Re: Any way for two correspondents to set up gnupg within a few moments without having to become expert?
Any way for two correspondents to set up gnupg within a few moments without having to become expert? The usual gnupg materials are very dense. Ask an expert to do the setup. After that usage is simple. In my opinion public license software is about empowering people. If you need an expert to install a software for you, the dependency on a software vendor is replaced by the dependency on an expert, which might be even worse in some circumstances. Experts should also see their role in empowering people. Yes, there is a necessity to have good GUI based installers that don't need an experts assistance to get things right (and eventually change the insecure gpg defaults for that matter...) gpg4win works just fine.(So does Truecrypt or Academic Signature if you look at other crypto) The users must invest some minutes in understanding what asymmetric cryptography is about, however. That should be well within the scope of people with normal intelligence. Without that very basic understanding, using GnuPG(or other public key crypto) would be reckless nonsense anyways. Becoming a console wizard should definitely not be necessary. Regards Michael Anders ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Any way for two correspondents to set up gnupg within a few moments without having to become expert?
On 21/01/14 10:45, Michael Anders wrote: Yes, there is a necessity to have good GUI based installers that don't need an experts assistance to get things right (and eventually change the insecure gpg defaults for that matter...) You mean what you personally consider insecure defaults. Please let's not confuse people by stating opinions as facts. You're entitled to your opinion, though. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://digitalbrains.com/2012/openpgp-key-peter ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Any way for two correspondents to set up gnupg within a few moments without having to become expert?
You mean what you personally consider insecure defaults. Please let's not confuse people by stating opinions as facts. You're entitled to your opinion, though. HTH, Peter. My opinion is that SHA1 should no longer be used. A link on SHA1 security: https://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html regards, Michael Anders ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Any way for two correspondents to set up gnupg within a few moments without having to become expert?
On Tue, 21 Jan 2014 14:03:07 +0100 Michael Anders micha...@gmx.de wrote: My opinion is that SHA1 should no longer be used. A link on SHA1 security: https://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html How do I prevent gnupg from using SHA1? Also how do I update my key to not use SHA1 digests which it appears to be using, as well as listing SHA1 as my second favourite algorithm. -- Steve Jones st...@secretvolcanobase.org Key fingerprint: 3550 BFC8 D7BA 4286 0FBC 4272 2AC8 A680 7167 C896 signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Any way for two correspondents to set up gnupg within a few moments without having to become expert?
On Tue, 2014-01-21 at 14:19 +, Steve Jones wrote: How do I prevent gnupg from using SHA1? Also how do I update my key to not use SHA1 digests which it appears to be using, as well as listing SHA1 as my second favourite algorithm. I found a description in the web( http://sparkslinux.wordpress.com/2013/02/21/hashing-algorithm-is-your-gpg-configuration-secure/) that told me to do the following: You locate the file gpg.conf On my ubuntu it is in the directory ~/.gnupg/ In this file you can add the three lines at the bottom personal-cipher-preferences AES256 TWOFISH AES192 AES personal-digest-preferences SHA512 SHA384 SHA256 personal-compress-preferences ZLIB BZIP2 ZIP to set the preferences. GnuPG is supposed to pick the leftmost possible in the respective lists. But backup before editing! I remember some recent posts on problems editing GnuPG config files and tranferring to and fro windows and linux. There seems to be a danger to mess up things using wrong editor settings. I don't know if hash preference information is additionally attached to keys. I would guess it is not, it wouldn't make sense to me. regards, Michael Anders ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Any way for two correspondents to set up gnupg within a few moments without having to become expert?
Am Di 21.01.2014, 16:06:36 schrieb Michael Anders: I don't know if hash preference information is additionally attached to keys. I would guess it is not, it wouldn't make sense to me. Unfortunately that's not a reliable guide. http://www.gnupg.org/documentation/manuals/gnupg-devel/GPG-Esoteric-Options.html --default-preference-list Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Any way for two correspondents to set up gnupg within a few moments without having to become expert?
