Re: Future OpenPGP Support in Thunderbird
Am 11.10.19 um 20:15 schrieb Phillip Susi: > Why the heck don't they just run gpg the way enigmail did? > They don't want users to require to install gpg first. And they don't want to ship gpg with Windows installers, since it isn't MPL. Philipp signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Future OpenPGP Support in Thunderbird
While having OpenPGP support directly in Thunderbird is probably a good thing, I found it convenient to just use the gpg kerys for Email encryption and signing (and conversely, being able to just use keys imported via Enigmail to encrypt files using gpg). It would be really nice, if Thunderbird could add an option to use the gpg key storage instead of its own, but so far the developers want to always keep the Thunderbird key storage separately (thoug they are considering functionality to import keys from gpg to Thunderbird): https://wiki.mozilla.org/Thunderbird:OpenPGP:2020 Philipp signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
[OT] Where can I find some papers to read on mail (and envelope) security?
There has been plenty of research on email security and the need for encryption is well-known. However, I wonder if there has been any research on mail security. Of course, one could just put a GPG-encrypted letter in an ordinary envelope, but there are more common measures that are meant to give some additional security over the standard mail. I wonder how well those work. Are there any good textbooks, etc? There are a few aspects I can think of (but there is probably more): * Patterns printed on the inside of envelopers. These are meant gainst the use of light to read the contents of an unopened enveloper. How strong are these in the face of image recognition? Did someone study such patters? * Tamper-proof enevelopes, meant to make it hard to open an envelope unnoticed. How well do these work? Does it even make snsne to put much effort into them, as an attacker could use a new envelope (though there might be some difficulties involved to get or fake the right postmark)? * There seems to be some literature on the security of wax seals (e.g. "Licet ad regimen", published in 1198 - does anyone know of a German, French or English translation). Philipp ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: STM32F103 flash ROM read-out service
Am 05.06.2018 um 02:37 schrieb NIIBE Yutaka: > Hello, > > While learning Chinese language, I found this service (in Chinese): > > http://www.pcbcopy.com/2016/ic_1128/1928.html > > IIUC, It's a company in ShenZhen, which offers a service reading out > from protected STM32F103, even if it uses anti-tamper feature with a > battery. > > I was aware of similar services for PIC18 or ATmega (in different > country). This is new for me, specifically for STM32F103. > > I don't know the detail of this service, but it seems that it's not that > expensive (from not-confirmed information by my friend). > > Well, I encourage Gnuk users to new use KDF-DO feature with newer GnuPG. > See https://www.aisec.fraunhofer.de/en/FirmwareProtection.html for some research on breaking STM32 readout protection published in January. Philipp signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: A postmortem on Efail
Am 20.05.2018 um 08:26 schrieb Robert J. Hansen: > Writing just for myself -- not for GnuPG and not for Enigmail and > definitely not for my employer -- I put together a postmortem on Efail. > You may find it worth reading. You may also not. Your mileage will > probably vary. :) > > https://medium.com/@cipherpunk/efail-a-postmortem-4bef2cea4c08 I don't think breaking backwards-compability is an all-or-nothing question. IMO, it is important to still be able to decrypt old data. On the other hand one wants sane, secure use with current data. The functionality needed to decrpyt old files should still be there. Possibly hidden behind some new option, if that helps security for typical users. If my mail client will no longer be able to display some old encrypted message, that's ok. But I should be still able to read that message by invoking GPG from the command-line with suitable options. Philipp ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New smart card / token alternative
Am 06.11.2017 um 23:26 schrieb ved...@nym.hush.com: > > > On 11/6/2017 at 4:55 PM, "Tim Steiner"wrote: > > \We have been working on a project to build a direct interface for > PGP/GPG usage using U2F for web apps and browser extensions. This is > similar to existing smart cards and tokens but no software install is > required. > > We set out to solve this problem -"Man, I really wish I could read > this PGP message, or send this message, or open this file, or sign > this file, but I don't have my laptop with me" > > With this solution you can keep the key offline, carry it with you > and it works even on a computer where you can't install software - > https://www.kickstarter.com/projects/1048259057/onlykey-quantum-future-ready-encryption-for-everyo > > We are interested to hear feedback on this approach from the > community. > > = > > Using this on anything except your own computer, or laptop, is > problematic, as the 'host' computer can have a key-logger or screen > capturer, and copy the decrypted plaintext, or the plaintext to be > encrypted. I have often been insituations, where I had access to a friend's