Pacific Rim needed it. I'm unaware of anyone saying, the SHA-2s are great, but they're too slow on 64-bit processors. And until there is, the odds of OpenPGP adoption are practically nil, IMO. Out of simple morbid curiosity, other than the time and effort needed to adopt the code, is there any downside to this venture? I can't really see much downside, except, as has been noted, a possible lack of demand. I don't believe security is affected one way or the other. It's just a matter of a slight performance improvement on certain hardware. With SHA-3 so close on the horizon, though, I find it doubtful that a minor re-working of SHA-2 would gather much adoption. It somewhat surprises me, even, that NIST bothered with it. I suppose someone, somewhere, must be saying the SHA-2s are great, but they're too slow... or why would anyone have put the work in to extend the standard, as has been done? I think understanding this was the motivation for my original post. pgpY8kpGwg6eU.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help with OpenPGP plugin in Mozilla Thunderbird and Claws Mail
On Tue, Feb 15, 2011 at 05:38:47AM -0800 Also sprach AgoristTeen1994: Okay thanks for the help though I'm still somewhat confused...I understand that they key id is the entire keypair, but then how do I found out what is just my public key, and just my secret key, the reason Im asking is that if I want to give my public key to someone, then I apparently give the entire keyid since that has my secret key too..or am I wrong on that and I can give them the entire keyid? Thanks again and have a nice day. -- There is a distinction I believe you are missing; please feel free to admonish me if I am oversimplifying things, however: The Key ID is not the entire key pair; it merely represents the key pair. It is a unique name for your key pair, if you would like to think of it that way. When you give someone your Key ID, you are not literally giving them any part of your Secret or Public key--you are merely giving them a convenient way to reference it. The actual public key can be quite long, and inconvenient to read out to someone, or jot down on the back of a cocktail napkin, so we have these Key IDs to use as short-hand. If you have your public key published somewhere, such as on a key server, the Key ID is a way for other people to unambiguously look up the full key. If you have more than one key pair (e.g. one for personal use, and one for work), the Key ID of each key pair (which will be unique to each) is a way to tell them apart on such a key server, or within your own keychain. Note, however, that only giving someone your Key ID does not help them to encrypt messages to you, or verify your signature, if they do not have someplace to access the actual key (like a public key server). It just helps them look up your individual key if it is in such a place. Generally speaking, good OpenPGP implementations (like GnuPG) will require that you explicitly state you want to export your _Secret_ key before they will ever spit it out (e.g. gpg --export-secret-keys is pretty obvious). Under all other circumstances, when you issue a command to export a key, it will release only the public part of the key pair. Hope this helps, Kevin -- Le hasard favorise l'esprit préparé. --Louis Pasteur signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help with OpenPGP plugin in Mozilla Thunderbird and Claws Mail
On Tue, Feb 15, 2011 at 05:38:47AM -0800 Also sprach AgoristTeen1994: Okay thanks for the help though I'm still somewhat confused...I understand that they key id is the entire keypair, but then how do I found out what is just my public key, and just my secret key, the reason Im asking is that if I want to give my public key to someone, then I apparently give the entire keyid since that has my secret key too..or am I wrong on that and I can give them the entire keyid? Thanks again and have a nice day. -- There is a distinction I believe you are missing; please feel free to admonish me if I am oversimplifying things, however: The Key ID is not the entire key pair; it merely represents the key pair. It is a unique name for your key pair, if you would like to think of it that way. When you give someone your Key ID, you are not literally giving them any part of your Secret or Public key--you are merely giving them a convenient way to reference it. The actual public key can be quite long, and inconvenient to read out to someone, or jot down on the back of a cocktail napkin, so we have these Key IDs to use as short-hand. If you have your public key published somewhere, such as on a key server, the Key ID is a way for other people to unambiguously look up the full key. If you have more than one key pair (e.g. one for personal use, and one for work), the Key ID of each key pair (which will be unique to each) is a way to tell them apart on such a key server, or within your own keychain. Note, however, that only giving someone your Key ID does not help them to encrypt messages to you, or verify your signature, if they do not have someplace to access the actual key (like a public key server). It just helps them look up your individual key if it is in such a place. Generally speaking, good OpenPGP implementations (like GnuPG) will require that you explicitly state you want to export your _Secret_ key before they will ever spit it out (e.g. gpg --export-secret-keys is pretty obvious). Under all other circumstances, when you issue a command to export a key, it will release only the public part of the key pair. Hope this helps, Kevin -- Le hasard favorise l'esprit préparé. --Louis Pasteur signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: very short plaintexts symmetrically encrypted
On Sun, 10 Jan 2010 14:02 +0100, Werner Koch w...@gnupg.org wrote: On Sun, 10 Jan 2010 04:44:35 -0500, ved...@hush.com wrote: symmetrical encryption is a simple way to avoid signing, while still maintaining relative reliability of knowledge as to who sent the message That is not true. For example you can't detect a replay or MitM attack. Forgive me, but how is a MitM attack possible against a symmetric cypher using a shared, secret key? A MitM attack is really an attack on key exchange, as it requires the MitM to intercept at least one public key, and substitute another (one of his own) for it. Using symmetric crpyto, however, the key must be prearranged, or exchanged by some other trusted means. Assuming only the sender and receiver of the message know the secret key, I fail to see what a MitM can accomplish. Of course, if we just broadcast the secret key on the Internet, or something, then it's not much good--but anyone using symmetric crypto should know better. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users