I just cloned Scute from git://git.gnupg.org/scute.git
(commit 10a19467bc2a95b4aa91176924a91be427d3157a)
The error messages changed (compared to my initial mail):
$ GPG_AGENT_INFO=$(gpgconf --list-dir agent-socket):0:1 firefox
> scdaemon[2999]: detected reader 'Yubico Yubikey 4 OTP+U2F+CCID 00 00
On 06/05/2017 10:20 AM, Fabian Peter Hammerle wrote:
Does anyone know what might cause the 'sharing violation' error?
I am not sure. Can you check that after starting Firefox, you still have
only one GPG-Agent and one Scdaemon running?
If you run the following command:
$ gpg-connect-agent
Hi Stefan--
I think you're asking about two sort of different things.
on the one hand, you're asserting that the 32-bit keyid isn't sufficient
for any sort of cryptographic verification. that's absolutely correct,
and enigmail really shouldn't be exposing the 32-bit keyID to humans
where it can
On 04.06.17 22:20, Daniel Kahn Gillmor wrote:
> Hi Stefan--
>
> I think you're asking about two sort of different things.
>
> on the one hand, you're asserting that the 32-bit keyid isn't sufficient
> for any sort of cryptographic verification. that's absolutely correct,
> and enigmail really sho
On 05.06.17 16:22, Stefan Claas wrote:
> On 04.06.17 22:20, Daniel Kahn Gillmor wrote:
>
>> I'd generally think that if you're looking for a tool to help people
>> remember and recognize keys that they've seen before, then a mail user
>> agent is in a great position to do exactly that: just tell th
> Could you perform your tests again with Scute debugging turned on?
Scute log when launching Firefox with Yubikey unplugged:
> scute debug init: flags=0xff
> scute: scute_agent_initialize: Establishing connection to gpg-agent
After plugging in the Yubikey:
> scute: scute_agent_get_cert: got ce
On 06/05/2017 07:04 PM, Fabian Peter Hammerle wrote:
scute: scute_agent_get_cert: got certificate from card with length 259
OK, this is weird. 259 bytes seems too short for a X.509 certificate,
especially one based on 4096-bit public key (for comparison, my own
2048-bit certificate is 1587 byte
> Did you import your new certificate onto the Yubikey? Because independently
> of what your gpgsm store may contain, Scute will always try to fetch the
> certificate from the token itself.
Ah, I didn't know I had to write the certificate onto the Yubikey.
I only imported it into gpgsm following t
On 06/05/2017 07:54 PM, Fabian Peter Hammerle wrote:
Ah, I didn't know I had to write the certificate onto the Yubikey.
You do not *have* to; Scute can fetch the certificate both from the
token itself, or from the gpgsm store. But it will try first to fetch it
from the token.
Storing the ce
On 05.06.17 17:40, Stefan Claas wrote:
> And another thought, since this thread says "app developers". How would
> services like StartMail, ProtonMail or gmx.de for example handle this...?
>
> If i remember correctly users have not the possibillity to sign someone
> elses pub-key when they both use
On Mon 2017-06-05 16:22:26 +0200, Stefan Claas wrote:
>> * in the "distinguishing" model, it's not clear that any of the schemes
>>i've seen are actually better for most humans against a dedicated
>>attacker who crafts fingerprints to make visual identities that look
>>similar. do you
> The maximal size for the certificate to be stored on the token is indicated
> by the "mcl3" value (so, 2048 bytes in this example). Your DER-encoded
> certificate should not be bigger than that.
$ gpg-connect-agent 'SCD GETATTR EXTCAP' /bye | grep -Po 'mcl3=\d+'
mcl3=1216
My certificate is sl
> Can you check that after starting Firefox, you still have
> only one GPG-Agent and one Scdaemon running?
Before launching Firefox:
$ ps aux | grep -P '(scdaemon|gpg-agent)'
> fabianp+ 3242 [...] gpg-agent --homedir /home/fabianpeter/.gnupg
> --use-standard-socket --daemon
> fabianp+ 3518 [..
Independent Encryption Software, GnuPG, Needs Financial Support
Düsseldorf, Germany --- Tuesday, June 6, 2017. The GnuPG Project
today announced the launch of a funding campaign to further support
and improve its leading mail and data encryption software, GnuPG. The
campaign aims to sec
On 05.06.17 22:26, Daniel Kahn Gillmor wrote:
> On Mon 2017-06-05 16:22:26 +0200, Stefan Claas wrote:
>>> * in the "distinguishing" model, it's not clear that any of the schemes
>>>i've seen are actually better for most humans against a dedicated
>>>attacker who crafts fingerprints to make
On Tue 2017-06-06 01:24:43 +0200, Stefan Claas wrote:
> On 05.06.17 22:26, Daniel Kahn Gillmor wrote:
>> what does "bullet-proof" mean, specifically?
>
> For me it means that the idendicons should be visually easy to read
> and cryptographically secure. Sorry that i have no better explanation.
he
On 17-06-05 11:11 PM, Daniel Kahn Gillmor wrote:
> On Tue 2017-06-06 01:24:43 +0200, Stefan Claas wrote:
>> On 05.06.17 22:26, Daniel Kahn Gillmor wrote:
>>> what does "bullet-proof" mean, specifically?
>>
>> For me it means that the idendicons should be visually easy to read
>> and cryptographi
17 matches
Mail list logo