computer, and you trust the friend and their computer skills enough to handle a message on their computer. A typical scenario might even be a sending a signed message where the contents are intentionally known to that friend. While I tend to carry my laptop with me often, not everyone does. Philipp ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: The symmetric ciphers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 10.09.2013 15:30, schrieb Robert J. Hansen: On 9/10/2013 6:35 AM, Philipp Klaus Krause wrote: I wonder if it would be a good idea to have an option to combine symmetric ciphers, e.g. users could state a preference list like this: No. This idea gets floated every few years and the answers never change. It's not a good idea. If you look in the list archives you can find some pretty long, detailed writeups on why. I just tried googling a bit, but the only posts I found are those that assume that the effort to break A+B would be a+b. I did not find the detailed writeups you mentoned, or even anything else about the assumption that breaking A+B takes at least effort max(a,b). Assuming it takes effort a to break cipher A and effort b to break cipher b, this should result in effort at least max(a, b) needed to break A+B. Basically, though, it's this is a naive and unfounded assumption. Well, here's a (rough, and maybe naive) explanation of why I assumed that the effort is at least max(a, b): First, I assume assume that the effort for breaking anything so is much more than the effort for encryption given the key, that the latter is negligible. So assume there is an attack on A+B. that allows to break A+B with effort e less than max(a,b). That means that at least one of e a or e b is true. Case 1: e a: Well, whenever someone is using A, we can just encrypt the ciphertext using B with a key of our choice. Any attack on A+B thus immediately translates into an attack on A, contradicting the assmption e a. The attack on A would be of the same type as the one on A+B. Case 2: e b: Hmm, this one seems harder. If I have an attack on A+B that yields information about the key, I can get a chosen-ciphertext attack on B from it. An attack on A+B that yields information about the plaintext could be combined with an attack on A that yields information on the key to get an attack on B that yields information on the plaintext. If A happens to have a weak key, I would get an attack on B that yields information on the plaintext as well. Any way I should get an interesting result of the type b a + e. I think there is a stronger result possible here, but I admit don't know how I could get there. Philipp -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iEYEARECAAYFAlJxP5wACgkQbtUV+xsoLpoIaACg8KWSjlIToJb40MzI4r+b1nT9 ySAAn0zbo5hbMReGpCycThO6Cy4BAg1H =gNuW -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: 2048 or 4096 for new keys? aka defaults vs. Debian
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 27.10.2013 19:47, schrieb Peter Lebbing: On 27/10/13 19:09, Filip M. Nowak wrote: 1) Specialized microcontrollers with crypto capabilities are available and used for years now (AVR XMEGA which is 8 bit for example) AVR XMEGA has DES and AES, no asymmetric acceleration. Also, I think the market of XMEGA is phenomenally tiny compared to regular AVR/PIC (personally, I would go to ARM if megaAVR isn't enough). Are there 8-bit microcontrollers with RSA acceleration? Well, some, such as the Rabbit families have support for arbitrary-length multiplication that AFAIK was included mostly to make RSA implementations faster. Philipp -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iEYEARECAAYFAlJxQZMACgkQbtUV+xsoLprZ9wCgnfkIFzpByEwHkfC4BdZ+kEw5 3PgAmQGQ2XukmQwonj+OXmSq0EgYALGt =VoHH -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: The symmetric ciphers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 10.09.2013 13:45, schrieb Werner Koch: You would also need a second public keypair to protect the second symmetric key. If you don't, the attacker would target the public key scheme directly - ah well that is in any case the lower hanging fruit. I wouldn't assme that: RSA is something taught in typical maths and computer science curriculums at universities. Factorization is a well-known problem. Symmetric ciphers, on the other hand are for specialists. So I would assume that RSA got much more attention and eyes looking at it than any symmetric cipher. Philipp -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iEYEARECAAYFAlJxPIAACgkQbtUV+xsoLpqAAACg9OF7Wa+MsoIbyEpcEqruFpgT rkUAniJ6U2sZExDoo/iFa4A1W4XXobaw =wl/M -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: The symmetric ciphers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 30.10.2013 18:39, schrieb Robert J. Hansen: Well, here's a (rough, and maybe naive) explanation of why I assumed that the effort is at least max(a, b): If you first encrypt with ROT10 and then with ROT16, the final strength is not the maximum of (ROT10, ROT16). You may think that's a silly example, and I grant that it is, but it illuminates the point pretty well and avoids a lot of difficult math. But ROT10 and ROT16 fail the condition that breaking them should be substancially harder than applying them. Philipp -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iEYEARECAAYFAlJxUOwACgkQbtUV+xsoLpp/SQCgxg0xSXLXEzpazQ3TwhXv82JC HNcAnAsmU5WL/naU9LbBAY4GdrtRyoo/ =euUP -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: The symmetric ciphers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 10.09.2013 12:35, schrieb Philipp Klaus Krause: I wonder if it would be a good idea to have an option to combine symmetric ciphers, e.g. users could state a preference list like this: TWOFISH+AES256 3DES+BLOWFISH+AES AES 3DES The meaning of A+B would be to encrypt using A first, and then encrypt the result using B with a different key. Assuming it takes effort a to break cipher A and effort b to break cipher b, this should result in effort at least max(a, b) needed to break A+B. And with uncertainity about possible weaknesses in individual ciphers, this seems like a reasonable measure to me. Philipp If we have plenty of randomness available, we could do this a different way: XOR the message M with a random one-time pad P to obtain N. Encrypt P with A, and N with B. The drawback is that this doubles the lenth of the message. Philipp -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iEYEARECAAYFAlJxXTEACgkQbtUV+xsoLpqEhwCgnb7/AFx3b8q6a/sFPfPSt4NG 8SYAn3DgDL2BXYAwdfdcTSl+tBDJ/Jwt =Hsq+ -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: The symmetric ciphers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Is there a known good way to combine multiple symmetric ciphers into something that is at least as strong as the weakest of them? Philipp -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iEYEARECAAYFAlJxiSkACgkQbtUV+xsoLprSJQCfSXdZW2CmWFz6+CCpRNT3nBLK El4An1psE3eEeYZU36f9Z+YXuYQBSwvD =fsr4 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: The symmetric ciphers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 30.10.2013 23:33, schrieb Philipp Klaus Krause: Is there a known good way to combine multiple symmetric ciphers into something that is at least as strong as the weakest of them? Philipp This should have been ... as the strongest of them?. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iEYEARECAAYFAlJxjlkACgkQbtUV+xsoLpoWVwCeN21t5LI39J9Fz4JcJfJp85fh CXQAoITjUB4H/LTVPN5yS7UlVfrgUjP7 =7eRd -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: The symmetric ciphers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 30.10.2013 23:51, schrieb Bob (Robert) Cavanaugh: I guess I lost track of the initial purpose of this thread. Why do you want this if you can only achieve the same cryptographic strength as one of the ciphers? What problem are you solving? There are multiple symmetric ciphers. Any one of them might already have been broken by an adversary, but I assume that there are many among them that are not broken. I do not know which ones are which. So, if I have ciphers A, B and C, and a way to combine them into one symmetric cpher that is at least as strong as the strongest among them, I could use this combined cipher for somewhat secure communication as long as at least one of A, B, C is not broken, even if I do not know which ones are broken. Philipp -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iEYEARECAAYFAlJxjsMACgkQbtUV+xsoLpoM7ACfUWEYet6vVgtQH4PDJQmYIbBP i78AoIyoDEdCSzbzHTXUicuaxlwsWaD3 =5hUv -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Sign key and export for each UID
Am 17.09.2013 02:09, schrieb Doug Barton: On 09/16/2013 03:02 PM, Philipp Klaus Krause wrote: | Unfortunately, tools for signing keys with multiple UIDs IMO are not | user-friendly enough, tpically due to the following: | | 1) They require the user to be familiar with the command-line, | 2) They require the user to run a unixoid OS, | 3) They require the user to have configured mail for their OS. I would argue that this is true regardless of the number of uids on a key. I do use PGP with Windows, but I also use the command line there. I do not know of any software that has a competent GUI that does everything I would want it to do, or even a reasonable subset of it. I would find it interesting to be proven wrong however. :) Well, IMO enigmail does a somewaht resonable job for single-uid keys, since users can in the GUI right-click and select to sign a key (and the GUI lets them select the level of verification using radio boxes selecting from textual descriptions, instead of asking for a number, like pius does). And then they can right-click and select to send the public key. This is not optimal, as it requires two steps, and requires filling in the receivers email address manually. While I don't use Windows, AFAIK, this works the same on Windows as on other systems. It only requires mail to be configured in the mail client (which every user that runs a mail client has done), as opposed to the OS level. Philipp signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Sign key and export for each UID
