Hi all,
this is my first post to GnuPG-users, please be gentle :-)
My OpenPGP setup currently includes an offline master key (see attached
public key) with three subkeys on a Yubikey USB "smartcard". Amongst
them is a signing subkey with "usage: S" flag, but only the master key
has the Certify ca
On 09/12/2016 11:04 AM, André Colomb wrote:
> What is the recommended practice if I only want to verify message
> integrity, but don't have the master key with Certify ability available?
I'd suggest creating another primary key for explicit local
certification purposes you never use anywhere else,
On September 12, 2016 6:58:08 AM EDT, Kristian Fiskerstrand
wrote:
>
>I'd suggest creating another primary key for explicit local
>certification purposes you never use anywhere else, and can rotate that
>as often as wanted to start fresh from time to time.
That's what I do. I have a separate key
On 09/12/2016 11:04 AM, André Colomb wrote:
Maybe the upcoming TOFU trust model would help my usage pattern?
I think so. Marking the binding between your correspondent's key and its
email address with a "good" TOFU policy (something that does not require
your private primary key) would be equ
On 09/12/2016 01:08 PM, Nathan Musoke wrote:
>> Now I want to import someone else's key to verify a signature. In order
>> to verify that signature, I need to at least locally sign the owner's
>> key, AFAIK. However, I would need my offline master key (read: really
>> inconvenient) to issue a signa
> Now I want to import someone else's key to verify a signature. In order
> to verify that signature, I need to at least locally sign the owner's
> key, AFAIK. However, I would need my offline master key (read: really
> inconvenient) to issue a signature.
I'm no expert, but as far as I know you do
>> Today, I've posted a signed message (OpenPGP MIME) to a public
>> mailing list I'm subscribed to. When it was delivered back to me,
>> the signature was broken. I investigated the case and found out that
>> some silly MTA had un-escaped a minus-character in the message body
>> (quoted-printab
On 09/09/2016 05:55 AM, Stephan Beck wrote:
> AFAIK, this means that the agent is not started when you "invoke gpg2
> normally" (directly from the command line?), so the environment may be
> incorrectly set. Or is there more than one agent instance running?
When gpg2 is called, the agent appears t
On 09/11/2016 08:52 PM, Daniel Kahn Gillmor wrote:
> this command should not cause the pinentry to appear; what command are
> you running that actually causes pinentry to appear? what operating
> system are you running? are the gnupg packages supplied by the OS or
> have you built them by hand?
I understand what S/MIME is and that it's probably the easiest crypto
solution for most email users. But why would someone comfortable with
GnuPG use it? Does it offer any advantages over traditional PGP keys? If
I understand correctly, it's a certificate that much like a SSL
certificate. If that's
> I understand what S/MIME is and that it's probably the easiest crypto
> solution for most email users. But why would someone comfortable with
> GnuPG use it?
There's a subtle point here. The question isn't whether you're comfortable
with GnuPG; the question is whether the people you want to se
On 9/12/2016 2:10 PM, Robert J. Hansen wrote:
>> I understand what S/MIME is and that it's probably the easiest crypto
>> solution for most email users. But why would someone comfortable with
>> GnuPG use it?
>
> There's a subtle point here. The question isn't whether you're comfortable
> with G
On Sun 2016-09-11 23:50:15 +0200, Ingo Klöcker wrote:
> On Sunday 11 September 2016 21:17:31 Moritz Klammler wrote:
>> Today, I've posted a signed message (OpenPGP MIME) to a public
>> mailing list I'm subscribed to. When it was delivered back to me,
>> the signature was broken. I investigated th
> Assuming everyone is willing and comfortable with using GnuPG, is there any
> compelling reason (aside from easy setup and use) to use S/MIME?
Regulatory compliance. For instance, if you were in the banking industry you'd
be using S/MIME even if everyone preferred GnuPG -- S/MIME is part of se
On Mon, Sep 12, 2016 at 01:31:38PM -0500, Anthony Papillion wrote:
> I understand what S/MIME is and that it's probably the easiest crypto
> solution for most email users. But why would someone comfortable with
> GnuPG use it? Does it offer any advantages over traditional PGP keys? If
> I understan
On Mon 2016-09-12 06:04:19 +0200, Le Roy Francis wrote:
> Hi, I was wondering if by any chances, there is, in addition to the
> Javascript port of gpgme (OpenPGP.js), a Node.js module to interact
> with smart card?
You might consider writing a patch or extension to OpenPGP.js that knows
how to tal
Hello everyone,
I was interested in hearing from anyone who might be using OpenPGP v2.1
Smartcards with the Identiv SCR3500 A "SmartFold" USB Reader. A spec sheet on
this reader can be found here:
http://files.identiv.com/products/smart-card-readers/contact/scr3500/SCR3500_A_DS.pdf
Specificall
On 09/13/2016 02:12 AM, Scott R. Santos wrote:
Specifically, has this reader been successfully used to read and
write to OpenPGP v2.1 Smartcards under current distros/versions of
Linux and/or Apple OS X using recent versions of gnupg?
I am successfully using it with an OpenPGP Smartcard v2.0 (
18 matches
Mail list logo
