On 1 Feb 2012, at 15:41, Werner Koch wrote:
> @book{Hankerson:2003:GEC:940321
Thank you, that's useful.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On 1 Feb 2012, at 15:00, "Robert J. Hansen" wrote:
> Googling for "nsa suite b" qould be a pretty good starting place,
> probably. The National Security Agency has approved the use of ECC for
> classified material as part of their "Suite B" cryptography package. As
> is the case with most gover
g as
> reputable as RSA, DSA or Elgamal.
Are you able to recommend any particular resources or books that cover ECC in a
more complete and up to date fashion?
Cheers
Chris Poole
[PGP BAD246F9]
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http:
value) use
and trust it, I will also.
Cheers
Chris Poole
[PGP BAD246F9]
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On Mon, Jan 23, 2012 at 4:52 PM, brian m. carlson
wrote:
> Because it's also used to sign other people's keys. Using a very large
> key (for 256-bit equivalence, ~15kbits) makes verification so slow as to
> be unusable. You have to not only verify signatures on other keys but
> also the signatu
On Mon, Jan 23, 2012 at 6:16 PM, Robert J. Hansen wrote:
> You may say the only purpose of the primary key is to sign the subkeys,
> but if it's technically possible for the primary key to sign documents
> then the purpose of the primary key is to sign documents.
>
> This is why I think it's kind
On Sun, Jan 22, 2012 at 4:02 AM, Robert J. Hansen wrote:
> A 1024-bit key has about an 80-bit keyspace, which is a factor of 16 million
> larger. Given the advances in supercomputing in the last decade it is
> reasonable to believe 1024-bit keys are either breakable now or will be in the
> near
ng is still being done by the subkeys, so is
it simply that they're signed by the parent 1024-bit key, and this key
is easier to fake?
Thanks,
Chris Poole
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Hi,
I start gpg-agent with the -q option to make it quiet.
I then run a script that executes gpg -qse ... on several files,
encrypting and signing them (quietly).
I still find output like this in my terminal window:
> You need a passphrase to unlock the secret key for
> user: "
On Mon, Nov 14, 2011 at 2:42 PM, Peter Lebbing wrote:
> The trick obviously is that find can do multiple executions. I didn't know
> this
> either, I just tried it out :). There are different variations. This one
> outputs
> the hashes on stdout, and I don't know a way to separate the stdout's,
s thousands of files already ending in `.gpg`?)
Cheers
Chris Poole
[PGP BAD246F9]
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
chnique I use to do that here:
> https://grepular.com/Automatically_Encrypting_all_Incoming_Email
Thanks, that's interesting reading. I use `getmail` to grab the messages, and
just pass them through gpg when this runs, so it works well for what I want.
Cheers
Chris Poole
[PGP BAD246F9]
___
On Fri, Nov 11, 2011 at 10:27 PM, David Tomaschik
wrote:
> I would just produce a list of SHA1s of the files and then sign that.
OK thanks, I hadn't thought of that. I'd still have to decrypt and re-encrypt
them to keep hashes of all plaintext versions of the files though. (Thinking
about running
ven't already been tampered
with, is it OK to simply run
gpg -o somefile.gpg -s somefile.gpg
or is it better to decrypt them all, and then sign and encrypt in one go?
Thanks,
Chris Poole
___
Gnupg-users mailing list
Gnupg-users@gnup
s you
started with.
This should confirm that gpg works correctly for you, such that your "bad
passphrase" warning you're getting is the result of you having and/or entering
an incorrect passphrase.
Best of luck.
Chris Poole
[PGP BAD246F9]
__
talking about, but presumably it is the same
as on unix-like machines.
In this case, the things you type are being passed to the program correctly,
it's just that nothing is shown on screen (no ***'s, etc) to inform you of this.
Cheers
Chris Poole
[PGP BAD246F9]
ng-and-decryption-cache? (I guess, if I really wanted this I
> should provide a patch. :-) )
That was precisely my point; if anything, entering the passphrase twice is more
of a security risk than storing it for 2 subkeys at the same time (risk of being
overlooked, etc.).
Cheers
Chris
ent *actions*.
>
> When your passphrase has been cached for each of those *actions*, it
> will remain in gpg-agent's "memory" for the duration of the cache set in
> your home directory ~/.gnupg/gpg-agent.conf
That's a shame, but thanks.
Cheers
Chris Poole
[PGP BAD2
hat they're separate keys, so I'm being prompted twice, but they
are both belonging to the same primary key: can that passphrase apply to all
subkeys when entered for any one?
I hope that clarifies what I want to do...
Cheers
Chris Poole
[PGP BAD246F9]
_
pinentry screen) once for the
encryption key, and then again, for the signing key.
Can I instruct the agent to give the passphrase for any subkey? Given
that they're both subkeys, the passphrases are the same.
Thanks
Chris Poole
[PGP BAD246F9]
___
cksum, to make
sure corruption didn't occur during network transfer (i.e., nothing
cryptographic).
Thanks for the help. I'm just going to get used to entering my
passphrase a little more!
Cheers
Chris Poole
[PGP BAD246F9]
___
Gnupg-users mailing li
; to your secret key.
I had failed to realise this, somehow. A separate manifest file (also encrypted)
keeps track of which encrypted containers hold which files, so the attack is
definitely harder (or at least more noticeable). I think it's still best to sign
though, just to remove more
be in a certain container isn't, or something extra is
there in its place.
> Have you considered a separate key for the signature?
