cache gpg passphrase for mutt on os x
Hi, I am running OS X 10.11.1 (and on another the latest version), in combination with compiled-from-source mutt 1.5.23hg, and gpg 2.0.29 and gpg-agent 2.0.29 (the latter two via Homebrew). This all works fine, but one thing: caching of passphrase for, for example, ten minutes. As I understand it, this is a problem with the session mutt runs in: each new mutt decryption and signing operation runs in a new session and hence can't access the previous' one. Probably, I can work around this, but to avoid spending hours of searching for a good solution: has anyone else done this before? -- Rejo Zenger E r...@zenger.nl | P +31(0)639642738 | W https://rejo.zenger.nl T @rejozenger | J r...@zenger.nl OpenPGP 1FBF 7B37 6537 68B1 2532 A4CB 0994 0946 21DB EFD4 XMPP OTR 271A 9186 AFBC 8124 18CF 4BE2 E000 E708 F811 5ACF Signal0507 A41B F4D6 5DB4 937D E8A1 29B6 AAA6 524F B68B 93D4 4C6E 8BAB 7C9E 17C9 FB28 03 signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
emails snowden and poitras
Hi, At http://www.wired.com/2014/10/snowdens-first-emails-to-poitras/ there are some snippets of the e-mails Snowden sent to Poitras as an introduction. One of those e-mails says: I would like to confirm out of email that the keys we exchanged were not intercepted and replaced by your surveillants. Please confirm that no one has ever had a copy of your private key and that it uses a strong passphrase. Of course, we don't have the full picture, but from the information that has been released, this seems to be surprising question: how would you be able to confirm that the keys are not replaced by asking to confirm that no one has ever had a copy of the private key? If they keys have been obtained by the adversary, the answer may be altered or not. In any case, the answer doesn't prove anything. Of course, if Poitras would answer that her private key is in the hands of some other person, I expect her to have revoked to key anyways. So, what's the objective of Snowden, you think? And yes, I am aware that Snowden says these steps are not bullet proof. -- Rejo Zenger E r...@zenger.nl | P +31(0)639642738 | W https://rejo.zenger.nl T @rejozenger | J r...@zenger.nl OpenPGP 1FBF 7B37 6537 68B1 2532 A4CB 0994 0946 21DB EFD4 XMPP OTR 271A 9186 AFBC 8124 18CF 4BE2 E000 E708 F811 5ACF pgpRkkusaqv9Q.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: emails snowden and poitras
++ 14/10/14 11:18 +0200 - Martin Behrendt: So, what's the objective of Snowden, you think? I assume that Laura Poitras never used gpg before or at least Snowden assumed so. I guess the main intend of the question were to sensitize [...] Didn't think of that option. Thanks. -- Rejo Zenger E r...@zenger.nl | P +31(0)639642738 | W https://rejo.zenger.nl T @rejozenger | J r...@zenger.nl OpenPGP 1FBF 7B37 6537 68B1 2532 A4CB 0994 0946 21DB EFD4 XMPP OTR 271A 9186 AFBC 8124 18CF 4BE2 E000 E708 F811 5ACF pgpAl3ZSiGT1S.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keybase
++ 25/09/14 22:29 -0400 - Peter S. May: completely map it out. But let's say some person other than me signs an assertion saying My name is Eve, public key signature is ABCDEFGH, and @psmay is my Twitter account. Let's say, for the sake of argument, that I don't treat my Twitter password with the same respect with which I treat my passphrase, and the attacker tweets the assertion. Then, let's say someone else tries to look up a public key for @psmay and finds that assertion. Private messages intended for me are now going to my doppelganger. I think this serves to suggest that the assertion itself This will not work if the one who is being forged is keeping track of the tweets that are being sent from his or her account. In my case, I would most definately noticing a tweet on my account which wasn't of myself. But then again, I have a fairly strong password on my Twitter-account as well. :) -- Rejo Zenger E r...@zenger.nl | P +31(0)639642738 | W https://rejo.zenger.nl T @rejozenger | J r...@zenger.nl OpenPGP 1FBF 7B37 6537 68B1 2532 A4CB 0994 0946 21DB EFD4 XMPP OTR 271A 9186 AFBC 8124 18CF 4BE2 E000 E708 F811 5ACF pgpa5XeMdkL6z.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
