WaPo also does have SecureDrop, but I'm not sure how often that gets
used either.
On Tue, Aug 9, 2022 at 10:34 PM Jay Sulzberger via Gnupg-users
wrote:
>
>
> On Sun, 7 Aug 2022, Andrew Gallagher wrote:
>
> >
> >> On 7 Aug 2022, at 17:28, Jay Sulzberger via Gnupg-users
> >> wrote:
> >>
> >>
On Tue, Aug 11, 2020 at 05:40:44PM -0400, Brian Minton wrote:
> real 117m26.112s
> user 25m56.486s
> sys 90m31.859s
Sorry about the bad signature. But, the question remains, why would
just listing 13 thousand keys take 2 hours? By comparison, gpg1 takes
just over a second with the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Tue, Aug 11, 2020 at 5:32 PM Brian Minton wrote:
>
> I have a lot of public keys in my keybox (it's about 45 MB or so).
> I was trying to figure out why seemingly innocent tasks in gpg take
> a very long time. It seems that gnu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Tue, Aug 11, 2020 at 5:32 PM Brian Minton wrote:
>
> I have a lot of public keys in my keybox (it's about 45 MB or so).
> I was trying to figure out why seemingly innocent tasks in gpg take
> a very long time. It seems that gnu
I have a lot of public keys in my keybox (it's about 45 MB or so). I
was trying to figure out why seemingly innocent tasks in gpg take a very
long time. It seems that gnupg is making a very long running
transaction to the sqlite3 database ~/.gnupg/tofu.db
laptop:~/.gnupg$ date;ls -last
Tue 11
On Tue, Jun 09, 2020 at 09:40:25AM +0200, Bernhard Reiter wrote:
> If you trust a set of root certificates, like the ones shipped with your
> operating system or a different application, you could just import them all
> and mark them trusted. Of course you would need to sync this, if the set
>
On 3/23/20 12:52 PM, john doe wrote:
> I'll go back to using havege then as I need to generate a gpg key for
> testing purposes on this VM.
I apologize if I missed it earlier, but where is the VM running? A lot
of hypervisors provide an emulated or pass-through rdrand instruction,
or
On Mon, Sep 09, 2019 at 11:39:01PM +0200, Ángel wrote:
> On 2019-09-05 at 08:59 +0200, john doe wrote:
> > On 9/4/2019 10:41 PM, Andre Klärner wrote:
> > > I usually use my workstation to do everything, but since I can't
> > > access my mailbox via NFS anymore (different story), I resorted to
> >
On 10/27/19 3:25 PM, Stefan Claas via Gnupg-users wrote:
> gpg --symmetric --cipher-algo AES256 hw.txt gives me a file
> size of 87 Bytes.
>
> Doing the same with openssl, for example:
>
> openssl enc -aes-256-cbc -pbkdf2 -in hw.txt -out hw.enc
>
> results in 32 Bytes.
>
> Can you please, or
On 9/17/19 12:59 PM, Stefan Claas via Gnupg-users wrote:
> Unfortunately I am no programmer but I was thinking about the following:
> I assume that in order to decrypt a message the secret key data must be
> unlocked and loaded for a very short time into the computers RAM, in order
> to perform
On 8/30/19 12:41 PM, Brian Minton wrote:
> I am testing signing with multiple keys. However, gpg tells me that my
> own key is a forgery. I know it is not a forgery because I didn't forge
> it. Is there a way to tell gpg that my own key is good? I'm using
> trust model tofu+pgp, an
made Fri 30 Aug 2019 11:36:33 AM CDT
gpg:using EDDSA key EED0158013DC2E6D6E001EA437B9507ACFF2016E
gpg:issuer "brian@minton.systems"
gpg: Good signature from "Brian Minton " [ultimate]
gpg: aka "keybase.io/bjmgeek " [ulti
On Thu, Apr 25, 2019 at 11:19:15AM +0200, Kristian Fiskerstrand wrote:
> On 4/25/19 9:20 AM, Bernhard Reiter wrote:
> > Wikipedia points out a strong sensitivity of the algorithm to the quality
> > of
> > random number generators and that implementations could deliberately leak
> > information
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I've often wondered why the sks software didn't require
cross-certification. It seems like that would solve the key poisoning
issue. It would mean that when signing someone's key, you'd have to
have a way to exchange the signatures first, before
I'm kind of a corner case, but I can't use wkd because I don't control
my top level domain for my email. I also can't use DANE for the same
reason. I can and do use DNS CERT records because it allows a
second-level domain. I suppose this has been discussed to death, but
wouldn't it make sense
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Oops, forgot to sign it.
I'm kind of a corner case, but I can't use wkd because I don't control
my top level domain for my email. I also can't use DANE for the same
reason. I can and do use DNS CERT records because it allows a
second-level
On Debian, I use the tool caff from the signing-party package. It
signs the key, then encrypts it to the public key, and sends it via
email.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
keying material
(e.g., Initialization Vectors).