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 17.09.2013 08:23, schrieb atair: On 9/16/13, Doug Barton do...@dougbarton.us wrote: The way that your signer did it is _a_ standard way to do it. CAFF is a very popular program for that, and there is another here that is also pretty good: http://www.phildev.net/pius/news.shtml Is there a way to achieve the same signatures from gpg command line? For example $ gpg -a --export uid exports the complete key and not just the signature. However, I understand the gpg-man pages in a way that it's possible to do a $ gpg -u my_keyid --edit-key other's_keyid sign other's_first_uid sign other's_second_uid ... q Is that true? How could I export the created signature for each step? (sth like an -a --export file but from interactive mode seems not to be present...) See section Multiple-UID keys on http://www.phildev.net/pgp/gpgsigning.html wich was written by the author of pius. BTW: I'm on GNU/Linux for some years now and I'd never use Windows again ;) So personally, I don't care whether these tools exist for Windows or not... Independent of me using Windows or not, I still want Windows users to be able to sign my keys. Philipp -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iEYEARECAAYFAlI3/UkACgkQbtUV+xsoLppMYwCgsc13iE9hUcoBxNjX2OZ7cxhs l1sAniaDiK6XVfYEhwFaOjt2Ly0GEjXX =63e/ -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Sign key and export for each UID
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 16.09.2013 23:18, schrieb Ingo Klöcker: On Monday 16 September 2013 11:57:04 Doug Barton wrote: The way that your signer did it is _a_ standard way to do it. CAFF is a very popular program for that, and there is another here that is also pretty good: http://www.phildev.net/pius/news.shtml I have another philosophy that works for me because I prefer not to sign uids that are not valid. I send encrypted e-mail to each uid with a pseudo-random string and ask the person to send me back the string in a signed message. That allows me to determine if the person has control of all 3 elements of the uid; the e-mail address, private, and public keys. CAFF (and apparently also PIUS) achieve same: A signed UID is sent encrypted to the UID's email address. The signature on the UID can only be retrieved by a person who controls the email address and the private key. What do you mean by having control of the public key? How does your workflow verify that the person has control of the public key? AFAICS the public key is not needed for anything in your workflow. Unfortunately, tools for signing keys with multiple UIDs IMO are not user-friendly enough, tpically due to the following: 1) They require the user to be familiar with the command-line, 2) They require the user to run a unixoid OS, 3) They require the user to have configured mail for their OS. IMO, until the functionality to sign keys with multiple UIDs and send each signature to the associated UID gets integrated into mailclients or their plugins, keys with multiple UIDs should not be used. Philipp -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iEYEARECAAYFAlI3f+IACgkQbtUV+xsoLpqOiQCfd101zScXpxbkM09fw6H8j71f in4AnRWnG3YdXewXoZ5UxnLmFfWXWQRx =l165 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
The symmetric ciphers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I wonder if it would be a good idea to have an option to combine symmetric ciphers, e.g. users could state a preference list like this: TWOFISH+AES256 3DES+BLOWFISH+AES AES 3DES The meaning of A+B would be to encrypt using A first, and then encrypt the result using B with a different key. Assuming it takes effort a to break cipher A and effort b to break cipher b, this should result in effort at least max(a, b) needed to break A+B. And with uncertainity about possible weaknesses in individual ciphers, this seems like a reasonable measure to me. Philipp -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iEYEARECAAYFAlIu9f8ACgkQbtUV+xsoLpr7hgCglipmlV07D+wh0ylVgs+7MX1E d+wAnREuQlhGEEg6IbcHXRb+L/d/hIBS =T5GL -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Should the use of multiple UID per key be discouraged?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 GPG supports the feature of having multiple UIDs per key. However this requires special care of anyone signing such a key. AFAIK, there is no really user-friendly, and definitely no newbie-friendly way to do so. IMO this makes it much harder to expand the web of trust. Would it be a good idea to discourage people from having multiple UIDs per key, and encourage them to create a separate key per UID instead? Philipp -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iEYEARECAAYFAlIvbIYACgkQbtUV+xsoLpqLAQCgnwIrB/E/Q1tcCyG8GvjvWcOX vU8AoOElrV2BTmFg3P33dLCwvgH7H6p5 =iAg1 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: key management APG
Am 03.08.2013 14:51, schrieb Hauke Laging: Am Sa 03.08.2013, 12:16:56 schrieb ix4...@gmail.com: On 30 July 2013 22:30, ix4...@gmail.com wrote: I only need one GPG identity for now. I also use GPG on devices of two classes: Secure and insecure. I would like to take some operational security (OPSEC) precautions to minimize my pain when my insecure devices get compromised. You should consider using two keys for the same identity and very obviously give them different security levels. IMHO that's what we all are going to do in five years. Then the sender can decide how confidential the information is (or how reliable the signature must be). You mean creating two separate keys for the same email address? And sign each with the other? Anyone else will have to sign both of my keys for this address? How would I document the security levels? Use the comment field? Will current software make the choice easy for the people sending mail to me, or will their mail program just choose one of the keys without asking the user? Philipp ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple email addresses - any alternative to ask everyone to sign all my keys?
