Re: [Announce] Libgcrypt 1.7.5: secmem trouble

Luis Ressel wrote: > since I've upgraded to libgcrypt 1.7.5, gpg emits the warning 'Warning: > using insecure memory!' (and hence refuses to run, since my config file > includes 'require-secmem'). > > Any hints for debugging this issue would the greatly appreciated. I think that

Re: Hybrid keysigning party, your opinion?

Le 2016-12-14 à 04:34, Peter Lebbing a écrit : > Oh, not at all, I hadn't even noticed one could see it that way. My bad; such is the life of the email-user. > Or hang a truly huge printout on the wall and at the start of the > session, together observe that it is correct. Any latecomers can be

Re: Smartcards and tokens

Am 15.12.2016 um 22:17 schrieb Damien Goutte-Gattat: > On 12/15/2016 08:35 PM, sivmu wrote: >> From what I understand, a malicious token can e.g. perform encryption >> operations with weak randomness to create some kind of backdoor that is >> hard to detect. > > The token is normally not used

Re: Smartcards and tokens

sivmu writes: > it seems using those specific devices actually decreases > security, assuming it is easy to manipulate specialised vendors of > security hardware compared to manipulating electronic hardware in general. Exactly, that's my point. This is the reason why my approach

Re: Smartcards and tokens

> On 15 Dec 2016, at 19:24, Lou Wynn wrote: > > If the host machine is compromised, what's the purpose of doing encryption on > the SmartCard? Attackers don't need to know the key to get your plaint ext, > because it is on the host machine. The difference is that if you

Re: [Announce] Libgcrypt 1.7.5: secmem trouble

Hello, since I've upgraded to libgcrypt 1.7.5, gpg emits the warning 'Warning: using insecure memory!' (and hence refuses to run, since my config file includes 'require-secmem'). Any hints for debugging this issue would the greatly appreciated. Regards, Luis Ressel

Re: ways to ensure that GPG public key belongs to right person in business to business communication

Let me analyze your steps to see what you'd like to achieve in each of them. 0. Alice and Bob knows each other's email addresses: alice@A and bob@B. 1. Bob sends Alice his public key at Alice email address alice@A. 2. Alice relies to Bob with her public key. 3. Alice calls B's support and asks

Re: Smartcards and tokens

On 12/15/2016 08:35 PM, sivmu wrote: From what I understand, a malicious token can e.g. perform encryption operations with weak randomness to create some kind of backdoor that is hard to detect. The token is normally not used to perform any *encryption*. You encrypt with the public key of

Re: Smartcards and tokens

Hi Martinho, After I thought about it more, I have kind of drawn the conclusion that even for signing, only using a SmartCard cannot achieve authenticity. With a write-only SmartCard which computes signature on the card, it's true that it can protect the signing key. However, if it's used in a

Re: Smartcards and tokens

Am 15.12.2016 um 02:35 schrieb NIIBE Yutaka: > sivmu wrote: >> One question remaining is what is the difference between the openpgp >> smartcard and the USB based tokens. > > I think that the OpenPGP card (the physical smartcard) is included in > Nitrokey Pro USB Token. So, it's

Re: Smartcards and tokens

If the host machine is compromised, what's the purpose of doing encryption on the SmartCard? Attackers don't need to know the key to get your plaint ext, because it is on the host machine. I guess that what you meant was signing, using a SmartCard to sign has the benefits you mentioned, but not

Re: Upgrade to gpg2

> Do I have to delete the old one? No. > What about my configuration file, is this only for the > older version? Most older configuration files will work just fine with GnuPG 2.0 and 2.1. >From the Mint command line: sudo apt-get install gnupg2 It'll install GnuPG 2.0 (2.1 in Sarah)

Fwd: tar, compress, split and then encrypt a list of files

Dear mailing list, right now I have a working workstream that gets paths from a text file and: tar -> compress -> encrypt -> split (over each line/entry) Probably there is a security issue here as some of the paths are dozens of gigabytes in size. I would like to swap the 'encrypt -> split'

Upgrade to gpg2

Hi, i'm running Mint with gpg 1.4 I'd like to upgrade to the newer version of gnupg. Do I have to delete the old one? What about my configuration file, is this only for the older version? I don't know how to build from the source. Greetings. ___

Re: Changing comment in userID

On 12/15/2016 08:03 PM, unknown wrote: > i've made a keypair with a comment in the userID. Is it possible to > delete this part of the key or do I have completely delete the key and > make a new one? > I also uploaded it to the sks keyserver. What effect will it have on the > keyserver? Please

Re: Changing comment in userID

> i've made a keypair with a comment in the userID. Is it possible to > delete this part of the key or do I have completely delete the key and > make a new one? > I also uploaded it to the sks keyserver. What effect will it have on the > keyserver? You can simply edit key. and upload it again

Changing comment in userID

Hi, i've made a keypair with a comment in the userID. Is it possible to delete this part of the key or do I have completely delete the key and make a new one? I also uploaded it to the sks keyserver. What effect will it have on the keyserver? Thanks.

[Announce] Libgcrypt 1.7.5 released

Hi! The GnuPG Project is pleased to announce the availability of Libgcrypt version 1.7.5. This is a maintenace release. Libgcrypt is a general purpose library of cryptographic building blocks. It is originally based on code used by GnuPG. It does not provide any implementation of OpenPGP or

Re: Smartcards and tokens

There's an important distinction to be made between using this approach and using a SmartCard. The encrypted USB drive approach leaks the keys into the machine you're using it from; they're accessible by simply reading the filesystem (thus the claim that "When you unplug the USB, your keys are