That usage (data-encryption keys) is exactly what gnupg uses to encrypt a
file. You can go through the document and see the rest of the policies,
whether or not they apply to gnupg as implemented, but at first glance, that
is the case.
--
Brian Minto
you can host
your own server. See for instance
https://www.reddit.com/r/signal/wiki/faq#wiki_can_i_host_my_own_server.3F ).
So in that sense, you could directly connect to the person you want to talk
to, if one of you cares to run your own server.
--
Brian Minton
brian at minton do
for maintaining the trustdb?
Is that handled by gpg itself?
--
Brian Minton
brian at minton dot name http://brian.minton.name
Live long, and prosper longer!
OpenPGP fingerprint = 8213 71DD 4665 CF4F AE20 2206 0424 DC19 B678 A1A9
signature.asc
Description
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Mon, May 22, 2017 at 12:07 PM, David Vallier
wrote:
> Can someone please explain why I am getting a yellow bar on a LOT of
> signed msgs saying that the key type is unknown??
>
> the exact msg is "Part of the message
On 01/05/2017 12:35 AM, Roger wrote:
> Test mail to mailing list testing GNUPG signing, appearance and hopefully
> conforming to mailing list standards.
I received your post to the list. I also verified a good signature.
signature.asc
Description: OpenPGP digital signature
a Merkle
tree. That has the desired properties of being append-only and publicly
auditable.
--
Brian Minton
brian at minton dot name http://brian.minton.name
Live long, and prosper longer!
OpenPGP fingerprint = 8213 71DD 4665 CF4F AE20 2206 0424 DC19 B678 A1A9
signature.asc
Description: PGP
g but got
> a BAD signature message so I thought maybe it's for something else -
A signature.asc file is usually for the message itself. See RFC 3156.
https://tools.ietf.org/html/rfc3156 for more details. It's called PGP/MIME
and it allows you to encrypt, sign, or both for messages containing
attach
On 10/17/2016 11:41 AM, Daniel Kahn Gillmor wrote:
> On Mon 2016-10-17 06:31:16 -0400, Martin T wrote:
>
>> I am aware that one can update all the keys in local-keyring from a
>> keyserver using "gpg --refresh-keys". Are there any disadvantages to
>> simply put this command into user crontab and
On 10/08/2016 02:58 AM, Rohit P wrote:
>
> I am using latest version of GPG. I noticed there is no option to
> generate RSA 4096-bit key. The same goes with DSA.
>
>
It is, but you have to use the "full" key generation option:
$ gpg --full-gen-key
gpg (GnuPG) 2.1.15; Copyright (C) 2016 Free
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
You can use gpg --list-packets to see exactly what OpenPGP packets are
present in the ciphertext. That would show you in great detail exactly what
their software sent you.
-BEGIN PGP SIGNATURE-
On Fri, Jun 10, 2016 at 11:19 AM, Fulano Diego Perez <
fulanope...@cryptolab.net> wrote:
>
> trade-off for larger signature for me worth it
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Ed25519 and DSA signatures are both small. The resulting ascii
signature block with 2 keys is still
6-10-07]
uid [ultimate] Brian Minton <br...@minton.name
<mailto:br...@minton.name>>
uid [ultimate] Brian Minton <bjmg...@gmail.com
<mailto:bjmg...@gmail.com>>
uid [ultimate] Brian Minton <bmin...@blinkenshell.org
<mailto:bmin...@blinke
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Debian has gnupg 2.1 in experimental.
If you have the experimental repository
added, it will automatically pull in all the
dependencies including libgcrypt 1.7
-BEGIN PGP SIGNATURE-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
That was a known bug in that version.
Try the most recent release, 2.1.12.
-BEGIN PGP SIGNATURE-
iIAEAREKACghHEJyaWFuIE1pbnRvbiA8YnJpYW5AbWludG9uLm5hbWU+BQJXTtYM
AAoJEGuOs6Blz7qpUSEA/1eOzIohTnrAEA2RMIWbRpjeqYAuuoptzBK9zT2D8kNC
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Does the speedo make file always build a 32 bit version?
-BEGIN PGP SIGNATURE-
iIAEAREKACghHEJyaWFuIE1pbnRvbiA8YnJpYW5AbWludG9uLm5hbWU+BQJXH6w4
AAoJEGuOs6Blz7qpzJAA/j3scwJNjftJY/sSw/ADk3YCxDaokrIaOmqqcWoNmHit
One idea I've been tossing about: import the whole dump. I read that gpg
2.1 uses a new efficient key database called keybox. It would be
interesting to see if it could handle that much data, and if so, gpg could
do the WoT calculations directly.
