Werner Koch wrote:
> On Mon, 14 May 2007 16:15, [EMAIL PROTECTED] said:
>
>> Why doesn't it make sense? The chip's security features make it fairly
>> secure. But having the keys encrypted on the card would make it highly
>> secure. As long as the passphrase hadn't been captured, like after bein
On Tue, 15 May 2007 00:11, [EMAIL PROTECTED] said:
> I'm certainly no expert, but I can offer a link, as I was just looking
> into this myself. Locking seems to be page-based on Windows NT
There has been a lot of discussion in the past about VirtualLock. First
it seemed to be a viable solution,
Swap is indeed optional.
I've been running Debian with X/e16/screen/vim/irssi/xmms/mozilla for
a a while (a year? or two?) and never noticed any performance
difference. I doubt anyone else would either.
(DDR2-800 2048MB, 2GHz dual core Athlon, before that DDR-400 1024MB,
2GHz single core Athlon).
Zeljko Vrba wrote:
> there's NO WAY to prevent this attack. Not even
> separate PIN entry device helps,
The attack that I'm referring to here which the PIN pad is meant to
prevent, is only the unlimited use of the smart card. An attacker can
still make a signature or decrypt something, but only
Jane Grove wrote:
> Message: 4
> Date: Mon, 14 May 2007 12:51:21 -0500
> From: "jane grove" <[EMAIL PROTECTED]>
> Subject: Encrypt in Batch Mode with Key ID
> To: gnupg-users@gnupg.org
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Hello,
>
>
On Friday 11 May 2007 10:29, Werner Koch wrote:
> On Thu, 10 May 2007 13:02, [EMAIL PROTECTED] said:
> > gpgsm --export >exported-x509-keys
> > does not work.
> > gpgsm: exporting more than one certificate is not possible in binary mode
>
> That is because most X.509 tools will take only the first
On 5/14/07, Peter S. May <[EMAIL PROTECTED]> wrote:
> (Developers familiar with swap-locked memory: I'd appreciate at least a
> short explanation of how it works to someone who understands ISO C but
> not necessarily OS-specific APIs. Can stack memory be locked, or only
> heap memory? Would ther
On 5/14/07, Zach Himsel <[EMAIL PROTECTED]> wrote:
> On 5/14/07, Peter S. May <[EMAIL PROTECTED]> wrote:
> > On Linux, swap space is its own partition
> I just realized something. You have the option to NOT use swap
> space in Linux. Does this mean that there is no memory written
> to disk? If so,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 5/14/07, Peter S. May <[EMAIL PROTECTED]> wrote:
> On Linux, swap space is its own partition
I just realized something. You have the option to NOT use swap
space in Linux. Does this mean that there is no memory written
to disk? If so, then it might
On 5/11/07, Peter Lebbing <[EMAIL PROTECTED]> wrote:
> Does anybody know an editor that's up to the job?
Try this: http://tinyurl.com/23pcb7
--
Zach Himsel
|_|0|_| --- OpenPGP Key: 0x9A1DFCAC ---
|_|_|0| () I support the **ASCII Ribbon Campaign**
|0|0|0| /\ (against html ma
jane grove wrote:
> Thanks, John.
>
> However, when I use the command "gpg --batch -ea -r keyid filename", I got
> an "encryption failed: unusable public key" error message.
>
> Interestingly, when I use the command without batch mode like "gpg -ea
> -r keyid filename", I'm able to encrypt the fi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
> (Developers familiar with swap-locked memory: I'd appreciate at
> least a
> short explanation of how it works to someone who understands ISO C but
> not necessarily OS-specific APIs. Can stack memory be locked, or only
> heap memory? Would the
On Mon, 14 May 2007 16:15, [EMAIL PROTECTED] said:
> Why doesn't it make sense? The chip's security features make it fairly
> secure. But having the keys encrypted on the card would make it highly
> secure. As long as the passphrase hadn't been captured, like after being
No, you are required t
On Mon, 14 May 2007 18:28, [EMAIL PROTECTED] said:
> (Developers familiar with swap-locked memory: I'd appreciate at least a
> short explanation of how it works to someone who understands ISO C but
> not necessarily OS-specific APIs. Can stack memory be locked, or only
Using mlock(2) it would b
On Mon, 14 May 2007 16:21, [EMAIL PROTECTED] said:
> My personal opinion is that, at the current state of "security" in today's
> OS-es, smart cards give just a false sense of security in typical usage
> scenarios (= when used on a general-purpose, networked workstation).
Smart cards have one imp
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Sven Radde wrote:
> unless you can calculate SHA-1 values in your head...
I know it's off topic, but how hard would that be? I've never looked
over the algorithm.
How hard would it be to calculate MD5?
MD4? CRC32?
- --
Windows NT 5.1.2600 | Thun
Hello,
I tried to use the command:
gpg --batch -ea -r keyid filename
to encrypt a file in batch mode with a recipient public key ID. I got
an "encryption failed: unusable public key" error message.
