Does anyone know of software available to make an old PC into something
like a hardware security module. OpenHSM.org looks like what I want, but
the site says they're still in the design phase, and the last update was
in 2004.
I can't stand the thought of storing my private key on my main
Hi!
Casey Jones schrieb:
Does anyone know of software available to make an old PC into something
like a hardware security module.
What about Knoppix?
It supports GnuPG and you can easily have your keys on a (dedicated) USB
drive while booting your (regular or dedicated) PC with Knoppix to do
Does anyone know of software available to make an old PC into
something
like a hardware security module.
What particular type of HSM do you mean?
I can't stand the thought of storing my private key on my main
computer.
I use my main computer for things like web browsing and email,
On Freitag, 11. Mai 2007, Peter Lebbing wrote:
Hello all,
Hi,
I want to have a text file with personal data in it, which I encrypt
to myself, and decrypt to view and edit. However, to do that securely,
I need an editor which will not leak the text in any way, so locking
[...]
decrypt, but
What prevents the keylogger in your first example to snarf the PIN
code
for the OpenPGP card and send decryption requests to the OpenPGP card,
using the PIN code, in the background, possibly remotely controlled
over
the network?
There exist cryptographic smart cards you can actually be
Robert J. Hansen [EMAIL PROTECTED] writes:
What prevents the keylogger in your first example to snarf the PIN
code
for the OpenPGP card and send decryption requests to the OpenPGP card,
using the PIN code, in the background, possibly remotely controlled
over
the network?
There exist
On Mon, 14 May 2007 10:44, [EMAIL PROTECTED] said:
something's wrong. Can the OpenPGP Card be set to do one operation per
pin entry when used with a card reader that has a keypad? This seems
Yes, use the command forcesig in the --card-edit menu to toggle this
feature. However it does not
Robert J. Hansen [EMAIL PROTECTED] writes:
I've been considering getting an OpenPGP Card, but there are three
reasons I'm reluctant to. The main one is that I want something that
will only do one signature or decryption at a time. That way if my
machine is compromised, I'll only suffer one
Sven Radde wrote:
Casey Jones schrieb:
Does anyone know of software available to make an old PC into something
like a hardware security module.
What about Knoppix?
It supports GnuPG and you can easily have your keys on a (dedicated) USB
drive while booting your (regular or dedicated) PC
Werner Koch wrote:
On Mon, 14 May 2007 10:44, [EMAIL PROTECTED] said:
something's wrong. Can the OpenPGP Card be set to do one operation per
pin entry when used with a card reader that has a keypad? This seems
Yes, use the command forcesig in the --card-edit menu to toggle this
feature.
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Robert J. Hansen wrote:
I've been considering getting an OpenPGP Card, but there are
three reasons I'm reluctant to. The main one is that I want
something that will only do one signature or decryption at a
time. That way if my machine is
How do they work?
A (very) small display to show the hash that's being signed and an
integrated PINpad. PC sends data to the smartcard unit for signing,
then signals the SC unit okay, I'm done, sign now, please. SC
pauses to display to the user the hash and get the PIN directly on
its
Robert J. Hansen [EMAIL PROTECTED] writes:
What prevents the keylogger in your first example to snarf the PIN
code
for the OpenPGP card and send decryption requests to the OpenPGP card,
using the PIN code, in the background, possibly remotely controlled
over
the network?
There exist
Peter Lebbing wrote:
I want to have a text file with personal data in it, which I encrypt to
myself, and decrypt to view and edit. However, to do that securely, I need
an editor which will not leak the text in any way, so locking it's
pages in
memory so they won't be swapped out, and other
Hello,
I tried to use the command:
gpg --batch -ea -r keyid filename
to encrypt a file in batch mode with a recipient public key ID. I got
an encryption failed: unusable public key error message.
Interestingly, when I use the command without batch mode like gpg -ea
-r keyid filename, I'm able
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Sven Radde wrote:
unless you can calculate SHA-1 values in your head...
I know it's off topic, but how hard would that be? I've never looked
over the algorithm.
How hard would it be to calculate MD5?
MD4? CRC32?
- --
Windows NT 5.1.2600 |
On Mon, 14 May 2007 16:21, [EMAIL PROTECTED] said:
My personal opinion is that, at the current state of security in today's
OS-es, smart cards give just a false sense of security in typical usage
scenarios (= when used on a general-purpose, networked workstation).
Smart cards have one
On Mon, 14 May 2007 16:15, [EMAIL PROTECTED] said:
Why doesn't it make sense? The chip's security features make it fairly
secure. But having the keys encrypted on the card would make it highly
secure. As long as the passphrase hadn't been captured, like after being
No, you are required to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
(Developers familiar with swap-locked memory: I'd appreciate at
least a
short explanation of how it works to someone who understands ISO C but
not necessarily OS-specific APIs. Can stack memory be locked, or only
heap memory? Would there
jane grove wrote:
Thanks, John.
However, when I use the command gpg --batch -ea -r keyid filename, I got
an encryption failed: unusable public key error message.
Interestingly, when I use the command without batch mode like gpg -ea
-r keyid filename, I'm able to encrypt the file. So the
On 5/11/07, Peter Lebbing [EMAIL PROTECTED] wrote:
Does anybody know an editor that's up to the job?
Try this: http://tinyurl.com/23pcb7
--
Zach Himsel z.himsel[at]gmail.com tinyurl.com/yjxo8s
|_|0|_| --- OpenPGP Key: 0x9A1DFCAC ---
|_|_|0| () I support the **ASCII Ribbon
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 5/14/07, Peter S. May [EMAIL PROTECTED] wrote:
On Linux, swap space is its own partition
I just realized something. You have the option to NOT use swap
space in Linux. Does this mean that there is no memory written
to disk? If so, then it might be
On 5/14/07, Zach Himsel [EMAIL PROTECTED] wrote:
On 5/14/07, Peter S. May [EMAIL PROTECTED] wrote:
On Linux, swap space is its own partition
I just realized something. You have the option to NOT use swap
space in Linux. Does this mean that there is no memory written
to disk? If so, then it
On 5/14/07, Peter S. May [EMAIL PROTECTED] wrote:
(Developers familiar with swap-locked memory: I'd appreciate at least a
short explanation of how it works to someone who understands ISO C but
not necessarily OS-specific APIs. Can stack memory be locked, or only
heap memory? Would there be
On Friday 11 May 2007 10:29, Werner Koch wrote:
On Thu, 10 May 2007 13:02, [EMAIL PROTECTED] said:
gpgsm --export exported-x509-keys
does not work.
gpgsm: exporting more than one certificate is not possible in binary mode
That is because most X.509 tools will take only the first ANS.1
Jane Grove wrote:
Message: 4
Date: Mon, 14 May 2007 12:51:21 -0500
From: jane grove [EMAIL PROTECTED]
Subject: Encrypt in Batch Mode with Key ID
To: gnupg-users@gnupg.org
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Hello,
I tried to use
Zeljko Vrba wrote:
there's NO WAY to prevent this attack. Not even
separate PIN entry device helps,
The attack that I'm referring to here which the PIN pad is meant to
prevent, is only the unlimited use of the smart card. An attacker can
still make a signature or decrypt something, but only
27 matches
Mail list logo