I use a separate signing key anyway, for all my signatures. How would using a
separate key help here?... I'd still need to give my passphrase someho
(Also, where did you read this?)
I can't remember, but possibly some Duplicity documentation. It's a backup
program that uses gpg for encryption, and allows for both encryption and
signing.
Cheers
Chris Poole
[PGP BAD246F9]
___
Gnupg-user
ome feasible attack that could change the encrypted data in
such a way that I won't notice it when I decrypt the file, but somehow
the file will still decrypt?
Thanks
Chris Poole
PGP key: BAD246F9
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http
late how many rounds it takes to run for x.y seconds
would be useful. KeePass, for example, automatically calculates how many rounds
can be calculated in 1 second, and will set the count accordingly.
On 8 Jul 2011, at 20:08, David Shaw wrote:
> On Jul 8, 2011, at 2:35 PM, Chris Poole wro
Thank you.
On 8 Jul 2011, at 20:06, Hauke Laging wrote:
> Am Freitag, 8. Juli 2011, 20:35:57 schrieb Chris Poole:
>> On 8 Jul 2011, at 17:31, David Shaw wrote:
>>> Yes. Note that the list-packets output shows the internal packed value:
>>> 6553600 should come
On 8 Jul 2011, at 17:31, David Shaw wrote:
> Yes. Note that the list-packets output shows the internal packed value:
> 6553600 should come out to 201. The default of 65536 would encode to 96.
I do indeed get 201. Out of interest, how is that calculated?
I also changed the digest algorithm to
r "protect count" (in the secret key packet section). Does this map
to the number I gave on the command line when changing my passphrase?
Thanks
Chris Poole
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
d Shaw wrote:
> On Jul 3, 2011, at 12:15 PM, Chris Poole wrote:
>
>> On Sun, Jul 3, 2011 at 4:45 PM, David Shaw wrote:
>>> There are some obscure edge cases where you must have a 3DES or AES
>>> encrypted
>>> private key, but for the overwhelming majority of
On Sun, Jul 3, 2011 at 4:45 PM, David Shaw wrote:
> There are some obscure edge cases where you must have a 3DES or AES encrypted
> private key, but for the overwhelming majority of people, no, there is no
> reason to do this. The default (CAST5) is quite strong (which the original
> poster ackno
On 3 Jul 2011, at 01:38, David Shaw wrote:
> On Jul 2, 2011, at 3:37 PM, Chris Poole wrote:
>
>> Hi,
>> I changed the order of preferred ciphers and hash functions using setpref.
>> My public key has changed, but not the fingerprint.
>
> That is correct
Hi,
I changed the order of preferred ciphers and hash functions using setpref. My
public key has changed, but not the fingerprint.
Is the done thing now to ask anyone with the key to pull the latest version?
(I've already updated the keyserver version.)
Thanks
_
y the passphrase cache time?
I was decrypting a large number of files (> 12,000), and about half
way through I was asked for my passphrase again. I assume the cache
had expired.
On Fri, May 20, 2011 at 1:27 AM, Grant Olson wrote:
> On 5/19/2011 7:07 AM, Chris Poole wrote:
>> Hi
>
umentation on the matter, or even
whether or not this is the best approach.
Thanks
Chris Poole
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
> If you were forced to disclose your encryption key, you could give them just
> that particular subkey and not give them the signing subkey at all.
But isn't the likelihood that they'll get your passphrase too, so the
security lies in the hope that they don't have access to the signing
subkey? T
I have been using gpg for a while now, with just one subkey for signing and
encryption.
I decided I wanted a separate key for signing, so if I have to give away my
private key for decrypting documents, they can't use it to impersonate me too.
Listing my keys was like this:
pub 1024D/BAD246F
> Why not just store the GPG encrypted file directly with the "strong
> passphrase that I know" ?
I'm happy to do that, I'm just trying to keep the "very long,
complicated passphrases I have to remember" to as few as possible.
I really just want to make sure that storing my revoke certificate
th
I want to check I'm not doing something stupid.
I have backed up my .gnupg directory, including my revoke certificate,
to a symmetrically-encrypted tar file.
The password for this is a 50 character randomly-generated, stored in
my KeePass database (protected via a strong passphrase that I know).
I don't use GPG all that much, but am a little concerned with the recent
SHA1 collision news.
>From what I've read on this list, it doesn't seem to be too much of an
issue.
I wonder if someone could clarify some things for me, please:
1) Is this just an issue with signatures, or does it impact t
Consider keepassx
Yes I have used this before; I may give it another go.
Thanks.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Thanks for the reply.
I now feel a little safer doing what I'm doing :)
PS: IMHO there are more usable ways of managing one's passwords than
storing them in a GnuPG file (although much can be accomplished by
wrapping access to that file through a number of shell scripts, I
assume).
Yes, I w
Hi,
I am using GnuPG to encrypt a plain text file of my passwords.
How secure is it to use my own public key as the encryption method
(rather than symmetric), given that the password file is stored on the
same drive as my public and private keys?
Thanks.
___
Yes, this is correct, and what I thought would be the answer.
I was just concerned that an attacker (say, a thief that steals my
laptop), would have both my secret key and something encrypted with
that secret key.
I wasn't sure if this would somehow reduce the effectiveness of the
encrypt
Hi,
I am using GnuPG to encrypt a plain text file of my passwords.
How secure is it to use my own public key as the encryption method
(rather than symmetric), given that the password file is stored on the
same drive as my public and private keys?
Thanks.
___
45 matches
Mail list logo