Re: Using an RSA GnuPG key for RSA ?

2014-04-07 Thread vedaal 


On Monday, April 07, 2014 at 1:39 AM, "Daniel Kahn Gillmor" 
 wrote:
>
>On 04/02/2014 01:55 PM, ved...@nym.hush.com wrote:
>> Is it possible to generate an RSA key in GnuPG, and then use it 
>(not in GnuPG, but in other systems using RSA keys), to encrypt 
>and decrypt RSA messages?
>
>i think you might be interested in openpgp2pem from the 
>monkeysphere
>package.
>
>> If so, what portion of the GnuPG generated RSA key functions as 
>a 'pure' RSA key?
>
>I don't think this question is actually the question you want to 
>ask.
>"pure" RSA is extremely limited, and a secret RSA key is usually 
>only
>used for either signing or decrypting symmetric session keys, 
>whether
>that's in TLS or OpenPGP or CMS or any other place where RSA is 
>used.
>
>   --dkg

=

OK,  Thanks.

vedaal


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Using an RSA GnuPG key for RSA ?

2014-04-06 Thread Daniel Kahn Gillmor 
On 04/02/2014 01:55 PM, ved...@nym.hush.com wrote:
> Is it possible to generate an RSA key in GnuPG, and then use it (not in 
> GnuPG, but in other systems using RSA keys), to encrypt and decrypt RSA 
> messages?

i think you might be interested in openpgp2pem from the monkeysphere
package.

> If so, what portion of the GnuPG generated RSA key functions as a 'pure' RSA 
> key?

I don't think this question is actually the question you want to ask.
"pure" RSA is extremely limited, and a secret RSA key is usually only
used for either signing or decrypting symmetric session keys, whether
that's in TLS or OpenPGP or CMS or any other place where RSA is used.

--dkg




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Using an RSA GnuPG key for RSA ?

2014-04-06 Thread Peter Lebbing 
On 06/04/14 16:29, ved...@nym.hush.com wrote:
> [5] Examine it in PGPdump,  and extract the RSA components

On Debian, there is the pgpdump package which, I just tested, outputs the
private key components in hex (or hex escaped string with -g).

Also, when I did apt-cache search pgpdump, I noticed there is a Python library:
[1]. That might be even better for your purpose.

HTH,

Peter.

[1] https://pypi.python.org/pypi/pgpdump/

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Using an RSA GnuPG key for RSA ?

2014-04-06 Thread vedaal 


On 04/06/2014 at 3:50 PM, "Peter Lebbing"  wrote:
>
>On 06/04/14 16:29, ved...@nym.hush.com wrote:
>> [5] Examine it in PGPdump,  and extract the RSA components
>
>On Debian, there is the pgpdump package which, I just tested, 
>outputs the
>private key components in hex (or hex escaped string with -g).
>
>Also, when I did apt-cache search pgpdump, I noticed there is a 
>Python library:
>[1]. That might be even better for your purpose.
>
>HTH,
>
>Peter.
>
>[1] https://pypi.python.org/pypi/pgpdump/

=

Yes,
Python should be simpler to use in ubuntu

THANKS !!!

vedaal


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Using an RSA GnuPG key for RSA ?

2014-04-06 Thread vedaal 
On 04/04/2014 at 4:05 PM, "Leo Gaspard"  wrote:

>Well... As this seems not documented (otherwise I guess someone else would have
>answered you), I'm going to assume there is no such function available in 
>gnupg.

=

I think it should be quite doable, by those fluent in rfc 2440, 4880,  but I 
cannot impose upon them if they do not have time to do so.

I will try it myself and see how it goes.

This Is how I thought about doing it.  If anyone has advice about it, I am 
thankful in advance, but please do not use up your time in asking me for what, 
and telling me why it can absolutely never work..

I have access to a Professor who is an authority on RSA, and once I have 
everything done and ready, I can ask him if it would be secure/advisable to 
proceed,
but cannot take advantage of him by asking more than once.

For simplicity, I would start with a V3 RSA key, 

.(V4 keys have ability to add subkeys, and the ability to have a master key do 
either signing only, or both signing or encrypting. 
I'm not sure, but think  that because of this, it may add other material that 
obscures extracting only the RSA part of the key.  
Once I can get it to work with a v3 key, will try to extract part by part from 
the V4 key).

So, here's the tentative plan:

[1] Generate a v3 test key in pgp 2.x

[2] Import it to GnuPG

[3] Remove the passphrase

[4] Export it as a .asc file

[5] Examine it in PGPdump,  and extract the RSA components

[6] Try it out in an RSA program offline.

(Obviously, for a real secret key, would not use the online PGPdump)


Any help or criticism about how to extract a functional RSA key would be 
appreciated.


TIA,

vedaal


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Using an RSA GnuPG key for RSA ?

2014-04-04 Thread Leo Gaspard 
On Fri, Apr 04, 2014 at 01:32:47PM -0400, ved...@nym.hush.com wrote:
> I trust them to encrypt to my public key, and was planning to work out
> a system where I could decrypt on my own without it going through
> them.
> (they could have my public key, and verify my RSA signature).
> 
> [All this is in the theoretical planning stage ;-)  
> first I would need to be able to isolate my RSA part of my GnuPG key
> and see if it can be used with an open source simple RSA program
> offline.
> 
> That was my original question.]
> vedaal

Well... As this seems not documented (otherwise I guess someone else would have
answered you), I'm going to assume there is no such function available in gnupg.

So, this (and the reasons explained by Sam) explains the reason why I'm trying
to figure out what you actually want to do, in order to perhaps propose you
another solution, instead of merely answering you to write your own extractor.