++ 22/08/14 11:38 +0200 - Garreau, Alexandre: The difference in the relation we have with information is who does it concern: when it concerns everybody (like Science, information about politics, events, Philosophy, Art, etc. what generally is what Wikipedia contains, aka “encyclopedic informations”), it should be shared among everyone, and not doing so is taking part in some kind of oppression (like stopping people from sharing a software); when it concerns only [...] That's an interesting point of view - or there is some misunderstanding on my end. Let's say the NSA does not only surveil all kinds of communications as it does right now, but it also publishes this information (open data in governmental speak), then there is no oppression according to you? -- Rejo Zenger E r...@zenger.nl | P +31(0)639642738 | W https://rejo.zenger.nl T @rejozenger | J r...@zenger.nl OpenPGP 1FBF 7B37 6537 68B1 2532 A4CB 0994 0946 21DB EFD4 XMPP OTR 271A 9186 AFBC 8124 18CF 4BE2 E000 E708 F811 5ACF pgptvL6RnRebe.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New to OpenPGP getting frustrated.
++ 28/06/14 02:09 -0500 - Aaron Chelf: Okay so I'm using Open PGP software in conjunction with Thunderbird in Linux. I've figured out about everything except the only way I can add public keys to my key ring so far is to save them as an attachment from an e-mail sent to me. How can I just copy a public key to my clipboard and add it to my key-ring? If you are using the Enigmail plugin: https://www.enigmail.net/documentation/keyman.php Search for: Import Keys from File: will allow you to import a key/keys into your keyring from a text file. And: Search for Keys: allows you to search for a key on a keyserver. (Keyserver). -- Rejo Zenger E r...@zenger.nl | P +31(0)639642738 | W https://rejo.zenger.nl T @rejozenger | J r...@zenger.nl OpenPGP 1FBF 7B37 6537 68B1 2532 A4CB 0994 0946 21DB EFD4 XMPP OTR 271A 9186 AFBC 8124 18CF 4BE2 E000 E708 F811 5ACF pgpFSMKEZ5lRT.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Google releases beta OpenPGP code
++ 04/06/14 10:32 +0200 - Werner Koch: I haven't looked at the fine details yet, but on the surface it seems like they're aiming at Gmail (mainly, but not solely). Interesting. This is in contrast to a recent online article in the German c't magazine [1] where the author claims that Google would cannibalize their own business model if they offer end-to-end encryption. Apple on the other hand can afford the luxury of encrypted A few additional remarks: - Google talks about a limited group of users in their annoucement: [...] will probably only be used for very sensitive messages or by those who need added protection. [...] will make it quicker and easier for people to get that extra layer of security should they need it. If they do not make a larger effort, the use of this plugin will remain limited (and Google will not cannibalize their own business model and still can make a good impression). - As Google already mentions: this type of encryption has been around for quite a while but hasn't been picked up by the general public due to the difficulties in creating a useful, secure and user friendly user interfaces. Google still has this hurdle to take. -- Rejo Zenger E r...@zenger.nl | P +31(0)639642738 | W https://rejo.zenger.nl T @rejozenger | J r...@zenger.nl OpenPGP 1FBF 7B37 6537 68B1 2532 A4CB 0994 0946 21DB EFD4 XMPP OTR 271A 9186 AFBC 8124 18CF 4BE2 E000 E708 F811 5ACF pgpAw1Vnf82L_.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Google releases beta OpenPGP code