On Tue, Mar 22, 2016, 9:33 AM Lachlan Gunn
Here's a possible reason: suppose your recipient is being targeted by an
enemy who wishes to read their communications. They have determined through
traffic analysis that you are in communication with their target. They may
then attempt to convince/coerce/trick you to decrypt the message. In
Windows has certutil built-in.
On Fri, Mar 18, 2016, 3:27 AM Werner Koch wrote:
> On Thu, 17 Mar 2016 20:44, d...@fifthhorseman.net said:
>
> > FWIW, the threat model of digest algorithms being published on an HTTPS
> > website that then links to the file to be downloaded is
Sounds like CERT (TYPE37) records?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On 03/08/2016 11:08 AM, Anthony Papillion wrote:
>
> I'm pretty sure that, if you just send your modified key to the
> keyserver again, it will replace the one that's there.
>
I tried it, deleting some subkeys locally, and adding others. I
submitted it to the keyservers, but now all the keys,
that to unambiguously refer to your public key.
regards,
Brian Minton
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iF4EAREIAAYFAlbe6NAACgkQa46zoGXPuqkZDQD/Yk6A2iH+6My2g6hh99ddJ4Fe
YiSt47GEfqvQZY29pqEA/icq+eHimHThS233K2u7J2HTjJb6yA619KfQhalyRg8q
=5nVu
-END PGP SIGNATURE
Thunderbird is pretty common. I've used mailvelope with some success
directly in the gmail client.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
The next draft is due soon. How long does it usually take the IETF to
ratify a draft RFC?
On 02/11/2015 05:20 AM, Werner Koch wrote:
> On Tue, 10 Feb 2015 21:56, br...@minton.name said:
>> Is there any way to see the progress of the IETF working group on
>> the draft Werner has submitted? I
A pretty good option is to use gpg-agent. It can keep your passphrase
/secret key in (secure) memory for a few minutes so you can use the key in
scripted tasks.
On Thu, Feb 18, 2016, 4:24 PM Harman, Michael
wrote:
> I am attempting to automate a process that decrypts
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I got the following message:
rejected by import screener
Here's more detail (gpg 2.1.8 on Windows 8):
C:\Users\mintonb>gpg -vvv --recv 0x1712BC461AF778E4
gpg: using character set 'CP437'
gpg: data source: http://pgp.mit.edu:80
gpg: armor: BEGIN
The 2.1 branch deprecates all pgp v2 keys. My guess is that your old key
was one of those. See https://gnupg.org/faq/whats-new-in-2.1.html#nopgp2
for details.
On Fri, Jul 17, 2015, 4:53 PM Philip Neukom pneu...@gmail.com wrote:
Hello all.
I'm having some problems with my key that was created
There are approximately 2^2038 primes in the 2048-bit space (source,
https://www.wolframalpha.com/input/?i=log2%282**2049%2Fln%282**2049%29+-+2**2047%2Fln%282**2047%29+%29
). Even allowing that the first bit is 1, that makes 2^2037. Given that,
the chance of p and q having a difference of 2, at
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I think gmail is the single most popular email client, with 500 million
users. I think that until there is a way to verify pgp signatures from
within gmail, pgp/mime will continue to show up as an attachment.
There are ways to use pgp/mime or
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Thu, Mar 26, 2015 at 3:49 PM, MFPA
2014-667rhzu3dc-lists-gro...@riseup.net wrote:
Gmail is an email service provider, not an email client. They provide
access via a webmail site for those who wish to process their email
using a web browser,
I thought keyservers strip all punctuation. So f...@example.com becomes
foo example com.
On Tue, Mar 17, 2015, 3:33 PM MFPA 2014-667rhzu3dc-lists-gro...@riseup.net
wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Tuesday 17 March 2015 at 5:38:03 PM, in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
If a key is generated externally, a backup can be taken before the key
is moved to the card. For a key generated on the card, there is (by
design), no way to extract the secret key, including for the purpose of
backing it up
-BEGIN PGP
Another option that I often use is https://github.com/wesleyd/charade,
which opens a unix domain socket on cygwin, connected to Pageant, so
cygwin programs and windows programs that use PuTTY can share the same
authentication. Another similar program is
http://github.com/cuviper/ssh-pageant
On
I would like to second the request for this feature.
On Wed, Mar 11, 2015, 6:23 AM Werner Koch w...@gnupg.org wrote:
On Wed, 11 Mar 2015 07:18, xav...@maillard.im said:
I enabled ssh support in the gpg-agent.conf file as usual and I
clearly see the socket files for both GNUpg and SSH.