Am 25.07.2013 07:49, schrieb Christopher J. Walters: On 7/24/2013 6:06 PM, Robert J. Hansen wrote: (My original reply went just to Philipp. My apologies.) No apology necessary. I also must apologize, as my original reply got sent to Robert J. Hansen, when it was intended for the list. On 7/24/2013 1:53 AM, Philipp Klaus Krause wrote: Unfortunately, this is not casting very much light on things. The use of phrases like CONFIDENTIAL, SECRET and TOP SECRET have very specific meanings in NATO countries, and you're using them here in ways that are at odds with their NATO meanings. This is true, and NATO countries have very specific and well defined ways of dealing with data with those titles, depending on the country. Let me try this rephrasing: [snip] Further, each piece of traffic can receive any of three classifications: C, S or TS. You can send C traffic to Bender: the necessary keys to decrypt it are held there. However, although you can technically send TS traffic to Fry, Fry can't decrypt it: the keys aren't there. If I have this right, then you've walked straight into the Bell-LaPadula security model. You'll be well-served by reading up on it: a good academic reference will answer many of your questions. I'll have to look that up and read up on it, when I have the time. The short answer is, OpenPGP by itself will not be sufficient for your purposes. It might be able to provide a couple of tools, but what you want to achieve is far beyond the scope of OpenPGP. That was my conclusion, as well. That is why I suggested the bootable GNU/Linux or *BSD Live CD (with some vital tools on it, of course) and a USB thumb drive - with an encrypted filesystem for storing the keys (I'm not familiar with the smart card's capabilities, and as every smart card reader I have is non-functional, I cannot test it out). My suggestion went beyond OpenPGP and GnuPG to try to solve the problem Philipp described. Sorry, but I want to be able to read encrypted mail sent to my university email address on my university computer. Without any extra effort of booting from a live-cd or such. Philipp ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple email addresses - any alternative to ask everyone to sign all my keys?
Am 24.07.2013 08:35, schrieb Heinz Diehl: On 24.07.2013, Philipp Klaus Krause wrote: I do not trust the computer at university with the secret key used to decrypt my private mail. [] Still, I want to be able to read any encrypted mail sent to my unversity addresses on the computer at university. And I want to use encryption, since the mails might contain sensitive information, such as exams, grades, etc (and the mail servers are maintained by students). You can't have security on a machine which is out of your control. If others have physical access to your machine at university, what you want isn't possible. They could simply install a keylogger or other monitoring. I just want multiple security levels: Decrypt mail addressed to the university address, but not mail addressed to my private address on the university computer. Decrypt both types of mail on my private computer. After all the security I want works when using two separate keypairs (but that has the disadvantage of other people having to sign multiple keys). Philipp ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple email addresses - any alternative to ask everyone to sign all my keys?
Am 24.07.2013 15:18, schrieb Mark H. Wood: On Wed, Jul 24, 2013 at 11:33:18AM +0200, Philipp Klaus Krause wrote: I just want multiple security levels: Decrypt mail addressed to the university address, but not mail addressed to my private address on the university computer. Decrypt both types of mail on my private computer. After all the security I want works when using two separate keypairs (but that has the disadvantage of other people having to sign multiple keys). Um, wait...what does other people signing your keys have to do with you decrypting mail? Authentication and privacy are two different dimensions of communication security. Uh, AFAIK with GPG, I have a keypair. Other people sign it, so people who see the signature can trust that it is mine. So the private key I use to decrypt should correspond to a public key signed by other people. How else would others know that the key they use to encrypt is mine, and assume that only I can decrypt it? Philipp ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Multiple email addresses - any alternative to ask everyone to sign all my keys?