++ 04/06/14 19:16 +0200 - Suspekt: IIRC google doesn't scan cooporate mails and students mail (if the school or university participates in googles programs) because of data protection issues, at least in europe. No. Google announced it will no longer do content scanning for advertising purposes in Apps for Education. Please take special note of the for advertising purposses and for Education. -- Rejo Zenger E r...@zenger.nl | P +31(0)639642738 | W https://rejo.zenger.nl T @rejozenger | J r...@zenger.nl OpenPGP 1FBF 7B37 6537 68B1 2532 A4CB 0994 0946 21DB EFD4 XMPP OTR 271A 9186 AFBC 8124 18CF 4BE2 E000 E708 F811 5ACF pgpcvecCtLO8P.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to determine who signed what
++ 01/06/14 19:45 +0200 - frank ernest: Hi again, I have been browsing and downloading gpg signed files and I'm acctually been downloading the sigs! However, I'm having trouble figuring out who signed what. Is there some way to determin this using the sig? Perhaps it has the keys fingerpinnt in it or something. For obvious things like the linux kernel source Linus himself signs it, but on an old ftp server, serving old now dead projects, who signed what is not quite so clear. I presume this is clear? rejo@broop-kidron:~/Downloads$ gpg --verify TorBrowser-3.6.1-osx32_en-US.dmg.asc TorBrowser-3.6.1-osx32_en-US.dmg gpg: Signature made Wed May 7 01:36:52 2014 CEST gpg:using RSA key 0x416F061063FEE659 gpg: Good signature from Erinn Clark er...@torproject.org [full] gpg: aka Erinn Clark er...@debian.org [full] gpg: aka Erinn Clark er...@double-helix.org [full] So, this tells you the (valid) signature has been made with the key 0x416F061063FEE659. Does that answer your question? -- Rejo Zenger E r...@zenger.nl | P +31(0)639642738 | W https://rejo.zenger.nl T @rejozenger | J r...@zenger.nl OpenPGP 1FBF 7B37 6537 68B1 2532 A4CB 0994 0946 21DB EFD4 XMPP OTR 271A 9186 AFBC 8124 18CF 4BE2 E000 E708 F811 5ACF pgpeKhLdAIN5M.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: hkps ssl problem
++ 02/05/14 10:40 +0200 - labrani: Personnaly i've installed gpgtools in order to use it with mail mac os application. and it is working fine unless i try to use an hkps server. with http there is no problem. i dont know the real reason why the gpgtools version is not working since on their site they said all is ok : i think that there is a bug while trying to use the ca-cert options. Works for me. What error message do you see? -- Rejo Zenger E r...@zenger.nl | P +31(0)639642738 | W https://rejo.zenger.nl T @rejozenger | J r...@zenger.nl OpenPGP 1FBF 7B37 6537 68B1 2532 A4CB 0994 0946 21DB EFD4 XMPP OTR 271A 9186 AFBC 8124 18CF 4BE2 E000 E708 F811 5ACF pgpsdQS0wL3b6.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: hkps ssl problem
++ 02/05/14 11:53 +0200 - labrani: i already give the message error in my first mail but here it is again from the gui application : gpg-key-chain Receive keys failed! Code = 0 Error text: gpg: requesting key 0xB6633197 from hkps server hkps.pool.sks-keyservers.net gpg: no valid OpenPGP data found. gpg: Total number processed: 0 On the command line, I see this: rejo@broop-kidron:~$ gpg --keyserver hkps.pool.sks-keyservers.net --search 0xB6633197 gpg: searching for 0xB6633197 from hkp server hkps.pool.sks-keyservers.net (1) Rejo Zenger r...@zenger.nl [...] In other words, that works. Did you try to the application in debugging mode? See: http://support.gpgtools.org/kb/faq/how-can-i-generate-debugging-information. And, did you file a (bug) report to them? They are very responsive in the one case I ran into a bug. -- Rejo Zenger E r...@zenger.nl | P +31(0)639642738 | W https://rejo.zenger.nl T @rejozenger | J r...@zenger.nl OpenPGP 1FBF 7B37 6537 68B1 2532 A4CB 0994 0946 21DB EFD4 XMPP OTR 271A 9186 AFBC 8124 18CF 4BE2 E000 E708 F811 5ACF pgpfRHf3MFAwI.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users