Interestingly, when I use the command without batch mode like "gpg -ea
-r keyid filename", I'm ab
Robert J. Hansen schrieb:
>> How do they work?
>
> A (very) small display to show the hash that's being signed and an
> integrated PINpad.
Pointless given the attack scenario (PC subverted with a trojan to
specifically attack GnuPG and its smartcard), unless you can calculate
SHA-1 values in yo
Peter Lebbing wrote:
> I want to have a text file with personal data in it, which I encrypt to
> myself, and decrypt to view and edit. However, to do that securely, I need
> an editor which will not leak the text in any way, so locking it's
pages in
> memory so they won't be swapped out, and other
"Robert J. Hansen" <[EMAIL PROTECTED]> writes:
>>
>> What prevents the keylogger in your first example to snarf the PIN
>> code
>> for the OpenPGP card and send decryption requests to the OpenPGP card,
>> using the PIN code, in the background, possibly remotely controlled
>> over
>> the networ
> How do they work?
A (very) small display to show the hash that's being signed and an
integrated PINpad. PC sends data to the smartcard unit for signing,
then signals the SC unit "okay, I'm done, sign now, please". SC
pauses to display to the user the hash and get the PIN directly on
it
Thanks, John.
However, when I use the command "gpg --batch -ea -r keyid filename", I got
an "encryption failed: unusable public key" error message.
Interestingly, when I use the command without batch mode like "gpg -ea
-r keyid filename", I'm able to encrypt the file. So the batch mode
is having
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Robert J. Hansen wrote:
>> I've been considering getting an OpenPGP Card, but there are
>> three reasons I'm reluctant to. The main one is that I want
>> something that will only do one signature or decryption at a
>> time. That way if my machine
Werner Koch wrote:
> On Mon, 14 May 2007 10:44, [EMAIL PROTECTED] said:
>> something's wrong. Can the OpenPGP Card be set to do one operation per
>> pin entry when used with a card reader that has a keypad? This seems
>
> Yes, use the command "forcesig" in the --card-edit menu to toggle this
> f
Sven Radde wrote:
> Casey Jones schrieb:
>> Does anyone know of software available to make an old PC into something
>> like a hardware security module.
>
> What about Knoppix?
> It supports GnuPG and you can easily have your keys on a (dedicated) USB
> drive while booting your (regular or dedicat
"Robert J. Hansen" <[EMAIL PROTECTED]> writes:
>> I've been considering getting an OpenPGP Card, but there are three
>> reasons I'm reluctant to. The main one is that I want something that
>> will only do one signature or decryption at a time. That way if my
>> machine is compromised, I'll only su
On Mon, 14 May 2007 10:44, [EMAIL PROTECTED] said:
> something's wrong. Can the OpenPGP Card be set to do one operation per
> pin entry when used with a card reader that has a keypad? This seems
Yes, use the command "forcesig" in the --card-edit menu to toggle this
feature. However it does not
"Robert J. Hansen" <[EMAIL PROTECTED]> writes:
>> What prevents the keylogger in your first example to snarf the PIN
>> code
>> for the OpenPGP card and send decryption requests to the OpenPGP card,
>> using the PIN code, in the background, possibly remotely controlled
>> over
>> the network?
Robert J. Hansen wrote:
>> Does anyone know of software available to make an old PC into something
>> like a hardware security module.
>
> What particular type of HSM do you mean?
Basically I'm looking for something that does what the OpenPGP Card
does, but with a button to limit signatures and
> What prevents the keylogger in your first example to snarf the PIN
> code
> for the OpenPGP card and send decryption requests to the OpenPGP card,
> using the PIN code, in the background, possibly remotely controlled
> over
> the network?
There exist cryptographic smart cards you can actuall
On Freitag, 11. Mai 2007, Peter Lebbing wrote:
> Hello all,
Hi,
> I want to have a text file with personal data in it, which I encrypt
> to myself, and decrypt to view and edit. However, to do that securely,
> I need an editor which will not leak the text in any way, so locking
[...]
> decrypt,
> Does anyone know of software available to make an old PC into
> something
> like a hardware security module.
What particular type of HSM do you mean?
> I can't stand the thought of storing my private key on my main
> computer.
> I use my main computer for things like web browsing and email,
Hi!
Casey Jones schrieb:
> Does anyone know of software available to make an old PC into something
> like a hardware security module.
What about Knoppix?
It supports GnuPG and you can easily have your keys on a (dedicated) USB
drive while booting your (regular or dedicated) PC with Knoppix to do
Does anyone know of software available to make an old PC into something
like a hardware security module. OpenHSM.org looks like what I want, but
the site says they're still in the design phase, and the last update was
in 2004.
I can't stand the thought of storing my private key on my main compu
34 matches
Mail list logo