So, if you forgive my bluntness... With what closed program are you trying to
interface? Why would you want to use your pgp keypair for this program, and not
a key generated for this use?

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Using an RSA GnuPG key for RSA ?

2014-04-04 Thread vedaal 
On Friday, April 04, 2014 at 12:49 PM, "Leo Gaspard"  wrote:On Thu,
Apr 03, 2014 at 09:56:18AM -0400, ved...@nym.hush.com wrote:
> On Wednesday, April 02, 2014 at 5:41 PM, "Leo Gaspard"  wrote:
> 
> >If you are not to use the key in gnupg, why make gnupg generate it 
> >in the first
> >place? Why not use the program with which you'll use the key to 
> >generate it? 
> 
> =
> 
> Where in the post did you get the idea that I would not?
> 
> I trust GnuPG's generation of keys, but prefer not to trust closed
source programs generating RSA keys.
> I would like to use my GnuPG RSA key, easily available on
keyservers, for other RSA functions.
> 
> 
> vedaal

>And... You say you do not trust closed source programs for key
generation, but
does that mean you trust them for key usage? 

=

I trust them to encrypt to my public key, and was planning to work out
a system where I could decrypt on my own without it going through
them.
(they could have my public key, and verify my RSA signature).

[All this is in the theoretical planning stage ;-)  
first I would need to be able to isolate my RSA part of my GnuPG key
and see if it can be used with an open source simple RSA program
offline.

That was my original question.]
vedaal
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Using an RSA GnuPG key for RSA ?

2014-04-04 Thread Leo Gaspard 
On Thu, Apr 03, 2014 at 09:56:18AM -0400, ved...@nym.hush.com wrote:
> On Wednesday, April 02, 2014 at 5:41 PM, "Leo Gaspard"  
> wrote:
> 
> >If you are not to use the key in gnupg, why make gnupg generate it 
> >in the first
> >place? Why not use the program with which you'll use the key to 
> >generate it? 
> 
> =
> 
> Where in the post did you get the idea that I would not?
> 
> I trust GnuPG's generation of keys, but prefer not to trust closed source 
> programs generating RSA keys.
> I would like to use my GnuPG RSA key, easily available on keyservers, for 
> other RSA functions.
> 
> 
> vedaal

(As you didn't answer to list, I'm not cutting. Hope you didn't mean it to be a
private message, but it clearly didn't seem like one.)

Well... I inferred it from "use it (not in GnuPG, but in other systems using RSA
keys)", from your first message.

Anyway, as Sam puts it, you'd be better not putting your RSA key everywhere.

And... You say you do not trust closed source programs for key generation, but
does that mean you trust them for key usage? Otherwise, you could just as well
throw your key to the dustbin.

What I could propose would be to :
 * Make a gpg key, master key, airgapped, etc.
 * On each system on which you mean to use cryptography, generate a keypair
   using the program with which you are going to use it (or possible openssl, if
   the program does not generate keys).
 * Sign the public key of each keypair with your gpg key. As it is not a stricto
   sensu pgp key, sign the armored key as a plaintext message, if possible with
   a preceding comment explaining what it is to be used for.
 * Publish these signatures somewhere easily found.
 * If you want so, encrypt the private key with your mainkey and store it
   somewhere safe enough (it's encrypted, after all).

This way, each keypair gets the maximum security it can have : the security of
the application using the private keypart. (Actually, if you choose to keep an
encrypted backup, you also need to keep the mainkey safe, but that's supposed as
being the most protected part of the whole setup, so...)

What do you think about it?

Leo

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Using an RSA GnuPG key for RSA ?

2014-04-03 Thread Sam Gleske 
On Wed, Apr 2, 2014 at 3:14 PM, Leo Gaspard  wrote:

> Were you to use the key both for gnupg and other systems, I would
> understand,
> but doing things this way...?
>

I think generally it would be bad practice either way.  A compromised
server happens more often than a compromised gpg key.  Therefore if a
server gets compromised effectively your gpg private key has been
compromised.  It would be best to keep them separate entirely and not reuse
the RSA key pair anywhere else.  Treat your gpg private key like your
identity (i.e. social security number) because it really is your
identity... unless you want to go through the hassle of generating a new
key and having your web of trust go through the hassle of resigning it when
your RSA key gets compromised on a server.

openssl tools are simple enough that generating throw away RSA keys is a no
brainer.  The same goes for most applications that support RSA keys.

SAM
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Using an RSA GnuPG key for RSA ?

2014-04-02 Thread Leo Gaspard 
On Wed, Apr 02, 2014 at 01:55:21PM -0400, ved...@nym.hush.com wrote:
> Is it possible to generate an RSA key in GnuPG, and then use it (not in 
> GnuPG, but in other systems using RSA keys), to encrypt and decrypt RSA 
> messages?
> 
> If so, what portion of the GnuPG generated RSA key functions as a 'pure' RSA 
> key?
> (Is it isolatable by using --list-packets on the key?)
> 
> TIA,
> 
> vedaal

If you are not to use the key in gnupg, why make gnupg generate it in the first
place? Why not use the program with which you'll use the key to generate it? Or,
if the program does not offer this functionality, why not use openssl, which
provides this capability on purpose?

Were you to use the key both for gnupg and other systems, I would understand,
but doing things this way...?

Cheers,

Leo

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Using an RSA GnuPG key for RSA ?

2014-04-02 Thread vedaal 
Is it possible to generate an RSA key in GnuPG, and then use it (not in GnuPG, 
but in other systems using RSA keys), to encrypt and decrypt RSA messages?

If so, what portion of the GnuPG generated RSA key functions as a 'pure' RSA 
key?
(Is it isolatable by using --list-packets on the key?)

TIA,

vedaal


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users