I'm currently using 4 email addresses - 1 for private mail, 1 for a small business, and 2 for university. Currently I have three keys - one for the private mail, one for the business, and one for unversity. Each of the keys has been signed with all keys. Of course it is annoying to have to ask everyone to sign three keys - after all they are all my keys, and the people I ask to sign my key all get to see the same passport. Is there a better alternative? I do not consider my university computer safe enough to trust it with the private key for my private mail. I.e. I do not want someone who breaks into the university office and installs a keylogger to be able to read encrypted mail sent to my private account. Philipp ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple email addresses - any alternative to ask everyone to sign all my keys?
Am 23.07.2013 21:04, schrieb Heinz Diehl: On 23.07.2013, Philipp Klaus Krause wrote: Of course it is annoying to have to ask everyone to sign three keys - after all they are all my keys, and the people I ask to sign my key all get to see the same passport. Is there a better alternative? Create/use one key, and add all the different addresses. I do not consider my university computer safe enough to trust it with the private key for my private mail. In this case, why should anybody else trust in the integrity of your identity? If you don't trust this machine, revoke the key and don't do anything confidential on/with it. That's not a practical solution. I want to be able to read encrypted mail sent to my university addresses on that machine. Philipp ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple email addresses - any alternative to ask everyone to sign all my keys?
Am 23.07.2013 23:22, schrieb Max Parmer: Sounds like you might want an offline master key with a couple UIDs and several subkeys. But can I have multiple encryption subkeys, with encryption subkeys associated with UIDs? I though one subkey per UID only works for signing. Also if I didn't trust a system enough to use any secret key on it I probably also would not want to expose decrypted messages to that system, presuming the messages you receive have sensitive/important information in them. Something to consider if you really have cause to not trust that computer might be setting up a dedicated, air-gapped system for encryption/decryption. I do not trust the computer at university with the secret key used to decrypt my private mail. I did set up that computer myself, but we have burglars breaking into the offices every few years, many people have keys to the office, etc. Still, I want to be able to read any encrypted mail sent to my unversity addresses on the computer at university. And I want to use encryption, since the mails might contain sensitive information, such as exams, grades, etc (and the mail servers are maintained by students). Philipp ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple email addresses - any alternative to ask everyone to sign all my keys?
Am 23.07.2013 23:22, schrieb Max Parmer: Sounds like you might want an offline master key with a couple UIDs and several subkeys. But can I have multiple encryption subkeys, with encryption subkeys associated with UIDs? I one subkey per UID only works for signing. Also if I didn't trust a system enough to use any secret key on it I probably also would not want to expose decrypted messages to that system, presuming the messages you receive have sensitive/important information in them. Something to consider if you really have cause to not trust that computer might be setting up a dedicated, air-gapped system for encryption/decryption. I do not trust the computer at university with the secret key used to decrypt my private mail. I did set up that computer myself, but we have burglars breaking into the offices every few years, many people have keys to the office, etc. Still, I want to be able to read any encrypted mail sent to my unversity addresses on the computer at university. And I want to use encryption, since the mails might contain sensitive information, such as exams, grades, etc (and the mail servers are maintained by students). Philipp ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple email addresses - any alternative to ask everyone to sign all my keys?
Hmm, since everyone seems to think He doesn't consider the unviersity computer secure enough for something, so he shouldn't consider it secure enough for anything, it seems I'm failing and communicating what I want to do. Maybe having a look at the following scenario will help: I have three computers, a smartphone named CONFIDENTIAL, a desktop in my office named SECRET, and one in the underground shelter with armed guards and the dog that needs to be fed the right type of meat to let me through named TOPSECRET. I have email addresses confidential@me, secret@me and topsecret@me. People sending confidential mail will send to confidential@me, and expect a reply within a short timeframe, so I need to be able to decrpyt and read the mail on CONFIDENTIAL. On SECRET, I want to read mail sent to confidential@me and secret@me. People that value security over timely processing will send mail to topsecret@me. On TOPSECRET I want to be able to decrypt mail sent to confidential@me, secret@me and opsecret@me. Nothing that happens to computer CONFIDENTAIL may allow other people to read mail sent to secret@me or topsecret@me. Nothing that happens to SECRET may allow other people to read mail sent totopsecret@me. I can handle this scenario by having three keypairs, one for each of the email addresses. But this would require everyone to sign all three of these keys. Is there a way to handle this secnario, such that people only have to sign one key? Philipp ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users