, but bugs.gnupg.org (and other sites such as
git.gnupg.org) don't use that certificate. Have you considered a wildcard
certificate? I know this has been discussed before, e.g. at
https://lists.gnupg.org/pipermail/gnupg-users/2013-December/048415.html
thanks,
- --
Brian Minton
br...@minton.name
http
Mailpile may be useful. https://mailpile.is
It lets you scan in a bunch of messages, and decrypt them, and indexes
them, keeping the index and message store encrypted. It has command
line as well as a gui.
On Sun, Mar 1, 2015 at 9:32 AM, René Puls rp...@kcore.de wrote:
Hi,
is there a
Yes, but the colon protocol doesn't support things like passphrase entry, etc.
On Fri, Feb 27, 2015 at 9:09 AM, Peter Lebbing pe...@digitalbrains.com wrote:
On 27/02/15 12:02, Hans-Christoph Steiner wrote:
For example, I think that
`gpg --json` is great idea. I ended up using a Java wrapper
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
My personal preference is inline, but I
do have a request: if you have a 4096
bit RSA key, please don't sign inline. The signature block is ridiculously
long. That's why I use DSA and
especially ed25519 for signing.
My main email access is on my
The wikipedia article on UDF mentions write support in all major OSes.
It also supports POSIX permissions.
On Fri, Feb 13, 2015 at 9:49 PM, Robert J. Hansen r...@sixdemonbag.org wrote:
FAT, alas, is the portable filesystem that you're looking for.
NTFS also works. Linux can read/write NTFS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I recently got a new Nexus 5, with NFC. Supposedly it supports ISO
7816-4. Is there any possibility of, for instance, porting gnuk to
android? I'd love to use my smartphone as a smartcard. Of course, the
smartphone wouldn't have as many
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
In Debian, the experimental repo has gpg 2.1 with all dependencies. Follow
the instructions at https://wiki.debian.org/DebianExperimental
-BEGIN PGP SIGNATURE-
Version: OpenKeychain v3.1.2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Wed, Feb 11, 2015, 5:33 PM Xavier Maillard xav...@maillard.im wrote:
Thank you for this precision. Are you aware of some portable and
well supported by the 3-major OSes filesystem type ?
Just UDF
-BEGIN PGP SIGNATURE-
Version:
Is there any way to see the progress of the IETF working group on
the draft Werner has submitted? I noticed that the draft expires in
May. In particular, I would like to know if 22 is going to be the IANA
standardized Public-Key Algorithm number.
signature.asc
Description: OpenPGP
Showing a hash wouldn't prevent a malicious entity from making a fake token
that prints whatever hash the user expects. There's no way to verify that
the hash is if code actually on the device, or that the hashed code is the
only code on the device. The only way I could see to prevent it is to
It seemed to me that all Kelly was trying to do was print the
fingerprint of a key from a file.
On Tue, Dec 30, 2014 at 10:59 PM, Ryan Sawhill r...@b19.org wrote:
I disagree with your subject, and propose that you google for a tutorial
since the man page clearly didn't work for you.
(As far
On Mon, Dec 22, 2014 at 5:41 AM, pkalluru pkall...@ebay.com wrote:
*unknown armor header: \x09Version: GnuPG v2.0.17 (MingW32)*
0x09 is a tab character. That sounds like a whitespace error.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
I would just backup the expired and revoked keys, then delete them. I
personally never have used my revoked keys. I mean maybe once in a very
great while, I come across a file encrypted with my old key on my hard
drive, but that's happened maybe twice in the last ten years.
On Dec 27, 2014 1:54
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Not to mention the fact that they released technical documents about
their combined keyserver / logger system. I always thought that would
be a good idea, after reading about Certificate Transparency for TLS,
to have a similar thing for OpenPGP,
Thanks for the good work! Do you get any income from kernel concepts with
sale of the OpenPGP smart cards? I prefer to buy products from for-profit
companies, and donate only to charities / nonprofit organizations.
On Dec 15, 2014 2:54 AM, Werner Koch w...@gnupg.org wrote:
Hi,
last week I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I recently created a key, with a RSA 4096-bit main key (certify only)
and 4 subkeys: one DSA for signing, and one ELGamal for encryption, for
communicating with people who I don't know are using ECC, and one each
of ED25519 and nistp384 for people
with 384-bit ECDH key, ID EA49CFDB55D113E9, created 2014-10-12
Brian Minton br...@minton.name
hi
gpg: Signature made Thu Nov 20 11:06:18 2014 EST
gpg:using EDDSA key 37B9507ACFF2016E
gpg: Good signature from Brian Minton br...@minton.name [ultimate]
gpg: aka Brian
oops, I meant to say I have an ECDH and EDDSA subkey, but no ECDSA.
On Thu, Nov 20, 2014 at 11:12 AM, Brian Minton br...@minton.name wrote:
I'm seeing an interesting message when encrypting and signing with my
ECDSA/EDDSA subkeys. The encryption and signing seems to work, so
it's mainly just
68 matches
Mail list logo