On Jan 21, 2014 5:32 PM, Hauke Laging mailinglis...@hauke-laging.de wrote: Am Di 21.01.2014, 16:06:36 schrieb Michael Anders: I don't know if hash preference information is additionally attached to keys. I would guess it is not, it wouldn't make sense to me. Unfortunately that's not a reliable guide. http://www.gnupg.org/documentation/manuals/gnupg-devel/GPG-Esoteric-Options.html --default-preference-list I've found http://www.debian-administration.org/users/dkg/weblog/48 to be a reasonably sensible guide for setting stronger preferences. I also added Twofish and Blowfish after AES256 and AES, respectively. I've not heard of any issues with that setup, but your mileage may vary. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Any way for two correspondents to set up gnupg within a few moments without having to become expert?
On Tue, 21 Jan 2014 17:39:13 +0100 Pete Stephenson p...@heypete.com wrote: I've found http://www.debian-administration.org/users/dkg/weblog/48 to be a reasonably sensible guide for setting stronger preferences. I also added Twofish and Blowfish after AES256 and AES, respectively. I've not heard of any issues with that setup, but your mileage may vary. Thanks, that was quite helpful. I've found I can just delete the self signatures on my UID and replace them with better ones but I can't see a way to change the subkey binding signature. -- Steve Jones st...@secretvolcanobase.org Key fingerprint: 3550 BFC8 D7BA 4286 0FBC 4272 2AC8 A680 7167 C896 signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Any way for two correspondents to set up gnupg within a few moments without having to become expert?
On 21/01/14 14:03, Michael Anders wrote: You mean what you personally consider insecure defaults. Please let's not confuse people by stating opinions as facts. You're entitled to your opinion, though. HTH, Peter. My opinion is that SHA1 should no longer be used. Of course in the best of worlds it shouldn't be used anymore. But if everyone started signing their emails with SHA1 I couldn't be more pleased, because then you at least have the infrastructure in place, and can upgrade people later. The major problem we're facing is that we can't even get most people to use MD5 or DES. Heck, they don't even know who or what they are, and to be frank they shouldn't have to. Cheers, arne -- Arne Renkema-Padmos @hcisec, secuso.org Doctoral researcher CASED, TU Darmstadt ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Any way for two correspondents to set up gnupg within a few moments without having to become expert?
Any way for two correspondents to set up gnupg within a few moments without having to become expert? The usual gnupg materials are very dense. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Any way for two correspondents to set up gnupg within a few moments without having to become expert?
Am Do 16.01.2014, 05:34:34 schrieb Don Warner Saklad: Any way for two correspondents to set up gnupg within a few moments without having to become expert? The usual gnupg materials are very dense. Ask an expert to do the setup. After that usage is simple. Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Any way for two correspondents to set up gnupg within a few moments without having to become expert?
On Thu, Jan 16, 2014 at 05:34:34AM -0500, Don Warner Saklad wrote: Any way for two correspondents to set up gnupg within a few moments without having to become expert? The usual gnupg materials are very dense. The most complex part is generating and sharing your public keys, which can be as easy as: gpg --gen-key gpg --send-key your-key-id gpg --search-key name-or-mail-of-your-friend gpg --fingerprint name-or-mail-of-your-friend After checking (on the phone or on some other channel) that the fingerprint matches, you can type gpg -e file to encrypt a file. The commands are for the most part interactive, hence easy to follow). Mail client integration becomes a must if you need to exchange more than a few messages. I use mutt, but there are many other setups (Thunderbird Enigmail, claws-mail, etc.) that are PGP friendly. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Any way for two correspondents to set up gnupg within a few moments without having to become expert?
Yes. Decide a shared passphrase via a secure channel and just use gpg -c. On Jan 16, 2014 6:24 AM, Don Warner Saklad dsak...@gnu.org wrote: Any way for two correspondents to set up gnupg within a few moments without having to become expert? The usual gnupg materials are very dense. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users